From 71fe73a07661e00f54f3aaaf4483f22faf39b611 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Mon, 20 May 2024 11:29:16 +0200 Subject: [PATCH 001/380] image: update locked rpms (#3111) Co-authored-by: malt3 <1780588+malt3@users.noreply.github.com> --- image/mirror/SHA256SUMS | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/image/mirror/SHA256SUMS b/image/mirror/SHA256SUMS index dd1cfed90..15c781465 100644 --- a/image/mirror/SHA256SUMS +++ b/image/mirror/SHA256SUMS @@ -1,3 +1,4 @@ +37abef83e8927b4b48f69fcbdcc249d349c6029cc669401676d01f0ea326999e WALinuxAgent-udev-2.10.0.8-2.fc40.noarch.rpm a1d1bd1e3dd3f133c984039219a05703cb38b073daf8a864bd95805747633103 aardvark-dns-1.10.0-1.fc40.x86_64.rpm 7e635d208b2d3191973fbce9b2ee0a470204fa121270d9aa297ed5c3546f520b alternatives-1.26-3.fc40.x86_64.rpm a8aac6e068011d76e89536ffcb29e516c3ccd0095ef8ada0a37a9fd21a2b39b0 audit-libs-4.0.1-1.fc40.i686.rpm @@ -12,11 +13,11 @@ e61d6858790314f9d9ab539c5531d2b67ce763c9e5ac6c22dd76293fec12f3f5 ca-certificate 99d4976979c8b9d18c9d2d686de77882dc6a4e72ebfe358fb9a37a83f0ecdc90 catatonit-0.1.7-22.fc40.x86_64.rpm ef93475ea699c80bb8e49b5a80fefeed23e553b0e492d74748a55958b4dde568 conmon-2.1.10-1.fc40.x86_64.rpm adf4b75cdd9fae9d2d37fb71d9f0bf625a6705c0f0a7784569ab21463fe22152 conntrack-tools-1.4.7-7.fc40.x86_64.rpm +4af8d4cf81c8c368c2a128dcd2b1ffe228589568b162e2d482bd0e2b8d2ca0da container-selinux-2.230.0-1.fc40.noarch.rpm bbe29e0c7b4ca076d50b4ac3954eb383459230d96b13f353ee71ebd5de33b6d1 containerd-1.6.23-5.fc40.x86_64.rpm 25fffa3b5f1b0b2349fd6f8f6ccb6e84936c50eeb8d4a292bcc2b74895fa7fcc containernetworking-plugins-1.4.0-4.fc40.x86_64.rpm 542e8c11b3af4c4bbbe2e8911c9f9dac12620d20be15011561cb3791165562c5 containers-common-0.58.0-2.fc40.noarch.rpm 483e8966b8f25fd5508ebe01a8b4fed75fd4c5105ba5d71284322ac3d3500b7b containers-common-extra-0.58.0-2.fc40.noarch.rpm -4af8d4cf81c8c368c2a128dcd2b1ffe228589568b162e2d482bd0e2b8d2ca0da container-selinux-2.230.0-1.fc40.noarch.rpm d90e0c786e9406ac4f4db67a8d4bbf3d7bf724797dbf1dd422ff376eaa214b3e coreutils-single-9.4-6.fc40.x86_64.rpm d941a78ffb6e2e0b4c24d0097d0351ced8796edde90208b4bddee459bce0a949 cpio-2.15-1.fc40.x86_64.rpm faa23cb6a7a612c0a6e874c788c5add967c5e193bd38c2e6093b82b38a162f81 cracklib-2.9.11-5.fc40.i686.rpm @@ -24,9 +25,9 @@ ea1f43ef9a4b02a9c66726ee386f090145696fb93dff80d593ac82126f8037ec cracklib-2.9.1 fe24641e69545c428890a4b094f015c03f65a6c30c3db7bb0de7672bab66bfd6 cracklib-dicts-2.9.11-5.fc40.x86_64.rpm e4407cbfeb01494457e941a56971ec3aefbd35206792918d60fc9417acacd1a8 criu-3.19-4.fc40.x86_64.rpm 6dd4fe61a462d20fd6fc07ecf8bf47198cc24733d82fe0e46ed4d5f988dffef4 criu-libs-3.19-4.fc40.x86_64.rpm -8a86435bf7382475bc7366b5dbf741e549c23b16c3430fecf9b84f3a1e6c9e88 crun-1.14.4-1.fc40.x86_64.rpm -11d4b45c1001ccd523e0e95cc4b8f84bd332d2df42d08fcfa451288bcd074142 crypto-policies-20240201-2.git9f501f3.fc40.noarch.rpm -126f9f1aa7312ff6841b44bd8f5cdec46998d8a73f978aa50144f6fb492a1658 crypto-policies-scripts-20240201-2.git9f501f3.fc40.noarch.rpm +4e913c3232f3d304820e6e1746911d5d4c981407673edbd3426118a2fd2dd977 crun-1.15-1.fc40.x86_64.rpm +4ff80ee580e20cae3578c254c9c56698090cbcce3a4c2feb42e6a29156c15497 crypto-policies-20240510-1.gitd287a42.fc40.noarch.rpm +8bc661a223cc065e257444b97131cb2fdc4d2e80932958d9d40df09472756f71 crypto-policies-scripts-20240510-1.gitd287a42.fc40.noarch.rpm d54dd64d6e5ec06ce51dd063cde948f71e8c0c930058e3232c963a7b7309947b cryptsetup-2.7.2-1.fc40.x86_64.rpm ea1a32f78c86ea741d31d7166e641602e62a0797a2200725385e148b15977388 cryptsetup-libs-2.7.2-1.fc40.i686.rpm 41fdb51944e94625a8d4424c784482c426ca5ec7ca63f36b0f7231e7f8ccde13 cryptsetup-libs-2.7.2-1.fc40.x86_64.rpm @@ -65,11 +66,11 @@ a6f2098fc2ed16df92c9325bd7459cc41479e17306a4f9cddfd5df8a1b80d0f8 file-5.45-4.fc f76684ee78408660db83ab9932978a1346b280f4210cd744524b00b2e5891fe1 file-libs-5.45-4.fc40.x86_64.rpm 063af3db3808bea0d5c07dbb2d8369b275e1d05ad0850c80a8fec0413f47cd64 filesystem-3.18-8.fc40.x86_64.rpm f17ca5526d2cf34b82916a0cd1afe73d68856fdb5b19754312f61512aef0a7c3 findutils-4.9.0-8.fc40.x86_64.rpm -2d6631d65e3b5c91afdb100a51ee8e50294f0e074a944c1662008d878d47456e fuse3-3.16.2-3.fc40.x86_64.rpm -a9c6502a5b190aaf169e93afd337c009e0b2e235e31f3da23d29c7d063ad2ff9 fuse3-libs-3.16.2-3.fc40.x86_64.rpm f4c2d51c7b4577f7b7ef498f8e2afb1b007da2de00cca28e220f50129c40a48c fuse-common-3.16.2-3.fc40.x86_64.rpm f94315e447afb7442033b7b82e43a4ed62754f603afda53930280300855e46c7 fuse-libs-2.9.9-21.fc40.x86_64.rpm 8fe84b7e0319afcc9c9eb28130b74e0cd7c675667a6ce075eb7ee2ec1b0014c2 fuse-overlayfs-1.13-1.fc40.x86_64.rpm +2d6631d65e3b5c91afdb100a51ee8e50294f0e074a944c1662008d878d47456e fuse3-3.16.2-3.fc40.x86_64.rpm +a9c6502a5b190aaf169e93afd337c009e0b2e235e31f3da23d29c7d063ad2ff9 fuse3-libs-3.16.2-3.fc40.x86_64.rpm 6c80dfdaf7b27ea92c1276856b8b2ae5fde1ae5c391b773805be725515fdc1ac gawk-5.3.0-3.fc40.x86_64.rpm c4cc69bf3a2655b9ee9ac23492d377bac57811c5b4f81fbf43537520ee33c7af gawk-all-langpacks-5.3.0-3.fc40.x86_64.rpm 21470eb4ec55006c9efeee84c97772462008fceda1ab332e58d2caddfdaa0d1e gdbm-1.23-6.fc40.x86_64.rpm @@ -229,7 +230,7 @@ f5f022440c4340b5e7fb1c1dbc382e6b0fd57030b3ff056940f2bb3d254408ec lz4-libs-1.9.4 2030e8622b6f9ceb4b56f5c771ae7e4ccbff3d8bf563df5bf929725f4c4f18c9 mkpasswd-5.5.20-3.fc40.x86_64.rpm 03fbefea8c8d8465cf1caf66870fb935292ee18b4ca341853b5576ca9c7801eb mokutil-0.7.1-1.fc40.x86_64.rpm 0a3a3fc2471d2d64cbc85f4b23c93620df6eeee814851a2b69fc5ddf75406b56 mpdecimal-2.5.1-9.fc40.x86_64.rpm -ef6285ceb3baff0bef0e541094c04a899dda37c5961b053b58be2a4a9085302f mpfr-4.2.1-3.fc40.x86_64.rpm +bc873693a8b8423d7f82e329abe207c9160a4c746fea9a32ef2a6ae8c912f227 mpfr-4.2.1-4.fc40.x86_64.rpm ed211fa5d0d0a70e4db0099a01e7b7a46f28b064e2af7064d3c7836663229917 mtools-4.0.43-4.fc40.x86_64.rpm 7dfae7d898dfc40f3fe1fc66104cf31e434e866fec4d4944b55952d7f2f16657 nano-7.2-7.fc40.x86_64.rpm b404c27af03bb1e43fb0dc472d5a1fa152e0563fa2e4eefa29199c47578a829b nano-default-editor-7.2-7.fc40.noarch.rpm @@ -247,12 +248,12 @@ eba1bd09317cc1f1f80e722e9a545dd404e1fad444045438f254e99cab4f1ed6 openssl-libs-3 9f0336deb6f1b1524ec48d837622e7e2291995369b0356d7ad1e1d427f3b659a os-prober-1.81-6.fc40.x86_64.rpm 2c8e47f98df74fe89b23f0a1347aba91383da06e0ae903949b015943da4e1b5b p11-kit-0.25.3-4.fc40.x86_64.rpm 93159ba4fffd7c91bd28d3942564368c402dc65ee7998e81688f3d566fe7633f p11-kit-trust-0.25.3-4.fc40.x86_64.rpm -9997fbbe5aca567c2d8afc5d745034bca0a4d8bda62ea7f88122e0dff2dfcdf8 pam-1.6.0-2.fc40.x86_64.rpm -ac7b46f2807ec0faa6dff991c89875b7ebd7edefef5b0ad75934196405303c7a pam-libs-1.6.0-2.fc40.i686.rpm -8b233033e715d594326fe5ad84c06361928a787299c734206de7deccff7b3c10 pam-libs-1.6.0-2.fc40.x86_64.rpm +afdb1232618f268a03f9965b146de07021b287a5a9a3451b739bdadce6f09728 pam-1.6.1-1.fc40.x86_64.rpm +ad8922a4803efb3f3c40632e01433891b263fdc808fd6cb0e706d4ffffab2d0e pam-libs-1.6.1-1.fc40.i686.rpm +182e490c3576cf043054e5e6818bcef8eb9ec95396ada542bc04773358481486 pam-libs-1.6.1-1.fc40.x86_64.rpm 9bbce784622e02af0371ced8e9a7d26adba7eabd66ecfcb8bbe2d24cf616e3c1 parted-3.6-4.fc40.x86_64.rpm -88ed733f4474cd561c7ccda6031190367156aec2317a675dbb9f799c80016dcc passt-0^20240426.gd03c4e2-1.fc40.x86_64.rpm -771176f50aebf7916d4e0ee2ea6caa82bdd570ec7085292661ea8f5724b45cfc passt-selinux-0^20240426.gd03c4e2-1.fc40.noarch.rpm +7f8327ab1b77dbc67cf1db70d35afda6477e48e7467e4f3c916f71eddac7048a passt-0^20240510.g7288448-1.fc40.x86_64.rpm +6ae3cbcf7de9c12dae7fb3096acd32bc2e3ba2b9b44a6c5eef2c7c3a587a5a32 passt-selinux-0^20240510.g7288448-1.fc40.noarch.rpm 757dc11e76123116a505879b5b00dbb1f132b25578f738979220397965d7fa38 pcre2-10.42-2.fc40.2.i686.rpm 8d36bcee4d3e39d5b8162ab8de347bb0f7d7b260a6b6c76bc4b577c5bff6ba5e pcre2-10.42-2.fc40.2.x86_64.rpm f2042a010126c04faea45cea4b62f8443e73f4a0a218858092e0fcf5ca7967fa pcre2-syntax-10.42-2.fc40.2.noarch.rpm @@ -262,7 +263,7 @@ f796a31cad58f4ebea8787020868581d9a721297ee0ef6a7c63a7f8444f60c17 pcsc-lite-libs 5443db8875acc0c1c436dbe1ed62b776543e049b8d9c7e33198379d367814093 pigz-2.8-4.fc40.x86_64.rpm cb7c5036f1d25c696de23a6670cb64caec9945116fb0c9a93555414746ecf253 pinentry-1.3.0-2.fc40.x86_64.rpm bbb4abafa9f7664e21350b56d49af2c928288e6d4dd68c304c4ab5d45b2c8ad7 pkcs11-provider-0.3-2.fc40.x86_64.rpm -8f71536999a1ac6ebc148050382cc9716d68577cc49afeebd64ac0d5742183a0 podman-5.0.2-1.fc40.x86_64.rpm +6538fed9557d92d1d0fc136e16cdb50b38ed8724184c3d3daa899922a8fa3ae8 podman-5.0.3-1.fc40.x86_64.rpm fc0270713aefd482937adc4d6905f806760ea54c70379cb675be521251e5a177 policycoreutils-3.6-3.fc40.x86_64.rpm 30a4f9d3631aaa1280c93ce4305847a9773973aa312e1802d1cd676cb2421689 polkit-124-2.fc40.x86_64.rpm f47bc65177a8b160916c00df9c84442afa1dd353880b3c0503d5a0b052d4956c polkit-libs-124-2.fc40.x86_64.rpm @@ -272,10 +273,10 @@ c03ba1c46e0e2dda36e654941f307aaa0d6574ee5143d6fec6e9af2bdf3252a2 popt-1.19-6.fc af85755cda79959a19161ebc26a45e507003298bd97b472b9ab0d512afa5e46a protobuf-c-1.5.0-3.fc40.x86_64.rpm 45ff2e9814aa059f323b23710c73309d41d36306667a3004f5fbb86b0cab4484 psmisc-23.6-6.fc40.x86_64.rpm cca50802d4f75306bc37126feb92db79fed44dcdabf76c1556853334995b9d3b publicsuffix-list-dafsa-20240107-3.fc40.noarch.rpm -a8111a574e98417b87d6a5613da029eed14c12a545d10d5ffaf95024ffeae4bd python3-3.12.3-2.fc40.x86_64.rpm -9a6d3854bf22c47f9b14981dbcc606ccd5ddda631b2feaae460239881306e2db python3-libs-3.12.3-2.fc40.x86_64.rpm 1cfc81c8761cd0381cc5020a3686afec8350aadea01998518e8aa2407419fe9f python-pip-wheel-23.3.2-1.fc40.noarch.rpm ce44e24ec0c7c292fdec76b055a5e32320a51545e3bc3147c27ba9c418b6afc6 python-unversioned-command-3.12.3-2.fc40.noarch.rpm +a8111a574e98417b87d6a5613da029eed14c12a545d10d5ffaf95024ffeae4bd python3-3.12.3-2.fc40.x86_64.rpm +9a6d3854bf22c47f9b14981dbcc606ccd5ddda631b2feaae460239881306e2db python3-libs-3.12.3-2.fc40.x86_64.rpm 74f89e3304571c9d4eb8df444fa895aa71910dcb1909738c1f69781280da87e7 qemu-user-static-8.2.2-1.fc40.x86_64.rpm a40c17e5681b201891c6dfaed0f6fc0dba1cdb9eb208d9ff47f9be52de76d177 qemu-user-static-aarch64-8.2.2-1.fc40.x86_64.rpm fcf593362df5c9193264bf3bd74a6b25d73c1ef24cb7384b6f0bf4e36284365b qemu-user-static-alpha-8.2.2-1.fc40.x86_64.rpm @@ -340,10 +341,9 @@ a00108f45cd60afffb9c1b5db8bef9c6fd5b3c233a546dde787efa5b4485e5b6 util-linux-cor 3face3fce765d64b1112213f80ac36dcf6f1521d5b1cbdb6b3e50822ce9a8e24 vim-data-9.1.393-1.fc40.noarch.rpm 1e9362eca139cee383318efa5818450768c5d44d063621d5600704aa05929149 vim-enhanced-9.1.393-1.fc40.x86_64.rpm 3c57e0840dfd7073e5ac0a2d5ae240960bc593689ab027face333a3e76284c60 vim-filesystem-9.1.393-1.fc40.noarch.rpm -30b11481b28e47cb568507ddaa4a9a2b67648f845859efb58e99e36801fd10d1 WALinuxAgent-udev-2.10.0.8-1.fc40.noarch.rpm -21ecc005f54161fb5c88241f344bd0f00a19747911ea158872f00ca2ab91f238 wget2-2.1.0-8.fc40.x86_64.rpm -d36fb4c83416b16df53c00501addd134a208c8596dd09aad9c4a4497ddedde83 wget2-libs-2.1.0-8.fc40.x86_64.rpm -0b198f659f4ba8b00e8841c2fe6a75ff30dec1b194f8065046cafb11b85f93f7 wget2-wget-2.1.0-8.fc40.x86_64.rpm +f573dbcaf6d08e84af7313b397a181efe369f5362908498f7c4a7ca80dad4170 wget2-2.1.0-9.fc40.x86_64.rpm +1cfb812e281cfa2059b7f753d8548810a3edc9e289b4313a2f60f361a51e300b wget2-libs-2.1.0-9.fc40.x86_64.rpm +21075ae2e021a0b0ec00e62f5441e4a975d39cc2c58183b7c855942f40b24539 wget2-wget-2.1.0-9.fc40.x86_64.rpm cf0306ceed1c6b3be39060d85f16b1953b464d3a625488b170d3b7aadf600645 which-2.21-41.fc40.x86_64.rpm 4ede95a2fa3bc0ae617c8bf3a375b800163d58733b4829b15d9f038505d79fee whois-nls-5.5.20-3.fc40.noarch.rpm e2195010e857f56b19246f8b821f9391922880b7691b3728a413f540edc890a6 xkeyboard-config-2.41-1.fc40.noarch.rpm From 902b7f49a8092461c4b2ba9a370c25ff7da5f6cd Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Wed, 22 May 2024 15:51:21 +0200 Subject: [PATCH 002/380] operators: ignore node deletion errors on absence (#3113) * operators: ignore node deletion errors on absence --- .../internal/cloud/aws/client/nodeimage.go | 10 +++++++++- .../internal/cloud/aws/client/nodeimage_test.go | 5 +++++ .../internal/cloud/gcp/client/nodeimage.go | 7 ++++++- 3 files changed, 20 insertions(+), 2 deletions(-) diff --git a/operators/constellation-node-operator/internal/cloud/aws/client/nodeimage.go b/operators/constellation-node-operator/internal/cloud/aws/client/nodeimage.go index 61d6026ee..78c37601e 100644 --- a/operators/constellation-node-operator/internal/cloud/aws/client/nodeimage.go +++ b/operators/constellation-node-operator/internal/cloud/aws/client/nodeimage.go @@ -9,6 +9,7 @@ package client import ( "context" "fmt" + "strings" "time" "github.com/aws/aws-sdk-go-v2/service/autoscaling" @@ -207,7 +208,7 @@ func (c *Client) DeleteNode(ctx context.Context, providerID string) error { ShouldDecrementDesiredCapacity: toPtr(true), }, ) - if err != nil { + if err != nil && !isInstanceNotFoundError(err) { return fmt.Errorf("failed to terminate instance: %w", err) } @@ -217,3 +218,10 @@ func (c *Client) DeleteNode(ctx context.Context, providerID string) error { func toPtr[T any](v T) *T { return &v } + +func isInstanceNotFoundError(err error) bool { + if err == nil { + return false + } + return strings.Contains(err.Error(), "Instance Id not found") +} diff --git a/operators/constellation-node-operator/internal/cloud/aws/client/nodeimage_test.go b/operators/constellation-node-operator/internal/cloud/aws/client/nodeimage_test.go index 1bae66ec0..d939f2029 100644 --- a/operators/constellation-node-operator/internal/cloud/aws/client/nodeimage_test.go +++ b/operators/constellation-node-operator/internal/cloud/aws/client/nodeimage_test.go @@ -8,6 +8,7 @@ package client import ( "context" + "fmt" "testing" "github.com/aws/aws-sdk-go-v2/service/autoscaling" @@ -382,6 +383,10 @@ func TestDeleteNode(t *testing.T) { terminateInstanceErr: assert.AnError, wantErr: true, }, + "deleting node succeeds when the instance does not exist": { + providerID: "aws:///us-east-2a/i-00000000000000000", + terminateInstanceErr: fmt.Errorf("Instance Id not found - No managed instance found for instance ID: i-00000000000000000"), + }, } for name, tc := range testCases { t.Run(name, func(t *testing.T) { diff --git a/operators/constellation-node-operator/internal/cloud/gcp/client/nodeimage.go b/operators/constellation-node-operator/internal/cloud/gcp/client/nodeimage.go index ddd102d39..e69750321 100644 --- a/operators/constellation-node-operator/internal/cloud/gcp/client/nodeimage.go +++ b/operators/constellation-node-operator/internal/cloud/gcp/client/nodeimage.go @@ -139,7 +139,8 @@ func (c *Client) DeleteNode(ctx context.Context, providerID string) error { Project: instanceGroupProject, Zone: instanceGroupZone, InstanceGroupManagersDeleteInstancesRequestResource: &computepb.InstanceGroupManagersDeleteInstancesRequest{ - Instances: []string{instanceID}, + Instances: []string{instanceID}, + SkipInstancesOnValidationError: toPtr(true), }, }) if err != nil { @@ -147,3 +148,7 @@ func (c *Client) DeleteNode(ctx context.Context, providerID string) error { } return op.Wait(ctx) } + +func toPtr[T any](v T) *T { + return &v +} From 9c100a542c80641a7389d695ead780530a3ab2c3 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Wed, 22 May 2024 16:12:53 +0200 Subject: [PATCH 003/380] bootstrapper: prioritize etcd disk I/O (#3114) --- bootstrapper/cmd/bootstrapper/main.go | 10 +- bootstrapper/cmd/bootstrapper/test.go | 5 +- bootstrapper/internal/etcdio/BUILD.bazel | 9 + bootstrapper/internal/etcdio/etcdio.go | 156 +++++++++++++++ .../internal/initserver/initserver.go | 2 - .../internal/initserver/initserver_test.go | 3 +- .../internal/joinclient/joinclient.go | 3 +- .../internal/joinclient/joinclient_test.go | 3 +- bootstrapper/internal/kubernetes/BUILD.bazel | 1 + .../internal/kubernetes/kubernetes.go | 82 +++++--- .../internal/kubernetes/kubernetes_test.go | 180 ++++++++++-------- 11 files changed, 334 insertions(+), 120 deletions(-) create mode 100644 bootstrapper/internal/etcdio/BUILD.bazel create mode 100644 bootstrapper/internal/etcdio/etcdio.go diff --git a/bootstrapper/cmd/bootstrapper/main.go b/bootstrapper/cmd/bootstrapper/main.go index ff99b231f..fd7080c74 100644 --- a/bootstrapper/cmd/bootstrapper/main.go +++ b/bootstrapper/cmd/bootstrapper/main.go @@ -86,7 +86,7 @@ func main() { clusterInitJoiner = kubernetes.New( "aws", k8sapi.NewKubernetesUtil(), &k8sapi.KubdeadmConfiguration{}, kubectl.NewUninitialized(), - metadata, &kubewaiter.CloudKubeAPIWaiter{}, + metadata, &kubewaiter.CloudKubeAPIWaiter{}, log, ) openDevice = vtpm.OpenVTPM fs = afero.NewOsFs() @@ -102,7 +102,7 @@ func main() { metadataAPI = metadata clusterInitJoiner = kubernetes.New( "gcp", k8sapi.NewKubernetesUtil(), &k8sapi.KubdeadmConfiguration{}, kubectl.NewUninitialized(), - metadata, &kubewaiter.CloudKubeAPIWaiter{}, + metadata, &kubewaiter.CloudKubeAPIWaiter{}, log, ) openDevice = vtpm.OpenVTPM fs = afero.NewOsFs() @@ -122,7 +122,7 @@ func main() { metadataAPI = metadata clusterInitJoiner = kubernetes.New( "azure", k8sapi.NewKubernetesUtil(), &k8sapi.KubdeadmConfiguration{}, kubectl.NewUninitialized(), - metadata, &kubewaiter.CloudKubeAPIWaiter{}, + metadata, &kubewaiter.CloudKubeAPIWaiter{}, log, ) openDevice = vtpm.OpenVTPM @@ -132,7 +132,7 @@ func main() { metadata := qemucloud.New() clusterInitJoiner = kubernetes.New( "qemu", k8sapi.NewKubernetesUtil(), &k8sapi.KubdeadmConfiguration{}, kubectl.NewUninitialized(), - metadata, &kubewaiter.CloudKubeAPIWaiter{}, + metadata, &kubewaiter.CloudKubeAPIWaiter{}, log, ) metadataAPI = metadata @@ -155,7 +155,7 @@ func main() { } clusterInitJoiner = kubernetes.New( "openstack", k8sapi.NewKubernetesUtil(), &k8sapi.KubdeadmConfiguration{}, kubectl.NewUninitialized(), - metadata, &kubewaiter.CloudKubeAPIWaiter{}, + metadata, &kubewaiter.CloudKubeAPIWaiter{}, log, ) metadataAPI = metadata openDevice = vtpm.OpenVTPM diff --git a/bootstrapper/cmd/bootstrapper/test.go b/bootstrapper/cmd/bootstrapper/test.go index 05840de33..d0132ead8 100644 --- a/bootstrapper/cmd/bootstrapper/test.go +++ b/bootstrapper/cmd/bootstrapper/test.go @@ -8,7 +8,6 @@ package main import ( "context" - "log/slog" "github.com/edgelesssys/constellation/v2/internal/cloud/metadata" "github.com/edgelesssys/constellation/v2/internal/role" @@ -22,13 +21,13 @@ type clusterFake struct{} // InitCluster fakes bootstrapping a new cluster with the current node being the master, returning the arguments required to join the cluster. func (c *clusterFake) InitCluster( context.Context, string, string, - bool, components.Components, []string, string, *slog.Logger, + bool, components.Components, []string, string, ) ([]byte, error) { return []byte{}, nil } // JoinCluster will fake joining the current node to an existing cluster. -func (c *clusterFake) JoinCluster(context.Context, *kubeadm.BootstrapTokenDiscovery, role.Role, components.Components, *slog.Logger) error { +func (c *clusterFake) JoinCluster(context.Context, *kubeadm.BootstrapTokenDiscovery, role.Role, components.Components) error { return nil } diff --git a/bootstrapper/internal/etcdio/BUILD.bazel b/bootstrapper/internal/etcdio/BUILD.bazel new file mode 100644 index 000000000..b7725d106 --- /dev/null +++ b/bootstrapper/internal/etcdio/BUILD.bazel @@ -0,0 +1,9 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") + +go_library( + name = "etcdio", + srcs = ["etcdio.go"], + importpath = "github.com/edgelesssys/constellation/v2/bootstrapper/internal/etcdio", + visibility = ["//bootstrapper:__subpackages__"], + deps = ["@org_golang_x_sys//unix"], +) diff --git a/bootstrapper/internal/etcdio/etcdio.go b/bootstrapper/internal/etcdio/etcdio.go new file mode 100644 index 000000000..e6c967225 --- /dev/null +++ b/bootstrapper/internal/etcdio/etcdio.go @@ -0,0 +1,156 @@ +/* +Copyright (c) Edgeless Systems GmbH + +SPDX-License-Identifier: AGPL-3.0-only +*/ + +// The etcdio package provides utilities to manage etcd I/O. +package etcdio + +import ( + "context" + "errors" + "fmt" + "log/slog" + "os" + "path" + "strconv" + "time" + + "golang.org/x/sys/unix" +) + +var ( + // ErrNoEtcdProcess is returned when no etcd process is found on the node. + ErrNoEtcdProcess = errors.New("no etcd process found on node") + // ErrMultipleEtcdProcesses is returned when multiple etcd processes are found on the node. + ErrMultipleEtcdProcesses = errors.New("multiple etcd processes found on node") +) + +const ( + // Tells the syscall that a process' priority is going to be set. + // See https://elixir.bootlin.com/linux/v6.9.1/source/include/uapi/linux/ioprio.h#L54. + ioPrioWhoProcess = 1 + + // See https://elixir.bootlin.com/linux/v6.9.1/source/include/uapi/linux/ioprio.h#L11. + ioPrioClassShift = 13 + ioPrioNrClasses = 8 + ioPrioClassMask = ioPrioNrClasses - 1 + ioPrioPrioMask = (1 << ioPrioClassShift) - 1 + + targetClass = 1 // Realtime IO class for best scheduling prio + targetPrio = 0 // Highest priority within the class +) + +// Client is a client for managing etcd I/O. +type Client struct { + log *slog.Logger +} + +// NewClient creates a new etcd I/O management client. +func NewClient(log *slog.Logger) *Client { + return &Client{log: log} +} + +// PrioritizeIO tries to prioritize the I/O of the etcd process. +// Since it might be possible that the process just started (if this method is called +// right after the kubelet started), it retries to do its work each second +// until it succeeds or the timeout of 10 seconds is reached. +func (c *Client) PrioritizeIO() { + ticker := time.NewTicker(1 * time.Second) + defer ticker.Stop() + timeout, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + + for { + c.log.Info("Prioritizing etcd I/O") + err := c.setIOPriority() + if err == nil { + // Success, return directly + return + } else if errors.Is(err, ErrNoEtcdProcess) { + c.log.Info("No etcd process found, retrying") + } else { + c.log.Warn("Prioritizing etcd I/O failed", "error", err) + return + } + + select { + case <-ticker.C: + case <-timeout.Done(): + c.log.Warn("Timed out waiting for etcd to start") + return + } + } +} + +// setIOPriority tries to find the etcd process on the node and prioritizes its I/O. +func (c *Client) setIOPriority() error { + // find etcd process(es) + pid, err := c.findEtcdProcess() + if err != nil { + return fmt.Errorf("finding etcd process: %w", err) + } + + // Highest realtime priority value for the etcd process, see https://elixir.bootlin.com/linux/v6.9.1/source/include/uapi/linux/ioprio.h + // for the calculation details. + prioVal := ((targetClass & ioPrioClassMask) << ioPrioClassShift) | (targetPrio & ioPrioPrioMask) + + // see https://man7.org/linux/man-pages/man2/ioprio_set.2.html + ret, _, errno := unix.Syscall(unix.SYS_IOPRIO_SET, ioPrioWhoProcess, uintptr(pid), uintptr(prioVal)) + if ret != 0 { + return fmt.Errorf("setting I/O priority for etcd: %w", errno) + } + + return nil +} + +// findEtcdProcess tries to find the etcd process on the node. +func (c *Client) findEtcdProcess() (int, error) { + procDir, err := os.Open("/proc") + if err != nil { + return 0, fmt.Errorf("opening /proc: %w", err) + } + defer procDir.Close() + + procEntries, err := procDir.Readdirnames(0) + if err != nil { + return 0, fmt.Errorf("reading /proc: %w", err) + } + + // find etcd process(es) + etcdPIDs := []int{} + for _, f := range procEntries { + // exclude non-pid dirs + if f[0] < '0' || f[0] > '9' { + continue + } + + exe, err := os.Readlink(fmt.Sprintf("/proc/%s/exe", f)) + if err != nil { + continue + } + + if path.Base(exe) != "etcd" { + continue + } + + pid, err := strconv.Atoi(f) + if err != nil { + continue + } + + // add the PID to the list of etcd PIDs + etcdPIDs = append(etcdPIDs, pid) + } + + if len(etcdPIDs) == 0 { + return 0, ErrNoEtcdProcess + } + + if len(etcdPIDs) > 1 { + return 0, ErrMultipleEtcdProcesses + } + + return etcdPIDs[0], nil +} diff --git a/bootstrapper/internal/initserver/initserver.go b/bootstrapper/internal/initserver/initserver.go index a38bdbc8d..9c2ef36a9 100644 --- a/bootstrapper/internal/initserver/initserver.go +++ b/bootstrapper/internal/initserver/initserver.go @@ -234,7 +234,6 @@ func (s *Server) Init(req *initproto.InitRequest, stream initproto.API_InitServe req.KubernetesComponents, req.ApiserverCertSans, req.ServiceCidr, - s.log, ) if err != nil { if e := s.sendLogsWithMessage(stream, status.Errorf(codes.Internal, "initializing cluster: %s", err)); e != nil { @@ -357,7 +356,6 @@ type ClusterInitializer interface { kubernetesComponents components.Components, apiServerCertSANs []string, serviceCIDR string, - log *slog.Logger, ) ([]byte, error) } diff --git a/bootstrapper/internal/initserver/initserver_test.go b/bootstrapper/internal/initserver/initserver_test.go index 84d0316d7..0d9f25db4 100644 --- a/bootstrapper/internal/initserver/initserver_test.go +++ b/bootstrapper/internal/initserver/initserver_test.go @@ -11,7 +11,6 @@ import ( "context" "errors" "io" - "log/slog" "net" "strings" "sync" @@ -420,7 +419,7 @@ type stubClusterInitializer struct { func (i *stubClusterInitializer) InitCluster( context.Context, string, string, - bool, components.Components, []string, string, *slog.Logger, + bool, components.Components, []string, string, ) ([]byte, error) { return i.initClusterKubeconfig, i.initClusterErr } diff --git a/bootstrapper/internal/joinclient/joinclient.go b/bootstrapper/internal/joinclient/joinclient.go index 3e2944325..8a2f6986f 100644 --- a/bootstrapper/internal/joinclient/joinclient.go +++ b/bootstrapper/internal/joinclient/joinclient.go @@ -288,7 +288,7 @@ func (c *JoinClient) startNodeAndJoin(ticket *joinproto.IssueJoinTicketResponse, // We currently cannot recover from any failure in this function. Joining the k8s cluster // sometimes fails transiently, and we don't want to brick the node because of that. for i := range 3 { - err = c.joiner.JoinCluster(ctx, btd, c.role, ticket.KubernetesComponents, c.log) + err = c.joiner.JoinCluster(ctx, btd, c.role, ticket.KubernetesComponents) if err == nil { break } @@ -399,7 +399,6 @@ type ClusterJoiner interface { args *kubeadm.BootstrapTokenDiscovery, peerRole role.Role, k8sComponents components.Components, - log *slog.Logger, ) error } diff --git a/bootstrapper/internal/joinclient/joinclient_test.go b/bootstrapper/internal/joinclient/joinclient_test.go index a93ed4b3f..6a0b89f4b 100644 --- a/bootstrapper/internal/joinclient/joinclient_test.go +++ b/bootstrapper/internal/joinclient/joinclient_test.go @@ -8,7 +8,6 @@ package joinclient import ( "context" - "log/slog" "net" "strconv" "sync" @@ -350,7 +349,7 @@ type stubClusterJoiner struct { joinClusterErr error } -func (j *stubClusterJoiner) JoinCluster(context.Context, *kubeadm.BootstrapTokenDiscovery, role.Role, components.Components, *slog.Logger) error { +func (j *stubClusterJoiner) JoinCluster(context.Context, *kubeadm.BootstrapTokenDiscovery, role.Role, components.Components) error { j.joinClusterCalled++ if j.numBadCalls == 0 { return nil diff --git a/bootstrapper/internal/kubernetes/BUILD.bazel b/bootstrapper/internal/kubernetes/BUILD.bazel index d6ba14a49..935c3fefd 100644 --- a/bootstrapper/internal/kubernetes/BUILD.bazel +++ b/bootstrapper/internal/kubernetes/BUILD.bazel @@ -11,6 +11,7 @@ go_library( importpath = "github.com/edgelesssys/constellation/v2/bootstrapper/internal/kubernetes", visibility = ["//bootstrapper:__subpackages__"], deps = [ + "//bootstrapper/internal/etcdio", "//bootstrapper/internal/kubernetes/k8sapi", "//bootstrapper/internal/kubernetes/kubewaiter", "//internal/cloud/cloudprovider", diff --git a/bootstrapper/internal/kubernetes/kubernetes.go b/bootstrapper/internal/kubernetes/kubernetes.go index 5ef1f4637..d4e916f0f 100644 --- a/bootstrapper/internal/kubernetes/kubernetes.go +++ b/bootstrapper/internal/kubernetes/kubernetes.go @@ -16,6 +16,7 @@ import ( "strings" "time" + "github.com/edgelesssys/constellation/v2/bootstrapper/internal/etcdio" "github.com/edgelesssys/constellation/v2/bootstrapper/internal/kubernetes/k8sapi" "github.com/edgelesssys/constellation/v2/bootstrapper/internal/kubernetes/kubewaiter" "github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider" @@ -40,37 +41,48 @@ type kubeAPIWaiter interface { Wait(ctx context.Context, kubernetesClient kubewaiter.KubernetesClient) error } +type etcdIOPrioritizer interface { + PrioritizeIO() +} + // KubeWrapper implements Cluster interface. type KubeWrapper struct { - cloudProvider string - clusterUtil clusterUtil - kubeAPIWaiter kubeAPIWaiter - configProvider configurationProvider - client k8sapi.Client - providerMetadata ProviderMetadata - getIPAddr func() (string, error) + cloudProvider string + clusterUtil clusterUtil + kubeAPIWaiter kubeAPIWaiter + configProvider configurationProvider + client k8sapi.Client + providerMetadata ProviderMetadata + etcdIOPrioritizer etcdIOPrioritizer + getIPAddr func() (string, error) + + log *slog.Logger } // New creates a new KubeWrapper with real values. func New(cloudProvider string, clusterUtil clusterUtil, configProvider configurationProvider, client k8sapi.Client, - providerMetadata ProviderMetadata, kubeAPIWaiter kubeAPIWaiter, + providerMetadata ProviderMetadata, kubeAPIWaiter kubeAPIWaiter, log *slog.Logger, ) *KubeWrapper { + etcdIOPrioritizer := etcdio.NewClient(log) + return &KubeWrapper{ - cloudProvider: cloudProvider, - clusterUtil: clusterUtil, - kubeAPIWaiter: kubeAPIWaiter, - configProvider: configProvider, - client: client, - providerMetadata: providerMetadata, - getIPAddr: getIPAddr, + cloudProvider: cloudProvider, + clusterUtil: clusterUtil, + kubeAPIWaiter: kubeAPIWaiter, + configProvider: configProvider, + client: client, + providerMetadata: providerMetadata, + getIPAddr: getIPAddr, + log: log, + etcdIOPrioritizer: etcdIOPrioritizer, } } // InitCluster initializes a new Kubernetes cluster and applies pod network provider. func (k *KubeWrapper) InitCluster( - ctx context.Context, versionString, clusterName string, conformanceMode bool, kubernetesComponents components.Components, apiServerCertSANs []string, serviceCIDR string, log *slog.Logger, + ctx context.Context, versionString, clusterName string, conformanceMode bool, kubernetesComponents components.Components, apiServerCertSANs []string, serviceCIDR string, ) ([]byte, error) { - log.With(slog.String("version", versionString)).Info("Installing Kubernetes components") + k.log.With(slog.String("version", versionString)).Info("Installing Kubernetes components") if err := k.clusterUtil.InstallComponents(ctx, kubernetesComponents); err != nil { return nil, err } @@ -78,7 +90,7 @@ func (k *KubeWrapper) InitCluster( var validIPs []net.IP // Step 1: retrieve cloud metadata for Kubernetes configuration - log.Info("Retrieving node metadata") + k.log.Info("Retrieving node metadata") instance, err := k.providerMetadata.Self(ctx) if err != nil { return nil, fmt.Errorf("retrieving own instance metadata: %w", err) @@ -106,7 +118,7 @@ func (k *KubeWrapper) InitCluster( certSANs := []string{nodeIP} certSANs = append(certSANs, apiServerCertSANs...) - log.With( + k.log.With( slog.String("nodeName", nodeName), slog.String("providerID", instance.ProviderID), slog.String("nodeIP", nodeIP), @@ -132,12 +144,16 @@ func (k *KubeWrapper) InitCluster( if err != nil { return nil, fmt.Errorf("encoding kubeadm init configuration as YAML: %w", err) } - log.Info("Initializing Kubernetes cluster") - kubeConfig, err := k.clusterUtil.InitCluster(ctx, initConfigYAML, nodeName, clusterName, validIPs, conformanceMode, log) + + k.log.Info("Initializing Kubernetes cluster") + kubeConfig, err := k.clusterUtil.InitCluster(ctx, initConfigYAML, nodeName, clusterName, validIPs, conformanceMode, k.log) if err != nil { return nil, fmt.Errorf("kubeadm init: %w", err) } + k.log.Info("Prioritizing etcd I/O") + k.etcdIOPrioritizer.PrioritizeIO() + err = k.client.Initialize(kubeConfig) if err != nil { return nil, fmt.Errorf("initializing kubectl client: %w", err) @@ -177,22 +193,23 @@ func (k *KubeWrapper) InitCluster( return nil, fmt.Errorf("annotating node with Kubernetes components hash: %w", err) } - log.Info("Setting up internal-config ConfigMap") + k.log.Info("Setting up internal-config ConfigMap") if err := k.setupInternalConfigMap(ctx); err != nil { return nil, fmt.Errorf("failed to setup internal ConfigMap: %w", err) } + return kubeConfig, nil } // JoinCluster joins existing Kubernetes cluster. -func (k *KubeWrapper) JoinCluster(ctx context.Context, args *kubeadm.BootstrapTokenDiscovery, peerRole role.Role, k8sComponents components.Components, log *slog.Logger) error { - log.With("k8sComponents", k8sComponents).Info("Installing provided kubernetes components") +func (k *KubeWrapper) JoinCluster(ctx context.Context, args *kubeadm.BootstrapTokenDiscovery, peerRole role.Role, k8sComponents components.Components) error { + k.log.With("k8sComponents", k8sComponents).Info("Installing provided kubernetes components") if err := k.clusterUtil.InstallComponents(ctx, k8sComponents); err != nil { return fmt.Errorf("installing kubernetes components: %w", err) } // Step 1: retrieve cloud metadata for Kubernetes configuration - log.Info("Retrieving node metadata") + k.log.Info("Retrieving node metadata") instance, err := k.providerMetadata.Self(ctx) if err != nil { return fmt.Errorf("retrieving own instance metadata: %w", err) @@ -212,7 +229,7 @@ func (k *KubeWrapper) JoinCluster(ctx context.Context, args *kubeadm.BootstrapTo // override join endpoint to go over lb args.APIServerEndpoint = net.JoinHostPort(loadBalancerHost, loadBalancerPort) - log.With( + k.log.With( slog.String("nodeName", nodeName), slog.String("providerID", providerID), slog.String("nodeIP", nodeInternalIP), @@ -237,11 +254,18 @@ func (k *KubeWrapper) JoinCluster(ctx context.Context, args *kubeadm.BootstrapTo if err != nil { return fmt.Errorf("encoding kubeadm join configuration as YAML: %w", err) } - log.With(slog.String("apiServerEndpoint", args.APIServerEndpoint)).Info("Joining Kubernetes cluster") - if err := k.clusterUtil.JoinCluster(ctx, joinConfigYAML, log); err != nil { + + k.log.With(slog.String("apiServerEndpoint", args.APIServerEndpoint)).Info("Joining Kubernetes cluster") + if err := k.clusterUtil.JoinCluster(ctx, joinConfigYAML, k.log); err != nil { return fmt.Errorf("joining cluster: %v; %w ", string(joinConfigYAML), err) } + // If on control plane (and thus with etcd), try to prioritize etcd I/O. + if peerRole == role.ControlPlane { + k.log.Info("Prioritizing etcd I/O") + k.etcdIOPrioritizer.PrioritizeIO() + } + return nil } @@ -301,6 +325,8 @@ func (k *KubeWrapper) StartKubelet() error { return fmt.Errorf("starting kubelet: %w", err) } + k.etcdIOPrioritizer.PrioritizeIO() + return nil } diff --git a/bootstrapper/internal/kubernetes/kubernetes_test.go b/bootstrapper/internal/kubernetes/kubernetes_test.go index ccc3a107c..bef50253d 100644 --- a/bootstrapper/internal/kubernetes/kubernetes_test.go +++ b/bootstrapper/internal/kubernetes/kubernetes_test.go @@ -42,17 +42,19 @@ func TestInitCluster(t *testing.T) { aliasIPRange := "192.0.2.0/24" testCases := map[string]struct { - clusterUtil stubClusterUtil - kubectl stubKubectl - kubeAPIWaiter stubKubeAPIWaiter - providerMetadata ProviderMetadata - wantConfig k8sapi.KubeadmInitYAML - wantErr bool - k8sVersion versions.ValidK8sVersion + clusterUtil stubClusterUtil + kubectl stubKubectl + kubeAPIWaiter stubKubeAPIWaiter + providerMetadata ProviderMetadata + wantConfig k8sapi.KubeadmInitYAML + etcdIOPrioritizer stubEtcdIOPrioritizer + wantErr bool + k8sVersion versions.ValidK8sVersion }{ "kubeadm init works with metadata and loadbalancer": { - clusterUtil: stubClusterUtil{kubeconfig: []byte("someKubeconfig")}, - kubeAPIWaiter: stubKubeAPIWaiter{}, + clusterUtil: stubClusterUtil{kubeconfig: []byte("someKubeconfig")}, + kubeAPIWaiter: stubKubeAPIWaiter{}, + etcdIOPrioritizer: stubEtcdIOPrioritizer{}, providerMetadata: &stubProviderMetadata{ selfResp: metadata.InstanceMetadata{ Name: nodeName, @@ -85,8 +87,9 @@ func TestInitCluster(t *testing.T) { k8sVersion: versions.Default, }, "kubeadm init fails when annotating itself": { - clusterUtil: stubClusterUtil{kubeconfig: []byte("someKubeconfig")}, - kubeAPIWaiter: stubKubeAPIWaiter{}, + clusterUtil: stubClusterUtil{kubeconfig: []byte("someKubeconfig")}, + kubeAPIWaiter: stubKubeAPIWaiter{}, + etcdIOPrioritizer: stubEtcdIOPrioritizer{}, providerMetadata: &stubProviderMetadata{ selfResp: metadata.InstanceMetadata{ Name: nodeName, @@ -102,8 +105,9 @@ func TestInitCluster(t *testing.T) { k8sVersion: versions.Default, }, "kubeadm init fails when retrieving metadata self": { - clusterUtil: stubClusterUtil{kubeconfig: []byte("someKubeconfig")}, - kubeAPIWaiter: stubKubeAPIWaiter{}, + clusterUtil: stubClusterUtil{kubeconfig: []byte("someKubeconfig")}, + kubeAPIWaiter: stubKubeAPIWaiter{}, + etcdIOPrioritizer: stubEtcdIOPrioritizer{}, providerMetadata: &stubProviderMetadata{ selfErr: assert.AnError, }, @@ -111,7 +115,8 @@ func TestInitCluster(t *testing.T) { k8sVersion: versions.Default, }, "kubeadm init fails when retrieving metadata loadbalancer ip": { - clusterUtil: stubClusterUtil{kubeconfig: []byte("someKubeconfig")}, + clusterUtil: stubClusterUtil{kubeconfig: []byte("someKubeconfig")}, + etcdIOPrioritizer: stubEtcdIOPrioritizer{}, providerMetadata: &stubProviderMetadata{ getLoadBalancerEndpointErr: assert.AnError, }, @@ -123,51 +128,58 @@ func TestInitCluster(t *testing.T) { initClusterErr: assert.AnError, kubeconfig: []byte("someKubeconfig"), }, - kubeAPIWaiter: stubKubeAPIWaiter{}, - providerMetadata: &stubProviderMetadata{}, - wantErr: true, - k8sVersion: versions.Default, + kubeAPIWaiter: stubKubeAPIWaiter{}, + etcdIOPrioritizer: stubEtcdIOPrioritizer{}, + providerMetadata: &stubProviderMetadata{}, + wantErr: true, + k8sVersion: versions.Default, }, "kubeadm init fails when deploying cilium": { - clusterUtil: stubClusterUtil{kubeconfig: []byte("someKubeconfig")}, - providerMetadata: &stubProviderMetadata{}, - wantErr: true, - k8sVersion: versions.Default, + clusterUtil: stubClusterUtil{kubeconfig: []byte("someKubeconfig")}, + etcdIOPrioritizer: stubEtcdIOPrioritizer{}, + providerMetadata: &stubProviderMetadata{}, + wantErr: true, + k8sVersion: versions.Default, }, "kubeadm init fails when setting up constellation-services chart": { - clusterUtil: stubClusterUtil{kubeconfig: []byte("someKubeconfig")}, - kubeAPIWaiter: stubKubeAPIWaiter{}, - providerMetadata: &stubProviderMetadata{}, - wantErr: true, - k8sVersion: versions.Default, + clusterUtil: stubClusterUtil{kubeconfig: []byte("someKubeconfig")}, + kubeAPIWaiter: stubKubeAPIWaiter{}, + etcdIOPrioritizer: stubEtcdIOPrioritizer{}, + providerMetadata: &stubProviderMetadata{}, + wantErr: true, + k8sVersion: versions.Default, }, "kubeadm init fails when reading kubeconfig": { - clusterUtil: stubClusterUtil{kubeconfig: []byte("someKubeconfig")}, - kubeAPIWaiter: stubKubeAPIWaiter{}, - providerMetadata: &stubProviderMetadata{}, - wantErr: true, - k8sVersion: versions.Default, + clusterUtil: stubClusterUtil{kubeconfig: []byte("someKubeconfig")}, + kubeAPIWaiter: stubKubeAPIWaiter{}, + etcdIOPrioritizer: stubEtcdIOPrioritizer{}, + providerMetadata: &stubProviderMetadata{}, + wantErr: true, + k8sVersion: versions.Default, }, "kubeadm init fails when setting up verification service": { - clusterUtil: stubClusterUtil{kubeconfig: []byte("someKubeconfig")}, - kubeAPIWaiter: stubKubeAPIWaiter{}, - providerMetadata: &stubProviderMetadata{}, - wantErr: true, - k8sVersion: versions.Default, + clusterUtil: stubClusterUtil{kubeconfig: []byte("someKubeconfig")}, + kubeAPIWaiter: stubKubeAPIWaiter{}, + etcdIOPrioritizer: stubEtcdIOPrioritizer{}, + providerMetadata: &stubProviderMetadata{}, + wantErr: true, + k8sVersion: versions.Default, }, "kubeadm init fails when waiting for kubeAPI server": { - clusterUtil: stubClusterUtil{kubeconfig: []byte("someKubeconfig")}, - kubeAPIWaiter: stubKubeAPIWaiter{waitErr: assert.AnError}, - providerMetadata: &stubProviderMetadata{}, - k8sVersion: versions.Default, - wantErr: true, + clusterUtil: stubClusterUtil{kubeconfig: []byte("someKubeconfig")}, + kubeAPIWaiter: stubKubeAPIWaiter{waitErr: assert.AnError}, + etcdIOPrioritizer: stubEtcdIOPrioritizer{}, + providerMetadata: &stubProviderMetadata{}, + k8sVersion: versions.Default, + wantErr: true, }, "unsupported k8sVersion fails cluster creation": { - clusterUtil: stubClusterUtil{kubeconfig: []byte("someKubeconfig")}, - kubeAPIWaiter: stubKubeAPIWaiter{}, - providerMetadata: &stubProviderMetadata{}, - k8sVersion: "1.19", - wantErr: true, + clusterUtil: stubClusterUtil{kubeconfig: []byte("someKubeconfig")}, + kubeAPIWaiter: stubKubeAPIWaiter{}, + etcdIOPrioritizer: stubEtcdIOPrioritizer{}, + providerMetadata: &stubProviderMetadata{}, + k8sVersion: "1.19", + wantErr: true, }, } @@ -177,18 +189,20 @@ func TestInitCluster(t *testing.T) { require := require.New(t) kube := KubeWrapper{ - cloudProvider: "aws", // provide a valid cloud provider for cilium installation - clusterUtil: &tc.clusterUtil, - providerMetadata: tc.providerMetadata, - kubeAPIWaiter: &tc.kubeAPIWaiter, - configProvider: &stubConfigProvider{initConfig: k8sapi.KubeadmInitYAML{}}, - client: &tc.kubectl, - getIPAddr: func() (string, error) { return privateIP, nil }, + cloudProvider: "aws", // provide a valid cloud provider for cilium installation + clusterUtil: &tc.clusterUtil, + providerMetadata: tc.providerMetadata, + kubeAPIWaiter: &tc.kubeAPIWaiter, + configProvider: &stubConfigProvider{initConfig: k8sapi.KubeadmInitYAML{}}, + client: &tc.kubectl, + getIPAddr: func() (string, error) { return privateIP, nil }, + etcdIOPrioritizer: &tc.etcdIOPrioritizer, + log: logger.NewTest(t), } _, err := kube.InitCluster( context.Background(), string(tc.k8sVersion), "kubernetes", - false, nil, nil, "", logger.NewTest(t), + false, nil, nil, "", ) if tc.wantErr { @@ -224,15 +238,17 @@ func TestJoinCluster(t *testing.T) { } testCases := map[string]struct { - clusterUtil stubClusterUtil - providerMetadata ProviderMetadata - wantConfig kubeadm.JoinConfiguration - role role.Role - k8sComponents components.Components - wantErr bool + clusterUtil stubClusterUtil + providerMetadata ProviderMetadata + wantConfig kubeadm.JoinConfiguration + role role.Role + k8sComponents components.Components + etcdIOPrioritizer stubEtcdIOPrioritizer + wantErr bool }{ "kubeadm join worker works with metadata and remote Kubernetes Components": { - clusterUtil: stubClusterUtil{}, + clusterUtil: stubClusterUtil{}, + etcdIOPrioritizer: stubEtcdIOPrioritizer{}, providerMetadata: &stubProviderMetadata{ selfResp: metadata.InstanceMetadata{ ProviderID: "provider-id", @@ -253,7 +269,8 @@ func TestJoinCluster(t *testing.T) { }, }, "kubeadm join worker works with metadata and local Kubernetes components": { - clusterUtil: stubClusterUtil{}, + clusterUtil: stubClusterUtil{}, + etcdIOPrioritizer: stubEtcdIOPrioritizer{}, providerMetadata: &stubProviderMetadata{ selfResp: metadata.InstanceMetadata{ ProviderID: "provider-id", @@ -273,7 +290,8 @@ func TestJoinCluster(t *testing.T) { }, }, "kubeadm join worker works with metadata and cloud controller manager": { - clusterUtil: stubClusterUtil{}, + clusterUtil: stubClusterUtil{}, + etcdIOPrioritizer: stubEtcdIOPrioritizer{}, providerMetadata: &stubProviderMetadata{ selfResp: metadata.InstanceMetadata{ ProviderID: "provider-id", @@ -293,7 +311,8 @@ func TestJoinCluster(t *testing.T) { }, }, "kubeadm join control-plane node works with metadata": { - clusterUtil: stubClusterUtil{}, + clusterUtil: stubClusterUtil{}, + etcdIOPrioritizer: stubEtcdIOPrioritizer{}, providerMetadata: &stubProviderMetadata{ selfResp: metadata.InstanceMetadata{ ProviderID: "provider-id", @@ -320,7 +339,8 @@ func TestJoinCluster(t *testing.T) { }, }, "kubeadm join worker fails when installing remote Kubernetes components": { - clusterUtil: stubClusterUtil{installComponentsErr: errors.New("error")}, + clusterUtil: stubClusterUtil{installComponentsErr: errors.New("error")}, + etcdIOPrioritizer: stubEtcdIOPrioritizer{}, providerMetadata: &stubProviderMetadata{ selfResp: metadata.InstanceMetadata{ ProviderID: "provider-id", @@ -333,7 +353,8 @@ func TestJoinCluster(t *testing.T) { wantErr: true, }, "kubeadm join worker fails when retrieving self metadata": { - clusterUtil: stubClusterUtil{}, + clusterUtil: stubClusterUtil{}, + etcdIOPrioritizer: stubEtcdIOPrioritizer{}, providerMetadata: &stubProviderMetadata{ selfErr: assert.AnError, }, @@ -341,10 +362,11 @@ func TestJoinCluster(t *testing.T) { wantErr: true, }, "kubeadm join worker fails when applying the join config": { - clusterUtil: stubClusterUtil{joinClusterErr: assert.AnError}, - providerMetadata: &stubProviderMetadata{}, - role: role.Worker, - wantErr: true, + clusterUtil: stubClusterUtil{joinClusterErr: assert.AnError}, + etcdIOPrioritizer: stubEtcdIOPrioritizer{}, + providerMetadata: &stubProviderMetadata{}, + role: role.Worker, + wantErr: true, }, } @@ -354,13 +376,15 @@ func TestJoinCluster(t *testing.T) { require := require.New(t) kube := KubeWrapper{ - clusterUtil: &tc.clusterUtil, - providerMetadata: tc.providerMetadata, - configProvider: &stubConfigProvider{}, - getIPAddr: func() (string, error) { return privateIP, nil }, + clusterUtil: &tc.clusterUtil, + providerMetadata: tc.providerMetadata, + configProvider: &stubConfigProvider{}, + getIPAddr: func() (string, error) { return privateIP, nil }, + etcdIOPrioritizer: &tc.etcdIOPrioritizer, + log: logger.NewTest(t), } - err := kube.JoinCluster(context.Background(), joinCommand, tc.role, tc.k8sComponents, logger.NewTest(t)) + err := kube.JoinCluster(context.Background(), joinCommand, tc.role, tc.k8sComponents) if tc.wantErr { assert.Error(err) return @@ -545,3 +569,7 @@ type stubKubeAPIWaiter struct { func (s *stubKubeAPIWaiter) Wait(_ context.Context, _ kubewaiter.KubernetesClient) error { return s.waitErr } + +type stubEtcdIOPrioritizer struct{} + +func (s *stubEtcdIOPrioritizer) PrioritizeIO() {} From d0bab9eb08e73fdf705e9e809df81a690ffa4068 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Thu, 23 May 2024 09:24:15 +0200 Subject: [PATCH 004/380] ci: ignore missing files when creating archive (#3118) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Reduce output noise from using 7zip * Ignore non existent files when creating archive --------- Signed-off-by: Daniel Weiße --- .github/actions/artifact_download/action.yml | 2 +- .github/actions/artifact_upload/action.yml | 11 ++++++++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.github/actions/artifact_download/action.yml b/.github/actions/artifact_download/action.yml index 7bef0caa5..67f772fea 100644 --- a/.github/actions/artifact_download/action.yml +++ b/.github/actions/artifact_download/action.yml @@ -37,4 +37,4 @@ runs: shell: bash run: | mkdir -p ${{ inputs.path }} - 7zz x -p'${{ inputs.encryptionSecret }}' -t7z -o"${{ inputs.path }}" ${{ steps.tempdir.outputs.directory }}/archive.7z + 7zz x -p'${{ inputs.encryptionSecret }}' -bso0 -bsp0 -t7z -o"${{ inputs.path }}" ${{ steps.tempdir.outputs.directory }}/archive.7z diff --git a/.github/actions/artifact_upload/action.yml b/.github/actions/artifact_upload/action.yml index ec2d4d85b..14f5df055 100644 --- a/.github/actions/artifact_upload/action.yml +++ b/.github/actions/artifact_upload/action.yml @@ -47,6 +47,7 @@ runs: something_exists=true fi done + # Create an archive if files exist. # Don't create an archive file if no files are found # and warn. @@ -55,11 +56,15 @@ runs: echo "::warning:: No files/directories found with the provided path(s): ${paths}. No artifact will be uploaded." exit 0 fi + for target in ${paths} do - pushd "$(dirname "${target}")" || exit 1 - 7zz a -p'${{ inputs.encryptionSecret }}' -t7z -ms=on -mhe=on "${{ steps.tempdir.outputs.directory }}/archive.7z" "$(basename "${target}")" - popd || exit 1 + if [[ -f "${target}" ]] + then + pushd "$(dirname "${target}")" || exit 1 + 7zz a -p'${{ inputs.encryptionSecret }}' -bso0 -bsp0 -t7z -ms=on -mhe=on "${{ steps.tempdir.outputs.directory }}/archive.7z" "$(basename "${target}")" + popd || exit 1 + fi done - name: Upload archive as artifact From 8796edc9ad9efd8d70b019781e1af9ef11ed1df3 Mon Sep 17 00:00:00 2001 From: Malte Poll <1780588+malt3@users.noreply.github.com> Date: Wed, 22 May 2024 13:25:35 +0200 Subject: [PATCH 005/380] bazel: enable bzlmod This change enables bzlmod without migrating any dependencies. Instead, WORKSPACE dependencies can be migrated one by one. --- .bazelrc | 6 ---- BUILD.bazel | 2 +- MODULE.bazel | 1 + WORKSPACE.bazel => WORKSPACE.bzlmod | 7 +++- bazel/ci/BUILD.bazel | 2 +- bazel/toolchains/BUILD.bazel | 2 +- dev-docs/workflows/bump-go-version.md | 2 +- hack/bazel-deps-mirror/README.md | 2 +- .../internal/bazelfiles/files.go | 10 +++--- .../internal/bazelfiles/files_test.go | 32 +++++++++---------- 10 files changed, 33 insertions(+), 33 deletions(-) create mode 100644 MODULE.bazel rename WORKSPACE.bazel => WORKSPACE.bzlmod (96%) diff --git a/.bazelrc b/.bazelrc index deff2fa8a..8f70af802 100644 --- a/.bazelrc +++ b/.bazelrc @@ -1,9 +1,3 @@ -# Sadly, some Bazel rules we depend on have no support for bzlmod yet -# Here is an (incomplete) list of rules known to not support bzlmod. -# Please extend this list as you find more. -# - rules_nixpkgs: https://github.com/tweag/rules_nixpkgs/issues/181 -common --noenable_bzlmod - # Import bazelrc presets import %workspace%/bazel/bazelrc/bazel7.bazelrc import %workspace%/bazel/bazelrc/convenience.bazelrc diff --git a/BUILD.bazel b/BUILD.bazel index b2443e4b5..6e09ef814 100644 --- a/BUILD.bazel +++ b/BUILD.bazel @@ -1,5 +1,5 @@ exports_files([ - "WORKSPACE.bazel", + "WORKSPACE.bzlmod", ]) alias( diff --git a/MODULE.bazel b/MODULE.bazel new file mode 100644 index 000000000..05e5c1465 --- /dev/null +++ b/MODULE.bazel @@ -0,0 +1 @@ +module(name = "constellation") diff --git a/WORKSPACE.bazel b/WORKSPACE.bzlmod similarity index 96% rename from WORKSPACE.bazel rename to WORKSPACE.bzlmod index 45eff59e0..aea2883be 100644 --- a/WORKSPACE.bazel +++ b/WORKSPACE.bzlmod @@ -1,5 +1,10 @@ workspace(name = "constellation") +# Sadly, some Bazel rules we depend on have no support for bzlmod yet +# Here is an (incomplete) list of rules known to not support bzlmod. +# Please extend this list as you find more. +# - rules_nixpkgs: https://github.com/tweag/rules_nixpkgs/issues/181 + load("//bazel/toolchains:skylib_deps.bzl", "skylib_deps") skylib_deps() @@ -179,7 +184,7 @@ go_register_toolchains() load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies") -gazelle_dependencies(go_repository_default_config = "//:WORKSPACE.bazel") +gazelle_dependencies(go_repository_default_config = "//:WORKSPACE.bzlmod") # gazelle:repo bazel_gazelle diff --git a/bazel/ci/BUILD.bazel b/bazel/ci/BUILD.bazel index 44e1c89c2..10c926ef9 100644 --- a/bazel/ci/BUILD.bazel +++ b/bazel/ci/BUILD.bazel @@ -54,7 +54,7 @@ buildifier_test( no_sandbox = True, tags = ["no-remote-exec"], verbose = True, - workspace = "//:WORKSPACE.bazel", + workspace = "//:WORKSPACE.bzlmod", ) buildifier( diff --git a/bazel/toolchains/BUILD.bazel b/bazel/toolchains/BUILD.bazel index 5849b1b8b..55a19db8a 100644 --- a/bazel/toolchains/BUILD.bazel +++ b/bazel/toolchains/BUILD.bazel @@ -1 +1 @@ -"""This folder contains toolchain dependencies for the project. They are loaded by `WORKSPACE.bazel`.""" +"""This folder contains toolchain dependencies for the project. They are loaded by `WORKSPACE.bzlmod`.""" diff --git a/dev-docs/workflows/bump-go-version.md b/dev-docs/workflows/bump-go-version.md index 3ec607d17..9fe837af1 100644 --- a/dev-docs/workflows/bump-go-version.md +++ b/dev-docs/workflows/bump-go-version.md @@ -4,7 +4,7 @@ ## Steps -Replace "1.xx.x" with the new version in [WORKSPACE.bazel](/WORKSPACE.bazel): +Replace "1.xx.x" with the new version in [WORKSPACE.bzlmod](/WORKSPACE.bzlmod): ```starlark load("@io_bazel_rules_go//go:deps.bzl", "go_download_sdk", "go_register_toolchains", "go_rules_dependencies") diff --git a/hack/bazel-deps-mirror/README.md b/hack/bazel-deps-mirror/README.md index 9aa5fb21e..354e506ab 100644 --- a/hack/bazel-deps-mirror/README.md +++ b/hack/bazel-deps-mirror/README.md @@ -2,7 +2,7 @@ This directory contains tooling to automatically mirror the dependencies of a Bazel project into the Constellation CDN at `https://cdn.confidential.cloud/`. -The tool searches for various rules in the WORKSPACE.bazel file and all loaded .bzl files. +The tool searches for various rules in the WORKSPACE.bzlmod file and all loaded .bzl files. It has the following commands: - check: checks if the dependencies all have a mirror URL and optionally checks if the mirror really returns the expected file diff --git a/hack/bazel-deps-mirror/internal/bazelfiles/files.go b/hack/bazel-deps-mirror/internal/bazelfiles/files.go index 468ff24ac..d1c32135d 100644 --- a/hack/bazel-deps-mirror/internal/bazelfiles/files.go +++ b/hack/bazel-deps-mirror/internal/bazelfiles/files.go @@ -53,12 +53,12 @@ func (h *Helper) FindFiles() ([]BazelFile, error) { return append(bzlFiles, workspaceFile), nil } -// findWorkspaceFile returns the path to the Bazel WORKSPACE.bazel file (or WORKSPACE if the former doesn't exist). +// findWorkspaceFile returns the path to the Bazel WORKSPACE.bzlmod file (or WORKSPACE if the former doesn't exist). func (h *Helper) findWorkspaceFile() (BazelFile, error) { - if _, err := h.fs.Stat("WORKSPACE.bazel"); err == nil { + if _, err := h.fs.Stat("WORKSPACE.bzlmod"); err == nil { return BazelFile{ - RelPath: "WORKSPACE.bazel", - AbsPath: filepath.Join(h.workspaceRoot, "WORKSPACE.bazel"), + RelPath: "WORKSPACE.bzlmod", + AbsPath: filepath.Join(h.workspaceRoot, "WORKSPACE.bzlmod"), Type: BazelFileTypeWorkspace, }, nil } @@ -151,7 +151,7 @@ type BazelFileType int const ( BazelFileTypeBzl = iota // BazelFileTypeBzl is a .bzl file - BazelFileTypeWorkspace // BazelFileTypeWorkspace is a WORKSPACE or WORKSPACE.bazel file + BazelFileTypeWorkspace // BazelFileTypeWorkspace is a WORKSPACE or WORKSPACE.bzlmod file ) // LookupEnv can be the real os.LookupEnv or a mock for testing. diff --git a/hack/bazel-deps-mirror/internal/bazelfiles/files_test.go b/hack/bazel-deps-mirror/internal/bazelfiles/files_test.go index c7d37770b..92cb1a0ae 100644 --- a/hack/bazel-deps-mirror/internal/bazelfiles/files_test.go +++ b/hack/bazel-deps-mirror/internal/bazelfiles/files_test.go @@ -42,22 +42,22 @@ func TestFindFiles(t *testing.T) { }, }, }, - "only WORKSPACE.bazel file": { - files: []string{"WORKSPACE.bazel"}, + "only WORKSPACE.bzlmod file": { + files: []string{"WORKSPACE.bzlmod"}, wantFiles: []BazelFile{ { - RelPath: "WORKSPACE.bazel", - AbsPath: "/WORKSPACE.bazel", + RelPath: "WORKSPACE.bzlmod", + AbsPath: "/WORKSPACE.bzlmod", Type: BazelFileTypeWorkspace, }, }, }, - "both WORKSPACE and WORKSPACE.bazel files": { - files: []string{"WORKSPACE", "WORKSPACE.bazel"}, + "both WORKSPACE and WORKSPACE.bzlmod files": { + files: []string{"WORKSPACE", "WORKSPACE.bzlmod"}, wantFiles: []BazelFile{ { - RelPath: "WORKSPACE.bazel", - AbsPath: "/WORKSPACE.bazel", + RelPath: "WORKSPACE.bzlmod", + AbsPath: "/WORKSPACE.bzlmod", Type: BazelFileTypeWorkspace, }, }, @@ -67,11 +67,11 @@ func TestFindFiles(t *testing.T) { wantErr: true, }, "all kinds": { - files: []string{"WORKSPACE", "WORKSPACE.bazel", "foo.bzl", "bar.bzl", "unused.txt", "folder/baz.bzl"}, + files: []string{"WORKSPACE", "WORKSPACE.bzlmod", "foo.bzl", "bar.bzl", "unused.txt", "folder/baz.bzl"}, wantFiles: []BazelFile{ { - RelPath: "WORKSPACE.bazel", - AbsPath: "/WORKSPACE.bazel", + RelPath: "WORKSPACE.bzlmod", + AbsPath: "/WORKSPACE.bzlmod", Type: BazelFileTypeWorkspace, }, { @@ -216,15 +216,15 @@ func TestDiff(t *testing.T) { assert := assert.New(t) require := require.New(t) fs := afero.NewMemMapFs() - err := afero.WriteFile(fs, "WORKSPACE.bazel", []byte(""), 0o644) + err := afero.WriteFile(fs, "WORKSPACE.bzlmod", []byte(""), 0o644) require.NoError(err) helper := Helper{ fs: fs, workspaceRoot: "/", } fileRef := BazelFile{ - RelPath: "WORKSPACE.bazel", - AbsPath: "/WORKSPACE.bazel", + RelPath: "WORKSPACE.bzlmod", + AbsPath: "/WORKSPACE.bzlmod", Type: BazelFileTypeWorkspace, } bf, err := helper.LoadFile(fileRef) @@ -247,10 +247,10 @@ func TestDiff(t *testing.T) { ) diff, err = helper.Diff(fileRef, bf) require.NoError(err) - assert.Equal("--- a/WORKSPACE.bazel\n+++ b/WORKSPACE.bazel\n@@ -1 +1 @@\n+workspace(name = \"foo\")\n", diff) + assert.Equal("--- a/WORKSPACE.bzlmod\n+++ b/WORKSPACE.bzlmod\n@@ -1 +1 @@\n+workspace(name = \"foo\")\n", diff) err = helper.WriteFile(fileRef, bf) require.NoError(err) - contents, err := afero.ReadFile(fs, "WORKSPACE.bazel") + contents, err := afero.ReadFile(fs, "WORKSPACE.bzlmod") assert.NoError(err) assert.Equal("workspace(name = \"foo\")\n", string(contents)) diff, err = helper.Diff(fileRef, bf) From 3be4adb7c44d15b360305ecf4d6ffa178d610614 Mon Sep 17 00:00:00 2001 From: Malte Poll <1780588+malt3@users.noreply.github.com> Date: Tue, 21 May 2024 13:29:56 +0200 Subject: [PATCH 006/380] bazel: migrate skylib to bzlmod --- MODULE.bazel | 2 ++ WORKSPACE.bzlmod | 4 ---- bazel/toolchains/skylib_deps.bzl | 15 --------------- 3 files changed, 2 insertions(+), 19 deletions(-) delete mode 100644 bazel/toolchains/skylib_deps.bzl diff --git a/MODULE.bazel b/MODULE.bazel index 05e5c1465..a77c8df34 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -1 +1,3 @@ module(name = "constellation") + +bazel_dep(name = "bazel_skylib", version = "1.6.1") diff --git a/WORKSPACE.bzlmod b/WORKSPACE.bzlmod index aea2883be..e14c66401 100644 --- a/WORKSPACE.bzlmod +++ b/WORKSPACE.bzlmod @@ -5,10 +5,6 @@ workspace(name = "constellation") # Please extend this list as you find more. # - rules_nixpkgs: https://github.com/tweag/rules_nixpkgs/issues/181 -load("//bazel/toolchains:skylib_deps.bzl", "skylib_deps") - -skylib_deps() - load("//bazel/toolchains:cc_deps.bzl", "rules_cc_deps") rules_cc_deps() diff --git a/bazel/toolchains/skylib_deps.bzl b/bazel/toolchains/skylib_deps.bzl deleted file mode 100644 index 28829a504..000000000 --- a/bazel/toolchains/skylib_deps.bzl +++ /dev/null @@ -1,15 +0,0 @@ -"""bazel skylib""" - -load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") - -def skylib_deps(): - http_archive( - name = "bazel_skylib", - sha256 = "9f38886a40548c6e96c106b752f242130ee11aaa068a56ba7e56f4511f33e4f2", - urls = [ - "https://mirror.bazel.build/github.com/bazelbuild/bazel-skylib/releases/download/1.6.1/bazel-skylib-1.6.1.tar.gz", - "https://cdn.confidential.cloud/constellation/cas/sha256/9f38886a40548c6e96c106b752f242130ee11aaa068a56ba7e56f4511f33e4f2", - "https://github.com/bazelbuild/bazel-skylib/releases/download/1.6.1/bazel-skylib-1.6.1.tar.gz", - ], - type = "tar.gz", - ) From d179fae77613aa006c9d35695d7b730e0fd5872b Mon Sep 17 00:00:00 2001 From: Malte Poll <1780588+malt3@users.noreply.github.com> Date: Tue, 21 May 2024 13:30:22 +0200 Subject: [PATCH 007/380] bazel: migrate hermetic_cc_toolchain to bzlmod --- MODULE.bazel | 1 + WORKSPACE.bzlmod | 4 ---- bazel/toolchains/hermetic_cc_deps.bzl | 16 ---------------- 3 files changed, 1 insertion(+), 20 deletions(-) delete mode 100644 bazel/toolchains/hermetic_cc_deps.bzl diff --git a/MODULE.bazel b/MODULE.bazel index a77c8df34..f2c41153f 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -1,3 +1,4 @@ module(name = "constellation") bazel_dep(name = "bazel_skylib", version = "1.6.1") +bazel_dep(name = "hermetic_cc_toolchain", version = "3.1.0") diff --git a/WORKSPACE.bzlmod b/WORKSPACE.bzlmod index e14c66401..295af761c 100644 --- a/WORKSPACE.bzlmod +++ b/WORKSPACE.bzlmod @@ -202,10 +202,6 @@ buildifier_deps() # C / C++ toolchains -load("//bazel/toolchains:hermetic_cc_deps.bzl", "hermetic_cc_deps") - -hermetic_cc_deps() - load("@hermetic_cc_toolchain//toolchain:defs.bzl", zig_toolchains = "toolchains") # If needed, we can specify a specific version of the Zig toolchain to use. diff --git a/bazel/toolchains/hermetic_cc_deps.bzl b/bazel/toolchains/hermetic_cc_deps.bzl deleted file mode 100644 index db229d47a..000000000 --- a/bazel/toolchains/hermetic_cc_deps.bzl +++ /dev/null @@ -1,16 +0,0 @@ -"""hermetic cc toolchain (bazel-zig-cc) build rules""" - -load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") - -def hermetic_cc_deps(): - """Loads the dependencies for hermetic_cc_toolchain.""" - - http_archive( - name = "hermetic_cc_toolchain", - urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/3bc6ec127622fdceb4129cb06b6f7ab098c4d539124dde96a6318e7c32a53f7a", - "https://github.com/uber/hermetic_cc_toolchain/releases/download/v3.0.1/hermetic_cc_toolchain-v3.0.1.tar.gz", - ], - type = "tar.gz", - sha256 = "3bc6ec127622fdceb4129cb06b6f7ab098c4d539124dde96a6318e7c32a53f7a", - ) From 8abac5c2fde828b9537f70e0d46c44ddd682184a Mon Sep 17 00:00:00 2001 From: Malte Poll <1780588+malt3@users.noreply.github.com> Date: Tue, 21 May 2024 13:27:54 +0200 Subject: [PATCH 008/380] bazel: migrate rules_cc to bzlmod --- MODULE.bazel | 1 + WORKSPACE.bzlmod | 9 --------- bazel/toolchains/cc_deps.bzl | 15 --------------- 3 files changed, 1 insertion(+), 24 deletions(-) delete mode 100644 bazel/toolchains/cc_deps.bzl diff --git a/MODULE.bazel b/MODULE.bazel index f2c41153f..de556a24d 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -2,3 +2,4 @@ module(name = "constellation") bazel_dep(name = "bazel_skylib", version = "1.6.1") bazel_dep(name = "hermetic_cc_toolchain", version = "3.1.0") +bazel_dep(name = "rules_cc", version = "0.0.9") diff --git a/WORKSPACE.bzlmod b/WORKSPACE.bzlmod index 295af761c..0d1ddde26 100644 --- a/WORKSPACE.bzlmod +++ b/WORKSPACE.bzlmod @@ -1,14 +1,5 @@ workspace(name = "constellation") -# Sadly, some Bazel rules we depend on have no support for bzlmod yet -# Here is an (incomplete) list of rules known to not support bzlmod. -# Please extend this list as you find more. -# - rules_nixpkgs: https://github.com/tweag/rules_nixpkgs/issues/181 - -load("//bazel/toolchains:cc_deps.bzl", "rules_cc_deps") - -rules_cc_deps() - # nixpkgs deps load("//bazel/toolchains:nixpkgs_deps.bzl", "nixpkgs_deps") diff --git a/bazel/toolchains/cc_deps.bzl b/bazel/toolchains/cc_deps.bzl deleted file mode 100644 index cdda9821c..000000000 --- a/bazel/toolchains/cc_deps.bzl +++ /dev/null @@ -1,15 +0,0 @@ -"""bazel rules_cc""" - -load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") - -def rules_cc_deps(): - http_archive( - name = "rules_cc", - urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/2037875b9a4456dce4a79d112a8ae885bbc4aad968e6587dca6e64f3a0900cdf", - "https://github.com/bazelbuild/rules_cc/releases/download/0.0.9/rules_cc-0.0.9.tar.gz", - ], - sha256 = "2037875b9a4456dce4a79d112a8ae885bbc4aad968e6587dca6e64f3a0900cdf", - strip_prefix = "rules_cc-0.0.9", - type = "tar.gz", - ) From 2ba94f5ba87aeafcabd8bf7539e7669a2e24badc Mon Sep 17 00:00:00 2001 From: Malte Poll <1780588+malt3@users.noreply.github.com> Date: Tue, 21 May 2024 13:28:40 +0200 Subject: [PATCH 009/380] bazel: migrate rules_pkg to bzlmod --- MODULE.bazel | 1 + WORKSPACE.bzlmod | 9 --------- bazel/toolchains/pkg_deps.bzl | 15 --------------- 3 files changed, 1 insertion(+), 24 deletions(-) delete mode 100644 bazel/toolchains/pkg_deps.bzl diff --git a/MODULE.bazel b/MODULE.bazel index de556a24d..04e361980 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -3,3 +3,4 @@ module(name = "constellation") bazel_dep(name = "bazel_skylib", version = "1.6.1") bazel_dep(name = "hermetic_cc_toolchain", version = "3.1.0") bazel_dep(name = "rules_cc", version = "0.0.9") +bazel_dep(name = "rules_pkg", version = "0.10.1") diff --git a/WORKSPACE.bzlmod b/WORKSPACE.bzlmod index 0d1ddde26..34aa641e8 100644 --- a/WORKSPACE.bzlmod +++ b/WORKSPACE.bzlmod @@ -255,15 +255,6 @@ register_toolchains( "@zig_sdk//toolchain:windows_amd64", ) -# Packaging rules (tar) -load("//bazel/toolchains:pkg_deps.bzl", "pkg_deps") - -pkg_deps() - -load("@rules_pkg//:deps.bzl", "rules_pkg_dependencies") - -rules_pkg_dependencies() - # Aspect Bazel Lib load("//bazel/toolchains:aspect_bazel_lib.bzl", "aspect_bazel_lib") diff --git a/bazel/toolchains/pkg_deps.bzl b/bazel/toolchains/pkg_deps.bzl deleted file mode 100644 index 5a4928141..000000000 --- a/bazel/toolchains/pkg_deps.bzl +++ /dev/null @@ -1,15 +0,0 @@ -"""rules_pkg dependencies""" - -load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") - -def pkg_deps(): - http_archive( - name = "rules_pkg", - urls = [ - "https://mirror.bazel.build/github.com/bazelbuild/rules_pkg/releases/download/0.10.1/rules_pkg-0.10.1.tar.gz", - "https://cdn.confidential.cloud/constellation/cas/sha256/d250924a2ecc5176808fc4c25d5cf5e9e79e6346d79d5ab1c493e289e722d1d0", - "https://github.com/bazelbuild/rules_pkg/releases/download/0.10.1/rules_pkg-0.10.1.tar.gz", - ], - sha256 = "d250924a2ecc5176808fc4c25d5cf5e9e79e6346d79d5ab1c493e289e722d1d0", - type = "tar.gz", - ) From fd7070919219e1b8e9978c1f6a9721728d0cf00e Mon Sep 17 00:00:00 2001 From: Malte Poll <1780588+malt3@users.noreply.github.com> Date: Tue, 21 May 2024 13:29:01 +0200 Subject: [PATCH 010/380] bazel: migrate rules_python to bzlmod --- MODULE.bazel | 1 + WORKSPACE.bzlmod | 9 --------- bazel/toolchains/python_deps.bzl | 15 --------------- 3 files changed, 1 insertion(+), 24 deletions(-) delete mode 100644 bazel/toolchains/python_deps.bzl diff --git a/MODULE.bazel b/MODULE.bazel index 04e361980..e67bc058e 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -4,3 +4,4 @@ bazel_dep(name = "bazel_skylib", version = "1.6.1") bazel_dep(name = "hermetic_cc_toolchain", version = "3.1.0") bazel_dep(name = "rules_cc", version = "0.0.9") bazel_dep(name = "rules_pkg", version = "0.10.1") +bazel_dep(name = "rules_python", version = "0.32.2") diff --git a/WORKSPACE.bzlmod b/WORKSPACE.bzlmod index 34aa641e8..114ee7a0e 100644 --- a/WORKSPACE.bzlmod +++ b/WORKSPACE.bzlmod @@ -132,15 +132,6 @@ register_mkosi( name = "mkosi_nix_toolchain", ) -# Python toolchain -load("//bazel/toolchains:python_deps.bzl", "python_deps") - -python_deps() - -load("@rules_python//python:repositories.bzl", "py_repositories") - -py_repositories() - nixpkgs_python_configure( fail_not_supported = False, python3_attribute_path = "python311", diff --git a/bazel/toolchains/python_deps.bzl b/bazel/toolchains/python_deps.bzl deleted file mode 100644 index 329a0a6f6..000000000 --- a/bazel/toolchains/python_deps.bzl +++ /dev/null @@ -1,15 +0,0 @@ -"""python toolchain rules""" - -load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") - -def python_deps(): - http_archive( - name = "rules_python", - strip_prefix = "rules_python-0.31.0", - urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/c68bdc4fbec25de5b5493b8819cfc877c4ea299c0dcb15c244c5a00208cde311", - "https://github.com/bazelbuild/rules_python/releases/download/0.31.0/rules_python-0.31.0.tar.gz", - ], - type = "tar.gz", - sha256 = "c68bdc4fbec25de5b5493b8819cfc877c4ea299c0dcb15c244c5a00208cde311", - ) From 7e5f56f3ba0ebec50a4de86b298c0d19b5717fa5 Mon Sep 17 00:00:00 2001 From: Malte Poll <1780588+malt3@users.noreply.github.com> Date: Tue, 21 May 2024 13:35:21 +0200 Subject: [PATCH 011/380] bazel: migrate aspect_bazel_lib to bzlmod --- MODULE.bazel | 1 + WORKSPACE.bzlmod | 15 --------------- bazel/toolchains/aspect_bazel_lib.bzl | 15 --------------- 3 files changed, 1 insertion(+), 30 deletions(-) delete mode 100644 bazel/toolchains/aspect_bazel_lib.bzl diff --git a/MODULE.bazel b/MODULE.bazel index e67bc058e..e841705fe 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -1,5 +1,6 @@ module(name = "constellation") +bazel_dep(name = "aspect_bazel_lib", version = "2.7.3") bazel_dep(name = "bazel_skylib", version = "1.6.1") bazel_dep(name = "hermetic_cc_toolchain", version = "3.1.0") bazel_dep(name = "rules_cc", version = "0.0.9") diff --git a/WORKSPACE.bzlmod b/WORKSPACE.bzlmod index 114ee7a0e..a3c9241bd 100644 --- a/WORKSPACE.bzlmod +++ b/WORKSPACE.bzlmod @@ -246,19 +246,6 @@ register_toolchains( "@zig_sdk//toolchain:windows_amd64", ) -# Aspect Bazel Lib -load("//bazel/toolchains:aspect_bazel_lib.bzl", "aspect_bazel_lib") - -aspect_bazel_lib() - -load("@aspect_bazel_lib//lib:repositories.bzl", "aspect_bazel_lib_dependencies", "aspect_bazel_lib_register_toolchains", "register_coreutils_toolchains", "register_yq_toolchains") - -aspect_bazel_lib_dependencies() - -aspect_bazel_lib_register_toolchains() - -register_coreutils_toolchains() - # OCI rules load("//bazel/toolchains:oci_deps.bzl", "oci_deps") @@ -279,8 +266,6 @@ load("//bazel/toolchains:container_images.bzl", "containter_image_deps") containter_image_deps() -register_yq_toolchains() - # Multirun load("//bazel/toolchains:multirun_deps.bzl", "multirun_deps") diff --git a/bazel/toolchains/aspect_bazel_lib.bzl b/bazel/toolchains/aspect_bazel_lib.bzl deleted file mode 100644 index 74b538ade..000000000 --- a/bazel/toolchains/aspect_bazel_lib.bzl +++ /dev/null @@ -1,15 +0,0 @@ -"""aspect bazel library""" - -load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") - -def aspect_bazel_lib(): - http_archive( - name = "aspect_bazel_lib", - sha256 = "87ab4ec479ebeb00d286266aca2068caeef1bb0b1765e8f71c7b6cfee6af4226", - strip_prefix = "bazel-lib-2.7.3", - urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/87ab4ec479ebeb00d286266aca2068caeef1bb0b1765e8f71c7b6cfee6af4226", - "https://github.com/aspect-build/bazel-lib/releases/download/v2.7.3/bazel-lib-v2.7.3.tar.gz", - ], - type = "tar.gz", - ) From 73e4cf6a78d3e16334d48fe5a2d2479984b1b48b Mon Sep 17 00:00:00 2001 From: Malte Poll <1780588+malt3@users.noreply.github.com> Date: Tue, 21 May 2024 13:47:12 +0200 Subject: [PATCH 012/380] bazel: migrate buildifier to bzlmod --- MODULE.bazel | 2 ++ WORKSPACE.bzlmod | 5 ----- bazel/ci/BUILD.bazel | 2 +- 3 files changed, 3 insertions(+), 6 deletions(-) diff --git a/MODULE.bazel b/MODULE.bazel index e841705fe..960eaf75f 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -6,3 +6,5 @@ bazel_dep(name = "hermetic_cc_toolchain", version = "3.1.0") bazel_dep(name = "rules_cc", version = "0.0.9") bazel_dep(name = "rules_pkg", version = "0.10.1") bazel_dep(name = "rules_python", version = "0.32.2") + +bazel_dep(name = "buildifier_prebuilt", version = "6.4.0", dev_dependency = True) diff --git a/WORKSPACE.bzlmod b/WORKSPACE.bzlmod index a3c9241bd..27df542fe 100644 --- a/WORKSPACE.bzlmod +++ b/WORKSPACE.bzlmod @@ -177,11 +177,6 @@ rules_proto_dependencies() rules_proto_toolchains() -# Buildifier -load("//bazel/toolchains:buildifier_deps.bzl", "buildifier_deps") - -buildifier_deps() - # C / C++ toolchains load("@hermetic_cc_toolchain//toolchain:defs.bzl", zig_toolchains = "toolchains") diff --git a/bazel/ci/BUILD.bazel b/bazel/ci/BUILD.bazel index 10c926ef9..82e27a0ac 100644 --- a/bazel/ci/BUILD.bazel +++ b/bazel/ci/BUILD.bazel @@ -1,6 +1,6 @@ load("@bazel_gazelle//:def.bzl", "gazelle") +load("@buildifier_prebuilt//:rules.bzl", "buildifier", "buildifier_test") load("@com_github_ash2k_bazel_tools//multirun:def.bzl", "command", "multirun") -load("@com_github_bazelbuild_buildtools//buildifier:def.bzl", "buildifier", "buildifier_test") load("//bazel/ci:proto_targets.bzl", "proto_targets") load("//bazel/sh:def.bzl", "noop_warn", "repo_command", "sh_template") From 9e83ba12cd9be2a8a385a6f70964a9384808bd47 Mon Sep 17 00:00:00 2001 From: Malte Poll <1780588+malt3@users.noreply.github.com> Date: Tue, 21 May 2024 17:54:56 +0200 Subject: [PATCH 013/380] bazel: migrate rules_go and gazelle to bzlmod --- MODULE.bazel | 196 + WORKSPACE.bzlmod | 26 +- bazel/ci/BUILD.bazel | 59 +- bazel/toolchains/go_module_deps.bzl | 7237 --------------------------- bazel/toolchains/go_rules_deps.bzl | 35 - 5 files changed, 217 insertions(+), 7336 deletions(-) delete mode 100644 bazel/toolchains/go_module_deps.bzl delete mode 100644 bazel/toolchains/go_rules_deps.bzl diff --git a/MODULE.bazel b/MODULE.bazel index 960eaf75f..b23e7972a 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -2,9 +2,205 @@ module(name = "constellation") bazel_dep(name = "aspect_bazel_lib", version = "2.7.3") bazel_dep(name = "bazel_skylib", version = "1.6.1") +bazel_dep(name = "gazelle", version = "0.36.0") bazel_dep(name = "hermetic_cc_toolchain", version = "3.1.0") bazel_dep(name = "rules_cc", version = "0.0.9") +bazel_dep(name = "rules_go", version = "0.47.1", repo_name = "io_bazel_rules_go") bazel_dep(name = "rules_pkg", version = "0.10.1") bazel_dep(name = "rules_python", version = "0.32.2") bazel_dep(name = "buildifier_prebuilt", version = "6.4.0", dev_dependency = True) + +# replace gazelle with a pre-release version +# until go.work support is released +git_override( + module_name = "gazelle", + commit = "75eade4e202fa42b23a42fd3d17216e7d31efd1a", + remote = "https://github.com/bazelbuild/bazel-gazelle", +) + +# replace go with a pre-release version +# move timeout handling back to bzltestutil +# remove after https://github.com/bazelbuild/rules_go/pull/3939 is merged +git_override( + module_name = "rules_go", + commit = "cc911bfec4f52d93d1c47cc92a3bc03ec8f9cb33", + remote = "https://github.com/bazelbuild/rules_go", +) + +go_sdk = use_extension("@io_bazel_rules_go//go:extensions.bzl", "go_sdk") +go_sdk.download( + name = "go_sdk", + patches = ["//3rdparty/bazel/org_golang:go_tls_max_handshake_size.patch"], + version = "1.22.3", +) + +# the use_repo rule needs to list all top-level go dependencies +# update automatically using `bazel mod tidy`. +go_deps = use_extension("@gazelle//:extensions.bzl", "go_deps") +go_deps.from_file(go_work = "//:go.work") +use_repo( + go_deps, + "cat_dario_mergo", + "com_github_aws_aws_sdk_go", + "com_github_aws_aws_sdk_go_v2", + "com_github_aws_aws_sdk_go_v2_config", + "com_github_aws_aws_sdk_go_v2_credentials", + "com_github_aws_aws_sdk_go_v2_feature_ec2_imds", + "com_github_aws_aws_sdk_go_v2_feature_s3_manager", + "com_github_aws_aws_sdk_go_v2_service_autoscaling", + "com_github_aws_aws_sdk_go_v2_service_cloudfront", + "com_github_aws_aws_sdk_go_v2_service_ec2", + "com_github_aws_aws_sdk_go_v2_service_elasticloadbalancingv2", + "com_github_aws_aws_sdk_go_v2_service_resourcegroupstaggingapi", + "com_github_aws_aws_sdk_go_v2_service_s3", + "com_github_aws_aws_sdk_go_v2_service_secretsmanager", + "com_github_aws_smithy_go", + "com_github_azure_azure_sdk_for_go", + "com_github_azure_azure_sdk_for_go_sdk_azcore", + "com_github_azure_azure_sdk_for_go_sdk_azidentity", + "com_github_azure_azure_sdk_for_go_sdk_resourcemanager_compute_armcompute_v5", + "com_github_azure_azure_sdk_for_go_sdk_resourcemanager_network_armnetwork_v5", + "com_github_azure_azure_sdk_for_go_sdk_security_keyvault_azsecrets", + "com_github_azure_azure_sdk_for_go_sdk_storage_azblob", + "com_github_bazelbuild_buildtools", + "com_github_burntsushi_toml", + "com_github_coreos_go_systemd_v22", + "com_github_docker_docker", + "com_github_edgelesssys_go_azguestattestation", + "com_github_edgelesssys_go_tdx_qpl", + "com_github_foxboron_go_uefi", + "com_github_fsnotify_fsnotify", + "com_github_go_playground_locales", + "com_github_go_playground_universal_translator", + "com_github_go_playground_validator_v10", + "com_github_golang_jwt_jwt_v5", + "com_github_google_go_licenses", + "com_github_google_go_sev_guest", + "com_github_google_go_tdx_guest", + "com_github_google_go_tpm", + "com_github_google_go_tpm_tools", + "com_github_google_keep_sorted", + "com_github_google_uuid", + "com_github_googleapis_gax_go_v2", + "com_github_gophercloud_gophercloud", + "com_github_gophercloud_utils", + "com_github_grpc_ecosystem_go_grpc_middleware_v2", + "com_github_hashicorp_go_kms_wrapping_v2", + "com_github_hashicorp_go_kms_wrapping_wrappers_awskms_v2", + "com_github_hashicorp_go_kms_wrapping_wrappers_azurekeyvault_v2", + "com_github_hashicorp_go_kms_wrapping_wrappers_gcpckms_v2", + "com_github_hashicorp_go_version", + "com_github_hashicorp_hc_install", + "com_github_hashicorp_hcl_v2", + "com_github_hashicorp_terraform_exec", + "com_github_hashicorp_terraform_json", + "com_github_hashicorp_terraform_plugin_framework", + "com_github_hashicorp_terraform_plugin_framework_validators", + "com_github_hashicorp_terraform_plugin_go", + "com_github_hashicorp_terraform_plugin_log", + "com_github_hashicorp_terraform_plugin_testing", + "com_github_hexops_gotextdiff", + "com_github_katexochen_sh_v3", + "com_github_martinjungblut_go_cryptsetup", + "com_github_mattn_go_isatty", + "com_github_mitchellh_go_homedir", + "com_github_onsi_ginkgo_v2", + "com_github_onsi_gomega", + "com_github_pkg_errors", + "com_github_regclient_regclient", + "com_github_rogpeppe_go_internal", + "com_github_samber_slog_multi", + "com_github_schollz_progressbar_v3", + "com_github_secure_systems_lab_go_securesystemslib", + "com_github_siderolabs_talos_pkg_machinery", + "com_github_sigstore_rekor", + "com_github_sigstore_sigstore", + "com_github_spf13_afero", + "com_github_spf13_cobra", + "com_github_spf13_pflag", + "com_github_stretchr_testify", + "com_github_tink_crypto_tink_go_v2", + "com_github_vincent_petithory_dataurl", + "com_google_cloud_go_compute", + "com_google_cloud_go_compute_metadata", + "com_google_cloud_go_kms", + "com_google_cloud_go_secretmanager", + "com_google_cloud_go_storage", + "in_gopkg_yaml_v3", + "io_etcd_go_etcd_api_v3", + "io_etcd_go_etcd_client_pkg_v3", + "io_etcd_go_etcd_client_v3", + "io_k8s_api", + "io_k8s_apiextensions_apiserver", + "io_k8s_apimachinery", + "io_k8s_apiserver", + "io_k8s_client_go", + "io_k8s_cluster_bootstrap", + "io_k8s_kubelet", + "io_k8s_kubernetes", + "io_k8s_mount_utils", + "io_k8s_sigs_controller_runtime", + "io_k8s_sigs_yaml", + "io_k8s_utils", + "org_golang_google_api", + "org_golang_google_grpc", + "org_golang_google_protobuf", + "org_golang_x_crypto", + "org_golang_x_exp", + "org_golang_x_mod", + "org_golang_x_sys", + "org_golang_x_text", + "org_golang_x_tools", + "org_golang_x_vuln", + "org_libvirt_go_libvirt", + "org_uber_go_goleak", + "sh_helm_helm", + "sh_helm_helm_v3", +) + +go_deps_with_disabled_proto_generation = [ + "go.etcd.io/etcd/api/v3", + "k8s.io/apiserver", + "github.com/hashicorp/go-plugin", +] + +[ + go_deps.gazelle_override( + directives = [ + "gazelle:go_generate_proto false", + ], + path = path, + ) + for path in go_deps_with_disabled_proto_generation +] + +go_deps.module_override( + patches = [ + "//3rdparty/bazel/com_github_martinjungblut_go_cryptsetup:com_github_martinjungblut_go_cryptsetup.patch", + ], + path = "github.com/martinjungblut/go-cryptsetup", +) +go_deps.module_override( + patches = [ + "//3rdparty/bazel/org_libvirt_go_libvirt:go_libvirt.patch", + ], + path = "libvirt.org/go/libvirt", +) +go_deps.module_override( + patches = [ + "//3rdparty/bazel/com_github_cloudflare_circl:math_fp448_BUILD_bazel.patch", + "//3rdparty/bazel/com_github_cloudflare_circl:math_fp25519_BUILD_bazel.patch", + "//3rdparty/bazel/com_github_cloudflare_circl:dh_x448_BUILD_bazel.patch", + "//3rdparty/bazel/com_github_cloudflare_circl:dh_x25519_BUILD_bazel.patch", + ], + path = "github.com/cloudflare/circl", +) +go_deps.module_override( + patches = [ + "//3rdparty/bazel/com_github_google_go_tpm_tools:com_github_google_go_tpm_tools.patch", + "//3rdparty/bazel/com_github_google_go_tpm_tools:ms_tpm_20_ref.patch", + "//3rdparty/bazel/com_github_google_go_tpm_tools:include.patch", + ], + path = "github.com/google/go-tpm-tools", +) diff --git a/WORKSPACE.bzlmod b/WORKSPACE.bzlmod index 27df542fe..5df1e98b4 100644 --- a/WORKSPACE.bzlmod +++ b/WORKSPACE.bzlmod @@ -139,32 +139,8 @@ nixpkgs_python_configure( ) # Go toolchain -load("//bazel/toolchains:go_rules_deps.bzl", "go_deps") -go_deps() - -load("//bazel/toolchains:go_module_deps.bzl", "go_dependencies") - -# gazelle:repository_macro bazel/toolchains/go_module_deps.bzl%go_dependencies -go_dependencies() - -load("@io_bazel_rules_go//go:deps.bzl", "go_download_sdk", "go_register_toolchains", "go_rules_dependencies") - -go_download_sdk( - name = "go_sdk", - patches = ["//3rdparty/bazel/org_golang:go_tls_max_handshake_size.patch"], - version = "1.22.3", -) - -go_rules_dependencies() - -go_register_toolchains() - -load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies") - -gazelle_dependencies(go_repository_default_config = "//:WORKSPACE.bzlmod") - -# gazelle:repo bazel_gazelle +# gazelle:repo gazelle # proto toolchain load("//bazel/toolchains:proto_deps.bzl", "proto_deps") diff --git a/bazel/ci/BUILD.bazel b/bazel/ci/BUILD.bazel index 82e27a0ac..2725ef57a 100644 --- a/bazel/ci/BUILD.bazel +++ b/bazel/ci/BUILD.bazel @@ -1,6 +1,7 @@ -load("@bazel_gazelle//:def.bzl", "gazelle") load("@buildifier_prebuilt//:rules.bzl", "buildifier", "buildifier_test") -load("@com_github_ash2k_bazel_tools//multirun:def.bzl", "command", "multirun") +load("@com_github_ash2k_bazel_tools//multirun:def.bzl", "multirun") +load("@gazelle//:def.bzl", "gazelle") +load("@io_bazel_rules_go//go/private/rules:go_bin_for_host.bzl", "go_bin_for_host") load("//bazel/ci:proto_targets.bzl", "proto_targets") load("//bazel/sh:def.bzl", "noop_warn", "repo_command", "sh_template") @@ -9,18 +10,6 @@ required_tags = [ "integration", ] -# TODO(malt3): Remove this once we have a better solution for -# gazelle not respecting the default go env. -command( - name = "cmd_gazelle_update_repos", - command = ":gazelle_update_repos", - environment = { - "GOPROXY": "https://proxy.golang.org,direct", - "GOSUMDB": "sum.golang.org", - "GOTOOLCHAIN": "local", - }, -) - gazelle( name = "gazelle_generate", build_tags = required_tags, @@ -33,18 +22,6 @@ gazelle( mode = "diff", ) -gazelle( - name = "gazelle_update_repos", - args = [ - "-from_file=go.work", - "-to_macro=bazel/toolchains/go_module_deps.bzl%go_dependencies", - "-build_file_proto_mode=disable_global", - "-build_file_generation=on", - "-prune", - ], - command = "update-repos", -) - buildifier_test( name = "buildifier_check", timeout = "short", @@ -80,10 +57,10 @@ sh_template( sh_template( name = "go_mod_tidy", data = [ - "@go_sdk//:bin/go", + "@io_bazel_rules_go//go", ], substitutions = { - "@@GO@@": "$(rootpath @go_sdk//:bin/go)", + "@@GO@@": "$(rootpath @io_bazel_rules_go//go)", }, template = "go_tidy.sh.in", ) @@ -257,10 +234,10 @@ sh_template( name = "golangci_lint", data = [ ":com_github_golangci_golangci_lint", - "@go_sdk//:bin/go", + "@io_bazel_rules_go//go", ], substitutions = { - "@@GO@@": "$(rootpath @go_sdk//:bin/go)", + "@@GO@@": "$(rootpath @io_bazel_rules_go//go)", "@@GOLANGCI-LINT@@": "$(rootpath :com_github_golangci_golangci_lint)", }, template = "golangci_lint.sh.in", @@ -291,10 +268,10 @@ sh_template( name = "golicenses_check", data = [ "@com_github_google_go_licenses//:go-licenses", - "@go_sdk//:bin/go", + "@io_bazel_rules_go//go", ], substitutions = { - "@@GO@@": "$(rootpath @go_sdk//:bin/go)", + "@@GO@@": "$(rootpath @io_bazel_rules_go//go)", "@@GO_LICENSES@@": "$(rootpath @com_github_google_go_licenses//:go-licenses)", }, template = "golicenses.sh.in", @@ -310,11 +287,11 @@ sh_template( sh_template( name = "govulncheck", data = [ - "@go_sdk//:bin/go", + "@io_bazel_rules_go//go", "@org_golang_x_vuln//cmd/govulncheck", ], substitutions = { - "@@GO@@": "$(rootpath @go_sdk//:bin/go)", + "@@GO@@": "$(rootpath @io_bazel_rules_go//go)", "@@GOVULNCHECK@@": "$(rootpath @org_golang_x_vuln//cmd/govulncheck:govulncheck)", }, template = "govulncheck.sh.in", @@ -347,13 +324,13 @@ sh_template( ":com_github_siderolabs_talos_hack_docgen", "//internal/attestation/measurements/measurement-generator", "//internal/versions/hash-generator", - "@go_sdk//:bin/go", + "@io_bazel_rules_go//go", "@org_golang_x_tools//cmd/stringer", "@yq_toolchains//:resolved_toolchain", ], substitutions = { "@@DOCGEN@@": "$(rootpath :com_github_siderolabs_talos_hack_docgen)", - "@@GO@@": "$(rootpath @go_sdk//:bin/go)", + "@@GO@@": "$(rootpath @io_bazel_rules_go//go)", "@@HASH_GENERATOR@@": "$(rootpath //internal/versions/hash-generator:hash-generator)", "@@HELM@@": "$(rootpath :com_github_helm_helm)", "@@MEASUREMENT_GENERATOR@@": "$(rootpath //internal/attestation/measurements/measurement-generator:measurement-generator)", @@ -499,14 +476,19 @@ sh_template( template = "unused_gh_actions.sh.in", ) +go_bin_for_host( + name = "go_bin_for_host", + visibility = ["//visibility:private"], +) + sh_template( name = "gocoverage_diff", data = [ + ":go_bin_for_host", "//hack/gocoverage", - "@go_sdk//:bin/go", ], substitutions = { - "@@GO@@": "$(rootpath @go_sdk//:bin/go)", + "@@GO@@": "$(rootpath :go_bin_for_host)", "@@GOCOVERAGE@@": "$(rootpath //hack/gocoverage:gocoverage)", }, template = "gocoverage_diff.sh.in", @@ -518,7 +500,6 @@ multirun( ":shfmt", ":gofumpt", ":go_mod_tidy", - ":cmd_gazelle_update_repos", ":gazelle_generate", ":buildifier_fix", ":terraform_fmt", diff --git a/bazel/toolchains/go_module_deps.bzl b/bazel/toolchains/go_module_deps.bzl deleted file mode 100644 index c85e8f6b5..000000000 --- a/bazel/toolchains/go_module_deps.bzl +++ /dev/null @@ -1,7237 +0,0 @@ -"""Go module dependencies for Bazel. - -Contains the equivalent of go.mod and go.sum files for Bazel. -""" - -load("@bazel_gazelle//:deps.bzl", "go_repository") - -def go_dependencies(): - """Declare Go module dependencies for Bazel.""" - go_repository( - name = "build_buf_gen_go_bufbuild_protovalidate_protocolbuffers_go", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go", - sum = "h1:tdpHgTbmbvEIARu+bixzmleMi14+3imnpoFXz+Qzjp4=", - version = "v1.31.0-20230802163732-1c33ebd9ecfa.1", - ) - go_repository( - name = "cat_dario_mergo", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "dario.cat/mergo", - sum = "h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=", - version = "v1.0.0", - ) - go_repository( - name = "cc_mvdan_editorconfig", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "mvdan.cc/editorconfig", - sum = "h1:8nmqQGVnHUtHuT+yvuA49lQK0y5il5IOr2PtCBkDI2M=", - version = "v0.2.1-0.20231228180347-1925077f8eb2", - ) - go_repository( - name = "cc_mvdan_unparam", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "mvdan.cc/unparam", - sum = "h1:VuJo4Mt0EVPychre4fNlDWDuE5AjXtPJpRUWqZDQhaI=", - version = "v0.0.0-20230312165513-e84e2d14e3b8", - ) - go_repository( - name = "co_honnef_go_tools", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "honnef.co/go/tools", - sum = "h1:UoveltGrhghAA7ePc+e+QYDHXrBps2PqFZiHkGR/xK8=", - version = "v0.0.1-2020.1.4", - ) - go_repository( - name = "com_github_adalogics_go_fuzz_headers", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/AdaLogics/go-fuzz-headers", - sum = "h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=", - version = "v0.0.0-20230811130428-ced1acdcaa24", - ) - go_repository( - name = "com_github_adamkorcz_go_118_fuzz_build", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/AdamKorcz/go-118-fuzz-build", - sum = "h1:59MxjQVfjXsBpLy+dbd2/ELV5ofnUkUZBvWSC85sheA=", - version = "v0.0.0-20230306123547-8075edf89bb0", - ) - go_repository( - name = "com_github_adamkorcz_go_fuzz_headers_1", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/AdamKorcz/go-fuzz-headers-1", - sum = "h1:zjqpY4C7H15HjRPEenkS4SAn3Jy2eRRjkjZbGR30TOg=", - version = "v0.0.0-20230919221257-8b5d3ce2d11d", - ) - go_repository( - name = "com_github_adrg_xdg", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/adrg/xdg", - sum = "h1:RzRqFcjH4nE5C6oTAxhBtoE2IRyjBSa62SCbyPidvls=", - version = "v0.4.0", - ) - go_repository( - name = "com_github_agext_levenshtein", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/agext/levenshtein", - sum = "h1:0S/Yg6LYmFJ5stwQeRp6EeOcCbj7xiqQSdNelsXvaqE=", - version = "v1.2.2", - ) - go_repository( - name = "com_github_agnivade_levenshtein", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/agnivade/levenshtein", - sum = "h1:3oJU7J3FGFmyhn8KHjmVaZCN5hxTr7GxgRue+sxIXdQ=", - version = "v1.0.1", - ) - go_repository( - name = "com_github_akavel_rsrc", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/akavel/rsrc", - sum = "h1:Zxm8V5eI1hW4gGaYsJQUhxpjkENuG91ki8B4zCrvEsw=", - version = "v0.10.2", - ) - go_repository( - name = "com_github_alcortesm_tgz", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/alcortesm/tgz", - sum = "h1:uSoVVbwJiQipAclBbw+8quDsfcvFjOpI5iCf4p/cqCs=", - version = "v0.0.0-20161220082320-9c5fe88206d7", - ) - go_repository( - name = "com_github_alecthomas_kingpin_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/alecthomas/kingpin/v2", - sum = "h1:f48lwail6p8zpO1bC4TxtqACaGqHYA22qkHjHpqDjYY=", - version = "v2.4.0", - ) - go_repository( - name = "com_github_alecthomas_template", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/alecthomas/template", - sum = "h1:cAKDfWh5VpdgMhJosfJnn5/FoN2SRZ4p7fJNX58YPaU=", - version = "v0.0.0-20160405071501-a0175ee3bccc", - ) - go_repository( - name = "com_github_alecthomas_units", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/alecthomas/units", - sum = "h1:s6gZFSlWYmbqAuRjVTiNNhvNRfY2Wxp9nhfyel4rklc=", - version = "v0.0.0-20211218093645-b94a6e3cc137", - ) - go_repository( - name = "com_github_alessio_shellescape", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/alessio/shellescape", - sum = "h1:V7yhSDDn8LP4lc4jS8pFkt0zCnzVJlG5JXy9BVKJUX0=", - version = "v1.4.1", - ) - go_repository( - name = "com_github_anatol_vmtest", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/anatol/vmtest", - sum = "h1:t4JGeY9oaF5LB4Rdx9e2wARRRPAYt8Ow4eCf5SwO3fA=", - version = "v0.0.0-20220413190228-7a42f1f6d7b8", - ) - go_repository( - name = "com_github_anmitsu_go_shlex", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/anmitsu/go-shlex", - sum = "h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA=", - version = "v0.0.0-20161002113705-648efa622239", - ) - go_repository( - name = "com_github_antihax_optional", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/antihax/optional", - sum = "h1:xK2lYat7ZLaVVcIuj82J8kIro4V6kDe0AUDFboUCwcg=", - version = "v1.0.0", - ) - go_repository( - name = "com_github_antlr_antlr4_runtime_go_antlr_v4", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/antlr/antlr4/runtime/Go/antlr/v4", - sum = "h1:goHVqTbFX3AIo0tzGr14pgfAW2ZfPChKO21Z9MGf/gk=", - version = "v4.0.0-20230512164433-5d1fd1a340c9", - ) - go_repository( - name = "com_github_apparentlymart_go_textseg_v12", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/apparentlymart/go-textseg/v12", - sum = "h1:bNEQyAGak9tojivJNkoqWErVCQbjdL7GzRt3F8NvfJ0=", - version = "v12.0.0", - ) - go_repository( - name = "com_github_apparentlymart_go_textseg_v13", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/apparentlymart/go-textseg/v13", - sum = "h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw=", - version = "v13.0.0", - ) - go_repository( - name = "com_github_apparentlymart_go_textseg_v15", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/apparentlymart/go-textseg/v15", - sum = "h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY=", - version = "v15.0.0", - ) - go_repository( - name = "com_github_armon_circbuf", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/armon/circbuf", - sum = "h1:QEF07wC0T1rKkctt1RINW/+RMTVmiwxETico2l3gxJA=", - version = "v0.0.0-20150827004946-bbbad097214e", - ) - go_repository( - name = "com_github_armon_go_radix", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/armon/go-radix", - sum = "h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI=", - version = "v1.0.0", - ) - go_repository( - name = "com_github_armon_go_socks5", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/armon/go-socks5", - sum = "h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=", - version = "v0.0.0-20160902184237-e75332964ef5", - ) - go_repository( - name = "com_github_asaskevich_govalidator", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/asaskevich/govalidator", - sum = "h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=", - version = "v0.0.0-20230301143203-a9d515a09cc2", - ) - go_repository( - name = "com_github_aws_aws_sdk_go", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/aws/aws-sdk-go", - sum = "h1:MMo1x1ggPPxDfHMXJnQudTbGXYlD4UigUAud1DJxPVo=", - version = "v1.53.0", - ) - go_repository( - name = "com_github_aws_aws_sdk_go_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/aws/aws-sdk-go-v2", - sum = "h1:5554eUqIYVWpU0YmeeYZ0wU64H2VLBs8TlhRB2L+EkA=", - version = "v1.26.1", - ) - go_repository( - name = "com_github_aws_aws_sdk_go_v2_aws_protocol_eventstream", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream", - sum = "h1:x6xsQXGSmW6frevwDA+vi/wqhp1ct18mVXYN08/93to=", - version = "v1.6.2", - ) - go_repository( - name = "com_github_aws_aws_sdk_go_v2_config", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/aws/aws-sdk-go-v2/config", - sum = "h1:WbKW8hOzrWoOA/+35S5okqO/2Ap8hkkFUzoW8Hzq24A=", - version = "v1.27.13", - ) - go_repository( - name = "com_github_aws_aws_sdk_go_v2_credentials", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/aws/aws-sdk-go-v2/credentials", - sum = "h1:XDCJDzk/u5cN7Aple7D/MiAhx1Rjo/0nueJ0La8mRuE=", - version = "v1.17.13", - ) - go_repository( - name = "com_github_aws_aws_sdk_go_v2_feature_ec2_imds", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/aws/aws-sdk-go-v2/feature/ec2/imds", - sum = "h1:FVJ0r5XTHSmIHJV6KuDmdYhEpvlHpiSd38RQWhut5J4=", - version = "v1.16.1", - ) - go_repository( - name = "com_github_aws_aws_sdk_go_v2_feature_s3_manager", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/aws/aws-sdk-go-v2/feature/s3/manager", - sum = "h1:9b1Os1s11mF5qTIKLgSsyPG810di2+ySSLIIt9bwe9I=", - version = "v1.16.17", - ) - go_repository( - name = "com_github_aws_aws_sdk_go_v2_internal_configsources", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/aws/aws-sdk-go-v2/internal/configsources", - sum = "h1:aw39xVGeRWlWx9EzGVnhOR4yOjQDHPQ6o6NmBlscyQg=", - version = "v1.3.5", - ) - go_repository( - name = "com_github_aws_aws_sdk_go_v2_internal_endpoints_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2", - sum = "h1:PG1F3OD1szkuQPzDw3CIQsRIrtTlUC3lP84taWzHlq0=", - version = "v2.6.5", - ) - go_repository( - name = "com_github_aws_aws_sdk_go_v2_internal_ini", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/aws/aws-sdk-go-v2/internal/ini", - sum = "h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU=", - version = "v1.8.0", - ) - go_repository( - name = "com_github_aws_aws_sdk_go_v2_internal_v4a", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/aws/aws-sdk-go-v2/internal/v4a", - sum = "h1:81KE7vaZzrl7yHBYHVEzYB8sypz11NMOZ40YlWvPxsU=", - version = "v1.3.5", - ) - go_repository( - name = "com_github_aws_aws_sdk_go_v2_service_autoscaling", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/aws/aws-sdk-go-v2/service/autoscaling", - sum = "h1:IDoEdCkKRy7iPlRVSuDATGE57xUjrk5i1M9eWPYwr/Y=", - version = "v1.40.6", - ) - go_repository( - name = "com_github_aws_aws_sdk_go_v2_service_cloudfront", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/aws/aws-sdk-go-v2/service/cloudfront", - sum = "h1://GRw/PrpnUyWBJh6KvUvR9AgkDBhclzaj3HKGxRoCw=", - version = "v1.36.1", - ) - go_repository( - name = "com_github_aws_aws_sdk_go_v2_service_ec2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/aws/aws-sdk-go-v2/service/ec2", - sum = "h1:NbjXshriDs5bGeqKvrOF70L41X0aCMC60ImN2vkcQAc=", - version = "v1.161.1", - ) - go_repository( - name = "com_github_aws_aws_sdk_go_v2_service_elasticloadbalancingv2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2", - sum = "h1:P5kMcIzrz4Y7GIkvmkosgv/0cs1Crk/VLo5pBhrTWGI=", - version = "v1.30.6", - ) - go_repository( - name = "com_github_aws_aws_sdk_go_v2_service_internal_accept_encoding", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding", - sum = "h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs=", - version = "v1.11.2", - ) - go_repository( - name = "com_github_aws_aws_sdk_go_v2_service_internal_checksum", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/aws/aws-sdk-go-v2/service/internal/checksum", - sum = "h1:ZMeFZ5yk+Ek+jNr1+uwCd2tG89t6oTS5yVWpa6yy2es=", - version = "v1.3.7", - ) - go_repository( - name = "com_github_aws_aws_sdk_go_v2_service_internal_presigned_url", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url", - sum = "h1:ogRAwT1/gxJBcSWDMZlgyFUM962F51A5CRhDLbxLdmo=", - version = "v1.11.7", - ) - go_repository( - name = "com_github_aws_aws_sdk_go_v2_service_internal_s3shared", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/aws/aws-sdk-go-v2/service/internal/s3shared", - sum = "h1:f9RyWNtS8oH7cZlbn+/JNPpjUk5+5fLd5lM9M0i49Ys=", - version = "v1.17.5", - ) - go_repository( - name = "com_github_aws_aws_sdk_go_v2_service_kms", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/aws/aws-sdk-go-v2/service/kms", - sum = "h1:yS0JkEdV6h9JOo8sy2JSpjX+i7vsKifU8SIeHrqiDhU=", - version = "v1.30.0", - ) - go_repository( - name = "com_github_aws_aws_sdk_go_v2_service_resourcegroupstaggingapi", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi", - sum = "h1:GR0vFRc5TpN36ppQJjd+gjRRC9vMAHN5C2W53oMWCJU=", - version = "v1.21.5", - ) - go_repository( - name = "com_github_aws_aws_sdk_go_v2_service_s3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/aws/aws-sdk-go-v2/service/s3", - sum = "h1:rq2hglTQM3yHZvOPVMtNvLS5x6hijx7JvRDgKiTNDGQ=", - version = "v1.53.2", - ) - go_repository( - name = "com_github_aws_aws_sdk_go_v2_service_secretsmanager", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/aws/aws-sdk-go-v2/service/secretsmanager", - sum = "h1:4cziOtpDwtgcb+wTYRzz8C+GoH1XySy0p7j4oBbqPQE=", - version = "v1.28.7", - ) - go_repository( - name = "com_github_aws_aws_sdk_go_v2_service_sso", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/aws/aws-sdk-go-v2/service/sso", - sum = "h1:o5cTaeunSpfXiLTIBx5xo2enQmiChtu1IBbzXnfU9Hs=", - version = "v1.20.6", - ) - go_repository( - name = "com_github_aws_aws_sdk_go_v2_service_ssooidc", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/aws/aws-sdk-go-v2/service/ssooidc", - sum = "h1:Qe0r0lVURDDeBQJ4yP+BOrJkvkiCo/3FH/t+wY11dmw=", - version = "v1.24.0", - ) - go_repository( - name = "com_github_aws_aws_sdk_go_v2_service_sts", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/aws/aws-sdk-go-v2/service/sts", - sum = "h1:et3Ta53gotFR4ERLXXHIHl/Uuk1qYpP5uU7cvNql8ns=", - version = "v1.28.7", - ) - go_repository( - name = "com_github_aws_smithy_go", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/aws/smithy-go", - sum = "h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q=", - version = "v1.20.2", - ) - go_repository( - name = "com_github_azure_azure_sdk_for_go", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/Azure/azure-sdk-for-go", - sum = "h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU=", - version = "v68.0.0+incompatible", - ) - go_repository( - name = "com_github_azure_azure_sdk_for_go_sdk_azcore", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/Azure/azure-sdk-for-go/sdk/azcore", - sum = "h1:E+OJmp2tPvt1W+amx48v1eqbjDYsgN+RzP4q16yV5eM=", - version = "v1.11.1", - ) - go_repository( - name = "com_github_azure_azure_sdk_for_go_sdk_azidentity", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/Azure/azure-sdk-for-go/sdk/azidentity", - sum = "h1:FDif4R1+UUR+00q6wquyX90K7A8dN+R5E8GEadoP7sU=", - version = "v1.5.2", - ) - go_repository( - name = "com_github_azure_azure_sdk_for_go_sdk_internal", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/Azure/azure-sdk-for-go/sdk/internal", - sum = "h1:sUFnFjzDUie80h24I7mrKtwCKgLY9L8h5Tp2x9+TWqk=", - version = "v1.6.0", - ) - go_repository( - name = "com_github_azure_azure_sdk_for_go_sdk_keyvault_azkeys", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys", - sum = "h1:m/sWOGCREuSBqg2htVQTBY8nOZpyajYztF0vUvSZTuM=", - version = "v0.10.0", - ) - go_repository( - name = "com_github_azure_azure_sdk_for_go_sdk_keyvault_internal", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal", - sum = "h1:FbH3BbSb4bvGluTesZZ+ttN/MDsnMmQP36OSnDuSXqw=", - version = "v0.7.1", - ) - go_repository( - name = "com_github_azure_azure_sdk_for_go_sdk_resourcemanager_compute_armcompute_v5", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5", - sum = "h1:LkHbJbgF3YyvC53aqYGR+wWQDn2Rdp9AQdGndf9QvY4=", - version = "v5.7.0", - ) - go_repository( - name = "com_github_azure_azure_sdk_for_go_sdk_resourcemanager_internal_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2", - sum = "h1:PTFGRSlMKCQelWwxUyYVEUqseBJVemLyqWJjvMyt0do=", - version = "v2.0.0", - ) - go_repository( - name = "com_github_azure_azure_sdk_for_go_sdk_resourcemanager_network_armnetwork_v5", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5", - sum = "h1:QZY6o3E/KX0QhgQpvat4UxAsXuBIb4efrFtZcqCUTbs=", - version = "v5.1.1", - ) - go_repository( - name = "com_github_azure_azure_sdk_for_go_sdk_resourcemanager_resources_armresources", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources", - sum = "h1:7CBQ+Ei8SP2c6ydQTGCCrS35bDxgTMfoP2miAwK++OU=", - version = "v1.1.1", - ) - go_repository( - name = "com_github_azure_azure_sdk_for_go_sdk_resourcemanager_storage_armstorage", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage", - sum = "h1:AifHbc4mg0x9zW52WOpKbsHaDKuRhlI7TVl47thgQ70=", - version = "v1.5.0", - ) - go_repository( - name = "com_github_azure_azure_sdk_for_go_sdk_security_keyvault_azkeys", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys", - sum = "h1:DRiANoJTiW6obBQe3SqZizkuV1PEgfiiGivmVocDy64=", - version = "v1.1.0", - ) - go_repository( - name = "com_github_azure_azure_sdk_for_go_sdk_security_keyvault_azsecrets", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets", - sum = "h1:h4Zxgmi9oyZL2l8jeg1iRTqPloHktywWcu0nlJmo1tA=", - version = "v1.1.0", - ) - go_repository( - name = "com_github_azure_azure_sdk_for_go_sdk_security_keyvault_internal", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal", - sum = "h1:D3occbWoio4EBLkbkevetNMAVX197GkzbUMtqjGWn80=", - version = "v1.0.0", - ) - go_repository( - name = "com_github_azure_azure_sdk_for_go_sdk_storage_azblob", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob", - sum = "h1:YUUxeiOWgdAQE3pXt2H7QXzZs0q8UBjgRbl56qo8GYM=", - version = "v1.3.2", - ) - go_repository( - name = "com_github_azure_go_ansiterm", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/Azure/go-ansiterm", - sum = "h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8=", - version = "v0.0.0-20210617225240-d185dfc1b5a1", - ) - go_repository( - name = "com_github_azure_go_autorest", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/Azure/go-autorest", - sum = "h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=", - version = "v14.2.0+incompatible", - ) - go_repository( - name = "com_github_azure_go_autorest_autorest", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/Azure/go-autorest/autorest", - sum = "h1:I4+HL/JDvErx2LjyzaVxllw2lRDB5/BT2Bm4g20iqYw=", - version = "v0.11.29", - ) - go_repository( - name = "com_github_azure_go_autorest_autorest_adal", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/Azure/go-autorest/autorest/adal", - sum = "h1:Yepx8CvFxwNKpH6ja7RZ+sKX+DWYNldbLiALMC3BTz8=", - version = "v0.9.23", - ) - go_repository( - name = "com_github_azure_go_autorest_autorest_date", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/Azure/go-autorest/autorest/date", - sum = "h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw=", - version = "v0.3.0", - ) - go_repository( - name = "com_github_azure_go_autorest_autorest_mocks", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/Azure/go-autorest/autorest/mocks", - sum = "h1:PGN4EDXnuQbojHbU0UWoNvmu9AGVwYHG9/fkDYhtAfw=", - version = "v0.4.2", - ) - go_repository( - name = "com_github_azure_go_autorest_autorest_to", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/Azure/go-autorest/autorest/to", - sum = "h1:oXVqrxakqqV1UZdSazDOPOLvOIz+XA683u8EctwboHk=", - version = "v0.4.0", - ) - go_repository( - name = "com_github_azure_go_autorest_autorest_validation", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/Azure/go-autorest/autorest/validation", - sum = "h1:AgyqjAd94fwNAoTjl/WQXg4VvFeRFpO+UhNyRXqF1ac=", - version = "v0.3.1", - ) - go_repository( - name = "com_github_azure_go_autorest_logger", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/Azure/go-autorest/logger", - sum = "h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+ZtXWSmf4Tg=", - version = "v0.2.1", - ) - go_repository( - name = "com_github_azure_go_autorest_tracing", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/Azure/go-autorest/tracing", - sum = "h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo=", - version = "v0.6.0", - ) - go_repository( - name = "com_github_azuread_microsoft_authentication_library_for_go", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/AzureAD/microsoft-authentication-library-for-go", - sum = "h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU=", - version = "v1.2.2", - ) - go_repository( - name = "com_github_bazelbuild_buildtools", - # keep - build_file_generation = "off", - # keep - build_file_proto_mode = "default", - importpath = "github.com/bazelbuild/buildtools", - sum = "h1:hqhMmuZiSNwCWVHqnpr4DZfIeZ2/aJF7fs207eg7HZo=", - version = "v0.0.0-20240422193413-1429e15ae755", - ) - go_repository( - name = "com_github_bazelbuild_rules_go", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/bazelbuild/rules_go", - sum = "h1:9s9FA2l8IAxCbwV97E1WLu5ai21muLNrjZRV0+agTRs=", - version = "v0.47.1", - ) - go_repository( - name = "com_github_beorn7_perks", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/beorn7/perks", - sum = "h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=", - version = "v1.0.1", - ) - go_repository( - name = "com_github_bgentry_speakeasy", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/bgentry/speakeasy", - sum = "h1:ByYyxL9InA1OWqxJqqp2A5pYHUrCiAL6K3J+LKSsQkY=", - version = "v0.1.0", - ) - go_repository( - name = "com_github_blang_semver", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/blang/semver", - sum = "h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=", - version = "v3.5.1+incompatible", - ) - go_repository( - name = "com_github_blang_semver_v4", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/blang/semver/v4", - sum = "h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=", - version = "v4.0.0", - ) - go_repository( - name = "com_github_bshuster_repo_logrus_logstash_hook", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/bshuster-repo/logrus-logstash-hook", - sum = "h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70=", - version = "v1.0.0", - ) - go_repository( - name = "com_github_bufbuild_protocompile", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/bufbuild/protocompile", - sum = "h1:Uu7WiSQ6Yj9DbkdnOe7U4mNKp58y9WDMKDn28/ZlunY=", - version = "v0.6.0", - ) - go_repository( - name = "com_github_bufbuild_protovalidate_go", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/bufbuild/protovalidate-go", - sum = "h1:pJr07sYhliyfj/STAM7hU4J3FKpVeLVKvOBmOTN8j+s=", - version = "v0.2.1", - ) - go_repository( - name = "com_github_bugsnag_bugsnag_go", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/bugsnag/bugsnag-go", - sum = "h1:rFt+Y/IK1aEZkEHchZRSq9OQbsSzIT/OrI8YFFmRIng=", - version = "v0.0.0-20141110184014-b1d153021fcd", - ) - go_repository( - name = "com_github_bugsnag_osext", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/bugsnag/osext", - sum = "h1:otBG+dV+YK+Soembjv71DPz3uX/V/6MMlSyD9JBQ6kQ=", - version = "v0.0.0-20130617224835-0dd3f918b21b", - ) - go_repository( - name = "com_github_bugsnag_panicwrap", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/bugsnag/panicwrap", - sum = "h1:nvj0OLI3YqYXer/kZD8Ri1aaunCxIEsOst1BVJswV0o=", - version = "v0.0.0-20151223152923-e2c28503fcd0", - ) - go_repository( - name = "com_github_burntsushi_toml", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/BurntSushi/toml", - sum = "h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8=", - version = "v1.3.2", - ) - go_repository( - name = "com_github_burntsushi_xgb", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/BurntSushi/xgb", - sum = "h1:1BDTz0u9nC3//pOCMdNH+CiXJVYJh5UQNCOBG7jbELc=", - version = "v0.0.0-20160522181843-27f122750802", - ) - go_repository( - name = "com_github_bwesterb_go_ristretto", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/bwesterb/go-ristretto", - sum = "h1:1w53tCkGhCQ5djbat3+MH0BAQ5Kfgbt56UZQ/JMzngw=", - version = "v1.2.3", - ) - go_repository( - name = "com_github_cavaliercoder_badio", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/cavaliercoder/badio", - sum = "h1:YYUjy5BRwO5zPtfk+aa2gw255FIIoi93zMmuy19o0bc=", - version = "v0.0.0-20160213150051-ce5280129e9e", - ) - go_repository( - name = "com_github_cavaliercoder_go_rpm", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/cavaliercoder/go-rpm", - sum = "h1:jP7ki8Tzx9ThnFPLDhBYAhEpI2+jOURnHQNURgsMvnY=", - version = "v0.0.0-20200122174316-8cb9fd9c31a8", - ) - go_repository( - name = "com_github_cavaliergopher_cpio", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/cavaliergopher/cpio", - sum = "h1:KQFSeKmZhv0cr+kawA3a0xTQCU4QxXF1vhU7P7av2KM=", - version = "v1.0.1", - ) - go_repository( - name = "com_github_cenkalti_backoff_v3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/cenkalti/backoff/v3", - sum = "h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M=", - version = "v3.2.2", - ) - go_repository( - name = "com_github_cenkalti_backoff_v4", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/cenkalti/backoff/v4", - sum = "h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=", - version = "v4.2.1", - ) - go_repository( - name = "com_github_census_instrumentation_opencensus_proto", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/census-instrumentation/opencensus-proto", - sum = "h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g=", - version = "v0.4.1", - ) - go_repository( - name = "com_github_cespare_xxhash", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/cespare/xxhash", - sum = "h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=", - version = "v1.1.0", - ) - go_repository( - name = "com_github_cespare_xxhash_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/cespare/xxhash/v2", - sum = "h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=", - version = "v2.2.0", - ) - go_repository( - name = "com_github_chai2010_gettext_go", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/chai2010/gettext-go", - sum = "h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk=", - version = "v1.0.2", - ) - go_repository( - name = "com_github_checkpoint_restore_go_criu_v5", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/checkpoint-restore/go-criu/v5", - sum = "h1:wpFFOoomK3389ue2lAb0Boag6XPht5QYpipxmSNL4d8=", - version = "v5.3.0", - ) - go_repository( - name = "com_github_chromedp_cdproto", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/chromedp/cdproto", - sum = "h1:aPflPkRFkVwbW6dmcVqfgwp1i+UWGFH6VgR1Jim5Ygc=", - version = "v0.0.0-20230802225258-3cf4e6d46a89", - ) - go_repository( - name = "com_github_chromedp_chromedp", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/chromedp/chromedp", - sum = "h1:dKtNz4kApb06KuSXoTQIyUC2TrA0fhGDwNZf3bcgfKw=", - version = "v0.9.2", - ) - go_repository( - name = "com_github_chromedp_sysutil", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/chromedp/sysutil", - sum = "h1:+ZxhTpfpZlmchB58ih/LBHX52ky7w2VhQVKQMucy3Ic=", - version = "v1.0.0", - ) - go_repository( - name = "com_github_chzyer_logex", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/chzyer/logex", - sum = "h1:Swpa1K6QvQznwJRcfTfQJmTE72DqScAa40E+fbHEXEE=", - version = "v1.1.10", - ) - go_repository( - name = "com_github_chzyer_readline", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/chzyer/readline", - sum = "h1:upd/6fQk4src78LMRzh5vItIt361/o4uq553V8B5sGI=", - version = "v1.5.1", - ) - go_repository( - name = "com_github_chzyer_test", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/chzyer/test", - sum = "h1:q763qf9huN11kDQavWsoZXJNW3xEE4JJyHa5Q25/sd8=", - version = "v0.0.0-20180213035817-a1ea475d72b1", - ) - go_repository( - name = "com_github_cilium_ebpf", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/cilium/ebpf", - sum = "h1:64sn2K3UKw8NbP/blsixRpF3nXuyhz/VjRlRzvlBRu4=", - version = "v0.9.1", - ) - go_repository( - name = "com_github_client9_misspell", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/client9/misspell", - sum = "h1:ta993UF76GwbvJcIo3Y68y/M3WxlpEHPWIGDkJYwzJI=", - version = "v0.3.4", - ) - go_repository( - name = "com_github_cloudflare_circl", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/cloudflare/circl", - # keep - patches = [ - "//3rdparty/bazel/com_github_cloudflare_circl:math_fp448_BUILD_bazel.patch", - "//3rdparty/bazel/com_github_cloudflare_circl:math_fp25519_BUILD_bazel.patch", - "//3rdparty/bazel/com_github_cloudflare_circl:dh_x448_BUILD_bazel.patch", - "//3rdparty/bazel/com_github_cloudflare_circl:dh_x25519_BUILD_bazel.patch", - ], - sum = "h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=", - version = "v1.3.7", - ) - go_repository( - name = "com_github_cncf_udpa_go", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/cncf/udpa/go", - sum = "h1:QQ3GSy+MqSHxm/d8nCtnAiZdYFd45cYZPs8vOOIYKfk=", - version = "v0.0.0-20220112060539-c52dc94e7fbe", - ) - go_repository( - name = "com_github_cncf_xds_go", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/cncf/xds/go", - sum = "h1:jQCWAUqqlij9Pgj2i/PB79y4KOPYVyFYdROxgaCwdTQ=", - version = "v0.0.0-20231128003011-0fa0005c9caa", - ) - go_repository( - name = "com_github_codahale_rfc6979", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/codahale/rfc6979", - sum = "h1:EDmT6Q9Zs+SbUoc7Ik9EfrFqcylYqgPZ9ANSbTAntnE=", - version = "v0.0.0-20141003034818-6a90f24967eb", - ) - go_repository( - name = "com_github_common_nighthawk_go_figure", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/common-nighthawk/go-figure", - sum = "h1:J5BL2kskAlV9ckgEsNQXscjIaLiOYiZ75d4e94E6dcQ=", - version = "v0.0.0-20210622060536-734e95fb86be", - ) - go_repository( - name = "com_github_container_orchestrated_devices_container_device_interface", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/container-orchestrated-devices/container-device-interface", - sum = "h1:mz77uJoP8im/4Zins+mPqt677ZMaflhoGaYrRAl5jvA=", - version = "v0.6.1", - ) - go_repository( - name = "com_github_container_storage_interface_spec", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/container-storage-interface/spec", - sum = "h1:D0vhF3PLIZwlwZEf2eNbpujGCNwspwTYf2idJRJx4xI=", - version = "v1.8.0", - ) - go_repository( - name = "com_github_containerd_aufs", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/containerd/aufs", - sum = "h1:2oeJiwX5HstO7shSrPZjrohJZLzK36wvpdmzDRkL/LY=", - version = "v1.0.0", - ) - go_repository( - name = "com_github_containerd_btrfs_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/containerd/btrfs/v2", - sum = "h1:FN4wsx7KQrYoLXN7uLP0vBV4oVWHOIKDRQ1G2Z0oL5M=", - version = "v2.0.0", - ) - go_repository( - name = "com_github_containerd_cgroups", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/containerd/cgroups", - sum = "h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=", - version = "v1.1.0", - ) - go_repository( - name = "com_github_containerd_cgroups_v3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/containerd/cgroups/v3", - sum = "h1:f5WFqIVSgo5IZmtTT3qVBo6TzI1ON6sycSBKkymb9L0=", - version = "v3.0.2", - ) - go_repository( - name = "com_github_containerd_console", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/containerd/console", - sum = "h1:lIr7SlA5PxZyMV30bDW0MGbiOPXwc63yRuCP0ARubLw=", - version = "v1.0.3", - ) - go_repository( - name = "com_github_containerd_containerd", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/containerd/containerd", - sum = "h1:+KQsnv4VnzyxWcfO9mlxxELaoztsDEjOuCMPAuPqgU0=", - version = "v1.7.12", - ) - go_repository( - name = "com_github_containerd_continuity", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/containerd/continuity", - sum = "h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM=", - version = "v0.4.2", - ) - go_repository( - name = "com_github_containerd_fifo", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/containerd/fifo", - sum = "h1:4I2mbh5stb1u6ycIABlBw9zgtlK8viPI9QkQNRQEEmY=", - version = "v1.1.0", - ) - go_repository( - name = "com_github_containerd_go_cni", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/containerd/go-cni", - sum = "h1:ORi7P1dYzCwVM6XPN4n3CbkuOx/NZ2DOqy+SHRdo9rU=", - version = "v1.1.9", - ) - go_repository( - name = "com_github_containerd_go_runc", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/containerd/go-runc", - sum = "h1:oU+lLv1ULm5taqgV/CJivypVODI4SUz1znWjv3nNYS0=", - version = "v1.0.0", - ) - go_repository( - name = "com_github_containerd_imgcrypt", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/containerd/imgcrypt", - sum = "h1:WSf9o9EQ0KGHiUx2ESFZ+PKf4nxK9BcvV/nJDX8RkB4=", - version = "v1.1.7", - ) - go_repository( - name = "com_github_containerd_log", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/containerd/log", - sum = "h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=", - version = "v0.1.0", - ) - go_repository( - name = "com_github_containerd_nri", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/containerd/nri", - sum = "h1:PjgIBm0RtUiFyEO6JqPBQZRQicbsIz41Fz/5VSC0zgw=", - version = "v0.4.0", - ) - go_repository( - name = "com_github_containerd_stargz_snapshotter_estargz", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/containerd/stargz-snapshotter/estargz", - sum = "h1:OqlDCK3ZVUO6C3B/5FSkDwbkEETK84kQgEeFwDC+62k=", - version = "v0.14.3", - ) - go_repository( - name = "com_github_containerd_ttrpc", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/containerd/ttrpc", - sum = "h1:9vqZr0pxwOF5koz6N0N3kJ0zDHokrcPxIR/ZR2YFtOs=", - version = "v1.2.2", - ) - go_repository( - name = "com_github_containerd_typeurl", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/containerd/typeurl", - sum = "h1:Chlt8zIieDbzQFzXzAeBEF92KhExuE4p9p92/QmY7aY=", - version = "v1.0.2", - ) - go_repository( - name = "com_github_containerd_typeurl_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/containerd/typeurl/v2", - sum = "h1:3Q4Pt7i8nYwy2KmQWIw2+1hTvwTE/6w9FqcttATPO/4=", - version = "v2.1.1", - ) - go_repository( - name = "com_github_containerd_zfs", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/containerd/zfs", - sum = "h1:n7OZ7jZumLIqNJqXrEc/paBM840mORnmGdJDmAmJZHM=", - version = "v1.1.0", - ) - go_repository( - name = "com_github_containernetworking_cni", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/containernetworking/cni", - sum = "h1:wtRGZVv7olUHMOqouPpn3cXJWpJgM6+EUl31EQbXALQ=", - version = "v1.1.2", - ) - go_repository( - name = "com_github_containernetworking_plugins", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/containernetworking/plugins", - sum = "h1:SWgg3dQG1yzUo4d9iD8cwSVh1VqI+bP7mkPDoSfP9VU=", - version = "v1.2.0", - ) - go_repository( - name = "com_github_containers_ocicrypt", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/containers/ocicrypt", - sum = "h1:uoG52u2e91RE4UqmBICZY8dNshgfvkdl3BW6jnxiFaI=", - version = "v1.1.6", - ) - go_repository( - name = "com_github_coredns_caddy", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/coredns/caddy", - sum = "h1:2eYKZT7i6yxIfGP3qLJoJ7HAsDJqYB+X68g4NYjSrE0=", - version = "v1.1.1", - ) - go_repository( - name = "com_github_coredns_corefile_migration", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/coredns/corefile-migration", - sum = "h1:W/DCETrHDiFo0Wj03EyMkaQ9fwsmSgqTCQDHpceaSsE=", - version = "v1.0.21", - ) - go_repository( - name = "com_github_coreos_go_oidc", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/coreos/go-oidc", - sum = "h1:mh48q/BqXqgjVHpy2ZY7WnWAbenxRjsz9N1i1YxjHAk=", - version = "v2.2.1+incompatible", - ) - go_repository( - name = "com_github_coreos_go_oidc_v3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/coreos/go-oidc/v3", - sum = "h1:0J/ogVOd4y8P0f0xUh8l9t07xRP/d8tccvjHl2dcsSo=", - version = "v3.9.0", - ) - go_repository( - name = "com_github_coreos_go_semver", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/coreos/go-semver", - sum = "h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4=", - version = "v0.3.1", - ) - go_repository( - name = "com_github_coreos_go_systemd_v22", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/coreos/go-systemd/v22", - sum = "h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs=", - version = "v22.5.0", - ) - go_repository( - name = "com_github_cosi_project_runtime", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/cosi-project/runtime", - sum = "h1:9lJWw5cl3Lz1qP32bl2vxAsJs6LM8KdUGLCc9t/EGqw=", - version = "v0.4.1", - ) - go_repository( - name = "com_github_cpuguy83_go_md2man_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/cpuguy83/go-md2man/v2", - sum = "h1:qMCsGGgs+MAzDFyp9LpAe1Lqy/fY/qCovCm0qnXZOBM=", - version = "v2.0.3", - ) - go_repository( - name = "com_github_creack_pty", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/creack/pty", - sum = "h1:1/QdRyBaHHJP61QkWMXlOIBfsgdDeeKfK8SYVUWJKf0=", - version = "v1.1.21", - ) - go_repository( - name = "com_github_cyberphone_json_canonicalization", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/cyberphone/json-canonicalization", - sum = "h1:vU+EP9ZuFUCYE0NYLwTSob+3LNEJATzNfP/DC7SWGWI=", - version = "v0.0.0-20220623050100-57a0ce2678a7", - ) - go_repository( - name = "com_github_cyphar_filepath_securejoin", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/cyphar/filepath-securejoin", - sum = "h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=", - version = "v0.2.4", - ) - go_repository( - name = "com_github_danieljoos_wincred", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/danieljoos/wincred", - sum = "h1:ozqKHaLK0W/ii4KVbbvluM91W2H3Sh0BncbUNPS7jLE=", - version = "v1.2.0", - ) - go_repository( - name = "com_github_data_dog_go_sqlmock", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/DATA-DOG/go-sqlmock", - sum = "h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU=", - version = "v1.5.2", - ) - go_repository( - name = "com_github_davecgh_go_spew", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/davecgh/go-spew", - sum = "h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=", - version = "v1.1.2-0.20180830191138-d8f796af33cc", - ) - go_repository( - name = "com_github_daviddengcn_go_colortext", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/daviddengcn/go-colortext", - sum = "h1:ANqDyC0ys6qCSvuEK7l3g5RaehL/Xck9EX8ATG8oKsE=", - version = "v1.0.0", - ) - go_repository( - name = "com_github_decred_dcrd_dcrec_secp256k1_v4", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/decred/dcrd/dcrec/secp256k1/v4", - sum = "h1:1iy2qD6JEhHKKhUOA9IWs7mjco7lnw2qx8FsRI2wirE=", - version = "v4.0.0-20210816181553-5444fa50b93d", - ) - go_repository( - name = "com_github_denisenkom_go_mssqldb", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/denisenkom/go-mssqldb", - sum = "h1:RSohk2RsiZqLZ0zCjtfn3S4Gp4exhpBWHyQ7D0yGjAk=", - version = "v0.9.0", - ) - go_repository( - name = "com_github_dgryski_go_rendezvous", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/dgryski/go-rendezvous", - sum = "h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=", - version = "v0.0.0-20200823014737-9f7001d12a5f", - ) - go_repository( - name = "com_github_distribution_distribution_v3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/distribution/distribution/v3", - sum = "h1:aBfCb7iqHmDEIp6fBvC/hQUddQfg+3qdYjwzaiP9Hnc=", - version = "v3.0.0-20221208165359-362910506bc2", - ) - go_repository( - name = "com_github_distribution_reference", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/distribution/reference", - sum = "h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0=", - version = "v0.5.0", - ) - go_repository( - name = "com_github_dnaeon_go_vcr", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/dnaeon/go-vcr", - sum = "h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=", - version = "v1.2.0", - ) - go_repository( - name = "com_github_docker_cli", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/docker/cli", - sum = "h1:mFpqnrS6Hsm3v1k7Wa/BO23oz0k121MTbTO1lpcGSkU=", - version = "v25.0.1+incompatible", - ) - go_repository( - name = "com_github_docker_distribution", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/docker/distribution", - sum = "h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=", - version = "v2.8.3+incompatible", - ) - go_repository( - name = "com_github_docker_docker", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/docker/docker", - sum = "h1:UVX5ZOrrfTGZZYEP+ZDq3Xn9PdHNXaSYMFPDumMqG2k=", - version = "v26.1.2+incompatible", - ) - go_repository( - name = "com_github_docker_docker_credential_helpers", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/docker/docker-credential-helpers", - sum = "h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A=", - version = "v0.7.0", - ) - go_repository( - name = "com_github_docker_go_connections", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/docker/go-connections", - sum = "h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=", - version = "v0.5.0", - ) - go_repository( - name = "com_github_docker_go_events", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/docker/go-events", - sum = "h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8=", - version = "v0.0.0-20190806004212-e31b211e4f1c", - ) - go_repository( - name = "com_github_docker_go_metrics", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/docker/go-metrics", - sum = "h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8=", - version = "v0.0.1", - ) - go_repository( - name = "com_github_docker_go_units", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/docker/go-units", - sum = "h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=", - version = "v0.5.0", - ) - go_repository( - name = "com_github_docker_libtrust", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/docker/libtrust", - sum = "h1:UhxFibDNY/bfvqU5CAUmr9zpesgbU6SWc8/B4mflAE4=", - version = "v0.0.0-20160708172513-aabc10ec26b7", - ) - go_repository( - name = "com_github_dustin_go_humanize", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/dustin/go-humanize", - sum = "h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=", - version = "v1.0.1", - ) - go_repository( - name = "com_github_edgelesssys_go_azguestattestation", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/edgelesssys/go-azguestattestation", - sum = "h1:XcoMVhZve0RRkSxFDn9Bs/z4FpHqZ3eHgVNWNCNOkqc=", - version = "v0.0.0-20240513062303-05f8770a633d", - ) - go_repository( - name = "com_github_edgelesssys_go_tdx_qpl", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/edgelesssys/go-tdx-qpl", - sum = "h1:TCGUmmH50cQBGXPJsn32APf93fmWQXcSMi7pMbDPtV0=", - version = "v0.0.0-20240123150912-dcad3c41ec5f", - ) - go_repository( - name = "com_github_eggsampler_acme_v3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/eggsampler/acme/v3", - sum = "h1:LHWnB3wShVshK1+umL6ObCjnc0MM+D7TE8JINjk8zGY=", - version = "v3.4.0", - ) - go_repository( - name = "com_github_emicklei_dot", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/emicklei/dot", - sum = "h1:ujpDlBkkwgWUY+qPId5IwapRW/xEoligRSYjioR6DFI=", - version = "v1.6.1", - ) - go_repository( - name = "com_github_emicklei_go_restful_v3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/emicklei/go-restful/v3", - sum = "h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=", - version = "v3.11.0", - ) - go_repository( - name = "com_github_emirpasic_gods", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/emirpasic/gods", - sum = "h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=", - version = "v1.18.1", - ) - go_repository( - name = "com_github_envoyproxy_go_control_plane", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/envoyproxy/go-control-plane", - sum = "h1:4X+VP1GHd1Mhj6IB5mMeGbLCleqxjletLK6K0rbxyZI=", - version = "v0.12.0", - ) - go_repository( - name = "com_github_envoyproxy_protoc_gen_validate", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/envoyproxy/protoc-gen-validate", - sum = "h1:gVPz/FMfvh57HdSJQyvBtF00j8JU4zdyUgIUNhlgg0A=", - version = "v1.0.4", - ) - go_repository( - name = "com_github_euank_go_kmsg_parser", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/euank/go-kmsg-parser", - sum = "h1:cHD53+PLQuuQyLZeriD1V/esuG4MuU0Pjs5y6iknohY=", - version = "v2.0.0+incompatible", - ) - go_repository( - name = "com_github_evanphx_json_patch", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/evanphx/json-patch", - sum = "h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls=", - version = "v5.9.0+incompatible", - ) - go_repository( - name = "com_github_evanphx_json_patch_v5", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/evanphx/json-patch/v5", - sum = "h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg=", - version = "v5.9.0", - ) - go_repository( - name = "com_github_exponent_io_jsonpath", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/exponent-io/jsonpath", - sum = "h1:105gxyaGwCFad8crR9dcMQWvV9Hvulu6hwUh4tWPJnM=", - version = "v0.0.0-20151013193312-d6023ce2651d", - ) - go_repository( - name = "com_github_fatih_camelcase", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/fatih/camelcase", - sum = "h1:hxNvNX/xYBp0ovncs8WyWZrOrpBNub/JfaMvbURyft8=", - version = "v1.0.0", - ) - go_repository( - name = "com_github_fatih_color", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/fatih/color", - sum = "h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=", - version = "v1.16.0", - ) - go_repository( - name = "com_github_felixge_httpsnoop", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/felixge/httpsnoop", - sum = "h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=", - version = "v1.0.4", - ) - go_repository( - name = "com_github_flynn_go_docopt", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/flynn/go-docopt", - sum = "h1:Ss/B3/5wWRh8+emnK0++g5zQzwDTi30W10pKxKc4JXI=", - version = "v0.0.0-20140912013429-f6dd2ebbb31e", - ) - go_repository( - name = "com_github_flynn_go_shlex", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/flynn/go-shlex", - sum = "h1:BHsljHzVlRcyQhjrss6TZTdY2VfCqZPbv5k3iBFa2ZQ=", - version = "v0.0.0-20150515145356-3f9db97f8568", - ) - go_repository( - name = "com_github_foxboron_go_uefi", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/foxboron/go-uefi", - sum = "h1:qGlg/7H49H30Eu7nkCBA7YxNmW30ephqBf7xIxlAGuQ=", - version = "v0.0.0-20240128152106-48be911532c2", - ) - go_repository( - name = "com_github_foxcpp_go_mockdns", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/foxcpp/go-mockdns", - sum = "h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI=", - version = "v1.0.0", - ) - go_repository( - name = "com_github_frankban_quicktest", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/frankban/quicktest", - sum = "h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=", - version = "v1.14.6", - ) - go_repository( - name = "com_github_fsnotify_fsnotify", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/fsnotify/fsnotify", - sum = "h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=", - version = "v1.7.0", - ) - go_repository( - name = "com_github_fullstorydev_grpcurl", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/fullstorydev/grpcurl", - sum = "h1:JMvZXK8lHDGyLmTQ0ZdGDnVVGuwjbpaumf8p42z0d+c=", - version = "v1.8.9", - ) - go_repository( - name = "com_github_fvbommel_sortorder", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/fvbommel/sortorder", - sum = "h1:fUmoe+HLsBTctBDoaBwpQo5N+nrCp8g/BjKb/6ZQmYw=", - version = "v1.1.0", - ) - go_repository( - name = "com_github_fxamacker_cbor_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/fxamacker/cbor/v2", - sum = "h1:sU6J2usfADwWlYDAFhZBQ6TnLFBHxgesMrQfQgk1tWA=", - version = "v2.6.0", - ) - go_repository( - name = "com_github_gabriel_vasile_mimetype", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/gabriel-vasile/mimetype", - sum = "h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=", - version = "v1.4.3", - ) - go_repository( - name = "com_github_gertd_go_pluralize", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/gertd/go-pluralize", - sum = "h1:M3uASbVjMnTsPb0PNqg+E/24Vwigyo/tvyMTtAlLgiA=", - version = "v0.2.1", - ) - go_repository( - name = "com_github_ghodss_yaml", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/ghodss/yaml", - sum = "h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=", - version = "v1.0.0", - ) - go_repository( - name = "com_github_gliderlabs_ssh", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/gliderlabs/ssh", - sum = "h1:6zsha5zo/TWhRhwqCD3+EarCAgZ2yN28ipRnGPnwkI0=", - version = "v0.2.2", - ) - go_repository( - name = "com_github_go_chi_chi", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-chi/chi", - sum = "h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec=", - version = "v4.1.2+incompatible", - ) - go_repository( - name = "com_github_go_errors_errors", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-errors/errors", - sum = "h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA=", - version = "v1.4.2", - ) - go_repository( - name = "com_github_go_git_gcfg", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-git/gcfg", - sum = "h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=", - version = "v1.5.1-0.20230307220236-3a3c6141e376", - ) - go_repository( - name = "com_github_go_git_go_billy_v5", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-git/go-billy/v5", - sum = "h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU=", - version = "v5.5.0", - ) - go_repository( - name = "com_github_go_git_go_git_v5", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-git/go-git/v5", - sum = "h1:7Md+ndsjrzZxbddRDZjF14qK+NN56sy6wkqaVrjZtys=", - version = "v5.12.0", - ) - go_repository( - name = "com_github_go_gl_glfw", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-gl/glfw", - sum = "h1:QbL/5oDUmRBzO9/Z7Seo6zf912W/a6Sr4Eu0G/3Jho0=", - version = "v0.0.0-20190409004039-e6da0acd62b1", - ) - go_repository( - name = "com_github_go_gl_glfw_v3_3_glfw", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-gl/glfw/v3.3/glfw", - sum = "h1:WtGNWLvXpe6ZudgnXrq0barxBImvnnJoMEhXAzcbM0I=", - version = "v0.0.0-20200222043503-6f7a984d4dc4", - ) - go_repository( - name = "com_github_go_gorp_gorp_v3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-gorp/gorp/v3", - sum = "h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs=", - version = "v3.1.0", - ) - go_repository( - name = "com_github_go_jose_go_jose_v3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-jose/go-jose/v3", - sum = "h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k=", - version = "v3.0.3", - ) - go_repository( - name = "com_github_go_kit_kit", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-kit/kit", - sum = "h1:Wz+5lgoB0kkuqLEc6NVmwRknTKP6dTGbSqvhZtBI/j0=", - version = "v0.8.0", - ) - go_repository( - name = "com_github_go_kit_log", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-kit/log", - sum = "h1:MRVx0/zhvdseW+Gza6N9rVzU/IVzaeE1SFI4raAhmBU=", - version = "v0.2.1", - ) - go_repository( - name = "com_github_go_logfmt_logfmt", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-logfmt/logfmt", - sum = "h1:otpy5pqBCBZ1ng9RQ0dPu4PN7ba75Y/aA+UpowDyNVA=", - version = "v0.5.1", - ) - go_repository( - name = "com_github_go_logr_logr", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-logr/logr", - sum = "h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=", - version = "v1.4.1", - ) - go_repository( - name = "com_github_go_logr_stdr", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-logr/stdr", - sum = "h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=", - version = "v1.2.2", - ) - go_repository( - name = "com_github_go_logr_zapr", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-logr/zapr", - sum = "h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=", - version = "v1.3.0", - ) - go_repository( - name = "com_github_go_openapi_analysis", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-openapi/analysis", - sum = "h1:aGday7OWupfMs+LbmLZG4k0MYXIANxcuBTYUC03zFCU=", - version = "v0.23.0", - ) - go_repository( - name = "com_github_go_openapi_errors", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-openapi/errors", - sum = "h1:c4xY/OLxUBSTiepAg3j/MHuAv5mJhnf53LLMWFB+u/w=", - version = "v0.22.0", - ) - go_repository( - name = "com_github_go_openapi_jsonpointer", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-openapi/jsonpointer", - sum = "h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=", - version = "v0.21.0", - ) - go_repository( - name = "com_github_go_openapi_jsonreference", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-openapi/jsonreference", - sum = "h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=", - version = "v0.21.0", - ) - go_repository( - name = "com_github_go_openapi_loads", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-openapi/loads", - sum = "h1:ECPGd4jX1U6NApCGG1We+uEozOAvXvJSF4nnwHZ8Aco=", - version = "v0.22.0", - ) - go_repository( - name = "com_github_go_openapi_runtime", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-openapi/runtime", - sum = "h1:gpPPmWSNGo214l6n8hzdXYhPuJcGtziTOgUpvsFWGIQ=", - version = "v0.28.0", - ) - go_repository( - name = "com_github_go_openapi_spec", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-openapi/spec", - sum = "h1:LTVzPc3p/RzRnkQqLRndbAzjY0d0BCL72A6j3CdL9ZY=", - version = "v0.21.0", - ) - go_repository( - name = "com_github_go_openapi_strfmt", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-openapi/strfmt", - sum = "h1:nlUS6BCqcnAk0pyhi9Y+kdDVZdZMHfEKQiS4HaMgO/c=", - version = "v0.23.0", - ) - go_repository( - name = "com_github_go_openapi_swag", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-openapi/swag", - sum = "h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=", - version = "v0.23.0", - ) - go_repository( - name = "com_github_go_openapi_validate", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-openapi/validate", - sum = "h1:LdfDKwNbpB6Vn40xhTdNZAnfLECL81w+VX3BumrGD58=", - version = "v0.24.0", - ) - go_repository( - name = "com_github_go_playground_assert_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-playground/assert/v2", - sum = "h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=", - version = "v2.2.0", - ) - go_repository( - name = "com_github_go_playground_locales", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-playground/locales", - sum = "h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=", - version = "v0.14.1", - ) - go_repository( - name = "com_github_go_playground_universal_translator", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-playground/universal-translator", - sum = "h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=", - version = "v0.18.1", - ) - go_repository( - name = "com_github_go_playground_validator_v10", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-playground/validator/v10", - sum = "h1:K9ISHbSaI0lyB2eWMPJo+kOS/FBExVwjEviJTixqxL8=", - version = "v10.20.0", - ) - go_repository( - name = "com_github_go_redis_redismock_v9", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-redis/redismock/v9", - sum = "h1:ZrMYQeKPECZPjOj5u9eyOjg8Nnb0BS9lkVIZ6IpsKLw=", - version = "v9.2.0", - ) - go_repository( - name = "com_github_go_rod_rod", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-rod/rod", - sum = "h1:h4pimzSOUnw7Eo41zdJA788XsawzHjJMyzCE3BrBww0=", - version = "v0.114.7", - ) - go_repository( - name = "com_github_go_sql_driver_mysql", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-sql-driver/mysql", - sum = "h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y=", - version = "v1.8.1", - ) - go_repository( - name = "com_github_go_stack_stack", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-stack/stack", - sum = "h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk=", - version = "v1.8.0", - ) - go_repository( - name = "com_github_go_task_slim_sprig", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-task/slim-sprig", - sum = "h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=", - version = "v0.0.0-20230315185526-52ccab3ef572", - ) - go_repository( - name = "com_github_go_task_slim_sprig_v3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-task/slim-sprig/v3", - sum = "h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=", - version = "v3.0.0", - ) - go_repository( - name = "com_github_go_test_deep", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/go-test/deep", - sum = "h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg=", - version = "v1.1.0", - ) - go_repository( - name = "com_github_gobuffalo_logger", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/gobuffalo/logger", - sum = "h1:nnZNpxYo0zx+Aj9RfMPBm+x9zAU2OayFh/xrAWi34HU=", - version = "v1.0.6", - ) - go_repository( - name = "com_github_gobuffalo_packd", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/gobuffalo/packd", - sum = "h1:U2wXfRr4E9DH8IdsDLlRFwTZTK7hLfq9qT/QHXGVe/0=", - version = "v1.0.1", - ) - go_repository( - name = "com_github_gobuffalo_packr_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/gobuffalo/packr/v2", - sum = "h1:xE1yzvnO56cUC0sTpKR3DIbxZgB54AftTFMhB2XEWlY=", - version = "v2.8.3", - ) - go_repository( - name = "com_github_gobwas_glob", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/gobwas/glob", - sum = "h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=", - version = "v0.2.3", - ) - go_repository( - name = "com_github_gobwas_httphead", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/gobwas/httphead", - sum = "h1:exrUm0f4YX0L7EBwZHuCF4GDp8aJfVeBrlLQrs6NqWU=", - version = "v0.1.0", - ) - go_repository( - name = "com_github_gobwas_pool", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/gobwas/pool", - sum = "h1:xfeeEhW7pwmX8nuLVlqbzVc7udMDrwetjEv+TZIz1og=", - version = "v0.2.1", - ) - go_repository( - name = "com_github_gobwas_ws", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/gobwas/ws", - sum = "h1:F2aeBZrm2NDsc7vbovKrWSogd4wvfAxg0FQ89/iqOTk=", - version = "v1.2.1", - ) - go_repository( - name = "com_github_goccy_go_json", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/goccy/go-json", - sum = "h1:IcB+Aqpx/iMHu5Yooh7jEzJk1JZ7Pjtmys2ukPr7EeM=", - version = "v0.9.7", - ) - go_repository( - name = "com_github_godbus_dbus_v5", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/godbus/dbus/v5", - sum = "h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk=", - version = "v5.1.0", - ) - go_repository( - name = "com_github_godror_godror", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/godror/godror", - sum = "h1:uxGAD7UdnNGjX5gf4NnEIGw0JAPTIFiqAyRBZTPKwXs=", - version = "v0.24.2", - ) - go_repository( - name = "com_github_gofrs_flock", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/gofrs/flock", - sum = "h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw=", - version = "v0.8.1", - ) - go_repository( - name = "com_github_gogo_protobuf", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/gogo/protobuf", - sum = "h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=", - version = "v1.3.2", - ) - go_repository( - name = "com_github_golang_glog", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/golang/glog", - sum = "h1:uCdmnmatrKCgMBlM4rMuJZWOkPDqdbZPnrMXDY4gI68=", - version = "v1.2.0", - ) - go_repository( - name = "com_github_golang_groupcache", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/golang/groupcache", - sum = "h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=", - version = "v0.0.0-20210331224755-41bb18bfe9da", - ) - go_repository( - name = "com_github_golang_jwt_jwt", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/golang-jwt/jwt", - sum = "h1:73Z+4BJcrTC+KczS6WvTPvRGOp1WmfEP4Q1lOd9Z/+c=", - version = "v3.2.1+incompatible", - ) - go_repository( - name = "com_github_golang_jwt_jwt_v4", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/golang-jwt/jwt/v4", - sum = "h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=", - version = "v4.5.0", - ) - go_repository( - name = "com_github_golang_jwt_jwt_v5", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/golang-jwt/jwt/v5", - sum = "h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=", - version = "v5.2.1", - ) - go_repository( - name = "com_github_golang_mock", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/golang/mock", - sum = "h1:YojYx61/OLFsiv6Rw1Z96LpldJIy31o+UHmwAUMJ6/U=", - version = "v1.7.0-rc.1", - ) - go_repository( - name = "com_github_golang_protobuf", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/golang/protobuf", - sum = "h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=", - version = "v1.5.4", - ) - go_repository( - name = "com_github_golang_snappy", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/golang/snappy", - sum = "h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=", - version = "v0.0.4", - ) - go_repository( - name = "com_github_golang_sql_civil", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/golang-sql/civil", - sum = "h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY=", - version = "v0.0.0-20190719163853-cb61b32ac6fe", - ) - go_repository( - name = "com_github_gomodule_redigo", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/gomodule/redigo", - sum = "h1:H5XSIre1MB5NbPYFp+i1NBbb5qN1W8Y8YAQoAYbkm8k=", - version = "v1.8.2", - ) - go_repository( - name = "com_github_google_btree", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/google/btree", - sum = "h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU=", - version = "v1.1.2", - ) - go_repository( - name = "com_github_google_cadvisor", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/google/cadvisor", - sum = "h1:1PYeiORXmcFYi609M4Qvq5IzcvcVaWgYxDt78uH8jYA=", - version = "v0.49.0", - ) - go_repository( - name = "com_github_google_cel_go", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/google/cel-go", - sum = "h1:j9m730pMZt1Fc4oKhCLUHfjj6527LuhYcYw0Rl8gqto=", - version = "v0.17.8", - ) - go_repository( - name = "com_github_google_certificate_transparency_go", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/google/certificate-transparency-go", - sum = "h1:LGYKkgZF7satzgTak9R4yzfJXEeYVAjV6/EAEJOf1to=", - version = "v1.1.8", - ) - go_repository( - name = "com_github_google_gnostic_models", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/google/gnostic-models", - sum = "h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=", - version = "v0.6.8", - ) - go_repository( - name = "com_github_google_go_attestation", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/google/go-attestation", - sum = "h1:jqtOrLk5MNdliTKjPbIPrAaRKJaKW+0LIU2n/brJYms=", - version = "v0.5.1", - ) - go_repository( - name = "com_github_google_go_cmdtest", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/google/go-cmdtest", - sum = "h1:rcv+Ippz6RAtvaGgKxc+8FQIpxHgsF+HBzPyYL2cyVU=", - version = "v0.4.1-0.20220921163831-55ab3332a786", - ) - go_repository( - name = "com_github_google_go_cmp", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/google/go-cmp", - sum = "h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=", - version = "v0.6.0", - ) - go_repository( - name = "com_github_google_go_configfs_tsm", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/google/go-configfs-tsm", - sum = "h1:YnJ9rXIOj5BYD7/0DNnzs8AOp7UcvjfTvt215EWcs98=", - version = "v0.2.2", - ) - go_repository( - name = "com_github_google_go_containerregistry", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/google/go-containerregistry", - sum = "h1:uIsMRBV7m/HDkDxE/nXMnv1q+lOOSPlQ/ywc5JbB8Ic=", - version = "v0.19.0", - ) - go_repository( - name = "com_github_google_go_licenses", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/google/go-licenses", - sum = "h1:MM+VCXf0slYkpWO0mECvdYDVCxZXIQNal5wqUIXEZ/A=", - version = "v1.6.0", - ) - go_repository( - name = "com_github_google_go_pkcs11", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/google/go-pkcs11", - sum = "h1:OF1IPgv+F4NmqmJ98KTjdN97Vs1JxDPB3vbmYzV2dpk=", - version = "v0.2.1-0.20230907215043-c6f79328ddf9", - ) - go_repository( - name = "com_github_google_go_replayers_httpreplay", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/google/go-replayers/httpreplay", - sum = "h1:H91sIMlt1NZzN7R+/ASswyouLJfW0WLW7fhyUFvDEkY=", - version = "v1.1.1", - ) - go_repository( - name = "com_github_google_go_sev_guest", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/google/go-sev-guest", - sum = "h1:gnww4U8fHV5DCPz4gykr1s8SEX1fFNcxCBy+vvXN24k=", - version = "v0.11.1", - ) - go_repository( - name = "com_github_google_go_tdx_guest", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/google/go-tdx-guest", - sum = "h1:gl0KvjdsD4RrJzyLefDOvFOUH3NAJri/3qvaL5m83Iw=", - version = "v0.3.1", - ) - go_repository( - name = "com_github_google_go_tpm", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/google/go-tpm", - sum = "h1:gfGQAIxsEEAuYuFvjCGpDnTwisMJOz+rUfJMkk4yTmc=", - version = "v0.9.1-0.20240510201744-5c2f0887e003", - ) - go_repository( - name = "com_github_google_go_tpm_tools", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/google/go-tpm-tools", - # keep - patches = [ - "//3rdparty/bazel/com_github_google_go_tpm_tools:com_github_google_go_tpm_tools.patch", - "//3rdparty/bazel/com_github_google_go_tpm_tools:ms_tpm_20_ref.patch", - "//3rdparty/bazel/com_github_google_go_tpm_tools:include.patch", - ], - sum = "h1:oiQfAIkc6xTy9Fl5NKTeTJkBTlXdHsxAofmQyxBKY98=", - version = "v0.4.4", - ) - go_repository( - name = "com_github_google_go_tspi", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/google/go-tspi", - sum = "h1:ADtq8RKfP+jrTyIWIZDIYcKOMecRqNJFOew2IT0Inus=", - version = "v0.3.0", - ) - go_repository( - name = "com_github_google_gofuzz", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/google/gofuzz", - sum = "h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=", - version = "v1.2.0", - ) - go_repository( - name = "com_github_google_goterm", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/google/goterm", - sum = "h1:CVuJwN34x4xM2aT4sIKhmeib40NeBPhRihNjQmpJsA4=", - version = "v0.0.0-20200907032337-555d40f16ae2", - ) - go_repository( - name = "com_github_google_keep_sorted", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/google/keep-sorted", - sum = "h1:UNJGKBtOg4m4rgTYCpkBh0WBI2UTLm+xNC1lZvfQpp0=", - version = "v0.4.0", - ) - go_repository( - name = "com_github_google_licenseclassifier", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/google/licenseclassifier", - sum = "h1:TJsAqW6zLRMDTyGmc9TPosfn9OyVlHs8Hrn3pY6ONSY=", - version = "v0.0.0-20210722185704-3043a050f148", - ) - go_repository( - name = "com_github_google_logger", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/google/logger", - sum = "h1:+6Z2geNxc9G+4D4oDO9njjjn2d0wN5d7uOo0vOIW1NQ=", - version = "v1.1.1", - ) - go_repository( - name = "com_github_google_martian", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/google/martian", - sum = "h1:/CP5g8u/VJHijgedC/Legn3BAbAaWPgecwXBIDzw5no=", - version = "v2.1.0+incompatible", - ) - go_repository( - name = "com_github_google_martian_v3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/google/martian/v3", - sum = "h1:IqNFLAmvJOgVlpdEBiQbDc2EwKW77amAycfTuWKdfvw=", - version = "v3.3.2", - ) - go_repository( - name = "com_github_google_pprof", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/google/pprof", - sum = "h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg=", - version = "v0.0.0-20240424215950-a892ee059fd6", - ) - go_repository( - name = "com_github_google_renameio", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/google/renameio", - sum = "h1:GOZbcHa3HfsPKPlmyPyN2KEohoMXOhdMbHrvbpl2QaA=", - version = "v0.1.0", - ) - go_repository( - name = "com_github_google_renameio_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/google/renameio/v2", - sum = "h1:UifI23ZTGY8Tt29JbYFiuyIU3eX+RNFtUwefq9qAhxg=", - version = "v2.0.0", - ) - go_repository( - name = "com_github_google_rpmpack", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/google/rpmpack", - sum = "h1:LoQuqlw6kHRwg25n3M0xtYrW+z2pTkR0ae1xx11hRw8=", - version = "v0.6.0", - ) - go_repository( - name = "com_github_google_s2a_go", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/google/s2a-go", - sum = "h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o=", - version = "v0.1.7", - ) - go_repository( - name = "com_github_google_shlex", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/google/shlex", - sum = "h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=", - version = "v0.0.0-20191202100458-e7afc7fbc510", - ) - go_repository( - name = "com_github_google_trillian", - build_file_generation = "on", - build_file_name = "", # keep - build_file_proto_mode = "disable_global", - importpath = "github.com/google/trillian", - sum = "h1:jMBeDBIkINFvS2n6oV5maDqfRlxREAc6CW9QYWQ0qT4=", - version = "v1.6.0", - ) - go_repository( - name = "com_github_google_uuid", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/google/uuid", - sum = "h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=", - version = "v1.6.0", - ) - go_repository( - name = "com_github_google_wire", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/google/wire", - sum = "h1:HBkoIh4BdSxoyo9PveV8giw7ZsaBOvzWKfcg/6MrVwI=", - version = "v0.6.0", - ) - go_repository( - name = "com_github_googleapis_enterprise_certificate_proxy", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/googleapis/enterprise-certificate-proxy", - sum = "h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs=", - version = "v0.3.2", - ) - go_repository( - name = "com_github_googleapis_gax_go_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/googleapis/gax-go/v2", - sum = "h1:9gWcmF85Wvq4ryPFvGFaOgPIs1AQX0d0bcbGw4Z96qg=", - version = "v2.12.4", - ) - go_repository( - name = "com_github_googleapis_go_type_adapters", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/googleapis/go-type-adapters", - sum = "h1:9XdMn+d/G57qq1s8dNc5IesGCXHf6V2HZ2JwRxfA2tA=", - version = "v1.0.0", - ) - go_repository( - name = "com_github_googleapis_google_cloud_go_testing", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/googleapis/google-cloud-go-testing", - sum = "h1:zC34cGQu69FG7qzJ3WiKW244WfhDC3xxYMeNOX2gtUQ=", - version = "v0.0.0-20210719221736-1c9a4c676720", - ) - go_repository( - name = "com_github_googlecloudplatform_k8s_cloud_provider", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/GoogleCloudPlatform/k8s-cloud-provider", - sum = "h1:Heo1J/ttaQFgGJSVnCZquy3e5eH5j1nqxBuomztB3P0=", - version = "v1.18.1-0.20220218231025-f11817397a1b", - ) - go_repository( - name = "com_github_gophercloud_gophercloud", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/gophercloud/gophercloud", - sum = "h1:ls0O747DIq1D8SUHc7r2vI8BFbMLeLFuENaAIfEx7OM=", - version = "v1.11.0", - ) - go_repository( - name = "com_github_gophercloud_utils", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/gophercloud/utils", - sum = "h1:sH7xkTfYzxIEgzq1tDHIMKRh1vThOEOGNsettdEeLbE=", - version = "v0.0.0-20231010081019-80377eca5d56", - ) - go_repository( - name = "com_github_gorilla_handlers", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/gorilla/handlers", - sum = "h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=", - version = "v1.5.1", - ) - go_repository( - name = "com_github_gorilla_mux", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/gorilla/mux", - sum = "h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=", - version = "v1.8.1", - ) - go_repository( - name = "com_github_gorilla_websocket", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/gorilla/websocket", - sum = "h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=", - version = "v1.5.0", - ) - go_repository( - name = "com_github_gosuri_uitable", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/gosuri/uitable", - sum = "h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY=", - version = "v0.0.4", - ) - go_repository( - name = "com_github_gregjones_httpcache", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/gregjones/httpcache", - sum = "h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM=", - version = "v0.0.0-20180305231024-9cad4c3443a7", - ) - go_repository( - name = "com_github_grpc_ecosystem_go_grpc_middleware", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/grpc-ecosystem/go-grpc-middleware", - sum = "h1:UH//fgunKIs4JdUbpDl1VZCDaL56wXCB/5+wF6uHfaI=", - version = "v1.4.0", - ) - go_repository( - name = "com_github_grpc_ecosystem_go_grpc_middleware_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/grpc-ecosystem/go-grpc-middleware/v2", - sum = "h1:pRhl55Yx1eC7BZ1N+BBWwnKaMyD8uC+34TLdndZMAKk=", - version = "v2.1.0", - ) - go_repository( - name = "com_github_grpc_ecosystem_go_grpc_prometheus", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/grpc-ecosystem/go-grpc-prometheus", - sum = "h1:Ovs26xHkKqVztRpIrF/92BcuyuQ/YW4NSIpoGtfXNho=", - version = "v1.2.0", - ) - go_repository( - name = "com_github_grpc_ecosystem_grpc_gateway", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/grpc-ecosystem/grpc-gateway", - sum = "h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo=", - version = "v1.16.0", - ) - go_repository( - name = "com_github_grpc_ecosystem_grpc_gateway_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/grpc-ecosystem/grpc-gateway/v2", - sum = "h1:/c3QmbOGMGTOumP2iT/rCwB7b0QDGLKzqOmktBjT+Is=", - version = "v2.19.1", - ) - go_repository( - name = "com_github_hashicorp_cli", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/cli", - sum = "h1:CMOV+/LJfL1tXCOKrgAX0uRKnzjj/mpmqNXloRSy2K8=", - version = "v1.1.6", - ) - go_repository( - name = "com_github_hashicorp_errwrap", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/errwrap", - sum = "h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=", - version = "v1.1.0", - ) - go_repository( - name = "com_github_hashicorp_go_checkpoint", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/go-checkpoint", - sum = "h1:MFYpPZCnQqQTE18jFwSII6eUQrD/oxMFp3mlgcqk5mU=", - version = "v0.5.0", - ) - go_repository( - name = "com_github_hashicorp_go_cleanhttp", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/go-cleanhttp", - sum = "h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=", - version = "v0.5.2", - ) - go_repository( - name = "com_github_hashicorp_go_cty", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/go-cty", - sum = "h1:1/D3zfFHttUKaCaGKZ/dR2roBXv0vKbSCnssIldfQdI=", - version = "v1.4.1-0.20200414143053-d3edf31b6320", - ) - go_repository( - name = "com_github_hashicorp_go_hclog", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/go-hclog", - sum = "h1:NOtoftovWkDheyUM/8JW3QMiXyxJK3uHRK7wV04nD2I=", - version = "v1.6.2", - ) - go_repository( - name = "com_github_hashicorp_go_kms_wrapping_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/go-kms-wrapping/v2", - sum = "h1:WZeXfD26QMWYC35at25KgE021SF9L3u9UMHK8fJAdV0=", - version = "v2.0.16", - ) - go_repository( - name = "com_github_hashicorp_go_kms_wrapping_wrappers_awskms_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/go-kms-wrapping/wrappers/awskms/v2", - sum = "h1:qdxeZvDMRGZ3YSE4Oz0Pp7WUSUn5S6cWZguEOkEVL50=", - version = "v2.0.9", - ) - go_repository( - name = "com_github_hashicorp_go_kms_wrapping_wrappers_azurekeyvault_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/go-kms-wrapping/wrappers/azurekeyvault/v2", - sum = "h1:/7SKkYIhA8cr3l8m1EKT6Q90bPoSVqqVBuQ6HgoMIkw=", - version = "v2.0.11", - ) - go_repository( - name = "com_github_hashicorp_go_kms_wrapping_wrappers_gcpckms_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/go-kms-wrapping/wrappers/gcpckms/v2", - sum = "h1:PCqWzT/Hii0KL07JsBZ3lJbv/wx02IAHYlhWQq8rxRY=", - version = "v2.0.12", - ) - go_repository( - name = "com_github_hashicorp_go_multierror", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/go-multierror", - sum = "h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=", - version = "v1.1.1", - ) - go_repository( - name = "com_github_hashicorp_go_plugin", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/go-plugin", - sum = "h1:wgd4KxHJTVGGqWBq4QPB1i5BZNEx9BR8+OFmHDmTk8A=", - version = "v1.6.0", - ) - go_repository( - name = "com_github_hashicorp_go_retryablehttp", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/go-retryablehttp", - sum = "h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M=", - version = "v0.7.5", - ) - go_repository( - name = "com_github_hashicorp_go_rootcerts", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/go-rootcerts", - sum = "h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc=", - version = "v1.0.2", - ) - go_repository( - name = "com_github_hashicorp_go_secure_stdlib_awsutil", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/go-secure-stdlib/awsutil", - sum = "h1:W9WN8p6moV1fjKLkeqEgkAMu5rauy9QeYDAmIaPuuiA=", - version = "v0.1.6", - ) - go_repository( - name = "com_github_hashicorp_go_secure_stdlib_parseutil", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/go-secure-stdlib/parseutil", - sum = "h1:UpiO20jno/eV1eVZcxqWnUohyKRe1g8FPV/xH1s/2qs=", - version = "v0.1.7", - ) - go_repository( - name = "com_github_hashicorp_go_secure_stdlib_strutil", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/go-secure-stdlib/strutil", - sum = "h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts=", - version = "v0.1.2", - ) - go_repository( - name = "com_github_hashicorp_go_sockaddr", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/go-sockaddr", - sum = "h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc=", - version = "v1.0.2", - ) - go_repository( - name = "com_github_hashicorp_go_uuid", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/go-uuid", - sum = "h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=", - version = "v1.0.3", - ) - go_repository( - name = "com_github_hashicorp_go_version", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/go-version", - sum = "h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek=", - version = "v1.6.0", - ) - go_repository( - name = "com_github_hashicorp_golang_lru", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/golang-lru", - sum = "h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=", - version = "v0.5.4", - ) - go_repository( - name = "com_github_hashicorp_hc_install", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/hc-install", - sum = "h1:QLqlM56/+SIIGvGcfFiwMY3z5WGXT066suo/v9Km8e0=", - version = "v0.6.4", - ) - go_repository( - name = "com_github_hashicorp_hcl", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/hcl", - sum = "h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=", - version = "v1.0.0", - ) - go_repository( - name = "com_github_hashicorp_hcl_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/hcl/v2", - sum = "h1:M6hgdyz7HYt1UN9e61j+qKJBqR3orTWbI1HKBJEdxtc=", - version = "v2.20.1", - ) - go_repository( - name = "com_github_hashicorp_logutils", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/logutils", - sum = "h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y=", - version = "v1.0.0", - ) - go_repository( - name = "com_github_hashicorp_terraform_exec", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/terraform-exec", - sum = "h1:DIZnPsqzPGuUnq6cH8jWcPunBfY+C+M8JyYF3vpnuEo=", - version = "v0.20.0", - ) - go_repository( - name = "com_github_hashicorp_terraform_json", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/terraform-json", - sum = "h1:9NQxbLNqPbEMze+S6+YluEdXgJmhQykRyRNd+zTI05U=", - version = "v0.21.0", - ) - go_repository( - name = "com_github_hashicorp_terraform_plugin_framework", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/terraform-plugin-framework", - sum = "h1:P07qy8RKLcoBkCrY2RHJer5AEvJnDuXomBgou6fD8kI=", - version = "v1.8.0", - ) - go_repository( - name = "com_github_hashicorp_terraform_plugin_framework_validators", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/terraform-plugin-framework-validators", - sum = "h1:HOjBuMbOEzl7snOdOoUfE2Jgeto6JOjLVQ39Ls2nksc=", - version = "v0.12.0", - ) - go_repository( - name = "com_github_hashicorp_terraform_plugin_go", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/terraform-plugin-go", - sum = "h1:AALVuU1gD1kPb48aPQUjug9Ir/125t+AAurhqphJ2Co=", - version = "v0.23.0", - ) - go_repository( - name = "com_github_hashicorp_terraform_plugin_log", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/terraform-plugin-log", - sum = "h1:i7hOA+vdAItN1/7UrfBqBwvYPQ9TFvymaRGZED3FCV0=", - version = "v0.9.0", - ) - go_repository( - name = "com_github_hashicorp_terraform_plugin_sdk_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/terraform-plugin-sdk/v2", - sum = "h1:qHprzXy/As0rxedphECBEQAh3R4yp6pKksKHcqZx5G8=", - version = "v2.33.0", - ) - go_repository( - name = "com_github_hashicorp_terraform_plugin_testing", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/terraform-plugin-testing", - sum = "h1:I6aeCyZ30z4NiI3tzyDoO6fS7YxP5xSL1ceOon3gTe8=", - version = "v1.7.0", - ) - go_repository( - name = "com_github_hashicorp_terraform_registry_address", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/terraform-registry-address", - sum = "h1:2TAiKJ1A3MAkZlH1YI/aTVcLZRu7JseiXNRHbOAyoTI=", - version = "v0.2.3", - ) - go_repository( - name = "com_github_hashicorp_terraform_svchost", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/terraform-svchost", - sum = "h1:EZZimZ1GxdqFRinZ1tpJwVxxt49xc/S52uzrw4x0jKQ=", - version = "v0.1.1", - ) - go_repository( - name = "com_github_hashicorp_vault_api", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/vault/api", - sum = "h1:7YkCTE5Ni90TcmYHDBExdt4WGJxhpzaHqR6uGbQb/rE=", - version = "v1.12.2", - ) - go_repository( - name = "com_github_hashicorp_yamux", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hashicorp/yamux", - sum = "h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE=", - version = "v0.1.1", - ) - go_repository( - name = "com_github_hexops_gotextdiff", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hexops/gotextdiff", - sum = "h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=", - version = "v1.0.3", - ) - go_repository( - name = "com_github_howeyc_gopass", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/howeyc/gopass", - sum = "h1:A9HsByNhogrvm9cWb28sjiS3i7tcKCkflWFEkHfuAgM=", - version = "v0.0.0-20210920133722-c8aef6fb66ef", - ) - go_repository( - name = "com_github_hpcloud_tail", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hpcloud/tail", - sum = "h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=", - version = "v1.0.0", - ) - go_repository( - name = "com_github_huandu_xstrings", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/huandu/xstrings", - sum = "h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU=", - version = "v1.4.0", - ) - go_repository( - name = "com_github_hugelgupf_vmtest", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/hugelgupf/vmtest", - sum = "h1:aa9+0fjwoGotyC8A3QjdITMAX89g/+qvDAhKPrK1NKE=", - version = "v0.0.0-20240110072021-f6f07acb7aa1", - ) - go_repository( - name = "com_github_ianlancetaylor_demangle", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/ianlancetaylor/demangle", - sum = "h1:KwWnWVWCNtNq/ewIX7HIKnELmEx2nDP42yskD/pi7QE=", - version = "v0.0.0-20240312041847-bd984b5ce465", - ) - go_repository( - name = "com_github_imdario_mergo", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/imdario/mergo", - sum = "h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM=", - version = "v0.3.15", - ) - go_repository( - name = "com_github_in_toto_in_toto_golang", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/in-toto/in-toto-golang", - sum = "h1:tHny7ac4KgtsfrG6ybU8gVOZux2H8jN05AXJ9EBM1XU=", - version = "v0.9.0", - ) - go_repository( - name = "com_github_inconshreveable_mousetrap", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/inconshreveable/mousetrap", - sum = "h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=", - version = "v1.1.0", - ) - go_repository( - name = "com_github_insomniacslk_dhcp", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/insomniacslk/dhcp", - sum = "h1:9K06NfxkBh25x56yVhWWlKFE8YpicaSfHwoV8SFbueA=", - version = "v0.0.0-20231206064809-8c70d406f6d2", - ) - go_repository( - name = "com_github_intel_goresctrl", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/intel/goresctrl", - sum = "h1:K2D3GOzihV7xSBedGxONSlaw/un1LZgWsc9IfqipN4c=", - version = "v0.3.0", - ) - go_repository( - name = "com_github_ishidawataru_sctp", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/ishidawataru/sctp", - sum = "h1:i2fYnDurfLlJH8AyyMOnkLHnHeP8Ff/DDpuZA/D3bPo=", - version = "v0.0.0-20230406120618-7ff4192f6ff2", - ) - go_repository( - name = "com_github_jbenet_go_context", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/jbenet/go-context", - sum = "h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=", - version = "v0.0.0-20150711004518-d14ea06fba99", - ) - go_repository( - name = "com_github_jedisct1_go_minisign", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/jedisct1/go-minisign", - sum = "h1:ZGiXF8sz7PDk6RgkP+A/SFfUD0ZR/AgG6SpRNEDKZy8=", - version = "v0.0.0-20211028175153-1c139d1cc84b", - ) - go_repository( - name = "com_github_jeffashton_win_pdh", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/JeffAshton/win_pdh", - sum = "h1:UKkYhof1njT1/xq4SEg5z+VpTgjmNeHwPGRQl7takDI=", - version = "v0.0.0-20161109143554-76bb4ee9f0ab", - ) - go_repository( - name = "com_github_jellydator_ttlcache_v3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/jellydator/ttlcache/v3", - sum = "h1:6lqVJ8X3ZaUwvzENqPAobDsXNExfUJd61u++uW8a3LE=", - version = "v3.2.0", - ) - go_repository( - name = "com_github_jessevdk_go_flags", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/jessevdk/go-flags", - sum = "h1:4IU2WS7AumrZ/40jfhf4QVDMsQwqA7VEHozFRrGARJA=", - version = "v1.4.0", - ) - go_repository( - name = "com_github_jhump_protoreflect", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/jhump/protoreflect", - sum = "h1:6SFRuqU45u9hIZPJAoZ8c28T3nK64BNdp9w6jFonzls=", - version = "v1.15.3", - ) - go_repository( - name = "com_github_jmespath_go_jmespath", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/jmespath/go-jmespath", - sum = "h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=", - version = "v0.4.0", - ) - go_repository( - name = "com_github_jmespath_go_jmespath_internal_testify", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/jmespath/go-jmespath/internal/testify", - sum = "h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=", - version = "v1.5.1", - ) - go_repository( - name = "com_github_jmhodges_clock", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/jmhodges/clock", - sum = "h1:eq4kys+NI0PLngzaHEe7AmPT90XMGIEySD1JfV1PDIs=", - version = "v1.2.0", - ) - go_repository( - name = "com_github_jmoiron_sqlx", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/jmoiron/sqlx", - sum = "h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g=", - version = "v1.3.5", - ) - go_repository( - name = "com_github_jonboulle_clockwork", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/jonboulle/clockwork", - sum = "h1:p4Cf1aMWXnXAUh8lVfewRBx1zaTSYKrKMF2g3ST4RZ4=", - version = "v0.4.0", - ) - go_repository( - name = "com_github_josephspurrier_goversioninfo", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/josephspurrier/goversioninfo", - sum = "h1:Puhl12NSHUSALHSuzYwPYQkqa2E1+7SrtAPJorKK0C8=", - version = "v1.4.0", - ) - go_repository( - name = "com_github_josharian_intern", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/josharian/intern", - sum = "h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=", - version = "v1.0.0", - ) - go_repository( - name = "com_github_josharian_native", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/josharian/native", - sum = "h1:uuaP0hAbW7Y4l0ZRQ6C9zfb7Mg1mbFKry/xzDAfmtLA=", - version = "v1.1.0", - ) - go_repository( - name = "com_github_jpillora_backoff", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/jpillora/backoff", - sum = "h1:uvFg412JmmHBHw7iwprIxkPMI+sGQ4kzOWsMeHnm2EA=", - version = "v1.0.0", - ) - go_repository( - name = "com_github_jsimonetti_rtnetlink", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/jsimonetti/rtnetlink", - sum = "h1:JfD4jthWBqZMEffc5RjgmlzpYttAVw1sdnmiNaPO3hE=", - version = "v1.4.1", - ) - go_repository( - name = "com_github_json_iterator_go", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/json-iterator/go", - sum = "h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=", - version = "v1.1.12", - ) - go_repository( - name = "com_github_jstemmer_go_junit_report", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/jstemmer/go-junit-report", - sum = "h1:6QPYqodiu3GuPL+7mfx+NwDdp2eTkp9IfEUpgAwUN0o=", - version = "v0.9.1", - ) - go_repository( - name = "com_github_julienschmidt_httprouter", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/julienschmidt/httprouter", - sum = "h1:U0609e9tgbseu3rBINet9P48AI/D3oJs4dN7jwJOQ1U=", - version = "v1.3.0", - ) - go_repository( - name = "com_github_k0kubun_go_ansi", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/k0kubun/go-ansi", - sum = "h1:qGQQKEcAR99REcMpsXCp3lJ03zYT1PkRd3kQGPn9GVg=", - version = "v0.0.0-20180517002512-3bf9e2903213", - ) - go_repository( - name = "com_github_karrick_godirwalk", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/karrick/godirwalk", - sum = "h1:b4kY7nqDdioR/6qnbHQyDvmA17u5G1cZ6J+CZXwSWoI=", - version = "v1.17.0", - ) - go_repository( - name = "com_github_katexochen_sh_v3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/katexochen/sh/v3", - sum = "h1:/BNMhF21b6Q4vcB6YyGtxcGGcdT3NCTiUBNBYcI3EmI=", - version = "v3.8.0", - ) - go_repository( - name = "com_github_kevinburke_ssh_config", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/kevinburke/ssh_config", - sum = "h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=", - version = "v1.2.0", - ) - go_repository( - name = "com_github_kisielk_errcheck", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/kisielk/errcheck", - sum = "h1:e8esj/e4R+SAOwFwN+n3zr0nYeCyeweozKfO23MvHzY=", - version = "v1.5.0", - ) - go_repository( - name = "com_github_kisielk_gotool", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/kisielk/gotool", - sum = "h1:AV2c/EiW3KqPNT9ZKl07ehoAGi4C5/01Cfbblndcapg=", - version = "v1.0.0", - ) - go_repository( - name = "com_github_klauspost_compress", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/klauspost/compress", - sum = "h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4=", - version = "v1.17.4", - ) - go_repository( - name = "com_github_klauspost_cpuid_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/klauspost/cpuid/v2", - sum = "h1:g0I61F2K2DjRHz1cnxlkNSBIaePVoJIjjnHui8QHbiw=", - version = "v2.0.4", - ) - go_repository( - name = "com_github_klauspost_pgzip", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/klauspost/pgzip", - sum = "h1:8RXeL5crjEUFnR2/Sn6GJNWtSQ3Dk8pq4CL3jvdDyjU=", - version = "v1.2.6", - ) - go_repository( - name = "com_github_konsorten_go_windows_terminal_sequences", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/konsorten/go-windows-terminal-sequences", - sum = "h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk=", - version = "v1.0.1", - ) - go_repository( - name = "com_github_kr_fs", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/kr/fs", - sum = "h1:Jskdu9ieNAYnjxsi0LbQp1ulIKZV1LAFgK1tWhpZgl8=", - version = "v0.1.0", - ) - go_repository( - name = "com_github_kr_logfmt", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/kr/logfmt", - sum = "h1:T+h1c/A9Gawja4Y9mFVWj2vyii2bbUNDw3kt9VxK2EY=", - version = "v0.0.0-20140226030751-b84e30acd515", - ) - go_repository( - name = "com_github_kr_pretty", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/kr/pretty", - sum = "h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=", - version = "v0.3.1", - ) - go_repository( - name = "com_github_kr_pty", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/kr/pty", - sum = "h1:AkaSdXYQOWeaO3neb8EM634ahkXXe3jYbVh/F9lq+GI=", - version = "v1.1.8", - ) - go_repository( - name = "com_github_kr_text", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/kr/text", - sum = "h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=", - version = "v0.2.0", - ) - go_repository( - name = "com_github_kylelemons_godebug", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/kylelemons/godebug", - sum = "h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=", - version = "v1.1.0", - ) - go_repository( - name = "com_github_lann_builder", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/lann/builder", - sum = "h1:SOEGU9fKiNWd/HOJuq6+3iTQz8KNCLtVX6idSoTLdUw=", - version = "v0.0.0-20180802200727-47ae307949d0", - ) - go_repository( - name = "com_github_lann_ps", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/lann/ps", - sum = "h1:P6pPBnrTSX3DEVR4fDembhRWSsG5rVo6hYhAB/ADZrk=", - version = "v0.0.0-20150810152359-62de8c46ede0", - ) - go_repository( - name = "com_github_leodido_go_urn", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/leodido/go-urn", - sum = "h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=", - version = "v1.4.0", - ) - go_repository( - name = "com_github_lestrrat_go_backoff_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/lestrrat-go/backoff/v2", - sum = "h1:oNb5E5isby2kiro9AgdHLv5N5tint1AnDVVf2E2un5A=", - version = "v2.0.8", - ) - go_repository( - name = "com_github_lestrrat_go_blackmagic", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/lestrrat-go/blackmagic", - sum = "h1:XzdxDbuQTz0RZZEmdU7cnQxUtFUzgCSPq8RCz4BxIi4=", - version = "v1.0.0", - ) - go_repository( - name = "com_github_lestrrat_go_httpcc", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/lestrrat-go/httpcc", - sum = "h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE=", - version = "v1.0.1", - ) - go_repository( - name = "com_github_lestrrat_go_iter", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/lestrrat-go/iter", - sum = "h1:q8faalr2dY6o8bV45uwrxq12bRa1ezKrB6oM9FUgN4A=", - version = "v1.0.1", - ) - go_repository( - name = "com_github_lestrrat_go_jwx", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/lestrrat-go/jwx", - sum = "h1:tAx93jN2SdPvFn08fHNAhqFJazn5mBBOB8Zli0g0otA=", - version = "v1.2.25", - ) - go_repository( - name = "com_github_lestrrat_go_option", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/lestrrat-go/option", - sum = "h1:WqAWL8kh8VcSoD6xjSH34/1m8yxluXQbDeKNfvFeEO4=", - version = "v1.0.0", - ) - go_repository( - name = "com_github_letsencrypt_borp", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/letsencrypt/borp", - sum = "h1:xS2U6PQYRURk61YN4Y5xvyLbQVyAP/8fpE6hJZdwEWs=", - version = "v0.0.0-20230707160741-6cc6ce580243", - ) - go_repository( - name = "com_github_letsencrypt_boulder", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/letsencrypt/boulder", - sum = "h1:RLTpX495BXToqxpM90Ws4hXEo4Wfh81jr9DX1n/4WOo=", - version = "v0.0.0-20230907030200-6d76a0f91e1e", - ) - go_repository( - name = "com_github_letsencrypt_challtestsrv", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/letsencrypt/challtestsrv", - sum = "h1:Lzv4jM+wSgVMCeO5a/F/IzSanhClstFMnX6SfrAJXjI=", - version = "v1.2.1", - ) - go_repository( - name = "com_github_letsencrypt_pkcs11key_v4", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/letsencrypt/pkcs11key/v4", - sum = "h1:qLc/OznH7xMr5ARJgkZCCWk+EomQkiNTOoOF5LAgagc=", - version = "v4.0.0", - ) - go_repository( - name = "com_github_letsencrypt_validator_v10", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/letsencrypt/validator/v10", - sum = "h1:HGFsIltYMUiB5eoFSowFzSoXkocM2k9ctmJ57QMGjys=", - version = "v10.0.0-20230215210743-a0c7dfc17158", - ) - go_repository( - name = "com_github_lib_pq", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/lib/pq", - sum = "h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=", - version = "v1.10.9", - ) - go_repository( - name = "com_github_libopenstorage_openstorage", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/libopenstorage/openstorage", - sum = "h1:GLPam7/0mpdP8ZZtKjbfcXJBTIA/T1O6CBErVEFEyIM=", - version = "v1.0.0", - ) - go_repository( - name = "com_github_liggitt_tabwriter", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/liggitt/tabwriter", - sum = "h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=", - version = "v0.0.0-20181228230101-89fcab3d43de", - ) - go_repository( - name = "com_github_linuxkit_virtsock", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/linuxkit/virtsock", - sum = "h1:jUp75lepDg0phMUJBCmvaeFDldD2N3S1lBuPwUTszio=", - version = "v0.0.0-20201010232012-f8cee7dfc7a3", - ) - go_repository( - name = "com_github_lithammer_dedent", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/lithammer/dedent", - sum = "h1:VNzHMVCBNG1j0fh3OrsFRkVUwStdDArbgBWoPAffktY=", - version = "v1.1.0", - ) - go_repository( - name = "com_github_magiconair_properties", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/magiconair/properties", - sum = "h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=", - version = "v1.8.7", - ) - go_repository( - name = "com_github_mailru_easyjson", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/mailru/easyjson", - sum = "h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=", - version = "v0.7.7", - ) - go_repository( - name = "com_github_makenowjust_heredoc", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/MakeNowJust/heredoc", - sum = "h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ=", - version = "v1.0.0", - ) - go_repository( - name = "com_github_markbates_errx", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/markbates/errx", - sum = "h1:QDFeR+UP95dO12JgW+tgi2UVfo0V8YBHiUIOaeBPiEI=", - version = "v1.1.0", - ) - go_repository( - name = "com_github_markbates_oncer", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/markbates/oncer", - sum = "h1:E83IaVAHygyndzPimgUYJjbshhDTALZyXxvk9FOlQRY=", - version = "v1.0.0", - ) - go_repository( - name = "com_github_markbates_safe", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/markbates/safe", - sum = "h1:yjZkbvRM6IzKj9tlu/zMJLS0n/V351OZWRnF3QfaUxI=", - version = "v1.0.1", - ) - go_repository( - name = "com_github_martinjungblut_go_cryptsetup", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/martinjungblut/go-cryptsetup", - patches = [ - "//3rdparty/bazel/com_github_martinjungblut_go_cryptsetup:com_github_martinjungblut_go_cryptsetup.patch", # keep - ], - replace = "github.com/daniel-weisse/go-cryptsetup", - sum = "h1:ToajP6trZoiqlZ3Z4uoG1P02/wtqSw1AcowOXOYjATk=", - version = "v0.0.0-20230705150314-d8c07bd1723c", - ) - go_repository( - name = "com_github_masterminds_goutils", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/Masterminds/goutils", - sum = "h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=", - version = "v1.1.1", - ) - go_repository( - name = "com_github_masterminds_semver_v3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/Masterminds/semver/v3", - sum = "h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0=", - version = "v3.2.1", - ) - go_repository( - name = "com_github_masterminds_sprig_v3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/Masterminds/sprig/v3", - sum = "h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA=", - version = "v3.2.3", - ) - go_repository( - name = "com_github_masterminds_squirrel", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/Masterminds/squirrel", - sum = "h1:uUcX/aBc8O7Fg9kaISIUsHXdKuqehiXAMQTYX8afzqM=", - version = "v1.5.4", - ) - go_repository( - name = "com_github_masterminds_vcs", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/Masterminds/vcs", - sum = "h1:IIA2aBdXvfbIM+yl/eTnL4hb1XwdpvuQLglAix1gweE=", - version = "v1.13.3", - ) - go_repository( - name = "com_github_mattn_go_colorable", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/mattn/go-colorable", - sum = "h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=", - version = "v0.1.13", - ) - go_repository( - name = "com_github_mattn_go_isatty", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/mattn/go-isatty", - sum = "h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=", - version = "v0.0.20", - ) - go_repository( - name = "com_github_mattn_go_oci8", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/mattn/go-oci8", - sum = "h1:aEUDxNAyDG0tv8CA3TArnDQNyc4EhnWlsfxRgDHABHM=", - version = "v0.1.1", - ) - go_repository( - name = "com_github_mattn_go_runewidth", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/mattn/go-runewidth", - sum = "h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU=", - version = "v0.0.13", - ) - go_repository( - name = "com_github_mattn_go_shellwords", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/mattn/go-shellwords", - sum = "h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebGE2xrk=", - version = "v1.0.12", - ) - go_repository( - name = "com_github_mattn_go_sqlite3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/mattn/go-sqlite3", - sum = "h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=", - version = "v1.14.22", - ) - go_repository( - name = "com_github_matttproud_golang_protobuf_extensions", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/matttproud/golang_protobuf_extensions", - sum = "h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=", - version = "v1.0.4", - ) - go_repository( - name = "com_github_mdlayher_ethtool", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/mdlayher/ethtool", - sum = "h1:XAWHsmKhyPOo42qq/yTPb0eFBGUKKTR1rE0dVrWVQ0Y=", - version = "v0.1.0", - ) - go_repository( - name = "com_github_mdlayher_genetlink", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/mdlayher/genetlink", - sum = "h1:KdrNKe+CTu+IbZnm/GVUMXSqBBLqcGpRDa0xkQy56gw=", - version = "v1.3.2", - ) - go_repository( - name = "com_github_mdlayher_netlink", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/mdlayher/netlink", - sum = "h1:/UtM3ofJap7Vl4QWCPDGXY8d3GIY2UGSDbK+QWmY8/g=", - version = "v1.7.2", - ) - go_repository( - name = "com_github_mdlayher_packet", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/mdlayher/packet", - sum = "h1:3Up1NG6LZrsgDVn6X4L9Ge/iyRyxFEFD9o6Pr3Q1nQY=", - version = "v1.1.2", - ) - go_repository( - name = "com_github_mdlayher_socket", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/mdlayher/socket", - sum = "h1:VZaqt6RkGkt2OE9l3GcC6nZkqD3xKeQLyfleW/uBcos=", - version = "v0.5.1", - ) - go_repository( - name = "com_github_microsoft_go_winio", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/Microsoft/go-winio", - sum = "h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=", - version = "v0.6.1", - ) - go_repository( - name = "com_github_microsoft_hcsshim", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/Microsoft/hcsshim", - sum = "h1:68vKo2VN8DE9AdN4tnkWnmdhqdbpUFM8OF3Airm7fz8=", - version = "v0.11.4", - ) - go_repository( - name = "com_github_miekg_dns", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/miekg/dns", - sum = "h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo=", - version = "v1.1.55", - ) - go_repository( - name = "com_github_miekg_pkcs11", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/miekg/pkcs11", - sum = "h1:Ugu9pdy6vAYku5DEpVWVFPYnzV+bxB+iRdbuFSu7TvU=", - version = "v1.1.1", - ) - go_repository( - name = "com_github_minio_sha256_simd", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/minio/sha256-simd", - sum = "h1:v1ta+49hkWZyvaKwrQB8elexRqm6Y0aMLjCNsrYxo6g=", - version = "v1.0.0", - ) - go_repository( - name = "com_github_mistifyio_go_zfs", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/mistifyio/go-zfs", - sum = "h1:aKW/4cBs+yK6gpqU3K/oIwk9Q/XICqd3zOX/UFuvqmk=", - version = "v2.1.2-0.20190413222219-f784269be439+incompatible", - ) - go_repository( - name = "com_github_mistifyio_go_zfs_v3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/mistifyio/go-zfs/v3", - sum = "h1:YaoXgBePoMA12+S1u/ddkv+QqxcfiZK4prI6HPnkFiU=", - version = "v3.0.1", - ) - go_repository( - name = "com_github_mitchellh_cli", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/mitchellh/cli", - sum = "h1:OxRIeJXpAMztws/XHlN2vu6imG5Dpq+j61AzAX5fLng=", - version = "v1.1.5", - ) - go_repository( - name = "com_github_mitchellh_colorstring", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/mitchellh/colorstring", - sum = "h1:62I3jR2EmQ4l5rM/4FEfDWcRD+abF5XlKShorW5LRoQ=", - version = "v0.0.0-20190213212951-d06e56a500db", - ) - go_repository( - name = "com_github_mitchellh_copystructure", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/mitchellh/copystructure", - sum = "h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=", - version = "v1.2.0", - ) - go_repository( - name = "com_github_mitchellh_go_homedir", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/mitchellh/go-homedir", - sum = "h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=", - version = "v1.1.0", - ) - go_repository( - name = "com_github_mitchellh_go_testing_interface", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/mitchellh/go-testing-interface", - sum = "h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU=", - version = "v1.14.1", - ) - go_repository( - name = "com_github_mitchellh_go_wordwrap", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/mitchellh/go-wordwrap", - sum = "h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0=", - version = "v1.0.1", - ) - go_repository( - name = "com_github_mitchellh_mapstructure", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/mitchellh/mapstructure", - sum = "h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=", - version = "v1.5.0", - ) - go_repository( - name = "com_github_mitchellh_reflectwalk", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/mitchellh/reflectwalk", - sum = "h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=", - version = "v1.0.2", - ) - go_repository( - name = "com_github_moby_docker_image_spec", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/moby/docker-image-spec", - sum = "h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=", - version = "v1.3.1", - ) - go_repository( - name = "com_github_moby_ipvs", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/moby/ipvs", - sum = "h1:ONN4pGaZQgAx+1Scz5RvWV4Q7Gb+mvfRh3NsPS+1XQQ=", - version = "v1.1.0", - ) - go_repository( - name = "com_github_moby_locker", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/moby/locker", - sum = "h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=", - version = "v1.0.1", - ) - go_repository( - name = "com_github_moby_spdystream", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/moby/spdystream", - sum = "h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8=", - version = "v0.2.0", - ) - go_repository( - name = "com_github_moby_sys_mountinfo", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/moby/sys/mountinfo", - sum = "h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78=", - version = "v0.6.2", - ) - go_repository( - name = "com_github_moby_sys_sequential", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/moby/sys/sequential", - sum = "h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5lXtc=", - version = "v0.5.0", - ) - go_repository( - name = "com_github_moby_sys_signal", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/moby/sys/signal", - sum = "h1:25RW3d5TnQEoKvRbEKUGay6DCQ46IxAVTT9CUMgmsSI=", - version = "v0.7.0", - ) - go_repository( - name = "com_github_moby_sys_symlink", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/moby/sys/symlink", - sum = "h1:tk1rOM+Ljp0nFmfOIBtlV3rTDlWOwFRhjEeAhZB0nZc=", - version = "v0.2.0", - ) - go_repository( - name = "com_github_moby_sys_user", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/moby/sys/user", - sum = "h1:WmZ93f5Ux6het5iituh9x2zAG7NFY9Aqi49jjE1PaQg=", - version = "v0.1.0", - ) - go_repository( - name = "com_github_moby_term", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/moby/term", - sum = "h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0=", - version = "v0.5.0", - ) - go_repository( - name = "com_github_modern_go_concurrent", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/modern-go/concurrent", - sum = "h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=", - version = "v0.0.0-20180306012644-bacd9c7ef1dd", - ) - go_repository( - name = "com_github_modern_go_reflect2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/modern-go/reflect2", - sum = "h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=", - version = "v1.0.2", - ) - go_repository( - name = "com_github_modocache_gover", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/modocache/gover", - sum = "h1:8Q0qkMVC/MmWkpIdlvZgcv2o2jrlF6zqVOh7W5YHdMA=", - version = "v0.0.0-20171022184752-b58185e213c5", - ) - go_repository( - name = "com_github_mohae_deepcopy", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/mohae/deepcopy", - sum = "h1:e+l77LJOEqXTIQihQJVkA6ZxPOUmfPM5e4H7rcpgtSk=", - version = "v0.0.0-20170603005431-491d3605edfb", - ) - go_repository( - name = "com_github_monochromegane_go_gitignore", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/monochromegane/go-gitignore", - sum = "h1:n6/2gBQ3RWajuToeY6ZtZTIKv2v7ThUy5KKusIT0yc0=", - version = "v0.0.0-20200626010858-205db1a8cc00", - ) - go_repository( - name = "com_github_montanaflynn_stats", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/montanaflynn/stats", - sum = "h1:r3y12KyNxj/Sb/iOE46ws+3mS1+MZca1wlHQFPsY/JU=", - version = "v0.7.0", - ) - go_repository( - name = "com_github_morikuni_aec", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/morikuni/aec", - sum = "h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=", - version = "v1.0.0", - ) - go_repository( - name = "com_github_mr_tron_base58", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/mr-tron/base58", - sum = "h1:T/HDJBh4ZCPbU39/+c3rRvE0uKBQlU27+QI8LJ4t64o=", - version = "v1.2.0", - ) - go_repository( - name = "com_github_mrunalp_fileutils", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/mrunalp/fileutils", - sum = "h1:F+S7ZlNKnrwHfSwdlgNSkKo67ReVf8o9fel6C3dkm/Q=", - version = "v0.5.1", - ) - go_repository( - name = "com_github_munnerz_goautoneg", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/munnerz/goautoneg", - sum = "h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=", - version = "v0.0.0-20191010083416-a7dc8b61c822", - ) - go_repository( - name = "com_github_mwitkow_go_conntrack", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/mwitkow/go-conntrack", - sum = "h1:KUppIJq7/+SVif2QVs3tOP0zanoHgBEVAwHxUSIzRqU=", - version = "v0.0.0-20190716064945-2f068394615f", - ) - go_repository( - name = "com_github_mxk_go_flowrate", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/mxk/go-flowrate", - sum = "h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus=", - version = "v0.0.0-20140419014527-cca7078d478f", - ) - go_repository( - name = "com_github_nelsam_hel_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/nelsam/hel/v2", - sum = "h1:Z3TAKd9JS3BoKi6fW+d1bKD2Mf0FzTqDUEAwLWzYPRQ=", - version = "v2.3.3", - ) - go_repository( - name = "com_github_netflix_go_expect", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/Netflix/go-expect", - sum = "h1:+vx7roKuyA63nhn5WAunQHLTznkw5W8b1Xc0dNjp83s=", - version = "v0.0.0-20220104043353-73e0943537d2", - ) - go_repository( - name = "com_github_niemeyer_pretty", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/niemeyer/pretty", - sum = "h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=", - version = "v0.0.0-20200227124842-a10e7caefd8e", - ) - go_repository( - name = "com_github_nytimes_gziphandler", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/NYTimes/gziphandler", - sum = "h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=", - version = "v1.1.1", - ) - go_repository( - name = "com_github_oklog_run", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/oklog/run", - sum = "h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw=", - version = "v1.0.0", - ) - go_repository( - name = "com_github_oklog_ulid", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/oklog/ulid", - sum = "h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4=", - version = "v1.3.1", - ) - go_repository( - name = "com_github_olareg_olareg", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/olareg/olareg", - sum = "h1:1I7mTStFqh+DqPG9rRjEhEallPi2MQg2uACGImFGS1Q=", - version = "v0.0.0-20240323210534-20ec9e4f6dd4", - ) - go_repository( - name = "com_github_olekukonko_tablewriter", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/olekukonko/tablewriter", - sum = "h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=", - version = "v0.0.5", - ) - go_repository( - name = "com_github_oneofone_xxhash", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/OneOfOne/xxhash", - sum = "h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8=", - version = "v1.2.8", - ) - go_repository( - name = "com_github_onsi_ginkgo_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/onsi/ginkgo/v2", - sum = "h1:oJcvKpIb7/8uLpDDtnQuf18xVnwKp8DTD7DQ6gTd/MU=", - version = "v2.17.3", - ) - go_repository( - name = "com_github_onsi_gomega", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/onsi/gomega", - sum = "h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk=", - version = "v1.33.1", - ) - go_repository( - name = "com_github_open_policy_agent_opa", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/open-policy-agent/opa", - sum = "h1:qocVAKyjrqMjCqsU02S/gHyLr4AQQ9xMtuV1kKnnyhM=", - version = "v0.42.2", - ) - go_repository( - name = "com_github_opencontainers_go_digest", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/opencontainers/go-digest", - sum = "h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=", - version = "v1.0.0", - ) - go_repository( - name = "com_github_opencontainers_image_spec", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/opencontainers/image-spec", - sum = "h1:XDqvyKsJEbRtATzkgItUqBA7QHk58yxX1Ov9HERHNqU=", - version = "v1.1.0-rc6", - ) - go_repository( - name = "com_github_opencontainers_runc", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/opencontainers/runc", - sum = "h1:BOIssBaW1La0/qbNZHXOOa71dZfZEQOzW7dqQf3phss=", - version = "v1.1.12", - ) - go_repository( - name = "com_github_opencontainers_runtime_spec", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/opencontainers/runtime-spec", - sum = "h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk=", - version = "v1.2.0", - ) - go_repository( - name = "com_github_opencontainers_runtime_tools", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/opencontainers/runtime-tools", - sum = "h1:DmNGcqH3WDbV5k8OJ+esPWbqUOX5rMLR2PMvziDMJi0=", - version = "v0.9.1-0.20221107090550-2e043c6bd626", - ) - go_repository( - name = "com_github_opencontainers_selinux", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/opencontainers/selinux", - sum = "h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU=", - version = "v1.11.0", - ) - go_repository( - name = "com_github_opentracing_opentracing_go", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/opentracing/opentracing-go", - sum = "h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=", - version = "v1.2.0", - ) - go_repository( - name = "com_github_otiai10_copy", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/otiai10/copy", - sum = "h1:IinKAryFFuPONZ7cm6T6E2QX/vcJwSnlaA5lfoaXIiQ=", - version = "v1.6.0", - ) - go_repository( - name = "com_github_otiai10_curr", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/otiai10/curr", - sum = "h1:TJIWdbX0B+kpNagQrjgq8bCMrbhiuX73M2XwgtDMoOI=", - version = "v1.0.0", - ) - go_repository( - name = "com_github_otiai10_mint", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/otiai10/mint", - sum = "h1:VYWnrP5fXmz1MXvjuUvcBrXSjGE6xjON+axB/UrpO3E=", - version = "v1.3.2", - ) - go_repository( - name = "com_github_pborman_uuid", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/pborman/uuid", - sum = "h1:+ZZIw58t/ozdjRaXh/3awHfmWRbzYxJoAdNJxe/3pvw=", - version = "v1.2.1", - ) - go_repository( - name = "com_github_pelletier_go_buffruneio", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/pelletier/go-buffruneio", - sum = "h1:U4t4R6YkofJ5xHm3dJzuRpPZ0mr5MMCoAWooScCR7aA=", - version = "v0.2.0", - ) - go_repository( - name = "com_github_pelletier_go_toml", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/pelletier/go-toml", - sum = "h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=", - version = "v1.9.5", - ) - go_repository( - name = "com_github_pelletier_go_toml_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/pelletier/go-toml/v2", - sum = "h1:FnwAJ4oYMvbT/34k9zzHuZNrhlz48GB3/s6at6/MHO4=", - version = "v2.1.0", - ) - go_repository( - name = "com_github_peterbourgon_diskv", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/peterbourgon/diskv", - sum = "h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=", - version = "v2.0.1+incompatible", - ) - go_repository( - name = "com_github_phayes_freeport", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/phayes/freeport", - sum = "h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI=", - version = "v0.0.0-20220201140144-74d24b5ae9f5", - ) - go_repository( - name = "com_github_philhofer_fwd", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/philhofer/fwd", - sum = "h1:GdGcTjf5RNAxwS4QLsiMzJYj5KEvPJD3Abr261yRQXQ=", - version = "v1.1.1", - ) - go_repository( - name = "com_github_pierrec_lz4_v4", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/pierrec/lz4/v4", - sum = "h1:+fL8AQEZtz/ijeNnpduH0bROTu0O3NZAlPjQxGn8LwE=", - version = "v4.1.14", - ) - go_repository( - name = "com_github_pjbgf_sha1cd", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/pjbgf/sha1cd", - sum = "h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4=", - version = "v0.3.0", - ) - go_repository( - name = "com_github_pkg_browser", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/pkg/browser", - sum = "h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ=", - version = "v0.0.0-20240102092130-5ac0b6a4141c", - ) - go_repository( - name = "com_github_pkg_diff", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/pkg/diff", - sum = "h1:aoZm08cpOy4WuID//EZDgcC4zIxODThtZNPirFr42+A=", - version = "v0.0.0-20210226163009-20ebb0f2a09e", - ) - go_repository( - name = "com_github_pkg_errors", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/pkg/errors", - sum = "h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=", - version = "v0.9.1", - ) - go_repository( - name = "com_github_pkg_sftp", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/pkg/sftp", - sum = "h1:JFZT4XbOU7l77xGSpOdW+pwIMqP044IyjXX6FGyEKFo=", - version = "v1.13.6", - ) - go_repository( - name = "com_github_planetscale_vtprotobuf", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/planetscale/vtprotobuf", - sum = "h1:nBeETjudeJ5ZgBHUz1fVHvbqUKnYOXNhsIEabROxmNA=", - version = "v0.6.0", - ) - go_repository( - name = "com_github_pmezard_go_difflib", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/pmezard/go-difflib", - sum = "h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=", - version = "v1.0.0", - ) - go_repository( - name = "com_github_posener_complete", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/posener/complete", - sum = "h1:NP0eAhjcjImqslEwo/1hq7gpajME0fTLTezBKDqfXqo=", - version = "v1.2.3", - ) - go_repository( - name = "com_github_poy_onpar", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/poy/onpar", - sum = "h1:QaNrNiZx0+Nar5dLgTVp5mXkyoVFIbepjyEoGSnhbAY=", - version = "v1.1.2", - ) - go_repository( - name = "com_github_pquerna_cachecontrol", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/pquerna/cachecontrol", - sum = "h1:yJMy84ti9h/+OEWa752kBTKv4XC30OtVVHYv/8cTqKc=", - version = "v0.1.0", - ) - go_repository( - name = "com_github_prometheus_client_golang", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/prometheus/client_golang", - sum = "h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU=", - version = "v1.19.0", - ) - go_repository( - name = "com_github_prometheus_client_model", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/prometheus/client_model", - sum = "h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw=", - version = "v0.5.0", - ) - go_repository( - name = "com_github_prometheus_common", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/prometheus/common", - sum = "h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE=", - version = "v0.48.0", - ) - go_repository( - name = "com_github_prometheus_procfs", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/prometheus/procfs", - sum = "h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=", - version = "v0.12.0", - ) - go_repository( - name = "com_github_prometheus_prometheus", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/prometheus/prometheus", - sum = "h1:jWcnuQHz1o1Wu3MZ6nMJDuTI0kU5yJp9pkxh8XEkNvI=", - version = "v0.47.2", - ) - go_repository( - name = "com_github_protonmail_go_crypto", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/ProtonMail/go-crypto", - sum = "h1:bkyFVUP+ROOARdgCiJzNQo2V2kiB97LyUpzH9P6Hrlg=", - version = "v1.1.0-alpha.2", - ) - go_repository( - name = "com_github_protonmail_go_mime", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/ProtonMail/go-mime", - sum = "h1:tCbYj7/299ekTTXpdwKYF8eBlsYsDVoggDAuAjoK66k=", - version = "v0.0.0-20230322103455-7d82a3887f2f", - ) - go_repository( - name = "com_github_protonmail_gopenpgp_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/ProtonMail/gopenpgp/v2", - sum = "h1:STOY3vgES59gNgoOt2w0nyHBjKViB/qSg7NjbQWPJkA=", - version = "v2.7.5", - ) - go_repository( - name = "com_github_rcrowley_go_metrics", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/rcrowley/go-metrics", - sum = "h1:MkV+77GLUNo5oJ0jf870itWm3D0Sjh7+Za9gazKc5LQ=", - version = "v0.0.0-20200313005456-10cdbea86bc0", - ) - go_repository( - name = "com_github_redis_go_redis_v9", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/redis/go-redis/v9", - sum = "h1:H1X4D3yHPaYrkL5X06Wh6xNVM/pX0Ft4RV0vMGvLBh8=", - version = "v9.5.1", - ) - go_repository( - name = "com_github_regclient_regclient", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/regclient/regclient", - sum = "h1:P+8L9fdOTCo6S6O0/vE/C47csVY5UW5CMEzVwENVbWA=", - version = "v0.6.0", - ) - go_repository( - name = "com_github_rivo_uniseg", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/rivo/uniseg", - sum = "h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=", - version = "v0.4.7", - ) - go_repository( - name = "com_github_robfig_cron_v3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/robfig/cron/v3", - sum = "h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs=", - version = "v3.0.1", - ) - go_repository( - name = "com_github_rogpeppe_fastuuid", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/rogpeppe/fastuuid", - sum = "h1:Ppwyp6VYCF1nvBTXL3trRso7mXMlRrw9ooo375wvi2s=", - version = "v1.2.0", - ) - go_repository( - name = "com_github_rogpeppe_go_internal", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/rogpeppe/go-internal", - sum = "h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=", - version = "v1.12.0", - ) - go_repository( - name = "com_github_rs_cors", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/rs/cors", - sum = "h1:L0uuZVXIKlI1SShY2nhFfo44TYvDPQ1w4oFkUJNfhyo=", - version = "v1.10.1", - ) - go_repository( - name = "com_github_rs_xid", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/rs/xid", - sum = "h1:mKX4bl4iPYJtEIxp6CYiUuLQ/8DYMoz0PUdtGgMFRVc=", - version = "v1.5.0", - ) - go_repository( - name = "com_github_rs_zerolog", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/rs/zerolog", - sum = "h1:FcTR3NnLWW+NnTwwhFWiJSZr4ECLpqCm6QsEnyvbV4A=", - version = "v1.31.0", - ) - go_repository( - name = "com_github_rubenv_sql_migrate", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/rubenv/sql-migrate", - sum = "h1:bMDqOnrJVV/6JQgQ/MxOpU+AdO8uzYYA/TxFUBzFtS0=", - version = "v1.5.2", - ) - go_repository( - name = "com_github_russross_blackfriday", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/russross/blackfriday", - sum = "h1:KqfZb0pUVN2lYqZUYRddxF4OR8ZMURnJIG5Y3VRLtww=", - version = "v1.6.0", - ) - go_repository( - name = "com_github_russross_blackfriday_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/russross/blackfriday/v2", - sum = "h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=", - version = "v2.1.0", - ) - go_repository( - name = "com_github_ryanuber_go_glob", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/ryanuber/go-glob", - sum = "h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk=", - version = "v1.0.0", - ) - go_repository( - name = "com_github_sagikazarmark_locafero", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/sagikazarmark/locafero", - sum = "h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ=", - version = "v0.4.0", - ) - go_repository( - name = "com_github_sagikazarmark_slog_shim", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/sagikazarmark/slog-shim", - sum = "h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=", - version = "v0.1.0", - ) - go_repository( - name = "com_github_samber_lo", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/samber/lo", - sum = "h1:j2XEAqXKb09Am4ebOg31SpvzUTTs6EN3VfgeLUhPdXM=", - version = "v1.38.1", - ) - go_repository( - name = "com_github_samber_slog_multi", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/samber/slog-multi", - sum = "h1:6BVH9uHGAsiGkbbtQgAOQJMpKgV8unMrHhhJaw+X1EQ=", - version = "v1.0.2", - ) - go_repository( - name = "com_github_santhosh_tekuri_jsonschema_v5", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/santhosh-tekuri/jsonschema/v5", - sum = "h1:lZUw3E0/J3roVtGQ+SCrUrg3ON6NgVqpn3+iol9aGu4=", - version = "v5.3.1", - ) - go_repository( - name = "com_github_sassoftware_relic", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/sassoftware/relic", - sum = "h1:Pwyh1F3I0r4clFJXkSI8bOyJINGqpgjJU3DYAZeI05A=", - version = "v7.2.1+incompatible", - ) - go_repository( - name = "com_github_sassoftware_relic_v7", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/sassoftware/relic/v7", - sum = "h1:rS44Lbv9G9eXsukknS4mSjIAuuX+lMq/FnStgmZlUv4=", - version = "v7.6.2", - ) - go_repository( - name = "com_github_schollz_progressbar_v3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/schollz/progressbar/v3", - sum = "h1:EducH6uNLIWsr560zSV1KrTeUb/wZGAHqyMFIEa99ks=", - version = "v3.14.2", - ) - go_repository( - name = "com_github_sebdah_goldie", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/sebdah/goldie", - sum = "h1:9GNhIat69MSlz/ndaBg48vl9dF5fI+NBB6kfOxgfkMc=", - version = "v1.0.0", - ) - go_repository( - name = "com_github_seccomp_libseccomp_golang", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/seccomp/libseccomp-golang", - sum = "h1:aA4bp+/Zzi0BnWZ2F1wgNBs5gTpm+na2rWM6M9YjLpY=", - version = "v0.10.0", - ) - go_repository( - name = "com_github_secure_systems_lab_go_securesystemslib", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/secure-systems-lab/go-securesystemslib", - sum = "h1:mr5An6X45Kb2nddcFlbmfHkLguCE9laoZCUzEEpIZXA=", - version = "v0.8.0", - ) - go_repository( - name = "com_github_segmentio_ksuid", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/segmentio/ksuid", - sum = "h1:sBo2BdShXjmcugAMwjugoGUdUV0pcxY5mW4xKRn3v4c=", - version = "v1.0.4", - ) - go_repository( - name = "com_github_sergi_go_diff", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/sergi/go-diff", - sum = "h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8=", - version = "v1.3.2-0.20230802210424-5b0b94c5c0d3", - ) - go_repository( - name = "com_github_shibumi_go_pathspec", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/shibumi/go-pathspec", - sum = "h1:QUyMZhFo0Md5B8zV8x2tesohbb5kfbpTi9rBnKh5dkI=", - version = "v1.3.0", - ) - go_repository( - name = "com_github_shopify_logrus_bugsnag", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/Shopify/logrus-bugsnag", - sum = "h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=", - version = "v0.0.0-20171204204709-577dee27f20d", - ) - go_repository( - name = "com_github_shopspring_decimal", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/shopspring/decimal", - sum = "h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=", - version = "v1.3.1", - ) - go_repository( - name = "com_github_siderolabs_crypto", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/siderolabs/crypto", - sum = "h1:Q6EDBMR2Ub2oAZW5Xl8lrKB27bM3Sn8Gkfw3rngco5U=", - version = "v0.4.4", - ) - go_repository( - name = "com_github_siderolabs_gen", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/siderolabs/gen", - sum = "h1:VNpbmDLhkXp7qcSEkKk1Ee7vU2afs3xvHrWLGR2UuiY=", - version = "v0.4.8", - ) - go_repository( - name = "com_github_siderolabs_go_api_signature", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/siderolabs/go-api-signature", - sum = "h1:blqrZF1GM7TWgq7mY7CsR+yQ93u6az0Kf0mfsw+hvf0=", - version = "v0.3.2", - ) - go_repository( - name = "com_github_siderolabs_go_blockdevice", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/siderolabs/go-blockdevice", - sum = "h1:2bk4WpEEflGxjrNwp57ye24Pr+cYgAiAeNMWiQOuWbQ=", - version = "v0.4.7", - ) - go_repository( - name = "com_github_siderolabs_go_pointer", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/siderolabs/go-pointer", - sum = "h1:6TshPKep2doDQJAAtHUuHWXbca8ZfyRySjSBT/4GsMU=", - version = "v1.0.0", - ) - go_repository( - name = "com_github_siderolabs_net", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/siderolabs/net", - sum = "h1:1bOgVay/ijPkJz4qct98nHsiB/ysLQU0KLoBC4qLm7I=", - version = "v0.4.0", - ) - go_repository( - name = "com_github_siderolabs_protoenc", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/siderolabs/protoenc", - sum = "h1:BqxEmeWQeMpNP3R6WrPqDatX8sM/r4t97OP8mFmg6GA=", - version = "v0.2.1", - ) - go_repository( - name = "com_github_siderolabs_talos_pkg_machinery", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/siderolabs/talos/pkg/machinery", - sum = "h1:sVFQ0lNE6+kOomSZA8iuktzG1A4zSW9KTsB2TLaTPsU=", - version = "v1.7.1", - ) - go_repository( - name = "com_github_sigstore_protobuf_specs", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/sigstore/protobuf-specs", - sum = "h1:E49qS++llp4psM+3NNVEb+C4AD422bT9VkOQIPrNLpA=", - version = "v0.3.0", - ) - go_repository( - name = "com_github_sigstore_rekor", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/sigstore/rekor", - sum = "h1:QvpMMJVWAp69a3CHzdrLelqEqpTM3ByQRt5B5Kspbi8=", - version = "v1.3.6", - ) - go_repository( - name = "com_github_sigstore_sigstore", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/sigstore/sigstore", - sum = "h1:G7LVXqL+ekgYtYdksBks9B38dPoIsbscjQJX/MGWkA4=", - version = "v1.8.3", - ) - go_repository( - name = "com_github_sigstore_sigstore_pkg_signature_kms_aws", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/sigstore/sigstore/pkg/signature/kms/aws", - sum = "h1:LTfPadUAo+PDRUbbdqbeSl2OuoFQwUFTnJ4stu+nwWw=", - version = "v1.8.3", - ) - go_repository( - name = "com_github_sigstore_sigstore_pkg_signature_kms_azure", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/sigstore/sigstore/pkg/signature/kms/azure", - sum = "h1:xgbPRCr2npmmsuVVteJqi/ERw9+I13Wou7kq0Yk4D8g=", - version = "v1.8.3", - ) - go_repository( - name = "com_github_sigstore_sigstore_pkg_signature_kms_gcp", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/sigstore/sigstore/pkg/signature/kms/gcp", - sum = "h1:vDl2fqPT0h3D/k6NZPlqnKFd1tz3335wm39qjvpZNJc=", - version = "v1.8.3", - ) - go_repository( - name = "com_github_sigstore_sigstore_pkg_signature_kms_hashivault", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/sigstore/sigstore/pkg/signature/kms/hashivault", - sum = "h1:h9G8j+Ds21zqqulDbA/R/ft64oQQIyp8S7wJYABYSlg=", - version = "v1.8.3", - ) - go_repository( - name = "com_github_sirupsen_logrus", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/sirupsen/logrus", - sum = "h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=", - version = "v1.9.3", - ) - go_repository( - name = "com_github_skeema_knownhosts", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/skeema/knownhosts", - sum = "h1:Iug2P4fLmDw9f41PB6thxUkNUkJzB5i+1/exaj40L3A=", - version = "v1.2.2", - ) - go_repository( - name = "com_github_skratchdot_open_golang", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/skratchdot/open-golang", - sum = "h1:JIAuq3EEf9cgbU6AtGPK4CTG3Zf6CKMNqf0MHTggAUA=", - version = "v0.0.0-20200116055534-eef842397966", - ) - go_repository( - name = "com_github_soheilhy_cmux", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/soheilhy/cmux", - sum = "h1:jjzc5WVemNEDTLwv9tlmemhC73tI08BNOIGwBOo10Js=", - version = "v0.1.5", - ) - go_repository( - name = "com_github_sourcegraph_conc", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/sourcegraph/conc", - sum = "h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=", - version = "v0.3.0", - ) - go_repository( - name = "com_github_spaolacci_murmur3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/spaolacci/murmur3", - sum = "h1:qLC7fQah7D6K1B0ujays3HV9gkFtllcxhzImRR7ArPQ=", - version = "v0.0.0-20180118202830-f09979ecbc72", - ) - go_repository( - name = "com_github_spf13_afero", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/spf13/afero", - sum = "h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=", - version = "v1.11.0", - ) - go_repository( - name = "com_github_spf13_cast", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/spf13/cast", - sum = "h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0=", - version = "v1.6.0", - ) - go_repository( - name = "com_github_spf13_cobra", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/spf13/cobra", - sum = "h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0=", - version = "v1.8.0", - ) - go_repository( - name = "com_github_spf13_pflag", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/spf13/pflag", - sum = "h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=", - version = "v1.0.5", - ) - go_repository( - name = "com_github_spf13_viper", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/spf13/viper", - sum = "h1:LUXCnvUvSM6FXAsj6nnfc8Q2tp1dIgUfY9Kc8GsSOiQ=", - version = "v1.18.2", - ) - go_repository( - name = "com_github_src_d_gcfg", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/src-d/gcfg", - sum = "h1:xXbNR5AlLSA315x2UO+fTSSAXCDf+Ar38/6oyGbDKQ4=", - version = "v1.4.0", - ) - go_repository( - name = "com_github_stefanberger_go_pkcs11uri", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/stefanberger/go-pkcs11uri", - sum = "h1:lIOOHPEbXzO3vnmx2gok1Tfs31Q8GQqKLc8vVqyQq/I=", - version = "v0.0.0-20201008174630-78d3cae3a980", - ) - go_repository( - name = "com_github_stoewer_go_strcase", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/stoewer/go-strcase", - sum = "h1:g0eASXYtp+yvN9fK8sH94oCIk0fau9uV1/ZdJ0AVEzs=", - version = "v1.3.0", - ) - go_repository( - name = "com_github_stretchr_objx", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/stretchr/objx", - sum = "h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=", - version = "v0.5.2", - ) - go_repository( - name = "com_github_stretchr_testify", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/stretchr/testify", - sum = "h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=", - version = "v1.9.0", - ) - go_repository( - name = "com_github_subosito_gotenv", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/subosito/gotenv", - sum = "h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=", - version = "v1.6.0", - ) - go_repository( - name = "com_github_syndtr_gocapability", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/syndtr/gocapability", - sum = "h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI=", - version = "v0.0.0-20200815063812-42c35b437635", - ) - go_repository( - name = "com_github_syndtr_goleveldb", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/syndtr/goleveldb", - sum = "h1:vfofYNRScrDdvS342BElfbETmL1Aiz3i2t0zfRj16Hs=", - version = "v1.0.1-0.20220721030215-126854af5e6d", - ) - go_repository( - name = "com_github_tchap_go_patricia_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/tchap/go-patricia/v2", - sum = "h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BGhTkes=", - version = "v2.3.1", - ) - go_repository( - name = "com_github_theupdateframework_go_tuf", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/theupdateframework/go-tuf", - sum = "h1:CqbQFrWo1ae3/I0UCblSbczevCCbS31Qvs5LdxRWqRI=", - version = "v0.7.0", - ) - go_repository( - name = "com_github_tink_crypto_tink_go_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/tink-crypto/tink-go/v2", - sum = "h1:QXFBguwMwTIaU17EgZpEJWsUSc60b1BAGTzBIoMdmok=", - version = "v2.1.0", - ) - go_repository( - name = "com_github_tinylib_msgp", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/tinylib/msgp", - sum = "h1:2gXmtWueD2HefZHQe1QOy9HVzmFrLOVvsXwXBQ0ayy0=", - version = "v1.1.5", - ) - go_repository( - name = "com_github_titanous_rocacheck", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/titanous/rocacheck", - sum = "h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0=", - version = "v0.0.0-20171023193734-afe73141d399", - ) - go_repository( - name = "com_github_tmc_grpc_websocket_proxy", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/tmc/grpc-websocket-proxy", - sum = "h1:6fotK7otjonDflCTK0BCfls4SPy3NcCVb5dqqmbRknE=", - version = "v0.0.0-20220101234140-673ab2c3ae75", - ) - go_repository( - name = "com_github_tomasen_realip", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/tomasen/realip", - sum = "h1:fb190+cK2Xz/dvi9Hv8eCYJYvIGUTN2/KLq1pT6CjEc=", - version = "v0.0.0-20180522021738-f0c99a92ddce", - ) - go_repository( - name = "com_github_transparency_dev_merkle", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/transparency-dev/merkle", - sum = "h1:Q9nBoQcZcgPamMkGn7ghV8XiTZ/kRxn1yCG81+twTK4=", - version = "v0.0.2", - ) - go_repository( - name = "com_github_ttacon_chalk", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/ttacon/chalk", - sum = "h1:OXcKh35JaYsGMRzpvFkLv/MEyPuL49CThT1pZ8aSml4=", - version = "v0.0.0-20160626202418-22c06c80ed31", - ) - go_repository( - name = "com_github_u_root_gobusybox_src", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/u-root/gobusybox/src", - sum = "h1:AQX6C886dZqnOrXtbP0U59melqbb1+YnCfRYRfr4M3M=", - version = "v0.0.0-20231224233253-2944a440b6b6", - ) - go_repository( - name = "com_github_u_root_u_root", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/u-root/u-root", - sum = "h1:1AIJqOtdEufYfGb3eRpdaqWONzBOpAwrg1fehbWg+Mg=", - version = "v0.11.1-0.20230807200058-f87ad7ccb594", - ) - go_repository( - name = "com_github_u_root_uio", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/u-root/uio", - sum = "h1:YcojQL98T/OO+rybuzn2+5KrD5dBwXIvYBvQ2cD3Avg=", - version = "v0.0.0-20230305220412-3e8cd9d6bf63", - ) - go_repository( - name = "com_github_ulikunitz_xz", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/ulikunitz/xz", - sum = "h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8=", - version = "v0.5.11", - ) - go_repository( - name = "com_github_urfave_cli", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/urfave/cli", - sum = "h1:ebbhrRiGK2i4naQJr+1Xj92HXZCrK7MsyTS/ob3HnAk=", - version = "v1.22.14", - ) - go_repository( - name = "com_github_vbatts_tar_split", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/vbatts/tar-split", - sum = "h1:hLFqsOLQ1SsppQNTMpkpPXClLDfC2A3Zgy9OUU+RVck=", - version = "v0.11.3", - ) - go_repository( - name = "com_github_vektah_gqlparser_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/vektah/gqlparser/v2", - sum = "h1:C02NsyEsL4TXJB7ndonqTfuQOL4XPIu0aAWugdmTgmc=", - version = "v2.4.5", - ) - go_repository( - name = "com_github_veraison_go_cose", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/veraison/go-cose", - sum = "h1:Gj4x20D0YP79J2+cK3anjGEMwIkg2xX+TKVVGUXwNAc=", - version = "v1.2.1", - ) - go_repository( - name = "com_github_vincent_petithory_dataurl", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/vincent-petithory/dataurl", - sum = "h1:cXw+kPto8NLuJtlMsI152irrVw9fRDX8AbShPRpg2CI=", - version = "v1.0.0", - ) - go_repository( - name = "com_github_vishvananda_netlink", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/vishvananda/netlink", - sum = "h1:Llsql0lnQEbHj0I1OuKyp8otXp0r3q0mPkuhwHfStVs=", - version = "v1.2.1-beta.2", - ) - go_repository( - name = "com_github_vishvananda_netns", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/vishvananda/netns", - sum = "h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8=", - version = "v0.0.4", - ) - go_repository( - name = "com_github_vmihailenco_msgpack", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/vmihailenco/msgpack", - sum = "h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI=", - version = "v4.0.4+incompatible", - ) - go_repository( - name = "com_github_vmihailenco_msgpack_v5", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/vmihailenco/msgpack/v5", - sum = "h1:cQriyiUvjTwOHg8QZaPihLWeRAAVoCpE00IUPn0Bjt8=", - version = "v5.4.1", - ) - go_repository( - name = "com_github_vmihailenco_tagparser_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/vmihailenco/tagparser/v2", - sum = "h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g=", - version = "v2.0.0", - ) - go_repository( - name = "com_github_vtolstov_go_ioctl", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/vtolstov/go-ioctl", - sum = "h1:X6ps8XHfpQjw8dUStzlMi2ybiKQ2Fmdw7UM+TinwvyM=", - version = "v0.0.0-20151206205506-6be9cced4810", - ) - go_repository( - name = "com_github_weppos_publicsuffix_go", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/weppos/publicsuffix-go", - sum = "h1:kNn7cjQYeNjKUflvFFCxFeyS7ENcDdfPmkhFpgd0G/A=", - version = "v0.30.1-0.20230620154423-38c92ad2d5c6", - ) - go_repository( - name = "com_github_workiva_go_datastructures", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/Workiva/go-datastructures", - sum = "h1:J6Y/52yX10Xc5JjXmGtWoSSxs3mZnGSaq37xZZh7Yig=", - version = "v1.0.53", - ) - go_repository( - name = "com_github_x448_float16", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/x448/float16", - sum = "h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=", - version = "v0.8.4", - ) - go_repository( - name = "com_github_xanzy_ssh_agent", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/xanzy/ssh-agent", - sum = "h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=", - version = "v0.3.3", - ) - go_repository( - name = "com_github_xdg_go_pbkdf2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/xdg-go/pbkdf2", - sum = "h1:Su7DPu48wXMwC3bs7MCNG+z4FhcyEuz5dlvchbq0B0c=", - version = "v1.0.0", - ) - go_repository( - name = "com_github_xdg_go_scram", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/xdg-go/scram", - sum = "h1:FHX5I5B4i4hKRVRBCFRxq1iQRej7WO3hhBuJf+UUySY=", - version = "v1.1.2", - ) - go_repository( - name = "com_github_xdg_go_stringprep", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/xdg-go/stringprep", - sum = "h1:XLI/Ng3O1Atzq0oBs3TWm+5ZVgkq2aqdlvP9JtoZ6c8=", - version = "v1.0.4", - ) - go_repository( - name = "com_github_xeipuuv_gojsonpointer", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/xeipuuv/gojsonpointer", - sum = "h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=", - version = "v0.0.0-20190905194746-02993c407bfb", - ) - go_repository( - name = "com_github_xeipuuv_gojsonreference", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/xeipuuv/gojsonreference", - sum = "h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=", - version = "v0.0.0-20180127040603-bd5ef7bd5415", - ) - go_repository( - name = "com_github_xeipuuv_gojsonschema", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/xeipuuv/gojsonschema", - sum = "h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=", - version = "v1.2.0", - ) - go_repository( - name = "com_github_xhit_go_str2duration_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/xhit/go-str2duration/v2", - sum = "h1:lxklc02Drh6ynqX+DdPyp5pCKLUQpRT8bp8Ydu2Bstc=", - version = "v2.1.0", - ) - go_repository( - name = "com_github_xiang90_probing", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/xiang90/probing", - sum = "h1:S2dVYn90KE98chqDkyE9Z4N61UnQd+KOfgp5Iu53llk=", - version = "v0.0.0-20221125231312-a49e3df8f510", - ) - go_repository( - name = "com_github_xlab_treeprint", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/xlab/treeprint", - sum = "h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ=", - version = "v1.2.0", - ) - go_repository( - name = "com_github_yashtewari_glob_intersection", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/yashtewari/glob-intersection", - sum = "h1:6gJvMYQlTDOL3dMsPF6J0+26vwX9MB8/1q3uAdhmTrg=", - version = "v0.1.0", - ) - go_repository( - name = "com_github_youmark_pkcs8", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/youmark/pkcs8", - sum = "h1:splanxYIlg+5LfHAM6xpdFEAYOk8iySO56hMFq6uLyA=", - version = "v0.0.0-20181117223130-1be2e3e5546d", - ) - go_repository( - name = "com_github_ysmood_fetchup", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/ysmood/fetchup", - sum = "h1:ulX+SonA0Vma5zUFXtv52Kzip/xe7aj4vqT5AJwQ+ZQ=", - version = "v0.2.3", - ) - go_repository( - name = "com_github_ysmood_goob", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/ysmood/goob", - sum = "h1:HsxXhyLBeGzWXnqVKtmT9qM7EuVs/XOgkX7T6r1o1AQ=", - version = "v0.4.0", - ) - go_repository( - name = "com_github_ysmood_got", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/ysmood/got", - sum = "h1:IrV2uWLs45VXNvZqhJ6g2nIhY+pgIG1CUoOcqfXFl1s=", - version = "v0.34.1", - ) - go_repository( - name = "com_github_ysmood_gson", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/ysmood/gson", - sum = "h1:QFkWbTH8MxyUTKPkVWAENJhxqdBa4lYTQWqZCiLG6kE=", - version = "v0.7.3", - ) - go_repository( - name = "com_github_ysmood_leakless", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/ysmood/leakless", - sum = "h1:BzLrVoiwxikpgEQR0Lk8NyBN5Cit2b1z+u0mgL4ZJak=", - version = "v0.8.0", - ) - go_repository( - name = "com_github_yuin_goldmark", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/yuin/goldmark", - sum = "h1:fVcFKWvrslecOb/tg+Cc05dkeYx540o0FuFt3nUVDoE=", - version = "v1.4.13", - ) - go_repository( - name = "com_github_yuin_gopher_lua", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/yuin/gopher-lua", - sum = "h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M=", - version = "v1.1.1", - ) - go_repository( - name = "com_github_yvasiyarov_go_metrics", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/yvasiyarov/go-metrics", - sum = "h1:+lm10QQTNSBd8DVTNGHx7o/IKu9HYDvLMffDhbyLccI=", - version = "v0.0.0-20140926110328-57bccd1ccd43", - ) - go_repository( - name = "com_github_yvasiyarov_gorelic", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/yvasiyarov/gorelic", - sum = "h1:hlE8//ciYMztlGpl/VA+Zm1AcTPHYkHJPbHqE6WJUXE=", - version = "v0.0.0-20141212073537-a9bba5b9ab50", - ) - go_repository( - name = "com_github_yvasiyarov_newrelic_platform_go", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/yvasiyarov/newrelic_platform_go", - sum = "h1:ERexzlUfuTvpE74urLSbIQW0Z/6hF9t8U4NsJLaioAY=", - version = "v0.0.0-20140908184405-b21fdbd4370f", - ) - go_repository( - name = "com_github_zalando_go_keyring", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/zalando/go-keyring", - sum = "h1:v9CUu9phlABObO4LPWycf+zwMG7nlbb3t/B5wa97yms=", - version = "v0.2.3", - ) - go_repository( - name = "com_github_zclconf_go_cty", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/zclconf/go-cty", - sum = "h1:1JXy1XroaGrzZuG6X9dt7HL6s9AwbY+l4UNL8o5B6ho=", - version = "v1.14.3", - ) - go_repository( - name = "com_github_zclconf_go_cty_debug", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/zclconf/go-cty-debug", - sum = "h1:FosyBZYxY34Wul7O/MSKey3txpPYyCqVO5ZyceuQJEI=", - version = "v0.0.0-20191215020915-b22d67c1ba0b", - ) - go_repository( - name = "com_github_zmap_zcrypto", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/zmap/zcrypto", - sum = "h1:DZH5n7L3L8RxKdSyJHZt7WePgwdhHnPhQFdQSJaHF+o=", - version = "v0.0.0-20230310154051-c8b263fd8300", - ) - go_repository( - name = "com_github_zmap_zlint_v3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "github.com/zmap/zlint/v3", - sum = "h1:Eh2B5t6VKgVH0DFmTwOqE50POvyDhUaU9T2mJOe1vfQ=", - version = "v3.5.0", - ) - go_repository( - name = "com_google_cloud_go", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go", - sum = "h1:ZaGT6LiG7dBzi6zNOvVZwacaXlmf3lRqnC4DQzqyRQw=", - version = "v0.112.2", - ) - go_repository( - name = "com_google_cloud_go_accessapproval", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/accessapproval", - sum = "h1:fMbP4cJX/926h+kwGtABmcG83PXsjkB+q7nSBzZpJoo=", - version = "v1.7.6", - ) - go_repository( - name = "com_google_cloud_go_accesscontextmanager", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/accesscontextmanager", - sum = "h1:NipmPd3BCzwa/mr40SK8pWRkbzv9Th5Azhi4dBYazlM=", - version = "v1.8.6", - ) - go_repository( - name = "com_google_cloud_go_aiplatform", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/aiplatform", - sum = "h1:bbFYY4JInclG10czRFUYj2rjD+obhh3Gi9zVlyoMgEc=", - version = "v1.66.0", - ) - go_repository( - name = "com_google_cloud_go_analytics", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/analytics", - sum = "h1:UH/PWBcPxHKolWxaS3hO+aj+wDTuq7XKvdtpqR3lyOI=", - version = "v0.23.1", - ) - go_repository( - name = "com_google_cloud_go_apigateway", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/apigateway", - sum = "h1:60GMRN1JFwq9MldvEVMdR3gDJ0vI0C/BwgkImG6bx/M=", - version = "v1.6.6", - ) - go_repository( - name = "com_google_cloud_go_apigeeconnect", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/apigeeconnect", - sum = "h1:ObsKNGtdu0ckkCSUpCN5fVAVg+DmzFg89JlqsW4OAWk=", - version = "v1.6.6", - ) - go_repository( - name = "com_google_cloud_go_apigeeregistry", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/apigeeregistry", - sum = "h1:l8VFHdNMC+9Q4EHKye2eOZBu5IwddXF6ufAXI7D+PB8=", - version = "v0.8.4", - ) - go_repository( - name = "com_google_cloud_go_appengine", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/appengine", - sum = "h1:cM+Lj0A0nCtujM9lqRId5L8hz7bHRfu3q3KdKtpn+38=", - version = "v1.8.6", - ) - go_repository( - name = "com_google_cloud_go_area120", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/area120", - sum = "h1:7QJ4ZzqLOwh0pHD3UAa+VwiyWmDI7bdmkYKVkte8/wg=", - version = "v0.8.6", - ) - go_repository( - name = "com_google_cloud_go_artifactregistry", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/artifactregistry", - sum = "h1:icIyRzJ1Ag6EOafuDuFFJ/AdStcOFRVfSGURn27/7Pk=", - version = "v1.14.8", - ) - go_repository( - name = "com_google_cloud_go_asset", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/asset", - sum = "h1:+NpxL5L53VY91EoJTHeGGXSWEUllf2hhXpCyTnSrd3Q=", - version = "v1.18.1", - ) - go_repository( - name = "com_google_cloud_go_assuredworkloads", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/assuredworkloads", - sum = "h1:3NlUes0xLN2kcSU24qQADFYsOaetCPg0HSA302AyV5s=", - version = "v1.11.6", - ) - go_repository( - name = "com_google_cloud_go_auth", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/auth", - sum = "h1:Z7YNIhlWRtrnKlZke7z3GMqzvuYzdc2z98F9D1NV5Hg=", - version = "v0.4.1", - ) - go_repository( - name = "com_google_cloud_go_auth_oauth2adapt", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/auth/oauth2adapt", - sum = "h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4=", - version = "v0.2.2", - ) - go_repository( - name = "com_google_cloud_go_automl", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/automl", - sum = "h1:NHBO5cjo2IgwaJ5qlez/iA35XI1db87PPlOB0Kjt5RM=", - version = "v1.13.6", - ) - go_repository( - name = "com_google_cloud_go_baremetalsolution", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/baremetalsolution", - sum = "h1:jCR4rnVsG6ocK6ngFr2Z6ugKZfTENmMZkiV6Ma2tEeE=", - version = "v1.2.5", - ) - go_repository( - name = "com_google_cloud_go_batch", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/batch", - sum = "h1:b9fVZDxxp4LWMhXV7uAhyMGmPuzlzPrsZ0uh+RM92h8=", - version = "v1.8.3", - ) - go_repository( - name = "com_google_cloud_go_beyondcorp", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/beyondcorp", - sum = "h1:fnil8viEdcAJJiwiJPCT2fl3Grx3XFwXxTq7n9g/8QM=", - version = "v1.0.5", - ) - go_repository( - name = "com_google_cloud_go_bigquery", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/bigquery", - sum = "h1:kA96WfgvCbkqfLnr7xI5uEfJ4h4FrnkdEb0yty0KSZo=", - version = "v1.60.0", - ) - go_repository( - name = "com_google_cloud_go_billing", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/billing", - sum = "h1:XcYB8aKj97d4/0kh+LQgrxPxOo/0jgPNp5Q1nyzCyvs=", - version = "v1.18.4", - ) - go_repository( - name = "com_google_cloud_go_binaryauthorization", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/binaryauthorization", - sum = "h1:XiAdW5HAWtk9WEjEA5MXYiRJ28Tjp1xGPPAMRFI5bnc=", - version = "v1.8.2", - ) - go_repository( - name = "com_google_cloud_go_certificatemanager", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/certificatemanager", - sum = "h1:oc15T+leZ2Wm5oocvGTbDXwonka0chpJTEiHIVsBiEA=", - version = "v1.8.0", - ) - go_repository( - name = "com_google_cloud_go_channel", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/channel", - sum = "h1:rBnTls9G5nC/jOrb9V/tZFHFXt6kBMNlIQKg6DjAlRM=", - version = "v1.17.6", - ) - go_repository( - name = "com_google_cloud_go_cloudbuild", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/cloudbuild", - sum = "h1:66hY1gXV2cdn4gquy5TieaJwaZmRzrQ5cK++pVgnCkQ=", - version = "v1.16.0", - ) - go_repository( - name = "com_google_cloud_go_clouddms", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/clouddms", - sum = "h1:t1nc49kRzEU2vrDxQQIEc5rZ4Hr187YrdOZPMAgMwMI=", - version = "v1.7.5", - ) - go_repository( - name = "com_google_cloud_go_cloudtasks", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/cloudtasks", - sum = "h1:Ev+poxwb7pudBhiF0ObwAWT7Dh9BZAcsvAfFTWg0MPc=", - version = "v1.12.7", - ) - go_repository( - name = "com_google_cloud_go_compute", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/compute", - sum = "h1:uHf0NN2nvxl1Gh4QO83yRCOdMK4zivtMS5gv0dEX0hg=", - version = "v1.26.0", - ) - go_repository( - name = "com_google_cloud_go_compute_metadata", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/compute/metadata", - sum = "h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc=", - version = "v0.3.0", - ) - go_repository( - name = "com_google_cloud_go_contactcenterinsights", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/contactcenterinsights", - sum = "h1:sCDKUmDj9Tfd6Qj7x4XbwC43oYzEBwSDLC1tReQWS/Y=", - version = "v1.13.1", - ) - go_repository( - name = "com_google_cloud_go_container", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/container", - sum = "h1:y5gmgrMMhTrLnQQdMCw0t/Yis9Ps7jvAG4JYcRWxR8g=", - version = "v1.35.0", - ) - go_repository( - name = "com_google_cloud_go_containeranalysis", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/containeranalysis", - sum = "h1:yzohQ0HDoZq2TtCJkbUBsJs9RIR5WbKZlHrD7ilp2yg=", - version = "v0.11.5", - ) - go_repository( - name = "com_google_cloud_go_datacatalog", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/datacatalog", - sum = "h1:BGDsEjqpAo0Ka+b9yDLXnE5k+jU3lXGMh//NsEeDMIg=", - version = "v1.20.0", - ) - go_repository( - name = "com_google_cloud_go_dataflow", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/dataflow", - sum = "h1:GuZJgkOL64cYySwYEYqQkggdxwoZTk8cvekQW0t3KRM=", - version = "v0.9.6", - ) - go_repository( - name = "com_google_cloud_go_dataform", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/dataform", - sum = "h1:0EzWf+c2R5V/ujZBb22H/EL5wpzD/bDFYPA2f3czB1g=", - version = "v0.9.3", - ) - go_repository( - name = "com_google_cloud_go_datafusion", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/datafusion", - sum = "h1:zSmMj/qZ0Yk+q/v5Wg40FTJ0WYPCtanYYekRt7cSKJ0=", - version = "v1.7.6", - ) - go_repository( - name = "com_google_cloud_go_datalabeling", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/datalabeling", - sum = "h1:2zz44bPbDMHsPanQ89SybqhHDQBH1EZk8icGotyrvSU=", - version = "v0.8.6", - ) - go_repository( - name = "com_google_cloud_go_dataplex", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/dataplex", - sum = "h1:Ob8NPT1UcB4kDaDx7/UdsRfZ8xUvUggZshXUlGWDahk=", - version = "v1.15.0", - ) - go_repository( - name = "com_google_cloud_go_dataproc_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/dataproc/v2", - sum = "h1:+cM8p/R6FdTuQYlriJOSUCvAZfMDgBKf0/ph9bMIjaY=", - version = "v2.4.1", - ) - go_repository( - name = "com_google_cloud_go_dataqna", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/dataqna", - sum = "h1:FI/1q7VnANchQR9ug+nzujfiusLMfC3BHT7/fHi+BVU=", - version = "v0.8.6", - ) - go_repository( - name = "com_google_cloud_go_datastore", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/datastore", - sum = "h1:0P9WcsQeTWjuD1H14JIY7XQscIPQ4Laje8ti96IC5vg=", - version = "v1.15.0", - ) - go_repository( - name = "com_google_cloud_go_datastream", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/datastream", - sum = "h1:nHdOKbFmKJ4tPjGtNNIO0//G7QAht6eHTUnREWPn2yI=", - version = "v1.10.5", - ) - go_repository( - name = "com_google_cloud_go_deploy", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/deploy", - sum = "h1:UxcxzjwxGPkT7RBdMmoc5a7QxHQVdpZllD6el2VC3JA=", - version = "v1.17.2", - ) - go_repository( - name = "com_google_cloud_go_dialogflow", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/dialogflow", - sum = "h1:B8Y5j4/QsDirX136OoPm62kG3y5gd8rzBpHSR/FW9vI=", - version = "v1.52.0", - ) - go_repository( - name = "com_google_cloud_go_dlp", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/dlp", - sum = "h1:dTsEN6r1BoplUACz7teOmE6lRG1swREiwXkfkY7bi6c=", - version = "v1.12.1", - ) - go_repository( - name = "com_google_cloud_go_documentai", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/documentai", - sum = "h1:UdDy7nDTwr+mN1KiJqsj5AabauoW9SkgH9eY8BuFXJE=", - version = "v1.26.1", - ) - go_repository( - name = "com_google_cloud_go_domains", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/domains", - sum = "h1:NHqZk4XzHFlmXM3LMGwDVET4NKr60W2jaNCRGYod5Ic=", - version = "v0.9.6", - ) - go_repository( - name = "com_google_cloud_go_edgecontainer", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/edgecontainer", - sum = "h1:a++vBi1J00NP1ifVP5mV/3j1/EJKWPj0h6NfUPLfuCQ=", - version = "v1.2.0", - ) - go_repository( - name = "com_google_cloud_go_errorreporting", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/errorreporting", - sum = "h1:kj1XEWMu8P0qlLhm3FwcaFsUvXChV/OraZwA70trRR0=", - version = "v0.3.0", - ) - go_repository( - name = "com_google_cloud_go_essentialcontacts", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/essentialcontacts", - sum = "h1:FDdJGJEXK4RxvT6gdRBqGaCQVpi96RRB7MTyRHUcb20=", - version = "v1.6.7", - ) - go_repository( - name = "com_google_cloud_go_eventarc", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/eventarc", - sum = "h1:JMUiLYzxkxr7BqnCPkyJ6Ycgrs6YQlZT44H0rHg7jQY=", - version = "v1.13.5", - ) - go_repository( - name = "com_google_cloud_go_filestore", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/filestore", - sum = "h1:BpaB7bxICPUTntAV+yVUK9bxAUOv7uHRSEibSKMBJVA=", - version = "v1.8.2", - ) - go_repository( - name = "com_google_cloud_go_firestore", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/firestore", - sum = "h1:/k8ppuWOtNuDHt2tsRV42yI21uaGnKDEQnRFeBpbFF8=", - version = "v1.15.0", - ) - go_repository( - name = "com_google_cloud_go_functions", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/functions", - sum = "h1:0kcko/2AKwm4USnWcGs/W/k++PAYPA3dYaQw1y5Xg3M=", - version = "v1.16.1", - ) - go_repository( - name = "com_google_cloud_go_gkebackup", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/gkebackup", - sum = "h1:SATJwsF8PjErP7GwHE+xK8gJ7f7hULuqtazV19ylPgg=", - version = "v1.4.0", - ) - go_repository( - name = "com_google_cloud_go_gkeconnect", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/gkeconnect", - sum = "h1:7X9P6lGkOF/nJRYZBQBG2XPhunqWbNMacy9AXN7qUcU=", - version = "v0.8.6", - ) - go_repository( - name = "com_google_cloud_go_gkehub", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/gkehub", - sum = "h1:kKreFf+097KfW+Tz/SqZKeXs/eFOjs1NDrsVjRPI18o=", - version = "v0.14.6", - ) - go_repository( - name = "com_google_cloud_go_gkemulticloud", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/gkemulticloud", - sum = "h1:CFBoDcQi9zLOkzM6xqmRzljZhF4A6A47QaQ0WtNd+DA=", - version = "v1.1.2", - ) - go_repository( - name = "com_google_cloud_go_gsuiteaddons", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/gsuiteaddons", - sum = "h1:q3x2NE0je/tSVL66MAht5YVbGGHjTV9BxFD2lyDQ0dU=", - version = "v1.6.6", - ) - go_repository( - name = "com_google_cloud_go_iam", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/iam", - sum = "h1:r7umDwhj+BQyz0ScZMp4QrGXjSTI3ZINnpgU2nlB/K0=", - version = "v1.1.8", - ) - go_repository( - name = "com_google_cloud_go_iap", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/iap", - sum = "h1:FrLAtgXzWPwe8rNp7AD+2Lgg4LqyhgXvEdiGK+jtd9g=", - version = "v1.9.5", - ) - go_repository( - name = "com_google_cloud_go_ids", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/ids", - sum = "h1:tNc3NpIp2LUmFJxP2CBlzYw0FTnd68r73mIzg8UlM3Q=", - version = "v1.4.6", - ) - go_repository( - name = "com_google_cloud_go_iot", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/iot", - sum = "h1:nRV/e1e3lEjsVoD5mW99JERwL8MKohyQyY63+lfBMA4=", - version = "v1.7.6", - ) - go_repository( - name = "com_google_cloud_go_kms", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/kms", - sum = "h1:1yZsRPhmargZOmY+fVAh8IKiR9HzCb0U1zsxb5g2nRY=", - version = "v1.16.0", - ) - go_repository( - name = "com_google_cloud_go_language", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/language", - sum = "h1:srkreCxnVa5+a5PXUri/K+VWxG50wGvz5+PEYjgaENQ=", - version = "v1.12.4", - ) - go_repository( - name = "com_google_cloud_go_lifesciences", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/lifesciences", - sum = "h1:8w3edjRiSN6GCxT0uJoXr6Zo2XNYD+6TxPZa7uIIOaU=", - version = "v0.9.6", - ) - go_repository( - name = "com_google_cloud_go_logging", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/logging", - sum = "h1:iEIOXFO9EmSiTjDmfpbRjOxECO7R8C7b8IXUGOj7xZw=", - version = "v1.9.0", - ) - go_repository( - name = "com_google_cloud_go_longrunning", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/longrunning", - sum = "h1:WLbHekDbjK1fVFD3ibpFFVoyizlLRl73I7YKuAKilhU=", - version = "v0.5.7", - ) - go_repository( - name = "com_google_cloud_go_managedidentities", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/managedidentities", - sum = "h1:7+hGPQSojhnYNZCg3fG2mQIF7XMfvNpCpi2Zg5/Qx1g=", - version = "v1.6.6", - ) - go_repository( - name = "com_google_cloud_go_maps", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/maps", - sum = "h1:vcqmqk0wt1NRzQc84Qo6z8HYyol/znqbG7tAS5Qm91g=", - version = "v1.7.1", - ) - go_repository( - name = "com_google_cloud_go_mediatranslation", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/mediatranslation", - sum = "h1:EVW0wCQ7asoMjw8fm8oUe6pQWBaVQth/iquk7ysidy0=", - version = "v0.8.6", - ) - go_repository( - name = "com_google_cloud_go_memcache", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/memcache", - sum = "h1:rqDPCIUfVBvv7ojOGx5PRkPgWeWSKpOht2w6plaxklY=", - version = "v1.10.6", - ) - go_repository( - name = "com_google_cloud_go_metastore", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/metastore", - sum = "h1:K7gyYoqPvQgCc82tiB0CQkXOpg8AZxJtRGMVdN5B83U=", - version = "v1.13.5", - ) - go_repository( - name = "com_google_cloud_go_monitoring", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/monitoring", - sum = "h1:0yvFXK+xQd95VKo6thndjwnJMno7c7Xw1CwMByg0B+8=", - version = "v1.18.1", - ) - go_repository( - name = "com_google_cloud_go_networkconnectivity", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/networkconnectivity", - sum = "h1:t67aEKwmO+SXvQC5ncOjm3vTwnsbO/mTzlCWdK0nwqs=", - version = "v1.14.5", - ) - go_repository( - name = "com_google_cloud_go_networkmanagement", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/networkmanagement", - sum = "h1:uSoVcd78+uNSW34Q+BNumUvTxAtVaKHc8O9WUz091gg=", - version = "v1.13.0", - ) - go_repository( - name = "com_google_cloud_go_networksecurity", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/networksecurity", - sum = "h1:3ggPKshcFs1oRh5qI+Gq1s2CIU9BL99MKtYSBG4Z8s0=", - version = "v0.9.6", - ) - go_repository( - name = "com_google_cloud_go_notebooks", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/notebooks", - sum = "h1:A9jxIdxEccgL9iJLqvU4j5HT3/13YluoF2IbiV+hAN4=", - version = "v1.11.4", - ) - go_repository( - name = "com_google_cloud_go_optimization", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/optimization", - sum = "h1:T/j8xyIkmHGjU6kxeUjK3UTqiXlbvpZQ2A+F5vnH21Y=", - version = "v1.6.4", - ) - go_repository( - name = "com_google_cloud_go_orchestration", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/orchestration", - sum = "h1:i5iSxsu1Cx1itTQEEY/YvsAo1OO8gosGGXhnOjBjgJA=", - version = "v1.9.1", - ) - go_repository( - name = "com_google_cloud_go_orgpolicy", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/orgpolicy", - sum = "h1:x9GttuUZXXeKcJgHSGxYoPn2hOJhhuaN5YYJKfAfmLo=", - version = "v1.12.2", - ) - go_repository( - name = "com_google_cloud_go_osconfig", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/osconfig", - sum = "h1:wIOhgzklE0hHZsho02rRVXYBHSfsAwYZYIaxFaUBIjs=", - version = "v1.12.6", - ) - go_repository( - name = "com_google_cloud_go_oslogin", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/oslogin", - sum = "h1:v71OrrkKyqr5Mfnt345GqSOURzByv08qfrtvfhOVcnc=", - version = "v1.13.2", - ) - go_repository( - name = "com_google_cloud_go_phishingprotection", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/phishingprotection", - sum = "h1:DcAre1psFwJM/FBA/MkDj0H6uxZhACE5IW/xF9ssHDQ=", - version = "v0.8.6", - ) - go_repository( - name = "com_google_cloud_go_policytroubleshooter", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/policytroubleshooter", - sum = "h1:wxBRfNoMy7rnoEeaTOHIEHCUEdUIQIwQGUqfBWH6cyQ=", - version = "v1.10.4", - ) - go_repository( - name = "com_google_cloud_go_privatecatalog", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/privatecatalog", - sum = "h1:bcIABOUmpnzQip83OVv+Ju/NxXjUTRLUSP+FVLFG6kk=", - version = "v0.9.6", - ) - go_repository( - name = "com_google_cloud_go_profiler", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/profiler", - sum = "h1:ZeRDZbsOBDyRG0OiK0Op1/XWZ3xeLwJc9zjkzczUxyY=", - version = "v0.4.0", - ) - go_repository( - name = "com_google_cloud_go_pubsub", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/pubsub", - sum = "h1:0uEEfaB1VIJzabPpwpZf44zWAKAme3zwKKxHk7vJQxQ=", - version = "v1.37.0", - ) - go_repository( - name = "com_google_cloud_go_pubsublite", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/pubsublite", - sum = "h1:pX+idpWMIH30/K7c0epN6V703xpIcMXWRjKJsz0tYGY=", - version = "v1.8.1", - ) - go_repository( - name = "com_google_cloud_go_recaptchaenterprise_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/recaptchaenterprise/v2", - sum = "h1:nykUP2WD/914jui/IldiCOuoTn6T8ha1Ys6/N9sAqJY=", - version = "v2.12.0", - ) - go_repository( - name = "com_google_cloud_go_recommendationengine", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/recommendationengine", - sum = "h1:m0eQtYCToxMSbDKOnpJ2YGdQhyjOPffg4Y8lM2RWzao=", - version = "v0.8.6", - ) - go_repository( - name = "com_google_cloud_go_recommender", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/recommender", - sum = "h1:3M6lD39/GlOMYOikeF5wflSa4EP5pGFthoIASbyhIXE=", - version = "v1.12.2", - ) - go_repository( - name = "com_google_cloud_go_redis", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/redis", - sum = "h1:zlGxeAsiwcPU+Cta76ALduhdBAVhuYpEjv59V5L/ves=", - version = "v1.14.3", - ) - go_repository( - name = "com_google_cloud_go_resourcemanager", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/resourcemanager", - sum = "h1:VPfJFbWxrTYQzEXCDbJNpcvSB8eZhTSM0YHH146fIB8=", - version = "v1.9.6", - ) - go_repository( - name = "com_google_cloud_go_resourcesettings", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/resourcesettings", - sum = "h1:l/IbRDDmGJFlR4bRZGtfYvix1Pu0jAKGLr7wgUtixHQ=", - version = "v1.6.6", - ) - go_repository( - name = "com_google_cloud_go_retail", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/retail", - sum = "h1:AyVdElkdIU3JedWpX/qENbt8iUmKD+kiyj7ZpzguhTg=", - version = "v1.16.1", - ) - go_repository( - name = "com_google_cloud_go_run", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/run", - sum = "h1:xQND6EJn1LgouCLPSfykkzagyr4gq4FKiRexNxXixV0=", - version = "v1.3.6", - ) - go_repository( - name = "com_google_cloud_go_scheduler", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/scheduler", - sum = "h1:h1/VZk0XdkSh/jI7dDNp3V0Qi8yTkclOljDVPelXvAw=", - version = "v1.10.7", - ) - go_repository( - name = "com_google_cloud_go_secretmanager", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/secretmanager", - sum = "h1:nQ/Ca2Gzm/OEP8tr1hiFdHRi5wAnAmsm9qTjwkivyrQ=", - version = "v1.13.0", - ) - go_repository( - name = "com_google_cloud_go_security", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/security", - sum = "h1:LYMj7ISEEjVQ0ub6E6ygGhjVbNQTH5CawKZz0bbPMVE=", - version = "v1.15.6", - ) - go_repository( - name = "com_google_cloud_go_securitycenter", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/securitycenter", - sum = "h1:NpEJeFbm3ad3ibpbpIBKXJS7eQq1cZhtt9nrDTMO/QQ=", - version = "v1.28.0", - ) - go_repository( - name = "com_google_cloud_go_servicedirectory", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/servicedirectory", - sum = "h1:gkzx9Cd+OTOD+zY4u5vtbdvOx7vrvHYdeDiNdC6vKyw=", - version = "v1.11.5", - ) - go_repository( - name = "com_google_cloud_go_shell", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/shell", - sum = "h1:/oJf9sboa2FfHWCmHXy+XfTRnZy8lC7O5zFyfE1EA6s=", - version = "v1.7.6", - ) - go_repository( - name = "com_google_cloud_go_spanner", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/spanner", - sum = "h1:O9kf49dfaDRzPpKJNChHUJ+Bao02WPedZb8ZPyi02lI=", - version = "v1.60.0", - ) - go_repository( - name = "com_google_cloud_go_speech", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/speech", - sum = "h1:xo/cmhBtqoqqNg/5I8m0ECXPiqYg2fS2ioOccH+qbKE=", - version = "v1.22.1", - ) - go_repository( - name = "com_google_cloud_go_storage", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/storage", - sum = "h1:VEpDQV5CJxFmJ6ueWNsKxcr1QAYOXEgxDa+sBbJahPw=", - version = "v1.40.0", - ) - go_repository( - name = "com_google_cloud_go_storagetransfer", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/storagetransfer", - sum = "h1:BawJo/u0P21cdxc2gB878qIFDC80COq2i0qWZeNevSw=", - version = "v1.10.5", - ) - go_repository( - name = "com_google_cloud_go_talent", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/talent", - sum = "h1:4xgDFfOcgcSY0dUzaSc2tQCSRoLDEJ5CfbW5jfcgNJk=", - version = "v1.6.7", - ) - go_repository( - name = "com_google_cloud_go_texttospeech", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/texttospeech", - sum = "h1:gLEyDoJeFGdoX7jSKbf+nJy7CTgjsSbCZXwzzkXgH9w=", - version = "v1.7.6", - ) - go_repository( - name = "com_google_cloud_go_tpu", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/tpu", - sum = "h1:Cb1txkZYbKlGIZ4tQr9EjEB9snAOU6qyjvNezGXDunI=", - version = "v1.6.6", - ) - go_repository( - name = "com_google_cloud_go_trace", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/trace", - sum = "h1:XF0Ejdw0NpRfAvuZUeQe3ClAG4R/9w5JYICo7l2weaw=", - version = "v1.10.6", - ) - go_repository( - name = "com_google_cloud_go_translate", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/translate", - sum = "h1:SXOtKYnT7ZkeMtPwujaBOBt5Ph4kf6LIuMpAgu/WON0=", - version = "v1.10.2", - ) - go_repository( - name = "com_google_cloud_go_video", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/video", - sum = "h1:y4jgUqDiWMfX+beJnlrnloBQxEIa9v+KrlkD2QJVpeE=", - version = "v1.20.5", - ) - go_repository( - name = "com_google_cloud_go_videointelligence", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/videointelligence", - sum = "h1:P0Sa8+5KOEAVk/fazUNjVPzRCijCheZWJ8wL8xBn9Uk=", - version = "v1.11.6", - ) - go_repository( - name = "com_google_cloud_go_vision_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/vision/v2", - sum = "h1:kvR1sHcuPYat1wI3BYY7CEX2xLAcUHPYL6dOzV2Xf4Q=", - version = "v2.8.1", - ) - go_repository( - name = "com_google_cloud_go_vmmigration", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/vmmigration", - sum = "h1:sbaWK76csqtk0TGPGCiJqZi7tfrU0LnrhUjZHI5YVdc=", - version = "v1.7.6", - ) - go_repository( - name = "com_google_cloud_go_vmwareengine", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/vmwareengine", - sum = "h1:Mf8abigBstvjfSGq9twhtbMTCONL0Cjds+tGbc2pV0M=", - version = "v1.1.2", - ) - go_repository( - name = "com_google_cloud_go_vpcaccess", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/vpcaccess", - sum = "h1:wbMTRdZ9P5+3D6oQWWqB/YxDCFR5m5OJ+b+hHwaBBQQ=", - version = "v1.7.6", - ) - go_repository( - name = "com_google_cloud_go_webrisk", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/webrisk", - sum = "h1:rVhi2WOHcZF72X7spXVTFTmRGeFN4NFeW7/Ku7kgeug=", - version = "v1.9.6", - ) - go_repository( - name = "com_google_cloud_go_websecurityscanner", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/websecurityscanner", - sum = "h1:YAwNB/HjKOVAy9D7W8Bkv8OQ9G2lqIqFOuJbyH5Xo4Q=", - version = "v1.6.6", - ) - go_repository( - name = "com_google_cloud_go_workflows", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "cloud.google.com/go/workflows", - sum = "h1:hH511zmS93oE6j64m/eiGWnfgqailh/S8+f3MVNLcE8=", - version = "v1.12.5", - ) - go_repository( - name = "com_shuralyov_dmitri_gpu_mtl", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "dmitri.shuralyov.com/gpu/mtl", - sum = "h1:VpgP7xuJadIUuKccphEpTJnWhS2jkQyMt6Y7pJCD7fY=", - version = "v0.0.0-20190408044501-666a987793e9", - ) - go_repository( - name = "com_sslmate_software_src_go_pkcs12", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "software.sslmate.com/src/go-pkcs12", - sum = "h1:H2g08FrTvSFKUj+D309j1DPfk5APnIdAQAB8aEykJ5k=", - version = "v0.4.0", - ) - go_repository( - name = "dev_gocloud", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "gocloud.dev", - sum = "h1:XF1rN6R0qZI/9DYjN16Uy0durAmSlf58DHOcb28GPro=", - version = "v0.37.0", - ) - go_repository( - name = "in_gopkg_alecthomas_kingpin_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "gopkg.in/alecthomas/kingpin.v2", - sum = "h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc=", - version = "v2.2.6", - ) - go_repository( - name = "in_gopkg_check_v1", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "gopkg.in/check.v1", - sum = "h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=", - version = "v1.0.0-20201130134442-10cb98267c6c", - ) - go_repository( - name = "in_gopkg_cheggaaa_pb_v1", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "gopkg.in/cheggaaa/pb.v1", - sum = "h1:n1tBJnnK2r7g9OW2btFH91V92STTUevLXYFb8gy9EMk=", - version = "v1.0.28", - ) - go_repository( - name = "in_gopkg_errgo_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "gopkg.in/errgo.v2", - sum = "h1:0vLT13EuvQ0hNvakwLuFZ/jYrLp5F3kcWHXdRggjCE8=", - version = "v2.1.0", - ) - go_repository( - name = "in_gopkg_fsnotify_v1", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "gopkg.in/fsnotify.v1", - sum = "h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4=", - version = "v1.4.7", - ) - go_repository( - name = "in_gopkg_gcfg_v1", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "gopkg.in/gcfg.v1", - sum = "h1:m8OOJ4ccYHnx2f4gQwpno8nAX5OGOh7RLaaz0pj3Ogs=", - version = "v1.2.3", - ) - go_repository( - name = "in_gopkg_go_jose_go_jose_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "gopkg.in/go-jose/go-jose.v2", - sum = "h1:nt80fvSDlhKWQgSWyHyy5CfmlQr+asih51R8PTWNKKs=", - version = "v2.6.3", - ) - go_repository( - name = "in_gopkg_inf_v0", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "gopkg.in/inf.v0", - sum = "h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=", - version = "v0.9.1", - ) - go_repository( - name = "in_gopkg_ini_v1", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "gopkg.in/ini.v1", - sum = "h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=", - version = "v1.67.0", - ) - go_repository( - name = "in_gopkg_natefinch_lumberjack_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "gopkg.in/natefinch/lumberjack.v2", - sum = "h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc=", - version = "v2.2.1", - ) - go_repository( - name = "in_gopkg_square_go_jose_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "gopkg.in/square/go-jose.v2", - sum = "h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=", - version = "v2.6.0", - ) - go_repository( - name = "in_gopkg_src_d_go_billy_v4", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "gopkg.in/src-d/go-billy.v4", - sum = "h1:0SQA1pRztfTFx2miS8sA97XvooFeNOmvUenF4o0EcVg=", - version = "v4.3.2", - ) - go_repository( - name = "in_gopkg_src_d_go_git_fixtures_v3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "gopkg.in/src-d/go-git-fixtures.v3", - sum = "h1:ivZFOIltbce2Mo8IjzUHAFoq/IylO9WHhNOAJK+LsJg=", - version = "v3.5.0", - ) - go_repository( - name = "in_gopkg_src_d_go_git_v4", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "gopkg.in/src-d/go-git.v4", - sum = "h1:SRtFyV8Kxc0UP7aCHcijOMQGPxHSmMOPrzulQWolkYE=", - version = "v4.13.1", - ) - go_repository( - name = "in_gopkg_tomb_v1", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "gopkg.in/tomb.v1", - sum = "h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=", - version = "v1.0.0-20141024135613-dd632973f1e7", - ) - go_repository( - name = "in_gopkg_warnings_v0", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "gopkg.in/warnings.v0", - sum = "h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=", - version = "v0.1.2", - ) - go_repository( - name = "in_gopkg_yaml_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "gopkg.in/yaml.v2", - sum = "h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=", - version = "v2.4.0", - ) - go_repository( - name = "in_gopkg_yaml_v3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "gopkg.in/yaml.v3", - sum = "h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=", - version = "v3.0.1", - ) - go_repository( - name = "io_etcd_go_bbolt", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "go.etcd.io/bbolt", - sum = "h1:xs88BrvEv273UsB79e0hcVrlUWmS0a8upikMFhSyAtA=", - version = "v1.3.8", - ) - go_repository( - name = "io_etcd_go_etcd_api_v3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "go.etcd.io/etcd/api/v3", - sum = "h1:8WXU2/NBge6AUF1K1gOexB6e07NgsN1hXK0rSTtgSp4=", - version = "v3.5.13", - ) - go_repository( - name = "io_etcd_go_etcd_client_pkg_v3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "go.etcd.io/etcd/client/pkg/v3", - sum = "h1:RVZSAnWWWiI5IrYAXjQorajncORbS0zI48LQlE2kQWg=", - version = "v3.5.13", - ) - go_repository( - name = "io_etcd_go_etcd_client_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "go.etcd.io/etcd/client/v2", - sum = "h1:0m4ovXYo1CHaA/Mp3X/Fak5sRNIWf01wk/X1/G3sGKI=", - version = "v2.305.12", - ) - go_repository( - name = "io_etcd_go_etcd_client_v3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "go.etcd.io/etcd/client/v3", - sum = "h1:o0fHTNJLeO0MyVbc7I3fsCf6nrOqn5d+diSarKnB2js=", - version = "v3.5.13", - ) - go_repository( - name = "io_etcd_go_etcd_etcdctl_v3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "go.etcd.io/etcd/etcdctl/v3", - sum = "h1:GSmhNeq9LGt/gKHbzOmuPLO946GG5ZBCs9h28o0nNkE=", - version = "v3.5.12", - ) - go_repository( - name = "io_etcd_go_etcd_etcdutl_v3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "go.etcd.io/etcd/etcdutl/v3", - sum = "h1:R3HLloeRcIOAvNtOTcMV9fshCbz9aZP2Xh4AP2+KnFU=", - version = "v3.5.12", - ) - go_repository( - name = "io_etcd_go_etcd_pkg_v3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "go.etcd.io/etcd/pkg/v3", - sum = "h1:OK2fZKI5hX/+BTK76gXSTyZMrbnARyX9S643GenNGb8=", - version = "v3.5.12", - ) - go_repository( - name = "io_etcd_go_etcd_raft_v3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "go.etcd.io/etcd/raft/v3", - sum = "h1:7r22RufdDsq2z3STjoR7Msz6fYH8tmbkdheGfwJNRmU=", - version = "v3.5.12", - ) - go_repository( - name = "io_etcd_go_etcd_server_v3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "go.etcd.io/etcd/server/v3", - sum = "h1:EtMjsbfyfkwZuA2JlKOiBfuGkFCekv5H178qjXypbG8=", - version = "v3.5.12", - ) - go_repository( - name = "io_etcd_go_etcd_tests_v3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "go.etcd.io/etcd/tests/v3", - sum = "h1:k1fG7+F87Z7zKp57EcjXu9XgOsW0sfp5USqfzmMTIwM=", - version = "v3.5.12", - ) - go_repository( - name = "io_etcd_go_etcd_v3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "go.etcd.io/etcd/v3", - sum = "h1:YMdAAKv9xGTeWvfcangHj0Yqbph9w43xwosKOKzWJxs=", - version = "v3.5.12", - ) - go_repository( - name = "io_filippo_edwards25519", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "filippo.io/edwards25519", - sum = "h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=", - version = "v1.1.0", - ) - go_repository( - name = "io_k8s_api", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "k8s.io/api", - sum = "h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA=", - version = "v0.30.0", - ) - go_repository( - name = "io_k8s_apiextensions_apiserver", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "k8s.io/apiextensions-apiserver", - sum = "h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs=", - version = "v0.30.0", - ) - go_repository( - name = "io_k8s_apimachinery", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "k8s.io/apimachinery", - sum = "h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA=", - version = "v0.30.0", - ) - go_repository( - name = "io_k8s_apiserver", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "k8s.io/apiserver", - sum = "h1:QCec+U72tMQ+9tR6A0sMBB5Vh6ImCEkoKkTDRABWq6M=", - version = "v0.30.0", - ) - go_repository( - name = "io_k8s_cli_runtime", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "k8s.io/cli-runtime", - sum = "h1:q2kC3cex4rOBLfPOnMSzV2BIrrQlx97gxHJs21KxKS4=", - version = "v0.29.0", - ) - go_repository( - name = "io_k8s_client_go", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "k8s.io/client-go", - sum = "h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ=", - version = "v0.30.0", - ) - go_repository( - name = "io_k8s_cloud_provider", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "k8s.io/cloud-provider", - replace = "k8s.io/cloud-provider", - sum = "h1:Qgk/jHsSKGRk/ltTlN6e7eaNuuamLROOzVBd0RPp94M=", - version = "v0.29.0", - ) - go_repository( - name = "io_k8s_cluster_bootstrap", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "k8s.io/cluster-bootstrap", - sum = "h1:vaIjA1eMFpcLYz+p6NMj75aqiauDahFx9EkuTxc0GMI=", - version = "v0.30.0", - ) - go_repository( - name = "io_k8s_code_generator", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "k8s.io/code-generator", - sum = "h1:3VUVqHvWFSVSm9kqL/G6kD4ZwNdHF6J/jPyo3Jgjy3k=", - version = "v0.30.0", - ) - go_repository( - name = "io_k8s_component_base", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "k8s.io/component-base", - sum = "h1:cj6bp38g0ainlfYtaOQuRELh5KSYjhKxM+io7AUIk4o=", - version = "v0.30.0", - ) - go_repository( - name = "io_k8s_component_helpers", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "k8s.io/component-helpers", - sum = "h1:Y8W70NGeitKxWwhsPo/vEQbQx5VqJV+3xfLpP3V1VxU=", - version = "v0.29.0", - ) - go_repository( - name = "io_k8s_controller_manager", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "k8s.io/controller-manager", - replace = "k8s.io/controller-manager", - sum = "h1:kEv9sKLnjDkoSqeouWp2lZ8P33an5wrDJpOMqoyD7pc=", - version = "v0.29.0", - ) - go_repository( - name = "io_k8s_cri_api", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "k8s.io/cri-api", - sum = "h1:hZqh3vH5JZdqeAyhD9nPXSbT6GDgrtPJkPiIzhWKVhk=", - version = "v0.30.0", - ) - go_repository( - name = "io_k8s_csi_translation_lib", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "k8s.io/csi-translation-lib", - replace = "k8s.io/csi-translation-lib", - sum = "h1:we4X1yUlDikvm5Rv0dwMuPHNw6KwjwsQiAuOPWXha8M=", - version = "v0.29.0", - ) - go_repository( - name = "io_k8s_dynamic_resource_allocation", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "k8s.io/dynamic-resource-allocation", - replace = "k8s.io/dynamic-resource-allocation", - sum = "h1:JQW5erdoOsvhst7DxMfEpnXhrfm9SmNTnvyaXdqTLAE=", - version = "v0.29.0", - ) - go_repository( - name = "io_k8s_endpointslice", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "k8s.io/endpointslice", - replace = "k8s.io/endpointslice", - sum = "h1:HM+zsyqSALW7FzOVCWYsF+eFabiTGDrZpLEZZX2065U=", - version = "v0.29.0", - ) - go_repository( - name = "io_k8s_gengo_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "k8s.io/gengo/v2", - sum = "h1:NGrVE502P0s0/1hudf8zjgwki1X/TByhmAoILTarmzo=", - version = "v2.0.0-20240228010128-51d4e06bde70", - ) - go_repository( - name = "io_k8s_klog_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "k8s.io/klog/v2", - sum = "h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=", - version = "v2.120.1", - ) - go_repository( - name = "io_k8s_kms", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "k8s.io/kms", - sum = "h1:ZlnD/ei5lpvUlPw6eLfVvH7d8i9qZ6HwUQgydNVks8g=", - version = "v0.30.0", - ) - go_repository( - name = "io_k8s_kube_aggregator", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "k8s.io/kube-aggregator", - replace = "k8s.io/kube-aggregator", - sum = "h1:N4fmtePxOZ+bwiK1RhVEztOU+gkoVkvterHgpwAuiTw=", - version = "v0.29.0", - ) - go_repository( - name = "io_k8s_kube_controller_manager", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "k8s.io/kube-controller-manager", - replace = "k8s.io/kube-controller-manager", - sum = "h1:25nmyTOdjOLM1QLe4nbu5jvlLSv1ZIPFDvmUUWvbuSw=", - version = "v0.29.0", - ) - go_repository( - name = "io_k8s_kube_openapi", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "k8s.io/kube-openapi", - sum = "h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag=", - version = "v0.0.0-20240228011516-70dd3763d340", - ) - go_repository( - name = "io_k8s_kube_proxy", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "k8s.io/kube-proxy", - replace = "k8s.io/kube-proxy", - sum = "h1:nZJdLzHTIJ2okftUMsBvEidtH57GAOMMPFKBcA0V+Bg=", - version = "v0.29.0", - ) - go_repository( - name = "io_k8s_kube_scheduler", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "k8s.io/kube-scheduler", - replace = "k8s.io/kube-scheduler", - sum = "h1:n4v68EvxYhy7o5Q/LFPgqBEGi7lKoiAxwQ0gQyMoj9M=", - version = "v0.29.0", - ) - go_repository( - name = "io_k8s_kubectl", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "k8s.io/kubectl", - sum = "h1:Oqi48gXjikDhrBF67AYuZRTcJV4lg2l42GmvsP7FmYI=", - version = "v0.29.0", - ) - go_repository( - name = "io_k8s_kubelet", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "k8s.io/kubelet", - sum = "h1:/pqHVR2Rn8ExCpn211wL3pMtqRFpcBcJPl4+1INbIMk=", - version = "v0.30.0", - ) - go_repository( - name = "io_k8s_kubernetes", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "k8s.io/kubernetes", - sum = "h1:u3Yw8rNlo2NDSGaDpoxoHXLPQnEu1tfqHATKOJe94HY=", - version = "v1.30.0", - ) - go_repository( - name = "io_k8s_legacy_cloud_providers", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "k8s.io/legacy-cloud-providers", - replace = "k8s.io/legacy-cloud-providers", - sum = "h1:fjGV9OhqseUTp3R8xOm2TBoAxyuRTOS6B2zFTSJ80RE=", - version = "v0.29.0", - ) - go_repository( - name = "io_k8s_metrics", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "k8s.io/metrics", - sum = "h1:a6dWcNM+EEowMzMZ8trka6wZtSRIfEA/9oLjuhBksGc=", - version = "v0.29.0", - ) - go_repository( - name = "io_k8s_mount_utils", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "k8s.io/mount-utils", - sum = "h1:EceYTNYVabfpdtIAHC4KgMzoZkm1B8ovZ1J666mYZQI=", - version = "v0.30.0", - ) - go_repository( - name = "io_k8s_pod_security_admission", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "k8s.io/pod-security-admission", - replace = "k8s.io/pod-security-admission", - sum = "h1:tY/ldtkbBCulMYVSWg6ZDLlgDYDWy6rLj8e/AgmwSj4=", - version = "v0.29.0", - ) - go_repository( - name = "io_k8s_sample_apiserver", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "k8s.io/sample-apiserver", - replace = "k8s.io/sample-apiserver", - sum = "h1:bUEz09ehjQE/xpgMVkutbBfZhcLvg1BvCMLvJnbLZbc=", - version = "v0.29.0", - ) - go_repository( - name = "io_k8s_sigs_apiserver_network_proxy_konnectivity_client", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "sigs.k8s.io/apiserver-network-proxy/konnectivity-client", - sum = "h1:/U5vjBbQn3RChhv7P11uhYvCSm5G2GaIi5AIGBS6r4c=", - version = "v0.29.0", - ) - go_repository( - name = "io_k8s_sigs_controller_runtime", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "sigs.k8s.io/controller-runtime", - sum = "h1:RqVW6Kpeaji67CY5nPEfRz6ZfFMk0lWQlNrLqlNpx+Q=", - version = "v0.18.2", - ) - go_repository( - name = "io_k8s_sigs_json", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "sigs.k8s.io/json", - sum = "h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=", - version = "v0.0.0-20221116044647-bc3834ca7abd", - ) - go_repository( - name = "io_k8s_sigs_knftables", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "sigs.k8s.io/knftables", - sum = "h1:VzKQoDMCGBOH8c85sGrWSXSPCS0XrIpEfOlcCLBXiC0=", - version = "v0.0.14", - ) - go_repository( - name = "io_k8s_sigs_kustomize_api", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "sigs.k8s.io/kustomize/api", - sum = "h1:XX3Ajgzov2RKUdc5jW3t5jwY7Bo7dcRm+tFxT+NfgY0=", - version = "v0.13.5-0.20230601165947-6ce0bf390ce3", - ) - go_repository( - name = "io_k8s_sigs_kustomize_kustomize_v5", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "sigs.k8s.io/kustomize/kustomize/v5", - sum = "h1:vq2TtoDcQomhy7OxXLUOzSbHMuMYq0Bjn93cDtJEdKw=", - version = "v5.0.4-0.20230601165947-6ce0bf390ce3", - ) - go_repository( - name = "io_k8s_sigs_kustomize_kyaml", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "sigs.k8s.io/kustomize/kyaml", - sum = "h1:W6cLQc5pnqM7vh3b7HvGNfXrJ/xL6BDMS0v1V/HHg5U=", - version = "v0.14.3-0.20230601165947-6ce0bf390ce3", - ) - go_repository( - name = "io_k8s_sigs_release_utils", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "sigs.k8s.io/release-utils", - sum = "h1:JKDOvhCk6zW8ipEOkpTGDH/mW3TI+XqtPp16aaQ79FU=", - version = "v0.7.7", - ) - go_repository( - name = "io_k8s_sigs_structured_merge_diff_v4", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "sigs.k8s.io/structured-merge-diff/v4", - sum = "h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=", - version = "v4.4.1", - ) - go_repository( - name = "io_k8s_sigs_yaml", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "sigs.k8s.io/yaml", - sum = "h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=", - version = "v1.4.0", - ) - go_repository( - name = "io_k8s_system_validators", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "k8s.io/system-validators", - sum = "h1:tq05tdO9zdJZnNF3SXrq6LE7Knc/KfJm5wk68467JDg=", - version = "v1.8.0", - ) - go_repository( - name = "io_k8s_utils", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "k8s.io/utils", - sum = "h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak=", - version = "v0.0.0-20240502163921-fe8a2dddb1d0", - ) - go_repository( - name = "io_opencensus_go", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "go.opencensus.io", - sum = "h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=", - version = "v0.24.0", - ) - go_repository( - name = "io_opencensus_go_contrib_exporter_stackdriver", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "contrib.go.opencensus.io/exporter/stackdriver", - sum = "h1:zBakwHardp9Jcb8sQHcHpXy/0+JIb1M8KjigCJzx7+4=", - version = "v0.13.14", - ) - go_repository( - name = "io_opentelemetry_go_contrib_instrumentation_github_com_emicklei_go_restful_otelrestful", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful", - sum = "h1:Z6SbqeRZAl2OczfkFOqLx1BeYBDYehNjEnqluD7581Y=", - version = "v0.42.0", - ) - go_repository( - name = "io_opentelemetry_go_contrib_instrumentation_google_golang_org_grpc_otelgrpc", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc", - sum = "h1:4Pp6oUg3+e/6M4C0A/3kJ2VYa++dsWVTtGgLVj5xtHg=", - version = "v0.49.0", - ) - go_repository( - name = "io_opentelemetry_go_contrib_instrumentation_net_http_otelhttp", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", - sum = "h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk=", - version = "v0.49.0", - ) - go_repository( - name = "io_opentelemetry_go_otel", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "go.opentelemetry.io/otel", - sum = "h1:0LAOdjNmQeSTzGBzduGe/rU4tZhMwL5rWgtp9Ku5Jfo=", - version = "v1.24.0", - ) - go_repository( - name = "io_opentelemetry_go_otel_exporters_otlp_internal_retry", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "go.opentelemetry.io/otel/exporters/otlp/internal/retry", - sum = "h1:ZSdnH1x5Gm/eUFNQquwSt4/LMCOqS6KPlI9qaTKx5Ho=", - version = "v1.15.0", - ) - go_repository( - name = "io_opentelemetry_go_otel_exporters_otlp_otlptrace", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "go.opentelemetry.io/otel/exporters/otlp/otlptrace", - sum = "h1:DeFD0VgTZ+Cj6hxravYYZE2W4GlneVH81iAOPjZkzk8=", - version = "v1.20.0", - ) - go_repository( - name = "io_opentelemetry_go_otel_exporters_otlp_otlptrace_otlptracegrpc", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc", - sum = "h1:gvmNvqrPYovvyRmCSygkUDyL8lC5Tl845MLEwqpxhEU=", - version = "v1.20.0", - ) - go_repository( - name = "io_opentelemetry_go_otel_exporters_otlp_otlptrace_otlptracehttp", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp", - sum = "h1:IeMeyr1aBvBiPVYihXIaeIZba6b8E1bYp7lbdxK8CQg=", - version = "v1.19.0", - ) - go_repository( - name = "io_opentelemetry_go_otel_metric", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "go.opentelemetry.io/otel/metric", - sum = "h1:6EhoGWWK28x1fbpA4tYTOWBkPefTDQnb8WSGXlc88kI=", - version = "v1.24.0", - ) - go_repository( - name = "io_opentelemetry_go_otel_sdk", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "go.opentelemetry.io/otel/sdk", - sum = "h1:YMPPDNymmQN3ZgczicBY3B6sf9n62Dlj9pWD3ucgoDw=", - version = "v1.24.0", - ) - go_repository( - name = "io_opentelemetry_go_otel_trace", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "go.opentelemetry.io/otel/trace", - sum = "h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y1YELI=", - version = "v1.24.0", - ) - go_repository( - name = "io_opentelemetry_go_proto_otlp", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "go.opentelemetry.io/proto/otlp", - sum = "h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I=", - version = "v1.0.0", - ) - go_repository( - name = "io_rsc_binaryregexp", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "rsc.io/binaryregexp", - sum = "h1:HfqmD5MEmC0zvwBuF187nq9mdnXjXsSivRiXN7SmRkE=", - version = "v0.2.0", - ) - go_repository( - name = "io_rsc_quote_v3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "rsc.io/quote/v3", - sum = "h1:9JKUTTIUgS6kzR9mK1YuGKv6Nl+DijDNIc0ghT58FaY=", - version = "v3.1.0", - ) - go_repository( - name = "io_rsc_sampler", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "rsc.io/sampler", - sum = "h1:7uVkIFmeBqHfdjD+gZwtXXI+RODJ2Wc4O7MPEh/QiW4=", - version = "v1.3.0", - ) - go_repository( - name = "land_oras_oras_go", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "oras.land/oras-go", - sum = "h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo=", - version = "v1.2.5", - ) - go_repository( - name = "net_starlark_go", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "go.starlark.net", - sum = "h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY=", - version = "v0.0.0-20230525235612-a134d8f9ddca", - ) - go_repository( - name = "org_bitbucket_bertimus9_systemstat", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "bitbucket.org/bertimus9/systemstat", - sum = "h1:n0aLnh2Jo4nBUBym9cE5PJDG8GT6g+4VuS2Ya2jYYpA=", - version = "v0.5.0", - ) - go_repository( - name = "org_bitbucket_creachadair_shell", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "bitbucket.org/creachadair/shell", - sum = "h1:3yM6JcAfaGWzjzcCamTblzSIWXm/YSs0PFGIzBm2HTo=", - version = "v0.0.8", - ) - go_repository( - name = "org_golang_google_api", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "google.golang.org/api", - sum = "h1:M2D87Yo0rGBPWpo1orwfCLehUUL6E7/TYe5gvMQWDh4=", - version = "v0.180.0", - ) - go_repository( - name = "org_golang_google_appengine", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "google.golang.org/appengine", - sum = "h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=", - version = "v1.6.8", - ) - go_repository( - name = "org_golang_google_genproto", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "google.golang.org/genproto", - sum = "h1:wu/KJm9KJwpfHWhkkZGohVC6KRrc1oJNr4jwtQMOQXw=", - version = "v0.0.0-20240401170217-c3f982113cda", - ) - go_repository( - name = "org_golang_google_genproto_googleapis_api", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "google.golang.org/genproto/googleapis/api", - sum = "h1:AH34z6WAGVNkllnKs5raNq3yRq93VnjBG6rpfub/jYk=", - version = "v0.0.0-20240506185236-b8a5c65736ae", - ) - go_repository( - name = "org_golang_google_genproto_googleapis_bytestream", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "google.golang.org/genproto/googleapis/bytestream", - sum = "h1:GtsRfMHDREQPg/snOM0QudeC54kX7UqodmmK4uELHLQ=", - version = "v0.0.0-20240429193739-8cf5692501f6", - ) - go_repository( - name = "org_golang_google_genproto_googleapis_rpc", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "google.golang.org/genproto/googleapis/rpc", - sum = "h1:DujSIu+2tC9Ht0aPNA7jgj23Iq8Ewi5sgkQ++wdvonE=", - version = "v0.0.0-20240429193739-8cf5692501f6", - ) - go_repository( - name = "org_golang_google_grpc", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "google.golang.org/grpc", - sum = "h1:MUeiw1B2maTVZthpU5xvASfTh3LDbxHd6IJ6QQVU+xM=", - version = "v1.63.2", - ) - go_repository( - name = "org_golang_google_grpc_cmd_protoc_gen_go_grpc", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "google.golang.org/grpc/cmd/protoc-gen-go-grpc", - sum = "h1:rNBFJjBCOgVr9pWD7rs/knKL4FRTKgpZmsRfV214zcA=", - version = "v1.3.0", - ) - go_repository( - name = "org_golang_google_protobuf", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "google.golang.org/protobuf", - sum = "h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=", - version = "v1.34.1", - ) - go_repository( - name = "org_golang_x_crypto", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "golang.org/x/crypto", - sum = "h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI=", - version = "v0.23.0", - ) - go_repository( - name = "org_golang_x_exp", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "golang.org/x/exp", - sum = "h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM=", - version = "v0.0.0-20240506185415-9bf2ced13842", - ) - go_repository( - name = "org_golang_x_image", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "golang.org/x/image", - sum = "h1:+qEpEAPhDZ1o0x3tHzZTQDArnOixOzGD9HUJfcg0mb4=", - version = "v0.0.0-20190802002840-cff245a6509b", - ) - go_repository( - name = "org_golang_x_lint", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "golang.org/x/lint", - sum = "h1:VLliZ0d+/avPrXXH+OakdXhpJuEoBZuwh1m2j7U6Iug=", - version = "v0.0.0-20210508222113-6edffad5e616", - ) - go_repository( - name = "org_golang_x_mobile", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "golang.org/x/mobile", - sum = "h1:4+4C/Iv2U4fMZBiMCc98MG1In4gJY5YRhtpDNeDeHWs=", - version = "v0.0.0-20190719004257-d2bd2a29d028", - ) - go_repository( - name = "org_golang_x_mod", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "golang.org/x/mod", - sum = "h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=", - version = "v0.17.0", - ) - go_repository( - name = "org_golang_x_net", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "golang.org/x/net", - sum = "h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=", - version = "v0.25.0", - ) - go_repository( - name = "org_golang_x_oauth2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "golang.org/x/oauth2", - sum = "h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo=", - version = "v0.20.0", - ) - go_repository( - name = "org_golang_x_sync", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "golang.org/x/sync", - sum = "h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=", - version = "v0.7.0", - ) - go_repository( - name = "org_golang_x_sys", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "golang.org/x/sys", - sum = "h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=", - version = "v0.20.0", - ) - go_repository( - name = "org_golang_x_telemetry", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "golang.org/x/telemetry", - sum = "h1:IRJeR9r1pYWsHKTRe/IInb7lYvbBVIqOgsX/u0mbOWY=", - version = "v0.0.0-20240228155512-f48c80bd79b2", - ) - go_repository( - name = "org_golang_x_term", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "golang.org/x/term", - sum = "h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw=", - version = "v0.20.0", - ) - go_repository( - name = "org_golang_x_text", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "golang.org/x/text", - sum = "h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk=", - version = "v0.15.0", - ) - go_repository( - name = "org_golang_x_time", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "golang.org/x/time", - sum = "h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=", - version = "v0.5.0", - ) - go_repository( - name = "org_golang_x_tools", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "golang.org/x/tools", - sum = "h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw=", - version = "v0.21.0", - ) - go_repository( - name = "org_golang_x_vuln", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "golang.org/x/vuln", - sum = "h1:ECEdI+aEtjpF90eqEcDL5Q11DWSZAw5PJQWlp0+gWqc=", - version = "v1.1.0", - ) - go_repository( - name = "org_golang_x_xerrors", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "golang.org/x/xerrors", - sum = "h1:+cNy6SZtPcJQH3LJVLOSmiC7MMxXNOb3PU/VUEz+EhU=", - version = "v0.0.0-20231012003039-104605ab7028", - ) - go_repository( - name = "org_libvirt_go_libvirt", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "libvirt.org/go/libvirt", - # keep - patches = [ - "//3rdparty/bazel/org_libvirt_go_libvirt:go_libvirt.patch", - ], - sum = "h1:LEoawzuggD6IL5R/XtnBE8wWJx49i7UZ1HcB7p9glwE=", - version = "v1.10003.0", - ) - go_repository( - name = "org_mongodb_go_mongo_driver", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "go.mongodb.org/mongo-driver", - sum = "h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd80=", - version = "v1.14.0", - ) - go_repository( - name = "org_mozilla_go_pkcs7", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "go.mozilla.org/pkcs7", - sum = "h1:A/5uWzF44DlIgdm/PQFwfMkW0JX+cIcQi/SwLAmZP5M=", - version = "v0.0.0-20200128120323-432b2356ecb1", - ) - go_repository( - name = "org_uber_go_atomic", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "go.uber.org/atomic", - sum = "h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw=", - version = "v1.7.0", - ) - go_repository( - name = "org_uber_go_goleak", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "go.uber.org/goleak", - sum = "h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=", - version = "v1.3.0", - ) - go_repository( - name = "org_uber_go_multierr", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "go.uber.org/multierr", - sum = "h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=", - version = "v1.11.0", - ) - go_repository( - name = "org_uber_go_zap", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "go.uber.org/zap", - sum = "h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=", - version = "v1.27.0", - ) - go_repository( - name = "sh_elv_src", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "src.elv.sh", - sum = "h1:pjVeIo9Ba6K1Wy+rlwX91zT7A+xGEmxiNRBdN04gDTQ=", - version = "v0.16.0-rc1.0.20220116211855-fda62502ad7f", - ) - go_repository( - name = "sh_helm_helm", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "helm.sh/helm", - sum = "h1:cSe3FaQOpRWLDXvTObQNj0P7WI98IG5yloU6tQVls2k=", - version = "v2.17.0+incompatible", - ) - go_repository( - name = "sh_helm_helm_v3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "helm.sh/helm/v3", - sum = "h1:6FSpEfqyDalHq3kUr4gOMThhgY55kXUEjdQoyODYnrM=", - version = "v3.14.4", - ) - go_repository( - name = "sm_step_go_crypto", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "go.step.sm/crypto", - sum = "h1:t3p3uQ7raP2jp2ha9P6xkQF85TJZh+87xmjSLaib+jk=", - version = "v0.44.2", - ) - go_repository( - name = "tools_gotest_v3", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "gotest.tools/v3", - sum = "h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=", - version = "v3.4.0", - ) - go_repository( - name = "xyz_gomodules_jsonpatch_v2", - build_file_generation = "on", - build_file_proto_mode = "disable_global", - importpath = "gomodules.xyz/jsonpatch/v2", - sum = "h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=", - version = "v2.4.0", - ) diff --git a/bazel/toolchains/go_rules_deps.bzl b/bazel/toolchains/go_rules_deps.bzl deleted file mode 100644 index fcc01d6ba..000000000 --- a/bazel/toolchains/go_rules_deps.bzl +++ /dev/null @@ -1,35 +0,0 @@ -"""Go toolchain dependencies for Bazel. - -Defines hermetic go toolchains and rules to build and test go code. -Gazelle is a build file generator for Bazel projects written in Go. -""" - -load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") - -def go_deps(): - http_archive( - name = "io_bazel_rules_go", - sha256 = "f74c98d6df55217a36859c74b460e774abc0410a47cc100d822be34d5f990f16", - urls = [ - "https://mirror.bazel.build/github.com/bazelbuild/rules_go/releases/download/v0.47.1/rules_go-v0.47.1.zip", - "https://cdn.confidential.cloud/constellation/cas/sha256/f74c98d6df55217a36859c74b460e774abc0410a47cc100d822be34d5f990f16", - "https://github.com/bazelbuild/rules_go/releases/download/v0.47.1/rules_go-v0.47.1.zip", - ], - remote_patches = { - # Move timeout handling back to bzltestutil - # remove after https://github.com/bazelbuild/rules_go/pull/3939 is merged - "https://github.com/bazelbuild/rules_go/commit/cc911bfec4f52d93d1c47cc92a3bc03ec8f9cb33.patch": "sha256-Z1jNoEagzSghHrf1SiLLMLGpFq/IBvOjZMxWaIk1O3M=", - }, - remote_patch_strip = 1, - type = "zip", - ) - http_archive( - name = "bazel_gazelle", - sha256 = "75df288c4b31c81eb50f51e2e14f4763cb7548daae126817247064637fd9ea62", - urls = [ - "https://mirror.bazel.build/github.com/bazelbuild/bazel-gazelle/releases/download/v0.36.0/bazel-gazelle-v0.36.0.tar.gz", - "https://cdn.confidential.cloud/constellation/cas/sha256/75df288c4b31c81eb50f51e2e14f4763cb7548daae126817247064637fd9ea62", - "https://github.com/bazelbuild/bazel-gazelle/releases/download/v0.36.0/bazel-gazelle-v0.36.0.tar.gz", - ], - type = "tar.gz", - ) From d960121cba549468af0f965fd22817548af9643d Mon Sep 17 00:00:00 2001 From: Malte Poll <1780588+malt3@users.noreply.github.com> Date: Tue, 21 May 2024 17:56:37 +0200 Subject: [PATCH 014/380] bazel: update BUILD files for rules_go bzlmod migration --- .../com_github_google_go_tpm_tools.need | 5 +--- .../com_github_google_go_tpm_tools.patch | 8 +++--- .../ms_tpm_20_ref.need | 6 +++-- .../ms_tpm_20_ref.patch | 12 ++++++--- .../placeholder/BUILD.bazel | 12 --------- .../placeholder/Platform.h | 22 --------------- .../placeholder/Tpm.h | 27 ------------------- .../placeholder/ms_tpm_20_disabled.c | 9 ------- ..._github_martinjungblut_go_cryptsetup.patch | 6 ++--- .../org_libvirt_go_libvirt/go_libvirt.patch | 2 +- bootstrapper/internal/initserver/BUILD.bazel | 4 +-- bootstrapper/internal/joinclient/BUILD.bazel | 4 +-- cli/internal/cmd/BUILD.bazel | 4 +-- csi/kms/BUILD.bazel | 4 +-- debugd/internal/cdbg/cmd/BUILD.bazel | 2 +- debugd/internal/debugd/deploy/BUILD.bazel | 4 +-- debugd/internal/debugd/server/BUILD.bazel | 4 +-- .../internal/recoveryserver/BUILD.bazel | 2 +- disk-mapper/internal/rejoinclient/BUILD.bazel | 4 +-- internal/constellation/BUILD.bazel | 4 +-- internal/grpc/atlscredentials/BUILD.bazel | 2 +- internal/grpc/dialer/BUILD.bazel | 4 +-- internal/logger/BUILD.bazel | 2 +- joinservice/internal/kms/BUILD.bazel | 4 +-- joinservice/internal/server/BUILD.bazel | 2 +- keyservice/internal/server/BUILD.bazel | 2 +- .../internal/upgrade/BUILD.bazel | 2 +- s3proxy/internal/kms/BUILD.bazel | 4 +-- upgrade-agent/internal/server/BUILD.bazel | 2 +- verify/server/BUILD.bazel | 2 +- 30 files changed, 51 insertions(+), 120 deletions(-) delete mode 100644 3rdparty/bazel/com_github_google_go_tpm_tools/placeholder/BUILD.bazel delete mode 100644 3rdparty/bazel/com_github_google_go_tpm_tools/placeholder/Platform.h delete mode 100644 3rdparty/bazel/com_github_google_go_tpm_tools/placeholder/Tpm.h delete mode 100644 3rdparty/bazel/com_github_google_go_tpm_tools/placeholder/ms_tpm_20_disabled.c diff --git a/3rdparty/bazel/com_github_google_go_tpm_tools/com_github_google_go_tpm_tools.need b/3rdparty/bazel/com_github_google_go_tpm_tools/com_github_google_go_tpm_tools.need index d3cf0338e..8542c18a4 100644 --- a/3rdparty/bazel/com_github_google_go_tpm_tools/com_github_google_go_tpm_tools.need +++ b/3rdparty/bazel/com_github_google_go_tpm_tools/com_github_google_go_tpm_tools.need @@ -8,10 +8,7 @@ go_library( "internal_cross.go", ], cgo = True, - cdeps = select({ - "@//bazel/settings:tpm_simulator_enabled": ["//simulator/ms-tpm-20-ref:ms_tpm_20_ref"], - "//conditions:default": ["@//3rdparty/bazel/com_github_google_go_tpm_tools/placeholder:ms_tpm_20_ref_disabled"], - }), + cdeps = ["//simulator/ms-tpm-20-ref:ms_tpm_20_ref"], copts = [ "-fno-sanitize=all", # relax sanitizer checks for this test-only dependency ], diff --git a/3rdparty/bazel/com_github_google_go_tpm_tools/com_github_google_go_tpm_tools.patch b/3rdparty/bazel/com_github_google_go_tpm_tools/com_github_google_go_tpm_tools.patch index 238e50f9e..d6d117d8e 100644 --- a/3rdparty/bazel/com_github_google_go_tpm_tools/com_github_google_go_tpm_tools.patch +++ b/3rdparty/bazel/com_github_google_go_tpm_tools/com_github_google_go_tpm_tools.patch @@ -1,6 +1,6 @@ --- simulator/internal/BUILD.bazel +++ simulator/internal/BUILD.bazel -@@ -4,83 +4,17 @@ +@@ -4,83 +4,14 @@ name = "internal", srcs = [ "doc.go", @@ -17,10 +17,8 @@ - "-L/usr/local/opt/openssl/lib", - ], - "//conditions:default": [], -+ cdeps = select({ -+ "@//bazel/settings:tpm_simulator_enabled": ["//simulator/ms-tpm-20-ref:ms_tpm_20_ref"], -+ "//conditions:default": ["@//3rdparty/bazel/com_github_google_go_tpm_tools/placeholder:ms_tpm_20_ref_disabled"], - }), +- }), ++ cdeps = ["//simulator/ms-tpm-20-ref:ms_tpm_20_ref"], copts = [ - "-DALG_SHA512=ALG_YES", - "-DCERTIFYX509_DEBUG=NO", diff --git a/3rdparty/bazel/com_github_google_go_tpm_tools/ms_tpm_20_ref.need b/3rdparty/bazel/com_github_google_go_tpm_tools/ms_tpm_20_ref.need index 83b388537..7758874e6 100644 --- a/3rdparty/bazel/com_github_google_go_tpm_tools/ms_tpm_20_ref.need +++ b/3rdparty/bazel/com_github_google_go_tpm_tools/ms_tpm_20_ref.need @@ -229,8 +229,10 @@ cc_library( ], deps = [ ":ms_tpm_20_ref_google_samples", - "@//nix/cc:org_openssl", - ], + ] + select({ + "@io_bazel_rules_go//go/platform:linux_arm64": ["@@org_openssl_aarch64-linux//:org_openssl"], + "@io_bazel_rules_go//go/platform:linux_amd64": ["@@org_openssl_x86_64-linux//:org_openssl"], + }), target_compatible_with = [ "@platforms//os:linux", ] diff --git a/3rdparty/bazel/com_github_google_go_tpm_tools/ms_tpm_20_ref.patch b/3rdparty/bazel/com_github_google_go_tpm_tools/ms_tpm_20_ref.patch index e98141b8a..8340c947f 100644 --- a/3rdparty/bazel/com_github_google_go_tpm_tools/ms_tpm_20_ref.patch +++ b/3rdparty/bazel/com_github_google_go_tpm_tools/ms_tpm_20_ref.patch @@ -1,6 +1,6 @@ --- simulator/ms-tpm-20-ref/BUILD.bazel +++ simulator/ms-tpm-20-ref/BUILD.bazel -@@ -0,0 +1,512 @@ +@@ -0,0 +1,516 @@ +cc_library( + name = "ms_tpm_20_ref", + visibility = ["//visibility:public"], @@ -229,10 +229,14 @@ + ], + deps = [ + ":ms_tpm_20_ref_google_samples", -+ "@//nix/cc:org_openssl", -+ ], ++ ] + select({ ++ "@io_bazel_rules_go//go/platform:darwin_arm64": ["@@org_openssl_aarch64-darwin//:org_openssl"], ++ "@io_bazel_rules_go//go/platform:darwin_amd64": ["@@org_openssl_x86_64-darwin//:org_openssl"], ++ "@io_bazel_rules_go//go/platform:linux_arm64": ["@@org_openssl_aarch64-linux//:org_openssl"], ++ "@io_bazel_rules_go//go/platform:linux_amd64": ["@@org_openssl_x86_64-linux//:org_openssl"], ++ }), + target_compatible_with = [ -+ "@platforms//os:linux", ++ "@@platforms//os:linux", + ], +) + diff --git a/3rdparty/bazel/com_github_google_go_tpm_tools/placeholder/BUILD.bazel b/3rdparty/bazel/com_github_google_go_tpm_tools/placeholder/BUILD.bazel deleted file mode 100644 index 07d713e46..000000000 --- a/3rdparty/bazel/com_github_google_go_tpm_tools/placeholder/BUILD.bazel +++ /dev/null @@ -1,12 +0,0 @@ -load("@rules_cc//cc:defs.bzl", "cc_library") - -cc_library( - name = "ms_tpm_20_ref_disabled", - srcs = ["ms_tpm_20_disabled.c"], - hdrs = [ - "Platform.h", - "Tpm.h", - ], - includes = ["."], - visibility = ["//visibility:public"], -) diff --git a/3rdparty/bazel/com_github_google_go_tpm_tools/placeholder/Platform.h b/3rdparty/bazel/com_github_google_go_tpm_tools/placeholder/Platform.h deleted file mode 100644 index 8aaa55d10..000000000 --- a/3rdparty/bazel/com_github_google_go_tpm_tools/placeholder/Platform.h +++ /dev/null @@ -1,22 +0,0 @@ -#include -#include -#include - -extern int g_inFailureMode; - -typedef union { - uint16_t size; - uint8_t *buffer; -} TPM2B, TPM2B_SEED; -typedef struct -{ - TPM2B_SEED EPSeed; - TPM2B_SEED SPSeed; - TPM2B_SEED PPSeed; -} PERSISTENT_DATA; - -extern PERSISTENT_DATA gp; - -void _plat__Reset(bool forceManufacture); -void _plat__RunCommand(uint32_t requestSize, unsigned char *request, - uint32_t *responseSize, unsigned char **response); diff --git a/3rdparty/bazel/com_github_google_go_tpm_tools/placeholder/Tpm.h b/3rdparty/bazel/com_github_google_go_tpm_tools/placeholder/Tpm.h deleted file mode 100644 index 2e94e1749..000000000 --- a/3rdparty/bazel/com_github_google_go_tpm_tools/placeholder/Tpm.h +++ /dev/null @@ -1,27 +0,0 @@ -#undef TRUE -#define TRUE 1 -#undef FALSE -#define FALSE 0 -#undef YES -#define YES 1 -#undef NO -#define NO 0 -#undef SET -#define SET 1 -#undef CLEAR -#define CLEAR 0 -#ifndef MAX_RESPONSE_SIZE -#define MAX_RESPONSE_SIZE 4096 -#endif - -#ifndef EPSeed -#define EPSeed 1 -#endif -#ifndef SPSeed -#define SPSeed 1 -#endif -#ifndef PPSeed -#define PPSeed 1 -#endif - -#define NV_SYNC_PERSISTENT(x) diff --git a/3rdparty/bazel/com_github_google_go_tpm_tools/placeholder/ms_tpm_20_disabled.c b/3rdparty/bazel/com_github_google_go_tpm_tools/placeholder/ms_tpm_20_disabled.c deleted file mode 100644 index a56d7f43c..000000000 --- a/3rdparty/bazel/com_github_google_go_tpm_tools/placeholder/ms_tpm_20_disabled.c +++ /dev/null @@ -1,9 +0,0 @@ -#include "Platform.h" -#include "Tpm.h" - -int g_inFailureMode = 0; - -void _plat__Reset(bool forceManufacture) {} - -void _plat__RunCommand(uint32_t requestSize, unsigned char *request, - uint32_t *responseSize, unsigned char **response) {} diff --git a/3rdparty/bazel/com_github_martinjungblut_go_cryptsetup/com_github_martinjungblut_go_cryptsetup.patch b/3rdparty/bazel/com_github_martinjungblut_go_cryptsetup/com_github_martinjungblut_go_cryptsetup.patch index f87c1a730..0319cc797 100644 --- a/3rdparty/bazel/com_github_martinjungblut_go_cryptsetup/com_github_martinjungblut_go_cryptsetup.patch +++ b/3rdparty/bazel/com_github_martinjungblut_go_cryptsetup/com_github_martinjungblut_go_cryptsetup.patch @@ -4,9 +4,9 @@ "plain.go", ], cgo = True, -+ cdeps = [ -+ "@//nix/cc:cryptsetup", -+ ], ++ cdeps = select({ ++ "@io_bazel_rules_go//go/platform:linux_amd64": ["@@cryptsetup_x86_64-linux//:cryptsetup"], ++ }), importpath = "github.com/martinjungblut/go-cryptsetup", visibility = ["//visibility:public"], ) diff --git a/3rdparty/bazel/org_libvirt_go_libvirt/go_libvirt.patch b/3rdparty/bazel/org_libvirt_go_libvirt/go_libvirt.patch index d2c799cae..78150041c 100644 --- a/3rdparty/bazel/org_libvirt_go_libvirt/go_libvirt.patch +++ b/3rdparty/bazel/org_libvirt_go_libvirt/go_libvirt.patch @@ -5,7 +5,7 @@ "typedparams.go", ], + cdeps = [ -+ "@//nix/cc:libvirt", ++ "@@libvirt_x86_64-linux//:libvirt", + ], cgo = True, importpath = "libvirt.org/go/libvirt", diff --git a/bootstrapper/internal/initserver/BUILD.bazel b/bootstrapper/internal/initserver/BUILD.bazel index b1d5e66ba..3ad04343c 100644 --- a/bootstrapper/internal/initserver/BUILD.bazel +++ b/bootstrapper/internal/initserver/BUILD.bazel @@ -21,7 +21,7 @@ go_library( "//internal/nodestate", "//internal/role", "//internal/versions/components", - "@org_golang_google_grpc//:go_default_library", + "@org_golang_google_grpc//:grpc", "@org_golang_google_grpc//codes", "@org_golang_google_grpc//keepalive", "@org_golang_google_grpc//status", @@ -50,7 +50,7 @@ go_test( "@com_github_spf13_afero//:afero", "@com_github_stretchr_testify//assert", "@com_github_stretchr_testify//require", - "@org_golang_google_grpc//:go_default_library", + "@org_golang_google_grpc//:grpc", "@org_golang_x_crypto//bcrypt", "@org_uber_go_goleak//:goleak", ], diff --git a/bootstrapper/internal/joinclient/BUILD.bazel b/bootstrapper/internal/joinclient/BUILD.bazel index 687ffd250..048df72ac 100644 --- a/bootstrapper/internal/joinclient/BUILD.bazel +++ b/bootstrapper/internal/joinclient/BUILD.bazel @@ -20,7 +20,7 @@ go_library( "@io_k8s_kubernetes//cmd/kubeadm/app/apis/kubeadm/v1beta3", "@io_k8s_kubernetes//cmd/kubeadm/app/constants", "@io_k8s_utils//clock", - "@org_golang_google_grpc//:go_default_library", + "@org_golang_google_grpc//:grpc", ], ) @@ -48,7 +48,7 @@ go_test( "@com_github_stretchr_testify//require", "@io_k8s_kubernetes//cmd/kubeadm/app/apis/kubeadm/v1beta3", "@io_k8s_utils//clock/testing", - "@org_golang_google_grpc//:go_default_library", + "@org_golang_google_grpc//:grpc", "@org_uber_go_goleak//:goleak", ], ) diff --git a/cli/internal/cmd/BUILD.bazel b/cli/internal/cmd/BUILD.bazel index 8c300b62a..6f29a7965 100644 --- a/cli/internal/cmd/BUILD.bazel +++ b/cli/internal/cmd/BUILD.bazel @@ -109,8 +109,8 @@ go_library( "@io_k8s_client_go//tools/clientcmd", "@io_k8s_client_go//tools/clientcmd/api/latest", "@io_k8s_sigs_yaml//:yaml", - "@org_golang_google_grpc//:go_default_library", "@org_golang_x_mod//semver", + "@org_golang_google_grpc//:grpc", ] + select({ "@io_bazel_rules_go//go/platform:android_amd64": [ "@org_golang_x_sys//unix", @@ -193,7 +193,7 @@ go_test( "@io_k8s_apimachinery//pkg/runtime/schema", "@io_k8s_client_go//tools/clientcmd", "@io_k8s_client_go//tools/clientcmd/api", - "@org_golang_google_grpc//:go_default_library", + "@org_golang_google_grpc//:grpc", "@org_golang_google_grpc//codes", "@org_golang_google_grpc//status", "@org_golang_x_mod//semver", diff --git a/csi/kms/BUILD.bazel b/csi/kms/BUILD.bazel index 19d174a01..81dd9ecd8 100644 --- a/csi/kms/BUILD.bazel +++ b/csi/kms/BUILD.bazel @@ -8,7 +8,7 @@ go_library( visibility = ["//visibility:public"], deps = [ "//keyservice/keyserviceproto", - "@org_golang_google_grpc//:go_default_library", + "@org_golang_google_grpc//:grpc", "@org_golang_google_grpc//credentials/insecure", ], ) @@ -20,7 +20,7 @@ go_test( deps = [ "//keyservice/keyserviceproto", "@com_github_stretchr_testify//assert", - "@org_golang_google_grpc//:go_default_library", + "@org_golang_google_grpc//:grpc", "@org_golang_google_grpc//test/bufconn", "@org_uber_go_goleak//:goleak", ], diff --git a/debugd/internal/cdbg/cmd/BUILD.bazel b/debugd/internal/cdbg/cmd/BUILD.bazel index 94420b1c1..e48d0d5d1 100644 --- a/debugd/internal/cdbg/cmd/BUILD.bazel +++ b/debugd/internal/cdbg/cmd/BUILD.bazel @@ -22,7 +22,7 @@ go_library( "//internal/logger", "@com_github_spf13_afero//:afero", "@com_github_spf13_cobra//:cobra", - "@org_golang_google_grpc//:go_default_library", + "@org_golang_google_grpc//:grpc", "@org_golang_google_grpc//credentials/insecure", ], ) diff --git a/debugd/internal/debugd/deploy/BUILD.bazel b/debugd/internal/debugd/deploy/BUILD.bazel index 16ba9cdf3..29bdd0ccf 100644 --- a/debugd/internal/debugd/deploy/BUILD.bazel +++ b/debugd/internal/debugd/deploy/BUILD.bazel @@ -18,7 +18,7 @@ go_library( "//internal/constants", "@com_github_coreos_go_systemd_v22//dbus", "@com_github_spf13_afero//:afero", - "@org_golang_google_grpc//:go_default_library", + "@org_golang_google_grpc//:grpc", "@org_golang_google_grpc//credentials/insecure", ], ) @@ -39,7 +39,7 @@ go_test( "@com_github_spf13_afero//:afero", "@com_github_stretchr_testify//assert", "@com_github_stretchr_testify//require", - "@org_golang_google_grpc//:go_default_library", + "@org_golang_google_grpc//:grpc", "@org_uber_go_goleak//:goleak", ], ) diff --git a/debugd/internal/debugd/server/BUILD.bazel b/debugd/internal/debugd/server/BUILD.bazel index ee0de46c2..6d8d298be 100644 --- a/debugd/internal/debugd/server/BUILD.bazel +++ b/debugd/internal/debugd/server/BUILD.bazel @@ -13,7 +13,7 @@ go_library( "//debugd/service", "//internal/constants", "//internal/logger", - "@org_golang_google_grpc//:go_default_library", + "@org_golang_google_grpc//:grpc", "@org_golang_google_grpc//keepalive", ], ) @@ -32,7 +32,7 @@ go_test( "//internal/logger", "@com_github_stretchr_testify//assert", "@com_github_stretchr_testify//require", - "@org_golang_google_grpc//:go_default_library", + "@org_golang_google_grpc//:grpc", "@org_golang_google_grpc//credentials/insecure", "@org_uber_go_goleak//:goleak", ], diff --git a/disk-mapper/internal/recoveryserver/BUILD.bazel b/disk-mapper/internal/recoveryserver/BUILD.bazel index 966b93afd..fc1c24a53 100644 --- a/disk-mapper/internal/recoveryserver/BUILD.bazel +++ b/disk-mapper/internal/recoveryserver/BUILD.bazel @@ -14,7 +14,7 @@ go_library( "//internal/grpc/grpclog", "//internal/kms/kms", "//internal/logger", - "@org_golang_google_grpc//:go_default_library", + "@org_golang_google_grpc//:grpc", "@org_golang_google_grpc//codes", "@org_golang_google_grpc//status", ], diff --git a/disk-mapper/internal/rejoinclient/BUILD.bazel b/disk-mapper/internal/rejoinclient/BUILD.bazel index 01f0c26e5..77238f692 100644 --- a/disk-mapper/internal/rejoinclient/BUILD.bazel +++ b/disk-mapper/internal/rejoinclient/BUILD.bazel @@ -12,7 +12,7 @@ go_library( "//internal/role", "//joinservice/joinproto", "@io_k8s_utils//clock", - "@org_golang_google_grpc//:go_default_library", + "@org_golang_google_grpc//:grpc", ], ) @@ -31,7 +31,7 @@ go_test( "//joinservice/joinproto", "@com_github_stretchr_testify//assert", "@io_k8s_utils//clock/testing", - "@org_golang_google_grpc//:go_default_library", + "@org_golang_google_grpc//:grpc", "@org_uber_go_goleak//:goleak", ], ) diff --git a/internal/constellation/BUILD.bazel b/internal/constellation/BUILD.bazel index 58bd5d235..0e59b388d 100644 --- a/internal/constellation/BUILD.bazel +++ b/internal/constellation/BUILD.bazel @@ -38,7 +38,7 @@ go_library( "//internal/versions", "@io_k8s_apiextensions_apiserver//pkg/apis/apiextensions/v1:apiextensions", "@io_k8s_client_go//tools/clientcmd", - "@org_golang_google_grpc//:go_default_library", + "@org_golang_google_grpc//:grpc", ], ) @@ -69,6 +69,6 @@ go_test( "@com_github_stretchr_testify//require", "@io_k8s_client_go//tools/clientcmd", "@io_k8s_client_go//tools/clientcmd/api", - "@org_golang_google_grpc//:go_default_library", + "@org_golang_google_grpc//:grpc", ], ) diff --git a/internal/grpc/atlscredentials/BUILD.bazel b/internal/grpc/atlscredentials/BUILD.bazel index 8f16bd02f..c69ef3bda 100644 --- a/internal/grpc/atlscredentials/BUILD.bazel +++ b/internal/grpc/atlscredentials/BUILD.bazel @@ -21,7 +21,7 @@ go_test( "//internal/atls", "@com_github_stretchr_testify//assert", "@com_github_stretchr_testify//require", - "@org_golang_google_grpc//:go_default_library", + "@org_golang_google_grpc//:grpc", "@org_golang_google_grpc//test/bufconn", "@org_uber_go_goleak//:goleak", ], diff --git a/internal/grpc/dialer/BUILD.bazel b/internal/grpc/dialer/BUILD.bazel index b8428ba2d..9dc1aaf8f 100644 --- a/internal/grpc/dialer/BUILD.bazel +++ b/internal/grpc/dialer/BUILD.bazel @@ -9,7 +9,7 @@ go_library( deps = [ "//internal/atls", "//internal/grpc/atlscredentials", - "@org_golang_google_grpc//:go_default_library", + "@org_golang_google_grpc//:grpc", "@org_golang_google_grpc//credentials/insecure", ], ) @@ -25,7 +25,7 @@ go_test( "//internal/grpc/testdialer", "@com_github_stretchr_testify//assert", "@com_github_stretchr_testify//require", - "@org_golang_google_grpc//:go_default_library", + "@org_golang_google_grpc//:grpc", "@org_golang_google_grpc//interop/grpc_testing", "@org_uber_go_goleak//:goleak", ], diff --git a/internal/logger/BUILD.bazel b/internal/logger/BUILD.bazel index 4b8daad96..10f753f44 100644 --- a/internal/logger/BUILD.bazel +++ b/internal/logger/BUILD.bazel @@ -12,7 +12,7 @@ go_library( visibility = ["//:__subpackages__"], deps = [ "@com_github_grpc_ecosystem_go_grpc_middleware_v2//interceptors/logging", - "@org_golang_google_grpc//:go_default_library", + "@org_golang_google_grpc//:grpc", "@org_golang_google_grpc//grpclog", ], ) diff --git a/joinservice/internal/kms/BUILD.bazel b/joinservice/internal/kms/BUILD.bazel index 35f6a6bbb..b3c7a3dc9 100644 --- a/joinservice/internal/kms/BUILD.bazel +++ b/joinservice/internal/kms/BUILD.bazel @@ -8,7 +8,7 @@ go_library( visibility = ["//joinservice:__subpackages__"], deps = [ "//keyservice/keyserviceproto", - "@org_golang_google_grpc//:go_default_library", + "@org_golang_google_grpc//:grpc", "@org_golang_google_grpc//credentials/insecure", ], ) @@ -21,7 +21,7 @@ go_test( "//internal/logger", "//keyservice/keyserviceproto", "@com_github_stretchr_testify//assert", - "@org_golang_google_grpc//:go_default_library", + "@org_golang_google_grpc//:grpc", "@org_golang_google_grpc//test/bufconn", "@org_uber_go_goleak//:goleak", ], diff --git a/joinservice/internal/server/BUILD.bazel b/joinservice/internal/server/BUILD.bazel index 409c50c0e..7e29a733c 100644 --- a/joinservice/internal/server/BUILD.bazel +++ b/joinservice/internal/server/BUILD.bazel @@ -15,7 +15,7 @@ go_library( "//internal/versions/components", "//joinservice/joinproto", "@io_k8s_kubernetes//cmd/kubeadm/app/apis/kubeadm/v1beta3", - "@org_golang_google_grpc//:go_default_library", + "@org_golang_google_grpc//:grpc", "@org_golang_google_grpc//codes", "@org_golang_google_grpc//credentials", "@org_golang_google_grpc//status", diff --git a/keyservice/internal/server/BUILD.bazel b/keyservice/internal/server/BUILD.bazel index 756c76f6d..22110e200 100644 --- a/keyservice/internal/server/BUILD.bazel +++ b/keyservice/internal/server/BUILD.bazel @@ -12,7 +12,7 @@ go_library( "//internal/kms/kms", "//internal/logger", "//keyservice/keyserviceproto", - "@org_golang_google_grpc//:go_default_library", + "@org_golang_google_grpc//:grpc", "@org_golang_google_grpc//codes", "@org_golang_google_grpc//status", ], diff --git a/operators/constellation-node-operator/internal/upgrade/BUILD.bazel b/operators/constellation-node-operator/internal/upgrade/BUILD.bazel index 546ffaf7d..ec1a62223 100644 --- a/operators/constellation-node-operator/internal/upgrade/BUILD.bazel +++ b/operators/constellation-node-operator/internal/upgrade/BUILD.bazel @@ -9,7 +9,7 @@ go_library( "//internal/constants", "//internal/versions/components", "//upgrade-agent/upgradeproto", - "@org_golang_google_grpc//:go_default_library", + "@org_golang_google_grpc//:grpc", "@org_golang_google_grpc//credentials/insecure", ], ) diff --git a/s3proxy/internal/kms/BUILD.bazel b/s3proxy/internal/kms/BUILD.bazel index bb7bc1cd4..630b13818 100644 --- a/s3proxy/internal/kms/BUILD.bazel +++ b/s3proxy/internal/kms/BUILD.bazel @@ -8,7 +8,7 @@ go_library( visibility = ["//s3proxy:__subpackages__"], deps = [ "//keyservice/keyserviceproto", - "@org_golang_google_grpc//:go_default_library", + "@org_golang_google_grpc//:grpc", "@org_golang_google_grpc//credentials/insecure", ], ) @@ -21,7 +21,7 @@ go_test( "//internal/logger", "//keyservice/keyserviceproto", "@com_github_stretchr_testify//assert", - "@org_golang_google_grpc//:go_default_library", + "@org_golang_google_grpc//:grpc", "@org_golang_google_grpc//test/bufconn", "@org_uber_go_goleak//:goleak", ], diff --git a/upgrade-agent/internal/server/BUILD.bazel b/upgrade-agent/internal/server/BUILD.bazel index 0d6275d78..e7424a639 100644 --- a/upgrade-agent/internal/server/BUILD.bazel +++ b/upgrade-agent/internal/server/BUILD.bazel @@ -13,7 +13,7 @@ go_library( "//internal/logger", "//internal/versions/components", "//upgrade-agent/upgradeproto", - "@org_golang_google_grpc//:go_default_library", + "@org_golang_google_grpc//:grpc", "@org_golang_google_grpc//codes", "@org_golang_google_grpc//status", "@org_golang_x_mod//semver", diff --git a/verify/server/BUILD.bazel b/verify/server/BUILD.bazel index 3cd658b83..1561eb055 100644 --- a/verify/server/BUILD.bazel +++ b/verify/server/BUILD.bazel @@ -10,7 +10,7 @@ go_library( "//internal/constants", "//internal/logger", "//verify/verifyproto", - "@org_golang_google_grpc//:go_default_library", + "@org_golang_google_grpc//:grpc", "@org_golang_google_grpc//codes", "@org_golang_google_grpc//keepalive", "@org_golang_google_grpc//peer", From 2c8a16294e4010d602928f0aa4b8fa9453aaac60 Mon Sep 17 00:00:00 2001 From: Malte Poll <1780588+malt3@users.noreply.github.com> Date: Wed, 22 May 2024 10:39:03 +0200 Subject: [PATCH 015/380] bazel: migrate rules_proto to bzlmod --- MODULE.bazel | 1 + WORKSPACE.bzlmod | 11 ----------- bazel/toolchains/proto_deps.bzl | 15 --------------- bootstrapper/initproto/init.pb.go | 2 +- debugd/service/debugd.pb.go | 2 +- disk-mapper/recoverproto/recover.pb.go | 2 +- internal/versions/components/components.pb.go | 2 +- joinservice/joinproto/join.pb.go | 2 +- keyservice/keyserviceproto/keyservice.pb.go | 2 +- upgrade-agent/upgradeproto/upgrade.pb.go | 2 +- verify/verifyproto/verify.pb.go | 2 +- 11 files changed, 9 insertions(+), 34 deletions(-) delete mode 100644 bazel/toolchains/proto_deps.bzl diff --git a/MODULE.bazel b/MODULE.bazel index b23e7972a..388950354 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -7,6 +7,7 @@ bazel_dep(name = "hermetic_cc_toolchain", version = "3.1.0") bazel_dep(name = "rules_cc", version = "0.0.9") bazel_dep(name = "rules_go", version = "0.47.1", repo_name = "io_bazel_rules_go") bazel_dep(name = "rules_pkg", version = "0.10.1") +bazel_dep(name = "rules_proto", version = "6.0.0") bazel_dep(name = "rules_python", version = "0.32.2") bazel_dep(name = "buildifier_prebuilt", version = "6.4.0", dev_dependency = True) diff --git a/WORKSPACE.bzlmod b/WORKSPACE.bzlmod index 5df1e98b4..228e281b0 100644 --- a/WORKSPACE.bzlmod +++ b/WORKSPACE.bzlmod @@ -142,17 +142,6 @@ nixpkgs_python_configure( # gazelle:repo gazelle -# proto toolchain -load("//bazel/toolchains:proto_deps.bzl", "proto_deps") - -proto_deps() - -load("@rules_proto//proto:repositories.bzl", "rules_proto_dependencies", "rules_proto_toolchains") - -rules_proto_dependencies() - -rules_proto_toolchains() - # C / C++ toolchains load("@hermetic_cc_toolchain//toolchain:defs.bzl", zig_toolchains = "toolchains") diff --git a/bazel/toolchains/proto_deps.bzl b/bazel/toolchains/proto_deps.bzl deleted file mode 100644 index 72b02ff09..000000000 --- a/bazel/toolchains/proto_deps.bzl +++ /dev/null @@ -1,15 +0,0 @@ -"""proto toolchain rules""" - -load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") - -def proto_deps(): - http_archive( - name = "rules_proto", - sha256 = "17fa03f509b0d1df05c70c174a266ab211d04b9969e41924fd07a81ea171f117", - strip_prefix = "rules_proto-cda0effe6b5af095a6886c67f90c760b83f08c48", - urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/17fa03f509b0d1df05c70c174a266ab211d04b9969e41924fd07a81ea171f117", - "https://github.com/bazelbuild/rules_proto/archive/cda0effe6b5af095a6886c67f90c760b83f08c48.tar.gz", - ], - type = "tar.gz", - ) diff --git a/bootstrapper/initproto/init.pb.go b/bootstrapper/initproto/init.pb.go index 05a6dc25a..f9a64cc73 100644 --- a/bootstrapper/initproto/init.pb.go +++ b/bootstrapper/initproto/init.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.34.1 -// protoc v4.22.1 +// protoc v3.21.7 // source: bootstrapper/initproto/init.proto package initproto diff --git a/debugd/service/debugd.pb.go b/debugd/service/debugd.pb.go index 94849aae9..e32f17aa2 100644 --- a/debugd/service/debugd.pb.go +++ b/debugd/service/debugd.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.34.1 -// protoc v4.22.1 +// protoc v3.21.7 // source: debugd/service/debugd.proto package service diff --git a/disk-mapper/recoverproto/recover.pb.go b/disk-mapper/recoverproto/recover.pb.go index 46d6943fa..d63b28706 100644 --- a/disk-mapper/recoverproto/recover.pb.go +++ b/disk-mapper/recoverproto/recover.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.34.1 -// protoc v4.22.1 +// protoc v3.21.7 // source: disk-mapper/recoverproto/recover.proto package recoverproto diff --git a/internal/versions/components/components.pb.go b/internal/versions/components/components.pb.go index c3436fa85..8d7872afb 100644 --- a/internal/versions/components/components.pb.go +++ b/internal/versions/components/components.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.34.1 -// protoc v4.22.1 +// protoc v3.21.7 // source: internal/versions/components/components.proto package components diff --git a/joinservice/joinproto/join.pb.go b/joinservice/joinproto/join.pb.go index 6e0a6efad..192e85d8e 100644 --- a/joinservice/joinproto/join.pb.go +++ b/joinservice/joinproto/join.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.34.1 -// protoc v4.22.1 +// protoc v3.21.7 // source: joinservice/joinproto/join.proto package joinproto diff --git a/keyservice/keyserviceproto/keyservice.pb.go b/keyservice/keyserviceproto/keyservice.pb.go index 37f15ecae..9dc0b8a21 100644 --- a/keyservice/keyserviceproto/keyservice.pb.go +++ b/keyservice/keyserviceproto/keyservice.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.34.1 -// protoc v4.22.1 +// protoc v3.21.7 // source: keyservice/keyserviceproto/keyservice.proto package keyserviceproto diff --git a/upgrade-agent/upgradeproto/upgrade.pb.go b/upgrade-agent/upgradeproto/upgrade.pb.go index 1fb32ecfb..f1982367e 100644 --- a/upgrade-agent/upgradeproto/upgrade.pb.go +++ b/upgrade-agent/upgradeproto/upgrade.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.34.1 -// protoc v4.22.1 +// protoc v3.21.7 // source: upgrade-agent/upgradeproto/upgrade.proto package upgradeproto diff --git a/verify/verifyproto/verify.pb.go b/verify/verifyproto/verify.pb.go index 6c1b13f13..4299746cf 100644 --- a/verify/verifyproto/verify.pb.go +++ b/verify/verifyproto/verify.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.34.1 -// protoc v4.22.1 +// protoc v3.21.7 // source: verify/verifyproto/verify.proto package verifyproto From f57698ac3fd0a5f7f98ef6780f0bc6ea10179055 Mon Sep 17 00:00:00 2001 From: Malte Poll <1780588+malt3@users.noreply.github.com> Date: Wed, 22 May 2024 10:49:00 +0200 Subject: [PATCH 016/380] dev-docs: document new location of Go toolchain version --- dev-docs/workflows/bump-go-version.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/dev-docs/workflows/bump-go-version.md b/dev-docs/workflows/bump-go-version.md index 9fe837af1..6416b4db0 100644 --- a/dev-docs/workflows/bump-go-version.md +++ b/dev-docs/workflows/bump-go-version.md @@ -4,12 +4,11 @@ ## Steps -Replace "1.xx.x" with the new version in [WORKSPACE.bzlmod](/WORKSPACE.bzlmod): +Replace "1.xx.x" with the new version in [MODULE.bazel](/MODULE.bazel): ```starlark -load("@io_bazel_rules_go//go:deps.bzl", "go_download_sdk", "go_register_toolchains", "go_rules_dependencies") - -go_download_sdk( +go_sdk = use_extension("@io_bazel_rules_go//go:extensions.bzl", "go_sdk") +go_sdk.download( name = "go_sdk", patches = ["//3rdparty/bazel/org_golang:go_tls_max_handshake_size.patch"], version = "1.xx.x", <--- Replace this one From 8181582450699ecd6b7f326534f612d3b25e9cb7 Mon Sep 17 00:00:00 2001 From: Malte Poll <1780588+malt3@users.noreply.github.com> Date: Wed, 22 May 2024 10:56:04 +0200 Subject: [PATCH 017/380] link-checker: add ignored sites --- .lychee.toml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.lychee.toml b/.lychee.toml index 9106ef457..70b1a2652 100644 --- a/.lychee.toml +++ b/.lychee.toml @@ -33,6 +33,10 @@ exclude = [ '^https://portal\.azure\.com/', # The Wireguard website sproadically returns 500. '^https://www\.wireguard\.com/', + # venturebeat detects our link checker + '^https://venturebeat\.com/', + # dev-docs reference the internal wiki + '^https://github\.com/edgelesssys/wiki', ] # Exclude these filesystem paths from getting checked. From 1b3b3041d7264372da1e27cfc1f78a352b5816f3 Mon Sep 17 00:00:00 2001 From: Malte Poll <1780588+malt3@users.noreply.github.com> Date: Wed, 22 May 2024 11:08:37 +0200 Subject: [PATCH 018/380] renovate: match additional names for Bazel core deps --- renovate.json5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/renovate.json5 b/renovate.json5 index d6fc3454e..5dd623063 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -74,7 +74,7 @@ }, { "matchManagers": ["bazelisk", "bazel", "bazel-module"], - "matchDepNames": ["bazel", "io_bazel_rules_go", "bazel_gazelle"], + "matchDepNames": ["bazel", "io_bazel_rules_go", "bazel_gazelle", "rules_go", "gazelle"], "groupName": "bazel (core)", }, { From 6533351dd9e9523801cf29028f0aed0b33d8131d Mon Sep 17 00:00:00 2001 From: Malte Poll <1780588+malt3@users.noreply.github.com> Date: Wed, 22 May 2024 13:24:42 +0200 Subject: [PATCH 019/380] bazel: limit concurrency of mkosi_image rule The mkosi_image rule uses a lot of memory. In order to allow higher levels of concurrency, such as `bazel build --jobs 128`, we need to more accurately model the amount of CPU and memory required. --- bazel/mkosi/mkosi_image.bzl | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/bazel/mkosi/mkosi_image.bzl b/bazel/mkosi/mkosi_image.bzl index dbb3c9a8b..6af63dff1 100644 --- a/bazel/mkosi/mkosi_image.bzl +++ b/bazel/mkosi/mkosi_image.bzl @@ -2,6 +2,9 @@ load("@bazel_skylib//lib:paths.bzl", "paths") +def _resource_set(_os, _num_inputs): + return {"cpu": 4, "memory": 4096} + def _mkosi_image_impl(ctx): args = ctx.actions.args() inputs = [] @@ -99,6 +102,7 @@ def _mkosi_image_impl(ctx): execution_requirements = {"no-remote": "1", "no-sandbox": "1"}, progress_message = "Building mkosi image " + ctx.label.name, env = env, + resource_set = _resource_set, ) return DefaultInfo(files = depset(outputs), runfiles = ctx.runfiles(outputs)) From 162e73de72e37b7b1b2946c8e75c9ac51b16d5de Mon Sep 17 00:00:00 2001 From: Malte Poll <1780588+malt3@users.noreply.github.com> Date: Wed, 22 May 2024 15:02:12 +0200 Subject: [PATCH 020/380] bazel: commit bzlmod lockfile While it does have some quirks before Bazel 7.2, it is still vital for security. --- MODULE.bazel.lock | 5358 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 5358 insertions(+) create mode 100644 MODULE.bazel.lock diff --git a/MODULE.bazel.lock b/MODULE.bazel.lock new file mode 100644 index 000000000..c16b5b1e0 --- /dev/null +++ b/MODULE.bazel.lock @@ -0,0 +1,5358 @@ +{ + "lockFileVersion": 6, + "moduleFileHash": "f5aabeaa86601f89a9e222914be7b7bef4cef74d7352d4d82650140637278493", + "flags": { + "cmdRegistries": [ + "https://bcr.bazel.build/" + ], + "cmdModuleOverrides": {}, + "allowedYankedVersions": [], + "envVarAllowedYankedVersions": "", + "ignoreDevDependency": false, + "directDependenciesMode": "WARNING", + "compatibilityMode": "ERROR" + }, + "localOverrideHashes": { + "bazel_tools": "1ae69322ac3823527337acf02016e8ee95813d8d356f47060255b8956fa642f0" + }, + "moduleDepGraph": { + "": { + "name": "constellation", + "version": "", + "key": "", + "repoName": "constellation", + "executionPlatformsToRegister": [], + "toolchainsToRegister": [], + "extensionUsages": [ + { + "extensionBzlFile": "@io_bazel_rules_go//go:extensions.bzl", + "extensionName": "go_sdk", + "usingModule": "", + "location": { + "file": "@@//:MODULE.bazel", + "line": 32, + "column": 23 + }, + "imports": {}, + "devImports": [], + "tags": [ + { + "tagName": "download", + "attributeValues": { + "name": "go_sdk", + "patches": [ + "//3rdparty/bazel/org_golang:go_tls_max_handshake_size.patch" + ], + "version": "1.22.3" + }, + "devDependency": false, + "location": { + "file": "@@//:MODULE.bazel", + "line": 33, + "column": 16 + } + } + ], + "hasDevUseExtension": false, + "hasNonDevUseExtension": true + }, + { + "extensionBzlFile": "@gazelle//:extensions.bzl", + "extensionName": "go_deps", + "usingModule": "", + "location": { + "file": "@@//:MODULE.bazel", + "line": 41, + "column": 24 + }, + "imports": { + "cat_dario_mergo": "cat_dario_mergo", + "com_github_aws_aws_sdk_go": "com_github_aws_aws_sdk_go", + "com_github_aws_aws_sdk_go_v2": "com_github_aws_aws_sdk_go_v2", + "com_github_aws_aws_sdk_go_v2_config": "com_github_aws_aws_sdk_go_v2_config", + "com_github_aws_aws_sdk_go_v2_credentials": "com_github_aws_aws_sdk_go_v2_credentials", + "com_github_aws_aws_sdk_go_v2_feature_ec2_imds": "com_github_aws_aws_sdk_go_v2_feature_ec2_imds", + "com_github_aws_aws_sdk_go_v2_feature_s3_manager": "com_github_aws_aws_sdk_go_v2_feature_s3_manager", + "com_github_aws_aws_sdk_go_v2_service_autoscaling": "com_github_aws_aws_sdk_go_v2_service_autoscaling", + "com_github_aws_aws_sdk_go_v2_service_cloudfront": "com_github_aws_aws_sdk_go_v2_service_cloudfront", + "com_github_aws_aws_sdk_go_v2_service_ec2": "com_github_aws_aws_sdk_go_v2_service_ec2", + "com_github_aws_aws_sdk_go_v2_service_elasticloadbalancingv2": "com_github_aws_aws_sdk_go_v2_service_elasticloadbalancingv2", + "com_github_aws_aws_sdk_go_v2_service_resourcegroupstaggingapi": "com_github_aws_aws_sdk_go_v2_service_resourcegroupstaggingapi", + "com_github_aws_aws_sdk_go_v2_service_s3": "com_github_aws_aws_sdk_go_v2_service_s3", + "com_github_aws_aws_sdk_go_v2_service_secretsmanager": "com_github_aws_aws_sdk_go_v2_service_secretsmanager", + "com_github_aws_smithy_go": "com_github_aws_smithy_go", + "com_github_azure_azure_sdk_for_go": "com_github_azure_azure_sdk_for_go", + "com_github_azure_azure_sdk_for_go_sdk_azcore": "com_github_azure_azure_sdk_for_go_sdk_azcore", + "com_github_azure_azure_sdk_for_go_sdk_azidentity": "com_github_azure_azure_sdk_for_go_sdk_azidentity", + "com_github_azure_azure_sdk_for_go_sdk_resourcemanager_compute_armcompute_v5": "com_github_azure_azure_sdk_for_go_sdk_resourcemanager_compute_armcompute_v5", + "com_github_azure_azure_sdk_for_go_sdk_resourcemanager_network_armnetwork_v5": "com_github_azure_azure_sdk_for_go_sdk_resourcemanager_network_armnetwork_v5", + "com_github_azure_azure_sdk_for_go_sdk_security_keyvault_azsecrets": "com_github_azure_azure_sdk_for_go_sdk_security_keyvault_azsecrets", + "com_github_azure_azure_sdk_for_go_sdk_storage_azblob": "com_github_azure_azure_sdk_for_go_sdk_storage_azblob", + "com_github_bazelbuild_buildtools": "com_github_bazelbuild_buildtools", + "com_github_burntsushi_toml": "com_github_burntsushi_toml", + "com_github_coreos_go_systemd_v22": "com_github_coreos_go_systemd_v22", + "com_github_docker_docker": "com_github_docker_docker", + "com_github_edgelesssys_go_azguestattestation": "com_github_edgelesssys_go_azguestattestation", + "com_github_edgelesssys_go_tdx_qpl": "com_github_edgelesssys_go_tdx_qpl", + "com_github_foxboron_go_uefi": "com_github_foxboron_go_uefi", + "com_github_fsnotify_fsnotify": "com_github_fsnotify_fsnotify", + "com_github_go_playground_locales": "com_github_go_playground_locales", + "com_github_go_playground_universal_translator": "com_github_go_playground_universal_translator", + "com_github_go_playground_validator_v10": "com_github_go_playground_validator_v10", + "com_github_golang_jwt_jwt_v5": "com_github_golang_jwt_jwt_v5", + "com_github_google_go_licenses": "com_github_google_go_licenses", + "com_github_google_go_sev_guest": "com_github_google_go_sev_guest", + "com_github_google_go_tdx_guest": "com_github_google_go_tdx_guest", + "com_github_google_go_tpm": "com_github_google_go_tpm", + "com_github_google_go_tpm_tools": "com_github_google_go_tpm_tools", + "com_github_google_keep_sorted": "com_github_google_keep_sorted", + "com_github_google_uuid": "com_github_google_uuid", + "com_github_googleapis_gax_go_v2": "com_github_googleapis_gax_go_v2", + "com_github_gophercloud_gophercloud": "com_github_gophercloud_gophercloud", + "com_github_gophercloud_utils": "com_github_gophercloud_utils", + "com_github_grpc_ecosystem_go_grpc_middleware_v2": "com_github_grpc_ecosystem_go_grpc_middleware_v2", + "com_github_hashicorp_go_kms_wrapping_v2": "com_github_hashicorp_go_kms_wrapping_v2", + "com_github_hashicorp_go_kms_wrapping_wrappers_awskms_v2": "com_github_hashicorp_go_kms_wrapping_wrappers_awskms_v2", + "com_github_hashicorp_go_kms_wrapping_wrappers_azurekeyvault_v2": "com_github_hashicorp_go_kms_wrapping_wrappers_azurekeyvault_v2", + "com_github_hashicorp_go_kms_wrapping_wrappers_gcpckms_v2": "com_github_hashicorp_go_kms_wrapping_wrappers_gcpckms_v2", + "com_github_hashicorp_go_version": "com_github_hashicorp_go_version", + "com_github_hashicorp_hc_install": "com_github_hashicorp_hc_install", + "com_github_hashicorp_hcl_v2": "com_github_hashicorp_hcl_v2", + "com_github_hashicorp_terraform_exec": "com_github_hashicorp_terraform_exec", + "com_github_hashicorp_terraform_json": "com_github_hashicorp_terraform_json", + "com_github_hashicorp_terraform_plugin_framework": "com_github_hashicorp_terraform_plugin_framework", + "com_github_hashicorp_terraform_plugin_framework_validators": "com_github_hashicorp_terraform_plugin_framework_validators", + "com_github_hashicorp_terraform_plugin_go": "com_github_hashicorp_terraform_plugin_go", + "com_github_hashicorp_terraform_plugin_log": "com_github_hashicorp_terraform_plugin_log", + "com_github_hashicorp_terraform_plugin_testing": "com_github_hashicorp_terraform_plugin_testing", + "com_github_hexops_gotextdiff": "com_github_hexops_gotextdiff", + "com_github_katexochen_sh_v3": "com_github_katexochen_sh_v3", + "com_github_martinjungblut_go_cryptsetup": "com_github_martinjungblut_go_cryptsetup", + "com_github_mattn_go_isatty": "com_github_mattn_go_isatty", + "com_github_mitchellh_go_homedir": "com_github_mitchellh_go_homedir", + "com_github_onsi_ginkgo_v2": "com_github_onsi_ginkgo_v2", + "com_github_onsi_gomega": "com_github_onsi_gomega", + "com_github_pkg_errors": "com_github_pkg_errors", + "com_github_regclient_regclient": "com_github_regclient_regclient", + "com_github_rogpeppe_go_internal": "com_github_rogpeppe_go_internal", + "com_github_samber_slog_multi": "com_github_samber_slog_multi", + "com_github_schollz_progressbar_v3": "com_github_schollz_progressbar_v3", + "com_github_secure_systems_lab_go_securesystemslib": "com_github_secure_systems_lab_go_securesystemslib", + "com_github_siderolabs_talos_pkg_machinery": "com_github_siderolabs_talos_pkg_machinery", + "com_github_sigstore_rekor": "com_github_sigstore_rekor", + "com_github_sigstore_sigstore": "com_github_sigstore_sigstore", + "com_github_spf13_afero": "com_github_spf13_afero", + "com_github_spf13_cobra": "com_github_spf13_cobra", + "com_github_spf13_pflag": "com_github_spf13_pflag", + "com_github_stretchr_testify": "com_github_stretchr_testify", + "com_github_tink_crypto_tink_go_v2": "com_github_tink_crypto_tink_go_v2", + "com_github_vincent_petithory_dataurl": "com_github_vincent_petithory_dataurl", + "com_google_cloud_go_compute": "com_google_cloud_go_compute", + "com_google_cloud_go_compute_metadata": "com_google_cloud_go_compute_metadata", + "com_google_cloud_go_kms": "com_google_cloud_go_kms", + "com_google_cloud_go_secretmanager": "com_google_cloud_go_secretmanager", + "com_google_cloud_go_storage": "com_google_cloud_go_storage", + "in_gopkg_yaml_v3": "in_gopkg_yaml_v3", + "io_etcd_go_etcd_api_v3": "io_etcd_go_etcd_api_v3", + "io_etcd_go_etcd_client_pkg_v3": "io_etcd_go_etcd_client_pkg_v3", + "io_etcd_go_etcd_client_v3": "io_etcd_go_etcd_client_v3", + "io_k8s_api": "io_k8s_api", + "io_k8s_apiextensions_apiserver": "io_k8s_apiextensions_apiserver", + "io_k8s_apimachinery": "io_k8s_apimachinery", + "io_k8s_apiserver": "io_k8s_apiserver", + "io_k8s_client_go": "io_k8s_client_go", + "io_k8s_cluster_bootstrap": "io_k8s_cluster_bootstrap", + "io_k8s_kubelet": "io_k8s_kubelet", + "io_k8s_kubernetes": "io_k8s_kubernetes", + "io_k8s_mount_utils": "io_k8s_mount_utils", + "io_k8s_sigs_controller_runtime": "io_k8s_sigs_controller_runtime", + "io_k8s_sigs_yaml": "io_k8s_sigs_yaml", + "io_k8s_utils": "io_k8s_utils", + "org_golang_google_api": "org_golang_google_api", + "org_golang_google_grpc": "org_golang_google_grpc", + "org_golang_google_protobuf": "org_golang_google_protobuf", + "org_golang_x_crypto": "org_golang_x_crypto", + "org_golang_x_exp": "org_golang_x_exp", + "org_golang_x_mod": "org_golang_x_mod", + "org_golang_x_sys": "org_golang_x_sys", + "org_golang_x_text": "org_golang_x_text", + "org_golang_x_tools": "org_golang_x_tools", + "org_golang_x_vuln": "org_golang_x_vuln", + "org_libvirt_go_libvirt": "org_libvirt_go_libvirt", + "org_uber_go_goleak": "org_uber_go_goleak", + "sh_helm_helm": "sh_helm_helm", + "sh_helm_helm_v3": "sh_helm_helm_v3" + }, + "devImports": [], + "tags": [ + { + "tagName": "from_file", + "attributeValues": { + "go_work": "//:go.work" + }, + "devDependency": false, + "location": { + "file": "@@//:MODULE.bazel", + "line": 42, + "column": 18 + } + }, + { + "tagName": "gazelle_override", + "attributeValues": { + "directives": [ + "gazelle:go_generate_proto false" + ], + "path": "go.etcd.io/etcd/api/v3" + }, + "devDependency": false, + "location": { + "file": "@@//:MODULE.bazel", + "line": 170, + "column": 29 + } + }, + { + "tagName": "gazelle_override", + "attributeValues": { + "directives": [ + "gazelle:go_generate_proto false" + ], + "path": "k8s.io/apiserver" + }, + "devDependency": false, + "location": { + "file": "@@//:MODULE.bazel", + "line": 170, + "column": 29 + } + }, + { + "tagName": "gazelle_override", + "attributeValues": { + "directives": [ + "gazelle:go_generate_proto false" + ], + "path": "github.com/hashicorp/go-plugin" + }, + "devDependency": false, + "location": { + "file": "@@//:MODULE.bazel", + "line": 170, + "column": 29 + } + }, + { + "tagName": "module_override", + "attributeValues": { + "patches": [ + "//3rdparty/bazel/com_github_martinjungblut_go_cryptsetup:com_github_martinjungblut_go_cryptsetup.patch" + ], + "path": "github.com/martinjungblut/go-cryptsetup" + }, + "devDependency": false, + "location": { + "file": "@@//:MODULE.bazel", + "line": 179, + "column": 24 + } + }, + { + "tagName": "module_override", + "attributeValues": { + "patches": [ + "//3rdparty/bazel/org_libvirt_go_libvirt:go_libvirt.patch" + ], + "path": "libvirt.org/go/libvirt" + }, + "devDependency": false, + "location": { + "file": "@@//:MODULE.bazel", + "line": 185, + "column": 24 + } + }, + { + "tagName": "module_override", + "attributeValues": { + "patches": [ + "//3rdparty/bazel/com_github_cloudflare_circl:math_fp448_BUILD_bazel.patch", + "//3rdparty/bazel/com_github_cloudflare_circl:math_fp25519_BUILD_bazel.patch", + "//3rdparty/bazel/com_github_cloudflare_circl:dh_x448_BUILD_bazel.patch", + "//3rdparty/bazel/com_github_cloudflare_circl:dh_x25519_BUILD_bazel.patch" + ], + "path": "github.com/cloudflare/circl" + }, + "devDependency": false, + "location": { + "file": "@@//:MODULE.bazel", + "line": 191, + "column": 24 + } + }, + { + "tagName": "module_override", + "attributeValues": { + "patches": [ + "//3rdparty/bazel/com_github_google_go_tpm_tools:com_github_google_go_tpm_tools.patch", + "//3rdparty/bazel/com_github_google_go_tpm_tools:ms_tpm_20_ref.patch", + "//3rdparty/bazel/com_github_google_go_tpm_tools:include.patch" + ], + "path": "github.com/google/go-tpm-tools" + }, + "devDependency": false, + "location": { + "file": "@@//:MODULE.bazel", + "line": 200, + "column": 24 + } + } + ], + "hasDevUseExtension": false, + "hasNonDevUseExtension": true + } + ], + "deps": { + "aspect_bazel_lib": "aspect_bazel_lib@2.7.3", + "bazel_skylib": "bazel_skylib@1.6.1", + "gazelle": "gazelle@_", + "hermetic_cc_toolchain": "hermetic_cc_toolchain@3.1.0", + "rules_cc": "rules_cc@0.0.9", + "io_bazel_rules_go": "rules_go@_", + "rules_pkg": "rules_pkg@0.10.1", + "rules_proto": "rules_proto@6.0.0", + "rules_python": "rules_python@0.32.2", + "buildifier_prebuilt": "buildifier_prebuilt@6.4.0", + "bazel_tools": "bazel_tools@_", + "local_config_platform": "local_config_platform@_" + } + }, + "aspect_bazel_lib@2.7.3": { + "name": "aspect_bazel_lib", + "version": "2.7.3", + "key": "aspect_bazel_lib@2.7.3", + "repoName": "aspect_bazel_lib", + "executionPlatformsToRegister": [], + "toolchainsToRegister": [ + "@copy_directory_toolchains//:all", + "@copy_to_directory_toolchains//:all", + "@jq_toolchains//:all", + "@yq_toolchains//:all", + "@coreutils_toolchains//:all", + "@expand_template_toolchains//:all", + "@bats_toolchains//:all", + "@bsd_tar_toolchains//:all", + "@zstd_toolchains//:all" + ], + "extensionUsages": [ + { + "extensionBzlFile": "@aspect_bazel_lib//lib:extensions.bzl", + "extensionName": "toolchains", + "usingModule": "aspect_bazel_lib@2.7.3", + "location": { + "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.3/MODULE.bazel", + "line": 17, + "column": 37 + }, + "imports": { + "bats_toolchains": "bats_toolchains", + "bsd_tar_toolchains": "bsd_tar_toolchains", + "copy_directory_toolchains": "copy_directory_toolchains", + "copy_to_directory_toolchains": "copy_to_directory_toolchains", + "coreutils_toolchains": "coreutils_toolchains", + "expand_template_toolchains": "expand_template_toolchains", + "jq_toolchains": "jq_toolchains", + "yq_toolchains": "yq_toolchains", + "zstd_toolchains": "zstd_toolchains" + }, + "devImports": [], + "tags": [ + { + "tagName": "copy_directory", + "attributeValues": {}, + "devDependency": false, + "location": { + "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.3/MODULE.bazel", + "line": 18, + "column": 36 + } + }, + { + "tagName": "copy_to_directory", + "attributeValues": {}, + "devDependency": false, + "location": { + "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.3/MODULE.bazel", + "line": 19, + "column": 39 + } + }, + { + "tagName": "jq", + "attributeValues": {}, + "devDependency": false, + "location": { + "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.3/MODULE.bazel", + "line": 20, + "column": 24 + } + }, + { + "tagName": "yq", + "attributeValues": {}, + "devDependency": false, + "location": { + "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.3/MODULE.bazel", + "line": 21, + "column": 24 + } + }, + { + "tagName": "coreutils", + "attributeValues": {}, + "devDependency": false, + "location": { + "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.3/MODULE.bazel", + "line": 22, + "column": 31 + } + }, + { + "tagName": "tar", + "attributeValues": {}, + "devDependency": false, + "location": { + "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.3/MODULE.bazel", + "line": 23, + "column": 25 + } + }, + { + "tagName": "zstd", + "attributeValues": {}, + "devDependency": false, + "location": { + "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.3/MODULE.bazel", + "line": 24, + "column": 26 + } + }, + { + "tagName": "expand_template", + "attributeValues": {}, + "devDependency": false, + "location": { + "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.3/MODULE.bazel", + "line": 25, + "column": 37 + } + }, + { + "tagName": "bats", + "attributeValues": {}, + "devDependency": false, + "location": { + "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.3/MODULE.bazel", + "line": 26, + "column": 26 + } + } + ], + "hasDevUseExtension": false, + "hasNonDevUseExtension": true + } + ], + "deps": { + "bazel_skylib": "bazel_skylib@1.6.1", + "platforms": "platforms@0.0.8", + "io_bazel_stardoc": "stardoc@0.5.4", + "bazel_tools": "bazel_tools@_", + "local_config_platform": "local_config_platform@_" + }, + "repoSpec": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "urls": [ + "https://github.com/aspect-build/bazel-lib/releases/download/v2.7.3/bazel-lib-v2.7.3.tar.gz" + ], + "integrity": "sha256-h6tOxHnr6wDShiZqyiBoyu7xuwsXZej3HHts/uavQiY=", + "strip_prefix": "bazel-lib-2.7.3", + "remote_patches": { + "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.3/patches/go_dev_dep.patch": "sha256-KgABwDzOT+DugUHn9tHLOz05osnk2FLsS10d5zqG/M0=", + "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.3/patches/module_dot_bazel_version.patch": "sha256-GeLYuH+8gdY7Oj0F8cKIZBbav1gRNSwY72SzFIQymw8=" + }, + "remote_patch_strip": 1 + } + } + }, + "bazel_skylib@1.6.1": { + "name": "bazel_skylib", + "version": "1.6.1", + "key": "bazel_skylib@1.6.1", + "repoName": "bazel_skylib", + "executionPlatformsToRegister": [], + "toolchainsToRegister": [ + "//toolchains/unittest:cmd_toolchain", + "//toolchains/unittest:bash_toolchain" + ], + "extensionUsages": [], + "deps": { + "platforms": "platforms@0.0.8", + "bazel_tools": "bazel_tools@_", + "local_config_platform": "local_config_platform@_" + }, + "repoSpec": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "urls": [ + "https://github.com/bazelbuild/bazel-skylib/releases/download/1.6.1/bazel-skylib-1.6.1.tar.gz" + ], + "integrity": "sha256-nziIakBUjG6WwQa3UvJCEw7hGqoGila6flb0UR8z5PI=", + "strip_prefix": "", + "remote_patches": {}, + "remote_patch_strip": 0 + } + } + }, + "gazelle@_": { + "name": "gazelle", + "version": "0.36.0", + "key": "gazelle@_", + "repoName": "bazel_gazelle", + "executionPlatformsToRegister": [], + "toolchainsToRegister": [], + "extensionUsages": [ + { + "extensionBzlFile": "@io_bazel_rules_go//go:extensions.bzl", + "extensionName": "go_sdk", + "usingModule": "gazelle@_", + "location": { + "file": "@@gazelle~//:MODULE.bazel", + "line": 13, + "column": 23 + }, + "imports": { + "go_host_compatible_sdk_label": "go_host_compatible_sdk_label" + }, + "devImports": [], + "tags": [], + "hasDevUseExtension": false, + "hasNonDevUseExtension": true + }, + { + "extensionBzlFile": "@bazel_gazelle//internal/bzlmod:non_module_deps.bzl", + "extensionName": "non_module_deps", + "usingModule": "gazelle@_", + "location": { + "file": "@@gazelle~//:MODULE.bazel", + "line": 21, + "column": 32 + }, + "imports": { + "bazel_gazelle_go_repository_cache": "bazel_gazelle_go_repository_cache", + "bazel_gazelle_go_repository_tools": "bazel_gazelle_go_repository_tools", + "bazel_gazelle_is_bazel_module": "bazel_gazelle_is_bazel_module" + }, + "devImports": [], + "tags": [], + "hasDevUseExtension": false, + "hasNonDevUseExtension": true + }, + { + "extensionBzlFile": "@bazel_gazelle//:extensions.bzl", + "extensionName": "go_deps", + "usingModule": "gazelle@_", + "location": { + "file": "@@gazelle~//:MODULE.bazel", + "line": 29, + "column": 24 + }, + "imports": { + "com_github_bazelbuild_buildtools": "com_github_bazelbuild_buildtools", + "com_github_bmatcuk_doublestar_v4": "com_github_bmatcuk_doublestar_v4", + "com_github_fsnotify_fsnotify": "com_github_fsnotify_fsnotify", + "com_github_google_go_cmp": "com_github_google_go_cmp", + "com_github_pmezard_go_difflib": "com_github_pmezard_go_difflib", + "org_golang_x_mod": "org_golang_x_mod", + "org_golang_x_sync": "org_golang_x_sync", + "org_golang_x_tools": "org_golang_x_tools", + "org_golang_x_tools_go_vcs": "org_golang_x_tools_go_vcs", + "bazel_gazelle_go_repository_config": "bazel_gazelle_go_repository_config", + "com_github_golang_protobuf": "com_github_golang_protobuf", + "org_golang_google_protobuf": "org_golang_google_protobuf" + }, + "devImports": [], + "tags": [ + { + "tagName": "from_file", + "attributeValues": { + "go_mod": "//:go.mod" + }, + "devDependency": false, + "location": { + "file": "@@gazelle~//:MODULE.bazel", + "line": 30, + "column": 18 + } + }, + { + "tagName": "module", + "attributeValues": { + "path": "golang.org/x/tools", + "sum": "h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ=", + "version": "v0.18.0" + }, + "devDependency": false, + "location": { + "file": "@@gazelle~//:MODULE.bazel", + "line": 34, + "column": 15 + } + } + ], + "hasDevUseExtension": false, + "hasNonDevUseExtension": true + } + ], + "deps": { + "bazel_features": "bazel_features@1.9.1", + "bazel_skylib": "bazel_skylib@1.6.1", + "com_google_protobuf": "protobuf@21.7", + "io_bazel_rules_go": "rules_go@_", + "rules_proto": "rules_proto@6.0.0", + "bazel_tools": "bazel_tools@_", + "local_config_platform": "local_config_platform@_" + } + }, + "hermetic_cc_toolchain@3.1.0": { + "name": "hermetic_cc_toolchain", + "version": "3.1.0", + "key": "hermetic_cc_toolchain@3.1.0", + "repoName": "hermetic_cc_toolchain", + "executionPlatformsToRegister": [], + "toolchainsToRegister": [ + "@zig_sdk//toolchain:linux_amd64_gnu.2.28", + "@zig_sdk//toolchain:linux_arm64_gnu.2.28", + "@zig_sdk//toolchain:windows_amd64", + "@zig_sdk//toolchain:windows_arm64", + "@zig_sdk//libc_aware/toolchain:linux_amd64_gnu.2.28", + "@zig_sdk//libc_aware/toolchain:linux_amd64_gnu.2.31", + "@zig_sdk//libc_aware/toolchain:linux_amd64_musl", + "@zig_sdk//libc_aware/toolchain:linux_arm64_gnu.2.28", + "@zig_sdk//libc_aware/toolchain:linux_arm64_musl", + "@zig_sdk//toolchain:wasip1_wasm" + ], + "extensionUsages": [ + { + "extensionBzlFile": "@hermetic_cc_toolchain//toolchain:ext.bzl", + "extensionName": "toolchains", + "usingModule": "hermetic_cc_toolchain@3.1.0", + "location": { + "file": "https://bcr.bazel.build/modules/hermetic_cc_toolchain/3.1.0/MODULE.bazel", + "line": 32, + "column": 27 + }, + "imports": { + "zig_sdk": "zig_sdk" + }, + "devImports": [], + "tags": [], + "hasDevUseExtension": false, + "hasNonDevUseExtension": true + } + ], + "deps": { + "platforms": "platforms@0.0.8", + "bazel_tools": "bazel_tools@_", + "local_config_platform": "local_config_platform@_" + }, + "repoSpec": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "urls": [ + "https://github.com/uber/hermetic_cc_toolchain/releases/download/v3.1.0/hermetic_cc_toolchain-v3.1.0.tar.gz" + ], + "integrity": "sha256-3wka/CXXOwlI7TcdPWG+7ylEf2kFCOArwk5wAczBLTg=", + "strip_prefix": "", + "remote_patches": {}, + "remote_patch_strip": 0 + } + } + }, + "rules_cc@0.0.9": { + "name": "rules_cc", + "version": "0.0.9", + "key": "rules_cc@0.0.9", + "repoName": "rules_cc", + "executionPlatformsToRegister": [], + "toolchainsToRegister": [ + "@local_config_cc_toolchains//:all" + ], + "extensionUsages": [ + { + "extensionBzlFile": "@bazel_tools//tools/cpp:cc_configure.bzl", + "extensionName": "cc_configure_extension", + "usingModule": "rules_cc@0.0.9", + "location": { + "file": "https://bcr.bazel.build/modules/rules_cc/0.0.9/MODULE.bazel", + "line": 9, + "column": 29 + }, + "imports": { + "local_config_cc_toolchains": "local_config_cc_toolchains" + }, + "devImports": [], + "tags": [], + "hasDevUseExtension": false, + "hasNonDevUseExtension": true + } + ], + "deps": { + "platforms": "platforms@0.0.8", + "bazel_tools": "bazel_tools@_", + "local_config_platform": "local_config_platform@_" + }, + "repoSpec": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "urls": [ + "https://github.com/bazelbuild/rules_cc/releases/download/0.0.9/rules_cc-0.0.9.tar.gz" + ], + "integrity": "sha256-IDeHW5pEVtzkp50RKorohbvEqtlo5lh9ym5k86CQDN8=", + "strip_prefix": "rules_cc-0.0.9", + "remote_patches": { + "https://bcr.bazel.build/modules/rules_cc/0.0.9/patches/module_dot_bazel_version.patch": "sha256-mM+qzOI0SgAdaJBlWOSMwMPKpaA9b7R37Hj/tp5bb4g=" + }, + "remote_patch_strip": 0 + } + } + }, + "rules_go@_": { + "name": "rules_go", + "version": "0.47.1", + "key": "rules_go@_", + "repoName": "io_bazel_rules_go", + "executionPlatformsToRegister": [], + "toolchainsToRegister": [ + "@go_toolchains//:all" + ], + "extensionUsages": [ + { + "extensionBzlFile": "@io_bazel_rules_go//go:extensions.bzl", + "extensionName": "go_sdk", + "usingModule": "rules_go@_", + "location": { + "file": "@@rules_go~//:MODULE.bazel", + "line": 16, + "column": 23 + }, + "imports": { + "go_toolchains": "go_toolchains", + "io_bazel_rules_nogo": "io_bazel_rules_nogo" + }, + "devImports": [], + "tags": [ + { + "tagName": "download", + "attributeValues": { + "name": "go_default_sdk", + "version": "1.21.8" + }, + "devDependency": false, + "location": { + "file": "@@rules_go~//:MODULE.bazel", + "line": 17, + "column": 16 + } + } + ], + "hasDevUseExtension": false, + "hasNonDevUseExtension": true + }, + { + "extensionBzlFile": "@gazelle//:extensions.bzl", + "extensionName": "go_deps", + "usingModule": "rules_go@_", + "location": { + "file": "@@rules_go~//:MODULE.bazel", + "line": 32, + "column": 24 + }, + "imports": { + "com_github_gogo_protobuf": "com_github_gogo_protobuf", + "com_github_golang_mock": "com_github_golang_mock", + "com_github_golang_protobuf": "com_github_golang_protobuf", + "org_golang_google_genproto": "org_golang_google_genproto", + "org_golang_google_grpc": "org_golang_google_grpc", + "org_golang_google_grpc_cmd_protoc_gen_go_grpc": "org_golang_google_grpc_cmd_protoc_gen_go_grpc", + "org_golang_google_protobuf": "org_golang_google_protobuf", + "org_golang_x_net": "org_golang_x_net", + "org_golang_x_tools": "org_golang_x_tools", + "bazel_gazelle_go_repository_config": "bazel_gazelle_go_repository_config" + }, + "devImports": [], + "tags": [ + { + "tagName": "from_file", + "attributeValues": { + "go_mod": "//:go.mod" + }, + "devDependency": false, + "location": { + "file": "@@rules_go~//:MODULE.bazel", + "line": 33, + "column": 18 + } + } + ], + "hasDevUseExtension": false, + "hasNonDevUseExtension": true + } + ], + "deps": { + "io_bazel_rules_go_bazel_features": "bazel_features@1.9.1", + "bazel_skylib": "bazel_skylib@1.6.1", + "platforms": "platforms@0.0.8", + "rules_proto": "rules_proto@6.0.0", + "com_google_protobuf": "protobuf@21.7", + "gazelle": "gazelle@_", + "bazel_tools": "bazel_tools@_", + "local_config_platform": "local_config_platform@_" + } + }, + "rules_pkg@0.10.1": { + "name": "rules_pkg", + "version": "0.10.1", + "key": "rules_pkg@0.10.1", + "repoName": "rules_pkg", + "executionPlatformsToRegister": [], + "toolchainsToRegister": [], + "extensionUsages": [], + "deps": { + "rules_license": "rules_license@0.0.7", + "rules_python": "rules_python@0.32.2", + "bazel_skylib": "bazel_skylib@1.6.1", + "bazel_tools": "bazel_tools@_", + "local_config_platform": "local_config_platform@_" + }, + "repoSpec": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "urls": [ + "https://github.com/bazelbuild/rules_pkg/releases/download/0.10.1/rules_pkg-0.10.1.tar.gz" + ], + "integrity": "sha256-0lCSSi7MUXaAj8TCXVz16eeeY0bXnVqxxJPiieci0dA=", + "strip_prefix": "", + "remote_patches": {}, + "remote_patch_strip": 0 + } + } + }, + "rules_proto@6.0.0": { + "name": "rules_proto", + "version": "6.0.0", + "key": "rules_proto@6.0.0", + "repoName": "rules_proto", + "executionPlatformsToRegister": [], + "toolchainsToRegister": [], + "extensionUsages": [], + "deps": { + "rules_license": "rules_license@0.0.7", + "bazel_skylib": "bazel_skylib@1.6.1", + "bazel_features": "bazel_features@1.9.1", + "bazel_tools": "bazel_tools@_", + "local_config_platform": "local_config_platform@_" + }, + "repoSpec": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "urls": [ + "https://github.com/bazelbuild/rules_proto/releases/download/6.0.0/rules_proto-6.0.0.tar.gz" + ], + "integrity": "sha256-MD6G5yKlIPbzJqULQc/Ba5j+bRlVzkZkKlt6Z8EcD10=", + "strip_prefix": "rules_proto-6.0.0", + "remote_patches": { + "https://bcr.bazel.build/modules/rules_proto/6.0.0/patches/module_dot_bazel_version.patch": "sha256-fjQjxMdkMeumhvx9JdFSYeHH+Ex4TaTXNFMi554NF8E=" + }, + "remote_patch_strip": 1 + } + } + }, + "rules_python@0.32.2": { + "name": "rules_python", + "version": "0.32.2", + "key": "rules_python@0.32.2", + "repoName": "rules_python", + "executionPlatformsToRegister": [], + "toolchainsToRegister": [ + "@pythons_hub//:all" + ], + "extensionUsages": [ + { + "extensionBzlFile": "@rules_python//python/private/bzlmod:internal_deps.bzl", + "extensionName": "internal_deps", + "usingModule": "rules_python@0.32.2", + "location": { + "file": "https://bcr.bazel.build/modules/rules_python/0.32.2/MODULE.bazel", + "line": 16, + "column": 30 + }, + "imports": { + "rules_python_internal": "rules_python_internal", + "pypi__build": "pypi__build", + "pypi__click": "pypi__click", + "pypi__colorama": "pypi__colorama", + "pypi__importlib_metadata": "pypi__importlib_metadata", + "pypi__installer": "pypi__installer", + "pypi__more_itertools": "pypi__more_itertools", + "pypi__packaging": "pypi__packaging", + "pypi__pep517": "pypi__pep517", + "pypi__pip": "pypi__pip", + "pypi__pip_tools": "pypi__pip_tools", + "pypi__pyproject_hooks": "pypi__pyproject_hooks", + "pypi__setuptools": "pypi__setuptools", + "pypi__tomli": "pypi__tomli", + "pypi__wheel": "pypi__wheel", + "pypi__zipp": "pypi__zipp" + }, + "devImports": [], + "tags": [ + { + "tagName": "install", + "attributeValues": {}, + "devDependency": false, + "location": { + "file": "https://bcr.bazel.build/modules/rules_python/0.32.2/MODULE.bazel", + "line": 17, + "column": 22 + } + } + ], + "hasDevUseExtension": false, + "hasNonDevUseExtension": true + }, + { + "extensionBzlFile": "@rules_python//python/extensions:python.bzl", + "extensionName": "python", + "usingModule": "rules_python@0.32.2", + "location": { + "file": "https://bcr.bazel.build/modules/rules_python/0.32.2/MODULE.bazel", + "line": 42, + "column": 23 + }, + "imports": { + "python_3_11": "python_3_11", + "python_versions": "python_versions", + "pythons_hub": "pythons_hub" + }, + "devImports": [], + "tags": [ + { + "tagName": "toolchain", + "attributeValues": { + "is_default": true, + "python_version": "3.11" + }, + "devDependency": false, + "location": { + "file": "https://bcr.bazel.build/modules/rules_python/0.32.2/MODULE.bazel", + "line": 48, + "column": 17 + } + } + ], + "hasDevUseExtension": false, + "hasNonDevUseExtension": true + }, + { + "extensionBzlFile": "@rules_python//python/extensions:pip.bzl", + "extensionName": "pip", + "usingModule": "rules_python@0.32.2", + "location": { + "file": "https://bcr.bazel.build/modules/rules_python/0.32.2/MODULE.bazel", + "line": 60, + "column": 20 + }, + "imports": { + "rules_python_publish_deps": "rules_python_publish_deps" + }, + "devImports": [], + "tags": [ + { + "tagName": "parse", + "attributeValues": { + "experimental_index_url": "https://pypi.org/simple", + "hub_name": "rules_python_publish_deps", + "python_version": "3.11", + "requirements_darwin": "//tools/publish:requirements_darwin.txt", + "requirements_lock": "//tools/publish:requirements.txt", + "requirements_windows": "//tools/publish:requirements_windows.txt" + }, + "devDependency": false, + "location": { + "file": "https://bcr.bazel.build/modules/rules_python/0.32.2/MODULE.bazel", + "line": 61, + "column": 10 + } + } + ], + "hasDevUseExtension": false, + "hasNonDevUseExtension": true + } + ], + "deps": { + "bazel_features": "bazel_features@1.9.1", + "bazel_skylib": "bazel_skylib@1.6.1", + "rules_cc": "rules_cc@0.0.9", + "platforms": "platforms@0.0.8", + "rules_proto": "rules_proto@6.0.0", + "com_google_protobuf": "protobuf@21.7", + "bazel_tools": "bazel_tools@_", + "local_config_platform": "local_config_platform@_" + }, + "repoSpec": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "urls": [ + "https://github.com/bazelbuild/rules_python/releases/download/0.32.2/rules_python-0.32.2.tar.gz" + ], + "integrity": "sha256-SRLO1w3BoqjkuGzsIzsZLKBT6CvHLYd7mOEmFW6PIo0=", + "strip_prefix": "rules_python-0.32.2", + "remote_patches": { + "https://bcr.bazel.build/modules/rules_python/0.32.2/patches/module_dot_bazel_version.patch": "sha256-lfZaBBRr2RFX7bO0wsVwW9urJGDBxoJHEwQ2tMN862k=" + }, + "remote_patch_strip": 1 + } + } + }, + "buildifier_prebuilt@6.4.0": { + "name": "buildifier_prebuilt", + "version": "6.4.0", + "key": "buildifier_prebuilt@6.4.0", + "repoName": "buildifier_prebuilt", + "executionPlatformsToRegister": [], + "toolchainsToRegister": [ + "@buildifier_prebuilt_toolchains//:all" + ], + "extensionUsages": [ + { + "extensionBzlFile": "@buildifier_prebuilt//:defs.bzl", + "extensionName": "buildifier_prebuilt_deps_extension", + "usingModule": "buildifier_prebuilt@6.4.0", + "location": { + "file": "https://bcr.bazel.build/modules/buildifier_prebuilt/6.4.0/MODULE.bazel", + "line": 10, + "column": 32 + }, + "imports": { + "buildifier_prebuilt_toolchains": "buildifier_prebuilt_toolchains" + }, + "devImports": [], + "tags": [], + "hasDevUseExtension": false, + "hasNonDevUseExtension": true + } + ], + "deps": { + "bazel_skylib": "bazel_skylib@1.6.1", + "platforms": "platforms@0.0.8", + "bazel_tools": "bazel_tools@_", + "local_config_platform": "local_config_platform@_" + }, + "repoSpec": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "urls": [ + "https://github.com/keith/buildifier-prebuilt/archive/refs/tags/6.4.0.tar.gz" + ], + "integrity": "sha256-itqdiOUev1of3/N9de1B1R9eZ3zb6vsKIt2lR0fW4H4=", + "strip_prefix": "buildifier-prebuilt-6.4.0", + "remote_patches": { + "https://bcr.bazel.build/modules/buildifier_prebuilt/6.4.0/patches/module_dot_bazel_version.patch": "sha256-FpUp/q4zJ2H12lwezrYaPUGLY2rr1XoWpiDRaE19udw=" + }, + "remote_patch_strip": 0 + } + } + }, + "bazel_tools@_": { + "name": "bazel_tools", + "version": "", + "key": "bazel_tools@_", + "repoName": "bazel_tools", + "executionPlatformsToRegister": [], + "toolchainsToRegister": [ + "@local_config_cc_toolchains//:all", + "@local_config_sh//:local_sh_toolchain" + ], + "extensionUsages": [ + { + "extensionBzlFile": "@bazel_tools//tools/cpp:cc_configure.bzl", + "extensionName": "cc_configure_extension", + "usingModule": "bazel_tools@_", + "location": { + "file": "@@bazel_tools//:MODULE.bazel", + "line": 18, + "column": 29 + }, + "imports": { + "local_config_cc": "local_config_cc", + "local_config_cc_toolchains": "local_config_cc_toolchains" + }, + "devImports": [], + "tags": [], + "hasDevUseExtension": false, + "hasNonDevUseExtension": true + }, + { + "extensionBzlFile": "@bazel_tools//tools/osx:xcode_configure.bzl", + "extensionName": "xcode_configure_extension", + "usingModule": "bazel_tools@_", + "location": { + "file": "@@bazel_tools//:MODULE.bazel", + "line": 22, + "column": 32 + }, + "imports": { + "local_config_xcode": "local_config_xcode" + }, + "devImports": [], + "tags": [], + "hasDevUseExtension": false, + "hasNonDevUseExtension": true + }, + { + "extensionBzlFile": "@rules_java//java:extensions.bzl", + "extensionName": "toolchains", + "usingModule": "bazel_tools@_", + "location": { + "file": "@@bazel_tools//:MODULE.bazel", + "line": 25, + "column": 32 + }, + "imports": { + "local_jdk": "local_jdk", + "remote_java_tools": "remote_java_tools", + "remote_java_tools_linux": "remote_java_tools_linux", + "remote_java_tools_windows": "remote_java_tools_windows", + "remote_java_tools_darwin_x86_64": "remote_java_tools_darwin_x86_64", + "remote_java_tools_darwin_arm64": "remote_java_tools_darwin_arm64" + }, + "devImports": [], + "tags": [], + "hasDevUseExtension": false, + "hasNonDevUseExtension": true + }, + { + "extensionBzlFile": "@bazel_tools//tools/sh:sh_configure.bzl", + "extensionName": "sh_configure_extension", + "usingModule": "bazel_tools@_", + "location": { + "file": "@@bazel_tools//:MODULE.bazel", + "line": 36, + "column": 39 + }, + "imports": { + "local_config_sh": "local_config_sh" + }, + "devImports": [], + "tags": [], + "hasDevUseExtension": false, + "hasNonDevUseExtension": true + }, + { + "extensionBzlFile": "@bazel_tools//tools/test:extensions.bzl", + "extensionName": "remote_coverage_tools_extension", + "usingModule": "bazel_tools@_", + "location": { + "file": "@@bazel_tools//:MODULE.bazel", + "line": 40, + "column": 48 + }, + "imports": { + "remote_coverage_tools": "remote_coverage_tools" + }, + "devImports": [], + "tags": [], + "hasDevUseExtension": false, + "hasNonDevUseExtension": true + }, + { + "extensionBzlFile": "@bazel_tools//tools/android:android_extensions.bzl", + "extensionName": "remote_android_tools_extensions", + "usingModule": "bazel_tools@_", + "location": { + "file": "@@bazel_tools//:MODULE.bazel", + "line": 43, + "column": 42 + }, + "imports": { + "android_gmaven_r8": "android_gmaven_r8", + "android_tools": "android_tools" + }, + "devImports": [], + "tags": [], + "hasDevUseExtension": false, + "hasNonDevUseExtension": true + }, + { + "extensionBzlFile": "@buildozer//:buildozer_binary.bzl", + "extensionName": "buildozer_binary", + "usingModule": "bazel_tools@_", + "location": { + "file": "@@bazel_tools//:MODULE.bazel", + "line": 47, + "column": 33 + }, + "imports": { + "buildozer_binary": "buildozer_binary" + }, + "devImports": [], + "tags": [], + "hasDevUseExtension": false, + "hasNonDevUseExtension": true + } + ], + "deps": { + "rules_cc": "rules_cc@0.0.9", + "rules_java": "rules_java@7.4.0", + "rules_license": "rules_license@0.0.7", + "rules_proto": "rules_proto@6.0.0", + "rules_python": "rules_python@0.32.2", + "buildozer": "buildozer@6.4.0.2", + "platforms": "platforms@0.0.8", + "com_google_protobuf": "protobuf@21.7", + "zlib": "zlib@1.3", + "build_bazel_apple_support": "apple_support@1.5.0", + "local_config_platform": "local_config_platform@_" + } + }, + "local_config_platform@_": { + "name": "local_config_platform", + "version": "", + "key": "local_config_platform@_", + "repoName": "local_config_platform", + "executionPlatformsToRegister": [], + "toolchainsToRegister": [], + "extensionUsages": [], + "deps": { + "platforms": "platforms@0.0.8", + "bazel_tools": "bazel_tools@_" + } + }, + "platforms@0.0.8": { + "name": "platforms", + "version": "0.0.8", + "key": "platforms@0.0.8", + "repoName": "platforms", + "executionPlatformsToRegister": [], + "toolchainsToRegister": [], + "extensionUsages": [], + "deps": { + "rules_license": "rules_license@0.0.7", + "bazel_tools": "bazel_tools@_", + "local_config_platform": "local_config_platform@_" + }, + "repoSpec": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "urls": [ + "https://github.com/bazelbuild/platforms/releases/download/0.0.8/platforms-0.0.8.tar.gz" + ], + "integrity": "sha256-gVBAZgU4ns7LbaB8vLUJ1WN6OrmiS8abEQFTE2fYnXQ=", + "strip_prefix": "", + "remote_patches": {}, + "remote_patch_strip": 0 + } + } + }, + "stardoc@0.5.4": { + "name": "stardoc", + "version": "0.5.4", + "key": "stardoc@0.5.4", + "repoName": "stardoc", + "executionPlatformsToRegister": [], + "toolchainsToRegister": [], + "extensionUsages": [], + "deps": { + "bazel_skylib": "bazel_skylib@1.6.1", + "rules_java": "rules_java@7.4.0", + "rules_license": "rules_license@0.0.7", + "bazel_tools": "bazel_tools@_", + "local_config_platform": "local_config_platform@_" + }, + "repoSpec": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "urls": [ + "https://github.com/bazelbuild/stardoc/releases/download/0.5.4/stardoc-0.5.4.tar.gz" + ], + "integrity": "sha256-7FcTnkZvquVj8vw5YJ2klIpHm7UbbWeu3X2bG4BZxDM=", + "strip_prefix": "", + "remote_patches": {}, + "remote_patch_strip": 0 + } + } + }, + "bazel_features@1.9.1": { + "name": "bazel_features", + "version": "1.9.1", + "key": "bazel_features@1.9.1", + "repoName": "bazel_features", + "executionPlatformsToRegister": [], + "toolchainsToRegister": [], + "extensionUsages": [ + { + "extensionBzlFile": "@bazel_features//private:extensions.bzl", + "extensionName": "version_extension", + "usingModule": "bazel_features@1.9.1", + "location": { + "file": "https://bcr.bazel.build/modules/bazel_features/1.9.1/MODULE.bazel", + "line": 15, + "column": 24 + }, + "imports": { + "bazel_features_globals": "bazel_features_globals", + "bazel_features_version": "bazel_features_version" + }, + "devImports": [], + "tags": [], + "hasDevUseExtension": false, + "hasNonDevUseExtension": true + } + ], + "deps": { + "bazel_skylib": "bazel_skylib@1.6.1", + "bazel_tools": "bazel_tools@_", + "local_config_platform": "local_config_platform@_" + }, + "repoSpec": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "urls": [ + "https://github.com/bazel-contrib/bazel_features/releases/download/v1.9.1/bazel_features-v1.9.1.tar.gz" + ], + "integrity": "sha256-13h9oomn+0lzUiEa0gDsn2mIIqngdXpJdv2fcT/zcrM=", + "strip_prefix": "bazel_features-1.9.1", + "remote_patches": { + "https://bcr.bazel.build/modules/bazel_features/1.9.1/patches/module_dot_bazel_version.patch": "sha256-a2ofwS5r2Qq+WxzVa7sLbRXhfT3JoYxSlUVQH/nL454=" + }, + "remote_patch_strip": 1 + } + } + }, + "protobuf@21.7": { + "name": "protobuf", + "version": "21.7", + "key": "protobuf@21.7", + "repoName": "protobuf", + "executionPlatformsToRegister": [], + "toolchainsToRegister": [], + "extensionUsages": [ + { + "extensionBzlFile": "@rules_jvm_external//:extensions.bzl", + "extensionName": "maven", + "usingModule": "protobuf@21.7", + "location": { + "file": "https://bcr.bazel.build/modules/protobuf/21.7/MODULE.bazel", + "line": 22, + "column": 22 + }, + "imports": { + "maven": "maven" + }, + "devImports": [], + "tags": [ + { + "tagName": "install", + "attributeValues": { + "name": "maven", + "artifacts": [ + "com.google.code.findbugs:jsr305:3.0.2", + "com.google.code.gson:gson:2.8.9", + "com.google.errorprone:error_prone_annotations:2.3.2", + "com.google.j2objc:j2objc-annotations:1.3", + "com.google.guava:guava:31.1-jre", + "com.google.guava:guava-testlib:31.1-jre", + "com.google.truth:truth:1.1.2", + "junit:junit:4.13.2", + "org.mockito:mockito-core:4.3.1" + ] + }, + "devDependency": false, + "location": { + "file": "https://bcr.bazel.build/modules/protobuf/21.7/MODULE.bazel", + "line": 24, + "column": 14 + } + } + ], + "hasDevUseExtension": false, + "hasNonDevUseExtension": true + } + ], + "deps": { + "bazel_skylib": "bazel_skylib@1.6.1", + "rules_python": "rules_python@0.32.2", + "rules_cc": "rules_cc@0.0.9", + "rules_proto": "rules_proto@6.0.0", + "rules_java": "rules_java@7.4.0", + "rules_pkg": "rules_pkg@0.10.1", + "com_google_abseil": "abseil-cpp@20211102.0", + "zlib": "zlib@1.3", + "upb": "upb@0.0.0-20220923-a547704", + "rules_jvm_external": "rules_jvm_external@4.4.2", + "com_google_googletest": "googletest@1.11.0", + "bazel_tools": "bazel_tools@_", + "local_config_platform": "local_config_platform@_" + }, + "repoSpec": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "urls": [ + "https://github.com/protocolbuffers/protobuf/releases/download/v21.7/protobuf-all-21.7.zip" + ], + "integrity": "sha256-VJOiH17T/FAuZv7GuUScBqVRztYwAvpIkDxA36jeeko=", + "strip_prefix": "protobuf-21.7", + "remote_patches": { + "https://bcr.bazel.build/modules/protobuf/21.7/patches/add_module_dot_bazel.patch": "sha256-q3V2+eq0v2XF0z8z+V+QF4cynD6JvHI1y3kI/+rzl5s=", + "https://bcr.bazel.build/modules/protobuf/21.7/patches/add_module_dot_bazel_for_examples.patch": "sha256-O7YP6s3lo/1opUiO0jqXYORNHdZ/2q3hjz1QGy8QdIU=", + "https://bcr.bazel.build/modules/protobuf/21.7/patches/relative_repo_names.patch": "sha256-RK9RjW8T5UJNG7flIrnFiNE9vKwWB+8uWWtJqXYT0w4=", + "https://bcr.bazel.build/modules/protobuf/21.7/patches/add_missing_files.patch": "sha256-Hyne4DG2u5bXcWHNxNMirA2QFAe/2Cl8oMm1XJdkQIY=" + }, + "remote_patch_strip": 1 + } + } + }, + "rules_license@0.0.7": { + "name": "rules_license", + "version": "0.0.7", + "key": "rules_license@0.0.7", + "repoName": "rules_license", + "executionPlatformsToRegister": [], + "toolchainsToRegister": [], + "extensionUsages": [], + "deps": { + "bazel_tools": "bazel_tools@_", + "local_config_platform": "local_config_platform@_" + }, + "repoSpec": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "urls": [ + "https://github.com/bazelbuild/rules_license/releases/download/0.0.7/rules_license-0.0.7.tar.gz" + ], + "integrity": "sha256-RTHezLkTY5ww5cdRKgVNXYdWmNrrddjPkPKEN1/nw2A=", + "strip_prefix": "", + "remote_patches": {}, + "remote_patch_strip": 0 + } + } + }, + "rules_java@7.4.0": { + "name": "rules_java", + "version": "7.4.0", + "key": "rules_java@7.4.0", + "repoName": "rules_java", + "executionPlatformsToRegister": [], + "toolchainsToRegister": [ + "//toolchains:all", + "@local_jdk//:runtime_toolchain_definition", + "@local_jdk//:bootstrap_runtime_toolchain_definition", + "@remotejdk11_linux_toolchain_config_repo//:all", + "@remotejdk11_linux_aarch64_toolchain_config_repo//:all", + "@remotejdk11_linux_ppc64le_toolchain_config_repo//:all", + "@remotejdk11_linux_s390x_toolchain_config_repo//:all", + "@remotejdk11_macos_toolchain_config_repo//:all", + "@remotejdk11_macos_aarch64_toolchain_config_repo//:all", + "@remotejdk11_win_toolchain_config_repo//:all", + "@remotejdk11_win_arm64_toolchain_config_repo//:all", + "@remotejdk17_linux_toolchain_config_repo//:all", + "@remotejdk17_linux_aarch64_toolchain_config_repo//:all", + "@remotejdk17_linux_ppc64le_toolchain_config_repo//:all", + "@remotejdk17_linux_s390x_toolchain_config_repo//:all", + "@remotejdk17_macos_toolchain_config_repo//:all", + "@remotejdk17_macos_aarch64_toolchain_config_repo//:all", + "@remotejdk17_win_toolchain_config_repo//:all", + "@remotejdk17_win_arm64_toolchain_config_repo//:all", + "@remotejdk21_linux_toolchain_config_repo//:all", + "@remotejdk21_linux_aarch64_toolchain_config_repo//:all", + "@remotejdk21_macos_toolchain_config_repo//:all", + "@remotejdk21_macos_aarch64_toolchain_config_repo//:all", + "@remotejdk21_win_toolchain_config_repo//:all" + ], + "extensionUsages": [ + { + "extensionBzlFile": "@rules_java//java:extensions.bzl", + "extensionName": "toolchains", + "usingModule": "rules_java@7.4.0", + "location": { + "file": "https://bcr.bazel.build/modules/rules_java/7.4.0/MODULE.bazel", + "line": 19, + "column": 27 + }, + "imports": { + "remote_java_tools": "remote_java_tools", + "remote_java_tools_linux": "remote_java_tools_linux", + "remote_java_tools_windows": "remote_java_tools_windows", + "remote_java_tools_darwin_x86_64": "remote_java_tools_darwin_x86_64", + "remote_java_tools_darwin_arm64": "remote_java_tools_darwin_arm64", + "local_jdk": "local_jdk", + "remotejdk11_linux_toolchain_config_repo": "remotejdk11_linux_toolchain_config_repo", + "remotejdk11_linux_aarch64_toolchain_config_repo": "remotejdk11_linux_aarch64_toolchain_config_repo", + "remotejdk11_linux_ppc64le_toolchain_config_repo": "remotejdk11_linux_ppc64le_toolchain_config_repo", + "remotejdk11_linux_s390x_toolchain_config_repo": "remotejdk11_linux_s390x_toolchain_config_repo", + "remotejdk11_macos_toolchain_config_repo": "remotejdk11_macos_toolchain_config_repo", + "remotejdk11_macos_aarch64_toolchain_config_repo": "remotejdk11_macos_aarch64_toolchain_config_repo", + "remotejdk11_win_toolchain_config_repo": "remotejdk11_win_toolchain_config_repo", + "remotejdk11_win_arm64_toolchain_config_repo": "remotejdk11_win_arm64_toolchain_config_repo", + "remotejdk17_linux_toolchain_config_repo": "remotejdk17_linux_toolchain_config_repo", + "remotejdk17_linux_aarch64_toolchain_config_repo": "remotejdk17_linux_aarch64_toolchain_config_repo", + "remotejdk17_linux_ppc64le_toolchain_config_repo": "remotejdk17_linux_ppc64le_toolchain_config_repo", + "remotejdk17_linux_s390x_toolchain_config_repo": "remotejdk17_linux_s390x_toolchain_config_repo", + "remotejdk17_macos_toolchain_config_repo": "remotejdk17_macos_toolchain_config_repo", + "remotejdk17_macos_aarch64_toolchain_config_repo": "remotejdk17_macos_aarch64_toolchain_config_repo", + "remotejdk17_win_toolchain_config_repo": "remotejdk17_win_toolchain_config_repo", + "remotejdk17_win_arm64_toolchain_config_repo": "remotejdk17_win_arm64_toolchain_config_repo", + "remotejdk21_linux_toolchain_config_repo": "remotejdk21_linux_toolchain_config_repo", + "remotejdk21_linux_aarch64_toolchain_config_repo": "remotejdk21_linux_aarch64_toolchain_config_repo", + "remotejdk21_macos_toolchain_config_repo": "remotejdk21_macos_toolchain_config_repo", + "remotejdk21_macos_aarch64_toolchain_config_repo": "remotejdk21_macos_aarch64_toolchain_config_repo", + "remotejdk21_win_toolchain_config_repo": "remotejdk21_win_toolchain_config_repo" + }, + "devImports": [], + "tags": [], + "hasDevUseExtension": false, + "hasNonDevUseExtension": true + } + ], + "deps": { + "platforms": "platforms@0.0.8", + "rules_cc": "rules_cc@0.0.9", + "bazel_skylib": "bazel_skylib@1.6.1", + "rules_proto": "rules_proto@6.0.0", + "rules_license": "rules_license@0.0.7", + "bazel_tools": "bazel_tools@_", + "local_config_platform": "local_config_platform@_" + }, + "repoSpec": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "urls": [ + "https://github.com/bazelbuild/rules_java/releases/download/7.4.0/rules_java-7.4.0.tar.gz" + ], + "integrity": "sha256-l27wi0nJKXQfIBeQ5Z44B8cq2B9CjIvJU82+/1/tFes=", + "strip_prefix": "", + "remote_patches": {}, + "remote_patch_strip": 0 + } + } + }, + "buildozer@6.4.0.2": { + "name": "buildozer", + "version": "6.4.0.2", + "key": "buildozer@6.4.0.2", + "repoName": "buildozer", + "executionPlatformsToRegister": [], + "toolchainsToRegister": [], + "extensionUsages": [ + { + "extensionBzlFile": "@buildozer//:buildozer_binary.bzl", + "extensionName": "buildozer_binary", + "usingModule": "buildozer@6.4.0.2", + "location": { + "file": "https://bcr.bazel.build/modules/buildozer/6.4.0.2/MODULE.bazel", + "line": 7, + "column": 33 + }, + "imports": { + "buildozer_binary": "buildozer_binary" + }, + "devImports": [], + "tags": [ + { + "tagName": "buildozer", + "attributeValues": { + "sha256": { + "darwin-amd64": "d29e347ecd6b5673d72cb1a8de05bf1b06178dd229ff5eb67fad5100c840cc8e", + "darwin-arm64": "9b9e71bdbec5e7223871e913b65d12f6d8fa026684daf991f00e52ed36a6978d", + "linux-amd64": "8dfd6345da4e9042daa738d7fdf34f699c5dfce4632f7207956fceedd8494119", + "linux-arm64": "6559558fded658c8fa7432a9d011f7c4dcbac6b738feae73d2d5c352e5f605fa", + "windows-amd64": "e7f05bf847f7c3689dd28926460ce6e1097ae97380ac8e6ae7147b7b706ba19b" + }, + "version": "6.4.0" + }, + "devDependency": false, + "location": { + "file": "https://bcr.bazel.build/modules/buildozer/6.4.0.2/MODULE.bazel", + "line": 8, + "column": 27 + } + } + ], + "hasDevUseExtension": false, + "hasNonDevUseExtension": true + } + ], + "deps": { + "bazel_tools": "bazel_tools@_", + "local_config_platform": "local_config_platform@_" + }, + "repoSpec": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "urls": [ + "https://github.com/fmeum/buildozer/releases/download/v6.4.0.2/buildozer-v6.4.0.2.tar.gz" + ], + "integrity": "sha256-k7tFKQMR2AygxpmZfH0yEPnQmF3efFgD9rBPkj+Yz/8=", + "strip_prefix": "buildozer-6.4.0.2", + "remote_patches": { + "https://bcr.bazel.build/modules/buildozer/6.4.0.2/patches/module_dot_bazel_version.patch": "sha256-gKANF2HMilj7bWmuXs4lbBIAAansuWC4IhWGB/CerjU=" + }, + "remote_patch_strip": 1 + } + } + }, + "zlib@1.3": { + "name": "zlib", + "version": "1.3", + "key": "zlib@1.3", + "repoName": "zlib", + "executionPlatformsToRegister": [], + "toolchainsToRegister": [], + "extensionUsages": [], + "deps": { + "platforms": "platforms@0.0.8", + "rules_cc": "rules_cc@0.0.9", + "bazel_tools": "bazel_tools@_", + "local_config_platform": "local_config_platform@_" + }, + "repoSpec": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "urls": [ + "https://github.com/madler/zlib/releases/download/v1.3/zlib-1.3.tar.gz" + ], + "integrity": "sha256-/wukwpIBPbwnUws6geH5qBPNOd4Byl4Pi/NVcC76WT4=", + "strip_prefix": "zlib-1.3", + "remote_patches": { + "https://bcr.bazel.build/modules/zlib/1.3/patches/add_build_file.patch": "sha256-Ei+FYaaOo7A3jTKunMEodTI0Uw5NXQyZEcboMC8JskY=", + "https://bcr.bazel.build/modules/zlib/1.3/patches/module_dot_bazel.patch": "sha256-fPWLM+2xaF/kuy+kZc1YTfW6hNjrkG400Ho7gckuyJk=" + }, + "remote_patch_strip": 0 + } + } + }, + "apple_support@1.5.0": { + "name": "apple_support", + "version": "1.5.0", + "key": "apple_support@1.5.0", + "repoName": "build_bazel_apple_support", + "executionPlatformsToRegister": [], + "toolchainsToRegister": [ + "@local_config_apple_cc_toolchains//:all" + ], + "extensionUsages": [ + { + "extensionBzlFile": "@build_bazel_apple_support//crosstool:setup.bzl", + "extensionName": "apple_cc_configure_extension", + "usingModule": "apple_support@1.5.0", + "location": { + "file": "https://bcr.bazel.build/modules/apple_support/1.5.0/MODULE.bazel", + "line": 17, + "column": 35 + }, + "imports": { + "local_config_apple_cc": "local_config_apple_cc", + "local_config_apple_cc_toolchains": "local_config_apple_cc_toolchains" + }, + "devImports": [], + "tags": [], + "hasDevUseExtension": false, + "hasNonDevUseExtension": true + } + ], + "deps": { + "bazel_skylib": "bazel_skylib@1.6.1", + "platforms": "platforms@0.0.8", + "bazel_tools": "bazel_tools@_", + "local_config_platform": "local_config_platform@_" + }, + "repoSpec": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "urls": [ + "https://github.com/bazelbuild/apple_support/releases/download/1.5.0/apple_support.1.5.0.tar.gz" + ], + "integrity": "sha256-miM41vja0yRPgj8txghKA+TQ+7J8qJLclw5okNW0gYQ=", + "strip_prefix": "", + "remote_patches": {}, + "remote_patch_strip": 0 + } + } + }, + "abseil-cpp@20211102.0": { + "name": "abseil-cpp", + "version": "20211102.0", + "key": "abseil-cpp@20211102.0", + "repoName": "abseil-cpp", + "executionPlatformsToRegister": [], + "toolchainsToRegister": [], + "extensionUsages": [], + "deps": { + "rules_cc": "rules_cc@0.0.9", + "platforms": "platforms@0.0.8", + "bazel_tools": "bazel_tools@_", + "local_config_platform": "local_config_platform@_" + }, + "repoSpec": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "urls": [ + "https://github.com/abseil/abseil-cpp/archive/refs/tags/20211102.0.tar.gz" + ], + "integrity": "sha256-3PcbnLqNwMqZQMSzFqDHlr6Pq0KwcLtrfKtitI8OZsQ=", + "strip_prefix": "abseil-cpp-20211102.0", + "remote_patches": { + "https://bcr.bazel.build/modules/abseil-cpp/20211102.0/patches/module_dot_bazel.patch": "sha256-4izqopgGCey4jVZzl/w3M2GVPNohjh2B5TmbThZNvPY=" + }, + "remote_patch_strip": 0 + } + } + }, + "upb@0.0.0-20220923-a547704": { + "name": "upb", + "version": "0.0.0-20220923-a547704", + "key": "upb@0.0.0-20220923-a547704", + "repoName": "upb", + "executionPlatformsToRegister": [], + "toolchainsToRegister": [], + "extensionUsages": [], + "deps": { + "bazel_skylib": "bazel_skylib@1.6.1", + "rules_proto": "rules_proto@6.0.0", + "com_google_protobuf": "protobuf@21.7", + "com_google_absl": "abseil-cpp@20211102.0", + "platforms": "platforms@0.0.8", + "bazel_tools": "bazel_tools@_", + "local_config_platform": "local_config_platform@_" + }, + "repoSpec": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "urls": [ + "https://github.com/protocolbuffers/upb/archive/a5477045acaa34586420942098f5fecd3570f577.tar.gz" + ], + "integrity": "sha256-z39x6v+QskwaKLSWRan/A6mmwecTQpHOcJActj5zZLU=", + "strip_prefix": "upb-a5477045acaa34586420942098f5fecd3570f577", + "remote_patches": { + "https://bcr.bazel.build/modules/upb/0.0.0-20220923-a547704/patches/module_dot_bazel.patch": "sha256-wH4mNS6ZYy+8uC0HoAft/c7SDsq2Kxf+J8dUakXhaB0=" + }, + "remote_patch_strip": 0 + } + } + }, + "rules_jvm_external@4.4.2": { + "name": "rules_jvm_external", + "version": "4.4.2", + "key": "rules_jvm_external@4.4.2", + "repoName": "rules_jvm_external", + "executionPlatformsToRegister": [], + "toolchainsToRegister": [], + "extensionUsages": [ + { + "extensionBzlFile": "@rules_jvm_external//:non-module-deps.bzl", + "extensionName": "non_module_deps", + "usingModule": "rules_jvm_external@4.4.2", + "location": { + "file": "https://bcr.bazel.build/modules/rules_jvm_external/4.4.2/MODULE.bazel", + "line": 9, + "column": 32 + }, + "imports": { + "io_bazel_rules_kotlin": "io_bazel_rules_kotlin" + }, + "devImports": [], + "tags": [], + "hasDevUseExtension": false, + "hasNonDevUseExtension": true + }, + { + "extensionBzlFile": "@rules_jvm_external//:extensions.bzl", + "extensionName": "maven", + "usingModule": "rules_jvm_external@4.4.2", + "location": { + "file": "https://bcr.bazel.build/modules/rules_jvm_external/4.4.2/MODULE.bazel", + "line": 16, + "column": 22 + }, + "imports": { + "rules_jvm_external_deps": "rules_jvm_external_deps" + }, + "devImports": [], + "tags": [ + { + "tagName": "install", + "attributeValues": { + "name": "rules_jvm_external_deps", + "artifacts": [ + "com.google.cloud:google-cloud-core:1.93.10", + "com.google.cloud:google-cloud-storage:1.113.4", + "com.google.code.gson:gson:2.9.0", + "org.apache.maven:maven-artifact:3.8.6", + "software.amazon.awssdk:s3:2.17.183" + ], + "lock_file": "@rules_jvm_external//:rules_jvm_external_deps_install.json" + }, + "devDependency": false, + "location": { + "file": "https://bcr.bazel.build/modules/rules_jvm_external/4.4.2/MODULE.bazel", + "line": 18, + "column": 14 + } + } + ], + "hasDevUseExtension": false, + "hasNonDevUseExtension": true + } + ], + "deps": { + "bazel_skylib": "bazel_skylib@1.6.1", + "io_bazel_stardoc": "stardoc@0.5.4", + "bazel_tools": "bazel_tools@_", + "local_config_platform": "local_config_platform@_" + }, + "repoSpec": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "urls": [ + "https://github.com/bazelbuild/rules_jvm_external/archive/refs/tags/4.4.2.zip" + ], + "integrity": "sha256-c1YC9QgT6y6pPKP15DsZWb2AshO4NqB6YqKddXZwt3s=", + "strip_prefix": "rules_jvm_external-4.4.2", + "remote_patches": {}, + "remote_patch_strip": 0 + } + } + }, + "googletest@1.11.0": { + "name": "googletest", + "version": "1.11.0", + "key": "googletest@1.11.0", + "repoName": "googletest", + "executionPlatformsToRegister": [], + "toolchainsToRegister": [], + "extensionUsages": [], + "deps": { + "com_google_absl": "abseil-cpp@20211102.0", + "platforms": "platforms@0.0.8", + "rules_cc": "rules_cc@0.0.9", + "bazel_tools": "bazel_tools@_", + "local_config_platform": "local_config_platform@_" + }, + "repoSpec": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "urls": [ + "https://github.com/google/googletest/archive/refs/tags/release-1.11.0.tar.gz" + ], + "integrity": "sha256-tIcL8SH/d5W6INILzdhie44Ijy0dqymaAxwQNO3ck9U=", + "strip_prefix": "googletest-release-1.11.0", + "remote_patches": { + "https://bcr.bazel.build/modules/googletest/1.11.0/patches/module_dot_bazel.patch": "sha256-HuahEdI/n8KCI071sN3CEziX+7qP/Ec77IWayYunLP0=" + }, + "remote_patch_strip": 0 + } + } + } + }, + "moduleExtensions": { + "@@apple_support~//crosstool:setup.bzl%apple_cc_configure_extension": { + "general": { + "bzlTransitiveDigest": "pMLFCYaRPkgXPQ8vtuNkMfiHfPmRBy6QJfnid4sWfv0=", + "recordedFileInputs": {}, + "recordedDirentsInputs": {}, + "envVariables": {}, + "generatedRepoSpecs": { + "local_config_apple_cc": { + "bzlFile": "@@apple_support~//crosstool:setup.bzl", + "ruleClassName": "_apple_cc_autoconf", + "attributes": {} + }, + "local_config_apple_cc_toolchains": { + "bzlFile": "@@apple_support~//crosstool:setup.bzl", + "ruleClassName": "_apple_cc_autoconf_toolchains", + "attributes": {} + } + }, + "recordedRepoMappingEntries": [ + [ + "apple_support~", + "bazel_tools", + "bazel_tools" + ] + ] + } + }, + "@@aspect_bazel_lib~//lib:extensions.bzl%toolchains": { + "general": { + "bzlTransitiveDigest": "agEDrzWPQxlinO3X7YGF4vbOAfJ2gnS/f1YDWUgdIL0=", + "recordedFileInputs": {}, + "recordedDirentsInputs": {}, + "envVariables": {}, + "generatedRepoSpecs": { + "expand_template_windows_amd64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:expand_template_toolchain.bzl", + "ruleClassName": "expand_template_platform_repo", + "attributes": { + "platform": "windows_amd64" + } + }, + "copy_to_directory_windows_amd64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:copy_to_directory_toolchain.bzl", + "ruleClassName": "copy_to_directory_platform_repo", + "attributes": { + "platform": "windows_amd64" + } + }, + "jq_darwin_amd64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:jq_toolchain.bzl", + "ruleClassName": "jq_platform_repo", + "attributes": { + "platform": "darwin_amd64", + "version": "1.7" + } + }, + "copy_to_directory_freebsd_amd64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:copy_to_directory_toolchain.bzl", + "ruleClassName": "copy_to_directory_platform_repo", + "attributes": { + "platform": "freebsd_amd64" + } + }, + "expand_template_linux_amd64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:expand_template_toolchain.bzl", + "ruleClassName": "expand_template_platform_repo", + "attributes": { + "platform": "linux_amd64" + } + }, + "jq_linux_arm64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:jq_toolchain.bzl", + "ruleClassName": "jq_platform_repo", + "attributes": { + "platform": "linux_arm64", + "version": "1.7" + } + }, + "coreutils_darwin_arm64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:coreutils_toolchain.bzl", + "ruleClassName": "coreutils_platform_repo", + "attributes": { + "platform": "darwin_arm64", + "version": "0.0.26" + } + }, + "copy_to_directory_linux_arm64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:copy_to_directory_toolchain.bzl", + "ruleClassName": "copy_to_directory_platform_repo", + "attributes": { + "platform": "linux_arm64" + } + }, + "bsd_tar_linux_arm64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:tar_toolchain.bzl", + "ruleClassName": "bsdtar_binary_repo", + "attributes": { + "platform": "linux_arm64" + } + }, + "copy_directory_darwin_amd64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:copy_directory_toolchain.bzl", + "ruleClassName": "copy_directory_platform_repo", + "attributes": { + "platform": "darwin_amd64" + } + }, + "coreutils_darwin_amd64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:coreutils_toolchain.bzl", + "ruleClassName": "coreutils_platform_repo", + "attributes": { + "platform": "darwin_amd64", + "version": "0.0.26" + } + }, + "coreutils_linux_arm64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:coreutils_toolchain.bzl", + "ruleClassName": "coreutils_platform_repo", + "attributes": { + "platform": "linux_arm64", + "version": "0.0.26" + } + }, + "zstd_linux_arm64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:zstd_toolchain.bzl", + "ruleClassName": "zstd_binary_repo", + "attributes": { + "platform": "linux_arm64" + } + }, + "yq_linux_s390x": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:yq_toolchain.bzl", + "ruleClassName": "yq_platform_repo", + "attributes": { + "platform": "linux_s390x", + "version": "4.25.2" + } + }, + "yq": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:yq_toolchain.bzl", + "ruleClassName": "yq_host_alias_repo", + "attributes": {} + }, + "expand_template_darwin_amd64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:expand_template_toolchain.bzl", + "ruleClassName": "expand_template_platform_repo", + "attributes": { + "platform": "darwin_amd64" + } + }, + "copy_directory_linux_amd64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:copy_directory_toolchain.bzl", + "ruleClassName": "copy_directory_platform_repo", + "attributes": { + "platform": "linux_amd64" + } + }, + "jq_darwin_arm64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:jq_toolchain.bzl", + "ruleClassName": "jq_platform_repo", + "attributes": { + "platform": "darwin_arm64", + "version": "1.7" + } + }, + "yq_darwin_amd64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:yq_toolchain.bzl", + "ruleClassName": "yq_platform_repo", + "attributes": { + "platform": "darwin_amd64", + "version": "4.25.2" + } + }, + "copy_directory_linux_arm64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:copy_directory_toolchain.bzl", + "ruleClassName": "copy_directory_platform_repo", + "attributes": { + "platform": "linux_arm64" + } + }, + "expand_template_toolchains": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:expand_template_toolchain.bzl", + "ruleClassName": "expand_template_toolchains_repo", + "attributes": { + "user_repository_name": "expand_template" + } + }, + "bats_assert": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "sha256": "98ca3b685f8b8993e48ec057565e6e2abcc541034ed5b0e81f191505682037fd", + "urls": [ + "https://github.com/bats-core/bats-assert/archive/v2.1.0.tar.gz" + ], + "strip_prefix": "bats-assert-2.1.0", + "build_file_content": "load(\"@aspect_bazel_lib//lib:copy_to_directory.bzl\", \"copy_to_directory\")\n\ncopy_to_directory(\n name = \"assert\",\n hardlink = \"on\",\n srcs = glob([\n \"src/**\",\n \"load.bash\",\n ]),\n out = \"bats-assert\",\n visibility = [\"//visibility:public\"]\n)\n" + } + }, + "copy_to_directory_darwin_amd64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:copy_to_directory_toolchain.bzl", + "ruleClassName": "copy_to_directory_platform_repo", + "attributes": { + "platform": "darwin_amd64" + } + }, + "zstd_darwin_arm64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:zstd_toolchain.bzl", + "ruleClassName": "zstd_binary_repo", + "attributes": { + "platform": "darwin_arm64" + } + }, + "bsd_tar_linux_amd64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:tar_toolchain.bzl", + "ruleClassName": "bsdtar_binary_repo", + "attributes": { + "platform": "linux_amd64" + } + }, + "yq_toolchains": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:yq_toolchain.bzl", + "ruleClassName": "yq_toolchains_repo", + "attributes": { + "user_repository_name": "yq" + } + }, + "zstd_linux_amd64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:zstd_toolchain.bzl", + "ruleClassName": "zstd_binary_repo", + "attributes": { + "platform": "linux_amd64" + } + }, + "bats_support": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "sha256": "7815237aafeb42ddcc1b8c698fc5808026d33317d8701d5ec2396e9634e2918f", + "urls": [ + "https://github.com/bats-core/bats-support/archive/v0.3.0.tar.gz" + ], + "strip_prefix": "bats-support-0.3.0", + "build_file_content": "load(\"@aspect_bazel_lib//lib:copy_to_directory.bzl\", \"copy_to_directory\")\n\ncopy_to_directory(\n name = \"support\",\n hardlink = \"on\",\n srcs = glob([\n \"src/**\",\n \"load.bash\",\n ]),\n out = \"bats-support\",\n visibility = [\"//visibility:public\"]\n)\n" + } + }, + "bsd_tar_windows_amd64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:tar_toolchain.bzl", + "ruleClassName": "bsdtar_binary_repo", + "attributes": { + "platform": "windows_amd64" + } + }, + "jq": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:jq_toolchain.bzl", + "ruleClassName": "jq_host_alias_repo", + "attributes": {} + }, + "expand_template_darwin_arm64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:expand_template_toolchain.bzl", + "ruleClassName": "expand_template_platform_repo", + "attributes": { + "platform": "darwin_arm64" + } + }, + "bsd_tar_darwin_arm64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:tar_toolchain.bzl", + "ruleClassName": "bsdtar_binary_repo", + "attributes": { + "platform": "darwin_arm64" + } + }, + "copy_to_directory_linux_amd64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:copy_to_directory_toolchain.bzl", + "ruleClassName": "copy_to_directory_platform_repo", + "attributes": { + "platform": "linux_amd64" + } + }, + "coreutils_linux_amd64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:coreutils_toolchain.bzl", + "ruleClassName": "coreutils_platform_repo", + "attributes": { + "platform": "linux_amd64", + "version": "0.0.26" + } + }, + "copy_directory_toolchains": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:copy_directory_toolchain.bzl", + "ruleClassName": "copy_directory_toolchains_repo", + "attributes": { + "user_repository_name": "copy_directory" + } + }, + "yq_linux_amd64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:yq_toolchain.bzl", + "ruleClassName": "yq_platform_repo", + "attributes": { + "platform": "linux_amd64", + "version": "4.25.2" + } + }, + "copy_to_directory_darwin_arm64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:copy_to_directory_toolchain.bzl", + "ruleClassName": "copy_to_directory_platform_repo", + "attributes": { + "platform": "darwin_arm64" + } + }, + "coreutils_toolchains": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:coreutils_toolchain.bzl", + "ruleClassName": "coreutils_toolchains_repo", + "attributes": { + "user_repository_name": "coreutils" + } + }, + "copy_directory_freebsd_amd64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:copy_directory_toolchain.bzl", + "ruleClassName": "copy_directory_platform_repo", + "attributes": { + "platform": "freebsd_amd64" + } + }, + "zstd_darwin_amd64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:zstd_toolchain.bzl", + "ruleClassName": "zstd_binary_repo", + "attributes": { + "platform": "darwin_amd64" + } + }, + "zstd_toolchains": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:zstd_toolchain.bzl", + "ruleClassName": "zstd_toolchains_repo", + "attributes": { + "user_repository_name": "zstd" + } + }, + "bats_file": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "sha256": "9b69043241f3af1c2d251f89b4fcafa5df3f05e97b89db18d7c9bdf5731bb27a", + "urls": [ + "https://github.com/bats-core/bats-file/archive/v0.4.0.tar.gz" + ], + "strip_prefix": "bats-file-0.4.0", + "build_file_content": "load(\"@aspect_bazel_lib//lib:copy_to_directory.bzl\", \"copy_to_directory\")\n\ncopy_to_directory(\n name = \"file\",\n hardlink = \"on\",\n srcs = glob([\n \"src/**\",\n \"load.bash\",\n ]),\n out = \"bats-file\",\n visibility = [\"//visibility:public\"]\n)\n" + } + }, + "expand_template_linux_arm64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:expand_template_toolchain.bzl", + "ruleClassName": "expand_template_platform_repo", + "attributes": { + "platform": "linux_arm64" + } + }, + "jq_linux_amd64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:jq_toolchain.bzl", + "ruleClassName": "jq_platform_repo", + "attributes": { + "platform": "linux_amd64", + "version": "1.7" + } + }, + "bsd_tar_darwin_amd64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:tar_toolchain.bzl", + "ruleClassName": "bsdtar_binary_repo", + "attributes": { + "platform": "darwin_amd64" + } + }, + "bsd_tar_toolchains": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:tar_toolchain.bzl", + "ruleClassName": "tar_toolchains_repo", + "attributes": { + "user_repository_name": "bsd_tar" + } + }, + "bats_toolchains": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "sha256": "a1a9f7875aa4b6a9480ca384d5865f1ccf1b0b1faead6b47aa47d79709a5c5fd", + "urls": [ + "https://github.com/bats-core/bats-core/archive/v1.10.0.tar.gz" + ], + "strip_prefix": "bats-core-1.10.0", + "build_file_content": "load(\"@local_config_platform//:constraints.bzl\", \"HOST_CONSTRAINTS\")\nload(\"@aspect_bazel_lib//lib/private:bats_toolchain.bzl\", \"bats_toolchain\")\nload(\"@aspect_bazel_lib//lib:copy_to_directory.bzl\", \"copy_to_directory\")\n\ncopy_to_directory(\n name = \"core\",\n hardlink = \"on\",\n srcs = glob([\n \"lib/**\",\n \"libexec/**\"\n ]) + [\"bin/bats\"],\n out = \"bats-core\",\n)\n\nbats_toolchain(\n name = \"toolchain\",\n core = \":core\",\n libraries = [\"@bats_support//:support\", \"@bats_assert//:assert\", \"@bats_file//:file\"]\n)\n\ntoolchain(\n name = \"bats_toolchain\",\n exec_compatible_with = HOST_CONSTRAINTS,\n toolchain = \":toolchain\",\n toolchain_type = \"@aspect_bazel_lib//lib:bats_toolchain_type\",\n)\n" + } + }, + "yq_windows_amd64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:yq_toolchain.bzl", + "ruleClassName": "yq_platform_repo", + "attributes": { + "platform": "windows_amd64", + "version": "4.25.2" + } + }, + "jq_windows_amd64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:jq_toolchain.bzl", + "ruleClassName": "jq_platform_repo", + "attributes": { + "platform": "windows_amd64", + "version": "1.7" + } + }, + "expand_template_freebsd_amd64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:expand_template_toolchain.bzl", + "ruleClassName": "expand_template_platform_repo", + "attributes": { + "platform": "freebsd_amd64" + } + }, + "yq_linux_ppc64le": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:yq_toolchain.bzl", + "ruleClassName": "yq_platform_repo", + "attributes": { + "platform": "linux_ppc64le", + "version": "4.25.2" + } + }, + "copy_to_directory_toolchains": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:copy_to_directory_toolchain.bzl", + "ruleClassName": "copy_to_directory_toolchains_repo", + "attributes": { + "user_repository_name": "copy_to_directory" + } + }, + "jq_toolchains": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:jq_toolchain.bzl", + "ruleClassName": "jq_toolchains_repo", + "attributes": { + "user_repository_name": "jq" + } + }, + "copy_directory_darwin_arm64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:copy_directory_toolchain.bzl", + "ruleClassName": "copy_directory_platform_repo", + "attributes": { + "platform": "darwin_arm64" + } + }, + "copy_directory_windows_amd64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:copy_directory_toolchain.bzl", + "ruleClassName": "copy_directory_platform_repo", + "attributes": { + "platform": "windows_amd64" + } + }, + "yq_darwin_arm64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:yq_toolchain.bzl", + "ruleClassName": "yq_platform_repo", + "attributes": { + "platform": "darwin_arm64", + "version": "4.25.2" + } + }, + "coreutils_windows_amd64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:coreutils_toolchain.bzl", + "ruleClassName": "coreutils_platform_repo", + "attributes": { + "platform": "windows_amd64", + "version": "0.0.26" + } + }, + "yq_linux_arm64": { + "bzlFile": "@@aspect_bazel_lib~//lib/private:yq_toolchain.bzl", + "ruleClassName": "yq_platform_repo", + "attributes": { + "platform": "linux_arm64", + "version": "4.25.2" + } + } + }, + "recordedRepoMappingEntries": [ + [ + "aspect_bazel_lib~", + "aspect_bazel_lib", + "aspect_bazel_lib~" + ], + [ + "aspect_bazel_lib~", + "bazel_skylib", + "bazel_skylib~" + ], + [ + "aspect_bazel_lib~", + "bazel_tools", + "bazel_tools" + ] + ] + } + }, + "@@bazel_features~//private:extensions.bzl%version_extension": { + "general": { + "bzlTransitiveDigest": "3FcE0iMy2yYKEbEO19f72k9dzcpRUXHH+igow5yVy8g=", + "recordedFileInputs": {}, + "recordedDirentsInputs": {}, + "envVariables": {}, + "generatedRepoSpecs": { + "bazel_features_version": { + "bzlFile": "@@bazel_features~//private:version_repo.bzl", + "ruleClassName": "version_repo", + "attributes": {} + }, + "bazel_features_globals": { + "bzlFile": "@@bazel_features~//private:globals_repo.bzl", + "ruleClassName": "globals_repo", + "attributes": { + "globals": { + "RunEnvironmentInfo": "5.3.0", + "DefaultInfo": "0.0.1", + "__TestingOnly_NeverAvailable": "1000000000.0.0" + } + } + } + }, + "recordedRepoMappingEntries": [ + [ + "bazel_features~", + "bazel_tools", + "bazel_tools" + ] + ] + } + }, + "@@bazel_tools//tools/android:android_extensions.bzl%remote_android_tools_extensions": { + "general": { + "bzlTransitiveDigest": "S0n86BFe4SJ3lRaZiRA5D46oH52UO2hP1T50t/zldOw=", + "recordedFileInputs": {}, + "recordedDirentsInputs": {}, + "envVariables": {}, + "generatedRepoSpecs": { + "android_tools": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "sha256": "2b661a761a735b41c41b3a78089f4fc1982626c76ddb944604ae3ff8c545d3c2", + "url": "https://mirror.bazel.build/bazel_android_tools/android_tools_pkg-0.30.0.tar" + } + }, + "android_gmaven_r8": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_jar", + "attributes": { + "sha256": "57a696749695a09381a87bc2f08c3a8ed06a717a5caa3ef878a3077e0d3af19d", + "url": "https://maven.google.com/com/android/tools/r8/8.1.56/r8-8.1.56.jar" + } + } + }, + "recordedRepoMappingEntries": [] + } + }, + "@@bazel_tools//tools/cpp:cc_configure.bzl%cc_configure_extension": { + "general": { + "bzlTransitiveDigest": "PHpT2yqMGms2U4L3E/aZ+WcQalmZWm+ILdP3yiLsDhA=", + "recordedFileInputs": {}, + "recordedDirentsInputs": {}, + "envVariables": {}, + "generatedRepoSpecs": { + "local_config_cc": { + "bzlFile": "@@bazel_tools//tools/cpp:cc_configure.bzl", + "ruleClassName": "cc_autoconf", + "attributes": {} + }, + "local_config_cc_toolchains": { + "bzlFile": "@@bazel_tools//tools/cpp:cc_configure.bzl", + "ruleClassName": "cc_autoconf_toolchains", + "attributes": {} + } + }, + "recordedRepoMappingEntries": [ + [ + "bazel_tools", + "bazel_tools", + "bazel_tools" + ] + ] + } + }, + "@@bazel_tools//tools/osx:xcode_configure.bzl%xcode_configure_extension": { + "general": { + "bzlTransitiveDigest": "Qh2bWTU6QW6wkrd87qrU4YeY+SG37Nvw3A0PR4Y0L2Y=", + "recordedFileInputs": {}, + "recordedDirentsInputs": {}, + "envVariables": {}, + "generatedRepoSpecs": { + "local_config_xcode": { + "bzlFile": "@@bazel_tools//tools/osx:xcode_configure.bzl", + "ruleClassName": "xcode_autoconf", + "attributes": { + "xcode_locator": "@bazel_tools//tools/osx:xcode_locator.m", + "remote_xcode": "" + } + } + }, + "recordedRepoMappingEntries": [] + } + }, + "@@bazel_tools//tools/sh:sh_configure.bzl%sh_configure_extension": { + "general": { + "bzlTransitiveDigest": "hp4NgmNjEg5+xgvzfh6L83bt9/aiiWETuNpwNuF1MSU=", + "recordedFileInputs": {}, + "recordedDirentsInputs": {}, + "envVariables": {}, + "generatedRepoSpecs": { + "local_config_sh": { + "bzlFile": "@@bazel_tools//tools/sh:sh_configure.bzl", + "ruleClassName": "sh_config", + "attributes": {} + } + }, + "recordedRepoMappingEntries": [] + } + }, + "@@bazel_tools//tools/test:extensions.bzl%remote_coverage_tools_extension": { + "general": { + "bzlTransitiveDigest": "l5mcjH2gWmbmIycx97bzI2stD0Q0M5gpDc0aLOHKIm8=", + "recordedFileInputs": {}, + "recordedDirentsInputs": {}, + "envVariables": {}, + "generatedRepoSpecs": { + "remote_coverage_tools": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "sha256": "7006375f6756819b7013ca875eab70a541cf7d89142d9c511ed78ea4fefa38af", + "urls": [ + "https://mirror.bazel.build/bazel_coverage_output_generator/releases/coverage_output_generator-v2.6.zip" + ] + } + } + }, + "recordedRepoMappingEntries": [] + } + }, + "@@buildifier_prebuilt~//:defs.bzl%buildifier_prebuilt_deps_extension": { + "general": { + "bzlTransitiveDigest": "uAKOFsVgkdVxGK8RC6cNqxYMcezLf942BzB5DqaZxDQ=", + "recordedFileInputs": {}, + "recordedDirentsInputs": {}, + "envVariables": {}, + "generatedRepoSpecs": { + "buildozer_darwin_amd64": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "urls": [ + "https://github.com/bazelbuild/buildtools/releases/download/v6.4.0/buildozer-darwin-amd64" + ], + "downloaded_file_path": "buildozer", + "executable": true, + "sha256": "d29e347ecd6b5673d72cb1a8de05bf1b06178dd229ff5eb67fad5100c840cc8e" + } + }, + "buildifier_linux_amd64": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "urls": [ + "https://github.com/bazelbuild/buildtools/releases/download/v6.4.0/buildifier-linux-amd64" + ], + "downloaded_file_path": "buildifier", + "executable": true, + "sha256": "be63db12899f48600bad94051123b1fd7b5251e7661b9168582ce52396132e92" + } + }, + "buildozer_darwin_arm64": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "urls": [ + "https://github.com/bazelbuild/buildtools/releases/download/v6.4.0/buildozer-darwin-arm64" + ], + "downloaded_file_path": "buildozer", + "executable": true, + "sha256": "9b9e71bdbec5e7223871e913b65d12f6d8fa026684daf991f00e52ed36a6978d" + } + }, + "buildozer_linux_amd64": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "urls": [ + "https://github.com/bazelbuild/buildtools/releases/download/v6.4.0/buildozer-linux-amd64" + ], + "downloaded_file_path": "buildozer", + "executable": true, + "sha256": "8dfd6345da4e9042daa738d7fdf34f699c5dfce4632f7207956fceedd8494119" + } + }, + "buildozer_windows_amd64": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "urls": [ + "https://github.com/bazelbuild/buildtools/releases/download/v6.4.0/buildozer-windows-amd64.exe" + ], + "downloaded_file_path": "buildozer.exe", + "executable": true, + "sha256": "e7f05bf847f7c3689dd28926460ce6e1097ae97380ac8e6ae7147b7b706ba19b" + } + }, + "buildozer_linux_arm64": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "urls": [ + "https://github.com/bazelbuild/buildtools/releases/download/v6.4.0/buildozer-linux-arm64" + ], + "downloaded_file_path": "buildozer", + "executable": true, + "sha256": "6559558fded658c8fa7432a9d011f7c4dcbac6b738feae73d2d5c352e5f605fa" + } + }, + "buildifier_windows_amd64": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "urls": [ + "https://github.com/bazelbuild/buildtools/releases/download/v6.4.0/buildifier-windows-amd64.exe" + ], + "downloaded_file_path": "buildifier.exe", + "executable": true, + "sha256": "da8372f35e34b65fb6d997844d041013bb841e55f58b54d596d35e49680fe13c" + } + }, + "buildifier_prebuilt_toolchains": { + "bzlFile": "@@buildifier_prebuilt~//:defs.bzl", + "ruleClassName": "_buildifier_toolchain_setup", + "attributes": { + "assets_json": "[{\"arch\":\"amd64\",\"name\":\"buildifier\",\"platform\":\"darwin\",\"sha256\":\"eeb47b2de27f60efe549348b183fac24eae80f1479e8b06cac0799c486df5bed\",\"version\":\"v6.4.0\"},{\"arch\":\"arm64\",\"name\":\"buildifier\",\"platform\":\"darwin\",\"sha256\":\"fa07ba0d20165917ca4cc7609f9b19a8a4392898148b7babdf6bb2a7dd963f05\",\"version\":\"v6.4.0\"},{\"arch\":\"amd64\",\"name\":\"buildifier\",\"platform\":\"linux\",\"sha256\":\"be63db12899f48600bad94051123b1fd7b5251e7661b9168582ce52396132e92\",\"version\":\"v6.4.0\"},{\"arch\":\"arm64\",\"name\":\"buildifier\",\"platform\":\"linux\",\"sha256\":\"18540fc10f86190f87485eb86963e603e41fa022f88a2d1b0cf52ff252b5e1dd\",\"version\":\"v6.4.0\"},{\"arch\":\"amd64\",\"name\":\"buildifier\",\"platform\":\"windows\",\"sha256\":\"da8372f35e34b65fb6d997844d041013bb841e55f58b54d596d35e49680fe13c\",\"version\":\"v6.4.0\"},{\"arch\":\"amd64\",\"name\":\"buildozer\",\"platform\":\"darwin\",\"sha256\":\"d29e347ecd6b5673d72cb1a8de05bf1b06178dd229ff5eb67fad5100c840cc8e\",\"version\":\"v6.4.0\"},{\"arch\":\"arm64\",\"name\":\"buildozer\",\"platform\":\"darwin\",\"sha256\":\"9b9e71bdbec5e7223871e913b65d12f6d8fa026684daf991f00e52ed36a6978d\",\"version\":\"v6.4.0\"},{\"arch\":\"amd64\",\"name\":\"buildozer\",\"platform\":\"linux\",\"sha256\":\"8dfd6345da4e9042daa738d7fdf34f699c5dfce4632f7207956fceedd8494119\",\"version\":\"v6.4.0\"},{\"arch\":\"arm64\",\"name\":\"buildozer\",\"platform\":\"linux\",\"sha256\":\"6559558fded658c8fa7432a9d011f7c4dcbac6b738feae73d2d5c352e5f605fa\",\"version\":\"v6.4.0\"},{\"arch\":\"amd64\",\"name\":\"buildozer\",\"platform\":\"windows\",\"sha256\":\"e7f05bf847f7c3689dd28926460ce6e1097ae97380ac8e6ae7147b7b706ba19b\",\"version\":\"v6.4.0\"}]" + } + }, + "buildifier_darwin_amd64": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "urls": [ + "https://github.com/bazelbuild/buildtools/releases/download/v6.4.0/buildifier-darwin-amd64" + ], + "downloaded_file_path": "buildifier", + "executable": true, + "sha256": "eeb47b2de27f60efe549348b183fac24eae80f1479e8b06cac0799c486df5bed" + } + }, + "buildifier_darwin_arm64": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "urls": [ + "https://github.com/bazelbuild/buildtools/releases/download/v6.4.0/buildifier-darwin-arm64" + ], + "downloaded_file_path": "buildifier", + "executable": true, + "sha256": "fa07ba0d20165917ca4cc7609f9b19a8a4392898148b7babdf6bb2a7dd963f05" + } + }, + "buildifier_linux_arm64": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "urls": [ + "https://github.com/bazelbuild/buildtools/releases/download/v6.4.0/buildifier-linux-arm64" + ], + "downloaded_file_path": "buildifier", + "executable": true, + "sha256": "18540fc10f86190f87485eb86963e603e41fa022f88a2d1b0cf52ff252b5e1dd" + } + } + }, + "recordedRepoMappingEntries": [ + [ + "buildifier_prebuilt~", + "bazel_skylib", + "bazel_skylib~" + ], + [ + "buildifier_prebuilt~", + "bazel_tools", + "bazel_tools" + ] + ] + } + }, + "@@buildozer~//:buildozer_binary.bzl%buildozer_binary": { + "general": { + "bzlTransitiveDigest": "EleDU/FQ1+e/RgkW3aIDmdaxZEthvoWQhsqFTxiSgMI=", + "recordedFileInputs": {}, + "recordedDirentsInputs": {}, + "envVariables": {}, + "generatedRepoSpecs": { + "buildozer_binary": { + "bzlFile": "@@buildozer~//private:buildozer_binary.bzl", + "ruleClassName": "_buildozer_binary_repo", + "attributes": { + "sha256": { + "darwin-amd64": "d29e347ecd6b5673d72cb1a8de05bf1b06178dd229ff5eb67fad5100c840cc8e", + "darwin-arm64": "9b9e71bdbec5e7223871e913b65d12f6d8fa026684daf991f00e52ed36a6978d", + "linux-amd64": "8dfd6345da4e9042daa738d7fdf34f699c5dfce4632f7207956fceedd8494119", + "linux-arm64": "6559558fded658c8fa7432a9d011f7c4dcbac6b738feae73d2d5c352e5f605fa", + "windows-amd64": "e7f05bf847f7c3689dd28926460ce6e1097ae97380ac8e6ae7147b7b706ba19b" + }, + "version": "6.4.0" + } + } + }, + "recordedRepoMappingEntries": [] + } + }, + "@@hermetic_cc_toolchain~//toolchain:ext.bzl%toolchains": { + "general": { + "bzlTransitiveDigest": "9807D0bHLtoyUNvI2pX/xV0zgk32W+pITE5rdX8VJw8=", + "recordedFileInputs": {}, + "recordedDirentsInputs": {}, + "envVariables": {}, + "generatedRepoSpecs": { + "zig_sdk": { + "bzlFile": "@@hermetic_cc_toolchain~//toolchain:defs.bzl", + "ruleClassName": "zig_repository", + "attributes": { + "version": "0.12.0", + "url_formats": [ + "https://mirror.bazel.build/ziglang.org/download/{version}/zig-{host_platform}-{version}.{_ext}", + "https://ziglang.org/download/{version}/zig-{host_platform}-{version}.{_ext}" + ], + "host_platform_sha256": { + "linux-aarch64": "754f1029484079b7e0ca3b913a0a2f2a6afd5a28990cb224fe8845e72f09de63", + "linux-x86_64": "c7ae866b8a76a568e2d5cfd31fe89cdb629bdd161fdd5018b29a4a0a17045cad", + "macos-aarch64": "294e224c14fd0822cfb15a35cf39aa14bd9967867999bf8bdfe3db7ddec2a27f", + "macos-x86_64": "4d411bf413e7667821324da248e8589278180dbc197f4f282b7dbb599a689311", + "windows-aarch64": "04c6b92689241ca7a8a59b5f12d2ca2820c09d5043c3c4808b7e93e41c7bf97b", + "windows-x86_64": "2199eb4c2000ddb1fba85ba78f1fcf9c1fb8b3e57658f6a627a8e513131893f5" + }, + "host_platform_ext": { + "linux-aarch64": "tar.xz", + "linux-x86_64": "tar.xz", + "macos-aarch64": "tar.xz", + "macos-x86_64": "tar.xz", + "windows-x86_64": "zip" + } + } + } + }, + "recordedRepoMappingEntries": [ + [ + "hermetic_cc_toolchain~", + "bazel_tools", + "bazel_tools" + ], + [ + "hermetic_cc_toolchain~", + "hermetic_cc_toolchain", + "hermetic_cc_toolchain~" + ] + ] + } + }, + "@@rules_java~//java:extensions.bzl%toolchains": { + "general": { + "bzlTransitiveDigest": "tJHbmWnq7m+9eUBnUdv7jZziQ26FmcGL9C5/hU3Q9UQ=", + "recordedFileInputs": {}, + "recordedDirentsInputs": {}, + "envVariables": {}, + "generatedRepoSpecs": { + "remotejdk21_linux_toolchain_config_repo": { + "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", + "ruleClassName": "_toolchain_config", + "attributes": { + "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_21\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"21\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk21_linux//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk21_linux//:jdk\",\n)\n" + } + }, + "remotejdk17_linux_s390x_toolchain_config_repo": { + "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", + "ruleClassName": "_toolchain_config", + "attributes": { + "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_17\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"17\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:s390x\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk17_linux_s390x//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:s390x\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk17_linux_s390x//:jdk\",\n)\n" + } + }, + "remotejdk17_macos_toolchain_config_repo": { + "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", + "ruleClassName": "_toolchain_config", + "attributes": { + "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_17\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"17\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:macos\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk17_macos//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:macos\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk17_macos//:jdk\",\n)\n" + } + }, + "remotejdk21_macos_aarch64_toolchain_config_repo": { + "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", + "ruleClassName": "_toolchain_config", + "attributes": { + "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_21\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"21\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:macos\", \"@platforms//cpu:aarch64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk21_macos_aarch64//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:macos\", \"@platforms//cpu:aarch64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk21_macos_aarch64//:jdk\",\n)\n" + } + }, + "remotejdk17_linux_aarch64_toolchain_config_repo": { + "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", + "ruleClassName": "_toolchain_config", + "attributes": { + "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_17\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"17\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:aarch64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk17_linux_aarch64//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:aarch64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk17_linux_aarch64//:jdk\",\n)\n" + } + }, + "remotejdk21_macos_aarch64": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 21,\n)\n", + "sha256": "e8260516de8b60661422a725f1df2c36ef888f6fb35393566b00e7325db3d04e", + "strip_prefix": "zulu21.32.17-ca-jdk21.0.2-macosx_aarch64", + "urls": [ + "https://mirror.bazel.build/cdn.azul.com/zulu/bin/zulu21.32.17-ca-jdk21.0.2-macosx_aarch64.tar.gz", + "https://cdn.azul.com/zulu/bin/zulu21.32.17-ca-jdk21.0.2-macosx_aarch64.tar.gz" + ] + } + }, + "remotejdk17_linux_toolchain_config_repo": { + "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", + "ruleClassName": "_toolchain_config", + "attributes": { + "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_17\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"17\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk17_linux//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk17_linux//:jdk\",\n)\n" + } + }, + "remotejdk17_macos_aarch64": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 17,\n)\n", + "sha256": "314b04568ec0ae9b36ba03c9cbd42adc9e1265f74678923b19297d66eb84dcca", + "strip_prefix": "zulu17.44.53-ca-jdk17.0.8.1-macosx_aarch64", + "urls": [ + "https://mirror.bazel.build/cdn.azul.com/zulu/bin/zulu17.44.53-ca-jdk17.0.8.1-macosx_aarch64.tar.gz", + "https://cdn.azul.com/zulu/bin/zulu17.44.53-ca-jdk17.0.8.1-macosx_aarch64.tar.gz" + ] + } + }, + "remote_java_tools_windows": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "sha256": "fe2f88169696d6c6fc6e90ba61bb46be7d0ae3693cbafdf336041bf56679e8d1", + "urls": [ + "https://mirror.bazel.build/bazel_java_tools/releases/java/v13.4/java_tools_windows-v13.4.zip", + "https://github.com/bazelbuild/java_tools/releases/download/java_v13.4/java_tools_windows-v13.4.zip" + ] + } + }, + "remotejdk11_win": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 11,\n)\n", + "sha256": "43408193ce2fa0862819495b5ae8541085b95660153f2adcf91a52d3a1710e83", + "strip_prefix": "zulu11.66.15-ca-jdk11.0.20-win_x64", + "urls": [ + "https://mirror.bazel.build/cdn.azul.com/zulu/bin/zulu11.66.15-ca-jdk11.0.20-win_x64.zip", + "https://cdn.azul.com/zulu/bin/zulu11.66.15-ca-jdk11.0.20-win_x64.zip" + ] + } + }, + "remotejdk11_win_toolchain_config_repo": { + "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", + "ruleClassName": "_toolchain_config", + "attributes": { + "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_11\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"11\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:windows\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk11_win//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:windows\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk11_win//:jdk\",\n)\n" + } + }, + "remotejdk11_linux_aarch64": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 11,\n)\n", + "sha256": "54174439f2b3fddd11f1048c397fe7bb45d4c9d66d452d6889b013d04d21c4de", + "strip_prefix": "zulu11.66.15-ca-jdk11.0.20-linux_aarch64", + "urls": [ + "https://mirror.bazel.build/cdn.azul.com/zulu/bin/zulu11.66.15-ca-jdk11.0.20-linux_aarch64.tar.gz", + "https://cdn.azul.com/zulu/bin/zulu11.66.15-ca-jdk11.0.20-linux_aarch64.tar.gz" + ] + } + }, + "remotejdk17_linux": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 17,\n)\n", + "sha256": "b9482f2304a1a68a614dfacddcf29569a72f0fac32e6c74f83dc1b9a157b8340", + "strip_prefix": "zulu17.44.53-ca-jdk17.0.8.1-linux_x64", + "urls": [ + "https://mirror.bazel.build/cdn.azul.com/zulu/bin/zulu17.44.53-ca-jdk17.0.8.1-linux_x64.tar.gz", + "https://cdn.azul.com/zulu/bin/zulu17.44.53-ca-jdk17.0.8.1-linux_x64.tar.gz" + ] + } + }, + "remotejdk11_linux_s390x_toolchain_config_repo": { + "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", + "ruleClassName": "_toolchain_config", + "attributes": { + "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_11\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"11\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:s390x\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk11_linux_s390x//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:s390x\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk11_linux_s390x//:jdk\",\n)\n" + } + }, + "remotejdk11_linux_toolchain_config_repo": { + "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", + "ruleClassName": "_toolchain_config", + "attributes": { + "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_11\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"11\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk11_linux//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk11_linux//:jdk\",\n)\n" + } + }, + "remotejdk11_macos": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 11,\n)\n", + "sha256": "bcaab11cfe586fae7583c6d9d311c64384354fb2638eb9a012eca4c3f1a1d9fd", + "strip_prefix": "zulu11.66.15-ca-jdk11.0.20-macosx_x64", + "urls": [ + "https://mirror.bazel.build/cdn.azul.com/zulu/bin/zulu11.66.15-ca-jdk11.0.20-macosx_x64.tar.gz", + "https://cdn.azul.com/zulu/bin/zulu11.66.15-ca-jdk11.0.20-macosx_x64.tar.gz" + ] + } + }, + "remotejdk11_win_arm64": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 11,\n)\n", + "sha256": "b8a28e6e767d90acf793ea6f5bed0bb595ba0ba5ebdf8b99f395266161e53ec2", + "strip_prefix": "jdk-11.0.13+8", + "urls": [ + "https://mirror.bazel.build/aka.ms/download-jdk/microsoft-jdk-11.0.13.8.1-windows-aarch64.zip" + ] + } + }, + "remotejdk17_macos": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 17,\n)\n", + "sha256": "640453e8afe8ffe0fb4dceb4535fb50db9c283c64665eebb0ba68b19e65f4b1f", + "strip_prefix": "zulu17.44.53-ca-jdk17.0.8.1-macosx_x64", + "urls": [ + "https://mirror.bazel.build/cdn.azul.com/zulu/bin/zulu17.44.53-ca-jdk17.0.8.1-macosx_x64.tar.gz", + "https://cdn.azul.com/zulu/bin/zulu17.44.53-ca-jdk17.0.8.1-macosx_x64.tar.gz" + ] + } + }, + "remotejdk21_macos": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 21,\n)\n", + "sha256": "3ad8fe288eb57d975c2786ae453a036aa46e47ab2ac3d81538ebae2a54d3c025", + "strip_prefix": "zulu21.32.17-ca-jdk21.0.2-macosx_x64", + "urls": [ + "https://mirror.bazel.build/cdn.azul.com/zulu/bin/zulu21.32.17-ca-jdk21.0.2-macosx_x64.tar.gz", + "https://cdn.azul.com/zulu/bin/zulu21.32.17-ca-jdk21.0.2-macosx_x64.tar.gz" + ] + } + }, + "remotejdk21_macos_toolchain_config_repo": { + "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", + "ruleClassName": "_toolchain_config", + "attributes": { + "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_21\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"21\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:macos\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk21_macos//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:macos\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk21_macos//:jdk\",\n)\n" + } + }, + "remotejdk17_macos_aarch64_toolchain_config_repo": { + "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", + "ruleClassName": "_toolchain_config", + "attributes": { + "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_17\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"17\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:macos\", \"@platforms//cpu:aarch64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk17_macos_aarch64//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:macos\", \"@platforms//cpu:aarch64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk17_macos_aarch64//:jdk\",\n)\n" + } + }, + "remotejdk17_win": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 17,\n)\n", + "sha256": "192f2afca57701de6ec496234f7e45d971bf623ff66b8ee4a5c81582054e5637", + "strip_prefix": "zulu17.44.53-ca-jdk17.0.8.1-win_x64", + "urls": [ + "https://mirror.bazel.build/cdn.azul.com/zulu/bin/zulu17.44.53-ca-jdk17.0.8.1-win_x64.zip", + "https://cdn.azul.com/zulu/bin/zulu17.44.53-ca-jdk17.0.8.1-win_x64.zip" + ] + } + }, + "remotejdk11_macos_aarch64_toolchain_config_repo": { + "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", + "ruleClassName": "_toolchain_config", + "attributes": { + "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_11\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"11\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:macos\", \"@platforms//cpu:aarch64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk11_macos_aarch64//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:macos\", \"@platforms//cpu:aarch64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk11_macos_aarch64//:jdk\",\n)\n" + } + }, + "remotejdk11_linux_ppc64le_toolchain_config_repo": { + "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", + "ruleClassName": "_toolchain_config", + "attributes": { + "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_11\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"11\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:ppc\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk11_linux_ppc64le//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:ppc\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk11_linux_ppc64le//:jdk\",\n)\n" + } + }, + "remotejdk21_linux": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 21,\n)\n", + "sha256": "5ad730fbee6bb49bfff10bf39e84392e728d89103d3474a7e5def0fd134b300a", + "strip_prefix": "zulu21.32.17-ca-jdk21.0.2-linux_x64", + "urls": [ + "https://mirror.bazel.build/cdn.azul.com/zulu/bin/zulu21.32.17-ca-jdk21.0.2-linux_x64.tar.gz", + "https://cdn.azul.com/zulu/bin/zulu21.32.17-ca-jdk21.0.2-linux_x64.tar.gz" + ] + } + }, + "remote_java_tools_linux": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "sha256": "ba10f09a138cf185d04cbc807d67a3da42ab13d618c5d1ce20d776e199c33a39", + "urls": [ + "https://mirror.bazel.build/bazel_java_tools/releases/java/v13.4/java_tools_linux-v13.4.zip", + "https://github.com/bazelbuild/java_tools/releases/download/java_v13.4/java_tools_linux-v13.4.zip" + ] + } + }, + "remotejdk21_win": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 21,\n)\n", + "sha256": "f7cc15ca17295e69c907402dfe8db240db446e75d3b150da7bf67243cded93de", + "strip_prefix": "zulu21.32.17-ca-jdk21.0.2-win_x64", + "urls": [ + "https://mirror.bazel.build/cdn.azul.com/zulu/bin/zulu21.32.17-ca-jdk21.0.2-win_x64.zip", + "https://cdn.azul.com/zulu/bin/zulu21.32.17-ca-jdk21.0.2-win_x64.zip" + ] + } + }, + "remotejdk21_linux_aarch64": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 21,\n)\n", + "sha256": "ce7df1af5d44a9f455617c4b8891443fbe3e4b269c777d8b82ed66f77167cfe0", + "strip_prefix": "zulu21.32.17-ca-jdk21.0.2-linux_aarch64", + "urls": [ + "https://cdn.azul.com/zulu/bin/zulu21.32.17-ca-jdk21.0.2-linux_aarch64.tar.gz", + "https://mirror.bazel.build/cdn.azul.com/zulu/bin/zulu21.32.17-ca-jdk21.0.2-linux_aarch64.tar.gz" + ] + } + }, + "remotejdk11_linux_aarch64_toolchain_config_repo": { + "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", + "ruleClassName": "_toolchain_config", + "attributes": { + "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_11\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"11\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:aarch64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk11_linux_aarch64//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:aarch64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk11_linux_aarch64//:jdk\",\n)\n" + } + }, + "remotejdk11_linux_s390x": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 11,\n)\n", + "sha256": "a58fc0361966af0a5d5a31a2d8a208e3c9bb0f54f345596fd80b99ea9a39788b", + "strip_prefix": "jdk-11.0.15+10", + "urls": [ + "https://mirror.bazel.build/github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.15+10/OpenJDK11U-jdk_s390x_linux_hotspot_11.0.15_10.tar.gz", + "https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.15+10/OpenJDK11U-jdk_s390x_linux_hotspot_11.0.15_10.tar.gz" + ] + } + }, + "remotejdk17_linux_aarch64": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 17,\n)\n", + "sha256": "6531cef61e416d5a7b691555c8cf2bdff689201b8a001ff45ab6740062b44313", + "strip_prefix": "zulu17.44.53-ca-jdk17.0.8.1-linux_aarch64", + "urls": [ + "https://mirror.bazel.build/cdn.azul.com/zulu/bin/zulu17.44.53-ca-jdk17.0.8.1-linux_aarch64.tar.gz", + "https://cdn.azul.com/zulu/bin/zulu17.44.53-ca-jdk17.0.8.1-linux_aarch64.tar.gz" + ] + } + }, + "remotejdk17_win_arm64_toolchain_config_repo": { + "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", + "ruleClassName": "_toolchain_config", + "attributes": { + "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_17\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"17\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:windows\", \"@platforms//cpu:arm64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk17_win_arm64//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:windows\", \"@platforms//cpu:arm64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk17_win_arm64//:jdk\",\n)\n" + } + }, + "remotejdk11_linux": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 11,\n)\n", + "sha256": "a34b404f87a08a61148b38e1416d837189e1df7a040d949e743633daf4695a3c", + "strip_prefix": "zulu11.66.15-ca-jdk11.0.20-linux_x64", + "urls": [ + "https://mirror.bazel.build/cdn.azul.com/zulu/bin/zulu11.66.15-ca-jdk11.0.20-linux_x64.tar.gz", + "https://cdn.azul.com/zulu/bin/zulu11.66.15-ca-jdk11.0.20-linux_x64.tar.gz" + ] + } + }, + "remotejdk11_macos_toolchain_config_repo": { + "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", + "ruleClassName": "_toolchain_config", + "attributes": { + "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_11\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"11\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:macos\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk11_macos//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:macos\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk11_macos//:jdk\",\n)\n" + } + }, + "remotejdk17_linux_ppc64le_toolchain_config_repo": { + "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", + "ruleClassName": "_toolchain_config", + "attributes": { + "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_17\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"17\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:ppc\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk17_linux_ppc64le//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:ppc\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk17_linux_ppc64le//:jdk\",\n)\n" + } + }, + "remotejdk17_win_arm64": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 17,\n)\n", + "sha256": "6802c99eae0d788e21f52d03cab2e2b3bf42bc334ca03cbf19f71eb70ee19f85", + "strip_prefix": "zulu17.44.53-ca-jdk17.0.8.1-win_aarch64", + "urls": [ + "https://mirror.bazel.build/cdn.azul.com/zulu/bin/zulu17.44.53-ca-jdk17.0.8.1-win_aarch64.zip", + "https://cdn.azul.com/zulu/bin/zulu17.44.53-ca-jdk17.0.8.1-win_aarch64.zip" + ] + } + }, + "remote_java_tools_darwin_arm64": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "sha256": "076a7e198ad077f8c7d997986ef5102427fae6bbfce7a7852d2e080ed8767528", + "urls": [ + "https://mirror.bazel.build/bazel_java_tools/releases/java/v13.4/java_tools_darwin_arm64-v13.4.zip", + "https://github.com/bazelbuild/java_tools/releases/download/java_v13.4/java_tools_darwin_arm64-v13.4.zip" + ] + } + }, + "remotejdk17_linux_ppc64le": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 17,\n)\n", + "sha256": "00a4c07603d0218cd678461b5b3b7e25b3253102da4022d31fc35907f21a2efd", + "strip_prefix": "jdk-17.0.8.1+1", + "urls": [ + "https://mirror.bazel.build/github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.8.1%2B1/OpenJDK17U-jdk_ppc64le_linux_hotspot_17.0.8.1_1.tar.gz", + "https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.8.1%2B1/OpenJDK17U-jdk_ppc64le_linux_hotspot_17.0.8.1_1.tar.gz" + ] + } + }, + "remotejdk21_linux_aarch64_toolchain_config_repo": { + "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", + "ruleClassName": "_toolchain_config", + "attributes": { + "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_21\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"21\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:aarch64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk21_linux_aarch64//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:aarch64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk21_linux_aarch64//:jdk\",\n)\n" + } + }, + "remotejdk11_win_arm64_toolchain_config_repo": { + "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", + "ruleClassName": "_toolchain_config", + "attributes": { + "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_11\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"11\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:windows\", \"@platforms//cpu:arm64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk11_win_arm64//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:windows\", \"@platforms//cpu:arm64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk11_win_arm64//:jdk\",\n)\n" + } + }, + "local_jdk": { + "bzlFile": "@@rules_java~//toolchains:local_java_repository.bzl", + "ruleClassName": "_local_java_repository_rule", + "attributes": { + "java_home": "", + "version": "", + "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = {RUNTIME_VERSION},\n)\n" + } + }, + "remote_java_tools_darwin_x86_64": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "sha256": "4523aec4d09c587091a2dae6f5c9bc6922c220f3b6030e5aba9c8f015913cc65", + "urls": [ + "https://mirror.bazel.build/bazel_java_tools/releases/java/v13.4/java_tools_darwin_x86_64-v13.4.zip", + "https://github.com/bazelbuild/java_tools/releases/download/java_v13.4/java_tools_darwin_x86_64-v13.4.zip" + ] + } + }, + "remote_java_tools": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "sha256": "e025fd260ac39b47c111f5212d64ec0d00d85dec16e49368aae82fc626a940cf", + "urls": [ + "https://mirror.bazel.build/bazel_java_tools/releases/java/v13.4/java_tools-v13.4.zip", + "https://github.com/bazelbuild/java_tools/releases/download/java_v13.4/java_tools-v13.4.zip" + ] + } + }, + "remotejdk17_linux_s390x": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 17,\n)\n", + "sha256": "ffacba69c6843d7ca70d572489d6cc7ab7ae52c60f0852cedf4cf0d248b6fc37", + "strip_prefix": "jdk-17.0.8.1+1", + "urls": [ + "https://mirror.bazel.build/github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.8.1%2B1/OpenJDK17U-jdk_s390x_linux_hotspot_17.0.8.1_1.tar.gz", + "https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.8.1%2B1/OpenJDK17U-jdk_s390x_linux_hotspot_17.0.8.1_1.tar.gz" + ] + } + }, + "remotejdk17_win_toolchain_config_repo": { + "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", + "ruleClassName": "_toolchain_config", + "attributes": { + "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_17\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"17\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:windows\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk17_win//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:windows\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk17_win//:jdk\",\n)\n" + } + }, + "remotejdk11_linux_ppc64le": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 11,\n)\n", + "sha256": "a8fba686f6eb8ae1d1a9566821dbd5a85a1108b96ad857fdbac5c1e4649fc56f", + "strip_prefix": "jdk-11.0.15+10", + "urls": [ + "https://mirror.bazel.build/github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.15+10/OpenJDK11U-jdk_ppc64le_linux_hotspot_11.0.15_10.tar.gz", + "https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.15+10/OpenJDK11U-jdk_ppc64le_linux_hotspot_11.0.15_10.tar.gz" + ] + } + }, + "remotejdk11_macos_aarch64": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 11,\n)\n", + "sha256": "7632bc29f8a4b7d492b93f3bc75a7b61630894db85d136456035ab2a24d38885", + "strip_prefix": "zulu11.66.15-ca-jdk11.0.20-macosx_aarch64", + "urls": [ + "https://mirror.bazel.build/cdn.azul.com/zulu/bin/zulu11.66.15-ca-jdk11.0.20-macosx_aarch64.tar.gz", + "https://cdn.azul.com/zulu/bin/zulu11.66.15-ca-jdk11.0.20-macosx_aarch64.tar.gz" + ] + } + }, + "remotejdk21_win_toolchain_config_repo": { + "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", + "ruleClassName": "_toolchain_config", + "attributes": { + "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_21\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"21\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:windows\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk21_win//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:windows\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk21_win//:jdk\",\n)\n" + } + } + }, + "recordedRepoMappingEntries": [ + [ + "rules_java~", + "bazel_tools", + "bazel_tools" + ], + [ + "rules_java~", + "remote_java_tools", + "rules_java~~toolchains~remote_java_tools" + ] + ] + } + }, + "@@rules_jvm_external~//:extensions.bzl%maven": { + "general": { + "bzlTransitiveDigest": "v8HssW6WP6B8s0BwuAMJuQCz6cQ9jlhOfx4dKBtPYB4=", + "recordedFileInputs": { + "@@rules_jvm_external~//rules_jvm_external_deps_install.json": "10442a5ae27d9ff4c2003e5ab71643bf0d8b48dcf968b4173fa274c3232a8c06" + }, + "recordedDirentsInputs": {}, + "envVariables": {}, + "generatedRepoSpecs": { + "org_slf4j_slf4j_api_1_7_30": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "cdba07964d1bb40a0761485c6b1e8c2f8fd9eb1d19c53928ac0d7f9510105c57", + "urls": [ + "https://repo1.maven.org/maven2/org/slf4j/slf4j-api/1.7.30/slf4j-api-1.7.30.jar", + "https://maven.google.com/org/slf4j/slf4j-api/1.7.30/slf4j-api-1.7.30.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/org/slf4j/slf4j-api/1.7.30/slf4j-api-1.7.30.jar" + } + }, + "com_google_api_grpc_proto_google_common_protos_2_0_1": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "5ce71656118618731e34a5d4c61aa3a031be23446dc7de8b5a5e77b66ebcd6ef", + "urls": [ + "https://repo1.maven.org/maven2/com/google/api/grpc/proto-google-common-protos/2.0.1/proto-google-common-protos-2.0.1.jar", + "https://maven.google.com/com/google/api/grpc/proto-google-common-protos/2.0.1/proto-google-common-protos-2.0.1.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/api/grpc/proto-google-common-protos/2.0.1/proto-google-common-protos-2.0.1.jar" + } + }, + "com_google_api_gax_1_60_0": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "02f37d4ff1a7b8d71dff8064cf9568aa4f4b61bcc4485085d16130f32afa5a79", + "urls": [ + "https://repo1.maven.org/maven2/com/google/api/gax/1.60.0/gax-1.60.0.jar", + "https://maven.google.com/com/google/api/gax/1.60.0/gax-1.60.0.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/api/gax/1.60.0/gax-1.60.0.jar" + } + }, + "com_google_guava_failureaccess_1_0_1": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "a171ee4c734dd2da837e4b16be9df4661afab72a41adaf31eb84dfdaf936ca26", + "urls": [ + "https://repo1.maven.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar", + "https://maven.google.com/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar" + } + }, + "commons_logging_commons_logging_1_2": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636", + "urls": [ + "https://repo1.maven.org/maven2/commons-logging/commons-logging/1.2/commons-logging-1.2.jar", + "https://maven.google.com/commons-logging/commons-logging/1.2/commons-logging-1.2.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/commons-logging/commons-logging/1.2/commons-logging-1.2.jar" + } + }, + "com_google_http_client_google_http_client_appengine_1_38_0": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "f97b495fd97ac3a3d59099eb2b55025f4948230da15a076f189b9cff37c6b4d2", + "urls": [ + "https://repo1.maven.org/maven2/com/google/http-client/google-http-client-appengine/1.38.0/google-http-client-appengine-1.38.0.jar", + "https://maven.google.com/com/google/http-client/google-http-client-appengine/1.38.0/google-http-client-appengine-1.38.0.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/http-client/google-http-client-appengine/1.38.0/google-http-client-appengine-1.38.0.jar" + } + }, + "com_google_cloud_google_cloud_storage_1_113_4": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "796833e9bdab80c40bbc820e65087eb8f28c6bfbca194d2e3e00d98cb5bc55d6", + "urls": [ + "https://repo1.maven.org/maven2/com/google/cloud/google-cloud-storage/1.113.4/google-cloud-storage-1.113.4.jar", + "https://maven.google.com/com/google/cloud/google-cloud-storage/1.113.4/google-cloud-storage-1.113.4.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/cloud/google-cloud-storage/1.113.4/google-cloud-storage-1.113.4.jar" + } + }, + "io_grpc_grpc_context_1_33_1": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "99b8aea2b614fe0e61c3676e681259dc43c2de7f64620998e1a8435eb2976496", + "urls": [ + "https://repo1.maven.org/maven2/io/grpc/grpc-context/1.33.1/grpc-context-1.33.1.jar", + "https://maven.google.com/io/grpc/grpc-context/1.33.1/grpc-context-1.33.1.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/io/grpc/grpc-context/1.33.1/grpc-context-1.33.1.jar" + } + }, + "com_google_api_grpc_proto_google_iam_v1_1_0_3": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "64cee7383a97e846da8d8e160e6c8fe30561e507260552c59e6ccfc81301fdc8", + "urls": [ + "https://repo1.maven.org/maven2/com/google/api/grpc/proto-google-iam-v1/1.0.3/proto-google-iam-v1-1.0.3.jar", + "https://maven.google.com/com/google/api/grpc/proto-google-iam-v1/1.0.3/proto-google-iam-v1-1.0.3.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/api/grpc/proto-google-iam-v1/1.0.3/proto-google-iam-v1-1.0.3.jar" + } + }, + "com_google_api_api_common_1_10_1": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "2a033f24bb620383eda440ad307cb8077cfec1c7eadc684d65216123a1b9613a", + "urls": [ + "https://repo1.maven.org/maven2/com/google/api/api-common/1.10.1/api-common-1.10.1.jar", + "https://maven.google.com/com/google/api/api-common/1.10.1/api-common-1.10.1.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/api/api-common/1.10.1/api-common-1.10.1.jar" + } + }, + "com_google_auth_google_auth_library_oauth2_http_0_22_0": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "1722d895c42dc42ea1d1f392ddbec1fbb28f7a979022c3a6c29acc39cc777ad1", + "urls": [ + "https://repo1.maven.org/maven2/com/google/auth/google-auth-library-oauth2-http/0.22.0/google-auth-library-oauth2-http-0.22.0.jar", + "https://maven.google.com/com/google/auth/google-auth-library-oauth2-http/0.22.0/google-auth-library-oauth2-http-0.22.0.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/auth/google-auth-library-oauth2-http/0.22.0/google-auth-library-oauth2-http-0.22.0.jar" + } + }, + "com_typesafe_netty_netty_reactive_streams_2_0_5": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "f949849fc8ee75fde468ba3a35df2e04577fa31a2940b83b2a7dc9d14dac13d6", + "urls": [ + "https://repo1.maven.org/maven2/com/typesafe/netty/netty-reactive-streams/2.0.5/netty-reactive-streams-2.0.5.jar", + "https://maven.google.com/com/typesafe/netty/netty-reactive-streams/2.0.5/netty-reactive-streams-2.0.5.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/typesafe/netty/netty-reactive-streams/2.0.5/netty-reactive-streams-2.0.5.jar" + } + }, + "com_typesafe_netty_netty_reactive_streams_http_2_0_5": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "b39224751ad936758176e9d994230380ade5e9079e7c8ad778e3995779bcf303", + "urls": [ + "https://repo1.maven.org/maven2/com/typesafe/netty/netty-reactive-streams-http/2.0.5/netty-reactive-streams-http-2.0.5.jar", + "https://maven.google.com/com/typesafe/netty/netty-reactive-streams-http/2.0.5/netty-reactive-streams-http-2.0.5.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/typesafe/netty/netty-reactive-streams-http/2.0.5/netty-reactive-streams-http-2.0.5.jar" + } + }, + "javax_annotation_javax_annotation_api_1_3_2": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "e04ba5195bcd555dc95650f7cc614d151e4bcd52d29a10b8aa2197f3ab89ab9b", + "urls": [ + "https://repo1.maven.org/maven2/javax/annotation/javax.annotation-api/1.3.2/javax.annotation-api-1.3.2.jar", + "https://maven.google.com/javax/annotation/javax.annotation-api/1.3.2/javax.annotation-api-1.3.2.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/javax/annotation/javax.annotation-api/1.3.2/javax.annotation-api-1.3.2.jar" + } + }, + "com_google_j2objc_j2objc_annotations_1_3": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "21af30c92267bd6122c0e0b4d20cccb6641a37eaf956c6540ec471d584e64a7b", + "urls": [ + "https://repo1.maven.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar", + "https://maven.google.com/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar" + } + }, + "software_amazon_awssdk_metrics_spi_2_17_183": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "08a11dc8c4ba464beafbcc7ac05b8c724c1ccb93da99482e82a68540ac704e4a", + "urls": [ + "https://repo1.maven.org/maven2/software/amazon/awssdk/metrics-spi/2.17.183/metrics-spi-2.17.183.jar", + "https://maven.google.com/software/amazon/awssdk/metrics-spi/2.17.183/metrics-spi-2.17.183.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/metrics-spi/2.17.183/metrics-spi-2.17.183.jar" + } + }, + "org_reactivestreams_reactive_streams_1_0_3": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "1dee0481072d19c929b623e155e14d2f6085dc011529a0a0dbefc84cf571d865", + "urls": [ + "https://repo1.maven.org/maven2/org/reactivestreams/reactive-streams/1.0.3/reactive-streams-1.0.3.jar", + "https://maven.google.com/org/reactivestreams/reactive-streams/1.0.3/reactive-streams-1.0.3.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/org/reactivestreams/reactive-streams/1.0.3/reactive-streams-1.0.3.jar" + } + }, + "com_google_http_client_google_http_client_jackson2_1_38_0": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "e6504a82425fcc2168a4ca4175138ddcc085168daed8cdedb86d8f6fdc296e1e", + "urls": [ + "https://repo1.maven.org/maven2/com/google/http-client/google-http-client-jackson2/1.38.0/google-http-client-jackson2-1.38.0.jar", + "https://maven.google.com/com/google/http-client/google-http-client-jackson2/1.38.0/google-http-client-jackson2-1.38.0.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/http-client/google-http-client-jackson2/1.38.0/google-http-client-jackson2-1.38.0.jar" + } + }, + "io_netty_netty_transport_4_1_72_Final": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "c5fb68e9a65b6e8a516adfcb9fa323479ee7b4d9449d8a529d2ecab3d3711d5a", + "urls": [ + "https://repo1.maven.org/maven2/io/netty/netty-transport/4.1.72.Final/netty-transport-4.1.72.Final.jar", + "https://maven.google.com/io/netty/netty-transport/4.1.72.Final/netty-transport-4.1.72.Final.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/io/netty/netty-transport/4.1.72.Final/netty-transport-4.1.72.Final.jar" + } + }, + "io_netty_netty_codec_http2_4_1_72_Final": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "c89a70500f59e8563e720aaa808263a514bd9e2bd91ba84eab8c2ccb45f234b2", + "urls": [ + "https://repo1.maven.org/maven2/io/netty/netty-codec-http2/4.1.72.Final/netty-codec-http2-4.1.72.Final.jar", + "https://maven.google.com/io/netty/netty-codec-http2/4.1.72.Final/netty-codec-http2-4.1.72.Final.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/io/netty/netty-codec-http2/4.1.72.Final/netty-codec-http2-4.1.72.Final.jar" + } + }, + "io_opencensus_opencensus_api_0_24_0": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "f561b1cc2673844288e596ddf5bb6596868a8472fd2cb8993953fc5c034b2352", + "urls": [ + "https://repo1.maven.org/maven2/io/opencensus/opencensus-api/0.24.0/opencensus-api-0.24.0.jar", + "https://maven.google.com/io/opencensus/opencensus-api/0.24.0/opencensus-api-0.24.0.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/io/opencensus/opencensus-api/0.24.0/opencensus-api-0.24.0.jar" + } + }, + "rules_jvm_external_deps": { + "bzlFile": "@@rules_jvm_external~//:coursier.bzl", + "ruleClassName": "pinned_coursier_fetch", + "attributes": { + "repositories": [ + "{ \"repo_url\": \"https://repo1.maven.org/maven2\" }" + ], + "artifacts": [ + "{\"artifact\":\"google-cloud-core\",\"group\":\"com.google.cloud\",\"version\":\"1.93.10\"}", + "{\"artifact\":\"google-cloud-storage\",\"group\":\"com.google.cloud\",\"version\":\"1.113.4\"}", + "{\"artifact\":\"gson\",\"group\":\"com.google.code.gson\",\"version\":\"2.9.0\"}", + "{\"artifact\":\"maven-artifact\",\"group\":\"org.apache.maven\",\"version\":\"3.8.6\"}", + "{\"artifact\":\"s3\",\"group\":\"software.amazon.awssdk\",\"version\":\"2.17.183\"}" + ], + "fetch_sources": true, + "fetch_javadoc": false, + "generate_compat_repositories": false, + "maven_install_json": "@@rules_jvm_external~//:rules_jvm_external_deps_install.json", + "override_targets": {}, + "strict_visibility": false, + "strict_visibility_value": [ + "@@//visibility:private" + ], + "jetify": false, + "jetify_include_list": [ + "*" + ], + "additional_netrc_lines": [], + "fail_if_repin_required": false, + "use_starlark_android_rules": false, + "aar_import_bzl_label": "@build_bazel_rules_android//android:rules.bzl", + "duplicate_version_warning": "warn" + } + }, + "org_threeten_threetenbp_1_5_0": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "dcf9c0f940739f2a825cd8626ff27113459a2f6eb18797c7152f93fff69c264f", + "urls": [ + "https://repo1.maven.org/maven2/org/threeten/threetenbp/1.5.0/threetenbp-1.5.0.jar", + "https://maven.google.com/org/threeten/threetenbp/1.5.0/threetenbp-1.5.0.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/org/threeten/threetenbp/1.5.0/threetenbp-1.5.0.jar" + } + }, + "software_amazon_awssdk_http_client_spi_2_17_183": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "fe7120f175df9e47ebcc5d946d7f40110faf2ba0a30364f3b935d5b8a5a6c3c6", + "urls": [ + "https://repo1.maven.org/maven2/software/amazon/awssdk/http-client-spi/2.17.183/http-client-spi-2.17.183.jar", + "https://maven.google.com/software/amazon/awssdk/http-client-spi/2.17.183/http-client-spi-2.17.183.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/http-client-spi/2.17.183/http-client-spi-2.17.183.jar" + } + }, + "software_amazon_awssdk_third_party_jackson_core_2_17_183": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "1bc27c9960993c20e1ab058012dd1ae04c875eec9f0f08f2b2ca41e578dee9a4", + "urls": [ + "https://repo1.maven.org/maven2/software/amazon/awssdk/third-party-jackson-core/2.17.183/third-party-jackson-core-2.17.183.jar", + "https://maven.google.com/software/amazon/awssdk/third-party-jackson-core/2.17.183/third-party-jackson-core-2.17.183.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/third-party-jackson-core/2.17.183/third-party-jackson-core-2.17.183.jar" + } + }, + "software_amazon_eventstream_eventstream_1_0_1": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "0c37d8e696117f02c302191b8110b0d0eb20fa412fce34c3a269ec73c16ce822", + "urls": [ + "https://repo1.maven.org/maven2/software/amazon/eventstream/eventstream/1.0.1/eventstream-1.0.1.jar", + "https://maven.google.com/software/amazon/eventstream/eventstream/1.0.1/eventstream-1.0.1.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/eventstream/eventstream/1.0.1/eventstream-1.0.1.jar" + } + }, + "com_google_oauth_client_google_oauth_client_1_31_1": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "4ed4e2948251dbda66ce251bd7f3b32cd8570055e5cdb165a3c7aea8f43da0ff", + "urls": [ + "https://repo1.maven.org/maven2/com/google/oauth-client/google-oauth-client/1.31.1/google-oauth-client-1.31.1.jar", + "https://maven.google.com/com/google/oauth-client/google-oauth-client/1.31.1/google-oauth-client-1.31.1.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/oauth-client/google-oauth-client/1.31.1/google-oauth-client-1.31.1.jar" + } + }, + "maven": { + "bzlFile": "@@rules_jvm_external~//:coursier.bzl", + "ruleClassName": "coursier_fetch", + "attributes": { + "repositories": [ + "{ \"repo_url\": \"https://repo1.maven.org/maven2\" }" + ], + "artifacts": [ + "{\"artifact\":\"jsr305\",\"group\":\"com.google.code.findbugs\",\"version\":\"3.0.2\"}", + "{\"artifact\":\"gson\",\"group\":\"com.google.code.gson\",\"version\":\"2.8.9\"}", + "{\"artifact\":\"error_prone_annotations\",\"group\":\"com.google.errorprone\",\"version\":\"2.3.2\"}", + "{\"artifact\":\"j2objc-annotations\",\"group\":\"com.google.j2objc\",\"version\":\"1.3\"}", + "{\"artifact\":\"guava\",\"group\":\"com.google.guava\",\"version\":\"31.1-jre\"}", + "{\"artifact\":\"guava-testlib\",\"group\":\"com.google.guava\",\"version\":\"31.1-jre\"}", + "{\"artifact\":\"truth\",\"group\":\"com.google.truth\",\"version\":\"1.1.2\"}", + "{\"artifact\":\"junit\",\"group\":\"junit\",\"version\":\"4.13.2\"}", + "{\"artifact\":\"mockito-core\",\"group\":\"org.mockito\",\"version\":\"4.3.1\"}" + ], + "fail_on_missing_checksum": true, + "fetch_sources": true, + "fetch_javadoc": false, + "use_unsafe_shared_cache": false, + "excluded_artifacts": [], + "generate_compat_repositories": false, + "version_conflict_policy": "default", + "override_targets": {}, + "strict_visibility": false, + "strict_visibility_value": [ + "@@//visibility:private" + ], + "resolve_timeout": 600, + "jetify": false, + "jetify_include_list": [ + "*" + ], + "use_starlark_android_rules": false, + "aar_import_bzl_label": "@build_bazel_rules_android//android:rules.bzl", + "duplicate_version_warning": "warn" + } + }, + "software_amazon_awssdk_aws_xml_protocol_2_17_183": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "566bba05d49256fa6994efd68fa625ae05a62ea45ee74bb9130d20ea20988363", + "urls": [ + "https://repo1.maven.org/maven2/software/amazon/awssdk/aws-xml-protocol/2.17.183/aws-xml-protocol-2.17.183.jar", + "https://maven.google.com/software/amazon/awssdk/aws-xml-protocol/2.17.183/aws-xml-protocol-2.17.183.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/aws-xml-protocol/2.17.183/aws-xml-protocol-2.17.183.jar" + } + }, + "software_amazon_awssdk_annotations_2_17_183": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "8e4d72361ca805a0bd8bbd9017cd7ff77c8d170f2dd469c7d52d5653330bb3fd", + "urls": [ + "https://repo1.maven.org/maven2/software/amazon/awssdk/annotations/2.17.183/annotations-2.17.183.jar", + "https://maven.google.com/software/amazon/awssdk/annotations/2.17.183/annotations-2.17.183.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/annotations/2.17.183/annotations-2.17.183.jar" + } + }, + "software_amazon_awssdk_netty_nio_client_2_17_183": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "a6d356f364c56d7b90006b0b7e503b8630010993a5587ce42e74b10b8dca2238", + "urls": [ + "https://repo1.maven.org/maven2/software/amazon/awssdk/netty-nio-client/2.17.183/netty-nio-client-2.17.183.jar", + "https://maven.google.com/software/amazon/awssdk/netty-nio-client/2.17.183/netty-nio-client-2.17.183.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/netty-nio-client/2.17.183/netty-nio-client-2.17.183.jar" + } + }, + "com_google_auto_value_auto_value_annotations_1_7_4": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "fedd59b0b4986c342f6ab2d182f2a4ee9fceb2c7e2d5bdc4dc764c92394a23d3", + "urls": [ + "https://repo1.maven.org/maven2/com/google/auto/value/auto-value-annotations/1.7.4/auto-value-annotations-1.7.4.jar", + "https://maven.google.com/com/google/auto/value/auto-value-annotations/1.7.4/auto-value-annotations-1.7.4.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/auto/value/auto-value-annotations/1.7.4/auto-value-annotations-1.7.4.jar" + } + }, + "io_netty_netty_transport_native_unix_common_4_1_72_Final": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "6f8f1cc29b5a234eeee9439a63eb3f03a5994aa540ff555cb0b2c88cefaf6877", + "urls": [ + "https://repo1.maven.org/maven2/io/netty/netty-transport-native-unix-common/4.1.72.Final/netty-transport-native-unix-common-4.1.72.Final.jar", + "https://maven.google.com/io/netty/netty-transport-native-unix-common/4.1.72.Final/netty-transport-native-unix-common-4.1.72.Final.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/io/netty/netty-transport-native-unix-common/4.1.72.Final/netty-transport-native-unix-common-4.1.72.Final.jar" + } + }, + "io_opencensus_opencensus_contrib_http_util_0_24_0": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "7155273bbb1ed3d477ea33cf19d7bbc0b285ff395f43b29ae576722cf247000f", + "urls": [ + "https://repo1.maven.org/maven2/io/opencensus/opencensus-contrib-http-util/0.24.0/opencensus-contrib-http-util-0.24.0.jar", + "https://maven.google.com/io/opencensus/opencensus-contrib-http-util/0.24.0/opencensus-contrib-http-util-0.24.0.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/io/opencensus/opencensus-contrib-http-util/0.24.0/opencensus-contrib-http-util-0.24.0.jar" + } + }, + "com_fasterxml_jackson_core_jackson_core_2_11_3": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "78cd0a6b936232e06dd3e38da8a0345348a09cd1ff9c4d844c6ee72c75cfc402", + "urls": [ + "https://repo1.maven.org/maven2/com/fasterxml/jackson/core/jackson-core/2.11.3/jackson-core-2.11.3.jar", + "https://maven.google.com/com/fasterxml/jackson/core/jackson-core/2.11.3/jackson-core-2.11.3.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/fasterxml/jackson/core/jackson-core/2.11.3/jackson-core-2.11.3.jar" + } + }, + "com_google_cloud_google_cloud_core_1_93_10": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "832d74eca66f4601e162a8460d6f59f50d1d23f93c18b02654423b6b0d67c6ea", + "urls": [ + "https://repo1.maven.org/maven2/com/google/cloud/google-cloud-core/1.93.10/google-cloud-core-1.93.10.jar", + "https://maven.google.com/com/google/cloud/google-cloud-core/1.93.10/google-cloud-core-1.93.10.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/cloud/google-cloud-core/1.93.10/google-cloud-core-1.93.10.jar" + } + }, + "com_google_auth_google_auth_library_credentials_0_22_0": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "42c76031276de5b520909e9faf88c5b3c9a722d69ee9cfdafedb1c52c355dfc5", + "urls": [ + "https://repo1.maven.org/maven2/com/google/auth/google-auth-library-credentials/0.22.0/google-auth-library-credentials-0.22.0.jar", + "https://maven.google.com/com/google/auth/google-auth-library-credentials/0.22.0/google-auth-library-credentials-0.22.0.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/auth/google-auth-library-credentials/0.22.0/google-auth-library-credentials-0.22.0.jar" + } + }, + "com_google_guava_guava_30_0_android": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "3345c82c2cc70a0053e8db9031edc6d71625ef0dea6a2c8f5ebd6cb76d2bf843", + "urls": [ + "https://repo1.maven.org/maven2/com/google/guava/guava/30.0-android/guava-30.0-android.jar", + "https://maven.google.com/com/google/guava/guava/30.0-android/guava-30.0-android.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/guava/guava/30.0-android/guava-30.0-android.jar" + } + }, + "software_amazon_awssdk_profiles_2_17_183": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "78833b32fde3f1c5320373b9ea955c1bbc28f2c904010791c4784e610193ee56", + "urls": [ + "https://repo1.maven.org/maven2/software/amazon/awssdk/profiles/2.17.183/profiles-2.17.183.jar", + "https://maven.google.com/software/amazon/awssdk/profiles/2.17.183/profiles-2.17.183.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/profiles/2.17.183/profiles-2.17.183.jar" + } + }, + "org_apache_httpcomponents_httpcore_4_4_13": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "e06e89d40943245fcfa39ec537cdbfce3762aecde8f9c597780d2b00c2b43424", + "urls": [ + "https://repo1.maven.org/maven2/org/apache/httpcomponents/httpcore/4.4.13/httpcore-4.4.13.jar", + "https://maven.google.com/org/apache/httpcomponents/httpcore/4.4.13/httpcore-4.4.13.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/org/apache/httpcomponents/httpcore/4.4.13/httpcore-4.4.13.jar" + } + }, + "io_netty_netty_common_4_1_72_Final": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "8adb4c291260ceb2859a68c49f0adeed36bf49587608e2b81ecff6aaf06025e9", + "urls": [ + "https://repo1.maven.org/maven2/io/netty/netty-common/4.1.72.Final/netty-common-4.1.72.Final.jar", + "https://maven.google.com/io/netty/netty-common/4.1.72.Final/netty-common-4.1.72.Final.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/io/netty/netty-common/4.1.72.Final/netty-common-4.1.72.Final.jar" + } + }, + "io_netty_netty_transport_classes_epoll_4_1_72_Final": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "e1528a9751c1285aa7beaf3a1eb0597151716426ce38598ac9bc0891209b9e68", + "urls": [ + "https://repo1.maven.org/maven2/io/netty/netty-transport-classes-epoll/4.1.72.Final/netty-transport-classes-epoll-4.1.72.Final.jar", + "https://maven.google.com/io/netty/netty-transport-classes-epoll/4.1.72.Final/netty-transport-classes-epoll-4.1.72.Final.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/io/netty/netty-transport-classes-epoll/4.1.72.Final/netty-transport-classes-epoll-4.1.72.Final.jar" + } + }, + "com_google_cloud_google_cloud_core_http_1_93_10": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "81ac67c14c7c4244d2b7db2607ad352416aca8d3bb2adf338964e8fea25b1b3c", + "urls": [ + "https://repo1.maven.org/maven2/com/google/cloud/google-cloud-core-http/1.93.10/google-cloud-core-http-1.93.10.jar", + "https://maven.google.com/com/google/cloud/google-cloud-core-http/1.93.10/google-cloud-core-http-1.93.10.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/cloud/google-cloud-core-http/1.93.10/google-cloud-core-http-1.93.10.jar" + } + }, + "software_amazon_awssdk_utils_2_17_183": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "7bd849bb5aa71bfdf6b849643736ecab3a7b3f204795804eefe5754104231ec6", + "urls": [ + "https://repo1.maven.org/maven2/software/amazon/awssdk/utils/2.17.183/utils-2.17.183.jar", + "https://maven.google.com/software/amazon/awssdk/utils/2.17.183/utils-2.17.183.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/utils/2.17.183/utils-2.17.183.jar" + } + }, + "org_apache_commons_commons_lang3_3_8_1": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "dac807f65b07698ff39b1b07bfef3d87ae3fd46d91bbf8a2bc02b2a831616f68", + "urls": [ + "https://repo1.maven.org/maven2/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.jar", + "https://maven.google.com/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.jar" + } + }, + "software_amazon_awssdk_aws_core_2_17_183": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "bccbdbea689a665a702ff19828662d87fb7fe81529df13f02ef1e4c474ea9f93", + "urls": [ + "https://repo1.maven.org/maven2/software/amazon/awssdk/aws-core/2.17.183/aws-core-2.17.183.jar", + "https://maven.google.com/software/amazon/awssdk/aws-core/2.17.183/aws-core-2.17.183.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/aws-core/2.17.183/aws-core-2.17.183.jar" + } + }, + "com_google_api_gax_httpjson_0_77_0": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "fd4dae47fa016d3b26e8d90b67ddc6c23c4c06e8bcdf085c70310ab7ef324bd6", + "urls": [ + "https://repo1.maven.org/maven2/com/google/api/gax-httpjson/0.77.0/gax-httpjson-0.77.0.jar", + "https://maven.google.com/com/google/api/gax-httpjson/0.77.0/gax-httpjson-0.77.0.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/api/gax-httpjson/0.77.0/gax-httpjson-0.77.0.jar" + } + }, + "unpinned_rules_jvm_external_deps": { + "bzlFile": "@@rules_jvm_external~//:coursier.bzl", + "ruleClassName": "coursier_fetch", + "attributes": { + "repositories": [ + "{ \"repo_url\": \"https://repo1.maven.org/maven2\" }" + ], + "artifacts": [ + "{\"artifact\":\"google-cloud-core\",\"group\":\"com.google.cloud\",\"version\":\"1.93.10\"}", + "{\"artifact\":\"google-cloud-storage\",\"group\":\"com.google.cloud\",\"version\":\"1.113.4\"}", + "{\"artifact\":\"gson\",\"group\":\"com.google.code.gson\",\"version\":\"2.9.0\"}", + "{\"artifact\":\"maven-artifact\",\"group\":\"org.apache.maven\",\"version\":\"3.8.6\"}", + "{\"artifact\":\"s3\",\"group\":\"software.amazon.awssdk\",\"version\":\"2.17.183\"}" + ], + "fail_on_missing_checksum": true, + "fetch_sources": true, + "fetch_javadoc": false, + "use_unsafe_shared_cache": false, + "excluded_artifacts": [], + "generate_compat_repositories": false, + "version_conflict_policy": "default", + "override_targets": {}, + "strict_visibility": false, + "strict_visibility_value": [ + "@@//visibility:private" + ], + "maven_install_json": "@@rules_jvm_external~//:rules_jvm_external_deps_install.json", + "resolve_timeout": 600, + "jetify": false, + "jetify_include_list": [ + "*" + ], + "use_starlark_android_rules": false, + "aar_import_bzl_label": "@build_bazel_rules_android//android:rules.bzl", + "duplicate_version_warning": "warn" + } + }, + "software_amazon_awssdk_regions_2_17_183": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "d3079395f3ffc07d04ffcce16fca29fb5968197f6e9ea3dbff6be297102b40a5", + "urls": [ + "https://repo1.maven.org/maven2/software/amazon/awssdk/regions/2.17.183/regions-2.17.183.jar", + "https://maven.google.com/software/amazon/awssdk/regions/2.17.183/regions-2.17.183.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/regions/2.17.183/regions-2.17.183.jar" + } + }, + "com_google_errorprone_error_prone_annotations_2_4_0": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "5f2a0648230a662e8be049df308d583d7369f13af683e44ddf5829b6d741a228", + "urls": [ + "https://repo1.maven.org/maven2/com/google/errorprone/error_prone_annotations/2.4.0/error_prone_annotations-2.4.0.jar", + "https://maven.google.com/com/google/errorprone/error_prone_annotations/2.4.0/error_prone_annotations-2.4.0.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/errorprone/error_prone_annotations/2.4.0/error_prone_annotations-2.4.0.jar" + } + }, + "io_netty_netty_handler_4_1_72_Final": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "9cb6012af7e06361d738ac4e3bdc49a158f8cf87d9dee0f2744056b7d99c28d5", + "urls": [ + "https://repo1.maven.org/maven2/io/netty/netty-handler/4.1.72.Final/netty-handler-4.1.72.Final.jar", + "https://maven.google.com/io/netty/netty-handler/4.1.72.Final/netty-handler-4.1.72.Final.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/io/netty/netty-handler/4.1.72.Final/netty-handler-4.1.72.Final.jar" + } + }, + "software_amazon_awssdk_aws_query_protocol_2_17_183": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "4dace03c76f80f3dec920cb3dedb2a95984c4366ef4fda728660cb90bed74848", + "urls": [ + "https://repo1.maven.org/maven2/software/amazon/awssdk/aws-query-protocol/2.17.183/aws-query-protocol-2.17.183.jar", + "https://maven.google.com/software/amazon/awssdk/aws-query-protocol/2.17.183/aws-query-protocol-2.17.183.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/aws-query-protocol/2.17.183/aws-query-protocol-2.17.183.jar" + } + }, + "io_netty_netty_codec_http_4_1_72_Final": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "fa6fec88010bfaf6a7415b5364671b6b18ffb6b35a986ab97b423fd8c3a0174b", + "urls": [ + "https://repo1.maven.org/maven2/io/netty/netty-codec-http/4.1.72.Final/netty-codec-http-4.1.72.Final.jar", + "https://maven.google.com/io/netty/netty-codec-http/4.1.72.Final/netty-codec-http-4.1.72.Final.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/io/netty/netty-codec-http/4.1.72.Final/netty-codec-http-4.1.72.Final.jar" + } + }, + "io_netty_netty_resolver_4_1_72_Final": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "6474598aab7cc9d8d6cfa06c05bd1b19adbf7f8451dbdd73070b33a6c60b1b90", + "urls": [ + "https://repo1.maven.org/maven2/io/netty/netty-resolver/4.1.72.Final/netty-resolver-4.1.72.Final.jar", + "https://maven.google.com/io/netty/netty-resolver/4.1.72.Final/netty-resolver-4.1.72.Final.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/io/netty/netty-resolver/4.1.72.Final/netty-resolver-4.1.72.Final.jar" + } + }, + "software_amazon_awssdk_protocol_core_2_17_183": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "10e7c4faa1f05e2d73055d0390dbd0bb6450e2e6cb85beda051b1e4693c826ce", + "urls": [ + "https://repo1.maven.org/maven2/software/amazon/awssdk/protocol-core/2.17.183/protocol-core-2.17.183.jar", + "https://maven.google.com/software/amazon/awssdk/protocol-core/2.17.183/protocol-core-2.17.183.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/protocol-core/2.17.183/protocol-core-2.17.183.jar" + } + }, + "org_checkerframework_checker_compat_qual_2_5_5": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "11d134b245e9cacc474514d2d66b5b8618f8039a1465cdc55bbc0b34e0008b7a", + "urls": [ + "https://repo1.maven.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar", + "https://maven.google.com/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar" + } + }, + "com_google_apis_google_api_services_storage_v1_rev20200927_1_30_10": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "52d26a9d105f8d8a0850807285f307a76cea8f3e0cdb2be4d3b15b1adfa77351", + "urls": [ + "https://repo1.maven.org/maven2/com/google/apis/google-api-services-storage/v1-rev20200927-1.30.10/google-api-services-storage-v1-rev20200927-1.30.10.jar", + "https://maven.google.com/com/google/apis/google-api-services-storage/v1-rev20200927-1.30.10/google-api-services-storage-v1-rev20200927-1.30.10.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/apis/google-api-services-storage/v1-rev20200927-1.30.10/google-api-services-storage-v1-rev20200927-1.30.10.jar" + } + }, + "com_google_api_client_google_api_client_1_30_11": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "ee6f97865cc7de6c7c80955c3f37372cf3887bd75e4fc06f1058a6b4cd9bf4da", + "urls": [ + "https://repo1.maven.org/maven2/com/google/api-client/google-api-client/1.30.11/google-api-client-1.30.11.jar", + "https://maven.google.com/com/google/api-client/google-api-client/1.30.11/google-api-client-1.30.11.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/api-client/google-api-client/1.30.11/google-api-client-1.30.11.jar" + } + }, + "software_amazon_awssdk_s3_2_17_183": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "ab073b91107a9e4ed9f030314077d137fe627e055ad895fabb036980a050e360", + "urls": [ + "https://repo1.maven.org/maven2/software/amazon/awssdk/s3/2.17.183/s3-2.17.183.jar", + "https://maven.google.com/software/amazon/awssdk/s3/2.17.183/s3-2.17.183.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/s3/2.17.183/s3-2.17.183.jar" + } + }, + "org_apache_maven_maven_artifact_3_8_6": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "de22a4c6f54fe31276a823b1bbd3adfd6823529e732f431b5eff0852c2b9252b", + "urls": [ + "https://repo1.maven.org/maven2/org/apache/maven/maven-artifact/3.8.6/maven-artifact-3.8.6.jar", + "https://maven.google.com/org/apache/maven/maven-artifact/3.8.6/maven-artifact-3.8.6.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/org/apache/maven/maven-artifact/3.8.6/maven-artifact-3.8.6.jar" + } + }, + "org_apache_httpcomponents_httpclient_4_5_13": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "6fe9026a566c6a5001608cf3fc32196641f6c1e5e1986d1037ccdbd5f31ef743", + "urls": [ + "https://repo1.maven.org/maven2/org/apache/httpcomponents/httpclient/4.5.13/httpclient-4.5.13.jar", + "https://maven.google.com/org/apache/httpcomponents/httpclient/4.5.13/httpclient-4.5.13.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/org/apache/httpcomponents/httpclient/4.5.13/httpclient-4.5.13.jar" + } + }, + "com_google_guava_listenablefuture_9999_0_empty_to_avoid_conflict_with_guava": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "b372a037d4230aa57fbeffdef30fd6123f9c0c2db85d0aced00c91b974f33f99", + "urls": [ + "https://repo1.maven.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar", + "https://maven.google.com/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar" + } + }, + "com_google_http_client_google_http_client_1_38_0": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "411f4a42519b6b78bdc0fcfdf74c9edcef0ee97afa4a667abe04045a508d6302", + "urls": [ + "https://repo1.maven.org/maven2/com/google/http-client/google-http-client/1.38.0/google-http-client-1.38.0.jar", + "https://maven.google.com/com/google/http-client/google-http-client/1.38.0/google-http-client-1.38.0.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/http-client/google-http-client/1.38.0/google-http-client-1.38.0.jar" + } + }, + "software_amazon_awssdk_apache_client_2_17_183": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "78ceae502fce6a97bbe5ff8f6a010a52ab7ea3ae66cb1a4122e18185fce45022", + "urls": [ + "https://repo1.maven.org/maven2/software/amazon/awssdk/apache-client/2.17.183/apache-client-2.17.183.jar", + "https://maven.google.com/software/amazon/awssdk/apache-client/2.17.183/apache-client-2.17.183.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/apache-client/2.17.183/apache-client-2.17.183.jar" + } + }, + "software_amazon_awssdk_arns_2_17_183": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "659a185e191d66c71de81209490e66abeaccae208ea7b2831a738670823447aa", + "urls": [ + "https://repo1.maven.org/maven2/software/amazon/awssdk/arns/2.17.183/arns-2.17.183.jar", + "https://maven.google.com/software/amazon/awssdk/arns/2.17.183/arns-2.17.183.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/arns/2.17.183/arns-2.17.183.jar" + } + }, + "com_google_code_gson_gson_2_9_0": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "c96d60551331a196dac54b745aa642cd078ef89b6f267146b705f2c2cbef052d", + "urls": [ + "https://repo1.maven.org/maven2/com/google/code/gson/gson/2.9.0/gson-2.9.0.jar", + "https://maven.google.com/com/google/code/gson/gson/2.9.0/gson-2.9.0.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/code/gson/gson/2.9.0/gson-2.9.0.jar" + } + }, + "io_netty_netty_buffer_4_1_72_Final": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "568ff7cd9d8e2284ec980730c88924f686642929f8f219a74518b4e64755f3a1", + "urls": [ + "https://repo1.maven.org/maven2/io/netty/netty-buffer/4.1.72.Final/netty-buffer-4.1.72.Final.jar", + "https://maven.google.com/io/netty/netty-buffer/4.1.72.Final/netty-buffer-4.1.72.Final.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/io/netty/netty-buffer/4.1.72.Final/netty-buffer-4.1.72.Final.jar" + } + }, + "com_google_code_findbugs_jsr305_3_0_2": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7", + "urls": [ + "https://repo1.maven.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar", + "https://maven.google.com/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar" + } + }, + "commons_codec_commons_codec_1_11": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "e599d5318e97aa48f42136a2927e6dfa4e8881dff0e6c8e3109ddbbff51d7b7d", + "urls": [ + "https://repo1.maven.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.jar", + "https://maven.google.com/commons-codec/commons-codec/1.11/commons-codec-1.11.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.jar" + } + }, + "software_amazon_awssdk_auth_2_17_183": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "8820c6636e5c14efc29399fb5565ce50212b0c1f4ed720a025a2c402d54e0978", + "urls": [ + "https://repo1.maven.org/maven2/software/amazon/awssdk/auth/2.17.183/auth-2.17.183.jar", + "https://maven.google.com/software/amazon/awssdk/auth/2.17.183/auth-2.17.183.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/auth/2.17.183/auth-2.17.183.jar" + } + }, + "software_amazon_awssdk_json_utils_2_17_183": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "51ab7f550adc06afcb49f5270cdf690f1bfaaee243abaa5d978095e2a1e4e1a5", + "urls": [ + "https://repo1.maven.org/maven2/software/amazon/awssdk/json-utils/2.17.183/json-utils-2.17.183.jar", + "https://maven.google.com/software/amazon/awssdk/json-utils/2.17.183/json-utils-2.17.183.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/json-utils/2.17.183/json-utils-2.17.183.jar" + } + }, + "org_codehaus_plexus_plexus_utils_3_3_1": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "4b570fcdbe5a894f249d2eb9b929358a9c88c3e548d227a80010461930222f2a", + "urls": [ + "https://repo1.maven.org/maven2/org/codehaus/plexus/plexus-utils/3.3.1/plexus-utils-3.3.1.jar", + "https://maven.google.com/org/codehaus/plexus/plexus-utils/3.3.1/plexus-utils-3.3.1.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/org/codehaus/plexus/plexus-utils/3.3.1/plexus-utils-3.3.1.jar" + } + }, + "com_google_protobuf_protobuf_java_util_3_13_0": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "d9de66b8c9445905dfa7064f6d5213d47ce88a20d34e21d83c4a94a229e14e62", + "urls": [ + "https://repo1.maven.org/maven2/com/google/protobuf/protobuf-java-util/3.13.0/protobuf-java-util-3.13.0.jar", + "https://maven.google.com/com/google/protobuf/protobuf-java-util/3.13.0/protobuf-java-util-3.13.0.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/protobuf/protobuf-java-util/3.13.0/protobuf-java-util-3.13.0.jar" + } + }, + "io_netty_netty_codec_4_1_72_Final": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "5d8591ca271a1e9c224e8de3873aa9936acb581ee0db514e7dc18523df36d16c", + "urls": [ + "https://repo1.maven.org/maven2/io/netty/netty-codec/4.1.72.Final/netty-codec-4.1.72.Final.jar", + "https://maven.google.com/io/netty/netty-codec/4.1.72.Final/netty-codec-4.1.72.Final.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/io/netty/netty-codec/4.1.72.Final/netty-codec-4.1.72.Final.jar" + } + }, + "com_google_protobuf_protobuf_java_3_13_0": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "97d5b2758408690c0dc276238707492a0b6a4d71206311b6c442cdc26c5973ff", + "urls": [ + "https://repo1.maven.org/maven2/com/google/protobuf/protobuf-java/3.13.0/protobuf-java-3.13.0.jar", + "https://maven.google.com/com/google/protobuf/protobuf-java/3.13.0/protobuf-java-3.13.0.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/protobuf/protobuf-java/3.13.0/protobuf-java-3.13.0.jar" + } + }, + "io_netty_netty_tcnative_classes_2_0_46_Final": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "d3ec888dcc4ac7915bf88b417c5e04fd354f4311032a748a6882df09347eed9a", + "urls": [ + "https://repo1.maven.org/maven2/io/netty/netty-tcnative-classes/2.0.46.Final/netty-tcnative-classes-2.0.46.Final.jar", + "https://maven.google.com/io/netty/netty-tcnative-classes/2.0.46.Final/netty-tcnative-classes-2.0.46.Final.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/io/netty/netty-tcnative-classes/2.0.46.Final/netty-tcnative-classes-2.0.46.Final.jar" + } + }, + "software_amazon_awssdk_sdk_core_2_17_183": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "677e9cc90fdd82c1f40f97b99cb115b13ad6c3f58beeeab1c061af6954d64c77", + "urls": [ + "https://repo1.maven.org/maven2/software/amazon/awssdk/sdk-core/2.17.183/sdk-core-2.17.183.jar", + "https://maven.google.com/software/amazon/awssdk/sdk-core/2.17.183/sdk-core-2.17.183.jar" + ], + "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/sdk-core/2.17.183/sdk-core-2.17.183.jar" + } + } + }, + "recordedRepoMappingEntries": [ + [ + "rules_jvm_external~", + "bazel_tools", + "bazel_tools" + ], + [ + "rules_jvm_external~", + "rules_jvm_external", + "rules_jvm_external~" + ] + ] + } + }, + "@@rules_jvm_external~//:non-module-deps.bzl%non_module_deps": { + "general": { + "bzlTransitiveDigest": "DqBh3ObkOvjDFKv8VTy6J2qr7hXsJm9/sES7bha7ftA=", + "recordedFileInputs": {}, + "recordedDirentsInputs": {}, + "envVariables": {}, + "generatedRepoSpecs": { + "io_bazel_rules_kotlin": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "sha256": "946747acdbeae799b085d12b240ec346f775ac65236dfcf18aa0cd7300f6de78", + "urls": [ + "https://github.com/bazelbuild/rules_kotlin/releases/download/v1.7.0-RC-2/rules_kotlin_release.tgz" + ] + } + } + }, + "recordedRepoMappingEntries": [ + [ + "rules_jvm_external~", + "bazel_tools", + "bazel_tools" + ] + ] + } + }, + "@@rules_python~//python/extensions:pip.bzl%pip": { + "os:linux,arch:amd64": { + "bzlTransitiveDigest": "dyCt516XDheT5wnkhpmpN4dKabDEihQg5aGzOQfAFw0=", + "recordedFileInputs": { + "@@rules_python~//tools/publish/requirements.txt": "8ced1e640eab3ee44298590e5ad88cd612f5bf96245af1981709f7a8884a982b" + }, + "recordedDirentsInputs": {}, + "envVariables": {}, + "generatedRepoSpecs": { + "rules_python_publish_deps_311_keyring": { + "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "filename": "keyring-23.13.1-py3-none-any.whl", + "isolated": true, + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "quiet": true, + "repo": "rules_python_publish_deps_311", + "requirement": "keyring==23.13.1", + "sha256": "771ed2a91909389ed6148631de678f82ddc73737d85a927f382a8a1b157898cd", + "timeout": 600, + "urls": [ + "https://files.pythonhosted.org/packages/62/db/0e9a09b2b95986dcd73ac78be6ed2bd73ebe8bac65cba7add5b83eb9d899/keyring-23.13.1-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_more_itertools": { + "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "filename": "more_itertools-9.0.0-py3-none-any.whl", + "isolated": true, + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "quiet": true, + "repo": "rules_python_publish_deps_311", + "requirement": "more-itertools==9.0.0", + "sha256": "250e83d7e81d0c87ca6bd942e6aeab8cc9daa6096d12c5308f3f92fa5e5c1f41", + "timeout": 600, + "urls": [ + "https://files.pythonhosted.org/packages/5d/87/1ec3fcc09d2c04b977eabf8a1083222f82eaa2f46d5a4f85f403bf8e7b30/more_itertools-9.0.0-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_rich": { + "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "filename": "rich-13.2.0-py3-none-any.whl", + "isolated": true, + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "quiet": true, + "repo": "rules_python_publish_deps_311", + "requirement": "rich==13.2.0", + "sha256": "7c963f0d03819221e9ac561e1bc866e3f95a02248c1234daa48954e6d381c003", + "timeout": 600, + "urls": [ + "https://files.pythonhosted.org/packages/0e/cf/a6369a2aee266c2d7604230f083d4bd14b8f69bc69eb25b3da63b9f2f853/rich-13.2.0-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_importlib_metadata": { + "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "filename": "importlib_metadata-6.0.0-py3-none-any.whl", + "isolated": true, + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "quiet": true, + "repo": "rules_python_publish_deps_311", + "requirement": "importlib-metadata==6.0.0", + "sha256": "7efb448ec9a5e313a57655d35aa54cd3e01b7e1fbcf72dce1bf06119420f5bad", + "timeout": 600, + "urls": [ + "https://files.pythonhosted.org/packages/26/a7/9da7d5b23fc98ab3d424ac2c65613d63c1f401efb84ad50f2fa27b2caab4/importlib_metadata-6.0.0-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_secretstorage": { + "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "filename": "SecretStorage-3.3.3-py3-none-any.whl", + "isolated": true, + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "quiet": true, + "repo": "rules_python_publish_deps_311", + "requirement": "secretstorage==3.3.3", + "sha256": "f356e6628222568e3af06f2eba8df495efa13b3b63081dafd4f7d9a7b7bc9f99", + "timeout": 600, + "urls": [ + "https://files.pythonhosted.org/packages/54/24/b4293291fa1dd830f353d2cb163295742fa87f179fcc8a20a306a81978b7/SecretStorage-3.3.3-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_urllib3": { + "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "filename": "urllib3-1.26.14-py2.py3-none-any.whl", + "isolated": true, + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "quiet": true, + "repo": "rules_python_publish_deps_311", + "requirement": "urllib3==1.26.14", + "sha256": "75edcdc2f7d85b137124a6c3c9fc3933cdeaa12ecb9a6a959f22797a0feca7e1", + "timeout": 600, + "urls": [ + "https://files.pythonhosted.org/packages/fe/ca/466766e20b767ddb9b951202542310cba37ea5f2d792dae7589f1741af58/urllib3-1.26.14-py2.py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_mdurl": { + "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "filename": "mdurl-0.1.2-py3-none-any.whl", + "isolated": true, + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "quiet": true, + "repo": "rules_python_publish_deps_311", + "requirement": "mdurl==0.1.2", + "sha256": "84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8", + "timeout": 600, + "urls": [ + "https://files.pythonhosted.org/packages/b3/38/89ba8ad64ae25be8de66a6d463314cf1eb366222074cfda9ee839c56a4b4/mdurl-0.1.2-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_readme_renderer": { + "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "filename": "readme_renderer-37.3-py3-none-any.whl", + "isolated": true, + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "quiet": true, + "repo": "rules_python_publish_deps_311", + "requirement": "readme-renderer==37.3", + "sha256": "f67a16caedfa71eef48a31b39708637a6f4664c4394801a7b0d6432d13907343", + "timeout": 600, + "urls": [ + "https://files.pythonhosted.org/packages/97/52/fd8a77d6f0a9ddeb26ed8fb334e01ac546106bf0c5b8e40dc826c5bd160f/readme_renderer-37.3-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_markdown_it_py": { + "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "filename": "markdown_it_py-2.1.0-py3-none-any.whl", + "isolated": true, + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "quiet": true, + "repo": "rules_python_publish_deps_311", + "requirement": "markdown-it-py==2.1.0", + "sha256": "93de681e5c021a432c63147656fe21790bc01231e0cd2da73626f1aa3ac0fe27", + "timeout": 600, + "urls": [ + "https://files.pythonhosted.org/packages/f9/3f/ecd1b708973b9a3e4574b43cffc1ce8eb98696da34f1a1c44a68c3c0d737/markdown_it_py-2.1.0-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_zipp": { + "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "filename": "zipp-3.11.0-py3-none-any.whl", + "isolated": true, + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "quiet": true, + "repo": "rules_python_publish_deps_311", + "requirement": "zipp==3.11.0", + "sha256": "83a28fcb75844b5c0cdaf5aa4003c2d728c77e05f5aeabe8e95e56727005fbaa", + "timeout": 600, + "urls": [ + "https://files.pythonhosted.org/packages/d8/20/256eb3f3f437c575fb1a2efdce5e801a5ce3162ea8117da96c43e6ee97d8/zipp-3.11.0-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_certifi": { + "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "filename": "certifi-2022.12.7-py3-none-any.whl", + "isolated": true, + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "quiet": true, + "repo": "rules_python_publish_deps_311", + "requirement": "certifi==2022.12.7", + "sha256": "4ad3232f5e926d6718ec31cfc1fcadfde020920e278684144551c91769c7bc18", + "timeout": 600, + "urls": [ + "https://files.pythonhosted.org/packages/71/4c/3db2b8021bd6f2f0ceb0e088d6b2d49147671f25832fb17970e9b583d742/certifi-2022.12.7-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_bleach": { + "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "filename": "bleach-6.0.0-py3-none-any.whl", + "isolated": true, + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "quiet": true, + "repo": "rules_python_publish_deps_311", + "requirement": "bleach==6.0.0", + "sha256": "33c16e3353dbd13028ab4799a0f89a83f113405c766e9c122df8a06f5b85b3f4", + "timeout": 600, + "urls": [ + "https://files.pythonhosted.org/packages/ac/e2/dfcab68c9b2e7800c8f06b85c76e5f978d05b195a958daa9b1dda54a1db6/bleach-6.0.0-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_pycparser": { + "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "filename": "pycparser-2.21-py2.py3-none-any.whl", + "isolated": true, + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "quiet": true, + "repo": "rules_python_publish_deps_311", + "requirement": "pycparser==2.21", + "sha256": "8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9", + "timeout": 600, + "urls": [ + "https://files.pythonhosted.org/packages/62/d5/5f610ebe421e85889f2e55e33b7f9a6795bd982198517d912eb1c76e1a53/pycparser-2.21-py2.py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_requests": { + "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "filename": "requests-2.28.2-py3-none-any.whl", + "isolated": true, + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "quiet": true, + "repo": "rules_python_publish_deps_311", + "requirement": "requests==2.28.2", + "sha256": "64299f4909223da747622c030b781c0d7811e359c37124b4bd368fb8c6518baa", + "timeout": 600, + "urls": [ + "https://files.pythonhosted.org/packages/d2/f4/274d1dbe96b41cf4e0efb70cbced278ffd61b5c7bb70338b62af94ccb25b/requests-2.28.2-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_idna": { + "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "filename": "idna-3.4-py3-none-any.whl", + "isolated": true, + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "quiet": true, + "repo": "rules_python_publish_deps_311", + "requirement": "idna==3.4", + "sha256": "90b77e79eaa3eba6de819a0c442c0b4ceefc341a7a2ab77d7562bf49f425c5c2", + "timeout": 600, + "urls": [ + "https://files.pythonhosted.org/packages/fc/34/3030de6f1370931b9dbb4dad48f6ab1015ab1d32447850b9fc94e60097be/idna-3.4-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_jeepney": { + "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "filename": "jeepney-0.8.0-py3-none-any.whl", + "isolated": true, + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "quiet": true, + "repo": "rules_python_publish_deps_311", + "requirement": "jeepney==0.8.0", + "sha256": "c0a454ad016ca575060802ee4d590dd912e35c122fa04e70306de3d076cce755", + "timeout": 600, + "urls": [ + "https://files.pythonhosted.org/packages/ae/72/2a1e2290f1ab1e06f71f3d0f1646c9e4634e70e1d37491535e19266e8dc9/jeepney-0.8.0-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_docutils": { + "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "filename": "docutils-0.19-py3-none-any.whl", + "isolated": true, + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "quiet": true, + "repo": "rules_python_publish_deps_311", + "requirement": "docutils==0.19", + "sha256": "5e1de4d849fee02c63b040a4a3fd567f4ab104defd8a5511fbbc24a8a017efbc", + "timeout": 600, + "urls": [ + "https://files.pythonhosted.org/packages/93/69/e391bd51bc08ed9141ecd899a0ddb61ab6465309f1eb470905c0c8868081/docutils-0.19-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_webencodings": { + "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "filename": "webencodings-0.5.1-py2.py3-none-any.whl", + "isolated": true, + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "quiet": true, + "repo": "rules_python_publish_deps_311", + "requirement": "webencodings==0.5.1", + "sha256": "a0af1213f3c2226497a97e2b3aa01a7e4bee4f403f95be16fc9acd2947514a78", + "timeout": 600, + "urls": [ + "https://files.pythonhosted.org/packages/f4/24/2a3e3df732393fed8b3ebf2ec078f05546de641fe1b667ee316ec1dcf3b7/webencodings-0.5.1-py2.py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_rfc3986": { + "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "filename": "rfc3986-2.0.0-py2.py3-none-any.whl", + "isolated": true, + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "quiet": true, + "repo": "rules_python_publish_deps_311", + "requirement": "rfc3986==2.0.0", + "sha256": "50b1502b60e289cb37883f3dfd34532b8873c7de9f49bb546641ce9cbd256ebd", + "timeout": 600, + "urls": [ + "https://files.pythonhosted.org/packages/ff/9a/9afaade874b2fa6c752c36f1548f718b5b83af81ed9b76628329dab81c1b/rfc3986-2.0.0-py2.py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_cryptography": { + "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "filename": "cryptography-41.0.6-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", + "isolated": true, + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "quiet": true, + "repo": "rules_python_publish_deps_311", + "requirement": "cryptography==41.0.6", + "sha256": "da46e2b5df770070412c46f87bac0849b8d685c5f2679771de277a422c7d0b86", + "timeout": 600, + "urls": [ + "https://files.pythonhosted.org/packages/ce/4e/54960380dda23ceb2027500e568aeafd6f06ce031847d7f2d3157f2bd12b/cryptography-41.0.6-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl" + ] + } + }, + "rules_python_publish_deps_311_requests_toolbelt": { + "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "filename": "requests_toolbelt-0.10.1-py2.py3-none-any.whl", + "isolated": true, + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "quiet": true, + "repo": "rules_python_publish_deps_311", + "requirement": "requests-toolbelt==0.10.1", + "sha256": "18565aa58116d9951ac39baa288d3adb5b3ff975c4f25eee78555d89e8f247f7", + "timeout": 600, + "urls": [ + "https://files.pythonhosted.org/packages/05/d3/bf87a36bff1cb88fd30a509fd366c70ec30676517ee791b2f77e0e29817a/requests_toolbelt-0.10.1-py2.py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_pygments": { + "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "filename": "Pygments-2.14.0-py3-none-any.whl", + "isolated": true, + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "quiet": true, + "repo": "rules_python_publish_deps_311", + "requirement": "pygments==2.14.0", + "sha256": "fa7bd7bd2771287c0de303af8bfdfc731f51bd2c6a47ab69d117138893b82717", + "timeout": 600, + "urls": [ + "https://files.pythonhosted.org/packages/0b/42/d9d95cc461f098f204cd20c85642ae40fbff81f74c300341b8d0e0df14e0/Pygments-2.14.0-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_jaraco_classes": { + "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "filename": "jaraco.classes-3.2.3-py3-none-any.whl", + "isolated": true, + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "quiet": true, + "repo": "rules_python_publish_deps_311", + "requirement": "jaraco-classes==3.2.3", + "sha256": "2353de3288bc6b82120752201c6b1c1a14b058267fa424ed5ce5984e3b922158", + "timeout": 600, + "urls": [ + "https://files.pythonhosted.org/packages/60/28/220d3ae0829171c11e50dded4355d17824d60895285631d7eb9dee0ab5e5/jaraco.classes-3.2.3-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_twine": { + "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "filename": "twine-4.0.2-py3-none-any.whl", + "isolated": true, + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "quiet": true, + "repo": "rules_python_publish_deps_311", + "requirement": "twine==4.0.2", + "sha256": "929bc3c280033347a00f847236564d1c52a3e61b1ac2516c97c48f3ceab756d8", + "timeout": 600, + "urls": [ + "https://files.pythonhosted.org/packages/3a/38/a3f27a9e8ce45523d7d1e28c09e9085b61a98dab15d35ec086f36a44b37c/twine-4.0.2-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_six": { + "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "filename": "six-1.16.0-py2.py3-none-any.whl", + "isolated": true, + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "quiet": true, + "repo": "rules_python_publish_deps_311", + "requirement": "six==1.16.0", + "sha256": "8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254", + "timeout": 600, + "urls": [ + "https://files.pythonhosted.org/packages/d9/5a/e7c31adbe875f2abbb91bd84cf2dc52d792b5a01506781dbcf25c91daf11/six-1.16.0-py2.py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_pkginfo": { + "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "filename": "pkginfo-1.9.6-py3-none-any.whl", + "isolated": true, + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "quiet": true, + "repo": "rules_python_publish_deps_311", + "requirement": "pkginfo==1.9.6", + "sha256": "4b7a555a6d5a22169fcc9cf7bfd78d296b0361adad412a346c1226849af5e546", + "timeout": 600, + "urls": [ + "https://files.pythonhosted.org/packages/b3/f2/6e95c86a23a30fa205ea6303a524b20cbae27fbee69216377e3d95266406/pkginfo-1.9.6-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_charset_normalizer": { + "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "filename": "charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", + "isolated": true, + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "quiet": true, + "repo": "rules_python_publish_deps_311", + "requirement": "charset-normalizer==3.0.1", + "sha256": "79909e27e8e4fcc9db4addea88aa63f6423ebb171db091fb4373e3312cb6d603", + "timeout": 600, + "urls": [ + "https://files.pythonhosted.org/packages/d9/7a/60d45c9453212b30eebbf8b5cddbdef330eebddfcf335bce7920c43fb72e/charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl" + ] + } + }, + "rules_python_publish_deps_311_cffi": { + "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "filename": "cffi-1.15.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", + "isolated": true, + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "quiet": true, + "repo": "rules_python_publish_deps_311", + "requirement": "cffi==1.15.1", + "sha256": "94411f22c3985acaec6f83c6df553f2dbe17b698cc7f8ae751ff2237d96b9e3c", + "timeout": 600, + "urls": [ + "https://files.pythonhosted.org/packages/37/5a/c37631a86be838bdd84cc0259130942bf7e6e32f70f4cab95f479847fb91/cffi-1.15.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl" + ] + } + }, + "rules_python_publish_deps": { + "bzlFile": "@@rules_python~//python/private/bzlmod:pip_repository.bzl", + "ruleClassName": "pip_repository", + "attributes": { + "repo_name": "rules_python_publish_deps", + "whl_map": { + "bleach": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_bleach\",\"version\":\"3.11\"}]", + "certifi": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_certifi\",\"version\":\"3.11\"}]", + "cffi": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_cffi\",\"version\":\"3.11\"}]", + "charset_normalizer": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_charset_normalizer\",\"version\":\"3.11\"}]", + "cryptography": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_cryptography\",\"version\":\"3.11\"}]", + "docutils": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_docutils\",\"version\":\"3.11\"}]", + "idna": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_idna\",\"version\":\"3.11\"}]", + "importlib_metadata": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_importlib_metadata\",\"version\":\"3.11\"}]", + "jaraco_classes": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_jaraco_classes\",\"version\":\"3.11\"}]", + "jeepney": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_jeepney\",\"version\":\"3.11\"}]", + "keyring": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_keyring\",\"version\":\"3.11\"}]", + "markdown_it_py": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_markdown_it_py\",\"version\":\"3.11\"}]", + "mdurl": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_mdurl\",\"version\":\"3.11\"}]", + "more_itertools": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_more_itertools\",\"version\":\"3.11\"}]", + "pkginfo": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_pkginfo\",\"version\":\"3.11\"}]", + "pycparser": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_pycparser\",\"version\":\"3.11\"}]", + "pygments": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_pygments\",\"version\":\"3.11\"}]", + "readme_renderer": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_readme_renderer\",\"version\":\"3.11\"}]", + "requests": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_requests\",\"version\":\"3.11\"}]", + "requests_toolbelt": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_requests_toolbelt\",\"version\":\"3.11\"}]", + "rfc3986": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_rfc3986\",\"version\":\"3.11\"}]", + "rich": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_rich\",\"version\":\"3.11\"}]", + "secretstorage": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_secretstorage\",\"version\":\"3.11\"}]", + "six": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_six\",\"version\":\"3.11\"}]", + "twine": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_twine\",\"version\":\"3.11\"}]", + "urllib3": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_urllib3\",\"version\":\"3.11\"}]", + "webencodings": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_webencodings\",\"version\":\"3.11\"}]", + "zipp": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_zipp\",\"version\":\"3.11\"}]" + }, + "default_version": "3.11", + "groups": {} + } + } + }, + "recordedRepoMappingEntries": [ + [ + "bazel_features~", + "bazel_features_globals", + "bazel_features~~version_extension~bazel_features_globals" + ], + [ + "bazel_features~", + "bazel_features_version", + "bazel_features~~version_extension~bazel_features_version" + ], + [ + "rules_python~", + "bazel_features", + "bazel_features~" + ], + [ + "rules_python~", + "bazel_skylib", + "bazel_skylib~" + ], + [ + "rules_python~", + "bazel_tools", + "bazel_tools" + ], + [ + "rules_python~", + "pypi__build", + "rules_python~~internal_deps~pypi__build" + ], + [ + "rules_python~", + "pypi__click", + "rules_python~~internal_deps~pypi__click" + ], + [ + "rules_python~", + "pypi__colorama", + "rules_python~~internal_deps~pypi__colorama" + ], + [ + "rules_python~", + "pypi__importlib_metadata", + "rules_python~~internal_deps~pypi__importlib_metadata" + ], + [ + "rules_python~", + "pypi__installer", + "rules_python~~internal_deps~pypi__installer" + ], + [ + "rules_python~", + "pypi__more_itertools", + "rules_python~~internal_deps~pypi__more_itertools" + ], + [ + "rules_python~", + "pypi__packaging", + "rules_python~~internal_deps~pypi__packaging" + ], + [ + "rules_python~", + "pypi__pep517", + "rules_python~~internal_deps~pypi__pep517" + ], + [ + "rules_python~", + "pypi__pip", + "rules_python~~internal_deps~pypi__pip" + ], + [ + "rules_python~", + "pypi__pip_tools", + "rules_python~~internal_deps~pypi__pip_tools" + ], + [ + "rules_python~", + "pypi__pyproject_hooks", + "rules_python~~internal_deps~pypi__pyproject_hooks" + ], + [ + "rules_python~", + "pypi__setuptools", + "rules_python~~internal_deps~pypi__setuptools" + ], + [ + "rules_python~", + "pypi__tomli", + "rules_python~~internal_deps~pypi__tomli" + ], + [ + "rules_python~", + "pypi__wheel", + "rules_python~~internal_deps~pypi__wheel" + ], + [ + "rules_python~", + "pypi__zipp", + "rules_python~~internal_deps~pypi__zipp" + ], + [ + "rules_python~", + "pythons_hub", + "rules_python~~python~pythons_hub" + ], + [ + "rules_python~~python~pythons_hub", + "python_3_11_host", + "rules_python~~python~python_3_11_host" + ], + [ + "rules_python~~python~pythons_hub", + "python_3_11_x86_64-unknown-linux-gnu", + "rules_python~~python~python_3_11_x86_64-unknown-linux-gnu" + ] + ] + } + }, + "@@rules_python~//python/extensions:python.bzl%python": { + "general": { + "bzlTransitiveDigest": "QIgyqZIIKqo2p1U8K64RdUfCLCKWDVsrlc/GfE1CJho=", + "recordedFileInputs": {}, + "recordedDirentsInputs": {}, + "envVariables": {}, + "generatedRepoSpecs": { + "python_3_11_s390x-unknown-linux-gnu": { + "bzlFile": "@@rules_python~//python:repositories.bzl", + "ruleClassName": "python_repository", + "attributes": { + "sha256": "3f7a0dd64fa292977c4da09e865ee504a48e55dbc2dbfd9ff4b991af891e4446", + "patches": [], + "platform": "s390x-unknown-linux-gnu", + "python_version": "3.11.9", + "release_filename": "20240415/cpython-3.11.9+20240415-s390x-unknown-linux-gnu-install_only.tar.gz", + "urls": [ + "https://github.com/indygreg/python-build-standalone/releases/download/20240415/cpython-3.11.9+20240415-s390x-unknown-linux-gnu-install_only.tar.gz" + ], + "distutils_content": "", + "strip_prefix": "python", + "coverage_tool": "", + "ignore_root_user_error": false + } + }, + "python_3_11_host": { + "bzlFile": "@@rules_python~//python/private:toolchains_repo.bzl", + "ruleClassName": "host_toolchain", + "attributes": { + "python_version": "3.11.9", + "user_repository_name": "python_3_11", + "platforms": [ + "aarch64-apple-darwin", + "aarch64-unknown-linux-gnu", + "ppc64le-unknown-linux-gnu", + "s390x-unknown-linux-gnu", + "x86_64-apple-darwin", + "x86_64-pc-windows-msvc", + "x86_64-unknown-linux-gnu" + ] + } + }, + "python_3_11": { + "bzlFile": "@@rules_python~//python/private:toolchains_repo.bzl", + "ruleClassName": "toolchain_aliases", + "attributes": { + "python_version": "3.11.9", + "user_repository_name": "python_3_11", + "platforms": [ + "aarch64-apple-darwin", + "aarch64-unknown-linux-gnu", + "ppc64le-unknown-linux-gnu", + "s390x-unknown-linux-gnu", + "x86_64-apple-darwin", + "x86_64-pc-windows-msvc", + "x86_64-unknown-linux-gnu" + ] + } + }, + "python_3_11_aarch64-unknown-linux-gnu": { + "bzlFile": "@@rules_python~//python:repositories.bzl", + "ruleClassName": "python_repository", + "attributes": { + "sha256": "b3a7199ac2615d75fb906e5ba556432efcf24baf8651fc70370d9f052d4069ee", + "patches": [], + "platform": "aarch64-unknown-linux-gnu", + "python_version": "3.11.9", + "release_filename": "20240415/cpython-3.11.9+20240415-aarch64-unknown-linux-gnu-install_only.tar.gz", + "urls": [ + "https://github.com/indygreg/python-build-standalone/releases/download/20240415/cpython-3.11.9+20240415-aarch64-unknown-linux-gnu-install_only.tar.gz" + ], + "distutils_content": "", + "strip_prefix": "python", + "coverage_tool": "", + "ignore_root_user_error": false + } + }, + "python_3_11_aarch64-apple-darwin": { + "bzlFile": "@@rules_python~//python:repositories.bzl", + "ruleClassName": "python_repository", + "attributes": { + "sha256": "7af7058f7c268b4d87ed7e08c2c7844ef8460863b3e679db3afdce8bb1eedfae", + "patches": [], + "platform": "aarch64-apple-darwin", + "python_version": "3.11.9", + "release_filename": "20240415/cpython-3.11.9+20240415-aarch64-apple-darwin-install_only.tar.gz", + "urls": [ + "https://github.com/indygreg/python-build-standalone/releases/download/20240415/cpython-3.11.9+20240415-aarch64-apple-darwin-install_only.tar.gz" + ], + "distutils_content": "", + "strip_prefix": "python", + "coverage_tool": "", + "ignore_root_user_error": false + } + }, + "python_3_11_ppc64le-unknown-linux-gnu": { + "bzlFile": "@@rules_python~//python:repositories.bzl", + "ruleClassName": "python_repository", + "attributes": { + "sha256": "03f62d1e2d400c9662cdd12ae33a6f328c34ae8e2b872f8563a144834742bd6a", + "patches": [], + "platform": "ppc64le-unknown-linux-gnu", + "python_version": "3.11.9", + "release_filename": "20240415/cpython-3.11.9+20240415-ppc64le-unknown-linux-gnu-install_only.tar.gz", + "urls": [ + "https://github.com/indygreg/python-build-standalone/releases/download/20240415/cpython-3.11.9+20240415-ppc64le-unknown-linux-gnu-install_only.tar.gz" + ], + "distutils_content": "", + "strip_prefix": "python", + "coverage_tool": "", + "ignore_root_user_error": false + } + }, + "python_3_11_x86_64-apple-darwin": { + "bzlFile": "@@rules_python~//python:repositories.bzl", + "ruleClassName": "python_repository", + "attributes": { + "sha256": "9afd734f63a23783cf0257bef25c9231ffc80e7747486dc54cf72f325213fd15", + "patches": [], + "platform": "x86_64-apple-darwin", + "python_version": "3.11.9", + "release_filename": "20240415/cpython-3.11.9+20240415-x86_64-apple-darwin-install_only.tar.gz", + "urls": [ + "https://github.com/indygreg/python-build-standalone/releases/download/20240415/cpython-3.11.9+20240415-x86_64-apple-darwin-install_only.tar.gz" + ], + "distutils_content": "", + "strip_prefix": "python", + "coverage_tool": "", + "ignore_root_user_error": false + } + }, + "pythons_hub": { + "bzlFile": "@@rules_python~//python/private/bzlmod:pythons_hub.bzl", + "ruleClassName": "hub_repo", + "attributes": { + "default_python_version": "3.11", + "toolchain_prefixes": [ + "_0000_python_3_11_" + ], + "toolchain_python_versions": [ + "3.11" + ], + "toolchain_set_python_version_constraints": [ + "False" + ], + "toolchain_user_repository_names": [ + "python_3_11" + ] + } + }, + "python_versions": { + "bzlFile": "@@rules_python~//python/private:toolchains_repo.bzl", + "ruleClassName": "multi_toolchain_aliases", + "attributes": { + "python_versions": { + "3.11": "python_3_11" + } + } + }, + "python_3_11_x86_64-pc-windows-msvc": { + "bzlFile": "@@rules_python~//python:repositories.bzl", + "ruleClassName": "python_repository", + "attributes": { + "sha256": "368474c69f476e7de4adaf50b61d9fcf6ec8b4db88cc43c5f71c860b3cd29c69", + "patches": [], + "platform": "x86_64-pc-windows-msvc", + "python_version": "3.11.9", + "release_filename": "20240415/cpython-3.11.9+20240415-x86_64-pc-windows-msvc-shared-install_only.tar.gz", + "urls": [ + "https://github.com/indygreg/python-build-standalone/releases/download/20240415/cpython-3.11.9+20240415-x86_64-pc-windows-msvc-shared-install_only.tar.gz" + ], + "distutils_content": "", + "strip_prefix": "python", + "coverage_tool": "", + "ignore_root_user_error": false + } + }, + "python_3_11_x86_64-unknown-linux-gnu": { + "bzlFile": "@@rules_python~//python:repositories.bzl", + "ruleClassName": "python_repository", + "attributes": { + "sha256": "78b1c16a9fd032997ba92a60f46a64f795cd18ff335659dfdf6096df277b24d5", + "patches": [], + "platform": "x86_64-unknown-linux-gnu", + "python_version": "3.11.9", + "release_filename": "20240415/cpython-3.11.9+20240415-x86_64-unknown-linux-gnu-install_only.tar.gz", + "urls": [ + "https://github.com/indygreg/python-build-standalone/releases/download/20240415/cpython-3.11.9+20240415-x86_64-unknown-linux-gnu-install_only.tar.gz" + ], + "distutils_content": "", + "strip_prefix": "python", + "coverage_tool": "", + "ignore_root_user_error": false + } + } + }, + "recordedRepoMappingEntries": [ + [ + "rules_python~", + "bazel_skylib", + "bazel_skylib~" + ], + [ + "rules_python~", + "bazel_tools", + "bazel_tools" + ] + ] + } + }, + "@@rules_python~//python/private/bzlmod:internal_deps.bzl%internal_deps": { + "general": { + "bzlTransitiveDigest": "fDqhuyt2dROfO6qL4WlobPgyJCNlwP0fPCgW6fEpFMg=", + "recordedFileInputs": {}, + "recordedDirentsInputs": {}, + "envVariables": {}, + "generatedRepoSpecs": { + "pypi__wheel": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "url": "https://files.pythonhosted.org/packages/b8/8b/31273bf66016be6ad22bb7345c37ff350276cfd46e389a0c2ac5da9d9073/wheel-0.41.2-py3-none-any.whl", + "sha256": "75909db2664838d015e3d9139004ee16711748a52c8f336b52882266540215d8", + "type": "zip", + "build_file_content": "package(default_visibility = [\"//visibility:public\"])\n\nload(\"@rules_python//python:defs.bzl\", \"py_library\")\n\npy_library(\n name = \"lib\",\n srcs = glob([\"**/*.py\"]),\n data = glob([\"**/*\"], exclude=[\n # These entries include those put into user-installed dependencies by\n # data_exclude in /python/pip_install/tools/bazel.py\n # to avoid non-determinism following pip install's behavior.\n \"**/*.py\",\n \"**/*.pyc\",\n \"**/*.pyc.*\", # During pyc creation, temp files named *.pyc.NNN are created\n \"**/* *\",\n \"**/*.dist-info/RECORD\",\n \"BUILD\",\n \"WORKSPACE\",\n ]),\n # This makes this directory a top-level in the python import\n # search path for anything that depends on this.\n imports = [\".\"],\n)\n" + } + }, + "pypi__click": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "url": "https://files.pythonhosted.org/packages/00/2e/d53fa4befbf2cfa713304affc7ca780ce4fc1fd8710527771b58311a3229/click-8.1.7-py3-none-any.whl", + "sha256": "ae74fb96c20a0277a1d615f1e4d73c8414f5a98db8b799a7931d1582f3390c28", + "type": "zip", + "build_file_content": "package(default_visibility = [\"//visibility:public\"])\n\nload(\"@rules_python//python:defs.bzl\", \"py_library\")\n\npy_library(\n name = \"lib\",\n srcs = glob([\"**/*.py\"]),\n data = glob([\"**/*\"], exclude=[\n # These entries include those put into user-installed dependencies by\n # data_exclude in /python/pip_install/tools/bazel.py\n # to avoid non-determinism following pip install's behavior.\n \"**/*.py\",\n \"**/*.pyc\",\n \"**/*.pyc.*\", # During pyc creation, temp files named *.pyc.NNN are created\n \"**/* *\",\n \"**/*.dist-info/RECORD\",\n \"BUILD\",\n \"WORKSPACE\",\n ]),\n # This makes this directory a top-level in the python import\n # search path for anything that depends on this.\n imports = [\".\"],\n)\n" + } + }, + "pypi__importlib_metadata": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "url": "https://files.pythonhosted.org/packages/cc/37/db7ba97e676af155f5fcb1a35466f446eadc9104e25b83366e8088c9c926/importlib_metadata-6.8.0-py3-none-any.whl", + "sha256": "3ebb78df84a805d7698245025b975d9d67053cd94c79245ba4b3eb694abe68bb", + "type": "zip", + "build_file_content": "package(default_visibility = [\"//visibility:public\"])\n\nload(\"@rules_python//python:defs.bzl\", \"py_library\")\n\npy_library(\n name = \"lib\",\n srcs = glob([\"**/*.py\"]),\n data = glob([\"**/*\"], exclude=[\n # These entries include those put into user-installed dependencies by\n # data_exclude in /python/pip_install/tools/bazel.py\n # to avoid non-determinism following pip install's behavior.\n \"**/*.py\",\n \"**/*.pyc\",\n \"**/*.pyc.*\", # During pyc creation, temp files named *.pyc.NNN are created\n \"**/* *\",\n \"**/*.dist-info/RECORD\",\n \"BUILD\",\n \"WORKSPACE\",\n ]),\n # This makes this directory a top-level in the python import\n # search path for anything that depends on this.\n imports = [\".\"],\n)\n" + } + }, + "pypi__pyproject_hooks": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "url": "https://files.pythonhosted.org/packages/d5/ea/9ae603de7fbb3df820b23a70f6aff92bf8c7770043254ad8d2dc9d6bcba4/pyproject_hooks-1.0.0-py3-none-any.whl", + "sha256": "283c11acd6b928d2f6a7c73fa0d01cb2bdc5f07c57a2eeb6e83d5e56b97976f8", + "type": "zip", + "build_file_content": "package(default_visibility = [\"//visibility:public\"])\n\nload(\"@rules_python//python:defs.bzl\", \"py_library\")\n\npy_library(\n name = \"lib\",\n srcs = glob([\"**/*.py\"]),\n data = glob([\"**/*\"], exclude=[\n # These entries include those put into user-installed dependencies by\n # data_exclude in /python/pip_install/tools/bazel.py\n # to avoid non-determinism following pip install's behavior.\n \"**/*.py\",\n \"**/*.pyc\",\n \"**/*.pyc.*\", # During pyc creation, temp files named *.pyc.NNN are created\n \"**/* *\",\n \"**/*.dist-info/RECORD\",\n \"BUILD\",\n \"WORKSPACE\",\n ]),\n # This makes this directory a top-level in the python import\n # search path for anything that depends on this.\n imports = [\".\"],\n)\n" + } + }, + "pypi__pep517": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "url": "https://files.pythonhosted.org/packages/ee/2f/ef63e64e9429111e73d3d6cbee80591672d16f2725e648ebc52096f3d323/pep517-0.13.0-py3-none-any.whl", + "sha256": "4ba4446d80aed5b5eac6509ade100bff3e7943a8489de249654a5ae9b33ee35b", + "type": "zip", + "build_file_content": "package(default_visibility = [\"//visibility:public\"])\n\nload(\"@rules_python//python:defs.bzl\", \"py_library\")\n\npy_library(\n name = \"lib\",\n srcs = glob([\"**/*.py\"]),\n data = glob([\"**/*\"], exclude=[\n # These entries include those put into user-installed dependencies by\n # data_exclude in /python/pip_install/tools/bazel.py\n # to avoid non-determinism following pip install's behavior.\n \"**/*.py\",\n \"**/*.pyc\",\n \"**/*.pyc.*\", # During pyc creation, temp files named *.pyc.NNN are created\n \"**/* *\",\n \"**/*.dist-info/RECORD\",\n \"BUILD\",\n \"WORKSPACE\",\n ]),\n # This makes this directory a top-level in the python import\n # search path for anything that depends on this.\n imports = [\".\"],\n)\n" + } + }, + "pypi__packaging": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "url": "https://files.pythonhosted.org/packages/ab/c3/57f0601a2d4fe15de7a553c00adbc901425661bf048f2a22dfc500caf121/packaging-23.1-py3-none-any.whl", + "sha256": "994793af429502c4ea2ebf6bf664629d07c1a9fe974af92966e4b8d2df7edc61", + "type": "zip", + "build_file_content": "package(default_visibility = [\"//visibility:public\"])\n\nload(\"@rules_python//python:defs.bzl\", \"py_library\")\n\npy_library(\n name = \"lib\",\n srcs = glob([\"**/*.py\"]),\n data = glob([\"**/*\"], exclude=[\n # These entries include those put into user-installed dependencies by\n # data_exclude in /python/pip_install/tools/bazel.py\n # to avoid non-determinism following pip install's behavior.\n \"**/*.py\",\n \"**/*.pyc\",\n \"**/*.pyc.*\", # During pyc creation, temp files named *.pyc.NNN are created\n \"**/* *\",\n \"**/*.dist-info/RECORD\",\n \"BUILD\",\n \"WORKSPACE\",\n ]),\n # This makes this directory a top-level in the python import\n # search path for anything that depends on this.\n imports = [\".\"],\n)\n" + } + }, + "pypi__pip_tools": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "url": "https://files.pythonhosted.org/packages/0d/dc/38f4ce065e92c66f058ea7a368a9c5de4e702272b479c0992059f7693941/pip_tools-7.4.1-py3-none-any.whl", + "sha256": "4c690e5fbae2f21e87843e89c26191f0d9454f362d8acdbd695716493ec8b3a9", + "type": "zip", + "build_file_content": "package(default_visibility = [\"//visibility:public\"])\n\nload(\"@rules_python//python:defs.bzl\", \"py_library\")\n\npy_library(\n name = \"lib\",\n srcs = glob([\"**/*.py\"]),\n data = glob([\"**/*\"], exclude=[\n # These entries include those put into user-installed dependencies by\n # data_exclude in /python/pip_install/tools/bazel.py\n # to avoid non-determinism following pip install's behavior.\n \"**/*.py\",\n \"**/*.pyc\",\n \"**/*.pyc.*\", # During pyc creation, temp files named *.pyc.NNN are created\n \"**/* *\",\n \"**/*.dist-info/RECORD\",\n \"BUILD\",\n \"WORKSPACE\",\n ]),\n # This makes this directory a top-level in the python import\n # search path for anything that depends on this.\n imports = [\".\"],\n)\n" + } + }, + "pypi__setuptools": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "url": "https://files.pythonhosted.org/packages/4f/ab/0bcfebdfc3bfa8554b2b2c97a555569c4c1ebc74ea288741ea8326c51906/setuptools-68.1.2-py3-none-any.whl", + "sha256": "3d8083eed2d13afc9426f227b24fd1659489ec107c0e86cec2ffdde5c92e790b", + "type": "zip", + "build_file_content": "package(default_visibility = [\"//visibility:public\"])\n\nload(\"@rules_python//python:defs.bzl\", \"py_library\")\n\npy_library(\n name = \"lib\",\n srcs = glob([\"**/*.py\"]),\n data = glob([\"**/*\"], exclude=[\n # These entries include those put into user-installed dependencies by\n # data_exclude in /python/pip_install/tools/bazel.py\n # to avoid non-determinism following pip install's behavior.\n \"**/*.py\",\n \"**/*.pyc\",\n \"**/*.pyc.*\", # During pyc creation, temp files named *.pyc.NNN are created\n \"**/* *\",\n \"**/*.dist-info/RECORD\",\n \"BUILD\",\n \"WORKSPACE\",\n ]),\n # This makes this directory a top-level in the python import\n # search path for anything that depends on this.\n imports = [\".\"],\n)\n" + } + }, + "pypi__zipp": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "url": "https://files.pythonhosted.org/packages/8c/08/d3006317aefe25ea79d3b76c9650afabaf6d63d1c8443b236e7405447503/zipp-3.16.2-py3-none-any.whl", + "sha256": "679e51dd4403591b2d6838a48de3d283f3d188412a9782faadf845f298736ba0", + "type": "zip", + "build_file_content": "package(default_visibility = [\"//visibility:public\"])\n\nload(\"@rules_python//python:defs.bzl\", \"py_library\")\n\npy_library(\n name = \"lib\",\n srcs = glob([\"**/*.py\"]),\n data = glob([\"**/*\"], exclude=[\n # These entries include those put into user-installed dependencies by\n # data_exclude in /python/pip_install/tools/bazel.py\n # to avoid non-determinism following pip install's behavior.\n \"**/*.py\",\n \"**/*.pyc\",\n \"**/*.pyc.*\", # During pyc creation, temp files named *.pyc.NNN are created\n \"**/* *\",\n \"**/*.dist-info/RECORD\",\n \"BUILD\",\n \"WORKSPACE\",\n ]),\n # This makes this directory a top-level in the python import\n # search path for anything that depends on this.\n imports = [\".\"],\n)\n" + } + }, + "pypi__colorama": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "url": "https://files.pythonhosted.org/packages/d1/d6/3965ed04c63042e047cb6a3e6ed1a63a35087b6a609aa3a15ed8ac56c221/colorama-0.4.6-py2.py3-none-any.whl", + "sha256": "4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6", + "type": "zip", + "build_file_content": "package(default_visibility = [\"//visibility:public\"])\n\nload(\"@rules_python//python:defs.bzl\", \"py_library\")\n\npy_library(\n name = \"lib\",\n srcs = glob([\"**/*.py\"]),\n data = glob([\"**/*\"], exclude=[\n # These entries include those put into user-installed dependencies by\n # data_exclude in /python/pip_install/tools/bazel.py\n # to avoid non-determinism following pip install's behavior.\n \"**/*.py\",\n \"**/*.pyc\",\n \"**/*.pyc.*\", # During pyc creation, temp files named *.pyc.NNN are created\n \"**/* *\",\n \"**/*.dist-info/RECORD\",\n \"BUILD\",\n \"WORKSPACE\",\n ]),\n # This makes this directory a top-level in the python import\n # search path for anything that depends on this.\n imports = [\".\"],\n)\n" + } + }, + "pypi__build": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "url": "https://files.pythonhosted.org/packages/e2/03/f3c8ba0a6b6e30d7d18c40faab90807c9bb5e9a1e3b2fe2008af624a9c97/build-1.2.1-py3-none-any.whl", + "sha256": "75e10f767a433d9a86e50d83f418e83efc18ede923ee5ff7df93b6cb0306c5d4", + "type": "zip", + "build_file_content": "package(default_visibility = [\"//visibility:public\"])\n\nload(\"@rules_python//python:defs.bzl\", \"py_library\")\n\npy_library(\n name = \"lib\",\n srcs = glob([\"**/*.py\"]),\n data = glob([\"**/*\"], exclude=[\n # These entries include those put into user-installed dependencies by\n # data_exclude in /python/pip_install/tools/bazel.py\n # to avoid non-determinism following pip install's behavior.\n \"**/*.py\",\n \"**/*.pyc\",\n \"**/*.pyc.*\", # During pyc creation, temp files named *.pyc.NNN are created\n \"**/* *\",\n \"**/*.dist-info/RECORD\",\n \"BUILD\",\n \"WORKSPACE\",\n ]),\n # This makes this directory a top-level in the python import\n # search path for anything that depends on this.\n imports = [\".\"],\n)\n" + } + }, + "rules_python_internal": { + "bzlFile": "@@rules_python~//python/private:internal_config_repo.bzl", + "ruleClassName": "internal_config_repo", + "attributes": {} + }, + "pypi__pip": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "url": "https://files.pythonhosted.org/packages/50/c2/e06851e8cc28dcad7c155f4753da8833ac06a5c704c109313b8d5a62968a/pip-23.2.1-py3-none-any.whl", + "sha256": "7ccf472345f20d35bdc9d1841ff5f313260c2c33fe417f48c30ac46cccabf5be", + "type": "zip", + "build_file_content": "package(default_visibility = [\"//visibility:public\"])\n\nload(\"@rules_python//python:defs.bzl\", \"py_library\")\n\npy_library(\n name = \"lib\",\n srcs = glob([\"**/*.py\"]),\n data = glob([\"**/*\"], exclude=[\n # These entries include those put into user-installed dependencies by\n # data_exclude in /python/pip_install/tools/bazel.py\n # to avoid non-determinism following pip install's behavior.\n \"**/*.py\",\n \"**/*.pyc\",\n \"**/*.pyc.*\", # During pyc creation, temp files named *.pyc.NNN are created\n \"**/* *\",\n \"**/*.dist-info/RECORD\",\n \"BUILD\",\n \"WORKSPACE\",\n ]),\n # This makes this directory a top-level in the python import\n # search path for anything that depends on this.\n imports = [\".\"],\n)\n" + } + }, + "pypi__installer": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "url": "https://files.pythonhosted.org/packages/e5/ca/1172b6638d52f2d6caa2dd262ec4c811ba59eee96d54a7701930726bce18/installer-0.7.0-py3-none-any.whl", + "sha256": "05d1933f0a5ba7d8d6296bb6d5018e7c94fa473ceb10cf198a92ccea19c27b53", + "type": "zip", + "build_file_content": "package(default_visibility = [\"//visibility:public\"])\n\nload(\"@rules_python//python:defs.bzl\", \"py_library\")\n\npy_library(\n name = \"lib\",\n srcs = glob([\"**/*.py\"]),\n data = glob([\"**/*\"], exclude=[\n # These entries include those put into user-installed dependencies by\n # data_exclude in /python/pip_install/tools/bazel.py\n # to avoid non-determinism following pip install's behavior.\n \"**/*.py\",\n \"**/*.pyc\",\n \"**/*.pyc.*\", # During pyc creation, temp files named *.pyc.NNN are created\n \"**/* *\",\n \"**/*.dist-info/RECORD\",\n \"BUILD\",\n \"WORKSPACE\",\n ]),\n # This makes this directory a top-level in the python import\n # search path for anything that depends on this.\n imports = [\".\"],\n)\n" + } + }, + "pypi__more_itertools": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "url": "https://files.pythonhosted.org/packages/5a/cb/6dce742ea14e47d6f565589e859ad225f2a5de576d7696e0623b784e226b/more_itertools-10.1.0-py3-none-any.whl", + "sha256": "64e0735fcfdc6f3464ea133afe8ea4483b1c5fe3a3d69852e6503b43a0b222e6", + "type": "zip", + "build_file_content": "package(default_visibility = [\"//visibility:public\"])\n\nload(\"@rules_python//python:defs.bzl\", \"py_library\")\n\npy_library(\n name = \"lib\",\n srcs = glob([\"**/*.py\"]),\n data = glob([\"**/*\"], exclude=[\n # These entries include those put into user-installed dependencies by\n # data_exclude in /python/pip_install/tools/bazel.py\n # to avoid non-determinism following pip install's behavior.\n \"**/*.py\",\n \"**/*.pyc\",\n \"**/*.pyc.*\", # During pyc creation, temp files named *.pyc.NNN are created\n \"**/* *\",\n \"**/*.dist-info/RECORD\",\n \"BUILD\",\n \"WORKSPACE\",\n ]),\n # This makes this directory a top-level in the python import\n # search path for anything that depends on this.\n imports = [\".\"],\n)\n" + } + }, + "pypi__tomli": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "url": "https://files.pythonhosted.org/packages/97/75/10a9ebee3fd790d20926a90a2547f0bf78f371b2f13aa822c759680ca7b9/tomli-2.0.1-py3-none-any.whl", + "sha256": "939de3e7a6161af0c887ef91b7d41a53e7c5a1ca976325f429cb46ea9bc30ecc", + "type": "zip", + "build_file_content": "package(default_visibility = [\"//visibility:public\"])\n\nload(\"@rules_python//python:defs.bzl\", \"py_library\")\n\npy_library(\n name = \"lib\",\n srcs = glob([\"**/*.py\"]),\n data = glob([\"**/*\"], exclude=[\n # These entries include those put into user-installed dependencies by\n # data_exclude in /python/pip_install/tools/bazel.py\n # to avoid non-determinism following pip install's behavior.\n \"**/*.py\",\n \"**/*.pyc\",\n \"**/*.pyc.*\", # During pyc creation, temp files named *.pyc.NNN are created\n \"**/* *\",\n \"**/*.dist-info/RECORD\",\n \"BUILD\",\n \"WORKSPACE\",\n ]),\n # This makes this directory a top-level in the python import\n # search path for anything that depends on this.\n imports = [\".\"],\n)\n" + } + } + }, + "recordedRepoMappingEntries": [ + [ + "rules_python~", + "bazel_tools", + "bazel_tools" + ] + ] + } + } + } +} From b86faadfcc7dae9ebcc00a06ae118d619003f1ea Mon Sep 17 00:00:00 2001 From: Malte Poll <1780588+malt3@users.noreply.github.com> Date: Wed, 22 May 2024 15:41:20 +0200 Subject: [PATCH 021/380] tidy: document MODULE.bazel.lock maintencance --- .github/workflows/test-tidy.yml | 4 +++- dev-docs/workflows/bazel.md | 7 +++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test-tidy.yml b/.github/workflows/test-tidy.yml index eb0fa204d..a725abf26 100644 --- a/.github/workflows/test-tidy.yml +++ b/.github/workflows/test-tidy.yml @@ -51,7 +51,9 @@ jobs: - name: Run Bazel tidy shell: bash - run: bazel run //:tidy + run: | + bazel run //:tidy + bazel mod deps --lockfile_mode=update - name: Check if untidy id: untidy diff --git a/dev-docs/workflows/bazel.md b/dev-docs/workflows/bazel.md index 2e8ee57ea..8dc38b7ea 100644 --- a/dev-docs/workflows/bazel.md +++ b/dev-docs/workflows/bazel.md @@ -3,6 +3,13 @@ Bazel is the primary build system for this project. It is used to build all Go code and will be used to build all artifacts in the future. Still, we aim to keep the codebase compatible with `go build` and `go test` as well. Whenever Go code is changed, you will have to run `bazel run //:tidy` to regenerate the Bazel build files for Go code. +Additionally, you need to update `MODULE.bazel`, together with `MODULE.bazel.lock`: + +``` +# if the steps below fail, try to recreate the lockfile from scratch by deleting it +bazel mod deps --lockfile_mode=update +bazel mod tidy +``` ## Bazel commands From be3f55557367eb1375da9d62cde66473cc4a7ff5 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Fri, 24 May 2024 08:08:42 +0200 Subject: [PATCH 022/380] image: update measurements and image version (#3119) Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com> --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index 5e1f43510..ea556c1e2 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x31, 0x46, 0x1d, 0x3a, 0xe0, 0x2c, 0x58, 0xff, 0x6d, 0x8a, 0x2c, 0x68, 0x18, 0x52, 0x01, 0xf5, 0x4d, 0x98, 0x7f, 0x1c, 0xbc, 0x95, 0x96, 0xc3, 0x70, 0xc7, 0xad, 0xbd, 0x12, 0x3d, 0x2c, 0x8d}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x41, 0xaa, 0x16, 0x69, 0xaa, 0xdf, 0xc9, 0x2c, 0xc7, 0x3b, 0x4e, 0x00, 0xf3, 0x15, 0x4e, 0xb7, 0x5c, 0x13, 0x80, 0x92, 0x03, 0x76, 0xe4, 0x4f, 0xdf, 0x7a, 0x06, 0x82, 0xac, 0x68, 0x07, 0x3e}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd3, 0x75, 0x20, 0x27, 0x8f, 0x9f, 0x8e, 0x92, 0xd4, 0x25, 0xed, 0xbd, 0x5a, 0x9f, 0x6a, 0xec, 0xea, 0xee, 0xf3, 0xc6, 0xb6, 0xa9, 0x53, 0x93, 0x60, 0xe9, 0x7c, 0x12, 0xda, 0x8b, 0x5c, 0xcf}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xc0, 0x5b, 0xce, 0x0b, 0xd7, 0x74, 0x0c, 0x7b, 0xd0, 0x24, 0xfc, 0x75, 0x52, 0x02, 0xd5, 0x78, 0x14, 0x5b, 0xe3, 0x3d, 0xb2, 0xa3, 0xac, 0xbe, 0xf1, 0x1e, 0x5b, 0x1d, 0xc9, 0x33, 0xaa, 0x01}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x3c, 0x45, 0x80, 0xb4, 0x21, 0x26, 0x65, 0x78, 0x2c, 0x9a, 0x88, 0x8e, 0x8e, 0xcb, 0x70, 0x06, 0x3b, 0x6e, 0x80, 0x63, 0xbd, 0xa5, 0x8a, 0xe0, 0x23, 0xd3, 0x15, 0xa4, 0x2d, 0x6c, 0xe8, 0x61}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xec, 0xe7, 0xe2, 0x71, 0x45, 0xb1, 0x78, 0x5b, 0x62, 0xbb, 0x7d, 0xff, 0x29, 0xde, 0xef, 0xa9, 0xc6, 0x51, 0x9a, 0x18, 0x3f, 0x05, 0xb3, 0x6d, 0xa9, 0xb9, 0x8a, 0xdd, 0xe7, 0xe9, 0xf0, 0x81}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x3f, 0x5f, 0x9f, 0x59, 0x2f, 0xfe, 0x84, 0x26, 0x26, 0x3d, 0x8a, 0x48, 0xa1, 0xe0, 0x27, 0x21, 0x83, 0x8f, 0xb7, 0x38, 0x4d, 0xa7, 0xcf, 0xfd, 0xe1, 0x07, 0xab, 0x92, 0xfd, 0xd8, 0xe8, 0x3f}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd1, 0x87, 0x6b, 0xdb, 0x55, 0xbe, 0x63, 0x18, 0x82, 0x9e, 0xe0, 0xf6, 0x55, 0x99, 0xd5, 0xde, 0xfa, 0x73, 0x57, 0xd9, 0x92, 0x10, 0x8e, 0x5b, 0xc1, 0xd3, 0x87, 0xa8, 0x6b, 0x01, 0x6e, 0x02}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x87, 0x59, 0xdb, 0xd5, 0x32, 0x91, 0x3f, 0x45, 0x00, 0xbc, 0x02, 0x0d, 0x81, 0x1d, 0x27, 0x83, 0x16, 0x5b, 0x21, 0xa4, 0xf4, 0x89, 0xf7, 0x0f, 0x56, 0x53, 0xd5, 0x37, 0xac, 0xf9, 0xed, 0xa3}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x6c, 0x84, 0xf7, 0xbb, 0x26, 0x3b, 0x9d, 0x84, 0x53, 0xed, 0xd3, 0x53, 0x2c, 0x71, 0xfc, 0x60, 0xec, 0x77, 0x9e, 0x07, 0x8f, 0xc4, 0xd4, 0xca, 0x51, 0xc1, 0xb3, 0xb2, 0x17, 0x7c, 0xc7, 0x61}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x33, 0x58, 0x7b, 0x29, 0xb4, 0xc3, 0x16, 0x78, 0xe1, 0xc9, 0xfd, 0xff, 0x77, 0x3e, 0xb8, 0x52, 0x86, 0xfc, 0x05, 0x28, 0x71, 0xa7, 0x20, 0xe7, 0x88, 0xa3, 0xc3, 0xd3, 0x2f, 0x2e, 0x12, 0x64}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x98, 0xdf, 0x21, 0xb0, 0xb0, 0xc6, 0xd2, 0x43, 0x6f, 0x81, 0xf7, 0x04, 0x98, 0x63, 0x8a, 0x99, 0x16, 0x80, 0xed, 0x69, 0xac, 0x78, 0x56, 0xbe, 0x7f, 0xde, 0x77, 0xf2, 0xae, 0x04, 0xd5, 0x5e}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x3b, 0x0e, 0x49, 0x28, 0x19, 0x9e, 0xc0, 0xd1, 0x03, 0xfd, 0x74, 0x32, 0x7d, 0x7c, 0xa0, 0x78, 0x0d, 0x1c, 0x28, 0x81, 0x1d, 0x21, 0x66, 0x6c, 0xa3, 0x5d, 0xcd, 0x13, 0x3b, 0x57, 0x9f, 0xb7}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x86, 0xe6, 0xaf, 0x79, 0x6a, 0xcd, 0xe4, 0x61, 0x82, 0xfb, 0x28, 0x4a, 0x87, 0xae, 0x40, 0xb5, 0x0c, 0xf7, 0x4e, 0x3a, 0x5a, 0x4c, 0xad, 0xe2, 0xad, 0x18, 0xac, 0xae, 0xd8, 0x4e, 0xe8, 0xdd}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x24, 0xc5, 0xc7, 0x0a, 0xb6, 0xcd, 0x52, 0x4d, 0x36, 0x6a, 0x20, 0xe4, 0xa6, 0x5c, 0x10, 0xdd, 0x1d, 0x99, 0x0e, 0xcd, 0x4a, 0x39, 0xf1, 0x6b, 0xd0, 0x43, 0x31, 0xb5, 0xc3, 0x49, 0xfe, 0xdf}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x6a, 0x53, 0xcc, 0x79, 0xf4, 0x16, 0x8e, 0x86, 0xf6, 0x75, 0x0a, 0x03, 0xb5, 0x36, 0xc2, 0x6e, 0xf7, 0xee, 0x31, 0x15, 0x77, 0xa4, 0x4f, 0x56, 0x55, 0x81, 0xc4, 0xf1, 0xcb, 0x81, 0x3a, 0x70}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd7, 0x9b, 0xb7, 0xfd, 0xd4, 0x4b, 0xd1, 0x38, 0xbd, 0xd3, 0x0b, 0x78, 0xea, 0x87, 0xb5, 0x63, 0x03, 0x63, 0x75, 0xee, 0x77, 0x75, 0xd1, 0x3e, 0xa4, 0x1c, 0x04, 0x10, 0x54, 0xf5, 0x3b, 0x2f}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd7, 0xaf, 0x2a, 0xa9, 0xff, 0x9c, 0xef, 0x33, 0x67, 0xcf, 0x67, 0x7a, 0xbb, 0x2e, 0x80, 0x70, 0x89, 0x7c, 0x00, 0x9f, 0x5a, 0xdc, 0xa7, 0xb3, 0x2f, 0xd4, 0x6d, 0x7f, 0xf4, 0x60, 0x15, 0xe7}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x6c, 0x20, 0x74, 0x86, 0x64, 0xdf, 0xdc, 0xf7, 0x63, 0xfb, 0x71, 0xdf, 0x32, 0x0f, 0x0a, 0xff, 0x70, 0xad, 0xc6, 0x36, 0xa9, 0x6b, 0x16, 0x53, 0xe2, 0x9a, 0x69, 0x4a, 0x03, 0x4a, 0x7c, 0x73}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xa2, 0x08, 0xe5, 0xcb, 0xe3, 0x53, 0x03, 0x92, 0x30, 0x49, 0x14, 0x52, 0xcc, 0x21, 0x19, 0x86, 0xf5, 0x99, 0x23, 0xb1, 0x01, 0xc8, 0xa7, 0xc9, 0x1e, 0x7c, 0x15, 0x29, 0x60, 0xb4, 0xe1, 0x4e}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x6f, 0x9c, 0xa5, 0x18, 0x51, 0x15, 0x34, 0x8b, 0x2f, 0x02, 0xb6, 0x4a, 0xe6, 0xe9, 0xd1, 0x41, 0xad, 0x21, 0x47, 0xc1, 0x54, 0xa0, 0xad, 0x56, 0xaf, 0x52, 0x9c, 0xb0, 0x4d, 0xf8, 0x9b, 0xf0}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x69, 0xf2, 0x0f, 0x94, 0x86, 0x8b, 0x13, 0xaa, 0x77, 0x5f, 0x8d, 0x45, 0xed, 0x6e, 0x61, 0xb8, 0x36, 0xb7, 0x5e, 0xb7, 0x1f, 0x89, 0x8b, 0x4f, 0x1d, 0x41, 0x25, 0x77, 0x50, 0xa8, 0xe2, 0xd4}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x94, 0x18, 0xb5, 0x4e, 0xfa, 0xf9, 0xc2, 0x44, 0xcc, 0x9e, 0x81, 0x79, 0x1a, 0x71, 0x5f, 0xe5, 0x3d, 0x2d, 0x69, 0x7e, 0x33, 0xcb, 0x6c, 0x48, 0x0c, 0x87, 0xab, 0x0e, 0x8d, 0xba, 0x26, 0x1e}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd8, 0x30, 0x77, 0xeb, 0x47, 0xf7, 0x14, 0xcc, 0xce, 0xcf, 0x09, 0xc5, 0x44, 0x8e, 0xde, 0x74, 0x60, 0xd7, 0x10, 0x83, 0x96, 0xa9, 0x33, 0x07, 0x92, 0x52, 0x1c, 0xb9, 0xd6, 0x89, 0x59, 0x21}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xee, 0xfe, 0xd3, 0xca, 0x1d, 0x5e, 0xe3, 0x51, 0x60, 0x78, 0x20, 0x26, 0xd6, 0xad, 0x2c, 0xfc, 0x07, 0xba, 0xfc, 0xce, 0xcd, 0x56, 0xa6, 0x14, 0x35, 0x1b, 0xf9, 0x2b, 0x30, 0x09, 0x66, 0x37}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd8, 0xf1, 0x45, 0x7f, 0xb4, 0x82, 0xc8, 0xbd, 0xd1, 0xf1, 0xac, 0x99, 0xcd, 0xa5, 0x12, 0x6e, 0xca, 0x85, 0xfc, 0x0d, 0xd7, 0x31, 0xee, 0x3e, 0x5c, 0xd2, 0xef, 0xef, 0xbc, 0x2f, 0xdc, 0x83}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xc4, 0x1a, 0x00, 0xd8, 0x94, 0xfa, 0xc8, 0x72, 0x0a, 0x10, 0xd7, 0xec, 0xa1, 0xb2, 0x9e, 0x3d, 0xcf, 0x20, 0x3d, 0x79, 0x20, 0x40, 0x53, 0xb2, 0x99, 0xec, 0xb4, 0x04, 0xe9, 0xd6, 0x15, 0x81}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x0e, 0xed, 0x02, 0x90, 0xb7, 0xbd, 0xaa, 0x2a, 0x25, 0xfc, 0x5f, 0xb2, 0x93, 0x9b, 0xa5, 0x5c, 0xb3, 0x93, 0x29, 0xb8, 0x22, 0xd1, 0xf7, 0x79, 0xdb, 0x31, 0xef, 0x28, 0x90, 0xd1, 0x22, 0x2d}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x4d, 0x99, 0x8b, 0xba, 0x91, 0x7b, 0x99, 0x8a, 0xc5, 0xf8, 0xc8, 0x39, 0x01, 0x33, 0x49, 0x54, 0x1f, 0xb4, 0xf6, 0x08, 0x2d, 0x18, 0x0f, 0x91, 0x34, 0x6f, 0x7c, 0xcb, 0x9d, 0xea, 0xed, 0xce}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf3, 0x4b, 0x4f, 0xfa, 0xb7, 0x5a, 0x74, 0x8e, 0xbd, 0xb6, 0x72, 0xe0, 0x8e, 0xa4, 0x0c, 0x29, 0x6e, 0x7a, 0x82, 0x45, 0xf0, 0x5c, 0x29, 0xf8, 0x59, 0xa0, 0x1b, 0x22, 0x45, 0x3d, 0xcf, 0xaa}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0xdc, 0x08, 0xc8, 0xc3, 0x0e, 0xb3, 0x3a, 0xee, 0xb0, 0xac, 0x63, 0xe4, 0x16, 0xf3, 0x0d, 0x8b, 0xa1, 0xc3, 0x6b, 0xc3, 0xf3, 0xbd, 0xdc, 0x77, 0x98, 0xe1, 0x49, 0xe3, 0xeb, 0xea, 0x35, 0x05}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd8, 0x7f, 0x62, 0x14, 0x0b, 0xb3, 0xf7, 0x85, 0x4e, 0x0d, 0x2d, 0xc3, 0xdd, 0xd6, 0x0e, 0x2e, 0xbd, 0xbd, 0x8a, 0x39, 0x6a, 0x61, 0x8b, 0x63, 0x71, 0x3e, 0xc9, 0x52, 0x4a, 0xf4, 0x5a, 0xad}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x28, 0x1c, 0xdc, 0x82, 0xf9, 0xa7, 0xb6, 0x6a, 0x39, 0xba, 0xff, 0x29, 0xe2, 0x53, 0x9b, 0xc7, 0x7f, 0x47, 0x93, 0x0f, 0x60, 0x79, 0x34, 0x7f, 0xbe, 0xd0, 0x3b, 0xa6, 0x72, 0xc8, 0x1b, 0xb9}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x03, 0x99, 0x68, 0xfc, 0xf0, 0x80, 0x0f, 0x65, 0x81, 0x71, 0x4d, 0xe4, 0xdb, 0x5f, 0xc6, 0x58, 0xb8, 0x52, 0x3a, 0xdc, 0xbf, 0x5f, 0x49, 0x8f, 0x75, 0x45, 0x63, 0x3d, 0xa1, 0x5b, 0xf2, 0xa5}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x6e, 0x12, 0x8b, 0x03, 0x4d, 0x6e, 0x59, 0xd5, 0x0b, 0x19, 0x6b, 0xd8, 0x36, 0x84, 0xee, 0x78, 0xa9, 0xcc, 0xf4, 0xac, 0xa3, 0xe5, 0xa4, 0x5d, 0x84, 0x36, 0x79, 0x49, 0xee, 0xc2, 0x80, 0x4f}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x04, 0x03, 0xc1, 0x38, 0xd3, 0x77, 0xd0, 0x98, 0x0b, 0xa5, 0x42, 0xd2, 0x83, 0x90, 0xf5, 0x6a, 0xe3, 0xe9, 0x35, 0x0d, 0xc4, 0x36, 0xb3, 0xd6, 0x0c, 0x4f, 0x7a, 0x04, 0x23, 0xf9, 0x87, 0x71}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x51, 0x9f, 0xf0, 0x2b, 0x13, 0x1c, 0x75, 0x95, 0xb3, 0x1b, 0xf7, 0xfc, 0x1f, 0x36, 0x9e, 0x5e, 0x88, 0x65, 0xc3, 0x2a, 0xfa, 0x89, 0xeb, 0x12, 0xce, 0x0c, 0x7f, 0x6d, 0xaf, 0xf8, 0x96, 0x75}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xdd, 0x17, 0x27, 0xd2, 0xbf, 0xb9, 0x61, 0xfa, 0xa2, 0xd9, 0xe7, 0xaf, 0x88, 0xa6, 0x32, 0x18, 0xe4, 0x68, 0x50, 0xc3, 0xce, 0xa5, 0x4c, 0xc9, 0x6e, 0xb2, 0x53, 0xf1, 0x1b, 0xce, 0xab, 0xae}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x30, 0xea, 0x9a, 0xc6, 0xcf, 0x55, 0x77, 0x6b, 0x3a, 0x90, 0x1f, 0xb5, 0x5a, 0x4d, 0x81, 0x80, 0x73, 0x3d, 0xe9, 0x72, 0xf5, 0x89, 0xfa, 0x45, 0xfc, 0x40, 0x7e, 0x1a, 0xd1, 0x9e, 0x75, 0x58}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0x84, 0xc7, 0x2b, 0x0a, 0x65, 0x8f, 0x34, 0xf8, 0x2f, 0x4a, 0x3a, 0x8c, 0x64, 0x66, 0x78, 0xf2, 0xd1, 0xbf, 0x43, 0x63, 0x6e, 0x6f, 0xb1, 0x05, 0xf4, 0x16, 0x70, 0x38, 0x3c, 0xea, 0xeb, 0x13}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb7, 0xa5, 0x01, 0x7a, 0x7a, 0x16, 0x17, 0x33, 0xe5, 0x56, 0x57, 0xbb, 0x55, 0xb8, 0x51, 0x82, 0x59, 0x23, 0xb4, 0x39, 0xed, 0x23, 0xe9, 0x0b, 0x84, 0xff, 0x9f, 0xdd, 0x40, 0xa5, 0xab, 0x9e}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd1, 0x0c, 0x59, 0x5e, 0x0b, 0x2f, 0xda, 0xca, 0x21, 0x9a, 0x85, 0xcb, 0xe3, 0x62, 0x4e, 0x85, 0x21, 0x0f, 0x90, 0xa8, 0xeb, 0xb8, 0x64, 0xe6, 0xaa, 0xe3, 0xeb, 0x2e, 0xd0, 0xd2, 0x3b, 0xa2}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0xfd, 0xc3, 0x29, 0xe4, 0x31, 0x94, 0x3e, 0x62, 0xd5, 0xc7, 0x45, 0x83, 0xea, 0x70, 0x2c, 0x74, 0x00, 0x8a, 0xf6, 0x66, 0x3d, 0x60, 0x51, 0x38, 0x6b, 0xc7, 0xb5, 0xfb, 0x5d, 0x59, 0xda, 0x41}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xca, 0x32, 0xf1, 0xb8, 0x1f, 0x63, 0x4c, 0x56, 0x19, 0xd7, 0xd4, 0xfb, 0x56, 0x84, 0x65, 0xdc, 0x00, 0x11, 0x01, 0xd2, 0x28, 0xb9, 0xb1, 0xb1, 0xb2, 0x01, 0x48, 0xa6, 0xec, 0x80, 0xc8, 0x5b}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xc4, 0xbc, 0x5b, 0x0b, 0x0f, 0xfd, 0x8b, 0xa5, 0xc0, 0x27, 0xe8, 0x2a, 0x33, 0x93, 0xb0, 0x52, 0x3a, 0x01, 0xe0, 0x5a, 0xfe, 0xeb, 0x92, 0xb5, 0x7d, 0x37, 0x83, 0x7d, 0xec, 0x9b, 0x79, 0xea}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0x54, 0xa7, 0x25, 0x0c, 0xca, 0xd6, 0xf1, 0xc4, 0xca, 0xc8, 0x3d, 0x2c, 0x5f, 0xd4, 0x05, 0x0e, 0x50, 0x27, 0xe4, 0x5a, 0xed, 0x2e, 0xf6, 0xf1, 0x91, 0xa9, 0x21, 0xfd, 0xa8, 0x38, 0xc8, 0x93}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xe2, 0x21, 0x0d, 0x3d, 0x74, 0x38, 0x55, 0x82, 0x44, 0x1e, 0xe3, 0x6b, 0x30, 0x11, 0x4a, 0x83, 0xb3, 0x6f, 0x1a, 0x5c, 0x2f, 0x42, 0x30, 0x99, 0x01, 0xb6, 0x78, 0xa1, 0x8a, 0x27, 0x21, 0x40}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x30, 0x91, 0xe2, 0x60, 0x76, 0xc0, 0x52, 0x09, 0x76, 0x2f, 0xf5, 0xad, 0xef, 0x15, 0x26, 0x7e, 0x06, 0x2f, 0xd6, 0x37, 0xaf, 0xa0, 0x38, 0x20, 0x77, 0xf3, 0x29, 0xbd, 0xa4, 0xcd, 0x2e, 0x99}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index ffe0ac0ec..9a798ce20 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.17.0-pre.0.20240516182331-5fb2a2cb89f2" + defaultImage = "ref/main/stream/nightly/v2.17.0-pre.0.20240523094804-b86faadfcc7d" ) From 31653ec2b8889a730c91deceb924ad10c415b035 Mon Sep 17 00:00:00 2001 From: Malte Poll <1780588+malt3@users.noreply.github.com> Date: Fri, 17 May 2024 09:01:08 +0200 Subject: [PATCH 023/380] CODEOWNERS: remove malt3 --- CODEOWNERS | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/CODEOWNERS b/CODEOWNERS index 69c1ac3e1..6b0679389 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1,7 +1,7 @@ # keep-sorted start .golangci.yml @katexochen -/3rdparty/gcp-guest-agent @malt3 -/bazel @malt3 +/3rdparty/gcp-guest-agent @3u13r +/bazel @burgerdev /bazel/ci @katexochen /bazel/sh @katexochen /bootstrapper @3u13r @@ -10,58 +10,57 @@ /cli/internal/libvirt @daniel-weisse /cli/internal/terraform @elchead /csi @daniel-weisse -/debugd @malt3 +/debugd @daniel-weisse /disk-mapper @daniel-weisse /docs @thomasten /e2e @3u13r /hack/azure-snp-report-verify @derpsteb -/hack/bazel-deps-mirror @malt3 +/hack/bazel-deps-mirror @burgerdev /hack/cli-k8s-compatibility @derpsteb /hack/clidocgen @thomasten /hack/fetch-broken-e2e @katexochen /hack/gocoverage @katexochen -/hack/oci-pin @malt3 +/hack/oci-pin @burgerdev /hack/qemu-metadata-api @daniel-weisse /hack/remove-tf-providers @katexochen /hack/terraform @3u13r /hack/tools @katexochen /hack/versioninfogen @daniel-weisse -/image @malt3 +/image @msanft /internal/api @derpsteb /internal/atls @thomasten /internal/attestation @daniel-weisse /internal/cloud @3u13r /internal/compatibility @derpsteb /internal/config @derpsteb -/internal/constellation/featureset @malt3 +/internal/constellation/featureset @thomasten /internal/constellation/helm @derpsteb /internal/constellation/kubecmd @daniel-weisse /internal/constellation/state @elchead -/internal/containerimage @malt3 +/internal/containerimage @burgerdev /internal/crypto @thomasten /internal/cryptsetup @daniel-weisse /internal/file @daniel-weisse /internal/grpc @thomasten -/internal/imagefetcher @malt3 +/internal/imagefetcher @msanft /internal/installer @3u13r /internal/kms @daniel-weisse -/internal/kubernetes @malt3 +/internal/kubernetes @3u13r /internal/license @thomasten /internal/logger @daniel-weisse /internal/nodestate @daniel-weisse -/internal/osimage @malt3 +/internal/osimage @msanft /internal/retry @katexochen /internal/semver @derpsteb /internal/sigstore @elchead -/internal/staticupload @malt3 +/internal/staticupload @msanft /internal/versions @3u13r /joinservice @daniel-weisse /keyservice @daniel-weisse /measurement-reader @daniel-weisse -/operators @malt3 -/rpm @malt3 +/operators @3u13r /terraform-provider-constellation @msanft @elchead -/tools @malt3 +/tools @burgerdev /upgrade-agent @3u13r /verify @daniel-weisse # keep-sorted end From bd8466a8c84d198851df310e05dbe412a4b90027 Mon Sep 17 00:00:00 2001 From: Malte Poll <1780588+malt3@users.noreply.github.com> Date: Fri, 17 May 2024 09:01:20 +0200 Subject: [PATCH 024/380] misc: remove malt3 from issue assignments --- .github/actions/pick_assignee/action.yml | 1 - .github/teams_payload_template.json | 8 -------- 2 files changed, 9 deletions(-) diff --git a/.github/actions/pick_assignee/action.yml b/.github/actions/pick_assignee/action.yml index 3e9cd4d64..e46d24ff2 100644 --- a/.github/actions/pick_assignee/action.yml +++ b/.github/actions/pick_assignee/action.yml @@ -15,7 +15,6 @@ runs: run: | possibleAssignees=( "elchead" - "malt3" "3u13r" "daniel-weisse" "msanft" diff --git a/.github/teams_payload_template.json b/.github/teams_payload_template.json index 145d6a28c..1b29657ae 100644 --- a/.github/teams_payload_template.json +++ b/.github/teams_payload_template.json @@ -58,14 +58,6 @@ "id": "a9a34611-9a38-4c00-a8a2-f87d94c2bf7d", "name": "Otto Bittner" } - }, - { - "type": "mention", - "text": "malt3", - "mentioned": { - "id": "3012fe21-cff7-499d-88cf-48cf12f2e90c", - "name": "Malte Poll" - } } ] }, From d4ab6a83bc2f26673a66d2013e2d874153d3dd2d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Fri, 24 May 2024 08:46:22 +0200 Subject: [PATCH 025/380] ci: check for pattern completion instead of file when creating archive (#3120) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- .github/actions/artifact_upload/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/artifact_upload/action.yml b/.github/actions/artifact_upload/action.yml index 14f5df055..f2e637dc1 100644 --- a/.github/actions/artifact_upload/action.yml +++ b/.github/actions/artifact_upload/action.yml @@ -59,7 +59,7 @@ runs: for target in ${paths} do - if [[ -f "${target}" ]] + if compgen -G "${target}" > /dev/null then pushd "$(dirname "${target}")" || exit 1 7zz a -p'${{ inputs.encryptionSecret }}' -bso0 -bsp0 -t7z -ms=on -mhe=on "${{ steps.tempdir.outputs.directory }}/archive.7z" "$(basename "${target}")" From 80917921e3d63feb2cee3e0d2ee4331978b00b52 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 24 May 2024 11:04:23 +0200 Subject: [PATCH 026/380] deps: update GitHub action dependencies (#3123) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/actions/e2e_benchmark/action.yml | 2 +- .github/actions/find_latest_image/action.yml | 4 ++-- .github/actions/login_azure/action.yml | 2 +- .github/actions/publish_helmchart/action.yml | 2 +- .github/workflows/assign_reviewer.yml | 2 +- .github/workflows/aws-snp-launchmeasurement.yml | 4 ++-- .github/workflows/build-binaries.yml | 2 +- .github/workflows/build-ccm-gcp.yml | 8 ++++---- .github/workflows/build-gcp-guest-agent.yml | 4 ++-- .github/workflows/build-libvirt-container.yml | 2 +- .github/workflows/build-logcollector-images.yml | 2 +- .github/workflows/build-os-image-scheduled.yml | 4 ++-- .github/workflows/build-os-image.yml | 4 ++-- .github/workflows/build-versionsapi-ci-image.yml | 2 +- .github/workflows/check-links.yml | 2 +- .github/workflows/codeql.yml | 6 +++--- .github/workflows/docs-vale.yml | 4 ++-- .github/workflows/draft-release.yml | 16 ++++++++-------- .github/workflows/e2e-attestationconfigapi.yml | 2 +- .github/workflows/e2e-cleanup-weekly.yml | 2 +- .github/workflows/e2e-mini.yml | 4 ++-- .github/workflows/e2e-test-daily.yml | 8 ++++---- .github/workflows/e2e-test-provider-example.yml | 2 +- .github/workflows/e2e-test-release.yml | 2 +- .github/workflows/e2e-test-weekly.yml | 8 ++++---- .github/workflows/e2e-test.yml | 8 ++++---- .github/workflows/e2e-upgrade.yml | 16 ++++++++-------- .github/workflows/e2e-windows.yml | 6 +++--- .github/workflows/on-release.yml | 8 ++++---- .github/workflows/purge-main.yml | 2 +- .github/workflows/release.yml | 10 +++++----- .github/workflows/reproducible-builds.yml | 8 ++++---- .github/workflows/scorecard.yml | 4 ++-- .github/workflows/sync-terraform-docs.yml | 4 ++-- .github/workflows/test-integration.yml | 2 +- .github/workflows/test-operator-codegen.yml | 2 +- .github/workflows/test-tfsec.yml | 2 +- .github/workflows/test-tidy.yml | 2 +- .github/workflows/test-unittest.yml | 2 +- .github/workflows/update-rpms.yml | 2 +- .github/workflows/versionsapi.yml | 2 +- 41 files changed, 90 insertions(+), 90 deletions(-) diff --git a/.github/actions/e2e_benchmark/action.yml b/.github/actions/e2e_benchmark/action.yml index ac223ed77..14524ca91 100644 --- a/.github/actions/e2e_benchmark/action.yml +++ b/.github/actions/e2e_benchmark/action.yml @@ -49,7 +49,7 @@ runs: install kubestr /usr/local/bin - name: Checkout k8s-bench-suite - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 repository: "edgelesssys/k8s-bench-suite" diff --git a/.github/actions/find_latest_image/action.yml b/.github/actions/find_latest_image/action.yml index 71dfd2180..11860b479 100644 --- a/.github/actions/find_latest_image/action.yml +++ b/.github/actions/find_latest_image/action.yml @@ -26,13 +26,13 @@ runs: steps: - name: Checkout head if: inputs.imageVersion == '' && inputs.git-ref == 'head' - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Checkout ref if: inputs.imageVersion == '' && inputs.git-ref != 'head' - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ inputs.git-ref }} diff --git a/.github/actions/login_azure/action.yml b/.github/actions/login_azure/action.yml index 4e370b27b..e271fd3d3 100644 --- a/.github/actions/login_azure/action.yml +++ b/.github/actions/login_azure/action.yml @@ -10,6 +10,6 @@ runs: # As described at: # https://github.com/Azure/login#configure-deployment-credentials - name: Login to Azure - uses: azure/login@6b2456866fc08b011acb422a92a4aa20e2c4de32 # v2.1.0 + uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1 with: creds: ${{ inputs.azure_credentials }} diff --git a/.github/actions/publish_helmchart/action.yml b/.github/actions/publish_helmchart/action.yml index 4c7a8eb57..5580dd451 100644 --- a/.github/actions/publish_helmchart/action.yml +++ b/.github/actions/publish_helmchart/action.yml @@ -13,7 +13,7 @@ runs: using: "composite" steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: repository: edgelesssys/helm ref: main diff --git a/.github/workflows/assign_reviewer.yml b/.github/workflows/assign_reviewer.yml index 0ca55fcf4..7e342711b 100644 --- a/.github/workflows/assign_reviewer.yml +++ b/.github/workflows/assign_reviewer.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest if: github.event.label.name == 'dependencies' && github.event.pull_request.user.login == 'app/renovate' steps: - - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Pick assignee id: pick-assignee uses: ./.github/actions/pick_assignee diff --git a/.github/workflows/aws-snp-launchmeasurement.yml b/.github/workflows/aws-snp-launchmeasurement.yml index 6acbe0e07..ca4feeac8 100644 --- a/.github/workflows/aws-snp-launchmeasurement.yml +++ b/.github/workflows/aws-snp-launchmeasurement.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ github.head_ref }} path: constellation @@ -50,7 +50,7 @@ jobs: echo "ovmfPath=${ovmfPath}" | tee -a "$GITHUB_OUTPUT" popd || exit 1 - - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: repository: virtee/sev-snp-measure-go.git ref: e42b6f8991ed5a671d5d1e02a6b61f6373f9f8d8 diff --git a/.github/workflows/build-binaries.yml b/.github/workflows/build-binaries.yml index 8b6455e3a..362cb6974 100644 --- a/.github/workflows/build-binaries.yml +++ b/.github/workflows/build-binaries.yml @@ -22,7 +22,7 @@ jobs: runs-on: [arc-runner-set] steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/build-ccm-gcp.yml b/.github/workflows/build-ccm-gcp.yml index bef3a42ea..ed60a4fdc 100644 --- a/.github/workflows/build-ccm-gcp.yml +++ b/.github/workflows/build-ccm-gcp.yml @@ -19,10 +19,10 @@ jobs: latest: ${{ steps.find-latest.outputs.latest }} steps: - name: Checkout Constellation - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Checkout kubernetes/cloud-provider-gcp - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: repository: "kubernetes/cloud-provider-gcp" path: "cloud-provider-gcp" @@ -65,10 +65,10 @@ jobs: version: ${{ fromJson(needs.find-ccm-versions.outputs.versions) }} steps: - name: Checkout Constellation - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Checkout kubernetes/cloud-provider-gcp - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: repository: "kubernetes/cloud-provider-gcp" path: "cloud-provider-gcp" diff --git a/.github/workflows/build-gcp-guest-agent.yml b/.github/workflows/build-gcp-guest-agent.yml index 203d784dc..f23c684e9 100644 --- a/.github/workflows/build-gcp-guest-agent.yml +++ b/.github/workflows/build-gcp-guest-agent.yml @@ -69,7 +69,7 @@ jobs: - name: Checkout GoogleCloudPlatform/guest-agent if: steps.needs-build.outputs.out == 'true' - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: repository: "GoogleCloudPlatform/guest-agent" ref: refs/tags/${{ steps.latest-release.outputs.latest }} @@ -77,7 +77,7 @@ jobs: - name: Checkout Constellation if: steps.needs-build.outputs.out == 'true' - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: path: "constellation" ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/build-libvirt-container.yml b/.github/workflows/build-libvirt-container.yml index fabd396b8..655b6bae6 100644 --- a/.github/workflows/build-libvirt-container.yml +++ b/.github/workflows/build-libvirt-container.yml @@ -19,7 +19,7 @@ jobs: packages: write steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Setup bazel uses: ./.github/actions/setup_bazel_nix diff --git a/.github/workflows/build-logcollector-images.yml b/.github/workflows/build-logcollector-images.yml index 383a196ff..73bde8e64 100644 --- a/.github/workflows/build-logcollector-images.yml +++ b/.github/workflows/build-logcollector-images.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Check out repository id: checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/build-os-image-scheduled.yml b/.github/workflows/build-os-image-scheduled.yml index 4f3b88fdb..4a4c42809 100644 --- a/.github/workflows/build-os-image-scheduled.yml +++ b/.github/workflows/build-os-image-scheduled.yml @@ -62,7 +62,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ github.head_ref }} @@ -121,7 +121,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ github.head_ref }} diff --git a/.github/workflows/build-os-image.yml b/.github/workflows/build-os-image.yml index dc0035e96..0b2c3b1bd 100644 --- a/.github/workflows/build-os-image.yml +++ b/.github/workflows/build-os-image.yml @@ -59,7 +59,7 @@ jobs: cliApiBasePath: ${{ steps.image-version.outputs.cliApiBasePath }} steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ inputs.ref || github.head_ref }} @@ -138,7 +138,7 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ inputs.ref || github.head_ref }} diff --git a/.github/workflows/build-versionsapi-ci-image.yml b/.github/workflows/build-versionsapi-ci-image.yml index 563e2837f..8d7e9c2dd 100644 --- a/.github/workflows/build-versionsapi-ci-image.yml +++ b/.github/workflows/build-versionsapi-ci-image.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Check out repository id: checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/check-links.yml b/.github/workflows/check-links.yml index e756e2aed..30e8626bf 100644 --- a/.github/workflows/check-links.yml +++ b/.github/workflows/check-links.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index daeec6dfa..020f9dbb1 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -34,7 +34,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Setup Go environment if: matrix.language == 'go' @@ -44,7 +44,7 @@ jobs: cache: false - name: Initialize CodeQL - uses: github/codeql-action/init@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 + uses: github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 with: languages: ${{ matrix.language }} @@ -63,6 +63,6 @@ jobs: echo "::endgroup::" - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 + uses: github/codeql-action/analyze@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 with: category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/docs-vale.yml b/.github/workflows/docs-vale.yml index f83400b3b..12458d47e 100644 --- a/.github/workflows/docs-vale.yml +++ b/.github/workflows/docs-vale.yml @@ -16,12 +16,12 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Vale - uses: errata-ai/vale-action@38bf078c328061f59879b347ca344a718a736018 # tag=reviewdog + uses: errata-ai/vale-action@91ac403e8d26f5aa1b3feaa86ca63065936a85b6 # tag=reviewdog with: files: docs/docs fail_on_error: true diff --git a/.github/workflows/draft-release.yml b/.github/workflows/draft-release.yml index 3ab075138..44a78d69d 100644 --- a/.github/workflows/draft-release.yml +++ b/.github/workflows/draft-release.yml @@ -72,7 +72,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ inputs.ref || github.head_ref }} @@ -133,7 +133,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ inputs.ref || github.head_ref }} @@ -169,7 +169,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ inputs.ref || github.head_ref }} @@ -187,7 +187,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ inputs.ref || github.head_ref }} @@ -219,7 +219,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ inputs.ref || github.head_ref }} @@ -256,7 +256,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ inputs.ref || github.head_ref }} @@ -332,7 +332,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ inputs.ref || github.head_ref }} @@ -405,7 +405,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ inputs.ref || github.head_ref }} diff --git a/.github/workflows/e2e-attestationconfigapi.yml b/.github/workflows/e2e-attestationconfigapi.yml index f2c4b7d2c..f00ae908d 100644 --- a/.github/workflows/e2e-attestationconfigapi.yml +++ b/.github/workflows/e2e-attestationconfigapi.yml @@ -26,7 +26,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: # Don't trigger in forks, use head on pull requests, use default otherwise. ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || github.event.pull_request.head.sha || '' }} diff --git a/.github/workflows/e2e-cleanup-weekly.yml b/.github/workflows/e2e-cleanup-weekly.yml index ce75c226d..b93f002a2 100644 --- a/.github/workflows/e2e-cleanup-weekly.yml +++ b/.github/workflows/e2e-cleanup-weekly.yml @@ -14,7 +14,7 @@ jobs: id-token: write steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Cleanup uses: ./.github/actions/e2e_cleanup_timeframe diff --git a/.github/workflows/e2e-mini.yml b/.github/workflows/e2e-mini.yml index f82dbb0aa..06b824fbf 100644 --- a/.github/workflows/e2e-mini.yml +++ b/.github/workflows/e2e-mini.yml @@ -29,12 +29,12 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ inputs.ref || github.event.workflow_run.head_branch || github.head_ref }} - name: Azure login OIDC - uses: azure/login@6b2456866fc08b011acb422a92a4aa20e2c4de32 # v2.1.0 + uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1 with: client-id: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} diff --git a/.github/workflows/e2e-test-daily.yml b/.github/workflows/e2e-test-daily.yml index e1b329bbf..df0c8e1f5 100644 --- a/.github/workflows/e2e-test-daily.yml +++ b/.github/workflows/e2e-test-daily.yml @@ -21,7 +21,7 @@ jobs: image-release-stable: ${{ steps.relabel-output.outputs.image-release-stable }} steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -65,7 +65,7 @@ jobs: needs: [find-latest-image] steps: - name: Check out repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -164,12 +164,12 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Azure login OIDC - uses: azure/login@6b2456866fc08b011acb422a92a4aa20e2c4de32 # v2.1.0 + uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1 with: client-id: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} diff --git a/.github/workflows/e2e-test-provider-example.yml b/.github/workflows/e2e-test-provider-example.yml index 6642e409f..f77941615 100644 --- a/.github/workflows/e2e-test-provider-example.yml +++ b/.github/workflows/e2e-test-provider-example.yml @@ -71,7 +71,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ inputs.ref || github.head_ref }} diff --git a/.github/workflows/e2e-test-release.yml b/.github/workflows/e2e-test-release.yml index f8ca947e7..b8c7fd618 100644 --- a/.github/workflows/e2e-test-release.yml +++ b/.github/workflows/e2e-test-release.yml @@ -311,7 +311,7 @@ jobs: run: brew install coreutils kubectl bash - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 ref: ${{ inputs.ref || github.head_ref }} diff --git a/.github/workflows/e2e-test-weekly.yml b/.github/workflows/e2e-test-weekly.yml index f3d8468e2..b93d3f3f9 100644 --- a/.github/workflows/e2e-test-weekly.yml +++ b/.github/workflows/e2e-test-weekly.yml @@ -22,7 +22,7 @@ jobs: image-main-nightly: ${{ steps.relabel-output.outputs.image-main-nightly }} steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -313,7 +313,7 @@ jobs: needs: [find-latest-image] steps: - name: Check out repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -437,12 +437,12 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Azure login OIDC - uses: azure/login@6b2456866fc08b011acb422a92a4aa20e2c4de32 # v2.1.0 + uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1 with: client-id: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} diff --git a/.github/workflows/e2e-test.yml b/.github/workflows/e2e-test.yml index 3ddffb56c..b5011a0dd 100644 --- a/.github/workflows/e2e-test.yml +++ b/.github/workflows/e2e-test.yml @@ -174,13 +174,13 @@ jobs: steps: - name: Checkout head if: inputs.git-ref == 'head' - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Checkout ref if: inputs.git-ref != 'head' - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ inputs.git-ref }} @@ -211,13 +211,13 @@ jobs: - name: Checkout head if: inputs.git-ref == 'head' - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Checkout ref if: inputs.git-ref != 'head' - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ inputs.git-ref }} diff --git a/.github/workflows/e2e-upgrade.yml b/.github/workflows/e2e-upgrade.yml index 18bab8697..b25825fec 100644 --- a/.github/workflows/e2e-upgrade.yml +++ b/.github/workflows/e2e-upgrade.yml @@ -135,14 +135,14 @@ jobs: steps: - name: Checkout if: inputs.gitRef == 'head' - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Checkout ref if: inputs.gitRef != 'head' - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 ref: ${{ inputs.gitRef }} @@ -190,14 +190,14 @@ jobs: steps: - name: Checkout if: inputs.gitRef == 'head' - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Checkout ref if: inputs.gitRef != 'head' - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 ref: ${{ inputs.gitRef }} @@ -274,14 +274,14 @@ jobs: steps: - name: Checkout if: inputs.gitRef == 'head' - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Checkout ref if: inputs.gitRef != 'head' - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 ref: ${{ inputs.gitRef }} @@ -438,14 +438,14 @@ jobs: steps: - name: Checkout if: inputs.gitRef == 'head' - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Checkout ref if: inputs.gitRef != 'head' - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 ref: ${{ inputs.gitRef }} diff --git a/.github/workflows/e2e-windows.yml b/.github/workflows/e2e-windows.yml index 1d026263b..9f32dee02 100644 --- a/.github/workflows/e2e-windows.yml +++ b/.github/workflows/e2e-windows.yml @@ -21,7 +21,7 @@ jobs: packages: write steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -56,7 +56,7 @@ jobs: needs: build-cli steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -186,7 +186,7 @@ jobs: inputs.scheduled steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/on-release.yml b/.github/workflows/on-release.yml index c2cb79f93..c0c04d32d 100644 --- a/.github/workflows/on-release.yml +++ b/.github/workflows/on-release.yml @@ -26,7 +26,7 @@ jobs: WORKING_BRANCH: ${{ env.WORKING_BRANCH }} steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 # fetch all history @@ -49,7 +49,7 @@ jobs: latest: ${{ steps.input-passthrough.outputs.latest }}${{ steps.check-last-release.outputs.latest }} steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Override latest if: github.event.inputs.latest == 'true' @@ -123,7 +123,7 @@ jobs: contents: write steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Remove temporary branch run: git push origin --delete "${{needs.complete-release-branch-transaction.outputs.WORKING_BRANCH}}" @@ -137,7 +137,7 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - uses: ./.github/actions/setup_bazel_nix diff --git a/.github/workflows/purge-main.yml b/.github/workflows/purge-main.yml index c25a57549..e6e1cc79c 100644 --- a/.github/workflows/purge-main.yml +++ b/.github/workflows/purge-main.yml @@ -18,7 +18,7 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ github.head_ref }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5e9e28083..b01d34685 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -33,7 +33,7 @@ jobs: RELEASE_BRANCH: ${{ steps.version-info.outputs.RELEASE_BRANCH }} WORKING_BRANCH: ${{ steps.version-info.outputs.WORKING_BRANCH }} steps: - - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Working branch run: echo "WORKING_BRANCH=$(git branch --show-current)" | tee -a "$GITHUB_ENV" @@ -85,7 +85,7 @@ jobs: MAJOR_MINOR: ${{ needs.verify-inputs.outputs.MAJOR_MINOR }} BRANCH: docs/${{ needs.verify-inputs.outputs.MAJOR_MINOR }} steps: - - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: main @@ -123,7 +123,7 @@ jobs: WORKING_BRANCH: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }} steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }} @@ -161,7 +161,7 @@ jobs: WITHOUT_V: ${{ needs.verify-inputs.outputs.WITHOUT_V }} steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }} @@ -226,7 +226,7 @@ jobs: WITHOUT_V: ${{ needs.verify-inputs.outputs.WITHOUT_V }} steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }} diff --git a/.github/workflows/reproducible-builds.yml b/.github/workflows/reproducible-builds.yml index bb2ee475a..bbc7d9387 100644 --- a/.github/workflows/reproducible-builds.yml +++ b/.github/workflows/reproducible-builds.yml @@ -31,7 +31,7 @@ jobs: runs-on: ${{ matrix.runner }} steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -84,7 +84,7 @@ jobs: runs-on: ${{ matrix.runner }} steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -134,7 +134,7 @@ jobs: - "cli_enterprise_windows_amd64" runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -168,7 +168,7 @@ jobs: - "gcp_gcp-sev-snp_nightly" runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 666517bb8..b0bc2f373 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -18,7 +18,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: persist-credentials: false @@ -37,6 +37,6 @@ jobs: retention-days: 5 - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 + uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 with: sarif_file: results.sarif diff --git a/.github/workflows/sync-terraform-docs.yml b/.github/workflows/sync-terraform-docs.yml index 657c49d2f..4772d2ca9 100644 --- a/.github/workflows/sync-terraform-docs.yml +++ b/.github/workflows/sync-terraform-docs.yml @@ -18,14 +18,14 @@ jobs: pull-requests: write steps: - name: Checkout constellation repo - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} fetch-depth: 0 path: constellation - name: Checkout terraform-provider-constellation repo - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: repository: edgelesssys/terraform-provider-constellation ref: main diff --git a/.github/workflows/test-integration.yml b/.github/workflows/test-integration.yml index ef36a5530..19b41f75b 100644 --- a/.github/workflows/test-integration.yml +++ b/.github/workflows/test-integration.yml @@ -25,7 +25,7 @@ jobs: CTEST_OUTPUT_ON_FAILURE: True steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/test-operator-codegen.yml b/.github/workflows/test-operator-codegen.yml index c8064bfe9..f51256dcf 100644 --- a/.github/workflows/test-operator-codegen.yml +++ b/.github/workflows/test-operator-codegen.yml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/test-tfsec.yml b/.github/workflows/test-tfsec.yml index 1818ec5c7..9df868021 100644 --- a/.github/workflows/test-tfsec.yml +++ b/.github/workflows/test-tfsec.yml @@ -23,7 +23,7 @@ jobs: pull-requests: write steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/test-tidy.yml b/.github/workflows/test-tidy.yml index a725abf26..34c0ab0ff 100644 --- a/.github/workflows/test-tidy.yml +++ b/.github/workflows/test-tidy.yml @@ -17,7 +17,7 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} # No token available for forks, so we can't push changes diff --git a/.github/workflows/test-unittest.yml b/.github/workflows/test-unittest.yml index c3bb14c04..1c36cee42 100644 --- a/.github/workflows/test-unittest.yml +++ b/.github/workflows/test-unittest.yml @@ -30,7 +30,7 @@ jobs: pull-requests: write steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} fetch-depth: 0 diff --git a/.github/workflows/update-rpms.yml b/.github/workflows/update-rpms.yml index ef8a42a55..11bca85dc 100644 --- a/.github/workflows/update-rpms.yml +++ b/.github/workflows/update-rpms.yml @@ -13,7 +13,7 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Assume AWS role to upload Bazel dependencies to S3 uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 diff --git a/.github/workflows/versionsapi.yml b/.github/workflows/versionsapi.yml index 4d193bf0a..69731f7ef 100644 --- a/.github/workflows/versionsapi.yml +++ b/.github/workflows/versionsapi.yml @@ -115,7 +115,7 @@ jobs: steps: - name: Check out repository id: checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} From 32a8d8ffca04168c3e33c60d6c41d595de544585 Mon Sep 17 00:00:00 2001 From: Malte Poll <1780588+malt3@users.noreply.github.com> Date: Fri, 24 May 2024 10:00:41 +0200 Subject: [PATCH 027/380] bazel: upgrade rules_go to 0.48.0 --- MODULE.bazel | 11 +-------- MODULE.bazel.lock | 59 +++++++++++++++++++++++++++++------------------ go.mod | 2 +- go.sum | 4 ++-- 4 files changed, 40 insertions(+), 36 deletions(-) diff --git a/MODULE.bazel b/MODULE.bazel index 388950354..c8a28c800 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -5,7 +5,7 @@ bazel_dep(name = "bazel_skylib", version = "1.6.1") bazel_dep(name = "gazelle", version = "0.36.0") bazel_dep(name = "hermetic_cc_toolchain", version = "3.1.0") bazel_dep(name = "rules_cc", version = "0.0.9") -bazel_dep(name = "rules_go", version = "0.47.1", repo_name = "io_bazel_rules_go") +bazel_dep(name = "rules_go", version = "0.48.0", repo_name = "io_bazel_rules_go") bazel_dep(name = "rules_pkg", version = "0.10.1") bazel_dep(name = "rules_proto", version = "6.0.0") bazel_dep(name = "rules_python", version = "0.32.2") @@ -20,15 +20,6 @@ git_override( remote = "https://github.com/bazelbuild/bazel-gazelle", ) -# replace go with a pre-release version -# move timeout handling back to bzltestutil -# remove after https://github.com/bazelbuild/rules_go/pull/3939 is merged -git_override( - module_name = "rules_go", - commit = "cc911bfec4f52d93d1c47cc92a3bc03ec8f9cb33", - remote = "https://github.com/bazelbuild/rules_go", -) - go_sdk = use_extension("@io_bazel_rules_go//go:extensions.bzl", "go_sdk") go_sdk.download( name = "go_sdk", diff --git a/MODULE.bazel.lock b/MODULE.bazel.lock index c16b5b1e0..d1c3a7da7 100644 --- a/MODULE.bazel.lock +++ b/MODULE.bazel.lock @@ -1,6 +1,6 @@ { "lockFileVersion": 6, - "moduleFileHash": "f5aabeaa86601f89a9e222914be7b7bef4cef74d7352d4d82650140637278493", + "moduleFileHash": "1434155b8f89da6ec56086071a305bf426ed01c58cfd80be5a47044b524ab9a2", "flags": { "cmdRegistries": [ "https://bcr.bazel.build/" @@ -30,7 +30,7 @@ "usingModule": "", "location": { "file": "@@//:MODULE.bazel", - "line": 32, + "line": 23, "column": 23 }, "imports": {}, @@ -48,7 +48,7 @@ "devDependency": false, "location": { "file": "@@//:MODULE.bazel", - "line": 33, + "line": 24, "column": 16 } } @@ -62,7 +62,7 @@ "usingModule": "", "location": { "file": "@@//:MODULE.bazel", - "line": 41, + "line": 32, "column": 24 }, "imports": { @@ -193,7 +193,7 @@ "devDependency": false, "location": { "file": "@@//:MODULE.bazel", - "line": 42, + "line": 33, "column": 18 } }, @@ -208,7 +208,7 @@ "devDependency": false, "location": { "file": "@@//:MODULE.bazel", - "line": 170, + "line": 161, "column": 29 } }, @@ -223,7 +223,7 @@ "devDependency": false, "location": { "file": "@@//:MODULE.bazel", - "line": 170, + "line": 161, "column": 29 } }, @@ -238,7 +238,7 @@ "devDependency": false, "location": { "file": "@@//:MODULE.bazel", - "line": 170, + "line": 161, "column": 29 } }, @@ -253,7 +253,7 @@ "devDependency": false, "location": { "file": "@@//:MODULE.bazel", - "line": 179, + "line": 170, "column": 24 } }, @@ -268,7 +268,7 @@ "devDependency": false, "location": { "file": "@@//:MODULE.bazel", - "line": 185, + "line": 176, "column": 24 } }, @@ -286,7 +286,7 @@ "devDependency": false, "location": { "file": "@@//:MODULE.bazel", - "line": 191, + "line": 182, "column": 24 } }, @@ -303,7 +303,7 @@ "devDependency": false, "location": { "file": "@@//:MODULE.bazel", - "line": 200, + "line": 191, "column": 24 } } @@ -318,7 +318,7 @@ "gazelle": "gazelle@_", "hermetic_cc_toolchain": "hermetic_cc_toolchain@3.1.0", "rules_cc": "rules_cc@0.0.9", - "io_bazel_rules_go": "rules_go@_", + "io_bazel_rules_go": "rules_go@0.48.0", "rules_pkg": "rules_pkg@0.10.1", "rules_proto": "rules_proto@6.0.0", "rules_python": "rules_python@0.32.2", @@ -620,7 +620,7 @@ "bazel_features": "bazel_features@1.9.1", "bazel_skylib": "bazel_skylib@1.6.1", "com_google_protobuf": "protobuf@21.7", - "io_bazel_rules_go": "rules_go@_", + "io_bazel_rules_go": "rules_go@0.48.0", "rules_proto": "rules_proto@6.0.0", "bazel_tools": "bazel_tools@_", "local_config_platform": "local_config_platform@_" @@ -731,10 +731,10 @@ } } }, - "rules_go@_": { + "rules_go@0.48.0": { "name": "rules_go", - "version": "0.47.1", - "key": "rules_go@_", + "version": "0.48.0", + "key": "rules_go@0.48.0", "repoName": "io_bazel_rules_go", "executionPlatformsToRegister": [], "toolchainsToRegister": [ @@ -744,9 +744,9 @@ { "extensionBzlFile": "@io_bazel_rules_go//go:extensions.bzl", "extensionName": "go_sdk", - "usingModule": "rules_go@_", + "usingModule": "rules_go@0.48.0", "location": { - "file": "@@rules_go~//:MODULE.bazel", + "file": "https://bcr.bazel.build/modules/rules_go/0.48.0/MODULE.bazel", "line": 16, "column": 23 }, @@ -764,7 +764,7 @@ }, "devDependency": false, "location": { - "file": "@@rules_go~//:MODULE.bazel", + "file": "https://bcr.bazel.build/modules/rules_go/0.48.0/MODULE.bazel", "line": 17, "column": 16 } @@ -776,9 +776,9 @@ { "extensionBzlFile": "@gazelle//:extensions.bzl", "extensionName": "go_deps", - "usingModule": "rules_go@_", + "usingModule": "rules_go@0.48.0", "location": { - "file": "@@rules_go~//:MODULE.bazel", + "file": "https://bcr.bazel.build/modules/rules_go/0.48.0/MODULE.bazel", "line": 32, "column": 24 }, @@ -803,7 +803,7 @@ }, "devDependency": false, "location": { - "file": "@@rules_go~//:MODULE.bazel", + "file": "https://bcr.bazel.build/modules/rules_go/0.48.0/MODULE.bazel", "line": 33, "column": 18 } @@ -822,6 +822,19 @@ "gazelle": "gazelle@_", "bazel_tools": "bazel_tools@_", "local_config_platform": "local_config_platform@_" + }, + "repoSpec": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "urls": [ + "https://github.com/bazelbuild/rules_go/releases/download/v0.48.0/rules_go-v0.48.0.zip" + ], + "integrity": "sha256-M6zErg9wUC20uJPJ/B3Xqb+ZjCPn/yxFF3QdQEmpdvg=", + "strip_prefix": "", + "remote_patches": {}, + "remote_patch_strip": 0 + } } }, "rules_pkg@0.10.1": { diff --git a/go.mod b/go.mod index 22a04cf78..4e57c8910 100644 --- a/go.mod +++ b/go.mod @@ -68,7 +68,7 @@ require ( github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.7 github.com/aws/smithy-go v1.20.2 github.com/bazelbuild/buildtools v0.0.0-20240422193413-1429e15ae755 - github.com/bazelbuild/rules_go v0.47.1 + github.com/bazelbuild/rules_go v0.48.0 github.com/coreos/go-systemd/v22 v22.5.0 github.com/docker/docker v26.1.2+incompatible github.com/edgelesssys/go-azguestattestation v0.0.0-20240513062303-05f8770a633d diff --git a/go.sum b/go.sum index 4807f7721..70e2e754c 100644 --- a/go.sum +++ b/go.sum @@ -171,8 +171,8 @@ github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q= github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= github.com/bazelbuild/buildtools v0.0.0-20240422193413-1429e15ae755 h1:hqhMmuZiSNwCWVHqnpr4DZfIeZ2/aJF7fs207eg7HZo= github.com/bazelbuild/buildtools v0.0.0-20240422193413-1429e15ae755/go.mod h1:689QdV3hBP7Vo9dJMmzhoYIyo/9iMhEmHkJcnaPRCbo= -github.com/bazelbuild/rules_go v0.47.1 h1:9s9FA2l8IAxCbwV97E1WLu5ai21muLNrjZRV0+agTRs= -github.com/bazelbuild/rules_go v0.47.1/go.mod h1:Dhcz716Kqg1RHNWos+N6MlXNkjNP2EwZQ0LukRKJfMs= +github.com/bazelbuild/rules_go v0.48.0 h1:fZgo6mCUKeL/+GQiMWy5/QU1FjNXGPnTd5bAeao1pbg= +github.com/bazelbuild/rules_go v0.48.0/go.mod h1:Dhcz716Kqg1RHNWos+N6MlXNkjNP2EwZQ0LukRKJfMs= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= From f1794eb97db5ad4a0a666c0cf6a7389de8c592de Mon Sep 17 00:00:00 2001 From: Malte Poll <1780588+malt3@users.noreply.github.com> Date: Fri, 24 May 2024 10:38:25 +0200 Subject: [PATCH 028/380] bazel: upgrade aspect_bazel_lib to 2.7.6 --- MODULE.bazel | 2 +- MODULE.bazel.lock | 44 ++++++++++++++++++++++---------------------- 2 files changed, 23 insertions(+), 23 deletions(-) diff --git a/MODULE.bazel b/MODULE.bazel index c8a28c800..afba1caaf 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -1,6 +1,6 @@ module(name = "constellation") -bazel_dep(name = "aspect_bazel_lib", version = "2.7.3") +bazel_dep(name = "aspect_bazel_lib", version = "2.7.6") bazel_dep(name = "bazel_skylib", version = "1.6.1") bazel_dep(name = "gazelle", version = "0.36.0") bazel_dep(name = "hermetic_cc_toolchain", version = "3.1.0") diff --git a/MODULE.bazel.lock b/MODULE.bazel.lock index d1c3a7da7..1724972d5 100644 --- a/MODULE.bazel.lock +++ b/MODULE.bazel.lock @@ -1,6 +1,6 @@ { "lockFileVersion": 6, - "moduleFileHash": "1434155b8f89da6ec56086071a305bf426ed01c58cfd80be5a47044b524ab9a2", + "moduleFileHash": "6c190d5e08bf4f53bcf663b0db5ed0cf62c54ee822095bbd715a0cb626bc00d0", "flags": { "cmdRegistries": [ "https://bcr.bazel.build/" @@ -313,7 +313,7 @@ } ], "deps": { - "aspect_bazel_lib": "aspect_bazel_lib@2.7.3", + "aspect_bazel_lib": "aspect_bazel_lib@2.7.6", "bazel_skylib": "bazel_skylib@1.6.1", "gazelle": "gazelle@_", "hermetic_cc_toolchain": "hermetic_cc_toolchain@3.1.0", @@ -327,10 +327,10 @@ "local_config_platform": "local_config_platform@_" } }, - "aspect_bazel_lib@2.7.3": { + "aspect_bazel_lib@2.7.6": { "name": "aspect_bazel_lib", - "version": "2.7.3", - "key": "aspect_bazel_lib@2.7.3", + "version": "2.7.6", + "key": "aspect_bazel_lib@2.7.6", "repoName": "aspect_bazel_lib", "executionPlatformsToRegister": [], "toolchainsToRegister": [ @@ -348,9 +348,9 @@ { "extensionBzlFile": "@aspect_bazel_lib//lib:extensions.bzl", "extensionName": "toolchains", - "usingModule": "aspect_bazel_lib@2.7.3", + "usingModule": "aspect_bazel_lib@2.7.6", "location": { - "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.3/MODULE.bazel", + "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.6/MODULE.bazel", "line": 17, "column": 37 }, @@ -372,7 +372,7 @@ "attributeValues": {}, "devDependency": false, "location": { - "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.3/MODULE.bazel", + "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.6/MODULE.bazel", "line": 18, "column": 36 } @@ -382,7 +382,7 @@ "attributeValues": {}, "devDependency": false, "location": { - "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.3/MODULE.bazel", + "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.6/MODULE.bazel", "line": 19, "column": 39 } @@ -392,7 +392,7 @@ "attributeValues": {}, "devDependency": false, "location": { - "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.3/MODULE.bazel", + "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.6/MODULE.bazel", "line": 20, "column": 24 } @@ -402,7 +402,7 @@ "attributeValues": {}, "devDependency": false, "location": { - "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.3/MODULE.bazel", + "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.6/MODULE.bazel", "line": 21, "column": 24 } @@ -412,7 +412,7 @@ "attributeValues": {}, "devDependency": false, "location": { - "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.3/MODULE.bazel", + "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.6/MODULE.bazel", "line": 22, "column": 31 } @@ -422,7 +422,7 @@ "attributeValues": {}, "devDependency": false, "location": { - "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.3/MODULE.bazel", + "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.6/MODULE.bazel", "line": 23, "column": 25 } @@ -432,7 +432,7 @@ "attributeValues": {}, "devDependency": false, "location": { - "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.3/MODULE.bazel", + "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.6/MODULE.bazel", "line": 24, "column": 26 } @@ -442,7 +442,7 @@ "attributeValues": {}, "devDependency": false, "location": { - "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.3/MODULE.bazel", + "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.6/MODULE.bazel", "line": 25, "column": 37 } @@ -452,7 +452,7 @@ "attributeValues": {}, "devDependency": false, "location": { - "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.3/MODULE.bazel", + "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.6/MODULE.bazel", "line": 26, "column": 26 } @@ -474,13 +474,13 @@ "ruleClassName": "http_archive", "attributes": { "urls": [ - "https://github.com/aspect-build/bazel-lib/releases/download/v2.7.3/bazel-lib-v2.7.3.tar.gz" + "https://github.com/aspect-build/bazel-lib/releases/download/v2.7.6/bazel-lib-v2.7.6.tar.gz" ], - "integrity": "sha256-h6tOxHnr6wDShiZqyiBoyu7xuwsXZej3HHts/uavQiY=", - "strip_prefix": "bazel-lib-2.7.3", + "integrity": "sha256-tZeBk59AyL8Uj0pxvQbjAn4V5A6YFD6laIuDUx7IUo8=", + "strip_prefix": "bazel-lib-2.7.6", "remote_patches": { - "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.3/patches/go_dev_dep.patch": "sha256-KgABwDzOT+DugUHn9tHLOz05osnk2FLsS10d5zqG/M0=", - "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.3/patches/module_dot_bazel_version.patch": "sha256-GeLYuH+8gdY7Oj0F8cKIZBbav1gRNSwY72SzFIQymw8=" + "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.6/patches/go_dev_dep.patch": "sha256-DTc/hk+etl4D50M0BLRik2vHbrgDb6rds+Dj4xphWb4=", + "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.6/patches/module_dot_bazel_version.patch": "sha256-tU9ga2FHxBhCR9DvRg5MxObWUhY+8hme2kGvuyZ5OGE=" }, "remote_patch_strip": 1 } @@ -1929,7 +1929,7 @@ }, "@@aspect_bazel_lib~//lib:extensions.bzl%toolchains": { "general": { - "bzlTransitiveDigest": "agEDrzWPQxlinO3X7YGF4vbOAfJ2gnS/f1YDWUgdIL0=", + "bzlTransitiveDigest": "Xw5p+bSGmwxO477b+3UwwJLXs0pENmU+IqymrWWEg3Q=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, From 37e46b98c2b54400fc85825291b805563ec3ad06 Mon Sep 17 00:00:00 2001 From: Malte Poll <1780588+malt3@users.noreply.github.com> Date: Fri, 24 May 2024 10:38:39 +0200 Subject: [PATCH 029/380] bazel: removed unused WORKSPACE dependency --- bazel/toolchains/buildifier_deps.bzl | 15 --------------- 1 file changed, 15 deletions(-) delete mode 100644 bazel/toolchains/buildifier_deps.bzl diff --git a/bazel/toolchains/buildifier_deps.bzl b/bazel/toolchains/buildifier_deps.bzl deleted file mode 100644 index 97ffccd6a..000000000 --- a/bazel/toolchains/buildifier_deps.bzl +++ /dev/null @@ -1,15 +0,0 @@ -"""buildifier repository rules""" - -load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") - -def buildifier_deps(): - http_archive( - name = "com_github_bazelbuild_buildtools", - strip_prefix = "buildtools-7.1.1", - urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/60a9025072ae237f325d0e7b661e1685f34922c29883888c2d06f5789462b939", - "https://github.com/bazelbuild/buildtools/archive/refs/tags/v7.1.1.tar.gz", - ], - type = "tar.gz", - sha256 = "60a9025072ae237f325d0e7b661e1685f34922c29883888c2d06f5789462b939", - ) From 21c30ebb760490fd9980a186bbcf05e43eaadc1b Mon Sep 17 00:00:00 2001 From: 3u13r Date: Fri, 24 May 2024 15:14:16 +0200 Subject: [PATCH 030/380] metadata-api: support dnsmasq (#3115) --- hack/qemu-metadata-api/BUILD.bazel | 3 +- hack/qemu-metadata-api/dhcp/BUILD.bazel | 8 ++ .../virtwrapper.go => dhcp/dhcp.go} | 4 +- .../dhcp/dnsmasq/BUILD.bazel | 24 ++++ .../qemu-metadata-api/dhcp/dnsmasq/dnsmasq.go | 56 +++++++++ .../dhcp/dnsmasq/dnsmasq_test.go | 40 +++++++ .../{ => dhcp}/virtwrapper/BUILD.bazel | 7 +- .../dhcp/virtwrapper/virtwrapper.go | 7 ++ .../dhcp/virtwrapper/virtwrapper_cgo.go | 60 ++++++++++ .../dhcp/virtwrapper/virtwrapper_cross.go | 24 ++++ hack/qemu-metadata-api/main.go | 25 +++-- hack/qemu-metadata-api/server/BUILD.bazel | 11 +- hack/qemu-metadata-api/server/server.go | 31 ++--- .../server/server_cgo_test.go | 41 ------- .../server/server_cross_test.go | 31 ----- hack/qemu-metadata-api/server/server_test.go | 106 ++++++++---------- .../virtwrapper/virtwrapper_cgo.go | 56 --------- .../virtwrapper/virtwrapper_cross.go | 40 ------- 18 files changed, 304 insertions(+), 270 deletions(-) create mode 100644 hack/qemu-metadata-api/dhcp/BUILD.bazel rename hack/qemu-metadata-api/{virtwrapper/virtwrapper.go => dhcp/dhcp.go} (67%) create mode 100644 hack/qemu-metadata-api/dhcp/dnsmasq/BUILD.bazel create mode 100644 hack/qemu-metadata-api/dhcp/dnsmasq/dnsmasq.go create mode 100644 hack/qemu-metadata-api/dhcp/dnsmasq/dnsmasq_test.go rename hack/qemu-metadata-api/{ => dhcp}/virtwrapper/BUILD.bazel (68%) create mode 100644 hack/qemu-metadata-api/dhcp/virtwrapper/virtwrapper.go create mode 100644 hack/qemu-metadata-api/dhcp/virtwrapper/virtwrapper_cgo.go create mode 100644 hack/qemu-metadata-api/dhcp/virtwrapper/virtwrapper_cross.go delete mode 100644 hack/qemu-metadata-api/server/server_cgo_test.go delete mode 100644 hack/qemu-metadata-api/server/server_cross_test.go delete mode 100644 hack/qemu-metadata-api/virtwrapper/virtwrapper_cgo.go delete mode 100644 hack/qemu-metadata-api/virtwrapper/virtwrapper_cross.go diff --git a/hack/qemu-metadata-api/BUILD.bazel b/hack/qemu-metadata-api/BUILD.bazel index 67811771c..2cfbeb83a 100644 --- a/hack/qemu-metadata-api/BUILD.bazel +++ b/hack/qemu-metadata-api/BUILD.bazel @@ -13,8 +13,9 @@ go_library( importpath = "github.com/edgelesssys/constellation/v2/hack/qemu-metadata-api", visibility = ["//visibility:private"], deps = [ + "//hack/qemu-metadata-api/dhcp/dnsmasq", + "//hack/qemu-metadata-api/dhcp/virtwrapper", "//hack/qemu-metadata-api/server", - "//hack/qemu-metadata-api/virtwrapper", "//internal/logger", "@org_libvirt_go_libvirt//:libvirt", ], diff --git a/hack/qemu-metadata-api/dhcp/BUILD.bazel b/hack/qemu-metadata-api/dhcp/BUILD.bazel new file mode 100644 index 000000000..21ba5404c --- /dev/null +++ b/hack/qemu-metadata-api/dhcp/BUILD.bazel @@ -0,0 +1,8 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") + +go_library( + name = "dhcp", + srcs = ["dhcp.go"], + importpath = "github.com/edgelesssys/constellation/v2/hack/qemu-metadata-api/dhcp", + visibility = ["//visibility:public"], +) diff --git a/hack/qemu-metadata-api/virtwrapper/virtwrapper.go b/hack/qemu-metadata-api/dhcp/dhcp.go similarity index 67% rename from hack/qemu-metadata-api/virtwrapper/virtwrapper.go rename to hack/qemu-metadata-api/dhcp/dhcp.go index 4e5fb6732..6474b6666 100644 --- a/hack/qemu-metadata-api/virtwrapper/virtwrapper.go +++ b/hack/qemu-metadata-api/dhcp/dhcp.go @@ -4,9 +4,9 @@ Copyright (c) Edgeless Systems GmbH SPDX-License-Identifier: AGPL-3.0-only */ -package virtwrapper +package dhcp -// NetworkDHCPLease abstracts a libvirt DHCP lease. +// NetworkDHCPLease abstracts a DHCP lease. type NetworkDHCPLease struct { IPaddr string Hostname string diff --git a/hack/qemu-metadata-api/dhcp/dnsmasq/BUILD.bazel b/hack/qemu-metadata-api/dhcp/dnsmasq/BUILD.bazel new file mode 100644 index 000000000..ab5bbd249 --- /dev/null +++ b/hack/qemu-metadata-api/dhcp/dnsmasq/BUILD.bazel @@ -0,0 +1,24 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") +load("//bazel/go:go_test.bzl", "go_test") + +go_library( + name = "dnsmasq", + srcs = ["dnsmasq.go"], + importpath = "github.com/edgelesssys/constellation/v2/hack/qemu-metadata-api/dhcp/dnsmasq", + visibility = ["//visibility:public"], + deps = [ + "//hack/qemu-metadata-api/dhcp", + "@com_github_spf13_afero//:afero", + ], +) + +go_test( + name = "dnsmasq_test", + srcs = ["dnsmasq_test.go"], + embed = [":dnsmasq"], + deps = [ + "@com_github_spf13_afero//:afero", + "@com_github_stretchr_testify//assert", + "@com_github_stretchr_testify//require", + ], +) diff --git a/hack/qemu-metadata-api/dhcp/dnsmasq/dnsmasq.go b/hack/qemu-metadata-api/dhcp/dnsmasq/dnsmasq.go new file mode 100644 index 000000000..1e75e2abd --- /dev/null +++ b/hack/qemu-metadata-api/dhcp/dnsmasq/dnsmasq.go @@ -0,0 +1,56 @@ +/* +Copyright (c) Edgeless Systems GmbH + +SPDX-License-Identifier: AGPL-3.0-only +*/ + +package dnsmasq + +import ( + "bufio" + "strings" + + "github.com/edgelesssys/constellation/v2/hack/qemu-metadata-api/dhcp" + "github.com/spf13/afero" +) + +// DNSMasq is a DHCP lease getter for dnsmasq. +type DNSMasq struct { + leasesFileName string + fs *afero.Afero +} + +// New creates a new DNSMasq. +func New(leasesFileName string) *DNSMasq { + return &DNSMasq{ + leasesFileName: leasesFileName, + fs: &afero.Afero{Fs: afero.NewOsFs()}, + } +} + +// GetDHCPLeases returns the underlying DHCP leases. +func (d *DNSMasq) GetDHCPLeases() ([]dhcp.NetworkDHCPLease, error) { + file, err := d.fs.Open(d.leasesFileName) + if err != nil { + return nil, err + } + defer file.Close() + + // read file + var leases []dhcp.NetworkDHCPLease + scanner := bufio.NewScanner(file) + for scanner.Scan() { + line := scanner.Text() + // split by whitespace + fields := strings.Fields(line) + leases = append(leases, dhcp.NetworkDHCPLease{ + IPaddr: fields[2], + Hostname: fields[3], + }) + } + if err := scanner.Err(); err != nil { + return nil, err + } + + return leases, nil +} diff --git a/hack/qemu-metadata-api/dhcp/dnsmasq/dnsmasq_test.go b/hack/qemu-metadata-api/dhcp/dnsmasq/dnsmasq_test.go new file mode 100644 index 000000000..66a4483cd --- /dev/null +++ b/hack/qemu-metadata-api/dhcp/dnsmasq/dnsmasq_test.go @@ -0,0 +1,40 @@ +/* +Copyright (c) Edgeless Systems GmbH + +SPDX-License-Identifier: AGPL-3.0-only +*/ + +package dnsmasq + +import ( + "testing" + + "github.com/spf13/afero" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestGetDHCPLeases(t *testing.T) { + require := require.New(t) + assert := assert.New(t) + + fs := afero.NewMemMapFs() + leasesFileName := "dnsmasq.leases" + leasesFile, err := fs.Create(leasesFileName) + require.NoError(err) + _, err = leasesFile.WriteString("1716219737 52:54:af:a1:98:9f 10.42.2.1 worker0 ff:c2:72:f6:09:00:02:00:00:ab:11:18:fc:48:85:40:3f:bc:41\n") + require.NoError(err) + _, err = leasesFile.WriteString("1716219735 52:54:7f:8f:ba:91 10.42.1.1 controlplane0 ff:c2:72:f6:09:00:02:00:00:ab:11:21:7c:b5:14:ec:43:b7:43\n") + require.NoError(err) + leasesFile.Close() + + d := DNSMasq{leasesFileName: leasesFileName, fs: &afero.Afero{Fs: fs}} + leases, err := d.GetDHCPLeases() + require.NoError(err) + + assert.Len(leases, 2) + assert.Equal("10.42.2.1", leases[0].IPaddr) + assert.Equal("worker0", leases[0].Hostname) + assert.Equal("10.42.1.1", leases[1].IPaddr) + assert.Equal("controlplane0", leases[1].Hostname) +} diff --git a/hack/qemu-metadata-api/virtwrapper/BUILD.bazel b/hack/qemu-metadata-api/dhcp/virtwrapper/BUILD.bazel similarity index 68% rename from hack/qemu-metadata-api/virtwrapper/BUILD.bazel rename to hack/qemu-metadata-api/dhcp/virtwrapper/BUILD.bazel index c1ad3b7c9..762c0b301 100644 --- a/hack/qemu-metadata-api/virtwrapper/BUILD.bazel +++ b/hack/qemu-metadata-api/dhcp/virtwrapper/BUILD.bazel @@ -7,7 +7,10 @@ go_library( "virtwrapper_cgo.go", "virtwrapper_cross.go", ], - importpath = "github.com/edgelesssys/constellation/v2/hack/qemu-metadata-api/virtwrapper", + importpath = "github.com/edgelesssys/constellation/v2/hack/qemu-metadata-api/dhcp/virtwrapper", visibility = ["//visibility:public"], - deps = ["@org_libvirt_go_libvirt//:libvirt"], + deps = [ + "//hack/qemu-metadata-api/dhcp", + "@org_libvirt_go_libvirt//:libvirt", + ], ) diff --git a/hack/qemu-metadata-api/dhcp/virtwrapper/virtwrapper.go b/hack/qemu-metadata-api/dhcp/virtwrapper/virtwrapper.go new file mode 100644 index 000000000..fa77b81de --- /dev/null +++ b/hack/qemu-metadata-api/dhcp/virtwrapper/virtwrapper.go @@ -0,0 +1,7 @@ +/* +Copyright (c) Edgeless Systems GmbH + +SPDX-License-Identifier: AGPL-3.0-only +*/ + +package virtwrapper diff --git a/hack/qemu-metadata-api/dhcp/virtwrapper/virtwrapper_cgo.go b/hack/qemu-metadata-api/dhcp/virtwrapper/virtwrapper_cgo.go new file mode 100644 index 000000000..bacd3c81f --- /dev/null +++ b/hack/qemu-metadata-api/dhcp/virtwrapper/virtwrapper_cgo.go @@ -0,0 +1,60 @@ +//go:build cgo + +/* +Copyright (c) Edgeless Systems GmbH + +SPDX-License-Identifier: AGPL-3.0-only +*/ + +package virtwrapper + +import ( + "github.com/edgelesssys/constellation/v2/hack/qemu-metadata-api/dhcp" + + "libvirt.org/go/libvirt" +) + +// Connect wraps a libvirt connection. +type Connect struct { + conn *libvirt.Connect + networkName string +} + +// New creates a new libvirt Connct wrapper. +func New(conn *libvirt.Connect, networkName string) *Connect { + return &Connect{ + conn: conn, + networkName: networkName, + } +} + +// LookupNetworkByName looks up a network by name. +func (c *Connect) lookupNetworkByName(name string) (*libvirt.Network, error) { + net, err := c.conn.LookupNetworkByName(name) + if err != nil { + return nil, err + } + return net, nil +} + +// GetDHCPLeases returns the underlying DHCP leases. +func (c *Connect) GetDHCPLeases() ([]dhcp.NetworkDHCPLease, error) { + net, err := c.lookupNetworkByName(c.networkName) + if err != nil { + return nil, err + } + defer net.Free() + + leases, err := net.GetDHCPLeases() + if err != nil { + return nil, err + } + ret := make([]dhcp.NetworkDHCPLease, len(leases)) + for i, l := range leases { + ret[i] = dhcp.NetworkDHCPLease{ + IPaddr: l.IPaddr, + Hostname: l.Hostname, + } + } + return ret, nil +} diff --git a/hack/qemu-metadata-api/dhcp/virtwrapper/virtwrapper_cross.go b/hack/qemu-metadata-api/dhcp/virtwrapper/virtwrapper_cross.go new file mode 100644 index 000000000..58e12f0f7 --- /dev/null +++ b/hack/qemu-metadata-api/dhcp/virtwrapper/virtwrapper_cross.go @@ -0,0 +1,24 @@ +//go:build !cgo + +/* +Copyright (c) Edgeless Systems GmbH + +SPDX-License-Identifier: AGPL-3.0-only +*/ + +package virtwrapper + +import ( + "errors" + + "github.com/edgelesssys/constellation/v2/hack/qemu-metadata-api/dhcp" +) + +// Connect wraps a libvirt connection. +type Connect struct{} + +// GetDHCPLeases returns the underlying DHCP leases. +// This function errors if CGO is disabled. +func (n *Connect) GetDHCPLeases() ([]dhcp.NetworkDHCPLease, error) { + return nil, errors.New("using virtwrapper requires building with CGO") +} diff --git a/hack/qemu-metadata-api/main.go b/hack/qemu-metadata-api/main.go index dd5be683c..5169200b3 100644 --- a/hack/qemu-metadata-api/main.go +++ b/hack/qemu-metadata-api/main.go @@ -13,29 +13,38 @@ import ( "log/slog" "os" + "github.com/edgelesssys/constellation/v2/hack/qemu-metadata-api/dhcp/dnsmasq" + "github.com/edgelesssys/constellation/v2/hack/qemu-metadata-api/dhcp/virtwrapper" "github.com/edgelesssys/constellation/v2/hack/qemu-metadata-api/server" - "github.com/edgelesssys/constellation/v2/hack/qemu-metadata-api/virtwrapper" "github.com/edgelesssys/constellation/v2/internal/logger" "libvirt.org/go/libvirt" ) func main() { bindPort := flag.String("port", "8080", "Port to bind to") - targetNetwork := flag.String("network", "constellation-network", "Name of the network in QEMU to use") + targetNetwork := flag.String("network", "constellation-network", "Name of the network in libvirt") libvirtURI := flag.String("libvirt-uri", "qemu:///system", "URI of the libvirt connection") + leasesFileName := flag.String("dnsmasq-leases", "", "Path to the dnsmasq leases file") initSecretHash := flag.String("initsecrethash", "", "brcypt hash of the init secret") flag.Parse() log := logger.NewJSONLogger(slog.LevelInfo) - conn, err := libvirt.NewConnect(*libvirtURI) - if err != nil { - log.With(slog.Any("error", err)).Error("Failed to connect to libvirt") - os.Exit(1) + var leaseGetter server.LeaseGetter + if *leasesFileName == "" { + conn, err := libvirt.NewConnect(*libvirtURI) + if err != nil { + log.With(slog.Any("error", err)).Error("Failed to connect to libvirt") + os.Exit(1) + } + defer conn.Close() + leaseGetter = virtwrapper.New(conn, *targetNetwork) + } else { + log.Info("Using dnsmasq leases file") + leaseGetter = dnsmasq.New(*leasesFileName) } - defer conn.Close() - serv := server.New(log, *targetNetwork, *initSecretHash, &virtwrapper.Connect{Conn: conn}) + serv := server.New(log, *targetNetwork, *initSecretHash, leaseGetter) if err := serv.ListenAndServe(*bindPort); err != nil { log.With(slog.Any("error", err)).Error("Failed to serve") os.Exit(1) diff --git a/hack/qemu-metadata-api/server/BUILD.bazel b/hack/qemu-metadata-api/server/BUILD.bazel index 5def36c03..683ec416a 100644 --- a/hack/qemu-metadata-api/server/BUILD.bazel +++ b/hack/qemu-metadata-api/server/BUILD.bazel @@ -10,7 +10,7 @@ go_library( ], visibility = ["//visibility:public"], deps = [ - "//hack/qemu-metadata-api/virtwrapper", + "//hack/qemu-metadata-api/dhcp", "//internal/cloud/metadata", "//internal/role", ], @@ -18,22 +18,17 @@ go_library( go_test( name = "server_test", - srcs = [ - "server_cgo_test.go", - "server_cross_test.go", - "server_test.go", - ], + srcs = ["server_test.go"], embed = [":server"], # keep pure = "on", # keep race = "off", deps = [ - "//hack/qemu-metadata-api/virtwrapper", + "//hack/qemu-metadata-api/dhcp", "//internal/cloud/metadata", "//internal/logger", "@com_github_stretchr_testify//assert", "@com_github_stretchr_testify//require", - "@org_libvirt_go_libvirt//:libvirt", ], ) diff --git a/hack/qemu-metadata-api/server/server.go b/hack/qemu-metadata-api/server/server.go index 4f0cad9e9..2b3817247 100644 --- a/hack/qemu-metadata-api/server/server.go +++ b/hack/qemu-metadata-api/server/server.go @@ -14,7 +14,7 @@ import ( "net/http" "strings" - "github.com/edgelesssys/constellation/v2/hack/qemu-metadata-api/virtwrapper" + "github.com/edgelesssys/constellation/v2/hack/qemu-metadata-api/dhcp" "github.com/edgelesssys/constellation/v2/internal/cloud/metadata" "github.com/edgelesssys/constellation/v2/internal/role" ) @@ -22,16 +22,16 @@ import ( // Server that provides QEMU metadata. type Server struct { log *slog.Logger - virt virConnect + dhcpLeaseGetter LeaseGetter network string initSecretHashVal []byte } // New creates a new Server. -func New(log *slog.Logger, network, initSecretHash string, conn virConnect) *Server { +func New(log *slog.Logger, network, initSecretHash string, getter LeaseGetter) *Server { return &Server{ log: log, - virt: conn, + dhcpLeaseGetter: getter, network: network, initSecretHashVal: []byte(initSecretHash), } @@ -139,15 +139,7 @@ func (s *Server) getEndpoint(w http.ResponseWriter, r *http.Request) { log := s.log.With(slog.String("peer", r.RemoteAddr)) log.Info("Serving GET request for /endpoint") - net, err := s.virt.LookupNetworkByName(s.network) - if err != nil { - log.With(slog.Any("error", err)).Error("Failed to lookup network") - http.Error(w, err.Error(), http.StatusInternalServerError) - return - } - defer net.Free() - - leases, err := net.GetDHCPLeases() + leases, err := s.dhcpLeaseGetter.GetDHCPLeases() if err != nil { log.With(slog.Any("error", err)).Error("Failed to get DHCP leases") http.Error(w, err.Error(), http.StatusInternalServerError) @@ -172,13 +164,7 @@ func (s *Server) getEndpoint(w http.ResponseWriter, r *http.Request) { // listAll returns a list of all active peers. func (s *Server) listAll() ([]metadata.InstanceMetadata, error) { - net, err := s.virt.LookupNetworkByName(s.network) - if err != nil { - return nil, err - } - defer net.Free() - - leases, err := net.GetDHCPLeases() + leases, err := s.dhcpLeaseGetter.GetDHCPLeases() if err != nil { return nil, err } @@ -201,6 +187,7 @@ func (s *Server) listAll() ([]metadata.InstanceMetadata, error) { return peers, nil } -type virConnect interface { - LookupNetworkByName(name string) (*virtwrapper.Network, error) +// LeaseGetter is an interface for getting DHCP leases. +type LeaseGetter interface { + GetDHCPLeases() ([]dhcp.NetworkDHCPLease, error) } diff --git a/hack/qemu-metadata-api/server/server_cgo_test.go b/hack/qemu-metadata-api/server/server_cgo_test.go deleted file mode 100644 index 59c569535..000000000 --- a/hack/qemu-metadata-api/server/server_cgo_test.go +++ /dev/null @@ -1,41 +0,0 @@ -//go:build cgo - -/* -Copyright (c) Edgeless Systems GmbH - -SPDX-License-Identifier: AGPL-3.0-only -*/ - -package server - -import ( - "github.com/edgelesssys/constellation/v2/hack/qemu-metadata-api/virtwrapper" - "libvirt.org/go/libvirt" -) - -type stubNetwork struct { - leases []libvirt.NetworkDHCPLease - getLeaseErr error -} - -func newStubNetwork(leases []virtwrapper.NetworkDHCPLease, getLeaseErr error) stubNetwork { - libvirtLeases := make([]libvirt.NetworkDHCPLease, len(leases)) - for i, l := range leases { - libvirtLeases[i] = libvirt.NetworkDHCPLease{ - IPaddr: l.IPaddr, - Hostname: l.Hostname, - } - } - return stubNetwork{ - leases: libvirtLeases, - getLeaseErr: getLeaseErr, - } -} - -func (n stubNetwork) GetDHCPLeases() ([]libvirt.NetworkDHCPLease, error) { - return n.leases, n.getLeaseErr -} - -func (n stubNetwork) Free() error { - return nil -} diff --git a/hack/qemu-metadata-api/server/server_cross_test.go b/hack/qemu-metadata-api/server/server_cross_test.go deleted file mode 100644 index 3f4488b26..000000000 --- a/hack/qemu-metadata-api/server/server_cross_test.go +++ /dev/null @@ -1,31 +0,0 @@ -//go:build !cgo - -/* -Copyright (c) Edgeless Systems GmbH - -SPDX-License-Identifier: AGPL-3.0-only -*/ - -package server - -import "github.com/edgelesssys/constellation/v2/hack/qemu-metadata-api/virtwrapper" - -type stubNetwork struct { - leases []virtwrapper.NetworkDHCPLease - getLeaseErr error -} - -func newStubNetwork(leases []virtwrapper.NetworkDHCPLease, getLeaseErr error) stubNetwork { - return stubNetwork{ - leases: leases, - getLeaseErr: getLeaseErr, - } -} - -func (n stubNetwork) GetDHCPLeases() ([]virtwrapper.NetworkDHCPLease, error) { - return n.leases, n.getLeaseErr -} - -func (n stubNetwork) Free() error { - return nil -} diff --git a/hack/qemu-metadata-api/server/server_test.go b/hack/qemu-metadata-api/server/server_test.go index 3b04d214d..363cb3ed2 100644 --- a/hack/qemu-metadata-api/server/server_test.go +++ b/hack/qemu-metadata-api/server/server_test.go @@ -9,13 +9,12 @@ package server import ( "context" "encoding/json" - "errors" "io" "net/http" "net/http/httptest" "testing" - "github.com/edgelesssys/constellation/v2/hack/qemu-metadata-api/virtwrapper" + "github.com/edgelesssys/constellation/v2/hack/qemu-metadata-api/dhcp" "github.com/edgelesssys/constellation/v2/internal/cloud/metadata" "github.com/edgelesssys/constellation/v2/internal/logger" "github.com/stretchr/testify/assert" @@ -23,15 +22,13 @@ import ( ) func TestListAll(t *testing.T) { - someErr := errors.New("error") - testCases := map[string]struct { - wantErr bool - connect *stubConnect + wantErr bool + stubLeaseGetter *stubLeaseGetter }{ "success": { - connect: &stubConnect{ - network: newStubNetwork([]virtwrapper.NetworkDHCPLease{ + stubLeaseGetter: &stubLeaseGetter{ + leases: []dhcp.NetworkDHCPLease{ { IPaddr: "192.0.100.1", Hostname: "control-plane-0", @@ -44,20 +41,12 @@ func TestListAll(t *testing.T) { IPaddr: "192.0.200.1", Hostname: "worker-0", }, - }, nil), + }, }, }, - "LookupNetworkByName error": { - connect: &stubConnect{ - getNetworkErr: someErr, - }, - wantErr: true, - }, "GetDHCPLeases error": { - connect: &stubConnect{ - network: stubNetwork{ - getLeaseErr: someErr, - }, + stubLeaseGetter: &stubLeaseGetter{ + getErr: assert.AnError, }, wantErr: true, }, @@ -67,7 +56,7 @@ func TestListAll(t *testing.T) { t.Run(name, func(t *testing.T) { assert := assert.New(t) - server := New(logger.NewTest(t), "test", "initSecretHash", tc.connect) + server := New(logger.NewTest(t), "test", "initSecretHash", tc.stubLeaseGetter) res, err := server.listAll() @@ -76,58 +65,56 @@ func TestListAll(t *testing.T) { return } assert.NoError(err) - assert.Len(tc.connect.network.leases, len(res)) + assert.Len(tc.stubLeaseGetter.leases, len(res)) }) } } func TestListSelf(t *testing.T) { - someErr := errors.New("error") - testCases := map[string]struct { - remoteAddr string - connect *stubConnect - wantErr bool + remoteAddr string + stubLeaseGetter *stubLeaseGetter + wantErr bool }{ "success": { remoteAddr: "192.0.100.1:1234", - connect: &stubConnect{ - network: newStubNetwork([]virtwrapper.NetworkDHCPLease{ + stubLeaseGetter: &stubLeaseGetter{ + leases: []dhcp.NetworkDHCPLease{ { IPaddr: "192.0.100.1", Hostname: "control-plane-0", }, - }, nil), + }, }, }, "listAll error": { remoteAddr: "192.0.100.1:1234", - connect: &stubConnect{ - getNetworkErr: someErr, + stubLeaseGetter: &stubLeaseGetter{ + getErr: assert.AnError, }, wantErr: true, }, "remoteAddr error": { remoteAddr: "", - connect: &stubConnect{ - network: newStubNetwork([]virtwrapper.NetworkDHCPLease{ + stubLeaseGetter: &stubLeaseGetter{ + leases: []dhcp.NetworkDHCPLease{ { IPaddr: "192.0.100.1", Hostname: "control-plane-0", }, - }, nil), + }, }, wantErr: true, }, "peer not found": { remoteAddr: "192.0.200.1:1234", - connect: &stubConnect{ - network: newStubNetwork([]virtwrapper.NetworkDHCPLease{ + stubLeaseGetter: &stubLeaseGetter{ + leases: []dhcp.NetworkDHCPLease{ { IPaddr: "192.0.100.1", Hostname: "control-plane-0", }, - }, nil), + }, }, wantErr: true, }, @@ -138,7 +125,7 @@ func TestListSelf(t *testing.T) { assert := assert.New(t) require := require.New(t) - server := New(logger.NewTest(t), "test", "initSecretHash", tc.connect) + server := New(logger.NewTest(t), "test", "initSecretHash", tc.stubLeaseGetter) req, err := http.NewRequestWithContext(context.Background(), http.MethodGet, "http://192.0.0.1/self", nil) require.NoError(err) @@ -157,22 +144,22 @@ func TestListSelf(t *testing.T) { var metadata metadata.InstanceMetadata require.NoError(json.Unmarshal(metadataRaw, &metadata)) - assert.Equal(tc.connect.network.leases[0].Hostname, metadata.Name) - assert.Equal(tc.connect.network.leases[0].IPaddr, metadata.VPCIP) + assert.Equal(tc.stubLeaseGetter.leases[0].Hostname, metadata.Name) + assert.Equal(tc.stubLeaseGetter.leases[0].IPaddr, metadata.VPCIP) }) } } func TestListPeers(t *testing.T) { testCases := map[string]struct { - remoteAddr string - connect *stubConnect - wantErr bool + remoteAddr string + stubNetworkGetter *stubLeaseGetter + wantErr bool }{ "success": { remoteAddr: "192.0.100.1:1234", - connect: &stubConnect{ - network: newStubNetwork([]virtwrapper.NetworkDHCPLease{ + stubNetworkGetter: &stubLeaseGetter{ + leases: []dhcp.NetworkDHCPLease{ { IPaddr: "192.0.100.1", Hostname: "control-plane-0", @@ -181,13 +168,13 @@ func TestListPeers(t *testing.T) { IPaddr: "192.0.200.1", Hostname: "worker-0", }, - }, nil), + }, }, }, "listAll error": { remoteAddr: "192.0.100.1:1234", - connect: &stubConnect{ - getNetworkErr: errors.New("error"), + stubNetworkGetter: &stubLeaseGetter{ + getErr: assert.AnError, }, wantErr: true, }, @@ -198,7 +185,7 @@ func TestListPeers(t *testing.T) { assert := assert.New(t) require := require.New(t) - server := New(logger.NewTest(t), "test", "initSecretHash", tc.connect) + server := New(logger.NewTest(t), "test", "initSecretHash", tc.stubNetworkGetter) req, err := http.NewRequestWithContext(context.Background(), http.MethodGet, "http://192.0.0.1/peers", nil) require.NoError(err) @@ -217,22 +204,23 @@ func TestListPeers(t *testing.T) { var metadata []metadata.InstanceMetadata require.NoError(json.Unmarshal(metadataRaw, &metadata)) - assert.Len(metadata, len(tc.connect.network.leases)) + assert.Len(metadata, len(tc.stubNetworkGetter.leases)) }) } } func TestInitSecretHash(t *testing.T) { - defaultConnect := &stubConnect{ - network: newStubNetwork([]virtwrapper.NetworkDHCPLease{ + defaultConnect := &stubLeaseGetter{ + leases: []dhcp.NetworkDHCPLease{ { IPaddr: "192.0.100.1", Hostname: "control-plane-0", }, - }, nil), + }, } + testCases := map[string]struct { - connect *stubConnect + connect *stubLeaseGetter method string wantHash string wantErr bool @@ -272,11 +260,11 @@ func TestInitSecretHash(t *testing.T) { } } -type stubConnect struct { - network stubNetwork - getNetworkErr error +type stubLeaseGetter struct { + leases []dhcp.NetworkDHCPLease + getErr error } -func (c stubConnect) LookupNetworkByName(_ string) (*virtwrapper.Network, error) { - return &virtwrapper.Network{Net: c.network}, c.getNetworkErr +func (c stubLeaseGetter) GetDHCPLeases() ([]dhcp.NetworkDHCPLease, error) { + return c.leases, c.getErr } diff --git a/hack/qemu-metadata-api/virtwrapper/virtwrapper_cgo.go b/hack/qemu-metadata-api/virtwrapper/virtwrapper_cgo.go deleted file mode 100644 index cda0bed96..000000000 --- a/hack/qemu-metadata-api/virtwrapper/virtwrapper_cgo.go +++ /dev/null @@ -1,56 +0,0 @@ -//go:build cgo - -/* -Copyright (c) Edgeless Systems GmbH - -SPDX-License-Identifier: AGPL-3.0-only -*/ - -package virtwrapper - -import "libvirt.org/go/libvirt" - -// Connect wraps a libvirt connection. -type Connect struct { - Conn *libvirt.Connect -} - -// LookupNetworkByName looks up a network by name. -func (c *Connect) LookupNetworkByName(name string) (*Network, error) { - net, err := c.Conn.LookupNetworkByName(name) - if err != nil { - return nil, err - } - return &Network{Net: net}, nil -} - -// Network wraps a libvirt network. -type Network struct { - Net virNetwork -} - -// GetDHCPLeases returns the underlying DHCP leases. -func (n *Network) GetDHCPLeases() ([]NetworkDHCPLease, error) { - leases, err := n.Net.GetDHCPLeases() - if err != nil { - return nil, err - } - ret := make([]NetworkDHCPLease, len(leases)) - for i, l := range leases { - ret[i] = NetworkDHCPLease{ - IPaddr: l.IPaddr, - Hostname: l.Hostname, - } - } - return ret, nil -} - -// Free the network resource. -func (n *Network) Free() { - _ = n.Net.Free() -} - -type virNetwork interface { - GetDHCPLeases() ([]libvirt.NetworkDHCPLease, error) - Free() error -} diff --git a/hack/qemu-metadata-api/virtwrapper/virtwrapper_cross.go b/hack/qemu-metadata-api/virtwrapper/virtwrapper_cross.go deleted file mode 100644 index 2faa95961..000000000 --- a/hack/qemu-metadata-api/virtwrapper/virtwrapper_cross.go +++ /dev/null @@ -1,40 +0,0 @@ -//go:build !cgo - -/* -Copyright (c) Edgeless Systems GmbH - -SPDX-License-Identifier: AGPL-3.0-only -*/ - -package virtwrapper - -import "errors" - -// Connect wraps a libvirt connection. -type Connect struct{} - -// LookupNetworkByName looks up a network by name. -// This function errors if CGO is disabled. -func (c *Connect) LookupNetworkByName(_ string) (*Network, error) { - return nil, errors.New("using virtwrapper requires building with CGO") -} - -// Network wraps a libvirt network. -type Network struct { - Net Net -} - -// GetDHCPLeases returns the underlying DHCP leases. -// This function errors if CGO is disabled. -func (n *Network) GetDHCPLeases() ([]NetworkDHCPLease, error) { - return n.Net.GetDHCPLeases() -} - -// Free the network resource. -// This function does nothing if CGO is disabled. -func (n *Network) Free() {} - -// Net is a libvirt Network. -type Net interface { - GetDHCPLeases() ([]NetworkDHCPLease, error) -} From a2e417f5bbee0c6599f6ecc9cd9f484e55a19f7d Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Mon, 27 May 2024 08:15:52 +0200 Subject: [PATCH 031/380] image: update locked rpms (#3124) Co-authored-by: malt3 <1780588+malt3@users.noreply.github.com> --- image/mirror/SHA256SUMS | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/image/mirror/SHA256SUMS b/image/mirror/SHA256SUMS index 15c781465..cbda51d14 100644 --- a/image/mirror/SHA256SUMS +++ b/image/mirror/SHA256SUMS @@ -13,7 +13,7 @@ e61d6858790314f9d9ab539c5531d2b67ce763c9e5ac6c22dd76293fec12f3f5 ca-certificate 99d4976979c8b9d18c9d2d686de77882dc6a4e72ebfe358fb9a37a83f0ecdc90 catatonit-0.1.7-22.fc40.x86_64.rpm ef93475ea699c80bb8e49b5a80fefeed23e553b0e492d74748a55958b4dde568 conmon-2.1.10-1.fc40.x86_64.rpm adf4b75cdd9fae9d2d37fb71d9f0bf625a6705c0f0a7784569ab21463fe22152 conntrack-tools-1.4.7-7.fc40.x86_64.rpm -4af8d4cf81c8c368c2a128dcd2b1ffe228589568b162e2d482bd0e2b8d2ca0da container-selinux-2.230.0-1.fc40.noarch.rpm +f4f43dd33d14def444e9516ac8d59a7fd4fbceb2c56b662f0c0943af65771b3a container-selinux-2.231.0-1.fc40.noarch.rpm bbe29e0c7b4ca076d50b4ac3954eb383459230d96b13f353ee71ebd5de33b6d1 containerd-1.6.23-5.fc40.x86_64.rpm 25fffa3b5f1b0b2349fd6f8f6ccb6e84936c50eeb8d4a292bcc2b74895fa7fcc containernetworking-plugins-1.4.0-4.fc40.x86_64.rpm 542e8c11b3af4c4bbbe2e8911c9f9dac12620d20be15011561cb3791165562c5 containers-common-0.58.0-2.fc40.noarch.rpm @@ -41,7 +41,7 @@ d4fb93847a0e94d3bdbea203c1df0895e254089d825dfaf040b1aae3ae9547ff device-mapper- 89cd53411d71097aeb5af16cf6d7fcb2c11103a5606a78e628fb1a138b0f0780 device-mapper-libs-1.02.197-1.fc40.i686.rpm c736bdca85feb3982cc8772058e95c7794d37503d5a26a2f84d4092bd5300d18 device-mapper-libs-1.02.197-1.fc40.x86_64.rpm 6913a547250df04ec388b96b7512977a25ab2fca62ed4345c3a9fc8782ce659f diffutils-3.10-5.fc40.x86_64.rpm -4e9636e8733ea13c399c1a37453bc087b6c515c624991d848db0621a91dcaec8 dracut-060-1.fc40.x86_64.rpm +0e1612ab0048896d59b11a11269cf9c973d1f1d28b0ef282bd525978bf7eb3e2 dracut-101-1.fc40.x86_64.rpm fa40cda554dc644d5a8354b18be748f21996dadd6193ee4ac32c02581266d313 duktape-2.7.0-7.fc40.x86_64.rpm ac4f1b2eaf5d452512e7b6172c93880c2b501946b71a228adc02d50bb3fb56e0 e2fsprogs-1.47.0-5.fc40.x86_64.rpm 8476fda117e3cb808129ddc2f975069685a8c7875ee04c3dafa6ceed948a2628 e2fsprogs-libs-1.47.0-5.fc40.x86_64.rpm @@ -79,12 +79,12 @@ c4cc69bf3a2655b9ee9ac23492d377bac57811c5b4f81fbf43537520ee33c7af gawk-all-langp 834c3441835069b61208792b9b9ae1ebfadadb9d2d211357d7f42838932b59a7 gettext-libs-0.22.5-2.fc40.x86_64.rpm 1126bf8d28dff9f165865d83c239e6a2d3988fc935957b9b869d8ed7989a2ae9 gettext-runtime-0.22.5-2.fc40.x86_64.rpm 0d07452b71741856258e6ddba673a6f0a9fbf2ade0d751ea2d735531f019c398 glib2-2.80.2-1.fc40.x86_64.rpm -d271514135604e4bc7e0c7a1fefd4e7f619ea82a42df2322dc9c91ae06fc40be glibc-2.39-8.fc40.i686.rpm -041201b485a5d5b68d5324c9006d117c01c96459e6a7260ffc311bf13cbc3db3 glibc-2.39-8.fc40.x86_64.rpm -df2dc4473fa092ba3b73522e8af9219d4d9aa71e56acbcd7265a1c0cd6825935 glibc-common-2.39-8.fc40.x86_64.rpm -0b8d0bc78141e239697bd8d5c5af6dfcdb44b7ced3f0e6e7058c4ced6cc48c26 glibc-gconv-extra-2.39-8.fc40.i686.rpm -5edcb7ad87a4008ebaa073ace1817407d7c13e85f90d55b07483937a7d8222cc glibc-gconv-extra-2.39-8.fc40.x86_64.rpm -3b474d0bb881ace5622f180b04b69d13da1602f28c719335e0d3779326c42831 glibc-minimal-langpack-2.39-8.fc40.x86_64.rpm +3b3ecd009f8fdd305f6b4b4f1fe1357ff1a0c2cd7281ceda717ec578d695b87a glibc-2.39-13.fc40.i686.rpm +fa209e13155a3c326bebe2c01e6b5db05dc47924102bc7a698e834ba81bcb256 glibc-2.39-13.fc40.x86_64.rpm +34f89f267920d3ec17043171c3da1aff1ff00a990009e8c0e4c527cce3151bef glibc-common-2.39-13.fc40.x86_64.rpm +e18c1c9075b75c0f16797a3209233dc4ce9b6f16c2a455842e63346274c0ce3d glibc-gconv-extra-2.39-13.fc40.i686.rpm +6de8e353d8769f00e5deab0e9c3262b0ae2fc93f86d6fee6d61095855e965f9f glibc-gconv-extra-2.39-13.fc40.x86_64.rpm +9bfa2e40876084f603b28cc0b7991d32022905dd4192d9fae5abbdabf1279bf2 glibc-minimal-langpack-2.39-13.fc40.x86_64.rpm b054d6a9ee3477e935686b327aa47379bd1909eac4ce06c4c45dff1a201ecb49 gmp-6.2.1-8.fc40.x86_64.rpm 0a8b1b3fb625e4d1864ad6726f583e2db5db7f10d9f3564b5916ca7fed1b71cb gnupg2-2.4.4-1.fc40.x86_64.rpm 4425dbd35ab65f25b092d12ac56c4b565371a1c52ac882c8896dbeae7d52bbb1 gnupg2-smime-2.4.4-1.fc40.x86_64.rpm @@ -147,7 +147,7 @@ c890a19d2c4a3da836bae1db40b778fe0339cd0d26bddfbe584aaccb1a0f1485 libcom_err-1.4 df01bb4a19148d5ef8bad7e97d6b9ff0926bdd6c04f97620b27dc3d2ff9059cb libcurl-minimal-8.6.0-8.fc40.x86_64.rpm 783f1bc7ab5fb88b5bfaea82f70457fba8e76bde5821b61bafbb1acb301f9834 libeconf-0.6.2-1.fc40.i686.rpm 05ad4ddff82db6a9c6cec0fc0188ae3a946c1387fbf69773eef9b9cd21c36251 libeconf-0.6.2-1.fc40.x86_64.rpm -2c4a70a136b81fd13407660b999546f88568b477e86404793ba15c4325f2ab3c libedit-3.1-50.20230828cvs.fc40.x86_64.rpm +9e6e3e3ae465342b139c97b782e55701d20c72e7330545d5c66f901ede7228db libedit-3.1-51.20240517cvs.fc40.x86_64.rpm c4adcee5dd9e22ea50d6c318ac4936a8df708121741958ce5aa8f038c46c61a9 libevent-2.1.12-12.fc40.x86_64.rpm a1ba3045c99ef1b266383f0801731a68f9e0cb069a6c808267ad33b759381907 libfdisk-2.40-0.9.rc1.fc40.i686.rpm 17f02ca51b90580887d739f52b995034e0929fc6bcd92be308554a2f5337bbe4 libfdisk-2.40-0.9.rc1.fc40.x86_64.rpm @@ -219,8 +219,8 @@ fadf7dd93c5eee57ba78e0628bf041dbd2ea037ace52f0a5cbac55b363234d27 libverto-0.3.2 26c27a101cf40f84f313d81a28cbca9450e8d901e6fcd315ac6036895a369b92 libxcrypt-4.4.36-5.fc40.x86_64.rpm a17f9a8894a00ee97a42219b3b21d64bfb850d74059d89ae299210bc477e8967 libxkbcommon-1.6.0-2.fc40.i686.rpm 1f1d0c1e1132016735acc6fc3390102b35f9eb257244547c7b61c32a9c2314cc libxkbcommon-1.6.0-2.fc40.x86_64.rpm -a8b9940585cfd8f3a6e18e9ab63b0cc0f401bedba1e12d46b4c62c4a469e52d7 libxml2-2.12.6-1.fc40.i686.rpm -a4c3648577f35a59c7b1e4437bfa493d737156cbcba798c7cfa1d8f081969c83 libxml2-2.12.6-1.fc40.x86_64.rpm +1d892a2a9ebc7062ab36f2e01682c17280de09508e2b5ce71476d171d1c6c93b libxml2-2.12.7-1.fc40.i686.rpm +35bba4379919f472dadd5ddb415e60ae21841f56045199c18082f93405b4c120 libxml2-2.12.7-1.fc40.x86_64.rpm cd866911efd52e3a70655df3da9d71ad2f4a326463aeaa381493a7547e14871d libzstd-1.5.6-1.fc40.i686.rpm bed3075b9ff919eded25cb45e9e03b8a7c63bcc8e893ec28c999aecaa68c51d3 libzstd-1.5.6-1.fc40.x86_64.rpm 81409455da42a5ffdcf5b8cc711632ce037fec25d5ae00cbfda5010c9db04157 lua-libs-5.4.6-5.fc40.x86_64.rpm @@ -309,8 +309,8 @@ d400a4e4440bea56566fb1e9582d86d1ac2e07745d37fa6e71f43a8fea05217c rpm-plugin-sel 63af9d11e956f54577a54460afda4377d78fdb9e265b1eae3f0f7a6f94f70146 runc-1.1.12-3.fc40.x86_64.rpm 3b940ff1f16fdb3ddcc19d7d76241c9b81d81099ff5147c4c9967d2c4ca6fb5b sbsigntools-0.9.5-3.fc40.x86_64.rpm 6a21b2c132a54fd6d9acb846d0a96289ab739b745cdc4c2b31bdbf6b2434a1a7 sed-4.9-1.fc40.x86_64.rpm -b4835a7eb3bf2e2a9dd4e9546ba182997698f3e889a3d0ea1eadf541ad2607eb selinux-policy-40.18-2.fc40.noarch.rpm -cbf1da8c46e36e6990fec9da331c10dc6e8df83b732b3621e30aa5106c4ca934 selinux-policy-targeted-40.18-2.fc40.noarch.rpm +98191fd64cf0ffaea15897596afb4c71b0a78c0fea726fc256be5298d7756299 selinux-policy-40.20-1.fc40.noarch.rpm +fa363e31c6664b972a4adc5b9077375bb21492a2fc9df3dc6076889adf120deb selinux-policy-targeted-40.20-1.fc40.noarch.rpm 89862f646cd64e81497f01a8b69ab30ac8968c47afef92a2c333608fdb90ccc1 setup-2.14.5-2.fc40.noarch.rpm 14c4208826d1c859899f35978a80e0448fabead39f860fd3bae41b4e3e8e1883 shadow-utils-4.15.1-2.fc40.x86_64.rpm 0a1e1e3502b65b8620cbcc74dfc75203fb9ce913f0580f49ed8fdcb8e89c106c shadow-utils-subid-4.15.1-2.fc40.x86_64.rpm @@ -331,8 +331,8 @@ f53b587ff73b3372f35470fd55aa9c97d2e163068f11b957a7f6e83dbfaa735d systemd-udev-2 f8f7d1b48e3a2193a9929544503c72d79c5de555816a3812f30158d136a2bf15 tpm2-tss-4.1.0-1.fc40.x86_64.rpm 7da3dc1d28b8154f36e6c2e68ea7e5378729d9adfa48d9817bdacf8f309a43e2 tpm2-tss-fapi-4.1.0-1.fc40.x86_64.rpm 0bd358e7dfb2bd730b62c7375c8d8f8d9e2470f085ca8dc4ec626dc0332d5687 tzdata-2024a-5.fc40.noarch.rpm -f54615a1c38064a32e408765e5914d5dc2cbaec14cdf1b95fcf6800c3139b1f4 unbound-anchor-1.19.3-1.fc40.x86_64.rpm -73a122907049f35648c590727f6d719aa1b4e3cb4987404f27ec9e4a1510be83 unbound-libs-1.19.3-1.fc40.x86_64.rpm +70104fb4dffbfde9b5dd540a97ce37fa965c9d989777dd6c086de28bff10709a unbound-anchor-1.20.0-1.fc40.x86_64.rpm +76d89a1e025aed395b28f9f97d8cba85142e5ffcfecb00de7f93333b76225665 unbound-libs-1.20.0-1.fc40.x86_64.rpm 36ffa617a0dfe523424a28290241a81cd51f7d82e776e58131f16d092d49797b util-linux-2.40-0.9.rc1.fc40.i686.rpm 41b777c50f1ec74795551c7d930a3d6eceab278ff03608893a5dbd49f2de5363 util-linux-2.40.1-1.fc40.x86_64.rpm 7ec1b5df780c5a30f8e901179480125a6ea87f1f7bad3b69da7f4b351b88c3dd util-linux-core-2.40-0.9.rc1.fc40.x86_64.rpm From d14ee6ba1d1cf62ee9ca766bc38fb77eacc95333 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Mon, 27 May 2024 16:22:56 +0200 Subject: [PATCH 032/380] helm: update AWS CSI driver chart (#3121) --- internal/constellation/helm/BUILD.bazel | 5 + .../helm/charts/edgeless/csi/Chart.yaml | 2 +- .../csi/charts/aws-csi-driver/CHANGELOG.md | 116 ++++++++ .../csi/charts/aws-csi-driver/Chart.yaml | 4 +- .../charts/aws-csi-driver/templates/NOTES.txt | 2 +- .../templates/_node-windows.tpl | 262 ++++++++++++++++++ .../charts/aws-csi-driver/templates/_node.tpl | 250 +++++++++++++++++ .../templates/clusterrole-attacher.yaml | 3 + .../templates/clusterrole-csi-node.yaml | 6 + .../templates/clusterrole-provisioner.yaml | 9 +- .../templates/clusterrole-resizer.yaml | 6 + .../templates/clusterrole-snapshotter.yaml | 5 +- .../aws-csi-driver/templates/controller.yaml | 186 +++++++++++-- .../templates/ebs-csi-default-sc.yaml | 11 + .../aws-csi-driver/templates/metrics.yaml | 2 +- .../templates/node-windows.yaml | 195 +------------ .../charts/aws-csi-driver/templates/node.yaml | 252 +++-------------- .../poddisruptionbudget-controller.yaml | 4 - .../aws-csi-driver/templates/role-leases.yaml | 11 + .../templates/rolebinding-leases.yaml | 15 + .../serviceaccount-csi-controller.yaml | 3 + .../templates/serviceaccount-csi-node.yaml | 3 + .../templates/volumesnapshotclass.yaml | 3 + .../csi/charts/aws-csi-driver/values.yaml | 184 +++++++++++- .../constellation/helm/update-csi-charts.sh | 2 +- 25 files changed, 1104 insertions(+), 437 deletions(-) create mode 100644 internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/_node-windows.tpl create mode 100644 internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/_node.tpl create mode 100644 internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/ebs-csi-default-sc.yaml create mode 100644 internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/role-leases.yaml create mode 100644 internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/rolebinding-leases.yaml diff --git a/internal/constellation/helm/BUILD.bazel b/internal/constellation/helm/BUILD.bazel index 6e3c5eee7..52f92729c 100644 --- a/internal/constellation/helm/BUILD.bazel +++ b/internal/constellation/helm/BUILD.bazel @@ -457,6 +457,11 @@ go_library( "charts/yawol/charts/yawol-controller/values.yaml", "charts/yawol/templates/.gitkeep", "charts/yawol/values.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/_node-windows.tpl", + "charts/edgeless/csi/charts/aws-csi-driver/templates/_node.tpl", + "charts/edgeless/csi/charts/aws-csi-driver/templates/ebs-csi-default-sc.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/role-leases.yaml", + "charts/edgeless/csi/charts/aws-csi-driver/templates/rolebinding-leases.yaml", ], importpath = "github.com/edgelesssys/constellation/v2/internal/constellation/helm", visibility = ["//:__subpackages__"], diff --git a/internal/constellation/helm/charts/edgeless/csi/Chart.yaml b/internal/constellation/helm/charts/edgeless/csi/Chart.yaml index 3fb20c87e..3a1feaf37 100644 --- a/internal/constellation/helm/charts/edgeless/csi/Chart.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/Chart.yaml @@ -9,7 +9,7 @@ dependencies: - name: snapshot-crds version: 6.2.2 - name: aws-csi-driver - version: 1.1.0 + version: 1.2.0 tags: - AWS - name: azuredisk-csi-driver diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/CHANGELOG.md b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/CHANGELOG.md index bc6aa0036..3daf61e5e 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/CHANGELOG.md +++ b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/CHANGELOG.md @@ -1,4 +1,120 @@ # Helm chart +## v2.30.0 +* Bump driver version to `v1.30.0` +* Update voluemessnapshotcontents/status RBAC ([#1991](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1991), [@AndrewSirenko](https://github.com/AndrewSirenko)) +* Upgrade dependencies ([#2016](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/2016), [@torredil](https://github.com/torredil)) + +## v2.29.1 +* Bump driver version to `v1.29.1` +* Remove `--reuse-values` deprecation warning + +## v2.29.0 +### Urgent Upgrade Notes +*(No, really, you MUST read this before you upgrade)* + +The EBS CSI Driver Helm chart no longer supports upgrading with `--reuse-values`. This chart will not test for `--reuse-values` compatibility and upgrading with `--reuse-values` will likely fail. Users of `--reuse-values` are strongly encouraged to migrate to `--reset-then-reuse-values`. + +For more information see [the deprecation announcement](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/issues/1864). + +### Other Changes +* Bump driver version to `v1.29.0` and sidecars to latest versions +* Add helm-tester enabled flag ([#1954](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1954), [@nunodomingues-td](https://github.com/nunodomingues-td)) + +## v2.28.1 +* Add `reservedVolumeAttachments` that overrides heuristic-determined reserved attachments via `--reserved-volume-attachments` CLI option from [PR #1919](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1919) through Helm ([#1939](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1939), [@AndrewSirenko](https://github.com/AndrewSirenko)) +* Add `additionalArgs` parameter to node daemonSet ([#1939](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1939), [@AndrewSirenko](https://github.com/AndrewSirenko)) + +## v2.28.0 +### Urgent Upgrade Notes +*(No, really, you MUST read this before you upgrade)* + +This is the last minor version of the EBS CSI Driver Helm chart to support upgrading with `--reuse-values`. Future versions of the chart (starting with `v2.29.0`) will not test for `--reuse-values` compatibility and upgrading with `--reuse-values` will likely fail. Users of `--reuse-values` are strongly encouraged to migrate to `--reset-then-reuse-values`. + +For more information see [the deprecation announcement](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/issues/1864). + +### Other Changes +* Bump driver version to `v1.28.0` and sidecars to latest versions +* Add labels to leases role used by EBS CSI controller ([#1914](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1914), [@cHiv0rz](https://github.com/cHiv0rz)) +* Enforce `linux` and `amd64` node affinity for helm tester pod ([#1922](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1922), [@AndrewSirenko](https://github.com/AndrewSirenko)) +* Add configuration for `DaemonSet` annotations ([#1923](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1923), [@AndrewSirenko](https://github.com/AndrewSirenko)) +* Incorporate KubeLinter recommended best practices for chart tester pod ([#1924](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1924), [@torredil](https://github.com/torredil)) +* Add configuration for chart tester pod image ([#1928](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1928), [@AndrewSirenko](https://github.com/AndrewSirenko)) + +## v2.27.0 +* Bump driver version to `v1.27.0` +* Add parameters for tuning revisionHistoryLimit and emptyDir volumes ([#1840](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1840), [@bodgit](https://github.com/bodgit)) + +## v2.26.1 +* Bump driver version to `v1.26.1` +* Bump sidecar container versions to fix [restart bug in external attacher, provisioner, resizer, snapshotter, and node-driver-registrar](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/issues/1875) ([#1886](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1886), [@AndrewSirenko](https://github.com/AndrewSirenko)) + +## v2.26.0 +* Bump driver version to `v1.26.0` +* Bump sidecar container versions ([#1867](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1867), [@AndrewSirenko](https://github.com/AndrewSirenko)) +* Add warning about --reuse-values deprecation to NOTES.txt ([#1865](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1865), [@ConnorJC3](https://github.com/ConnorJC3)) + +## v2.25.0 +* Bump driver version to `v1.25.0` +* Update default sidecar timeout values ([#1824](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1824), [@torredil](https://github.com/torredil)) +* Increase default QPS and worker threads of sidecars ([#1834](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1834), [@ConnorJC3](https://github.com/ConnorJC3)) +* Node-driver-registrar sidecar fixes ([#1815](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1815), [@jukie](https://github.com/jukie)) +* Suggest eks.amazonaws.com/role-arn in values.yaml if EKS IAM for SA is used ([#1804](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1804), [@tporeba](https://github.com/tporeba)) + +## v2.24.1 +* Bump driver version to `v1.24.1` +* Upgrade sidecar images + +## v2.24.0 +* Bump driver version to `v1.24.0` +* Add additionalClusterRoleRules to sidecar chart templates. ([#1757](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1757), [@AndrewSirenko](https://github.com/AndrewSirenko)) +* Allow passing template value for clusterName ([#1753](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1753), [@monicastanciu](https://github.com/monicastanciu)) +* Make hostNetwork configurable for daemonset ([#1716](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1716), [@bseenu](https://github.com/bseenu)) +* Add labels to volumesnapshotclass ([#1754](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1754), [@fad3t](https://github.com/fad3t)) +* Update default API version for PodDisruptionBudget ([#1751](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1751), [@AndrewSirenko](https://github.com/AndrewSirenko)) + +## v2.23.2 +* Bump driver version to `v1.23.2` +* Upgrade sidecar images + +## v2.23.1 +* Bump driver version to `v1.23.1` + +## v2.23.0 +* Add `node.enableLinux` parameter ([#1732](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1732), [@monicastanciu](https://github.com/monicastanciu)) +* Additional Node DaemonSets bug fixes ([#1739](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1739), [@monicastanciu](https://github.com/monicastanciu)) +* Additional DaemonSets feature ([#1722](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1722), [@ConnorJC3](https://github.com/ConnorJC3)) +* Add doc of chart value additionalArgs ([#1697](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1697), [@zitudu](https://github.com/zitudu)) + +## v2.22.1 +* Bump driver version to `v1.22.1` + +## v2.22.0 +* Default PodDisruptionBudget to policy/v1 ([#1707](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1707), [@iNoahNothing](https://github.com/iNoahNothing)) + +## v2.21.0 +* Bump driver version to `v1.21.0` +* Enable additional volume mounts on node pods ([#1670](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1670), [@AndrewSirenko](https://github.com/AndrewSirenko)) +* Enable customization of aws-secret name and keys in Helm Chart ([#1668](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1668), [@AndrewSirenko](https://github.com/AndrewSirenko)) +* The sidecars have been updated. The new versions are: + - csi-snapshotter: `v6.2.2` + +## v2.20.0 +* Bump driver version to `v1.20.0` +* Enable leader election in csi-resizer sidecar ([#1606](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1606), [@rdpsin](https://github.com/rdpsin)) +* Namespace-scoped leases permissions ([#1614](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1614), [@torredil](https://github.com/torredil)) +* Add additionalArgs parameter for sidecars ([#1627](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1627), [@ConnorJC3](https://github.com/ConnorJC3)) +* Avoid generating manifests with empty envFrom fields ([#1630](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1630), [@mvgmb](https://github.com/mvgmb)) +* Allow to set automountServiceAccountToken in ServiceAccount ([#1619](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1619), [@kahirokunn](https://github.com/kahirokunn)) + +## v2.19.0 +* Bump driver version to `v1.19.0` +* The sidecars have been updated. The new versions are: + - csi-provisioner: `v3.5.0` + - csi-attacher: `v4.3.0` + - livenessprobe: `v2.10.0` + - csi-resizer: `v1.8.0` + - node-driver-registrar: `v2.8.0` +* Remove CPU limits ([#1596](https://github.com/kubernetes-sigs/aws-ebs-csi-driver/pull/1596), [@torredil](https://github.com/torredil)) ## v2.18.0 ### Urgent Upgrade Notes diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/Chart.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/Chart.yaml index fc4e85297..c439f3ef6 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/Chart.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -version: 1.1.0 -appVersion: "1.1.0" +version: 1.2.0 +appVersion: "1.2.0" description: AWS Container Storage Interface (CSI) Storage Plugin with on-node encryption support name: aws-csi-driver kubeVersion: ">=1.17.0-0" diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/NOTES.txt b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/NOTES.txt index 5d79084ec..cb3e6cecf 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/NOTES.txt +++ b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/NOTES.txt @@ -2,4 +2,4 @@ To verify that aws-ebs-csi-driver has started, run: kubectl get pod -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "aws-ebs-csi-driver.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -NOTE: The [CSI Snapshotter](https://github.com/kubernetes-csi/external-snapshotter) controller and CRDs will no longer be installed as part of this chart and moving forward will be a prerequisite of using the snap shotting functionality. \ No newline at end of file +NOTE: The [CSI Snapshotter](https://github.com/kubernetes-csi/external-snapshotter) controller and CRDs will no longer be installed as part of this chart and moving forward will be a prerequisite of using the snap shotting functionality. diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/_node-windows.tpl b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/_node-windows.tpl new file mode 100644 index 000000000..ab17f71e5 --- /dev/null +++ b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/_node-windows.tpl @@ -0,0 +1,262 @@ +{{- define "node-windows" }} +{{- if .Values.node.enableWindows }} +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: {{ printf "%s-windows" .NodeName }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "aws-ebs-csi-driver.labels" . | nindent 4 }} +spec: + {{- if or (kindIs "float64" .Values.node.revisionHistoryLimit) (kindIs "int64" .Values.node.revisionHistoryLimit) }} + revisionHistoryLimit: {{ .Values.node.revisionHistoryLimit }} + {{- end }} + selector: + matchLabels: + app: {{ .NodeName }} + {{- include "aws-ebs-csi-driver.selectorLabels" . | nindent 6 }} + updateStrategy: + {{ toYaml .Values.node.updateStrategy | nindent 4 }} + template: + metadata: + labels: + app: {{ .NodeName }} + {{- include "aws-ebs-csi-driver.labels" . | nindent 8 }} + {{- if .Values.node.podLabels }} + {{- toYaml .Values.node.podLabels | nindent 8 }} + {{- end }} + {{- with .Values.node.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.node.affinity }} + affinity: {{- toYaml . | nindent 8 }} + {{- end }} + nodeSelector: + kubernetes.io/os: windows + {{- with .Values.node.nodeSelector }} + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ .Values.node.serviceAccount.name }} + priorityClassName: {{ .Values.node.priorityClassName | default "system-node-critical" }} + tolerations: + {{- if .Values.node.tolerateAllTaints }} + - operator: Exists + {{- else }} + {{- with .Values.node.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} + {{- if .Values.node.windowsHostProcess }} + securityContext: + windowsOptions: + hostProcess: true + runAsUserName: "NT AUTHORITY\\SYSTEM" + hostNetwork: true + {{- end }} + containers: + - name: ebs-plugin + image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.image.repository (default (printf "v%s" .Chart.AppVersion) (toString .Values.image.tag)) }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.node.windowsHostProcess }} + command: + - "aws-ebs-csi-driver.exe" + {{- end }} + args: + - node + - --endpoint=$(CSI_ENDPOINT) + {{- with .Values.node.volumeAttachLimit }} + - --volume-attach-limit={{ . }} + {{- end }} + {{- with .Values.node.loggingFormat }} + - --logging-format={{ . }} + {{- end }} + - --v={{ .Values.node.logLevel }} + {{- if .Values.node.otelTracing }} + - --enable-otel-tracing=true + {{- end}} + {{- if .Values.node.windowsHostProcess }} + - --windows-host-process=true + {{- end }} + env: + - name: CSI_ENDPOINT + {{- if .Values.node.windowsHostProcess }} + value: unix://C:\\var\\lib\\kubelet\\plugins\\ebs.csi.aws.com\\csi.sock + {{- else }} + value: unix:/csi/csi.sock + {{- end }} + - name: CSI_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + {{- if .Values.proxy.http_proxy }} + {{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }} + {{- end }} + {{- with .Values.node.otelTracing }} + - name: OTEL_SERVICE_NAME + value: {{ .otelServiceName }} + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: {{ .otelExporterEndpoint }} + {{- end }} + {{- with .Values.node.env }} + {{- . | toYaml | nindent 12 }} + {{- end }} + volumeMounts: + - name: kubelet-dir + mountPath: C:\var\lib\kubelet + mountPropagation: "None" + - name: plugin-dir + mountPath: C:\csi + {{- if not .Values.node.windowsHostProcess }} + - name: csi-proxy-disk-pipe + mountPath: \\.\pipe\csi-proxy-disk-v1 + - name: csi-proxy-volume-pipe + mountPath: \\.\pipe\csi-proxy-volume-v1 + - name: csi-proxy-filesystem-pipe + mountPath: \\.\pipe\csi-proxy-filesystem-v1 + {{- end }} + ports: + - name: healthz + containerPort: 9808 + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + timeoutSeconds: 3 + periodSeconds: 10 + failureThreshold: 5 + {{- with .Values.node.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if not .Values.node.windowsHostProcess }} + securityContext: + windowsOptions: + runAsUserName: "ContainerAdministrator" + {{- end }} + lifecycle: + preStop: + exec: + command: ["/bin/aws-ebs-csi-driver", "pre-stop-hook"] + - name: node-driver-registrar + image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.sidecars.nodeDriverRegistrar.image.repository .Values.sidecars.nodeDriverRegistrar.image.tag }} + imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.nodeDriverRegistrar.image.pullPolicy }} + {{- if .Values.node.windowsHostProcess }} + command: + - "csi-node-driver-registrar.exe" + {{- end }} + args: + - --csi-address=$(ADDRESS) + - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) + {{- if .Values.node.windowsHostProcess }} + - --plugin-registration-path=$(PLUGIN_REG_DIR) + {{- end }} + - --v={{ .Values.sidecars.nodeDriverRegistrar.logLevel }} + env: + - name: ADDRESS + {{- if .Values.node.windowsHostProcess }} + value: unix://C:\\var\\lib\\kubelet\\plugins\\ebs.csi.aws.com\\csi.sock + {{- else }} + value: unix:/csi/csi.sock + {{- end }} + - name: DRIVER_REG_SOCK_PATH + {{- if .Values.node.windowsHostProcess }} + value: C:\\var\\lib\\kubelet\\plugins\\ebs.csi.aws.com\\csi.sock + {{- else }} + value: C:\var\lib\kubelet\plugins\ebs.csi.aws.com\csi.sock + {{- end }} + {{- if .Values.node.windowsHostProcess }} + - name: PLUGIN_REG_DIR + value: C:\\var\\lib\\kubelet\\plugins_registry\\ + {{- end }} + {{- if .Values.proxy.http_proxy }} + {{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }} + {{- end }} + {{- with .Values.sidecars.nodeDriverRegistrar.env }} + {{- . | toYaml | nindent 12 }} + {{- end }} + livenessProbe: + exec: + command: + - /csi-node-driver-registrar.exe + - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) + - --mode=kubelet-registration-probe + initialDelaySeconds: 30 + timeoutSeconds: 15 + periodSeconds: 90 + volumeMounts: + - name: plugin-dir + mountPath: C:\csi + - name: registration-dir + mountPath: C:\registration + - name: probe-dir + mountPath: C:\var\lib\kubelet\plugins\ebs.csi.aws.com + {{- with default .Values.node.resources .Values.sidecars.nodeDriverRegistrar.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + - name: liveness-probe + image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.sidecars.livenessProbe.image.repository .Values.sidecars.livenessProbe.image.tag }} + imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.livenessProbe.image.pullPolicy }} + {{- if .Values.node.windowsHostProcess }} + command: + - "livenessprobe.exe" + {{- end }} + args: + {{- if .Values.node.windowsHostProcess }} + - --csi-address=unix://C:\\var\\lib\\kubelet\\plugins\\ebs.csi.aws.com\\csi.sock + {{- else }} + - --csi-address=unix:/csi/csi.sock + {{- end }} + volumeMounts: + - name: plugin-dir + mountPath: C:\csi + {{- with default .Values.node.resources .Values.sidecars.livenessProbe.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + {{- range .Values.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} + volumes: + - name: kubelet-dir + hostPath: + path: C:\var\lib\kubelet + type: Directory + - name: plugin-dir + hostPath: + path: C:\var\lib\kubelet\plugins\ebs.csi.aws.com + type: DirectoryOrCreate + - name: registration-dir + hostPath: + path: C:\var\lib\kubelet\plugins_registry + type: Directory + {{- if not .Values.node.windowsHostProcess }} + - name: csi-proxy-disk-pipe + hostPath: + path: \\.\pipe\csi-proxy-disk-v1 + type: "" + - name: csi-proxy-volume-pipe + hostPath: + path: \\.\pipe\csi-proxy-volume-v1 + type: "" + - name: csi-proxy-filesystem-pipe + hostPath: + path: \\.\pipe\csi-proxy-filesystem-v1 + type: "" + {{- end }} + - name: probe-dir + {{- if .Values.node.probeDirVolume }} + {{- toYaml .Values.node.probeDirVolume | nindent 10 }} + {{- else }} + emptyDir: {} + {{- end }} +{{- end }} +{{- end }} diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/_node.tpl b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/_node.tpl new file mode 100644 index 000000000..4591f7efe --- /dev/null +++ b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/_node.tpl @@ -0,0 +1,250 @@ +{{- define "node" }} +{{- if or (eq (default true .Values.node.enableLinux) true) }} +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: {{ .NodeName }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "aws-ebs-csi-driver.labels" . | nindent 4 }} + {{- with .Values.node.daemonSetAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if or (kindIs "float64" .Values.node.revisionHistoryLimit) (kindIs "int64" .Values.node.revisionHistoryLimit) }} + revisionHistoryLimit: {{ .Values.node.revisionHistoryLimit }} + {{- end }} + selector: + matchLabels: + app: {{ .NodeName }} + {{- include "aws-ebs-csi-driver.selectorLabels" . | nindent 6 }} + updateStrategy: + {{- toYaml .Values.node.updateStrategy | nindent 4 }} + template: + metadata: + labels: + app: {{ .NodeName }} + {{- include "aws-ebs-csi-driver.labels" . | nindent 8 }} + {{- if .Values.node.podLabels }} + {{- toYaml .Values.node.podLabels | nindent 8 }} + {{- end }} + {{- with .Values.node.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.node.affinity }} + affinity: {{- toYaml . | nindent 8 }} + {{- end }} + nodeSelector: + kubernetes.io/os: linux + {{- with .Values.node.nodeSelector }} + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ .Values.node.serviceAccount.name }} + priorityClassName: {{ .Values.node.priorityClassName | default "system-node-critical" }} + tolerations: + {{- if .Values.node.tolerateAllTaints }} + - operator: Exists + {{- else }} + {{- with .Values.node.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} + - key: "ebs.csi.aws.com/agent-not-ready" + operator: "Exists" + {{- end }} + hostNetwork: {{ .Values.node.hostNetwork }} + {{- with .Values.node.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: ebs-plugin + image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.image.repository (default (printf "v%s" .Chart.AppVersion) (toString .Values.image.tag)) }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: + - node + - --endpoint=$(CSI_ENDPOINT) + {{- with .Values.node.reservedVolumeAttachments }} + - --reserved-volume-attachments={{ . }} + {{- end }} + {{- with .Values.node.volumeAttachLimit }} + - --volume-attach-limit={{ . }} + {{- end }} + {{- with .Values.node.loggingFormat }} + - --logging-format={{ . }} + {{- end }} + - --v={{ .Values.node.logLevel }} + {{- if .Values.node.otelTracing }} + - --enable-otel-tracing=true + {{- end}} + {{- range .Values.node.additionalArgs }} + - {{ . }} + {{- end }} + env: + - name: CSI_ENDPOINT + value: unix:/csi/csi.sock + - name: CSI_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + {{- if .Values.proxy.http_proxy }} + {{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }} + {{- end }} + {{- with .Values.node.otelTracing }} + - name: OTEL_SERVICE_NAME + value: {{ .otelServiceName }} + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: {{ .otelExporterEndpoint }} + {{- end }} + {{- with .Values.node.env }} + {{- . | toYaml | nindent 12 }} + {{- end }} + {{- with .Values.controller.envFrom }} + envFrom: + {{- . | toYaml | nindent 12 }} + {{- end }} + volumeMounts: + - name: kubelet-dir + mountPath: {{ .Values.node.kubeletPath }} + mountPropagation: "Bidirectional" + - name: plugin-dir + mountPath: /csi + - name: device-dir + mountPath: /dev + - name: cryptsetup + mountPath: /run/cryptsetup + {{- with .Values.node.volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + ports: + - name: healthz + containerPort: 9808 + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: healthz + initialDelaySeconds: 10 + timeoutSeconds: 3 + periodSeconds: 10 + failureThreshold: 5 + {{- with .Values.node.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.node.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + lifecycle: + preStop: + exec: + command: ["/bin/aws-ebs-csi-driver", "pre-stop-hook"] + - name: node-driver-registrar + image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.sidecars.nodeDriverRegistrar.image.repository .Values.sidecars.nodeDriverRegistrar.image.tag }} + imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.nodeDriverRegistrar.image.pullPolicy }} + args: + - --csi-address=$(ADDRESS) + - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) + - --v={{ .Values.sidecars.nodeDriverRegistrar.logLevel }} + {{- range .Values.sidecars.nodeDriverRegistrar.additionalArgs }} + - {{ . }} + {{- end }} + env: + - name: ADDRESS + value: /csi/csi.sock + - name: DRIVER_REG_SOCK_PATH + value: {{ printf "%s/plugins/ebs.csi.aws.com/csi.sock" (trimSuffix "/" .Values.node.kubeletPath) }} + {{- if .Values.proxy.http_proxy }} + {{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }} + {{- end }} + {{- with .Values.sidecars.nodeDriverRegistrar.env }} + {{- . | toYaml | nindent 12 }} + {{- end }} + {{- with .Values.controller.envFrom }} + envFrom: + {{- . | toYaml | nindent 12 }} + {{- end }} + {{- with .Values.sidecars.nodeDriverRegistrar.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + - name: plugin-dir + mountPath: /csi + - name: registration-dir + mountPath: /registration + - name: probe-dir + mountPath: {{ printf "%s/plugins/ebs.csi.aws.com/" (trimSuffix "/" .Values.node.kubeletPath) }} + {{- with default .Values.node.resources .Values.sidecars.nodeDriverRegistrar.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.sidecars.nodeDriverRegistrar.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + - name: liveness-probe + image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.sidecars.livenessProbe.image.repository .Values.sidecars.livenessProbe.image.tag }} + imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.livenessProbe.image.pullPolicy }} + args: + - --csi-address=/csi/csi.sock + {{- range .Values.sidecars.livenessProbe.additionalArgs }} + - {{ . }} + {{- end }} + {{- with .Values.controller.envFrom }} + envFrom: + {{- . | toYaml | nindent 12 }} + {{- end }} + volumeMounts: + - name: plugin-dir + mountPath: /csi + {{- with default .Values.node.resources .Values.sidecars.livenessProbe.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.sidecars.livenessProbe.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + {{- range .Values.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} + volumes: + - name: kubelet-dir + hostPath: + path: {{ .Values.node.kubeletPath }} + type: Directory + - name: plugin-dir + hostPath: + path: {{ printf "%s/plugins/ebs.csi.aws.com/" (trimSuffix "/" .Values.node.kubeletPath) }} + type: DirectoryOrCreate + - name: registration-dir + hostPath: + path: {{ printf "%s/plugins_registry/" (trimSuffix "/" .Values.node.kubeletPath) }} + type: Directory + - name: device-dir + hostPath: + path: /dev + type: Directory + - name: cryptsetup + hostPath: + path: /run/cryptsetup + type: Directory + - name: probe-dir + {{- if .Values.node.probeDirVolume }} + {{- toYaml .Values.node.probeDirVolume | nindent 10 }} + {{- else }} + emptyDir: {} + {{- end }} + {{- with .Values.node.volumes }} + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-attacher.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-attacher.yaml index 816fdf66e..bff6577b3 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-attacher.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-attacher.yaml @@ -21,3 +21,6 @@ rules: - apiGroups: [ "storage.k8s.io" ] resources: [ "volumeattachments/status" ] verbs: [ "patch" ] + {{- with .Values.sidecars.attacher.additionalClusterRoleRules }} + {{- . | toYaml | nindent 2 }} + {{- end }} diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-csi-node.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-csi-node.yaml index 3ca368efb..2b7295aaf 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-csi-node.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-csi-node.yaml @@ -8,4 +8,10 @@ metadata: rules: - apiGroups: [""] resources: ["nodes"] + verbs: ["get", "patch"] + - apiGroups: ["storage.k8s.io"] + resources: ["volumeattachments"] + verbs: ["get", "list", "watch"] + - apiGroups: ["storage.k8s.io"] + resources: ["csinodes"] verbs: ["get"] diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-provisioner.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-provisioner.yaml index 0fb7ded0f..b67c65844 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-provisioner.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-provisioner.yaml @@ -30,9 +30,12 @@ rules: - apiGroups: [ "" ] resources: [ "nodes" ] verbs: [ "get", "list", "watch" ] - - apiGroups: [ "coordination.k8s.io" ] - resources: [ "leases" ] - verbs: [ "get", "watch", "list", "delete", "update", "create" ] - apiGroups: [ "storage.k8s.io" ] resources: [ "volumeattachments" ] verbs: [ "get", "list", "watch" ] + - apiGroups: [ "storage.k8s.io" ] + resources: [ "volumeattributesclasses" ] + verbs: [ "get" ] + {{- with .Values.sidecars.provisioner.additionalClusterRoleRules }} + {{- . | toYaml | nindent 2 }} + {{- end }} diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-resizer.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-resizer.yaml index 065f3aba2..81858af34 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-resizer.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-resizer.yaml @@ -29,3 +29,9 @@ rules: - apiGroups: [ "" ] resources: [ "pods" ] verbs: [ "get", "list", "watch" ] + - apiGroups: [ "storage.k8s.io" ] + resources: [ "volumeattributesclasses" ] + verbs: [ "get", "list", "watch" ] + {{- with .Values.sidecars.resizer.additionalClusterRoleRules }} + {{- . | toYaml | nindent 2 }} + {{- end }} diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-snapshotter.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-snapshotter.yaml index 38e688a8a..697e818d9 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-snapshotter.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/clusterrole-snapshotter.yaml @@ -24,4 +24,7 @@ rules: verbs: [ "create", "get", "list", "watch", "update", "delete", "patch" ] - apiGroups: [ "snapshot.storage.k8s.io" ] resources: [ "volumesnapshotcontents/status" ] - verbs: [ "update" ] + verbs: [ "update", "patch" ] + {{- with .Values.sidecars.snapshotter.additionalClusterRoleRules }} + {{- . | toYaml | nindent 2 }} + {{- end }} diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/controller.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/controller.yaml index 0d79331ac..89468b1ca 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/controller.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/controller.yaml @@ -6,8 +6,15 @@ metadata: namespace: {{ .Release.Namespace }} labels: {{- include "aws-ebs-csi-driver.labels" . | nindent 4 }} + {{- with .Values.controller.deploymentAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: replicas: {{ .Values.controller.replicaCount }} + {{- if or (kindIs "float64" .Values.controller.revisionHistoryLimit) (kindIs "int64" .Values.controller.revisionHistoryLimit) }} + revisionHistoryLimit: {{ .Values.controller.revisionHistoryLimit }} + {{- end }} {{- with .Values.controller.updateStrategy }} strategy: {{- toYaml . | nindent 4 }} @@ -26,7 +33,7 @@ spec: {{- end }} {{- if .Values.controller.podAnnotations }} annotations: - {{- toYaml .Values.controller.podAnnotations | nindent 8 }} + {{- tpl ( .Values.controller.podAnnotations | toYaml ) . | nindent 8 }} {{- end }} spec: nodeSelector: @@ -75,7 +82,7 @@ spec: {{- if .Values.controller.extraVolumeTags }} {{- include "aws-ebs-csi-driver.extra-volume-tags" . | nindent 12 }} {{- end }} - {{- with .Values.controller.k8sTagClusterId }} + {{- with (tpl (default "" .Values.controller.k8sTagClusterId) . ) }} - --k8s-tag-cluster-id={{ . }} {{- end }} {{- if and (.Values.controller.enableMetrics) (not .Values.controller.httpEndpoint) }} @@ -87,9 +94,18 @@ spec: {{- if .Values.controller.sdkDebugLog }} - --aws-sdk-debug-log=true {{- end}} + {{- if .Values.controller.batching }} + - --batching=true + {{- end}} {{- with .Values.controller.loggingFormat }} - --logging-format={{ . }} {{- end }} + {{- with .Values.controller.userAgentExtra }} + - --user-agent-extra={{ . }} + {{- end }} + {{- if .Values.controller.otelTracing }} + - --enable-otel-tracing=true + {{- end}} - --v={{ .Values.controller.logLevel }} {{- range .Values.controller.additionalArgs }} - {{ . }} @@ -101,18 +117,20 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName + {{- with .Values.awsAccessSecret }} - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: - name: aws-secret - key: key_id + name: {{ .name }} + key: {{ .keyId }} optional: true - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: - name: aws-secret - key: access_key + name: {{ .name }} + key: {{ .accessKey }} optional: true + {{- end }} - name: AWS_EC2_ENDPOINT valueFrom: configMapKeyRef: @@ -129,10 +147,16 @@ spec: {{- with .Values.controller.env }} {{- . | toYaml | nindent 12 }} {{- end }} - envFrom: - {{- with .Values.controller.envFrom }} - {{- . | toYaml | nindent 12 }} + {{- with .Values.controller.otelTracing }} + - name: OTEL_SERVICE_NAME + value: {{ .otelServiceName }} + - name: OTEL_EXPORTER_OTLP_ENDPOINT + value: {{ .otelExporterEndpoint }} {{- end }} + {{- with .Values.controller.envFrom }} + envFrom: + {{- . | toYaml | nindent 12 }} + {{- end }} volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ @@ -176,6 +200,9 @@ spec: image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.sidecars.provisioner.image.repository .Values.sidecars.provisioner.image.tag }} imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.provisioner.image.pullPolicy }} args: + {{- if not (regexMatch "(-timeout)" (join " " .Values.sidecars.provisioner.additionalArgs)) }} + - --timeout=60s + {{- end }} - --csi-address=$(ADDRESS) - --v={{ .Values.sidecars.provisioner.logLevel }} - --feature-gates=Topology=true @@ -195,6 +222,14 @@ spec: {{- end }} {{- end }} - --default-fstype={{ .Values.controller.defaultFsType }} + {{- if not (regexMatch "(-kube-api-qps)|(-kube-api-burst)|(-worker-threads)" (join " " .Values.sidecars.provisioner.additionalArgs)) }} + - --kube-api-qps=20 + - --kube-api-burst=100 + - --worker-threads=100 + {{- end }} + {{- range .Values.sidecars.provisioner.additionalArgs }} + - {{ . }} + {{- end }} env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock @@ -204,10 +239,10 @@ spec: {{- with .Values.sidecars.provisioner.env }} {{- . | toYaml | nindent 12 }} {{- end }} + {{- with .Values.controller.envFrom }} envFrom: - {{- with .Values.controller.envFrom }} {{- . | toYaml | nindent 12 }} - {{- end }} + {{- end }} volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ @@ -223,6 +258,9 @@ spec: image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.sidecars.attacher.image.repository .Values.sidecars.attacher.image.tag }} imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.attacher.image.pullPolicy }} args: + {{- if not (regexMatch "(-timeout)" (join " " .Values.sidecars.attacher.additionalArgs)) }} + - --timeout=60s + {{- end }} - --csi-address=$(ADDRESS) - --v={{ .Values.sidecars.attacher.logLevel }} - --leader-election={{ .Values.sidecars.attacher.leaderElection.enabled | required "leader election state for csi-attacher is required, must be set to true || false." }} @@ -237,6 +275,14 @@ spec: - --leader-election-retry-period={{ .Values.sidecars.attacher.leaderElection.retryPeriod }} {{- end }} {{- end }} + {{- if not (regexMatch "(-kube-api-qps)|(-kube-api-burst)|(-worker-threads)" (join " " .Values.sidecars.attacher.additionalArgs)) }} + - --kube-api-qps=20 + - --kube-api-burst=100 + - --worker-threads=100 + {{- end }} + {{- range .Values.sidecars.attacher.additionalArgs }} + - {{ . }} + {{- end }} env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock @@ -246,10 +292,10 @@ spec: {{- with .Values.sidecars.attacher.env }} {{- . | toYaml | nindent 12 }} {{- end }} + {{- with .Values.controller.envFrom }} envFrom: - {{- with .Values.controller.envFrom }} {{- . | toYaml | nindent 12 }} - {{- end }} + {{- end }} volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ @@ -271,6 +317,14 @@ spec: {{- if .Values.controller.extraCreateMetadata }} - --extra-create-metadata {{- end}} + {{- if not (regexMatch "(-kube-api-qps)|(-kube-api-burst)|(-worker-threads)" (join " " .Values.sidecars.snapshotter.additionalArgs)) }} + - --kube-api-qps=20 + - --kube-api-burst=100 + - --worker-threads=100 + {{- end }} + {{- range .Values.sidecars.snapshotter.additionalArgs }} + - {{ . }} + {{- end }} env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock @@ -280,10 +334,10 @@ spec: {{- with .Values.sidecars.snapshotter.env }} {{- . | toYaml | nindent 12 }} {{- end }} + {{- with .Values.controller.envFrom }} envFrom: - {{- with .Values.controller.envFrom }} {{- . | toYaml | nindent 12 }} - {{- end }} + {{- end }} volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ @@ -296,13 +350,94 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} {{- end }} + {{- if (.Values.controller.volumeModificationFeature).enabled }} + - name: volumemodifier + image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.sidecars.volumemodifier.image.repository .Values.sidecars.volumemodifier.image.tag }} + imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.volumemodifier.image.pullPolicy }} + args: + {{- if not (regexMatch "(-timeout)" (join " " .Values.sidecars.volumemodifier.additionalArgs)) }} + - --timeout=60s + {{- end }} + - --csi-address=$(ADDRESS) + - --v={{ .Values.sidecars.volumemodifier.logLevel }} + - --leader-election={{ .Values.sidecars.volumemodifier.leaderElection.enabled | required "leader election state for csi-volumemodifier is required, must be set to true || false." }} + {{- if .Values.sidecars.volumemodifier.leaderElection.enabled }} + {{- if .Values.sidecars.volumemodifier.leaderElection.leaseDuration }} + - --leader-election-lease-duration={{ .Values.sidecars.volumemodifier.leaderElection.leaseDuration }} + {{- end }} + {{- if .Values.sidecars.volumemodifier.leaderElection.renewDeadline}} + - --leader-election-renew-deadline={{ .Values.sidecars.volumemodifier.leaderElection.renewDeadline }} + {{- end }} + {{- if .Values.sidecars.volumemodifier.leaderElection.retryPeriod }} + - --leader-election-retry-period={{ .Values.sidecars.volumemodifier.leaderElection.retryPeriod }} + {{- end }} + {{- end }} + {{- range .Values.sidecars.volumemodifier.additionalArgs }} + - {{ . }} + {{- end }} + env: + - name: ADDRESS + value: /var/lib/csi/sockets/pluginproxy/csi.sock + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if .Values.proxy.http_proxy }} + {{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }} + {{- end }} + {{- with .Values.sidecars.volumemodifier.env }} + {{- . | toYaml | nindent 12 }} + {{- end }} + {{- with .Values.controller.envFrom }} + envFrom: + {{- . | toYaml | nindent 12 }} + {{- end }} + volumeMounts: + - name: socket-dir + mountPath: /var/lib/csi/sockets/pluginproxy/ + {{- with default .Values.controller.resources .Values.sidecars.volumemodifier.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.sidecars.volumemodifier.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} - name: csi-resizer image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.sidecars.resizer.image.repository .Values.sidecars.resizer.image.tag }} imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.resizer.image.pullPolicy }} args: + {{- if not (regexMatch "(-timeout)" (join " " .Values.sidecars.resizer.additionalArgs)) }} + - --timeout=60s + {{- end }} - --csi-address=$(ADDRESS) - --v={{ .Values.sidecars.resizer.logLevel }} - --handle-volume-inuse-error=false + {{- with .Values.sidecars.resizer.leaderElection }} + - --leader-election={{ .enabled | default true }} + {{- if .leaseDuration }} + - --leader-election-lease-duration={{ .leaseDuration }} + {{- end }} + {{- if .renewDeadline }} + - --leader-election-renew-deadline={{ .renewDeadline }} + {{- end }} + {{- if .retryPeriod }} + - --leader-election-retry-period={{ .retryPeriod }} + {{- end }} + {{- end }} + {{- if not (regexMatch "(-kube-api-qps)|(-kube-api-burst)|(-workers)" (join " " .Values.sidecars.resizer.additionalArgs)) }} + - --kube-api-qps=20 + - --kube-api-burst=100 + - --workers=100 + {{- end }} + {{- range .Values.sidecars.resizer.additionalArgs }} + - {{ . }} + {{- end }} env: - name: ADDRESS value: /var/lib/csi/sockets/pluginproxy/csi.sock @@ -312,10 +447,10 @@ spec: {{- with .Values.sidecars.resizer.env }} {{- . | toYaml | nindent 12 }} {{- end }} + {{- with .Values.controller.envFrom }} envFrom: - {{- with .Values.controller.envFrom }} {{- . | toYaml | nindent 12 }} - {{- end }} + {{- end }} volumeMounts: - name: socket-dir mountPath: /var/lib/csi/sockets/pluginproxy/ @@ -332,10 +467,13 @@ spec: imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.livenessProbe.image.pullPolicy }} args: - --csi-address=/csi/csi.sock - envFrom: - {{- with .Values.controller.envFrom }} - {{- . | toYaml | nindent 12 }} + {{- range .Values.sidecars.livenessProbe.additionalArgs }} + - {{ . }} {{- end }} + {{- with .Values.controller.envFrom }} + envFrom: + {{- . | toYaml | nindent 12 }} + {{- end }} volumeMounts: - name: socket-dir mountPath: /csi @@ -355,7 +493,15 @@ spec: {{- end }} volumes: - name: socket-dir + {{- if .Values.controller.socketDirVolume }} + {{- toYaml .Values.controller.socketDirVolume | nindent 10 }} + {{- else }} emptyDir: {} + {{- end }} {{- with .Values.controller.volumes }} {{- toYaml . | nindent 8 }} {{- end }} + {{- if .Values.controller.dnsConfig }} + dnsConfig: + {{- toYaml .Values.controller.dnsConfig | nindent 4 }} + {{- end }} diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/ebs-csi-default-sc.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/ebs-csi-default-sc.yaml new file mode 100644 index 000000000..a58595726 --- /dev/null +++ b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/ebs-csi-default-sc.yaml @@ -0,0 +1,11 @@ +{{- if .Values.defaultStorageClass.enabled }} +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: ebs-csi-default-sc + annotations: + storageclass.kubernetes.io/is-default-class: "true" +provisioner: ebs.csi.aws.com +volumeBindingMode: WaitForFirstConsumer +allowVolumeExpansion: true +{{- end }} diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/metrics.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/metrics.yaml index 1dcdf4ddc..d68bd7ab9 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/metrics.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/metrics.yaml @@ -37,6 +37,6 @@ spec: endpoints: - targetPort: 3301 path: /metrics - interval: 15s + interval: {{ .Values.controller.serviceMonitor.interval | default "15s"}} {{- end }} {{- end }} diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/node-windows.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/node-windows.yaml index 921b51cfb..9a2c2c81a 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/node-windows.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/node-windows.yaml @@ -1,184 +1,13 @@ -{{- if .Values.node.enableWindows }} -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: ebs-csi-node-windows - namespace: {{ .Release.Namespace }} - labels: - {{- include "aws-ebs-csi-driver.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - app: ebs-csi-node - {{- include "aws-ebs-csi-driver.selectorLabels" . | nindent 6 }} - updateStrategy: - {{ toYaml .Values.node.updateStrategy | nindent 4 }} - template: - metadata: - labels: - app: ebs-csi-node - {{- include "aws-ebs-csi-driver.labels" . | nindent 8 }} - {{- if .Values.node.podLabels }} - {{- toYaml .Values.node.podLabels | nindent 8 }} - {{- end }} - {{- with .Values.node.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.node.affinity }} - affinity: {{- toYaml . | nindent 8 }} - {{- end }} - nodeSelector: - kubernetes.io/os: windows - {{- with .Values.node.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ .Values.node.serviceAccount.name }} - priorityClassName: {{ .Values.node.priorityClassName | default "system-node-critical" }} - tolerations: - {{- if .Values.node.tolerateAllTaints }} - - operator: Exists - {{- else }} - {{- with .Values.node.tolerations }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - containers: - - name: ebs-plugin - image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.image.repository (default (printf "v%s" .Chart.AppVersion) (toString .Values.image.tag)) }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - args: - - node - - --endpoint=$(CSI_ENDPOINT) - {{- with .Values.node.volumeAttachLimit }} - - --volume-attach-limit={{ . }} - {{- end }} - {{- with .Values.node.loggingFormat }} - - --logging-format={{ . }} - {{- end }} - - --v={{ .Values.node.logLevel }} - env: - - name: CSI_ENDPOINT - value: unix:/csi/csi.sock - - name: CSI_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - {{- if .Values.proxy.http_proxy }} - {{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }} - {{- end }} - {{- with .Values.node.env }} - {{- . | toYaml | nindent 12 }} - {{- end }} - volumeMounts: - - name: kubelet-dir - mountPath: C:\var\lib\kubelet - mountPropagation: "None" - - name: plugin-dir - mountPath: C:\csi - - name: csi-proxy-disk-pipe - mountPath: \\.\pipe\csi-proxy-disk-v1 - - name: csi-proxy-volume-pipe - mountPath: \\.\pipe\csi-proxy-volume-v1 - - name: csi-proxy-filesystem-pipe - mountPath: \\.\pipe\csi-proxy-filesystem-v1 - ports: - - name: healthz - containerPort: 9808 - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 10 - timeoutSeconds: 3 - periodSeconds: 10 - failureThreshold: 5 - {{- with .Values.node.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - - name: node-driver-registrar - image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.sidecars.nodeDriverRegistrar.image.repository .Values.sidecars.nodeDriverRegistrar.image.tag }} - imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.nodeDriverRegistrar.image.pullPolicy }} - args: - - --csi-address=$(ADDRESS) - - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - - --v={{ .Values.sidecars.nodeDriverRegistrar.logLevel }} - env: - - name: ADDRESS - value: unix:/csi/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: C:\var\lib\kubelet\plugins\aws.csi.confidential.cloud\csi.sock - {{- if .Values.proxy.http_proxy }} - {{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }} - {{- end }} - {{- with .Values.sidecars.nodeDriverRegistrar.env }} - {{- . | toYaml | nindent 12 }} - {{- end }} - livenessProbe: - exec: - command: - - /csi-node-driver-registrar.exe - - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - - --mode=kubelet-registration-probe - initialDelaySeconds: 30 - timeoutSeconds: 15 - volumeMounts: - - name: plugin-dir - mountPath: C:\csi - - name: registration-dir - mountPath: C:\registration - - name: probe-dir - mountPath: C:\var\lib\kubelet\plugins\aws.csi.confidential.cloud - {{- with default .Values.node.resources .Values.sidecars.nodeDriverRegistrar.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - - name: liveness-probe - image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.sidecars.livenessProbe.image.repository .Values.sidecars.livenessProbe.image.tag }} - imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.livenessProbe.image.pullPolicy }} - args: - - --csi-address=unix:/csi/csi.sock - volumeMounts: - - name: plugin-dir - mountPath: C:\csi - {{- with default .Values.node.resources .Values.sidecars.livenessProbe.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} - volumes: - - name: kubelet-dir - hostPath: - path: C:\var\lib\kubelet - type: Directory - - name: plugin-dir - hostPath: - path: C:\var\lib\kubelet\plugins\aws.csi.confidential.cloud - type: DirectoryOrCreate - - name: registration-dir - hostPath: - path: C:\var\lib\kubelet\plugins_registry - type: Directory - - name: csi-proxy-disk-pipe - hostPath: - path: \\.\pipe\csi-proxy-disk-v1 - type: "" - - name: csi-proxy-volume-pipe - hostPath: - path: \\.\pipe\csi-proxy-volume-v1 - type: "" - - name: csi-proxy-filesystem-pipe - hostPath: - path: \\.\pipe\csi-proxy-filesystem-v1 - type: "" - - name: probe-dir - emptyDir: {} +{{$defaultArgs := dict + "NodeName" "ebs-csi-node" +}} +{{- include "node-windows" (deepCopy $ | mustMerge $defaultArgs) -}} +{{- range $name, $values := .Values.additionalDaemonSets }} +{{$args := dict + "NodeName" (printf "ebs-csi-node-%s" $name) + "Values" (dict + "node" (deepCopy $.Values.node | mustMerge $values) + ) +}} +{{- include "node-windows" (deepCopy $ | mustMerge $args) -}} {{- end }} diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/node.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/node.yaml index ecc6412d8..a891513b6 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/node.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/node.yaml @@ -1,206 +1,46 @@ -# Node Service -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: ebs-csi-node - namespace: {{ .Release.Namespace }} - labels: - {{- include "aws-ebs-csi-driver.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - app: ebs-csi-node - {{- include "aws-ebs-csi-driver.selectorLabels" . | nindent 6 }} - updateStrategy: - {{- toYaml .Values.node.updateStrategy | nindent 4 }} - template: - metadata: - labels: - app: ebs-csi-node - {{- include "aws-ebs-csi-driver.labels" . | nindent 8 }} - {{- if .Values.node.podLabels }} - {{- toYaml .Values.node.podLabels | nindent 8 }} - {{- end }} - {{- with .Values.node.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.node.affinity }} - affinity: {{- toYaml . | nindent 8 }} - {{- end }} - nodeSelector: - kubernetes.io/os: linux - {{- with .Values.node.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ .Values.node.serviceAccount.name }} - priorityClassName: {{ .Values.node.priorityClassName | default "system-node-critical" }} - tolerations: - {{- if .Values.node.tolerateAllTaints }} - - operator: Exists - {{- else }} - {{- with .Values.node.tolerations }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} - {{- with .Values.node.securityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: ebs-plugin - image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.image.repository (default (printf "v%s" .Chart.AppVersion) (toString .Values.image.tag)) }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - args: - - node - - --endpoint=$(CSI_ENDPOINT) - {{- with .Values.node.volumeAttachLimit }} - - --volume-attach-limit={{ . }} - {{- end }} - {{- with .Values.node.loggingFormat }} - - --logging-format={{ . }} - {{- end }} - - "--kms-addr={{ .Values.kms.keyServiceName }}.{{ .Values.kms.keyServiceNamespace | default .Release.Namespace }}:{{ .Values.kms.keyServicePort }}" - - --v={{ .Values.node.logLevel }} - env: - - name: CSI_ENDPOINT - value: unix:/csi/csi.sock - - name: CSI_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - {{- if .Values.proxy.http_proxy }} - {{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }} - {{- end }} - {{- with .Values.node.env }} - {{- . | toYaml | nindent 12 }} - {{- end }} - envFrom: - {{- with .Values.controller.envFrom }} - {{- . | toYaml | nindent 12 }} - {{- end }} - volumeMounts: - - name: kubelet-dir - mountPath: {{ .Values.node.kubeletPath }} - mountPropagation: "Bidirectional" - - name: plugin-dir - mountPath: /csi - - name: device-dir - mountPath: /dev - - name: cryptsetup - mountPath: /run/cryptsetup - ports: - - name: healthz - containerPort: 9808 - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: healthz - initialDelaySeconds: 10 - timeoutSeconds: 3 - periodSeconds: 10 - failureThreshold: 5 - {{- with .Values.node.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.node.containerSecurityContext }} - securityContext: - {{- toYaml . | nindent 12 }} - {{- end }} - - name: node-driver-registrar - image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.sidecars.nodeDriverRegistrar.image.repository .Values.sidecars.nodeDriverRegistrar.image.tag }} - imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.nodeDriverRegistrar.image.pullPolicy }} - args: - - --csi-address=$(ADDRESS) - - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - - --v={{ .Values.sidecars.nodeDriverRegistrar.logLevel }} - env: - - name: ADDRESS - value: /csi/csi.sock - - name: DRIVER_REG_SOCK_PATH - value: {{ printf "%s/plugins/aws.csi.confidential.cloud/csi.sock" (trimSuffix "/" .Values.node.kubeletPath) }} - {{- if .Values.proxy.http_proxy }} - {{- include "aws-ebs-csi-driver.http-proxy" . | nindent 12 }} - {{- end }} - {{- with .Values.sidecars.nodeDriverRegistrar.env }} - {{- . | toYaml | nindent 12 }} - {{- end }} - envFrom: - {{- with .Values.controller.envFrom }} - {{- . | toYaml | nindent 12 }} - {{- end }} - livenessProbe: - exec: - command: - - /csi-node-driver-registrar - - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) - - --mode=kubelet-registration-probe - initialDelaySeconds: 30 - timeoutSeconds: 15 - volumeMounts: - - name: plugin-dir - mountPath: /csi - - name: registration-dir - mountPath: /registration - - name: probe-dir - mountPath: {{ printf "%s/plugins/aws.csi.confidential.cloud/" (trimSuffix "/" .Values.node.kubeletPath) }} - {{- with default .Values.node.resources .Values.sidecars.nodeDriverRegistrar.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.sidecars.nodeDriverRegistrar.securityContext }} - securityContext: - {{- toYaml . | nindent 12 }} - {{- end }} - - name: liveness-probe - image: {{ printf "%s%s:%s" (default "" .Values.image.containerRegistry) .Values.sidecars.livenessProbe.image.repository .Values.sidecars.livenessProbe.image.tag }} - imagePullPolicy: {{ default .Values.image.pullPolicy .Values.sidecars.livenessProbe.image.pullPolicy }} - args: - - --csi-address=/csi/csi.sock - envFrom: - {{- with .Values.controller.envFrom }} - {{- . | toYaml | nindent 12 }} - {{- end }} - volumeMounts: - - name: plugin-dir - mountPath: /csi - {{- with default .Values.node.resources .Values.sidecars.livenessProbe.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.sidecars.livenessProbe.securityContext }} - securityContext: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} - volumes: - - name: kubelet-dir - hostPath: - path: {{ .Values.node.kubeletPath }} - type: Directory - - name: plugin-dir - hostPath: - path: {{ printf "%s/plugins/aws.csi.confidential.cloud/" (trimSuffix "/" .Values.node.kubeletPath) }} - type: DirectoryOrCreate - - name: registration-dir - hostPath: - path: {{ printf "%s/plugins_registry/" (trimSuffix "/" .Values.node.kubeletPath) }} - type: Directory - - name: device-dir - hostPath: - path: /dev - type: Directory - - name: probe-dir - emptyDir: {} - - name: cryptsetup - hostPath: - path: /run/cryptsetup - type: Directory +{{$defaultArgs := dict + "NodeName" "ebs-csi-node" +}} +{{- include "node" (deepCopy $ | mustMerge $defaultArgs) -}} +{{- range $name, $values := .Values.additionalDaemonSets }} +{{$args := dict + "NodeName" (printf "ebs-csi-node-%s" $name) + "Values" (dict + "node" (deepCopy $.Values.node | mustMerge $values) + ) +}} +{{- include "node" (deepCopy $ | mustMerge $args) -}} +{{- end }} +{{- if .Values.a1CompatibilityDaemonSet }} +{{$args := dict + "NodeName" "ebs-csi-node-a1compat" + "Values" (dict + "image" (dict + "tag" (printf "%s-a1compat" (default (printf "v%s" .Chart.AppVersion) (.Values.image.tag | toString))) + ) + "node" (dict + "affinity" (dict + "nodeAffinity" (dict + "requiredDuringSchedulingIgnoredDuringExecution" (dict + "nodeSelectorTerms" (list + (dict "matchExpressions" (list + (dict + "key" "eks.amazonaws.com/compute-type" + "operator" "NotIn" + "values" (list "fargate") + ) + (dict + "key" "node.kubernetes.io/instance-type" + "operator" "In" + "values" (list "a1.medium" "a1.large" "a1.xlarge" "a1.2xlarge" "a1.4xlarge") + ) + )) + ) + ) + ) + ) + ) + ) +}} +{{- include "node" (deepCopy $ | mustMerge $args) -}} +{{- end }} diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/poddisruptionbudget-controller.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/poddisruptionbudget-controller.yaml index 6f73fa222..0a1e97cc0 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/poddisruptionbudget-controller.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/poddisruptionbudget-controller.yaml @@ -1,8 +1,4 @@ -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} kind: PodDisruptionBudget metadata: name: ebs-csi-controller diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/role-leases.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/role-leases.yaml new file mode 100644 index 000000000..1ec62bb49 --- /dev/null +++ b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/role-leases.yaml @@ -0,0 +1,11 @@ +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + namespace: {{ .Release.Namespace }} + name: ebs-csi-leases-role + labels: + {{- include "aws-ebs-csi-driver.labels" . | nindent 4 }} +rules: +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "list", "delete", "update", "create"] diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/rolebinding-leases.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/rolebinding-leases.yaml new file mode 100644 index 000000000..88fded8a3 --- /dev/null +++ b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/rolebinding-leases.yaml @@ -0,0 +1,15 @@ +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ebs-csi-leases-rolebinding + namespace: {{ .Release.Namespace }} + labels: + {{- include "aws-ebs-csi-driver.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ .Values.controller.serviceAccount.name }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: ebs-csi-leases-role + apiGroup: rbac.authorization.k8s.io diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/serviceaccount-csi-controller.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/serviceaccount-csi-controller.yaml index a5b1102b4..d819f5493 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/serviceaccount-csi-controller.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/serviceaccount-csi-controller.yaml @@ -15,4 +15,7 @@ metadata: #annotations: # eks.amazonaws.com/role-arn: arn::iam:::role/ebs-csi-role {{- end }} +{{- if .Values.controller.serviceAccount.automountServiceAccountToken }} +automountServiceAccountToken: {{ .Values.controller.serviceAccount.automountServiceAccountToken }} +{{- end }} {{- end -}} diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/serviceaccount-csi-node.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/serviceaccount-csi-node.yaml index fb85abedf..9f3c7c7e1 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/serviceaccount-csi-node.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/serviceaccount-csi-node.yaml @@ -10,4 +10,7 @@ metadata: annotations: {{- toYaml . | nindent 4 }} {{- end }} +{{- if .Values.node.serviceAccount.automountServiceAccountToken }} +automountServiceAccountToken: {{ .Values.node.serviceAccount.automountServiceAccountToken }} +{{- end }} {{- end -}} diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/volumesnapshotclass.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/volumesnapshotclass.yaml index 0db3046aa..59551898e 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/volumesnapshotclass.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/templates/volumesnapshotclass.yaml @@ -8,6 +8,9 @@ metadata: {{- with .annotations }} annotations: {{- . | toYaml | trim | nindent 4 }} {{- end }} + {{- with .labels }} + labels: {{- . | toYaml | trim | nindent 4 }} + {{- end }} driver: aws.csi.confidential.cloud deletionPolicy: {{ .deletionPolicy }} {{- with .parameters }} diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/values.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/values.yaml index defdd4d83..0c4a68857 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/values.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/aws-csi-driver/values.yaml @@ -5,7 +5,7 @@ image: repository: ghcr.io/edgelesssys/constellation/aws-csi-driver # Overrides the image tag whose default is v{{ .Chart.AppVersion }} - tag: "v1.1.0@sha256:3e2c394f2397455516948efcc9a4b87cbaeabf14df31702d5905ce08a53995f2" + tag: "v1.2.0@sha256:9477e8ed37989c46963d57d24de5ddbc7ab965b1685d709d06c1ae536b23b5b1" pullPolicy: Always # -- Custom labels to add into metadata @@ -24,8 +24,12 @@ sidecars: image: pullPolicy: IfNotPresent repository: public.ecr.aws/eks-distro/kubernetes-csi/external-provisioner - tag: "v3.4.1-eks-1-26-7@sha256:adfcb04433d1824f62dde0365877d0f7b7a2eaebc45670cbab7e0c1f07ba0607" + tag: "v4.0.1-eks-1-30-4@sha256:0cf0d02211632c6b947f110e9f3f13f782eea1cfb7b990191d78ad032b2c2d77" logLevel: 2 + # Additional parameters provided by external-provisioner. + additionalArgs: [] + # Grant additional permissions to external-provisioner + additionalClusterRoleRules: resources: {} # Tune leader lease election for csi-provisioner. # Leader election is on by default. @@ -45,7 +49,7 @@ sidecars: image: pullPolicy: IfNotPresent repository: public.ecr.aws/eks-distro/kubernetes-csi/external-attacher - tag: "v4.2.0-eks-1-26-7@sha256:4b0d6e8758a0213ec942381b9577d2b3e971b545dc9e3fb59973f7992763d85f" + tag: "v4.5.1-eks-1-30-4@sha256:d68034351f65101d2a8506a5c583c5c923238aa93ba9719e779c0eb6a4b33993" # Tune leader lease election for csi-attacher. # Leader election is on by default. leaderElection: @@ -57,6 +61,10 @@ sidecars: # renewDeadline: "10s" # retryPeriod: "5s" logLevel: 2 + # Additional parameters provided by external-attacher. + additionalArgs: [] + # Grant additional permissions to external-attacher + additionalClusterRoleRules: [] resources: {} securityContext: readOnlyRootFilesystem: true @@ -68,8 +76,12 @@ sidecars: image: pullPolicy: IfNotPresent repository: public.ecr.aws/eks-distro/kubernetes-csi/external-snapshotter/csi-snapshotter - tag: "v6.2.1-eks-1-26-7@sha256:b8071f45885f1838387edb04a1d164680dcec8d656de682624ddc59d30ba660b" + tag: "v7.0.2-eks-1-30-4@sha256:9a33488c2cd691d4df454fbc0118e532cbd8aacf99856bdf395507fdae2421dc" logLevel: 2 + # Additional parameters provided by csi-snapshotter. + additionalArgs: [] + # Grant additional permissions to csi-snapshotter + additionalClusterRoleRules: [] resources: {} securityContext: readOnlyRootFilesystem: true @@ -78,7 +90,9 @@ sidecars: image: pullPolicy: IfNotPresent repository: public.ecr.aws/eks-distro/kubernetes-csi/livenessprobe - tag: "v2.9.0-eks-1-26-7@sha256:d9e11b42ae5f4f2f7ea9034e68040997cdbb04ae9e188aa897f76ae92698d78a" + tag: "v2.12.0-eks-1-30-4@sha256:665d64a8e1124ecd95e08626ddd140154be30a95c6574d423d66cf262d28cc9c" + # Additional parameters provided by livenessprobe. + additionalArgs: [] resources: {} securityContext: readOnlyRootFilesystem: true @@ -88,8 +102,22 @@ sidecars: image: pullPolicy: IfNotPresent repository: public.ecr.aws/eks-distro/kubernetes-csi/external-resizer - tag: "v1.7.0-eks-1-26-7@sha256:81672f19d1da5cdff8d2068d8d69776067a1e5c31537ab3282d95dff34d581b6" + tag: "v1.10.1-eks-1-30-4@sha256:2aef6bf851fc3fa8e03c7a3efc9d3adb2ae1cb1746f88fb8a7559f8ca44bf188" + # Tune leader lease election for csi-resizer. + # Leader election is on by default. + leaderElection: + enabled: true + # Optional values to tune lease behavior. + # The arguments provided must be in an acceptable time.ParseDuration format. + # Ref: https://pkg.go.dev/flag#Duration + # leaseDuration: "15s" + # renewDeadline: "10s" + # retryPeriod: "5s" logLevel: 2 + # Additional parameters provided by external-resizer. + additionalArgs: [] + # Grant additional permissions to external-resizer + additionalClusterRoleRules: [] resources: {} securityContext: readOnlyRootFilesystem: true @@ -99,8 +127,40 @@ sidecars: image: pullPolicy: IfNotPresent repository: public.ecr.aws/eks-distro/kubernetes-csi/node-driver-registrar - tag: "v2.7.0-eks-1-26-7@sha256:6ad0cae2ae91453f283a44e9b430e475b8a9fa3d606aec9a8b09596fffbcd2c9" + tag: "v2.10.1-eks-1-30-4@sha256:518ed9cba6258735a25d2b896dc65d34a41e22f6785550a7e24e2f2dbd6a48b5" logLevel: 2 + # Additional parameters provided by node-driver-registrar. + additionalArgs: [] + resources: {} + securityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + livenessProbe: + exec: + command: + - /csi-node-driver-registrar + - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH) + - --mode=kubelet-registration-probe + initialDelaySeconds: 30 + periodSeconds: 90 + timeoutSeconds: 15 + volumemodifier: + env: [] + image: + pullPolicy: IfNotPresent + repository: public.ecr.aws/ebs-csi-driver/volume-modifier-for-k8s + tag: "v0.3.0@sha256:c9e4e64e721b8fea4ba34502ac9f8fb83bd1571117276f553ac4595e0c5a3bf8" + leaderElection: + enabled: true + # Optional values to tune lease behavior. + # The arguments provided must be in an acceptable time.ParseDuration format. + # Ref: https://pkg.go.dev/flag#Duration + # leaseDuration: "15s" + # renewDeadline: "10s" + # retryPeriod: "5s" + logLevel: 2 + # Additional parameters provided by volume-modifier-for-k8s. + additionalArgs: [] resources: {} securityContext: readOnlyRootFilesystem: true @@ -114,7 +174,16 @@ imagePullSecrets: [] nameOverride: fullnameOverride: +awsAccessSecret: + name: aws-secret + keyId: key_id + accessKey: access_key + controller: + batching: true + volumeModificationFeature: + enabled: false + # Additional parameters provided by aws-ebs-csi-driver controller. additionalArgs: [] sdkDebugLog: false loggingFormat: text @@ -165,12 +234,15 @@ controller: # Additional labels for ServiceMonitor object labels: release: prometheus + interval: "15s" # If set to true, AWS API call metrics will be exported to the following # TCP endpoint: "0.0.0.0:3301" # --- # ID of the Kubernetes cluster used for tagging provisioned EBS volumes (optional). k8sTagClusterId: logLevel: 2 + userAgentExtra: "helm" + deploymentAnnotations: {} nodeSelector: node-role.kubernetes.io/control-plane: "" podAnnotations: {} @@ -182,6 +254,9 @@ controller: # region: us-east-1 region: replicaCount: 2 + revisionHistoryLimit: 10 + socketDirVolume: + emptyDir: {} updateStrategy: type: RollingUpdate rollingUpdate: @@ -195,13 +270,15 @@ controller: cpu: 10m memory: 40Mi limits: - cpu: 100m memory: 256Mi serviceAccount: # A service account will be created for you if set to true. Set to false if you want to use your own. create: true name: ebs-csi-controller-sa annotations: {} + ## Enable if EKS IAM for SA is used + # eks.amazonaws.com/role-arn: arn::iam:::role/ebs-csi-role + automountServiceAccountToken: true tolerations: - key: CriticalAddonsOnly operator: Exists @@ -235,8 +312,18 @@ controller: runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 + # Add additional volume mounts on the controller with controller.volumes and controller.volumeMounts volumes: [] + # Add additional volumes to be mounted onto the controller: + # - name: custom-dir + # hostPath: + # path: /path/to/dir + # type: Directory volumeMounts: [] + # And add mount paths for those additional volumes: + # - name: custom-dir + # mountPath: /mount/path + # --- # securityContext on the controller container (see sidecars for securityContext on sidecar containers) containerSecurityContext: readOnlyRootFilesystem: true @@ -249,6 +336,13 @@ controller: # - name: wait # image: busybox # command: [ 'sh', '-c', "sleep 20" ] + # Enable opentelemetry tracing for the plugin running on the daemonset + otelTracing: {} + # otelServiceName: ebs-csi-controller + # otelExporterEndpoint: "http://localhost:4317" + + # Enable dnsConfig for the controller and node pods + dnsConfig: {} node: env: [] @@ -257,16 +351,26 @@ node: loggingFormat: text logLevel: 2 priorityClassName: + additionalArgs: [] affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - - matchExpressions: - - key: eks.amazonaws.com/compute-type - operator: NotIn - values: - - fargate + - matchExpressions: + - key: eks.amazonaws.com/compute-type + operator: NotIn + values: + - fargate + - key: node.kubernetes.io/instance-type + operator: NotIn + values: + - a1.medium + - a1.large + - a1.xlarge + - a1.2xlarge + - a1.4xlarge nodeSelector: {} + daemonSetAnnotations: {} podAnnotations: {} podLabels: {} tolerateAllTaints: true @@ -279,19 +383,32 @@ node: cpu: 10m memory: 40Mi limits: - cpu: 100m memory: 256Mi + revisionHistoryLimit: 10 + probeDirVolume: + emptyDir: {} serviceAccount: create: true name: ebs-csi-node-sa annotations: {} + ## Enable if EKS IAM for SA is used + # eks.amazonaws.com/role-arn: arn::iam:::role/ebs-csi-role + automountServiceAccountToken: true + # Enable the linux daemonset creation + enableLinux: true enableWindows: false + # The number of attachment slots to reserve for system use (and not to be used for CSI volumes) + # When this parameter is not specified (or set to -1), the EBS CSI Driver will attempt to determine the number of reserved slots via heuristic + # Cannot be specified at the same time as `node.volumeAttachLimit` + reservedVolumeAttachments: # The "maximum number of attachable volumes" per node + # Cannot be specified at the same time as `node.reservedVolumeAttachments` volumeAttachLimit: updateStrategy: type: RollingUpdate rollingUpdate: maxUnavailable: "10%" + hostNetwork: false # securityContext on the node pod securityContext: # The node pod must be run as root to bind to the registration/driver sockets @@ -299,10 +416,38 @@ node: runAsUser: 0 runAsGroup: 0 fsGroup: 0 + # Add additional volume mounts on the node pods with node.volumes and node.volumeMounts + volumes: [] + # Add additional volumes to be mounted onto the node pods: + # - name: custom-dir + # hostPath: + # path: /path/to/dir + # type: Directory + volumeMounts: [] + # And add mount paths for those additional volumes: + # - name: custom-dir + # mountPath: /mount/path + # --- # securityContext on the node container (see sidecars for securityContext on sidecar containers) containerSecurityContext: readOnlyRootFilesystem: true privileged: true + # Enable opentelemetry tracing for the plugin running on the daemonset + otelTracing: {} + # otelServiceName: ebs-csi-node + # otelExporterEndpoint: "http://localhost:4317" + +additionalDaemonSets: + # Additional node DaemonSets, using the node config structure + # See docs/additional-daemonsets.md for more information + # + # example: + # nodeSelector: + # node.kubernetes.io/instance-type: c5.large + # volumeAttachLimit: 15 + +# Enable compatibility for the A1 instance family via use of an AL2-based image in a separate DaemonSet +# a1CompatibilityDaemonSet: true # Create Constellation default StorageClasses createStorageClass: true @@ -323,12 +468,18 @@ storageClasses: [] # parameters: # encrypted: "true" +defaultStorageClass: + enabled: false + volumeSnapshotClasses: [] # Add VolumeSnapshotClass resources like: # - name: ebs-vsc # # annotation metadata # annotations: # snapshot.storage.kubernetes.io/is-default-class: "true" +# # label metadata +# labels: +# my-label-is: supercool # # deletionPolicy must be specified # deletionPolicy: Delete # parameters: @@ -337,3 +488,8 @@ volumeSnapshotClasses: [] # Intended for use with older clusters that cannot easily replace the CSIDriver object # This parameter should always be false for new installations useOldCSIDriver: false + +helmTester: + enabled: true + # Supply a custom image to the ebs-csi-driver-test pod in helm-tester.yaml + image: "gcr.io/k8s-staging-test-infra/kubekins-e2e:v20240311-b09cdeb92c-master" diff --git a/internal/constellation/helm/update-csi-charts.sh b/internal/constellation/helm/update-csi-charts.sh index 96dba4a02..16debb98d 100755 --- a/internal/constellation/helm/update-csi-charts.sh +++ b/internal/constellation/helm/update-csi-charts.sh @@ -68,7 +68,7 @@ download_chart() { } ## AWS CSI Driver -download_chart "https://github.com/edgelesssys/constellation-aws-ebs-csi-driver" "v1.1.1" "charts/aws-ebs-csi-driver" "aws-csi-driver" +download_chart "https://github.com/edgelesssys/constellation-aws-ebs-csi-driver" "v1.2.0" "charts/aws-ebs-csi-driver" "aws-csi-driver" ## Azure CSI Driver download_chart "https://github.com/edgelesssys/constellation-azuredisk-csi-driver" "v1.3.0" "charts/edgeless" "azuredisk-csi-driver" From 7197a9b71931d5d4bc1c6b1716a33b595f9a9dff Mon Sep 17 00:00:00 2001 From: Felix Schuster <1911679+flxflx@users.noreply.github.com> Date: Mon, 27 May 2024 18:21:27 +0200 Subject: [PATCH 033/380] Rewrite "chain of trust" section (#3066) Co-authored-by: 3u13r Co-authored-by: Moritz Eckert --- docs/docs/architecture/attestation.md | 57 ++++++++++++------- .../config/vocabularies/edgeless/accept.txt | 1 + .../version-2.16/architecture/attestation.md | 57 ++++++++++++------- 3 files changed, 75 insertions(+), 40 deletions(-) diff --git a/docs/docs/architecture/attestation.md b/docs/docs/architecture/attestation.md index 5a8638964..bc7ada851 100644 --- a/docs/docs/architecture/attestation.md +++ b/docs/docs/architecture/attestation.md @@ -78,15 +78,15 @@ The idea is that Constellation nodes should have verifiable integrity from the C The solution is a verifiable boot chain and an integrity-protected runtime environment. Constellation uses measured boot within CVMs, measuring each component in the boot process before executing it. -Outside of CC, it's usually implemented via TPMs. +Outside of CC, this is usually implemented via TPMs. CVM technologies differ in how they implement runtime measurements, but the general concepts are similar to those of a TPM. For simplicity, TPM terminology like *PCR* is used in the following. -When a Constellation node image boots inside a CVM, it uses measured boot for all stages and components of the boot chain. +When a Constellation node image boots inside a CVM, measured boot is used for all stages and components of the boot chain. This process goes up to the root filesystem. -The root filesystem is mounted read-only with integrity protection, guaranteeing forward integrity. +The root filesystem is mounted read-only with integrity protection. For the details on the image and boot stages see the [image architecture](../architecture/images.md) documentation. -Any changes to the image will inevitably also change the measured boot's PCR values. +Any changes to the image will inevitably also change the corresponding PCR values. To create a node attestation statement, the Constellation image obtains a CVM attestation statement from the hardware. This includes the runtime measurements and thereby binds the measured boot results to the CVM hardware measurement. @@ -341,32 +341,49 @@ When an initialized node tries to join another cluster, its measurements inevita The [*VerificationService*](microservices.md#verificationservice) provides an endpoint for obtaining its hardware-based remote attestation statement, which includes the runtime measurements. A user can [verify](../workflows/verify-cluster.md) this statement and compare the measurements against the configured ground truth and, thus, verify the identity and integrity of all Constellation components and the cluster configuration. Subsequently, the user knows that the entire cluster is in the expected state and is trustworthy. -## Chain of trust +## Putting it all together +This section puts the aforementioned concepts together and illustrate how trust into a Constellation cluster is established and maintained. -So far, this page described how an entire Constellation cluster can be verified using hardware attestation capabilities and runtime measurements. -The last missing link is how the ground truth in the form of runtime measurements can be securely distributed to the verifying party. +### CLI and node images -The build process of Constellation images also creates the ground truth runtime measurements. The builds of Constellation images are reproducible and the measurements of an image can be recalculated and verified by everyone. -With every release, Edgeless Systems publishes signed runtime measurements. +It all starts with the CLI executable. The CLI is signed by Edgeless Systems. To ensure non-repudiability for CLI releases, Edgeless Systems publishes corresponding signatures to the public ledger of the [sigstore project](https://www.sigstore.dev/). There's a [step-by-step guide](../workflows/verify-cli.md) on how to verify CLI signatures based on sigstore. -The CLI executable is also signed by Edgeless Systems. -You can [verify its signature](../workflows/verify-cli.md). +The CLI contains the latest runtime measurements of the Constellation node image for all supported cloud platforms. In case a different version of the node image is to be used, the corresponding runtime measurements can be fetched using the CLI's [fetch-measurements command](../reference/cli.md#constellation-config-fetch-measurements). This command downloads the runtime measurements and the corresponding signature from cdn.confidential.cloud. See for example the following files corresponding to node image v2.16.3: +* [Measurements](https://cdn.confidential.cloud/constellation/v2/ref/-/stream/stable/v2.16.3/image/measurements.json) +* [Signature](https://cdn.confidential.cloud/constellation/v2/ref/-/stream/stable/v2.16.3/image/measurements.json.sig) -The CLI contains the public key required to verify signed runtime measurements from Edgeless Systems. -When a cluster is [created](../workflows/create.md) or [upgraded](../workflows/upgrade.md), the CLI automatically verifies the measurements for the selected image. +The CLI contains the long-term public key of Edgeless Systems to verify the signature of downloaded runtime measurements. -Thus, there's a chain of trust based on cryptographic signatures, which goes from CLI to runtime measurements to images. This is illustrated in the following diagram. +### Cluster creation + +When a cluster is [created](../workflows/create.md), the CLI automatically verifies the runtime measurements of the *first node* using remote attestation. Based on this, the CLI and the first node set up a temporary TLS connection. This [aTLS](#attested-tls-atls) connection is used for two things: +1. The CLI sends the [master secret](../architecture/keys.md#master-secret) of the to-be-created cluster to the CLI. The master secret is generated by the first node. +2. The first node sends a [kubeconfig file](https://www.redhat.com/sysadmin/kubeconfig) with Kubernetes credentials to the CLI. + +After this, the aTLS connection is closed and the first node bootstraps the Kubernetes cluster. All subsequent interactions between the CLI and the cluster go via the [Kubernetes API](https://kubernetes.io/docs/concepts/overview/kubernetes-api/) server running inside the cluster. The CLI (and other tools like kubectl) use the credentials referenced by the kubeconfig file to authenticate themselves towards the Kubernetes API server and to establish a mTLS connection. + +The CLI connects to the Kubernetes API to write the runtime measurements for the applicable node image to etcd. The JoinService uses these runtime measurements to verify all nodes that join the cluster subsequently. + +### Chain of trust + +In summary, there's a chain of trust based on cryptographic signatures that goes from the user to the cluster via the CLI. This is illustrated in the following diagram. ```mermaid flowchart LR - A[Edgeless]-- "signs (cosign)" -->B[CLI] - C[User]-- "verifies (cosign)" -->B[CLI] - B[CLI]-- "contains" -->D["Public Key"] - A[Edgeless]-- "signs" -->E["Runtime measurements"] - D["Public key"]-- "verifies" -->E["Runtime measurements"] - E["Runtime measurements"]-- "verify" -->F["Constellation cluster"] + A[User]-- "verifies" -->B[CLI] + B[CLI]-- "verifies" -->C([Runtime measurements]) + D[Edgeless Systems]-- "signs" -->B[CLI] + D[Edgeless Systems]-- "signs" -->C([Runtime measurements]) + B[CLI]-- "verifies (remote attestation)" -->E[First node] + E[First node]-- "verifies (remote attestation)" -->F[Other nodes] + C([Runtime measurements]) -.-> E[First node] + C([Runtime measurements]) -.-> F[Other nodes] ``` +### Upgrades + +Whenever a cluster is [upgraded](../workflows/upgrade.md) to a new version of the node image, the CLI sends the corresponding runtime measurements via the Kubernetes API server. The new runtime measurements are stored in etcd within the cluster and replace any previous runtime measurements. The new runtime measurements are then used automatically by the JoinService for the verification of new nodes. + ## References [^1]: Linux IMA produces runtime measurements of user-space binaries. diff --git a/docs/styles/config/vocabularies/edgeless/accept.txt b/docs/styles/config/vocabularies/edgeless/accept.txt index 26fa0d0c9..0e179c486 100644 --- a/docs/styles/config/vocabularies/edgeless/accept.txt +++ b/docs/styles/config/vocabularies/edgeless/accept.txt @@ -11,6 +11,7 @@ backend Bazel bootloader Bootstrapper +CLI cloud config CPU diff --git a/docs/versioned_docs/version-2.16/architecture/attestation.md b/docs/versioned_docs/version-2.16/architecture/attestation.md index 5a8638964..bc7ada851 100644 --- a/docs/versioned_docs/version-2.16/architecture/attestation.md +++ b/docs/versioned_docs/version-2.16/architecture/attestation.md @@ -78,15 +78,15 @@ The idea is that Constellation nodes should have verifiable integrity from the C The solution is a verifiable boot chain and an integrity-protected runtime environment. Constellation uses measured boot within CVMs, measuring each component in the boot process before executing it. -Outside of CC, it's usually implemented via TPMs. +Outside of CC, this is usually implemented via TPMs. CVM technologies differ in how they implement runtime measurements, but the general concepts are similar to those of a TPM. For simplicity, TPM terminology like *PCR* is used in the following. -When a Constellation node image boots inside a CVM, it uses measured boot for all stages and components of the boot chain. +When a Constellation node image boots inside a CVM, measured boot is used for all stages and components of the boot chain. This process goes up to the root filesystem. -The root filesystem is mounted read-only with integrity protection, guaranteeing forward integrity. +The root filesystem is mounted read-only with integrity protection. For the details on the image and boot stages see the [image architecture](../architecture/images.md) documentation. -Any changes to the image will inevitably also change the measured boot's PCR values. +Any changes to the image will inevitably also change the corresponding PCR values. To create a node attestation statement, the Constellation image obtains a CVM attestation statement from the hardware. This includes the runtime measurements and thereby binds the measured boot results to the CVM hardware measurement. @@ -341,32 +341,49 @@ When an initialized node tries to join another cluster, its measurements inevita The [*VerificationService*](microservices.md#verificationservice) provides an endpoint for obtaining its hardware-based remote attestation statement, which includes the runtime measurements. A user can [verify](../workflows/verify-cluster.md) this statement and compare the measurements against the configured ground truth and, thus, verify the identity and integrity of all Constellation components and the cluster configuration. Subsequently, the user knows that the entire cluster is in the expected state and is trustworthy. -## Chain of trust +## Putting it all together +This section puts the aforementioned concepts together and illustrate how trust into a Constellation cluster is established and maintained. -So far, this page described how an entire Constellation cluster can be verified using hardware attestation capabilities and runtime measurements. -The last missing link is how the ground truth in the form of runtime measurements can be securely distributed to the verifying party. +### CLI and node images -The build process of Constellation images also creates the ground truth runtime measurements. The builds of Constellation images are reproducible and the measurements of an image can be recalculated and verified by everyone. -With every release, Edgeless Systems publishes signed runtime measurements. +It all starts with the CLI executable. The CLI is signed by Edgeless Systems. To ensure non-repudiability for CLI releases, Edgeless Systems publishes corresponding signatures to the public ledger of the [sigstore project](https://www.sigstore.dev/). There's a [step-by-step guide](../workflows/verify-cli.md) on how to verify CLI signatures based on sigstore. -The CLI executable is also signed by Edgeless Systems. -You can [verify its signature](../workflows/verify-cli.md). +The CLI contains the latest runtime measurements of the Constellation node image for all supported cloud platforms. In case a different version of the node image is to be used, the corresponding runtime measurements can be fetched using the CLI's [fetch-measurements command](../reference/cli.md#constellation-config-fetch-measurements). This command downloads the runtime measurements and the corresponding signature from cdn.confidential.cloud. See for example the following files corresponding to node image v2.16.3: +* [Measurements](https://cdn.confidential.cloud/constellation/v2/ref/-/stream/stable/v2.16.3/image/measurements.json) +* [Signature](https://cdn.confidential.cloud/constellation/v2/ref/-/stream/stable/v2.16.3/image/measurements.json.sig) -The CLI contains the public key required to verify signed runtime measurements from Edgeless Systems. -When a cluster is [created](../workflows/create.md) or [upgraded](../workflows/upgrade.md), the CLI automatically verifies the measurements for the selected image. +The CLI contains the long-term public key of Edgeless Systems to verify the signature of downloaded runtime measurements. -Thus, there's a chain of trust based on cryptographic signatures, which goes from CLI to runtime measurements to images. This is illustrated in the following diagram. +### Cluster creation + +When a cluster is [created](../workflows/create.md), the CLI automatically verifies the runtime measurements of the *first node* using remote attestation. Based on this, the CLI and the first node set up a temporary TLS connection. This [aTLS](#attested-tls-atls) connection is used for two things: +1. The CLI sends the [master secret](../architecture/keys.md#master-secret) of the to-be-created cluster to the CLI. The master secret is generated by the first node. +2. The first node sends a [kubeconfig file](https://www.redhat.com/sysadmin/kubeconfig) with Kubernetes credentials to the CLI. + +After this, the aTLS connection is closed and the first node bootstraps the Kubernetes cluster. All subsequent interactions between the CLI and the cluster go via the [Kubernetes API](https://kubernetes.io/docs/concepts/overview/kubernetes-api/) server running inside the cluster. The CLI (and other tools like kubectl) use the credentials referenced by the kubeconfig file to authenticate themselves towards the Kubernetes API server and to establish a mTLS connection. + +The CLI connects to the Kubernetes API to write the runtime measurements for the applicable node image to etcd. The JoinService uses these runtime measurements to verify all nodes that join the cluster subsequently. + +### Chain of trust + +In summary, there's a chain of trust based on cryptographic signatures that goes from the user to the cluster via the CLI. This is illustrated in the following diagram. ```mermaid flowchart LR - A[Edgeless]-- "signs (cosign)" -->B[CLI] - C[User]-- "verifies (cosign)" -->B[CLI] - B[CLI]-- "contains" -->D["Public Key"] - A[Edgeless]-- "signs" -->E["Runtime measurements"] - D["Public key"]-- "verifies" -->E["Runtime measurements"] - E["Runtime measurements"]-- "verify" -->F["Constellation cluster"] + A[User]-- "verifies" -->B[CLI] + B[CLI]-- "verifies" -->C([Runtime measurements]) + D[Edgeless Systems]-- "signs" -->B[CLI] + D[Edgeless Systems]-- "signs" -->C([Runtime measurements]) + B[CLI]-- "verifies (remote attestation)" -->E[First node] + E[First node]-- "verifies (remote attestation)" -->F[Other nodes] + C([Runtime measurements]) -.-> E[First node] + C([Runtime measurements]) -.-> F[Other nodes] ``` +### Upgrades + +Whenever a cluster is [upgraded](../workflows/upgrade.md) to a new version of the node image, the CLI sends the corresponding runtime measurements via the Kubernetes API server. The new runtime measurements are stored in etcd within the cluster and replace any previous runtime measurements. The new runtime measurements are then used automatically by the JoinService for the verification of new nodes. + ## References [^1]: Linux IMA produces runtime measurements of user-space binaries. From 3834373fd2f345a1942a505061b248db2af9b35b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Tue, 28 May 2024 16:25:37 +0200 Subject: [PATCH 034/380] ci: disable perf-bench test for gcp-sev-snp (#3127) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- .github/workflows/e2e-test-release.yml | 11 ++++++----- .github/workflows/e2e-test-weekly.yml | 11 ++++++----- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/.github/workflows/e2e-test-release.yml b/.github/workflows/e2e-test-release.yml index b8c7fd618..a088b5a02 100644 --- a/.github/workflows/e2e-test-release.yml +++ b/.github/workflows/e2e-test-release.yml @@ -237,11 +237,12 @@ jobs: kubernetes-version: "v1.29" runner: "ubuntu-22.04" clusterCreation: "cli" - - test: "perf-bench" - attestationVariant: "gcp-sev-snp" - kubernetes-version: "v1.29" - runner: "ubuntu-22.04" - clusterCreation: "cli" + # Not yet supported on gcp-sev-snp + #- test: "perf-bench" + # attestationVariant: "gcp-sev-snp" + # kubernetes-version: "v1.29" + # runner: "ubuntu-22.04" + # clusterCreation: "cli" - test: "perf-bench" attestationVariant: "azure-sev-snp" kubernetes-version: "v1.29" diff --git a/.github/workflows/e2e-test-weekly.yml b/.github/workflows/e2e-test-weekly.yml index b93d3f3f9..8757d60cf 100644 --- a/.github/workflows/e2e-test-weekly.yml +++ b/.github/workflows/e2e-test-weekly.yml @@ -247,11 +247,12 @@ jobs: attestationVariant: "gcp-sev-es" kubernetes-version: "v1.29" clusterCreation: "cli" - - test: "perf-bench" - refStream: "ref/main/stream/debug/?" - attestationVariant: "gcp-sev-snp" - kubernetes-version: "v1.29" - clusterCreation: "cli" + # Not yet supported on gcp-sev-snp + #- test: "perf-bench" + # refStream: "ref/main/stream/debug/?" + # attestationVariant: "gcp-sev-snp" + # kubernetes-version: "v1.29" + # clusterCreation: "cli" - test: "perf-bench" refStream: "ref/main/stream/debug/?" attestationVariant: "azure-sev-snp" From 79d3781f3e15f888fe012ffd5f88267d5fad5d27 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Wed, 29 May 2024 08:18:27 +0200 Subject: [PATCH 035/380] image: update measurements and image version (#3128) Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com> --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index ea556c1e2..1d8ce173c 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x3b, 0x0e, 0x49, 0x28, 0x19, 0x9e, 0xc0, 0xd1, 0x03, 0xfd, 0x74, 0x32, 0x7d, 0x7c, 0xa0, 0x78, 0x0d, 0x1c, 0x28, 0x81, 0x1d, 0x21, 0x66, 0x6c, 0xa3, 0x5d, 0xcd, 0x13, 0x3b, 0x57, 0x9f, 0xb7}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x86, 0xe6, 0xaf, 0x79, 0x6a, 0xcd, 0xe4, 0x61, 0x82, 0xfb, 0x28, 0x4a, 0x87, 0xae, 0x40, 0xb5, 0x0c, 0xf7, 0x4e, 0x3a, 0x5a, 0x4c, 0xad, 0xe2, 0xad, 0x18, 0xac, 0xae, 0xd8, 0x4e, 0xe8, 0xdd}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x24, 0xc5, 0xc7, 0x0a, 0xb6, 0xcd, 0x52, 0x4d, 0x36, 0x6a, 0x20, 0xe4, 0xa6, 0x5c, 0x10, 0xdd, 0x1d, 0x99, 0x0e, 0xcd, 0x4a, 0x39, 0xf1, 0x6b, 0xd0, 0x43, 0x31, 0xb5, 0xc3, 0x49, 0xfe, 0xdf}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x6a, 0x53, 0xcc, 0x79, 0xf4, 0x16, 0x8e, 0x86, 0xf6, 0x75, 0x0a, 0x03, 0xb5, 0x36, 0xc2, 0x6e, 0xf7, 0xee, 0x31, 0x15, 0x77, 0xa4, 0x4f, 0x56, 0x55, 0x81, 0xc4, 0xf1, 0xcb, 0x81, 0x3a, 0x70}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd7, 0x9b, 0xb7, 0xfd, 0xd4, 0x4b, 0xd1, 0x38, 0xbd, 0xd3, 0x0b, 0x78, 0xea, 0x87, 0xb5, 0x63, 0x03, 0x63, 0x75, 0xee, 0x77, 0x75, 0xd1, 0x3e, 0xa4, 0x1c, 0x04, 0x10, 0x54, 0xf5, 0x3b, 0x2f}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd7, 0xaf, 0x2a, 0xa9, 0xff, 0x9c, 0xef, 0x33, 0x67, 0xcf, 0x67, 0x7a, 0xbb, 0x2e, 0x80, 0x70, 0x89, 0x7c, 0x00, 0x9f, 0x5a, 0xdc, 0xa7, 0xb3, 0x2f, 0xd4, 0x6d, 0x7f, 0xf4, 0x60, 0x15, 0xe7}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x6c, 0x20, 0x74, 0x86, 0x64, 0xdf, 0xdc, 0xf7, 0x63, 0xfb, 0x71, 0xdf, 0x32, 0x0f, 0x0a, 0xff, 0x70, 0xad, 0xc6, 0x36, 0xa9, 0x6b, 0x16, 0x53, 0xe2, 0x9a, 0x69, 0x4a, 0x03, 0x4a, 0x7c, 0x73}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xa2, 0x08, 0xe5, 0xcb, 0xe3, 0x53, 0x03, 0x92, 0x30, 0x49, 0x14, 0x52, 0xcc, 0x21, 0x19, 0x86, 0xf5, 0x99, 0x23, 0xb1, 0x01, 0xc8, 0xa7, 0xc9, 0x1e, 0x7c, 0x15, 0x29, 0x60, 0xb4, 0xe1, 0x4e}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x6f, 0x9c, 0xa5, 0x18, 0x51, 0x15, 0x34, 0x8b, 0x2f, 0x02, 0xb6, 0x4a, 0xe6, 0xe9, 0xd1, 0x41, 0xad, 0x21, 0x47, 0xc1, 0x54, 0xa0, 0xad, 0x56, 0xaf, 0x52, 0x9c, 0xb0, 0x4d, 0xf8, 0x9b, 0xf0}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x69, 0xf2, 0x0f, 0x94, 0x86, 0x8b, 0x13, 0xaa, 0x77, 0x5f, 0x8d, 0x45, 0xed, 0x6e, 0x61, 0xb8, 0x36, 0xb7, 0x5e, 0xb7, 0x1f, 0x89, 0x8b, 0x4f, 0x1d, 0x41, 0x25, 0x77, 0x50, 0xa8, 0xe2, 0xd4}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x94, 0x18, 0xb5, 0x4e, 0xfa, 0xf9, 0xc2, 0x44, 0xcc, 0x9e, 0x81, 0x79, 0x1a, 0x71, 0x5f, 0xe5, 0x3d, 0x2d, 0x69, 0x7e, 0x33, 0xcb, 0x6c, 0x48, 0x0c, 0x87, 0xab, 0x0e, 0x8d, 0xba, 0x26, 0x1e}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd8, 0x30, 0x77, 0xeb, 0x47, 0xf7, 0x14, 0xcc, 0xce, 0xcf, 0x09, 0xc5, 0x44, 0x8e, 0xde, 0x74, 0x60, 0xd7, 0x10, 0x83, 0x96, 0xa9, 0x33, 0x07, 0x92, 0x52, 0x1c, 0xb9, 0xd6, 0x89, 0x59, 0x21}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x55, 0x65, 0x8f, 0x66, 0xc0, 0xf0, 0xd2, 0x09, 0x24, 0x19, 0xd0, 0x0e, 0xc5, 0x29, 0x34, 0x4c, 0x28, 0x24, 0x36, 0xd8, 0x27, 0x54, 0x40, 0x53, 0xa8, 0x71, 0x73, 0x5e, 0xbc, 0x09, 0xa9, 0x4c}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x54, 0xc9, 0x55, 0x7b, 0xe6, 0x8a, 0xa7, 0xe9, 0x9f, 0x44, 0x4c, 0x98, 0xce, 0x38, 0x14, 0x94, 0x27, 0x2c, 0x72, 0x35, 0x7c, 0x35, 0xeb, 0x3c, 0x22, 0x13, 0x65, 0x7f, 0xe4, 0x77, 0xf8, 0x01}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x0f, 0xec, 0x0b, 0x42, 0x5d, 0x89, 0xf1, 0xf0, 0xb9, 0xe8, 0xec, 0x0b, 0x24, 0xfd, 0x58, 0xd5, 0xc1, 0x80, 0xaf, 0x7b, 0xec, 0xa7, 0xe0, 0xfe, 0xf4, 0xf9, 0xe6, 0x18, 0xca, 0x86, 0x9e, 0x3d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xe2, 0x64, 0x5b, 0x8b, 0x01, 0x42, 0x53, 0xbd, 0xbb, 0xd6, 0x25, 0x2d, 0x2e, 0x7b, 0x0c, 0xf2, 0x06, 0xd1, 0x66, 0x2c, 0x92, 0x8e, 0x19, 0x91, 0x30, 0x0e, 0x1d, 0x79, 0x4b, 0x7a, 0x0f, 0xe4}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x61, 0x4b, 0xad, 0xce, 0xa4, 0x5c, 0x5f, 0x6d, 0xf5, 0xe1, 0xf3, 0x0c, 0x3e, 0x05, 0x24, 0x65, 0xd3, 0x0c, 0x21, 0x40, 0x5f, 0x21, 0x3a, 0x63, 0x3e, 0x91, 0x5c, 0x16, 0xb1, 0x55, 0x2f, 0xf3}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xcf, 0x10, 0xba, 0x46, 0x5a, 0x93, 0x95, 0x18, 0x80, 0xd5, 0xfc, 0xd0, 0x7a, 0x62, 0x14, 0x9b, 0xc4, 0xec, 0x01, 0x67, 0xcd, 0x5f, 0x73, 0xb7, 0x16, 0xf7, 0x11, 0xc5, 0x49, 0x8f, 0xec, 0x73}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xde, 0x5d, 0xe1, 0x96, 0x46, 0x1e, 0xa0, 0x02, 0x11, 0x72, 0x77, 0x96, 0x6a, 0xf1, 0x56, 0xf3, 0x28, 0xd1, 0x41, 0x92, 0x05, 0x89, 0x63, 0x39, 0x96, 0xdb, 0x68, 0xba, 0x0e, 0xfe, 0x39, 0x41}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x8a, 0x28, 0x5c, 0x21, 0x9b, 0x7b, 0xfb, 0xd4, 0xe1, 0x57, 0x21, 0x0b, 0xdb, 0x71, 0x48, 0x75, 0x1f, 0x06, 0x2c, 0xd6, 0xf9, 0x01, 0x90, 0x7e, 0x23, 0x7e, 0x42, 0x3f, 0x5b, 0x09, 0x12, 0xea}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x36, 0xe1, 0x4b, 0xb3, 0x9c, 0xd6, 0xe5, 0x8d, 0x19, 0x27, 0xd7, 0x74, 0xb4, 0x75, 0x30, 0xee, 0x13, 0xd5, 0x40, 0xd1, 0xa2, 0x12, 0xaa, 0x62, 0x2d, 0x1e, 0x02, 0x5c, 0x7d, 0x41, 0x36, 0xdb}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x9f, 0x2c, 0x07, 0xc6, 0x82, 0xe8, 0xf4, 0xc6, 0x4a, 0xf2, 0xdc, 0x20, 0x88, 0x3e, 0x6c, 0xc5, 0x6f, 0x83, 0x60, 0x24, 0xac, 0x42, 0xad, 0x77, 0x9a, 0x4d, 0xff, 0x85, 0x2c, 0x87, 0x2d, 0xd6}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x34, 0xc2, 0xcf, 0xa2, 0x1d, 0xaf, 0x60, 0x3e, 0x13, 0x83, 0xbf, 0x41, 0x19, 0x16, 0x6c, 0x02, 0xca, 0x3b, 0x74, 0xd4, 0x25, 0xad, 0x7f, 0x19, 0xcf, 0x3f, 0x6b, 0x38, 0x5b, 0xd2, 0x3f, 0x22}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf4, 0x2d, 0xef, 0xb0, 0x5f, 0x59, 0xbc, 0x51, 0x3d, 0xca, 0xe7, 0x39, 0x93, 0xd8, 0x92, 0x04, 0x38, 0x21, 0x6b, 0x9f, 0xa7, 0x3f, 0xaf, 0x54, 0x4f, 0xec, 0x2a, 0xb2, 0x40, 0x29, 0xf7, 0x4f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x03, 0x99, 0x68, 0xfc, 0xf0, 0x80, 0x0f, 0x65, 0x81, 0x71, 0x4d, 0xe4, 0xdb, 0x5f, 0xc6, 0x58, 0xb8, 0x52, 0x3a, 0xdc, 0xbf, 0x5f, 0x49, 0x8f, 0x75, 0x45, 0x63, 0x3d, 0xa1, 0x5b, 0xf2, 0xa5}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x6e, 0x12, 0x8b, 0x03, 0x4d, 0x6e, 0x59, 0xd5, 0x0b, 0x19, 0x6b, 0xd8, 0x36, 0x84, 0xee, 0x78, 0xa9, 0xcc, 0xf4, 0xac, 0xa3, 0xe5, 0xa4, 0x5d, 0x84, 0x36, 0x79, 0x49, 0xee, 0xc2, 0x80, 0x4f}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x04, 0x03, 0xc1, 0x38, 0xd3, 0x77, 0xd0, 0x98, 0x0b, 0xa5, 0x42, 0xd2, 0x83, 0x90, 0xf5, 0x6a, 0xe3, 0xe9, 0x35, 0x0d, 0xc4, 0x36, 0xb3, 0xd6, 0x0c, 0x4f, 0x7a, 0x04, 0x23, 0xf9, 0x87, 0x71}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x51, 0x9f, 0xf0, 0x2b, 0x13, 0x1c, 0x75, 0x95, 0xb3, 0x1b, 0xf7, 0xfc, 0x1f, 0x36, 0x9e, 0x5e, 0x88, 0x65, 0xc3, 0x2a, 0xfa, 0x89, 0xeb, 0x12, 0xce, 0x0c, 0x7f, 0x6d, 0xaf, 0xf8, 0x96, 0x75}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xdd, 0x17, 0x27, 0xd2, 0xbf, 0xb9, 0x61, 0xfa, 0xa2, 0xd9, 0xe7, 0xaf, 0x88, 0xa6, 0x32, 0x18, 0xe4, 0x68, 0x50, 0xc3, 0xce, 0xa5, 0x4c, 0xc9, 0x6e, 0xb2, 0x53, 0xf1, 0x1b, 0xce, 0xab, 0xae}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x30, 0xea, 0x9a, 0xc6, 0xcf, 0x55, 0x77, 0x6b, 0x3a, 0x90, 0x1f, 0xb5, 0x5a, 0x4d, 0x81, 0x80, 0x73, 0x3d, 0xe9, 0x72, 0xf5, 0x89, 0xfa, 0x45, 0xfc, 0x40, 0x7e, 0x1a, 0xd1, 0x9e, 0x75, 0x58}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0x84, 0xc7, 0x2b, 0x0a, 0x65, 0x8f, 0x34, 0xf8, 0x2f, 0x4a, 0x3a, 0x8c, 0x64, 0x66, 0x78, 0xf2, 0xd1, 0xbf, 0x43, 0x63, 0x6e, 0x6f, 0xb1, 0x05, 0xf4, 0x16, 0x70, 0x38, 0x3c, 0xea, 0xeb, 0x13}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb7, 0xa5, 0x01, 0x7a, 0x7a, 0x16, 0x17, 0x33, 0xe5, 0x56, 0x57, 0xbb, 0x55, 0xb8, 0x51, 0x82, 0x59, 0x23, 0xb4, 0x39, 0xed, 0x23, 0xe9, 0x0b, 0x84, 0xff, 0x9f, 0xdd, 0x40, 0xa5, 0xab, 0x9e}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd1, 0x0c, 0x59, 0x5e, 0x0b, 0x2f, 0xda, 0xca, 0x21, 0x9a, 0x85, 0xcb, 0xe3, 0x62, 0x4e, 0x85, 0x21, 0x0f, 0x90, 0xa8, 0xeb, 0xb8, 0x64, 0xe6, 0xaa, 0xe3, 0xeb, 0x2e, 0xd0, 0xd2, 0x3b, 0xa2}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x97, 0x62, 0xe9, 0xa1, 0x04, 0x60, 0x5a, 0x78, 0xb4, 0x2b, 0x1f, 0xcf, 0xe2, 0xbd, 0x0d, 0x35, 0x04, 0x74, 0x4c, 0xa4, 0x4c, 0xe6, 0x7a, 0x45, 0x0b, 0xf1, 0xf0, 0x4f, 0x3c, 0x32, 0xbc, 0xea}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xba, 0xd9, 0x2d, 0x9d, 0x3b, 0x55, 0xf6, 0x8a, 0x8a, 0xb8, 0xd6, 0x27, 0x4c, 0x78, 0x35, 0x7f, 0xec, 0xd2, 0x6d, 0x88, 0xa5, 0xd9, 0x33, 0x77, 0xe1, 0xae, 0x4e, 0x43, 0xd0, 0x7a, 0x68, 0x15}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa0, 0x7b, 0xf8, 0x8d, 0xc8, 0xc4, 0x5e, 0x86, 0xbd, 0x48, 0x9d, 0xa9, 0x15, 0x2f, 0x66, 0x42, 0x1d, 0x3e, 0x2f, 0x4a, 0x42, 0x2c, 0x88, 0xe7, 0x9d, 0x74, 0xb5, 0xf9, 0x6c, 0x30, 0xe6, 0xf0}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x33, 0xe8, 0xad, 0xec, 0x79, 0x1e, 0xd8, 0xf3, 0xb1, 0x2d, 0xce, 0x9a, 0x20, 0x13, 0xc4, 0x6e, 0x0b, 0xd9, 0xe4, 0x95, 0x14, 0x1a, 0x86, 0x0e, 0x38, 0xad, 0x1d, 0xcf, 0x18, 0xd1, 0xcd, 0x47}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x78, 0x4e, 0x2f, 0x57, 0xa2, 0x8b, 0xe5, 0xf7, 0x42, 0xdd, 0xea, 0xa0, 0xe5, 0xa2, 0x65, 0xad, 0xd5, 0xa2, 0x5d, 0x46, 0x60, 0x1d, 0x57, 0xbd, 0xe1, 0xbc, 0x86, 0xb8, 0xf9, 0xdd, 0x8b, 0xaa}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x0e, 0xb3, 0x68, 0x3e, 0x90, 0x3f, 0x65, 0x09, 0xc9, 0x17, 0xb5, 0x70, 0xa8, 0x40, 0x2b, 0x7b, 0xa5, 0x4d, 0x7c, 0xf7, 0x0f, 0x28, 0x38, 0x3d, 0xcf, 0xd9, 0xd3, 0xec, 0x41, 0x40, 0x2b, 0x4e}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0x16, 0x67, 0xb1, 0x0f, 0x1c, 0xd9, 0x7b, 0x76, 0xbf, 0xec, 0x1c, 0x81, 0x08, 0xa6, 0x83, 0xa3, 0x59, 0x76, 0x66, 0xeb, 0xd2, 0xd1, 0xde, 0xbd, 0x4b, 0xed, 0x7f, 0xd5, 0xba, 0x4b, 0xf1, 0x1a}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x99, 0x0f, 0x14, 0x98, 0x56, 0x12, 0x8f, 0x28, 0xd2, 0x22, 0x33, 0x45, 0xae, 0xfb, 0x14, 0x7c, 0x15, 0xdb, 0x18, 0x9b, 0x4f, 0x30, 0x9d, 0x1e, 0x41, 0xa8, 0x99, 0xd7, 0x44, 0x27, 0x31, 0x27}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf8, 0x03, 0x6b, 0x0f, 0x30, 0x11, 0xc3, 0x24, 0x9a, 0x41, 0xe8, 0xc6, 0x75, 0x6e, 0x54, 0x97, 0xf5, 0xb4, 0x7d, 0x6e, 0xbd, 0x49, 0x81, 0xab, 0x3f, 0xa2, 0x56, 0x76, 0x5a, 0xb1, 0x23, 0x99}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0x54, 0xa7, 0x25, 0x0c, 0xca, 0xd6, 0xf1, 0xc4, 0xca, 0xc8, 0x3d, 0x2c, 0x5f, 0xd4, 0x05, 0x0e, 0x50, 0x27, 0xe4, 0x5a, 0xed, 0x2e, 0xf6, 0xf1, 0x91, 0xa9, 0x21, 0xfd, 0xa8, 0x38, 0xc8, 0x93}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xe2, 0x21, 0x0d, 0x3d, 0x74, 0x38, 0x55, 0x82, 0x44, 0x1e, 0xe3, 0x6b, 0x30, 0x11, 0x4a, 0x83, 0xb3, 0x6f, 0x1a, 0x5c, 0x2f, 0x42, 0x30, 0x99, 0x01, 0xb6, 0x78, 0xa1, 0x8a, 0x27, 0x21, 0x40}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x30, 0x91, 0xe2, 0x60, 0x76, 0xc0, 0x52, 0x09, 0x76, 0x2f, 0xf5, 0xad, 0xef, 0x15, 0x26, 0x7e, 0x06, 0x2f, 0xd6, 0x37, 0xaf, 0xa0, 0x38, 0x20, 0x77, 0xf3, 0x29, 0xbd, 0xa4, 0xcd, 0x2e, 0x99}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0x87, 0x63, 0xb3, 0x6a, 0xfe, 0x58, 0x48, 0x01, 0x64, 0xd3, 0x81, 0xf1, 0x27, 0x29, 0xcc, 0x92, 0xa9, 0xa4, 0xcd, 0x6f, 0x06, 0xf6, 0xa5, 0x2a, 0x8b, 0xc1, 0xad, 0x44, 0xef, 0xd1, 0x7b, 0xd9}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x62, 0x62, 0xe2, 0xff, 0xd5, 0x8a, 0xdd, 0x91, 0x65, 0x61, 0xfd, 0x54, 0x77, 0x23, 0x2a, 0x1c, 0xd6, 0x9e, 0x44, 0x4b, 0x12, 0x58, 0xcf, 0xc5, 0xa2, 0x6b, 0x1c, 0x0d, 0x8e, 0x2e, 0xd8, 0x8a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x28, 0x10, 0x97, 0xc5, 0x9e, 0xc3, 0x01, 0xbe, 0xfc, 0xb4, 0xe9, 0x20, 0x0f, 0x80, 0x0f, 0x4f, 0x34, 0x37, 0x68, 0x38, 0xf7, 0x1d, 0xc8, 0xbb, 0xb2, 0xc7, 0x2e, 0x3d, 0x3c, 0x0a, 0x94, 0xec}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index 9a798ce20..f11fdb98e 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.17.0-pre.0.20240523094804-b86faadfcc7d" + defaultImage = "ref/main/stream/nightly/v2.17.0-pre.0.20240528162537-3834373fd2f3" ) From fbdc8f6e852d67552597bf502f40aa1bd75b376e Mon Sep 17 00:00:00 2001 From: miampf Date: Fri, 31 May 2024 13:51:55 +0200 Subject: [PATCH 036/380] ci: clean up failed miniconstellation e2e tests (#3109) --- .github/actions/e2e_mini/action.yml | 20 ++++++++++++++++++++ .github/workflows/e2e-mini.yml | 1 + .github/workflows/e2e-test-daily.yml | 1 + .github/workflows/e2e-test-weekly.yml | 1 + e2e/miniconstellation/main.sh.in | 3 +++ e2e/miniconstellation/output.tf | 6 ++++++ 6 files changed, 32 insertions(+) diff --git a/.github/actions/e2e_mini/action.yml b/.github/actions/e2e_mini/action.yml index 2efd3a9a4..49a550414 100644 --- a/.github/actions/e2e_mini/action.yml +++ b/.github/actions/e2e_mini/action.yml @@ -11,6 +11,9 @@ inputs: azureTenantID: description: "Azure tenant to use for login with OIDC" required: true + azureIAMCredentials: + description: "Azure IAM credentials used for cleaning up resources" + required: true registry: description: "Container registry to use" required: true @@ -38,9 +41,26 @@ runs: - name: MiniConstellation E2E shell: bash + id: e2e-test env: ARM_CLIENT_ID: ${{ inputs.azureClientID }} ARM_SUBSCRIPTION_ID: ${{ inputs.azureSubscriptionID }} ARM_TENANT_ID: ${{ inputs.azureTenantID }} run: | bazel run --test_timeout=14400 //e2e/miniconstellation:push_remote_test + + - name: Log in to azure + # only log in if e2e test failed or if the run was cancelled + if: (failure() && steps.e2e-test.conclusion == 'failure') || cancelled() + uses: ./.github/actions/login_azure + with: + azure_credentials: ${{ inputs.azureIAMCredentials }} + + - name: Clean up after failure + shell: bash + # clean up if e2e test failed or if the run was cancelled + if: (failure() && steps.e2e-test.conclusion == 'failure') || cancelled() + run: | + rg_name=${{ steps.e2e-test.outputs.rgname }} + echo "[*] Deleting resource group $rg_name" + az group delete -y --resource-group "$rg_name" diff --git a/.github/workflows/e2e-mini.yml b/.github/workflows/e2e-mini.yml index 06b824fbf..1d4805490 100644 --- a/.github/workflows/e2e-mini.yml +++ b/.github/workflows/e2e-mini.yml @@ -46,5 +46,6 @@ jobs: azureClientID: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }} azureSubscriptionID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} azureTenantID: ${{ secrets.AZURE_TENANT_ID }} + azureIAMCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }} registry: ghcr.io githubToken: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/e2e-test-daily.yml b/.github/workflows/e2e-test-daily.yml index df0c8e1f5..8be319bec 100644 --- a/.github/workflows/e2e-test-daily.yml +++ b/.github/workflows/e2e-test-daily.yml @@ -181,6 +181,7 @@ jobs: azureClientID: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }} azureSubscriptionID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} azureTenantID: ${{ secrets.AZURE_TENANT_ID }} + azureIAMCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }} registry: ghcr.io githubToken: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/e2e-test-weekly.yml b/.github/workflows/e2e-test-weekly.yml index 8757d60cf..0b46c6e0b 100644 --- a/.github/workflows/e2e-test-weekly.yml +++ b/.github/workflows/e2e-test-weekly.yml @@ -455,6 +455,7 @@ jobs: azureClientID: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }} azureSubscriptionID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} azureTenantID: ${{ secrets.AZURE_TENANT_ID }} + azureIAMCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }} registry: ghcr.io githubToken: ${{ secrets.GITHUB_TOKEN }} diff --git a/e2e/miniconstellation/main.sh.in b/e2e/miniconstellation/main.sh.in index 694f17bb3..19e1df279 100755 --- a/e2e/miniconstellation/main.sh.in +++ b/e2e/miniconstellation/main.sh.in @@ -28,6 +28,9 @@ terraform apply -auto-approve terraform output -raw ssh_private_key > id_rsa chmod 600 id_rsa +rg_name=$(terraform output -raw rg_name) +echo "rgname=$rg_name" >> "${GITHUB_OUTPUT:-/dev/null}" + azure_vm_ip=$(terraform output -raw public_ip) echo "::endgroup::" diff --git a/e2e/miniconstellation/output.tf b/e2e/miniconstellation/output.tf index 14f541264..c8f961a46 100644 --- a/e2e/miniconstellation/output.tf +++ b/e2e/miniconstellation/output.tf @@ -9,3 +9,9 @@ output "ssh_private_key" { sensitive = true depends_on = [tls_private_key.ssh_key] } + +output "rg_name" { + value = "e2e-mini-${random_string.suffix.result}" + sensitive = false + depends_on = [random_string.suffix] +} From 26e9f988ffc5d38f85d46cef0f652f2e900dadb6 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Sun, 2 Jun 2024 20:21:45 +0200 Subject: [PATCH 037/380] image: update locked rpms (#3133) Co-authored-by: malt3 <1780588+malt3@users.noreply.github.com> --- image/mirror/SHA256SUMS | 46 ++++++++++++++++++++--------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/image/mirror/SHA256SUMS b/image/mirror/SHA256SUMS index cbda51d14..7c80ee794 100644 --- a/image/mirror/SHA256SUMS +++ b/image/mirror/SHA256SUMS @@ -1,6 +1,6 @@ 37abef83e8927b4b48f69fcbdcc249d349c6029cc669401676d01f0ea326999e WALinuxAgent-udev-2.10.0.8-2.fc40.noarch.rpm a1d1bd1e3dd3f133c984039219a05703cb38b073daf8a864bd95805747633103 aardvark-dns-1.10.0-1.fc40.x86_64.rpm -7e635d208b2d3191973fbce9b2ee0a470204fa121270d9aa297ed5c3546f520b alternatives-1.26-3.fc40.x86_64.rpm +ac860c52abbc65af5835d1bd97400c531a5635d39bc1d68e36a1fe54863385ea alternatives-1.27-1.fc40.x86_64.rpm a8aac6e068011d76e89536ffcb29e516c3ccd0095ef8ada0a37a9fd21a2b39b0 audit-libs-4.0.1-1.fc40.i686.rpm 5b6386ac345c3fd388c509df4ad31ffe04f1a1ed6eb4f10d2b5f56c2a5b300dc audit-libs-4.0.1-1.fc40.x86_64.rpm 0fe4ed8770711ede2fcec43c4545b62461a24f03b3aa836d0e7071f4436e26f1 authselect-1.5.0-5.fc40.x86_64.rpm @@ -55,13 +55,13 @@ de10b1728571d2976e2f0f4cc5067d4575a5e97ec3914c57af537846ccaec753 elfutils-debug c1eca14924981b987f9b17c01a97511d641f49ac6b2b0f2d8e83563343932302 elfutils-libelf-0.191-4.fc40.x86_64.rpm 393c5920c3b69834e5a75b05f48f04e696f509cb52c8055e686e63e677342547 elfutils-libs-0.191-4.fc40.i686.rpm d7d1ed3fca0696b8c38effe21bc70c84a94cb66c0b59bb1980c0f455d23b7fec elfutils-libs-0.191-4.fc40.x86_64.rpm -7be0991d79544dadcaa16c0a23c8fea9a0839b4f65db3664b3a4209358aa5ff3 ethtool-6.7-1.fc40.x86_64.rpm +3f28119308f5297577da9013e36585f5bd86953e61f5a10f8543b4c5f35e84fd ethtool-6.9-1.fc40.x86_64.rpm 19d6e2f987c80d97b82c3d837d584eca60621b6d8cbd6797ba01a01ed8848799 expat-2.6.2-1.fc40.x86_64.rpm -601842a8c2ed5c58481e7cf14c03d128dd7b8512304d144c37aee9c8a1c3330d fedora-gpg-keys-40-1.noarch.rpm +849feb04544096f9bbe16bc78c2198708fe658bdafa08575c911e538a7d31c18 fedora-gpg-keys-40-2.noarch.rpm bd62f80ae7dc50c20b0633d86f1c4a9f205f7df13c8ee1a5d5f624872c29271e fedora-release-40-39.noarch.rpm 590c9439a81fb9e35a8b4d19dc159ce09b756f8f7f66a6290d8785f424d97003 fedora-release-common-40-39.noarch.rpm 057acf25df0f6b028657790b2addca123faac0b80639ac6da13632dc7811d6f3 fedora-release-identity-basic-40-39.noarch.rpm -4eb9b6ecc46fb6c7592de7faabd9c460fa5b551a7074d5e5da49f69c5b9d0e09 fedora-repos-40-1.noarch.rpm +e85d69eeea62f4f5a7c6584bc8bae3cb559c1c381838ca89f7d63b28d2368c4b fedora-repos-40-2.noarch.rpm a6f2098fc2ed16df92c9325bd7459cc41479e17306a4f9cddfd5df8a1b80d0f8 file-5.45-4.fc40.x86_64.rpm f76684ee78408660db83ab9932978a1346b280f4210cd744524b00b2e5891fe1 file-libs-5.45-4.fc40.x86_64.rpm 063af3db3808bea0d5c07dbb2d8369b275e1d05ad0850c80a8fec0413f47cd64 filesystem-3.18-8.fc40.x86_64.rpm @@ -94,9 +94,9 @@ b054d6a9ee3477e935686b327aa47379bd1909eac4ce06c4c45dff1a201ecb49 gmp-6.2.1-8.fc 94e443590221fb17e0330f076ebac32baab17b8d9c22566db372899ae750ca64 gpgme-1.23.2-3.fc40.x86_64.rpm 6d54af0fc5ae216eb97720415acda4245ebc6c021420a2892b58620b5b25ca38 gpm-libs-1.20.7-46.fc40.x86_64.rpm 8e2310f6cde324576e537749cf1d4fee8028edfc0c8df3070f147ee162b423ce grep-3.11-7.fc40.x86_64.rpm -50723d6fa868659466090da71ddaf59b5201a435de86b4e70d4f1e94de138f41 grub2-common-2.06-121.fc40.noarch.rpm -cbba9b3c7947fd14a88a8a2c4d5d022ecf3e280b8d2381b3902ba95112677a97 grub2-tools-2.06-121.fc40.x86_64.rpm -8cd674db8d05f6e4cc905dcaeffd353c2bb21c38d8bda4a0884697a068b631cc grub2-tools-minimal-2.06-121.fc40.x86_64.rpm +cfdba55bf65221d4cb6574e18586340f813ee948fb90f94088ab730a8cbd4400 grub2-common-2.06-123.fc40.noarch.rpm +a265c8c4acac4c2a3c5f63f98df89e689b87f6f6bcceac1c83882d9cdab90eab grub2-tools-2.06-123.fc40.x86_64.rpm +3ff26313487d9656195f2e121eb57ea6411deab71b0ec3ae57f11785ba86f330 grub2-tools-minimal-2.06-123.fc40.x86_64.rpm 6a146fa9b154e67eb67eeb258df37814a863997c87171fdc2bd771e5a46b1cc4 grubby-8.40-75.fc40.x86_64.rpm 6a502364cc7cfa1ec1918dbff2d678b4392c9f0279b66302bc8c039c36d7bde6 gvisor-tap-vsock-0.7.3-2.fc40.x86_64.rpm 7976f6318044e7adbf543edb4d3da4fbc43ef628e433a0c55b4652dc1c15a735 gvisor-tap-vsock-gvforwarder-0.7.3-2.fc40.x86_64.rpm @@ -123,7 +123,7 @@ b71c8e48abe4b3f4898e59233bf071b75ae9a58c691c7d1b988c661b700931ff krb5-libs-1.21 9fa9b3dc437120759814d4b33f05d84b4317f55dc310d8075f4555f341e25ff1 krb5-libs-1.21.2-5.fc40.x86_64.rpm 6f2f0a522f2f10f273a77a60fdb7e066c14059d0a3676c9f723162daa7110b42 libacl-2.3.2-1.fc40.i686.rpm b753174804f57c3c6bae7afeb6145005498f18ae5d1aa0d340f9df5b8d71312f libacl-2.3.2-1.fc40.x86_64.rpm -a8492446b11c5813bde22268957d6bd74b7a5eab9d0cb77dee47bbe23bc01754 libarchive-3.7.2-3.fc40.x86_64.rpm +779fe018a49d05d6f8230cc780960fbbd8990790e0ebe5b0d9e043f998db121e libarchive-3.7.2-4.fc40.x86_64.rpm e131ab89604dbd4fdc4f80af632099e48bf68bb328dbf0e7dcbef1d1e134dc09 libassuan-2.5.7-1.fc40.x86_64.rpm 67facd893f5082be270d0887a43ba22492c47e652e06e5d53ecd681a1aec8ac7 libattr-2.5.2-3.fc40.i686.rpm 504cff39c51a04c1d302096899c47dc34ac0eba47524c2fc94c27904149e72cf libattr-2.5.2-3.fc40.x86_64.rpm @@ -155,10 +155,10 @@ c8b9967345ed0393c17101b970bb86258380494d99edf07787bc32ee4de96a7b libfdisk-2.40. 2481691bd2ee6aab48b1a0306357337007b2b0af082e4fdef47dcc5a8a8357be libfdisk-2.40.1-1.fc40.x86_64.rpm 25caa7ee56f6013369c2fac26afd3035a7d580af0b919621ba8d495d13a5af86 libffi-3.4.4-7.fc40.x86_64.rpm f9c5369b6d168a2b8e46159bc41ef0755ee1a8d12f4c6766fdfe23e827cf5cdf libfido2-1.14.0-4.fc40.x86_64.rpm -1fa9fec23745248ce8a2684a01daa3bed2cf181f09fb3b316a69be2c99093008 libgcc-14.1.1-1.fc40.i686.rpm -d42d466e052b7926a4f9bc7d6620f1d3f8e2c4610665d224a032264a09b2dd19 libgcc-14.1.1-1.fc40.x86_64.rpm +ac68d7fca5d7270bac34e222a9ed96f6ff6414244fbe8f0ba9f84726971052ba libgcc-14.1.1-4.fc40.i686.rpm +58de52cd0daa1f6ad6f1b2b0d4bd362a9e21be9594f0c3f1e14d88fff86028bd libgcc-14.1.1-4.fc40.x86_64.rpm 10c4c12c6539ffea68974cd9b57013d471ac35fe3bef4833c0a22f6b29fbf489 libgcrypt-1.10.3-3.fc40.x86_64.rpm -4d1d4538f152eaff22aa957ebdc724148f31519d75e6a56699ab2698c0699f59 libgomp-14.1.1-1.fc40.x86_64.rpm +80f0c24f9d594c01543d550c7c3165d4e17240e3c8f61a8982ba85bf8a837f48 libgomp-14.1.1-4.fc40.x86_64.rpm 8d0a9840e06e72ccf756fa5a79c49f572dc827b0c75ea5a1f923235150d27ae2 libgpg-error-1.49-1.fc40.x86_64.rpm 677a67726c759c94faa94475185e46d028f171c9215390ac601ccd914188afb2 libidn2-2.3.7-1.fc40.i686.rpm 2fd2038b4a94eeede34e46ed0e035e619f77d0e412c70cf4e9bb836957e8f31b libidn2-2.3.7-1.fc40.x86_64.rpm @@ -200,7 +200,7 @@ d5e6fc8b4595cccae415bc18b971ea4a4ed64c816e45de5d3f588b78ecf12708 libsepol-3.6-3 302124d98a491472ec0982b89afbf576922d6921a89dda479d354e6582566f0e libsmartcols-2.40.1-1.fc40.x86_64.rpm 91d67f2a3be65b2904c432f4585189540978dcfb6ef994c2eaac5b7cfb4010a5 libsodium-1.0.19-4.fc40.x86_64.rpm c8bbfa2762cc601f8a97d8d5a39a658f0e91ba477ebebd798b30f7fc8ffdd457 libss-1.47.0-5.fc40.x86_64.rpm -b37a2a57ff60a21e0ac539f994e6b87b849684cb721c795bf6ddfe6cdc161c00 libstdc++-14.1.1-1.fc40.x86_64.rpm +bac37be0a003b3b520f62218bd5c743846a9ca5278cbe1cf3ced2cd15b638d73 libstdc++-14.1.1-4.fc40.x86_64.rpm d92173d6fbfb7e2af3b35a8554229e247666e15dc5b36cba43b7bbfc4144b781 libtasn1-4.19.0-6.fc40.x86_64.rpm adc082c8d4af5cc81a9de428c39de59717177109aedb4b15888a8ca9d51167ab libtirpc-1.3.4-1.rc3.fc40.x86_64.rpm e5d150d23f95e4a23288b84145af442607a88bf457c0e04b325b1d1e8e708c2b libtool-ltdl-2.4.7-10.fc40.x86_64.rpm @@ -305,7 +305,7 @@ dacd59edbe4744fd9f6823d672e01eff89f871e88537554f16c0a275a17d04e9 readline-8.2-8 c48c149f4aebfe44d649eea6f7a8eaa229dc8db71ff70b66c7403aa9bd072820 rpm-libs-4.19.1.1-1.fc40.x86_64.rpm 7bebda41ea91faf8cf8911a403c051eb59d444e60f8091d14d10987b713f39ff rpm-plugin-audit-4.19.1.1-1.fc40.x86_64.rpm d400a4e4440bea56566fb1e9582d86d1ac2e07745d37fa6e71f43a8fea05217c rpm-plugin-selinux-4.19.1.1-1.fc40.x86_64.rpm -9aa5ca949c570a6519e50d6c75a951bb04fa5704129003a7ee2ea915c319cd31 rpm-sequoia-1.6.0-2.fc40.x86_64.rpm +516c91108f0cb904578e2aaa8b3968d66f1361d8713e2c7810f4b0ceaa426545 rpm-sequoia-1.6.0-3.fc40.x86_64.rpm 63af9d11e956f54577a54460afda4377d78fdb9e265b1eae3f0f7a6f94f70146 runc-1.1.12-3.fc40.x86_64.rpm 3b940ff1f16fdb3ddcc19d7d76241c9b81d81099ff5147c4c9967d2c4ca6fb5b sbsigntools-0.9.5-3.fc40.x86_64.rpm 6a21b2c132a54fd6d9acb846d0a96289ab739b745cdc4c2b31bdbf6b2434a1a7 sed-4.9-1.fc40.x86_64.rpm @@ -316,16 +316,16 @@ fa363e31c6664b972a4adc5b9077375bb21492a2fc9df3dc6076889adf120deb selinux-policy 0a1e1e3502b65b8620cbcc74dfc75203fb9ce913f0580f49ed8fdcb8e89c106c shadow-utils-subid-4.15.1-2.fc40.x86_64.rpm 67eede27af5b4773eb2f7ac794df694be030310d40bce462864c05b8f65c87c3 socat-1.8.0.0-2.fc40.x86_64.rpm a1e23ae521e93ab19d3df77889a6a418c3432025e4880cfd893e40f7165876a7 sqlite-libs-3.45.1-2.fc40.x86_64.rpm -bb0115e08518e9e439b62eda713dc8b94daaf0f2e5f840ee2162586ea44c88da systemd-255.6-1.fc40.i686.rpm -f602c28dfcd5b0148d88f8c86a32479afc9daefd08f5e5ce8b10f55aac976f09 systemd-255.6-1.fc40.x86_64.rpm -f866e3bb336c0ea9180acfffa3222460c27ee884f54c7f731c0c5b7eef568de5 systemd-boot-unsigned-255.6-1.fc40.x86_64.rpm -48e5fc1e7d55c84d2a0418cb2f6b57b16e841700dd858ff51c0ea997665f154a systemd-libs-255.6-1.fc40.i686.rpm -55cd520eb24dee8890482d9d8c7f3a434965656d38ad9dc60711ea5184ffbf3c systemd-libs-255.6-1.fc40.x86_64.rpm -2e750b7f4e584ddd38daec07f771dd6a312ec51438b4d2d370e2d4b5714f8860 systemd-networkd-255.6-1.fc40.x86_64.rpm -e8bfc9f3fcd7a8e7013f4a2129fc1fa4a4f1bf0ee13ae9d9bc7804a1af864d0d systemd-pam-255.6-1.fc40.i686.rpm -27544b4c3606444491447225347d8419579f13cb1024aab321c76a7dc11f025e systemd-pam-255.6-1.fc40.x86_64.rpm -bac4dc6245600d6fa65e4e63b5340c7ec42268aa9c6fbbf8b4d7d742e86aec9a systemd-resolved-255.6-1.fc40.x86_64.rpm -f53b587ff73b3372f35470fd55aa9c97d2e163068f11b957a7f6e83dbfaa735d systemd-udev-255.6-1.fc40.x86_64.rpm +05bfc1e9b80ff927bdecab59e075e6b6eb83140540b5182e388f69b3ec5edc7a systemd-255.7-1.fc40.i686.rpm +2fc5e9028dc42fd78275b521b811bed9a76035c6fcea28468b4973f47378e408 systemd-255.7-1.fc40.x86_64.rpm +2777fed45f9944823d0ada17fdfb1076c6c65a6a14d72be4ec789399ddfdd286 systemd-boot-unsigned-255.7-1.fc40.x86_64.rpm +3a6e8969716c6c193f038b248e0f01abdb2abe17c6afa0417cb6168d5a6b59bc systemd-libs-255.7-1.fc40.i686.rpm +beaef724354afd9964959585112192cd4b5e9a9f828a1b1d8e8eb9552ec0f065 systemd-libs-255.7-1.fc40.x86_64.rpm +04aa6bc9c25e592dcf22da4b1a1832b2de1b0e74259f11c69b012225e13a4475 systemd-networkd-255.7-1.fc40.x86_64.rpm +d1c8e52f268a7e90b8000c695251dc684caedcea52f7d1e2e916007e121a5c83 systemd-pam-255.7-1.fc40.i686.rpm +ab38692d083371a7776bc0f6a1f58629fdb7f8587599b3782a1e148b33fa9003 systemd-pam-255.7-1.fc40.x86_64.rpm +5641ab2692d9b482f1e00888dc9d6b8be5bb827ca3195669702067561f62e62c systemd-resolved-255.7-1.fc40.x86_64.rpm +5c9df40bfe23084aa9b4e755d1b84654566a087e0c49e6b3a3da1e2644b7e3dd systemd-udev-255.7-1.fc40.x86_64.rpm 65819c502727dc293a71a74b9a5f6b0ba781f12a99c5d5535085f168e5eac56e tar-1.35-3.fc40.x86_64.rpm 0478e12152cc3432a31dfca5ddbc80966800af437c6d7c0b26be307d5e1272e7 tpm2-tools-5.7-1.fc40.x86_64.rpm f8f7d1b48e3a2193a9929544503c72d79c5de555816a3812f30158d136a2bf15 tpm2-tss-4.1.0-1.fc40.x86_64.rpm From ce3b00668b287666772a31d661e3e4b5883d3ee4 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Mon, 3 Jun 2024 08:53:59 +0200 Subject: [PATCH 038/380] image: update measurements and image version (#3131) Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com> --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index 1d8ce173c..30b2f23ce 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x55, 0x65, 0x8f, 0x66, 0xc0, 0xf0, 0xd2, 0x09, 0x24, 0x19, 0xd0, 0x0e, 0xc5, 0x29, 0x34, 0x4c, 0x28, 0x24, 0x36, 0xd8, 0x27, 0x54, 0x40, 0x53, 0xa8, 0x71, 0x73, 0x5e, 0xbc, 0x09, 0xa9, 0x4c}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x54, 0xc9, 0x55, 0x7b, 0xe6, 0x8a, 0xa7, 0xe9, 0x9f, 0x44, 0x4c, 0x98, 0xce, 0x38, 0x14, 0x94, 0x27, 0x2c, 0x72, 0x35, 0x7c, 0x35, 0xeb, 0x3c, 0x22, 0x13, 0x65, 0x7f, 0xe4, 0x77, 0xf8, 0x01}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x0f, 0xec, 0x0b, 0x42, 0x5d, 0x89, 0xf1, 0xf0, 0xb9, 0xe8, 0xec, 0x0b, 0x24, 0xfd, 0x58, 0xd5, 0xc1, 0x80, 0xaf, 0x7b, 0xec, 0xa7, 0xe0, 0xfe, 0xf4, 0xf9, 0xe6, 0x18, 0xca, 0x86, 0x9e, 0x3d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xe2, 0x64, 0x5b, 0x8b, 0x01, 0x42, 0x53, 0xbd, 0xbb, 0xd6, 0x25, 0x2d, 0x2e, 0x7b, 0x0c, 0xf2, 0x06, 0xd1, 0x66, 0x2c, 0x92, 0x8e, 0x19, 0x91, 0x30, 0x0e, 0x1d, 0x79, 0x4b, 0x7a, 0x0f, 0xe4}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x61, 0x4b, 0xad, 0xce, 0xa4, 0x5c, 0x5f, 0x6d, 0xf5, 0xe1, 0xf3, 0x0c, 0x3e, 0x05, 0x24, 0x65, 0xd3, 0x0c, 0x21, 0x40, 0x5f, 0x21, 0x3a, 0x63, 0x3e, 0x91, 0x5c, 0x16, 0xb1, 0x55, 0x2f, 0xf3}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xcf, 0x10, 0xba, 0x46, 0x5a, 0x93, 0x95, 0x18, 0x80, 0xd5, 0xfc, 0xd0, 0x7a, 0x62, 0x14, 0x9b, 0xc4, 0xec, 0x01, 0x67, 0xcd, 0x5f, 0x73, 0xb7, 0x16, 0xf7, 0x11, 0xc5, 0x49, 0x8f, 0xec, 0x73}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xde, 0x5d, 0xe1, 0x96, 0x46, 0x1e, 0xa0, 0x02, 0x11, 0x72, 0x77, 0x96, 0x6a, 0xf1, 0x56, 0xf3, 0x28, 0xd1, 0x41, 0x92, 0x05, 0x89, 0x63, 0x39, 0x96, 0xdb, 0x68, 0xba, 0x0e, 0xfe, 0x39, 0x41}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x8a, 0x28, 0x5c, 0x21, 0x9b, 0x7b, 0xfb, 0xd4, 0xe1, 0x57, 0x21, 0x0b, 0xdb, 0x71, 0x48, 0x75, 0x1f, 0x06, 0x2c, 0xd6, 0xf9, 0x01, 0x90, 0x7e, 0x23, 0x7e, 0x42, 0x3f, 0x5b, 0x09, 0x12, 0xea}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x36, 0xe1, 0x4b, 0xb3, 0x9c, 0xd6, 0xe5, 0x8d, 0x19, 0x27, 0xd7, 0x74, 0xb4, 0x75, 0x30, 0xee, 0x13, 0xd5, 0x40, 0xd1, 0xa2, 0x12, 0xaa, 0x62, 0x2d, 0x1e, 0x02, 0x5c, 0x7d, 0x41, 0x36, 0xdb}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x9f, 0x2c, 0x07, 0xc6, 0x82, 0xe8, 0xf4, 0xc6, 0x4a, 0xf2, 0xdc, 0x20, 0x88, 0x3e, 0x6c, 0xc5, 0x6f, 0x83, 0x60, 0x24, 0xac, 0x42, 0xad, 0x77, 0x9a, 0x4d, 0xff, 0x85, 0x2c, 0x87, 0x2d, 0xd6}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x34, 0xc2, 0xcf, 0xa2, 0x1d, 0xaf, 0x60, 0x3e, 0x13, 0x83, 0xbf, 0x41, 0x19, 0x16, 0x6c, 0x02, 0xca, 0x3b, 0x74, 0xd4, 0x25, 0xad, 0x7f, 0x19, 0xcf, 0x3f, 0x6b, 0x38, 0x5b, 0xd2, 0x3f, 0x22}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf4, 0x2d, 0xef, 0xb0, 0x5f, 0x59, 0xbc, 0x51, 0x3d, 0xca, 0xe7, 0x39, 0x93, 0xd8, 0x92, 0x04, 0x38, 0x21, 0x6b, 0x9f, 0xa7, 0x3f, 0xaf, 0x54, 0x4f, 0xec, 0x2a, 0xb2, 0x40, 0x29, 0xf7, 0x4f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x2b, 0x78, 0x77, 0x33, 0xcb, 0xfd, 0xdb, 0x9d, 0xa8, 0xab, 0x9f, 0xd4, 0xd8, 0x6b, 0x2a, 0x16, 0x0d, 0x1f, 0xf1, 0xdc, 0xd4, 0x8f, 0x51, 0x3b, 0xcb, 0xef, 0xa4, 0x5e, 0x5c, 0x7b, 0x14, 0x67}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x48, 0x9d, 0xd4, 0xd1, 0x0d, 0xfe, 0x78, 0xca, 0x7a, 0x4c, 0x10, 0xc9, 0xe0, 0x06, 0x13, 0xda, 0x09, 0x05, 0x16, 0xb5, 0x36, 0x5c, 0xd1, 0x24, 0xd3, 0xe1, 0x83, 0x0b, 0x78, 0xb2, 0x11, 0x56}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xca, 0xef, 0x6c, 0xc5, 0x34, 0x37, 0x86, 0x09, 0x15, 0x18, 0xba, 0x21, 0xa6, 0x80, 0x9b, 0xb0, 0x1c, 0xe3, 0xde, 0x3f, 0xbe, 0x27, 0xb3, 0x15, 0x5f, 0xc0, 0x37, 0x9b, 0xee, 0xbe, 0xbd, 0x01}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x49, 0x80, 0xe6, 0x6d, 0x93, 0x2b, 0x7e, 0x53, 0x96, 0x6a, 0x45, 0xc3, 0x33, 0xd3, 0xc3, 0x72, 0x00, 0x63, 0x4e, 0x52, 0x73, 0xd9, 0x34, 0x67, 0xe6, 0xec, 0x06, 0xed, 0x0b, 0xcd, 0xb5, 0xad}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd9, 0x1c, 0x54, 0xc6, 0x0f, 0xbb, 0x9b, 0x94, 0xc7, 0x85, 0xe5, 0x33, 0xee, 0x94, 0x8a, 0xd5, 0xe1, 0x5c, 0x38, 0x2f, 0xf6, 0x20, 0x17, 0xe4, 0xc8, 0xd9, 0xb0, 0x0b, 0x7a, 0x3a, 0x18, 0xf6}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x68, 0xd2, 0xcf, 0xb7, 0x1d, 0xfc, 0x2f, 0x50, 0x9f, 0x7b, 0xe5, 0x94, 0x17, 0xb1, 0x88, 0x1c, 0x28, 0xa2, 0x58, 0x07, 0xdd, 0x89, 0x69, 0xdd, 0x97, 0x46, 0xbf, 0xd4, 0x1a, 0x76, 0xa9, 0x89}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x38, 0x52, 0xb2, 0x3e, 0xc1, 0x0a, 0xfd, 0xc9, 0x2a, 0xa6, 0xc4, 0x64, 0xd3, 0x8a, 0xf4, 0x40, 0x7c, 0x6d, 0x23, 0x3b, 0xcf, 0x7a, 0x92, 0xa4, 0x3a, 0x58, 0x7a, 0xe1, 0x1a, 0x41, 0xb5, 0xb8}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xf7, 0x84, 0x5c, 0xe7, 0x2c, 0xb4, 0xeb, 0x6a, 0x57, 0x11, 0xe3, 0xab, 0xcb, 0x3f, 0xaa, 0x64, 0xce, 0xe8, 0x4b, 0xf1, 0x2c, 0xfb, 0x15, 0x0d, 0x07, 0xba, 0x2d, 0x34, 0x4a, 0x25, 0x95, 0x31}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x5a, 0x2b, 0x47, 0x8c, 0xb6, 0xec, 0xad, 0xeb, 0x66, 0xa1, 0x98, 0xbd, 0xe6, 0xbb, 0x71, 0xbf, 0xd3, 0x49, 0xfc, 0x95, 0xc7, 0x29, 0xcd, 0x38, 0x68, 0x6f, 0x35, 0x32, 0x2f, 0x40, 0x83, 0xa9}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xb7, 0x28, 0x48, 0x89, 0xfe, 0x5d, 0x36, 0x03, 0x86, 0xf1, 0xe0, 0x4e, 0x11, 0xa9, 0x2b, 0x18, 0xd8, 0xb6, 0x4e, 0xcf, 0xe5, 0x4f, 0x0a, 0x31, 0x57, 0x35, 0x6f, 0xab, 0x40, 0xb9, 0x04, 0x89}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xbd, 0x0c, 0xb3, 0x38, 0xe2, 0xd3, 0xa8, 0xda, 0xc4, 0x5b, 0xcf, 0xda, 0x91, 0x55, 0x41, 0x65, 0xa7, 0x2d, 0x02, 0x7e, 0xc6, 0x01, 0xd8, 0x39, 0x11, 0xd9, 0xbd, 0x82, 0xc5, 0x82, 0x70, 0x64}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x8f, 0x04, 0x24, 0x7b, 0x9a, 0xc9, 0xdc, 0xa5, 0x5f, 0xdf, 0xcd, 0x3c, 0xeb, 0x6f, 0x20, 0x7c, 0xe6, 0xe2, 0xb6, 0xd9, 0x7b, 0x16, 0x6e, 0xd0, 0x18, 0x3b, 0x42, 0x56, 0xf4, 0x87, 0x88, 0x82}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x97, 0x62, 0xe9, 0xa1, 0x04, 0x60, 0x5a, 0x78, 0xb4, 0x2b, 0x1f, 0xcf, 0xe2, 0xbd, 0x0d, 0x35, 0x04, 0x74, 0x4c, 0xa4, 0x4c, 0xe6, 0x7a, 0x45, 0x0b, 0xf1, 0xf0, 0x4f, 0x3c, 0x32, 0xbc, 0xea}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xba, 0xd9, 0x2d, 0x9d, 0x3b, 0x55, 0xf6, 0x8a, 0x8a, 0xb8, 0xd6, 0x27, 0x4c, 0x78, 0x35, 0x7f, 0xec, 0xd2, 0x6d, 0x88, 0xa5, 0xd9, 0x33, 0x77, 0xe1, 0xae, 0x4e, 0x43, 0xd0, 0x7a, 0x68, 0x15}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa0, 0x7b, 0xf8, 0x8d, 0xc8, 0xc4, 0x5e, 0x86, 0xbd, 0x48, 0x9d, 0xa9, 0x15, 0x2f, 0x66, 0x42, 0x1d, 0x3e, 0x2f, 0x4a, 0x42, 0x2c, 0x88, 0xe7, 0x9d, 0x74, 0xb5, 0xf9, 0x6c, 0x30, 0xe6, 0xf0}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x33, 0xe8, 0xad, 0xec, 0x79, 0x1e, 0xd8, 0xf3, 0xb1, 0x2d, 0xce, 0x9a, 0x20, 0x13, 0xc4, 0x6e, 0x0b, 0xd9, 0xe4, 0x95, 0x14, 0x1a, 0x86, 0x0e, 0x38, 0xad, 0x1d, 0xcf, 0x18, 0xd1, 0xcd, 0x47}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x78, 0x4e, 0x2f, 0x57, 0xa2, 0x8b, 0xe5, 0xf7, 0x42, 0xdd, 0xea, 0xa0, 0xe5, 0xa2, 0x65, 0xad, 0xd5, 0xa2, 0x5d, 0x46, 0x60, 0x1d, 0x57, 0xbd, 0xe1, 0xbc, 0x86, 0xb8, 0xf9, 0xdd, 0x8b, 0xaa}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x0e, 0xb3, 0x68, 0x3e, 0x90, 0x3f, 0x65, 0x09, 0xc9, 0x17, 0xb5, 0x70, 0xa8, 0x40, 0x2b, 0x7b, 0xa5, 0x4d, 0x7c, 0xf7, 0x0f, 0x28, 0x38, 0x3d, 0xcf, 0xd9, 0xd3, 0xec, 0x41, 0x40, 0x2b, 0x4e}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0x16, 0x67, 0xb1, 0x0f, 0x1c, 0xd9, 0x7b, 0x76, 0xbf, 0xec, 0x1c, 0x81, 0x08, 0xa6, 0x83, 0xa3, 0x59, 0x76, 0x66, 0xeb, 0xd2, 0xd1, 0xde, 0xbd, 0x4b, 0xed, 0x7f, 0xd5, 0xba, 0x4b, 0xf1, 0x1a}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x99, 0x0f, 0x14, 0x98, 0x56, 0x12, 0x8f, 0x28, 0xd2, 0x22, 0x33, 0x45, 0xae, 0xfb, 0x14, 0x7c, 0x15, 0xdb, 0x18, 0x9b, 0x4f, 0x30, 0x9d, 0x1e, 0x41, 0xa8, 0x99, 0xd7, 0x44, 0x27, 0x31, 0x27}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf8, 0x03, 0x6b, 0x0f, 0x30, 0x11, 0xc3, 0x24, 0x9a, 0x41, 0xe8, 0xc6, 0x75, 0x6e, 0x54, 0x97, 0xf5, 0xb4, 0x7d, 0x6e, 0xbd, 0x49, 0x81, 0xab, 0x3f, 0xa2, 0x56, 0x76, 0x5a, 0xb1, 0x23, 0x99}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xdd, 0xd7, 0x05, 0x22, 0xa7, 0x53, 0xdf, 0x07, 0xed, 0x58, 0xaf, 0x1b, 0x5c, 0xb2, 0x02, 0x24, 0x7f, 0x1d, 0x47, 0x47, 0xd0, 0x6b, 0xe8, 0xfd, 0x91, 0x8c, 0x6f, 0xb6, 0xb6, 0x28, 0x5e, 0xf3}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb0, 0x16, 0xe4, 0x78, 0xdb, 0xd3, 0x93, 0xc0, 0xa0, 0x68, 0x7a, 0xc9, 0xff, 0xcf, 0x6f, 0x5b, 0xcc, 0x0f, 0x8b, 0x09, 0x64, 0x0e, 0x30, 0x44, 0x7b, 0x1f, 0x9a, 0x27, 0xa0, 0x55, 0xc4, 0x02}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xdf, 0x5d, 0x60, 0x2d, 0x15, 0x01, 0x15, 0xa3, 0x06, 0x72, 0x4e, 0x2c, 0x26, 0x44, 0x5f, 0x8b, 0x49, 0xda, 0xb6, 0x1b, 0xc5, 0x76, 0xbe, 0x61, 0x2d, 0x0b, 0x02, 0x5f, 0x93, 0x3a, 0xe8, 0xf3}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xfe, 0x71, 0x87, 0xc7, 0x8e, 0x0e, 0xa5, 0x01, 0xf9, 0x40, 0xa7, 0x57, 0xcd, 0x17, 0xbe, 0xe9, 0x9b, 0x8d, 0x61, 0x4e, 0xa0, 0x50, 0xf0, 0xf6, 0x8e, 0xf8, 0xc0, 0x1e, 0x77, 0xc4, 0x4a, 0x0b}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x73, 0x4d, 0x90, 0x81, 0x93, 0x24, 0xd4, 0x49, 0x83, 0x02, 0x8c, 0x33, 0xc2, 0x30, 0x45, 0x11, 0xb2, 0xad, 0xff, 0x44, 0xa4, 0x72, 0x63, 0xfd, 0x93, 0x23, 0x28, 0x8c, 0xac, 0xb2, 0x58, 0x0d}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x49, 0x4b, 0x9a, 0xac, 0x7d, 0x04, 0xb9, 0xb4, 0x4d, 0xe4, 0x2e, 0x99, 0x9d, 0x11, 0xc2, 0x1b, 0x1f, 0xcc, 0x48, 0x73, 0x34, 0xf3, 0xde, 0xe8, 0x8b, 0x9b, 0x9a, 0x42, 0xb5, 0xb3, 0x01, 0x57}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0x72, 0x56, 0x1c, 0xe0, 0x23, 0xff, 0x22, 0x54, 0x46, 0x06, 0x23, 0x62, 0x57, 0xda, 0x67, 0x16, 0x65, 0x2f, 0x6e, 0x47, 0xf4, 0x55, 0xdd, 0x21, 0x9b, 0x05, 0x23, 0x2d, 0x26, 0x83, 0x14, 0x66}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xe8, 0x4e, 0xb9, 0x5c, 0x87, 0x08, 0x68, 0x46, 0x1c, 0xb1, 0xc9, 0xbe, 0x1a, 0x7c, 0x40, 0xe1, 0x23, 0x2d, 0xf8, 0x3e, 0xc9, 0x02, 0xd7, 0xa1, 0x2a, 0x8b, 0x92, 0xfb, 0x62, 0xae, 0xa0, 0xfc}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x94, 0xa4, 0x7c, 0xb7, 0x08, 0x6f, 0x99, 0x54, 0x12, 0x3f, 0x51, 0xa4, 0x7e, 0x48, 0x26, 0xd4, 0x53, 0xb0, 0x0f, 0xc7, 0x70, 0xfc, 0xd5, 0x5e, 0x8f, 0x52, 0x3b, 0x48, 0x50, 0x40, 0x0c, 0x60}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0x87, 0x63, 0xb3, 0x6a, 0xfe, 0x58, 0x48, 0x01, 0x64, 0xd3, 0x81, 0xf1, 0x27, 0x29, 0xcc, 0x92, 0xa9, 0xa4, 0xcd, 0x6f, 0x06, 0xf6, 0xa5, 0x2a, 0x8b, 0xc1, 0xad, 0x44, 0xef, 0xd1, 0x7b, 0xd9}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x62, 0x62, 0xe2, 0xff, 0xd5, 0x8a, 0xdd, 0x91, 0x65, 0x61, 0xfd, 0x54, 0x77, 0x23, 0x2a, 0x1c, 0xd6, 0x9e, 0x44, 0x4b, 0x12, 0x58, 0xcf, 0xc5, 0xa2, 0x6b, 0x1c, 0x0d, 0x8e, 0x2e, 0xd8, 0x8a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x28, 0x10, 0x97, 0xc5, 0x9e, 0xc3, 0x01, 0xbe, 0xfc, 0xb4, 0xe9, 0x20, 0x0f, 0x80, 0x0f, 0x4f, 0x34, 0x37, 0x68, 0x38, 0xf7, 0x1d, 0xc8, 0xbb, 0xb2, 0xc7, 0x2e, 0x3d, 0x3c, 0x0a, 0x94, 0xec}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0xd5, 0x19, 0x09, 0x5a, 0x3e, 0xda, 0x12, 0x81, 0x62, 0x2d, 0xc1, 0x31, 0xdb, 0xd8, 0x51, 0xd7, 0xa1, 0xaa, 0xa4, 0xbd, 0xde, 0xdd, 0x58, 0x89, 0x4c, 0xf9, 0x2e, 0x94, 0x8b, 0x79, 0x73, 0x34}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x03, 0xea, 0xf2, 0x90, 0x24, 0x10, 0xd1, 0x32, 0x45, 0x08, 0x72, 0xf7, 0x97, 0x5f, 0xe7, 0x58, 0x21, 0xc8, 0xb5, 0x28, 0x59, 0xbe, 0x10, 0x36, 0xd7, 0x7c, 0x6c, 0xea, 0xfc, 0x38, 0x6a, 0xf0}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xb3, 0xe8, 0xb3, 0xc0, 0x6d, 0x1b, 0xe7, 0xa6, 0xbb, 0xb2, 0x0b, 0xe8, 0xf9, 0x3b, 0x76, 0x5e, 0xe3, 0xf9, 0x1f, 0x76, 0xed, 0x9f, 0xe5, 0x8a, 0x9e, 0x47, 0xaf, 0x9e, 0x60, 0x3b, 0x22, 0x02}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index f11fdb98e..b9a50214a 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.17.0-pre.0.20240528162537-3834373fd2f3" + defaultImage = "ref/main/stream/nightly/v2.17.0-pre.0.20240529081827-79d3781f3e15" ) From 93cabbe0b26ff86401ff616b1194fb03fed5bddf Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 13:13:48 +0200 Subject: [PATCH 039/380] deps: update Constellation containers to v2.17.0-pre.0.20240524110423-80917921e3d6 (#3106) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- internal/versions/versions.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/internal/versions/versions.go b/internal/versions/versions.go index fabf426be..9bb3e473a 100644 --- a/internal/versions/versions.go +++ b/internal/versions/versions.go @@ -173,11 +173,11 @@ const ( // NodeMaintenanceOperatorImage is the image for the node maintenance operator. NodeMaintenanceOperatorImage = "quay.io/medik8s/node-maintenance-operator:v0.15.0@sha256:8cb8dad93283268282c30e75c68f4bd76b28def4b68b563d2f9db9c74225d634" // renovate:container // LogstashImage is the container image of logstash, used for log collection by debugd. - LogstashImage = "ghcr.io/edgelesssys/constellation/logstash-debugd:v2.17.0-pre.0.20240513104207-d76c9ac82de7@sha256:e7d77bea381354c58fd9783eb9e2b846b14ea846d531eb3c54d5dd89917908c4" // renovate:container + LogstashImage = "ghcr.io/edgelesssys/constellation/logstash-debugd:v2.17.0-pre.0.20240524110423-80917921e3d6@sha256:2665a8c1cdf6f88a348a69050b3da63aeac1f606dc55b17ddc00bf4adfa67a1a" // renovate:container // FilebeatImage is the container image of filebeat, used for log collection by debugd. - FilebeatImage = "ghcr.io/edgelesssys/constellation/filebeat-debugd:v2.17.0-pre.0.20240513104207-d76c9ac82de7@sha256:6567d682385c06b49f6d56fdf3f20d5c24809bbfced15b816f4717bf837fc776" // renovate:container + FilebeatImage = "ghcr.io/edgelesssys/constellation/filebeat-debugd:v2.17.0-pre.0.20240524110423-80917921e3d6@sha256:a58db8fef0740e0263d1c407f43f2fa05fdeed200b32ab58d32fb11873477231" // renovate:container // MetricbeatImage is the container image of filebeat, used for log collection by debugd. - MetricbeatImage = "ghcr.io/edgelesssys/constellation/metricbeat-debugd:v2.17.0-pre.0.20240513104207-d76c9ac82de7@sha256:d16fe0371fbb383ca3cfa70d4d10ea5124fd87054bfac189ce5458ba350bb25d" // renovate:container + MetricbeatImage = "ghcr.io/edgelesssys/constellation/metricbeat-debugd:v2.17.0-pre.0.20240524110423-80917921e3d6@sha256:2a384e4120ad0e46e1841205fde75f9c726c14c31be0a88bf08ae14d8c4d6069" // renovate:container // currently supported versions. //nolint:revive From 3c3b993c36be54eddd086971283d58ba4e6738e8 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 13:14:52 +0200 Subject: [PATCH 040/380] deps: update golang:1.22.3 Docker digest to f43c6f0 (#3117) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/actions/versionsapi/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/versionsapi/Dockerfile b/.github/actions/versionsapi/Dockerfile index 6c735fcee..2fec02077 100644 --- a/.github/actions/versionsapi/Dockerfile +++ b/.github/actions/versionsapi/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.22.3@sha256:b1e05e2c918f52c59d39ce7d5844f73b2f4511f7734add8bb98c9ecdd4443365 as builder +FROM golang:1.22.3@sha256:f43c6f049f04cbbaeb28f0aad3eea15274a7d0a7899a617d0037aec48d7ab010 as builder # Download project root dependencies WORKDIR /workspace From aa910cfc25ef7fc4604b93c4fb5fc3134aba205a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 15:08:09 +0200 Subject: [PATCH 041/380] deps: update Kubernetes versions (#3102) * deps: update Kubernetes versions * deps: tidy all modules --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --- docs/docs/architecture/versions.md | 6 +- internal/versions/versions.go | 66 +++++++++---------- .../docs/resources/cluster.md | 2 +- 3 files changed, 37 insertions(+), 37 deletions(-) diff --git a/docs/docs/architecture/versions.md b/docs/docs/architecture/versions.md index b479292dc..274ecb155 100644 --- a/docs/docs/architecture/versions.md +++ b/docs/docs/architecture/versions.md @@ -16,6 +16,6 @@ Subsequent Constellation releases drop support for the oldest (and deprecated) K The following Kubernetes versions are currently supported: -* v1.27.13 -* v1.28.9 -* v1.29.4 +* v1.27.14 +* v1.28.10 +* v1.29.5 diff --git a/internal/versions/versions.go b/internal/versions/versions.go index 9bb3e473a..cf0fd5d29 100644 --- a/internal/versions/versions.go +++ b/internal/versions/versions.go @@ -181,11 +181,11 @@ const ( // currently supported versions. //nolint:revive - V1_27 ValidK8sVersion = "v1.27.13" // renovate:kubernetes-release + V1_27 ValidK8sVersion = "v1.27.14" // renovate:kubernetes-release //nolint:revive - V1_28 ValidK8sVersion = "v1.28.9" // renovate:kubernetes-release + V1_28 ValidK8sVersion = "v1.28.10" // renovate:kubernetes-release //nolint:revive - V1_29 ValidK8sVersion = "v1.29.4" // renovate:kubernetes-release + V1_29 ValidK8sVersion = "v1.29.5" // renovate:kubernetes-release // Default k8s version deployed by Constellation. Default ValidK8sVersion = V1_28 @@ -198,7 +198,7 @@ const ( // VersionConfigs holds download URLs for all required kubernetes components for every supported version. var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ V1_27: { - ClusterVersion: "v1.27.13", // renovate:kubernetes-release + ClusterVersion: "v1.27.14", // renovate:kubernetes-release KubernetesComponents: components.Components{ { Url: "https://github.com/containernetworking/plugins/releases/download/v1.4.0/cni-plugins-linux-amd64-v1.4.0.tgz", // renovate:cni-plugins-release @@ -213,33 +213,33 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ Extract: true, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.27.13/bin/linux/amd64/kubelet", // renovate:kubernetes-release - Hash: "sha256:ed68df2a77f3057ab47f57eacb6e9310e91731e4f43c58a3c3b5c857d78d0080", + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.27.14/bin/linux/amd64/kubelet", // renovate:kubernetes-release + Hash: "sha256:f28defa43f80f82ce909940c1b57b71cba1fcf0de6fc4723e798ef5c72376c28", InstallPath: constants.KubeletPath, Extract: false, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.27.13/bin/linux/amd64/kubeadm", // renovate:kubernetes-release - Hash: "sha256:b88c30b7067f095b7fa02c5560cc50d6e69a5a9fecc606ef477dc7efc86453b9", + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.27.14/bin/linux/amd64/kubeadm", // renovate:kubernetes-release + Hash: "sha256:1ce264643e521494e111b1c9ee59694a54d1f2464bbac3a7a531324ffeae0182", InstallPath: constants.KubeadmPath, Extract: false, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.27.13/bin/linux/amd64/kubectl", // renovate:kubernetes-release - Hash: "sha256:e991f163197cbd85bbff22f656a74d48b69db5addfa43cc04cca0cf5328f57f1", + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.27.14/bin/linux/amd64/kubectl", // renovate:kubernetes-release + Hash: "sha256:1d2431c68bb6dfa9de3cd40fd66d97a9ac73593c489f9467249eea43e9c16a1e", InstallPath: constants.KubectlPath, Extract: false, }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjI3LjEzQHNoYTI1Njo3YTM0YmZlYjcxOWMyNmEwOWJmMjZiZjUxYjhiZjM0N2Q0MWY0ZWQ1ZTMwZTkzNGY2Y2E3M2FjMTk3MjA3NGE3In1d", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjI3LjE0QHNoYTI1NjoxMDdkMzFhMWUxNmRkYTcyNDk3ZjE3MGJjYmFkZDk3OTBiZjY0Nzk2ZWJiOWIyOWQ3YmE0MTYwZDZkMTYxOWVlIn1d", InstallPath: patchFilePath("kube-apiserver"), }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjI3LjEzQHNoYTI1Njo5NGVmNzdkZDQxNzYzZjMwZDNkOGViNWNhNWZhNzIwZjI4OWMyNGZlNTc5NGE3YTYyZTJkYTEwODJiOTVkMjhlIn1d", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjI3LjE0QHNoYTI1NjowOTMxYmY0N2U0MzEzOGIwMTZjNDNlNjgzZmMzMTY1ZjEwMjk0OTE2ZGIzOWIwZTdiZmE1YzY0N2NlYjlmMThkIn1d", InstallPath: patchFilePath("kube-controller-manager"), }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjI3LjEzQHNoYTI1NjpkMTA4NDI0NTk5ZmI3NjI1NDQxNmIwYTU2MDlkYjUzMGE4YmQzNzJhNzg4N2ZiNTYzNjc1MzI4ODU5YmRmZWIyIn1d", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjI3LjE0QHNoYTI1Njo4OWZkOWIzMjU4ZTI1OTc2NjYxYzY4ZmExMmNlYzM3NDhiZTc3OTgyNzQwNzU1YmZlY2YyNWYzYzgxNzg5ZWZhIn1d", InstallPath: patchFilePath("kube-scheduler"), }, { @@ -265,7 +265,7 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.27.5@sha256:410ffc3f7307b6173c630de8de6e40175376c8c170d64b6c8b6e4baadda020df", // renovate:container }, V1_28: { - ClusterVersion: "v1.28.9", // renovate:kubernetes-release + ClusterVersion: "v1.28.10", // renovate:kubernetes-release KubernetesComponents: components.Components{ { Url: "https://github.com/containernetworking/plugins/releases/download/v1.4.0/cni-plugins-linux-amd64-v1.4.0.tgz", // renovate:cni-plugins-release @@ -280,33 +280,33 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ Extract: true, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.28.9/bin/linux/amd64/kubelet", // renovate:kubernetes-release - Hash: "sha256:f3af46cff11c675a80d91ebb38ebc4e85a9f813ce93e56ee131e7fea1491b786", + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.28.10/bin/linux/amd64/kubelet", // renovate:kubernetes-release + Hash: "sha256:a361e744aaeef4539f0636ecd1827c85207a5f2b0c2b0a98dbbce1498061f509", InstallPath: constants.KubeletPath, Extract: false, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.28.9/bin/linux/amd64/kubeadm", // renovate:kubernetes-release - Hash: "sha256:a4d8acf0a74cb1d07d96a1a34148f54c6420874221af16d8ec902d9bffc7ef89", + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.28.10/bin/linux/amd64/kubeadm", // renovate:kubernetes-release + Hash: "sha256:1a344d34755c5f005120308f09a730e7564c8f857de6606b6bc5f18a69606e5a", InstallPath: constants.KubeadmPath, Extract: false, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.28.9/bin/linux/amd64/kubectl", // renovate:kubernetes-release - Hash: "sha256:b4693d0b22f509250694b10c7727c42b427d570af04f2065fe23a55d6c0051f1", + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.28.10/bin/linux/amd64/kubectl", // renovate:kubernetes-release + Hash: "sha256:389c17a9700a4b01ebb055e39b8bc0886330497440dde004b5ed90f2a3a028db", InstallPath: constants.KubectlPath, Extract: false, }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjI4LjlAc2hhMjU2OjdkMTFjNjJiMjRjZjVkM2ViMWZmZDZhYzMxNWU2MzI4ZmExYWUyMzk2ZDQ1NzJkNDY3NDA0M2U5YTdkZDRlYzIifV0=", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjI4LjEwQHNoYTI1Njo3MjgzYTUxZTliODYwOGU2MWY4YmEyMjEzYmE2ZWUyNWUyOTY3N2MxMjlkOWNjZWEzYzZiMzE5MDM1NDY4ODcyIn1d", InstallPath: patchFilePath("kube-apiserver"), }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjI4LjlAc2hhMjU2OmZmNmRhMTYxNGIyMTJjNGNiMDI3ZGI2NjQwYzJmMDAyYTA3MjNiMzg1N2JlOWE2OWUzZWM2YWQ0ZWE4YTVlMWMifV0=", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjI4LjEwQHNoYTI1Njo5M2M0ZDZlMjIyYWZkYmE5N2M2OTRmZWYwMjdlNTc2NzlhZDc3ZjFlZDE5MTZkODUxZTI3MzZhYTI4Y2VkYmRhIn1d", InstallPath: patchFilePath("kube-controller-manager"), }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjI4LjlAc2hhMjU2OmMyZDJmOTcyM2M0MjU0MDEwYjE4Y2YzODcwYjdmMTZkNzE3MTlkNTlhOWMxNGY5NWNjNWZhMmU1MjRkODU4NjkifV0=", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjI4LjEwQHNoYTI1NjphMGMyMGE4ODJkYWE4YzVjNjZmYzlkZjE0OWQyZTU1NWZmOTExOTZhNTNhZTVmMTg1ODQ5YjY1YmU0NGJkZTIxIn1d", InstallPath: patchFilePath("kube-scheduler"), }, { @@ -332,7 +332,7 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.27.5@sha256:410ffc3f7307b6173c630de8de6e40175376c8c170d64b6c8b6e4baadda020df", // renovate:container }, V1_29: { - ClusterVersion: "v1.29.4", // renovate:kubernetes-release + ClusterVersion: "v1.29.5", // renovate:kubernetes-release KubernetesComponents: components.Components{ { Url: "https://github.com/containernetworking/plugins/releases/download/v1.4.0/cni-plugins-linux-amd64-v1.4.0.tgz", // renovate:cni-plugins-release @@ -347,33 +347,33 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ Extract: true, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.29.4/bin/linux/amd64/kubelet", // renovate:kubernetes-release - Hash: "sha256:58571f0ed62543a9bbac541e52c15d8385083113a463e23aec1341d0b5043939", + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.29.5/bin/linux/amd64/kubelet", // renovate:kubernetes-release + Hash: "sha256:261dc3f3c384d138835fe91a02071c642af94abb0cca56ebc04719240440944c", InstallPath: constants.KubeletPath, Extract: false, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.29.4/bin/linux/amd64/kubeadm", // renovate:kubernetes-release - Hash: "sha256:ea20ab064f716ab7f69a36d72df340257b31c9721ea86e1cf9d70b35999ddeea", + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.29.5/bin/linux/amd64/kubeadm", // renovate:kubernetes-release + Hash: "sha256:e424dcdbe661314b6ca1fcc94726eb554bc3f4392b060b9626f9df8d7d44d42c", InstallPath: constants.KubeadmPath, Extract: false, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.29.4/bin/linux/amd64/kubectl", // renovate:kubernetes-release - Hash: "sha256:10e343861c3cb0010161e703307ba907add2aeeeaffc6444779ad915f9889c88", + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.29.5/bin/linux/amd64/kubectl", // renovate:kubernetes-release + Hash: "sha256:603c8681fc0d8609c851f9cc58bcf55eeb97e2934896e858d0232aa8d1138366", InstallPath: constants.KubectlPath, Extract: false, }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjI5LjRAc2hhMjU2OjgwYmVmODIwZTk1NzdmMTQ5ZTUyMTkxOTZmNGRlZjQ5MTJhZWQ1ZmFiYmYwN2Q3YzQxNWQyNDEwNWY5ZWMwNTkifV0=", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjI5LjVAc2hhMjU2OmJjNWM4OGQzMTZkYjhiMjdmZjIwMzI3M2Q2N2VjOGE5NjJlZjM0NjI3OGQ5YmJhZTQwMDQ3M2VmYzE2NzQ3MjUifV0=", InstallPath: patchFilePath("kube-apiserver"), }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjI5LjRAc2hhMjU2OjM4YTgzMjZkZjk3ZDI4NDY4MjQ5MTcwYWE2MzI1MGI4Y2U3Yjg3OTMxNTVmZjczZTI0ZDcwOTQyNGQ1YzlmMDkifV0=", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjI5LjVAc2hhMjU2OmE5YTY0ZTY3YjY2ZWE2ZmI0M2Y5NzZmNjVkOGEwY2FkZDY4YjBlZDVlZDIzMTFkMmZjNGJmODg3NDAzZWNmOGEifV0=", InstallPath: patchFilePath("kube-controller-manager"), }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjI5LjRAc2hhMjU2OjhkYzZhODY1MzE2NDA0YWM3ODVmYmU4OWQ3MTY3ZmVkOThlNjljYTk4MDgyMDZiNTU2YWRmYTZkZDZkNDk3ZDAifV0=", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjI5LjVAc2hhMjU2OjVlNzI5ZGMwMTU0NjZmNDg2ZmRlZWQyMjIwMGQ4NjEwOGZmYWMyNmVhNmU1YWJmMzI1OGMwNTAyYTYzN2QzYTcifV0=", InstallPath: patchFilePath("kube-scheduler"), }, { diff --git a/terraform-provider-constellation/docs/resources/cluster.md b/terraform-provider-constellation/docs/resources/cluster.md index 0941d3c53..a11fb904c 100644 --- a/terraform-provider-constellation/docs/resources/cluster.md +++ b/terraform-provider-constellation/docs/resources/cluster.md @@ -69,7 +69,7 @@ resource "constellation_cluster" "azure_example" { See the [full list of CSPs](https://docs.edgeless.systems/constellation/overview/clouds) that Constellation supports. - `image` (Attributes) Constellation OS Image to use on the nodes. (see [below for nested schema](#nestedatt--image)) - `init_secret` (String) Secret used for initialization of the cluster. -- `kubernetes_version` (String) The Kubernetes version to use for the cluster. The supported versions are [v1.27.13 v1.28.9 v1.29.4]. +- `kubernetes_version` (String) The Kubernetes version to use for the cluster. The supported versions are [v1.27.14 v1.28.10 v1.29.5]. - `master_secret` (String) Hex-encoded 32-byte master secret for the cluster. - `master_secret_salt` (String) Hex-encoded 32-byte master secret salt for the cluster. - `measurement_salt` (String) Hex-encoded 32-byte measurement salt for the cluster. From 929a555de5de5ce4e5b9b7863e5d2f1e05dd0d24 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 15:35:32 +0200 Subject: [PATCH 042/380] deps: update bazel (core) (#3136) * deps: update bazel (core) * deps: tidy all modules --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --- .bazelversion | 2 +- MODULE.bazel | 2 +- MODULE.bazel.lock | 28 ++++++++++++++-------------- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/.bazelversion b/.bazelversion index a3fcc7121..a8a188756 100644 --- a/.bazelversion +++ b/.bazelversion @@ -1 +1 @@ -7.1.0 +7.1.2 diff --git a/MODULE.bazel b/MODULE.bazel index afba1caaf..d70914eb9 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -16,7 +16,7 @@ bazel_dep(name = "buildifier_prebuilt", version = "6.4.0", dev_dependency = True # until go.work support is released git_override( module_name = "gazelle", - commit = "75eade4e202fa42b23a42fd3d17216e7d31efd1a", + commit = "7d10bf7befce477f518056cfc502939000bea3fa", remote = "https://github.com/bazelbuild/bazel-gazelle", ) diff --git a/MODULE.bazel.lock b/MODULE.bazel.lock index 1724972d5..a1c891ef2 100644 --- a/MODULE.bazel.lock +++ b/MODULE.bazel.lock @@ -1,6 +1,6 @@ { "lockFileVersion": 6, - "moduleFileHash": "6c190d5e08bf4f53bcf663b0db5ed0cf62c54ee822095bbd715a0cb626bc00d0", + "moduleFileHash": "91559330a28416282d36f62589bea72e0d5155b853a7a8d2b280bb02e8ad7e4c", "flags": { "cmdRegistries": [ "https://bcr.bazel.build/" @@ -518,7 +518,7 @@ }, "gazelle@_": { "name": "gazelle", - "version": "0.36.0", + "version": "0.37.0", "key": "gazelle@_", "repoName": "bazel_gazelle", "executionPlatformsToRegister": [], @@ -1929,7 +1929,7 @@ }, "@@aspect_bazel_lib~//lib:extensions.bzl%toolchains": { "general": { - "bzlTransitiveDigest": "Xw5p+bSGmwxO477b+3UwwJLXs0pENmU+IqymrWWEg3Q=", + "bzlTransitiveDigest": "jRSe5nPhOc6hpkqfAg7O3juIICyQm8Hk8cRpc4v8Yh4=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, @@ -2395,7 +2395,7 @@ }, "@@bazel_features~//private:extensions.bzl%version_extension": { "general": { - "bzlTransitiveDigest": "3FcE0iMy2yYKEbEO19f72k9dzcpRUXHH+igow5yVy8g=", + "bzlTransitiveDigest": "UwYHXjy4P9iCTMR9n5kWsy4RwLoowjUrfDFTkBo5RG8=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, @@ -2428,7 +2428,7 @@ }, "@@bazel_tools//tools/android:android_extensions.bzl%remote_android_tools_extensions": { "general": { - "bzlTransitiveDigest": "S0n86BFe4SJ3lRaZiRA5D46oH52UO2hP1T50t/zldOw=", + "bzlTransitiveDigest": "ZggrqnDIPRFCqT9XaCYOxLiJx1XuMtOZNG1jvKYZ5lA=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, @@ -2517,7 +2517,7 @@ }, "@@bazel_tools//tools/test:extensions.bzl%remote_coverage_tools_extension": { "general": { - "bzlTransitiveDigest": "l5mcjH2gWmbmIycx97bzI2stD0Q0M5gpDc0aLOHKIm8=", + "bzlTransitiveDigest": "7n9r2sWPYvn/OzUdHUoiJN/1hgIqWKOFCEQFVwHZGU0=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, @@ -2538,7 +2538,7 @@ }, "@@buildifier_prebuilt~//:defs.bzl%buildifier_prebuilt_deps_extension": { "general": { - "bzlTransitiveDigest": "uAKOFsVgkdVxGK8RC6cNqxYMcezLf942BzB5DqaZxDQ=", + "bzlTransitiveDigest": "06W0snjqJ7Db8eLtXn7rp48gdLZ6KrDe0BPxxtNvJFA=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, @@ -2712,7 +2712,7 @@ }, "@@hermetic_cc_toolchain~//toolchain:ext.bzl%toolchains": { "general": { - "bzlTransitiveDigest": "9807D0bHLtoyUNvI2pX/xV0zgk32W+pITE5rdX8VJw8=", + "bzlTransitiveDigest": "lFYV4EK2eFjXr8TIVgd4EBmo4UfRnvIuxo9r7EbcTqc=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, @@ -2760,7 +2760,7 @@ }, "@@rules_java~//java:extensions.bzl%toolchains": { "general": { - "bzlTransitiveDigest": "tJHbmWnq7m+9eUBnUdv7jZziQ26FmcGL9C5/hU3Q9UQ=", + "bzlTransitiveDigest": "0N5b5J9fUzo0sgvH4F3kIEaeXunz4Wy2/UtSFV/eXUY=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, @@ -3265,7 +3265,7 @@ }, "@@rules_jvm_external~//:extensions.bzl%maven": { "general": { - "bzlTransitiveDigest": "v8HssW6WP6B8s0BwuAMJuQCz6cQ9jlhOfx4dKBtPYB4=", + "bzlTransitiveDigest": "9ol/f6R1HONuabXvQTFIEvT1pWikli+mTIbvGRmDubk=", "recordedFileInputs": { "@@rules_jvm_external~//rules_jvm_external_deps_install.json": "10442a5ae27d9ff4c2003e5ab71643bf0d8b48dcf968b4173fa274c3232a8c06" }, @@ -4288,7 +4288,7 @@ }, "@@rules_jvm_external~//:non-module-deps.bzl%non_module_deps": { "general": { - "bzlTransitiveDigest": "DqBh3ObkOvjDFKv8VTy6J2qr7hXsJm9/sES7bha7ftA=", + "bzlTransitiveDigest": "Fq6CvJMzD0/LbttG5TUaCtEm/pFvTgO5X9tCUH87Fb0=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, @@ -4315,7 +4315,7 @@ }, "@@rules_python~//python/extensions:pip.bzl%pip": { "os:linux,arch:amd64": { - "bzlTransitiveDigest": "dyCt516XDheT5wnkhpmpN4dKabDEihQg5aGzOQfAFw0=", + "bzlTransitiveDigest": "R2ooW31NljC6PSIhrjrYTfHwkvAxmkC4pn2Sv92Vvek=", "recordedFileInputs": { "@@rules_python~//tools/publish/requirements.txt": "8ced1e640eab3ee44298590e5ad88cd612f5bf96245af1981709f7a8884a982b" }, @@ -4987,7 +4987,7 @@ }, "@@rules_python~//python/extensions:python.bzl%python": { "general": { - "bzlTransitiveDigest": "QIgyqZIIKqo2p1U8K64RdUfCLCKWDVsrlc/GfE1CJho=", + "bzlTransitiveDigest": "edBvwplYZml7N83AeuVHqQt08wQir1gxodtEEUpj57k=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, @@ -5197,7 +5197,7 @@ }, "@@rules_python~//python/private/bzlmod:internal_deps.bzl%internal_deps": { "general": { - "bzlTransitiveDigest": "fDqhuyt2dROfO6qL4WlobPgyJCNlwP0fPCgW6fEpFMg=", + "bzlTransitiveDigest": "GhJSMl+mWW0vGus1bH+XZR4XgyZY9AN6/75eaUTp2pk=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, From 69048e430e11d85ed64b6f703c0c6161cb656c7d Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Tue, 4 Jun 2024 11:02:59 +0200 Subject: [PATCH 043/380] image: fix podman config path (#3139) --- .../base/mkosi.skeleton/{usr => }/etc/containers/containers.conf | 0 .../base/mkosi.skeleton/{usr => }/etc/containers/registries.conf | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename image/base/mkosi.skeleton/{usr => }/etc/containers/containers.conf (100%) rename image/base/mkosi.skeleton/{usr => }/etc/containers/registries.conf (100%) diff --git a/image/base/mkosi.skeleton/usr/etc/containers/containers.conf b/image/base/mkosi.skeleton/etc/containers/containers.conf similarity index 100% rename from image/base/mkosi.skeleton/usr/etc/containers/containers.conf rename to image/base/mkosi.skeleton/etc/containers/containers.conf diff --git a/image/base/mkosi.skeleton/usr/etc/containers/registries.conf b/image/base/mkosi.skeleton/etc/containers/registries.conf similarity index 100% rename from image/base/mkosi.skeleton/usr/etc/containers/registries.conf rename to image/base/mkosi.skeleton/etc/containers/registries.conf From 66aa8a8d52d137a5f7f102da26f7843f668b4c64 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Tue, 4 Jun 2024 13:23:07 +0200 Subject: [PATCH 044/380] ci: adjust performance benchmark to run on different attestation variants (#3129) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Create perf bench artifacts based on attestation variant, not CSP * Enable perf bench on gcp-sev-snp, azure-tdx and AWS --------- Signed-off-by: Daniel Weiße --- .github/actions/e2e_benchmark/action.yml | 75 +++++++++++-------- .../actions/e2e_benchmark/evaluate/compare.py | 10 +-- .../actions/e2e_benchmark/evaluate/parse.py | 19 +++-- .github/actions/e2e_benchmark/fio.ini | 2 +- .github/workflows/e2e-test-release.yml | 23 ++++-- .github/workflows/e2e-test-weekly.yml | 29 +++---- 6 files changed, 91 insertions(+), 67 deletions(-) diff --git a/.github/actions/e2e_benchmark/action.yml b/.github/actions/e2e_benchmark/action.yml index 14524ca91..871e6cc7b 100644 --- a/.github/actions/e2e_benchmark/action.yml +++ b/.github/actions/e2e_benchmark/action.yml @@ -5,7 +5,6 @@ inputs: cloudProvider: description: "Which cloud provider to use." required: true - # TODO: Create different report depending on the attestation variant attestationVariant: description: "Which attestation variant to use." required: true @@ -56,18 +55,18 @@ runs: ref: 67c64c854841165b778979375444da1c02e02210 path: k8s-bench-suite - - - name: Run FIO benchmark without caching in Azure - if: inputs.cloudProvider == 'azure' + - name: Run FIO benchmark shell: bash env: KUBECONFIG: ${{ inputs.kubeconfig }} run: | + if [[ "${{ inputs.cloudProvider }}" == "azure" ]] + then cat < - benchmarks/constellation-${{ inputs.cloudProvider }}.json + benchmarks/constellation-${{ inputs.attestationVariant }}.json name: "benchmarks-${{ inputs.artifactNameSuffix }}" encryptionSecret: ${{ inputs.encryptionSecret }} @@ -166,12 +179,10 @@ runs: - name: Get previous benchmark records from S3 shell: bash - env: - CSP: ${{ inputs.cloudProvider }} run: | - aws s3 cp --recursive ${S3_PATH} ./ --no-progress - if [[ -f constellation-${CSP}.json ]]; then - mv constellation-${CSP}.json benchmarks/constellation-${CSP}-previous.json + if aws s3 cp "${S3_PATH}/constellation-${{ inputs.attestationVariant }}.json" ./ --no-progress + then + mv "constellation-${{ inputs.attestationVariant }}.json" "benchmarks/constellation-${{ inputs.attestationVariant }}-previous.json" else echo "::warning::Couldn't retrieve previous benchmark records from s3" fi @@ -180,15 +191,15 @@ runs: shell: bash env: # Paths to benchmark results as JSON of the previous run and the current run - PREV_BENCH: benchmarks/constellation-${{ inputs.cloudProvider }}-previous.json - CURR_BENCH: benchmarks/constellation-${{ inputs.cloudProvider }}.json + PREV_BENCH: benchmarks/constellation-${{ inputs.attestationVariant }}-previous.json + CURR_BENCH: benchmarks/constellation-${{ inputs.attestationVariant }}.json run: | if [[ -f "$PREV_BENCH" ]]; then # Fails if the results are outside the threshold range python .github/actions/e2e_benchmark/evaluate/compare.py >> $GITHUB_STEP_SUMMARY fi - - name: Upload benchmark results to opensearch + - name: Upload benchmark results to OpenSearch if: (!env.ACT) shell: bash env: @@ -198,14 +209,12 @@ runs: run: | curl -XPOST \ -u "${OPENSEARCH_USER}:${OPENSEARCH_PWD}" \ - "${OPENSEARCH_DOMAIN}/benchmarks-${{ inputs.cloudProvider }}-$(date '+%Y')"/_doc \ - --data-binary @benchmarks/constellation-${{ inputs.cloudProvider }}.json \ + "${OPENSEARCH_DOMAIN}/benchmarks-${{ inputs.attestationVariant }}-$(date '+%Y')"/_doc \ + --data-binary @benchmarks/constellation-${{ inputs.attestationVariant }}.json \ -H 'Content-Type: application/json' - name: Update benchmark records in S3 if: github.ref_name == 'main' shell: bash - env: - CSP: ${{ inputs.cloudProvider }} run: | - aws s3 cp benchmarks/constellation-${CSP}.json ${S3_PATH}/constellation-${CSP}.json + aws s3 cp benchmarks/constellation-${{ inputs.attestationVariant }}.json ${S3_PATH}/constellation-${{ inputs.attestationVariant }}.json diff --git a/.github/actions/e2e_benchmark/evaluate/compare.py b/.github/actions/e2e_benchmark/evaluate/compare.py index 59d10a186..87faac09e 100644 --- a/.github/actions/e2e_benchmark/evaluate/compare.py +++ b/.github/actions/e2e_benchmark/evaluate/compare.py @@ -94,18 +94,18 @@ class BenchmarkComparer: raise ValueError('Failed reading benchmark file: {e}'.format(e=e)) try: - name = bench_curr['provider'] + name = bench_curr['attestationVariant'] except KeyError: raise ValueError( - 'Current benchmark record file does not contain provider.') + 'Current benchmark record file does not contain attestationVariant.') try: - prev_name = bench_prev['provider'] + prev_name = bench_prev['attestationVariant'] except KeyError: raise ValueError( - 'Previous benchmark record file does not contain provider.') + 'Previous benchmark record file does not contain attestationVariant.') if name != prev_name: raise ValueError( - 'Cloud providers of previous and current benchmark data do not match.') + 'Cloud attestationVariants of previous and current benchmark data do not match.') if 'fio' not in bench_prev.keys() or 'fio' not in bench_curr.keys(): raise ValueError('Benchmarks do not both contain fio records.') diff --git a/.github/actions/e2e_benchmark/evaluate/parse.py b/.github/actions/e2e_benchmark/evaluate/parse.py index fedce5c70..8d9353343 100644 --- a/.github/actions/e2e_benchmark/evaluate/parse.py +++ b/.github/actions/e2e_benchmark/evaluate/parse.py @@ -7,7 +7,7 @@ from datetime import datetime from evaluators import fio, knb -def configure() -> Tuple[str, str, str, str | None, str, str, str, str]: +def configure() -> Tuple[str, str, str, str, str | None, str, str, str, str]: """Read the benchmark data paths. Expects ENV vars (required): @@ -25,27 +25,29 @@ def configure() -> Tuple[str, str, str, str | None, str, str, str, str]: """ base_path = os.environ.get('BENCH_RESULTS', None) csp = os.environ.get('CSP', None) + attestation_variant = os.environ.get('ATTESTATION_VARIANT', None) out_dir = os.environ.get('BDIR', None) - if not base_path or not csp or not out_dir: + if not base_path or not csp or not out_dir or not attestation_variant: raise TypeError( - 'ENV variables BENCH_RESULTS, CSP, BDIR are required.') + 'ENV variables BENCH_RESULTS, CSP, BDIR, ATTESTATION_VARIANT are required.') ext_provider_name = os.environ.get('EXT_NAME', None) commit_hash = os.environ.get('GITHUB_SHA', 'N/A') commit_ref = os.environ.get('GITHUB_REF_NAME', 'N/A') actor = os.environ.get('GITHUB_ACTOR', 'N/A') workflow = os.environ.get('GITHUB_WORKFLOW', 'N/A') - return base_path, csp, out_dir, ext_provider_name, commit_hash, commit_ref, actor, workflow + return base_path, csp, attestation_variant, out_dir, ext_provider_name, commit_hash, commit_ref, actor, workflow class BenchmarkParser: - def __init__(self, base_path, csp, out_dir, ext_provider_name=None, commit_hash="N/A", commit_ref="N/A", actor="N/A", workflow="N/A"): + def __init__(self, base_path, csp, attestation_variant, out_dir, ext_provider_name=None, commit_hash="N/A", commit_ref="N/A", actor="N/A", workflow="N/A"): self.base_path = base_path self.csp = csp + self.attestation_variant = attestation_variant self.out_dir = out_dir self.ext_provider_name = ext_provider_name if not self.ext_provider_name: - self.ext_provider_name = f'constellation-{csp}' + self.ext_provider_name = f'constellation-{attestation_variant}' self.commit_hash = commit_hash self.commit_ref = commit_ref self.actor = actor @@ -88,6 +90,7 @@ class BenchmarkParser: }, '@timestamp': str(timestamp), 'provider': self.ext_provider_name, + 'attestationVariant': self.attestation_variant, 'fio': {}, 'knb': {}} @@ -101,8 +104,8 @@ class BenchmarkParser: def main(): - base_path, csp, out_dir, ext_provider_name, commit_hash, commit_ref, actor, workflow = configure() - p = BenchmarkParser(base_path, csp, out_dir, ext_provider_name, + base_path, csp, attestation_variant, out_dir, ext_provider_name, commit_hash, commit_ref, actor, workflow = configure() + p = BenchmarkParser(base_path, csp, attestation_variant, out_dir, ext_provider_name, commit_hash, commit_ref, actor, workflow) p.parse() diff --git a/.github/actions/e2e_benchmark/fio.ini b/.github/actions/e2e_benchmark/fio.ini index c956bc7b4..33960341a 100644 --- a/.github/actions/e2e_benchmark/fio.ini +++ b/.github/actions/e2e_benchmark/fio.ini @@ -7,7 +7,7 @@ size=10Gi time_based=1 group_reporting thread -cpus_allowed=1 +cpus_allowed=0 [read_iops] diff --git a/.github/workflows/e2e-test-release.yml b/.github/workflows/e2e-test-release.yml index a088b5a02..49c644b39 100644 --- a/.github/workflows/e2e-test-release.yml +++ b/.github/workflows/e2e-test-release.yml @@ -231,23 +231,32 @@ jobs: runner: "ubuntu-22.04" clusterCreation: "cli" - # perf-bench test on latest k8s version, not supported on AWS + # perf-bench test on latest k8s version - test: "perf-bench" attestationVariant: "gcp-sev-es" kubernetes-version: "v1.29" runner: "ubuntu-22.04" clusterCreation: "cli" - # Not yet supported on gcp-sev-snp - #- test: "perf-bench" - # attestationVariant: "gcp-sev-snp" - # kubernetes-version: "v1.29" - # runner: "ubuntu-22.04" - # clusterCreation: "cli" + - test: "perf-bench" + attestationVariant: "gcp-sev-snp" + kubernetes-version: "v1.29" + runner: "ubuntu-22.04" + clusterCreation: "cli" - test: "perf-bench" attestationVariant: "azure-sev-snp" kubernetes-version: "v1.29" runner: "ubuntu-22.04" clusterCreation: "cli" + - test: "perf-bench" + attestationVariant: "azure-tdx" + kubernetes-version: "v1.29" + runner: "ubuntu-22.04" + clusterCreation: "cli" + - test: "perf-bench" + attestationVariant: "aws-sev-snp" + kubernetes-version: "v1.29" + runner: "ubuntu-22.04" + clusterCreation: "cli" # s3proxy test on latest k8s version - test: "s3proxy" diff --git a/.github/workflows/e2e-test-weekly.yml b/.github/workflows/e2e-test-weekly.yml index 0b46c6e0b..b6560b239 100644 --- a/.github/workflows/e2e-test-weekly.yml +++ b/.github/workflows/e2e-test-weekly.yml @@ -241,29 +241,32 @@ jobs: kubernetes-version: "v1.29" clusterCreation: "cli" - # perf-bench test on latest k8s version, not supported on AWS + # perf-bench test on latest k8s version - test: "perf-bench" refStream: "ref/main/stream/debug/?" attestationVariant: "gcp-sev-es" kubernetes-version: "v1.29" clusterCreation: "cli" - # Not yet supported on gcp-sev-snp - #- test: "perf-bench" - # refStream: "ref/main/stream/debug/?" - # attestationVariant: "gcp-sev-snp" - # kubernetes-version: "v1.29" - # clusterCreation: "cli" + - test: "perf-bench" + refStream: "ref/main/stream/debug/?" + attestationVariant: "gcp-sev-snp" + kubernetes-version: "v1.29" + clusterCreation: "cli" - test: "perf-bench" refStream: "ref/main/stream/debug/?" attestationVariant: "azure-sev-snp" kubernetes-version: "v1.29" clusterCreation: "cli" - # TODO: check what needs to be done for perf-bench on Azure TDX - #- test: "perf-bench" - # refStream: "ref/main/stream/debug/?" - # attestationVariant: "azure-tdx" - # kubernetes-version: "v1.29" - # clusterCreation: "cli" + - test: "perf-bench" + refStream: "ref/main/stream/debug/?" + attestationVariant: "azure-tdx" + kubernetes-version: "v1.29" + clusterCreation: "cli" + - test: "perf-bench" + refStream: "ref/main/stream/debug/?" + attestationVariant: "aws-sev-snp" + kubernetes-version: "v1.29" + clusterCreation: "cli" # s3proxy test on latest k8s version - test: "s3proxy" From 72555e9ba1980cd75e2a6fd9ecad3eb399823376 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 4 Jun 2024 14:50:20 +0200 Subject: [PATCH 045/380] deps: update GitHub action dependencies (#3140) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/actions/container_registry_login/action.yml | 2 +- .github/actions/e2e_sonobuoy/action.yml | 2 +- .github/workflows/codeql.yml | 4 ++-- .github/workflows/scorecard.yml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/actions/container_registry_login/action.yml b/.github/actions/container_registry_login/action.yml index ff49a2798..6f7942331 100644 --- a/.github/actions/container_registry_login/action.yml +++ b/.github/actions/container_registry_login/action.yml @@ -17,7 +17,7 @@ runs: steps: - name: Use docker for logging in if: runner.os != 'macOS' - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: ${{ inputs.registry }} username: ${{ inputs.username }} diff --git a/.github/actions/e2e_sonobuoy/action.yml b/.github/actions/e2e_sonobuoy/action.yml index 6d03e9072..fc2e5faa0 100644 --- a/.github/actions/e2e_sonobuoy/action.yml +++ b/.github/actions/e2e_sonobuoy/action.yml @@ -64,7 +64,7 @@ runs: - name: Publish test results if: (!env.ACT) && contains(inputs.sonobuoyTestSuiteCmd, '--plugin e2e') - uses: mikepenz/action-junit-report@9379f0ccddcab154835d4e2487555ee79614fe95 # v4.2.1 + uses: mikepenz/action-junit-report@ac30be7acb0a361e5492575ab42e47fcadec4928 # v4.2.2 with: report_paths: "**/junit_01.xml" fail_on_failure: true diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 020f9dbb1..902518009 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -44,7 +44,7 @@ jobs: cache: false - name: Initialize CodeQL - uses: github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 + uses: github/codeql-action/init@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 with: languages: ${{ matrix.language }} @@ -63,6 +63,6 @@ jobs: echo "::endgroup::" - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 + uses: github/codeql-action/analyze@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 with: category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index b0bc2f373..41ad2d24b 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -37,6 +37,6 @@ jobs: retention-days: 5 - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 + uses: github/codeql-action/upload-sarif@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 with: sarif_file: results.sarif From 5f0ed2b86595fc769705a2053bdfbfa86184d425 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Tue, 4 Jun 2024 16:50:52 +0200 Subject: [PATCH 046/380] flake: pin bazel to 7.1.2 (#3142) Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --- flake.lock | 31 ++++++++++++++++++++++++------- flake.nix | 10 +++++++++- 2 files changed, 33 insertions(+), 8 deletions(-) diff --git a/flake.lock b/flake.lock index d53c97aa4..e66669ccb 100644 --- a/flake.lock +++ b/flake.lock @@ -18,13 +18,29 @@ "type": "github" } }, - "nixpkgsUnstable": { + "nixpkgsBazel": { "locked": { - "lastModified": 1715161350, - "narHash": "sha256-5ZU8DVwHO0gjw2sKoKkToYOXMJFRBpRsa17Ebm8fgj0=", + "lastModified": 1717414489, + "narHash": "sha256-fhvJv8hkJwotkqxhoSQfvh6UfKG+sTYIQ3hchariEDk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c4200cb341ee794775185ecd4105fbbfb5ca73a0", + "rev": "c429fa2ffa21229eeadbe37c11a47aff35f53ce0", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c429fa2ffa21229eeadbe37c11a47aff35f53ce0", + "type": "github" + } + }, + "nixpkgsUnstable": { + "locked": { + "lastModified": 1717399147, + "narHash": "sha256-eCWaE/q1VItpFAxxLVt171MdtDcjEnwi6QB/yuF73JU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "4a4ecb0ab415c9fccfb005567a215e6a9564cdf5", "type": "github" }, "original": { @@ -37,6 +53,7 @@ "root": { "inputs": { "flake-utils": "flake-utils", + "nixpkgsBazel": "nixpkgsBazel", "nixpkgsUnstable": "nixpkgsUnstable", "uplosi": "uplosi" } @@ -66,11 +83,11 @@ ] }, "locked": { - "lastModified": 1714468720, - "narHash": "sha256-i/RVCoeQLeOaPaEtJS/l+42CVohMucA6cBBt0mdJ4uE=", + "lastModified": 1715947971, + "narHash": "sha256-1YpxN5R3lEQnOUg94B2B/Ah2WDABUQTZ6kpyQMPt/xI=", "owner": "edgelesssys", "repo": "uplosi", - "rev": "7c881351a2f7c664d04c4e235562e5b427b167f2", + "rev": "73b6208ac21603bb69e8079fa8be821e590de286", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index ff88be0b5..657d09f28 100644 --- a/flake.nix +++ b/flake.nix @@ -5,6 +5,11 @@ nixpkgsUnstable = { url = "github:NixOS/nixpkgs/nixpkgs-unstable"; }; + # TODO(msanft): Remove once https://github.com/NixOS/nixpkgs/commit/c429fa2ffa21229eeadbe37c11a47aff35f53ce0 + # lands in nixpkgs-unstable. + nixpkgsBazel = { + url = "github:NixOS/nixpkgs/c429fa2ffa21229eeadbe37c11a47aff35f53ce0"; + }; flake-utils = { url = "github:numtide/flake-utils"; }; @@ -18,6 +23,7 @@ outputs = { self , nixpkgsUnstable + , nixpkgsBazel , flake-utils , uplosi }: @@ -25,6 +31,8 @@ let pkgsUnstable = import nixpkgsUnstable { inherit system; }; + bazelPkgsUnstable = import nixpkgsBazel { inherit system; }; + callPackage = pkgsUnstable.callPackage; mkosiDev = (pkgsUnstable.mkosi.overrideAttrs (oldAttrs: rec { @@ -55,7 +63,7 @@ openssl-static = pkgsUnstable.openssl.override { static = true; }; - bazel_7 = callPackage ./nix/packages/bazel.nix { pkgs = pkgsUnstable; nixpkgs = nixpkgsUnstable; }; + bazel_7 = bazelPkgsUnstable.callPackage ./nix/packages/bazel.nix { pkgs = bazelPkgsUnstable; nixpkgs = nixpkgsBazel; }; in { From 66a5d6a5d373a449a8d197f274802121b23bdaf8 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 4 Jun 2024 16:54:50 +0200 Subject: [PATCH 047/380] deps: update dependency rules_proto to v6.0.0.bcr.1 (#3138) * deps: update dependency rules_proto to v6.0.0.bcr.1 * deps: tidy all modules --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci --- MODULE.bazel | 2 +- MODULE.bazel.lock | 27 ++++++++++++++------------- 2 files changed, 15 insertions(+), 14 deletions(-) diff --git a/MODULE.bazel b/MODULE.bazel index d70914eb9..cc39b3011 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -7,7 +7,7 @@ bazel_dep(name = "hermetic_cc_toolchain", version = "3.1.0") bazel_dep(name = "rules_cc", version = "0.0.9") bazel_dep(name = "rules_go", version = "0.48.0", repo_name = "io_bazel_rules_go") bazel_dep(name = "rules_pkg", version = "0.10.1") -bazel_dep(name = "rules_proto", version = "6.0.0") +bazel_dep(name = "rules_proto", version = "6.0.0.bcr.1") bazel_dep(name = "rules_python", version = "0.32.2") bazel_dep(name = "buildifier_prebuilt", version = "6.4.0", dev_dependency = True) diff --git a/MODULE.bazel.lock b/MODULE.bazel.lock index a1c891ef2..49d5e9e2d 100644 --- a/MODULE.bazel.lock +++ b/MODULE.bazel.lock @@ -1,6 +1,6 @@ { "lockFileVersion": 6, - "moduleFileHash": "91559330a28416282d36f62589bea72e0d5155b853a7a8d2b280bb02e8ad7e4c", + "moduleFileHash": "b92386d1cc50b1a882bf3f0701bbff7fa7fb0116f653fe2773066016cb07ca71", "flags": { "cmdRegistries": [ "https://bcr.bazel.build/" @@ -320,7 +320,7 @@ "rules_cc": "rules_cc@0.0.9", "io_bazel_rules_go": "rules_go@0.48.0", "rules_pkg": "rules_pkg@0.10.1", - "rules_proto": "rules_proto@6.0.0", + "rules_proto": "rules_proto@6.0.0.bcr.1", "rules_python": "rules_python@0.32.2", "buildifier_prebuilt": "buildifier_prebuilt@6.4.0", "bazel_tools": "bazel_tools@_", @@ -621,7 +621,7 @@ "bazel_skylib": "bazel_skylib@1.6.1", "com_google_protobuf": "protobuf@21.7", "io_bazel_rules_go": "rules_go@0.48.0", - "rules_proto": "rules_proto@6.0.0", + "rules_proto": "rules_proto@6.0.0.bcr.1", "bazel_tools": "bazel_tools@_", "local_config_platform": "local_config_platform@_" } @@ -817,7 +817,7 @@ "io_bazel_rules_go_bazel_features": "bazel_features@1.9.1", "bazel_skylib": "bazel_skylib@1.6.1", "platforms": "platforms@0.0.8", - "rules_proto": "rules_proto@6.0.0", + "rules_proto": "rules_proto@6.0.0.bcr.1", "com_google_protobuf": "protobuf@21.7", "gazelle": "gazelle@_", "bazel_tools": "bazel_tools@_", @@ -866,10 +866,10 @@ } } }, - "rules_proto@6.0.0": { + "rules_proto@6.0.0.bcr.1": { "name": "rules_proto", - "version": "6.0.0", - "key": "rules_proto@6.0.0", + "version": "6.0.0.bcr.1", + "key": "rules_proto@6.0.0.bcr.1", "repoName": "rules_proto", "executionPlatformsToRegister": [], "toolchainsToRegister": [], @@ -878,6 +878,7 @@ "rules_license": "rules_license@0.0.7", "bazel_skylib": "bazel_skylib@1.6.1", "bazel_features": "bazel_features@1.9.1", + "rules_cc": "rules_cc@0.0.9", "bazel_tools": "bazel_tools@_", "local_config_platform": "local_config_platform@_" }, @@ -891,7 +892,7 @@ "integrity": "sha256-MD6G5yKlIPbzJqULQc/Ba5j+bRlVzkZkKlt6Z8EcD10=", "strip_prefix": "rules_proto-6.0.0", "remote_patches": { - "https://bcr.bazel.build/modules/rules_proto/6.0.0/patches/module_dot_bazel_version.patch": "sha256-fjQjxMdkMeumhvx9JdFSYeHH+Ex4TaTXNFMi554NF8E=" + "https://bcr.bazel.build/modules/rules_proto/6.0.0.bcr.1/patches/module_dot_bazel_version.patch": "sha256-O611MTM6jc/FSREFg1XadlJTs+0AEV0OXw5rymD9w74=" }, "remote_patch_strip": 1 } @@ -1024,7 +1025,7 @@ "bazel_skylib": "bazel_skylib@1.6.1", "rules_cc": "rules_cc@0.0.9", "platforms": "platforms@0.0.8", - "rules_proto": "rules_proto@6.0.0", + "rules_proto": "rules_proto@6.0.0.bcr.1", "com_google_protobuf": "protobuf@21.7", "bazel_tools": "bazel_tools@_", "local_config_platform": "local_config_platform@_" @@ -1237,7 +1238,7 @@ "rules_cc": "rules_cc@0.0.9", "rules_java": "rules_java@7.4.0", "rules_license": "rules_license@0.0.7", - "rules_proto": "rules_proto@6.0.0", + "rules_proto": "rules_proto@6.0.0.bcr.1", "rules_python": "rules_python@0.32.2", "buildozer": "buildozer@6.4.0.2", "platforms": "platforms@0.0.8", @@ -1418,7 +1419,7 @@ "bazel_skylib": "bazel_skylib@1.6.1", "rules_python": "rules_python@0.32.2", "rules_cc": "rules_cc@0.0.9", - "rules_proto": "rules_proto@6.0.0", + "rules_proto": "rules_proto@6.0.0.bcr.1", "rules_java": "rules_java@7.4.0", "rules_pkg": "rules_pkg@0.10.1", "com_google_abseil": "abseil-cpp@20211102.0", @@ -1555,7 +1556,7 @@ "platforms": "platforms@0.0.8", "rules_cc": "rules_cc@0.0.9", "bazel_skylib": "bazel_skylib@1.6.1", - "rules_proto": "rules_proto@6.0.0", + "rules_proto": "rules_proto@6.0.0.bcr.1", "rules_license": "rules_license@0.0.7", "bazel_tools": "bazel_tools@_", "local_config_platform": "local_config_platform@_" @@ -1760,7 +1761,7 @@ "extensionUsages": [], "deps": { "bazel_skylib": "bazel_skylib@1.6.1", - "rules_proto": "rules_proto@6.0.0", + "rules_proto": "rules_proto@6.0.0.bcr.1", "com_google_protobuf": "protobuf@21.7", "com_google_absl": "abseil-cpp@20211102.0", "platforms": "platforms@0.0.8", From 5a100d1fc97525c7ee9b16d367edf28d1eb390c0 Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Wed, 5 Jun 2024 07:56:11 +0200 Subject: [PATCH 048/380] helm: use Cilium chart from fork (#3130) --- .../helm/charts/cilium/README.md | 9 +- .../templates/cilium-agent/daemonset.yaml | 2 +- .../helm/charts/cilium/values.yaml.tmpl | 14 +-- internal/constellation/helm/cilium.patch | 89 +------------------ internal/constellation/helm/generateCilium.sh | 4 +- 5 files changed, 18 insertions(+), 100 deletions(-) diff --git a/internal/constellation/helm/charts/cilium/README.md b/internal/constellation/helm/charts/cilium/README.md index bdbca6edc..21f7633a0 100644 --- a/internal/constellation/helm/charts/cilium/README.md +++ b/internal/constellation/helm/charts/cilium/README.md @@ -297,10 +297,11 @@ contributors across the globe, there is almost always someone available to help. | encryption.mountPath | string | `"/etc/ipsec"` | Deprecated in favor of encryption.ipsec.mountPath. To be removed in 1.15. Path to mount the secret inside the Cilium pod. This option is only effective when encryption.type is set to ipsec. | | encryption.nodeEncryption | bool | `false` | Enable encryption for pure node to node traffic. This option is only effective when encryption.type is set to "wireguard". | | encryption.secretName | string | `"cilium-ipsec-keys"` | Deprecated in favor of encryption.ipsec.secretName. To be removed in 1.15. Name of the Kubernetes secret containing the encryption keys. This option is only effective when encryption.type is set to ipsec. | -| encryption.strictMode | object | `{"allowRemoteNodeIdentities":false,"cidr":"","enabled":false}` | Configure the WireGuard Pod2Pod strict mode. | -| encryption.strictMode.allowRemoteNodeIdentities | bool | `false` | Allow dynamic lookup of remote node identities. This is required when tunneling is used or direct routing is used and the node CIDR and pod CIDR overlap. | -| encryption.strictMode.cidr | string | `""` | CIDR for the WireGuard Pod2Pod strict mode. | -| encryption.strictMode.enabled | bool | `false` | Enable WireGuard Pod2Pod strict mode. | +| encryption.strictMode | object | `{"allowRemoteNodeIdentities":true,"enabled":false,"nodeCIDRList":[],"podCIDRList":[]}` | Configure the WireGuard strict mode. | +| encryption.strictMode.allowRemoteNodeIdentities | bool | `true` | Allow dynamic lookup of remote node identities. This is required when tunneling is used or direct routing is used and the node CIDR and pod CIDR overlap. This is also required when control-plane nodes are exempted from node-to-node encryption. | +| encryption.strictMode.enabled | bool | `false` | Enable WireGuard strict mode. | +| encryption.strictMode.nodeCIDRList | list | `[]` | nodeCIDRList for the WireGuard strict mode. | +| encryption.strictMode.podCIDRList | list | `[]` | podCIDRList for the WireGuard strict mode. | | encryption.type | string | `"ipsec"` | Encryption method. Can be either ipsec or wireguard. | | encryption.wireguard.persistentKeepalive | string | `"0s"` | Controls Wireguard PersistentKeepalive option. Set 0s to disable. | | encryption.wireguard.userspaceFallback | bool | `false` | Enables the fallback to the user-space implementation. | diff --git a/internal/constellation/helm/charts/cilium/templates/cilium-agent/daemonset.yaml b/internal/constellation/helm/charts/cilium/templates/cilium-agent/daemonset.yaml index 773a5b26b..d63395f8a 100644 --- a/internal/constellation/helm/charts/cilium/templates/cilium-agent/daemonset.yaml +++ b/internal/constellation/helm/charts/cilium/templates/cilium-agent/daemonset.yaml @@ -716,7 +716,7 @@ spec: mountPath: /host/opt/cni/bin {{- end }} # .Values.cni.install - name: firewall-pods - image: ghcr.io/edgelesssys/cilium/cilium:v1.15.0-pre.3-edg.2@sha256:c21b7fbbb084a128a479d6170e5f89ad2768dfecb4af10ee6a99ffe5d1a11749 + image: {{ include "cilium.image" .Values.image | quote }} imagePullPolicy: IfNotPresent command: - /bin/bash diff --git a/internal/constellation/helm/charts/cilium/values.yaml.tmpl b/internal/constellation/helm/charts/cilium/values.yaml.tmpl index 92a7ad759..2f55aa49a 100644 --- a/internal/constellation/helm/charts/cilium/values.yaml.tmpl +++ b/internal/constellation/helm/charts/cilium/values.yaml.tmpl @@ -800,17 +800,21 @@ encryption: # This option is only effective when encryption.type is set to "wireguard". nodeEncryption: false - # -- Configure the WireGuard Pod2Pod strict mode. + # -- Configure the WireGuard strict mode. strictMode: - # -- Enable WireGuard Pod2Pod strict mode. + # -- Enable WireGuard strict mode. enabled: false - # -- CIDR for the WireGuard Pod2Pod strict mode. - cidr: "" + # -- podCIDRList for the WireGuard strict mode. + podCIDRList: [] + + # -- nodeCIDRList for the WireGuard strict mode. + nodeCIDRList: [] # -- Allow dynamic lookup of remote node identities. # This is required when tunneling is used or direct routing is used and the node CIDR and pod CIDR overlap. - allowRemoteNodeIdentities: false + # This is also required when control-plane nodes are exempted from node-to-node encryption. + allowRemoteNodeIdentities: true ipsec: # -- Name of the key file inside the Kubernetes secret configured via secretName. diff --git a/internal/constellation/helm/cilium.patch b/internal/constellation/helm/cilium.patch index cc12f4cb5..1ef6a2419 100644 --- a/internal/constellation/helm/cilium.patch +++ b/internal/constellation/helm/cilium.patch @@ -1,49 +1,3 @@ -diff --git a/install/kubernetes/cilium/templates/cilium-configmap.yaml b/install/kubernetes/cilium/templates/cilium-configmap.yaml -index 4ac3b006e3..3541e3d380 100644 ---- a/install/kubernetes/cilium/templates/cilium-configmap.yaml -+++ b/install/kubernetes/cilium/templates/cilium-configmap.yaml -@@ -608,7 +608,9 @@ data: - {{- if .Values.encryption.strictMode.enabled }} - enable-encryption-strict-mode: {{ .Values.encryption.strictMode.enabled | quote }} - -- encryption-strict-mode-cidr: {{ .Values.encryption.strictMode.cidr | quote }} -+ encryption-strict-mode-node-cidrs: {{ .Values.encryption.strictMode.nodeCIDRList | join " " | quote }} -+ -+ encryption-strict-mode-pod-cidrs: {{ .Values.encryption.strictMode.podCIDRList | join " " | quote }} - - encryption-strict-mode-allow-remote-node-identities: {{ .Values.encryption.strictMode.allowRemoteNodeIdentities | quote }} - {{- end }} -diff --git a/install/kubernetes/cilium/values.yaml b/install/kubernetes/cilium/values.yaml -index c00e9af831..4661c16f56 100644 ---- a/install/kubernetes/cilium/values.yaml -+++ b/install/kubernetes/cilium/values.yaml -@@ -794,17 +794,21 @@ encryption: - # This option is only effective when encryption.type is set to "wireguard". - nodeEncryption: false - -- # -- Configure the WireGuard Pod2Pod strict mode. -+ # -- Configure the WireGuard strict mode. - strictMode: -- # -- Enable WireGuard Pod2Pod strict mode. -+ # -- Enable WireGuard strict mode. - enabled: false -+ -+ # -- podCIDRList for the WireGuard strict mode. -+ podCIDRList: [] - -- # -- CIDR for the WireGuard Pod2Pod strict mode. -- cidr: "" -+ # -- nodeCIDRList for the WireGuard strict mode. -+ nodeCIDRList: [] - - # -- Allow dynamic lookup of remote node identities. - # This is required when tunneling is used or direct routing is used and the node CIDR and pod CIDR overlap. -- allowRemoteNodeIdentities: false -+ # This is also required when control-plane nodes are exempted from node-to-node encryption. -+ allowRemoteNodeIdentities: true - - ipsec: - # -- Name of the key file inside the Kubernetes secret configured via secretName. diff --git a/install/kubernetes/cilium/Chart.yaml b/install/kubernetes/cilium/Chart.yaml index 256a79542..3f3fc714b 100644 --- a/install/kubernetes/cilium/Chart.yaml @@ -59,45 +13,4 @@ index 256a79542..3f3fc714b 100644 kubeVersion: ">= 1.16.0-0" icon: https://cdn.jsdelivr.net/gh/cilium/cilium@main/Documentation/images/logo-solo.svg description: eBPF-based Networking, Security, and Observability -diff --git a/install/kubernetes/cilium/templates/cilium-agent/daemonset.yaml b/install/kubernetes/cilium/templates/cilium-agent/daemonset.yaml -index f6b493cb7..50b80267a 100644 ---- a/install/kubernetes/cilium/templates/cilium-agent/daemonset.yaml -+++ b/install/kubernetes/cilium/templates/cilium-agent/daemonset.yaml -@@ -715,6 +715,37 @@ spec: - - name: cni-path - mountPath: /host/opt/cni/bin - {{- end }} # .Values.cni.install -+ - name: firewall-pods -+ image: ghcr.io/edgelesssys/cilium/cilium:v1.15.0-pre.3-edg.2@sha256:c21b7fbbb084a128a479d6170e5f89ad2768dfecb4af10ee6a99ffe5d1a11749 -+ imagePullPolicy: IfNotPresent -+ command: -+ - /bin/bash -+ - -exc -+ - | -+ pref=32 -+ interface=$(ip route | awk '/^default/ { print $5 }') -+ tc qdisc add dev "${interface}" clsact || true -+ tc filter del dev "${interface}" ingress pref "${pref}" 2>/dev/null || true -+ handle=0 -+ for cidr in ${POD_CIDRS}; do -+ handle=$((handle + 1)) -+ tc filter replace dev "${interface}" ingress pref "${pref}" handle "${handle}" protocol ip flower dst_ip "${cidr}" action drop -+ done -+ env: -+ - name: POD_CIDRS -+ valueFrom: -+ configMapKeyRef: -+ key: encryption-strict-mode-pod-cidrs -+ name: cilium-config -+ optional: true -+ resources: -+ requests: -+ cpu: 100m -+ memory: 20Mi -+ securityContext: -+ capabilities: -+ add: -+ - NET_ADMIN - restartPolicy: Always - priorityClassName: {{ include "cilium.priorityClass" (list $ .Values.priorityClassName "system-node-critical") }} - serviceAccount: {{ .Values.serviceAccounts.cilium.name | quote }} + \ No newline at end of file diff --git a/internal/constellation/helm/generateCilium.sh b/internal/constellation/helm/generateCilium.sh index df2a625bd..8d8e462f9 100755 --- a/internal/constellation/helm/generateCilium.sh +++ b/internal/constellation/helm/generateCilium.sh @@ -21,8 +21,8 @@ git clone \ --no-checkout \ --sparse \ --depth 1 \ - -b 1.15.0-pre.3 \ - https://github.com/cilium/cilium.git + -b v1.15.0-pre.3-edg.3 \ + https://github.com/edgelesssys/cilium.git cd cilium git sparse-checkout add install/kubernetes/cilium From 151435157159c613fe582ce73692da7c21ec3ea7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Wed, 5 Jun 2024 08:42:47 +0200 Subject: [PATCH 049/380] ci: update conditions on when to auto assign reviewer (#3141) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Use the correct value for `github.event.pull_request.requested_reviewers` * Run the workflow on more events than just labeling a PR * Skip workflow if there are already reviewers assigned --------- Signed-off-by: Daniel Weiße --- .github/workflows/assign_reviewer.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/assign_reviewer.yml b/.github/workflows/assign_reviewer.yml index 7e342711b..b2a0517cb 100644 --- a/.github/workflows/assign_reviewer.yml +++ b/.github/workflows/assign_reviewer.yml @@ -2,7 +2,13 @@ name: Assign Reviewer on: pull_request: - types: ["labeled"] + types: + - opened + - reopened + - edited + - synchronize + - review_request_removed + - labeled permissions: pull-requests: write @@ -10,7 +16,7 @@ permissions: jobs: assign_reviewer: runs-on: ubuntu-latest - if: github.event.label.name == 'dependencies' && github.event.pull_request.user.login == 'app/renovate' + if: contains(github.event.pull_request.labels.*.name, 'dependencies') && toJson(github.event.pull_request.requested_reviewers) == '[]' && github.event.pull_request.user.login == 'renovate[bot]' steps: - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Pick assignee From 1b7b80673c02283c6d95eabdad55743c31a20e78 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Wed, 5 Jun 2024 09:22:32 +0200 Subject: [PATCH 050/380] image: update measurements and image version (#3144) Co-authored-by: katexochen <49727155+katexochen@users.noreply.github.com> --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index 30b2f23ce..44ec880e0 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x2b, 0x78, 0x77, 0x33, 0xcb, 0xfd, 0xdb, 0x9d, 0xa8, 0xab, 0x9f, 0xd4, 0xd8, 0x6b, 0x2a, 0x16, 0x0d, 0x1f, 0xf1, 0xdc, 0xd4, 0x8f, 0x51, 0x3b, 0xcb, 0xef, 0xa4, 0x5e, 0x5c, 0x7b, 0x14, 0x67}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x48, 0x9d, 0xd4, 0xd1, 0x0d, 0xfe, 0x78, 0xca, 0x7a, 0x4c, 0x10, 0xc9, 0xe0, 0x06, 0x13, 0xda, 0x09, 0x05, 0x16, 0xb5, 0x36, 0x5c, 0xd1, 0x24, 0xd3, 0xe1, 0x83, 0x0b, 0x78, 0xb2, 0x11, 0x56}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xca, 0xef, 0x6c, 0xc5, 0x34, 0x37, 0x86, 0x09, 0x15, 0x18, 0xba, 0x21, 0xa6, 0x80, 0x9b, 0xb0, 0x1c, 0xe3, 0xde, 0x3f, 0xbe, 0x27, 0xb3, 0x15, 0x5f, 0xc0, 0x37, 0x9b, 0xee, 0xbe, 0xbd, 0x01}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x49, 0x80, 0xe6, 0x6d, 0x93, 0x2b, 0x7e, 0x53, 0x96, 0x6a, 0x45, 0xc3, 0x33, 0xd3, 0xc3, 0x72, 0x00, 0x63, 0x4e, 0x52, 0x73, 0xd9, 0x34, 0x67, 0xe6, 0xec, 0x06, 0xed, 0x0b, 0xcd, 0xb5, 0xad}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd9, 0x1c, 0x54, 0xc6, 0x0f, 0xbb, 0x9b, 0x94, 0xc7, 0x85, 0xe5, 0x33, 0xee, 0x94, 0x8a, 0xd5, 0xe1, 0x5c, 0x38, 0x2f, 0xf6, 0x20, 0x17, 0xe4, 0xc8, 0xd9, 0xb0, 0x0b, 0x7a, 0x3a, 0x18, 0xf6}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x68, 0xd2, 0xcf, 0xb7, 0x1d, 0xfc, 0x2f, 0x50, 0x9f, 0x7b, 0xe5, 0x94, 0x17, 0xb1, 0x88, 0x1c, 0x28, 0xa2, 0x58, 0x07, 0xdd, 0x89, 0x69, 0xdd, 0x97, 0x46, 0xbf, 0xd4, 0x1a, 0x76, 0xa9, 0x89}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x38, 0x52, 0xb2, 0x3e, 0xc1, 0x0a, 0xfd, 0xc9, 0x2a, 0xa6, 0xc4, 0x64, 0xd3, 0x8a, 0xf4, 0x40, 0x7c, 0x6d, 0x23, 0x3b, 0xcf, 0x7a, 0x92, 0xa4, 0x3a, 0x58, 0x7a, 0xe1, 0x1a, 0x41, 0xb5, 0xb8}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xf7, 0x84, 0x5c, 0xe7, 0x2c, 0xb4, 0xeb, 0x6a, 0x57, 0x11, 0xe3, 0xab, 0xcb, 0x3f, 0xaa, 0x64, 0xce, 0xe8, 0x4b, 0xf1, 0x2c, 0xfb, 0x15, 0x0d, 0x07, 0xba, 0x2d, 0x34, 0x4a, 0x25, 0x95, 0x31}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x5a, 0x2b, 0x47, 0x8c, 0xb6, 0xec, 0xad, 0xeb, 0x66, 0xa1, 0x98, 0xbd, 0xe6, 0xbb, 0x71, 0xbf, 0xd3, 0x49, 0xfc, 0x95, 0xc7, 0x29, 0xcd, 0x38, 0x68, 0x6f, 0x35, 0x32, 0x2f, 0x40, 0x83, 0xa9}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xb7, 0x28, 0x48, 0x89, 0xfe, 0x5d, 0x36, 0x03, 0x86, 0xf1, 0xe0, 0x4e, 0x11, 0xa9, 0x2b, 0x18, 0xd8, 0xb6, 0x4e, 0xcf, 0xe5, 0x4f, 0x0a, 0x31, 0x57, 0x35, 0x6f, 0xab, 0x40, 0xb9, 0x04, 0x89}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xbd, 0x0c, 0xb3, 0x38, 0xe2, 0xd3, 0xa8, 0xda, 0xc4, 0x5b, 0xcf, 0xda, 0x91, 0x55, 0x41, 0x65, 0xa7, 0x2d, 0x02, 0x7e, 0xc6, 0x01, 0xd8, 0x39, 0x11, 0xd9, 0xbd, 0x82, 0xc5, 0x82, 0x70, 0x64}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x8f, 0x04, 0x24, 0x7b, 0x9a, 0xc9, 0xdc, 0xa5, 0x5f, 0xdf, 0xcd, 0x3c, 0xeb, 0x6f, 0x20, 0x7c, 0xe6, 0xe2, 0xb6, 0xd9, 0x7b, 0x16, 0x6e, 0xd0, 0x18, 0x3b, 0x42, 0x56, 0xf4, 0x87, 0x88, 0x82}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x91, 0x5a, 0xa7, 0xe1, 0xee, 0xce, 0x88, 0x39, 0xc1, 0xae, 0xca, 0x52, 0xa5, 0x4c, 0x53, 0x96, 0x38, 0x03, 0x90, 0x39, 0x01, 0x88, 0x50, 0x30, 0x20, 0x9f, 0x0e, 0x49, 0x45, 0xfb, 0x9c, 0xd6}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x8c, 0xf8, 0x72, 0x10, 0xec, 0xd5, 0xf5, 0x8b, 0x3b, 0xf0, 0xac, 0x2f, 0x65, 0xf7, 0x77, 0x3f, 0xec, 0xcf, 0x7e, 0xca, 0x57, 0x14, 0xf0, 0xe5, 0xb8, 0x96, 0x6b, 0x4a, 0x32, 0x76, 0x52, 0x0a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x80, 0x27, 0x00, 0x6a, 0xee, 0x80, 0xb0, 0x54, 0x9e, 0x57, 0x6c, 0x0e, 0x43, 0xa4, 0x0c, 0x2f, 0x54, 0x35, 0x82, 0x36, 0x17, 0xe6, 0xaa, 0x97, 0xb9, 0x97, 0x04, 0x6c, 0x9b, 0xf8, 0x4d, 0x52}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x63, 0xe2, 0x28, 0x48, 0x83, 0x37, 0x44, 0xcc, 0x92, 0xe3, 0x4f, 0xa1, 0x71, 0x8b, 0xba, 0x08, 0x29, 0xe1, 0xb9, 0x6c, 0x22, 0xe0, 0xf8, 0x85, 0xa8, 0x28, 0x32, 0x0a, 0xdb, 0xe5, 0xa8, 0x1b}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd8, 0x44, 0x4a, 0x50, 0x88, 0x95, 0x2d, 0xb2, 0x0d, 0x62, 0x0f, 0x85, 0x8c, 0x1d, 0x2e, 0x11, 0xc1, 0x65, 0x5b, 0x23, 0xc1, 0x6f, 0x4d, 0x18, 0xaf, 0xf7, 0x64, 0x18, 0xd4, 0x80, 0x43, 0x23}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x53, 0xc3, 0x9f, 0xdf, 0x01, 0x8d, 0xc7, 0x13, 0x84, 0xc3, 0xed, 0x75, 0x43, 0x7a, 0x70, 0x77, 0x16, 0x56, 0x72, 0x6a, 0x44, 0x99, 0x70, 0xeb, 0x3b, 0x08, 0x75, 0x53, 0x78, 0xd4, 0xf3, 0xb0}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x13, 0xb1, 0x40, 0xf0, 0xbb, 0x86, 0x9c, 0xab, 0x4c, 0xa9, 0x55, 0xd0, 0x12, 0xd7, 0x2c, 0x01, 0x2b, 0x12, 0x25, 0x25, 0xf5, 0x45, 0x29, 0x5e, 0xbf, 0x80, 0x68, 0x85, 0x07, 0x7d, 0xfd, 0x2d}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xbe, 0x48, 0xbc, 0xe8, 0x40, 0x11, 0x9a, 0xad, 0x20, 0x40, 0x9d, 0x1c, 0xba, 0xe8, 0x70, 0x99, 0x2f, 0x44, 0xe3, 0x78, 0x3d, 0xfa, 0x3f, 0x02, 0x49, 0x18, 0xbb, 0x0e, 0x39, 0xfb, 0x93, 0x39}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x22, 0x54, 0x56, 0xf1, 0xba, 0xbc, 0xd9, 0x26, 0x28, 0x01, 0x69, 0x8d, 0x7c, 0x98, 0xaa, 0x3c, 0x43, 0xe6, 0x02, 0x82, 0x0e, 0x0d, 0x53, 0x26, 0x5d, 0x6e, 0x2a, 0x8d, 0x87, 0xe2, 0x15, 0xfe}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x4f, 0xb9, 0xbb, 0x37, 0x7e, 0x0c, 0xc2, 0xad, 0x80, 0x43, 0xf9, 0x54, 0xe9, 0x85, 0xc1, 0xb5, 0xdb, 0xa2, 0xef, 0x17, 0x65, 0x46, 0x5a, 0xd6, 0x7a, 0x64, 0xf8, 0xeb, 0xc1, 0x98, 0x9b, 0x61}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xfd, 0x5a, 0xfc, 0xe0, 0x77, 0xf4, 0x46, 0x9f, 0x69, 0x53, 0x9a, 0x3c, 0x22, 0xd0, 0xc2, 0x12, 0x2d, 0x38, 0xac, 0xbd, 0xdd, 0x63, 0xbf, 0x39, 0x9a, 0x34, 0x1a, 0x05, 0x68, 0x8b, 0xc6, 0x56}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xba, 0x55, 0x0a, 0x9f, 0xcd, 0x15, 0xc5, 0xc6, 0x89, 0x63, 0xb5, 0xe8, 0xd5, 0xcd, 0x49, 0x9e, 0xf8, 0xcc, 0xb6, 0xd2, 0x5a, 0xc2, 0x90, 0x3c, 0xa5, 0x68, 0xd0, 0x6b, 0x58, 0x71, 0x55, 0xf3}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xdd, 0xd7, 0x05, 0x22, 0xa7, 0x53, 0xdf, 0x07, 0xed, 0x58, 0xaf, 0x1b, 0x5c, 0xb2, 0x02, 0x24, 0x7f, 0x1d, 0x47, 0x47, 0xd0, 0x6b, 0xe8, 0xfd, 0x91, 0x8c, 0x6f, 0xb6, 0xb6, 0x28, 0x5e, 0xf3}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb0, 0x16, 0xe4, 0x78, 0xdb, 0xd3, 0x93, 0xc0, 0xa0, 0x68, 0x7a, 0xc9, 0xff, 0xcf, 0x6f, 0x5b, 0xcc, 0x0f, 0x8b, 0x09, 0x64, 0x0e, 0x30, 0x44, 0x7b, 0x1f, 0x9a, 0x27, 0xa0, 0x55, 0xc4, 0x02}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xdf, 0x5d, 0x60, 0x2d, 0x15, 0x01, 0x15, 0xa3, 0x06, 0x72, 0x4e, 0x2c, 0x26, 0x44, 0x5f, 0x8b, 0x49, 0xda, 0xb6, 0x1b, 0xc5, 0x76, 0xbe, 0x61, 0x2d, 0x0b, 0x02, 0x5f, 0x93, 0x3a, 0xe8, 0xf3}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xfe, 0x71, 0x87, 0xc7, 0x8e, 0x0e, 0xa5, 0x01, 0xf9, 0x40, 0xa7, 0x57, 0xcd, 0x17, 0xbe, 0xe9, 0x9b, 0x8d, 0x61, 0x4e, 0xa0, 0x50, 0xf0, 0xf6, 0x8e, 0xf8, 0xc0, 0x1e, 0x77, 0xc4, 0x4a, 0x0b}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x73, 0x4d, 0x90, 0x81, 0x93, 0x24, 0xd4, 0x49, 0x83, 0x02, 0x8c, 0x33, 0xc2, 0x30, 0x45, 0x11, 0xb2, 0xad, 0xff, 0x44, 0xa4, 0x72, 0x63, 0xfd, 0x93, 0x23, 0x28, 0x8c, 0xac, 0xb2, 0x58, 0x0d}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x49, 0x4b, 0x9a, 0xac, 0x7d, 0x04, 0xb9, 0xb4, 0x4d, 0xe4, 0x2e, 0x99, 0x9d, 0x11, 0xc2, 0x1b, 0x1f, 0xcc, 0x48, 0x73, 0x34, 0xf3, 0xde, 0xe8, 0x8b, 0x9b, 0x9a, 0x42, 0xb5, 0xb3, 0x01, 0x57}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0x72, 0x56, 0x1c, 0xe0, 0x23, 0xff, 0x22, 0x54, 0x46, 0x06, 0x23, 0x62, 0x57, 0xda, 0x67, 0x16, 0x65, 0x2f, 0x6e, 0x47, 0xf4, 0x55, 0xdd, 0x21, 0x9b, 0x05, 0x23, 0x2d, 0x26, 0x83, 0x14, 0x66}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xe8, 0x4e, 0xb9, 0x5c, 0x87, 0x08, 0x68, 0x46, 0x1c, 0xb1, 0xc9, 0xbe, 0x1a, 0x7c, 0x40, 0xe1, 0x23, 0x2d, 0xf8, 0x3e, 0xc9, 0x02, 0xd7, 0xa1, 0x2a, 0x8b, 0x92, 0xfb, 0x62, 0xae, 0xa0, 0xfc}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x94, 0xa4, 0x7c, 0xb7, 0x08, 0x6f, 0x99, 0x54, 0x12, 0x3f, 0x51, 0xa4, 0x7e, 0x48, 0x26, 0xd4, 0x53, 0xb0, 0x0f, 0xc7, 0x70, 0xfc, 0xd5, 0x5e, 0x8f, 0x52, 0x3b, 0x48, 0x50, 0x40, 0x0c, 0x60}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x27, 0xdd, 0x41, 0x23, 0xc8, 0x61, 0x5b, 0x3d, 0x4c, 0x78, 0xb7, 0xa0, 0x6e, 0xf3, 0x06, 0x57, 0x11, 0xb3, 0x6f, 0xb9, 0x98, 0xcd, 0xe9, 0x2c, 0xa4, 0x46, 0x20, 0x36, 0x91, 0x95, 0xf3, 0x98}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x49, 0x04, 0x3b, 0x3d, 0xb7, 0x98, 0x27, 0x6d, 0xe7, 0x75, 0x57, 0x15, 0x3f, 0x03, 0x5c, 0x38, 0x4b, 0x74, 0x1a, 0x22, 0xde, 0x92, 0x3d, 0x0e, 0xf1, 0x77, 0x3d, 0x35, 0x58, 0x05, 0x2e, 0xdc}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa2, 0xb5, 0x35, 0xdb, 0x15, 0xe3, 0xb8, 0x8e, 0x9f, 0xce, 0x21, 0x5b, 0xde, 0x64, 0x2f, 0x18, 0xc3, 0x96, 0x47, 0xcd, 0x4a, 0xc3, 0x2b, 0xa1, 0x95, 0xa7, 0xd5, 0x4b, 0x0c, 0xe2, 0x1b, 0x8f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x4c, 0x69, 0x2a, 0xac, 0x03, 0x11, 0xde, 0x75, 0x6d, 0x97, 0x56, 0x81, 0xdf, 0x88, 0x81, 0xa7, 0x09, 0x65, 0xac, 0xc6, 0xcf, 0xc9, 0x64, 0xd0, 0x5f, 0x97, 0xa1, 0x4e, 0x5d, 0x0d, 0xfc, 0xdf}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x30, 0x93, 0x4a, 0xe6, 0xa8, 0x26, 0xc1, 0x75, 0xbc, 0x95, 0xa9, 0x99, 0x84, 0x14, 0xa1, 0x94, 0x94, 0x35, 0x1c, 0x2b, 0x5e, 0xdd, 0x5b, 0x68, 0xca, 0x52, 0x07, 0x25, 0x51, 0xff, 0x5a, 0x73}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x1c, 0xb0, 0xb3, 0x11, 0xec, 0x80, 0x41, 0xed, 0x44, 0x5f, 0x8e, 0x0e, 0x17, 0x22, 0xf0, 0x33, 0x53, 0xe6, 0x1f, 0x6d, 0x97, 0x8a, 0x5f, 0xdd, 0x44, 0xe9, 0x8c, 0x06, 0xcc, 0x5f, 0x73, 0x63}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0xc2, 0x76, 0x4c, 0x6f, 0x66, 0x46, 0x38, 0xef, 0xa9, 0xb6, 0xe2, 0xf0, 0x18, 0x9e, 0x4f, 0x05, 0x54, 0x15, 0xff, 0x4e, 0x81, 0x89, 0xd1, 0xcf, 0x52, 0x01, 0x35, 0x99, 0x89, 0x93, 0xb2, 0x5a}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xa8, 0x07, 0xe6, 0xe4, 0xa8, 0x00, 0x41, 0x71, 0xa7, 0x00, 0x42, 0x04, 0xcf, 0x06, 0x90, 0x93, 0x0c, 0xcc, 0x2f, 0xaf, 0x6a, 0x78, 0xcf, 0x4a, 0x62, 0xa7, 0x12, 0x2d, 0x7c, 0x8e, 0x61, 0xd4}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x17, 0x65, 0x66, 0xd5, 0xf7, 0x41, 0x57, 0x04, 0x72, 0x63, 0x01, 0xac, 0x7f, 0x60, 0x47, 0x46, 0x15, 0xa4, 0xcc, 0x14, 0x9b, 0x7c, 0xd6, 0x02, 0x46, 0x6a, 0x47, 0x17, 0x60, 0x49, 0x65, 0x73}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0xd5, 0x19, 0x09, 0x5a, 0x3e, 0xda, 0x12, 0x81, 0x62, 0x2d, 0xc1, 0x31, 0xdb, 0xd8, 0x51, 0xd7, 0xa1, 0xaa, 0xa4, 0xbd, 0xde, 0xdd, 0x58, 0x89, 0x4c, 0xf9, 0x2e, 0x94, 0x8b, 0x79, 0x73, 0x34}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x03, 0xea, 0xf2, 0x90, 0x24, 0x10, 0xd1, 0x32, 0x45, 0x08, 0x72, 0xf7, 0x97, 0x5f, 0xe7, 0x58, 0x21, 0xc8, 0xb5, 0x28, 0x59, 0xbe, 0x10, 0x36, 0xd7, 0x7c, 0x6c, 0xea, 0xfc, 0x38, 0x6a, 0xf0}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xb3, 0xe8, 0xb3, 0xc0, 0x6d, 0x1b, 0xe7, 0xa6, 0xbb, 0xb2, 0x0b, 0xe8, 0xf9, 0x3b, 0x76, 0x5e, 0xe3, 0xf9, 0x1f, 0x76, 0xed, 0x9f, 0xe5, 0x8a, 0x9e, 0x47, 0xaf, 0x9e, 0x60, 0x3b, 0x22, 0x02}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0x7e, 0x57, 0x76, 0xb0, 0x7b, 0x04, 0xa2, 0x38, 0x50, 0x00, 0x37, 0x2b, 0x81, 0x42, 0x06, 0x96, 0xcb, 0x94, 0xa2, 0x8a, 0x03, 0x14, 0x6d, 0xab, 0xed, 0x66, 0x99, 0x2c, 0x3f, 0x25, 0xa4, 0x54}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x27, 0x47, 0x4b, 0xda, 0x75, 0x97, 0x99, 0xfb, 0x92, 0x8c, 0x7d, 0x47, 0x5b, 0x93, 0x89, 0xc7, 0xaf, 0x32, 0x28, 0x72, 0x71, 0x7d, 0x6b, 0x01, 0x15, 0xe9, 0x19, 0x4a, 0x4f, 0x91, 0x88, 0xd9}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x76, 0x37, 0xcb, 0x54, 0x28, 0xe6, 0x97, 0xc8, 0x86, 0x4b, 0x42, 0x1d, 0x1e, 0xf3, 0x99, 0xba, 0x4e, 0xb2, 0x4e, 0x13, 0x3b, 0xf3, 0xbd, 0xb8, 0x77, 0x7a, 0x42, 0x1b, 0x1d, 0x45, 0x80, 0x1a}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index b9a50214a..ac6463495 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.17.0-pre.0.20240529081827-79d3781f3e15" + defaultImage = "ref/main/stream/nightly/v2.17.0-pre.0.20240604165450-66a5d6a5d373" ) From 1989bce0a5bb6d828339857edeac19a787144799 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Wed, 5 Jun 2024 09:24:08 +0200 Subject: [PATCH 051/380] bootstrapper: disable gRPC logging (#3134) * bootstrapper: disable gRPC logging * bootstrapper: remove debug flag * upgrade-agent: remove gRPC logging Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --- bootstrapper/cmd/bootstrapper/main.go | 12 +++++------- .../system/constellation-bootstrapper.service | 2 +- .../system/constellation-upgrade-agent.service | 2 +- upgrade-agent/cmd/main.go | 15 ++++++--------- 4 files changed, 13 insertions(+), 18 deletions(-) diff --git a/bootstrapper/cmd/bootstrapper/main.go b/bootstrapper/cmd/bootstrapper/main.go index fd7080c74..23b2cf474 100644 --- a/bootstrapper/cmd/bootstrapper/main.go +++ b/bootstrapper/cmd/bootstrapper/main.go @@ -43,16 +43,14 @@ const ( ) func main() { - gRPCDebug := flag.Bool("debug", false, "Enable gRPC debug logging") verbosity := flag.Int("v", 0, logger.CmdLineVerbosityDescription) flag.Parse() log := logger.NewJSONLogger(logger.VerbosityFromInt(*verbosity)).WithGroup("bootstrapper") - - if *gRPCDebug { - logger.ReplaceGRPCLogger(log.WithGroup("gRPC")) - } else { - logger.ReplaceGRPCLogger(slog.New(logger.NewLevelHandler(slog.LevelWarn, log.Handler())).WithGroup("gRPC")) - } + logger.ReplaceGRPCLogger( + slog.New( + logger.NewLevelHandler(logger.VerbosityFromInt(*verbosity), log.Handler()), + ).WithGroup("gRPC"), + ) ctx, cancel := context.WithCancel(context.Background()) defer cancel() diff --git a/image/base/mkosi.skeleton/usr/lib/systemd/system/constellation-bootstrapper.service b/image/base/mkosi.skeleton/usr/lib/systemd/system/constellation-bootstrapper.service index 76ef974ce..cf93df780 100644 --- a/image/base/mkosi.skeleton/usr/lib/systemd/system/constellation-bootstrapper.service +++ b/image/base/mkosi.skeleton/usr/lib/systemd/system/constellation-bootstrapper.service @@ -10,7 +10,7 @@ RemainAfterExit=yes Restart=on-failure EnvironmentFile=/run/constellation.env Environment=PATH=/run/state/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin -ExecStart=/usr/bin/bootstrapper $CONSTELLATION_DEBUG_FLAGS +ExecStart=/usr/bin/bootstrapper [Install] WantedBy=multi-user.target diff --git a/image/base/mkosi.skeleton/usr/lib/systemd/system/constellation-upgrade-agent.service b/image/base/mkosi.skeleton/usr/lib/systemd/system/constellation-upgrade-agent.service index c3fefdcc5..ffa204085 100644 --- a/image/base/mkosi.skeleton/usr/lib/systemd/system/constellation-upgrade-agent.service +++ b/image/base/mkosi.skeleton/usr/lib/systemd/system/constellation-upgrade-agent.service @@ -8,7 +8,7 @@ RemainAfterExit=yes Restart=on-failure EnvironmentFile=/run/constellation.env Environment=PATH=/run/state/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin -ExecStart=/usr/bin/upgrade-agent $CONSTELLATION_DEBUG_FLAGS +ExecStart=/usr/bin/upgrade-agent [Install] WantedBy=multi-user.target diff --git a/upgrade-agent/cmd/main.go b/upgrade-agent/cmd/main.go index 2eaabb91d..fe16caa13 100644 --- a/upgrade-agent/cmd/main.go +++ b/upgrade-agent/cmd/main.go @@ -23,17 +23,14 @@ const ( ) func main() { - gRPCDebug := flag.Bool("debug", false, "Enable gRPC debug logging") verbosity := flag.Int("v", 0, logger.CmdLineVerbosityDescription) flag.Parse() - - log := logger.NewJSONLogger(logger.VerbosityFromInt(*verbosity)).WithGroup("bootstrapper") - - if *gRPCDebug { - logger.ReplaceGRPCLogger(log.WithGroup("gRPC")) - } else { - logger.ReplaceGRPCLogger(slog.New(logger.NewLevelHandler(slog.LevelWarn, log.Handler())).WithGroup("gRPC")) - } + log := logger.NewJSONLogger(logger.VerbosityFromInt(*verbosity)).WithGroup("upgrade-agent") + logger.ReplaceGRPCLogger( + slog.New( + logger.NewLevelHandler(logger.VerbosityFromInt(*verbosity), log.Handler()), + ).WithGroup("gRPC"), + ) handler := file.NewHandler(afero.NewOsFs()) server, err := server.New(log, handler) From 39b01f8dacc99ce27ea7567ba96b2a2d9504abfc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Wed, 5 Jun 2024 10:27:39 +0200 Subject: [PATCH 052/380] deps: bump Go version to v1.22.4 (#3146) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- .github/workflows/build-ccm-gcp.yml | 2 +- .../workflows/build-os-image-scheduled.yml | 2 +- .github/workflows/codeql.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/test-operator-codegen.yml | 2 +- MODULE.bazel | 2 +- MODULE.bazel.lock | 4 ++-- dev-docs/workflows/bump-go-version.md | 21 ++++++++++++++++++- 8 files changed, 28 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build-ccm-gcp.yml b/.github/workflows/build-ccm-gcp.yml index ed60a4fdc..5a4633fe0 100644 --- a/.github/workflows/build-ccm-gcp.yml +++ b/.github/workflows/build-ccm-gcp.yml @@ -31,7 +31,7 @@ jobs: - name: Setup Go environment uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: - go-version: "1.22.3" + go-version: "1.22.4" cache: false - name: Install Crane diff --git a/.github/workflows/build-os-image-scheduled.yml b/.github/workflows/build-os-image-scheduled.yml index 4a4c42809..553956564 100644 --- a/.github/workflows/build-os-image-scheduled.yml +++ b/.github/workflows/build-os-image-scheduled.yml @@ -69,7 +69,7 @@ jobs: - name: Setup Go environment uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: - go-version: "1.22.3" + go-version: "1.22.4" cache: false - name: Determine version diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 902518009..b394d4a21 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -40,7 +40,7 @@ jobs: if: matrix.language == 'go' uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: - go-version: "1.22.3" + go-version: "1.22.4" cache: false - name: Initialize CodeQL diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b01d34685..45ee106f5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -233,7 +233,7 @@ jobs: - name: Setup Go environment uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: - go-version: "1.22.3" + go-version: "1.22.4" cache: true - name: Build generateMeasurements tool diff --git a/.github/workflows/test-operator-codegen.yml b/.github/workflows/test-operator-codegen.yml index f51256dcf..1bdbe3d26 100644 --- a/.github/workflows/test-operator-codegen.yml +++ b/.github/workflows/test-operator-codegen.yml @@ -28,7 +28,7 @@ jobs: - name: Setup Go environment uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: - go-version: "1.22.3" + go-version: "1.22.4" cache: true - name: Run code generation diff --git a/MODULE.bazel b/MODULE.bazel index cc39b3011..bb3acbd27 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -24,7 +24,7 @@ go_sdk = use_extension("@io_bazel_rules_go//go:extensions.bzl", "go_sdk") go_sdk.download( name = "go_sdk", patches = ["//3rdparty/bazel/org_golang:go_tls_max_handshake_size.patch"], - version = "1.22.3", + version = "1.22.4", ) # the use_repo rule needs to list all top-level go dependencies diff --git a/MODULE.bazel.lock b/MODULE.bazel.lock index 49d5e9e2d..3427ceca2 100644 --- a/MODULE.bazel.lock +++ b/MODULE.bazel.lock @@ -1,6 +1,6 @@ { "lockFileVersion": 6, - "moduleFileHash": "b92386d1cc50b1a882bf3f0701bbff7fa7fb0116f653fe2773066016cb07ca71", + "moduleFileHash": "69841d218742190dc3a3ae4ccb22541216c1297d9657a24ec500b256a5d2b63a", "flags": { "cmdRegistries": [ "https://bcr.bazel.build/" @@ -43,7 +43,7 @@ "patches": [ "//3rdparty/bazel/org_golang:go_tls_max_handshake_size.patch" ], - "version": "1.22.3" + "version": "1.22.4" }, "devDependency": false, "location": { diff --git a/dev-docs/workflows/bump-go-version.md b/dev-docs/workflows/bump-go-version.md index 6416b4db0..d0e259700 100644 --- a/dev-docs/workflows/bump-go-version.md +++ b/dev-docs/workflows/bump-go-version.md @@ -4,7 +4,7 @@ ## Steps -Replace "1.xx.x" with the new version in [MODULE.bazel](/MODULE.bazel): +Replace `"1.xx.x"` with the new version in [MODULE.bazel](/MODULE.bazel): ```starlark go_sdk = use_extension("@io_bazel_rules_go//go:extensions.bzl", "go_sdk") @@ -16,3 +16,22 @@ go_sdk.download( ) ``` + +Replace `go-version: "1.xx.x"` with the new version in all GitHub actions and workflows. +You can use the following command to find replace all instances of `go-version: "1.xx.x"` in the `.github` directory: + +```bash +OLD_VERSION="1.xx.x" +NEW_VERSION="1.xx.y" +find .github -type f -exec sed -i "s/go-version: \"${OLD_VERSION}\"/go-version: \"${NEW_VERSION}\"/g" {} \; +``` + +Or manually: + +```yaml +- name: Setup Go environment + uses: actions/setup-go@v5 + with: + go-version: "1.xx.x" <--- Replace this one + ~~~~~~~~ +``` From d64aba7636c1926ef99a9b5730fb0c06d6bc08b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Wed, 5 Jun 2024 10:41:19 +0200 Subject: [PATCH 053/380] ci: author scheduled PRs using edgelessci account (#3145) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- .github/workflows/build-os-image-scheduled.yml | 2 ++ .github/workflows/update-rpms.yml | 3 +++ 2 files changed, 5 insertions(+) diff --git a/.github/workflows/build-os-image-scheduled.yml b/.github/workflows/build-os-image-scheduled.yml index 553956564..0c35c546a 100644 --- a/.github/workflows/build-os-image-scheduled.yml +++ b/.github/workflows/build-os-image-scheduled.yml @@ -65,6 +65,7 @@ jobs: uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ github.head_ref }} + token: ${{ secrets.CI_COMMIT_PUSH_PR }} - name: Setup Go environment uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 @@ -111,6 +112,7 @@ jobs: It updates the hardcoded measurements and the image version (for QEMU/MiniConstellation). commit-message: "image: update measurements and image version" committer: edgelessci + author: edgelessci labels: no changelog # We need to push changes using a token, otherwise triggers like on:push and on:pull_request won't work. token: ${{ !github.event.pull_request.head.repo.fork && secrets.CI_COMMIT_PUSH_PR || '' }} diff --git a/.github/workflows/update-rpms.yml b/.github/workflows/update-rpms.yml index 11bca85dc..d8e92a488 100644 --- a/.github/workflows/update-rpms.yml +++ b/.github/workflows/update-rpms.yml @@ -14,6 +14,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + with: + token: ${{ secrets.CI_COMMIT_PUSH_PR }} - name: Assume AWS role to upload Bazel dependencies to S3 uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 @@ -49,6 +51,7 @@ jobs: It updates the locked rpm packages that form the Constellation OS images. commit-message: "image: update locked rpms" committer: edgelessci + author: edgelessci labels: dependencies # We need to push changes using a token, otherwise triggers like on:push and on:pull_request won't work. token: ${{ !github.event.pull_request.head.repo.fork && secrets.CI_COMMIT_PUSH_PR || '' }} From 68035cd90bfd07e5ffab1cd81b87ee768baa9ded Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Wed, 5 Jun 2024 14:07:15 +0200 Subject: [PATCH 054/380] rfc: node access (#3051) --- rfc/016-node-access.md | 188 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 188 insertions(+) create mode 100644 rfc/016-node-access.md diff --git a/rfc/016-node-access.md b/rfc/016-node-access.md new file mode 100644 index 000000000..0c6875c48 --- /dev/null +++ b/rfc/016-node-access.md @@ -0,0 +1,188 @@ +--- +status: approved, not implemented +--- + +# RFC 016: Node Access + +## Background + +A production Constellation cluster is currently configured not to allow any kind of remote administrative access. +This choice is deliberate: any mechanism for remote accesss can potentially be exploited, or may leak sensitive data. + +However, some operations on a Kubernetes cluster require some form of access to the nodes. +A good class of examples are etcd cluster maintenance tasks, like backup and recovery, or emergency operations like removing a permanently failed member. +Some kubeadm operations, like certificate rotation, also require some form of cluster access. + +While some tasks can be accomplished by DaemonSets, CronJobs and the like, relying on Kubernetes objects is insufficient. +Executing commands in a Kubernetes pod may fail because Kubernetes is not healthy, etcd is bricked or the network is down. +Administrative access to the nodes through a side channel would greatly help remediate, or at least debug, those situations. + +## Requirements + +Constellation admins can log into Constellation nodes for maintenance, subject to the following restrictions: + +* Access must be encrypted end-to-end to protect from CSP snooping. +* Access must be possible even if the Kubernetes API server is down. + +Nice-to-have: + +* The method of access should not require long-term storage of a second secret. +* The method of access should be time-limited. + +## Proposed Design + +Core to the proposal is [certificate-based authentication for OpenSSH](https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Certificate-based_Authentication). +We can derive a valid SSH key from the Constellation master secret. +An OpenSSH server on the node accepts certificates issued by this CA key. +Admins can derive the CA key from the master secret on demand, and issue certificates for arbitrary public keys. +An example program is in the [Appendix](#appendix). + +### Key Details + +We use an HKDF to derive an ed25519 private key from the master secret. +This private key acts as an SSH certificate authority, whose signed certs allow access to cluster nodes. +Since the master secret is available to both the cluster owner and the nodes, no communication with the cluster is needed to mint valid certificates. +The choice of curve allows to directly use the derived secret bytes as key. +This makes the implementation deterministic, and thus the CA key recoverable. + +### Server-side Details + +An OpenSSH server is added to the node image software stack. +It's configured with a `TrustedUserCAKeys` file and a `RevokedKeys` file, both being empty on startup. +All other means of authentication are disabled. + +After initialization, the bootstrapper fills the `TrustedUserCAKeys` file with the derived CA's public key. +Joining nodes send their public host key as part of the `IssueJoinTokenRequest` and receive the CA certificate and an indefinitely valid certificate as response. + +The `RevokedKeys` KRL is an option for the cluster administrator to revoke keys, but it's not managed by Constellation. + +### Client-side Details + +A new `ssh` subcommand is added to the CLI. +The exact name is TBD, but it should fit in with other key-related activity, like generating volume keys. +It takes the master secret file and an SSH pub key file as arguments, and writes a certificate to stdout. +Optional arguments may include principals or vailidity period. +The implementation could roughly follow the PoC in the [Appendix](#appendix). + +As an extension, the subcommand could allow generating a key pair and a matching certificate in a temp dir, and `exec` the ssh program directly. +This would encourage use of very short-lived certificates. + +## Security Considerations + +Exposing an additional service to the outside world increases the attack surface. +We propose the following mitigations: + +1. The SSH port is only exposed to the VPC. + This restricts the attackers to malicious co-tenants and the CSP. + In an emergency, admins need to add a load balancer to be able to reach the nodes. +2. A hardened OpenSSH config only allows the options strictly necessary for the scheme proposed here. + Authorized keys and passwords must be disabled. + Cipher suites should be restricted. etc. + +## Alternatives Considered + +### Enable Serial Console + +Serial consoles for cloud VMs are tunnelled through the CSP in the clear. +To make this solution secure, an encrypted channel would need to be established on top of the serial connection. +The author is not aware of any software providing such a channel. + +### SSH with Authorized Keys + +We could ask users to add a public key to their `constellation-conf.yaml` and add that to `/root/.ssh/authorized_keys` after joining. +This would require the cluster owner to permanently manage a second secret, and there would be no built-in way to revoke access. + +### Debug Pod + +Some node administration tasks can be performed with a [debug pod]. +If privileged access is required, it's usually necessary to schedule a custom pod. +This only works if the Kubernetes API server is still processing requests, pods can be scheduled on the target node and the network allows connecting to it. + +[debug pod]: https://kubernetes.io/docs/tasks/debug/debug-cluster/kubectl-node-debug/ + +### Host an Admin API Server + +There are alternatives to SSH that allow fine-grained authorization of node operations. +An example would be [SansShell], which verifies node access requests with a policy. +Setting up such a tool requires a detailed understanding of the use cases, of which some might be hard to foresee. +This may be better suited as an extension of the low-level emergency access mechanisms. + +[SansShell]: https://github.com/Snowflake-Labs/sansshell + +## Appendix + +A proof-of-concept implementation of the certificate generation. +Constellation nodes would stop after deriving the CA public key. + +```golang +package main + +import ( + "crypto/ed25519" + "crypto/rand" + "crypto/sha256" + "encoding/json" + "flag" + "fmt" + "log" + "os" + "time" + + "golang.org/x/crypto/hkdf" + "golang.org/x/crypto/ssh" +) + +type secret struct { + Key []byte `json:"key,omitempty"` + Salt []byte `json:"salt,omitempty"` +} + +var permissions = ssh.Permissions{ + Extensions: map[string]string{ + "permit-port-forwarding": "yes", + "permit-pty": "yes", + }, +} + +func main() { + masterSecret := flag.String("secret", "", "") + flag.Parse() + + secretJSON, err := os.ReadFile(*masterSecret) + must(err) + var secret secret + must(json.Unmarshal(secretJSON, &secret)) + + hkdf := hkdf.New(sha256.New, secret.Key, secret.Salt, []byte("ssh-ca")) + + _, priv, err := ed25519.GenerateKey(hkdf) + must(err) + + ca, err := ssh.NewSignerFromSigner(priv) + must(err) + + log.Printf("CA KEY: %s", string(ssh.MarshalAuthorizedKey(ca.PublicKey()))) + + buf, err := os.ReadFile(flag.Arg(0)) + must(err) + pub, _, _, _, err := ssh.ParseAuthorizedKey(buf) + must(err) + certificate := ssh.Certificate{ + Key: pub, + CertType: ssh.UserCert, + ValidAfter: uint64(time.Now().Unix()), + ValidBefore: uint64(time.Now().Add(24 * time.Hour).Unix()), + ValidPrincipals: []string{"root"}, + Permissions: permissions, + } + must(certificate.SignCert(rand.Reader, ca)) + + fmt.Printf("%s\n", string(ssh.MarshalAuthorizedKey(&certificate))) +} + +func must(err error) { + if err != nil { + log.Fatal(err) + } +} +``` From 2fbbf02516fb9f0ae12c8606df2a00fbb0deb165 Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Wed, 5 Jun 2024 14:35:10 +0200 Subject: [PATCH 055/380] bazel: use go_bin_for_host for all scripts (#3147) --- bazel/ci/BUILD.bazel | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/bazel/ci/BUILD.bazel b/bazel/ci/BUILD.bazel index 2725ef57a..4493fa483 100644 --- a/bazel/ci/BUILD.bazel +++ b/bazel/ci/BUILD.bazel @@ -57,10 +57,10 @@ sh_template( sh_template( name = "go_mod_tidy", data = [ - "@io_bazel_rules_go//go", + ":go_bin_for_host", ], substitutions = { - "@@GO@@": "$(rootpath @io_bazel_rules_go//go)", + "@@GO@@": "$(rootpath :go_bin_for_host)", }, template = "go_tidy.sh.in", ) @@ -234,10 +234,10 @@ sh_template( name = "golangci_lint", data = [ ":com_github_golangci_golangci_lint", - "@io_bazel_rules_go//go", + ":go_bin_for_host", ], substitutions = { - "@@GO@@": "$(rootpath @io_bazel_rules_go//go)", + "@@GO@@": "$(rootpath :go_bin_for_host)", "@@GOLANGCI-LINT@@": "$(rootpath :com_github_golangci_golangci_lint)", }, template = "golangci_lint.sh.in", @@ -267,11 +267,11 @@ sh_template( sh_template( name = "golicenses_check", data = [ + ":go_bin_for_host", "@com_github_google_go_licenses//:go-licenses", - "@io_bazel_rules_go//go", ], substitutions = { - "@@GO@@": "$(rootpath @io_bazel_rules_go//go)", + "@@GO@@": "$(rootpath :go_bin_for_host)", "@@GO_LICENSES@@": "$(rootpath @com_github_google_go_licenses//:go-licenses)", }, template = "golicenses.sh.in", @@ -287,11 +287,11 @@ sh_template( sh_template( name = "govulncheck", data = [ - "@io_bazel_rules_go//go", + ":go_bin_for_host", "@org_golang_x_vuln//cmd/govulncheck", ], substitutions = { - "@@GO@@": "$(rootpath @io_bazel_rules_go//go)", + "@@GO@@": "$(rootpath :go_bin_for_host)", "@@GOVULNCHECK@@": "$(rootpath @org_golang_x_vuln//cmd/govulncheck:govulncheck)", }, template = "govulncheck.sh.in", @@ -322,15 +322,15 @@ sh_template( data = [ ":com_github_helm_helm", ":com_github_siderolabs_talos_hack_docgen", + ":go_bin_for_host", "//internal/attestation/measurements/measurement-generator", "//internal/versions/hash-generator", - "@io_bazel_rules_go//go", "@org_golang_x_tools//cmd/stringer", "@yq_toolchains//:resolved_toolchain", ], substitutions = { "@@DOCGEN@@": "$(rootpath :com_github_siderolabs_talos_hack_docgen)", - "@@GO@@": "$(rootpath @io_bazel_rules_go//go)", + "@@GO@@": "$(rootpath :go_bin_for_host)", "@@HASH_GENERATOR@@": "$(rootpath //internal/versions/hash-generator:hash-generator)", "@@HELM@@": "$(rootpath :com_github_helm_helm)", "@@MEASUREMENT_GENERATOR@@": "$(rootpath //internal/attestation/measurements/measurement-generator:measurement-generator)", From 9a01551f753bccb4309e356ed8151880b0449bb5 Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Wed, 5 Jun 2024 16:45:27 +0200 Subject: [PATCH 056/380] ci: don't filter output of govulncheck (#3148) --- bazel/ci/govulncheck.sh.in | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/bazel/ci/govulncheck.sh.in b/bazel/ci/govulncheck.sh.in index 0ea07b10c..560cc6ace 100644 --- a/bazel/ci/govulncheck.sh.in +++ b/bazel/ci/govulncheck.sh.in @@ -27,16 +27,11 @@ PATH=$(dirname "${go}"):${PATH} check() { err=0 - echo "Scanning Go vulnerability DB for knwon vulnerabilities in modules:" + echo "Scanning Go vulnerability DB for known vulnerabilities in modules:" for mod in ${submodules}; do echo " ${mod}" echo -n " " - CGO_ENABLED=0 ${govulncheck} -C "${mod}" "./..." | - tail -n 2 | # Providing some nice output... - tr '\n' ' ' | - sed s/" your code and"// && - printf "\n" || - err=$? + CGO_ENABLED=0 ${govulncheck} -C "${mod}" "./..." || err=$? done exit "${err}" From 9c2aef88ba135f37da80b8ebcb87aa6e4d929b15 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Thu, 6 Jun 2024 10:25:51 +0200 Subject: [PATCH 057/380] debugd: remove `--debug` flag from bootstrapper service created by debugd (#3150) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- debugd/internal/debugd/deploy/service.go | 2 +- debugd/internal/debugd/deploy/service_test.go | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/debugd/internal/debugd/deploy/service.go b/debugd/internal/debugd/deploy/service.go index 2c71891cc..806e8abbc 100644 --- a/debugd/internal/debugd/deploy/service.go +++ b/debugd/internal/debugd/deploy/service.go @@ -172,7 +172,7 @@ func (s *ServiceManager) OverrideServiceUnitExecStart(ctx context.Context, unitN if strings.Contains(execStart, "\n") || strings.Contains(execStart, "\r") { return fmt.Errorf("execStart must not contain newlines") } - overrideUnitContents := fmt.Sprintf("[Service]\nExecStart=\nExecStart=%s $CONSTELLATION_DEBUG_FLAGS\n", execStart) + overrideUnitContents := fmt.Sprintf("[Service]\nExecStart=\nExecStart=%s\n", execStart) s.systemdUnitFilewriteLock.Lock() defer s.systemdUnitFilewriteLock.Unlock() path := filepath.Join(systemdUnitFolder, unitName+".service.d", "override.conf") diff --git a/debugd/internal/debugd/deploy/service_test.go b/debugd/internal/debugd/deploy/service_test.go index 7ee879644..c0c98f93e 100644 --- a/debugd/internal/debugd/deploy/service_test.go +++ b/debugd/internal/debugd/deploy/service_test.go @@ -218,7 +218,7 @@ func TestOverrideServiceUnitExecStart(t *testing.T) { }, unitName: "test", execStart: "/run/state/bin/test", - wantFileContents: "[Service]\nExecStart=\nExecStart=/run/state/bin/test $CONSTELLATION_DEBUG_FLAGS\n", + wantFileContents: "[Service]\nExecStart=\nExecStart=/run/state/bin/test\n", wantActionCalls: []dbusConnActionInput{ {name: "test.service", mode: "replace"}, }, @@ -264,7 +264,7 @@ func TestOverrideServiceUnitExecStart(t *testing.T) { }, unitName: "test", execStart: "/run/state/bin/test", - wantFileContents: "[Service]\nExecStart=\nExecStart=/run/state/bin/test $CONSTELLATION_DEBUG_FLAGS\n", + wantFileContents: "[Service]\nExecStart=\nExecStart=/run/state/bin/test\n", wantActionCalls: []dbusConnActionInput{ {name: "test.service", mode: "replace"}, }, From 2c03a16a68d1ba2972b8e540fe16662bfc777395 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Fri, 7 Jun 2024 07:59:55 +0200 Subject: [PATCH 058/380] image: update measurements and image version (#3151) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index 44ec880e0..1dfaa3104 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x91, 0x5a, 0xa7, 0xe1, 0xee, 0xce, 0x88, 0x39, 0xc1, 0xae, 0xca, 0x52, 0xa5, 0x4c, 0x53, 0x96, 0x38, 0x03, 0x90, 0x39, 0x01, 0x88, 0x50, 0x30, 0x20, 0x9f, 0x0e, 0x49, 0x45, 0xfb, 0x9c, 0xd6}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x8c, 0xf8, 0x72, 0x10, 0xec, 0xd5, 0xf5, 0x8b, 0x3b, 0xf0, 0xac, 0x2f, 0x65, 0xf7, 0x77, 0x3f, 0xec, 0xcf, 0x7e, 0xca, 0x57, 0x14, 0xf0, 0xe5, 0xb8, 0x96, 0x6b, 0x4a, 0x32, 0x76, 0x52, 0x0a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x80, 0x27, 0x00, 0x6a, 0xee, 0x80, 0xb0, 0x54, 0x9e, 0x57, 0x6c, 0x0e, 0x43, 0xa4, 0x0c, 0x2f, 0x54, 0x35, 0x82, 0x36, 0x17, 0xe6, 0xaa, 0x97, 0xb9, 0x97, 0x04, 0x6c, 0x9b, 0xf8, 0x4d, 0x52}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x63, 0xe2, 0x28, 0x48, 0x83, 0x37, 0x44, 0xcc, 0x92, 0xe3, 0x4f, 0xa1, 0x71, 0x8b, 0xba, 0x08, 0x29, 0xe1, 0xb9, 0x6c, 0x22, 0xe0, 0xf8, 0x85, 0xa8, 0x28, 0x32, 0x0a, 0xdb, 0xe5, 0xa8, 0x1b}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd8, 0x44, 0x4a, 0x50, 0x88, 0x95, 0x2d, 0xb2, 0x0d, 0x62, 0x0f, 0x85, 0x8c, 0x1d, 0x2e, 0x11, 0xc1, 0x65, 0x5b, 0x23, 0xc1, 0x6f, 0x4d, 0x18, 0xaf, 0xf7, 0x64, 0x18, 0xd4, 0x80, 0x43, 0x23}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x53, 0xc3, 0x9f, 0xdf, 0x01, 0x8d, 0xc7, 0x13, 0x84, 0xc3, 0xed, 0x75, 0x43, 0x7a, 0x70, 0x77, 0x16, 0x56, 0x72, 0x6a, 0x44, 0x99, 0x70, 0xeb, 0x3b, 0x08, 0x75, 0x53, 0x78, 0xd4, 0xf3, 0xb0}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x13, 0xb1, 0x40, 0xf0, 0xbb, 0x86, 0x9c, 0xab, 0x4c, 0xa9, 0x55, 0xd0, 0x12, 0xd7, 0x2c, 0x01, 0x2b, 0x12, 0x25, 0x25, 0xf5, 0x45, 0x29, 0x5e, 0xbf, 0x80, 0x68, 0x85, 0x07, 0x7d, 0xfd, 0x2d}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xbe, 0x48, 0xbc, 0xe8, 0x40, 0x11, 0x9a, 0xad, 0x20, 0x40, 0x9d, 0x1c, 0xba, 0xe8, 0x70, 0x99, 0x2f, 0x44, 0xe3, 0x78, 0x3d, 0xfa, 0x3f, 0x02, 0x49, 0x18, 0xbb, 0x0e, 0x39, 0xfb, 0x93, 0x39}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x22, 0x54, 0x56, 0xf1, 0xba, 0xbc, 0xd9, 0x26, 0x28, 0x01, 0x69, 0x8d, 0x7c, 0x98, 0xaa, 0x3c, 0x43, 0xe6, 0x02, 0x82, 0x0e, 0x0d, 0x53, 0x26, 0x5d, 0x6e, 0x2a, 0x8d, 0x87, 0xe2, 0x15, 0xfe}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x4f, 0xb9, 0xbb, 0x37, 0x7e, 0x0c, 0xc2, 0xad, 0x80, 0x43, 0xf9, 0x54, 0xe9, 0x85, 0xc1, 0xb5, 0xdb, 0xa2, 0xef, 0x17, 0x65, 0x46, 0x5a, 0xd6, 0x7a, 0x64, 0xf8, 0xeb, 0xc1, 0x98, 0x9b, 0x61}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xfd, 0x5a, 0xfc, 0xe0, 0x77, 0xf4, 0x46, 0x9f, 0x69, 0x53, 0x9a, 0x3c, 0x22, 0xd0, 0xc2, 0x12, 0x2d, 0x38, 0xac, 0xbd, 0xdd, 0x63, 0xbf, 0x39, 0x9a, 0x34, 0x1a, 0x05, 0x68, 0x8b, 0xc6, 0x56}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xba, 0x55, 0x0a, 0x9f, 0xcd, 0x15, 0xc5, 0xc6, 0x89, 0x63, 0xb5, 0xe8, 0xd5, 0xcd, 0x49, 0x9e, 0xf8, 0xcc, 0xb6, 0xd2, 0x5a, 0xc2, 0x90, 0x3c, 0xa5, 0x68, 0xd0, 0x6b, 0x58, 0x71, 0x55, 0xf3}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x42, 0x28, 0x67, 0x35, 0x91, 0x77, 0x4d, 0xc8, 0x03, 0xf9, 0x4f, 0x14, 0x7d, 0xa0, 0x25, 0x29, 0x1b, 0xe3, 0x4f, 0x3a, 0x13, 0xfd, 0x9a, 0xbb, 0xb5, 0x2c, 0x7d, 0x66, 0x52, 0x26, 0xe9, 0xd0}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x72, 0x1b, 0xec, 0xae, 0x31, 0x4f, 0xb7, 0xfe, 0x8a, 0x71, 0x5d, 0x94, 0x13, 0xa1, 0xe8, 0x20, 0xe1, 0x26, 0x54, 0xaa, 0x8f, 0xb2, 0xcd, 0xb6, 0x5f, 0x2a, 0x6b, 0x5a, 0xd2, 0x01, 0xc9, 0x4d}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd4, 0x5d, 0x4c, 0x91, 0xf5, 0xf6, 0x97, 0x3d, 0x93, 0xa1, 0xb7, 0xa9, 0x8b, 0xb5, 0x8e, 0x24, 0xc3, 0x3c, 0xc7, 0x42, 0x2a, 0xb2, 0x1d, 0xb2, 0x89, 0x68, 0xb8, 0x96, 0xd1, 0x62, 0x44, 0x44}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x4b, 0x32, 0x53, 0xb7, 0xf6, 0x88, 0xa1, 0x9f, 0xf8, 0xa5, 0x63, 0xe6, 0xa5, 0xca, 0x32, 0x88, 0x83, 0xfc, 0x7f, 0x17, 0x33, 0x69, 0xee, 0xae, 0x5b, 0x56, 0xa1, 0x96, 0x1d, 0xe4, 0x96, 0xee}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x5a, 0x7d, 0x7a, 0xcc, 0xeb, 0xe8, 0x86, 0xca, 0xed, 0xfd, 0xe5, 0x1f, 0xf6, 0xf5, 0x42, 0x4b, 0x83, 0x71, 0x6d, 0xa7, 0x1f, 0x92, 0x30, 0xd2, 0x07, 0xf3, 0x9d, 0xf7, 0xc9, 0x1f, 0x66, 0x66}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x9d, 0x23, 0xb5, 0x99, 0xa0, 0xfb, 0xbb, 0x7a, 0x68, 0x1d, 0x3f, 0x51, 0xa5, 0xa9, 0xa1, 0xb3, 0x90, 0x48, 0x80, 0xd6, 0x37, 0xe5, 0x4e, 0x89, 0xac, 0x53, 0x48, 0x03, 0x53, 0x70, 0xbf, 0xe1}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x7d, 0xd5, 0x04, 0xbd, 0x65, 0x66, 0xb1, 0x1e, 0x27, 0x28, 0x24, 0xc0, 0xac, 0xb9, 0x85, 0xf6, 0x2d, 0x63, 0xf6, 0x17, 0x62, 0xc2, 0x2a, 0xaa, 0x67, 0xf9, 0xea, 0x3d, 0x48, 0x11, 0x19, 0x7b}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x66, 0xc7, 0x2b, 0x4c, 0xbb, 0x71, 0x37, 0x08, 0xe3, 0xa5, 0xd7, 0x60, 0x8c, 0x19, 0x97, 0x53, 0x57, 0xb7, 0xbb, 0xd2, 0xd5, 0x9d, 0xe5, 0x70, 0x8e, 0x95, 0xc2, 0x04, 0xdd, 0xe0, 0x8f, 0x9c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x46, 0x50, 0xec, 0x8c, 0x3a, 0x4f, 0x66, 0x3c, 0xb2, 0x5b, 0x3d, 0x25, 0xcf, 0x38, 0x17, 0xeb, 0x2c, 0x00, 0x48, 0xec, 0x2d, 0x4d, 0xaf, 0xb6, 0x3a, 0x38, 0x87, 0xc7, 0xdc, 0x3d, 0xe8, 0x3b}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xea, 0x40, 0xe4, 0x0b, 0x9f, 0x76, 0x77, 0xdb, 0x67, 0x2d, 0x4d, 0xa8, 0x28, 0x7e, 0x10, 0x7d, 0x47, 0xd1, 0x23, 0x88, 0x43, 0x04, 0xbd, 0x53, 0xf0, 0x9f, 0x7d, 0xbe, 0x71, 0x78, 0xa4, 0x55}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x12, 0xc3, 0xcc, 0x29, 0xc2, 0x9e, 0x90, 0xad, 0x1f, 0xd7, 0x4f, 0x7b, 0x8f, 0x27, 0xf2, 0x43, 0x61, 0xfc, 0xa3, 0x97, 0x97, 0xa6, 0xdd, 0x3a, 0x6a, 0x33, 0xde, 0x7e, 0x03, 0x01, 0xe2, 0x7e}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xeb, 0x83, 0xa5, 0xa8, 0xf4, 0xc3, 0x57, 0xd8, 0x6a, 0x55, 0x33, 0x85, 0x85, 0xa0, 0xcc, 0x57, 0x39, 0x7c, 0xed, 0x62, 0x94, 0xd0, 0xca, 0x9b, 0x8c, 0x2b, 0x83, 0x49, 0x94, 0xe1, 0x2b, 0x07}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x27, 0xdd, 0x41, 0x23, 0xc8, 0x61, 0x5b, 0x3d, 0x4c, 0x78, 0xb7, 0xa0, 0x6e, 0xf3, 0x06, 0x57, 0x11, 0xb3, 0x6f, 0xb9, 0x98, 0xcd, 0xe9, 0x2c, 0xa4, 0x46, 0x20, 0x36, 0x91, 0x95, 0xf3, 0x98}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x49, 0x04, 0x3b, 0x3d, 0xb7, 0x98, 0x27, 0x6d, 0xe7, 0x75, 0x57, 0x15, 0x3f, 0x03, 0x5c, 0x38, 0x4b, 0x74, 0x1a, 0x22, 0xde, 0x92, 0x3d, 0x0e, 0xf1, 0x77, 0x3d, 0x35, 0x58, 0x05, 0x2e, 0xdc}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa2, 0xb5, 0x35, 0xdb, 0x15, 0xe3, 0xb8, 0x8e, 0x9f, 0xce, 0x21, 0x5b, 0xde, 0x64, 0x2f, 0x18, 0xc3, 0x96, 0x47, 0xcd, 0x4a, 0xc3, 0x2b, 0xa1, 0x95, 0xa7, 0xd5, 0x4b, 0x0c, 0xe2, 0x1b, 0x8f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x4c, 0x69, 0x2a, 0xac, 0x03, 0x11, 0xde, 0x75, 0x6d, 0x97, 0x56, 0x81, 0xdf, 0x88, 0x81, 0xa7, 0x09, 0x65, 0xac, 0xc6, 0xcf, 0xc9, 0x64, 0xd0, 0x5f, 0x97, 0xa1, 0x4e, 0x5d, 0x0d, 0xfc, 0xdf}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x30, 0x93, 0x4a, 0xe6, 0xa8, 0x26, 0xc1, 0x75, 0xbc, 0x95, 0xa9, 0x99, 0x84, 0x14, 0xa1, 0x94, 0x94, 0x35, 0x1c, 0x2b, 0x5e, 0xdd, 0x5b, 0x68, 0xca, 0x52, 0x07, 0x25, 0x51, 0xff, 0x5a, 0x73}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x1c, 0xb0, 0xb3, 0x11, 0xec, 0x80, 0x41, 0xed, 0x44, 0x5f, 0x8e, 0x0e, 0x17, 0x22, 0xf0, 0x33, 0x53, 0xe6, 0x1f, 0x6d, 0x97, 0x8a, 0x5f, 0xdd, 0x44, 0xe9, 0x8c, 0x06, 0xcc, 0x5f, 0x73, 0x63}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0xc2, 0x76, 0x4c, 0x6f, 0x66, 0x46, 0x38, 0xef, 0xa9, 0xb6, 0xe2, 0xf0, 0x18, 0x9e, 0x4f, 0x05, 0x54, 0x15, 0xff, 0x4e, 0x81, 0x89, 0xd1, 0xcf, 0x52, 0x01, 0x35, 0x99, 0x89, 0x93, 0xb2, 0x5a}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xa8, 0x07, 0xe6, 0xe4, 0xa8, 0x00, 0x41, 0x71, 0xa7, 0x00, 0x42, 0x04, 0xcf, 0x06, 0x90, 0x93, 0x0c, 0xcc, 0x2f, 0xaf, 0x6a, 0x78, 0xcf, 0x4a, 0x62, 0xa7, 0x12, 0x2d, 0x7c, 0x8e, 0x61, 0xd4}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x17, 0x65, 0x66, 0xd5, 0xf7, 0x41, 0x57, 0x04, 0x72, 0x63, 0x01, 0xac, 0x7f, 0x60, 0x47, 0x46, 0x15, 0xa4, 0xcc, 0x14, 0x9b, 0x7c, 0xd6, 0x02, 0x46, 0x6a, 0x47, 0x17, 0x60, 0x49, 0x65, 0x73}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x53, 0xa9, 0x10, 0xe8, 0x9e, 0x73, 0xdd, 0xe2, 0x0d, 0x9e, 0xaf, 0xee, 0x78, 0xb8, 0xdc, 0x39, 0xc0, 0x3f, 0x2e, 0x1c, 0xeb, 0xd7, 0x02, 0xbe, 0x5d, 0xe1, 0xad, 0x1b, 0xb3, 0x09, 0x33, 0x75}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd6, 0x0d, 0xdc, 0x63, 0xab, 0x01, 0xa4, 0x0d, 0x9e, 0xca, 0xd1, 0x2e, 0xc2, 0x86, 0xcc, 0xc7, 0x37, 0x78, 0x5e, 0x85, 0xa9, 0x1a, 0xe0, 0xbb, 0xe7, 0x4f, 0xca, 0x62, 0x9a, 0x7a, 0x16, 0x5d}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x5f, 0xaf, 0xe8, 0x8f, 0xaf, 0xbd, 0x1c, 0x6d, 0xa0, 0xa3, 0xeb, 0x89, 0x48, 0x4a, 0x1d, 0xe4, 0xba, 0xf0, 0x41, 0xc3, 0x81, 0xd8, 0xef, 0xf8, 0x36, 0xe8, 0xf0, 0x2b, 0x78, 0x15, 0x88, 0xa8}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x2d, 0x2e, 0x99, 0xa4, 0x24, 0xd7, 0x52, 0x11, 0x20, 0x20, 0xee, 0x17, 0xec, 0x06, 0x45, 0x46, 0xfe, 0xe7, 0x0e, 0xa6, 0x44, 0x0a, 0x87, 0x65, 0xcc, 0x8e, 0xfa, 0x00, 0x25, 0x55, 0x1d, 0x3b}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xcf, 0x1f, 0x51, 0xed, 0x8a, 0x9f, 0x04, 0x10, 0x5a, 0x66, 0xb3, 0x3e, 0x24, 0x13, 0xe0, 0xd8, 0x7c, 0x1b, 0x82, 0x88, 0xbf, 0x7d, 0x54, 0x1f, 0x72, 0x97, 0xaa, 0x1a, 0xa7, 0x9f, 0x28, 0x63}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xaf, 0xef, 0xed, 0x66, 0x0a, 0xa3, 0x1e, 0x99, 0x00, 0x21, 0x6d, 0xbb, 0xfe, 0xe3, 0x51, 0x24, 0x0f, 0x04, 0x94, 0x8e, 0x84, 0x30, 0xf0, 0x12, 0xf0, 0xe9, 0x94, 0x57, 0x60, 0x13, 0xbb, 0x65}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0x60, 0x92, 0x94, 0xc8, 0x36, 0x50, 0x3e, 0xf1, 0x5a, 0x20, 0xf2, 0x34, 0x9a, 0x33, 0x55, 0x4d, 0x84, 0x5e, 0x03, 0x0f, 0x9b, 0x24, 0x8a, 0xaa, 0x7c, 0x6d, 0x7e, 0xbe, 0x83, 0x81, 0xc2, 0x87}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xa7, 0x5f, 0x75, 0x44, 0x26, 0xba, 0x66, 0x22, 0x9c, 0x3c, 0x2e, 0x7e, 0x54, 0x89, 0x8a, 0x3a, 0x09, 0x52, 0x17, 0xf5, 0x8e, 0xf6, 0xfb, 0x51, 0x98, 0x85, 0x06, 0x8f, 0x66, 0xa5, 0xfa, 0x6b}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x7d, 0x3d, 0x90, 0xd1, 0xe2, 0xc3, 0xfe, 0x28, 0x28, 0xe4, 0xd4, 0x33, 0x4a, 0x48, 0xa9, 0x9a, 0xfc, 0x43, 0x48, 0x0e, 0x2c, 0xaa, 0xf5, 0xed, 0x9d, 0xc1, 0x82, 0x53, 0x23, 0x0a, 0xf3, 0xe2}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0x7e, 0x57, 0x76, 0xb0, 0x7b, 0x04, 0xa2, 0x38, 0x50, 0x00, 0x37, 0x2b, 0x81, 0x42, 0x06, 0x96, 0xcb, 0x94, 0xa2, 0x8a, 0x03, 0x14, 0x6d, 0xab, 0xed, 0x66, 0x99, 0x2c, 0x3f, 0x25, 0xa4, 0x54}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x27, 0x47, 0x4b, 0xda, 0x75, 0x97, 0x99, 0xfb, 0x92, 0x8c, 0x7d, 0x47, 0x5b, 0x93, 0x89, 0xc7, 0xaf, 0x32, 0x28, 0x72, 0x71, 0x7d, 0x6b, 0x01, 0x15, 0xe9, 0x19, 0x4a, 0x4f, 0x91, 0x88, 0xd9}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x76, 0x37, 0xcb, 0x54, 0x28, 0xe6, 0x97, 0xc8, 0x86, 0x4b, 0x42, 0x1d, 0x1e, 0xf3, 0x99, 0xba, 0x4e, 0xb2, 0x4e, 0x13, 0x3b, 0xf3, 0xbd, 0xb8, 0x77, 0x7a, 0x42, 0x1b, 0x1d, 0x45, 0x80, 0x1a}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0x09, 0x89, 0x47, 0x43, 0x43, 0x49, 0x42, 0x7f, 0x36, 0xa1, 0xf0, 0x69, 0x1b, 0xd1, 0x29, 0xb3, 0x94, 0xac, 0x60, 0x86, 0x00, 0xed, 0x7c, 0x7f, 0xab, 0x6c, 0xfd, 0xf5, 0xae, 0x74, 0x6a, 0xee}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x0f, 0xdb, 0x94, 0x49, 0x9a, 0xc1, 0x3b, 0x63, 0x63, 0x17, 0x88, 0x0f, 0x8d, 0x9b, 0x2a, 0x3b, 0xf0, 0x5d, 0xc1, 0xf8, 0x0f, 0xe2, 0xaa, 0x15, 0x8c, 0x92, 0x6c, 0x11, 0x94, 0xd8, 0x5f, 0x09}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x6a, 0x11, 0x0d, 0x89, 0x6d, 0x18, 0x43, 0xbe, 0x63, 0x48, 0x48, 0x64, 0xd9, 0x70, 0x33, 0x25, 0x7a, 0x5f, 0x30, 0xb1, 0xf0, 0x7a, 0x56, 0x12, 0xd2, 0xd7, 0x28, 0x77, 0x8f, 0x68, 0x56, 0x9a}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index ac6463495..724f60d3d 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.17.0-pre.0.20240604165450-66a5d6a5d373" + defaultImage = "ref/main/stream/nightly/v2.17.0-pre.0.20240606102551-9c2aef88ba13" ) From 94cf85c65aeeca75ce17a47b9c9f1f3403184b01 Mon Sep 17 00:00:00 2001 From: miampf Date: Fri, 7 Jun 2024 13:37:06 +0200 Subject: [PATCH 059/380] fix: let `artifact_upload` fail if a bash command errors (#3154) --- .github/actions/artifact_upload/action.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/actions/artifact_upload/action.yml b/.github/actions/artifact_upload/action.yml index f2e637dc1..a41b62de0 100644 --- a/.github/actions/artifact_upload/action.yml +++ b/.github/actions/artifact_upload/action.yml @@ -36,6 +36,7 @@ runs: - name: Create archive shell: bash run: | + set -euo pipefail shopt -s extglob paths="${{ inputs.path }}" paths=${paths%$'\n'} # Remove trailing newline @@ -61,9 +62,9 @@ runs: do if compgen -G "${target}" > /dev/null then - pushd "$(dirname "${target}")" || exit 1 + pushd "$(dirname "${target}")" 7zz a -p'${{ inputs.encryptionSecret }}' -bso0 -bsp0 -t7z -ms=on -mhe=on "${{ steps.tempdir.outputs.directory }}/archive.7z" "$(basename "${target}")" - popd || exit 1 + popd fi done From 7d4e7eff65b00d2d65649180ede1addcea51e6cf Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Fri, 7 Jun 2024 13:56:10 +0200 Subject: [PATCH 060/380] docs: adjust MAA updating (#3152) * docs: adjust MAA updating * versioned-docs: backport fix --- docs/docs/getting-started/install.md | 6 ++---- docs/docs/workflows/create.md | 2 +- docs/versioned_docs/version-2.10/getting-started/install.md | 6 ++---- docs/versioned_docs/version-2.11/getting-started/install.md | 4 +--- docs/versioned_docs/version-2.12/getting-started/install.md | 6 ++---- docs/versioned_docs/version-2.13/getting-started/install.md | 6 ++---- docs/versioned_docs/version-2.13/workflows/create.md | 2 +- docs/versioned_docs/version-2.14/getting-started/install.md | 6 ++---- docs/versioned_docs/version-2.14/workflows/create.md | 2 +- docs/versioned_docs/version-2.15/getting-started/install.md | 6 ++---- docs/versioned_docs/version-2.15/workflows/create.md | 2 +- docs/versioned_docs/version-2.16/getting-started/install.md | 6 ++---- docs/versioned_docs/version-2.16/workflows/create.md | 2 +- docs/versioned_docs/version-2.7/getting-started/install.md | 6 ++---- docs/versioned_docs/version-2.8/getting-started/install.md | 6 ++---- docs/versioned_docs/version-2.9/getting-started/install.md | 6 ++---- 16 files changed, 26 insertions(+), 48 deletions(-) diff --git a/docs/docs/getting-started/install.md b/docs/docs/getting-started/install.md index 99a8933e3..4ebd9351a 100644 --- a/docs/docs/getting-started/install.md +++ b/docs/docs/getting-started/install.md @@ -188,7 +188,7 @@ Follow Amazon's guide on [understanding](https://docs.aws.amazon.com/IAM/latest/ The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription: -* `Microsoft.Attestation` \[2] +* `Microsoft.Attestation` * `Microsoft.Compute` * `Microsoft.Insights` * `Microsoft.ManagedIdentity` @@ -208,7 +208,7 @@ The built-in `Owner` role is a superset of these permissions. To [create a Constellation cluster](../workflows/create.md), you need the following permissions: -* `Microsoft.Attestation/attestationProviders/*` \[2] +* `Microsoft.Attestation/attestationProviders/*` * `Microsoft.Compute/virtualMachineScaleSets/*` * `Microsoft.Insights/components/*` * `Microsoft.ManagedIdentity/userAssignedIdentities/*` @@ -226,8 +226,6 @@ Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/az 1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration. -2: You can omit `Microsoft.Attestation/attestationProviders/*` and the registration of `Microsoft.Attestation` if `EnforceIDKeyDigest` isn't set to `MAAFallback` in the [config file](../workflows/config.md#configure-your-cluster). - diff --git a/docs/docs/workflows/create.md b/docs/docs/workflows/create.md index 54bc9dcbc..06a869953 100644 --- a/docs/docs/workflows/create.md +++ b/docs/docs/workflows/create.md @@ -56,7 +56,7 @@ management tooling of your choice. You need to keep the essential functionality :::info - On Azure, if the enforcement policy is set to `MAAFallback` in `constellation-config.yaml`, a manual update to the MAA provider's policy is necessary. + On Azure, a manual update to the MAA provider's policy is necessary. You can apply the update with the following command after creating the infrastructure, with `` being the URL of the MAA provider (i.e., `$(terraform output attestation_url | jq -r)`, when using the minimal Terraform configuration). ```bash diff --git a/docs/versioned_docs/version-2.10/getting-started/install.md b/docs/versioned_docs/version-2.10/getting-started/install.md index da0c0a14b..1a90b6513 100644 --- a/docs/versioned_docs/version-2.10/getting-started/install.md +++ b/docs/versioned_docs/version-2.10/getting-started/install.md @@ -109,7 +109,7 @@ If you don't have a cloud subscription, you can also set up a [local Constellati The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription: -* `Microsoft.Attestation` \[2] +* `Microsoft.Attestation` * `Microsoft.Compute` * `Microsoft.Insights` * `Microsoft.ManagedIdentity` @@ -127,7 +127,7 @@ To [create the IAM configuration](../workflows/config.md#creating-an-iam-configu The built-in `Owner` role is a superset of these permissions. To [create a Constellation cluster](../workflows/create.md#the-create-step), you need the following permissions: -* `Microsoft.Attestation/attestationProviders/*` \[2] +* `Microsoft.Attestation/attestationProviders/*` * `Microsoft.Compute/virtualMachineScaleSets/*` * `Microsoft.Insights/components/*` * `Microsoft.ManagedIdentity/userAssignedIdentities/*` @@ -145,8 +145,6 @@ Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/az 1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration. -2: You can omit `Microsoft.Attestation/attestationProviders/*` and the registration of `Microsoft.Attestation` if `EnforceIDKeyDigest` isn't set to `MAAFallback` in the [config file](../workflows/config.md#configure-your-cluster). - diff --git a/docs/versioned_docs/version-2.11/getting-started/install.md b/docs/versioned_docs/version-2.11/getting-started/install.md index da0c0a14b..6a3acaea9 100644 --- a/docs/versioned_docs/version-2.11/getting-started/install.md +++ b/docs/versioned_docs/version-2.11/getting-started/install.md @@ -127,7 +127,7 @@ To [create the IAM configuration](../workflows/config.md#creating-an-iam-configu The built-in `Owner` role is a superset of these permissions. To [create a Constellation cluster](../workflows/create.md#the-create-step), you need the following permissions: -* `Microsoft.Attestation/attestationProviders/*` \[2] +* `Microsoft.Attestation/attestationProviders/*` * `Microsoft.Compute/virtualMachineScaleSets/*` * `Microsoft.Insights/components/*` * `Microsoft.ManagedIdentity/userAssignedIdentities/*` @@ -145,8 +145,6 @@ Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/az 1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration. -2: You can omit `Microsoft.Attestation/attestationProviders/*` and the registration of `Microsoft.Attestation` if `EnforceIDKeyDigest` isn't set to `MAAFallback` in the [config file](../workflows/config.md#configure-your-cluster). - diff --git a/docs/versioned_docs/version-2.12/getting-started/install.md b/docs/versioned_docs/version-2.12/getting-started/install.md index a1dc93cde..035f679b2 100644 --- a/docs/versioned_docs/version-2.12/getting-started/install.md +++ b/docs/versioned_docs/version-2.12/getting-started/install.md @@ -109,7 +109,7 @@ If you don't have a cloud subscription, you can also set up a [local Constellati The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription: -* `Microsoft.Attestation` \[2] +* `Microsoft.Attestation` * `Microsoft.Compute` * `Microsoft.Insights` * `Microsoft.ManagedIdentity` @@ -127,7 +127,7 @@ To [create the IAM configuration](../workflows/config.md#creating-an-iam-configu The built-in `Owner` role is a superset of these permissions. To [create a Constellation cluster](../workflows/create.md#the-create-step), you need the following permissions: -* `Microsoft.Attestation/attestationProviders/*` \[2] +* `Microsoft.Attestation/attestationProviders/*` * `Microsoft.Compute/virtualMachineScaleSets/*` * `Microsoft.Insights/components/*` * `Microsoft.ManagedIdentity/userAssignedIdentities/*` @@ -145,8 +145,6 @@ Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/az 1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration. -2: You can omit `Microsoft.Attestation/attestationProviders/*` and the registration of `Microsoft.Attestation` if `EnforceIDKeyDigest` isn't set to `MAAFallback` in the [config file](../workflows/config.md#configure-your-cluster). - diff --git a/docs/versioned_docs/version-2.13/getting-started/install.md b/docs/versioned_docs/version-2.13/getting-started/install.md index a1dc93cde..035f679b2 100644 --- a/docs/versioned_docs/version-2.13/getting-started/install.md +++ b/docs/versioned_docs/version-2.13/getting-started/install.md @@ -109,7 +109,7 @@ If you don't have a cloud subscription, you can also set up a [local Constellati The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription: -* `Microsoft.Attestation` \[2] +* `Microsoft.Attestation` * `Microsoft.Compute` * `Microsoft.Insights` * `Microsoft.ManagedIdentity` @@ -127,7 +127,7 @@ To [create the IAM configuration](../workflows/config.md#creating-an-iam-configu The built-in `Owner` role is a superset of these permissions. To [create a Constellation cluster](../workflows/create.md#the-create-step), you need the following permissions: -* `Microsoft.Attestation/attestationProviders/*` \[2] +* `Microsoft.Attestation/attestationProviders/*` * `Microsoft.Compute/virtualMachineScaleSets/*` * `Microsoft.Insights/components/*` * `Microsoft.ManagedIdentity/userAssignedIdentities/*` @@ -145,8 +145,6 @@ Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/az 1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration. -2: You can omit `Microsoft.Attestation/attestationProviders/*` and the registration of `Microsoft.Attestation` if `EnforceIDKeyDigest` isn't set to `MAAFallback` in the [config file](../workflows/config.md#configure-your-cluster). - diff --git a/docs/versioned_docs/version-2.13/workflows/create.md b/docs/versioned_docs/version-2.13/workflows/create.md index 605413cac..80ed3d3c6 100644 --- a/docs/versioned_docs/version-2.13/workflows/create.md +++ b/docs/versioned_docs/version-2.13/workflows/create.md @@ -55,7 +55,7 @@ management tooling of your choice. You need to keep the essential functionality :::info - On Azure, if the enforcement policy is set to `MAAFallback` in `constellation-config.yaml`, a manual update to the MAA provider's policy is necessary. + On Azure, a manual update to the MAA provider's policy is necessary. You can apply the update with the following command after creating the infrastructure, with `` being the URL of the MAA provider (i.e., `$(terraform output attestationURL | jq -r)`, when using the minimal Terraform configuration). ```bash diff --git a/docs/versioned_docs/version-2.14/getting-started/install.md b/docs/versioned_docs/version-2.14/getting-started/install.md index 01f9178ca..e74a45741 100644 --- a/docs/versioned_docs/version-2.14/getting-started/install.md +++ b/docs/versioned_docs/version-2.14/getting-started/install.md @@ -114,7 +114,7 @@ If you don't have a cloud subscription, you can also set up a [local Constellati The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription: -* `Microsoft.Attestation` \[2] +* `Microsoft.Attestation` * `Microsoft.Compute` * `Microsoft.Insights` * `Microsoft.ManagedIdentity` @@ -134,7 +134,7 @@ The built-in `Owner` role is a superset of these permissions. To [create a Constellation cluster](../workflows/create.md), you need the following permissions: -* `Microsoft.Attestation/attestationProviders/*` \[2] +* `Microsoft.Attestation/attestationProviders/*` * `Microsoft.Compute/virtualMachineScaleSets/*` * `Microsoft.Insights/components/*` * `Microsoft.ManagedIdentity/userAssignedIdentities/*` @@ -152,8 +152,6 @@ Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/az 1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration. -2: You can omit `Microsoft.Attestation/attestationProviders/*` and the registration of `Microsoft.Attestation` if `EnforceIDKeyDigest` isn't set to `MAAFallback` in the [config file](../workflows/config.md#configure-your-cluster). - diff --git a/docs/versioned_docs/version-2.14/workflows/create.md b/docs/versioned_docs/version-2.14/workflows/create.md index 54bc9dcbc..06a869953 100644 --- a/docs/versioned_docs/version-2.14/workflows/create.md +++ b/docs/versioned_docs/version-2.14/workflows/create.md @@ -56,7 +56,7 @@ management tooling of your choice. You need to keep the essential functionality :::info - On Azure, if the enforcement policy is set to `MAAFallback` in `constellation-config.yaml`, a manual update to the MAA provider's policy is necessary. + On Azure, a manual update to the MAA provider's policy is necessary. You can apply the update with the following command after creating the infrastructure, with `` being the URL of the MAA provider (i.e., `$(terraform output attestation_url | jq -r)`, when using the minimal Terraform configuration). ```bash diff --git a/docs/versioned_docs/version-2.15/getting-started/install.md b/docs/versioned_docs/version-2.15/getting-started/install.md index 01f9178ca..e74a45741 100644 --- a/docs/versioned_docs/version-2.15/getting-started/install.md +++ b/docs/versioned_docs/version-2.15/getting-started/install.md @@ -114,7 +114,7 @@ If you don't have a cloud subscription, you can also set up a [local Constellati The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription: -* `Microsoft.Attestation` \[2] +* `Microsoft.Attestation` * `Microsoft.Compute` * `Microsoft.Insights` * `Microsoft.ManagedIdentity` @@ -134,7 +134,7 @@ The built-in `Owner` role is a superset of these permissions. To [create a Constellation cluster](../workflows/create.md), you need the following permissions: -* `Microsoft.Attestation/attestationProviders/*` \[2] +* `Microsoft.Attestation/attestationProviders/*` * `Microsoft.Compute/virtualMachineScaleSets/*` * `Microsoft.Insights/components/*` * `Microsoft.ManagedIdentity/userAssignedIdentities/*` @@ -152,8 +152,6 @@ Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/az 1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration. -2: You can omit `Microsoft.Attestation/attestationProviders/*` and the registration of `Microsoft.Attestation` if `EnforceIDKeyDigest` isn't set to `MAAFallback` in the [config file](../workflows/config.md#configure-your-cluster). - diff --git a/docs/versioned_docs/version-2.15/workflows/create.md b/docs/versioned_docs/version-2.15/workflows/create.md index 54bc9dcbc..06a869953 100644 --- a/docs/versioned_docs/version-2.15/workflows/create.md +++ b/docs/versioned_docs/version-2.15/workflows/create.md @@ -56,7 +56,7 @@ management tooling of your choice. You need to keep the essential functionality :::info - On Azure, if the enforcement policy is set to `MAAFallback` in `constellation-config.yaml`, a manual update to the MAA provider's policy is necessary. + On Azure, a manual update to the MAA provider's policy is necessary. You can apply the update with the following command after creating the infrastructure, with `` being the URL of the MAA provider (i.e., `$(terraform output attestation_url | jq -r)`, when using the minimal Terraform configuration). ```bash diff --git a/docs/versioned_docs/version-2.16/getting-started/install.md b/docs/versioned_docs/version-2.16/getting-started/install.md index 99a8933e3..4ebd9351a 100644 --- a/docs/versioned_docs/version-2.16/getting-started/install.md +++ b/docs/versioned_docs/version-2.16/getting-started/install.md @@ -188,7 +188,7 @@ Follow Amazon's guide on [understanding](https://docs.aws.amazon.com/IAM/latest/ The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription: -* `Microsoft.Attestation` \[2] +* `Microsoft.Attestation` * `Microsoft.Compute` * `Microsoft.Insights` * `Microsoft.ManagedIdentity` @@ -208,7 +208,7 @@ The built-in `Owner` role is a superset of these permissions. To [create a Constellation cluster](../workflows/create.md), you need the following permissions: -* `Microsoft.Attestation/attestationProviders/*` \[2] +* `Microsoft.Attestation/attestationProviders/*` * `Microsoft.Compute/virtualMachineScaleSets/*` * `Microsoft.Insights/components/*` * `Microsoft.ManagedIdentity/userAssignedIdentities/*` @@ -226,8 +226,6 @@ Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/az 1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration. -2: You can omit `Microsoft.Attestation/attestationProviders/*` and the registration of `Microsoft.Attestation` if `EnforceIDKeyDigest` isn't set to `MAAFallback` in the [config file](../workflows/config.md#configure-your-cluster). - diff --git a/docs/versioned_docs/version-2.16/workflows/create.md b/docs/versioned_docs/version-2.16/workflows/create.md index 54bc9dcbc..06a869953 100644 --- a/docs/versioned_docs/version-2.16/workflows/create.md +++ b/docs/versioned_docs/version-2.16/workflows/create.md @@ -56,7 +56,7 @@ management tooling of your choice. You need to keep the essential functionality :::info - On Azure, if the enforcement policy is set to `MAAFallback` in `constellation-config.yaml`, a manual update to the MAA provider's policy is necessary. + On Azure, a manual update to the MAA provider's policy is necessary. You can apply the update with the following command after creating the infrastructure, with `` being the URL of the MAA provider (i.e., `$(terraform output attestation_url | jq -r)`, when using the minimal Terraform configuration). ```bash diff --git a/docs/versioned_docs/version-2.7/getting-started/install.md b/docs/versioned_docs/version-2.7/getting-started/install.md index 5975008a2..d0b60441e 100644 --- a/docs/versioned_docs/version-2.7/getting-started/install.md +++ b/docs/versioned_docs/version-2.7/getting-started/install.md @@ -109,7 +109,7 @@ If you don't have a cloud subscription, you can try [MiniConstellation](first-st The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription: -* `Microsoft.Attestation` \[2] +* `Microsoft.Attestation` * `Microsoft.Compute` * `Microsoft.Insights` * `Microsoft.ManagedIdentity` @@ -127,7 +127,7 @@ To [create the IAM configuration](../workflows/config.md#creating-an-iam-configu The built-in `Owner` role is a superset of these permissions. To [create a Constellation cluster](../workflows/create.md#the-create-step), you need the following permissions: -* `Microsoft.Attestation/attestationProviders/*` \[2] +* `Microsoft.Attestation/attestationProviders/*` * `Microsoft.Compute/virtualMachineScaleSets/*` * `Microsoft.Insights/components/*` * `Microsoft.ManagedIdentity/userAssignedIdentities/*` @@ -144,8 +144,6 @@ Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/az 1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration. -2: You can omit `Microsoft.Attestation/attestationProviders/*` and the registration of `Microsoft.Attestation` if `EnforceIDKeyDigest` isn't set to `MAAFallback` in the [config file](../workflows/config.md#configure-your-cluster). - diff --git a/docs/versioned_docs/version-2.8/getting-started/install.md b/docs/versioned_docs/version-2.8/getting-started/install.md index 0575192af..11167c34c 100644 --- a/docs/versioned_docs/version-2.8/getting-started/install.md +++ b/docs/versioned_docs/version-2.8/getting-started/install.md @@ -109,7 +109,7 @@ If you don't have a cloud subscription, you can also set up a [local Constellati The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription: -* `Microsoft.Attestation` \[2] +* `Microsoft.Attestation` * `Microsoft.Compute` * `Microsoft.Insights` * `Microsoft.ManagedIdentity` @@ -127,7 +127,7 @@ To [create the IAM configuration](../workflows/config.md#creating-an-iam-configu The built-in `Owner` role is a superset of these permissions. To [create a Constellation cluster](../workflows/create.md#the-create-step), you need the following permissions: -* `Microsoft.Attestation/attestationProviders/*` \[2] +* `Microsoft.Attestation/attestationProviders/*` * `Microsoft.Compute/virtualMachineScaleSets/*` * `Microsoft.Insights/components/*` * `Microsoft.ManagedIdentity/userAssignedIdentities/*` @@ -145,8 +145,6 @@ Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/az 1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration. -2: You can omit `Microsoft.Attestation/attestationProviders/*` and the registration of `Microsoft.Attestation` if `EnforceIDKeyDigest` isn't set to `MAAFallback` in the [config file](../workflows/config.md#configure-your-cluster). - diff --git a/docs/versioned_docs/version-2.9/getting-started/install.md b/docs/versioned_docs/version-2.9/getting-started/install.md index 0575192af..11167c34c 100644 --- a/docs/versioned_docs/version-2.9/getting-started/install.md +++ b/docs/versioned_docs/version-2.9/getting-started/install.md @@ -109,7 +109,7 @@ If you don't have a cloud subscription, you can also set up a [local Constellati The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription: -* `Microsoft.Attestation` \[2] +* `Microsoft.Attestation` * `Microsoft.Compute` * `Microsoft.Insights` * `Microsoft.ManagedIdentity` @@ -127,7 +127,7 @@ To [create the IAM configuration](../workflows/config.md#creating-an-iam-configu The built-in `Owner` role is a superset of these permissions. To [create a Constellation cluster](../workflows/create.md#the-create-step), you need the following permissions: -* `Microsoft.Attestation/attestationProviders/*` \[2] +* `Microsoft.Attestation/attestationProviders/*` * `Microsoft.Compute/virtualMachineScaleSets/*` * `Microsoft.Insights/components/*` * `Microsoft.ManagedIdentity/userAssignedIdentities/*` @@ -145,8 +145,6 @@ Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/az 1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration. -2: You can omit `Microsoft.Attestation/attestationProviders/*` and the registration of `Microsoft.Attestation` if `EnforceIDKeyDigest` isn't set to `MAAFallback` in the [config file](../workflows/config.md#configure-your-cluster). - From 095a66fb83d1ad5d8794bc50715ea4be953336f5 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Fri, 7 Jun 2024 15:18:34 +0200 Subject: [PATCH 061/380] cli: return a more helpful error message on MAA patch failure (#3153) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * cli: return a more helpful error message on maa patch failure * Update internal/maa/patch.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> --------- Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> --- internal/maa/patch.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/internal/maa/patch.go b/internal/maa/patch.go index 5dfed9435..d9ac35b4c 100644 --- a/internal/maa/patch.go +++ b/internal/maa/patch.go @@ -9,6 +9,7 @@ import ( "context" "encoding/base64" "fmt" + "io" "net/http" "github.com/Azure/azure-sdk-for-go/profiles/latest/attestation/attestation" @@ -55,10 +56,11 @@ func (p AzurePolicyPatcher) Patch(ctx context.Context, attestationURL string) er if err != nil { return fmt.Errorf("sending request: %w", err) } - resp.Body.Close() + defer resp.Body.Close() if resp.StatusCode != http.StatusOK { - return fmt.Errorf("updating attestation policy: unexpected status code: %s", resp.Status) + body, _ := io.ReadAll(resp.Body) + return fmt.Errorf("updating attestation policy: unexpected status code: %s: %s", resp.Status, string(body)) } return nil From 32588339f345dd02b26dd9e85fa27b382257dad6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Fri, 7 Jun 2024 15:46:37 +0200 Subject: [PATCH 062/380] cdbg: better error reporting on `deploy` failure (#3155) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Don't report `UPLOAD_FILES_START_FAILED` as unknown error * Return error to `cdbg` if present --------- Signed-off-by: Daniel Weiße --- debugd/internal/cdbg/cmd/deploy.go | 4 +- debugd/internal/debugd/server/server.go | 2 + debugd/service/debugd.pb.go | 143 +++++++++++++----------- debugd/service/debugd.proto | 1 + 4 files changed, 82 insertions(+), 68 deletions(-) diff --git a/debugd/internal/cdbg/cmd/deploy.go b/debugd/internal/cdbg/cmd/deploy.go index 95c3d147e..3afd363cb 100644 --- a/debugd/internal/cdbg/cmd/deploy.go +++ b/debugd/internal/cdbg/cmd/deploy.go @@ -271,9 +271,11 @@ func uploadFiles(ctx context.Context, client pb.DebugdClient, in deployOnEndpoin case pb.UploadFilesStatus_UPLOAD_FILES_ALREADY_FINISHED: in.log.Info("Files already uploaded") case pb.UploadFilesStatus_UPLOAD_FILES_UPLOAD_FAILED: - return fmt.Errorf("uploading files to %v failed: %v", in.debugdEndpoint, uploadResponse) + return fmt.Errorf("uploading files to %v failed: %s: %s", in.debugdEndpoint, uploadResponse.Status, uploadResponse.Error) case pb.UploadFilesStatus_UPLOAD_FILES_ALREADY_STARTED: return fmt.Errorf("upload already started on %v", in.debugdEndpoint) + case pb.UploadFilesStatus_UPLOAD_FILES_START_FAILED: + return fmt.Errorf("overriding service units failed on %v: %s: %s", in.debugdEndpoint, uploadResponse.Status, uploadResponse.Error) default: return fmt.Errorf("unknown upload status %v", uploadResponse.Status) } diff --git a/debugd/internal/debugd/server/server.go b/debugd/internal/debugd/server/server.go index aeae7c4a1..a644e7c9d 100644 --- a/debugd/internal/debugd/server/server.go +++ b/debugd/internal/debugd/server/server.go @@ -106,6 +106,7 @@ func (s *debugdServer) UploadFiles(stream pb.Debugd_UploadFilesServer) error { s.log.With(slog.Any("error", err)).Error("Uploading files failed") return stream.SendAndClose(&pb.UploadFilesResponse{ Status: pb.UploadFilesStatus_UPLOAD_FILES_UPLOAD_FAILED, + Error: err.Error(), }) } @@ -124,6 +125,7 @@ func (s *debugdServer) UploadFiles(stream pb.Debugd_UploadFilesServer) error { s.log.With(slog.Any("error", overrideUnitErr)).Error("Overriding service units failed") return stream.SendAndClose(&pb.UploadFilesResponse{ Status: pb.UploadFilesStatus_UPLOAD_FILES_START_FAILED, + Error: overrideUnitErr.Error(), }) } return stream.SendAndClose(&pb.UploadFilesResponse{ diff --git a/debugd/service/debugd.pb.go b/debugd/service/debugd.pb.go index e32f17aa2..fe9387da4 100644 --- a/debugd/service/debugd.pb.go +++ b/debugd/service/debugd.pb.go @@ -648,6 +648,7 @@ type UploadFilesResponse struct { unknownFields protoimpl.UnknownFields Status UploadFilesStatus `protobuf:"varint,1,opt,name=status,proto3,enum=debugd.UploadFilesStatus" json:"status,omitempty"` + Error string `protobuf:"bytes,2,opt,name=error,proto3" json:"error,omitempty"` } func (x *UploadFilesResponse) Reset() { @@ -689,6 +690,13 @@ func (x *UploadFilesResponse) GetStatus() UploadFilesStatus { return UploadFilesStatus_UPLOAD_FILES_SUCCESS } +func (x *UploadFilesResponse) GetError() string { + if x != nil { + return x.Error + } + return "" +} + type ServiceUnit struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -880,79 +888,80 @@ var file_debugd_service_debugd_proto_rawDesc = []byte{ 0x22, 0x35, 0x0a, 0x05, 0x43, 0x68, 0x75, 0x6e, 0x6b, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6c, 0x61, 0x73, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x08, 0x52, 0x04, 0x6c, 0x61, 0x73, 0x74, 0x22, 0x48, 0x0a, 0x13, 0x55, 0x70, 0x6c, 0x6f, 0x61, + 0x08, 0x52, 0x04, 0x6c, 0x61, 0x73, 0x74, 0x22, 0x5e, 0x0a, 0x13, 0x55, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x31, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x19, 0x2e, 0x64, 0x65, 0x62, 0x75, 0x67, 0x64, 0x2e, 0x55, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, - 0x73, 0x22, 0x3d, 0x0a, 0x0b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x55, 0x6e, 0x69, 0x74, - 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, - 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, - 0x22, 0x4d, 0x0a, 0x20, 0x55, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, - 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x55, 0x6e, 0x69, 0x74, 0x73, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x12, 0x29, 0x0a, 0x05, 0x75, 0x6e, 0x69, 0x74, 0x73, 0x18, 0x01, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x64, 0x65, 0x62, 0x75, 0x67, 0x64, 0x2e, 0x53, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x55, 0x6e, 0x69, 0x74, 0x52, 0x05, 0x75, 0x6e, 0x69, 0x74, 0x73, 0x22, - 0x64, 0x0a, 0x21, 0x55, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x64, - 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x55, 0x6e, 0x69, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3f, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x0e, 0x32, 0x27, 0x2e, 0x64, 0x65, 0x62, 0x75, 0x67, 0x64, 0x2e, 0x55, 0x70, - 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x55, 0x6e, 0x69, 0x74, 0x73, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x73, - 0x74, 0x61, 0x74, 0x75, 0x73, 0x2a, 0x3f, 0x0a, 0x0d, 0x53, 0x65, 0x74, 0x49, 0x6e, 0x66, 0x6f, - 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x14, 0x0a, 0x10, 0x53, 0x45, 0x54, 0x5f, 0x49, 0x4e, - 0x46, 0x4f, 0x5f, 0x53, 0x55, 0x43, 0x43, 0x45, 0x53, 0x53, 0x10, 0x00, 0x12, 0x18, 0x0a, 0x14, - 0x53, 0x45, 0x54, 0x5f, 0x49, 0x4e, 0x46, 0x4f, 0x5f, 0x41, 0x4c, 0x52, 0x45, 0x41, 0x44, 0x59, - 0x5f, 0x53, 0x45, 0x54, 0x10, 0x01, 0x2a, 0xb1, 0x01, 0x0a, 0x11, 0x55, 0x70, 0x6c, 0x6f, 0x61, - 0x64, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x18, 0x0a, 0x14, - 0x55, 0x50, 0x4c, 0x4f, 0x41, 0x44, 0x5f, 0x46, 0x49, 0x4c, 0x45, 0x53, 0x5f, 0x53, 0x55, 0x43, - 0x43, 0x45, 0x53, 0x53, 0x10, 0x00, 0x12, 0x1e, 0x0a, 0x1a, 0x55, 0x50, 0x4c, 0x4f, 0x41, 0x44, - 0x5f, 0x46, 0x49, 0x4c, 0x45, 0x53, 0x5f, 0x55, 0x50, 0x4c, 0x4f, 0x41, 0x44, 0x5f, 0x46, 0x41, - 0x49, 0x4c, 0x45, 0x44, 0x10, 0x01, 0x12, 0x20, 0x0a, 0x1c, 0x55, 0x50, 0x4c, 0x4f, 0x41, 0x44, - 0x5f, 0x46, 0x49, 0x4c, 0x45, 0x53, 0x5f, 0x41, 0x4c, 0x52, 0x45, 0x41, 0x44, 0x59, 0x5f, 0x53, - 0x54, 0x41, 0x52, 0x54, 0x45, 0x44, 0x10, 0x02, 0x12, 0x21, 0x0a, 0x1d, 0x55, 0x50, 0x4c, 0x4f, - 0x41, 0x44, 0x5f, 0x46, 0x49, 0x4c, 0x45, 0x53, 0x5f, 0x41, 0x4c, 0x52, 0x45, 0x41, 0x44, 0x59, - 0x5f, 0x46, 0x49, 0x4e, 0x49, 0x53, 0x48, 0x45, 0x44, 0x10, 0x03, 0x12, 0x1d, 0x0a, 0x19, 0x55, - 0x50, 0x4c, 0x4f, 0x41, 0x44, 0x5f, 0x46, 0x49, 0x4c, 0x45, 0x53, 0x5f, 0x53, 0x54, 0x41, 0x52, - 0x54, 0x5f, 0x46, 0x41, 0x49, 0x4c, 0x45, 0x44, 0x10, 0x04, 0x2a, 0x75, 0x0a, 0x1f, 0x55, 0x70, - 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x55, 0x6e, 0x69, 0x74, 0x73, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x28, 0x0a, + 0x73, 0x12, 0x14, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x22, 0x3d, 0x0a, 0x0b, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x55, 0x6e, 0x69, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x63, 0x6f, + 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x63, 0x6f, + 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, 0x22, 0x4d, 0x0a, 0x20, 0x55, 0x70, 0x6c, 0x6f, 0x61, 0x64, + 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x55, 0x6e, + 0x69, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x29, 0x0a, 0x05, 0x75, 0x6e, + 0x69, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x64, 0x65, 0x62, 0x75, + 0x67, 0x64, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x55, 0x6e, 0x69, 0x74, 0x52, 0x05, + 0x75, 0x6e, 0x69, 0x74, 0x73, 0x22, 0x64, 0x0a, 0x21, 0x55, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x53, + 0x79, 0x73, 0x74, 0x65, 0x6d, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x55, 0x6e, 0x69, + 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3f, 0x0a, 0x06, 0x73, 0x74, + 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x27, 0x2e, 0x64, 0x65, 0x62, + 0x75, 0x67, 0x64, 0x2e, 0x55, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, + 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x55, 0x6e, 0x69, 0x74, 0x73, 0x53, 0x74, 0x61, + 0x74, 0x75, 0x73, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2a, 0x3f, 0x0a, 0x0d, 0x53, + 0x65, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x14, 0x0a, 0x10, + 0x53, 0x45, 0x54, 0x5f, 0x49, 0x4e, 0x46, 0x4f, 0x5f, 0x53, 0x55, 0x43, 0x43, 0x45, 0x53, 0x53, + 0x10, 0x00, 0x12, 0x18, 0x0a, 0x14, 0x53, 0x45, 0x54, 0x5f, 0x49, 0x4e, 0x46, 0x4f, 0x5f, 0x41, + 0x4c, 0x52, 0x45, 0x41, 0x44, 0x59, 0x5f, 0x53, 0x45, 0x54, 0x10, 0x01, 0x2a, 0xb1, 0x01, 0x0a, + 0x11, 0x55, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x53, 0x74, 0x61, 0x74, + 0x75, 0x73, 0x12, 0x18, 0x0a, 0x14, 0x55, 0x50, 0x4c, 0x4f, 0x41, 0x44, 0x5f, 0x46, 0x49, 0x4c, + 0x45, 0x53, 0x5f, 0x53, 0x55, 0x43, 0x43, 0x45, 0x53, 0x53, 0x10, 0x00, 0x12, 0x1e, 0x0a, 0x1a, + 0x55, 0x50, 0x4c, 0x4f, 0x41, 0x44, 0x5f, 0x46, 0x49, 0x4c, 0x45, 0x53, 0x5f, 0x55, 0x50, 0x4c, + 0x4f, 0x41, 0x44, 0x5f, 0x46, 0x41, 0x49, 0x4c, 0x45, 0x44, 0x10, 0x01, 0x12, 0x20, 0x0a, 0x1c, + 0x55, 0x50, 0x4c, 0x4f, 0x41, 0x44, 0x5f, 0x46, 0x49, 0x4c, 0x45, 0x53, 0x5f, 0x41, 0x4c, 0x52, + 0x45, 0x41, 0x44, 0x59, 0x5f, 0x53, 0x54, 0x41, 0x52, 0x54, 0x45, 0x44, 0x10, 0x02, 0x12, 0x21, + 0x0a, 0x1d, 0x55, 0x50, 0x4c, 0x4f, 0x41, 0x44, 0x5f, 0x46, 0x49, 0x4c, 0x45, 0x53, 0x5f, 0x41, + 0x4c, 0x52, 0x45, 0x41, 0x44, 0x59, 0x5f, 0x46, 0x49, 0x4e, 0x49, 0x53, 0x48, 0x45, 0x44, 0x10, + 0x03, 0x12, 0x1d, 0x0a, 0x19, 0x55, 0x50, 0x4c, 0x4f, 0x41, 0x44, 0x5f, 0x46, 0x49, 0x4c, 0x45, + 0x53, 0x5f, 0x53, 0x54, 0x41, 0x52, 0x54, 0x5f, 0x46, 0x41, 0x49, 0x4c, 0x45, 0x44, 0x10, 0x04, + 0x2a, 0x75, 0x0a, 0x1f, 0x55, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, + 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x55, 0x6e, 0x69, 0x74, 0x73, 0x53, 0x74, 0x61, + 0x74, 0x75, 0x73, 0x12, 0x28, 0x0a, 0x24, 0x55, 0x50, 0x4c, 0x4f, 0x41, 0x44, 0x5f, 0x53, 0x59, + 0x53, 0x54, 0x45, 0x4d, 0x44, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x55, 0x4e, + 0x49, 0x54, 0x53, 0x5f, 0x53, 0x55, 0x43, 0x43, 0x45, 0x53, 0x53, 0x10, 0x00, 0x12, 0x28, 0x0a, 0x24, 0x55, 0x50, 0x4c, 0x4f, 0x41, 0x44, 0x5f, 0x53, 0x59, 0x53, 0x54, 0x45, 0x4d, 0x44, 0x5f, - 0x53, 0x45, 0x52, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x55, 0x4e, 0x49, 0x54, 0x53, 0x5f, 0x53, 0x55, - 0x43, 0x43, 0x45, 0x53, 0x53, 0x10, 0x00, 0x12, 0x28, 0x0a, 0x24, 0x55, 0x50, 0x4c, 0x4f, 0x41, - 0x44, 0x5f, 0x53, 0x59, 0x53, 0x54, 0x45, 0x4d, 0x44, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x49, 0x43, - 0x45, 0x5f, 0x55, 0x4e, 0x49, 0x54, 0x53, 0x5f, 0x46, 0x41, 0x49, 0x4c, 0x55, 0x52, 0x45, 0x10, - 0x01, 0x32, 0x94, 0x03, 0x0a, 0x06, 0x44, 0x65, 0x62, 0x75, 0x67, 0x64, 0x12, 0x3c, 0x0a, 0x07, - 0x53, 0x65, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x16, 0x2e, 0x64, 0x65, 0x62, 0x75, 0x67, 0x64, - 0x2e, 0x53, 0x65, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, - 0x17, 0x2e, 0x64, 0x65, 0x62, 0x75, 0x67, 0x64, 0x2e, 0x53, 0x65, 0x74, 0x49, 0x6e, 0x66, 0x6f, - 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x3c, 0x0a, 0x07, 0x47, 0x65, - 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x16, 0x2e, 0x64, 0x65, 0x62, 0x75, 0x67, 0x64, 0x2e, 0x47, - 0x65, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x17, 0x2e, - 0x64, 0x65, 0x62, 0x75, 0x67, 0x64, 0x2e, 0x47, 0x65, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x4b, 0x0a, 0x0b, 0x55, 0x70, 0x6c, 0x6f, - 0x61, 0x64, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x12, 0x1b, 0x2e, 0x64, 0x65, 0x62, 0x75, 0x67, 0x64, - 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x66, 0x65, 0x72, 0x4d, 0x65, 0x73, - 0x73, 0x61, 0x67, 0x65, 0x1a, 0x1b, 0x2e, 0x64, 0x65, 0x62, 0x75, 0x67, 0x64, 0x2e, 0x55, 0x70, - 0x6c, 0x6f, 0x61, 0x64, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x22, 0x00, 0x28, 0x01, 0x12, 0x4e, 0x0a, 0x0d, 0x44, 0x6f, 0x77, 0x6e, 0x6c, 0x6f, 0x61, - 0x64, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x12, 0x1c, 0x2e, 0x64, 0x65, 0x62, 0x75, 0x67, 0x64, 0x2e, - 0x44, 0x6f, 0x77, 0x6e, 0x6c, 0x6f, 0x61, 0x64, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1b, 0x2e, 0x64, 0x65, 0x62, 0x75, 0x67, 0x64, 0x2e, 0x46, 0x69, - 0x6c, 0x65, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x66, 0x65, 0x72, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, - 0x65, 0x22, 0x00, 0x30, 0x01, 0x12, 0x71, 0x0a, 0x18, 0x55, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x53, - 0x79, 0x73, 0x74, 0x65, 0x6d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x55, 0x6e, 0x69, 0x74, - 0x73, 0x12, 0x28, 0x2e, 0x64, 0x65, 0x62, 0x75, 0x67, 0x64, 0x2e, 0x55, 0x70, 0x6c, 0x6f, 0x61, + 0x53, 0x45, 0x52, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x55, 0x4e, 0x49, 0x54, 0x53, 0x5f, 0x46, 0x41, + 0x49, 0x4c, 0x55, 0x52, 0x45, 0x10, 0x01, 0x32, 0x94, 0x03, 0x0a, 0x06, 0x44, 0x65, 0x62, 0x75, + 0x67, 0x64, 0x12, 0x3c, 0x0a, 0x07, 0x53, 0x65, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x16, 0x2e, + 0x64, 0x65, 0x62, 0x75, 0x67, 0x64, 0x2e, 0x53, 0x65, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x17, 0x2e, 0x64, 0x65, 0x62, 0x75, 0x67, 0x64, 0x2e, 0x53, + 0x65, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, + 0x12, 0x3c, 0x0a, 0x07, 0x47, 0x65, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x16, 0x2e, 0x64, 0x65, + 0x62, 0x75, 0x67, 0x64, 0x2e, 0x47, 0x65, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x1a, 0x17, 0x2e, 0x64, 0x65, 0x62, 0x75, 0x67, 0x64, 0x2e, 0x47, 0x65, 0x74, + 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x4b, + 0x0a, 0x0b, 0x55, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x12, 0x1b, 0x2e, + 0x64, 0x65, 0x62, 0x75, 0x67, 0x64, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x54, 0x72, 0x61, 0x6e, 0x73, + 0x66, 0x65, 0x72, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x1a, 0x1b, 0x2e, 0x64, 0x65, 0x62, + 0x75, 0x67, 0x64, 0x2e, 0x55, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x52, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x28, 0x01, 0x12, 0x4e, 0x0a, 0x0d, 0x44, + 0x6f, 0x77, 0x6e, 0x6c, 0x6f, 0x61, 0x64, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x12, 0x1c, 0x2e, 0x64, + 0x65, 0x62, 0x75, 0x67, 0x64, 0x2e, 0x44, 0x6f, 0x77, 0x6e, 0x6c, 0x6f, 0x61, 0x64, 0x46, 0x69, + 0x6c, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1b, 0x2e, 0x64, 0x65, 0x62, + 0x75, 0x67, 0x64, 0x2e, 0x46, 0x69, 0x6c, 0x65, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x66, 0x65, 0x72, + 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x22, 0x00, 0x30, 0x01, 0x12, 0x71, 0x0a, 0x18, 0x55, + 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x55, 0x6e, 0x69, 0x74, 0x73, 0x12, 0x28, 0x2e, 0x64, 0x65, 0x62, 0x75, 0x67, 0x64, + 0x2e, 0x55, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x64, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x55, 0x6e, 0x69, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x1a, 0x29, 0x2e, 0x64, 0x65, 0x62, 0x75, 0x67, 0x64, 0x2e, 0x55, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x55, - 0x6e, 0x69, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x29, 0x2e, 0x64, 0x65, - 0x62, 0x75, 0x67, 0x64, 0x2e, 0x55, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x79, 0x73, 0x74, 0x65, - 0x6d, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x55, 0x6e, 0x69, 0x74, 0x73, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x38, 0x5a, 0x36, 0x67, 0x69, 0x74, 0x68, - 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x65, 0x64, 0x67, 0x65, 0x6c, 0x65, 0x73, 0x73, 0x73, - 0x79, 0x73, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x74, 0x65, 0x6c, 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x2f, 0x76, 0x32, 0x2f, 0x64, 0x65, 0x62, 0x75, 0x67, 0x64, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x6e, 0x69, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x38, + 0x5a, 0x36, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x65, 0x64, 0x67, + 0x65, 0x6c, 0x65, 0x73, 0x73, 0x73, 0x79, 0x73, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x74, 0x65, 0x6c, + 0x6c, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2f, 0x76, 0x32, 0x2f, 0x64, 0x65, 0x62, 0x75, 0x67, 0x64, + 0x2f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/debugd/service/debugd.proto b/debugd/service/debugd.proto index db9c3b896..77bc94a60 100644 --- a/debugd/service/debugd.proto +++ b/debugd/service/debugd.proto @@ -58,6 +58,7 @@ message Chunk { message UploadFilesResponse { UploadFilesStatus status = 1; + string error = 2; } enum UploadFilesStatus { From 0a3f77e92634fd9b3434172000e13fc2f23129d7 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Sun, 9 Jun 2024 11:03:17 +0200 Subject: [PATCH 063/380] image: update locked rpms (#3156) Co-authored-by: edgelessci --- image/mirror/SHA256SUMS | 36 +++++++++++++++++------------------- 1 file changed, 17 insertions(+), 19 deletions(-) diff --git a/image/mirror/SHA256SUMS b/image/mirror/SHA256SUMS index 7c80ee794..7b19eec1c 100644 --- a/image/mirror/SHA256SUMS +++ b/image/mirror/SHA256SUMS @@ -11,13 +11,15 @@ db7d946583f2a91a3301d964a5adc7afb1620e0f72c9a9033ae3a4cfc2f332ad authselect-lib 68a43532d10187888788625d0b6c2224ba95804280eddf2636e5ef700607e7d0 bzip2-libs-1.0.8-18.fc40.x86_64.rpm e61d6858790314f9d9ab539c5531d2b67ce763c9e5ac6c22dd76293fec12f3f5 ca-certificates-2023.2.62_v7.0.401-6.fc40.noarch.rpm 99d4976979c8b9d18c9d2d686de77882dc6a4e72ebfe358fb9a37a83f0ecdc90 catatonit-0.1.7-22.fc40.x86_64.rpm +75a442ef2c8b3ab75a2692657c7838e806d56b607201ee463a68e0d448312391 composefs-1.0.3-1.fc40.x86_64.rpm +26e873722d8c94ba8150cb5afc7adcda1be17a21804d9c19e54eff530e3249a5 composefs-libs-1.0.3-1.fc40.x86_64.rpm ef93475ea699c80bb8e49b5a80fefeed23e553b0e492d74748a55958b4dde568 conmon-2.1.10-1.fc40.x86_64.rpm adf4b75cdd9fae9d2d37fb71d9f0bf625a6705c0f0a7784569ab21463fe22152 conntrack-tools-1.4.7-7.fc40.x86_64.rpm f4f43dd33d14def444e9516ac8d59a7fd4fbceb2c56b662f0c0943af65771b3a container-selinux-2.231.0-1.fc40.noarch.rpm bbe29e0c7b4ca076d50b4ac3954eb383459230d96b13f353ee71ebd5de33b6d1 containerd-1.6.23-5.fc40.x86_64.rpm 25fffa3b5f1b0b2349fd6f8f6ccb6e84936c50eeb8d4a292bcc2b74895fa7fcc containernetworking-plugins-1.4.0-4.fc40.x86_64.rpm -542e8c11b3af4c4bbbe2e8911c9f9dac12620d20be15011561cb3791165562c5 containers-common-0.58.0-2.fc40.noarch.rpm -483e8966b8f25fd5508ebe01a8b4fed75fd4c5105ba5d71284322ac3d3500b7b containers-common-extra-0.58.0-2.fc40.noarch.rpm +f0331dd3c17a46a9eebcb2c3b3d5bd5f91094d833f645ffc6e19dcbbd667b73e containers-common-0.59.1-1.fc40.noarch.rpm +862d242442ffb6a315c773b680643596ebb8615cf4d5cba02f80b9462fc2f8a4 containers-common-extra-0.59.1-1.fc40.noarch.rpm d90e0c786e9406ac4f4db67a8d4bbf3d7bf724797dbf1dd422ff376eaa214b3e coreutils-single-9.4-6.fc40.x86_64.rpm d941a78ffb6e2e0b4c24d0097d0351ced8796edde90208b4bddee459bce0a949 cpio-2.15-1.fc40.x86_64.rpm faa23cb6a7a612c0a6e874c788c5add967c5e193bd38c2e6093b82b38a162f81 cracklib-2.9.11-5.fc40.i686.rpm @@ -66,11 +68,7 @@ a6f2098fc2ed16df92c9325bd7459cc41479e17306a4f9cddfd5df8a1b80d0f8 file-5.45-4.fc f76684ee78408660db83ab9932978a1346b280f4210cd744524b00b2e5891fe1 file-libs-5.45-4.fc40.x86_64.rpm 063af3db3808bea0d5c07dbb2d8369b275e1d05ad0850c80a8fec0413f47cd64 filesystem-3.18-8.fc40.x86_64.rpm f17ca5526d2cf34b82916a0cd1afe73d68856fdb5b19754312f61512aef0a7c3 findutils-4.9.0-8.fc40.x86_64.rpm -f4c2d51c7b4577f7b7ef498f8e2afb1b007da2de00cca28e220f50129c40a48c fuse-common-3.16.2-3.fc40.x86_64.rpm f94315e447afb7442033b7b82e43a4ed62754f603afda53930280300855e46c7 fuse-libs-2.9.9-21.fc40.x86_64.rpm -8fe84b7e0319afcc9c9eb28130b74e0cd7c675667a6ce075eb7ee2ec1b0014c2 fuse-overlayfs-1.13-1.fc40.x86_64.rpm -2d6631d65e3b5c91afdb100a51ee8e50294f0e074a944c1662008d878d47456e fuse3-3.16.2-3.fc40.x86_64.rpm -a9c6502a5b190aaf169e93afd337c009e0b2e235e31f3da23d29c7d063ad2ff9 fuse3-libs-3.16.2-3.fc40.x86_64.rpm 6c80dfdaf7b27ea92c1276856b8b2ae5fde1ae5c391b773805be725515fdc1ac gawk-5.3.0-3.fc40.x86_64.rpm c4cc69bf3a2655b9ee9ac23492d377bac57811c5b4f81fbf43537520ee33c7af gawk-all-langpacks-5.3.0-3.fc40.x86_64.rpm 21470eb4ec55006c9efeee84c97772462008fceda1ab332e58d2caddfdaa0d1e gdbm-1.23-6.fc40.x86_64.rpm @@ -101,8 +99,8 @@ a265c8c4acac4c2a3c5f63f98df89e689b87f6f6bcceac1c83882d9cdab90eab grub2-tools-2. 6a502364cc7cfa1ec1918dbff2d678b4392c9f0279b66302bc8c039c36d7bde6 gvisor-tap-vsock-0.7.3-2.fc40.x86_64.rpm 7976f6318044e7adbf543edb4d3da4fbc43ef628e433a0c55b4652dc1c15a735 gvisor-tap-vsock-gvforwarder-0.7.3-2.fc40.x86_64.rpm 6dcc2f8885135fc873c8ab94a6c7df05883060c5b25287956bebb3aa15a84e71 gzip-1.13-1.fc40.x86_64.rpm -a1e1c7b374615851ddc52fefd89fc4ea1850730f6fd840b1fc655a1f62a222f2 iproute-6.7.0-1.fc40.x86_64.rpm -b15281c08e6840353cae883a90c19f6df757313ca8eb54c84f9312a88ae8c65a iproute-tc-6.7.0-1.fc40.x86_64.rpm +7ea61bdaada7c1ab5b8567e054a73e2cb3ca6019e3db887049998fed7eea8514 iproute-6.7.0-2.fc40.x86_64.rpm +21d9bc4c677edd86b2e88ebe4c20b097412c2fa3ef4a91d7de0f9b03e1306f5d iproute-tc-6.7.0-2.fc40.x86_64.rpm 21e1196534fbb6d6a4f8d29a1e76518e2740ae53f63080fc811e7ce9cc6d0982 iptables-legacy-1.8.10-7.fc40.x86_64.rpm 6e78bebc0bde8c2f1bd9c4a5f40010a779e7505a0fe87aab516db1bb4a840f02 iptables-legacy-libs-1.8.10-7.fc40.x86_64.rpm 98115e0aa89bc9a8ec66c160af80cf32519db427a83d23d8f3dd9185b3aa591e iptables-libs-1.8.10-7.fc40.x86_64.rpm @@ -145,8 +143,8 @@ c890a19d2c4a3da836bae1db40b778fe0339cd0d26bddfbe584aaccb1a0f1485 libcom_err-1.4 0d100701976c37fe94e904ed78437db7477ae1dc600ece07bea23fbbd968762c libcom_err-1.47.0-5.fc40.x86_64.rpm 7cacae48a3f76e77ffae047db34146efd3ae45b51188431a161ea93f83b9a231 libcurl-minimal-8.6.0-8.fc40.i686.rpm df01bb4a19148d5ef8bad7e97d6b9ff0926bdd6c04f97620b27dc3d2ff9059cb libcurl-minimal-8.6.0-8.fc40.x86_64.rpm -783f1bc7ab5fb88b5bfaea82f70457fba8e76bde5821b61bafbb1acb301f9834 libeconf-0.6.2-1.fc40.i686.rpm -05ad4ddff82db6a9c6cec0fc0188ae3a946c1387fbf69773eef9b9cd21c36251 libeconf-0.6.2-1.fc40.x86_64.rpm +700d56839e1bc16c08f71c505a7e62f655e4c18f4bf71bf2f36f3854f829e6f5 libeconf-0.6.2-2.fc40.i686.rpm +2ef764049e121ee2a9fa5d0296e6e2dd0abc7541040b8e49d67960bd9bde74e4 libeconf-0.6.2-2.fc40.x86_64.rpm 9e6e3e3ae465342b139c97b782e55701d20c72e7330545d5c66f901ede7228db libedit-3.1-51.20240517cvs.fc40.x86_64.rpm c4adcee5dd9e22ea50d6c318ac4936a8df708121741958ce5aa8f038c46c61a9 libevent-2.1.12-12.fc40.x86_64.rpm a1ba3045c99ef1b266383f0801731a68f9e0cb069a6c808267ad33b759381907 libfdisk-2.40-0.9.rc1.fc40.i686.rpm @@ -198,7 +196,7 @@ d5e6fc8b4595cccae415bc18b971ea4a4ed64c816e45de5d3f588b78ecf12708 libsepol-3.6-3 716b91d85eb887fe10db607608294475289b9e9fc4d51fbddcf24046ea016147 libsmartcols-2.40-0.9.rc1.fc40.i686.rpm 34111597814e385c8c1cdd48ff72c4ed64e7e6ed9bd6660bb2bfda6aebdb3200 libsmartcols-2.40-0.9.rc1.fc40.x86_64.rpm 302124d98a491472ec0982b89afbf576922d6921a89dda479d354e6582566f0e libsmartcols-2.40.1-1.fc40.x86_64.rpm -91d67f2a3be65b2904c432f4585189540978dcfb6ef994c2eaac5b7cfb4010a5 libsodium-1.0.19-4.fc40.x86_64.rpm +45d032fb4d59ee0f6a921dd1f0addfcdd38fc46917243fdd6248194ffddb9067 libsodium-1.0.20-1.fc40.x86_64.rpm c8bbfa2762cc601f8a97d8d5a39a658f0e91ba477ebebd798b30f7fc8ffdd457 libss-1.47.0-5.fc40.x86_64.rpm bac37be0a003b3b520f62218bd5c743846a9ca5278cbe1cf3ced2cd15b638d73 libstdc++-14.1.1-4.fc40.x86_64.rpm d92173d6fbfb7e2af3b35a8554229e247666e15dc5b36cba43b7bbfc4144b781 libtasn1-4.19.0-6.fc40.x86_64.rpm @@ -248,9 +246,9 @@ eba1bd09317cc1f1f80e722e9a545dd404e1fad444045438f254e99cab4f1ed6 openssl-libs-3 9f0336deb6f1b1524ec48d837622e7e2291995369b0356d7ad1e1d427f3b659a os-prober-1.81-6.fc40.x86_64.rpm 2c8e47f98df74fe89b23f0a1347aba91383da06e0ae903949b015943da4e1b5b p11-kit-0.25.3-4.fc40.x86_64.rpm 93159ba4fffd7c91bd28d3942564368c402dc65ee7998e81688f3d566fe7633f p11-kit-trust-0.25.3-4.fc40.x86_64.rpm -afdb1232618f268a03f9965b146de07021b287a5a9a3451b739bdadce6f09728 pam-1.6.1-1.fc40.x86_64.rpm -ad8922a4803efb3f3c40632e01433891b263fdc808fd6cb0e706d4ffffab2d0e pam-libs-1.6.1-1.fc40.i686.rpm -182e490c3576cf043054e5e6818bcef8eb9ec95396ada542bc04773358481486 pam-libs-1.6.1-1.fc40.x86_64.rpm +33d36e10f465b7b15de75ae1856b403ed37c23f026e3abb80497e496f43718c9 pam-1.6.1-3.fc40.x86_64.rpm +5981cdaf35f2ea96236eaccf1ce476379e51e5883ce57343a7727626e9fd9da3 pam-libs-1.6.1-3.fc40.i686.rpm +fb85b93438336461a0b2b878158e552d30b6fb663404475eb0a050b35fd5d35f pam-libs-1.6.1-3.fc40.x86_64.rpm 9bbce784622e02af0371ced8e9a7d26adba7eabd66ecfcb8bbe2d24cf616e3c1 parted-3.6-4.fc40.x86_64.rpm 7f8327ab1b77dbc67cf1db70d35afda6477e48e7467e4f3c916f71eddac7048a passt-0^20240510.g7288448-1.fc40.x86_64.rpm 6ae3cbcf7de9c12dae7fb3096acd32bc2e3ba2b9b44a6c5eef2c7c3a587a5a32 passt-selinux-0^20240510.g7288448-1.fc40.noarch.rpm @@ -263,7 +261,7 @@ f796a31cad58f4ebea8787020868581d9a721297ee0ef6a7c63a7f8444f60c17 pcsc-lite-libs 5443db8875acc0c1c436dbe1ed62b776543e049b8d9c7e33198379d367814093 pigz-2.8-4.fc40.x86_64.rpm cb7c5036f1d25c696de23a6670cb64caec9945116fb0c9a93555414746ecf253 pinentry-1.3.0-2.fc40.x86_64.rpm bbb4abafa9f7664e21350b56d49af2c928288e6d4dd68c304c4ab5d45b2c8ad7 pkcs11-provider-0.3-2.fc40.x86_64.rpm -6538fed9557d92d1d0fc136e16cdb50b38ed8724184c3d3daa899922a8fa3ae8 podman-5.0.3-1.fc40.x86_64.rpm +acc781e5cf7e5bde4869c08faeafb66ff0790c1102f428d4bd8b14972b7c5b54 podman-5.1.0-1.fc40.x86_64.rpm fc0270713aefd482937adc4d6905f806760ea54c70379cb675be521251e5a177 policycoreutils-3.6-3.fc40.x86_64.rpm 30a4f9d3631aaa1280c93ce4305847a9773973aa312e1802d1cd676cb2421689 polkit-124-2.fc40.x86_64.rpm f47bc65177a8b160916c00df9c84442afa1dd353880b3c0503d5a0b052d4956c polkit-libs-124-2.fc40.x86_64.rpm @@ -312,8 +310,8 @@ d400a4e4440bea56566fb1e9582d86d1ac2e07745d37fa6e71f43a8fea05217c rpm-plugin-sel 98191fd64cf0ffaea15897596afb4c71b0a78c0fea726fc256be5298d7756299 selinux-policy-40.20-1.fc40.noarch.rpm fa363e31c6664b972a4adc5b9077375bb21492a2fc9df3dc6076889adf120deb selinux-policy-targeted-40.20-1.fc40.noarch.rpm 89862f646cd64e81497f01a8b69ab30ac8968c47afef92a2c333608fdb90ccc1 setup-2.14.5-2.fc40.noarch.rpm -14c4208826d1c859899f35978a80e0448fabead39f860fd3bae41b4e3e8e1883 shadow-utils-4.15.1-2.fc40.x86_64.rpm -0a1e1e3502b65b8620cbcc74dfc75203fb9ce913f0580f49ed8fdcb8e89c106c shadow-utils-subid-4.15.1-2.fc40.x86_64.rpm +95a0cce33e56359aa09507abfed062fb47a554307b0a029e6d2f076b813ae8d2 shadow-utils-4.15.1-3.fc40.x86_64.rpm +0c1072b40e5fe451e7d2bc1a7530e743303591c3d26bce0ac2e09ff05b50ae26 shadow-utils-subid-4.15.1-3.fc40.x86_64.rpm 67eede27af5b4773eb2f7ac794df694be030310d40bce462864c05b8f65c87c3 socat-1.8.0.0-2.fc40.x86_64.rpm a1e23ae521e93ab19d3df77889a6a418c3432025e4880cfd893e40f7165876a7 sqlite-libs-3.45.1-2.fc40.x86_64.rpm 05bfc1e9b80ff927bdecab59e075e6b6eb83140540b5182e388f69b3ec5edc7a systemd-255.7-1.fc40.i686.rpm @@ -328,8 +326,8 @@ ab38692d083371a7776bc0f6a1f58629fdb7f8587599b3782a1e148b33fa9003 systemd-pam-25 5c9df40bfe23084aa9b4e755d1b84654566a087e0c49e6b3a3da1e2644b7e3dd systemd-udev-255.7-1.fc40.x86_64.rpm 65819c502727dc293a71a74b9a5f6b0ba781f12a99c5d5535085f168e5eac56e tar-1.35-3.fc40.x86_64.rpm 0478e12152cc3432a31dfca5ddbc80966800af437c6d7c0b26be307d5e1272e7 tpm2-tools-5.7-1.fc40.x86_64.rpm -f8f7d1b48e3a2193a9929544503c72d79c5de555816a3812f30158d136a2bf15 tpm2-tss-4.1.0-1.fc40.x86_64.rpm -7da3dc1d28b8154f36e6c2e68ea7e5378729d9adfa48d9817bdacf8f309a43e2 tpm2-tss-fapi-4.1.0-1.fc40.x86_64.rpm +c3be8a6d0ea23b1d0bf466b19857b97f7ffde811ad7adec0599161059d84cc74 tpm2-tss-4.1.3-1.fc40.x86_64.rpm +5df98756883badf7743cdd75f5689b62606bff0b74494b20241cb9d78335c251 tpm2-tss-fapi-4.1.3-1.fc40.x86_64.rpm 0bd358e7dfb2bd730b62c7375c8d8f8d9e2470f085ca8dc4ec626dc0332d5687 tzdata-2024a-5.fc40.noarch.rpm 70104fb4dffbfde9b5dd540a97ce37fa965c9d989777dd6c086de28bff10709a unbound-anchor-1.20.0-1.fc40.x86_64.rpm 76d89a1e025aed395b28f9f97d8cba85142e5ffcfecb00de7f93333b76225665 unbound-libs-1.20.0-1.fc40.x86_64.rpm From 85c4f9be2a3f0b23e02abd87d03456f71c26c7bf Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sun, 9 Jun 2024 11:05:02 +0200 Subject: [PATCH 064/380] deps: update ghcr.io/edgelesssys/gcp-guest-agent Docker tag to v20240528 (#3143) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- internal/versions/versions.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/versions/versions.go b/internal/versions/versions.go index cf0fd5d29..3686a68c8 100644 --- a/internal/versions/versions.go +++ b/internal/versions/versions.go @@ -169,7 +169,7 @@ const ( // GcpGuestImage image for GCP guest agent. // Check for new versions at https://github.com/GoogleCloudPlatform/guest-agent/releases and update in /.github/workflows/build-gcp-guest-agent.yml. - GcpGuestImage = "ghcr.io/edgelesssys/gcp-guest-agent:v20240314.0.0@sha256:56f5f5250056174c82cffe6b3190838f4e001cf6375eeea0b7847d679e0a600f" // renovate:container + GcpGuestImage = "ghcr.io/edgelesssys/gcp-guest-agent:v20240528.0.0@sha256:1c6e1a5f0ae9ff84fa83082bd26be209f4a5ab71d6dfcfc024999419c8f8578c" // renovate:container // NodeMaintenanceOperatorImage is the image for the node maintenance operator. NodeMaintenanceOperatorImage = "quay.io/medik8s/node-maintenance-operator:v0.15.0@sha256:8cb8dad93283268282c30e75c68f4bd76b28def4b68b563d2f9db9c74225d634" // renovate:container // LogstashImage is the container image of logstash, used for log collection by debugd. From 3efd50a51835231e8fbef373e9e18dd0f97a2e8f Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Mon, 10 Jun 2024 14:04:00 +0200 Subject: [PATCH 065/380] ci: bump origin versions of upgrade tests (#3158) --- .github/workflows/e2e-test-release.yml | 2 +- .github/workflows/e2e-test-weekly.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/e2e-test-release.yml b/.github/workflows/e2e-test-release.yml index 49c644b39..401f9e241 100644 --- a/.github/workflows/e2e-test-release.yml +++ b/.github/workflows/e2e-test-release.yml @@ -403,7 +403,7 @@ jobs: fail-fast: false max-parallel: 1 matrix: - fromVersion: ["v2.16.2"] + fromVersion: ["v2.16.4"] attestationVariant: ["gcp-sev-es", "azure-sev-snp", "azure-tdx", "aws-sev-snp"] name: Run upgrade tests secrets: inherit diff --git a/.github/workflows/e2e-test-weekly.yml b/.github/workflows/e2e-test-weekly.yml index b6560b239..bb7b14d2f 100644 --- a/.github/workflows/e2e-test-weekly.yml +++ b/.github/workflows/e2e-test-weekly.yml @@ -413,7 +413,7 @@ jobs: fail-fast: false max-parallel: 1 matrix: - fromVersion: ["v2.16.2"] + fromVersion: ["v2.16.4"] attestationVariant: ["gcp-sev-es", "azure-sev-snp", "azure-tdx", "aws-sev-snp"] name: Run upgrade tests secrets: inherit From fddad83eb48da3b4a504cd23b4af93052d526e2a Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Tue, 11 Jun 2024 11:53:00 +0200 Subject: [PATCH 066/380] helm: upgrade Cilium to v1.15.5-edg.1 (#3149) --- .../helm/charts/cilium/Chart.yaml | 6 +- .../helm/charts/cilium/README.md | 56 ++++---- .../cilium/files/agent/poststart-eni.bash | 4 +- .../dashboards/cilium-dashboard.json | 2 +- .../charts/cilium/files/nodeinit/startup.bash | 2 +- .../templates/cilium-agent/daemonset.yaml | 45 ++++++- .../cilium-agent/servicemonitor.yaml | 14 ++ .../cilium/templates/cilium-configmap.yaml | 23 ++++ .../templates/cilium-envoy/daemonset.yaml | 13 +- .../cilium-envoy/servicemonitor.yaml | 5 +- .../templates/cilium-nodeinit/daemonset.yaml | 11 ++ .../templates/cilium-preflight/daemonset.yaml | 7 +- .../cilium-preflight/deployment.yaml | 9 ++ .../clustermesh-apiserver/deployment.yaml | 22 +++- .../templates/hubble-relay/deployment.yaml | 6 + .../templates/spire/agent/daemonset.yaml | 8 +- .../cilium/templates/spire/namespace.yaml | 2 +- .../helm/charts/cilium/values.yaml | 120 ++++++++++++++---- .../helm/charts/cilium/values.yaml.tmpl | 84 +++++++++++- internal/constellation/helm/cilium.patch | 10 +- internal/constellation/helm/generateCilium.sh | 2 +- internal/constellation/helm/helm_test.go | 2 +- internal/constellation/helm/loader.go | 14 +- 23 files changed, 379 insertions(+), 88 deletions(-) diff --git a/internal/constellation/helm/charts/cilium/Chart.yaml b/internal/constellation/helm/charts/cilium/Chart.yaml index 3ba2d273f..9f079933b 100644 --- a/internal/constellation/helm/charts/cilium/Chart.yaml +++ b/internal/constellation/helm/charts/cilium/Chart.yaml @@ -2,10 +2,10 @@ apiVersion: v2 name: cilium displayName: Cilium home: https://cilium.io/ -version: 1.15.0-pre.3-edg.3 -appVersion: 1.15.0-pre.3-edg.3 +version: 1.15.5-edg.1 +appVersion: 1.15.5-edg.1 kubeVersion: ">= 1.16.0-0" -icon: https://cdn.jsdelivr.net/gh/cilium/cilium@main/Documentation/images/logo-solo.svg +icon: https://cdn.jsdelivr.net/gh/cilium/cilium@v1.15/Documentation/images/logo-solo.svg description: eBPF-based Networking, Security, and Observability keywords: - BPF diff --git a/internal/constellation/helm/charts/cilium/README.md b/internal/constellation/helm/charts/cilium/README.md index 21f7633a0..6c41b865c 100644 --- a/internal/constellation/helm/charts/cilium/README.md +++ b/internal/constellation/helm/charts/cilium/README.md @@ -1,6 +1,6 @@ # cilium -![Version: 1.15.0-pre.3](https://img.shields.io/badge/Version-1.15.0--pre.3-informational?style=flat-square) ![AppVersion: 1.15.0-pre.3](https://img.shields.io/badge/AppVersion-1.15.0--pre.3-informational?style=flat-square) +![Version: 1.15.5](https://img.shields.io/badge/Version-1.15.5-informational?style=flat-square) ![AppVersion: 1.15.5](https://img.shields.io/badge/AppVersion-1.15.5-informational?style=flat-square) Cilium is open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as @@ -73,15 +73,16 @@ contributors across the globe, there is almost always someone available to help. | authentication.mutual.spire.enabled | bool | `false` | Enable SPIRE integration (beta) | | authentication.mutual.spire.install.agent.affinity | object | `{}` | SPIRE agent affinity configuration | | authentication.mutual.spire.install.agent.annotations | object | `{}` | SPIRE agent annotations | -| authentication.mutual.spire.install.agent.image | object | `{"digest":"sha256:d489bc8470d7a0f292e0e3576c3e7025253343dc798241bcfd9061828e2a6bef","override":null,"pullPolicy":"IfNotPresent","repository":"ghcr.io/spiffe/spire-agent","tag":"1.8.4","useDigest":true}` | SPIRE agent image | +| authentication.mutual.spire.install.agent.image | object | `{"digest":"sha256:99405637647968245ff9fe215f8bd2bd0ea9807be9725f8bf19fe1b21471e52b","override":null,"pullPolicy":"IfNotPresent","repository":"ghcr.io/spiffe/spire-agent","tag":"1.8.5","useDigest":true}` | SPIRE agent image | | authentication.mutual.spire.install.agent.labels | object | `{}` | SPIRE agent labels | | authentication.mutual.spire.install.agent.nodeSelector | object | `{}` | SPIRE agent nodeSelector configuration ref: ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | authentication.mutual.spire.install.agent.podSecurityContext | object | `{}` | Security context to be added to spire agent pods. SecurityContext holds pod-level security attributes and common container settings. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod | | authentication.mutual.spire.install.agent.securityContext | object | `{}` | Security context to be added to spire agent containers. SecurityContext holds pod-level security attributes and common container settings. ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container | | authentication.mutual.spire.install.agent.serviceAccount | object | `{"create":true,"name":"spire-agent"}` | SPIRE agent service account | | authentication.mutual.spire.install.agent.skipKubeletVerification | bool | `true` | SPIRE Workload Attestor kubelet verification. | -| authentication.mutual.spire.install.agent.tolerations | list | `[]` | SPIRE agent tolerations configuration ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | +| authentication.mutual.spire.install.agent.tolerations | list | `[{"effect":"NoSchedule","key":"node.kubernetes.io/not-ready"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/control-plane"},{"effect":"NoSchedule","key":"node.cloudprovider.kubernetes.io/uninitialized","value":"true"},{"key":"CriticalAddonsOnly","operator":"Exists"}]` | SPIRE agent tolerations configuration By default it follows the same tolerations as the agent itself to allow the Cilium agent on this node to connect to SPIRE. ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | | authentication.mutual.spire.install.enabled | bool | `true` | Enable SPIRE installation. This will only take effect only if authentication.mutual.spire.enabled is true | +| authentication.mutual.spire.install.existingNamespace | bool | `false` | SPIRE namespace already exists. Set to true if Helm should not create, manage, and import the SPIRE namespace. | | authentication.mutual.spire.install.initImage | object | `{"digest":"sha256:223ae047b1065bd069aac01ae3ac8088b3ca4a527827e283b85112f29385fb1b","override":null,"pullPolicy":"IfNotPresent","repository":"docker.io/library/busybox","tag":"1.36.1","useDigest":true}` | init container image of SPIRE agent and server | | authentication.mutual.spire.install.namespace | string | `"cilium-spire"` | SPIRE namespace to install into | | authentication.mutual.spire.install.server.affinity | object | `{}` | SPIRE server affinity configuration | @@ -92,7 +93,7 @@ contributors across the globe, there is almost always someone available to help. | authentication.mutual.spire.install.server.dataStorage.enabled | bool | `true` | Enable SPIRE server data storage | | authentication.mutual.spire.install.server.dataStorage.size | string | `"1Gi"` | Size of the SPIRE server data storage | | authentication.mutual.spire.install.server.dataStorage.storageClass | string | `nil` | StorageClass of the SPIRE server data storage | -| authentication.mutual.spire.install.server.image | object | `{"digest":"sha256:bf79e0a921f8b8aa92602f7ea335616e72f7e91f939848e7ccc52d5bddfe96a1","override":null,"pullPolicy":"IfNotPresent","repository":"ghcr.io/spiffe/spire-server","tag":"1.8.4","useDigest":true}` | SPIRE server image | +| authentication.mutual.spire.install.server.image | object | `{"digest":"sha256:28269265882048dcf0fed32fe47663cd98613727210b8d1a55618826f9bf5428","override":null,"pullPolicy":"IfNotPresent","repository":"ghcr.io/spiffe/spire-server","tag":"1.8.5","useDigest":true}` | SPIRE server image | | authentication.mutual.spire.install.server.initContainers | list | `[]` | SPIRE server init containers | | authentication.mutual.spire.install.server.labels | object | `{}` | SPIRE server labels | | authentication.mutual.spire.install.server.nodeSelector | object | `{}` | SPIRE server nodeSelector configuration ref: ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | @@ -135,13 +136,14 @@ contributors across the globe, there is almost always someone available to help. | bpf.monitorInterval | string | `"5s"` | Configure the typical time between monitor notifications for active connections. | | bpf.natMax | int | `524288` | Configure the maximum number of entries for the NAT table. | | bpf.neighMax | int | `524288` | Configure the maximum number of entries for the neighbor table. | -| bpf.policyMapMax | int | `16384` | Configure the maximum number of entries in endpoint policy map (per endpoint). | +| bpf.nodeMapMax | int | `nil` | Configures the maximum number of entries for the node table. | +| bpf.policyMapMax | int | `16384` | Configure the maximum number of entries in endpoint policy map (per endpoint). @schema type: [null, integer] @schema | | bpf.preallocateMaps | bool | `false` | Enables pre-allocation of eBPF map values. This increases memory usage but can reduce latency. | | bpf.root | string | `"/sys/fs/bpf"` | Configure the mount point for the BPF filesystem | | bpf.tproxy | bool | `false` | Configure the eBPF-based TPROXY to reduce reliance on iptables rules for implementing Layer 7 policy. | | bpf.vlanBypass | list | `[]` | Configure explicitly allowed VLAN id's for bpf logic bypass. [0] will allow all VLAN id's without any filtering. | | bpfClockProbe | bool | `false` | Enable BPF clock source probing for more efficient tick retrieval. | -| certgen | object | `{"affinity":{},"annotations":{"cronJob":{},"job":{}},"extraVolumeMounts":[],"extraVolumes":[],"image":{"digest":"sha256:89a0847753686444daabde9474b48340993bd19c7bea66a46e45b2974b82041f","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/certgen","tag":"v0.1.9","useDigest":true},"podLabels":{},"tolerations":[],"ttlSecondsAfterFinished":1800}` | Configure certificate generation for Hubble integration. If hubble.tls.auto.method=cronJob, these values are used for the Kubernetes CronJob which will be scheduled regularly to (re)generate any certificates not provided manually. | +| certgen | object | `{"affinity":{},"annotations":{"cronJob":{},"job":{}},"extraVolumeMounts":[],"extraVolumes":[],"image":{"digest":"sha256:bbc5e65e9dc65bc6b58967fe536b7f3b54e12332908aeb0a96a36866b4372b4e","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/certgen","tag":"v0.1.12","useDigest":true},"podLabels":{},"tolerations":[],"ttlSecondsAfterFinished":1800}` | Configure certificate generation for Hubble integration. If hubble.tls.auto.method=cronJob, these values are used for the Kubernetes CronJob which will be scheduled regularly to (re)generate any certificates not provided manually. | | certgen.affinity | object | `{}` | Affinity for certgen | | certgen.annotations | object | `{"cronJob":{},"job":{}}` | Annotations to be added to the hubble-certgen initial Job and CronJob | | certgen.extraVolumeMounts | list | `[]` | Additional certgen volumeMounts. | @@ -169,7 +171,7 @@ contributors across the globe, there is almost always someone available to help. | clustermesh.apiserver.extraEnv | list | `[]` | Additional clustermesh-apiserver environment variables. | | clustermesh.apiserver.extraVolumeMounts | list | `[]` | Additional clustermesh-apiserver volumeMounts. | | clustermesh.apiserver.extraVolumes | list | `[]` | Additional clustermesh-apiserver volumes. | -| clustermesh.apiserver.image | object | `{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.15.0-pre.3","useDigest":false}` | Clustermesh API server image. | +| clustermesh.apiserver.image | object | `{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.15.5","useDigest":false}` | Clustermesh API server image. | | clustermesh.apiserver.kvstoremesh.enabled | bool | `false` | Enable KVStoreMesh. KVStoreMesh caches the information retrieved from the remote clusters in the local etcd instance. | | clustermesh.apiserver.kvstoremesh.extraArgs | list | `[]` | Additional KVStoreMesh arguments. | | clustermesh.apiserver.kvstoremesh.extraEnv | list | `[]` | Additional KVStoreMesh environment variables. | @@ -320,7 +322,7 @@ contributors across the globe, there is almost always someone available to help. | eni.subnetIDsFilter | list | `[]` | Filter via subnet IDs which will dictate which subnets are going to be used to create new ENIs Important note: This requires that each instance has an ENI with a matching subnet attached when Cilium is deployed. If you only want to control subnets for ENIs attached by Cilium, use the CNI configuration file settings (cni.customConf) instead. | | eni.subnetTagsFilter | list | `[]` | Filter via tags (k=v) which will dictate which subnets are going to be used to create new ENIs Important note: This requires that each instance has an ENI with a matching subnet attached when Cilium is deployed. If you only want to control subnets for ENIs attached by Cilium, use the CNI configuration file settings (cni.customConf) instead. | | eni.updateEC2AdapterLimitViaAPI | bool | `true` | Update ENI Adapter limits from the EC2 API | -| envoy.affinity | object | `{"podAntiAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":[{"labelSelector":{"matchLabels":{"k8s-app":"cilium-envoy"}},"topologyKey":"kubernetes.io/hostname"}]}}` | Affinity for cilium-envoy. | +| envoy.affinity | object | `{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"cilium.io/no-schedule","operator":"NotIn","values":["true"]}]}]}},"podAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":[{"labelSelector":{"matchLabels":{"k8s-app":"cilium"}},"topologyKey":"kubernetes.io/hostname"}]},"podAntiAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":[{"labelSelector":{"matchLabels":{"k8s-app":"cilium-envoy"}},"topologyKey":"kubernetes.io/hostname"}]}}` | Affinity for cilium-envoy. | | envoy.annotations | object | `{}` | Annotations to be added to all top-level cilium-envoy objects (resources under templates/cilium-envoy) | | envoy.connectTimeoutSeconds | int | `2` | Time in seconds after which a TCP connection attempt times out | | envoy.dnsPolicy | string | `nil` | DNS policy for Cilium envoy pods. Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy | @@ -333,7 +335,7 @@ contributors across the globe, there is almost always someone available to help. | envoy.extraVolumes | list | `[]` | Additional envoy volumes. | | envoy.healthPort | int | `9878` | TCP port for the health API. | | envoy.idleTimeoutDurationSeconds | int | `60` | Set Envoy upstream HTTP idle connection timeout seconds. Does not apply to connections with pending requests. Default 60s | -| envoy.image | object | `{"digest":"sha256:80de27c1d16ab92923cc0cd1fff90f2e7047a9abf3906fda712268d9cbc5b950","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium-envoy","tag":"v1.27.2-f19708f3d0188fe39b7e024b4525b75a9eeee61f","useDigest":true}` | Envoy container image. | +| envoy.image | object | `{"digest":"sha256:bc8dcc3bc008e3a5aab98edb73a0985e6ef9469bda49d5bb3004c001c995c380","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium-envoy","tag":"v1.28.3-31ec52ec5f2e4d28a8e19a0bfb872fa48cf7a515","useDigest":true}` | Envoy container image. | | envoy.livenessProbe.failureThreshold | int | `10` | failure threshold of liveness probe | | envoy.livenessProbe.periodSeconds | int | `30` | interval between checks of the liveness probe | | envoy.log.format | string | `"[%Y-%m-%d %T.%e][%t][%l][%n] [%g:%#] %v"` | The format string to use for laying out the log message metadata of Envoy. | @@ -343,16 +345,18 @@ contributors across the globe, there is almost always someone available to help. | envoy.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node selector for cilium-envoy. | | envoy.podAnnotations | object | `{}` | Annotations to be added to envoy pods | | envoy.podLabels | object | `{}` | Labels to be added to envoy pods | -| envoy.podSecurityContext | object | `{}` | Security Context for cilium-envoy pods. | +| envoy.podSecurityContext | object | `{"appArmorProfile":{"type":"Unconfined"}}` | Security Context for cilium-envoy pods. | +| envoy.podSecurityContext.appArmorProfile | object | `{"type":"Unconfined"}` | AppArmorProfile options for the `cilium-agent` and init containers | | envoy.priorityClassName | string | `nil` | The priority class to use for cilium-envoy. | +| envoy.prometheus | object | `{"enabled":true,"port":"9964","serviceMonitor":{"annotations":{},"enabled":false,"interval":"10s","labels":{},"metricRelabelings":null,"relabelings":[{"replacement":"${1}","sourceLabels":["__meta_kubernetes_pod_node_name"],"targetLabel":"node"}]}}` | Configure Cilium Envoy Prometheus options. Note that some of these apply to either cilium-agent or cilium-envoy. | | envoy.prometheus.enabled | bool | `true` | Enable prometheus metrics for cilium-envoy | | envoy.prometheus.port | string | `"9964"` | Serve prometheus metrics for cilium-envoy on the configured port | | envoy.prometheus.serviceMonitor.annotations | object | `{}` | Annotations to add to ServiceMonitor cilium-envoy | -| envoy.prometheus.serviceMonitor.enabled | bool | `false` | Enable service monitors. This requires the prometheus CRDs to be available (see https://github.com/prometheus-operator/prometheus-operator/blob/main/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml) | +| envoy.prometheus.serviceMonitor.enabled | bool | `false` | Enable service monitors. This requires the prometheus CRDs to be available (see https://github.com/prometheus-operator/prometheus-operator/blob/main/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml) Note that this setting applies to both cilium-envoy _and_ cilium-agent with Envoy enabled. | | envoy.prometheus.serviceMonitor.interval | string | `"10s"` | Interval for scrape metrics. | | envoy.prometheus.serviceMonitor.labels | object | `{}` | Labels to add to ServiceMonitor cilium-envoy | -| envoy.prometheus.serviceMonitor.metricRelabelings | string | `nil` | Metrics relabeling configs for the ServiceMonitor cilium-envoy | -| envoy.prometheus.serviceMonitor.relabelings | list | `[{"replacement":"${1}","sourceLabels":["__meta_kubernetes_pod_node_name"],"targetLabel":"node"}]` | Relabeling configs for the ServiceMonitor cilium-envoy | +| envoy.prometheus.serviceMonitor.metricRelabelings | string | `nil` | Metrics relabeling configs for the ServiceMonitor cilium-envoy or for cilium-agent with Envoy configured. | +| envoy.prometheus.serviceMonitor.relabelings | list | `[{"replacement":"${1}","sourceLabels":["__meta_kubernetes_pod_node_name"],"targetLabel":"node"}]` | Relabeling configs for the ServiceMonitor cilium-envoy or for cilium-agent with Envoy configured. | | envoy.readinessProbe.failureThreshold | int | `3` | failure threshold of readiness probe | | envoy.readinessProbe.periodSeconds | int | `30` | interval between checks of the readiness probe | | envoy.resources | object | `{}` | Envoy resource limits & requests ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | @@ -365,6 +369,8 @@ contributors across the globe, there is almost always someone available to help. | envoy.terminationGracePeriodSeconds | int | `1` | Configure termination grace period for cilium-envoy DaemonSet. | | envoy.tolerations | list | `[{"operator":"Exists"}]` | Node tolerations for envoy scheduling to nodes with taints ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | | envoy.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":2},"type":"RollingUpdate"}` | cilium-envoy update strategy ref: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/#updating-a-daemonset | +| envoy.xffNumTrustedHopsL7PolicyEgress | int | `0` | Number of trusted hops regarding the x-forwarded-for and related HTTP headers for the egress L7 policy enforcement Envoy listeners. | +| envoy.xffNumTrustedHopsL7PolicyIngress | int | `0` | Number of trusted hops regarding the x-forwarded-for and related HTTP headers for the ingress L7 policy enforcement Envoy listeners. | | envoyConfig.enabled | bool | `false` | Enable CiliumEnvoyConfig CRD CiliumEnvoyConfig CRD can also be implicitly enabled by other options. | | envoyConfig.secretsNamespace | object | `{"create":true,"name":"cilium-secrets"}` | SecretsNamespace is the namespace in which envoy SDS will retrieve secrets from. | | envoyConfig.secretsNamespace.create | bool | `true` | Create secrets namespace for CiliumEnvoyConfig CRDs. | @@ -453,9 +459,11 @@ contributors across the globe, there is almost always someone available to help. | hubble.relay.dialTimeout | string | `nil` | Dial timeout to connect to the local hubble instance to receive peer information (e.g. "30s"). | | hubble.relay.enabled | bool | `false` | Enable Hubble Relay (requires hubble.enabled=true) | | hubble.relay.extraEnv | list | `[]` | Additional hubble-relay environment variables. | +| hubble.relay.extraVolumeMounts | list | `[]` | Additional hubble-relay volumeMounts. | +| hubble.relay.extraVolumes | list | `[]` | Additional hubble-relay volumes. | | hubble.relay.gops.enabled | bool | `true` | Enable gops for hubble-relay | | hubble.relay.gops.port | int | `9893` | Configure gops listen port for hubble-relay | -| hubble.relay.image | object | `{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.15.0-pre.3","useDigest":false}` | Hubble-relay container image. | +| hubble.relay.image | object | `{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.15.5","useDigest":false}` | Hubble-relay container image. | | hubble.relay.listenHost | string | `""` | Host to listen to. Specify an empty string to bind to all the interfaces. | | hubble.relay.listenPort | string | `"4245"` | Port to listen to. | | hubble.relay.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | @@ -513,7 +521,7 @@ contributors across the globe, there is almost always someone available to help. | hubble.ui.backend.extraEnv | list | `[]` | Additional hubble-ui backend environment variables. | | hubble.ui.backend.extraVolumeMounts | list | `[]` | Additional hubble-ui backend volumeMounts. | | hubble.ui.backend.extraVolumes | list | `[]` | Additional hubble-ui backend volumes. | -| hubble.ui.backend.image | object | `{"digest":"sha256:1f86f3400827a0451e6332262467f894eeb7caf0eb8779bd951e2caa9d027cbe","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-ui-backend","tag":"v0.12.1","useDigest":true}` | Hubble-ui backend image. | +| hubble.ui.backend.image | object | `{"digest":"sha256:1e7657d997c5a48253bb8dc91ecee75b63018d16ff5e5797e5af367336bc8803","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-ui-backend","tag":"v0.13.0","useDigest":true}` | Hubble-ui backend image. | | hubble.ui.backend.livenessProbe.enabled | bool | `false` | Enable liveness probe for Hubble-ui backend (requires Hubble-ui 0.12+) | | hubble.ui.backend.readinessProbe.enabled | bool | `false` | Enable readiness probe for Hubble-ui backend (requires Hubble-ui 0.12+) | | hubble.ui.backend.resources | object | `{}` | Resource requests and limits for the 'backend' container of the 'hubble-ui' deployment. | @@ -523,7 +531,7 @@ contributors across the globe, there is almost always someone available to help. | hubble.ui.frontend.extraEnv | list | `[]` | Additional hubble-ui frontend environment variables. | | hubble.ui.frontend.extraVolumeMounts | list | `[]` | Additional hubble-ui frontend volumeMounts. | | hubble.ui.frontend.extraVolumes | list | `[]` | Additional hubble-ui frontend volumes. | -| hubble.ui.frontend.image | object | `{"digest":"sha256:9e5f81ee747866480ea1ac4630eb6975ff9227f9782b7c93919c081c33f38267","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-ui","tag":"v0.12.1","useDigest":true}` | Hubble-ui frontend image. | +| hubble.ui.frontend.image | object | `{"digest":"sha256:7d663dc16538dd6e29061abd1047013a645e6e69c115e008bee9ea9fef9a6666","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-ui","tag":"v0.13.0","useDigest":true}` | Hubble-ui frontend image. | | hubble.ui.frontend.resources | object | `{}` | Resource requests and limits for the 'frontend' container of the 'hubble-ui' deployment. | | hubble.ui.frontend.securityContext | object | `{}` | Hubble-ui frontend security context. | | hubble.ui.frontend.server.ipv6 | object | `{"enabled":true}` | Controls server listener for ipv6 | @@ -550,7 +558,7 @@ contributors across the globe, there is almost always someone available to help. | hubble.ui.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":1},"type":"RollingUpdate"}` | hubble-ui update strategy. | | identityAllocationMode | string | `"crd"` | Method to use for identity allocation (`crd` or `kvstore`). | | identityChangeGracePeriod | string | `"5s"` | Time to wait before using new identity on endpoint identity change. | -| image | object | `{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.15.0-pre.3","useDigest":false}` | Agent container image. | +| image | object | `{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.15.5","useDigest":false}` | Agent container image. | | imagePullSecrets | string | `nil` | Configure image pull secrets for pulling container images | | ingressController.default | bool | `false` | Set cilium ingress controller to be the default ingress controller This will let cilium ingress controller route entries without ingress class set | | ingressController.defaultSecretName | string | `nil` | Default secret name for ingresses without .spec.tls[].secretName set. | @@ -574,6 +582,7 @@ contributors across the globe, there is almost always someone available to help. | ingressController.service.name | string | `"cilium-ingress"` | Service name | | ingressController.service.secureNodePort | string | `nil` | Configure a specific nodePort for secure HTTPS traffic on the shared LB service | | ingressController.service.type | string | `"LoadBalancer"` | Service type for the shared LB service | +| initResources | object | `{}` | resources & limits for the agent init containers | | installNoConntrackIptablesRules | bool | `false` | Install Iptables rules to skip netfilter connection tracking on all pod traffic. This option is only effective when Cilium is running in direct routing and full KPR mode. Moreover, this option cannot be enabled when Cilium is running in a managed Kubernetes environment or in a chained CNI setup. | | ipMasqAgent | object | `{"enabled":false}` | Configure the eBPF-based ip-masq-agent | | ipam.ciliumNodeUpdateRate | string | `"15s"` | Maximum rate at which the CiliumNode custom resource is updated. | @@ -638,10 +647,12 @@ contributors across the globe, there is almost always someone available to help. | nodeinit.extraEnv | list | `[]` | Additional nodeinit environment variables. | | nodeinit.extraVolumeMounts | list | `[]` | Additional nodeinit volumeMounts. | | nodeinit.extraVolumes | list | `[]` | Additional nodeinit volumes. | -| nodeinit.image | object | `{"override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/startup-script","tag":"62093c5c233ea914bfa26a10ba41f8780d9b737f"}` | node-init image. | +| nodeinit.image | object | `{"digest":"sha256:820155cb3b7f00c8d61c1cffa68c44440906cb046bdbad8ff544f5deb1103456","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/startup-script","tag":"19fb149fb3d5c7a37d3edfaf10a2be3ab7386661","useDigest":true}` | node-init image. | | nodeinit.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for nodeinit pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | nodeinit.podAnnotations | object | `{}` | Annotations to be added to node-init pods. | | nodeinit.podLabels | object | `{}` | Labels to be added to node-init pods. | +| nodeinit.podSecurityContext | object | `{"appArmorProfile":{"type":"Unconfined"}}` | Security Context for cilium-node-init pods. | +| nodeinit.podSecurityContext.appArmorProfile | object | `{"type":"Unconfined"}` | AppArmorProfile options for the `cilium-node-init` and init containers | | nodeinit.prestop | object | `{"postScript":"","preScript":""}` | prestop offers way to customize prestop nodeinit script (pre and post position) | | nodeinit.priorityClassName | string | `""` | The priority class to use for the nodeinit pod. | | nodeinit.resources | object | `{"requests":{"cpu":"100m","memory":"100Mi"}}` | nodeinit resource limits & requests ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | @@ -662,7 +673,7 @@ contributors across the globe, there is almost always someone available to help. | operator.extraVolumes | list | `[]` | Additional cilium-operator volumes. | | operator.identityGCInterval | string | `"15m0s"` | Interval for identity garbage collection. | | operator.identityHeartbeatTimeout | string | `"30m0s"` | Timeout for identity heartbeats. | -| operator.image | object | `{"alibabacloudDigest":"","awsDigest":"","azureDigest":"","genericDigest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.15.0-pre.3","useDigest":false}` | cilium-operator image. | +| operator.image | object | `{"alibabacloudDigest":"","awsDigest":"","azureDigest":"","genericDigest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.15.5","useDigest":false}` | cilium-operator image. | | operator.nodeGCInterval | string | `"5m0s"` | Interval for cilium node garbage collection. | | operator.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for cilium-operator pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | operator.podAnnotations | object | `{}` | Annotations to be added to cilium-operator pods | @@ -700,7 +711,8 @@ contributors across the globe, there is almost always someone available to help. | pmtuDiscovery.enabled | bool | `false` | Enable path MTU discovery to send ICMP fragmentation-needed replies to the client. | | podAnnotations | object | `{}` | Annotations to be added to agent pods | | podLabels | object | `{}` | Labels to be added to agent pods | -| podSecurityContext | object | `{}` | Security Context for cilium-agent pods. | +| podSecurityContext | object | `{"appArmorProfile":{"type":"Unconfined"}}` | Security Context for cilium-agent pods. | +| podSecurityContext.appArmorProfile | object | `{"type":"Unconfined"}` | AppArmorProfile options for the `cilium-agent` and init containers | | policyCIDRMatchMode | string | `nil` | policyCIDRMatchMode is a list of entities that may be selected by CIDR selector. The possible value is "nodes". | | policyEnforcementMode | string | `"default"` | The agent can be put into one of the three policy enforcement modes: default, always and never. ref: https://docs.cilium.io/en/stable/security/policy/intro/#policy-enforcement-modes | | pprof.address | string | `"localhost"` | Configure pprof listen address for cilium-agent | @@ -712,7 +724,7 @@ contributors across the globe, there is almost always someone available to help. | preflight.extraEnv | list | `[]` | Additional preflight environment variables. | | preflight.extraVolumeMounts | list | `[]` | Additional preflight volumeMounts. | | preflight.extraVolumes | list | `[]` | Additional preflight volumes. | -| preflight.image | object | `{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.15.0-pre.3","useDigest":false}` | Cilium pre-flight image. | +| preflight.image | object | `{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.15.5","useDigest":false}` | Cilium pre-flight image. | | preflight.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for preflight pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | preflight.podAnnotations | object | `{}` | Annotations to be added to preflight pods | | preflight.podDisruptionBudget.enabled | bool | `false` | enable PodDisruptionBudget ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ | @@ -747,7 +759,7 @@ contributors across the globe, there is almost always someone available to help. | rbac.create | bool | `true` | Enable creation of Resource-Based Access Control configuration. | | readinessProbe.failureThreshold | int | `3` | failure threshold of readiness probe | | readinessProbe.periodSeconds | int | `30` | interval between checks of the readiness probe | -| remoteNodeIdentity | bool | `true` | Enable use of the remote node identity. ref: https://docs.cilium.io/en/v1.7/install/upgrade/#configmap-remote-node-identity | +| remoteNodeIdentity | bool | `true` | Enable use of the remote node identity. ref: https://docs.cilium.io/en/v1.7/install/upgrade/#configmap-remote-node-identity Deprecated without replacement in 1.15. To be removed in 1.16. | | resourceQuotas | object | `{"cilium":{"hard":{"pods":"10k"}},"enabled":false,"operator":{"hard":{"pods":"15"}}}` | Enable resource quotas for priority classes used in the cluster. | | resources | object | `{}` | Agent resource limits & requests ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | | rollOutCiliumPods | bool | `false` | Roll out cilium agent pods automatically when configmap is updated. | diff --git a/internal/constellation/helm/charts/cilium/files/agent/poststart-eni.bash b/internal/constellation/helm/charts/cilium/files/agent/poststart-eni.bash index 66fccf457..a57d89682 100644 --- a/internal/constellation/helm/charts/cilium/files/agent/poststart-eni.bash +++ b/internal/constellation/helm/charts/cilium/files/agent/poststart-eni.bash @@ -11,9 +11,9 @@ set -o nounset # dependencies on anything that is part of the startup script # itself, and can be safely run multiple times per node (e.g. in # case of a restart). -if [[ "$(iptables-save | grep -c 'AWS-SNAT-CHAIN|AWS-CONNMARK-CHAIN')" != "0" ]]; +if [[ "$(iptables-save | grep -E -c 'AWS-SNAT-CHAIN|AWS-CONNMARK-CHAIN')" != "0" ]]; then echo 'Deleting iptables rules created by the AWS CNI VPC plugin' - iptables-save | grep -v 'AWS-SNAT-CHAIN|AWS-CONNMARK-CHAIN' | iptables-restore + iptables-save | grep -E -v 'AWS-SNAT-CHAIN|AWS-CONNMARK-CHAIN' | iptables-restore fi echo 'Done!' diff --git a/internal/constellation/helm/charts/cilium/files/cilium-agent/dashboards/cilium-dashboard.json b/internal/constellation/helm/charts/cilium/files/cilium-agent/dashboards/cilium-dashboard.json index 992c8524a..94af2eac3 100644 --- a/internal/constellation/helm/charts/cilium/files/cilium-agent/dashboards/cilium-dashboard.json +++ b/internal/constellation/helm/charts/cilium/files/cilium-agent/dashboards/cilium-dashboard.json @@ -5823,7 +5823,7 @@ "refId": "C" }, { - "expr": "sum(cilium_policy_change_total{k8s_app=\"cilium\", pod=~\"$pod\"}, outcome=\"fail\") by (pod)", + "expr": "sum(cilium_policy_change_total{k8s_app=\"cilium\", pod=~\"$pod\", outcome=\"fail\"}) by (pod)", "format": "time_series", "intervalFactor": 1, "legendFormat": "policy change errors", diff --git a/internal/constellation/helm/charts/cilium/files/nodeinit/startup.bash b/internal/constellation/helm/charts/cilium/files/nodeinit/startup.bash index 975b71fa7..aaaba0925 100644 --- a/internal/constellation/helm/charts/cilium/files/nodeinit/startup.bash +++ b/internal/constellation/helm/charts/cilium/files/nodeinit/startup.bash @@ -100,7 +100,7 @@ then # Since that version containerd no longer allows missing configuration for the CNI, # not even for pods with hostNetwork set to true. Thus, we add a temporary one. # This will be replaced with the real config by the agent pod. - echo -e "{\n\t"cniVersion": "0.3.1",\n\t"name": "cilium",\n\t"type": "cilium-cni"\n}" > /etc/cni/net.d/05-cilium.conf + echo -e '{\n\t"cniVersion": "0.3.1",\n\t"name": "cilium",\n\t"type": "cilium-cni"\n}' > /etc/cni/net.d/05-cilium.conf fi # Start containerd. It won't create it's CNI configuration file anymore. diff --git a/internal/constellation/helm/charts/cilium/templates/cilium-agent/daemonset.yaml b/internal/constellation/helm/charts/cilium/templates/cilium-agent/daemonset.yaml index d63395f8a..ffd5935ba 100644 --- a/internal/constellation/helm/charts/cilium/templates/cilium-agent/daemonset.yaml +++ b/internal/constellation/helm/charts/cilium/templates/cilium-agent/daemonset.yaml @@ -53,6 +53,7 @@ spec: cilium.io/cilium-configmap-checksum: {{ include (print $.Template.BasePath "/cilium-configmap.yaml") . | sha256sum | quote }} {{- end }} {{- if not .Values.securityContext.privileged }} + {{- if semverCompare "<1.30.0" (printf "%d.%d.0" (semver .Capabilities.KubeVersion.Version).Major (semver .Capabilities.KubeVersion.Version).Minor) }} # Set app AppArmor's profile to "unconfined". The value of this annotation # can be modified as long users know which profiles they have available # in AppArmor. @@ -63,6 +64,7 @@ spec: container.apparmor.security.beta.kubernetes.io/apply-sysctl-overwrites: "unconfined" {{- end }} {{- end }} + {{- end }} {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} @@ -81,6 +83,11 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- /* K8s version lower than 1.30.0 don't support the "appArmorProfile" field, */}} + {{- /* thus we have to remove it. */}} + {{- if semverCompare "<1.30.0" (printf "%d.%d.0" (semver .Capabilities.KubeVersion.Version).Major (semver .Capabilities.KubeVersion.Version).Minor) }} + {{- $_ := unset .Values.podSecurityContext "appArmorProfile" }} + {{- end }} {{- with .Values.podSecurityContext }} securityContext: {{- toYaml . | nindent 8 }} @@ -201,6 +208,7 @@ spec: valueFrom: resourceFieldRef: resource: limits.memory + divisor: '1' {{- if .Values.k8sServiceHost }} - name: KUBERNETES_SERVICE_HOST value: {{ .Values.k8sServiceHost | quote }} @@ -405,6 +413,9 @@ spec: volumeMounts: - name: cilium-run mountPath: /var/run/cilium + {{- with .Values.extraVolumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.monitor.resources }} resources: {{- toYaml . | trim | nindent 10 }} @@ -429,6 +440,9 @@ spec: {{- if (not (kindIs "invalid" .Values.daemon.blockedConfigOverrides)) }} - "--deny-config-keys={{.Values.daemon.blockedConfigOverrides}}" {{- end }} + {{- if .Values.kubeConfigPath }} + - "--k8s-kubeconfig-path={{ .Values.kubeConfigPath }}" + {{- end }} env: - name: K8S_NODE_NAME valueFrom: @@ -454,6 +468,14 @@ spec: volumeMounts: - name: tmp mountPath: /tmp + {{- if .Values.kubeConfigPath }} + - name: kube-config + mountPath: {{ .Values.kubeConfigPath }} + readOnly: true + {{- end }} + {{- with .Values.extraVolumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} terminationMessagePolicy: FallbackToLogsOnError {{- if .Values.cgroup.autoMount.enabled }} # Required to mount cgroup2 filesystem on the underlying Kubernetes node. @@ -507,6 +529,10 @@ spec: - name: apply-sysctl-overwrites image: {{ include "cilium.image" .Values.image | quote }} imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- with .Values.initResources }} + resources: + {{- toYaml . | trim | nindent 10 }} + {{- end }} env: - name: BIN_PATH value: {{ .Values.cni.binPath }} @@ -552,6 +578,10 @@ spec: - name: mount-bpf-fs image: {{ include "cilium.image" .Values.image | quote }} imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- with .Values.initResources }} + resources: + {{- toYaml . | trim | nindent 10 }} + {{- end }} args: - 'mount | grep "/sys/fs/bpf type bpf" || mount -t bpf bpf /sys/fs/bpf' command: @@ -573,6 +603,10 @@ spec: - name: wait-for-node-init image: {{ include "cilium.image" .Values.image | quote }} imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- with .Values.initResources }} + resources: + {{- toYaml . | trim | nindent 10 }} + {{- end }} command: - sh - -c @@ -650,14 +684,21 @@ spec: mountPropagation: HostToContainer - name: cilium-run mountPath: /var/run/cilium - {{- with .Values.nodeinit.resources }} + {{- with .Values.extraVolumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.initResources }} resources: {{- toYaml . | trim | nindent 10 }} {{- end }} - {{- if and .Values.waitForKubeProxy (and (ne $kubeProxyReplacement "strict") (ne $kubeProxyReplacement "true")) }} + {{- if and .Values.waitForKubeProxy (and (ne (toString $kubeProxyReplacement) "strict") (ne (toString $kubeProxyReplacement) "true")) }} - name: wait-for-kube-proxy image: {{ include "cilium.image" .Values.image | quote }} imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- with .Values.initResources }} + resources: + {{- toYaml . | trim | nindent 10 }} + {{- end }} securityContext: privileged: true command: diff --git a/internal/constellation/helm/charts/cilium/templates/cilium-agent/servicemonitor.yaml b/internal/constellation/helm/charts/cilium/templates/cilium-agent/servicemonitor.yaml index d7c5e5e3c..c2ffa66c2 100644 --- a/internal/constellation/helm/charts/cilium/templates/cilium-agent/servicemonitor.yaml +++ b/internal/constellation/helm/charts/cilium/templates/cilium-agent/servicemonitor.yaml @@ -39,6 +39,20 @@ spec: metricRelabelings: {{- toYaml . | nindent 4 }} {{- end }} + {{- if .Values.envoy.prometheus.serviceMonitor.enabled }} + - port: envoy-metrics + interval: {{ .Values.envoy.prometheus.serviceMonitor.interval | quote }} + honorLabels: true + path: /metrics + {{- with .Values.envoy.prometheus.serviceMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.envoy.prometheus.serviceMonitor.metricRelabelings }} + metricRelabelings: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} targetLabels: - k8s-app {{- if .Values.prometheus.serviceMonitor.jobLabel }} diff --git a/internal/constellation/helm/charts/cilium/templates/cilium-configmap.yaml b/internal/constellation/helm/charts/cilium/templates/cilium-configmap.yaml index b67e50392..273673053 100644 --- a/internal/constellation/helm/charts/cilium/templates/cilium-configmap.yaml +++ b/internal/constellation/helm/charts/cilium/templates/cilium-configmap.yaml @@ -14,6 +14,7 @@ {{- $azureUsePrimaryAddress := "true" -}} {{- $defaultK8sClientQPS := 5 -}} {{- $defaultK8sClientBurst := 10 -}} +{{- $defaultDNSProxyEnableTransparentMode := "false" -}} {{- /* Default values when 1.8 was initially deployed */ -}} {{- if semverCompare ">=1.8" (default "1.8" .Values.upgradeCompatibility) -}} @@ -48,6 +49,7 @@ {{- $azureUsePrimaryAddress = "false" -}} {{- end }} {{- $defaultKubeProxyReplacement = "disabled" -}} + {{- $defaultDNSProxyEnableTransparentMode = "true" -}} {{- end -}} {{- /* Default values when 1.14 was initially deployed */ -}} @@ -364,6 +366,11 @@ data: enable-host-legacy-routing: "true" {{- end }} +{{- if .Values.bpf.nodeMapMax }} + # node-map-max specifies the maximum number of entries for the node map. + bpf-node-map-max: {{ .Values.bpf.nodeMapMax | quote }} +{{- end }} + {{- if .Values.bpf.authMapMax }} # bpf-auth-map-max specifies the maximum number of entries in the auth map bpf-auth-map-max: {{ .Values.bpf.authMapMax | quote }} @@ -448,9 +455,15 @@ data: # - vxlan (default) # - geneve {{- if .Values.gke.enabled }} + {{- if ne (.Values.routingMode | default "native") "native" }} + {{- fail (printf "RoutingMode must be set to native when gke.enabled=true" )}} + {{- end }} routing-mode: "native" enable-endpoint-routes: "true" {{- else if .Values.aksbyocni.enabled }} + {{- if ne (.Values.routingMode | default "tunnel") "tunnel" }} + {{- fail (printf "RoutingMode must be set to tunnel when aksbyocni.enabled=true" )}} + {{- end }} routing-mode: "tunnel" tunnel-protocol: "vxlan" {{- else if .Values.routingMode }} @@ -1153,6 +1166,13 @@ data: {{- end }} {{- if .Values.dnsProxy }} + {{- if hasKey .Values.dnsProxy "enableTransparentMode" }} + # explicit setting gets precedence + dnsproxy-enable-transparent-mode: {{ .Values.dnsProxy.enableTransparentMode | quote }} + {{- else if eq $cniChainingMode "none" }} + # default DNS proxy to transparent mode in non-chaining modes + dnsproxy-enable-transparent-mode: {{ $defaultDNSProxyEnableTransparentMode | quote }} + {{- end }} {{- if .Values.dnsProxy.dnsRejectResponseCode }} tofqdns-dns-reject-response-code: {{ .Values.dnsProxy.dnsRejectResponseCode | quote }} {{- end }} @@ -1206,9 +1226,12 @@ data: mesh-auth-spiffe-trust-domain: {{ .Values.authentication.mutual.spire.trustDomain | quote }} {{- end }} + proxy-xff-num-trusted-hops-ingress: {{ .Values.envoy.xffNumTrustedHopsL7PolicyIngress | quote }} + proxy-xff-num-trusted-hops-egress: {{ .Values.envoy.xffNumTrustedHopsL7PolicyEgress | quote }} proxy-connect-timeout: {{ .Values.envoy.connectTimeoutSeconds | quote }} proxy-max-requests-per-connection: {{ .Values.envoy.maxRequestsPerConnection | quote }} proxy-max-connection-duration-seconds: {{ .Values.envoy.maxConnectionDurationSeconds | quote }} + proxy-idle-timeout-seconds: {{ .Values.envoy.idleTimeoutDurationSeconds | quote }} external-envoy-proxy: {{ .Values.envoy.enabled | quote }} diff --git a/internal/constellation/helm/charts/cilium/templates/cilium-envoy/daemonset.yaml b/internal/constellation/helm/charts/cilium/templates/cilium-envoy/daemonset.yaml index baec799ec..30b9af0f8 100644 --- a/internal/constellation/helm/charts/cilium/templates/cilium-envoy/daemonset.yaml +++ b/internal/constellation/helm/charts/cilium/templates/cilium-envoy/daemonset.yaml @@ -35,11 +35,13 @@ spec: cilium.io/cilium-envoy-configmap-checksum: {{ include (print $.Template.BasePath "/cilium-envoy/configmap.yaml") . | sha256sum | quote }} {{- end }} {{- if not .Values.envoy.securityContext.privileged }} + {{- if semverCompare "<1.30.0" (printf "%d.%d.0" (semver .Capabilities.KubeVersion.Version).Major (semver .Capabilities.KubeVersion.Version).Minor) }} # Set app AppArmor's profile to "unconfined". The value of this annotation # can be modified as long users know which profiles they have available # in AppArmor. container.apparmor.security.beta.kubernetes.io/cilium-envoy: "unconfined" {{- end }} + {{- end }} {{- with .Values.envoy.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} @@ -56,6 +58,11 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- /* K8s version lower than 1.30.0 don't support the "appArmorProfile" field, */}} + {{- /* thus we have to remove it. */}} + {{- if semverCompare "<1.30.0" (printf "%d.%d.0" (semver .Capabilities.KubeVersion.Version).Major (semver .Capabilities.KubeVersion.Version).Minor) }} + {{- $_ := unset .Values.envoy.podSecurityContext "appArmorProfile" }} + {{- end }} {{- with .Values.envoy.podSecurityContext }} securityContext: {{- toYaml . | nindent 8 }} @@ -86,7 +93,7 @@ spec: {{- if semverCompare ">=1.20-0" .Capabilities.KubeVersion.Version }} startupProbe: httpGet: - host: "localhost" + host: {{ .Values.ipv4.enabled | ternary "127.0.0.1" "::1" | quote }} path: /healthz port: {{ .Values.envoy.healthPort }} scheme: HTTP @@ -97,7 +104,7 @@ spec: {{- end }} livenessProbe: httpGet: - host: "localhost" + host: {{ .Values.ipv4.enabled | ternary "127.0.0.1" "::1" | quote }} path: /healthz port: {{ .Values.envoy.healthPort }} scheme: HTTP @@ -115,7 +122,7 @@ spec: timeoutSeconds: 5 readinessProbe: httpGet: - host: "localhost" + host: {{ .Values.ipv4.enabled | ternary "127.0.0.1" "::1" | quote }} path: /healthz port: {{ .Values.envoy.healthPort }} scheme: HTTP diff --git a/internal/constellation/helm/charts/cilium/templates/cilium-envoy/servicemonitor.yaml b/internal/constellation/helm/charts/cilium/templates/cilium-envoy/servicemonitor.yaml index 3d6b745e3..10f84d82b 100644 --- a/internal/constellation/helm/charts/cilium/templates/cilium-envoy/servicemonitor.yaml +++ b/internal/constellation/helm/charts/cilium/templates/cilium-envoy/servicemonitor.yaml @@ -7,15 +7,16 @@ metadata: namespace: {{ .Values.envoy.prometheus.serviceMonitor.namespace | default .Release.Namespace }} labels: app.kubernetes.io/part-of: cilium + app.kubernetes.io/name: cilium-envoy {{- with .Values.envoy.prometheus.serviceMonitor.labels }} {{- toYaml . | nindent 4 }} {{- end }} - {{- if or .Values.envoy.prometheus.serviceMonitor .Values.envoy.annotations }} + {{- if or .Values.envoy.prometheus.serviceMonitor.annotations .Values.envoy.annotations }} annotations: {{- with .Values.envoy.annotations }} {{- toYaml . | nindent 4 }} {{- end }} - {{- with .Values.envoy.prometheus.serviceMonitor }} + {{- with .Values.envoy.prometheus.serviceMonitor.annotations }} {{- toYaml . | nindent 4 }} {{- end }} {{- end }} diff --git a/internal/constellation/helm/charts/cilium/templates/cilium-nodeinit/daemonset.yaml b/internal/constellation/helm/charts/cilium/templates/cilium-nodeinit/daemonset.yaml index 76f1a20d2..3ed09268a 100644 --- a/internal/constellation/helm/charts/cilium/templates/cilium-nodeinit/daemonset.yaml +++ b/internal/constellation/helm/charts/cilium/templates/cilium-nodeinit/daemonset.yaml @@ -28,11 +28,13 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} {{- if not .Values.securityContext.privileged }} + {{- if semverCompare "<1.30.0" (printf "%d.%d.0" (semver .Capabilities.KubeVersion.Version).Major (semver .Capabilities.KubeVersion.Version).Minor) }} # Set app AppArmor's profile to "unconfined". The value of this annotation # can be modified as long users know which profiles they have available # in AppArmor. container.apparmor.security.beta.kubernetes.io/node-init: "unconfined" {{- end }} + {{- end }} labels: app: cilium-node-init app.kubernetes.io/part-of: cilium @@ -45,6 +47,15 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- /* K8s version lower than 1.30.0 don't support the "appArmorProfile" field, */}} + {{- /* thus we have to remove it. */}} + {{- if semverCompare "<1.30.0" (printf "%d.%d.0" (semver .Capabilities.KubeVersion.Version).Major (semver .Capabilities.KubeVersion.Version).Minor) }} + {{- $_ := unset .Values.nodeinit.podSecurityContext "appArmorProfile" }} + {{- end }} + {{- with .Values.nodeinit.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: node-init image: {{ include "cilium.image" .Values.nodeinit.image | quote }} diff --git a/internal/constellation/helm/charts/cilium/templates/cilium-preflight/daemonset.yaml b/internal/constellation/helm/charts/cilium/templates/cilium-preflight/daemonset.yaml index bc13be432..bafd27007 100644 --- a/internal/constellation/helm/charts/cilium/templates/cilium-preflight/daemonset.yaml +++ b/internal/constellation/helm/charts/cilium/templates/cilium-preflight/daemonset.yaml @@ -70,8 +70,13 @@ spec: - /tmp/ready initialDelaySeconds: 5 periodSeconds: 5 - {{- with .Values.preflight.extraEnv }} env: + - name: K8S_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + {{- with .Values.preflight.extraEnv }} {{- toYaml . | trim | nindent 12 }} {{- end }} volumeMounts: diff --git a/internal/constellation/helm/charts/cilium/templates/cilium-preflight/deployment.yaml b/internal/constellation/helm/charts/cilium/templates/cilium-preflight/deployment.yaml index efd923b2d..af0a31baa 100644 --- a/internal/constellation/helm/charts/cilium/templates/cilium-preflight/deployment.yaml +++ b/internal/constellation/helm/charts/cilium/templates/cilium-preflight/deployment.yaml @@ -60,6 +60,10 @@ spec: - /tmp/ready-validate-cnp initialDelaySeconds: 5 periodSeconds: 5 + {{- with .Values.preflight.extraVolumeMounts }} + volumeMounts: + {{- toYaml . | nindent 10 }} + {{- end }} env: {{- if .Values.k8sServiceHost }} - name: KUBERNETES_SERVICE_HOST @@ -77,11 +81,16 @@ spec: {{- toYaml . | trim | nindent 12 }} {{- end }} terminationMessagePolicy: FallbackToLogsOnError + {{- with .Values.preflight.extraVolumes }} + volumes: + {{- toYaml . | trim | nindent 6 }} + {{- end }} hostNetwork: true restartPolicy: Always priorityClassName: {{ include "cilium.priorityClass" (list $ .Values.preflight.priorityClassName "system-cluster-critical") }} serviceAccount: {{ .Values.serviceAccounts.preflight.name | quote }} serviceAccountName: {{ .Values.serviceAccounts.preflight.name | quote }} + automountServiceAccountToken: {{ .Values.serviceAccounts.preflight.automount }} terminationGracePeriodSeconds: {{ .Values.preflight.terminationGracePeriodSeconds }} {{- with .Values.preflight.affinity }} affinity: diff --git a/internal/constellation/helm/charts/cilium/templates/clustermesh-apiserver/deployment.yaml b/internal/constellation/helm/charts/cilium/templates/clustermesh-apiserver/deployment.yaml index a1d7a6df5..6c5e6c3ec 100644 --- a/internal/constellation/helm/charts/cilium/templates/clustermesh-apiserver/deployment.yaml +++ b/internal/constellation/helm/charts/cilium/templates/clustermesh-apiserver/deployment.yaml @@ -59,7 +59,7 @@ spec: {{- end }} # These need to match the equivalent arguments to etcd in the main container. - --etcd-cluster-name=clustermesh-apiserver - - --etcd-initial-cluster-token=clustermesh-apiserver + - --etcd-initial-cluster-token=$(INITIAL_CLUSTER_TOKEN) - --etcd-data-dir=/var/run/etcd {{- with .Values.clustermesh.apiserver.etcd.init.extraArgs }} {{- toYaml . | trim | nindent 8 }} @@ -76,12 +76,23 @@ spec: configMapKeyRef: name: cilium-config key: cluster-name + - name: INITIAL_CLUSTER_TOKEN + valueFrom: + fieldRef: + fieldPath: metadata.uid {{- with .Values.clustermesh.apiserver.etcd.init.extraEnv }} {{- toYaml . | trim | nindent 8 }} {{- end }} + {{- with .Values.clustermesh.apiserver.etcd.securityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} volumeMounts: - name: etcd-data-dir mountPath: /var/run/etcd + {{- with .Values.clustermesh.apiserver.extraVolumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} terminationMessagePolicy: FallbackToLogsOnError {{- with .Values.clustermesh.apiserver.etcd.init.resources }} resources: @@ -105,7 +116,7 @@ spec: # uses net.SplitHostPort() internally and it accepts the that format. - --listen-client-urls=https://127.0.0.1:2379,https://[$(HOSTNAME_IP)]:2379 - --advertise-client-urls=https://[$(HOSTNAME_IP)]:2379 - - --initial-cluster-token=clustermesh-apiserver + - --initial-cluster-token=$(INITIAL_CLUSTER_TOKEN) - --auto-compaction-retention=1 {{- if .Values.clustermesh.apiserver.metrics.etcd.enabled }} - --listen-metrics-urls=http://[$(HOSTNAME_IP)]:{{ .Values.clustermesh.apiserver.metrics.etcd.port }} @@ -118,6 +129,10 @@ spec: valueFrom: fieldRef: fieldPath: status.podIP + - name: INITIAL_CLUSTER_TOKEN + valueFrom: + fieldRef: + fieldPath: metadata.uid ports: - name: etcd containerPort: 2379 @@ -133,6 +148,9 @@ spec: readOnly: true - name: etcd-data-dir mountPath: /var/run/etcd + {{- with .Values.clustermesh.apiserver.extraVolumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} terminationMessagePolicy: FallbackToLogsOnError {{- with .Values.clustermesh.apiserver.etcd.resources }} resources: diff --git a/internal/constellation/helm/charts/cilium/templates/hubble-relay/deployment.yaml b/internal/constellation/helm/charts/cilium/templates/hubble-relay/deployment.yaml index 14d6c62c6..52b9eba5c 100644 --- a/internal/constellation/helm/charts/cilium/templates/hubble-relay/deployment.yaml +++ b/internal/constellation/helm/charts/cilium/templates/hubble-relay/deployment.yaml @@ -108,6 +108,9 @@ spec: mountPath: /var/lib/hubble-relay/tls readOnly: true {{- end }} + {{- with .Values.hubble.relay.extraVolumeMounts }} + {{- toYaml . | nindent 10 }} + {{- end }} terminationMessagePolicy: FallbackToLogsOnError restartPolicy: Always priorityClassName: {{ .Values.hubble.relay.priorityClassName }} @@ -178,6 +181,9 @@ spec: path: server.key {{- end }} {{- end }} + {{- with .Values.hubble.relay.extraVolumes }} + {{- toYaml . | nindent 6 }} + {{- end }} {{- end }} {{- define "hubble-relay.probe" }} diff --git a/internal/constellation/helm/charts/cilium/templates/spire/agent/daemonset.yaml b/internal/constellation/helm/charts/cilium/templates/spire/agent/daemonset.yaml index f515a9ac9..6c0bffe78 100644 --- a/internal/constellation/helm/charts/cilium/templates/spire/agent/daemonset.yaml +++ b/internal/constellation/helm/charts/cilium/templates/spire/agent/daemonset.yaml @@ -99,10 +99,12 @@ spec: nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.authentication.mutual.spire.install.agent.tolerations }} tolerations: - {{- toYaml . | trim | nindent 8 }} - {{- end }} + {{- with .Values.authentication.mutual.spire.install.agent.tolerations }} + {{- toYaml . | trim | nindent 8 }} + {{- end }} + - key: {{ .Values.agentNotReadyTaintKey | default "node.cilium.io/agent-not-ready" }} + effect: NoSchedule volumes: - name: spire-config configMap: diff --git a/internal/constellation/helm/charts/cilium/templates/spire/namespace.yaml b/internal/constellation/helm/charts/cilium/templates/spire/namespace.yaml index 1c281f4f7..ccd386808 100644 --- a/internal/constellation/helm/charts/cilium/templates/spire/namespace.yaml +++ b/internal/constellation/helm/charts/cilium/templates/spire/namespace.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.authentication.mutual.spire.enabled .Values.authentication.mutual.spire.install.enabled -}} +{{- if and .Values.authentication.mutual.spire.enabled .Values.authentication.mutual.spire.install.enabled (not .Values.authentication.mutual.spire.install.existingNamespace) -}} apiVersion: v1 kind: Namespace metadata: diff --git a/internal/constellation/helm/charts/cilium/values.yaml b/internal/constellation/helm/charts/cilium/values.yaml index 712d981a7..9b42fc187 100644 --- a/internal/constellation/helm/charts/cilium/values.yaml +++ b/internal/constellation/helm/charts/cilium/values.yaml @@ -146,7 +146,7 @@ rollOutCiliumPods: false image: override: ~ repository: "quay.io/cilium/cilium" - tag: "v1.15.0-pre.3" + tag: "v1.15.5" pullPolicy: "IfNotPresent" # cilium-digest digest: "" @@ -218,8 +218,10 @@ extraConfig: {} annotations: {} # -- Security Context for cilium-agent pods. -podSecurityContext: {} - +podSecurityContext: + # -- AppArmorProfile options for the `cilium-agent` and init containers + appArmorProfile: + type: "Unconfined" # -- Annotations to be added to agent pods podAnnotations: {} @@ -236,6 +238,9 @@ resources: {} # cpu: 100m # memory: 512Mi +# -- resources & limits for the agent init containers +initResources: {} + securityContext: # -- User to run the pod with # runAsUser: 0 @@ -465,7 +470,17 @@ bpf: # @default -- `524288` neighMax: ~ + # @schema + # type: [null, integer] + # @schema + # @default -- `16384` + # -- (int) Configures the maximum number of entries for the node table. + nodeMapMax: ~ + # -- Configure the maximum number of entries in endpoint policy map (per endpoint). + # @schema + # type: [null, integer] + # @schema policyMapMax: 16384 # -- (float64) Configure auto-sizing for all BPF maps based on available memory. @@ -966,8 +981,8 @@ certgen: image: override: ~ repository: "quay.io/cilium/certgen" - tag: "v0.1.9" - digest: "sha256:89a0847753686444daabde9474b48340993bd19c7bea66a46e45b2974b82041f" + tag: "v0.1.12" + digest: "sha256:bbc5e65e9dc65bc6b58967fe536b7f3b54e12332908aeb0a96a36866b4372b4e" useDigest: true pullPolicy: "IfNotPresent" # -- Seconds after which the completed job pod will be deleted @@ -1225,7 +1240,7 @@ hubble: image: override: ~ repository: "quay.io/cilium/hubble-relay" - tag: "v1.15.0-pre.3" + tag: "v1.15.5" # hubble-relay-digest digest: "" useDigest: false @@ -1296,6 +1311,12 @@ hubble: rollingUpdate: maxUnavailable: 1 + # -- Additional hubble-relay volumes. + extraVolumes: [] + + # -- Additional hubble-relay volumeMounts. + extraVolumeMounts: [] + # -- hubble-relay pod security context podSecurityContext: fsGroup: 65532 @@ -1456,8 +1477,8 @@ hubble: image: override: ~ repository: "quay.io/cilium/hubble-ui-backend" - tag: "v0.12.1" - digest: "sha256:1f86f3400827a0451e6332262467f894eeb7caf0eb8779bd951e2caa9d027cbe" + tag: "v0.13.0" + digest: "sha256:1e7657d997c5a48253bb8dc91ecee75b63018d16ff5e5797e5af367336bc8803" useDigest: true pullPolicy: "IfNotPresent" @@ -1495,8 +1516,8 @@ hubble: image: override: ~ repository: "quay.io/cilium/hubble-ui" - tag: "v0.12.1" - digest: "sha256:9e5f81ee747866480ea1ac4630eb6975ff9227f9782b7c93919c081c33f38267" + tag: "v0.13.0" + digest: "sha256:7d663dc16538dd6e29061abd1047013a645e6e69c115e008bee9ea9fef9a6666" useDigest: true pullPolicy: "IfNotPresent" @@ -2054,14 +2075,18 @@ envoy: # -- Set Envoy upstream HTTP idle connection timeout seconds. # Does not apply to connections with pending requests. Default 60s idleTimeoutDurationSeconds: 60 + # -- Number of trusted hops regarding the x-forwarded-for and related HTTP headers for the ingress L7 policy enforcement Envoy listeners. + xffNumTrustedHopsL7PolicyIngress: 0 + # -- Number of trusted hops regarding the x-forwarded-for and related HTTP headers for the egress L7 policy enforcement Envoy listeners. + xffNumTrustedHopsL7PolicyEgress: 0 # -- Envoy container image. image: override: ~ repository: "quay.io/cilium/cilium-envoy" - tag: "v1.27.2-f19708f3d0188fe39b7e024b4525b75a9eeee61f" + tag: "v1.28.3-31ec52ec5f2e4d28a8e19a0bfb872fa48cf7a515" pullPolicy: "IfNotPresent" - digest: "sha256:80de27c1d16ab92923cc0cd1fff90f2e7047a9abf3906fda712268d9cbc5b950" + digest: "sha256:bc8dcc3bc008e3a5aab98edb73a0985e6ef9469bda49d5bb3004c001c995c380" useDigest: true # -- Additional containers added to the cilium Envoy DaemonSet. @@ -2107,8 +2132,10 @@ envoy: annotations: {} # -- Security Context for cilium-envoy pods. - podSecurityContext: {} - + podSecurityContext: + # -- AppArmorProfile options for the `cilium-agent` and init containers + appArmorProfile: + type: "Unconfined" # -- Annotations to be added to envoy pods podAnnotations: {} @@ -2177,7 +2204,20 @@ envoy: labelSelector: matchLabels: k8s-app: cilium-envoy - + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + k8s-app: cilium + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: cilium.io/no-schedule + operator: NotIn + values: + - "true" # -- Node selector for cilium-envoy. nodeSelector: kubernetes.io/os: linux @@ -2198,12 +2238,16 @@ envoy: # Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy dnsPolicy: ~ + # -- Configure Cilium Envoy Prometheus options. + # Note that some of these apply to either cilium-agent or cilium-envoy. prometheus: # -- Enable prometheus metrics for cilium-envoy enabled: true serviceMonitor: # -- Enable service monitors. # This requires the prometheus CRDs to be available (see https://github.com/prometheus-operator/prometheus-operator/blob/main/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml) + # Note that this setting applies to both cilium-envoy _and_ cilium-agent + # with Envoy enabled. enabled: false # -- Labels to add to ServiceMonitor cilium-envoy labels: {} @@ -2215,18 +2259,21 @@ envoy: # service monitors configured. # namespace: "" # -- Relabeling configs for the ServiceMonitor cilium-envoy + # or for cilium-agent with Envoy configured. relabelings: - sourceLabels: - __meta_kubernetes_pod_node_name targetLabel: node replacement: ${1} # -- Metrics relabeling configs for the ServiceMonitor cilium-envoy + # or for cilium-agent with Envoy configured. metricRelabelings: ~ # -- Serve prometheus metrics for cilium-envoy on the configured port port: "9964" # -- Enable use of the remote node identity. # ref: https://docs.cilium.io/en/v1.7/install/upgrade/#configmap-remote-node-identity +# Deprecated without replacement in 1.15. To be removed in 1.16. remoteNodeIdentity: true # -- Enable resource quotas for priority classes used in the cluster. @@ -2460,7 +2507,7 @@ operator: image: override: ~ repository: "quay.io/cilium/operator" - tag: "v1.15.0-pre.3" + tag: "v1.15.5" # operator-generic-digest genericDigest: "" # operator-azure-digest @@ -2663,7 +2710,9 @@ nodeinit: image: override: ~ repository: "quay.io/cilium/startup-script" - tag: "62093c5c233ea914bfa26a10ba41f8780d9b737f" + tag: "19fb149fb3d5c7a37d3edfaf10a2be3ab7386661" + digest: "sha256:820155cb3b7f00c8d61c1cffa68c44440906cb046bdbad8ff544f5deb1103456" + useDigest: true pullPolicy: "IfNotPresent" # -- The priority class to use for the nodeinit pod. @@ -2707,7 +2756,11 @@ nodeinit: # -- Labels to be added to node-init pods. podLabels: {} - + # -- Security Context for cilium-node-init pods. + podSecurityContext: + # -- AppArmorProfile options for the `cilium-node-init` and init containers + appArmorProfile: + type: "Unconfined" # -- nodeinit resource limits & requests # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ resources: @@ -2755,7 +2808,7 @@ preflight: image: override: ~ repository: "quay.io/cilium/cilium" - tag: "v1.15.0-pre.3" + tag: "v1.15.5" # cilium-digest digest: "" useDigest: false @@ -2917,7 +2970,7 @@ clustermesh: image: override: ~ repository: "quay.io/cilium/clustermesh-apiserver" - tag: "v1.15.0-pre.3" + tag: "v1.15.5" # clustermesh-apiserver-digest digest: "" useDigest: false @@ -3310,6 +3363,8 @@ dnsProxy: proxyPort: 0 # -- The maximum time the DNS proxy holds an allowed DNS response before sending it along. Responses are sent as soon as the datapath is updated with the new IP information. proxyResponseMaxDelay: 100ms + # -- DNS proxy operation mode (true/false, or unset to use version dependent defaults) + # enableTransparentMode: true # -- SCTP Configuration Values sctp: @@ -3349,6 +3404,8 @@ authentication: enabled: true # -- SPIRE namespace to install into namespace: cilium-spire + # -- SPIRE namespace already exists. Set to true if Helm should not create, manage, and import the SPIRE namespace. + existingNamespace: false # -- init container image of SPIRE agent and server initImage: override: ~ @@ -3363,8 +3420,8 @@ authentication: image: override: ~ repository: "ghcr.io/spiffe/spire-agent" - tag: "1.8.4" - digest: "sha256:d489bc8470d7a0f292e0e3576c3e7025253343dc798241bcfd9061828e2a6bef" + tag: "1.8.5" + digest: "sha256:99405637647968245ff9fe215f8bd2bd0ea9807be9725f8bf19fe1b21471e52b" useDigest: true pullPolicy: "IfNotPresent" # -- SPIRE agent service account @@ -3378,8 +3435,21 @@ authentication: # -- SPIRE Workload Attestor kubelet verification. skipKubeletVerification: true # -- SPIRE agent tolerations configuration + # By default it follows the same tolerations as the agent itself + # to allow the Cilium agent on this node to connect to SPIRE. # ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ - tolerations: [] + tolerations: + - key: node.kubernetes.io/not-ready + effect: NoSchedule + - key: node-role.kubernetes.io/master + effect: NoSchedule + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule + - key: node.cloudprovider.kubernetes.io/uninitialized + effect: NoSchedule + value: "true" + - key: CriticalAddonsOnly + operator: "Exists" # -- SPIRE agent affinity configuration affinity: {} # -- SPIRE agent nodeSelector configuration @@ -3398,8 +3468,8 @@ authentication: image: override: ~ repository: "ghcr.io/spiffe/spire-server" - tag: "1.8.4" - digest: "sha256:bf79e0a921f8b8aa92602f7ea335616e72f7e91f939848e7ccc52d5bddfe96a1" + tag: "1.8.5" + digest: "sha256:28269265882048dcf0fed32fe47663cd98613727210b8d1a55618826f9bf5428" useDigest: true pullPolicy: "IfNotPresent" # -- SPIRE server service account diff --git a/internal/constellation/helm/charts/cilium/values.yaml.tmpl b/internal/constellation/helm/charts/cilium/values.yaml.tmpl index 2f55aa49a..71fad1e51 100644 --- a/internal/constellation/helm/charts/cilium/values.yaml.tmpl +++ b/internal/constellation/helm/charts/cilium/values.yaml.tmpl @@ -215,8 +215,10 @@ extraConfig: {} annotations: {} # -- Security Context for cilium-agent pods. -podSecurityContext: {} - +podSecurityContext: + # -- AppArmorProfile options for the `cilium-agent` and init containers + appArmorProfile: + type: "Unconfined" # -- Annotations to be added to agent pods podAnnotations: {} @@ -233,6 +235,9 @@ resources: {} # cpu: 100m # memory: 512Mi +# -- resources & limits for the agent init containers +initResources: {} + securityContext: # -- User to run the pod with # runAsUser: 0 @@ -462,7 +467,17 @@ bpf: # @default -- `524288` neighMax: ~ + # @schema + # type: [null, integer] + # @schema + # @default -- `16384` + # -- (int) Configures the maximum number of entries for the node table. + nodeMapMax: ~ + # -- Configure the maximum number of entries in endpoint policy map (per endpoint). + # @schema + # type: [null, integer] + # @schema policyMapMax: 16384 # -- (float64) Configure auto-sizing for all BPF maps based on available memory. @@ -1293,6 +1308,12 @@ hubble: rollingUpdate: maxUnavailable: 1 + # -- Additional hubble-relay volumes. + extraVolumes: [] + + # -- Additional hubble-relay volumeMounts. + extraVolumeMounts: [] + # -- hubble-relay pod security context podSecurityContext: fsGroup: 65532 @@ -2051,6 +2072,10 @@ envoy: # -- Set Envoy upstream HTTP idle connection timeout seconds. # Does not apply to connections with pending requests. Default 60s idleTimeoutDurationSeconds: 60 + # -- Number of trusted hops regarding the x-forwarded-for and related HTTP headers for the ingress L7 policy enforcement Envoy listeners. + xffNumTrustedHopsL7PolicyIngress: 0 + # -- Number of trusted hops regarding the x-forwarded-for and related HTTP headers for the egress L7 policy enforcement Envoy listeners. + xffNumTrustedHopsL7PolicyEgress: 0 # -- Envoy container image. image: @@ -2104,8 +2129,10 @@ envoy: annotations: {} # -- Security Context for cilium-envoy pods. - podSecurityContext: {} - + podSecurityContext: + # -- AppArmorProfile options for the `cilium-agent` and init containers + appArmorProfile: + type: "Unconfined" # -- Annotations to be added to envoy pods podAnnotations: {} @@ -2174,7 +2201,20 @@ envoy: labelSelector: matchLabels: k8s-app: cilium-envoy - + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + k8s-app: cilium + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: cilium.io/no-schedule + operator: NotIn + values: + - "true" # -- Node selector for cilium-envoy. nodeSelector: kubernetes.io/os: linux @@ -2195,12 +2235,16 @@ envoy: # Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy dnsPolicy: ~ + # -- Configure Cilium Envoy Prometheus options. + # Note that some of these apply to either cilium-agent or cilium-envoy. prometheus: # -- Enable prometheus metrics for cilium-envoy enabled: true serviceMonitor: # -- Enable service monitors. # This requires the prometheus CRDs to be available (see https://github.com/prometheus-operator/prometheus-operator/blob/main/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml) + # Note that this setting applies to both cilium-envoy _and_ cilium-agent + # with Envoy enabled. enabled: false # -- Labels to add to ServiceMonitor cilium-envoy labels: {} @@ -2212,18 +2256,21 @@ envoy: # service monitors configured. # namespace: "" # -- Relabeling configs for the ServiceMonitor cilium-envoy + # or for cilium-agent with Envoy configured. relabelings: - sourceLabels: - __meta_kubernetes_pod_node_name targetLabel: node replacement: ${1} # -- Metrics relabeling configs for the ServiceMonitor cilium-envoy + # or for cilium-agent with Envoy configured. metricRelabelings: ~ # -- Serve prometheus metrics for cilium-envoy on the configured port port: "9964" # -- Enable use of the remote node identity. # ref: https://docs.cilium.io/en/v1.7/install/upgrade/#configmap-remote-node-identity +# Deprecated without replacement in 1.15. To be removed in 1.16. remoteNodeIdentity: true # -- Enable resource quotas for priority classes used in the cluster. @@ -2661,6 +2708,8 @@ nodeinit: override: ~ repository: "${CILIUM_NODEINIT_REPO}" tag: "${CILIUM_NODEINIT_VERSION}" + digest: "${CILIUM_NODEINIT_DIGEST}" + useDigest: true pullPolicy: "${PULL_POLICY}" # -- The priority class to use for the nodeinit pod. @@ -2704,7 +2753,11 @@ nodeinit: # -- Labels to be added to node-init pods. podLabels: {} - + # -- Security Context for cilium-node-init pods. + podSecurityContext: + # -- AppArmorProfile options for the `cilium-node-init` and init containers + appArmorProfile: + type: "Unconfined" # -- nodeinit resource limits & requests # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ resources: @@ -3307,6 +3360,8 @@ dnsProxy: proxyPort: 0 # -- The maximum time the DNS proxy holds an allowed DNS response before sending it along. Responses are sent as soon as the datapath is updated with the new IP information. proxyResponseMaxDelay: 100ms + # -- DNS proxy operation mode (true/false, or unset to use version dependent defaults) + # enableTransparentMode: true # -- SCTP Configuration Values sctp: @@ -3346,6 +3401,8 @@ authentication: enabled: true # -- SPIRE namespace to install into namespace: cilium-spire + # -- SPIRE namespace already exists. Set to true if Helm should not create, manage, and import the SPIRE namespace. + existingNamespace: false # -- init container image of SPIRE agent and server initImage: override: ~ @@ -3375,8 +3432,21 @@ authentication: # -- SPIRE Workload Attestor kubelet verification. skipKubeletVerification: true # -- SPIRE agent tolerations configuration + # By default it follows the same tolerations as the agent itself + # to allow the Cilium agent on this node to connect to SPIRE. # ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ - tolerations: [] + tolerations: + - key: node.kubernetes.io/not-ready + effect: NoSchedule + - key: node-role.kubernetes.io/master + effect: NoSchedule + - key: node-role.kubernetes.io/control-plane + effect: NoSchedule + - key: node.cloudprovider.kubernetes.io/uninitialized + effect: NoSchedule + value: "true" + - key: CriticalAddonsOnly + operator: "Exists" # -- SPIRE agent affinity configuration affinity: {} # -- SPIRE agent nodeSelector configuration diff --git a/internal/constellation/helm/cilium.patch b/internal/constellation/helm/cilium.patch index 1ef6a2419..44857e283 100644 --- a/internal/constellation/helm/cilium.patch +++ b/internal/constellation/helm/cilium.patch @@ -6,11 +6,11 @@ index 256a79542..3f3fc714b 100644 name: cilium displayName: Cilium home: https://cilium.io/ --version: 1.15.0-pre.3 --appVersion: 1.15.0-pre.3 -+version: 1.15.0-pre.3-edg.3 -+appVersion: 1.15.0-pre.3-edg.3 +-version: 1.15.5 +-appVersion: 1.15.5 ++version: 1.15.5-edg.1 ++appVersion: 1.15.5-edg.1 kubeVersion: ">= 1.16.0-0" - icon: https://cdn.jsdelivr.net/gh/cilium/cilium@main/Documentation/images/logo-solo.svg + icon: https://cdn.jsdelivr.net/gh/cilium/cilium@v1.15/Documentation/images/logo-solo.svg description: eBPF-based Networking, Security, and Observability \ No newline at end of file diff --git a/internal/constellation/helm/generateCilium.sh b/internal/constellation/helm/generateCilium.sh index 8d8e462f9..5a05fb466 100755 --- a/internal/constellation/helm/generateCilium.sh +++ b/internal/constellation/helm/generateCilium.sh @@ -21,7 +21,7 @@ git clone \ --no-checkout \ --sparse \ --depth 1 \ - -b v1.15.0-pre.3-edg.3 \ + -b v1.15.5-edg.1 \ https://github.com/edgelesssys/cilium.git cd cilium diff --git a/internal/constellation/helm/helm_test.go b/internal/constellation/helm/helm_test.go index cd8aab6a6..e2f8265b3 100644 --- a/internal/constellation/helm/helm_test.go +++ b/internal/constellation/helm/helm_test.go @@ -198,7 +198,7 @@ func TestHelmApply(t *testing.T) { if tc.clusterCertManagerVersion != nil { certManagerVersion = *tc.clusterCertManagerVersion } - helmListVersion(lister, "cilium", "v1.15.0-pre.3-edg.3") + helmListVersion(lister, "cilium", "v1.15.5-edg.1") helmListVersion(lister, "cert-manager", certManagerVersion) helmListVersion(lister, "constellation-services", tc.clusterMicroServiceVersion) helmListVersion(lister, "constellation-operators", tc.clusterMicroServiceVersion) diff --git a/internal/constellation/helm/loader.go b/internal/constellation/helm/loader.go index a3c6a50fa..c9badd4cc 100644 --- a/internal/constellation/helm/loader.go +++ b/internal/constellation/helm/loader.go @@ -367,16 +367,18 @@ func (i *chartLoader) loadCiliumValues(cloudprovider.Provider) (map[string]any, "image": map[string]any{ "repository": "ghcr.io/edgelesssys/cilium/cilium", "suffix": "", - "tag": "v1.15.0-pre.3-edg.2", - "digest": "sha256:c21b7fbbb084a128a479d6170e5f89ad2768dfecb4af10ee6a99ffe5d1a11749", + "tag": "v1.15.5-edg.1-experimental", + "digest": "sha256:a7e33355e6c632c826bfce37a8789b58a708c2743b7c1023bc01dbda3cccc241", "useDigest": true, }, "operator": map[string]any{ "image": map[string]any{ - "repository": "ghcr.io/edgelesssys/cilium/operator", - "suffix": "", - "tag": "v1.15.0-pre.3-edg.2", - "genericDigest": "sha256:4ea9de5cfeb4554b82b509f0de41120a90e35a15e81a04f76c4cb405ddea3e7c", + "repository": "ghcr.io/edgelesssys/cilium/operator", + "suffix": "", + "tag": "v1.15.5-edg.1-experimental", + // Careful: this is the digest of ghcr.io/.../operator-generic! + // See magic image manipulation in ./helm/charts/cilium/templates/cilium-operator/_helpers.tpl. + "genericDigest": "sha256:f1706b15fa7fc94c3a7d082a93f249f42d4811eb5e2472805a461ba1be3938a7", "useDigest": true, }, "podDisruptionBudget": map[string]any{ From f8e0ca4bb6170a209f2e76998cfbcd5a1d16c4c2 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 11 Jun 2024 17:44:55 +0200 Subject: [PATCH 067/380] deps: update libvirtd_base Docker digest to 99dbf3c (#3157) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- bazel/toolchains/container_images.bzl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bazel/toolchains/container_images.bzl b/bazel/toolchains/container_images.bzl index 325d5c2da..d64760349 100644 --- a/bazel/toolchains/container_images.bzl +++ b/bazel/toolchains/container_images.bzl @@ -16,6 +16,6 @@ def containter_image_deps(): ) oci_pull( name = "libvirtd_base", - digest = "sha256:b1a65581c445a1da618e33743578c4ea80e6a724659fbad9e6555a6a9f48b37a", + digest = "sha256:99dbf3cf69b3f97cb0158bde152c9bc7c2a96458cf462527ee80b75754f572a7", image = "ghcr.io/edgelesssys/constellation/libvirtd-base", ) From 08770a69c490fbad946a3b15d9f769a7121f0b4a Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Tue, 11 Jun 2024 20:15:42 +0200 Subject: [PATCH 068/380] deps: upgrade to tink-go v2.1.0 (#3054) * deps: leave notes on why forks are used * deps: use upstream version of tink-go --- go.mod | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 4e57c8910..9888efb6b 100644 --- a/go.mod +++ b/go.mod @@ -33,10 +33,8 @@ replace ( k8s.io/sample-apiserver v0.0.0 => k8s.io/sample-apiserver v0.29.0 ) -replace ( - github.com/martinjungblut/go-cryptsetup => github.com/daniel-weisse/go-cryptsetup v0.0.0-20230705150314-d8c07bd1723c - github.com/tink-crypto/tink-go/v2 v2.0.0 => github.com/derpsteb/tink-go/v2 v2.0.0-20231002051717-a808e454eed6 -) +// TODO(daniel-weisse): revert after merging https://github.com/martinjungblut/go-cryptsetup/pull/16. +replace github.com/martinjungblut/go-cryptsetup => github.com/daniel-weisse/go-cryptsetup v0.0.0-20230705150314-d8c07bd1723c require ( cloud.google.com/go/compute v1.26.0 From c6825589404d6819c7879d1bc71a7abfac7e834b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Wed, 12 Jun 2024 08:01:54 +0200 Subject: [PATCH 069/380] debugd: return systemd logs if restarting a unit fails (#3159) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Wait until logcollection containers are ready * Add systemd unit journal entries to error message --------- Signed-off-by: Daniel Weiße --- debugd/internal/debugd/deploy/service.go | 10 ++- debugd/internal/debugd/deploy/service_test.go | 9 ++ debugd/internal/debugd/deploy/wrappers.go | 83 +++++++++++++++++++ .../debugd/logcollector/logcollector.go | 8 ++ 4 files changed, 109 insertions(+), 1 deletion(-) diff --git a/debugd/internal/debugd/deploy/service.go b/debugd/internal/debugd/deploy/service.go index 806e8abbc..edea5bf07 100644 --- a/debugd/internal/debugd/deploy/service.go +++ b/debugd/internal/debugd/deploy/service.go @@ -61,6 +61,7 @@ type SystemdUnit struct { type ServiceManager struct { log *slog.Logger dbus dbusClient + journal journalReader fs afero.Fs systemdUnitFilewriteLock sync.Mutex } @@ -71,6 +72,7 @@ func NewServiceManager(log *slog.Logger) *ServiceManager { return &ServiceManager{ log: log, dbus: &dbusWrapper{}, + journal: &journalctlWrapper{}, fs: fs, systemdUnitFilewriteLock: sync.Mutex{}, } @@ -99,6 +101,11 @@ type dbusConn interface { Close() } +type journalReader interface { + // ReadJournal reads the journal for a specific unit. + readJournal(unit string) string +} + // SystemdAction will perform a systemd action on a service unit (start, stop, restart, reload). func (s *ServiceManager) SystemdAction(ctx context.Context, request ServiceManagerRequest) error { log := s.log.With(slog.String("unit", request.Unit), slog.String("action", request.Action.String())) @@ -139,7 +146,8 @@ func (s *ServiceManager) SystemdAction(ctx context.Context, request ServiceManag return nil default: - return fmt.Errorf("performing action %q on systemd unit %q failed: expected %q but received %q", request.Action.String(), request.Unit, "done", result) + serviceJournal := s.journal.readJournal(request.Unit) + return fmt.Errorf("performing action %q on systemd unit %q failed: expected %q but received %q. systemd unit journal entries: %s", request.Action.String(), request.Unit, "done", result, serviceJournal) } } diff --git a/debugd/internal/debugd/deploy/service_test.go b/debugd/internal/debugd/deploy/service_test.go index c0c98f93e..394960c0a 100644 --- a/debugd/internal/debugd/deploy/service_test.go +++ b/debugd/internal/debugd/deploy/service_test.go @@ -104,6 +104,7 @@ func TestSystemdAction(t *testing.T) { manager := ServiceManager{ log: logger.NewTest(t), dbus: &tc.dbus, + journal: &stubJournalReader{}, fs: fs, systemdUnitFilewriteLock: sync.Mutex{}, } @@ -183,6 +184,7 @@ func TestWriteSystemdUnitFile(t *testing.T) { manager := ServiceManager{ log: logger.NewTest(t), dbus: &tc.dbus, + journal: &stubJournalReader{}, fs: fs, systemdUnitFilewriteLock: sync.Mutex{}, } @@ -296,6 +298,7 @@ func TestOverrideServiceUnitExecStart(t *testing.T) { manager := ServiceManager{ log: logger.NewTest(t), dbus: &tc.dbus, + journal: &stubJournalReader{}, fs: fs, systemdUnitFilewriteLock: sync.Mutex{}, } @@ -367,3 +370,9 @@ func (c *fakeDbusConn) ReloadContext(_ context.Context) error { } func (c *fakeDbusConn) Close() {} + +type stubJournalReader struct{} + +func (s *stubJournalReader) readJournal(_ string) string { + return "" +} diff --git a/debugd/internal/debugd/deploy/wrappers.go b/debugd/internal/debugd/deploy/wrappers.go index 9ec9f0b01..f072308d9 100644 --- a/debugd/internal/debugd/deploy/wrappers.go +++ b/debugd/internal/debugd/deploy/wrappers.go @@ -8,6 +8,7 @@ package deploy import ( "context" + "os/exec" "github.com/coreos/go-systemd/v22/dbus" ) @@ -48,3 +49,85 @@ func (c *dbusConnWrapper) ReloadContext(ctx context.Context) error { func (c *dbusConnWrapper) Close() { c.conn.Close() } + +type journalctlWrapper struct{} + +func (j *journalctlWrapper) readJournal(unit string) string { + out, _ := exec.CommandContext(context.Background(), "journalctl", "-u", unit, "--no-pager").CombinedOutput() + return string(out) +} + +/* +// Preferably, we would use the systemd journal API directly. +// However, this requires linking against systemd libraries, so we go with the easier journalctl command for now. + +type sdJournalWrapper struct{} + +// readJournal reads the journal for a specific unit. +func (s *sdJournalWrapper) readJournal(unit string) string { + journal, err := sdjournal.NewJournal() + if err != nil { + log.Printf("opening journal: %s", err) + return "" + } + defer journal.Close() + + // Filter the journal for the specified unit + filters := []string{ + fmt.Sprintf("_SYSTEMD_UNIT=%s", unit), + fmt.Sprintf("UNIT=%s", unit), + fmt.Sprintf("OBJECT_SYSTEMD_UNIT=%s", unit), + fmt.Sprintf("_SYSTEMD_SLICE=%s", unit), + fmt.Sprintf("_SYSTEMD_USER_UNIT=%s", unit), + fmt.Sprintf("USER_UNIT=%s", unit), + fmt.Sprintf("COREDUMP_USER_UNIT=%s", unit), + fmt.Sprintf("OBJECT_SYSTEMD_USER_UNIT=%s", unit), + fmt.Sprintf("_SYSTEMD_USER_SLICE=%s", unit), + } + for _, filter := range filters { + if err := journal.AddMatch(filter); err != nil { + log.Printf("applying filter %q: %s", filter, err) + return "" + } + if err := journal.AddDisjunction(); err != nil { + log.Printf("adding disjunction to journal filter: %s", err) + return "" + } + } + + // Seek to the beginning of the journal + if err := journal.SeekHead(); err != nil { + log.Printf("seeking journal tail: %s", err) + return "" + } + + // Iterate over the journal entries + var previousCursor string + journalLog := &strings.Builder{} + for { + if _, err := journal.Next(); err != nil { + log.Printf("getting next entry in journal: %s", err) + return "" + } + + entry, err := journal.GetEntry() + if err != nil { + log.Printf("getting journal entry: %s", err) + return "" + } + + // Abort if we reached the end of the journal, i.e. the cursor didn't change + if entry.Cursor == previousCursor { + break + } + previousCursor = entry.Cursor + + if _, err := journalLog.WriteString(entry.Fields[sdjournal.SD_JOURNAL_FIELD_MESSAGE] + "\n"); err != nil { + log.Printf("copying journal entry to buffer: %s", err) + return "" + } + } + + return strings.TrimSpace(journalLog.String()) +} +*/ diff --git a/debugd/internal/debugd/logcollector/logcollector.go b/debugd/internal/debugd/logcollector/logcollector.go index 9723d102f..59964287d 100644 --- a/debugd/internal/debugd/logcollector/logcollector.go +++ b/debugd/internal/debugd/logcollector/logcollector.go @@ -200,6 +200,10 @@ func startPod(ctx context.Context, logger *slog.Logger) error { if err := runLogstashCmd.Start(); err != nil { return fmt.Errorf("failed to start logstash: %w", err) } + if out, err := exec.CommandContext(ctx, "podman", "wait", "logstash", "--condition=running", "--interval=15s").CombinedOutput(); err != nil { + logger.Error("Logstash container failed to reach healthy status", "err", err, "output", out) + return fmt.Errorf("waiting for logstash container to reach healthy status: %w; output: %s", err, out) + } // start filebeat container filebeatLog := newCmdLogger(logger.WithGroup("filebeat")) @@ -225,6 +229,10 @@ func startPod(ctx context.Context, logger *slog.Logger) error { if err := runFilebeatCmd.Start(); err != nil { return fmt.Errorf("failed to run filebeat: %w", err) } + if out, err := exec.CommandContext(ctx, "podman", "wait", "filebeat", "--condition=running", "--interval=15s").CombinedOutput(); err != nil { + logger.Error("Filebeat container failed to reach healthy status", "err", err, "output", out) + return fmt.Errorf("waiting for filebeat container to reach healthy status: %w; output: %s", err, out) + } return nil } From 8b76dd68caebf4e86f8f4684278485490e0bcb36 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Wed, 12 Jun 2024 08:02:47 +0200 Subject: [PATCH 070/380] attetstation: enable Azure TDX CRL checking (#3160) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- internal/attestation/azure/tdx/validator.go | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/internal/attestation/azure/tdx/validator.go b/internal/attestation/azure/tdx/validator.go index da8dc0eee..5b090dae9 100644 --- a/internal/attestation/azure/tdx/validator.go +++ b/internal/attestation/azure/tdx/validator.go @@ -93,11 +93,10 @@ func (v *Validator) validateQuote(tdxQuote *tdx.QuoteV4) error { roots.AddCert((*x509.Certificate)(&v.cfg.IntelRootKey)) if err := verify.TdxQuote(tdxQuote, &verify.Options{ - // TODO: Re-enable CRL checking once issues on Azure's side are resolved. - // CheckRevocations: true, - // GetCollateral: true, - TrustedRoots: roots, - Getter: v.getter, + CheckRevocations: true, + GetCollateral: true, + TrustedRoots: roots, + Getter: v.getter, }); err != nil { return err } From 305bc692e977a77cf14770852f1334e9d38c83a7 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Wed, 12 Jun 2024 08:03:25 +0200 Subject: [PATCH 071/380] image: update measurements and image version (#3162) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index 1dfaa3104..2a8f4e96b 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x42, 0x28, 0x67, 0x35, 0x91, 0x77, 0x4d, 0xc8, 0x03, 0xf9, 0x4f, 0x14, 0x7d, 0xa0, 0x25, 0x29, 0x1b, 0xe3, 0x4f, 0x3a, 0x13, 0xfd, 0x9a, 0xbb, 0xb5, 0x2c, 0x7d, 0x66, 0x52, 0x26, 0xe9, 0xd0}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x72, 0x1b, 0xec, 0xae, 0x31, 0x4f, 0xb7, 0xfe, 0x8a, 0x71, 0x5d, 0x94, 0x13, 0xa1, 0xe8, 0x20, 0xe1, 0x26, 0x54, 0xaa, 0x8f, 0xb2, 0xcd, 0xb6, 0x5f, 0x2a, 0x6b, 0x5a, 0xd2, 0x01, 0xc9, 0x4d}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd4, 0x5d, 0x4c, 0x91, 0xf5, 0xf6, 0x97, 0x3d, 0x93, 0xa1, 0xb7, 0xa9, 0x8b, 0xb5, 0x8e, 0x24, 0xc3, 0x3c, 0xc7, 0x42, 0x2a, 0xb2, 0x1d, 0xb2, 0x89, 0x68, 0xb8, 0x96, 0xd1, 0x62, 0x44, 0x44}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x4b, 0x32, 0x53, 0xb7, 0xf6, 0x88, 0xa1, 0x9f, 0xf8, 0xa5, 0x63, 0xe6, 0xa5, 0xca, 0x32, 0x88, 0x83, 0xfc, 0x7f, 0x17, 0x33, 0x69, 0xee, 0xae, 0x5b, 0x56, 0xa1, 0x96, 0x1d, 0xe4, 0x96, 0xee}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x5a, 0x7d, 0x7a, 0xcc, 0xeb, 0xe8, 0x86, 0xca, 0xed, 0xfd, 0xe5, 0x1f, 0xf6, 0xf5, 0x42, 0x4b, 0x83, 0x71, 0x6d, 0xa7, 0x1f, 0x92, 0x30, 0xd2, 0x07, 0xf3, 0x9d, 0xf7, 0xc9, 0x1f, 0x66, 0x66}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x9d, 0x23, 0xb5, 0x99, 0xa0, 0xfb, 0xbb, 0x7a, 0x68, 0x1d, 0x3f, 0x51, 0xa5, 0xa9, 0xa1, 0xb3, 0x90, 0x48, 0x80, 0xd6, 0x37, 0xe5, 0x4e, 0x89, 0xac, 0x53, 0x48, 0x03, 0x53, 0x70, 0xbf, 0xe1}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x7d, 0xd5, 0x04, 0xbd, 0x65, 0x66, 0xb1, 0x1e, 0x27, 0x28, 0x24, 0xc0, 0xac, 0xb9, 0x85, 0xf6, 0x2d, 0x63, 0xf6, 0x17, 0x62, 0xc2, 0x2a, 0xaa, 0x67, 0xf9, 0xea, 0x3d, 0x48, 0x11, 0x19, 0x7b}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x66, 0xc7, 0x2b, 0x4c, 0xbb, 0x71, 0x37, 0x08, 0xe3, 0xa5, 0xd7, 0x60, 0x8c, 0x19, 0x97, 0x53, 0x57, 0xb7, 0xbb, 0xd2, 0xd5, 0x9d, 0xe5, 0x70, 0x8e, 0x95, 0xc2, 0x04, 0xdd, 0xe0, 0x8f, 0x9c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x46, 0x50, 0xec, 0x8c, 0x3a, 0x4f, 0x66, 0x3c, 0xb2, 0x5b, 0x3d, 0x25, 0xcf, 0x38, 0x17, 0xeb, 0x2c, 0x00, 0x48, 0xec, 0x2d, 0x4d, 0xaf, 0xb6, 0x3a, 0x38, 0x87, 0xc7, 0xdc, 0x3d, 0xe8, 0x3b}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xea, 0x40, 0xe4, 0x0b, 0x9f, 0x76, 0x77, 0xdb, 0x67, 0x2d, 0x4d, 0xa8, 0x28, 0x7e, 0x10, 0x7d, 0x47, 0xd1, 0x23, 0x88, 0x43, 0x04, 0xbd, 0x53, 0xf0, 0x9f, 0x7d, 0xbe, 0x71, 0x78, 0xa4, 0x55}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x12, 0xc3, 0xcc, 0x29, 0xc2, 0x9e, 0x90, 0xad, 0x1f, 0xd7, 0x4f, 0x7b, 0x8f, 0x27, 0xf2, 0x43, 0x61, 0xfc, 0xa3, 0x97, 0x97, 0xa6, 0xdd, 0x3a, 0x6a, 0x33, 0xde, 0x7e, 0x03, 0x01, 0xe2, 0x7e}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xeb, 0x83, 0xa5, 0xa8, 0xf4, 0xc3, 0x57, 0xd8, 0x6a, 0x55, 0x33, 0x85, 0x85, 0xa0, 0xcc, 0x57, 0x39, 0x7c, 0xed, 0x62, 0x94, 0xd0, 0xca, 0x9b, 0x8c, 0x2b, 0x83, 0x49, 0x94, 0xe1, 0x2b, 0x07}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x60, 0xb5, 0x80, 0xce, 0x89, 0xbd, 0x3d, 0x6f, 0x1c, 0x7f, 0x57, 0xb9, 0xf4, 0x75, 0xbc, 0x4e, 0x75, 0xd0, 0x3f, 0xf9, 0x5f, 0x9f, 0x6f, 0xb3, 0x5e, 0xda, 0xc7, 0x15, 0x63, 0xeb, 0x18, 0x50}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x31, 0xe3, 0xa2, 0x67, 0xa8, 0x72, 0x1f, 0x66, 0x7a, 0x67, 0xb6, 0x6a, 0x36, 0xd3, 0x6d, 0xa9, 0xd3, 0xfa, 0x24, 0xc7, 0x15, 0xd0, 0x15, 0xcc, 0xfd, 0x4f, 0x94, 0xb8, 0x69, 0x7f, 0x0e, 0xcc}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xab, 0x2f, 0x9c, 0x07, 0x07, 0x08, 0x2a, 0x69, 0xb9, 0x07, 0xa3, 0x07, 0xac, 0x86, 0x8d, 0x3e, 0x06, 0x95, 0x7d, 0xcb, 0x14, 0xdf, 0x73, 0xb4, 0x2b, 0x16, 0xc7, 0x24, 0x01, 0xea, 0xe3, 0x67}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x31, 0x57, 0xe6, 0x36, 0x44, 0x12, 0xaa, 0x1d, 0x49, 0xb5, 0xc8, 0xac, 0xf6, 0xd3, 0xa5, 0xa7, 0x85, 0xcf, 0x07, 0xdb, 0x31, 0xa3, 0x88, 0xcd, 0xc6, 0x5c, 0x65, 0x01, 0xee, 0xdd, 0xba, 0x9d}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x6c, 0x08, 0x02, 0x81, 0xc4, 0x57, 0x87, 0x15, 0x57, 0x1e, 0xb7, 0xbd, 0x4c, 0x85, 0x34, 0xb9, 0x4b, 0xf1, 0x8a, 0x38, 0x6e, 0x9c, 0x11, 0x99, 0xb0, 0x83, 0x33, 0xcd, 0xfe, 0x41, 0x2d, 0x53}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x92, 0x4f, 0x17, 0x18, 0x02, 0xc0, 0x56, 0xf1, 0x66, 0xba, 0x9e, 0x38, 0x90, 0x4f, 0xf9, 0xa2, 0x09, 0xce, 0x30, 0x8d, 0x63, 0xdb, 0x0e, 0xd7, 0x3e, 0xcf, 0xe8, 0x33, 0xa1, 0xc8, 0x2c, 0x00}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x06, 0xc0, 0xdd, 0xc2, 0x95, 0xcb, 0x59, 0x4b, 0x67, 0x9e, 0xe9, 0x43, 0xfa, 0x4b, 0xa4, 0x40, 0xa9, 0xd7, 0x1d, 0x26, 0xc9, 0x60, 0xa6, 0x47, 0xab, 0xa5, 0x58, 0x67, 0xca, 0xa2, 0x6a, 0x38}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x96, 0x7c, 0x33, 0xff, 0x8f, 0x21, 0x98, 0x47, 0xc1, 0xb1, 0x4a, 0xc1, 0x44, 0x5f, 0xcb, 0xb6, 0xa2, 0xdb, 0xbe, 0x5d, 0x1d, 0x7e, 0x4f, 0xbf, 0x3d, 0x3d, 0x70, 0xbc, 0xf4, 0xaf, 0xea, 0xea}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x03, 0x8c, 0x14, 0x02, 0x17, 0xef, 0x61, 0xfc, 0xa9, 0x6f, 0x85, 0xd5, 0xb1, 0x2c, 0xfe, 0x14, 0x90, 0x04, 0xff, 0x08, 0xb9, 0x62, 0x54, 0xc7, 0xcc, 0x1b, 0x7b, 0xbe, 0xf6, 0xa8, 0xdb, 0xca}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xbd, 0x44, 0xab, 0xda, 0xd4, 0x6d, 0xe2, 0xf3, 0xc3, 0x51, 0x3a, 0xce, 0x87, 0x1b, 0xb1, 0xe5, 0xff, 0xca, 0xd2, 0x3a, 0x26, 0xf6, 0xfd, 0x37, 0x02, 0x97, 0x03, 0x79, 0x0a, 0xf4, 0x68, 0xe3}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x38, 0xa5, 0x40, 0x6e, 0x1b, 0xe1, 0xdd, 0x3b, 0x99, 0x19, 0x41, 0xc4, 0x20, 0xdc, 0xe5, 0x10, 0xdb, 0xb8, 0x76, 0x46, 0x26, 0x92, 0x7b, 0x97, 0xf2, 0xfe, 0xa1, 0xe8, 0x7c, 0x6f, 0x35, 0xb4}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x51, 0x8a, 0xce, 0x20, 0xf0, 0xd0, 0xbb, 0xf4, 0x08, 0xef, 0xc4, 0xab, 0xdc, 0x9c, 0x78, 0x75, 0x52, 0x37, 0xc6, 0x9a, 0x0e, 0x0b, 0xe7, 0x0b, 0x9f, 0x43, 0x87, 0x72, 0x00, 0x92, 0x5f, 0xd0}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x53, 0xa9, 0x10, 0xe8, 0x9e, 0x73, 0xdd, 0xe2, 0x0d, 0x9e, 0xaf, 0xee, 0x78, 0xb8, 0xdc, 0x39, 0xc0, 0x3f, 0x2e, 0x1c, 0xeb, 0xd7, 0x02, 0xbe, 0x5d, 0xe1, 0xad, 0x1b, 0xb3, 0x09, 0x33, 0x75}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd6, 0x0d, 0xdc, 0x63, 0xab, 0x01, 0xa4, 0x0d, 0x9e, 0xca, 0xd1, 0x2e, 0xc2, 0x86, 0xcc, 0xc7, 0x37, 0x78, 0x5e, 0x85, 0xa9, 0x1a, 0xe0, 0xbb, 0xe7, 0x4f, 0xca, 0x62, 0x9a, 0x7a, 0x16, 0x5d}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x5f, 0xaf, 0xe8, 0x8f, 0xaf, 0xbd, 0x1c, 0x6d, 0xa0, 0xa3, 0xeb, 0x89, 0x48, 0x4a, 0x1d, 0xe4, 0xba, 0xf0, 0x41, 0xc3, 0x81, 0xd8, 0xef, 0xf8, 0x36, 0xe8, 0xf0, 0x2b, 0x78, 0x15, 0x88, 0xa8}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x2d, 0x2e, 0x99, 0xa4, 0x24, 0xd7, 0x52, 0x11, 0x20, 0x20, 0xee, 0x17, 0xec, 0x06, 0x45, 0x46, 0xfe, 0xe7, 0x0e, 0xa6, 0x44, 0x0a, 0x87, 0x65, 0xcc, 0x8e, 0xfa, 0x00, 0x25, 0x55, 0x1d, 0x3b}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xcf, 0x1f, 0x51, 0xed, 0x8a, 0x9f, 0x04, 0x10, 0x5a, 0x66, 0xb3, 0x3e, 0x24, 0x13, 0xe0, 0xd8, 0x7c, 0x1b, 0x82, 0x88, 0xbf, 0x7d, 0x54, 0x1f, 0x72, 0x97, 0xaa, 0x1a, 0xa7, 0x9f, 0x28, 0x63}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xaf, 0xef, 0xed, 0x66, 0x0a, 0xa3, 0x1e, 0x99, 0x00, 0x21, 0x6d, 0xbb, 0xfe, 0xe3, 0x51, 0x24, 0x0f, 0x04, 0x94, 0x8e, 0x84, 0x30, 0xf0, 0x12, 0xf0, 0xe9, 0x94, 0x57, 0x60, 0x13, 0xbb, 0x65}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0x60, 0x92, 0x94, 0xc8, 0x36, 0x50, 0x3e, 0xf1, 0x5a, 0x20, 0xf2, 0x34, 0x9a, 0x33, 0x55, 0x4d, 0x84, 0x5e, 0x03, 0x0f, 0x9b, 0x24, 0x8a, 0xaa, 0x7c, 0x6d, 0x7e, 0xbe, 0x83, 0x81, 0xc2, 0x87}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xa7, 0x5f, 0x75, 0x44, 0x26, 0xba, 0x66, 0x22, 0x9c, 0x3c, 0x2e, 0x7e, 0x54, 0x89, 0x8a, 0x3a, 0x09, 0x52, 0x17, 0xf5, 0x8e, 0xf6, 0xfb, 0x51, 0x98, 0x85, 0x06, 0x8f, 0x66, 0xa5, 0xfa, 0x6b}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x7d, 0x3d, 0x90, 0xd1, 0xe2, 0xc3, 0xfe, 0x28, 0x28, 0xe4, 0xd4, 0x33, 0x4a, 0x48, 0xa9, 0x9a, 0xfc, 0x43, 0x48, 0x0e, 0x2c, 0xaa, 0xf5, 0xed, 0x9d, 0xc1, 0x82, 0x53, 0x23, 0x0a, 0xf3, 0xe2}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x71, 0x81, 0x3a, 0xfe, 0x79, 0xdf, 0x30, 0xf0, 0x3d, 0xc9, 0x29, 0x48, 0x63, 0x78, 0x7a, 0x7f, 0x21, 0xc5, 0xf5, 0x40, 0x0a, 0x2c, 0xe5, 0xc9, 0xba, 0x9a, 0xbd, 0xba, 0xc5, 0x9a, 0x40, 0xa5}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x1f, 0x8a, 0xb8, 0x90, 0xbe, 0x23, 0x07, 0x7d, 0x7d, 0x25, 0x4b, 0x15, 0xa6, 0xeb, 0x09, 0x01, 0x8a, 0x05, 0x34, 0x0a, 0x40, 0x3f, 0x8c, 0xde, 0x7a, 0x38, 0x3f, 0xc2, 0xa5, 0xf8, 0x38, 0xa7}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x24, 0x8c, 0xe0, 0x34, 0x62, 0x51, 0x28, 0x95, 0x79, 0x31, 0x40, 0x6a, 0xcc, 0x24, 0x99, 0x99, 0xc1, 0x4a, 0x39, 0xfd, 0xe3, 0x78, 0x46, 0x20, 0x9d, 0xcb, 0xfd, 0x73, 0x0c, 0x23, 0xd8, 0xad}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xd5, 0xf2, 0x18, 0x4d, 0xc5, 0x0e, 0x65, 0x26, 0x0c, 0x2b, 0xe0, 0xc0, 0x82, 0x8f, 0x91, 0xb8, 0x66, 0x53, 0x54, 0x4d, 0x0a, 0x38, 0xc6, 0xb8, 0x70, 0x25, 0x03, 0x35, 0x44, 0x69, 0xe3, 0xc1}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xf8, 0x07, 0xc8, 0xb5, 0x45, 0x26, 0xc2, 0x54, 0x6d, 0x3e, 0xf3, 0xc5, 0x26, 0x6b, 0x9a, 0xf8, 0x3d, 0xfe, 0xd6, 0x8d, 0x9a, 0x89, 0x9f, 0x76, 0xf7, 0x22, 0x3b, 0x52, 0x4b, 0x92, 0x5e, 0xbf}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x29, 0xc8, 0x1d, 0xf6, 0x22, 0x56, 0x2e, 0x65, 0xfe, 0x2b, 0x4f, 0xe5, 0x6f, 0xbb, 0x15, 0x1d, 0x63, 0x4d, 0x85, 0xde, 0x13, 0x90, 0x85, 0x86, 0x79, 0xbb, 0x2a, 0xef, 0x94, 0x31, 0x26, 0x3c}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0x2b, 0xfe, 0xf0, 0x78, 0x24, 0xf3, 0x95, 0x36, 0x44, 0x46, 0x09, 0x58, 0xe6, 0xc2, 0x87, 0x53, 0x65, 0xec, 0xcc, 0xd9, 0xdd, 0x7c, 0xf9, 0x1d, 0xcf, 0x78, 0x37, 0x1e, 0x77, 0xb7, 0x62, 0xc8}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x33, 0x7b, 0xc7, 0xdb, 0x95, 0x13, 0xef, 0xc6, 0xfc, 0xba, 0xd6, 0x09, 0x73, 0x15, 0xff, 0x5d, 0x72, 0x42, 0xff, 0x0c, 0xa7, 0x54, 0x06, 0xac, 0xc2, 0x90, 0xb3, 0x27, 0xd1, 0xf1, 0x7a, 0xfa}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xaf, 0x71, 0x1f, 0x71, 0xa3, 0x9c, 0x68, 0x9f, 0x30, 0x38, 0x36, 0x8e, 0xfc, 0x0f, 0xaa, 0xc6, 0x87, 0x47, 0xe8, 0x4d, 0xb2, 0xc1, 0x13, 0xdd, 0x56, 0x1c, 0x1f, 0x41, 0xaf, 0xff, 0x76, 0xa9}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0x09, 0x89, 0x47, 0x43, 0x43, 0x49, 0x42, 0x7f, 0x36, 0xa1, 0xf0, 0x69, 0x1b, 0xd1, 0x29, 0xb3, 0x94, 0xac, 0x60, 0x86, 0x00, 0xed, 0x7c, 0x7f, 0xab, 0x6c, 0xfd, 0xf5, 0xae, 0x74, 0x6a, 0xee}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x0f, 0xdb, 0x94, 0x49, 0x9a, 0xc1, 0x3b, 0x63, 0x63, 0x17, 0x88, 0x0f, 0x8d, 0x9b, 0x2a, 0x3b, 0xf0, 0x5d, 0xc1, 0xf8, 0x0f, 0xe2, 0xaa, 0x15, 0x8c, 0x92, 0x6c, 0x11, 0x94, 0xd8, 0x5f, 0x09}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x6a, 0x11, 0x0d, 0x89, 0x6d, 0x18, 0x43, 0xbe, 0x63, 0x48, 0x48, 0x64, 0xd9, 0x70, 0x33, 0x25, 0x7a, 0x5f, 0x30, 0xb1, 0xf0, 0x7a, 0x56, 0x12, 0xd2, 0xd7, 0x28, 0x77, 0x8f, 0x68, 0x56, 0x9a}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0x24, 0xe1, 0x5e, 0xd3, 0x21, 0xb3, 0x6f, 0x16, 0xc0, 0x33, 0x62, 0xb1, 0x2d, 0x13, 0xd0, 0xd7, 0xea, 0x1b, 0x7f, 0xfa, 0x3c, 0x2f, 0x36, 0x35, 0x2d, 0xdb, 0x9b, 0xf4, 0xad, 0x4b, 0xdc, 0xc7}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x19, 0xe6, 0x23, 0xd4, 0xea, 0xf1, 0x13, 0x89, 0xb3, 0x72, 0xb8, 0xd1, 0xe1, 0xa9, 0x66, 0x18, 0x3b, 0xa4, 0xd2, 0x11, 0x59, 0xa4, 0x77, 0x58, 0xf7, 0xe7, 0x43, 0x22, 0x7b, 0xf5, 0x5d, 0xc8}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x70, 0x94, 0x59, 0xb0, 0xc8, 0xb1, 0xcd, 0xfa, 0x3a, 0x2c, 0x0c, 0x15, 0xf4, 0x03, 0x43, 0xc9, 0x2e, 0x45, 0x78, 0xef, 0xce, 0x67, 0x4b, 0xbd, 0xba, 0xa6, 0xa9, 0x5c, 0xbd, 0x60, 0xf5, 0x9f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index 724f60d3d..8554be78b 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.17.0-pre.0.20240606102551-9c2aef88ba13" + defaultImage = "ref/main/stream/nightly/v2.17.0-pre.0.20240611201542-08770a69c490" ) From b3fcdc9a22d1279ad552a96edb92f4953b323c5e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 12 Jun 2024 08:04:52 +0200 Subject: [PATCH 072/380] deps: update module github.com/Azure/azure-sdk-for-go/sdk/azidentity to v1.6.0 [SECURITY] (#3163) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 16 ++++++++-------- go.sum | 34 ++++++++++++++++------------------ 2 files changed, 24 insertions(+), 26 deletions(-) diff --git a/go.mod b/go.mod index 9888efb6b..76c413e0d 100644 --- a/go.mod +++ b/go.mod @@ -45,7 +45,7 @@ require ( dario.cat/mergo v1.0.0 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.7.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5 v5.1.1 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0 @@ -125,12 +125,12 @@ require ( go.etcd.io/etcd/client/pkg/v3 v3.5.13 go.etcd.io/etcd/client/v3 v3.5.13 go.uber.org/goleak v1.3.0 - golang.org/x/crypto v0.23.0 + golang.org/x/crypto v0.24.0 golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 golang.org/x/mod v0.17.0 - golang.org/x/sys v0.20.0 - golang.org/x/text v0.15.0 - golang.org/x/tools v0.21.0 + golang.org/x/sys v0.21.0 + golang.org/x/text v0.16.0 + golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d google.golang.org/api v0.180.0 google.golang.org/grpc v1.63.2 google.golang.org/protobuf v1.34.1 @@ -159,7 +159,7 @@ require ( cloud.google.com/go/iam v1.1.8 // indirect cloud.google.com/go/longrunning v0.5.7 // indirect github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect - github.com/Azure/azure-sdk-for-go/sdk/internal v1.6.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 // indirect @@ -361,10 +361,10 @@ require ( go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect - golang.org/x/net v0.25.0 // indirect + golang.org/x/net v0.26.0 // indirect golang.org/x/oauth2 v0.20.0 // indirect golang.org/x/sync v0.7.0 // indirect - golang.org/x/term v0.20.0 // indirect + golang.org/x/term v0.21.0 // indirect golang.org/x/time v0.5.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.8 // indirect diff --git a/go.sum b/go.sum index 70e2e754c..6b654a03c 100644 --- a/go.sum +++ b/go.sum @@ -31,10 +31,10 @@ github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 h1:E+OJmp2tPvt1W+amx48v1eqbjDYsgN+RzP4q16yV5eM= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1/go.mod h1:a6xsAQUZg+VsS3TJ05SRp524Hs4pZ/AeFSr5ENf0Yjo= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 h1:FDif4R1+UUR+00q6wquyX90K7A8dN+R5E8GEadoP7sU= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2/go.mod h1:aiYBYui4BJ/BJCAIKs92XiPyQfTaBWqvHujDwKb6CBU= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.6.0 h1:sUFnFjzDUie80h24I7mrKtwCKgLY9L8h5Tp2x9+TWqk= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.6.0/go.mod h1:52JbnQTp15qg5mRkMBHwp0j0ZFwHJ42Sx3zVV5RE9p0= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 h1:U2rTu3Ef+7w9FHKIAXM6ZyqF3UOWJZ12zIm8zECAFfg= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 h1:jBQA3cKT4L2rWMpgE7Yt3Hwh2aUj8KXjIGLxjHeYNNo= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0/go.mod h1:4OG6tQ9EOP/MT0NMjDlRzWoVFxfu9rN9B2X+tlSVktg= github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0 h1:m/sWOGCREuSBqg2htVQTBY8nOZpyajYztF0vUvSZTuM= github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0/go.mod h1:Pu5Zksi2KrU7LPbZbNINx6fuVrUp/ffvpxdDj+i8LeE= github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 h1:FbH3BbSb4bvGluTesZZ+ttN/MDsnMmQP36OSnDuSXqw= @@ -238,8 +238,6 @@ github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aB github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2/go.mod h1:WHNsWjnIn2V1LYOrME7e8KxSeKunYHsxEm4am0BUtcI= github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0= github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= -github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI= -github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ= github.com/docker/cli v25.0.1+incompatible h1:mFpqnrS6Hsm3v1k7Wa/BO23oz0k121MTbTO1lpcGSkU= github.com/docker/cli v25.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= @@ -891,8 +889,8 @@ golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= -golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= -golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= +golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= +golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM= golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= @@ -923,8 +921,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= +golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= @@ -968,8 +966,8 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -977,8 +975,8 @@ golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= -golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= -golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= +golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= +golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -989,8 +987,8 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= -golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -1003,8 +1001,8 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= -golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From daaa7755a723e9f19374a5f9fedb465d5e4986a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Wed, 12 Jun 2024 13:18:27 +0200 Subject: [PATCH 073/380] cli: enable JSON output for `constellation verify` on Azure TDX (#3164) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Remove formatter factory * Enable `constellation verify` with JSON output for Azure TDX --------- Signed-off-by: Daniel Weiße --- cli/internal/cmd/BUILD.bazel | 3 + cli/internal/cmd/verify.go | 173 ++++++++------------ cli/internal/cmd/verify_test.go | 62 ++----- internal/attestation/azure/tdx/issuer.go | 2 +- internal/attestation/azure/tdx/tdx.go | 3 +- internal/attestation/azure/tdx/validator.go | 2 +- internal/verify/verify.go | 2 +- 7 files changed, 90 insertions(+), 157 deletions(-) diff --git a/cli/internal/cmd/BUILD.bazel b/cli/internal/cmd/BUILD.bazel index 6f29a7965..c2decf328 100644 --- a/cli/internal/cmd/BUILD.bazel +++ b/cli/internal/cmd/BUILD.bazel @@ -111,6 +111,9 @@ go_library( "@io_k8s_sigs_yaml//:yaml", "@org_golang_x_mod//semver", "@org_golang_google_grpc//:grpc", + "@com_github_google_go_tdx_guest//abi", + "@com_github_google_go_tdx_guest//proto/tdx", + "//internal/attestation/azure/tdx", ] + select({ "@io_bazel_rules_go//go/platform:android_amd64": [ "@org_golang_x_sys//unix", diff --git a/cli/internal/cmd/verify.go b/cli/internal/cmd/verify.go index 5a84c3df0..5bce0af2a 100644 --- a/cli/internal/cmd/verify.go +++ b/cli/internal/cmd/verify.go @@ -21,10 +21,9 @@ import ( "strconv" "strings" - tpmProto "github.com/google/go-tpm-tools/proto/tpm" - "github.com/edgelesssys/constellation/v2/internal/api/attestationconfigapi" "github.com/edgelesssys/constellation/v2/internal/atls" + azuretdx "github.com/edgelesssys/constellation/v2/internal/attestation/azure/tdx" "github.com/edgelesssys/constellation/v2/internal/attestation/choose" "github.com/edgelesssys/constellation/v2/internal/attestation/measurements" "github.com/edgelesssys/constellation/v2/internal/attestation/snp" @@ -38,6 +37,10 @@ import ( "github.com/edgelesssys/constellation/v2/internal/grpc/dialer" "github.com/edgelesssys/constellation/v2/internal/verify" "github.com/edgelesssys/constellation/v2/verify/verifyproto" + + "github.com/google/go-tdx-guest/abi" + "github.com/google/go-tdx-guest/proto/tdx" + tpmProto "github.com/google/go-tpm-tools/proto/tpm" "github.com/spf13/afero" "github.com/spf13/cobra" "github.com/spf13/pflag" @@ -106,24 +109,7 @@ func runVerify(cmd *cobra.Command, _ []string) error { dialer: dialer.New(nil, nil, &net.Dialer{}), log: log, } - formatterFactory := func(output string, attestation variant.Variant, log debugLog) (attestationDocFormatter, error) { - if output == "json" && - (!attestation.Equal(variant.AzureSEVSNP{}) && - !attestation.Equal(variant.AWSSEVSNP{}) && - !attestation.Equal(variant.GCPSEVSNP{})) { - return nil, errors.New("json output is only supported for SEV-SNP") - } - switch output { - case "json": - return &jsonAttestationDocFormatter{log}, nil - case "raw": - return &rawAttestationDocFormatter{log}, nil - case "": - return &defaultAttestationDocFormatter{log}, nil - default: - return nil, fmt.Errorf("invalid output value for formatter: %s", output) - } - } + v := &verifyCmd{ fileHandler: fileHandler, log: log, @@ -132,13 +118,12 @@ func runVerify(cmd *cobra.Command, _ []string) error { return err } v.log.Debug("Using flags", "clusterID", v.flags.clusterID, "endpoint", v.flags.endpoint, "ownerID", v.flags.ownerID) + fetcher := attestationconfigapi.NewFetcher() - return v.verify(cmd, verifyClient, formatterFactory, fetcher) + return v.verify(cmd, verifyClient, fetcher) } -type formatterFactory func(output string, attestation variant.Variant, log debugLog) (attestationDocFormatter, error) - -func (c *verifyCmd) verify(cmd *cobra.Command, verifyClient verifyClient, factory formatterFactory, configFetcher attestationconfigapi.Fetcher) error { +func (c *verifyCmd) verify(cmd *cobra.Command, verifyClient verifyClient, configFetcher attestationconfigapi.Fetcher) error { c.log.Debug(fmt.Sprintf("Loading configuration file from %q", c.flags.pathPrefixer.PrefixPrintablePath(constants.ConfigFilename))) conf, err := config.New(c.fileHandler, constants.ConfigFilename, configFetcher, c.flags.force) var configValidationErr *config.ValidationError @@ -202,20 +187,21 @@ func (c *verifyCmd) verify(cmd *cobra.Command, verifyClient verifyClient, factor return fmt.Errorf("verifying: %w", err) } - // certificates are only available for Azure SEV-SNP and AWS SEV-SNP - formatter, err := factory(c.flags.output, conf.GetAttestationConfig().GetVariant(), c.log) - if err != nil { - return fmt.Errorf("creating formatter: %w", err) + var attDocOutput string + switch c.flags.output { + case "json": + attDocOutput, err = formatJSON(cmd.Context(), rawAttestationDoc, attConfig, c.log) + case "raw": + attDocOutput = fmt.Sprintf("Attestation Document:\n%s\n", rawAttestationDoc) + case "": + attDocOutput, err = formatDefault(cmd.Context(), rawAttestationDoc, attConfig, c.log) + default: + return fmt.Errorf("invalid output value for formatter: %s", c.flags.output) } - attDocOutput, err := formatter.format( - cmd.Context(), - rawAttestationDoc, - (!attConfig.GetVariant().Equal(variant.AzureSEVSNP{}) && !attConfig.GetVariant().Equal(variant.AWSSEVSNP{})), - attConfig, - ) if err != nil { return fmt.Errorf("printing attestation document: %w", err) } + cmd.Println(attDocOutput) cmd.PrintErrln("Verification OK") @@ -255,82 +241,92 @@ func (c *verifyCmd) validateEndpointFlag(cmd *cobra.Command, stateFile *state.St return endpoint, nil } -// an attestationDocFormatter formats the attestation document. -type attestationDocFormatter interface { - // format returns the raw or formatted attestation doc depending on the rawOutput argument. - format(ctx context.Context, docString string, PCRsOnly bool, attestationCfg config.AttestationCfg) (string, error) -} - -type jsonAttestationDocFormatter struct { - log debugLog -} - -// format returns the json formatted attestation doc. -func (f *jsonAttestationDocFormatter) format(ctx context.Context, docString string, _ bool, - attestationCfg config.AttestationCfg, +// formatJSON returns the json formatted attestation doc. +func formatJSON(ctx context.Context, docString string, attestationCfg config.AttestationCfg, log debugLog, ) (string, error) { - var doc attestationDoc + var doc vtpm.AttestationDocument if err := json.Unmarshal([]byte(docString), &doc); err != nil { - return "", fmt.Errorf("unmarshal attestation document: %w", err) + return "", fmt.Errorf("unmarshalling attestation document: %w", err) } - instanceInfo, err := extractInstanceInfo(doc) - if err != nil { + switch attestationCfg.GetVariant() { + case variant.AWSSEVSNP{}, variant.AzureSEVSNP{}, variant.GCPSEVSNP{}: + return snpFormatJSON(ctx, doc.InstanceInfo, attestationCfg, log) + case variant.AzureTDX{}: + return tdxFormatJSON(doc.InstanceInfo, attestationCfg) + default: + return "", fmt.Errorf("json output is not supported for variant %s", attestationCfg.GetVariant()) + } +} + +func snpFormatJSON(ctx context.Context, instanceInfoRaw []byte, attestationCfg config.AttestationCfg, log debugLog, +) (string, error) { + var instanceInfo snp.InstanceInfo + if err := json.Unmarshal(instanceInfoRaw, &instanceInfo); err != nil { return "", fmt.Errorf("unmarshalling instance info: %w", err) } - report, err := verify.NewReport(ctx, instanceInfo, attestationCfg, f.log) + report, err := verify.NewReport(ctx, instanceInfo, attestationCfg, log) if err != nil { return "", fmt.Errorf("parsing SNP report: %w", err) } jsonBytes, err := json.Marshal(report) - return string(jsonBytes), err } -type rawAttestationDocFormatter struct { - log debugLog -} +func tdxFormatJSON(instanceInfoRaw []byte, attestationCfg config.AttestationCfg) (string, error) { + var rawQuote []byte -// format returns the raw attestation doc. -func (f *rawAttestationDocFormatter) format(_ context.Context, docString string, _ bool, - _ config.AttestationCfg, -) (string, error) { - b := &strings.Builder{} - b.WriteString("Attestation Document:\n") - b.WriteString(fmt.Sprintf("%s\n", docString)) - return b.String(), nil -} + if attestationCfg.GetVariant().Equal(variant.AzureTDX{}) { + var instanceInfo azuretdx.InstanceInfo + if err := json.Unmarshal(instanceInfoRaw, &instanceInfo); err != nil { + return "", fmt.Errorf("unmarshalling instance info: %w", err) + } + rawQuote = instanceInfo.AttestationReport + } -type defaultAttestationDocFormatter struct { - log debugLog + tdxQuote, err := abi.QuoteToProto(rawQuote) + if err != nil { + return "", fmt.Errorf("converting quote to proto: %w", err) + } + quote, ok := tdxQuote.(*tdx.QuoteV4) + if !ok { + return "", fmt.Errorf("unexpected quote type: %T", tdxQuote) + } + + quoteJSON, err := json.Marshal(quote) + return string(quoteJSON), err } // format returns the formatted attestation doc. -func (f *defaultAttestationDocFormatter) format(ctx context.Context, docString string, PCRsOnly bool, - attestationCfg config.AttestationCfg, +func formatDefault(ctx context.Context, docString string, attestationCfg config.AttestationCfg, log debugLog, ) (string, error) { b := &strings.Builder{} b.WriteString("Attestation Document:\n") - var doc attestationDoc + var doc vtpm.AttestationDocument if err := json.Unmarshal([]byte(docString), &doc); err != nil { return "", fmt.Errorf("unmarshal attestation document: %w", err) } - if err := f.parseQuotes(b, doc.Attestation.Quotes, attestationCfg.GetMeasurements()); err != nil { + if err := parseQuotes(b, doc.Attestation.Quotes, attestationCfg.GetMeasurements()); err != nil { return "", fmt.Errorf("parse quote: %w", err) } - if PCRsOnly { + + // If we have a non SNP variant, print only the PCRs + if !(attestationCfg.GetVariant().Equal(variant.AzureSEVSNP{}) || + attestationCfg.GetVariant().Equal(variant.AWSSEVSNP{}) || + attestationCfg.GetVariant().Equal(variant.GCPSEVSNP{})) { return b.String(), nil } - instanceInfo, err := extractInstanceInfo(doc) - if err != nil { + // SNP reports contain extra information that we can print + var instanceInfo snp.InstanceInfo + if err := json.Unmarshal(doc.InstanceInfo, &instanceInfo); err != nil { return "", fmt.Errorf("unmarshalling instance info: %w", err) } - report, err := verify.NewReport(ctx, instanceInfo, attestationCfg, f.log) + report, err := verify.NewReport(ctx, instanceInfo, attestationCfg, log) if err != nil { return "", fmt.Errorf("parsing SNP report: %w", err) } @@ -339,7 +335,7 @@ func (f *defaultAttestationDocFormatter) format(ctx context.Context, docString s } // parseQuotes parses the base64-encoded quotes and writes their details to the output builder. -func (f *defaultAttestationDocFormatter) parseQuotes(b *strings.Builder, quotes []*tpmProto.Quote, expectedPCRs measurements.M) error { +func parseQuotes(b *strings.Builder, quotes []*tpmProto.Quote, expectedPCRs measurements.M) error { writeIndentfln(b, 1, "Quote:") var pcrNumbers []uint32 @@ -366,18 +362,6 @@ func (f *defaultAttestationDocFormatter) parseQuotes(b *strings.Builder, quotes return nil } -// attestationDoc is the attestation document returned by the verifier. -type attestationDoc struct { - Attestation struct { - AkPub string `json:"ak_pub"` - Quotes []*tpmProto.Quote `json:"quotes"` - EventLog string `json:"event_log"` - TeeAttestation interface{} `json:"TeeAttestation"` - } `json:"Attestation"` - InstanceInfo string `json:"InstanceInfo"` - UserData string `json:"UserData"` -} - type constellationVerifier struct { dialer grpcInsecureDialer log debugLog @@ -432,19 +416,6 @@ func writeIndentfln(b *strings.Builder, indentLvl int, format string, args ...an b.WriteString(fmt.Sprintf(format+"\n", args...)) } -func extractInstanceInfo(doc attestationDoc) (snp.InstanceInfo, error) { - instanceInfoString, err := base64.StdEncoding.DecodeString(doc.InstanceInfo) - if err != nil { - return snp.InstanceInfo{}, fmt.Errorf("decode instance info: %w", err) - } - - var instanceInfo snp.InstanceInfo - if err := json.Unmarshal(instanceInfoString, &instanceInfo); err != nil { - return snp.InstanceInfo{}, fmt.Errorf("unmarshal instance info: %w", err) - } - return instanceInfo, nil -} - func addPortIfMissing(endpoint string, defaultPort int) (string, error) { if endpoint == "" { return "", errors.New("endpoint is empty") diff --git a/cli/internal/cmd/verify_test.go b/cli/internal/cmd/verify_test.go index a695a7c2f..9968a4ab4 100644 --- a/cli/internal/cmd/verify_test.go +++ b/cli/internal/cmd/verify_test.go @@ -47,7 +47,6 @@ func TestVerify(t *testing.T) { testCases := map[string]struct { provider cloudprovider.Provider protoClient *stubVerifyClient - formatter *stubAttDocFormatter nodeEndpointFlag string clusterIDFlag string stateFile *state.State @@ -62,7 +61,6 @@ func TestVerify(t *testing.T) { protoClient: &stubVerifyClient{}, stateFile: defaultStateFile(cloudprovider.GCP), wantEndpoint: "192.0.2.1:1234", - formatter: &stubAttDocFormatter{}, }, "azure": { provider: cloudprovider.Azure, @@ -71,7 +69,6 @@ func TestVerify(t *testing.T) { protoClient: &stubVerifyClient{}, stateFile: defaultStateFile(cloudprovider.Azure), wantEndpoint: "192.0.2.1:1234", - formatter: &stubAttDocFormatter{}, }, "default port": { provider: cloudprovider.GCP, @@ -80,7 +77,6 @@ func TestVerify(t *testing.T) { protoClient: &stubVerifyClient{}, stateFile: defaultStateFile(cloudprovider.GCP), wantEndpoint: "192.0.2.1:" + strconv.Itoa(constants.VerifyServiceNodePortGRPC), - formatter: &stubAttDocFormatter{}, }, "endpoint not set": { provider: cloudprovider.GCP, @@ -91,8 +87,7 @@ func TestVerify(t *testing.T) { s.Infrastructure.ClusterEndpoint = "" return s }(), - formatter: &stubAttDocFormatter{}, - wantErr: true, + wantErr: true, }, "endpoint from state file": { provider: cloudprovider.GCP, @@ -104,7 +99,6 @@ func TestVerify(t *testing.T) { return s }(), wantEndpoint: "192.0.2.1:" + strconv.Itoa(constants.VerifyServiceNodePortGRPC), - formatter: &stubAttDocFormatter{}, }, "override endpoint from details file": { provider: cloudprovider.GCP, @@ -117,7 +111,6 @@ func TestVerify(t *testing.T) { return s }(), wantEndpoint: "192.0.2.2:1234", - formatter: &stubAttDocFormatter{}, }, "invalid endpoint": { provider: cloudprovider.GCP, @@ -125,7 +118,6 @@ func TestVerify(t *testing.T) { clusterIDFlag: zeroBase64, protoClient: &stubVerifyClient{}, stateFile: defaultStateFile(cloudprovider.GCP), - formatter: &stubAttDocFormatter{}, wantErr: true, }, "neither owner id nor cluster id set": { @@ -137,7 +129,6 @@ func TestVerify(t *testing.T) { s.ClusterValues.ClusterID = "" return s }(), - formatter: &stubAttDocFormatter{}, protoClient: &stubVerifyClient{}, wantErr: true, }, @@ -151,14 +142,12 @@ func TestVerify(t *testing.T) { return s }(), wantEndpoint: "192.0.2.1:1234", - formatter: &stubAttDocFormatter{}, }, "config file not existing": { provider: cloudprovider.GCP, clusterIDFlag: zeroBase64, nodeEndpointFlag: "192.0.2.1:1234", stateFile: defaultStateFile(cloudprovider.GCP), - formatter: &stubAttDocFormatter{}, skipConfigCreation: true, wantErr: true, }, @@ -168,7 +157,6 @@ func TestVerify(t *testing.T) { clusterIDFlag: zeroBase64, protoClient: &stubVerifyClient{verifyErr: rpcStatus.Error(codes.Internal, "failed")}, stateFile: defaultStateFile(cloudprovider.Azure), - formatter: &stubAttDocFormatter{}, wantErr: true, }, "error protoClient GetState not rpc": { @@ -177,17 +165,6 @@ func TestVerify(t *testing.T) { clusterIDFlag: zeroBase64, protoClient: &stubVerifyClient{verifyErr: someErr}, stateFile: defaultStateFile(cloudprovider.Azure), - formatter: &stubAttDocFormatter{}, - wantErr: true, - }, - "format error": { - provider: cloudprovider.Azure, - nodeEndpointFlag: "192.0.2.1:1234", - clusterIDFlag: zeroBase64, - protoClient: &stubVerifyClient{}, - stateFile: defaultStateFile(cloudprovider.Azure), - wantEndpoint: "192.0.2.1:1234", - formatter: &stubAttDocFormatter{formatErr: someErr}, wantErr: true, }, } @@ -214,12 +191,10 @@ func TestVerify(t *testing.T) { flags: verifyFlags{ clusterID: tc.clusterIDFlag, endpoint: tc.nodeEndpointFlag, + output: "raw", }, } - formatterFac := func(_ string, _ variant.Variant, _ debugLog) (attestationDocFormatter, error) { - return tc.formatter, nil - } - err := v.verify(cmd, tc.protoClient, formatterFac, stubAttestationFetcher{}) + err := v.verify(cmd, tc.protoClient, stubAttestationFetcher{}) if tc.wantErr { assert.Error(err) } else { @@ -231,36 +206,20 @@ func TestVerify(t *testing.T) { } } -type stubAttDocFormatter struct { - formatErr error -} - -func (f *stubAttDocFormatter) format(_ context.Context, _ string, _ bool, _ config.AttestationCfg) (string, error) { - return "", f.formatErr -} - -func TestFormat(t *testing.T) { - formatter := func() *defaultAttestationDocFormatter { - return &defaultAttestationDocFormatter{ - log: logger.NewTest(t), - } - } - +func TestFormatDefault(t *testing.T) { testCases := map[string]struct { - formatter *defaultAttestationDocFormatter - doc string - wantErr bool + doc string + wantErr bool }{ "invalid doc": { - formatter: formatter(), - doc: "invalid", - wantErr: true, + doc: "invalid", + wantErr: true, }, } for name, tc := range testCases { t.Run(name, func(t *testing.T) { - _, err := tc.formatter.format(context.Background(), tc.doc, false, nil) + _, err := formatDefault(context.Background(), tc.doc, nil, logger.NewTest(t)) if tc.wantErr { assert.Error(t, err) } else { @@ -502,9 +461,8 @@ func TestParseQuotes(t *testing.T) { assert := assert.New(t) b := &strings.Builder{} - parser := &defaultAttestationDocFormatter{} - err := parser.parseQuotes(b, tc.quotes, tc.expectedPCRs) + err := parseQuotes(b, tc.quotes, tc.expectedPCRs) if tc.wantErr { assert.Error(err) } else { diff --git a/internal/attestation/azure/tdx/issuer.go b/internal/attestation/azure/tdx/issuer.go index e04b066a6..082616635 100644 --- a/internal/attestation/azure/tdx/issuer.go +++ b/internal/attestation/azure/tdx/issuer.go @@ -90,7 +90,7 @@ func (i *Issuer) getInstanceInfo(ctx context.Context, tpm io.ReadWriteCloser, _ return nil, fmt.Errorf("getting quote: %w", err) } - instanceInfo := instanceInfo{ + instanceInfo := InstanceInfo{ AttestationReport: quote, RuntimeData: runtimeData, } diff --git a/internal/attestation/azure/tdx/tdx.go b/internal/attestation/azure/tdx/tdx.go index 815a43ae2..eaee6161a 100644 --- a/internal/attestation/azure/tdx/tdx.go +++ b/internal/attestation/azure/tdx/tdx.go @@ -19,7 +19,8 @@ More specifically: */ package tdx -type instanceInfo struct { +// InstanceInfo wraps the TDX report with additional Azure specific runtime data. +type InstanceInfo struct { AttestationReport []byte RuntimeData []byte } diff --git a/internal/attestation/azure/tdx/validator.go b/internal/attestation/azure/tdx/validator.go index 5b090dae9..02a8d3d6d 100644 --- a/internal/attestation/azure/tdx/validator.go +++ b/internal/attestation/azure/tdx/validator.go @@ -58,7 +58,7 @@ func NewValidator(cfg *config.AzureTDX, log attestation.Logger) *Validator { } func (v *Validator) getTrustedTPMKey(_ context.Context, attDoc vtpm.AttestationDocument, _ []byte) (crypto.PublicKey, error) { - var instanceInfo instanceInfo + var instanceInfo InstanceInfo if err := json.Unmarshal(attDoc.InstanceInfo, &instanceInfo); err != nil { return nil, err } diff --git a/internal/verify/verify.go b/internal/verify/verify.go index d674c4237..27e5db853 100644 --- a/internal/verify/verify.go +++ b/internal/verify/verify.go @@ -157,7 +157,7 @@ func getCertChain(cfg config.AttestationCfg) ([]byte, error) { return certChain, nil } -// FormatString builds a string representation of a report that is inteded for console output. +// FormatString builds a string representation of a report that is intended for console output. func (r *Report) FormatString(b *strings.Builder) (string, error) { if len(r.ReportSigner) != 1 { return "", fmt.Errorf("expected exactly one report signing certificate, found %d", len(r.ReportSigner)) From 63dc0c79affba834fd4bc2bb9604f5c42cd5776b Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Fri, 14 Jun 2024 08:14:39 +0200 Subject: [PATCH 074/380] image: update measurements and image version (#3167) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index 2a8f4e96b..146e0a549 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x60, 0xb5, 0x80, 0xce, 0x89, 0xbd, 0x3d, 0x6f, 0x1c, 0x7f, 0x57, 0xb9, 0xf4, 0x75, 0xbc, 0x4e, 0x75, 0xd0, 0x3f, 0xf9, 0x5f, 0x9f, 0x6f, 0xb3, 0x5e, 0xda, 0xc7, 0x15, 0x63, 0xeb, 0x18, 0x50}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x31, 0xe3, 0xa2, 0x67, 0xa8, 0x72, 0x1f, 0x66, 0x7a, 0x67, 0xb6, 0x6a, 0x36, 0xd3, 0x6d, 0xa9, 0xd3, 0xfa, 0x24, 0xc7, 0x15, 0xd0, 0x15, 0xcc, 0xfd, 0x4f, 0x94, 0xb8, 0x69, 0x7f, 0x0e, 0xcc}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xab, 0x2f, 0x9c, 0x07, 0x07, 0x08, 0x2a, 0x69, 0xb9, 0x07, 0xa3, 0x07, 0xac, 0x86, 0x8d, 0x3e, 0x06, 0x95, 0x7d, 0xcb, 0x14, 0xdf, 0x73, 0xb4, 0x2b, 0x16, 0xc7, 0x24, 0x01, 0xea, 0xe3, 0x67}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x31, 0x57, 0xe6, 0x36, 0x44, 0x12, 0xaa, 0x1d, 0x49, 0xb5, 0xc8, 0xac, 0xf6, 0xd3, 0xa5, 0xa7, 0x85, 0xcf, 0x07, 0xdb, 0x31, 0xa3, 0x88, 0xcd, 0xc6, 0x5c, 0x65, 0x01, 0xee, 0xdd, 0xba, 0x9d}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x6c, 0x08, 0x02, 0x81, 0xc4, 0x57, 0x87, 0x15, 0x57, 0x1e, 0xb7, 0xbd, 0x4c, 0x85, 0x34, 0xb9, 0x4b, 0xf1, 0x8a, 0x38, 0x6e, 0x9c, 0x11, 0x99, 0xb0, 0x83, 0x33, 0xcd, 0xfe, 0x41, 0x2d, 0x53}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x92, 0x4f, 0x17, 0x18, 0x02, 0xc0, 0x56, 0xf1, 0x66, 0xba, 0x9e, 0x38, 0x90, 0x4f, 0xf9, 0xa2, 0x09, 0xce, 0x30, 0x8d, 0x63, 0xdb, 0x0e, 0xd7, 0x3e, 0xcf, 0xe8, 0x33, 0xa1, 0xc8, 0x2c, 0x00}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x06, 0xc0, 0xdd, 0xc2, 0x95, 0xcb, 0x59, 0x4b, 0x67, 0x9e, 0xe9, 0x43, 0xfa, 0x4b, 0xa4, 0x40, 0xa9, 0xd7, 0x1d, 0x26, 0xc9, 0x60, 0xa6, 0x47, 0xab, 0xa5, 0x58, 0x67, 0xca, 0xa2, 0x6a, 0x38}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x96, 0x7c, 0x33, 0xff, 0x8f, 0x21, 0x98, 0x47, 0xc1, 0xb1, 0x4a, 0xc1, 0x44, 0x5f, 0xcb, 0xb6, 0xa2, 0xdb, 0xbe, 0x5d, 0x1d, 0x7e, 0x4f, 0xbf, 0x3d, 0x3d, 0x70, 0xbc, 0xf4, 0xaf, 0xea, 0xea}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x03, 0x8c, 0x14, 0x02, 0x17, 0xef, 0x61, 0xfc, 0xa9, 0x6f, 0x85, 0xd5, 0xb1, 0x2c, 0xfe, 0x14, 0x90, 0x04, 0xff, 0x08, 0xb9, 0x62, 0x54, 0xc7, 0xcc, 0x1b, 0x7b, 0xbe, 0xf6, 0xa8, 0xdb, 0xca}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xbd, 0x44, 0xab, 0xda, 0xd4, 0x6d, 0xe2, 0xf3, 0xc3, 0x51, 0x3a, 0xce, 0x87, 0x1b, 0xb1, 0xe5, 0xff, 0xca, 0xd2, 0x3a, 0x26, 0xf6, 0xfd, 0x37, 0x02, 0x97, 0x03, 0x79, 0x0a, 0xf4, 0x68, 0xe3}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x38, 0xa5, 0x40, 0x6e, 0x1b, 0xe1, 0xdd, 0x3b, 0x99, 0x19, 0x41, 0xc4, 0x20, 0xdc, 0xe5, 0x10, 0xdb, 0xb8, 0x76, 0x46, 0x26, 0x92, 0x7b, 0x97, 0xf2, 0xfe, 0xa1, 0xe8, 0x7c, 0x6f, 0x35, 0xb4}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x51, 0x8a, 0xce, 0x20, 0xf0, 0xd0, 0xbb, 0xf4, 0x08, 0xef, 0xc4, 0xab, 0xdc, 0x9c, 0x78, 0x75, 0x52, 0x37, 0xc6, 0x9a, 0x0e, 0x0b, 0xe7, 0x0b, 0x9f, 0x43, 0x87, 0x72, 0x00, 0x92, 0x5f, 0xd0}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x86, 0x7d, 0xd6, 0xf6, 0x96, 0xb7, 0xee, 0x48, 0x08, 0xf8, 0xe4, 0xa8, 0xb0, 0x1d, 0x2b, 0xb8, 0x10, 0x41, 0x4e, 0x1e, 0x4a, 0x64, 0x79, 0x8a, 0x06, 0x24, 0x1c, 0x13, 0xa9, 0xcf, 0xb1, 0xf4}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xf8, 0xb4, 0xf4, 0x03, 0xee, 0xe9, 0xc0, 0x81, 0x06, 0xba, 0x91, 0x5f, 0x23, 0x42, 0x69, 0xb9, 0xc6, 0xc2, 0xc9, 0xd4, 0xf6, 0x8b, 0xf5, 0x09, 0xd7, 0x2f, 0x41, 0xe1, 0x26, 0xec, 0x8a, 0x69}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xce, 0x06, 0x18, 0x71, 0x71, 0x88, 0x8f, 0x25, 0x6a, 0x96, 0xdc, 0x08, 0xf2, 0x1c, 0x41, 0xa4, 0x7c, 0xbe, 0x32, 0x84, 0x45, 0xa8, 0xa9, 0xb4, 0x45, 0xc8, 0x1c, 0x1e, 0xde, 0xc0, 0x2c, 0xef}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x34, 0xc6, 0x22, 0xef, 0xd5, 0x50, 0xc5, 0x15, 0x57, 0x6d, 0x39, 0xc7, 0x7d, 0xd3, 0xa6, 0x03, 0x0a, 0x3a, 0x4c, 0x26, 0x8f, 0x98, 0xdf, 0x2e, 0x2a, 0x9c, 0x4b, 0xc1, 0xb0, 0x55, 0x7a, 0xb5}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xca, 0x2c, 0xd4, 0x12, 0xd9, 0x1e, 0x34, 0xbb, 0x6e, 0xc1, 0xb5, 0x9b, 0x1b, 0xa0, 0xde, 0x05, 0xc6, 0x86, 0x71, 0x9b, 0x66, 0x32, 0xc3, 0x15, 0xef, 0x30, 0xbb, 0x5b, 0xe0, 0x3b, 0x84, 0x23}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x24, 0x3a, 0x39, 0x9a, 0xfb, 0xea, 0xef, 0x42, 0x9f, 0xbb, 0x59, 0x08, 0xaf, 0x77, 0x80, 0xc2, 0x29, 0x35, 0xd8, 0x5e, 0x7b, 0xc0, 0x0a, 0x30, 0xb2, 0x3e, 0x22, 0x73, 0x4c, 0x33, 0x94, 0xfe}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x99, 0x6a, 0xfe, 0xf4, 0xb8, 0x00, 0xe0, 0xee, 0xdf, 0x34, 0xd7, 0x4c, 0xa2, 0xc5, 0x3a, 0x8a, 0x7a, 0x61, 0x64, 0x13, 0x43, 0xd8, 0xb5, 0xc2, 0x96, 0x24, 0x00, 0xe9, 0x47, 0x7a, 0x2f, 0x17}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xa9, 0x30, 0x6f, 0xeb, 0x17, 0xe9, 0x76, 0xcd, 0xfd, 0x0e, 0x7a, 0x2e, 0x8f, 0x0f, 0x47, 0x0c, 0xe6, 0xd9, 0x0a, 0xca, 0x83, 0xd7, 0x24, 0xe5, 0xfc, 0x09, 0xc5, 0x94, 0x09, 0x4e, 0x9d, 0xbc}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xc7, 0x26, 0xbe, 0x5a, 0xd3, 0x3e, 0x98, 0x62, 0xca, 0x87, 0xc5, 0x81, 0xd3, 0xcd, 0x4b, 0x02, 0x77, 0x20, 0x62, 0x8f, 0xdd, 0xd9, 0xf2, 0x4b, 0x42, 0x87, 0x82, 0x28, 0x13, 0xff, 0xd3, 0x0d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x6c, 0xc2, 0x0c, 0x74, 0x1e, 0x8a, 0x63, 0x91, 0x38, 0xe2, 0x14, 0xc0, 0xb5, 0x0e, 0x73, 0x7a, 0x23, 0xc4, 0x20, 0x39, 0xa8, 0x75, 0x6a, 0xa3, 0x8b, 0xc0, 0xed, 0xbb, 0x2d, 0xee, 0x6c, 0x8c}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xed, 0xbe, 0x85, 0x91, 0x65, 0xa4, 0x26, 0xd3, 0xfe, 0xa2, 0xde, 0x13, 0xff, 0xba, 0x31, 0xee, 0x2f, 0x0f, 0x6d, 0x4e, 0xe0, 0x5c, 0xa8, 0x97, 0x98, 0x80, 0x41, 0xba, 0x93, 0xaa, 0x47, 0x7a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x1b, 0x8a, 0x8c, 0x6d, 0x11, 0x69, 0xb3, 0x2d, 0xd2, 0x0a, 0x36, 0xa3, 0x41, 0xd7, 0x1f, 0xb8, 0x7f, 0xf8, 0x6c, 0x3c, 0x13, 0x50, 0x01, 0x9c, 0xfa, 0x3f, 0x09, 0x68, 0x9e, 0x10, 0x6f, 0x0f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x71, 0x81, 0x3a, 0xfe, 0x79, 0xdf, 0x30, 0xf0, 0x3d, 0xc9, 0x29, 0x48, 0x63, 0x78, 0x7a, 0x7f, 0x21, 0xc5, 0xf5, 0x40, 0x0a, 0x2c, 0xe5, 0xc9, 0xba, 0x9a, 0xbd, 0xba, 0xc5, 0x9a, 0x40, 0xa5}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x1f, 0x8a, 0xb8, 0x90, 0xbe, 0x23, 0x07, 0x7d, 0x7d, 0x25, 0x4b, 0x15, 0xa6, 0xeb, 0x09, 0x01, 0x8a, 0x05, 0x34, 0x0a, 0x40, 0x3f, 0x8c, 0xde, 0x7a, 0x38, 0x3f, 0xc2, 0xa5, 0xf8, 0x38, 0xa7}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x24, 0x8c, 0xe0, 0x34, 0x62, 0x51, 0x28, 0x95, 0x79, 0x31, 0x40, 0x6a, 0xcc, 0x24, 0x99, 0x99, 0xc1, 0x4a, 0x39, 0xfd, 0xe3, 0x78, 0x46, 0x20, 0x9d, 0xcb, 0xfd, 0x73, 0x0c, 0x23, 0xd8, 0xad}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xd5, 0xf2, 0x18, 0x4d, 0xc5, 0x0e, 0x65, 0x26, 0x0c, 0x2b, 0xe0, 0xc0, 0x82, 0x8f, 0x91, 0xb8, 0x66, 0x53, 0x54, 0x4d, 0x0a, 0x38, 0xc6, 0xb8, 0x70, 0x25, 0x03, 0x35, 0x44, 0x69, 0xe3, 0xc1}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xf8, 0x07, 0xc8, 0xb5, 0x45, 0x26, 0xc2, 0x54, 0x6d, 0x3e, 0xf3, 0xc5, 0x26, 0x6b, 0x9a, 0xf8, 0x3d, 0xfe, 0xd6, 0x8d, 0x9a, 0x89, 0x9f, 0x76, 0xf7, 0x22, 0x3b, 0x52, 0x4b, 0x92, 0x5e, 0xbf}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x29, 0xc8, 0x1d, 0xf6, 0x22, 0x56, 0x2e, 0x65, 0xfe, 0x2b, 0x4f, 0xe5, 0x6f, 0xbb, 0x15, 0x1d, 0x63, 0x4d, 0x85, 0xde, 0x13, 0x90, 0x85, 0x86, 0x79, 0xbb, 0x2a, 0xef, 0x94, 0x31, 0x26, 0x3c}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0x2b, 0xfe, 0xf0, 0x78, 0x24, 0xf3, 0x95, 0x36, 0x44, 0x46, 0x09, 0x58, 0xe6, 0xc2, 0x87, 0x53, 0x65, 0xec, 0xcc, 0xd9, 0xdd, 0x7c, 0xf9, 0x1d, 0xcf, 0x78, 0x37, 0x1e, 0x77, 0xb7, 0x62, 0xc8}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x33, 0x7b, 0xc7, 0xdb, 0x95, 0x13, 0xef, 0xc6, 0xfc, 0xba, 0xd6, 0x09, 0x73, 0x15, 0xff, 0x5d, 0x72, 0x42, 0xff, 0x0c, 0xa7, 0x54, 0x06, 0xac, 0xc2, 0x90, 0xb3, 0x27, 0xd1, 0xf1, 0x7a, 0xfa}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xaf, 0x71, 0x1f, 0x71, 0xa3, 0x9c, 0x68, 0x9f, 0x30, 0x38, 0x36, 0x8e, 0xfc, 0x0f, 0xaa, 0xc6, 0x87, 0x47, 0xe8, 0x4d, 0xb2, 0xc1, 0x13, 0xdd, 0x56, 0x1c, 0x1f, 0x41, 0xaf, 0xff, 0x76, 0xa9}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x8c, 0x7f, 0x7e, 0x28, 0x80, 0x9c, 0xe3, 0x6b, 0xe8, 0x25, 0xeb, 0x9c, 0x24, 0xc1, 0x93, 0x6b, 0x76, 0x92, 0xda, 0xeb, 0x46, 0xef, 0x9c, 0x93, 0xd7, 0xba, 0x6a, 0x3f, 0x7f, 0xdb, 0x30, 0x04}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x9a, 0x94, 0x2c, 0xc1, 0x8a, 0x23, 0x4d, 0xf3, 0xbf, 0x9c, 0x49, 0x43, 0x85, 0xa8, 0x34, 0xf5, 0xed, 0x52, 0xc0, 0xf4, 0xc1, 0x23, 0x89, 0x55, 0xd6, 0x34, 0xeb, 0x6d, 0xec, 0x6b, 0x05, 0x27}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x4c, 0x34, 0xc7, 0x25, 0x6a, 0x82, 0xc8, 0xbe, 0xac, 0xb3, 0x9b, 0x52, 0x67, 0x6f, 0xd1, 0xbb, 0xa1, 0x7e, 0x62, 0xa2, 0x35, 0x3c, 0x97, 0xdc, 0xab, 0xa0, 0xdf, 0x30, 0xc9, 0x3c, 0xa3, 0xef}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x8a, 0xa2, 0xcc, 0x7d, 0x60, 0xbd, 0x61, 0x80, 0x16, 0x1f, 0x77, 0x53, 0xaa, 0x21, 0x0f, 0xff, 0x11, 0xc6, 0x0a, 0xc2, 0xa9, 0x03, 0xc1, 0x95, 0x46, 0x0e, 0x94, 0x70, 0x70, 0x65, 0x12, 0x10}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xf1, 0xa4, 0x75, 0x23, 0xdd, 0x2f, 0xbf, 0x86, 0x71, 0x33, 0xbb, 0x78, 0x8b, 0x08, 0xbd, 0x5e, 0xec, 0x69, 0x39, 0xa9, 0x68, 0xd3, 0xa3, 0x03, 0xab, 0x08, 0x76, 0x79, 0xec, 0x90, 0xc1, 0xc0}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf7, 0xb3, 0x46, 0x95, 0x13, 0x21, 0x41, 0x57, 0xc2, 0xf3, 0x35, 0x50, 0xc3, 0x22, 0xb3, 0xa8, 0x2e, 0x99, 0xf7, 0xfb, 0xd0, 0x3f, 0x05, 0x31, 0x7e, 0xf3, 0xa5, 0xac, 0x8a, 0x3b, 0x83, 0x12}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0xa8, 0xae, 0xfc, 0x83, 0xcb, 0xb4, 0x06, 0xf3, 0x94, 0x24, 0x73, 0x73, 0x8f, 0xe9, 0xe4, 0x1f, 0x51, 0xd3, 0x22, 0x62, 0xca, 0x02, 0x5e, 0xf4, 0x82, 0x25, 0x9d, 0xe3, 0xd8, 0x5a, 0x01, 0xfd}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x8e, 0x2c, 0x82, 0x12, 0xa8, 0x5f, 0x9d, 0x91, 0xeb, 0xf9, 0xe0, 0xac, 0x5a, 0x0b, 0x9a, 0x0a, 0x99, 0xf0, 0xad, 0xc1, 0x00, 0x7d, 0xad, 0x22, 0xe1, 0x13, 0x5c, 0xa0, 0x06, 0x15, 0x75, 0x5c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x06, 0x0a, 0xb0, 0x24, 0xf2, 0x03, 0x00, 0xed, 0xcd, 0x0e, 0x23, 0x52, 0xe4, 0x80, 0x32, 0x3c, 0xe5, 0xb2, 0xa8, 0x3c, 0xa7, 0xea, 0x93, 0x93, 0x3c, 0x14, 0x50, 0xe4, 0xac, 0xc3, 0x1f, 0x13}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0x24, 0xe1, 0x5e, 0xd3, 0x21, 0xb3, 0x6f, 0x16, 0xc0, 0x33, 0x62, 0xb1, 0x2d, 0x13, 0xd0, 0xd7, 0xea, 0x1b, 0x7f, 0xfa, 0x3c, 0x2f, 0x36, 0x35, 0x2d, 0xdb, 0x9b, 0xf4, 0xad, 0x4b, 0xdc, 0xc7}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x19, 0xe6, 0x23, 0xd4, 0xea, 0xf1, 0x13, 0x89, 0xb3, 0x72, 0xb8, 0xd1, 0xe1, 0xa9, 0x66, 0x18, 0x3b, 0xa4, 0xd2, 0x11, 0x59, 0xa4, 0x77, 0x58, 0xf7, 0xe7, 0x43, 0x22, 0x7b, 0xf5, 0x5d, 0xc8}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x70, 0x94, 0x59, 0xb0, 0xc8, 0xb1, 0xcd, 0xfa, 0x3a, 0x2c, 0x0c, 0x15, 0xf4, 0x03, 0x43, 0xc9, 0x2e, 0x45, 0x78, 0xef, 0xce, 0x67, 0x4b, 0xbd, 0xba, 0xa6, 0xa9, 0x5c, 0xbd, 0x60, 0xf5, 0x9f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0xf6, 0x4a, 0x05, 0x29, 0xca, 0x4b, 0x3e, 0xe6, 0xb4, 0x82, 0xcf, 0x3e, 0x05, 0xf7, 0x78, 0x4b, 0xd8, 0x9d, 0x4f, 0x9d, 0x8b, 0x80, 0x92, 0x90, 0xd9, 0x4f, 0x47, 0x66, 0x6f, 0x94, 0xfe, 0xf2}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x05, 0xe6, 0x6b, 0xa6, 0x6e, 0xec, 0x48, 0xf9, 0x7c, 0xef, 0x91, 0xa3, 0x34, 0xf5, 0x7f, 0x92, 0xab, 0x09, 0x44, 0x09, 0x87, 0x04, 0x82, 0xa0, 0xc8, 0x55, 0xd0, 0xf6, 0xe6, 0x0c, 0x8e, 0xee}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x18, 0x65, 0x21, 0xfa, 0xba, 0x4d, 0x53, 0xed, 0x97, 0xd5, 0x12, 0xe5, 0x05, 0xbf, 0x86, 0xb6, 0x41, 0xce, 0x46, 0x46, 0x15, 0x32, 0xf1, 0x01, 0xa1, 0x93, 0x0d, 0x93, 0x2b, 0x1e, 0x3d, 0x44}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index 8554be78b..03a0d7089 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.17.0-pre.0.20240611201542-08770a69c490" + defaultImage = "ref/main/stream/nightly/v2.17.0-pre.0.20240612131827-daaa7755a723" ) From 566137e7ab69c6ccac6ef8e934b76c3189aca83e Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Fri, 14 Jun 2024 13:31:42 +0200 Subject: [PATCH 075/380] ci: make cdbg deploy errors easier to spot (#3168) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> --- .github/actions/cdbg_deploy/action.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/actions/cdbg_deploy/action.yml b/.github/actions/cdbg_deploy/action.yml index 7917fcde1..87908a6e8 100644 --- a/.github/actions/cdbg_deploy/action.yml +++ b/.github/actions/cdbg_deploy/action.yml @@ -112,4 +112,8 @@ runs: --info logcollect.deployment-type="debugd" \ --verbosity=-1 \ --force + if [[ $? -ne 0 ]]; then + echo "::error::cdbg deploy failed" + exit 1 + fi echo "::endgroup::" From 429711bf5db72908a725a52d5fc670527d0560ba Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Fri, 14 Jun 2024 13:32:10 +0200 Subject: [PATCH 076/380] ci: don't assign 3u13r (#3169) --- .github/actions/pick_assignee/action.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/actions/pick_assignee/action.yml b/.github/actions/pick_assignee/action.yml index e46d24ff2..e6838c89e 100644 --- a/.github/actions/pick_assignee/action.yml +++ b/.github/actions/pick_assignee/action.yml @@ -15,7 +15,6 @@ runs: run: | possibleAssignees=( "elchead" - "3u13r" "daniel-weisse" "msanft" "burgerdev" From e0f52b4acda6cf52975547de8cfb8173bb761729 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Sun, 16 Jun 2024 11:05:20 +0200 Subject: [PATCH 077/380] image: update locked rpms (#3170) Co-authored-by: edgelessci --- image/mirror/SHA256SUMS | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/image/mirror/SHA256SUMS b/image/mirror/SHA256SUMS index 7b19eec1c..15040ca7c 100644 --- a/image/mirror/SHA256SUMS +++ b/image/mirror/SHA256SUMS @@ -1,5 +1,5 @@ 37abef83e8927b4b48f69fcbdcc249d349c6029cc669401676d01f0ea326999e WALinuxAgent-udev-2.10.0.8-2.fc40.noarch.rpm -a1d1bd1e3dd3f133c984039219a05703cb38b073daf8a864bd95805747633103 aardvark-dns-1.10.0-1.fc40.x86_64.rpm +8a934257282276e953748cbc9eca045f5d79047027bfad9fcc630e697fe05c15 aardvark-dns-1.11.0-1.fc40.x86_64.rpm ac860c52abbc65af5835d1bd97400c531a5635d39bc1d68e36a1fe54863385ea alternatives-1.27-1.fc40.x86_64.rpm a8aac6e068011d76e89536ffcb29e516c3ccd0095ef8ada0a37a9fd21a2b39b0 audit-libs-4.0.1-1.fc40.i686.rpm 5b6386ac345c3fd388c509df4ad31ffe04f1a1ed6eb4f10d2b5f56c2a5b300dc audit-libs-4.0.1-1.fc40.x86_64.rpm @@ -18,8 +18,8 @@ adf4b75cdd9fae9d2d37fb71d9f0bf625a6705c0f0a7784569ab21463fe22152 conntrack-tool f4f43dd33d14def444e9516ac8d59a7fd4fbceb2c56b662f0c0943af65771b3a container-selinux-2.231.0-1.fc40.noarch.rpm bbe29e0c7b4ca076d50b4ac3954eb383459230d96b13f353ee71ebd5de33b6d1 containerd-1.6.23-5.fc40.x86_64.rpm 25fffa3b5f1b0b2349fd6f8f6ccb6e84936c50eeb8d4a292bcc2b74895fa7fcc containernetworking-plugins-1.4.0-4.fc40.x86_64.rpm -f0331dd3c17a46a9eebcb2c3b3d5bd5f91094d833f645ffc6e19dcbbd667b73e containers-common-0.59.1-1.fc40.noarch.rpm -862d242442ffb6a315c773b680643596ebb8615cf4d5cba02f80b9462fc2f8a4 containers-common-extra-0.59.1-1.fc40.noarch.rpm +80b36160387e4a77682c271b78b36dd807d876015649e72af4bc2ad4cb385337 containers-common-0.59.1-2.fc40.noarch.rpm +f2378a31b2f03887fbc675900b82ede2c4f56d51442188c1bd545a17b03e6ddd containers-common-extra-0.59.1-2.fc40.noarch.rpm d90e0c786e9406ac4f4db67a8d4bbf3d7bf724797dbf1dd422ff376eaa214b3e coreutils-single-9.4-6.fc40.x86_64.rpm d941a78ffb6e2e0b4c24d0097d0351ced8796edde90208b4bddee459bce0a949 cpio-2.15-1.fc40.x86_64.rpm faa23cb6a7a612c0a6e874c788c5add967c5e193bd38c2e6093b82b38a162f81 cracklib-2.9.11-5.fc40.i686.rpm @@ -153,10 +153,10 @@ c8b9967345ed0393c17101b970bb86258380494d99edf07787bc32ee4de96a7b libfdisk-2.40. 2481691bd2ee6aab48b1a0306357337007b2b0af082e4fdef47dcc5a8a8357be libfdisk-2.40.1-1.fc40.x86_64.rpm 25caa7ee56f6013369c2fac26afd3035a7d580af0b919621ba8d495d13a5af86 libffi-3.4.4-7.fc40.x86_64.rpm f9c5369b6d168a2b8e46159bc41ef0755ee1a8d12f4c6766fdfe23e827cf5cdf libfido2-1.14.0-4.fc40.x86_64.rpm -ac68d7fca5d7270bac34e222a9ed96f6ff6414244fbe8f0ba9f84726971052ba libgcc-14.1.1-4.fc40.i686.rpm -58de52cd0daa1f6ad6f1b2b0d4bd362a9e21be9594f0c3f1e14d88fff86028bd libgcc-14.1.1-4.fc40.x86_64.rpm +70c2dfc6e940f568498863f388927b4d6293325a0170837676f107f8e4eacfae libgcc-14.1.1-5.fc40.i686.rpm +b46e8f4b4ada4bc652efaa6d6a38478a4415f0e590168470be27138821755d38 libgcc-14.1.1-5.fc40.x86_64.rpm 10c4c12c6539ffea68974cd9b57013d471ac35fe3bef4833c0a22f6b29fbf489 libgcrypt-1.10.3-3.fc40.x86_64.rpm -80f0c24f9d594c01543d550c7c3165d4e17240e3c8f61a8982ba85bf8a837f48 libgomp-14.1.1-4.fc40.x86_64.rpm +1b48152b2556b54e896e8f373d499e743dd068023b8bc92835c75301674750f0 libgomp-14.1.1-5.fc40.x86_64.rpm 8d0a9840e06e72ccf756fa5a79c49f572dc827b0c75ea5a1f923235150d27ae2 libgpg-error-1.49-1.fc40.x86_64.rpm 677a67726c759c94faa94475185e46d028f171c9215390ac601ccd914188afb2 libidn2-2.3.7-1.fc40.i686.rpm 2fd2038b4a94eeede34e46ed0e035e619f77d0e412c70cf4e9bb836957e8f31b libidn2-2.3.7-1.fc40.x86_64.rpm @@ -184,8 +184,8 @@ fa6dccd7aee4a74a5cfa12c7927c7326485704ebe57c54774b0f157fda639360 libnsl2-2.0.1- bb9ceaba0d3283777777524e8c99b8eaa2155e9000d8e3ef5d0ece336f8c1392 libpsl-0.21.5-3.fc40.x86_64.rpm 87e8725c378e16a983abee0b8bfbdaf2214f32b55c822741e627db34427ed9a3 libpwquality-1.4.5-9.fc40.i686.rpm 210e797a265da7111c1a59eca95f9e301ad05c5c8772aed54af9363e5684950b libpwquality-1.4.5-9.fc40.x86_64.rpm -c34657225d5c9c57dc9261e765cb85704397eec6ec4fa01a6ee6ae2b2fcf87dc libseccomp-2.5.3-8.fc40.i686.rpm -40e88dedc3fc64e70f0c2c16af598d9701c089cd205d5bf312517984bf0194fa libseccomp-2.5.3-8.fc40.x86_64.rpm +571fad7baa286ca36a2b2cdb171d22142ba82b99663ec0408b5db99514773956 libseccomp-2.5.5-1.fc40.i686.rpm +91668f5d08a663948c7d888d7cdef3248285c5d9fbe369ae031d7ca31c6e398c libseccomp-2.5.5-1.fc40.x86_64.rpm 280edce0c5cda3a725edaca0db10a16d1c4b24b849a8ddfeac066ddb84057e6e libsecret-0.21.4-2.fc40.x86_64.rpm 97f18f8852a7b60a2990f6cb25f39de0593599eb6ba0e455436bc783f34b931e libselinux-3.6-4.fc40.i686.rpm b67135643467acef3417d6f961ef3dc987ca726681a25026fce29cbd15fa76f9 libselinux-3.6-4.fc40.x86_64.rpm @@ -198,7 +198,7 @@ d5e6fc8b4595cccae415bc18b971ea4a4ed64c816e45de5d3f588b78ecf12708 libsepol-3.6-3 302124d98a491472ec0982b89afbf576922d6921a89dda479d354e6582566f0e libsmartcols-2.40.1-1.fc40.x86_64.rpm 45d032fb4d59ee0f6a921dd1f0addfcdd38fc46917243fdd6248194ffddb9067 libsodium-1.0.20-1.fc40.x86_64.rpm c8bbfa2762cc601f8a97d8d5a39a658f0e91ba477ebebd798b30f7fc8ffdd457 libss-1.47.0-5.fc40.x86_64.rpm -bac37be0a003b3b520f62218bd5c743846a9ca5278cbe1cf3ced2cd15b638d73 libstdc++-14.1.1-4.fc40.x86_64.rpm +b66ef7d6e8a08a3c19b4c76ffd8dc5256cb22414ed2fadce0b4249d2eed2212a libstdc++-14.1.1-5.fc40.x86_64.rpm d92173d6fbfb7e2af3b35a8554229e247666e15dc5b36cba43b7bbfc4144b781 libtasn1-4.19.0-6.fc40.x86_64.rpm adc082c8d4af5cc81a9de428c39de59717177109aedb4b15888a8ca9d51167ab libtirpc-1.3.4-1.rc3.fc40.x86_64.rpm e5d150d23f95e4a23288b84145af442607a88bf457c0e04b325b1d1e8e708c2b libtool-ltdl-2.4.7-10.fc40.x86_64.rpm @@ -235,7 +235,7 @@ b404c27af03bb1e43fb0dc472d5a1fa152e0563fa2e4eefa29199c47578a829b nano-default-e 8a93376ce7423bd1a649a13f4b5105f270b4603f5cf3b3e230bdbda7f25dd788 ncurses-base-6.4-12.20240127.fc40.noarch.rpm 39bba59320e6276a3b7b07bc94d319511bdd7d32ba098fd49723f4d542794d41 ncurses-libs-6.4-12.20240127.fc40.i686.rpm a18edf32e89aefd453998d5d0ec3aa1ea193dac43f80b99db195abd7e8cf1a04 ncurses-libs-6.4-12.20240127.fc40.x86_64.rpm -07253a2a49c6554632408bc006af14847eb5d89551e7221678de5f24a228ce8a netavark-1.10.3-3.fc40.x86_64.rpm +47c9ccca51428497dfe8d39d86f77b13135f2c621608f29d6ce2994c556d2b2b netavark-1.11.0-1.fc40.x86_64.rpm 16172412cfd45453292e18f84fc57e42a3ce92aca72b47ef7e15b44554049cfe nettle-3.9.1-6.fc40.x86_64.rpm 188ce5004e6ed764b4a619b64a4a0f36f1cc4fa919fe0a300599ff1171844144 nftables-1.0.9-3.fc40.x86_64.rpm 784e0fbc9ccb7087c10f4c41edbed13904f94244ff658f308614abe48cdf0d42 npth-1.7-1.fc40.x86_64.rpm @@ -307,8 +307,8 @@ d400a4e4440bea56566fb1e9582d86d1ac2e07745d37fa6e71f43a8fea05217c rpm-plugin-sel 63af9d11e956f54577a54460afda4377d78fdb9e265b1eae3f0f7a6f94f70146 runc-1.1.12-3.fc40.x86_64.rpm 3b940ff1f16fdb3ddcc19d7d76241c9b81d81099ff5147c4c9967d2c4ca6fb5b sbsigntools-0.9.5-3.fc40.x86_64.rpm 6a21b2c132a54fd6d9acb846d0a96289ab739b745cdc4c2b31bdbf6b2434a1a7 sed-4.9-1.fc40.x86_64.rpm -98191fd64cf0ffaea15897596afb4c71b0a78c0fea726fc256be5298d7756299 selinux-policy-40.20-1.fc40.noarch.rpm -fa363e31c6664b972a4adc5b9077375bb21492a2fc9df3dc6076889adf120deb selinux-policy-targeted-40.20-1.fc40.noarch.rpm +bf0464a5b04d278d5fc13050636fba3b4fee3fad60cee06b65db86d285ab0222 selinux-policy-40.22-1.fc40.noarch.rpm +d1832cbe051d0582764af725c00a6a133d00d17b4f5d53a4bd78c724ac3af051 selinux-policy-targeted-40.22-1.fc40.noarch.rpm 89862f646cd64e81497f01a8b69ab30ac8968c47afef92a2c333608fdb90ccc1 setup-2.14.5-2.fc40.noarch.rpm 95a0cce33e56359aa09507abfed062fb47a554307b0a029e6d2f076b813ae8d2 shadow-utils-4.15.1-3.fc40.x86_64.rpm 0c1072b40e5fe451e7d2bc1a7530e743303591c3d26bce0ac2e09ff05b50ae26 shadow-utils-subid-4.15.1-3.fc40.x86_64.rpm @@ -335,20 +335,20 @@ c3be8a6d0ea23b1d0bf466b19857b97f7ffde811ad7adec0599161059d84cc74 tpm2-tss-4.1.3 41b777c50f1ec74795551c7d930a3d6eceab278ff03608893a5dbd49f2de5363 util-linux-2.40.1-1.fc40.x86_64.rpm 7ec1b5df780c5a30f8e901179480125a6ea87f1f7bad3b69da7f4b351b88c3dd util-linux-core-2.40-0.9.rc1.fc40.x86_64.rpm a00108f45cd60afffb9c1b5db8bef9c6fd5b3c233a546dde787efa5b4485e5b6 util-linux-core-2.40.1-1.fc40.x86_64.rpm -22875117bc7b5d47f1edec6daa06e1c8d167b692c31954a28dcf5426eae12369 vim-common-9.1.393-1.fc40.x86_64.rpm -3face3fce765d64b1112213f80ac36dcf6f1521d5b1cbdb6b3e50822ce9a8e24 vim-data-9.1.393-1.fc40.noarch.rpm -1e9362eca139cee383318efa5818450768c5d44d063621d5600704aa05929149 vim-enhanced-9.1.393-1.fc40.x86_64.rpm -3c57e0840dfd7073e5ac0a2d5ae240960bc593689ab027face333a3e76284c60 vim-filesystem-9.1.393-1.fc40.noarch.rpm +de119b002ef0c038d7327ecfc62e0813ee11bbb158d6eb02c58b1c1a3ca6e9f3 vim-common-9.1.452-1.fc40.x86_64.rpm +19c2b029e7cf77fa55842ba4837ec7639da48a03eac0831db704e4f9c51451f4 vim-data-9.1.452-1.fc40.noarch.rpm +3cbc4622416817ea08a75d9749d5bbc60f7b6eef76ee7072f90b83c3d4cdd147 vim-enhanced-9.1.452-1.fc40.x86_64.rpm +148354b6558f424f6edb76f0791bed5bc2a3080b9ae8847ac733dcb779f9fede vim-filesystem-9.1.452-1.fc40.noarch.rpm f573dbcaf6d08e84af7313b397a181efe369f5362908498f7c4a7ca80dad4170 wget2-2.1.0-9.fc40.x86_64.rpm 1cfb812e281cfa2059b7f753d8548810a3edc9e289b4313a2f60f361a51e300b wget2-libs-2.1.0-9.fc40.x86_64.rpm 21075ae2e021a0b0ec00e62f5441e4a975d39cc2c58183b7c855942f40b24539 wget2-wget-2.1.0-9.fc40.x86_64.rpm cf0306ceed1c6b3be39060d85f16b1953b464d3a625488b170d3b7aadf600645 which-2.21-41.fc40.x86_64.rpm 4ede95a2fa3bc0ae617c8bf3a375b800163d58733b4829b15d9f038505d79fee whois-nls-5.5.20-3.fc40.noarch.rpm e2195010e857f56b19246f8b821f9391922880b7691b3728a413f540edc890a6 xkeyboard-config-2.41-1.fc40.noarch.rpm -7a455af0f845962e84ee327a32a26a369ba15f328400ad24c49d68e351ece175 xxd-9.1.393-1.fc40.x86_64.rpm +13d927ed9d982c8fe37dd1a588df077b0d289b1c6d701a6b5f67e8a4048198db xxd-9.1.452-1.fc40.x86_64.rpm ee599a1c4d7ee635e54ec137af4dded83f433b9c8a5976f75ecdcd000b5246e3 xz-5.4.6-3.fc40.x86_64.rpm b92ef78d8ab424c22130e457d0ef691d8197bff61c3b8852205d1b02baba3819 xz-libs-5.4.6-3.fc40.i686.rpm b6ee44b3d7e494b0364f26b7d0b169a8092180af787423cd5e8a47dc0f738a66 xz-libs-5.4.6-3.fc40.x86_64.rpm 9e263e0a9b656178519de20733f3e0950fef494aa056daaa2004b522ba50b952 yajl-2.1.0-23.fc40.x86_64.rpm -b51702fa6253036579b2b7fcc2f5146f589c4ee1ef759cf80c6c1730f2023ed7 zlib-ng-compat-2.1.6-2.fc40.i686.rpm -02ed309305b380ed7ac270798e820e963dff51ba51200da30e6188193598178c zlib-ng-compat-2.1.6-2.fc40.x86_64.rpm +ba3ac34d621acd1c9a0efd0af555fafb4884a06052868edd3a18a49058d601f1 zlib-ng-compat-2.1.6-5.fc40.i686.rpm +29bd795ee1598cd4dd1b2bb738fd8247d8567ec1156bf597dc8c57a7e34ce492 zlib-ng-compat-2.1.6-5.fc40.x86_64.rpm From 9d99d05826d01e0ec80cda00b2994df72a4808c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Mon, 17 Jun 2024 13:38:59 +0200 Subject: [PATCH 078/380] cli: fix unmarshalling of sev-snp attestation documents in `constellation verify` (#3171) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- cli/internal/cmd/BUILD.bazel | 2 + cli/internal/cmd/verify.go | 65 ++++++++++++++++++++++++--------- cli/internal/cmd/verify_test.go | 12 +++--- go.mod | 2 +- go.sum | 4 +- 5 files changed, 60 insertions(+), 25 deletions(-) diff --git a/cli/internal/cmd/BUILD.bazel b/cli/internal/cmd/BUILD.bazel index c2decf328..828a63d5b 100644 --- a/cli/internal/cmd/BUILD.bazel +++ b/cli/internal/cmd/BUILD.bazel @@ -114,6 +114,8 @@ go_library( "@com_github_google_go_tdx_guest//abi", "@com_github_google_go_tdx_guest//proto/tdx", "//internal/attestation/azure/tdx", + "@com_github_google_go_sev_guest//proto/sevsnp", + "@com_github_google_go_tpm_tools//proto/attest", ] + select({ "@io_bazel_rules_go//go/platform:android_amd64": [ "@org_golang_x_sys//unix", diff --git a/cli/internal/cmd/verify.go b/cli/internal/cmd/verify.go index 5bce0af2a..41e80e8f7 100644 --- a/cli/internal/cmd/verify.go +++ b/cli/internal/cmd/verify.go @@ -38,8 +38,10 @@ import ( "github.com/edgelesssys/constellation/v2/internal/verify" "github.com/edgelesssys/constellation/v2/verify/verifyproto" + "github.com/google/go-sev-guest/proto/sevsnp" "github.com/google/go-tdx-guest/abi" "github.com/google/go-tdx-guest/proto/tdx" + "github.com/google/go-tpm-tools/proto/attest" tpmProto "github.com/google/go-tpm-tools/proto/tpm" "github.com/spf13/afero" "github.com/spf13/cobra" @@ -191,16 +193,22 @@ func (c *verifyCmd) verify(cmd *cobra.Command, verifyClient verifyClient, config switch c.flags.output { case "json": attDocOutput, err = formatJSON(cmd.Context(), rawAttestationDoc, attConfig, c.log) + if err != nil { + return fmt.Errorf("printing attestation document: %w", err) + } + case "raw": attDocOutput = fmt.Sprintf("Attestation Document:\n%s\n", rawAttestationDoc) + case "": attDocOutput, err = formatDefault(cmd.Context(), rawAttestationDoc, attConfig, c.log) + if err != nil { + return fmt.Errorf("printing attestation document: %w", err) + } + default: return fmt.Errorf("invalid output value for formatter: %s", c.flags.output) } - if err != nil { - return fmt.Errorf("printing attestation document: %w", err) - } cmd.Println(attDocOutput) cmd.PrintErrln("Verification OK") @@ -242,10 +250,10 @@ func (c *verifyCmd) validateEndpointFlag(cmd *cobra.Command, stateFile *state.St } // formatJSON returns the json formatted attestation doc. -func formatJSON(ctx context.Context, docString string, attestationCfg config.AttestationCfg, log debugLog, +func formatJSON(ctx context.Context, docString []byte, attestationCfg config.AttestationCfg, log debugLog, ) (string, error) { - var doc vtpm.AttestationDocument - if err := json.Unmarshal([]byte(docString), &doc); err != nil { + doc, err := unmarshalAttDoc(docString, attestationCfg.GetVariant()) + if err != nil { return "", fmt.Errorf("unmarshalling attestation document: %w", err) } @@ -299,14 +307,14 @@ func tdxFormatJSON(instanceInfoRaw []byte, attestationCfg config.AttestationCfg) } // format returns the formatted attestation doc. -func formatDefault(ctx context.Context, docString string, attestationCfg config.AttestationCfg, log debugLog, +func formatDefault(ctx context.Context, docString []byte, attestationCfg config.AttestationCfg, log debugLog, ) (string, error) { b := &strings.Builder{} b.WriteString("Attestation Document:\n") - var doc vtpm.AttestationDocument - if err := json.Unmarshal([]byte(docString), &doc); err != nil { - return "", fmt.Errorf("unmarshal attestation document: %w", err) + doc, err := unmarshalAttDoc(docString, attestationCfg.GetVariant()) + if err != nil { + return "", fmt.Errorf("unmarshalling attestation document: %w", err) } if err := parseQuotes(b, doc.Attestation.Quotes, attestationCfg.GetMeasurements()); err != nil { @@ -370,11 +378,11 @@ type constellationVerifier struct { // Verify retrieves an attestation statement from the Constellation and verifies it using the validator. func (v *constellationVerifier) Verify( ctx context.Context, endpoint string, req *verifyproto.GetAttestationRequest, validator atls.Validator, -) (string, error) { +) ([]byte, error) { v.log.Debug(fmt.Sprintf("Dialing endpoint: %q", endpoint)) conn, err := v.dialer.DialInsecure(ctx, endpoint) if err != nil { - return "", fmt.Errorf("dialing init server: %w", err) + return nil, fmt.Errorf("dialing init server: %w", err) } defer conn.Close() @@ -383,24 +391,24 @@ func (v *constellationVerifier) Verify( v.log.Debug("Sending attestation request") resp, err := client.GetAttestation(ctx, req) if err != nil { - return "", fmt.Errorf("getting attestation: %w", err) + return nil, fmt.Errorf("getting attestation: %w", err) } v.log.Debug("Verifying attestation") signedData, err := validator.Validate(ctx, resp.Attestation, req.Nonce) if err != nil { - return "", fmt.Errorf("validating attestation: %w", err) + return nil, fmt.Errorf("validating attestation: %w", err) } if !bytes.Equal(signedData, []byte(constants.ConstellationVerifyServiceUserData)) { - return "", errors.New("signed data in attestation does not match expected user data") + return nil, errors.New("signed data in attestation does not match expected user data") } - return string(resp.Attestation), nil + return resp.Attestation, nil } type verifyClient interface { - Verify(ctx context.Context, endpoint string, req *verifyproto.GetAttestationRequest, validator atls.Validator) (string, error) + Verify(ctx context.Context, endpoint string, req *verifyproto.GetAttestationRequest, validator atls.Validator) ([]byte, error) } type grpcInsecureDialer interface { @@ -515,3 +523,26 @@ func decodeMeasurement(encoded string) ([]byte, error) { } return decoded, nil } + +func unmarshalAttDoc(attDocJSON []byte, attestationVariant variant.Variant) (vtpm.AttestationDocument, error) { + attDoc := vtpm.AttestationDocument{ + Attestation: &attest.Attestation{}, + } + + // Explicitly initialize this struct, as TeeAttestation + // is a "oneof" protobuf field, which needs an explicit + // type to be set to be unmarshaled correctly. + switch attestationVariant { + case variant.AzureTDX{}: + attDoc.Attestation.TeeAttestation = &attest.Attestation_TdxAttestation{ + TdxAttestation: &tdx.QuoteV4{}, + } + default: + attDoc.Attestation.TeeAttestation = &attest.Attestation_SevSnpAttestation{ + SevSnpAttestation: &sevsnp.Attestation{}, + } + } + + err := json.Unmarshal(attDocJSON, &attDoc) + return attDoc, err +} diff --git a/cli/internal/cmd/verify_test.go b/cli/internal/cmd/verify_test.go index 9968a4ab4..8458e5f50 100644 --- a/cli/internal/cmd/verify_test.go +++ b/cli/internal/cmd/verify_test.go @@ -208,18 +208,20 @@ func TestVerify(t *testing.T) { func TestFormatDefault(t *testing.T) { testCases := map[string]struct { - doc string + doc []byte + attCfg config.AttestationCfg wantErr bool }{ "invalid doc": { - doc: "invalid", + doc: []byte("invalid"), + attCfg: &config.AzureSEVSNP{}, wantErr: true, }, } for name, tc := range testCases { t.Run(name, func(t *testing.T) { - _, err := formatDefault(context.Background(), tc.doc, nil, logger.NewTest(t)) + _, err := formatDefault(context.Background(), tc.doc, tc.attCfg, logger.NewTest(t)) if tc.wantErr { assert.Error(t, err) } else { @@ -313,9 +315,9 @@ type stubVerifyClient struct { endpoint string } -func (c *stubVerifyClient) Verify(_ context.Context, endpoint string, _ *verifyproto.GetAttestationRequest, _ atls.Validator) (string, error) { +func (c *stubVerifyClient) Verify(_ context.Context, endpoint string, _ *verifyproto.GetAttestationRequest, _ atls.Validator) ([]byte, error) { c.endpoint = endpoint - return "", c.verifyErr + return nil, c.verifyErr } type stubVerifyAPI struct { diff --git a/go.mod b/go.mod index 76c413e0d..ed20810df 100644 --- a/go.mod +++ b/go.mod @@ -79,7 +79,7 @@ require ( github.com/golang-jwt/jwt/v5 v5.2.1 github.com/google/go-sev-guest v0.11.1 github.com/google/go-tdx-guest v0.3.1 - github.com/google/go-tpm v0.9.1-0.20240510201744-5c2f0887e003 + github.com/google/go-tpm v0.9.1 github.com/google/go-tpm-tools v0.4.4 github.com/google/uuid v1.6.0 github.com/googleapis/gax-go/v2 v2.12.4 diff --git a/go.sum b/go.sum index 6b654a03c..7b1072238 100644 --- a/go.sum +++ b/go.sum @@ -420,8 +420,8 @@ github.com/google/go-sev-guest v0.11.1 h1:gnww4U8fHV5DCPz4gykr1s8SEX1fFNcxCBy+vv github.com/google/go-sev-guest v0.11.1/go.mod h1:qBOfb+JmgsUI3aUyzQoGC13Kpp9zwLeWvuyXmA9q77w= github.com/google/go-tdx-guest v0.3.1 h1:gl0KvjdsD4RrJzyLefDOvFOUH3NAJri/3qvaL5m83Iw= github.com/google/go-tdx-guest v0.3.1/go.mod h1:/rc3d7rnPykOPuY8U9saMyEps0PZDThLk/RygXm04nE= -github.com/google/go-tpm v0.9.1-0.20240510201744-5c2f0887e003 h1:gfGQAIxsEEAuYuFvjCGpDnTwisMJOz+rUfJMkk4yTmc= -github.com/google/go-tpm v0.9.1-0.20240510201744-5c2f0887e003/go.mod h1:h9jEsEECg7gtLis0upRBQU+GhYVH6jMjrFxI8u6bVUY= +github.com/google/go-tpm v0.9.1 h1:0pGc4X//bAlmZzMKf8iz6IsDo1nYTbYJ6FZN/rg4zdM= +github.com/google/go-tpm v0.9.1/go.mod h1:h9jEsEECg7gtLis0upRBQU+GhYVH6jMjrFxI8u6bVUY= github.com/google/go-tpm-tools v0.4.4 h1:oiQfAIkc6xTy9Fl5NKTeTJkBTlXdHsxAofmQyxBKY98= github.com/google/go-tpm-tools v0.4.4/go.mod h1:T8jXkp2s+eltnCDIsXR84/MTcVU9Ja7bh3Mit0pa4AY= github.com/google/go-tspi v0.3.0 h1:ADtq8RKfP+jrTyIWIZDIYcKOMecRqNJFOew2IT0Inus= From 1975a10721ddb5af0c71f075ae33163fc1716a46 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Wed, 19 Jun 2024 08:26:57 +0200 Subject: [PATCH 079/380] image: update measurements and image version (#3172) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index 146e0a549..f71d8ea38 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x86, 0x7d, 0xd6, 0xf6, 0x96, 0xb7, 0xee, 0x48, 0x08, 0xf8, 0xe4, 0xa8, 0xb0, 0x1d, 0x2b, 0xb8, 0x10, 0x41, 0x4e, 0x1e, 0x4a, 0x64, 0x79, 0x8a, 0x06, 0x24, 0x1c, 0x13, 0xa9, 0xcf, 0xb1, 0xf4}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xf8, 0xb4, 0xf4, 0x03, 0xee, 0xe9, 0xc0, 0x81, 0x06, 0xba, 0x91, 0x5f, 0x23, 0x42, 0x69, 0xb9, 0xc6, 0xc2, 0xc9, 0xd4, 0xf6, 0x8b, 0xf5, 0x09, 0xd7, 0x2f, 0x41, 0xe1, 0x26, 0xec, 0x8a, 0x69}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xce, 0x06, 0x18, 0x71, 0x71, 0x88, 0x8f, 0x25, 0x6a, 0x96, 0xdc, 0x08, 0xf2, 0x1c, 0x41, 0xa4, 0x7c, 0xbe, 0x32, 0x84, 0x45, 0xa8, 0xa9, 0xb4, 0x45, 0xc8, 0x1c, 0x1e, 0xde, 0xc0, 0x2c, 0xef}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x34, 0xc6, 0x22, 0xef, 0xd5, 0x50, 0xc5, 0x15, 0x57, 0x6d, 0x39, 0xc7, 0x7d, 0xd3, 0xa6, 0x03, 0x0a, 0x3a, 0x4c, 0x26, 0x8f, 0x98, 0xdf, 0x2e, 0x2a, 0x9c, 0x4b, 0xc1, 0xb0, 0x55, 0x7a, 0xb5}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xca, 0x2c, 0xd4, 0x12, 0xd9, 0x1e, 0x34, 0xbb, 0x6e, 0xc1, 0xb5, 0x9b, 0x1b, 0xa0, 0xde, 0x05, 0xc6, 0x86, 0x71, 0x9b, 0x66, 0x32, 0xc3, 0x15, 0xef, 0x30, 0xbb, 0x5b, 0xe0, 0x3b, 0x84, 0x23}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x24, 0x3a, 0x39, 0x9a, 0xfb, 0xea, 0xef, 0x42, 0x9f, 0xbb, 0x59, 0x08, 0xaf, 0x77, 0x80, 0xc2, 0x29, 0x35, 0xd8, 0x5e, 0x7b, 0xc0, 0x0a, 0x30, 0xb2, 0x3e, 0x22, 0x73, 0x4c, 0x33, 0x94, 0xfe}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x99, 0x6a, 0xfe, 0xf4, 0xb8, 0x00, 0xe0, 0xee, 0xdf, 0x34, 0xd7, 0x4c, 0xa2, 0xc5, 0x3a, 0x8a, 0x7a, 0x61, 0x64, 0x13, 0x43, 0xd8, 0xb5, 0xc2, 0x96, 0x24, 0x00, 0xe9, 0x47, 0x7a, 0x2f, 0x17}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xa9, 0x30, 0x6f, 0xeb, 0x17, 0xe9, 0x76, 0xcd, 0xfd, 0x0e, 0x7a, 0x2e, 0x8f, 0x0f, 0x47, 0x0c, 0xe6, 0xd9, 0x0a, 0xca, 0x83, 0xd7, 0x24, 0xe5, 0xfc, 0x09, 0xc5, 0x94, 0x09, 0x4e, 0x9d, 0xbc}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xc7, 0x26, 0xbe, 0x5a, 0xd3, 0x3e, 0x98, 0x62, 0xca, 0x87, 0xc5, 0x81, 0xd3, 0xcd, 0x4b, 0x02, 0x77, 0x20, 0x62, 0x8f, 0xdd, 0xd9, 0xf2, 0x4b, 0x42, 0x87, 0x82, 0x28, 0x13, 0xff, 0xd3, 0x0d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x6c, 0xc2, 0x0c, 0x74, 0x1e, 0x8a, 0x63, 0x91, 0x38, 0xe2, 0x14, 0xc0, 0xb5, 0x0e, 0x73, 0x7a, 0x23, 0xc4, 0x20, 0x39, 0xa8, 0x75, 0x6a, 0xa3, 0x8b, 0xc0, 0xed, 0xbb, 0x2d, 0xee, 0x6c, 0x8c}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xed, 0xbe, 0x85, 0x91, 0x65, 0xa4, 0x26, 0xd3, 0xfe, 0xa2, 0xde, 0x13, 0xff, 0xba, 0x31, 0xee, 0x2f, 0x0f, 0x6d, 0x4e, 0xe0, 0x5c, 0xa8, 0x97, 0x98, 0x80, 0x41, 0xba, 0x93, 0xaa, 0x47, 0x7a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x1b, 0x8a, 0x8c, 0x6d, 0x11, 0x69, 0xb3, 0x2d, 0xd2, 0x0a, 0x36, 0xa3, 0x41, 0xd7, 0x1f, 0xb8, 0x7f, 0xf8, 0x6c, 0x3c, 0x13, 0x50, 0x01, 0x9c, 0xfa, 0x3f, 0x09, 0x68, 0x9e, 0x10, 0x6f, 0x0f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x5f, 0xb9, 0x12, 0x5f, 0x49, 0x40, 0x24, 0xdf, 0x57, 0x25, 0xe0, 0x30, 0x82, 0x21, 0x97, 0x5d, 0x0e, 0x8a, 0xcc, 0x53, 0x0e, 0x21, 0x47, 0x92, 0x1c, 0xa2, 0x1e, 0x1d, 0xe5, 0xf5, 0x3f, 0x3b}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd6, 0x45, 0xa0, 0x63, 0x6a, 0xc3, 0x59, 0xbf, 0x49, 0xa1, 0x17, 0x86, 0x37, 0xb2, 0xe4, 0xb2, 0x26, 0x09, 0xc4, 0xfa, 0xb3, 0xa6, 0x2d, 0x41, 0x10, 0x5a, 0x85, 0x0f, 0x81, 0xa9, 0x4c, 0x25}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe0, 0x9b, 0x89, 0xaf, 0x09, 0x9d, 0x9e, 0x0b, 0x98, 0x50, 0x79, 0x29, 0x89, 0x82, 0x0c, 0x51, 0x49, 0x20, 0x1d, 0xb2, 0x67, 0xa9, 0xeb, 0x04, 0x8a, 0xe3, 0x6f, 0x7f, 0xc5, 0xbc, 0xfe, 0xde}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x36, 0x56, 0xab, 0xd0, 0xe2, 0xe8, 0x1a, 0x56, 0x4f, 0x58, 0x40, 0x98, 0xfa, 0x75, 0x20, 0xba, 0x8e, 0xce, 0x28, 0xc7, 0x49, 0x31, 0x35, 0x3a, 0xb4, 0xf0, 0x4f, 0x7e, 0x64, 0xca, 0x55, 0x42}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x70, 0x4b, 0x35, 0x63, 0xec, 0x2d, 0x78, 0xe9, 0xf4, 0x7d, 0xdb, 0x20, 0x66, 0xd9, 0x88, 0x2a, 0x49, 0xea, 0x49, 0x07, 0xb2, 0xd1, 0xfb, 0x81, 0xcf, 0x62, 0xbc, 0x2e, 0xbb, 0xe2, 0x51, 0xa3}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa9, 0x36, 0xdf, 0xf6, 0xae, 0xf2, 0x1a, 0x2c, 0xaf, 0x01, 0xed, 0x0f, 0xd2, 0xda, 0x64, 0x66, 0xcc, 0x13, 0x17, 0xbe, 0xb7, 0x66, 0x2e, 0x4a, 0x2d, 0x46, 0x98, 0xce, 0xa4, 0x80, 0x46, 0xd9}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xd2, 0xed, 0x1c, 0x53, 0xf5, 0xcf, 0xbc, 0x07, 0xdd, 0x56, 0xe1, 0xb1, 0x7d, 0x79, 0xb5, 0xaa, 0x37, 0xb7, 0xbc, 0x89, 0x43, 0x3f, 0x3e, 0xb0, 0x87, 0x7a, 0x60, 0x0b, 0xf1, 0x22, 0xee, 0x37}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x23, 0xb1, 0xe9, 0x0a, 0xb4, 0x28, 0x51, 0x87, 0xb8, 0x8b, 0xae, 0x89, 0xbf, 0x7b, 0x92, 0xd0, 0x89, 0xdf, 0x10, 0xec, 0x86, 0xce, 0x94, 0xd0, 0xef, 0x71, 0xa4, 0xeb, 0x36, 0xc4, 0x42, 0xe2}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf5, 0x46, 0x9e, 0x45, 0x97, 0x7f, 0x10, 0x15, 0x6f, 0xcc, 0x3a, 0x90, 0xe9, 0xef, 0x38, 0xe3, 0x28, 0x81, 0xf9, 0x28, 0x79, 0x9d, 0x94, 0x89, 0x59, 0xfd, 0x0d, 0xd8, 0x17, 0x44, 0xb7, 0xbe}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x16, 0xee, 0x47, 0xd5, 0x0a, 0xf7, 0x39, 0xa6, 0xe3, 0xe9, 0x08, 0x90, 0x93, 0xcb, 0x48, 0xe7, 0x2b, 0x0d, 0x2f, 0x4f, 0xc0, 0xba, 0x78, 0x75, 0xd5, 0x93, 0x33, 0x74, 0x8d, 0x37, 0x8d, 0x6b}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x3d, 0xa3, 0xf2, 0x99, 0xb8, 0x98, 0x5c, 0x3d, 0xd8, 0x17, 0x00, 0x66, 0xc8, 0x59, 0x5e, 0x94, 0x9f, 0x26, 0xf6, 0x35, 0xcd, 0x87, 0xe2, 0xbd, 0x0d, 0xac, 0x1b, 0x1b, 0xa8, 0x19, 0x9e, 0x2c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x01, 0xcd, 0x09, 0x12, 0x7d, 0xf1, 0xd5, 0x3e, 0xef, 0x6b, 0xc6, 0x32, 0x58, 0x9d, 0xa0, 0xd4, 0x48, 0x63, 0x3f, 0x5b, 0xb1, 0x55, 0x7c, 0x91, 0x27, 0x84, 0xcf, 0xac, 0x00, 0x2a, 0xfb, 0x91}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x8c, 0x7f, 0x7e, 0x28, 0x80, 0x9c, 0xe3, 0x6b, 0xe8, 0x25, 0xeb, 0x9c, 0x24, 0xc1, 0x93, 0x6b, 0x76, 0x92, 0xda, 0xeb, 0x46, 0xef, 0x9c, 0x93, 0xd7, 0xba, 0x6a, 0x3f, 0x7f, 0xdb, 0x30, 0x04}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x9a, 0x94, 0x2c, 0xc1, 0x8a, 0x23, 0x4d, 0xf3, 0xbf, 0x9c, 0x49, 0x43, 0x85, 0xa8, 0x34, 0xf5, 0xed, 0x52, 0xc0, 0xf4, 0xc1, 0x23, 0x89, 0x55, 0xd6, 0x34, 0xeb, 0x6d, 0xec, 0x6b, 0x05, 0x27}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x4c, 0x34, 0xc7, 0x25, 0x6a, 0x82, 0xc8, 0xbe, 0xac, 0xb3, 0x9b, 0x52, 0x67, 0x6f, 0xd1, 0xbb, 0xa1, 0x7e, 0x62, 0xa2, 0x35, 0x3c, 0x97, 0xdc, 0xab, 0xa0, 0xdf, 0x30, 0xc9, 0x3c, 0xa3, 0xef}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x8a, 0xa2, 0xcc, 0x7d, 0x60, 0xbd, 0x61, 0x80, 0x16, 0x1f, 0x77, 0x53, 0xaa, 0x21, 0x0f, 0xff, 0x11, 0xc6, 0x0a, 0xc2, 0xa9, 0x03, 0xc1, 0x95, 0x46, 0x0e, 0x94, 0x70, 0x70, 0x65, 0x12, 0x10}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xf1, 0xa4, 0x75, 0x23, 0xdd, 0x2f, 0xbf, 0x86, 0x71, 0x33, 0xbb, 0x78, 0x8b, 0x08, 0xbd, 0x5e, 0xec, 0x69, 0x39, 0xa9, 0x68, 0xd3, 0xa3, 0x03, 0xab, 0x08, 0x76, 0x79, 0xec, 0x90, 0xc1, 0xc0}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf7, 0xb3, 0x46, 0x95, 0x13, 0x21, 0x41, 0x57, 0xc2, 0xf3, 0x35, 0x50, 0xc3, 0x22, 0xb3, 0xa8, 0x2e, 0x99, 0xf7, 0xfb, 0xd0, 0x3f, 0x05, 0x31, 0x7e, 0xf3, 0xa5, 0xac, 0x8a, 0x3b, 0x83, 0x12}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0xa8, 0xae, 0xfc, 0x83, 0xcb, 0xb4, 0x06, 0xf3, 0x94, 0x24, 0x73, 0x73, 0x8f, 0xe9, 0xe4, 0x1f, 0x51, 0xd3, 0x22, 0x62, 0xca, 0x02, 0x5e, 0xf4, 0x82, 0x25, 0x9d, 0xe3, 0xd8, 0x5a, 0x01, 0xfd}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x8e, 0x2c, 0x82, 0x12, 0xa8, 0x5f, 0x9d, 0x91, 0xeb, 0xf9, 0xe0, 0xac, 0x5a, 0x0b, 0x9a, 0x0a, 0x99, 0xf0, 0xad, 0xc1, 0x00, 0x7d, 0xad, 0x22, 0xe1, 0x13, 0x5c, 0xa0, 0x06, 0x15, 0x75, 0x5c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x06, 0x0a, 0xb0, 0x24, 0xf2, 0x03, 0x00, 0xed, 0xcd, 0x0e, 0x23, 0x52, 0xe4, 0x80, 0x32, 0x3c, 0xe5, 0xb2, 0xa8, 0x3c, 0xa7, 0xea, 0x93, 0x93, 0x3c, 0x14, 0x50, 0xe4, 0xac, 0xc3, 0x1f, 0x13}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xc8, 0x74, 0x4a, 0x59, 0x52, 0x67, 0xf9, 0x9c, 0x99, 0x7d, 0x2a, 0x9d, 0xe6, 0x42, 0x4f, 0x10, 0x97, 0x6a, 0xdc, 0xaf, 0x85, 0x44, 0x59, 0xe2, 0x45, 0xde, 0xe9, 0x5e, 0x89, 0x76, 0x87, 0x83}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x54, 0x43, 0xfe, 0x4c, 0x34, 0x9c, 0x97, 0xb4, 0x93, 0x72, 0x4b, 0xce, 0x43, 0x8c, 0xbc, 0xff, 0x3a, 0x01, 0x10, 0xd9, 0x2a, 0x3c, 0x8f, 0xfc, 0x50, 0x06, 0x07, 0x28, 0x84, 0x35, 0x2d, 0xad}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xb9, 0x86, 0x43, 0x00, 0x3c, 0xbc, 0x3d, 0x53, 0x52, 0xfe, 0x26, 0x8c, 0x6a, 0x68, 0xaa, 0x8a, 0xe4, 0x26, 0x51, 0xc3, 0xd2, 0xb6, 0xc1, 0xd0, 0xe0, 0x64, 0x44, 0x43, 0x5b, 0x9d, 0x30, 0xe6}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x67, 0x1b, 0xc9, 0xea, 0x17, 0x18, 0xb3, 0x44, 0x68, 0x78, 0x55, 0xbc, 0x7a, 0x65, 0x38, 0x65, 0xd8, 0x58, 0x3d, 0xf8, 0xf4, 0x69, 0x93, 0xda, 0x50, 0x1f, 0x86, 0x55, 0xb3, 0x7e, 0xfe, 0xbf}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x99, 0xbe, 0xba, 0x85, 0x4b, 0x90, 0xd4, 0x6e, 0x8f, 0x61, 0x06, 0x24, 0x6c, 0x8c, 0x96, 0x1d, 0x75, 0x2e, 0xe4, 0x69, 0xd2, 0x4e, 0x45, 0xed, 0x54, 0x60, 0x70, 0xa4, 0xaa, 0xda, 0x16, 0x77}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x25, 0xa0, 0x0c, 0x26, 0x91, 0x48, 0x2e, 0x7b, 0x9a, 0x5d, 0xf4, 0xea, 0x93, 0x0f, 0xc4, 0xa0, 0x9e, 0x16, 0x6e, 0x62, 0x43, 0xb9, 0x49, 0x5e, 0x55, 0x32, 0x55, 0x92, 0x7a, 0x3a, 0xab, 0x2e}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0xde, 0x57, 0x4b, 0xfe, 0x1c, 0x9a, 0xfb, 0xf5, 0x8b, 0xdb, 0x80, 0xfb, 0x94, 0x1f, 0x55, 0x24, 0xf0, 0xba, 0x56, 0x11, 0xbe, 0xa5, 0xe5, 0x84, 0x00, 0xfb, 0x2f, 0x7c, 0x69, 0x89, 0x43, 0x18}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x73, 0xa6, 0xf6, 0x5e, 0x47, 0xb8, 0x88, 0x1d, 0x01, 0x4b, 0x45, 0x39, 0xf5, 0x43, 0xa7, 0xfa, 0xdc, 0x15, 0x71, 0x2a, 0xb8, 0x9d, 0xea, 0x4c, 0x97, 0xef, 0x47, 0x79, 0x02, 0x21, 0x58, 0x38}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x05, 0xeb, 0x2f, 0x59, 0x78, 0xc3, 0xe7, 0xf4, 0xca, 0x93, 0xcd, 0x5f, 0x49, 0x6a, 0xe8, 0x2e, 0x73, 0x30, 0x6b, 0x24, 0xa7, 0xfb, 0x84, 0x61, 0xa3, 0xeb, 0x29, 0xec, 0x39, 0x4c, 0x58, 0x83}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0xf6, 0x4a, 0x05, 0x29, 0xca, 0x4b, 0x3e, 0xe6, 0xb4, 0x82, 0xcf, 0x3e, 0x05, 0xf7, 0x78, 0x4b, 0xd8, 0x9d, 0x4f, 0x9d, 0x8b, 0x80, 0x92, 0x90, 0xd9, 0x4f, 0x47, 0x66, 0x6f, 0x94, 0xfe, 0xf2}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x05, 0xe6, 0x6b, 0xa6, 0x6e, 0xec, 0x48, 0xf9, 0x7c, 0xef, 0x91, 0xa3, 0x34, 0xf5, 0x7f, 0x92, 0xab, 0x09, 0x44, 0x09, 0x87, 0x04, 0x82, 0xa0, 0xc8, 0x55, 0xd0, 0xf6, 0xe6, 0x0c, 0x8e, 0xee}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x18, 0x65, 0x21, 0xfa, 0xba, 0x4d, 0x53, 0xed, 0x97, 0xd5, 0x12, 0xe5, 0x05, 0xbf, 0x86, 0xb6, 0x41, 0xce, 0x46, 0x46, 0x15, 0x32, 0xf1, 0x01, 0xa1, 0x93, 0x0d, 0x93, 0x2b, 0x1e, 0x3d, 0x44}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0x27, 0xa9, 0xc9, 0x13, 0xee, 0xf7, 0x3e, 0xbc, 0xb8, 0x36, 0xce, 0xbe, 0xb1, 0x7d, 0x24, 0x51, 0x9e, 0x04, 0x60, 0x58, 0xf5, 0x8f, 0x14, 0xff, 0x40, 0x24, 0x9d, 0x6d, 0xc2, 0x68, 0xb9, 0xc3}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x41, 0x55, 0x2a, 0x53, 0xc0, 0x81, 0x79, 0x51, 0x96, 0x4b, 0x32, 0x89, 0x00, 0xde, 0x13, 0x5e, 0x8e, 0xf3, 0x10, 0x5d, 0x0b, 0xa0, 0x34, 0x40, 0x1c, 0x23, 0xb6, 0x6b, 0xa2, 0xd8, 0xf4, 0x37}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x91, 0x70, 0x13, 0xd8, 0xf1, 0x17, 0x2f, 0x6e, 0x02, 0x82, 0x35, 0xce, 0xc2, 0xe9, 0xb1, 0xd2, 0x87, 0xaf, 0xc5, 0x64, 0xc8, 0x56, 0x4f, 0xb1, 0x94, 0x39, 0xb7, 0x92, 0xdc, 0x5d, 0x9d, 0xb7}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index 03a0d7089..dfed58d6a 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.17.0-pre.0.20240612131827-daaa7755a723" + defaultImage = "ref/main/stream/nightly/v2.17.0-pre.0.20240617133859-9d99d05826d0" ) From 9a295b2c3a3e90cc1c7b5ab426958b15a69de9df Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Wed, 19 Jun 2024 12:19:41 +0200 Subject: [PATCH 080/380] ci: better fence around tidy-check-generate summary (#3174) --- .github/workflows/test-tidy.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test-tidy.yml b/.github/workflows/test-tidy.yml index 34c0ab0ff..a24a8ce98 100644 --- a/.github/workflows/test-tidy.yml +++ b/.github/workflows/test-tidy.yml @@ -98,10 +98,11 @@ jobs: exit 0 fi + # Use quadruple backticks to escape triple backticks in diff'ed files. cat << EOF >> "${GITHUB_STEP_SUMMARY}" - \`\`\`diff + \`\`\`\`diff ${diff} - \`\`\` + \`\`\`\` EOF if [[ "${{ steps.untidy.outputs.untidy }}" == "true" ]] && From 9cd11842442dab3864c07b8788c4836e0ee25401 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 19 Jun 2024 15:19:41 +0200 Subject: [PATCH 081/380] deps: update GitHub action dependencies (#3176) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/actions/build_micro_service/action.yml | 2 +- .github/actions/e2e_benchmark/action.yml | 2 +- .github/actions/find_latest_image/action.yml | 4 ++-- .github/actions/publish_helmchart/action.yml | 4 ++-- .github/workflows/assign_reviewer.yml | 2 +- .github/workflows/aws-snp-launchmeasurement.yml | 4 ++-- .github/workflows/build-binaries.yml | 2 +- .github/workflows/build-ccm-gcp.yml | 10 +++++----- .github/workflows/build-gcp-guest-agent.yml | 6 +++--- .github/workflows/build-libvirt-container.yml | 2 +- .github/workflows/build-logcollector-images.yml | 2 +- .github/workflows/build-os-image-scheduled.yml | 6 +++--- .github/workflows/build-os-image.yml | 4 ++-- .github/workflows/build-versionsapi-ci-image.yml | 2 +- .github/workflows/check-links.yml | 2 +- .github/workflows/codeql.yml | 6 +++--- .github/workflows/docs-vale.yml | 2 +- .github/workflows/draft-release.yml | 16 ++++++++-------- .github/workflows/e2e-attestationconfigapi.yml | 2 +- .github/workflows/e2e-cleanup-weekly.yml | 2 +- .github/workflows/e2e-mini.yml | 2 +- .github/workflows/e2e-test-daily.yml | 6 +++--- .github/workflows/e2e-test-provider-example.yml | 2 +- .github/workflows/e2e-test-release.yml | 2 +- .github/workflows/e2e-test-weekly.yml | 6 +++--- .github/workflows/e2e-test.yml | 8 ++++---- .github/workflows/e2e-upgrade.yml | 16 ++++++++-------- .github/workflows/e2e-windows.yml | 6 +++--- .github/workflows/on-release.yml | 8 ++++---- .github/workflows/purge-main.yml | 2 +- .github/workflows/release.yml | 12 ++++++------ .github/workflows/reproducible-builds.yml | 8 ++++---- .github/workflows/scorecard.yml | 4 ++-- .github/workflows/sync-terraform-docs.yml | 6 +++--- .github/workflows/test-integration.yml | 2 +- .github/workflows/test-operator-codegen.yml | 2 +- .github/workflows/test-tfsec.yml | 2 +- .github/workflows/test-tidy.yml | 2 +- .github/workflows/test-unittest.yml | 2 +- .github/workflows/update-rpms.yml | 4 ++-- .github/workflows/versionsapi.yml | 2 +- 41 files changed, 93 insertions(+), 93 deletions(-) diff --git a/.github/actions/build_micro_service/action.yml b/.github/actions/build_micro_service/action.yml index be1c69254..41aabcb62 100644 --- a/.github/actions/build_micro_service/action.yml +++ b/.github/actions/build_micro_service/action.yml @@ -62,7 +62,7 @@ runs: - name: Build and push container image id: build-micro-service - uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 + uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0 with: context: . file: ${{ inputs.dockerfile }} diff --git a/.github/actions/e2e_benchmark/action.yml b/.github/actions/e2e_benchmark/action.yml index 871e6cc7b..44f9e6777 100644 --- a/.github/actions/e2e_benchmark/action.yml +++ b/.github/actions/e2e_benchmark/action.yml @@ -48,7 +48,7 @@ runs: install kubestr /usr/local/bin - name: Checkout k8s-bench-suite - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 repository: "edgelesssys/k8s-bench-suite" diff --git a/.github/actions/find_latest_image/action.yml b/.github/actions/find_latest_image/action.yml index 11860b479..7c21308f9 100644 --- a/.github/actions/find_latest_image/action.yml +++ b/.github/actions/find_latest_image/action.yml @@ -26,13 +26,13 @@ runs: steps: - name: Checkout head if: inputs.imageVersion == '' && inputs.git-ref == 'head' - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Checkout ref if: inputs.imageVersion == '' && inputs.git-ref != 'head' - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ inputs.git-ref }} diff --git a/.github/actions/publish_helmchart/action.yml b/.github/actions/publish_helmchart/action.yml index 5580dd451..e96365851 100644 --- a/.github/actions/publish_helmchart/action.yml +++ b/.github/actions/publish_helmchart/action.yml @@ -13,7 +13,7 @@ runs: using: "composite" steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: repository: edgelesssys/helm ref: main @@ -29,7 +29,7 @@ runs: echo version=$(yq eval ".version" ${{ inputs.chartPath }}/Chart.yaml) | tee -a $GITHUB_OUTPUT - name: Create pull request - uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5 + uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0 with: path: helm branch: "release/s3proxy/${{ steps.update-chart-version.outputs.version }}" diff --git a/.github/workflows/assign_reviewer.yml b/.github/workflows/assign_reviewer.yml index b2a0517cb..b38330fdb 100644 --- a/.github/workflows/assign_reviewer.yml +++ b/.github/workflows/assign_reviewer.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest if: contains(github.event.pull_request.labels.*.name, 'dependencies') && toJson(github.event.pull_request.requested_reviewers) == '[]' && github.event.pull_request.user.login == 'renovate[bot]' steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Pick assignee id: pick-assignee uses: ./.github/actions/pick_assignee diff --git a/.github/workflows/aws-snp-launchmeasurement.yml b/.github/workflows/aws-snp-launchmeasurement.yml index ca4feeac8..4f90c5721 100644 --- a/.github/workflows/aws-snp-launchmeasurement.yml +++ b/.github/workflows/aws-snp-launchmeasurement.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout repository - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ github.head_ref }} path: constellation @@ -50,7 +50,7 @@ jobs: echo "ovmfPath=${ovmfPath}" | tee -a "$GITHUB_OUTPUT" popd || exit 1 - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: repository: virtee/sev-snp-measure-go.git ref: e42b6f8991ed5a671d5d1e02a6b61f6373f9f8d8 diff --git a/.github/workflows/build-binaries.yml b/.github/workflows/build-binaries.yml index 362cb6974..ca28f2030 100644 --- a/.github/workflows/build-binaries.yml +++ b/.github/workflows/build-binaries.yml @@ -22,7 +22,7 @@ jobs: runs-on: [arc-runner-set] steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/build-ccm-gcp.yml b/.github/workflows/build-ccm-gcp.yml index 5a4633fe0..4098fd9ca 100644 --- a/.github/workflows/build-ccm-gcp.yml +++ b/.github/workflows/build-ccm-gcp.yml @@ -19,10 +19,10 @@ jobs: latest: ${{ steps.find-latest.outputs.latest }} steps: - name: Checkout Constellation - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Checkout kubernetes/cloud-provider-gcp - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: repository: "kubernetes/cloud-provider-gcp" path: "cloud-provider-gcp" @@ -65,10 +65,10 @@ jobs: version: ${{ fromJson(needs.find-ccm-versions.outputs.versions) }} steps: - name: Checkout Constellation - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Checkout kubernetes/cloud-provider-gcp - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: repository: "kubernetes/cloud-provider-gcp" path: "cloud-provider-gcp" @@ -113,7 +113,7 @@ jobs: - name: Build and push container image id: build - uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 + uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0 with: context: ./cloud-provider-gcp push: ${{ github.ref_name == 'main' }} diff --git a/.github/workflows/build-gcp-guest-agent.yml b/.github/workflows/build-gcp-guest-agent.yml index f23c684e9..7c5aa2bf8 100644 --- a/.github/workflows/build-gcp-guest-agent.yml +++ b/.github/workflows/build-gcp-guest-agent.yml @@ -69,7 +69,7 @@ jobs: - name: Checkout GoogleCloudPlatform/guest-agent if: steps.needs-build.outputs.out == 'true' - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: repository: "GoogleCloudPlatform/guest-agent" ref: refs/tags/${{ steps.latest-release.outputs.latest }} @@ -77,7 +77,7 @@ jobs: - name: Checkout Constellation if: steps.needs-build.outputs.out == 'true' - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: path: "constellation" ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -114,7 +114,7 @@ jobs: - name: Build and push container image if: steps.needs-build.outputs.out == 'true' id: build - uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 + uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0 with: context: ./guest-agent file: ./constellation/3rdparty/gcp-guest-agent/Dockerfile diff --git a/.github/workflows/build-libvirt-container.yml b/.github/workflows/build-libvirt-container.yml index 655b6bae6..186db02c1 100644 --- a/.github/workflows/build-libvirt-container.yml +++ b/.github/workflows/build-libvirt-container.yml @@ -19,7 +19,7 @@ jobs: packages: write steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup bazel uses: ./.github/actions/setup_bazel_nix diff --git a/.github/workflows/build-logcollector-images.yml b/.github/workflows/build-logcollector-images.yml index 73bde8e64..082ac4287 100644 --- a/.github/workflows/build-logcollector-images.yml +++ b/.github/workflows/build-logcollector-images.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Check out repository id: checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/build-os-image-scheduled.yml b/.github/workflows/build-os-image-scheduled.yml index 0c35c546a..79f158b15 100644 --- a/.github/workflows/build-os-image-scheduled.yml +++ b/.github/workflows/build-os-image-scheduled.yml @@ -62,7 +62,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ github.head_ref }} token: ${{ secrets.CI_COMMIT_PUSH_PR }} @@ -100,7 +100,7 @@ jobs: run: rm -f internal/attestation/measurements/measurement-generator/generate - name: Create pull request - uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5 + uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0 with: branch: "image/automated/update-measurements-${{ github.run_number }}" base: main @@ -123,7 +123,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ github.head_ref }} diff --git a/.github/workflows/build-os-image.yml b/.github/workflows/build-os-image.yml index 0b2c3b1bd..3fec878a9 100644 --- a/.github/workflows/build-os-image.yml +++ b/.github/workflows/build-os-image.yml @@ -59,7 +59,7 @@ jobs: cliApiBasePath: ${{ steps.image-version.outputs.cliApiBasePath }} steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ inputs.ref || github.head_ref }} @@ -138,7 +138,7 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ inputs.ref || github.head_ref }} diff --git a/.github/workflows/build-versionsapi-ci-image.yml b/.github/workflows/build-versionsapi-ci-image.yml index 8d7e9c2dd..7c8aa449c 100644 --- a/.github/workflows/build-versionsapi-ci-image.yml +++ b/.github/workflows/build-versionsapi-ci-image.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Check out repository id: checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/check-links.yml b/.github/workflows/check-links.yml index 30e8626bf..6c3d4cbbb 100644 --- a/.github/workflows/check-links.yml +++ b/.github/workflows/check-links.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b394d4a21..b3510e552 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -34,7 +34,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup Go environment if: matrix.language == 'go' @@ -44,7 +44,7 @@ jobs: cache: false - name: Initialize CodeQL - uses: github/codeql-action/init@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 + uses: github/codeql-action/init@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 with: languages: ${{ matrix.language }} @@ -63,6 +63,6 @@ jobs: echo "::endgroup::" - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 + uses: github/codeql-action/analyze@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 with: category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/docs-vale.yml b/.github/workflows/docs-vale.yml index 12458d47e..095cbf9f1 100644 --- a/.github/workflows/docs-vale.yml +++ b/.github/workflows/docs-vale.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/draft-release.yml b/.github/workflows/draft-release.yml index 44a78d69d..730a136fa 100644 --- a/.github/workflows/draft-release.yml +++ b/.github/workflows/draft-release.yml @@ -72,7 +72,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ inputs.ref || github.head_ref }} @@ -133,7 +133,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ inputs.ref || github.head_ref }} @@ -169,7 +169,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ inputs.ref || github.head_ref }} @@ -187,7 +187,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ inputs.ref || github.head_ref }} @@ -219,7 +219,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ inputs.ref || github.head_ref }} @@ -256,7 +256,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ inputs.ref || github.head_ref }} @@ -332,7 +332,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ inputs.ref || github.head_ref }} @@ -405,7 +405,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ inputs.ref || github.head_ref }} diff --git a/.github/workflows/e2e-attestationconfigapi.yml b/.github/workflows/e2e-attestationconfigapi.yml index f00ae908d..09f4f554e 100644 --- a/.github/workflows/e2e-attestationconfigapi.yml +++ b/.github/workflows/e2e-attestationconfigapi.yml @@ -26,7 +26,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: # Don't trigger in forks, use head on pull requests, use default otherwise. ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || github.event.pull_request.head.sha || '' }} diff --git a/.github/workflows/e2e-cleanup-weekly.yml b/.github/workflows/e2e-cleanup-weekly.yml index b93f002a2..5bdb193a7 100644 --- a/.github/workflows/e2e-cleanup-weekly.yml +++ b/.github/workflows/e2e-cleanup-weekly.yml @@ -14,7 +14,7 @@ jobs: id-token: write steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Cleanup uses: ./.github/actions/e2e_cleanup_timeframe diff --git a/.github/workflows/e2e-mini.yml b/.github/workflows/e2e-mini.yml index 1d4805490..0b521551c 100644 --- a/.github/workflows/e2e-mini.yml +++ b/.github/workflows/e2e-mini.yml @@ -29,7 +29,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ inputs.ref || github.event.workflow_run.head_branch || github.head_ref }} diff --git a/.github/workflows/e2e-test-daily.yml b/.github/workflows/e2e-test-daily.yml index 8be319bec..97d8afce9 100644 --- a/.github/workflows/e2e-test-daily.yml +++ b/.github/workflows/e2e-test-daily.yml @@ -21,7 +21,7 @@ jobs: image-release-stable: ${{ steps.relabel-output.outputs.image-release-stable }} steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -65,7 +65,7 @@ jobs: needs: [find-latest-image] steps: - name: Check out repository - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -164,7 +164,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/e2e-test-provider-example.yml b/.github/workflows/e2e-test-provider-example.yml index f77941615..592492f84 100644 --- a/.github/workflows/e2e-test-provider-example.yml +++ b/.github/workflows/e2e-test-provider-example.yml @@ -71,7 +71,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ inputs.ref || github.head_ref }} diff --git a/.github/workflows/e2e-test-release.yml b/.github/workflows/e2e-test-release.yml index 401f9e241..5bcf04625 100644 --- a/.github/workflows/e2e-test-release.yml +++ b/.github/workflows/e2e-test-release.yml @@ -321,7 +321,7 @@ jobs: run: brew install coreutils kubectl bash - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 ref: ${{ inputs.ref || github.head_ref }} diff --git a/.github/workflows/e2e-test-weekly.yml b/.github/workflows/e2e-test-weekly.yml index bb7b14d2f..a66c8de0e 100644 --- a/.github/workflows/e2e-test-weekly.yml +++ b/.github/workflows/e2e-test-weekly.yml @@ -22,7 +22,7 @@ jobs: image-main-nightly: ${{ steps.relabel-output.outputs.image-main-nightly }} steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -317,7 +317,7 @@ jobs: needs: [find-latest-image] steps: - name: Check out repository - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -441,7 +441,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/e2e-test.yml b/.github/workflows/e2e-test.yml index b5011a0dd..5f5015394 100644 --- a/.github/workflows/e2e-test.yml +++ b/.github/workflows/e2e-test.yml @@ -174,13 +174,13 @@ jobs: steps: - name: Checkout head if: inputs.git-ref == 'head' - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Checkout ref if: inputs.git-ref != 'head' - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ inputs.git-ref }} @@ -211,13 +211,13 @@ jobs: - name: Checkout head if: inputs.git-ref == 'head' - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Checkout ref if: inputs.git-ref != 'head' - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ inputs.git-ref }} diff --git a/.github/workflows/e2e-upgrade.yml b/.github/workflows/e2e-upgrade.yml index b25825fec..4716ba82b 100644 --- a/.github/workflows/e2e-upgrade.yml +++ b/.github/workflows/e2e-upgrade.yml @@ -135,14 +135,14 @@ jobs: steps: - name: Checkout if: inputs.gitRef == 'head' - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Checkout ref if: inputs.gitRef != 'head' - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 ref: ${{ inputs.gitRef }} @@ -190,14 +190,14 @@ jobs: steps: - name: Checkout if: inputs.gitRef == 'head' - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Checkout ref if: inputs.gitRef != 'head' - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 ref: ${{ inputs.gitRef }} @@ -274,14 +274,14 @@ jobs: steps: - name: Checkout if: inputs.gitRef == 'head' - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Checkout ref if: inputs.gitRef != 'head' - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 ref: ${{ inputs.gitRef }} @@ -438,14 +438,14 @@ jobs: steps: - name: Checkout if: inputs.gitRef == 'head' - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Checkout ref if: inputs.gitRef != 'head' - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 ref: ${{ inputs.gitRef }} diff --git a/.github/workflows/e2e-windows.yml b/.github/workflows/e2e-windows.yml index 9f32dee02..f3dee7882 100644 --- a/.github/workflows/e2e-windows.yml +++ b/.github/workflows/e2e-windows.yml @@ -21,7 +21,7 @@ jobs: packages: write steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -56,7 +56,7 @@ jobs: needs: build-cli steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -186,7 +186,7 @@ jobs: inputs.scheduled steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/on-release.yml b/.github/workflows/on-release.yml index c0c04d32d..5004da580 100644 --- a/.github/workflows/on-release.yml +++ b/.github/workflows/on-release.yml @@ -26,7 +26,7 @@ jobs: WORKING_BRANCH: ${{ env.WORKING_BRANCH }} steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 # fetch all history @@ -49,7 +49,7 @@ jobs: latest: ${{ steps.input-passthrough.outputs.latest }}${{ steps.check-last-release.outputs.latest }} steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Override latest if: github.event.inputs.latest == 'true' @@ -123,7 +123,7 @@ jobs: contents: write steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Remove temporary branch run: git push origin --delete "${{needs.complete-release-branch-transaction.outputs.WORKING_BRANCH}}" @@ -137,7 +137,7 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - uses: ./.github/actions/setup_bazel_nix diff --git a/.github/workflows/purge-main.yml b/.github/workflows/purge-main.yml index e6e1cc79c..100851c0b 100644 --- a/.github/workflows/purge-main.yml +++ b/.github/workflows/purge-main.yml @@ -18,7 +18,7 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ github.head_ref }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 45ee106f5..0b85693a3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -33,7 +33,7 @@ jobs: RELEASE_BRANCH: ${{ steps.version-info.outputs.RELEASE_BRANCH }} WORKING_BRANCH: ${{ steps.version-info.outputs.WORKING_BRANCH }} steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Working branch run: echo "WORKING_BRANCH=$(git branch --show-current)" | tee -a "$GITHUB_ENV" @@ -85,7 +85,7 @@ jobs: MAJOR_MINOR: ${{ needs.verify-inputs.outputs.MAJOR_MINOR }} BRANCH: docs/${{ needs.verify-inputs.outputs.MAJOR_MINOR }} steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: main @@ -96,7 +96,7 @@ jobs: npm run docusaurus docs:version "${MAJOR_MINOR}" - name: Create docs pull request - uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5 + uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0 with: branch: ${{ env.BRANCH }} base: main @@ -123,7 +123,7 @@ jobs: WORKING_BRANCH: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }} steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }} @@ -161,7 +161,7 @@ jobs: WITHOUT_V: ${{ needs.verify-inputs.outputs.WITHOUT_V }} steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }} @@ -226,7 +226,7 @@ jobs: WITHOUT_V: ${{ needs.verify-inputs.outputs.WITHOUT_V }} steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }} diff --git a/.github/workflows/reproducible-builds.yml b/.github/workflows/reproducible-builds.yml index bbc7d9387..869f98ec8 100644 --- a/.github/workflows/reproducible-builds.yml +++ b/.github/workflows/reproducible-builds.yml @@ -31,7 +31,7 @@ jobs: runs-on: ${{ matrix.runner }} steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -84,7 +84,7 @@ jobs: runs-on: ${{ matrix.runner }} steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -134,7 +134,7 @@ jobs: - "cli_enterprise_windows_amd64" runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -168,7 +168,7 @@ jobs: - "gcp_gcp-sev-snp_nightly" runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 41ad2d24b..4ea8fc0d1 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -18,7 +18,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: persist-credentials: false @@ -37,6 +37,6 @@ jobs: retention-days: 5 - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 + uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 with: sarif_file: results.sarif diff --git a/.github/workflows/sync-terraform-docs.yml b/.github/workflows/sync-terraform-docs.yml index 4772d2ca9..0b065dbee 100644 --- a/.github/workflows/sync-terraform-docs.yml +++ b/.github/workflows/sync-terraform-docs.yml @@ -18,14 +18,14 @@ jobs: pull-requests: write steps: - name: Checkout constellation repo - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} fetch-depth: 0 path: constellation - name: Checkout terraform-provider-constellation repo - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: repository: edgelesssys/terraform-provider-constellation ref: main @@ -40,7 +40,7 @@ jobs: - name: Create pull request id: create-pull-request - uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5 + uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0 with: path: terraform-provider-constellation branch: "feat/docs/update" diff --git a/.github/workflows/test-integration.yml b/.github/workflows/test-integration.yml index 19b41f75b..0ddbb783e 100644 --- a/.github/workflows/test-integration.yml +++ b/.github/workflows/test-integration.yml @@ -25,7 +25,7 @@ jobs: CTEST_OUTPUT_ON_FAILURE: True steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/test-operator-codegen.yml b/.github/workflows/test-operator-codegen.yml index 1bdbe3d26..5ba9313a4 100644 --- a/.github/workflows/test-operator-codegen.yml +++ b/.github/workflows/test-operator-codegen.yml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/test-tfsec.yml b/.github/workflows/test-tfsec.yml index 9df868021..ba2f16464 100644 --- a/.github/workflows/test-tfsec.yml +++ b/.github/workflows/test-tfsec.yml @@ -23,7 +23,7 @@ jobs: pull-requests: write steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/test-tidy.yml b/.github/workflows/test-tidy.yml index a24a8ce98..b9092113b 100644 --- a/.github/workflows/test-tidy.yml +++ b/.github/workflows/test-tidy.yml @@ -17,7 +17,7 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} # No token available for forks, so we can't push changes diff --git a/.github/workflows/test-unittest.yml b/.github/workflows/test-unittest.yml index 1c36cee42..9401c0776 100644 --- a/.github/workflows/test-unittest.yml +++ b/.github/workflows/test-unittest.yml @@ -30,7 +30,7 @@ jobs: pull-requests: write steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} fetch-depth: 0 diff --git a/.github/workflows/update-rpms.yml b/.github/workflows/update-rpms.yml index d8e92a488..c8f77dd89 100644 --- a/.github/workflows/update-rpms.yml +++ b/.github/workflows/update-rpms.yml @@ -13,7 +13,7 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: token: ${{ secrets.CI_COMMIT_PUSH_PR }} @@ -39,7 +39,7 @@ jobs: fi - name: Create pull request - uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5 + uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0 with: branch: "image/automated/update-rpms-${{ github.run_number }}" base: main diff --git a/.github/workflows/versionsapi.yml b/.github/workflows/versionsapi.yml index 69731f7ef..46188769d 100644 --- a/.github/workflows/versionsapi.yml +++ b/.github/workflows/versionsapi.yml @@ -115,7 +115,7 @@ jobs: steps: - name: Check out repository id: checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} From 132d540ac0ff6c2d53151d1428a25053a85c5b16 Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Wed, 19 Jun 2024 16:26:02 +0200 Subject: [PATCH 082/380] ci: fix GCP CCM findvers.sh script (#3178) --- .github/actions/gcpccm_vers_to_build/findvers.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/gcpccm_vers_to_build/findvers.sh b/.github/actions/gcpccm_vers_to_build/findvers.sh index dd35c582a..1b148d4f4 100755 --- a/.github/actions/gcpccm_vers_to_build/findvers.sh +++ b/.github/actions/gcpccm_vers_to_build/findvers.sh @@ -82,4 +82,4 @@ for major in "${allMajorVersions[@]}"; do done # Print one elem per line | quote elems | create array | remove empty elems and print compact. -printf '%s' "${versionsToBuild[@]}" | jq -R | jq -s | jq -c 'map(select(length > 0))' +printf '%s\n' "${versionsToBuild[@]}" | jq -R | jq -s | jq -c 'map(select(length > 0))' From c911eb4e3a3a3a901a8b35068cab93dbcc291d65 Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Wed, 19 Jun 2024 17:34:34 +0200 Subject: [PATCH 083/380] versions: default to k8s v1.29, support k8s v1.30, EOL v1.27 (#3173) * versions: remove k8s 1.27 and patch-upgrade the others * versions: add support for k8s 1.30.2 * versions: upgrade cloud provider images --- .github/workflows/e2e-test-release.yml | 120 +++++----- .github/workflows/e2e-test-weekly.yml | 92 ++++---- .github/workflows/e2e-test.yml | 2 +- docs/docs/architecture/versions.md | 6 +- docs/docs/reference/cli.md | 2 +- internal/versions/versions.go | 214 +++++++++--------- .../docs/resources/cluster.md | 2 +- 7 files changed, 219 insertions(+), 219 deletions(-) diff --git a/.github/workflows/e2e-test-release.yml b/.github/workflows/e2e-test-release.yml index 5bcf04625..076be724f 100644 --- a/.github/workflows/e2e-test-release.yml +++ b/.github/workflows/e2e-test-release.yml @@ -45,10 +45,37 @@ jobs: # # sonobuoy full test on all k8s versions + - test: "sonobuoy full" + attestationVariant: "gcp-sev-es" + kubernetes-version: "v1.30" + runner: "ubuntu-22.04" + clusterCreation: "cli" + - test: "sonobuoy full" + attestationVariant: "gcp-sev-snp" + kubernetes-version: "v1.30" + runner: "ubuntu-22.04" + clusterCreation: "cli" + - test: "sonobuoy full" + attestationVariant: "azure-sev-snp" + kubernetes-version: "v1.30" + runner: "ubuntu-22.04" + clusterCreation: "cli" + - test: "sonobuoy full" + attestationVariant: "azure-tdx" + kubernetes-version: "v1.30" + runner: "ubuntu-22.04" + clusterCreation: "cli" + - test: "sonobuoy full" + attestationVariant: "aws-sev-snp" + kubernetes-version: "v1.30" + runner: "ubuntu-22.04" + clusterCreation: "cli" + - test: "sonobuoy full" attestationVariant: "gcp-sev-es" kubernetes-version: "v1.29" runner: "ubuntu-22.04" + clusterCreation: "cli" - test: "sonobuoy full" attestationVariant: "gcp-sev-snp" kubernetes-version: "v1.29" @@ -70,7 +97,6 @@ jobs: runner: "ubuntu-22.04" clusterCreation: "cli" - - test: "sonobuoy full" attestationVariant: "gcp-sev-es" kubernetes-version: "v1.28" @@ -97,164 +123,138 @@ jobs: runner: "ubuntu-22.04" clusterCreation: "cli" - - test: "sonobuoy full" - attestationVariant: "gcp-sev-es" - kubernetes-version: "v1.27" - runner: "ubuntu-22.04" - clusterCreation: "cli" - - test: "sonobuoy full" - attestationVariant: "gcp-sev-snp" - kubernetes-version: "v1.27" - runner: "ubuntu-22.04" - clusterCreation: "cli" - - test: "sonobuoy full" - attestationVariant: "azure-sev-snp" - kubernetes-version: "v1.27" - runner: "ubuntu-22.04" - clusterCreation: "cli" - - test: "sonobuoy full" - attestationVariant: "azure-tdx" - kubernetes-version: "v1.27" - runner: "ubuntu-22.04" - clusterCreation: "cli" - - test: "sonobuoy full" - attestationVariant: "aws-sev-snp" - kubernetes-version: "v1.27" - runner: "ubuntu-22.04" - clusterCreation: "cli" - # verify test on latest k8s version - test: "verify" attestationVariant: "gcp-sev-es" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "verify" attestationVariant: "gcp-sev-snp" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "verify" attestationVariant: "azure-sev-snp" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "verify" attestationVariant: "azure-tdx" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "verify" attestationVariant: "aws-sev-snp" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" # recover test on latest k8s version - test: "recover" attestationVariant: "gcp-sev-es" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "recover" attestationVariant: "gcp-sev-snp" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "recover" attestationVariant: "azure-sev-snp" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "recover" attestationVariant: "azure-tdx" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "recover" attestationVariant: "aws-sev-snp" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" # lb test on latest k8s version - test: "lb" attestationVariant: "gcp-sev-es" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "lb" attestationVariant: "gcp-sev-snp" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "lb" attestationVariant: "azure-sev-snp" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "lb" attestationVariant: "azure-tdx" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "lb" attestationVariant: "aws-sev-snp" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" # autoscaling test on latest k8s version - test: "autoscaling" attestationVariant: "gcp-sev-es" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "autoscaling" attestationVariant: "gcp-sev-snp" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "autoscaling" attestationVariant: "azure-sev-snp" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "autoscaling" attestationVariant: "azure-tdx" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "autoscaling" attestationVariant: "aws-sev-snp" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" # perf-bench test on latest k8s version - test: "perf-bench" attestationVariant: "gcp-sev-es" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "perf-bench" attestationVariant: "gcp-sev-snp" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "perf-bench" attestationVariant: "azure-sev-snp" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "perf-bench" attestationVariant: "azure-tdx" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" - test: "perf-bench" attestationVariant: "aws-sev-snp" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" @@ -262,7 +262,7 @@ jobs: - test: "s3proxy" refStream: "ref/main/stream/debug/?" attestationVariant: "gcp-sev-es" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" runner: "ubuntu-22.04" clusterCreation: "cli" @@ -270,27 +270,27 @@ jobs: - test: "malicious join" refStream: "ref/main/stream/debug/?" attestationVariant: "gcp-sev-es" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" clusterCreation: "cli" - test: "malicious join" refStream: "ref/main/stream/debug/?" attestationVariant: "gcp-sev-snp" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" clusterCreation: "cli" - test: "malicious join" refStream: "ref/main/stream/debug/?" attestationVariant: "azure-sev-snp" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" clusterCreation: "cli" - test: "malicious join" refStream: "ref/main/stream/debug/?" attestationVariant: "azure-tdx" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" clusterCreation: "cli" - test: "malicious join" refStream: "ref/main/stream/debug/?" attestationVariant: "aws-sev-snp" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" clusterCreation: "cli" # @@ -300,11 +300,11 @@ jobs: # TODO(3u13r): Update verify test to work on MacOS runners # - test: "verify" # attestationVariant: "azure-sev-snp" - # kubernetes-version: "v1.29" + # kubernetes-version: "v1.30" # runner: "macos-12" - test: "recover" attestationVariant: "gcp-sev-es" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" runner: "macos-12" clusterCreation: "cli" runs-on: ${{ matrix.runner }} diff --git a/.github/workflows/e2e-test-weekly.yml b/.github/workflows/e2e-test-weekly.yml index a66c8de0e..ff8a02e27 100644 --- a/.github/workflows/e2e-test-weekly.yml +++ b/.github/workflows/e2e-test-weekly.yml @@ -55,80 +55,80 @@ jobs: - test: "sonobuoy full" refStream: "ref/main/stream/debug/?" attestationVariant: "gcp-sev-es" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" clusterCreation: "cli" - test: "sonobuoy full" refStream: "ref/main/stream/debug/?" attestationVariant: "gcp-sev-snp" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" clusterCreation: "cli" - test: "sonobuoy full" refStream: "ref/main/stream/debug/?" attestationVariant: "azure-sev-snp" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" clusterCreation: "cli" - test: "sonobuoy full" refStream: "ref/main/stream/debug/?" attestationVariant: "azure-tdx" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" clusterCreation: "cli" - test: "sonobuoy full" refStream: "ref/main/stream/debug/?" attestationVariant: "aws-sev-snp" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" clusterCreation: "cli" # Sonobuoy quick test on all but the latest k8s versions - test: "sonobuoy quick" refStream: "ref/main/stream/debug/?" attestationVariant: "gcp-sev-es" - kubernetes-version: "v1.28" + kubernetes-version: "v1.29" clusterCreation: "cli" - test: "sonobuoy quick" refStream: "ref/main/stream/debug/?" attestationVariant: "gcp-sev-snp" - kubernetes-version: "v1.28" + kubernetes-version: "v1.29" clusterCreation: "cli" - test: "sonobuoy quick" refStream: "ref/main/stream/debug/?" attestationVariant: "azure-sev-snp" - kubernetes-version: "v1.28" + kubernetes-version: "v1.29" clusterCreation: "cli" - test: "sonobuoy quick" refStream: "ref/main/stream/debug/?" attestationVariant: "azure-tdx" - kubernetes-version: "v1.28" + kubernetes-version: "v1.29" clusterCreation: "cli" - test: "sonobuoy quick" refStream: "ref/main/stream/debug/?" attestationVariant: "aws-sev-snp" - kubernetes-version: "v1.28" + kubernetes-version: "v1.29" clusterCreation: "cli" - test: "sonobuoy quick" refStream: "ref/main/stream/debug/?" attestationVariant: "gcp-sev-es" - kubernetes-version: "v1.27" + kubernetes-version: "v1.28" clusterCreation: "cli" - test: "sonobuoy quick" refStream: "ref/main/stream/debug/?" attestationVariant: "gcp-sev-snp" - kubernetes-version: "v1.27" + kubernetes-version: "v1.28" clusterCreation: "cli" - test: "sonobuoy quick" refStream: "ref/main/stream/debug/?" attestationVariant: "azure-sev-snp" - kubernetes-version: "v1.27" + kubernetes-version: "v1.28" clusterCreation: "cli" - test: "sonobuoy quick" refStream: "ref/main/stream/debug/?" attestationVariant: "azure-tdx" - kubernetes-version: "v1.27" + kubernetes-version: "v1.28" clusterCreation: "cli" - test: "sonobuoy quick" refStream: "ref/main/stream/debug/?" attestationVariant: "aws-sev-snp" - kubernetes-version: "v1.27" + kubernetes-version: "v1.28" clusterCreation: "cli" @@ -136,143 +136,143 @@ jobs: - test: "verify" refStream: "ref/main/stream/debug/?" attestationVariant: "gcp-sev-es" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" clusterCreation: "cli" - test: "verify" refStream: "ref/main/stream/debug/?" attestationVariant: "gcp-sev-snp" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" clusterCreation: "cli" - test: "verify" refStream: "ref/main/stream/debug/?" attestationVariant: "azure-sev-snp" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" azureSNPEnforcementPolicy: "equal" # This run checks for unknown ID Key disgests. clusterCreation: "cli" - test: "verify" refStream: "ref/main/stream/debug/?" attestationVariant: "azure-tdx" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" clusterCreation: "cli" - test: "verify" attestationVariant: "aws-sev-snp" refStream: "ref/main/stream/debug/?" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" clusterCreation: "cli" # recover test on latest k8s version - test: "recover" refStream: "ref/main/stream/debug/?" attestationVariant: "gcp-sev-es" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" clusterCreation: "cli" - test: "recover" refStream: "ref/main/stream/debug/?" attestationVariant: "gcp-sev-snp" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" clusterCreation: "cli" - test: "recover" refStream: "ref/main/stream/debug/?" attestationVariant: "azure-sev-snp" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" clusterCreation: "cli" - test: "recover" refStream: "ref/main/stream/debug/?" attestationVariant: "azure-tdx" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" clusterCreation: "cli" - test: "recover" refStream: "ref/main/stream/debug/?" attestationVariant: "aws-sev-snp" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" clusterCreation: "cli" # lb test on latest k8s version - test: "lb" refStream: "ref/main/stream/debug/?" attestationVariant: "gcp-sev-es" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" clusterCreation: "cli" - test: "lb" refStream: "ref/main/stream/debug/?" attestationVariant: "gcp-sev-snp" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" clusterCreation: "cli" - test: "lb" refStream: "ref/main/stream/debug/?" attestationVariant: "azure-sev-snp" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" clusterCreation: "cli" - test: "lb" refStream: "ref/main/stream/debug/?" attestationVariant: "azure-tdx" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" clusterCreation: "cli" - test: "lb" refStream: "ref/main/stream/debug/?" attestationVariant: "aws-sev-snp" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" clusterCreation: "cli" # autoscaling test on latest k8s version - test: "autoscaling" refStream: "ref/main/stream/debug/?" attestationVariant: "gcp-sev-es" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" clusterCreation: "cli" - test: "autoscaling" refStream: "ref/main/stream/debug/?" attestationVariant: "gcp-sev-snp" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" clusterCreation: "cli" - test: "autoscaling" refStream: "ref/main/stream/debug/?" attestationVariant: "azure-sev-snp" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" clusterCreation: "cli" - test: "autoscaling" refStream: "ref/main/stream/debug/?" attestationVariant: "azure-tdx" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" clusterCreation: "cli" - test: "autoscaling" refStream: "ref/main/stream/debug/?" attestationVariant: "aws-sev-snp" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" clusterCreation: "cli" # perf-bench test on latest k8s version - test: "perf-bench" refStream: "ref/main/stream/debug/?" attestationVariant: "gcp-sev-es" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" clusterCreation: "cli" - test: "perf-bench" refStream: "ref/main/stream/debug/?" attestationVariant: "gcp-sev-snp" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" clusterCreation: "cli" - test: "perf-bench" refStream: "ref/main/stream/debug/?" attestationVariant: "azure-sev-snp" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" clusterCreation: "cli" - test: "perf-bench" refStream: "ref/main/stream/debug/?" attestationVariant: "azure-tdx" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" clusterCreation: "cli" - test: "perf-bench" refStream: "ref/main/stream/debug/?" attestationVariant: "aws-sev-snp" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" clusterCreation: "cli" # s3proxy test on latest k8s version - test: "s3proxy" refStream: "ref/main/stream/debug/?" attestationVariant: "gcp-sev-es" - kubernetes-version: "v1.29" + kubernetes-version: "v1.30" clusterCreation: "cli" # @@ -283,28 +283,28 @@ jobs: - test: "verify" refStream: "ref/release/stream/stable/?" attestationVariant: "gcp-sev-es" - kubernetes-version: "v1.28" + kubernetes-version: "v1.29" clusterCreation: "cli" # TODO(msanft): Enable once stable GCP SEV-SNP images exist. # - test: "verify" # refStream: "ref/release/stream/stable/?" # attestationVariant: "gcp-sev-snp" - # kubernetes-version: "v1.28" + # kubernetes-version: "v1.29" # clusterCreation: "cli" - test: "verify" refStream: "ref/release/stream/stable/?" attestationVariant: "azure-sev-snp" - kubernetes-version: "v1.28" + kubernetes-version: "v1.29" clusterCreation: "cli" - test: "verify" refStream: "ref/release/stream/stable/?" attestationVariant: "azure-tdx" - kubernetes-version: "v1.28" + kubernetes-version: "v1.29" clusterCreation: "cli" - test: "verify" refStream: "ref/release/stream/stable/?" attestationVariant: "aws-sev-snp" - kubernetes-version: "v1.28" + kubernetes-version: "v1.29" clusterCreation: "cli" runs-on: ubuntu-22.04 diff --git a/.github/workflows/e2e-test.yml b/.github/workflows/e2e-test.yml index 5f5015394..bc0d06ac3 100644 --- a/.github/workflows/e2e-test.yml +++ b/.github/workflows/e2e-test.yml @@ -42,7 +42,7 @@ on: required: true kubernetesVersion: description: "Kubernetes version to create the cluster from." - default: "1.28" + default: "1.29" required: true cliVersion: description: "Version of a released CLI to download. Leave empty to build the CLI from the checked out ref." diff --git a/docs/docs/architecture/versions.md b/docs/docs/architecture/versions.md index 274ecb155..85d35e6a9 100644 --- a/docs/docs/architecture/versions.md +++ b/docs/docs/architecture/versions.md @@ -16,6 +16,6 @@ Subsequent Constellation releases drop support for the oldest (and deprecated) K The following Kubernetes versions are currently supported: -* v1.27.14 -* v1.28.10 -* v1.29.5 +* v1.28.11 +* v1.29.6 +* v1.30.2 diff --git a/docs/docs/reference/cli.md b/docs/docs/reference/cli.md index 909495b7f..a728474e7 100644 --- a/docs/docs/reference/cli.md +++ b/docs/docs/reference/cli.md @@ -80,7 +80,7 @@ constellation config generate {aws|azure|gcp|openstack|qemu|stackit} [flags] ``` -a, --attestation string attestation variant to use {aws-sev-snp|aws-nitro-tpm|azure-sev-snp|azure-tdx|azure-trustedlaunch|gcp-sev-es|gcp-sev-snp|qemu-vtpm}. If not specified, the default for the cloud provider is used -h, --help help for generate - -k, --kubernetes string Kubernetes version to use in format MAJOR.MINOR (default "v1.28") + -k, --kubernetes string Kubernetes version to use in format MAJOR.MINOR (default "v1.29") -t, --tags strings additional tags for created resources given a list of key=value ``` diff --git a/internal/versions/versions.go b/internal/versions/versions.go index 3686a68c8..4a2eb0324 100644 --- a/internal/versions/versions.go +++ b/internal/versions/versions.go @@ -100,12 +100,12 @@ func ResolveK8sPatchVersion(k8sVersion string) (string, error) { // supported patch version as PATCH. func k8sVersionFromMajorMinor(version string) string { switch version { - case semver.MajorMinor(string(V1_27)): - return string(V1_27) case semver.MajorMinor(string(V1_28)): return string(V1_28) case semver.MajorMinor(string(V1_29)): return string(V1_29) + case semver.MajorMinor(string(V1_30)): + return string(V1_30) default: return "" } @@ -181,14 +181,14 @@ const ( // currently supported versions. //nolint:revive - V1_27 ValidK8sVersion = "v1.27.14" // renovate:kubernetes-release + V1_28 ValidK8sVersion = "v1.28.11" // renovate:kubernetes-release //nolint:revive - V1_28 ValidK8sVersion = "v1.28.10" // renovate:kubernetes-release + V1_29 ValidK8sVersion = "v1.29.6" // renovate:kubernetes-release //nolint:revive - V1_29 ValidK8sVersion = "v1.29.5" // renovate:kubernetes-release + V1_30 ValidK8sVersion = "v1.30.2" // renovate:kubernetes-release // Default k8s version deployed by Constellation. - Default ValidK8sVersion = V1_28 + Default ValidK8sVersion = V1_29 ) // Regenerate the hashes by running go generate. @@ -197,75 +197,8 @@ const ( // VersionConfigs holds download URLs for all required kubernetes components for every supported version. var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ - V1_27: { - ClusterVersion: "v1.27.14", // renovate:kubernetes-release - KubernetesComponents: components.Components{ - { - Url: "https://github.com/containernetworking/plugins/releases/download/v1.4.0/cni-plugins-linux-amd64-v1.4.0.tgz", // renovate:cni-plugins-release - Hash: "sha256:c2485ddb3ffc176578ae30ae58137f0b88e50f7c7f2af7d53a569276b2949a33", - InstallPath: constants.CniPluginsDir, - Extract: true, - }, - { - Url: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.28.0/crictl-v1.28.0-linux-amd64.tar.gz", // renovate:crictl-release - Hash: "sha256:8dc78774f7cbeaf787994d386eec663f0a3cf24de1ea4893598096cb39ef2508", - InstallPath: constants.BinDir, - Extract: true, - }, - { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.27.14/bin/linux/amd64/kubelet", // renovate:kubernetes-release - Hash: "sha256:f28defa43f80f82ce909940c1b57b71cba1fcf0de6fc4723e798ef5c72376c28", - InstallPath: constants.KubeletPath, - Extract: false, - }, - { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.27.14/bin/linux/amd64/kubeadm", // renovate:kubernetes-release - Hash: "sha256:1ce264643e521494e111b1c9ee59694a54d1f2464bbac3a7a531324ffeae0182", - InstallPath: constants.KubeadmPath, - Extract: false, - }, - { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.27.14/bin/linux/amd64/kubectl", // renovate:kubernetes-release - Hash: "sha256:1d2431c68bb6dfa9de3cd40fd66d97a9ac73593c489f9467249eea43e9c16a1e", - InstallPath: constants.KubectlPath, - Extract: false, - }, - { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjI3LjE0QHNoYTI1NjoxMDdkMzFhMWUxNmRkYTcyNDk3ZjE3MGJjYmFkZDk3OTBiZjY0Nzk2ZWJiOWIyOWQ3YmE0MTYwZDZkMTYxOWVlIn1d", - InstallPath: patchFilePath("kube-apiserver"), - }, - { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjI3LjE0QHNoYTI1NjowOTMxYmY0N2U0MzEzOGIwMTZjNDNlNjgzZmMzMTY1ZjEwMjk0OTE2ZGIzOWIwZTdiZmE1YzY0N2NlYjlmMThkIn1d", - InstallPath: patchFilePath("kube-controller-manager"), - }, - { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjI3LjE0QHNoYTI1Njo4OWZkOWIzMjU4ZTI1OTc2NjYxYzY4ZmExMmNlYzM3NDhiZTc3OTgyNzQwNzU1YmZlY2YyNWYzYzgxNzg5ZWZhIn1d", - InstallPath: patchFilePath("kube-scheduler"), - }, - { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2V0Y2Q6My41LjEyLTBAc2hhMjU2OjQ0YThlMjRkY2JiYTM0NzBlZTFmZWUyMWQ1ZTg4ZDEyOGM5MzZlOWI1NWQ0YmM1MWZiZWY4MDg2ZjhlZDEyM2IifV0=", - InstallPath: patchFilePath("etcd"), - }, - }, - // CloudControllerManagerImageAWS is the CCM image used on AWS. - CloudControllerManagerImageAWS: "registry.k8s.io/provider-aws/cloud-controller-manager:v1.27.6@sha256:1891fb7f0cef58a657854ce553fcbda1a98b7a7418a17688055ca014f6451f2b", // renovate:container - // CloudControllerManagerImageAzure is the CCM image used on Azure. - // Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md. - CloudControllerManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.27.17@sha256:fc2eb36fbf5ba8e854da02574ce434a7a02669180fdb6dba4c068a072985ac47", // renovate:container - // CloudNodeManagerImageAzure is the cloud-node-manager image used on Azure. - // Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md. - CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.17@sha256:f7ba1998387e669f148b70e5ca7269d75fd9e10cd638ae107f8da0540f6d0ac1", // renovate:container - // CloudControllerManagerImageGCP is the CCM image used on GCP. - // TODO(3u13r): use newer "cloud-provider-gcp" from https://github.com/kubernetes/cloud-provider-gcp when newer releases are available. - CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v27.1.6@sha256:b097b4e5382ea1987db5996a9eaffb94fa224639b3464876f0b1b17f64509ac4", // renovate:container - // CloudControllerManagerImageOpenStack is the CCM image used on OpenStack. - CloudControllerManagerImageOpenStack: "docker.io/k8scloudprovider/openstack-cloud-controller-manager:v1.26.4@sha256:05e846fb13481b6dbe4a1e50491feb219e8f5101af6cf662a086115735624db0", // renovate:container - // External service image. Depends on k8s version. - // Check for new versions at https://github.com/kubernetes/autoscaler/releases. - ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.27.5@sha256:410ffc3f7307b6173c630de8de6e40175376c8c170d64b6c8b6e4baadda020df", // renovate:container - }, V1_28: { - ClusterVersion: "v1.28.10", // renovate:kubernetes-release + ClusterVersion: "v1.28.11", // renovate:kubernetes-release KubernetesComponents: components.Components{ { Url: "https://github.com/containernetworking/plugins/releases/download/v1.4.0/cni-plugins-linux-amd64-v1.4.0.tgz", // renovate:cni-plugins-release @@ -280,33 +213,33 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ Extract: true, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.28.10/bin/linux/amd64/kubelet", // renovate:kubernetes-release - Hash: "sha256:a361e744aaeef4539f0636ecd1827c85207a5f2b0c2b0a98dbbce1498061f509", + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.28.11/bin/linux/amd64/kubelet", // renovate:kubernetes-release + Hash: "sha256:230f0634ea42a54a6c96771f12eecd6cadfe0b76ab41c3bc39aa7cbbe4dfb12e", InstallPath: constants.KubeletPath, Extract: false, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.28.10/bin/linux/amd64/kubeadm", // renovate:kubernetes-release - Hash: "sha256:1a344d34755c5f005120308f09a730e7564c8f857de6606b6bc5f18a69606e5a", + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.28.11/bin/linux/amd64/kubeadm", // renovate:kubernetes-release + Hash: "sha256:1f2c7c69736698aa13a59c6705ac26b7b6752d9651330605369357c1ac99c7c6", InstallPath: constants.KubeadmPath, Extract: false, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.28.10/bin/linux/amd64/kubectl", // renovate:kubernetes-release - Hash: "sha256:389c17a9700a4b01ebb055e39b8bc0886330497440dde004b5ed90f2a3a028db", + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.28.11/bin/linux/amd64/kubectl", // renovate:kubernetes-release + Hash: "sha256:1dba63e1a5c9520fc516c6e817924d927b9b83b8e08254c8fe2a2edb65da7a9c", InstallPath: constants.KubectlPath, Extract: false, }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjI4LjEwQHNoYTI1Njo3MjgzYTUxZTliODYwOGU2MWY4YmEyMjEzYmE2ZWUyNWUyOTY3N2MxMjlkOWNjZWEzYzZiMzE5MDM1NDY4ODcyIn1d", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjI4LjExQHNoYTI1NjphZWM5ZDE3MDFjMzA0ZWVlODYwN2Q3MjhhMzliYWFhNTExZDY1YmVmNmRkOTg2MTAxMDYxOGY2M2ZiYWRlYjEwIn1d", InstallPath: patchFilePath("kube-apiserver"), }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjI4LjEwQHNoYTI1Njo5M2M0ZDZlMjIyYWZkYmE5N2M2OTRmZWYwMjdlNTc2NzlhZDc3ZjFlZDE5MTZkODUxZTI3MzZhYTI4Y2VkYmRhIn1d", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjI4LjExQHNoYTI1Njo2MDE0YzM1NzJlYzY4Mzg0MWJiYjE2Zjg3Yjk0ZGEyOGVlMDI1NGI5NWUyZGJhMmQxODUwZDYyYmQwMTExZjA5In1d", InstallPath: patchFilePath("kube-controller-manager"), }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjI4LjEwQHNoYTI1NjphMGMyMGE4ODJkYWE4YzVjNjZmYzlkZjE0OWQyZTU1NWZmOTExOTZhNTNhZTVmMTg1ODQ5YjY1YmU0NGJkZTIxIn1d", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjI4LjExQHNoYTI1Njo0NmNmNzQ3NWM4ZGFmZmI3NDNjODU2YTFhZWEwZGRlYTM1ZTVhY2QyNDE4YmUxOGIxZTIyY2Y5OGQ5YzliNDQ1In1d", InstallPath: patchFilePath("kube-scheduler"), }, { @@ -315,24 +248,24 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ }, }, // CloudControllerManagerImageAWS is the CCM image used on AWS. - CloudControllerManagerImageAWS: "registry.k8s.io/provider-aws/cloud-controller-manager:v1.28.5@sha256:ac0579afacbf2db0e9b2dda6c777c3f27ce877c17dc29db623998ab09858ac0e", // renovate:container + // Check for newer versions at https://github.com/kubernetes/cloud-provider-aws/releases. + CloudControllerManagerImageAWS: "registry.k8s.io/provider-aws/cloud-controller-manager:v1.28.6@sha256:bb42961c336c2dbc736c1354b01208523962b4f4be4ebd582f697391766d510e", // renovate:container // CloudControllerManagerImageAzure is the CCM image used on Azure. // Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md. - CloudControllerManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.27.17@sha256:fc2eb36fbf5ba8e854da02574ce434a7a02669180fdb6dba4c068a072985ac47", // renovate:container + CloudControllerManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.28.9@sha256:7abf813ad41b8f1ed91f50bfefb6f285b367664c57758af0b5a623b65f55b34b", // renovate:container // CloudNodeManagerImageAzure is the cloud-node-manager image used on Azure. // Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md. - CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.17@sha256:f7ba1998387e669f148b70e5ca7269d75fd9e10cd638ae107f8da0540f6d0ac1", // renovate:container + CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.28.9@sha256:65285c13cc3eced1005a1c6c5f727570d781ac25f421a9e5cf169de8d7e1d6a9", // renovate:container // CloudControllerManagerImageGCP is the CCM image used on GCP. - // TODO(3u13r): use newer "cloud-provider-gcp" from https://github.com/kubernetes/cloud-provider-gcp when newer releases are available. - CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v27.1.6@sha256:b097b4e5382ea1987db5996a9eaffb94fa224639b3464876f0b1b17f64509ac4", // renovate:container + CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v28.10.0@sha256:f3b6fa7faea27b4a303c91b3bc7ee192b050e21e27579e9f3da90ae4ba38e626", // renovate:container // CloudControllerManagerImageOpenStack is the CCM image used on OpenStack. CloudControllerManagerImageOpenStack: "docker.io/k8scloudprovider/openstack-cloud-controller-manager:v1.26.4@sha256:05e846fb13481b6dbe4a1e50491feb219e8f5101af6cf662a086115735624db0", // renovate:container // External service image. Depends on k8s version. // Check for new versions at https://github.com/kubernetes/autoscaler/releases. - ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.27.5@sha256:410ffc3f7307b6173c630de8de6e40175376c8c170d64b6c8b6e4baadda020df", // renovate:container + ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.28.5@sha256:d82acf2ae3287227b979fa7068dae7c2db96de22c96295d2e89029065e895bca", // renovate:container }, V1_29: { - ClusterVersion: "v1.29.5", // renovate:kubernetes-release + ClusterVersion: "v1.29.6", // renovate:kubernetes-release KubernetesComponents: components.Components{ { Url: "https://github.com/containernetworking/plugins/releases/download/v1.4.0/cni-plugins-linux-amd64-v1.4.0.tgz", // renovate:cni-plugins-release @@ -347,33 +280,33 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ Extract: true, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.29.5/bin/linux/amd64/kubelet", // renovate:kubernetes-release - Hash: "sha256:261dc3f3c384d138835fe91a02071c642af94abb0cca56ebc04719240440944c", + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.29.6/bin/linux/amd64/kubelet", // renovate:kubernetes-release + Hash: "sha256:a946789d4fef64e6f5905dbd7dca01d4c3abd302d0da7958fdaa924fe2729c0b", InstallPath: constants.KubeletPath, Extract: false, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.29.5/bin/linux/amd64/kubeadm", // renovate:kubernetes-release - Hash: "sha256:e424dcdbe661314b6ca1fcc94726eb554bc3f4392b060b9626f9df8d7d44d42c", + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.29.6/bin/linux/amd64/kubeadm", // renovate:kubernetes-release + Hash: "sha256:8f1e04079e614dd549e36be8114ee7022517d646ea715b5778e7c6ab353eb354", InstallPath: constants.KubeadmPath, Extract: false, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.29.5/bin/linux/amd64/kubectl", // renovate:kubernetes-release - Hash: "sha256:603c8681fc0d8609c851f9cc58bcf55eeb97e2934896e858d0232aa8d1138366", + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.29.6/bin/linux/amd64/kubectl", // renovate:kubernetes-release + Hash: "sha256:339553c919874ebe3b719e9e1fcd68b55bc8875f9b5a005cf4c028738d54d309", InstallPath: constants.KubectlPath, Extract: false, }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjI5LjVAc2hhMjU2OmJjNWM4OGQzMTZkYjhiMjdmZjIwMzI3M2Q2N2VjOGE5NjJlZjM0NjI3OGQ5YmJhZTQwMDQ3M2VmYzE2NzQ3MjUifV0=", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjI5LjZAc2hhMjU2OmY0ZDk5M2IzZDczY2MwZDU5NTU4YmU1ODRiNWI0MDc4NWI0YTk2ODc0YmM3Njg3M2I2OWQxZGQ4MTg0ODVlNzAifV0=", InstallPath: patchFilePath("kube-apiserver"), }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjI5LjVAc2hhMjU2OmE5YTY0ZTY3YjY2ZWE2ZmI0M2Y5NzZmNjVkOGEwY2FkZDY4YjBlZDVlZDIzMTFkMmZjNGJmODg3NDAzZWNmOGEifV0=", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjI5LjZAc2hhMjU2OjY5MmZjM2Y4OGE2MGIzYWZjNzY0OTJhZDM0NzMwNmQzNDA0MjAwMGY1NmYyMzA5NTllOTM2N2ZkNTljNDhiMWUifV0=", InstallPath: patchFilePath("kube-controller-manager"), }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjI5LjVAc2hhMjU2OjVlNzI5ZGMwMTU0NjZmNDg2ZmRlZWQyMjIwMGQ4NjEwOGZmYWMyNmVhNmU1YWJmMzI1OGMwNTAyYTYzN2QzYTcifV0=", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjI5LjZAc2hhMjU2OmI5MWE0ZTQ1ZGViZDBkNTMzNmQ5ZjUzM2FlZmRmNDdkNGIzOWIyNDA3MWZlYjQ1OWU1MjE3MDliOWU0ZWMyNGYifV0=", InstallPath: patchFilePath("kube-scheduler"), }, { @@ -382,21 +315,88 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ }, }, // CloudControllerManagerImageAWS is the CCM image used on AWS. - CloudControllerManagerImageAWS: "registry.k8s.io/provider-aws/cloud-controller-manager:v1.29.2@sha256:db37f9ad7cb64d2248fee5354e5d2d9311bea5f188bdf24ffc3380a4c00066c9", // renovate:container + // Check for newer versions at https://github.com/kubernetes/cloud-provider-aws/releases. + CloudControllerManagerImageAWS: "registry.k8s.io/provider-aws/cloud-controller-manager:v1.29.3@sha256:26a61ab55d8be6365348b78c3cf691276a7b078c58dd789729704fb56bcaac8c", // renovate:container // CloudControllerManagerImageAzure is the CCM image used on Azure. // Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md. - CloudControllerManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.28.9@sha256:7abf813ad41b8f1ed91f50bfefb6f285b367664c57758af0b5a623b65f55b34b", // renovate:container + CloudControllerManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.29.7@sha256:01f3e57f0dfed05a940face4f1a543eed613e3bfbfb1983997f75a4a11a6e0bb", // renovate:container // CloudNodeManagerImageAzure is the cloud-node-manager image used on Azure. // Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md. - CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.28.9@sha256:65285c13cc3eced1005a1c6c5f727570d781ac25f421a9e5cf169de8d7e1d6a9", // renovate:container + CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.29.7@sha256:79f1ebd0f462713dd20b9630ae177ab1b1dc14f0faae7c8fd4837e8d494d11b9", // renovate:container // CloudControllerManagerImageGCP is the CCM image used on GCP. - // TODO(3u13r): use newer "cloud-provider-gcp" from https://github.com/kubernetes/cloud-provider-gcp when newer releases are available. - CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v29.0.1@sha256:66651afaf19f7da2f60f80fd733ee8cc7d161767f34f0da4f111ff35387c5217", // renovate:container + CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v29.5.0@sha256:4b17e16f9b5dfa20c9ff62cb382c3f754b70ed36be7f85cc3f46213dae21ec91", // renovate:container // CloudControllerManagerImageOpenStack is the CCM image used on OpenStack. CloudControllerManagerImageOpenStack: "docker.io/k8scloudprovider/openstack-cloud-controller-manager:v1.26.4@sha256:05e846fb13481b6dbe4a1e50491feb219e8f5101af6cf662a086115735624db0", // renovate:container // External service image. Depends on k8s version. // Check for new versions at https://github.com/kubernetes/autoscaler/releases. - ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.29.0@sha256:808185c1090107f06ea69b0a5e507e387ad2ee3a3b12b7cd08ea0dac730cf58b", // renovate:container + ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.29.3@sha256:ea973cf727ff98a0c8c8f770a0787c26a86604182565ce180a5665936f3b38bc", // renovate:container + }, + V1_30: { + ClusterVersion: "v1.30.2", // renovate:kubernetes-release + KubernetesComponents: components.Components{ + { + Url: "https://github.com/containernetworking/plugins/releases/download/v1.4.0/cni-plugins-linux-amd64-v1.4.0.tgz", // renovate:cni-plugins-release + Hash: "sha256:c2485ddb3ffc176578ae30ae58137f0b88e50f7c7f2af7d53a569276b2949a33", + InstallPath: constants.CniPluginsDir, + Extract: true, + }, + { + Url: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.30.0/crictl-v1.30.0-linux-amd64.tar.gz", // renovate:crictl-release + Hash: "sha256:3dd03954565808eaeb3a7ffc0e8cb7886a64a9aa94b2bfdfbdc6e2ed94842e49", + InstallPath: constants.BinDir, + Extract: true, + }, + { + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.30.2/bin/linux/amd64/kubelet", // renovate:kubernetes-release + Hash: "sha256:6923abe67ef069afca61c71c585023840426e802b198298055af3a82e11a4e52", + InstallPath: constants.KubeletPath, + Extract: false, + }, + { + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.30.2/bin/linux/amd64/kubeadm", // renovate:kubernetes-release + Hash: "sha256:672b0cae2accce5eac10a1fe4ea6b166e5b518c79ccf71a2fbe7b53c2ca74062", + InstallPath: constants.KubeadmPath, + Extract: false, + }, + { + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.30.2/bin/linux/amd64/kubectl", // renovate:kubernetes-release + Hash: "sha256:c6e9c45ce3f82c90663e3c30db3b27c167e8b19d83ed4048b61c1013f6a7c66e", + InstallPath: constants.KubectlPath, + Extract: false, + }, + { + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjMwLjJAc2hhMjU2OjM0MGFiNGExZDY2YTYwNjMwYTdhMjk4YWEwYjI1NzZmY2Q4MmU1MWVjZGRkYjc1MWNmNjFlNWQzODQ2ZmRlMmQifV0=", + InstallPath: patchFilePath("kube-apiserver"), + }, + { + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjMwLjJAc2hhMjU2OjRjNDEyYmMxZmM1ODVkZGViYTEwZDM0YTAyZTc1MDdlYTc4N2VjMmM1NzI1NmQ0YzE4ZmQyMzAzNzdhYjA0OGUifV0=", + InstallPath: patchFilePath("kube-controller-manager"), + }, + { + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjMwLjJAc2hhMjU2OjBlZDc1YTMzMzcwNGY1ZDMxNTM5NWM2ZWMwNGQ3YWY3NDA1NzE1NTM3MDY5YjY1ZDQwYjQzZWMxYzhlMDMwYmMifV0=", + InstallPath: patchFilePath("kube-scheduler"), + }, + { + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2V0Y2Q6My41LjEyLTBAc2hhMjU2OjQ0YThlMjRkY2JiYTM0NzBlZTFmZWUyMWQ1ZTg4ZDEyOGM5MzZlOWI1NWQ0YmM1MWZiZWY4MDg2ZjhlZDEyM2IifV0=", + InstallPath: patchFilePath("etcd"), + }, + }, + // CloudControllerManagerImageAWS is the CCM image used on AWS. + // Check for newer versions at https://github.com/kubernetes/cloud-provider-aws/releases. + CloudControllerManagerImageAWS: "registry.k8s.io/provider-aws/cloud-controller-manager:v1.30.1@sha256:ee0e0c0de56e7dace71e2b4a0e45dcdae84e325c78f72c5495b109976fb3362c", // renovate:container + // CloudControllerManagerImageAzure is the CCM image used on Azure. + // Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md. + CloudControllerManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.30.3@sha256:0c74b1d476f30bcd4c68d1bb2cce6957f9dfeae529b7260f21b0059e0a6b4450", // renovate:container + // CloudNodeManagerImageAzure is the cloud-node-manager image used on Azure. + // Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md. + CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.30.3@sha256:7605738917b4f9c55dba985073724de359d97f02688f62e65b4173491b2697ce", // renovate:container + // CloudControllerManagerImageGCP is the CCM image used on GCP. + CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v30.0.0@sha256:529382b3a16cee9d61d4cfd9b8ba74fff51856ae8cbaf1825c075112229284d9", // renovate:container + // CloudControllerManagerImageOpenStack is the CCM image used on OpenStack. + CloudControllerManagerImageOpenStack: "docker.io/k8scloudprovider/openstack-cloud-controller-manager:v1.26.4@sha256:05e846fb13481b6dbe4a1e50491feb219e8f5101af6cf662a086115735624db0", // renovate:container + // External service image. Depends on k8s version. + // Check for new versions at https://github.com/kubernetes/autoscaler/releases. + ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.30.1@sha256:21a0003fa059f679631a301ae09d9369e1cf6a1c063b78978844ccd494dab38a", // renovate:container }, } @@ -406,9 +406,9 @@ type KubernetesVersion struct { KubernetesComponents components.Components CloudControllerManagerImageAWS string // k8s version dependency. CloudControllerManagerImageAzure string // k8s version dependency. - CloudControllerManagerImageGCP string // Using self-built image until resolved: https://github.com/kubernetes/cloud-provider-gcp/issues/289 + CloudControllerManagerImageGCP string // Published by .github/workflows/build-ccm-gcp.yml because of https://github.com/kubernetes/cloud-provider-gcp/issues/289. CloudControllerManagerImageOpenStack string // k8s version dependency. - CloudNodeManagerImageAzure string // k8s version dependency. Same version as above. + CloudNodeManagerImageAzure string // k8s version dependency. Same version as Azure's CCM image above. ClusterAutoscalerImage string // Matches k8s versioning scheme. } diff --git a/terraform-provider-constellation/docs/resources/cluster.md b/terraform-provider-constellation/docs/resources/cluster.md index a11fb904c..d62f8aa4b 100644 --- a/terraform-provider-constellation/docs/resources/cluster.md +++ b/terraform-provider-constellation/docs/resources/cluster.md @@ -69,7 +69,7 @@ resource "constellation_cluster" "azure_example" { See the [full list of CSPs](https://docs.edgeless.systems/constellation/overview/clouds) that Constellation supports. - `image` (Attributes) Constellation OS Image to use on the nodes. (see [below for nested schema](#nestedatt--image)) - `init_secret` (String) Secret used for initialization of the cluster. -- `kubernetes_version` (String) The Kubernetes version to use for the cluster. The supported versions are [v1.27.14 v1.28.10 v1.29.5]. +- `kubernetes_version` (String) The Kubernetes version to use for the cluster. The supported versions are [v1.28.11 v1.29.6 v1.30.2]. - `master_secret` (String) Hex-encoded 32-byte master secret for the cluster. - `master_secret_salt` (String) Hex-encoded 32-byte master secret salt for the cluster. - `measurement_salt` (String) Hex-encoded 32-byte measurement salt for the cluster. From 6e2af89c01a407e4388d28bf49ed881ac8cd07e0 Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Thu, 20 Jun 2024 08:25:30 +0200 Subject: [PATCH 084/380] ci: fix cdbg_deploy error reporting (#3182) --- .github/actions/cdbg_deploy/action.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/actions/cdbg_deploy/action.yml b/.github/actions/cdbg_deploy/action.yml index 87908a6e8..b82a67226 100644 --- a/.github/actions/cdbg_deploy/action.yml +++ b/.github/actions/cdbg_deploy/action.yml @@ -91,6 +91,11 @@ runs: shell: bash run: | echo "::group::cdbg deploy" + on_error() { + echo "::error::cdbg deploy failed" + } + trap on_error ERR + chmod +x $GITHUB_WORKSPACE/build/cdbg cdbg deploy \ --bootstrapper "${{ github.workspace }}/build/bootstrapper" \ @@ -112,8 +117,4 @@ runs: --info logcollect.deployment-type="debugd" \ --verbosity=-1 \ --force - if [[ $? -ne 0 ]]; then - echo "::error::cdbg deploy failed" - exit 1 - fi echo "::endgroup::" From 0368047939b37e3139e1b82d4982417095e74b5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Thu, 20 Jun 2024 08:41:46 +0200 Subject: [PATCH 085/380] helm: update Azure CSI, GCP CSI, and CSI snapshotter charts (#3175) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Update GCP CSI chart to v1.4.0 * Update Azure CSI chart to v1.4.0 * Update CSI snapshotter from v6.2.2 to v8.0.1 --------- Signed-off-by: Daniel Weiße --- .../helm/charts/edgeless/csi/Chart.yaml | 4 +- .../charts/azuredisk-csi-driver/Chart.yaml | 4 +- .../templates/csi-azuredisk-controller.yaml | 22 +- .../templates/csi-azuredisk-node.yaml | 11 + .../charts/azuredisk-csi-driver/values.yaml | 16 +- .../Chart.yaml | 4 +- .../values.yaml | 12 +- .../csi/charts/snapshot-controller/Chart.yaml | 9 +- .../templates/admission-configuration.yaml | 5 +- .../templates/serving-cert.yaml | 2 +- .../templates/snapshot-controller.yaml | 9 +- .../templates/snapshot-webhook.yaml | 3 + .../charts/snapshot-controller/values.yaml | 5 +- .../csi/charts/snapshot-crds/Chart.yaml | 7 +- .../templates/volumesnapshotclasses.yaml | 53 ++-- .../templates/volumesnapshotcontents.yaml | 288 +++++++++++------- .../templates/volumesnapshots.yaml | 215 +++++++------ .../constellation/helm/update-csi-charts.sh | 4 +- 18 files changed, 407 insertions(+), 266 deletions(-) diff --git a/internal/constellation/helm/charts/edgeless/csi/Chart.yaml b/internal/constellation/helm/charts/edgeless/csi/Chart.yaml index 3a1feaf37..5301e51db 100644 --- a/internal/constellation/helm/charts/edgeless/csi/Chart.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/Chart.yaml @@ -13,7 +13,7 @@ dependencies: tags: - AWS - name: azuredisk-csi-driver - version: v1.3.0 + version: v1.4.0 tags: - Azure - name: cinder-config @@ -21,7 +21,7 @@ dependencies: tags: - OpenStack - name: gcp-compute-persistent-disk-csi-driver - version: 1.3.0 + version: 1.4.0 tags: - GCP - name: openstack-cinder-csi diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/Chart.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/Chart.yaml index fbab5e66d..3ce5248a0 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/Chart.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: "v1.3.0" +appVersion: "v1.4.0" description: Azure disk Container Storage Interface (CSI) Storage Plugin with on-node encryption support name: azuredisk-csi-driver -version: v1.3.0 +version: v1.4.0 diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/csi-azuredisk-controller.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/csi-azuredisk-controller.yaml index f7ac6f2db..645a4da75 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/csi-azuredisk-controller.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/csi-azuredisk-controller.yaml @@ -120,6 +120,7 @@ spec: - "-leader-election" - "--leader-election-namespace={{ .Release.Namespace }}" - "-v=2" + - "--timeout=1200s" env: - name: ADDRESS value: /csi/csi.sock @@ -157,7 +158,11 @@ spec: args: - --csi-address=/csi/csi.sock - --probe-timeout=3s +{{- if eq .Values.controller.hostNetwork true }} + - --http-endpoint=localhost:{{ .Values.controller.livenessProbe.healthPort }} +{{- else }} - --health-port={{ .Values.controller.livenessProbe.healthPort }} +{{- end }} - --v=2 volumeMounts: - name: socket-dir @@ -197,18 +202,29 @@ spec: - "--enable-traffic-manager={{ .Values.controller.enableTrafficManager }}" - "--traffic-manager-port={{ .Values.controller.trafficManagerPort }}" - "--enable-otel-tracing={{ .Values.controller.otelTracing.enabled }}" + - "--check-disk-lun-collision=true" + {{- range $value := .Values.controller.extraArgs }} + - {{ $value | quote }} + {{- end }} ports: - - containerPort: {{ .Values.controller.livenessProbe.healthPort }} - name: healthz - protocol: TCP - containerPort: {{ .Values.controller.metricsPort }} name: metrics protocol: TCP +{{- if ne .Values.controller.hostNetwork true }} + - containerPort: {{ .Values.controller.livenessProbe.healthPort }} + name: healthz + protocol: TCP +{{- end }} livenessProbe: failureThreshold: 5 httpGet: path: /healthz +{{- if eq .Values.controller.hostNetwork true }} + host: localhost + port: {{ .Values.controller.livenessProbe.healthPort }} +{{- else }} port: healthz +{{- end }} initialDelaySeconds: 30 timeoutSeconds: 10 periodSeconds: 30 diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/csi-azuredisk-node.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/csi-azuredisk-node.yaml index 50d3b795c..9d9c368d9 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/csi-azuredisk-node.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/templates/csi-azuredisk-node.yaml @@ -74,7 +74,11 @@ spec: args: - --csi-address=/csi/csi.sock - --probe-timeout=3s +{{- if eq .Values.linux.hostNetwork true }} + - --http-endpoint=localhost:{{ .Values.node.livenessProbe.healthPort }} +{{- else }} - --health-port={{ .Values.node.livenessProbe.healthPort }} +{{- end }} - --v=2 resources: {{- toYaml .Values.linux.resources.livenessProbe | nindent 12 }} - name: node-driver-registrar @@ -131,15 +135,22 @@ spec: - "--get-nodeid-from-imds={{ .Values.node.getNodeIDFromIMDS }}" - "--enable-otel-tracing={{ .Values.linux.otelTracing.enabled }}" - "--kms-addr={{ .Values.global.keyServiceName }}.{{ .Values.global.keyServiceNamespace | default .Release.Namespace }}:{{ .Values.global.keyServicePort }}" +{{- if ne .Values.linux.hostNetwork true }} ports: - containerPort: {{ .Values.node.livenessProbe.healthPort }} name: healthz protocol: TCP +{{- end }} livenessProbe: failureThreshold: 5 httpGet: path: /healthz +{{- if eq .Values.linux.hostNetwork true }} + host: localhost + port: {{ .Values.node.livenessProbe.healthPort }} +{{- else }} port: healthz +{{- end }} initialDelaySeconds: 30 timeoutSeconds: 10 periodSeconds: 30 diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/values.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/values.yaml index 944663770..18faf65c3 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/values.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/azuredisk-csi-driver/values.yaml @@ -2,27 +2,27 @@ image: baseRepo: mcr.microsoft.com azuredisk: repository: ghcr.io/edgelesssys/constellation/azure-csi-driver - tag: v1.3.0@sha256:1e798f066ef78c293c4c87a31677f8948be4c8709980135969b73a9d7a46ca71 + tag: v1.4.0@sha256:e41b09d2735cb7410e2bf7abe9ca2166aa5a949d6c6e2ac570773b5d041797f1 pullPolicy: IfNotPresent csiProvisioner: repository: /oss/kubernetes-csi/csi-provisioner - tag: v3.5.0@sha256:fdf70099aa1538d1c2164976cf6d158ef8b3a5ee63db10bf0085de4ec66f59b4 + tag: v4.0.0@sha256:beadfb2cfa02f8bbb2efd88261a673023527cf51ebe7894daef82c4d928264a5 pullPolicy: IfNotPresent csiAttacher: repository: /oss/kubernetes-csi/csi-attacher - tag: v4.3.0@sha256:4306b80bfe8caea3fe53f6d1c15807c745be3072553ff508fc4f61da8f4a0c10 + tag: v4.5.0@sha256:172a9140780701b2223b7296729fc6cc3be8c86d0cfd2d0452e495f5ea28f51f pullPolicy: IfNotPresent csiResizer: repository: /oss/kubernetes-csi/csi-resizer - tag: v1.8.0@sha256:6f0e8c9f3d0bdcf7a5fb5e404276ffac624033099d7687c8080692bcb6d13cd1 + tag: v1.9.3@sha256:e20dc798f529436d2c861dd66bc7fcfa17623b562a2a65474aab38fb77c9824a pullPolicy: IfNotPresent livenessProbe: repository: /oss/kubernetes-csi/livenessprobe - tag: v2.10.0@sha256:3aeac313cffdb7db80b733539427f2533a3f662bf538e7b6434b0f898ceb701b + tag: v2.12.0@sha256:c762188c45d1b9bc9144b694b85313d5e49c741935a81d5b94fd7db978a40ae1 pullPolicy: IfNotPresent nodeDriverRegistrar: repository: /oss/kubernetes-csi/csi-node-driver-registrar - tag: v2.8.0@sha256:af6bf1b5ff310d4dc02cf8276be9b06014318f7ee31238b5fa278febd1a10ca9 + tag: v2.10.0@sha256:136e3a4a5897f111d1dedd404a5717ee7ff2f215e5fe878abdf4ce00c2292280 pullPolicy: IfNotPresent serviceAccount: @@ -140,11 +140,11 @@ snapshot: image: csiSnapshotter: repository: /oss/kubernetes-csi/csi-snapshotter - tag: v6.2.2 + tag: v6.3.3 pullPolicy: IfNotPresent csiSnapshotController: repository: /oss/kubernetes-csi/snapshot-controller - tag: v6.2.2 + tag: v6.3.3 pullPolicy: IfNotPresent snapshotController: name: csi-snapshot-controller diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/Chart.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/Chart.yaml index ed8008238..0380cc531 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/Chart.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -version: 1.3.0 -appVersion: "v1.3.0" +version: 1.4.0 +appVersion: "v1.4.0" description: GCP Compute Persistent Disk Container Storage Interface (CSI) Storage Plugin with on-node encryption support name: gcp-compute-persistent-disk-csi-driver diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/values.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/values.yaml index e620dde5a..2ac7e6b5e 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/values.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/gcp-compute-persistent-disk-csi-driver/values.yaml @@ -1,28 +1,28 @@ image: csiProvisioner: repo: registry.k8s.io/sig-storage/csi-provisioner - tag: v3.4.0@sha256:e468dddcd275163a042ab297b2d8c2aca50d5e148d2d22f3b6ba119e2f31fa79 + tag: v3.6.3@sha256:10624570c0aceb03f55f1eb07147b0c537e4676869cca2e9bd4bab113f810ac4 pullPolicy: IfNotPresent csiAttacher: repo: registry.k8s.io/sig-storage/csi-attacher - tag: v4.2.0@sha256:34cf9b32736c6624fc9787fb149ea6e0fbeb45415707ac2f6440ac960f1116e6 + tag: v4.4.3@sha256:d7325367ab72b2d469a5091d87b4fc01142d2d13d1a28b2defbbe3e6fdbc4611 pullPolicy: IfNotPresent csiResizer: repo: registry.k8s.io/sig-storage/csi-resizer - tag: v1.7.0@sha256:3a7bdf5d105783d05d0962fa06ca53032b01694556e633f27366201c2881e01d + tag: v1.9.3@sha256:3c116f543f0590aeff3299c8bb0683f250817d11a77d9e9071b15a0bffdabcd9 pullPolicy: IfNotPresent csiSnapshotter: repo: registry.k8s.io/sig-storage/csi-snapshotter - tag: v6.1.0@sha256:291334908ddf71a4661fd7f6d9d97274de8a5378a2b6fdfeb2ce73414a34f82f + tag: v6.3.3@sha256:f1bd6ee18c4021c1c94f29edfab89b49b6a4d1b800936c19dbef2d75f8202f2d pullPolicy: IfNotPresent csiNodeRegistrar: repo: registry.k8s.io/sig-storage/csi-node-driver-registrar - tag: v2.7.0@sha256:4a4cae5118c4404e35d66059346b7fa0835d7e6319ff45ed73f4bba335cf5183 + tag: v2.9.3@sha256:0f64602ea791246712b51df334bbd701a0f31df9950a4cb9c28c059f367baa9e pullPolicy: IfNotPresent gcepdDriver: repo: ghcr.io/edgelesssys/constellation/gcp-csi-driver # CSI driver version is independent of Constellation releases - tag: v1.3.0@sha256:0ecb68f348ed6c287075db00f9c5ea731e7e2db9f2f7511b65391fb6856fe11a + tag: v1.4.0@sha256:53d608aa03dd07059bc04e1f8c64e2feb6fceff50fb0cbe276d31a8652a19bac pullPolicy: IfNotPresent csiController: diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-controller/Chart.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-controller/Chart.yaml index a6aacc946..be3dde48a 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-controller/Chart.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-controller/Chart.yaml @@ -1,6 +1,9 @@ apiVersion: v2 name: snapshot-controller -description: A chart to deploy the CSI snapshot controller and webhook +description: | + A chart to deploy the CSI snapshot controller and webhook + Snapshot controller source: https://github.com/kubernetes-csi/external-snapshotter/tree/v8.0.1/deploy/kubernetes/snapshot-controller + Snapshot validating webhook source: https://github.com/kubernetes-csi/external-snapshotter/tree/v8.0.1/deploy/kubernetes/webhook-example type: application -version: 6.2.2 -appVersion: "6.2.2" +version: 8.0.1 +appVersion: "8.0.1" diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-controller/templates/admission-configuration.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-controller/templates/admission-configuration.yaml index 95e26f473..ab6159704 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-controller/templates/admission-configuration.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-controller/templates/admission-configuration.yaml @@ -1,3 +1,6 @@ +# Snapshot validating webhook configuration +# Adapted from https://github.com/kubernetes-csi/external-snapshotter/tree/v8.0.1/deploy/kubernetes/webhook-example +# to use cert-manager for serving certificates apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: @@ -10,7 +13,7 @@ webhooks: - apiGroups: ["snapshot.storage.k8s.io"] apiVersions: ["v1"] operations: ["CREATE", "UPDATE"] - resources: ["volumesnapshots", "volumesnapshotcontents", "volumesnapshotclasses"] + resources: ["volumesnapshotclasses"] scope: "*" clientConfig: service: diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-controller/templates/serving-cert.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-controller/templates/serving-cert.yaml index 93c24cec6..00a1935e4 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-controller/templates/serving-cert.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-controller/templates/serving-cert.yaml @@ -6,7 +6,7 @@ metadata: spec: dnsNames: - 'snapshot-validation-service.{{ .Release.Namespace }}.svc' - - 'snapshot-validation-service.{{ .Release.Namespace }}.svc.{{ .Values.kubernetesClusterDomain }}' + - 'snapshot-validation-service.{{ .Release.Namespace }}.svc.cluster.local' issuerRef: kind: Issuer name: snapshot-validation-selfsigned-issuer diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-controller/templates/snapshot-controller.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-controller/templates/snapshot-controller.yaml index ae8dbcc4e..bd244b0db 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-controller/templates/snapshot-controller.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-controller/templates/snapshot-controller.yaml @@ -16,10 +16,11 @@ spec: selector: matchLabels: app: snapshot-controller - # the snapshot controller won't be marked as ready if the v1 CRDs are unavailable - # in #504 the snapshot-controller will exit after around 7.5 seconds if it - # can't find the v1 CRDs so this value should be greater than that - minReadySeconds: 15 + # The snapshot controller won't be marked as ready if the v1 CRDs are unavailable. + # The flag --retry-crd-interval-max is used to determine how long the controller + # will wait for the CRDs to become available before exiting. The default is 30 seconds + # so minReadySeconds should be set slightly higher than the flag value. + minReadySeconds: 35 strategy: rollingUpdate: maxSurge: 0 diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-controller/templates/snapshot-webhook.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-controller/templates/snapshot-webhook.yaml index 861f284d7..8c93b51fc 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-controller/templates/snapshot-webhook.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-controller/templates/snapshot-webhook.yaml @@ -1,3 +1,6 @@ +# Snapshot validating webhook configuration +# Adapted from https://github.com/kubernetes-csi/external-snapshotter/tree/v8.0.1/deploy/kubernetes/webhook-example +# to use cert-manager for serving certificates --- apiVersion: apps/v1 kind: Deployment diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-controller/values.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-controller/values.yaml index 9c2f219b5..32b86216b 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-controller/values.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-controller/values.yaml @@ -1,15 +1,14 @@ -kubernetesClusterDomain: cluster.local snapshotController: replicas: 2 snapshotController: image: repository: registry.k8s.io/sig-storage/snapshot-controller - tag: v6.2.2@sha256:fb95b65bb88f319f0f7d5397c401a654164f11a191f466b4026fa36085c7141b + tag: v8.0.1@sha256:32b8e4254751c9935c796e6e5c07fe804250bd5032ab78f7133a00f75d504596 imagePullPolicy: IfNotPresent snapshotWebhook: replicas: 1 webhook: image: repository: registry.k8s.io/sig-storage/snapshot-validation-webhook - tag: v6.2.2@sha256:b5be1e04b7c43352f83e135bd772de05437f8f3a20cb9437875d1a0d4f127440 + tag: v8.0.1@sha256:7f058f8b3faac68d93c0abf2b97532820ec8ffff944f5919ce7039506ca24cbd imagePullPolicy: IfNotPresent diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-crds/Chart.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-crds/Chart.yaml index fd0fc7ae2..aa7a27fe1 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-crds/Chart.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-crds/Chart.yaml @@ -1,6 +1,7 @@ apiVersion: v2 name: snapshot-crds -description: A chart to deploy CSI snapshot CRDs +description: "A chart to deploy CSI snapshot CRDs. Source: https://github.com/kubernetes-csi/external-snapshotter/tree/v8.0.1/client/config/crd" + type: application -version: 6.2.2 -appVersion: "6.2.2" +version: 8.0.1 +appVersion: "8.0.1" diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-crds/templates/volumesnapshotclasses.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-crds/templates/volumesnapshotclasses.yaml index 56a8e1487..8164952a4 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-crds/templates/volumesnapshotclasses.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-crds/templates/volumesnapshotclasses.yaml @@ -3,9 +3,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/814" - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.15.0 name: volumesnapshotclasses.snapshot.storage.k8s.io spec: group: snapshot.storage.k8s.io @@ -34,42 +33,52 @@ spec: name: v1 schema: openAPIV3Schema: - description: VolumeSnapshotClass specifies parameters that a underlying storage - system uses when creating a volume snapshot. A specific VolumeSnapshotClass - is used by specifying its name in a VolumeSnapshot object. VolumeSnapshotClasses - are non-namespaced + description: |- + VolumeSnapshotClass specifies parameters that a underlying storage system uses when + creating a volume snapshot. A specific VolumeSnapshotClass is used by specifying its + name in a VolumeSnapshot object. + VolumeSnapshotClasses are non-namespaced properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string deletionPolicy: - description: deletionPolicy determines whether a VolumeSnapshotContent - created through the VolumeSnapshotClass should be deleted when its bound - VolumeSnapshot is deleted. Supported values are "Retain" and "Delete". - "Retain" means that the VolumeSnapshotContent and its physical snapshot - on underlying storage system are kept. "Delete" means that the VolumeSnapshotContent - and its physical snapshot on underlying storage system are deleted. + description: |- + deletionPolicy determines whether a VolumeSnapshotContent created through + the VolumeSnapshotClass should be deleted when its bound VolumeSnapshot is deleted. + Supported values are "Retain" and "Delete". + "Retain" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are kept. + "Delete" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are deleted. Required. enum: - Delete - Retain type: string driver: - description: driver is the name of the storage driver that handles this - VolumeSnapshotClass. Required. + description: |- + driver is the name of the storage driver that handles this VolumeSnapshotClass. + Required. type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string + metadata: + type: object parameters: additionalProperties: type: string - description: parameters is a key-value map with storage driver specific - parameters for creating snapshots. These values are opaque to Kubernetes. + description: |- + parameters is a key-value map with storage driver specific parameters for creating snapshots. + These values are opaque to Kubernetes. type: object required: - deletionPolicy diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-crds/templates/volumesnapshotcontents.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-crds/templates/volumesnapshotcontents.yaml index d6181ed93..cd0c879fc 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-crds/templates/volumesnapshotcontents.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-crds/templates/volumesnapshotcontents.yaml @@ -3,9 +3,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/814" - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.15.0 + api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/955" name: volumesnapshotcontents.snapshot.storage.k8s.io spec: group: snapshot.storage.k8s.io @@ -48,7 +47,8 @@ spec: jsonPath: .spec.volumeSnapshotRef.name name: VolumeSnapshot type: string - - description: Namespace of the VolumeSnapshot object to which this VolumeSnapshotContent object is bound. + - description: Namespace of the VolumeSnapshot object to which this VolumeSnapshotContent + object is bound. jsonPath: .spec.volumeSnapshotRef.namespace name: VolumeSnapshotNamespace type: string @@ -58,152 +58,206 @@ spec: name: v1 schema: openAPIV3Schema: - description: VolumeSnapshotContent represents the actual "on-disk" snapshot - object in the underlying storage system + description: |- + VolumeSnapshotContent represents the actual "on-disk" snapshot object in the + underlying storage system properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string + metadata: + type: object spec: - description: spec defines properties of a VolumeSnapshotContent created - by the underlying storage system. Required. + description: |- + spec defines properties of a VolumeSnapshotContent created by the underlying storage system. + Required. properties: deletionPolicy: - description: deletionPolicy determines whether this VolumeSnapshotContent - and its physical snapshot on the underlying storage system should - be deleted when its bound VolumeSnapshot is deleted. Supported values - are "Retain" and "Delete". "Retain" means that the VolumeSnapshotContent - and its physical snapshot on underlying storage system are kept. - "Delete" means that the VolumeSnapshotContent and its physical snapshot - on underlying storage system are deleted. For dynamically provisioned - snapshots, this field will automatically be filled in by the CSI - snapshotter sidecar with the "DeletionPolicy" field defined in the - corresponding VolumeSnapshotClass. For pre-existing snapshots, users - MUST specify this field when creating the VolumeSnapshotContent - object. Required. + description: |- + deletionPolicy determines whether this VolumeSnapshotContent and its physical snapshot on + the underlying storage system should be deleted when its bound VolumeSnapshot is deleted. + Supported values are "Retain" and "Delete". + "Retain" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are kept. + "Delete" means that the VolumeSnapshotContent and its physical snapshot on underlying storage system are deleted. + For dynamically provisioned snapshots, this field will automatically be filled in by the + CSI snapshotter sidecar with the "DeletionPolicy" field defined in the corresponding + VolumeSnapshotClass. + For pre-existing snapshots, users MUST specify this field when creating the + VolumeSnapshotContent object. + Required. enum: - Delete - Retain type: string driver: - description: driver is the name of the CSI driver used to create the - physical snapshot on the underlying storage system. This MUST be - the same as the name returned by the CSI GetPluginName() call for - that driver. Required. + description: |- + driver is the name of the CSI driver used to create the physical snapshot on + the underlying storage system. + This MUST be the same as the name returned by the CSI GetPluginName() call for + that driver. + Required. type: string source: - description: source specifies whether the snapshot is (or should be) - dynamically provisioned or already exists, and just requires a Kubernetes - object representation. This field is immutable after creation. Required. + description: |- + source specifies whether the snapshot is (or should be) dynamically provisioned + or already exists, and just requires a Kubernetes object representation. + This field is immutable after creation. + Required. properties: snapshotHandle: - description: snapshotHandle specifies the CSI "snapshot_id" of - a pre-existing snapshot on the underlying storage system for - which a Kubernetes object representation was (or should be) - created. This field is immutable. - type: string - volumeHandle: - description: volumeHandle specifies the CSI "volume_id" of the - volume from which a snapshot should be dynamically taken from. + description: |- + snapshotHandle specifies the CSI "snapshot_id" of a pre-existing snapshot on + the underlying storage system for which a Kubernetes object representation + was (or should be) created. This field is immutable. type: string + x-kubernetes-validations: + - message: snapshotHandle is immutable + rule: self == oldSelf + volumeHandle: + description: |- + volumeHandle specifies the CSI "volume_id" of the volume from which a snapshot + should be dynamically taken from. + This field is immutable. + type: string + x-kubernetes-validations: + - message: volumeHandle is immutable + rule: self == oldSelf type: object - oneOf: - - required: ["snapshotHandle"] - - required: ["volumeHandle"] + x-kubernetes-validations: + - message: volumeHandle is required once set + rule: '!has(oldSelf.volumeHandle) || has(self.volumeHandle)' + - message: snapshotHandle is required once set + rule: '!has(oldSelf.snapshotHandle) || has(self.snapshotHandle)' + - message: exactly one of volumeHandle and snapshotHandle must be + set + rule: (has(self.volumeHandle) && !has(self.snapshotHandle)) || (!has(self.volumeHandle) + && has(self.snapshotHandle)) sourceVolumeMode: - description: SourceVolumeMode is the mode of the volume whose snapshot - is taken. Can be either “Filesystem” or “Block”. If not specified, - it indicates the source volume's mode is unknown. This field is - immutable. This field is an alpha field. + description: |- + SourceVolumeMode is the mode of the volume whose snapshot is taken. + Can be either “Filesystem” or “Block”. + If not specified, it indicates the source volume's mode is unknown. + This field is immutable. + This field is an alpha field. type: string + x-kubernetes-validations: + - message: sourceVolumeMode is immutable + rule: self == oldSelf volumeSnapshotClassName: - description: name of the VolumeSnapshotClass from which this snapshot - was (or will be) created. Note that after provisioning, the VolumeSnapshotClass - may be deleted or recreated with different set of values, and as - such, should not be referenced post-snapshot creation. + description: |- + name of the VolumeSnapshotClass from which this snapshot was (or will be) + created. + Note that after provisioning, the VolumeSnapshotClass may be deleted or + recreated with different set of values, and as such, should not be referenced + post-snapshot creation. type: string volumeSnapshotRef: - description: volumeSnapshotRef specifies the VolumeSnapshot object - to which this VolumeSnapshotContent object is bound. VolumeSnapshot.Spec.VolumeSnapshotContentName - field must reference to this VolumeSnapshotContent's name for the - bidirectional binding to be valid. For a pre-existing VolumeSnapshotContent - object, name and namespace of the VolumeSnapshot object MUST be - provided for binding to happen. This field is immutable after creation. + description: |- + volumeSnapshotRef specifies the VolumeSnapshot object to which this + VolumeSnapshotContent object is bound. + VolumeSnapshot.Spec.VolumeSnapshotContentName field must reference to + this VolumeSnapshotContent's name for the bidirectional binding to be valid. + For a pre-existing VolumeSnapshotContent object, name and namespace of the + VolumeSnapshot object MUST be provided for binding to happen. + This field is immutable after creation. Required. properties: apiVersion: description: API version of the referent. type: string fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic + x-kubernetes-validations: + - message: both spec.volumeSnapshotRef.name and spec.volumeSnapshotRef.namespace + must be set + rule: has(self.name) && has(self.__namespace__) required: - deletionPolicy - driver - source - volumeSnapshotRef type: object + x-kubernetes-validations: + - message: sourceVolumeMode is required once set + rule: '!has(oldSelf.sourceVolumeMode) || has(self.sourceVolumeMode)' status: description: status represents the current information of a snapshot. properties: creationTime: - description: creationTime is the timestamp when the point-in-time - snapshot is taken by the underlying storage system. In dynamic snapshot - creation case, this field will be filled in by the CSI snapshotter - sidecar with the "creation_time" value returned from CSI "CreateSnapshot" - gRPC call. For a pre-existing snapshot, this field will be filled - with the "creation_time" value returned from the CSI "ListSnapshots" - gRPC call if the driver supports it. If not specified, it indicates - the creation time is unknown. The format of this field is a Unix - nanoseconds time encoded as an int64. On Unix, the command `date - +%s%N` returns the current time in nanoseconds since 1970-01-01 - 00:00:00 UTC. + description: |- + creationTime is the timestamp when the point-in-time snapshot is taken + by the underlying storage system. + In dynamic snapshot creation case, this field will be filled in by the + CSI snapshotter sidecar with the "creation_time" value returned from CSI + "CreateSnapshot" gRPC call. + For a pre-existing snapshot, this field will be filled with the "creation_time" + value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. + If not specified, it indicates the creation time is unknown. + The format of this field is a Unix nanoseconds time encoded as an int64. + On Unix, the command `date +%s%N` returns the current time in nanoseconds + since 1970-01-01 00:00:00 UTC. format: int64 type: integer error: - description: error is the last observed error during snapshot creation, - if any. Upon success after retry, this error field will be cleared. + description: |- + error is the last observed error during snapshot creation, if any. + Upon success after retry, this error field will be cleared. properties: message: - description: 'message is a string detailing the encountered error - during snapshot creation if specified. NOTE: message may be - logged, and it should not contain sensitive information.' + description: |- + message is a string detailing the encountered error during snapshot + creation if specified. + NOTE: message may be logged, and it should not contain sensitive + information. type: string time: description: time is the timestamp when the error was encountered. @@ -211,38 +265,40 @@ spec: type: string type: object readyToUse: - description: readyToUse indicates if a snapshot is ready to be used - to restore a volume. In dynamic snapshot creation case, this field - will be filled in by the CSI snapshotter sidecar with the "ready_to_use" - value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing - snapshot, this field will be filled with the "ready_to_use" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it, otherwise, this field will be set to "True". If not specified, - it means the readiness of a snapshot is unknown. + description: |- + readyToUse indicates if a snapshot is ready to be used to restore a volume. + In dynamic snapshot creation case, this field will be filled in by the + CSI snapshotter sidecar with the "ready_to_use" value returned from CSI + "CreateSnapshot" gRPC call. + For a pre-existing snapshot, this field will be filled with the "ready_to_use" + value returned from the CSI "ListSnapshots" gRPC call if the driver supports it, + otherwise, this field will be set to "True". + If not specified, it means the readiness of a snapshot is unknown. type: boolean restoreSize: - description: restoreSize represents the complete size of the snapshot - in bytes. In dynamic snapshot creation case, this field will be - filled in by the CSI snapshotter sidecar with the "size_bytes" value - returned from CSI "CreateSnapshot" gRPC call. For a pre-existing - snapshot, this field will be filled with the "size_bytes" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it. When restoring a volume from this snapshot, the size of the - volume MUST NOT be smaller than the restoreSize if it is specified, - otherwise the restoration will fail. If not specified, it indicates - that the size is unknown. + description: |- + restoreSize represents the complete size of the snapshot in bytes. + In dynamic snapshot creation case, this field will be filled in by the + CSI snapshotter sidecar with the "size_bytes" value returned from CSI + "CreateSnapshot" gRPC call. + For a pre-existing snapshot, this field will be filled with the "size_bytes" + value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. + When restoring a volume from this snapshot, the size of the volume MUST NOT + be smaller than the restoreSize if it is specified, otherwise the restoration will fail. + If not specified, it indicates that the size is unknown. format: int64 minimum: 0 type: integer snapshotHandle: - description: snapshotHandle is the CSI "snapshot_id" of a snapshot - on the underlying storage system. If not specified, it indicates - that dynamic snapshot creation has either failed or it is still - in progress. + description: |- + snapshotHandle is the CSI "snapshot_id" of a snapshot on the underlying storage system. + If not specified, it indicates that dynamic snapshot creation has either failed + or it is still in progress. type: string - volumeGroupSnapshotContentName: - description: VolumeGroupSnapshotContentName is the name of the VolumeGroupSnapshotContent - of which this VolumeSnapshotContent is a part of. + volumeGroupSnapshotHandle: + description: |- + VolumeGroupSnapshotHandle is the CSI "group_snapshot_id" of a group snapshot + on the underlying storage system. type: string type: object required: diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-crds/templates/volumesnapshots.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-crds/templates/volumesnapshots.yaml index 3e7f99663..6b96d7082 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-crds/templates/volumesnapshots.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-crds/templates/volumesnapshots.yaml @@ -3,9 +3,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 + controller-gen.kubebuilder.io/version: v0.15.0 api-approved.kubernetes.io: "https://github.com/kubernetes-csi/external-snapshotter/pull/814" - creationTimestamp: null name: volumesnapshots.snapshot.storage.k8s.io spec: group: snapshot.storage.k8s.io @@ -61,103 +60,140 @@ spec: name: v1 schema: openAPIV3Schema: - description: VolumeSnapshot is a user's request for either creating a point-in-time + description: |- + VolumeSnapshot is a user's request for either creating a point-in-time snapshot of a persistent volume, or binding to a pre-existing snapshot. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string + metadata: + type: object spec: - description: 'spec defines the desired characteristics of a snapshot requested - by a user. More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots - Required.' + description: |- + spec defines the desired characteristics of a snapshot requested by a user. + More info: https://kubernetes.io/docs/concepts/storage/volume-snapshots#volumesnapshots + Required. properties: source: - description: source specifies where a snapshot will be created from. - This field is immutable after creation. Required. + description: |- + source specifies where a snapshot will be created from. + This field is immutable after creation. + Required. properties: persistentVolumeClaimName: - description: persistentVolumeClaimName specifies the name of the - PersistentVolumeClaim object representing the volume from which - a snapshot should be created. This PVC is assumed to be in the - same namespace as the VolumeSnapshot object. This field should - be set if the snapshot does not exists, and needs to be created. + description: |- + persistentVolumeClaimName specifies the name of the PersistentVolumeClaim + object representing the volume from which a snapshot should be created. + This PVC is assumed to be in the same namespace as the VolumeSnapshot + object. + This field should be set if the snapshot does not exists, and needs to be + created. This field is immutable. type: string + x-kubernetes-validations: + - message: persistentVolumeClaimName is immutable + rule: self == oldSelf volumeSnapshotContentName: - description: volumeSnapshotContentName specifies the name of a - pre-existing VolumeSnapshotContent object representing an existing - volume snapshot. This field should be set if the snapshot already - exists and only needs a representation in Kubernetes. This field - is immutable. + description: |- + volumeSnapshotContentName specifies the name of a pre-existing VolumeSnapshotContent + object representing an existing volume snapshot. + This field should be set if the snapshot already exists and only needs a representation in Kubernetes. + This field is immutable. type: string + x-kubernetes-validations: + - message: volumeSnapshotContentName is immutable + rule: self == oldSelf type: object - oneOf: - - required: ["persistentVolumeClaimName"] - - required: ["volumeSnapshotContentName"] + x-kubernetes-validations: + - message: persistentVolumeClaimName is required once set + rule: '!has(oldSelf.persistentVolumeClaimName) || has(self.persistentVolumeClaimName)' + - message: volumeSnapshotContentName is required once set + rule: '!has(oldSelf.volumeSnapshotContentName) || has(self.volumeSnapshotContentName)' + - message: exactly one of volumeSnapshotContentName and persistentVolumeClaimName + must be set + rule: (has(self.volumeSnapshotContentName) && !has(self.persistentVolumeClaimName)) + || (!has(self.volumeSnapshotContentName) && has(self.persistentVolumeClaimName)) volumeSnapshotClassName: - description: 'VolumeSnapshotClassName is the name of the VolumeSnapshotClass - requested by the VolumeSnapshot. VolumeSnapshotClassName may be - left nil to indicate that the default SnapshotClass should be used. - A given cluster may have multiple default Volume SnapshotClasses: - one default per CSI Driver. If a VolumeSnapshot does not specify - a SnapshotClass, VolumeSnapshotSource will be checked to figure - out what the associated CSI Driver is, and the default VolumeSnapshotClass - associated with that CSI Driver will be used. If more than one VolumeSnapshotClass - exist for a given CSI Driver and more than one have been marked - as default, CreateSnapshot will fail and generate an event. Empty - string is not allowed for this field.' + description: |- + VolumeSnapshotClassName is the name of the VolumeSnapshotClass + requested by the VolumeSnapshot. + VolumeSnapshotClassName may be left nil to indicate that the default + SnapshotClass should be used. + A given cluster may have multiple default Volume SnapshotClasses: one + default per CSI Driver. If a VolumeSnapshot does not specify a SnapshotClass, + VolumeSnapshotSource will be checked to figure out what the associated + CSI Driver is, and the default VolumeSnapshotClass associated with that + CSI Driver will be used. If more than one VolumeSnapshotClass exist for + a given CSI Driver and more than one have been marked as default, + CreateSnapshot will fail and generate an event. + Empty string is not allowed for this field. type: string + x-kubernetes-validations: + - message: volumeSnapshotClassName must not be the empty string when + set + rule: size(self) > 0 required: - source type: object status: - description: status represents the current information of a snapshot. - Consumers must verify binding between VolumeSnapshot and VolumeSnapshotContent - objects is successful (by validating that both VolumeSnapshot and VolumeSnapshotContent - point at each other) before using this object. + description: |- + status represents the current information of a snapshot. + Consumers must verify binding between VolumeSnapshot and + VolumeSnapshotContent objects is successful (by validating that both + VolumeSnapshot and VolumeSnapshotContent point at each other) before + using this object. properties: boundVolumeSnapshotContentName: - description: 'boundVolumeSnapshotContentName is the name of the VolumeSnapshotContent - object to which this VolumeSnapshot object intends to bind to. If - not specified, it indicates that the VolumeSnapshot object has not - been successfully bound to a VolumeSnapshotContent object yet. NOTE: - To avoid possible security issues, consumers must verify binding - between VolumeSnapshot and VolumeSnapshotContent objects is successful - (by validating that both VolumeSnapshot and VolumeSnapshotContent - point at each other) before using this object.' + description: |- + boundVolumeSnapshotContentName is the name of the VolumeSnapshotContent + object to which this VolumeSnapshot object intends to bind to. + If not specified, it indicates that the VolumeSnapshot object has not been + successfully bound to a VolumeSnapshotContent object yet. + NOTE: To avoid possible security issues, consumers must verify binding between + VolumeSnapshot and VolumeSnapshotContent objects is successful (by validating that + both VolumeSnapshot and VolumeSnapshotContent point at each other) before using + this object. type: string creationTime: - description: creationTime is the timestamp when the point-in-time - snapshot is taken by the underlying storage system. In dynamic snapshot - creation case, this field will be filled in by the snapshot controller - with the "creation_time" value returned from CSI "CreateSnapshot" - gRPC call. For a pre-existing snapshot, this field will be filled - with the "creation_time" value returned from the CSI "ListSnapshots" - gRPC call if the driver supports it. If not specified, it may indicate - that the creation time of the snapshot is unknown. + description: |- + creationTime is the timestamp when the point-in-time snapshot is taken + by the underlying storage system. + In dynamic snapshot creation case, this field will be filled in by the + snapshot controller with the "creation_time" value returned from CSI + "CreateSnapshot" gRPC call. + For a pre-existing snapshot, this field will be filled with the "creation_time" + value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. + If not specified, it may indicate that the creation time of the snapshot is unknown. format: date-time type: string error: - description: error is the last observed error during snapshot creation, - if any. This field could be helpful to upper level controllers(i.e., - application controller) to decide whether they should continue on - waiting for the snapshot to be created based on the type of error - reported. The snapshot controller will keep retrying when an error - occurs during the snapshot creation. Upon success, this error field - will be cleared. + description: |- + error is the last observed error during snapshot creation, if any. + This field could be helpful to upper level controllers(i.e., application controller) + to decide whether they should continue on waiting for the snapshot to be created + based on the type of error reported. + The snapshot controller will keep retrying when an error occurs during the + snapshot creation. Upon success, this error field will be cleared. properties: message: - description: 'message is a string detailing the encountered error - during snapshot creation if specified. NOTE: message may be - logged, and it should not contain sensitive information.' + description: |- + message is a string detailing the encountered error during snapshot + creation if specified. + NOTE: message may be logged, and it should not contain sensitive + information. type: string time: description: time is the timestamp when the error was encountered. @@ -165,32 +201,35 @@ spec: type: string type: object readyToUse: - description: readyToUse indicates if the snapshot is ready to be used - to restore a volume. In dynamic snapshot creation case, this field - will be filled in by the snapshot controller with the "ready_to_use" - value returned from CSI "CreateSnapshot" gRPC call. For a pre-existing - snapshot, this field will be filled with the "ready_to_use" value - returned from the CSI "ListSnapshots" gRPC call if the driver supports - it, otherwise, this field will be set to "True". If not specified, - it means the readiness of a snapshot is unknown. + description: |- + readyToUse indicates if the snapshot is ready to be used to restore a volume. + In dynamic snapshot creation case, this field will be filled in by the + snapshot controller with the "ready_to_use" value returned from CSI + "CreateSnapshot" gRPC call. + For a pre-existing snapshot, this field will be filled with the "ready_to_use" + value returned from the CSI "ListSnapshots" gRPC call if the driver supports it, + otherwise, this field will be set to "True". + If not specified, it means the readiness of a snapshot is unknown. type: boolean restoreSize: type: string - description: restoreSize represents the minimum size of volume required - to create a volume from this snapshot. In dynamic snapshot creation - case, this field will be filled in by the snapshot controller with - the "size_bytes" value returned from CSI "CreateSnapshot" gRPC call. - For a pre-existing snapshot, this field will be filled with the - "size_bytes" value returned from the CSI "ListSnapshots" gRPC call - if the driver supports it. When restoring a volume from this snapshot, - the size of the volume MUST NOT be smaller than the restoreSize - if it is specified, otherwise the restoration will fail. If not - specified, it indicates that the size is unknown. + description: |- + restoreSize represents the minimum size of volume required to create a volume + from this snapshot. + In dynamic snapshot creation case, this field will be filled in by the + snapshot controller with the "size_bytes" value returned from CSI + "CreateSnapshot" gRPC call. + For a pre-existing snapshot, this field will be filled with the "size_bytes" + value returned from the CSI "ListSnapshots" gRPC call if the driver supports it. + When restoring a volume from this snapshot, the size of the volume MUST NOT + be smaller than the restoreSize if it is specified, otherwise the restoration will fail. + If not specified, it indicates that the size is unknown. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true volumeGroupSnapshotName: - description: VolumeGroupSnapshotName is the name of the VolumeGroupSnapshot - of which this VolumeSnapshot is a part of. + description: |- + VolumeGroupSnapshotName is the name of the VolumeGroupSnapshot of which this + VolumeSnapshot is a part of. type: string type: object required: diff --git a/internal/constellation/helm/update-csi-charts.sh b/internal/constellation/helm/update-csi-charts.sh index 16debb98d..de3486226 100755 --- a/internal/constellation/helm/update-csi-charts.sh +++ b/internal/constellation/helm/update-csi-charts.sh @@ -71,10 +71,10 @@ download_chart() { download_chart "https://github.com/edgelesssys/constellation-aws-ebs-csi-driver" "v1.2.0" "charts/aws-ebs-csi-driver" "aws-csi-driver" ## Azure CSI Driver -download_chart "https://github.com/edgelesssys/constellation-azuredisk-csi-driver" "v1.3.0" "charts/edgeless" "azuredisk-csi-driver" +download_chart "https://github.com/edgelesssys/constellation-azuredisk-csi-driver" "v1.4.0" "charts/edgeless" "azuredisk-csi-driver" ## GCP CSI Driver -download_chart "https://github.com/edgelesssys/constellation-gcp-compute-persistent-disk-csi-driver" "v1.3.0" "charts" "gcp-compute-persistent-disk-csi-driver" +download_chart "https://github.com/edgelesssys/constellation-gcp-compute-persistent-disk-csi-driver" "v1.4.0" "charts" "gcp-compute-persistent-disk-csi-driver" ## OpenStack CSI Driver (cinder) download_chart "https://github.com/edgelesssys/constellation-cloud-provider-openstack" "v1.0.2" "charts/cinder-csi-plugin" "openstack-cinder-csi" From a36e1a79f0bbb41ff4a9f14aaba02f57d5af2c5f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Thu, 20 Jun 2024 10:49:00 +0200 Subject: [PATCH 086/380] helm: upgrade cert-manager from v1.12.6 to v1.15.0 (#3177) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- internal/constellation/helm/BUILD.bazel | 3 + .../helm/charts/cert-manager/Chart.yaml | 12 +- .../charts/cert-manager/templates/NOTES.txt | 3 + .../cert-manager/templates/_helpers.tpl | 28 + .../templates/cainjector-config.yaml | 18 + .../templates/cainjector-deployment.yaml | 35 +- .../cainjector-poddisruptionbudget.yaml | 11 +- .../templates/controller-config.yaml | 15 +- .../charts/cert-manager/templates/crds.yaml | 5197 ++++++++++++++--- .../cert-manager/templates/deployment.yaml | 41 +- .../templates/extras-objects.yaml | 4 + .../templates/networkpolicy-egress.yaml | 4 - .../templates/networkpolicy-webhooks.yaml | 10 +- .../templates/poddisruptionbudget.yaml | 11 +- .../cert-manager/templates/podmonitor.yaml | 50 + .../charts/cert-manager/templates/rbac.yaml | 32 +- .../cert-manager/templates/service.yaml | 8 +- .../templates/serviceaccount.yaml | 2 +- .../templates/servicemonitor.yaml | 7 +- .../templates/startupapicheck-job.yaml | 5 +- .../templates/webhook-config.yaml | 15 +- .../templates/webhook-deployment.yaml | 27 +- .../templates/webhook-mutating-webhook.yaml | 10 +- .../webhook-poddisruptionbudget.yaml | 11 +- .../templates/webhook-service.yaml | 6 + .../templates/webhook-validating-webhook.yaml | 12 +- .../helm/charts/cert-manager/values.yaml | 1086 +++- .../constellation/helm/generateCertManager.sh | 4 +- internal/constellation/helm/helm_test.go | 2 +- 29 files changed, 5585 insertions(+), 1084 deletions(-) create mode 100644 internal/constellation/helm/charts/cert-manager/templates/cainjector-config.yaml create mode 100644 internal/constellation/helm/charts/cert-manager/templates/extras-objects.yaml create mode 100644 internal/constellation/helm/charts/cert-manager/templates/podmonitor.yaml diff --git a/internal/constellation/helm/BUILD.bazel b/internal/constellation/helm/BUILD.bazel index 52f92729c..c02eb53f0 100644 --- a/internal/constellation/helm/BUILD.bazel +++ b/internal/constellation/helm/BUILD.bazel @@ -462,6 +462,9 @@ go_library( "charts/edgeless/csi/charts/aws-csi-driver/templates/ebs-csi-default-sc.yaml", "charts/edgeless/csi/charts/aws-csi-driver/templates/role-leases.yaml", "charts/edgeless/csi/charts/aws-csi-driver/templates/rolebinding-leases.yaml", + "charts/cert-manager/templates/cainjector-config.yaml", + "charts/cert-manager/templates/extras-objects.yaml", + "charts/cert-manager/templates/podmonitor.yaml", ], importpath = "github.com/edgelesssys/constellation/v2/internal/constellation/helm", visibility = ["//:__subpackages__"], diff --git a/internal/constellation/helm/charts/cert-manager/Chart.yaml b/internal/constellation/helm/charts/cert-manager/Chart.yaml index 7a8e8043b..aea96934f 100644 --- a/internal/constellation/helm/charts/cert-manager/Chart.yaml +++ b/internal/constellation/helm/charts/cert-manager/Chart.yaml @@ -1,13 +1,15 @@ annotations: + artifacthub.io/category: security + artifacthub.io/license: Apache-2.0 artifacthub.io/prerelease: "false" artifacthub.io/signKey: | fingerprint: 1020CF3C033D4F35BAE1C19E1226061C665DF13E url: https://cert-manager.io/public-keys/cert-manager-keyring-2021-09-20-1020CF3C033D4F35BAE1C19E1226061C665DF13E.gpg -apiVersion: v1 -appVersion: v1.12.6 +apiVersion: v2 +appVersion: v1.15.0 description: A Helm chart for cert-manager -home: https://github.com/cert-manager/cert-manager -icon: https://raw.githubusercontent.com/cert-manager/cert-manager/d53c0b9270f8cd90d908460d69502694e1838f5f/logo/logo-small.png +home: https://cert-manager.io +icon: https://raw.githubusercontent.com/cert-manager/community/4d35a69437d21b76322157e6284be4cd64e6d2b7/logo/logo-small.png keywords: - cert-manager - kube-lego @@ -21,4 +23,4 @@ maintainers: name: cert-manager sources: - https://github.com/cert-manager/cert-manager -version: v1.12.6 +version: v1.15.0 diff --git a/internal/constellation/helm/charts/cert-manager/templates/NOTES.txt b/internal/constellation/helm/charts/cert-manager/templates/NOTES.txt index 102535460..341d10123 100644 --- a/internal/constellation/helm/charts/cert-manager/templates/NOTES.txt +++ b/internal/constellation/helm/charts/cert-manager/templates/NOTES.txt @@ -1,3 +1,6 @@ +{{- if .Values.installCRDs }} +⚠️ WARNING: `installCRDs` is deprecated, use `crds.enabled` instead. +{{- end }} cert-manager {{ .Chart.AppVersion }} has been deployed successfully! In order to begin issuing certificates, you will need to set up a ClusterIssuer diff --git a/internal/constellation/helm/charts/cert-manager/templates/_helpers.tpl b/internal/constellation/helm/charts/cert-manager/templates/_helpers.tpl index 90db4af26..9902c089f 100644 --- a/internal/constellation/helm/charts/cert-manager/templates/_helpers.tpl +++ b/internal/constellation/helm/charts/cert-manager/templates/_helpers.tpl @@ -172,3 +172,31 @@ https://github.com/helm/helm/issues/5358 {{- define "cert-manager.namespace" -}} {{ .Values.namespace | default .Release.Namespace }} {{- end -}} + +{{/* +Util function for generating the image URL based on the provided options. +IMPORTANT: This function is standarized across all charts in the cert-manager GH organization. +Any changes to this function should also be made in cert-manager, trust-manager, approver-policy, ... +See https://github.com/cert-manager/cert-manager/issues/6329 for a list of linked PRs. +*/}} +{{- define "image" -}} +{{- $defaultTag := index . 1 -}} +{{- with index . 0 -}} +{{- if .registry -}}{{ printf "%s/%s" .registry .repository }}{{- else -}}{{- .repository -}}{{- end -}} +{{- if .digest -}}{{ printf "@%s" .digest }}{{- else -}}{{ printf ":%s" (default $defaultTag .tag) }}{{- end -}} +{{- end }} +{{- end }} + +{{/* +Check that the user has not set both .installCRDs and .crds.enabled or +set .installCRDs and disabled .crds.keep. +.installCRDs is deprecated and users should use .crds.enabled and .crds.keep instead. +*/}} +{{- define "cert-manager.crd-check" -}} + {{- if and (.Values.installCRDs) (.Values.crds.enabled) }} + {{- fail "ERROR: the deprecated .installCRDs option cannot be enabled at the same time as its replacement .crds.enabled" }} + {{- end }} + {{- if and (.Values.installCRDs) (not .Values.crds.keep) }} + {{- fail "ERROR: .crds.keep is not compatible with .installCRDs, please use .crds.enabled and .crds.keep instead" }} + {{- end }} +{{- end -}} diff --git a/internal/constellation/helm/charts/cert-manager/templates/cainjector-config.yaml b/internal/constellation/helm/charts/cert-manager/templates/cainjector-config.yaml new file mode 100644 index 000000000..82399cc1a --- /dev/null +++ b/internal/constellation/helm/charts/cert-manager/templates/cainjector-config.yaml @@ -0,0 +1,18 @@ +{{- if .Values.cainjector.config -}} +{{- $_ := .Values.cainjector.config.apiVersion | required ".Values.cainjector.config.apiVersion must be set !" -}} +{{- $_ := .Values.cainjector.config.kind | required ".Values.cainjector.config.kind must be set !" -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "cainjector.fullname" . }} + namespace: {{ include "cert-manager.namespace" . }} + labels: + app: {{ include "cainjector.name" . }} + app.kubernetes.io/name: {{ include "cainjector.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: "cainjector" + {{- include "labels" . | nindent 4 }} +data: + config.yaml: | + {{- .Values.cainjector.config | toYaml | nindent 4 }} +{{- end -}} \ No newline at end of file diff --git a/internal/constellation/helm/charts/cert-manager/templates/cainjector-deployment.yaml b/internal/constellation/helm/charts/cert-manager/templates/cainjector-deployment.yaml index 122017374..8f9f7f331 100644 --- a/internal/constellation/helm/charts/cert-manager/templates/cainjector-deployment.yaml +++ b/internal/constellation/helm/charts/cert-manager/templates/cainjector-deployment.yaml @@ -16,6 +16,10 @@ metadata: {{- end }} spec: replicas: {{ .Values.cainjector.replicaCount }} + {{- /* The if statement below is equivalent to {{- if $value }} but will also return true for 0. */ -}} + {{- if not (has (quote .Values.global.revisionHistoryLimit) (list "" (quote ""))) }} + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} + {{- end }} selector: matchLabels: app.kubernetes.io/name: {{ include "cainjector.name" . }} @@ -45,6 +49,7 @@ spec: {{- if hasKey .Values.cainjector "automountServiceAccountToken" }} automountServiceAccountToken: {{ .Values.cainjector.automountServiceAccountToken }} {{- end }} + enableServiceLinks: {{ .Values.cainjector.enableServiceLinks }} {{- with .Values.global.priorityClassName }} priorityClassName: {{ . | quote }} {{- end }} @@ -54,14 +59,16 @@ spec: {{- end }} containers: - name: {{ .Chart.Name }}-cainjector - {{- with .Values.cainjector.image }} - image: "{{- if .registry -}}{{ .registry }}/{{- end -}}{{ .repository }}{{- if (.digest) -}} @{{ .digest }}{{- else -}}:{{ default $.Chart.AppVersion .tag }} {{- end -}}" - {{- end }} + image: "{{ template "image" (tuple .Values.cainjector.image $.Chart.AppVersion) }}" imagePullPolicy: {{ .Values.cainjector.image.pullPolicy }} args: - {{- if .Values.global.logLevel }} + {{- /* The if statement below is equivalent to {{- if $value }} but will also return true for 0. */ -}} + {{- if not (has (quote .Values.global.logLevel) (list "" (quote ""))) }} - --v={{ .Values.global.logLevel }} {{- end }} + {{- if .Values.cainjector.config }} + - --config=/var/cert-manager/config/config.yaml + {{- end }} {{- with .Values.global.leaderElection }} - --leader-election-namespace={{ .namespace }} {{- if .leaseDuration }} @@ -74,6 +81,9 @@ spec: - --leader-election-retry-period={{ .retryPeriod }} {{- end }} {{- end }} + {{- with .Values.cainjector.featureGates}} + - --feature-gates={{ . }} + {{- end}} {{- with .Values.cainjector.extraArgs }} {{- toYaml . | nindent 10 }} {{- end }} @@ -90,9 +100,15 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} - {{- with .Values.cainjector.volumeMounts }} + {{- if or .Values.cainjector.config .Values.cainjector.volumeMounts }} volumeMounts: + {{- if .Values.cainjector.config }} + - name: config + mountPath: /var/cert-manager/config + {{- end }} + {{- with .Values.cainjector.volumeMounts }} {{- toYaml . | nindent 12 }} + {{- end }} {{- end }} {{- with .Values.cainjector.nodeSelector }} nodeSelector: @@ -110,8 +126,15 @@ spec: topologySpreadConstraints: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.cainjector.volumes }} + {{- if or .Values.cainjector.volumes .Values.cainjector.config }} volumes: + {{- if .Values.cainjector.config }} + - name: config + configMap: + name: {{ include "cainjector.fullname" . }} + {{- end }} + {{ with .Values.cainjector.volumes }} {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} {{- end }} diff --git a/internal/constellation/helm/charts/cert-manager/templates/cainjector-poddisruptionbudget.yaml b/internal/constellation/helm/charts/cert-manager/templates/cainjector-poddisruptionbudget.yaml index f080b753a..6a7d60913 100644 --- a/internal/constellation/helm/charts/cert-manager/templates/cainjector-poddisruptionbudget.yaml +++ b/internal/constellation/helm/charts/cert-manager/templates/cainjector-poddisruptionbudget.yaml @@ -17,10 +17,13 @@ spec: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/component: "cainjector" - {{- with .Values.cainjector.podDisruptionBudget.minAvailable }} - minAvailable: {{ . }} + {{- if not (or (hasKey .Values.cainjector.podDisruptionBudget "minAvailable") (hasKey .Values.cainjector.podDisruptionBudget "maxUnavailable")) }} + minAvailable: 1 # Default value because minAvailable and maxUnavailable are not set {{- end }} - {{- with .Values.cainjector.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ . }} + {{- if hasKey .Values.cainjector.podDisruptionBudget "minAvailable" }} + minAvailable: {{ .Values.cainjector.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if hasKey .Values.cainjector.podDisruptionBudget "maxUnavailable" }} + maxUnavailable: {{ .Values.cainjector.podDisruptionBudget.maxUnavailable }} {{- end }} {{- end }} diff --git a/internal/constellation/helm/charts/cert-manager/templates/controller-config.yaml b/internal/constellation/helm/charts/cert-manager/templates/controller-config.yaml index a1b337572..25f62ef1d 100644 --- a/internal/constellation/helm/charts/cert-manager/templates/controller-config.yaml +++ b/internal/constellation/helm/charts/cert-manager/templates/controller-config.yaml @@ -1,12 +1,6 @@ {{- if .Values.config -}} - {{- if not .Values.config.apiVersion -}} - {{- fail "config.apiVersion must be set" -}} - {{- end -}} - - {{- if not .Values.config.kind -}} - {{- fail "config.kind must be set" -}} - {{- end -}} -{{- end -}} +{{- $_ := .Values.config.apiVersion | required ".Values.config.apiVersion must be set !" -}} +{{- $_ := .Values.config.kind | required ".Values.config.kind must be set !" -}} apiVersion: v1 kind: ConfigMap metadata: @@ -19,7 +13,6 @@ metadata: app.kubernetes.io/component: "controller" {{- include "labels" . | nindent 4 }} data: - {{- if .Values.config }} config.yaml: | - {{ .Values.config | toYaml | nindent 4 }} - {{- end }} + {{- .Values.config | toYaml | nindent 4 }} +{{- end -}} \ No newline at end of file diff --git a/internal/constellation/helm/charts/cert-manager/templates/crds.yaml b/internal/constellation/helm/charts/cert-manager/templates/crds.yaml index 820698742..2c70ca34c 100644 --- a/internal/constellation/helm/charts/cert-manager/templates/crds.yaml +++ b/internal/constellation/helm/charts/cert-manager/templates/crds.yaml @@ -1,8 +1,13 @@ -{{- if .Values.installCRDs }} +# {{- include "cert-manager.crd-check" . }} +# START crd {{- if or .Values.crds.enabled .Values.installCRDs }} apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: certificaterequests.cert-manager.io + # START annotations {{- if .Values.crds.keep }} + annotations: + helm.sh/resource-policy: keep + # END annotations {{- end }} labels: app: '{{ template "cert-manager.name" . }}' app.kubernetes.io/name: '{{ template "cert-manager.name" . }}' @@ -51,47 +56,91 @@ spec: type: date schema: openAPIV3Schema: - description: "A CertificateRequest is used to request a signed certificate from one of the configured issuers. \n All fields within the CertificateRequest's `spec` are immutable after creation. A CertificateRequest will either succeed or fail, as denoted by its `status.state` field. \n A CertificateRequest is a one-shot resource, meaning it represents a single point in time request for a certificate and cannot be re-used." + description: |- + A CertificateRequest is used to request a signed certificate from one of the + configured issuers. + + + All fields within the CertificateRequest's `spec` are immutable after creation. + A CertificateRequest will either succeed or fail, as denoted by its `Ready` status + condition and its `status.failureTime` field. + + + A CertificateRequest is a one-shot resource, meaning it represents a single + point in time request for a certificate and cannot be re-used. type: object - required: - - spec properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Desired state of the CertificateRequest resource. + description: |- + Specification of the desired state of the CertificateRequest resource. + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status type: object required: - issuerRef - request properties: duration: - description: The requested 'duration' (i.e. lifetime) of the Certificate. This option may be ignored/overridden by some issuer types. + description: |- + Requested 'duration' (i.e. lifetime) of the Certificate. Note that the + issuer may choose to ignore the requested duration, just like any other + requested attribute. type: string extra: - description: Extra contains extra attributes of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. + description: |- + Extra contains extra attributes of the user that created the CertificateRequest. + Populated by the cert-manager webhook on creation and immutable. type: object additionalProperties: type: array items: type: string groups: - description: Groups contains group membership of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. + description: |- + Groups contains group membership of the user that created the CertificateRequest. + Populated by the cert-manager webhook on creation and immutable. type: array items: type: string x-kubernetes-list-type: atomic isCA: - description: IsCA will request to mark the certificate as valid for certificate signing when submitting to the issuer. This will automatically add the `cert sign` usage to the list of `usages`. + description: |- + Requested basic constraints isCA value. Note that the issuer may choose + to ignore the requested isCA value, just like any other requested attribute. + + + NOTE: If the CSR in the `Request` field has a BasicConstraints extension, + it must have the same isCA value as specified here. + + + If true, this will automatically add the `cert sign` usage to the list + of requested `usages`. type: boolean issuerRef: - description: IssuerRef is a reference to the issuer for this CertificateRequest. If the `kind` field is not set, or set to `Issuer`, an Issuer resource with the given name in the same namespace as the CertificateRequest will be used. If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer with the provided name will be used. The `name` field in this stanza is required at all times. The group field refers to the API group of the issuer which defaults to `cert-manager.io` if empty. + description: |- + Reference to the issuer responsible for issuing the certificate. + If the issuer is namespace-scoped, it must be in the same namespace + as the Certificate. If the issuer is cluster-scoped, it can be used + from any namespace. + + + The `name` field of the reference must always be specified. type: object required: - name @@ -106,17 +155,69 @@ spec: description: Name of the resource being referred to. type: string request: - description: The PEM-encoded x509 certificate signing request to be submitted to the CA for signing. + description: |- + The PEM-encoded X.509 certificate signing request to be submitted to the + issuer for signing. + + + If the CSR has a BasicConstraints extension, its isCA attribute must + match the `isCA` value of this CertificateRequest. + If the CSR has a KeyUsage extension, its key usages must match the + key usages in the `usages` field of this CertificateRequest. + If the CSR has a ExtKeyUsage extension, its extended key usages + must match the extended key usages in the `usages` field of this + CertificateRequest. type: string format: byte uid: - description: UID contains the uid of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. + description: |- + UID contains the uid of the user that created the CertificateRequest. + Populated by the cert-manager webhook on creation and immutable. type: string usages: - description: Usages is the set of x509 usages that are requested for the certificate. If usages are set they SHOULD be encoded inside the CSR spec Defaults to `digital signature` and `key encipherment` if not specified. + description: |- + Requested key usages and extended key usages. + + + NOTE: If the CSR in the `Request` field has uses the KeyUsage or + ExtKeyUsage extension, these extensions must have the same values + as specified here without any additional values. + + + If unset, defaults to `digital signature` and `key encipherment`. type: array items: - description: "KeyUsage specifies valid usage contexts for keys. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 \n Valid KeyUsage values are as follows: \"signing\", \"digital signature\", \"content commitment\", \"key encipherment\", \"key agreement\", \"data encipherment\", \"cert sign\", \"crl sign\", \"encipher only\", \"decipher only\", \"any\", \"server auth\", \"client auth\", \"code signing\", \"email protection\", \"s/mime\", \"ipsec end system\", \"ipsec tunnel\", \"ipsec user\", \"timestamping\", \"ocsp signing\", \"microsoft sgc\", \"netscape sgc\"" + description: |- + KeyUsage specifies valid usage contexts for keys. + See: + https://tools.ietf.org/html/rfc5280#section-4.2.1.3 + https://tools.ietf.org/html/rfc5280#section-4.2.1.12 + + + Valid KeyUsage values are as follows: + "signing", + "digital signature", + "content commitment", + "key encipherment", + "key agreement", + "data encipherment", + "cert sign", + "crl sign", + "encipher only", + "decipher only", + "any", + "server auth", + "client auth", + "code signing", + "email protection", + "s/mime", + "ipsec end system", + "ipsec tunnel", + "ipsec user", + "timestamping", + "ocsp signing", + "microsoft sgc", + "netscape sgc" type: string enum: - signing @@ -143,22 +244,39 @@ spec: - microsoft sgc - netscape sgc username: - description: Username contains the name of the user that created the CertificateRequest. Populated by the cert-manager webhook on creation and immutable. + description: |- + Username contains the name of the user that created the CertificateRequest. + Populated by the cert-manager webhook on creation and immutable. type: string status: - description: Status of the CertificateRequest. This is set and managed automatically. + description: |- + Status of the CertificateRequest. + This is set and managed automatically. + Read-only. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status type: object properties: ca: - description: The PEM encoded x509 certificate of the signer, also known as the CA (Certificate Authority). This is set on a best-effort basis by different issuers. If not set, the CA is assumed to be unknown/not available. + description: |- + The PEM encoded X.509 certificate of the signer, also known as the CA + (Certificate Authority). + This is set on a best-effort basis by different issuers. + If not set, the CA is assumed to be unknown/not available. type: string format: byte certificate: - description: The PEM encoded x509 certificate resulting from the certificate signing request. If not set, the CertificateRequest has either not been completed or has failed. More information on failure can be found by checking the `conditions` field. + description: |- + The PEM encoded X.509 certificate resulting from the certificate + signing request. + If not set, the CertificateRequest has either not been completed or has + failed. More information on failure can be found by checking the + `conditions` field. type: string format: byte conditions: - description: List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready` and `InvalidRequest`. + description: |- + List of status conditions to indicate the status of a CertificateRequest. + Known condition types are `Ready`, `InvalidRequest`, `Approved` and `Denied`. type: array items: description: CertificateRequestCondition contains condition information for a CertificateRequest. @@ -168,14 +286,20 @@ spec: - type properties: lastTransitionTime: - description: LastTransitionTime is the timestamp corresponding to the last status change of this condition. + description: |- + LastTransitionTime is the timestamp corresponding to the last status + change of this condition. type: string format: date-time message: - description: Message is a human readable description of the details of the last transition, complementing reason. + description: |- + Message is a human readable description of the details of the last + transition, complementing reason. type: string reason: - description: Reason is a brief machine readable explanation for the condition's last transition. + description: |- + Reason is a brief machine readable explanation for the condition's last + transition. type: string status: description: Status of the condition, one of (`True`, `False`, `Unknown`). @@ -185,22 +309,34 @@ spec: - "False" - Unknown type: - description: Type of the condition, known values are (`Ready`, `InvalidRequest`, `Approved`, `Denied`). + description: |- + Type of the condition, known values are (`Ready`, `InvalidRequest`, + `Approved`, `Denied`). type: string x-kubernetes-list-map-keys: - type x-kubernetes-list-type: map failureTime: - description: FailureTime stores the time that this CertificateRequest failed. This is used to influence garbage collection and back-off. + description: |- + FailureTime stores the time that this CertificateRequest failed. This is + used to influence garbage collection and back-off. type: string format: date-time served: true storage: true + +# END crd {{- end }} + --- +# START crd {{- if or .Values.crds.enabled .Values.installCRDs }} apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: certificates.cert-manager.io + # START annotations {{- if .Values.crds.keep }} + annotations: + helm.sh/resource-policy: keep + # END annotations {{- end }} labels: app: '{{ template "cert-manager.name" . }}' app.kubernetes.io/name: '{{ template "cert-manager.name" . }}' @@ -244,70 +380,132 @@ spec: type: date schema: openAPIV3Schema: - description: "A Certificate resource should be created to ensure an up to date and signed x509 certificate is stored in the Kubernetes Secret resource named in `spec.secretName`. \n The stored certificate will be renewed before it expires (as configured by `spec.renewBefore`)." + description: |- + A Certificate resource should be created to ensure an up to date and signed + X.509 certificate is stored in the Kubernetes Secret resource named in `spec.secretName`. + + + The stored certificate will be renewed before it expires (as configured by `spec.renewBefore`). type: object - required: - - spec properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: Desired state of the Certificate resource. + description: |- + Specification of the desired state of the Certificate resource. + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status type: object required: - issuerRef - secretName properties: additionalOutputFormats: - description: AdditionalOutputFormats defines extra output formats of the private key and signed certificate chain to be written to this Certificate's target Secret. This is an Alpha Feature and is only enabled with the `--feature-gates=AdditionalCertificateOutputFormats=true` option on both the controller and webhook components. + description: |- + Defines extra output formats of the private key and signed certificate chain + to be written to this Certificate's target Secret. + + + This is a Beta Feature enabled by default. It can be disabled with the + `--feature-gates=AdditionalCertificateOutputFormats=false` option set on both + the controller and webhook components. type: array items: - description: CertificateAdditionalOutputFormat defines an additional output format of a Certificate resource. These contain supplementary data formats of the signed certificate chain and paired private key. + description: |- + CertificateAdditionalOutputFormat defines an additional output format of a + Certificate resource. These contain supplementary data formats of the signed + certificate chain and paired private key. type: object required: - type properties: type: - description: Type is the name of the format type that should be written to the Certificate's target Secret. + description: |- + Type is the name of the format type that should be written to the + Certificate's target Secret. type: string enum: - DER - CombinedPEM commonName: - description: 'CommonName is a common name to be used on the Certificate. The CommonName should have a length of 64 characters or fewer to avoid generating invalid CSRs. This value is ignored by TLS clients when any subject alt name is set. This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4' + description: |- + Requested common name X509 certificate subject attribute. + More info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6 + NOTE: TLS clients will ignore this value when any subject alternative name is + set (see https://tools.ietf.org/html/rfc6125#section-6.4.4). + + + Should have a length of 64 characters or fewer to avoid generating invalid CSRs. + Cannot be set if the `literalSubject` field is set. type: string dnsNames: - description: DNSNames is a list of DNS subjectAltNames to be set on the Certificate. + description: Requested DNS subject alternative names. type: array items: type: string duration: - description: The requested 'duration' (i.e. lifetime) of the Certificate. This option may be ignored/overridden by some issuer types. If unset this defaults to 90 days. Certificate will be renewed either 2/3 through its duration or `renewBefore` period before its expiry, whichever is later. Minimum accepted duration is 1 hour. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration + description: |- + Requested 'duration' (i.e. lifetime) of the Certificate. Note that the + issuer may choose to ignore the requested duration, just like any other + requested attribute. + + + If unset, this defaults to 90 days. + Minimum accepted duration is 1 hour. + Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration. type: string emailAddresses: - description: EmailAddresses is a list of email subjectAltNames to be set on the Certificate. + description: Requested email subject alternative names. type: array items: type: string encodeUsagesInRequest: - description: EncodeUsagesInRequest controls whether key usages should be present in the CertificateRequest + description: |- + Whether the KeyUsage and ExtKeyUsage extensions should be set in the encoded CSR. + + + This option defaults to true, and should only be disabled if the target + issuer does not support CSRs with these X509 KeyUsage/ ExtKeyUsage extensions. type: boolean ipAddresses: - description: IPAddresses is a list of IP address subjectAltNames to be set on the Certificate. + description: Requested IP address subject alternative names. type: array items: type: string isCA: - description: IsCA will mark this Certificate as valid for certificate signing. This will automatically add the `cert sign` usage to the list of `usages`. + description: |- + Requested basic constraints isCA value. + The isCA value is used to set the `isCA` field on the created CertificateRequest + resources. Note that the issuer may choose to ignore the requested isCA value, just + like any other requested attribute. + + + If true, this will automatically add the `cert sign` usage to the list + of requested `usages`. type: boolean issuerRef: - description: IssuerRef is a reference to the issuer for this certificate. If the `kind` field is not set, or set to `Issuer`, an Issuer resource with the given name in the same namespace as the Certificate will be used. If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer with the provided name will be used. The `name` field in this stanza is required at all times. + description: |- + Reference to the issuer responsible for issuing the certificate. + If the issuer is namespace-scoped, it must be in the same namespace + as the Certificate. If the issuer is cluster-scoped, it can be used + from any namespace. + + + The `name` field of the reference must always be specified. type: object required: - name @@ -322,94 +520,325 @@ spec: description: Name of the resource being referred to. type: string keystores: - description: Keystores configures additional keystore output formats stored in the `secretName` Secret resource. + description: Additional keystore output formats to be stored in the Certificate's Secret. type: object properties: jks: - description: JKS configures options for storing a JKS keystore in the `spec.secretName` Secret resource. + description: |- + JKS configures options for storing a JKS keystore in the + `spec.secretName` Secret resource. type: object required: - create - passwordSecretRef properties: + alias: + description: |- + Alias specifies the alias of the key in the keystore, required by the JKS format. + If not provided, the default alias `certificate` will be used. + type: string create: - description: Create enables JKS keystore creation for the Certificate. If true, a file named `keystore.jks` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named `truststore.jks` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority + description: |- + Create enables JKS keystore creation for the Certificate. + If true, a file named `keystore.jks` will be created in the target + Secret resource, encrypted using the password stored in + `passwordSecretRef`. + The keystore file will be updated immediately. + If the issuer provided a CA certificate, a file named `truststore.jks` + will also be created in the target Secret resource, encrypted using the + password stored in `passwordSecretRef` + containing the issuing Certificate Authority type: boolean passwordSecretRef: - description: PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the JKS keystore. + description: |- + PasswordSecretRef is a reference to a key in a Secret resource + containing the password used to encrypt the JKS keystore. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string pkcs12: - description: PKCS12 configures options for storing a PKCS12 keystore in the `spec.secretName` Secret resource. + description: |- + PKCS12 configures options for storing a PKCS12 keystore in the + `spec.secretName` Secret resource. type: object required: - create - passwordSecretRef properties: create: - description: Create enables PKCS12 keystore creation for the Certificate. If true, a file named `keystore.p12` will be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef`. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named `truststore.p12` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority + description: |- + Create enables PKCS12 keystore creation for the Certificate. + If true, a file named `keystore.p12` will be created in the target + Secret resource, encrypted using the password stored in + `passwordSecretRef`. + The keystore file will be updated immediately. + If the issuer provided a CA certificate, a file named `truststore.p12` will + also be created in the target Secret resource, encrypted using the + password stored in `passwordSecretRef` containing the issuing Certificate + Authority type: boolean passwordSecretRef: - description: PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the PKCS12 keystore. + description: |- + PasswordSecretRef is a reference to a key in a Secret resource + containing the password used to encrypt the PKCS12 keystore. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string + profile: + description: |- + Profile specifies the key and certificate encryption algorithms and the HMAC algorithm + used to create the PKCS12 keystore. Default value is `LegacyRC2` for backward compatibility. + + + If provided, allowed values are: + `LegacyRC2`: Deprecated. Not supported by default in OpenSSL 3 or Java 20. + `LegacyDES`: Less secure algorithm. Use this option for maximal compatibility. + `Modern2023`: Secure algorithm. Use this option in case you have to always use secure algorithms + (eg. because of company policy). Please note that the security of the algorithm is not that important + in reality, because the unencrypted certificate and private key are also stored in the Secret. + type: string + enum: + - LegacyRC2 + - LegacyDES + - Modern2023 literalSubject: - description: LiteralSubject is an LDAP formatted string that represents the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6). Use this *instead* of the Subject field if you need to ensure the correct ordering of the RDN sequence, such as when issuing certs for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203, https://github.com/cert-manager/cert-manager/issues/4424. This field is alpha level and is only supported by cert-manager installations where LiteralCertificateSubject feature gate is enabled on both cert-manager controller and webhook. + description: |- + Requested X.509 certificate subject, represented using the LDAP "String + Representation of a Distinguished Name" [1]. + Important: the LDAP string format also specifies the order of the attributes + in the subject, this is important when issuing certs for LDAP authentication. + Example: `CN=foo,DC=corp,DC=example,DC=com` + More info [1]: https://datatracker.ietf.org/doc/html/rfc4514 + More info: https://github.com/cert-manager/cert-manager/issues/3203 + More info: https://github.com/cert-manager/cert-manager/issues/4424 + + + Cannot be set if the `subject` or `commonName` field is set. type: string + nameConstraints: + description: |- + x.509 certificate NameConstraint extension which MUST NOT be used in a non-CA certificate. + More Info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.10 + + + This is an Alpha Feature and is only enabled with the + `--feature-gates=NameConstraints=true` option set on both + the controller and webhook components. + type: object + properties: + critical: + description: if true then the name constraints are marked critical. + type: boolean + excluded: + description: |- + Excluded contains the constraints which must be disallowed. Any name matching a + restriction in the excluded field is invalid regardless + of information appearing in the permitted + type: object + properties: + dnsDomains: + description: DNSDomains is a list of DNS domains that are permitted or excluded. + type: array + items: + type: string + emailAddresses: + description: EmailAddresses is a list of Email Addresses that are permitted or excluded. + type: array + items: + type: string + ipRanges: + description: |- + IPRanges is a list of IP Ranges that are permitted or excluded. + This should be a valid CIDR notation. + type: array + items: + type: string + uriDomains: + description: URIDomains is a list of URI domains that are permitted or excluded. + type: array + items: + type: string + permitted: + description: Permitted contains the constraints in which the names must be located. + type: object + properties: + dnsDomains: + description: DNSDomains is a list of DNS domains that are permitted or excluded. + type: array + items: + type: string + emailAddresses: + description: EmailAddresses is a list of Email Addresses that are permitted or excluded. + type: array + items: + type: string + ipRanges: + description: |- + IPRanges is a list of IP Ranges that are permitted or excluded. + This should be a valid CIDR notation. + type: array + items: + type: string + uriDomains: + description: URIDomains is a list of URI domains that are permitted or excluded. + type: array + items: + type: string + otherNames: + description: |- + `otherNames` is an escape hatch for SAN that allows any type. We currently restrict the support to string like otherNames, cf RFC 5280 p 37 + Any UTF8 String valued otherName can be passed with by setting the keys oid: x.x.x.x and UTF8Value: somevalue for `otherName`. + Most commonly this would be UPN set with oid: 1.3.6.1.4.1.311.20.2.3 + You should ensure that any OID passed is valid for the UTF8String type as we do not explicitly validate this. + type: array + items: + type: object + properties: + oid: + description: |- + OID is the object identifier for the otherName SAN. + The object identifier must be expressed as a dotted string, for + example, "1.2.840.113556.1.4.221". + type: string + utf8Value: + description: |- + utf8Value is the string value of the otherName SAN. + The utf8Value accepts any valid UTF8 string to set as value for the otherName SAN. + type: string privateKey: - description: Options to control private keys used for the Certificate. + description: |- + Private key options. These include the key algorithm and size, the used + encoding and the rotation policy. type: object properties: algorithm: - description: Algorithm is the private key algorithm of the corresponding private key for this certificate. If provided, allowed values are either `RSA`,`Ed25519` or `ECDSA` If `algorithm` is specified and `size` is not provided, key size of 256 will be used for `ECDSA` key algorithm and key size of 2048 will be used for `RSA` key algorithm. key size is ignored when using the `Ed25519` key algorithm. + description: |- + Algorithm is the private key algorithm of the corresponding private key + for this certificate. + + + If provided, allowed values are either `RSA`, `ECDSA` or `Ed25519`. + If `algorithm` is specified and `size` is not provided, + key size of 2048 will be used for `RSA` key algorithm and + key size of 256 will be used for `ECDSA` key algorithm. + key size is ignored when using the `Ed25519` key algorithm. type: string enum: - RSA - ECDSA - Ed25519 encoding: - description: The private key cryptography standards (PKCS) encoding for this certificate's private key to be encoded in. If provided, allowed values are `PKCS1` and `PKCS8` standing for PKCS#1 and PKCS#8, respectively. Defaults to `PKCS1` if not specified. + description: |- + The private key cryptography standards (PKCS) encoding for this + certificate's private key to be encoded in. + + + If provided, allowed values are `PKCS1` and `PKCS8` standing for PKCS#1 + and PKCS#8, respectively. + Defaults to `PKCS1` if not specified. type: string enum: - PKCS1 - PKCS8 rotationPolicy: - description: RotationPolicy controls how private keys should be regenerated when a re-issuance is being processed. If set to Never, a private key will only be generated if one does not already exist in the target `spec.secretName`. If one does exists but it does not have the correct algorithm or size, a warning will be raised to await user intervention. If set to Always, a private key matching the specified requirements will be generated whenever a re-issuance occurs. Default is 'Never' for backward compatibility. + description: |- + RotationPolicy controls how private keys should be regenerated when a + re-issuance is being processed. + + + If set to `Never`, a private key will only be generated if one does not + already exist in the target `spec.secretName`. If one does exists but it + does not have the correct algorithm or size, a warning will be raised + to await user intervention. + If set to `Always`, a private key matching the specified requirements + will be generated whenever a re-issuance occurs. + Default is `Never` for backward compatibility. type: string enum: - Never - Always size: - description: Size is the key bit size of the corresponding private key for this certificate. If `algorithm` is set to `RSA`, valid values are `2048`, `4096` or `8192`, and will default to `2048` if not specified. If `algorithm` is set to `ECDSA`, valid values are `256`, `384` or `521`, and will default to `256` if not specified. If `algorithm` is set to `Ed25519`, Size is ignored. No other values are allowed. + description: |- + Size is the key bit size of the corresponding private key for this certificate. + + + If `algorithm` is set to `RSA`, valid values are `2048`, `4096` or `8192`, + and will default to `2048` if not specified. + If `algorithm` is set to `ECDSA`, valid values are `256`, `384` or `521`, + and will default to `256` if not specified. + If `algorithm` is set to `Ed25519`, Size is ignored. + No other values are allowed. type: integer renewBefore: - description: How long before the currently issued certificate's expiry cert-manager should renew the certificate. The default is 2/3 of the issued certificate's duration. Minimum accepted value is 5 minutes. Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration + description: |- + How long before the currently issued certificate's expiry cert-manager should + renew the certificate. For example, if a certificate is valid for 60 minutes, + and `renewBefore=10m`, cert-manager will begin to attempt to renew the certificate + 50 minutes after it was issued (i.e. when there are 10 minutes remaining until + the certificate is no longer valid). + + + NOTE: The actual lifetime of the issued certificate is used to determine the + renewal time. If an issuer returns a certificate with a different lifetime than + the one requested, cert-manager will use the lifetime of the issued certificate. + + + If unset, this defaults to 1/3 of the issued certificate's lifetime. + Minimum accepted value is 5 minutes. + Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration. type: string revisionHistoryLimit: - description: revisionHistoryLimit is the maximum number of CertificateRequest revisions that are maintained in the Certificate's history. Each revision represents a single `CertificateRequest` created by this Certificate, either when it was created, renewed, or Spec was changed. Revisions will be removed by oldest first if the number of revisions exceeds this number. If set, revisionHistoryLimit must be a value of `1` or greater. If unset (`nil`), revisions will not be garbage collected. Default value is `nil`. + description: |- + The maximum number of CertificateRequest revisions that are maintained in + the Certificate's history. Each revision represents a single `CertificateRequest` + created by this Certificate, either when it was created, renewed, or Spec + was changed. Revisions will be removed by oldest first if the number of + revisions exceeds this number. + + + If set, revisionHistoryLimit must be a value of `1` or greater. + If unset (`nil`), revisions will not be garbage collected. + Default value is `nil`. type: integer format: int32 secretName: - description: SecretName is the name of the secret resource that will be automatically created and managed by this Certificate resource. It will be populated with a private key and certificate, signed by the denoted issuer. + description: |- + Name of the Secret resource that will be automatically created and + managed by this Certificate resource. It will be populated with a + private key and certificate, signed by the denoted issuer. The Secret + resource lives in the same namespace as the Certificate resource. type: string secretTemplate: - description: SecretTemplate defines annotations and labels to be copied to the Certificate's Secret. Labels and annotations on the Secret will be changed as they appear on the SecretTemplate when added or removed. SecretTemplate annotations are added in conjunction with, and cannot overwrite, the base set of annotations cert-manager sets on the Certificate's Secret. + description: |- + Defines annotations and labels to be copied to the Certificate's Secret. + Labels and annotations on the Secret will be changed as they appear on the + SecretTemplate when added or removed. SecretTemplate annotations are added + in conjunction with, and cannot overwrite, the base set of annotations + cert-manager sets on the Certificate's Secret. type: object properties: annotations: @@ -423,7 +852,13 @@ spec: additionalProperties: type: string subject: - description: Full X509 name specification (https://golang.org/pkg/crypto/x509/pkix/#Name). + description: |- + Requested set of X509 certificate subject attributes. + More info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6 + + + The common name attribute is specified separately in the `commonName` field. + Cannot be set if the `literalSubject` field is set. type: object properties: countries: @@ -465,15 +900,52 @@ spec: items: type: string uris: - description: URIs is a list of URI subjectAltNames to be set on the Certificate. + description: Requested URI subject alternative names. type: array items: type: string usages: - description: Usages is the set of x509 usages that are requested for the certificate. Defaults to `digital signature` and `key encipherment` if not specified. + description: |- + Requested key usages and extended key usages. + These usages are used to set the `usages` field on the created CertificateRequest + resources. If `encodeUsagesInRequest` is unset or set to `true`, the usages + will additionally be encoded in the `request` field which contains the CSR blob. + + + If unset, defaults to `digital signature` and `key encipherment`. type: array items: - description: "KeyUsage specifies valid usage contexts for keys. See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12 \n Valid KeyUsage values are as follows: \"signing\", \"digital signature\", \"content commitment\", \"key encipherment\", \"key agreement\", \"data encipherment\", \"cert sign\", \"crl sign\", \"encipher only\", \"decipher only\", \"any\", \"server auth\", \"client auth\", \"code signing\", \"email protection\", \"s/mime\", \"ipsec end system\", \"ipsec tunnel\", \"ipsec user\", \"timestamping\", \"ocsp signing\", \"microsoft sgc\", \"netscape sgc\"" + description: |- + KeyUsage specifies valid usage contexts for keys. + See: + https://tools.ietf.org/html/rfc5280#section-4.2.1.3 + https://tools.ietf.org/html/rfc5280#section-4.2.1.12 + + + Valid KeyUsage values are as follows: + "signing", + "digital signature", + "content commitment", + "key encipherment", + "key agreement", + "data encipherment", + "cert sign", + "crl sign", + "encipher only", + "decipher only", + "any", + "server auth", + "client auth", + "code signing", + "email protection", + "s/mime", + "ipsec end system", + "ipsec tunnel", + "ipsec user", + "timestamping", + "ocsp signing", + "microsoft sgc", + "netscape sgc" type: string enum: - signing @@ -500,11 +972,17 @@ spec: - microsoft sgc - netscape sgc status: - description: Status of the Certificate. This is set and managed automatically. + description: |- + Status of the Certificate. + This is set and managed automatically. + Read-only. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status type: object properties: conditions: - description: List of status conditions to indicate the status of certificates. Known condition types are `Ready` and `Issuing`. + description: |- + List of status conditions to indicate the status of certificates. + Known condition types are `Ready` and `Issuing`. type: array items: description: CertificateCondition contains condition information for an Certificate. @@ -514,18 +992,29 @@ spec: - type properties: lastTransitionTime: - description: LastTransitionTime is the timestamp corresponding to the last status change of this condition. + description: |- + LastTransitionTime is the timestamp corresponding to the last status + change of this condition. type: string format: date-time message: - description: Message is a human readable description of the details of the last transition, complementing reason. + description: |- + Message is a human readable description of the details of the last + transition, complementing reason. type: string observedGeneration: - description: If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Certificate. + description: |- + If set, this represents the .metadata.generation that the condition was + set based upon. + For instance, if .metadata.generation is currently 12, but the + .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the Certificate. type: integer format: int64 reason: - description: Reason is a brief machine readable explanation for the condition's last transition. + description: |- + Reason is a brief machine readable explanation for the condition's last + transition. type: string status: description: Status of the condition, one of (`True`, `False`, `Unknown`). @@ -541,37 +1030,85 @@ spec: - type x-kubernetes-list-type: map failedIssuanceAttempts: - description: The number of continuous failed issuance attempts up till now. This field gets removed (if set) on a successful issuance and gets set to 1 if unset and an issuance has failed. If an issuance has failed, the delay till the next issuance will be calculated using formula time.Hour * 2 ^ (failedIssuanceAttempts - 1). + description: |- + The number of continuous failed issuance attempts up till now. This + field gets removed (if set) on a successful issuance and gets set to + 1 if unset and an issuance has failed. If an issuance has failed, the + delay till the next issuance will be calculated using formula + time.Hour * 2 ^ (failedIssuanceAttempts - 1). type: integer lastFailureTime: - description: LastFailureTime is set only if the lastest issuance for this Certificate failed and contains the time of the failure. If an issuance has failed, the delay till the next issuance will be calculated using formula time.Hour * 2 ^ (failedIssuanceAttempts - 1). If the latest issuance has succeeded this field will be unset. + description: |- + LastFailureTime is set only if the lastest issuance for this + Certificate failed and contains the time of the failure. If an + issuance has failed, the delay till the next issuance will be + calculated using formula time.Hour * 2 ^ (failedIssuanceAttempts - + 1). If the latest issuance has succeeded this field will be unset. type: string format: date-time nextPrivateKeySecretName: - description: The name of the Secret resource containing the private key to be used for the next certificate iteration. The keymanager controller will automatically set this field if the `Issuing` condition is set to `True`. It will automatically unset this field when the Issuing condition is not set or False. + description: |- + The name of the Secret resource containing the private key to be used + for the next certificate iteration. + The keymanager controller will automatically set this field if the + `Issuing` condition is set to `True`. + It will automatically unset this field when the Issuing condition is + not set or False. type: string notAfter: - description: The expiration time of the certificate stored in the secret named by this resource in `spec.secretName`. + description: |- + The expiration time of the certificate stored in the secret named + by this resource in `spec.secretName`. type: string format: date-time notBefore: - description: The time after which the certificate stored in the secret named by this resource in spec.secretName is valid. + description: |- + The time after which the certificate stored in the secret named + by this resource in `spec.secretName` is valid. type: string format: date-time renewalTime: - description: RenewalTime is the time at which the certificate will be next renewed. If not set, no upcoming renewal is scheduled. + description: |- + RenewalTime is the time at which the certificate will be next + renewed. + If not set, no upcoming renewal is scheduled. type: string format: date-time revision: - description: "The current 'revision' of the certificate as issued. \n When a CertificateRequest resource is created, it will have the `cert-manager.io/certificate-revision` set to one greater than the current value of this field. \n Upon issuance, this field will be set to the value of the annotation on the CertificateRequest resource used to issue the certificate. \n Persisting the value on the CertificateRequest resource allows the certificates controller to know whether a request is part of an old issuance or if it is part of the ongoing revision's issuance by checking if the revision value in the annotation is greater than this field." + description: |- + The current 'revision' of the certificate as issued. + + + When a CertificateRequest resource is created, it will have the + `cert-manager.io/certificate-revision` set to one greater than the + current value of this field. + + + Upon issuance, this field will be set to the value of the annotation + on the CertificateRequest resource used to issue the certificate. + + + Persisting the value on the CertificateRequest resource allows the + certificates controller to know whether a request is part of an old + issuance or if it is part of the ongoing revision's issuance by + checking if the revision value in the annotation is greater than this + field. type: integer served: true storage: true + +# END crd {{- end }} + --- +# START crd {{- if or .Values.crds.enabled .Values.installCRDs }} apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: challenges.acme.cert-manager.io + # START annotations {{- if .Values.crds.keep }} + annotations: + helm.sh/resource-policy: keep + # END annotations {{- end }} labels: app: '{{ template "cert-manager.name" . }}' app.kubernetes.io/name: '{{ template "cert-manager.name" . }}' @@ -614,10 +1151,19 @@ spec: - spec properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -634,13 +1180,23 @@ spec: - url properties: authorizationURL: - description: The URL to the ACME Authorization resource that this challenge is a part of. + description: |- + The URL to the ACME Authorization resource that this + challenge is a part of. type: string dnsName: - description: dnsName is the identifier that this challenge is for, e.g. example.com. If the requested DNSName is a 'wildcard', this field MUST be set to the non-wildcard domain, e.g. for `*.example.com`, it must be `example.com`. + description: |- + dnsName is the identifier that this challenge is for, e.g. example.com. + If the requested DNSName is a 'wildcard', this field MUST be set to the + non-wildcard domain, e.g. for `*.example.com`, it must be `example.com`. type: string issuerRef: - description: References a properly configured ACME-type Issuer which should be used to create this Challenge. If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer, an error will be returned and the Challenge will be marked as failed. + description: |- + References a properly configured ACME-type Issuer which should + be used to create this Challenge. + If the Issuer does not exist, processing will be retried. + If the Issuer is not an 'ACME' Issuer, an error will be returned and the + Challenge will be marked as failed. type: object required: - name @@ -655,34 +1211,54 @@ spec: description: Name of the resource being referred to. type: string key: - description: 'The ACME challenge key for this challenge For HTTP01 challenges, this is the value that must be responded with to complete the HTTP01 challenge in the format: `.`. For DNS01 challenges, this is the base64 encoded SHA256 sum of the `.` text that must be set as the TXT record content.' + description: |- + The ACME challenge key for this challenge + For HTTP01 challenges, this is the value that must be responded with to + complete the HTTP01 challenge in the format: + `.`. + For DNS01 challenges, this is the base64 encoded SHA256 sum of the + `.` + text that must be set as the TXT record content. type: string solver: - description: Contains the domain solving configuration that should be used to solve this challenge resource. + description: |- + Contains the domain solving configuration that should be used to + solve this challenge resource. type: object properties: dns01: - description: Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. + description: |- + Configures cert-manager to attempt to complete authorizations by + performing the DNS01 challenge flow. type: object properties: acmeDNS: - description: Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. + description: |- + Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage + DNS01 challenge records. type: object required: - accountSecretRef - host properties: accountSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource. + In some instances, `key` is a required field. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string host: type: string @@ -696,40 +1272,61 @@ spec: - serviceConsumerDomain properties: accessTokenSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource. + In some instances, `key` is a required field. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string clientSecretSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource. + In some instances, `key` is a required field. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string clientTokenSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource. + In some instances, `key` is a required field. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string serviceConsumerDomain: type: string @@ -741,19 +1338,30 @@ spec: - subscriptionID properties: clientID: - description: if both this and ClientSecret are left unset MSI will be used + description: |- + Auth: Azure Service Principal: + The ClientID of the Azure Service Principal used to authenticate with Azure DNS. + If set, ClientSecret and TenantID must also be set. type: string clientSecretSecretRef: - description: if both this and ClientID are left unset MSI will be used + description: |- + Auth: Azure Service Principal: + A reference to a Secret containing the password associated with the Service Principal. + If set, ClientID and TenantID must also be set. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string environment: description: name of the Azure environment (default AzurePublicCloud) @@ -767,14 +1375,19 @@ spec: description: name of the DNS zone that should be used type: string managedIdentity: - description: managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID + description: |- + Auth: Azure Workload Identity or Azure Managed Service Identity: + Settings to enable Azure Workload Identity or Azure Managed Service Identity + If set, ClientID, ClientSecret and TenantID must not be set. type: object properties: clientID: description: client ID of the managed identity, can not be used at the same time as resourceID type: string resourceID: - description: resource ID of the managed identity, can not be used at the same time as clientID + description: |- + resource ID of the managed identity, can not be used at the same time as clientID + Cannot be used for Azure Managed Service Identity type: string resourceGroupName: description: resource group the DNS zone is located in @@ -783,7 +1396,10 @@ spec: description: ID of the Azure subscription type: string tenantID: - description: when specifying ClientID and ClientSecret then this field is also needed + description: |- + Auth: Azure Service Principal: + The TenantID of the Azure Service Principal used to authenticate with Azure DNS. + If set, ClientID and ClientSecret must also be set. type: string cloudDNS: description: Use the Google Cloud DNS API to manage DNS01 challenge records. @@ -792,37 +1408,55 @@ spec: - project properties: hostedZoneName: - description: HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone. + description: |- + HostedZoneName is an optional field that tells cert-manager in which + Cloud DNS zone the challenge record has to be created. + If left empty cert-manager will automatically choose a zone. type: string project: type: string serviceAccountSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource. + In some instances, `key` is a required field. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string cloudflare: description: Use the Cloudflare API to manage DNS01 challenge records. type: object properties: apiKeySecretRef: - description: 'API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions.' + description: |- + API key to use to authenticate with Cloudflare. + Note: using an API token to authenticate is now the recommended method + as it allows greater control of permissions. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string apiTokenSecretRef: description: API token used to authenticate with Cloudflare. @@ -831,16 +1465,23 @@ spec: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string email: description: Email of the account, only required when using API key based authentication. type: string cnameStrategy: - description: CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones. + description: |- + CNAMEStrategy configures how the DNS01 provider should handle CNAME + records when found in DNS zones. type: string enum: - None @@ -852,43 +1493,69 @@ spec: - tokenSecretRef properties: tokenSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource. + In some instances, `key` is a required field. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string rfc2136: - description: Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. + description: |- + Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) + to manage DNS01 challenge records. type: object required: - nameserver properties: nameserver: - description: The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. + description: |- + The IP address or hostname of an authoritative DNS server supporting + RFC2136 in the form host:port. If the host is an IPv6 address it must be + enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. + This field is required. type: string tsigAlgorithm: - description: 'The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.' + description: |- + The TSIG Algorithm configured in the DNS supporting RFC2136. Used only + when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. + Supported values are (case-insensitive): ``HMACMD5`` (default), + ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``. type: string tsigKeyName: - description: The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. + description: |- + The TSIG Key name configured in the DNS. + If ``tsigSecretSecretRef`` is defined, this field is required. type: string tsigSecretSecretRef: - description: The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. + description: |- + The name of the secret containing the TSIG value. + If ``tsigKeyName`` is defined, this field is required. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string route53: description: Use the AWS Route53 API to manage DNS01 challenge records. @@ -897,20 +1564,71 @@ spec: - region properties: accessKeyID: - description: 'The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + description: |- + The AccessKeyID is used for authentication. + Cannot be set when SecretAccessKeyID is set. + If neither the Access Key nor Key ID are set, we fall-back to using env + vars, shared credentials file or AWS Instance metadata, + see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials type: string accessKeyIDSecretRef: - description: 'The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + description: |- + The SecretAccessKey is used for authentication. If set, pull the AWS + access key ID from a key within a Kubernetes Secret. + Cannot be set when AccessKeyID is set. + If neither the Access Key nor Key ID are set, we fall-back to using env + vars, shared credentials file or AWS Instance metadata, + see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string + auth: + description: Auth configures how cert-manager authenticates. + type: object + required: + - kubernetes + properties: + kubernetes: + description: |- + Kubernetes authenticates with Route53 using AssumeRoleWithWebIdentity + by passing a bound ServiceAccount token. + type: object + required: + - serviceAccountRef + properties: + serviceAccountRef: + description: |- + A reference to a service account that will be used to request a bound + token (also known as "projected token"). To use this field, you must + configure an RBAC rule to let cert-manager request a token. + type: object + required: + - name + properties: + audiences: + description: |- + TokenAudiences is an optional list of audiences to include in the + token passed to AWS. The default token consisting of the issuer's namespace + and name is always included. + If unset the audience defaults to `sts.amazonaws.com`. + type: array + items: + type: string + name: + description: Name of the ServiceAccount used to request a token. + type: string hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. type: string @@ -918,113 +1636,301 @@ spec: description: Always set the region when using AccessKeyID and SecretAccessKey type: string role: - description: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata + description: |- + Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey + or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata type: string secretAccessKeySecretRef: - description: 'The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + description: |- + The SecretAccessKey is used for authentication. + If neither the Access Key nor Key ID are set, we fall-back to using env + vars, shared credentials file or AWS Instance metadata, + see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string webhook: - description: Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. + description: |- + Configure an external webhook based DNS01 challenge solver to manage + DNS01 challenge records. type: object required: - groupName - solverName properties: config: - description: Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation. + description: |- + Additional configuration that should be passed to the webhook apiserver + when challenges are processed. + This can contain arbitrary JSON data. + Secret values should not be specified in this stanza. + If secret values are needed (e.g. credentials for a DNS service), you + should use a SecretKeySelector to reference a Secret resource. + For details on the schema of this field, consult the webhook provider + implementation's documentation. x-kubernetes-preserve-unknown-fields: true groupName: - description: The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation. + description: |- + The API group name that should be used when POSTing ChallengePayload + resources to the webhook apiserver. + This should be the same as the GroupName specified in the webhook + provider implementation. type: string solverName: - description: The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'. + description: |- + The name of the solver to use, as defined in the webhook provider + implementation. + This will typically be the name of the provider, e.g. 'cloudflare'. type: string http01: - description: Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + description: |- + Configures cert-manager to attempt to complete authorizations by + performing the HTTP01 challenge flow. + It is not possible to obtain certificates for wildcard domain names + (e.g. `*.example.com`) using the HTTP01 challenge mechanism. type: object properties: gatewayHTTPRoute: - description: The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. + description: |- + The Gateway API is a sig-network community API that models service networking + in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will + create HTTPRoutes with the specified labels in the same namespace as the challenge. + This solver is experimental, and fields / behaviour may change in the future. type: object properties: labels: - description: Custom labels that will be applied to HTTPRoutes created by cert-manager while solving HTTP-01 challenges. + description: |- + Custom labels that will be applied to HTTPRoutes created by cert-manager + while solving HTTP-01 challenges. type: object additionalProperties: type: string parentRefs: - description: 'When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways' + description: |- + When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. + cert-manager needs to know which parentRefs should be used when creating + the HTTPRoute. Usually, the parentRef references a Gateway. See: + https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways type: array items: - description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources, such as HTTPRoute. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid." + description: |- + ParentReference identifies an API object (usually a Gateway) that can be considered + a parent of this resource (usually a route). There are two kinds of parent resources + with "Core" support: + + + * Gateway (Gateway conformance profile) + * Service (Mesh conformance profile, ClusterIP Services only) + + + This API may be extended in the future to support additional kinds of parent + resources. + + + The API object must be valid in the cluster; the Group and Kind must + be registered in the cluster for this reference to be valid. type: object required: - name properties: group: - description: "Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core" + description: |- + Group is the group of the referent. + When unspecified, "gateway.networking.k8s.io" is inferred. + To set the core API group (such as for a "Service" kind referent), + Group must be explicitly set to "" (empty string). + + + Support: Core type: string default: gateway.networking.k8s.io maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ kind: - description: "Kind is kind of the referent. \n Support: Core (Gateway) \n Support: Implementation-specific (Other Resources)" + description: |- + Kind is kind of the referent. + + + There are two kinds of parent resources with "Core" support: + + + * Gateway (Gateway conformance profile) + * Service (Mesh conformance profile, ClusterIP Services only) + + + Support for other resources is Implementation-Specific. type: string default: Gateway maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ name: - description: "Name is the name of the referent. \n Support: Core" + description: |- + Name is the name of the referent. + + + Support: Core type: string maxLength: 253 minLength: 1 namespace: - description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n Support: Core" + description: |- + Namespace is the namespace of the referent. When unspecified, this refers + to the local namespace of the Route. + + + Note that there are specific rules for ParentRefs which cross namespace + boundaries. Cross-namespace references are only valid if they are explicitly + allowed by something in the namespace they are referring to. For example: + Gateway has the AllowedRoutes field, and ReferenceGrant provides a + generic way to enable any other kind of cross-namespace reference. + + + + ParentRefs from a Route to a Service in the same namespace are "producer" + routes, which apply default routing rules to inbound connections from + any namespace to the Service. + + + ParentRefs from a Route to a Service in a different namespace are + "consumer" routes, and these routing rules are only applied to outbound + connections originating from the same namespace as the Route, for which + the intended destination of the connections are a Service targeted as a + ParentRef of the Route. + + + + Support: Core type: string maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ port: - description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " + description: |- + Port is the network port this Route targets. It can be interpreted + differently based on the type of parent resource. + + + When the parent resource is a Gateway, this targets all listeners + listening on the specified port that also support this kind of Route(and + select this Route). It's not recommended to set `Port` unless the + networking behaviors specified in a Route must apply to a specific port + as opposed to a listener(s) whose port(s) may be changed. When both Port + and SectionName are specified, the name and port of the selected listener + must match both specified values. + + + + When the parent resource is a Service, this targets a specific port in the + Service spec. When both Port (experimental) and SectionName are specified, + the name and port of the selected port must match both specified values. + + + + Implementations MAY choose to support other parent resources. + Implementations supporting other types of parent resources MUST clearly + document how/if Port is interpreted. + + + For the purpose of status, an attachment is considered successful as + long as the parent resource accepts it partially. For example, Gateway + listeners can restrict which Routes can attach to them by Route kind, + namespace, or hostname. If 1 of 2 Gateway listeners accept attachment + from the referencing Route, the Route MUST be considered successfully + attached. If no Gateway listeners accept attachment from this Route, + the Route MUST be considered detached from the Gateway. + + + Support: Extended type: integer format: int32 maximum: 65535 minimum: 1 sectionName: - description: "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" + description: |- + SectionName is the name of a section within the target resource. In the + following resources, SectionName is interpreted as the following: + + + * Gateway: Listener name. When both Port (experimental) and SectionName + are specified, the name and port of the selected listener must match + both specified values. + * Service: Port name. When both Port (experimental) and SectionName + are specified, the name and port of the selected listener must match + both specified values. + + + Implementations MAY choose to support attaching Routes to other resources. + If that is the case, they MUST clearly document how SectionName is + interpreted. + + + When unspecified (empty string), this will reference the entire resource. + For the purpose of status, an attachment is considered successful if at + least one section in the parent resource accepts it. For example, Gateway + listeners can restrict which Routes can attach to them by Route kind, + namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from + the referencing Route, the Route MUST be considered successfully + attached. If no Gateway listeners accept attachment from this Route, the + Route MUST be considered detached from the Gateway. + + + Support: Core type: string maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ serviceType: - description: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + description: |- + Optional service type for Kubernetes solver service. Supported values + are NodePort or ClusterIP. If unset, defaults to NodePort. type: string ingress: - description: The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. + description: |- + The ingress based HTTP01 challenge solver will solve challenges by + creating or modifying Ingress resources in order to route requests for + '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are + provisioned by cert-manager for each Challenge to be completed. type: object properties: class: - description: This field configures the annotation `kubernetes.io/ingress.class` when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of `class`, `name` or `ingressClassName` may be specified. + description: |- + This field configures the annotation `kubernetes.io/ingress.class` when + creating Ingress resources to solve ACME challenges that use this + challenge solver. Only one of `class`, `name` or `ingressClassName` may + be specified. type: string ingressClassName: - description: This field configures the field `ingressClassName` on the created Ingress resources used to solve ACME challenges that use this challenge solver. This is the recommended way of configuring the ingress class. Only one of `class`, `name` or `ingressClassName` may be specified. + description: |- + This field configures the field `ingressClassName` on the created Ingress + resources used to solve ACME challenges that use this challenge solver. + This is the recommended way of configuring the ingress class. Only one of + `class`, `name` or `ingressClassName` may be specified. type: string ingressTemplate: - description: Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. + description: |- + Optional ingress template used to configure the ACME challenge solver + ingress used for HTTP01 challenges. type: object properties: metadata: - description: ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + description: |- + ObjectMeta overrides for the ingress used to solve HTTP01 challenges. + Only the 'labels' and 'annotations' fields may be set. + If labels or annotations overlap with in-built values, the values here + will override the in-built values. type: object properties: annotations: @@ -1038,14 +1944,26 @@ spec: additionalProperties: type: string name: - description: The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources. Only one of `class`, `name` or `ingressClassName` may be specified. + description: |- + The name of the ingress resource that should have ACME challenge solving + routes inserted into it in order to solve HTTP01 challenges. + This is typically used in conjunction with ingress controllers like + ingress-gce, which maintains a 1:1 mapping between external IPs and + ingress resources. Only one of `class`, `name` or `ingressClassName` may + be specified. type: string podTemplate: - description: Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. + description: |- + Optional pod template used to configure the ACME challenge solver pods + used for HTTP01 challenges. type: object properties: metadata: - description: ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + description: |- + ObjectMeta overrides for the pod used to solve HTTP01 challenges. + Only the 'labels' and 'annotations' fields may be set. + If labels or annotations overlap with in-built values, the values here + will override the in-built values. type: object properties: annotations: @@ -1059,7 +1977,10 @@ spec: additionalProperties: type: string spec: - description: PodSpec defines overrides for the HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. All other fields will be ignored. + description: |- + PodSpec defines overrides for the HTTP01 challenge solver pod. + Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. + All other fields will be ignored. type: object properties: affinity: @@ -1071,10 +1992,21 @@ spec: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. type: array items: - description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). type: object required: - preference @@ -1088,7 +2020,9 @@ spec: description: A list of node selector requirements by node's labels. type: array items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. type: object required: - key @@ -1098,18 +2032,29 @@ spec: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. type: array items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. type: object required: - key @@ -1119,20 +2064,35 @@ spec: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. type: integer format: int32 + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. type: object required: - nodeSelectorTerms @@ -1141,14 +2101,19 @@ spec: description: Required. A list of node selector terms. The terms are ORed. type: array items: - description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. type: object properties: matchExpressions: description: A list of node selector requirements by node's labels. type: array items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. type: object required: - key @@ -1158,18 +2123,29 @@ spec: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. type: array items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. type: object required: - key @@ -1179,21 +2155,40 @@ spec: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic x-kubernetes-map-type: atomic podAffinity: description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). type: object properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. type: array items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) @@ -1209,14 +2204,18 @@ spec: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. type: object required: - key @@ -1226,28 +2225,76 @@ spec: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. type: object properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. type: object required: - key @@ -1257,49 +2304,90 @@ spec: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object additionalProperties: type: string x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". type: array items: type: string + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. type: integer format: int32 + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. type: array items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running type: object required: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. type: object required: - key @@ -1309,28 +2397,76 @@ spec: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. type: object properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. type: object required: - key @@ -1340,33 +2476,64 @@ spec: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object additionalProperties: type: string x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". type: array items: type: string + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string + x-kubernetes-list-type: atomic podAntiAffinity: description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). type: object properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. type: array items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) @@ -1382,14 +2549,18 @@ spec: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. type: object required: - key @@ -1399,28 +2570,76 @@ spec: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. type: object properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. type: object required: - key @@ -1430,49 +2649,90 @@ spec: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object additionalProperties: type: string x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". type: array items: type: string + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. type: integer format: int32 + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. type: array items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running type: object required: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. type: object required: - key @@ -1482,28 +2742,76 @@ spec: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. type: object properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. type: object required: - key @@ -1513,40 +2821,75 @@ spec: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object additionalProperties: type: string x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". type: array items: type: string + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string + x-kubernetes-list-type: atomic imagePullSecrets: description: If specified, the pod's imagePullSecrets type: array items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. type: object properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string + default: "" x-kubernetes-map-type: atomic nodeSelector: - description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ type: object additionalProperties: type: string @@ -1560,76 +2903,141 @@ spec: description: If specified, the pod's tolerations. type: array items: - description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . type: object properties: effect: - description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: - description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. type: integer format: int64 value: - description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. type: string serviceType: - description: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + description: |- + Optional service type for Kubernetes solver service. Supported values + are NodePort or ClusterIP. If unset, defaults to NodePort. type: string selector: - description: Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. + description: |- + Selector selects a set of DNSNames on the Certificate resource that + should be solved using this challenge solver. + If not specified, the solver will be treated as the 'default' solver + with the lowest priority, i.e. if any other solver has a more specific + match, it will be used instead. type: object properties: dnsNames: - description: List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + description: |- + List of DNSNames that this solver will be used to solve. + If specified and a match is found, a dnsNames selector will take + precedence over a dnsZones selector. + If multiple solvers match with the same dnsNames value, the solver + with the most matching labels in matchLabels will be selected. + If neither has more matches, the solver defined earlier in the list + will be selected. type: array items: type: string dnsZones: - description: List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + description: |- + List of DNSZones that this solver will be used to solve. + The most specific DNS zone match specified here will take precedence + over other DNS zone matches, so a solver specifying sys.example.com + will be selected over one specifying example.com for the domain + www.sys.example.com. + If multiple solvers match with the same dnsZones value, the solver + with the most matching labels in matchLabels will be selected. + If neither has more matches, the solver defined earlier in the list + will be selected. type: array items: type: string matchLabels: - description: A label selector that is used to refine the set of certificate's that this challenge solver will apply to. + description: |- + A label selector that is used to refine the set of certificate's that + this challenge solver will apply to. type: object additionalProperties: type: string token: - description: The ACME challenge token for this challenge. This is the raw value returned from the ACME server. + description: |- + The ACME challenge token for this challenge. + This is the raw value returned from the ACME server. type: string type: - description: The type of ACME challenge this resource represents. One of "HTTP-01" or "DNS-01". + description: |- + The type of ACME challenge this resource represents. + One of "HTTP-01" or "DNS-01". type: string enum: - HTTP-01 - DNS-01 url: - description: The URL of the ACME Challenge resource for this challenge. This can be used to lookup details about the status of this challenge. + description: |- + The URL of the ACME Challenge resource for this challenge. + This can be used to lookup details about the status of this challenge. type: string wildcard: - description: wildcard will be true if this challenge is for a wildcard identifier, for example '*.example.com'. + description: |- + wildcard will be true if this challenge is for a wildcard identifier, + for example '*.example.com'. type: boolean status: type: object properties: presented: - description: presented will be set to true if the challenge values for this challenge are currently 'presented'. This *does not* imply the self check is passing. Only that the values have been 'submitted' for the appropriate challenge mechanism (i.e. the DNS01 TXT record has been presented, or the HTTP01 configuration has been configured). + description: |- + presented will be set to true if the challenge values for this challenge + are currently 'presented'. + This *does not* imply the self check is passing. Only that the values + have been 'submitted' for the appropriate challenge mechanism (i.e. the + DNS01 TXT record has been presented, or the HTTP01 configuration has been + configured). type: boolean processing: - description: Used to denote whether this challenge should be processed or not. This field will only be set to true by the 'scheduling' component. It will only be set to false by the 'challenges' controller, after the challenge has reached a final state or timed out. If this field is set to false, the challenge controller will not take any more action. + description: |- + Used to denote whether this challenge should be processed or not. + This field will only be set to true by the 'scheduling' component. + It will only be set to false by the 'challenges' controller, after the + challenge has reached a final state or timed out. + If this field is set to false, the challenge controller will not take + any more action. type: boolean reason: - description: Contains human readable information on why the Challenge is in the current state. + description: |- + Contains human readable information on why the Challenge is in the + current state. type: string state: - description: Contains the current 'state' of the challenge. If not set, the state of the challenge is unknown. + description: |- + Contains the current 'state' of the challenge. + If not set, the state of the challenge is unknown. type: string enum: - valid @@ -1643,15 +3051,23 @@ spec: storage: true subresources: status: {} + +# END crd {{- end }} + --- +# START crd {{- if or .Values.crds.enabled .Values.installCRDs }} apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: clusterissuers.cert-manager.io + # START annotations {{- if .Values.crds.keep }} + annotations: + helm.sh/resource-policy: keep + # END annotations {{- end }} labels: app: '{{ template "cert-manager.name" . }}' app.kubernetes.io/name: '{{ template "cert-manager.name" . }}' - app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/instance: '{{ .Release.Name }}' # Generated labels {{- include "labels" . | nindent 4 }} spec: group: cert-manager.io @@ -1681,16 +3097,30 @@ spec: type: date schema: openAPIV3Schema: - description: A ClusterIssuer represents a certificate issuing authority which can be referenced as part of `issuerRef` fields. It is similar to an Issuer, however it is cluster-scoped and therefore can be referenced by resources that exist in *any* namespace, not just the same namespace as the referent. + description: |- + A ClusterIssuer represents a certificate issuing authority which can be + referenced as part of `issuerRef` fields. + It is similar to an Issuer, however it is cluster-scoped and therefore can + be referenced by resources that exist in *any* namespace, not just the same + namespace as the referent. type: object required: - spec properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -1699,34 +3129,65 @@ spec: type: object properties: acme: - description: ACME configures this issuer to communicate with a RFC8555 (ACME) server to obtain signed x509 certificates. + description: |- + ACME configures this issuer to communicate with a RFC8555 (ACME) server + to obtain signed x509 certificates. type: object required: - privateKeySecretRef - server properties: caBundle: - description: Base64-encoded bundle of PEM CAs which can be used to validate the certificate chain presented by the ACME server. Mutually exclusive with SkipTLSVerify; prefer using CABundle to prevent various kinds of security vulnerabilities. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. + description: |- + Base64-encoded bundle of PEM CAs which can be used to validate the certificate + chain presented by the ACME server. + Mutually exclusive with SkipTLSVerify; prefer using CABundle to prevent various + kinds of security vulnerabilities. + If CABundle and SkipTLSVerify are unset, the system certificate bundle inside + the container is used to validate the TLS connection. type: string format: byte disableAccountKeyGeneration: - description: Enables or disables generating a new ACME account key. If true, the Issuer resource will *not* request a new account but will expect the account key to be supplied via an existing secret. If false, the cert-manager system will generate a new ACME account key for the Issuer. Defaults to false. + description: |- + Enables or disables generating a new ACME account key. + If true, the Issuer resource will *not* request a new account but will expect + the account key to be supplied via an existing secret. + If false, the cert-manager system will generate a new ACME account key + for the Issuer. + Defaults to false. type: boolean email: - description: Email is the email address to be associated with the ACME account. This field is optional, but it is strongly recommended to be set. It will be used to contact you in case of issues with your account or certificates, including expiry notification emails. This field may be updated after the account is initially registered. + description: |- + Email is the email address to be associated with the ACME account. + This field is optional, but it is strongly recommended to be set. + It will be used to contact you in case of issues with your account or + certificates, including expiry notification emails. + This field may be updated after the account is initially registered. type: string enableDurationFeature: - description: Enables requesting a Not After date on certificates that matches the duration of the certificate. This is not supported by all ACME servers like Let's Encrypt. If set to true when the ACME server does not support it it will create an error on the Order. Defaults to false. + description: |- + Enables requesting a Not After date on certificates that matches the + duration of the certificate. This is not supported by all ACME servers + like Let's Encrypt. If set to true when the ACME server does not support + it, it will create an error on the Order. + Defaults to false. type: boolean externalAccountBinding: - description: ExternalAccountBinding is a reference to a CA external account of the ACME server. If set, upon registration cert-manager will attempt to associate the given external account credentials with the registered ACME account. + description: |- + ExternalAccountBinding is a reference to a CA external account of the ACME + server. + If set, upon registration cert-manager will attempt to associate the given + external account credentials with the registered ACME account. type: object required: - keyID - keySecretRef properties: keyAlgorithm: - description: 'Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme.' + description: |- + Deprecated: keyAlgorithm field exists for historical compatibility + reasons and should not be used. The algorithm is now hardcoded to HS256 + in golang/x/crypto/acme. type: string enum: - HS256 @@ -1736,68 +3197,130 @@ spec: description: keyID is the ID of the CA key that the External Account is bound to. type: string keySecretRef: - description: keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes Secret which holds the symmetric MAC key of the External Account Binding. The `key` is the index string that is paired with the key data in the Secret and should not be confused with the key data itself, or indeed with the External Account Binding keyID above. The secret key stored in the Secret **must** be un-padded, base64 URL encoded data. + description: |- + keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes + Secret which holds the symmetric MAC key of the External Account Binding. + The `key` is the index string that is paired with the key data in the + Secret and should not be confused with the key data itself, or indeed with + the External Account Binding keyID above. + The secret key stored in the Secret **must** be un-padded, base64 URL + encoded data. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string preferredChain: - description: 'PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let''s Encrypt''s DST crosssign you would use: "DST Root CA X3" or "ISRG Root X1" for the newer Let''s Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer''s CN' + description: |- + PreferredChain is the chain to use if the ACME server outputs multiple. + PreferredChain is no guarantee that this one gets delivered by the ACME + endpoint. + For example, for Let's Encrypt's DST crosssign you would use: + "DST Root CA X3" or "ISRG Root X1" for the newer Let's Encrypt root CA. + This value picks the first certificate bundle in the combined set of + ACME default and alternative chains that has a root-most certificate with + this value as its issuer's commonname. type: string maxLength: 64 privateKeySecretRef: - description: PrivateKey is the name of a Kubernetes Secret resource that will be used to store the automatically generated ACME account private key. Optionally, a `key` may be specified to select a specific entry within the named Secret resource. If `key` is not specified, a default of `tls.key` will be used. + description: |- + PrivateKey is the name of a Kubernetes Secret resource that will be used to + store the automatically generated ACME account private key. + Optionally, a `key` may be specified to select a specific entry within + the named Secret resource. + If `key` is not specified, a default of `tls.key` will be used. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string server: - description: 'Server is the URL used to access the ACME server''s ''directory'' endpoint. For example, for Let''s Encrypt''s staging endpoint, you would use: "https://acme-staging-v02.api.letsencrypt.org/directory". Only ACME v2 endpoints (i.e. RFC 8555) are supported.' + description: |- + Server is the URL used to access the ACME server's 'directory' endpoint. + For example, for Let's Encrypt's staging endpoint, you would use: + "https://acme-staging-v02.api.letsencrypt.org/directory". + Only ACME v2 endpoints (i.e. RFC 8555) are supported. type: string skipTLSVerify: - description: 'INSECURE: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have the TLS certificate chain validated. Mutually exclusive with CABundle; prefer using CABundle to prevent various kinds of security vulnerabilities. Only enable this option in development environments. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. Defaults to false.' + description: |- + INSECURE: Enables or disables validation of the ACME server TLS certificate. + If true, requests to the ACME server will not have the TLS certificate chain + validated. + Mutually exclusive with CABundle; prefer using CABundle to prevent various + kinds of security vulnerabilities. + Only enable this option in development environments. + If CABundle and SkipTLSVerify are unset, the system certificate bundle inside + the container is used to validate the TLS connection. + Defaults to false. type: boolean solvers: - description: 'Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/' + description: |- + Solvers is a list of challenge solvers that will be used to solve + ACME challenges for the matching domains. + Solver configurations must be provided in order to obtain certificates + from an ACME server. + For more information, see: https://cert-manager.io/docs/configuration/acme/ type: array items: - description: An ACMEChallengeSolver describes how to solve ACME challenges for the issuer it is part of. A selector may be provided to use different solving strategies for different DNS names. Only one of HTTP01 or DNS01 must be provided. + description: |- + An ACMEChallengeSolver describes how to solve ACME challenges for the issuer it is part of. + A selector may be provided to use different solving strategies for different DNS names. + Only one of HTTP01 or DNS01 must be provided. type: object properties: dns01: - description: Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. + description: |- + Configures cert-manager to attempt to complete authorizations by + performing the DNS01 challenge flow. type: object properties: acmeDNS: - description: Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. + description: |- + Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage + DNS01 challenge records. type: object required: - accountSecretRef - host properties: accountSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource. + In some instances, `key` is a required field. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string host: type: string @@ -1811,40 +3334,61 @@ spec: - serviceConsumerDomain properties: accessTokenSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource. + In some instances, `key` is a required field. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string clientSecretSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource. + In some instances, `key` is a required field. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string clientTokenSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource. + In some instances, `key` is a required field. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string serviceConsumerDomain: type: string @@ -1856,19 +3400,30 @@ spec: - subscriptionID properties: clientID: - description: if both this and ClientSecret are left unset MSI will be used + description: |- + Auth: Azure Service Principal: + The ClientID of the Azure Service Principal used to authenticate with Azure DNS. + If set, ClientSecret and TenantID must also be set. type: string clientSecretSecretRef: - description: if both this and ClientID are left unset MSI will be used + description: |- + Auth: Azure Service Principal: + A reference to a Secret containing the password associated with the Service Principal. + If set, ClientID and TenantID must also be set. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string environment: description: name of the Azure environment (default AzurePublicCloud) @@ -1882,14 +3437,19 @@ spec: description: name of the DNS zone that should be used type: string managedIdentity: - description: managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID + description: |- + Auth: Azure Workload Identity or Azure Managed Service Identity: + Settings to enable Azure Workload Identity or Azure Managed Service Identity + If set, ClientID, ClientSecret and TenantID must not be set. type: object properties: clientID: description: client ID of the managed identity, can not be used at the same time as resourceID type: string resourceID: - description: resource ID of the managed identity, can not be used at the same time as clientID + description: |- + resource ID of the managed identity, can not be used at the same time as clientID + Cannot be used for Azure Managed Service Identity type: string resourceGroupName: description: resource group the DNS zone is located in @@ -1898,7 +3458,10 @@ spec: description: ID of the Azure subscription type: string tenantID: - description: when specifying ClientID and ClientSecret then this field is also needed + description: |- + Auth: Azure Service Principal: + The TenantID of the Azure Service Principal used to authenticate with Azure DNS. + If set, ClientID and ClientSecret must also be set. type: string cloudDNS: description: Use the Google Cloud DNS API to manage DNS01 challenge records. @@ -1907,37 +3470,55 @@ spec: - project properties: hostedZoneName: - description: HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone. + description: |- + HostedZoneName is an optional field that tells cert-manager in which + Cloud DNS zone the challenge record has to be created. + If left empty cert-manager will automatically choose a zone. type: string project: type: string serviceAccountSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource. + In some instances, `key` is a required field. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string cloudflare: description: Use the Cloudflare API to manage DNS01 challenge records. type: object properties: apiKeySecretRef: - description: 'API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions.' + description: |- + API key to use to authenticate with Cloudflare. + Note: using an API token to authenticate is now the recommended method + as it allows greater control of permissions. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string apiTokenSecretRef: description: API token used to authenticate with Cloudflare. @@ -1946,16 +3527,23 @@ spec: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string email: description: Email of the account, only required when using API key based authentication. type: string cnameStrategy: - description: CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones. + description: |- + CNAMEStrategy configures how the DNS01 provider should handle CNAME + records when found in DNS zones. type: string enum: - None @@ -1967,43 +3555,69 @@ spec: - tokenSecretRef properties: tokenSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource. + In some instances, `key` is a required field. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string rfc2136: - description: Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. + description: |- + Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) + to manage DNS01 challenge records. type: object required: - nameserver properties: nameserver: - description: The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. + description: |- + The IP address or hostname of an authoritative DNS server supporting + RFC2136 in the form host:port. If the host is an IPv6 address it must be + enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. + This field is required. type: string tsigAlgorithm: - description: 'The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.' + description: |- + The TSIG Algorithm configured in the DNS supporting RFC2136. Used only + when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. + Supported values are (case-insensitive): ``HMACMD5`` (default), + ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``. type: string tsigKeyName: - description: The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. + description: |- + The TSIG Key name configured in the DNS. + If ``tsigSecretSecretRef`` is defined, this field is required. type: string tsigSecretSecretRef: - description: The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. + description: |- + The name of the secret containing the TSIG value. + If ``tsigKeyName`` is defined, this field is required. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string route53: description: Use the AWS Route53 API to manage DNS01 challenge records. @@ -2012,20 +3626,71 @@ spec: - region properties: accessKeyID: - description: 'The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + description: |- + The AccessKeyID is used for authentication. + Cannot be set when SecretAccessKeyID is set. + If neither the Access Key nor Key ID are set, we fall-back to using env + vars, shared credentials file or AWS Instance metadata, + see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials type: string accessKeyIDSecretRef: - description: 'The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + description: |- + The SecretAccessKey is used for authentication. If set, pull the AWS + access key ID from a key within a Kubernetes Secret. + Cannot be set when AccessKeyID is set. + If neither the Access Key nor Key ID are set, we fall-back to using env + vars, shared credentials file or AWS Instance metadata, + see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string + auth: + description: Auth configures how cert-manager authenticates. + type: object + required: + - kubernetes + properties: + kubernetes: + description: |- + Kubernetes authenticates with Route53 using AssumeRoleWithWebIdentity + by passing a bound ServiceAccount token. + type: object + required: + - serviceAccountRef + properties: + serviceAccountRef: + description: |- + A reference to a service account that will be used to request a bound + token (also known as "projected token"). To use this field, you must + configure an RBAC rule to let cert-manager request a token. + type: object + required: + - name + properties: + audiences: + description: |- + TokenAudiences is an optional list of audiences to include in the + token passed to AWS. The default token consisting of the issuer's namespace + and name is always included. + If unset the audience defaults to `sts.amazonaws.com`. + type: array + items: + type: string + name: + description: Name of the ServiceAccount used to request a token. + type: string hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. type: string @@ -2033,113 +3698,301 @@ spec: description: Always set the region when using AccessKeyID and SecretAccessKey type: string role: - description: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata + description: |- + Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey + or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata type: string secretAccessKeySecretRef: - description: 'The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + description: |- + The SecretAccessKey is used for authentication. + If neither the Access Key nor Key ID are set, we fall-back to using env + vars, shared credentials file or AWS Instance metadata, + see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string webhook: - description: Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. + description: |- + Configure an external webhook based DNS01 challenge solver to manage + DNS01 challenge records. type: object required: - groupName - solverName properties: config: - description: Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation. + description: |- + Additional configuration that should be passed to the webhook apiserver + when challenges are processed. + This can contain arbitrary JSON data. + Secret values should not be specified in this stanza. + If secret values are needed (e.g. credentials for a DNS service), you + should use a SecretKeySelector to reference a Secret resource. + For details on the schema of this field, consult the webhook provider + implementation's documentation. x-kubernetes-preserve-unknown-fields: true groupName: - description: The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation. + description: |- + The API group name that should be used when POSTing ChallengePayload + resources to the webhook apiserver. + This should be the same as the GroupName specified in the webhook + provider implementation. type: string solverName: - description: The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'. + description: |- + The name of the solver to use, as defined in the webhook provider + implementation. + This will typically be the name of the provider, e.g. 'cloudflare'. type: string http01: - description: Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + description: |- + Configures cert-manager to attempt to complete authorizations by + performing the HTTP01 challenge flow. + It is not possible to obtain certificates for wildcard domain names + (e.g. `*.example.com`) using the HTTP01 challenge mechanism. type: object properties: gatewayHTTPRoute: - description: The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. + description: |- + The Gateway API is a sig-network community API that models service networking + in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will + create HTTPRoutes with the specified labels in the same namespace as the challenge. + This solver is experimental, and fields / behaviour may change in the future. type: object properties: labels: - description: Custom labels that will be applied to HTTPRoutes created by cert-manager while solving HTTP-01 challenges. + description: |- + Custom labels that will be applied to HTTPRoutes created by cert-manager + while solving HTTP-01 challenges. type: object additionalProperties: type: string parentRefs: - description: 'When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways' + description: |- + When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. + cert-manager needs to know which parentRefs should be used when creating + the HTTPRoute. Usually, the parentRef references a Gateway. See: + https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways type: array items: - description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources, such as HTTPRoute. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid." + description: |- + ParentReference identifies an API object (usually a Gateway) that can be considered + a parent of this resource (usually a route). There are two kinds of parent resources + with "Core" support: + + + * Gateway (Gateway conformance profile) + * Service (Mesh conformance profile, ClusterIP Services only) + + + This API may be extended in the future to support additional kinds of parent + resources. + + + The API object must be valid in the cluster; the Group and Kind must + be registered in the cluster for this reference to be valid. type: object required: - name properties: group: - description: "Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core" + description: |- + Group is the group of the referent. + When unspecified, "gateway.networking.k8s.io" is inferred. + To set the core API group (such as for a "Service" kind referent), + Group must be explicitly set to "" (empty string). + + + Support: Core type: string default: gateway.networking.k8s.io maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ kind: - description: "Kind is kind of the referent. \n Support: Core (Gateway) \n Support: Implementation-specific (Other Resources)" + description: |- + Kind is kind of the referent. + + + There are two kinds of parent resources with "Core" support: + + + * Gateway (Gateway conformance profile) + * Service (Mesh conformance profile, ClusterIP Services only) + + + Support for other resources is Implementation-Specific. type: string default: Gateway maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ name: - description: "Name is the name of the referent. \n Support: Core" + description: |- + Name is the name of the referent. + + + Support: Core type: string maxLength: 253 minLength: 1 namespace: - description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n Support: Core" + description: |- + Namespace is the namespace of the referent. When unspecified, this refers + to the local namespace of the Route. + + + Note that there are specific rules for ParentRefs which cross namespace + boundaries. Cross-namespace references are only valid if they are explicitly + allowed by something in the namespace they are referring to. For example: + Gateway has the AllowedRoutes field, and ReferenceGrant provides a + generic way to enable any other kind of cross-namespace reference. + + + + ParentRefs from a Route to a Service in the same namespace are "producer" + routes, which apply default routing rules to inbound connections from + any namespace to the Service. + + + ParentRefs from a Route to a Service in a different namespace are + "consumer" routes, and these routing rules are only applied to outbound + connections originating from the same namespace as the Route, for which + the intended destination of the connections are a Service targeted as a + ParentRef of the Route. + + + + Support: Core type: string maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ port: - description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " + description: |- + Port is the network port this Route targets. It can be interpreted + differently based on the type of parent resource. + + + When the parent resource is a Gateway, this targets all listeners + listening on the specified port that also support this kind of Route(and + select this Route). It's not recommended to set `Port` unless the + networking behaviors specified in a Route must apply to a specific port + as opposed to a listener(s) whose port(s) may be changed. When both Port + and SectionName are specified, the name and port of the selected listener + must match both specified values. + + + + When the parent resource is a Service, this targets a specific port in the + Service spec. When both Port (experimental) and SectionName are specified, + the name and port of the selected port must match both specified values. + + + + Implementations MAY choose to support other parent resources. + Implementations supporting other types of parent resources MUST clearly + document how/if Port is interpreted. + + + For the purpose of status, an attachment is considered successful as + long as the parent resource accepts it partially. For example, Gateway + listeners can restrict which Routes can attach to them by Route kind, + namespace, or hostname. If 1 of 2 Gateway listeners accept attachment + from the referencing Route, the Route MUST be considered successfully + attached. If no Gateway listeners accept attachment from this Route, + the Route MUST be considered detached from the Gateway. + + + Support: Extended type: integer format: int32 maximum: 65535 minimum: 1 sectionName: - description: "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" + description: |- + SectionName is the name of a section within the target resource. In the + following resources, SectionName is interpreted as the following: + + + * Gateway: Listener name. When both Port (experimental) and SectionName + are specified, the name and port of the selected listener must match + both specified values. + * Service: Port name. When both Port (experimental) and SectionName + are specified, the name and port of the selected listener must match + both specified values. + + + Implementations MAY choose to support attaching Routes to other resources. + If that is the case, they MUST clearly document how SectionName is + interpreted. + + + When unspecified (empty string), this will reference the entire resource. + For the purpose of status, an attachment is considered successful if at + least one section in the parent resource accepts it. For example, Gateway + listeners can restrict which Routes can attach to them by Route kind, + namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from + the referencing Route, the Route MUST be considered successfully + attached. If no Gateway listeners accept attachment from this Route, the + Route MUST be considered detached from the Gateway. + + + Support: Core type: string maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ serviceType: - description: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + description: |- + Optional service type for Kubernetes solver service. Supported values + are NodePort or ClusterIP. If unset, defaults to NodePort. type: string ingress: - description: The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. + description: |- + The ingress based HTTP01 challenge solver will solve challenges by + creating or modifying Ingress resources in order to route requests for + '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are + provisioned by cert-manager for each Challenge to be completed. type: object properties: class: - description: This field configures the annotation `kubernetes.io/ingress.class` when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of `class`, `name` or `ingressClassName` may be specified. + description: |- + This field configures the annotation `kubernetes.io/ingress.class` when + creating Ingress resources to solve ACME challenges that use this + challenge solver. Only one of `class`, `name` or `ingressClassName` may + be specified. type: string ingressClassName: - description: This field configures the field `ingressClassName` on the created Ingress resources used to solve ACME challenges that use this challenge solver. This is the recommended way of configuring the ingress class. Only one of `class`, `name` or `ingressClassName` may be specified. + description: |- + This field configures the field `ingressClassName` on the created Ingress + resources used to solve ACME challenges that use this challenge solver. + This is the recommended way of configuring the ingress class. Only one of + `class`, `name` or `ingressClassName` may be specified. type: string ingressTemplate: - description: Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. + description: |- + Optional ingress template used to configure the ACME challenge solver + ingress used for HTTP01 challenges. type: object properties: metadata: - description: ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + description: |- + ObjectMeta overrides for the ingress used to solve HTTP01 challenges. + Only the 'labels' and 'annotations' fields may be set. + If labels or annotations overlap with in-built values, the values here + will override the in-built values. type: object properties: annotations: @@ -2153,14 +4006,26 @@ spec: additionalProperties: type: string name: - description: The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources. Only one of `class`, `name` or `ingressClassName` may be specified. + description: |- + The name of the ingress resource that should have ACME challenge solving + routes inserted into it in order to solve HTTP01 challenges. + This is typically used in conjunction with ingress controllers like + ingress-gce, which maintains a 1:1 mapping between external IPs and + ingress resources. Only one of `class`, `name` or `ingressClassName` may + be specified. type: string podTemplate: - description: Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. + description: |- + Optional pod template used to configure the ACME challenge solver pods + used for HTTP01 challenges. type: object properties: metadata: - description: ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + description: |- + ObjectMeta overrides for the pod used to solve HTTP01 challenges. + Only the 'labels' and 'annotations' fields may be set. + If labels or annotations overlap with in-built values, the values here + will override the in-built values. type: object properties: annotations: @@ -2174,7 +4039,10 @@ spec: additionalProperties: type: string spec: - description: PodSpec defines overrides for the HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. All other fields will be ignored. + description: |- + PodSpec defines overrides for the HTTP01 challenge solver pod. + Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. + All other fields will be ignored. type: object properties: affinity: @@ -2186,10 +4054,21 @@ spec: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. type: array items: - description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). type: object required: - preference @@ -2203,7 +4082,9 @@ spec: description: A list of node selector requirements by node's labels. type: array items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. type: object required: - key @@ -2213,18 +4094,29 @@ spec: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. type: array items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. type: object required: - key @@ -2234,20 +4126,35 @@ spec: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. type: integer format: int32 + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. type: object required: - nodeSelectorTerms @@ -2256,14 +4163,19 @@ spec: description: Required. A list of node selector terms. The terms are ORed. type: array items: - description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. type: object properties: matchExpressions: description: A list of node selector requirements by node's labels. type: array items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. type: object required: - key @@ -2273,18 +4185,29 @@ spec: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. type: array items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. type: object required: - key @@ -2294,21 +4217,40 @@ spec: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic x-kubernetes-map-type: atomic podAffinity: description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). type: object properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. type: array items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) @@ -2324,14 +4266,18 @@ spec: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. type: object required: - key @@ -2341,28 +4287,76 @@ spec: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. type: object properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. type: object required: - key @@ -2372,49 +4366,90 @@ spec: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object additionalProperties: type: string x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". type: array items: type: string + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. type: integer format: int32 + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. type: array items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running type: object required: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. type: object required: - key @@ -2424,28 +4459,76 @@ spec: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. type: object properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. type: object required: - key @@ -2455,33 +4538,64 @@ spec: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object additionalProperties: type: string x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". type: array items: type: string + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string + x-kubernetes-list-type: atomic podAntiAffinity: description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). type: object properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. type: array items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) @@ -2497,14 +4611,18 @@ spec: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. type: object required: - key @@ -2514,28 +4632,76 @@ spec: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. type: object properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. type: object required: - key @@ -2545,49 +4711,90 @@ spec: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object additionalProperties: type: string x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". type: array items: type: string + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. type: integer format: int32 + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. type: array items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running type: object required: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. type: object required: - key @@ -2597,28 +4804,76 @@ spec: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. type: object properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. type: object required: - key @@ -2628,40 +4883,75 @@ spec: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object additionalProperties: type: string x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". type: array items: type: string + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string + x-kubernetes-list-type: atomic imagePullSecrets: description: If specified, the pod's imagePullSecrets type: array items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. type: object properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string + default: "" x-kubernetes-map-type: atomic nodeSelector: - description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ type: object additionalProperties: type: string @@ -2675,77 +4965,146 @@ spec: description: If specified, the pod's tolerations. type: array items: - description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . type: object properties: effect: - description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: - description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. type: integer format: int64 value: - description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. type: string serviceType: - description: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + description: |- + Optional service type for Kubernetes solver service. Supported values + are NodePort or ClusterIP. If unset, defaults to NodePort. type: string selector: - description: Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. + description: |- + Selector selects a set of DNSNames on the Certificate resource that + should be solved using this challenge solver. + If not specified, the solver will be treated as the 'default' solver + with the lowest priority, i.e. if any other solver has a more specific + match, it will be used instead. type: object properties: dnsNames: - description: List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + description: |- + List of DNSNames that this solver will be used to solve. + If specified and a match is found, a dnsNames selector will take + precedence over a dnsZones selector. + If multiple solvers match with the same dnsNames value, the solver + with the most matching labels in matchLabels will be selected. + If neither has more matches, the solver defined earlier in the list + will be selected. type: array items: type: string dnsZones: - description: List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + description: |- + List of DNSZones that this solver will be used to solve. + The most specific DNS zone match specified here will take precedence + over other DNS zone matches, so a solver specifying sys.example.com + will be selected over one specifying example.com for the domain + www.sys.example.com. + If multiple solvers match with the same dnsZones value, the solver + with the most matching labels in matchLabels will be selected. + If neither has more matches, the solver defined earlier in the list + will be selected. type: array items: type: string matchLabels: - description: A label selector that is used to refine the set of certificate's that this challenge solver will apply to. + description: |- + A label selector that is used to refine the set of certificate's that + this challenge solver will apply to. type: object additionalProperties: type: string ca: - description: CA configures this issuer to sign certificates using a signing CA keypair stored in a Secret resource. This is used to build internal PKIs that are managed by cert-manager. + description: |- + CA configures this issuer to sign certificates using a signing CA keypair + stored in a Secret resource. + This is used to build internal PKIs that are managed by cert-manager. type: object required: - secretName properties: crlDistributionPoints: - description: The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set, certificates will be issued without distribution points set. + description: |- + The CRL distribution points is an X.509 v3 certificate extension which identifies + the location of the CRL from which the revocation of this certificate can be checked. + If not set, certificates will be issued without distribution points set. + type: array + items: + type: string + issuingCertificateURLs: + description: |- + IssuingCertificateURLs is a list of URLs which this issuer should embed into certificates + it creates. See https://www.rfc-editor.org/rfc/rfc5280#section-4.2.2.1 for more details. + As an example, such a URL might be "http://ca.domain.com/ca.crt". type: array items: type: string ocspServers: - description: The OCSP server list is an X.509 v3 extension that defines a list of URLs of OCSP responders. The OCSP responders can be queried for the revocation status of an issued certificate. If not set, the certificate will be issued with no OCSP servers set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". + description: |- + The OCSP server list is an X.509 v3 extension that defines a list of + URLs of OCSP responders. The OCSP responders can be queried for the + revocation status of an issued certificate. If not set, the + certificate will be issued with no OCSP servers set. For example, an + OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". type: array items: type: string secretName: - description: SecretName is the name of the secret used to sign Certificates issued by this Issuer. + description: |- + SecretName is the name of the secret used to sign Certificates issued + by this Issuer. type: string selfSigned: - description: SelfSigned configures this issuer to 'self sign' certificates using the private key used to create the CertificateRequest object. + description: |- + SelfSigned configures this issuer to 'self sign' certificates using the + private key used to create the CertificateRequest object. type: object properties: crlDistributionPoints: - description: The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set certificate will be issued without CDP. Values are strings. + description: |- + The CRL distribution points is an X.509 v3 certificate extension which identifies + the location of the CRL from which the revocation of this certificate can be checked. + If not set certificate will be issued without CDP. Values are strings. type: array items: type: string vault: - description: Vault configures this issuer to sign certificates using a HashiCorp Vault PKI backend. + description: |- + Vault configures this issuer to sign certificates using a HashiCorp Vault + PKI backend. type: object required: - auth @@ -2757,7 +5116,9 @@ spec: type: object properties: appRole: - description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. + description: |- + AppRole authenticates with Vault using the App Role auth mechanism, + with the role and secret stored in a Kubernetes Secret resource. type: object required: - path @@ -2765,53 +5126,94 @@ spec: - secretRef properties: path: - description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"' + description: |- + Path where the App Role authentication backend is mounted in Vault, e.g: + "approle" type: string roleId: - description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault. + description: |- + RoleID configured in the App Role authentication backend when setting + up the authentication backend in Vault. type: string secretRef: - description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret. + description: |- + Reference to a key in a Secret that contains the App Role secret used + to authenticate with Vault. + The `key` field must be specified and denotes which entry within the Secret + resource is used as the app role secret. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string kubernetes: - description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. + description: |- + Kubernetes authenticates with Vault by passing the ServiceAccount + token stored in the named Secret resource to the Vault server. type: object required: - role properties: mountPath: - description: The Vault mountPath here is the mount path to use when authenticating with Vault. For example, setting a value to `/v1/auth/foo`, will use the path `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the default value "/v1/auth/kubernetes" will be used. + description: |- + The Vault mountPath here is the mount path to use when authenticating with + Vault. For example, setting a value to `/v1/auth/foo`, will use the path + `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the + default value "/v1/auth/kubernetes" will be used. type: string role: - description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies. + description: |- + A required field containing the Vault Role to assume. A Role binds a + Kubernetes ServiceAccount with a set of Vault policies. type: string secretRef: - description: The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. Use of 'ambient credentials' is not supported. + description: |- + The required Secret field containing a Kubernetes ServiceAccount JWT used + for authenticating with Vault. Use of 'ambient credentials' is not + supported. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string serviceAccountRef: - description: A reference to a service account that will be used to request a bound token (also known as "projected token"). Compared to using "secretRef", using this field means that you don't rely on statically bound tokens. To use this field, you must configure an RBAC rule to let cert-manager request a token. + description: |- + A reference to a service account that will be used to request a bound + token (also known as "projected token"). Compared to using "secretRef", + using this field means that you don't rely on statically bound tokens. To + use this field, you must configure an RBAC rule to let cert-manager + request a token. type: object required: - name properties: + audiences: + description: |- + TokenAudiences is an optional list of extra audiences to include in the token passed to Vault. The default token + consisting of the issuer's namespace and name is always included. + type: array + items: + type: string name: description: Name of the ServiceAccount used to request a token. type: string @@ -2822,44 +5224,112 @@ spec: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string caBundle: - description: Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by Vault. Only used if using HTTPS to connect to Vault and ignored for HTTP connections. Mutually exclusive with CABundleSecretRef. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. + description: |- + Base64-encoded bundle of PEM CAs which will be used to validate the certificate + chain presented by Vault. Only used if using HTTPS to connect to Vault and + ignored for HTTP connections. + Mutually exclusive with CABundleSecretRef. + If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in + the cert-manager controller container is used to validate the TLS connection. type: string format: byte caBundleSecretRef: - description: Reference to a Secret containing a bundle of PEM-encoded CAs to use when verifying the certificate chain presented by Vault when using HTTPS. Mutually exclusive with CABundle. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. If no key for the Secret is specified, cert-manager will default to 'ca.crt'. + description: |- + Reference to a Secret containing a bundle of PEM-encoded CAs to use when + verifying the certificate chain presented by Vault when using HTTPS. + Mutually exclusive with CABundle. + If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in + the cert-manager controller container is used to validate the TLS connection. + If no key for the Secret is specified, cert-manager will default to 'ca.crt'. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + clientCertSecretRef: + description: |- + Reference to a Secret containing a PEM-encoded Client Certificate to use when the + Vault server requires mTLS. + type: object + required: + - name + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. + type: string + name: + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + clientKeySecretRef: + description: |- + Reference to a Secret containing a PEM-encoded Client Private Key to use when the + Vault server requires mTLS. + type: object + required: + - name + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. + type: string + name: + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: - description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1" More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces' + description: |- + Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1" + More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces type: string path: - description: 'Path is the mount path of the Vault PKI backend''s `sign` endpoint, e.g: "my_pki_mount/sign/my-role-name".' + description: |- + Path is the mount path of the Vault PKI backend's `sign` endpoint, e.g: + "my_pki_mount/sign/my-role-name". type: string server: description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".' type: string venafi: - description: Venafi configures this issuer to sign certificates using a Venafi TPP or Venafi Cloud policy zone. + description: |- + Venafi configures this issuer to sign certificates using a Venafi TPP + or Venafi Cloud policy zone. type: object required: - zone properties: cloud: - description: Cloud specifies the Venafi cloud configuration settings. Only one of TPP or Cloud may be specified. + description: |- + Cloud specifies the Venafi cloud configuration settings. + Only one of TPP or Cloud may be specified. type: object required: - apiTokenSecretRef @@ -2871,59 +5341,96 @@ spec: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string url: - description: URL is the base URL for Venafi Cloud. Defaults to "https://api.venafi.cloud/v1". + description: |- + URL is the base URL for Venafi Cloud. + Defaults to "https://api.venafi.cloud/v1". type: string tpp: - description: TPP specifies Trust Protection Platform configuration settings. Only one of TPP or Cloud may be specified. + description: |- + TPP specifies Trust Protection Platform configuration settings. + Only one of TPP or Cloud may be specified. type: object required: - credentialsRef - url properties: caBundle: - description: Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by the TPP server. Only used if using HTTPS; ignored for HTTP. If undefined, the certificate bundle in the cert-manager controller container is used to validate the chain. + description: |- + Base64-encoded bundle of PEM CAs which will be used to validate the certificate + chain presented by the TPP server. Only used if using HTTPS; ignored for HTTP. + If undefined, the certificate bundle in the cert-manager controller container + is used to validate the chain. type: string format: byte credentialsRef: - description: CredentialsRef is a reference to a Secret containing the username and password for the TPP server. The secret must contain two keys, 'username' and 'password'. + description: |- + CredentialsRef is a reference to a Secret containing the username and + password for the TPP server. + The secret must contain two keys, 'username' and 'password'. type: object required: - name properties: name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string url: - description: 'URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk".' + description: |- + URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, + for example: "https://tpp.example.com/vedsdk". type: string zone: - description: Zone is the Venafi Policy Zone to use for this issuer. All requests made to the Venafi platform will be restricted by the named zone policy. This field is required. + description: |- + Zone is the Venafi Policy Zone to use for this issuer. + All requests made to the Venafi platform will be restricted by the named + zone policy. + This field is required. type: string status: description: Status of the ClusterIssuer. This is set and managed automatically. type: object properties: acme: - description: ACME specific status options. This field should only be set if the Issuer is configured to use an ACME server to issue certificates. + description: |- + ACME specific status options. + This field should only be set if the Issuer is configured to use an ACME + server to issue certificates. type: object properties: lastPrivateKeyHash: - description: LastPrivateKeyHash is a hash of the private key associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer + description: |- + LastPrivateKeyHash is a hash of the private key associated with the latest + registered ACME account, in order to track changes made to registered account + associated with the Issuer type: string lastRegisteredEmail: - description: LastRegisteredEmail is the email associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer + description: |- + LastRegisteredEmail is the email associated with the latest registered + ACME account, in order to track changes made to registered account + associated with the Issuer type: string uri: - description: URI is the unique account identifier, which can also be used to retrieve account details from the CA + description: |- + URI is the unique account identifier, which can also be used to retrieve + account details from the CA type: string conditions: - description: List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready`. + description: |- + List of status conditions to indicate the status of a CertificateRequest. + Known condition types are `Ready`. type: array items: description: IssuerCondition contains condition information for an Issuer. @@ -2933,18 +5440,29 @@ spec: - type properties: lastTransitionTime: - description: LastTransitionTime is the timestamp corresponding to the last status change of this condition. + description: |- + LastTransitionTime is the timestamp corresponding to the last status + change of this condition. type: string format: date-time message: - description: Message is a human readable description of the details of the last transition, complementing reason. + description: |- + Message is a human readable description of the details of the last + transition, complementing reason. type: string observedGeneration: - description: If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Issuer. + description: |- + If set, this represents the .metadata.generation that the condition was + set based upon. + For instance, if .metadata.generation is currently 12, but the + .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the Issuer. type: integer format: int64 reason: - description: Reason is a brief machine readable explanation for the condition's last transition. + description: |- + Reason is a brief machine readable explanation for the condition's last + transition. type: string status: description: Status of the condition, one of (`True`, `False`, `Unknown`). @@ -2961,15 +5479,24 @@ spec: x-kubernetes-list-type: map served: true storage: true + +# END crd {{- end }} + --- +# START crd {{- if or .Values.crds.enabled .Values.installCRDs }} apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: issuers.cert-manager.io + # START annotations {{- if .Values.crds.keep }} + annotations: + helm.sh/resource-policy: keep + # END annotations {{- end }} labels: app: '{{ template "cert-manager.name" . }}' app.kubernetes.io/name: '{{ template "cert-manager.name" . }}' - app.kubernetes.io/instance: "{{ .Release.Name }}" + app.kubernetes.io/instance: '{{ .Release.Name }}' + app.kubernetes.io/component: "crds" # Generated labels {{- include "labels" . | nindent 4 }} spec: group: cert-manager.io @@ -2999,16 +5526,29 @@ spec: type: date schema: openAPIV3Schema: - description: An Issuer represents a certificate issuing authority which can be referenced as part of `issuerRef` fields. It is scoped to a single namespace and can therefore only be referenced by resources within the same namespace. + description: |- + An Issuer represents a certificate issuing authority which can be + referenced as part of `issuerRef` fields. + It is scoped to a single namespace and can therefore only be referenced by + resources within the same namespace. type: object required: - spec properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -3017,34 +5557,65 @@ spec: type: object properties: acme: - description: ACME configures this issuer to communicate with a RFC8555 (ACME) server to obtain signed x509 certificates. + description: |- + ACME configures this issuer to communicate with a RFC8555 (ACME) server + to obtain signed x509 certificates. type: object required: - privateKeySecretRef - server properties: caBundle: - description: Base64-encoded bundle of PEM CAs which can be used to validate the certificate chain presented by the ACME server. Mutually exclusive with SkipTLSVerify; prefer using CABundle to prevent various kinds of security vulnerabilities. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. + description: |- + Base64-encoded bundle of PEM CAs which can be used to validate the certificate + chain presented by the ACME server. + Mutually exclusive with SkipTLSVerify; prefer using CABundle to prevent various + kinds of security vulnerabilities. + If CABundle and SkipTLSVerify are unset, the system certificate bundle inside + the container is used to validate the TLS connection. type: string format: byte disableAccountKeyGeneration: - description: Enables or disables generating a new ACME account key. If true, the Issuer resource will *not* request a new account but will expect the account key to be supplied via an existing secret. If false, the cert-manager system will generate a new ACME account key for the Issuer. Defaults to false. + description: |- + Enables or disables generating a new ACME account key. + If true, the Issuer resource will *not* request a new account but will expect + the account key to be supplied via an existing secret. + If false, the cert-manager system will generate a new ACME account key + for the Issuer. + Defaults to false. type: boolean email: - description: Email is the email address to be associated with the ACME account. This field is optional, but it is strongly recommended to be set. It will be used to contact you in case of issues with your account or certificates, including expiry notification emails. This field may be updated after the account is initially registered. + description: |- + Email is the email address to be associated with the ACME account. + This field is optional, but it is strongly recommended to be set. + It will be used to contact you in case of issues with your account or + certificates, including expiry notification emails. + This field may be updated after the account is initially registered. type: string enableDurationFeature: - description: Enables requesting a Not After date on certificates that matches the duration of the certificate. This is not supported by all ACME servers like Let's Encrypt. If set to true when the ACME server does not support it it will create an error on the Order. Defaults to false. + description: |- + Enables requesting a Not After date on certificates that matches the + duration of the certificate. This is not supported by all ACME servers + like Let's Encrypt. If set to true when the ACME server does not support + it, it will create an error on the Order. + Defaults to false. type: boolean externalAccountBinding: - description: ExternalAccountBinding is a reference to a CA external account of the ACME server. If set, upon registration cert-manager will attempt to associate the given external account credentials with the registered ACME account. + description: |- + ExternalAccountBinding is a reference to a CA external account of the ACME + server. + If set, upon registration cert-manager will attempt to associate the given + external account credentials with the registered ACME account. type: object required: - keyID - keySecretRef properties: keyAlgorithm: - description: 'Deprecated: keyAlgorithm field exists for historical compatibility reasons and should not be used. The algorithm is now hardcoded to HS256 in golang/x/crypto/acme.' + description: |- + Deprecated: keyAlgorithm field exists for historical compatibility + reasons and should not be used. The algorithm is now hardcoded to HS256 + in golang/x/crypto/acme. type: string enum: - HS256 @@ -3054,68 +5625,130 @@ spec: description: keyID is the ID of the CA key that the External Account is bound to. type: string keySecretRef: - description: keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes Secret which holds the symmetric MAC key of the External Account Binding. The `key` is the index string that is paired with the key data in the Secret and should not be confused with the key data itself, or indeed with the External Account Binding keyID above. The secret key stored in the Secret **must** be un-padded, base64 URL encoded data. + description: |- + keySecretRef is a Secret Key Selector referencing a data item in a Kubernetes + Secret which holds the symmetric MAC key of the External Account Binding. + The `key` is the index string that is paired with the key data in the + Secret and should not be confused with the key data itself, or indeed with + the External Account Binding keyID above. + The secret key stored in the Secret **must** be un-padded, base64 URL + encoded data. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string preferredChain: - description: 'PreferredChain is the chain to use if the ACME server outputs multiple. PreferredChain is no guarantee that this one gets delivered by the ACME endpoint. For example, for Let''s Encrypt''s DST crosssign you would use: "DST Root CA X3" or "ISRG Root X1" for the newer Let''s Encrypt root CA. This value picks the first certificate bundle in the ACME alternative chains that has a certificate with this value as its issuer''s CN' + description: |- + PreferredChain is the chain to use if the ACME server outputs multiple. + PreferredChain is no guarantee that this one gets delivered by the ACME + endpoint. + For example, for Let's Encrypt's DST crosssign you would use: + "DST Root CA X3" or "ISRG Root X1" for the newer Let's Encrypt root CA. + This value picks the first certificate bundle in the combined set of + ACME default and alternative chains that has a root-most certificate with + this value as its issuer's commonname. type: string maxLength: 64 privateKeySecretRef: - description: PrivateKey is the name of a Kubernetes Secret resource that will be used to store the automatically generated ACME account private key. Optionally, a `key` may be specified to select a specific entry within the named Secret resource. If `key` is not specified, a default of `tls.key` will be used. + description: |- + PrivateKey is the name of a Kubernetes Secret resource that will be used to + store the automatically generated ACME account private key. + Optionally, a `key` may be specified to select a specific entry within + the named Secret resource. + If `key` is not specified, a default of `tls.key` will be used. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string server: - description: 'Server is the URL used to access the ACME server''s ''directory'' endpoint. For example, for Let''s Encrypt''s staging endpoint, you would use: "https://acme-staging-v02.api.letsencrypt.org/directory". Only ACME v2 endpoints (i.e. RFC 8555) are supported.' + description: |- + Server is the URL used to access the ACME server's 'directory' endpoint. + For example, for Let's Encrypt's staging endpoint, you would use: + "https://acme-staging-v02.api.letsencrypt.org/directory". + Only ACME v2 endpoints (i.e. RFC 8555) are supported. type: string skipTLSVerify: - description: 'INSECURE: Enables or disables validation of the ACME server TLS certificate. If true, requests to the ACME server will not have the TLS certificate chain validated. Mutually exclusive with CABundle; prefer using CABundle to prevent various kinds of security vulnerabilities. Only enable this option in development environments. If CABundle and SkipTLSVerify are unset, the system certificate bundle inside the container is used to validate the TLS connection. Defaults to false.' + description: |- + INSECURE: Enables or disables validation of the ACME server TLS certificate. + If true, requests to the ACME server will not have the TLS certificate chain + validated. + Mutually exclusive with CABundle; prefer using CABundle to prevent various + kinds of security vulnerabilities. + Only enable this option in development environments. + If CABundle and SkipTLSVerify are unset, the system certificate bundle inside + the container is used to validate the TLS connection. + Defaults to false. type: boolean solvers: - description: 'Solvers is a list of challenge solvers that will be used to solve ACME challenges for the matching domains. Solver configurations must be provided in order to obtain certificates from an ACME server. For more information, see: https://cert-manager.io/docs/configuration/acme/' + description: |- + Solvers is a list of challenge solvers that will be used to solve + ACME challenges for the matching domains. + Solver configurations must be provided in order to obtain certificates + from an ACME server. + For more information, see: https://cert-manager.io/docs/configuration/acme/ type: array items: - description: An ACMEChallengeSolver describes how to solve ACME challenges for the issuer it is part of. A selector may be provided to use different solving strategies for different DNS names. Only one of HTTP01 or DNS01 must be provided. + description: |- + An ACMEChallengeSolver describes how to solve ACME challenges for the issuer it is part of. + A selector may be provided to use different solving strategies for different DNS names. + Only one of HTTP01 or DNS01 must be provided. type: object properties: dns01: - description: Configures cert-manager to attempt to complete authorizations by performing the DNS01 challenge flow. + description: |- + Configures cert-manager to attempt to complete authorizations by + performing the DNS01 challenge flow. type: object properties: acmeDNS: - description: Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage DNS01 challenge records. + description: |- + Use the 'ACME DNS' (https://github.com/joohoi/acme-dns) API to manage + DNS01 challenge records. type: object required: - accountSecretRef - host properties: accountSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource. + In some instances, `key` is a required field. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string host: type: string @@ -3129,40 +5762,61 @@ spec: - serviceConsumerDomain properties: accessTokenSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource. + In some instances, `key` is a required field. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string clientSecretSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource. + In some instances, `key` is a required field. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string clientTokenSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource. + In some instances, `key` is a required field. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string serviceConsumerDomain: type: string @@ -3174,19 +5828,30 @@ spec: - subscriptionID properties: clientID: - description: if both this and ClientSecret are left unset MSI will be used + description: |- + Auth: Azure Service Principal: + The ClientID of the Azure Service Principal used to authenticate with Azure DNS. + If set, ClientSecret and TenantID must also be set. type: string clientSecretSecretRef: - description: if both this and ClientID are left unset MSI will be used + description: |- + Auth: Azure Service Principal: + A reference to a Secret containing the password associated with the Service Principal. + If set, ClientID and TenantID must also be set. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string environment: description: name of the Azure environment (default AzurePublicCloud) @@ -3200,14 +5865,19 @@ spec: description: name of the DNS zone that should be used type: string managedIdentity: - description: managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID + description: |- + Auth: Azure Workload Identity or Azure Managed Service Identity: + Settings to enable Azure Workload Identity or Azure Managed Service Identity + If set, ClientID, ClientSecret and TenantID must not be set. type: object properties: clientID: description: client ID of the managed identity, can not be used at the same time as resourceID type: string resourceID: - description: resource ID of the managed identity, can not be used at the same time as clientID + description: |- + resource ID of the managed identity, can not be used at the same time as clientID + Cannot be used for Azure Managed Service Identity type: string resourceGroupName: description: resource group the DNS zone is located in @@ -3216,7 +5886,10 @@ spec: description: ID of the Azure subscription type: string tenantID: - description: when specifying ClientID and ClientSecret then this field is also needed + description: |- + Auth: Azure Service Principal: + The TenantID of the Azure Service Principal used to authenticate with Azure DNS. + If set, ClientID and ClientSecret must also be set. type: string cloudDNS: description: Use the Google Cloud DNS API to manage DNS01 challenge records. @@ -3225,37 +5898,55 @@ spec: - project properties: hostedZoneName: - description: HostedZoneName is an optional field that tells cert-manager in which Cloud DNS zone the challenge record has to be created. If left empty cert-manager will automatically choose a zone. + description: |- + HostedZoneName is an optional field that tells cert-manager in which + Cloud DNS zone the challenge record has to be created. + If left empty cert-manager will automatically choose a zone. type: string project: type: string serviceAccountSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource. + In some instances, `key` is a required field. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string cloudflare: description: Use the Cloudflare API to manage DNS01 challenge records. type: object properties: apiKeySecretRef: - description: 'API key to use to authenticate with Cloudflare. Note: using an API token to authenticate is now the recommended method as it allows greater control of permissions.' + description: |- + API key to use to authenticate with Cloudflare. + Note: using an API token to authenticate is now the recommended method + as it allows greater control of permissions. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string apiTokenSecretRef: description: API token used to authenticate with Cloudflare. @@ -3264,16 +5955,23 @@ spec: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string email: description: Email of the account, only required when using API key based authentication. type: string cnameStrategy: - description: CNAMEStrategy configures how the DNS01 provider should handle CNAME records when found in DNS zones. + description: |- + CNAMEStrategy configures how the DNS01 provider should handle CNAME + records when found in DNS zones. type: string enum: - None @@ -3285,43 +5983,69 @@ spec: - tokenSecretRef properties: tokenSecretRef: - description: A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. + description: |- + A reference to a specific 'key' within a Secret resource. + In some instances, `key` is a required field. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string rfc2136: - description: Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) to manage DNS01 challenge records. + description: |- + Use RFC2136 ("Dynamic Updates in the Domain Name System") (https://datatracker.ietf.org/doc/rfc2136/) + to manage DNS01 challenge records. type: object required: - nameserver properties: nameserver: - description: The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. This field is required. + description: |- + The IP address or hostname of an authoritative DNS server supporting + RFC2136 in the form host:port. If the host is an IPv6 address it must be + enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. + This field is required. type: string tsigAlgorithm: - description: 'The TSIG Algorithm configured in the DNS supporting RFC2136. Used only when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. Supported values are (case-insensitive): ``HMACMD5`` (default), ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``.' + description: |- + The TSIG Algorithm configured in the DNS supporting RFC2136. Used only + when ``tsigSecretSecretRef`` and ``tsigKeyName`` are defined. + Supported values are (case-insensitive): ``HMACMD5`` (default), + ``HMACSHA1``, ``HMACSHA256`` or ``HMACSHA512``. type: string tsigKeyName: - description: The TSIG Key name configured in the DNS. If ``tsigSecretSecretRef`` is defined, this field is required. + description: |- + The TSIG Key name configured in the DNS. + If ``tsigSecretSecretRef`` is defined, this field is required. type: string tsigSecretSecretRef: - description: The name of the secret containing the TSIG value. If ``tsigKeyName`` is defined, this field is required. + description: |- + The name of the secret containing the TSIG value. + If ``tsigKeyName`` is defined, this field is required. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string route53: description: Use the AWS Route53 API to manage DNS01 challenge records. @@ -3330,20 +6054,71 @@ spec: - region properties: accessKeyID: - description: 'The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + description: |- + The AccessKeyID is used for authentication. + Cannot be set when SecretAccessKeyID is set. + If neither the Access Key nor Key ID are set, we fall-back to using env + vars, shared credentials file or AWS Instance metadata, + see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials type: string accessKeyIDSecretRef: - description: 'The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + description: |- + The SecretAccessKey is used for authentication. If set, pull the AWS + access key ID from a key within a Kubernetes Secret. + Cannot be set when AccessKeyID is set. + If neither the Access Key nor Key ID are set, we fall-back to using env + vars, shared credentials file or AWS Instance metadata, + see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string + auth: + description: Auth configures how cert-manager authenticates. + type: object + required: + - kubernetes + properties: + kubernetes: + description: |- + Kubernetes authenticates with Route53 using AssumeRoleWithWebIdentity + by passing a bound ServiceAccount token. + type: object + required: + - serviceAccountRef + properties: + serviceAccountRef: + description: |- + A reference to a service account that will be used to request a bound + token (also known as "projected token"). To use this field, you must + configure an RBAC rule to let cert-manager request a token. + type: object + required: + - name + properties: + audiences: + description: |- + TokenAudiences is an optional list of audiences to include in the + token passed to AWS. The default token consisting of the issuer's namespace + and name is always included. + If unset the audience defaults to `sts.amazonaws.com`. + type: array + items: + type: string + name: + description: Name of the ServiceAccount used to request a token. + type: string hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. type: string @@ -3351,113 +6126,301 @@ spec: description: Always set the region when using AccessKeyID and SecretAccessKey type: string role: - description: Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata + description: |- + Role is a Role ARN which the Route53 provider will assume using either the explicit credentials AccessKeyID/SecretAccessKey + or the inferred credentials from environment variables, shared credentials file or AWS Instance metadata type: string secretAccessKeySecretRef: - description: 'The SecretAccessKey is used for authentication. If neither the Access Key nor Key ID are set, we fall-back to using env vars, shared credentials file or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials' + description: |- + The SecretAccessKey is used for authentication. + If neither the Access Key nor Key ID are set, we fall-back to using env + vars, shared credentials file or AWS Instance metadata, + see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string webhook: - description: Configure an external webhook based DNS01 challenge solver to manage DNS01 challenge records. + description: |- + Configure an external webhook based DNS01 challenge solver to manage + DNS01 challenge records. type: object required: - groupName - solverName properties: config: - description: Additional configuration that should be passed to the webhook apiserver when challenges are processed. This can contain arbitrary JSON data. Secret values should not be specified in this stanza. If secret values are needed (e.g. credentials for a DNS service), you should use a SecretKeySelector to reference a Secret resource. For details on the schema of this field, consult the webhook provider implementation's documentation. + description: |- + Additional configuration that should be passed to the webhook apiserver + when challenges are processed. + This can contain arbitrary JSON data. + Secret values should not be specified in this stanza. + If secret values are needed (e.g. credentials for a DNS service), you + should use a SecretKeySelector to reference a Secret resource. + For details on the schema of this field, consult the webhook provider + implementation's documentation. x-kubernetes-preserve-unknown-fields: true groupName: - description: The API group name that should be used when POSTing ChallengePayload resources to the webhook apiserver. This should be the same as the GroupName specified in the webhook provider implementation. + description: |- + The API group name that should be used when POSTing ChallengePayload + resources to the webhook apiserver. + This should be the same as the GroupName specified in the webhook + provider implementation. type: string solverName: - description: The name of the solver to use, as defined in the webhook provider implementation. This will typically be the name of the provider, e.g. 'cloudflare'. + description: |- + The name of the solver to use, as defined in the webhook provider + implementation. + This will typically be the name of the provider, e.g. 'cloudflare'. type: string http01: - description: Configures cert-manager to attempt to complete authorizations by performing the HTTP01 challenge flow. It is not possible to obtain certificates for wildcard domain names (e.g. `*.example.com`) using the HTTP01 challenge mechanism. + description: |- + Configures cert-manager to attempt to complete authorizations by + performing the HTTP01 challenge flow. + It is not possible to obtain certificates for wildcard domain names + (e.g. `*.example.com`) using the HTTP01 challenge mechanism. type: object properties: gatewayHTTPRoute: - description: The Gateway API is a sig-network community API that models service networking in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will create HTTPRoutes with the specified labels in the same namespace as the challenge. This solver is experimental, and fields / behaviour may change in the future. + description: |- + The Gateway API is a sig-network community API that models service networking + in Kubernetes (https://gateway-api.sigs.k8s.io/). The Gateway solver will + create HTTPRoutes with the specified labels in the same namespace as the challenge. + This solver is experimental, and fields / behaviour may change in the future. type: object properties: labels: - description: Custom labels that will be applied to HTTPRoutes created by cert-manager while solving HTTP-01 challenges. + description: |- + Custom labels that will be applied to HTTPRoutes created by cert-manager + while solving HTTP-01 challenges. type: object additionalProperties: type: string parentRefs: - description: 'When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. cert-manager needs to know which parentRefs should be used when creating the HTTPRoute. Usually, the parentRef references a Gateway. See: https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways' + description: |- + When solving an HTTP-01 challenge, cert-manager creates an HTTPRoute. + cert-manager needs to know which parentRefs should be used when creating + the HTTPRoute. Usually, the parentRef references a Gateway. See: + https://gateway-api.sigs.k8s.io/api-types/httproute/#attaching-to-gateways type: array items: - description: "ParentReference identifies an API object (usually a Gateway) that can be considered a parent of this resource (usually a route). The only kind of parent resource with \"Core\" support is Gateway. This API may be extended in the future to support additional kinds of parent resources, such as HTTPRoute. \n The API object must be valid in the cluster; the Group and Kind must be registered in the cluster for this reference to be valid." + description: |- + ParentReference identifies an API object (usually a Gateway) that can be considered + a parent of this resource (usually a route). There are two kinds of parent resources + with "Core" support: + + + * Gateway (Gateway conformance profile) + * Service (Mesh conformance profile, ClusterIP Services only) + + + This API may be extended in the future to support additional kinds of parent + resources. + + + The API object must be valid in the cluster; the Group and Kind must + be registered in the cluster for this reference to be valid. type: object required: - name properties: group: - description: "Group is the group of the referent. When unspecified, \"gateway.networking.k8s.io\" is inferred. To set the core API group (such as for a \"Service\" kind referent), Group must be explicitly set to \"\" (empty string). \n Support: Core" + description: |- + Group is the group of the referent. + When unspecified, "gateway.networking.k8s.io" is inferred. + To set the core API group (such as for a "Service" kind referent), + Group must be explicitly set to "" (empty string). + + + Support: Core type: string default: gateway.networking.k8s.io maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ kind: - description: "Kind is kind of the referent. \n Support: Core (Gateway) \n Support: Implementation-specific (Other Resources)" + description: |- + Kind is kind of the referent. + + + There are two kinds of parent resources with "Core" support: + + + * Gateway (Gateway conformance profile) + * Service (Mesh conformance profile, ClusterIP Services only) + + + Support for other resources is Implementation-Specific. type: string default: Gateway maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ name: - description: "Name is the name of the referent. \n Support: Core" + description: |- + Name is the name of the referent. + + + Support: Core type: string maxLength: 253 minLength: 1 namespace: - description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n Support: Core" + description: |- + Namespace is the namespace of the referent. When unspecified, this refers + to the local namespace of the Route. + + + Note that there are specific rules for ParentRefs which cross namespace + boundaries. Cross-namespace references are only valid if they are explicitly + allowed by something in the namespace they are referring to. For example: + Gateway has the AllowedRoutes field, and ReferenceGrant provides a + generic way to enable any other kind of cross-namespace reference. + + + + ParentRefs from a Route to a Service in the same namespace are "producer" + routes, which apply default routing rules to inbound connections from + any namespace to the Service. + + + ParentRefs from a Route to a Service in a different namespace are + "consumer" routes, and these routing rules are only applied to outbound + connections originating from the same namespace as the Route, for which + the intended destination of the connections are a Service targeted as a + ParentRef of the Route. + + + + Support: Core type: string maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ port: - description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " + description: |- + Port is the network port this Route targets. It can be interpreted + differently based on the type of parent resource. + + + When the parent resource is a Gateway, this targets all listeners + listening on the specified port that also support this kind of Route(and + select this Route). It's not recommended to set `Port` unless the + networking behaviors specified in a Route must apply to a specific port + as opposed to a listener(s) whose port(s) may be changed. When both Port + and SectionName are specified, the name and port of the selected listener + must match both specified values. + + + + When the parent resource is a Service, this targets a specific port in the + Service spec. When both Port (experimental) and SectionName are specified, + the name and port of the selected port must match both specified values. + + + + Implementations MAY choose to support other parent resources. + Implementations supporting other types of parent resources MUST clearly + document how/if Port is interpreted. + + + For the purpose of status, an attachment is considered successful as + long as the parent resource accepts it partially. For example, Gateway + listeners can restrict which Routes can attach to them by Route kind, + namespace, or hostname. If 1 of 2 Gateway listeners accept attachment + from the referencing Route, the Route MUST be considered successfully + attached. If no Gateway listeners accept attachment from this Route, + the Route MUST be considered detached from the Gateway. + + + Support: Extended type: integer format: int32 maximum: 65535 minimum: 1 sectionName: - description: "SectionName is the name of a section within the target resource. In the following resources, SectionName is interpreted as the following: \n * Gateway: Listener Name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. \n Implementations MAY choose to support attaching Routes to other resources. If that is the case, they MUST clearly document how SectionName is interpreted. \n When unspecified (empty string), this will reference the entire resource. For the purpose of status, an attachment is considered successful if at least one section in the parent resource accepts it. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Core" + description: |- + SectionName is the name of a section within the target resource. In the + following resources, SectionName is interpreted as the following: + + + * Gateway: Listener name. When both Port (experimental) and SectionName + are specified, the name and port of the selected listener must match + both specified values. + * Service: Port name. When both Port (experimental) and SectionName + are specified, the name and port of the selected listener must match + both specified values. + + + Implementations MAY choose to support attaching Routes to other resources. + If that is the case, they MUST clearly document how SectionName is + interpreted. + + + When unspecified (empty string), this will reference the entire resource. + For the purpose of status, an attachment is considered successful if at + least one section in the parent resource accepts it. For example, Gateway + listeners can restrict which Routes can attach to them by Route kind, + namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from + the referencing Route, the Route MUST be considered successfully + attached. If no Gateway listeners accept attachment from this Route, the + Route MUST be considered detached from the Gateway. + + + Support: Core type: string maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ serviceType: - description: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + description: |- + Optional service type for Kubernetes solver service. Supported values + are NodePort or ClusterIP. If unset, defaults to NodePort. type: string ingress: - description: The ingress based HTTP01 challenge solver will solve challenges by creating or modifying Ingress resources in order to route requests for '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are provisioned by cert-manager for each Challenge to be completed. + description: |- + The ingress based HTTP01 challenge solver will solve challenges by + creating or modifying Ingress resources in order to route requests for + '/.well-known/acme-challenge/XYZ' to 'challenge solver' pods that are + provisioned by cert-manager for each Challenge to be completed. type: object properties: class: - description: This field configures the annotation `kubernetes.io/ingress.class` when creating Ingress resources to solve ACME challenges that use this challenge solver. Only one of `class`, `name` or `ingressClassName` may be specified. + description: |- + This field configures the annotation `kubernetes.io/ingress.class` when + creating Ingress resources to solve ACME challenges that use this + challenge solver. Only one of `class`, `name` or `ingressClassName` may + be specified. type: string ingressClassName: - description: This field configures the field `ingressClassName` on the created Ingress resources used to solve ACME challenges that use this challenge solver. This is the recommended way of configuring the ingress class. Only one of `class`, `name` or `ingressClassName` may be specified. + description: |- + This field configures the field `ingressClassName` on the created Ingress + resources used to solve ACME challenges that use this challenge solver. + This is the recommended way of configuring the ingress class. Only one of + `class`, `name` or `ingressClassName` may be specified. type: string ingressTemplate: - description: Optional ingress template used to configure the ACME challenge solver ingress used for HTTP01 challenges. + description: |- + Optional ingress template used to configure the ACME challenge solver + ingress used for HTTP01 challenges. type: object properties: metadata: - description: ObjectMeta overrides for the ingress used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + description: |- + ObjectMeta overrides for the ingress used to solve HTTP01 challenges. + Only the 'labels' and 'annotations' fields may be set. + If labels or annotations overlap with in-built values, the values here + will override the in-built values. type: object properties: annotations: @@ -3471,14 +6434,26 @@ spec: additionalProperties: type: string name: - description: The name of the ingress resource that should have ACME challenge solving routes inserted into it in order to solve HTTP01 challenges. This is typically used in conjunction with ingress controllers like ingress-gce, which maintains a 1:1 mapping between external IPs and ingress resources. Only one of `class`, `name` or `ingressClassName` may be specified. + description: |- + The name of the ingress resource that should have ACME challenge solving + routes inserted into it in order to solve HTTP01 challenges. + This is typically used in conjunction with ingress controllers like + ingress-gce, which maintains a 1:1 mapping between external IPs and + ingress resources. Only one of `class`, `name` or `ingressClassName` may + be specified. type: string podTemplate: - description: Optional pod template used to configure the ACME challenge solver pods used for HTTP01 challenges. + description: |- + Optional pod template used to configure the ACME challenge solver pods + used for HTTP01 challenges. type: object properties: metadata: - description: ObjectMeta overrides for the pod used to solve HTTP01 challenges. Only the 'labels' and 'annotations' fields may be set. If labels or annotations overlap with in-built values, the values here will override the in-built values. + description: |- + ObjectMeta overrides for the pod used to solve HTTP01 challenges. + Only the 'labels' and 'annotations' fields may be set. + If labels or annotations overlap with in-built values, the values here + will override the in-built values. type: object properties: annotations: @@ -3492,7 +6467,10 @@ spec: additionalProperties: type: string spec: - description: PodSpec defines overrides for the HTTP01 challenge solver pod. Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. All other fields will be ignored. + description: |- + PodSpec defines overrides for the HTTP01 challenge solver pod. + Check ACMEChallengeSolverHTTP01IngressPodSpec to find out currently supported fields. + All other fields will be ignored. type: object properties: affinity: @@ -3504,10 +6482,21 @@ spec: type: object properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. type: array items: - description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). type: object required: - preference @@ -3521,7 +6510,9 @@ spec: description: A list of node selector requirements by node's labels. type: array items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. type: object required: - key @@ -3531,18 +6522,29 @@ spec: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. type: array items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. type: object required: - key @@ -3552,20 +6554,35 @@ spec: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. type: integer format: int32 + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. type: object required: - nodeSelectorTerms @@ -3574,14 +6591,19 @@ spec: description: Required. A list of node selector terms. The terms are ORed. type: array items: - description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. type: object properties: matchExpressions: description: A list of node selector requirements by node's labels. type: array items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. type: object required: - key @@ -3591,18 +6613,29 @@ spec: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. type: array items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. type: object required: - key @@ -3612,21 +6645,40 @@ spec: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic x-kubernetes-map-type: atomic podAffinity: description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). type: object properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. type: array items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) @@ -3642,14 +6694,18 @@ spec: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. type: object required: - key @@ -3659,28 +6715,76 @@ spec: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. type: object properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. type: object required: - key @@ -3690,49 +6794,90 @@ spec: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object additionalProperties: type: string x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". type: array items: type: string + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. type: integer format: int32 + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. type: array items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running type: object required: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. type: object required: - key @@ -3742,28 +6887,76 @@ spec: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. type: object properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. type: object required: - key @@ -3773,33 +6966,64 @@ spec: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object additionalProperties: type: string x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". type: array items: type: string + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string + x-kubernetes-list-type: atomic podAntiAffinity: description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). type: object properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. type: array items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) @@ -3815,14 +7039,18 @@ spec: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. type: object required: - key @@ -3832,28 +7060,76 @@ spec: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. type: object properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. type: object required: - key @@ -3863,49 +7139,90 @@ spec: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object additionalProperties: type: string x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". type: array items: type: string + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. type: integer format: int32 + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. type: array items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running type: object required: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: |- + A label query over a set of resources, in this case pods. + If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. type: object required: - key @@ -3915,28 +7232,76 @@ spec: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: |- + MatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: |- + MismatchLabelKeys is a set of pod label keys to select which pods will + be taken into consideration. The keys are used to lookup values from the + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` + to select the group of existing pods which pods will be taken into consideration + for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming + pod labels will be ignored. The default value is empty. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. type: object properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. type: object required: - key @@ -3946,40 +7311,75 @@ spec: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object additionalProperties: type: string x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". type: array items: type: string + x-kubernetes-list-type: atomic topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string + x-kubernetes-list-type: atomic imagePullSecrets: description: If specified, the pod's imagePullSecrets type: array items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + description: |- + LocalObjectReference contains enough information to let you locate the + referenced object inside the same namespace. type: object properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string + default: "" x-kubernetes-map-type: atomic nodeSelector: - description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + description: |- + NodeSelector is a selector which must be true for the pod to fit on a node. + Selector which must match a node's labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ type: object additionalProperties: type: string @@ -3993,77 +7393,146 @@ spec: description: If specified, the pod's tolerations. type: array items: - description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . type: object properties: effect: - description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: - description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. type: integer format: int64 value: - description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. type: string serviceType: - description: Optional service type for Kubernetes solver service. Supported values are NodePort or ClusterIP. If unset, defaults to NodePort. + description: |- + Optional service type for Kubernetes solver service. Supported values + are NodePort or ClusterIP. If unset, defaults to NodePort. type: string selector: - description: Selector selects a set of DNSNames on the Certificate resource that should be solved using this challenge solver. If not specified, the solver will be treated as the 'default' solver with the lowest priority, i.e. if any other solver has a more specific match, it will be used instead. + description: |- + Selector selects a set of DNSNames on the Certificate resource that + should be solved using this challenge solver. + If not specified, the solver will be treated as the 'default' solver + with the lowest priority, i.e. if any other solver has a more specific + match, it will be used instead. type: object properties: dnsNames: - description: List of DNSNames that this solver will be used to solve. If specified and a match is found, a dnsNames selector will take precedence over a dnsZones selector. If multiple solvers match with the same dnsNames value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + description: |- + List of DNSNames that this solver will be used to solve. + If specified and a match is found, a dnsNames selector will take + precedence over a dnsZones selector. + If multiple solvers match with the same dnsNames value, the solver + with the most matching labels in matchLabels will be selected. + If neither has more matches, the solver defined earlier in the list + will be selected. type: array items: type: string dnsZones: - description: List of DNSZones that this solver will be used to solve. The most specific DNS zone match specified here will take precedence over other DNS zone matches, so a solver specifying sys.example.com will be selected over one specifying example.com for the domain www.sys.example.com. If multiple solvers match with the same dnsZones value, the solver with the most matching labels in matchLabels will be selected. If neither has more matches, the solver defined earlier in the list will be selected. + description: |- + List of DNSZones that this solver will be used to solve. + The most specific DNS zone match specified here will take precedence + over other DNS zone matches, so a solver specifying sys.example.com + will be selected over one specifying example.com for the domain + www.sys.example.com. + If multiple solvers match with the same dnsZones value, the solver + with the most matching labels in matchLabels will be selected. + If neither has more matches, the solver defined earlier in the list + will be selected. type: array items: type: string matchLabels: - description: A label selector that is used to refine the set of certificate's that this challenge solver will apply to. + description: |- + A label selector that is used to refine the set of certificate's that + this challenge solver will apply to. type: object additionalProperties: type: string ca: - description: CA configures this issuer to sign certificates using a signing CA keypair stored in a Secret resource. This is used to build internal PKIs that are managed by cert-manager. + description: |- + CA configures this issuer to sign certificates using a signing CA keypair + stored in a Secret resource. + This is used to build internal PKIs that are managed by cert-manager. type: object required: - secretName properties: crlDistributionPoints: - description: The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set, certificates will be issued without distribution points set. + description: |- + The CRL distribution points is an X.509 v3 certificate extension which identifies + the location of the CRL from which the revocation of this certificate can be checked. + If not set, certificates will be issued without distribution points set. + type: array + items: + type: string + issuingCertificateURLs: + description: |- + IssuingCertificateURLs is a list of URLs which this issuer should embed into certificates + it creates. See https://www.rfc-editor.org/rfc/rfc5280#section-4.2.2.1 for more details. + As an example, such a URL might be "http://ca.domain.com/ca.crt". type: array items: type: string ocspServers: - description: The OCSP server list is an X.509 v3 extension that defines a list of URLs of OCSP responders. The OCSP responders can be queried for the revocation status of an issued certificate. If not set, the certificate will be issued with no OCSP servers set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". + description: |- + The OCSP server list is an X.509 v3 extension that defines a list of + URLs of OCSP responders. The OCSP responders can be queried for the + revocation status of an issued certificate. If not set, the + certificate will be issued with no OCSP servers set. For example, an + OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". type: array items: type: string secretName: - description: SecretName is the name of the secret used to sign Certificates issued by this Issuer. + description: |- + SecretName is the name of the secret used to sign Certificates issued + by this Issuer. type: string selfSigned: - description: SelfSigned configures this issuer to 'self sign' certificates using the private key used to create the CertificateRequest object. + description: |- + SelfSigned configures this issuer to 'self sign' certificates using the + private key used to create the CertificateRequest object. type: object properties: crlDistributionPoints: - description: The CRL distribution points is an X.509 v3 certificate extension which identifies the location of the CRL from which the revocation of this certificate can be checked. If not set certificate will be issued without CDP. Values are strings. + description: |- + The CRL distribution points is an X.509 v3 certificate extension which identifies + the location of the CRL from which the revocation of this certificate can be checked. + If not set certificate will be issued without CDP. Values are strings. type: array items: type: string vault: - description: Vault configures this issuer to sign certificates using a HashiCorp Vault PKI backend. + description: |- + Vault configures this issuer to sign certificates using a HashiCorp Vault + PKI backend. type: object required: - auth @@ -4075,7 +7544,9 @@ spec: type: object properties: appRole: - description: AppRole authenticates with Vault using the App Role auth mechanism, with the role and secret stored in a Kubernetes Secret resource. + description: |- + AppRole authenticates with Vault using the App Role auth mechanism, + with the role and secret stored in a Kubernetes Secret resource. type: object required: - path @@ -4083,53 +7554,94 @@ spec: - secretRef properties: path: - description: 'Path where the App Role authentication backend is mounted in Vault, e.g: "approle"' + description: |- + Path where the App Role authentication backend is mounted in Vault, e.g: + "approle" type: string roleId: - description: RoleID configured in the App Role authentication backend when setting up the authentication backend in Vault. + description: |- + RoleID configured in the App Role authentication backend when setting + up the authentication backend in Vault. type: string secretRef: - description: Reference to a key in a Secret that contains the App Role secret used to authenticate with Vault. The `key` field must be specified and denotes which entry within the Secret resource is used as the app role secret. + description: |- + Reference to a key in a Secret that contains the App Role secret used + to authenticate with Vault. + The `key` field must be specified and denotes which entry within the Secret + resource is used as the app role secret. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string kubernetes: - description: Kubernetes authenticates with Vault by passing the ServiceAccount token stored in the named Secret resource to the Vault server. + description: |- + Kubernetes authenticates with Vault by passing the ServiceAccount + token stored in the named Secret resource to the Vault server. type: object required: - role properties: mountPath: - description: The Vault mountPath here is the mount path to use when authenticating with Vault. For example, setting a value to `/v1/auth/foo`, will use the path `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the default value "/v1/auth/kubernetes" will be used. + description: |- + The Vault mountPath here is the mount path to use when authenticating with + Vault. For example, setting a value to `/v1/auth/foo`, will use the path + `/v1/auth/foo/login` to authenticate with Vault. If unspecified, the + default value "/v1/auth/kubernetes" will be used. type: string role: - description: A required field containing the Vault Role to assume. A Role binds a Kubernetes ServiceAccount with a set of Vault policies. + description: |- + A required field containing the Vault Role to assume. A Role binds a + Kubernetes ServiceAccount with a set of Vault policies. type: string secretRef: - description: The required Secret field containing a Kubernetes ServiceAccount JWT used for authenticating with Vault. Use of 'ambient credentials' is not supported. + description: |- + The required Secret field containing a Kubernetes ServiceAccount JWT used + for authenticating with Vault. Use of 'ambient credentials' is not + supported. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string serviceAccountRef: - description: A reference to a service account that will be used to request a bound token (also known as "projected token"). Compared to using "secretRef", using this field means that you don't rely on statically bound tokens. To use this field, you must configure an RBAC rule to let cert-manager request a token. + description: |- + A reference to a service account that will be used to request a bound + token (also known as "projected token"). Compared to using "secretRef", + using this field means that you don't rely on statically bound tokens. To + use this field, you must configure an RBAC rule to let cert-manager + request a token. type: object required: - name properties: + audiences: + description: |- + TokenAudiences is an optional list of extra audiences to include in the token passed to Vault. The default token + consisting of the issuer's namespace and name is always included. + type: array + items: + type: string name: description: Name of the ServiceAccount used to request a token. type: string @@ -4140,44 +7652,112 @@ spec: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string caBundle: - description: Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by Vault. Only used if using HTTPS to connect to Vault and ignored for HTTP connections. Mutually exclusive with CABundleSecretRef. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. + description: |- + Base64-encoded bundle of PEM CAs which will be used to validate the certificate + chain presented by Vault. Only used if using HTTPS to connect to Vault and + ignored for HTTP connections. + Mutually exclusive with CABundleSecretRef. + If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in + the cert-manager controller container is used to validate the TLS connection. type: string format: byte caBundleSecretRef: - description: Reference to a Secret containing a bundle of PEM-encoded CAs to use when verifying the certificate chain presented by Vault when using HTTPS. Mutually exclusive with CABundle. If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. If no key for the Secret is specified, cert-manager will default to 'ca.crt'. + description: |- + Reference to a Secret containing a bundle of PEM-encoded CAs to use when + verifying the certificate chain presented by Vault when using HTTPS. + Mutually exclusive with CABundle. + If neither CABundle nor CABundleSecretRef are defined, the certificate bundle in + the cert-manager controller container is used to validate the TLS connection. + If no key for the Secret is specified, cert-manager will default to 'ca.crt'. type: object required: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + clientCertSecretRef: + description: |- + Reference to a Secret containing a PEM-encoded Client Certificate to use when the + Vault server requires mTLS. + type: object + required: + - name + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. + type: string + name: + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + clientKeySecretRef: + description: |- + Reference to a Secret containing a PEM-encoded Client Private Key to use when the + Vault server requires mTLS. + type: object + required: + - name + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. + type: string + name: + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: - description: 'Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1" More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces' + description: |- + Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows Vault environments to support Secure Multi-tenancy. e.g: "ns1" + More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces type: string path: - description: 'Path is the mount path of the Vault PKI backend''s `sign` endpoint, e.g: "my_pki_mount/sign/my-role-name".' + description: |- + Path is the mount path of the Vault PKI backend's `sign` endpoint, e.g: + "my_pki_mount/sign/my-role-name". type: string server: description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".' type: string venafi: - description: Venafi configures this issuer to sign certificates using a Venafi TPP or Venafi Cloud policy zone. + description: |- + Venafi configures this issuer to sign certificates using a Venafi TPP + or Venafi Cloud policy zone. type: object required: - zone properties: cloud: - description: Cloud specifies the Venafi cloud configuration settings. Only one of TPP or Cloud may be specified. + description: |- + Cloud specifies the Venafi cloud configuration settings. + Only one of TPP or Cloud may be specified. type: object required: - apiTokenSecretRef @@ -4189,59 +7769,96 @@ spec: - name properties: key: - description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + description: |- + The key of the entry in the Secret resource's `data` field to be used. + Some instances of this field may be defaulted, in others it may be + required. type: string name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string url: - description: URL is the base URL for Venafi Cloud. Defaults to "https://api.venafi.cloud/v1". + description: |- + URL is the base URL for Venafi Cloud. + Defaults to "https://api.venafi.cloud/v1". type: string tpp: - description: TPP specifies Trust Protection Platform configuration settings. Only one of TPP or Cloud may be specified. + description: |- + TPP specifies Trust Protection Platform configuration settings. + Only one of TPP or Cloud may be specified. type: object required: - credentialsRef - url properties: caBundle: - description: Base64-encoded bundle of PEM CAs which will be used to validate the certificate chain presented by the TPP server. Only used if using HTTPS; ignored for HTTP. If undefined, the certificate bundle in the cert-manager controller container is used to validate the chain. + description: |- + Base64-encoded bundle of PEM CAs which will be used to validate the certificate + chain presented by the TPP server. Only used if using HTTPS; ignored for HTTP. + If undefined, the certificate bundle in the cert-manager controller container + is used to validate the chain. type: string format: byte credentialsRef: - description: CredentialsRef is a reference to a Secret containing the username and password for the TPP server. The secret must contain two keys, 'username' and 'password'. + description: |- + CredentialsRef is a reference to a Secret containing the username and + password for the TPP server. + The secret must contain two keys, 'username' and 'password'. type: object required: - name properties: name: - description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the resource being referred to. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string url: - description: 'URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, for example: "https://tpp.example.com/vedsdk".' + description: |- + URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, + for example: "https://tpp.example.com/vedsdk". type: string zone: - description: Zone is the Venafi Policy Zone to use for this issuer. All requests made to the Venafi platform will be restricted by the named zone policy. This field is required. + description: |- + Zone is the Venafi Policy Zone to use for this issuer. + All requests made to the Venafi platform will be restricted by the named + zone policy. + This field is required. type: string status: description: Status of the Issuer. This is set and managed automatically. type: object properties: acme: - description: ACME specific status options. This field should only be set if the Issuer is configured to use an ACME server to issue certificates. + description: |- + ACME specific status options. + This field should only be set if the Issuer is configured to use an ACME + server to issue certificates. type: object properties: lastPrivateKeyHash: - description: LastPrivateKeyHash is a hash of the private key associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer + description: |- + LastPrivateKeyHash is a hash of the private key associated with the latest + registered ACME account, in order to track changes made to registered account + associated with the Issuer type: string lastRegisteredEmail: - description: LastRegisteredEmail is the email associated with the latest registered ACME account, in order to track changes made to registered account associated with the Issuer + description: |- + LastRegisteredEmail is the email associated with the latest registered + ACME account, in order to track changes made to registered account + associated with the Issuer type: string uri: - description: URI is the unique account identifier, which can also be used to retrieve account details from the CA + description: |- + URI is the unique account identifier, which can also be used to retrieve + account details from the CA type: string conditions: - description: List of status conditions to indicate the status of a CertificateRequest. Known condition types are `Ready`. + description: |- + List of status conditions to indicate the status of a CertificateRequest. + Known condition types are `Ready`. type: array items: description: IssuerCondition contains condition information for an Issuer. @@ -4251,18 +7868,29 @@ spec: - type properties: lastTransitionTime: - description: LastTransitionTime is the timestamp corresponding to the last status change of this condition. + description: |- + LastTransitionTime is the timestamp corresponding to the last status + change of this condition. type: string format: date-time message: - description: Message is a human readable description of the details of the last transition, complementing reason. + description: |- + Message is a human readable description of the details of the last + transition, complementing reason. type: string observedGeneration: - description: If set, this represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.condition[x].observedGeneration is 9, the condition is out of date with respect to the current state of the Issuer. + description: |- + If set, this represents the .metadata.generation that the condition was + set based upon. + For instance, if .metadata.generation is currently 12, but the + .status.condition[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the Issuer. type: integer format: int64 reason: - description: Reason is a brief machine readable explanation for the condition's last transition. + description: |- + Reason is a brief machine readable explanation for the condition's last + transition. type: string status: description: Status of the condition, one of (`True`, `False`, `Unknown`). @@ -4279,15 +7907,24 @@ spec: x-kubernetes-list-type: map served: true storage: true + +# END crd {{- end }} + --- +# START crd {{- if or .Values.crds.enabled .Values.installCRDs }} apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: orders.acme.cert-manager.io + # START annotations {{- if .Values.crds.keep }} + annotations: + helm.sh/resource-policy: keep + # END annotations {{- end }} labels: app: '{{ template "cert-manager.name" . }}' app.kubernetes.io/name: '{{ template "cert-manager.name" . }}' app.kubernetes.io/instance: '{{ .Release.Name }}' + app.kubernetes.io/component: "crds" # Generated labels {{- include "labels" . | nindent 4 }} spec: group: acme.cert-manager.io @@ -4329,10 +7966,19 @@ spec: - spec properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -4343,23 +7989,39 @@ spec: - request properties: commonName: - description: CommonName is the common name as specified on the DER encoded CSR. If specified, this value must also be present in `dnsNames` or `ipAddresses`. This field must match the corresponding field on the DER encoded CSR. + description: |- + CommonName is the common name as specified on the DER encoded CSR. + If specified, this value must also be present in `dnsNames` or `ipAddresses`. + This field must match the corresponding field on the DER encoded CSR. type: string dnsNames: - description: DNSNames is a list of DNS names that should be included as part of the Order validation process. This field must match the corresponding field on the DER encoded CSR. + description: |- + DNSNames is a list of DNS names that should be included as part of the Order + validation process. + This field must match the corresponding field on the DER encoded CSR. type: array items: type: string duration: - description: Duration is the duration for the not after date for the requested certificate. this is set on order creation as pe the ACME spec. + description: |- + Duration is the duration for the not after date for the requested certificate. + this is set on order creation as pe the ACME spec. type: string ipAddresses: - description: IPAddresses is a list of IP addresses that should be included as part of the Order validation process. This field must match the corresponding field on the DER encoded CSR. + description: |- + IPAddresses is a list of IP addresses that should be included as part of the Order + validation process. + This field must match the corresponding field on the DER encoded CSR. type: array items: type: string issuerRef: - description: IssuerRef references a properly configured ACME-type Issuer which should be used to create this Order. If the Issuer does not exist, processing will be retried. If the Issuer is not an 'ACME' Issuer, an error will be returned and the Order will be marked as failed. + description: |- + IssuerRef references a properly configured ACME-type Issuer which should + be used to create this Order. + If the Issuer does not exist, processing will be retried. + If the Issuer is not an 'ACME' Issuer, an error will be returned and the + Order will be marked as failed. type: object required: - name @@ -4374,26 +8036,42 @@ spec: description: Name of the resource being referred to. type: string request: - description: Certificate signing request bytes in DER encoding. This will be used when finalizing the order. This field must be set on the order. + description: |- + Certificate signing request bytes in DER encoding. + This will be used when finalizing the order. + This field must be set on the order. type: string format: byte status: type: object properties: authorizations: - description: Authorizations contains data returned from the ACME server on what authorizations must be completed in order to validate the DNS names specified on the Order. + description: |- + Authorizations contains data returned from the ACME server on what + authorizations must be completed in order to validate the DNS names + specified on the Order. type: array items: - description: ACMEAuthorization contains data returned from the ACME server on an authorization that must be completed in order validate a DNS name on an ACME Order resource. + description: |- + ACMEAuthorization contains data returned from the ACME server on an + authorization that must be completed in order validate a DNS name on an ACME + Order resource. type: object required: - url properties: challenges: - description: Challenges specifies the challenge types offered by the ACME server. One of these challenge types will be selected when validating the DNS name and an appropriate Challenge resource will be created to perform the ACME challenge process. + description: |- + Challenges specifies the challenge types offered by the ACME server. + One of these challenge types will be selected when validating the DNS + name and an appropriate Challenge resource will be created to perform + the ACME challenge process. type: array items: - description: Challenge specifies a challenge offered by the ACME server for an Order. An appropriate Challenge resource can be created to perform the ACME challenge process. + description: |- + Challenge specifies a challenge offered by the ACME server for an Order. + An appropriate Challenge resource can be created to perform the ACME + challenge process. type: object required: - token @@ -4401,19 +8079,36 @@ spec: - url properties: token: - description: Token is the token that must be presented for this challenge. This is used to compute the 'key' that must also be presented. + description: |- + Token is the token that must be presented for this challenge. + This is used to compute the 'key' that must also be presented. type: string type: - description: Type is the type of challenge being offered, e.g. 'http-01', 'dns-01', 'tls-sni-01', etc. This is the raw value retrieved from the ACME server. Only 'http-01' and 'dns-01' are supported by cert-manager, other values will be ignored. + description: |- + Type is the type of challenge being offered, e.g. 'http-01', 'dns-01', + 'tls-sni-01', etc. + This is the raw value retrieved from the ACME server. + Only 'http-01' and 'dns-01' are supported by cert-manager, other values + will be ignored. type: string url: - description: URL is the URL of this challenge. It can be used to retrieve additional metadata about the Challenge from the ACME server. + description: |- + URL is the URL of this challenge. It can be used to retrieve additional + metadata about the Challenge from the ACME server. type: string identifier: description: Identifier is the DNS name to be validated as part of this authorization type: string initialState: - description: InitialState is the initial state of the ACME authorization when first fetched from the ACME server. If an Authorization is already 'valid', the Order controller will not create a Challenge resource for the authorization. This will occur when working with an ACME server that enables 'authz reuse' (such as Let's Encrypt's production endpoint). If not set and 'identifier' is set, the state is assumed to be pending and a Challenge will be created. + description: |- + InitialState is the initial state of the ACME authorization when first + fetched from the ACME server. + If an Authorization is already 'valid', the Order controller will not + create a Challenge resource for the authorization. This will occur when + working with an ACME server that enables 'authz reuse' (such as Let's + Encrypt's production endpoint). + If not set and 'identifier' is set, the state is assumed to be pending + and a Challenge will be created. type: string enum: - valid @@ -4427,24 +8122,41 @@ spec: description: URL is the URL of the Authorization that must be completed type: string wildcard: - description: Wildcard will be true if this authorization is for a wildcard DNS name. If this is true, the identifier will be the *non-wildcard* version of the DNS name. For example, if '*.example.com' is the DNS name being validated, this field will be 'true' and the 'identifier' field will be 'example.com'. + description: |- + Wildcard will be true if this authorization is for a wildcard DNS name. + If this is true, the identifier will be the *non-wildcard* version of + the DNS name. + For example, if '*.example.com' is the DNS name being validated, this + field will be 'true' and the 'identifier' field will be 'example.com'. type: boolean certificate: - description: Certificate is a copy of the PEM encoded certificate for this Order. This field will be populated after the order has been successfully finalized with the ACME server, and the order has transitioned to the 'valid' state. + description: |- + Certificate is a copy of the PEM encoded certificate for this Order. + This field will be populated after the order has been successfully + finalized with the ACME server, and the order has transitioned to the + 'valid' state. type: string format: byte failureTime: - description: FailureTime stores the time that this order failed. This is used to influence garbage collection and back-off. + description: |- + FailureTime stores the time that this order failed. + This is used to influence garbage collection and back-off. type: string format: date-time finalizeURL: - description: FinalizeURL of the Order. This is used to obtain certificates for this order once it has been completed. + description: |- + FinalizeURL of the Order. + This is used to obtain certificates for this order once it has been completed. type: string reason: - description: Reason optionally provides more information about a why the order is in the current state. + description: |- + Reason optionally provides more information about a why the order is in + the current state. type: string state: - description: State contains the current state of this Order resource. States 'success' and 'expired' are 'final' + description: |- + State contains the current state of this Order resource. + States 'success' and 'expired' are 'final' type: string enum: - valid @@ -4455,8 +8167,13 @@ spec: - expired - errored url: - description: URL of the Order. This will initially be empty when the resource is first created. The Order controller will populate this field when the Order is first processed. This field will be immutable after it is initially set. + description: |- + URL of the Order. + This will initially be empty when the resource is first created. + The Order controller will populate this field when the Order is first processed. + This field will be immutable after it is initially set. type: string served: true storage: true -{{- end }} + +# END crd {{- end }} diff --git a/internal/constellation/helm/charts/cert-manager/templates/deployment.yaml b/internal/constellation/helm/charts/cert-manager/templates/deployment.yaml index aea5736c0..e6f3f681e 100644 --- a/internal/constellation/helm/charts/cert-manager/templates/deployment.yaml +++ b/internal/constellation/helm/charts/cert-manager/templates/deployment.yaml @@ -15,6 +15,10 @@ metadata: {{- end }} spec: replicas: {{ .Values.replicaCount }} + {{- /* The if statement below is equivalent to {{- if $value }} but will also return true for 0. */ -}} + {{- if not (has (quote .Values.global.revisionHistoryLimit) (list "" (quote ""))) }} + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} + {{- end }} selector: matchLabels: app.kubernetes.io/name: {{ template "cert-manager.name" . }} @@ -39,7 +43,7 @@ spec: annotations: {{- toYaml . | nindent 8 }} {{- end }} - {{- if and .Values.prometheus.enabled (not .Values.prometheus.servicemonitor.enabled) }} + {{- if and .Values.prometheus.enabled (not (or .Values.prometheus.servicemonitor.enabled .Values.prometheus.podmonitor.enabled)) }} {{- if not .Values.podAnnotations }} annotations: {{- end }} @@ -52,6 +56,7 @@ spec: {{- if hasKey .Values "automountServiceAccountToken" }} automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} {{- end }} + enableServiceLinks: {{ .Values.enableServiceLinks }} {{- with .Values.global.priorityClassName }} priorityClassName: {{ . | quote }} {{- end }} @@ -59,20 +64,30 @@ spec: securityContext: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.volumes }} + {{- if or .Values.volumes .Values.config}} volumes: + {{- if .Values.config }} + - name: config + configMap: + name: {{ include "cert-manager.fullname" . }} + {{- end }} + {{ with .Values.volumes }} {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} containers: - name: {{ .Chart.Name }}-controller - {{- with .Values.image }} - image: "{{- if .registry -}}{{ .registry }}/{{- end -}}{{ .repository }}{{- if (.digest) -}} @{{ .digest }}{{- else -}}:{{ default $.Chart.AppVersion .tag }} {{- end -}}" - {{- end }} + image: "{{ template "image" (tuple .Values.image $.Chart.AppVersion) }}" imagePullPolicy: {{ .Values.image.pullPolicy }} args: - {{- if .Values.global.logLevel }} + {{- /* The if statement below is equivalent to {{- if $value }} but will also return true for 0. */ -}} + {{- if not (has (quote .Values.global.logLevel) (list "" (quote ""))) }} - --v={{ .Values.global.logLevel }} {{- end }} + {{- if .Values.config }} + - --config=/var/cert-manager/config/config.yaml + {{- end }} + {{- $config := default .Values.config "" }} {{- if .Values.clusterResourceNamespace }} - --cluster-resource-namespace={{ .Values.clusterResourceNamespace }} {{- else }} @@ -122,6 +137,9 @@ spec: {{- with .Values.dns01RecursiveNameservers }} - --dns01-recursive-nameservers={{ . }} {{- end }} + {{- if .Values.disableAutoApproval }} + - --controllers=-certificaterequests-approver + {{- end }} ports: - containerPort: 9402 name: http-metrics @@ -133,9 +151,15 @@ spec: securityContext: {{- toYaml . | nindent 12 }} {{- end }} - {{- with .Values.volumeMounts }} + {{- if or .Values.config .Values.volumeMounts }} volumeMounts: + {{- if .Values.config }} + - name: config + mountPath: /var/cert-manager/config + {{- end }} + {{- with .Values.volumeMounts }} {{- toYaml . | nindent 12 }} + {{- end }} {{- end }} env: - name: POD_NAMESPACE @@ -202,3 +226,6 @@ spec: dnsConfig: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.hostAliases }} + hostAliases: {{ toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/internal/constellation/helm/charts/cert-manager/templates/extras-objects.yaml b/internal/constellation/helm/charts/cert-manager/templates/extras-objects.yaml new file mode 100644 index 000000000..9ec3a7e9b --- /dev/null +++ b/internal/constellation/helm/charts/cert-manager/templates/extras-objects.yaml @@ -0,0 +1,4 @@ +{{ range .Values.extraObjects }} +--- +{{ tpl . $ }} +{{ end }} diff --git a/internal/constellation/helm/charts/cert-manager/templates/networkpolicy-egress.yaml b/internal/constellation/helm/charts/cert-manager/templates/networkpolicy-egress.yaml index 09712009d..37f90bd2e 100644 --- a/internal/constellation/helm/charts/cert-manager/templates/networkpolicy-egress.yaml +++ b/internal/constellation/helm/charts/cert-manager/templates/networkpolicy-egress.yaml @@ -11,13 +11,9 @@ spec: {{- end }} podSelector: matchLabels: - app: {{ include "webhook.name" . }} app.kubernetes.io/name: {{ include "webhook.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/component: "webhook" - {{- with .Values.webhook.podLabels }} - {{- toYaml . | nindent 6 }} - {{- end }} policyTypes: - Egress {{- end }} diff --git a/internal/constellation/helm/charts/cert-manager/templates/networkpolicy-webhooks.yaml b/internal/constellation/helm/charts/cert-manager/templates/networkpolicy-webhooks.yaml index 349877a8b..3a0ed7a70 100644 --- a/internal/constellation/helm/charts/cert-manager/templates/networkpolicy-webhooks.yaml +++ b/internal/constellation/helm/charts/cert-manager/templates/networkpolicy-webhooks.yaml @@ -12,13 +12,9 @@ spec: {{- end }} podSelector: matchLabels: - app: {{ include "webhook.name" . }} - app.kubernetes.io/name: {{ include "webhook.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: "webhook" - {{- with .Values.webhook.podLabels }} - {{- toYaml . | nindent 6 }} - {{- end }} + app.kubernetes.io/name: {{ include "webhook.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: "webhook" policyTypes: - Ingress diff --git a/internal/constellation/helm/charts/cert-manager/templates/poddisruptionbudget.yaml b/internal/constellation/helm/charts/cert-manager/templates/poddisruptionbudget.yaml index dab75ce68..ae71eed29 100644 --- a/internal/constellation/helm/charts/cert-manager/templates/poddisruptionbudget.yaml +++ b/internal/constellation/helm/charts/cert-manager/templates/poddisruptionbudget.yaml @@ -17,10 +17,13 @@ spec: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/component: "controller" - {{- with .Values.podDisruptionBudget.minAvailable }} - minAvailable: {{ . }} + {{- if not (or (hasKey .Values.podDisruptionBudget "minAvailable") (hasKey .Values.podDisruptionBudget "maxUnavailable")) }} + minAvailable: 1 # Default value because minAvailable and maxUnavailable are not set {{- end }} - {{- with .Values.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ . }} + {{- if hasKey .Values.podDisruptionBudget "minAvailable" }} + minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if hasKey .Values.podDisruptionBudget "maxUnavailable" }} + maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} {{- end }} {{- end }} diff --git a/internal/constellation/helm/charts/cert-manager/templates/podmonitor.yaml b/internal/constellation/helm/charts/cert-manager/templates/podmonitor.yaml new file mode 100644 index 000000000..1adc0609c --- /dev/null +++ b/internal/constellation/helm/charts/cert-manager/templates/podmonitor.yaml @@ -0,0 +1,50 @@ +{{- if and .Values.prometheus.enabled (and .Values.prometheus.podmonitor.enabled .Values.prometheus.servicemonitor.enabled) }} +{{- fail "Either .Values.prometheus.podmonitor.enabled or .Values.prometheus.servicemonitor.enabled can be enabled at a time, but not both." }} +{{- else if and .Values.prometheus.enabled .Values.prometheus.podmonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: {{ template "cert-manager.fullname" . }} +{{- if .Values.prometheus.podmonitor.namespace }} + namespace: {{ .Values.prometheus.podmonitor.namespace }} +{{- else }} + namespace: {{ include "cert-manager.namespace" . }} +{{- end }} + labels: + app: {{ include "cert-manager.name" . }} + app.kubernetes.io/name: {{ include "cert-manager.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: "controller" + {{- include "labels" . | nindent 4 }} + prometheus: {{ .Values.prometheus.podmonitor.prometheusInstance }} + {{- with .Values.prometheus.podmonitor.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- if .Values.prometheus.podmonitor.annotations }} + annotations: + {{- with .Values.prometheus.podmonitor.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} +spec: + jobLabel: {{ template "cert-manager.fullname" . }} + selector: + matchLabels: + app.kubernetes.io/name: {{ template "cert-manager.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: "controller" +{{- if .Values.prometheus.podmonitor.namespace }} + namespaceSelector: + matchNames: + - {{ include "cert-manager.namespace" . }} +{{- end }} + podMetricsEndpoints: + - port: http-metrics + path: {{ .Values.prometheus.podmonitor.path }} + interval: {{ .Values.prometheus.podmonitor.interval }} + scrapeTimeout: {{ .Values.prometheus.podmonitor.scrapeTimeout }} + honorLabels: {{ .Values.prometheus.podmonitor.honorLabels }} + {{- with .Values.prometheus.servicemonitor.endpointAdditionalProperties }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/internal/constellation/helm/charts/cert-manager/templates/rbac.yaml b/internal/constellation/helm/charts/cert-manager/templates/rbac.yaml index 830e37285..7a27d4f7a 100644 --- a/internal/constellation/helm/charts/cert-manager/templates/rbac.yaml +++ b/internal/constellation/helm/charts/cert-manager/templates/rbac.yaml @@ -398,6 +398,26 @@ subjects: namespace: {{ include "cert-manager.namespace" . }} kind: ServiceAccount +{{- if .Values.global.rbac.aggregateClusterRoles }} +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "cert-manager.fullname" . }}-cluster-view + labels: + app: {{ include "cert-manager.name" . }} + app.kubernetes.io/name: {{ include "cert-manager.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: "controller" + {{- include "labels" . | nindent 4 }} + rbac.authorization.k8s.io/aggregate-to-cluster-reader: "true" +rules: + - apiGroups: ["cert-manager.io"] + resources: ["clusterissuers"] + verbs: ["get", "list", "watch"] + +{{- end }} --- apiVersion: rbac.authorization.k8s.io/v1 @@ -414,6 +434,7 @@ metadata: rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-cluster-reader: "true" {{- end }} rules: - apiGroups: ["cert-manager.io"] @@ -453,6 +474,8 @@ rules: --- +{{- if not .Values.disableAutoApproval -}} + # Permission to approve CertificateRequests referencing cert-manager.io Issuers and ClusterIssuers apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -468,7 +491,12 @@ rules: - apiGroups: ["cert-manager.io"] resources: ["signers"] verbs: ["approve"] - resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + {{- with .Values.approveSignerNames }} + resourceNames: + {{- range . }} + - {{ . | quote }} + {{- end }} + {{- end }} --- @@ -493,6 +521,8 @@ subjects: --- +{{- end -}} + # Permission to: # - Update and sign CertificatSigningeRequests referencing cert-manager.io Issuers and ClusterIssuers # - Perform SubjectAccessReviews to test whether users are able to reference Namespaced Issuers diff --git a/internal/constellation/helm/charts/cert-manager/templates/service.yaml b/internal/constellation/helm/charts/cert-manager/templates/service.yaml index ec34d5878..360ec645e 100644 --- a/internal/constellation/helm/charts/cert-manager/templates/service.yaml +++ b/internal/constellation/helm/charts/cert-manager/templates/service.yaml @@ -1,4 +1,4 @@ -{{- if .Values.prometheus.enabled }} +{{- if and .Values.prometheus.enabled (not .Values.prometheus.podmonitor.enabled) }} apiVersion: v1 kind: Service metadata: @@ -19,6 +19,12 @@ metadata: {{- end }} spec: type: ClusterIP + {{- if .Values.serviceIPFamilyPolicy }} + ipFamilyPolicy: {{ .Values.serviceIPFamilyPolicy }} + {{- end }} + {{- if .Values.serviceIPFamilies }} + ipFamilies: {{ .Values.serviceIPFamilies | toYaml | nindent 2 }} + {{- end }} ports: - protocol: TCP port: 9402 diff --git a/internal/constellation/helm/charts/cert-manager/templates/serviceaccount.yaml b/internal/constellation/helm/charts/cert-manager/templates/serviceaccount.yaml index 6026842ff..87fc00ea7 100644 --- a/internal/constellation/helm/charts/cert-manager/templates/serviceaccount.yaml +++ b/internal/constellation/helm/charts/cert-manager/templates/serviceaccount.yaml @@ -20,6 +20,6 @@ metadata: app.kubernetes.io/component: "controller" {{- include "labels" . | nindent 4 }} {{- with .Values.serviceAccount.labels }} - {{ toYaml . | nindent 4 }} + {{- toYaml . | nindent 4 }} {{- end }} {{- end }} diff --git a/internal/constellation/helm/charts/cert-manager/templates/servicemonitor.yaml b/internal/constellation/helm/charts/cert-manager/templates/servicemonitor.yaml index 9d9e89992..b63886077 100644 --- a/internal/constellation/helm/charts/cert-manager/templates/servicemonitor.yaml +++ b/internal/constellation/helm/charts/cert-manager/templates/servicemonitor.yaml @@ -1,4 +1,6 @@ -{{- if and .Values.prometheus.enabled .Values.prometheus.servicemonitor.enabled }} +{{- if and .Values.prometheus.enabled (and .Values.prometheus.podmonitor.enabled .Values.prometheus.servicemonitor.enabled) }} +{{- fail "Either .Values.prometheus.podmonitor.enabled or .Values.prometheus.servicemonitor.enabled can be enabled at a time, but not both." }} +{{- else if and .Values.prometheus.enabled .Values.prometheus.servicemonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: @@ -42,4 +44,7 @@ spec: interval: {{ .Values.prometheus.servicemonitor.interval }} scrapeTimeout: {{ .Values.prometheus.servicemonitor.scrapeTimeout }} honorLabels: {{ .Values.prometheus.servicemonitor.honorLabels }} + {{- with .Values.prometheus.servicemonitor.endpointAdditionalProperties }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/internal/constellation/helm/charts/cert-manager/templates/startupapicheck-job.yaml b/internal/constellation/helm/charts/cert-manager/templates/startupapicheck-job.yaml index a9b965e18..311b4c48e 100644 --- a/internal/constellation/helm/charts/cert-manager/templates/startupapicheck-job.yaml +++ b/internal/constellation/helm/charts/cert-manager/templates/startupapicheck-job.yaml @@ -37,6 +37,7 @@ spec: {{- if hasKey .Values.startupapicheck "automountServiceAccountToken" }} automountServiceAccountToken: {{ .Values.startupapicheck.automountServiceAccountToken }} {{- end }} + enableServiceLinks: {{ .Values.startupapicheck.enableServiceLinks }} {{- with .Values.global.priorityClassName }} priorityClassName: {{ . | quote }} {{- end }} @@ -46,9 +47,7 @@ spec: {{- end }} containers: - name: {{ .Chart.Name }}-startupapicheck - {{- with .Values.startupapicheck.image }} - image: "{{- if .registry -}}{{ .registry }}/{{- end -}}{{ .repository }}{{- if (.digest) -}} @{{ .digest }}{{- else -}}:{{ default $.Chart.AppVersion .tag }} {{- end -}}" - {{- end }} + image: "{{ template "image" (tuple .Values.startupapicheck.image $.Chart.AppVersion) }}" imagePullPolicy: {{ .Values.startupapicheck.image.pullPolicy }} args: - check diff --git a/internal/constellation/helm/charts/cert-manager/templates/webhook-config.yaml b/internal/constellation/helm/charts/cert-manager/templates/webhook-config.yaml index f3f72f02e..8f3ce20c3 100644 --- a/internal/constellation/helm/charts/cert-manager/templates/webhook-config.yaml +++ b/internal/constellation/helm/charts/cert-manager/templates/webhook-config.yaml @@ -1,12 +1,6 @@ {{- if .Values.webhook.config -}} - {{- if not .Values.webhook.config.apiVersion -}} - {{- fail "webhook.config.apiVersion must be set" -}} - {{- end -}} - - {{- if not .Values.webhook.config.kind -}} - {{- fail "webhook.config.kind must be set" -}} - {{- end -}} -{{- end -}} +{{- $_ := .Values.webhook.config.apiVersion | required ".Values.webhook.config.apiVersion must be set !" -}} +{{- $_ := .Values.webhook.config.kind | required ".Values.webhook.config.kind must be set !" -}} apiVersion: v1 kind: ConfigMap metadata: @@ -19,7 +13,6 @@ metadata: app.kubernetes.io/component: "webhook" {{- include "labels" . | nindent 4 }} data: - {{- if .Values.webhook.config }} config.yaml: | - {{ .Values.webhook.config | toYaml | nindent 4 }} - {{- end }} + {{- .Values.webhook.config | toYaml | nindent 4 }} +{{- end -}} \ No newline at end of file diff --git a/internal/constellation/helm/charts/cert-manager/templates/webhook-deployment.yaml b/internal/constellation/helm/charts/cert-manager/templates/webhook-deployment.yaml index 043c4b150..ae5399e90 100644 --- a/internal/constellation/helm/charts/cert-manager/templates/webhook-deployment.yaml +++ b/internal/constellation/helm/charts/cert-manager/templates/webhook-deployment.yaml @@ -15,6 +15,10 @@ metadata: {{- end }} spec: replicas: {{ .Values.webhook.replicaCount }} + {{- /* The if statement below is equivalent to {{- if $value }} but will also return true for 0. */ -}} + {{- if not (has (quote .Values.global.revisionHistoryLimit) (list "" (quote ""))) }} + revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }} + {{- end }} selector: matchLabels: app.kubernetes.io/name: {{ include "webhook.name" . }} @@ -44,6 +48,7 @@ spec: {{- if hasKey .Values.webhook "automountServiceAccountToken" }} automountServiceAccountToken: {{ .Values.webhook.automountServiceAccountToken }} {{- end }} + enableServiceLinks: {{ .Values.webhook.enableServiceLinks }} {{- with .Values.global.priorityClassName }} priorityClassName: {{ . | quote }} {{- end }} @@ -54,14 +59,16 @@ spec: {{- if .Values.webhook.hostNetwork }} hostNetwork: true {{- end }} + {{- if .Values.webhook.hostNetwork }} + dnsPolicy: ClusterFirstWithHostNet + {{- end }} containers: - name: {{ .Chart.Name }}-webhook - {{- with .Values.webhook.image }} - image: "{{- if .registry -}}{{ .registry }}/{{- end -}}{{ .repository }}{{- if (.digest) -}} @{{ .digest }}{{- else -}}:{{ default $.Chart.AppVersion .tag }} {{- end -}}" - {{- end }} + image: "{{ template "image" (tuple .Values.webhook.image $.Chart.AppVersion) }}" imagePullPolicy: {{ .Values.webhook.image.pullPolicy }} args: - {{- if .Values.global.logLevel }} + {{- /* The if statement below is equivalent to {{- if $value }} but will also return true for 0. */ -}} + {{- if not (has (quote .Values.global.logLevel) (list "" (quote ""))) }} - --v={{ .Values.global.logLevel }} {{- end }} {{- if .Values.webhook.config }} @@ -71,8 +78,8 @@ spec: {{ if not $config.securePort -}} - --secure-port={{ .Values.webhook.securePort }} {{- end }} - {{- if .Values.featureGates }} - - --feature-gates={{ .Values.featureGates }} + {{- if .Values.webhook.featureGates }} + - --feature-gates={{ .Values.webhook.featureGates }} {{- end }} {{- $tlsConfig := default $config.tlsConfig "" }} {{ if or (not $config.tlsConfig) (and (not $tlsConfig.dynamic) (not $tlsConfig.filesystem) ) -}} @@ -152,8 +159,8 @@ spec: - name: config mountPath: /var/cert-manager/config {{- end }} - {{- if .Values.webhook.volumeMounts }} - {{- toYaml .Values.webhook.volumeMounts | nindent 12 }} + {{- with .Values.webhook.volumeMounts }} + {{- toYaml . | nindent 12 }} {{- end }} {{- end }} {{- with .Values.webhook.nodeSelector }} @@ -179,7 +186,7 @@ spec: configMap: name: {{ include "webhook.fullname" . }} {{- end }} - {{- if .Values.webhook.volumes }} - {{- toYaml .Values.webhook.volumes | nindent 8 }} + {{- with .Values.webhook.volumes }} + {{- toYaml . | nindent 8 }} {{- end }} {{- end }} diff --git a/internal/constellation/helm/charts/cert-manager/templates/webhook-mutating-webhook.yaml b/internal/constellation/helm/charts/cert-manager/templates/webhook-mutating-webhook.yaml index f3db011ef..9ea29777d 100644 --- a/internal/constellation/helm/charts/cert-manager/templates/webhook-mutating-webhook.yaml +++ b/internal/constellation/helm/charts/cert-manager/templates/webhook-mutating-webhook.yaml @@ -15,17 +15,19 @@ metadata: {{- end }} webhooks: - name: webhook.cert-manager.io + {{- with .Values.webhook.mutatingWebhookConfiguration.namespaceSelector }} + namespaceSelector: + {{- toYaml . | nindent 6 }} + {{- end }} rules: - apiGroups: - "cert-manager.io" - - "acme.cert-manager.io" apiVersions: - "v1" operations: - CREATE - - UPDATE resources: - - "*/*" + - "certificaterequests" admissionReviewVersions: ["v1"] # This webhook only accepts v1 cert-manager resources. # Equivalent matchPolicy ensures that non-v1 resource requests are sent to @@ -43,4 +45,4 @@ webhooks: name: {{ template "webhook.fullname" . }} namespace: {{ include "cert-manager.namespace" . }} path: /mutate - {{- end }} + {{- end }} \ No newline at end of file diff --git a/internal/constellation/helm/charts/cert-manager/templates/webhook-poddisruptionbudget.yaml b/internal/constellation/helm/charts/cert-manager/templates/webhook-poddisruptionbudget.yaml index c8a357cb1..ab2a48109 100644 --- a/internal/constellation/helm/charts/cert-manager/templates/webhook-poddisruptionbudget.yaml +++ b/internal/constellation/helm/charts/cert-manager/templates/webhook-poddisruptionbudget.yaml @@ -17,10 +17,13 @@ spec: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/component: "webhook" - {{- with .Values.webhook.podDisruptionBudget.minAvailable }} - minAvailable: {{ . }} + {{- if not (or (hasKey .Values.webhook.podDisruptionBudget "minAvailable") (hasKey .Values.webhook.podDisruptionBudget "maxUnavailable")) }} + minAvailable: 1 # Default value because minAvailable and maxUnavailable are not set {{- end }} - {{- with .Values.webhook.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ . }} + {{- if hasKey .Values.webhook.podDisruptionBudget "minAvailable" }} + minAvailable: {{ .Values.webhook.podDisruptionBudget.minAvailable }} + {{- end }} + {{- if hasKey .Values.webhook.podDisruptionBudget "maxUnavailable" }} + maxUnavailable: {{ .Values.webhook.podDisruptionBudget.maxUnavailable }} {{- end }} {{- end }} diff --git a/internal/constellation/helm/charts/cert-manager/templates/webhook-service.yaml b/internal/constellation/helm/charts/cert-manager/templates/webhook-service.yaml index 5f9395049..86d47f164 100644 --- a/internal/constellation/helm/charts/cert-manager/templates/webhook-service.yaml +++ b/internal/constellation/helm/charts/cert-manager/templates/webhook-service.yaml @@ -18,6 +18,12 @@ metadata: {{- end }} spec: type: {{ .Values.webhook.serviceType }} + {{- if .Values.webhook.serviceIPFamilyPolicy }} + ipFamilyPolicy: {{ .Values.webhook.serviceIPFamilyPolicy }} + {{- end }} + {{- if .Values.webhook.serviceIPFamilies }} + ipFamilies: {{ .Values.webhook.serviceIPFamilies | toYaml | nindent 2 }} + {{- end }} {{- with .Values.webhook.loadBalancerIP }} loadBalancerIP: {{ . }} {{- end }} diff --git a/internal/constellation/helm/charts/cert-manager/templates/webhook-validating-webhook.yaml b/internal/constellation/helm/charts/cert-manager/templates/webhook-validating-webhook.yaml index a5d168e29..76235fdee 100644 --- a/internal/constellation/helm/charts/cert-manager/templates/webhook-validating-webhook.yaml +++ b/internal/constellation/helm/charts/cert-manager/templates/webhook-validating-webhook.yaml @@ -15,16 +15,10 @@ metadata: {{- end }} webhooks: - name: webhook.cert-manager.io + {{- with .Values.webhook.validatingWebhookConfiguration.namespaceSelector }} namespaceSelector: - matchExpressions: - - key: "cert-manager.io/disable-validation" - operator: "NotIn" - values: - - "true" - - key: "name" - operator: "NotIn" - values: - - {{ include "cert-manager.namespace" . }} + {{- toYaml . | nindent 6 }} + {{- end }} rules: - apiGroups: - "cert-manager.io" diff --git a/internal/constellation/helm/charts/cert-manager/values.yaml b/internal/constellation/helm/charts/cert-manager/values.yaml index 0870178c4..ae304af7b 100644 --- a/internal/constellation/helm/charts/cert-manager/values.yaml +++ b/internal/constellation/helm/charts/cert-manager/values.yaml @@ -1,199 +1,376 @@ +# +docs:section=Global + # Default values for cert-manager. # This is a YAML-formatted file. # Declare variables to be passed into your templates. global: - # Reference to one or more secrets to be used when pulling images - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + # Reference to one or more secrets to be used when pulling images. + # For more information, see [Pull an Image from a Private Registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/). + # + # For example: + # imagePullSecrets: + # - name: "image-pull-secret" imagePullSecrets: [] - # - name: "image-pull-secret" - - # Labels to apply to all resources + # Labels to apply to all resources. # Please note that this does not add labels to the resources created dynamically by the controllers. # For these resources, you have to add the labels in the template in the cert-manager custom resource: - # eg. podTemplate/ ingressTemplate in ACMEChallengeSolverHTTP01Ingress - # ref: https://cert-manager.io/docs/reference/api-docs/#acme.cert-manager.io/v1.ACMEChallengeSolverHTTP01Ingress - # eg. secretTemplate in CertificateSpec - # ref: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec + # For example, podTemplate/ ingressTemplate in ACMEChallengeSolverHTTP01Ingress + # For more information, see the [cert-manager documentation](https://cert-manager.io/docs/reference/api-docs/#acme.cert-manager.io/v1.ACMEChallengeSolverHTTP01Ingress). + # For example, secretTemplate in CertificateSpec + # For more information, see the [cert-manager documentation](https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec). commonLabels: {} - # team_name: dev + # The number of old ReplicaSets to retain to allow rollback (if not set, the default Kubernetes value is set to 10). + # +docs:property + # revisionHistoryLimit: 1 - # Optional priority class to be used for the cert-manager pods + # The optional priority class to be used for the cert-manager pods. priorityClassName: "" rbac: + # Create required ClusterRoles and ClusterRoleBindings for cert-manager. create: true - # Aggregate ClusterRoles to Kubernetes default user-facing roles. Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + # Aggregate ClusterRoles to Kubernetes default user-facing roles. For more information, see [User-facing roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) aggregateClusterRoles: true podSecurityPolicy: + # Create PodSecurityPolicy for cert-manager. + # + # Note that PodSecurityPolicy was deprecated in Kubernetes 1.21 and removed in Kubernetes 1.25. enabled: false + # Configure the PodSecurityPolicy to use AppArmor. useAppArmor: true - # Set the verbosity of cert-manager. Range of 0 - 6 with 6 being the most verbose. + # Set the verbosity of cert-manager. A range of 0 - 6, with 6 being the most verbose. logLevel: 2 leaderElection: - # Override the namespace used for the leader election lease + # Override the namespace used for the leader election lease. namespace: "kube-system" # The duration that non-leader candidates will wait after observing a # leadership renewal until attempting to acquire leadership of a led but # unrenewed leader slot. This is effectively the maximum duration that a # leader can be stopped before it is replaced by another candidate. + # +docs:property # leaseDuration: 60s # The interval between attempts by the acting master to renew a leadership # slot before it stops leading. This must be less than or equal to the # lease duration. +# +docs:property # renewDeadline: 40s # The duration the clients should wait between attempting acquisition and # renewal of a leadership. +# +docs:property # retryPeriod: 15s + +# This option is equivalent to setting crds.enabled=true and crds.keep=true. +# Deprecated: use crds.enabled and crds.keep instead. installCRDs: false -replicaCount: 1 -strategy: {} -# type: RollingUpdate -# rollingUpdate: -# maxSurge: 0 -# maxUnavailable: 1 - -podDisruptionBudget: +crds: + # This option decides if the CRDs should be installed + # as part of the Helm installation. enabled: false - minAvailable: 1 - # maxUnavailable: 1 -# minAvailable and maxUnavailable can either be set to an integer (e.g. 1) -# or a percentage value (e.g. 25%) + # This option makes it so that the "helm.sh/resource-policy": keep + # annotation is added to the CRD. This will prevent Helm from uninstalling + # the CRD when the Helm release is uninstalled. + # WARNING: when the CRDs are removed, all cert-manager custom resources + # (Certificates, Issuers, ...) will be removed too by the garbage collector. + keep: true +# +docs:section=Controller -# Comma separated list of feature gates that should be enabled on the controller -# Note: do not use this field to pass feature gate values into webhook -# component as this behaviour relies on a bug that will be fixed in cert-manager 1.13 -# https://github.com/cert-manager/cert-manager/pull/6093 -# Use webhook.extraArgs to pass --feature-gates flag directly instead. +# The number of replicas of the cert-manager controller to run. +# +# The default is 1, but in production set this to 2 or 3 to provide high +# availability. +# +# If `replicas > 1`, consider setting `podDisruptionBudget.enabled=true`. +# +# Note that cert-manager uses leader election to ensure that there can +# only be a single instance active at a time. +replicaCount: 1 +# Deployment update strategy for the cert-manager controller deployment. +# For more information, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy). +# +# For example: +# strategy: +# type: RollingUpdate +# rollingUpdate: +# maxSurge: 0 +# maxUnavailable: 1 +strategy: {} +podDisruptionBudget: + # Enable or disable the PodDisruptionBudget resource. + # + # This prevents downtime during voluntary disruptions such as during a Node upgrade. + # For example, the PodDisruptionBudget will block `kubectl drain` + # if it is used on the Node where the only remaining cert-manager + # Pod is currently running. + enabled: false + # This configures the minimum available pods for disruptions. It can either be set to + # an integer (e.g. 1) or a percentage value (e.g. 25%). + # It cannot be used if `maxUnavailable` is set. + # +docs:property + # minAvailable: 1 +# This configures the maximum unavailable pods for disruptions. It can either be set to +# an integer (e.g. 1) or a percentage value (e.g. 25%). +# it cannot be used if `minAvailable` is set. +# +docs:property +# maxUnavailable: 1 + +# A comma-separated list of feature gates that should be enabled on the +# controller pod. featureGates: "" -# The maximum number of challenges that can be scheduled as 'processing' at once +# The maximum number of challenges that can be scheduled as 'processing' at once. maxConcurrentChallenges: 60 image: - repository: quay.io/jetstack/cert-manager-controller - # You can manage a registry with + # The container registry to pull the manager image from. + # +docs:property # registry: quay.io - # repository: jetstack/cert-manager-controller + # The container image for the cert-manager controller. + # +docs:property + repository: quay.io/jetstack/cert-manager-controller # Override the image tag to deploy by setting this variable. - # If no value is set, the chart's appVersion will be used. - # tag: canary + # If no value is set, the chart's appVersion is used. + # +docs:property + # tag: vX.Y.Z - # Setting a digest will override any tag + # Setting a digest will override any tag. + # +docs:property # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 + + # Kubernetes imagePullPolicy on Deployment. pullPolicy: IfNotPresent - digest: sha256:fb2546fe51e49206dbf72bb0d6f909a0018eda0c2b024547b03d3f3d604e4c5e + digest: sha256:9b5d5e9c0fd4944221d059921cc05f388c9a5fc0b02a60b47f0eccfcd8243331 # Override the namespace used to store DNS provider credentials etc. for ClusterIssuer # resources. By default, the same namespace as cert-manager is deployed within is # used. This namespace will not be automatically created by the Helm chart. clusterResourceNamespace: "" -# This namespace allows you to define where the services will be installed into -# if not set then they will use the namespace of the release -# This is helpful when installing cert manager as a chart dependency (sub chart) +# This namespace allows you to define where the services are installed into. +# If not set then they use the namespace of the release. +# This is helpful when installing cert manager as a chart dependency (sub chart). namespace: "" serviceAccount: - # Specifies whether a service account should be created + # Specifies whether a service account should be created. create: true # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template + # If not set and create is true, a name is generated using the fullname template. + # +docs:property # name: "" - # Optional additional annotations to add to the controller's ServiceAccount + + # Optional additional annotations to add to the controller's Service Account. + # +docs:property # annotations: {} - # Automount API credentials for a Service Account. - # Optional additional labels to add to the controller's ServiceAccount + + # Optional additional labels to add to the controller's Service Account. + # +docs:property # labels: {} + + # Automount API credentials for a Service Account. automountServiceAccountToken: true -# Automounting API credentials for a particular pod +# Automounting API credentials for a particular pod. +# +docs:property # automountServiceAccountToken: true -# When this flag is enabled, secrets will be automatically removed when the certificate resource is deleted +# When this flag is enabled, secrets will be automatically removed when the certificate resource is deleted. enableCertificateOwnerRef: false -# Setting Nameservers for DNS01 Self Check -# See: https://cert-manager.io/docs/configuration/acme/dns01/#setting-nameservers-for-dns01-self-check +# This property is used to configure options for the controller pod. +# This allows setting options that would usually be provided using flags. +# An APIVersion and Kind must be specified in your values.yaml file. +# Flags will override options that are set here. +# +# For example: +# config: +# apiVersion: controller.config.cert-manager.io/v1alpha1 +# kind: ControllerConfiguration +# logging: +# verbosity: 2 +# format: text +# leaderElectionConfig: +# namespace: kube-system +# kubernetesAPIQPS: 9000 +# kubernetesAPIBurst: 9000 +# numberOfConcurrentWorkers: 200 +# featureGates: +# AdditionalCertificateOutputFormats: true +# DisallowInsecureCSRUsageDefinition: true +# ExperimentalCertificateSigningRequestControllers: true +# ExperimentalGatewayAPISupport: true +# LiteralCertificateSubject: true +# SecretsFilteredCaching: true +# ServerSideApply: true +# StableCertificateRequestName: true +# UseCertificateRequestBasicConstraints: true +# ValidateCAA: true +# metricsTLSConfig: +# dynamic: +# secretNamespace: "cert-manager" +# secretName: "cert-manager-metrics-ca" +# dnsNames: +# - cert-manager-metrics +# - cert-manager-metrics.cert-manager +# - cert-manager-metrics.cert-manager.svc +config: {} +# Setting Nameservers for DNS01 Self Check. +# For more information, see the [cert-manager documentation](https://cert-manager.io/docs/configuration/acme/dns01/#setting-nameservers-for-dns01-self-check). -# Comma separated string with host and port of the recursive nameservers cert-manager should query +# A comma-separated string with the host and port of the recursive nameservers cert-manager should query. dns01RecursiveNameservers: "" -# Forces cert-manager to only use the recursive nameservers for verification. -# Enabling this option could cause the DNS01 self check to take longer due to caching performed by the recursive nameservers +# Forces cert-manager to use only the recursive nameservers for verification. +# Enabling this option could cause the DNS01 self check to take longer owing to caching performed by the recursive nameservers. dns01RecursiveNameserversOnly: false +# Option to disable cert-manager's build-in auto-approver. The auto-approver +# approves all CertificateRequests that reference issuers matching the 'approveSignerNames' +# option. This 'disableAutoApproval' option is useful when you want to make all approval decisions +# using a different approver (like approver-policy - https://github.com/cert-manager/approver-policy). +disableAutoApproval: false +# List of signer names that cert-manager will approve by default. CertificateRequests +# referencing these signer names will be auto-approved by cert-manager. Defaults to just +# approving the cert-manager.io Issuer and ClusterIssuer issuers. When set to an empty +# array, ALL issuers will be auto-approved by cert-manager. To disable the auto-approval, +# because eg. you are using approver-policy, you can enable 'disableAutoApproval'. +# ref: https://cert-manager.io/docs/concepts/certificaterequest/#approval +# +docs:property +approveSignerNames: + - issuers.cert-manager.io/* + - clusterissuers.cert-manager.io/* # Additional command line flags to pass to cert-manager controller binary. -# To see all available flags run docker run quay.io/jetstack/cert-manager-controller: --help +# To see all available flags run `docker run quay.io/jetstack/cert-manager-controller: --help`. +# +# Use this flag to enable or disable arbitrary controllers. For example, to disable the CertificiateRequests approver. +# +# For example: +# extraArgs: +# - --controllers=*,-certificaterequests-approver extraArgs: [] -# Use this flag to enable or disable arbitrary controllers, for example, disable the CertificiateRequests approver -# - --controllers=*,-certificaterequests-approver - +# Additional environment variables to pass to cert-manager controller binary. extraEnv: [] # - name: SOME_VAR # value: 'some value' +# Resources to provide to the cert-manager controller pod. +# +# For example: +# requests: +# cpu: 10m +# memory: 32Mi +# +# For more information, see [Resource Management for Pods and Containers](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). resources: {} -# requests: -# cpu: 10m -# memory: 32Mi - -# Pod Security Context -# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +# Pod Security Context. +# For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). +# +docs:property securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault -# Container Security Context to be set on the controller component container -# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +# Container Security Context to be set on the controller component container. +# For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). +# +docs:property containerSecurityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true + readOnlyRootFilesystem: true +# Additional volumes to add to the cert-manager controller pod. volumes: [] +# Additional volume mounts to add to the cert-manager controller container. volumeMounts: [] -# Optional additional annotations to add to the controller Deployment +# Optional additional annotations to add to the controller Deployment. +# +docs:property # deploymentAnnotations: {} -# Optional additional annotations to add to the controller Pods +# Optional additional annotations to add to the controller Pods. +# +docs:property # podAnnotations: {} + +# Optional additional labels to add to the controller Pods. podLabels: {} -# Optional annotations to add to the controller Service +# Optional annotations to add to the controller Service. +# +docs:property # serviceAnnotations: {} -# Optional additional labels to add to the controller Service +# Optional additional labels to add to the controller Service. +# +docs:property # serviceLabels: {} -# Optional DNS settings, useful if you have a public and private DNS zone for -# the same domain on Route 53. What follows is an example of ensuring +# Optionally set the IP family policy for the controller Service to configure dual-stack; see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services). +# +docs:property +# serviceIPFamilyPolicy: "" + +# Optionally set the IP families for the controller Service that should be supported, in the order in which they should be applied to ClusterIP. Can be IPv4 and/or IPv6. +# +docs:property +# serviceIPFamilies: [] + +# Optional DNS settings. These are useful if you have a public and private DNS zone for +# the same domain on Route 53. The following is an example of ensuring # cert-manager can access an ingress or DNS TXT records at all times. -# NOTE: This requires Kubernetes 1.10 or `CustomPodDNS` feature gate enabled for +# Note that this requires Kubernetes 1.10 or `CustomPodDNS` feature gate enabled for # the cluster to work. + +# Pod DNS policy. +# For more information, see [Pod's DNS Policy](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy). +# +docs:property # podDnsPolicy: "None" + +# Pod DNS configuration. The podDnsConfig field is optional and can work with any podDnsPolicy +# settings. However, when a Pod's dnsPolicy is set to "None", the dnsConfig field has to be specified. +# For more information, see [Pod's DNS Config](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config). +# +docs:property # podDnsConfig: # nameservers: # - "1.1.1.1" # - "8.8.8.8" + +# Optional hostAliases for cert-manager-controller pods. May be useful when performing ACME DNS-01 self checks. +hostAliases: [] +# - ip: 127.0.0.1 +# hostnames: +# - foo.local +# - bar.local +# - ip: 10.1.2.3 +# hostnames: +# - foo.remote +# - bar.remote + +# The nodeSelector on Pods tells Kubernetes to schedule Pods on the nodes with +# matching labels. +# For more information, see [Assigning Pods to Nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). +# +# This default ensures that Pods are only scheduled to Linux nodes. +# It prevents Pods being scheduled to Windows nodes in a mixed OS cluster. +# +docs:property nodeSelector: kubernetes.io/os: linux +# +docs:ignore ingressShim: {} +# Optional default issuer to use for ingress resources. +# +docs:property=ingressShim.defaultIssuerName # defaultIssuerName: "" + +# Optional default issuer kind to use for ingress resources. +# +docs:property=ingressShim.defaultIssuerKind # defaultIssuerKind: "" + +# Optional default issuer group to use for ingress resources. +# +docs:property=ingressShim.defaultIssuerGroup # defaultIssuerGroup: "" -prometheus: - enabled: true - servicemonitor: - enabled: false - prometheusInstance: default - targetPort: 9402 - path: /metrics - interval: 60s - scrapeTimeout: 30s - labels: {} - annotations: {} - honorLabels: false -# Use these variables to configure the HTTP_PROXY environment variables +# Use these variables to configure the HTTP_PROXY environment variables. + +# Configures the HTTP_PROXY environment variable where a HTTP proxy is required. +# +docs:property # http_proxy: "http://proxy:8080" + +# Configures the HTTPS_PROXY environment variable where a HTTP proxy is required. +# +docs:property # https_proxy: "https://proxy:8080" + +# Configures the NO_PROXY environment variable where a HTTP proxy is required, +# but certain domains should be excluded. +# +docs:property # no_proxy: 127.0.0.1,localhost -# A Kubernetes Affinty, if required; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core -# for example: +# A Kubernetes Affinity, if required. For more information, see [Affinity v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core). +# +# For example: # affinity: # nodeAffinity: # requiredDuringSchedulingIgnoredDuringExecution: @@ -204,16 +381,18 @@ prometheus: # values: # - master affinity: {} -# A list of Kubernetes Tolerations, if required; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core -# for example: +# A list of Kubernetes Tolerations, if required. For more information, see [Toleration v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core). +# +# For example: # tolerations: # - key: foo.bar.com/role # operator: Equal # value: master # effect: NoSchedule tolerations: [] -# A list of Kubernetes TopologySpreadConstraints, if required; see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#topologyspreadconstraint-v1-core -# for example: +# A list of Kubernetes TopologySpreadConstraints, if required. For more information, see [Topology spread constraint v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#topologyspreadconstraint-v1-core +# +# For example: # topologySpreadConstraints: # - maxSkew: 2 # topologyKey: topology.kubernetes.io/zone @@ -225,150 +404,361 @@ tolerations: [] topologySpreadConstraints: [] # LivenessProbe settings for the controller container of the controller Pod. # -# Disabled by default, because the controller has a leader election mechanism -# which should cause it to exit if it is unable to renew its leader election -# record. +# This is enabled by default, in order to enable the clock-skew liveness probe that +# restarts the controller in case of a skew between the system clock and the monotonic clock. # LivenessProbe durations and thresholds are based on those used for the Kubernetes -# controller-manager. See: -# https://github.com/kubernetes/kubernetes/blob/806b30170c61a38fedd54cc9ede4cd6275a1ad3b/cmd/kubeadm/app/util/staticpod/utils.go#L241-L245 +# controller-manager. For more information see the following on the +# [Kubernetes GitHub repository](https://github.com/kubernetes/kubernetes/blob/806b30170c61a38fedd54cc9ede4cd6275a1ad3b/cmd/kubeadm/app/util/staticpod/utils.go#L241-L245) +# +docs:property livenessProbe: - enabled: false + enabled: true initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 15 successThreshold: 1 failureThreshold: 8 +# enableServiceLinks indicates whether information about services should be +# injected into the pod's environment variables, matching the syntax of Docker +# links. +enableServiceLinks: false +# +docs:section=Prometheus +prometheus: + # Enable Prometheus monitoring for the cert-manager controller to use with the + # Prometheus Operator. If this option is enabled without enabling `prometheus.servicemonitor.enabled` or + # `prometheus.podmonitor.enabled`, 'prometheus.io' annotations are added to the cert-manager Deployment + # resources. Additionally, a service is created which can be used together + # with your own ServiceMonitor (managed outside of this Helm chart). + # Otherwise, a ServiceMonitor/ PodMonitor is created. + enabled: true + servicemonitor: + # Create a ServiceMonitor to add cert-manager to Prometheus. + enabled: false + # Specifies the `prometheus` label on the created ServiceMonitor. This is + # used when different Prometheus instances have label selectors matching + # different ServiceMonitors. + prometheusInstance: default + # The target port to set on the ServiceMonitor. This must match the port that the + # cert-manager controller is listening on for metrics. + targetPort: 9402 + # The path to scrape for metrics. + path: /metrics + # The interval to scrape metrics. + interval: 60s + # The timeout before a metrics scrape fails. + scrapeTimeout: 30s + # Additional labels to add to the ServiceMonitor. + labels: {} + # Additional annotations to add to the ServiceMonitor. + annotations: {} + # Keep labels from scraped data, overriding server-side labels. + honorLabels: false + # EndpointAdditionalProperties allows setting additional properties on the + # endpoint such as relabelings, metricRelabelings etc. + # + # For example: + # endpointAdditionalProperties: + # relabelings: + # - action: replace + # sourceLabels: + # - __meta_kubernetes_pod_node_name + # targetLabel: instance + # + # +docs:property + endpointAdditionalProperties: {} + # Note that you can not enable both PodMonitor and ServiceMonitor as they are mutually exclusive. Enabling both will result in a error. + podmonitor: + # Create a PodMonitor to add cert-manager to Prometheus. + enabled: false + # Specifies the `prometheus` label on the created PodMonitor. This is + # used when different Prometheus instances have label selectors matching + # different PodMonitors. + prometheusInstance: default + # The path to scrape for metrics. + path: /metrics + # The interval to scrape metrics. + interval: 60s + # The timeout before a metrics scrape fails. + scrapeTimeout: 30s + # Additional labels to add to the PodMonitor. + labels: {} + # Additional annotations to add to the PodMonitor. + annotations: {} + # Keep labels from scraped data, overriding server-side labels. + honorLabels: false + # EndpointAdditionalProperties allows setting additional properties on the + # endpoint such as relabelings, metricRelabelings etc. + # + # For example: + # endpointAdditionalProperties: + # relabelings: + # - action: replace + # sourceLabels: + # - __meta_kubernetes_pod_node_name + # targetLabel: instance + # + # +docs:property + endpointAdditionalProperties: {} +# +docs:section=Webhook webhook: + # Number of replicas of the cert-manager webhook to run. + # + # The default is 1, but in production set this to 2 or 3 to provide high + # availability. + # + # If `replicas > 1`, consider setting `webhook.podDisruptionBudget.enabled=true`. replicaCount: 1 - timeoutSeconds: 10 - # Used to configure options for the webhook pod. - # This allows setting options that'd usually be provided via flags. + # The number of seconds the API server should wait for the webhook to respond before treating the call as a failure. + # The value must be between 1 and 30 seconds. For more information, see + # [Validating webhook configuration v1](https://kubernetes.io/docs/reference/kubernetes-api/extend-resources/validating-webhook-configuration-v1/). + # + # The default is set to the maximum value of 30 seconds as + # users sometimes report that the connection between the K8S API server and + # the cert-manager webhook server times out. + # If *this* timeout is reached, the error message will be "context deadline exceeded", + # which doesn't help the user diagnose what phase of the HTTPS connection timed out. + # For example, it could be during DNS resolution, TCP connection, TLS + # negotiation, HTTP negotiation, or slow HTTP response from the webhook + # server. + # By setting this timeout to its maximum value the underlying timeout error + # message has more chance of being returned to the end user. + timeoutSeconds: 30 + # This is used to configure options for the webhook pod. + # This allows setting options that would usually be provided using flags. # An APIVersion and Kind must be specified in your values.yaml file. - # Flags will override options that are set here. - config: - # apiVersion: webhook.config.cert-manager.io/v1alpha1 - # kind: WebhookConfiguration - - # The port that the webhook should listen on for requests. - # In GKE private clusters, by default kubernetes apiservers are allowed to - # talk to the cluster nodes only on 443 and 10250. so configuring - # securePort: 10250, will work out of the box without needing to add firewall - # rules or requiring NET_BIND_SERVICE capabilities to bind port numbers <1000. - # This should be uncommented and set as a default by the chart once we graduate - # the apiVersion of WebhookConfiguration past v1alpha1. - # securePort: 10250 + # Flags override options that are set here. + # + # For example: + # apiVersion: webhook.config.cert-manager.io/v1alpha1 + # kind: WebhookConfiguration + # # The port that the webhook listens on for requests. + # # In GKE private clusters, by default Kubernetes apiservers are allowed to + # # talk to the cluster nodes only on 443 and 10250. Configuring + # # securePort: 10250 therefore will work out-of-the-box without needing to add firewall + # # rules or requiring NET_BIND_SERVICE capabilities to bind port numbers < 1000. + # # This should be uncommented and set as a default by the chart once + # # the apiVersion of WebhookConfiguration graduates beyond v1alpha1. + # securePort: 10250 + config: {} + # The update strategy for the cert-manager webhook deployment. + # For more information, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) + # + # For example: + # strategy: + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 0 + # maxUnavailable: 1 strategy: {} - # type: RollingUpdate - # rollingUpdate: - # maxSurge: 0 - # maxUnavailable: 1 - - # Pod Security Context to be set on the webhook component Pod - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + # Pod Security Context to be set on the webhook component Pod. + # For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). + # +docs:property securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault - podDisruptionBudget: - enabled: false - minAvailable: 1 - # maxUnavailable: 1 - # minAvailable and maxUnavailable can either be set to an integer (e.g. 1) - # or a percentage value (e.g. 25%) - - # Container Security Context to be set on the webhook component container - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + # Container Security Context to be set on the webhook component container. + # For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). + # +docs:property containerSecurityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # Optional additional annotations to add to the webhook Deployment + readOnlyRootFilesystem: true + podDisruptionBudget: + # Enable or disable the PodDisruptionBudget resource. + # + # This prevents downtime during voluntary disruptions such as during a Node upgrade. + # For example, the PodDisruptionBudget will block `kubectl drain` + # if it is used on the Node where the only remaining cert-manager + # Pod is currently running. + enabled: false + # This property configures the minimum available pods for disruptions. Can either be set to + # an integer (e.g. 1) or a percentage value (e.g. 25%). + # It cannot be used if `maxUnavailable` is set. + # +docs:property + # minAvailable: 1 + # This property configures the maximum unavailable pods for disruptions. Can either be set to + # an integer (e.g. 1) or a percentage value (e.g. 25%). + # It cannot be used if `minAvailable` is set. + # +docs:property + # maxUnavailable: 1 + + # Optional additional annotations to add to the webhook Deployment. + # +docs:property # deploymentAnnotations: {} - # Optional additional annotations to add to the webhook Pods + # Optional additional annotations to add to the webhook Pods. + # +docs:property # podAnnotations: {} - # Optional additional annotations to add to the webhook Service + # Optional additional annotations to add to the webhook Service. + # +docs:property # serviceAnnotations: {} - # Optional additional annotations to add to the webhook MutatingWebhookConfiguration + # Optional additional annotations to add to the webhook MutatingWebhookConfiguration. + # +docs:property # mutatingWebhookConfigurationAnnotations: {} - # Optional additional annotations to add to the webhook ValidatingWebhookConfiguration + # Optional additional annotations to add to the webhook ValidatingWebhookConfiguration. + # +docs:property # validatingWebhookConfigurationAnnotations: {} - + validatingWebhookConfiguration: + # Configure spec.namespaceSelector for validating webhooks. + # +docs:property + namespaceSelector: + matchExpressions: + - key: "cert-manager.io/disable-validation" + operator: "NotIn" + values: + - "true" + mutatingWebhookConfiguration: + # Configure spec.namespaceSelector for mutating webhooks. + # +docs:property + namespaceSelector: {} + # matchLabels: + # key: value + # matchExpressions: + # - key: kubernetes.io/metadata.name + # operator: NotIn + # values: + # - kube-system # Additional command line flags to pass to cert-manager webhook binary. - # To see all available flags run docker run quay.io/jetstack/cert-manager-webhook: --help + # To see all available flags run `docker run quay.io/jetstack/cert-manager-webhook: --help`. extraArgs: [] - # Path to a file containing a WebhookConfiguration object used to configure the webhook + # Path to a file containing a WebhookConfiguration object used to configure the webhook. # - --config= + # Comma separated list of feature gates that should be enabled on the + # webhook pod. + featureGates: "" + # Resources to provide to the cert-manager webhook pod. + # + # For example: + # requests: + # cpu: 10m + # memory: 32Mi + # + # For more information, see [Resource Management for Pods and Containers](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). resources: {} - # requests: - # cpu: 10m - # memory: 32Mi - - ## Liveness and readiness probe values - ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes - ## + # Liveness probe values. + # For more information, see [Container probes](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes). + # + # +docs:property livenessProbe: failureThreshold: 3 initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 + # Readiness probe values. + # For more information, see [Container probes](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes). + # + # +docs:property readinessProbe: failureThreshold: 3 initialDelaySeconds: 5 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 + # The nodeSelector on Pods tells Kubernetes to schedule Pods on the nodes with + # matching labels. + # For more information, see [Assigning Pods to Nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). + # + # This default ensures that Pods are only scheduled to Linux nodes. + # It prevents Pods being scheduled to Windows nodes in a mixed OS cluster. + # +docs:property nodeSelector: kubernetes.io/os: linux + # A Kubernetes Affinity, if required. For more information, see [Affinity v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core). + # + # For example: + # affinity: + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: foo.bar.com/role + # operator: In + # values: + # - master affinity: {} + # A list of Kubernetes Tolerations, if required. For more information, see [Toleration v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core). + # + # For example: + # tolerations: + # - key: foo.bar.com/role + # operator: Equal + # value: master + # effect: NoSchedule tolerations: [] + # A list of Kubernetes TopologySpreadConstraints, if required. For more information, see [Topology spread constraint v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#topologyspreadconstraint-v1-core). + # + # For example: + # topologySpreadConstraints: + # - maxSkew: 2 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: ScheduleAnyway + # labelSelector: + # matchLabels: + # app.kubernetes.io/instance: cert-manager + # app.kubernetes.io/component: controller topologySpreadConstraints: [] - # Optional additional labels to add to the Webhook Pods + # Optional additional labels to add to the Webhook Pods. podLabels: {} - # Optional additional labels to add to the Webhook Service + # Optional additional labels to add to the Webhook Service. serviceLabels: {} + # Optionally set the IP family policy for the controller Service to configure dual-stack; see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services). + serviceIPFamilyPolicy: "" + # Optionally set the IP families for the controller Service that should be supported, in the order in which they should be applied to ClusterIP. Can be IPv4 and/or IPv6. + serviceIPFamilies: [] image: - repository: quay.io/jetstack/cert-manager-webhook - # You can manage a registry with + # The container registry to pull the webhook image from. + # +docs:property # registry: quay.io - # repository: jetstack/cert-manager-webhook + # The container image for the cert-manager webhook + # +docs:property + repository: quay.io/jetstack/cert-manager-webhook # Override the image tag to deploy by setting this variable. # If no value is set, the chart's appVersion will be used. - # tag: canary + # +docs:property + # tag: vX.Y.Z # Setting a digest will override any tag + # +docs:property # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 + + # Kubernetes imagePullPolicy on Deployment. pullPolicy: IfNotPresent - digest: sha256:db0bb8c02c0b82f3055315fbc52ad41b90fbe94f82431a0d76666f7c6beeb7f0 + digest: sha256:85df7b64a3d66de3cd7995ae0f2151b54fd18db424cb7cf84d3bd6d4a39d975f serviceAccount: - # Specifies whether a service account should be created + # Specifies whether a service account should be created. create: true # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template + # If not set and create is true, a name is generated using the fullname template. + # +docs:property # name: "" - # Optional additional annotations to add to the controller's ServiceAccount + + # Optional additional annotations to add to the controller's Service Account. + # +docs:property # annotations: {} - # Optional additional labels to add to the webhook's ServiceAccount + + # Optional additional labels to add to the webhook's Service Account. + # +docs:property # labels: {} + # Automount API credentials for a Service Account. automountServiceAccountToken: true - # Automounting API credentials for a particular pod + # Automounting API credentials for a particular pod. + # +docs:property # automountServiceAccountToken: true - # The port that the webhook should listen on for requests. - # In GKE private clusters, by default kubernetes apiservers are allowed to - # talk to the cluster nodes only on 443 and 10250. so configuring - # securePort: 10250, will work out of the box without needing to add firewall - # rules or requiring NET_BIND_SERVICE capabilities to bind port numbers <1000 + # The port that the webhook listens on for requests. + # In GKE private clusters, by default Kubernetes apiservers are allowed to + # talk to the cluster nodes only on 443 and 10250. Configuring + # securePort: 10250, therefore will work out-of-the-box without needing to add firewall + # rules or requiring NET_BIND_SERVICE capabilities to bind port numbers <1000. securePort: 10250 # Specifies if the webhook should be started in hostNetwork mode. # @@ -381,10 +771,12 @@ webhook: # running in hostNetwork mode. hostNetwork: false # Specifies how the service should be handled. Useful if you want to expose the - # webhook to outside of the cluster. In some cases, the control plane cannot + # webhook outside of the cluster. In some cases, the control plane cannot # reach internal services. serviceType: ClusterIP - # loadBalancerIP: + # Specify the load balancer IP for the created service. + # +docs:property + # loadBalancerIP: "10.10.10.10" # Overrides the mutating webhook and validating webhook so they reach the webhook # service using the `url` field instead of a service. @@ -393,11 +785,18 @@ webhook: # Enables default network policies for webhooks. networkPolicy: + # Create network policies for the webhooks. enabled: false + # Ingress rule for the webhook network policy. By default, it allows all + # inbound traffic. + # +docs:property ingress: - from: - ipBlock: cidr: 0.0.0.0/0 + # Egress rule for the webhook network policy. By default, it allows all + # outbound traffic to ports 80 and 443, as well as DNS ports. + # +docs:property egress: - ports: - port: 80 @@ -408,202 +807,393 @@ webhook: protocol: TCP - port: 53 protocol: UDP - # On OpenShift and OKD, the Kubernetes API server listens on + # On OpenShift and OKD, the Kubernetes API server listens on. # port 6443. - port: 6443 protocol: TCP to: - ipBlock: cidr: 0.0.0.0/0 + # Additional volumes to add to the cert-manager controller pod. volumes: [] + # Additional volume mounts to add to the cert-manager controller container. volumeMounts: [] + # enableServiceLinks indicates whether information about services should be + # injected into the pod's environment variables, matching the syntax of Docker + # links. + enableServiceLinks: false +# +docs:section=CA Injector cainjector: + # Create the CA Injector deployment enabled: true + # The number of replicas of the cert-manager cainjector to run. + # + # The default is 1, but in production set this to 2 or 3 to provide high + # availability. + # + # If `replicas > 1`, consider setting `cainjector.podDisruptionBudget.enabled=true`. + # + # Note that cert-manager uses leader election to ensure that there can + # only be a single instance active at a time. replicaCount: 1 + # This is used to configure options for the cainjector pod. + # It allows setting options that are usually provided via flags. + # An APIVersion and Kind must be specified in your values.yaml file. + # Flags override options that are set here. + # + # For example: + # apiVersion: cainjector.config.cert-manager.io/v1alpha1 + # kind: CAInjectorConfiguration + # logging: + # verbosity: 2 + # format: text + # leaderElectionConfig: + # namespace: kube-system + config: {} + # Deployment update strategy for the cert-manager cainjector deployment. + # For more information, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy). + # + # For example: + # strategy: + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 0 + # maxUnavailable: 1 strategy: {} - # type: RollingUpdate - # rollingUpdate: - # maxSurge: 0 - # maxUnavailable: 1 - # Pod Security Context to be set on the cainjector component Pod - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + # For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). + # +docs:property securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault - podDisruptionBudget: - enabled: false - minAvailable: 1 - # maxUnavailable: 1 - # minAvailable and maxUnavailable can either be set to an integer (e.g. 1) - # or a percentage value (e.g. 25%) - # Container Security Context to be set on the cainjector component container - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + # For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). + # +docs:property containerSecurityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # Optional additional annotations to add to the cainjector Deployment + readOnlyRootFilesystem: true + podDisruptionBudget: + # Enable or disable the PodDisruptionBudget resource. + # + # This prevents downtime during voluntary disruptions such as during a Node upgrade. + # For example, the PodDisruptionBudget will block `kubectl drain` + # if it is used on the Node where the only remaining cert-manager + # Pod is currently running. + enabled: false + # `minAvailable` configures the minimum available pods for disruptions. It can either be set to + # an integer (e.g. 1) or a percentage value (e.g. 25%). + # Cannot be used if `maxUnavailable` is set. + # +docs:property + # minAvailable: 1 + # `maxUnavailable` configures the maximum unavailable pods for disruptions. It can either be set to + # an integer (e.g. 1) or a percentage value (e.g. 25%). + # Cannot be used if `minAvailable` is set. + # +docs:property + # maxUnavailable: 1 + + # Optional additional annotations to add to the cainjector Deployment. + # +docs:property # deploymentAnnotations: {} - # Optional additional annotations to add to the cainjector Pods + # Optional additional annotations to add to the cainjector Pods. + # +docs:property # podAnnotations: {} # Additional command line flags to pass to cert-manager cainjector binary. - # To see all available flags run docker run quay.io/jetstack/cert-manager-cainjector: --help + # To see all available flags run `docker run quay.io/jetstack/cert-manager-cainjector: --help`. extraArgs: [] - # Enable profiling for cainjector + # Enable profiling for cainjector. # - --enable-profiling=true + # Comma separated list of feature gates that should be enabled on the + # cainjector pod. + featureGates: "" + # Resources to provide to the cert-manager cainjector pod. + # + # For example: + # requests: + # cpu: 10m + # memory: 32Mi + # + # For more information, see [Resource Management for Pods and Containers](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). resources: {} - # requests: - # cpu: 10m - # memory: 32Mi - + # The nodeSelector on Pods tells Kubernetes to schedule Pods on the nodes with + # matching labels. + # For more information, see [Assigning Pods to Nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). + # + # This default ensures that Pods are only scheduled to Linux nodes. + # It prevents Pods being scheduled to Windows nodes in a mixed OS cluster. + # +docs:property nodeSelector: kubernetes.io/os: linux + # A Kubernetes Affinity, if required. For more information, see [Affinity v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core). + # + # For example: + # affinity: + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: foo.bar.com/role + # operator: In + # values: + # - master affinity: {} + # A list of Kubernetes Tolerations, if required. For more information, see [Toleration v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core). + # + # For example: + # tolerations: + # - key: foo.bar.com/role + # operator: Equal + # value: master + # effect: NoSchedule tolerations: [] + # A list of Kubernetes TopologySpreadConstraints, if required. For more information, see [Topology spread constraint v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#topologyspreadconstraint-v1-core). + # + # For example: + # topologySpreadConstraints: + # - maxSkew: 2 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: ScheduleAnyway + # labelSelector: + # matchLabels: + # app.kubernetes.io/instance: cert-manager + # app.kubernetes.io/component: controller topologySpreadConstraints: [] - # Optional additional labels to add to the CA Injector Pods + # Optional additional labels to add to the CA Injector Pods. podLabels: {} image: - repository: quay.io/jetstack/cert-manager-cainjector - # You can manage a registry with + # The container registry to pull the cainjector image from. + # +docs:property # registry: quay.io - # repository: jetstack/cert-manager-cainjector + # The container image for the cert-manager cainjector + # +docs:property + repository: quay.io/jetstack/cert-manager-cainjector # Override the image tag to deploy by setting this variable. # If no value is set, the chart's appVersion will be used. - # tag: canary + # +docs:property + # tag: vX.Y.Z - # Setting a digest will override any tag + # Setting a digest will override any tag. + # +docs:property # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 + + # Kubernetes imagePullPolicy on Deployment. pullPolicy: IfNotPresent - digest: sha256:2a70d9497a645101210d077874c35dc0431233d8c6e53a851835ca301523d64b + digest: sha256:edb1c1e0083ee4cd8e2ccb296ee0f436d2e465ecf90159f9d03141fc19bd3c23 serviceAccount: - # Specifies whether a service account should be created + # Specifies whether a service account should be created. create: true # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template + # +docs:property # name: "" - # Optional additional annotations to add to the controller's ServiceAccount + + # Optional additional annotations to add to the controller's Service Account. + # +docs:property # annotations: {} - # Automount API credentials for a Service Account. - # Optional additional labels to add to the cainjector's ServiceAccount + + # Optional additional labels to add to the cainjector's Service Account. + # +docs:property # labels: {} + + # Automount API credentials for a Service Account. automountServiceAccountToken: true - # Automounting API credentials for a particular pod + # Automounting API credentials for a particular pod. + # +docs:property # automountServiceAccountToken: true + + # Additional volumes to add to the cert-manager controller pod. volumes: [] + # Additional volume mounts to add to the cert-manager controller container. volumeMounts: [] + # enableServiceLinks indicates whether information about services should be + # injected into the pod's environment variables, matching the syntax of Docker + # links. + enableServiceLinks: false +# +docs:section=ACME Solver acmesolver: image: - repository: quay.io/jetstack/cert-manager-acmesolver - # You can manage a registry with + # The container registry to pull the acmesolver image from. + # +docs:property # registry: quay.io - # repository: jetstack/cert-manager-acmesolver - digest: sha256:12a62e54ba8defda94df71ef76f9c8fe68405d59370f665991734d6b692e35f2 -# Override the image tag to deploy by setting this variable. -# If no value is set, the chart's appVersion will be used. -# tag: canary + # The container image for the cert-manager acmesolver. + # +docs:property + repository: quay.io/jetstack/cert-manager-acmesolver + # Override the image tag to deploy by setting this variable. + # If no value is set, the chart's appVersion is used. + # +docs:property + # tag: vX.Y.Z -# Setting a digest will override any tag -# digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 + # Setting a digest will override any tag. + # +docs:property + # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 + # Kubernetes imagePullPolicy on Deployment. + pullPolicy: IfNotPresent + digest: sha256:99feb5d6cd8e8b4c6eb1ab14b317304141c25114b0bd3e5588b9f551f664cb8f +# +docs:section=Startup API Check # This startupapicheck is a Helm post-install hook that waits for the webhook # endpoints to become available. -# The check is implemented using a Kubernetes Job- if you are injecting mesh -# sidecar proxies into cert-manager pods, you probably want to ensure that they -# are not injected into this Job's pod. Otherwise the installation may time out -# due to the Job never being completed because the sidecar proxy does not exit. -# See https://github.com/cert-manager/cert-manager/pull/4414 for context. +# The check is implemented using a Kubernetes Job - if you are injecting mesh +# sidecar proxies into cert-manager pods, ensure that they +# are not injected into this Job's pod. Otherwise, the installation may time out +# owing to the Job never being completed because the sidecar proxy does not exit. +# For more information, see [this note](https://github.com/cert-manager/cert-manager/pull/4414). startupapicheck: + # Enables the startup api check. enabled: true - # Pod Security Context to be set on the startupapicheck component Pod - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + # Pod Security Context to be set on the startupapicheck component Pod. + # For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). + # +docs:property securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault - # Container Security Context to be set on the controller component container - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + # Container Security Context to be set on the controller component container. + # For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). + # +docs:property containerSecurityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # Timeout for 'kubectl check api' command + readOnlyRootFilesystem: true + # Timeout for 'kubectl check api' command. timeout: 1m # Job backoffLimit backoffLimit: 4 - # Optional additional annotations to add to the startupapicheck Job + # Optional additional annotations to add to the startupapicheck Job. + # +docs:property jobAnnotations: helm.sh/hook: post-install helm.sh/hook-weight: "1" helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded - # Optional additional annotations to add to the startupapicheck Pods + # Optional additional annotations to add to the startupapicheck Pods. + # +docs:property # podAnnotations: {} # Additional command line flags to pass to startupapicheck binary. - # To see all available flags run docker run quay.io/jetstack/cert-manager-ctl: --help - extraArgs: [] + # To see all available flags run `docker run quay.io/jetstack/cert-manager-startupapicheck: --help`. + # + # Verbose logging is enabled by default so that if startupapicheck fails, you + # can know what exactly caused the failure. Verbose logs include details of + # the webhook URL, IP address and TCP connect errors for example. + # +docs:property + extraArgs: + - -v + # Resources to provide to the cert-manager controller pod. + # + # For example: + # requests: + # cpu: 10m + # memory: 32Mi + # + # For more information, see [Resource Management for Pods and Containers](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). resources: {} - # requests: - # cpu: 10m - # memory: 32Mi - + # The nodeSelector on Pods tells Kubernetes to schedule Pods on the nodes with + # matching labels. + # For more information, see [Assigning Pods to Nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). + # + # This default ensures that Pods are only scheduled to Linux nodes. + # It prevents Pods being scheduled to Windows nodes in a mixed OS cluster. + # +docs:property nodeSelector: kubernetes.io/os: linux + # A Kubernetes Affinity, if required. For more information, see [Affinity v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core). + # For example: + # affinity: + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: foo.bar.com/role + # operator: In + # values: + # - master affinity: {} + # A list of Kubernetes Tolerations, if required. For more information, see [Toleration v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core). + # + # For example: + # tolerations: + # - key: foo.bar.com/role + # operator: Equal + # value: master + # effect: NoSchedule tolerations: [] - # Optional additional labels to add to the startupapicheck Pods + # Optional additional labels to add to the startupapicheck Pods. podLabels: {} image: - repository: quay.io/jetstack/cert-manager-ctl - # You can manage a registry with + # The container registry to pull the startupapicheck image from. + # +docs:property # registry: quay.io - # repository: jetstack/cert-manager-ctl + # The container image for the cert-manager startupapicheck. + # +docs:property + repository: quay.io/jetstack/cert-manager-startupapicheck # Override the image tag to deploy by setting this variable. - # If no value is set, the chart's appVersion will be used. - # tag: canary + # If no value is set, the chart's appVersion is used. + # +docs:property + # tag: vX.Y.Z - # Setting a digest will override any tag + # Setting a digest will override any tag. + # +docs:property # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 + + # Kubernetes imagePullPolicy on Deployment. pullPolicy: IfNotPresent - digest: sha256:1b988a4a2ae83aae995d396fa67fdb4c90bc55bc91ea74679f17c6c347541406 + digest: sha256:6365e940a5a913a3aeca0ea519102236d9bec5f0e8f0011fa3498c26d18348e5 rbac: - # annotations for the startup API Check job RBAC and PSP resources + # annotations for the startup API Check job RBAC and PSP resources. + # +docs:property annotations: helm.sh/hook: post-install helm.sh/hook-weight: "-5" helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded - # Automounting API credentials for a particular pod + # Automounting API credentials for a particular pod. + # +docs:property # automountServiceAccountToken: true serviceAccount: - # Specifies whether a service account should be created + # Specifies whether a service account should be created. create: true # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template + # If not set and create is true, a name is generated using the fullname template. + # +docs:property # name: "" - # Optional additional annotations to add to the Job's ServiceAccount + # Optional additional annotations to add to the Job's Service Account. + # +docs:property annotations: helm.sh/hook: post-install helm.sh/hook-weight: "-5" helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded # Automount API credentials for a Service Account. + # +docs:property automountServiceAccountToken: true - # Optional additional labels to add to the startupapicheck's ServiceAccount + # Optional additional labels to add to the startupapicheck's Service Account. + # +docs:property # labels: {} + # Additional volumes to add to the cert-manager controller pod. volumes: [] + # Additional volume mounts to add to the cert-manager controller container. volumeMounts: [] + # enableServiceLinks indicates whether information about services should be + # injected into pod's environment variables, matching the syntax of Docker + # links. + enableServiceLinks: false +# Create dynamic manifests via values. +# +# For example: +# extraObjects: +# - | +# apiVersion: v1 +# kind: ConfigMap +# metadata: +# name: '{{ template "cert-manager.name" . }}-extra-configmap' +extraObjects: [] diff --git a/internal/constellation/helm/generateCertManager.sh b/internal/constellation/helm/generateCertManager.sh index 02b98676e..80df82775 100755 --- a/internal/constellation/helm/generateCertManager.sh +++ b/internal/constellation/helm/generateCertManager.sh @@ -5,7 +5,7 @@ set -o errtrace shopt -s inherit_errexit echo "Pulling cert-manager Helm chart..." -version="1.12.6" +version="1.15.0" function cleanup { rm -rf "charts/cert-manager/README.md" "charts/cert-manager-v${version}.tgz" @@ -38,7 +38,7 @@ yq eval -i '.cainjector.image.digest = "sha256:'"${v}"'"' charts/cert-manager/va v=$(get_sha256_hash "cert-manager-acmesolver") yq eval -i '.acmesolver.image.digest = "sha256:'"${v}"'"' charts/cert-manager/values.yaml -v=$(get_sha256_hash "cert-manager-ctl") +v=$(get_sha256_hash "cert-manager-startupapicheck") yq eval -i '.startupapicheck.image.digest = "sha256:'"${v}"'"' charts/cert-manager/values.yaml echo # final newline diff --git a/internal/constellation/helm/helm_test.go b/internal/constellation/helm/helm_test.go index e2f8265b3..f9af7bafa 100644 --- a/internal/constellation/helm/helm_test.go +++ b/internal/constellation/helm/helm_test.go @@ -194,7 +194,7 @@ func TestHelmApply(t *testing.T) { awsLbVersion = *tc.clusterAWSLBVersion } - certManagerVersion := "v1.12.6" // current version + certManagerVersion := "v1.15.0" // current version if tc.clusterCertManagerVersion != nil { certManagerVersion = *tc.clusterCertManagerVersion } From c1e4da3ea1e65cccf55ccdf095f6ecb485fea8f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Thu, 20 Jun 2024 11:22:37 +0200 Subject: [PATCH 087/380] debugd: reset unit failed status before restarting (#3183) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- debugd/internal/debugd/deploy/service.go | 5 +++++ debugd/internal/debugd/deploy/service_test.go | 4 ++++ debugd/internal/debugd/deploy/wrappers.go | 4 ++++ 3 files changed, 13 insertions(+) diff --git a/debugd/internal/debugd/deploy/service.go b/debugd/internal/debugd/deploy/service.go index edea5bf07..114e5da58 100644 --- a/debugd/internal/debugd/deploy/service.go +++ b/debugd/internal/debugd/deploy/service.go @@ -91,6 +91,8 @@ type dbusConn interface { // StopUnitContext is similar to StartUnitContext, but stops the specified unit // rather than starting it. StopUnitContext(ctx context.Context, name string, mode string, ch chan<- string) (int, error) + // ResetFailedUnitContext resets the "failed" state of a unit. + ResetFailedUnitContext(ctx context.Context, name string) error // RestartUnitContext restarts a service. If a service is restarted that isn't // running it will be started. RestartUnitContext(ctx context.Context, name string, mode string, ch chan<- string) (int, error) @@ -122,6 +124,9 @@ func (s *ServiceManager) SystemdAction(ctx context.Context, request ServiceManag case Stop: _, err = conn.StopUnitContext(ctx, request.Unit, "replace", resultChan) case Restart: + if err = conn.ResetFailedUnitContext(ctx, request.Unit); err != nil { + s.log.Error("Failed to reset unit failed state", "error", err.Error(), "unit", request.Unit) + } _, err = conn.RestartUnitContext(ctx, request.Unit, "replace", resultChan) case Reload: err = conn.ReloadContext(ctx) diff --git a/debugd/internal/debugd/deploy/service_test.go b/debugd/internal/debugd/deploy/service_test.go index 394960c0a..f0b398333 100644 --- a/debugd/internal/debugd/deploy/service_test.go +++ b/debugd/internal/debugd/deploy/service_test.go @@ -356,6 +356,10 @@ func (c *fakeDbusConn) StopUnitContext(_ context.Context, name string, mode stri return c.jobID, c.actionErr } +func (c *fakeDbusConn) ResetFailedUnitContext(_ context.Context, _ string) error { + return nil +} + func (c *fakeDbusConn) RestartUnitContext(_ context.Context, name string, mode string, ch chan<- string) (int, error) { c.inputs = append(c.inputs, dbusConnActionInput{name: name, mode: mode}) ch <- c.result diff --git a/debugd/internal/debugd/deploy/wrappers.go b/debugd/internal/debugd/deploy/wrappers.go index f072308d9..1c5acaee3 100644 --- a/debugd/internal/debugd/deploy/wrappers.go +++ b/debugd/internal/debugd/deploy/wrappers.go @@ -38,6 +38,10 @@ func (c *dbusConnWrapper) StopUnitContext(ctx context.Context, name string, mode return c.conn.StopUnitContext(ctx, name, mode, ch) } +func (c *dbusConnWrapper) ResetFailedUnitContext(ctx context.Context, name string) error { + return c.conn.ResetFailedUnitContext(ctx, name) +} + func (c *dbusConnWrapper) RestartUnitContext(ctx context.Context, name string, mode string, ch chan<- string) (int, error) { return c.conn.RestartUnitContext(ctx, name, mode, ch) } From 364bc1c9c478b2b07b415423e320b10b34a5c24f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 20 Jun 2024 13:27:48 +0200 Subject: [PATCH 088/380] deps: update dependency aspect_bazel_lib to v2.7.7 (#3137) * deps: update dependency aspect_bazel_lib to v2.7.7 * deps: tidy all modules --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci --- MODULE.bazel | 2 +- MODULE.bazel.lock | 44 ++++++++++++++++++++++---------------------- 2 files changed, 23 insertions(+), 23 deletions(-) diff --git a/MODULE.bazel b/MODULE.bazel index bb3acbd27..0b369007b 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -1,6 +1,6 @@ module(name = "constellation") -bazel_dep(name = "aspect_bazel_lib", version = "2.7.6") +bazel_dep(name = "aspect_bazel_lib", version = "2.7.7") bazel_dep(name = "bazel_skylib", version = "1.6.1") bazel_dep(name = "gazelle", version = "0.36.0") bazel_dep(name = "hermetic_cc_toolchain", version = "3.1.0") diff --git a/MODULE.bazel.lock b/MODULE.bazel.lock index 3427ceca2..a44e955fa 100644 --- a/MODULE.bazel.lock +++ b/MODULE.bazel.lock @@ -1,6 +1,6 @@ { "lockFileVersion": 6, - "moduleFileHash": "69841d218742190dc3a3ae4ccb22541216c1297d9657a24ec500b256a5d2b63a", + "moduleFileHash": "ae0b3b125763dc4f1586c890eb3b431e409b56a3dc4284809f9fd4d1b033c13e", "flags": { "cmdRegistries": [ "https://bcr.bazel.build/" @@ -313,7 +313,7 @@ } ], "deps": { - "aspect_bazel_lib": "aspect_bazel_lib@2.7.6", + "aspect_bazel_lib": "aspect_bazel_lib@2.7.7", "bazel_skylib": "bazel_skylib@1.6.1", "gazelle": "gazelle@_", "hermetic_cc_toolchain": "hermetic_cc_toolchain@3.1.0", @@ -327,10 +327,10 @@ "local_config_platform": "local_config_platform@_" } }, - "aspect_bazel_lib@2.7.6": { + "aspect_bazel_lib@2.7.7": { "name": "aspect_bazel_lib", - "version": "2.7.6", - "key": "aspect_bazel_lib@2.7.6", + "version": "2.7.7", + "key": "aspect_bazel_lib@2.7.7", "repoName": "aspect_bazel_lib", "executionPlatformsToRegister": [], "toolchainsToRegister": [ @@ -348,9 +348,9 @@ { "extensionBzlFile": "@aspect_bazel_lib//lib:extensions.bzl", "extensionName": "toolchains", - "usingModule": "aspect_bazel_lib@2.7.6", + "usingModule": "aspect_bazel_lib@2.7.7", "location": { - "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.6/MODULE.bazel", + "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.7/MODULE.bazel", "line": 17, "column": 37 }, @@ -372,7 +372,7 @@ "attributeValues": {}, "devDependency": false, "location": { - "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.6/MODULE.bazel", + "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.7/MODULE.bazel", "line": 18, "column": 36 } @@ -382,7 +382,7 @@ "attributeValues": {}, "devDependency": false, "location": { - "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.6/MODULE.bazel", + "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.7/MODULE.bazel", "line": 19, "column": 39 } @@ -392,7 +392,7 @@ "attributeValues": {}, "devDependency": false, "location": { - "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.6/MODULE.bazel", + "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.7/MODULE.bazel", "line": 20, "column": 24 } @@ -402,7 +402,7 @@ "attributeValues": {}, "devDependency": false, "location": { - "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.6/MODULE.bazel", + "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.7/MODULE.bazel", "line": 21, "column": 24 } @@ -412,7 +412,7 @@ "attributeValues": {}, "devDependency": false, "location": { - "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.6/MODULE.bazel", + "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.7/MODULE.bazel", "line": 22, "column": 31 } @@ -422,7 +422,7 @@ "attributeValues": {}, "devDependency": false, "location": { - "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.6/MODULE.bazel", + "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.7/MODULE.bazel", "line": 23, "column": 25 } @@ -432,7 +432,7 @@ "attributeValues": {}, "devDependency": false, "location": { - "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.6/MODULE.bazel", + "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.7/MODULE.bazel", "line": 24, "column": 26 } @@ -442,7 +442,7 @@ "attributeValues": {}, "devDependency": false, "location": { - "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.6/MODULE.bazel", + "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.7/MODULE.bazel", "line": 25, "column": 37 } @@ -452,7 +452,7 @@ "attributeValues": {}, "devDependency": false, "location": { - "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.6/MODULE.bazel", + "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.7/MODULE.bazel", "line": 26, "column": 26 } @@ -474,13 +474,13 @@ "ruleClassName": "http_archive", "attributes": { "urls": [ - "https://github.com/aspect-build/bazel-lib/releases/download/v2.7.6/bazel-lib-v2.7.6.tar.gz" + "https://github.com/aspect-build/bazel-lib/releases/download/v2.7.7/bazel-lib-v2.7.7.tar.gz" ], - "integrity": "sha256-tZeBk59AyL8Uj0pxvQbjAn4V5A6YFD6laIuDUx7IUo8=", - "strip_prefix": "bazel-lib-2.7.6", + "integrity": "sha256-bXWKj2Ruzuej4pT75Dhtqvvg5ZZnIwCcKQ1JPyJ8OQs=", + "strip_prefix": "bazel-lib-2.7.7", "remote_patches": { - "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.6/patches/go_dev_dep.patch": "sha256-DTc/hk+etl4D50M0BLRik2vHbrgDb6rds+Dj4xphWb4=", - "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.6/patches/module_dot_bazel_version.patch": "sha256-tU9ga2FHxBhCR9DvRg5MxObWUhY+8hme2kGvuyZ5OGE=" + "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.7/patches/go_dev_dep.patch": "sha256-DTc/hk+etl4D50M0BLRik2vHbrgDb6rds+Dj4xphWb4=", + "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.7/patches/module_dot_bazel_version.patch": "sha256-FDbxjcvVK7HecYjvYhIaZ8HF2mujF2bZ/b6LiM6iu4A=" }, "remote_patch_strip": 1 } @@ -1930,7 +1930,7 @@ }, "@@aspect_bazel_lib~//lib:extensions.bzl%toolchains": { "general": { - "bzlTransitiveDigest": "jRSe5nPhOc6hpkqfAg7O3juIICyQm8Hk8cRpc4v8Yh4=", + "bzlTransitiveDigest": "n4GVWP5Au6F4/JAj0XXC8m6GO270BPnxZlR/Uwp7Tpw=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, From afd6b35f18f0df4df45a2461cd9a21f5b3ae0323 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 20 Jun 2024 13:28:21 +0200 Subject: [PATCH 089/380] deps: update ghcr.io/edgelesssys/gcp-guest-agent Docker tag to v20240611 (#3180) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- internal/versions/versions.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/versions/versions.go b/internal/versions/versions.go index 4a2eb0324..a2a93a5a9 100644 --- a/internal/versions/versions.go +++ b/internal/versions/versions.go @@ -169,7 +169,7 @@ const ( // GcpGuestImage image for GCP guest agent. // Check for new versions at https://github.com/GoogleCloudPlatform/guest-agent/releases and update in /.github/workflows/build-gcp-guest-agent.yml. - GcpGuestImage = "ghcr.io/edgelesssys/gcp-guest-agent:v20240528.0.0@sha256:1c6e1a5f0ae9ff84fa83082bd26be209f4a5ab71d6dfcfc024999419c8f8578c" // renovate:container + GcpGuestImage = "ghcr.io/edgelesssys/gcp-guest-agent:v20240611.1.0@sha256:e751fda68957a70c8494999115aba2ccbc1e2f31d85986b7e133cbe02187da23" // renovate:container // NodeMaintenanceOperatorImage is the image for the node maintenance operator. NodeMaintenanceOperatorImage = "quay.io/medik8s/node-maintenance-operator:v0.15.0@sha256:8cb8dad93283268282c30e75c68f4bd76b28def4b68b563d2f9db9c74225d634" // renovate:container // LogstashImage is the container image of logstash, used for log collection by debugd. From c01f7350427bbff623efb3e79400386a669b1c6e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 20 Jun 2024 13:49:33 +0200 Subject: [PATCH 090/380] deps: update bazel (core) (#3186) * deps: update bazel (core) * deps: tidy all modules --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci --- .bazelversion | 2 +- MODULE.bazel | 4 +- MODULE.bazel.lock | 2688 ++------------------------------------------- 3 files changed, 117 insertions(+), 2577 deletions(-) diff --git a/.bazelversion b/.bazelversion index a8a188756..0ee843cc6 100644 --- a/.bazelversion +++ b/.bazelversion @@ -1 +1 @@ -7.1.2 +7.2.0 diff --git a/MODULE.bazel b/MODULE.bazel index 0b369007b..97fb1c66c 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -5,7 +5,7 @@ bazel_dep(name = "bazel_skylib", version = "1.6.1") bazel_dep(name = "gazelle", version = "0.36.0") bazel_dep(name = "hermetic_cc_toolchain", version = "3.1.0") bazel_dep(name = "rules_cc", version = "0.0.9") -bazel_dep(name = "rules_go", version = "0.48.0", repo_name = "io_bazel_rules_go") +bazel_dep(name = "rules_go", version = "0.48.1", repo_name = "io_bazel_rules_go") bazel_dep(name = "rules_pkg", version = "0.10.1") bazel_dep(name = "rules_proto", version = "6.0.0.bcr.1") bazel_dep(name = "rules_python", version = "0.32.2") @@ -16,7 +16,7 @@ bazel_dep(name = "buildifier_prebuilt", version = "6.4.0", dev_dependency = True # until go.work support is released git_override( module_name = "gazelle", - commit = "7d10bf7befce477f518056cfc502939000bea3fa", + commit = "476a9447de621f3d6ab0154cc5683b989c79f9c1", remote = "https://github.com/bazelbuild/bazel-gazelle", ) diff --git a/MODULE.bazel.lock b/MODULE.bazel.lock index a44e955fa..addca7b87 100644 --- a/MODULE.bazel.lock +++ b/MODULE.bazel.lock @@ -1,1909 +1,95 @@ { - "lockFileVersion": 6, - "moduleFileHash": "ae0b3b125763dc4f1586c890eb3b431e409b56a3dc4284809f9fd4d1b033c13e", - "flags": { - "cmdRegistries": [ - "https://bcr.bazel.build/" - ], - "cmdModuleOverrides": {}, - "allowedYankedVersions": [], - "envVarAllowedYankedVersions": "", - "ignoreDevDependency": false, - "directDependenciesMode": "WARNING", - "compatibilityMode": "ERROR" - }, - "localOverrideHashes": { - "bazel_tools": "1ae69322ac3823527337acf02016e8ee95813d8d356f47060255b8956fa642f0" - }, - "moduleDepGraph": { - "": { - "name": "constellation", - "version": "", - "key": "", - "repoName": "constellation", - "executionPlatformsToRegister": [], - "toolchainsToRegister": [], - "extensionUsages": [ - { - "extensionBzlFile": "@io_bazel_rules_go//go:extensions.bzl", - "extensionName": "go_sdk", - "usingModule": "", - "location": { - "file": "@@//:MODULE.bazel", - "line": 23, - "column": 23 - }, - "imports": {}, - "devImports": [], - "tags": [ - { - "tagName": "download", - "attributeValues": { - "name": "go_sdk", - "patches": [ - "//3rdparty/bazel/org_golang:go_tls_max_handshake_size.patch" - ], - "version": "1.22.4" - }, - "devDependency": false, - "location": { - "file": "@@//:MODULE.bazel", - "line": 24, - "column": 16 - } - } - ], - "hasDevUseExtension": false, - "hasNonDevUseExtension": true - }, - { - "extensionBzlFile": "@gazelle//:extensions.bzl", - "extensionName": "go_deps", - "usingModule": "", - "location": { - "file": "@@//:MODULE.bazel", - "line": 32, - "column": 24 - }, - "imports": { - "cat_dario_mergo": "cat_dario_mergo", - "com_github_aws_aws_sdk_go": "com_github_aws_aws_sdk_go", - "com_github_aws_aws_sdk_go_v2": "com_github_aws_aws_sdk_go_v2", - "com_github_aws_aws_sdk_go_v2_config": "com_github_aws_aws_sdk_go_v2_config", - "com_github_aws_aws_sdk_go_v2_credentials": "com_github_aws_aws_sdk_go_v2_credentials", - "com_github_aws_aws_sdk_go_v2_feature_ec2_imds": "com_github_aws_aws_sdk_go_v2_feature_ec2_imds", - "com_github_aws_aws_sdk_go_v2_feature_s3_manager": "com_github_aws_aws_sdk_go_v2_feature_s3_manager", - "com_github_aws_aws_sdk_go_v2_service_autoscaling": "com_github_aws_aws_sdk_go_v2_service_autoscaling", - "com_github_aws_aws_sdk_go_v2_service_cloudfront": "com_github_aws_aws_sdk_go_v2_service_cloudfront", - "com_github_aws_aws_sdk_go_v2_service_ec2": "com_github_aws_aws_sdk_go_v2_service_ec2", - "com_github_aws_aws_sdk_go_v2_service_elasticloadbalancingv2": "com_github_aws_aws_sdk_go_v2_service_elasticloadbalancingv2", - "com_github_aws_aws_sdk_go_v2_service_resourcegroupstaggingapi": "com_github_aws_aws_sdk_go_v2_service_resourcegroupstaggingapi", - "com_github_aws_aws_sdk_go_v2_service_s3": "com_github_aws_aws_sdk_go_v2_service_s3", - "com_github_aws_aws_sdk_go_v2_service_secretsmanager": "com_github_aws_aws_sdk_go_v2_service_secretsmanager", - "com_github_aws_smithy_go": "com_github_aws_smithy_go", - "com_github_azure_azure_sdk_for_go": "com_github_azure_azure_sdk_for_go", - "com_github_azure_azure_sdk_for_go_sdk_azcore": "com_github_azure_azure_sdk_for_go_sdk_azcore", - "com_github_azure_azure_sdk_for_go_sdk_azidentity": "com_github_azure_azure_sdk_for_go_sdk_azidentity", - "com_github_azure_azure_sdk_for_go_sdk_resourcemanager_compute_armcompute_v5": "com_github_azure_azure_sdk_for_go_sdk_resourcemanager_compute_armcompute_v5", - "com_github_azure_azure_sdk_for_go_sdk_resourcemanager_network_armnetwork_v5": "com_github_azure_azure_sdk_for_go_sdk_resourcemanager_network_armnetwork_v5", - "com_github_azure_azure_sdk_for_go_sdk_security_keyvault_azsecrets": "com_github_azure_azure_sdk_for_go_sdk_security_keyvault_azsecrets", - "com_github_azure_azure_sdk_for_go_sdk_storage_azblob": "com_github_azure_azure_sdk_for_go_sdk_storage_azblob", - "com_github_bazelbuild_buildtools": "com_github_bazelbuild_buildtools", - "com_github_burntsushi_toml": "com_github_burntsushi_toml", - "com_github_coreos_go_systemd_v22": "com_github_coreos_go_systemd_v22", - "com_github_docker_docker": "com_github_docker_docker", - "com_github_edgelesssys_go_azguestattestation": "com_github_edgelesssys_go_azguestattestation", - "com_github_edgelesssys_go_tdx_qpl": "com_github_edgelesssys_go_tdx_qpl", - "com_github_foxboron_go_uefi": "com_github_foxboron_go_uefi", - "com_github_fsnotify_fsnotify": "com_github_fsnotify_fsnotify", - "com_github_go_playground_locales": "com_github_go_playground_locales", - "com_github_go_playground_universal_translator": "com_github_go_playground_universal_translator", - "com_github_go_playground_validator_v10": "com_github_go_playground_validator_v10", - "com_github_golang_jwt_jwt_v5": "com_github_golang_jwt_jwt_v5", - "com_github_google_go_licenses": "com_github_google_go_licenses", - "com_github_google_go_sev_guest": "com_github_google_go_sev_guest", - "com_github_google_go_tdx_guest": "com_github_google_go_tdx_guest", - "com_github_google_go_tpm": "com_github_google_go_tpm", - "com_github_google_go_tpm_tools": "com_github_google_go_tpm_tools", - "com_github_google_keep_sorted": "com_github_google_keep_sorted", - "com_github_google_uuid": "com_github_google_uuid", - "com_github_googleapis_gax_go_v2": "com_github_googleapis_gax_go_v2", - "com_github_gophercloud_gophercloud": "com_github_gophercloud_gophercloud", - "com_github_gophercloud_utils": "com_github_gophercloud_utils", - "com_github_grpc_ecosystem_go_grpc_middleware_v2": "com_github_grpc_ecosystem_go_grpc_middleware_v2", - "com_github_hashicorp_go_kms_wrapping_v2": "com_github_hashicorp_go_kms_wrapping_v2", - "com_github_hashicorp_go_kms_wrapping_wrappers_awskms_v2": "com_github_hashicorp_go_kms_wrapping_wrappers_awskms_v2", - "com_github_hashicorp_go_kms_wrapping_wrappers_azurekeyvault_v2": "com_github_hashicorp_go_kms_wrapping_wrappers_azurekeyvault_v2", - "com_github_hashicorp_go_kms_wrapping_wrappers_gcpckms_v2": "com_github_hashicorp_go_kms_wrapping_wrappers_gcpckms_v2", - "com_github_hashicorp_go_version": "com_github_hashicorp_go_version", - "com_github_hashicorp_hc_install": "com_github_hashicorp_hc_install", - "com_github_hashicorp_hcl_v2": "com_github_hashicorp_hcl_v2", - "com_github_hashicorp_terraform_exec": "com_github_hashicorp_terraform_exec", - "com_github_hashicorp_terraform_json": "com_github_hashicorp_terraform_json", - "com_github_hashicorp_terraform_plugin_framework": "com_github_hashicorp_terraform_plugin_framework", - "com_github_hashicorp_terraform_plugin_framework_validators": "com_github_hashicorp_terraform_plugin_framework_validators", - "com_github_hashicorp_terraform_plugin_go": "com_github_hashicorp_terraform_plugin_go", - "com_github_hashicorp_terraform_plugin_log": "com_github_hashicorp_terraform_plugin_log", - "com_github_hashicorp_terraform_plugin_testing": "com_github_hashicorp_terraform_plugin_testing", - "com_github_hexops_gotextdiff": "com_github_hexops_gotextdiff", - "com_github_katexochen_sh_v3": "com_github_katexochen_sh_v3", - "com_github_martinjungblut_go_cryptsetup": "com_github_martinjungblut_go_cryptsetup", - "com_github_mattn_go_isatty": "com_github_mattn_go_isatty", - "com_github_mitchellh_go_homedir": "com_github_mitchellh_go_homedir", - "com_github_onsi_ginkgo_v2": "com_github_onsi_ginkgo_v2", - "com_github_onsi_gomega": "com_github_onsi_gomega", - "com_github_pkg_errors": "com_github_pkg_errors", - "com_github_regclient_regclient": "com_github_regclient_regclient", - "com_github_rogpeppe_go_internal": "com_github_rogpeppe_go_internal", - "com_github_samber_slog_multi": "com_github_samber_slog_multi", - "com_github_schollz_progressbar_v3": "com_github_schollz_progressbar_v3", - "com_github_secure_systems_lab_go_securesystemslib": "com_github_secure_systems_lab_go_securesystemslib", - "com_github_siderolabs_talos_pkg_machinery": "com_github_siderolabs_talos_pkg_machinery", - "com_github_sigstore_rekor": "com_github_sigstore_rekor", - "com_github_sigstore_sigstore": "com_github_sigstore_sigstore", - "com_github_spf13_afero": "com_github_spf13_afero", - "com_github_spf13_cobra": "com_github_spf13_cobra", - "com_github_spf13_pflag": "com_github_spf13_pflag", - "com_github_stretchr_testify": "com_github_stretchr_testify", - "com_github_tink_crypto_tink_go_v2": "com_github_tink_crypto_tink_go_v2", - "com_github_vincent_petithory_dataurl": "com_github_vincent_petithory_dataurl", - "com_google_cloud_go_compute": "com_google_cloud_go_compute", - "com_google_cloud_go_compute_metadata": "com_google_cloud_go_compute_metadata", - "com_google_cloud_go_kms": "com_google_cloud_go_kms", - "com_google_cloud_go_secretmanager": "com_google_cloud_go_secretmanager", - "com_google_cloud_go_storage": "com_google_cloud_go_storage", - "in_gopkg_yaml_v3": "in_gopkg_yaml_v3", - "io_etcd_go_etcd_api_v3": "io_etcd_go_etcd_api_v3", - "io_etcd_go_etcd_client_pkg_v3": "io_etcd_go_etcd_client_pkg_v3", - "io_etcd_go_etcd_client_v3": "io_etcd_go_etcd_client_v3", - "io_k8s_api": "io_k8s_api", - "io_k8s_apiextensions_apiserver": "io_k8s_apiextensions_apiserver", - "io_k8s_apimachinery": "io_k8s_apimachinery", - "io_k8s_apiserver": "io_k8s_apiserver", - "io_k8s_client_go": "io_k8s_client_go", - "io_k8s_cluster_bootstrap": "io_k8s_cluster_bootstrap", - "io_k8s_kubelet": "io_k8s_kubelet", - "io_k8s_kubernetes": "io_k8s_kubernetes", - "io_k8s_mount_utils": "io_k8s_mount_utils", - "io_k8s_sigs_controller_runtime": "io_k8s_sigs_controller_runtime", - "io_k8s_sigs_yaml": "io_k8s_sigs_yaml", - "io_k8s_utils": "io_k8s_utils", - "org_golang_google_api": "org_golang_google_api", - "org_golang_google_grpc": "org_golang_google_grpc", - "org_golang_google_protobuf": "org_golang_google_protobuf", - "org_golang_x_crypto": "org_golang_x_crypto", - "org_golang_x_exp": "org_golang_x_exp", - "org_golang_x_mod": "org_golang_x_mod", - "org_golang_x_sys": "org_golang_x_sys", - "org_golang_x_text": "org_golang_x_text", - "org_golang_x_tools": "org_golang_x_tools", - "org_golang_x_vuln": "org_golang_x_vuln", - "org_libvirt_go_libvirt": "org_libvirt_go_libvirt", - "org_uber_go_goleak": "org_uber_go_goleak", - "sh_helm_helm": "sh_helm_helm", - "sh_helm_helm_v3": "sh_helm_helm_v3" - }, - "devImports": [], - "tags": [ - { - "tagName": "from_file", - "attributeValues": { - "go_work": "//:go.work" - }, - "devDependency": false, - "location": { - "file": "@@//:MODULE.bazel", - "line": 33, - "column": 18 - } - }, - { - "tagName": "gazelle_override", - "attributeValues": { - "directives": [ - "gazelle:go_generate_proto false" - ], - "path": "go.etcd.io/etcd/api/v3" - }, - "devDependency": false, - "location": { - "file": "@@//:MODULE.bazel", - "line": 161, - "column": 29 - } - }, - { - "tagName": "gazelle_override", - "attributeValues": { - "directives": [ - "gazelle:go_generate_proto false" - ], - "path": "k8s.io/apiserver" - }, - "devDependency": false, - "location": { - "file": "@@//:MODULE.bazel", - "line": 161, - "column": 29 - } - }, - { - "tagName": "gazelle_override", - "attributeValues": { - "directives": [ - "gazelle:go_generate_proto false" - ], - "path": "github.com/hashicorp/go-plugin" - }, - "devDependency": false, - "location": { - "file": "@@//:MODULE.bazel", - "line": 161, - "column": 29 - } - }, - { - "tagName": "module_override", - "attributeValues": { - "patches": [ - "//3rdparty/bazel/com_github_martinjungblut_go_cryptsetup:com_github_martinjungblut_go_cryptsetup.patch" - ], - "path": "github.com/martinjungblut/go-cryptsetup" - }, - "devDependency": false, - "location": { - "file": "@@//:MODULE.bazel", - "line": 170, - "column": 24 - } - }, - { - "tagName": "module_override", - "attributeValues": { - "patches": [ - "//3rdparty/bazel/org_libvirt_go_libvirt:go_libvirt.patch" - ], - "path": "libvirt.org/go/libvirt" - }, - "devDependency": false, - "location": { - "file": "@@//:MODULE.bazel", - "line": 176, - "column": 24 - } - }, - { - "tagName": "module_override", - "attributeValues": { - "patches": [ - "//3rdparty/bazel/com_github_cloudflare_circl:math_fp448_BUILD_bazel.patch", - "//3rdparty/bazel/com_github_cloudflare_circl:math_fp25519_BUILD_bazel.patch", - "//3rdparty/bazel/com_github_cloudflare_circl:dh_x448_BUILD_bazel.patch", - "//3rdparty/bazel/com_github_cloudflare_circl:dh_x25519_BUILD_bazel.patch" - ], - "path": "github.com/cloudflare/circl" - }, - "devDependency": false, - "location": { - "file": "@@//:MODULE.bazel", - "line": 182, - "column": 24 - } - }, - { - "tagName": "module_override", - "attributeValues": { - "patches": [ - "//3rdparty/bazel/com_github_google_go_tpm_tools:com_github_google_go_tpm_tools.patch", - "//3rdparty/bazel/com_github_google_go_tpm_tools:ms_tpm_20_ref.patch", - "//3rdparty/bazel/com_github_google_go_tpm_tools:include.patch" - ], - "path": "github.com/google/go-tpm-tools" - }, - "devDependency": false, - "location": { - "file": "@@//:MODULE.bazel", - "line": 191, - "column": 24 - } - } - ], - "hasDevUseExtension": false, - "hasNonDevUseExtension": true - } - ], - "deps": { - "aspect_bazel_lib": "aspect_bazel_lib@2.7.7", - "bazel_skylib": "bazel_skylib@1.6.1", - "gazelle": "gazelle@_", - "hermetic_cc_toolchain": "hermetic_cc_toolchain@3.1.0", - "rules_cc": "rules_cc@0.0.9", - "io_bazel_rules_go": "rules_go@0.48.0", - "rules_pkg": "rules_pkg@0.10.1", - "rules_proto": "rules_proto@6.0.0.bcr.1", - "rules_python": "rules_python@0.32.2", - "buildifier_prebuilt": "buildifier_prebuilt@6.4.0", - "bazel_tools": "bazel_tools@_", - "local_config_platform": "local_config_platform@_" - } - }, - "aspect_bazel_lib@2.7.7": { - "name": "aspect_bazel_lib", - "version": "2.7.7", - "key": "aspect_bazel_lib@2.7.7", - "repoName": "aspect_bazel_lib", - "executionPlatformsToRegister": [], - "toolchainsToRegister": [ - "@copy_directory_toolchains//:all", - "@copy_to_directory_toolchains//:all", - "@jq_toolchains//:all", - "@yq_toolchains//:all", - "@coreutils_toolchains//:all", - "@expand_template_toolchains//:all", - "@bats_toolchains//:all", - "@bsd_tar_toolchains//:all", - "@zstd_toolchains//:all" - ], - "extensionUsages": [ - { - "extensionBzlFile": "@aspect_bazel_lib//lib:extensions.bzl", - "extensionName": "toolchains", - "usingModule": "aspect_bazel_lib@2.7.7", - "location": { - "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.7/MODULE.bazel", - "line": 17, - "column": 37 - }, - "imports": { - "bats_toolchains": "bats_toolchains", - "bsd_tar_toolchains": "bsd_tar_toolchains", - "copy_directory_toolchains": "copy_directory_toolchains", - "copy_to_directory_toolchains": "copy_to_directory_toolchains", - "coreutils_toolchains": "coreutils_toolchains", - "expand_template_toolchains": "expand_template_toolchains", - "jq_toolchains": "jq_toolchains", - "yq_toolchains": "yq_toolchains", - "zstd_toolchains": "zstd_toolchains" - }, - "devImports": [], - "tags": [ - { - "tagName": "copy_directory", - "attributeValues": {}, - "devDependency": false, - "location": { - "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.7/MODULE.bazel", - "line": 18, - "column": 36 - } - }, - { - "tagName": "copy_to_directory", - "attributeValues": {}, - "devDependency": false, - "location": { - "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.7/MODULE.bazel", - "line": 19, - "column": 39 - } - }, - { - "tagName": "jq", - "attributeValues": {}, - "devDependency": false, - "location": { - "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.7/MODULE.bazel", - "line": 20, - "column": 24 - } - }, - { - "tagName": "yq", - "attributeValues": {}, - "devDependency": false, - "location": { - "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.7/MODULE.bazel", - "line": 21, - "column": 24 - } - }, - { - "tagName": "coreutils", - "attributeValues": {}, - "devDependency": false, - "location": { - "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.7/MODULE.bazel", - "line": 22, - "column": 31 - } - }, - { - "tagName": "tar", - "attributeValues": {}, - "devDependency": false, - "location": { - "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.7/MODULE.bazel", - "line": 23, - "column": 25 - } - }, - { - "tagName": "zstd", - "attributeValues": {}, - "devDependency": false, - "location": { - "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.7/MODULE.bazel", - "line": 24, - "column": 26 - } - }, - { - "tagName": "expand_template", - "attributeValues": {}, - "devDependency": false, - "location": { - "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.7/MODULE.bazel", - "line": 25, - "column": 37 - } - }, - { - "tagName": "bats", - "attributeValues": {}, - "devDependency": false, - "location": { - "file": "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.7/MODULE.bazel", - "line": 26, - "column": 26 - } - } - ], - "hasDevUseExtension": false, - "hasNonDevUseExtension": true - } - ], - "deps": { - "bazel_skylib": "bazel_skylib@1.6.1", - "platforms": "platforms@0.0.8", - "io_bazel_stardoc": "stardoc@0.5.4", - "bazel_tools": "bazel_tools@_", - "local_config_platform": "local_config_platform@_" - }, - "repoSpec": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "urls": [ - "https://github.com/aspect-build/bazel-lib/releases/download/v2.7.7/bazel-lib-v2.7.7.tar.gz" - ], - "integrity": "sha256-bXWKj2Ruzuej4pT75Dhtqvvg5ZZnIwCcKQ1JPyJ8OQs=", - "strip_prefix": "bazel-lib-2.7.7", - "remote_patches": { - "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.7/patches/go_dev_dep.patch": "sha256-DTc/hk+etl4D50M0BLRik2vHbrgDb6rds+Dj4xphWb4=", - "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.7/patches/module_dot_bazel_version.patch": "sha256-FDbxjcvVK7HecYjvYhIaZ8HF2mujF2bZ/b6LiM6iu4A=" - }, - "remote_patch_strip": 1 - } - } - }, - "bazel_skylib@1.6.1": { - "name": "bazel_skylib", - "version": "1.6.1", - "key": "bazel_skylib@1.6.1", - "repoName": "bazel_skylib", - "executionPlatformsToRegister": [], - "toolchainsToRegister": [ - "//toolchains/unittest:cmd_toolchain", - "//toolchains/unittest:bash_toolchain" - ], - "extensionUsages": [], - "deps": { - "platforms": "platforms@0.0.8", - "bazel_tools": "bazel_tools@_", - "local_config_platform": "local_config_platform@_" - }, - "repoSpec": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "urls": [ - "https://github.com/bazelbuild/bazel-skylib/releases/download/1.6.1/bazel-skylib-1.6.1.tar.gz" - ], - "integrity": "sha256-nziIakBUjG6WwQa3UvJCEw7hGqoGila6flb0UR8z5PI=", - "strip_prefix": "", - "remote_patches": {}, - "remote_patch_strip": 0 - } - } - }, - "gazelle@_": { - "name": "gazelle", - "version": "0.37.0", - "key": "gazelle@_", - "repoName": "bazel_gazelle", - "executionPlatformsToRegister": [], - "toolchainsToRegister": [], - "extensionUsages": [ - { - "extensionBzlFile": "@io_bazel_rules_go//go:extensions.bzl", - "extensionName": "go_sdk", - "usingModule": "gazelle@_", - "location": { - "file": "@@gazelle~//:MODULE.bazel", - "line": 13, - "column": 23 - }, - "imports": { - "go_host_compatible_sdk_label": "go_host_compatible_sdk_label" - }, - "devImports": [], - "tags": [], - "hasDevUseExtension": false, - "hasNonDevUseExtension": true - }, - { - "extensionBzlFile": "@bazel_gazelle//internal/bzlmod:non_module_deps.bzl", - "extensionName": "non_module_deps", - "usingModule": "gazelle@_", - "location": { - "file": "@@gazelle~//:MODULE.bazel", - "line": 21, - "column": 32 - }, - "imports": { - "bazel_gazelle_go_repository_cache": "bazel_gazelle_go_repository_cache", - "bazel_gazelle_go_repository_tools": "bazel_gazelle_go_repository_tools", - "bazel_gazelle_is_bazel_module": "bazel_gazelle_is_bazel_module" - }, - "devImports": [], - "tags": [], - "hasDevUseExtension": false, - "hasNonDevUseExtension": true - }, - { - "extensionBzlFile": "@bazel_gazelle//:extensions.bzl", - "extensionName": "go_deps", - "usingModule": "gazelle@_", - "location": { - "file": "@@gazelle~//:MODULE.bazel", - "line": 29, - "column": 24 - }, - "imports": { - "com_github_bazelbuild_buildtools": "com_github_bazelbuild_buildtools", - "com_github_bmatcuk_doublestar_v4": "com_github_bmatcuk_doublestar_v4", - "com_github_fsnotify_fsnotify": "com_github_fsnotify_fsnotify", - "com_github_google_go_cmp": "com_github_google_go_cmp", - "com_github_pmezard_go_difflib": "com_github_pmezard_go_difflib", - "org_golang_x_mod": "org_golang_x_mod", - "org_golang_x_sync": "org_golang_x_sync", - "org_golang_x_tools": "org_golang_x_tools", - "org_golang_x_tools_go_vcs": "org_golang_x_tools_go_vcs", - "bazel_gazelle_go_repository_config": "bazel_gazelle_go_repository_config", - "com_github_golang_protobuf": "com_github_golang_protobuf", - "org_golang_google_protobuf": "org_golang_google_protobuf" - }, - "devImports": [], - "tags": [ - { - "tagName": "from_file", - "attributeValues": { - "go_mod": "//:go.mod" - }, - "devDependency": false, - "location": { - "file": "@@gazelle~//:MODULE.bazel", - "line": 30, - "column": 18 - } - }, - { - "tagName": "module", - "attributeValues": { - "path": "golang.org/x/tools", - "sum": "h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ=", - "version": "v0.18.0" - }, - "devDependency": false, - "location": { - "file": "@@gazelle~//:MODULE.bazel", - "line": 34, - "column": 15 - } - } - ], - "hasDevUseExtension": false, - "hasNonDevUseExtension": true - } - ], - "deps": { - "bazel_features": "bazel_features@1.9.1", - "bazel_skylib": "bazel_skylib@1.6.1", - "com_google_protobuf": "protobuf@21.7", - "io_bazel_rules_go": "rules_go@0.48.0", - "rules_proto": "rules_proto@6.0.0.bcr.1", - "bazel_tools": "bazel_tools@_", - "local_config_platform": "local_config_platform@_" - } - }, - "hermetic_cc_toolchain@3.1.0": { - "name": "hermetic_cc_toolchain", - "version": "3.1.0", - "key": "hermetic_cc_toolchain@3.1.0", - "repoName": "hermetic_cc_toolchain", - "executionPlatformsToRegister": [], - "toolchainsToRegister": [ - "@zig_sdk//toolchain:linux_amd64_gnu.2.28", - "@zig_sdk//toolchain:linux_arm64_gnu.2.28", - "@zig_sdk//toolchain:windows_amd64", - "@zig_sdk//toolchain:windows_arm64", - "@zig_sdk//libc_aware/toolchain:linux_amd64_gnu.2.28", - "@zig_sdk//libc_aware/toolchain:linux_amd64_gnu.2.31", - "@zig_sdk//libc_aware/toolchain:linux_amd64_musl", - "@zig_sdk//libc_aware/toolchain:linux_arm64_gnu.2.28", - "@zig_sdk//libc_aware/toolchain:linux_arm64_musl", - "@zig_sdk//toolchain:wasip1_wasm" - ], - "extensionUsages": [ - { - "extensionBzlFile": "@hermetic_cc_toolchain//toolchain:ext.bzl", - "extensionName": "toolchains", - "usingModule": "hermetic_cc_toolchain@3.1.0", - "location": { - "file": "https://bcr.bazel.build/modules/hermetic_cc_toolchain/3.1.0/MODULE.bazel", - "line": 32, - "column": 27 - }, - "imports": { - "zig_sdk": "zig_sdk" - }, - "devImports": [], - "tags": [], - "hasDevUseExtension": false, - "hasNonDevUseExtension": true - } - ], - "deps": { - "platforms": "platforms@0.0.8", - "bazel_tools": "bazel_tools@_", - "local_config_platform": "local_config_platform@_" - }, - "repoSpec": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "urls": [ - "https://github.com/uber/hermetic_cc_toolchain/releases/download/v3.1.0/hermetic_cc_toolchain-v3.1.0.tar.gz" - ], - "integrity": "sha256-3wka/CXXOwlI7TcdPWG+7ylEf2kFCOArwk5wAczBLTg=", - "strip_prefix": "", - "remote_patches": {}, - "remote_patch_strip": 0 - } - } - }, - "rules_cc@0.0.9": { - "name": "rules_cc", - "version": "0.0.9", - "key": "rules_cc@0.0.9", - "repoName": "rules_cc", - "executionPlatformsToRegister": [], - "toolchainsToRegister": [ - "@local_config_cc_toolchains//:all" - ], - "extensionUsages": [ - { - "extensionBzlFile": "@bazel_tools//tools/cpp:cc_configure.bzl", - "extensionName": "cc_configure_extension", - "usingModule": "rules_cc@0.0.9", - "location": { - "file": "https://bcr.bazel.build/modules/rules_cc/0.0.9/MODULE.bazel", - "line": 9, - "column": 29 - }, - "imports": { - "local_config_cc_toolchains": "local_config_cc_toolchains" - }, - "devImports": [], - "tags": [], - "hasDevUseExtension": false, - "hasNonDevUseExtension": true - } - ], - "deps": { - "platforms": "platforms@0.0.8", - "bazel_tools": "bazel_tools@_", - "local_config_platform": "local_config_platform@_" - }, - "repoSpec": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "urls": [ - "https://github.com/bazelbuild/rules_cc/releases/download/0.0.9/rules_cc-0.0.9.tar.gz" - ], - "integrity": "sha256-IDeHW5pEVtzkp50RKorohbvEqtlo5lh9ym5k86CQDN8=", - "strip_prefix": "rules_cc-0.0.9", - "remote_patches": { - "https://bcr.bazel.build/modules/rules_cc/0.0.9/patches/module_dot_bazel_version.patch": "sha256-mM+qzOI0SgAdaJBlWOSMwMPKpaA9b7R37Hj/tp5bb4g=" - }, - "remote_patch_strip": 0 - } - } - }, - "rules_go@0.48.0": { - "name": "rules_go", - "version": "0.48.0", - "key": "rules_go@0.48.0", - "repoName": "io_bazel_rules_go", - "executionPlatformsToRegister": [], - "toolchainsToRegister": [ - "@go_toolchains//:all" - ], - "extensionUsages": [ - { - "extensionBzlFile": "@io_bazel_rules_go//go:extensions.bzl", - "extensionName": "go_sdk", - "usingModule": "rules_go@0.48.0", - "location": { - "file": "https://bcr.bazel.build/modules/rules_go/0.48.0/MODULE.bazel", - "line": 16, - "column": 23 - }, - "imports": { - "go_toolchains": "go_toolchains", - "io_bazel_rules_nogo": "io_bazel_rules_nogo" - }, - "devImports": [], - "tags": [ - { - "tagName": "download", - "attributeValues": { - "name": "go_default_sdk", - "version": "1.21.8" - }, - "devDependency": false, - "location": { - "file": "https://bcr.bazel.build/modules/rules_go/0.48.0/MODULE.bazel", - "line": 17, - "column": 16 - } - } - ], - "hasDevUseExtension": false, - "hasNonDevUseExtension": true - }, - { - "extensionBzlFile": "@gazelle//:extensions.bzl", - "extensionName": "go_deps", - "usingModule": "rules_go@0.48.0", - "location": { - "file": "https://bcr.bazel.build/modules/rules_go/0.48.0/MODULE.bazel", - "line": 32, - "column": 24 - }, - "imports": { - "com_github_gogo_protobuf": "com_github_gogo_protobuf", - "com_github_golang_mock": "com_github_golang_mock", - "com_github_golang_protobuf": "com_github_golang_protobuf", - "org_golang_google_genproto": "org_golang_google_genproto", - "org_golang_google_grpc": "org_golang_google_grpc", - "org_golang_google_grpc_cmd_protoc_gen_go_grpc": "org_golang_google_grpc_cmd_protoc_gen_go_grpc", - "org_golang_google_protobuf": "org_golang_google_protobuf", - "org_golang_x_net": "org_golang_x_net", - "org_golang_x_tools": "org_golang_x_tools", - "bazel_gazelle_go_repository_config": "bazel_gazelle_go_repository_config" - }, - "devImports": [], - "tags": [ - { - "tagName": "from_file", - "attributeValues": { - "go_mod": "//:go.mod" - }, - "devDependency": false, - "location": { - "file": "https://bcr.bazel.build/modules/rules_go/0.48.0/MODULE.bazel", - "line": 33, - "column": 18 - } - } - ], - "hasDevUseExtension": false, - "hasNonDevUseExtension": true - } - ], - "deps": { - "io_bazel_rules_go_bazel_features": "bazel_features@1.9.1", - "bazel_skylib": "bazel_skylib@1.6.1", - "platforms": "platforms@0.0.8", - "rules_proto": "rules_proto@6.0.0.bcr.1", - "com_google_protobuf": "protobuf@21.7", - "gazelle": "gazelle@_", - "bazel_tools": "bazel_tools@_", - "local_config_platform": "local_config_platform@_" - }, - "repoSpec": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "urls": [ - "https://github.com/bazelbuild/rules_go/releases/download/v0.48.0/rules_go-v0.48.0.zip" - ], - "integrity": "sha256-M6zErg9wUC20uJPJ/B3Xqb+ZjCPn/yxFF3QdQEmpdvg=", - "strip_prefix": "", - "remote_patches": {}, - "remote_patch_strip": 0 - } - } - }, - "rules_pkg@0.10.1": { - "name": "rules_pkg", - "version": "0.10.1", - "key": "rules_pkg@0.10.1", - "repoName": "rules_pkg", - "executionPlatformsToRegister": [], - "toolchainsToRegister": [], - "extensionUsages": [], - "deps": { - "rules_license": "rules_license@0.0.7", - "rules_python": "rules_python@0.32.2", - "bazel_skylib": "bazel_skylib@1.6.1", - "bazel_tools": "bazel_tools@_", - "local_config_platform": "local_config_platform@_" - }, - "repoSpec": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "urls": [ - "https://github.com/bazelbuild/rules_pkg/releases/download/0.10.1/rules_pkg-0.10.1.tar.gz" - ], - "integrity": "sha256-0lCSSi7MUXaAj8TCXVz16eeeY0bXnVqxxJPiieci0dA=", - "strip_prefix": "", - "remote_patches": {}, - "remote_patch_strip": 0 - } - } - }, - "rules_proto@6.0.0.bcr.1": { - "name": "rules_proto", - "version": "6.0.0.bcr.1", - "key": "rules_proto@6.0.0.bcr.1", - "repoName": "rules_proto", - "executionPlatformsToRegister": [], - "toolchainsToRegister": [], - "extensionUsages": [], - "deps": { - "rules_license": "rules_license@0.0.7", - "bazel_skylib": "bazel_skylib@1.6.1", - "bazel_features": "bazel_features@1.9.1", - "rules_cc": "rules_cc@0.0.9", - "bazel_tools": "bazel_tools@_", - "local_config_platform": "local_config_platform@_" - }, - "repoSpec": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "urls": [ - "https://github.com/bazelbuild/rules_proto/releases/download/6.0.0/rules_proto-6.0.0.tar.gz" - ], - "integrity": "sha256-MD6G5yKlIPbzJqULQc/Ba5j+bRlVzkZkKlt6Z8EcD10=", - "strip_prefix": "rules_proto-6.0.0", - "remote_patches": { - "https://bcr.bazel.build/modules/rules_proto/6.0.0.bcr.1/patches/module_dot_bazel_version.patch": "sha256-O611MTM6jc/FSREFg1XadlJTs+0AEV0OXw5rymD9w74=" - }, - "remote_patch_strip": 1 - } - } - }, - "rules_python@0.32.2": { - "name": "rules_python", - "version": "0.32.2", - "key": "rules_python@0.32.2", - "repoName": "rules_python", - "executionPlatformsToRegister": [], - "toolchainsToRegister": [ - "@pythons_hub//:all" - ], - "extensionUsages": [ - { - "extensionBzlFile": "@rules_python//python/private/bzlmod:internal_deps.bzl", - "extensionName": "internal_deps", - "usingModule": "rules_python@0.32.2", - "location": { - "file": "https://bcr.bazel.build/modules/rules_python/0.32.2/MODULE.bazel", - "line": 16, - "column": 30 - }, - "imports": { - "rules_python_internal": "rules_python_internal", - "pypi__build": "pypi__build", - "pypi__click": "pypi__click", - "pypi__colorama": "pypi__colorama", - "pypi__importlib_metadata": "pypi__importlib_metadata", - "pypi__installer": "pypi__installer", - "pypi__more_itertools": "pypi__more_itertools", - "pypi__packaging": "pypi__packaging", - "pypi__pep517": "pypi__pep517", - "pypi__pip": "pypi__pip", - "pypi__pip_tools": "pypi__pip_tools", - "pypi__pyproject_hooks": "pypi__pyproject_hooks", - "pypi__setuptools": "pypi__setuptools", - "pypi__tomli": "pypi__tomli", - "pypi__wheel": "pypi__wheel", - "pypi__zipp": "pypi__zipp" - }, - "devImports": [], - "tags": [ - { - "tagName": "install", - "attributeValues": {}, - "devDependency": false, - "location": { - "file": "https://bcr.bazel.build/modules/rules_python/0.32.2/MODULE.bazel", - "line": 17, - "column": 22 - } - } - ], - "hasDevUseExtension": false, - "hasNonDevUseExtension": true - }, - { - "extensionBzlFile": "@rules_python//python/extensions:python.bzl", - "extensionName": "python", - "usingModule": "rules_python@0.32.2", - "location": { - "file": "https://bcr.bazel.build/modules/rules_python/0.32.2/MODULE.bazel", - "line": 42, - "column": 23 - }, - "imports": { - "python_3_11": "python_3_11", - "python_versions": "python_versions", - "pythons_hub": "pythons_hub" - }, - "devImports": [], - "tags": [ - { - "tagName": "toolchain", - "attributeValues": { - "is_default": true, - "python_version": "3.11" - }, - "devDependency": false, - "location": { - "file": "https://bcr.bazel.build/modules/rules_python/0.32.2/MODULE.bazel", - "line": 48, - "column": 17 - } - } - ], - "hasDevUseExtension": false, - "hasNonDevUseExtension": true - }, - { - "extensionBzlFile": "@rules_python//python/extensions:pip.bzl", - "extensionName": "pip", - "usingModule": "rules_python@0.32.2", - "location": { - "file": "https://bcr.bazel.build/modules/rules_python/0.32.2/MODULE.bazel", - "line": 60, - "column": 20 - }, - "imports": { - "rules_python_publish_deps": "rules_python_publish_deps" - }, - "devImports": [], - "tags": [ - { - "tagName": "parse", - "attributeValues": { - "experimental_index_url": "https://pypi.org/simple", - "hub_name": "rules_python_publish_deps", - "python_version": "3.11", - "requirements_darwin": "//tools/publish:requirements_darwin.txt", - "requirements_lock": "//tools/publish:requirements.txt", - "requirements_windows": "//tools/publish:requirements_windows.txt" - }, - "devDependency": false, - "location": { - "file": "https://bcr.bazel.build/modules/rules_python/0.32.2/MODULE.bazel", - "line": 61, - "column": 10 - } - } - ], - "hasDevUseExtension": false, - "hasNonDevUseExtension": true - } - ], - "deps": { - "bazel_features": "bazel_features@1.9.1", - "bazel_skylib": "bazel_skylib@1.6.1", - "rules_cc": "rules_cc@0.0.9", - "platforms": "platforms@0.0.8", - "rules_proto": "rules_proto@6.0.0.bcr.1", - "com_google_protobuf": "protobuf@21.7", - "bazel_tools": "bazel_tools@_", - "local_config_platform": "local_config_platform@_" - }, - "repoSpec": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "urls": [ - "https://github.com/bazelbuild/rules_python/releases/download/0.32.2/rules_python-0.32.2.tar.gz" - ], - "integrity": "sha256-SRLO1w3BoqjkuGzsIzsZLKBT6CvHLYd7mOEmFW6PIo0=", - "strip_prefix": "rules_python-0.32.2", - "remote_patches": { - "https://bcr.bazel.build/modules/rules_python/0.32.2/patches/module_dot_bazel_version.patch": "sha256-lfZaBBRr2RFX7bO0wsVwW9urJGDBxoJHEwQ2tMN862k=" - }, - "remote_patch_strip": 1 - } - } - }, - "buildifier_prebuilt@6.4.0": { - "name": "buildifier_prebuilt", - "version": "6.4.0", - "key": "buildifier_prebuilt@6.4.0", - "repoName": "buildifier_prebuilt", - "executionPlatformsToRegister": [], - "toolchainsToRegister": [ - "@buildifier_prebuilt_toolchains//:all" - ], - "extensionUsages": [ - { - "extensionBzlFile": "@buildifier_prebuilt//:defs.bzl", - "extensionName": "buildifier_prebuilt_deps_extension", - "usingModule": "buildifier_prebuilt@6.4.0", - "location": { - "file": "https://bcr.bazel.build/modules/buildifier_prebuilt/6.4.0/MODULE.bazel", - "line": 10, - "column": 32 - }, - "imports": { - "buildifier_prebuilt_toolchains": "buildifier_prebuilt_toolchains" - }, - "devImports": [], - "tags": [], - "hasDevUseExtension": false, - "hasNonDevUseExtension": true - } - ], - "deps": { - "bazel_skylib": "bazel_skylib@1.6.1", - "platforms": "platforms@0.0.8", - "bazel_tools": "bazel_tools@_", - "local_config_platform": "local_config_platform@_" - }, - "repoSpec": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "urls": [ - "https://github.com/keith/buildifier-prebuilt/archive/refs/tags/6.4.0.tar.gz" - ], - "integrity": "sha256-itqdiOUev1of3/N9de1B1R9eZ3zb6vsKIt2lR0fW4H4=", - "strip_prefix": "buildifier-prebuilt-6.4.0", - "remote_patches": { - "https://bcr.bazel.build/modules/buildifier_prebuilt/6.4.0/patches/module_dot_bazel_version.patch": "sha256-FpUp/q4zJ2H12lwezrYaPUGLY2rr1XoWpiDRaE19udw=" - }, - "remote_patch_strip": 0 - } - } - }, - "bazel_tools@_": { - "name": "bazel_tools", - "version": "", - "key": "bazel_tools@_", - "repoName": "bazel_tools", - "executionPlatformsToRegister": [], - "toolchainsToRegister": [ - "@local_config_cc_toolchains//:all", - "@local_config_sh//:local_sh_toolchain" - ], - "extensionUsages": [ - { - "extensionBzlFile": "@bazel_tools//tools/cpp:cc_configure.bzl", - "extensionName": "cc_configure_extension", - "usingModule": "bazel_tools@_", - "location": { - "file": "@@bazel_tools//:MODULE.bazel", - "line": 18, - "column": 29 - }, - "imports": { - "local_config_cc": "local_config_cc", - "local_config_cc_toolchains": "local_config_cc_toolchains" - }, - "devImports": [], - "tags": [], - "hasDevUseExtension": false, - "hasNonDevUseExtension": true - }, - { - "extensionBzlFile": "@bazel_tools//tools/osx:xcode_configure.bzl", - "extensionName": "xcode_configure_extension", - "usingModule": "bazel_tools@_", - "location": { - "file": "@@bazel_tools//:MODULE.bazel", - "line": 22, - "column": 32 - }, - "imports": { - "local_config_xcode": "local_config_xcode" - }, - "devImports": [], - "tags": [], - "hasDevUseExtension": false, - "hasNonDevUseExtension": true - }, - { - "extensionBzlFile": "@rules_java//java:extensions.bzl", - "extensionName": "toolchains", - "usingModule": "bazel_tools@_", - "location": { - "file": "@@bazel_tools//:MODULE.bazel", - "line": 25, - "column": 32 - }, - "imports": { - "local_jdk": "local_jdk", - "remote_java_tools": "remote_java_tools", - "remote_java_tools_linux": "remote_java_tools_linux", - "remote_java_tools_windows": "remote_java_tools_windows", - "remote_java_tools_darwin_x86_64": "remote_java_tools_darwin_x86_64", - "remote_java_tools_darwin_arm64": "remote_java_tools_darwin_arm64" - }, - "devImports": [], - "tags": [], - "hasDevUseExtension": false, - "hasNonDevUseExtension": true - }, - { - "extensionBzlFile": "@bazel_tools//tools/sh:sh_configure.bzl", - "extensionName": "sh_configure_extension", - "usingModule": "bazel_tools@_", - "location": { - "file": "@@bazel_tools//:MODULE.bazel", - "line": 36, - "column": 39 - }, - "imports": { - "local_config_sh": "local_config_sh" - }, - "devImports": [], - "tags": [], - "hasDevUseExtension": false, - "hasNonDevUseExtension": true - }, - { - "extensionBzlFile": "@bazel_tools//tools/test:extensions.bzl", - "extensionName": "remote_coverage_tools_extension", - "usingModule": "bazel_tools@_", - "location": { - "file": "@@bazel_tools//:MODULE.bazel", - "line": 40, - "column": 48 - }, - "imports": { - "remote_coverage_tools": "remote_coverage_tools" - }, - "devImports": [], - "tags": [], - "hasDevUseExtension": false, - "hasNonDevUseExtension": true - }, - { - "extensionBzlFile": "@bazel_tools//tools/android:android_extensions.bzl", - "extensionName": "remote_android_tools_extensions", - "usingModule": "bazel_tools@_", - "location": { - "file": "@@bazel_tools//:MODULE.bazel", - "line": 43, - "column": 42 - }, - "imports": { - "android_gmaven_r8": "android_gmaven_r8", - "android_tools": "android_tools" - }, - "devImports": [], - "tags": [], - "hasDevUseExtension": false, - "hasNonDevUseExtension": true - }, - { - "extensionBzlFile": "@buildozer//:buildozer_binary.bzl", - "extensionName": "buildozer_binary", - "usingModule": "bazel_tools@_", - "location": { - "file": "@@bazel_tools//:MODULE.bazel", - "line": 47, - "column": 33 - }, - "imports": { - "buildozer_binary": "buildozer_binary" - }, - "devImports": [], - "tags": [], - "hasDevUseExtension": false, - "hasNonDevUseExtension": true - } - ], - "deps": { - "rules_cc": "rules_cc@0.0.9", - "rules_java": "rules_java@7.4.0", - "rules_license": "rules_license@0.0.7", - "rules_proto": "rules_proto@6.0.0.bcr.1", - "rules_python": "rules_python@0.32.2", - "buildozer": "buildozer@6.4.0.2", - "platforms": "platforms@0.0.8", - "com_google_protobuf": "protobuf@21.7", - "zlib": "zlib@1.3", - "build_bazel_apple_support": "apple_support@1.5.0", - "local_config_platform": "local_config_platform@_" - } - }, - "local_config_platform@_": { - "name": "local_config_platform", - "version": "", - "key": "local_config_platform@_", - "repoName": "local_config_platform", - "executionPlatformsToRegister": [], - "toolchainsToRegister": [], - "extensionUsages": [], - "deps": { - "platforms": "platforms@0.0.8", - "bazel_tools": "bazel_tools@_" - } - }, - "platforms@0.0.8": { - "name": "platforms", - "version": "0.0.8", - "key": "platforms@0.0.8", - "repoName": "platforms", - "executionPlatformsToRegister": [], - "toolchainsToRegister": [], - "extensionUsages": [], - "deps": { - "rules_license": "rules_license@0.0.7", - "bazel_tools": "bazel_tools@_", - "local_config_platform": "local_config_platform@_" - }, - "repoSpec": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "urls": [ - "https://github.com/bazelbuild/platforms/releases/download/0.0.8/platforms-0.0.8.tar.gz" - ], - "integrity": "sha256-gVBAZgU4ns7LbaB8vLUJ1WN6OrmiS8abEQFTE2fYnXQ=", - "strip_prefix": "", - "remote_patches": {}, - "remote_patch_strip": 0 - } - } - }, - "stardoc@0.5.4": { - "name": "stardoc", - "version": "0.5.4", - "key": "stardoc@0.5.4", - "repoName": "stardoc", - "executionPlatformsToRegister": [], - "toolchainsToRegister": [], - "extensionUsages": [], - "deps": { - "bazel_skylib": "bazel_skylib@1.6.1", - "rules_java": "rules_java@7.4.0", - "rules_license": "rules_license@0.0.7", - "bazel_tools": "bazel_tools@_", - "local_config_platform": "local_config_platform@_" - }, - "repoSpec": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "urls": [ - "https://github.com/bazelbuild/stardoc/releases/download/0.5.4/stardoc-0.5.4.tar.gz" - ], - "integrity": "sha256-7FcTnkZvquVj8vw5YJ2klIpHm7UbbWeu3X2bG4BZxDM=", - "strip_prefix": "", - "remote_patches": {}, - "remote_patch_strip": 0 - } - } - }, - "bazel_features@1.9.1": { - "name": "bazel_features", - "version": "1.9.1", - "key": "bazel_features@1.9.1", - "repoName": "bazel_features", - "executionPlatformsToRegister": [], - "toolchainsToRegister": [], - "extensionUsages": [ - { - "extensionBzlFile": "@bazel_features//private:extensions.bzl", - "extensionName": "version_extension", - "usingModule": "bazel_features@1.9.1", - "location": { - "file": "https://bcr.bazel.build/modules/bazel_features/1.9.1/MODULE.bazel", - "line": 15, - "column": 24 - }, - "imports": { - "bazel_features_globals": "bazel_features_globals", - "bazel_features_version": "bazel_features_version" - }, - "devImports": [], - "tags": [], - "hasDevUseExtension": false, - "hasNonDevUseExtension": true - } - ], - "deps": { - "bazel_skylib": "bazel_skylib@1.6.1", - "bazel_tools": "bazel_tools@_", - "local_config_platform": "local_config_platform@_" - }, - "repoSpec": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "urls": [ - "https://github.com/bazel-contrib/bazel_features/releases/download/v1.9.1/bazel_features-v1.9.1.tar.gz" - ], - "integrity": "sha256-13h9oomn+0lzUiEa0gDsn2mIIqngdXpJdv2fcT/zcrM=", - "strip_prefix": "bazel_features-1.9.1", - "remote_patches": { - "https://bcr.bazel.build/modules/bazel_features/1.9.1/patches/module_dot_bazel_version.patch": "sha256-a2ofwS5r2Qq+WxzVa7sLbRXhfT3JoYxSlUVQH/nL454=" - }, - "remote_patch_strip": 1 - } - } - }, - "protobuf@21.7": { - "name": "protobuf", - "version": "21.7", - "key": "protobuf@21.7", - "repoName": "protobuf", - "executionPlatformsToRegister": [], - "toolchainsToRegister": [], - "extensionUsages": [ - { - "extensionBzlFile": "@rules_jvm_external//:extensions.bzl", - "extensionName": "maven", - "usingModule": "protobuf@21.7", - "location": { - "file": "https://bcr.bazel.build/modules/protobuf/21.7/MODULE.bazel", - "line": 22, - "column": 22 - }, - "imports": { - "maven": "maven" - }, - "devImports": [], - "tags": [ - { - "tagName": "install", - "attributeValues": { - "name": "maven", - "artifacts": [ - "com.google.code.findbugs:jsr305:3.0.2", - "com.google.code.gson:gson:2.8.9", - "com.google.errorprone:error_prone_annotations:2.3.2", - "com.google.j2objc:j2objc-annotations:1.3", - "com.google.guava:guava:31.1-jre", - "com.google.guava:guava-testlib:31.1-jre", - "com.google.truth:truth:1.1.2", - "junit:junit:4.13.2", - "org.mockito:mockito-core:4.3.1" - ] - }, - "devDependency": false, - "location": { - "file": "https://bcr.bazel.build/modules/protobuf/21.7/MODULE.bazel", - "line": 24, - "column": 14 - } - } - ], - "hasDevUseExtension": false, - "hasNonDevUseExtension": true - } - ], - "deps": { - "bazel_skylib": "bazel_skylib@1.6.1", - "rules_python": "rules_python@0.32.2", - "rules_cc": "rules_cc@0.0.9", - "rules_proto": "rules_proto@6.0.0.bcr.1", - "rules_java": "rules_java@7.4.0", - "rules_pkg": "rules_pkg@0.10.1", - "com_google_abseil": "abseil-cpp@20211102.0", - "zlib": "zlib@1.3", - "upb": "upb@0.0.0-20220923-a547704", - "rules_jvm_external": "rules_jvm_external@4.4.2", - "com_google_googletest": "googletest@1.11.0", - "bazel_tools": "bazel_tools@_", - "local_config_platform": "local_config_platform@_" - }, - "repoSpec": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "urls": [ - "https://github.com/protocolbuffers/protobuf/releases/download/v21.7/protobuf-all-21.7.zip" - ], - "integrity": "sha256-VJOiH17T/FAuZv7GuUScBqVRztYwAvpIkDxA36jeeko=", - "strip_prefix": "protobuf-21.7", - "remote_patches": { - "https://bcr.bazel.build/modules/protobuf/21.7/patches/add_module_dot_bazel.patch": "sha256-q3V2+eq0v2XF0z8z+V+QF4cynD6JvHI1y3kI/+rzl5s=", - "https://bcr.bazel.build/modules/protobuf/21.7/patches/add_module_dot_bazel_for_examples.patch": "sha256-O7YP6s3lo/1opUiO0jqXYORNHdZ/2q3hjz1QGy8QdIU=", - "https://bcr.bazel.build/modules/protobuf/21.7/patches/relative_repo_names.patch": "sha256-RK9RjW8T5UJNG7flIrnFiNE9vKwWB+8uWWtJqXYT0w4=", - "https://bcr.bazel.build/modules/protobuf/21.7/patches/add_missing_files.patch": "sha256-Hyne4DG2u5bXcWHNxNMirA2QFAe/2Cl8oMm1XJdkQIY=" - }, - "remote_patch_strip": 1 - } - } - }, - "rules_license@0.0.7": { - "name": "rules_license", - "version": "0.0.7", - "key": "rules_license@0.0.7", - "repoName": "rules_license", - "executionPlatformsToRegister": [], - "toolchainsToRegister": [], - "extensionUsages": [], - "deps": { - "bazel_tools": "bazel_tools@_", - "local_config_platform": "local_config_platform@_" - }, - "repoSpec": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "urls": [ - "https://github.com/bazelbuild/rules_license/releases/download/0.0.7/rules_license-0.0.7.tar.gz" - ], - "integrity": "sha256-RTHezLkTY5ww5cdRKgVNXYdWmNrrddjPkPKEN1/nw2A=", - "strip_prefix": "", - "remote_patches": {}, - "remote_patch_strip": 0 - } - } - }, - "rules_java@7.4.0": { - "name": "rules_java", - "version": "7.4.0", - "key": "rules_java@7.4.0", - "repoName": "rules_java", - "executionPlatformsToRegister": [], - "toolchainsToRegister": [ - "//toolchains:all", - "@local_jdk//:runtime_toolchain_definition", - "@local_jdk//:bootstrap_runtime_toolchain_definition", - "@remotejdk11_linux_toolchain_config_repo//:all", - "@remotejdk11_linux_aarch64_toolchain_config_repo//:all", - "@remotejdk11_linux_ppc64le_toolchain_config_repo//:all", - "@remotejdk11_linux_s390x_toolchain_config_repo//:all", - "@remotejdk11_macos_toolchain_config_repo//:all", - "@remotejdk11_macos_aarch64_toolchain_config_repo//:all", - "@remotejdk11_win_toolchain_config_repo//:all", - "@remotejdk11_win_arm64_toolchain_config_repo//:all", - "@remotejdk17_linux_toolchain_config_repo//:all", - "@remotejdk17_linux_aarch64_toolchain_config_repo//:all", - "@remotejdk17_linux_ppc64le_toolchain_config_repo//:all", - "@remotejdk17_linux_s390x_toolchain_config_repo//:all", - "@remotejdk17_macos_toolchain_config_repo//:all", - "@remotejdk17_macos_aarch64_toolchain_config_repo//:all", - "@remotejdk17_win_toolchain_config_repo//:all", - "@remotejdk17_win_arm64_toolchain_config_repo//:all", - "@remotejdk21_linux_toolchain_config_repo//:all", - "@remotejdk21_linux_aarch64_toolchain_config_repo//:all", - "@remotejdk21_macos_toolchain_config_repo//:all", - "@remotejdk21_macos_aarch64_toolchain_config_repo//:all", - "@remotejdk21_win_toolchain_config_repo//:all" - ], - "extensionUsages": [ - { - "extensionBzlFile": "@rules_java//java:extensions.bzl", - "extensionName": "toolchains", - "usingModule": "rules_java@7.4.0", - "location": { - "file": "https://bcr.bazel.build/modules/rules_java/7.4.0/MODULE.bazel", - "line": 19, - "column": 27 - }, - "imports": { - "remote_java_tools": "remote_java_tools", - "remote_java_tools_linux": "remote_java_tools_linux", - "remote_java_tools_windows": "remote_java_tools_windows", - "remote_java_tools_darwin_x86_64": "remote_java_tools_darwin_x86_64", - "remote_java_tools_darwin_arm64": "remote_java_tools_darwin_arm64", - "local_jdk": "local_jdk", - "remotejdk11_linux_toolchain_config_repo": "remotejdk11_linux_toolchain_config_repo", - "remotejdk11_linux_aarch64_toolchain_config_repo": "remotejdk11_linux_aarch64_toolchain_config_repo", - "remotejdk11_linux_ppc64le_toolchain_config_repo": "remotejdk11_linux_ppc64le_toolchain_config_repo", - "remotejdk11_linux_s390x_toolchain_config_repo": "remotejdk11_linux_s390x_toolchain_config_repo", - "remotejdk11_macos_toolchain_config_repo": "remotejdk11_macos_toolchain_config_repo", - "remotejdk11_macos_aarch64_toolchain_config_repo": "remotejdk11_macos_aarch64_toolchain_config_repo", - "remotejdk11_win_toolchain_config_repo": "remotejdk11_win_toolchain_config_repo", - "remotejdk11_win_arm64_toolchain_config_repo": "remotejdk11_win_arm64_toolchain_config_repo", - "remotejdk17_linux_toolchain_config_repo": "remotejdk17_linux_toolchain_config_repo", - "remotejdk17_linux_aarch64_toolchain_config_repo": "remotejdk17_linux_aarch64_toolchain_config_repo", - "remotejdk17_linux_ppc64le_toolchain_config_repo": "remotejdk17_linux_ppc64le_toolchain_config_repo", - "remotejdk17_linux_s390x_toolchain_config_repo": "remotejdk17_linux_s390x_toolchain_config_repo", - "remotejdk17_macos_toolchain_config_repo": "remotejdk17_macos_toolchain_config_repo", - "remotejdk17_macos_aarch64_toolchain_config_repo": "remotejdk17_macos_aarch64_toolchain_config_repo", - "remotejdk17_win_toolchain_config_repo": "remotejdk17_win_toolchain_config_repo", - "remotejdk17_win_arm64_toolchain_config_repo": "remotejdk17_win_arm64_toolchain_config_repo", - "remotejdk21_linux_toolchain_config_repo": "remotejdk21_linux_toolchain_config_repo", - "remotejdk21_linux_aarch64_toolchain_config_repo": "remotejdk21_linux_aarch64_toolchain_config_repo", - "remotejdk21_macos_toolchain_config_repo": "remotejdk21_macos_toolchain_config_repo", - "remotejdk21_macos_aarch64_toolchain_config_repo": "remotejdk21_macos_aarch64_toolchain_config_repo", - "remotejdk21_win_toolchain_config_repo": "remotejdk21_win_toolchain_config_repo" - }, - "devImports": [], - "tags": [], - "hasDevUseExtension": false, - "hasNonDevUseExtension": true - } - ], - "deps": { - "platforms": "platforms@0.0.8", - "rules_cc": "rules_cc@0.0.9", - "bazel_skylib": "bazel_skylib@1.6.1", - "rules_proto": "rules_proto@6.0.0.bcr.1", - "rules_license": "rules_license@0.0.7", - "bazel_tools": "bazel_tools@_", - "local_config_platform": "local_config_platform@_" - }, - "repoSpec": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "urls": [ - "https://github.com/bazelbuild/rules_java/releases/download/7.4.0/rules_java-7.4.0.tar.gz" - ], - "integrity": "sha256-l27wi0nJKXQfIBeQ5Z44B8cq2B9CjIvJU82+/1/tFes=", - "strip_prefix": "", - "remote_patches": {}, - "remote_patch_strip": 0 - } - } - }, - "buildozer@6.4.0.2": { - "name": "buildozer", - "version": "6.4.0.2", - "key": "buildozer@6.4.0.2", - "repoName": "buildozer", - "executionPlatformsToRegister": [], - "toolchainsToRegister": [], - "extensionUsages": [ - { - "extensionBzlFile": "@buildozer//:buildozer_binary.bzl", - "extensionName": "buildozer_binary", - "usingModule": "buildozer@6.4.0.2", - "location": { - "file": "https://bcr.bazel.build/modules/buildozer/6.4.0.2/MODULE.bazel", - "line": 7, - "column": 33 - }, - "imports": { - "buildozer_binary": "buildozer_binary" - }, - "devImports": [], - "tags": [ - { - "tagName": "buildozer", - "attributeValues": { - "sha256": { - "darwin-amd64": "d29e347ecd6b5673d72cb1a8de05bf1b06178dd229ff5eb67fad5100c840cc8e", - "darwin-arm64": "9b9e71bdbec5e7223871e913b65d12f6d8fa026684daf991f00e52ed36a6978d", - "linux-amd64": "8dfd6345da4e9042daa738d7fdf34f699c5dfce4632f7207956fceedd8494119", - "linux-arm64": "6559558fded658c8fa7432a9d011f7c4dcbac6b738feae73d2d5c352e5f605fa", - "windows-amd64": "e7f05bf847f7c3689dd28926460ce6e1097ae97380ac8e6ae7147b7b706ba19b" - }, - "version": "6.4.0" - }, - "devDependency": false, - "location": { - "file": "https://bcr.bazel.build/modules/buildozer/6.4.0.2/MODULE.bazel", - "line": 8, - "column": 27 - } - } - ], - "hasDevUseExtension": false, - "hasNonDevUseExtension": true - } - ], - "deps": { - "bazel_tools": "bazel_tools@_", - "local_config_platform": "local_config_platform@_" - }, - "repoSpec": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "urls": [ - "https://github.com/fmeum/buildozer/releases/download/v6.4.0.2/buildozer-v6.4.0.2.tar.gz" - ], - "integrity": "sha256-k7tFKQMR2AygxpmZfH0yEPnQmF3efFgD9rBPkj+Yz/8=", - "strip_prefix": "buildozer-6.4.0.2", - "remote_patches": { - "https://bcr.bazel.build/modules/buildozer/6.4.0.2/patches/module_dot_bazel_version.patch": "sha256-gKANF2HMilj7bWmuXs4lbBIAAansuWC4IhWGB/CerjU=" - }, - "remote_patch_strip": 1 - } - } - }, - "zlib@1.3": { - "name": "zlib", - "version": "1.3", - "key": "zlib@1.3", - "repoName": "zlib", - "executionPlatformsToRegister": [], - "toolchainsToRegister": [], - "extensionUsages": [], - "deps": { - "platforms": "platforms@0.0.8", - "rules_cc": "rules_cc@0.0.9", - "bazel_tools": "bazel_tools@_", - "local_config_platform": "local_config_platform@_" - }, - "repoSpec": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "urls": [ - "https://github.com/madler/zlib/releases/download/v1.3/zlib-1.3.tar.gz" - ], - "integrity": "sha256-/wukwpIBPbwnUws6geH5qBPNOd4Byl4Pi/NVcC76WT4=", - "strip_prefix": "zlib-1.3", - "remote_patches": { - "https://bcr.bazel.build/modules/zlib/1.3/patches/add_build_file.patch": "sha256-Ei+FYaaOo7A3jTKunMEodTI0Uw5NXQyZEcboMC8JskY=", - "https://bcr.bazel.build/modules/zlib/1.3/patches/module_dot_bazel.patch": "sha256-fPWLM+2xaF/kuy+kZc1YTfW6hNjrkG400Ho7gckuyJk=" - }, - "remote_patch_strip": 0 - } - } - }, - "apple_support@1.5.0": { - "name": "apple_support", - "version": "1.5.0", - "key": "apple_support@1.5.0", - "repoName": "build_bazel_apple_support", - "executionPlatformsToRegister": [], - "toolchainsToRegister": [ - "@local_config_apple_cc_toolchains//:all" - ], - "extensionUsages": [ - { - "extensionBzlFile": "@build_bazel_apple_support//crosstool:setup.bzl", - "extensionName": "apple_cc_configure_extension", - "usingModule": "apple_support@1.5.0", - "location": { - "file": "https://bcr.bazel.build/modules/apple_support/1.5.0/MODULE.bazel", - "line": 17, - "column": 35 - }, - "imports": { - "local_config_apple_cc": "local_config_apple_cc", - "local_config_apple_cc_toolchains": "local_config_apple_cc_toolchains" - }, - "devImports": [], - "tags": [], - "hasDevUseExtension": false, - "hasNonDevUseExtension": true - } - ], - "deps": { - "bazel_skylib": "bazel_skylib@1.6.1", - "platforms": "platforms@0.0.8", - "bazel_tools": "bazel_tools@_", - "local_config_platform": "local_config_platform@_" - }, - "repoSpec": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "urls": [ - "https://github.com/bazelbuild/apple_support/releases/download/1.5.0/apple_support.1.5.0.tar.gz" - ], - "integrity": "sha256-miM41vja0yRPgj8txghKA+TQ+7J8qJLclw5okNW0gYQ=", - "strip_prefix": "", - "remote_patches": {}, - "remote_patch_strip": 0 - } - } - }, - "abseil-cpp@20211102.0": { - "name": "abseil-cpp", - "version": "20211102.0", - "key": "abseil-cpp@20211102.0", - "repoName": "abseil-cpp", - "executionPlatformsToRegister": [], - "toolchainsToRegister": [], - "extensionUsages": [], - "deps": { - "rules_cc": "rules_cc@0.0.9", - "platforms": "platforms@0.0.8", - "bazel_tools": "bazel_tools@_", - "local_config_platform": "local_config_platform@_" - }, - "repoSpec": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "urls": [ - "https://github.com/abseil/abseil-cpp/archive/refs/tags/20211102.0.tar.gz" - ], - "integrity": "sha256-3PcbnLqNwMqZQMSzFqDHlr6Pq0KwcLtrfKtitI8OZsQ=", - "strip_prefix": "abseil-cpp-20211102.0", - "remote_patches": { - "https://bcr.bazel.build/modules/abseil-cpp/20211102.0/patches/module_dot_bazel.patch": "sha256-4izqopgGCey4jVZzl/w3M2GVPNohjh2B5TmbThZNvPY=" - }, - "remote_patch_strip": 0 - } - } - }, - "upb@0.0.0-20220923-a547704": { - "name": "upb", - "version": "0.0.0-20220923-a547704", - "key": "upb@0.0.0-20220923-a547704", - "repoName": "upb", - "executionPlatformsToRegister": [], - "toolchainsToRegister": [], - "extensionUsages": [], - "deps": { - "bazel_skylib": "bazel_skylib@1.6.1", - "rules_proto": "rules_proto@6.0.0.bcr.1", - "com_google_protobuf": "protobuf@21.7", - "com_google_absl": "abseil-cpp@20211102.0", - "platforms": "platforms@0.0.8", - "bazel_tools": "bazel_tools@_", - "local_config_platform": "local_config_platform@_" - }, - "repoSpec": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "urls": [ - "https://github.com/protocolbuffers/upb/archive/a5477045acaa34586420942098f5fecd3570f577.tar.gz" - ], - "integrity": "sha256-z39x6v+QskwaKLSWRan/A6mmwecTQpHOcJActj5zZLU=", - "strip_prefix": "upb-a5477045acaa34586420942098f5fecd3570f577", - "remote_patches": { - "https://bcr.bazel.build/modules/upb/0.0.0-20220923-a547704/patches/module_dot_bazel.patch": "sha256-wH4mNS6ZYy+8uC0HoAft/c7SDsq2Kxf+J8dUakXhaB0=" - }, - "remote_patch_strip": 0 - } - } - }, - "rules_jvm_external@4.4.2": { - "name": "rules_jvm_external", - "version": "4.4.2", - "key": "rules_jvm_external@4.4.2", - "repoName": "rules_jvm_external", - "executionPlatformsToRegister": [], - "toolchainsToRegister": [], - "extensionUsages": [ - { - "extensionBzlFile": "@rules_jvm_external//:non-module-deps.bzl", - "extensionName": "non_module_deps", - "usingModule": "rules_jvm_external@4.4.2", - "location": { - "file": "https://bcr.bazel.build/modules/rules_jvm_external/4.4.2/MODULE.bazel", - "line": 9, - "column": 32 - }, - "imports": { - "io_bazel_rules_kotlin": "io_bazel_rules_kotlin" - }, - "devImports": [], - "tags": [], - "hasDevUseExtension": false, - "hasNonDevUseExtension": true - }, - { - "extensionBzlFile": "@rules_jvm_external//:extensions.bzl", - "extensionName": "maven", - "usingModule": "rules_jvm_external@4.4.2", - "location": { - "file": "https://bcr.bazel.build/modules/rules_jvm_external/4.4.2/MODULE.bazel", - "line": 16, - "column": 22 - }, - "imports": { - "rules_jvm_external_deps": "rules_jvm_external_deps" - }, - "devImports": [], - "tags": [ - { - "tagName": "install", - "attributeValues": { - "name": "rules_jvm_external_deps", - "artifacts": [ - "com.google.cloud:google-cloud-core:1.93.10", - "com.google.cloud:google-cloud-storage:1.113.4", - "com.google.code.gson:gson:2.9.0", - "org.apache.maven:maven-artifact:3.8.6", - "software.amazon.awssdk:s3:2.17.183" - ], - "lock_file": "@rules_jvm_external//:rules_jvm_external_deps_install.json" - }, - "devDependency": false, - "location": { - "file": "https://bcr.bazel.build/modules/rules_jvm_external/4.4.2/MODULE.bazel", - "line": 18, - "column": 14 - } - } - ], - "hasDevUseExtension": false, - "hasNonDevUseExtension": true - } - ], - "deps": { - "bazel_skylib": "bazel_skylib@1.6.1", - "io_bazel_stardoc": "stardoc@0.5.4", - "bazel_tools": "bazel_tools@_", - "local_config_platform": "local_config_platform@_" - }, - "repoSpec": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "urls": [ - "https://github.com/bazelbuild/rules_jvm_external/archive/refs/tags/4.4.2.zip" - ], - "integrity": "sha256-c1YC9QgT6y6pPKP15DsZWb2AshO4NqB6YqKddXZwt3s=", - "strip_prefix": "rules_jvm_external-4.4.2", - "remote_patches": {}, - "remote_patch_strip": 0 - } - } - }, - "googletest@1.11.0": { - "name": "googletest", - "version": "1.11.0", - "key": "googletest@1.11.0", - "repoName": "googletest", - "executionPlatformsToRegister": [], - "toolchainsToRegister": [], - "extensionUsages": [], - "deps": { - "com_google_absl": "abseil-cpp@20211102.0", - "platforms": "platforms@0.0.8", - "rules_cc": "rules_cc@0.0.9", - "bazel_tools": "bazel_tools@_", - "local_config_platform": "local_config_platform@_" - }, - "repoSpec": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "urls": [ - "https://github.com/google/googletest/archive/refs/tags/release-1.11.0.tar.gz" - ], - "integrity": "sha256-tIcL8SH/d5W6INILzdhie44Ijy0dqymaAxwQNO3ck9U=", - "strip_prefix": "googletest-release-1.11.0", - "remote_patches": { - "https://bcr.bazel.build/modules/googletest/1.11.0/patches/module_dot_bazel.patch": "sha256-HuahEdI/n8KCI071sN3CEziX+7qP/Ec77IWayYunLP0=" - }, - "remote_patch_strip": 0 - } - } - } + "lockFileVersion": 11, + "registryFileHashes": { + "https://bcr.bazel.build/bazel_registry.json": "8a28e4aff06ee60aed2a8c281907fb8bcbf3b753c91fb5a5c57da3215d5b3497", + "https://bcr.bazel.build/modules/abseil-cpp/20210324.2/MODULE.bazel": "7cd0312e064fde87c8d1cd79ba06c876bd23630c83466e9500321be55c96ace2", + "https://bcr.bazel.build/modules/abseil-cpp/20211102.0/MODULE.bazel": "70390338f7a5106231d20620712f7cccb659cd0e9d073d1991c038eb9fc57589", + "https://bcr.bazel.build/modules/abseil-cpp/20211102.0/source.json": "7e3a9adf473e9af076ae485ed649d5641ad50ec5c11718103f34de03170d94ad", + "https://bcr.bazel.build/modules/apple_support/1.5.0/MODULE.bazel": "50341a62efbc483e8a2a6aec30994a58749bd7b885e18dd96aa8c33031e558ef", + "https://bcr.bazel.build/modules/apple_support/1.5.0/source.json": "eb98a7627c0bc486b57f598ad8da50f6625d974c8f723e9ea71bd39f709c9862", + "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.7/MODULE.bazel": "491f8681205e31bb57892d67442ce448cda4f472a8e6b3dc062865e29a64f89c", + "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.7/source.json": "87f12b449cd1d27d3e83840a59a6966d557e7c3c5f19e7b2e0361da5edc6b397", + "https://bcr.bazel.build/modules/bazel_features/1.1.1/MODULE.bazel": "27b8c79ef57efe08efccbd9dd6ef70d61b4798320b8d3c134fd571f78963dbcd", + "https://bcr.bazel.build/modules/bazel_features/1.11.0/MODULE.bazel": "f9382337dd5a474c3b7d334c2f83e50b6eaedc284253334cf823044a26de03e8", + "https://bcr.bazel.build/modules/bazel_features/1.11.0/source.json": "c9320aa53cd1c441d24bd6b716da087ad7e4ff0d9742a9884587596edfe53015", + "https://bcr.bazel.build/modules/bazel_features/1.4.1/MODULE.bazel": "e45b6bb2350aff3e442ae1111c555e27eac1d915e77775f6fdc4b351b758b5d7", + "https://bcr.bazel.build/modules/bazel_features/1.9.1/MODULE.bazel": "8f679097876a9b609ad1f60249c49d68bfab783dd9be012faf9d82547b14815a", + "https://bcr.bazel.build/modules/bazel_skylib/1.0.3/MODULE.bazel": "bcb0fd896384802d1ad283b4e4eb4d718eebd8cb820b0a2c3a347fb971afd9d8", + "https://bcr.bazel.build/modules/bazel_skylib/1.2.0/MODULE.bazel": "44fe84260e454ed94ad326352a698422dbe372b21a1ac9f3eab76eb531223686", + "https://bcr.bazel.build/modules/bazel_skylib/1.2.1/MODULE.bazel": "f35baf9da0efe45fa3da1696ae906eea3d615ad41e2e3def4aeb4e8bc0ef9a7a", + "https://bcr.bazel.build/modules/bazel_skylib/1.3.0/MODULE.bazel": "20228b92868bf5cfc41bda7afc8a8ba2a543201851de39d990ec957b513579c5", + "https://bcr.bazel.build/modules/bazel_skylib/1.5.0/MODULE.bazel": "32880f5e2945ce6a03d1fbd588e9198c0a959bb42297b2cfaf1685b7bc32e138", + "https://bcr.bazel.build/modules/bazel_skylib/1.6.1/MODULE.bazel": "8fdee2dbaace6c252131c00e1de4b165dc65af02ea278476187765e1a617b917", + "https://bcr.bazel.build/modules/bazel_skylib/1.6.1/source.json": "082ed5f9837901fada8c68c2f3ddc958bb22b6d654f71dd73f3df30d45d4b749", + "https://bcr.bazel.build/modules/buildifier_prebuilt/6.4.0/MODULE.bazel": "37389c6b5a40c59410b4226d3bb54b08637f393d66e2fa57925c6fcf68e64bf4", + "https://bcr.bazel.build/modules/buildifier_prebuilt/6.4.0/source.json": "83eb01b197ed0b392f797860c9da5ed1bf95f4d0ded994d694a3d44731275916", + "https://bcr.bazel.build/modules/buildozer/7.1.2/MODULE.bazel": "2e8dd40ede9c454042645fd8d8d0cd1527966aa5c919de86661e62953cd73d84", + "https://bcr.bazel.build/modules/buildozer/7.1.2/source.json": "c9028a501d2db85793a6996205c8de120944f50a0d570438fcae0457a5f9d1f8", + "https://bcr.bazel.build/modules/googletest/1.11.0/MODULE.bazel": "3a83f095183f66345ca86aa13c58b59f9f94a2f81999c093d4eeaa2d262d12f4", + "https://bcr.bazel.build/modules/googletest/1.11.0/source.json": "c73d9ef4268c91bd0c1cd88f1f9dfa08e814b1dbe89b5f594a9f08ba0244d206", + "https://bcr.bazel.build/modules/hermetic_cc_toolchain/3.1.0/MODULE.bazel": "ea4b3a25a9417a7db57a8a2f9ebdee91d679823c6274b482b817ed128d81c594", + "https://bcr.bazel.build/modules/hermetic_cc_toolchain/3.1.0/source.json": "9d1df0459caefdf41052d360469922a73e219f67c8ce4da0628cc604469822b9", + "https://bcr.bazel.build/modules/platforms/0.0.4/MODULE.bazel": "9b328e31ee156f53f3c416a64f8491f7eb731742655a47c9eec4703a71644aee", + "https://bcr.bazel.build/modules/platforms/0.0.5/MODULE.bazel": "5733b54ea419d5eaf7997054bb55f6a1d0b5ff8aedf0176fef9eea44f3acda37", + "https://bcr.bazel.build/modules/platforms/0.0.6/MODULE.bazel": "ad6eeef431dc52aefd2d77ed20a4b353f8ebf0f4ecdd26a807d2da5aa8cd0615", + "https://bcr.bazel.build/modules/platforms/0.0.7/MODULE.bazel": "72fd4a0ede9ee5c021f6a8dd92b503e089f46c227ba2813ff183b71616034814", + "https://bcr.bazel.build/modules/platforms/0.0.8/MODULE.bazel": "9f142c03e348f6d263719f5074b21ef3adf0b139ee4c5133e2aa35664da9eb2d", + "https://bcr.bazel.build/modules/platforms/0.0.9/MODULE.bazel": "4a87a60c927b56ddd67db50c89acaa62f4ce2a1d2149ccb63ffd871d5ce29ebc", + "https://bcr.bazel.build/modules/platforms/0.0.9/source.json": "cd74d854bf16a9e002fb2ca7b1a421f4403cda29f824a765acd3a8c56f8d43e6", + "https://bcr.bazel.build/modules/protobuf/21.7/MODULE.bazel": "a5a29bb89544f9b97edce05642fac225a808b5b7be74038ea3640fae2f8e66a7", + "https://bcr.bazel.build/modules/protobuf/21.7/source.json": "bbe500720421e582ff2d18b0802464205138c06056f443184de39fbb8187b09b", + "https://bcr.bazel.build/modules/protobuf/3.19.0/MODULE.bazel": "6b5fbb433f760a99a22b18b6850ed5784ef0e9928a72668b66e4d7ccd47db9b0", + "https://bcr.bazel.build/modules/protobuf/3.19.2/MODULE.bazel": "532ffe5f2186b69fdde039efe6df13ba726ff338c6bc82275ad433013fa10573", + "https://bcr.bazel.build/modules/protobuf/3.19.6/MODULE.bazel": "9233edc5e1f2ee276a60de3eaa47ac4132302ef9643238f23128fea53ea12858", + "https://bcr.bazel.build/modules/rules_cc/0.0.1/MODULE.bazel": "cb2aa0747f84c6c3a78dad4e2049c154f08ab9d166b1273835a8174940365647", + "https://bcr.bazel.build/modules/rules_cc/0.0.2/MODULE.bazel": "6915987c90970493ab97393024c156ea8fb9f3bea953b2f3ec05c34f19b5695c", + "https://bcr.bazel.build/modules/rules_cc/0.0.8/MODULE.bazel": "964c85c82cfeb6f3855e6a07054fdb159aced38e99a5eecf7bce9d53990afa3e", + "https://bcr.bazel.build/modules/rules_cc/0.0.9/MODULE.bazel": "836e76439f354b89afe6a911a7adf59a6b2518fafb174483ad78a2a2fde7b1c5", + "https://bcr.bazel.build/modules/rules_cc/0.0.9/source.json": "1f1ba6fea244b616de4a554a0f4983c91a9301640c8fe0dd1d410254115c8430", + "https://bcr.bazel.build/modules/rules_go/0.46.0/MODULE.bazel": "3477df8bdcc49e698b9d25f734c4f3a9f5931ff34ee48a2c662be168f5f2d3fd", + "https://bcr.bazel.build/modules/rules_go/0.48.1/MODULE.bazel": "ad27296e268624d7d53043fe5ff88d5486e7a29596336f629b379b83c67e6d8b", + "https://bcr.bazel.build/modules/rules_go/0.48.1/source.json": "83321289aa500090871d8f761d991f0534946414640cce5c18d2df44cff8e082", + "https://bcr.bazel.build/modules/rules_java/4.0.0/MODULE.bazel": "5a78a7ae82cd1a33cef56dc578c7d2a46ed0dca12643ee45edbb8417899e6f74", + "https://bcr.bazel.build/modules/rules_java/5.3.5/MODULE.bazel": "a4ec4f2db570171e3e5eb753276ee4b389bae16b96207e9d3230895c99644b86", + "https://bcr.bazel.build/modules/rules_java/7.6.1/MODULE.bazel": "2f14b7e8a1aa2f67ae92bc69d1ec0fa8d9f827c4e17ff5e5f02e91caa3b2d0fe", + "https://bcr.bazel.build/modules/rules_java/7.6.1/source.json": "8f3f3076554e1558e8e468b2232991c510ecbcbed9e6f8c06ac31c93bcf38362", + "https://bcr.bazel.build/modules/rules_jvm_external/4.4.2/MODULE.bazel": "a56b85e418c83eb1839819f0b515c431010160383306d13ec21959ac412d2fe7", + "https://bcr.bazel.build/modules/rules_jvm_external/4.4.2/source.json": "a075731e1b46bc8425098512d038d416e966ab19684a10a34f4741295642fc35", + "https://bcr.bazel.build/modules/rules_license/0.0.3/MODULE.bazel": "627e9ab0247f7d1e05736b59dbb1b6871373de5ad31c3011880b4133cafd4bd0", + "https://bcr.bazel.build/modules/rules_license/0.0.4/MODULE.bazel": "6a88dd22800cf1f9f79ba32cacad0d3a423ed28efa2c2ed5582eaa78dd3ac1e5", + "https://bcr.bazel.build/modules/rules_license/0.0.7/MODULE.bazel": "088fbeb0b6a419005b89cf93fe62d9517c0a2b8bb56af3244af65ecfe37e7d5d", + "https://bcr.bazel.build/modules/rules_license/0.0.7/source.json": "355cc5737a0f294e560d52b1b7a6492d4fff2caf0bef1a315df5a298fca2d34a", + "https://bcr.bazel.build/modules/rules_pkg/0.10.1/MODULE.bazel": "d6e593e048db5f1028f1f05ceb64b123aa6f1c2d43cba049c036443ab2cc2044", + "https://bcr.bazel.build/modules/rules_pkg/0.10.1/source.json": "a3550442d1530f00fd2a51036250db1891c8fedfd85991c65a0bd0f6daefe0a3", + "https://bcr.bazel.build/modules/rules_pkg/0.7.0/MODULE.bazel": "df99f03fc7934a4737122518bb87e667e62d780b610910f0447665a7e2be62dc", + "https://bcr.bazel.build/modules/rules_proto/4.0.0/MODULE.bazel": "a7a7b6ce9bee418c1a760b3d84f83a299ad6952f9903c67f19e4edd964894e06", + "https://bcr.bazel.build/modules/rules_proto/5.3.0-21.7/MODULE.bazel": "e8dff86b0971688790ae75528fe1813f71809b5afd57facb44dad9e8eca631b7", + "https://bcr.bazel.build/modules/rules_proto/6.0.0-rc1/MODULE.bazel": "1e5b502e2e1a9e825eef74476a5a1ee524a92297085015a052510b09a1a09483", + "https://bcr.bazel.build/modules/rules_proto/6.0.0.bcr.1/MODULE.bazel": "9c59abd3ea6deaa6aed6d173d6828a24ca78b9ce806e06e31fe5c2388b600566", + "https://bcr.bazel.build/modules/rules_proto/6.0.0.bcr.1/source.json": "08e3301161abfacedeb98ed978540b32fa93bc7d72df07e1c44fcf93d2af23d6", + "https://bcr.bazel.build/modules/rules_proto/6.0.0/MODULE.bazel": "b531d7f09f58dce456cd61b4579ce8c86b38544da75184eadaf0a7cb7966453f", + "https://bcr.bazel.build/modules/rules_python/0.10.2/MODULE.bazel": "cc82bc96f2997baa545ab3ce73f196d040ffb8756fd2d66125a530031cd90e5f", + "https://bcr.bazel.build/modules/rules_python/0.22.1/MODULE.bazel": "26114f0c0b5e93018c0c066d6673f1a2c3737c7e90af95eff30cfee38d0bbac7", + "https://bcr.bazel.build/modules/rules_python/0.24.0/MODULE.bazel": "4bff7f583653d0762cda21303da0643cc4c545ddfd9593337f18dad8d1787801", + "https://bcr.bazel.build/modules/rules_python/0.32.2/MODULE.bazel": "01052470fc30b49de91fb8483d26bea6f664500cfad0b078d4605b03e3a83ed4", + "https://bcr.bazel.build/modules/rules_python/0.32.2/source.json": "d0442db378276bcdc3bed9ce6d7018ab4022e99401d89e3c50dfecac874ca74f", + "https://bcr.bazel.build/modules/rules_python/0.4.0/MODULE.bazel": "9208ee05fd48bf09ac60ed269791cf17fb343db56c8226a720fbb1cdf467166c", + "https://bcr.bazel.build/modules/stardoc/0.5.1/MODULE.bazel": "1a05d92974d0c122f5ccf09291442580317cdd859f07a8655f1db9a60374f9f8", + "https://bcr.bazel.build/modules/stardoc/0.5.4/MODULE.bazel": "6569966df04610b8520957cb8e97cf2e9faac2c0309657c537ab51c16c18a2a4", + "https://bcr.bazel.build/modules/stardoc/0.5.4/source.json": "a961f58a71e735aa9dcb2d79b288e06b0a2d860ba730302c8f11be411b76631e", + "https://bcr.bazel.build/modules/upb/0.0.0-20220923-a547704/MODULE.bazel": "7298990c00040a0e2f121f6c32544bab27d4452f80d9ce51349b1a28f3005c43", + "https://bcr.bazel.build/modules/upb/0.0.0-20220923-a547704/source.json": "f1ef7d3f9e0e26d4b23d1c39b5f5de71f584dd7d1b4ef83d9bbba6ec7a6a6459", + "https://bcr.bazel.build/modules/zlib/1.2.11/MODULE.bazel": "07b389abc85fdbca459b69e2ec656ae5622873af3f845e1c9d80fe179f3effa0", + "https://bcr.bazel.build/modules/zlib/1.2.12/MODULE.bazel": "3b1a8834ada2a883674be8cbd36ede1b6ec481477ada359cd2d3ddc562340b27", + "https://bcr.bazel.build/modules/zlib/1.3/MODULE.bazel": "6a9c02f19a24dcedb05572b2381446e27c272cd383aed11d41d99da9e3167a72", + "https://bcr.bazel.build/modules/zlib/1.3/source.json": "b6b43d0737af846022636e6e255fd4a96fee0d34f08f3830e6e0bac51465c37c" }, + "selectedYankedVersions": {}, "moduleExtensions": { "@@apple_support~//crosstool:setup.bzl%apple_cc_configure_extension": { "general": { - "bzlTransitiveDigest": "pMLFCYaRPkgXPQ8vtuNkMfiHfPmRBy6QJfnid4sWfv0=", + "bzlTransitiveDigest": "PjIds3feoYE8SGbbIq2SFTZy3zmxeO2tQevJZNDo7iY=", + "usagesDigest": "aLmqbvowmHkkBPve05yyDNGN7oh7QE9kBADr3QIZTZs=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, @@ -1930,7 +116,8 @@ }, "@@aspect_bazel_lib~//lib:extensions.bzl%toolchains": { "general": { - "bzlTransitiveDigest": "n4GVWP5Au6F4/JAj0XXC8m6GO270BPnxZlR/Uwp7Tpw=", + "bzlTransitiveDigest": "3KydN9M+cGcn8Huu/umxX7Vk08sXz5lJeUxg/b0Gxjc=", + "usagesDigest": "lPY0R//H+nhO4vaAphii2Dndc+QDteBXUued+RoMhEc=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, @@ -2394,152 +581,10 @@ ] } }, - "@@bazel_features~//private:extensions.bzl%version_extension": { - "general": { - "bzlTransitiveDigest": "UwYHXjy4P9iCTMR9n5kWsy4RwLoowjUrfDFTkBo5RG8=", - "recordedFileInputs": {}, - "recordedDirentsInputs": {}, - "envVariables": {}, - "generatedRepoSpecs": { - "bazel_features_version": { - "bzlFile": "@@bazel_features~//private:version_repo.bzl", - "ruleClassName": "version_repo", - "attributes": {} - }, - "bazel_features_globals": { - "bzlFile": "@@bazel_features~//private:globals_repo.bzl", - "ruleClassName": "globals_repo", - "attributes": { - "globals": { - "RunEnvironmentInfo": "5.3.0", - "DefaultInfo": "0.0.1", - "__TestingOnly_NeverAvailable": "1000000000.0.0" - } - } - } - }, - "recordedRepoMappingEntries": [ - [ - "bazel_features~", - "bazel_tools", - "bazel_tools" - ] - ] - } - }, - "@@bazel_tools//tools/android:android_extensions.bzl%remote_android_tools_extensions": { - "general": { - "bzlTransitiveDigest": "ZggrqnDIPRFCqT9XaCYOxLiJx1XuMtOZNG1jvKYZ5lA=", - "recordedFileInputs": {}, - "recordedDirentsInputs": {}, - "envVariables": {}, - "generatedRepoSpecs": { - "android_tools": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "sha256": "2b661a761a735b41c41b3a78089f4fc1982626c76ddb944604ae3ff8c545d3c2", - "url": "https://mirror.bazel.build/bazel_android_tools/android_tools_pkg-0.30.0.tar" - } - }, - "android_gmaven_r8": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_jar", - "attributes": { - "sha256": "57a696749695a09381a87bc2f08c3a8ed06a717a5caa3ef878a3077e0d3af19d", - "url": "https://maven.google.com/com/android/tools/r8/8.1.56/r8-8.1.56.jar" - } - } - }, - "recordedRepoMappingEntries": [] - } - }, - "@@bazel_tools//tools/cpp:cc_configure.bzl%cc_configure_extension": { - "general": { - "bzlTransitiveDigest": "PHpT2yqMGms2U4L3E/aZ+WcQalmZWm+ILdP3yiLsDhA=", - "recordedFileInputs": {}, - "recordedDirentsInputs": {}, - "envVariables": {}, - "generatedRepoSpecs": { - "local_config_cc": { - "bzlFile": "@@bazel_tools//tools/cpp:cc_configure.bzl", - "ruleClassName": "cc_autoconf", - "attributes": {} - }, - "local_config_cc_toolchains": { - "bzlFile": "@@bazel_tools//tools/cpp:cc_configure.bzl", - "ruleClassName": "cc_autoconf_toolchains", - "attributes": {} - } - }, - "recordedRepoMappingEntries": [ - [ - "bazel_tools", - "bazel_tools", - "bazel_tools" - ] - ] - } - }, - "@@bazel_tools//tools/osx:xcode_configure.bzl%xcode_configure_extension": { - "general": { - "bzlTransitiveDigest": "Qh2bWTU6QW6wkrd87qrU4YeY+SG37Nvw3A0PR4Y0L2Y=", - "recordedFileInputs": {}, - "recordedDirentsInputs": {}, - "envVariables": {}, - "generatedRepoSpecs": { - "local_config_xcode": { - "bzlFile": "@@bazel_tools//tools/osx:xcode_configure.bzl", - "ruleClassName": "xcode_autoconf", - "attributes": { - "xcode_locator": "@bazel_tools//tools/osx:xcode_locator.m", - "remote_xcode": "" - } - } - }, - "recordedRepoMappingEntries": [] - } - }, - "@@bazel_tools//tools/sh:sh_configure.bzl%sh_configure_extension": { - "general": { - "bzlTransitiveDigest": "hp4NgmNjEg5+xgvzfh6L83bt9/aiiWETuNpwNuF1MSU=", - "recordedFileInputs": {}, - "recordedDirentsInputs": {}, - "envVariables": {}, - "generatedRepoSpecs": { - "local_config_sh": { - "bzlFile": "@@bazel_tools//tools/sh:sh_configure.bzl", - "ruleClassName": "sh_config", - "attributes": {} - } - }, - "recordedRepoMappingEntries": [] - } - }, - "@@bazel_tools//tools/test:extensions.bzl%remote_coverage_tools_extension": { - "general": { - "bzlTransitiveDigest": "7n9r2sWPYvn/OzUdHUoiJN/1hgIqWKOFCEQFVwHZGU0=", - "recordedFileInputs": {}, - "recordedDirentsInputs": {}, - "envVariables": {}, - "generatedRepoSpecs": { - "remote_coverage_tools": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "sha256": "7006375f6756819b7013ca875eab70a541cf7d89142d9c511ed78ea4fefa38af", - "urls": [ - "https://mirror.bazel.build/bazel_coverage_output_generator/releases/coverage_output_generator-v2.6.zip" - ] - } - } - }, - "recordedRepoMappingEntries": [] - } - }, "@@buildifier_prebuilt~//:defs.bzl%buildifier_prebuilt_deps_extension": { "general": { - "bzlTransitiveDigest": "06W0snjqJ7Db8eLtXn7rp48gdLZ6KrDe0BPxxtNvJFA=", + "bzlTransitiveDigest": "eXBP0KrRexbBjR0KdxpnbWtfahy0r48xfQb4hBQ4Mcc=", + "usagesDigest": "nThSTPRdiQbhDFl8FRM2nsKJftWMtPBQHrp/mdk716w=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, @@ -2686,34 +731,10 @@ ] } }, - "@@buildozer~//:buildozer_binary.bzl%buildozer_binary": { - "general": { - "bzlTransitiveDigest": "EleDU/FQ1+e/RgkW3aIDmdaxZEthvoWQhsqFTxiSgMI=", - "recordedFileInputs": {}, - "recordedDirentsInputs": {}, - "envVariables": {}, - "generatedRepoSpecs": { - "buildozer_binary": { - "bzlFile": "@@buildozer~//private:buildozer_binary.bzl", - "ruleClassName": "_buildozer_binary_repo", - "attributes": { - "sha256": { - "darwin-amd64": "d29e347ecd6b5673d72cb1a8de05bf1b06178dd229ff5eb67fad5100c840cc8e", - "darwin-arm64": "9b9e71bdbec5e7223871e913b65d12f6d8fa026684daf991f00e52ed36a6978d", - "linux-amd64": "8dfd6345da4e9042daa738d7fdf34f699c5dfce4632f7207956fceedd8494119", - "linux-arm64": "6559558fded658c8fa7432a9d011f7c4dcbac6b738feae73d2d5c352e5f605fa", - "windows-amd64": "e7f05bf847f7c3689dd28926460ce6e1097ae97380ac8e6ae7147b7b706ba19b" - }, - "version": "6.4.0" - } - } - }, - "recordedRepoMappingEntries": [] - } - }, "@@hermetic_cc_toolchain~//toolchain:ext.bzl%toolchains": { "general": { - "bzlTransitiveDigest": "lFYV4EK2eFjXr8TIVgd4EBmo4UfRnvIuxo9r7EbcTqc=", + "bzlTransitiveDigest": "L0EDVXQ1bqh5CxjodeVieW+SjWsjwxFXYEKhUNgMY50=", + "usagesDigest": "UH6NB9tDyOrI8KyqcUtzxHIXcRl+Fxgo6brqocbR4Fo=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, @@ -2759,514 +780,27 @@ ] } }, - "@@rules_java~//java:extensions.bzl%toolchains": { + "@@platforms//host:extension.bzl%host_platform": { "general": { - "bzlTransitiveDigest": "0N5b5J9fUzo0sgvH4F3kIEaeXunz4Wy2/UtSFV/eXUY=", + "bzlTransitiveDigest": "xelQcPZH8+tmuOHVjL9vDxMnnQNMlwj0SlvgoqBkm4U=", + "usagesDigest": "meSzxn3DUCcYEhq4HQwExWkWtU4EjriRBQLsZN+Q0SU=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, "generatedRepoSpecs": { - "remotejdk21_linux_toolchain_config_repo": { - "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", - "ruleClassName": "_toolchain_config", - "attributes": { - "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_21\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"21\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk21_linux//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk21_linux//:jdk\",\n)\n" - } - }, - "remotejdk17_linux_s390x_toolchain_config_repo": { - "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", - "ruleClassName": "_toolchain_config", - "attributes": { - "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_17\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"17\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:s390x\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk17_linux_s390x//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:s390x\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk17_linux_s390x//:jdk\",\n)\n" - } - }, - "remotejdk17_macos_toolchain_config_repo": { - "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", - "ruleClassName": "_toolchain_config", - "attributes": { - "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_17\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"17\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:macos\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk17_macos//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:macos\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk17_macos//:jdk\",\n)\n" - } - }, - "remotejdk21_macos_aarch64_toolchain_config_repo": { - "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", - "ruleClassName": "_toolchain_config", - "attributes": { - "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_21\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"21\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:macos\", \"@platforms//cpu:aarch64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk21_macos_aarch64//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:macos\", \"@platforms//cpu:aarch64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk21_macos_aarch64//:jdk\",\n)\n" - } - }, - "remotejdk17_linux_aarch64_toolchain_config_repo": { - "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", - "ruleClassName": "_toolchain_config", - "attributes": { - "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_17\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"17\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:aarch64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk17_linux_aarch64//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:aarch64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk17_linux_aarch64//:jdk\",\n)\n" - } - }, - "remotejdk21_macos_aarch64": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 21,\n)\n", - "sha256": "e8260516de8b60661422a725f1df2c36ef888f6fb35393566b00e7325db3d04e", - "strip_prefix": "zulu21.32.17-ca-jdk21.0.2-macosx_aarch64", - "urls": [ - "https://mirror.bazel.build/cdn.azul.com/zulu/bin/zulu21.32.17-ca-jdk21.0.2-macosx_aarch64.tar.gz", - "https://cdn.azul.com/zulu/bin/zulu21.32.17-ca-jdk21.0.2-macosx_aarch64.tar.gz" - ] - } - }, - "remotejdk17_linux_toolchain_config_repo": { - "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", - "ruleClassName": "_toolchain_config", - "attributes": { - "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_17\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"17\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk17_linux//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk17_linux//:jdk\",\n)\n" - } - }, - "remotejdk17_macos_aarch64": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 17,\n)\n", - "sha256": "314b04568ec0ae9b36ba03c9cbd42adc9e1265f74678923b19297d66eb84dcca", - "strip_prefix": "zulu17.44.53-ca-jdk17.0.8.1-macosx_aarch64", - "urls": [ - "https://mirror.bazel.build/cdn.azul.com/zulu/bin/zulu17.44.53-ca-jdk17.0.8.1-macosx_aarch64.tar.gz", - "https://cdn.azul.com/zulu/bin/zulu17.44.53-ca-jdk17.0.8.1-macosx_aarch64.tar.gz" - ] - } - }, - "remote_java_tools_windows": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "sha256": "fe2f88169696d6c6fc6e90ba61bb46be7d0ae3693cbafdf336041bf56679e8d1", - "urls": [ - "https://mirror.bazel.build/bazel_java_tools/releases/java/v13.4/java_tools_windows-v13.4.zip", - "https://github.com/bazelbuild/java_tools/releases/download/java_v13.4/java_tools_windows-v13.4.zip" - ] - } - }, - "remotejdk11_win": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 11,\n)\n", - "sha256": "43408193ce2fa0862819495b5ae8541085b95660153f2adcf91a52d3a1710e83", - "strip_prefix": "zulu11.66.15-ca-jdk11.0.20-win_x64", - "urls": [ - "https://mirror.bazel.build/cdn.azul.com/zulu/bin/zulu11.66.15-ca-jdk11.0.20-win_x64.zip", - "https://cdn.azul.com/zulu/bin/zulu11.66.15-ca-jdk11.0.20-win_x64.zip" - ] - } - }, - "remotejdk11_win_toolchain_config_repo": { - "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", - "ruleClassName": "_toolchain_config", - "attributes": { - "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_11\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"11\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:windows\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk11_win//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:windows\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk11_win//:jdk\",\n)\n" - } - }, - "remotejdk11_linux_aarch64": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 11,\n)\n", - "sha256": "54174439f2b3fddd11f1048c397fe7bb45d4c9d66d452d6889b013d04d21c4de", - "strip_prefix": "zulu11.66.15-ca-jdk11.0.20-linux_aarch64", - "urls": [ - "https://mirror.bazel.build/cdn.azul.com/zulu/bin/zulu11.66.15-ca-jdk11.0.20-linux_aarch64.tar.gz", - "https://cdn.azul.com/zulu/bin/zulu11.66.15-ca-jdk11.0.20-linux_aarch64.tar.gz" - ] - } - }, - "remotejdk17_linux": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 17,\n)\n", - "sha256": "b9482f2304a1a68a614dfacddcf29569a72f0fac32e6c74f83dc1b9a157b8340", - "strip_prefix": "zulu17.44.53-ca-jdk17.0.8.1-linux_x64", - "urls": [ - "https://mirror.bazel.build/cdn.azul.com/zulu/bin/zulu17.44.53-ca-jdk17.0.8.1-linux_x64.tar.gz", - "https://cdn.azul.com/zulu/bin/zulu17.44.53-ca-jdk17.0.8.1-linux_x64.tar.gz" - ] - } - }, - "remotejdk11_linux_s390x_toolchain_config_repo": { - "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", - "ruleClassName": "_toolchain_config", - "attributes": { - "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_11\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"11\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:s390x\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk11_linux_s390x//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:s390x\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk11_linux_s390x//:jdk\",\n)\n" - } - }, - "remotejdk11_linux_toolchain_config_repo": { - "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", - "ruleClassName": "_toolchain_config", - "attributes": { - "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_11\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"11\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk11_linux//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk11_linux//:jdk\",\n)\n" - } - }, - "remotejdk11_macos": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 11,\n)\n", - "sha256": "bcaab11cfe586fae7583c6d9d311c64384354fb2638eb9a012eca4c3f1a1d9fd", - "strip_prefix": "zulu11.66.15-ca-jdk11.0.20-macosx_x64", - "urls": [ - "https://mirror.bazel.build/cdn.azul.com/zulu/bin/zulu11.66.15-ca-jdk11.0.20-macosx_x64.tar.gz", - "https://cdn.azul.com/zulu/bin/zulu11.66.15-ca-jdk11.0.20-macosx_x64.tar.gz" - ] - } - }, - "remotejdk11_win_arm64": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 11,\n)\n", - "sha256": "b8a28e6e767d90acf793ea6f5bed0bb595ba0ba5ebdf8b99f395266161e53ec2", - "strip_prefix": "jdk-11.0.13+8", - "urls": [ - "https://mirror.bazel.build/aka.ms/download-jdk/microsoft-jdk-11.0.13.8.1-windows-aarch64.zip" - ] - } - }, - "remotejdk17_macos": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 17,\n)\n", - "sha256": "640453e8afe8ffe0fb4dceb4535fb50db9c283c64665eebb0ba68b19e65f4b1f", - "strip_prefix": "zulu17.44.53-ca-jdk17.0.8.1-macosx_x64", - "urls": [ - "https://mirror.bazel.build/cdn.azul.com/zulu/bin/zulu17.44.53-ca-jdk17.0.8.1-macosx_x64.tar.gz", - "https://cdn.azul.com/zulu/bin/zulu17.44.53-ca-jdk17.0.8.1-macosx_x64.tar.gz" - ] - } - }, - "remotejdk21_macos": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 21,\n)\n", - "sha256": "3ad8fe288eb57d975c2786ae453a036aa46e47ab2ac3d81538ebae2a54d3c025", - "strip_prefix": "zulu21.32.17-ca-jdk21.0.2-macosx_x64", - "urls": [ - "https://mirror.bazel.build/cdn.azul.com/zulu/bin/zulu21.32.17-ca-jdk21.0.2-macosx_x64.tar.gz", - "https://cdn.azul.com/zulu/bin/zulu21.32.17-ca-jdk21.0.2-macosx_x64.tar.gz" - ] - } - }, - "remotejdk21_macos_toolchain_config_repo": { - "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", - "ruleClassName": "_toolchain_config", - "attributes": { - "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_21\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"21\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:macos\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk21_macos//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:macos\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk21_macos//:jdk\",\n)\n" - } - }, - "remotejdk17_macos_aarch64_toolchain_config_repo": { - "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", - "ruleClassName": "_toolchain_config", - "attributes": { - "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_17\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"17\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:macos\", \"@platforms//cpu:aarch64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk17_macos_aarch64//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:macos\", \"@platforms//cpu:aarch64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk17_macos_aarch64//:jdk\",\n)\n" - } - }, - "remotejdk17_win": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 17,\n)\n", - "sha256": "192f2afca57701de6ec496234f7e45d971bf623ff66b8ee4a5c81582054e5637", - "strip_prefix": "zulu17.44.53-ca-jdk17.0.8.1-win_x64", - "urls": [ - "https://mirror.bazel.build/cdn.azul.com/zulu/bin/zulu17.44.53-ca-jdk17.0.8.1-win_x64.zip", - "https://cdn.azul.com/zulu/bin/zulu17.44.53-ca-jdk17.0.8.1-win_x64.zip" - ] - } - }, - "remotejdk11_macos_aarch64_toolchain_config_repo": { - "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", - "ruleClassName": "_toolchain_config", - "attributes": { - "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_11\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"11\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:macos\", \"@platforms//cpu:aarch64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk11_macos_aarch64//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:macos\", \"@platforms//cpu:aarch64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk11_macos_aarch64//:jdk\",\n)\n" - } - }, - "remotejdk11_linux_ppc64le_toolchain_config_repo": { - "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", - "ruleClassName": "_toolchain_config", - "attributes": { - "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_11\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"11\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:ppc\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk11_linux_ppc64le//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:ppc\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk11_linux_ppc64le//:jdk\",\n)\n" - } - }, - "remotejdk21_linux": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 21,\n)\n", - "sha256": "5ad730fbee6bb49bfff10bf39e84392e728d89103d3474a7e5def0fd134b300a", - "strip_prefix": "zulu21.32.17-ca-jdk21.0.2-linux_x64", - "urls": [ - "https://mirror.bazel.build/cdn.azul.com/zulu/bin/zulu21.32.17-ca-jdk21.0.2-linux_x64.tar.gz", - "https://cdn.azul.com/zulu/bin/zulu21.32.17-ca-jdk21.0.2-linux_x64.tar.gz" - ] - } - }, - "remote_java_tools_linux": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "sha256": "ba10f09a138cf185d04cbc807d67a3da42ab13d618c5d1ce20d776e199c33a39", - "urls": [ - "https://mirror.bazel.build/bazel_java_tools/releases/java/v13.4/java_tools_linux-v13.4.zip", - "https://github.com/bazelbuild/java_tools/releases/download/java_v13.4/java_tools_linux-v13.4.zip" - ] - } - }, - "remotejdk21_win": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 21,\n)\n", - "sha256": "f7cc15ca17295e69c907402dfe8db240db446e75d3b150da7bf67243cded93de", - "strip_prefix": "zulu21.32.17-ca-jdk21.0.2-win_x64", - "urls": [ - "https://mirror.bazel.build/cdn.azul.com/zulu/bin/zulu21.32.17-ca-jdk21.0.2-win_x64.zip", - "https://cdn.azul.com/zulu/bin/zulu21.32.17-ca-jdk21.0.2-win_x64.zip" - ] - } - }, - "remotejdk21_linux_aarch64": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 21,\n)\n", - "sha256": "ce7df1af5d44a9f455617c4b8891443fbe3e4b269c777d8b82ed66f77167cfe0", - "strip_prefix": "zulu21.32.17-ca-jdk21.0.2-linux_aarch64", - "urls": [ - "https://cdn.azul.com/zulu/bin/zulu21.32.17-ca-jdk21.0.2-linux_aarch64.tar.gz", - "https://mirror.bazel.build/cdn.azul.com/zulu/bin/zulu21.32.17-ca-jdk21.0.2-linux_aarch64.tar.gz" - ] - } - }, - "remotejdk11_linux_aarch64_toolchain_config_repo": { - "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", - "ruleClassName": "_toolchain_config", - "attributes": { - "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_11\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"11\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:aarch64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk11_linux_aarch64//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:aarch64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk11_linux_aarch64//:jdk\",\n)\n" - } - }, - "remotejdk11_linux_s390x": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 11,\n)\n", - "sha256": "a58fc0361966af0a5d5a31a2d8a208e3c9bb0f54f345596fd80b99ea9a39788b", - "strip_prefix": "jdk-11.0.15+10", - "urls": [ - "https://mirror.bazel.build/github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.15+10/OpenJDK11U-jdk_s390x_linux_hotspot_11.0.15_10.tar.gz", - "https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.15+10/OpenJDK11U-jdk_s390x_linux_hotspot_11.0.15_10.tar.gz" - ] - } - }, - "remotejdk17_linux_aarch64": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 17,\n)\n", - "sha256": "6531cef61e416d5a7b691555c8cf2bdff689201b8a001ff45ab6740062b44313", - "strip_prefix": "zulu17.44.53-ca-jdk17.0.8.1-linux_aarch64", - "urls": [ - "https://mirror.bazel.build/cdn.azul.com/zulu/bin/zulu17.44.53-ca-jdk17.0.8.1-linux_aarch64.tar.gz", - "https://cdn.azul.com/zulu/bin/zulu17.44.53-ca-jdk17.0.8.1-linux_aarch64.tar.gz" - ] - } - }, - "remotejdk17_win_arm64_toolchain_config_repo": { - "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", - "ruleClassName": "_toolchain_config", - "attributes": { - "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_17\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"17\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:windows\", \"@platforms//cpu:arm64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk17_win_arm64//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:windows\", \"@platforms//cpu:arm64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk17_win_arm64//:jdk\",\n)\n" - } - }, - "remotejdk11_linux": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 11,\n)\n", - "sha256": "a34b404f87a08a61148b38e1416d837189e1df7a040d949e743633daf4695a3c", - "strip_prefix": "zulu11.66.15-ca-jdk11.0.20-linux_x64", - "urls": [ - "https://mirror.bazel.build/cdn.azul.com/zulu/bin/zulu11.66.15-ca-jdk11.0.20-linux_x64.tar.gz", - "https://cdn.azul.com/zulu/bin/zulu11.66.15-ca-jdk11.0.20-linux_x64.tar.gz" - ] - } - }, - "remotejdk11_macos_toolchain_config_repo": { - "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", - "ruleClassName": "_toolchain_config", - "attributes": { - "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_11\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"11\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:macos\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk11_macos//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:macos\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk11_macos//:jdk\",\n)\n" - } - }, - "remotejdk17_linux_ppc64le_toolchain_config_repo": { - "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", - "ruleClassName": "_toolchain_config", - "attributes": { - "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_17\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"17\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:ppc\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk17_linux_ppc64le//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:ppc\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk17_linux_ppc64le//:jdk\",\n)\n" - } - }, - "remotejdk17_win_arm64": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 17,\n)\n", - "sha256": "6802c99eae0d788e21f52d03cab2e2b3bf42bc334ca03cbf19f71eb70ee19f85", - "strip_prefix": "zulu17.44.53-ca-jdk17.0.8.1-win_aarch64", - "urls": [ - "https://mirror.bazel.build/cdn.azul.com/zulu/bin/zulu17.44.53-ca-jdk17.0.8.1-win_aarch64.zip", - "https://cdn.azul.com/zulu/bin/zulu17.44.53-ca-jdk17.0.8.1-win_aarch64.zip" - ] - } - }, - "remote_java_tools_darwin_arm64": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "sha256": "076a7e198ad077f8c7d997986ef5102427fae6bbfce7a7852d2e080ed8767528", - "urls": [ - "https://mirror.bazel.build/bazel_java_tools/releases/java/v13.4/java_tools_darwin_arm64-v13.4.zip", - "https://github.com/bazelbuild/java_tools/releases/download/java_v13.4/java_tools_darwin_arm64-v13.4.zip" - ] - } - }, - "remotejdk17_linux_ppc64le": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 17,\n)\n", - "sha256": "00a4c07603d0218cd678461b5b3b7e25b3253102da4022d31fc35907f21a2efd", - "strip_prefix": "jdk-17.0.8.1+1", - "urls": [ - "https://mirror.bazel.build/github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.8.1%2B1/OpenJDK17U-jdk_ppc64le_linux_hotspot_17.0.8.1_1.tar.gz", - "https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.8.1%2B1/OpenJDK17U-jdk_ppc64le_linux_hotspot_17.0.8.1_1.tar.gz" - ] - } - }, - "remotejdk21_linux_aarch64_toolchain_config_repo": { - "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", - "ruleClassName": "_toolchain_config", - "attributes": { - "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_21\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"21\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:aarch64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk21_linux_aarch64//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:linux\", \"@platforms//cpu:aarch64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk21_linux_aarch64//:jdk\",\n)\n" - } - }, - "remotejdk11_win_arm64_toolchain_config_repo": { - "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", - "ruleClassName": "_toolchain_config", - "attributes": { - "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_11\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"11\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:windows\", \"@platforms//cpu:arm64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk11_win_arm64//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:windows\", \"@platforms//cpu:arm64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk11_win_arm64//:jdk\",\n)\n" - } - }, - "local_jdk": { - "bzlFile": "@@rules_java~//toolchains:local_java_repository.bzl", - "ruleClassName": "_local_java_repository_rule", - "attributes": { - "java_home": "", - "version": "", - "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = {RUNTIME_VERSION},\n)\n" - } - }, - "remote_java_tools_darwin_x86_64": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "sha256": "4523aec4d09c587091a2dae6f5c9bc6922c220f3b6030e5aba9c8f015913cc65", - "urls": [ - "https://mirror.bazel.build/bazel_java_tools/releases/java/v13.4/java_tools_darwin_x86_64-v13.4.zip", - "https://github.com/bazelbuild/java_tools/releases/download/java_v13.4/java_tools_darwin_x86_64-v13.4.zip" - ] - } - }, - "remote_java_tools": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "sha256": "e025fd260ac39b47c111f5212d64ec0d00d85dec16e49368aae82fc626a940cf", - "urls": [ - "https://mirror.bazel.build/bazel_java_tools/releases/java/v13.4/java_tools-v13.4.zip", - "https://github.com/bazelbuild/java_tools/releases/download/java_v13.4/java_tools-v13.4.zip" - ] - } - }, - "remotejdk17_linux_s390x": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 17,\n)\n", - "sha256": "ffacba69c6843d7ca70d572489d6cc7ab7ae52c60f0852cedf4cf0d248b6fc37", - "strip_prefix": "jdk-17.0.8.1+1", - "urls": [ - "https://mirror.bazel.build/github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.8.1%2B1/OpenJDK17U-jdk_s390x_linux_hotspot_17.0.8.1_1.tar.gz", - "https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.8.1%2B1/OpenJDK17U-jdk_s390x_linux_hotspot_17.0.8.1_1.tar.gz" - ] - } - }, - "remotejdk17_win_toolchain_config_repo": { - "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", - "ruleClassName": "_toolchain_config", - "attributes": { - "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_17\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"17\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:windows\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk17_win//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:windows\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk17_win//:jdk\",\n)\n" - } - }, - "remotejdk11_linux_ppc64le": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 11,\n)\n", - "sha256": "a8fba686f6eb8ae1d1a9566821dbd5a85a1108b96ad857fdbac5c1e4649fc56f", - "strip_prefix": "jdk-11.0.15+10", - "urls": [ - "https://mirror.bazel.build/github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.15+10/OpenJDK11U-jdk_ppc64le_linux_hotspot_11.0.15_10.tar.gz", - "https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.15+10/OpenJDK11U-jdk_ppc64le_linux_hotspot_11.0.15_10.tar.gz" - ] - } - }, - "remotejdk11_macos_aarch64": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "build_file_content": "load(\"@rules_java//java:defs.bzl\", \"java_runtime\")\n\npackage(default_visibility = [\"//visibility:public\"])\n\nexports_files([\"WORKSPACE\", \"BUILD.bazel\"])\n\nfilegroup(\n name = \"jre\",\n srcs = glob(\n [\n \"jre/bin/**\",\n \"jre/lib/**\",\n ],\n allow_empty = True,\n # In some configurations, Java browser plugin is considered harmful and\n # common antivirus software blocks access to npjp2.dll interfering with Bazel,\n # so do not include it in JRE on Windows.\n exclude = [\"jre/bin/plugin2/**\"],\n ),\n)\n\nfilegroup(\n name = \"jdk-bin\",\n srcs = glob(\n [\"bin/**\"],\n # The JDK on Windows sometimes contains a directory called\n # \"%systemroot%\", which is not a valid label.\n exclude = [\"**/*%*/**\"],\n ),\n)\n\n# This folder holds security policies.\nfilegroup(\n name = \"jdk-conf\",\n srcs = glob(\n [\"conf/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-include\",\n srcs = glob(\n [\"include/**\"],\n allow_empty = True,\n ),\n)\n\nfilegroup(\n name = \"jdk-lib\",\n srcs = glob(\n [\"lib/**\", \"release\"],\n allow_empty = True,\n exclude = [\n \"lib/missioncontrol/**\",\n \"lib/visualvm/**\",\n ],\n ),\n)\n\njava_runtime(\n name = \"jdk\",\n srcs = [\n \":jdk-bin\",\n \":jdk-conf\",\n \":jdk-include\",\n \":jdk-lib\",\n \":jre\",\n ],\n # Provide the 'java` binary explicitly so that the correct path is used by\n # Bazel even when the host platform differs from the execution platform.\n # Exactly one of the two globs will be empty depending on the host platform.\n # When --incompatible_disallow_empty_glob is enabled, each individual empty\n # glob will fail without allow_empty = True, even if the overall result is\n # non-empty.\n java = glob([\"bin/java.exe\", \"bin/java\"], allow_empty = True)[0],\n version = 11,\n)\n", - "sha256": "7632bc29f8a4b7d492b93f3bc75a7b61630894db85d136456035ab2a24d38885", - "strip_prefix": "zulu11.66.15-ca-jdk11.0.20-macosx_aarch64", - "urls": [ - "https://mirror.bazel.build/cdn.azul.com/zulu/bin/zulu11.66.15-ca-jdk11.0.20-macosx_aarch64.tar.gz", - "https://cdn.azul.com/zulu/bin/zulu11.66.15-ca-jdk11.0.20-macosx_aarch64.tar.gz" - ] - } - }, - "remotejdk21_win_toolchain_config_repo": { - "bzlFile": "@@rules_java~//toolchains:remote_java_repository.bzl", - "ruleClassName": "_toolchain_config", - "attributes": { - "build_file": "\nconfig_setting(\n name = \"prefix_version_setting\",\n values = {\"java_runtime_version\": \"remotejdk_21\"},\n visibility = [\"//visibility:private\"],\n)\nconfig_setting(\n name = \"version_setting\",\n values = {\"java_runtime_version\": \"21\"},\n visibility = [\"//visibility:private\"],\n)\nalias(\n name = \"version_or_prefix_version_setting\",\n actual = select({\n \":version_setting\": \":version_setting\",\n \"//conditions:default\": \":prefix_version_setting\",\n }),\n visibility = [\"//visibility:private\"],\n)\ntoolchain(\n name = \"toolchain\",\n target_compatible_with = [\"@platforms//os:windows\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:runtime_toolchain_type\",\n toolchain = \"@remotejdk21_win//:jdk\",\n)\ntoolchain(\n name = \"bootstrap_runtime_toolchain\",\n # These constraints are not required for correctness, but prevent fetches of remote JDK for\n # different architectures. As every Java compilation toolchain depends on a bootstrap runtime in\n # the same configuration, this constraint will not result in toolchain resolution failures.\n exec_compatible_with = [\"@platforms//os:windows\", \"@platforms//cpu:x86_64\"],\n target_settings = [\":version_or_prefix_version_setting\"],\n toolchain_type = \"@bazel_tools//tools/jdk:bootstrap_runtime_toolchain_type\",\n toolchain = \"@remotejdk21_win//:jdk\",\n)\n" - } + "host_platform": { + "bzlFile": "@@platforms//host:extension.bzl", + "ruleClassName": "host_platform_repo", + "attributes": {} } }, - "recordedRepoMappingEntries": [ - [ - "rules_java~", - "bazel_tools", - "bazel_tools" - ], - [ - "rules_java~", - "remote_java_tools", - "rules_java~~toolchains~remote_java_tools" - ] - ] + "recordedRepoMappingEntries": [] } }, "@@rules_jvm_external~//:extensions.bzl%maven": { "general": { - "bzlTransitiveDigest": "9ol/f6R1HONuabXvQTFIEvT1pWikli+mTIbvGRmDubk=", + "bzlTransitiveDigest": "06WDcwoMOciaDDX09JBCxhi9KiKFGUIcXpQjCSle5AE=", + "usagesDigest": "UPebZtX4g40+QepdK3oMHged0o0tq6ojKbW84wE6XRA=", "recordedFileInputs": { "@@rules_jvm_external~//rules_jvm_external_deps_install.json": "10442a5ae27d9ff4c2003e5ab71643bf0d8b48dcf968b4173fa274c3232a8c06" }, @@ -4289,7 +1823,8 @@ }, "@@rules_jvm_external~//:non-module-deps.bzl%non_module_deps": { "general": { - "bzlTransitiveDigest": "Fq6CvJMzD0/LbttG5TUaCtEm/pFvTgO5X9tCUH87Fb0=", + "bzlTransitiveDigest": "l6SlNloqPvd60dcuPdWiJNi3g3jfK76fcZc0i/Yr0dQ=", + "usagesDigest": "bTG4ItERqhG1LeSs62hQ01DiMarFsflWgpZaghM5qik=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, @@ -4316,7 +1851,8 @@ }, "@@rules_python~//python/extensions:pip.bzl%pip": { "os:linux,arch:amd64": { - "bzlTransitiveDigest": "R2ooW31NljC6PSIhrjrYTfHwkvAxmkC4pn2Sv92Vvek=", + "bzlTransitiveDigest": "K94lJ8XIBKrx5CVtVocGmJYIC6vW5wsPi7tQvtQqmaU=", + "usagesDigest": "GjGeoW3Y1ie+feloBPcuU2ovSDtUFE43ddOvIqLCEtk=", "recordedFileInputs": { "@@rules_python~//tools/publish/requirements.txt": "8ced1e640eab3ee44298590e5ad88cd612f5bf96245af1981709f7a8884a982b" }, @@ -4988,10 +2524,13 @@ }, "@@rules_python~//python/extensions:python.bzl%python": { "general": { - "bzlTransitiveDigest": "edBvwplYZml7N83AeuVHqQt08wQir1gxodtEEUpj57k=", + "bzlTransitiveDigest": "SzqtFAs2aDt1NfgP9ptYHKrwR0NAgstbCtGa+0pc9QM=", + "usagesDigest": "qF8xO9+p3+osY2dAO6a6v4e+er9jRhK3jMdKsxoamNI=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, - "envVariables": {}, + "envVariables": { + "RULES_PYTHON_BZLMOD_DEBUG": null + }, "generatedRepoSpecs": { "python_3_11_s390x-unknown-linux-gnu": { "bzlFile": "@@rules_python~//python:repositories.bzl", @@ -5198,7 +2737,8 @@ }, "@@rules_python~//python/private/bzlmod:internal_deps.bzl%internal_deps": { "general": { - "bzlTransitiveDigest": "GhJSMl+mWW0vGus1bH+XZR4XgyZY9AN6/75eaUTp2pk=", + "bzlTransitiveDigest": "4NafXqYhWbGZ7vn2yGFHwz5KSLTDx7SMuCBE0kxFwQA=", + "usagesDigest": "Kq7vfQRPNwgMCS7LHqfbd537Z6mL5YLiH/u3myb/5EY=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, From bd80ab89cb4f958026af6d60515c4088571f7043 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Fri, 21 Jun 2024 08:28:27 +0200 Subject: [PATCH 091/380] image: update measurements and image version (#3189) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index f71d8ea38..10cc41671 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x5f, 0xb9, 0x12, 0x5f, 0x49, 0x40, 0x24, 0xdf, 0x57, 0x25, 0xe0, 0x30, 0x82, 0x21, 0x97, 0x5d, 0x0e, 0x8a, 0xcc, 0x53, 0x0e, 0x21, 0x47, 0x92, 0x1c, 0xa2, 0x1e, 0x1d, 0xe5, 0xf5, 0x3f, 0x3b}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd6, 0x45, 0xa0, 0x63, 0x6a, 0xc3, 0x59, 0xbf, 0x49, 0xa1, 0x17, 0x86, 0x37, 0xb2, 0xe4, 0xb2, 0x26, 0x09, 0xc4, 0xfa, 0xb3, 0xa6, 0x2d, 0x41, 0x10, 0x5a, 0x85, 0x0f, 0x81, 0xa9, 0x4c, 0x25}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe0, 0x9b, 0x89, 0xaf, 0x09, 0x9d, 0x9e, 0x0b, 0x98, 0x50, 0x79, 0x29, 0x89, 0x82, 0x0c, 0x51, 0x49, 0x20, 0x1d, 0xb2, 0x67, 0xa9, 0xeb, 0x04, 0x8a, 0xe3, 0x6f, 0x7f, 0xc5, 0xbc, 0xfe, 0xde}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x36, 0x56, 0xab, 0xd0, 0xe2, 0xe8, 0x1a, 0x56, 0x4f, 0x58, 0x40, 0x98, 0xfa, 0x75, 0x20, 0xba, 0x8e, 0xce, 0x28, 0xc7, 0x49, 0x31, 0x35, 0x3a, 0xb4, 0xf0, 0x4f, 0x7e, 0x64, 0xca, 0x55, 0x42}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x70, 0x4b, 0x35, 0x63, 0xec, 0x2d, 0x78, 0xe9, 0xf4, 0x7d, 0xdb, 0x20, 0x66, 0xd9, 0x88, 0x2a, 0x49, 0xea, 0x49, 0x07, 0xb2, 0xd1, 0xfb, 0x81, 0xcf, 0x62, 0xbc, 0x2e, 0xbb, 0xe2, 0x51, 0xa3}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa9, 0x36, 0xdf, 0xf6, 0xae, 0xf2, 0x1a, 0x2c, 0xaf, 0x01, 0xed, 0x0f, 0xd2, 0xda, 0x64, 0x66, 0xcc, 0x13, 0x17, 0xbe, 0xb7, 0x66, 0x2e, 0x4a, 0x2d, 0x46, 0x98, 0xce, 0xa4, 0x80, 0x46, 0xd9}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xd2, 0xed, 0x1c, 0x53, 0xf5, 0xcf, 0xbc, 0x07, 0xdd, 0x56, 0xe1, 0xb1, 0x7d, 0x79, 0xb5, 0xaa, 0x37, 0xb7, 0xbc, 0x89, 0x43, 0x3f, 0x3e, 0xb0, 0x87, 0x7a, 0x60, 0x0b, 0xf1, 0x22, 0xee, 0x37}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x23, 0xb1, 0xe9, 0x0a, 0xb4, 0x28, 0x51, 0x87, 0xb8, 0x8b, 0xae, 0x89, 0xbf, 0x7b, 0x92, 0xd0, 0x89, 0xdf, 0x10, 0xec, 0x86, 0xce, 0x94, 0xd0, 0xef, 0x71, 0xa4, 0xeb, 0x36, 0xc4, 0x42, 0xe2}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf5, 0x46, 0x9e, 0x45, 0x97, 0x7f, 0x10, 0x15, 0x6f, 0xcc, 0x3a, 0x90, 0xe9, 0xef, 0x38, 0xe3, 0x28, 0x81, 0xf9, 0x28, 0x79, 0x9d, 0x94, 0x89, 0x59, 0xfd, 0x0d, 0xd8, 0x17, 0x44, 0xb7, 0xbe}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x16, 0xee, 0x47, 0xd5, 0x0a, 0xf7, 0x39, 0xa6, 0xe3, 0xe9, 0x08, 0x90, 0x93, 0xcb, 0x48, 0xe7, 0x2b, 0x0d, 0x2f, 0x4f, 0xc0, 0xba, 0x78, 0x75, 0xd5, 0x93, 0x33, 0x74, 0x8d, 0x37, 0x8d, 0x6b}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x3d, 0xa3, 0xf2, 0x99, 0xb8, 0x98, 0x5c, 0x3d, 0xd8, 0x17, 0x00, 0x66, 0xc8, 0x59, 0x5e, 0x94, 0x9f, 0x26, 0xf6, 0x35, 0xcd, 0x87, 0xe2, 0xbd, 0x0d, 0xac, 0x1b, 0x1b, 0xa8, 0x19, 0x9e, 0x2c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x01, 0xcd, 0x09, 0x12, 0x7d, 0xf1, 0xd5, 0x3e, 0xef, 0x6b, 0xc6, 0x32, 0x58, 0x9d, 0xa0, 0xd4, 0x48, 0x63, 0x3f, 0x5b, 0xb1, 0x55, 0x7c, 0x91, 0x27, 0x84, 0xcf, 0xac, 0x00, 0x2a, 0xfb, 0x91}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xab, 0x52, 0x29, 0x53, 0xd1, 0x26, 0x4e, 0x0d, 0xe7, 0x4e, 0xa6, 0xc8, 0xa9, 0x47, 0x9f, 0xc5, 0x76, 0x10, 0xac, 0x4f, 0xa9, 0xa4, 0x94, 0x2d, 0xca, 0x1f, 0xc3, 0xf1, 0x6d, 0x90, 0x7d, 0xe6}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x89, 0xb0, 0xf9, 0x3e, 0xa7, 0xd5, 0x99, 0xc4, 0xdb, 0x40, 0x56, 0xab, 0x55, 0x95, 0x27, 0x1a, 0xa9, 0xeb, 0x91, 0xe6, 0x2b, 0xea, 0xe5, 0x64, 0x28, 0x67, 0x73, 0xe7, 0x1d, 0x37, 0xc5, 0x5e}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xdd, 0xc4, 0xe8, 0x0c, 0x1e, 0xc7, 0x47, 0x62, 0x00, 0x68, 0x4e, 0xa8, 0x41, 0x99, 0x77, 0x1b, 0xb6, 0x69, 0xf9, 0xf8, 0x12, 0xce, 0x5f, 0x13, 0xa9, 0xf0, 0x81, 0x72, 0x72, 0xa8, 0xd7, 0x47}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xec, 0xbc, 0xa6, 0xb4, 0xf0, 0xc4, 0xc4, 0x60, 0xec, 0xa3, 0x51, 0x8b, 0xce, 0xf0, 0x27, 0xe8, 0xaf, 0xf7, 0x38, 0x39, 0x66, 0xf8, 0x70, 0x67, 0xdd, 0x63, 0x13, 0x09, 0xe0, 0x02, 0x1f, 0x84}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xef, 0x16, 0xee, 0xe7, 0xa7, 0x06, 0x3c, 0x9b, 0x53, 0x8a, 0xf5, 0x82, 0x40, 0xa6, 0xb3, 0xbd, 0xfb, 0x03, 0x00, 0xbd, 0x01, 0x31, 0xf5, 0xd6, 0xe6, 0x7f, 0x18, 0x02, 0x39, 0xa2, 0x48, 0x51}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x3f, 0xae, 0x6e, 0x84, 0xd9, 0xe8, 0x5b, 0x78, 0x8c, 0x18, 0xca, 0xa5, 0x52, 0xd3, 0x65, 0x9e, 0x2c, 0xa1, 0x6d, 0xca, 0x6a, 0xda, 0xb3, 0x2e, 0x99, 0xd5, 0x1c, 0xc0, 0x89, 0x02, 0x6d, 0xcc}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x31, 0xbe, 0xd0, 0x9e, 0x6c, 0xdc, 0x98, 0xff, 0x61, 0xd2, 0x58, 0x88, 0xfa, 0x95, 0x2e, 0xdb, 0x1f, 0x33, 0xc8, 0x34, 0x55, 0x6f, 0xbd, 0x6b, 0x92, 0x8e, 0xe7, 0xe3, 0x48, 0x83, 0x93, 0x6a}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x52, 0xd7, 0x35, 0x1e, 0x49, 0xa1, 0x3f, 0xff, 0x0a, 0x57, 0xc4, 0x0f, 0xd8, 0xe0, 0xed, 0xb4, 0xf5, 0xf3, 0x16, 0x6a, 0x42, 0x19, 0xc4, 0x3f, 0xad, 0x30, 0xb8, 0x4f, 0xa3, 0x17, 0x4d, 0x37}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x4c, 0x28, 0x1b, 0x4f, 0x9d, 0xd4, 0xa4, 0x00, 0x9c, 0xd4, 0xfb, 0xe5, 0x23, 0x50, 0x35, 0x64, 0x47, 0x75, 0xd9, 0x0d, 0x59, 0x61, 0x2f, 0xbb, 0x7b, 0xd9, 0x80, 0x27, 0x7c, 0x68, 0xe0, 0x2f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x9e, 0xe0, 0x84, 0x65, 0xe3, 0x7a, 0xad, 0x5c, 0xbf, 0x1f, 0x81, 0x79, 0x12, 0xbb, 0x22, 0x54, 0x12, 0x2a, 0x74, 0x3c, 0xee, 0x9f, 0x8b, 0xb7, 0x95, 0x9b, 0x0b, 0xc1, 0xfc, 0xfa, 0x12, 0x85}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x98, 0x22, 0x5a, 0xb9, 0xc5, 0x47, 0x0b, 0x5a, 0xf2, 0x9b, 0x45, 0xfd, 0x7e, 0xf0, 0x0d, 0x75, 0x1f, 0x30, 0x44, 0xd0, 0x2b, 0xc2, 0x79, 0x21, 0x7f, 0x3d, 0x88, 0x65, 0x81, 0x85, 0x39, 0x32}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x95, 0xd1, 0x2b, 0xbd, 0x4e, 0x25, 0x8c, 0xc0, 0x81, 0xed, 0x9d, 0x03, 0xa6, 0x48, 0x44, 0x38, 0xa9, 0x8e, 0x92, 0xb3, 0x19, 0xb8, 0x1e, 0x6a, 0xf6, 0xe5, 0x1e, 0xd6, 0x23, 0xd7, 0xde, 0x11}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xc8, 0x74, 0x4a, 0x59, 0x52, 0x67, 0xf9, 0x9c, 0x99, 0x7d, 0x2a, 0x9d, 0xe6, 0x42, 0x4f, 0x10, 0x97, 0x6a, 0xdc, 0xaf, 0x85, 0x44, 0x59, 0xe2, 0x45, 0xde, 0xe9, 0x5e, 0x89, 0x76, 0x87, 0x83}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x54, 0x43, 0xfe, 0x4c, 0x34, 0x9c, 0x97, 0xb4, 0x93, 0x72, 0x4b, 0xce, 0x43, 0x8c, 0xbc, 0xff, 0x3a, 0x01, 0x10, 0xd9, 0x2a, 0x3c, 0x8f, 0xfc, 0x50, 0x06, 0x07, 0x28, 0x84, 0x35, 0x2d, 0xad}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xb9, 0x86, 0x43, 0x00, 0x3c, 0xbc, 0x3d, 0x53, 0x52, 0xfe, 0x26, 0x8c, 0x6a, 0x68, 0xaa, 0x8a, 0xe4, 0x26, 0x51, 0xc3, 0xd2, 0xb6, 0xc1, 0xd0, 0xe0, 0x64, 0x44, 0x43, 0x5b, 0x9d, 0x30, 0xe6}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x67, 0x1b, 0xc9, 0xea, 0x17, 0x18, 0xb3, 0x44, 0x68, 0x78, 0x55, 0xbc, 0x7a, 0x65, 0x38, 0x65, 0xd8, 0x58, 0x3d, 0xf8, 0xf4, 0x69, 0x93, 0xda, 0x50, 0x1f, 0x86, 0x55, 0xb3, 0x7e, 0xfe, 0xbf}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x99, 0xbe, 0xba, 0x85, 0x4b, 0x90, 0xd4, 0x6e, 0x8f, 0x61, 0x06, 0x24, 0x6c, 0x8c, 0x96, 0x1d, 0x75, 0x2e, 0xe4, 0x69, 0xd2, 0x4e, 0x45, 0xed, 0x54, 0x60, 0x70, 0xa4, 0xaa, 0xda, 0x16, 0x77}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x25, 0xa0, 0x0c, 0x26, 0x91, 0x48, 0x2e, 0x7b, 0x9a, 0x5d, 0xf4, 0xea, 0x93, 0x0f, 0xc4, 0xa0, 0x9e, 0x16, 0x6e, 0x62, 0x43, 0xb9, 0x49, 0x5e, 0x55, 0x32, 0x55, 0x92, 0x7a, 0x3a, 0xab, 0x2e}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0xde, 0x57, 0x4b, 0xfe, 0x1c, 0x9a, 0xfb, 0xf5, 0x8b, 0xdb, 0x80, 0xfb, 0x94, 0x1f, 0x55, 0x24, 0xf0, 0xba, 0x56, 0x11, 0xbe, 0xa5, 0xe5, 0x84, 0x00, 0xfb, 0x2f, 0x7c, 0x69, 0x89, 0x43, 0x18}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x73, 0xa6, 0xf6, 0x5e, 0x47, 0xb8, 0x88, 0x1d, 0x01, 0x4b, 0x45, 0x39, 0xf5, 0x43, 0xa7, 0xfa, 0xdc, 0x15, 0x71, 0x2a, 0xb8, 0x9d, 0xea, 0x4c, 0x97, 0xef, 0x47, 0x79, 0x02, 0x21, 0x58, 0x38}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x05, 0xeb, 0x2f, 0x59, 0x78, 0xc3, 0xe7, 0xf4, 0xca, 0x93, 0xcd, 0x5f, 0x49, 0x6a, 0xe8, 0x2e, 0x73, 0x30, 0x6b, 0x24, 0xa7, 0xfb, 0x84, 0x61, 0xa3, 0xeb, 0x29, 0xec, 0x39, 0x4c, 0x58, 0x83}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xde, 0x0f, 0x19, 0x9b, 0x42, 0x09, 0x79, 0x78, 0x9f, 0x19, 0x68, 0x2b, 0x46, 0x04, 0x97, 0xbe, 0x5f, 0x4b, 0xe3, 0xe2, 0x81, 0x44, 0x25, 0x03, 0x2c, 0xb2, 0xe6, 0x1e, 0xf9, 0x3b, 0x81, 0x0d}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x90, 0x68, 0xa9, 0x16, 0x7c, 0x6d, 0xf8, 0x52, 0x0c, 0x45, 0x22, 0x2b, 0x91, 0x65, 0x83, 0x9d, 0x0b, 0xe3, 0x0d, 0x55, 0xdc, 0x93, 0x1d, 0x4d, 0x16, 0x41, 0xd3, 0xa7, 0x27, 0xe3, 0x1f, 0xc2}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x62, 0xfc, 0x5e, 0xf2, 0x8e, 0x1d, 0xfe, 0x08, 0x59, 0xcf, 0x9c, 0x2b, 0x26, 0x53, 0x2a, 0x7c, 0xc0, 0x58, 0xee, 0xc4, 0xff, 0xe3, 0x0c, 0x30, 0xee, 0xe1, 0xd0, 0x25, 0x69, 0xfd, 0xdc, 0xff}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x68, 0x1b, 0x7b, 0xf7, 0xcb, 0x27, 0x1c, 0x99, 0x19, 0x25, 0xe6, 0x85, 0x76, 0x70, 0xd7, 0x67, 0xc3, 0xd2, 0x38, 0xa5, 0x0b, 0x61, 0xd5, 0x09, 0x51, 0xcc, 0x17, 0x30, 0x28, 0x18, 0x51, 0x44}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x26, 0x00, 0xa5, 0xb5, 0xb8, 0x6c, 0x01, 0xf9, 0xed, 0x30, 0x97, 0x43, 0x54, 0x29, 0x44, 0x8f, 0x39, 0x2b, 0xb6, 0x2d, 0x4c, 0xfe, 0x5b, 0x72, 0x2e, 0x8d, 0x96, 0x04, 0x24, 0xb0, 0x80, 0xcc}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x73, 0x18, 0xae, 0xc6, 0x41, 0x8f, 0xf5, 0x43, 0xb9, 0xa0, 0x25, 0x8e, 0x47, 0x5e, 0x72, 0x6b, 0x9c, 0x69, 0x15, 0xc8, 0x95, 0x8e, 0xc5, 0xaa, 0xc9, 0x6a, 0x61, 0xb0, 0x75, 0x6e, 0x84, 0xaa}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0x83, 0x66, 0xca, 0xed, 0x57, 0x0d, 0xac, 0x26, 0x07, 0xcd, 0x75, 0xf5, 0x74, 0x3b, 0x23, 0x11, 0x2c, 0x89, 0x3a, 0x4e, 0x62, 0x7f, 0x82, 0x87, 0x2d, 0x03, 0x76, 0x85, 0x54, 0x0a, 0x3c, 0xaf}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x9d, 0xc0, 0xb3, 0xb0, 0x1a, 0xa7, 0x47, 0xdf, 0x7f, 0xa4, 0x9a, 0x32, 0x7d, 0x00, 0x23, 0xf9, 0x2c, 0x75, 0x5e, 0xfe, 0x70, 0x8a, 0x58, 0xbb, 0xbf, 0xb7, 0x19, 0x43, 0xa2, 0x17, 0xa3, 0xdc}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe0, 0xb6, 0x11, 0x9c, 0x15, 0x60, 0x14, 0xd1, 0x0d, 0xce, 0xec, 0xa0, 0xe3, 0xee, 0xa1, 0x7a, 0x1b, 0x5c, 0xab, 0xdc, 0xe2, 0x31, 0x15, 0xa6, 0xa1, 0xd0, 0xe2, 0xca, 0x26, 0x15, 0xbe, 0x0f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0x27, 0xa9, 0xc9, 0x13, 0xee, 0xf7, 0x3e, 0xbc, 0xb8, 0x36, 0xce, 0xbe, 0xb1, 0x7d, 0x24, 0x51, 0x9e, 0x04, 0x60, 0x58, 0xf5, 0x8f, 0x14, 0xff, 0x40, 0x24, 0x9d, 0x6d, 0xc2, 0x68, 0xb9, 0xc3}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x41, 0x55, 0x2a, 0x53, 0xc0, 0x81, 0x79, 0x51, 0x96, 0x4b, 0x32, 0x89, 0x00, 0xde, 0x13, 0x5e, 0x8e, 0xf3, 0x10, 0x5d, 0x0b, 0xa0, 0x34, 0x40, 0x1c, 0x23, 0xb6, 0x6b, 0xa2, 0xd8, 0xf4, 0x37}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x91, 0x70, 0x13, 0xd8, 0xf1, 0x17, 0x2f, 0x6e, 0x02, 0x82, 0x35, 0xce, 0xc2, 0xe9, 0xb1, 0xd2, 0x87, 0xaf, 0xc5, 0x64, 0xc8, 0x56, 0x4f, 0xb1, 0x94, 0x39, 0xb7, 0x92, 0xdc, 0x5d, 0x9d, 0xb7}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0x6d, 0x3a, 0x6b, 0xb5, 0xf5, 0xad, 0x1a, 0x22, 0x96, 0xab, 0x37, 0x2b, 0x4a, 0x29, 0x8e, 0xc4, 0x54, 0xa0, 0x9c, 0xbb, 0x7a, 0x1f, 0x21, 0x80, 0xd7, 0x93, 0x12, 0x52, 0x50, 0xa7, 0x1f, 0x4d}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x9c, 0x29, 0xe1, 0x76, 0x4a, 0x9f, 0x61, 0xae, 0xa1, 0x58, 0x9c, 0xc7, 0x93, 0x4f, 0xc0, 0xf0, 0x56, 0x88, 0x1d, 0xa8, 0xe4, 0x4c, 0x64, 0xce, 0x6e, 0xd2, 0x35, 0x4d, 0xdb, 0x68, 0xb4, 0x3c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x82, 0xa8, 0x0b, 0xde, 0xdf, 0x74, 0x83, 0xc2, 0xdf, 0x47, 0x5b, 0x92, 0xc7, 0x2f, 0xd6, 0x1d, 0x04, 0x80, 0x67, 0x2f, 0x8c, 0x23, 0x4e, 0xa5, 0xa7, 0xfa, 0x9c, 0x5a, 0x92, 0x59, 0x31, 0x17}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index dfed58d6a..f63615552 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.17.0-pre.0.20240617133859-9d99d05826d0" + defaultImage = "ref/main/stream/nightly/v2.17.0-pre.0.20240620134933-c01f7350427b" ) From e71819eb625a006e3bd480f894be2882a0b62123 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 21 Jun 2024 10:05:57 +0200 Subject: [PATCH 092/380] deps: update Go dependencies (#3185) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * deps: update Go dependencies * deps: tidy all modules * Replace deprecated `grpc.DialContext` with `grpc.NewClient` --------- Signed-off-by: Daniel Weiße Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci Co-authored-by: Daniel Weiße --- bootstrapper/initproto/init.pb.go | 18 +- .../internal/joinclient/joinclient.go | 4 +- cli/internal/cmd/init.go | 3 +- cli/internal/cmd/recover.go | 2 +- cli/internal/cmd/verify.go | 4 +- csi/kms/constellation.go | 2 +- debugd/internal/cdbg/cmd/deploy.go | 3 +- debugd/internal/debugd/deploy/download.go | 12 +- debugd/internal/debugd/server/server_test.go | 6 +- debugd/service/debugd.pb.go | 34 +- .../recoveryserver/recoveryserver_test.go | 2 +- .../internal/rejoinclient/rejoinclient.go | 4 +- disk-mapper/recoverproto/recover.pb.go | 8 +- e2e/malicious-join/malicious-join.go | 2 +- go.mod | 172 ++++----- go.sum | 358 +++++++++--------- hack/tools/go.mod | 17 +- hack/tools/go.sum | 34 +- internal/constellation/applyinit.go | 4 +- .../atlscredentials/atlscredentials_test.go | 2 +- internal/grpc/dialer/dialer.go | 12 +- internal/grpc/dialer/dialer_test.go | 28 +- internal/versions/components/components.pb.go | 6 +- joinservice/internal/kms/kms.go | 2 +- joinservice/joinproto/join.pb.go | 14 +- keyservice/keyserviceproto/keyservice.pb.go | 8 +- .../internal/upgrade/upgrade.go | 2 +- s3proxy/internal/kms/kms.go | 2 +- upgrade-agent/upgradeproto/upgrade.pb.go | 8 +- verify/verifyproto/verify.pb.go | 8 +- 30 files changed, 392 insertions(+), 389 deletions(-) diff --git a/bootstrapper/initproto/init.pb.go b/bootstrapper/initproto/init.pb.go index f9a64cc73..328b6eeb1 100644 --- a/bootstrapper/initproto/init.pb.go +++ b/bootstrapper/initproto/init.pb.go @@ -1,6 +1,6 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.34.1 +// protoc-gen-go v1.34.2 // protoc v3.21.7 // source: bootstrapper/initproto/init.proto @@ -560,7 +560,7 @@ func file_bootstrapper_initproto_init_proto_rawDescGZIP() []byte { } var file_bootstrapper_initproto_init_proto_msgTypes = make([]protoimpl.MessageInfo, 6) -var file_bootstrapper_initproto_init_proto_goTypes = []interface{}{ +var file_bootstrapper_initproto_init_proto_goTypes = []any{ (*InitRequest)(nil), // 0: init.InitRequest (*InitResponse)(nil), // 1: init.InitResponse (*InitSuccessResponse)(nil), // 2: init.InitSuccessResponse @@ -589,7 +589,7 @@ func file_bootstrapper_initproto_init_proto_init() { return } if !protoimpl.UnsafeEnabled { - file_bootstrapper_initproto_init_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + file_bootstrapper_initproto_init_proto_msgTypes[0].Exporter = func(v any, i int) any { switch v := v.(*InitRequest); i { case 0: return &v.state @@ -601,7 +601,7 @@ func file_bootstrapper_initproto_init_proto_init() { return nil } } - file_bootstrapper_initproto_init_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + file_bootstrapper_initproto_init_proto_msgTypes[1].Exporter = func(v any, i int) any { switch v := v.(*InitResponse); i { case 0: return &v.state @@ -613,7 +613,7 @@ func file_bootstrapper_initproto_init_proto_init() { return nil } } - file_bootstrapper_initproto_init_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + file_bootstrapper_initproto_init_proto_msgTypes[2].Exporter = func(v any, i int) any { switch v := v.(*InitSuccessResponse); i { case 0: return &v.state @@ -625,7 +625,7 @@ func file_bootstrapper_initproto_init_proto_init() { return nil } } - file_bootstrapper_initproto_init_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + file_bootstrapper_initproto_init_proto_msgTypes[3].Exporter = func(v any, i int) any { switch v := v.(*InitFailureResponse); i { case 0: return &v.state @@ -637,7 +637,7 @@ func file_bootstrapper_initproto_init_proto_init() { return nil } } - file_bootstrapper_initproto_init_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + file_bootstrapper_initproto_init_proto_msgTypes[4].Exporter = func(v any, i int) any { switch v := v.(*LogResponseType); i { case 0: return &v.state @@ -649,7 +649,7 @@ func file_bootstrapper_initproto_init_proto_init() { return nil } } - file_bootstrapper_initproto_init_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + file_bootstrapper_initproto_init_proto_msgTypes[5].Exporter = func(v any, i int) any { switch v := v.(*KubernetesComponent); i { case 0: return &v.state @@ -662,7 +662,7 @@ func file_bootstrapper_initproto_init_proto_init() { } } } - file_bootstrapper_initproto_init_proto_msgTypes[1].OneofWrappers = []interface{}{ + file_bootstrapper_initproto_init_proto_msgTypes[1].OneofWrappers = []any{ (*InitResponse_InitSuccess)(nil), (*InitResponse_InitFailure)(nil), (*InitResponse_Log)(nil), diff --git a/bootstrapper/internal/joinclient/joinclient.go b/bootstrapper/internal/joinclient/joinclient.go index 8a2f6986f..5963ad7f8 100644 --- a/bootstrapper/internal/joinclient/joinclient.go +++ b/bootstrapper/internal/joinclient/joinclient.go @@ -209,7 +209,7 @@ func (c *JoinClient) requestJoinTicket(serviceEndpoint string) (ticket *joinprot return nil, nil, err } - conn, err := c.dialer.Dial(ctx, serviceEndpoint) + conn, err := c.dialer.Dial(serviceEndpoint) if err != nil { c.log.With(slog.String("endpoint", serviceEndpoint), slog.Any("error", err)).Error("Join service unreachable") return nil, nil, fmt.Errorf("dialing join service endpoint: %w", err) @@ -388,7 +388,7 @@ func (c *JoinClient) timeoutCtx() (context.Context, context.CancelFunc) { } type grpcDialer interface { - Dial(ctx context.Context, target string) (*grpc.ClientConn, error) + Dial(target string) (*grpc.ClientConn, error) } // ClusterJoiner has the ability to join a new node to an existing cluster. diff --git a/cli/internal/cmd/init.go b/cli/internal/cmd/init.go index a1e3e3632..138f22392 100644 --- a/cli/internal/cmd/init.go +++ b/cli/internal/cmd/init.go @@ -7,7 +7,6 @@ SPDX-License-Identifier: AGPL-3.0-only package cmd import ( - "context" "fmt" "io" "os" @@ -106,5 +105,5 @@ func (c *kubeconfigMerger) kubeconfigEnvVar() string { } type grpcDialer interface { - Dial(ctx context.Context, target string) (*grpc.ClientConn, error) + Dial(target string) (*grpc.ClientConn, error) } diff --git a/cli/internal/cmd/recover.go b/cli/internal/cmd/recover.go index 4541fd08d..17ffa4c32 100644 --- a/cli/internal/cmd/recover.go +++ b/cli/internal/cmd/recover.go @@ -217,7 +217,7 @@ type recoverDoer struct { // Do performs the recover streaming rpc. func (d *recoverDoer) Do(ctx context.Context) (retErr error) { - conn, err := d.dialer.Dial(ctx, d.endpoint) + conn, err := d.dialer.Dial(d.endpoint) if err != nil { return fmt.Errorf("dialing recovery server: %w", err) } diff --git a/cli/internal/cmd/verify.go b/cli/internal/cmd/verify.go index 41e80e8f7..25bc6ebac 100644 --- a/cli/internal/cmd/verify.go +++ b/cli/internal/cmd/verify.go @@ -380,7 +380,7 @@ func (v *constellationVerifier) Verify( ctx context.Context, endpoint string, req *verifyproto.GetAttestationRequest, validator atls.Validator, ) ([]byte, error) { v.log.Debug(fmt.Sprintf("Dialing endpoint: %q", endpoint)) - conn, err := v.dialer.DialInsecure(ctx, endpoint) + conn, err := v.dialer.DialInsecure(endpoint) if err != nil { return nil, fmt.Errorf("dialing init server: %w", err) } @@ -412,7 +412,7 @@ type verifyClient interface { } type grpcInsecureDialer interface { - DialInsecure(ctx context.Context, endpoint string) (conn *grpc.ClientConn, err error) + DialInsecure(endpoint string) (conn *grpc.ClientConn, err error) } // writeIndentfln writes a formatted string to the builder with the given indentation level diff --git a/csi/kms/constellation.go b/csi/kms/constellation.go index dbc310bdb..9ae1733ae 100644 --- a/csi/kms/constellation.go +++ b/csi/kms/constellation.go @@ -31,7 +31,7 @@ func NewConstellationKMS(endpoint string) *ConstellationKMS { // GetDEK request a data encryption key derived from the Constellation's master secret. func (k *ConstellationKMS) GetDEK(ctx context.Context, dekID string, dekSize int) ([]byte, error) { - conn, err := grpc.DialContext(ctx, k.endpoint, grpc.WithTransportCredentials(insecure.NewCredentials())) + conn, err := grpc.NewClient(k.endpoint, grpc.WithTransportCredentials(insecure.NewCredentials())) if err != nil { return nil, err } diff --git a/debugd/internal/cdbg/cmd/deploy.go b/debugd/internal/cdbg/cmd/deploy.go index 3afd363cb..d66cf10b7 100644 --- a/debugd/internal/cdbg/cmd/deploy.go +++ b/debugd/internal/cdbg/cmd/deploy.go @@ -203,8 +203,7 @@ type closeAndWait func() // newDebugdClient creates a new gRPC client for the debugd service and logs the connection state changes. func newDebugdClient(ctx context.Context, ip string, log *slog.Logger) (pb.DebugdClient, closeAndWait, error) { - conn, err := grpc.DialContext( - ctx, + conn, err := grpc.NewClient( net.JoinHostPort(ip, strconv.Itoa(constants.DebugdPort)), grpc.WithTransportCredentials(insecure.NewCredentials()), logger.GetClientUnaryInterceptor(log), diff --git a/debugd/internal/debugd/deploy/download.go b/debugd/internal/debugd/deploy/download.go index affe685d3..96ae8fd2f 100644 --- a/debugd/internal/debugd/deploy/download.go +++ b/debugd/internal/debugd/deploy/download.go @@ -53,7 +53,7 @@ func (d *Download) DownloadInfo(ctx context.Context, ip string) error { log := d.log.With(slog.String("ip", ip)) serverAddr := net.JoinHostPort(ip, strconv.Itoa(constants.DebugdPort)) - client, closer, err := d.newClient(ctx, serverAddr, log) + client, closer, err := d.newClient(serverAddr, log) if err != nil { return err } @@ -74,7 +74,7 @@ func (d *Download) DownloadDeployment(ctx context.Context, ip string) error { log := d.log.With(slog.String("ip", ip)) serverAddr := net.JoinHostPort(ip, strconv.Itoa(constants.DebugdPort)) - client, closer, err := d.newClient(ctx, serverAddr, log) + client, closer, err := d.newClient(serverAddr, log) if err != nil { return err } @@ -117,17 +117,17 @@ func (d *Download) DownloadDeployment(ctx context.Context, ip string) error { return nil } -func (d *Download) newClient(ctx context.Context, serverAddr string, log *slog.Logger) (pb.DebugdClient, io.Closer, error) { +func (d *Download) newClient(serverAddr string, log *slog.Logger) (pb.DebugdClient, io.Closer, error) { log.Info("Connecting to server") - conn, err := d.dial(ctx, serverAddr) + conn, err := d.dial(serverAddr) if err != nil { return nil, nil, fmt.Errorf("connecting to other instance via gRPC: %w", err) } return pb.NewDebugdClient(conn), conn, nil } -func (d *Download) dial(ctx context.Context, target string) (*grpc.ClientConn, error) { - return grpc.DialContext(ctx, target, +func (d *Download) dial(target string) (*grpc.ClientConn, error) { + return grpc.NewClient(target, d.grpcWithDialer(), grpc.WithTransportCredentials(insecure.NewCredentials()), ) diff --git a/debugd/internal/debugd/server/server_test.go b/debugd/internal/debugd/server/server_test.go index 3ae8b3312..30d2a2c9e 100644 --- a/debugd/internal/debugd/server/server_test.go +++ b/debugd/internal/debugd/server/server_test.go @@ -371,8 +371,8 @@ type netDialer interface { DialContext(_ context.Context, network, address string) (net.Conn, error) } -func dial(ctx context.Context, dialer netDialer, target string) (*grpc.ClientConn, error) { - return grpc.DialContext(ctx, target, +func dial(dialer netDialer, target string) (*grpc.ClientConn, error) { + return grpc.NewClient(target, grpc.WithContextDialer(func(ctx context.Context, addr string) (net.Conn, error) { return dialer.DialContext(ctx, "tcp", addr) }), @@ -414,7 +414,7 @@ func setupServerWithConn(endpoint string, serv *debugdServer) (*grpc.Server, *gr lis := dialer.GetListener(endpoint) go grpcServ.Serve(lis) - conn, err := dial(context.Background(), dialer, endpoint) + conn, err := dial(dialer, endpoint) if err != nil { return nil, nil, err } diff --git a/debugd/service/debugd.pb.go b/debugd/service/debugd.pb.go index fe9387da4..c60ce592f 100644 --- a/debugd/service/debugd.pb.go +++ b/debugd/service/debugd.pb.go @@ -1,6 +1,6 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.34.1 +// protoc-gen-go v1.34.2 // protoc v3.21.7 // source: debugd/service/debugd.proto @@ -978,7 +978,7 @@ func file_debugd_service_debugd_proto_rawDescGZIP() []byte { var file_debugd_service_debugd_proto_enumTypes = make([]protoimpl.EnumInfo, 3) var file_debugd_service_debugd_proto_msgTypes = make([]protoimpl.MessageInfo, 13) -var file_debugd_service_debugd_proto_goTypes = []interface{}{ +var file_debugd_service_debugd_proto_goTypes = []any{ (SetInfoStatus)(0), // 0: debugd.SetInfoStatus (UploadFilesStatus)(0), // 1: debugd.UploadFilesStatus (UploadSystemdServiceUnitsStatus)(0), // 2: debugd.UploadSystemdServiceUnitsStatus @@ -1028,7 +1028,7 @@ func file_debugd_service_debugd_proto_init() { return } if !protoimpl.UnsafeEnabled { - file_debugd_service_debugd_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + file_debugd_service_debugd_proto_msgTypes[0].Exporter = func(v any, i int) any { switch v := v.(*SetInfoRequest); i { case 0: return &v.state @@ -1040,7 +1040,7 @@ func file_debugd_service_debugd_proto_init() { return nil } } - file_debugd_service_debugd_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + file_debugd_service_debugd_proto_msgTypes[1].Exporter = func(v any, i int) any { switch v := v.(*SetInfoResponse); i { case 0: return &v.state @@ -1052,7 +1052,7 @@ func file_debugd_service_debugd_proto_init() { return nil } } - file_debugd_service_debugd_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + file_debugd_service_debugd_proto_msgTypes[2].Exporter = func(v any, i int) any { switch v := v.(*GetInfoRequest); i { case 0: return &v.state @@ -1064,7 +1064,7 @@ func file_debugd_service_debugd_proto_init() { return nil } } - file_debugd_service_debugd_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + file_debugd_service_debugd_proto_msgTypes[3].Exporter = func(v any, i int) any { switch v := v.(*GetInfoResponse); i { case 0: return &v.state @@ -1076,7 +1076,7 @@ func file_debugd_service_debugd_proto_init() { return nil } } - file_debugd_service_debugd_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + file_debugd_service_debugd_proto_msgTypes[4].Exporter = func(v any, i int) any { switch v := v.(*Info); i { case 0: return &v.state @@ -1088,7 +1088,7 @@ func file_debugd_service_debugd_proto_init() { return nil } } - file_debugd_service_debugd_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + file_debugd_service_debugd_proto_msgTypes[5].Exporter = func(v any, i int) any { switch v := v.(*DownloadFilesRequest); i { case 0: return &v.state @@ -1100,7 +1100,7 @@ func file_debugd_service_debugd_proto_init() { return nil } } - file_debugd_service_debugd_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + file_debugd_service_debugd_proto_msgTypes[6].Exporter = func(v any, i int) any { switch v := v.(*FileTransferMessage); i { case 0: return &v.state @@ -1112,7 +1112,7 @@ func file_debugd_service_debugd_proto_init() { return nil } } - file_debugd_service_debugd_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + file_debugd_service_debugd_proto_msgTypes[7].Exporter = func(v any, i int) any { switch v := v.(*FileTransferHeader); i { case 0: return &v.state @@ -1124,7 +1124,7 @@ func file_debugd_service_debugd_proto_init() { return nil } } - file_debugd_service_debugd_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { + file_debugd_service_debugd_proto_msgTypes[8].Exporter = func(v any, i int) any { switch v := v.(*Chunk); i { case 0: return &v.state @@ -1136,7 +1136,7 @@ func file_debugd_service_debugd_proto_init() { return nil } } - file_debugd_service_debugd_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { + file_debugd_service_debugd_proto_msgTypes[9].Exporter = func(v any, i int) any { switch v := v.(*UploadFilesResponse); i { case 0: return &v.state @@ -1148,7 +1148,7 @@ func file_debugd_service_debugd_proto_init() { return nil } } - file_debugd_service_debugd_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { + file_debugd_service_debugd_proto_msgTypes[10].Exporter = func(v any, i int) any { switch v := v.(*ServiceUnit); i { case 0: return &v.state @@ -1160,7 +1160,7 @@ func file_debugd_service_debugd_proto_init() { return nil } } - file_debugd_service_debugd_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { + file_debugd_service_debugd_proto_msgTypes[11].Exporter = func(v any, i int) any { switch v := v.(*UploadSystemdServiceUnitsRequest); i { case 0: return &v.state @@ -1172,7 +1172,7 @@ func file_debugd_service_debugd_proto_init() { return nil } } - file_debugd_service_debugd_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { + file_debugd_service_debugd_proto_msgTypes[12].Exporter = func(v any, i int) any { switch v := v.(*UploadSystemdServiceUnitsResponse); i { case 0: return &v.state @@ -1185,11 +1185,11 @@ func file_debugd_service_debugd_proto_init() { } } } - file_debugd_service_debugd_proto_msgTypes[6].OneofWrappers = []interface{}{ + file_debugd_service_debugd_proto_msgTypes[6].OneofWrappers = []any{ (*FileTransferMessage_Header)(nil), (*FileTransferMessage_Chunk)(nil), } - file_debugd_service_debugd_proto_msgTypes[7].OneofWrappers = []interface{}{} + file_debugd_service_debugd_proto_msgTypes[7].OneofWrappers = []any{} type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ diff --git a/disk-mapper/internal/recoveryserver/recoveryserver_test.go b/disk-mapper/internal/recoveryserver/recoveryserver_test.go index cf4e6c043..1a7722bb7 100644 --- a/disk-mapper/internal/recoveryserver/recoveryserver_test.go +++ b/disk-mapper/internal/recoveryserver/recoveryserver_test.go @@ -123,7 +123,7 @@ func TestRecover(t *testing.T) { diskKey, measurementSecret, serveErr = server.Serve(serveCtx, listener, serverUUID) }() - conn, err := dialer.New(nil, nil, netDialer).Dial(ctx, "192.0.2.1:1234") + conn, err := dialer.New(nil, nil, netDialer).Dial("192.0.2.1:1234") require.NoError(err) defer conn.Close() diff --git a/disk-mapper/internal/rejoinclient/rejoinclient.go b/disk-mapper/internal/rejoinclient/rejoinclient.go index bedb01535..ac0e17871 100644 --- a/disk-mapper/internal/rejoinclient/rejoinclient.go +++ b/disk-mapper/internal/rejoinclient/rejoinclient.go @@ -123,7 +123,7 @@ func (c *RejoinClient) requestRejoinTicket(endpoint string) (*joinproto.IssueRej ctx, cancel := c.timeoutCtx() defer cancel() - conn, err := c.dialer.Dial(ctx, endpoint) + conn, err := c.dialer.Dial(endpoint) if err != nil { return nil, err } @@ -185,7 +185,7 @@ func (c *RejoinClient) timeoutCtx() (context.Context, context.CancelFunc) { } type grpcDialer interface { - Dial(ctx context.Context, target string) (*grpc.ClientConn, error) + Dial(target string) (*grpc.ClientConn, error) } type metadataAPI interface { diff --git a/disk-mapper/recoverproto/recover.pb.go b/disk-mapper/recoverproto/recover.pb.go index d63b28706..3810a2a5b 100644 --- a/disk-mapper/recoverproto/recover.pb.go +++ b/disk-mapper/recoverproto/recover.pb.go @@ -1,6 +1,6 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.34.1 +// protoc-gen-go v1.34.2 // protoc v3.21.7 // source: disk-mapper/recoverproto/recover.proto @@ -155,7 +155,7 @@ func file_disk_mapper_recoverproto_recover_proto_rawDescGZIP() []byte { } var file_disk_mapper_recoverproto_recover_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_disk_mapper_recoverproto_recover_proto_goTypes = []interface{}{ +var file_disk_mapper_recoverproto_recover_proto_goTypes = []any{ (*RecoverMessage)(nil), // 0: recoverproto.RecoverMessage (*RecoverResponse)(nil), // 1: recoverproto.RecoverResponse } @@ -175,7 +175,7 @@ func file_disk_mapper_recoverproto_recover_proto_init() { return } if !protoimpl.UnsafeEnabled { - file_disk_mapper_recoverproto_recover_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + file_disk_mapper_recoverproto_recover_proto_msgTypes[0].Exporter = func(v any, i int) any { switch v := v.(*RecoverMessage); i { case 0: return &v.state @@ -187,7 +187,7 @@ func file_disk_mapper_recoverproto_recover_proto_init() { return nil } } - file_disk_mapper_recoverproto_recover_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + file_disk_mapper_recoverproto_recover_proto_msgTypes[1].Exporter = func(v any, i int) any { switch v := v.(*RecoverResponse); i { case 0: return &v.state diff --git a/e2e/malicious-join/malicious-join.go b/e2e/malicious-join/malicious-join.go index 2ef649771..96a3076f0 100644 --- a/e2e/malicious-join/malicious-join.go +++ b/e2e/malicious-join/malicious-join.go @@ -156,7 +156,7 @@ type maliciousJoiner struct { // join issues a join request to the join service endpoint. func (j *maliciousJoiner) join(ctx context.Context) (*joinproto.IssueJoinTicketResponse, error) { j.logger.Debug(fmt.Sprintf("Dialing join service endpoint %q", j.endpoint)) - conn, err := j.dialer.Dial(ctx, j.endpoint) + conn, err := j.dialer.Dial(j.endpoint) if err != nil { return nil, fmt.Errorf("dialing join service endpoint: %w", err) } diff --git a/go.mod b/go.mod index ed20810df..07887fa5a 100644 --- a/go.mod +++ b/go.mod @@ -37,129 +37,129 @@ replace ( replace github.com/martinjungblut/go-cryptsetup => github.com/daniel-weisse/go-cryptsetup v0.0.0-20230705150314-d8c07bd1723c require ( - cloud.google.com/go/compute v1.26.0 + cloud.google.com/go/compute v1.27.0 cloud.google.com/go/compute/metadata v0.3.0 - cloud.google.com/go/kms v1.16.0 - cloud.google.com/go/secretmanager v1.13.0 - cloud.google.com/go/storage v1.40.0 + cloud.google.com/go/kms v1.17.1 + cloud.google.com/go/secretmanager v1.13.1 + cloud.google.com/go/storage v1.42.0 dario.cat/mergo v1.0.0 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.7.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5 v5.1.1 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0 github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.3.2 - github.com/BurntSushi/toml v1.3.2 - github.com/aws/aws-sdk-go v1.53.0 - github.com/aws/aws-sdk-go-v2 v1.26.1 - github.com/aws/aws-sdk-go-v2/config v1.27.13 - github.com/aws/aws-sdk-go-v2/credentials v1.17.13 - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 - github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.16.17 - github.com/aws/aws-sdk-go-v2/service/autoscaling v1.40.6 - github.com/aws/aws-sdk-go-v2/service/cloudfront v1.36.1 - github.com/aws/aws-sdk-go-v2/service/ec2 v1.161.1 - github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.30.6 - github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.21.5 - github.com/aws/aws-sdk-go-v2/service/s3 v1.53.2 - github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.7 + github.com/BurntSushi/toml v1.4.0 + github.com/aws/aws-sdk-go v1.54.5 + github.com/aws/aws-sdk-go-v2 v1.30.0 + github.com/aws/aws-sdk-go-v2/config v1.27.21 + github.com/aws/aws-sdk-go-v2/credentials v1.17.21 + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.8 + github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.1 + github.com/aws/aws-sdk-go-v2/service/autoscaling v1.41.1 + github.com/aws/aws-sdk-go-v2/service/cloudfront v1.37.1 + github.com/aws/aws-sdk-go-v2/service/ec2 v1.165.1 + github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.32.1 + github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.22.1 + github.com/aws/aws-sdk-go-v2/service/s3 v1.56.1 + github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.31.1 github.com/aws/smithy-go v1.20.2 - github.com/bazelbuild/buildtools v0.0.0-20240422193413-1429e15ae755 - github.com/bazelbuild/rules_go v0.48.0 + github.com/bazelbuild/buildtools v0.0.0-20240606140350-80f1f6802857 + github.com/bazelbuild/rules_go v0.48.1 github.com/coreos/go-systemd/v22 v22.5.0 - github.com/docker/docker v26.1.2+incompatible + github.com/docker/docker v26.1.4+incompatible github.com/edgelesssys/go-azguestattestation v0.0.0-20240513062303-05f8770a633d github.com/edgelesssys/go-tdx-qpl v0.0.0-20240123150912-dcad3c41ec5f - github.com/foxboron/go-uefi v0.0.0-20240128152106-48be911532c2 + github.com/foxboron/go-uefi v0.0.0-20240522180132-205d5597883a github.com/fsnotify/fsnotify v1.7.0 github.com/go-playground/locales v0.14.1 github.com/go-playground/universal-translator v0.18.1 - github.com/go-playground/validator/v10 v10.20.0 + github.com/go-playground/validator/v10 v10.22.0 github.com/golang-jwt/jwt/v5 v5.2.1 github.com/google/go-sev-guest v0.11.1 github.com/google/go-tdx-guest v0.3.1 github.com/google/go-tpm v0.9.1 github.com/google/go-tpm-tools v0.4.4 github.com/google/uuid v1.6.0 - github.com/googleapis/gax-go/v2 v2.12.4 - github.com/gophercloud/gophercloud v1.11.0 + github.com/googleapis/gax-go/v2 v2.12.5 + github.com/gophercloud/gophercloud v1.12.0 github.com/gophercloud/utils v0.0.0-20231010081019-80377eca5d56 github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.1.0 github.com/hashicorp/go-kms-wrapping/v2 v2.0.16 github.com/hashicorp/go-kms-wrapping/wrappers/awskms/v2 v2.0.9 github.com/hashicorp/go-kms-wrapping/wrappers/azurekeyvault/v2 v2.0.11 github.com/hashicorp/go-kms-wrapping/wrappers/gcpckms/v2 v2.0.12 - github.com/hashicorp/go-version v1.6.0 - github.com/hashicorp/hc-install v0.6.4 - github.com/hashicorp/hcl/v2 v2.20.1 - github.com/hashicorp/terraform-exec v0.20.0 - github.com/hashicorp/terraform-json v0.21.0 - github.com/hashicorp/terraform-plugin-framework v1.8.0 + github.com/hashicorp/go-version v1.7.0 + github.com/hashicorp/hc-install v0.7.0 + github.com/hashicorp/hcl/v2 v2.21.0 + github.com/hashicorp/terraform-exec v0.21.0 + github.com/hashicorp/terraform-json v0.22.1 + github.com/hashicorp/terraform-plugin-framework v1.9.0 github.com/hashicorp/terraform-plugin-framework-validators v0.12.0 github.com/hashicorp/terraform-plugin-go v0.23.0 github.com/hashicorp/terraform-plugin-log v0.9.0 - github.com/hashicorp/terraform-plugin-testing v1.7.0 + github.com/hashicorp/terraform-plugin-testing v1.8.0 github.com/hexops/gotextdiff v1.0.3 github.com/martinjungblut/go-cryptsetup v0.0.0-20220520180014-fd0874fd07a6 github.com/mattn/go-isatty v0.0.20 github.com/mitchellh/go-homedir v1.1.0 - github.com/onsi/ginkgo/v2 v2.17.3 + github.com/onsi/ginkgo/v2 v2.19.0 github.com/onsi/gomega v1.33.1 github.com/pkg/errors v0.9.1 - github.com/regclient/regclient v0.6.0 + github.com/regclient/regclient v0.6.1 github.com/rogpeppe/go-internal v1.12.0 - github.com/samber/slog-multi v1.0.2 - github.com/schollz/progressbar/v3 v3.14.2 + github.com/samber/slog-multi v1.1.0 + github.com/schollz/progressbar/v3 v3.14.4 github.com/secure-systems-lab/go-securesystemslib v0.8.0 - github.com/siderolabs/talos/pkg/machinery v1.7.1 + github.com/siderolabs/talos/pkg/machinery v1.7.4 github.com/sigstore/rekor v1.3.6 - github.com/sigstore/sigstore v1.8.3 + github.com/sigstore/sigstore v1.8.4 github.com/spf13/afero v1.11.0 - github.com/spf13/cobra v1.8.0 + github.com/spf13/cobra v1.8.1 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.9.0 - github.com/tink-crypto/tink-go/v2 v2.1.0 + github.com/tink-crypto/tink-go/v2 v2.2.0 github.com/vincent-petithory/dataurl v1.0.0 - go.etcd.io/etcd/api/v3 v3.5.13 - go.etcd.io/etcd/client/pkg/v3 v3.5.13 - go.etcd.io/etcd/client/v3 v3.5.13 + go.etcd.io/etcd/api/v3 v3.5.14 + go.etcd.io/etcd/client/pkg/v3 v3.5.14 + go.etcd.io/etcd/client/v3 v3.5.14 go.uber.org/goleak v1.3.0 golang.org/x/crypto v0.24.0 - golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 - golang.org/x/mod v0.17.0 + golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 + golang.org/x/mod v0.18.0 golang.org/x/sys v0.21.0 golang.org/x/text v0.16.0 - golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d - google.golang.org/api v0.180.0 - google.golang.org/grpc v1.63.2 - google.golang.org/protobuf v1.34.1 + golang.org/x/tools v0.22.0 + google.golang.org/api v0.185.0 + google.golang.org/grpc v1.64.0 + google.golang.org/protobuf v1.34.2 gopkg.in/yaml.v3 v3.0.1 helm.sh/helm v2.17.0+incompatible - helm.sh/helm/v3 v3.14.4 - k8s.io/api v0.30.0 - k8s.io/apiextensions-apiserver v0.30.0 - k8s.io/apimachinery v0.30.0 - k8s.io/apiserver v0.30.0 - k8s.io/client-go v0.30.0 - k8s.io/cluster-bootstrap v0.30.0 - k8s.io/kubelet v0.30.0 - k8s.io/kubernetes v1.30.0 - k8s.io/mount-utils v0.30.0 + helm.sh/helm/v3 v3.15.2 + k8s.io/api v0.30.2 + k8s.io/apiextensions-apiserver v0.30.2 + k8s.io/apimachinery v0.30.2 + k8s.io/apiserver v0.30.2 + k8s.io/client-go v0.30.2 + k8s.io/cluster-bootstrap v0.30.2 + k8s.io/kubelet v0.30.2 + k8s.io/kubernetes v1.30.2 + k8s.io/mount-utils v0.30.2 k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 libvirt.org/go/libvirt v1.10003.0 - sigs.k8s.io/controller-runtime v0.18.2 + sigs.k8s.io/controller-runtime v0.18.4 sigs.k8s.io/yaml v1.4.0 ) require ( - cloud.google.com/go v0.112.2 // indirect - cloud.google.com/go/auth v0.4.1 // indirect + cloud.google.com/go v0.115.0 // indirect + cloud.google.com/go/auth v0.5.1 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect cloud.google.com/go/iam v1.1.8 // indirect cloud.google.com/go/longrunning v0.5.7 // indirect github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect - github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 // indirect @@ -185,17 +185,17 @@ require ( github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.12 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.12 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect - github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.5 // indirect + github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.12 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.7 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.5 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.20.6 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.0 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.28.7 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.14 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.12 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.21.1 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.1 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.29.1 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver v3.5.1+incompatible // indirect github.com/blang/semver/v4 v4.0.0 // indirect @@ -205,7 +205,7 @@ require ( github.com/containerd/containerd v1.7.12 // indirect github.com/containerd/log v0.1.0 // indirect github.com/coreos/go-semver v0.3.1 // indirect - github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect + github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7 // indirect github.com/cyphar/filepath-securejoin v0.2.4 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect @@ -254,7 +254,7 @@ require ( github.com/google/go-attestation v0.5.1 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-configfs-tsm v0.2.2 // indirect - github.com/google/go-containerregistry v0.19.0 // indirect + github.com/google/go-containerregistry v0.19.1 // indirect github.com/google/go-tspi v0.3.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/logger v1.1.1 // indirect @@ -270,7 +270,7 @@ require ( github.com/hashicorp/go-checkpoint v0.5.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 // indirect - github.com/hashicorp/go-hclog v1.6.2 // indirect + github.com/hashicorp/go-hclog v1.6.3 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-plugin v1.6.0 // indirect github.com/hashicorp/go-retryablehttp v0.7.5 // indirect @@ -289,7 +289,7 @@ require ( github.com/jmoiron/sqlx v1.3.5 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/klauspost/compress v1.17.4 // indirect + github.com/klauspost/compress v1.17.8 // indirect github.com/kylelemons/godebug v1.1.0 // indirect github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect @@ -341,7 +341,7 @@ require ( github.com/theupdateframework/go-tuf v0.7.0 // indirect github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect github.com/transparency-dev/merkle v0.0.2 // indirect - github.com/ulikunitz/xz v0.5.11 // indirect + github.com/ulikunitz/xz v0.5.12 // indirect github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect @@ -350,7 +350,7 @@ require ( github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.2.0 // indirect github.com/xlab/treeprint v1.2.0 // indirect - github.com/zclconf/go-cty v1.14.3 // indirect + github.com/zclconf/go-cty v1.14.4 // indirect go.mongodb.org/mongo-driver v1.14.0 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect @@ -362,23 +362,23 @@ require ( go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect golang.org/x/net v0.26.0 // indirect - golang.org/x/oauth2 v0.20.0 // indirect + golang.org/x/oauth2 v0.21.0 // indirect golang.org/x/sync v0.7.0 // indirect golang.org/x/term v0.21.0 // indirect golang.org/x/time v0.5.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.8 // indirect - google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240506185236-b8a5c65736ae // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6 // indirect + google.golang.org/genproto v0.0.0-20240617180043-68d350f18fd4 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240610135401-a8a62080eff3 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4 // indirect gopkg.in/go-jose/go-jose.v2 v2.6.3 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - k8s.io/cli-runtime v0.29.0 // indirect - k8s.io/component-base v0.30.0 // indirect + k8s.io/cli-runtime v0.30.0 // indirect + k8s.io/component-base v0.30.2 // indirect k8s.io/klog/v2 v2.120.1 // indirect k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect - k8s.io/kubectl v0.29.0 // indirect + k8s.io/kubectl v0.30.0 // indirect oras.land/oras-go v1.2.5 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 // indirect diff --git a/go.sum b/go.sum index 7b1072238..6a4e8b485 100644 --- a/go.sum +++ b/go.sum @@ -1,24 +1,24 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.112.2 h1:ZaGT6LiG7dBzi6zNOvVZwacaXlmf3lRqnC4DQzqyRQw= -cloud.google.com/go v0.112.2/go.mod h1:iEqjp//KquGIJV/m+Pk3xecgKNhV+ry+vVTsy4TbDms= -cloud.google.com/go/auth v0.4.1 h1:Z7YNIhlWRtrnKlZke7z3GMqzvuYzdc2z98F9D1NV5Hg= -cloud.google.com/go/auth v0.4.1/go.mod h1:QVBuVEKpCn4Zp58hzRGvL0tjRGU0YqdRTdCHM1IHnro= +cloud.google.com/go v0.115.0 h1:CnFSK6Xo3lDYRoBKEcAtia6VSC837/ZkJuRduSFnr14= +cloud.google.com/go v0.115.0/go.mod h1:8jIM5vVgoAEoiVxQ/O4BFTfHqulPZgs/ufEzMcFMdWU= +cloud.google.com/go/auth v0.5.1 h1:0QNO7VThG54LUzKiQxv8C6x1YX7lUrzlAa1nVLF8CIw= +cloud.google.com/go/auth v0.5.1/go.mod h1:vbZT8GjzDf3AVqCcQmqeeM32U9HBFc32vVVAbwDsa6s= cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4= cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= -cloud.google.com/go/compute v1.26.0 h1:uHf0NN2nvxl1Gh4QO83yRCOdMK4zivtMS5gv0dEX0hg= -cloud.google.com/go/compute v1.26.0/go.mod h1:T9RIRap4pVHCGUkVFRJ9hygT3KCXjip41X1GgWtBBII= +cloud.google.com/go/compute v1.27.0 h1:EGawh2RUnfHT5g8f/FX3Ds6KZuIBC77hZoDrBvEZw94= +cloud.google.com/go/compute v1.27.0/go.mod h1:LG5HwRmWFKM2C5XxHRiNzkLLXW48WwvyVC0mfWsYPOM= cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc= cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= cloud.google.com/go/iam v1.1.8 h1:r7umDwhj+BQyz0ScZMp4QrGXjSTI3ZINnpgU2nlB/K0= cloud.google.com/go/iam v1.1.8/go.mod h1:GvE6lyMmfxXauzNq8NbgJbeVQNspG+tcdL/W8QO1+zE= -cloud.google.com/go/kms v1.16.0 h1:1yZsRPhmargZOmY+fVAh8IKiR9HzCb0U1zsxb5g2nRY= -cloud.google.com/go/kms v1.16.0/go.mod h1:olQUXy2Xud+1GzYfiBO9N0RhjsJk5IJLU6n/ethLXVc= +cloud.google.com/go/kms v1.17.1 h1:5k0wXqkxL+YcXd4viQzTqCgzzVKKxzgrK+rCZJytEQs= +cloud.google.com/go/kms v1.17.1/go.mod h1:DCMnCF/apA6fZk5Cj4XsD979OyHAqFasPuA5Sd0kGlQ= cloud.google.com/go/longrunning v0.5.7 h1:WLbHekDbjK1fVFD3ibpFFVoyizlLRl73I7YKuAKilhU= cloud.google.com/go/longrunning v0.5.7/go.mod h1:8GClkudohy1Fxm3owmBGid8W0pSgodEMwEAztp38Xng= -cloud.google.com/go/secretmanager v1.13.0 h1:nQ/Ca2Gzm/OEP8tr1hiFdHRi5wAnAmsm9qTjwkivyrQ= -cloud.google.com/go/secretmanager v1.13.0/go.mod h1:yWdfNmM2sLIiyv6RM6VqWKeBV7CdS0SO3ybxJJRhBEs= -cloud.google.com/go/storage v1.40.0 h1:VEpDQV5CJxFmJ6ueWNsKxcr1QAYOXEgxDa+sBbJahPw= -cloud.google.com/go/storage v1.40.0/go.mod h1:Rrj7/hKlG87BLqDJYtwR0fbPld8uJPbQ2ucUMY7Ir0g= +cloud.google.com/go/secretmanager v1.13.1 h1:TTGo2Vz7ZxYn2QbmuFP7Zo4lDm5VsbzBjDReo3SA5h4= +cloud.google.com/go/secretmanager v1.13.1/go.mod h1:y9Ioh7EHp1aqEKGYXk3BOC+vkhlHm9ujL7bURT4oI/4= +cloud.google.com/go/storage v1.42.0 h1:4QtGpplCVt1wz6g5o1ifXd656P5z+yNgzdw1tVfp0cU= +cloud.google.com/go/storage v1.42.0/go.mod h1:HjMXRFq65pGKFn6hxj6x3HCyR41uSB72Z0SO/Vn6JFQ= dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= @@ -29,12 +29,12 @@ github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230919221257-8b5d3ce2d11d h1:zjq github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230919221257-8b5d3ce2d11d/go.mod h1:XNqJ7hv2kY++g8XEHREpi+JqZo3+0l+CH2egBVN4yqM= github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU= github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 h1:E+OJmp2tPvt1W+amx48v1eqbjDYsgN+RzP4q16yV5eM= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1/go.mod h1:a6xsAQUZg+VsS3TJ05SRp524Hs4pZ/AeFSr5ENf0Yjo= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 h1:1nGuui+4POelzDwI7RG56yfQJHCnKvwfMoU7VsEp+Zg= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0/go.mod h1:99EvauvlcJ1U06amZiksfYz/3aFGyIhWGHVyiZXtBAI= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 h1:U2rTu3Ef+7w9FHKIAXM6ZyqF3UOWJZ12zIm8zECAFfg= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 h1:jBQA3cKT4L2rWMpgE7Yt3Hwh2aUj8KXjIGLxjHeYNNo= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0/go.mod h1:4OG6tQ9EOP/MT0NMjDlRzWoVFxfu9rN9B2X+tlSVktg= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 h1:H+U3Gk9zY56G3u872L82bk4thcsy2Gghb9ExT4Zvm1o= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0/go.mod h1:mgrmMSgaLp9hmax62XQTd0N4aAqSE5E0DulSpVYK7vc= github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0 h1:m/sWOGCREuSBqg2htVQTBY8nOZpyajYztF0vUvSZTuM= github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0/go.mod h1:Pu5Zksi2KrU7LPbZbNINx6fuVrUp/ffvpxdDj+i8LeE= github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 h1:FbH3BbSb4bvGluTesZZ+ttN/MDsnMmQP36OSnDuSXqw= @@ -80,8 +80,8 @@ github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBp github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= -github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0= +github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU= github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU= github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ= @@ -117,62 +117,62 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/aws/aws-sdk-go v1.30.27/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= -github.com/aws/aws-sdk-go v1.53.0 h1:MMo1x1ggPPxDfHMXJnQudTbGXYlD4UigUAud1DJxPVo= -github.com/aws/aws-sdk-go v1.53.0/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= -github.com/aws/aws-sdk-go-v2 v1.26.1 h1:5554eUqIYVWpU0YmeeYZ0wU64H2VLBs8TlhRB2L+EkA= -github.com/aws/aws-sdk-go-v2 v1.26.1/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM= +github.com/aws/aws-sdk-go v1.54.5 h1:uOYrME3NWf7/J7orDdhZbF8IQCNkE7OZHATdzWS0ok0= +github.com/aws/aws-sdk-go v1.54.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go-v2 v1.30.0 h1:6qAwtzlfcTtcL8NHtbDQAqgM5s6NDipQTkPxyH/6kAA= +github.com/aws/aws-sdk-go-v2 v1.30.0/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2 h1:x6xsQXGSmW6frevwDA+vi/wqhp1ct18mVXYN08/93to= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2/go.mod h1:lPprDr1e6cJdyYeGXnRaJoP4Md+cDBvi2eOj00BlGmg= -github.com/aws/aws-sdk-go-v2/config v1.27.13 h1:WbKW8hOzrWoOA/+35S5okqO/2Ap8hkkFUzoW8Hzq24A= -github.com/aws/aws-sdk-go-v2/config v1.27.13/go.mod h1:XLiyiTMnguytjRER7u5RIkhIqS8Nyz41SwAWb4xEjxs= -github.com/aws/aws-sdk-go-v2/credentials v1.17.13 h1:XDCJDzk/u5cN7Aple7D/MiAhx1Rjo/0nueJ0La8mRuE= -github.com/aws/aws-sdk-go-v2/credentials v1.17.13/go.mod h1:FMNcjQrmuBYvOTZDtOLCIu0esmxjF7RuA/89iSXWzQI= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 h1:FVJ0r5XTHSmIHJV6KuDmdYhEpvlHpiSd38RQWhut5J4= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1/go.mod h1:zusuAeqezXzAB24LGuzuekqMAEgWkVYukBec3kr3jUg= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.16.17 h1:9b1Os1s11mF5qTIKLgSsyPG810di2+ySSLIIt9bwe9I= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.16.17/go.mod h1:9Wp7tDOMhv0+sb/FTRAkbHNQ7abYDnoJRzm5AAtCnTc= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 h1:aw39xVGeRWlWx9EzGVnhOR4yOjQDHPQ6o6NmBlscyQg= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5/go.mod h1:FSaRudD0dXiMPK2UjknVwwTYyZMRsHv3TtkabsZih5I= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5 h1:PG1F3OD1szkuQPzDw3CIQsRIrtTlUC3lP84taWzHlq0= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5/go.mod h1:jU1li6RFryMz+so64PpKtudI+QzbKoIEivqdf6LNpOc= +github.com/aws/aws-sdk-go-v2/config v1.27.21 h1:yPX3pjGCe2hJsetlmGNB4Mngu7UPmvWPzzWCv1+boeM= +github.com/aws/aws-sdk-go-v2/config v1.27.21/go.mod h1:4XtlEU6DzNai8RMbjSF5MgGZtYvrhBP/aKZcRtZAVdM= +github.com/aws/aws-sdk-go-v2/credentials v1.17.21 h1:pjAqgzfgFhTv5grc7xPHtXCAaMapzmwA7aU+c/SZQGw= +github.com/aws/aws-sdk-go-v2/credentials v1.17.21/go.mod h1:nhK6PtBlfHTUDVmBLr1dg+WHCOCK+1Fu/WQyVHPsgNQ= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.8 h1:FR+oWPFb/8qMVYMWN98bUZAGqPvLHiyqg1wqQGfUAXY= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.8/go.mod h1:EgSKcHiuuakEIxJcKGzVNWh5srVAQ3jKaSrBGRYvM48= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.1 h1:D9VqWMuw7lJAX6d5eINfRQ/PkvtcJAK3Qmd6f6xEeUw= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.1/go.mod h1:ckvBx7codI4wzc5inOfDp5ZbK7TjMFa7eXwmLvXQrRk= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.12 h1:SJ04WXGTwnHlWIODtC5kJzKbeuHt+OUNOgKg7nfnUGw= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.12/go.mod h1:FkpvXhA92gb3GE9LD6Og0pHHycTxW7xGpnEh5E7Opwo= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.12 h1:hb5KgeYfObi5MHkSSZMEudnIvX30iB+E21evI4r6BnQ= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.12/go.mod h1:CroKe/eWJdyfy9Vx4rljP5wTUjNJfb+fPz1uMYUhEGM= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.5 h1:81KE7vaZzrl7yHBYHVEzYB8sypz11NMOZ40YlWvPxsU= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.5/go.mod h1:LIt2rg7Mcgn09Ygbdh/RdIm0rQ+3BNkbP1gyVMFtRK0= -github.com/aws/aws-sdk-go-v2/service/autoscaling v1.40.6 h1:IDoEdCkKRy7iPlRVSuDATGE57xUjrk5i1M9eWPYwr/Y= -github.com/aws/aws-sdk-go-v2/service/autoscaling v1.40.6/go.mod h1:ZErgk/bPaaZIpj+lUWGlwI1A0UFhSIscgnCPzTLnb2s= -github.com/aws/aws-sdk-go-v2/service/cloudfront v1.36.1 h1://GRw/PrpnUyWBJh6KvUvR9AgkDBhclzaj3HKGxRoCw= -github.com/aws/aws-sdk-go-v2/service/cloudfront v1.36.1/go.mod h1:Pphkts8iBnexoEpcMti5fUvN3/yoGRLtl2heOeppF70= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.161.1 h1:NbjXshriDs5bGeqKvrOF70L41X0aCMC60ImN2vkcQAc= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.161.1/go.mod h1:xejKuuRDjz6z5OqyeLsz01MlOqqW7CqpAB4PabNvpu8= -github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.30.6 h1:P5kMcIzrz4Y7GIkvmkosgv/0cs1Crk/VLo5pBhrTWGI= -github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.30.6/go.mod h1:e1McVqsud0JOERidvppLEHnuCdh/X6MRyL5L0LseAUk= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.12 h1:DXFWyt7ymx/l1ygdyTTS0X923e+Q2wXIxConJzrgwc0= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.12/go.mod h1:mVOr/LbvaNySK1/BTy4cBOCjhCNY2raWBwK4v+WR5J4= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.41.1 h1:ZNokD9M3On22Qscssyi3iQAzkoeOJxnE5NANNCzPzIA= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.41.1/go.mod h1:5XY8CFGBv6dZp/thbk8FRIAWjqNckM7PsL848KHdzjI= +github.com/aws/aws-sdk-go-v2/service/cloudfront v1.37.1 h1:oOm9MhuUpAWAmjcXwkTsYBzXzFIDbVYje6P5jPkG3kU= +github.com/aws/aws-sdk-go-v2/service/cloudfront v1.37.1/go.mod h1:Pri+xMTktTIOpTg/yYeCYgk4vOrv6sZLcB467ePRIoU= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.165.1 h1:LkSnU1c9JKJyXYcwpWgQGuwctwv3pDenMUgH2CmLd1A= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.165.1/go.mod h1:Wv7N3iFOKVsZNIaw9MOBUmwCkX6VMmQQRFhMrHtNGno= +github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.32.1 h1:whB9mAd0jcYqVF75rVASYdPPBEfZwGFLBq9rz0cHCoI= +github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.32.1/go.mod h1:EjPhusEHOS2hFIJFR3PfI4ndJLkhm3VKTWv0U5m+VR4= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.7 h1:ZMeFZ5yk+Ek+jNr1+uwCd2tG89t6oTS5yVWpa6yy2es= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.7/go.mod h1:mxV05U+4JiHqIpGqqYXOHLPKUC6bDXC44bsUhNjOEwY= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7 h1:ogRAwT1/gxJBcSWDMZlgyFUM962F51A5CRhDLbxLdmo= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.7/go.mod h1:YCsIZhXfRPLFFCl5xxY+1T9RKzOKjCut+28JSX2DnAk= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.5 h1:f9RyWNtS8oH7cZlbn+/JNPpjUk5+5fLd5lM9M0i49Ys= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.5/go.mod h1:h5CoMZV2VF297/VLhRhO1WF+XYWOzXo+4HsObA4HjBQ= -github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.21.5 h1:GR0vFRc5TpN36ppQJjd+gjRRC9vMAHN5C2W53oMWCJU= -github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.21.5/go.mod h1:FWw+Jnx+SlpsrU/NQ/f7f+1RdixTApZiU2o9FOubiDQ= -github.com/aws/aws-sdk-go-v2/service/s3 v1.53.2 h1:rq2hglTQM3yHZvOPVMtNvLS5x6hijx7JvRDgKiTNDGQ= -github.com/aws/aws-sdk-go-v2/service/s3 v1.53.2/go.mod h1:qmdkIIAC+GCLASF7R2whgNrJADz0QZPX+Seiw/i4S3o= -github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.7 h1:4cziOtpDwtgcb+wTYRzz8C+GoH1XySy0p7j4oBbqPQE= -github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.7/go.mod h1:3Ba++UwWd154xtP4FRX5pUK3Gt4up5sDHCve6kVfE+g= -github.com/aws/aws-sdk-go-v2/service/sso v1.20.6 h1:o5cTaeunSpfXiLTIBx5xo2enQmiChtu1IBbzXnfU9Hs= -github.com/aws/aws-sdk-go-v2/service/sso v1.20.6/go.mod h1:qGzynb/msuZIE8I75DVRCUXw3o3ZyBmUvMwQ2t/BrGM= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.0 h1:Qe0r0lVURDDeBQJ4yP+BOrJkvkiCo/3FH/t+wY11dmw= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.0/go.mod h1:mUYPBhaF2lGiukDEjJX2BLRRKTmoUSitGDUgM4tRxak= -github.com/aws/aws-sdk-go-v2/service/sts v1.28.7 h1:et3Ta53gotFR4ERLXXHIHl/Uuk1qYpP5uU7cvNql8ns= -github.com/aws/aws-sdk-go-v2/service/sts v1.28.7/go.mod h1:FZf1/nKNEkHdGGJP/cI2MoIMquumuRK6ol3QQJNDxmw= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.14 h1:oWccitSnByVU74rQRHac4gLfDqjB6Z1YQGOY/dXKedI= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.14/go.mod h1:8SaZBlQdCLrc/2U3CEO48rYj9uR8qRsPRkmzwNM52pM= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14 h1:zSDPny/pVnkqABXYRicYuPf9z2bTqfH13HT3v6UheIk= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14/go.mod h1:3TTcI5JSzda1nw/pkVC9dhgLre0SNBFj2lYS4GctXKI= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.12 h1:tzha+v1SCEBpXWEuw6B/+jm4h5z8hZbTpXz0zRZqTnw= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.12/go.mod h1:n+nt2qjHGoseWeLHt1vEr6ZRCCxIN2KcNpJxBcYQSwI= +github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.22.1 h1:73im9DnuBD4+G8hHsbqb0NSA+n6QJ5ApFk6/YeOz8k8= +github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.22.1/go.mod h1:p5FuKT8Rj4fnlT84Pzy7itV11NZ39Fwm/Y52S8Lg1Oc= +github.com/aws/aws-sdk-go-v2/service/s3 v1.56.1 h1:wsg9Z/vNnCmxWikfGIoOlnExtEU459cR+2d+iDJ8elo= +github.com/aws/aws-sdk-go-v2/service/s3 v1.56.1/go.mod h1:8rDw3mVwmvIWWX/+LWY3PPIMZuwnQdJMCt0iVFVT3qw= +github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.31.1 h1:fMhrWVym3nTAcf3eT9XsYcfN1kgQ/7ZuVLGHjPAn6Ms= +github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.31.1/go.mod h1:tBCf2+VgRT/Lk9KIlKpTxyCunzxHcP8BFPqcck5I9mM= +github.com/aws/aws-sdk-go-v2/service/sso v1.21.1 h1:sd0BsnAvLH8gsp2e3cbaIr+9D7T1xugueQ7V/zUAsS4= +github.com/aws/aws-sdk-go-v2/service/sso v1.21.1/go.mod h1:lcQG/MmxydijbeTOp04hIuJwXGWPZGI3bwdFDGRTv14= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.1 h1:1uEFNNskK/I1KoZ9Q8wJxMz5V9jyBlsiaNrM7vA3YUQ= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.1/go.mod h1:z0P8K+cBIsFXUr5rzo/psUeJ20XjPN0+Nn8067Nd+E4= +github.com/aws/aws-sdk-go-v2/service/sts v1.29.1 h1:myX5CxqXE0QMZNja6FA1/FSE3Vu1rVmeUmpJMMzeZg0= +github.com/aws/aws-sdk-go-v2/service/sts v1.29.1/go.mod h1:N2mQiucsO0VwK9CYuS4/c2n6Smeh1v47Rz3dWCPFLdE= github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q= github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= -github.com/bazelbuild/buildtools v0.0.0-20240422193413-1429e15ae755 h1:hqhMmuZiSNwCWVHqnpr4DZfIeZ2/aJF7fs207eg7HZo= -github.com/bazelbuild/buildtools v0.0.0-20240422193413-1429e15ae755/go.mod h1:689QdV3hBP7Vo9dJMmzhoYIyo/9iMhEmHkJcnaPRCbo= -github.com/bazelbuild/rules_go v0.48.0 h1:fZgo6mCUKeL/+GQiMWy5/QU1FjNXGPnTd5bAeao1pbg= -github.com/bazelbuild/rules_go v0.48.0/go.mod h1:Dhcz716Kqg1RHNWos+N6MlXNkjNP2EwZQ0LukRKJfMs= +github.com/bazelbuild/buildtools v0.0.0-20240606140350-80f1f6802857 h1:3UwzfrfwoxlyGlPhbQR1O1HLOd4qNEyAwxHRSE+Yde4= +github.com/bazelbuild/buildtools v0.0.0-20240606140350-80f1f6802857/go.mod h1:689QdV3hBP7Vo9dJMmzhoYIyo/9iMhEmHkJcnaPRCbo= +github.com/bazelbuild/rules_go v0.48.1 h1:uFAO3cNJyiZlf3r4HzApyMDiNch7lU0VtQBHrjnfCyw= +github.com/bazelbuild/rules_go v0.48.1/go.mod h1:Dhcz716Kqg1RHNWos+N6MlXNkjNP2EwZQ0LukRKJfMs= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -217,8 +217,8 @@ github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/cpuguy83/go-md2man/v2 v2.0.3 h1:qMCsGGgs+MAzDFyp9LpAe1Lqy/fY/qCovCm0qnXZOBM= -github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4= +github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.21 h1:1/QdRyBaHHJP61QkWMXlOIBfsgdDeeKfK8SYVUWJKf0= github.com/creack/pty v1.1.21/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= @@ -242,8 +242,8 @@ github.com/docker/cli v25.0.1+incompatible h1:mFpqnrS6Hsm3v1k7Wa/BO23oz0k121MTbT github.com/docker/cli v25.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v26.1.2+incompatible h1:UVX5ZOrrfTGZZYEP+ZDq3Xn9PdHNXaSYMFPDumMqG2k= -github.com/docker/docker v26.1.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v26.1.4+incompatible h1:vuTpXDuoga+Z38m1OZHzl7NKisKWaWlhjQk7IDPSLsU= +github.com/docker/docker v26.1.4+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= @@ -280,8 +280,8 @@ github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/foxboron/go-uefi v0.0.0-20240128152106-48be911532c2 h1:qGlg/7H49H30Eu7nkCBA7YxNmW30ephqBf7xIxlAGuQ= -github.com/foxboron/go-uefi v0.0.0-20240128152106-48be911532c2/go.mod h1:ffg/fkDeOYicEQLoO2yFFGt00KUTYVXI+rfnc8il6vQ= +github.com/foxboron/go-uefi v0.0.0-20240522180132-205d5597883a h1:Q/VIO3QAlaF95JqVVF39udInPR76lu02yrMDInavm8Q= +github.com/foxboron/go-uefi v0.0.0-20240522180132-205d5597883a/go.mod h1:ffg/fkDeOYicEQLoO2yFFGt00KUTYVXI+rfnc8il6vQ= github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI= github.com/foxcpp/go-mockdns v1.0.0/go.mod h1:lgRN6+KxQBawyIghpnl5CezHFGS9VLzvtVlwxvzXTQ4= github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= @@ -340,8 +340,8 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= -github.com/go-playground/validator/v10 v10.20.0 h1:K9ISHbSaI0lyB2eWMPJo+kOS/FBExVwjEviJTixqxL8= -github.com/go-playground/validator/v10 v10.20.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM= +github.com/go-playground/validator/v10 v10.22.0 h1:k6HsTZ0sTnROkhS//R0O+55JgM8C4Bx7ia+JlgcnOao= +github.com/go-playground/validator/v10 v10.22.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM= github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y= @@ -414,8 +414,8 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-configfs-tsm v0.2.2 h1:YnJ9rXIOj5BYD7/0DNnzs8AOp7UcvjfTvt215EWcs98= github.com/google/go-configfs-tsm v0.2.2/go.mod h1:EL1GTDFMb5PZQWDviGfZV9n87WeGTR/JUg13RfwkgRo= -github.com/google/go-containerregistry v0.19.0 h1:uIsMRBV7m/HDkDxE/nXMnv1q+lOOSPlQ/ywc5JbB8Ic= -github.com/google/go-containerregistry v0.19.0/go.mod h1:u0qB2l7mvtWVR5kNcbFIhFY1hLbf8eeGapA+vbFDCtQ= +github.com/google/go-containerregistry v0.19.1 h1:yMQ62Al6/V0Z7CqIrrS1iYoA5/oQCm88DeNujc7C1KY= +github.com/google/go-containerregistry v0.19.1/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= github.com/google/go-sev-guest v0.11.1 h1:gnww4U8fHV5DCPz4gykr1s8SEX1fFNcxCBy+vvXN24k= github.com/google/go-sev-guest v0.11.1/go.mod h1:qBOfb+JmgsUI3aUyzQoGC13Kpp9zwLeWvuyXmA9q77w= github.com/google/go-tdx-guest v0.3.1 h1:gl0KvjdsD4RrJzyLefDOvFOUH3NAJri/3qvaL5m83Iw= @@ -431,8 +431,8 @@ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/logger v1.1.1 h1:+6Z2geNxc9G+4D4oDO9njjjn2d0wN5d7uOo0vOIW1NQ= github.com/google/logger v1.1.1/go.mod h1:BkeJZ+1FhQ+/d087r4dzojEg1u2ZX+ZqG1jTUrLM+zQ= -github.com/google/martian/v3 v3.3.2 h1:IqNFLAmvJOgVlpdEBiQbDc2EwKW77amAycfTuWKdfvw= -github.com/google/martian/v3 v3.3.2/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= +github.com/google/martian/v3 v3.3.3 h1:DIhPTQrbPkgs2yJYdXU/eNACCG5DVQjySNRNlflZ9Fc= +github.com/google/martian/v3 v3.3.3/go.mod h1:iEPrYcgCF7jA9OtScMFQyAlZZ4YXTKEtJ1E6RWzmBA0= github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= @@ -446,11 +446,11 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs= github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= -github.com/googleapis/gax-go/v2 v2.12.4 h1:9gWcmF85Wvq4ryPFvGFaOgPIs1AQX0d0bcbGw4Z96qg= -github.com/googleapis/gax-go/v2 v2.12.4/go.mod h1:KYEYLorsnIGDi/rPC8b5TdlB9kbKoFubselGIoBMCwI= +github.com/googleapis/gax-go/v2 v2.12.5 h1:8gw9KZK8TiVKB6q3zHY3SBzLnrGp6HQjyfYBYGmXdxA= +github.com/googleapis/gax-go/v2 v2.12.5/go.mod h1:BUDKcWo+RaKq5SC9vVYL0wLADa3VcfswbOMMRmB9H3E= github.com/gophercloud/gophercloud v1.3.0/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM= -github.com/gophercloud/gophercloud v1.11.0 h1:ls0O747DIq1D8SUHc7r2vI8BFbMLeLFuENaAIfEx7OM= -github.com/gophercloud/gophercloud v1.11.0/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM= +github.com/gophercloud/gophercloud v1.12.0 h1:Jrz16vPAL93l80q16fp8NplrTCp93y7rZh2P3Q4Yq7g= +github.com/gophercloud/gophercloud v1.12.0/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM= github.com/gophercloud/utils v0.0.0-20231010081019-80377eca5d56 h1:sH7xkTfYzxIEgzq1tDHIMKRh1vThOEOGNsettdEeLbE= github.com/gophercloud/utils v0.0.0-20231010081019-80377eca5d56/go.mod h1:VSalo4adEk+3sNkmVJLnhHoOyOYYS8sTWLG4mv5BKto= github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4= @@ -481,8 +481,8 @@ github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 h1:1/D3zfFHttUK github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320/go.mod h1:EiZBMaudVLy8fmjf9Npq1dq9RalhveqZG5w/yz3mHWs= github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= -github.com/hashicorp/go-hclog v1.6.2 h1:NOtoftovWkDheyUM/8JW3QMiXyxJK3uHRK7wV04nD2I= -github.com/hashicorp/go-hclog v1.6.2/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= +github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= +github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-kms-wrapping/v2 v2.0.16 h1:WZeXfD26QMWYC35at25KgE021SF9L3u9UMHK8fJAdV0= github.com/hashicorp/go-kms-wrapping/v2 v2.0.16/go.mod h1:ZiKZctjRTLEppuRwrttWkp71VYMbTTCkazK4xT7U/NQ= github.com/hashicorp/go-kms-wrapping/wrappers/awskms/v2 v2.0.9 h1:qdxeZvDMRGZ3YSE4Oz0Pp7WUSUn5S6cWZguEOkEVL50= @@ -502,22 +502,22 @@ github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6/go.mod h1:MpCPSPGLDILGb4JMm github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= -github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY= +github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc= github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= -github.com/hashicorp/hc-install v0.6.4 h1:QLqlM56/+SIIGvGcfFiwMY3z5WGXT066suo/v9Km8e0= -github.com/hashicorp/hc-install v0.6.4/go.mod h1:05LWLy8TD842OtgcfBbOT0WMoInBMUSHjmDx10zuBIA= -github.com/hashicorp/hcl/v2 v2.20.1 h1:M6hgdyz7HYt1UN9e61j+qKJBqR3orTWbI1HKBJEdxtc= -github.com/hashicorp/hcl/v2 v2.20.1/go.mod h1:TZDqQ4kNKCbh1iJp99FdPiUaVDDUPivbqxZulxDYqL4= +github.com/hashicorp/hc-install v0.7.0 h1:Uu9edVqjKQxxuD28mR5TikkKDd/p55S8vzPC1659aBk= +github.com/hashicorp/hc-install v0.7.0/go.mod h1:ELmmzZlGnEcqoUMKUuykHaPCIR1sYLYX+KSggWSKZuA= +github.com/hashicorp/hcl/v2 v2.21.0 h1:lve4q/o/2rqwYOgUg3y3V2YPyD1/zkCLGjIV74Jit14= +github.com/hashicorp/hcl/v2 v2.21.0/go.mod h1:62ZYHrXgPoX8xBnzl8QzbWq4dyDsDtfCRgIq1rbJEvA= github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= -github.com/hashicorp/terraform-exec v0.20.0 h1:DIZnPsqzPGuUnq6cH8jWcPunBfY+C+M8JyYF3vpnuEo= -github.com/hashicorp/terraform-exec v0.20.0/go.mod h1:ckKGkJWbsNqFKV1itgMnE0hY9IYf1HoiekpuN0eWoDw= -github.com/hashicorp/terraform-json v0.21.0 h1:9NQxbLNqPbEMze+S6+YluEdXgJmhQykRyRNd+zTI05U= -github.com/hashicorp/terraform-json v0.21.0/go.mod h1:qdeBs11ovMzo5puhrRibdD6d2Dq6TyE/28JiU4tIQxk= -github.com/hashicorp/terraform-plugin-framework v1.8.0 h1:P07qy8RKLcoBkCrY2RHJer5AEvJnDuXomBgou6fD8kI= -github.com/hashicorp/terraform-plugin-framework v1.8.0/go.mod h1:/CpTukO88PcL/62noU7cuyaSJ4Rsim+A/pa+3rUVufY= +github.com/hashicorp/terraform-exec v0.21.0 h1:uNkLAe95ey5Uux6KJdua6+cv8asgILFVWkd/RG0D2XQ= +github.com/hashicorp/terraform-exec v0.21.0/go.mod h1:1PPeMYou+KDUSSeRE9szMZ/oHf4fYUmB923Wzbq1ICg= +github.com/hashicorp/terraform-json v0.22.1 h1:xft84GZR0QzjPVWs4lRUwvTcPnegqlyS7orfb5Ltvec= +github.com/hashicorp/terraform-json v0.22.1/go.mod h1:JbWSQCLFSXFFhg42T7l9iJwdGXBYV8fmmD6o/ML4p3A= +github.com/hashicorp/terraform-plugin-framework v1.9.0 h1:caLcDoxiRucNi2hk8+j3kJwkKfvHznubyFsJMWfZqKU= +github.com/hashicorp/terraform-plugin-framework v1.9.0/go.mod h1:qBXLDn69kM97NNVi/MQ9qgd1uWWsVftGSnygYG1tImM= github.com/hashicorp/terraform-plugin-framework-validators v0.12.0 h1:HOjBuMbOEzl7snOdOoUfE2Jgeto6JOjLVQ39Ls2nksc= github.com/hashicorp/terraform-plugin-framework-validators v0.12.0/go.mod h1:jfHGE/gzjxYz6XoUwi/aYiiKrJDeutQNUtGQXkaHklg= github.com/hashicorp/terraform-plugin-go v0.23.0 h1:AALVuU1gD1kPb48aPQUjug9Ir/125t+AAurhqphJ2Co= @@ -526,8 +526,8 @@ github.com/hashicorp/terraform-plugin-log v0.9.0 h1:i7hOA+vdAItN1/7UrfBqBwvYPQ9T github.com/hashicorp/terraform-plugin-log v0.9.0/go.mod h1:rKL8egZQ/eXSyDqzLUuwUYLVdlYeamldAHSxjUFADow= github.com/hashicorp/terraform-plugin-sdk/v2 v2.33.0 h1:qHprzXy/As0rxedphECBEQAh3R4yp6pKksKHcqZx5G8= github.com/hashicorp/terraform-plugin-sdk/v2 v2.33.0/go.mod h1:H+8tjs9TjV2w57QFVSMBQacf8k/E1XwLXGCARgViC6A= -github.com/hashicorp/terraform-plugin-testing v1.7.0 h1:I6aeCyZ30z4NiI3tzyDoO6fS7YxP5xSL1ceOon3gTe8= -github.com/hashicorp/terraform-plugin-testing v1.7.0/go.mod h1:sbAreCleJNOCz+y5vVHV8EJkIWZKi/t4ndKiUjM9vao= +github.com/hashicorp/terraform-plugin-testing v1.8.0 h1:wdYIgwDk4iO933gC4S8KbKdnMQShu6BXuZQPScmHvpk= +github.com/hashicorp/terraform-plugin-testing v1.8.0/go.mod h1:o2kOgf18ADUaZGhtOl0YCkfIxg01MAiMATT2EtIHlZk= github.com/hashicorp/terraform-registry-address v0.2.3 h1:2TAiKJ1A3MAkZlH1YI/aTVcLZRu7JseiXNRHbOAyoTI= github.com/hashicorp/terraform-registry-address v0.2.3/go.mod h1:lFHA76T8jfQteVfT7caREqguFrW3c4MFSPhZB7HHgUM= github.com/hashicorp/terraform-svchost v0.1.1 h1:EZZimZ1GxdqFRinZ1tpJwVxxt49xc/S52uzrw4x0jKQ= @@ -575,8 +575,8 @@ github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.17.4 h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4= -github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= +github.com/klauspost/compress v1.17.8 h1:YcnTYrq7MikUT7k0Yb5eceMmALQPYBW/Xltxn0NAMnU= +github.com/klauspost/compress v1.17.8/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= @@ -679,10 +679,10 @@ github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw= github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= -github.com/olareg/olareg v0.0.0-20240323210534-20ec9e4f6dd4 h1:1I7mTStFqh+DqPG9rRjEhEallPi2MQg2uACGImFGS1Q= -github.com/olareg/olareg v0.0.0-20240323210534-20ec9e4f6dd4/go.mod h1:RBuU7JW7SoIIxZKzLRhq8sVtQeAHzCAtRrXEBx2KlM4= -github.com/onsi/ginkgo/v2 v2.17.3 h1:oJcvKpIb7/8uLpDDtnQuf18xVnwKp8DTD7DQ6gTd/MU= -github.com/onsi/ginkgo/v2 v2.17.3/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc= +github.com/olareg/olareg v0.1.0 h1:1dXBOgPrig5N7zoXyIZVQqU0QBo6sD9pbL6UYjY75CA= +github.com/olareg/olareg v0.1.0/go.mod h1:RBuU7JW7SoIIxZKzLRhq8sVtQeAHzCAtRrXEBx2KlM4= +github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA= +github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= @@ -727,8 +727,8 @@ github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsT github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= -github.com/regclient/regclient v0.6.0 h1:P+8L9fdOTCo6S6O0/vE/C47csVY5UW5CMEzVwENVbWA= -github.com/regclient/regclient v0.6.0/go.mod h1:ofqAoAhp8T8us4pXT2acvmpUnqjfEdXt3y3b9YunqGo= +github.com/regclient/regclient v0.6.1 h1:4PxrGxMXrLpPrSaet8QZl568CVOolyHyukLL9UyogoU= +github.com/regclient/regclient v0.6.1/go.mod h1:hCKbRHYMx6LJntAhXzWVV7Oxyn9DzNVJoOKJaSnU5BM= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= @@ -741,14 +741,14 @@ github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/samber/lo v1.38.1 h1:j2XEAqXKb09Am4ebOg31SpvzUTTs6EN3VfgeLUhPdXM= github.com/samber/lo v1.38.1/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA= -github.com/samber/slog-multi v1.0.2 h1:6BVH9uHGAsiGkbbtQgAOQJMpKgV8unMrHhhJaw+X1EQ= -github.com/samber/slog-multi v1.0.2/go.mod h1:uLAvHpGqbYgX4FSL0p1ZwoLuveIAJvBECtE07XmYvFo= +github.com/samber/slog-multi v1.1.0 h1:m5wfpXE8Qu2gCiR/JnhFGsLcWDOmTxnso32EMffVAY0= +github.com/samber/slog-multi v1.1.0/go.mod h1:uLAvHpGqbYgX4FSL0p1ZwoLuveIAJvBECtE07XmYvFo= github.com/sassoftware/relic v7.2.1+incompatible h1:Pwyh1F3I0r4clFJXkSI8bOyJINGqpgjJU3DYAZeI05A= github.com/sassoftware/relic v7.2.1+incompatible/go.mod h1:CWfAxv73/iLZ17rbyhIEq3K9hs5w6FpNMdUT//qR+zk= github.com/sassoftware/relic/v7 v7.6.2 h1:rS44Lbv9G9eXsukknS4mSjIAuuX+lMq/FnStgmZlUv4= github.com/sassoftware/relic/v7 v7.6.2/go.mod h1:kjmP0IBVkJZ6gXeAu35/KCEfca//+PKM6vTAsyDPY+k= -github.com/schollz/progressbar/v3 v3.14.2 h1:EducH6uNLIWsr560zSV1KrTeUb/wZGAHqyMFIEa99ks= -github.com/schollz/progressbar/v3 v3.14.2/go.mod h1:aQAZQnhF4JGFtRJiw/eobaXpsqpVQAftEQ+hLGXaRc4= +github.com/schollz/progressbar/v3 v3.14.4 h1:W9ZrDSJk7eqmQhd3uxFNNcTr0QL+xuGNI9dEMrw0r74= +github.com/schollz/progressbar/v3 v3.14.4/go.mod h1:aT3UQ7yGm+2ZjeXPqsjTenwL3ddUiuZ0kfQ/2tHlyNI= github.com/secure-systems-lab/go-securesystemslib v0.8.0 h1:mr5An6X45Kb2nddcFlbmfHkLguCE9laoZCUzEEpIZXA= github.com/secure-systems-lab/go-securesystemslib v0.8.0/go.mod h1:UH2VZVuJfCYR8WgMlCU1uFsOUU+KeyrTWcSS73NBOzU= github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= @@ -756,12 +756,12 @@ github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8= github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= -github.com/siderolabs/talos/pkg/machinery v1.7.1 h1:sVFQ0lNE6+kOomSZA8iuktzG1A4zSW9KTsB2TLaTPsU= -github.com/siderolabs/talos/pkg/machinery v1.7.1/go.mod h1:YBl9KDCD45Uc7N0rXBY1JqovUn1n46ekUPSNbEVZzQU= +github.com/siderolabs/talos/pkg/machinery v1.7.4 h1:/LP1m7iIzpuTuiG+0aWJpJCdrC4K48btT+CgLXYjUqk= +github.com/siderolabs/talos/pkg/machinery v1.7.4/go.mod h1:85iUG7/XS654ki2Rkk7kTEU8YsnNhj6vAr7TnpbOebk= github.com/sigstore/rekor v1.3.6 h1:QvpMMJVWAp69a3CHzdrLelqEqpTM3ByQRt5B5Kspbi8= github.com/sigstore/rekor v1.3.6/go.mod h1:JDTSNNMdQ/PxdsS49DJkJ+pRJCO/83nbR5p3aZQteXc= -github.com/sigstore/sigstore v1.8.3 h1:G7LVXqL+ekgYtYdksBks9B38dPoIsbscjQJX/MGWkA4= -github.com/sigstore/sigstore v1.8.3/go.mod h1:mqbTEariiGA94cn6G3xnDiV6BD8eSLdL/eA7bvJ0fVs= +github.com/sigstore/sigstore v1.8.4 h1:g4ICNpiENFnWxjmBzBDWUn62rNFeny/P77HUC8da32w= +github.com/sigstore/sigstore v1.8.4/go.mod h1:1jIKtkTFEeISen7en+ZPWdDHazqhxco/+v9CNjc7oNg= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= @@ -772,8 +772,8 @@ github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNo github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0= github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= -github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= -github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= +github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= +github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -795,14 +795,14 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/theupdateframework/go-tuf v0.7.0 h1:CqbQFrWo1ae3/I0UCblSbczevCCbS31Qvs5LdxRWqRI= github.com/theupdateframework/go-tuf v0.7.0/go.mod h1:uEB7WSY+7ZIugK6R1hiBMBjQftaFzn7ZCDJcp1tCUug= -github.com/tink-crypto/tink-go/v2 v2.1.0 h1:QXFBguwMwTIaU17EgZpEJWsUSc60b1BAGTzBIoMdmok= -github.com/tink-crypto/tink-go/v2 v2.1.0/go.mod h1:y1TnYFt1i2eZVfx4OGc+C+EMp4CoKWAw2VSEuoicHHI= +github.com/tink-crypto/tink-go/v2 v2.2.0 h1:L2Da0F2Udh2agtKztdr69mV/KpnY3/lGTkMgLTVIXlA= +github.com/tink-crypto/tink-go/v2 v2.2.0/go.mod h1:JJ6PomeNPF3cJpfWC0lgyTES6zpJILkAX0cJNwlS3xU= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs= github.com/transparency-dev/merkle v0.0.2 h1:Q9nBoQcZcgPamMkGn7ghV8XiTZ/kRxn1yCG81+twTK4= github.com/transparency-dev/merkle v0.0.2/go.mod h1:pqSy+OXefQ1EDUVmAJ8MUhHB9TXGuzVAT58PqBoHz1A= -github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8= -github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= +github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc= +github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/vincent-petithory/dataurl v1.0.0 h1:cXw+kPto8NLuJtlMsI152irrVw9fRDX8AbShPRpg2CI= github.com/vincent-petithory/dataurl v1.0.0/go.mod h1:FHafX5vmDzyP+1CQATJn7WFKc9CvnvxyvZy6I1MrG/U= github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= @@ -836,16 +836,16 @@ github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg= github.com/zalando/go-keyring v0.2.3 h1:v9CUu9phlABObO4LPWycf+zwMG7nlbb3t/B5wa97yms= github.com/zalando/go-keyring v0.2.3/go.mod h1:HL4k+OXQfJUWaMnqyuSOc0drfGPX2b51Du6K+MRgZMk= -github.com/zclconf/go-cty v1.14.3 h1:1JXy1XroaGrzZuG6X9dt7HL6s9AwbY+l4UNL8o5B6ho= -github.com/zclconf/go-cty v1.14.3/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= -github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b h1:FosyBZYxY34Wul7O/MSKey3txpPYyCqVO5ZyceuQJEI= -github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8= -go.etcd.io/etcd/api/v3 v3.5.13 h1:8WXU2/NBge6AUF1K1gOexB6e07NgsN1hXK0rSTtgSp4= -go.etcd.io/etcd/api/v3 v3.5.13/go.mod h1:gBqlqkcMMZMVTMm4NDZloEVJzxQOQIls8splbqBDa0c= -go.etcd.io/etcd/client/pkg/v3 v3.5.13 h1:RVZSAnWWWiI5IrYAXjQorajncORbS0zI48LQlE2kQWg= -go.etcd.io/etcd/client/pkg/v3 v3.5.13/go.mod h1:XxHT4u1qU12E2+po+UVPrEeL94Um6zL58ppuJWXSAB8= -go.etcd.io/etcd/client/v3 v3.5.13 h1:o0fHTNJLeO0MyVbc7I3fsCf6nrOqn5d+diSarKnB2js= -go.etcd.io/etcd/client/v3 v3.5.13/go.mod h1:cqiAeY8b5DEEcpxvgWKsbLIWNM/8Wy2xJSDMtioMcoI= +github.com/zclconf/go-cty v1.14.4 h1:uXXczd9QDGsgu0i/QFR/hzI5NYCHLf6NQw/atrbnhq8= +github.com/zclconf/go-cty v1.14.4/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= +github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940 h1:4r45xpDWB6ZMSMNJFMOjqrGHynW3DIBuR2H9j0ug+Mo= +github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940/go.mod h1:CmBdvvj3nqzfzJ6nTCIwDTPZ56aVGvDrmztiO5g3qrM= +go.etcd.io/etcd/api/v3 v3.5.14 h1:vHObSCxyB9zlF60w7qzAdTcGaglbJOpSj1Xj9+WGxq0= +go.etcd.io/etcd/api/v3 v3.5.14/go.mod h1:BmtWcRlQvwa1h3G2jvKYwIQy4PkHlDej5t7uLMUdJUU= +go.etcd.io/etcd/client/pkg/v3 v3.5.14 h1:SaNH6Y+rVEdxfpA2Jr5wkEvN6Zykme5+YnbCkxvuWxQ= +go.etcd.io/etcd/client/pkg/v3 v3.5.14/go.mod h1:8uMgAokyG1czCtIdsq+AGyYQMvpIKnSvPjFMunkgeZI= +go.etcd.io/etcd/client/v3 v3.5.14 h1:CWfRs4FDaDoSz81giL7zPpZH2Z35tbOrAJkkjMqOupg= +go.etcd.io/etcd/client/v3 v3.5.14/go.mod h1:k3XfdV/VIHy/97rqWjoUzrj9tk7GgJGH9J8L4dNXmAk= go.mongodb.org/mongo-driver v1.14.0 h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd80= go.mongodb.org/mongo-driver v1.14.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c= go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1 h1:A/5uWzF44DlIgdm/PQFwfMkW0JX+cIcQi/SwLAmZP5M= @@ -892,8 +892,8 @@ golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDf golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM= -golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= +golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 h1:yixxcjnhBmY0nkL253HFVIm0JsFHwrHdT3Yh6szTnfY= +golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= @@ -901,8 +901,8 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= -golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0= +golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -924,8 +924,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= -golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= +golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -966,6 +966,7 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -975,6 +976,7 @@ golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1001,8 +1003,8 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= -golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA= +golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1011,8 +1013,8 @@ golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 h1:+cNy6SZtPcJQH3LJVLOSm golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/api v0.180.0 h1:M2D87Yo0rGBPWpo1orwfCLehUUL6E7/TYe5gvMQWDh4= -google.golang.org/api v0.180.0/go.mod h1:51AiyoEg1MJPSZ9zvklA8VnRILPXxn1iVen9v25XHAE= +google.golang.org/api v0.185.0 h1:ENEKk1k4jW8SmmaT6RE+ZasxmxezCrD5Vw4npvr+pAU= +google.golang.org/api v0.185.0/go.mod h1:HNfvIkJGlgrIlrbYkAm9W9IdkmKZjOTVh33YltygGbg= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= @@ -1020,19 +1022,19 @@ google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJ google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda h1:wu/KJm9KJwpfHWhkkZGohVC6KRrc1oJNr4jwtQMOQXw= -google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda/go.mod h1:g2LLCvCeCSir/JJSWosk19BR4NVxGqHUC6rxIRsd7Aw= -google.golang.org/genproto/googleapis/api v0.0.0-20240506185236-b8a5c65736ae h1:AH34z6WAGVNkllnKs5raNq3yRq93VnjBG6rpfub/jYk= -google.golang.org/genproto/googleapis/api v0.0.0-20240506185236-b8a5c65736ae/go.mod h1:FfiGhwUm6CJviekPrc0oJ+7h29e+DmWU6UtjX0ZvI7Y= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6 h1:DujSIu+2tC9Ht0aPNA7jgj23Iq8Ewi5sgkQ++wdvonE= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY= +google.golang.org/genproto v0.0.0-20240617180043-68d350f18fd4 h1:CUiCqkPw1nNrNQzCCG4WA65m0nAmQiwXHpub3dNyruU= +google.golang.org/genproto v0.0.0-20240617180043-68d350f18fd4/go.mod h1:EvuUDCulqGgV80RvP1BHuom+smhX4qtlhnNatHuroGQ= +google.golang.org/genproto/googleapis/api v0.0.0-20240610135401-a8a62080eff3 h1:QW9+G6Fir4VcRXVH8x3LilNAb6cxBGLa6+GM4hRwexE= +google.golang.org/genproto/googleapis/api v0.0.0-20240610135401-a8a62080eff3/go.mod h1:kdrSS/OiLkPrNUpzD4aHgCq2rVuC/YRxok32HXZ4vRE= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4 h1:Di6ANFilr+S60a4S61ZM00vLdw0IrQOSMS2/6mrnOU0= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.63.2 h1:MUeiw1B2maTVZthpU5xvASfTh3LDbxHd6IJ6QQVU+xM= -google.golang.org/grpc v1.63.2/go.mod h1:WAX/8DgncnokcFUldAxq7GeB5DXHDbMF+lLvDomNkRA= +google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY= +google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -1044,8 +1046,8 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= -google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= +google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -1071,46 +1073,46 @@ gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o= gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= helm.sh/helm v2.17.0+incompatible h1:cSe3FaQOpRWLDXvTObQNj0P7WI98IG5yloU6tQVls2k= helm.sh/helm v2.17.0+incompatible/go.mod h1:0Xbc6ErzwWH9qC55X1+hE3ZwhM3atbhCm/NbFZw5i+4= -helm.sh/helm/v3 v3.14.4 h1:6FSpEfqyDalHq3kUr4gOMThhgY55kXUEjdQoyODYnrM= -helm.sh/helm/v3 v3.14.4/go.mod h1:Tje7LL4gprZpuBNTbG34d1Xn5NmRT3OWfBRwpOSer9I= +helm.sh/helm/v3 v3.15.2 h1:/3XINUFinJOBjQplGnjw92eLGpgXXp1L8chWPkCkDuw= +helm.sh/helm/v3 v3.15.2/go.mod h1:FzSIP8jDQaa6WAVg9F+OkKz7J0ZmAga4MABtTbsb9WQ= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA= -k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE= -k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs= -k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y= -k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA= -k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= -k8s.io/apiserver v0.30.0 h1:QCec+U72tMQ+9tR6A0sMBB5Vh6ImCEkoKkTDRABWq6M= -k8s.io/apiserver v0.30.0/go.mod h1:smOIBq8t0MbKZi7O7SyIpjPsiKJ8qa+llcFCluKyqiY= -k8s.io/cli-runtime v0.29.0 h1:q2kC3cex4rOBLfPOnMSzV2BIrrQlx97gxHJs21KxKS4= -k8s.io/cli-runtime v0.29.0/go.mod h1:VKudXp3X7wR45L+nER85YUzOQIru28HQpXr0mTdeCrk= -k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= -k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= -k8s.io/cluster-bootstrap v0.30.0 h1:vaIjA1eMFpcLYz+p6NMj75aqiauDahFx9EkuTxc0GMI= -k8s.io/cluster-bootstrap v0.30.0/go.mod h1:/ceTq+EC/aOrQk27mfmFW/iOeQDqzKg6vYWIBFNHSAE= -k8s.io/component-base v0.30.0 h1:cj6bp38g0ainlfYtaOQuRELh5KSYjhKxM+io7AUIk4o= -k8s.io/component-base v0.30.0/go.mod h1:V9x/0ePFNaKeKYA3bOvIbrNoluTSG+fSJKjLdjOoeXQ= +k8s.io/api v0.30.2 h1:+ZhRj+28QT4UOH+BKznu4CBgPWgkXO7XAvMcMl0qKvI= +k8s.io/api v0.30.2/go.mod h1:ULg5g9JvOev2dG0u2hig4Z7tQ2hHIuS+m8MNZ+X6EmI= +k8s.io/apiextensions-apiserver v0.30.2 h1:l7Eue2t6QiLHErfn2vwK4KgF4NeDgjQkCXtEbOocKIE= +k8s.io/apiextensions-apiserver v0.30.2/go.mod h1:lsJFLYyK40iguuinsb3nt+Sj6CmodSI4ACDLep1rgjw= +k8s.io/apimachinery v0.30.2 h1:fEMcnBj6qkzzPGSVsAZtQThU62SmQ4ZymlXRC5yFSCg= +k8s.io/apimachinery v0.30.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/apiserver v0.30.2 h1:ACouHiYl1yFI2VFI3YGM+lvxgy6ir4yK2oLOsLI1/tw= +k8s.io/apiserver v0.30.2/go.mod h1:BOTdFBIch9Sv0ypSEcUR6ew/NUFGocRFNl72Ra7wTm8= +k8s.io/cli-runtime v0.30.0 h1:0vn6/XhOvn1RJ2KJOC6IRR2CGqrpT6QQF4+8pYpWQ48= +k8s.io/cli-runtime v0.30.0/go.mod h1:vATpDMATVTMA79sZ0YUCzlMelf6rUjoBzlp+RnoM+cg= +k8s.io/client-go v0.30.2 h1:sBIVJdojUNPDU/jObC+18tXWcTJVcwyqS9diGdWHk50= +k8s.io/client-go v0.30.2/go.mod h1:JglKSWULm9xlJLx4KCkfLLQ7XwtlbflV6uFFSHTMgVs= +k8s.io/cluster-bootstrap v0.30.2 h1:9PQ5phjWTxmPFKPEzTG6QJzPaUIfuW2RqcHDME5gqPg= +k8s.io/cluster-bootstrap v0.30.2/go.mod h1:dvzAgNVmwRfZ0BzHI/WTvzqlzmNH7w21mdnahEq61KY= +k8s.io/component-base v0.30.2 h1:pqGBczYoW1sno8q9ObExUqrYSKhtE5rW3y6gX88GZII= +k8s.io/component-base v0.30.2/go.mod h1:yQLkQDrkK8J6NtP+MGJOws+/PPeEXNpwFixsUI7h/OE= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= -k8s.io/kubectl v0.29.0 h1:Oqi48gXjikDhrBF67AYuZRTcJV4lg2l42GmvsP7FmYI= -k8s.io/kubectl v0.29.0/go.mod h1:0jMjGWIcMIQzmUaMgAzhSELv5WtHo2a8pq67DtviAJs= -k8s.io/kubelet v0.30.0 h1:/pqHVR2Rn8ExCpn211wL3pMtqRFpcBcJPl4+1INbIMk= -k8s.io/kubelet v0.30.0/go.mod h1:WukdKqbQxnj+csn3K8XOKeX7Sh60J/da25IILjvvB5s= -k8s.io/kubernetes v1.30.0 h1:u3Yw8rNlo2NDSGaDpoxoHXLPQnEu1tfqHATKOJe94HY= -k8s.io/kubernetes v1.30.0/go.mod h1:yPbIk3MhmhGigX62FLJm+CphNtjxqCvAIFQXup6RKS0= -k8s.io/mount-utils v0.30.0 h1:EceYTNYVabfpdtIAHC4KgMzoZkm1B8ovZ1J666mYZQI= -k8s.io/mount-utils v0.30.0/go.mod h1:9sCVmwGLcV1MPvbZ+rToMDnl1QcGozy+jBPd0MsQLIo= +k8s.io/kubectl v0.30.0 h1:xbPvzagbJ6RNYVMVuiHArC1grrV5vSmmIcSZuCdzRyk= +k8s.io/kubectl v0.30.0/go.mod h1:zgolRw2MQXLPwmic2l/+iHs239L49fhSeICuMhQQXTI= +k8s.io/kubelet v0.30.2 h1:Ck4E/pHndI20IzDXxS57dElhDGASPO5pzXF7BcKfmCY= +k8s.io/kubelet v0.30.2/go.mod h1:DSwwTbLQmdNkebAU7ypIALR4P9aXZNFwgRmedojUE94= +k8s.io/kubernetes v1.30.2 h1:11WhS78OYX/lnSy6TXxPO6Hk+E5K9ZNrEsk9JgMSX8I= +k8s.io/kubernetes v1.30.2/go.mod h1:yPbIk3MhmhGigX62FLJm+CphNtjxqCvAIFQXup6RKS0= +k8s.io/mount-utils v0.30.2 h1:2KDVY9hXyDyRw9EO4lmox4+Nn5atVOq+4ffZ/br2aAU= +k8s.io/mount-utils v0.30.2/go.mod h1:9sCVmwGLcV1MPvbZ+rToMDnl1QcGozy+jBPd0MsQLIo= k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= libvirt.org/go/libvirt v1.10003.0 h1:LEoawzuggD6IL5R/XtnBE8wWJx49i7UZ1HcB7p9glwE= libvirt.org/go/libvirt v1.10003.0/go.mod h1:1WiFE8EjZfq+FCVog+rvr1yatKbKZ9FaFMZgEqxEJqQ= oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo= oras.land/oras-go v1.2.5/go.mod h1:PuAwRShRZCsZb7g8Ar3jKKQR/2A/qN+pkYxIOd/FAoo= -sigs.k8s.io/controller-runtime v0.18.2 h1:RqVW6Kpeaji67CY5nPEfRz6ZfFMk0lWQlNrLqlNpx+Q= -sigs.k8s.io/controller-runtime v0.18.2/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= +sigs.k8s.io/controller-runtime v0.18.4 h1:87+guW1zhvuPLh1PHybKdYFLU0YJp4FhJRmiHvm5BZw= +sigs.k8s.io/controller-runtime v0.18.4/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 h1:XX3Ajgzov2RKUdc5jW3t5jwY7Bo7dcRm+tFxT+NfgY0= diff --git a/hack/tools/go.mod b/hack/tools/go.mod index 4c70062d1..539665516 100644 --- a/hack/tools/go.mod +++ b/hack/tools/go.mod @@ -6,8 +6,8 @@ require ( github.com/google/go-licenses v1.6.0 github.com/google/keep-sorted v0.4.0 github.com/katexochen/sh/v3 v3.8.0 - golang.org/x/tools v0.21.0 - golang.org/x/vuln v1.1.0 + golang.org/x/tools v0.22.0 + golang.org/x/vuln v1.1.2 ) require ( @@ -35,14 +35,15 @@ require ( github.com/stretchr/testify v1.8.4 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect go.opencensus.io v0.24.0 // indirect - golang.org/x/crypto v0.23.0 // indirect + golang.org/x/crypto v0.24.0 // indirect golang.org/x/exp v0.0.0-20240213143201-ec583247a57a // indirect - golang.org/x/mod v0.17.0 // indirect - golang.org/x/net v0.25.0 // indirect + golang.org/x/mod v0.18.0 // indirect + golang.org/x/net v0.26.0 // indirect golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.20.0 // indirect - golang.org/x/term v0.20.0 // indirect - golang.org/x/text v0.15.0 // indirect + golang.org/x/sys v0.21.0 // indirect + golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7 // indirect + golang.org/x/term v0.21.0 // indirect + golang.org/x/text v0.16.0 // indirect google.golang.org/protobuf v1.33.0 // indirect gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect gopkg.in/src-d/go-billy.v4 v4.3.2 // indirect diff --git a/hack/tools/go.sum b/hack/tools/go.sum index f3c11d9f4..9a72bfc0d 100644 --- a/hack/tools/go.sum +++ b/hack/tools/go.sum @@ -343,8 +343,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= -golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= -golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= +golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= +golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -384,8 +384,8 @@ golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= -golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0= +golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -432,8 +432,8 @@ golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= +golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -542,14 +542,16 @@ golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7 h1:FemxDzfMUcK2f3YY4H+05K9CDzbSVr2+q/JKN45pey0= +golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= -golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= -golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= +golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= +golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -561,8 +563,8 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= -golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -621,10 +623,10 @@ golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k= -golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= -golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= -golang.org/x/vuln v1.1.0 h1:ECEdI+aEtjpF90eqEcDL5Q11DWSZAw5PJQWlp0+gWqc= -golang.org/x/vuln v1.1.0/go.mod h1:HT/Ar8fE34tbxWG2s7PYjVl+iIE4Er36/940Z+K540Y= +golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA= +golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c= +golang.org/x/vuln v1.1.2 h1:UkLxe+kAMcrNBpGrFbU0Mc5l7cX97P2nhy21wx5+Qbk= +golang.org/x/vuln v1.1.2/go.mod h1:2o3fRKD8Uz9AraAL3lwd/grWBv+t+SeJnPcqBUJrY24= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/internal/constellation/applyinit.go b/internal/constellation/applyinit.go index 9b34abf77..bfc7ac085 100644 --- a/internal/constellation/applyinit.go +++ b/internal/constellation/applyinit.go @@ -42,7 +42,7 @@ type InitPayload struct { // GrpcDialer dials a gRPC server. type GrpcDialer interface { - Dial(ctx context.Context, target string) (*grpc.ClientConn, error) + Dial(target string) (*grpc.ClientConn, error) } // Init performs the init RPC. @@ -173,7 +173,7 @@ func (d *initDoer) Do(ctx context.Context) error { } } - conn, err := d.dialer.Dial(ctx, d.endpoint) + conn, err := d.dialer.Dial(d.endpoint) if err != nil { d.log.Debug(fmt.Sprintf("Dialing init server failed: %q. Retrying...", err)) return fmt.Errorf("dialing init server: %w", err) diff --git a/internal/grpc/atlscredentials/atlscredentials_test.go b/internal/grpc/atlscredentials/atlscredentials_test.go index a9ddaa6ac..5753eb631 100644 --- a/internal/grpc/atlscredentials/atlscredentials_test.go +++ b/internal/grpc/atlscredentials/atlscredentials_test.go @@ -66,7 +66,7 @@ func TestATLSCredentials(t *testing.T) { go func() { var err error defer func() { errChan <- err }() - conn, err := grpc.DialContext(context.Background(), "", grpc.WithContextDialer(func(_ context.Context, _ string) (net.Conn, error) { + conn, err := grpc.NewClient("192.0.2.1", grpc.WithContextDialer(func(_ context.Context, _ string) (net.Conn, error) { return lis.Dial() }), grpc.WithTransportCredentials(clientCreds)) require.NoError(err) diff --git a/internal/grpc/dialer/dialer.go b/internal/grpc/dialer/dialer.go index 8c42f4041..44bf33d87 100644 --- a/internal/grpc/dialer/dialer.go +++ b/internal/grpc/dialer/dialer.go @@ -34,14 +34,14 @@ func New(issuer atls.Issuer, validator atls.Validator, netDialer NetDialer) *Dia } // Dial creates a new grpc client connection to the given target using the atls validator. -func (d *Dialer) Dial(ctx context.Context, target string) (*grpc.ClientConn, error) { +func (d *Dialer) Dial(target string) (*grpc.ClientConn, error) { var validators []atls.Validator if d.validator != nil { validators = append(validators, d.validator) } credentials := atlscredentials.New(d.issuer, validators) - return grpc.DialContext(ctx, target, + return grpc.NewClient(target, d.grpcWithDialer(), grpc.WithTransportCredentials(credentials), ) @@ -49,18 +49,18 @@ func (d *Dialer) Dial(ctx context.Context, target string) (*grpc.ClientConn, err // DialInsecure creates a new grpc client connection to the given target without using encryption or verification. // Only use this method when using another kind of encryption / verification (VPN, etc). -func (d *Dialer) DialInsecure(ctx context.Context, target string) (*grpc.ClientConn, error) { - return grpc.DialContext(ctx, target, +func (d *Dialer) DialInsecure(target string) (*grpc.ClientConn, error) { + return grpc.NewClient(target, d.grpcWithDialer(), grpc.WithTransportCredentials(insecure.NewCredentials()), ) } // DialNoVerify creates a new grpc client connection to the given target without verifying the server's attestation. -func (d *Dialer) DialNoVerify(ctx context.Context, target string) (*grpc.ClientConn, error) { +func (d *Dialer) DialNoVerify(target string) (*grpc.ClientConn, error) { credentials := atlscredentials.New(nil, nil) - return grpc.DialContext(ctx, target, + return grpc.NewClient(target, d.grpcWithDialer(), grpc.WithTransportCredentials(credentials), ) diff --git a/internal/grpc/dialer/dialer_test.go b/internal/grpc/dialer/dialer_test.go index c137ee727..6c93c64f9 100644 --- a/internal/grpc/dialer/dialer_test.go +++ b/internal/grpc/dialer/dialer_test.go @@ -28,42 +28,42 @@ func TestMain(m *testing.M) { func TestDial(t *testing.T) { testCases := map[string]struct { tls bool - dialFn func(dialer *Dialer, ctx context.Context, target string) (*grpc.ClientConn, error) + dialFn func(dialer *Dialer, target string) (*grpc.ClientConn, error) wantErr bool }{ "Dial with tls on server works": { tls: true, - dialFn: func(dialer *Dialer, ctx context.Context, target string) (*grpc.ClientConn, error) { - return dialer.Dial(ctx, target) + dialFn: func(dialer *Dialer, target string) (*grpc.ClientConn, error) { + return dialer.Dial(target) }, }, "Dial without tls on server fails": { - dialFn: func(dialer *Dialer, ctx context.Context, target string) (*grpc.ClientConn, error) { - return dialer.Dial(ctx, target) + dialFn: func(dialer *Dialer, target string) (*grpc.ClientConn, error) { + return dialer.Dial(target) }, wantErr: true, }, "DialNoVerify with tls on server works": { tls: true, - dialFn: func(dialer *Dialer, ctx context.Context, target string) (*grpc.ClientConn, error) { - return dialer.DialNoVerify(ctx, target) + dialFn: func(dialer *Dialer, target string) (*grpc.ClientConn, error) { + return dialer.DialNoVerify(target) }, }, "DialNoVerify without tls on server fails": { - dialFn: func(dialer *Dialer, ctx context.Context, target string) (*grpc.ClientConn, error) { - return dialer.DialNoVerify(ctx, target) + dialFn: func(dialer *Dialer, target string) (*grpc.ClientConn, error) { + return dialer.DialNoVerify(target) }, wantErr: true, }, "DialInsecure without tls on server works": { - dialFn: func(dialer *Dialer, ctx context.Context, target string) (*grpc.ClientConn, error) { - return dialer.DialInsecure(ctx, target) + dialFn: func(dialer *Dialer, target string) (*grpc.ClientConn, error) { + return dialer.DialInsecure(target) }, }, "DialInsecure with tls on server fails": { tls: true, - dialFn: func(dialer *Dialer, ctx context.Context, target string) (*grpc.ClientConn, error) { - return dialer.DialInsecure(ctx, target) + dialFn: func(dialer *Dialer, target string) (*grpc.ClientConn, error) { + return dialer.DialInsecure(target) }, wantErr: true, }, @@ -81,7 +81,7 @@ func TestDial(t *testing.T) { grpc_testing.RegisterTestServiceServer(server, api) go server.Serve(netDialer.GetListener("192.0.2.1:1234")) defer server.Stop() - conn, err := tc.dialFn(dialer, context.Background(), "192.0.2.1:1234") + conn, err := tc.dialFn(dialer, "192.0.2.1:1234") require.NoError(err) defer conn.Close() diff --git a/internal/versions/components/components.pb.go b/internal/versions/components/components.pb.go index 8d7872afb..2147ab236 100644 --- a/internal/versions/components/components.pb.go +++ b/internal/versions/components/components.pb.go @@ -1,6 +1,6 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.34.1 +// protoc-gen-go v1.34.2 // protoc v3.21.7 // source: internal/versions/components/components.proto @@ -125,7 +125,7 @@ func file_internal_versions_components_components_proto_rawDescGZIP() []byte { } var file_internal_versions_components_components_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_internal_versions_components_components_proto_goTypes = []interface{}{ +var file_internal_versions_components_components_proto_goTypes = []any{ (*Component)(nil), // 0: components.Component } var file_internal_versions_components_components_proto_depIdxs = []int32{ @@ -142,7 +142,7 @@ func file_internal_versions_components_components_proto_init() { return } if !protoimpl.UnsafeEnabled { - file_internal_versions_components_components_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + file_internal_versions_components_components_proto_msgTypes[0].Exporter = func(v any, i int) any { switch v := v.(*Component); i { case 0: return &v.state diff --git a/joinservice/internal/kms/kms.go b/joinservice/internal/kms/kms.go index a3a28147d..b6115f803 100644 --- a/joinservice/internal/kms/kms.go +++ b/joinservice/internal/kms/kms.go @@ -39,7 +39,7 @@ func (c Client) GetDataKey(ctx context.Context, keyID string, length int) ([]byt // the KMS does not use aTLS since traffic is only routed through the Constellation cluster // cluster internal connections are considered trustworthy log.Info(fmt.Sprintf("Connecting to KMS at %s", c.endpoint)) - conn, err := grpc.DialContext(ctx, c.endpoint, grpc.WithTransportCredentials(insecure.NewCredentials())) + conn, err := grpc.NewClient(c.endpoint, grpc.WithTransportCredentials(insecure.NewCredentials())) if err != nil { return nil, err } diff --git a/joinservice/joinproto/join.pb.go b/joinservice/joinproto/join.pb.go index 192e85d8e..00c5972cd 100644 --- a/joinservice/joinproto/join.pb.go +++ b/joinservice/joinproto/join.pb.go @@ -1,6 +1,6 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.34.1 +// protoc-gen-go v1.34.2 // protoc v3.21.7 // source: joinservice/joinproto/join.proto @@ -461,7 +461,7 @@ func file_joinservice_joinproto_join_proto_rawDescGZIP() []byte { } var file_joinservice_joinproto_join_proto_msgTypes = make([]protoimpl.MessageInfo, 5) -var file_joinservice_joinproto_join_proto_goTypes = []interface{}{ +var file_joinservice_joinproto_join_proto_goTypes = []any{ (*IssueJoinTicketRequest)(nil), // 0: join.IssueJoinTicketRequest (*IssueJoinTicketResponse)(nil), // 1: join.IssueJoinTicketResponse (*ControlPlaneCertOrKey)(nil), // 2: join.control_plane_cert_or_key @@ -489,7 +489,7 @@ func file_joinservice_joinproto_join_proto_init() { return } if !protoimpl.UnsafeEnabled { - file_joinservice_joinproto_join_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + file_joinservice_joinproto_join_proto_msgTypes[0].Exporter = func(v any, i int) any { switch v := v.(*IssueJoinTicketRequest); i { case 0: return &v.state @@ -501,7 +501,7 @@ func file_joinservice_joinproto_join_proto_init() { return nil } } - file_joinservice_joinproto_join_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + file_joinservice_joinproto_join_proto_msgTypes[1].Exporter = func(v any, i int) any { switch v := v.(*IssueJoinTicketResponse); i { case 0: return &v.state @@ -513,7 +513,7 @@ func file_joinservice_joinproto_join_proto_init() { return nil } } - file_joinservice_joinproto_join_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + file_joinservice_joinproto_join_proto_msgTypes[2].Exporter = func(v any, i int) any { switch v := v.(*ControlPlaneCertOrKey); i { case 0: return &v.state @@ -525,7 +525,7 @@ func file_joinservice_joinproto_join_proto_init() { return nil } } - file_joinservice_joinproto_join_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + file_joinservice_joinproto_join_proto_msgTypes[3].Exporter = func(v any, i int) any { switch v := v.(*IssueRejoinTicketRequest); i { case 0: return &v.state @@ -537,7 +537,7 @@ func file_joinservice_joinproto_join_proto_init() { return nil } } - file_joinservice_joinproto_join_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + file_joinservice_joinproto_join_proto_msgTypes[4].Exporter = func(v any, i int) any { switch v := v.(*IssueRejoinTicketResponse); i { case 0: return &v.state diff --git a/keyservice/keyserviceproto/keyservice.pb.go b/keyservice/keyserviceproto/keyservice.pb.go index 9dc0b8a21..90c2996d0 100644 --- a/keyservice/keyserviceproto/keyservice.pb.go +++ b/keyservice/keyserviceproto/keyservice.pb.go @@ -1,6 +1,6 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.34.1 +// protoc-gen-go v1.34.2 // protoc v3.21.7 // source: keyservice/keyserviceproto/keyservice.proto @@ -165,7 +165,7 @@ func file_keyservice_keyserviceproto_keyservice_proto_rawDescGZIP() []byte { } var file_keyservice_keyserviceproto_keyservice_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_keyservice_keyserviceproto_keyservice_proto_goTypes = []interface{}{ +var file_keyservice_keyserviceproto_keyservice_proto_goTypes = []any{ (*GetDataKeyRequest)(nil), // 0: kms.GetDataKeyRequest (*GetDataKeyResponse)(nil), // 1: kms.GetDataKeyResponse } @@ -185,7 +185,7 @@ func file_keyservice_keyserviceproto_keyservice_proto_init() { return } if !protoimpl.UnsafeEnabled { - file_keyservice_keyserviceproto_keyservice_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + file_keyservice_keyserviceproto_keyservice_proto_msgTypes[0].Exporter = func(v any, i int) any { switch v := v.(*GetDataKeyRequest); i { case 0: return &v.state @@ -197,7 +197,7 @@ func file_keyservice_keyserviceproto_keyservice_proto_init() { return nil } } - file_keyservice_keyserviceproto_keyservice_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + file_keyservice_keyserviceproto_keyservice_proto_msgTypes[1].Exporter = func(v any, i int) any { switch v := v.(*GetDataKeyResponse); i { case 0: return &v.state diff --git a/operators/constellation-node-operator/internal/upgrade/upgrade.go b/operators/constellation-node-operator/internal/upgrade/upgrade.go index 18813557c..615e92dac 100644 --- a/operators/constellation-node-operator/internal/upgrade/upgrade.go +++ b/operators/constellation-node-operator/internal/upgrade/upgrade.go @@ -33,7 +33,7 @@ func NewClient() *Client { // Upgrade upgrades the Constellation node to the given Kubernetes version. func (c *Client) Upgrade(ctx context.Context, kubernetesComponents components.Components, WantedKubernetesVersion string) error { - conn, err := grpc.DialContext(ctx, mainconstants.UpgradeAgentMountPath, grpc.WithTransportCredentials(insecure.NewCredentials()), + conn, err := grpc.NewClient(mainconstants.UpgradeAgentMountPath, grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithContextDialer( func(ctx context.Context, addr string) (net.Conn, error) { return c.dialer.DialContext(ctx, "unix", addr) diff --git a/s3proxy/internal/kms/kms.go b/s3proxy/internal/kms/kms.go index d6c100b20..f0d71b875 100644 --- a/s3proxy/internal/kms/kms.go +++ b/s3proxy/internal/kms/kms.go @@ -42,7 +42,7 @@ func (c Client) GetDataKey(ctx context.Context, keyID string, length int) ([]byt // the KMS does not use aTLS since traffic is only routed through the Constellation cluster // cluster internal connections are considered trustworthy log.Info("Connecting to KMS") - conn, err := grpc.DialContext(ctx, c.endpoint, grpc.WithTransportCredentials(insecure.NewCredentials())) + conn, err := grpc.NewClient(c.endpoint, grpc.WithTransportCredentials(insecure.NewCredentials())) if err != nil { return nil, err } diff --git a/upgrade-agent/upgradeproto/upgrade.pb.go b/upgrade-agent/upgradeproto/upgrade.pb.go index f1982367e..2ea7d45c4 100644 --- a/upgrade-agent/upgradeproto/upgrade.pb.go +++ b/upgrade-agent/upgradeproto/upgrade.pb.go @@ -1,6 +1,6 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.34.1 +// protoc-gen-go v1.34.2 // protoc v3.21.7 // source: upgrade-agent/upgradeproto/upgrade.proto @@ -167,7 +167,7 @@ func file_upgrade_agent_upgradeproto_upgrade_proto_rawDescGZIP() []byte { } var file_upgrade_agent_upgradeproto_upgrade_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_upgrade_agent_upgradeproto_upgrade_proto_goTypes = []interface{}{ +var file_upgrade_agent_upgradeproto_upgrade_proto_goTypes = []any{ (*ExecuteUpdateRequest)(nil), // 0: upgrade.ExecuteUpdateRequest (*ExecuteUpdateResponse)(nil), // 1: upgrade.ExecuteUpdateResponse (*components.Component)(nil), // 2: components.Component @@ -189,7 +189,7 @@ func file_upgrade_agent_upgradeproto_upgrade_proto_init() { return } if !protoimpl.UnsafeEnabled { - file_upgrade_agent_upgradeproto_upgrade_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + file_upgrade_agent_upgradeproto_upgrade_proto_msgTypes[0].Exporter = func(v any, i int) any { switch v := v.(*ExecuteUpdateRequest); i { case 0: return &v.state @@ -201,7 +201,7 @@ func file_upgrade_agent_upgradeproto_upgrade_proto_init() { return nil } } - file_upgrade_agent_upgradeproto_upgrade_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + file_upgrade_agent_upgradeproto_upgrade_proto_msgTypes[1].Exporter = func(v any, i int) any { switch v := v.(*ExecuteUpdateResponse); i { case 0: return &v.state diff --git a/verify/verifyproto/verify.pb.go b/verify/verifyproto/verify.pb.go index 4299746cf..819fb0438 100644 --- a/verify/verifyproto/verify.pb.go +++ b/verify/verifyproto/verify.pb.go @@ -1,6 +1,6 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.34.1 +// protoc-gen-go v1.34.2 // protoc v3.21.7 // source: verify/verifyproto/verify.proto @@ -156,7 +156,7 @@ func file_verify_verifyproto_verify_proto_rawDescGZIP() []byte { } var file_verify_verifyproto_verify_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_verify_verifyproto_verify_proto_goTypes = []interface{}{ +var file_verify_verifyproto_verify_proto_goTypes = []any{ (*GetAttestationRequest)(nil), // 0: verify.GetAttestationRequest (*GetAttestationResponse)(nil), // 1: verify.GetAttestationResponse } @@ -176,7 +176,7 @@ func file_verify_verifyproto_verify_proto_init() { return } if !protoimpl.UnsafeEnabled { - file_verify_verifyproto_verify_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + file_verify_verifyproto_verify_proto_msgTypes[0].Exporter = func(v any, i int) any { switch v := v.(*GetAttestationRequest); i { case 0: return &v.state @@ -188,7 +188,7 @@ func file_verify_verifyproto_verify_proto_init() { return nil } } - file_verify_verifyproto_verify_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + file_verify_verifyproto_verify_proto_msgTypes[1].Exporter = func(v any, i int) any { switch v := v.(*GetAttestationResponse); i { case 0: return &v.state From 09d19fec22da58612ef0df19e695f09fb3c92f4e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Fri, 21 Jun 2024 10:09:01 +0200 Subject: [PATCH 093/380] cli: fix `constellation verify` depending on an initialized `constellation-state.yaml` file (#3184) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Ignore missing state file if flags are provided * Update verify docs to include requirement for config file --------- Signed-off-by: Daniel Weiße --- cli/internal/cmd/verify.go | 5 +---- cli/internal/cmd/verify_test.go | 16 +++++++++++++++- docs/docs/workflows/verify-cluster.md | 1 + .../version-2.15/workflows/verify-cluster.md | 1 + .../version-2.16/workflows/verify-cluster.md | 1 + 5 files changed, 19 insertions(+), 5 deletions(-) diff --git a/cli/internal/cmd/verify.go b/cli/internal/cmd/verify.go index 25bc6ebac..523920a20 100644 --- a/cli/internal/cmd/verify.go +++ b/cli/internal/cmd/verify.go @@ -138,10 +138,7 @@ func (c *verifyCmd) verify(cmd *cobra.Command, verifyClient verifyClient, config stateFile, err := state.ReadFromFile(c.fileHandler, constants.StateFilename) if err != nil { - return fmt.Errorf("reading state file: %w", err) - } - if err := stateFile.Validate(state.PostInit, conf.GetAttestationConfig().GetVariant()); err != nil { - return fmt.Errorf("validating state file: %w", err) + stateFile = state.New() // A state file is only required if the user has not provided IP or ID flags } ownerID, clusterID, err := c.validateIDFlags(cmd, stateFile) diff --git a/cli/internal/cmd/verify_test.go b/cli/internal/cmd/verify_test.go index 8458e5f50..3e161c8c8 100644 --- a/cli/internal/cmd/verify_test.go +++ b/cli/internal/cmd/verify_test.go @@ -167,6 +167,18 @@ func TestVerify(t *testing.T) { stateFile: defaultStateFile(cloudprovider.Azure), wantErr: true, }, + "state file is not required if flags are given": { + provider: cloudprovider.Azure, + nodeEndpointFlag: "192.0.2.1:1234", + clusterIDFlag: zeroBase64, + protoClient: &stubVerifyClient{}, + wantEndpoint: "192.0.2.1:1234", + }, + "no state file and no flags": { + provider: cloudprovider.Azure, + protoClient: &stubVerifyClient{}, + wantErr: true, + }, } for name, tc := range testCases { @@ -183,7 +195,9 @@ func TestVerify(t *testing.T) { cfg := defaultConfigWithExpectedMeasurements(t, config.Default(), tc.provider) require.NoError(fileHandler.WriteYAML(constants.ConfigFilename, cfg)) } - require.NoError(tc.stateFile.WriteToFile(fileHandler, constants.StateFilename)) + if tc.stateFile != nil { + require.NoError(tc.stateFile.WriteToFile(fileHandler, constants.StateFilename)) + } v := &verifyCmd{ fileHandler: fileHandler, diff --git a/docs/docs/workflows/verify-cluster.md b/docs/docs/workflows/verify-cluster.md index 20d416790..b6595ebf2 100644 --- a/docs/docs/workflows/verify-cluster.md +++ b/docs/docs/workflows/verify-cluster.md @@ -88,6 +88,7 @@ The `verify` command also allows you to verify any Constellation deployment that * The IP address of a running Constellation cluster's [VerificationService](../architecture/microservices.md#verificationservice). The `VerificationService` is exposed via a `NodePort` service using the external IP address of your cluster. Run `kubectl get nodes -o wide` and look for `EXTERNAL-IP`. * The cluster's *clusterID*. See [cluster identity](../architecture/keys.md#cluster-identity) for more details. +* A `constellation-conf.yaml` file with the expected measurements of the cluster in your working directory. For example: diff --git a/docs/versioned_docs/version-2.15/workflows/verify-cluster.md b/docs/versioned_docs/version-2.15/workflows/verify-cluster.md index 20d416790..b6595ebf2 100644 --- a/docs/versioned_docs/version-2.15/workflows/verify-cluster.md +++ b/docs/versioned_docs/version-2.15/workflows/verify-cluster.md @@ -88,6 +88,7 @@ The `verify` command also allows you to verify any Constellation deployment that * The IP address of a running Constellation cluster's [VerificationService](../architecture/microservices.md#verificationservice). The `VerificationService` is exposed via a `NodePort` service using the external IP address of your cluster. Run `kubectl get nodes -o wide` and look for `EXTERNAL-IP`. * The cluster's *clusterID*. See [cluster identity](../architecture/keys.md#cluster-identity) for more details. +* A `constellation-conf.yaml` file with the expected measurements of the cluster in your working directory. For example: diff --git a/docs/versioned_docs/version-2.16/workflows/verify-cluster.md b/docs/versioned_docs/version-2.16/workflows/verify-cluster.md index 20d416790..b6595ebf2 100644 --- a/docs/versioned_docs/version-2.16/workflows/verify-cluster.md +++ b/docs/versioned_docs/version-2.16/workflows/verify-cluster.md @@ -88,6 +88,7 @@ The `verify` command also allows you to verify any Constellation deployment that * The IP address of a running Constellation cluster's [VerificationService](../architecture/microservices.md#verificationservice). The `VerificationService` is exposed via a `NodePort` service using the external IP address of your cluster. Run `kubectl get nodes -o wide` and look for `EXTERNAL-IP`. * The cluster's *clusterID*. See [cluster identity](../architecture/keys.md#cluster-identity) for more details. +* A `constellation-conf.yaml` file with the expected measurements of the cluster in your working directory. For example: From fcf83318fd640c6d0cc7a387ceac3fc30874f735 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 21 Jun 2024 11:04:00 +0200 Subject: [PATCH 094/380] deps: update dependency rules_proto to v6.0.2 (#3190) * deps: update dependency rules_proto to v6.0.2 * deps: tidy all modules --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci --- MODULE.bazel | 2 +- MODULE.bazel.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/MODULE.bazel b/MODULE.bazel index 97fb1c66c..2cf8fdced 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -7,7 +7,7 @@ bazel_dep(name = "hermetic_cc_toolchain", version = "3.1.0") bazel_dep(name = "rules_cc", version = "0.0.9") bazel_dep(name = "rules_go", version = "0.48.1", repo_name = "io_bazel_rules_go") bazel_dep(name = "rules_pkg", version = "0.10.1") -bazel_dep(name = "rules_proto", version = "6.0.0.bcr.1") +bazel_dep(name = "rules_proto", version = "6.0.2") bazel_dep(name = "rules_python", version = "0.32.2") bazel_dep(name = "buildifier_prebuilt", version = "6.4.0", dev_dependency = True) diff --git a/MODULE.bazel.lock b/MODULE.bazel.lock index addca7b87..fef31dfe7 100644 --- a/MODULE.bazel.lock +++ b/MODULE.bazel.lock @@ -65,9 +65,9 @@ "https://bcr.bazel.build/modules/rules_proto/4.0.0/MODULE.bazel": "a7a7b6ce9bee418c1a760b3d84f83a299ad6952f9903c67f19e4edd964894e06", "https://bcr.bazel.build/modules/rules_proto/5.3.0-21.7/MODULE.bazel": "e8dff86b0971688790ae75528fe1813f71809b5afd57facb44dad9e8eca631b7", "https://bcr.bazel.build/modules/rules_proto/6.0.0-rc1/MODULE.bazel": "1e5b502e2e1a9e825eef74476a5a1ee524a92297085015a052510b09a1a09483", - "https://bcr.bazel.build/modules/rules_proto/6.0.0.bcr.1/MODULE.bazel": "9c59abd3ea6deaa6aed6d173d6828a24ca78b9ce806e06e31fe5c2388b600566", - "https://bcr.bazel.build/modules/rules_proto/6.0.0.bcr.1/source.json": "08e3301161abfacedeb98ed978540b32fa93bc7d72df07e1c44fcf93d2af23d6", "https://bcr.bazel.build/modules/rules_proto/6.0.0/MODULE.bazel": "b531d7f09f58dce456cd61b4579ce8c86b38544da75184eadaf0a7cb7966453f", + "https://bcr.bazel.build/modules/rules_proto/6.0.2/MODULE.bazel": "ce916b775a62b90b61888052a416ccdda405212b6aaeb39522f7dc53431a5e73", + "https://bcr.bazel.build/modules/rules_proto/6.0.2/source.json": "17a2e195f56cb28d6bbf763e49973d13890487c6945311ed141e196fb660426d", "https://bcr.bazel.build/modules/rules_python/0.10.2/MODULE.bazel": "cc82bc96f2997baa545ab3ce73f196d040ffb8756fd2d66125a530031cd90e5f", "https://bcr.bazel.build/modules/rules_python/0.22.1/MODULE.bazel": "26114f0c0b5e93018c0c066d6673f1a2c3737c7e90af95eff30cfee38d0bbac7", "https://bcr.bazel.build/modules/rules_python/0.24.0/MODULE.bazel": "4bff7f583653d0762cda21303da0643cc4c545ddfd9593337f18dad8d1787801", From d3f3697d00804acd559a1f284c89f29a772d44cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Fri, 21 Jun 2024 13:22:07 +0200 Subject: [PATCH 095/380] ci: make bazel generate more stable (#3188) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- bazel/ci/BUILD.bazel | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/bazel/ci/BUILD.bazel b/bazel/ci/BUILD.bazel index 4493fa483..82bf8d187 100644 --- a/bazel/ci/BUILD.bazel +++ b/bazel/ci/BUILD.bazel @@ -541,16 +541,34 @@ multirun( ) multirun( - name = "generate", + name = "generate_files", commands = [ ":terraform_gen", "//3rdparty/bazel/com_github_medik8s_node_maintainance_operator:pull_files", ":go_generate", ":proto_generate", - ":cli_docgen", - ":terraform_docgen", - ":version_info_gen", ], jobs = 0, # execute concurrently visibility = ["//visibility:public"], ) + +multirun( + name = "generate_docs", + commands = [ + ":cli_docgen", + ":terraform_docgen", + ], + jobs = 0, # execute concurrently + visibility = ["//visibility:public"], +) + +multirun( + name = "generate", + commands = [ + ":generate_files", + ":generate_docs", + ":version_info_gen", + ], + jobs = 1, # execute sequentially + visibility = ["//visibility:public"], +) From d8680367b095b89c6ecfd09279fa4a3d86cdb7bc Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 22 Jun 2024 10:30:26 +0200 Subject: [PATCH 096/380] deps: update golang Docker tag to v1.22.4 (#3191) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/actions/versionsapi/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/versionsapi/Dockerfile b/.github/actions/versionsapi/Dockerfile index 2fec02077..06f343486 100644 --- a/.github/actions/versionsapi/Dockerfile +++ b/.github/actions/versionsapi/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.22.3@sha256:f43c6f049f04cbbaeb28f0aad3eea15274a7d0a7899a617d0037aec48d7ab010 as builder +FROM golang:1.22.4@sha256:a66eda637829ce891e9cf61ff1ee0edf544e1f6c5b0e666c7310dce231a66f28 as builder # Download project root dependencies WORKDIR /workspace From 3161adea5f52076df77f0398cc75753c0c22ec2c Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Sun, 23 Jun 2024 15:00:08 +0200 Subject: [PATCH 097/380] image: update locked rpms (#3195) Co-authored-by: edgelessci --- image/mirror/SHA256SUMS | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/image/mirror/SHA256SUMS b/image/mirror/SHA256SUMS index 15040ca7c..6b950fa9f 100644 --- a/image/mirror/SHA256SUMS +++ b/image/mirror/SHA256SUMS @@ -15,7 +15,7 @@ e61d6858790314f9d9ab539c5531d2b67ce763c9e5ac6c22dd76293fec12f3f5 ca-certificate 26e873722d8c94ba8150cb5afc7adcda1be17a21804d9c19e54eff530e3249a5 composefs-libs-1.0.3-1.fc40.x86_64.rpm ef93475ea699c80bb8e49b5a80fefeed23e553b0e492d74748a55958b4dde568 conmon-2.1.10-1.fc40.x86_64.rpm adf4b75cdd9fae9d2d37fb71d9f0bf625a6705c0f0a7784569ab21463fe22152 conntrack-tools-1.4.7-7.fc40.x86_64.rpm -f4f43dd33d14def444e9516ac8d59a7fd4fbceb2c56b662f0c0943af65771b3a container-selinux-2.231.0-1.fc40.noarch.rpm +b0b0ba347f69131086934e836f03fb8b373923c88ac2958bd9661be28e30e869 container-selinux-2.232.1-1.fc40.noarch.rpm bbe29e0c7b4ca076d50b4ac3954eb383459230d96b13f353ee71ebd5de33b6d1 containerd-1.6.23-5.fc40.x86_64.rpm 25fffa3b5f1b0b2349fd6f8f6ccb6e84936c50eeb8d4a292bcc2b74895fa7fcc containernetworking-plugins-1.4.0-4.fc40.x86_64.rpm 80b36160387e4a77682c271b78b36dd807d876015649e72af4bc2ad4cb385337 containers-common-0.59.1-2.fc40.noarch.rpm @@ -30,9 +30,9 @@ e4407cbfeb01494457e941a56971ec3aefbd35206792918d60fc9417acacd1a8 criu-3.19-4.fc 4e913c3232f3d304820e6e1746911d5d4c981407673edbd3426118a2fd2dd977 crun-1.15-1.fc40.x86_64.rpm 4ff80ee580e20cae3578c254c9c56698090cbcce3a4c2feb42e6a29156c15497 crypto-policies-20240510-1.gitd287a42.fc40.noarch.rpm 8bc661a223cc065e257444b97131cb2fdc4d2e80932958d9d40df09472756f71 crypto-policies-scripts-20240510-1.gitd287a42.fc40.noarch.rpm -d54dd64d6e5ec06ce51dd063cde948f71e8c0c930058e3232c963a7b7309947b cryptsetup-2.7.2-1.fc40.x86_64.rpm -ea1a32f78c86ea741d31d7166e641602e62a0797a2200725385e148b15977388 cryptsetup-libs-2.7.2-1.fc40.i686.rpm -41fdb51944e94625a8d4424c784482c426ca5ec7ca63f36b0f7231e7f8ccde13 cryptsetup-libs-2.7.2-1.fc40.x86_64.rpm +694606bd827a928ef8c50f90d90de30491cdd56248a02ca539dc11968b831eca cryptsetup-2.7.3-1.fc40.x86_64.rpm +5e42ee5d5ec44b645e1a506e8b4fa9eab27eb491913e4591b26b464941283333 cryptsetup-libs-2.7.3-1.fc40.i686.rpm +bc2e1fe5df71d47b8b7d28d641c2ce988c9dbce90ae36409f18748ef0d6012bb cryptsetup-libs-2.7.3-1.fc40.x86_64.rpm eb071367cc23b314bfc3f3d7d9611bd6d19fc17cebae4f790e4d6719545f283a curl-8.6.0-8.fc40.x86_64.rpm 0dff67dfeca59cb68cadafe8d9909b88dfaa2fc0a9a4426352f66a5fe351fbe3 cyrus-sasl-lib-2.1.28-19.fc40.x86_64.rpm 19197df26f76af5e78bd1e3ad2f777bea071eef6dfec1219f6b8ee3c80e10193 dbus-1.14.10-3.fc40.x86_64.rpm @@ -76,19 +76,19 @@ c4cc69bf3a2655b9ee9ac23492d377bac57811c5b4f81fbf43537520ee33c7af gawk-all-langp 1af2b6d450ecc168e5604654dc83433bf0658bba5cacd55377400d7db7db650b gettext-envsubst-0.22.5-2.fc40.x86_64.rpm 834c3441835069b61208792b9b9ae1ebfadadb9d2d211357d7f42838932b59a7 gettext-libs-0.22.5-2.fc40.x86_64.rpm 1126bf8d28dff9f165865d83c239e6a2d3988fc935957b9b869d8ed7989a2ae9 gettext-runtime-0.22.5-2.fc40.x86_64.rpm -0d07452b71741856258e6ddba673a6f0a9fbf2ade0d751ea2d735531f019c398 glib2-2.80.2-1.fc40.x86_64.rpm -3b3ecd009f8fdd305f6b4b4f1fe1357ff1a0c2cd7281ceda717ec578d695b87a glibc-2.39-13.fc40.i686.rpm -fa209e13155a3c326bebe2c01e6b5db05dc47924102bc7a698e834ba81bcb256 glibc-2.39-13.fc40.x86_64.rpm -34f89f267920d3ec17043171c3da1aff1ff00a990009e8c0e4c527cce3151bef glibc-common-2.39-13.fc40.x86_64.rpm -e18c1c9075b75c0f16797a3209233dc4ce9b6f16c2a455842e63346274c0ce3d glibc-gconv-extra-2.39-13.fc40.i686.rpm -6de8e353d8769f00e5deab0e9c3262b0ae2fc93f86d6fee6d61095855e965f9f glibc-gconv-extra-2.39-13.fc40.x86_64.rpm -9bfa2e40876084f603b28cc0b7991d32022905dd4192d9fae5abbdabf1279bf2 glibc-minimal-langpack-2.39-13.fc40.x86_64.rpm +0a32c6874ce180375c2c0b1e2f0c8fed38131a598e5c4ba3866cf3aee1f3f5fc glib2-2.80.3-1.fc40.x86_64.rpm +0b21325cfcb62490cb84774b77460ef9a1e700c0ae1038ee122a2fe183288ca2 glibc-2.39-15.fc40.i686.rpm +e1a876099d362a01b4fd443fb49930391839716a40a5690655b169faa745f645 glibc-2.39-15.fc40.x86_64.rpm +e26c584d81956fd2c2d74feb37e3a2af9eb41f097194a0e87017142bb0d6b1f5 glibc-common-2.39-15.fc40.x86_64.rpm +18b7881accc752c047e34fda61502802b724a903ef9937a2d3c9057bab189fb3 glibc-gconv-extra-2.39-15.fc40.i686.rpm +e6f380f5158a05d7edda8cc9864a310d78c065f7be95d8a4e9843e34167fb48e glibc-gconv-extra-2.39-15.fc40.x86_64.rpm +d54a767deb16c78ec1acc0d62016c2ac61f2e7f832fbb7663c45dc46f299cdb5 glibc-minimal-langpack-2.39-15.fc40.x86_64.rpm b054d6a9ee3477e935686b327aa47379bd1909eac4ce06c4c45dff1a201ecb49 gmp-6.2.1-8.fc40.x86_64.rpm 0a8b1b3fb625e4d1864ad6726f583e2db5db7f10d9f3564b5916ca7fed1b71cb gnupg2-2.4.4-1.fc40.x86_64.rpm 4425dbd35ab65f25b092d12ac56c4b565371a1c52ac882c8896dbeae7d52bbb1 gnupg2-smime-2.4.4-1.fc40.x86_64.rpm 4a41802154b079185f306fb9a2e9522e2dc1b866b1f947707cdb04ee876f3fd2 gnutls-3.8.5-1.fc40.x86_64.rpm 41eccf83033fa7ba4d181659eb2e3a94d8b276c6f75557ca0a3b7fd196733f29 gnutls-dane-3.8.5-1.fc40.x86_64.rpm -8f4e437e2eda2636f58952f3f5f258313c1f5ff333407c08f87cd83c8f872dfd google-compute-engine-guest-configs-udev-20240501.00-1.fc40.noarch.rpm +f1d7b8ac27932363eeb6cb667ef26ea1c000379beb9348fbed295e062538b4ee google-compute-engine-guest-configs-udev-20240607.00-2.fc40.noarch.rpm 94e443590221fb17e0330f076ebac32baab17b8d9c22566db372899ae750ca64 gpgme-1.23.2-3.fc40.x86_64.rpm 6d54af0fc5ae216eb97720415acda4245ebc6c021420a2892b58620b5b25ca38 gpm-libs-1.20.7-46.fc40.x86_64.rpm 8e2310f6cde324576e537749cf1d4fee8028edfc0c8df3070f147ee162b423ce grep-3.11-7.fc40.x86_64.rpm @@ -217,8 +217,8 @@ fadf7dd93c5eee57ba78e0628bf041dbd2ea037ace52f0a5cbac55b363234d27 libverto-0.3.2 26c27a101cf40f84f313d81a28cbca9450e8d901e6fcd315ac6036895a369b92 libxcrypt-4.4.36-5.fc40.x86_64.rpm a17f9a8894a00ee97a42219b3b21d64bfb850d74059d89ae299210bc477e8967 libxkbcommon-1.6.0-2.fc40.i686.rpm 1f1d0c1e1132016735acc6fc3390102b35f9eb257244547c7b61c32a9c2314cc libxkbcommon-1.6.0-2.fc40.x86_64.rpm -1d892a2a9ebc7062ab36f2e01682c17280de09508e2b5ce71476d171d1c6c93b libxml2-2.12.7-1.fc40.i686.rpm -35bba4379919f472dadd5ddb415e60ae21841f56045199c18082f93405b4c120 libxml2-2.12.7-1.fc40.x86_64.rpm +302104acbc7b094958be4f764c14f738462fdb381fc38aac63e0e7eaedaa82a7 libxml2-2.12.8-1.fc40.i686.rpm +ed8d18570524445954dae5aff6239d9cc987cf8b3313fcd48c42f1b79b8eb247 libxml2-2.12.8-1.fc40.x86_64.rpm cd866911efd52e3a70655df3da9d71ad2f4a326463aeaa381493a7547e14871d libzstd-1.5.6-1.fc40.i686.rpm bed3075b9ff919eded25cb45e9e03b8a7c63bcc8e893ec28c999aecaa68c51d3 libzstd-1.5.6-1.fc40.x86_64.rpm 81409455da42a5ffdcf5b8cc711632ce037fec25d5ae00cbfda5010c9db04157 lua-libs-5.4.6-5.fc40.x86_64.rpm @@ -229,7 +229,7 @@ f5f022440c4340b5e7fb1c1dbc382e6b0fd57030b3ff056940f2bb3d254408ec lz4-libs-1.9.4 03fbefea8c8d8465cf1caf66870fb935292ee18b4ca341853b5576ca9c7801eb mokutil-0.7.1-1.fc40.x86_64.rpm 0a3a3fc2471d2d64cbc85f4b23c93620df6eeee814851a2b69fc5ddf75406b56 mpdecimal-2.5.1-9.fc40.x86_64.rpm bc873693a8b8423d7f82e329abe207c9160a4c746fea9a32ef2a6ae8c912f227 mpfr-4.2.1-4.fc40.x86_64.rpm -ed211fa5d0d0a70e4db0099a01e7b7a46f28b064e2af7064d3c7836663229917 mtools-4.0.43-4.fc40.x86_64.rpm +cf424c4b9fc38fe40418f77d1b61f4c4d73a8a697aeace2ac86f6a5d34971a0e mtools-4.0.44-1.fc40.x86_64.rpm 7dfae7d898dfc40f3fe1fc66104cf31e434e866fec4d4944b55952d7f2f16657 nano-7.2-7.fc40.x86_64.rpm b404c27af03bb1e43fb0dc472d5a1fa152e0563fa2e4eefa29199c47578a829b nano-default-editor-7.2-7.fc40.noarch.rpm 8a93376ce7423bd1a649a13f4b5105f270b4603f5cf3b3e230bdbda7f25dd788 ncurses-base-6.4-12.20240127.fc40.noarch.rpm @@ -250,8 +250,8 @@ eba1bd09317cc1f1f80e722e9a545dd404e1fad444045438f254e99cab4f1ed6 openssl-libs-3 5981cdaf35f2ea96236eaccf1ce476379e51e5883ce57343a7727626e9fd9da3 pam-libs-1.6.1-3.fc40.i686.rpm fb85b93438336461a0b2b878158e552d30b6fb663404475eb0a050b35fd5d35f pam-libs-1.6.1-3.fc40.x86_64.rpm 9bbce784622e02af0371ced8e9a7d26adba7eabd66ecfcb8bbe2d24cf616e3c1 parted-3.6-4.fc40.x86_64.rpm -7f8327ab1b77dbc67cf1db70d35afda6477e48e7467e4f3c916f71eddac7048a passt-0^20240510.g7288448-1.fc40.x86_64.rpm -6ae3cbcf7de9c12dae7fb3096acd32bc2e3ba2b9b44a6c5eef2c7c3a587a5a32 passt-selinux-0^20240510.g7288448-1.fc40.noarch.rpm +8cba24e2ba3ff88a383542f81308c79388b7a36a42d4db404a7a475f68c311f1 passt-0^20240607.g8a83b53-1.fc40.x86_64.rpm +10e31535e7069a038b931d48af71430f2b721f5e19610cbb6be5560a91d6fcce passt-selinux-0^20240607.g8a83b53-1.fc40.noarch.rpm 757dc11e76123116a505879b5b00dbb1f132b25578f738979220397965d7fa38 pcre2-10.42-2.fc40.2.i686.rpm 8d36bcee4d3e39d5b8162ab8de347bb0f7d7b260a6b6c76bc4b577c5bff6ba5e pcre2-10.42-2.fc40.2.x86_64.rpm f2042a010126c04faea45cea4b62f8443e73f4a0a218858092e0fcf5ca7967fa pcre2-syntax-10.42-2.fc40.2.noarch.rpm @@ -261,7 +261,7 @@ f796a31cad58f4ebea8787020868581d9a721297ee0ef6a7c63a7f8444f60c17 pcsc-lite-libs 5443db8875acc0c1c436dbe1ed62b776543e049b8d9c7e33198379d367814093 pigz-2.8-4.fc40.x86_64.rpm cb7c5036f1d25c696de23a6670cb64caec9945116fb0c9a93555414746ecf253 pinentry-1.3.0-2.fc40.x86_64.rpm bbb4abafa9f7664e21350b56d49af2c928288e6d4dd68c304c4ab5d45b2c8ad7 pkcs11-provider-0.3-2.fc40.x86_64.rpm -acc781e5cf7e5bde4869c08faeafb66ff0790c1102f428d4bd8b14972b7c5b54 podman-5.1.0-1.fc40.x86_64.rpm +4bb0400e33de59ad4bcec35e5c4e58e71308b3247caf9e821dae7e89f2e43609 podman-5.1.1-1.fc40.x86_64.rpm fc0270713aefd482937adc4d6905f806760ea54c70379cb675be521251e5a177 policycoreutils-3.6-3.fc40.x86_64.rpm 30a4f9d3631aaa1280c93ce4305847a9773973aa312e1802d1cd676cb2421689 polkit-124-2.fc40.x86_64.rpm f47bc65177a8b160916c00df9c84442afa1dd353880b3c0503d5a0b052d4956c polkit-libs-124-2.fc40.x86_64.rpm From 9ad9ff4b51d3112fa8b086459a29038231bc4388 Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Mon, 24 Jun 2024 12:04:31 +0200 Subject: [PATCH 098/380] bazel: use released version of gazelle (#3192) --- MODULE.bazel | 10 +--------- MODULE.bazel.lock | 9 +++++++++ 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/MODULE.bazel b/MODULE.bazel index 2cf8fdced..9ba8b6e62 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -2,7 +2,7 @@ module(name = "constellation") bazel_dep(name = "aspect_bazel_lib", version = "2.7.7") bazel_dep(name = "bazel_skylib", version = "1.6.1") -bazel_dep(name = "gazelle", version = "0.36.0") +bazel_dep(name = "gazelle", version = "0.37.0") bazel_dep(name = "hermetic_cc_toolchain", version = "3.1.0") bazel_dep(name = "rules_cc", version = "0.0.9") bazel_dep(name = "rules_go", version = "0.48.1", repo_name = "io_bazel_rules_go") @@ -12,14 +12,6 @@ bazel_dep(name = "rules_python", version = "0.32.2") bazel_dep(name = "buildifier_prebuilt", version = "6.4.0", dev_dependency = True) -# replace gazelle with a pre-release version -# until go.work support is released -git_override( - module_name = "gazelle", - commit = "476a9447de621f3d6ab0154cc5683b989c79f9c1", - remote = "https://github.com/bazelbuild/bazel-gazelle", -) - go_sdk = use_extension("@io_bazel_rules_go//go:extensions.bzl", "go_sdk") go_sdk.download( name = "go_sdk", diff --git a/MODULE.bazel.lock b/MODULE.bazel.lock index fef31dfe7..edf8e62a8 100644 --- a/MODULE.bazel.lock +++ b/MODULE.bazel.lock @@ -9,6 +9,7 @@ "https://bcr.bazel.build/modules/apple_support/1.5.0/source.json": "eb98a7627c0bc486b57f598ad8da50f6625d974c8f723e9ea71bd39f709c9862", "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.7/MODULE.bazel": "491f8681205e31bb57892d67442ce448cda4f472a8e6b3dc062865e29a64f89c", "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.7/source.json": "87f12b449cd1d27d3e83840a59a6966d557e7c3c5f19e7b2e0361da5edc6b397", + "https://bcr.bazel.build/modules/bazel_features/1.1.0/MODULE.bazel": "cfd42ff3b815a5f39554d97182657f8c4b9719568eb7fded2b9135f084bf760b", "https://bcr.bazel.build/modules/bazel_features/1.1.1/MODULE.bazel": "27b8c79ef57efe08efccbd9dd6ef70d61b4798320b8d3c134fd571f78963dbcd", "https://bcr.bazel.build/modules/bazel_features/1.11.0/MODULE.bazel": "f9382337dd5a474c3b7d334c2f83e50b6eaedc284253334cf823044a26de03e8", "https://bcr.bazel.build/modules/bazel_features/1.11.0/source.json": "c9320aa53cd1c441d24bd6b716da087ad7e4ff0d9742a9884587596edfe53015", @@ -25,6 +26,12 @@ "https://bcr.bazel.build/modules/buildifier_prebuilt/6.4.0/source.json": "83eb01b197ed0b392f797860c9da5ed1bf95f4d0ded994d694a3d44731275916", "https://bcr.bazel.build/modules/buildozer/7.1.2/MODULE.bazel": "2e8dd40ede9c454042645fd8d8d0cd1527966aa5c919de86661e62953cd73d84", "https://bcr.bazel.build/modules/buildozer/7.1.2/source.json": "c9028a501d2db85793a6996205c8de120944f50a0d570438fcae0457a5f9d1f8", + "https://bcr.bazel.build/modules/gazelle/0.32.0/MODULE.bazel": "b499f58a5d0d3537f3cf5b76d8ada18242f64ec474d8391247438bf04f58c7b8", + "https://bcr.bazel.build/modules/gazelle/0.33.0/MODULE.bazel": "a13a0f279b462b784fb8dd52a4074526c4a2afe70e114c7d09066097a46b3350", + "https://bcr.bazel.build/modules/gazelle/0.34.0/MODULE.bazel": "abdd8ce4d70978933209db92e436deb3a8b737859e9354fb5fd11fb5c2004c8a", + "https://bcr.bazel.build/modules/gazelle/0.36.0/MODULE.bazel": "e375d5d6e9a6ca59b0cb38b0540bc9a05b6aa926d322f2de268ad267a2ee74c0", + "https://bcr.bazel.build/modules/gazelle/0.37.0/MODULE.bazel": "d1327ba0907d0275ed5103bfbbb13518f6c04955b402213319d0d6c0ce9839d4", + "https://bcr.bazel.build/modules/gazelle/0.37.0/source.json": "b3adc10e2394e7f63ea88fb1d622d4894bfe9ec6961c493ae9a887723ab16831", "https://bcr.bazel.build/modules/googletest/1.11.0/MODULE.bazel": "3a83f095183f66345ca86aa13c58b59f9f94a2f81999c093d4eeaa2d262d12f4", "https://bcr.bazel.build/modules/googletest/1.11.0/source.json": "c73d9ef4268c91bd0c1cd88f1f9dfa08e814b1dbe89b5f594a9f08ba0244d206", "https://bcr.bazel.build/modules/hermetic_cc_toolchain/3.1.0/MODULE.bazel": "ea4b3a25a9417a7db57a8a2f9ebdee91d679823c6274b482b817ed128d81c594", @@ -46,6 +53,8 @@ "https://bcr.bazel.build/modules/rules_cc/0.0.8/MODULE.bazel": "964c85c82cfeb6f3855e6a07054fdb159aced38e99a5eecf7bce9d53990afa3e", "https://bcr.bazel.build/modules/rules_cc/0.0.9/MODULE.bazel": "836e76439f354b89afe6a911a7adf59a6b2518fafb174483ad78a2a2fde7b1c5", "https://bcr.bazel.build/modules/rules_cc/0.0.9/source.json": "1f1ba6fea244b616de4a554a0f4983c91a9301640c8fe0dd1d410254115c8430", + "https://bcr.bazel.build/modules/rules_go/0.41.0/MODULE.bazel": "55861d8e8bb0e62cbd2896f60ff303f62ffcb0eddb74ecb0e5c0cbe36fc292c8", + "https://bcr.bazel.build/modules/rules_go/0.42.0/MODULE.bazel": "8cfa875b9aa8c6fce2b2e5925e73c1388173ea3c32a0db4d2b4804b453c14270", "https://bcr.bazel.build/modules/rules_go/0.46.0/MODULE.bazel": "3477df8bdcc49e698b9d25f734c4f3a9f5931ff34ee48a2c662be168f5f2d3fd", "https://bcr.bazel.build/modules/rules_go/0.48.1/MODULE.bazel": "ad27296e268624d7d53043fe5ff88d5486e7a29596336f629b379b83c67e6d8b", "https://bcr.bazel.build/modules/rules_go/0.48.1/source.json": "83321289aa500090871d8f761d991f0534946414640cce5c18d2df44cff8e082", From c1b6d93fb9aa31d90814fcf3446c3eb3701fbb56 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 24 Jun 2024 13:47:50 +0200 Subject: [PATCH 099/380] deps: update dependency aspect_bazel_lib to v2.7.8 (#3196) * deps: update dependency aspect_bazel_lib to v2.7.8 * deps: tidy all modules --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci --- MODULE.bazel | 2 +- MODULE.bazel.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/MODULE.bazel b/MODULE.bazel index 9ba8b6e62..91ac0ed02 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -1,6 +1,6 @@ module(name = "constellation") -bazel_dep(name = "aspect_bazel_lib", version = "2.7.7") +bazel_dep(name = "aspect_bazel_lib", version = "2.7.8") bazel_dep(name = "bazel_skylib", version = "1.6.1") bazel_dep(name = "gazelle", version = "0.37.0") bazel_dep(name = "hermetic_cc_toolchain", version = "3.1.0") diff --git a/MODULE.bazel.lock b/MODULE.bazel.lock index edf8e62a8..b32dcbfbf 100644 --- a/MODULE.bazel.lock +++ b/MODULE.bazel.lock @@ -7,8 +7,8 @@ "https://bcr.bazel.build/modules/abseil-cpp/20211102.0/source.json": "7e3a9adf473e9af076ae485ed649d5641ad50ec5c11718103f34de03170d94ad", "https://bcr.bazel.build/modules/apple_support/1.5.0/MODULE.bazel": "50341a62efbc483e8a2a6aec30994a58749bd7b885e18dd96aa8c33031e558ef", "https://bcr.bazel.build/modules/apple_support/1.5.0/source.json": "eb98a7627c0bc486b57f598ad8da50f6625d974c8f723e9ea71bd39f709c9862", - "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.7/MODULE.bazel": "491f8681205e31bb57892d67442ce448cda4f472a8e6b3dc062865e29a64f89c", - "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.7/source.json": "87f12b449cd1d27d3e83840a59a6966d557e7c3c5f19e7b2e0361da5edc6b397", + "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.8/MODULE.bazel": "1631a1bbb119fc372f9aaa55df6c7d0a59fdb1640324b3d5c0047d976eb57aae", + "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.8/source.json": "896a2b322e70b0d1517b8758159e71fa3c2bf7bce5ecda3eb99c9e84fdd71e5e", "https://bcr.bazel.build/modules/bazel_features/1.1.0/MODULE.bazel": "cfd42ff3b815a5f39554d97182657f8c4b9719568eb7fded2b9135f084bf760b", "https://bcr.bazel.build/modules/bazel_features/1.1.1/MODULE.bazel": "27b8c79ef57efe08efccbd9dd6ef70d61b4798320b8d3c134fd571f78963dbcd", "https://bcr.bazel.build/modules/bazel_features/1.11.0/MODULE.bazel": "f9382337dd5a474c3b7d334c2f83e50b6eaedc284253334cf823044a26de03e8", @@ -125,8 +125,8 @@ }, "@@aspect_bazel_lib~//lib:extensions.bzl%toolchains": { "general": { - "bzlTransitiveDigest": "3KydN9M+cGcn8Huu/umxX7Vk08sXz5lJeUxg/b0Gxjc=", - "usagesDigest": "lPY0R//H+nhO4vaAphii2Dndc+QDteBXUued+RoMhEc=", + "bzlTransitiveDigest": "SK+5VjMKVX5gfuC//JqN+b1rWW3PNLeAEsqwiD3CAOA=", + "usagesDigest": "un2V6RGFYjsvM5ras99mEMrstkY0R2xhQv9URU0NcoU=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, From 1d3eae010f796f16085843bb8f9a60b4087f9a08 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 24 Jun 2024 14:32:00 +0200 Subject: [PATCH 100/380] deps: update rhysd/actionlint to v1.7.1 (#3197) * deps: update rhysd/actionlint to v1.7.1 * deps: tidy all modules --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci --- bazel/toolchains/ci_deps.bzl | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/bazel/toolchains/ci_deps.bzl b/bazel/toolchains/ci_deps.bzl index e5aeefc9e..ec23f6802 100644 --- a/bazel/toolchains/ci_deps.bzl +++ b/bazel/toolchains/ci_deps.bzl @@ -97,41 +97,41 @@ def _actionlint_deps(): name = "com_github_rhysd_actionlint_linux_amd64", build_file_content = """exports_files(["actionlint"], visibility = ["//visibility:public"])""", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/8aae9148f61952d11a97651852fdc7dffd2b762ed3cdd28b3c2232ae5f55d4db", - "https://github.com/rhysd/actionlint/releases/download/v1.7.0/actionlint_1.7.0_linux_amd64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/f53c34493657dfea83b657e4b62cc68c25fbc383dff64c8d581613b037aacaa3", + "https://github.com/rhysd/actionlint/releases/download/v1.7.1/actionlint_1.7.1_linux_amd64.tar.gz", ], type = "tar.gz", - sha256 = "8aae9148f61952d11a97651852fdc7dffd2b762ed3cdd28b3c2232ae5f55d4db", + sha256 = "f53c34493657dfea83b657e4b62cc68c25fbc383dff64c8d581613b037aacaa3", ) http_archive( name = "com_github_rhysd_actionlint_linux_arm64", build_file_content = """exports_files(["actionlint"], visibility = ["//visibility:public"])""", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/8181452246e7e6310b988f83762fc982e03f27eeb53dd4ad33fa4a5f4276b383", - "https://github.com/rhysd/actionlint/releases/download/v1.7.0/actionlint_1.7.0_linux_arm64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/21a20f38b19dc962d89e17fe1c6f116199e9e0d343ab33361868def14cc220fc", + "https://github.com/rhysd/actionlint/releases/download/v1.7.1/actionlint_1.7.1_linux_arm64.tar.gz", ], type = "tar.gz", - sha256 = "8181452246e7e6310b988f83762fc982e03f27eeb53dd4ad33fa4a5f4276b383", + sha256 = "21a20f38b19dc962d89e17fe1c6f116199e9e0d343ab33361868def14cc220fc", ) http_archive( name = "com_github_rhysd_actionlint_darwin_amd64", build_file_content = """exports_files(["actionlint"], visibility = ["//visibility:public"])""", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/138aff674f31bd218030d4b00b3024bf0c721b75a7ec8e90b743763f81e3128e", - "https://github.com/rhysd/actionlint/releases/download/v1.7.0/actionlint_1.7.0_darwin_amd64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/ee24184e2e7003c19eb739717b34b7c65d096f2ca0df8d571837b4f20112d573", + "https://github.com/rhysd/actionlint/releases/download/v1.7.1/actionlint_1.7.1_darwin_amd64.tar.gz", ], type = "tar.gz", - sha256 = "138aff674f31bd218030d4b00b3024bf0c721b75a7ec8e90b743763f81e3128e", + sha256 = "ee24184e2e7003c19eb739717b34b7c65d096f2ca0df8d571837b4f20112d573", ) http_archive( name = "com_github_rhysd_actionlint_darwin_arm64", build_file_content = """exports_files(["actionlint"], visibility = ["//visibility:public"])""", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/806e73fbafe54b7324d9478798534c5195fb71ea171633d9035b3fca237addd3", - "https://github.com/rhysd/actionlint/releases/download/v1.7.0/actionlint_1.7.0_darwin_arm64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/a72f66f28a4cc294670abb7a5e3392033700e00cc6a385c32fb769971b71ec9f", + "https://github.com/rhysd/actionlint/releases/download/v1.7.1/actionlint_1.7.1_darwin_arm64.tar.gz", ], type = "tar.gz", - sha256 = "806e73fbafe54b7324d9478798534c5195fb71ea171633d9035b3fca237addd3", + sha256 = "a72f66f28a4cc294670abb7a5e3392033700e00cc6a385c32fb769971b71ec9f", ) def _gofumpt_deps(): From 5f9e970ebdf09c594d7fc3fdf366ad955222cbaf Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 24 Jun 2024 15:03:21 +0200 Subject: [PATCH 101/380] deps: update Constellation containers to v2.17.0-pre.0.20240619151941-9cd11842442d (#3179) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- internal/versions/versions.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/internal/versions/versions.go b/internal/versions/versions.go index a2a93a5a9..ea3166ee8 100644 --- a/internal/versions/versions.go +++ b/internal/versions/versions.go @@ -173,11 +173,11 @@ const ( // NodeMaintenanceOperatorImage is the image for the node maintenance operator. NodeMaintenanceOperatorImage = "quay.io/medik8s/node-maintenance-operator:v0.15.0@sha256:8cb8dad93283268282c30e75c68f4bd76b28def4b68b563d2f9db9c74225d634" // renovate:container // LogstashImage is the container image of logstash, used for log collection by debugd. - LogstashImage = "ghcr.io/edgelesssys/constellation/logstash-debugd:v2.17.0-pre.0.20240524110423-80917921e3d6@sha256:2665a8c1cdf6f88a348a69050b3da63aeac1f606dc55b17ddc00bf4adfa67a1a" // renovate:container + LogstashImage = "ghcr.io/edgelesssys/constellation/logstash-debugd:v2.17.0-pre.0.20240619151941-9cd11842442d@sha256:02b861f789651e754a0e434d036be7d18ba897dac0443b6ce6f4d2bb88f50ba8" // renovate:container // FilebeatImage is the container image of filebeat, used for log collection by debugd. - FilebeatImage = "ghcr.io/edgelesssys/constellation/filebeat-debugd:v2.17.0-pre.0.20240524110423-80917921e3d6@sha256:a58db8fef0740e0263d1c407f43f2fa05fdeed200b32ab58d32fb11873477231" // renovate:container + FilebeatImage = "ghcr.io/edgelesssys/constellation/filebeat-debugd:v2.17.0-pre.0.20240619151941-9cd11842442d@sha256:645ade2ad4eecf7ff4f4624ff1d7ba5e0951617575c62175b8e55a9d09fb19cd" // renovate:container // MetricbeatImage is the container image of filebeat, used for log collection by debugd. - MetricbeatImage = "ghcr.io/edgelesssys/constellation/metricbeat-debugd:v2.17.0-pre.0.20240524110423-80917921e3d6@sha256:2a384e4120ad0e46e1841205fde75f9c726c14c31be0a88bf08ae14d8c4d6069" // renovate:container + MetricbeatImage = "ghcr.io/edgelesssys/constellation/metricbeat-debugd:v2.17.0-pre.0.20240619151941-9cd11842442d@sha256:19314db207b3a07be74000e50058cb4d24388c00c0b20d43f5d9fec0be5aad93" // renovate:container // currently supported versions. //nolint:revive From af3f2bcd423df718f400c7fbc0cb1013b1b247eb Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 24 Jun 2024 15:19:00 +0200 Subject: [PATCH 102/380] deps: update GitHub action dependencies (#3198) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/actions/e2e_sonobuoy/action.yml | 2 +- .github/workflows/draft-release.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/actions/e2e_sonobuoy/action.yml b/.github/actions/e2e_sonobuoy/action.yml index fc2e5faa0..70dfed0e0 100644 --- a/.github/actions/e2e_sonobuoy/action.yml +++ b/.github/actions/e2e_sonobuoy/action.yml @@ -64,7 +64,7 @@ runs: - name: Publish test results if: (!env.ACT) && contains(inputs.sonobuoyTestSuiteCmd, '--plugin e2e') - uses: mikepenz/action-junit-report@ac30be7acb0a361e5492575ab42e47fcadec4928 # v4.2.2 + uses: mikepenz/action-junit-report@db71d41eb79864e25ab0337e395c352e84523afe # v4.3.1 with: report_paths: "**/junit_01.xml" fail_on_failure: true diff --git a/.github/workflows/draft-release.yml b/.github/workflows/draft-release.yml index 730a136fa..594e646c1 100644 --- a/.github/workflows/draft-release.yml +++ b/.github/workflows/draft-release.yml @@ -472,7 +472,7 @@ jobs: - name: Create release with artifacts id: create-release # GitHub endorsed release project. See: https://github.com/actions/create-release - uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87 # v2.0.5 + uses: softprops/action-gh-release@a74c6b72af54cfa997e81df42d94703d6313a2d0 # v2.0.6 with: draft: true generate_release_notes: true @@ -487,7 +487,7 @@ jobs: terraform-module.zip - name: Create Terraform provider release with artifcats - uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87 # v2.0.5 + uses: softprops/action-gh-release@a74c6b72af54cfa997e81df42d94703d6313a2d0 # v2.0.6 with: draft: true generate_release_notes: false From e0c5acf2f331047eb000ca91a5d101fe8e8659d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Mon, 24 Jun 2024 16:04:07 +0200 Subject: [PATCH 103/380] deps: update k8s replace directive (#3193) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- go.mod | 51 ++++++++++++++++++++------------------------------- 1 file changed, 20 insertions(+), 31 deletions(-) diff --git a/go.mod b/go.mod index 07887fa5a..480039016 100644 --- a/go.mod +++ b/go.mod @@ -2,40 +2,29 @@ module github.com/edgelesssys/constellation/v2 go 1.22.3 -replace ( - k8s.io/api v0.0.0 => k8s.io/api v0.29.0 - k8s.io/apiextensions-apiserver v0.0.0 => k8s.io/apiextensions-apiserver v0.29.0 - k8s.io/apimachinery v0.0.0 => k8s.io/apimachinery v0.29.0 - k8s.io/apiserver v0.0.0 => k8s.io/apiserver v0.29.0 - k8s.io/cli-runtime v0.0.0 => k8s.io/cli-runtime v0.29.0 - k8s.io/client-go v0.0.0 => k8s.io/client-go v0.29.0 - k8s.io/cloud-provider v0.0.0 => k8s.io/cloud-provider v0.29.0 - k8s.io/cluster-bootstrap v0.0.0 => k8s.io/cluster-bootstrap v0.29.0 - k8s.io/code-generator v0.0.0 => k8s.io/code-generator v0.29.0 - k8s.io/component-base v0.0.0 => k8s.io/component-base v0.29.0 - k8s.io/component-helpers v0.0.0 => k8s.io/component-helpers v0.29.0 - k8s.io/controller-manager v0.0.0 => k8s.io/controller-manager v0.29.0 - k8s.io/cri-api v0.0.0 => k8s.io/cri-api v0.29.0 - k8s.io/csi-translation-lib v0.0.0 => k8s.io/csi-translation-lib v0.29.0 - k8s.io/dynamic-resource-allocation v0.0.0 => k8s.io/dynamic-resource-allocation v0.29.0 - k8s.io/endpointslice v0.0.0 => k8s.io/endpointslice v0.29.0 - k8s.io/kube-aggregator v0.0.0 => k8s.io/kube-aggregator v0.29.0 - k8s.io/kube-controller-manager v0.0.0 => k8s.io/kube-controller-manager v0.29.0 - k8s.io/kube-proxy v0.0.0 => k8s.io/kube-proxy v0.29.0 - k8s.io/kube-scheduler v0.0.0 => k8s.io/kube-scheduler v0.29.0 - k8s.io/kubectl v0.0.0 => k8s.io/kubectl v0.29.0 - k8s.io/kubelet v0.0.0 => k8s.io/kubelet v0.29.0 - k8s.io/kubernetes v0.0.0 => k8s.io/kubernetes v1.29.0 - k8s.io/legacy-cloud-providers v0.0.0 => k8s.io/legacy-cloud-providers v0.29.0 - k8s.io/metrics v0.0.0 => k8s.io/metrics v0.29.0 - k8s.io/mount-utils v0.0.0 => k8s.io/mount-utils v0.29.0 - k8s.io/pod-security-admission v0.0.0 => k8s.io/pod-security-admission v0.29.0 - k8s.io/sample-apiserver v0.0.0 => k8s.io/sample-apiserver v0.29.0 -) - // TODO(daniel-weisse): revert after merging https://github.com/martinjungblut/go-cryptsetup/pull/16. replace github.com/martinjungblut/go-cryptsetup => github.com/daniel-weisse/go-cryptsetup v0.0.0-20230705150314-d8c07bd1723c +// Kubernetes replace directives are required because we depend on k8s.io/kubernetes/cmd/kubeadm +// k8s discourages usage of k8s.io/kubernetes as a dependency, but no external staging repositories for kubeadm exist. +// Our code does not actually depend on these packages, but `go mod download` breaks without this replace directive. +// See this issue: https://github.com/kubernetes/kubernetes/issues/79384 +// And this README: https://github.com/kubernetes/kubernetes/blob/master/staging/README.md +replace ( + k8s.io/cloud-provider => k8s.io/cloud-provider v0.30.2 + k8s.io/controller-manager => k8s.io/controller-manager v0.30.2 + k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.30.2 + k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.30.2 + k8s.io/endpointslice => k8s.io/endpointslice v0.30.2 + k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.30.2 + k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.30.2 + k8s.io/kube-proxy => k8s.io/kube-proxy v0.30.2 + k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.30.2 + k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.30.2 + k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.30.2 + k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.30.2 +) + require ( cloud.google.com/go/compute v1.27.0 cloud.google.com/go/compute/metadata v0.3.0 From 3db3db3bf23a15735e17491dc6c98b0680df4bba Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Tue, 25 Jun 2024 10:11:57 +0200 Subject: [PATCH 104/380] operator: fix gRPC dialing over UDS (#3201) * operator: add test for gRPC connection over UDS --- .../internal/upgrade/BUILD.bazel | 13 +++++ .../internal/upgrade/upgrade.go | 15 +++--- .../internal/upgrade/upgrade_test.go | 52 +++++++++++++++++++ 3 files changed, 73 insertions(+), 7 deletions(-) create mode 100644 operators/constellation-node-operator/internal/upgrade/upgrade_test.go diff --git a/operators/constellation-node-operator/internal/upgrade/BUILD.bazel b/operators/constellation-node-operator/internal/upgrade/BUILD.bazel index ec1a62223..cf1588a80 100644 --- a/operators/constellation-node-operator/internal/upgrade/BUILD.bazel +++ b/operators/constellation-node-operator/internal/upgrade/BUILD.bazel @@ -1,4 +1,5 @@ load("@io_bazel_rules_go//go:def.bzl", "go_library") +load("//bazel/go:go_test.bzl", "go_test") go_library( name = "upgrade", @@ -13,3 +14,15 @@ go_library( "@org_golang_google_grpc//credentials/insecure", ], ) + +go_test( + name = "upgrade_test", + srcs = ["upgrade_test.go"], + embed = [":upgrade"], + deps = [ + "//internal/versions/components", + "//upgrade-agent/upgradeproto", + "@com_github_stretchr_testify//require", + "@org_golang_google_grpc//:grpc", + ], +) diff --git a/operators/constellation-node-operator/internal/upgrade/upgrade.go b/operators/constellation-node-operator/internal/upgrade/upgrade.go index 615e92dac..7204f473d 100644 --- a/operators/constellation-node-operator/internal/upgrade/upgrade.go +++ b/operators/constellation-node-operator/internal/upgrade/upgrade.go @@ -21,24 +21,25 @@ import ( // Client is a client for the upgrade agent. type Client struct { + addr string dialer Dialer } -// NewClient creates a new upgrade agent client. +// NewClient creates a new upgrade agent client connecting to the default upgrade-agent Unix socket. func NewClient() *Client { + return newClientWithAddress(mainconstants.UpgradeAgentMountPath) +} + +func newClientWithAddress(addr string) *Client { return &Client{ + addr: "unix:" + addr, dialer: &net.Dialer{}, } } // Upgrade upgrades the Constellation node to the given Kubernetes version. func (c *Client) Upgrade(ctx context.Context, kubernetesComponents components.Components, WantedKubernetesVersion string) error { - conn, err := grpc.NewClient(mainconstants.UpgradeAgentMountPath, grpc.WithTransportCredentials(insecure.NewCredentials()), - grpc.WithContextDialer( - func(ctx context.Context, addr string) (net.Conn, error) { - return c.dialer.DialContext(ctx, "unix", addr) - }, - )) + conn, err := grpc.NewClient(c.addr, grpc.WithTransportCredentials(insecure.NewCredentials())) if err != nil { return fmt.Errorf("failed to dial: %w", err) } diff --git a/operators/constellation-node-operator/internal/upgrade/upgrade_test.go b/operators/constellation-node-operator/internal/upgrade/upgrade_test.go new file mode 100644 index 000000000..394ffc54d --- /dev/null +++ b/operators/constellation-node-operator/internal/upgrade/upgrade_test.go @@ -0,0 +1,52 @@ +/* +Copyright (c) Edgeless Systems GmbH + +SPDX-License-Identifier: AGPL-3.0-only +*/ + +package upgrade + +import ( + "context" + "net" + "os" + "path/filepath" + "testing" + + "github.com/edgelesssys/constellation/v2/internal/versions/components" + "github.com/edgelesssys/constellation/v2/upgrade-agent/upgradeproto" + "github.com/stretchr/testify/require" + "google.golang.org/grpc" +) + +// TestGRPCDialer is a regression test to ensure the upgrade client can connect to a UDS. +func TestGRPCDialer(t *testing.T) { + require := require.New(t) + + dir := t.TempDir() + sockAddr := filepath.Join(dir, "test.socket") + + upgradeAgent := &fakeUpgradeAgent{} + grpcServer := grpc.NewServer() + upgradeproto.RegisterUpdateServer(grpcServer, upgradeAgent) + + listener, err := net.Listen("unix", sockAddr) + require.NoError(err) + go grpcServer.Serve(listener) + t.Cleanup(grpcServer.Stop) + + fileInfo, err := os.Stat(sockAddr) + require.NoError(err) + require.Equal(os.ModeSocket, fileInfo.Mode()&os.ModeType) + + upgradeClient := newClientWithAddress(sockAddr) + require.NoError(upgradeClient.Upgrade(context.Background(), []*components.Component{}, "v1.29.6")) +} + +type fakeUpgradeAgent struct { + upgradeproto.UnimplementedUpdateServer +} + +func (s *fakeUpgradeAgent) ExecuteUpdate(_ context.Context, _ *upgradeproto.ExecuteUpdateRequest) (*upgradeproto.ExecuteUpdateResponse, error) { + return &upgradeproto.ExecuteUpdateResponse{}, nil +} From dcb8cca26890528791a2dfc375dc02dc7f05f3bc Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Tue, 25 Jun 2024 10:43:23 +0200 Subject: [PATCH 105/380] bootstrapper: remove static pod manifests before cluster init/join --- .../internal/kubernetes/k8sapi/k8sutil.go | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go b/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go index 53f681b49..2925cc44f 100644 --- a/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go +++ b/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go @@ -137,6 +137,15 @@ func (k *KubernetesUtil) InitCluster( } // Create static pods directory for all nodes (the Kubelets on the worker nodes also expect the path to exist) + if _, err := os.Stat("/etc/kubernetes/manifests"); err == nil { + // If the node rebooted after the static pod directory was created, + // the existing directory needs to be removed before we can + // try to init the cluster again. + log.Info("Removing existing static Pod directory /etc/kubernetes/manifests") + if err := os.RemoveAll("/etc/kubernetes/manifests"); err != nil { + return nil, fmt.Errorf("removing static pods directory: %w", err) + } + } log.Info("Creating static Pod directory /etc/kubernetes/manifests") if err := os.MkdirAll("/etc/kubernetes/manifests", os.ModePerm); err != nil { return nil, fmt.Errorf("creating static pods directory: %w", err) @@ -200,6 +209,15 @@ func (k *KubernetesUtil) JoinCluster(ctx context.Context, joinConfig []byte, log } // Create static pods directory for all nodes (the Kubelets on the worker nodes also expect the path to exist) + if _, err := os.Stat("/etc/kubernetes/manifests"); err == nil { + // If the node rebooted after the static pod directory was created, for example + // if a failure during an upgrade occurred, the existing directory needs to be + // removed before we can try to join the cluster again. + log.Info("Removing existing static Pod directory /etc/kubernetes/manifests") + if err := os.RemoveAll("/etc/kubernetes/manifests"); err != nil { + return fmt.Errorf("removing static pods directory: %w", err) + } + } log.Info("Creating static Pod directory /etc/kubernetes/manifests") if err := os.MkdirAll("/etc/kubernetes/manifests", os.ModePerm); err != nil { return fmt.Errorf("creating static pods directory: %w", err) From 50dcfd79051fdcea983057f2343d51ca7a832b1d Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Tue, 25 Jun 2024 11:51:23 +0200 Subject: [PATCH 106/380] bootstrapper: remove unnecessary stat (#3202) --- .../internal/kubernetes/k8sapi/k8sutil.go | 26 +++++++------------ 1 file changed, 10 insertions(+), 16 deletions(-) diff --git a/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go b/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go index 2925cc44f..19713e00e 100644 --- a/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go +++ b/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go @@ -137,14 +137,11 @@ func (k *KubernetesUtil) InitCluster( } // Create static pods directory for all nodes (the Kubelets on the worker nodes also expect the path to exist) - if _, err := os.Stat("/etc/kubernetes/manifests"); err == nil { - // If the node rebooted after the static pod directory was created, - // the existing directory needs to be removed before we can - // try to init the cluster again. - log.Info("Removing existing static Pod directory /etc/kubernetes/manifests") - if err := os.RemoveAll("/etc/kubernetes/manifests"); err != nil { - return nil, fmt.Errorf("removing static pods directory: %w", err) - } + // If the node rebooted after the static pod directory was created, + // the existing directory needs to be removed before we can + // try to init the cluster again. + if err := os.RemoveAll("/etc/kubernetes/manifests"); err != nil { + return nil, fmt.Errorf("removing static pods directory: %w", err) } log.Info("Creating static Pod directory /etc/kubernetes/manifests") if err := os.MkdirAll("/etc/kubernetes/manifests", os.ModePerm); err != nil { @@ -209,14 +206,11 @@ func (k *KubernetesUtil) JoinCluster(ctx context.Context, joinConfig []byte, log } // Create static pods directory for all nodes (the Kubelets on the worker nodes also expect the path to exist) - if _, err := os.Stat("/etc/kubernetes/manifests"); err == nil { - // If the node rebooted after the static pod directory was created, for example - // if a failure during an upgrade occurred, the existing directory needs to be - // removed before we can try to join the cluster again. - log.Info("Removing existing static Pod directory /etc/kubernetes/manifests") - if err := os.RemoveAll("/etc/kubernetes/manifests"); err != nil { - return fmt.Errorf("removing static pods directory: %w", err) - } + // If the node rebooted after the static pod directory was created, for example + // if a failure during an upgrade occurred, the existing directory needs to be + // removed before we can try to join the cluster again. + if err := os.RemoveAll("/etc/kubernetes/manifests"); err != nil { + return fmt.Errorf("removing static pods directory: %w", err) } log.Info("Creating static Pod directory /etc/kubernetes/manifests") if err := os.MkdirAll("/etc/kubernetes/manifests", os.ModePerm); err != nil { From 27946c6f2cdebf3adce41a1aa23760b59a5ebbd3 Mon Sep 17 00:00:00 2001 From: 3u13r Date: Tue, 25 Jun 2024 14:23:12 +0200 Subject: [PATCH 107/380] dev-docs: add bare-metal setup (#3126) --- dev-docs/howto/bare-metal/README.md | 66 ++++++ .../howto/bare-metal/launch-constellation.sh | 202 ++++++++++++++++++ 2 files changed, 268 insertions(+) create mode 100644 dev-docs/howto/bare-metal/README.md create mode 100644 dev-docs/howto/bare-metal/launch-constellation.sh diff --git a/dev-docs/howto/bare-metal/README.md b/dev-docs/howto/bare-metal/README.md new file mode 100644 index 000000000..e4df4cd97 --- /dev/null +++ b/dev-docs/howto/bare-metal/README.md @@ -0,0 +1,66 @@ +# Bare-metal SNP setup for Constellation + +## Prepare Host + +The bare-metal host machine needs to be able to start SEV-SNP VMs. +A thorough explanation can be found here: . + +First checkout the snp-latest branch: + +```bash +git clone https://github.com/AMDESE/AMDSEV.git +cd AMDSEV +git checkout snp-latest +``` + +Then enable TPM2 support by setting `-DTPM2_ENABLE` in the OVMF build command +found in `common.sh`: + +```patch +diff --git a/common.sh b/common.sh +index 9eee947..52bf507 100755 +--- a/common.sh ++++ b/common.sh +@@ -155,7 +155,7 @@ build_install_ovmf() + GCCVERS="GCC5" + fi + +- BUILD_CMD="nice build -q --cmd-len=64436 -DDEBUG_ON_SERIAL_PORT=TRUE -n $(getconf _NPROCESSORS_ONLN) ${GCCVERS:+-t $GCCVERS} -a X64 -p OvmfPkg/OvmfPkgX64.dsc" ++ BUILD_CMD="nice build -q --cmd-len=64436 -DTPM2_ENABLE -DDEBUG_ON_SERIAL_PORT=TRUE -n $(getconf _NPROCESSORS_ONLN) ${GCCVERS:+-t $GCCVERS} -a X64 -p OvmfPkg/OvmfPkgX64.dsc" + + # initialize git repo, or update existing remote to currently configured one + if [ -d ovmf ]; then +``` + +Build and package the binaries. Then install the newly build kernel: + +```bash +./build.sh --package +cd linux +dpkg -i linux-image-6.9.0-rc7-snp-host-05b10142ac6a_6.9.0-rc7-g05b10142ac6a-2_amd64.deb +``` + +Reboot, verify that the right BIOS setting are set as described in + +and select the new kernel in the boot menu. Note that GRUB usually automatically +select the newest installed kernel as default. + +Download a Constellation qemu image, the `constellation-conf.yaml`, and +the `launch-constellation.sh` script in the directory right next to the +`AMDSEV` folder. + +```bash +wget https://raw.githubusercontent.com/edgelesssys/constellation/main/dev-docs/howto/bare-metal/launch-constellation.sh +wget https://cdn.confidential.cloud/constellation/v1/ref/main/stream/console/v2.17.0-pre.0.20240516182331-5fb2a2cb89f2/image/csp/qemu/qemu-vtpm/image.raw +wget < link to the constellation CLI provided by Edgeless > +wget < link to the constellation config provided by Edgeless > +``` + +Install and setup [docker](https://docs.docker.com/engine/install/), +install swtpm, dnsmasq and tmux. + +Then simply run: + +```bash +sudo ./launch-constellation.sh +``` diff --git a/dev-docs/howto/bare-metal/launch-constellation.sh b/dev-docs/howto/bare-metal/launch-constellation.sh new file mode 100644 index 000000000..27fc4f83b --- /dev/null +++ b/dev-docs/howto/bare-metal/launch-constellation.sh @@ -0,0 +1,202 @@ +#!/usr/bin/env bash + +set -euo pipefail + +set -x + +function cleanup { + kill -SIGTERM "$(cat "${PWD}"/qemu-dnsmasq-br0.pid)" || true + rm "${PWD}"/qemu-dnsmasq-br0.pid || true + + kill -SIGTERM "$(cat "${PWD}"/swtpm0.pid)" || true + kill -SIGTERM "$(cat "${PWD}"/swtpm1.pid)" || true + + ip l delete br0 || true + ip l delete tap0 || true + ip l delete tap1 || true + + rm -r "${PWD}"/tpm0 || true + rm -r "${PWD}"/tpm1 || true + + rm OVMF_VARS_0.fd || true + rm OVMF_VARS_1.fd || true + + rm dnsmasq.leases || true + rm dnsmasq.log || true + + rm constellation-mastersecret.json || true + rm constellation-admin.conf || true + rm constellation-cluster.log || true + rm constellation-debug.log || true + rm constellation-state.yaml || true + rm -r constellation-upgrade || true + + docker stop metadata-server || true +} + +trap cleanup EXIT + +get_mac() { + printf '52:54:%02X:%02X:%02X:%02X' $((RANDOM % 256)) $((RANDOM % 256)) $((RANDOM % 256)) $((RANDOM % 256)) +} + +mac_0=$(get_mac) +mac_1=$(get_mac) + +# Regarding network setup see: https://bbs.archlinux.org/viewtopic.php?id=207907 + +dd if=/dev/zero of=disk0.img iflag=fullblock bs=1M count=10000 && sync +dd if=/dev/zero of=disk1.img iflag=fullblock bs=1M count=10000 && sync + +DEFAULT_INTERFACE=$(ip r show default | cut -d' ' -f5) + +ip link add name br0 type bridge || true +ip addr add 10.42.0.1/16 dev br0 || true +ip link set br0 up + +dnsmasq \ + --pid-file="${PWD}"/qemu-dnsmasq-br0.pid \ + --interface=br0 \ + --bind-interfaces \ + --log-facility="${PWD}"/dnsmasq.log \ + --dhcp-range=10.42.0.2,10.42.255.254 \ + --dhcp-leasefile="${PWD}"/dnsmasq.leases \ + --dhcp-host="${mac_0}",10.42.1.1,control-plane0 \ + --dhcp-host="${mac_1}",10.42.2.1,worker0 + +password=$(tr -dc 'A-Za-z0-9!?%=' < /dev/urandom | head -c 32) || true +password_hex=$(echo -n "${password}" | xxd -p -u -c 256) +echo "${password_hex}" + +# htpasswd from apache2-utils +password_bcrypt=$(htpasswd -bnBC 10 "" "${password}" | tr -d ':\n') + +docker run \ + -dit \ + --rm \ + --name metadata-server \ + --net=host \ + --mount type=bind,source="$(pwd)"/dnsmasq.leases,target=/dnsmasq.leases \ + ghcr.io/edgelesssys/constellation/qemu-metadata-api:v2.17.0-pre.0.20240603111213-d7ce6af383f2 \ + --dnsmasq-leases /dnsmasq.leases --initsecrethash "${password_bcrypt}" + +cat > ./constellation-state.yaml <<- EOM +version: v1 # Schema version of this state file. +# State of the cluster's cloud resources. These values are retrieved during +infrastructure: + uid: qemu # Unique identifier the cluster's cloud resources are tagged with. + clusterEndpoint: 10.42.1.1 # Endpoint the cluster can be reached at. This is the endpoint that is being used by the CLI. + inClusterEndpoint: 10.42.1.1 # The Cluster uses to reach itself. This might differ from the ClusterEndpoint in case e.g., + initSecret: "${password_hex}" # Secret used to authenticate the bootstrapping node. + # List of Subject Alternative Names (SANs) to add to the Kubernetes API server certificate. + apiServerCertSANs: + - 10.42.1.1 + name: mini-qemu # Name used in the cluster's named resources. + ipCidrNode: 10.42.0.0/16 # CIDR range of the cluster's nodes. +# DO NOT EDIT. State of the Constellation Kubernetes cluster. +clusterValues: + clusterID: "" # Unique identifier of the cluster. + ownerID: "" # Unique identifier of the owner of the cluster. + measurementSalt: "" # Salt used to generate the ClusterID on the bootstrapping node. +EOM + +sysctl net.ipv4.ip_forward=1 +sysctl net.ipv6.conf.default.forwarding=1 +sysctl net.ipv6.conf.all.forwarding=1 + +iptables -t nat -C POSTROUTING -o "${DEFAULT_INTERFACE}" -j MASQUERADE || iptables -t nat -I POSTROUTING -o "${DEFAULT_INTERFACE}" -j MASQUERADE +iptables -C FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT || iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT +iptables -P FORWARD ACCEPT + +ip tuntap add dev tap0 mode tap user "${USER}" || true +ip link set tap0 up promisc on +ip link set tap0 master br0 + +iptables -C FORWARD -i tap0 -o "${DEFAULT_INTERFACE}" -j ACCEPT || iptables -I FORWARD -i tap0 -o "${DEFAULT_INTERFACE}" -j ACCEPT + +ip tuntap add dev tap1 mode tap user "${USER}" || true +ip link set tap1 up promisc on +ip link set tap1 master br0 + +iptables -C FORWARD -i tap1 -o "${DEFAULT_INTERFACE}" -j ACCEPT || iptables -I FORWARD -i tap1 -o "${DEFAULT_INTERFACE}" -j ACCEPT + +# +# ovmf +# + +cp AMDSEV/usr/local/share/qemu/OVMF_VARS.fd OVMF_VARS_0.fd +cp AMDSEV/usr/local/share/qemu/OVMF_VARS.fd OVMF_VARS_1.fd + +# +# swtpm +# + +mkdir "${PWD}"/tpm0 || true +swtpm_setup --tpm2 --tpmstate "${PWD}/tpm0" --create-ek-cert --create-platform-cert --allow-signing --overwrite --pcr-banks - --logfile "${PWD}/tpm0/setup.log" +swtpm socket --tpm2 --tpmstate dir="${PWD}/tpm0",mode=0600 --ctrl type=unixio,path="${PWD}/tpm0/swtpm-sock" --log file="${PWD}/tpm0/tpm.log",level=20,truncate --pid file="${PWD}/swtpm0.pid" & + +mkdir "${PWD}"/tpm1 || true +swtpm_setup --tpm2 --tpmstate "${PWD}/tpm1" --create-ek-cert --create-platform-cert --allow-signing --overwrite --pcr-banks - --logfile "${PWD}/tpm1/setup.log" +swtpm socket --tpm2 --tpmstate dir="${PWD}/tpm1",mode=0600 --ctrl type=unixio,path="${PWD}/tpm1/swtpm-sock" --log file="${PWD}/tpm1/tpm.log",level=20,truncate --pid file="${PWD}/swtpm1.pid" & + +tmux new-session -d -s const-sess + +tmux split-window +tmux split-window + +launch_cmd_base_sev="AMDSEV/usr/local/bin/qemu-system-x86_64 \ + -enable-kvm \ + -cpu EPYC-v4 \ + -machine q35,smm=off \ + -smp 4,maxcpus=255 \ + -m 2048M,slots=5,maxmem=$((2048 + 8192))M \ + -no-reboot \ + -bios AMDSEV/usr/local/share/qemu/OVMF_CODE.fd \ + -drive file=./image.raw,if=none,id=disk1,format=raw,readonly=on \ + -device virtio-blk-pci,drive=disk1,id=virtio-disk1,disable-legacy=on,iommu_platform=true,bootindex=1 \ + -machine memory-encryption=sev0,vmport=off \ + -object memory-backend-memfd,id=ram1,size=2048M,share=true,prealloc=false \ + -machine memory-backend=ram1 \ + -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1 \ + -nographic \ + -device virtio-blk-pci,drive=disk2,id=virtio-disk2 \ + -tpmdev emulator,id=tpm0,chardev=chrtpm \ + -device tpm-crb,tpmdev=tpm0" + +# shellcheck disable=2034 +launch_cmd_base_no_sev="AMDSEV/usr/local/bin/qemu-system-x86_64 \ + -enable-kvm \ + -cpu EPYC-v4 \ + -machine q35 \ + -smp 1,maxcpus=255 \ + -m 2048M,slots=5,maxmem=10240M \ + -no-reboot \ + -drive if=pflash,format=raw,unit=0,file=${PWD}/OVMF_CODE.fd,readonly=true \ + -drive file=./image.raw,if=none,id=disk1,format=raw,readonly=on \ + -device virtio-blk-pci,drive=disk1,id=virtio-disk1,disable-legacy=on,iommu_platform=true,bootindex=1 \ + -nographic \ + -device virtio-blk-pci,drive=disk2,id=virtio-disk2 \ + -tpmdev emulator,id=tpm0,chardev=chrtpm \ + -device tpm-crb,tpmdev=tpm0" + +launch_cmd_0="${launch_cmd_base_sev} \ + -drive if=pflash,format=raw,unit=0,file=${PWD}/OVMF_VARS_0.fd \ + -device virtio-net,netdev=network0,mac=${mac_0} \ + -netdev tap,id=network0,ifname=tap0,script=no,downscript=no \ + -drive file=./disk0.img,id=disk2,if=none,format=raw \ + -chardev socket,id=chrtpm,path=${PWD}/tpm0/swtpm-sock" +launch_cmd_1="${launch_cmd_base_sev} \ + -drive if=pflash,format=raw,unit=0,file=${PWD}/OVMF_VARS_1.fd \ + -device virtio-net,netdev=network0,mac=${mac_1} \ + -netdev tap,id=network0,ifname=tap1,script=no,downscript=no \ + -drive file=./disk1.img,id=disk2,if=none,format=raw \ + -chardev socket,id=chrtpm,path=${PWD}/tpm1/swtpm-sock" + +init_cmd="./constellation apply --skip-phases infrastructure" + +tmux send -t const-sess:0.0 "${launch_cmd_0}" ENTER +sleep 3 +tmux send -t const-sess:0.1 "${launch_cmd_1}" ENTER +tmux send -t const-sess:0.2 "${init_cmd}" ENTER + +tmux a -t const-sess From 2df105f8dd2648781d520e73969687e5a835231b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 26 Jun 2024 15:40:45 +0200 Subject: [PATCH 108/380] deps: update Go dependencies (#3199) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * deps: update Go dependencies * Bump go.work Go version to v1.22.4 * Bump github.com/hashicorp/go-retryablehttp to v0.7.7 to fix GO-2024-2947 --------- Signed-off-by: Daniel Weiße Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Daniel Weiße --- go.mod | 40 ++++++++++---------- go.sum | 111 ++++++++++++++++++++++++++++---------------------------- go.work | 4 +- 3 files changed, 78 insertions(+), 77 deletions(-) diff --git a/go.mod b/go.mod index 480039016..35447c960 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/edgelesssys/constellation/v2 -go 1.22.3 +go 1.22.4 // TODO(daniel-weisse): revert after merging https://github.com/martinjungblut/go-cryptsetup/pull/16. replace github.com/martinjungblut/go-cryptsetup => github.com/daniel-weisse/go-cryptsetup v0.0.0-20230705150314-d8c07bd1723c @@ -28,27 +28,27 @@ replace ( require ( cloud.google.com/go/compute v1.27.0 cloud.google.com/go/compute/metadata v0.3.0 - cloud.google.com/go/kms v1.17.1 + cloud.google.com/go/kms v1.18.0 cloud.google.com/go/secretmanager v1.13.1 cloud.google.com/go/storage v1.42.0 dario.cat/mergo v1.0.0 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.7.0 - github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5 v5.1.1 + github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5 v5.2.0 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0 github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.3.2 github.com/BurntSushi/toml v1.4.0 - github.com/aws/aws-sdk-go v1.54.5 + github.com/aws/aws-sdk-go v1.54.8 github.com/aws/aws-sdk-go-v2 v1.30.0 github.com/aws/aws-sdk-go-v2/config v1.27.21 github.com/aws/aws-sdk-go-v2/credentials v1.17.21 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.8 github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.1 - github.com/aws/aws-sdk-go-v2/service/autoscaling v1.41.1 + github.com/aws/aws-sdk-go-v2/service/autoscaling v1.42.0 github.com/aws/aws-sdk-go-v2/service/cloudfront v1.37.1 - github.com/aws/aws-sdk-go-v2/service/ec2 v1.165.1 + github.com/aws/aws-sdk-go-v2/service/ec2 v1.166.0 github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.32.1 github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.22.1 github.com/aws/aws-sdk-go-v2/service/s3 v1.56.1 @@ -101,9 +101,9 @@ require ( github.com/samber/slog-multi v1.1.0 github.com/schollz/progressbar/v3 v3.14.4 github.com/secure-systems-lab/go-securesystemslib v0.8.0 - github.com/siderolabs/talos/pkg/machinery v1.7.4 + github.com/siderolabs/talos/pkg/machinery v1.7.5 github.com/sigstore/rekor v1.3.6 - github.com/sigstore/sigstore v1.8.4 + github.com/sigstore/sigstore v1.8.5 github.com/spf13/afero v1.11.0 github.com/spf13/cobra v1.8.1 github.com/spf13/pflag v1.0.5 @@ -120,7 +120,7 @@ require ( golang.org/x/sys v0.21.0 golang.org/x/text v0.16.0 golang.org/x/tools v0.22.0 - google.golang.org/api v0.185.0 + google.golang.org/api v0.186.0 google.golang.org/grpc v1.64.0 google.golang.org/protobuf v1.34.2 gopkg.in/yaml.v3 v3.0.1 @@ -143,7 +143,7 @@ require ( require ( cloud.google.com/go v0.115.0 // indirect - cloud.google.com/go/auth v0.5.1 // indirect + cloud.google.com/go/auth v0.6.0 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect cloud.google.com/go/iam v1.1.8 // indirect cloud.google.com/go/longrunning v0.5.7 // indirect @@ -217,6 +217,7 @@ require ( github.com/go-errors/errors v1.4.2 // indirect github.com/go-gorp/gorp/v3 v3.1.0 // indirect github.com/go-jose/go-jose/v3 v3.0.3 // indirect + github.com/go-jose/go-jose/v4 v4.0.1 // indirect github.com/go-logr/logr v1.4.1 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-logr/zapr v1.3.0 // indirect @@ -243,7 +244,7 @@ require ( github.com/google/go-attestation v0.5.1 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-configfs-tsm v0.2.2 // indirect - github.com/google/go-containerregistry v0.19.1 // indirect + github.com/google/go-containerregistry v0.19.2 // indirect github.com/google/go-tspi v0.3.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/logger v1.1.1 // indirect @@ -262,7 +263,7 @@ require ( github.com/hashicorp/go-hclog v1.6.3 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-plugin v1.6.0 // indirect - github.com/hashicorp/go-retryablehttp v0.7.5 // indirect + github.com/hashicorp/go-retryablehttp v0.7.7 // indirect github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6 // indirect github.com/hashicorp/go-uuid v1.0.3 // indirect github.com/hashicorp/logutils v1.0.0 // indirect @@ -283,7 +284,7 @@ require ( github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect github.com/leodido/go-urn v1.4.0 // indirect - github.com/letsencrypt/boulder v0.0.0-20230907030200-6d76a0f91e1e // indirect + github.com/letsencrypt/boulder v0.0.0-20240613153800-a69ba997609e // indirect github.com/lib/pq v1.10.9 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/mailru/easyjson v0.7.7 // indirect @@ -342,11 +343,11 @@ require ( github.com/zclconf/go-cty v1.14.4 // indirect go.mongodb.org/mongo-driver v1.14.0 // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect - go.opentelemetry.io/otel v1.24.0 // indirect - go.opentelemetry.io/otel/metric v1.24.0 // indirect - go.opentelemetry.io/otel/trace v1.24.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 // indirect + go.opentelemetry.io/otel v1.27.0 // indirect + go.opentelemetry.io/otel/metric v1.27.0 // indirect + go.opentelemetry.io/otel/trace v1.27.0 // indirect go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect @@ -360,7 +361,6 @@ require ( google.golang.org/genproto v0.0.0-20240617180043-68d350f18fd4 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240610135401-a8a62080eff3 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4 // indirect - gopkg.in/go-jose/go-jose.v2 v2.6.3 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect k8s.io/cli-runtime v0.30.0 // indirect diff --git a/go.sum b/go.sum index 6a4e8b485..e658f293f 100644 --- a/go.sum +++ b/go.sum @@ -1,8 +1,8 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.115.0 h1:CnFSK6Xo3lDYRoBKEcAtia6VSC837/ZkJuRduSFnr14= cloud.google.com/go v0.115.0/go.mod h1:8jIM5vVgoAEoiVxQ/O4BFTfHqulPZgs/ufEzMcFMdWU= -cloud.google.com/go/auth v0.5.1 h1:0QNO7VThG54LUzKiQxv8C6x1YX7lUrzlAa1nVLF8CIw= -cloud.google.com/go/auth v0.5.1/go.mod h1:vbZT8GjzDf3AVqCcQmqeeM32U9HBFc32vVVAbwDsa6s= +cloud.google.com/go/auth v0.6.0 h1:5x+d6b5zdezZ7gmLWD1m/xNjnaQ2YDhmIz/HH3doy1g= +cloud.google.com/go/auth v0.6.0/go.mod h1:b4acV+jLQDyjwm4OXHYjNvRi4jvGBzHWJRtJcy+2P4g= cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4= cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= cloud.google.com/go/compute v1.27.0 h1:EGawh2RUnfHT5g8f/FX3Ds6KZuIBC77hZoDrBvEZw94= @@ -11,8 +11,8 @@ cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2Qx cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= cloud.google.com/go/iam v1.1.8 h1:r7umDwhj+BQyz0ScZMp4QrGXjSTI3ZINnpgU2nlB/K0= cloud.google.com/go/iam v1.1.8/go.mod h1:GvE6lyMmfxXauzNq8NbgJbeVQNspG+tcdL/W8QO1+zE= -cloud.google.com/go/kms v1.17.1 h1:5k0wXqkxL+YcXd4viQzTqCgzzVKKxzgrK+rCZJytEQs= -cloud.google.com/go/kms v1.17.1/go.mod h1:DCMnCF/apA6fZk5Cj4XsD979OyHAqFasPuA5Sd0kGlQ= +cloud.google.com/go/kms v1.18.0 h1:pqNdaVmZJFP+i8OVLocjfpdTWETTYa20FWOegSCdrRo= +cloud.google.com/go/kms v1.18.0/go.mod h1:DyRBeWD/pYBMeyiaXFa/DGNyxMDL3TslIKb8o/JkLkw= cloud.google.com/go/longrunning v0.5.7 h1:WLbHekDbjK1fVFD3ibpFFVoyizlLRl73I7YKuAKilhU= cloud.google.com/go/longrunning v0.5.7/go.mod h1:8GClkudohy1Fxm3owmBGid8W0pSgodEMwEAztp38Xng= cloud.google.com/go/secretmanager v1.13.1 h1:TTGo2Vz7ZxYn2QbmuFP7Zo4lDm5VsbzBjDReo3SA5h4= @@ -31,8 +31,8 @@ github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 h1:1nGuui+4POelzDwI7RG56yfQJHCnKvwfMoU7VsEp+Zg= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0/go.mod h1:99EvauvlcJ1U06amZiksfYz/3aFGyIhWGHVyiZXtBAI= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 h1:U2rTu3Ef+7w9FHKIAXM6ZyqF3UOWJZ12zIm8zECAFfg= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH5sE0o6eCJuNDTmH09nDpbc= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 h1:H+U3Gk9zY56G3u872L82bk4thcsy2Gghb9ExT4Zvm1o= github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0/go.mod h1:mgrmMSgaLp9hmax62XQTd0N4aAqSE5E0DulSpVYK7vc= github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0 h1:m/sWOGCREuSBqg2htVQTBY8nOZpyajYztF0vUvSZTuM= @@ -43,10 +43,12 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.7 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.7.0/go.mod h1:QyiQdW4f4/BIfB8ZutZ2s+28RAgfa/pT+zS++ZHyM1I= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0 h1:PTFGRSlMKCQelWwxUyYVEUqseBJVemLyqWJjvMyt0do= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0/go.mod h1:LRr2FzBTQlONPPa5HREE5+RjSCTXl7BwOvYOaWTqCaI= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5 v5.1.1 h1:QZY6o3E/KX0QhgQpvat4UxAsXuBIb4efrFtZcqCUTbs= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5 v5.1.1/go.mod h1:8gv2PVzO0a+f4aWpe940Ouz0r4ifLj8H+/jxRXgwPxg= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.1.1 h1:7CBQ+Ei8SP2c6ydQTGCCrS35bDxgTMfoP2miAwK++OU= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.1.1/go.mod h1:c/wcGeGx5FUPbM/JltUYHZcKmigwyVLJlDq+4HdtXaw= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v3 v3.0.0 h1:Kb8eVvjdP6kZqYnER5w/PiGCFp91yVgaxve3d7kCEpY= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v3 v3.0.0/go.mod h1:lYq15QkJyEsNegz5EhI/0SXQ6spvGfgwBH/Qyzkoc/s= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5 v5.2.0 h1:qBlqTo40ARdI7Pmq+enBiTnejZk2BF+PHgktgG8k3r8= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5 v5.2.0/go.mod h1:UmyOatRyQodVpp55Jr5WJmnkmVW4wKfo85uHFmMEjfM= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 h1:Dd+RhdJn0OTtVGaeDLZpcumkIVCtA/3/Fo42+eoYvVM= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0/go.mod h1:5kakwfW5CjC9KK+Q4wjXAg+ShuIm2mBMua0ZFj2C8PE= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.5.0 h1:AifHbc4mg0x9zW52WOpKbsHaDKuRhlI7TVl47thgQ70= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.5.0/go.mod h1:T5RfihdXtBDxt1Ch2wobif3TvzTdumDy29kahv6AV9A= github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0 h1:h4Zxgmi9oyZL2l8jeg1iRTqPloHktywWcu0nlJmo1tA= @@ -117,8 +119,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/aws/aws-sdk-go v1.30.27/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= -github.com/aws/aws-sdk-go v1.54.5 h1:uOYrME3NWf7/J7orDdhZbF8IQCNkE7OZHATdzWS0ok0= -github.com/aws/aws-sdk-go v1.54.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go v1.54.8 h1:+soIjaRsuXfEJ9ts9poJD2fIIzSSRwfx+T69DrTtL2M= +github.com/aws/aws-sdk-go v1.54.8/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/aws/aws-sdk-go-v2 v1.30.0 h1:6qAwtzlfcTtcL8NHtbDQAqgM5s6NDipQTkPxyH/6kAA= github.com/aws/aws-sdk-go-v2 v1.30.0/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2 h1:x6xsQXGSmW6frevwDA+vi/wqhp1ct18mVXYN08/93to= @@ -139,12 +141,12 @@ github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY= github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.12 h1:DXFWyt7ymx/l1ygdyTTS0X923e+Q2wXIxConJzrgwc0= github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.12/go.mod h1:mVOr/LbvaNySK1/BTy4cBOCjhCNY2raWBwK4v+WR5J4= -github.com/aws/aws-sdk-go-v2/service/autoscaling v1.41.1 h1:ZNokD9M3On22Qscssyi3iQAzkoeOJxnE5NANNCzPzIA= -github.com/aws/aws-sdk-go-v2/service/autoscaling v1.41.1/go.mod h1:5XY8CFGBv6dZp/thbk8FRIAWjqNckM7PsL848KHdzjI= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.42.0 h1:5G2qS8jj0NRGGMu6qmKIDXFmxhVVfJWuUNfxtkw1tpg= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.42.0/go.mod h1:5XY8CFGBv6dZp/thbk8FRIAWjqNckM7PsL848KHdzjI= github.com/aws/aws-sdk-go-v2/service/cloudfront v1.37.1 h1:oOm9MhuUpAWAmjcXwkTsYBzXzFIDbVYje6P5jPkG3kU= github.com/aws/aws-sdk-go-v2/service/cloudfront v1.37.1/go.mod h1:Pri+xMTktTIOpTg/yYeCYgk4vOrv6sZLcB467ePRIoU= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.165.1 h1:LkSnU1c9JKJyXYcwpWgQGuwctwv3pDenMUgH2CmLd1A= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.165.1/go.mod h1:Wv7N3iFOKVsZNIaw9MOBUmwCkX6VMmQQRFhMrHtNGno= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.166.0 h1:FDZVMxzXB13cRmHs3t3tH9gme8GhvmjsQXeXFI37OHU= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.166.0/go.mod h1:Wv7N3iFOKVsZNIaw9MOBUmwCkX6VMmQQRFhMrHtNGno= github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.32.1 h1:whB9mAd0jcYqVF75rVASYdPPBEfZwGFLBq9rz0cHCoI= github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.32.1/go.mod h1:EjPhusEHOS2hFIJFR3PfI4ndJLkhm3VKTWv0U5m+VR4= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs= @@ -191,8 +193,8 @@ github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b h1:otBG+dV+YK+Soembj github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50= github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXer/kZD8Ri1aaunCxIEsOst1BVJswV0o= github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE= -github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= -github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= +github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= @@ -304,6 +306,8 @@ github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw= github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= +github.com/go-jose/go-jose/v4 v4.0.1 h1:QVEPDE3OluqXBQZDcnNvQrInro2h0e4eqNbnZSWqS6U= +github.com/go-jose/go-jose/v4 v4.0.1/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= @@ -349,8 +353,8 @@ github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqw github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= -github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg= -github.com/go-test/deep v1.1.0/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= +github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U= +github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= github.com/gobuffalo/logger v1.0.6 h1:nnZNpxYo0zx+Aj9RfMPBm+x9zAU2OayFh/xrAWi34HU= github.com/gobuffalo/logger v1.0.6/go.mod h1:J31TBEHR1QLV2683OXTAItYIg8pv2JMHnF/quuAbMjs= github.com/gobuffalo/packd v1.0.1 h1:U2wXfRr4E9DH8IdsDLlRFwTZTK7hLfq9qT/QHXGVe/0= @@ -414,8 +418,8 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-configfs-tsm v0.2.2 h1:YnJ9rXIOj5BYD7/0DNnzs8AOp7UcvjfTvt215EWcs98= github.com/google/go-configfs-tsm v0.2.2/go.mod h1:EL1GTDFMb5PZQWDviGfZV9n87WeGTR/JUg13RfwkgRo= -github.com/google/go-containerregistry v0.19.1 h1:yMQ62Al6/V0Z7CqIrrS1iYoA5/oQCm88DeNujc7C1KY= -github.com/google/go-containerregistry v0.19.1/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= +github.com/google/go-containerregistry v0.19.2 h1:TannFKE1QSajsP6hPWb5oJNgKe1IKjHukIKDUmvsV6w= +github.com/google/go-containerregistry v0.19.2/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= github.com/google/go-sev-guest v0.11.1 h1:gnww4U8fHV5DCPz4gykr1s8SEX1fFNcxCBy+vvXN24k= github.com/google/go-sev-guest v0.11.1/go.mod h1:qBOfb+JmgsUI3aUyzQoGC13Kpp9zwLeWvuyXmA9q77w= github.com/google/go-tdx-guest v0.3.1 h1:gl0KvjdsD4RrJzyLefDOvFOUH3NAJri/3qvaL5m83Iw= @@ -467,8 +471,8 @@ github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:Fecb github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.1.0 h1:pRhl55Yx1eC7BZ1N+BBWwnKaMyD8uC+34TLdndZMAKk= github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.1.0/go.mod h1:XKMd7iuf/RGPSMJ/U4HP0zS2Z9Fh8Ps9a+6X26m/tmI= github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1 h1:/c3QmbOGMGTOumP2iT/rCwB7b0QDGLKzqOmktBjT+Is= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1/go.mod h1:5SN9VR2LTsRFsrEC6FHgRbTWrTHu6tqPeKxEQv15giM= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -479,7 +483,6 @@ github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9n github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 h1:1/D3zfFHttUKaCaGKZ/dR2roBXv0vKbSCnssIldfQdI= github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320/go.mod h1:EiZBMaudVLy8fmjf9Npq1dq9RalhveqZG5w/yz3mHWs= -github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= @@ -495,8 +498,8 @@ github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+l github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/go-plugin v1.6.0 h1:wgd4KxHJTVGGqWBq4QPB1i5BZNEx9BR8+OFmHDmTk8A= github.com/hashicorp/go-plugin v1.6.0/go.mod h1:lBS5MtSSBZk0SHc66KACcjjlU6WzEVP/8pwz68aMkCI= -github.com/hashicorp/go-retryablehttp v0.7.5 h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M= -github.com/hashicorp/go-retryablehttp v0.7.5/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= +github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU= +github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6 h1:W9WN8p6moV1fjKLkeqEgkAMu5rauy9QeYDAmIaPuuiA= github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6/go.mod h1:MpCPSPGLDILGb4JMm94/mMi3YysIqsXzGCzkEZjcjXg= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= @@ -595,8 +598,8 @@ github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhR github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw= github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ= github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI= -github.com/letsencrypt/boulder v0.0.0-20230907030200-6d76a0f91e1e h1:RLTpX495BXToqxpM90Ws4hXEo4Wfh81jr9DX1n/4WOo= -github.com/letsencrypt/boulder v0.0.0-20230907030200-6d76a0f91e1e/go.mod h1:EAuqr9VFWxBi9nD5jc/EA2MT1RFty9288TF6zdtYoCU= +github.com/letsencrypt/boulder v0.0.0-20240613153800-a69ba997609e h1:+e81SDvSs49Z03S3S7OhoYjT2Ryv73ErLA/ExMm0FEg= +github.com/letsencrypt/boulder v0.0.0-20240613153800-a69ba997609e/go.mod h1:xN4NICCU1WBlUv60BGgMyGuungNTy/aQqjEntJWmgaM= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= @@ -631,8 +634,8 @@ github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU= github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo= -github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY= +github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4= +github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY= github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db h1:62I3jR2EmQ4l5rM/4FEfDWcRD+abF5XlKShorW5LRoQ= github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db/go.mod h1:l0dey0ia/Uv7NcFFVbCLtqEBQbrT4OCwCSKTEv6enCw= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= @@ -756,12 +759,12 @@ github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8= github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= -github.com/siderolabs/talos/pkg/machinery v1.7.4 h1:/LP1m7iIzpuTuiG+0aWJpJCdrC4K48btT+CgLXYjUqk= -github.com/siderolabs/talos/pkg/machinery v1.7.4/go.mod h1:85iUG7/XS654ki2Rkk7kTEU8YsnNhj6vAr7TnpbOebk= +github.com/siderolabs/talos/pkg/machinery v1.7.5 h1:M02UZSDfN0BB4bXhTYDjEmVvAIX1GsAS45cyKh6+HHU= +github.com/siderolabs/talos/pkg/machinery v1.7.5/go.mod h1:OeamhNo92c3V96bddZNhcCgoRyzw2KWBtpma1lfchtg= github.com/sigstore/rekor v1.3.6 h1:QvpMMJVWAp69a3CHzdrLelqEqpTM3ByQRt5B5Kspbi8= github.com/sigstore/rekor v1.3.6/go.mod h1:JDTSNNMdQ/PxdsS49DJkJ+pRJCO/83nbR5p3aZQteXc= -github.com/sigstore/sigstore v1.8.4 h1:g4ICNpiENFnWxjmBzBDWUn62rNFeny/P77HUC8da32w= -github.com/sigstore/sigstore v1.8.4/go.mod h1:1jIKtkTFEeISen7en+ZPWdDHazqhxco/+v9CNjc7oNg= +github.com/sigstore/sigstore v1.8.5 h1:8NrF2tGlvOvFnaRJcU+VehwG4W/Zb2/7Khavm5PGRGI= +github.com/sigstore/sigstore v1.8.5/go.mod h1:fJgbV5XFUbrhFAZSlv0ol7QJeH2PIUJJbfDEwUf3bvQ= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= @@ -852,24 +855,24 @@ go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1 h1:A/5uWzF44DlIgdm/PQFwf go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 h1:4Pp6oUg3+e/6M4C0A/3kJ2VYa++dsWVTtGgLVj5xtHg= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0/go.mod h1:Mjt1i1INqiaoZOMGR1RIUJN+i3ChKoFRqzrRQhlkbs0= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw= -go.opentelemetry.io/otel v1.24.0 h1:0LAOdjNmQeSTzGBzduGe/rU4tZhMwL5rWgtp9Ku5Jfo= -go.opentelemetry.io/otel v1.24.0/go.mod h1:W7b9Ozg4nkF5tWI5zsXkaKKDjdVjpD4oAt9Qi/MArHo= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.20.0 h1:DeFD0VgTZ+Cj6hxravYYZE2W4GlneVH81iAOPjZkzk8= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.20.0/go.mod h1:GijYcYmNpX1KazD5JmWGsi4P7dDTTTnfv1UbGn84MnU= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 h1:vS1Ao/R55RNV4O7TA2Qopok8yN+X0LIP6RVWLFkprck= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0/go.mod h1:BMsdeOxN04K0L5FNUBfjFdvwWGNe/rkmSwH4Aelu/X0= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 h1:9l89oX4ba9kHbBol3Xin3leYJ+252h0zszDtBwyKe2A= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0/go.mod h1:XLZfZboOJWHNKUv7eH0inh0E9VV6eWDFB/9yJyTLPp0= +go.opentelemetry.io/otel v1.27.0 h1:9BZoF3yMK/O1AafMiQTVu0YDj5Ea4hPhxCs7sGva+cg= +go.opentelemetry.io/otel v1.27.0/go.mod h1:DMpAK8fzYRzs+bi3rS5REupisuqTheUlSZJ1WnZaPAQ= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.0 h1:R9DE4kQ4k+YtfLI2ULwX82VtNQ2J8yZmA7ZIF/D+7Mc= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.0/go.mod h1:OQFyQVrDlbe+R7xrEyDr/2Wr67Ol0hRUgsfA+V5A95s= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0 h1:IeMeyr1aBvBiPVYihXIaeIZba6b8E1bYp7lbdxK8CQg= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0/go.mod h1:oVdCUtjq9MK9BlS7TtucsQwUcXcymNiEDjgDD2jMtZU= -go.opentelemetry.io/otel/metric v1.24.0 h1:6EhoGWWK28x1fbpA4tYTOWBkPefTDQnb8WSGXlc88kI= -go.opentelemetry.io/otel/metric v1.24.0/go.mod h1:VYhLe1rFfxuTXLgj4CBiyz+9WYBA8pNGJgDcSFRKBco= -go.opentelemetry.io/otel/sdk v1.24.0 h1:YMPPDNymmQN3ZgczicBY3B6sf9n62Dlj9pWD3ucgoDw= -go.opentelemetry.io/otel/sdk v1.24.0/go.mod h1:KVrIYw6tEubO9E96HQpcmpTKDVn9gdv35HoYiQWGDFg= -go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y1YELI= -go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU= -go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I= -go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM= +go.opentelemetry.io/otel/metric v1.27.0 h1:hvj3vdEKyeCi4YaYfNjv2NUje8FqKqUY8IlF0FxV/ik= +go.opentelemetry.io/otel/metric v1.27.0/go.mod h1:mVFgmRlhljgBiuk/MP/oKylr4hs85GZAylncepAX/ak= +go.opentelemetry.io/otel/sdk v1.27.0 h1:mlk+/Y1gLPLn84U4tI8d3GNJmGT/eXe3ZuOXN9kTWmI= +go.opentelemetry.io/otel/sdk v1.27.0/go.mod h1:Ha9vbLwJE6W86YstIywK2xFfPjbWlCuwPtMkKdz/Y4A= +go.opentelemetry.io/otel/trace v1.27.0 h1:IqYb813p7cmbHk0a5y6pD5JPakbVfftRXABGt5/Rscw= +go.opentelemetry.io/otel/trace v1.27.0/go.mod h1:6RiD1hkAprV4/q+yd2ln1HG9GoPx39SuvvstaLBl+l4= +go.opentelemetry.io/proto/otlp v1.2.0 h1:pVeZGk7nXDC9O2hncA6nHldxEjm6LByfA2aN8IOkz94= +go.opentelemetry.io/proto/otlp v1.2.0/go.mod h1:gGpR8txAl5M03pDhMC79G6SdqNV26naRm/KDsgaHD8A= go.starlark.net v0.0.0-20210223155950-e043a3d3c984/go.mod h1:t3mmBBPzAVvK0L0n1drDmrQsJ8FoIx4INCqVMTr/Zo0= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= @@ -1013,8 +1016,8 @@ golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 h1:+cNy6SZtPcJQH3LJVLOSm golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/api v0.185.0 h1:ENEKk1k4jW8SmmaT6RE+ZasxmxezCrD5Vw4npvr+pAU= -google.golang.org/api v0.185.0/go.mod h1:HNfvIkJGlgrIlrbYkAm9W9IdkmKZjOTVh33YltygGbg= +google.golang.org/api v0.186.0 h1:n2OPp+PPXX0Axh4GuSsL5QL8xQCTb2oDwyzPnQvqUug= +google.golang.org/api v0.186.0/go.mod h1:hvRbBmgoje49RV3xqVXrmP6w93n6ehGgIVPYrGtBFFc= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= @@ -1054,8 +1057,6 @@ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= -gopkg.in/go-jose/go-jose.v2 v2.6.3 h1:nt80fvSDlhKWQgSWyHyy5CfmlQr+asih51R8PTWNKKs= -gopkg.in/go-jose/go-jose.v2 v2.6.3/go.mod h1:zzZDPkNNw/c9IE7Z9jr11mBZQhKQTMzoEEIoEdZlFBI= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= diff --git a/go.work b/go.work index 260ad61e4..7a4f64833 100644 --- a/go.work +++ b/go.work @@ -1,6 +1,6 @@ -go 1.22.3 +go 1.22.4 -toolchain go1.22.3 +toolchain go1.22.4 use ( . From 5654e76f7eb35c5b3bfeded7e1c98bdb82f6c07e Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Thu, 27 Jun 2024 08:00:56 +0200 Subject: [PATCH 109/380] image: update measurements and image version (#3204) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index 10cc41671..d1797b0d1 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xab, 0x52, 0x29, 0x53, 0xd1, 0x26, 0x4e, 0x0d, 0xe7, 0x4e, 0xa6, 0xc8, 0xa9, 0x47, 0x9f, 0xc5, 0x76, 0x10, 0xac, 0x4f, 0xa9, 0xa4, 0x94, 0x2d, 0xca, 0x1f, 0xc3, 0xf1, 0x6d, 0x90, 0x7d, 0xe6}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x89, 0xb0, 0xf9, 0x3e, 0xa7, 0xd5, 0x99, 0xc4, 0xdb, 0x40, 0x56, 0xab, 0x55, 0x95, 0x27, 0x1a, 0xa9, 0xeb, 0x91, 0xe6, 0x2b, 0xea, 0xe5, 0x64, 0x28, 0x67, 0x73, 0xe7, 0x1d, 0x37, 0xc5, 0x5e}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xdd, 0xc4, 0xe8, 0x0c, 0x1e, 0xc7, 0x47, 0x62, 0x00, 0x68, 0x4e, 0xa8, 0x41, 0x99, 0x77, 0x1b, 0xb6, 0x69, 0xf9, 0xf8, 0x12, 0xce, 0x5f, 0x13, 0xa9, 0xf0, 0x81, 0x72, 0x72, 0xa8, 0xd7, 0x47}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xec, 0xbc, 0xa6, 0xb4, 0xf0, 0xc4, 0xc4, 0x60, 0xec, 0xa3, 0x51, 0x8b, 0xce, 0xf0, 0x27, 0xe8, 0xaf, 0xf7, 0x38, 0x39, 0x66, 0xf8, 0x70, 0x67, 0xdd, 0x63, 0x13, 0x09, 0xe0, 0x02, 0x1f, 0x84}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xef, 0x16, 0xee, 0xe7, 0xa7, 0x06, 0x3c, 0x9b, 0x53, 0x8a, 0xf5, 0x82, 0x40, 0xa6, 0xb3, 0xbd, 0xfb, 0x03, 0x00, 0xbd, 0x01, 0x31, 0xf5, 0xd6, 0xe6, 0x7f, 0x18, 0x02, 0x39, 0xa2, 0x48, 0x51}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x3f, 0xae, 0x6e, 0x84, 0xd9, 0xe8, 0x5b, 0x78, 0x8c, 0x18, 0xca, 0xa5, 0x52, 0xd3, 0x65, 0x9e, 0x2c, 0xa1, 0x6d, 0xca, 0x6a, 0xda, 0xb3, 0x2e, 0x99, 0xd5, 0x1c, 0xc0, 0x89, 0x02, 0x6d, 0xcc}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x31, 0xbe, 0xd0, 0x9e, 0x6c, 0xdc, 0x98, 0xff, 0x61, 0xd2, 0x58, 0x88, 0xfa, 0x95, 0x2e, 0xdb, 0x1f, 0x33, 0xc8, 0x34, 0x55, 0x6f, 0xbd, 0x6b, 0x92, 0x8e, 0xe7, 0xe3, 0x48, 0x83, 0x93, 0x6a}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x52, 0xd7, 0x35, 0x1e, 0x49, 0xa1, 0x3f, 0xff, 0x0a, 0x57, 0xc4, 0x0f, 0xd8, 0xe0, 0xed, 0xb4, 0xf5, 0xf3, 0x16, 0x6a, 0x42, 0x19, 0xc4, 0x3f, 0xad, 0x30, 0xb8, 0x4f, 0xa3, 0x17, 0x4d, 0x37}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x4c, 0x28, 0x1b, 0x4f, 0x9d, 0xd4, 0xa4, 0x00, 0x9c, 0xd4, 0xfb, 0xe5, 0x23, 0x50, 0x35, 0x64, 0x47, 0x75, 0xd9, 0x0d, 0x59, 0x61, 0x2f, 0xbb, 0x7b, 0xd9, 0x80, 0x27, 0x7c, 0x68, 0xe0, 0x2f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x9e, 0xe0, 0x84, 0x65, 0xe3, 0x7a, 0xad, 0x5c, 0xbf, 0x1f, 0x81, 0x79, 0x12, 0xbb, 0x22, 0x54, 0x12, 0x2a, 0x74, 0x3c, 0xee, 0x9f, 0x8b, 0xb7, 0x95, 0x9b, 0x0b, 0xc1, 0xfc, 0xfa, 0x12, 0x85}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x98, 0x22, 0x5a, 0xb9, 0xc5, 0x47, 0x0b, 0x5a, 0xf2, 0x9b, 0x45, 0xfd, 0x7e, 0xf0, 0x0d, 0x75, 0x1f, 0x30, 0x44, 0xd0, 0x2b, 0xc2, 0x79, 0x21, 0x7f, 0x3d, 0x88, 0x65, 0x81, 0x85, 0x39, 0x32}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x95, 0xd1, 0x2b, 0xbd, 0x4e, 0x25, 0x8c, 0xc0, 0x81, 0xed, 0x9d, 0x03, 0xa6, 0x48, 0x44, 0x38, 0xa9, 0x8e, 0x92, 0xb3, 0x19, 0xb8, 0x1e, 0x6a, 0xf6, 0xe5, 0x1e, 0xd6, 0x23, 0xd7, 0xde, 0x11}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x57, 0x62, 0x54, 0x4e, 0xc5, 0xf3, 0x54, 0x08, 0x2e, 0xaa, 0x1c, 0xa0, 0xdd, 0x4b, 0x24, 0xbd, 0x87, 0xd3, 0x99, 0x29, 0xf9, 0xab, 0x7b, 0x16, 0x76, 0x27, 0x66, 0xa9, 0x1a, 0xe7, 0x2a, 0x4e}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x95, 0x92, 0xce, 0xc4, 0x34, 0x35, 0x68, 0xbd, 0x19, 0xd7, 0xbd, 0xef, 0x2c, 0x89, 0x20, 0x68, 0xca, 0x58, 0x0c, 0x87, 0xaf, 0xf4, 0x9e, 0x46, 0x35, 0x6f, 0xba, 0xd8, 0x69, 0x4c, 0x18, 0x11}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x97, 0x69, 0xed, 0x6b, 0x72, 0x8b, 0xda, 0x97, 0x12, 0x1b, 0x6e, 0x06, 0x5f, 0x32, 0xfa, 0x46, 0x8f, 0x0e, 0x7f, 0xf6, 0xbb, 0x2d, 0x18, 0xfb, 0x3c, 0xd2, 0x82, 0x8e, 0x07, 0x3f, 0xb4, 0xcc}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xf6, 0xb7, 0xf0, 0x4f, 0xd6, 0x0a, 0x14, 0x2b, 0x2b, 0xe4, 0x65, 0xcc, 0x52, 0x78, 0xbb, 0xd9, 0xb6, 0xe7, 0xdb, 0x97, 0xa1, 0x4c, 0x47, 0x7d, 0xed, 0x93, 0x32, 0x27, 0xe9, 0xfe, 0x3e, 0x9e}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x7e, 0xda, 0xc0, 0xb6, 0x79, 0x2e, 0x6f, 0xbb, 0x0f, 0x1e, 0xaa, 0x69, 0xc2, 0x07, 0xa0, 0xbf, 0xba, 0xdd, 0x01, 0xf7, 0x99, 0x24, 0xf0, 0xf5, 0xd7, 0x74, 0x12, 0x18, 0x7d, 0x2d, 0x7d, 0xb4}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x35, 0xf3, 0x00, 0x78, 0xc0, 0xb9, 0xc7, 0x21, 0x75, 0x6a, 0x6e, 0x0c, 0xb0, 0x4f, 0xa3, 0x4b, 0x43, 0x58, 0x32, 0x83, 0x02, 0xee, 0xa0, 0x26, 0x4b, 0xd3, 0xb5, 0x83, 0xe0, 0xcd, 0x03, 0xff}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x76, 0x93, 0x97, 0x7e, 0x02, 0xe0, 0xb0, 0x38, 0xac, 0xc1, 0x9f, 0x32, 0xf7, 0x30, 0x52, 0x54, 0xd6, 0x7e, 0x0c, 0xda, 0x69, 0xd7, 0x11, 0xb4, 0x8e, 0x95, 0xe2, 0x68, 0xdb, 0x43, 0x4c, 0x6a}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x13, 0x80, 0x1e, 0x1b, 0xd1, 0x5c, 0x28, 0x86, 0x0e, 0x9c, 0x08, 0xee, 0x86, 0x7e, 0xa5, 0x3a, 0xfd, 0xaa, 0x67, 0xa8, 0x20, 0x6a, 0x16, 0x5b, 0x2c, 0x27, 0x44, 0x1d, 0x1f, 0x99, 0x16, 0x23}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x26, 0xc1, 0xf9, 0x1b, 0xe6, 0x32, 0x03, 0x9b, 0x7a, 0xe5, 0x0a, 0x31, 0xfb, 0xc3, 0x87, 0x5b, 0x43, 0x9c, 0x33, 0x89, 0xac, 0x44, 0x45, 0x52, 0xe7, 0x71, 0x44, 0x9d, 0x95, 0x15, 0x59, 0x1d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x36, 0xf5, 0x35, 0xe1, 0xff, 0x64, 0xfe, 0x3e, 0x8a, 0x49, 0x58, 0xd9, 0x21, 0x23, 0x6c, 0x88, 0x62, 0x11, 0x3d, 0x0c, 0xf8, 0x91, 0x0d, 0xbd, 0xe3, 0x66, 0x54, 0x13, 0xae, 0x92, 0x55, 0xa3}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x75, 0xb6, 0xb0, 0x4b, 0x5c, 0xd9, 0x47, 0x6c, 0xf5, 0x8c, 0x51, 0xc4, 0xbc, 0x74, 0x22, 0x5f, 0xd2, 0x86, 0x98, 0x17, 0x03, 0x5a, 0x51, 0x1b, 0x97, 0xbf, 0xff, 0x91, 0x77, 0xf9, 0x9c, 0xd2}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x75, 0xb6, 0x4b, 0x75, 0x55, 0xe2, 0xf2, 0x77, 0x97, 0xf3, 0xfc, 0x8e, 0x86, 0xf3, 0xf2, 0xb2, 0x3c, 0x22, 0xc6, 0xdc, 0xee, 0xe6, 0x9b, 0x02, 0x70, 0xaf, 0x55, 0xe6, 0x2a, 0xf9, 0x56, 0x0c}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xde, 0x0f, 0x19, 0x9b, 0x42, 0x09, 0x79, 0x78, 0x9f, 0x19, 0x68, 0x2b, 0x46, 0x04, 0x97, 0xbe, 0x5f, 0x4b, 0xe3, 0xe2, 0x81, 0x44, 0x25, 0x03, 0x2c, 0xb2, 0xe6, 0x1e, 0xf9, 0x3b, 0x81, 0x0d}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x90, 0x68, 0xa9, 0x16, 0x7c, 0x6d, 0xf8, 0x52, 0x0c, 0x45, 0x22, 0x2b, 0x91, 0x65, 0x83, 0x9d, 0x0b, 0xe3, 0x0d, 0x55, 0xdc, 0x93, 0x1d, 0x4d, 0x16, 0x41, 0xd3, 0xa7, 0x27, 0xe3, 0x1f, 0xc2}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x62, 0xfc, 0x5e, 0xf2, 0x8e, 0x1d, 0xfe, 0x08, 0x59, 0xcf, 0x9c, 0x2b, 0x26, 0x53, 0x2a, 0x7c, 0xc0, 0x58, 0xee, 0xc4, 0xff, 0xe3, 0x0c, 0x30, 0xee, 0xe1, 0xd0, 0x25, 0x69, 0xfd, 0xdc, 0xff}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x68, 0x1b, 0x7b, 0xf7, 0xcb, 0x27, 0x1c, 0x99, 0x19, 0x25, 0xe6, 0x85, 0x76, 0x70, 0xd7, 0x67, 0xc3, 0xd2, 0x38, 0xa5, 0x0b, 0x61, 0xd5, 0x09, 0x51, 0xcc, 0x17, 0x30, 0x28, 0x18, 0x51, 0x44}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x26, 0x00, 0xa5, 0xb5, 0xb8, 0x6c, 0x01, 0xf9, 0xed, 0x30, 0x97, 0x43, 0x54, 0x29, 0x44, 0x8f, 0x39, 0x2b, 0xb6, 0x2d, 0x4c, 0xfe, 0x5b, 0x72, 0x2e, 0x8d, 0x96, 0x04, 0x24, 0xb0, 0x80, 0xcc}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x73, 0x18, 0xae, 0xc6, 0x41, 0x8f, 0xf5, 0x43, 0xb9, 0xa0, 0x25, 0x8e, 0x47, 0x5e, 0x72, 0x6b, 0x9c, 0x69, 0x15, 0xc8, 0x95, 0x8e, 0xc5, 0xaa, 0xc9, 0x6a, 0x61, 0xb0, 0x75, 0x6e, 0x84, 0xaa}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0x83, 0x66, 0xca, 0xed, 0x57, 0x0d, 0xac, 0x26, 0x07, 0xcd, 0x75, 0xf5, 0x74, 0x3b, 0x23, 0x11, 0x2c, 0x89, 0x3a, 0x4e, 0x62, 0x7f, 0x82, 0x87, 0x2d, 0x03, 0x76, 0x85, 0x54, 0x0a, 0x3c, 0xaf}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x9d, 0xc0, 0xb3, 0xb0, 0x1a, 0xa7, 0x47, 0xdf, 0x7f, 0xa4, 0x9a, 0x32, 0x7d, 0x00, 0x23, 0xf9, 0x2c, 0x75, 0x5e, 0xfe, 0x70, 0x8a, 0x58, 0xbb, 0xbf, 0xb7, 0x19, 0x43, 0xa2, 0x17, 0xa3, 0xdc}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe0, 0xb6, 0x11, 0x9c, 0x15, 0x60, 0x14, 0xd1, 0x0d, 0xce, 0xec, 0xa0, 0xe3, 0xee, 0xa1, 0x7a, 0x1b, 0x5c, 0xab, 0xdc, 0xe2, 0x31, 0x15, 0xa6, 0xa1, 0xd0, 0xe2, 0xca, 0x26, 0x15, 0xbe, 0x0f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xc9, 0xa9, 0x2b, 0x7e, 0xff, 0x1a, 0xb0, 0xf2, 0x09, 0x18, 0x5e, 0x92, 0x4b, 0x8d, 0xe7, 0xe1, 0x27, 0x69, 0x9d, 0xec, 0xba, 0xe2, 0x6f, 0x6e, 0x5d, 0xac, 0x12, 0xea, 0x2c, 0x6f, 0x71, 0x48}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xce, 0x50, 0x33, 0x2a, 0x92, 0x56, 0xe9, 0xe6, 0xa5, 0x1d, 0xba, 0x3d, 0x62, 0xb5, 0x8f, 0x1c, 0x63, 0x56, 0xef, 0xad, 0x83, 0xe3, 0x65, 0x96, 0xa9, 0x6b, 0x05, 0x05, 0x66, 0x50, 0x35, 0xef}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xcf, 0x6e, 0x4e, 0x00, 0x98, 0x00, 0x8c, 0x4f, 0x25, 0x3f, 0x49, 0xa2, 0xcb, 0x45, 0x39, 0xcb, 0x48, 0x83, 0xcc, 0x3a, 0xb1, 0x91, 0x3f, 0xb0, 0x1e, 0x9d, 0xbc, 0xeb, 0xde, 0x6d, 0xb7, 0x66}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xd9, 0x55, 0x66, 0xd3, 0xa2, 0x77, 0xd5, 0x44, 0x76, 0x10, 0x4c, 0x79, 0x64, 0xa9, 0xb9, 0x8d, 0x60, 0x90, 0x2b, 0xc9, 0x54, 0x47, 0xb8, 0xf4, 0x43, 0x99, 0x49, 0xab, 0xfe, 0x24, 0xad, 0xc8}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xeb, 0xae, 0xd2, 0x4d, 0x8d, 0x95, 0x21, 0x94, 0xf9, 0xe0, 0xe2, 0x2e, 0xb7, 0xfc, 0x5e, 0xce, 0xc0, 0x92, 0x0c, 0xa5, 0x0d, 0x78, 0x11, 0xfb, 0xb8, 0x27, 0x3a, 0x58, 0x85, 0xa9, 0x13, 0xbc}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x81, 0xa2, 0x5d, 0x11, 0x6b, 0x66, 0xd8, 0x92, 0x67, 0x8c, 0x13, 0x65, 0x09, 0xdf, 0xf0, 0xa0, 0x8f, 0xc4, 0xed, 0x2f, 0x6c, 0x02, 0xc7, 0x71, 0xdf, 0x0b, 0xed, 0xa8, 0xf8, 0x54, 0xaa, 0xf5}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0xa6, 0x67, 0x86, 0x53, 0xef, 0xb9, 0xb8, 0x3b, 0x85, 0xa0, 0x9f, 0xfc, 0xc9, 0xdf, 0x3c, 0xd5, 0xa3, 0x09, 0xb8, 0x1e, 0x06, 0xec, 0xb2, 0x2d, 0xf4, 0x5b, 0x0e, 0x7b, 0x85, 0xdc, 0x54, 0x82}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x19, 0xc3, 0x83, 0x75, 0x26, 0xd4, 0x17, 0xb9, 0x4a, 0x8a, 0x8f, 0xac, 0x4f, 0xfa, 0x73, 0x25, 0xbe, 0xc6, 0xd3, 0x19, 0x92, 0x90, 0x81, 0xc7, 0x37, 0xdb, 0xcb, 0xcd, 0x7e, 0x7f, 0x98, 0x39}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x36, 0x2e, 0x04, 0xed, 0x63, 0x40, 0x8a, 0xb0, 0x07, 0x18, 0x14, 0xb3, 0x43, 0xdc, 0x8d, 0xb6, 0x98, 0x4b, 0xc5, 0x60, 0x0d, 0x2f, 0xad, 0xb0, 0x70, 0xa7, 0x70, 0xf1, 0xd3, 0xde, 0xc6, 0xcd}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0x6d, 0x3a, 0x6b, 0xb5, 0xf5, 0xad, 0x1a, 0x22, 0x96, 0xab, 0x37, 0x2b, 0x4a, 0x29, 0x8e, 0xc4, 0x54, 0xa0, 0x9c, 0xbb, 0x7a, 0x1f, 0x21, 0x80, 0xd7, 0x93, 0x12, 0x52, 0x50, 0xa7, 0x1f, 0x4d}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x9c, 0x29, 0xe1, 0x76, 0x4a, 0x9f, 0x61, 0xae, 0xa1, 0x58, 0x9c, 0xc7, 0x93, 0x4f, 0xc0, 0xf0, 0x56, 0x88, 0x1d, 0xa8, 0xe4, 0x4c, 0x64, 0xce, 0x6e, 0xd2, 0x35, 0x4d, 0xdb, 0x68, 0xb4, 0x3c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x82, 0xa8, 0x0b, 0xde, 0xdf, 0x74, 0x83, 0xc2, 0xdf, 0x47, 0x5b, 0x92, 0xc7, 0x2f, 0xd6, 0x1d, 0x04, 0x80, 0x67, 0x2f, 0x8c, 0x23, 0x4e, 0xa5, 0xa7, 0xfa, 0x9c, 0x5a, 0x92, 0x59, 0x31, 0x17}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0xde, 0xb8, 0x39, 0x67, 0xd7, 0xac, 0x14, 0xf1, 0xce, 0xb0, 0xcc, 0xdb, 0x8a, 0x61, 0xf6, 0x1e, 0x03, 0x5b, 0x1c, 0xe5, 0x65, 0x61, 0xc4, 0xa5, 0x6c, 0xd6, 0x66, 0x43, 0x89, 0xb7, 0xe1, 0xb4}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x76, 0xe2, 0x10, 0x2f, 0xaf, 0xe6, 0x7e, 0xba, 0x1a, 0x3b, 0xa0, 0x39, 0xe8, 0x04, 0x55, 0x0d, 0xbc, 0x00, 0xb8, 0xd7, 0x3b, 0x8b, 0xcc, 0x20, 0xe9, 0x2b, 0x54, 0x4b, 0x80, 0xce, 0xa2, 0x0b}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x2a, 0xd2, 0x94, 0x2c, 0x77, 0xe1, 0xdf, 0x34, 0x5e, 0x25, 0x55, 0xdf, 0x63, 0x52, 0x32, 0xa6, 0x23, 0x41, 0x35, 0xde, 0x78, 0x89, 0x3e, 0x59, 0x72, 0x19, 0x7c, 0x3c, 0xee, 0x4d, 0x58, 0x84}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index f63615552..d1016bc95 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.17.0-pre.0.20240620134933-c01f7350427b" + defaultImage = "ref/main/stream/nightly/v2.17.0-pre.0.20240625142312-27946c6f2cde" ) From 52a65c20acd8bb358cbd8334ce6093dca1086f31 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= Date: Tue, 11 Jun 2024 14:50:38 +0200 Subject: [PATCH 110/380] Move upload/delete code to its own package MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- internal/api/attestationconfigapi/BUILD.bazel | 8 --- .../api/attestationconfigapi/cli/BUILD.bazel | 1 + .../cli/client/BUILD.bazel | 35 +++++++++++++ .../{ => cli/client}/client.go | 50 +++++++++++-------- .../{ => cli/client}/client_test.go | 17 ++++--- .../{ => cli/client}/reporter.go | 24 ++++----- .../{ => cli/client}/reporter_test.go | 17 ++++--- .../api/attestationconfigapi/cli/delete.go | 5 +- .../api/attestationconfigapi/cli/upload.go | 20 ++++---- .../api/attestationconfigapi/cli/validargs.go | 3 +- internal/api/attestationconfigapi/fetcher.go | 6 +-- internal/api/attestationconfigapi/snp.go | 25 ++++------ internal/api/attestationconfigapi/snp_test.go | 18 +++---- 13 files changed, 129 insertions(+), 100 deletions(-) create mode 100644 internal/api/attestationconfigapi/cli/client/BUILD.bazel rename internal/api/attestationconfigapi/{ => cli/client}/client.go (66%) rename internal/api/attestationconfigapi/{ => cli/client}/client_test.go (56%) rename internal/api/attestationconfigapi/{ => cli/client}/reporter.go (88%) rename internal/api/attestationconfigapi/{ => cli/client}/reporter_test.go (71%) diff --git a/internal/api/attestationconfigapi/BUILD.bazel b/internal/api/attestationconfigapi/BUILD.bazel index 5db942eb3..39f3bf5a3 100644 --- a/internal/api/attestationconfigapi/BUILD.bazel +++ b/internal/api/attestationconfigapi/BUILD.bazel @@ -5,31 +5,23 @@ go_library( name = "attestationconfigapi", srcs = [ "attestationconfigapi.go", - "client.go", "fetcher.go", - "reporter.go", "snp.go", ], importpath = "github.com/edgelesssys/constellation/v2/internal/api/attestationconfigapi", visibility = ["//:__subpackages__"], deps = [ - "//internal/api/client", "//internal/api/fetcher", "//internal/attestation/variant", "//internal/constants", "//internal/sigstore", - "//internal/staticupload", - "@com_github_aws_aws_sdk_go//aws", - "@com_github_aws_aws_sdk_go_v2_service_s3//:s3", ], ) go_test( name = "attestationconfigapi_test", srcs = [ - "client_test.go", "fetcher_test.go", - "reporter_test.go", "snp_test.go", ], embed = [":attestationconfigapi"], diff --git a/internal/api/attestationconfigapi/cli/BUILD.bazel b/internal/api/attestationconfigapi/cli/BUILD.bazel index 1d2fe3ae6..8378b0d03 100644 --- a/internal/api/attestationconfigapi/cli/BUILD.bazel +++ b/internal/api/attestationconfigapi/cli/BUILD.bazel @@ -19,6 +19,7 @@ go_library( visibility = ["//visibility:private"], deps = [ "//internal/api/attestationconfigapi", + "//internal/api/attestationconfigapi/cli/client", "//internal/attestation/variant", "//internal/cloud/cloudprovider", "//internal/constants", diff --git a/internal/api/attestationconfigapi/cli/client/BUILD.bazel b/internal/api/attestationconfigapi/cli/client/BUILD.bazel new file mode 100644 index 000000000..cacb2f05d --- /dev/null +++ b/internal/api/attestationconfigapi/cli/client/BUILD.bazel @@ -0,0 +1,35 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") +load("//bazel/go:go_test.bzl", "go_test") + +go_library( + name = "client", + srcs = [ + "client.go", + "reporter.go", + ], + importpath = "github.com/edgelesssys/constellation/v2/internal/api/attestationconfigapi/cli/client", + visibility = ["//:__subpackages__"], + deps = [ + "//internal/api/attestationconfigapi", + "//internal/api/client", + "//internal/attestation/variant", + "//internal/sigstore", + "//internal/staticupload", + "@com_github_aws_aws_sdk_go//aws", + "@com_github_aws_aws_sdk_go_v2_service_s3//:s3", + ], +) + +go_test( + name = "client_test", + srcs = [ + "client_test.go", + "reporter_test.go", + ], + embed = [":client"], + deps = [ + "//internal/api/attestationconfigapi", + "//internal/attestation/variant", + "@com_github_stretchr_testify//assert", + ], +) diff --git a/internal/api/attestationconfigapi/client.go b/internal/api/attestationconfigapi/cli/client/client.go similarity index 66% rename from internal/api/attestationconfigapi/client.go rename to internal/api/attestationconfigapi/cli/client/client.go index 11b27eae0..476ea22d5 100644 --- a/internal/api/attestationconfigapi/client.go +++ b/internal/api/attestationconfigapi/cli/client/client.go @@ -3,7 +3,12 @@ Copyright (c) Edgeless Systems GmbH SPDX-License-Identifier: AGPL-3.0-only */ -package attestationconfigapi + +/* +package client contains code to manage CVM versions in Constellation's CDN API. +It is used to upload and delete "latest" versions for AMD SEV-SNP and Intel TDX. +*/ +package client import ( "context" @@ -12,6 +17,7 @@ import ( "log/slog" "time" + "github.com/edgelesssys/constellation/v2/internal/api/attestationconfigapi" apiclient "github.com/edgelesssys/constellation/v2/internal/api/client" "github.com/edgelesssys/constellation/v2/internal/attestation/variant" "github.com/edgelesssys/constellation/v2/internal/sigstore" @@ -31,8 +37,8 @@ type Client struct { cacheWindowSize int } -// NewClient returns a new Client. -func NewClient(ctx context.Context, cfg staticupload.Config, cosignPwd, privateKey []byte, dryRun bool, versionWindowSize int, log *slog.Logger) (*Client, apiclient.CloseFunc, error) { +// New returns a new Client. +func New(ctx context.Context, cfg staticupload.Config, cosignPwd, privateKey []byte, dryRun bool, versionWindowSize int, log *slog.Logger) (*Client, apiclient.CloseFunc, error) { s3Client, clientClose, err := apiclient.NewClient(ctx, cfg.Region, cfg.Bucket, cfg.DistributionID, dryRun, log) if err != nil { return nil, nil, fmt.Errorf("failed to create s3 storage: %w", err) @@ -49,7 +55,7 @@ func NewClient(ctx context.Context, cfg staticupload.Config, cosignPwd, privateK } // uploadSEVSNPVersion uploads the latest version numbers of the SEVSNP. Then version name is the UTC timestamp of the date. The /list entry stores the version name + .json suffix. -func (a Client) uploadSEVSNPVersion(ctx context.Context, attestation variant.Variant, version SEVSNPVersion, date time.Time) error { +func (a Client) uploadSEVSNPVersion(ctx context.Context, attestation variant.Variant, version attestationconfigapi.SEVSNPVersion, date time.Time) error { versions, err := a.List(ctx, attestation) if err != nil { return fmt.Errorf("fetch version list: %w", err) @@ -74,32 +80,32 @@ func (a Client) DeleteSEVSNPVersion(ctx context.Context, attestation variant.Var } // List returns the list of versions for the given attestation variant. -func (a Client) List(ctx context.Context, attestation variant.Variant) (SEVSNPVersionList, error) { +func (a Client) List(ctx context.Context, attestation variant.Variant) (attestationconfigapi.SEVSNPVersionList, error) { if !attestation.Equal(variant.AzureSEVSNP{}) && !attestation.Equal(variant.AWSSEVSNP{}) && !attestation.Equal(variant.GCPSEVSNP{}) { - return SEVSNPVersionList{}, fmt.Errorf("unsupported attestation variant: %s", attestation) + return attestationconfigapi.SEVSNPVersionList{}, fmt.Errorf("unsupported attestation variant: %s", attestation) } - versions, err := apiclient.Fetch(ctx, a.s3Client, SEVSNPVersionList{variant: attestation}) + versions, err := apiclient.Fetch(ctx, a.s3Client, attestationconfigapi.SEVSNPVersionList{Variant: attestation}) if err != nil { var notFoundErr *apiclient.NotFoundError if errors.As(err, ¬FoundErr) { - return SEVSNPVersionList{variant: attestation}, nil + return attestationconfigapi.SEVSNPVersionList{Variant: attestation}, nil } - return SEVSNPVersionList{}, err + return attestationconfigapi.SEVSNPVersionList{}, err } - versions.variant = attestation + versions.Variant = attestation return versions, nil } -func (a Client) deleteSEVSNPVersion(versions SEVSNPVersionList, versionStr string) (ops []crudCmd, err error) { +func (a Client) deleteSEVSNPVersion(versions attestationconfigapi.SEVSNPVersionList, versionStr string) (ops []crudCmd, err error) { versionStr = versionStr + ".json" ops = append(ops, deleteCmd{ - apiObject: SEVSNPVersionAPI{ - Variant: versions.variant, + apiObject: attestationconfigapi.SEVSNPVersionAPI{ + Variant: versions.Variant, Version: versionStr, }, }) @@ -115,8 +121,8 @@ func (a Client) deleteSEVSNPVersion(versions SEVSNPVersionList, versionStr strin return ops, nil } -func (a Client) constructUploadCmd(attestation variant.Variant, version SEVSNPVersion, versionNames SEVSNPVersionList, date time.Time) []crudCmd { - if !attestation.Equal(versionNames.variant) { +func (a Client) constructUploadCmd(attestation variant.Variant, version attestationconfigapi.SEVSNPVersion, versionNames attestationconfigapi.SEVSNPVersionList, date time.Time) []crudCmd { + if !attestation.Equal(versionNames.Variant) { return nil } @@ -124,11 +130,11 @@ func (a Client) constructUploadCmd(attestation variant.Variant, version SEVSNPVe var res []crudCmd res = append(res, putCmd{ - apiObject: SEVSNPVersionAPI{Version: dateStr, Variant: attestation, SEVSNPVersion: version}, + apiObject: attestationconfigapi.SEVSNPVersionAPI{Version: dateStr, Variant: attestation, SEVSNPVersion: version}, signer: a.signer, }) - versionNames.addVersion(dateStr) + versionNames.AddVersion(dateStr) res = append(res, putCmd{ apiObject: versionNames, @@ -138,19 +144,19 @@ func (a Client) constructUploadCmd(attestation variant.Variant, version SEVSNPVe return res } -func removeVersion(list SEVSNPVersionList, versionStr string) (removedVersions SEVSNPVersionList, err error) { - versions := list.List() +func removeVersion(list attestationconfigapi.SEVSNPVersionList, versionStr string) (removedVersions attestationconfigapi.SEVSNPVersionList, err error) { + versions := list.List for i, v := range versions { if v == versionStr { if i == len(versions)-1 { - removedVersions = SEVSNPVersionList{list: versions[:i], variant: list.variant} + removedVersions = attestationconfigapi.SEVSNPVersionList{List: versions[:i], Variant: list.Variant} } else { - removedVersions = SEVSNPVersionList{list: append(versions[:i], versions[i+1:]...), variant: list.variant} + removedVersions = attestationconfigapi.SEVSNPVersionList{List: append(versions[:i], versions[i+1:]...), Variant: list.Variant} } return removedVersions, nil } } - return SEVSNPVersionList{}, fmt.Errorf("version %s not found in list %v", versionStr, versions) + return attestationconfigapi.SEVSNPVersionList{}, fmt.Errorf("version %s not found in list %v", versionStr, versions) } type crudCmd interface { diff --git a/internal/api/attestationconfigapi/client_test.go b/internal/api/attestationconfigapi/cli/client/client_test.go similarity index 56% rename from internal/api/attestationconfigapi/client_test.go rename to internal/api/attestationconfigapi/cli/client/client_test.go index 9cae1bc5a..77059b27b 100644 --- a/internal/api/attestationconfigapi/client_test.go +++ b/internal/api/attestationconfigapi/cli/client/client_test.go @@ -3,12 +3,13 @@ Copyright (c) Edgeless Systems GmbH SPDX-License-Identifier: AGPL-3.0-only */ -package attestationconfigapi +package client import ( "testing" "time" + "github.com/edgelesssys/constellation/v2/internal/api/attestationconfigapi" "github.com/edgelesssys/constellation/v2/internal/attestation/variant" "github.com/stretchr/testify/assert" ) @@ -18,13 +19,13 @@ func TestUploadAzureSEVSNP(t *testing.T) { bucketID: "bucket", signer: fakeSigner{}, } - version := SEVSNPVersion{} + version := attestationconfigapi.SEVSNPVersion{} date := time.Date(2023, 1, 1, 1, 1, 1, 1, time.UTC) - ops := sut.constructUploadCmd(variant.AzureSEVSNP{}, version, SEVSNPVersionList{list: []string{"2021-01-01-01-01.json", "2019-01-01-01-01.json"}, variant: variant.AzureSEVSNP{}}, date) + ops := sut.constructUploadCmd(variant.AzureSEVSNP{}, version, attestationconfigapi.SEVSNPVersionList{List: []string{"2021-01-01-01-01.json", "2019-01-01-01-01.json"}, Variant: variant.AzureSEVSNP{}}, date) dateStr := "2023-01-01-01-01.json" assert := assert.New(t) assert.Contains(ops, putCmd{ - apiObject: SEVSNPVersionAPI{ + apiObject: attestationconfigapi.SEVSNPVersionAPI{ Variant: variant.AzureSEVSNP{}, Version: dateStr, SEVSNPVersion: version, @@ -32,7 +33,7 @@ func TestUploadAzureSEVSNP(t *testing.T) { signer: fakeSigner{}, }) assert.Contains(ops, putCmd{ - apiObject: SEVSNPVersionList{variant: variant.AzureSEVSNP{}, list: []string{"2023-01-01-01-01.json", "2021-01-01-01-01.json", "2019-01-01-01-01.json"}}, + apiObject: attestationconfigapi.SEVSNPVersionList{Variant: variant.AzureSEVSNP{}, List: []string{"2023-01-01-01-01.json", "2021-01-01-01-01.json", "2019-01-01-01-01.json"}}, signer: fakeSigner{}, }) } @@ -41,20 +42,20 @@ func TestDeleteAzureSEVSNPVersions(t *testing.T) { sut := Client{ bucketID: "bucket", } - versions := SEVSNPVersionList{list: []string{"2023-01-01.json", "2021-01-01.json", "2019-01-01.json"}} + versions := attestationconfigapi.SEVSNPVersionList{List: []string{"2023-01-01.json", "2021-01-01.json", "2019-01-01.json"}} ops, err := sut.deleteSEVSNPVersion(versions, "2021-01-01") assert := assert.New(t) assert.NoError(err) assert.Contains(ops, deleteCmd{ - apiObject: SEVSNPVersionAPI{ + apiObject: attestationconfigapi.SEVSNPVersionAPI{ Version: "2021-01-01.json", }, }) assert.Contains(ops, putCmd{ - apiObject: SEVSNPVersionList{list: []string{"2023-01-01.json", "2019-01-01.json"}}, + apiObject: attestationconfigapi.SEVSNPVersionList{List: []string{"2023-01-01.json", "2019-01-01.json"}}, }) } diff --git a/internal/api/attestationconfigapi/reporter.go b/internal/api/attestationconfigapi/cli/client/reporter.go similarity index 88% rename from internal/api/attestationconfigapi/reporter.go rename to internal/api/attestationconfigapi/cli/client/reporter.go index 72a980347..cc0f9b5ed 100644 --- a/internal/api/attestationconfigapi/reporter.go +++ b/internal/api/attestationconfigapi/cli/client/reporter.go @@ -4,12 +4,7 @@ Copyright (c) Edgeless Systems GmbH SPDX-License-Identifier: AGPL-3.0-only */ -/* -The reporter contains the logic to determine a latest version for SEVSNP based on cached version values observed on CVM instances. -Some code in this file (e.g. listing cached files) does not rely on dedicated API objects and instead uses the AWS SDK directly, -for no other reason than original development speed. -*/ -package attestationconfigapi +package client import ( "context" @@ -23,6 +18,7 @@ import ( "github.com/aws/aws-sdk-go-v2/service/s3" "github.com/aws/aws-sdk-go/aws" + "github.com/edgelesssys/constellation/v2/internal/api/attestationconfigapi" "github.com/edgelesssys/constellation/v2/internal/api/client" "github.com/edgelesssys/constellation/v2/internal/attestation/variant" ) @@ -34,7 +30,7 @@ const cachedVersionsSubDir = "cached-versions" var ErrNoNewerVersion = errors.New("input version is not newer than latest API version") func reportVersionDir(attestation variant.Variant) string { - return path.Join(AttestationURLPath, attestation.String(), cachedVersionsSubDir) + return path.Join(attestationconfigapi.AttestationURLPath, attestation.String(), cachedVersionsSubDir) } // UploadSEVSNPVersionLatest saves the given version to the cache, determines the smallest @@ -42,7 +38,7 @@ func reportVersionDir(attestation variant.Variant) string { // the latest version in the API if there is an update. // force can be used to bypass the validation logic against the cached versions. func (c Client) UploadSEVSNPVersionLatest(ctx context.Context, attestation variant.Variant, inputVersion, - latestAPIVersion SEVSNPVersion, now time.Time, force bool, + latestAPIVersion attestationconfigapi.SEVSNPVersion, now time.Time, force bool, ) error { if err := c.cacheSEVSNPVersion(ctx, attestation, inputVersion, now); err != nil { return fmt.Errorf("reporting version: %w", err) @@ -84,7 +80,7 @@ func (c Client) UploadSEVSNPVersionLatest(ctx context.Context, attestation varia } // cacheSEVSNPVersion uploads the latest observed version numbers of the SEVSNP. This version is used to later report the latest version numbers to the API. -func (c Client) cacheSEVSNPVersion(ctx context.Context, attestation variant.Variant, version SEVSNPVersion, date time.Time) error { +func (c Client) cacheSEVSNPVersion(ctx context.Context, attestation variant.Variant, version attestationconfigapi.SEVSNPVersion, date time.Time) error { dateStr := date.Format(VersionFormat) + ".json" res := putCmd{ apiObject: reportedSEVSNPVersionAPI{Version: dateStr, variant: attestation, SEVSNPVersion: version}, @@ -112,8 +108,8 @@ func (c Client) listCachedVersions(ctx context.Context, attestation variant.Vari } // findMinVersion finds the minimal version of the given version dates among the latest values in the version window size. -func (c Client) findMinVersion(ctx context.Context, attesation variant.Variant, versionDates []string) (SEVSNPVersion, string, error) { - var minimalVersion *SEVSNPVersion +func (c Client) findMinVersion(ctx context.Context, attesation variant.Variant, versionDates []string) (attestationconfigapi.SEVSNPVersion, string, error) { + var minimalVersion *attestationconfigapi.SEVSNPVersion var minimalDate string sort.Sort(sort.Reverse(sort.StringSlice(versionDates))) // sort in reverse order to slice the latest versions versionDates = versionDates[:c.cacheWindowSize] @@ -121,7 +117,7 @@ func (c Client) findMinVersion(ctx context.Context, attesation variant.Variant, for _, date := range versionDates { obj, err := client.Fetch(ctx, c.s3Client, reportedSEVSNPVersionAPI{Version: date + ".json", variant: attesation}) if err != nil { - return SEVSNPVersion{}, "", fmt.Errorf("get object: %w", err) + return attestationconfigapi.SEVSNPVersion{}, "", fmt.Errorf("get object: %w", err) } // Need to set this explicitly as the variant is not part of the marshalled JSON. obj.variant = attesation @@ -144,7 +140,7 @@ func (c Client) findMinVersion(ctx context.Context, attesation variant.Variant, } // isInputNewerThanOtherVersion compares all version fields and returns true if any input field is newer. -func isInputNewerThanOtherVersion(input, other SEVSNPVersion) (bool, error) { +func isInputNewerThanOtherVersion(input, other attestationconfigapi.SEVSNPVersion) (bool, error) { if input == other { return false, nil } @@ -167,7 +163,7 @@ func isInputNewerThanOtherVersion(input, other SEVSNPVersion) (bool, error) { type reportedSEVSNPVersionAPI struct { Version string `json:"-"` variant variant.Variant `json:"-"` - SEVSNPVersion + attestationconfigapi.SEVSNPVersion } // JSONPath returns the path to the JSON file for the request to the config api. diff --git a/internal/api/attestationconfigapi/reporter_test.go b/internal/api/attestationconfigapi/cli/client/reporter_test.go similarity index 71% rename from internal/api/attestationconfigapi/reporter_test.go rename to internal/api/attestationconfigapi/cli/client/reporter_test.go index ea37d2d2f..f3bc9a4ff 100644 --- a/internal/api/attestationconfigapi/reporter_test.go +++ b/internal/api/attestationconfigapi/cli/client/reporter_test.go @@ -2,17 +2,18 @@ Copyright (c) Edgeless Systems GmbH SPDX-License-Identifier: AGPL-3.0-only */ -package attestationconfigapi +package client import ( "testing" + "github.com/edgelesssys/constellation/v2/internal/api/attestationconfigapi" "github.com/stretchr/testify/assert" ) func TestIsInputNewerThanLatestAPI(t *testing.T) { - newTestCfg := func() SEVSNPVersion { - return SEVSNPVersion{ + newTestCfg := func() attestationconfigapi.SEVSNPVersion { + return attestationconfigapi.SEVSNPVersion{ Microcode: 93, TEE: 0, SNP: 6, @@ -21,13 +22,13 @@ func TestIsInputNewerThanLatestAPI(t *testing.T) { } testCases := map[string]struct { - latest SEVSNPVersion - input SEVSNPVersion + latest attestationconfigapi.SEVSNPVersion + input attestationconfigapi.SEVSNPVersion expect bool errMsg string }{ "input is older than latest": { - input: func(c SEVSNPVersion) SEVSNPVersion { + input: func(c attestationconfigapi.SEVSNPVersion) attestationconfigapi.SEVSNPVersion { c.Microcode-- return c }(newTestCfg()), @@ -36,7 +37,7 @@ func TestIsInputNewerThanLatestAPI(t *testing.T) { errMsg: "input Microcode version: 92 is older than latest API version: 93", }, "input has greater and smaller version field than latest": { - input: func(c SEVSNPVersion) SEVSNPVersion { + input: func(c attestationconfigapi.SEVSNPVersion) attestationconfigapi.SEVSNPVersion { c.Microcode++ c.Bootloader-- return c @@ -46,7 +47,7 @@ func TestIsInputNewerThanLatestAPI(t *testing.T) { errMsg: "input Bootloader version: 1 is older than latest API version: 2", }, "input is newer than latest": { - input: func(c SEVSNPVersion) SEVSNPVersion { + input: func(c attestationconfigapi.SEVSNPVersion) attestationconfigapi.SEVSNPVersion { c.TEE++ return c }(newTestCfg()), diff --git a/internal/api/attestationconfigapi/cli/delete.go b/internal/api/attestationconfigapi/cli/delete.go index daf457415..aa3947337 100644 --- a/internal/api/attestationconfigapi/cli/delete.go +++ b/internal/api/attestationconfigapi/cli/delete.go @@ -16,6 +16,7 @@ import ( "github.com/aws/aws-sdk-go-v2/service/s3" s3types "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/edgelesssys/constellation/v2/internal/api/attestationconfigapi" + "github.com/edgelesssys/constellation/v2/internal/api/attestationconfigapi/cli/client" "github.com/edgelesssys/constellation/v2/internal/attestation/variant" "github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider" "github.com/edgelesssys/constellation/v2/internal/logger" @@ -62,7 +63,7 @@ func runDelete(cmd *cobra.Command, args []string) (retErr error) { Region: deleteCfg.region, DistributionID: deleteCfg.distribution, } - client, clientClose, err := attestationconfigapi.NewClient(cmd.Context(), cfg, + client, clientClose, err := client.New(cmd.Context(), cfg, []byte(cosignPwd), []byte(privateKey), false, 1, log) if err != nil { return fmt.Errorf("create attestation client: %w", err) @@ -170,7 +171,7 @@ func newDeleteConfig(cmd *cobra.Command, args [3]string) (deleteConfig, error) { }, nil } -func deleteEntry(ctx context.Context, attvar variant.Variant, client *attestationconfigapi.Client, cfg deleteConfig) error { +func deleteEntry(ctx context.Context, attvar variant.Variant, client *client.Client, cfg deleteConfig) error { if cfg.kind != snpReport { return fmt.Errorf("kind %s not supported", cfg.kind) } diff --git a/internal/api/attestationconfigapi/cli/upload.go b/internal/api/attestationconfigapi/cli/upload.go index 98303cae2..f29351207 100644 --- a/internal/api/attestationconfigapi/cli/upload.go +++ b/internal/api/attestationconfigapi/cli/upload.go @@ -14,6 +14,7 @@ import ( "time" "github.com/edgelesssys/constellation/v2/internal/api/attestationconfigapi" + "github.com/edgelesssys/constellation/v2/internal/api/attestationconfigapi/cli/client" "github.com/edgelesssys/constellation/v2/internal/attestation/variant" "github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider" "github.com/edgelesssys/constellation/v2/internal/file" @@ -68,18 +69,15 @@ func runUpload(cmd *cobra.Command, args []string) (retErr error) { return fmt.Errorf("parsing cli flags: %w", err) } - client, clientClose, err := attestationconfigapi.NewClient( - ctx, + client, clientClose, err := client.New(ctx, staticupload.Config{ Bucket: uploadCfg.bucket, Region: uploadCfg.region, DistributionID: uploadCfg.distribution, }, - []byte(cosignPwd), - []byte(privateKey), - false, - uploadCfg.cacheWindowSize, - log) + []byte(cosignPwd), []byte(privateKey), + false, uploadCfg.cacheWindowSize, log, + ) defer func() { err := clientClose(cmd.Context()) @@ -109,7 +107,7 @@ func runUpload(cmd *cobra.Command, args []string) (retErr error) { func uploadReport(ctx context.Context, attestation variant.Variant, - client *attestationconfigapi.Client, + apiClient *client.Client, cfg uploadConfig, fs file.Handler, log *slog.Logger, @@ -137,8 +135,8 @@ func uploadReport(ctx context.Context, } latestAPIVersion := latestAPIVersionAPI.SEVSNPVersion - if err := client.UploadSEVSNPVersionLatest(ctx, attestation, inputVersion, latestAPIVersion, cfg.uploadDate, cfg.force); err != nil { - if errors.Is(err, attestationconfigapi.ErrNoNewerVersion) { + if err := apiClient.UploadSEVSNPVersionLatest(ctx, attestation, inputVersion, latestAPIVersion, cfg.uploadDate, cfg.force); err != nil { + if errors.Is(err, client.ErrNoNewerVersion) { log.Info(fmt.Sprintf("Input version: %+v is not newer than latest API version: %+v", inputVersion, latestAPIVersion)) return nil } @@ -178,7 +176,7 @@ func newConfig(cmd *cobra.Command, args [3]string) (uploadConfig, error) { } uploadDate := time.Now() if dateStr != "" { - uploadDate, err = time.Parse(attestationconfigapi.VersionFormat, dateStr) + uploadDate, err = time.Parse(client.VersionFormat, dateStr) if err != nil { return uploadConfig{}, fmt.Errorf("parsing date: %w", err) } diff --git a/internal/api/attestationconfigapi/cli/validargs.go b/internal/api/attestationconfigapi/cli/validargs.go index 033aaa0a3..22a11ac21 100644 --- a/internal/api/attestationconfigapi/cli/validargs.go +++ b/internal/api/attestationconfigapi/cli/validargs.go @@ -39,13 +39,14 @@ const ( // unknown is the default objectKind and does nothing. unknown objectKind = "unknown-kind" snpReport objectKind = "snp-report" + tdxReport objectKind = "tdx-report" guestFirmware objectKind = "guest-firmware" ) func kindFromString(s string) objectKind { lower := strings.ToLower(s) switch objectKind(lower) { - case snpReport, guestFirmware: + case snpReport, guestFirmware, tdxReport: return objectKind(lower) default: return unknown diff --git a/internal/api/attestationconfigapi/fetcher.go b/internal/api/attestationconfigapi/fetcher.go index a54e3ebc7..4d54758f6 100644 --- a/internal/api/attestationconfigapi/fetcher.go +++ b/internal/api/attestationconfigapi/fetcher.go @@ -74,7 +74,7 @@ func (f *fetcher) FetchSEVSNPVersionList(ctx context.Context, list SEVSNPVersion } // Need to set this explicitly as the variant is not part of the marshalled JSON. - fetchedList.variant = list.variant + fetchedList.Variant = list.Variant return fetchedList, nil } @@ -94,13 +94,13 @@ func (f *fetcher) FetchSEVSNPVersion(ctx context.Context, version SEVSNPVersionA // FetchSEVSNPVersionLatest returns the latest versions of the given type. func (f *fetcher) FetchSEVSNPVersionLatest(ctx context.Context, attesation variant.Variant) (res SEVSNPVersionAPI, err error) { - list, err := f.FetchSEVSNPVersionList(ctx, SEVSNPVersionList{variant: attesation}) + list, err := f.FetchSEVSNPVersionList(ctx, SEVSNPVersionList{Variant: attesation}) if err != nil { return res, ErrNoVersionsFound } getVersionRequest := SEVSNPVersionAPI{ - Version: list.List()[0], // latest version is first in list + Version: list.List[0], // latest version is first in list Variant: attesation, } res, err = f.FetchSEVSNPVersion(ctx, getVersionRequest) diff --git a/internal/api/attestationconfigapi/snp.go b/internal/api/attestationconfigapi/snp.go index a0f92700b..a98fae5f9 100644 --- a/internal/api/attestationconfigapi/snp.go +++ b/internal/api/attestationconfigapi/snp.go @@ -64,26 +64,23 @@ func (i SEVSNPVersionAPI) Validate() error { // Once we switch to v2 of the API we could embed the variant in the object and remove some code from fetcher & client. // That would remove the possibility of some fetcher/client code forgetting to set the variant. type SEVSNPVersionList struct { - variant variant.Variant - list []string + Variant variant.Variant + List []string } // MarshalJSON marshals the i's list property to JSON. func (i SEVSNPVersionList) MarshalJSON() ([]byte, error) { - return json.Marshal(i.list) + return json.Marshal(i.List) } // UnmarshalJSON unmarshals a list of strings into i's list property. func (i *SEVSNPVersionList) UnmarshalJSON(data []byte) error { - return json.Unmarshal(data, &i.list) + return json.Unmarshal(data, &i.List) } -// List returns i's list property. -func (i SEVSNPVersionList) List() []string { return i.list } - // JSONPath returns the path to the JSON file for the request to the config api. func (i SEVSNPVersionList) JSONPath() string { - return path.Join(AttestationURLPath, i.variant.String(), "list") + return path.Join(AttestationURLPath, i.Variant.String(), "list") } // ValidateRequest is a NoOp as there is no input. @@ -93,20 +90,20 @@ func (i SEVSNPVersionList) ValidateRequest() error { // SortReverse sorts the list of versions in reverse order. func (i *SEVSNPVersionList) SortReverse() { - sort.Sort(sort.Reverse(sort.StringSlice(i.list))) + sort.Sort(sort.Reverse(sort.StringSlice(i.List))) } -// addVersion adds new to i's list and sorts the element in descending order. -func (i *SEVSNPVersionList) addVersion(new string) { - i.list = append(i.list, new) - i.list = variant.RemoveDuplicate(i.list) +// AddVersion adds new to i's list and sorts the element in descending order. +func (i *SEVSNPVersionList) AddVersion(new string) { + i.List = append(i.List, new) + i.List = variant.RemoveDuplicate(i.List) i.SortReverse() } // Validate validates the response. func (i SEVSNPVersionList) Validate() error { - if len(i.list) < 1 { + if len(i.List) < 1 { return fmt.Errorf("no versions found in /list") } return nil diff --git a/internal/api/attestationconfigapi/snp_test.go b/internal/api/attestationconfigapi/snp_test.go index 2fe3ea8c9..da2f09cfa 100644 --- a/internal/api/attestationconfigapi/snp_test.go +++ b/internal/api/attestationconfigapi/snp_test.go @@ -21,16 +21,16 @@ func TestSEVSNPVersionListMarshalUnmarshalJSON(t *testing.T) { wantDiff bool }{ "success": { - input: SEVSNPVersionList{list: []string{"v1", "v2"}}, - output: SEVSNPVersionList{list: []string{"v1", "v2"}}, + input: SEVSNPVersionList{List: []string{"v1", "v2"}}, + output: SEVSNPVersionList{List: []string{"v1", "v2"}}, }, "variant is lost": { - input: SEVSNPVersionList{list: []string{"v1", "v2"}, variant: variant.AzureSEVSNP{}}, - output: SEVSNPVersionList{list: []string{"v1", "v2"}}, + input: SEVSNPVersionList{List: []string{"v1", "v2"}, Variant: variant.AzureSEVSNP{}}, + output: SEVSNPVersionList{List: []string{"v1", "v2"}}, }, "wrong order": { - input: SEVSNPVersionList{list: []string{"v1", "v2"}}, - output: SEVSNPVersionList{list: []string{"v2", "v1"}}, + input: SEVSNPVersionList{List: []string{"v1", "v2"}}, + output: SEVSNPVersionList{List: []string{"v2", "v1"}}, wantDiff: true, }, } @@ -68,10 +68,10 @@ func TestSEVSNPVersionListAddVersion(t *testing.T) { for name, tc := range tests { t.Run(name, func(t *testing.T) { - v := SEVSNPVersionList{list: tc.versions} - v.addVersion(tc.new) + v := SEVSNPVersionList{List: tc.versions} + v.AddVersion(tc.new) - assert.Equal(t, tc.expected, v.list) + assert.Equal(t, tc.expected, v.List) }) } } From cd4c90af7e11beca93e37de827bf943fea139759 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= Date: Tue, 11 Jun 2024 15:12:05 +0200 Subject: [PATCH 111/380] Rename apifetcher methods MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- .../cmd/configfetchmeasurements_test.go | 2 +- cli/internal/cmd/iamupgradeapply_test.go | 2 +- .../api/attestationconfigapi/cli/upload.go | 2 +- internal/api/attestationconfigapi/fetcher.go | 48 +++++++++---------- .../api/attestationconfigapi/fetcher_test.go | 2 +- internal/config/aws.go | 2 +- internal/config/azure.go | 2 +- internal/config/config_test.go | 2 +- internal/config/gcp.go | 2 +- .../provider/attestation_data_source.go | 2 +- 10 files changed, 32 insertions(+), 34 deletions(-) diff --git a/cli/internal/cmd/configfetchmeasurements_test.go b/cli/internal/cmd/configfetchmeasurements_test.go index 9cebbb7da..ab81bd808 100644 --- a/cli/internal/cmd/configfetchmeasurements_test.go +++ b/cli/internal/cmd/configfetchmeasurements_test.go @@ -214,7 +214,7 @@ func (f stubAttestationFetcher) FetchSEVSNPVersion(_ context.Context, _ attestat }, nil } -func (f stubAttestationFetcher) FetchSEVSNPVersionLatest(_ context.Context, _ variant.Variant) (attestationconfigapi.SEVSNPVersionAPI, error) { +func (f stubAttestationFetcher) FetchLatestVersion(_ context.Context, _ variant.Variant) (attestationconfigapi.SEVSNPVersionAPI, error) { return attestationconfigapi.SEVSNPVersionAPI{ SEVSNPVersion: testCfg, }, nil diff --git a/cli/internal/cmd/iamupgradeapply_test.go b/cli/internal/cmd/iamupgradeapply_test.go index e1d4c19ce..5b4ffb3a0 100644 --- a/cli/internal/cmd/iamupgradeapply_test.go +++ b/cli/internal/cmd/iamupgradeapply_test.go @@ -179,6 +179,6 @@ func (s *stubConfigFetcher) FetchSEVSNPVersionList(context.Context, attestationc panic("not implemented") } -func (s *stubConfigFetcher) FetchSEVSNPVersionLatest(context.Context, variant.Variant) (attestationconfigapi.SEVSNPVersionAPI, error) { +func (s *stubConfigFetcher) FetchLatestVersion(context.Context, variant.Variant) (attestationconfigapi.SEVSNPVersionAPI, error) { return attestationconfigapi.SEVSNPVersionAPI{}, s.fetchLatestErr } diff --git a/internal/api/attestationconfigapi/cli/upload.go b/internal/api/attestationconfigapi/cli/upload.go index f29351207..ac52b2f95 100644 --- a/internal/api/attestationconfigapi/cli/upload.go +++ b/internal/api/attestationconfigapi/cli/upload.go @@ -125,7 +125,7 @@ func uploadReport(ctx context.Context, inputVersion := convertTCBVersionToSNPVersion(report.SNPReport.LaunchTCB) log.Info(fmt.Sprintf("Input report: %+v", inputVersion)) - latestAPIVersionAPI, err := attestationconfigapi.NewFetcherWithCustomCDNAndCosignKey(cfg.url, cfg.cosignPublicKey).FetchSEVSNPVersionLatest(ctx, attestation) + latestAPIVersionAPI, err := attestationconfigapi.NewFetcherWithCustomCDNAndCosignKey(cfg.url, cfg.cosignPublicKey).FetchLatestVersion(ctx, attestation) if err != nil { if errors.Is(err, attestationconfigapi.ErrNoVersionsFound) { log.Info("No versions found in API, but assuming that we are uploading the first version.") diff --git a/internal/api/attestationconfigapi/fetcher.go b/internal/api/attestationconfigapi/fetcher.go index 4d54758f6..d89a0c751 100644 --- a/internal/api/attestationconfigapi/fetcher.go +++ b/internal/api/attestationconfigapi/fetcher.go @@ -24,9 +24,7 @@ var ErrNoVersionsFound = errors.New("no versions found") // Fetcher fetches config API resources without authentication. type Fetcher interface { - FetchSEVSNPVersion(ctx context.Context, version SEVSNPVersionAPI) (SEVSNPVersionAPI, error) - FetchSEVSNPVersionList(ctx context.Context, list SEVSNPVersionList) (SEVSNPVersionList, error) - FetchSEVSNPVersionLatest(ctx context.Context, attestation variant.Variant) (SEVSNPVersionAPI, error) + FetchLatestVersion(ctx context.Context, attestation variant.Variant) (SEVSNPVersionAPI, error) } // fetcher fetches AttestationCfg API resources without authentication. @@ -65,8 +63,26 @@ func newFetcherWithClientAndVerifier(client apifetcher.HTTPClient, cosignVerifie return &fetcher{HTTPClient: client, verifier: cosignVerifier, cdnURL: url} } -// FetchSEVSNPVersionList fetches the version list information from the config API. -func (f *fetcher) FetchSEVSNPVersionList(ctx context.Context, list SEVSNPVersionList) (SEVSNPVersionList, error) { +// FetchLatestVersion returns the latest versions of the given type. +func (f *fetcher) FetchLatestVersion(ctx context.Context, attesation variant.Variant) (res SEVSNPVersionAPI, err error) { + list, err := f.fetchVersionList(ctx, SEVSNPVersionList{Variant: attesation}) + if err != nil { + return res, ErrNoVersionsFound + } + + getVersionRequest := SEVSNPVersionAPI{ + Version: list.List[0], // latest version is first in list + Variant: attesation, + } + res, err = f.fetchVersion(ctx, getVersionRequest) + if err != nil { + return res, err + } + return +} + +// fetchVersionList fetches the version list information from the config API. +func (f *fetcher) fetchVersionList(ctx context.Context, list SEVSNPVersionList) (SEVSNPVersionList, error) { // TODO(derpsteb): Replace with FetchAndVerify once we move to v2 of the config API. fetchedList, err := apifetcher.Fetch(ctx, f.HTTPClient, f.cdnURL, list) if err != nil { @@ -79,8 +95,8 @@ func (f *fetcher) FetchSEVSNPVersionList(ctx context.Context, list SEVSNPVersion return fetchedList, nil } -// FetchSEVSNPVersion fetches the version information from the config API. -func (f *fetcher) FetchSEVSNPVersion(ctx context.Context, version SEVSNPVersionAPI) (SEVSNPVersionAPI, error) { +// fetchVersion fetches the version information from the config API. +func (f *fetcher) fetchVersion(ctx context.Context, version SEVSNPVersionAPI) (SEVSNPVersionAPI, error) { fetchedVersion, err := apifetcher.FetchAndVerify(ctx, f.HTTPClient, f.cdnURL, version, f.verifier) if err != nil { return fetchedVersion, fmt.Errorf("fetching version %s: %w", version.Version, err) @@ -91,21 +107,3 @@ func (f *fetcher) FetchSEVSNPVersion(ctx context.Context, version SEVSNPVersionA return fetchedVersion, nil } - -// FetchSEVSNPVersionLatest returns the latest versions of the given type. -func (f *fetcher) FetchSEVSNPVersionLatest(ctx context.Context, attesation variant.Variant) (res SEVSNPVersionAPI, err error) { - list, err := f.FetchSEVSNPVersionList(ctx, SEVSNPVersionList{Variant: attesation}) - if err != nil { - return res, ErrNoVersionsFound - } - - getVersionRequest := SEVSNPVersionAPI{ - Version: list.List[0], // latest version is first in list - Variant: attesation, - } - res, err = f.FetchSEVSNPVersion(ctx, getVersionRequest) - if err != nil { - return res, err - } - return -} diff --git a/internal/api/attestationconfigapi/fetcher_test.go b/internal/api/attestationconfigapi/fetcher_test.go index cb9fd86eb..0110009cf 100644 --- a/internal/api/attestationconfigapi/fetcher_test.go +++ b/internal/api/attestationconfigapi/fetcher_test.go @@ -61,7 +61,7 @@ func TestFetchLatestSEVSNPVersion(t *testing.T) { }, } fetcher := newFetcherWithClientAndVerifier(client, dummyVerifier{}, constants.CDNRepositoryURL) - res, err := fetcher.FetchSEVSNPVersionLatest(context.Background(), tc.attestation) + res, err := fetcher.FetchLatestVersion(context.Background(), tc.attestation) assert := assert.New(t) if tc.wantErr { assert.Error(err) diff --git a/internal/config/aws.go b/internal/config/aws.go index 53b11e69f..b75887b07 100644 --- a/internal/config/aws.go +++ b/internal/config/aws.go @@ -79,7 +79,7 @@ func (c *AWSSEVSNP) FetchAndSetLatestVersionNumbers(ctx context.Context, fetcher return nil } - versions, err := fetcher.FetchSEVSNPVersionLatest(ctx, variant.AWSSEVSNP{}) + versions, err := fetcher.FetchLatestVersion(ctx, variant.AWSSEVSNP{}) if err != nil { return fmt.Errorf("fetching latest TCB versions from configapi: %w", err) } diff --git a/internal/config/azure.go b/internal/config/azure.go index 79a414f53..ac2e39a2a 100644 --- a/internal/config/azure.go +++ b/internal/config/azure.go @@ -80,7 +80,7 @@ func (c *AzureSEVSNP) FetchAndSetLatestVersionNumbers(ctx context.Context, fetch return nil } - versions, err := fetcher.FetchSEVSNPVersionLatest(ctx, variant.AzureSEVSNP{}) + versions, err := fetcher.FetchLatestVersion(ctx, variant.AzureSEVSNP{}) if err != nil { return fmt.Errorf("fetching latest TCB versions from configapi: %w", err) } diff --git a/internal/config/config_test.go b/internal/config/config_test.go index fa9c0c2d0..58a0eb22c 100644 --- a/internal/config/config_test.go +++ b/internal/config/config_test.go @@ -1061,7 +1061,7 @@ func (f stubAttestationFetcher) FetchSEVSNPVersion(_ context.Context, _ attestat }, nil } -func (f stubAttestationFetcher) FetchSEVSNPVersionLatest(_ context.Context, _ variant.Variant) (attestationconfigapi.SEVSNPVersionAPI, error) { +func (f stubAttestationFetcher) FetchLatestVersion(_ context.Context, _ variant.Variant) (attestationconfigapi.SEVSNPVersionAPI, error) { return attestationconfigapi.SEVSNPVersionAPI{ SEVSNPVersion: testCfg, }, nil diff --git a/internal/config/gcp.go b/internal/config/gcp.go index 847474f05..47f6afcc9 100644 --- a/internal/config/gcp.go +++ b/internal/config/gcp.go @@ -79,7 +79,7 @@ func (c *GCPSEVSNP) FetchAndSetLatestVersionNumbers(ctx context.Context, fetcher return nil } - versions, err := fetcher.FetchSEVSNPVersionLatest(ctx, variant.GCPSEVSNP{}) + versions, err := fetcher.FetchLatestVersion(ctx, variant.GCPSEVSNP{}) if err != nil { return fmt.Errorf("fetching latest TCB versions from configapi: %w", err) } diff --git a/terraform-provider-constellation/internal/provider/attestation_data_source.go b/terraform-provider-constellation/internal/provider/attestation_data_source.go index abf2921b6..f731683ab 100644 --- a/terraform-provider-constellation/internal/provider/attestation_data_source.go +++ b/terraform-provider-constellation/internal/provider/attestation_data_source.go @@ -166,7 +166,7 @@ func (d *AttestationDataSource) Read(ctx context.Context, req datasource.ReadReq if attestationVariant.Equal(variant.AzureSEVSNP{}) || attestationVariant.Equal(variant.AWSSEVSNP{}) || attestationVariant.Equal(variant.GCPSEVSNP{}) { - snpVersions, err = d.fetcher.FetchSEVSNPVersionLatest(ctx, attestationVariant) + snpVersions, err = d.fetcher.FetchLatestVersion(ctx, attestationVariant) if err != nil { resp.Diagnostics.AddError("Fetching SNP Version numbers", err.Error()) return From fbddbc98679f5800ee25b7d127ae1f30b3571c71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= Date: Tue, 11 Jun 2024 16:11:53 +0200 Subject: [PATCH 112/380] Dont re-marshal fetched objects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- internal/api/fetcher/fetcher.go | 95 +++++++++++++++++++-------------- 1 file changed, 54 insertions(+), 41 deletions(-) diff --git a/internal/api/fetcher/fetcher.go b/internal/api/fetcher/fetcher.go index 2b18f9d15..ec3118c9c 100644 --- a/internal/api/fetcher/fetcher.go +++ b/internal/api/fetcher/fetcher.go @@ -22,6 +22,7 @@ import ( "encoding/json" "errors" "fmt" + "io" "net/http" "net/url" "strings" @@ -40,45 +41,12 @@ func NewHTTPClient() HTTPClient { // Fetch fetches the given apiObject from the public Constellation CDN. // Fetch does not require authentication. func Fetch[T apiObject](ctx context.Context, c HTTPClient, cdnURL string, obj T) (T, error) { - if err := obj.ValidateRequest(); err != nil { - return *new(T), fmt.Errorf("validating request for %T: %w", obj, err) - } - - urlObj, err := url.Parse(cdnURL) + rawObj, err := fetch(ctx, c, cdnURL, obj) if err != nil { - return *new(T), fmt.Errorf("parsing CDN root URL: %w", err) - } - urlObj.Path = obj.JSONPath() - url := urlObj.String() - - req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, http.NoBody) - if err != nil { - return *new(T), fmt.Errorf("creating request for %T: %w", obj, err) + return *new(T), fmt.Errorf("fetching %T: %w", obj, err) } - resp, err := c.Do(req) - if err != nil { - return *new(T), fmt.Errorf("sending request for %T: %w", obj, err) - } - defer resp.Body.Close() - switch resp.StatusCode { - case http.StatusOK: - case http.StatusNotFound: - return *new(T), &NotFoundError{fmt.Errorf("requesting resource at %s returned status code 404", url)} - default: - return *new(T), fmt.Errorf("unexpected status code %d while requesting resource", resp.StatusCode) - } - - var newObj T - if err := json.NewDecoder(resp.Body).Decode(&newObj); err != nil { - return *new(T), fmt.Errorf("decoding %T: %w", obj, err) - } - - if newObj.Validate() != nil { - return *new(T), fmt.Errorf("received invalid %T: %w", newObj, newObj.Validate()) - } - - return newObj, nil + return parseObject(rawObj, obj) } // FetchAndVerify fetches the given apiObject, checks if it can fetch an accompanying signature and verifies if the signature matches the found object. @@ -86,25 +54,70 @@ func Fetch[T apiObject](ctx context.Context, c HTTPClient, cdnURL string, obj T) // FetchAndVerify uses a generic to return a new object of type T. // Otherwise the caller would have to cast the interface type to a concrete object, which could fail. func FetchAndVerify[T apiObject](ctx context.Context, c HTTPClient, cdnURL string, obj T, cosignVerifier sigstore.Verifier) (T, error) { - fetchedObj, err := Fetch(ctx, c, cdnURL, obj) + rawObj, err := fetch(ctx, c, cdnURL, obj) if err != nil { - return fetchedObj, fmt.Errorf("fetching object: %w", err) + return *new(T), fmt.Errorf("fetching %T: %w", obj, err) } - marshalledObj, err := json.Marshal(fetchedObj) + fetchedObj, err := parseObject(rawObj, obj) if err != nil { - return fetchedObj, fmt.Errorf("marshalling object: %w", err) + return fetchedObj, fmt.Errorf("parsing %T: %w", obj, err) } + signature, err := Fetch(ctx, c, cdnURL, signature{Signed: obj.JSONPath()}) if err != nil { return fetchedObj, fmt.Errorf("fetching signature: %w", err) } - err = cosignVerifier.VerifySignature(marshalledObj, signature.Signature) + err = cosignVerifier.VerifySignature(rawObj, signature.Signature) if err != nil { return fetchedObj, fmt.Errorf("verifying signature: %w", err) } return fetchedObj, nil } +func fetch[T apiObject](ctx context.Context, c HTTPClient, cdnURL string, obj T) ([]byte, error) { + if err := obj.ValidateRequest(); err != nil { + return nil, fmt.Errorf("validating request for %T: %w", obj, err) + } + + urlObj, err := url.Parse(cdnURL) + if err != nil { + return nil, fmt.Errorf("parsing CDN root URL: %w", err) + } + urlObj.Path = obj.JSONPath() + url := urlObj.String() + + req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, http.NoBody) + if err != nil { + return nil, fmt.Errorf("creating request for %T: %w", obj, err) + } + + resp, err := c.Do(req) + if err != nil { + return nil, fmt.Errorf("sending request for %T: %w", obj, err) + } + defer resp.Body.Close() + switch resp.StatusCode { + case http.StatusOK: + case http.StatusNotFound: + return nil, &NotFoundError{fmt.Errorf("requesting resource at %s returned status code 404", url)} + default: + return nil, fmt.Errorf("unexpected status code %d while requesting resource", resp.StatusCode) + } + + return io.ReadAll(resp.Body) +} + +func parseObject[T apiObject](rawObj []byte, obj T) (T, error) { + var newObj T + if err := json.Unmarshal(rawObj, &newObj); err != nil { + return *new(T), fmt.Errorf("decoding %T: %w", obj, err) + } + if newObj.Validate() != nil { + return *new(T), fmt.Errorf("received invalid %T: %w", newObj, newObj.Validate()) + } + return newObj, nil +} + // NotFoundError is an error that is returned when a resource is not found. type NotFoundError struct { err error From a34493caa63cdea3a96af49dd993bca3701757dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= Date: Tue, 11 Jun 2024 16:25:24 +0200 Subject: [PATCH 113/380] Enable versions API to handle TDX versions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- .../cmd/configfetchmeasurements_test.go | 14 +- cli/internal/cmd/iamupgradeapply_test.go | 12 +- .../attestationconfigapi/cli/client/client.go | 26 ++-- .../cli/client/client_test.go | 12 +- .../api/attestationconfigapi/cli/upload.go | 4 +- internal/api/attestationconfigapi/fetcher.go | 49 +++---- .../api/attestationconfigapi/fetcher_test.go | 102 ++++++++------ internal/api/attestationconfigapi/snp.go | 110 --------------- internal/api/attestationconfigapi/version.go | 127 ++++++++++++++++++ .../{snp_test.go => version_test.go} | 24 ++-- internal/config/config_test.go | 14 +- .../provider/attestation_data_source.go | 2 +- .../internal/provider/convert.go | 2 +- 13 files changed, 253 insertions(+), 245 deletions(-) delete mode 100644 internal/api/attestationconfigapi/snp.go create mode 100644 internal/api/attestationconfigapi/version.go rename internal/api/attestationconfigapi/{snp_test.go => version_test.go} (65%) diff --git a/cli/internal/cmd/configfetchmeasurements_test.go b/cli/internal/cmd/configfetchmeasurements_test.go index ab81bd808..608f2af90 100644 --- a/cli/internal/cmd/configfetchmeasurements_test.go +++ b/cli/internal/cmd/configfetchmeasurements_test.go @@ -204,18 +204,8 @@ func (f stubVerifyFetcher) FetchAndVerifyMeasurements(_ context.Context, _ strin type stubAttestationFetcher struct{} -func (f stubAttestationFetcher) FetchSEVSNPVersionList(_ context.Context, _ attestationconfigapi.SEVSNPVersionList) (attestationconfigapi.SEVSNPVersionList, error) { - return attestationconfigapi.SEVSNPVersionList{}, nil -} - -func (f stubAttestationFetcher) FetchSEVSNPVersion(_ context.Context, _ attestationconfigapi.SEVSNPVersionAPI) (attestationconfigapi.SEVSNPVersionAPI, error) { - return attestationconfigapi.SEVSNPVersionAPI{ - SEVSNPVersion: testCfg, - }, nil -} - -func (f stubAttestationFetcher) FetchLatestVersion(_ context.Context, _ variant.Variant) (attestationconfigapi.SEVSNPVersionAPI, error) { - return attestationconfigapi.SEVSNPVersionAPI{ +func (f stubAttestationFetcher) FetchLatestVersion(_ context.Context, _ variant.Variant) (attestationconfigapi.VersionAPIEntry, error) { + return attestationconfigapi.VersionAPIEntry{ SEVSNPVersion: testCfg, }, nil } diff --git a/cli/internal/cmd/iamupgradeapply_test.go b/cli/internal/cmd/iamupgradeapply_test.go index 5b4ffb3a0..11a0c0e60 100644 --- a/cli/internal/cmd/iamupgradeapply_test.go +++ b/cli/internal/cmd/iamupgradeapply_test.go @@ -171,14 +171,6 @@ type stubConfigFetcher struct { fetchLatestErr error } -func (s *stubConfigFetcher) FetchSEVSNPVersion(context.Context, attestationconfigapi.SEVSNPVersionAPI) (attestationconfigapi.SEVSNPVersionAPI, error) { - panic("not implemented") -} - -func (s *stubConfigFetcher) FetchSEVSNPVersionList(context.Context, attestationconfigapi.SEVSNPVersionList) (attestationconfigapi.SEVSNPVersionList, error) { - panic("not implemented") -} - -func (s *stubConfigFetcher) FetchLatestVersion(context.Context, variant.Variant) (attestationconfigapi.SEVSNPVersionAPI, error) { - return attestationconfigapi.SEVSNPVersionAPI{}, s.fetchLatestErr +func (s *stubConfigFetcher) FetchLatestVersion(context.Context, variant.Variant) (attestationconfigapi.VersionAPIEntry, error) { + return attestationconfigapi.VersionAPIEntry{}, s.fetchLatestErr } diff --git a/internal/api/attestationconfigapi/cli/client/client.go b/internal/api/attestationconfigapi/cli/client/client.go index 476ea22d5..bf41b5476 100644 --- a/internal/api/attestationconfigapi/cli/client/client.go +++ b/internal/api/attestationconfigapi/cli/client/client.go @@ -80,20 +80,20 @@ func (a Client) DeleteSEVSNPVersion(ctx context.Context, attestation variant.Var } // List returns the list of versions for the given attestation variant. -func (a Client) List(ctx context.Context, attestation variant.Variant) (attestationconfigapi.SEVSNPVersionList, error) { +func (a Client) List(ctx context.Context, attestation variant.Variant) (attestationconfigapi.VersionList, error) { if !attestation.Equal(variant.AzureSEVSNP{}) && !attestation.Equal(variant.AWSSEVSNP{}) && !attestation.Equal(variant.GCPSEVSNP{}) { - return attestationconfigapi.SEVSNPVersionList{}, fmt.Errorf("unsupported attestation variant: %s", attestation) + return attestationconfigapi.VersionList{}, fmt.Errorf("unsupported attestation variant: %s", attestation) } - versions, err := apiclient.Fetch(ctx, a.s3Client, attestationconfigapi.SEVSNPVersionList{Variant: attestation}) + versions, err := apiclient.Fetch(ctx, a.s3Client, attestationconfigapi.VersionList{Variant: attestation}) if err != nil { var notFoundErr *apiclient.NotFoundError if errors.As(err, ¬FoundErr) { - return attestationconfigapi.SEVSNPVersionList{Variant: attestation}, nil + return attestationconfigapi.VersionList{Variant: attestation}, nil } - return attestationconfigapi.SEVSNPVersionList{}, err + return attestationconfigapi.VersionList{}, err } versions.Variant = attestation @@ -101,10 +101,10 @@ func (a Client) List(ctx context.Context, attestation variant.Variant) (attestat return versions, nil } -func (a Client) deleteSEVSNPVersion(versions attestationconfigapi.SEVSNPVersionList, versionStr string) (ops []crudCmd, err error) { +func (a Client) deleteSEVSNPVersion(versions attestationconfigapi.VersionList, versionStr string) (ops []crudCmd, err error) { versionStr = versionStr + ".json" ops = append(ops, deleteCmd{ - apiObject: attestationconfigapi.SEVSNPVersionAPI{ + apiObject: attestationconfigapi.VersionAPIEntry{ Variant: versions.Variant, Version: versionStr, }, @@ -121,7 +121,7 @@ func (a Client) deleteSEVSNPVersion(versions attestationconfigapi.SEVSNPVersionL return ops, nil } -func (a Client) constructUploadCmd(attestation variant.Variant, version attestationconfigapi.SEVSNPVersion, versionNames attestationconfigapi.SEVSNPVersionList, date time.Time) []crudCmd { +func (a Client) constructUploadCmd(attestation variant.Variant, version attestationconfigapi.SEVSNPVersion, versionNames attestationconfigapi.VersionList, date time.Time) []crudCmd { if !attestation.Equal(versionNames.Variant) { return nil } @@ -130,7 +130,7 @@ func (a Client) constructUploadCmd(attestation variant.Variant, version attestat var res []crudCmd res = append(res, putCmd{ - apiObject: attestationconfigapi.SEVSNPVersionAPI{Version: dateStr, Variant: attestation, SEVSNPVersion: version}, + apiObject: attestationconfigapi.VersionAPIEntry{Version: dateStr, Variant: attestation, SEVSNPVersion: version}, signer: a.signer, }) @@ -144,19 +144,19 @@ func (a Client) constructUploadCmd(attestation variant.Variant, version attestat return res } -func removeVersion(list attestationconfigapi.SEVSNPVersionList, versionStr string) (removedVersions attestationconfigapi.SEVSNPVersionList, err error) { +func removeVersion(list attestationconfigapi.VersionList, versionStr string) (removedVersions attestationconfigapi.VersionList, err error) { versions := list.List for i, v := range versions { if v == versionStr { if i == len(versions)-1 { - removedVersions = attestationconfigapi.SEVSNPVersionList{List: versions[:i], Variant: list.Variant} + removedVersions = attestationconfigapi.VersionList{List: versions[:i], Variant: list.Variant} } else { - removedVersions = attestationconfigapi.SEVSNPVersionList{List: append(versions[:i], versions[i+1:]...), Variant: list.Variant} + removedVersions = attestationconfigapi.VersionList{List: append(versions[:i], versions[i+1:]...), Variant: list.Variant} } return removedVersions, nil } } - return attestationconfigapi.SEVSNPVersionList{}, fmt.Errorf("version %s not found in list %v", versionStr, versions) + return attestationconfigapi.VersionList{}, fmt.Errorf("version %s not found in list %v", versionStr, versions) } type crudCmd interface { diff --git a/internal/api/attestationconfigapi/cli/client/client_test.go b/internal/api/attestationconfigapi/cli/client/client_test.go index 77059b27b..ff504bd00 100644 --- a/internal/api/attestationconfigapi/cli/client/client_test.go +++ b/internal/api/attestationconfigapi/cli/client/client_test.go @@ -21,11 +21,11 @@ func TestUploadAzureSEVSNP(t *testing.T) { } version := attestationconfigapi.SEVSNPVersion{} date := time.Date(2023, 1, 1, 1, 1, 1, 1, time.UTC) - ops := sut.constructUploadCmd(variant.AzureSEVSNP{}, version, attestationconfigapi.SEVSNPVersionList{List: []string{"2021-01-01-01-01.json", "2019-01-01-01-01.json"}, Variant: variant.AzureSEVSNP{}}, date) + ops := sut.constructUploadCmd(variant.AzureSEVSNP{}, version, attestationconfigapi.VersionList{List: []string{"2021-01-01-01-01.json", "2019-01-01-01-01.json"}, Variant: variant.AzureSEVSNP{}}, date) dateStr := "2023-01-01-01-01.json" assert := assert.New(t) assert.Contains(ops, putCmd{ - apiObject: attestationconfigapi.SEVSNPVersionAPI{ + apiObject: attestationconfigapi.VersionAPIEntry{ Variant: variant.AzureSEVSNP{}, Version: dateStr, SEVSNPVersion: version, @@ -33,7 +33,7 @@ func TestUploadAzureSEVSNP(t *testing.T) { signer: fakeSigner{}, }) assert.Contains(ops, putCmd{ - apiObject: attestationconfigapi.SEVSNPVersionList{Variant: variant.AzureSEVSNP{}, List: []string{"2023-01-01-01-01.json", "2021-01-01-01-01.json", "2019-01-01-01-01.json"}}, + apiObject: attestationconfigapi.VersionList{Variant: variant.AzureSEVSNP{}, List: []string{"2023-01-01-01-01.json", "2021-01-01-01-01.json", "2019-01-01-01-01.json"}}, signer: fakeSigner{}, }) } @@ -42,20 +42,20 @@ func TestDeleteAzureSEVSNPVersions(t *testing.T) { sut := Client{ bucketID: "bucket", } - versions := attestationconfigapi.SEVSNPVersionList{List: []string{"2023-01-01.json", "2021-01-01.json", "2019-01-01.json"}} + versions := attestationconfigapi.VersionList{List: []string{"2023-01-01.json", "2021-01-01.json", "2019-01-01.json"}} ops, err := sut.deleteSEVSNPVersion(versions, "2021-01-01") assert := assert.New(t) assert.NoError(err) assert.Contains(ops, deleteCmd{ - apiObject: attestationconfigapi.SEVSNPVersionAPI{ + apiObject: attestationconfigapi.VersionAPIEntry{ Version: "2021-01-01.json", }, }) assert.Contains(ops, putCmd{ - apiObject: attestationconfigapi.SEVSNPVersionList{List: []string{"2023-01-01.json", "2019-01-01.json"}}, + apiObject: attestationconfigapi.VersionList{List: []string{"2023-01-01.json", "2019-01-01.json"}}, }) } diff --git a/internal/api/attestationconfigapi/cli/upload.go b/internal/api/attestationconfigapi/cli/upload.go index ac52b2f95..f04400337 100644 --- a/internal/api/attestationconfigapi/cli/upload.go +++ b/internal/api/attestationconfigapi/cli/upload.go @@ -15,6 +15,7 @@ import ( "github.com/edgelesssys/constellation/v2/internal/api/attestationconfigapi" "github.com/edgelesssys/constellation/v2/internal/api/attestationconfigapi/cli/client" + "github.com/edgelesssys/constellation/v2/internal/api/fetcher" "github.com/edgelesssys/constellation/v2/internal/attestation/variant" "github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider" "github.com/edgelesssys/constellation/v2/internal/file" @@ -127,7 +128,8 @@ func uploadReport(ctx context.Context, latestAPIVersionAPI, err := attestationconfigapi.NewFetcherWithCustomCDNAndCosignKey(cfg.url, cfg.cosignPublicKey).FetchLatestVersion(ctx, attestation) if err != nil { - if errors.Is(err, attestationconfigapi.ErrNoVersionsFound) { + var notFoundErr *fetcher.NotFoundError + if errors.As(err, ¬FoundErr) { log.Info("No versions found in API, but assuming that we are uploading the first version.") } else { return fmt.Errorf("fetching latest version: %w", err) diff --git a/internal/api/attestationconfigapi/fetcher.go b/internal/api/attestationconfigapi/fetcher.go index d89a0c751..6990426bf 100644 --- a/internal/api/attestationconfigapi/fetcher.go +++ b/internal/api/attestationconfigapi/fetcher.go @@ -8,7 +8,6 @@ package attestationconfigapi import ( "context" - "errors" "fmt" apifetcher "github.com/edgelesssys/constellation/v2/internal/api/fetcher" @@ -19,12 +18,9 @@ import ( const cosignPublicKey = constants.CosignPublicKeyReleases -// ErrNoVersionsFound is returned if no versions are found. -var ErrNoVersionsFound = errors.New("no versions found") - // Fetcher fetches config API resources without authentication. type Fetcher interface { - FetchLatestVersion(ctx context.Context, attestation variant.Variant) (SEVSNPVersionAPI, error) + FetchLatestVersion(ctx context.Context, attestation variant.Variant) (VersionAPIEntry, error) } // fetcher fetches AttestationCfg API resources without authentication. @@ -64,46 +60,43 @@ func newFetcherWithClientAndVerifier(client apifetcher.HTTPClient, cosignVerifie } // FetchLatestVersion returns the latest versions of the given type. -func (f *fetcher) FetchLatestVersion(ctx context.Context, attesation variant.Variant) (res SEVSNPVersionAPI, err error) { - list, err := f.fetchVersionList(ctx, SEVSNPVersionList{Variant: attesation}) +func (f *fetcher) FetchLatestVersion(ctx context.Context, variant variant.Variant) (VersionAPIEntry, error) { + list, err := f.fetchVersionList(ctx, variant) if err != nil { - return res, ErrNoVersionsFound + return VersionAPIEntry{}, err } - getVersionRequest := SEVSNPVersionAPI{ - Version: list.List[0], // latest version is first in list - Variant: attesation, - } - res, err = f.fetchVersion(ctx, getVersionRequest) - if err != nil { - return res, err - } - return + // latest version is first in list + return f.fetchVersion(ctx, list.List[0], variant) } // fetchVersionList fetches the version list information from the config API. -func (f *fetcher) fetchVersionList(ctx context.Context, list SEVSNPVersionList) (SEVSNPVersionList, error) { - // TODO(derpsteb): Replace with FetchAndVerify once we move to v2 of the config API. - fetchedList, err := apifetcher.Fetch(ctx, f.HTTPClient, f.cdnURL, list) +func (f *fetcher) fetchVersionList(ctx context.Context, variant variant.Variant) (VersionList, error) { + // TODO(derpsteb): Replace with FetchAndVerify once we move to v2 of the config API and the list is saved as (.json) file. + fetchedList, err := apifetcher.Fetch(ctx, f.HTTPClient, f.cdnURL, VersionList{Variant: variant}) if err != nil { - return list, fmt.Errorf("fetching version list: %w", err) + return VersionList{}, fmt.Errorf("fetching version list: %w", err) } - // Need to set this explicitly as the variant is not part of the marshalled JSON. - fetchedList.Variant = list.Variant + // Set the attestation variant of the list as it is not part of the marshalled JSON retrieved by Fetch + fetchedList.Variant = variant return fetchedList, nil } // fetchVersion fetches the version information from the config API. -func (f *fetcher) fetchVersion(ctx context.Context, version SEVSNPVersionAPI) (SEVSNPVersionAPI, error) { - fetchedVersion, err := apifetcher.FetchAndVerify(ctx, f.HTTPClient, f.cdnURL, version, f.verifier) +func (f *fetcher) fetchVersion(ctx context.Context, version string, variant variant.Variant) (VersionAPIEntry, error) { + obj := VersionAPIEntry{ + Version: version, + Variant: variant, + } + fetchedVersion, err := apifetcher.FetchAndVerify(ctx, f.HTTPClient, f.cdnURL, obj, f.verifier) if err != nil { - return fetchedVersion, fmt.Errorf("fetching version %s: %w", version.Version, err) + return VersionAPIEntry{}, fmt.Errorf("fetching version %q: %w", version, err) } - // Need to set this explicitly as the variant is not part of the marshalled JSON. - fetchedVersion.Variant = version.Variant + // Set the attestation variant of the list as it is not part of the marshalled JSON retrieved by FetchAndVerify + fetchedVersion.Variant = variant return fetchedVersion, nil } diff --git a/internal/api/attestationconfigapi/fetcher_test.go b/internal/api/attestationconfigapi/fetcher_test.go index 0110009cf..93c013247 100644 --- a/internal/api/attestationconfigapi/fetcher_test.go +++ b/internal/api/attestationconfigapi/fetcher_test.go @@ -22,82 +22,106 @@ import ( ) func TestFetchLatestSEVSNPVersion(t *testing.T) { + latestVersionSNP := VersionAPIEntry{ + SEVSNPVersion: SEVSNPVersion{ + Microcode: 93, + TEE: 0, + SNP: 6, + Bootloader: 2, + }, + } + olderVersionSNP := VersionAPIEntry{ + SEVSNPVersion: SEVSNPVersion{ + Microcode: 1, + TEE: 0, + SNP: 1, + Bootloader: 1, + }, + } + latestVersionTDX := VersionAPIEntry{ + TDXVersion: TDXVersion{ + QESVN: 2, + PCESVN: 3, + TEETCBSVN: [16]byte{4}, + QEVendorID: [16]byte{5}, + XFAM: [8]byte{6}, + }, + } + olderVersionTDX := VersionAPIEntry{ + TDXVersion: TDXVersion{ + QESVN: 1, + PCESVN: 2, + TEETCBSVN: [16]byte{3}, + QEVendorID: [16]byte{4}, + XFAM: [8]byte{5}, + }, + } + latestStr := "2023-06-11-14-09.json" olderStr := "2019-01-01-01-01.json" - testcases := map[string]struct { + testCases := map[string]struct { fetcherVersions []string timeAtTest time.Time wantErr bool attestation variant.Variant - expectedVersion func() SEVSNPVersionAPI - olderVersion func() SEVSNPVersionAPI - latestVersion func() SEVSNPVersionAPI + expectedVersion VersionAPIEntry + olderVersion VersionAPIEntry + latestVersion VersionAPIEntry }{ - "get latest version azure": { + "get latest version azure-sev-snp": { fetcherVersions: []string{latestStr, olderStr}, attestation: variant.AzureSEVSNP{}, - expectedVersion: func() SEVSNPVersionAPI { tmp := latestVersion; tmp.Variant = variant.AzureSEVSNP{}; return tmp }, - olderVersion: func() SEVSNPVersionAPI { tmp := olderVersion; tmp.Variant = variant.AzureSEVSNP{}; return tmp }, - latestVersion: func() SEVSNPVersionAPI { tmp := latestVersion; tmp.Variant = variant.AzureSEVSNP{}; return tmp }, + expectedVersion: func() VersionAPIEntry { tmp := latestVersionSNP; tmp.Variant = variant.AzureSEVSNP{}; return tmp }(), + olderVersion: func() VersionAPIEntry { tmp := olderVersionSNP; tmp.Variant = variant.AzureSEVSNP{}; return tmp }(), + latestVersion: func() VersionAPIEntry { tmp := latestVersionSNP; tmp.Variant = variant.AzureSEVSNP{}; return tmp }(), }, - "get latest version aws": { + "get latest version aws-sev-snp": { fetcherVersions: []string{latestStr, olderStr}, attestation: variant.AWSSEVSNP{}, - expectedVersion: func() SEVSNPVersionAPI { tmp := latestVersion; tmp.Variant = variant.AWSSEVSNP{}; return tmp }, - olderVersion: func() SEVSNPVersionAPI { tmp := olderVersion; tmp.Variant = variant.AWSSEVSNP{}; return tmp }, - latestVersion: func() SEVSNPVersionAPI { tmp := latestVersion; tmp.Variant = variant.AWSSEVSNP{}; return tmp }, + expectedVersion: func() VersionAPIEntry { tmp := latestVersionSNP; tmp.Variant = variant.AWSSEVSNP{}; return tmp }(), + olderVersion: func() VersionAPIEntry { tmp := olderVersionSNP; tmp.Variant = variant.AWSSEVSNP{}; return tmp }(), + latestVersion: func() VersionAPIEntry { tmp := latestVersionSNP; tmp.Variant = variant.AWSSEVSNP{}; return tmp }(), + }, + "get latest version azure-tdx": { + fetcherVersions: []string{latestStr, olderStr}, + attestation: variant.AzureTDX{}, + expectedVersion: func() VersionAPIEntry { tmp := latestVersionTDX; tmp.Variant = variant.AzureTDX{}; return tmp }(), + olderVersion: func() VersionAPIEntry { tmp := olderVersionTDX; tmp.Variant = variant.AzureTDX{}; return tmp }(), + latestVersion: func() VersionAPIEntry { tmp := latestVersionTDX; tmp.Variant = variant.AzureTDX{}; return tmp }(), }, } - for name, tc := range testcases { + for name, tc := range testCases { t.Run(name, func(t *testing.T) { client := &http.Client{ Transport: &fakeConfigAPIHandler{ attestation: tc.attestation, versions: tc.fetcherVersions, latestDate: latestStr, - latestVersion: tc.latestVersion(), + latestVersion: tc.latestVersion, olderDate: olderStr, - olderVersion: tc.olderVersion(), + olderVersion: tc.olderVersion, }, } - fetcher := newFetcherWithClientAndVerifier(client, dummyVerifier{}, constants.CDNRepositoryURL) + fetcher := newFetcherWithClientAndVerifier(client, stubVerifier{}, constants.CDNRepositoryURL) res, err := fetcher.FetchLatestVersion(context.Background(), tc.attestation) assert := assert.New(t) if tc.wantErr { assert.Error(err) } else { assert.NoError(err) - assert.Equal(tc.expectedVersion(), res) + assert.Equal(tc.expectedVersion, res) } }) } } -var latestVersion = SEVSNPVersionAPI{ - SEVSNPVersion: SEVSNPVersion{ - Microcode: 93, - TEE: 0, - SNP: 6, - Bootloader: 2, - }, -} - -var olderVersion = SEVSNPVersionAPI{ - SEVSNPVersion: SEVSNPVersion{ - Microcode: 1, - TEE: 0, - SNP: 1, - Bootloader: 1, - }, -} - type fakeConfigAPIHandler struct { attestation variant.Variant versions []string latestDate string - latestVersion SEVSNPVersionAPI + latestVersion VersionAPIEntry olderDate string - olderVersion SEVSNPVersionAPI + olderVersion VersionAPIEntry } // RoundTrip resolves the request and returns a dummy response. @@ -148,8 +172,8 @@ func (f *fakeConfigAPIHandler) RoundTrip(req *http.Request) (*http.Response, err return nil, errors.New("no endpoint found") } -type dummyVerifier struct{} +type stubVerifier struct{} -func (s dummyVerifier) VerifySignature(_, _ []byte) error { +func (s stubVerifier) VerifySignature(_, _ []byte) error { return nil } diff --git a/internal/api/attestationconfigapi/snp.go b/internal/api/attestationconfigapi/snp.go deleted file mode 100644 index a98fae5f9..000000000 --- a/internal/api/attestationconfigapi/snp.go +++ /dev/null @@ -1,110 +0,0 @@ -/* -Copyright (c) Edgeless Systems GmbH - -SPDX-License-Identifier: AGPL-3.0-only -*/ - -package attestationconfigapi - -import ( - "encoding/json" - "fmt" - "path" - "sort" - "strings" - - "github.com/edgelesssys/constellation/v2/internal/attestation/variant" -) - -// AttestationURLPath is the URL path to the attestation versions. -const AttestationURLPath = "constellation/v1/attestation" - -// SEVSNPVersion tracks the latest version of each component of the SEVSNP. -type SEVSNPVersion struct { - // Bootloader is the latest version of the SEVSNP bootloader. - Bootloader uint8 `json:"bootloader"` - // TEE is the latest version of the SEVSNP TEE. - TEE uint8 `json:"tee"` - // SNP is the latest version of the SEVSNP SNP. - SNP uint8 `json:"snp"` - // Microcode is the latest version of the SEVSNP microcode. - Microcode uint8 `json:"microcode"` -} - -// SEVSNPVersionAPI is the request to get the version information of the specific version in the config api. -// Because variant is not part of the marshalled JSON, fetcher and client methods need to fill the variant property. -// Once we switch to v2 of the API we should embed the variant in the object. -// That would remove the possibility of some fetcher/client code forgetting to set the variant. -type SEVSNPVersionAPI struct { - Version string `json:"-"` - Variant variant.Variant `json:"-"` - SEVSNPVersion -} - -// JSONPath returns the path to the JSON file for the request to the config api. -func (i SEVSNPVersionAPI) JSONPath() string { - return path.Join(AttestationURLPath, i.Variant.String(), i.Version) -} - -// ValidateRequest validates the request. -func (i SEVSNPVersionAPI) ValidateRequest() error { - if !strings.HasSuffix(i.Version, ".json") { - return fmt.Errorf("version has no .json suffix") - } - return nil -} - -// Validate is a No-Op at the moment. -func (i SEVSNPVersionAPI) Validate() error { - return nil -} - -// SEVSNPVersionList is the request to list all versions in the config api. -// Because variant is not part of the marshalled JSON, fetcher and client methods need to fill the variant property. -// Once we switch to v2 of the API we could embed the variant in the object and remove some code from fetcher & client. -// That would remove the possibility of some fetcher/client code forgetting to set the variant. -type SEVSNPVersionList struct { - Variant variant.Variant - List []string -} - -// MarshalJSON marshals the i's list property to JSON. -func (i SEVSNPVersionList) MarshalJSON() ([]byte, error) { - return json.Marshal(i.List) -} - -// UnmarshalJSON unmarshals a list of strings into i's list property. -func (i *SEVSNPVersionList) UnmarshalJSON(data []byte) error { - return json.Unmarshal(data, &i.List) -} - -// JSONPath returns the path to the JSON file for the request to the config api. -func (i SEVSNPVersionList) JSONPath() string { - return path.Join(AttestationURLPath, i.Variant.String(), "list") -} - -// ValidateRequest is a NoOp as there is no input. -func (i SEVSNPVersionList) ValidateRequest() error { - return nil -} - -// SortReverse sorts the list of versions in reverse order. -func (i *SEVSNPVersionList) SortReverse() { - sort.Sort(sort.Reverse(sort.StringSlice(i.List))) -} - -// AddVersion adds new to i's list and sorts the element in descending order. -func (i *SEVSNPVersionList) AddVersion(new string) { - i.List = append(i.List, new) - i.List = variant.RemoveDuplicate(i.List) - - i.SortReverse() -} - -// Validate validates the response. -func (i SEVSNPVersionList) Validate() error { - if len(i.List) < 1 { - return fmt.Errorf("no versions found in /list") - } - return nil -} diff --git a/internal/api/attestationconfigapi/version.go b/internal/api/attestationconfigapi/version.go new file mode 100644 index 000000000..751244aba --- /dev/null +++ b/internal/api/attestationconfigapi/version.go @@ -0,0 +1,127 @@ +/* +Copyright (c) Edgeless Systems GmbH + +SPDX-License-Identifier: AGPL-3.0-only +*/ + +package attestationconfigapi + +import ( + "encoding/json" + "fmt" + "path" + "sort" + "strings" + + "github.com/edgelesssys/constellation/v2/internal/attestation/variant" +) + +// AttestationURLPath is the URL path to the attestation versions. +const AttestationURLPath = "constellation/v1/attestation" + +// SEVSNPVersion tracks the latest version of each component for SEV-SNP. +type SEVSNPVersion struct { + // Bootloader is the latest version of the SEV-SNP bootloader. + Bootloader uint8 `json:"bootloader,omitempty"` + // TEE is the latest version of the SEV-SNP TEE. + TEE uint8 `json:"tee,omitempty"` + // SNP is the latest version of the SEV-SNP SNP. + SNP uint8 `json:"snp,omitempty"` + // Microcode is the latest version of the SEV-SNP microcode. + Microcode uint8 `json:"microcode,omitempty"` +} + +// TDXVersion tracks the latest version of each component for TDX. +type TDXVersion struct { + // QESVN is the latest QE security version number. + QESVN uint16 `json:"qeSVN,omitempty"` + // PCESVN is the latest PCE security version number. + PCESVN uint16 `json:"pceSVN,omitempty"` + // TEETCBSVN are the latest component-wise security version numbers for the TEE. + TEETCBSVN [16]byte `json:"teeTCBSVN,omitempty"` + // QEVendorID is the latest QE vendor ID. + QEVendorID [16]byte `json:"qeVendorID,omitempty"` + // XFAM is the latest XFAM field. + XFAM [8]byte `json:"xfam,omitempty"` +} + +// VersionAPIEntry is the request to get the version information of the specific version in the config api. +// +// TODO: Because variant is not part of the marshalled JSON, fetcher and client methods need to fill the variant property. +// In API v2 we should embed the variant in the object and remove some code from fetcher & client. +// That would remove the possibility of some fetcher/client code forgetting to set the variant. +type VersionAPIEntry struct { + Version string `json:"-"` + Variant variant.Variant `json:"-"` + SEVSNPVersion + TDXVersion +} + +// JSONPath returns the path to the JSON file for the request to the config api. +func (i VersionAPIEntry) JSONPath() string { + return path.Join(AttestationURLPath, i.Variant.String(), i.Version) +} + +// ValidateRequest validates the request. +func (i VersionAPIEntry) ValidateRequest() error { + if !strings.HasSuffix(i.Version, ".json") { + return fmt.Errorf("version has no .json suffix") + } + return nil +} + +// Validate is a No-Op at the moment. +func (i VersionAPIEntry) Validate() error { + return nil +} + +// VersionList is the request to retrieve of all versions in the API for one attestation variant. +// +// TODO: Because variant is not part of the marshalled JSON, fetcher and client methods need to fill the variant property. +// In API v2 we should embed the variant in the object and remove some code from fetcher & client. +// That would remove the possibility of some fetcher/client code forgetting to set the variant. +type VersionList struct { + Variant variant.Variant + List []string +} + +// MarshalJSON marshals the i's list property to JSON. +func (i VersionList) MarshalJSON() ([]byte, error) { + return json.Marshal(i.List) +} + +// UnmarshalJSON unmarshals a list of strings into i's list property. +func (i *VersionList) UnmarshalJSON(data []byte) error { + return json.Unmarshal(data, &i.List) +} + +// JSONPath returns the path to the JSON file for the request to the config api. +func (i VersionList) JSONPath() string { + return path.Join(AttestationURLPath, i.Variant.String(), "list") +} + +// ValidateRequest is a NoOp as there is no input. +func (i VersionList) ValidateRequest() error { + return nil +} + +// SortReverse sorts the list of versions in reverse order. +func (i *VersionList) SortReverse() { + sort.Sort(sort.Reverse(sort.StringSlice(i.List))) +} + +// AddVersion adds new to i's list and sorts the element in descending order. +func (i *VersionList) AddVersion(new string) { + i.List = append(i.List, new) + i.List = variant.RemoveDuplicate(i.List) + + i.SortReverse() +} + +// Validate validates the response. +func (i VersionList) Validate() error { + if len(i.List) < 1 { + return fmt.Errorf("no versions found in /list") + } + return nil +} diff --git a/internal/api/attestationconfigapi/snp_test.go b/internal/api/attestationconfigapi/version_test.go similarity index 65% rename from internal/api/attestationconfigapi/snp_test.go rename to internal/api/attestationconfigapi/version_test.go index da2f09cfa..ee87bfc37 100644 --- a/internal/api/attestationconfigapi/snp_test.go +++ b/internal/api/attestationconfigapi/version_test.go @@ -14,23 +14,23 @@ import ( "github.com/stretchr/testify/require" ) -func TestSEVSNPVersionListMarshalUnmarshalJSON(t *testing.T) { +func TestVersionListMarshalUnmarshalJSON(t *testing.T) { tests := map[string]struct { - input SEVSNPVersionList - output SEVSNPVersionList + input VersionList + output VersionList wantDiff bool }{ "success": { - input: SEVSNPVersionList{List: []string{"v1", "v2"}}, - output: SEVSNPVersionList{List: []string{"v1", "v2"}}, + input: VersionList{List: []string{"v1", "v2"}}, + output: VersionList{List: []string{"v1", "v2"}}, }, "variant is lost": { - input: SEVSNPVersionList{List: []string{"v1", "v2"}, Variant: variant.AzureSEVSNP{}}, - output: SEVSNPVersionList{List: []string{"v1", "v2"}}, + input: VersionList{List: []string{"v1", "v2"}, Variant: variant.AzureSEVSNP{}}, + output: VersionList{List: []string{"v1", "v2"}}, }, "wrong order": { - input: SEVSNPVersionList{List: []string{"v1", "v2"}}, - output: SEVSNPVersionList{List: []string{"v2", "v1"}}, + input: VersionList{List: []string{"v1", "v2"}}, + output: VersionList{List: []string{"v2", "v1"}}, wantDiff: true, }, } @@ -40,7 +40,7 @@ func TestSEVSNPVersionListMarshalUnmarshalJSON(t *testing.T) { inputRaw, err := tc.input.MarshalJSON() require.NoError(t, err) - var actual SEVSNPVersionList + var actual VersionList err = actual.UnmarshalJSON(inputRaw) require.NoError(t, err) @@ -53,7 +53,7 @@ func TestSEVSNPVersionListMarshalUnmarshalJSON(t *testing.T) { } } -func TestSEVSNPVersionListAddVersion(t *testing.T) { +func TestVersionListAddVersion(t *testing.T) { tests := map[string]struct { versions []string new string @@ -68,7 +68,7 @@ func TestSEVSNPVersionListAddVersion(t *testing.T) { for name, tc := range tests { t.Run(name, func(t *testing.T) { - v := SEVSNPVersionList{List: tc.versions} + v := VersionList{List: tc.versions} v.AddVersion(tc.new) assert.Equal(t, tc.expected, v.List) diff --git a/internal/config/config_test.go b/internal/config/config_test.go index 58a0eb22c..6a932a000 100644 --- a/internal/config/config_test.go +++ b/internal/config/config_test.go @@ -1051,18 +1051,8 @@ func getConfigAsMap(conf *Config, t *testing.T) (res configMap) { type stubAttestationFetcher struct{} -func (f stubAttestationFetcher) FetchSEVSNPVersionList(_ context.Context, _ attestationconfigapi.SEVSNPVersionList) (attestationconfigapi.SEVSNPVersionList, error) { - return attestationconfigapi.SEVSNPVersionList{}, nil -} - -func (f stubAttestationFetcher) FetchSEVSNPVersion(_ context.Context, _ attestationconfigapi.SEVSNPVersionAPI) (attestationconfigapi.SEVSNPVersionAPI, error) { - return attestationconfigapi.SEVSNPVersionAPI{ - SEVSNPVersion: testCfg, - }, nil -} - -func (f stubAttestationFetcher) FetchLatestVersion(_ context.Context, _ variant.Variant) (attestationconfigapi.SEVSNPVersionAPI, error) { - return attestationconfigapi.SEVSNPVersionAPI{ +func (f stubAttestationFetcher) FetchLatestVersion(_ context.Context, _ variant.Variant) (attestationconfigapi.VersionAPIEntry, error) { + return attestationconfigapi.VersionAPIEntry{ SEVSNPVersion: testCfg, }, nil } diff --git a/terraform-provider-constellation/internal/provider/attestation_data_source.go b/terraform-provider-constellation/internal/provider/attestation_data_source.go index f731683ab..22246cc84 100644 --- a/terraform-provider-constellation/internal/provider/attestation_data_source.go +++ b/terraform-provider-constellation/internal/provider/attestation_data_source.go @@ -162,7 +162,7 @@ func (d *AttestationDataSource) Read(ctx context.Context, req datasource.ReadReq insecureFetch := data.Insecure.ValueBool() - snpVersions := attestationconfigapi.SEVSNPVersionAPI{} + snpVersions := attestationconfigapi.VersionAPIEntry{} if attestationVariant.Equal(variant.AzureSEVSNP{}) || attestationVariant.Equal(variant.AWSSEVSNP{}) || attestationVariant.Equal(variant.GCPSEVSNP{}) { diff --git a/terraform-provider-constellation/internal/provider/convert.go b/terraform-provider-constellation/internal/provider/convert.go index cfe9ec7fa..8dc9225a4 100644 --- a/terraform-provider-constellation/internal/provider/convert.go +++ b/terraform-provider-constellation/internal/provider/convert.go @@ -137,7 +137,7 @@ func convertFromTfAttestationCfg(tfAttestation attestationAttribute, attestation } // convertToTfAttestationCfg converts the constellation attestation config to the related terraform structs. -func convertToTfAttestation(attVar variant.Variant, snpVersions attestationconfigapi.SEVSNPVersionAPI) (tfAttestation attestationAttribute, err error) { +func convertToTfAttestation(attVar variant.Variant, snpVersions attestationconfigapi.VersionAPIEntry) (tfAttestation attestationAttribute, err error) { tfAttestation = attestationAttribute{ Variant: attVar.String(), BootloaderVersion: snpVersions.Bootloader, From 9159b60331e8b8c724053ee6dc674df08c8dd40c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= Date: Wed, 12 Jun 2024 10:24:16 +0200 Subject: [PATCH 114/380] Implement support for "latest" placeholders for Azure TDX MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- internal/api/attestationconfigapi/BUILD.bazel | 4 +- .../api/attestationconfigapi/cli/BUILD.bazel | 1 + internal/api/attestationconfigapi/version.go | 18 +- internal/attestation/azure/tdx/validator.go | 10 +- internal/config/BUILD.bazel | 1 + internal/config/attestationversion.go | 96 +++-- internal/config/attestationversion_test.go | 341 ++++++++++++------ internal/config/aws.go | 8 +- internal/config/azure.go | 56 ++- internal/config/config.go | 42 ++- internal/config/config_test.go | 16 +- internal/config/gcp.go | 8 +- internal/config/migration/migration.go | 8 +- .../internal/provider/BUILD.bazel | 1 + .../provider/attestation_data_source.go | 11 +- .../internal/provider/convert.go | 56 +-- 16 files changed, 410 insertions(+), 267 deletions(-) diff --git a/internal/api/attestationconfigapi/BUILD.bazel b/internal/api/attestationconfigapi/BUILD.bazel index 39f3bf5a3..80397adb3 100644 --- a/internal/api/attestationconfigapi/BUILD.bazel +++ b/internal/api/attestationconfigapi/BUILD.bazel @@ -6,7 +6,7 @@ go_library( srcs = [ "attestationconfigapi.go", "fetcher.go", - "snp.go", + "version.go", ], importpath = "github.com/edgelesssys/constellation/v2/internal/api/attestationconfigapi", visibility = ["//:__subpackages__"], @@ -22,7 +22,7 @@ go_test( name = "attestationconfigapi_test", srcs = [ "fetcher_test.go", - "snp_test.go", + "version_test.go", ], embed = [":attestationconfigapi"], deps = [ diff --git a/internal/api/attestationconfigapi/cli/BUILD.bazel b/internal/api/attestationconfigapi/cli/BUILD.bazel index 8378b0d03..03e6529d5 100644 --- a/internal/api/attestationconfigapi/cli/BUILD.bazel +++ b/internal/api/attestationconfigapi/cli/BUILD.bazel @@ -20,6 +20,7 @@ go_library( deps = [ "//internal/api/attestationconfigapi", "//internal/api/attestationconfigapi/cli/client", + "//internal/api/fetcher", "//internal/attestation/variant", "//internal/cloud/cloudprovider", "//internal/constants", diff --git a/internal/api/attestationconfigapi/version.go b/internal/api/attestationconfigapi/version.go index 751244aba..669ee6d4c 100644 --- a/internal/api/attestationconfigapi/version.go +++ b/internal/api/attestationconfigapi/version.go @@ -22,27 +22,27 @@ const AttestationURLPath = "constellation/v1/attestation" // SEVSNPVersion tracks the latest version of each component for SEV-SNP. type SEVSNPVersion struct { // Bootloader is the latest version of the SEV-SNP bootloader. - Bootloader uint8 `json:"bootloader,omitempty"` + Bootloader uint8 `json:"bootloader"` // TEE is the latest version of the SEV-SNP TEE. - TEE uint8 `json:"tee,omitempty"` + TEE uint8 `json:"tee"` // SNP is the latest version of the SEV-SNP SNP. - SNP uint8 `json:"snp,omitempty"` + SNP uint8 `json:"snp"` // Microcode is the latest version of the SEV-SNP microcode. - Microcode uint8 `json:"microcode,omitempty"` + Microcode uint8 `json:"microcode"` } // TDXVersion tracks the latest version of each component for TDX. type TDXVersion struct { // QESVN is the latest QE security version number. - QESVN uint16 `json:"qeSVN,omitempty"` + QESVN uint16 `json:"qeSVN"` // PCESVN is the latest PCE security version number. - PCESVN uint16 `json:"pceSVN,omitempty"` + PCESVN uint16 `json:"pceSVN"` // TEETCBSVN are the latest component-wise security version numbers for the TEE. - TEETCBSVN [16]byte `json:"teeTCBSVN,omitempty"` + TEETCBSVN [16]byte `json:"teeTCBSVN"` // QEVendorID is the latest QE vendor ID. - QEVendorID [16]byte `json:"qeVendorID,omitempty"` + QEVendorID [16]byte `json:"qeVendorID"` // XFAM is the latest XFAM field. - XFAM [8]byte `json:"xfam,omitempty"` + XFAM [8]byte `json:"xfam"` } // VersionAPIEntry is the request to get the version information of the specific version in the config api. diff --git a/internal/attestation/azure/tdx/validator.go b/internal/attestation/azure/tdx/validator.go index 02a8d3d6d..6a496f2bb 100644 --- a/internal/attestation/azure/tdx/validator.go +++ b/internal/attestation/azure/tdx/validator.go @@ -103,14 +103,14 @@ func (v *Validator) validateQuote(tdxQuote *tdx.QuoteV4) error { if err := validate.TdxQuote(tdxQuote, &validate.Options{ HeaderOptions: validate.HeaderOptions{ - MinimumQeSvn: v.cfg.QESVN, - MinimumPceSvn: v.cfg.PCESVN, - QeVendorID: v.cfg.QEVendorID, + MinimumQeSvn: v.cfg.QESVN.Value, + MinimumPceSvn: v.cfg.PCESVN.Value, + QeVendorID: v.cfg.QEVendorID.Value, }, TdQuoteBodyOptions: validate.TdQuoteBodyOptions{ - MinimumTeeTcbSvn: v.cfg.TEETCBSVN, + MinimumTeeTcbSvn: v.cfg.TEETCBSVN.Value, MrSeam: v.cfg.MRSeam, - Xfam: v.cfg.XFAM, + Xfam: v.cfg.XFAM.Value, }, }); err != nil { return err diff --git a/internal/config/BUILD.bazel b/internal/config/BUILD.bazel index 8ea071ae8..8a96864c5 100644 --- a/internal/config/BUILD.bazel +++ b/internal/config/BUILD.bazel @@ -63,6 +63,7 @@ go_test( "//internal/cloud/cloudprovider", "//internal/config/instancetypes", "//internal/constants", + "//internal/encoding", "//internal/file", "//internal/semver", "//internal/versions", diff --git a/internal/config/attestationversion.go b/internal/config/attestationversion.go index a7949c5c3..e2e5a12a5 100644 --- a/internal/config/attestationversion.go +++ b/internal/config/attestationversion.go @@ -9,47 +9,49 @@ package config import ( "encoding/json" "fmt" - "math" - "strconv" "strings" + + "github.com/edgelesssys/constellation/v2/internal/encoding" ) -const placeholderVersionValue = 0 +type versionValue interface { + encoding.HexBytes | uint8 | uint16 +} + +func placeholderVersionValue[T versionValue]() T { + var placeholder T + return placeholder +} // NewLatestPlaceholderVersion returns the latest version with a placeholder version value. -func NewLatestPlaceholderVersion() AttestationVersion { - return AttestationVersion{ - Value: placeholderVersionValue, +func NewLatestPlaceholderVersion[T versionValue]() AttestationVersion[T] { + return AttestationVersion[T]{ + Value: placeholderVersionValue[T](), WantLatest: true, } } -// AttestationVersion is a type that represents a version of a SNP. -type AttestationVersion struct { - Value uint8 +// AttestationVersion holds version information. +type AttestationVersion[T versionValue] struct { + Value T WantLatest bool } -// MarshalYAML implements a custom marshaller to resolve "latest" values. -func (v AttestationVersion) MarshalYAML() (any, error) { +// MarshalYAML implements a custom marshaller to write "latest" as the type's value, if set. +func (v AttestationVersion[T]) MarshalYAML() (any, error) { if v.WantLatest { return "latest", nil } return v.Value, nil } -// UnmarshalYAML implements a custom unmarshaller to resolve "atest" values. -func (v *AttestationVersion) UnmarshalYAML(unmarshal func(any) error) error { - var rawUnmarshal string - if err := unmarshal(&rawUnmarshal); err != nil { - return fmt.Errorf("raw unmarshal: %w", err) - } - - return v.parseRawUnmarshal(rawUnmarshal) +// UnmarshalYAML implements a custom unmarshaller to resolve "latest" values. +func (v *AttestationVersion[T]) UnmarshalYAML(unmarshal func(any) error) error { + return v.unmarshal(unmarshal) } -// MarshalJSON implements a custom marshaller to resolve "latest" values. -func (v AttestationVersion) MarshalJSON() ([]byte, error) { +// MarshalJSON implements a custom marshaller to write "latest" as the type's value, if set. +func (v AttestationVersion[T]) MarshalJSON() ([]byte, error) { if v.WantLatest { return json.Marshal("latest") } @@ -57,39 +59,31 @@ func (v AttestationVersion) MarshalJSON() ([]byte, error) { } // UnmarshalJSON implements a custom unmarshaller to resolve "latest" values. -func (v *AttestationVersion) UnmarshalJSON(data []byte) (err error) { - // JSON has two distinct ways to represent numbers and strings. - // This means we cannot simply unmarshal to string, like with YAML. - // Unmarshalling to `any` causes Go to unmarshal numbers to float64. - // Therefore, try to unmarshal to string, and then to int, instead of using type assertions. +func (v *AttestationVersion[T]) UnmarshalJSON(data []byte) (err error) { + return v.unmarshal(func(a any) error { + return json.Unmarshal(data, a) + }) +} + +// unmarshal takes care of unmarshalling the value from YAML or JSON. +func (v *AttestationVersion[T]) unmarshal(unmarshal func(any) error) error { + // Start by trying to unmarshal to the distinct type + var distinctType T + if err := unmarshal(&distinctType); err == nil { + v.Value = distinctType + return nil + } + var unmarshalString string - if err := json.Unmarshal(data, &unmarshalString); err != nil { - var unmarshalInt int64 - if err := json.Unmarshal(data, &unmarshalInt); err != nil { - return fmt.Errorf("unable to unmarshal to string or int: %w", err) - } - unmarshalString = strconv.FormatInt(unmarshalInt, 10) + if err := unmarshal(&unmarshalString); err != nil { + return fmt.Errorf("failed unmarshalling to %T or string: %w", distinctType, err) } - return v.parseRawUnmarshal(unmarshalString) -} - -func (v *AttestationVersion) parseRawUnmarshal(str string) error { - if strings.HasPrefix(str, "0") && len(str) != 1 { - return fmt.Errorf("no format with prefixed 0 (octal, hexadecimal) allowed: %s", str) - } - if strings.ToLower(str) == "latest" { + if strings.ToLower(unmarshalString) == "latest" { v.WantLatest = true - v.Value = placeholderVersionValue - } else { - ui, err := strconv.ParseUint(str, 10, 8) - if err != nil { - return fmt.Errorf("invalid version value: %s", str) - } - if ui > math.MaxUint8 { - return fmt.Errorf("integer value is out ouf uint8 range: %d", ui) - } - v.Value = uint8(ui) + v.Value = placeholderVersionValue[T]() + return nil } - return nil + + return fmt.Errorf("failed unmarshalling to %T or string: invalid value: %s", distinctType, unmarshalString) } diff --git a/internal/config/attestationversion_test.go b/internal/config/attestationversion_test.go index 52d68e2a8..45a401216 100644 --- a/internal/config/attestationversion_test.go +++ b/internal/config/attestationversion_test.go @@ -7,204 +7,307 @@ SPDX-License-Identifier: AGPL-3.0-only package config import ( + "bytes" "encoding/json" "testing" - "github.com/stretchr/testify/require" + "github.com/edgelesssys/constellation/v2/internal/encoding" + "github.com/stretchr/testify/assert" "gopkg.in/yaml.v3" ) func TestVersionMarshalYAML(t *testing.T) { - tests := map[string]struct { - sut AttestationVersion + testCasesUint8 := map[string]struct { + sut AttestationVersion[uint8] want string }{ - "isLatest resolves to latest": { - sut: AttestationVersion{ + "version with latest writes latest": { + sut: AttestationVersion[uint8]{ Value: 1, WantLatest: true, }, want: "latest\n", }, - "value 5 resolves to 5": { - sut: AttestationVersion{ + "value 5 writes 5": { + sut: AttestationVersion[uint8]{ Value: 5, WantLatest: false, }, want: "5\n", }, } - for name, tc := range tests { + for name, tc := range testCasesUint8 { t.Run(name, func(t *testing.T) { - require := require.New(t) + assert := assert.New(t) bt, err := yaml.Marshal(tc.sut) - require.NoError(err) - require.Equal(tc.want, string(bt)) + assert.NoError(err) + assert.Equal(tc.want, string(bt)) + }) + } + + testCasesUint16 := map[string]struct { + sut AttestationVersion[uint16] + want string + }{ + "version with latest writes latest": { + sut: AttestationVersion[uint16]{ + Value: 1, + WantLatest: true, + }, + want: "latest\n", + }, + "value 5 writes 5": { + sut: AttestationVersion[uint16]{ + Value: 5, + WantLatest: false, + }, + want: "5\n", + }, + } + for name, tc := range testCasesUint16 { + t.Run(name, func(t *testing.T) { + assert := assert.New(t) + + bt, err := yaml.Marshal(tc.sut) + assert.NoError(err) + assert.Equal(tc.want, string(bt)) + }) + } + + testCasesHexBytes := map[string]struct { + sut AttestationVersion[encoding.HexBytes] + want string + }{ + "version with latest writes latest": { + sut: AttestationVersion[encoding.HexBytes]{ + Value: encoding.HexBytes(bytes.Repeat([]byte("0"), 16)), + WantLatest: true, + }, + want: "latest\n", + }, + "value 5 writes 5": { + sut: AttestationVersion[encoding.HexBytes]{ + Value: encoding.HexBytes(bytes.Repeat([]byte("A"), 16)), + WantLatest: false, + }, + want: "\"41414141414141414141414141414141\"\n", + }, + } + for name, tc := range testCasesHexBytes { + t.Run(name, func(t *testing.T) { + assert := assert.New(t) + + bt, err := yaml.Marshal(tc.sut) + assert.NoError(err) + assert.Equal(tc.want, string(bt)) }) } } -func TestVersionUnmarshalYAML(t *testing.T) { - tests := map[string]struct { - sut string - want AttestationVersion - wantErr bool +func TestVersionUnmarshal(t *testing.T) { + testCasesUint8 := map[string]struct { + yamlData string + jsonData string + want AttestationVersion[uint8] + wantErr bool }{ "latest resolves to isLatest": { - sut: "latest", - want: AttestationVersion{ + yamlData: "latest", + jsonData: "\"latest\"", + want: AttestationVersion[uint8]{ Value: 0, WantLatest: true, }, wantErr: false, }, "1 resolves to value 1": { - sut: "1", - want: AttestationVersion{ + yamlData: "1", + jsonData: "1", + want: AttestationVersion[uint8]{ Value: 1, WantLatest: false, }, wantErr: false, }, "max uint8+1 errors": { - sut: "256", - wantErr: true, + yamlData: "256", + jsonData: "256", + wantErr: true, }, "-1 errors": { - sut: "-1", - wantErr: true, - }, - "2.6 errors": { - sut: "2.6", - wantErr: true, - }, - "2.0 errors": { - sut: "2.0", - wantErr: true, - }, - "hex format is invalid": { - sut: "0x10", - wantErr: true, - }, - "octal format is invalid": { - sut: "010", - wantErr: true, + yamlData: "-1", + jsonData: "-1", + wantErr: true, }, "0 resolves to value 0": { - sut: "0", - want: AttestationVersion{ + yamlData: "0", + jsonData: "0", + want: AttestationVersion[uint8]{ Value: 0, WantLatest: false, }, }, - "00 errors": { - sut: "00", - wantErr: true, - }, } - for name, tc := range tests { + for name, tc := range testCasesUint8 { t.Run(name, func(t *testing.T) { - require := require.New(t) + assert := assert.New(t) - var sut AttestationVersion - err := yaml.Unmarshal([]byte(tc.sut), &sut) - if tc.wantErr { - require.Error(err) - return + { + var sut AttestationVersion[uint8] + err := yaml.Unmarshal([]byte(tc.yamlData), &sut) + if tc.wantErr { + assert.Error(err) + } else { + assert.NoError(err) + assert.Equal(tc.want, sut) + } + } + + { + var sut AttestationVersion[uint8] + err := json.Unmarshal([]byte(tc.jsonData), &sut) + if tc.wantErr { + assert.Error(err) + } else { + assert.NoError(err) + assert.Equal(tc.want, sut) + } } - require.NoError(err) - require.Equal(tc.want, sut) }) } -} -func TestVersionUnmarshalJSON(t *testing.T) { - tests := map[string]struct { - sut string - want AttestationVersion - wantErr bool + testCasesUint16 := map[string]struct { + yamlData string + jsonData string + want AttestationVersion[uint16] + wantErr bool }{ "latest resolves to isLatest": { - sut: `"latest"`, - want: AttestationVersion{ + yamlData: "latest", + jsonData: "\"latest\"", + want: AttestationVersion[uint16]{ Value: 0, WantLatest: true, }, + wantErr: false, }, "1 resolves to value 1": { - sut: "1", - want: AttestationVersion{ + yamlData: "1", + jsonData: "1", + want: AttestationVersion[uint16]{ Value: 1, WantLatest: false, }, + wantErr: false, }, - "quoted number resolves to value": { - sut: `"1"`, - want: AttestationVersion{ - Value: 1, - WantLatest: false, - }, - }, - "quoted float errors": { - sut: `"1.0"`, - wantErr: true, - }, - "max uint8+1 errors": { - sut: "256", - wantErr: true, + "max uint16+1 errors": { + yamlData: "65536", + jsonData: "65536", + wantErr: true, }, "-1 errors": { - sut: "-1", - wantErr: true, - }, - "2.6 errors": { - sut: "2.6", - wantErr: true, - }, - "2.0 errors": { - sut: "2.0", - wantErr: true, - }, - "hex format is invalid": { - sut: "0x10", - wantErr: true, - }, - "octal format is invalid": { - sut: "010", - wantErr: true, + yamlData: "-1", + jsonData: "-1", + wantErr: true, }, "0 resolves to value 0": { - sut: "0", - want: AttestationVersion{ + yamlData: "0", + jsonData: "0", + want: AttestationVersion[uint16]{ Value: 0, WantLatest: false, }, }, - "quoted 0 resolves to value 0": { - sut: `"0"`, - want: AttestationVersion{ - Value: 0, - WantLatest: false, - }, - }, - "00 errors": { - sut: "00", - wantErr: true, - }, } - for name, tc := range tests { + for name, tc := range testCasesUint16 { t.Run(name, func(t *testing.T) { - require := require.New(t) + assert := assert.New(t) - var sut AttestationVersion - err := json.Unmarshal([]byte(tc.sut), &sut) - if tc.wantErr { - require.Error(err) - return + { + var sut AttestationVersion[uint16] + err := yaml.Unmarshal([]byte(tc.yamlData), &sut) + if tc.wantErr { + assert.Error(err) + } else { + assert.NoError(err) + assert.Equal(tc.want, sut) + } + } + + { + var sut AttestationVersion[uint16] + err := json.Unmarshal([]byte(tc.jsonData), &sut) + if tc.wantErr { + assert.Error(err) + } else { + assert.NoError(err) + assert.Equal(tc.want, sut) + } + } + }) + } + + testCasesHexBytes := map[string]struct { + yamlData string + jsonData string + want AttestationVersion[encoding.HexBytes] + wantErr bool + }{ + "latest resolves to isLatest": { + yamlData: "latest", + jsonData: "\"latest\"", + want: AttestationVersion[encoding.HexBytes]{ + Value: encoding.HexBytes(nil), + WantLatest: true, + }, + wantErr: false, + }, + "hex string resolves to correctly": { + yamlData: "41414141414141414141414141414141", + jsonData: "\"41414141414141414141414141414141\"", + want: AttestationVersion[encoding.HexBytes]{ + Value: encoding.HexBytes(bytes.Repeat([]byte("A"), 16)), + WantLatest: false, + }, + wantErr: false, + }, + "invalid hex string": { + yamlData: "GGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG", + jsonData: "\"GGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG\"", + wantErr: true, + }, + "non hex data": { + yamlData: "-15", + jsonData: "-15", + wantErr: true, + }, + } + for name, tc := range testCasesHexBytes { + t.Run(name, func(t *testing.T) { + assert := assert.New(t) + + { + var sut AttestationVersion[encoding.HexBytes] + err := yaml.Unmarshal([]byte(tc.yamlData), &sut) + if tc.wantErr { + assert.Error(err) + } else { + assert.NoError(err) + assert.Equal(tc.want, sut) + } + } + + { + var sut AttestationVersion[encoding.HexBytes] + err := json.Unmarshal([]byte(tc.jsonData), &sut) + if tc.wantErr { + assert.Error(err) + } else { + assert.NoError(err) + assert.Equal(tc.want, sut) + } } - require.NoError(err) - require.Equal(tc.want, sut) }) } } diff --git a/internal/config/aws.go b/internal/config/aws.go index b75887b07..10dc449e2 100644 --- a/internal/config/aws.go +++ b/internal/config/aws.go @@ -22,10 +22,10 @@ var _ svnResolveMarshaller = &AWSSEVSNP{} func DefaultForAWSSEVSNP() *AWSSEVSNP { return &AWSSEVSNP{ Measurements: measurements.DefaultsFor(cloudprovider.AWS, variant.AWSSEVSNP{}), - BootloaderVersion: NewLatestPlaceholderVersion(), - TEEVersion: NewLatestPlaceholderVersion(), - SNPVersion: NewLatestPlaceholderVersion(), - MicrocodeVersion: NewLatestPlaceholderVersion(), + BootloaderVersion: NewLatestPlaceholderVersion[uint8](), + TEEVersion: NewLatestPlaceholderVersion[uint8](), + SNPVersion: NewLatestPlaceholderVersion[uint8](), + MicrocodeVersion: NewLatestPlaceholderVersion[uint8](), AMDRootKey: mustParsePEM(arkPEM), } } diff --git a/internal/config/azure.go b/internal/config/azure.go index ac2e39a2a..273f54381 100644 --- a/internal/config/azure.go +++ b/internal/config/azure.go @@ -28,10 +28,10 @@ var ( func DefaultForAzureSEVSNP() *AzureSEVSNP { return &AzureSEVSNP{ Measurements: measurements.DefaultsFor(cloudprovider.Azure, variant.AzureSEVSNP{}), - BootloaderVersion: NewLatestPlaceholderVersion(), - TEEVersion: NewLatestPlaceholderVersion(), - SNPVersion: NewLatestPlaceholderVersion(), - MicrocodeVersion: NewLatestPlaceholderVersion(), + BootloaderVersion: NewLatestPlaceholderVersion[uint8](), + TEEVersion: NewLatestPlaceholderVersion[uint8](), + SNPVersion: NewLatestPlaceholderVersion[uint8](), + MicrocodeVersion: NewLatestPlaceholderVersion[uint8](), FirmwareSignerConfig: SNPFirmwareSignerConfig{ AcceptedKeyDigests: idkeydigest.DefaultList(), EnforcementPolicy: idkeydigest.MAAFallback, @@ -142,14 +142,14 @@ func DefaultForAzureTDX() *AzureTDX { return &AzureTDX{ Measurements: measurements.DefaultsFor(cloudprovider.Azure, variant.AzureTDX{}), // TODO(AB#3798): Enable latest versioning for Azure TDX - QESVN: 0, - PCESVN: 0, - TEETCBSVN: encoding.HexBytes{0x02, 0x01, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - QEVendorID: encoding.HexBytes{0x93, 0x9a, 0x72, 0x33, 0xf7, 0x9c, 0x4c, 0xa9, 0x94, 0x0a, 0x0d, 0xb3, 0x95, 0x7f, 0x06, 0x07}, + QESVN: NewLatestPlaceholderVersion[uint16](), + PCESVN: NewLatestPlaceholderVersion[uint16](), + TEETCBSVN: NewLatestPlaceholderVersion[encoding.HexBytes](), + QEVendorID: NewLatestPlaceholderVersion[encoding.HexBytes](), // Don't set a default for MRSEAM as it effectively prevents upgrading the SEAM module // Quote verification still makes sure the module comes from Intel (through MRSIGNERSEAM), and is not of a lower version than expected // MRSeam: nil, - XFAM: encoding.HexBytes{0xe7, 0x18, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00}, + XFAM: NewLatestPlaceholderVersion[encoding.HexBytes](), IntelRootKey: mustParsePEM(tdxRootPEM), } @@ -179,9 +179,43 @@ func (c AzureTDX) EqualTo(other AttestationCfg) (bool, error) { return c.Measurements.EqualTo(otherCfg.Measurements), nil } +// FetchAndSetLatestVersionNumbers fetches the latest version numbers from the configapi and sets them. +func (c *AzureTDX) FetchAndSetLatestVersionNumbers(ctx context.Context, fetcher attestationconfigapi.Fetcher) error { + // Only talk to the API if at least one version number is set to latest. + if !(c.PCESVN.WantLatest || c.QESVN.WantLatest || c.TEETCBSVN.WantLatest || c.QEVendorID.WantLatest || c.XFAM.WantLatest) { + return nil + } + + versions, err := fetcher.FetchLatestVersion(ctx, variant.AzureTDX{}) + if err != nil { + return fmt.Errorf("fetching latest TCB versions from configapi: %w", err) + } + + // set values and keep WantLatest flag + if c.PCESVN.WantLatest { + c.PCESVN.Value = versions.PCESVN + } + if c.QESVN.WantLatest { + c.QESVN.Value = versions.QESVN + } + if c.TEETCBSVN.WantLatest { + c.TEETCBSVN.Value = versions.TEETCBSVN[:] + } + if c.QEVendorID.WantLatest { + c.QEVendorID.Value = versions.QEVendorID[:] + } + if c.XFAM.WantLatest { + c.XFAM.Value = versions.XFAM[:] + } + return nil +} + func (c *AzureTDX) getToMarshallLatestWithResolvedVersions() AttestationCfg { cp := *c - // TODO: We probably want to support "latest" pseudo versioning for Azure TDX - // But we should decide on which claims can be reliably used for attestation first + cp.PCESVN.WantLatest = false + cp.QESVN.WantLatest = false + cp.TEETCBSVN.WantLatest = false + cp.QEVendorID.WantLatest = false + cp.XFAM.WantLatest = false return &cp } diff --git a/internal/config/config.go b/internal/config/config.go index e4b1fa765..24849b021 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -468,18 +468,22 @@ func New(fileHandler file.Handler, name string, fetcher attestationconfigapi.Fet return nil, err } + // Replace "latest" placeholders for attestation version numbers with the actual latest version numbers from config API if azure := c.Attestation.AzureSEVSNP; azure != nil { if err := azure.FetchAndSetLatestVersionNumbers(context.Background(), fetcher); err != nil { return c, err } } - + if azure := c.Attestation.AzureTDX; azure != nil { + if err := azure.FetchAndSetLatestVersionNumbers(context.Background(), fetcher); err != nil { + return c, err + } + } if aws := c.Attestation.AWSSEVSNP; aws != nil { if err := aws.FetchAndSetLatestVersionNumbers(context.Background(), fetcher); err != nil { return c, err } } - if gcp := c.Attestation.GCPSEVSNP; gcp != nil { if err := gcp.FetchAndSetLatestVersionNumbers(context.Background(), fetcher); err != nil { return c, err @@ -993,16 +997,16 @@ type GCPSEVSNP struct { Measurements measurements.M `json:"measurements" yaml:"measurements" validate:"required,no_placeholders"` // description: | // Lowest acceptable bootloader version. - BootloaderVersion AttestationVersion `json:"bootloaderVersion" yaml:"bootloaderVersion"` + BootloaderVersion AttestationVersion[uint8] `json:"bootloaderVersion" yaml:"bootloaderVersion"` // description: | // Lowest acceptable TEE version. - TEEVersion AttestationVersion `json:"teeVersion" yaml:"teeVersion"` + TEEVersion AttestationVersion[uint8] `json:"teeVersion" yaml:"teeVersion"` // description: | // Lowest acceptable SEV-SNP version. - SNPVersion AttestationVersion `json:"snpVersion" yaml:"snpVersion"` + SNPVersion AttestationVersion[uint8] `json:"snpVersion" yaml:"snpVersion"` // description: | // Lowest acceptable microcode version. - MicrocodeVersion AttestationVersion `json:"microcodeVersion" yaml:"microcodeVersion"` + MicrocodeVersion AttestationVersion[uint8] `json:"microcodeVersion" yaml:"microcodeVersion"` // description: | // AMD Root Key certificate used to verify the SEV-SNP certificate chain. AMDRootKey Certificate `json:"amdRootKey" yaml:"amdRootKey"` @@ -1080,16 +1084,16 @@ type AWSSEVSNP struct { Measurements measurements.M `json:"measurements" yaml:"measurements" validate:"required,no_placeholders"` // description: | // Lowest acceptable bootloader version. - BootloaderVersion AttestationVersion `json:"bootloaderVersion" yaml:"bootloaderVersion"` + BootloaderVersion AttestationVersion[uint8] `json:"bootloaderVersion" yaml:"bootloaderVersion"` // description: | // Lowest acceptable TEE version. - TEEVersion AttestationVersion `json:"teeVersion" yaml:"teeVersion"` + TEEVersion AttestationVersion[uint8] `json:"teeVersion" yaml:"teeVersion"` // description: | // Lowest acceptable SEV-SNP version. - SNPVersion AttestationVersion `json:"snpVersion" yaml:"snpVersion"` + SNPVersion AttestationVersion[uint8] `json:"snpVersion" yaml:"snpVersion"` // description: | // Lowest acceptable microcode version. - MicrocodeVersion AttestationVersion `json:"microcodeVersion" yaml:"microcodeVersion"` + MicrocodeVersion AttestationVersion[uint8] `json:"microcodeVersion" yaml:"microcodeVersion"` // description: | // AMD Root Key certificate used to verify the SEV-SNP certificate chain. AMDRootKey Certificate `json:"amdRootKey" yaml:"amdRootKey"` @@ -1112,16 +1116,16 @@ type AzureSEVSNP struct { Measurements measurements.M `json:"measurements" yaml:"measurements" validate:"required,no_placeholders"` // description: | // Lowest acceptable bootloader version. - BootloaderVersion AttestationVersion `json:"bootloaderVersion" yaml:"bootloaderVersion"` + BootloaderVersion AttestationVersion[uint8] `json:"bootloaderVersion" yaml:"bootloaderVersion"` // description: | // Lowest acceptable TEE version. - TEEVersion AttestationVersion `json:"teeVersion" yaml:"teeVersion"` + TEEVersion AttestationVersion[uint8] `json:"teeVersion" yaml:"teeVersion"` // description: | // Lowest acceptable SEV-SNP version. - SNPVersion AttestationVersion `json:"snpVersion" yaml:"snpVersion"` + SNPVersion AttestationVersion[uint8] `json:"snpVersion" yaml:"snpVersion"` // description: | // Lowest acceptable microcode version. - MicrocodeVersion AttestationVersion `json:"microcodeVersion" yaml:"microcodeVersion"` + MicrocodeVersion AttestationVersion[uint8] `json:"microcodeVersion" yaml:"microcodeVersion"` // description: | // Configuration for validating the firmware signature. FirmwareSignerConfig SNPFirmwareSignerConfig `json:"firmwareSignerConfig" yaml:"firmwareSignerConfig"` @@ -1147,22 +1151,22 @@ type AzureTDX struct { Measurements measurements.M `json:"measurements" yaml:"measurements" validate:"required,no_placeholders"` // description: | // Minimum required QE security version number (SVN). - QESVN uint16 `json:"qeSVN" yaml:"qeSVN"` + QESVN AttestationVersion[uint16] `json:"qeSVN" yaml:"qeSVN"` // description: | // Minimum required PCE security version number (SVN). - PCESVN uint16 `json:"pceSVN" yaml:"pceSVN"` + PCESVN AttestationVersion[uint16] `json:"pceSVN" yaml:"pceSVN"` // description: | // Component-wise minimum required 16 byte hex-encoded TEE_TCB security version number (SVN). - TEETCBSVN encoding.HexBytes `json:"teeTCBSVN" yaml:"teeTCBSVN"` + TEETCBSVN AttestationVersion[encoding.HexBytes] `json:"teeTCBSVN" yaml:"teeTCBSVN"` // description: | // Expected 16 byte hex-encoded QE_VENDOR_ID field. - QEVendorID encoding.HexBytes `json:"qeVendorID" yaml:"qeVendorID"` + QEVendorID AttestationVersion[encoding.HexBytes] `json:"qeVendorID" yaml:"qeVendorID"` // description: | // Expected 48 byte hex-encoded MR_SEAM value. MRSeam encoding.HexBytes `json:"mrSeam,omitempty" yaml:"mrSeam,omitempty"` // description: | // Expected 8 byte hex-encoded XFAM field. - XFAM encoding.HexBytes `json:"xfam" yaml:"xfam"` + XFAM AttestationVersion[encoding.HexBytes] `json:"xfam" yaml:"xfam"` // description: | // Intel Root Key certificate used to verify the TDX certificate chain. IntelRootKey Certificate `json:"intelRootKey" yaml:"intelRootKey"` diff --git a/internal/config/config_test.go b/internal/config/config_test.go index 6a932a000..d09ec46c5 100644 --- a/internal/config/config_test.go +++ b/internal/config/config_test.go @@ -70,10 +70,10 @@ func TestGetAttestationConfigMarshalsNumericalVersion(t *testing.T) { var mp map[string]interface{} require.NoError(yaml.Unmarshal(bt, &mp)) assert := assert.New(t) - assert.Equal(placeholderVersionValue, mp["microcodeVersion"]) - assert.Equal(placeholderVersionValue, mp["teeVersion"]) - assert.Equal(placeholderVersionValue, mp["snpVersion"]) - assert.Equal(placeholderVersionValue, mp["bootloaderVersion"]) + assert.EqualValues(placeholderVersionValue[uint8](), mp["microcodeVersion"]) + assert.EqualValues(placeholderVersionValue[uint8](), mp["teeVersion"]) + assert.EqualValues(placeholderVersionValue[uint8](), mp["snpVersion"]) + assert.EqualValues(placeholderVersionValue[uint8](), mp["bootloaderVersion"]) } func TestNew(t *testing.T) { @@ -99,19 +99,19 @@ func TestNew(t *testing.T) { wantResult: func() *Config { conf := Default() modifyConfigForAzureToPassValidate(conf) - conf.Attestation.AzureSEVSNP.MicrocodeVersion = AttestationVersion{ + conf.Attestation.AzureSEVSNP.MicrocodeVersion = AttestationVersion[uint8]{ Value: testCfg.Microcode, WantLatest: true, } - conf.Attestation.AzureSEVSNP.TEEVersion = AttestationVersion{ + conf.Attestation.AzureSEVSNP.TEEVersion = AttestationVersion[uint8]{ Value: 2, WantLatest: false, } - conf.Attestation.AzureSEVSNP.BootloaderVersion = AttestationVersion{ + conf.Attestation.AzureSEVSNP.BootloaderVersion = AttestationVersion[uint8]{ Value: 1, WantLatest: false, } - conf.Attestation.AzureSEVSNP.SNPVersion = AttestationVersion{ + conf.Attestation.AzureSEVSNP.SNPVersion = AttestationVersion[uint8]{ Value: testCfg.SNP, WantLatest: true, } diff --git a/internal/config/gcp.go b/internal/config/gcp.go index 47f6afcc9..20f8eaac5 100644 --- a/internal/config/gcp.go +++ b/internal/config/gcp.go @@ -22,10 +22,10 @@ var _ svnResolveMarshaller = &GCPSEVSNP{} func DefaultForGCPSEVSNP() *GCPSEVSNP { return &GCPSEVSNP{ Measurements: measurements.DefaultsFor(cloudprovider.GCP, variant.GCPSEVSNP{}), - BootloaderVersion: NewLatestPlaceholderVersion(), - TEEVersion: NewLatestPlaceholderVersion(), - SNPVersion: NewLatestPlaceholderVersion(), - MicrocodeVersion: NewLatestPlaceholderVersion(), + BootloaderVersion: NewLatestPlaceholderVersion[uint8](), + TEEVersion: NewLatestPlaceholderVersion[uint8](), + SNPVersion: NewLatestPlaceholderVersion[uint8](), + MicrocodeVersion: NewLatestPlaceholderVersion[uint8](), AMDRootKey: mustParsePEM(arkPEM), } } diff --git a/internal/config/migration/migration.go b/internal/config/migration/migration.go index 54ca54335..d8fdd659c 100644 --- a/internal/config/migration/migration.go +++ b/internal/config/migration/migration.go @@ -415,19 +415,19 @@ func V3ToV4(path string, fileHandler file.Handler) error { case cfgV3.Attestation.AzureSEVSNP != nil: cfgV4.Attestation.AzureSEVSNP = &config.AzureSEVSNP{ Measurements: cfgV3.Attestation.AzureSEVSNP.Measurements, - BootloaderVersion: config.AttestationVersion{ + BootloaderVersion: config.AttestationVersion[uint8]{ Value: cfgV3.Attestation.AzureSEVSNP.BootloaderVersion.Value, WantLatest: cfgV3.Attestation.AzureSEVSNP.BootloaderVersion.WantLatest, }, - TEEVersion: config.AttestationVersion{ + TEEVersion: config.AttestationVersion[uint8]{ Value: cfgV3.Attestation.AzureSEVSNP.TEEVersion.Value, WantLatest: cfgV3.Attestation.AzureSEVSNP.TEEVersion.WantLatest, }, - SNPVersion: config.AttestationVersion{ + SNPVersion: config.AttestationVersion[uint8]{ Value: cfgV3.Attestation.AzureSEVSNP.SNPVersion.Value, WantLatest: cfgV3.Attestation.AzureSEVSNP.SNPVersion.WantLatest, }, - MicrocodeVersion: config.AttestationVersion{ + MicrocodeVersion: config.AttestationVersion[uint8]{ Value: cfgV3.Attestation.AzureSEVSNP.MicrocodeVersion.Value, WantLatest: cfgV3.Attestation.AzureSEVSNP.MicrocodeVersion.WantLatest, }, diff --git a/terraform-provider-constellation/internal/provider/BUILD.bazel b/terraform-provider-constellation/internal/provider/BUILD.bazel index 1fac7618a..54400f07f 100644 --- a/terraform-provider-constellation/internal/provider/BUILD.bazel +++ b/terraform-provider-constellation/internal/provider/BUILD.bazel @@ -32,6 +32,7 @@ go_library( "//internal/constellation/helm", "//internal/constellation/kubecmd", "//internal/constellation/state", + "//internal/encoding", "//internal/file", "//internal/grpc/dialer", "//internal/imagefetcher", diff --git a/terraform-provider-constellation/internal/provider/attestation_data_source.go b/terraform-provider-constellation/internal/provider/attestation_data_source.go index 22246cc84..cc6e9d5f5 100644 --- a/terraform-provider-constellation/internal/provider/attestation_data_source.go +++ b/terraform-provider-constellation/internal/provider/attestation_data_source.go @@ -162,17 +162,18 @@ func (d *AttestationDataSource) Read(ctx context.Context, req datasource.ReadReq insecureFetch := data.Insecure.ValueBool() - snpVersions := attestationconfigapi.VersionAPIEntry{} - if attestationVariant.Equal(variant.AzureSEVSNP{}) || - attestationVariant.Equal(variant.AWSSEVSNP{}) || + latestVersions := attestationconfigapi.VersionAPIEntry{} + if attestationVariant.Equal(variant.AWSSEVSNP{}) || + attestationVariant.Equal(variant.AzureSEVSNP{}) || + attestationVariant.Equal(variant.AzureTDX{}) || attestationVariant.Equal(variant.GCPSEVSNP{}) { - snpVersions, err = d.fetcher.FetchLatestVersion(ctx, attestationVariant) + latestVersions, err = d.fetcher.FetchLatestVersion(ctx, attestationVariant) if err != nil { resp.Diagnostics.AddError("Fetching SNP Version numbers", err.Error()) return } } - tfAttestation, err := convertToTfAttestation(attestationVariant, snpVersions) + tfAttestation, err := convertToTfAttestation(attestationVariant, latestVersions) if err != nil { resp.Diagnostics.AddError("Converting attestation", err.Error()) } diff --git a/terraform-provider-constellation/internal/provider/convert.go b/terraform-provider-constellation/internal/provider/convert.go index 8dc9225a4..57398fb50 100644 --- a/terraform-provider-constellation/internal/provider/convert.go +++ b/terraform-provider-constellation/internal/provider/convert.go @@ -17,6 +17,7 @@ import ( "github.com/edgelesssys/constellation/v2/internal/attestation/measurements" "github.com/edgelesssys/constellation/v2/internal/attestation/variant" "github.com/edgelesssys/constellation/v2/internal/config" + "github.com/edgelesssys/constellation/v2/internal/encoding" ) // naming schema: @@ -110,12 +111,12 @@ func convertFromTfAttestationCfg(tfAttestation attestationAttribute, attestation attestationConfig = &config.AzureTDX{ Measurements: c11nMeasurements, - QESVN: tfAttestation.TDX.QESVN, - PCESVN: tfAttestation.TDX.PCESVN, - TEETCBSVN: teeTCBSVN, - QEVendorID: qeVendorID, + QESVN: newVersion(tfAttestation.TDX.QESVN), + PCESVN: newVersion(tfAttestation.TDX.PCESVN), + TEETCBSVN: newVersion(encoding.HexBytes(teeTCBSVN)), + QEVendorID: newVersion(encoding.HexBytes(qeVendorID)), MRSeam: mrSeam, - XFAM: xfam, + XFAM: newVersion(encoding.HexBytes(xfam)), IntelRootKey: rootKey, } case variant.GCPSEVES{}: @@ -137,13 +138,9 @@ func convertFromTfAttestationCfg(tfAttestation attestationAttribute, attestation } // convertToTfAttestationCfg converts the constellation attestation config to the related terraform structs. -func convertToTfAttestation(attVar variant.Variant, snpVersions attestationconfigapi.VersionAPIEntry) (tfAttestation attestationAttribute, err error) { +func convertToTfAttestation(attVar variant.Variant, latestVersions attestationconfigapi.VersionAPIEntry) (tfAttestation attestationAttribute, err error) { tfAttestation = attestationAttribute{ - Variant: attVar.String(), - BootloaderVersion: snpVersions.Bootloader, - TEEVersion: snpVersions.TEE, - SNPVersion: snpVersions.SNP, - MicrocodeVersion: snpVersions.Microcode, + Variant: attVar.String(), } switch attVar { @@ -153,6 +150,10 @@ func convertToTfAttestation(attVar variant.Variant, snpVersions attestationconfi return tfAttestation, err } tfAttestation.AMDRootKey = certStr + tfAttestation.BootloaderVersion = latestVersions.Bootloader + tfAttestation.TEEVersion = latestVersions.TEE + tfAttestation.SNPVersion = latestVersions.SNP + tfAttestation.MicrocodeVersion = latestVersions.Microcode case variant.GCPSEVSNP{}: certStr, err := certAsString(config.DefaultForGCPSEVSNP().AMDRootKey) @@ -160,6 +161,10 @@ func convertToTfAttestation(attVar variant.Variant, snpVersions attestationconfi return tfAttestation, err } tfAttestation.AMDRootKey = certStr + tfAttestation.BootloaderVersion = latestVersions.Bootloader + tfAttestation.TEEVersion = latestVersions.TEE + tfAttestation.SNPVersion = latestVersions.SNP + tfAttestation.MicrocodeVersion = latestVersions.Microcode case variant.AzureSEVSNP{}: certStr, err := certAsString(config.DefaultForAzureSEVSNP().AMDRootKey) @@ -167,6 +172,10 @@ func convertToTfAttestation(attVar variant.Variant, snpVersions attestationconfi return tfAttestation, err } tfAttestation.AMDRootKey = certStr + tfAttestation.BootloaderVersion = latestVersions.Bootloader + tfAttestation.TEEVersion = latestVersions.TEE + tfAttestation.SNPVersion = latestVersions.SNP + tfAttestation.MicrocodeVersion = latestVersions.Microcode firmwareCfg := config.DefaultForAzureSEVSNP().FirmwareSignerConfig tfFirmwareCfg, err := convertToTfFirmwareCfg(firmwareCfg) @@ -174,24 +183,19 @@ func convertToTfAttestation(attVar variant.Variant, snpVersions attestationconfi return tfAttestation, err } tfAttestation.AzureSNPFirmwareSignerConfig = tfFirmwareCfg + case variant.AzureTDX{}: - tdxCfg := config.DefaultForAzureTDX() - certStr, err := certAsString(tdxCfg.IntelRootKey) + certStr, err := certAsString(config.DefaultForAzureTDX().IntelRootKey) if err != nil { return tfAttestation, err } + tfAttestation.TDX.IntelRootKey = certStr + tfAttestation.TDX.PCESVN = latestVersions.PCESVN + tfAttestation.TDX.QESVN = latestVersions.QESVN + tfAttestation.TDX.TEETCBSVN = hex.EncodeToString(latestVersions.TEETCBSVN[:]) + tfAttestation.TDX.QEVendorID = hex.EncodeToString(latestVersions.QEVendorID[:]) + tfAttestation.TDX.XFAM = hex.EncodeToString(latestVersions.XFAM[:]) - tfTdxCfg := tdxConfigAttribute{ - IntelRootKey: certStr, - // TODO(AB#3798): Load these values dynamically from our attestation API - QESVN: tdxCfg.QESVN, - PCESVN: tdxCfg.PCESVN, - TEETCBSVN: hex.EncodeToString(tdxCfg.TEETCBSVN), - QEVendorID: hex.EncodeToString(tdxCfg.QEVendorID), - MRSeam: hex.EncodeToString(tdxCfg.MRSeam), - XFAM: hex.EncodeToString(tdxCfg.XFAM), - } - tfAttestation.TDX = tfTdxCfg case variant.GCPSEVES{}, variant.QEMUVTPM{}: // no additional fields default: @@ -251,8 +255,8 @@ func convertToTfMeasurements(m measurements.M) map[string]measurementAttribute { return tfMeasurements } -func newVersion(v uint8) config.AttestationVersion { - return config.AttestationVersion{ +func newVersion[T uint8 | uint16 | encoding.HexBytes](v T) config.AttestationVersion[T] { + return config.AttestationVersion[T]{ Value: v, } } From d67d0ac9dfe832230d06befafa5828c01885ed92 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= Date: Wed, 12 Jun 2024 16:30:03 +0200 Subject: [PATCH 115/380] Enable upload of TDX reports to Constellation CDN MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- .../e2e_attestationconfigapi/action.yml | 8 +- .github/actions/e2e_verify/action.yml | 13 +- .../workflows/e2e-attestationconfigapi.yml | 6 +- .../cmd/configfetchmeasurements_test.go | 4 +- cli/internal/cmd/iamupgradeapply_test.go | 4 +- .../api/attestationconfigapi/cli/BUILD.bazel | 2 +- .../cli/client/BUILD.bazel | 1 - .../attestationconfigapi/cli/client/client.go | 92 ++--- .../cli/client/client_test.go | 40 +- .../cli/client/reporter.go | 370 +++++++++++++----- .../cli/client/reporter_test.go | 87 +++- .../api/attestationconfigapi/cli/delete.go | 51 +-- .../attestationconfigapi/cli/e2e/test.sh.in | 245 +++++++----- .../api/attestationconfigapi/cli/upload.go | 109 +++--- .../api/attestationconfigapi/cli/validargs.go | 25 +- internal/api/attestationconfigapi/fetcher.go | 19 +- .../api/attestationconfigapi/fetcher_test.go | 55 +-- internal/api/attestationconfigapi/version.go | 28 +- .../api/attestationconfigapi/version_test.go | 20 +- internal/api/client/client.go | 26 +- internal/api/fetcher/fetcher.go | 10 +- internal/api/versionsapi/client.go | 50 +-- internal/config/config.go | 2 +- internal/config/config_doc.go | 38 +- internal/config/config_test.go | 4 +- .../provider/attestation_data_source.go | 2 +- .../internal/provider/convert.go | 2 +- 27 files changed, 782 insertions(+), 531 deletions(-) diff --git a/.github/actions/e2e_attestationconfigapi/action.yml b/.github/actions/e2e_attestationconfigapi/action.yml index a98b54670..02ec28084 100644 --- a/.github/actions/e2e_attestationconfigapi/action.yml +++ b/.github/actions/e2e_attestationconfigapi/action.yml @@ -2,9 +2,9 @@ name: E2E Attestationconfig API Test description: "Test the attestationconfig CLI is functional." inputs: - csp: - description: "Cloud provider to run tests against" - default: "azure" + attestationVariant: + description: "attestation variant to run tests against" + default: "azure-sev-snp" cosignPrivateKey: description: "Cosign private key" required: true @@ -30,4 +30,4 @@ runs: COSIGN_PRIVATE_KEY: ${{ inputs.cosignPrivateKey }} COSIGN_PASSWORD: ${{ inputs.cosignPassword }} run: | - bazel run //internal/api/attestationconfigapi/cli:cli_e2e_test -- ${{ inputs.csp }} + bazel run //internal/api/attestationconfigapi/cli:cli_e2e_test -- ${{ inputs.attestationVariant }} diff --git a/.github/actions/e2e_verify/action.yml b/.github/actions/e2e_verify/action.yml index f330751f5..07abb7a88 100644 --- a/.github/actions/e2e_verify/action.yml +++ b/.github/actions/e2e_verify/action.yml @@ -68,9 +68,9 @@ runs: case "${{ inputs.attestationVariant }}" in - "azure-sev-snp"|"aws-sev-snp"|"gcp-sev-snp") + "azure-sev-snp"|"azure-tdx"|"aws-sev-snp"|"gcp-sev-snp") echo "Extracting TCB versions for API update" - constellation verify --cluster-id "${clusterID}" --node-endpoint localhost:9090 -o json > "snp-report-${node}.json" + constellation verify --cluster-id "${clusterID}" --node-endpoint localhost:9090 -o json > "attestation-report-${node}.json" ;; *) constellation verify --cluster-id "${clusterID}" --node-endpoint localhost:9090 @@ -88,22 +88,19 @@ runs: aws-region: eu-central-1 - name: Upload extracted TCBs - if: github.ref_name == 'main' && (inputs.attestationVariant == 'azure-sev-snp' || inputs.attestationVariant == 'aws-sev-snp' || inputs.attestationVariant == 'gcp-sev-snp') + if: github.ref_name == 'main' && (inputs.attestationVariant == 'azure-sev-snp' || inputs.attestationVariant == 'azure-tdx' || inputs.attestationVariant == 'aws-sev-snp' || inputs.attestationVariant == 'gcp-sev-snp') shell: bash env: COSIGN_PASSWORD: ${{ inputs.cosignPassword }} COSIGN_PRIVATE_KEY: ${{ inputs.cosignPrivateKey }} run: | - reports=(snp-report-*.json) + reports=(attestation-report-*.json) if [ -z ${#reports[@]} ]; then exit 1 fi - attestationVariant=${{ inputs.attestationVariant }} - cloudProvider=${attestationVariant%%-*} - for file in "${reports[@]}"; do path=$(realpath "${file}") cat "${path}" - bazel run //internal/api/attestationconfigapi/cli -- upload "${cloudProvider}" snp-report "${path}" + bazel run //internal/api/attestationconfigapi/cli -- upload ${{ inputs.attestationVariant }} attestation-report "${path}" done diff --git a/.github/workflows/e2e-attestationconfigapi.yml b/.github/workflows/e2e-attestationconfigapi.yml index 09f4f554e..2fdc318d0 100644 --- a/.github/workflows/e2e-attestationconfigapi.yml +++ b/.github/workflows/e2e-attestationconfigapi.yml @@ -15,9 +15,9 @@ jobs: e2e-api: strategy: fail-fast: false - max-parallel: 1 + max-parallel: 2 matrix: - csp: ["azure", "aws", "gcp"] + attestationVariant: ["azure-sev-snp", "azure-tdx", "aws-sev-snp", "gcp-sev-snp"] runs-on: ubuntu-22.04 permissions: id-token: write @@ -36,4 +36,4 @@ jobs: with: cosignPrivateKey: ${{ secrets.COSIGN_DEV_PRIVATE_KEY }} cosignPassword: ${{ secrets.COSIGN_DEV_PASSWORD }} - csp: ${{ matrix.csp }} + attestationVariant: ${{ matrix.attestationVariant }} diff --git a/cli/internal/cmd/configfetchmeasurements_test.go b/cli/internal/cmd/configfetchmeasurements_test.go index 608f2af90..12fd761ae 100644 --- a/cli/internal/cmd/configfetchmeasurements_test.go +++ b/cli/internal/cmd/configfetchmeasurements_test.go @@ -204,8 +204,8 @@ func (f stubVerifyFetcher) FetchAndVerifyMeasurements(_ context.Context, _ strin type stubAttestationFetcher struct{} -func (f stubAttestationFetcher) FetchLatestVersion(_ context.Context, _ variant.Variant) (attestationconfigapi.VersionAPIEntry, error) { - return attestationconfigapi.VersionAPIEntry{ +func (f stubAttestationFetcher) FetchLatestVersion(_ context.Context, _ variant.Variant) (attestationconfigapi.Entry, error) { + return attestationconfigapi.Entry{ SEVSNPVersion: testCfg, }, nil } diff --git a/cli/internal/cmd/iamupgradeapply_test.go b/cli/internal/cmd/iamupgradeapply_test.go index 11a0c0e60..786c24857 100644 --- a/cli/internal/cmd/iamupgradeapply_test.go +++ b/cli/internal/cmd/iamupgradeapply_test.go @@ -171,6 +171,6 @@ type stubConfigFetcher struct { fetchLatestErr error } -func (s *stubConfigFetcher) FetchLatestVersion(context.Context, variant.Variant) (attestationconfigapi.VersionAPIEntry, error) { - return attestationconfigapi.VersionAPIEntry{}, s.fetchLatestErr +func (s *stubConfigFetcher) FetchLatestVersion(context.Context, variant.Variant) (attestationconfigapi.Entry, error) { + return attestationconfigapi.Entry{}, s.fetchLatestErr } diff --git a/internal/api/attestationconfigapi/cli/BUILD.bazel b/internal/api/attestationconfigapi/cli/BUILD.bazel index 03e6529d5..32ec8ec2b 100644 --- a/internal/api/attestationconfigapi/cli/BUILD.bazel +++ b/internal/api/attestationconfigapi/cli/BUILD.bazel @@ -22,7 +22,6 @@ go_library( "//internal/api/attestationconfigapi/cli/client", "//internal/api/fetcher", "//internal/attestation/variant", - "//internal/cloud/cloudprovider", "//internal/constants", "//internal/file", "//internal/logger", @@ -31,6 +30,7 @@ go_library( "@com_github_aws_aws_sdk_go_v2//aws", "@com_github_aws_aws_sdk_go_v2_service_s3//:s3", "@com_github_aws_aws_sdk_go_v2_service_s3//types", + "@com_github_google_go_tdx_guest//proto/tdx", "@com_github_spf13_afero//:afero", "@com_github_spf13_cobra//:cobra", ], diff --git a/internal/api/attestationconfigapi/cli/client/BUILD.bazel b/internal/api/attestationconfigapi/cli/client/BUILD.bazel index cacb2f05d..c90cb34b9 100644 --- a/internal/api/attestationconfigapi/cli/client/BUILD.bazel +++ b/internal/api/attestationconfigapi/cli/client/BUILD.bazel @@ -29,7 +29,6 @@ go_test( embed = [":client"], deps = [ "//internal/api/attestationconfigapi", - "//internal/attestation/variant", "@com_github_stretchr_testify//assert", ], ) diff --git a/internal/api/attestationconfigapi/cli/client/client.go b/internal/api/attestationconfigapi/cli/client/client.go index bf41b5476..53c79285e 100644 --- a/internal/api/attestationconfigapi/cli/client/client.go +++ b/internal/api/attestationconfigapi/cli/client/client.go @@ -15,8 +15,11 @@ import ( "errors" "fmt" "log/slog" - "time" + "path" + "strings" + "github.com/aws/aws-sdk-go-v2/service/s3" + "github.com/aws/aws-sdk-go/aws" "github.com/edgelesssys/constellation/v2/internal/api/attestationconfigapi" apiclient "github.com/edgelesssys/constellation/v2/internal/api/client" "github.com/edgelesssys/constellation/v2/internal/attestation/variant" @@ -35,6 +38,8 @@ type Client struct { bucketID string signer sigstore.Signer cacheWindowSize int + + log *slog.Logger } // New returns a new Client. @@ -50,50 +55,34 @@ func New(ctx context.Context, cfg staticupload.Config, cosignPwd, privateKey []b signer: sigstore.NewSigner(cosignPwd, privateKey), bucketID: cfg.Bucket, cacheWindowSize: versionWindowSize, + log: log, } return repo, clientClose, nil } -// uploadSEVSNPVersion uploads the latest version numbers of the SEVSNP. Then version name is the UTC timestamp of the date. The /list entry stores the version name + .json suffix. -func (a Client) uploadSEVSNPVersion(ctx context.Context, attestation variant.Variant, version attestationconfigapi.SEVSNPVersion, date time.Time) error { - versions, err := a.List(ctx, attestation) - if err != nil { - return fmt.Errorf("fetch version list: %w", err) - } - ops := a.constructUploadCmd(attestation, version, versions, date) - - return executeAllCmds(ctx, a.s3Client, ops) -} - -// DeleteSEVSNPVersion deletes the given version (without .json suffix) from the API. -func (a Client) DeleteSEVSNPVersion(ctx context.Context, attestation variant.Variant, versionStr string) error { - versions, err := a.List(ctx, attestation) +// DeleteVersion deletes the given version (without .json suffix) from the API. +func (c Client) DeleteVersion(ctx context.Context, attestation variant.Variant, versionStr string) error { + versions, err := c.List(ctx, attestation) if err != nil { return fmt.Errorf("fetch version list: %w", err) } - ops, err := a.deleteSEVSNPVersion(versions, versionStr) + ops, err := c.deleteVersion(versions, versionStr) if err != nil { return err } - return executeAllCmds(ctx, a.s3Client, ops) + return executeAllCmds(ctx, c.s3Client, ops) } // List returns the list of versions for the given attestation variant. -func (a Client) List(ctx context.Context, attestation variant.Variant) (attestationconfigapi.VersionList, error) { - if !attestation.Equal(variant.AzureSEVSNP{}) && - !attestation.Equal(variant.AWSSEVSNP{}) && - !attestation.Equal(variant.GCPSEVSNP{}) { - return attestationconfigapi.VersionList{}, fmt.Errorf("unsupported attestation variant: %s", attestation) - } - - versions, err := apiclient.Fetch(ctx, a.s3Client, attestationconfigapi.VersionList{Variant: attestation}) +func (c Client) List(ctx context.Context, attestation variant.Variant) (attestationconfigapi.List, error) { + versions, err := apiclient.Fetch(ctx, c.s3Client, attestationconfigapi.List{Variant: attestation}) if err != nil { var notFoundErr *apiclient.NotFoundError if errors.As(err, ¬FoundErr) { - return attestationconfigapi.VersionList{Variant: attestation}, nil + return attestationconfigapi.List{Variant: attestation}, nil } - return attestationconfigapi.VersionList{}, err + return attestationconfigapi.List{}, err } versions.Variant = attestation @@ -101,10 +90,10 @@ func (a Client) List(ctx context.Context, attestation variant.Variant) (attestat return versions, nil } -func (a Client) deleteSEVSNPVersion(versions attestationconfigapi.VersionList, versionStr string) (ops []crudCmd, err error) { +func (c Client) deleteVersion(versions attestationconfigapi.List, versionStr string) (ops []crudCmd, err error) { versionStr = versionStr + ".json" ops = append(ops, deleteCmd{ - apiObject: attestationconfigapi.VersionAPIEntry{ + apiObject: attestationconfigapi.Entry{ Variant: versions.Variant, Version: versionStr, }, @@ -116,47 +105,46 @@ func (a Client) deleteSEVSNPVersion(versions attestationconfigapi.VersionList, v } ops = append(ops, putCmd{ apiObject: removedVersions, - signer: a.signer, + signer: c.signer, }) return ops, nil } -func (a Client) constructUploadCmd(attestation variant.Variant, version attestationconfigapi.SEVSNPVersion, versionNames attestationconfigapi.VersionList, date time.Time) []crudCmd { - if !attestation.Equal(versionNames.Variant) { - return nil +func (c Client) listCachedVersions(ctx context.Context, attestation variant.Variant) ([]string, error) { + list, err := c.s3Client.ListObjectsV2(ctx, &s3.ListObjectsV2Input{ + Bucket: aws.String(c.bucketID), + Prefix: aws.String(reportVersionDir(attestation)), + }) + if err != nil { + return nil, fmt.Errorf("list objects: %w", err) } - dateStr := date.Format(VersionFormat) + ".json" - var res []crudCmd + var dates []string + for _, obj := range list.Contents { + fileName := path.Base(*obj.Key) - res = append(res, putCmd{ - apiObject: attestationconfigapi.VersionAPIEntry{Version: dateStr, Variant: attestation, SEVSNPVersion: version}, - signer: a.signer, - }) - - versionNames.AddVersion(dateStr) - - res = append(res, putCmd{ - apiObject: versionNames, - signer: a.signer, - }) - - return res + // The cache contains signature and json files + // We only want the json files + if date, ok := strings.CutSuffix(fileName, ".json"); ok { + dates = append(dates, date) + } + } + return dates, nil } -func removeVersion(list attestationconfigapi.VersionList, versionStr string) (removedVersions attestationconfigapi.VersionList, err error) { +func removeVersion(list attestationconfigapi.List, versionStr string) (removedVersions attestationconfigapi.List, err error) { versions := list.List for i, v := range versions { if v == versionStr { if i == len(versions)-1 { - removedVersions = attestationconfigapi.VersionList{List: versions[:i], Variant: list.Variant} + removedVersions = attestationconfigapi.List{List: versions[:i], Variant: list.Variant} } else { - removedVersions = attestationconfigapi.VersionList{List: append(versions[:i], versions[i+1:]...), Variant: list.Variant} + removedVersions = attestationconfigapi.List{List: append(versions[:i], versions[i+1:]...), Variant: list.Variant} } return removedVersions, nil } } - return attestationconfigapi.VersionList{}, fmt.Errorf("version %s not found in list %v", versionStr, versions) + return attestationconfigapi.List{}, fmt.Errorf("version %s not found in list %v", versionStr, versions) } type crudCmd interface { diff --git a/internal/api/attestationconfigapi/cli/client/client_test.go b/internal/api/attestationconfigapi/cli/client/client_test.go index ff504bd00..008414f59 100644 --- a/internal/api/attestationconfigapi/cli/client/client_test.go +++ b/internal/api/attestationconfigapi/cli/client/client_test.go @@ -7,60 +7,28 @@ package client import ( "testing" - "time" "github.com/edgelesssys/constellation/v2/internal/api/attestationconfigapi" - "github.com/edgelesssys/constellation/v2/internal/attestation/variant" "github.com/stretchr/testify/assert" ) -func TestUploadAzureSEVSNP(t *testing.T) { - sut := Client{ - bucketID: "bucket", - signer: fakeSigner{}, - } - version := attestationconfigapi.SEVSNPVersion{} - date := time.Date(2023, 1, 1, 1, 1, 1, 1, time.UTC) - ops := sut.constructUploadCmd(variant.AzureSEVSNP{}, version, attestationconfigapi.VersionList{List: []string{"2021-01-01-01-01.json", "2019-01-01-01-01.json"}, Variant: variant.AzureSEVSNP{}}, date) - dateStr := "2023-01-01-01-01.json" - assert := assert.New(t) - assert.Contains(ops, putCmd{ - apiObject: attestationconfigapi.VersionAPIEntry{ - Variant: variant.AzureSEVSNP{}, - Version: dateStr, - SEVSNPVersion: version, - }, - signer: fakeSigner{}, - }) - assert.Contains(ops, putCmd{ - apiObject: attestationconfigapi.VersionList{Variant: variant.AzureSEVSNP{}, List: []string{"2023-01-01-01-01.json", "2021-01-01-01-01.json", "2019-01-01-01-01.json"}}, - signer: fakeSigner{}, - }) -} - func TestDeleteAzureSEVSNPVersions(t *testing.T) { sut := Client{ bucketID: "bucket", } - versions := attestationconfigapi.VersionList{List: []string{"2023-01-01.json", "2021-01-01.json", "2019-01-01.json"}} + versions := attestationconfigapi.List{List: []string{"2023-01-01.json", "2021-01-01.json", "2019-01-01.json"}} - ops, err := sut.deleteSEVSNPVersion(versions, "2021-01-01") + ops, err := sut.deleteVersion(versions, "2021-01-01") assert := assert.New(t) assert.NoError(err) assert.Contains(ops, deleteCmd{ - apiObject: attestationconfigapi.VersionAPIEntry{ + apiObject: attestationconfigapi.Entry{ Version: "2021-01-01.json", }, }) assert.Contains(ops, putCmd{ - apiObject: attestationconfigapi.VersionList{List: []string{"2023-01-01.json", "2019-01-01.json"}}, + apiObject: attestationconfigapi.List{List: []string{"2023-01-01.json", "2019-01-01.json"}}, }) } - -type fakeSigner struct{} - -func (fakeSigner) Sign(_ []byte) ([]byte, error) { - return []byte("signature"), nil -} diff --git a/internal/api/attestationconfigapi/cli/client/reporter.go b/internal/api/attestationconfigapi/cli/client/reporter.go index cc0f9b5ed..7e40d6a3e 100644 --- a/internal/api/attestationconfigapi/cli/client/reporter.go +++ b/internal/api/attestationconfigapi/cli/client/reporter.go @@ -8,6 +8,7 @@ package client import ( "context" + "encoding/json" "errors" "fmt" "path" @@ -15,9 +16,6 @@ import ( "strings" "time" - "github.com/aws/aws-sdk-go-v2/service/s3" - "github.com/aws/aws-sdk-go/aws" - "github.com/edgelesssys/constellation/v2/internal/api/attestationconfigapi" "github.com/edgelesssys/constellation/v2/internal/api/client" "github.com/edgelesssys/constellation/v2/internal/attestation/variant" @@ -33,153 +31,335 @@ func reportVersionDir(attestation variant.Variant) string { return path.Join(attestationconfigapi.AttestationURLPath, attestation.String(), cachedVersionsSubDir) } -// UploadSEVSNPVersionLatest saves the given version to the cache, determines the smallest +// UploadLatestVersion saves the given version to the cache, determines the smallest // TCB version in the cache among the last cacheWindowSize versions and updates // the latest version in the API if there is an update. // force can be used to bypass the validation logic against the cached versions. -func (c Client) UploadSEVSNPVersionLatest(ctx context.Context, attestation variant.Variant, inputVersion, - latestAPIVersion attestationconfigapi.SEVSNPVersion, now time.Time, force bool, +func (c Client) UploadLatestVersion( + ctx context.Context, attestationVariant variant.Variant, + inputVersion, latestVersionInAPI any, + now time.Time, force bool, ) error { - if err := c.cacheSEVSNPVersion(ctx, attestation, inputVersion, now); err != nil { - return fmt.Errorf("reporting version: %w", err) - } - if force { - return c.uploadSEVSNPVersion(ctx, attestation, inputVersion, now) - } - versionDates, err := c.listCachedVersions(ctx, attestation) + // Validate input versions against configured attestation variant + // This allows us to skip these checks in the individual variant implementations + var err error + actionForVariant(attestationVariant, + func() { + if _, ok := inputVersion.(attestationconfigapi.TDXVersion); !ok { + err = fmt.Errorf("input version %q is not a TDX version", inputVersion) + } + if _, ok := latestVersionInAPI.(attestationconfigapi.TDXVersion); !ok { + err = fmt.Errorf("latest API version %q is not a TDX version", latestVersionInAPI) + } + }, + func() { + if _, ok := inputVersion.(attestationconfigapi.SEVSNPVersion); !ok { + err = fmt.Errorf("input version %q is not a SNP version", inputVersion) + } + if _, ok := latestVersionInAPI.(attestationconfigapi.SEVSNPVersion); !ok { + err = fmt.Errorf("latest API version %q is not a SNP version", latestVersionInAPI) + } + }, + ) if err != nil { - return fmt.Errorf("list reported versions: %w", err) + return err + } + + if err := c.addVersionToCache(ctx, attestationVariant, inputVersion, now); err != nil { + return fmt.Errorf("adding version to cache: %w", err) + } + + // If force is set, immediately update the latest version to the new version in the API. + if force { + return c.uploadAsLatestVersion(ctx, attestationVariant, inputVersion, now) + } + + // Otherwise, check the cached versions and update the latest version in the API if necessary. + versionDates, err := c.listCachedVersions(ctx, attestationVariant) + if err != nil { + return fmt.Errorf("listing existing cached versions: %w", err) } if len(versionDates) < c.cacheWindowSize { - c.s3Client.Logger.Warn(fmt.Sprintf("Skipping version update, found %d, expected %d reported versions.", len(versionDates), c.cacheWindowSize)) + c.log.Warn(fmt.Sprintf("Skipping version update, found %d, expected %d reported versions.", len(versionDates), c.cacheWindowSize)) return nil } - minVersion, minDate, err := c.findMinVersion(ctx, attestation, versionDates) + + minVersion, minDate, err := c.findMinVersion(ctx, attestationVariant, versionDates) if err != nil { - return fmt.Errorf("get minimal version: %w", err) + return fmt.Errorf("determining minimal version in cache: %w", err) } - c.s3Client.Logger.Info(fmt.Sprintf("Found minimal version: %+v with date: %s", minVersion, minDate)) - shouldUpdateAPI, err := isInputNewerThanOtherVersion(minVersion, latestAPIVersion) - if err != nil { + c.log.Info(fmt.Sprintf("Found minimal version: %+v with date: %s", minVersion, minDate)) + + if !isInputNewerThanOtherVersion(attestationVariant, minVersion, latestVersionInAPI) { + c.log.Info(fmt.Sprintf("Input version: %+v is not newer than latest API version: %+v. Skipping list update", minVersion, latestVersionInAPI)) return ErrNoNewerVersion } - if !shouldUpdateAPI { - c.s3Client.Logger.Info(fmt.Sprintf("Input version: %+v is not newer than latest API version: %+v", minVersion, latestAPIVersion)) - return nil - } - c.s3Client.Logger.Info(fmt.Sprintf("Input version: %+v is newer than latest API version: %+v", minVersion, latestAPIVersion)) + + c.log.Info(fmt.Sprintf("Input version: %+v is newer than latest API version: %+v", minVersion, latestVersionInAPI)) t, err := time.Parse(VersionFormat, minDate) if err != nil { return fmt.Errorf("parsing date: %w", err) } - if err := c.uploadSEVSNPVersion(ctx, attestation, minVersion, t); err != nil { - return fmt.Errorf("uploading version: %w", err) + + if err := c.uploadAsLatestVersion(ctx, attestationVariant, minVersion, t); err != nil { + return fmt.Errorf("uploading as latest version: %w", err) } - c.s3Client.Logger.Info(fmt.Sprintf("Successfully uploaded new SEV-SNP version: %+v", minVersion)) + + c.log.Info(fmt.Sprintf("Successfully uploaded new %s version: %+v", attestationVariant, minVersion)) return nil } -// cacheSEVSNPVersion uploads the latest observed version numbers of the SEVSNP. This version is used to later report the latest version numbers to the API. -func (c Client) cacheSEVSNPVersion(ctx context.Context, attestation variant.Variant, version attestationconfigapi.SEVSNPVersion, date time.Time) error { +// uploadAsLatestVersion uploads the given version and updates the list to set it as the "latest" version. +// The version's name is the UTC timestamp of the date. +// The /list entry stores the version name + .json suffix. +func (c Client) uploadAsLatestVersion(ctx context.Context, variant variant.Variant, inputVersion any, date time.Time) error { + versions, err := c.List(ctx, variant) + if err != nil { + return fmt.Errorf("fetch version list: %w", err) + } + if !variant.Equal(versions.Variant) { + return nil + } + dateStr := date.Format(VersionFormat) + ".json" - res := putCmd{ - apiObject: reportedSEVSNPVersionAPI{Version: dateStr, variant: attestation, SEVSNPVersion: version}, + var ops []crudCmd + + obj := apiVersionObject{version: dateStr, variant: variant, cached: false} + obj.setVersion(inputVersion) + ops = append(ops, putCmd{ + apiObject: obj, + signer: c.signer, + }) + + versions.AddVersion(dateStr) + + ops = append(ops, putCmd{ + apiObject: versions, + signer: c.signer, + }) + + return executeAllCmds(ctx, c.s3Client, ops) +} + +// addVersionToCache adds the given version to the cache. +func (c Client) addVersionToCache(ctx context.Context, variant variant.Variant, inputVersion any, date time.Time) error { + dateStr := date.Format(VersionFormat) + ".json" + obj := apiVersionObject{version: dateStr, variant: variant, cached: true} + obj.setVersion(inputVersion) + cmd := putCmd{ + apiObject: obj, signer: c.signer, } - return res.Execute(ctx, c.s3Client) + return cmd.Execute(ctx, c.s3Client) } -func (c Client) listCachedVersions(ctx context.Context, attestation variant.Variant) ([]string, error) { - list, err := c.s3Client.ListObjectsV2(ctx, &s3.ListObjectsV2Input{ - Bucket: aws.String(c.bucketID), - Prefix: aws.String(reportVersionDir(attestation)), - }) - if err != nil { - return nil, fmt.Errorf("list objects: %w", err) - } - var dates []string - for _, obj := range list.Contents { - fileName := path.Base(*obj.Key) - if strings.HasSuffix(fileName, ".json") { - dates = append(dates, fileName[:len(fileName)-5]) - } - } - return dates, nil +// findMinVersion returns the minimal version in the cache among the last cacheWindowSize versions. +func (c Client) findMinVersion( + ctx context.Context, attestationVariant variant.Variant, versionDates []string, +) (any, string, error) { + var getMinimalVersion func() (any, string, error) + + actionForVariant(attestationVariant, + func() { + getMinimalVersion = func() (any, string, error) { + return findMinimalVersion[attestationconfigapi.TDXVersion](ctx, attestationVariant, versionDates, c.s3Client, c.cacheWindowSize) + } + }, + func() { + getMinimalVersion = func() (any, string, error) { + return findMinimalVersion[attestationconfigapi.SEVSNPVersion](ctx, attestationVariant, versionDates, c.s3Client, c.cacheWindowSize) + } + }, + ) + return getMinimalVersion() } -// findMinVersion finds the minimal version of the given version dates among the latest values in the version window size. -func (c Client) findMinVersion(ctx context.Context, attesation variant.Variant, versionDates []string) (attestationconfigapi.SEVSNPVersion, string, error) { - var minimalVersion *attestationconfigapi.SEVSNPVersion +func findMinimalVersion[T attestationconfigapi.TDXVersion | attestationconfigapi.SEVSNPVersion]( + ctx context.Context, variant variant.Variant, versionDates []string, + s3Client *client.Client, cacheWindowSize int, +) (T, string, error) { + var minimalVersion *T var minimalDate string sort.Sort(sort.Reverse(sort.StringSlice(versionDates))) // sort in reverse order to slice the latest versions - versionDates = versionDates[:c.cacheWindowSize] + versionDates = versionDates[:cacheWindowSize] sort.Strings(versionDates) // sort with oldest first to to take the minimal version with the oldest date + for _, date := range versionDates { - obj, err := client.Fetch(ctx, c.s3Client, reportedSEVSNPVersionAPI{Version: date + ".json", variant: attesation}) + obj, err := client.Fetch(ctx, s3Client, apiVersionObject{version: date + ".json", variant: variant, cached: true}) if err != nil { - return attestationconfigapi.SEVSNPVersion{}, "", fmt.Errorf("get object: %w", err) + return *new(T), "", fmt.Errorf("get object: %w", err) } - // Need to set this explicitly as the variant is not part of the marshalled JSON. - obj.variant = attesation + obj.variant = variant // variant is not set by Fetch, set it manually if minimalVersion == nil { - minimalVersion = &obj.SEVSNPVersion + v := obj.getVersion().(T) + minimalVersion = &v + minimalDate = date + continue + } + + // If the current minimal version has newer versions than the one we just fetched, + // update the minimal version to the older version. + if isInputNewerThanOtherVersion(variant, *minimalVersion, obj.getVersion()) { + v := obj.getVersion().(T) + minimalVersion = &v minimalDate = date - } else { - shouldUpdateMinimal, err := isInputNewerThanOtherVersion(*minimalVersion, obj.SEVSNPVersion) - if err != nil { - continue - } - if shouldUpdateMinimal { - minimalVersion = &obj.SEVSNPVersion - minimalDate = date - } } } + return *minimalVersion, minimalDate, nil } -// isInputNewerThanOtherVersion compares all version fields and returns true if any input field is newer. -func isInputNewerThanOtherVersion(input, other attestationconfigapi.SEVSNPVersion) (bool, error) { - if input == other { - return false, nil - } - if input.TEE < other.TEE { - return false, fmt.Errorf("input TEE version: %d is older than latest API version: %d", input.TEE, other.TEE) - } - if input.SNP < other.SNP { - return false, fmt.Errorf("input SNP version: %d is older than latest API version: %d", input.SNP, other.SNP) - } - if input.Microcode < other.Microcode { - return false, fmt.Errorf("input Microcode version: %d is older than latest API version: %d", input.Microcode, other.Microcode) - } - if input.Bootloader < other.Bootloader { - return false, fmt.Errorf("input Bootloader version: %d is older than latest API version: %d", input.Bootloader, other.Bootloader) - } - return true, nil +func isInputNewerThanOtherVersion(variant variant.Variant, inputVersion, otherVersion any) bool { + var result bool + actionForVariant(variant, + func() { + input := inputVersion.(attestationconfigapi.TDXVersion) + other := otherVersion.(attestationconfigapi.TDXVersion) + result = isInputNewerThanOtherTDXVersion(input, other) + }, + func() { + input := inputVersion.(attestationconfigapi.SEVSNPVersion) + other := otherVersion.(attestationconfigapi.SEVSNPVersion) + result = isInputNewerThanOtherSEVSNPVersion(input, other) + }, + ) + return result } -// reportedSEVSNPVersionAPI is the request to get the version information of the specific version in the config api. -type reportedSEVSNPVersionAPI struct { - Version string `json:"-"` +type apiVersionObject struct { + version string `json:"-"` variant variant.Variant `json:"-"` - attestationconfigapi.SEVSNPVersion + cached bool `json:"-"` + snp attestationconfigapi.SEVSNPVersion + tdx attestationconfigapi.TDXVersion +} + +func (a apiVersionObject) MarshalJSON() ([]byte, error) { + var res []byte + var err error + actionForVariant(a.variant, + func() { + res, err = json.Marshal(a.tdx) + }, + func() { + res, err = json.Marshal(a.snp) + }, + ) + return res, err +} + +func (a *apiVersionObject) UnmarshalJSON(data []byte) error { + errTDX := json.Unmarshal(data, &a.tdx) + errSNP := json.Unmarshal(data, &a.snp) + if errTDX == nil || errSNP == nil { + return nil + } + return fmt.Errorf("trying to unmarshal data into both TDX and SNP versions: %w", errors.Join(errTDX, errSNP)) } // JSONPath returns the path to the JSON file for the request to the config api. -func (i reportedSEVSNPVersionAPI) JSONPath() string { - return path.Join(reportVersionDir(i.variant), i.Version) +// This is the path to the cached version in the S3 bucket. +func (a apiVersionObject) JSONPath() string { + if a.cached { + return path.Join(reportVersionDir(a.variant), a.version) + } + return path.Join(attestationconfigapi.AttestationURLPath, a.variant.String(), a.version) } // ValidateRequest validates the request. -func (i reportedSEVSNPVersionAPI) ValidateRequest() error { - if !strings.HasSuffix(i.Version, ".json") { +func (a apiVersionObject) ValidateRequest() error { + if !strings.HasSuffix(a.version, ".json") { return fmt.Errorf("version has no .json suffix") } return nil } -// Validate is a No-Op at the moment. -func (i reportedSEVSNPVersionAPI) Validate() error { +// Validate is a No-Op. +func (a apiVersionObject) Validate() error { return nil } + +// getVersion returns the version. +func (a apiVersionObject) getVersion() any { + var res any + actionForVariant(a.variant, + func() { + res = a.tdx + }, + func() { + res = a.snp + }, + ) + return res +} + +// setVersion sets the version. +func (a *apiVersionObject) setVersion(version any) { + actionForVariant(a.variant, + func() { + a.tdx = version.(attestationconfigapi.TDXVersion) + }, + func() { + a.snp = version.(attestationconfigapi.SEVSNPVersion) + }, + ) +} + +// actionForVariant performs the given action based on the whether variant is a TDX or SEV-SNP variant. +func actionForVariant( + attestationVariant variant.Variant, + tdxAction func(), snpAction func(), +) { + switch attestationVariant { + case variant.AWSSEVSNP{}, variant.AzureSEVSNP{}, variant.GCPSEVSNP{}: + snpAction() + case variant.AzureTDX{}: + tdxAction() + default: + panic(fmt.Sprintf("unsupported attestation variant: %s", attestationVariant)) + } +} + +// isInputNewerThanOtherSEVSNPVersion compares all version fields and returns false if any input field is older, or the versions are equal. +func isInputNewerThanOtherSEVSNPVersion(input, other attestationconfigapi.SEVSNPVersion) bool { + if input == other { + return false + } + if input.TEE < other.TEE { + return false + } + if input.SNP < other.SNP { + return false + } + if input.Microcode < other.Microcode { + return false + } + if input.Bootloader < other.Bootloader { + return false + } + return true +} + +// isInputNewerThanOtherSEVSNPVersion compares all version fields and returns false if any input field is older, or the versions are equal. +func isInputNewerThanOtherTDXVersion(input, other attestationconfigapi.TDXVersion) bool { + if input == other { + return false + } + + if input.PCESVN < other.PCESVN { + return false + } + if input.QESVN < other.QESVN { + return false + } + + // Validate component-wise security version numbers + for idx, inputVersion := range input.TEETCBSVN { + if inputVersion < other.TEETCBSVN[idx] { + return false + } + } + + return true +} diff --git a/internal/api/attestationconfigapi/cli/client/reporter_test.go b/internal/api/attestationconfigapi/cli/client/reporter_test.go index f3bc9a4ff..9d786f33d 100644 --- a/internal/api/attestationconfigapi/cli/client/reporter_test.go +++ b/internal/api/attestationconfigapi/cli/client/reporter_test.go @@ -11,7 +11,7 @@ import ( "github.com/stretchr/testify/assert" ) -func TestIsInputNewerThanLatestAPI(t *testing.T) { +func TestIsInputNewerThanOtherSEVSNPVersion(t *testing.T) { newTestCfg := func() attestationconfigapi.SEVSNPVersion { return attestationconfigapi.SEVSNPVersion{ Microcode: 93, @@ -25,7 +25,6 @@ func TestIsInputNewerThanLatestAPI(t *testing.T) { latest attestationconfigapi.SEVSNPVersion input attestationconfigapi.SEVSNPVersion expect bool - errMsg string }{ "input is older than latest": { input: func(c attestationconfigapi.SEVSNPVersion) attestationconfigapi.SEVSNPVersion { @@ -34,7 +33,6 @@ func TestIsInputNewerThanLatestAPI(t *testing.T) { }(newTestCfg()), latest: newTestCfg(), expect: false, - errMsg: "input Microcode version: 92 is older than latest API version: 93", }, "input has greater and smaller version field than latest": { input: func(c attestationconfigapi.SEVSNPVersion) attestationconfigapi.SEVSNPVersion { @@ -44,7 +42,6 @@ func TestIsInputNewerThanLatestAPI(t *testing.T) { }(newTestCfg()), latest: newTestCfg(), expect: false, - errMsg: "input Bootloader version: 1 is older than latest API version: 2", }, "input is newer than latest": { input: func(c attestationconfigapi.SEVSNPVersion) attestationconfigapi.SEVSNPVersion { @@ -62,14 +59,80 @@ func TestIsInputNewerThanLatestAPI(t *testing.T) { } for name, tc := range testCases { t.Run(name, func(t *testing.T) { - isNewer, err := isInputNewerThanOtherVersion(tc.input, tc.latest) - assert := assert.New(t) - if tc.errMsg != "" { - assert.EqualError(err, tc.errMsg) - } else { - assert.NoError(err) - assert.Equal(tc.expect, isNewer) - } + isNewer := isInputNewerThanOtherSEVSNPVersion(tc.input, tc.latest) + assert.Equal(t, tc.expect, isNewer) + }) + } +} + +func TestIsInputNewerThanOtherTDXVersion(t *testing.T) { + newTestVersion := func() attestationconfigapi.TDXVersion { + return attestationconfigapi.TDXVersion{ + QESVN: 1, + PCESVN: 2, + TEETCBSVN: [16]byte{2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2}, + QEVendorID: [16]byte{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}, + XFAM: [8]byte{0, 1, 2, 3, 4, 5, 6, 7}, + } + } + + testCases := map[string]struct { + latest attestationconfigapi.TDXVersion + input attestationconfigapi.TDXVersion + expect bool + }{ + "input is older than latest": { + input: func(c attestationconfigapi.TDXVersion) attestationconfigapi.TDXVersion { + c.QESVN-- + return c + }(newTestVersion()), + latest: newTestVersion(), + expect: false, + }, + "input has greater and smaller version field than latest": { + input: func(c attestationconfigapi.TDXVersion) attestationconfigapi.TDXVersion { + c.QESVN++ + c.PCESVN-- + return c + }(newTestVersion()), + latest: newTestVersion(), + expect: false, + }, + "input is newer than latest": { + input: func(c attestationconfigapi.TDXVersion) attestationconfigapi.TDXVersion { + c.QESVN++ + return c + }(newTestVersion()), + latest: newTestVersion(), + expect: true, + }, + "input is equal to latest": { + input: newTestVersion(), + latest: newTestVersion(), + expect: false, + }, + "tee tcb svn is newer": { + input: func(c attestationconfigapi.TDXVersion) attestationconfigapi.TDXVersion { + c.TEETCBSVN[4]++ + return c + }(newTestVersion()), + latest: newTestVersion(), + expect: true, + }, + "xfam is different": { + input: func(c attestationconfigapi.TDXVersion) attestationconfigapi.TDXVersion { + c.XFAM[3]++ + return c + }(newTestVersion()), + latest: newTestVersion(), + expect: true, + }, + } + + for name, tc := range testCases { + t.Run(name, func(t *testing.T) { + isNewer := isInputNewerThanOtherTDXVersion(tc.input, tc.latest) + assert.Equal(t, tc.expect, isNewer) }) } } diff --git a/internal/api/attestationconfigapi/cli/delete.go b/internal/api/attestationconfigapi/cli/delete.go index aa3947337..013c69481 100644 --- a/internal/api/attestationconfigapi/cli/delete.go +++ b/internal/api/attestationconfigapi/cli/delete.go @@ -18,7 +18,6 @@ import ( "github.com/edgelesssys/constellation/v2/internal/api/attestationconfigapi" "github.com/edgelesssys/constellation/v2/internal/api/attestationconfigapi/cli/client" "github.com/edgelesssys/constellation/v2/internal/attestation/variant" - "github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider" "github.com/edgelesssys/constellation/v2/internal/logger" "github.com/edgelesssys/constellation/v2/internal/staticupload" "github.com/spf13/cobra" @@ -27,21 +26,21 @@ import ( // newDeleteCmd creates the delete command. func newDeleteCmd() *cobra.Command { cmd := &cobra.Command{ - Use: "delete {aws|azure|gcp} {snp-report|guest-firmware} ", + Use: "delete {aws-sev-snp|azure-sev-snp|azure-tdx|gcp-sev-snp} {attestation-report|guest-firmware} ", Short: "Delete an object from the attestationconfig API", Long: "Delete a specific object version from the config api. is the name of the object to delete (without .json suffix)", - Example: "COSIGN_PASSWORD=$CPW COSIGN_PRIVATE_KEY=$CKEY cli delete azure snp-report 1.0.0", - Args: cobra.MatchAll(cobra.ExactArgs(3), isCloudProvider(0), isValidKind(1)), + Example: "COSIGN_PASSWORD=$CPW COSIGN_PRIVATE_KEY=$CKEY cli delete azure-sev-snp attestation-report 1.0.0", + Args: cobra.MatchAll(cobra.ExactArgs(3), isAttestationVariant(0), isValidKind(1)), PreRunE: envCheck, RunE: runDelete, } recursivelyCmd := &cobra.Command{ - Use: "recursive {aws|azure|gcp}", + Use: "recursive {aws-sev-snp|azure-sev-snp|azure-tdx|gcp-sev-snp}", Short: "delete all objects from the API path constellation/v1/attestation/", Long: "Delete all objects from the API path constellation/v1/attestation/", - Example: "COSIGN_PASSWORD=$CPW COSIGN_PRIVATE_KEY=$CKEY cli delete recursive azure", - Args: cobra.MatchAll(cobra.ExactArgs(1), isCloudProvider(0)), + Example: "COSIGN_PASSWORD=$CPW COSIGN_PRIVATE_KEY=$CKEY cli delete recursive azure-sev-snp", + Args: cobra.MatchAll(cobra.ExactArgs(1), isAttestationVariant(0)), RunE: runRecursiveDelete, } @@ -75,16 +74,7 @@ func runDelete(cmd *cobra.Command, args []string) (retErr error) { } }() - switch deleteCfg.provider { - case cloudprovider.AWS: - return deleteEntry(cmd.Context(), variant.AWSSEVSNP{}, client, deleteCfg) - case cloudprovider.Azure: - return deleteEntry(cmd.Context(), variant.AzureSEVSNP{}, client, deleteCfg) - case cloudprovider.GCP: - return deleteEntry(cmd.Context(), variant.GCPSEVSNP{}, client, deleteCfg) - default: - return fmt.Errorf("unsupported cloud provider: %s", deleteCfg.provider) - } + return deleteEntry(cmd.Context(), client, deleteCfg) } func runRecursiveDelete(cmd *cobra.Command, args []string) (retErr error) { @@ -112,23 +102,13 @@ func runRecursiveDelete(cmd *cobra.Command, args []string) (retErr error) { } }() - var deletePath string - switch deleteCfg.provider { - case cloudprovider.AWS: - deletePath = path.Join(attestationconfigapi.AttestationURLPath, variant.AWSSEVSNP{}.String()) - case cloudprovider.Azure: - deletePath = path.Join(attestationconfigapi.AttestationURLPath, variant.AzureSEVSNP{}.String()) - case cloudprovider.GCP: - deletePath = path.Join(attestationconfigapi.AttestationURLPath, variant.GCPSEVSNP{}.String()) - default: - return fmt.Errorf("unsupported cloud provider: %s", deleteCfg.provider) - } + deletePath := path.Join(attestationconfigapi.AttestationURLPath, deleteCfg.variant.String()) return deleteEntryRecursive(cmd.Context(), deletePath, client, deleteCfg) } type deleteConfig struct { - provider cloudprovider.Provider + variant variant.Variant kind objectKind version string region string @@ -155,12 +135,15 @@ func newDeleteConfig(cmd *cobra.Command, args [3]string) (deleteConfig, error) { } apiCfg := getAPIEnvironment(testing) - provider := cloudprovider.FromString(args[0]) + variant, err := variant.FromString(args[0]) + if err != nil { + return deleteConfig{}, fmt.Errorf("invalid attestation variant: %q: %w", args[0], err) + } kind := kindFromString(args[1]) version := args[2] return deleteConfig{ - provider: provider, + variant: variant, kind: kind, version: version, region: region, @@ -171,12 +154,12 @@ func newDeleteConfig(cmd *cobra.Command, args [3]string) (deleteConfig, error) { }, nil } -func deleteEntry(ctx context.Context, attvar variant.Variant, client *client.Client, cfg deleteConfig) error { - if cfg.kind != snpReport { +func deleteEntry(ctx context.Context, client *client.Client, cfg deleteConfig) error { + if cfg.kind != attestationReport { return fmt.Errorf("kind %s not supported", cfg.kind) } - return client.DeleteSEVSNPVersion(ctx, attvar, cfg.version) + return client.DeleteVersion(ctx, cfg.variant, cfg.version) } func deleteEntryRecursive(ctx context.Context, path string, client *staticupload.Client, cfg deleteConfig) error { diff --git a/internal/api/attestationconfigapi/cli/e2e/test.sh.in b/internal/api/attestationconfigapi/cli/e2e/test.sh.in index 5fb23f06f..647fd6e08 100755 --- a/internal/api/attestationconfigapi/cli/e2e/test.sh.in +++ b/internal/api/attestationconfigapi/cli/e2e/test.sh.in @@ -19,39 +19,67 @@ configapi_cli=$(realpath @@CONFIGAPI_CLI@@) stat "${configapi_cli}" >> /dev/null configapi_cli="${configapi_cli} --testing" ###### script body ###### -function variant() { - if [[ $1 == "aws" ]]; then - echo "aws-sev-snp" - return 0 - elif [[ $1 == "azure" ]]; then - echo "azure-sev-snp" - return 0 - elif [[ $1 == "gcp" ]]; then - echo "gcp-sev-snp" - return 0 - else - echo "Unknown CSP: $1" - exit 1 - fi -} - -csp=$1 -readonly csp -attestationType=$(variant "$csp") +attestationVariant=$1 +readonly attestationVariant readonly region="eu-west-1" readonly bucket="resource-api-testing" tmpdir=$(mktemp -d) readonly tmpdir -registerExitHandler "rm -rf $tmpdir" +registerExitHandler "rm -rf ${tmpdir}" # empty the bucket version state -${configapi_cli} delete recursive "$csp" --region "$region" --bucket "$bucket" +${configapi_cli} delete recursive "${attestationVariant}" --region "${region}" --bucket "${bucket}" -# the high version numbers ensure that it's newer than the current latest value -readonly current_report_path="$tmpdir/currentSnpReport.json" -cat << EOF > "$current_report_path" +readonly current_report_path="${tmpdir}/attestationReportCurrent.json" +readonly report_path="${tmpdir}/attestationReport.json" +readonly older_report_path="${tmpdir}/attestationReportOld.json" + +if [[ ${attestationVariant} == *-tdx ]]; then + cat << EOF > "${current_report_path}" +{ + "header": { + "qe_svn": "AAA=", + "pce_svn": "AAA=", + "qe_vendor_id": "KioqKioqKioqKioqKioqKg==" + }, + "td_quote_body": { + "tee_tcb_svn": "AAAAAAAAAAAAAAAAAAAAAA==", + "xfam": "AAAAAAAAAAA=" + } +} +EOF + # the high version numbers ensure that it's newer than the current latest value + cat << EOF > "${report_path}" +{ + "header": { + "qe_svn": "//8=", + "pce_svn": "//8=", + "qe_vendor_id": "KioqKioqKioqKioqKioqKg==" + }, + "td_quote_body": { + "tee_tcb_svn": "/////////////////////w==", + "xfam": "AQIDBAUGBwg=" + } +} +EOF + # has an older version + cat << EOF > "${older_report_path}" +{ + "header": { + "qe_svn": "//8=", + "pce_svn": "/v8=", + "qe_vendor_id": "KioqKioqKioqKioqKioqKg==" + }, + "td_quote_body": { + "tee_tcb_svn": "/////////////////////g==", + "xfam": "AQIDBAUGBwg=" + } +} +EOF +elif [[ ${attestationVariant} == *-sev-snp ]]; then + cat << EOF > "${current_report_path}" { "snp_report": { "reported_tcb": { @@ -75,90 +103,105 @@ cat << EOF > "$current_report_path" } } EOF + # the high version numbers ensure that it's newer than the current latest value + cat << EOF > "${report_path}" +{ + "snp_report": { + "reported_tcb": { + "bootloader": 255, + "tee": 255, + "snp": 255, + "microcode": 255 + }, + "committed_tcb": { + "bootloader": 255, + "tee": 255, + "snp": 255, + "microcode": 255 + }, + "launch_tcb": { + "bootloader": 255, + "tee": 255, + "snp": 255, + "microcode": 255 + } + } +} +EOF + # has an older version + cat << EOF > "${older_report_path}" +{ + "snp_report": { + "reported_tcb": { + "bootloader": 255, + "tee": 255, + "snp": 255, + "microcode": 254 + }, + "committed_tcb": { + "bootloader": 255, + "tee": 255, + "snp": 255, + "microcode": 254 + }, + "launch_tcb": { + "bootloader": 255, + "tee": 255, + "snp": 255, + "microcode": 254 + } + } +} +EOF +else + echo "Unknown attestation variant: ${attestationVariant}" + exit 1 +fi + # upload a fake latest version for the fetcher -${configapi_cli} upload "$csp" snp-report "$current_report_path" --force --upload-date "2000-01-01-01-01" --region "$region" --bucket "$bucket" - -# the high version numbers ensure that it's newer than the current latest value -readonly report_path="$tmpdir/snpReport.json" -cat << EOF > "$report_path" -{ - "snp_report": { - "reported_tcb": { - "bootloader": 255, - "tee": 255, - "snp": 255, - "microcode": 255 - }, - "committed_tcb": { - "bootloader": 255, - "tee": 255, - "snp": 255, - "microcode": 255 - }, - "launch_tcb": { - "bootloader": 255, - "tee": 255, - "snp": 255, - "microcode": 255 - } - } -} -EOF - -# has an older version -readonly older_report_path="$tmpdir/snpReportOld.json" -cat << EOF > "$older_report_path" -{ - "snp_report": { - "reported_tcb": { - "bootloader": 255, - "tee": 255, - "snp": 255, - "microcode": 254 - }, - "committed_tcb": { - "bootloader": 255, - "tee": 255, - "snp": 255, - "microcode": 254 - }, - "launch_tcb": { - "bootloader": 255, - "tee": 255, - "snp": 255, - "microcode": 254 - } - } -} -EOF +${configapi_cli} upload "${attestationVariant}" attestation-report "${current_report_path}" --force --upload-date "2000-01-01-01-01" --region "${region}" --bucket "${bucket}" # report 3 versions with different dates to fill the reporter cache readonly date_oldest="2023-02-01-03-04" -${configapi_cli} upload "$csp" snp-report "$older_report_path" --upload-date "$date_oldest" --region "$region" --bucket "$bucket" --cache-window-size 3 +${configapi_cli} upload "${attestationVariant}" attestation-report "${older_report_path}" --upload-date "${date_oldest}" --region "${region}" --bucket "${bucket}" --cache-window-size 3 readonly date_older="2023-02-02-03-04" -${configapi_cli} upload "$csp" snp-report "$older_report_path" --upload-date "$date_older" --region "$region" --bucket "$bucket" --cache-window-size 3 +${configapi_cli} upload "${attestationVariant}" attestation-report "${older_report_path}" --upload-date "${date_older}" --region "${region}" --bucket "${bucket}" --cache-window-size 3 readonly date="2023-02-03-03-04" -${configapi_cli} upload "$csp" snp-report "$report_path" --upload-date "$date" --region "$region" --bucket "$bucket" --cache-window-size 3 +${configapi_cli} upload "${attestationVariant}" attestation-report "${report_path}" --upload-date "${date}" --region "${region}" --bucket "${bucket}" --cache-window-size 3 # expect that $date_oldest is served as latest version -basepath="constellation/v1/attestation/${attestationType}" +basepath="constellation/v1/attestation/${attestationVariant}" baseurl="https://d33dzgxuwsgbpw.cloudfront.net/${basepath}" -if ! curl -fsSL "${baseurl}"/${date_oldest}.json > version.json; then +if ! curl -fsSL "${baseurl}/${date_oldest}.json" > version.json; then echo "Checking for uploaded version file ${basepath}/${date_oldest}.json: request returned ${?}" exit 1 fi -# check that version values are equal to expected -if ! cmp -s <(echo -n '{"bootloader":255,"tee":255,"snp":255,"microcode":254}') version.json; then - echo "The version content:" - cat version.json - echo " is not equal to the expected version content:" - echo '{"bootloader":255,"tee":255,"snp":255,"microcode":254}' - exit 1 + +if [[ ${attestationVariant} == *-tdx ]]; then + # check that version values are equal to expected + if ! cmp -s <(echo -n '{"qeSVN":65535,"pceSVN":65534,"teeTCBSVN":[255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,254],"qeVendorID":[42,42,42,42,42,42,42,42,42,42,42,42,42,42,42,42],"xfam":[1,2,3,4,5,6,7,8]}') version.json; then + echo "The version content:" + cat version.json + echo " is not equal to the expected version content:" + echo '{"qeSVN":65535,"pceSVN":65534,"teeTCBSVN":[255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,254],"qeVendorID":[42,42,42,42,42,42,42,42,42,42,42,42,42,42,42,42],"xfam":[1,2,3,4,5,6,7,8]}' + exit 1 + fi +elif [[ ${attestationVariant} == *-sev-snp ]]; then + # check that version values are equal to expected + if ! cmp -s <(echo -n '{"bootloader":255,"tee":255,"snp":255,"microcode":254}') version.json; then + echo "The version content:" + cat version.json + echo " is not equal to the expected version content:" + echo '{"bootloader":255,"tee":255,"snp":255,"microcode":254}' + exit 1 + fi fi -if ! curl -fsSL "${baseurl}"/${date_oldest}.json.sig > /dev/null; then + +if ! curl -fsSL "${baseurl}/${date_oldest}.json.sig" > /dev/null; then echo "Checking for uploaded version signature file ${basepath}/${date_oldest}.json.sig: request returned ${?}" exit 1 fi + # check list endpoint if ! curl -fsSL "${baseurl}"/list > list.json; then echo "Checking for uploaded list file ${basepath}/list: request returned ${?}" @@ -174,28 +217,28 @@ if ! cmp -s <(echo -n '["2023-02-01-03-04.json","2000-01-01-01-01.json"]') list. fi # check that the other versions are not uploaded -http_code=$(curl -sSL -w '%{http_code}\n' -o /dev/null "${baseurl}"/${date_older}.json) -if [[ $http_code -ne 404 ]]; then +http_code=$(curl -sSL -w '%{http_code}\n' -o /dev/null "${baseurl}/${date_older}.json") +if [[ ${http_code} -ne 404 ]]; then echo "Expected HTTP code 404 for: ${basepath}/${date_older}.json, but got ${http_code}" exit 1 fi -http_code=$(curl -sSL -w '%{http_code}\n' -o /dev/null "${baseurl}"/${date}.json.sig) -if [[ $http_code -ne 404 ]]; then +http_code=$(curl -sSL -w '%{http_code}\n' -o /dev/null "${baseurl}/${date}.json.sig") +if [[ ${http_code} -ne 404 ]]; then echo "Expected HTTP code 404 for: ${basepath}/${date}.json, but got ${http_code}" exit 1 fi -${configapi_cli} delete "$csp" snp-report "$date_oldest" --region "$region" --bucket "$bucket" +${configapi_cli} delete "${attestationVariant}" attestation-report "${date_oldest}" --region "${region}" --bucket "${bucket}" # Omit -f to check for 404. We want to check that a file was deleted, therefore we expect the query to fail. -http_code=$(curl -sSL -w '%{http_code}\n' -o /dev/null "${baseurl}"/${date_oldest}.json) -if [[ $http_code -ne 404 ]]; then +http_code=$(curl -sSL -w '%{http_code}\n' -o /dev/null "${baseurl}/${date_oldest}.json") +if [[ ${http_code} -ne 404 ]]; then echo "Expected HTTP code 404 for: ${basepath}/${date_oldest}.json, but got ${http_code}" exit 1 fi # Omit -f to check for 404. We want to check that a file was deleted, therefore we expect the query to fail. -http_code=$(curl -sSL -w '%{http_code}\n' -o /dev/null "${baseurl}"/${date_oldest}.json.sig) -if [[ $http_code -ne 404 ]]; then +http_code=$(curl -sSL -w '%{http_code}\n' -o /dev/null "${baseurl}/${date_oldest}.json.sig") +if [[ ${http_code} -ne 404 ]]; then echo "Expected HTTP code 404 for: ${basepath}/${date_oldest}.json, but got ${http_code}" exit 1 fi diff --git a/internal/api/attestationconfigapi/cli/upload.go b/internal/api/attestationconfigapi/cli/upload.go index f04400337..54edb01c6 100644 --- a/internal/api/attestationconfigapi/cli/upload.go +++ b/internal/api/attestationconfigapi/cli/upload.go @@ -7,6 +7,7 @@ package main import ( "context" + "encoding/binary" "errors" "fmt" "log/slog" @@ -17,30 +18,30 @@ import ( "github.com/edgelesssys/constellation/v2/internal/api/attestationconfigapi/cli/client" "github.com/edgelesssys/constellation/v2/internal/api/fetcher" "github.com/edgelesssys/constellation/v2/internal/attestation/variant" - "github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider" "github.com/edgelesssys/constellation/v2/internal/file" "github.com/edgelesssys/constellation/v2/internal/logger" "github.com/edgelesssys/constellation/v2/internal/staticupload" "github.com/edgelesssys/constellation/v2/internal/verify" + "github.com/google/go-tdx-guest/proto/tdx" "github.com/spf13/afero" "github.com/spf13/cobra" ) func newUploadCmd() *cobra.Command { uploadCmd := &cobra.Command{ - Use: "upload {aws|azure|gcp} {snp-report|guest-firmware} ", + Use: "upload {aws-sev-snp|azure-sev-snp|azure-tdx|gcp-sev-snp} {attestation-report|guest-firmware} ", Short: "Upload an object to the attestationconfig API", - Long: fmt.Sprintf("Upload a new object to the attestationconfig API. For snp-reports the new object is added to a cache folder first."+ + Long: fmt.Sprintf("Upload a new object to the attestationconfig API. For snp-reports the new object is added to a cache folder first.\n"+ "The CLI then determines the lowest version within the cache-window present in the cache and writes that value to the config api if necessary. "+ - "For guest-firmware objects the object is added to the API directly. "+ - "Please authenticate with AWS through your preferred method (e.g. environment variables, CLI)"+ + "For guest-firmware objects the object is added to the API directly.\n"+ + "Please authenticate with AWS through your preferred method (e.g. environment variables, CLI) "+ "to be able to upload to S3. Set the %s and %s environment variables to authenticate with cosign.", envCosignPrivateKey, envCosignPwd, ), - Example: "COSIGN_PASSWORD=$CPW COSIGN_PRIVATE_KEY=$CKEY cli upload azure snp-report /some/path/report.json", + Example: "COSIGN_PASSWORD=$CPW COSIGN_PRIVATE_KEY=$CKEY cli upload azure-sev-snp attestation-report /some/path/report.json", - Args: cobra.MatchAll(cobra.ExactArgs(3), isCloudProvider(0), isValidKind(1)), + Args: cobra.MatchAll(cobra.ExactArgs(3), isAttestationVariant(0), isValidKind(1)), PreRunE: envCheck, RunE: runUpload, } @@ -91,42 +92,19 @@ func runUpload(cmd *cobra.Command, args []string) (retErr error) { return fmt.Errorf("creating client: %w", err) } - var attestation variant.Variant - switch uploadCfg.provider { - case cloudprovider.AWS: - attestation = variant.AWSSEVSNP{} - case cloudprovider.Azure: - attestation = variant.AzureSEVSNP{} - case cloudprovider.GCP: - attestation = variant.GCPSEVSNP{} - default: - return fmt.Errorf("unsupported cloud provider: %s", uploadCfg.provider) - } - - return uploadReport(ctx, attestation, client, uploadCfg, file.NewHandler(afero.NewOsFs()), log) + return uploadReport(ctx, client, uploadCfg, file.NewHandler(afero.NewOsFs()), log) } -func uploadReport(ctx context.Context, - attestation variant.Variant, - apiClient *client.Client, - cfg uploadConfig, - fs file.Handler, - log *slog.Logger, +func uploadReport( + ctx context.Context, apiClient *client.Client, + cfg uploadConfig, fs file.Handler, log *slog.Logger, ) error { - if cfg.kind != snpReport { + if cfg.kind != attestationReport { return fmt.Errorf("kind %s not supported", cfg.kind) } - log.Info(fmt.Sprintf("Reading SNP report from file: %s", cfg.path)) - var report verify.Report - if err := fs.ReadJSON(cfg.path, &report); err != nil { - return fmt.Errorf("reading snp report: %w", err) - } - - inputVersion := convertTCBVersionToSNPVersion(report.SNPReport.LaunchTCB) - log.Info(fmt.Sprintf("Input report: %+v", inputVersion)) - - latestAPIVersionAPI, err := attestationconfigapi.NewFetcherWithCustomCDNAndCosignKey(cfg.url, cfg.cosignPublicKey).FetchLatestVersion(ctx, attestation) + apiFetcher := attestationconfigapi.NewFetcherWithCustomCDNAndCosignKey(cfg.url, cfg.cosignPublicKey) + latestVersionInAPI, err := apiFetcher.FetchLatestVersion(ctx, cfg.variant) if err != nil { var notFoundErr *fetcher.NotFoundError if errors.As(err, ¬FoundErr) { @@ -136,12 +114,39 @@ func uploadReport(ctx context.Context, } } - latestAPIVersion := latestAPIVersionAPI.SEVSNPVersion - if err := apiClient.UploadSEVSNPVersionLatest(ctx, attestation, inputVersion, latestAPIVersion, cfg.uploadDate, cfg.force); err != nil { - if errors.Is(err, client.ErrNoNewerVersion) { - log.Info(fmt.Sprintf("Input version: %+v is not newer than latest API version: %+v", inputVersion, latestAPIVersion)) - return nil + var newVersion, latestVersion any + switch cfg.variant { + case variant.AWSSEVSNP{}, variant.AzureSEVSNP{}, variant.GCPSEVSNP{}: + latestVersion = latestVersionInAPI.SEVSNPVersion + + log.Info(fmt.Sprintf("Reading SNP report from file: %s", cfg.path)) + var report verify.Report + if err := fs.ReadJSON(cfg.path, &report); err != nil { + return fmt.Errorf("reading snp report: %w", err) } + + newVersion = convertTCBVersionToSNPVersion(report.SNPReport.LaunchTCB) + log.Info(fmt.Sprintf("Input SNP report: %+v", newVersion)) + + case variant.AzureTDX{}: + latestVersion = latestVersionInAPI.TDXVersion + + log.Info(fmt.Sprintf("Reading TDX report from file: %s", cfg.path)) + var report *tdx.QuoteV4 + if err := fs.ReadJSON(cfg.path, &report); err != nil { + return fmt.Errorf("reading tdx report: %w", err) + } + + newVersion = convertQuoteToTDXVersion(report) + log.Info(fmt.Sprintf("Input TDX report: %+v", newVersion)) + + default: + return fmt.Errorf("variant %s not supported", cfg.variant) + } + + if err := apiClient.UploadLatestVersion( + ctx, cfg.variant, newVersion, latestVersion, cfg.uploadDate, cfg.force, + ); err != nil && !errors.Is(err, client.ErrNoNewerVersion) { return fmt.Errorf("updating latest version: %w", err) } @@ -157,8 +162,18 @@ func convertTCBVersionToSNPVersion(tcb verify.TCBVersion) attestationconfigapi.S } } +func convertQuoteToTDXVersion(quote *tdx.QuoteV4) attestationconfigapi.TDXVersion { + return attestationconfigapi.TDXVersion{ + QESVN: binary.LittleEndian.Uint16(quote.Header.QeSvn), + PCESVN: binary.LittleEndian.Uint16(quote.Header.PceSvn), + QEVendorID: [16]byte(quote.Header.QeVendorId), + XFAM: [8]byte(quote.TdQuoteBody.Xfam), + TEETCBSVN: [16]byte(quote.TdQuoteBody.TeeTcbSvn), + } +} + type uploadConfig struct { - provider cloudprovider.Provider + variant variant.Variant kind objectKind path string uploadDate time.Time @@ -210,12 +225,16 @@ func newConfig(cmd *cobra.Command, args [3]string) (uploadConfig, error) { return uploadConfig{}, fmt.Errorf("getting cache window size: %w", err) } - provider := cloudprovider.FromString(args[0]) + variant, err := variant.FromString(args[0]) + if err != nil { + return uploadConfig{}, fmt.Errorf("invalid attestation variant: %q: %w", args[0], err) + } + kind := kindFromString(args[1]) path := args[2] return uploadConfig{ - provider: provider, + variant: variant, kind: kind, path: path, uploadDate: uploadDate, diff --git a/internal/api/attestationconfigapi/cli/validargs.go b/internal/api/attestationconfigapi/cli/validargs.go index 22a11ac21..0c77ce051 100644 --- a/internal/api/attestationconfigapi/cli/validargs.go +++ b/internal/api/attestationconfigapi/cli/validargs.go @@ -10,16 +10,22 @@ import ( "fmt" "strings" - "github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider" + "github.com/edgelesssys/constellation/v2/internal/attestation/variant" "github.com/spf13/cobra" ) -func isCloudProvider(arg int) cobra.PositionalArgs { +func isAttestationVariant(arg int) cobra.PositionalArgs { return func(_ *cobra.Command, args []string) error { - if provider := cloudprovider.FromString(args[arg]); provider == cloudprovider.Unknown { - return fmt.Errorf("argument %s isn't a valid cloud provider", args[arg]) + attestationVariant, err := variant.FromString(args[arg]) + if err != nil { + return fmt.Errorf("argument %s isn't a valid attestation variant", args[arg]) + } + switch attestationVariant { + case variant.AWSSEVSNP{}, variant.AzureSEVSNP{}, variant.AzureTDX{}, variant.GCPSEVSNP{}: + return nil + default: + return fmt.Errorf("argument %s isn't a supported attestation variant", args[arg]) } - return nil } } @@ -37,16 +43,15 @@ type objectKind string const ( // unknown is the default objectKind and does nothing. - unknown objectKind = "unknown-kind" - snpReport objectKind = "snp-report" - tdxReport objectKind = "tdx-report" - guestFirmware objectKind = "guest-firmware" + unknown objectKind = "unknown-kind" + attestationReport objectKind = "attestation-report" + guestFirmware objectKind = "guest-firmware" ) func kindFromString(s string) objectKind { lower := strings.ToLower(s) switch objectKind(lower) { - case snpReport, guestFirmware, tdxReport: + case attestationReport, guestFirmware: return objectKind(lower) default: return unknown diff --git a/internal/api/attestationconfigapi/fetcher.go b/internal/api/attestationconfigapi/fetcher.go index 6990426bf..ca30bb554 100644 --- a/internal/api/attestationconfigapi/fetcher.go +++ b/internal/api/attestationconfigapi/fetcher.go @@ -20,7 +20,7 @@ const cosignPublicKey = constants.CosignPublicKeyReleases // Fetcher fetches config API resources without authentication. type Fetcher interface { - FetchLatestVersion(ctx context.Context, attestation variant.Variant) (VersionAPIEntry, error) + FetchLatestVersion(ctx context.Context, attestation variant.Variant) (Entry, error) } // fetcher fetches AttestationCfg API resources without authentication. @@ -60,10 +60,10 @@ func newFetcherWithClientAndVerifier(client apifetcher.HTTPClient, cosignVerifie } // FetchLatestVersion returns the latest versions of the given type. -func (f *fetcher) FetchLatestVersion(ctx context.Context, variant variant.Variant) (VersionAPIEntry, error) { +func (f *fetcher) FetchLatestVersion(ctx context.Context, variant variant.Variant) (Entry, error) { list, err := f.fetchVersionList(ctx, variant) if err != nil { - return VersionAPIEntry{}, err + return Entry{}, err } // latest version is first in list @@ -71,11 +71,10 @@ func (f *fetcher) FetchLatestVersion(ctx context.Context, variant variant.Varian } // fetchVersionList fetches the version list information from the config API. -func (f *fetcher) fetchVersionList(ctx context.Context, variant variant.Variant) (VersionList, error) { - // TODO(derpsteb): Replace with FetchAndVerify once we move to v2 of the config API and the list is saved as (.json) file. - fetchedList, err := apifetcher.Fetch(ctx, f.HTTPClient, f.cdnURL, VersionList{Variant: variant}) +func (f *fetcher) fetchVersionList(ctx context.Context, variant variant.Variant) (List, error) { + fetchedList, err := apifetcher.FetchAndVerify(ctx, f.HTTPClient, f.cdnURL, List{Variant: variant}, f.verifier) if err != nil { - return VersionList{}, fmt.Errorf("fetching version list: %w", err) + return List{}, fmt.Errorf("fetching version list: %w", err) } // Set the attestation variant of the list as it is not part of the marshalled JSON retrieved by Fetch @@ -85,14 +84,14 @@ func (f *fetcher) fetchVersionList(ctx context.Context, variant variant.Variant) } // fetchVersion fetches the version information from the config API. -func (f *fetcher) fetchVersion(ctx context.Context, version string, variant variant.Variant) (VersionAPIEntry, error) { - obj := VersionAPIEntry{ +func (f *fetcher) fetchVersion(ctx context.Context, version string, variant variant.Variant) (Entry, error) { + obj := Entry{ Version: version, Variant: variant, } fetchedVersion, err := apifetcher.FetchAndVerify(ctx, f.HTTPClient, f.cdnURL, obj, f.verifier) if err != nil { - return VersionAPIEntry{}, fmt.Errorf("fetching version %q: %w", version, err) + return Entry{}, fmt.Errorf("fetching version %q: %w", version, err) } // Set the attestation variant of the list as it is not part of the marshalled JSON retrieved by FetchAndVerify diff --git a/internal/api/attestationconfigapi/fetcher_test.go b/internal/api/attestationconfigapi/fetcher_test.go index 93c013247..b3d737f54 100644 --- a/internal/api/attestationconfigapi/fetcher_test.go +++ b/internal/api/attestationconfigapi/fetcher_test.go @@ -22,7 +22,7 @@ import ( ) func TestFetchLatestSEVSNPVersion(t *testing.T) { - latestVersionSNP := VersionAPIEntry{ + latestVersionSNP := Entry{ SEVSNPVersion: SEVSNPVersion{ Microcode: 93, TEE: 0, @@ -30,7 +30,7 @@ func TestFetchLatestSEVSNPVersion(t *testing.T) { Bootloader: 2, }, } - olderVersionSNP := VersionAPIEntry{ + olderVersionSNP := Entry{ SEVSNPVersion: SEVSNPVersion{ Microcode: 1, TEE: 0, @@ -38,7 +38,7 @@ func TestFetchLatestSEVSNPVersion(t *testing.T) { Bootloader: 1, }, } - latestVersionTDX := VersionAPIEntry{ + latestVersionTDX := Entry{ TDXVersion: TDXVersion{ QESVN: 2, PCESVN: 3, @@ -47,7 +47,7 @@ func TestFetchLatestSEVSNPVersion(t *testing.T) { XFAM: [8]byte{6}, }, } - olderVersionTDX := VersionAPIEntry{ + olderVersionTDX := Entry{ TDXVersion: TDXVersion{ QESVN: 1, PCESVN: 2, @@ -64,30 +64,30 @@ func TestFetchLatestSEVSNPVersion(t *testing.T) { timeAtTest time.Time wantErr bool attestation variant.Variant - expectedVersion VersionAPIEntry - olderVersion VersionAPIEntry - latestVersion VersionAPIEntry + expectedVersion Entry + olderVersion Entry + latestVersion Entry }{ "get latest version azure-sev-snp": { fetcherVersions: []string{latestStr, olderStr}, attestation: variant.AzureSEVSNP{}, - expectedVersion: func() VersionAPIEntry { tmp := latestVersionSNP; tmp.Variant = variant.AzureSEVSNP{}; return tmp }(), - olderVersion: func() VersionAPIEntry { tmp := olderVersionSNP; tmp.Variant = variant.AzureSEVSNP{}; return tmp }(), - latestVersion: func() VersionAPIEntry { tmp := latestVersionSNP; tmp.Variant = variant.AzureSEVSNP{}; return tmp }(), + expectedVersion: func() Entry { tmp := latestVersionSNP; tmp.Variant = variant.AzureSEVSNP{}; return tmp }(), + olderVersion: func() Entry { tmp := olderVersionSNP; tmp.Variant = variant.AzureSEVSNP{}; return tmp }(), + latestVersion: func() Entry { tmp := latestVersionSNP; tmp.Variant = variant.AzureSEVSNP{}; return tmp }(), }, "get latest version aws-sev-snp": { fetcherVersions: []string{latestStr, olderStr}, attestation: variant.AWSSEVSNP{}, - expectedVersion: func() VersionAPIEntry { tmp := latestVersionSNP; tmp.Variant = variant.AWSSEVSNP{}; return tmp }(), - olderVersion: func() VersionAPIEntry { tmp := olderVersionSNP; tmp.Variant = variant.AWSSEVSNP{}; return tmp }(), - latestVersion: func() VersionAPIEntry { tmp := latestVersionSNP; tmp.Variant = variant.AWSSEVSNP{}; return tmp }(), + expectedVersion: func() Entry { tmp := latestVersionSNP; tmp.Variant = variant.AWSSEVSNP{}; return tmp }(), + olderVersion: func() Entry { tmp := olderVersionSNP; tmp.Variant = variant.AWSSEVSNP{}; return tmp }(), + latestVersion: func() Entry { tmp := latestVersionSNP; tmp.Variant = variant.AWSSEVSNP{}; return tmp }(), }, "get latest version azure-tdx": { fetcherVersions: []string{latestStr, olderStr}, attestation: variant.AzureTDX{}, - expectedVersion: func() VersionAPIEntry { tmp := latestVersionTDX; tmp.Variant = variant.AzureTDX{}; return tmp }(), - olderVersion: func() VersionAPIEntry { tmp := olderVersionTDX; tmp.Variant = variant.AzureTDX{}; return tmp }(), - latestVersion: func() VersionAPIEntry { tmp := latestVersionTDX; tmp.Variant = variant.AzureTDX{}; return tmp }(), + expectedVersion: func() Entry { tmp := latestVersionTDX; tmp.Variant = variant.AzureTDX{}; return tmp }(), + olderVersion: func() Entry { tmp := olderVersionTDX; tmp.Variant = variant.AzureTDX{}; return tmp }(), + latestVersion: func() Entry { tmp := latestVersionTDX; tmp.Variant = variant.AzureTDX{}; return tmp }(), }, } for name, tc := range testCases { @@ -119,14 +119,15 @@ type fakeConfigAPIHandler struct { attestation variant.Variant versions []string latestDate string - latestVersion VersionAPIEntry + latestVersion Entry olderDate string - olderVersion VersionAPIEntry + olderVersion Entry } // RoundTrip resolves the request and returns a dummy response. func (f *fakeConfigAPIHandler) RoundTrip(req *http.Request) (*http.Response, error) { - if req.URL.Path == fmt.Sprintf("/constellation/v1/attestation/%s/list", f.attestation.String()) { + switch req.URL.Path { + case fmt.Sprintf("/constellation/v1/attestation/%s/list", f.attestation.String()): res := &http.Response{} bt, err := json.Marshal(f.versions) if err != nil { @@ -137,7 +138,14 @@ func (f *fakeConfigAPIHandler) RoundTrip(req *http.Request) (*http.Response, err res.Header.Set("Content-Type", "application/json") res.StatusCode = http.StatusOK return res, nil - } else if req.URL.Path == fmt.Sprintf("/constellation/v1/attestation/%s/%s", f.attestation.String(), f.latestDate) { + + case fmt.Sprintf("/constellation/v1/attestation/%s/list.sig", f.attestation.String()): + res := &http.Response{} + res.Body = io.NopCloser(bytes.NewReader([]byte("null"))) + res.StatusCode = http.StatusOK + return res, nil + + case fmt.Sprintf("/constellation/v1/attestation/%s/%s", f.attestation.String(), f.latestDate): res := &http.Response{} bt, err := json.Marshal(f.latestVersion) if err != nil { @@ -147,7 +155,7 @@ func (f *fakeConfigAPIHandler) RoundTrip(req *http.Request) (*http.Response, err res.StatusCode = http.StatusOK return res, nil - } else if req.URL.Path == fmt.Sprintf("/constellation/v1/attestation/%s/%s", f.attestation.String(), f.olderDate) { + case fmt.Sprintf("/constellation/v1/attestation/%s/%s", f.attestation.String(), f.olderDate): res := &http.Response{} bt, err := json.Marshal(f.olderVersion) if err != nil { @@ -156,13 +164,14 @@ func (f *fakeConfigAPIHandler) RoundTrip(req *http.Request) (*http.Response, err res.Body = io.NopCloser(bytes.NewReader(bt)) res.StatusCode = http.StatusOK return res, nil - } else if req.URL.Path == fmt.Sprintf("/constellation/v1/attestation/%s/%s.sig", f.attestation.String(), f.latestDate) { + + case fmt.Sprintf("/constellation/v1/attestation/%s/%s.sig", f.attestation.String(), f.latestDate): res := &http.Response{} res.Body = io.NopCloser(bytes.NewReader([]byte("null"))) res.StatusCode = http.StatusOK return res, nil - } else if req.URL.Path == fmt.Sprintf("/constellation/v1/attestation/%s/%s.sig", f.attestation.String(), f.olderDate) { + case fmt.Sprintf("/constellation/v1/attestation/%s/%s.sig", f.attestation.String(), f.olderDate): res := &http.Response{} res.Body = io.NopCloser(bytes.NewReader([]byte("null"))) res.StatusCode = http.StatusOK diff --git a/internal/api/attestationconfigapi/version.go b/internal/api/attestationconfigapi/version.go index 669ee6d4c..13dd17254 100644 --- a/internal/api/attestationconfigapi/version.go +++ b/internal/api/attestationconfigapi/version.go @@ -45,12 +45,12 @@ type TDXVersion struct { XFAM [8]byte `json:"xfam"` } -// VersionAPIEntry is the request to get the version information of the specific version in the config api. +// Entry is the request to get the version information of the specific version in the config api. // // TODO: Because variant is not part of the marshalled JSON, fetcher and client methods need to fill the variant property. // In API v2 we should embed the variant in the object and remove some code from fetcher & client. // That would remove the possibility of some fetcher/client code forgetting to set the variant. -type VersionAPIEntry struct { +type Entry struct { Version string `json:"-"` Variant variant.Variant `json:"-"` SEVSNPVersion @@ -58,12 +58,12 @@ type VersionAPIEntry struct { } // JSONPath returns the path to the JSON file for the request to the config api. -func (i VersionAPIEntry) JSONPath() string { +func (i Entry) JSONPath() string { return path.Join(AttestationURLPath, i.Variant.String(), i.Version) } // ValidateRequest validates the request. -func (i VersionAPIEntry) ValidateRequest() error { +func (i Entry) ValidateRequest() error { if !strings.HasSuffix(i.Version, ".json") { return fmt.Errorf("version has no .json suffix") } @@ -71,47 +71,47 @@ func (i VersionAPIEntry) ValidateRequest() error { } // Validate is a No-Op at the moment. -func (i VersionAPIEntry) Validate() error { +func (i Entry) Validate() error { return nil } -// VersionList is the request to retrieve of all versions in the API for one attestation variant. +// List is the request to retrieve of all versions in the API for one attestation variant. // // TODO: Because variant is not part of the marshalled JSON, fetcher and client methods need to fill the variant property. // In API v2 we should embed the variant in the object and remove some code from fetcher & client. // That would remove the possibility of some fetcher/client code forgetting to set the variant. -type VersionList struct { +type List struct { Variant variant.Variant List []string } // MarshalJSON marshals the i's list property to JSON. -func (i VersionList) MarshalJSON() ([]byte, error) { +func (i List) MarshalJSON() ([]byte, error) { return json.Marshal(i.List) } // UnmarshalJSON unmarshals a list of strings into i's list property. -func (i *VersionList) UnmarshalJSON(data []byte) error { +func (i *List) UnmarshalJSON(data []byte) error { return json.Unmarshal(data, &i.List) } // JSONPath returns the path to the JSON file for the request to the config api. -func (i VersionList) JSONPath() string { +func (i List) JSONPath() string { return path.Join(AttestationURLPath, i.Variant.String(), "list") } // ValidateRequest is a NoOp as there is no input. -func (i VersionList) ValidateRequest() error { +func (i List) ValidateRequest() error { return nil } // SortReverse sorts the list of versions in reverse order. -func (i *VersionList) SortReverse() { +func (i *List) SortReverse() { sort.Sort(sort.Reverse(sort.StringSlice(i.List))) } // AddVersion adds new to i's list and sorts the element in descending order. -func (i *VersionList) AddVersion(new string) { +func (i *List) AddVersion(new string) { i.List = append(i.List, new) i.List = variant.RemoveDuplicate(i.List) @@ -119,7 +119,7 @@ func (i *VersionList) AddVersion(new string) { } // Validate validates the response. -func (i VersionList) Validate() error { +func (i List) Validate() error { if len(i.List) < 1 { return fmt.Errorf("no versions found in /list") } diff --git a/internal/api/attestationconfigapi/version_test.go b/internal/api/attestationconfigapi/version_test.go index ee87bfc37..1e5c51441 100644 --- a/internal/api/attestationconfigapi/version_test.go +++ b/internal/api/attestationconfigapi/version_test.go @@ -16,21 +16,21 @@ import ( func TestVersionListMarshalUnmarshalJSON(t *testing.T) { tests := map[string]struct { - input VersionList - output VersionList + input List + output List wantDiff bool }{ "success": { - input: VersionList{List: []string{"v1", "v2"}}, - output: VersionList{List: []string{"v1", "v2"}}, + input: List{List: []string{"v1", "v2"}}, + output: List{List: []string{"v1", "v2"}}, }, "variant is lost": { - input: VersionList{List: []string{"v1", "v2"}, Variant: variant.AzureSEVSNP{}}, - output: VersionList{List: []string{"v1", "v2"}}, + input: List{List: []string{"v1", "v2"}, Variant: variant.AzureSEVSNP{}}, + output: List{List: []string{"v1", "v2"}}, }, "wrong order": { - input: VersionList{List: []string{"v1", "v2"}}, - output: VersionList{List: []string{"v2", "v1"}}, + input: List{List: []string{"v1", "v2"}}, + output: List{List: []string{"v2", "v1"}}, wantDiff: true, }, } @@ -40,7 +40,7 @@ func TestVersionListMarshalUnmarshalJSON(t *testing.T) { inputRaw, err := tc.input.MarshalJSON() require.NoError(t, err) - var actual VersionList + var actual List err = actual.UnmarshalJSON(inputRaw) require.NoError(t, err) @@ -68,7 +68,7 @@ func TestVersionListAddVersion(t *testing.T) { for name, tc := range tests { t.Run(name, func(t *testing.T) { - v := VersionList{List: tc.versions} + v := List{List: tc.versions} v.AddVersion(tc.new) assert.Equal(t, tc.expected, v.List) diff --git a/internal/api/client/client.go b/internal/api/client/client.go index 4929872ed..d3c0a6b75 100644 --- a/internal/api/client/client.go +++ b/internal/api/client/client.go @@ -53,7 +53,7 @@ type Client struct { dirtyPaths []string // written paths to be invalidated DryRun bool // no write operations are performed - Logger *slog.Logger + log *slog.Logger } // NewReadOnlyClient creates a new read-only client. @@ -77,7 +77,7 @@ func NewReadOnlyClient(ctx context.Context, region, bucket, distributionID strin s3ClientClose: staticUploadClientClose, bucket: bucket, DryRun: true, - Logger: log, + log: log, } clientClose := func(ctx context.Context) error { return client.Close(ctx) @@ -106,7 +106,7 @@ func NewClient(ctx context.Context, region, bucket, distributionID string, dryRu s3ClientClose: staticUploadClientClose, bucket: bucket, DryRun: dryRun, - Logger: log, + log: log, } clientClose := func(ctx context.Context) error { return client.Close(ctx) @@ -119,7 +119,7 @@ func NewClient(ctx context.Context, region, bucket, distributionID string, dryRu // It invalidates the CDN cache for all uploaded files. func (c *Client) Close(ctx context.Context) error { if c.s3ClientClose == nil { - c.Logger.Debug("Client has no s3ClientClose") + c.log.Debug("Client has no s3ClientClose") return nil } return c.s3ClientClose(ctx) @@ -131,7 +131,7 @@ func (c *Client) DeletePath(ctx context.Context, path string) error { Bucket: &c.bucket, Prefix: &path, } - c.Logger.Debug(fmt.Sprintf("Listing objects in %q", path)) + c.log.Debug(fmt.Sprintf("Listing objects in %q", path)) objs := []s3types.Object{} out := &s3.ListObjectsV2Output{IsTruncated: ptr(true)} for out.IsTruncated != nil && *out.IsTruncated { @@ -142,10 +142,10 @@ func (c *Client) DeletePath(ctx context.Context, path string) error { } objs = append(objs, out.Contents...) } - c.Logger.Debug(fmt.Sprintf("Found %d objects in %q", len(objs), path)) + c.log.Debug(fmt.Sprintf("Found %d objects in %q", len(objs), path)) if len(objs) == 0 { - c.Logger.Warn(fmt.Sprintf("Path %s is already empty", path)) + c.log.Warn(fmt.Sprintf("Path %s is already empty", path)) return nil } @@ -155,7 +155,7 @@ func (c *Client) DeletePath(ctx context.Context, path string) error { } if c.DryRun { - c.Logger.Debug(fmt.Sprintf("DryRun: Deleting %d objects with IDs %v", len(objs), objIDs)) + c.log.Debug(fmt.Sprintf("DryRun: Deleting %d objects with IDs %v", len(objs), objIDs)) return nil } @@ -167,7 +167,7 @@ func (c *Client) DeletePath(ctx context.Context, path string) error { Objects: objIDs, }, } - c.Logger.Debug(fmt.Sprintf("Deleting %d objects in %q", len(objs), path)) + c.log.Debug(fmt.Sprintf("Deleting %d objects in %q", len(objs), path)) if _, err := c.s3Client.DeleteObjects(ctx, deleteIn); err != nil { return fmt.Errorf("deleting objects in %s: %w", path, err) } @@ -197,7 +197,7 @@ func Fetch[T APIObject](ctx context.Context, c *Client, obj T) (T, error) { Key: ptr(obj.JSONPath()), } - c.Logger.Debug(fmt.Sprintf("Fetching %T from s3: %q", obj, obj.JSONPath())) + c.log.Debug(fmt.Sprintf("Fetching %T from s3: %q", obj, obj.JSONPath())) out, err := c.s3Client.GetObject(ctx, in) var noSuchkey *s3types.NoSuchKey if errors.As(err, &noSuchkey) { @@ -231,7 +231,7 @@ func Update(ctx context.Context, c *Client, obj APIObject) error { } if c.DryRun { - c.Logger.With(slog.String("bucket", c.bucket), slog.String("key", obj.JSONPath()), slog.String("body", string(rawJSON))).Debug("DryRun: s3 put object") + c.log.With(slog.String("bucket", c.bucket), slog.String("key", obj.JSONPath()), slog.String("body", string(rawJSON))).Debug("DryRun: s3 put object") return nil } @@ -243,7 +243,7 @@ func Update(ctx context.Context, c *Client, obj APIObject) error { c.dirtyPaths = append(c.dirtyPaths, "/"+obj.JSONPath()) - c.Logger.Debug(fmt.Sprintf("Uploading %T to s3: %q", obj, obj.JSONPath())) + c.log.Debug(fmt.Sprintf("Uploading %T to s3: %q", obj, obj.JSONPath())) if _, err := c.Upload(ctx, in); err != nil { return fmt.Errorf("uploading %T: %w", obj, err) } @@ -306,7 +306,7 @@ func Delete(ctx context.Context, c *Client, obj APIObject) error { Key: ptr(obj.JSONPath()), } - c.Logger.Debug(fmt.Sprintf("Deleting %T from s3: %q", obj, obj.JSONPath())) + c.log.Debug(fmt.Sprintf("Deleting %T from s3: %q", obj, obj.JSONPath())) if _, err := c.DeleteObject(ctx, in); err != nil { return fmt.Errorf("deleting s3 object at %s: %w", obj.JSONPath(), err) } diff --git a/internal/api/fetcher/fetcher.go b/internal/api/fetcher/fetcher.go index ec3118c9c..52135aa1f 100644 --- a/internal/api/fetcher/fetcher.go +++ b/internal/api/fetcher/fetcher.go @@ -20,12 +20,10 @@ package fetcher import ( "context" "encoding/json" - "errors" "fmt" "io" "net/http" "net/url" - "strings" "github.com/edgelesssys/constellation/v2/internal/sigstore" ) @@ -145,7 +143,7 @@ type apiObject interface { // signature manages the signature of a object saved at location 'Signed'. type signature struct { // Signed is the object that is signed. - Signed string `json:"-"` + Signed string `json:"signed"` // Signature is the signature of `Signed`. Signature []byte `json:"signature"` } @@ -155,12 +153,8 @@ func (s signature) JSONPath() string { return s.Signed + ".sig" } -// ValidateRequest validates the request. +// ValidateRequest is a no-op. func (s signature) ValidateRequest() error { - if !strings.HasSuffix(s.Signed, ".json") { - return errors.New("signed object missing .json suffix") - } - return nil } diff --git a/internal/api/versionsapi/client.go b/internal/api/versionsapi/client.go index 5d14fdacd..496557102 100644 --- a/internal/api/versionsapi/client.go +++ b/internal/api/versionsapi/client.go @@ -23,6 +23,8 @@ import ( type Client struct { *apiclient.Client clientClose func(ctx context.Context) error + + log *slog.Logger } // NewClient creates a new client for the versions API. @@ -31,8 +33,9 @@ func NewClient(ctx context.Context, region, bucket, distributionID string, dryRu ) (*Client, CloseFunc, error) { genericClient, genericClientClose, err := apiclient.NewClient(ctx, region, bucket, distributionID, dryRun, log) versionsClient := &Client{ - genericClient, - genericClientClose, + Client: genericClient, + clientClose: genericClientClose, + log: log, } versionsClientClose := func(ctx context.Context) error { return versionsClient.Close(ctx) @@ -50,8 +53,9 @@ func NewReadOnlyClient(ctx context.Context, region, bucket, distributionID strin return nil, nil, err } versionsClient := &Client{ - genericClient, - genericClientClose, + Client: genericClient, + clientClose: genericClientClose, + log: log, } versionsClientClose := func(ctx context.Context) error { return versionsClient.Close(ctx) @@ -131,18 +135,18 @@ func (c *Client) DeleteRef(ctx context.Context, ref string) error { func (c *Client) DeleteVersion(ctx context.Context, ver Version) error { var retErr error - c.Client.Logger.Debug(fmt.Sprintf("Deleting version %q from minor version list", ver.version)) + c.log.Debug(fmt.Sprintf("Deleting version %q from minor version list", ver.version)) possibleNewLatest, err := c.deleteVersionFromMinorVersionList(ctx, ver) if err != nil { retErr = errors.Join(retErr, fmt.Errorf("removing from minor version list: %w", err)) } - c.Client.Logger.Debug(fmt.Sprintf("Checking latest version for %q", ver.version)) + c.log.Debug(fmt.Sprintf("Checking latest version for %q", ver.version)) if err := c.deleteVersionFromLatest(ctx, ver, possibleNewLatest); err != nil { retErr = errors.Join(retErr, fmt.Errorf("updating latest version: %w", err)) } - c.Client.Logger.Debug(fmt.Sprintf("Deleting artifact path %q for %q", ver.ArtifactPath(APIV1), ver.version)) + c.log.Debug(fmt.Sprintf("Deleting artifact path %q for %q", ver.ArtifactPath(APIV1), ver.version)) if err := c.Client.DeletePath(ctx, ver.ArtifactPath(APIV1)); err != nil { retErr = errors.Join(retErr, fmt.Errorf("deleting artifact path: %w", err)) } @@ -159,20 +163,20 @@ func (c *Client) deleteVersionFromMinorVersionList(ctx context.Context, ver Vers Base: ver.WithGranularity(GranularityMinor), Kind: VersionKindImage, } - c.Client.Logger.Debug(fmt.Sprintf("Fetching minor version list for version %q", ver.version)) + c.log.Debug(fmt.Sprintf("Fetching minor version list for version %q", ver.version)) minorList, err := c.FetchVersionList(ctx, minorList) var notFoundErr *apiclient.NotFoundError if errors.As(err, ¬FoundErr) { - c.Client.Logger.Warn(fmt.Sprintf("Minor version list for version %s not found", ver.version)) - c.Client.Logger.Warn("Skipping update of minor version list") + c.log.Warn(fmt.Sprintf("Minor version list for version %s not found", ver.version)) + c.log.Warn("Skipping update of minor version list") return nil, nil } else if err != nil { return nil, fmt.Errorf("fetching minor version list for version %s: %w", ver.version, err) } if !minorList.Contains(ver.version) { - c.Client.Logger.Warn(fmt.Sprintf("Version %s is not in minor version list %s", ver.version, minorList.JSONPath())) - c.Client.Logger.Warn("Skipping update of minor version list") + c.log.Warn(fmt.Sprintf("Version %s is not in minor version list %s", ver.version, minorList.JSONPath())) + c.log.Warn("Skipping update of minor version list") return nil, nil } @@ -192,20 +196,20 @@ func (c *Client) deleteVersionFromMinorVersionList(ctx context.Context, ver Vers Kind: VersionKindImage, Version: minorList.Versions[len(minorList.Versions)-1], } - c.Client.Logger.Debug(fmt.Sprintf("Possible latest version replacement %q", latest.Version)) + c.log.Debug(fmt.Sprintf("Possible latest version replacement %q", latest.Version)) } if c.Client.DryRun { - c.Client.Logger.Debug(fmt.Sprintf("DryRun: Updating minor version list %q to %v", minorList.JSONPath(), minorList)) + c.log.Debug(fmt.Sprintf("DryRun: Updating minor version list %q to %v", minorList.JSONPath(), minorList)) return latest, nil } - c.Client.Logger.Debug(fmt.Sprintf("Updating minor version list %q", minorList.JSONPath())) + c.log.Debug(fmt.Sprintf("Updating minor version list %q", minorList.JSONPath())) if err := c.UpdateVersionList(ctx, minorList); err != nil { return latest, fmt.Errorf("updating minor version list %s: %w", minorList.JSONPath(), err) } - c.Client.Logger.Debug(fmt.Sprintf("Removed version %q from minor version list %q", ver.version, minorList.JSONPath())) + c.log.Debug(fmt.Sprintf("Removed version %q from minor version list %q", ver.version, minorList.JSONPath())) return latest, nil } @@ -216,33 +220,33 @@ func (c *Client) deleteVersionFromLatest(ctx context.Context, ver Version, possi Stream: ver.stream, Kind: VersionKindImage, } - c.Client.Logger.Debug(fmt.Sprintf("Fetching latest version from %q", latest.JSONPath())) + c.log.Debug(fmt.Sprintf("Fetching latest version from %q", latest.JSONPath())) latest, err := c.FetchVersionLatest(ctx, latest) var notFoundErr *apiclient.NotFoundError if errors.As(err, ¬FoundErr) { - c.Client.Logger.Warn(fmt.Sprintf("Latest version for %s not found", latest.JSONPath())) + c.log.Warn(fmt.Sprintf("Latest version for %s not found", latest.JSONPath())) return nil } else if err != nil { return fmt.Errorf("fetching latest version: %w", err) } if latest.Version != ver.version { - c.Client.Logger.Debug(fmt.Sprintf("Latest version is %q, not the deleted version %q", latest.Version, ver.version)) + c.log.Debug(fmt.Sprintf("Latest version is %q, not the deleted version %q", latest.Version, ver.version)) return nil } if possibleNewLatest == nil { - c.Client.Logger.Error(fmt.Sprintf("Latest version is %s, but no new latest version was found", latest.Version)) - c.Client.Logger.Error(fmt.Sprintf("A manual update of latest at %s might be needed", latest.JSONPath())) + c.log.Error(fmt.Sprintf("Latest version is %s, but no new latest version was found", latest.Version)) + c.log.Error(fmt.Sprintf("A manual update of latest at %s might be needed", latest.JSONPath())) return fmt.Errorf("latest version is %s, but no new latest version was found", latest.Version) } if c.Client.DryRun { - c.Client.Logger.Debug(fmt.Sprintf("Would update latest version from %q to %q", latest.Version, possibleNewLatest.Version)) + c.log.Debug(fmt.Sprintf("Would update latest version from %q to %q", latest.Version, possibleNewLatest.Version)) return nil } - c.Client.Logger.Info(fmt.Sprintf("Updating latest version from %s to %s", latest.Version, possibleNewLatest.Version)) + c.log.Info(fmt.Sprintf("Updating latest version from %s to %s", latest.Version, possibleNewLatest.Version)) if err := c.UpdateVersionLatest(ctx, *possibleNewLatest); err != nil { return fmt.Errorf("updating latest version: %w", err) } diff --git a/internal/config/config.go b/internal/config/config.go index 24849b021..b6533022b 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -1165,7 +1165,7 @@ type AzureTDX struct { // Expected 48 byte hex-encoded MR_SEAM value. MRSeam encoding.HexBytes `json:"mrSeam,omitempty" yaml:"mrSeam,omitempty"` // description: | - // Expected 8 byte hex-encoded XFAM field. + // Expected 8 byte hex-encoded eXtended Features Available Mask (XFAM) field. Defaults to the latest available XFAM on Azure VMs. Unset to disable validation. XFAM AttestationVersion[encoding.HexBytes] `json:"xfam" yaml:"xfam"` // description: | // Intel Root Key certificate used to verify the TDX certificate chain. diff --git a/internal/config/config_doc.go b/internal/config/config_doc.go index f155db5c2..cdca2733f 100644 --- a/internal/config/config_doc.go +++ b/internal/config/config_doc.go @@ -545,22 +545,22 @@ func init() { GCPSEVSNPDoc.Fields[0].Description = "Expected TPM measurements." GCPSEVSNPDoc.Fields[0].Comments[encoder.LineComment] = "Expected TPM measurements." GCPSEVSNPDoc.Fields[1].Name = "bootloaderVersion" - GCPSEVSNPDoc.Fields[1].Type = "AttestationVersion" + GCPSEVSNPDoc.Fields[1].Type = "" GCPSEVSNPDoc.Fields[1].Note = "" GCPSEVSNPDoc.Fields[1].Description = "Lowest acceptable bootloader version." GCPSEVSNPDoc.Fields[1].Comments[encoder.LineComment] = "Lowest acceptable bootloader version." GCPSEVSNPDoc.Fields[2].Name = "teeVersion" - GCPSEVSNPDoc.Fields[2].Type = "AttestationVersion" + GCPSEVSNPDoc.Fields[2].Type = "" GCPSEVSNPDoc.Fields[2].Note = "" GCPSEVSNPDoc.Fields[2].Description = "Lowest acceptable TEE version." GCPSEVSNPDoc.Fields[2].Comments[encoder.LineComment] = "Lowest acceptable TEE version." GCPSEVSNPDoc.Fields[3].Name = "snpVersion" - GCPSEVSNPDoc.Fields[3].Type = "AttestationVersion" + GCPSEVSNPDoc.Fields[3].Type = "" GCPSEVSNPDoc.Fields[3].Note = "" GCPSEVSNPDoc.Fields[3].Description = "Lowest acceptable SEV-SNP version." GCPSEVSNPDoc.Fields[3].Comments[encoder.LineComment] = "Lowest acceptable SEV-SNP version." GCPSEVSNPDoc.Fields[4].Name = "microcodeVersion" - GCPSEVSNPDoc.Fields[4].Type = "AttestationVersion" + GCPSEVSNPDoc.Fields[4].Type = "" GCPSEVSNPDoc.Fields[4].Note = "" GCPSEVSNPDoc.Fields[4].Description = "Lowest acceptable microcode version." GCPSEVSNPDoc.Fields[4].Comments[encoder.LineComment] = "Lowest acceptable microcode version." @@ -623,22 +623,22 @@ func init() { AWSSEVSNPDoc.Fields[0].Description = "Expected TPM measurements." AWSSEVSNPDoc.Fields[0].Comments[encoder.LineComment] = "Expected TPM measurements." AWSSEVSNPDoc.Fields[1].Name = "bootloaderVersion" - AWSSEVSNPDoc.Fields[1].Type = "AttestationVersion" + AWSSEVSNPDoc.Fields[1].Type = "" AWSSEVSNPDoc.Fields[1].Note = "" AWSSEVSNPDoc.Fields[1].Description = "Lowest acceptable bootloader version." AWSSEVSNPDoc.Fields[1].Comments[encoder.LineComment] = "Lowest acceptable bootloader version." AWSSEVSNPDoc.Fields[2].Name = "teeVersion" - AWSSEVSNPDoc.Fields[2].Type = "AttestationVersion" + AWSSEVSNPDoc.Fields[2].Type = "" AWSSEVSNPDoc.Fields[2].Note = "" AWSSEVSNPDoc.Fields[2].Description = "Lowest acceptable TEE version." AWSSEVSNPDoc.Fields[2].Comments[encoder.LineComment] = "Lowest acceptable TEE version." AWSSEVSNPDoc.Fields[3].Name = "snpVersion" - AWSSEVSNPDoc.Fields[3].Type = "AttestationVersion" + AWSSEVSNPDoc.Fields[3].Type = "" AWSSEVSNPDoc.Fields[3].Note = "" AWSSEVSNPDoc.Fields[3].Description = "Lowest acceptable SEV-SNP version." AWSSEVSNPDoc.Fields[3].Comments[encoder.LineComment] = "Lowest acceptable SEV-SNP version." AWSSEVSNPDoc.Fields[4].Name = "microcodeVersion" - AWSSEVSNPDoc.Fields[4].Type = "AttestationVersion" + AWSSEVSNPDoc.Fields[4].Type = "" AWSSEVSNPDoc.Fields[4].Note = "" AWSSEVSNPDoc.Fields[4].Description = "Lowest acceptable microcode version." AWSSEVSNPDoc.Fields[4].Comments[encoder.LineComment] = "Lowest acceptable microcode version." @@ -685,22 +685,22 @@ func init() { AzureSEVSNPDoc.Fields[0].Description = "Expected TPM measurements." AzureSEVSNPDoc.Fields[0].Comments[encoder.LineComment] = "Expected TPM measurements." AzureSEVSNPDoc.Fields[1].Name = "bootloaderVersion" - AzureSEVSNPDoc.Fields[1].Type = "AttestationVersion" + AzureSEVSNPDoc.Fields[1].Type = "" AzureSEVSNPDoc.Fields[1].Note = "" AzureSEVSNPDoc.Fields[1].Description = "Lowest acceptable bootloader version." AzureSEVSNPDoc.Fields[1].Comments[encoder.LineComment] = "Lowest acceptable bootloader version." AzureSEVSNPDoc.Fields[2].Name = "teeVersion" - AzureSEVSNPDoc.Fields[2].Type = "AttestationVersion" + AzureSEVSNPDoc.Fields[2].Type = "" AzureSEVSNPDoc.Fields[2].Note = "" AzureSEVSNPDoc.Fields[2].Description = "Lowest acceptable TEE version." AzureSEVSNPDoc.Fields[2].Comments[encoder.LineComment] = "Lowest acceptable TEE version." AzureSEVSNPDoc.Fields[3].Name = "snpVersion" - AzureSEVSNPDoc.Fields[3].Type = "AttestationVersion" + AzureSEVSNPDoc.Fields[3].Type = "" AzureSEVSNPDoc.Fields[3].Note = "" AzureSEVSNPDoc.Fields[3].Description = "Lowest acceptable SEV-SNP version." AzureSEVSNPDoc.Fields[3].Comments[encoder.LineComment] = "Lowest acceptable SEV-SNP version." AzureSEVSNPDoc.Fields[4].Name = "microcodeVersion" - AzureSEVSNPDoc.Fields[4].Type = "AttestationVersion" + AzureSEVSNPDoc.Fields[4].Type = "" AzureSEVSNPDoc.Fields[4].Note = "" AzureSEVSNPDoc.Fields[4].Description = "Lowest acceptable microcode version." AzureSEVSNPDoc.Fields[4].Comments[encoder.LineComment] = "Lowest acceptable microcode version." @@ -752,22 +752,22 @@ func init() { AzureTDXDoc.Fields[0].Description = "Expected TPM measurements." AzureTDXDoc.Fields[0].Comments[encoder.LineComment] = "Expected TPM measurements." AzureTDXDoc.Fields[1].Name = "qeSVN" - AzureTDXDoc.Fields[1].Type = "uint16" + AzureTDXDoc.Fields[1].Type = "" AzureTDXDoc.Fields[1].Note = "" AzureTDXDoc.Fields[1].Description = "Minimum required QE security version number (SVN)." AzureTDXDoc.Fields[1].Comments[encoder.LineComment] = "Minimum required QE security version number (SVN)." AzureTDXDoc.Fields[2].Name = "pceSVN" - AzureTDXDoc.Fields[2].Type = "uint16" + AzureTDXDoc.Fields[2].Type = "" AzureTDXDoc.Fields[2].Note = "" AzureTDXDoc.Fields[2].Description = "Minimum required PCE security version number (SVN)." AzureTDXDoc.Fields[2].Comments[encoder.LineComment] = "Minimum required PCE security version number (SVN)." AzureTDXDoc.Fields[3].Name = "teeTCBSVN" - AzureTDXDoc.Fields[3].Type = "HexBytes" + AzureTDXDoc.Fields[3].Type = "" AzureTDXDoc.Fields[3].Note = "" AzureTDXDoc.Fields[3].Description = "Component-wise minimum required 16 byte hex-encoded TEE_TCB security version number (SVN)." AzureTDXDoc.Fields[3].Comments[encoder.LineComment] = "Component-wise minimum required 16 byte hex-encoded TEE_TCB security version number (SVN)." AzureTDXDoc.Fields[4].Name = "qeVendorID" - AzureTDXDoc.Fields[4].Type = "HexBytes" + AzureTDXDoc.Fields[4].Type = "" AzureTDXDoc.Fields[4].Note = "" AzureTDXDoc.Fields[4].Description = "Expected 16 byte hex-encoded QE_VENDOR_ID field." AzureTDXDoc.Fields[4].Comments[encoder.LineComment] = "Expected 16 byte hex-encoded QE_VENDOR_ID field." @@ -777,10 +777,10 @@ func init() { AzureTDXDoc.Fields[5].Description = "Expected 48 byte hex-encoded MR_SEAM value." AzureTDXDoc.Fields[5].Comments[encoder.LineComment] = "Expected 48 byte hex-encoded MR_SEAM value." AzureTDXDoc.Fields[6].Name = "xfam" - AzureTDXDoc.Fields[6].Type = "HexBytes" + AzureTDXDoc.Fields[6].Type = "" AzureTDXDoc.Fields[6].Note = "" - AzureTDXDoc.Fields[6].Description = "Expected 8 byte hex-encoded XFAM field." - AzureTDXDoc.Fields[6].Comments[encoder.LineComment] = "Expected 8 byte hex-encoded XFAM field." + AzureTDXDoc.Fields[6].Description = "Expected 8 byte hex-encoded eXtended Features Available Mask (XFAM) field. Defaults to the latest available XFAM on Azure VMs. Unset to disable validation." + AzureTDXDoc.Fields[6].Comments[encoder.LineComment] = "Expected 8 byte hex-encoded eXtended Features Available Mask (XFAM) field. Defaults to the latest available XFAM on Azure VMs. Unset to disable validation." AzureTDXDoc.Fields[7].Name = "intelRootKey" AzureTDXDoc.Fields[7].Type = "Certificate" AzureTDXDoc.Fields[7].Note = "" diff --git a/internal/config/config_test.go b/internal/config/config_test.go index d09ec46c5..5278136ac 100644 --- a/internal/config/config_test.go +++ b/internal/config/config_test.go @@ -1051,8 +1051,8 @@ func getConfigAsMap(conf *Config, t *testing.T) (res configMap) { type stubAttestationFetcher struct{} -func (f stubAttestationFetcher) FetchLatestVersion(_ context.Context, _ variant.Variant) (attestationconfigapi.VersionAPIEntry, error) { - return attestationconfigapi.VersionAPIEntry{ +func (f stubAttestationFetcher) FetchLatestVersion(_ context.Context, _ variant.Variant) (attestationconfigapi.Entry, error) { + return attestationconfigapi.Entry{ SEVSNPVersion: testCfg, }, nil } diff --git a/terraform-provider-constellation/internal/provider/attestation_data_source.go b/terraform-provider-constellation/internal/provider/attestation_data_source.go index cc6e9d5f5..a15ace4a8 100644 --- a/terraform-provider-constellation/internal/provider/attestation_data_source.go +++ b/terraform-provider-constellation/internal/provider/attestation_data_source.go @@ -162,7 +162,7 @@ func (d *AttestationDataSource) Read(ctx context.Context, req datasource.ReadReq insecureFetch := data.Insecure.ValueBool() - latestVersions := attestationconfigapi.VersionAPIEntry{} + latestVersions := attestationconfigapi.Entry{} if attestationVariant.Equal(variant.AWSSEVSNP{}) || attestationVariant.Equal(variant.AzureSEVSNP{}) || attestationVariant.Equal(variant.AzureTDX{}) || diff --git a/terraform-provider-constellation/internal/provider/convert.go b/terraform-provider-constellation/internal/provider/convert.go index 57398fb50..84e4c8832 100644 --- a/terraform-provider-constellation/internal/provider/convert.go +++ b/terraform-provider-constellation/internal/provider/convert.go @@ -138,7 +138,7 @@ func convertFromTfAttestationCfg(tfAttestation attestationAttribute, attestation } // convertToTfAttestationCfg converts the constellation attestation config to the related terraform structs. -func convertToTfAttestation(attVar variant.Variant, latestVersions attestationconfigapi.VersionAPIEntry) (tfAttestation attestationAttribute, err error) { +func convertToTfAttestation(attVar variant.Variant, latestVersions attestationconfigapi.Entry) (tfAttestation attestationAttribute, err error) { tfAttestation = attestationAttribute{ Variant: attVar.String(), } From bdfb74f6cacf05d38780d858fd70ccc99f5e0982 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 27 Jun 2024 09:14:10 +0200 Subject: [PATCH 116/380] deps: update Terraform dependencies (#3200) * deps: update Terraform dependencies * upgrade random provider * deps: tidy all modules --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Adrian Stobbe Co-authored-by: edgelessci --- .github/actions/terraform_apply/action.yml | 2 +- .../vpn/on-prem-terraform/.terraform.lock.hcl | 84 +++++++----- dev-docs/howto/vpn/on-prem-terraform/main.tf | 4 +- .../azure-terraform/.terraform.lock.hcl | 126 ++++++++++-------- .../miniconstellation/azure-terraform/main.tf | 6 +- e2e/miniconstellation/.terraform.lock.hcl | 126 ++++++++++-------- e2e/miniconstellation/main.tf | 6 +- .../examples/full/aws/main.tf | 2 +- .../examples/full/azure/main.tf | 2 +- .../examples/full/gcp/main.tf | 2 +- .../examples/full/stackit/main.tf | 2 +- .../infrastructure/aws/.terraform.lock.hcl | 93 +++++++------ terraform/infrastructure/aws/main.tf | 4 +- .../aws/modules/instance_group/main.tf | 4 +- .../aws/modules/jump_host/main.tf | 2 +- .../aws/modules/load_balancer_target/main.tf | 2 +- .../aws/modules/public_private_subnet/main.tf | 2 +- .../infrastructure/azure/.terraform.lock.hcl | 84 +++++++----- terraform/infrastructure/azure/main.tf | 4 +- .../modules/load_balancer_backend/main.tf | 2 +- .../azure/modules/scale_set/main.tf | 4 +- .../infrastructure/gcp/.terraform.lock.hcl | 126 ++++++++++-------- terraform/infrastructure/gcp/main.tf | 6 +- .../gcp/modules/instance_group/main.tf | 6 +- .../modules/internal_load_balancer/main.tf | 2 +- .../gcp/modules/jump_host/main.tf | 2 +- .../gcp/modules/loadbalancer/main.tf | 2 +- .../iam/aws/.terraform.lock.hcl | 85 ++++++------ terraform/infrastructure/iam/aws/main.tf | 2 +- .../iam/azure/.terraform.lock.hcl | 84 +++++++----- terraform/infrastructure/iam/azure/main.tf | 4 +- .../iam/gcp/.terraform.lock.hcl | 42 +++--- terraform/infrastructure/iam/gcp/main.tf | 2 +- .../openstack/.terraform.lock.hcl | 87 ++++++------ terraform/infrastructure/openstack/main.tf | 4 +- .../modules/stackit_loadbalancer/main.tf | 2 +- .../infrastructure/qemu/.terraform.lock.hcl | 87 ++++++------ terraform/infrastructure/qemu/main.tf | 2 +- .../qemu/modules/instance_group/main.tf | 4 +- 39 files changed, 625 insertions(+), 487 deletions(-) diff --git a/.github/actions/terraform_apply/action.yml b/.github/actions/terraform_apply/action.yml index ef6e92020..5340dae5b 100644 --- a/.github/actions/terraform_apply/action.yml +++ b/.github/actions/terraform_apply/action.yml @@ -45,7 +45,7 @@ runs: } random = { source = "hashicorp/random" - version = "3.6.0" + version = "3.6.2" } } } diff --git a/dev-docs/howto/vpn/on-prem-terraform/.terraform.lock.hcl b/dev-docs/howto/vpn/on-prem-terraform/.terraform.lock.hcl index a11464c43..d093857ef 100644 --- a/dev-docs/howto/vpn/on-prem-terraform/.terraform.lock.hcl +++ b/dev-docs/howto/vpn/on-prem-terraform/.terraform.lock.hcl @@ -2,50 +2,62 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.92.0" - constraints = "3.92.0" + version = "3.109.0" + constraints = "3.109.0" hashes = [ - "h1:+bZPRgjpUA6LivvMIS1UdwRWUgzoYBp/nhEpbL4aXHM=", - "h1:D5lngW1uKlPM2EUCdNG1f2FvPGHYRklDFN8b2jPCIpM=", - "h1:nTP2ZYfuEpMP+PkkgRdhQphNmWWJuKdE9Z4TzeC7ydo=", - "h1:sqVZftg9rJGDiiPiY9l1V/a+5CWkxNcj22sBu8HsJBY=", - "h1:swoRk2drVrD8v7GrW/2OJSk06v2I2zGk3XPAgBDbw9A=", - "zh:04292e149676ba956d738e85faeb6d6ebd3759e8310f1c4155e67402eb5ae0f7", - "zh:0963b4528f25d01d5c733e17de31e2c0b94790fd02931b2a47cd051b20dd0d96", - "zh:133563e16e8a4a7139ac11d94e68de8d1d5e3a62a532e64ac936735d7b1e04db", - "zh:2b219f1b40881d3bdd89257c916f255a7e36904ddc65dbbafee80763661b4636", - "zh:4b4e11a4e3716b290b3b173dfd15b06814b2f6f148f663e3c67a677c95526339", - "zh:5607c7bff3019c3b31488be1a8a9d77a96d27b199a1d8b789e4c2d4c90805674", - "zh:6469aef7728947dacb47785e6082d2d95ebd336a8798f3be6cece5a13145108c", - "zh:69e563f4e6397e1ebaef6f554d296238ec1d9dadc4b865c36743bd8366a888da", - "zh:887a223b7a9ec4e66634dbb65d9dcc53f0be06d058d9a209927ad49702ae790c", - "zh:b03c273367885c5489a24c31859af81ea58cb169431c0da97a175945ec968f53", - "zh:dd7b704ceaf98ce591e111a9c5085465c946f4f8f357089c0e27e990a669ba39", + "h1:/rMaSj3rKkD+jjzRs+awKuz9Cd6pbIpEuR4qYr/5cq0=", + "h1:1nfnYOD5/tzjCgXLCtP0x8rHkSePJvVsIlQn5mKjBOY=", + "h1:D3wf+0k6WoH7L8I1CuyS4WEWKiM6A4RZR3bmERRSSuY=", + "h1:Fk7L51TM48PIqPlmSjja7iiEL0w5mmfOimWfMsthhLU=", + "h1:On2MrclW5OMUV0zubyVHXONYni97C9ubs3rTAwUJ96Q=", + "h1:UDFgKaoVb+ghSl1HibucaspWbY1k3EgvX2GUCW8Yux0=", + "h1:UK+UFYL+ihy81hdglJlcgenxCslOTs9MK+ySRLm4izw=", + "h1:fiXyGhR/RCxjnZhq3iWXkQBS6yFlwZ0/QQMRlrpKAqo=", + "h1:rrySPpbxkcuBtlWs0cIb+vxfDKZd0XMQB7dYhfxuw8U=", + "h1:tb3a5x6HV4YRxyL3VpdTWe1vsKocKi1HT0KFWnF5ZjM=", + "h1:zpYt7my8y0S6Ob47FwE8cv+YiSwQzxKelJiA4Zlof4U=", + "zh:4324c3df26709c7e669b751259cc5e62c4694ab44370dfcdfe197dcd9261c365", + "zh:4e3e83649240cea7105cd2802d0ae64b143fb543c2f559173feae5a108bc4287", + "zh:74ebf6be1277e9bd357b011026b80fc5ec1c26b70ec7ddd5fcae5e977f9a66ef", + "zh:82cfd3c92035f834a05f4b91d813a059a29ff4157792e36a0b3a224cba8737ae", + "zh:93f05c8ae3555c885c84b82781b2e90774671c321138b7f3c38ecd498009e1d8", + "zh:9b445a9a1544b4b38db10fadbd9ffd5efdded0def54feb9ca593e1bec6fbec5f", + "zh:b21ccd2c1bc691cf2f9876482b6e226d8a37a48de951b168a10f96ba929ebefd", + "zh:b7b7e458eb3c22669e1d36e9ef1886272c10f310501001abce8ae76383014fa5", + "zh:bd3c0cf7caab0a989227934bc60a8ac27131efcf84dd77cb6e32e68374170aee", + "zh:f4b9ccbb28eadf3825f6d7d38a3519379de222f136235a2f21a96c0221d65fb8", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f8ef0b4a970ff5edeadfdeed77f9d0682befdca5df4e9b6d9dcfdf9903305b26", ] } provider "registry.terraform.io/hashicorp/random" { - version = "3.6.0" - constraints = "3.6.0" + version = "3.6.2" + constraints = "3.6.2" hashes = [ - "h1:5KeoKSVKVHJW308uiTgslxFbjQAdWzBGUFK68vgMRWY=", - "h1:I8MBeauYA8J8yheLJ8oSMWqB0kovn16dF/wKZ1QTdkk=", - "h1:R5Ucn26riKIEijcsiOMBR3uOAjuOMfI1x7XvH4P6B1w=", - "h1:p6WG1IPHnqx1fnJVKNjv733FBaArIugqy58HRZnpPCk=", - "h1:t0mRdJzegohRKhfdoQEJnv3JRISSezJRblN0HIe67vo=", - "zh:03360ed3ecd31e8c5dac9c95fe0858be50f3e9a0d0c654b5e504109c2159287d", - "zh:1c67ac51254ba2a2bb53a25e8ae7e4d076103483f55f39b426ec55e47d1fe211", - "zh:24a17bba7f6d679538ff51b3a2f378cedadede97af8a1db7dad4fd8d6d50f829", - "zh:30ffb297ffd1633175d6545d37c2217e2cef9545a6e03946e514c59c0859b77d", - "zh:454ce4b3dbc73e6775f2f6605d45cee6e16c3872a2e66a2c97993d6e5cbd7055", + "h1:5lstwe/L8AZS/CP0lil2nPvmbbjAu8kCaU/ogSGNbxk=", + "h1:Gd3WitYIzSYo/Suo+PMxpZpIGpRPrwl0JU0+DhxycFM=", + "h1:J9EOvuE7qCS/S0lqMX6DNqsh/wq2uhwxE2bOpSn0/hc=", + "h1:R5qdQjKzOU16TziCN1vR3Exr/B+8WGK80glLTT4ZCPk=", + "h1:UQlmHGddu39vVzG8kruMsde4GHlG+1S7OLqFApbJvtc=", + "h1:VYBb5/CQ1tPhV92eUsfxSZ4Ta2OCfNggYwE+Qo+yCD0=", + "h1:VavG5unYCa3SYISMKF9pzc3718M0bhPlcbUZZGl7wuo=", + "h1:jke+2u84Hrc7szJKevP1BKFn1o3pfxYhYtity2RPCS8=", + "h1:m/7/S7a6RzGgeRAJJCsDza2kbaNmFpQDDd849RxD2FE=", + "h1:uOP0uuF8PKF98YlLqgtjdHBELJLI4BMOOHYXQMYhdlI=", + "h1:wmG0QFjQ2OfyPy6BB7mQ57WtoZZGGV07uAPQeDmIrAE=", + "zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec", + "zh:1bcd2d8161e89e39886119965ef0f37fcce2da9c1aca34263dd3002ba05fcb53", + "zh:37c75d15e9514556a5f4ed02e1548aaa95c0ecd6ff9af1119ac905144c70c114", + "zh:4210550a767226976bc7e57d988b9ce48f4411fa8a60cd74a6b246baf7589dad", + "zh:562007382520cd4baa7320f35e1370ffe84e46ed4e2071fdc7e4b1a9b1f8ae9b", + "zh:5efb9da90f665e43f22c2e13e0ce48e86cae2d960aaf1abf721b497f32025916", + "zh:6f71257a6b1218d02a573fc9bff0657410404fb2ef23bc66ae8cd968f98d5ff6", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:91df0a9fab329aff2ff4cf26797592eb7a3a90b4a0c04d64ce186654e0cc6e17", - "zh:aa57384b85622a9f7bfb5d4512ca88e61f22a9cea9f30febaa4c98c68ff0dc21", - "zh:c4a3e329ba786ffb6f2b694e1fd41d413a7010f3a53c20b432325a94fa71e839", - "zh:e2699bc9116447f96c53d55f2a00570f982e6f9935038c3810603572693712d0", - "zh:e747c0fd5d7684e5bfad8aa0ca441903f15ae7a98a737ff6aca24ba223207e2c", - "zh:f1ca75f417ce490368f047b63ec09fd003711ae48487fba90b4aba2ccf71920e", + "zh:9647e18f221380a85f2f0ab387c68fdafd58af6193a932417299cdcae4710150", + "zh:bb6297ce412c3c2fa9fec726114e5e0508dd2638cad6a0cb433194930c97a544", + "zh:f83e925ed73ff8a5ef6e3608ad9225baa5376446349572c2449c0c0b3cf184b7", + "zh:fbef0781cb64de76b1df1ca11078aecba7800d82fd4a956302734999cfd9a4af", ] } diff --git a/dev-docs/howto/vpn/on-prem-terraform/main.tf b/dev-docs/howto/vpn/on-prem-terraform/main.tf index 365407d74..b6e8850f5 100644 --- a/dev-docs/howto/vpn/on-prem-terraform/main.tf +++ b/dev-docs/howto/vpn/on-prem-terraform/main.tf @@ -2,11 +2,11 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.92.0" + version = "3.109.0" } random = { source = "hashicorp/random" - version = "3.6.0" + version = "3.6.2" } } } diff --git a/dev-docs/miniconstellation/azure-terraform/.terraform.lock.hcl b/dev-docs/miniconstellation/azure-terraform/.terraform.lock.hcl index b29acb322..44ad1671c 100644 --- a/dev-docs/miniconstellation/azure-terraform/.terraform.lock.hcl +++ b/dev-docs/miniconstellation/azure-terraform/.terraform.lock.hcl @@ -2,74 +2,92 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.92.0" - constraints = "3.92.0" + version = "3.109.0" + constraints = "3.109.0" hashes = [ - "h1:+bZPRgjpUA6LivvMIS1UdwRWUgzoYBp/nhEpbL4aXHM=", - "h1:D5lngW1uKlPM2EUCdNG1f2FvPGHYRklDFN8b2jPCIpM=", - "h1:nTP2ZYfuEpMP+PkkgRdhQphNmWWJuKdE9Z4TzeC7ydo=", - "h1:sqVZftg9rJGDiiPiY9l1V/a+5CWkxNcj22sBu8HsJBY=", - "h1:swoRk2drVrD8v7GrW/2OJSk06v2I2zGk3XPAgBDbw9A=", - "zh:04292e149676ba956d738e85faeb6d6ebd3759e8310f1c4155e67402eb5ae0f7", - "zh:0963b4528f25d01d5c733e17de31e2c0b94790fd02931b2a47cd051b20dd0d96", - "zh:133563e16e8a4a7139ac11d94e68de8d1d5e3a62a532e64ac936735d7b1e04db", - "zh:2b219f1b40881d3bdd89257c916f255a7e36904ddc65dbbafee80763661b4636", - "zh:4b4e11a4e3716b290b3b173dfd15b06814b2f6f148f663e3c67a677c95526339", - "zh:5607c7bff3019c3b31488be1a8a9d77a96d27b199a1d8b789e4c2d4c90805674", - "zh:6469aef7728947dacb47785e6082d2d95ebd336a8798f3be6cece5a13145108c", - "zh:69e563f4e6397e1ebaef6f554d296238ec1d9dadc4b865c36743bd8366a888da", - "zh:887a223b7a9ec4e66634dbb65d9dcc53f0be06d058d9a209927ad49702ae790c", - "zh:b03c273367885c5489a24c31859af81ea58cb169431c0da97a175945ec968f53", - "zh:dd7b704ceaf98ce591e111a9c5085465c946f4f8f357089c0e27e990a669ba39", + "h1:/rMaSj3rKkD+jjzRs+awKuz9Cd6pbIpEuR4qYr/5cq0=", + "h1:1nfnYOD5/tzjCgXLCtP0x8rHkSePJvVsIlQn5mKjBOY=", + "h1:D3wf+0k6WoH7L8I1CuyS4WEWKiM6A4RZR3bmERRSSuY=", + "h1:Fk7L51TM48PIqPlmSjja7iiEL0w5mmfOimWfMsthhLU=", + "h1:On2MrclW5OMUV0zubyVHXONYni97C9ubs3rTAwUJ96Q=", + "h1:UDFgKaoVb+ghSl1HibucaspWbY1k3EgvX2GUCW8Yux0=", + "h1:UK+UFYL+ihy81hdglJlcgenxCslOTs9MK+ySRLm4izw=", + "h1:fiXyGhR/RCxjnZhq3iWXkQBS6yFlwZ0/QQMRlrpKAqo=", + "h1:rrySPpbxkcuBtlWs0cIb+vxfDKZd0XMQB7dYhfxuw8U=", + "h1:tb3a5x6HV4YRxyL3VpdTWe1vsKocKi1HT0KFWnF5ZjM=", + "h1:zpYt7my8y0S6Ob47FwE8cv+YiSwQzxKelJiA4Zlof4U=", + "zh:4324c3df26709c7e669b751259cc5e62c4694ab44370dfcdfe197dcd9261c365", + "zh:4e3e83649240cea7105cd2802d0ae64b143fb543c2f559173feae5a108bc4287", + "zh:74ebf6be1277e9bd357b011026b80fc5ec1c26b70ec7ddd5fcae5e977f9a66ef", + "zh:82cfd3c92035f834a05f4b91d813a059a29ff4157792e36a0b3a224cba8737ae", + "zh:93f05c8ae3555c885c84b82781b2e90774671c321138b7f3c38ecd498009e1d8", + "zh:9b445a9a1544b4b38db10fadbd9ffd5efdded0def54feb9ca593e1bec6fbec5f", + "zh:b21ccd2c1bc691cf2f9876482b6e226d8a37a48de951b168a10f96ba929ebefd", + "zh:b7b7e458eb3c22669e1d36e9ef1886272c10f310501001abce8ae76383014fa5", + "zh:bd3c0cf7caab0a989227934bc60a8ac27131efcf84dd77cb6e32e68374170aee", + "zh:f4b9ccbb28eadf3825f6d7d38a3519379de222f136235a2f21a96c0221d65fb8", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f8ef0b4a970ff5edeadfdeed77f9d0682befdca5df4e9b6d9dcfdf9903305b26", ] } provider "registry.terraform.io/hashicorp/cloudinit" { - version = "2.3.3" - constraints = "2.3.3" + version = "2.3.4" + constraints = "2.3.4" hashes = [ - "h1:6utKe3l0lf4+hw+uVK8XJVNdOmp7tOTcycyFvv1pGAA=", - "h1:GmJ8PxLjjPr+lh02Bw3u7RYqA3UtpE2hQ1T43Vt7PTQ=", - "h1:TCZQjXesJ9qbOZaHjJse/WyOxYQwp7wUX3VNxL/qo1c=", - "h1:U6EC4/cJJ6Df3LztUQ/I4YuljGQQeQ+LdLndAwSSiTs=", - "h1:ZmQ97fIcPW7hj/vynRB4zbtObK0Z/LVJPvCwlNd78zA=", - "zh:0bd6ee14ca5cf0f0c83d3bb965346b1225ccd06a6247e80774aaaf54c729daa7", - "zh:3055ad0dcc98de1d4e45b72c5889ae91b62f4ae4e54dbc56c4821be0fdfbed91", - "zh:32764cfcff0d7379ca8b7dde376ac5551854d454c5881945f1952b785a312fa2", - "zh:55c2a4dc3ebdeaa1dec3a36db96dab253c7fa10b9fe1209862e1ee77a01e0aa1", - "zh:5c71f260ba5674d656d12f67cde3bb494498e6b6b6e66945ef85688f185dcf63", + "h1:+J2rgfJH5B0vyFR0Wfcoyt4SHWfZLDe+WtUMtmZLDeY=", + "h1:/Ty/HXg0Bti5T+Zk6XvhwEHyKGiOV5LzCrbLiekjuLU=", + "h1:S3j8poSaLbaftlKq2STBkQEkZH253ZLaHhBHBifdpBQ=", + "h1:TSeGg71hzb+ahU16viRNFxDVgpC3krXqK9Lm4dg9v3Y=", + "h1:ZJGY2ywdCKnbMMAlyAv0n5cwVpHaicKVheNYbdCkZTw=", + "h1:cVIIhnXweOHavu1uV2bdKScTjLbM1WnKM/25wqYBJWo=", + "h1:iDq03pOzp/UsXya2h+32VOOrvGdJgI9L2/EZJoN9t4A=", + "h1:jTcgflH266LJFwqejIEHndaLn+TwrrYqim3rQmw15qI=", + "h1:mPi6Snl6LCYgO2tMxEs+YMuKw+YQ1MJ3E+uf+f/74yA=", + "h1:pb1C8Lrfp4VnPRm6Uo+jEWbKvqsGunHxDO7pWtc/yRI=", + "h1:qsx0lvgUWVL7D2EvWAuO+WyOO/fVneGD8FG2REcNVhI=", + "zh:09f1f1e1d232da96fbf9513b0fb5263bc2fe9bee85697aa15d40bb93835efbeb", + "zh:381e74b90d7a038c3a8dcdcc2ce8c72d6b86da9f208a27f4b98cabe1a1032773", + "zh:398eb321949e28c4c5f7c52e9b1f922a10d0b2b073b7db04cb69318d24ffc5a9", + "zh:4a425679614a8f0fe440845828794e609b35af17db59134c4f9e56d61e979813", + "zh:4d955d8608ece4984c9f1dacda2a59fdb4ea6b0243872f049b388181aab8c80a", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:9617280a853ec7caedb8beb7864e4b29faf9c850a453283980c28fccef2c493d", - "zh:ac8bda21950f8dddade3e9bc15f7bcfdee743738483be5724169943cafa611f5", - "zh:ba9ab567bbe63dee9197a763b3104ea9217ba27449ed54d3afa6657f412e3496", - "zh:effd1a7e34bae3879c02f03ed3afa979433a518e11de1f8afd35a8710231ac14", - "zh:f021538c86d0ac250d75e59efde6d869bbfff711eb744c8bddce79d2475bf46d", - "zh:f1e3984597948a2103391a26600e177b19f16a5a4c66acee27a4343fb141571f", + "zh:a48fbee1d58d55a1f4c92c2f38c83a37c8b2f2701ed1a3c926cefb0801fa446a", + "zh:b748fe6631b16a1dafd35a09377c3bffa89552af584cf95f47568b6cd31fc241", + "zh:d4b931f7a54603fa4692a2ec6e498b95464babd2be072bed5c7c2e140a280d99", + "zh:f1c9337fcfe3a7be39d179eb7986c22a979cfb2c587c05f1b3b83064f41785c5", + "zh:f58fc57edd1ee3250a28943cd84de3e4b744cdb52df0356a53403fc240240636", + "zh:f5f50de0923ff530b03e1bca0ac697534d61bb3e5fc7f60e13becb62229097a9", ] } provider "registry.terraform.io/hashicorp/random" { - version = "3.6.0" - constraints = "3.6.0" + version = "3.6.2" + constraints = "3.6.2" hashes = [ - "h1:5KeoKSVKVHJW308uiTgslxFbjQAdWzBGUFK68vgMRWY=", - "h1:I8MBeauYA8J8yheLJ8oSMWqB0kovn16dF/wKZ1QTdkk=", - "h1:R5Ucn26riKIEijcsiOMBR3uOAjuOMfI1x7XvH4P6B1w=", - "h1:p6WG1IPHnqx1fnJVKNjv733FBaArIugqy58HRZnpPCk=", - "h1:t0mRdJzegohRKhfdoQEJnv3JRISSezJRblN0HIe67vo=", - "zh:03360ed3ecd31e8c5dac9c95fe0858be50f3e9a0d0c654b5e504109c2159287d", - "zh:1c67ac51254ba2a2bb53a25e8ae7e4d076103483f55f39b426ec55e47d1fe211", - "zh:24a17bba7f6d679538ff51b3a2f378cedadede97af8a1db7dad4fd8d6d50f829", - "zh:30ffb297ffd1633175d6545d37c2217e2cef9545a6e03946e514c59c0859b77d", - "zh:454ce4b3dbc73e6775f2f6605d45cee6e16c3872a2e66a2c97993d6e5cbd7055", + "h1:5lstwe/L8AZS/CP0lil2nPvmbbjAu8kCaU/ogSGNbxk=", + "h1:Gd3WitYIzSYo/Suo+PMxpZpIGpRPrwl0JU0+DhxycFM=", + "h1:J9EOvuE7qCS/S0lqMX6DNqsh/wq2uhwxE2bOpSn0/hc=", + "h1:R5qdQjKzOU16TziCN1vR3Exr/B+8WGK80glLTT4ZCPk=", + "h1:UQlmHGddu39vVzG8kruMsde4GHlG+1S7OLqFApbJvtc=", + "h1:VYBb5/CQ1tPhV92eUsfxSZ4Ta2OCfNggYwE+Qo+yCD0=", + "h1:VavG5unYCa3SYISMKF9pzc3718M0bhPlcbUZZGl7wuo=", + "h1:jke+2u84Hrc7szJKevP1BKFn1o3pfxYhYtity2RPCS8=", + "h1:m/7/S7a6RzGgeRAJJCsDza2kbaNmFpQDDd849RxD2FE=", + "h1:uOP0uuF8PKF98YlLqgtjdHBELJLI4BMOOHYXQMYhdlI=", + "h1:wmG0QFjQ2OfyPy6BB7mQ57WtoZZGGV07uAPQeDmIrAE=", + "zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec", + "zh:1bcd2d8161e89e39886119965ef0f37fcce2da9c1aca34263dd3002ba05fcb53", + "zh:37c75d15e9514556a5f4ed02e1548aaa95c0ecd6ff9af1119ac905144c70c114", + "zh:4210550a767226976bc7e57d988b9ce48f4411fa8a60cd74a6b246baf7589dad", + "zh:562007382520cd4baa7320f35e1370ffe84e46ed4e2071fdc7e4b1a9b1f8ae9b", + "zh:5efb9da90f665e43f22c2e13e0ce48e86cae2d960aaf1abf721b497f32025916", + "zh:6f71257a6b1218d02a573fc9bff0657410404fb2ef23bc66ae8cd968f98d5ff6", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:91df0a9fab329aff2ff4cf26797592eb7a3a90b4a0c04d64ce186654e0cc6e17", - "zh:aa57384b85622a9f7bfb5d4512ca88e61f22a9cea9f30febaa4c98c68ff0dc21", - "zh:c4a3e329ba786ffb6f2b694e1fd41d413a7010f3a53c20b432325a94fa71e839", - "zh:e2699bc9116447f96c53d55f2a00570f982e6f9935038c3810603572693712d0", - "zh:e747c0fd5d7684e5bfad8aa0ca441903f15ae7a98a737ff6aca24ba223207e2c", - "zh:f1ca75f417ce490368f047b63ec09fd003711ae48487fba90b4aba2ccf71920e", + "zh:9647e18f221380a85f2f0ab387c68fdafd58af6193a932417299cdcae4710150", + "zh:bb6297ce412c3c2fa9fec726114e5e0508dd2638cad6a0cb433194930c97a544", + "zh:f83e925ed73ff8a5ef6e3608ad9225baa5376446349572c2449c0c0b3cf184b7", + "zh:fbef0781cb64de76b1df1ca11078aecba7800d82fd4a956302734999cfd9a4af", ] } diff --git a/dev-docs/miniconstellation/azure-terraform/main.tf b/dev-docs/miniconstellation/azure-terraform/main.tf index bc27ec01b..0c728ec0a 100644 --- a/dev-docs/miniconstellation/azure-terraform/main.tf +++ b/dev-docs/miniconstellation/azure-terraform/main.tf @@ -2,11 +2,11 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.92.0" + version = "3.109.0" } random = { source = "hashicorp/random" - version = "3.6.0" + version = "3.6.2" } tls = { source = "hashicorp/tls" @@ -14,7 +14,7 @@ terraform { } cloudinit = { source = "hashicorp/cloudinit" - version = "2.3.3" + version = "2.3.4" } } } diff --git a/e2e/miniconstellation/.terraform.lock.hcl b/e2e/miniconstellation/.terraform.lock.hcl index b29acb322..44ad1671c 100644 --- a/e2e/miniconstellation/.terraform.lock.hcl +++ b/e2e/miniconstellation/.terraform.lock.hcl @@ -2,74 +2,92 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.92.0" - constraints = "3.92.0" + version = "3.109.0" + constraints = "3.109.0" hashes = [ - "h1:+bZPRgjpUA6LivvMIS1UdwRWUgzoYBp/nhEpbL4aXHM=", - "h1:D5lngW1uKlPM2EUCdNG1f2FvPGHYRklDFN8b2jPCIpM=", - "h1:nTP2ZYfuEpMP+PkkgRdhQphNmWWJuKdE9Z4TzeC7ydo=", - "h1:sqVZftg9rJGDiiPiY9l1V/a+5CWkxNcj22sBu8HsJBY=", - "h1:swoRk2drVrD8v7GrW/2OJSk06v2I2zGk3XPAgBDbw9A=", - "zh:04292e149676ba956d738e85faeb6d6ebd3759e8310f1c4155e67402eb5ae0f7", - "zh:0963b4528f25d01d5c733e17de31e2c0b94790fd02931b2a47cd051b20dd0d96", - "zh:133563e16e8a4a7139ac11d94e68de8d1d5e3a62a532e64ac936735d7b1e04db", - "zh:2b219f1b40881d3bdd89257c916f255a7e36904ddc65dbbafee80763661b4636", - "zh:4b4e11a4e3716b290b3b173dfd15b06814b2f6f148f663e3c67a677c95526339", - "zh:5607c7bff3019c3b31488be1a8a9d77a96d27b199a1d8b789e4c2d4c90805674", - "zh:6469aef7728947dacb47785e6082d2d95ebd336a8798f3be6cece5a13145108c", - "zh:69e563f4e6397e1ebaef6f554d296238ec1d9dadc4b865c36743bd8366a888da", - "zh:887a223b7a9ec4e66634dbb65d9dcc53f0be06d058d9a209927ad49702ae790c", - "zh:b03c273367885c5489a24c31859af81ea58cb169431c0da97a175945ec968f53", - "zh:dd7b704ceaf98ce591e111a9c5085465c946f4f8f357089c0e27e990a669ba39", + "h1:/rMaSj3rKkD+jjzRs+awKuz9Cd6pbIpEuR4qYr/5cq0=", + "h1:1nfnYOD5/tzjCgXLCtP0x8rHkSePJvVsIlQn5mKjBOY=", + "h1:D3wf+0k6WoH7L8I1CuyS4WEWKiM6A4RZR3bmERRSSuY=", + "h1:Fk7L51TM48PIqPlmSjja7iiEL0w5mmfOimWfMsthhLU=", + "h1:On2MrclW5OMUV0zubyVHXONYni97C9ubs3rTAwUJ96Q=", + "h1:UDFgKaoVb+ghSl1HibucaspWbY1k3EgvX2GUCW8Yux0=", + "h1:UK+UFYL+ihy81hdglJlcgenxCslOTs9MK+ySRLm4izw=", + "h1:fiXyGhR/RCxjnZhq3iWXkQBS6yFlwZ0/QQMRlrpKAqo=", + "h1:rrySPpbxkcuBtlWs0cIb+vxfDKZd0XMQB7dYhfxuw8U=", + "h1:tb3a5x6HV4YRxyL3VpdTWe1vsKocKi1HT0KFWnF5ZjM=", + "h1:zpYt7my8y0S6Ob47FwE8cv+YiSwQzxKelJiA4Zlof4U=", + "zh:4324c3df26709c7e669b751259cc5e62c4694ab44370dfcdfe197dcd9261c365", + "zh:4e3e83649240cea7105cd2802d0ae64b143fb543c2f559173feae5a108bc4287", + "zh:74ebf6be1277e9bd357b011026b80fc5ec1c26b70ec7ddd5fcae5e977f9a66ef", + "zh:82cfd3c92035f834a05f4b91d813a059a29ff4157792e36a0b3a224cba8737ae", + "zh:93f05c8ae3555c885c84b82781b2e90774671c321138b7f3c38ecd498009e1d8", + "zh:9b445a9a1544b4b38db10fadbd9ffd5efdded0def54feb9ca593e1bec6fbec5f", + "zh:b21ccd2c1bc691cf2f9876482b6e226d8a37a48de951b168a10f96ba929ebefd", + "zh:b7b7e458eb3c22669e1d36e9ef1886272c10f310501001abce8ae76383014fa5", + "zh:bd3c0cf7caab0a989227934bc60a8ac27131efcf84dd77cb6e32e68374170aee", + "zh:f4b9ccbb28eadf3825f6d7d38a3519379de222f136235a2f21a96c0221d65fb8", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f8ef0b4a970ff5edeadfdeed77f9d0682befdca5df4e9b6d9dcfdf9903305b26", ] } provider "registry.terraform.io/hashicorp/cloudinit" { - version = "2.3.3" - constraints = "2.3.3" + version = "2.3.4" + constraints = "2.3.4" hashes = [ - "h1:6utKe3l0lf4+hw+uVK8XJVNdOmp7tOTcycyFvv1pGAA=", - "h1:GmJ8PxLjjPr+lh02Bw3u7RYqA3UtpE2hQ1T43Vt7PTQ=", - "h1:TCZQjXesJ9qbOZaHjJse/WyOxYQwp7wUX3VNxL/qo1c=", - "h1:U6EC4/cJJ6Df3LztUQ/I4YuljGQQeQ+LdLndAwSSiTs=", - "h1:ZmQ97fIcPW7hj/vynRB4zbtObK0Z/LVJPvCwlNd78zA=", - "zh:0bd6ee14ca5cf0f0c83d3bb965346b1225ccd06a6247e80774aaaf54c729daa7", - "zh:3055ad0dcc98de1d4e45b72c5889ae91b62f4ae4e54dbc56c4821be0fdfbed91", - "zh:32764cfcff0d7379ca8b7dde376ac5551854d454c5881945f1952b785a312fa2", - "zh:55c2a4dc3ebdeaa1dec3a36db96dab253c7fa10b9fe1209862e1ee77a01e0aa1", - "zh:5c71f260ba5674d656d12f67cde3bb494498e6b6b6e66945ef85688f185dcf63", + "h1:+J2rgfJH5B0vyFR0Wfcoyt4SHWfZLDe+WtUMtmZLDeY=", + "h1:/Ty/HXg0Bti5T+Zk6XvhwEHyKGiOV5LzCrbLiekjuLU=", + "h1:S3j8poSaLbaftlKq2STBkQEkZH253ZLaHhBHBifdpBQ=", + "h1:TSeGg71hzb+ahU16viRNFxDVgpC3krXqK9Lm4dg9v3Y=", + "h1:ZJGY2ywdCKnbMMAlyAv0n5cwVpHaicKVheNYbdCkZTw=", + "h1:cVIIhnXweOHavu1uV2bdKScTjLbM1WnKM/25wqYBJWo=", + "h1:iDq03pOzp/UsXya2h+32VOOrvGdJgI9L2/EZJoN9t4A=", + "h1:jTcgflH266LJFwqejIEHndaLn+TwrrYqim3rQmw15qI=", + "h1:mPi6Snl6LCYgO2tMxEs+YMuKw+YQ1MJ3E+uf+f/74yA=", + "h1:pb1C8Lrfp4VnPRm6Uo+jEWbKvqsGunHxDO7pWtc/yRI=", + "h1:qsx0lvgUWVL7D2EvWAuO+WyOO/fVneGD8FG2REcNVhI=", + "zh:09f1f1e1d232da96fbf9513b0fb5263bc2fe9bee85697aa15d40bb93835efbeb", + "zh:381e74b90d7a038c3a8dcdcc2ce8c72d6b86da9f208a27f4b98cabe1a1032773", + "zh:398eb321949e28c4c5f7c52e9b1f922a10d0b2b073b7db04cb69318d24ffc5a9", + "zh:4a425679614a8f0fe440845828794e609b35af17db59134c4f9e56d61e979813", + "zh:4d955d8608ece4984c9f1dacda2a59fdb4ea6b0243872f049b388181aab8c80a", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:9617280a853ec7caedb8beb7864e4b29faf9c850a453283980c28fccef2c493d", - "zh:ac8bda21950f8dddade3e9bc15f7bcfdee743738483be5724169943cafa611f5", - "zh:ba9ab567bbe63dee9197a763b3104ea9217ba27449ed54d3afa6657f412e3496", - "zh:effd1a7e34bae3879c02f03ed3afa979433a518e11de1f8afd35a8710231ac14", - "zh:f021538c86d0ac250d75e59efde6d869bbfff711eb744c8bddce79d2475bf46d", - "zh:f1e3984597948a2103391a26600e177b19f16a5a4c66acee27a4343fb141571f", + "zh:a48fbee1d58d55a1f4c92c2f38c83a37c8b2f2701ed1a3c926cefb0801fa446a", + "zh:b748fe6631b16a1dafd35a09377c3bffa89552af584cf95f47568b6cd31fc241", + "zh:d4b931f7a54603fa4692a2ec6e498b95464babd2be072bed5c7c2e140a280d99", + "zh:f1c9337fcfe3a7be39d179eb7986c22a979cfb2c587c05f1b3b83064f41785c5", + "zh:f58fc57edd1ee3250a28943cd84de3e4b744cdb52df0356a53403fc240240636", + "zh:f5f50de0923ff530b03e1bca0ac697534d61bb3e5fc7f60e13becb62229097a9", ] } provider "registry.terraform.io/hashicorp/random" { - version = "3.6.0" - constraints = "3.6.0" + version = "3.6.2" + constraints = "3.6.2" hashes = [ - "h1:5KeoKSVKVHJW308uiTgslxFbjQAdWzBGUFK68vgMRWY=", - "h1:I8MBeauYA8J8yheLJ8oSMWqB0kovn16dF/wKZ1QTdkk=", - "h1:R5Ucn26riKIEijcsiOMBR3uOAjuOMfI1x7XvH4P6B1w=", - "h1:p6WG1IPHnqx1fnJVKNjv733FBaArIugqy58HRZnpPCk=", - "h1:t0mRdJzegohRKhfdoQEJnv3JRISSezJRblN0HIe67vo=", - "zh:03360ed3ecd31e8c5dac9c95fe0858be50f3e9a0d0c654b5e504109c2159287d", - "zh:1c67ac51254ba2a2bb53a25e8ae7e4d076103483f55f39b426ec55e47d1fe211", - "zh:24a17bba7f6d679538ff51b3a2f378cedadede97af8a1db7dad4fd8d6d50f829", - "zh:30ffb297ffd1633175d6545d37c2217e2cef9545a6e03946e514c59c0859b77d", - "zh:454ce4b3dbc73e6775f2f6605d45cee6e16c3872a2e66a2c97993d6e5cbd7055", + "h1:5lstwe/L8AZS/CP0lil2nPvmbbjAu8kCaU/ogSGNbxk=", + "h1:Gd3WitYIzSYo/Suo+PMxpZpIGpRPrwl0JU0+DhxycFM=", + "h1:J9EOvuE7qCS/S0lqMX6DNqsh/wq2uhwxE2bOpSn0/hc=", + "h1:R5qdQjKzOU16TziCN1vR3Exr/B+8WGK80glLTT4ZCPk=", + "h1:UQlmHGddu39vVzG8kruMsde4GHlG+1S7OLqFApbJvtc=", + "h1:VYBb5/CQ1tPhV92eUsfxSZ4Ta2OCfNggYwE+Qo+yCD0=", + "h1:VavG5unYCa3SYISMKF9pzc3718M0bhPlcbUZZGl7wuo=", + "h1:jke+2u84Hrc7szJKevP1BKFn1o3pfxYhYtity2RPCS8=", + "h1:m/7/S7a6RzGgeRAJJCsDza2kbaNmFpQDDd849RxD2FE=", + "h1:uOP0uuF8PKF98YlLqgtjdHBELJLI4BMOOHYXQMYhdlI=", + "h1:wmG0QFjQ2OfyPy6BB7mQ57WtoZZGGV07uAPQeDmIrAE=", + "zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec", + "zh:1bcd2d8161e89e39886119965ef0f37fcce2da9c1aca34263dd3002ba05fcb53", + "zh:37c75d15e9514556a5f4ed02e1548aaa95c0ecd6ff9af1119ac905144c70c114", + "zh:4210550a767226976bc7e57d988b9ce48f4411fa8a60cd74a6b246baf7589dad", + "zh:562007382520cd4baa7320f35e1370ffe84e46ed4e2071fdc7e4b1a9b1f8ae9b", + "zh:5efb9da90f665e43f22c2e13e0ce48e86cae2d960aaf1abf721b497f32025916", + "zh:6f71257a6b1218d02a573fc9bff0657410404fb2ef23bc66ae8cd968f98d5ff6", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:91df0a9fab329aff2ff4cf26797592eb7a3a90b4a0c04d64ce186654e0cc6e17", - "zh:aa57384b85622a9f7bfb5d4512ca88e61f22a9cea9f30febaa4c98c68ff0dc21", - "zh:c4a3e329ba786ffb6f2b694e1fd41d413a7010f3a53c20b432325a94fa71e839", - "zh:e2699bc9116447f96c53d55f2a00570f982e6f9935038c3810603572693712d0", - "zh:e747c0fd5d7684e5bfad8aa0ca441903f15ae7a98a737ff6aca24ba223207e2c", - "zh:f1ca75f417ce490368f047b63ec09fd003711ae48487fba90b4aba2ccf71920e", + "zh:9647e18f221380a85f2f0ab387c68fdafd58af6193a932417299cdcae4710150", + "zh:bb6297ce412c3c2fa9fec726114e5e0508dd2638cad6a0cb433194930c97a544", + "zh:f83e925ed73ff8a5ef6e3608ad9225baa5376446349572c2449c0c0b3cf184b7", + "zh:fbef0781cb64de76b1df1ca11078aecba7800d82fd4a956302734999cfd9a4af", ] } diff --git a/e2e/miniconstellation/main.tf b/e2e/miniconstellation/main.tf index 094a217e2..58287f33e 100644 --- a/e2e/miniconstellation/main.tf +++ b/e2e/miniconstellation/main.tf @@ -2,11 +2,11 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.92.0" + version = "3.109.0" } random = { source = "hashicorp/random" - version = "3.6.0" + version = "3.6.2" } tls = { source = "hashicorp/tls" @@ -14,7 +14,7 @@ terraform { } cloudinit = { source = "hashicorp/cloudinit" - version = "2.3.3" + version = "2.3.4" } } } diff --git a/terraform-provider-constellation/examples/full/aws/main.tf b/terraform-provider-constellation/examples/full/aws/main.tf index 4a467d5e4..b50a014e3 100644 --- a/terraform-provider-constellation/examples/full/aws/main.tf +++ b/terraform-provider-constellation/examples/full/aws/main.tf @@ -6,7 +6,7 @@ terraform { } random = { source = "hashicorp/random" - version = "3.6.0" + version = "3.6.2" } } } diff --git a/terraform-provider-constellation/examples/full/azure/main.tf b/terraform-provider-constellation/examples/full/azure/main.tf index 46a5f8f9b..84237eeb1 100644 --- a/terraform-provider-constellation/examples/full/azure/main.tf +++ b/terraform-provider-constellation/examples/full/azure/main.tf @@ -6,7 +6,7 @@ terraform { } random = { source = "hashicorp/random" - version = "3.6.0" + version = "3.6.2" } } } diff --git a/terraform-provider-constellation/examples/full/gcp/main.tf b/terraform-provider-constellation/examples/full/gcp/main.tf index 1cbbd525c..12913be67 100644 --- a/terraform-provider-constellation/examples/full/gcp/main.tf +++ b/terraform-provider-constellation/examples/full/gcp/main.tf @@ -6,7 +6,7 @@ terraform { } random = { source = "hashicorp/random" - version = "3.6.0" + version = "3.6.2" } } } diff --git a/terraform-provider-constellation/examples/full/stackit/main.tf b/terraform-provider-constellation/examples/full/stackit/main.tf index 22ef92451..5eaa27151 100644 --- a/terraform-provider-constellation/examples/full/stackit/main.tf +++ b/terraform-provider-constellation/examples/full/stackit/main.tf @@ -6,7 +6,7 @@ terraform { } random = { source = "hashicorp/random" - version = "3.6.0" + version = "3.6.2" } } } diff --git a/terraform/infrastructure/aws/.terraform.lock.hcl b/terraform/infrastructure/aws/.terraform.lock.hcl index 32ca13156..ed54a49eb 100644 --- a/terraform/infrastructure/aws/.terraform.lock.hcl +++ b/terraform/infrastructure/aws/.terraform.lock.hcl @@ -2,52 +2,67 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { - version = "5.37.0" - constraints = "5.37.0" + version = "5.55.0" + constraints = "5.55.0" hashes = [ - "h1:6qJfvyWObjLPoUrEC8kNVAJ1ZFFrIgzC1xprMkkoSjo=", - "h1:CQeYyWigNz838zjXKYH9VDkpjqlGB0phcM742YXiNh4=", - "h1:WcdVLFBrCN1lP44ZzCSTR8e8p/4C9BQLAqdszE+jh4M=", - "h1:jy1tY8vUGirfcC9GwSS2Uf01GXcxnNnotvIK/WjI2WI=", - "h1:o6f/hNLxrONTw/QlRbBVctdXNI2aSfrght4wtng6rOU=", - "zh:00f40a3d9593476693a7a72d993fd289f7be374fe3f2799776c6296eb6ff890a", - "zh:1010a9fbf55852a8da3473de4ec0f1fcf29efa85d66f61cbe2b086dbbd7747ae", - "zh:103a5674d1eb1cff05fe35e9baa9875afd18d740868b63f9c0c25eadb5eb4eb7", - "zh:270ac1b7a1327c1456a43df44c0b5cc3e26ed6d8861a709adeea1da684a563f5", - "zh:424362c02c8917c0586f3dd49aca27b7e0c21f5a23374b7045e9be3b5646c028", - "zh:549fa2ea187964ab9a0c354310947ead30e09b3199db1ff377c21d7547d78299", - "zh:6492d2ccc7f7d60e83cd8b7244adc53f30efc17d84b1ffc1b8fd6c385f8255fd", - "zh:66fb7b3b8a357071d26c5996c16d426edf07502a05ac86f4a6f73646ee7d1bbb", - "zh:6ecc05fb466d06ea8945564d2cdb8c2a8827d8cfca1550e9fb7eac0e95920196", - "zh:7932360b627b211dad937d278a8692a6c52bd6c0a71e4ec9e94ccbe825053822", - "zh:97ed1b4a18842c4d56a735329e87b4ef91a47e820e5a5c3c2dd64e293408bfc8", + "h1:3zm88eQrbQHiptPt27WpSr8sJRonvMzeeegFYKZ9/vQ=", + "h1:E6Ax11q2/k3KDz0XfKz+NWvM+MOqKgbnoe5iGI6UpvI=", + "h1:Ecp/Us36Q7cPmM6CJuhVoQpJ8Fr3857u2aY5u90b744=", + "h1:Fm/qcPuwi3JXV+x+6zKHeQwVGDdGkCu+mjdPKY+eBCQ=", + "h1:K/aEWNwFhDOjbU9bmtAUvy84IZCkVZDhNubxm2J8KuU=", + "h1:NHFZsgJpjqVy+n9tt7uV5gWArMkjFzfo7bUdaT90CQk=", + "h1:NHgKROQfH2vdYgpcD046DrCbFLIONgIzj4UeVNdku3w=", + "h1:V3StWoMxIwKEJ61jlwin+0fdGqDFeBBNQqje57B9nqc=", + "h1:bBEd61mviRihR9/r+nsd8Sq3OU+etHQhBcBdOaVix2g=", + "h1:e8vKwGg6c6CsbbHEpnjQE+5luDVcC5qyKZ5Vv/T5Z1U=", + "h1:lpxW8Myr+VNsbe/xiqbsQ6cLXAkGlmgIjjJYLhhQMf4=", + "h1:pbABD0XsrwOxYmctcsGKjwSTEzaGFL2RR164CSf1O+Q=", + "h1:vChl08zNYLVzuSzfxz3wp3wNSx+vjwl/jPuyPbg59Ks=", + "h1:ys4tLt+sbqNUEicl2tO7gWvEZ6QPK4PwEv/mPc31Na0=", + "zh:06fbb1cc4b61b9d6370d391bf7538aa6ef8b60b91c67d125a6be60a70b1d49f0", + "zh:1d52acd2184f379433a0fce2c29d5ed8fc7958d6a9d1b403310dcc36b2a3f626", + "zh:290bbce092f8836a1db530ac86d933cfea27d52b827639974a81bc48dfba8c34", + "zh:3531f2822c2de3ba837381c4ee4816c5b437fd204c07d659526a04d9154a65e8", + "zh:56d70db4c8c6c0ec1b665380b87726275f4ab3665b4b78ac86dc90e1010c0fe3", + "zh:8251d713c0b2c8c51b6858e51c70d083b484342ff9782a88c39e7eaa966c3da2", + "zh:9a7d1f7207e51382a7dd139dfd5786e7e905edf9bf89bbee4b59ad41365e87be", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:d5e022052011e1984b9c2f8bc5a6b05c909e3b5bf40c3baddf191bf90e3169c2", - "zh:d7e9488b2ce5904efb91c8577b3fe9b0cd599c4cd508f1f163f292930f54fdf0", - "zh:e57cd93d5cd81dd0f446076af6e47a53ce83df2947ec64ed39a1090d4bdf8f0b", + "zh:a529c78dfc60063289524690af78794e99a768835b88e27cdfec15bc85439f7c", + "zh:b6da1843355db05c5d412126406fd97db2a6ff9edc166b81c1cea2994535b4eb", + "zh:bfc08cd23b1556b3287d1b28ac7f12c7d459471d97a0592bf2579ea68d11bae7", + "zh:c382088faf05894191636b57861069a21de10a5ff4eb8f7cc122e764ccf7a4a8", + "zh:e27f99f389921314ee428b24990d3a829057ce532b2beb33c69387458722edd9", + "zh:ef11285eedb45ffc3fb2ecdfefa206e64eb2760a87fff15c44dee42de9703436", + "zh:fedc4ebee0d6fe196691127004db5d1ff8bd22e3b667a74026bb92c607589b6c", ] } provider "registry.terraform.io/hashicorp/random" { - version = "3.6.0" - constraints = "3.6.0" + version = "3.6.2" + constraints = "3.6.2" hashes = [ - "h1:5KeoKSVKVHJW308uiTgslxFbjQAdWzBGUFK68vgMRWY=", - "h1:I8MBeauYA8J8yheLJ8oSMWqB0kovn16dF/wKZ1QTdkk=", - "h1:R5Ucn26riKIEijcsiOMBR3uOAjuOMfI1x7XvH4P6B1w=", - "h1:p6WG1IPHnqx1fnJVKNjv733FBaArIugqy58HRZnpPCk=", - "h1:t0mRdJzegohRKhfdoQEJnv3JRISSezJRblN0HIe67vo=", - "zh:03360ed3ecd31e8c5dac9c95fe0858be50f3e9a0d0c654b5e504109c2159287d", - "zh:1c67ac51254ba2a2bb53a25e8ae7e4d076103483f55f39b426ec55e47d1fe211", - "zh:24a17bba7f6d679538ff51b3a2f378cedadede97af8a1db7dad4fd8d6d50f829", - "zh:30ffb297ffd1633175d6545d37c2217e2cef9545a6e03946e514c59c0859b77d", - "zh:454ce4b3dbc73e6775f2f6605d45cee6e16c3872a2e66a2c97993d6e5cbd7055", + "h1:5lstwe/L8AZS/CP0lil2nPvmbbjAu8kCaU/ogSGNbxk=", + "h1:Gd3WitYIzSYo/Suo+PMxpZpIGpRPrwl0JU0+DhxycFM=", + "h1:J9EOvuE7qCS/S0lqMX6DNqsh/wq2uhwxE2bOpSn0/hc=", + "h1:R5qdQjKzOU16TziCN1vR3Exr/B+8WGK80glLTT4ZCPk=", + "h1:UQlmHGddu39vVzG8kruMsde4GHlG+1S7OLqFApbJvtc=", + "h1:VYBb5/CQ1tPhV92eUsfxSZ4Ta2OCfNggYwE+Qo+yCD0=", + "h1:VavG5unYCa3SYISMKF9pzc3718M0bhPlcbUZZGl7wuo=", + "h1:jke+2u84Hrc7szJKevP1BKFn1o3pfxYhYtity2RPCS8=", + "h1:m/7/S7a6RzGgeRAJJCsDza2kbaNmFpQDDd849RxD2FE=", + "h1:uOP0uuF8PKF98YlLqgtjdHBELJLI4BMOOHYXQMYhdlI=", + "h1:wmG0QFjQ2OfyPy6BB7mQ57WtoZZGGV07uAPQeDmIrAE=", + "zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec", + "zh:1bcd2d8161e89e39886119965ef0f37fcce2da9c1aca34263dd3002ba05fcb53", + "zh:37c75d15e9514556a5f4ed02e1548aaa95c0ecd6ff9af1119ac905144c70c114", + "zh:4210550a767226976bc7e57d988b9ce48f4411fa8a60cd74a6b246baf7589dad", + "zh:562007382520cd4baa7320f35e1370ffe84e46ed4e2071fdc7e4b1a9b1f8ae9b", + "zh:5efb9da90f665e43f22c2e13e0ce48e86cae2d960aaf1abf721b497f32025916", + "zh:6f71257a6b1218d02a573fc9bff0657410404fb2ef23bc66ae8cd968f98d5ff6", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:91df0a9fab329aff2ff4cf26797592eb7a3a90b4a0c04d64ce186654e0cc6e17", - "zh:aa57384b85622a9f7bfb5d4512ca88e61f22a9cea9f30febaa4c98c68ff0dc21", - "zh:c4a3e329ba786ffb6f2b694e1fd41d413a7010f3a53c20b432325a94fa71e839", - "zh:e2699bc9116447f96c53d55f2a00570f982e6f9935038c3810603572693712d0", - "zh:e747c0fd5d7684e5bfad8aa0ca441903f15ae7a98a737ff6aca24ba223207e2c", - "zh:f1ca75f417ce490368f047b63ec09fd003711ae48487fba90b4aba2ccf71920e", + "zh:9647e18f221380a85f2f0ab387c68fdafd58af6193a932417299cdcae4710150", + "zh:bb6297ce412c3c2fa9fec726114e5e0508dd2638cad6a0cb433194930c97a544", + "zh:f83e925ed73ff8a5ef6e3608ad9225baa5376446349572c2449c0c0b3cf184b7", + "zh:fbef0781cb64de76b1df1ca11078aecba7800d82fd4a956302734999cfd9a4af", ] } diff --git a/terraform/infrastructure/aws/main.tf b/terraform/infrastructure/aws/main.tf index 53a83ff74..0ec6f7f98 100644 --- a/terraform/infrastructure/aws/main.tf +++ b/terraform/infrastructure/aws/main.tf @@ -2,11 +2,11 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "5.37.0" + version = "5.55.0" } random = { source = "hashicorp/random" - version = "3.6.0" + version = "3.6.2" } } } diff --git a/terraform/infrastructure/aws/modules/instance_group/main.tf b/terraform/infrastructure/aws/modules/instance_group/main.tf index 3a2e92fff..67be53632 100644 --- a/terraform/infrastructure/aws/modules/instance_group/main.tf +++ b/terraform/infrastructure/aws/modules/instance_group/main.tf @@ -2,11 +2,11 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "5.37.0" + version = "5.55.0" } random = { source = "hashicorp/random" - version = "3.6.0" + version = "3.6.2" } } } diff --git a/terraform/infrastructure/aws/modules/jump_host/main.tf b/terraform/infrastructure/aws/modules/jump_host/main.tf index fa388b653..6d53d0064 100644 --- a/terraform/infrastructure/aws/modules/jump_host/main.tf +++ b/terraform/infrastructure/aws/modules/jump_host/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "5.37.0" + version = "5.55.0" } } } diff --git a/terraform/infrastructure/aws/modules/load_balancer_target/main.tf b/terraform/infrastructure/aws/modules/load_balancer_target/main.tf index 56f27beeb..c21b9589d 100644 --- a/terraform/infrastructure/aws/modules/load_balancer_target/main.tf +++ b/terraform/infrastructure/aws/modules/load_balancer_target/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "5.37.0" + version = "5.55.0" } } } diff --git a/terraform/infrastructure/aws/modules/public_private_subnet/main.tf b/terraform/infrastructure/aws/modules/public_private_subnet/main.tf index 222476d76..796981aa2 100644 --- a/terraform/infrastructure/aws/modules/public_private_subnet/main.tf +++ b/terraform/infrastructure/aws/modules/public_private_subnet/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "5.37.0" + version = "5.55.0" } } } diff --git a/terraform/infrastructure/azure/.terraform.lock.hcl b/terraform/infrastructure/azure/.terraform.lock.hcl index a11464c43..d093857ef 100644 --- a/terraform/infrastructure/azure/.terraform.lock.hcl +++ b/terraform/infrastructure/azure/.terraform.lock.hcl @@ -2,50 +2,62 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.92.0" - constraints = "3.92.0" + version = "3.109.0" + constraints = "3.109.0" hashes = [ - "h1:+bZPRgjpUA6LivvMIS1UdwRWUgzoYBp/nhEpbL4aXHM=", - "h1:D5lngW1uKlPM2EUCdNG1f2FvPGHYRklDFN8b2jPCIpM=", - "h1:nTP2ZYfuEpMP+PkkgRdhQphNmWWJuKdE9Z4TzeC7ydo=", - "h1:sqVZftg9rJGDiiPiY9l1V/a+5CWkxNcj22sBu8HsJBY=", - "h1:swoRk2drVrD8v7GrW/2OJSk06v2I2zGk3XPAgBDbw9A=", - "zh:04292e149676ba956d738e85faeb6d6ebd3759e8310f1c4155e67402eb5ae0f7", - "zh:0963b4528f25d01d5c733e17de31e2c0b94790fd02931b2a47cd051b20dd0d96", - "zh:133563e16e8a4a7139ac11d94e68de8d1d5e3a62a532e64ac936735d7b1e04db", - "zh:2b219f1b40881d3bdd89257c916f255a7e36904ddc65dbbafee80763661b4636", - "zh:4b4e11a4e3716b290b3b173dfd15b06814b2f6f148f663e3c67a677c95526339", - "zh:5607c7bff3019c3b31488be1a8a9d77a96d27b199a1d8b789e4c2d4c90805674", - "zh:6469aef7728947dacb47785e6082d2d95ebd336a8798f3be6cece5a13145108c", - "zh:69e563f4e6397e1ebaef6f554d296238ec1d9dadc4b865c36743bd8366a888da", - "zh:887a223b7a9ec4e66634dbb65d9dcc53f0be06d058d9a209927ad49702ae790c", - "zh:b03c273367885c5489a24c31859af81ea58cb169431c0da97a175945ec968f53", - "zh:dd7b704ceaf98ce591e111a9c5085465c946f4f8f357089c0e27e990a669ba39", + "h1:/rMaSj3rKkD+jjzRs+awKuz9Cd6pbIpEuR4qYr/5cq0=", + "h1:1nfnYOD5/tzjCgXLCtP0x8rHkSePJvVsIlQn5mKjBOY=", + "h1:D3wf+0k6WoH7L8I1CuyS4WEWKiM6A4RZR3bmERRSSuY=", + "h1:Fk7L51TM48PIqPlmSjja7iiEL0w5mmfOimWfMsthhLU=", + "h1:On2MrclW5OMUV0zubyVHXONYni97C9ubs3rTAwUJ96Q=", + "h1:UDFgKaoVb+ghSl1HibucaspWbY1k3EgvX2GUCW8Yux0=", + "h1:UK+UFYL+ihy81hdglJlcgenxCslOTs9MK+ySRLm4izw=", + "h1:fiXyGhR/RCxjnZhq3iWXkQBS6yFlwZ0/QQMRlrpKAqo=", + "h1:rrySPpbxkcuBtlWs0cIb+vxfDKZd0XMQB7dYhfxuw8U=", + "h1:tb3a5x6HV4YRxyL3VpdTWe1vsKocKi1HT0KFWnF5ZjM=", + "h1:zpYt7my8y0S6Ob47FwE8cv+YiSwQzxKelJiA4Zlof4U=", + "zh:4324c3df26709c7e669b751259cc5e62c4694ab44370dfcdfe197dcd9261c365", + "zh:4e3e83649240cea7105cd2802d0ae64b143fb543c2f559173feae5a108bc4287", + "zh:74ebf6be1277e9bd357b011026b80fc5ec1c26b70ec7ddd5fcae5e977f9a66ef", + "zh:82cfd3c92035f834a05f4b91d813a059a29ff4157792e36a0b3a224cba8737ae", + "zh:93f05c8ae3555c885c84b82781b2e90774671c321138b7f3c38ecd498009e1d8", + "zh:9b445a9a1544b4b38db10fadbd9ffd5efdded0def54feb9ca593e1bec6fbec5f", + "zh:b21ccd2c1bc691cf2f9876482b6e226d8a37a48de951b168a10f96ba929ebefd", + "zh:b7b7e458eb3c22669e1d36e9ef1886272c10f310501001abce8ae76383014fa5", + "zh:bd3c0cf7caab0a989227934bc60a8ac27131efcf84dd77cb6e32e68374170aee", + "zh:f4b9ccbb28eadf3825f6d7d38a3519379de222f136235a2f21a96c0221d65fb8", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f8ef0b4a970ff5edeadfdeed77f9d0682befdca5df4e9b6d9dcfdf9903305b26", ] } provider "registry.terraform.io/hashicorp/random" { - version = "3.6.0" - constraints = "3.6.0" + version = "3.6.2" + constraints = "3.6.2" hashes = [ - "h1:5KeoKSVKVHJW308uiTgslxFbjQAdWzBGUFK68vgMRWY=", - "h1:I8MBeauYA8J8yheLJ8oSMWqB0kovn16dF/wKZ1QTdkk=", - "h1:R5Ucn26riKIEijcsiOMBR3uOAjuOMfI1x7XvH4P6B1w=", - "h1:p6WG1IPHnqx1fnJVKNjv733FBaArIugqy58HRZnpPCk=", - "h1:t0mRdJzegohRKhfdoQEJnv3JRISSezJRblN0HIe67vo=", - "zh:03360ed3ecd31e8c5dac9c95fe0858be50f3e9a0d0c654b5e504109c2159287d", - "zh:1c67ac51254ba2a2bb53a25e8ae7e4d076103483f55f39b426ec55e47d1fe211", - "zh:24a17bba7f6d679538ff51b3a2f378cedadede97af8a1db7dad4fd8d6d50f829", - "zh:30ffb297ffd1633175d6545d37c2217e2cef9545a6e03946e514c59c0859b77d", - "zh:454ce4b3dbc73e6775f2f6605d45cee6e16c3872a2e66a2c97993d6e5cbd7055", + "h1:5lstwe/L8AZS/CP0lil2nPvmbbjAu8kCaU/ogSGNbxk=", + "h1:Gd3WitYIzSYo/Suo+PMxpZpIGpRPrwl0JU0+DhxycFM=", + "h1:J9EOvuE7qCS/S0lqMX6DNqsh/wq2uhwxE2bOpSn0/hc=", + "h1:R5qdQjKzOU16TziCN1vR3Exr/B+8WGK80glLTT4ZCPk=", + "h1:UQlmHGddu39vVzG8kruMsde4GHlG+1S7OLqFApbJvtc=", + "h1:VYBb5/CQ1tPhV92eUsfxSZ4Ta2OCfNggYwE+Qo+yCD0=", + "h1:VavG5unYCa3SYISMKF9pzc3718M0bhPlcbUZZGl7wuo=", + "h1:jke+2u84Hrc7szJKevP1BKFn1o3pfxYhYtity2RPCS8=", + "h1:m/7/S7a6RzGgeRAJJCsDza2kbaNmFpQDDd849RxD2FE=", + "h1:uOP0uuF8PKF98YlLqgtjdHBELJLI4BMOOHYXQMYhdlI=", + "h1:wmG0QFjQ2OfyPy6BB7mQ57WtoZZGGV07uAPQeDmIrAE=", + "zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec", + "zh:1bcd2d8161e89e39886119965ef0f37fcce2da9c1aca34263dd3002ba05fcb53", + "zh:37c75d15e9514556a5f4ed02e1548aaa95c0ecd6ff9af1119ac905144c70c114", + "zh:4210550a767226976bc7e57d988b9ce48f4411fa8a60cd74a6b246baf7589dad", + "zh:562007382520cd4baa7320f35e1370ffe84e46ed4e2071fdc7e4b1a9b1f8ae9b", + "zh:5efb9da90f665e43f22c2e13e0ce48e86cae2d960aaf1abf721b497f32025916", + "zh:6f71257a6b1218d02a573fc9bff0657410404fb2ef23bc66ae8cd968f98d5ff6", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:91df0a9fab329aff2ff4cf26797592eb7a3a90b4a0c04d64ce186654e0cc6e17", - "zh:aa57384b85622a9f7bfb5d4512ca88e61f22a9cea9f30febaa4c98c68ff0dc21", - "zh:c4a3e329ba786ffb6f2b694e1fd41d413a7010f3a53c20b432325a94fa71e839", - "zh:e2699bc9116447f96c53d55f2a00570f982e6f9935038c3810603572693712d0", - "zh:e747c0fd5d7684e5bfad8aa0ca441903f15ae7a98a737ff6aca24ba223207e2c", - "zh:f1ca75f417ce490368f047b63ec09fd003711ae48487fba90b4aba2ccf71920e", + "zh:9647e18f221380a85f2f0ab387c68fdafd58af6193a932417299cdcae4710150", + "zh:bb6297ce412c3c2fa9fec726114e5e0508dd2638cad6a0cb433194930c97a544", + "zh:f83e925ed73ff8a5ef6e3608ad9225baa5376446349572c2449c0c0b3cf184b7", + "zh:fbef0781cb64de76b1df1ca11078aecba7800d82fd4a956302734999cfd9a4af", ] } diff --git a/terraform/infrastructure/azure/main.tf b/terraform/infrastructure/azure/main.tf index 259bd2b3d..31fdbe9dd 100644 --- a/terraform/infrastructure/azure/main.tf +++ b/terraform/infrastructure/azure/main.tf @@ -2,11 +2,11 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.92.0" + version = "3.109.0" } random = { source = "hashicorp/random" - version = "3.6.0" + version = "3.6.2" } } } diff --git a/terraform/infrastructure/azure/modules/load_balancer_backend/main.tf b/terraform/infrastructure/azure/modules/load_balancer_backend/main.tf index c82917824..177d08fef 100644 --- a/terraform/infrastructure/azure/modules/load_balancer_backend/main.tf +++ b/terraform/infrastructure/azure/modules/load_balancer_backend/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.92.0" + version = "3.109.0" } } } diff --git a/terraform/infrastructure/azure/modules/scale_set/main.tf b/terraform/infrastructure/azure/modules/scale_set/main.tf index 5f95a4380..a02762e74 100644 --- a/terraform/infrastructure/azure/modules/scale_set/main.tf +++ b/terraform/infrastructure/azure/modules/scale_set/main.tf @@ -2,11 +2,11 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.92.0" + version = "3.109.0" } random = { source = "hashicorp/random" - version = "3.6.0" + version = "3.6.2" } } } diff --git a/terraform/infrastructure/gcp/.terraform.lock.hcl b/terraform/infrastructure/gcp/.terraform.lock.hcl index 557993381..025f4fc45 100644 --- a/terraform/infrastructure/gcp/.terraform.lock.hcl +++ b/terraform/infrastructure/gcp/.terraform.lock.hcl @@ -2,73 +2,91 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/google" { - version = "5.23.0" - constraints = "5.23.0" + version = "5.34.0" + constraints = "5.34.0" hashes = [ - "h1:2VJTKCZWQ1DaNwclFxSo27avsYwWgq/itwLZ3xKyl/o=", - "h1:4evtipODvV5s86gihS+jyk1cSW1xLn22jy8Ox8zzhAs=", - "h1:BD+iQfFcZ0OeaZI2JWDp2sLqSr+DfZtWy4yo1OVMnTI=", - "h1:my3kqg4hIpWLu2WwRewOFxBS+FXfkAIiw8xTYVPNS9M=", - "h1:xpm8QPNp2soGqIEnf4SNoZaTlQ/SbNH63BooJkSbgX0=", - "zh:18eaaa51a8b30fed61c73799b8716a9bd08ccd382bc395c63e45b9a52ed8b300", - "zh:20c71acf091a282db88473ec6f0a684ac59891713c49b2ff1cb35c1539da3121", - "zh:2e3e9ae1d3b045dcaa39053f4d1d066fa17e5b81f4ed7a5e57cc4e6e1e651900", - "zh:531d1552f251c5a0176543defa95c2cc259fc8b9359ef6fd3df404dcead555a0", - "zh:67a7800023fa09a7d87ac02231364988749663e37e2906aa89c70eecc5955ccf", - "zh:6a8076b59d2766a05ffe521cc115f3e8df7cd2ee4c6d60de4ee4636f47714f2e", - "zh:7b39fe720bb7a1f35cd0e4dfeff617338342fc2d16bb22274b42c080ff633140", - "zh:b181e04c32aa53ad78eaf6f2746ec5fd94977187ba7314ae8e9815ef6ea56532", - "zh:bf605be2f8942d5cabb8755ff0d18f243b53f1148f5f32db762667cf64bfa949", - "zh:e981988558310df5d94e56adaa76f7444d991357fe9600c46eb70fa61f4a1394", + "h1:7qETDYPpCPdi5LUEZTp+0T8xQxB48NEAShOQUKeRp6o=", + "h1:ALLNXSm0UWenGas2DL42FJDPIuyvxQAxD6EPtbLISFg=", + "h1:NsFcg40bkNRqt/A63I3VZJDH2zMbwgI4DmjqnZaQof0=", + "h1:S1WiA/Q04V+eD8ZPOj/GRkrHxdq3VbR59z+RhpbgEjs=", + "h1:ebx2A1dmlfIC2P4KwSopjSX8ul1rPpyW1YFmco3rJpY=", + "h1:ed7dedVq0ZYcIImS/+VXT5X5wYtEEgc6tiR2c3jKUhA=", + "h1:fi9xftzKft61lt4vI0oXgzEwpLtMW4D3S3/T63SsO7w=", + "h1:kDZ8ZLPGHTWzOoU6BHd3DmIgOXLuCZxX4i5lK6xdjPs=", + "h1:rTnarO24IRuRxU/iCjFhT6H6UFq+cEEk6qLOj8ZvTtU=", + "h1:t48NNfGkdHByEWWiKx6GtlZPlzEB1Dha3cq44Uidev0=", + "h1:wjyLpE+DlZ3bCD/A973p2apWr0xdwDsTiW75WJA00j8=", + "zh:143c88bb74631041c291ebf7b6213467bf376d3775a33815785939dc102fac09", + "zh:1616ac79345f472b33fcc388eaf4a8a3002e4cc3a5e8748d60d6f4786d0d16dc", + "zh:554ce78e73349ac2c893a74b6981f5e55169ca16f4d0f239e6ccdecadbe1c9e1", + "zh:8022f97aa907685b2eb6c39d5411cf2be2448c6f3b7fbeaf9c06618d376ac4bc", + "zh:85f1fe3628954c35379cc05b895091ec8fe8ba0a5610bc9660492d5be65d4902", + "zh:873fb64fca79695aa930cd868b41ac498809eb76bc3292e41460d916c6fa3538", + "zh:8d3c5112a4abf14b42d769f78373e66f2c2f5f03a7e6544d80019a695bd9b198", + "zh:93cbcfa38991965b976d1973bc528d666006b5247c3fda00c714d0f3a2b62d3e", + "zh:b7710246637aee522a4ea4c1b4f0effb83b701546124ae90c8b4afb97ce03aba", + "zh:e4e02fe946ccbe192b6bbc6bed5715cf68084f1faadc134ed99d5e732429d2ca", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f663776d79e7e5d131b4fbd68c152f2bef3e899a19c9baabe3a441e3f5e809ea", + "zh:fb6b1e4fb2d019d2740aa21b5ecd5f0609f562633a78604a96c14c94aff762b4", ] } provider "registry.terraform.io/hashicorp/google-beta" { - version = "5.23.0" - constraints = "5.23.0" + version = "5.34.0" + constraints = "5.34.0" hashes = [ - "h1:EGIz78npj995XQdJyKRqgiCqFrcfDPXJwVrVw3PFGE0=", - "h1:cxF5B8zWRmTStRAY5o+A3iIFtsiKN0NNr72YTtKSSJw=", - "h1:irFKUONsaAiMFJPCyViRAuIWH/aRUKjEzL5mwzSMMRY=", - "h1:kiwwYe7qrzmxT5L/T6kuWMSqSR5THlGybmZ17hxpPI4=", - "h1:lvEvKrY8nPjumNwHxRmSXxmWnlq5bLq2CUq4FrUQDdM=", - "zh:074f276975ffc873d8f9848d54073ef8320428828611d803c82b7c2559c696fb", - "zh:12bc0f45071b1af5d4c2beddd1ad54c3d91f246c04a41d51570fed2f56d4e7f2", - "zh:2310eac5e8a0286d11a830f33b9d7b93804a02abb63874d8ff9f08b11cc015ed", - "zh:43d70d5a760afd0b4d7d21a852ea4b507c6a6673a2ecd135b6991097bae723ce", - "zh:44d0fb42b80504497c0983f34135c7619a7f7dcd22ed7ef3c916c4d444ee73d5", - "zh:663d82298c96decffc9617183d3d1d5b36fa4aa3e7922897cbed2ca7766c7609", - "zh:9b81cc5347409b8f99fbc5ac289e0f2c82a4904615919001555303621791729f", - "zh:bc532772de1286cc931b6f672044f71d6be66a9ea81961c38b544495c9d6d765", - "zh:c6d1c975bc55a1bd3729daa5bbb7153ae664e2086ed1acf8781581f547b1dce9", - "zh:caaa3ebbdcc74205622f3cd3544860989295fba63a62c1e74f5f5161bdf81d53", - "zh:e71df7cf923bf5a8b11ddce562266904505d5dd3eb25d3797bdb308940ad5890", + "h1:08e6reS//101sFAQCEPWg+eImpE4JeBktf4nNt8pEzg=", + "h1:7jfNNGpyW8TZ3BQ3uu8Nz20fhaPJuSwgciW1bVcg15Y=", + "h1:8c3ZwHiUYaOi6aFeWxL4Q8zb5Tm+5+YZoiueii7p2/o=", + "h1:EvMp8vg/dsqYk3hNqWaVHmN82ACqf2JDvOSiq3IaNOA=", + "h1:HIgDlZlb6fzgCHh/NZQW9byVzN11Mt6T0Ay0TDW87Sg=", + "h1:O9+a0swOhbfVeh9W+M/+aP+STJJFDCkgloMfylrhd4M=", + "h1:Ov+9j7tTby3o/DauvUObHvyHr3RS7pfQ9doWmCfwYwk=", + "h1:RrsRyCX6kbm6iR3r7fWPw+Y6LlpLF7zLpxUCPvTJ6sk=", + "h1:c4Wu49Y1XataOD8PwaXNka/FA382yhClzCnJn3S0sd0=", + "h1:fzhtxfHkkiNmt4TBS7Cq0xydvcIjM5eO85+OoeDYNU4=", + "h1:njwjNG5bavvKC8WndmHIR7t5asSbpcN8y48WGeuw08I=", + "zh:01619cfe684471dc88d470cf157f7adc659a2f6849346d6be2a71efe1cbd0250", + "zh:1b6b2401862aaaf08819cf83b27a147957f0bcc1821a3b94a438788760cb65ad", + "zh:30d3fbaa204dd1d197d01ed5385a5d325fd8d313a5fdcf7cdd80209f1740247f", + "zh:461d084c0a0590785134218d57df39f34863a8977e4e925585eea085c86c97b5", + "zh:534bc4652861bdcbe0451673269d326477781d70a9f03cae3b780d574f29f841", + "zh:6e8abcd37a9609b05aab3529ccc3414b6d1258b124e58754b62f28fd4f3877a7", + "zh:838a31873ce35e40e52ba0513aec5ff519159e99459829f0ea590eb62714801a", + "zh:9387550c9e45e68c7ac5d6839a8f88e8e525ebf81a4c76847f7c05f13bf5dc19", + "zh:997ac33e5d72f0aecfddd5235ba4dbe82b5bbaf811b801849e419942e204a12b", + "zh:a66fbccde0dd854f764bf247576eaea4898966b6814db232fa45e789dc2ca014", + "zh:d60efed82a54ff41a8f2380f83fefd9477616f49296e349b5a41fccb558fde08", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } provider "registry.terraform.io/hashicorp/random" { - version = "3.6.0" - constraints = "3.6.0" + version = "3.6.2" + constraints = "3.6.2" hashes = [ - "h1:5KeoKSVKVHJW308uiTgslxFbjQAdWzBGUFK68vgMRWY=", - "h1:I8MBeauYA8J8yheLJ8oSMWqB0kovn16dF/wKZ1QTdkk=", - "h1:R5Ucn26riKIEijcsiOMBR3uOAjuOMfI1x7XvH4P6B1w=", - "h1:p6WG1IPHnqx1fnJVKNjv733FBaArIugqy58HRZnpPCk=", - "h1:t0mRdJzegohRKhfdoQEJnv3JRISSezJRblN0HIe67vo=", - "zh:03360ed3ecd31e8c5dac9c95fe0858be50f3e9a0d0c654b5e504109c2159287d", - "zh:1c67ac51254ba2a2bb53a25e8ae7e4d076103483f55f39b426ec55e47d1fe211", - "zh:24a17bba7f6d679538ff51b3a2f378cedadede97af8a1db7dad4fd8d6d50f829", - "zh:30ffb297ffd1633175d6545d37c2217e2cef9545a6e03946e514c59c0859b77d", - "zh:454ce4b3dbc73e6775f2f6605d45cee6e16c3872a2e66a2c97993d6e5cbd7055", + "h1:5lstwe/L8AZS/CP0lil2nPvmbbjAu8kCaU/ogSGNbxk=", + "h1:Gd3WitYIzSYo/Suo+PMxpZpIGpRPrwl0JU0+DhxycFM=", + "h1:J9EOvuE7qCS/S0lqMX6DNqsh/wq2uhwxE2bOpSn0/hc=", + "h1:R5qdQjKzOU16TziCN1vR3Exr/B+8WGK80glLTT4ZCPk=", + "h1:UQlmHGddu39vVzG8kruMsde4GHlG+1S7OLqFApbJvtc=", + "h1:VYBb5/CQ1tPhV92eUsfxSZ4Ta2OCfNggYwE+Qo+yCD0=", + "h1:VavG5unYCa3SYISMKF9pzc3718M0bhPlcbUZZGl7wuo=", + "h1:jke+2u84Hrc7szJKevP1BKFn1o3pfxYhYtity2RPCS8=", + "h1:m/7/S7a6RzGgeRAJJCsDza2kbaNmFpQDDd849RxD2FE=", + "h1:uOP0uuF8PKF98YlLqgtjdHBELJLI4BMOOHYXQMYhdlI=", + "h1:wmG0QFjQ2OfyPy6BB7mQ57WtoZZGGV07uAPQeDmIrAE=", + "zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec", + "zh:1bcd2d8161e89e39886119965ef0f37fcce2da9c1aca34263dd3002ba05fcb53", + "zh:37c75d15e9514556a5f4ed02e1548aaa95c0ecd6ff9af1119ac905144c70c114", + "zh:4210550a767226976bc7e57d988b9ce48f4411fa8a60cd74a6b246baf7589dad", + "zh:562007382520cd4baa7320f35e1370ffe84e46ed4e2071fdc7e4b1a9b1f8ae9b", + "zh:5efb9da90f665e43f22c2e13e0ce48e86cae2d960aaf1abf721b497f32025916", + "zh:6f71257a6b1218d02a573fc9bff0657410404fb2ef23bc66ae8cd968f98d5ff6", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:91df0a9fab329aff2ff4cf26797592eb7a3a90b4a0c04d64ce186654e0cc6e17", - "zh:aa57384b85622a9f7bfb5d4512ca88e61f22a9cea9f30febaa4c98c68ff0dc21", - "zh:c4a3e329ba786ffb6f2b694e1fd41d413a7010f3a53c20b432325a94fa71e839", - "zh:e2699bc9116447f96c53d55f2a00570f982e6f9935038c3810603572693712d0", - "zh:e747c0fd5d7684e5bfad8aa0ca441903f15ae7a98a737ff6aca24ba223207e2c", - "zh:f1ca75f417ce490368f047b63ec09fd003711ae48487fba90b4aba2ccf71920e", + "zh:9647e18f221380a85f2f0ab387c68fdafd58af6193a932417299cdcae4710150", + "zh:bb6297ce412c3c2fa9fec726114e5e0508dd2638cad6a0cb433194930c97a544", + "zh:f83e925ed73ff8a5ef6e3608ad9225baa5376446349572c2449c0c0b3cf184b7", + "zh:fbef0781cb64de76b1df1ca11078aecba7800d82fd4a956302734999cfd9a4af", ] } diff --git a/terraform/infrastructure/gcp/main.tf b/terraform/infrastructure/gcp/main.tf index 30935f66d..2d961c7e8 100644 --- a/terraform/infrastructure/gcp/main.tf +++ b/terraform/infrastructure/gcp/main.tf @@ -2,17 +2,17 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = "5.23.0" + version = "5.34.0" } google-beta = { source = "hashicorp/google-beta" - version = "5.23.0" + version = "5.34.0" } random = { source = "hashicorp/random" - version = "3.6.0" + version = "3.6.2" } } } diff --git a/terraform/infrastructure/gcp/modules/instance_group/main.tf b/terraform/infrastructure/gcp/modules/instance_group/main.tf index 1da265319..bd52df53a 100644 --- a/terraform/infrastructure/gcp/modules/instance_group/main.tf +++ b/terraform/infrastructure/gcp/modules/instance_group/main.tf @@ -2,17 +2,17 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = "5.23.0" + version = "5.34.0" } google-beta = { source = "hashicorp/google-beta" - version = "5.23.0" + version = "5.34.0" } random = { source = "hashicorp/random" - version = "3.6.0" + version = "3.6.2" } } } diff --git a/terraform/infrastructure/gcp/modules/internal_load_balancer/main.tf b/terraform/infrastructure/gcp/modules/internal_load_balancer/main.tf index 263ee12a3..f0e725039 100644 --- a/terraform/infrastructure/gcp/modules/internal_load_balancer/main.tf +++ b/terraform/infrastructure/gcp/modules/internal_load_balancer/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = "5.23.0" + version = "5.34.0" } } } diff --git a/terraform/infrastructure/gcp/modules/jump_host/main.tf b/terraform/infrastructure/gcp/modules/jump_host/main.tf index c1929792b..be7708248 100644 --- a/terraform/infrastructure/gcp/modules/jump_host/main.tf +++ b/terraform/infrastructure/gcp/modules/jump_host/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = "5.23.0" + version = "5.34.0" } } } diff --git a/terraform/infrastructure/gcp/modules/loadbalancer/main.tf b/terraform/infrastructure/gcp/modules/loadbalancer/main.tf index 5c7bab447..e1cde0af8 100644 --- a/terraform/infrastructure/gcp/modules/loadbalancer/main.tf +++ b/terraform/infrastructure/gcp/modules/loadbalancer/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = "5.23.0" + version = "5.34.0" } } } diff --git a/terraform/infrastructure/iam/aws/.terraform.lock.hcl b/terraform/infrastructure/iam/aws/.terraform.lock.hcl index afd0d6215..daf5d1b3e 100644 --- a/terraform/infrastructure/iam/aws/.terraform.lock.hcl +++ b/terraform/infrastructure/iam/aws/.terraform.lock.hcl @@ -2,51 +2,60 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { - version = "5.37.0" - constraints = "5.37.0" + version = "5.55.0" + constraints = "5.55.0" hashes = [ - "h1:6qJfvyWObjLPoUrEC8kNVAJ1ZFFrIgzC1xprMkkoSjo=", - "h1:CQeYyWigNz838zjXKYH9VDkpjqlGB0phcM742YXiNh4=", - "h1:WcdVLFBrCN1lP44ZzCSTR8e8p/4C9BQLAqdszE+jh4M=", - "h1:jy1tY8vUGirfcC9GwSS2Uf01GXcxnNnotvIK/WjI2WI=", - "h1:o6f/hNLxrONTw/QlRbBVctdXNI2aSfrght4wtng6rOU=", - "zh:00f40a3d9593476693a7a72d993fd289f7be374fe3f2799776c6296eb6ff890a", - "zh:1010a9fbf55852a8da3473de4ec0f1fcf29efa85d66f61cbe2b086dbbd7747ae", - "zh:103a5674d1eb1cff05fe35e9baa9875afd18d740868b63f9c0c25eadb5eb4eb7", - "zh:270ac1b7a1327c1456a43df44c0b5cc3e26ed6d8861a709adeea1da684a563f5", - "zh:424362c02c8917c0586f3dd49aca27b7e0c21f5a23374b7045e9be3b5646c028", - "zh:549fa2ea187964ab9a0c354310947ead30e09b3199db1ff377c21d7547d78299", - "zh:6492d2ccc7f7d60e83cd8b7244adc53f30efc17d84b1ffc1b8fd6c385f8255fd", - "zh:66fb7b3b8a357071d26c5996c16d426edf07502a05ac86f4a6f73646ee7d1bbb", - "zh:6ecc05fb466d06ea8945564d2cdb8c2a8827d8cfca1550e9fb7eac0e95920196", - "zh:7932360b627b211dad937d278a8692a6c52bd6c0a71e4ec9e94ccbe825053822", - "zh:97ed1b4a18842c4d56a735329e87b4ef91a47e820e5a5c3c2dd64e293408bfc8", + "h1:3zm88eQrbQHiptPt27WpSr8sJRonvMzeeegFYKZ9/vQ=", + "h1:E6Ax11q2/k3KDz0XfKz+NWvM+MOqKgbnoe5iGI6UpvI=", + "h1:Ecp/Us36Q7cPmM6CJuhVoQpJ8Fr3857u2aY5u90b744=", + "h1:Fm/qcPuwi3JXV+x+6zKHeQwVGDdGkCu+mjdPKY+eBCQ=", + "h1:K/aEWNwFhDOjbU9bmtAUvy84IZCkVZDhNubxm2J8KuU=", + "h1:NHFZsgJpjqVy+n9tt7uV5gWArMkjFzfo7bUdaT90CQk=", + "h1:NHgKROQfH2vdYgpcD046DrCbFLIONgIzj4UeVNdku3w=", + "h1:V3StWoMxIwKEJ61jlwin+0fdGqDFeBBNQqje57B9nqc=", + "h1:bBEd61mviRihR9/r+nsd8Sq3OU+etHQhBcBdOaVix2g=", + "h1:e8vKwGg6c6CsbbHEpnjQE+5luDVcC5qyKZ5Vv/T5Z1U=", + "h1:lpxW8Myr+VNsbe/xiqbsQ6cLXAkGlmgIjjJYLhhQMf4=", + "h1:pbABD0XsrwOxYmctcsGKjwSTEzaGFL2RR164CSf1O+Q=", + "h1:vChl08zNYLVzuSzfxz3wp3wNSx+vjwl/jPuyPbg59Ks=", + "h1:ys4tLt+sbqNUEicl2tO7gWvEZ6QPK4PwEv/mPc31Na0=", + "zh:06fbb1cc4b61b9d6370d391bf7538aa6ef8b60b91c67d125a6be60a70b1d49f0", + "zh:1d52acd2184f379433a0fce2c29d5ed8fc7958d6a9d1b403310dcc36b2a3f626", + "zh:290bbce092f8836a1db530ac86d933cfea27d52b827639974a81bc48dfba8c34", + "zh:3531f2822c2de3ba837381c4ee4816c5b437fd204c07d659526a04d9154a65e8", + "zh:56d70db4c8c6c0ec1b665380b87726275f4ab3665b4b78ac86dc90e1010c0fe3", + "zh:8251d713c0b2c8c51b6858e51c70d083b484342ff9782a88c39e7eaa966c3da2", + "zh:9a7d1f7207e51382a7dd139dfd5786e7e905edf9bf89bbee4b59ad41365e87be", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:d5e022052011e1984b9c2f8bc5a6b05c909e3b5bf40c3baddf191bf90e3169c2", - "zh:d7e9488b2ce5904efb91c8577b3fe9b0cd599c4cd508f1f163f292930f54fdf0", - "zh:e57cd93d5cd81dd0f446076af6e47a53ce83df2947ec64ed39a1090d4bdf8f0b", + "zh:a529c78dfc60063289524690af78794e99a768835b88e27cdfec15bc85439f7c", + "zh:b6da1843355db05c5d412126406fd97db2a6ff9edc166b81c1cea2994535b4eb", + "zh:bfc08cd23b1556b3287d1b28ac7f12c7d459471d97a0592bf2579ea68d11bae7", + "zh:c382088faf05894191636b57861069a21de10a5ff4eb8f7cc122e764ccf7a4a8", + "zh:e27f99f389921314ee428b24990d3a829057ce532b2beb33c69387458722edd9", + "zh:ef11285eedb45ffc3fb2ecdfefa206e64eb2760a87fff15c44dee42de9703436", + "zh:fedc4ebee0d6fe196691127004db5d1ff8bd22e3b667a74026bb92c607589b6c", ] } provider "registry.terraform.io/hashicorp/random" { - version = "3.6.0" + version = "3.6.2" hashes = [ - "h1:5KeoKSVKVHJW308uiTgslxFbjQAdWzBGUFK68vgMRWY=", - "h1:I8MBeauYA8J8yheLJ8oSMWqB0kovn16dF/wKZ1QTdkk=", - "h1:R5Ucn26riKIEijcsiOMBR3uOAjuOMfI1x7XvH4P6B1w=", - "h1:p6WG1IPHnqx1fnJVKNjv733FBaArIugqy58HRZnpPCk=", - "h1:t0mRdJzegohRKhfdoQEJnv3JRISSezJRblN0HIe67vo=", - "zh:03360ed3ecd31e8c5dac9c95fe0858be50f3e9a0d0c654b5e504109c2159287d", - "zh:1c67ac51254ba2a2bb53a25e8ae7e4d076103483f55f39b426ec55e47d1fe211", - "zh:24a17bba7f6d679538ff51b3a2f378cedadede97af8a1db7dad4fd8d6d50f829", - "zh:30ffb297ffd1633175d6545d37c2217e2cef9545a6e03946e514c59c0859b77d", - "zh:454ce4b3dbc73e6775f2f6605d45cee6e16c3872a2e66a2c97993d6e5cbd7055", + "h1:5lstwe/L8AZS/CP0lil2nPvmbbjAu8kCaU/ogSGNbxk=", + "h1:R5qdQjKzOU16TziCN1vR3Exr/B+8WGK80glLTT4ZCPk=", + "h1:UQlmHGddu39vVzG8kruMsde4GHlG+1S7OLqFApbJvtc=", + "h1:VavG5unYCa3SYISMKF9pzc3718M0bhPlcbUZZGl7wuo=", + "h1:wmG0QFjQ2OfyPy6BB7mQ57WtoZZGGV07uAPQeDmIrAE=", + "zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec", + "zh:1bcd2d8161e89e39886119965ef0f37fcce2da9c1aca34263dd3002ba05fcb53", + "zh:37c75d15e9514556a5f4ed02e1548aaa95c0ecd6ff9af1119ac905144c70c114", + "zh:4210550a767226976bc7e57d988b9ce48f4411fa8a60cd74a6b246baf7589dad", + "zh:562007382520cd4baa7320f35e1370ffe84e46ed4e2071fdc7e4b1a9b1f8ae9b", + "zh:5efb9da90f665e43f22c2e13e0ce48e86cae2d960aaf1abf721b497f32025916", + "zh:6f71257a6b1218d02a573fc9bff0657410404fb2ef23bc66ae8cd968f98d5ff6", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:91df0a9fab329aff2ff4cf26797592eb7a3a90b4a0c04d64ce186654e0cc6e17", - "zh:aa57384b85622a9f7bfb5d4512ca88e61f22a9cea9f30febaa4c98c68ff0dc21", - "zh:c4a3e329ba786ffb6f2b694e1fd41d413a7010f3a53c20b432325a94fa71e839", - "zh:e2699bc9116447f96c53d55f2a00570f982e6f9935038c3810603572693712d0", - "zh:e747c0fd5d7684e5bfad8aa0ca441903f15ae7a98a737ff6aca24ba223207e2c", - "zh:f1ca75f417ce490368f047b63ec09fd003711ae48487fba90b4aba2ccf71920e", + "zh:9647e18f221380a85f2f0ab387c68fdafd58af6193a932417299cdcae4710150", + "zh:bb6297ce412c3c2fa9fec726114e5e0508dd2638cad6a0cb433194930c97a544", + "zh:f83e925ed73ff8a5ef6e3608ad9225baa5376446349572c2449c0c0b3cf184b7", + "zh:fbef0781cb64de76b1df1ca11078aecba7800d82fd4a956302734999cfd9a4af", ] } diff --git a/terraform/infrastructure/iam/aws/main.tf b/terraform/infrastructure/iam/aws/main.tf index c2dbf7c20..dbc111c0c 100644 --- a/terraform/infrastructure/iam/aws/main.tf +++ b/terraform/infrastructure/iam/aws/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "5.37.0" + version = "5.55.0" } } } diff --git a/terraform/infrastructure/iam/azure/.terraform.lock.hcl b/terraform/infrastructure/iam/azure/.terraform.lock.hcl index 65ca4053f..3cc75acbd 100644 --- a/terraform/infrastructure/iam/azure/.terraform.lock.hcl +++ b/terraform/infrastructure/iam/azure/.terraform.lock.hcl @@ -2,49 +2,61 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/azuread" { - version = "2.43.0" - constraints = "2.43.0" + version = "2.52.0" + constraints = "2.52.0" hashes = [ - "h1:/wPCaaEC7By9zWMxYmPMiLNu+zuYuFUyl5mkhCwwi8w=", - "h1:83hGDTWccRJXsKGg1VeYJkBeHwE2cCTRKFCZud4iWQo=", - "h1:bp9HeofaEJDiWtyLMwIEYVgxP5yoMs/dQhjCYsbXU34=", - "h1:jmvCGhwc+jUip0Hy4PI1ZiO/11vdQ3TTp3YaBTKFGiQ=", - "h1:tU/kGFohqNia+uVFT1ujYKZRH2lvEP73LUhQDJtO1w4=", + "h1:0gTsZaV/Z4wAloNuZ+A73gkY9lVDWHLw88+yagLjiWo=", + "h1:BawLlSMcrcY439A6d092jD1+0oHLfy+Ii2EYuLsD9jA=", + "h1:BeRG97PSzSbc4l1PIilC36c1pfvVvr/Hl501mrL6hrA=", + "h1:LT9NuV3RJKGuiEkE6JP39g/qPH+CqFxpQtGg4uyxI34=", + "h1:dT5mZx7PuRcODLZ+sBhhyFUV3V52A8X4JDoIFbJ7XEE=", + "h1:dbCzQ8Bm7aW630lsnXZgzsvzMTzkOZ5HyVHMYaEwrdo=", + "h1:e4dTY5wwP+uf9t+F14l1CW3On2sEjbbNg9DOufEgAlA=", + "h1:ibiKIxZYwyZW8PPT/khja2vXzJ/og8xng5Bf1wmNkN8=", + "h1:rTRveYXmVNgqbhRp4oWGurrGPOcWZXRNOKkraPgqOEc=", + "h1:yQzU2A8hNQZLl1fXn53bRV6XTwNGVk3qCqDT9CT7F6o=", + "h1:zvK6g8klUwmRd9aCB80d/J0lQFWRA+PNA5bBkoouiFY=", + "zh:0bc4c67e303164f1b85344bdef25830f093f7bed988a46331858e2e7543df077", "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", - "zh:2225e2e97ccba4ed1d84f1d430f1ebd837943fe187e57f24f1763172dda61556", - "zh:24708cb09411a766ff397e05cae49058ca38edc718db303a7faef9823402737d", - "zh:3a61167ff58d585abd56233731a8fd649c7c04272bd5b878f963883496e19192", - "zh:433f557634b5e663caaeb68c504c7771c186eba7ecf5d4030437956bc6599ecb", - "zh:5e8cc3b3bcc22d217cf588c821ce091c7d40f0815aecc1addde5355c17cb381d", - "zh:7b008c376097cd60259d43f58fcb33fee56fe9aebb4a94ed7958868ee501d7d0", - "zh:908907fd38537583ea60dccbf73055ae1a2963acc399be4f8e9a6616a9a537db", - "zh:966586cfd850606bab7dd2242c5b9e35d3a7178f64eaac0b44dea54c104c8169", - "zh:a624286401913d3ec44b4825e2c5ae38ac94fb4950aeed8f4b91d09c898f8cce", - "zh:b5171a4463fd0d9b0ce2a08605499b6d99fe93d6fc3f4143e9a26201065cc90a", - "zh:cdcfeeb9db4dbdc6f1fb5644453b37dbd0025b4f3127e9ff348f1e62d66b493e", + "zh:2bc2f80135077016fee0434d0bad68dea197cc1a8b14bc077bacb684fa984701", + "zh:3e1ab7959b40a64e9f481e4375f991cb8e022c82821f4eb63d0920349c9d8190", + "zh:4b26ce0fea4ede6b78c355e15a3ff434f52a032edff8ae061f48225af577373f", + "zh:4ef6581cca562f433747a71e0d2f5b1ae6ea594af9aa6bea31f082e1c24052e1", + "zh:5f34a30f7c62fbd5f9d8b50c1bd7cd8bad7a1a77a0de0a955a4ad2b8c8e9f4c0", + "zh:7cae9b5b1b0d022dbc32efbc7d2cd46b1088319c34f76ca35493887e30c3bbdc", + "zh:b1cc9c0a50d90735b68bdec9f7518441481b6abdc4b10f84a91c92d3cbc30931", + "zh:b265c073a907574c5e434461c00060073825e017b3c8523a1980d959251139af", + "zh:c1685e94fd4fea7d3fd66dd5fad29109f8a9afaa873966c7f60417444397d131", + "zh:eb2584e3300f707f6d795e8dae4f0f6ecf077f47ab9abd4c1b300ea7c55cb154", ] } provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.92.0" - constraints = "3.92.0" + version = "3.109.0" + constraints = "3.109.0" hashes = [ - "h1:+bZPRgjpUA6LivvMIS1UdwRWUgzoYBp/nhEpbL4aXHM=", - "h1:D5lngW1uKlPM2EUCdNG1f2FvPGHYRklDFN8b2jPCIpM=", - "h1:nTP2ZYfuEpMP+PkkgRdhQphNmWWJuKdE9Z4TzeC7ydo=", - "h1:sqVZftg9rJGDiiPiY9l1V/a+5CWkxNcj22sBu8HsJBY=", - "h1:swoRk2drVrD8v7GrW/2OJSk06v2I2zGk3XPAgBDbw9A=", - "zh:04292e149676ba956d738e85faeb6d6ebd3759e8310f1c4155e67402eb5ae0f7", - "zh:0963b4528f25d01d5c733e17de31e2c0b94790fd02931b2a47cd051b20dd0d96", - "zh:133563e16e8a4a7139ac11d94e68de8d1d5e3a62a532e64ac936735d7b1e04db", - "zh:2b219f1b40881d3bdd89257c916f255a7e36904ddc65dbbafee80763661b4636", - "zh:4b4e11a4e3716b290b3b173dfd15b06814b2f6f148f663e3c67a677c95526339", - "zh:5607c7bff3019c3b31488be1a8a9d77a96d27b199a1d8b789e4c2d4c90805674", - "zh:6469aef7728947dacb47785e6082d2d95ebd336a8798f3be6cece5a13145108c", - "zh:69e563f4e6397e1ebaef6f554d296238ec1d9dadc4b865c36743bd8366a888da", - "zh:887a223b7a9ec4e66634dbb65d9dcc53f0be06d058d9a209927ad49702ae790c", - "zh:b03c273367885c5489a24c31859af81ea58cb169431c0da97a175945ec968f53", - "zh:dd7b704ceaf98ce591e111a9c5085465c946f4f8f357089c0e27e990a669ba39", + "h1:/rMaSj3rKkD+jjzRs+awKuz9Cd6pbIpEuR4qYr/5cq0=", + "h1:1nfnYOD5/tzjCgXLCtP0x8rHkSePJvVsIlQn5mKjBOY=", + "h1:D3wf+0k6WoH7L8I1CuyS4WEWKiM6A4RZR3bmERRSSuY=", + "h1:Fk7L51TM48PIqPlmSjja7iiEL0w5mmfOimWfMsthhLU=", + "h1:On2MrclW5OMUV0zubyVHXONYni97C9ubs3rTAwUJ96Q=", + "h1:UDFgKaoVb+ghSl1HibucaspWbY1k3EgvX2GUCW8Yux0=", + "h1:UK+UFYL+ihy81hdglJlcgenxCslOTs9MK+ySRLm4izw=", + "h1:fiXyGhR/RCxjnZhq3iWXkQBS6yFlwZ0/QQMRlrpKAqo=", + "h1:rrySPpbxkcuBtlWs0cIb+vxfDKZd0XMQB7dYhfxuw8U=", + "h1:tb3a5x6HV4YRxyL3VpdTWe1vsKocKi1HT0KFWnF5ZjM=", + "h1:zpYt7my8y0S6Ob47FwE8cv+YiSwQzxKelJiA4Zlof4U=", + "zh:4324c3df26709c7e669b751259cc5e62c4694ab44370dfcdfe197dcd9261c365", + "zh:4e3e83649240cea7105cd2802d0ae64b143fb543c2f559173feae5a108bc4287", + "zh:74ebf6be1277e9bd357b011026b80fc5ec1c26b70ec7ddd5fcae5e977f9a66ef", + "zh:82cfd3c92035f834a05f4b91d813a059a29ff4157792e36a0b3a224cba8737ae", + "zh:93f05c8ae3555c885c84b82781b2e90774671c321138b7f3c38ecd498009e1d8", + "zh:9b445a9a1544b4b38db10fadbd9ffd5efdded0def54feb9ca593e1bec6fbec5f", + "zh:b21ccd2c1bc691cf2f9876482b6e226d8a37a48de951b168a10f96ba929ebefd", + "zh:b7b7e458eb3c22669e1d36e9ef1886272c10f310501001abce8ae76383014fa5", + "zh:bd3c0cf7caab0a989227934bc60a8ac27131efcf84dd77cb6e32e68374170aee", + "zh:f4b9ccbb28eadf3825f6d7d38a3519379de222f136235a2f21a96c0221d65fb8", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f8ef0b4a970ff5edeadfdeed77f9d0682befdca5df4e9b6d9dcfdf9903305b26", ] } diff --git a/terraform/infrastructure/iam/azure/main.tf b/terraform/infrastructure/iam/azure/main.tf index c58eb12b5..002a7190f 100644 --- a/terraform/infrastructure/iam/azure/main.tf +++ b/terraform/infrastructure/iam/azure/main.tf @@ -2,11 +2,11 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.92.0" + version = "3.109.0" } azuread = { source = "hashicorp/azuread" - version = "2.43.0" + version = "2.52.0" } } } diff --git a/terraform/infrastructure/iam/gcp/.terraform.lock.hcl b/terraform/infrastructure/iam/gcp/.terraform.lock.hcl index 3575f3cfe..ba969d0f0 100644 --- a/terraform/infrastructure/iam/gcp/.terraform.lock.hcl +++ b/terraform/infrastructure/iam/gcp/.terraform.lock.hcl @@ -2,26 +2,32 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/google" { - version = "5.23.0" - constraints = "5.23.0" + version = "5.34.0" + constraints = "5.34.0" hashes = [ - "h1:2VJTKCZWQ1DaNwclFxSo27avsYwWgq/itwLZ3xKyl/o=", - "h1:4evtipODvV5s86gihS+jyk1cSW1xLn22jy8Ox8zzhAs=", - "h1:BD+iQfFcZ0OeaZI2JWDp2sLqSr+DfZtWy4yo1OVMnTI=", - "h1:my3kqg4hIpWLu2WwRewOFxBS+FXfkAIiw8xTYVPNS9M=", - "h1:xpm8QPNp2soGqIEnf4SNoZaTlQ/SbNH63BooJkSbgX0=", - "zh:18eaaa51a8b30fed61c73799b8716a9bd08ccd382bc395c63e45b9a52ed8b300", - "zh:20c71acf091a282db88473ec6f0a684ac59891713c49b2ff1cb35c1539da3121", - "zh:2e3e9ae1d3b045dcaa39053f4d1d066fa17e5b81f4ed7a5e57cc4e6e1e651900", - "zh:531d1552f251c5a0176543defa95c2cc259fc8b9359ef6fd3df404dcead555a0", - "zh:67a7800023fa09a7d87ac02231364988749663e37e2906aa89c70eecc5955ccf", - "zh:6a8076b59d2766a05ffe521cc115f3e8df7cd2ee4c6d60de4ee4636f47714f2e", - "zh:7b39fe720bb7a1f35cd0e4dfeff617338342fc2d16bb22274b42c080ff633140", - "zh:b181e04c32aa53ad78eaf6f2746ec5fd94977187ba7314ae8e9815ef6ea56532", - "zh:bf605be2f8942d5cabb8755ff0d18f243b53f1148f5f32db762667cf64bfa949", - "zh:e981988558310df5d94e56adaa76f7444d991357fe9600c46eb70fa61f4a1394", + "h1:7qETDYPpCPdi5LUEZTp+0T8xQxB48NEAShOQUKeRp6o=", + "h1:ALLNXSm0UWenGas2DL42FJDPIuyvxQAxD6EPtbLISFg=", + "h1:NsFcg40bkNRqt/A63I3VZJDH2zMbwgI4DmjqnZaQof0=", + "h1:S1WiA/Q04V+eD8ZPOj/GRkrHxdq3VbR59z+RhpbgEjs=", + "h1:ebx2A1dmlfIC2P4KwSopjSX8ul1rPpyW1YFmco3rJpY=", + "h1:ed7dedVq0ZYcIImS/+VXT5X5wYtEEgc6tiR2c3jKUhA=", + "h1:fi9xftzKft61lt4vI0oXgzEwpLtMW4D3S3/T63SsO7w=", + "h1:kDZ8ZLPGHTWzOoU6BHd3DmIgOXLuCZxX4i5lK6xdjPs=", + "h1:rTnarO24IRuRxU/iCjFhT6H6UFq+cEEk6qLOj8ZvTtU=", + "h1:t48NNfGkdHByEWWiKx6GtlZPlzEB1Dha3cq44Uidev0=", + "h1:wjyLpE+DlZ3bCD/A973p2apWr0xdwDsTiW75WJA00j8=", + "zh:143c88bb74631041c291ebf7b6213467bf376d3775a33815785939dc102fac09", + "zh:1616ac79345f472b33fcc388eaf4a8a3002e4cc3a5e8748d60d6f4786d0d16dc", + "zh:554ce78e73349ac2c893a74b6981f5e55169ca16f4d0f239e6ccdecadbe1c9e1", + "zh:8022f97aa907685b2eb6c39d5411cf2be2448c6f3b7fbeaf9c06618d376ac4bc", + "zh:85f1fe3628954c35379cc05b895091ec8fe8ba0a5610bc9660492d5be65d4902", + "zh:873fb64fca79695aa930cd868b41ac498809eb76bc3292e41460d916c6fa3538", + "zh:8d3c5112a4abf14b42d769f78373e66f2c2f5f03a7e6544d80019a695bd9b198", + "zh:93cbcfa38991965b976d1973bc528d666006b5247c3fda00c714d0f3a2b62d3e", + "zh:b7710246637aee522a4ea4c1b4f0effb83b701546124ae90c8b4afb97ce03aba", + "zh:e4e02fe946ccbe192b6bbc6bed5715cf68084f1faadc134ed99d5e732429d2ca", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f663776d79e7e5d131b4fbd68c152f2bef3e899a19c9baabe3a441e3f5e809ea", + "zh:fb6b1e4fb2d019d2740aa21b5ecd5f0609f562633a78604a96c14c94aff762b4", ] } diff --git a/terraform/infrastructure/iam/gcp/main.tf b/terraform/infrastructure/iam/gcp/main.tf index 38afbe1ca..50e43cf65 100644 --- a/terraform/infrastructure/iam/gcp/main.tf +++ b/terraform/infrastructure/iam/gcp/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = "5.23.0" + version = "5.34.0" } } } diff --git a/terraform/infrastructure/openstack/.terraform.lock.hcl b/terraform/infrastructure/openstack/.terraform.lock.hcl index f33d99a2a..cdb768b99 100644 --- a/terraform/infrastructure/openstack/.terraform.lock.hcl +++ b/terraform/infrastructure/openstack/.terraform.lock.hcl @@ -2,53 +2,62 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/random" { - version = "3.6.0" - constraints = "3.6.0" + version = "3.6.2" + constraints = "3.6.2" hashes = [ - "h1:5KeoKSVKVHJW308uiTgslxFbjQAdWzBGUFK68vgMRWY=", - "h1:I8MBeauYA8J8yheLJ8oSMWqB0kovn16dF/wKZ1QTdkk=", - "h1:R5Ucn26riKIEijcsiOMBR3uOAjuOMfI1x7XvH4P6B1w=", - "h1:p6WG1IPHnqx1fnJVKNjv733FBaArIugqy58HRZnpPCk=", - "h1:t0mRdJzegohRKhfdoQEJnv3JRISSezJRblN0HIe67vo=", - "zh:03360ed3ecd31e8c5dac9c95fe0858be50f3e9a0d0c654b5e504109c2159287d", - "zh:1c67ac51254ba2a2bb53a25e8ae7e4d076103483f55f39b426ec55e47d1fe211", - "zh:24a17bba7f6d679538ff51b3a2f378cedadede97af8a1db7dad4fd8d6d50f829", - "zh:30ffb297ffd1633175d6545d37c2217e2cef9545a6e03946e514c59c0859b77d", - "zh:454ce4b3dbc73e6775f2f6605d45cee6e16c3872a2e66a2c97993d6e5cbd7055", + "h1:5lstwe/L8AZS/CP0lil2nPvmbbjAu8kCaU/ogSGNbxk=", + "h1:R5qdQjKzOU16TziCN1vR3Exr/B+8WGK80glLTT4ZCPk=", + "h1:UQlmHGddu39vVzG8kruMsde4GHlG+1S7OLqFApbJvtc=", + "h1:VavG5unYCa3SYISMKF9pzc3718M0bhPlcbUZZGl7wuo=", + "h1:wmG0QFjQ2OfyPy6BB7mQ57WtoZZGGV07uAPQeDmIrAE=", + "zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec", + "zh:1bcd2d8161e89e39886119965ef0f37fcce2da9c1aca34263dd3002ba05fcb53", + "zh:37c75d15e9514556a5f4ed02e1548aaa95c0ecd6ff9af1119ac905144c70c114", + "zh:4210550a767226976bc7e57d988b9ce48f4411fa8a60cd74a6b246baf7589dad", + "zh:562007382520cd4baa7320f35e1370ffe84e46ed4e2071fdc7e4b1a9b1f8ae9b", + "zh:5efb9da90f665e43f22c2e13e0ce48e86cae2d960aaf1abf721b497f32025916", + "zh:6f71257a6b1218d02a573fc9bff0657410404fb2ef23bc66ae8cd968f98d5ff6", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:91df0a9fab329aff2ff4cf26797592eb7a3a90b4a0c04d64ce186654e0cc6e17", - "zh:aa57384b85622a9f7bfb5d4512ca88e61f22a9cea9f30febaa4c98c68ff0dc21", - "zh:c4a3e329ba786ffb6f2b694e1fd41d413a7010f3a53c20b432325a94fa71e839", - "zh:e2699bc9116447f96c53d55f2a00570f982e6f9935038c3810603572693712d0", - "zh:e747c0fd5d7684e5bfad8aa0ca441903f15ae7a98a737ff6aca24ba223207e2c", - "zh:f1ca75f417ce490368f047b63ec09fd003711ae48487fba90b4aba2ccf71920e", + "zh:9647e18f221380a85f2f0ab387c68fdafd58af6193a932417299cdcae4710150", + "zh:bb6297ce412c3c2fa9fec726114e5e0508dd2638cad6a0cb433194930c97a544", + "zh:f83e925ed73ff8a5ef6e3608ad9225baa5376446349572c2449c0c0b3cf184b7", + "zh:fbef0781cb64de76b1df1ca11078aecba7800d82fd4a956302734999cfd9a4af", ] } provider "registry.terraform.io/stackitcloud/stackit" { - version = "0.17.0" - constraints = "0.17.0" + version = "0.19.0" + constraints = "0.19.0" hashes = [ - "h1:I0ZMrepgLZz8LXV0gPU0AFoCuRUTlObilWeqXdu+EWY=", - "h1:Oft1EtSh7XSVS2Ypv2XxQ1fqUwkX8uKQNbNUY4Z2I1g=", - "h1:VDaLrd0U5udRiFg0oLdhJEn1HOvDeTaixs1al/5ad+g=", - "h1:aaCb+bQiK0DR/Fm3d88fBIaNjA0mu6qtY+psGRq0rIc=", - "h1:clv7CxYSYaIky+0fM9tCySAYStP1dWLiL8cV/3bQIUc=", - "zh:0a4c9388a0ebe806ade3d0489924d84880611c36b879cfc97088e871c6fdc9a8", + "h1:2hgGNObJb6LPy5ErCMf2dl04H42UXPVQfO0ddELY70g=", + "h1:5PgdHlnRuQ9KtIPbxZW16KiYBxqpzZgD5lrqi9wl1NI=", + "h1:BLOc7TOVbJ5rDh7pBXWBKpv5JwdEJtJDfL6qL5DrRBk=", + "h1:EbzQdIJPZzWYiopHWWRw41nbVTQVEBULn98y+pSCUI0=", + "h1:HlOAdnuI4XME2hpwM/UJ7hkEfD6Kymd13cFbNXEpl1o=", + "h1:IXPIRVOON5xfjl0ahxmzn+HbuqoBZFjyvGJrQZUIrpA=", + "h1:MVQ9s55+e1sBM50gG2yKCDwtkarVyReomZTPHi9C+6Q=", + "h1:Sx8weH8CdXcBJMs5s9uDWQMERSqUw/sY0kv61Rer6bc=", + "h1:eW7vgkOSiJCkDfOjpCPPa509qf/mq2bohKuETcRMBDk=", + "h1:fNmM6YjXrz4Ms40GN/K1OiNuD4oXFdeMSEakaOvoW0c=", + "h1:hK4Kq58vY8lCOlFWX2uChXmgTMbsAUAwL+IMZmTYICg=", + "h1:iyfk2Gc5K7SqiIjpMBUmLZk2xqLPrtnv63+oLPrcgzo=", + "h1:t7KLgeRVx2k0a+I6StQNx5FWq43HtN6Lb/0+GD9M15Q=", + "h1:w3rZ31LGmYda+dhoqFcs3Cy4KcK/886FeD7e4el/IHg=", + "zh:0a1fcf458c53a6dc076e054c03c6580d1ba81af6848f3b12b57fbdffe5966154", "zh:0dde99e7b343fa01f8eefc378171fb8621bedb20f59157d6cc8e3d46c738105f", - "zh:1cefebb92afefbc2407826d2ebe62291c15d585b391fe0a9f329b0d08eacd1b4", - "zh:248d0980ce0f34a8dcc37d3717d9cf1c85e05c944ca228e9d7bc330af5c3ec6e", - "zh:3161dd1973b5e2359402fd8a1838c881a9e1c514507b22440bc47b557d1a2574", - "zh:340a86a8a93e343702a87db423c493a1ab36a0a32e9c10e8c1c982020caae9bc", - "zh:38b49523eb1f48f5f4a0f1ef4b7de81bb468d3378e74dd72038f7228a4f3a5cb", - "zh:3b28a45818891bfabae5a52a43d38125ac7c220ad7a7c0a4682228be5552f14d", - "zh:59889ef8c6c84e9c2d647e5374ab1e59e043fbe5750eca7d06efcff308e2e403", - "zh:5baed6b0b8a9a1ca973b0bc792f56e02d46ffafe276c3b50b75570dd024f2afb", - "zh:81628b9cf966b2688ee3598868336c87e97b86d69c5caf761a6e77fde6eeefc1", - "zh:9a12f81c92f2a58340920dd468feca988f1bd3b8fe57ec8914d2f1db3ee363f7", - "zh:b7af6c4f1491a1e6c58148f8b6c1d5f0f77b13560d43fa5a70faa8ae09bde1f0", - "zh:d378cc2f87f84f91b06910be7fb9cf23a147d019be218f4f686f2441bdf0b32a", - "zh:f3cba27b8375d7e97151bf9f184864f06724895d0d9457c2ac3615ff175d7413", + "zh:3c693a6afde4d65eae6ca4b287e6ed5d35d90a923274f81b792cc92685433611", + "zh:477f252abd91b5a772e71d4a84c99a65969605095c5c207f2ee4718be856d438", + "zh:5f65659d143a016e9b5c3400e91ec34882a7054c0361b256aa975b9ee637b7db", + "zh:7a743de5cccb9190eb4517520f623a5e7a4651d8e8eaa231042ff5039fef0786", + "zh:7fd825b7da38cf77559e7b6c8ce37c873cd081c69b4be5e66ccdd16ddf040d79", + "zh:803e2a111b94a995d6c53c4a0e87e3a7f436df0f6810d2a5bca07ff5a5174c38", + "zh:8d403847edf4e15e5075a93eb336ab8df3e42c179d10356ac8e69a1357d4a3a6", + "zh:8d84df2750dca6ee20ae81648965d241ccb2bc93213a591b61b2df17a1914cba", + "zh:bc9ab8292cc65bf275446830a4ac6cd721ddf9bc24563112d672b66cfc080a26", + "zh:ca8aae314ef0abcc4e39bc18ba6e6891a41a497eeb8d9f6fcdc9c4cdc64aec98", + "zh:d99a35c688b7053f1127fa663d6783575e89aefe9226f87a5e20fd6e4031c142", + "zh:f4ec0886e09246bd79fd0e37805be4ffbd1128f3487018130610bcffe44f761e", + "zh:fb3dd70cda60663d053f14a791019abb0ea16e2bb1c2c048b1806d2a1d0db58d", ] } diff --git a/terraform/infrastructure/openstack/main.tf b/terraform/infrastructure/openstack/main.tf index 53767b49d..f8c874453 100644 --- a/terraform/infrastructure/openstack/main.tf +++ b/terraform/infrastructure/openstack/main.tf @@ -7,12 +7,12 @@ terraform { stackit = { source = "stackitcloud/stackit" - version = "0.17.0" + version = "0.19.0" } random = { source = "hashicorp/random" - version = "3.6.0" + version = "3.6.2" } } } diff --git a/terraform/infrastructure/openstack/modules/stackit_loadbalancer/main.tf b/terraform/infrastructure/openstack/modules/stackit_loadbalancer/main.tf index 889964ee9..948d3cb3b 100644 --- a/terraform/infrastructure/openstack/modules/stackit_loadbalancer/main.tf +++ b/terraform/infrastructure/openstack/modules/stackit_loadbalancer/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { stackit = { source = "stackitcloud/stackit" - version = "0.17.0" + version = "0.19.0" } } } diff --git a/terraform/infrastructure/qemu/.terraform.lock.hcl b/terraform/infrastructure/qemu/.terraform.lock.hcl index fe10c6d34..5ac4182a5 100644 --- a/terraform/infrastructure/qemu/.terraform.lock.hcl +++ b/terraform/infrastructure/qemu/.terraform.lock.hcl @@ -2,52 +2,61 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/dmacvicar/libvirt" { - version = "0.7.1" - constraints = "0.7.1" + version = "0.7.6" + constraints = "0.7.6" hashes = [ - "h1:1yEJVPVFkRkbRY63+sFRAWau/eJ0xlecHWLCV8spkWU=", - "h1:AJn6IML1iiq9oIUdDQTDApMvsfSKfMncF4RoKnhpNaY=", - "h1:G114r+ESpxpMCnBxFXZZ3+HktoNK4WXAJ5M3GRwvgBQ=", - "h1:ZG+KVAKVm++wfWnGdc8QIFn1LHRycUnmYibMg4REQyk=", - "h1:rDm9KgxNWuhdTCJpfepeTzCB/b24bKrOMN57637RZtU=", - "zh:1c59f2ab68da6326637ee8b03433e84af76b3e3562f251a7f2aa239a7b262a8d", - "zh:236e24ecf036e99d9d1e2081a39dc9cb4b8993850a37141a1449f20750f883d6", - "zh:4519c22b1f00c1d37d60ac6c2cb7ad5ab9dbcd44a80b4f61e68aacb54eae017d", - "zh:54de4e3c979c32af1dc71ec2846912f669a28bdb0990e8a3c1fb8fea4ede7b61", - "zh:6270a757bcf4e1f9efe47726cf0caefba30a25e59d151103cf03d1656325783c", - "zh:68b8586d5b29c0a1cb7c608a309b38db911449c072d60eee9e40e01881f1c23a", - "zh:724ba2290fea704714378e9363541420c36091e790c7f39150cde8987d4e0754", - "zh:7b6860c92376cdad98273aab4bea62546622e08f50733e4b2e58a7a859d3b49d", - "zh:986a0a4f8d9511c64bcac8010337deb43110b4c2f91969b2491fd9edc290b60e", - "zh:aff0f6f24d69cd97a44cd6059edaf355769fbb8a7643a6db4d52c9a94f98e194", - "zh:c46ca3f8384d06c13a7ed3d4b83c65b4f8dccbf9d5f624843b68d176add5c5c2", - "zh:ef310534e7d38153aca4ce31655b52a6e6c4d76f32e49732c96b62e9de1ee843", - "zh:f1566b094f4267ef2674889d874962dd41e0cba55251645e16d003c77ca8a19c", - "zh:f2e019df7b537069828c5537c481e5b7f41d2404eef6fe5c86702c20900b303d", + "h1:CcdSVsSt7fDoisqnTqWKkekjaGLUlYBuEkzA6NFFqeA=", + "h1:DEJO3ab+JUUGG5rjNRI1+ORSst66oJ4YYS12s2yX7cs=", + "h1:H63KAqcO593KB4M92zMqLLNv5cnvtGJtpCY0YMV13lE=", + "h1:ID44pCKG1/P+6AznezHDE66EG2ZZqnV9FiNdMwQkLBw=", + "h1:UiPwB2qXh43jYHm6Nvx8hkvx2XdOpmtz8sFuqrTyKC8=", + "h1:dwJ5HUkCaeARF1uQS6XyV5LWD3vomBXzq759LO29bU4=", + "h1:e28YOgPYS+zeAHc3fDvopaSO+Hwp5epGquh/k1rWHio=", + "h1:g53oDOhYVkBTf8oGRQdapTkiIVA/0HmgfRfRrjkLgDE=", + "h1:gt306d/Blv/6C5X1XmCgoIDPFyEdYJTcUblaoXvEFlI=", + "h1:h5AOtaYpdnjPPtjKw2PsNmjZ9VmjnAgqXTndl3Mwwug=", + "h1:iSXq5AwwWFurJwtRq4EtRxzAq+vctJsZcSLgGxOczNI=", + "h1:mmbm4vTyC/DCGO4Ed/vbp5AKvy1gmVn/94fzB9VmR08=", + "h1:pnJ5M2g8UDabX2GZLzi5piapRKvrZAWoBIIx3ipulWQ=", + "h1:z/E1KtF70UEfa2/sm5fhVAcmfDyPxDZa38jbYkU2Jso=", + "zh:0bde54f6f658b20b620b875daf106b5b25b1bae4d15408d6c5f06d58360e254d", + "zh:0c97c6930015918b8a34b6d7a2b0c3d17a649c226fcd1874fcba5bbbc0f35972", + "zh:1bdd7aa0011c5f024a09a124836ee9bc8e71b05a6ece810c61824275fd3f695f", + "zh:2b0cc7c794e4caf395d84ffff0b380d17e4b3219a4696264271bfe5059450efe", + "zh:2f8633f7fe07f76c188836ed6f93321ec5fbf5c004bc7699e1741d9b21ed5f37", + "zh:5bf47eed286ce55ed10a5cf657de49a34ab21cc8677c56fef3aab69cdde41a27", + "zh:7dca790fc5fd1d42bc4bc7170be003a7093602026d0f95c8aab84ad551fdf2a4", + "zh:80476b68bc84e3d661d1390025f83879b88f9cdc836de9751af09bd5716089cb", + "zh:82f3e2f3f50176cd6041c8ba36e295cbda1b289ef52ab75b5eceb0f921f64f7b", + "zh:a179b165f3b9bb9a67ebbbf9d73157ded33f02d476b2f58906389dca03b653c9", + "zh:acae54a5d0616f22b3180ddd8e8aad39af664e604394fdacf1f7b337bca2d5b4", + "zh:da4406a2428a9a7e98272c032cb93431c3919253af2fe9934b532d26c0deab09", + "zh:f63dbd8e579ab5268d01ffab4503b8a8e736b70d1a04e4f271559ba8dd133dcd", + "zh:f85c1d9e51a94ecde137435c9d6b0fb7be590437ea8a725334d1577eebbc550c", ] } provider "registry.terraform.io/hashicorp/random" { - version = "3.6.0" - constraints = "3.6.0" + version = "3.6.2" + constraints = "3.6.2" hashes = [ - "h1:5KeoKSVKVHJW308uiTgslxFbjQAdWzBGUFK68vgMRWY=", - "h1:I8MBeauYA8J8yheLJ8oSMWqB0kovn16dF/wKZ1QTdkk=", - "h1:R5Ucn26riKIEijcsiOMBR3uOAjuOMfI1x7XvH4P6B1w=", - "h1:p6WG1IPHnqx1fnJVKNjv733FBaArIugqy58HRZnpPCk=", - "h1:t0mRdJzegohRKhfdoQEJnv3JRISSezJRblN0HIe67vo=", - "zh:03360ed3ecd31e8c5dac9c95fe0858be50f3e9a0d0c654b5e504109c2159287d", - "zh:1c67ac51254ba2a2bb53a25e8ae7e4d076103483f55f39b426ec55e47d1fe211", - "zh:24a17bba7f6d679538ff51b3a2f378cedadede97af8a1db7dad4fd8d6d50f829", - "zh:30ffb297ffd1633175d6545d37c2217e2cef9545a6e03946e514c59c0859b77d", - "zh:454ce4b3dbc73e6775f2f6605d45cee6e16c3872a2e66a2c97993d6e5cbd7055", + "h1:5lstwe/L8AZS/CP0lil2nPvmbbjAu8kCaU/ogSGNbxk=", + "h1:R5qdQjKzOU16TziCN1vR3Exr/B+8WGK80glLTT4ZCPk=", + "h1:UQlmHGddu39vVzG8kruMsde4GHlG+1S7OLqFApbJvtc=", + "h1:VavG5unYCa3SYISMKF9pzc3718M0bhPlcbUZZGl7wuo=", + "h1:wmG0QFjQ2OfyPy6BB7mQ57WtoZZGGV07uAPQeDmIrAE=", + "zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec", + "zh:1bcd2d8161e89e39886119965ef0f37fcce2da9c1aca34263dd3002ba05fcb53", + "zh:37c75d15e9514556a5f4ed02e1548aaa95c0ecd6ff9af1119ac905144c70c114", + "zh:4210550a767226976bc7e57d988b9ce48f4411fa8a60cd74a6b246baf7589dad", + "zh:562007382520cd4baa7320f35e1370ffe84e46ed4e2071fdc7e4b1a9b1f8ae9b", + "zh:5efb9da90f665e43f22c2e13e0ce48e86cae2d960aaf1abf721b497f32025916", + "zh:6f71257a6b1218d02a573fc9bff0657410404fb2ef23bc66ae8cd968f98d5ff6", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:91df0a9fab329aff2ff4cf26797592eb7a3a90b4a0c04d64ce186654e0cc6e17", - "zh:aa57384b85622a9f7bfb5d4512ca88e61f22a9cea9f30febaa4c98c68ff0dc21", - "zh:c4a3e329ba786ffb6f2b694e1fd41d413a7010f3a53c20b432325a94fa71e839", - "zh:e2699bc9116447f96c53d55f2a00570f982e6f9935038c3810603572693712d0", - "zh:e747c0fd5d7684e5bfad8aa0ca441903f15ae7a98a737ff6aca24ba223207e2c", - "zh:f1ca75f417ce490368f047b63ec09fd003711ae48487fba90b4aba2ccf71920e", + "zh:9647e18f221380a85f2f0ab387c68fdafd58af6193a932417299cdcae4710150", + "zh:bb6297ce412c3c2fa9fec726114e5e0508dd2638cad6a0cb433194930c97a544", + "zh:f83e925ed73ff8a5ef6e3608ad9225baa5376446349572c2449c0c0b3cf184b7", + "zh:fbef0781cb64de76b1df1ca11078aecba7800d82fd4a956302734999cfd9a4af", ] } diff --git a/terraform/infrastructure/qemu/main.tf b/terraform/infrastructure/qemu/main.tf index 047e9dbdc..62ec2a013 100644 --- a/terraform/infrastructure/qemu/main.tf +++ b/terraform/infrastructure/qemu/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { libvirt = { source = "dmacvicar/libvirt" - version = "0.7.1" + version = "0.7.6" } docker = { source = "kreuzwerker/docker" diff --git a/terraform/infrastructure/qemu/modules/instance_group/main.tf b/terraform/infrastructure/qemu/modules/instance_group/main.tf index 75ecbf2b8..f81420d57 100644 --- a/terraform/infrastructure/qemu/modules/instance_group/main.tf +++ b/terraform/infrastructure/qemu/modules/instance_group/main.tf @@ -2,11 +2,11 @@ terraform { required_providers { libvirt = { source = "dmacvicar/libvirt" - version = "0.7.1" + version = "0.7.6" } random = { source = "hashicorp/random" - version = "3.6.0" + version = "3.6.2" } } } From 1f70c4e77a03431b5cbdf25807d18c45859f8e4e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 27 Jun 2024 10:32:17 +0200 Subject: [PATCH 117/380] deps: update Go dependencies (#3207) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 42 ++++++++++++++--------------- go.sum | 84 +++++++++++++++++++++++++++++----------------------------- 2 files changed, 63 insertions(+), 63 deletions(-) diff --git a/go.mod b/go.mod index 35447c960..576d4febd 100644 --- a/go.mod +++ b/go.mod @@ -26,10 +26,10 @@ replace ( ) require ( - cloud.google.com/go/compute v1.27.0 + cloud.google.com/go/compute v1.27.1 cloud.google.com/go/compute/metadata v0.3.0 - cloud.google.com/go/kms v1.18.0 - cloud.google.com/go/secretmanager v1.13.1 + cloud.google.com/go/kms v1.18.1 + cloud.google.com/go/secretmanager v1.13.2 cloud.google.com/go/storage v1.42.0 dario.cat/mergo v1.0.0 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible @@ -40,21 +40,21 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0 github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.3.2 github.com/BurntSushi/toml v1.4.0 - github.com/aws/aws-sdk-go v1.54.8 + github.com/aws/aws-sdk-go v1.54.9 github.com/aws/aws-sdk-go-v2 v1.30.0 - github.com/aws/aws-sdk-go-v2/config v1.27.21 - github.com/aws/aws-sdk-go-v2/credentials v1.17.21 + github.com/aws/aws-sdk-go-v2/config v1.27.22 + github.com/aws/aws-sdk-go-v2/credentials v1.17.22 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.8 - github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.1 - github.com/aws/aws-sdk-go-v2/service/autoscaling v1.42.0 - github.com/aws/aws-sdk-go-v2/service/cloudfront v1.37.1 - github.com/aws/aws-sdk-go-v2/service/ec2 v1.166.0 - github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.32.1 - github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.22.1 - github.com/aws/aws-sdk-go-v2/service/s3 v1.56.1 - github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.31.1 + github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.2 + github.com/aws/aws-sdk-go-v2/service/autoscaling v1.43.0 + github.com/aws/aws-sdk-go-v2/service/cloudfront v1.38.0 + github.com/aws/aws-sdk-go-v2/service/ec2 v1.167.0 + github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.33.0 + github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.23.0 + github.com/aws/aws-sdk-go-v2/service/s3 v1.57.0 + github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.32.0 github.com/aws/smithy-go v1.20.2 - github.com/bazelbuild/buildtools v0.0.0-20240606140350-80f1f6802857 + github.com/bazelbuild/buildtools v0.0.0-20240626162158-92a716d768c0 github.com/bazelbuild/rules_go v0.48.1 github.com/coreos/go-systemd/v22 v22.5.0 github.com/docker/docker v26.1.4+incompatible @@ -103,7 +103,7 @@ require ( github.com/secure-systems-lab/go-securesystemslib v0.8.0 github.com/siderolabs/talos/pkg/machinery v1.7.5 github.com/sigstore/rekor v1.3.6 - github.com/sigstore/sigstore v1.8.5 + github.com/sigstore/sigstore v1.8.6 github.com/spf13/afero v1.11.0 github.com/spf13/cobra v1.8.1 github.com/spf13/pflag v1.0.5 @@ -182,9 +182,9 @@ require ( github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.14 // indirect github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14 // indirect github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.12 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.21.1 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.1 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.29.1 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.22.0 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.0 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.30.0 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver v3.5.1+incompatible // indirect github.com/blang/semver/v4 v4.0.0 // indirect @@ -284,7 +284,7 @@ require ( github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect github.com/leodido/go-urn v1.4.0 // indirect - github.com/letsencrypt/boulder v0.0.0-20240613153800-a69ba997609e // indirect + github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec // indirect github.com/lib/pq v1.10.9 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/mailru/easyjson v0.7.7 // indirect @@ -359,7 +359,7 @@ require ( gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/genproto v0.0.0-20240617180043-68d350f18fd4 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240610135401-a8a62080eff3 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/go.sum b/go.sum index e658f293f..cdc111c70 100644 --- a/go.sum +++ b/go.sum @@ -5,18 +5,18 @@ cloud.google.com/go/auth v0.6.0 h1:5x+d6b5zdezZ7gmLWD1m/xNjnaQ2YDhmIz/HH3doy1g= cloud.google.com/go/auth v0.6.0/go.mod h1:b4acV+jLQDyjwm4OXHYjNvRi4jvGBzHWJRtJcy+2P4g= cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4= cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= -cloud.google.com/go/compute v1.27.0 h1:EGawh2RUnfHT5g8f/FX3Ds6KZuIBC77hZoDrBvEZw94= -cloud.google.com/go/compute v1.27.0/go.mod h1:LG5HwRmWFKM2C5XxHRiNzkLLXW48WwvyVC0mfWsYPOM= +cloud.google.com/go/compute v1.27.1 h1:0WbBLIPNANheCRZ4h8QhgzjN53KMutbiVBOLtPiVzBU= +cloud.google.com/go/compute v1.27.1/go.mod h1:UVWm+bWKEKoM+PW2sZycP1Jgk3NhKwR2Iy2Cnp/G40I= cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc= cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= cloud.google.com/go/iam v1.1.8 h1:r7umDwhj+BQyz0ScZMp4QrGXjSTI3ZINnpgU2nlB/K0= cloud.google.com/go/iam v1.1.8/go.mod h1:GvE6lyMmfxXauzNq8NbgJbeVQNspG+tcdL/W8QO1+zE= -cloud.google.com/go/kms v1.18.0 h1:pqNdaVmZJFP+i8OVLocjfpdTWETTYa20FWOegSCdrRo= -cloud.google.com/go/kms v1.18.0/go.mod h1:DyRBeWD/pYBMeyiaXFa/DGNyxMDL3TslIKb8o/JkLkw= +cloud.google.com/go/kms v1.18.1 h1:tz1oSpKokgn1+FF7mEMMmsu0FVHQebZjtKetX3fbYdo= +cloud.google.com/go/kms v1.18.1/go.mod h1:fOsmW0fzDVYXM0AOJWmpB0gFVOVgC33giwYi0kcTdBA= cloud.google.com/go/longrunning v0.5.7 h1:WLbHekDbjK1fVFD3ibpFFVoyizlLRl73I7YKuAKilhU= cloud.google.com/go/longrunning v0.5.7/go.mod h1:8GClkudohy1Fxm3owmBGid8W0pSgodEMwEAztp38Xng= -cloud.google.com/go/secretmanager v1.13.1 h1:TTGo2Vz7ZxYn2QbmuFP7Zo4lDm5VsbzBjDReo3SA5h4= -cloud.google.com/go/secretmanager v1.13.1/go.mod h1:y9Ioh7EHp1aqEKGYXk3BOC+vkhlHm9ujL7bURT4oI/4= +cloud.google.com/go/secretmanager v1.13.2 h1:WnyajcyWf5MLq9lPyVxEyOBAhQdPcpckG3lMw8LqAHw= +cloud.google.com/go/secretmanager v1.13.2/go.mod h1:rB3lORY7QZrjACov35PX0KXMM0bKlbkL0/eFlS312wk= cloud.google.com/go/storage v1.42.0 h1:4QtGpplCVt1wz6g5o1ifXd656P5z+yNgzdw1tVfp0cU= cloud.google.com/go/storage v1.42.0/go.mod h1:HjMXRFq65pGKFn6hxj6x3HCyR41uSB72Z0SO/Vn6JFQ= dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= @@ -119,20 +119,20 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/aws/aws-sdk-go v1.30.27/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= -github.com/aws/aws-sdk-go v1.54.8 h1:+soIjaRsuXfEJ9ts9poJD2fIIzSSRwfx+T69DrTtL2M= -github.com/aws/aws-sdk-go v1.54.8/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go v1.54.9 h1:e0Czh9AhrCVPuyaIUnibYmih3cYexJKlqlHSJ2eMKbI= +github.com/aws/aws-sdk-go v1.54.9/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/aws/aws-sdk-go-v2 v1.30.0 h1:6qAwtzlfcTtcL8NHtbDQAqgM5s6NDipQTkPxyH/6kAA= github.com/aws/aws-sdk-go-v2 v1.30.0/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2 h1:x6xsQXGSmW6frevwDA+vi/wqhp1ct18mVXYN08/93to= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2/go.mod h1:lPprDr1e6cJdyYeGXnRaJoP4Md+cDBvi2eOj00BlGmg= -github.com/aws/aws-sdk-go-v2/config v1.27.21 h1:yPX3pjGCe2hJsetlmGNB4Mngu7UPmvWPzzWCv1+boeM= -github.com/aws/aws-sdk-go-v2/config v1.27.21/go.mod h1:4XtlEU6DzNai8RMbjSF5MgGZtYvrhBP/aKZcRtZAVdM= -github.com/aws/aws-sdk-go-v2/credentials v1.17.21 h1:pjAqgzfgFhTv5grc7xPHtXCAaMapzmwA7aU+c/SZQGw= -github.com/aws/aws-sdk-go-v2/credentials v1.17.21/go.mod h1:nhK6PtBlfHTUDVmBLr1dg+WHCOCK+1Fu/WQyVHPsgNQ= +github.com/aws/aws-sdk-go-v2/config v1.27.22 h1:TRkQVtpDINt+Na/ToU7iptyW6U0awAwJ24q4XN+59k8= +github.com/aws/aws-sdk-go-v2/config v1.27.22/go.mod h1:EYY3mVgFRUWkh6QNKH64MdyKs1YSUgatc0Zp3MDxi7c= +github.com/aws/aws-sdk-go-v2/credentials v1.17.22 h1:wu9kXQbbt64ul09v3ye4HYleAr4WiGV/uv69EXKDEr0= +github.com/aws/aws-sdk-go-v2/credentials v1.17.22/go.mod h1:pcvMtPcxJn3r2k6mZD9I0EcumLqPLA7V/0iCgOIlY+o= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.8 h1:FR+oWPFb/8qMVYMWN98bUZAGqPvLHiyqg1wqQGfUAXY= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.8/go.mod h1:EgSKcHiuuakEIxJcKGzVNWh5srVAQ3jKaSrBGRYvM48= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.1 h1:D9VqWMuw7lJAX6d5eINfRQ/PkvtcJAK3Qmd6f6xEeUw= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.1/go.mod h1:ckvBx7codI4wzc5inOfDp5ZbK7TjMFa7eXwmLvXQrRk= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.2 h1:Za8rJGgO8qRfCvLTBNTTeQlFkIubOPrNuDX03TghDA0= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.2/go.mod h1:Ks7cRJzJ3WyhLux68C+EzogpJRKQi6HobwJVJInY5kw= github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.12 h1:SJ04WXGTwnHlWIODtC5kJzKbeuHt+OUNOgKg7nfnUGw= github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.12/go.mod h1:FkpvXhA92gb3GE9LD6Og0pHHycTxW7xGpnEh5E7Opwo= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.12 h1:hb5KgeYfObi5MHkSSZMEudnIvX30iB+E21evI4r6BnQ= @@ -141,14 +141,14 @@ github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY= github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.12 h1:DXFWyt7ymx/l1ygdyTTS0X923e+Q2wXIxConJzrgwc0= github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.12/go.mod h1:mVOr/LbvaNySK1/BTy4cBOCjhCNY2raWBwK4v+WR5J4= -github.com/aws/aws-sdk-go-v2/service/autoscaling v1.42.0 h1:5G2qS8jj0NRGGMu6qmKIDXFmxhVVfJWuUNfxtkw1tpg= -github.com/aws/aws-sdk-go-v2/service/autoscaling v1.42.0/go.mod h1:5XY8CFGBv6dZp/thbk8FRIAWjqNckM7PsL848KHdzjI= -github.com/aws/aws-sdk-go-v2/service/cloudfront v1.37.1 h1:oOm9MhuUpAWAmjcXwkTsYBzXzFIDbVYje6P5jPkG3kU= -github.com/aws/aws-sdk-go-v2/service/cloudfront v1.37.1/go.mod h1:Pri+xMTktTIOpTg/yYeCYgk4vOrv6sZLcB467ePRIoU= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.166.0 h1:FDZVMxzXB13cRmHs3t3tH9gme8GhvmjsQXeXFI37OHU= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.166.0/go.mod h1:Wv7N3iFOKVsZNIaw9MOBUmwCkX6VMmQQRFhMrHtNGno= -github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.32.1 h1:whB9mAd0jcYqVF75rVASYdPPBEfZwGFLBq9rz0cHCoI= -github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.32.1/go.mod h1:EjPhusEHOS2hFIJFR3PfI4ndJLkhm3VKTWv0U5m+VR4= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.43.0 h1:G871v9jS1RyHPJk19JgyqCCVKw9p0nySH3VzpOKTDZU= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.43.0/go.mod h1:5XY8CFGBv6dZp/thbk8FRIAWjqNckM7PsL848KHdzjI= +github.com/aws/aws-sdk-go-v2/service/cloudfront v1.38.0 h1:EvpALEFWmTJrhWIQx/+U2H3jw+n5FLeiF7+Amr6nnEk= +github.com/aws/aws-sdk-go-v2/service/cloudfront v1.38.0/go.mod h1:Pri+xMTktTIOpTg/yYeCYgk4vOrv6sZLcB467ePRIoU= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.167.0 h1:70ZrLWVE70lfA+AFeZTWvP6uXHlAbSjfN3Ussy0qGQs= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.167.0/go.mod h1:Wv7N3iFOKVsZNIaw9MOBUmwCkX6VMmQQRFhMrHtNGno= +github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.33.0 h1:2GsPN/WdIJbNsYu0Qhre/tunAw4Po9YJHTSJeZaTu0o= +github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.33.0/go.mod h1:EjPhusEHOS2hFIJFR3PfI4ndJLkhm3VKTWv0U5m+VR4= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg= github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.14 h1:oWccitSnByVU74rQRHac4gLfDqjB6Z1YQGOY/dXKedI= @@ -157,22 +157,22 @@ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14 h1:zSDPny/p github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14/go.mod h1:3TTcI5JSzda1nw/pkVC9dhgLre0SNBFj2lYS4GctXKI= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.12 h1:tzha+v1SCEBpXWEuw6B/+jm4h5z8hZbTpXz0zRZqTnw= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.12/go.mod h1:n+nt2qjHGoseWeLHt1vEr6ZRCCxIN2KcNpJxBcYQSwI= -github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.22.1 h1:73im9DnuBD4+G8hHsbqb0NSA+n6QJ5ApFk6/YeOz8k8= -github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.22.1/go.mod h1:p5FuKT8Rj4fnlT84Pzy7itV11NZ39Fwm/Y52S8Lg1Oc= -github.com/aws/aws-sdk-go-v2/service/s3 v1.56.1 h1:wsg9Z/vNnCmxWikfGIoOlnExtEU459cR+2d+iDJ8elo= -github.com/aws/aws-sdk-go-v2/service/s3 v1.56.1/go.mod h1:8rDw3mVwmvIWWX/+LWY3PPIMZuwnQdJMCt0iVFVT3qw= -github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.31.1 h1:fMhrWVym3nTAcf3eT9XsYcfN1kgQ/7ZuVLGHjPAn6Ms= -github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.31.1/go.mod h1:tBCf2+VgRT/Lk9KIlKpTxyCunzxHcP8BFPqcck5I9mM= -github.com/aws/aws-sdk-go-v2/service/sso v1.21.1 h1:sd0BsnAvLH8gsp2e3cbaIr+9D7T1xugueQ7V/zUAsS4= -github.com/aws/aws-sdk-go-v2/service/sso v1.21.1/go.mod h1:lcQG/MmxydijbeTOp04hIuJwXGWPZGI3bwdFDGRTv14= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.1 h1:1uEFNNskK/I1KoZ9Q8wJxMz5V9jyBlsiaNrM7vA3YUQ= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.1/go.mod h1:z0P8K+cBIsFXUr5rzo/psUeJ20XjPN0+Nn8067Nd+E4= -github.com/aws/aws-sdk-go-v2/service/sts v1.29.1 h1:myX5CxqXE0QMZNja6FA1/FSE3Vu1rVmeUmpJMMzeZg0= -github.com/aws/aws-sdk-go-v2/service/sts v1.29.1/go.mod h1:N2mQiucsO0VwK9CYuS4/c2n6Smeh1v47Rz3dWCPFLdE= +github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.23.0 h1:QzBMBkOPVhwL4ZUJBHNKWrmlouDz1zKnCbKNgjUCgNQ= +github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.23.0/go.mod h1:p5FuKT8Rj4fnlT84Pzy7itV11NZ39Fwm/Y52S8Lg1Oc= +github.com/aws/aws-sdk-go-v2/service/s3 v1.57.0 h1:v2DWNY6ll3JK62Bx1khUu9fJ4f3TwXllIEJxI7dDv/o= +github.com/aws/aws-sdk-go-v2/service/s3 v1.57.0/go.mod h1:8rDw3mVwmvIWWX/+LWY3PPIMZuwnQdJMCt0iVFVT3qw= +github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.32.0 h1:uXM5YKDEZ60grd2OfVs5uZSzRdqcL/eonj0iKmPFOgk= +github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.32.0/go.mod h1:tBCf2+VgRT/Lk9KIlKpTxyCunzxHcP8BFPqcck5I9mM= +github.com/aws/aws-sdk-go-v2/service/sso v1.22.0 h1:lPIAPCRoJkmotLTU/9B6icUFlYDpEuWjKeL79XROv1M= +github.com/aws/aws-sdk-go-v2/service/sso v1.22.0/go.mod h1:lcQG/MmxydijbeTOp04hIuJwXGWPZGI3bwdFDGRTv14= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.0 h1:/4r71ghx+hX9spr884cqXHPEmPzqH/J3K7fkE1yfcmw= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.0/go.mod h1:z0P8K+cBIsFXUr5rzo/psUeJ20XjPN0+Nn8067Nd+E4= +github.com/aws/aws-sdk-go-v2/service/sts v1.30.0 h1:9ja34PaKybhCJjVKvxtDsUjbATUJGN+eF6QnO58u5cI= +github.com/aws/aws-sdk-go-v2/service/sts v1.30.0/go.mod h1:N2mQiucsO0VwK9CYuS4/c2n6Smeh1v47Rz3dWCPFLdE= github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q= github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= -github.com/bazelbuild/buildtools v0.0.0-20240606140350-80f1f6802857 h1:3UwzfrfwoxlyGlPhbQR1O1HLOd4qNEyAwxHRSE+Yde4= -github.com/bazelbuild/buildtools v0.0.0-20240606140350-80f1f6802857/go.mod h1:689QdV3hBP7Vo9dJMmzhoYIyo/9iMhEmHkJcnaPRCbo= +github.com/bazelbuild/buildtools v0.0.0-20240626162158-92a716d768c0 h1:tVa7swb7n+9X2nS9XsCqOQ7ZGm0t+t11vWYTKoFiWB8= +github.com/bazelbuild/buildtools v0.0.0-20240626162158-92a716d768c0/go.mod h1:689QdV3hBP7Vo9dJMmzhoYIyo/9iMhEmHkJcnaPRCbo= github.com/bazelbuild/rules_go v0.48.1 h1:uFAO3cNJyiZlf3r4HzApyMDiNch7lU0VtQBHrjnfCyw= github.com/bazelbuild/rules_go v0.48.1/go.mod h1:Dhcz716Kqg1RHNWos+N6MlXNkjNP2EwZQ0LukRKJfMs= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= @@ -598,8 +598,8 @@ github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 h1:P6pPBnrTSX3DEVR4fDembhR github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0/go.mod h1:vmVJ0l/dxyfGW6FmdpVm2joNMFikkuWg0EoCKLGUMNw= github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ= github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI= -github.com/letsencrypt/boulder v0.0.0-20240613153800-a69ba997609e h1:+e81SDvSs49Z03S3S7OhoYjT2Ryv73ErLA/ExMm0FEg= -github.com/letsencrypt/boulder v0.0.0-20240613153800-a69ba997609e/go.mod h1:xN4NICCU1WBlUv60BGgMyGuungNTy/aQqjEntJWmgaM= +github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec h1:2tTW6cDth2TSgRbAhD7yjZzTQmcN25sDRPEeinR51yQ= +github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec/go.mod h1:TmwEoGCwIti7BCeJ9hescZgRtatxRE+A72pCoPfmcfk= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= @@ -763,8 +763,8 @@ github.com/siderolabs/talos/pkg/machinery v1.7.5 h1:M02UZSDfN0BB4bXhTYDjEmVvAIX1 github.com/siderolabs/talos/pkg/machinery v1.7.5/go.mod h1:OeamhNo92c3V96bddZNhcCgoRyzw2KWBtpma1lfchtg= github.com/sigstore/rekor v1.3.6 h1:QvpMMJVWAp69a3CHzdrLelqEqpTM3ByQRt5B5Kspbi8= github.com/sigstore/rekor v1.3.6/go.mod h1:JDTSNNMdQ/PxdsS49DJkJ+pRJCO/83nbR5p3aZQteXc= -github.com/sigstore/sigstore v1.8.5 h1:8NrF2tGlvOvFnaRJcU+VehwG4W/Zb2/7Khavm5PGRGI= -github.com/sigstore/sigstore v1.8.5/go.mod h1:fJgbV5XFUbrhFAZSlv0ol7QJeH2PIUJJbfDEwUf3bvQ= +github.com/sigstore/sigstore v1.8.6 h1:g066b/Nw5r5oxhNv4XqJUUzVcyf1b07itUueiQe7rZM= +github.com/sigstore/sigstore v1.8.6/go.mod h1:UOBrJd9JBQ81DrkpGljzsIFXEtfC30raHvLWFWG857U= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= @@ -1027,8 +1027,8 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20240617180043-68d350f18fd4 h1:CUiCqkPw1nNrNQzCCG4WA65m0nAmQiwXHpub3dNyruU= google.golang.org/genproto v0.0.0-20240617180043-68d350f18fd4/go.mod h1:EvuUDCulqGgV80RvP1BHuom+smhX4qtlhnNatHuroGQ= -google.golang.org/genproto/googleapis/api v0.0.0-20240610135401-a8a62080eff3 h1:QW9+G6Fir4VcRXVH8x3LilNAb6cxBGLa6+GM4hRwexE= -google.golang.org/genproto/googleapis/api v0.0.0-20240610135401-a8a62080eff3/go.mod h1:kdrSS/OiLkPrNUpzD4aHgCq2rVuC/YRxok32HXZ4vRE= +google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4 h1:MuYw1wJzT+ZkybKfaOXKp5hJiZDn2iHaXRw0mRYdHSc= +google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4/go.mod h1:px9SlOOZBg1wM1zdnr8jEL4CNGUBZ+ZKYtNPApNQc4c= google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4 h1:Di6ANFilr+S60a4S61ZM00vLdw0IrQOSMS2/6mrnOU0= google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= From f1f61ffd51011c2060b281b802e1a6280785bab8 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 27 Jun 2024 10:34:30 +0200 Subject: [PATCH 118/380] deps: update ubuntu:22.04 Docker digest to 19478ce (#3187) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- 3rdparty/gcp-guest-agent/Dockerfile | 2 +- docs/screencasts/docker/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/3rdparty/gcp-guest-agent/Dockerfile b/3rdparty/gcp-guest-agent/Dockerfile index c3dbeb507..05ea53a02 100644 --- a/3rdparty/gcp-guest-agent/Dockerfile +++ b/3rdparty/gcp-guest-agent/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:22.04@sha256:a6d2b38300ce017add71440577d5b0a90460d0e57fd7aec21dd0d1b0761bbfb2 as build +FROM ubuntu:22.04@sha256:19478ce7fc2ffbce89df29fea5725a8d12e57de52eb9ea570890dc5852aac1ac as build # Install packages RUN apt-get update && apt-get install -y \ diff --git a/docs/screencasts/docker/Dockerfile b/docs/screencasts/docker/Dockerfile index da28a4d7a..c5e7c47a0 100644 --- a/docs/screencasts/docker/Dockerfile +++ b/docs/screencasts/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:22.04@sha256:a6d2b38300ce017add71440577d5b0a90460d0e57fd7aec21dd0d1b0761bbfb2 +FROM ubuntu:22.04@sha256:19478ce7fc2ffbce89df29fea5725a8d12e57de52eb9ea570890dc5852aac1ac # Install requirements RUN apt-get update && apt-get install -y software-properties-common &&\ From aa52777982fe90d477e4069c8e33b453853dbbf4 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 27 Jun 2024 11:42:37 +0200 Subject: [PATCH 119/380] deps: update dependency bazel to v7.2.1 (#3194) * deps: update dependency bazel to v7.2.1 * deps: tidy all modules --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci --- .bazelversion | 2 +- MODULE.bazel.lock | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.bazelversion b/.bazelversion index 0ee843cc6..b26a34e47 100644 --- a/.bazelversion +++ b/.bazelversion @@ -1 +1 @@ -7.2.0 +7.2.1 diff --git a/MODULE.bazel.lock b/MODULE.bazel.lock index b32dcbfbf..8043a284f 100644 --- a/MODULE.bazel.lock +++ b/MODULE.bazel.lock @@ -1860,7 +1860,7 @@ }, "@@rules_python~//python/extensions:pip.bzl%pip": { "os:linux,arch:amd64": { - "bzlTransitiveDigest": "K94lJ8XIBKrx5CVtVocGmJYIC6vW5wsPi7tQvtQqmaU=", + "bzlTransitiveDigest": "Qobw0mqix3Lyru/l40RZpc1OSUFNKKDU1svu1wF6aWQ=", "usagesDigest": "GjGeoW3Y1ie+feloBPcuU2ovSDtUFE43ddOvIqLCEtk=", "recordedFileInputs": { "@@rules_python~//tools/publish/requirements.txt": "8ced1e640eab3ee44298590e5ad88cd612f5bf96245af1981709f7a8884a982b" From ca8d11861d9192dc6c8ea6584b32675374bf4581 Mon Sep 17 00:00:00 2001 From: Moritz Eckert Date: Thu, 27 Jun 2024 16:47:23 +0200 Subject: [PATCH 120/380] docs: add policy troubleshooting tip (#3212) Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --- docs/docs/workflows/troubleshooting.md | 18 ++++++++++++++++++ .../version-2.16/workflows/troubleshooting.md | 18 ++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/docs/docs/workflows/troubleshooting.md b/docs/docs/workflows/troubleshooting.md index 3c952dddc..195bce1cc 100644 --- a/docs/docs/workflows/troubleshooting.md +++ b/docs/docs/workflows/troubleshooting.md @@ -40,6 +40,24 @@ Or alternatively, for `terminate`: ARM_SKIP_PROVIDER_REGISTRATION=true constellation terminate ``` +### Azure: Can't update attestation policy + +On Azure, you may receive the following error when running `apply` from within an Azure environment, e.g., an Azure VM: + +```shell-session +An error occurred: patching policies: updating attestation policy: unexpected status code: 403 Forbidden +``` + +The problem occurs because the Azure SDK we use internally attempts to [authenticate towards the Azure API with the managed identity of your current environment instead of the Azure CLI token](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#DefaultAzureCredential). + +We decided not to deviate from this behavior and comply with the ordering of credentials. + +A solution is to add the [required permissions](../getting-started/install.md#required-permissions) to the managed identity of your environment. For example, the managed identity of your Azure VM, instead of the account that you've authenticated with in the Azure CLI. + +If your setup requires a change in the ordering of credentials, please open an issue and explain your desired behavior. + + + ### Nodes fail to join with error `untrusted measurement value` This error indicates that a node's [attestation statement](../architecture/attestation.md) contains measurements that don't match the trusted values expected by the [JoinService](../architecture/microservices.md#joinservice). diff --git a/docs/versioned_docs/version-2.16/workflows/troubleshooting.md b/docs/versioned_docs/version-2.16/workflows/troubleshooting.md index 3c952dddc..195bce1cc 100644 --- a/docs/versioned_docs/version-2.16/workflows/troubleshooting.md +++ b/docs/versioned_docs/version-2.16/workflows/troubleshooting.md @@ -40,6 +40,24 @@ Or alternatively, for `terminate`: ARM_SKIP_PROVIDER_REGISTRATION=true constellation terminate ``` +### Azure: Can't update attestation policy + +On Azure, you may receive the following error when running `apply` from within an Azure environment, e.g., an Azure VM: + +```shell-session +An error occurred: patching policies: updating attestation policy: unexpected status code: 403 Forbidden +``` + +The problem occurs because the Azure SDK we use internally attempts to [authenticate towards the Azure API with the managed identity of your current environment instead of the Azure CLI token](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#DefaultAzureCredential). + +We decided not to deviate from this behavior and comply with the ordering of credentials. + +A solution is to add the [required permissions](../getting-started/install.md#required-permissions) to the managed identity of your environment. For example, the managed identity of your Azure VM, instead of the account that you've authenticated with in the Azure CLI. + +If your setup requires a change in the ordering of credentials, please open an issue and explain your desired behavior. + + + ### Nodes fail to join with error `untrusted measurement value` This error indicates that a node's [attestation statement](../architecture/attestation.md) contains measurements that don't match the trusted values expected by the [JoinService](../architecture/microservices.md#joinservice). From 3b64e654d132435574a7cfe7d46b6f3de42e001b Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Wed, 26 Jun 2024 11:49:15 +0200 Subject: [PATCH 121/380] debugd: use runc as podman runtime (#3205) --- .../debugd/logcollector/logcollector.go | 25 +++++++++++-------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/debugd/internal/debugd/logcollector/logcollector.go b/debugd/internal/debugd/logcollector/logcollector.go index 59964287d..20bd4dfac 100644 --- a/debugd/internal/debugd/logcollector/logcollector.go +++ b/debugd/internal/debugd/logcollector/logcollector.go @@ -130,7 +130,7 @@ func getTemplate(ctx context.Context, logger *slog.Logger, image, templateDir, d "--name=template", image, } - createContainerCmd := exec.CommandContext(ctx, "podman", createContainerArgs...) + createContainerCmd := podman(ctx, createContainerArgs...) logger.Info("Creating template container") if out, err := createContainerCmd.CombinedOutput(); err != nil { return nil, fmt.Errorf("creating template container: %w\n%s", err, out) @@ -145,7 +145,7 @@ func getTemplate(ctx context.Context, logger *slog.Logger, image, templateDir, d "template:/usr/share/constellogs/templates/", destDir, } - copyFromCmd := exec.CommandContext(ctx, "podman", copyFromArgs...) + copyFromCmd := podman(ctx, copyFromArgs...) logger.Info("Copying templates") if out, err := copyFromCmd.CombinedOutput(); err != nil { return nil, fmt.Errorf("copying templates: %w\n%s", err, out) @@ -155,7 +155,7 @@ func getTemplate(ctx context.Context, logger *slog.Logger, image, templateDir, d "rm", "template", } - removeContainerCmd := exec.CommandContext(ctx, "podman", removeContainerArgs...) + removeContainerCmd := podman(ctx, removeContainerArgs...) logger.Info("Removing template container") if out, err := removeContainerCmd.CombinedOutput(); err != nil { return nil, fmt.Errorf("removing template container: %w\n%s", err, out) @@ -176,7 +176,7 @@ func startPod(ctx context.Context, logger *slog.Logger) error { "create", "logcollection", } - createPodCmd := exec.CommandContext(ctx, "podman", createPodArgs...) + createPodCmd := podman(ctx, createPodArgs...) logger.Info(fmt.Sprintf("Create pod command: %v", createPodCmd.String())) if out, err := createPodCmd.CombinedOutput(); err != nil { return fmt.Errorf("failed to create pod: %w; output: %s", err, out) @@ -189,18 +189,18 @@ func startPod(ctx context.Context, logger *slog.Logger) error { "--rm", "--name=logstash", "--pod=logcollection", - "--log-driver=none", + "--log-driver=journald", "--volume=/run/logstash/pipeline:/usr/share/logstash/pipeline/:ro", versions.LogstashImage, } - runLogstashCmd := exec.CommandContext(ctx, "podman", runLogstashArgs...) + runLogstashCmd := podman(ctx, runLogstashArgs...) logger.Info(fmt.Sprintf("Run logstash command: %v", runLogstashCmd.String())) runLogstashCmd.Stdout = logstashLog runLogstashCmd.Stderr = logstashLog if err := runLogstashCmd.Start(); err != nil { return fmt.Errorf("failed to start logstash: %w", err) } - if out, err := exec.CommandContext(ctx, "podman", "wait", "logstash", "--condition=running", "--interval=15s").CombinedOutput(); err != nil { + if out, err := podman(ctx, "wait", "logstash", "--condition=running", "--interval=15s").CombinedOutput(); err != nil { logger.Error("Logstash container failed to reach healthy status", "err", err, "output", out) return fmt.Errorf("waiting for logstash container to reach healthy status: %w; output: %s", err, out) } @@ -213,7 +213,7 @@ func startPod(ctx context.Context, logger *slog.Logger) error { "--name=filebeat", "--pod=logcollection", "--privileged", - "--log-driver=none", + "--log-driver=journald", "--volume=/run/log/journal:/run/log/journal:ro", "--volume=/etc/machine-id:/etc/machine-id:ro", "--volume=/run/systemd:/run/systemd:ro", @@ -222,14 +222,14 @@ func startPod(ctx context.Context, logger *slog.Logger) error { "--volume=/run/filebeat/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro", versions.FilebeatImage, } - runFilebeatCmd := exec.CommandContext(ctx, "podman", runFilebeatArgs...) + runFilebeatCmd := podman(ctx, runFilebeatArgs...) logger.Info(fmt.Sprintf("Run filebeat command: %v", runFilebeatCmd.String())) runFilebeatCmd.Stdout = filebeatLog runFilebeatCmd.Stderr = filebeatLog if err := runFilebeatCmd.Start(); err != nil { return fmt.Errorf("failed to run filebeat: %w", err) } - if out, err := exec.CommandContext(ctx, "podman", "wait", "filebeat", "--condition=running", "--interval=15s").CombinedOutput(); err != nil { + if out, err := podman(ctx, "wait", "filebeat", "--condition=running", "--interval=15s").CombinedOutput(); err != nil { logger.Error("Filebeat container failed to reach healthy status", "err", err, "output", out) return fmt.Errorf("waiting for filebeat container to reach healthy status: %w; output: %s", err, out) } @@ -316,6 +316,11 @@ func (c *cmdLogger) Write(p []byte) (n int, err error) { return len(p), nil } +func podman(ctx context.Context, args ...string) *exec.Cmd { + args = append([]string{"--runtime=runc"}, args...) + return exec.CommandContext(ctx, "podman", args...) +} + type providerMetadata interface { // Self retrieves the current instance. Self(ctx context.Context) (metadata.InstanceMetadata, error) From 8aed4bb0fe45c884f356a430cde9b505514d39cd Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Thu, 27 Jun 2024 17:28:15 +0200 Subject: [PATCH 122/380] debugd: provide filebeat with systemd libs (#3205) --- debugd/filebeat/Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/debugd/filebeat/Dockerfile b/debugd/filebeat/Dockerfile index 635a76178..c4e7c6b1a 100644 --- a/debugd/filebeat/Dockerfile +++ b/debugd/filebeat/Dockerfile @@ -2,6 +2,8 @@ FROM fedora:40@sha256:5ce8497aeea599bf6b54ab3979133923d82aaa4f6ca5ced1812611b197 RUN dnf install -y https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-8.6.2-x86_64.rpm +RUN dnf install -y systemd-libs + COPY debugd/filebeat/templates/ /usr/share/constellogs/templates/ ENTRYPOINT ["/usr/share/filebeat/bin/filebeat", "-e", "--path.home", "/usr/share/filebeat", "--path.data", "/usr/share/filebeat/data"] From f3641fa106f31f72c0f971fdab525597295e1262 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 28 Jun 2024 06:45:49 +0200 Subject: [PATCH 123/380] deps: update dependency bazel_skylib to v1.7.1 (#3211) * deps: update dependency bazel_skylib to v1.7.1 * deps: tidy all modules --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci --- MODULE.bazel | 2 +- MODULE.bazel.lock | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/MODULE.bazel b/MODULE.bazel index 91ac0ed02..5ed772ece 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -1,7 +1,7 @@ module(name = "constellation") bazel_dep(name = "aspect_bazel_lib", version = "2.7.8") -bazel_dep(name = "bazel_skylib", version = "1.6.1") +bazel_dep(name = "bazel_skylib", version = "1.7.1") bazel_dep(name = "gazelle", version = "0.37.0") bazel_dep(name = "hermetic_cc_toolchain", version = "3.1.0") bazel_dep(name = "rules_cc", version = "0.0.9") diff --git a/MODULE.bazel.lock b/MODULE.bazel.lock index 8043a284f..aaff5a961 100644 --- a/MODULE.bazel.lock +++ b/MODULE.bazel.lock @@ -21,7 +21,8 @@ "https://bcr.bazel.build/modules/bazel_skylib/1.3.0/MODULE.bazel": "20228b92868bf5cfc41bda7afc8a8ba2a543201851de39d990ec957b513579c5", "https://bcr.bazel.build/modules/bazel_skylib/1.5.0/MODULE.bazel": "32880f5e2945ce6a03d1fbd588e9198c0a959bb42297b2cfaf1685b7bc32e138", "https://bcr.bazel.build/modules/bazel_skylib/1.6.1/MODULE.bazel": "8fdee2dbaace6c252131c00e1de4b165dc65af02ea278476187765e1a617b917", - "https://bcr.bazel.build/modules/bazel_skylib/1.6.1/source.json": "082ed5f9837901fada8c68c2f3ddc958bb22b6d654f71dd73f3df30d45d4b749", + "https://bcr.bazel.build/modules/bazel_skylib/1.7.1/MODULE.bazel": "3120d80c5861aa616222ec015332e5f8d3171e062e3e804a2a0253e1be26e59b", + "https://bcr.bazel.build/modules/bazel_skylib/1.7.1/source.json": "f121b43eeefc7c29efbd51b83d08631e2347297c95aac9764a701f2a6a2bb953", "https://bcr.bazel.build/modules/buildifier_prebuilt/6.4.0/MODULE.bazel": "37389c6b5a40c59410b4226d3bb54b08637f393d66e2fa57925c6fcf68e64bf4", "https://bcr.bazel.build/modules/buildifier_prebuilt/6.4.0/source.json": "83eb01b197ed0b392f797860c9da5ed1bf95f4d0ded994d694a3d44731275916", "https://bcr.bazel.build/modules/buildozer/7.1.2/MODULE.bazel": "2e8dd40ede9c454042645fd8d8d0cd1527966aa5c919de86661e62953cd73d84", From 9445a1af04be2b08cfcffd4cf1de60e73eb49f50 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Fri, 28 Jun 2024 08:18:14 +0200 Subject: [PATCH 124/380] image: update measurements and image version (#3213) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index d1797b0d1..f30248890 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x57, 0x62, 0x54, 0x4e, 0xc5, 0xf3, 0x54, 0x08, 0x2e, 0xaa, 0x1c, 0xa0, 0xdd, 0x4b, 0x24, 0xbd, 0x87, 0xd3, 0x99, 0x29, 0xf9, 0xab, 0x7b, 0x16, 0x76, 0x27, 0x66, 0xa9, 0x1a, 0xe7, 0x2a, 0x4e}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x95, 0x92, 0xce, 0xc4, 0x34, 0x35, 0x68, 0xbd, 0x19, 0xd7, 0xbd, 0xef, 0x2c, 0x89, 0x20, 0x68, 0xca, 0x58, 0x0c, 0x87, 0xaf, 0xf4, 0x9e, 0x46, 0x35, 0x6f, 0xba, 0xd8, 0x69, 0x4c, 0x18, 0x11}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x97, 0x69, 0xed, 0x6b, 0x72, 0x8b, 0xda, 0x97, 0x12, 0x1b, 0x6e, 0x06, 0x5f, 0x32, 0xfa, 0x46, 0x8f, 0x0e, 0x7f, 0xf6, 0xbb, 0x2d, 0x18, 0xfb, 0x3c, 0xd2, 0x82, 0x8e, 0x07, 0x3f, 0xb4, 0xcc}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xf6, 0xb7, 0xf0, 0x4f, 0xd6, 0x0a, 0x14, 0x2b, 0x2b, 0xe4, 0x65, 0xcc, 0x52, 0x78, 0xbb, 0xd9, 0xb6, 0xe7, 0xdb, 0x97, 0xa1, 0x4c, 0x47, 0x7d, 0xed, 0x93, 0x32, 0x27, 0xe9, 0xfe, 0x3e, 0x9e}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x7e, 0xda, 0xc0, 0xb6, 0x79, 0x2e, 0x6f, 0xbb, 0x0f, 0x1e, 0xaa, 0x69, 0xc2, 0x07, 0xa0, 0xbf, 0xba, 0xdd, 0x01, 0xf7, 0x99, 0x24, 0xf0, 0xf5, 0xd7, 0x74, 0x12, 0x18, 0x7d, 0x2d, 0x7d, 0xb4}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x35, 0xf3, 0x00, 0x78, 0xc0, 0xb9, 0xc7, 0x21, 0x75, 0x6a, 0x6e, 0x0c, 0xb0, 0x4f, 0xa3, 0x4b, 0x43, 0x58, 0x32, 0x83, 0x02, 0xee, 0xa0, 0x26, 0x4b, 0xd3, 0xb5, 0x83, 0xe0, 0xcd, 0x03, 0xff}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x76, 0x93, 0x97, 0x7e, 0x02, 0xe0, 0xb0, 0x38, 0xac, 0xc1, 0x9f, 0x32, 0xf7, 0x30, 0x52, 0x54, 0xd6, 0x7e, 0x0c, 0xda, 0x69, 0xd7, 0x11, 0xb4, 0x8e, 0x95, 0xe2, 0x68, 0xdb, 0x43, 0x4c, 0x6a}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x13, 0x80, 0x1e, 0x1b, 0xd1, 0x5c, 0x28, 0x86, 0x0e, 0x9c, 0x08, 0xee, 0x86, 0x7e, 0xa5, 0x3a, 0xfd, 0xaa, 0x67, 0xa8, 0x20, 0x6a, 0x16, 0x5b, 0x2c, 0x27, 0x44, 0x1d, 0x1f, 0x99, 0x16, 0x23}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x26, 0xc1, 0xf9, 0x1b, 0xe6, 0x32, 0x03, 0x9b, 0x7a, 0xe5, 0x0a, 0x31, 0xfb, 0xc3, 0x87, 0x5b, 0x43, 0x9c, 0x33, 0x89, 0xac, 0x44, 0x45, 0x52, 0xe7, 0x71, 0x44, 0x9d, 0x95, 0x15, 0x59, 0x1d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x36, 0xf5, 0x35, 0xe1, 0xff, 0x64, 0xfe, 0x3e, 0x8a, 0x49, 0x58, 0xd9, 0x21, 0x23, 0x6c, 0x88, 0x62, 0x11, 0x3d, 0x0c, 0xf8, 0x91, 0x0d, 0xbd, 0xe3, 0x66, 0x54, 0x13, 0xae, 0x92, 0x55, 0xa3}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x75, 0xb6, 0xb0, 0x4b, 0x5c, 0xd9, 0x47, 0x6c, 0xf5, 0x8c, 0x51, 0xc4, 0xbc, 0x74, 0x22, 0x5f, 0xd2, 0x86, 0x98, 0x17, 0x03, 0x5a, 0x51, 0x1b, 0x97, 0xbf, 0xff, 0x91, 0x77, 0xf9, 0x9c, 0xd2}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x75, 0xb6, 0x4b, 0x75, 0x55, 0xe2, 0xf2, 0x77, 0x97, 0xf3, 0xfc, 0x8e, 0x86, 0xf3, 0xf2, 0xb2, 0x3c, 0x22, 0xc6, 0xdc, 0xee, 0xe6, 0x9b, 0x02, 0x70, 0xaf, 0x55, 0xe6, 0x2a, 0xf9, 0x56, 0x0c}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x62, 0x8e, 0x11, 0x6b, 0x04, 0xef, 0x02, 0x7d, 0x85, 0x79, 0x67, 0xd0, 0xff, 0xdb, 0x19, 0xc1, 0xf5, 0xd9, 0xed, 0xed, 0xe8, 0x7e, 0x6e, 0x16, 0x2f, 0x87, 0x85, 0xd4, 0x5f, 0x25, 0x2a, 0x07}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xed, 0x28, 0xec, 0xc6, 0xdf, 0x4c, 0x25, 0x90, 0x57, 0x99, 0x45, 0x3b, 0x3f, 0x62, 0x41, 0x35, 0x13, 0x80, 0x3c, 0xc3, 0x75, 0xf9, 0x35, 0xbc, 0x74, 0x1c, 0xd1, 0xa1, 0x19, 0x92, 0xe4, 0x11}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf8, 0x2c, 0x02, 0xee, 0x30, 0x94, 0x0b, 0x0a, 0xd7, 0x9a, 0xf3, 0xaa, 0x53, 0xe5, 0x12, 0xa3, 0x8b, 0xa7, 0x94, 0x7d, 0x85, 0xa2, 0x08, 0xcd, 0xf4, 0xd2, 0x02, 0x13, 0x4b, 0x7a, 0x8b, 0xe6}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xf3, 0x8c, 0x77, 0xe3, 0x16, 0x0c, 0x3f, 0xc1, 0x46, 0xff, 0x53, 0x73, 0x1f, 0xe8, 0xd3, 0x6e, 0x85, 0xbd, 0x77, 0x30, 0x00, 0xaf, 0x8c, 0x1b, 0xa7, 0xac, 0x07, 0xfe, 0x60, 0xf8, 0xe5, 0x06}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x43, 0x2e, 0x83, 0x37, 0x10, 0x1d, 0x74, 0x0c, 0x13, 0xb3, 0xd4, 0x9f, 0xfc, 0xce, 0x19, 0x2d, 0x3c, 0xe4, 0xe1, 0xc2, 0x4e, 0x79, 0xdf, 0x39, 0x71, 0x2d, 0xb0, 0x6d, 0x28, 0x14, 0x93, 0xa2}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x3f, 0x22, 0x7a, 0x07, 0x0e, 0x8e, 0x61, 0x6d, 0x6e, 0xf7, 0x20, 0xf5, 0xf3, 0x61, 0xfa, 0x49, 0xd2, 0xa9, 0xcc, 0xc7, 0xa3, 0xd2, 0x18, 0x26, 0x5e, 0x33, 0x49, 0x55, 0xba, 0x78, 0xa4, 0xc7}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x13, 0x43, 0xb3, 0xae, 0xe6, 0xd0, 0x68, 0x7a, 0xeb, 0xe4, 0x1a, 0xc0, 0xfa, 0x3c, 0x52, 0xb2, 0xdd, 0xd4, 0xee, 0x71, 0xa7, 0xf9, 0x61, 0x52, 0x1c, 0xc7, 0x90, 0x89, 0xf0, 0x1a, 0x57, 0xbc}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xf6, 0xdd, 0x52, 0x4d, 0x8a, 0x24, 0xfc, 0xa9, 0x6a, 0x51, 0xda, 0x5f, 0x98, 0x6a, 0x38, 0x85, 0x0e, 0x3e, 0x18, 0x68, 0xf5, 0x5b, 0xfc, 0x93, 0x3e, 0x47, 0x4e, 0x19, 0xf6, 0xf3, 0x1d, 0x7f}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x5a, 0x94, 0x60, 0x98, 0x56, 0x50, 0xdb, 0x0b, 0x3e, 0xdc, 0x3a, 0xb2, 0xb5, 0x57, 0xf1, 0xbb, 0xad, 0xfd, 0xdf, 0x53, 0xc3, 0xa1, 0x97, 0x7b, 0x38, 0x67, 0xb6, 0x64, 0xd0, 0x58, 0xbd, 0xd9}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x6d, 0xb2, 0x05, 0x8b, 0x70, 0x3c, 0x00, 0x7c, 0x27, 0x5f, 0x8a, 0x53, 0x87, 0xe2, 0x9d, 0x10, 0x1b, 0x70, 0x2b, 0x99, 0x1f, 0xe1, 0x94, 0x3a, 0x7a, 0x45, 0x06, 0x50, 0xc8, 0x58, 0x2e, 0x19}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x33, 0x4b, 0xb2, 0xa4, 0x51, 0xc0, 0x7d, 0x7b, 0xe1, 0xf6, 0xa8, 0xeb, 0x2e, 0x3f, 0x13, 0xb3, 0x99, 0xa4, 0xff, 0x62, 0xfb, 0x67, 0xf6, 0x2b, 0x18, 0xbb, 0xb9, 0x5c, 0xd0, 0xbd, 0x14, 0x4c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xed, 0x37, 0x7d, 0xae, 0xd8, 0xca, 0x15, 0x4d, 0xc0, 0x41, 0x22, 0x30, 0x86, 0x2b, 0x26, 0x9f, 0x59, 0xca, 0xcf, 0x80, 0xe6, 0xa9, 0x31, 0xd8, 0xe1, 0xf9, 0xc8, 0x8e, 0x51, 0x04, 0x67, 0x20}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xc9, 0xa9, 0x2b, 0x7e, 0xff, 0x1a, 0xb0, 0xf2, 0x09, 0x18, 0x5e, 0x92, 0x4b, 0x8d, 0xe7, 0xe1, 0x27, 0x69, 0x9d, 0xec, 0xba, 0xe2, 0x6f, 0x6e, 0x5d, 0xac, 0x12, 0xea, 0x2c, 0x6f, 0x71, 0x48}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xce, 0x50, 0x33, 0x2a, 0x92, 0x56, 0xe9, 0xe6, 0xa5, 0x1d, 0xba, 0x3d, 0x62, 0xb5, 0x8f, 0x1c, 0x63, 0x56, 0xef, 0xad, 0x83, 0xe3, 0x65, 0x96, 0xa9, 0x6b, 0x05, 0x05, 0x66, 0x50, 0x35, 0xef}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xcf, 0x6e, 0x4e, 0x00, 0x98, 0x00, 0x8c, 0x4f, 0x25, 0x3f, 0x49, 0xa2, 0xcb, 0x45, 0x39, 0xcb, 0x48, 0x83, 0xcc, 0x3a, 0xb1, 0x91, 0x3f, 0xb0, 0x1e, 0x9d, 0xbc, 0xeb, 0xde, 0x6d, 0xb7, 0x66}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xd9, 0x55, 0x66, 0xd3, 0xa2, 0x77, 0xd5, 0x44, 0x76, 0x10, 0x4c, 0x79, 0x64, 0xa9, 0xb9, 0x8d, 0x60, 0x90, 0x2b, 0xc9, 0x54, 0x47, 0xb8, 0xf4, 0x43, 0x99, 0x49, 0xab, 0xfe, 0x24, 0xad, 0xc8}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xeb, 0xae, 0xd2, 0x4d, 0x8d, 0x95, 0x21, 0x94, 0xf9, 0xe0, 0xe2, 0x2e, 0xb7, 0xfc, 0x5e, 0xce, 0xc0, 0x92, 0x0c, 0xa5, 0x0d, 0x78, 0x11, 0xfb, 0xb8, 0x27, 0x3a, 0x58, 0x85, 0xa9, 0x13, 0xbc}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x81, 0xa2, 0x5d, 0x11, 0x6b, 0x66, 0xd8, 0x92, 0x67, 0x8c, 0x13, 0x65, 0x09, 0xdf, 0xf0, 0xa0, 0x8f, 0xc4, 0xed, 0x2f, 0x6c, 0x02, 0xc7, 0x71, 0xdf, 0x0b, 0xed, 0xa8, 0xf8, 0x54, 0xaa, 0xf5}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0xa6, 0x67, 0x86, 0x53, 0xef, 0xb9, 0xb8, 0x3b, 0x85, 0xa0, 0x9f, 0xfc, 0xc9, 0xdf, 0x3c, 0xd5, 0xa3, 0x09, 0xb8, 0x1e, 0x06, 0xec, 0xb2, 0x2d, 0xf4, 0x5b, 0x0e, 0x7b, 0x85, 0xdc, 0x54, 0x82}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x19, 0xc3, 0x83, 0x75, 0x26, 0xd4, 0x17, 0xb9, 0x4a, 0x8a, 0x8f, 0xac, 0x4f, 0xfa, 0x73, 0x25, 0xbe, 0xc6, 0xd3, 0x19, 0x92, 0x90, 0x81, 0xc7, 0x37, 0xdb, 0xcb, 0xcd, 0x7e, 0x7f, 0x98, 0x39}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x36, 0x2e, 0x04, 0xed, 0x63, 0x40, 0x8a, 0xb0, 0x07, 0x18, 0x14, 0xb3, 0x43, 0xdc, 0x8d, 0xb6, 0x98, 0x4b, 0xc5, 0x60, 0x0d, 0x2f, 0xad, 0xb0, 0x70, 0xa7, 0x70, 0xf1, 0xd3, 0xde, 0xc6, 0xcd}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xfb, 0x8e, 0x26, 0xf2, 0x84, 0xcc, 0x1a, 0x31, 0xc7, 0x20, 0xae, 0xb5, 0xeb, 0x6f, 0x43, 0x88, 0x02, 0xa2, 0x54, 0x3c, 0x82, 0xdd, 0x7f, 0xca, 0x9b, 0xd9, 0x71, 0xd4, 0xa5, 0xc5, 0x4e, 0x5e}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x95, 0x1e, 0x99, 0x23, 0xdc, 0x71, 0x28, 0xca, 0x43, 0xef, 0xf7, 0xde, 0xe6, 0x69, 0xa7, 0x36, 0x6c, 0xe0, 0x8b, 0xef, 0x1d, 0x4f, 0x80, 0xb6, 0xfd, 0xb4, 0xae, 0x3a, 0x0f, 0x73, 0xf3, 0x65}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x63, 0xb9, 0xef, 0xf3, 0x1e, 0x41, 0x59, 0x2a, 0xd2, 0x7a, 0x7c, 0xaf, 0xad, 0x4a, 0xca, 0x00, 0xb5, 0x6f, 0xec, 0x26, 0x94, 0x4b, 0x7e, 0x6a, 0x53, 0xe7, 0x6b, 0xf0, 0x90, 0xee, 0xbd, 0x41}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xf4, 0xd3, 0x3b, 0x89, 0x0e, 0x5b, 0x37, 0xa0, 0x73, 0xeb, 0xc9, 0x9d, 0x30, 0xb7, 0xba, 0x59, 0x96, 0x06, 0x60, 0x13, 0x40, 0xd9, 0x48, 0xff, 0x0d, 0x0f, 0x0a, 0x70, 0x4b, 0x2e, 0x27, 0xd2}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x29, 0xac, 0x09, 0x04, 0x8c, 0xf3, 0x38, 0x90, 0xae, 0xd9, 0x56, 0x70, 0x73, 0x89, 0x48, 0xb8, 0x43, 0xea, 0xf6, 0xeb, 0x0a, 0x03, 0x80, 0xd3, 0xa7, 0x0d, 0xf6, 0x41, 0x6f, 0x8b, 0xc3, 0xd8}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xfb, 0x71, 0xa2, 0xa1, 0x24, 0x87, 0x0c, 0x78, 0xf6, 0x35, 0xf0, 0x6f, 0x7c, 0x83, 0x4b, 0xb5, 0xdb, 0x9b, 0xe9, 0x3b, 0x5f, 0xcb, 0x22, 0xe9, 0x48, 0xd3, 0xea, 0x0c, 0x07, 0x16, 0xc2, 0x72}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0x25, 0x4e, 0x47, 0x99, 0x2f, 0x3b, 0xb7, 0x5f, 0x00, 0x77, 0xe7, 0x63, 0xee, 0x22, 0x27, 0x97, 0x8c, 0xc8, 0xa3, 0x1b, 0x84, 0xa5, 0xa6, 0x1d, 0xc1, 0x75, 0x2d, 0x6e, 0xd6, 0x1a, 0xa1, 0xa7}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x26, 0x04, 0xb5, 0x75, 0x78, 0x9c, 0x96, 0x74, 0x82, 0xf2, 0xbc, 0x74, 0x54, 0xe6, 0xef, 0xf9, 0x54, 0x2b, 0xce, 0xd6, 0x9d, 0xa6, 0xb3, 0x53, 0x6d, 0x13, 0x44, 0xe4, 0x9b, 0x20, 0x42, 0x4f}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x4e, 0x28, 0x6a, 0x4c, 0x7f, 0x20, 0x0a, 0xaf, 0xf6, 0x98, 0x1d, 0x1c, 0xe2, 0xb9, 0xa5, 0xbe, 0xac, 0x19, 0xef, 0xb5, 0xeb, 0x44, 0xe3, 0x08, 0xe2, 0xd3, 0xf1, 0xf8, 0x0e, 0x4a, 0xff, 0xb9}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0xde, 0xb8, 0x39, 0x67, 0xd7, 0xac, 0x14, 0xf1, 0xce, 0xb0, 0xcc, 0xdb, 0x8a, 0x61, 0xf6, 0x1e, 0x03, 0x5b, 0x1c, 0xe5, 0x65, 0x61, 0xc4, 0xa5, 0x6c, 0xd6, 0x66, 0x43, 0x89, 0xb7, 0xe1, 0xb4}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x76, 0xe2, 0x10, 0x2f, 0xaf, 0xe6, 0x7e, 0xba, 0x1a, 0x3b, 0xa0, 0x39, 0xe8, 0x04, 0x55, 0x0d, 0xbc, 0x00, 0xb8, 0xd7, 0x3b, 0x8b, 0xcc, 0x20, 0xe9, 0x2b, 0x54, 0x4b, 0x80, 0xce, 0xa2, 0x0b}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x2a, 0xd2, 0x94, 0x2c, 0x77, 0xe1, 0xdf, 0x34, 0x5e, 0x25, 0x55, 0xdf, 0x63, 0x52, 0x32, 0xa6, 0x23, 0x41, 0x35, 0xde, 0x78, 0x89, 0x3e, 0x59, 0x72, 0x19, 0x7c, 0x3c, 0xee, 0x4d, 0x58, 0x84}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0x45, 0xf8, 0xb2, 0x42, 0x61, 0x41, 0xa1, 0xe5, 0x23, 0xae, 0xe1, 0x36, 0x3e, 0xe8, 0xfe, 0x01, 0x2e, 0x0f, 0x90, 0xd3, 0x2f, 0xa6, 0xa2, 0xa3, 0x09, 0xe4, 0x7e, 0x5e, 0xd5, 0xea, 0xa9, 0x7b}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd9, 0x34, 0x42, 0xae, 0xa5, 0xcf, 0xd7, 0xa9, 0xf4, 0x54, 0x45, 0xd1, 0x24, 0x92, 0x97, 0x2d, 0x3b, 0x58, 0xbb, 0x98, 0x0f, 0x1d, 0xa8, 0xb6, 0xbc, 0xba, 0x65, 0xd4, 0xb0, 0x7d, 0xe0, 0xc5}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x0d, 0x36, 0xec, 0x7d, 0xa6, 0xcd, 0xf6, 0x1a, 0x50, 0x05, 0x89, 0xa3, 0x92, 0xbd, 0xc3, 0x3d, 0x68, 0x7e, 0xf0, 0x9f, 0x73, 0xa1, 0xc0, 0xdd, 0xed, 0xe0, 0x82, 0x4d, 0xec, 0x97, 0x85, 0x37}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index d1016bc95..259f2740f 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.17.0-pre.0.20240625142312-27946c6f2cde" + defaultImage = "ref/main/stream/nightly/v2.17.0-pre.0.20240627193502-8aed4bb0fe45" ) From 782752080f403864d7f378f4f4785b67d19849d7 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 28 Jun 2024 08:34:08 +0200 Subject: [PATCH 125/380] deps: update Constellation containers to v2.17.0-pre.0.20240627193502-8aed4bb0fe45 (#3214) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- internal/versions/versions.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/internal/versions/versions.go b/internal/versions/versions.go index ea3166ee8..e2e9dd8fb 100644 --- a/internal/versions/versions.go +++ b/internal/versions/versions.go @@ -173,11 +173,11 @@ const ( // NodeMaintenanceOperatorImage is the image for the node maintenance operator. NodeMaintenanceOperatorImage = "quay.io/medik8s/node-maintenance-operator:v0.15.0@sha256:8cb8dad93283268282c30e75c68f4bd76b28def4b68b563d2f9db9c74225d634" // renovate:container // LogstashImage is the container image of logstash, used for log collection by debugd. - LogstashImage = "ghcr.io/edgelesssys/constellation/logstash-debugd:v2.17.0-pre.0.20240619151941-9cd11842442d@sha256:02b861f789651e754a0e434d036be7d18ba897dac0443b6ce6f4d2bb88f50ba8" // renovate:container + LogstashImage = "ghcr.io/edgelesssys/constellation/logstash-debugd:v2.17.0-pre.0.20240627193502-8aed4bb0fe45@sha256:d6c5a06049e5c1b9d7ba4b83367fa0c06ba2d1b65e1d299f3e00f465f310642b" // renovate:container // FilebeatImage is the container image of filebeat, used for log collection by debugd. - FilebeatImage = "ghcr.io/edgelesssys/constellation/filebeat-debugd:v2.17.0-pre.0.20240619151941-9cd11842442d@sha256:645ade2ad4eecf7ff4f4624ff1d7ba5e0951617575c62175b8e55a9d09fb19cd" // renovate:container + FilebeatImage = "ghcr.io/edgelesssys/constellation/filebeat-debugd:v2.17.0-pre.0.20240627193502-8aed4bb0fe45@sha256:606adccf544a15e6b9ae9e11eec707668660bc1af346ff72559404e36da5baa2" // renovate:container // MetricbeatImage is the container image of filebeat, used for log collection by debugd. - MetricbeatImage = "ghcr.io/edgelesssys/constellation/metricbeat-debugd:v2.17.0-pre.0.20240619151941-9cd11842442d@sha256:19314db207b3a07be74000e50058cb4d24388c00c0b20d43f5d9fec0be5aad93" // renovate:container + MetricbeatImage = "ghcr.io/edgelesssys/constellation/metricbeat-debugd:v2.17.0-pre.0.20240627193502-8aed4bb0fe45@sha256:690b9d36cc334a7f83b58ca905169bb9f1c955b7a436c0044a07f4ce15a90594" // renovate:container // currently supported versions. //nolint:revive From ab94456455a0ac2b1b86b861d4fc54ca692b7911 Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Fri, 28 Jun 2024 14:56:46 +0200 Subject: [PATCH 126/380] debugd: daemonize logstash containers (#3216) * debugd: daemonize logstash containers * fixup! debugd: daemonize logstash containers remove in-process logging --- .../debugd/logcollector/logcollector.go | 32 +++++-------------- 1 file changed, 8 insertions(+), 24 deletions(-) diff --git a/debugd/internal/debugd/logcollector/logcollector.go b/debugd/internal/debugd/logcollector/logcollector.go index 20bd4dfac..152a79894 100644 --- a/debugd/internal/debugd/logcollector/logcollector.go +++ b/debugd/internal/debugd/logcollector/logcollector.go @@ -11,7 +11,6 @@ package logcollector import ( "context" "fmt" - "io" "log/slog" "os" "os/exec" @@ -183,10 +182,10 @@ func startPod(ctx context.Context, logger *slog.Logger) error { } // start logstash container - logstashLog := newCmdLogger(logger.WithGroup("logstash")) runLogstashArgs := []string{ "run", - "--rm", + "-d", + "--restart=unless-stopped", "--name=logstash", "--pod=logcollection", "--log-driver=journald", @@ -195,9 +194,8 @@ func startPod(ctx context.Context, logger *slog.Logger) error { } runLogstashCmd := podman(ctx, runLogstashArgs...) logger.Info(fmt.Sprintf("Run logstash command: %v", runLogstashCmd.String())) - runLogstashCmd.Stdout = logstashLog - runLogstashCmd.Stderr = logstashLog - if err := runLogstashCmd.Start(); err != nil { + if out, err := runLogstashCmd.CombinedOutput(); err != nil { + logger.Error("Could not start logstash container", "err", err, "output", out) return fmt.Errorf("failed to start logstash: %w", err) } if out, err := podman(ctx, "wait", "logstash", "--condition=running", "--interval=15s").CombinedOutput(); err != nil { @@ -206,10 +204,10 @@ func startPod(ctx context.Context, logger *slog.Logger) error { } // start filebeat container - filebeatLog := newCmdLogger(logger.WithGroup("filebeat")) runFilebeatArgs := []string{ "run", - "--rm", + "-d", + "--restart=unless-stopped", "--name=filebeat", "--pod=logcollection", "--privileged", @@ -224,9 +222,8 @@ func startPod(ctx context.Context, logger *slog.Logger) error { } runFilebeatCmd := podman(ctx, runFilebeatArgs...) logger.Info(fmt.Sprintf("Run filebeat command: %v", runFilebeatCmd.String())) - runFilebeatCmd.Stdout = filebeatLog - runFilebeatCmd.Stderr = filebeatLog - if err := runFilebeatCmd.Start(); err != nil { + if out, err := runFilebeatCmd.CombinedOutput(); err != nil { + logger.Error("Could not start filebeat container", "err", err, "output", out) return fmt.Errorf("failed to run filebeat: %w", err) } if out, err := podman(ctx, "wait", "filebeat", "--condition=running", "--interval=15s").CombinedOutput(); err != nil { @@ -303,19 +300,6 @@ func setCloudMetadata(ctx context.Context, m map[string]string, provider cloudpr } } -func newCmdLogger(logger *slog.Logger) io.Writer { - return &cmdLogger{logger: logger} -} - -type cmdLogger struct { - logger *slog.Logger -} - -func (c *cmdLogger) Write(p []byte) (n int, err error) { - c.logger.Info(string(p)) - return len(p), nil -} - func podman(ctx context.Context, args ...string) *exec.Cmd { args = append([]string{"--runtime=runc"}, args...) return exec.CommandContext(ctx, "podman", args...) From ca47f3fa028468a70e4f06d8e9043344fedd27eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Fri, 28 Jun 2024 16:15:11 +0200 Subject: [PATCH 127/380] renovate: allow major version upgrades of GitHub action dependencies (#3217) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- renovate.json5 | 1 + 1 file changed, 1 insertion(+) diff --git a/renovate.json5 b/renovate.json5 index 5dd623063..98c0cba36 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -89,6 +89,7 @@ "matchManagers": ["github-actions"], "groupName": "GitHub action dependencies", "matchUpdateTypes": [ + "major", "minor", "patch", "pin", From c004e0610d8a1ff33d15835c6579e3786473cb69 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Mon, 1 Jul 2024 08:55:54 +0200 Subject: [PATCH 128/380] image: update locked rpms (#3218) Co-authored-by: edgelessci --- image/mirror/SHA256SUMS | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/image/mirror/SHA256SUMS b/image/mirror/SHA256SUMS index 6b950fa9f..406c47750 100644 --- a/image/mirror/SHA256SUMS +++ b/image/mirror/SHA256SUMS @@ -153,10 +153,10 @@ c8b9967345ed0393c17101b970bb86258380494d99edf07787bc32ee4de96a7b libfdisk-2.40. 2481691bd2ee6aab48b1a0306357337007b2b0af082e4fdef47dcc5a8a8357be libfdisk-2.40.1-1.fc40.x86_64.rpm 25caa7ee56f6013369c2fac26afd3035a7d580af0b919621ba8d495d13a5af86 libffi-3.4.4-7.fc40.x86_64.rpm f9c5369b6d168a2b8e46159bc41ef0755ee1a8d12f4c6766fdfe23e827cf5cdf libfido2-1.14.0-4.fc40.x86_64.rpm -70c2dfc6e940f568498863f388927b4d6293325a0170837676f107f8e4eacfae libgcc-14.1.1-5.fc40.i686.rpm -b46e8f4b4ada4bc652efaa6d6a38478a4415f0e590168470be27138821755d38 libgcc-14.1.1-5.fc40.x86_64.rpm +77ab37f70a091d9044948502336a5726c9d3c805a2978111b0d257bbc91c6f16 libgcc-14.1.1-6.fc40.i686.rpm +1c2efdca4306aa86ce302f82944dcd2713af8d3525f0b9ea8dfd518da1ddde41 libgcc-14.1.1-6.fc40.x86_64.rpm 10c4c12c6539ffea68974cd9b57013d471ac35fe3bef4833c0a22f6b29fbf489 libgcrypt-1.10.3-3.fc40.x86_64.rpm -1b48152b2556b54e896e8f373d499e743dd068023b8bc92835c75301674750f0 libgomp-14.1.1-5.fc40.x86_64.rpm +880876afaa03207423e68bd973f594682529ef0e8ce50c3d62799da89becc7b0 libgomp-14.1.1-6.fc40.x86_64.rpm 8d0a9840e06e72ccf756fa5a79c49f572dc827b0c75ea5a1f923235150d27ae2 libgpg-error-1.49-1.fc40.x86_64.rpm 677a67726c759c94faa94475185e46d028f171c9215390ac601ccd914188afb2 libidn2-2.3.7-1.fc40.i686.rpm 2fd2038b4a94eeede34e46ed0e035e619f77d0e412c70cf4e9bb836957e8f31b libidn2-2.3.7-1.fc40.x86_64.rpm @@ -198,7 +198,7 @@ d5e6fc8b4595cccae415bc18b971ea4a4ed64c816e45de5d3f588b78ecf12708 libsepol-3.6-3 302124d98a491472ec0982b89afbf576922d6921a89dda479d354e6582566f0e libsmartcols-2.40.1-1.fc40.x86_64.rpm 45d032fb4d59ee0f6a921dd1f0addfcdd38fc46917243fdd6248194ffddb9067 libsodium-1.0.20-1.fc40.x86_64.rpm c8bbfa2762cc601f8a97d8d5a39a658f0e91ba477ebebd798b30f7fc8ffdd457 libss-1.47.0-5.fc40.x86_64.rpm -b66ef7d6e8a08a3c19b4c76ffd8dc5256cb22414ed2fadce0b4249d2eed2212a libstdc++-14.1.1-5.fc40.x86_64.rpm +4604584a5a5e48353951a309f54a6b41f2320b1f34122f9eb3e521e664a8c71b libstdc++-14.1.1-6.fc40.x86_64.rpm d92173d6fbfb7e2af3b35a8554229e247666e15dc5b36cba43b7bbfc4144b781 libtasn1-4.19.0-6.fc40.x86_64.rpm adc082c8d4af5cc81a9de428c39de59717177109aedb4b15888a8ca9d51167ab libtirpc-1.3.4-1.rc3.fc40.x86_64.rpm e5d150d23f95e4a23288b84145af442607a88bf457c0e04b325b1d1e8e708c2b libtool-ltdl-2.4.7-10.fc40.x86_64.rpm @@ -250,8 +250,8 @@ eba1bd09317cc1f1f80e722e9a545dd404e1fad444045438f254e99cab4f1ed6 openssl-libs-3 5981cdaf35f2ea96236eaccf1ce476379e51e5883ce57343a7727626e9fd9da3 pam-libs-1.6.1-3.fc40.i686.rpm fb85b93438336461a0b2b878158e552d30b6fb663404475eb0a050b35fd5d35f pam-libs-1.6.1-3.fc40.x86_64.rpm 9bbce784622e02af0371ced8e9a7d26adba7eabd66ecfcb8bbe2d24cf616e3c1 parted-3.6-4.fc40.x86_64.rpm -8cba24e2ba3ff88a383542f81308c79388b7a36a42d4db404a7a475f68c311f1 passt-0^20240607.g8a83b53-1.fc40.x86_64.rpm -10e31535e7069a038b931d48af71430f2b721f5e19610cbb6be5560a91d6fcce passt-selinux-0^20240607.g8a83b53-1.fc40.noarch.rpm +1ea1726576a274d8b6774e3d0aae25b0ce798ea87506414ad8b8c969de418642 passt-0^20240624.g1ee2eca-1.fc40.x86_64.rpm +9043472a87ec3461040e91268f95fd4570c373b3f49c5595f581014f791ad450 passt-selinux-0^20240624.g1ee2eca-1.fc40.noarch.rpm 757dc11e76123116a505879b5b00dbb1f132b25578f738979220397965d7fa38 pcre2-10.42-2.fc40.2.i686.rpm 8d36bcee4d3e39d5b8162ab8de347bb0f7d7b260a6b6c76bc4b577c5bff6ba5e pcre2-10.42-2.fc40.2.x86_64.rpm f2042a010126c04faea45cea4b62f8443e73f4a0a218858092e0fcf5ca7967fa pcre2-syntax-10.42-2.fc40.2.noarch.rpm @@ -307,8 +307,8 @@ d400a4e4440bea56566fb1e9582d86d1ac2e07745d37fa6e71f43a8fea05217c rpm-plugin-sel 63af9d11e956f54577a54460afda4377d78fdb9e265b1eae3f0f7a6f94f70146 runc-1.1.12-3.fc40.x86_64.rpm 3b940ff1f16fdb3ddcc19d7d76241c9b81d81099ff5147c4c9967d2c4ca6fb5b sbsigntools-0.9.5-3.fc40.x86_64.rpm 6a21b2c132a54fd6d9acb846d0a96289ab739b745cdc4c2b31bdbf6b2434a1a7 sed-4.9-1.fc40.x86_64.rpm -bf0464a5b04d278d5fc13050636fba3b4fee3fad60cee06b65db86d285ab0222 selinux-policy-40.22-1.fc40.noarch.rpm -d1832cbe051d0582764af725c00a6a133d00d17b4f5d53a4bd78c724ac3af051 selinux-policy-targeted-40.22-1.fc40.noarch.rpm +0935cbc6dd3f49000b4e00350b50ee442ea0bc1556f1a43e748788d555f4078d selinux-policy-40.23-1.fc40.noarch.rpm +1cd030a103d3453344bd1dd7590aba7952f74dc9196fc604f412078b7af991a2 selinux-policy-targeted-40.23-1.fc40.noarch.rpm 89862f646cd64e81497f01a8b69ab30ac8968c47afef92a2c333608fdb90ccc1 setup-2.14.5-2.fc40.noarch.rpm 95a0cce33e56359aa09507abfed062fb47a554307b0a029e6d2f076b813ae8d2 shadow-utils-4.15.1-3.fc40.x86_64.rpm 0c1072b40e5fe451e7d2bc1a7530e743303591c3d26bce0ac2e09ff05b50ae26 shadow-utils-subid-4.15.1-3.fc40.x86_64.rpm From c7e8dfd1e877153634bb5a5e373c272a91f9dc2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Mon, 1 Jul 2024 16:13:36 +0200 Subject: [PATCH 129/380] deps: remove dependency on helm/v2 (#3219) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- MODULE.bazel | 1 - go.mod | 1 - go.sum | 2 -- internal/constellation/helm/BUILD.bazel | 2 +- internal/constellation/helm/loader.go | 2 +- 5 files changed, 2 insertions(+), 6 deletions(-) diff --git a/MODULE.bazel b/MODULE.bazel index 5ed772ece..5915ea1f3 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -139,7 +139,6 @@ use_repo( "org_golang_x_vuln", "org_libvirt_go_libvirt", "org_uber_go_goleak", - "sh_helm_helm", "sh_helm_helm_v3", ) diff --git a/go.mod b/go.mod index 576d4febd..a526bb547 100644 --- a/go.mod +++ b/go.mod @@ -124,7 +124,6 @@ require ( google.golang.org/grpc v1.64.0 google.golang.org/protobuf v1.34.2 gopkg.in/yaml.v3 v3.0.1 - helm.sh/helm v2.17.0+incompatible helm.sh/helm/v3 v3.15.2 k8s.io/api v0.30.2 k8s.io/apiextensions-apiserver v0.30.2 diff --git a/go.sum b/go.sum index cdc111c70..bf0751860 100644 --- a/go.sum +++ b/go.sum @@ -1072,8 +1072,6 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o= gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= -helm.sh/helm v2.17.0+incompatible h1:cSe3FaQOpRWLDXvTObQNj0P7WI98IG5yloU6tQVls2k= -helm.sh/helm v2.17.0+incompatible/go.mod h1:0Xbc6ErzwWH9qC55X1+hE3ZwhM3atbhCm/NbFZw5i+4= helm.sh/helm/v3 v3.15.2 h1:/3XINUFinJOBjQplGnjw92eLGpgXXp1L8chWPkCkDuw= helm.sh/helm/v3 v3.15.2/go.mod h1:FzSIP8jDQaa6WAVg9F+OkKz7J0ZmAga4MABtTbsb9WQ= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/internal/constellation/helm/BUILD.bazel b/internal/constellation/helm/BUILD.bazel index c02eb53f0..8ab09ef41 100644 --- a/internal/constellation/helm/BUILD.bazel +++ b/internal/constellation/helm/BUILD.bazel @@ -492,11 +492,11 @@ go_library( "@io_k8s_client_go//restmapper", "@io_k8s_client_go//tools/clientcmd", "@io_k8s_client_go//util/retry", - "@sh_helm_helm//pkg/ignore", "@sh_helm_helm_v3//pkg/action", "@sh_helm_helm_v3//pkg/chart", "@sh_helm_helm_v3//pkg/chart/loader", "@sh_helm_helm_v3//pkg/chartutil", + "@sh_helm_helm_v3//pkg/ignore", "@sh_helm_helm_v3//pkg/release", ], ) diff --git a/internal/constellation/helm/loader.go b/internal/constellation/helm/loader.go index c9badd4cc..09b83cd68 100644 --- a/internal/constellation/helm/loader.go +++ b/internal/constellation/helm/loader.go @@ -15,9 +15,9 @@ import ( "strings" "github.com/pkg/errors" - "helm.sh/helm/pkg/ignore" "helm.sh/helm/v3/pkg/chart" "helm.sh/helm/v3/pkg/chart/loader" + "helm.sh/helm/v3/pkg/ignore" "github.com/edgelesssys/constellation/v2/internal/attestation/variant" "github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider" From c7027d9ddff5e9d99f134a9840251226dcc2fbde Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Mon, 1 Jul 2024 16:23:53 +0200 Subject: [PATCH 130/380] ci: add missing permissions in release workflow (#3220) Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --- .github/workflows/release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0b85693a3..aed98479e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -278,6 +278,7 @@ jobs: packages: write id-token: write contents: read + actions: write secrets: inherit with: ref: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }} From 7945778d67f3d1e862a6ab53331f27651f577331 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Mon, 1 Jul 2024 17:24:44 +0200 Subject: [PATCH 131/380] ci: fix directory deletion (#3222) --- .github/actions/upload_terraform_module/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/upload_terraform_module/action.yml b/.github/actions/upload_terraform_module/action.yml index bab20a0e0..80e504cc5 100644 --- a/.github/actions/upload_terraform_module/action.yml +++ b/.github/actions/upload_terraform_module/action.yml @@ -23,4 +23,4 @@ runs: - name: Cleanup Terraform module dir shell: bash run: | - rm -f terraform-module terraform-module.zip + rm -rf terraform-module terraform-module.zip From c48995f2498bfe987076781e3bee722fb56e1f52 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Tue, 2 Jul 2024 09:12:46 +0200 Subject: [PATCH 132/380] ci: only commit measurements if changes are present (#3223) Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --- .github/workflows/release.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index aed98479e..9f0002f0f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -250,8 +250,12 @@ jobs: run: | git config --global user.name "edgelessci" git config --global user.email "edgelessci@users.noreply.github.com" - git commit -m "attestation: hardcode measurements for ${VERSION}" - git push + if git diff-index --quiet HEAD --; then + echo "No changes to commit" + else + git commit -m "attestation: hardcode measurements for ${VERSION}" + git push + fi draft-release: name: Draft release (CLI) From 9c3cb08f92b3bc8312d67f7fbeb449b3eb704be6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Wed, 3 Jul 2024 09:49:37 +0200 Subject: [PATCH 133/380] deps: bump Go version to v1.22.5 (#3225) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- .github/workflows/build-ccm-gcp.yml | 2 +- .github/workflows/build-os-image-scheduled.yml | 2 +- .github/workflows/codeql.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/test-operator-codegen.yml | 2 +- MODULE.bazel | 2 +- dev-docs/workflows/bump-go-version.md | 2 ++ go.mod | 2 +- go.work | 4 ++-- 9 files changed, 11 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build-ccm-gcp.yml b/.github/workflows/build-ccm-gcp.yml index 4098fd9ca..3a4082539 100644 --- a/.github/workflows/build-ccm-gcp.yml +++ b/.github/workflows/build-ccm-gcp.yml @@ -31,7 +31,7 @@ jobs: - name: Setup Go environment uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: - go-version: "1.22.4" + go-version: "1.22.5" cache: false - name: Install Crane diff --git a/.github/workflows/build-os-image-scheduled.yml b/.github/workflows/build-os-image-scheduled.yml index 79f158b15..10f8c2024 100644 --- a/.github/workflows/build-os-image-scheduled.yml +++ b/.github/workflows/build-os-image-scheduled.yml @@ -70,7 +70,7 @@ jobs: - name: Setup Go environment uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: - go-version: "1.22.4" + go-version: "1.22.5" cache: false - name: Determine version diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b3510e552..3f213f094 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -40,7 +40,7 @@ jobs: if: matrix.language == 'go' uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: - go-version: "1.22.4" + go-version: "1.22.5" cache: false - name: Initialize CodeQL diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9f0002f0f..97692c8bd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -233,7 +233,7 @@ jobs: - name: Setup Go environment uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: - go-version: "1.22.4" + go-version: "1.22.5" cache: true - name: Build generateMeasurements tool diff --git a/.github/workflows/test-operator-codegen.yml b/.github/workflows/test-operator-codegen.yml index 5ba9313a4..0db02b5fc 100644 --- a/.github/workflows/test-operator-codegen.yml +++ b/.github/workflows/test-operator-codegen.yml @@ -28,7 +28,7 @@ jobs: - name: Setup Go environment uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: - go-version: "1.22.4" + go-version: "1.22.5" cache: true - name: Run code generation diff --git a/MODULE.bazel b/MODULE.bazel index 5915ea1f3..2c8f02e1a 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -16,7 +16,7 @@ go_sdk = use_extension("@io_bazel_rules_go//go:extensions.bzl", "go_sdk") go_sdk.download( name = "go_sdk", patches = ["//3rdparty/bazel/org_golang:go_tls_max_handshake_size.patch"], - version = "1.22.4", + version = "1.22.5", ) # the use_repo rule needs to list all top-level go dependencies diff --git a/dev-docs/workflows/bump-go-version.md b/dev-docs/workflows/bump-go-version.md index d0e259700..09b3fad81 100644 --- a/dev-docs/workflows/bump-go-version.md +++ b/dev-docs/workflows/bump-go-version.md @@ -24,6 +24,8 @@ You can use the following command to find replace all instances of `go-version: OLD_VERSION="1.xx.x" NEW_VERSION="1.xx.y" find .github -type f -exec sed -i "s/go-version: \"${OLD_VERSION}\"/go-version: \"${NEW_VERSION}\"/g" {} \; +sed -i "s/go ${OLD_VERSION}/go ${NEW_VERSION}/g" go.mod +sed -i "s/${OLD_VERSION}/${NEW_VERSION}/g" go.work ``` Or manually: diff --git a/go.mod b/go.mod index a526bb547..0a3f087b2 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/edgelesssys/constellation/v2 -go 1.22.4 +go 1.22.5 // TODO(daniel-weisse): revert after merging https://github.com/martinjungblut/go-cryptsetup/pull/16. replace github.com/martinjungblut/go-cryptsetup => github.com/daniel-weisse/go-cryptsetup v0.0.0-20230705150314-d8c07bd1723c diff --git a/go.work b/go.work index 7a4f64833..645982cbc 100644 --- a/go.work +++ b/go.work @@ -1,6 +1,6 @@ -go 1.22.4 +go 1.22.5 -toolchain go1.22.4 +toolchain go1.22.5 use ( . From 9418535229e649ab93757c7de0d472bb3707aa62 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 3 Jul 2024 13:59:03 +0200 Subject: [PATCH 134/380] deps: update Go dependencies (#3215) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Adrian Stobbe --- go.mod | 66 ++++++------- go.sum | 132 ++++++++++++------------- internal/attestation/gcp/metadata.go | 6 +- internal/cloud/azure/iptables_cross.go | 1 + 4 files changed, 103 insertions(+), 102 deletions(-) diff --git a/go.mod b/go.mod index 0a3f087b2..17ef7c836 100644 --- a/go.mod +++ b/go.mod @@ -26,10 +26,10 @@ replace ( ) require ( - cloud.google.com/go/compute v1.27.1 - cloud.google.com/go/compute/metadata v0.3.0 - cloud.google.com/go/kms v1.18.1 - cloud.google.com/go/secretmanager v1.13.2 + cloud.google.com/go/compute v1.27.2 + cloud.google.com/go/compute/metadata v0.4.0 + cloud.google.com/go/kms v1.18.2 + cloud.google.com/go/secretmanager v1.13.3 cloud.google.com/go/storage v1.42.0 dario.cat/mergo v1.0.0 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible @@ -40,20 +40,20 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0 github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.3.2 github.com/BurntSushi/toml v1.4.0 - github.com/aws/aws-sdk-go v1.54.9 - github.com/aws/aws-sdk-go-v2 v1.30.0 - github.com/aws/aws-sdk-go-v2/config v1.27.22 - github.com/aws/aws-sdk-go-v2/credentials v1.17.22 - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.8 - github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.2 - github.com/aws/aws-sdk-go-v2/service/autoscaling v1.43.0 - github.com/aws/aws-sdk-go-v2/service/cloudfront v1.38.0 - github.com/aws/aws-sdk-go-v2/service/ec2 v1.167.0 - github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.33.0 - github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.23.0 - github.com/aws/aws-sdk-go-v2/service/s3 v1.57.0 - github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.32.0 - github.com/aws/smithy-go v1.20.2 + github.com/aws/aws-sdk-go v1.54.12 + github.com/aws/aws-sdk-go-v2 v1.30.1 + github.com/aws/aws-sdk-go-v2/config v1.27.23 + github.com/aws/aws-sdk-go-v2/credentials v1.17.23 + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.9 + github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.3 + github.com/aws/aws-sdk-go-v2/service/autoscaling v1.43.1 + github.com/aws/aws-sdk-go-v2/service/cloudfront v1.38.2 + github.com/aws/aws-sdk-go-v2/service/ec2 v1.167.1 + github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.33.1 + github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.23.1 + github.com/aws/aws-sdk-go-v2/service/s3 v1.57.1 + github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.32.1 + github.com/aws/smithy-go v1.20.3 github.com/bazelbuild/buildtools v0.0.0-20240626162158-92a716d768c0 github.com/bazelbuild/rules_go v0.48.1 github.com/coreos/go-systemd/v22 v22.5.0 @@ -120,7 +120,7 @@ require ( golang.org/x/sys v0.21.0 golang.org/x/text v0.16.0 golang.org/x/tools v0.22.0 - google.golang.org/api v0.186.0 + google.golang.org/api v0.187.0 google.golang.org/grpc v1.64.0 google.golang.org/protobuf v1.34.2 gopkg.in/yaml.v3 v3.0.1 @@ -142,7 +142,7 @@ require ( require ( cloud.google.com/go v0.115.0 // indirect - cloud.google.com/go/auth v0.6.0 // indirect + cloud.google.com/go/auth v0.6.1 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect cloud.google.com/go/iam v1.1.8 // indirect cloud.google.com/go/longrunning v0.5.7 // indirect @@ -172,18 +172,18 @@ require ( github.com/agext/levenshtein v1.2.2 // indirect github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect - github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.12 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.12 // indirect + github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.3 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.13 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.13 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect - github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.12 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.14 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.12 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.22.0 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.0 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.30.0 // indirect + github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.13 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.15 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.15 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.13 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.22.1 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.1 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.30.1 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver v3.5.1+incompatible // indirect github.com/blang/semver/v4 v4.0.0 // indirect @@ -357,9 +357,9 @@ require ( golang.org/x/time v0.5.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.8 // indirect - google.golang.org/genproto v0.0.0-20240617180043-68d350f18fd4 // indirect + google.golang.org/genproto v0.0.0-20240624140628-dc46fd24d27d // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240624140628-dc46fd24d27d // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect k8s.io/cli-runtime v0.30.0 // indirect diff --git a/go.sum b/go.sum index bf0751860..3bfe2f31a 100644 --- a/go.sum +++ b/go.sum @@ -1,22 +1,22 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.115.0 h1:CnFSK6Xo3lDYRoBKEcAtia6VSC837/ZkJuRduSFnr14= cloud.google.com/go v0.115.0/go.mod h1:8jIM5vVgoAEoiVxQ/O4BFTfHqulPZgs/ufEzMcFMdWU= -cloud.google.com/go/auth v0.6.0 h1:5x+d6b5zdezZ7gmLWD1m/xNjnaQ2YDhmIz/HH3doy1g= -cloud.google.com/go/auth v0.6.0/go.mod h1:b4acV+jLQDyjwm4OXHYjNvRi4jvGBzHWJRtJcy+2P4g= +cloud.google.com/go/auth v0.6.1 h1:T0Zw1XM5c1GlpN2HYr2s+m3vr1p2wy+8VN+Z1FKxW38= +cloud.google.com/go/auth v0.6.1/go.mod h1:eFHG7zDzbXHKmjJddFG/rBlcGp6t25SwRUiEQSlO4x4= cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4= cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= -cloud.google.com/go/compute v1.27.1 h1:0WbBLIPNANheCRZ4h8QhgzjN53KMutbiVBOLtPiVzBU= -cloud.google.com/go/compute v1.27.1/go.mod h1:UVWm+bWKEKoM+PW2sZycP1Jgk3NhKwR2Iy2Cnp/G40I= -cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc= -cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= +cloud.google.com/go/compute v1.27.2 h1:5cE5hdrwJV/92ravlwIFRGnyH9CpLGhh4N0ZDVTU+BA= +cloud.google.com/go/compute v1.27.2/go.mod h1:YQuHkNEwP3bIz4LBYQqf4DIMfFtTDtnEgnwG0mJQQ9I= +cloud.google.com/go/compute/metadata v0.4.0 h1:vHzJCWaM4g8XIcm8kopr3XmDA4Gy/lblD3EhhSux05c= +cloud.google.com/go/compute/metadata v0.4.0/go.mod h1:SIQh1Kkb4ZJ8zJ874fqVkslA29PRXuleyj6vOzlbK7M= cloud.google.com/go/iam v1.1.8 h1:r7umDwhj+BQyz0ScZMp4QrGXjSTI3ZINnpgU2nlB/K0= cloud.google.com/go/iam v1.1.8/go.mod h1:GvE6lyMmfxXauzNq8NbgJbeVQNspG+tcdL/W8QO1+zE= -cloud.google.com/go/kms v1.18.1 h1:tz1oSpKokgn1+FF7mEMMmsu0FVHQebZjtKetX3fbYdo= -cloud.google.com/go/kms v1.18.1/go.mod h1:fOsmW0fzDVYXM0AOJWmpB0gFVOVgC33giwYi0kcTdBA= +cloud.google.com/go/kms v1.18.2 h1:EGgD0B9k9tOOkbPhYW1PHo2W0teamAUYMOUIcDRMfPk= +cloud.google.com/go/kms v1.18.2/go.mod h1:YFz1LYrnGsXARuRePL729oINmN5J/5e7nYijgvfiIeY= cloud.google.com/go/longrunning v0.5.7 h1:WLbHekDbjK1fVFD3ibpFFVoyizlLRl73I7YKuAKilhU= cloud.google.com/go/longrunning v0.5.7/go.mod h1:8GClkudohy1Fxm3owmBGid8W0pSgodEMwEAztp38Xng= -cloud.google.com/go/secretmanager v1.13.2 h1:WnyajcyWf5MLq9lPyVxEyOBAhQdPcpckG3lMw8LqAHw= -cloud.google.com/go/secretmanager v1.13.2/go.mod h1:rB3lORY7QZrjACov35PX0KXMM0bKlbkL0/eFlS312wk= +cloud.google.com/go/secretmanager v1.13.3 h1:VqUVYY3U6uFXOhPdZgAoZH9m8E6p7eK02TsDRj2SBf4= +cloud.google.com/go/secretmanager v1.13.3/go.mod h1:e45+CxK0w6GaL4hS+KabgQskl4RdSS30b+HRf0TH0kk= cloud.google.com/go/storage v1.42.0 h1:4QtGpplCVt1wz6g5o1ifXd656P5z+yNgzdw1tVfp0cU= cloud.google.com/go/storage v1.42.0/go.mod h1:HjMXRFq65pGKFn6hxj6x3HCyR41uSB72Z0SO/Vn6JFQ= dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= @@ -119,58 +119,58 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/aws/aws-sdk-go v1.30.27/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= -github.com/aws/aws-sdk-go v1.54.9 h1:e0Czh9AhrCVPuyaIUnibYmih3cYexJKlqlHSJ2eMKbI= -github.com/aws/aws-sdk-go v1.54.9/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= -github.com/aws/aws-sdk-go-v2 v1.30.0 h1:6qAwtzlfcTtcL8NHtbDQAqgM5s6NDipQTkPxyH/6kAA= -github.com/aws/aws-sdk-go-v2 v1.30.0/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2 h1:x6xsQXGSmW6frevwDA+vi/wqhp1ct18mVXYN08/93to= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2/go.mod h1:lPprDr1e6cJdyYeGXnRaJoP4Md+cDBvi2eOj00BlGmg= -github.com/aws/aws-sdk-go-v2/config v1.27.22 h1:TRkQVtpDINt+Na/ToU7iptyW6U0awAwJ24q4XN+59k8= -github.com/aws/aws-sdk-go-v2/config v1.27.22/go.mod h1:EYY3mVgFRUWkh6QNKH64MdyKs1YSUgatc0Zp3MDxi7c= -github.com/aws/aws-sdk-go-v2/credentials v1.17.22 h1:wu9kXQbbt64ul09v3ye4HYleAr4WiGV/uv69EXKDEr0= -github.com/aws/aws-sdk-go-v2/credentials v1.17.22/go.mod h1:pcvMtPcxJn3r2k6mZD9I0EcumLqPLA7V/0iCgOIlY+o= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.8 h1:FR+oWPFb/8qMVYMWN98bUZAGqPvLHiyqg1wqQGfUAXY= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.8/go.mod h1:EgSKcHiuuakEIxJcKGzVNWh5srVAQ3jKaSrBGRYvM48= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.2 h1:Za8rJGgO8qRfCvLTBNTTeQlFkIubOPrNuDX03TghDA0= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.2/go.mod h1:Ks7cRJzJ3WyhLux68C+EzogpJRKQi6HobwJVJInY5kw= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.12 h1:SJ04WXGTwnHlWIODtC5kJzKbeuHt+OUNOgKg7nfnUGw= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.12/go.mod h1:FkpvXhA92gb3GE9LD6Og0pHHycTxW7xGpnEh5E7Opwo= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.12 h1:hb5KgeYfObi5MHkSSZMEudnIvX30iB+E21evI4r6BnQ= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.12/go.mod h1:CroKe/eWJdyfy9Vx4rljP5wTUjNJfb+fPz1uMYUhEGM= +github.com/aws/aws-sdk-go v1.54.12 h1:xPDB+GSBZq0rJbmDZF+EyfMbnWRyfEPcn7PZ7bJjXSw= +github.com/aws/aws-sdk-go v1.54.12/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go-v2 v1.30.1 h1:4y/5Dvfrhd1MxRDD77SrfsDaj8kUkkljU7XE83NPV+o= +github.com/aws/aws-sdk-go-v2 v1.30.1/go.mod h1:nIQjQVp5sfpQcTc9mPSr1B0PaWK5ByX9MOoDadSN4lc= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.3 h1:tW1/Rkad38LA15X4UQtjXZXNKsCgkshC3EbmcUmghTg= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.3/go.mod h1:UbnqO+zjqk3uIt9yCACHJ9IVNhyhOCnYk8yA19SAWrM= +github.com/aws/aws-sdk-go-v2/config v1.27.23 h1:Cr/gJEa9NAS7CDAjbnB7tHYb3aLZI2gVggfmSAasDac= +github.com/aws/aws-sdk-go-v2/config v1.27.23/go.mod h1:WMMYHqLCFu5LH05mFOF5tsq1PGEMfKbu083VKqLCd0o= +github.com/aws/aws-sdk-go-v2/credentials v1.17.23 h1:G1CfmLVoO2TdQ8z9dW+JBc/r8+MqyPQhXCafNZcXVZo= +github.com/aws/aws-sdk-go-v2/credentials v1.17.23/go.mod h1:V/DvSURn6kKgcuKEk4qwSwb/fZ2d++FFARtWSbXnLqY= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.9 h1:Aznqksmd6Rfv2HQN9cpqIV/lQRMaIpJkLLaJ1ZI76no= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.9/go.mod h1:WQr3MY7AxGNxaqAtsDWn+fBxmd4XvLkzeqQ8P1VM0/w= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.3 h1:J2mHCzCeDQNfBOas73ARi4/CsLm0wYpQ3Itll8dPDBQ= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.3/go.mod h1:6rYGWnaLHD+WRF4E709VW+HEEJPKZbNdjHgq9osFXuE= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.13 h1:5SAoZ4jYpGH4721ZNoS1znQrhOfZinOhc4XuTXx/nVc= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.13/go.mod h1:+rdA6ZLpaSeM7tSg/B0IEDinCIBJGmW8rKDFkYpP04g= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.13 h1:WIijqeaAO7TYFLbhsZmi2rgLEAtWOC1LhxCAVTJlSKw= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.13/go.mod h1:i+kbfa76PQbWw/ULoWnp51EYVWH4ENln76fLQE3lXT8= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.12 h1:DXFWyt7ymx/l1ygdyTTS0X923e+Q2wXIxConJzrgwc0= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.12/go.mod h1:mVOr/LbvaNySK1/BTy4cBOCjhCNY2raWBwK4v+WR5J4= -github.com/aws/aws-sdk-go-v2/service/autoscaling v1.43.0 h1:G871v9jS1RyHPJk19JgyqCCVKw9p0nySH3VzpOKTDZU= -github.com/aws/aws-sdk-go-v2/service/autoscaling v1.43.0/go.mod h1:5XY8CFGBv6dZp/thbk8FRIAWjqNckM7PsL848KHdzjI= -github.com/aws/aws-sdk-go-v2/service/cloudfront v1.38.0 h1:EvpALEFWmTJrhWIQx/+U2H3jw+n5FLeiF7+Amr6nnEk= -github.com/aws/aws-sdk-go-v2/service/cloudfront v1.38.0/go.mod h1:Pri+xMTktTIOpTg/yYeCYgk4vOrv6sZLcB467ePRIoU= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.167.0 h1:70ZrLWVE70lfA+AFeZTWvP6uXHlAbSjfN3Ussy0qGQs= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.167.0/go.mod h1:Wv7N3iFOKVsZNIaw9MOBUmwCkX6VMmQQRFhMrHtNGno= -github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.33.0 h1:2GsPN/WdIJbNsYu0Qhre/tunAw4Po9YJHTSJeZaTu0o= -github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.33.0/go.mod h1:EjPhusEHOS2hFIJFR3PfI4ndJLkhm3VKTWv0U5m+VR4= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.14 h1:oWccitSnByVU74rQRHac4gLfDqjB6Z1YQGOY/dXKedI= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.14/go.mod h1:8SaZBlQdCLrc/2U3CEO48rYj9uR8qRsPRkmzwNM52pM= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14 h1:zSDPny/pVnkqABXYRicYuPf9z2bTqfH13HT3v6UheIk= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14/go.mod h1:3TTcI5JSzda1nw/pkVC9dhgLre0SNBFj2lYS4GctXKI= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.12 h1:tzha+v1SCEBpXWEuw6B/+jm4h5z8hZbTpXz0zRZqTnw= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.12/go.mod h1:n+nt2qjHGoseWeLHt1vEr6ZRCCxIN2KcNpJxBcYQSwI= -github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.23.0 h1:QzBMBkOPVhwL4ZUJBHNKWrmlouDz1zKnCbKNgjUCgNQ= -github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.23.0/go.mod h1:p5FuKT8Rj4fnlT84Pzy7itV11NZ39Fwm/Y52S8Lg1Oc= -github.com/aws/aws-sdk-go-v2/service/s3 v1.57.0 h1:v2DWNY6ll3JK62Bx1khUu9fJ4f3TwXllIEJxI7dDv/o= -github.com/aws/aws-sdk-go-v2/service/s3 v1.57.0/go.mod h1:8rDw3mVwmvIWWX/+LWY3PPIMZuwnQdJMCt0iVFVT3qw= -github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.32.0 h1:uXM5YKDEZ60grd2OfVs5uZSzRdqcL/eonj0iKmPFOgk= -github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.32.0/go.mod h1:tBCf2+VgRT/Lk9KIlKpTxyCunzxHcP8BFPqcck5I9mM= -github.com/aws/aws-sdk-go-v2/service/sso v1.22.0 h1:lPIAPCRoJkmotLTU/9B6icUFlYDpEuWjKeL79XROv1M= -github.com/aws/aws-sdk-go-v2/service/sso v1.22.0/go.mod h1:lcQG/MmxydijbeTOp04hIuJwXGWPZGI3bwdFDGRTv14= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.0 h1:/4r71ghx+hX9spr884cqXHPEmPzqH/J3K7fkE1yfcmw= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.0/go.mod h1:z0P8K+cBIsFXUr5rzo/psUeJ20XjPN0+Nn8067Nd+E4= -github.com/aws/aws-sdk-go-v2/service/sts v1.30.0 h1:9ja34PaKybhCJjVKvxtDsUjbATUJGN+eF6QnO58u5cI= -github.com/aws/aws-sdk-go-v2/service/sts v1.30.0/go.mod h1:N2mQiucsO0VwK9CYuS4/c2n6Smeh1v47Rz3dWCPFLdE= -github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q= -github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.13 h1:THZJJ6TU/FOiM7DZFnisYV9d49oxXWUzsVIMTuf3VNU= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.13/go.mod h1:VISUTg6n+uBaYIWPBaIG0jk7mbBxm7DUqBtU2cUDDWI= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.43.1 h1:nV3iVzSwz69etCRlmifzbxueN9KnnCq0hQow9ezJSzU= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.43.1/go.mod h1:SR3acVqfWMo5J4hI3WHHP0+cgC5yvEVjG9PJXtbOqQg= +github.com/aws/aws-sdk-go-v2/service/cloudfront v1.38.2 h1:TMeILwDLX08G1Ws+jJIlzjqxWxPHdVjHgrbq+joq28s= +github.com/aws/aws-sdk-go-v2/service/cloudfront v1.38.2/go.mod h1:bwqYM+9SeyLaryGx6R3ssp3d0CZvAvDrvUe3GCHZ1oM= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.167.1 h1:194kHl9h0FnIZ9PTWeBiAYVX8lKYJ9OT3rZXFM79X2M= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.167.1/go.mod h1:CtLD6CPq9z9dyMxV+H6/M5d9+/ea3dO80um029GXqV0= +github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.33.1 h1:XuwjSEGfLxo6UJtpJVy/E80GpE1gNclDBv5k1nTQcCs= +github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.33.1/go.mod h1:74D8OQ00uEvvpuG5e4VX+/2v3MC2pltRtzNyXJnEjrI= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 h1:dT3MqvGhSoaIhRseqw2I0yH81l7wiR2vjs57O51EAm8= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3/go.mod h1:GlAeCkHwugxdHaueRr4nhPuY+WW+gR8UjlcqzPr1SPI= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.15 h1:2jyRZ9rVIMisyQRnhSS/SqlckveoxXneIumECVFP91Y= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.15/go.mod h1:bDRG3m382v1KJBk1cKz7wIajg87/61EiiymEyfLvAe0= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.15 h1:I9zMeF107l0rJrpnHpjEiiTSCKYAIw8mALiXcPsGBiA= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.15/go.mod h1:9xWJ3Q/S6Ojusz1UIkfycgD1mGirJfLLKqq3LPT7WN8= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.13 h1:Eq2THzHt6P41mpjS2sUzz/3dJYFRqdWZ+vQaEMm98EM= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.13/go.mod h1:FgwTca6puegxgCInYwGjmd4tB9195Dd6LCuA+8MjpWw= +github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.23.1 h1:FW82vjO+OizFvwSYsSVXVnkt11+zuRXFFPXBUDqFl5U= +github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.23.1/go.mod h1:v8G7VgEsStrvK8Wu0UdJjhnIaU1Rvnikwz3IAv0027w= +github.com/aws/aws-sdk-go-v2/service/s3 v1.57.1 h1:aHPtNY87GZ214N4rShgIo+5JQz7ICrJ50i17JbueUTw= +github.com/aws/aws-sdk-go-v2/service/s3 v1.57.1/go.mod h1:hdV0NTYd0RwV4FvNKhKUNbPLZoq9CTr/lke+3I7aCAI= +github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.32.1 h1:ZoYRD8IJqPkzjBnpokiMNO6L/DQprtpVpD6k0YSaF5U= +github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.32.1/go.mod h1:GlRarZzIMl9VDi0mLQt+qQOuEkVFPnTkkjyugV1uVa8= +github.com/aws/aws-sdk-go-v2/service/sso v1.22.1 h1:p1GahKIjyMDZtiKoIn0/jAj/TkMzfzndDv5+zi2Mhgc= +github.com/aws/aws-sdk-go-v2/service/sso v1.22.1/go.mod h1:/vWdhoIoYA5hYoPZ6fm7Sv4d8701PiG5VKe8/pPJL60= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.1 h1:lCEv9f8f+zJ8kcFeAjRZsekLd/x5SAm96Cva+VbUdo8= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.1/go.mod h1:xyFHA4zGxgYkdD73VeezHt3vSKEG9EmFnGwoKlP00u4= +github.com/aws/aws-sdk-go-v2/service/sts v1.30.1 h1:+woJ607dllHJQtsnJLi52ycuqHMwlW+Wqm2Ppsfp4nQ= +github.com/aws/aws-sdk-go-v2/service/sts v1.30.1/go.mod h1:jiNR3JqT15Dm+QWq2SRgh0x0bCNSRP2L25+CqPNpJlQ= +github.com/aws/smithy-go v1.20.3 h1:ryHwveWzPV5BIof6fyDvor6V3iUL7nTfiTKXHiW05nE= +github.com/aws/smithy-go v1.20.3/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= github.com/bazelbuild/buildtools v0.0.0-20240626162158-92a716d768c0 h1:tVa7swb7n+9X2nS9XsCqOQ7ZGm0t+t11vWYTKoFiWB8= github.com/bazelbuild/buildtools v0.0.0-20240626162158-92a716d768c0/go.mod h1:689QdV3hBP7Vo9dJMmzhoYIyo/9iMhEmHkJcnaPRCbo= github.com/bazelbuild/rules_go v0.48.1 h1:uFAO3cNJyiZlf3r4HzApyMDiNch7lU0VtQBHrjnfCyw= @@ -1016,8 +1016,8 @@ golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 h1:+cNy6SZtPcJQH3LJVLOSm golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/api v0.186.0 h1:n2OPp+PPXX0Axh4GuSsL5QL8xQCTb2oDwyzPnQvqUug= -google.golang.org/api v0.186.0/go.mod h1:hvRbBmgoje49RV3xqVXrmP6w93n6ehGgIVPYrGtBFFc= +google.golang.org/api v0.187.0 h1:Mxs7VATVC2v7CY+7Xwm4ndkX71hpElcvx0D1Ji/p1eo= +google.golang.org/api v0.187.0/go.mod h1:KIHlTc4x7N7gKKuVsdmfBXN13yEEWXWFURWY6SBp2gk= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= @@ -1025,12 +1025,12 @@ google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJ google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20240617180043-68d350f18fd4 h1:CUiCqkPw1nNrNQzCCG4WA65m0nAmQiwXHpub3dNyruU= -google.golang.org/genproto v0.0.0-20240617180043-68d350f18fd4/go.mod h1:EvuUDCulqGgV80RvP1BHuom+smhX4qtlhnNatHuroGQ= +google.golang.org/genproto v0.0.0-20240624140628-dc46fd24d27d h1:PksQg4dV6Sem3/HkBX+Ltq8T0ke0PKIRBNBatoDTVls= +google.golang.org/genproto v0.0.0-20240624140628-dc46fd24d27d/go.mod h1:s7iA721uChleev562UJO2OYB0PPT9CMFjV+Ce7VJH5M= google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4 h1:MuYw1wJzT+ZkybKfaOXKp5hJiZDn2iHaXRw0mRYdHSc= google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4/go.mod h1:px9SlOOZBg1wM1zdnr8jEL4CNGUBZ+ZKYtNPApNQc4c= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4 h1:Di6ANFilr+S60a4S61ZM00vLdw0IrQOSMS2/6mrnOU0= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240624140628-dc46fd24d27d h1:k3zyW3BYYR30e8v3x0bTDdE9vpYFjZHK+HcyqkrppWk= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240624140628-dc46fd24d27d/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= diff --git a/internal/attestation/gcp/metadata.go b/internal/attestation/gcp/metadata.go index 5fdd7046b..d0e32eb8a 100644 --- a/internal/attestation/gcp/metadata.go +++ b/internal/attestation/gcp/metadata.go @@ -55,15 +55,15 @@ type MetadataClient struct{} // ProjectID returns the project ID of the GCE instance. func (c MetadataClient) ProjectID() (string, error) { - return metadata.ProjectID() + return metadata.ProjectIDWithContext(context.Background()) } // InstanceName returns the instance name of the GCE instance. func (c MetadataClient) InstanceName() (string, error) { - return metadata.InstanceName() + return metadata.InstanceNameWithContext(context.Background()) } // Zone returns the zone the GCE instance is located in. func (c MetadataClient) Zone() (string, error) { - return metadata.Zone() + return metadata.ZoneWithContext(context.Background()) } diff --git a/internal/cloud/azure/iptables_cross.go b/internal/cloud/azure/iptables_cross.go index f1caf3321..901b92c1d 100644 --- a/internal/cloud/azure/iptables_cross.go +++ b/internal/cloud/azure/iptables_cross.go @@ -13,6 +13,7 @@ import ( "log/slog" ) +// PrepareControlPlaneNode is only supported on Linux. func (c *Cloud) PrepareControlPlaneNode(_ context.Context, _ *slog.Logger) error { panic("azure.*Cloud.PrepareControlPlaneNode is only supported on Linux") } From 7b6c3a710e2f253574dd1e056af17783a1dc54ea Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Wed, 3 Jul 2024 14:11:59 +0200 Subject: [PATCH 135/380] docs: add release v2.17.0 (#3221) Co-authored-by: msanft <58110325+msanft@users.noreply.github.com> --- .../_media/SLSA-Badge-full-level3.svg | 47 + .../_media/benchmark_fio_azure_bw.png | Bin 0 -> 30975 bytes .../_media/benchmark_fio_azure_iops.png | Bin 0 -> 29702 bytes .../_media/benchmark_fio_gcp_bw.png | Bin 0 -> 30401 bytes .../_media/benchmark_fio_gcp_iops.png | Bin 0 -> 30221 bytes .../_media/benchmark_net_p2p_azure.png | Bin 0 -> 36902 bytes .../_media/benchmark_net_p2p_gcp.png | Bin 0 -> 36961 bytes .../_media/benchmark_net_p2svc_azure.png | Bin 0 -> 38309 bytes .../_media/benchmark_net_p2svc_gcp.png | Bin 0 -> 38395 bytes .../benchmark_vault/5replicas/max_latency.png | Bin 0 -> 21327 bytes .../5replicas/mean_latency.png | Bin 0 -> 18809 bytes .../benchmark_vault/5replicas/min_latency.png | Bin 0 -> 21414 bytes .../benchmark_vault/5replicas/p99_latency.png | Bin 0 -> 24062 bytes .../_media/concept-constellation.svg | 460 ++++++++++ .../version-2.17/_media/concept-managed.svg | 591 ++++++++++++ .../_media/constellation_oneline.svg | 52 ++ .../version-2.17/_media/example-emojivoto.jpg | Bin 0 -> 141236 bytes .../_media/example-online-boutique.jpg | Bin 0 -> 263458 bytes .../recovery-gcp-serial-console-link.png | Bin 0 -> 46134 bytes .../version-2.17/_media/tcb.svg | 535 +++++++++++ .../version-2.17/architecture/attestation.md | 391 ++++++++ .../architecture/encrypted-storage.md | 62 ++ .../version-2.17/architecture/images.md | 49 + .../version-2.17/architecture/keys.md | 131 +++ .../architecture/microservices.md | 73 ++ .../version-2.17/architecture/networking.md | 22 + .../architecture/observability.md | 74 ++ .../architecture/orchestration.md | 83 ++ .../version-2.17/architecture/overview.md | 30 + .../version-2.17/architecture/versions.md | 21 + .../version-2.17/getting-started/examples.md | 6 + .../getting-started/examples/emojivoto.md | 22 + .../examples/filestash-s3proxy.md | 107 +++ .../examples/horizontal-scaling.md | 98 ++ .../examples/online-boutique.md | 29 + .../getting-started/first-steps-local.md | 277 ++++++ .../getting-started/first-steps.md | 229 +++++ .../version-2.17/getting-started/install.md | 429 +++++++++ .../getting-started/marketplaces.md | 56 ++ docs/versioned_docs/version-2.17/intro.md | 34 + .../version-2.17/overview/clouds.md | 65 ++ .../overview/confidential-kubernetes.md | 42 + .../version-2.17/overview/license.md | 33 + .../overview/performance/application.md | 102 +++ .../version-2.17/overview/performance/io.md | 204 +++++ .../overview/performance/performance.md | 25 + .../version-2.17/overview/product.md | 12 + .../overview/security-benefits.md | 22 + .../version-2.17/reference/cli.md | 843 ++++++++++++++++++ .../version-2.17/reference/migration.md | 85 ++ .../version-2.17/reference/slsa.md | 73 ++ .../version-2.17/reference/terraform.md | 37 + .../version-2.17/workflows/cert-manager.md | 13 + .../version-2.17/workflows/config.md | 353 ++++++++ .../version-2.17/workflows/create.md | 93 ++ .../version-2.17/workflows/lb.md | 28 + .../version-2.17/workflows/recovery.md | 179 ++++ .../version-2.17/workflows/s3proxy.md | 58 ++ .../version-2.17/workflows/sbom.md | 91 ++ .../version-2.17/workflows/scale.md | 122 +++ .../version-2.17/workflows/storage.md | 281 ++++++ .../version-2.17/workflows/terminate.md | 60 ++ .../workflows/terraform-provider.md | 128 +++ .../version-2.17/workflows/troubleshooting.md | 151 ++++ .../version-2.17/workflows/trusted-launch.md | 54 ++ .../version-2.17/workflows/upgrade.md | 110 +++ .../version-2.17/workflows/verify-cli.md | 129 +++ .../version-2.17/workflows/verify-cluster.md | 97 ++ .../version-2.17-sidebars.json | 294 ++++++ docs/versions.json | 1 + 70 files changed, 7693 insertions(+) create mode 100644 docs/versioned_docs/version-2.17/_media/SLSA-Badge-full-level3.svg create mode 100644 docs/versioned_docs/version-2.17/_media/benchmark_fio_azure_bw.png create mode 100644 docs/versioned_docs/version-2.17/_media/benchmark_fio_azure_iops.png create mode 100644 docs/versioned_docs/version-2.17/_media/benchmark_fio_gcp_bw.png create mode 100644 docs/versioned_docs/version-2.17/_media/benchmark_fio_gcp_iops.png create mode 100644 docs/versioned_docs/version-2.17/_media/benchmark_net_p2p_azure.png create mode 100644 docs/versioned_docs/version-2.17/_media/benchmark_net_p2p_gcp.png create mode 100644 docs/versioned_docs/version-2.17/_media/benchmark_net_p2svc_azure.png create mode 100644 docs/versioned_docs/version-2.17/_media/benchmark_net_p2svc_gcp.png create mode 100644 docs/versioned_docs/version-2.17/_media/benchmark_vault/5replicas/max_latency.png create mode 100644 docs/versioned_docs/version-2.17/_media/benchmark_vault/5replicas/mean_latency.png create mode 100644 docs/versioned_docs/version-2.17/_media/benchmark_vault/5replicas/min_latency.png create mode 100644 docs/versioned_docs/version-2.17/_media/benchmark_vault/5replicas/p99_latency.png create mode 100644 docs/versioned_docs/version-2.17/_media/concept-constellation.svg create mode 100644 docs/versioned_docs/version-2.17/_media/concept-managed.svg create mode 100644 docs/versioned_docs/version-2.17/_media/constellation_oneline.svg create mode 100644 docs/versioned_docs/version-2.17/_media/example-emojivoto.jpg create mode 100644 docs/versioned_docs/version-2.17/_media/example-online-boutique.jpg create mode 100644 docs/versioned_docs/version-2.17/_media/recovery-gcp-serial-console-link.png create mode 100644 docs/versioned_docs/version-2.17/_media/tcb.svg create mode 100644 docs/versioned_docs/version-2.17/architecture/attestation.md create mode 100644 docs/versioned_docs/version-2.17/architecture/encrypted-storage.md create mode 100644 docs/versioned_docs/version-2.17/architecture/images.md create mode 100644 docs/versioned_docs/version-2.17/architecture/keys.md create mode 100644 docs/versioned_docs/version-2.17/architecture/microservices.md create mode 100644 docs/versioned_docs/version-2.17/architecture/networking.md create mode 100644 docs/versioned_docs/version-2.17/architecture/observability.md create mode 100644 docs/versioned_docs/version-2.17/architecture/orchestration.md create mode 100644 docs/versioned_docs/version-2.17/architecture/overview.md create mode 100644 docs/versioned_docs/version-2.17/architecture/versions.md create mode 100644 docs/versioned_docs/version-2.17/getting-started/examples.md create mode 100644 docs/versioned_docs/version-2.17/getting-started/examples/emojivoto.md create mode 100644 docs/versioned_docs/version-2.17/getting-started/examples/filestash-s3proxy.md create mode 100644 docs/versioned_docs/version-2.17/getting-started/examples/horizontal-scaling.md create mode 100644 docs/versioned_docs/version-2.17/getting-started/examples/online-boutique.md create mode 100644 docs/versioned_docs/version-2.17/getting-started/first-steps-local.md create mode 100644 docs/versioned_docs/version-2.17/getting-started/first-steps.md create mode 100644 docs/versioned_docs/version-2.17/getting-started/install.md create mode 100644 docs/versioned_docs/version-2.17/getting-started/marketplaces.md create mode 100644 docs/versioned_docs/version-2.17/intro.md create mode 100644 docs/versioned_docs/version-2.17/overview/clouds.md create mode 100644 docs/versioned_docs/version-2.17/overview/confidential-kubernetes.md create mode 100644 docs/versioned_docs/version-2.17/overview/license.md create mode 100644 docs/versioned_docs/version-2.17/overview/performance/application.md create mode 100644 docs/versioned_docs/version-2.17/overview/performance/io.md create mode 100644 docs/versioned_docs/version-2.17/overview/performance/performance.md create mode 100644 docs/versioned_docs/version-2.17/overview/product.md create mode 100644 docs/versioned_docs/version-2.17/overview/security-benefits.md create mode 100644 docs/versioned_docs/version-2.17/reference/cli.md create mode 100644 docs/versioned_docs/version-2.17/reference/migration.md create mode 100644 docs/versioned_docs/version-2.17/reference/slsa.md create mode 100644 docs/versioned_docs/version-2.17/reference/terraform.md create mode 100644 docs/versioned_docs/version-2.17/workflows/cert-manager.md create mode 100644 docs/versioned_docs/version-2.17/workflows/config.md create mode 100644 docs/versioned_docs/version-2.17/workflows/create.md create mode 100644 docs/versioned_docs/version-2.17/workflows/lb.md create mode 100644 docs/versioned_docs/version-2.17/workflows/recovery.md create mode 100644 docs/versioned_docs/version-2.17/workflows/s3proxy.md create mode 100644 docs/versioned_docs/version-2.17/workflows/sbom.md create mode 100644 docs/versioned_docs/version-2.17/workflows/scale.md create mode 100644 docs/versioned_docs/version-2.17/workflows/storage.md create mode 100644 docs/versioned_docs/version-2.17/workflows/terminate.md create mode 100644 docs/versioned_docs/version-2.17/workflows/terraform-provider.md create mode 100644 docs/versioned_docs/version-2.17/workflows/troubleshooting.md create mode 100644 docs/versioned_docs/version-2.17/workflows/trusted-launch.md create mode 100644 docs/versioned_docs/version-2.17/workflows/upgrade.md create mode 100644 docs/versioned_docs/version-2.17/workflows/verify-cli.md create mode 100644 docs/versioned_docs/version-2.17/workflows/verify-cluster.md create mode 100644 docs/versioned_sidebars/version-2.17-sidebars.json diff --git a/docs/versioned_docs/version-2.17/_media/SLSA-Badge-full-level3.svg b/docs/versioned_docs/version-2.17/_media/SLSA-Badge-full-level3.svg new file mode 100644 index 000000000..7154d4a13 --- /dev/null +++ b/docs/versioned_docs/version-2.17/_media/SLSA-Badge-full-level3.svg @@ -0,0 +1,47 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/versioned_docs/version-2.17/_media/benchmark_fio_azure_bw.png b/docs/versioned_docs/version-2.17/_media/benchmark_fio_azure_bw.png new file mode 100644 index 0000000000000000000000000000000000000000..a82ebe2d0511dc0a54f663e23c25dc275edaa15c GIT binary patch literal 30975 zcmd?S2UL~mmMx08)KVA{5>;}RoZ-&Tb58d?_q~4Sb@%Ce`;F%qHOfL^|Nj@(nrqIvR^2}@dv?RRo$Ki6 z=r&L#Pb<*Tt>~enTQ>gNYJ4T(z?wt&mypdFH5)~9eH*(=R(f&$LgD%u)6}zP(L&X9LFf=YwNzgF%Tagy>a7)mEi7mzyB^hnzqd15uW+z)-iYa%aPBY?=kt> z;O6s@%dT^%B`ZMGDQzdead>lvHK%P~P05pe?#4AyFYa$)>+7qHEl#F4s(z*X{llHw z3~K|^ugRTH(wB+EopRr(9-4pR*6Iiw>qYAybLClCS*7*$s+}di)z_D;uo>_9;$s#w z$f!F$KUTqM+L$ui6XvCmDMZJ-0&6AmesZuWlEx|(W8Gb@kzo}f8!Q~rly2TX@byh& zw!@p*iT=owch(tA^wm;x2Tke|dcDLKEAfZQIgYjyz13{R>C4`3o;&vg&%AZ(R$r?} z4mVGqJ=iu71_gFEw`&@5XW9 zfTWZkm&~Z`3i~72*w+~c)sqkK@{Zo9&evYsoMo37qnenoV$H@+rKM8CxpN8E1{)*p z-TQ4}ac+2ay4}l{Rcc$Xn2Ux?z>zN{zML!$ETbL8TOxCcJejIro_VPB^7LA2Rb;4Z z3?rYu$mr4Q1@}BX>w<)=~UT!htSkDoBEe)Xu@Zt=sN^}-h4u8S>0}E)X_c=gW)N%a$mzQTICY#LJW@g!BgQBL|+(NH!Y`Ay!oB$o&VfQ|Iwc$AyS!3*tK}7-{D#o-aEk-*hb0d>*I99wD zKSs4KPMyWk$;`~ma&oV3p+|`ycc^iFLOfQ#cYbDUcD!0{qAxaav8iRnkJM{}8VeKk zI<)ZJLRJU<{PQG!tjev`8x-E^Es2JNgjnWI`STg5;HW6Sl4ewnRgtk9Zml&4b$Lbg z-X9^oZ)uHmh=@=`Al)~fAM0=kZgf?ICgwOzouloS3Fu%b*Db}-!`HZRvaxk0KML+s zTes=x=loyrWko&Y#Hq=jn)4gKnusleA?mNFb3<8N`LzpS+lxe2pN~4fH-hRdk(-+v zqm!45HGX`tsXRn97MCH~e&okFKd#`aNV!BTeBZ)UTm8p}+gaY4=PfN}3ETAS5f>MC zaC9uGsE}hicFjiUc-?}jnDg{&ZI=n<&Qd?QXvIjCrw7$*;?(&TaB=E*^X5k%YNQ%R z;N+B4S1aOX*FWUWjlwsJyw)<$9=W@2+rb0e+}sgzq1vqHd@7%xxMlPG!z#bh0_HC> z*g(gLT24=6{~T_50k(J2Tqpo&WtjjyS{C ztr6^sucC0&$eKAjJ1gZnJGd;)bgxZ2gwrMJG?|hXh-Xi|`c>hW-H?s?(zo}wRK&T| zUcb`|#x|CIw}`s@@c~!2+f<8Po$%zq*LEwn3mLZkPbIvV<2SRO`_$B=Nw!J-&8uyP zG&+)9+j3pv2ZIDHPtq7RZytSD5yK-f*7aEtVaAt7R|0DkeWjSTlTY7cs5PhGijmIi z9Ua}(Xo*KVC1@j4Q*J$aUQEaIDU4M8hS!&5$GCKIuQs=|Jfc*`swSR}H~(;ZZQbnT zP)lIXHOe&>ZO2~LeZ{zEjm*tG!*js1dx4FTep3x4zFQ0DL})i3cW-Yx2Q zr1faJ;g=8LRPVyhtWQIo$=%fV%>Hejj7%fin#i5otLK!EG#Ut`@M#<0-m*-dhmSt@kad@I zQ0M%@0#*};Uoq9V*4}TpJ~6a(aHui0^a{dRYuok;(W#))3j18=84t=B!cw7nH*Tzl zpP%28E7>_YpFal*w70Zf$gs+2W>GB~`|%j~#5qEr{&t!sLuU4N)KqmE@pPJAIH!?OKu>V*N_JuT}; z_zcRAeEj-&zwd9yQictc$Q`E*m6xiTv|QCQ#qm z#U)<+6}NV_;UPP>XR%7rw6*Kk;|B%t%uNjoxXewacBPuPwHgIZrDr%!^yv>argoM2 z^L15-FWE3ohdTDLzq$Nz-IhQ8xP;}tOp;4%%c^w@hp{`dP1868@p>jTQJ3lxv`qf| z^Ut#H`R3d-{)mPH~KNuF%%vy{QT1_U0+ss$f zGhYqvaX@%zKe%g)VT2P~%-xMl#v6AFUc?R3&0Sh_8bh|yWaC15>qr?uK-WcdGNt$* zF{*loGwqL%hx}Cj4B5P#fkWw2@7(q|zQw{_=4yElhte zkz@1*_@_=d%cl1-Ab=iu9M}1gv(-`Z`~2R|0jbm(2z0IN7^@IB_if3vE!A)vsCW)E z)QiJAGnn2cefsq6udgrNV%JQI<9EZ~uxwoO?fV~<%ig`BaXxpO8%(du#uIVL_csA_ zq?X-YyJd5W=QEd2G}ebgPLpv$*9M;P4>o61d$5SNUMYS0d7U?pD!=Y7QO6Y9PGATb z%dX+poTkiu-|z@_4!=|U_nq}D$TFkqPYt!mj_o{Rcrn~bH8Vdyzy07`DR-V)6BEC& zk23Qy`{}v4V+%>U_U%8Shls*{ysb@NwKNyGPSzH0xht|fNBm8*rNyG#ez<*_Y#SbI3qY&n>Su0ohNp z6GtLB;c4znS0H^(D{e=P#&FM8%nhT?9_6n+Mnv{yg{X7JZz9)YF6a-wf2os^z?uCw>%<~27P;}+gbNv$7Y5qfy`%K1Udfm&I3xF+ zHs>q^9Q6@(x+XeNqgbbuc2#|1xJ?IO98%9W0{}4`RO2r%?*NA~8@M9C zE2W!hQ6Eexp8!%wUmgD7kiHOA*s9~+#28>hig7Imbt= z&07bovb^`p&>|xZf<_T4s5CC^>>b13u3%rSG6vRjXJ1?x7#uR8l`Qy}rhBpRY0Y{8p?h-Kj)Yhhh+%q~c zAybn~W!JZO>%qvUaclFrDT$rtUy~y!$Q%yz69)%FM4jSPb!wv(&#qYgyX1#$#~u#b z%LNN715>ErXC1jV&>%P_Dk4&os3T6T!pX8hK)qtpzVMVwiv!51|JV|4cr0FmAaL96 za;6;ISB(_IC%ZSE4bl@wl#5qOIvMIR>0fGFg3ZTjmD$@+(ehT`<^XCF#h`O^>;;Po}U z#UhXEll4l+f!&K3-vbZ2)dN_vQgK(j>}HP+W0^u11e(5neRyVOMzluwa-;1M zLz|^FD+k9p03mOi;nQ+`HPOLc*b(ijoMp>Y6E65i*=nP3iq}Z3iq}jh2lsREv3k8q zX)}|$xFO-(Gx;l5uH00_QQVS4!h^av+a!HVgBxAZ1qa6+i;IiAQ_Qi+uSgY&;DmzM z2PY%~cQMAYz3_pjXWG+;E@xiZ_ScQHo;a*uwuAb>ZhYi-MqZKEkCM`N@g-YIH?@-l z#CiDe`3jM-vK95A&jt&(=`=hzG|5CaVrgr|DlDu4C{=?vok;L}e*P&&-Ybt26B89J zyu4zMFA{q?ITmOXx9Slezge^3mwvTWV_&4YeZ5N`?63NAs@7G@ zi65e_^-N>d^kNnr2L%80-Qoa+LTSD3!?0Pn6-$ef=;PeN0fq2;%Hp}hk{&Fs)9*V+ zCUH|OkQ9Wk4eaQ4a$A_SU6}1pbnNt1Wng5C7HD(kEAN@$F>A|>M~xJvo#R-7Tr{C= zOG+`5x`7)_UKz=Oj~m+Z5NkBVyG#9sZJBqAyrUtuPl zK|%FTr70oEBKV1j%kezU-s-4H;<`;t^2=q5V#*Tt{fu)(Frl=Tj(4>fTERM>0i znLYThqO!CUEcu$d4KriioD|Aw+IXF&xsa&BW>-=m2<`)VcJ<_NR2i()EW2UZ z8r~#xCOJ>>n#MF!la_0{=f0K!-KdG1H>C~Uu-jZPB{G%&VBxB(LVPtBsVNtJ=F`){ z0f-FS3m*yF_W9u9Sam%-nT|aTZ(6@`qY477o`*b0i+Ikj_ig8=M+8+bJ>sc5^qzhc zvFcdxjsqGgQ4bi{HydcYwRoXyusA<6k}&-9d%k1)BLPawuBJU*{y%&+k1_S4D14dA z!kss7b+do{@4wqPWIy5=$#tKTx9zPugQ9cOkhlYwk@bUZc{)QwLw(heUTLT$0myoQ zw0H{(914%I7c91lm#kgZ+uF_9<@svEuA@DG-?J#_I|c{i8&gfBGVQt_0`6ZMZjHx6 z8e=mv5pED+C(qlp7o<$dH?4aY@@w6wp<+2DPY-eSwr&k75Yb`gdnXT!y4kj=C!Z9q z6T5W>VkeS9RmH5k%2o_hBxAY{>5B9Itk-d4Efya9hR>}#?g*f*EGc=9@L{B?*!_5@ zjYMOtWH^pUDN;grMX0L#Mkbnz^sNTw$+WAzORIgd+7NncGi^<@GOW%Z+}Gb+wf@4! zl(3Vx((Y6G+fe>XBIFE+7EgM@JB_+s^hV{``P4F zw#g~6NnNffr^@(d9@Y2ti8_gZi?RUnF2ox(Oz z6eAQMbuPjjubuX2^w#apm8$8IDmw*4@g)6p!?!o@jE;7=%Ttw)xf_I}CjRI5mK9eJL)0 z=d)db<`=l~EZZe~*%c+$Y}_qLo9rkLZp!???>cYqm#)Vm?s@?@y!y$$v&_bibA1@* z)Rk3T%sk{#at191E0HqgPVtLV?tO%qO13TPPH%IqPSDDtWH9d@az$oMPPo@5uGWmY zBmR#fB*-{WDk2sx$PTX)HoM=slM%;f@$KE31h&0AY)xjZ+0l48b`A~>*>69wf`wyv@i^4-1u|Ukqx^b{x6z$qjGh?^1Aw_N;A}#`1U8HLALQZBcVSh7iV{yB#h!$zSwfHWWD6nqby5!{+xaSiH#YQM; zgzbicTo)!(H|#ik9ND-QCyd$Nci|GsBW(c{2qNa2;e6X&Tj^ErWm zfrO<*Y26R1oKUu4eS)s^+p%`3*xK1monF<4KhsQ1pF>Sc5Gl0^7aq`slTnvor41}% zBCV=Vv@&gqd$;xYX**J@ayXlL_T_~N+n(EX^y+z#G)GVvyQO;J+N6Hy!?NKBMpagx z4;HePIP1ks;txqHhcwd+fi^RNM)De4^WUO43DO-yxatL1SA4XSKaR7AaEd!CV^ZbFvbY)!Y;EZAM*244Zr;9%dOLDbo^8Je9&ZHZKm^J8*~QRiQ*^m9Yr zkycXjDb?Myd-wdi_Kuixs1!0dW{cIP zzV_p%j|?f|wc|pa#(Tb}T$OgKi;~apytd`d5@N}lE|jXmtrPQ_c%-z+H=uOyYY!oQ zr8Q1{7H9(rHiJ5H^MX*WTORj?w-=W$U;ZN=rBRrDUhI9L*1{c-GnlFYMOHQ`y|uVx z4He`xi@RIt}QWR zP3CzY=a?+5t@-d>uHWpO2O5%8f)QdegYjlt5)Vw2lly6tZ)UzK7|!Hl>-#qm}I2KNCQ*;(eVh+3vT zfZt^Nt3jw}O@G(sFhE#g`=8HO|GwinREH8^d7LLjlqW}wYYq&yWT}FwmaH<}pN>B@ z26@rfl%5#kI%{NdJr{h630_F!^~D=_p67t!l+xNdFk+~JwQ1q2)^F=UnJhVKDp`fo zYOb~RYJGy%OFt9fP5y?9Wn1l4(;u;^;ISugyQ9t9a@YO#+j&4oAMm>*FMx%$bKE`| zHv02t<#=y(DsEA#QMH7_XvY(*1}Tn6@&#BT(UN60Rk!#(9-lCJjp^p3a5@Cc+4;^E z;u={^ZHLaSou32iXLD+@9ju{_odLjC0x_x-Ch>^kR(cWyugV z5PH0Y;Wm7m9`f9EO=6ra2Z zFe2NrfA`4lH7B?uY&hvOi4OJ8SfT%~{g7$7x2_ABCr_SKf}ncm_U!`y zJl&#=gd;$~`!qd0on)ME-@XY>5M>MX!vRFj(aA{_&`=~@6(y~=|L{lU(ke)Gxb5mo zLp9OfAYn@Qd)97aV4(a>n^wfa{CvhFVt*dQry{86nrKBfa!m?%L<)mRJdaQ^fgoo5 z?)tKw$F9XSH#gTrNNtx16>EvHn;O!pO+?M@&;YFYn|AeawTw6zE*Pfo9j#itOD_5;DLhxa4`CTSRP#%KiHI6ydx9VtP9#=&(I1$Za=o-Qw3R{2gVcl-uG=Bzb?(b>TK+WW8_qwB}@?#CwIp^nlyq zJXilfW2zMXt|AJcI9_0UqRkRgwS;__fPes~z!DB?!QI9!nW-qMqgt};*qU7Fn2S?? zgu2dBPu=}p9^q>1=FOK|W?OQc>~hA+j}e9hWbrY=O=JZ86t95#4<$gRSHFPh{j%xP zQVIaTBoD4ywJI7CFnjf3Jf4U=sn*^J0}xuPyLNo~0}oy{YiDo&mgJ%oqiW&W^}qf0 zn8E~94L8Bu_V`sl{I052vdIKc=;`T!Avnsdzb?#9Kt`-Y0tqTX1s?&fhMh!8Urs-i zBoPm{a|_qrcNlU)y~+XhgWoV8pBmKHl3{%o$5;NzpJzHcJ6YY_+%__s zXf+wDmaV-Fx?jCiC)-{=F=sM>|L|!nP71J@yVyoNvLXodnqbNp&licf`z%MW4^;p>2j!UeL#Fb z=^=3Oj=TG@T8GM{2Y)a#Cjb_+V-0Z$y)$ikUt){d)Th>C@s>n!55HhxS zJ=r(g;VqW}?PCGd)#%7bQXlf3D&V#v_ReOkO9od_i*SD^Uwqi)n5k9oZmb}ZBB|=J z3Dsa}k2sDS0(nZW-*&JP-jA9Dtz))B&FVCU-MixeyQws@=C>~Z5c=?Oz-oT;^Yf5j zU*h3S01-KGgI;>R2m8VR+zYKP8lbl%fIoH{w{{%3Cw3@Oj^O4=Tu_eJsEuXj`=g(Mq`bG5%ujXLFe35Ewn zLfy|!4HFj57}25e^`%qE1N2zm#Xvyi+FTbW!l~k&Qc75ks65pwtoq=ln7nEnWCf9{ zN6Hh`l3q@XeF;0u4^zvfS=8QLhggrK~lhB36 z0Seg<9xRL2hGJUi$rKAEVSnF_tB9vCaA;)PC#8m60V@mLMYtdaGv2Gc#M;cBQN> zSW>q5+QT_eBEbod**fqJ%E0ffE>l{O^v;1tO$mkpsuC>c<$0kC-*9_8f|@JW$*EN4e0#337$h zuky{q!$axHmGIH7&;2!Z1?N258JZAr;}#y>yH^SRX3NzIWRG~90+Lur?BGy|ivq?p z1QA9+sWL(fzvECwHvU**I? z?4c415BLDv#d!yOm7{#DUrbC4#pk)8&dX+|c}rhy_OP>R9-kT?mmVKubf;%|N+Fd_ zbTj-6r|)mBn{Vj%Jk)hi6|1B?3GJdEpqONb5Qi?t4LgrWLIGBVT*5q^FbaN(otL+2 zT_}&DnwnZr_bZkw2-JjqMI9N5v&fDY`-R}M{djn2?SdcEEWV$NT#za28F}&I1&Gkp z!Y!Xd#q*GPbU%9uok#}%DOfaywU901<0;}05xKBz*|O1}7P&L~a=!?}?sk0#s3*sn zPQO%C19$G;jk);#re)vCl`CPM;w|4H$KzHn24%}DBHo^twdv3hh^$ITa6f|ckQs@^ z;{1z~D*mzG2Ku&n|DrkOpvRE|l?uT+UMoulT0lK2H-7t{7hR^myVG9~L;k^$dcUHd z^$Nl-xzfaTf`}Az{Kj(R&_XPi#!Qo0EeBt6Cd$sfqsj^hFq`49UVF zE2L>lS;8bmts*2mif7Ss;mbq%_Rn-Do^Lsb-Mh{Sx}*lLpK8@vVqfGNgP%y$^UwZ# zMVXv6JHpO9+y*80swLOcWmNXB%N-HBNoh^2V5pF-0_?EsqGM%zFi{1g3<(1k(V(Tc zEiDSFnobQiO;xI%<<`lK!zJQGNI>HDCH5YuHlz%Ja;t=TCcd8XmWG5sGd(SMr{XLR zPCrRpC|j+BkNF|{fKKRrQSVn%)a#00Tx%wz;z+d*dSIuR^IMIytL*Oims&1|f&f|R zWpLR`8HI6*Nj(>2ETNXJB`5_VR$17~pKStAGGrjZ;hZZX1;bi6ctjkSAx0xL2Ga3! zgl%J3(Fi%BC?^^LT7po@0fLs7gN_N^2=}>~{&or|NM2qZM9l*};(_5UR8v)lP|F2i z@raSHu=iRQ(kF57oktPOY}`a}9}+Nfz-8ZztSrqJM{$HXrcjX~PzF6kw(EwsLF|xv zazV5+61Ya5tINwKOO)0oyLie&#S^hbYGaqf5$$D<4Ph17qp?zkfRM9DZWE|ir81{} zcSc|bV)h{hzS!liPENyzFnBIPwlpDmIbi?7W_0&wg+diB}On>XQgl+XG3VLdGz zv86B2JXb#J+F%XzQtDK~@AOQh8!(Sju2~lZ5Hue=h+7%$?k{Rxlxc*^0E-jWd2VaX^x0NFb zXV9{atfY|5aH|%J+kDbpdX@y3rl2U1X8|kpltU@%xtPoB0dgBNZK44kBY}6xDZVeJ z!X#`{Nh($@txUtE#f8zav4_@wuEOfdB>-RhwTp_DtqO)LY>b?Y2U6Ia_PhP-D_J+W zsGvitAvuNN#25oM?G&+p?a3mZ04mNH?6|D$t(!LqkRZSScEWYgEO0|e-5zP@#C8|_ z9O%mk;Dlc^7@|Je|9)Rp?JvluK_T@aSOKW-u^|0SAal^dLD!ieMndNFCd?kb(+K50 z2vm)iAv#|2ggVsDR)a!8o`mp|Ac5Fn76q?ZhaHH|3_I(kg8U0VN*p3rQC4}lh-~qD zSj~VyYEUOkfGLus!Sxo0;~azJOptP`^Oy{FNCuSOYcnUgfh26CFImFX8+IDv(m2Ax z<||;XO)3HQvWhE&`6x=`g5h`Q#QtBVN9$4(tdEu|G zq#q1NU7CL*d%9#fi7DhsG6Q!}s5^>i_nnY6G1@Nw&k7Lgremg4CI#KH`4?t65_HY2>mDJTDPD=ISroks2CMy-*K|lCq zQim`EevZ9mH@OV#-{2Z0F?ZWRwdb6w36eA zVJSJ)(sEVHY9tz#VaC86!NRsyLQANM2ow+z5g|_U*m*=gqI-b=?&$3$mV^EXKkX`T z&rd0)oLp6ANMpS6O&>Y}LE5a8(G<#30ZM zBPQ70^9br#nIn22VWI;}zi*pjNCRLU{QBlBp`t*e!Wpg8+x0n+{(>2N-Xus9BnFmA z`13Io9h7Kzi)A}e&Jd})V`wM=S{qx7Yyq6-90>e!+qo`O;xps$VHU(_0JZKsj#dqP z5U6!3jK1Qq^|aWvDI*1uLvsB(9kDABy;?B`P!#7$mN2^nsc+YDmIono?&$()DEZlD zJ^l02BW6(zydC-WAMtjO>ssDgo`PMzj$}(fS1kw@ipZX%0it8@$2!M#f#~E=h?I>d zG80gH0DNR%d|m=&7i5(Ia@4#rkRzu6m&r0g0Tv+*+7aMCm!I#~$c~|^NF>TwX>LIS z{5HtbVaV6#XhasoCij3ta2)$A;LD{YOaLQxuNukD_n4g-P$i*v8gpH;wA~hLML{KC zC4C7r0)c>f_Z$uNQ#`OnKagh)>c|&__=jS=llO{b^3WE%^7SQ89I~G1$PmYiM~Qd< zPVFTKdMO$lx(VR+df>+*xV#pAXNu`|)k?)muv8PBemXHQF#lr6;r)SXuUTQ6HHsq^ z3#1M?vXUo_{PRNqIQcL@8$&1$q-u^!+rY?s z8kN%*Jo5zDglL^S*T%P&VSrJjmw`$nlmc+1Avw+=+Nqlc* zMnX+McKIM2>OFcbW>~q$cA!BX&v7kA6+aQBwpfiTtdVWA4sb#csus`p^2Ula=V-R6 zc}md=J4GFBf;w}EBLr%$3dqw=gdG@EW1#(=3p^SRtQn5lN$^nqr=R4Nn9m@5Xz7QL zULd5fUu-}Xp-V}x6F8}8L|c^>?%e5Aa#}h~bn~1|GSR4BM%}oHq8(z+_OxNbR9lh9^C%t%J@Nj6Ga1`_GLr=-YO*iU# z$dhUtcOCb%7^M(MEfoY)TTm@vVC2AzkUIjk`%l6r^flBh)XxD%XJ&#V6!??~F-t@m@x|#=DBt6MvAB?!D^VbKKr=^crOdO# zCm_@&;|%bTCPcUS5%<(b=D9NxNH{gPW~7ggm`UpHO^_G(nfHLR$NsYAD$;FgpZ)e` z$YBWf`R|AQ|>0)Qn!GuD%BHGWU}%zF&Ul&K*K{5s9c&7@XS^*j@>$M8b~&2qP~D zm=^&%nEC|4ui)5YU<<_8OWPY)L1kwBM=EpCewIc66!WI*+OaB!Tt+@_=RgiEIl{pV za1W5(l=eB=8HExp97Jd@GPmp)9)Jto#zgseZ<_~z8z5{OqsaKHQ{F2Exdvj@GYO9! zFVK3L754^|GpUqF!$JxA^B~{xqf{*6aO(0mu<0seBxEZoNG8+Ti#wmxaL&WobmYpX zO$7R(NU4i&1IDjEHk=)X_4-Bdp{nzCtX^USU^7PgIw!Etvtii+M3VFpsG52U^X*>Z z8WWcnwSXub>?!l|oJd}q)3;$&<&ptsL|>PqX1nl|1$-_N)SE>R_p=m}?T;T*@@|SD zo5D?_mVUIT4lO8f1>it@igpJ13V`54N+O`xXb>}*_9HJ9gP(QhVrLWoJoA8bnns-S zt@@9N%n-hfgGHTun$$?Kh19_5G&w*_$}nEP1Vf=YrURc59w!*Bt5D2nP`+WOrBLB# zc#7YnO7R{P6kP|H(^>3&7Q1E3LBD>zB4k{$Q)sShB~Py@Uo7Ya`piSWGg-01a1 zlx0yMItby*#|?3sRDrFobEdHe!I=_aoT&QbY~nbPD@P=7fC!;O;vfZxC_|VGvcsez z##s<{7!6l8faC!6;V~gm<-}%AgCwaz%}>Z3Y89?=kc8gvAc7%Uu(qssC4Y+ZHc`Tv zXh?h(4r8xK3p?tk{j)o;VP`-F1&F)l0_ep6c91azIgS&_s{?y*p@Xhvk5@^JB=ALh zRfmxxgn*u3<&|uRNHh_ZQP1GPo+=*q%GfG)?YJLte)q$(QU~<+&4yJ>;$+c&bavoj zstHIW-Y&?8M7!5^9yx=Cq#ruNELgpe3upp`E}26BCb4JOSd%5xY_13r3IhpWa4Zju zLtO>r@7jBR>?1~$Lt2?izp57m#V9NwX?x;_UnJJm#wG>Lkul&4&t*;>l!V)i0c8*F zKb3|?iWi84_!M~b?et#$86uU={eXB zW3W;8g;zu4dIEACBK+0(NL*}eup*2n+D?P~L{NrYuX6tUW6)sTHJ)>Pap)L~#KdclEQJg)H^J`E{#aS=|q(JN@zQ5@B`@Xx2*wfGjr#80>in@W% zWWx~40j`4wr2)j1VJISbg_scldTB!&Ho;@0?icDl{bA--K@bJqEH`RfQ3(>VsWHbX z-L!Qxj>`2VrvF7mmaj-$QM|W!MJ8N|NT4B6ng92?@#oKj+GAlaU&bXP<6S_rfGT{O z<7Ipm#FEnZ7hY%V-J6S0Kop^jlY;jMG7US3P5C(n-G56wcKSQ<*l>IrF^`xIiCr6u z4zs;5&gFTU59lBQdWlN~=K*m%S1>(YN&(25`E}9AF`J&p;ZAIOE~h&n+h>BDK=U!P zLknKnev}OG0G(5Zz(me67|d5T-al7L;f7elwY`N+w&0i>Dia943Z#>aSM|Nnex*WU z4qaoGhth{MC#b}!y?`cf49rgaWJIK)7oY!mqtxKj;}b9r*k8=KJrT45ei_YG}2w{@U0` zR;i~whyp6ai+r7Vj_bPn*0BMnfyu(I{{Fd7{j15DjYOg*<4r&rL?bnj8-H7B^g1ww zGJzVTN(W;S)DK=B zr^X299Hrw-LNX3(FKPBfun#KS9i^HW0&XRdv;%;AK}ow5V>(qDD3D0pVR%aMpS7mg zwBsk?#0!H|hY<_3Kk8^)uL{sM?LjJh>=cq*~6c7kd` zPq<*qYz~HaEPxO~x9i7KrcNlC2?>EhJ&xDT&W^K2LPA2LlbM+r(d%jTC=PZu$jI&8 zzFNd80JaGI`DmI@Yr1C%@f{3rQNZ?n2rHJ2mU(#3C6zMek#FBF;yhOLa=5|=*9l?> zU%){fxKXjdR#2Nn+RC@$T7%pZ@=XLAqvJAByU(0huH-_VW%2rfM#VA~`RkVl`F}W6 z;Jv??`-Do25>YP|5eGqD#$cep30ex;L|j0Vl6o1GGNrfG_dDtQAg(K5m)aB~MUuop zdZ{K|{urcP^mGTZQ_O{oWKvdQugM4z;&~y_8unk3TUA6E|x*)CAlS~UmqYw6L z!qAhp!yb?siXe!XXD3~;V)Ik0Ra#8Dk_0qh7|je%P=9BU}Ocn4o?Y1h9bTb{XM-d9serz4vcRcnPct5A|X=xfCHya znHlBjNPo@CVfs{?LFxTjc9l5 z{|gpikL!gK|K;Ph{=EydyKskh)gwBEoB7`*d-s!_Us_vG68?Vce}~y&|K6ARC-6ZH ztsns5!+8nv9WAw#_nF}IpX7gkod5kEA4-2+Vu6C|>`&N|Ne3=Mx?F<3ID?nZFYcC( zZiH0!BpH$34+uas;xVDTl}11Dg{Mo1NMN@CL0*!f0fbF#a~^v{@+dL_Ap)o^^X?zE zjx*Q*5!hGs74(2RD4jtkq&zCoj_==JAjfHT!W&r!v*FfFoAzK71vEn~?woO&E4u&O zT3Y|LR=>~3ox3oN!808ef(RTxR@S%V{i?Z&W9e-ya2{Ce`Gtp5kC_u((6 zRHnuEnv=V`XT-?^r<9;jz|#5Ode{$4nldDuG(Sm77r>f6s0i{PZ&|5? z|AwP8kyJ;d{{~!eZMwM*Vx8Pp4y8(hc@i5nQE&g6qYzZGG~G_$-wi+;>44(KPUEN; zsjTDF-;h`q>+#Ds^8D}XcQ&;tJRAvSM1sST7Ws$5s!3`#xGU01(3A{(tB&TeBhi72 zKYv${Mst8Ps9tG=*UwP-z9-8fm49AnIRZ6cUvV~3fIGpE^U%uh(}GKoXZ6uoY7WoS zVq&8cv_fxTTVuj?M~$;qi7`}7!+8@d4JKbeApN`)>a6ANoqy{P?C;4#iqZlzyzi<=;QP0aOPY>iAPQm#1jGtKoX%C zN~`+={4{D*&OLjMqnS~jjC}*SAwKF#^tI_WyT8|kH^(_m^eGPl&ysA8;Vy9~SPeTq zJ@JZ;SS#7fw^A+!6-xk`E&@@oyn*PxubAjJmVF<^`rm;2ZXX&lLvgE*o>IohA+$c} zQ~YrnpP_r=iqRCxa$Sl)fcFmFAuZ*p$;qQw*Dg5Yj>6RWIxPp!j-LnKsBRR^O%gPA zrKrb@K;7!Vw?PZd(CgN2+?ZBgxN6OsK&*#Gzda~-4@z~C?pZ#)5(cu<`--Ilj`Y5m zJVUifdwlm%zn2Mp4Z1~)-$jx6g20$H0@}gHS5?B>O6X1aSlzm&#p4|UD{Ns z_zvZ!G|DV#;13U;!qaEY_(KE^gltg|y=&|R=^gh#&Gh8T;^LgSUqAHo1T5_RCs#nY z84;H@Y0{&Z&S4ci#@*Pqs3dA*WDp!7UxmNC#s=zo@BjrIrIi82#dYc~cSO}xy5RA- z_RtVYT7Fs?l!V|C9K9YJt35mlvwl0a{Own@o1Wu^AM1M{TO6U40ldZ~-(Eh8Yg`71 zRtDVq*=ab(0M|$coFnZ`@BI&lhS)Dcwj<^Y+z>V@QI24dhr2*HSj3^KlNYO4hda(n zg@@8Yy$Jp1FacB}@UT+JSRB|UPK5%QX9j#I>MFiy5LA24)5nRb*tS%um8OTPmi$Qr(MC3`a?N^~zVH+`N!UbFzv^5S$l){X!@qT_`>3C|P z)(P=X*hdN#T%DEiFq%&(RFE=W*?)=HPJ|4AGuH&`Bg?oKH9U=c#;?j2V-_fY;GE^c zAm#p~3M0_Bo4j4m%$_;HR!LmsxYv@zy}sLEkuB8uC1$r2I7Ch(>nUg27-3|JD)OKz z*-YHRjEs+No)I8H2(3uKD(D|lp!YQ-g#oe-C?!IVha4+2E~W%}6vop!^iEHJtTh4d zugeCGH3CIO>UmTp-Mr5uQKEfm%G4>-S~-$hU&}+Bmp|KTu|s|{&yfX%F-VFSqmS9= zVNRB5Tdo#&_RpJ&T#XpEN#gkP<2Qhan zEmC>&7H4CtlMyLiL4&lc^KUSyM3TNr@y7+3?_YSlA*A-w<-h%!<(Bp;y`}wTTVSk5 zl6AK%MsDaKIU1ti)WwVhL&B}?D;^(i6Zh8$wqH43G~jO#!ULt&Qs~)Nusn~TDE4AG zmAm>**`kvS27Uf^4A}#*YwnB3YVH7i1J6KVv@0t3wZH#<1T7R@aGWeTvXB{H6h;6N zMVu4CF)~ff8zY~*_nun4W$V_?Bg2=LJ3@7pfruPbg4sk^En&F=T+@rrUS9euvbn)}!h^VVkK#0ZxOtizNTzAm)0-t*Q{SiWq5XBMH=gTi<5 z-F5qZw1rh-HqkSfh<51ySUOJzZ|=wZs{MdZUAXXtJ9I(CUPAYf42ga)G<-&w|BPzv zDy};g6|^Pm*IY8^Op+H3L6?FYP%C9VxdK9NlR<0#%5ku`yLwxLm*W$T6zuyxc=&&~!Q6Z&JHD2^=uYjitV^-WSt0@CKICsznovhP2L*^H9BXp=co zNSQaj4nVgPPILqh-QYnXoIwY;!K8u2WKhORL$#1WVpN9=Ov|lLgkMMEfz$ddoC+GGd}XyNjAe_pFk*hb^c+f2xe*p{_?!KD+(=)P7@CxJQm7eUVMbC^=15dKN^X- zj83ClkP2j>0v4$gN+s$f6Oh=JeP0BMN&C>cwQJ=8OHqeyHgLV{wS)j!`{L9ZGF=!3 zN0No08jJ{D`!3#n!X^3NXa(-^4xf1LdVdfOdak7Ii!9(mm zGtekx00JHXC4a>XoO1%h_sNuA5`0NJ18FkDdKeJoj~83JVFN$rCP3zI@9s7Le7@4^ z(9OhW`Qx-A2Da@hMnu_jXX;xXx3F-dQjAiuBrg((3Rwy?emw&Xy#vT*45CW_lu&=z zMm5KJy^G8NiwZIFhJousgU4>6DzFKK7*|jt$xC{G$f|UskFg8RH-0QQAI*cZW%up@ zCAOp@;`Dt5*Fj-vY3cZ2Q$65maSfP5NnXG}*D|NcJWd`L%=*ZCMo=}Xl0d-qKrn1b zKMsYGyr|CJ^nGEYvhgff<-z@{ZmS!n!_2*0IAjMzCti|dfEZQOF%=S~s9<1G>bkUn zVtGsz_C|GO-CnpMb^vLJd_F#*XoqeYSUL|10q?Qpzz~lxCxTu6Wr42wn0FU!DFPry z_k(7YT^8)>FpprZhn(;kBAi8RbIIndaQvO|k zXh;Dh)?)-jzFv>yz{nElJ)|K_WQ{#YRy|Jb3+AsD16H$ro$Aip!{ed=O~V@@#2S3- zuP)U6Kv%EOjHSZpLbKUi&7DLvM@e2ZCs{5RUKq8ve0VHm2k9zBd8mX}jXj7bCXIDy zJ-y3t^{e+@s5=0Ks^Eov_si^z6+xOKZc0>Gn1&`!a3KI|a-Y3}LoY@`RwCcp;*b@! zPO^PO7vvGR<%o|5zr7Z4Hcvzw*c=0x`j3EeM(eaT>U$MPW{OO+9V3|JNrMp!$AKgE zAZTJ@*dnGeUz`e}bp4%#?cLCx2lP!m0}v-wMB#cwQQVI)8>Pl7~v&&Rm|of{qlB z=pmpnF8ew-ImLpNty@}Rou#m|zS6neoM|gXW_aV>lp%x&j`jK#JwyzWK*LptV_&pj zC(OE;juRYihgtd1@7|K_polWrlEVul!=cDw19+%wr@To^w8+<{*>FeXTCz&NSatHY zzymsHsc?GSy^+s#%sf!(oX@4OCmc|lSyNaOr>?-5~GaUC`Nt$q{K?U*x=0apDONLfXU0Aw>|RuoD9|#+c#J z`R7tE-4|UP zuWq*kfkb*CAV1ZE|9TF$htTIpIp$CR+$b2hjT>ISc(CnI-}utfvn5AVhmd^7OLYsk z+KBL=aJGSoQ?L`7uslkP&i?+u~{=G*3S6#F)`c$Zh7{W<4`u@?VdM#qpCfQaRSU3lCKcr&!t)jy zVx?3>bv;N+3fZ?7_8V@Ae-%$rVD*hp%U&HXZm%WJ=*|5j^MZ)v+5uxMaVJlgYoBo_BY2ZElD}6G9OzZa)OM<4sly_ z@CI1Kq==nk18*t&|>w2<-kKAfuMm@f4pdL!Tl8B~pA{0>u$T1oi|{v!~$ zv@rT?8zm2N7>1?`3JR8I7ceh@k*r2TiZ||bdvC81Dem{nh0O2JSZZU?2_+4*@0XS^ z81YMtR466qb}r{sKX%A+>mNv;MVHD}w2BgzgN}~IRPoR9%ZB_0;0|}y>-~^HiAYNR z#~+01ZD{-heY)@7y*sPzinBrHp(1YjUnF?o`Sa&1`#aDYf$w#U8uY>(I#|qr64IHC zGa7JW%qH^D$Mqw=9uq7;Oc6xJ;q?8^b}}-mzs;*L5y)H-gc`F0%jSJA+K*xKDgGLg z{RLVIxGN%RAfV{JtY@*_jXSY0yesfGud2d1Y!VgZvQ(zTvUhGCXUYEyeAc<>9_(%Ie|GMCn)}8#bCqklJdQs9++#1o)E3A|hgdDJbTeu6e*k2g^5*-9*3;$Py8G zQFliaL{MO$6;RYb0hJVmMFsZv_q3n)<91G8a2RHu=YH<{y8dsMPcn_qa7p$l#3?UQ z0ng{P`K_3-0Q^&!DT_ds7m(#p?+#@HGLqvwNpE23H_ z4$Q~(aSOoPJ?=#3_(y=1jKBuYIr&t~0}OI6W9Vegm~eb>yXNLlE>qMmD zpF7@MJxJqODBKc?ndXp&B1^)2Ss4`W4TLgbrK_7i6g@+NJXSm3CYFur;$v=$gzOxk zAG2j`4Xb&=r>Q*fQ9m`O`r_<$IL;cp0`!pxhm|iwZbMp;?8Y;-5*n`LH{G~iDqj0r z3Kbzl@h%lD2jv^Af2Y%BGh*nOn(%vhvh@lgrC=)z><0XmcLe!i5p#Fo=gYZI1~;%E z2t(yakQy)qNGYmR>)Ea2)q6`(T4WVSs7Gl_^)M4z8^8ZFrB z=c`SXw6+94Or+2|sO-A@_RB$v9~kCVI7mgc^tq_ll33KfNVTd!M-Mj)Mhu6$e>kZc z<@q%~j)cf`tBN#Gp1W(7%=swUH`y{%fV^QD3p|mQKz)W>$i#cfq?tusYk^-O!FD`s z{k3eCCIqX(QHstj>zy9s$I+xEiD)IR)uE4Xtn1VUAG&FRH%FEB{SpqO8KK@xR!{$| zF7tz+7#3s;MV(ST(tlvdr{O!47V`IwzNtDLp-6DUuN)Hl{u4^`gVcb9dr*_?s1N1& zoyEQv{^Z}EUBD>=HebzZPZ&SJNF09#vbd!>lnH^?wSZoj*QS(qg$JoP8H;$7)uy+sAj$|Zy5Fc1JGe*|^YL+cJZE7Rs)R`q=;2R|BW zU#f{uVYoEYu0U*DVEa%1;%Z(*MakYV=ckOK69I_?V*r??LY(&yPK6emKLEc(QS!E_ z1YK6T3q{#v(;+w)W8rR?@WFg*{Zfok13tuPlC!d#!^Flf1`6)09ZT>)#UG2J@8f;+ zZ6!p3j`{vr82iG|qTeDw8G&)-FNgTQ!dR5xnhg`ydDAZKHb=u)%E#Ca=NEX9xx4N4 z#^Y?>mqz$-dhA%jdTI!@6}a=1Qr*Kc6QHluutr39HJU^rT8<$S`w){B=Gtw&Q!TUf zsHd0f6SfI=s+NRe(r=rO*8Rk~@s|L}ov-NFLbZ~++~>A^vfWr#wPBAc1HYI(w2}Pf z)+@p3t?Z(cO_q$^H`eqdhEak!k*p=4sPn#m9F%n%@m00&bgp|1+I$?3` z)k551P9B3n_?Pn_1pwu@gxVUr9wJxr@n<(24dP;?%vp80l-r!{!r>z}^KHPHP?v&^ zj!RvMWxIpPeXx*`WEtT@Da=Q@TN@aY(~)Bu7_zYUsT==5%yDYKKdIO`arVCb=|+)U zTKjLM+wIvPh>w7wB{c;b||z$v%D%^L_QogH8g7N z>g9^HGQ2x(7Tk9G78}d>#@*%u�awQ>N&Uf?MYaB0>911Z$XQDz2h_WnZ`HC#RNE z!^--ER8y`idG#DJ^S*`AQZ)A?B2TZ|+U9cym9>-1W^uOW7)R$)K(^14rJp}O1A@Q{ zrD^>B&i3~9ZwxdFrH58lL-w19_n8aC@{_8<#c;ask%ydW%RddczL*aLqkmYN)lE0BH1lmwgU=85$AaQkE| z$SA!pvu{qynrTubh)%=0x;k&Y^)UO=M~e#%SZ((lWO%{q7xTG2qf>|%t@mm~3CN3^ zB;*8ARS=rkK2EE0e&mQyn6ScOm$F^=^?VT&0`)6)?tZ`SpR&h}CF@FdK|>%7xxfiU zx5%czMh3VW2Z$hyW>-x#Aym}S^GjXH)v>N=xpAZIluKVZBI9qG{dRv4lav6lq#;*& zJE5OSoklEO$qBIcmXjfQ;lZ_;sps*hk_p!0mCbP>Q7K(j3Qx&-mLWjRC1eVu8h+zk zgZHp3-edegsM#yW8p;yYBy5|tp7!>c4w~&DSGKS1X}gxuCpY@tcH^hx3qCUN!^4So z?GFP~x3WJzytc*eJMau)MpDwF(lonTEnJuREW26S`p$-zQk+tF9zF6OpItsBhB{*z z?QPYRo+D@ClT1tMUhQXPzZFTzns2`zK69c;0XYg0(_9V(H_;M$4~?EsytW(_KoWp# z@t^?#7qfr*G#4*qBsS`-B}M%=gOG4FRcVtKr&Q)3PRV9QL2RtaK{s<=!FKN7Z=;9l zX->H9b`ZpGFaCGo?JMr35xAw5R&ULgGSc1Y(e68OOQCn2#utg za)wNd_o&;{JHoSw33ThbI|FvL-R)PN;W5NKg{r|22tSQPGc>+a*51m$t+;1T;iL2z zq^+9MCO}T9&0Mpbbq*8n*5=I5xXC)GO0Y8qU!hWnAK)8%KXQT!%Cf|(fs68<&3e|# z^ZAZ@*aDUsvn_?2_M<*w{91**85E)G@70ePN7BSCmMOQGabyl|9@%dJV=my!%^~JS zmRX18${kV#puUvvWjLO|^X0nv0VMXc(1Q8Z$ie@dotLr`j8no=EmIAwyLI|n|IjZ^ zzKRH*%eHNF?-Nglh{%W;-s*IpYp3x#M>B3EZ-SY=g&=9A%^!YYKQ--4?Nz(joabN9 z&n_bS400Dfz{t&$k%?V+QoJZLVDy!YPx0mnEs3o5*AYWn&FeII`v5mBz<&x38|JOx|aQ$U5bqOUiL;=5ol9X+z3G8-vhVV*gk&# z1U?59UF0}`A61SBVG4&ZJa}-I(`iL;3cKJk^a@48$xyK3+BbLW`V@eoy|u8Qw&}&- z&o7ZL5L|a+wsPvFgkAP8^8-z@)NKMC9A2t%obtcO8>`RH=M@&Z0X4?}1)X!x(tz9G|N6yzoOpFvTL73im?9OqLZVg3 z@6NqZ_ZuafRZ`(tXnC0gHwn3t(!~!uRBX)(Z}LaB0gV%|~fZl?QN@Yvb!b6~j$m8;wv(vZV&0mlS7;Zx- zm*TA1E_9!Yej>Wc=K4A%5K2Ib@qEkVN`#-F(U1IsFuS0dScV zKA@LX(bFloizcx~b@r&M1GP|A4;{4vRy|JyT5VV|@xK~ooxJ+*|3@YNZ$h`er&n&p Wd&#xuzHQJ)b^FlcgN%ubHvR|v6RGR~ literal 0 HcmV?d00001 diff --git a/docs/versioned_docs/version-2.17/_media/benchmark_fio_azure_iops.png b/docs/versioned_docs/version-2.17/_media/benchmark_fio_azure_iops.png new file mode 100644 index 0000000000000000000000000000000000000000..1723257a812a773fea286d512d38ed9186a9a46e GIT binary patch literal 29702 zcmd?S2T+yiwk?WnciU>4Gb*SoR8T+^M6v;eg$POx0xAds0+J+ySy2>Oph#ANWKjgk zU<47#Nr@_w1tcr+j!E}E;nsWi)O~NCdrsB0cJH=qSp5GN<{Wd3F{d7f6=mnmVV}ds z#x{>BC!@^9HnW|LZN}gqzvE9HZJx!4e~H@e*R)l!G_tinZheyN&~e){r!8$yo19p8 z_N29qiKWF3ei8m{Ti2bkwLN1aCLmz`FJHiKX>BYZvEtD}e8}uGa#}WQYzvOlKQp4G zqfFS?Y;2e^dsH2Qx*HsW6kD37`bH$jj@^6WWqvQ-JJL7!iSH$4UKuTwyH6rFxELLl zsa~i&&qMB+>RZKYEZ3%y2F;{-J8F6t7oFH@#_QIjJ4ChS-tN5O#02S znZMdj|H0{V=jPLI&dpm`I)i@mc*fr!vh$zzA?xl0?6L}5Gyf|7H-D{|Z+Vg9*YeSy zGub$#@f6P`fBWq>tv#CrxrKx(Ylll8?6czcD(tRH6}I{!QuZZfdvm8)Eo-(LzP%r||3>V|!n@ijrd2aJXQt^pkMyKWt{rYK6Dpj zXe$Yw3bCt6)K5IyT^l3kz2V*M^%u9Fd>8TM&5gK&e*Cr1%yll*@$2VEyeN4+*ijL8 z?8ODAiJ_XIffDI0yu7?GCe}*39bLbEJ+FRF*7*4N*Uz6HNI3RK<0rC9IwkY#WjSza z%y`~>3G4XyvU%OJ7{daV>Bpo8uLguGZs%U+UzCG8vme? zs8`j~kV&tpmY}T`EN-vZZ@^~dkF^>a_*&qzY}G1%>zmB*4I4I8X4skC5zyCb&bwI= zBI#^9)TySMxg$b6Li#4Ox3#U(^VQ98#}Aw{3a(x^n=Ch(1+cWvR?Y4+zqh`0H!}t4cqaB+hhbmQA5dyj6%1bsXID9f-^H{WOStP!) zadhIf$C85n-hjzb3eQe|^kk@n$#{&_=B~Yb`Lb5c=871VO>ugfnws%qg?IT5o^e&kb{=`w zd5c4`wqw`Nfi@AA!sPhRLkG^r*XO2xdu1+Hj_IIS+-5i~qc+INgorbD3Qrsq-%mQ)rb#Af?vvPBDB_t$# zxn$=HpZ;)oYJ8wXvaafpuJ|(kqnfxu@9qhPhd6ce47Hc-Yby@EVH4P1kbB|61>50o zTG?YgneY5}L}g`XryyuK>&@*b4*#>P?MJbAFQYIw>c`P6ha)(8-V9;0Y6Z)jpAYeq zY;h_N1&awccAqF#a8Fc@Q|B|w%pBVx)pw}fA-Bf4yEetNKJCf)#6(L+M+`+Urq9OF zuEgA)E-~(?7?r5bcXzh1Y)kU3kLv0Uy_m%*$GWvfGz{lU`ny#_eZA_F6Z@Iv2tM&G zf}7k5gG6mEj72L)UcbJSCk%n59d~#^{c^UQzUBLVu(6FDe56w^pr3OZA9j2qa4yZoLk9wc0Z4IAfKPl9J8XaJOccQqZpBA#S54ar5l`)`(iaHr04< zR+{Z>-`v~F+4hW|pWmoDUd!s4S>Km88&w`E^l^yT_tdwBx=&iwZfxai40Rigv9h=K zvZ;ITzawzwtog6&T5I&(8yp-R-=rsGW@c)ooq4cI)H=dy*BYzpzVF|+-B`|deIV<~ z0#1wi`uZ=DiSb%b0}vAOYxy&z58mNDDLJ}O_b#8#@~-jToHwrhUklWo5l74{8Zwp{ zkFg3rJTXYfWNT4itWN493fw2(-#fx}z_S!_&91$4{h<&E zErg-Uj*6(N`+F{G`bh6zz1{FySXkI#kw{ZJa*UYu*K2vV*2W=2A}h-4W}dw%tTKr7 zrG}89n_+S(D{BVB1;A)7_M-ukZFV5*KCJqD2peyX*4VAK>+xs#44}8gg89s$$hDkmv2_ zYwJ>#F3wtT*U!%nD-)I4=(MHrnR#QDR+M6JIWmkL9z0mmS-s`mog1k+j0s!~%Hp1a zv6@f9jNac{FCvoqYbw*UEH$+zMnzUD$C5Pj6<90+y&H>Pg~tdLP`H`AN|Cr9NON z$IJrZ3sPp)Tg@60b0-6$C(Ii%s%njXeE;lWAv-8)SQJndB;{JWM#7<#clFNG+YqaF ze0*w*)bU{N<@h5-_oSxAZOkH^-&|kzq}sAJxgdk<6VBeP0d~3VVm}RovxOh$5ALb`qezy2kyGi3U zqU@N$7eY#h@Q~N&qO%lmZw(T1?Yi#r0K?$|smD7swT-M>Jo=5ou-#R;6Ose(cT@-e zD%eo+$EcU|ImLZyz>8NR*!V)SQ!OQDC9da_MhF^}x6HN1!KpHmBQY+Ys7RecDl z_Xw7MI$Nmjcu0tdHHgy|2XOnO+K*RFULfoH1%_71il*+5#-VD*jvb3{DXU|a1J)&k zdf`I-Hg~xkE5o)U4A&s976>DWpb~?*MdOj@Kw9{Lo2;u>W#d~?%xdo18ZVX1DH{n8 zHp@#lzxeyS_|TcZ{1Oz>lcT&B{`jNx<>k38ZEb$h=03`U?dge$iNZV&7>*7Onu(uBKVRjv zMJSi)wLzvF{r+kJcZ2`;Z{c22@-LT*-{^JnS}U#&Fx=nYUk(UlkYI0PqXM|f&BTtE zA-b^=Zek&S`g|zi=$Mjn?-_a8R-0l*+wC;e8EN0>C|e%9XyDdbaj~kx0O7dmN4jx{ zvjxb`M~)oPMtHAHHsNx2cSkv4(pecZGGsaPdGlq!a)`mSpEUYvfm zn-~YKhKwCaGGzYz`ST4gcI)7v)bg#G_kA`g$&co4<4{5H8+yG&Nly8~(}euW2m5Aq zH)iVq*!pZdq>R;G+z>K$r*!DnitcIJ~mk()6+w7#c8np z!MBf3;}BZ3pPlwcrg{LF&$M>?P5DH9mg5d)?ec-S9uZ>tnQ3P}U(j=GSvK*rEp$Pa z*XvtLL&fagjp9sI1xUN+;K~d<&v!j+kmvcttr+V zxnf~?aZ*Px~WumPK%^s_cXX_sd+^L3@vjgO%JgvTaq`yC@696vHgt1NZjf>Py z0OBLzAH8naH@Vi#Y3t1zxP^K>a_{9iJh-*}-@k)pxT<=8_j!gm3afiKLE#4Zw_<={ zYJsMJk(XpoOuSEA=r_<-BAzWhhKJ2++llu+f;DJ9nrhi3h3KkS9-KZ;YV6z7tENq_ zD6FCOtpc6UrO3Jz0czpJ(4IYe3P$A)`fop(j5Rd>n6w|EY9y#YQbOV=^1_p6H@y-Q zEm>~ft9;_(;u>8?bOB!6JF61{sVqaBZy&1BSGwCg!(lM(4NAEa+l}5w8;3X^U=0=u z|7KOJ$ z4)<6fdQ%PY=xBPF=c*m1h__aX$t(DbekeS$!L?w1Ym&7d9GHkc5`HB@+-B}p-HgGI zA@_+PjjpzPiBAu{8~*yALSa#|#N1?2SqxLB|?^ z1~d>p{TQHic(pdZ%y9XcG<5p(``JMNLS{FA9P;1J{lb-Tl8wNbU5KEpe(!LZEN2Y3 z8!M@r)3USXuX!Be=p}HwzU1kPk;Rgt`aptJxJ=A)MC2vH<$CSYE}pUX z$XVuwoK>4A6VQLu*rx*7%YwV#)m4$!|Lf6EY>= z3G827o@}DhB|6w{pPIi3z!=HG&$i8Gy(ov*TNd{X;u#QIJ8|@9SKs`Z`l7pgcjsO@ z+R;Fug#jN?SQcAdS=3Q{>TJcsL(4#kpnlOwG?O<4Sbe5<9HGyUZ)9*#6&Qw_`P8VW z9RIz!-VF$YSLLDS*`9iTMmKP!*U-_v$H!mA&(1qRTuI)|)lm~;BTY37S00|$@tIab z>4JG3)jbh^+PRJnK6z<~oRW-EhEZql0ss+43$9%6^Qs}?Nce&3Yd;!%-b_r6^|A|| zxD+A2*ZFzI@Im8|m2|lS$q9VWxG@5;kyg8C0cXr|4K& zHRnlIK4I<6^ITPxX>Z9a#|kWCXJ@x;@RAyRJ8I9qc<~02)ChO^WL#!eL|08>SN2Hb zjS)3d+z@uu9z)JW0m436d~C||!Cl@C!;KyUV&+BNo8izG#;X<^(U|RQhB`ycrqvU% zDiTjl+#4{1A1b=R?$jn;V66qVS!sF=wxfe433}PueA>y6Lz?mb(d;4?-;&Kwor+#| zZncO-Ji@OTHh?~Br$v1<9#W2A7~qdf$&ukP!P6hMIXXIaVDV#BV^|NBLLY_8dUc|1 z812dIRgF>R)=jtGj}i*my@B;Dt)RnWQ^;eZpk4&`16~{n$g1t&+D7qE*wL@Hb$zdH z_2hm1@+FK%<>BUoceiG^jy=Pbv~KE6$xPbM>DZ8OEMg`%Wk68{v zqcZvk*D3?z6^447q#HH7b+a7GOpGQ)8XfilAN92RHxWhz0_dpH(672QdkIJ9nowZR zuIxsv-I2qGZ?~3&CL-x|A|q22c<0L#t`?_m(q8%?!);=8-&z44+up{8jACL#4hm#P zpyKMn!;67rbHioM{{C_C+C zv+=S1NDk$(t2KyE^9SD97rgI;yvJhh_lVqI>PtXGD0pw!zqmdJX%yA-_F}Vz%a@-m z=~}803^4o35O39JfH!SILV9Bo`1tWQvk6qY%@P(acC4_Xk=UmIfj)dX&m2l(=**X_ z6|+54yE8*NPAzVEo7EDVN!-koY7vY2U5yhG@z<{X(IwGU8ROI5?Kb(-IL>v4aj{U| z%8Eq&T$w5HoUyEuU~%JLX3lIzrE1aOFr~i4Ci|vfE7*>Qc$wMHVosHXwPL|Na^^4K z5)9SF8wr`$CJWBL%GJ12e9iod99L%>-0@u_Pw>FblYEQ=s;a&}2P>3r`uWvJBHN`l z?Zh{^d@`8vc+&y!v(FA^IapBvOKd5UH$h(@@y$BVPSX+neI9!Rc*4dS@u($#Gg#HM znV^df;J|y11UFxvv#cDP008A?wHW37fZ%sQlpy;J)tV)ml!fi5ee4nC8k}&N{Mm+t z$L~5=ChOE+u<4GJtJBXPKcW@2#LT)VRt#^SUiA2H?y9f3htZ~(qd8=8rXD6?=fX1J_WMez3W#zhO=0IrcBMl+ps{i19{xeoqZW&-H_tjU6j6I&6EL<*ps&qHq!qn7M z3d%U2uWM@%?<(W9cAP8;(FKbQ?&2O@ZSd2ZbjBK3<|QWQa5#ZpNJnBSgVhu=DQB!Q zP=0pYA`&hR~RlJr8 z;I1+tHOW%0U}dgfzb@aiZ<9P8ruDr)4sYqTMO^XsIlDoHspHb5oOpBH*F^Ofu-`#B zH?8gL)P}!(q)Hlcltg48DVgi$iJkp+PyP;X7O@kAbbzSM!{7g0c^@=E2Uy55Xe=>M!@2-i3d$!9=e46KJB%n}J27f^ z`O>9!$OF)DE?1`87z-ori!KO0h4)P{-<^mQmNV8PE(x&DQxWY<(C+2SmrEh4VUsrR z+NB9q;s^i>7}qRc3l2Q;IiXhMOsdcrpk@zV_w=;YcJKSLp9ym2YRdaJZ}ww1t22Id zGHI>s#)i!i?}R&6CmLqGaYbd`*^rsq=r(2!8KfYiEf>!*in2-Q%%|N{^2967fF4X-Oox9wmNaHpaovp1*W z&5ac;&CTJ@%!6yXj<{`CLTHpB%~P%Kp_2?lteMR&S>M35E4h1 zLAwD*i3G-kpcZ>HJqgj7wYBZ`X|8tSpYUnF&tKC%xI2eo*IlcI8d`c{(5Ir`GIv5f zQvMDLB&>DIyU0(Uj_IbIc@c99CzuZI$#+YaZBbXidXbPMWZ!c%$_d%D9F(+byr!U| zv-1`RL!i+s5rw&#C=QZpmreZkGR>+vzFPo1@<^kz5}sED3u7+V$8agsl~|mPyPRjU`1I5D^eU9gm=#6tV(q&*m)d zKADAIU(f6kI`R4s6fgUcL8?)MCKwl*)jUerXKlY;jp-Ml}AN}j3!>$c*xX1c)f$Sqv$8%Xef3&bjCz|X)spS zkBTtzEQ50HyTe$~>?62)%K7-oho;7wrk0{$BHWKKTAN`PhxNZ5ZN|;S?N9@)VfXEW zAW^Q9lam2EjBi2Bxx2NE{12b{7Oq?w{r&qHCLKja3?4LAJt2Su4k_2scHr6S-B!DI zpCbhhIe-6w1E_ng)Nkinw_L}@b2Fip`H_hLbVWNL6hP3iq(h7SPS2Qt5bV^G-u6XT z|Ity=t~UCD3MFZxc7(uGr)OlyPXlg%9@DqC*Uy(B8 zf1X{!;V}x8kZ7~VsG`%;(oUfmt9GkRwM+!#w`J>A1wt*j4$;?_ZQ&IXQU%WUvMY2@ zD6k6V$U{XKr4psc%vkc?i$gLN_rwfIhF!`fO)U|~*m~C*+SVlF68?_jwSSgKjs&4} zk4GKG-KotiN9coAI%8V!js>++okADk_SyZj22PdPFHh7?kq6kVzy-7Y*?$uCm>e!M zi$SIaybv^{34&lat9qcyE4;a6X&F*XDh{xgLg>M6n}Ed@nHo5+sdp#v zQOF_zP!ocVIb(A+N=r+V9z*I7NL$;McgsNR9sn^QS1HOYCnSyS&^o^ZOb+Nz+B+4U zC0j%vsVKl}l3F~1noZ1k`1FNtQCxmfU3+^I!L`KT9|FR_p${Q{Y1$#7MX(E-Zsz5E zS8I>UhoEerTk={j4!f}h1sf_T|LJr=TJPfoTE=oBZI~H8f~YQ{kUX_MAI%uJXMqK^ z!(&2yIanSnS_N4%>J8d5Do88I>*ixmsk z&c8}}w3+LB*Zi+vtlNZ66qk;Ged@wx;8l&jP1-DlNO(>jhcM;dB5^F`;IOz{(w=nY z^GnT=LrsPFN=n-(3^wDz`$tAoy#Xf*r-FJ=bALbdq@L4MGr2`Sh|hiRFY&QT5bV$#wXn@kqTC{$#<#_bGgU zDhk(@0v}m$DMtVp@Oj;XeD5#Hz3W<9foz(HSJcUMc6Q#RDUE~$#w%=S46FYLkclp# zX=SuGL(6?lVpjk4MqD(_v1>VjpWPl+W#=5DLgDuC*P=iTl10GR4Ymea%4ZCG=mq6U z4-RrQ4x1jZ?f8ZHoKoLxZ;TRu&wX(DmQZyVA+Yjg*ocJmcMOx_AW>@@n}g3Zj&IW0 zjnkJzMjV)QUS>qDtA+eGgz_>D*=7_}&ouMRf-1YHOD5I4?rc+dxSxQ2H5dn90evaT z4sbOn8yZG{G6^3R)9!P`?2w#16!~Vik}DejMFuO&PKF4Xd<0Lo3C#_58ldt zE#KK?n~LYm7md+Bfv|jp96VE#6GM2pcc0H_rhaHcWP8!&|G|u06%(-i5MmnLX*SZ+ zu%O<8_TDR(xP0z|cVWy)fXKbkY;Q+ZoW>RgLk5VmoRSjp4@lTfQxhXCU0reDb335s zm6BHP-A7Odnx^{1=uj2NeF(h=k&Y^HQHMZgi66Qi?91w2J_3@SEJhC=Ja|$K%fivT zm1e#}DK&aN5Z{5kzuJlq;6+lLM=Y`@N4rMszCr($g%nVM{fR&M=+Ptf=$j!Ql~~}Q z$deJ(tq;x}vEmTK#IxE`z&L!m8A4^#a&r?8DRmdO-c4ef$r8HYGU4vQL02xCd zG)W&AMUv-kaQr>TwxgWrnu_jkc`L#FG-==cU`FfLiN{e~GK8R)=d_G$e&>?kKolcv zjLH_mjS$RXx=6V-gu9QjFI;$^>S)9eVsWH?e40tRHxyd?jAjv>aqVoU6n3Fg_kon- z5b22#$C(Ys)!0}k%BcIp3B18l$U^{_Yj>U5J&#@JHUm)oC~%4@3U|`CnDz&*jDb{# z&=w1!#|c#c>Fe`W?^FQptbxGgpr1c~&KzZ|TNThYEf1+n5T1mM-mfID7~vYVRD>3& z0^UTS0sY5-Zy;O@HYpBim0<;EdOkgEfX-H47ky*Id2}tSVFic`^ekmileM(w{PFRWvDfp z^S$DbljqExtAb#k0(Csf-g(m%989`!K+{wjfNQ=%6cuGl5Q|n$dd`FGW#oFq%`_@{ z?T1j2pqr_Vq+1HZ25eaI1oMG!Je=GlwE@qC4D$X2P>IFS938H+tO}Q1aQVs=UZoI; zYQx{kgWFPP&YVeMaRS$-uV)8OqKdVgAAhjaqUN| zc1VY$P}$WvpGdp|`i2a9fV-z)QXoGe;#w3U<%T!KtLV0~F1(U>Yx`w4?>0a{+a+|Y zg(9EUN|m0?TM5eZNKQ^pj8l2L;aX_%^vh%4e=E-`p6Gu?j{H-|g!u-Z%#H(WJnMl$ zupEG7JPk`Fewkh$Zz&~%_7UP)h;H!!>ryTsy5qusy4UxA_r231ZD*eI?SHjEI^yq5 zUcYPCuE@aen#bT>q+kCfmgWE5*Z60er@c~81QmQf^I9v66hp+X<4}JG88v%~PrmkP>5Ee)fBPl~}na^*r)e z-sssj3j~mBHWT2x2Vrh3EGjw#681*QIPP(0MU)qTH*l=5^0nU-X)Hxy!ip#=>-K9k3j}GC*9qchJXDU9j{!h`a^2Q=cP~mT?I$NL@7=q%5^gSfBlvg8 z?i@TU3>Ks)NK^$*VlpHk&?GUKnxf?2M!C#k$M~LEQcqs*ab1n7tEdO118P3_5G>|ASEI` zgq;RYkztN`YnsrVE$TL&rsveb&9v`73;_DIv(q#o7xEMXwv<=etzW)u5D*YB3uZv1 zIHd2=cR4`B@)4?isxVRU`oW;dCA#21srj)luRVBmp2eepJ@#AU>mNk*phidHZs7S7 zdX66Wr83C;!iH}bQdvkD0wsj6h@~F!@&&aV6A7wt2NRM3#+g(GhXT2c7mnGr)A8|( zbw~NMMm2Z&*4r@VfjcJ_1F}~aY;&v#WXOXoB+mzXF8*!;jmh-G;|JKYhZ=g0Z)$76 z1=*oaJ6RNQKBs#nxP_kd2Aojh ztq4Pci9D;F3N4(e4ChJE-6(MGs65x5XT{wn;RHx`FV zV@m`;_}pA6NNV>H06}5f_QPEt`>`u=kRwqchmx%Vw4n+3Nmh?x+$orYSd4kAw##6- z@n=toP=ehS#{CreVVlp(N0#mcCkZ!jCr z+Vyb|OL}lxq=Donn$Qc$pMdk$w#DZ8x7NZ;z=FAo@ejQbM!7+x(6{;dviKCWJG^Si zc3tXJfxsCNtDl=gW+*rZ^pzy~E)f<0Hp8;-1N-31*uQ^&3_uv5K`s^5l0U!t&>43c z=?RW+`;{VH2retU-TX}YxeQ^Gav3sC0yUFlPDhv6yJ=H)V`F1&rhOu$ULr`hybXop zpEZbU#S1LPs=U8vCK(t2P%6OKs3xB(GZbHOpj4$4c12;kPSxze@`L?DL&VM8fj{9_ zOB?hfWb3(4*b&8oa;1N8&{Hi68%!@nmV`U}y4s}MK)Um3S%V!pc?X38;Zj_skVfZT z$vAV!T+@D0m!H-Xz3x+FDoerd!KbPb8Ob0}f-rC=@w|3Y{5}d=H zcDhfEg%Zp~gUTuJ&sKWV*T&=`_@QOR+z7|fh)nQum13I)bEhVhs5*ju(-zTyx*}Ha zAD!loLAlZoo~FZ?%Gk@`;VFQq!j<$>Hg-8K#A-k#dPJ-qN-tKAf^sP=1jNR{kABl8 z5N0=?4I8kkFcrPl%7^;}FI$Dc&P{$B4IC{B$#|GIbs}Eo617=>iMhoHjxE?%wU4;AlE)Pqle&Ow7Pa6j}XR2yvF_UV`$ApMLQB& zk%NXE9;U}Txdj)`gz+`!}oqlxv6z=p;E&O;bT`o-etU4GqIgtjgyoV1P2@y%y; zRl<=s9Z+_fEB7{LlLKj5cHVhfGpLS?K0If}#>Sck){vHs2k!zi>cap*+~uPr^~6X) z!oDX6MXj`XeVSl(jy*s*!ieS=F}bLrHh|nApBQ*S#l%}aJrac>0L3SZgFc!#f`a)6 z*H8kkAzs$h;5x_Pdl(KSBqi^x-*-i`ZuG|wxzXH@4KRglW!9$KM5$!AizbF$bh2K5 zKk7CtLuR->tO#mN+I{{Pk^qpTHZdVh7zRDPKZOlJQItV+8B%F1f+#5@-!*}}l~EE? zJYTj|^RT4TU@6|rplXX&QpB>f@WSk@A75@bq0Sfr{bT|J0JS~?N7f+0Ym$oxWlX$l z33d)i5$-`PFKm!$0gIc;0WyW*qvAlEJh|mxI`)NDu(xG1P9z-+kX0y5|%O5P|aDNzF2 zDaEoU!}|?Z`Gtuq?&lB$WU23>)X&t}l$%S18x`r`9H@7PwgtlYuOpIR{wTL&TPo)Y zWF6z<6tM_`f#dW<2q*>O7*`1BC2xG-L+4NOOeQUYM2?>8kQxzv2;}8N4S}YEjpGy| z6pFGVXq|!N%}E}^SnZTpkTtGoU?DY|nz*PyGy7E%oFP$>Rk`l&P+atJZ?hXux5XiE6FNnRWur$V zA{TV56WnLXxa(A>6LKcy2lek>4i1h0h_DxyluB;B`sx8Pc`!_S>@ED@v8&O>i2P&v z{+=LMpQq@mNYLB3@5WM!TKPx>xcJazBBeZnq3&QL=FIXG0|6M>VpPAm_2stSSi zP|&U;oNhlJSTyCB7imr(1FtOyO1+H)r|UxrcF+5p=Ko(O$v;2tDah0C$2#sy@K^vl z!kH5pctQ60%5e0fl((7uIT12k+GeuAHDqU5uZfa&hs{69)iGU3{FB>mKiw^#$EN%) z_2Vn<%TcyFzP~MNGgShnfv ztK$h<;5LL=;7h#)(gu~Od5h4{oTw6mO6|(5qECW3|2xv%MsQAgQOQU@5 z8_sPfOBAU^L^H#9tWE}nShX!gqVx0fNT1<^l^j1R4$+mT_7<`(6+XyzkMB;PE+;CS znt{o5)xvJ?M+&*V`$P(`b~ub?T7@vMJwh#4P*I@*uiKegBeXb@(;yk$jAVD{>&XOv zNuVG4@(I2hUA6S0ayoz4>m3QHjZ~_r?Dkt~thX)i6uzCXJ1PopCep(lEb-*{fKp3w zuntQ#$Hg%lPAx32FEXmnw>E2m0+#PASTuloJE+G5MCb~A7rf&f;#)~|wO-SoGt^zD z0bzsLVRQ=Z-_>$1$%y}*urVCmR{HQ#yCr$Anv-2n$+03(gJSh{6uYPnu1;LN0YttT1muFU@v*yKXSkx4hXzyu64s!> zsT52KDqmtV6btEX=%)eAQGP@ZxZUTMzeR}w`s4TzH%z7ra>W6eQjpY zoOnZ0)VXtPL*G8CK=AZq0P+@^){sU8mjh};voYYXc6fSKaBh70b;ZbH2;nB9x9bcD zl@!Y+JyGkgw;|L~B>{3qr>hSAJIHv@vCRM+L1&U7f?)#SRDEeyfn6|%3?%vf)*>Q& z#QF5m@dFcYJd#=$M4rcYd(q(s$~xtOtL+$$$3w!1Ah$-_!@U?xuwm7yCuZxe?kMIP z;&dJKhChK1JODL*1z^Yag>urlb|$st76WJne!u8bfjsFM8jB4poWry)}`BBEA+ zQ;-}NSbEJupfpI?Erya;$GpGJm;hi?g(?+fvHBWd#7-jIDdnbYh0YG^$q_6Hc|oYH zh5!jxk2=(&x=|IAv5M3+x`npb5#miy8m4r*jQ8c!l2H8zNjw&JW)xSP2tOvtUtfhh zcB7ktqDqJ2_c+uT)cH;3lJB2hP&YgTib!ZMj8S%oKl`yH)B}!UE&)$_6iqW^F+q`x zzAcaMJ!i9kw?Xg6BvxD`-eTwJ5633Lr69S&bRL6CdIUhmb`B;jbPLYRV34Z?E^ZBA z*}->P5?_lQ*juv^hIq2Y5avY)0~K?es6R9^Mx*wS9Q;YC@3GhO=eyx+>_X^MN2|?X zwT@*6u9XVTCIReVX?LmWokX5le|`G^;A$72Wm8Tzv3JxH2D@t+0tZn}OcwfOrsRs- z^jI#eG;%nnw}srWcLjWn4_&Zk*L@}F2~`053aF}J>Uf!?F+q%vMOC+%!FV0Z2{#ET ziuyS&ENVE?#x7Jr-lV1uW;v|XgD>X_wAWeY-eC|4hpM9z0frPSDo$Au*y&ijnBtN- ze?mBf>Q2< zM=7gWOfnkZVG4jx83RiEeW>PdK}P^UlWClITNqi;(_{i74M^F(bKn#r60E$=LHTm+ zwF*G>R1#rh6Kouj4yJv1=&MDTp4=Dw*Rk&d@gtZQa9eEj(PzXx6I^uaDU8p6JE8`~ zIT1l1x5T=m@Ly|l-E&dG7@o|82p0n*P%RjkaPbGfGJgKygjTPx(BKeZv%3hX#LRB7 zl~=~Ls-kBK(UGfqXW0Xlj2)3Vwr&3BPoe#x8a95a@6A3gkRHDeu+D=>Kl_<63S6}8 ztDuA>&>W0O6UdQAaHo3Aew~03s~p^I{28F-M|gcGSS2wD9(UH%@I1sR)M<03?~!!g z+4!t}V$CSFVd(vilFeXIi8iO6Hp7C&O#6-3oPol>jE^kT-<9jvE*$|7j*%5;0zgEJ zLOsO8%iDQ=crK3Vr#|m38vIQABy|Nq0w1uHU^`ZrtzNNW#k@7U4&#DWAq!K_GL=yv zhjQ8?s=ee{vuqbESO5-sOPAfP$m!gO)pZR<;5~fa>Tw-*_j4 zmH;%4c(CQ(r}-;jr$dEP1_A=(L}E~hX*OvRZ%8sM2#P@zjV7puo>*A=k)^Al*|Rwn zjwhyl&bezJTdBgQ`6bwanZ2vA3g@y>v&rCQT02=BWexqXK;lg}i5V+3q&%R11|~bM zMpp>5I@o&+2Z7g*RNT_${e*vBd$I=zl z)zvx8pWMUUVt2g*%6Sd0Z$eXZz{hPytHJ8WBW983yBzPY1}fRi6_-XBKAi;pTs?59 zR=*G4v!79)*e?D4UiVE9620d~=Hb1c>rvjpH=hDhaA#$-#noXY*d!YNg)-4eCAOao8%4q58U%x2#)U}5U{bar zHWe8s1_-6Erx$%!0b+Ks!@W(3IGtM{S(0A>8ZbxMD(E@iLz`?e+j zv-5(ldP^o{LO_{~8Eb*ml5Q=c^(SXT3V#3sW&GKCKIFMq*EyC!^ijc?2tLpUu)+&E z3?8-^^t6n)^hmF_(hY;;kV2$v}m0qyYL zzKfvkZJ!5E2r3B7V0BmZKw%?iH^FAG@71_b7&EdBZGiP1cBefSpPCr>&@7HaELI&jKpmKK2pPE(p6N2YVmw}$5xW)v z;USqZka4Nwlo-e%r<6>65B0P&$Kh*HC9dA4L~=zN-)9(EIMflZ2`M71ix%D6+~9xw z3GORS=ANK7Yw0f;JMklOXm1us{n$-2SMa@2w7+1s%JGj=Q|btz^~WNx8CDTad>Nt8ig#1miJA7nVUiS|wWA%)RgJRI+5{;VXAcLTBu?CXY;-PV;WWae7+ygSTQvd_S9gAn0GjE<6 znt+2EWzkm?x@Ft8!$6?6PFH_4u=>R$x1x&~9y+-Un}cHwVSZ|lj{babYe`K?-{4>+ z`e7>*bVSH`(OLT7BKbUET;J6oI!z*Yt-k7b+vLr8)nnJj&ih(W5%K*)m)n*}#~jvm z!2_T_J?(#$Op&{b!6EePjQf9!`CxdG|8%d!KMWVo`65@dMfg@5kK+_=x%$ex{Ll-o zW1eNW$sGeiSN=_RihYE-=YPSlwEti+{_3hRL>7t+#Fw%~Y&KAk7nvcr?Z2P3Tn(|L$hX_9!!r!ofDlx2pz2`(NHWl8FZH^UH-)qKv<&BtKyI|Np{2*iK|bcylO z?zPC`-iBaxIn8uk+61AHautlDIG^2NTL-#sX7VqYKO~@?^iACUBc=V9vt4h zbk60y4eB^P zjllk^m_}e=6btRUYflE}L#_+1MzG9JAGd&UL>S=IRvY}9@REfKzaKVNl#_Q~sr=W& z9^TBO%L)Ws?Ep0<*s7?Pj^d?a6!~J6hK9xxc6L)w!B(JdYMFd8JOEruV~;Ar_RqzD zCFuOZz@Y{8qq1Jc5KsX&)j-6be0zHj`cFI>d+@4daNbv;T?zJ#7ur(jXut>;SqN;^ zkdsK=Af^KL?ZY79&=!$-)wCD0#kOF^1}OAAlb;uUn;Rdxf=~NvvIUL{nZ}`C`hUuS zUm_Z^)#nGbBnUs3`UfWi4hQ9l52!EDGSntT^M+Vt9tJ|g+(7x?<}AHU=p6DWLjR^Jvb24+A&gqEX%}<5D7r!P>hO#6VJrFJ=%~2HgXlXz;DtTY~LsdZ&xc4?vu_2 z$qQ1bh`9=cOe^1F^o3{@a$thDAwF}lnKYJC7);G}e3Vo4S&bOwH&~H;6D?#p1@I{V z(kB%loy505AK!uL5f92|QxUbI2*{*|Kubm-ZH!>qc!(f1bI_U!05~bu#YFaBj^^oo^I8AAU*?{*&T1Xacj3^ zZMp-q%4@mp@O|&hTWJGxr4Lq{j+)f?_kBL-C+YeCm+UsydyI)NHs@Tp@EF4%zVLf6 z8w8@t#yY@jK&``F3$|_D`hKf^PJOK`v?)(U1!NQm-zx{;zh!3{0ho{2@$*a^m;0By zY0I<#FJ{kv&GY*8?GR@LQK`0qL{mQ&3gbe>S+F|WAXM#uZ(v*A$^mFYtC>b1niYot zkWPY?{s>=eQfOiL?%hf=fLXW0ubsN_;5AQA7=ykFg0XRl&nSCg2SAtyuaVq#6k%RA zxnPKQLh!?2Clt;_IQsA5+hrwp;}~x%pK|s84lK8_qj<+)nZA&WlH3UJ2YxOj_UhrX z8R!d;C?4?Sd1PFQ8;7w==&}~$a|aO+l(R<8(|2-P#6R|1IV0i{y1A<5wi7>%xk@fU z-PbrC>)?b7=G_CdT**XNc6m%A+KxQGN^JhIt9jMn((g3R5riEzH86;T2e7IFra>Go z+m#xlkr*=cXCC73663W93RF}q*`(;pApbH*bp+oN@y4$V$c2HPj39XzVE@hdLd;)4 z@Zv>vPaZ1J>tUc}h!lhn{&N6qPb>yQJQ;2VZtN9YydC{B(^JucYjq$I60-o1?tXuQ z@REZNx{tV-n8c<5Sn7-Du4xz6_V{}7M(iIe0wb>kUO0J)|Kc=fC7i+xstjn}0wGMa zNTQ2F9@p@ueI{xRdLE~-?o>O>j@#9>Yt4K#2Ob5~uZGNAiJ1u0m_Fz(yjX4rc7wQ;(*^%~xNoM`=NGQuTk2N98~5Stf-)FLTQIBe;1+477d4 z?s>Ckdo$3C_Vur-bzR3ls`Y?xhgia!{b^DN<`3e`l|udq>XccKwSU%kupJR@}-Na)us}x6)ua|It%8mSiQ0uM_`b17=bMIKH{3#{xFO z6=oACLyJ&t2g~mjv+tq7e?|E7n~VYEVePJ*@&1D}%IleBlLf;cJbSrGT|4tj&)p9? z^>}p?#v4;hTaVu1skHhy&VOVK-%34J1)Tn#j2+lBGc6=yyeF$~cz7ozEFgRg&V-r# zR23x?`cDOz=aud>6pJ&6ld}>8uNkZ36l`caVN_@ZH&Nik?=@$}#G!z zt;Fx3OkKrPToU$X+0pP#rgPDhbr+0eAjJY)G>PJ7D6I{0G@8t@-R2&;O1%xS>&Nhp z2_CCG1&sg|s(&)4M&9gAzB;cRUPU3+m+`RAZjpmm*CSC+Um8|9w`fC_V}T<4iWK2125hmDQ7thqmS2Tg)wg4+c(u zaH3*WUI-!Je)HbEc@wnD>dS+Y&-nHOEG8`6bc*7Kkh!*jo)kjDxGwz8U3x|~Qu;=? z925(Y5)Bys2iy6uUgy79Vz`M&omx6yxG^6zkm->8eB-#(#?mTVN zfExaiuw)`A4u(#z8ua z*vKTxzH24>l zMisQg6A4Z5;u7CTmMFMiq3~9~{&%8E93!=}n z{#@k0Xlj-N4Jo=CUy$o{S=<0PhcVWJD0bZm4-mVTz`=L0)1I6FU z&Q2JNsA5O!XDRqYE3z=uH!nXwUv4`~0i2UcFkB@8z=MH+L(})(bEV)*-z^%&a@$d| zJ|(HO5XC{QgR^rWYL0t=;{H$^Rx?{cNV&f@zVhRJuy{>cTG~Cl=RNR$f!N6aR59%E z9KaQ6iTNNZ; zUX%=ezv*0=wP^9;6DVShk;G17i1R|@-JEDU^EQMh|1@7FV)1MY4povI@=ZC7>~esG z)-B8UlQ_uKEk+65!@6o00*@Jj z%Ts`}%TsXB*>o6u@oMmDKA4*nb&lSVDqCoirdeGb1C>!=Yx7DS{sAN8@IbGL+=0gS3=xhr7LX|#U4w6z2Wb#|}t zyCnT`ai57Fk z{0xPj_Jf;lO2JfeVS*NqkdRQd*rI8tM_$ULq$J{t*GwL91C(^?UhI)CjecJ zpp%ljtS#mvHFNiWWzxh3WJ(QOdLmSrI3qMSo?;KpLPe*+iG-*U6&e6oSXg)vo(POf zz75sS?Z@X?^VW)~qR^^_VW)jS)d)LD;|l@X9!$Z2{w`EHmxd5w*PzOxNpV-vu;`4n zCRYSEz8JD^QooqrlszisI}<=dV=o#R=j?4#Eij^3^Nuf;rlF=p(qYB$mTUgqE+9m{z%=qqw`HL}I{` z5rYl`qWy(1Xcx8%DLhST8dp);*w9vcXeO>Qd@sVS6Lmg?k4ZckI>w1Bqm1CA2G<~X zC5>upgiSK>0=YlJW74by>Zw3=v;l2p=A`XI{>^i0P*xap>}+mnX%U*!2?sZr8;~BS z@KJ+~yiZ9}OnRBlNYBiS1CXL|E_g_m(OA$T+lW2B$1Q~&(Co44;TE!?QF^dFszJ1(QIfH6l#&aZ+BQ*ImG{QrILlJ_Njd#d z86cJ#_!$k3uh(ZFm{zoz$bc_lH281!MU;OqMQ+HC~#)|il4YN$h#IOb2hkg=nNs9p*BV({H8a$(hupB5R zm%-&sM(pVpd!p+Ojql5i;(#-y3?-g0h^n7sV>%~s^63!K^euEXV1wV|s{Ol8_Xu(Q zQrdVZGqjDAAWR$wb+m}5!aCADCczWYG6htK*++xGM;1kq24<~s*i|gL`gbo_rhRWUa4p2XNlm-iWDO?{72p=5-ss#IKVgywXd;~oHwVl19 zErv!kQ-{%^d)r=UpT#5*l6}!e|lz88bP%)r~ws3gR^DwC=tm}IEl zz}*st>KTcXa?9HgH@WYW((ip_oneG`^0VtnWp6tT!{#?23 zxdhtA@;;wIVc5FT;D?UVTm)^SUw-)|z6rUd1xx)9({VP!Q1}pcx)qZB z^lA=2f&v)Un_#j!pz5qbeuS3fiSms(5Ze8#Z3GX71Pjr$0Gy*6@M>&_-$4Wc9fr8i z>))&>#iTh%imgQG;u(a%l|97KF@h-kq>~C+!@i34fzUqf-|j zfk6y0|gpQirGQPqCSs~u(8$I9HhU1=UfB{ zrsT>ZNt&_&kSdr3wb38VUNr6-Q}#c`xFPIe@}E%G2ndQ(I7K8WAd-cX-w3u5b!h$6 zI0@>FIH%YH6z|@y7qjGxrvAEtV>Pw6s%4H`4off zPaWcff*)D2v27yhOW7Z{GY$<(WWC4!V0aP~4*Vz@-%o!*1v2^LPG|gO3GBKSrT57< z5Rdjr1?bgeaYEqR0}HthShi=KG~#Rj^`%FEVuAZO-*nKdO9w{2<4Ui6t7otczvAnG zF0}z%dnqwpXcXTPBnv1ULfuJ7$HO6G#5E92w^sbD9LsKXCMYkJY``ef=jUc1eY%$i z?cVSevl~q+M{s*cj)qad7yc>I!{I8uIq>W!az-3lH|4x%6H-uHF zu>%Qa>8e#7s%>OR!>OjfJp-IMjRe6Af809qDPr{_#J%PS!P$>nLqUtdL=g1FAwlOG zHxt?g>Cogk1oEbFNiY{A-J+3guw%M{BqV?5oaI{`O7M3{F*q>s^qi_8_L~)fjFO+8 z1I#`OLSjiuB6gSuK#UcEv0qyBTTB5-LA%>gPIq-02J%(97!T*x8@-h8-ZKBEg0 zd2)(gNKJ7QArc=LPtMCzpmLFdL=^1?_Ik7ai2TW4kgwm*`JT`Fob!IakNf7svh+eU zNVn(^B1uPo^`_IPdydiP5QjuzidJM^nnR((bw%&)zy++%G;B}#=YD$2hK_N$gM};3 zED?lmEVkp43-vA0DmLW+ARn-eU#G*vFa~0S!6~^5NCO)XDUq$sd3n*2}eeYEGsmO(+}!* zF+BIPNfLOEByV#!yf+?Aaob5O%vY@%>imWC4zgxgES6Jd9PczPc$kEh5ntoRYT#rM zDa)-Eq8i;GmbyeV6Xg3i;b~Rs)b;;qZ-mqRW=je49eZ3EC+U(MFyC{SF37-u$})k$ z6-AtST2Ngs#~rG%i|D#<=k2-{x`$1sH|V#XI35VptS0-!*3$$3o|xS6 zS&nbTC)Imu^1f47Q*JR&@X~K@G81k=R*X2)YWwi2zp5rz6Hme9XD`?5eo~fSz4}}C zA3T_)#(zcm(418k-(f3Nip*t&F+lL<$d}yQRss^@RHgY=e3O=TIe(A!yOpJEotjhRRtsHDBAm&ww>M^v=EUN^TaT=-Er23gP?)L%8@!)4g8a z?Q}+Ksa71_a+GpML=+O!3#T9%O>eOyOD*pjpjoc6NA^IBQgaB}u3bx`PTrzPJq`pJ z3N;68c{ADeIWWn31iEgd6DOH4US-U|r_}F>(avWL9?xZ!8x1=$xt0U1TDdbLwc<;5 zxgc<^kJ}5%XIqy~*R^%OL5dYKtI(bugETelKMod@)F|LrEv;u&Jz7H$3L~VbfTS8( z7To%}`=Q4PR~G#$+$k)T7-=4`^bzuziSBowUQaONM$F{nYFv$C|ld`(trSM7b@L1^4do>5;%*82C>{4QSVmOCergDsf zcXck-J7pPA0wa&D>3gR3^~5&v6((Iz7GsZL%HODoV~V!U?Hif`>oFG!X90;osGjVQ z3l@u3YC`|i-rU2@6IvFWz6Oq>J*Drt74RQ08ORu^AaY%b{N$|l%ko3_iT1?f_d{O`FiHAY$e0B^*iAY>;l8{ z6N~VrSq$Am8n@g>?}GHiHe{;n-Ssq~ayt^%M=vxM6SyH(*)g3i8}ZDTV@!oyHxC(7 z%VRLHNDaG7b2glgl&(BtMfqDMJ7Se%+dS>s&WA~I`VBwx#cC!yA=u$**9P3I*|?sm zVj@_o)_M)d>0QKQqJ9^XSYXD6>zxf9vp7yk7>R$87WCjUf{}NNjmvVhxpX5{5RB)1 zva7fbvgU#WnGd>i5G0G%+6k#B^Z^zca63Z7< zp`laHqYqyEeYVeLRI=hniGnC6A9$5An7n;=eM-mk>T=LELV!M5A{vb#Dc|6lwx`eY zr<4$ljbr$L?s`Ada7jVM^^7tMKuPry^C&6i8Y6CC6B&YVHf(SabynuEubj5VY>hp|`NNk)vX(s&Bx z179k<39$qmY(g4r>N;vPtc}(N8^d-ReJF1P31Uf*rotJCVAuKZE3Zo<4O2X|1du-` jj9wYTjo|-v>;7>{_G;tOAmfVDdghS8&;`fmf4t>iK&%pw literal 0 HcmV?d00001 diff --git a/docs/versioned_docs/version-2.17/_media/benchmark_fio_gcp_bw.png b/docs/versioned_docs/version-2.17/_media/benchmark_fio_gcp_bw.png new file mode 100644 index 0000000000000000000000000000000000000000..4f0ecc94bb43d5f9534300605a74aca374da4c3c GIT binary patch literal 30401 zcmd?S2UL}3w=IksV>F0K?22H)1_&xm5X7z<6qG7R5$PT29gPueh$2O#sdP|KddEl< z5s(hjRqCcHRr;L^^ZloeasNBcIrp3~u45Po!rt%uyw9`NTyxH~xN%12#L^|}mawp} zEM=TLD#yaIpo@iN-tbR9;w$kx7VW|ZQR`#ptmV!1tnIWcby-epSzDNxTbmeO+-R$7 zX=P|`Ccr1cx0`pPfwi@Tl^8$2>Hqf)eCC$={Nk(Qf5D3^wm7L`#lo^oi~i1wmW(oF zVX@_796h99AJo_6V1K&y^X%7B#@!ot@BVUVv!W4)s+#tb$e&`9h168#&p&(Y-te2^ z%IYV}Ri#!gFyZ%s{w_ZcY$0)`9(NEla3VeE7ICJar*gLs?Kbq>87t$$yx+bKi zS*5e8^Jz+L>RNZLpKui{EN$HWjq!7zv21*_fIhjf_y_B`FYsQz%toJFUieGdJo@B0 z%X~5V$g=9-!A11(<@}$pI{0&rW!{FlPk#Q#i_H5^dy)Rf0RsB(^pXnol6D?Aa3C$t zs#Kz@bD8liFE5dX&f)+8t1Pj!73}Q1fhCb(mE>-LV0$jg^ms^itqYrnZ&{%l;ev>wKcQt&pM6uS7UvupKBc% z8EBDg@R}E1m+g?m;n4Q$2($78kJ8h!7up5ZBi)Kyw{7dL)pV;a;BxCt8T_of-4+RkOPPJam-TMag8)eG$t&opwx zDl?m=a!;N*Rn?s1v~t6SXNkH+-4i1{>qITXo84xodvkdMK1&2jXt<0h(&9}|jL6^H zd@ONpNvhu7+p@Up<@6gCmPY@>M~*CI96xiW%+%cJ%f~}Uyf+oD*>mxa{6Re9HF(y- zTx)Z4bKkrV-XGlG`R!}#oBU;xCMWk!O-uQj}}kwso$quI^l6auHH#DQ-MB z@7xhin8xDZ(2NCDzn2sht=l0VdAqL0uCKn`ItR~o-LJp?s@LT9?b9L;oA*JY+CDqZ zzPhWkf?uQYLz;PLrAzPum-?UB*zn$0u3ULj9jDyqho7w$m(hD4B4Ml$edf=*I_X(i z>v5-ct4b%{Pgk}iF(ucBg@w%>)D(7mxbYuf6Pai^H1b z^3?|q*7V__d(-k`ufJwGzP`Cq{?w`4Cc=R-!D7B!B!mzIjG8i2!q*?^=U314=_`17 zwI^?OI$^Z0VLM};h*=O$WSezPw!=_&rL3f4bGF0QrmhXSby1H2SpCCSE-&a;JP`G$PXA z=%~`n)Hv>DD{Wu~gTdC*B7WYg-jt>No$vjutSo0|=M@|r@hQf&da7y5x6ACl}T8u9wQEe=vE!#}s}-J}+v8wwZ&2j7 zD=m9fh3CgW+dHKaV`_I~gM^$$O&H#xp`n@9OmAi;4x$21>&g`?+J*-Nu;vW9DcooX zGdIL}kdcv*!Km2fk)gj$P_Sxh+)HvMy>(hA?P<3DvJGP4wHi*RvBhcS+S}VBEZg73 zn78Dveg7p?_=*PZkIS$wQP-&a$+ep+c5W6C5uvNUckf<+jD|z|yOo|B_ABA1{i33x zu((yxXTwV41Oqlf}Zr(&+kRhE*r4va<3K@A3rAJl;O@sc&C9 zX7;Yz+NGxvqN?M~$fFIHsI^e&J76uk~xz7??C=R+|M5AIWZUoiyEI-kdFyHZn3I#Kykw zu2yiU>x5x`Q&ST&)nTYZNa^W0E$89#6YeE?R+%!n&f~XnqoNWC$W!YbaPeQVvAP$h zu;thqBBmwcl%5$iPuv|<&9Z%#Ki(q#*Yqv^+}%A5iMrCQ^(n?OJ^t$0_j>mB_G`Rv zyUk9v*rg#vhiQkIU*EQy>FfHwR0+w}|T$HXf=Q}s)Y zQB8>*A40N8OgWG@JsNmXTYD>G!+u+zxVX3`3dzyBMSk_Erh&*3LRznW*dT6y=Iht5 z6Q6JK)1e98cj>U~f$?x4gx=vboX%ga$jQqKxlCAZIN*HFV;N_S&rbO^?DVQCg{AEK z${s753^eCZphH-V^WG}Wy=~iZ54H^zkB@i^VdN)&hwbk zu~Png>T>u}@aS*S6`%4wMt}(7FRfq<%lM6K9UdupBq z0)TB}beD&D;FCzi^fy{rEna1zGUokh=kKHj<69TqnK64?Iz(}=Til@_Ze44dUC~F z`15zYy0*gm!5qe2Wsh%OzfQo;2iOGL?7_g-1&i1W8q+VS#0p$Cx!cf!I->uS%*Z3R zp%RgfM1)%%L$@s3zP)K{C0(8UdhXe>9lN<=k4(@$Ep~DHGUw^3q0%?$ms(lf+}x5n z-_>!Q(=NCpAkkSAGFe*BKGLXj$z$4 zq)xZY&ggU46+hUc=P<$1_UO^Zs2t~#KoOC#;D-+%Y6SK&KIHAaJ$rTE`DE4CHfC6rxI8=e;&c3{Z#Bm-&Pvh-slC8qV_9NmN;(Bj z!q1dH)YjG-miA7K50zMDIt)uq7zL$kuaMUK~ z+}w;W;U8pLdhi35^#ZPOE>Vn@tNkWFFr=hziZ0f|E(z*iaBwti(FT@&E9L-yahGrT zbkO@CNw?;yx}qW;>4vt_(3Yuj+?2`zrH9D2=dsd?IAA5U0HLvmuKvixW^n9|i5doy ziLvJv3Gf7`ZgdLJg6(=Ta9H5|YK zb(8|<*pAI_$#yIJn%j=|+bJxpr0F^yA-YM`k#?<{OrTmxfS66UPC9Q+@P4~ko1Pje z85yNBXYL}gY~th$`=o;#=&pbZNR+Lo#rea&YbZJqM z^hkI0eVy45-iHeMsg$Paa0Iddk73NVzJ$;b^n=H})&5r=`s(^9-p zz=#I>@W_UU+iJ2m-RNsbi^B$4%U8;@ zraK(s+cs?LffI!?tvowt+i5*h-Z1{d74>5!%U?&FR`?KocFW3Ls#VO?_qn@IE(cx( z>aAO7oxeL-r|>t1NG?}hhE)`jVv7COi_@Kwv-h}Ma4w}7jI#h1!#H93>2CTqBZGq# z$XWLyO#6=?uiX-6ym(`0*;O`{v5d{fZax@Wtv8$*>?Hs5iX9hbf~wtoB4$rmAJ-BT zz+T+Tn%{4OJhWk-#X;ojvw#bfKCyk?@!gIXsAhh6q3yoqrwYgVy$@Zo5lYjZYEQIs zh*`gl?_cZC_1I&@s#THegp3+3XH`Va9N!}Sr4my5UwWXZ1aOf@C5J(bxo(d1h9 z@zW=*nV@o)%DUIp)ru%wDg{c#!_0HXkGHst1vh;aXzf*{S4AXAQ}o#HQW}|NQn%Np z_rqD-o~4bAZ(3TKN@%ae(4}RZ2Y49)?;nH&Bu|zB4(qs%hBwV>M4npf%de?n+K}q2 z4qRNn|D)nb$4s_-xD#{@a0oi1#Cv;q6~zTV%w*>>)i8$8^o;d`dl)ZT)Cd&B~Y4MUJ8U zESJ?3k^GYiw#5k~MsbRT_;S=VRA*S}4+WGP<}eOex8ghY8y0b$uUg)LExI_94blZj_w{N`gI9kneux!z?;*h1uLyjewWRZX zysy@phoV*;8wM%^ZZ{`Ycsj6EymCMwPj()+Bq&%|Sg7Y>dANRZR3`7>i#n4Ii8jOh zMsv0hx*&oV@2z6SWZ@kU9= z#hkpiS;h6Qsy+)VD*=z3$bo0FZh3>i_Zwc_PExi#=~ncz#7iwRG+5lBBIu+!5F_{> zKM)U!+4f)A1HSe4rL`!fnKi9gzI+SHmS8a(DO7un66(Rp;XBZ_ax-KtF2W=5hPN}kSun=F3SXGC*{ZMa6Z)2&_=?t?WB9! zPb}Z`H-off&jvf?ZPvJG9Luhg*$-S%-29G1!coV;eyDGsU4M|ntUZuf$zTD8Q*qE` zAn9$DE;{;MaloDqApzIo@UY`f1?+VMmy^`@L6rIO$^yMLZ==)r_iw)?6&RF&_ z2pj8-k&h~_D-vOgsyADhb%cBICP2I*UI?Wugvl$f;VLdWEIhHmlk;Te+K<)A4 z#~r1pBD7Qc_6vBf7ZJ{{1Y8*b}?@eO~GKfC?ukr$DjZaK>JvsvSd}y(Zd7g7>YphYzc!=hl7v^Qu6T2X4x! zI(91q+}%Si(c(mo6)VEKtK)hAo+dtCUB=baJl*MC6?uBS)eo<5if#Jpg*ysI{%F6u%*;|-zTylZXlN*G&x!dkmsv!nF=ZKtV*A^O*4tjTW4&p%h<%odL%4b3i8uV^4eIxhsxMw2^|>yq?)9(!)X<#3r9?*tL; zC#w3F%E!Tx5u%NK5xelDG-E+PfTVpyi?LlcqzVO$pzgaB)d&-RjP@Wyg-L)HDhEFON1A-qpEHb@7Pp zK(i^)mTI+iMWv;s*F8OR;;i1jiv#y?9LJz?dJ0wIabVKDO*5djh2`Yrf;6snb#b8L`}apR5cjH9YLwV2;ne$KPb(htJBuuWeBUb+JZRg7 zNcF(t17my7clOpL9S6NCAa09|Xg)qO4kDqqyStb_Z|Y+F{kq9dN}WT4Mg02bYOzt) zw-@<~aIFQqX!AiBN$<<>a5Bn|K;e$TU$-1@Obpi5-M~^uwCzE6Zl$Nur~tZg(3Js@ zSN!tJBRsys(o$L4%UJ`tabVX4q)UTx)dAJzFI;%EdGlsLpf}T&T#5V>JQ7o1^6LQ~ zx1k{Uap}6Z2>t+MiU$u~24N5dQpyl)RNah0EZ)C+ti`PsK>^&{LI($jn1fg5$7;8(XXllVxU-gn z>4*oV^H?lW;F4rxRn0*!w&|N zqkWWDxD}!|Lf&w2a-y>Cp@dT^y|urFV_|mtrv3ObDNv38(~23Ex}aF%Pzr&ZtOmuV zSrQ;{0*^YNzx71{hk#qIgT2$k;epA9oLTXl!u#8MkV=&d45F8;*s)PoR+i)=RE0HI z#^Epd%kS zpFdM*;_Ymi_1m`-VV;|!zF+gQ+cS=P(&8*y9-+XeKmP^d=fAk3|5h3H-@B5r6r9YR zyu7Ct{=7!uGXdzHQSBhHlFtw zaX2_QD2LLKv_T#rA)%;c!CUd(s_7P5X39sFZ#z|n6xjEUUT@`2xuZR`38leOx|?}< zi>KZ|i7rHahav@t#24zJe?v7%=U*YPTMXAnKME3=RVDR~`8|x%pvnNLTC@aU<_SHLnhixP568`KLHy%`sRUnnRuO<&=5NLuhTu%(+{x-JB zTeoiA$6rccP&|aGY6TNt56$yV@GY+P!k7)SsPT!R9qvskHA4RFC^FY<_N{BM zy@;(HB)%B(Hk3DQ?@fFE_H7@ok|0re;lL8D zxAwLgQN0}y0kMyaP@&tlXW0!X9X(W}dKnH0n-E(MM!#XPg=^{v%?j-M;-ot&h- z`Jk%`telY)t+_gb4HpNDDpN2rIX-R(YHM(KSg;6KP7p;1qy}9hs;v~97}D$jnyQe6 zh3vmvpkquD0oSn;CjwjIxwdbQI~#VqKF=)=v`5s-mj{6=rB6Q;Ebk}@9O(-4(qpaz zv#Oz`r6uM#9F48JMN(3d$P9X<0NC_Is8R!jPm4PNg;StW-&QlKS8t6w>G&&ol!|#L zQSB-uXh?uAVU~!r5bH*W1Ud&n2|)7FiWG0NY%Q=z;Up#FfXe}+tm0FPhIrfYcAOSE zJY2&d4L+Yz(;o8dit3ardU4rx>f0qGUY`7R{Isy! z0gI29o1xj^lt`iGBVCD$%7bnYB?rEJTmTv8m71iGkRsGZxfrWV~g)14M*tKML0Tn{kLwC)yxJ;WKZXDA;|NN8f z$eYTd8$H${d}`^BAQ>@4ejmTL<%A$8&OV4Ttp#2pwLN(LQ16A!n|Xnq7$V1aR{?Bj zI)A+e)w!Klorm#I%qAA{JlReT>@tvg#zTu1({wG zVw-}RS`d`0z)z!md;!b$mNFafX&-4!07qJTBqV@1x1Bq8t`jzS(6rdDyNUt%pd4~O zdn)7SVDDkXnUk4cvoi$|iD^HkpioINK{ZIqwX=(hz_U{9!gic5Xzx3~wL;<&bDPPI zRZfTxb(;~D?&M;?CQ+Z`l(u%?eQ$3cAD?iP3w6~(ah9LOAT9@)gqXvnLXHJP7n#rl z&tL*t_`?s;pdn(_vr;?W2ghA%ePal^r9%wCy#kRr9@MK<3yJ0+%8Gjes*O|dSiy6} zO8fKa1t9d2x4}@I!s1jCTo|gKK79gS%kzWQ*-?(YY5ei!6_ER9t}R*FyVr{gmDhtb zRwoAsCgK6xq|Ewy*P$F{-L8W9jv!Tb`*v6(N^YN#HIGQ{=cNVgS8YbZA>}wQp;W?jbauzqE@aW(? zTsAkdNkf`BB)+s1&Yk-4@{U6tB}w~Ro)&ZD;l>~!6bH#Z0_#HYAw#_HXK#p+HJ=b0v98MbNDrg!%XT)&(M*sE)%qD;GD_7sVEcpvMTDTimMzSuK(n!2JTY?_4NG0Gns-~I*jAwaxoQUjMv~b~0aq-3} zm);LA5ap||ABziq3tzeu-{z^|$lU7T67H#&9&BtA$A6A)ReT?6O>z~HaIs$4gnS)M zgV(SBlofP85{QXBNT`J)4_{lt$h>#s0H~Of5Qzr%l_qQ4J4!?OaojxKSM>U6&&zS0 zo_HwfmP=MC5Qh!B_SCj@{CqM$qi zP1WNgi^w{H6NU79|F{>&Gt}GesZUijk`2xV zgXl~h^KYtU>fxlxY#%9#Mc(NKej!UnRj!K@kc8EB7f^u$IUy=JN(d>WpyRfC-Ny%- zvc~T8EX6{6oT*MT*95fe23=bQ#Fb*xql8#9LW(ayXOs$;xVRb#cjs%K9Qzqz@g&t} zU`Z4q!(ywQ0(+4I7USb?Z;`C_55J7zGPohF0P?XFz47AY&);3FQ3I?~`16WInrod<7lE5|=Y#t7`e79|7=7r=c=u0%PSXMc5HwM#V|@Fg0^lr{`$>~IDe zzrDN35sXWcf)^M$WBd?#ARI?~W7^tuP6vxAR(KX%i%?EAQF*44bez-m+hc(62xQiM zz5H1T@-kgu9OshdIw2_{nUHy)W-ce7g1ky76HNRevIqd0#Hu7kBL4Zd8;>+vl`;W! zl)X44h!I=($&Vl5{-K^NnZ`gBPlVJ5T!ft14N1(0v>&9}SOP~Mh zjni4xer{PN7n1a0kUc4cc;3D}xpae=0md7Z>$Pr;-)fYthYUBP7xAzCguzy?h?PO@X?Mi&&wVlyp@?{fPpPISAAT5F-c0 z^$ftPWo*6oPhHeW$*xWr3R{Rt#Np3e;u zj#Xwk-@e%+594J;d$my*5pTIp(BM&#Kfkm$>|iD4SAueW`|Y>>*k)8$wv$#+s`K*l zC?|ltX{yepBmPl_l|!8HT0Jc0KeDcQbiif809(M)&W^Zy_8Ltr2JkvnZXUYu)m8nm zcsa57rj6-eH54=*`U}r~tb$xZnf}@ze;5GFLY1yX^&teKCaG5SiMqGIuIz0BEZIMd zN}Gp^>nPbVprm9JH#MotN1nQrsSbEHkU4Yh=hZcfIGr~#-#qsMh0+bD;u%!pDHfj& zrwn%AFm0M%3jtZ-o#x4_3yL(T_eNtn9IcQSp-7Dw5T_W%pBnN zwMN+n>qm2v)y7Ai-tgQKj*o>qFn4waaN8lED8y~Xfv8qMW}q%t_sM;*wSoI>`}FBC zNS;DCl*}AZQX+Gv1&J+ehYd(;mQpBn97IR&nCr8+?DVFfpn&~skOs<7HV$zrL$e0q z*zbl`h;&d1#JM4LXms@bi%h*gHuY!dAi~30{SY6tSHIsH1MY%iut1-LEQlT~l=Wz@ z3OVn9n%*08fMuij&S@44|kj{COG@!-E-2#OC2oCv%XI7BJVEiLvl5b#OAht#V zxDHYFR=hcBI$&J*H8nMrk# z8IF34FaT0m$uoIs?zwO_Z))%sbkk^9SnG8YuzjOZG~gVZ=~sNec)lYat8DgNg2RdCrxAG5l_=kFX5VdDs0vmjch4Vsnyn58fquDHVDfI6L$X~YdDJe2b0iF zPuyWIhfO~PdKb8lX0-&j*%>fCbYiBar?)b|W}JneWEh2e7nG(NP?hbUKR*Gx8jYgf zJN%z2alM0~|5P(u*}I^U1L$+C?Ia%ZW9XIx2Q*NcD8Pb34J%2`AlXziEF(UD{_F!2 zgxb@`TW~`er~>C0GhxszfL7JB)iWJy3-%bL#wFvFSnc!mS6P}oOB zeYS7k-mr9~9il*JsHS_T#l)~-)Fda0Q_=Y!q3=?k2(eIzYyxF4;>s;tvZ4&KCNG1E zQ&3kKUdVImI9w4@z7;o?Z!aE9cIwNrW?uBmNKcPOU5w3L^n9)>iGv*$5+!V1a>hcu zv3ipBFALpbXYZLj;Bu=6Ej=2W9(Dc(@B)pY&X>@YBUq2E48n*?2^xLY4ayo0$Doxs zg62UxPz2z$sCsEjON-XF!wg5*po8Nj!IjtyG&fC2Kq&MpU8#xcEqwjb92|0zfF{NU z%=ubCL2)sG^Q&PY?s@JqFSo89v+Q@T@QzKO@d~^Z(F54?DD#P{dtkNArL5eWes4@hpts75&MkxnjsvZ zfS55@omgDGN^?In_q!!}_d#;yP7O+9T~34IuR&yI?^n)KN4dC!l{LGy4-#42GRdhk z@QusibEpamu?jn3H@o|`x9E3TKhUzOxy~8y{B{}pt=^@o0F&V!w`FL_!Nz5GAN^-l zWawj*NH;w_tI1V}&})S5A7V52k3*H{5cL1U!^0T7bz1eG0n6=+Rr#28Nz^{D0<928 zA!59C!Wn^FS!YzU?JuFuJ`Xiq0bGO+jIY`wB}-5TFGUI@KOlj222peh&s2rx^2WX_ ztuKrFKgsOc%?({zKoNPd0ch~N0Jo&r~+3gqy0voucF3#T~M&U zG0c@&u@$-bZA**hoHO3s9FKL$D&A;PBOt1v{CtcUGYrWEOotlrlvrY-^`ns;;0>)o z7l}>V+h14mo-6A;mWO0TRU#5_&O~<{9(WawR2=pK!HVqjMv+Cn+joH?30RgYARFSmp|ip(8jM~r z7b>FbTo2&hSS%9CuHIR+Y7Q;G%sIBqu_OKeIbHDsYyNJitOw0VnL_Ig1Vqa$?r)2L z%W$e6du}Qy`>T^WWT}iYxdB=>MlHxh$TcK5t`M@fTUp!wuChB{}|C5f|n; zEuZbUi;LuA@`ux(|5xPWbpEHRDN?8;xX(R*M18I#CkPAIm<1yck_I~X_3K%%AJn%> zju$OW5GdUh5x0Pm+99Pv4eUXHsfLgP)9=2Gk6Pw^Z~YC(v+JorRkdr3`v+RkS&Lh% z`IVpw!;2jSRigV@S~EGG2yE`s%vJMF)-GU!EF?=In_5{(41@iW`Yy;()VI^6QbeAoM$$58w`%t73NJNu(8Ut|IZ3%3P zQ91R03)AouZDkOznJ)&vVGRgo1=9Ygd4~A45H#Ll$I23C2#~V^vOG3G9LjM~yS)K# zM>&R(cDdo(?kk9h5Q-I4hIaw^NV5izWK_T=0Zf(*3X(lb z#%?o2aY$G=VS&Bxl%Jk^j9VoqF9bWmqOrb)C|Eb@7TV&6Q9lu3jc(H#c)7MR5D(Bb zncJRn&x|#O6F!Rh3l`96C(;p(jD6~%oV4hZMKEI)_xfr;q(^hoV;tW&z}!rfGR@9I zr>z{Qom3d&Uw2An4;nSeeNo@H?&1;}lwE)gar| zBBoTO7%St7>UOOM4^3hb5%Lfy)(Pm{24L3XlSCy0eS8OlTO&Ii)Br#B3qz!%{M|0$ z{N1;E8y|x)fY+zBOuD}qr&R%@eTqT(;eTk`OzPSev+I9~lMUMZ^YLS|3AK}G;{pBR z!(|A|Gl{>EGQqK{HJ#5^cuxKd@!43!(-q7YiP~h7WRJa&R7V$@jpd^L-K`Y`Jfc5#8`WhvY+?fD;i70-zQZ9Ai_>u$-HMfvR|Fl04M=gQ@Dwd1 zhXyW=v;%K59iMHd9~!_$F9wgn@4x@vUpF3Jh?s+Ze=)V7+smZ zKw^mtgQ_&w_=$Ky6aX42HZ$Ke8iJnKeL_`QWZUhY$|x^1vH8!#&5V8tSm+ZA5^`2B02-(6n2GY92hU9h=cQUTJ5 z2GN-asy=A`NKfB)4Dz-&sW>3V5cw4|Ek6AY8*|_8Y;|u)_LjE<-hY5kVJGv=>R*^W z;_%s0p^sIz%QmM)sCYUyVU7}G&m@5pb*!r%4q@W4yx`-%Si-th5W%9Krm-)L$Fj{FL6 zMhMY72x?@>b7$KS3!bFYuVFRsxi9hC7b41eAaN=_Il7p@7YhC7=r-=n4bE6z=MY?h zsU0+=MQ^76)2Dle8$jnJz(3c6q+CYxHX!v{VU!^T6x)ZDDb0gc++G^ zZY~quR*hfh_~~=X_($+8(V$bP?(g8LWFicAAqiszeb*)~%`XFpQG|dB@{r+8J{K&y z5e!eU@=(sm&&J(J+3@7^E5zH^|CnX}y3=^xU!fPyS)I=c4ZAPxE`h ztl~UnJkt*S-%0A+TwJY_n-P0xvOa47weaOKnZA(@{WeJjGuuQlAJ#vSk zV|4=NZADCdz?LXdtI2k-Lg_C95bTF7o8vgrA8RJUgV>6u%W6c6^9M3XTz@Hf0`wvE zd{fH~bZ(n9?r3WhqMrpxqJ$r;LK~HOy2T-)ng~&XsSOOiM)LB3$zB2Q>8iw&qs4}V z%;~Yb*=khL)H2by?{zQd=VlbX5#iwwo8M{GfdJKA;|>_Hkvb-WF$QNC5W0TpGzNq3!8|eG4U45tDz;H;;v` z)vv{!31jNbUVXJwNsc2%E(qXu&b)Ky#ZUMqH8pfM=Vav@g9N4$0dGcY?a3jbO5OZ8 zFyX*@WVGzaB~ApdHs?~s&Zy3Fb0a?#WN}9P`_CbL>UV9rtIDtcx`lWHbV+r=&g#R3 z)s`Xcm^Kl%y;NqofH*ifPj*o`(8AO<35tOYRNAH3b1$AWwSGv1A@vkx1<2YdG#w~b zfk8t5_E6_1IFsbt>&Qe!h5ZmG2)iK_JNR3Re%Qx!t#~z}$U&XOp{LLgrnz-{b*^)` zO?~C94g=@;P|(mDY!taYxG^clIlI2Z>nMCaPmx8#h?PSOu@vJH$5w124?ax_Kx7%3 z84^SxLKbzv(BP1wJ_}n@GPuxzlbjv*qUk-jCTXxz)g<|VscYb9UWTRqICFRAhHQZ0 zhv$z0ymow7K!Nt(GW%Y^aQpCpi=%MuV84#je?)3W0n$`+NnK5iv@-(bs07LZc!pua zV8TMH3~!mb>;R6457ZlKuw-9%7JimBkV>o}fQ>J@GW#9cK$a?^IU51cXpHr1AlyNj=h0fUXS*yKJu>nKlN0fZE!CG$ z-T_3te*N08?9m~j?8$>m72}rUx1X<{V_#Xu0!`f5#4PeYijooJ;An<_>7i1zlRY|r z_RjG4AzqgozH`q1cSdyKD*i41@qc|-n1f~3{DWpphl&%Zv7nw7^~HYVd^=~`a2IxG zKLYLiyLq4G#NVrQ;XiLm*?)KmzF+-UV5z>jri*1OhzeWccYN7@!_2k+@ZJ0;On;l% z185Wh>X{r7WQ#-|0-V6imI5zMe<%kuvql{H2bn?POR55v4T??Wn$u2MK6275jwQ>M z)necd1z8lUfa_AAa?2?u{oOVI4;NA4$hg(WmSinOaw#nAUS4J;jUa%M`Z4l;QAx>Z zIMWExlW`|&F zfF6apGG`D(Nwpy_I9bHVvw8C5$;e4UV#HC9^iH!cK7IHXf_i#0!eE(xs7oXO7**VQ ztT3@leU%*#*}HLU88vq+~yEY!~&5NUCi$9$jXJb}Bley0UScH18>fZMvf=m@|t z){xR75OUFOjE4Ho_Ixf|>j*m?ji*D+MJ?lkFx+LeqjoMs#oEqfI+VV@a@o}jOqDEI ztdT`VVB0FfAGJ}^J+O@Atwix5&{%+Ux#HJf$>m8NK+H7t-oX zi2lSwq*)K7F?rJ{1GqdOgGE38*PM(MCpgS?|As*^WeX9d#h;|)Wc^*%Z{S6#ANmHO zAS#kLC>0s!_B;JB>|_Ge>uvUfoIV*j;5ZOdx5ZOQF|0feXy8HaWpIfd3PJ)^j}9%M zxiXokZMm43T{i(JPP5Dar5hFwW3L1@gs=WrBm}689b#hjQxalgs-@yXx5L-BxYC?5 zxW#K}h!zxJI3$#zW+_Ap2vAjL{{MnB@x%nV)?$}Oek~R##YigB=kupw!(EI0WbvT|JIWI#mlm68j7XC| z;{5_$2>H8NTa!u;2!N7>t#7e5-pU=WJd8guSmUmh4Vm;fnh87ssvkB;@8wzxPkKs& zIX1?xm~&>qhkj05-93BuxN~WPw$W2T(Qy_{dtr!WX*PU@HlNUD!LNbddTiqTkb$~8<8FO@}=lU;8V!GF1YEI)-S1)yNMyPDlc-G?q zgNray)|+bi<4410$DUn7ooGnZfPe_%*T(TS5Z%s=8(%&aN54Jbqva07pBmIAB`xae z>L9r~ty`D_M`+t)TFYbN*{GulXaptjO1Oo9!&MO;%2ADXTgzP=US8OA2f>Enji{(4 zvc&}llqSA`>3;Y6+LcXsOfRqYLjNZlAi7f!tBv)%|CL&Q>fYaKeJ82)E!rSPfVdNR zoZ5YrhcO#K%KO07mm?S|RnJVt+^?G$r8NTU2M=tjG&n3X1iqtu)<3+5!Lx~}yWvR? zBp-KzxQ(M49Dg2k=t@4db5I^D0O(fWHc0gMRzQJ?c50$~<-n0qt!(}FB*fdG{{1{N zQ$w$^M7VF-=&^O3)C@3dmskPY4$QD|5~$m^&+bm0b4xj z62@m};E$H9tj!8_=MJX;{^tpXd1X*H41d)=*2Re;V^CVNrYRq;UQO&OWc{=9K>* zDm_(qS+Uf~iyAa3+Z81>xV_C(G|@~>)YQ6s#<)rZf+(y+kzNu>DRzo!fsiqzK%W{_ zgct7OY@&<&_-6$w#D8w@Mi~iK8&h8y-XzT@3kZDocV|Ak^FHWhN#@u&xMqnTMOr5h zo0h}GWNf8$OOM*Wr_I}Jd!{UoV1sa!merXBju4iHGuGD0Xe_Z;9y4o$f0c?#9-6|1 z@uM_+GHVcpQV+!A>{e~kp3`R|M()T43ZEtk9-+A!iaeYm>R@?m0THayeos5Nx=lg} zWdc<>q}Nbx`nOViebcg#duV7Ri!FJhFhC#-(KoQjb?WO0^nFz_ZDqy3{-rK!ew)fy@Yj$-buu#)I@^V4hg6o5j0b-@L|g^o zKoKyczxx61hNWMV*;(;jRy_-$wU}f0c5#rXKt8LltD7j_iO%aM+@YguqndmD(@#I` zMq<=PC*B&k-}aJSBWt9BBT4w;Uq5-csAbufM8lf(sk__gDH`{7-(K&vO@5n~&$RFX}PO2g&aL+v^PJw7v(y;-_ENimhW>auBXm(YQBGqO8qOE_#d>RGhKkLe+@97 zAiXcmSXl$gIX|qyY->`_U;h+9S10tkHA&NSKd1rs9zJxG^>Pw1algc$`yklthO6U(F{gR=X`croFDS>_zt*RJw6vPRl zdEgYH`B^mO47}bM5F1umH`7bmMJY&eN0dqRDr>^h*-)`BX>zk*Kq!N3CvJw1I5^p`9Zzq@xYKq!7`fZO7$VI7M*!Qt?i0fsKR7r|b41XvFY zUs5kZE9NWT1w?CiI(w{fJKWP+bMXd^gL|N!9P$2j!v@nd8Ks6wgj3U#dn08-&HQjF z>!@QBP~8*tMEke#myWm)m{;J?_M9t!`0LjM?Zmvpvl!X61=JZYnDPf`*wdo9rMp>i z>2~xJtuwRi+Sm7UtU>#PWABRsg?Kg5q^BsrNUXp#u6nhnYx|WUY$?)crKYYXj1PWs zo@4du?WB*GHGbe7`tpUkcVYk+nSg(}Q6txE$goSDwD2fC!{Eey>f7V`cJlGbprzAx ziy)9K@!%Mu)%W4WmJ_85YkYi#w=u{WJDy<+e>q;NL~BF+8Z*D|=4jli4Cp*PhkvHX zf5ztGi!(iyIV)N4Q4uSV|>^N6&m;h5*UMie&D^xL+{iinWP^P2(bDaoJjIz?of=z>(C#h>6!-=6J z*?fAn(2B0G11|{#PkxXT9@*2UtKo_OqkD|ueCN}9-4sv8*lg#Tu}7^}F2VnsW!_j} zkM`!wJ(t+-D#BRmhf*A?LDOw8E!qhEpA!ICHkg=n`oZo)Gigf5vOzyYdTx>?;fNRlY)2@S_y6i#ljxr$JSzL``}SgTy0qVp zi|e7c-3j`jFV`gnRV8MeVya*)G{>)g`3ys=^bL3j$@?2U(JTL8Hv05^;f6^7INX$l zF&Q)d?#0Eu1-9eHvUIB6gip>|-M)Nhk-NXY|F}WGaE1HxM(1TqEVe@y;bXqh*_JG- z6E$}uiRULug>DGD7yrxN)y;71TCEM$e#;h+^5S-*?Dut|DGG?09)obj2QGJ>r!qnl z<$)ln(p0A&W3DFq_j=$)U=-}yeaZ+7xObcN6ZVZ;a0`ZMnizeqm&sv~gk_?!xMHqT z>FN&OFW@$2#WILcM&$j=pH50-q0_i$B{3>5O492{jsiQessZLmz1ak zd7+oiNeG|DIc{Hn&#WjVQ&hDh?RphL51@@8wUZ}n&u zas?6_3bDW*e8e>r!A=QKoLQ?_;PM2%%?VJ@Bk+KK@WrsoPH&y&R>u0P0@Qp7dVmy? zl{`v2_U-$iwE5uH=X~mgrBTvmq4WC%u((iO$&D)r z*Tc}g<6sIZ$tzA~WLb`x+GU+kb)FHv#jJCRDfH_Gz?Coq&2!IELp&lJBYDrh+JA-k zA@^jpBhf?6X6pK(2YhaZz@ZnRh ze+#AdEM8k1lXh%-rZ9Bk4a#`q6=>_H(RWCpMkucN{f%x<{)q>Rx%$BW`H4?cqwu`K z;6ynNW&JkFu(hbZgrJsNFEjF*JfvqzIpPhbj_CSenlHT+xGYbQTb1e9iA|2ldm4Fn z?09?E=acbY*MD`_`XcJS-@jVeHqY%&9c$~V(vUe-nnm=^-~Da>@n*7Re*j)!21x)v zbuXj05~Wuq(s93v1e%S21Z)c$_%Zi@JZ3m2d(}(vn={a_Uup9<3)dhv1J?(Y#4zEv zr>08tW4hDS{<)dIBaXven-E<j2Mfa|M(3p4Grf3Ug{G0F?|hhA&tY~4O@FtB8nS1FbI|(wt=91 z+-o}<4}eEgXDmm=nt9>%Ler3unerC-u_GJieRM7O#g66W0+e^o-r>N#NhVk(YI>n8 zGk@Wd9h)~F#;Cr)3~^KYLF6lHd`8?sBshnJ^Sohchb>Iy?RC4j>hD4>4_PnWFyctWV%>vs8v z!=DEKgB+z`&?snv`pTN141c5gbcH)_X^^Nq4vsHGRdNb}Zq-Tm5+sEf4zP}7e<$#0 zMlg$m@$7w<+DIktfvlN7f zjzNeU*WBId*T2j$-B`HuAq!aAen2Ji@d{=zJOO^{fx(Ujno#Q;m{@obWB{k`aS@?S z=omdT)GtJ1gh&nt0PTB~!bQ`0sQYVbAQ!WsQ$&5fVZqQdqr!dXMd=z~AFy<@v(7Z)3g*NCM!j*pY zo0kTti_>&7fAx>lc1*vkf(DwXh`B1w#2XS@Mh>?YjJ;Gz#du+=jYx2zMIloc1}ebi zXs{~b;2Rn}3Iw_@8#RkSQ$J`{jGKxo8e*#6Gjx=LtBEF|8xtQP z|LgJ545MmLJ2a4*qxov}b^OQh*rZ3x*h80wLJ1 z;8;EkrQ^Nz^>N%Sjku%WM(!wl501O;Sj0hqyOd)veJgsE-{EviW8ckST&-Ns0aij zm1qTNK}04|kx>PtAVEv$Z{Mu^1zr8(2baG0z4v*Z^PIEK-uuXXU;a$;PTIF=4m3(K zx#{Iw*zw7>Pa^M}SsQPP?6EjIYMW)m4zQ9sKvIqhL0^@npGfxb7 z2jS!}&xvvP)E9s}mam@ph_ca^9pD_D4QFx+1T|_QE?;o((SY)C{&_e^tej+T&lr~- zwli;%vEqn0-C-y{>a-HJEdwf4`%vt_^jWWh3uhS6>0Iib{%~+dGep4#PVrisn6ucb z@bo`i?US(%O6Na$)(-{IKd!r&o<0;ZQf(ly!RY3!qH8Y)VVJ=4l4N{HV;rhUT#Tje zld}BD*xw7c`z`+_xx4PIGP5Tp?Kc2ZH@Z1P8>kH#`4h~~OXSk9*KCby)KImp;J#N| zut_Ar-Czymud1eH?$^)5Jd3_sF;h&+vliHS2f1149@s|}O&1%u5U;v2Ju@pD-KAb?7D_u>0$ajPR#l*k3>8TV~GeObY&NZtI_){{5AA z=@i%q$3la$M&`7kkFbZmd3-W%tslGiLoPlDIi!H4Df?R9wTu8g|nBpASHji z$z$bSKM1CINktLEi;M$S;|xLIExu&l7;HBr!M3}+3w@%4K`90*U9x1J6#ux%Y0~nv`c3&8l0rQTJC;;M zPH-+d>OO?QFixPgg|Q>*pcoz}g9zQ7vwqCDXkUZg6=BW2$(dP%Y{B6o<|83iYFR{< zw&(uidfsC<_fTgU0)iMbiTfd#&Gjw#%tRlnvv6i<`JKzr&Hur_J$d)>{qa*B+XIbVi z=rkG=Ss1CP3DSmm`QaN>J}s-_a?*9nRw~(4yf|KV4+PO0Sc+7v=FJ_iuZ<39UTk%3 zg2&6f$w92Gt?Se44xJlEq3=zbn~$1rnc~3=78J#j9#}?Dp`GF}=jK+F{*Zkni*u^k zWJS>}DI@Pzz>|~1YkV>aO6B?#8->y`@zvE5AOk|B9Tt&ECOoh8+Gwu?I^~Uf+p%iD zR5K^h$@}m}Ik*z<7@wEC3h#_>KCJSCT$nBzy+ABgz6k2#YUcRYG`~?9{hpA=n*Ty(+B0aK&-RZZ0eVn1>R)*lSJtF;#*AS4U#7E{bCE$iFD z-^Bh4?L_yvlfe-6>~3dlxfye67LGZJ9XH#O{K^uR#OK|AY8AI1^}$EImlGi!4YcFD zDGjHgnuWQukcc_`y}{YL>ylsKXf$QY;+VCwJf81${XlmmSCU1q2G3lw6}3I+g|vf3 z$jVL1;bY%-LN-4*@!vSVrtRdcg|&M;d)$gEp$tUioK3oQdQt4K%Eg1+n`^UAI%u6V z-f6gTM}p};b|N6~4x%(SmS50_s}%bCvrg?_HmYDEf5~R(dKglgzo4u%;gnZQE|ajv!3nayoWGREalyIUdP_NsOtds-@`k1`P6Zl z&5r!eJod8=?Kh>3V{$W=ZnGM7Ve-!2RxNM3+xqMu93gWP*0S`Ii!A5eXHftMfsSLx zZbb8GEahN0UN_wdVl#_PDI-M4Zc}n@3#LLm&J;gCYRGGCvw$7X^lhLywcCIG$`XpY zy>HzOc4zaEW;$x4a(CsoKHQv`-r4+|zy|i`IbiBxcVVozP#_YNPsw&-M>6iO$ z$+3Z5ZptbP?p>Bt4I)MI=|rYvl^mC>i-TIY03nG41_0 zzK(^g%VwJ^6Dnv{fZJ`>xyz?O*5g?LkTU1Aoz|e zZAp%4@y67wW1!O;=)(ME`}V*HyXHOe8Nxwp1D-tOx<|=^oL+nF!TFBr=H^t`ZVE+> zsAlEuBZQdLDRgRS)pq`E033A@KGUnnjZe@34_#1}NXQb6cArbwY3{&@hT3hNoIZIK zNb#!7N%#U1A1R~DG@34tX`IpQYTmlZtfssL5L5U zTW?a?B5)RI4tnET`)Rs!+<= zWcgdCs35dqdx92v94r?Rmb8Sx2FAs3GU2}ap2F$GfUT~@eJL5^dRpWY+r zk6f!FMnP?-HuRHH2QJ33%a<=xP$n2#?tLe(p(w`pDNggL@;GA4g!!5yg(=gcg`9t! z<<-uk97}^F+ON(d&NSCAmAhY^fkRuHW((!S%lP*Q@$$_|QUxmWzm}4pi%KfNE<~GY zC2%P|hs3M>9Q@!a8QmMSYWZA&`3?p;2|7d~cuT)5iML#nIf!y3zjSh=l~rlJ(SLof zA)=<-f(dc!^ePv-`B4?7+=!Fza0B++b+g;iar}$44r9oBK;l-TQY>wo@wJG9VP9oR zbWUqjz#c?NZ|Ftxg znmc>xY%VUYxlCn6O)jqKEnHmF`hS^;S7O$2Z^VBjZTB3q)v`KmYk%D46qnj@+q33Y zw&tcMR-8X&bI#Pta_gq;n>KG)VPb20_MDWcsKwvDVUv}Ov8c@AnBVXwv(73XKF7ty zdz}867A_xV%Ee{p#8lj+?eM6x*8b?hriRI$p}Bwlx_FgHU|?gN$zgTzp?B|Xf}6sR zGH<=V^YDJ?VV->jPrX%z3sejC6>#F8{IG6*b$6?E(5j)GM? zS*jwn(5`Ssc97P?&PLFy!h!C+%>)qaZTf& z`oo+RkEhcgj!pa7cIt%<7cNZw?1dS>eV9hCJo~3NS@fUwCZEN=4^$ZDpN`Kv9WT6P z%a)+@z8A7xxx8EsJLp60Lk>pk4LhtLJx-lm2yoJp^JpQA%F>kf5u5MGI-;ssu50>6usbKs4^UHL}xm*I=Gr2CL|F&Sk zNk)hhpM?2+mudxfo;8PE(>tq^ec5YNLO)q%IuE}u4pAu?UsC7P9?hz9FS~U4a;0bM zhbIbrwSL@%k-1sNvuA2OJN9yc+e`}y-&s6765Flna0zzpU6=wDh?~TrnYvQ!}ntrm2rE7H2g~o{iL^@?>N--?yd?xB=+I9GoglV;{*PlPj>$C z)3p&+%ZHUNljB1oN0Od0T1zzK%X|!79g9Y}*nL>jCJurB(hYM8eOA36qZ*%@})@7_G z*VIL?tMcug)dS^6tXkX3qC|8ey-&Zt|71EhPfNYqWEt+IL*tjR!D_3>!||b;j;7o` z!Lq1MQnMAn#tq4u7*Ux%^Vi!^QBhcmz_n@*P3kjUc&Y{DoDU7Om6d$ScE7vvh{VmM z+xAr_S(HR*g(bL6x)%7$PHh<4%Ji`}L^G9(w5ESP&i<(T3qq04kMtreian>(uj{d4 zmTRr|#v|p*TO`kY6UV!##QDt^QokR#=f+ZIPHt}QBRLnT0?#kl2J|;&oEGoYsKMyB zk@mL*7ew*9+1e%uYX)B(H+I41W|pU0H(W8TNqNrc&YGNH1xhs+1#HI|O_o0#=QcUP zs2;)V9rmBb$Hv~@T(*6AxlqPMfA*Zko9<&FD!aJ?WLXk-m0Y^JY`I;=M+S28^753o z;2R|>VhuIo{BVt*+U>C3c~U*2OiP!Hde_l{Pv#P<^D=&Xy}{FN;4+}II&X)xv@agr z`n*o7nv~;azIt4bIr@!3dmtMuM)kV~Tf=fZ_*OHeT*p!}v5i@6 ztTF!Mt>x0)=b8&SVdsmB)4MaHQc`vd|M;;^M&>A@1GD^0S>#=({+5-@k#D|M{YCPV zHGOjJWl>?@3Vc=Ai#8m3tm3n&vSOotns#yY@Fv<^jf0yuZCWa66U?CP_E45JC_6Oc zMbJe=@@F2{Ap6*39r63r4-9?JY+u@??3I&7U76 ztQ8t=Ru=j0-bUZJlX-!-Qxk-r>({UE)0Y3D=!g@TIKJ(|*Ecuv3kuW>3=GUZJ$r&+ zefLB?ZQVbnb4RK^*z)e-wy3yM`JpyV?@WJu{~~4IRm1OT(Ol@~G*G77)Z8qD05?25 z9D(@4RM)d(1q^l9$8N84P`EsMp(e%k^}3r9O+M~+8|!g*@s*z((~3Tld@nXO_Nc!8 zT_FvDMDt2bgn|nG(J~Ip9$`|otE-DH8UIA#8rnK4%s3g<#TimUAF1F`p=^W&7in$hLd*PZq9;rj~8v!ds|;GpV#vM ztI3E!*ut$IziuHrIo9{?kz_ohwnuEp`{x-mDzh>JZu>48?5GUF+1tlXvuh7sj-@y> z>1SVer{J`g*tblkHSfm7b>UFXK3GVEq@#mWtSbo`C^1nj*!JDl6}4$nDHU%>S%y(TDWw`}^v>_n$r6?A}`{_tnxv z3^_fiLanpAeO$Tq_n|y5q3Vk9@uB(%vsir8UUr0bgl3>!k40_k@AgI>55!G1*`u4Z zLOt%B%*e=ik8js16XM!@MX6>Q*P`bZ)e>)Va`v%Bw8L*lS|G_=O-ij=wMuO?o;75- zQ7=K6T^g#kOj24}`e~Nyc-lj8)4+{KlGYtbGM_znZW)$s0Uuw)gRRCQR&^Otc5UAN zZWE6B>E}1*xp?qPAGEf%9%+k;wQYR+JHMojqE@Ktov^U5uV25GhG_`CdGkinJl?+B zfTGIcO-J|t@zab20s=AF?!4{azhsY$^%XTWHH9?fdbX!F`>XWwWHRRRZBf*a8xFp= zNk0;C*`y*yzpXYsnbC@Xyi~&cP+W79yP)fS|4*1NGQJ@?*PF1&d0;y15f zhwr*L6M?{I_Ck^1JvSD$Hs*Oro&9_PxmYVTJ-t2W=CZbrK}vzrr3jc&BmJ#GzT2%t z)~!>{_YtkYgG)p{aq0i4WOMFZ3DV_2Z@#Edbuuy(y%8P_n@3RY=~m;yme#NU^`uP3 zIBub>G{Vb6EK)Bq@>`)_6oNoVO2N34^N(k!zt%8A_T5d3O*-FMb!sxrwzW8-D)dZ6 z%+f6%`A~-pP-YT%BxXpYq#BEc6~FrS-U!s%OV9 z&R($Ym|;cY8C{)7ZDx^7pU1@bkfEBN)V93C{o~`~iB1D%qpUQ?zHeohX3bBaEr@8I zHP(B>LoBY+oH^)-OW>)-kv#PAt+9B`8Ap zUzPsoX;{O2b7OG@qHag`(dIlarS6QrTZ{-~->M`FU)*Hmix)2#qe-@{nsjSL>h6l;X8{_8fUGPwp;&kFGpaG@acYYm*iC?hQ@jT$;bZ(a9;)%y+}#xKCM` z4m~F#hZc4tcD?fw@|?YRler)aTGs%`8T4=r9zNcRi|dZ^IqNKv!+`%161Z-aMhQ6l)`9 zT$T?j{n~t?wR|U+ikqxxJ$M0mh2IhGlI3s(ABHI%w4`?{~DEh zh?61xJ-LE?b&?kpQ!eswIhfQI1w}+WKl^33qoZRhBK#e9cXy66GW5t$z1te5XvX*5 zan(NSb=7el<)|CjN9$ws(;4~mXTCvEYY{haT-5-_M4kOjX9bch;pYk#X8%-6RDzCztE;PhSq^see2(jiTBr9?$A6?R#-1wE(vZE|G15Pg>f_x}GJn=K%bG)m zDE}g>R5o2rOG}d)vy@#IA?d#L^!pDUd|Nf2BA11J_^{vohDMLMgfFV9C&>9a@uv%l zpB|1+FfCb&=xjRFRohmdm9^JXAlg%IL^&2wQC4uy1*JK_$Y(VWNJ3ENh8z+~y>QM!C043m-{30hFN3F>D3E(aUsBee}pu*5Tgw znDf387RWKa3x>RE8io*7vy24iUwMHnAl)x3sUg#&7$=x`SC4sFqqQ(zQ{|Qh7egrG z!h*$%!>}#ds;#oh1l`7-;91qB2F+p&FcdWP5=@R;rK2(#vgJ;}e|Q>x7ex?{(v4NO zuD&GSKE!&y^2_RB6wz6+NnNiiD-WZ>i98T=1tB2{^-Zu-b)&y}%ZDcyfvej`+jPf< zRXgkFwoXi(Pf1UY0_LIWF3r9>2Dl*fkUS1eTY0oE6*#yIvoEhMKNK^%B4JS#93H-o zN-QbcmfP89rgI4xf=hTI+tc5l5jG^@<@MdAS1U|C#LV|ncXU|UXfjF*k)tWkX7Vf# zM?z~)tS~5v)QJ+e?>d@jS*xenYd_t~>)=b_3WW{gd}^-ZaGsgk5S88+Dj);{PlmZ4O-u=WSpn{zoU*zpy#aB6BPRhR~ z`1nu|s)NBIj|l{h&Zb%Q%jm=e1_pMe1Yf@Naz%7i!gUn9*#d>Md!r3Fdbys06$9-R zr#!5Gc(f+`wrEl4*l=I|k{}*_sg~E*=G!N_oIDxqA$IMabgit9Wx*i-B;%Ez+~NuK zdFm2L*m~L)ThDz{y?o`08TMdadETAX?%8YrfzjE`OuzL;?_KI;eI~l?$0u{6pg zdfcRm>*%=bM`fWD@6h~0E8Y0hYVO0rrwboFIBhZA!Qpq1G52ocOi~(S_XA~zwDEuZ z;khdxC3>X%i8jlVg^wyHOe|le56r69m9ze;80hv|C=vH4*nm}dE^b;fTRlL|f>#7c zxf~~Q!GZIUmN3LYUkeKUnn53$=KMK@K8O`qOr|9yU@)b!6id%%Ys+B;^0S9&OtlHE6ZhdTUWoAjq z%ZuEd-5J}>KW)yFvhQ>4@q4XNNDp)_zmzsR0d?9L50+` z4=hDm!}?{Yum^im>hoqylUYg>U%ta|laEf!QAws|tN|wh><*)y9&u+?qSn!)k8HlZ zkC1a23085F8);cxo8hR%?y#2$IbvVlFnN3uh`|iIpJ|zeI%USpnPv!(ro{nx#MQ<( z1ms)#E0V83N?qQSa^&!pMw}fA=?9IMY=`)jE@1aDo zi>*z5bRcMN9wL}=k-rZ33LMHrM*GG?&vqgb-D4zLR3Ai%xvwu1Aw5SRi8a&}T@t1t zbi^J=e=xH=LQAM%^rz2X6lm42fLO^K?UHVK|3C{lSU1tEO#I~A-z;j=biy7Q6od$vDmU_aMku1`L5eRAc$_?z8$5h9%XOvgtq-H2XN!s zxMI2(6k}`fak|JkYVqTtVM6{6yMb}N861>jRDBaGL}&qo*8u?B1e>OPtnmcr$vSY8 zpg4L52g^Z55!_E7IodJWQ?R|h<(iQHZLz(GNjf(cZA?H-MRX>L)sIN);w~e$*eaD1 z3CfyYmGoE$=7ZOuII8pX&;jrwRq@82ILOg>2U9@5$V1Nq2?U_dH!Xj9nCV(KmK_P+ zV2Xn<1#F~mKp2U*$j#dZ&_FdY{_&Z8?6k6&!0?KlclT94@Z2i~s!dPY*^zceh(bwSbiETjee6 z_s@=Jv!j#2-DpK>3$tp27YPaq#+!T$9F@9Kx&b_v*qu9fm`T{WllOtW!%|$Zxz)_g z&DqT>Hf-p))hrw#l{G%-n}>Z6H@X3EaTo!m`I*|GL-$?A0R-7KRyKCUfkpO_@#mV= zfj7K5#E`bCCI)=1GFzWnj5*AlF=I_?ed+SaSC{8>wpS;ZdYMa`cD{eGH59PSeoQi< z(mYhjQ{Y=w;+edpL{#M1!~P4Z^ZcZfacB+MQ^f0_)4{FgpPorij4d^Kk7woK?yhvb zdBwVQZy!n7iBw8_B}VK^=ExX=GM}Mgz4R>$oPhU$b=_wSxdix$Z9SxpmB87MPz#XL z2Wn#fg+gg+Xb8eunZCa-R+VfOKy=l&(erk8cLM?fmTtFviZHwnwU*l8)?93sNEEX~ zm{H+?ut5lOcx0sQ@?wJzKpXv_)3{a|Rre|;?=wQ?#AA6hf%W$d}3TrC*`}-3iW7Aw1jVi+I#f53KS=Va#n@?*0 z5scGlNZ=SWTo7=>+v@5gAlcpp$Y-H+c!JUpkwgVtqw9*?d%xE?_o;Q(rt4zY9z1sJ zu}$OKCs?+qV=w=7Y7Oy8IQH@O-00K=bs*q3V8-C?=|fWNq#3bx{-zfSxh! zs!1I|814|0)3e=V>>%g?~szx}eHeJ8eafbHldnLFpIzPkS}q{pj~% z`pZM|0!x~6r#Fl_I9$z1^+`KvyZHN(FFb$It^VI%_J6+k^?!SSFQ%7+POCIeV)!`V z2HnO7pf) z&x6KCK}1W9?f&v|)~s2n4T3A_GevF*$VP&}xP1BY8a;+E6b{NiB(p#vxhWv4hf`+; z68~V#(Ff+~pcP#s2Pc8cg7d6bScI^4P9ipGBa5FZ^4G_iBRo%p5&%@lP>dF&I>kAQ zHoR@ITn9Oh5{N=2ul(3!;1c3q_(~!clt$|0e-R0YkDofLfI>DiNNG&Di1IZ8MIo-- zC~yyZug8*=Ch20N+5z>{WW%xa|PvU;-+!HRzH+;N%MDVi|}YI<#%AQ zs$+Xy5PqQum4k5(0?CJ@v4^i#mY!YQEkXGhgmV=()SAbiJ{@u&_~Va1X3v^s{mVxH zeNZYPB-1gfJL)*;D63;h97^d1Vi88P0-Nx`MPNp;UTD9W14;-=aR!b}3k&XxWlyx& zdkV<*ccpim^|yQ^7N!g}On=)eg`)g?l_J@pqkHXFA3hv+(%Rv*Asb5_GH=bkb$Hl# zsQLGAkwUxZ{FhfV^wVsa6c|x;*iDQ%(&NHQA3+m_Q<6q0d@U*ceCNYKQ0>@2LVDYc za(<0A%reNDoJe=Yjh`IipxPt;09RN7=v~sEa(1$~lV=3*qsh(~Z5DJvdd%u6*Kiu1t2&%!|2}SDCt*1Ru z(+YzI268_0;qfjaNf>3(M=I)Kf6V!XL==}%5Oxv3T)jO#L`+biMgdzp;JCwOB;l|1 z;yQ5FB8TIGA&;FjoE&M7g__(7I#nS3u0a2a*}8PK+`pA`BP>SO?xgk#UVgOp5FG8VEO3*YK=6i<4m-Z0KZ zF5@P#BuJW%P~tW39|D}ce)Z}Hh_U@O=Zad9;hnlUL(AI~_v~qf9B{yA zlfI_&h{W2pdjSIWXJ45+@M?}|aQ^cz6T#K|{lI_gH*emYH?-8**_p@*M+b*b`Oucd zAuJ-@DWOE7g1bLYD8K}Vw<^OiUPe~7(+-7P1WH6ww9~N0l#ok8xI6}s~M`vSuy|WhBg@@AiG1vu7U%v*Tu#ChyMjCL^6y!;q zG50lf@h^TTwwLMzz>CgP>Gs_Rakd*#j||nZG{B-i++iJvnl1qa17hA9o#uUPVvO({ z+Yubvs*_`#U0f0=59=k0=-(nwgYuba)22}#WTd91GTFp!Jbt`F?ZK8kkeBWzCnqx^ zP-{Gd7U5FO^jaGMk(;OUP5tL(+sw4DkD?5I3Ys-Mz;#48nrDXThT5M-Kmlr}+BBW4 zkcW0X7|VXC&nQ9n1LOh)xlRo(hA$bD>VYyoHjdd{fkh|z+EVDzONzCV8T>QzT`ByiW@ISMv1zka>wnDImCSVi=aFu;r`>xLY*rR)P4 zlMgEh#2|LYI}LV3fH_)8>(*t2{V6P@_5yr>%sMZe8~*1 zUfs3bvgT}xfg zm3Pf>8tSr$jR##z*!*e((%Zg2~TSvp;BGJnDo zJP2J&ju}_4?-PuYmx5%ZVOA!k(rs3CM~M{yPkO@0h_p>q%?GiuY=0zYFx=frxVgF4 zgJ{LdXt4*rX6?<{mn_|aauzpl7TMNSpJm9_4prrIw?TM9ao$#8=%!YBez&@Ma?Do7 zqv7u`1?-PH7_FUPazH11|1QKEUE~B!XJ?r@6bvUl?!?Ag1=@k0i;xO+0F*7}7Ic0L zS)>K!_MnZM+hn?#(!PK`?+>`M4$rFGp&s>s^~BIKlLeZsAY0RFVP{oV zttcSCWb{(^ldx|`Ng2aYednFmqm-~ zBilPHv*JCu*Vq2!gm_~IDf(oElA_{U_;Qfnl6`9B9z5!Id$Q%p55dRYrB4rQaq|k4 zg6kx*2BEz@$WyNP@ve*gFS!M4tVgj}wD$H-ec0gE$#>)ia0Z^^`l5{@$Y<`qIg1we z%B<0jHIQX}zQ?e)A6n2pIyxE!=h0xd{MdH|;^Pq#b=u3L5klCz*$=l{#aPy+tub3Y zVR|K9QkTgukH_)-**ZjR(wk;$e@nbKzkU!Rc zoGT~e(7NaYDB~C$4g>6VtH3Bpq>}@H=w+EMESJ85?S#`9Ol*{W;_aWYPr63Q zkikGCst;Z94aS_WlhfchowEaOv#Y-+<8;Br=V*k!xHk~{hFd0RFOMt-7 z!P$ZzYaSJt2>THT=y#>6VrlUXhe*ASvg5W;*Uc4w<|sq#%* z7B>g+@cPZ0I?Bq*fp&kV2gHwminh4pK1Cxqx>=b|sO zc(IS-c#6JWKv=@J*4BuL@zFD+*?e&qgaw5=6RC|D`Rs;{oFzAxh`lnnS9Ok-*-w^L zempSq)2C00f_o@u9=Zz-3_&w!lYW{B_H-Kz1C+&4(y&~oFhI0k2rBp1i@b6luKvE- zcA!mX;D) z2M-A#!k^V8Ns1}TcwG<^1BKGvHD#G_yM&;Mh(zsD_1wrES7jp3I*=I<(p^)oaqGB_PFHD=>-w|IF8Yzex0YBk| zgT0jl&J-0*IRfXJ+L4rJm*^+3UvRJ1kw;VGP-5N*=OoB!v_1hdLwOx2n_6|fN%f6kbbaN^BuS(s_y<~tTyRECd^B)EYMSdNt3*xc;XnBIwJ zec^7?+dB%l=L)b{UeQ`$gv*{D?u)7BnKg^qySKFy68QbEVai`#svwxN#lasVt!hB> zFM)!z4QX}H-o0jcEM!ty-gf2ErFC$ekz8=ZiW3661l^ln`uXT=V^-J|Y`=RO4hMez zd~8aThiSm|#}{r6^c{rT%h{tQ|7wRHx456?lp# z+y(-r@R<=AbT1?v+d3=Y?o5Hz0WCK?x+slqh?(LF1k7@l_{qB&fW|)-*Q~8vA^jJF z>k7O75l&ZJ=s(1k{3Eo(i_;!re6_PytOnW;R=TwuP6EE#g~9WUJPHHki+0G*T+%+p zvmARQ$m`M9aPfJjG_i#LotOCU@D^`5Wy^iRV++{BzpV3jUAd@um9Jjm6^tQwFEn1h+9@NrX$Oef*}weq0ajtJqmzL5 zQLyWv?k&R$R6vuo2oOz@20r;t<9T9;*iA4nYlDig>uqEbPQ-^2ghxV&MM)At4nRAT z^EJDQj;%lVbbrv^n~gAE6Q_z#ZUa|>i|yJkx@C(d;_S+mE3Z}k=uEC}Y-@{Ly3MQw zu#X*#q_&1-2dqNoqoJ~HByq`v=8lf1z}iuS$v|7UB+jLsk&Fa-pV$`^DQoo@p zu_;D=-3GIc%lDVuutp|o?pgcKUo8aG_kL9RBEq? z^+BSXId`e|rrfvu{l6019f8!3=d?dS&cz$fNurBOLe)wT`@^v~!Yfv+cq0L4S^w7? zq9Q9+?1anJ+t=6E#Si}?rMdAuN&npwEEekws$O<5+z|Y5q!98#k|B;61$Rg0(3JPS zI6Ajr*>=kfOxSGxgduYkh_TTTda@`+c#fxodlJ!02q*rA(VYRDs}DDbE*>-0Pwx1> zXfF^bWL9H60Qpbg7>|rhq9A6JONmVCx>C*7_h3pEz<&YhL;BJ=CXqsNummmW_E*}oCju#jo}KH&u<^o8 zM|W`2ABn(QrG+gEx8^4IUgW)SK-k{?es3QiA3d0&OyaIUiHkxVK!zjq0z3tsV}?rN z+MqRTH)Ko&9d`gSdl|S|{gksS^*!fc_wCFfa;W3DB=}Fra727S7YG9f$YfImPDd9n z40gg7Xp3j4*tzGQS)qQol-8scL6O2)KSye?!Z19?>zPulL32HRe}4N9Ti=4hM4jg& zEetVT{d_gHXB5)wNOORjI11^LZjZP8`5$0c_7E9`8p(F-hc##Tn=jb5kNE6`%a?Be zuS~WFwk@1yWik3kAk%9BY&W&HM*)%$^~7iQmQGyp;hj4#z}CRXo6xg@!nqLgKD>J- zFqObz=w9d0FqZ>oq!Ub1c*AYvS!d6yT>xj@V@73#PzXrA5nyV3hBS3UKn;X9{vL$J zjZD)ChjhiAMVpDh0E?3?-GES2iVBmzZOyM~#nD`25Z+BdNYR^XIeUzOjbf_LY=)H* z@uj}`cV+UACR=%Y#KzbL&I3A@8cOwN74TB~fFdM-h5J=u!_*Q5C+iv1`4p1CoB^*3 z75GW(0wDV^23kHU0G-U9Gbf(AA7<({IKSvG@&@(s#v1PS8uTD!oaUVtVj|-b{f>8- zqDFxAh@T+o2_AN3Hg;Du@ygwGoWV}o;6yl6O$8E?U2BLvvCX(}Idr{U2m#&xDGu*L209_X$&ge$;q-PW8P&H>+7bK&U5qQF0y-HM#h*xv3N z?hN{xc$dK5mKGCtr8ji@pMR%r75t1Ls#-R(24@Tjl^qNe zRhbW}u48K|84tX zpo47$V`$gemn-TzpQ_$>{QCEtg#SrF4>7`!C^SOQRwO>xvupCV4_lS7O8qdrnSxv}0}hHz zUIxJgCl*M3pw_;gC|tbmhb%jf6YH8h&%iWo@xS5?)DWq>ZQB=%gxr{cq^_x|>Osip z#GC7t`F)LfK`?<;XNf}JhxLcu@^Ru)w>KSRhlB(Kc;r4UAnS#{|9(7RgA;gqy39D^ zqD@R{1Ih%_A#*TD+ykHw;b;{Ciee`FZ&4TV8AJOJ5%c(oa9pV5(^23yg2*6~HK=+5 zVrFOTdbsGv{ls5;tIovcLFd69FNGU^ezb;}&2}cw6LC0?2=CdB^qay!Yk(DQEw3;A z-rui1IWe9H0eT!6lpT!cANj9P|DyTxS2KA$V*=p!K}?R1^$I5H0^4PfDHwdD`_5AX zj+87fl}tNl+Su7qKN9iMQ(C~tKnX5n;nJm%0C_A9q`6j9WaZ#8pi5~XhIYpIi>SY& z!hjm1;L6fVwFv<|ay~%GOU5_VWziOy&0vQPqE>AB^5qFt5__&M_=t9(0az8NEsw0? zp&9|3nAC6u!5jvF&F+FbnUKkD%Yh~%p9}G7!AI;LYM`qG35Ai`4L3mHgu^fggxEcl zaPv7quBdru{QUDew3kfrBZGqoPV1m9V8{Dlv0^A!fyWvF0bPn9Lxc|kt2T<1emr+! zDJeaK&@x1+yRxkFqx${#?=K<36;(75A~>`Z2EZ$*vTc#j6m>J$TTwW&Yy5ti>U5VurlQ3<%w=2iw}~V9V|w4Wa~yuf`~y2ZiV8a-2xSC-Z6(pZ-9|2ybqp0mX3qaW9n-8kUDJ1cz)?tRqX zB_)>A0w&d?&*;MQzu7Ea?2wmR(w?5p|KHa@i-q|Q(F!N2A(-!!Ue`M20lwO~GQUmX z|G(YAZLx+L(X}fS2Ithw`cLwvOu?7`g4W^x=$-#tP0Y7vlK&E`+c>Wq#&1pVV}Pg| zarmGZp|^9xfg?D@YH=2D{zx4dhicpgzcN_7g5tj4?i3PRA+Q(Vm0!yC17h7qCKZ5a z_FQSCnsfeFT; zs{jOUDq4`Mk!}0+^(+qLUc#FslKnJewoHq{-lZx&7v#)J*O90JBMRkPpg1F{83|aD z7-i&RZvjYuZ*B`x2pJu~zG|FO4Pyi2&4mILz%+qk&9>BkdE?qO>qE&Tpih;Mo8KhW zv$|!W3BP&bLEY^a-1Cs+bW+Y9XBMODfaHW{u1HwafDOvxlxQDp3kcu@joj0Ke&Unu zhI>yzxRw1l0R`F)_dwYa1(vthe5=j!9mUQ+gTa5gQsGL=U0s8Z$cMzR5_CXJE`x|f zEGkj5rkrY}>v$qWhC|*zX{)=OvG{|}hQlW&srSPE&=9pRgIovW+mtL!YzCr!$N>!; zs0-X=MS!TxMkTWf8YeN!Xu_myWm%UY%#?yZ0`jMyNi_PT}H9Ac4}ok|%_a zE6jGbaImucfRomPCxo}b;aRcFV~s~U4m{X$Do(!Y5wRO5<171t{iVG%AY5ZLeZXKq z2MhzZ43fL>$*qFZT7U6x#{eL|%g$E7H&x&Q`P)e6fxD2PI9e{7P;bNeNconnoouPk z%A)fDiIQ4dGsmIsmcnO`4%knzr;!x9Vv4d`OTx;6lz5w<>p|f<2m%3Z|BTTQswQyQ z+<67dQMBL+sSAr)jFjpb*@nN2ZJaTv`3w9*nVv#VV(qbVaM9<&cjbe%d#vt zH>xX9X|owHghgP(u`Oq0k@Q&Ckf|A!&8JC(goi}@)Vl@bKL@A4Q;qseF*c+3I$%RIIx2QNt%gMu;#V-*4Vi2M zhc7e8)h6it{SVji0o{q((X0FVF1X^9!xt@CIRJ2yFy0PVs2P|~lCsc+y#iDmQxjMg z&n)b@Q7*Ly500QvpX&cxv|$~SJkXHA0--fWf%9Sqi)M{!VznzkSTUI7&ca^^@e}ni zMKvI)j!v|m4!BfmbybkJ^nnw^0E&|qy5^&)Fojud51e8!acO}lBq15}?w$h&4#1#M zjOw%zxnuLU9trbLw@oD8ISBjtlK&Qh-9st6$nisDI5`;-^p-uP^2dqK||jk@gfRa5!s~_1w%nFx?9lE?k3V5cgA9 zBFwx{j=UvYhh;1UT%(8&=E)n>FIqsIGy?AW3p5Kq!Am=qTkVU_McUEC`Jf$3qBs=I z(Yr5D-$o&I=p~sy*kqVVkBs4zq0dIRbaP*=UWaBsMr|6`oo7X8UAjv}3-r;tbJe)% z7aUSf0Y^f?4eapFb@O)|d*6v?=LDXMeCQhuG7bTdsg#!EoBA8QG}fju9au*k`h&3# zKxLMJW%kks|F9DE#6nSn8iRYKl$fa`uV7AB@}5RXwH{mGdC;19>}IueJWRw$nz z1^&!Kv5CBx5j9?Ci30HYwQC=dxtGUWr96vU&uSkmM!+sCDiY0OjBL71U5}T7cb(Tq(e?W7F zH?TH3q4uIleyS1yrS5`!$z!nqUVa>BT^Ij!~oh6VtdTS3@fjQg6c z&o|GMp^i!|xK3chWhPj@x-@G`PB`wKZCRk$0`^hNC})Sv2nRWWG#a!9f7S0Cr4pa2 z3Akxk58yyZlfull8gUpq5Dm%MsDPM|PYhOVUnU;Zh0!lahhQYa5p77BLY*H5qriG` z@lyYrUju%EuANDItI06>B04%TNr8!J0JMRq`Hc<}3>kVUXTR_p*1pMJUtqQCAYwb% zDlL!ztrw00bY18I-Qe(Um9cHv4;N4Aq+i-;=tb#-9Wpd}A*8GL{qS?dbV zAv&w3Yf$Twa}SzdK;sDBEG%s!lK2325!gf30SOR45ixVl?Cbk4_hI-%=H}lFLKkuiOf%BwIc>WbFWsIt@`fQV3JaFlUW$}xL~{_A zUs&Aq*KUmz>Ho$VVz{3F5C!sY5dr_$NVMC+LDF0&y(`pN|EA+&>uqrwcYv?|)>&)+ z#&deGC2ji7y?H=cd+mv{aR}!#+LAWMbHV?>YyEH8T`$;wBZRB~#heB!jho=L1A+)g z=%WHFFbNPM7`YZ>+m1p<|9}As5#PUmM+XJG@sx4VXmB`f`4P=6vd?6vh_JJZ|Jr;5 zL?WIyfRZ#BP-G)ABS91rVrdkKd1WB*uL!~vJD7-fj8{1bFEBFSYUm696vH88z%sUu zNg0b=!_?e|8v70dmQ>lR3Y<496gC)U*1$;iq4E8Ll9aTxrI39nMxH}Ir@Ip%;9uG# z=OsQz^I^l+uO|RtEl~pB6wCQBI=YORw@FC-QA)F%eQWU>~&#yx#aO9nn5W^pt z_=0ZXV}3(rr2M>dv4O)&K)v!O=E%Qm(Lm`x$`TUx6I%4QuY1y>_VduEgurYJWYN`H z-?3(&_huTna^3|cyhnO^y27my+^Ywp51_9)e`K)p4Ah=VXeFEuh%2Foo}UOsMLHM< zIf@Uxvn6nx#yj+!(1PK5{(=Rz8ZKFjVKL#NfKSvm3~2+cB}ynu%3%=&qa;3#5h0L5 zy+Ffhny*Id6HN-iUkHqY@T#o9zo@U3Y3YMh!0NIG`9p)>s8s^3(5W2fzc5P{sG08E zxN*a!mVgqr1*WPjsCGq6solF;h?x&?86J6jcksw$$t2g7UInS*^8WakU*#K=PohNEwA!73+MU^91p%7VE?3kZ7t zk|p=e{rU?T$wurHZgZ>z)t=Btak5&U#lSx@f(6pbUtg zkNNy`%tLG~`goP&vbMSk&FX$^n0~$hQzf!@V1ga>q2!IUx?FCCXe9xb=^Ki|oFzth z*e4hdP`y@V^cSnpWVOLGXxp3F@9`m>r$#1qtI*3PycIr&c-L_!qxaE$U%R`lJj70; z9K^YNZ?GNz8UrtdHv`sFLnW^YKawikvkzn(<06hE$2_kz&-3?cTz4~8Anw^eeaTqn z`_*(yx1dhrsT77ofUXoV0{p-#gwT$b8 zY2FuX&swu?d<(Tn57kZ*SE#%N&sjWYNgqz;65oQ;5V}v1Z>yoP@g#*853x{)XBcVr z1}wmvOqVgySKyqMSE()eFkc|QGwWAyOMBT5P;PQINJx}Z-1_o$r`gGV!L9!suH0Qx zy+-G@Flp}Fos)1@EuOz@*%@GN6T~Er2Hh-Z8Zm%Fjf76rs_!wDssM{n!0P50<9w?j znzL&wF7mXf&KtS_oUTUAd+XXkF`_T4ZU1RZ_`o!%`eZi_779bjq*QO+{(zePUz;}I zEqXb@0ZPHKWSdJ*SP$TKB0<$rdk_sl0s#~SW)P@`}?3BTNPzqnT(uU{83=gB{K{+)sC3kGO<)X zocG|7a4iSnZLkB!PyHnLYf@|gP#PlpJrhBo3vUM8>N{k4zQkB_k55~Vo{Yh++9)Lb zPeRw$W9lLnVht0x?R;GIl`B_7KvUA37?_xeBBg$x102BXNVI=MbZJ4vps@?1L$Ffh zl_yr3lL++hpdC`BCnJ8J%zyAKYZmCO+9{re>uJ#cPCIOyR`Y)|U<~#ex(@Fl5e15l zC>}0r7;D%B7bT7MnVc5#)3otvQIL^bM?1F@SVuNc891+Sssiq zz(^IAp$l4Y&;6)*A&psAp^G*h4aezKN8_9(+!LMcQ1c%{WNC*{lR@BCP5&dF-~9PG?o~Bj^?S%btPHN_Apv zxBztRyl5+kJ=rJcFkN`k#Bw%(55h=M_yPFoxQn{|=CuTqTm|>CVK~~1yFPblF+aZr z)C@IbHgs*AnrE>-4~pK(1CE+ruQ7+Q2Wv6syUl&LU`4y^a^@Ue7rSI$w5 ze2GT7zkKy>7PYs@@_G&X-vhK`-p5H=hKZP384lL-mo9DFZ;aiXQ&3PK)AM>h&B;3r z>m4(RyeLFeH?+5(ffMuunrKYmqUgFEW|_;d_S}I*1qO~Htq#f>jm)6o2uRlzV6TG# z$zfenw>J;Nb|f@Tc#)V`GFrIQqRJXTZV*bXB{~2dLUk2lKhK;=6O7T9k(lKsP=tA( zyLRo;i#y3=dnVW4gpbA)>rAb$h!0PZ-@*}lXY=w_fY6VIKop4_Rh4cZD>vG)l{}NM zj&NdK$UgK8$;`$Cd;`F^bDSN@uAr8d7U?8(*f}D9bjJ(|^6@$94s=&fPhY^rO(hMu zi|r_Z)`F{mWnC)+?z%XBaA!ufOl_LcAFBhB>mJk0X0^hoXO%eatxso->e%O>0)7jL5U8|FVd zL%O@QKO2?P|M;&Mrj2*~9{_~^&$GebdVl2S+VTz&pGFyAwt+|2?BZ)v41)0^!Rh~U zWCfq{(*Ni7gB4nP?YZ9mlCy-*2*cNe$oEmZOA5m^1pnog4)@&oXk-yzDG(VT<|~$S z(pKmK_eNv@l-uxE&`P(`&}bVQCkKJ$LXR7sFK}DKODh$0>;MM=q7{?t?s|H9qJGfEaU_H4wKje95d#+Cg<9JE zfg&6&eor1*yZ%7*uarwl7VTNmtfYiCT++KBzfGBfQK4o#1#A38=hy1UHW^fq9=etYk;b2vf!9-ej!K!w_`IQb{=XdiwgdB7KM>Q^m}h zJ9iridv{JkGPj6bJb%6sB(q}_;$hG&K!cDYgPHRiIy%hB(!3Q~H0rEn ztMhEz%R6^1A2c$Bjg7`uBW6B?>Utk)@B_3rQ;`afgSp4?r-CzR)~dCQ4b9RP3vlke z#s{rL80D3S zl*WQltqBpd0Ns-B;T!2_=W9<;+L>##ddH4WJ0v9^V8uS=(>H?vGy~mw?+@ARP7r*j zp%j>)#mYPr<0To>NAU9=3{3B}VO3(w+yvGVM&ljF96bD9_7wAc3dQ0#0CWj@bcnUc zrX(b;&ij>b%j@Ivgf%HvO4_w)ODz|M*WD6*z$ZvkJ4MO_-5^r*)|}1do`0fFB|739 zW>l~aW27BD5t5R{u2{R4I`_O;OfepgXBnPpe%7wy-s=v$f}F6ba=@c6CG2tbmIEimEc%f&s4CPvi03WDG_P z|J(;`eLG-g1t6o{V8>yWEPUTI%gLbVbbJIzRxm-2;4U+z=D95WOI zrjA!{LwXB&`&OCr{nZ?d^^Er!9T`D4p^cR5SPCO&ar-zvU30s0&d)U z(&b*>;RV(0D?1%9`4crD4dhU8#7H>ev|yoEIf1Q89h$K3E`Nsy9zuSJ>B}3&S{$1F z?CJd9zI|JJ-B`vR<`kQoFZH(6nAKv2F9O_O25K#9Y?7}^%&ln0j7%-c5I+h zAZn}F>_cH38VK}x7YfGf+4^Y?aDsc;p4q)cMg|ifR#{nfD>fy28k^;gqhM!yhi{S> zDahFVq=Dm=Erp&C4u65mM;}!j4er1+g_SgB6&TtJo*gtt^0nLU z#2L$8;`Mc;TCnnu#9GsguN7f-vca)HhLPx_X~R5CY`!(up1XR>U^GA#V$t|0;Np6~ zDK=u;E)aM$RFmcwei19bgePhE*Di{2!>fPqUhuYdReW7vU;qpRyvJaISbP9tBZ|h9 zVuHxArzO+q2w0EiX4Di`Rt`@a_}TP}y61~rPh-6bg^_D8*h2ErPO~+I_+mV0lQZ)1 z`T0)0&YDy$)ZCgt?PYPNR8TjnoOmQSgDeM-cjvkMthF2K_YyVe7oM=c*nI37a^_lK zWFIc5qdHlG-SOop8&wlc&4xm(3eNI4E@m3P=UlkZ;B62-;5ZhvB{^&U^fM}*4s~j> z%xi7EeLcsh`GESXX}UZ*#SQ~i4%&GP1g!>_id*zXJ47TV@&j0_uioo%8%L!B8$1v{ zMdJ=NQN^LvEKe~Xdk@d@&=hig$c5)5zChIADD1GR+Wz>pAk1WgBPS3ba6vag2X@wH z$sZUd*TDQopTGS6+i#CSC9ZKQr6H~C2`igBKa_d^OYC!<*z?9cY7BTyyCF1^(}PSR z03K>6U(O#YIwW61FTff-`aYuvgaFX+@qq8{)~+d}jo}_XqQw|}GG`14E23v2zoJ4H zB*3Xhg400h0;ZJN;z_#q(u{*NyOp=-!g0}~L*2UA7YdGJVNV+ie0`p)^YV>LTD`c~ z3vz84(g;w;2~la*;L|)%1=jHY4xHz;D^|Qf7OKie4nE0v zfS~ayAGE6~0Dou3V8ypxm|;5x);(f_yRb1zWFb2{RODnD?`? zpav4}R`z=g|2_`bHg6-)&8eq?(~zCS*zeTcCWd z3NaOl@vD`+)GE}DaTpL@lHqu+p|jJXrl#io)*=}rWQ02(Yj@9P&uPh7Ld1R_+M({l zDE<(xKJw{FAN}aLc;UiRAjC~cB*gDdP(!MuS%UM*fT?3gvByt`7P8*_|;5?wt3X}-c2SG3#jf%XOxmEJS)nCRD zRw?t*Au5@$x5B|&PdV@40Kquga5UEJ#i$o*k|19T;uj5YqzTjX9+;NY^vCjgtUo~3 zE$+Bj)~OIV%nC4pVRlQ-r+m}^WB~=2AAvB$S0Tyuf}cQ#!&PEUh~-169E7c-!Y1N| zJ`8(O3-#pyOsm!H>2L+7rH|pyQBY%OB0YQ!GO(j5k)seQ3+9B1u{dxmgk$y59;bEo z?Dva1WMsi%@Sc<(YB=7qn(OnI7puF#$pusOh!LqIRu7&Ph(${(O_Kxhc0Tt!ArJU@ ziGX5vcs@7AK%FNBq>I4K0&QiT1<#6wpz|BgR?sgXBBvsha~vy@?fK;;mpZy0a)#|_ zJVSWJbN*8Mp9uE;0flI_`h%LethxC9zMq}hFtza^^O)7Vh|_2=R3NJ6qUEVynZayI z*W(r3Mv6J{%$X0sdF+pIR4Vrf#CMSe`ZrzZa^Yx}eo@e?ZdRI@5VqTnS=tITA*# zQGz41bmja&$uDI#Ch>|~U!_Cc@EuhI=|dH=utr%~h%=yx{l48i))GXjzYxHd9#Mk=uB>WAM4+V%JAuMP<8~ zg&mRH@0wQ7lA~EoNGybeG_J5MIthoA(F2$;o38dG6h^LCkz>BaWw#<#?98lhmI`b2 zNyZfD$ktjC{}mTJdXV>b9#7gm0IZTG2QjmQqbe`5cTvRX&$XB9#7TN6R&IR_KnKT5 zv%SmtF-sCZu;p%gQ|r6@8lG^>ftK?W6?N5xY*@mn>qdAr$pK`RGSzW$!m{c?hl09A zj3e*&c)F5q=`so?AF{A9cNV|JmN{U+_DRpNk4xq_DKsUn-jRY;87^@MgK=Mqaz*sB z$!CIllO$-IU9E7RifZ{c&Bb%;J?5moa82mwl;q0W8B)Ck{6BE>LrPC8>==s(&lf7~ zx2!p#06TW=FlJS%ZMd-#@ypLcu1|E~o;REX5ci5WI`5FWVn)1{nIXrhHc)x@E(>#V z6#q45o+48Soq=O6Sz(JY4EmZS8#^8b=A*cqVoOTp3KUR!a__obyPVFwW2xrLxpX5h znVpJFo<5QeNH>@lMiJ|NatX3gwNwN@J1@gzI!nxzzO1k3`IKu{KL*B-)$27`x4k(N|f3OYa*)&APbLK?0@oic*i;3?&q4Z^1OcG^bUX>*{`+msH%)iKq73JTiag;F z@-Su%`v9`2Aw6fb(TQ1W&#=&8@19lnQo2}M?FW)1L`8x8d-y$~B+vaK?mtOp)&2yh z%@$QWDZYT&f4}=zze!xz>rqq8H6|G){y7LlGYL_4Z5_+@y1n~JEKu7%LcjuEJsI3U zWQyW!<3T^P1Zr!gm#631+s~RiInb2T?T)t4T)7s_ROC?1#grE}w>RLWzS-V>t@Z65 zFB<{|2i$Q*J_TCJBQ0y7y!Ous1!Q_bZjC*G;^TFXfa@Nw*<>%nq++A9A?O{6ISI{; z*vSmp<~=j-L8eupyePupGc`DB{p<}hFFz~cIW+Y&S(71YObwlFCJ3?1s@DDOx}C(g z(@(@Zr-+^ga~Su6kz%Zp`rMy}!Z?#$Ry}NkImuRBRCL2?O3xtRTT;mY{@K$>zT3UR zp6*HNX;^BOlgX*!!odYj%imH00nEF^#Fc3Pv9)iBe{IYF=q5z@FcIuPYX50%m6A_W zxn+@&Ww?3m=`d>9d|@u2jssB@%>8rMC)&DUi>)nb;dTmE(FItmHieTnQW7oVV=IU} zf##f5{E&>1gjI=$!h~I@yWBpQ1bG)NE@-*eU5ZH2R>7Xr`NH=xMLSjy--$AYhgwdV za(klw1x(&AYCmt8SZAnY`oM7;A3`eW;^vk{kSd|$<`>+7vH%I_0n$C5(jz5(k|`-R z`yotEDX}K=O#us+O=KZtUa%}`{_fS4OAybeFyyGg)JVo@97YZwPic_q4_%-Okj1)Y zKN4aKaS)wfXeIymc+crYGn(NTG$N{Xdi)P>`OLFxWm6=ON9#vwsHvAQ@e9!YCZPy%aX4`J zqL7gH9Tko4p?s>LhgKvNFkn(AEIK!Z@rX-DMmaH^I06Jx`{R!AOB~N=5-CrPr}7<; z<+l8+7_e}P2QMC_FFfOOx==W8%9lgPybCoCs+M!J`Cjkyf&E^JeZ_F9)%HdVyxfZ` zsVS7jbfV9mP?>Ml$lP8g9n?9;FQ1$NsHod5s; literal 0 HcmV?d00001 diff --git a/docs/versioned_docs/version-2.17/_media/benchmark_net_p2p_azure.png b/docs/versioned_docs/version-2.17/_media/benchmark_net_p2p_azure.png new file mode 100644 index 0000000000000000000000000000000000000000..9130349c764286e66108a54ffa77a2079807a57b GIT binary patch literal 36902 zcmd?RXHb>fwk?WzsY@`6NKl!IAc6rwi3S8G3W(&aAShWRNj5G}Q3MH+m7I~B!9Y-g z<4>*LuqDe*0v7&g(+&}^Yz z7QIeGv!;)RX4T|h>+vV?M>ZV8f6kg;QZkn{(KWZac~6H%@}~J+LlbjDJ+1wgI`_=< zOpH%)@o^pJ+<(X1{H_^4H@DG$d;^!sz1!S^d*Zj^LpI*MtZYU@LwA#Wt%?+h(4(Po zeM1#JFL&R6sMYHJPWhFYv5N55VjFX34p(pMSl=)CT7TWzb!*SRJ{&A(a&FbC{!4Nn zuZ2C6yA(R3YO}+$ZR6=l-(P}`zlRo+nj{}T;p|w-iqG7Cs@MPQsoPeTd8clFZ*(~! zh96BsvtP!VV!7_mFKJfs|M{=+LmH+(zu-IffR_B?!M^?HHjrO@+_LrE8uE*u>;I}; zMSgL2%~~u9{+F?8wfUc4{P>TLdGKHQF`eJOy*JEsOj@%nq;&$MWv7RlES49o<>S?qR~9FvwG?}!_Ma;@i<9u=NSrs#vKkHK zkc-^!SALj|j;`G2R55$`%YA%2cYmJqn~3H)mU!c+4GKK5jYk=&gvk_WpuIkZ^8&yt-dw9d&E|(zKuO!qBNONk0YrR2eT$!mD*;SKg(Y?I1a2O9ScHMvcQiN0hznHro z&T5WF@Ar(yv<2_XdcUh=+eyPPU+T)yngrJfav@WV+vFX3}CjD(C;o3*$fpNZ7a zKv8p+#UKxU5WVZVjYglJY?NA#1Vt&(yXi+Lqy)1jMgA}{uEsa4_)YIAL^tgWs4u@w4^AKs6&=Oa5=sGioZy%wjE zI$3>%yZg*Dt$^xzKmKo~e&h9cW2UphR8uIoX_JolKUb`+I=u-jlbkjdd2*MM$$4HGVjs zmzS4ye=N9W-J`cDdNpEfQvR>Ky}frIQwgQMIUI%9DDgj=e6RO=+&^3P>6iPSuBR(e z)U*#DrwFfyU?%|pZMN!OS$CQ(9ZTkD~lyH2?z|%b%*KlZ4?o=J5UcYlEGH+?R zMKq4hor{~B8ykD$#=GjUD-rncD67%7<`lg*i;IhszdJ5k3^$)f_A48knXzilZ%WdU zP1Ua>$9J$1X;(_p=j0(bgN4Z^7CQVWkA#E-Y*Io~@@+QbF!#u>L4|+sJ=quLtx?U_ zZWrRPG*5MZ#Uc`qlXd8xWUJypZB#0b{%~XB#V`p^iJ^gln4dpyNc!?nt3%ES@oMce z4-#<{{v@JkF;H8D@H=fgZHV(wc*RF#c{YSnI9T|0ac&~Uw5#Z35oP}DoeQkzHUu9x zsOKC!`#wphbRZ(g!QIJeLQ!{Sq}83Gsi~Pe(`GAGYWC~vd%m{&7v25ig^in2sOcu{ zUKIQYDsrNkviJ5w5`C>!?VgllN+0&uS7a~E^#;{HT&j^4kw=Y_e zwK`fpCip5J%Dc6#?O?|jC;ir})X$$kYsq^@9J~0>-|jnyZyZ#NSCa`6wx8^L!L9PR zM?Uh}`5kOhayXf?^It>0E+ZG|BONE{mPgOhX~tr*ujTlTh*F-4d=SLxYvMMaKd}*;iGN|_*=1~X9s6Urv;sII zReJH_#nXD#6!|z6`Tpv#Hwcz{-6dfPaVmw;o7<6*ChJvA*tLsX#;2y_0|l*tP}q>h zilYLN{}ZQg7Q_!vTgykwnfi=Yh^)xrV0fImEj2ek&tX458Lg3<<*+zbyjFzwzO{9f z-Q2jl+Nf%O)iW)e{V6Om$Nv52Pz|o*YqCyJv+zviwfpxo@)kw}JlSQ%*sq6PEAe2T z3R+ndM+&hIrjts)*DWz<_0D>tr@pWQ$5MQOukIwL*?DMRTll#mvHo+bp=Y?pKfPhA86mF?b7o-AjW2DK)JXL`5+R<(O1|$ z%jJZWwUqyvj^l6jQCDoHhoZ1yB|v%rgbIikZN|ID;)|U}^A^6Vn8@i3m8ws1c!Z9$ zW|!(FvjhCpTOAso&e)FJjPQg8n!h;yqIB{^;*46Nh|P|G!;-#7bV@u<7AaY^hG@A| z{rdLi5EXD$0ZB4;U?P8IN!lcDF8ri!*%1_VMB)`DeskyXABm1D%k{#^wmGu^$~JdVqY^wR~W zII993HvD)H^RR4sq}AYh_*FfM4^XPlMJL)zszoROv7c%lJ$|en9;Ke0=5~uiKKj>j z$KqE^^&c4}{dny=ho5oclf>Mu0baE{9e|p8fSFICHt@WE|Gs|F`EhcrdUpNfa7)9y z?dqPP$m;BGN3rYO{Q06Mx0n0}S-)qzTGJ`O?BnNUYgJ zPkBh0A70h0vtVNl-s4Ekt#aQwe?*_2AG6^78@{|o48!{+xbqj2G7+yH!^-K#>Rr9P zy|3BEr?cld?Poij6y^b_vVZiBl?z{1!_sMA%{FX08RM{dH|Jd?%jqFy*pA(vxxjteWjIe) z0bzn;WygPgLk%}zHi;;dF%)^>xHRSMX^cZERci7h<0dlc?%}+6fXFW<@h6HHMI3&p zwBaS*U@5(=g#-oFXeD&Zx|moINH@cLP8)d1`rwqOcwskMyKSy`a~V;JCw!e-y7V1K zno~;&geWm`$)Fn!`qWwYLOffO)j?r+LU{J)8rgT}9v+!MdMxVZy`%#qqtLcxAFrqn zS7(~zWR&1Ck%?~X4=CSsKmKbNFqlLm7*vd(wn;dghNo;`lN5^dBMJt5Rcvw7hn zop!OE%*@8<>I^78=pZt#P9Ud?3mm`q-T!Pk`jwC$+z9P>w_C_NJ9K<+Gp*teG;n+T z^$nY}N=V|u+?-FGYI>1U5mJw2nqgBcOUTy^El)S^VL&6Io!nG5n!hsQu>vTcMk_Iz zI}=z+(`PDp|My3ZbfcCuX*q>oG)q`1(#nXr6ZB%eU$TrwNXuT`({c9q&B23LvE${) zIAy>wW%(=126^)XM+cp{Q2JjcsZqlbc0K9s4ySr6g7_R)meTv{=&*At;On~-!N^CuMl1+>qt)1 zE~Yi>_`ELpb_KH&O&0c6CM|;UhFeoO8IAA`Mn=Q$fkJ~ROKu`pglwl%#sPopqK2Mq z_olJOc~W3vef7$=_dC-BiU9+)sI;_na;T|>@yy+i{vwWTC><>IGve-hdG5TH&1^|C zN|wq=)+yC>nD1vZo1fG(8~;T;1ukH4f~n5xcv5BMwH@2HYhAc-;VSY(Y|gYbpGlkf zWsw^nX^u*Ia>$qA;Fgia0c!gbX!cIecOTP7q1@LsKip|!_|=;`$nDmqJzPU_ua*{& zWw;Dh7zHfL>=uU8>-#>hTD6KmSql!n&f9rF+PX-ee-;eU7Y_JH8`KiP^v>zY6ME!e z)^9G1XRCcpOws|YFIiWkXETbCWR)&dC&mUi8!TPhFA2d;ms$ zu&oXLXU&Q@)iNqKMPHAQGQw{Co)tLmrL~}(!V)AXBvcOg65xd?MQpApL25kBfQEtKukcfZ|SBkKZyIsAVT#WTAF!-Fm~mm^J@lH}%!F>2?DC1&pK% zZhUWPX;I6zEWbH7HP{e0CFRFk-aRea7SxcSnf^V*&fdPfLDSKQmPOd`dyt3;T5R1- zyE*$#p2;!o`e)g8YEiALQj7O2vi#dP#2qTfXb=^Txk+2zUSdV zO@G(#052w~qv+RyukJBzVXfzjesQ#jexk?Egn=5al&DoizaxgG)j=>N$d8fV{OjKg zJYV^Be|>fP@*~f_;lD&*;cLK0R$k)FGQa9_XJa7tI-ZeaI zMDcMybVV#v^YGQTH|&>#TY4)_t~M8JIJn*osVLRKgW`kZP@Ls&zc8&V!i6~IU0E7+ zEdOxxOPQZZo*pXo*!cKK?c!G!J~N=26f_o|eItK?SL&YpvS-hyPoETgs#>4Ec=>fz z)`=pLi}_c@E5!NA20o#!+;>|47Fhsv7sh|Sn1%GweceD7HfH+SZZ{#hgPD0m?w_Ua zNa{`ZN|=>O{0gyuKHB_pE3Q+zJj=5il7lXsK{opjY-I+mj4qW8A>Zk zhnkY(PO7!ayGW?L+On--+nDXP-Me+yjbz^IKDmcm!@OhxxKU}9#4inAghu)+Be#5M z%WW;AdK>!M9TwttZ517Qzco?39-Uy9TD%bbZ)}JkuhBiF-9f8tY>|o614s-&EUZYLP#W$PYFtQHq@dJZ0>`~#+&?;OWDAaOu4k$@KR9xu6!D$W` zu5&BnrQC5k@fugG2kVbHS%@wFU1V<6Mqgae)&yn2hy{N_DeO1&pR3-J{d2%pP0>wP6_eM-0NgO|84%gd3sEPnR;+?Ik@ z_GsF5+{;}0oP{Rq-HjOgRizmX~PfSf%2ncn^{`UavmZ$Kv{(pq$)XNzkR`WN{fEhzdpu_iqeE z?9prUTMpeR4-&Lax)@mCKsWzj)f%<+v@6RC37$RZA}lgrZJ=XTVtcf$-Im2vgi|%G zOsCC_Ra`|6)QeX6N`FL9?3|3nW1zYBb%oqoGu6)6EGyQ1Ja=w{id%8AK3D2RrpYeb zH@4wK^t7{nHj=P`7niy|`H~70>_3^Xq@PZSxbaO`1k1)X!O+F{Ze_O1RbfwFbE-jc zzkSl!fh-y!9-dkP*UJ3Q)?lZLoAc05ev&{~8C!_I8VG)N!c}Ty*eVz}Uawrlem+Is z7)36mjHT|I)m5!cmBT`Zu>?#b55#mwo7~7zV#(Ly=OuY&5x6oOv_t(jgZasRrh%Ju zTPY2DM26PWF&l<0ptQ!$ZL<{`0({YFa~ARlw0ywa`Yd2&@V!Xdw@Mv0dp1m#Wx18C|7m3aBY}>qN-ihz3RL`}k;}_P*GXJK-urTwj zy}kXWLqYp*Z%v0Loi_DsOJ%)-!WSk&i=91>DyozoTt72?50s&v&1BzAN^hVpjzOl| z^61!R#g-j&*+%*A6mss59T}WoUKkah+v{TRV59_RB(9rP%*8p0*{v>8=F8=H6S)kP z{9Fg%8s6%Vk%f4!ca7Y6vkMEVd#A(V-J9MMthCPCP2asiZ$h=<*_3C$v*Bw_PR?X8i{l-1c!Wk*3m==B zdTE(kwIyE5B<3r^;pz6} z`bS@b8J=(^q3MqX>N{D~N8Wiir_$E$pDyv}!N~V=MP%e%u>~xZT4MmRf^Z4?Z8@2! znM97TA1mBb|25g&{O8A2>N)pi+=H1qc+s#$%SE|UiXZM<0d`YfF#)CEF*j`8W&0rw zJAB2aRu>(`vy%b#Ehy6ok2la2Sqp93KuMAYav>TF&Tgy|9SaA3m`cw5#EU{hQxh{Y z>0*4Y@eb}?%g6*Vq2ldNQ8Tm3_IX$M?{o~x#;53mZgywhLc7Puz72&Ie59w6r!^kU ze*7DoJM)r5Q@e)y*5LWT_6*aDKxuDwPMIpZKi_rqFm)b*qGi`RONu>uB%!bEXmG+o zlzq{20MQoLrCrc9gujgK3bCgtN0k#*c91K67U^ITI7u%9-UiynW%v46W$p6x{OoL? z$9nL^-rQF7a&^MzZUpdK1gn{d0_{~J`%r`!&K=_bdGu1=`h*_nozgj(;nKH_8x~#; ze+;*r{?z&T%a^!^KZmY{e(FGLv}^EQDPVqg5-6C#KUHdD=Fp2ptf=QK>t@1%o-=W*5vDZW>G zvdwn1@Ql_xDo<^!@~PH5dsRS*IslbgXcnN&)X{;~;J3eqhvN`mdW*ATRbKMovWPqb zs9ilh+)@`JPG_)o76&QHuqg>AM=>_7u%e=3-tj8iN!O!DjwH|z3C+9BBR%f8B@_=j z^+Jyf_kIKN9+snRabVz&P$;574)ama(neo%cm6d967BiDwb~1V_YSVyFSt~|@)4;( z!e*!WB}VqsN!}VZRFFD}8arkvgLaG%2VR|cd7?i7prSfl^@aMNEnRg^Cewl&D`RAi<3Bwl8j9OWHp3$LumIHL) zx&QkHli>Zz{#3DPi(Q;b$D7abqs6a}{2D)PV!pr|-#KV@+wr9e8riA&!32S0Ca8FT zbLi^dDJSa|Dz$-QtIaUg2I(&i-m3=6j(VOHPoC(MkcesLlU)?>_NPj^?&0Vk65{{< z^vM&^?Dzv0{}IisV0CcPVujY!KXVwX8l#w?0P4*g?OX12vw=+Bs&1r=v#e&MXF*Nn=Bt5ckdm)V5GW@l%WRwc&J$73cmN!R zGk4!@+Ii&0x&Rz;g_>~55TP3&e#ODgL|+ek&TldBDI zx!^pjyo?9YS}OVU|aPWNFE|;%c=WYR!>|C4*6)M4i&zQv-FSIzP9!%wM|NrN45xDDR~dDBoRW zyEx=7lPDBfS?oFvdAGr4m}pkooXKc&6-NKTu@-A#J$OJ!>cdve;-2DN^z@M^YzXX0xH)J5`UV--Y25O21z&ka` zCbDtOOt~N5QAlnNA3i*hM<*ye==)a7OnCP$+u!!kjv-E!`Ik8l>fhf3M?mcz5 zUMN5C)=KuN)#g7}Ufkc64MJJLyB37dzzgoYyFR@jIGaD*d`wXmQHrmPQIxI@`Kbkl z&otT_nAB!w#Aw|L0HI6Wf?IBGt|y;~2Gup|cu^73)oH+#Gfa$O;tSuGzcgdX=tm6& zw@e?+fXt|pXP0@pz3q}9%9a${N_@Dph_Cc#2a8swX-PYhy%=~6Bk|xR?d_Tq`6D%z1SEOI0w+cc}i4et~oaC4gdp2>^1p_kn*U=?Wz zrKRmz!4)3wF@58dmUo`BmHzhePF1;~DOaP`unemek6$S!Ymm%1m6PtrXcq8iHRq3I znsjxU%|LHd%@qf45|6$r(;w~lernd;jtd^HeV1LC%ag1^5Unu-^>GWg_RXz5D4aC` z>7j6-k+F_dz!JT=>%E}j-T)OyJu&;{&?pU8?(0IYVlz?BX8}}2M0WIE4d`Sopm;uY zaw?@KvQ(j}`cP*V{Y|>cia?4y``TKgX=*HZ|@ly9t0OIr2A^R?(*YMbxZ&fj@(^5F~%JJ%uRfQjqUT5Xw znq6>SfM33YxX&{0cke0pi$L8u3eKM&;&_(ja5U1nK*{1ZZmxo`g_YzdG)%7tjf+vr zQUk5_oxJ6&5UbSTF*-jrsBm{{Ypbs_n&Pb8y{E*gLxvFys<9J?J)G53xz)37Es4N@;La@6 z&H|19CUAGm$$B8zkUGF9~tP9i&ZRZ+m`1>mGom=8U!IHM1<_z{H1K1QrFFJ!n*Pq%+ zj5|10dwNfHzF8``c<)CqQjgbUA7ui1=<_s}*&%)%7J4oUrNAby)e|h{Q8-#oyi)wh zHB|A9DkEZcCqHI8%h2PAsi7uWfL(8jJscDDw`Y{EVJTyZzhR?7u3EwGGx(%IIK!3V z$*tMOpBW@zWekX1@wCX|T=HAF7zN4dkT;eKttyH`EndJ9M>fb`{cCz2N%&|p^YLvn z_617@ECqeY@-oxHNpwR~Dexo}HhbZS@stRBnf~T5gWg$L%EBIoyfAH8=}({CKuxW(#;&T*6}g;f(E! z<-%gd^MS>Ks1cCd+$a0CmCWXROoj45tQn}buPk3@;mAe9>_keq!(8{Ch;B&9$y|9? zT$zK+4t3@^`0jBGI=tF^Kf}7syKAl5?b-UP7Mui48S04mk}zi zxQSKxO>?;9KC0`ZE@mMcQDs*cGW5W&yE9u@rw5%Y3MI7D2Xtz8y+g_*TvyK$35=8T zDl;>4B13Jd=d&GbDnc8#Cm*$ftYabm^~;xwIO!=~x#J~A6)Kz&!h_)Qxk~AI4d0?W z+-kDsb}dr`3% zSw9k@r+X+4MaGcl7{$cSxlyR9&MXg9KfcAAAV=u08HP3B!UsWzdQ$AcPj9qIKb{1D zq{LO*htS{BZMx*Ny=E@XIzlpC`dXs)x@F zCgjV-DxHW(kEetK!6^&vf~YZg{4bxS+57#~hrD|?5UCwVKzoTva}P`BApOn!9m}QM z`F)5j8?=`Js}C;Rc&ceX<;g5;7YT4znAso|qYy_C(zjLIQ#bM>bI0&3?+K>l?e0sT zOJVS1iP=Lf_|!>ScIa!DtGldBz>`Ikj!f4?NT(a0yu_#Ca4WGXJ#jCilud07MDY-n ze23h+Fp(tZ*54sn0>&aH6XWCe=v{cI&)U<|R#kZQwbe1nfXs`v;+pQS0p*4o@)B$9 zb_?9@&2ULST|%3}=yKZunNAkT=BP=5mHxhoKKri#ZOLBwu-oXO3)XGVv+u#)_Tc>J zBHx9JKHIL~ivv}xw+}6u5lnenl)cDcHF2tZ$^RxSGNP>#M(gmIGmY>J6rmrjY39>( zm!J^Ms#ESRu$uhY59{&Jvo@2FK71yD>>4>4Uxc3x z2=!GB6APISn%i$3jZ66}OBHGvcR!J3(S;Uu7-<~tIVA1anbxl7v&xKo#{OUOGLg^8 z_WFPe{T3*c?Fn;^9<2__O)FcUTueCU>ZM22>h;Sm`(R0&yuG;YdamQoMz|)eK_=s z!*e@9m}pXk_W?SbA`I+V(ASyv3u&H*d4oO`&q;~f?O8&sXmPg4tAa*txw#N*!(wOH z_L%FN2W(@U>RGk^Lbmmc!gh^+q?E(G<$eu6vaKo(IGT^1chzeTgwzIq#$FQ>6Eiq* z`mDT8=%UutXCVpSfd5nvzCs=H1;>QJzqC^r$ld}`W^i_Wp%dY8zlwH4ORb%7AQh>Q z4$y|4fYI-?y9@Sz4!S#|7mT7c9UC~tZy_+)g6ukzhR`s)#Ub7&EnRVBqNQO0jwZj~ zzki=G=^g7Tmc%CpA8Us$^*6I%qt0^1+CE}C-E(L=$2r$>VoLFWttp%HHag?Oa7M`V zOpT41MyuMb&4%G7b=R2;-)M!n0duXP??jm?L(1jfWTkEu(()G3%R+@$Vi93=H0CvF8`>IsDe$0%oQ*%> z<>9lC1pg5nr-*L2%e<=B^b)O2upe0La*!)(UZ?PJM=(=1xkO@gTK{g!6g+`s=8VJW&GK>Vr#-7UGc>8XM^V2ut^ ztfc`0>29|mMaR&WzKTAEw4rmfoMg$9l7_1%(Upl=t4Vot1vKH~WHYPQ^%aTcn+yky zqDl&t7`ev6P+R2?1oK`Ql0u*kUz;s!Uyj|egf9GKYKK<2Kau* zaH_gHiOzoXxpj#1;5{1m&o3`8O9TpLB5Q|3WViso@xA+thYn)nj=^I4=CEWnfJrPU ztuS=!2inkPTZNirgk~CO!&i)xEjtaOi z8Tfot5%)(}WEWt*PepA5UDG}vh_WRM1lR!kDvwsdUxfGsW_K9seH*f!rP$edP2Q!c z5^h^QD{7*{TJ9v+bq8RI9{7=&OgKHV_IL`?>8HY*VvmGh)w2Sjn-D{T$v&_|+~4=> z^kJkFFG_ik$Vy`A2P-|gzy7+0lh2&(59c*$%ZXvw6TCC*!dFp?J~Zdx=}oy#W!W2u z2p8(y&48&3e76PJV<3h@U>Xo6{e^opYsnU%HH-$Iz%>CDr(vLzx%KjB1;5`3<1@`< zUWO(k6H_O|ZAtVC5*gqx*(^N+pX22Ac`9niU=1vwft|@+>NO>lKZB4>3gM~@{NIE+ z3;Y=}`ArXDKzAww0^hYxg&y`S$CW&Qxd_0L>8Q260J&*mnWHV~CXW)hPnd4_GsMDN z1D7~x$ph+ncFLe{%K@3Q^ z9elc*Tf_g?V>9Zw#1NS#qWPE{5C1-qqw*b=0{h}N&WeCLATC7GTkYc3z+}aQ98wnf z=FV^MVZd6wTo5njes^j>ey_F%a#BHjiR{IHAJ6%@*PNmUGkYgP?L;yC#TJo>I}5#g zj8+zdhl4azmL}Mv(gpr~xaYriDu?EOa7O6k(Zr)Pl+gaDUN*~Jujvilud`VmdVSHf$T1|>0)q9VETTIj(MqUbV5CS$ zHuDfQ{i~To9Mlly3ZQjB(ksx_NkoBD7YWx<#m$Gb( zDhI)}Q~oa;w+AgiNRG8>Myg1WRQ!D{1{ZW(OfQ>(M3j%ZerX@CVI@S&SmY{DP5l7W zwLtE1=I8`vQ1{`J=74iv9y;(fSnGZHOyUWHt&E79J@B5FZtTdXHIt|*@`w*bywT3B zTi?NUeg_>sin4T{e6a*<1gS_p1@ZqtY8{?@I*%v9v=o1wX1=f~$F8Sv_$n*52m3-! zWgJKLQUTis8KmhK{N6y!g8+-QkaL-;r$*b`qc|NM9f@%qQd$)V(4e01)p$*5Log2@ zmY!l_Bo|@dFoI{DahM%xKl{rM*l}uwXj(mlCNS(O-HNdMB#Jt@MELMZvjm=k0)jvet zv}sdPkM;e<_S7I4i=t3_#()35hCY`#%9y}5iY)$qjLZ{@)nSK4n09a$nau<1NUcUQ zmI}Ox?)D1VPDtDm(qslu@D$L?yA_!B@LA4DwsQa~q$I#0-s%fSY6RS0dS!1ZLfENN`CyM&8Ce`3oex?|rPJ_wG6d-nAO)Bct&|wd zYy5-0cj+#K3X8tV^MIKi&`7{BgrcocEp18BV+G+3wN)RI1|DtzBuc3G!-SagjGbm8 zhf?r?Aa|Cp1J?Ox)$T-mAaJVzQOyy3^rcBGEj^W@&%z?D>n7s2K z(-~+q44~o;C?*?Vz$qvO2ETuPqSYfL57|@5aZ-FuKLfW9(az(b%O%~SdRLqc#nXdo z@KrTRZg=W0e9URet>aZ8s+z7Z{HE{gv zNjVgonBuQ)62?f%T1%}E+H=w3(CYm| z#}W?;L=V7tOi_jsxps491^g6fEJQPNkkRW`TrtRoEE|n3K_%sm8!VZJr~qejKy5sr zKVfaEkYHhEjz>>(6tc8?DBK27*c&2v0eT;$lBNPuVHh^t`xg+D*k zUo}yK#B;YVPzdXYfFUi%-OJuk&EbD8yScNl&k$lUm{ng9$2@r{Kx&WE1`6xet%C>O zl0!2uhd^WyU;;vqnUyaLMLe-YLq)xg)T+)^fp)GmUN9a+keEA0XFknFF=9o29zOW0 zb5Y2wv@AI|V0aWe@`$p`ww3JPZ0b9K`@?`~8 zv>V0WJrq8MGiB*bhGd|F2viYCtVxKGw?peZ5x9JVA@<0O&>gWOj`#O$H@UXD4 z6rxvyX{b2bxVMZ@Vf z+4pg~_x{%9jPs%-iMfg_M?x4CkqN*n(pcf`nTff8P$*V4!+eaxxl+Y1_pzY>ry935 zA8@k-{5j@4kQ+GVsE8-Q(a85 zn#GiJIa4iZ0Z~uLycSsWFbJ`PwkFN=7u&TV?i}(Qn6PFmGOt4QcSX&OMHux%TE2!l z(2Wnn@X><{T}b+O8_u=k`dPftv|udK@A)w~9IdGeJW%L^wQ^U_BLGNzq6q1|ES^MK)d$Lg;^>BP zQiJYxXbA{iG8~EEE$hf>Ge!dP6|jmYJOX?fXId*Sc3$~FlZ)~IxD*JsDgr{m8P06z zq=Z?3R!ZD~C4PJflzxatQlpE)m@xAX^2vZRntVIs*?W-~1=RnMkx2Xi=^`~M&`8h=X`2rvI0PjM8}izEoaAcuomR_P~3 zFjS;Spae1o2R}}VX_pvA3(ujXCO@)NOe8EU8IZ!G#o$e)4QjS-*f{;S4MhK4yLX3^ z%yJB-V-J@T(A*Vj$y>pfXR}$x-cver(=nLIFYB%nKx5Yb1m1# zA{X{aQj&dmcfRchG~et^ax0F;$ZBxNJn;PP8T~c zcBqlboC-T;5dQof8O;XVBmobC|2>pGe*51rnHvZ3Qe*a&e#;}O~O`|8x zb_o<{I0SW)o3>|j+<)$J0^7`Bw8Hpr?8l2VM~ABEiips*kss&(x8Gy(-+QC`hb-4U zc)|l&z961-r>}p3Kx9vhc}=+_mBSfUB&Xh@M$WZ5b^`OcC=b%5^{Ub$#OLD zsW(2Yu8UJuL`paJ(M4@Uhr<;C5J|o6Q93LOfw|LuA*VA}l!O#bCsC+FVBOURFeUau z3W4!=FPmX*lB81aQt)yqRT~Gq_3WDxqc< zw>)2MRoVIx|1LJ>xC}bXu+nanRXOxT#3+VRuQY)%#`lDZ23;=$ao7X1QpAVejH&w_ z4e4k-PH0Ht$%z5Vvlr=zT>AoS$cn)(LcRbW*MUG_DhY(GMfR+)urOr%d`uZcp^FkS zT_P9o2&xh+iwqoz3`Z!_QXY_;wU}j`M8?7#`K2l^tDdsG$YUyCVBRAM_8%u7?(W~y z67gaWHwTzweUM9nCWr7opMjZUS5O{=N@4`#Q;b_xu$I**Uv=-!uc20><&Y1*x;H?? zQG;+U4_B`v*G5PN39A!69bjG#5U)6X6n%I+P>ZT#OSYwG-e(WY%u-#27cm`&7Tdcv z%ff(ES8`bgk+=v=1#W`_R?mxVC_qYz@x%v#Y_4D6ylo!BUW)aEF1ThP%YS?4e`hJM zcqFTr@_>^kWH#y2;1m^AZG&ge1FjruH9!#l^cV|E5dEMjMhMH_p16qK)kS_jQm(K_&6_4ZV1^e5Eg`~0R2G*1Be1s^7e$b#~esHHmW`h z3b75l_L!SW-$Jdd1FnJ2qnbNbw9i+_HVsYm9_>7^CsIVyA;q6uiNh&?{wP#@m60fz z1$;s-z^Vlt39~KEcYrHJ0hAS?Cow%Tqbl&tU{eUCbHZy1e(<9htcNv8I&y#{t^2g# z0mVV*$fJoO5lWob1ZEHxAMM&DpWCQ=xOaq_a(?m6{&Ui|u=t)}E!rFwjB%rIqc|ViuGXbt*trDXL80PgT4m;- zA#Bbt4FT@nr>zWvX47APRiaz#N_|E0Kp;16XmTaUL0WiD)Ffx@AFNsg771lleSSE- zU9D#h_1XfI4Y~W{)4-(%fzB5$UYvr_vOl#!Ll%4{#Hwg)*rl^7? zgX|G^bA=T?@j%4ReyUW3Q47qP`cT?^kv%BNArWY#HIN%zl7#7)1+M{lf0+!$l_hAl zXXZ1Um7HL(8HC(g14A!6_#QHLF0IB*7S8zyW;xtLfu|#M$dv)Wt6uM{Dh{ol6g>?h zf_fd78d+ev9TeRK;wr@L3b^)Vn@%3M&?7)YHsI)D1!~=z40%E9ULZ#k?OkoUi6(~l za8XoUHL)A@5Y_nP?e9a!h1eIEmXY@h*fqfu#_?k+^CFUa9m)Kd_l0A+?_X{8&$$%K zVHI+d7QWm3tw}!B7Z@`_5Z|Z>1QyG8`_N7?Q)vq5&%`XLMoqTeRfrZs8b$P$V$h3@ z^v6j5*I=zhQ+NuBxCAq^jHUsxbKo`+f(pr%HH1Awm(wx%!wPQb6f`vV8?#ol9i4tc zL?TyA@E^;^z#GCh4ExAIZ10OCk%eTiK}VbZN0^~M zlS;Jxe7G|QXG#wfg;hoBV-IPB+!o>DbZ5?;=Num_Ak7307fF?*7=AgqFhNUtdvqUU zP=PoVNi#v|2bQ0&a9j>Sj~oT)O>2!fizCb}ZaqNed<}0_?*~D2YteX;MWfJLxhD36 zA(f4IRWptnczws=tCg5=Vp?skn4nDVdwakJoPQWyyA-l(EfOCT%Cko8d4K3>5)$YJ z_(NIXEWzCYH-$n1U;kCP;~N+jLezO%eM1gOKxN^;JOleV*FK__A@m3}OHOsPN@_IV zTQ`z7lspA6QXfWcT)B=@WI5D$0M2rFQjWgoEkBPoUOwB>h}0Y8Axrw7$Iz+6N~C}c z?g`o;;yMdiWqLq*j914J!Vqk}ETA@=sBEYaUk?Z`fL|h9v&G1dxu~3tFKC3e4YlWM zV(6zDRcmCY|CQ_H_Ocj-V@r@|8UEEBj3hBiOG{%kQx!7>q|l^b5MAf%>+__1ApGQW z?wi8Ps)itM!0Jrl1@9nd5>~Radv3gu4A02JSO(-Eg`*}54$cDLV+pe~Hn4c&W+tZy zg+1iiEB@S{BPjSohf~L!Sj-ir#L1m)2sx4wtKwrYAO@ktaVV>3*W-dik3eEl-A~(O zAI00|fvSyz@kdNm;a@$KIk^i8{Uo_#=L&ajC>VHg()yqWB-*e&6k{T<_f!P24AYoz zJOCDv$ewMO=^!)#2A`_Y<;vqKH$3$fU>dvVsXy2LS=~BSrLI5|2-4x@l_3uD|C zy>qX&IZ8|O@>$Uqk^KKh<&>u8wr2jTpZh=Jvc>@w<@3Ly@F60c)1 zFf-&06Iv!zNw2)6^U7gT(<@`RtXJ}N4YL3;Zeu~D*Zq&Bx90PMg~8@UWH=@ zEe2HvE}J`Ah72@6_j=q|H4l0#8W7?rC>da;Yd~8(mP1NUot)TeIl4lj)u8&xXenNV zI9ZRh&eTIb5!d+y)F)^Lo$-7w_UpxtZIS`}^8b>U-%tn?;Popf8m$NJD+Ca@3NMdo zNxpF_ztbeX3v6478>LYUP-lUA-X5AN>hkt3I3og#!N@jQ_t1sF>-g1~#jt7xcoXo!e-jBAD@ zNTX@|BcsEd^(Lsj65N_YZjmaVn3#a)^<|3ViUZs#O%k}X<2~x6YCixWo-P>ZE-UBw z7MgRnG{)3_g2##?5^vyE{ z+h7DgZTv%tbc6)vK!86JngC2%qdt$zs-p14fRP)3IJe)P>uD&~WUdEDoeZVm{2WEu zg>#aKhm-9q%Zl#iU@LH)UkkelP!~mL;1~w%`B6P2$R%ayXhW_lLj79Xb`az_SKH{j z|E!+|mM)`A!mtTBT+nF_TP*|7N-i-YZg~_~GV5@W!M0(5FpHS7uK#%yC&u#f3<%sU zO#E_?xmh&9v5Qy-M8RW*hpxIMb;u}7kfND~p#i0C2ob&* zYW(Tdy1a^}A{?D%A9_O4h?AR53D=ENNKP8LHH}&gaDX=(^x#9k>>m0D;=<%p^=yX5 z9!M9rvxP#K97y2=9g6!TW5{P1Xh4yzLq|i@NMa5E{Fp=ri9!F61%vLzW#TaeElQe5 zk{@tNqEVOmaS?%MIPf0_i3o;gjOIZfrxh0`Ja#J{0GJ` z{3EWcYd0EE;DvEqqP0L(be_ssi(FX$bT|4iWRM7)l0Xdl@{#70^zgXqB@#c8os*NZ zsQt*ocw_h)n*ID^ZG}s)Kyu(zc$6X|8Z51#`y`X3$W{>$X}*Dnbtn2V$uI==W2s{& zp+Gg`mPu$f2dIRI#?)L4XmXPG+{ryqL_YGxY%(PZe?nYjgo)j_ga*j#E>{8DVfHPEr&I{sjdP#rf`^Q911_@0NGNI#fg-Tt%qa(qs zB@Y|6>x*PQhSUO2%OxnBGGuWjZ9$yiG)RN!vzAC*LqoB^%)A#R7qbTSf^Zt*x;)V} z>;JCAQvK@Kwv_w#g2_F@npHGg1McTPUWQ8@e#v5vVPulv4@TeOFqDH~ZymDRQ&5i5cR{H9zLn=QfXPNH|j6QvM55kHOoeVwY0OT>; zA^37ky_-1dzzhFrDC2N%*TDKcs^HD!!Pp@{&i6$M0JFR1u1IVN5U z)#Rn=65+`bwTn|Q3PL(k#9KA$7||1)W<13XVF~|Cg7pWZ_hBYxQ6fFy{+9O$l~N3X z+t4nX7WO(kC)W)UGr&~((sxTa3+I7@kL?|yG9*X5R$vM02c^`$!F|1Y^=dgJ{WEcVN#wl4H8PK^DGxQwfY|N9 z@T8vc-qXIoo`lXci?O!ClU&$}73A_pb17B5VzI?V3Sb1CR0!(f*>!D*Zih}@bn%A? z-H3b8NDoCuC&BMlp)6WJo?F65J{ooob3%3D7EfX?xD3{!QOm$`cLg?ID z{8}b}aF?6d2_Z8S2VPER{7+Ythm2#17x28a@Ez5wuWxQ)Bl3r#dk zO|mG9&n_AFHYN?a#INYc}HD$fzq0XQa{?wd{xiG^Z_ zFu6QCYjR^J$rEk|Fa4S6e|!8q62CmMPuw4o6Z!kJ!{U81I!J0WF|Wb*KyKY7@*V2_ zJHq9lFbse$i4AgefbD_@|A1sZB*S{*6lsXLB3;vAHc6MqX8&td4~USyKQ-C{Ax+^!7IHZXVJ^YsaJHBV zt|Oe&;MvE-r ziuoX<+Hj1}4gfLq<*}A3CIc2*LWh)LgpSvYAH?&7o;;TIH<_BqGfqC=D@jU%ID~)* z2_RyU&~r{!iU9;X=@EVb7kW!hGZV<>z^kEy;vj~i1+jwQNfsRuM@?#+Ce)d+v^ZmK zJXlUr1(b|5KKx8b77Y0sZ$JN5V2j!ti!>KouYB0W;NAyo`&rGK)dii-*k{9KGssA3 zsn}sK0dP3FCTi^8GV06r|E>iH|I(BH8`d$bpJhL*nW<^gfLPpM4)c_cda6A9umod$U|ox#e00 zQW4PKPNz~Ej6z8|K*5p;8ZwxI1C=w>kiflEWk-b>6+;zDQZj4*8l0pBEdf;6xN+m0 zV-Cb0VPVCHC+@t5cdWW@7=2$?Mep=QRMNjfw`v*>#A0P2Ls*Mw8H+x`MTOH5hmo1O zQ9=izT&|ZHJ}g@@Cr3cLILlDesuHk+ox0!A`s60Bh|+!h=+Odkjs(MTLVsEv^o5k8 zT2{57AssCVTr=kAQRbZ5PM`oDlNQ zs4o*K-h?U?cpfcfx>+e%7aqG0I0c3ObfTgtW2(iX{vzyKkPGK_eas6GrMoQ2po5M< zv*@yptPo`Ev+5ICXJriKmJIu6lU{;jQ3grr9o)OGFgh|4MV|hpq_wWbHs4<#`d|>Z z(lXuMIgnQu;7GUEc~03+FA4Ka4#Bkp{jjx|pq!nuB>3`2W_H4Orn-YTyhrYUZ_ZD!w4(S~B(uR(|8K{6wDh{UXAHGZA`gm~ zsY!{2bM;cv_khf`I2=XL?7K+0N&Vzz?TKTCVmdW zlM5qrGTV}ROuA+vN*~?@J%8w<9Ob)OI%l46w|!#Sy2TG8=Oa`M&naSOhB2S2o_CyC z)@ZQ%s_0##l)H9K`8ZQkq1t@4b|`cnQo1IO4GP*joSoA+Y&g|3f@=k}Y(;H>@YIOJ zzU2vY#co{zNix;9ETl{-AiV}5G4?JC$P&IqAWE+N9f%40U_GYPDA>#&hBdv*0vXi< z_7}8`x0SN)(`r#JD`OB>+c-BHHitavc$(a^8+ zj3EizckP;hFPP$Qqj=#H2srxLYCU>6Q|*ZtUPnkys*Q~VsQUxV&MI_FMzqJg1 z5V=BhMJO&{2rrAHB2A>N6Tf*7xFn-JWw^@8vEV;+8kuot72Xrn4(M&f9@Jb$J0OyJ zDNsVo^c#Y|B-qk(*DWb86G!G!b>rptSDibUQ3b_x6kQNfn%IN<@06?2yZ7%EN_fR5 z1HTY%XPSt9Q%Weg3ht0XO~lk~sZH|QAp{XnRmxzV*e3ZOGpO=*C{b|?Tl|Gn$<&;4 z5+ZAA?tE^I`{T@S`MS@gU=Bqy9*`ld2jU`&E)#0jMVzbVj%2Z?F2yW&qfvE#)ufH zS0zxSf43Tk{b@R zoVPHH6D6gvOrzdsqd?pf`t%~2P%ywVzZ~nYY~P|G?uBgV(3J*+U%t{>YHsG6<}!{m z71&54q~v%yA$78}NMIV`S(!kUtc*dc(By6jgtxF|nkNtTO!{w`2LR19<)v=ck;rXi zT4d(yJf^jSyj~*3*Hb`GSo%Marj7o>N*Gf<$(Dtj`~VMMKF9iZuIPkl=u9#EN#n-q zaEb*udDQzBR}&(7bQP&ugv)qepGMyi*KNL1j^~qWffMP7y~DycEVe7pcvAD;5|AfQ zsNa`0=Ug9c#NK$7_lh%#Zx3wQyg7`iDKRqV?sRooN9Scmeig%Pjr=XY{u&Bgr_N8^ zXcY7k{1CM4)J4unV??U-}riNU=?R(Q7ebIgW_JG?r zpZZAtW7y*`qM&>6ZO=74t92(2OGE1dMr@I{s7YEu?;(Rv987_IMdu(&3*tk(1Q#N= zBu8On$@b$pEVr1F{qsuRUcbhwIB8dza5^BxmMH0I$_6jK(OpOk0?VxJ9s6|u(=2?5 zxjcA$R8jxX@I43emu*NhXvFmr+Hup`_n_aZHu7HSh~{8hp^G2u9y&d7I5_5XhY$a_ zRA0eO8>|$^)I(;}AKi7XnME3xs6TF0O)nEK58&;1HY&-MtW4wdwhu6j6jOCEwU+FN zKFMCV;T5w&@!?+%67Kxx)4UaAA2a$>b83?7#L|fTzP|@sz>haAm14#$OvJZ`pQw)b z?(Z+lrM(@LpChc!gxoGITconrbGQ51=kfB)EeD)%O3}hx)5Uk(ph^k1oa{!e* zJh4A@%4&$z zH86C*`MQl1F-8o*vCr(0!H;v#7kgva0g@92#v4kNu#XzOOL*=gU@6Q;D(RzoGhj?B zZ6qevi*RF#rKp;qB-aJZDB_ozQ^AQ{4w|IIF2GPe;uEhs$nom#D|g3T`5B21qpACG zAfh+RjjIVfhPA#F%#Xn??_*s*i1gxC_wXl|;me{Lm_@sVgG?x950}KRMMY!8?T!QH z-ZM269wr}&cLt42=~~n@y$OdClzSZMB)jM9jvIL=$@Y%->eXQ|w>SOqzXvCx4eNnI zv7mVAzT%Wm+@+lmoY!Daur=Q*@3jxa5q=~xe`z;;*_syax_xM94XFVuiNhx=(bj~E zLyZjf+UM4t0lIS%48k()96w;Q}TfL+6@!_)Nk^OCylxz!E~;<}F<`mwkCb&k=PEmYqg)S19y$j+TB#sSiE)1Z5TL*e#~kQVg?psGMM0FqL+Wg6`-QsS+p6X`eTZ?U9=Bny6~OpmK;zla0IpZmm=vVNTr|?5OvgQ@0LHMXq&7Q&C{0G=Ree*;}8`hlqh%m zPVLv?)1P>0!}G-BsFU4`jQ#xl_%ydhybV+?Fa7R-jzVmbuvM%v8cl6WaT($IuwQoumOCJKB9T9Tt zjiP|zMWLiYdi#M{NDx9HA~0wEq_L%XCX`w?X%%JPn83-X!e)TE2!1_yY4OcT6H7;b z5bbcgUC%D>=F@@MD3q3=Yc(T}@o6YFq|k_aPfw9@<5Nsb>6^LR?3!zhk~{s#BGHaA z5h8eZi@XfU#aiU7;J&G z%n{iet=#CpS>i)Afd^<6mw;vqEDWjaoSR4Cf4Sudl0^FlHEU^w6{{xYJbhGhf)!ls zjJv$xz?qo4Z|?mxQEBhL&C{o%zta273y>m823fFag@#sPke2A{v$Wuni81rkaH_Ll zvAd@qA3v^C&-~3f4fybxqEw(mb)sqSYklH?=wM(??~ZCi2os;4{tB6{qqrHMkm29U zrnSJmJu^x}^DZY>LsyG}RT>xMtG|auaSobkC?-|h88E)Gs_K2vl8wK(a#v*{K{Vco zXkBu5#U}<`D02u`tzCegQ_On`5>vFf1hIt0$x3NVT_SlhMb|-T_KZJr+P8x^5NAVa zGpKuqfdy=qdPZPy0IxfP6OiQozur|J4jPZy9)_toVvk*q{qtR6AjB|hmC=Ly9=-k? z)YsdSq&i;OA@ZCEAK{H{bL>lN*N%$RK(Uw4=@B}dXlKPNtY;XNo<*tNG$zs5K6`k7 zrHo`MJ9h7GR;u@t^laqGSYR6Kdc0U-`KY$gy9Fdn-Idq<=3em{`Hgs~TiT3jS6hvG zfZ5Uw(&f>P+7Vb?tt0=wcyxloo;E#*GeDG~pd(tR{2nMny29;~g`NZbxQ-a}l=gxH zFHH@2;V9ED(9(>n4(vUP}P9Jm= z7;zhczZwJT&jvmiwR#0O5Z}IR+OGBY?~V85ZCWF; zNi2s17Ft3=7Q1E3FdoORpP5dVI-i!pg-*ZdJhEyhx-|)e5(N8UM@de+MK(%A5B&p2 z!NOTyfEEyl^h%i5m(RY^X`!gJ;&`=+gAA-$N(s(_o3^ZR@J#d*2 z(A}92zbbA69wh~g{9zSp#*VcQw=LmUVxo6%7H z`}+_;#Lvy2B16RGp|sJKK9IAq#P8m8hrLmW$MTelC*BmF#JV%u-#p8_`9@I))FBJ8 z%;2o0LSg;i>DdfGH)Xn#vu<%9009cd#oM%QJ&+2~5L|Z^NkC6yT1)55D}Ezs>hjiN z#o3$D5&0vs7&(@~)80l#Mm>joYp^w;hR3&i&DnXx)1#*qCu^2vUa6bgr0H$8`=NI$ zbPIg_H+_CY{#$oll#TS9gGKegXMIjt0wnV4_Va1PaX`{1C+qP*m`ANGla$fsi<3)k zU-bLpR8YaLL8NQ`1&v5TWJN(0oWjcN&bOEWJ?c3O@Fb{8Hn{l{8J%d^LL z0dYm9&0v7Zu91G_U>H?kT(M)8`9JPxqYVW7ozRT@34SSJ=x$swPN2q$ca4oBzK)0RxC#8-0J8Cn%9H9~M){2XAv}Sc~d{oiibVOw4*ZIAnphafWNjmJeYlf3Be{3Xbt|Pr~{qbU)w5* zat{@E1v5q2v`k0o!0+ffZ>Xt3OJ?e=>Slye{WU4g`h zM2Hmb+ts_VS4C)s6ikFq($2wKKR)r1AT$%8uOmbH{Ql?SF@ka_^gMg$v8lsRKUTyCf;>pcvI8KFL)=!{SD|A zrN4+eNM-ngIOjaDZ07n6jrjV-HfV6fLPO9=vW0+zLfXSfiN;77Lt3gvl{yQ!Ph6Ab z0EzB`GZhgzWjU*;MKb#dj8V!kYO*-O^<<@^|1=1f6ifr;1>%k&4LEVY`aMNiG--kh zY^jW4C7(b@%A>1voq0?W7_G}$Hp1`o`MF#%(##T|Iyw82fb@?8cu5ZUbb-+!N;bBE z0%pm4T;{GGVrC*6Q&+BweTT%MQB3q0QxdTXNqidQKm%y3Q+=?$?M%RPxAgfZ5bMe$ z478C)=n7CvJo`7&5yv1WbP{rdv(ml)sbXKM{GvDflG$9N8C=w)CzI?veAPW1y@mf>NDI(IpWD=rwC$+9x?5SlxFu z_C6s~LewQAzrG~^zw8W={pKW00qs9C@+1?es!x`(ZCeUA7)w!jSue9CZy3=Th_@Bc z>~yd{e6POZ4)wdc7T|K5Tuc2qXQqN1rV1Sft908Y1Dk6hYxq0)oI`Q-Y*^DNe*%^0M-&Rt3J0b|%h zdR`dx;iM$p@;)1UFCtSe3>(^n$2P6@>Oy%tRB48FK^NwY1cO1&n-aniD*-9FB&$88 z3}VRecbgE{)bHL0QLpw={V?LsQHGhrYT7|`7IlFv+S2%vRblZpvj0!+S284AoFPL1 zxuQg>g2n5fR+{nhP`GxHL3!#tCJ4p0nTeFbgJx?+oufGGrl`cxrRY3MXoj7hMnzyo zrbow9-Hx$D=dpTl8|sHE^f=SXHH?^;We?B zY^`R_v>&K`^f>aab+_G^InS;p|I)Owf`YHc@R)i$xcV~s?AcIi zEi6ASJ$$IOY15{0 zq2cDOTbD?m*Gc%M78a>*yj)#(qeh6z$QV`aYdlw9U;no{Uk7JdVurwC zey$Ytj;IiGlyky@i5Z6wc z^Md-<-2rKt4 z|IVGEOLn^$b*)J)D=TBgn}$ct`9VA|R zD=hjw((Bc$BxCA|9KfI>nTjiKHILiP`JD_b;u>tke82Xy`vKn zwkIU?-QuuxlU+{Gt8GV)9(AO32?`3@9T<2S?B-fd&SU%w)L*-W*tGvX#6VoglU!~k zpE`9lJA2jLr+(?*L{!z*w(6dxdeg>D?QHxHV>+wt`O=GM2;D|PMG zEvb5jUj6=t(&guNatgSbkEUM98B%OvYWk2NnwVq90s;b5l}cq@eZ2!xU%CrdF61gV zw}~dZdby0qx87jy>RJ~xYS4!$$3=@)At<%6wZ+T1hk=1XbgM}^cU*{%5s{Ia)z>$? zlIaD4Y;(U~#CW{+!0_S2 zDbQOWly9cF=7qub9XrmtS9RbajE;N?1b@11{<-w@W*@4q)z;QJSolQsXKF(0#~=L< z9nxlG{nf5N9?c(C?ZfckITz=pOC33sBg{*?3>`XjOEvOdy}^SEAE~YAv9_)`O=ZK| zw~s3;GeKy6=-bzxf0}N*AVJ?Qy(9l}iHl3k8$YU%@0Ry7FxbOruIx}2MBlfJx$-Z4 z$BcHXRFUhJlF~_C_00n+Gye%XERxMV5=BvXpv=?GP6MxiAFWTU2SlTy%^@Q?-g$8K zswsH;(aA-{X0osOz9S`i-deuBBEp2aV z>X5s4?+#n{aTrKO=F%bGb?Wp75PI{0p=M0HHBT-vb8yh%R26AC83(88cj(Yz>(;GW zg9iua=TC2XB)2RZ^o;9uB`d3dfPzwHN!bd+P?`F%M#z4oq~hMaIY7Z%ckPPftbm7n z*SYgk*E#d&YZ2HULuW@@Y>Mn38X9^!Esd4yTdp}aW<92tYHq4fkheDQck&Ag$a%?$ z7Ne*0vfSKUHu?C|{71m~xFWqc_q_7^kbl&|K+E~IwVgb7uI7a3TdSkY26L|s2MvXFc$G7C$`*IgSsh>fj5c9zsxe*EC5@zH%@U~7) zP7i7IVlG~MQ1xR=TMDr@7&!F*_S|S*ImS4#mX$ zLQp=%Z&J*=xb>=)<@){-Z$E!thr(*>wrxE}jf$k&K1o&X^3#y@{{AZWeV%GinEy_! zeostuUbd_k8&ktVHIM5|3=klfAfT8$S%<9<&UMb$c9*t#7IMfnwZwBV8hs~c=S#V{ zJ5QfB5}OEVGPk5;gAd@}9u*YS(PeW%Fuaf2rb}aNY{0B4_MA#i2I|n#*Wby#)z;C8 zKYrY+(b#ndHDP{X;jh;m4<#nv6$)b?QShA1;0a@Q(A zwB~~^1=dEz#pxv_C5@XnF)%7>%A`sEz%Ith%Br}m^afiRwvtwu3Y=(e{w*qg^vAOw z5Z_D~@`;U(-b8OqklA_h;%M$eQMDfqqCU?KZefcbm7mFPbwMA%vFo`%flB4?q}OJJ zg@xxC4SG>_ZZ8Gb^f_~cdB2vI7uE23$5yk!Y26;jztQHa{CDu%8_-I{EE~cMHmtVR zzZ8PQpzBW0$(_r~%b&e?Q9-3%P&`OYEmXBBnQ9L;@$!1xW^`Cir=@pKZzBZf=jXR> z-TEQTtZa{1OSf52Hkg0kDx0Ibb*ot*8Gs?pNjyh%G(C-sg1AtHRU=lbsl9*M^uRQ| zmljsK7E}d%U1=$qrRi&B^M6oWHGR!l-@^T`Z>n`Z(9G_yZ~mwL)8D={3%zUhV{msb RMnD*58gDV~*w6Df{tphRb0+`* literal 0 HcmV?d00001 diff --git a/docs/versioned_docs/version-2.17/_media/benchmark_net_p2p_gcp.png b/docs/versioned_docs/version-2.17/_media/benchmark_net_p2p_gcp.png new file mode 100644 index 0000000000000000000000000000000000000000..a41557e96c15e5407beadc5011a3f3fa6aaaa71d GIT binary patch literal 36961 zcmd432UwKZwk?WnppDpOQNRGAARr)uM6;G8MRHUTNs@#j2it@JL<<3ts3J%fB}bJc zITw-zB$j|kk|N!)-20yIo%i1N?m73~v+wJ#-R+jL>aVrdoO8@E#$5N$DV<)uf_()G z3(IQCnG-53EQ|YDSQd@{xeR}ju$NT;|2b@TQq%5&)m1x(OV^E96ffCXU$e5iW_o#t zz0q}BQ!7hRL2K+Y1D(t{V$UZ%$Z?H(73dM$49kh3yjgwdjpp zlqm~~PbKBVQB}v_?`=-ON`yEP{`tbPh~xKfw(SUCOn!55@qd4l8~+>M#KxLAZrYaXCKVkt`dPwx+(bqEqy0Y~ zVeLaIgC1>C^HMv-Oie|+=gC`_Da(y~s%LC_%PE7AUsm7&=exC&O?Ge1p%vF0uXR=;&y=Z-(6fjX5=v7!~HOZCV>~-rD-@&)$ky z^>}Sl20cD0)uJEVopD==;gW3xo@s}XWe;B z%(7K8!?sWT+_}fKk&3Y|Pd<#f5T(Q%tCGu6+C1lZr1%j>_rb(x^r69q*pZowL&3xC zK8cBmwGot8XvW|P)%NNz}U{yV+Yk3XPssJf%Wpy{1a9o`}F#c|KU@<35aTkFEp z{+VUUVc$x8`3-Vi&8oxy&Yc;SI(hOW57pPVAo@bohE1Cy`$Aomwu)ZGGnYK&k>4aU z)oMG~k(Z|wEb&)grc#(}e6HKfV3To}8gqOg-mvPSQ0^P6-03|+w+A5xly^myD zy;||}RrAIKz0xPUJ+JqcN4I4;@M`AB&Hs9Z-F>i;fAYx0w~8Q*hnoacjvTq6oq8== zKqr;^+{%USRV;~os&6iG2Ub^~OElWGd$(ea^Mn`o?vhm;lJ)WBl_64!^f;|}ktugq zH@6DoFt=VR=i+6n4!FC!>qiA#S+SAt%KYqD)r@u}mOXH@zT?g!rkks4Id7QjWxQKk zWSF$mJNXO)k2x{AQ&F;|M!dFBgSgYrZ;k@;3T12O)^FKj5~&=k z^Y2S0;<##$@u@_d$&Qk9{blV{Jp0$~Q_tFSTwK~@gY$T?K5Ivuiq*W?#k{!dk_=BL zjybqzyKzY$_L$FJzG_u+KDi32V~|dy)4?C$9|RxZKGT*xcAqnr7!RC zyQ_q0<-W?Yrj~7)emki10e@Bhy`_LBJa4MqgR)txW1_)WDbk-@$ zQDb*A*%tM&r3Q&x6-jgytm*gOCVuFzzy6~4g?Y>id(2G)Y!x$mN(m4Qd2(fTcD6iJ z#-&RwkE2N-T=ts1j(eX2bGk3gp=sIfUAxK=jpg`Trps1sxv28`tP%HC4-b#`?sH7f z_R1MOs~nf9)LdgWopHDPFG+@N^bs8K3LMdLMq-|&pUYr$RQUv>k;_@fcUQO%yIARS ztIFWR6?ka{&X5s)Z)iW#Zjt+|Yo+hL3ww5#NNist>N0sPk$TwUfV{}`&mK{{E~P2U zA#phyn|MpAg{T{IT=?V1kEduQ!H3@;rVc*U;jo_js*_qOYMXO@VBPhPDMO-q@^((&Mz}s$hnEq+RIQ#j1 zl`KPS+_ELLLUM7-+e`V50*3M0DREpoR&Ev?*X%`{()IpWpd$h%SL8Du5a-vgS10k5{|C3{ z!iIM<9YzExe0rJ5S1W_}adAy0)~8yuaJLQp`AX~kRm*Oay=dkHL!Opu)iEq$ImevH zbe@Rejy~?WX2qX>{`lg*j^}K@w|M(wZnuTGsZ6^8m0O3{|sTMxf}z35|P z)tbJOvSRu2CwX~!#Ue;L_WKxiou8I67O-gB41@SI65?(yUCC$Fo-K*@5B4`iaiwv~ z$;r9>>hu)$M~RBnckEnBsTInb?Ml&In4jyxmv2e4Vhp8qs9(8qCAj(LTch%4=V^AM zT_+Qb=I5piCi-iR<13^}R^ST;7kO`sl5!YM_sdIbY|Wcz%2x!5YouOl+OT$Qc%0Vz z!3yz?dPI`pHH3T1I9K0Ya%oDg=@@L?O%>tCT`aJ{7A7K5VP{`s~Knib3inG@c8?tr-mo zdQu^>ZjwdzbK`Z&&O<4UPX%-i@yPot4Aj29ka4}|AkbOj$W!ljmm%^rwemvyxVa0= zf2C`vsy@|s84`=->^o$&83^s|ya!;8W%o#H#;fJ)_q;*2RA%(6h> zX*f?d8T*MCoqdhtUL`XXT;#*GP%RaOIK10i5yVT0(aTEx*;BUJa5|I9;PaTD1u|z3ahMRv6q)e`f^L-oU)rlhwnq(KvJF-p!jgRpT^;S8o+5 z=(dqMR2i*~ZvdoGS5a{-IPy^rpZ)o+Bn-d#JOtDqDr9c@377Td}ARaftXZCKmz`$zP)%9TSM_= zM52;KD{>_FQ>-Q+U4INp-#x|u{)HHnt zPpEen0ol}ZIODdzoQFGO`a`;Ard{+vV`3P=38+ht#H5+=c7WX1Gg8L!ep8wnD(zjI zTeq5u7*}574vbNYb>5G?zMb?y^F#w=b)fN7K7C0{aWvyp;SIQ z<<0IS;ET}lsd~|#Ni92Q+4_ZHN5d9McaN&;^!*AjaBs?7N}tYfn3l1SN6Jhsb;*(u zeo;7)s&D9}g>2oBJCe81Zq$lZi`U_oaRb&JXwS)N%;Z&k{*9`07I0;s*1L$t3HwBg zmej&uBMu|)PMtg%D5#gY#WTN?`aCMsxilEDOm{lHxx?)^!p+Mr?Lx9kMTk_R^WEk; zg4?d<-(Ahg$id-H>6je1u@8?pktr~tzwOYqx4l!yt#aq|YPiY>{xKBrm>5*6OEi!p zzusT(IU8WJd_wQcs^!$UU+85n&sq{#+HF6qD~_EP?J4yelXUB=43VjHK-06wqB)r} z3f+;gAHPQG{3G{=S?{X?Q7f_x{Lem%_~;w3U%t;YF>=R}#+*fSC9-eQxro=(edOg62H8%4m2%Pq{lKMZ(-HSwAL z)$QZ$iWxm_KqN#o{FK2Yx~Y7WgQ8hPbZ_BigXE&N7Pe107C`hV2$4-$w`s6hEy{Q7oqJkjpnpdYQ(rvoqhFV%2e&{1t zB}vvinD4GU{Js5=FZxnLKLX{Zdjbr~2kN3KNdJe&jT<>v^YUbO!{0itQ>zKarnywr zB6YmWRYtjbN3TK>C`Z7W&V5h_mChjOTPLR`Z5l=N84`B`SvM5tie!_TPexg8TNb%> z72K!Kawhwx;DBgSW%@_=?95$xpJ(TzjfTaKsLMSNUk8jUgN0otzYC+AO;bA85PhN8 zqPd@=VA+x-&-8Pg0|5le$bKTD6rj6pJma8TFod&U)ckO>kaiwFN?}F#(Oc#7b2Am> zyL1&kR7By|Oa0itXs*qnLyV@-p6%4uY&W8_&VRoa;OszD*ddw%DwvF*Pt?S8DSx6S zHFtupa~0u9AKk|+iR))fH>a4>=XsEx>CSd*9=g9f%$%=oY;3d}Zf*MhB`N>5r)Lm? zC6MG6_B^1ev`MG;4kP;JnFj9Dh2|OfY=qt(WR_DuTf4LB`fFar?_lTTa2d~di19RvK&To6Fp*2uLd1+bbPH7GBm&4S&^~ciiftOBYwLk z^5laJ!eQ>r=&h1=Z=3)Dyz@Irhkv#H&3Vo!8SAe%#Nx+}%n!yUJ_o-cUENgpi=4+JKoMh_{ofk;d&A8m4mu9IKU{ljF3!LSo8y3^+zNG`@%KN4&Nz>+DN{ zTd00N+qvwNgmT7dPp+s$DGePGWU~3*yZ5J0oy&@TAnyz@J>NZw((_Wh{^@sV9`n=1 z%u9Z|Pp=8cQhCYRifWmu=+aloVV*NRJ)J@QqbJ+hpHGd?M`nt^>(LecHHCCaDBr!j-Gfso1zaL%cnMbq85xM8AFYDAM-IC<#N7w!Uwok`pUNuRd9l;P<15{}f% zvOksSLLI~7+icw|6J8Z2*J07z;XYHrE_eOgnE)H4`jjFkXBj#QO7^mG;A!oAA5NJ; z5j_+gy-4$x)cCSr@&STcyz|3tLQX6DK_R6Kj@hlFZ|T0CvT#)LzV8))zmY@pI9BRe z-L~%zF=e?U#lM|k>j&9F88~QK>nO8G3m|EC$w8Cq4_geowpYvO{rH0Tr;5$DXDyLl zI^N$^M`^{u_OhFr@C%&3^>73MGHb;-JUjEuT zaJBqdjr79on4nZif?ifpY(j{XL#6`P+!&gMB8efSX+`W<9M_#nA2cRT$XFF1|GGGi zyqtQ@442y>v((Pe%d{gmN6ZzuMzD^1!lim(}G zin50A>VJ(uzDX;?Tt%5&DIeRPFl&_%jL*IZ;(|SzlNAu zy<`7~s`tL9I9tWRlGIWX>CUgczB%h$N1IUcO!(E4?68BvMbD59wdAfKq^_=(bDvFD zvr^Eo4mMgR87}1!%$%9YY8|i^>I>mO%-kQF=TCLZ$HA`{Zp*454BVaARa-^UlMT_k zsB?rWxl63xE>X=#%7RY*D}w>B0vQs%=vFe zW%?a<3d{5-eR`JFQj7J~P4#gpmSRk!(CQT-4BI7qL^&kwthWwJe^kwOv`MTZd>d!l zeIx@-AA`1;vj>fH2wzy+R_ytEOJB3NEbE%*tG0<73NARobVpYMFdosZ);AqFpux+ zm-)t|Aq$M^Eh+g>|jw)ha6)MC0k{y_w!_x8iJ7Qd?G z7Ou_Zy?2;%nVy-61)QOMtEDK}Ap?&}NGm=+NMATTl5By8rwvcuG)T}r>{G{_o;F3% z1%>Cwe$eD=lETG{7rn+N>dy!Jj&%&`v$Or&BETF~Pl@Xsge=hSCX&CN5hzym-yw1_>5&mH6CPCwet zXONrC-S}wRD~C<>={AOmby87^{gut?ahf{^hV!%l?Q;BW1zYgYZIXNsAA+>VjPC&6 zi9PdV7rTUYIH-bn=nK6-FtXF>zS&$=(olNdvH^%L=-J{ZWPCbjpGw5z{LXu0c1hGtecS!T zt@PF6wZ$qYijw6V>_ve21%|#P?XIL2H9#0h#;JU*5U7%vGx@w&gq$W2?mQGw!=c4# z!sFkYE})F6he%ShE6bXeU%SRZl`Z|V|A_QBm=c$%VKr2IBd_!CuU1?h5}pHdriScj zhkgXC^;tp^AsxI#0X}2fSJ{Bpn@})dxXsI-2@BKJ&~LiUPxndMe}6XrtDB8F)Z8$r zHjXr*0a7Cc>n|Z7Ki=5en(ZX2R98S+)PwG`juZzrJ3OEM%kpAhV4AYl9Qn^o-7I@W z&@dN(4mbSu*9$he*>jgJT@tK2IdVw`)SRUpUkFzpzXLukY{t@XJTx>!Cb}1dY7y5T z$}$sA`PAb~a+rNbd!6JUqpUOEYUtJS7SC_;>qlqIxfeH4yyHK7ICAIq?Y#(=L2Ppz zRd%BOLX!Vs=kYhc>6NJVLl(`BZdo_QfxE}puPkHZ+@6@3P4V9!h+h4bL%Y*yWcaL> zl8pYAui)gj8tQ@EbO_qRj7Cy<$CWu30}A%KBOXekCVC zNIB8_VaXgPe=s_R*M#qJo)|nECYuAEIL=K6vdiU=yfoj8nv)$?T)=+Jg_*Wx=JdFI z6v3QfA>H(IG!oKFLB{f02Is%d;??GkMiXrls&U!XAp3q8dA@VuH#SNxO!sj?gOe!YKPTfn zUX3EHnsoUjwZHnK#q3I<>~QqjXEJAoo6_ggotXnsVqi}>4qrckl7P^t29Ry|-RlkL z*BG=+q7y1I4V?mM#BSD{9L+sY%;iz<(BT$fGWI|b3g6kMdtYGTG)E%P^W~NC7re}C z78G39HRwO?As1tq`Fveab#?U;Q~6^!fkB~;UCRjtshwpXKkEnBMr-N?7_;pKeU@%LI8N2jgK@{7bry+!5L5$Bqg%(&L;a#Urs4xCLveiWZj?s98`8ez&ia=5UCw&Tsn^mw zMvkf6FH1T`d$j%VOXRK?bhO&JuG4PuLVfq&rJubwk|r9CE!Uly8VMNpI6CX6q5p)N z@$IJVFCe$L*n!G{?z(o*QMXb1(`9oH%B=QTLCrK4upN)>7d5V|N5w}tb1_^Rx_2`} zEZLlC!}`FQ&ktEVkNDEz)(*+aqBZ?IIEM>ZM0A6%Adw9KhO43NsmD)Go;Xopn#=ZX zeu06Mvi)RUVLVXaE$40ud|u0@L$S<3B|aoZ%MAG~A8CiF>aekSD%;Qs|=J-eUZC`(ycVq+-i6br+rC~0lvsVi{^u<*aM&gN$%^S7IH(Nwme!iJ!-$SA_zn(A9&avUnqeR zihUbeHnJLj@pA9k%WUv2ke=@K{=Lf^()bOgG9B9PBERg|vEyU&<{a-(y4A6S7S^_5 z9KTC*9%0VutM*~ax9t=4tT=%rggG~;n{w@Ow}mmF#39B=@;*e%8ImeL6tH)J-JAxMjN4p zPP-8qF`6V?6c&gqc3uu#lFA1hB|kFL;c&3|I*{6Z{?#dv1ea+Mh#GS=W|nn&*^V_U zScUcC@6UG&F&lhlr^on_>}{O)2ru@F}V>!N%jveK?hj&#UnkCDMiKvs2RQZyz>ghhmA79?2!s zQhQ!VSXuduY+S&Kkhdn7%6_;t8fEDW4J$E{V!%4EpyVa%mAm}=gBxoK{*K!5*Oo1B z(BtwU-_ytXr`qTJAt5l1a9m)utSLUZkhC4X4kQ{A>~)fU(j#}Vy$LUbnSOsmCNI#O z1mB>3`f6q6nJ$u7=plbxh*Y3FRZ{56->SsjNY#IFY$?UTD*nNcR?+S3xzZ+K-4iEn zPq=3BqQsm-8oWG|_(3o@WGkgTOvlb%`sv!>DqDL7T@i=;3HQWMOJlSB!pczBpV$ds z?5dN11H3Sd)3)P}?w0xsn9tp?mu2*q0N!#J<{f|kMKwWJtG1169_-Pmc4fvjB9qtI zrY|pS%EhrR*mC4m;!Hndis)o^Q%i2A@t3Drbtv77ED8kU*Y4EEL8%2X$<=@UC8_Kk zAy~Nd+bYVzGZX^@1M@c7v)LT{UGJhF0Gp&X{abj60p8^)$)+GFRYuBSSIh}8xg z8nKX-(^k@SzYD;7gfVS9u#hXnuO9cqxuHHmqcMcH7cke&fVXO7XuqIypLOMkrmI4T zWCJ4|nUj*a?ZK<5kqBK=Tnv6o?&~MFdh+ERd-H% ztVtxY;_%&WG}+D;#Yj*G&Fc5!?^RYVzI+X*)cDR2S{B{10HG;OLCBJ5c{HwEiEwpw z?W&Is;O#E*em~58rc@_m_wLFbo_}WDzV)w7n|dc6RHJQ}0Gr0G z$-4(t=sk03KZ$SU?qA9YnvP@8} zMAbTZ>QoHHch5p#F)KblZq3Hc`!z4lIXiI1cgDbahes^!-k=N>>9AN${WqtH5Crl*L3d33^;q~ zySKn#nOBD&r9~j?rngSEC7WJg6vU1xdAsnadfptZA(3CIg-SUAwBjh>0*!FX%+3C` ztTa5M9n^aa=&Ea70ae~ zh24}$5HW?$H0aHIKc}V|NzV$a)AX-j=@b3neJzkoOc9Gra8Es;&WCimN}YnHa2|5p zg=7KXw=k@SZP&$A1*AWiSD2Y==jh5-$+aKShPc(nZZ9{Jjb||-(qldZ11pBad5~y{ zR<@(usni+JD}z|b7_Ik_4f~SBLCn;HAb({JvuffN>d=_jr!;d6`lE>6|hMW56cyz2AenckJKOP z9iDk?-VkHt?LmAW+4Jox|GZ3$?knhvWVI3C{7mtG8w5j7$+?6xmg9B-yIz z-D@2V5Xi9;YkG*w2qi6WG3%OVL_8quEz0^fN>QivGovzpCtbGC_LJLn0{gq6bzeg# zdkJPPi+L5j@vNPPqweRzh{wYF_R~5L4HK!{5zpG^wrc?Vh!PpR z-Mr(O%X$v)Mk`b&{BGx}`^0o5Wjn zkPjh&KLmA%%P>Q1F^!>KK zeq6Fewto*x#TeN6=Wwg+F1b<_+SVAw31um81xzWs@Z0v3ZZy}0U^NZXP6g0Q1*F5@x&R0=z1|^I~69JW_o2NcI((jyS|TPQ^kD1zlYWa&<_F+ljMy4b4|^|G!$*d$=ay_JiL>%Hsr z^?=d3C}nZL5J9P?elE}aOOg)5-;;)Q(kufJlRQ;l(|5;YSzS!qnz7u^(c5#96;mMl!yWt+~#z+igT@ zMB5w%(?c(~SHZe3hr_qoPTgRvdKj7-3*ku9qbf+e%BVU0cJLSf1?Y8e2e*n_1~)pd zJA3R7jj%Amu4Bm^_XeaEkh7fiM&Kh&a(`AR9&V6nSHkm^B0{?Qed{-FG(t`^WPH09 zrHpJ+jxFyN8@aurzi5jn=&>zRWoSS|k#Q#^hCm3H^CxC^QJXg#xYkH6|9N0>rf|_U z2Qwp}y6scnZm<&{S^w1s!-6OrTm1 zQRfbs)^Zn(Ok_KawMK3QP!^L-`U6iw^s_S}07myyEUgy&0nd|~=g^C~>|Y;nV;;sA zr#Zc@zCPpJxk;TgQ^S@0!tpI=Hn&ptplj$wTGtPd%S34`OgHdr6}ob=5hUL341;@) zt=12v9<#vl0Mn2zk8-Fkwvn{pJ#;`4Pqn*Tdc9ARh z+~+1V#7t{X9KQbT9F~o6lgQPK*u>mgm}Z}R<)|+_4NF5Z#7F9ItCq6#=xt(t*>!RS z@o|H1szv$GwKRQHiH?1&ud4C(^7Z5JU+hIoeHK2_P`61fcyQDg&}z}HHHA74?i*^) z(Lsr9K#aUZ-QeG`;|LN4Pa({!4doS$DE7q)0 z50!Qr2M{y?4a~%H#~Hum+Gr!A4xi0=h;C7!xL>1g^5K1v5YK@HPqA#1M43O0g;%|^ zV&l5mzk(n`nBja4eo1r;tt^`Yk-MVQ@@6#aY+1N>kbk`jlpumS2-@ z7s;TE>oku<*-AtK5SgLrGlPIOVKv;^4lkWaPVFJt%i3v`m7VzMroKmP+r-QwU@Eu( zN=*I5u{%%Ur~-Mn_uxTQ5SKNC60~o1hNf5%CTCFFHWe>dxxGlbNGS046akx;FnLlE zb;uzK;GWN`h!4C-cc04yE&39az8MZ0pKiMK%PLz?B>#@2qV&L!}m_x@Q=}lYzfz2Z^`L^b?qdvQNS?$ zxL(ou%63V+GkE$qm}leA&&Fb#C~Xnk#R9`*P~z)JAZ0PDcIm_0*WjnhC^U+Ldt}xD zXCxp&_Jczp!SiR|0@pu2=khr?@dWgb9#QIX;Nk2J{`3TFq@&7i{VQEvmTVU6&W5KZ1UG%!-l7BpZ@~-Fo zq19~bTefjJ{8!9z{I5-vd=QG>#=;$GYTC;~UH>E9`pjA1dhZX0`T3KRxy{^^3oI;0 zK6S46KRc=NzxECPlQT0nid%tAzFAA)U){T064plu$q7vc&i`n5W*JC7_mUD&+_k8n zoeO?@#TwAT!IY+i%;gLjA_Y3vZT;;mEc5UG>}UG`{~$C!dWV2^vh|G3VwM{r(8!>| zpP?by#CL8M(pN=|NI^FR)4mIt?|^d&hGjKmsbX_C5JwXdv-oJDgSo@ogaoDy2l{#V zZ1q9t&CSn@EYCW}!ZLfB$N7i>R9hscm*{->k#+gbzq}3Z`!(=YK`1pCMqpF)4V1Q3 zkPcOFmTk69qIuniw@b~+d@N)j%NV?uM&!A&gT+2v8sMUy%DC8*l16F*P&gI*Rls$$ zPnJ|do)U>o+VL&8hq(irH?nX#t>;y$N3D2)$jn$3hEAE77{LUYeYmm68SZE(w0w8& z-X;H+lhF)k)Lk~N1hg$q!Nl=%5QM^NPH9cR5R%VGCWi3LTl#Jh%MXL@%`Q)7#I3&` zA;|~X|2&+~8^JRH9t{AJH{vgd!G2T_>=ukp;52Hu2IOepWDcY-P&gU737<9oVPf@$ zDJ(F;{242eY_V~1d8okqD9oU<{(+4y&@lU>M0ReI) z^6S^HC$yAs%=p&{gcHZEjLW1d5X?d9pep}4QuD)Hf8IwKiU4j!_SL@MaC;#e7K?t! z0hGb3>Cpyxxn&(V24pfzS4mI;2eW9K)o0K{SP+|xm|93Fe*3jlh*C+$lL7{aT)eKi z1JBq~6=r~PS_i1D21#d$-X0dm?bLzVlVq}L z&G6Sqtxm=wr410)1o~Ur`Z(Zd;%FwC21qX6g3H+TFh7&DbW{y(n1}G$k6S*bqcy?Q zm!(EEOqmh*bp8Ve&Jm#JxrW0I$vZ%#vM<-T{240biha;}@!cEYCf6;+u$vAr_IdnZ z1C||7jXKh<*O+J!zzr3(!7N~G$tNIjBSjdHorv$A00y*ngj~QL2(~jiflvSxLeQ*6 z5Hb{6JG zqA?!tdMISp`RPt3TG2Ra&dhKY?Mjx;{GzXUCOEgxC8;qaHlQ+Odgo!@02rg~ZWJ8U zwQZGOgLm!PRsULkbBbwQ5kt>_l+o$2z7*R&rGQTGs!#2v%w#e1m~~=hKhU%Ws;i8w zC*fd;Y(qf)T|#l=u?a{dathRTli6RRB*(x|IVdtmAT++k0QQMalwQEOSTN8;H&7#N z(jXjyfN8M=p94$Q!ay0{l7vRmFhJ)WuX1P{;5jAJMV<;f=|NO`1pZkPZs>GXF;-~N z^p2;J@fGkg2JS#ub6(&Bb%-F1(_R1KIIB08oIZ^>?=w=mQyTThw2hA?Mir#OJxuxO zT<8KVK|ABRQScy{Bj9FmuVnc;---<$$(>0c^8+AgocFKSF%YgPmQvo&hF;Qq8s_=Z z#zqYSmJoBv##NkdKTCKeVV&Z(agkzSIa{F93JZKZ+H^YO7c#ESf=7S#PS`;W@btBS z4;YHzr|`i6Ob|B#r)2i1^z_M-rttKZ28u>;M?(j6hIJ?fQy|!!Q?!GZJ}t@l)%B1B zEq63pCv0~lK;o+;!{R}hKCxBP17M!AT0>xdPCCu4Hec0J%Bnf7A?_eDR0 z*F12Eot4EW8Wg(;>@Q5@upIyU?E&|AD-Ely^5!C;gPLH_;;io;@5Z0xL;*L~XFJ*Y z2^r|qh!uyFCw3|OYhHDKu>43rlg!_rX4&>&tmy|CApu`JSo6x0`XL|!pqb1xV(2Nf z0RxCg+W(BI-wP4VfHjz7Z1uE8Cei4h<48QTn9zzD@7H@$%lv;ue%)s3J$ zv~5L<6-;@doCr8Wv^u4Mt}sSM)>>Ytn@^a2!446e<}WTStqTDC&|%w1Pc~I1SL4*n zv~D;dpG!F;Xs21mqau*Ti>+0V#Zi~wJCs#5EVQ2_)hu8xe#{mOG3io?+a;*o$=n6K z-iEDPqrn4epn4P2gYMwtZ}$6%nGsgaeeqiFPhkjv4m@#IT4Xs_DK+~4E)kSRaV0!6FDhn zXpX_7u$#MJt9cB)0MEM)p`(&hD*HxsbYduiieE#N+|Krdy~W&Q6~M?PaW1k>6?XQ? zo!Sivm9}A|-Kp&9zV1VDj-y>naD-2H9>2?Kww^`0vgi>*Pfg(m^fQ0`oy536;`bT{pJgCJU zsUoRrCVpAW@N;y&H8 zx#F4daU=#cbRRjnd19GZNpmR5N&XK@Krg64>oKYd)kAZsf;A$uOY3fqoIaKi)epil z62)8FgLUcB!aSR)<wz9>AWHZlUEDkjP#f3T$4=r)+Mdoyx&N7`)Cv-}^SWf`$7A zj6&LO2`4n(Usa^kBHH~hVM}T)EYtOyVLvhs5yF(YhsUANpo4!G4$s3Z63hY_ zWiAao#P4A_a*CBjI-NJv@ssnneVJ%t`{ACUCkcVeVh2BlI8Fd2=EF1r329Kl5kPq7 zX#~Xh6qiCm!fIIjOcx4+J%Ica{4yF@3zCwY8qquWyg!i@7KeZ%Uk9eZmUQHx&sz*9 zwi9X^B7_NMJw%E$dp7OY3`a(d0eLa{dJuyh~iLHJ2luKPry3-bA+bo$MIyB zbxlWh>G~;|nvQJul2lQcA0WdF)e@;3MbHfRlXUB6{r8*t3BVTPK0j^jy;bxSYECx( zFd7st@w1tIdHX`ru0Q;br7KJT&Yw%zyhK8c0X8j;<{-mNaB#l@93^vcbnx);eRIQZ zJlcQ%u{0TGG=#hY>81(5Nn@^amXTQnX^ad+k_rkMH5xuGLRGEdlzxNiuoqth5AUcV zzMh5C1^L5%8)E1Xc3+^K3OwN?eN>179^iq48w-oH;JTF4{xF0wKu0wq{K(`1SzGWq zHJBG@UGocF1gT=AL%{hmgO$n|Vi9SCkcp-B$0kNcYoP8#;7pl}b`@f?d+52R_G~R0NES(gaL{U1duz)iGeSAZc&76 z_^BsA6p`BxU+1Q-Czm?xC^@V!?(+KY)8(6)lF>o9e4=p1%(q_g!|u{8uaH&t!YyKW zI_1c*%P#rdj~t#8&f>r5c87my&rH6?f9A4^uK~CnV_jX)Ux}DwJh8@ecXZIr)4{^0 zkhU&@GWj^UjOD|t`~3gX>oEQ!3wFamMV#e~0z?hv!9CpLZg5D_PqcOWs1EZiv_U4Zi>xso%c{6Y>~5c0Izd zr>~FG0>A&Blz{(zgF4oX83BTbQC!WCF3jp8y(`1y5>a0>pDsY(1wHvE;i-{|Rq*rm zMq7Cj!g(|BM{hvbkl8)}nMl&=gA!>#GpbigjD@hr{H8nh8|3POZ+Gszvzb`hDJq~8 z;@+POm4!q$)z<4e{j*RrEx*%x<|gKBbWtqNqrjti7U}u?`B9iA*cJP!MaD4 zk70D^b#t0kB8JV0bqcnwSChkSvG76+fZ?jf0{fwf+rs#Q4?*7@j@Ox>;9w3lxd_w4 zW&l5&QSu>@6K-ilb;8g)ZNdRbl7|A~H1+QEui1`_FyQPr03O8O4f=ry5pedO!8c4H zl^#|NGMaonuow+jB#w(b4bu(@;4MgUCLT*zD7r=uZ6wFRCzLSMK={s6Z4Q3YPS?#H z0Wl^ZRhj^u!Cnz4HVeSu4EHct6F1^}hO9u1wgRslQAwAzUFqVC`3n#Q!U^B3)Uwg^)7&HAu0=r#caui z@bp5N`wGtwQgAHk7<1G8l)+6ryBJ>3^3tfnO&lPX6k*IekF8J#wq2i9GG&DIZO(B? zBPBR(bvpP!=h4E=#9RXKEK1KLY!;;!0>--6@nj#rlL=VTV(P3Vq(+&?>#WVkSlKw^ za5VP;8gMeQ@W;imU!eojxPkB#F>>X{V@kLQ-SoHE;wVHBinA{E$EmvT=RN*@$`xQ_ zS_F7C=j|QQ7kCrvAje(6&ubt@jd%OV4F(#AQf_bB;{^yLPiy3F$L86)tZ55^k`5!8 z6OlE3{4xQvgDXbD2^J&r9;mDOSEt!1Dj0%S8%Fa>hV>_)$T`OI^YQT&IUOzzlca)< zk-8U>R?-N;0q2VtsQ`*1VW*X=zTWomM(7Dl*!uyO1c-`b?(tnEU4mTC&|_ujg;j|J z!WsbRyFaQv0z;I`_f>+RCxGyp77HG2#Vn#WjS;XXlgu7W4=!NSc_`@26`mE5Gx1Bg zzacgNmjS(i-fN1#Dgn!nthi(%XqOqr=;xcXz9y?))&ORVEe)jRcog%Az)NAWeb_ zTYjLoA|nu%`8e(gI276*GfXBQ(XoXTRt2Xeu(Glin`dIOkMXS#bS(IgJtV4-m^83s zTyGS~iI~?RX&0Wje%u?=fN4_j4YDL>l8cWZqEcaaB5ETUwF88|ruW8czT?IXmftrh z`0_U53%2!kW@`?Xn^r!2K9&2T)akE@qwQWjs~5@KU&6}DziZbgBTYy*YVagcYH`!a zc$rY1V{j_wpos8HE{(#G!qKQQ%m8T2oY34$A%g?OKS@vRd?jF5e?k`1HrxG+r20;| z5pV3BaWc8SnqNOVolGaO%Ho1C=udh3fLqlK^w18~;`E^5;~~@kfW)<+J*D*{%CT%D zN0Xij?0gNr`ESbdQ7Rj!^j->`BbS)}xG|__K;XYx<@CMb90w`hC4V@tBe$fG6b;<1 z9a6ASP*)RumOpnzs7wnZnNZw_X5xH##I7zheDvs1La|s#eInKAhxHr`utc0B;|?Ii2as_DwTj3rlO!%1 zKms(IFeRfXWHy92hMDssMJ5OrQdfx4l7eZOoCq*L=5VmaAURTb$iOZw0Wbh41&SZ&VR{SoFoFvZWf;zGqOi2{oGoRg@1$nS3q4m;sO< z+UeFWz-;yXluj4NXyG{&4>D*$s3+jHcSZPA3Uq@}i8f+x`I&w4GOih@LG-ACl*M;C z3&5j}@@@Cy>rusL2aY1-iKSzG&hM-3=37X6jN;FuUxy~T&~Oh}+!`E6G3W7qO@>Kp z`si`So98z|Z=xukBp~9S4IF9KNdpHOfiPYK3Xscmka|38f6LTwMLjd7Wb{Am<`y(A zAQ3J7?7sti>07^F@qZj}vt0X63Yz3={AZf8f4h!wd(jqX!7S_K;jKP)>=^V=a-(0t zRzq@CPpY`|hHF-i&%U((IFOXnX;ZxMpZ6U8tDf$Ed|Bc@rESXA-P|X+siHqLFS)#b z=wsPO`Q5t}tkn4b$wiF+(j)cbi%!P%*O)1JL#9_yjAPEfx=RN10z^oofx;LE^D2?e zp!wFrlhigSdHvfx#9j=7n-5AGEHkxmTiL;9;xjf62c;@*6C?~Re65O4dyusjRxcT! z`D!gu|MKKY#s~(Naf1%G-YpiEDGT`GV$|cGllz!{kHrEkA;2PtZw50hFpZB9+LYYX zi2E|c?E24v9PE!zYp(?uiO+=QHI638oHTb0F@AT~aKu29i6!bPsG*i@Ibcu>e_enO zsDge2`dENx$`@R%c^CSq5c*Wu+|J{rq4dmZ=?0ifNHVT%i#>ze(U`xcr}u%4C!{^OQQ^=Wke^;D z*nSM-^23fv^g?(zgB({b`* z6zm1$Yfk1*?90p#d9SmqYqr0Eq591~xl4$O00w+HaBXYnx#s{d25ouo9YC5Q*x}#- zvZSRNqGS`bTfRRYm;!ibo6K0bD5df3k`3(aF@R3+q~c)=32{hnTTu*_IFB#nz`p>K zeJuKES_C?DvcbRgbIhnf{5uIQ!12pNmal)o%CwXyBlv2mcVP|SLtO!<`IwvB+erpk z$el!f%h#--lj%Po4y}9u+#M8Ly=EPF8i0g~qX>OK4aJ!@%;`xEH=bYfW7}b*Z0XQ- z(*JjDoIxLfvO-{Y4ceS!JP;hN{4b2>KA%BjqVLq>7h!qoCdOv&lr6tU77I+gSzBfb z;Vn=~(w_?92C)`3ChBE0U;r^dlr`|NIG%&C-(j15Z~0a@w3L2}UQRi;`cRc|AKkqP z2TVVcJHo_Fs*j)#J_l0?PD}!b2C_(mf8aL#|7_CsLiW4=HUbBFc-`!#DL`d1$N@v% zbr->`|FJ5r6Z^kQ6@Q!XDDHnk5Wk+MCJm`d1v^&_I_MQZ{A%`tdzI?QfDI8ZdMp-L zI9G#D0gV$xC<5Z)#6hVhqIt?J$nQ8DtXOn~^tZ48nqY{6fF|_4uaQQGcu9+Z)nBJ4 z*k{@c`Y`}99oUEnHb9oKFpJ)Qe*?=mxo&m^6R<%IcftA?FOWfeL=T^Y#25BWcr7{o z*jK_dP=Q|vHp5o?VFow?8Bxb54_;Uz=aXx8EL+oG;1(PrjW_3cn7h>ngIHh{J!*%SnZ z8crtZ%`nUm`k+oS-F5mMIp5$|21!E--!~D3G5&ZIaFzh{c4vkFgu%+!9Eg;O-=cYh zKe?SOR$USF3~BjYT`$XNY=EAH;U($Y^hJ)_i93&=K{QcEnRFj8o1?8ltrEAmWW8=+Fi5pNVl1y9fb4Ld+5 z`ZRU~pq`AJ3HFda2A@q{YopDIMB@vm56A`MhC1BFM;4#>|G<%`;i5ZGlj?*5tP1bo z7pD7iz`1>d$btYy)Rri5itjuA0m8-^PwOAvkJT!R?$X#55;-l zbwILtqac6q=@TdR;+sHAwKFx>I6f56k9Y=~mwh&M< zf&=8=EAjR0Tsg!2!D%N?pE{+TpF7VqCu9>$H1LSMCR!CPggK3pl9U_kimZ&;?sMp8 zbY-y=xUsjmD_KDab0-+mNg+O5LPkJyuR+Ig#p}L?j7nErR6m}j`&~9$>=d~YheE@h zq@5z!pf=TYa9>#hG7RyQ5djx++w8gKWnV|F!F7PAH3eZKm=E(188{~{L-tLG0m2{> zOEaMxA^4>?;0j6+aIu-e3VsoQb7z@(bMI}N`_t;>Yf)5q<_yk(*zyTjl2<4LCWE+> z8b@(gg$5|g6`S^(tRCACEFQ90znPc;eRj6OC?@&F~61OyQ;F&#wk>nhQ2)tgvdVh z@Phfci_4_#=SW{)6mUp1NJE>1%`9C6UZR9H0&J+EjWm~Y!Kep1&63Q;6dEC`7v@Gh zm>moAeJRQ`(BNjE3Yu|&M?>CyZqnd`UZpRu4$ya|VETs+4Vzq-$T-WyT|+#0kCi|J z`alB#{2EHAmbm>Zih!#C8yvF>WYgi|gqEoY;N!=Q-7g-B8G?B59~I|IeR+Kv2QU!y zn%q4CJ!16vNDeNdP9XP^Lg=`j@refK1cM`E^a&(sedM8sWBhJpHUX&3WqaTE@x6i? z?qCa3pv@v9mI*jEzB%9h_rhwH9fFt^Ab6O##A38lVvu8_z!ws-gy3^`*g`1;mgCMt z31WQ)xU9pG&>bv+`yA^Th2qtZI-(BtYNFj`gyeC;uoHp+-%)#}7#2KYbRyyiVL(7f zTVSVw#m>X6Hv!l!_gxL7ji{upsYhWE>9olrML|Qja3|%^y zwES>J*0J~Dg4+@LBNv`=XXmw8o;s`nGKye8C#Kc zzG}N@hx$nN*dts}P40*Vf2L0)czn&*$i$k7(zfkJge8ta+PCED^Bci?nL{ri4tQKv zl}Pwt5_d4oFebH2h)<2&k$~=k@I-T18lnndC8w=5&}_f;UXpiHKT=^UikA+`2Enp; z0Y8QC^|=f4E~NI8$r4;!bk_yYg}@E4sLnlp8g}FT=T~#d{X zeV^m^EPp)D@qK>B@pLfFG}V27KA-pddSBOho#%Pkh)o7yF*goSTj*W&)LAap=#OW+ zg*zn#9&x7Uth9PSFnB3d1k!w|k7D_vbdw~35*`WU8gbS*>r@out*R9R7PJyN0T5#z zKQI;Xr%+3h(E)I={gq;EY$m_b9&D|nfn$gq*Qt1-JJrgXRlgVN#b50Qp)s(1r|_PHZo+Cahb^60{L@Gm2hoJy2*!+@-Fqq1p3_W6w0qAP)6!6kxu1g*)XSFsx4q#Tkh=Du+X)-^lHispSIT zR3xno`S{AJbDdvZ;n&HQLsUk8`^U?(wIhG}QtC56{FMM`7HlwSR&nreK<1}J3SU0{ zP17X)tssV6*MEkz{=$0_?;N(Evg+LWC(9v?{f655P%K`8QK0bnnD$=}r1}RgtNX#F zp~tm7Qe!wZP$1S(7B%8B3;w?nU(B0TFZQ9pAv*LW2=Wp;zR|Rk zlv=E%@`jUV$8iw!H4D-aLQX*)MU8aBf5Rgja6^2kuv`8SU4XJez$q_ZW~jtRQyIo^ zL`&Nm5^5wFsTe;o=)-s8hgVw4Y+88Iz3DP?y*2nrwtIOhC-?^?iI4c8+q~Z4<8#m9 zMCxJSaIp%M2QQ2 z2qbjac;z9G6_fVh6&UYt=T`f+%qpGq#^>V2i`pO!=LpT%_VKN_{w9jTGHwi3hu;LjK+ALI|twN-FVAYgJ;1XxLr8iohcQz z7tL+j>sa4?mKl8K;YD@Zn*{I)B!=|!_VQvhp2JW^2XA;mGhnA?PU7;p!BR0VrXeF< zFnR05S75w8ii6eaUmiM~P#-nw;>U+=e(*ecwD&6b^N3^v?@hdH>+!etY2y`>S_-!q zc{XH9NP&-W)Gq~q7aEonFGAd+DdwHv3-nblVC4Jc5F<5lu$edSAUFHPO5ulUy*zns zEL~YpJK^Zk$Xf!@&F%Nl#e*R5!SE`K`&6*}VjO3bGJq~rByUr)pIp=eXBK9Dhm-r0 z`TZMs{Gvk*BYZR{YUL+4WzwDFygf|mXBt5F;|Tx33Ussz<#zN19-N7|2C(4=rLdMo z`oT-tkTGSGhmf80XDmhVAICuk0z^iU)N&J&PpQwv=Ln=@{GNrxp>799*@41MrYk6< z>bSWV=a8)@rU|W$yk8C#k<6ZOkt0Exo`MO|x#Nh-UAP_u^*#sxwV7L89RR4z-07Gc zl2e{FC_Nm`*C&=2z>}QH@ZkuOrW%NXLw@{x???6uWgpV-Wb8`|DtJz^x>?b?>Pt?N zc&F!bl5@b%+JqCTB?*Wnn`0X7DH%Q>jziqT;~f6k!`Ho9zs877rCT%1e6I!!xG_O( z09I7@kJ)qsDM1v+omgDxKCuY^+>L@|sFN1^0^+u~KgMtpD@DOvC9?&9 z$?UTh%Q~g=xuyM;LMd2XYifw7ZNZb~A56}Iv??vR=SIHde7p0Oh_@jOTrslvfYP=G z>8hr2i>|&xO9ugB%1tOQ`m99t`C?9*n&2`(7E{PDP~I#%Q7y30tPS91A|;8?$@wh#p4??GFE8s%i2fHJ zCfNQ$%~#iUW|K?exey`98UZ$o&r4cuDve7#mcCi=O_Ctd(+E<|zC7k!FOLyFk?3O3 zhYU5_aKoKtc85-!SZ>_!TMpGu$63y>1}4L3wej5WsWQFesEy|{^=y4IAF=fJ-+$-?(D>vXe^8Tl;=;Qlh z^dVMJUqS7dM-xdi_E%n!I`M#%*K`I-aZ#NHJ1EYXf9zhpcGGSubq8002r?eN71zAEx>i|fI8TdM# zU?|YSPhM6x#oXw5!Y5HooLp#DT8?SlFWKz^s@1dHH&vjyolQo#Ry~ONPY3}3bd%n# zQHl2>7Z(CWGS5%UxCn@DI>8X(Vzp`sLPDbMh=20n3!{H-5DpfwikLGq zHR&VW4{Ai2x3aIaafQ7X3~zpoD8wb`u|c-G?4{z8+De$Z#Y~WJsOz-+{2_4lmlTz2 z*O{eJpJO@`2@GVKoHA-p6h~2VqjvzgnaIfdpRX`((2usU$A|_WOsqt(3;9RjH?d?h zoK0H+e?f{$@#p%L#_(UA7^m5PoSU0QpnTn{m@b1aa$5@om&)> ztb64(YohQwOtncs9V<9Ln3CYkDL(yCPl`hz++ERiOX0<*NczV@^VapdZHJ2|YAOqK zdQwOU$jV_XN+BsMdULb{L?NEC#BAxXQ1#?aAjWtYKYt64BTj7C?=@2>c0F#X5krZY zE^gi8MIs}bmaPXlo%n835YA!n)W= z!tmhSsw0^dKm%dCi7>kPGs-G+-}AbA#ebp>H+_QDjH@y)I) z;nuh_q4kRk3&BHr>FM1S2Xyf$d4mJG?FJ;$zoSyr10fp%4N@e1ivWmv_386lbRlKa z1S+`+oV61%4rtb@)nIu11{@IU4t};UCamd03SH|kVwc+A1xk8{cfa5sw^~Xq5xa`y zQNRc6yQIO~4|_`D#j150g<-V$kFsE;&m#ORm|`;(Z|9NS; z^3gJt3i}-nbJehXh`Mj)K7qSUqIneBMVhrP2%lK@n!VV^UTf1(#i-dm+KprgS?ndD zbV%QacQqAPkU?-(SY5p*)x0asGna6EVB`kzZ9vm7Cc9|=)6{LBcoasHM>A~gKCACO zIhNF_vR1`;ff8^DjLY0p@3PR+{11vlOO|VSNX;^<1XlIZmQkK56A4M=XLFnoNs zdfq>!Vg8-&S#;^=*YnPu5`;UZ_Gh(^X`)#XZ#lxb71@D|3__Q2 zBU=2mgft+IyR^RgK$?~GKQURd&;LvlPYO)o6cP9r8ni&fB2E00fe`-VtV#KI*qb0j z{IT&omD;_#G}1(9%6zj}^1~&dJGvzgig!(hMlENISY4VjQbJ@m=$NwNIu~?q+pwXb zF-Vmomoc9n-uw^m%N(QuReep>Tn(e5Q}p+uoHQJT1D%$ho{kMnwvXC?D=q2FO9_P~ z#wl`iTb}`l81%q~1}@1tJXqw{>cgC)w7EooJ0kwF`z{P#nS#(ywS9X#QcXKfg=HX4 zPMV>l=_xm*L^8nNMtGsLLv;RU=hpVP zcX0yP!IHZLQni$0c@faO?asySCdM<+jf!cSw4&8+SkgC4k}I%75wO1g~^lKE5}dkGqtWqD2rEg#ZxjUYp`a^R`R(w6Wv*zHR*Uo4kv8KkNz>~~45l6|bR}j8;7W6R{PuMz z^_qL@=VIg1Ufc58%t-;W!fS)BM#j>Ql8I8H#Ur+8?h!p7IdTpLT%v-M`KYYlY1Bb+ z`tq(%oUhuB+#!N#oMU+CIY%ubMa133&~-8#qJ-b%9ac+pZT1Q{Oy+#833%%y7T~M;t}S2FA+M~Q?+lXcl*Vp8 zB<&_~4CIN`Kx&~=W+Md#AW6Mgn3c=>(-RUT?GB;Nz%9AnaX&e9@NR#{RikevZT9_X z`+#0)m9@nWzbRxw#WEoaiKdaqV7eXSS6}m&&aUtNMLhn-xnR+1x$N70cOWzq_Q63` zzwnM^MG5Z+r(o_|2rS3fw9I#DiX{{aB3LsVv$$xjwP%NQThwT^q2=2R)3Q?8n_Vr< zD&`WS+ogW0$`m%pg-=yx4oQCIH&aYstO>mPyyB&pa*3Pj`@OL*^9fh{dw-=HjsIiw zrMC~dBusCxj)c_im)GM$Ed@E<5f`)y049P!PiHwv>oQhC+Q0_GHMGg_>Iu@GBbF~u zt{v9vQoWfm%*Q?G9mV+uV~O0PB&X?>+FBWLIt8yH5un>jk|QHs1%<=UuS~?za=F+j zkp5dbT?IzcQKHf&$ZUQr_GOBK@0>80RVFsgC>c*UJ!ITu_w7v(yIq;xyv0wgZ*f-Khk8m6nZ4Zce1P)A-0TWikY<+}>&xOsL-huO{mr|@9GS_n)^aC)G)=IPUd*Zhc z7R9*Qsp}CsOQL|0g)Kb|jH9BEXjoqrbqsyk-XKxGg^w6g(COO=ypc1gPQ@*`;~I_@ z8l+#RkQc@sylwE!wH_J8ms)FXrj*=E>px8Xsx)j8f($%_2%*NSSK~0M=~6wgrN zb|~eSk=eg_FCMVxs7kfbTqq&QzoMU{PScF!*2mvY+KsUyy9yyvhSFot!LoE9$?g;c zB0V#F;7TvNAT^K79wVvOM{i-kqSFtU0P3Yt)p4{X-N4P97iYdK;+*oPK7gPzgoE#Q z`uYRqT!DW$h+rr-muYG|v3*ozVIYB1&`u3>%-0*pP(&iTddZ5Ru2m`qK58 z4C6XXWz~z~LdqCJh9)lps8q7mVF+pkRhS4fZBNO4cVG3$+2EzDeO`GZ+I&?@1GoJ4V@6;Rdq3)Rb@z{of z*67ns*W<9(m){JD;q(lIL1yY)$sUM5A;4RE*-A22I1F-4m;l3)i98O!8e&~+*0?@B z`?kxS|63!#zlc2@^SbA608X5GaI}h;=lMDoRvO$!hW8UnaWHn)F)DV57yCL=36>^yA%1A z(Em}VcX_eoX)gNIlA4-ZmhPa@CV9j4yw9fxB-6Cc#E*}Xw^?3qh3f=K zHoq?6{$;aePD4>7bsSH)&4nc{)R-uznfqi&3UL2a@T{kUXB#(8l=dEtP%HMoMw0HI zM!ipPbjStU|3OIve9sQ1M;w^c^6{3hmOxmP2}uTeCFsh-$anyT`Dy zlzYdijP6k-r<$Uo8>zxBl2>clMJ{Bt9WLgQthG>8R zx45ffdm_#TqUSSkLiZu!6wI%R(wM(u0wrMzIJ3BDuq$LBOm5xFQn7Wia%aAh*y&)T zn{;mo8VxZcs!uTmk(Q3RD8AtynRNoI0R~w@2@{!?tYpYO@o6%lUWhJi5@GnD59&W@*?HH>2p?A zt238o6wlTL*o5@MlB>*OQ?g5Jqm{eI1xWKiI3WUQh>fQ_LX!J>jm&;?ClU)0coGC< z;I428!7KYI@wFg`av+2Ya0TORrW~VuUOI6uQC?C%NG7{Ai!lEtOWmaztD&5UNi&Jc zla-+|o1V>nPY~yzTtvOEK#dkWB**)TtK?pHN`?_DcnK%>nMTAE(6Id^Xd24{+v5mMrkO>57 zO4ACI^5oll2yGICNg^Y4u=EO-aKTec3E#SopeSVZSPeydhlW_1Or_4>shMa_ZgGpf zcFY-Ua{$Fm{Fe)yiJ>HO{&wJ|jy?kxv5_eLAUsafC3zgL4}LiWw_5wG9z8Q|GEuIN zDidKfL+Lbhvh^9puq4S6cxMJ_YSrXhA#x-lHx2i~I0nE$-iTBBN~`JLK2=7a!F=sBkH-{aE9lVRwZ}x`)Ol z0{m8*y_cO5ThP+koMqqMPnL$-*SP^7KDcFA`*rO(rmaod)ys=cH3Nwacz?jiJ@y_2XkI+_4REXJRBb8HVJI&AC#?0{Jh2|{7CSsPT?Pmb8>ou0k;@7Y*@hXE(ca6 z!Ch^vxI(3>6C@+51IlmM4{FX3^(&7bAIwzSD6@Rr#*G_S`2PCrPL0R3bz*3MvJ-K0 z?R;pe#tRol7u-oabEcW1(e4aQZS#o}JM1xy)-yEJ@$vO-PEy?dom=X&&O5I6D0I&3 zccr2tzFX7dwTHWnFF#Y6XGpi(dQoD*HaI%nM~s-&cI&3M-CwNo@;cvY@m+7Pm!7|u zm-|&!IrA*PiH?pQ>RQq5!-o%=r?zlY)H-**#;((&Pl_S>Q{=rWdO=AyXV}>6t6Lsu z+E}q*oNL%EPtrxhcXv&m4!dx{c9ZFd;ds%QMt_@?mG!jc@(mk|zExGF>1KZL&>@ve z`HuFJC%46{t?aD1L0Bs=tnW^=Q7k>vQBioi_lVNhuNx>b_B#if4vs$d-gm&tW20Bx zQ<-O3W5}Q=T9|DY_ZHv#sa953?DWq~%r_W1w6|}hiL8diHV7qw|Bb}C61r0%{9AsSLx89 z149%0gOYf0ULQPnZbpFjqwq@ajs!cu;^H~0*Q|L;~68ydTGXe1W zN7s|btonK+d`z>*yK$pwL}cXb4=3&~Ju-DjyQ~Qd0*3bJk$mXa`%9ya95MUtne#Bx z7!NAK(Xsa<;^JBs_ofXL2QOaiO2z5au=9(B*>0&C z94QLLph1HU#>cm%!9ZyJ#?8%b1#uXxuLUKn$LcUmWI?yyVI% zLyO++ooc-se)ZX=#d&wx*3Zb3B%#}=QC-iRIrFl-yjJa5pZ3i&+)2LB0J|5CD8K#q zakrS*Sc}=S`)Rjn-uw!QZYB0|-LTiqX^#QR~6h0%~ucYnHZZeOGhv>llugQ3|X$xu~Vm&+)8Vm@BH#s-rVau#NwcuhQ`Rq zJ2x)`-Ml%Wv!QF-xVX6diw`;OFZbk(fB$W|-a#Mu?`7msDPA*e0oS z7*_A5rlyl^Y}nbY&oh?r?yJ>xFiPUdZ!*piF;snPF47lmGSAVoaGhhC-`Lfw-)(it zc$9?3kqg$9Q|>V(a2q1_Pthkk7(EK^NXQDV;N=E z_L8;d3hLPm+l#bPhCFxc((L-afz~7R$3qIW(b?hcJ!ZuUJ!fa?O9med~bvOhdvv{sLZPBZ7u?doXIi9c8*`;vQHax~~^ zVDKHFmqMY|vI&5s%A!;16DLl@67>5m2Q%y*uDM%UL!cSs<~E$CclX{s&9`0G>>pEG zQ?qT-5tGG>wKO)?%}*$tr}vn+ZB5CW{=ja>^#-96nuJgKB_^g1Zb^;2y}fl`5I^>f zSlha$rbZ)p%-sH=p`rH6m;Yk<>(K0RoVfk8x6RHI(In-LxY-n=W} z$4;L<{g_CBLU0t+$;S022}OmM{VyA7Yd5=p|NhaqxUo)7y6u~9b3Jf#P_(5tYyCW- zEkD_%@7}O5{{sg`#U(Sq$QxK!H6bCPcmMuBty(qk=AwZJ3|9d1ElI50@Ba4Z3B9hu z72Qc!F)|^c9cQE=&$RHk<%;*viXTJd9BXUalb>3;bZI=Kq8oPlH}?*1fhcGs9f>Ae zE_>|V+mR=2d?bhMG3L{g%!JJmM~^l|``^zaVP$o7waM(+U5K-s)s@)O7@x>v;7voA zGxBZ-APE@JzhMVH{H)bu?~<1FXQF|go=07s>$UWBlOs9vaWTsWeGA#uN};c>UxD0C zEDy&|oOqoevokl>ieYHm2j=W{fmVEM=9%W-?PxqMvK{BA(-!memgiP^ydB^Cg<-*4 zU(@K#_m^(-^K0WXuBS9(&x2Cxx(8NQRq1W|vOX$0+I!%>Vmn&QyE32ab=;}@(LX)& z_H9poEX#iD^#wm$#f~*G*;4T0=Mirno@r53RHUcY^5xsN<7UiICq|6?@y8#N_Ax2X z5@(#wu=MppC)~Jk!-Lm5W)=Ia-Liqppt9(N-Kt{|S7M3slolP|6M`vvO55_JlGf{y zVBNJJ8}^CUjvXd*=4fPRXWuO@_9b!1NG-cfk_{EZ zgW@gn@Zlyzo*TDrb?{rBAFo3GI)>#6o5<_U8^^7lo>!Kh+5UMG1eOFUt!K}l&j(CY zqy-h0=O;7-o%w-ZtT$*-BgN6<$J0AypA8&WrW6;;b(okypDg< z%NvK4h)(-YoG9PZ_15!NWYa#J(`q}%9i7?-YKuv&JEszR-dAxY0t7-CzGv)j*b2 w{l|Gl!_|L&u}A+)itsPO`I2 zbi=ua-`@M2U;8>g_St8D*TuJ7E?~Yf#`E0uj7OK`FKk-RxSo!VZWBdXN|BCkRUaMQ ziiyA0;%}0U&~xD*!nWtsY?UnZZ5^&z-=vefW@~9`VQXr1{cro5);2~K=6u{j+{cgo zZD?z2X(PhJWA-24z-?h|z$3OhX$yYII!kGF8#+3MYvgN1jAXPC9o@@q6sgl!976`% z90E4=E-#NZG!+aCsIbdONj;L9*mdwSRr>Un&@HS|o9;-xk=nHG(L3WaQng#Q=DSTW z-s=l}H*nNsdTH^eLyt@Ou&`!hda<)ak_op-PgtN!PZ%HHNcKo}vA!4YN_;#W9pyV` zEZ?6$(fw7qg8bq4U#oGi_@5))O4~nw5Tjcm^5+lCx9FJu{DI-rtXItoZj|L-$|$Ykqw6W|0i5RhJel4;76Tbr@!~6Kp;BuMcOa%Xe{j$*C$| z6!5lO=KXQk8O!{c&L<*nbGC{GU)XRL(pSrZ1boZ%mBPfFs3M${PD;lT{TKIDzq8`C zvfrBu1|L;T3aM3pq`bVecr&%>Mru>1_(+Ogae@=OLRiS}K%2@~C3d&P$p#sJ?oji# zoR=}Q_rYRL@6+9iy_sBCX|6BEx=W(lavkE&++Q!^vE-^~z|OeRR!n7(eW}s>szpaZ zBEF$SKlNKl$wfYcaxcH0=5!Orla{Y!ULK9K?XTuI_jrf%Kx}kvoHD0bM}c^K-hMI1 zOWL{i%8$0Oy%03hShITd5r^Sc=kAxPJGO13{>@&sX2Y(SYo8u`4;D&ZxoXu*2{-4R zTpCwcJQh;yhnlYT4aF(PGtZp45zaI4V`wN5pBH;2R&k&`Ki7M| z@V4acl~ym=6__)NUneIgzc;8zvhMzF)K~eM+3B_W{ylnWS3j<-OV-tO8vAwm>eW}( zQF8JB+}{vyN2}K;bazuU;MMWt(M|H&%NHm8{GdWBZ&kDc3vJr!$A{Z*%jMs9I+}Tl z%*@YoYG#w|u3KmLnPgLSfYZWOLueSCVPL-O>vxa04ukuoo3EDC1z@6^u~F3r*2 zH<>c>UjKZSD;f`Ppgu9!n^`>0d2*n?J>O;Bi%+Ys-zt{Ik9e{AiaMBQ8XY`%ur%1B zz=(A(MIU!uRXy00T709#uS{mU-S4R>L0yl<^cFkU*>3-$;^N|=1*+`Nf9{thY3DK< zidKXO>m9ukv!!b+KQFH|I^5kDzwJ#K%eHNuFU&tZ*p!mQ7v+{~-7RC{bl|{&(PqDZ zjE`1-{q@)JnrH=|hWFyiHBoYU;_|+H3N1^m**3+qCrh6lxEqM;qW&5`J>ByCC8u1W z`=Ttqwz27^WLy5c6RVbTJz+lMW{F=Tf5UD;tYg`MW5vOXI&TysWgZnIy*}%yG0z$0BIqzTNi!&8 zsjG^(kT^bo|JRoHsGNV3CE_~sj`IBA{ZTvyygRF0cS_WaZ`4tZDTfZXUVe{SnrBza zfbqQEcqw0n+PH3>Bd;_)w zmjy-QDRCY=c&07KuBJNjVg#2*ZOr9?w%p9&w%lmkl~H|yx`_3!hvngt$)TbS##n(e zp(5#1BOS>Db@8-c-+V{EFVBwmDrcCgCu--a=;-Je*TucWPeou)_I-VRC`ia6?5IjY z%-65dZj*JYjK{B@@+x`a<#naRkIQa)xXrQq&}#wH#!IhXzpnq?;jwIldNJ1%Z1Lj2 z*|lv2ZknhvHA{>0zWm|R1$ceEwi_QjcreiUfDind9}Kk zB#m^LRckjsoYZ=@hulPij*Fa0eZq5pe}9RYAFC2IGvy7+L#iHaXHPS2I+4FP)k1xX ze~CNyWS5Va55pU$@t&jV@825NC&c0o|11G)f|C9q0kdZQb5c^Q*Sx98c>N-wPs+o@ z<0oki@mM?5w~O=B@u%;urG#9pn3`&_KoPV)s#}oP?$jH)T6>BVzHwtkfzhRzE}xyd zc12;W#bev?M&TZFGt63c_1;tnIR5im>h1_^g@HhWu*;}}FM0LOM;kHZSfK30xl9ko zq7Hq3!BKOzx2mB*HRAkJDy!SlY;V}4gtMaL0lLmZ8H^Jj@6u~34C;6++WDuK@adPn ztCkHp$=f{9RqPX78>_UB5{11hUz4O;Xs#F~Ys4D3Ti3OUY?hl6_JfVrR<2y>#j1o2 z;%KHf)SUj5wX3U3Z`U!kA1BK4U8WOMRtg4}ksWQ66CXX{Hb3>$D*uu8-S#virA(vx zByE#OTIK7rd4400#1hxeULH>y%4~R5tP+vxGHt$n&mKe8K&&e9pi*JS%EetuT$io~ z^BYmqho2w1kR#WSYM{W`MrFImti5(C&!&BX{8U-2q{K0eJVz@<1I{MPJi%nG>}sP^^6_2` z#}C_Xa+bZ`k~u84I8k$+s-9(e?M_d$Y18}j)LFck?Y7wrcNuM2_u;W!O4i9|r9@uz zuUC*O90d&y?^f>>&=WX zX}Ms*^rfDlnH%p5^|T|-Z|cU*DoX1v@%Lw4To|v&vFbXXP?FIQ)>|5=By9c5@oR_# z<32&t%G;~xckJJvpsMR8aM~X=!-O(DeNk(wBjVI8?;F=}k;d(L*ATe_aMJ1&tP{70wHxz|iE9vOa#hO!|pBl288f@A#K3UA-(HH8_ei{GP zJu;HKaqo#3*V!>fK7Fr$K7G=WL&2t(*DZta3V;A4vw;ia1r~#7<7d%oZ(ojX;ZKDYV7AvI*1>!XilSGDJT!OX7Ajx<&|vUiCB$vW3qTw zh3*^d{fq*YEgmkT_;?4$#COi*7`!KQ-ArMpvA1X+Zx?3A$xQ~HxT%PTGdW%%nJYWe zxN00_Vgg;}sK?R*uB`IiwNLyvzwa<{mSteqb?#?tG8Lq`9{rL?-!GbK#l*C_ik>Ppy}$Vq8;)R}3W@my=jq|Z%F0UmM$Jbh?&2?6b+?bS=f|(x zemDkChAfALg$1$&a_nfvAMdQ;?zI~HZC4kkO!}$B!tb-)Wx)+|Wp(kY6>(oJ4e-mI z(ez%Tm#ta5HqP?rKcu&|Dn;8nB^Ef1N4?~6aPpWR$^=rr@(^;i_F6m%&c0k?RS#9!Urk+g>7Tyfpzwk)epGBxjSUUYJCDdteP=y$9t zKDoeHdwTt@V=>I)&L`V;i&{@AQ|a3>tCz(a-If=p+j^YPj-99591>mf$Z8?$SJXbC z#f6dLOiRrCMWe+B3t0?IcX;^lviQgi+NW3g=G>Eng|a}tVx#8%nrJ!n zi?(6D;4*#m=WhF^?dylt0PB)8mcS`7xfk2O8*qJu*e%dpVskMZ@f0M!(CLvrVOn} zy*MU!^Mri3gxQcUU{g6Gi{^MafjMtc4vIR$;-kJjfBrm5HCcz3`79oe(~rfO;~;8g ztbw?=y?S1=sG(k{=+AEyc{9=MCFau)aeqosPfeKZ95a59Yi()Tu9>VO-qqcGb5U|& z1bu{$AYJqE7i<^(43i(R`DF=OVMTQ$+9ru8h`Y_D)n&iTeGP(9)nk+AH%)7(a1P}e z*s^8IRrJhXCoBN39CFLC-U9J;PLw`TBmKKfs{7)cVMz#|fww?D3Ojd0Fo)9NL*M%M z@6%N3mt2}T)NJ=%V)fd!L116!MAz!gX^TeLh^<8tG<|>LTjz;N-Zb58>qxr}#ul175NZDNVTT86k6Ax>B|YJQQb8|L#^7`>1-tLyl4O|-9H zJYC=E)_j)+4RfuIL)PpAavz3TGUY%Bp0fHLJh$Fv=J!v-an_r+h68j}OC)Xko=t9v zI(2)cetC#67Aap3F7VF=s*6~18OiUp&z{=Q03=-ou2Tk#Ee9AK^8G{{%92J6r%Hk$ zV3s}>m&w#ni$RXVh%0t?akMl9%0?&mb9g~k0Zb?}FIK}DXo!|4| z{(bfQ>baSjfG}~FAhe&LRD+5j$>oI_4(Zvk5}pVyhw+{=70WR6kMSA>$v|Irg&+cl zt-6ZTi!*aOu3ka?1Ur`1zRHyAQbSq6NUP9@NYeOG``jw#DN^kb@F!TJaHE&9c24N{^|(4**7r z?guqWj{;zC?w*or3orIz5sFoeJVBMsvF$I-vg#@&SB?@}1}J~y&fUAAQ}^2-Zpj)N z#y}fLs&P+asj zWj4%X$?4EH5US!mdYwC7T|5EwEEKPrEQrm^hwBjtcO83V$1w5F1|BI+KGo?JR&AM= zo5nkn#*DvF+3Lr1T!sWvfwRdLN_7~~sev43(!9?i@25S})chOVevaJuk*%m0oqMEo z3S67ki$u=2tvA3*Re7fKR(k7rlRko%!O3;7vmZvwSLWw5L>GrsXYT$*gqO1mT=Ou{`)b(90-&FQWZv zbSZ?18F6JQMa!G_W=2!`=-PDne$Z&N+Uf>}r%v{P^J*UZ|3w_H&|5bN(5g80khA zHk1#NW)*4IpgEIm)0@y$Jo@utmwm2i6u6;Yo#6$y$WB1x`nykJ${x0@c>q1?{n*%S zZ+LDSi`_siFV%*|=#r>*>eQ_oi|Q%@1SfNx_XH9J&Y(`?u17vij zw_>rXwRFY>+Mij|mu}KvFIp&m^-*k7+~VzvvV}wUwl$2rioWPyepAU(ZkY1>> z2M`h(gxS+fNy{TwVxHBVIc99K*X81#dD`xzjN(xp)N9fDyL~YX9Q)DdONMy&gwrho z#am{(7T;>D`?Skpthd5~H4r*MmfUuMQ$j^*$$U{1-=gl6YaTOHkTaS)C-;guyi~28 zpV0N{XAc;2e!jQ9l7UI&Mw^Y4*%oInEtNi#fkc$dKItXi(zpi^MTDQhX-nh4`t1F>}MD{c9t$4xV z3!<9@FwyU;AaNN$kF9OwVGl~7DyrH<^+g`1R-t_QO^i1t*P@CwsEKZMd2#+J<4rf8 z>Za#G)6UJP85?QMjzDJ| zz)#7CIyMz*YIN@ zjFEUGG=R5yl-rP=)a3${(O56m7Q>{-vvFKr7ij0Lz0F_fg( zNM7(*Ud*fujLJ3fobZ@$ZAR|RLyzpHJiq_NQ_I?KLbAb^2~hX))^4u#4#$bP&>4l=8Pe1GRr zm#IPSV*1sq)ut~1JUmj>>H6L-+$uVfr{}hgH4gNQlA}8u?lu)zBkp6nEMWwRfKklx zU5gHlY1&RUbf@Ie)qRc$MB`gt823?(mgmy*0yN!b;?oaZ@)C->Ek4a{yi7 zSfng1Efb6eSKN=-CuDAj-Vz6)k2r$2Zqcn-vxWom!vIipLWwK3yq=uR!i?1)QBck; zSkSE1UHfAwFvSsk7q=(G!D18jVPXyH7P!v+xXX}6WN(Jv{XQQJ!rcUmZenvBYZhad z4|%s_KUgIg2X#n>3U_E{Z(i|zaUQF(+%B=vpAd$&9TwZ zDv&FF=Ly4nLIXcWxQPo{w7>B2@oDLph6%(b-Z;{-^sNM?Sa@=^`3PG!(1!eNdD+3< zHI(n6qM0qWAPz5JPbNU**XSB-nS&;p)h0iG_dLgxnRcdmXiLX~#q(m^gW;E<0EXK| z(7v_@&!c^(IgWO!`8xnB3m8>P746x1Ozn6*t?!fd;ArdfF5cExr&ndpyMBFkfZAzq zijCbqB;k{cG9seQ0J+2t`Y@N;yHjw4tH5QIQ?8#|g!aJQD+wm9C`8N}fIv|M8U8@VFD0>kOLsOV)J5s(;LK6eMOpJ74b37>J-6r+ZNpq91J9SERP8F4w^V2vY%% zLj}w`LN58z>pSRHhx?Zdu3mRuIRs@{k?c08&rv*u3yM%CL4GsMuUzj^i?D{EbTV=L zG*Rf{*a%&62aJ)@R5istE5n$P3poBUXWf2iay9IqJ2m;Xc4#O&40eYdIQxKJ=e(@Y zZ;BB<)p@Qzdh#24xFH}-ec7q&mSTRnKtV@#k7g0O?abM;p%2hDXm~xuB`tcouXpU@ z-L4wP;wM?0Q~ln%9gA(Gqhte_?fE*(!j`jow4G=6y?DW)6sME#JO|ti_3J?VmoKEe zTK|&fY>Sw2gXUXh+WK*IaoWd} zFXauo9!y-&|7vi&NNMTcGZEvgRPJfs44$T>6oc-=>&-FO>&u3Pc)WvmYoL@NI=;N8y&RJXx zv(|2I!U+4I((K~-{-yk1*JtkYn>DAMOrE|r<#Fb~ zsbam76k%H^tcizXp#~~<6u4=Z+tBK{64g`BE0&gR$6s>wyIZCpkl@%&ME-F1x!9cx zBQ2Rc@*NkZCMVOw#75e3h2&}EAplQALLVrOS098_knn`8GVxB)cT>?3Teoi2cz@%O zKzqAXYefZ*hGn<0TAJbIJHLvTel>5Ok~_10!-g7Ka$ypPCnui9KtpnPhDArxhTYsp zumJ%3&vPAEO;2w!P#a6?5BxYtO%aZDtgxQhHA*(jZ%I!-XNrc9`0CZ)(FeFc-qriT zsL6M3UM^P8Mz~nx*=N_89&hnwRJI+h2XmMz!Y=D0BxX^d+(LRPpSen~+F&G}fivHe1sP>0$GbrZ9g8tBne z!4CK!i9i01YGy4Cu7Lri?y>vGrBlQMbe60Og?pvuQJkI~v&d9i7A&MWl2>%&!>tu) zcB$vR_j6cSjGRn7o1;6Lyv9%+8erfh-F0tsy>zI^6K!WP$(uNlRC^ z0~rpfLktar3@xm^1*`W5OJA`2^>r)d@u>JH{j~}Yt#NMQ-i}aoLQVt;z6S}!*N9Fh zK~~mSbUzu!FjP1~R;yePf67up*Zkvqq2i5;9m`A6_3Iz27BJV|74r(_)q7AfigvCTF5$-7#;{Fdt}kMbf0tu{)$Sk770L|% zr1%|Ans4=OOn!tNmE$`5UcjBu-;Q;_3|Cq*%#`8HNmUdsHWK&5i@|8H&_Z=F8KEB? zh`B0`j#;qgX|;K6NvK<6Q&aVzthO-i91A^$15`PBY?9(N+!d}eY+-q87mR+c{F7I& zXybk8s%339Fl&?PnXImPg#LZNq&sr{_A-ER_s|g22)+Erj~_{~+_`Pr8?0oF;)cGe z2vUjt$4@eE2(#q=8@1+}^50wGF6z3^o`Wj)zWsuO=~1pWkE26fU56;V_CI<~mW}EQ zA2}l3TM^!Xx~7+yVxN%s*rc*g?a5%{#@d(UH!}q)!%vVeaj1QF?QDGH2W)@6p=U=@ zn(l7@<`k|PcZE{DxG$@*Jzn;!#zq&LICyw_I<65Y1@;!+H==&{1v+BGTua;iW*xof zTLweNCt<=tn)Lk>p{P%pKj{b~GI19>5rSH5VN9l*AI3%BG;xKEmq`B@xXxO187zt| zd*t`vY2`!>)T$(Si?tbjP zyy%cQE-`39+<~KtZy$Q`&cP^6XwIJDx9|@ssZNPhxPnfty0kExsOs=`xuqWJ*_S;( z#Nv8h0zs$DNka(sY6-eF{~NNRbdE>}U?Rd-z|6bu?J7qCg+%WbGp_jMcs zgG#-3?Xgtrk@-5>zck_sR?h9;m6hBzc1t8>>#IZR9N_LnJ}f-_?p&s|(^dKT`H2n( zq7}l2$J`pBjTkk)yG9)@+&w%aAD16pjwKU!!H3y=+zK)_p#{`oAt#5rQEyJjw3&B? zkn&TPTNCm4;loQ{+&i{zJ;1}0e9~^9`#a>~1i#gkrWc|I5B@U{Q(RI~606z{hN8}O zXl{CBWU9Xx0T*Q$aI0ypT_|{Ib8GtQ;{8kLPXL%zk&QL;`&wpxtP5lDzI-N8d#PY| z;yecDdS+YMxzcwat_T)^k`#!KeU08JE||>V=;Wl%bQFuG!`QF?>z;_sOd>~MP(!zr zFZ(O?W{G~=E%}g>RX59MpIk>jrrf2dj&Nm~G|1x{a$Kg9nlmj%-pgX4TdXkK(~8XZh+`~asI96ap_Q7^2ZDzH!$+lk`HwS7MhvnOv&xvBHmB4wrATI zXcxGugBfRPaD7oGIQQ`Aq4Qprvus|VPDTqeqXe2M$?4?U53#oKM8KKL5{uRX-+Osf z`F)b!qi@Vo^K)}?h(V=9WlEYhrkkjy*<3(fvz_R>?BwKRG&j+2<*d+@a#l>0s~vZn zjJjW(v)=*ceq#AMcNpM?`7&yU5MFrTCJkiVVhi6Xr$4$YiJz^MibpX_ga3(dQn) zv7B@Xm-Hwoc{PY;$!ouHPm7ZPZ2R%WBav91Xv$4a7gc(atnnYObdGPc3Y2$*@uX& zHJLd~kk`M@gi8|F|w=V8JDZC6?1nwyFj5!=lk6$%pG5Dgm}F{-ADbl^~L5bE`oRp{L3( z1(HPDnjyM%0+zPu>1(m*9GgF^Vn zON59{B9>kVW<0;4gAy7&dwp)nz|@FYup%Xr7=!DO*`&%Mv{DKNT1reSyv95q4jEZJolcHYx%sb#-Xz7DD;iF@=W*}s3krmtWyTjvJ{Y4 z7ELYDt!rSuQPh6$UAZX!S`c;n1PX=V1@Ha5+YiegCpC0bXwUXy3j^X25NEW?`w22q zYDVN*Q?GwnZ!_E~oNCb_0aVJ;)!S>p8hG&B;{a@yFHUXroA&d`EaHSw5FFvX)nu(m6np#K(?KIT)U?LfF^o%?d%|ZCp zZll9sV-@2vxTso7EzBgtUZ>)ZqoPG9Z|}#RA-2M2H*m#fpq2w(-f{p$=|H?ML?2t- z=*6Q<(5(FvEVSpb{0KiCY)ttSBI(g?+ELJEORF!-$&kudmEP!GT!+0DI#q`6E``lp z1|vugl>pJgp&>IOMW=Z|JrLFQ7c_0WimG6N9J7hU@`8=;iJLMe&Vc@*Jx@!fqxED` z5h^o*!t>dJ`VB zR`ieysIN9RJ9o!vA7_RMsI0-*c53s{#Ju#|SL1fdblx6L&w1)M2(#IUJbKN4-=l|` zV%(jI+@C&HXT6;zkXyaeVT81MAU$*YUn_hd88=UD{F4r7pcBX9-od3&D}4fC+8#W1 z+aP3IY@;_&YCr0y2I5C@wWfd)1RP zk_+a(cQ1^ttAq#=$}GdGa*NsjCoE=rmoY6EFLo(*0uYNXlxUt=or@ST`9$*u%}AM@ z{|d{92}A7;zj;69E%XOr7e6M4}<2if0~p&f7VD1yEb1U-h$+VkS@i4)bfBkgS*r=E(C zvIb9Bqd(czpmGQ3|A2`$6%`wt#4>TMG`RY-DSBgDbN0&HQ1za)O_ z#SPSsL2F^Fb(L_}2B#c}OjhFgS4tcG=QN9!bQ6O_A#TJ8%OI_8?;7DicBjWk z77fT`Xax1L*eLYT)5F8ke$a0w5tKTD=p#h;EATu+gANKB*Gi*(WI`W`LO$szXwCYK z8?O|&&Jx#wq^AiY$To$f`jlB*gM2Fy&|t}5Mluc5LIsk(^7|VUw}sJS648FJaqqV1 zs5h6pzxfjBw+aCQn3G%pwsKI;zlR8?%Dg!88ePQ*SBP%fuxjLxC`1-)*Q~)xwvtf5DO~04Y4rO&016dP#)VO4mgx0Jr zM;W4%5~vu7U6P>+MAQk3#*9VSD{&pk^&|PyVS*Oz2`D5-Po7kRMfe@TQ}T(BGC5dT zrHFKfgrJt-Pd7E}llMAI=zdRHMi!id0J@E^U6V)J$!Go6AsBYVYki>a*cOy-eGFMdettE1}x&+_UEhNxGH= zDGM0aR>IVX@K~BHjvbf10Ay8-=8V(=`_7|Rq%jO~2`QxYySWokzoqap9q!ng->{fE z`mKLo_o#BdvmKEgP;45YX+!|C9EI9=^zxf~NWZ-mcbSSo8o8=x9KsB0VKN*9GCrds zj6QyzCx3$afPp26JVA^0Jcf|Wtam~za=wS3D$#4FqzKs*+V)c?nLS(!{@zvx$u&_q zUL_XBtW3B>z8$x5<*VBy_%*S4`7Vh70uV)llE$FW);lA?LC7E%ypRrLXWrOS_p(5< z1XHO*n@UE=;|iF+L+)aS`+OqQN>%*oG7$!7WtX7#SE6g;Z|AUNWWZz;?+CSF*dv+@ z+#uJij2Ei}=Cgk1(YL6jhJ=SmD(`)%=V>uqEyiyW_3>>)E{zgIW^%kkjCMrM+97c26v zrustVqda94s77|__a(PWpNlca6N`Eo3x9DAiqnV_Q7VR zpxP#<8>lFlYAU>tQHIoW4Vr#;Z*MfHo+Q<-XpO+15x5_x;bO4BhLA1VLktu|wq+F! zIGSQFM?4_%4Ddm`ZlOCRlxf4i{{VRv5R?1xi-^ltQZexJBcXH}8K!|q;moe?ui-dw z`R!6cXZ^(nhp7`3)AsL%G(HJb@mIG=Q1!vkAErFr7O8fd4Wnd$D7Ibgs ze|oa)fJ6aC`mLo!G&a@um}yIf9Ns_!u=!7`kJ(cHcGqbT^I{RHql7-a@e?nK46niM z!(forqyHG>W4Ds72ekge7sKwu`{2FDnafiO+~1eJookZJJ~Gd)WX~D@n*2s$kvVT)9{qM^c%Nvwb41Qa_lKE`y|J&)r|Kqa$2h2+T z$JIEN-n)O_2&ze(TFM(V{B34)hHmX=4sEy14YOU{#{hsAi$z$!4197pxXjOXFBvI)mO!d7 z1pLbond(Rz#-vrzo@jpLbCto#(gBjlycZdM#NcJSGmQ%kuY|))O6nd7#*@rE;#NfI zsKv}iG(X%ORWc+2SV>f7guPS{hrv7wJBbxMDkxK+N-4*>=q1 zZzGYQ!d#b*qQO}-xoT)}p+$?}o8JR?BUF-gLiq!&4xZWB z3q2U!EDqL!2x7lVIoR*2eXNzp;H(cM65e$XFwIUOiG0{V(kCpo0(yCgTxgHVe@+VwNcdfhp4f<$_?ik*P6) z5@3p}ppX;4hzxc$Pe~ZLURN0VfsiXFv6=ylE`!FB$^ZZ`5aA}F!349I16-Pgb5*MM8T=tdfXeCM6NU>X{Rp1W456vN=rW!C@-Nc zhb@BFYvTF7LD`={^9*ICLGE{htk)+4swQHp6 zKP7Ua#!)<`ACCx>aD#d|Ha1ob?L#X{9nkWGLHXbgL;AIA2c8PGS3;PbMCaom^CIwE z$S*}C7vHRcfAxhh;_BuW>gSI@5Lrt2d%v0)@H-R04S;+qep$$mmN{0LG&(mF&;jsn zf{);ss;wY1E|Y-RWRYutRv1GyQB!vu1YDEHYnB@@l~O{#j$TGINgdvhjdRvj1FtGX zkl8Wm1Arh$G^Z%y>_YargoiZ=OGu<_8ZAe3%@EqE((RRNCg6PnZk&rld%a`69rykF z&k292? zbSPcouw$*7=}ASz6%b36EPryr`W0b`c)#B9FvSr{F zDbyCm5g=137lyV_Sdf(W%2Iy z7Tv5Y6RHu)OZl7!ZlezL=wA8KcCM$RSCZLp* z_;1gkN+&gT{pIpS75ynBN(fZ|0$Mc^0HG@%OjW1U|&9|5u{X`BPo7vZTEhe;ERe$hQP<$uDm4n6MJxHHclK*L?^@9#ypf4I=?>t$N)W-0GIQ zD9-(8K~+IHEu1_Q z3qAvSo>gWI$WrWw52vDgz9+3TP%Y!@RJ;oz@Ent{wG`~vT8w8zLZ~vti31Q3RMRY$ zv#Ah^Fe1oTZ_C@1Z4(W<`R#sT>lmc|$U^{ENt`ZYxpHQh{Q`cV0g0r9Wi-noNt?@! z9<`Vu$aMeU4Yf8B#&s+jkIHc#3LZ$RvlRmb5oq|Gtvi@;Z;n)uQEgIG5xhyLpmb#0 zTtE_B38zdX6og^`Se#%9>}{KY5A(=7y+FSwIy0pjJ5>NvaAXd6{Q#R0FdOw(?M7w> zc5Hrh6&e6d73$dwE=|E`BZ3{Vqw6p+Bo`{8Oe7IjBfP;XV>65d#Di=Vo3x>I){vjT z!le1q!73)!Ab~Ro7gf)FzQsunoWN^RhOXwAC=`dL#|fJWLq?u8w?o)2?$XY-W@|6G z*tfVt8GBsYeqj1I21t1*q^+0GE#762sD#qiKcQ_$A^u&OMFi;`54G|8_z^zAj6A_= zieR7ukkZJ@!P85xCRzl7=QZGruhA-EkS!;{5pTx0iPD3 z1URFxb)^qOv?7z2K__lL7AS9NX<2W4_UzfjQ8E)CF**s@Y69g+o<5niEP(gZK+G|s zpC#HgYUep3Co%Lss%ds^u4pbctTk_sv z%z=|BS|EscfJPCd+|GOLc?}OE1|G(!2Ij9{l3MMCQ74k14Rf1PXOeJLBYFv@n&Qw_ z)QqsAW1!L*LDk1w2_Y&SbZA2eOk{hLR*Lm*4Cpt90C`=+1qK-60`jwtfL8>eU{zm$ zLW2-|<^;kb7ju@)&RhT^uSEmk|F`30$l!NcH`|1}^A2Qs`4KrFraC4B|D7daKEvdn zd+P|VzzsaFZCZ`T%Pfk*Yu}PdR;U2lz(`nFgCBb0dHKHu z%rinTItTKJ^VDE0q{jZn6g^~XwbJeqCbNFsx+-i0LVqwHPwttZ>zd5`u79wk$lf3~ z3;DjEgn^O62BFX}!pF#um|y@#1ut6>q4qTNaf%|)UK*x)0Mlj3Ap$_VSTRSRvPeqE zk0iI?!sXG{{QyO=Vk6196KIhG9fgI~zrMaEIR_(p2Id45%UFQ?IjrF}ZoUK4H4%y+ zUj!(lp`!wH5j25vaS`ye5*UTKNvMf5(+|E)rFU)FH;WxUPxAyx$6tk=Vu_VgG&lf9 zpbrT#4C2f9b?7M6GXCovqAf!IrAG?=2Ti8?pK!p@e|j}n`N+{mtDmW%k?-8GgB5JM zR{i6l8(vj-Nl9*CNLHmkq zz#BjHz5(NIZ_CfTKlLxsithj88B_o1mH)p!@rro^D(@W9){xcNP=DFyxDiS9jzze_9iFXtmUOpPlQi$sJ-la-=BkCDz(&E? zlckIehywXrP+=00W}`qcy;IU13Y~*G0XOw4k~Bum!1p-&V%<6`;SqSN6LqS(M092- zIBkCE?(hnv0}aLRTScRfaz}gOR11^@l5r$3VicWR3EdrMe@GBz7wpfuH`E~w)W)-X z1k`aqtp-ar3S3xy97$GncvH#%>O@_E#z{aX;CXn>dmK`<-%J>=l3*TE{s1n;Y?ny2 z5Yr(76);*HBxaZlFG~1fWYmCxOaQeQ;X&|nkD#s+jgx>^oQEO22^ahFtzp;DCs19? za_@q+bo_QEmC@GcILbF|1SLPq?R%FDeiK5u9;AE3X=Wy|_5+nUkAB&WvoO@tjcU%5 zPJoZ*hrLV=7DE>2hC$4;i?{D2_Z5 zT~0q1>M=RpzYI2C4I6-XZ2tW%X+{x%O-4YG3jI>J$Gk3Pu~jrd{`mu zn1_c4nT7b1*G5dSEL2pe$Y~e1Rt)k}#47^klSy-^K`?@w!g%6_bQ-%X1|_PX8Q{#1 zpw(@g9e}XdDUg)BOZq|W>hV}`SjPi3e=>4}7lI?SG}i@PAS*|~Zx#LKJ|G7YP{nGF z2J7#`4zI(4N(brlAIA|F6zDkh0Qn(?vjChX@#SaR9tz{oGSYmB_27cfbnPedAGb`e~o%YgCM2iX#%^S zI4ZEd%B9}Jh@l<<8C|+bwMR+n~(~HzP7iX}0GN6z-i&R4ro?kD&SOVlB zs4ICA68pz3k+|j3$y39Wupi7O$jmg)^4;XIog`K&D+fP6e{&k}r5t1oN^P^vBRX*k zQI`IwQrLI0KuSs^XSjE7EY?(Rs0Cy;;toS)yk2+d0_3+^oH2z%w>}Y;x2hTCZIkqJ;9oZtGJ$lp#gRE3i8?ix~^O7HGo5;d|*+Q z8Rg|u0YAN}diDZ}gL@gc33H}YK5^NW4ehhe_MatT-V2b)>+vWf@^zOG%_6Uen8@Uy zFogK}feWer{__T0L>@#!1=VdgscZxA7V&+IL-`{_TEK>&+)A96oU-_f8NvXuzu*gS zYgGaZl4FLj{F@m&fTrVjJN)aoqOxvx0_1MZ9MQ^pN3!ww&H*&F%pwJ>H|iCnHKHdF zOs)c(f|UJrPgl~tQ@6sT+%cOKHBw4bPiM~9V(O?dI=O0D!$%8b^}El zzyWYdsJ@AerW7(nh@IPwK_} zAF#odA(WEiZb&%y1-G_{-C*NoVm2tbP9cs%G-zzonnSbOcCB#U)`;0b@>bwZVv3fH zgG}c@Oe3~4IoAsf-#U9g0wsjQ9o5Op!ef7nk3Nd;3&L@iajMBlXl-P)k#uPD_PkiK zOGy3}D%AF0i(^@H7$Z}DeP#``;qydjL$x3}C3$?XN{C;;tgb_@U925kJsAfg_@}(k zM!?{Wn|1SZ>|+tzzE>!SpRL>(gA|pKp`<*VEkt}`w3VG* z@5yCcDC7|3Nh9t?iepR)3Iz&<{Gc)tXSNKb)c%}Cel{XyS5@ISpx zb6t=BjimgK=Mw+bK=$2UJv^9|(#J6HL5@x<)4w>7@MG)0DBO$1?GN93SpRQNIgsj- zt@JPZ`@iq-*#A3V|C?CskBqMOT%x?Dgl=Np`!5&VJLf^~#erjRHs8ja{_i>L_W$mB z|GSRf{kN<6-Dq6(=05lb)Q=Z9Z5Gn{HymiIpK1g;Qr|KBfY@s#q~x_lL3vfHHe-d^ z_Y;KAaX-$HA!-{m13y-xHXv7ogA|PT*3y00-UI!Eocl(CAY_OM*bD{{bpkRn)cVie zu0%0~Ab$l_CHf{gcMZMG+fM==@KGxE<4Nf>Iv_NUhKE}Z5m^ILl){?zJ1(KpBP2@i z7#t-Xw*N%$nOe{7-au>#Xi~)L zA>fr*b+`zPn*99ym+&1)_z5DR5;7~HJ-X?}FHze&`O7hf1OuJu(8M`He3iXOe+3;g zig>6Z>9c^$P%X~^Ua8#T{?4_Gdth-B9`y_chc5b5Bs@WiIR#$BD;U>}bY{SbZa$DshyL9%S`P#1~m z0q~Vico7D|$bYglR_P<+5gOHHn7r^WqA@_LiR;9TMcU%7E`+!M=ZeDho;*GSbOu=a z&@K#2s1L^U91fodEeaR0`);I;vc4`%myYf_^@l(ognlv>RQr~)op4y^$2c+6#SMBX zBfsG@97^yOzlnV!&i5%fgBSoB(UjFScqq}$4C%8KaNabqG(qlz-0?O4KSiXj3Qhf@bH{qFKWIDZbUiT`eyVf zc>%!eNMqR{E{&t-Vi5c%fd+8g$-grGqWk^!;%~+Yz+|N9FW})?8(%+6LGSYe^}?KK zCqJ2CLTD}kh>?igq|X9B+so(y?BNce$Nv9!R10IX@@;}YH!Dy`mJ7}l6-^KEw;j<= z&;jF!1_}W4C`6R*Lsuu*7#x*nxIX|zazM+U6CMHN;YANvhhe1{VbNi@%O|9W_ykbs z2{OI4Vihss2-U)VR)NdF@}&pW@wY%9;v&RJcma3Uu!f9{0z@6fpk#d(1Yi?H5JRQv8Ty;03LW|-BZdz!O_H?kkDhXipcqp z%?KN=h5U$OU=0394zq?zO1A7p>X|cVt^oT{s-fo+$Vud4wD>DTgT?8N`Is>vKTh&k zCx`B09mQj0Mg&Wp9EwN|*Cb&JV0?1a1dh8U$L*5iag`*XHxJkcuFDUnY9MED1(8GI zZsGJfs{#MNQBe?Faa^6ficV}ZV0m<92!KSVt*Iu{hEx38hxQG~hKJ=4Z#ywRC?UV0FCZ4n=|hb@OP5xXp9( zcylC3L-q*xGV)-WRB|LEoKtClU~)2U!UQf42X*J;)7dD0P7AJ!i-c?)gBMJFOAd)>!;aj!myOfK?4dxJE(^ zt~wFLVWXIke6cE?G#Rra4-c8sqc|#w)I-4A&y5GwvBo>be#V&pO!f3Te81oO zzOU=LultG31DKLmlSXKVN{-6nEq{16xvlpYJ048+x^#(9_eJx)^fZ6~jTg&L3d+MQz%qyp5ip7$^5KQ5+OiqMD{1|E-aE2rcnIh5 ztAdZF-?QDuNjG=lTP|CBs+FghcC?9icwp3rMvnrJ7CHSNvccebee_nbdM;2#bW=K1 zq&_63iBBag(~u8P_0~<*wIjX)vGwZJYrF?p|4d~L@X)LNkI-U~>*G5%*F0h1))lW$ zR&UZ-JAo6gahvWD(1ils3&>Wz&1sxCuXBwJ)YQzI@iOzN(VivRtdQp6F4jf%)n*(PYT86t{3;F%!7b~(p+io zM^zz$Zd$_Qyo5=8t7qjmGb^0Kz87cbWgGk*XF6Ka+zxmR5I z3a(Ejlm*6ezaxj_8xtQ5^q-)9=0FEwL)n2Rzb`&sxZ+o}l`Y!6CU)%mO4qQc$puZ! z{ltr&X7k<8*HOJ(&7O@6jpEtJ8dDm#%x)mzIeN-11;ysvvhKxt|Hz=mxy@ejf6AYVJwJFa9mX4= z=Z?@xF$Qc?Fv-_IDW^Tto^&gb zMsQ3(%BVX<*uh0vL`xU9xbxNOHV`l;+O8=IH=ORo)l6c43JW#_-xVh$U?PejOU#R% zQ%4byu6iqLk}7r$98@kZxhBKEBLLb}?z-&sX~YZj50rcwt|p<2NTps0iv4%rvp zI>tcAfSVT=R-Adr5gUU5VjNp=vQTnSL$fdk&wVj zpSL8iszVTKf;vjQOJ>xyY;E=u;CB;JL0-=^gg*K77MaXRZ^U99N%FY$ZYo$w9H&aH zE|ANuetqgzdF9i~B9xwt#{tTbOJk;SCbMkDfv}S_y^ugsU6yM_lb$1&02pf}s&t&t z?n%CYSpIA zp;lc+%lD_!w7h=(`pEMd1-z3%epmDmv7rSQ!-&>B&ngt@-7nVjR*GqZ(8m1M5za(p zpL8>ZNCM3MG>cC1ck`5~0@#y?T?S#hd~2TzOTL_5=}g;e88<$GS0R$Wa(2)pT;4)Y&l=$IR??(R*33%!ip7wvkn3sRL%J;ybn~IQKPBW|z1KbsQo<4N5v9_*D5GkEy zp~brHYed)?_0P$*{u|Kq7qB5R73Dq=I9VHK$m`y2_5UU1T6ymarN!h_Zx39~4L}hD z)-arTp+oQK#2UKxkCR>q;wiIG68j6(PmLorzf_HAbKqtI0Z>17AJ8B~dJyEJolZKF z2NNhWc%WYL$f-WiyEvbw7}3f2`o7s@4#6w)dlH$xaQ@x(p5;YJM@bT2C&rPCiP%Em zX3)oQ+WiPqGX;zvzkhHnNm#dwKRw&*65@)!c9!1mU0V(!b2mKv7SE?X?SJ^lpvUO-1s7NwbnZ~K=1@+}lgG*=qOo>Fyp zf3|-ERnP2i;*sr>eV>pb&q8a+>O|qxonpbwrB1q$D5k>PI5U(YrSzd_`hrmAgFwb;#a5-8g75|C z%U^*hI}9m2U3|7Ol2PCTjO5VCYp66sq9pJT=W$um-5I%5xy}QorV)SiD7$ZY_>u*Z z0P0(*=K-i*p&iT+{*Dztigv75S z*4QL}drS^DMkQ50C8`IPEd6An-{LZE>^aW(DS?^TBoUJ8^WJOAT5-kNK5MIDwU@22 zAdpn#(r9vCXawFFea-EQ2Lm!rLeeWBBf!-t=Eiue20ZGjM5VXGD8s`^GPGqc$Adq1 z8=hP|TsR#3H1bFgfU=?oWw$01f$r|Q^d=Wxnc`lU5G_oLsKVLPxe!{_Or@|^F@mGF zQsx`!NeU;~2t66iq=XT<6i*OstAR3g?YGogqFV?_S{{WwR_1^dYFEcRRUZ|wzdk1r z{iI)N%^FF21m<{gZN~^EO)Yv^`0wf3g3L=3$wsBjY}R4W1hU+_q<+f*VA3CiZL%Zl zYvFNp7c6qqX4@_4 z5Y;Q=G#X#r2gS;ZV(OPKkMTDWbd#%b00-1oKH|=ve8$H^FbctjD4S*ZqcKZAz~kJX+5ZV_ipKK3uS>%pW`VV9S{zNWxJhv)FJ_?ctZGgxJ`R0ELfZQEUQ7i zg^st4VT;-di^$uK`}zvx&-zQ+7-OY4;ecAxx8$1v6c752)l6eGmOO_p%o~V_TcOyqsfp!Uq`x06&Oxq6Ds;U01tPh z<%xyDqqdWwWCh1(9v4R=nTY3|W^q^q^1Qb@goGo~)Xf?NWIvEc;2!j_xNeKyN{e?j z^#$$A6k_^q4Yk!HhO!Ov8~7l97d%-iqC7gu`O@j1oh3SjInppeqKwMTX6Q-myRFQy0-XKqF?XtpAnZf zb*ycp*N|EiL9tu-_>dOrjsu|bJt zgI}$fv2d$_pD9m6D+VU(SY>`QFRfp?{Wiy5uwE|n9+N%9lwM3XsD75a1icc62k|SR zi^?6CKbx-$Hp=jPn3{hGZ)VqU=Hfq+)gxE6x z;aLpQG&iJ1Zn$&Ca13N%V!;iYMkgN#8DVLeMPHwo#bhCrVY~?97qjTD!{*KU>tlUk zgyq;b>$IH5zIib|;Cmw(3pH9*cz#Xt{r)KO`m3@iAKinzbZ~>nV)FzuG6NWWAlPKa zuCKP=#0genzoc%A{Fp;>=t&j0ZUqK2xiQl|tN8E14i zHpUXQckHR3t^PgnUfay=%L+I(#Nq0uY)u!HS?ghQ0@0pOU#QI5%L`XolM_CFQT?fZ z2mN7I33L5ZrRsl@`S*r$MPTyP!^d>wCj(rA{;h-j|8f+pYM=Bvkn53Ag#SH*p(Vf| z_SD8rCs1!qKIS}?t;eYuTN~*)N_u3YQT$)DFZV7=5PvR6;MxIS(w>WKkp$%F#D$Hu zFL7r4HPrRD4Evf)Y}b=%5t|@1ipkhC1b*O* z88hT4a(jMlhZ{IoH=32@Sc1aQbO{2d+meZ;gAyl-&tQ<*wAhU!Ar00O%3^`AvoVOj zy7ldQ+ZU4)N&id29cSQ64^J98zjZ4$3NY@>7#ko=k4^R`*j|9(m`Bd(DHk$r@%gzp zV=ST?nrCzPb?5;AQZ0H--}ATjienEUpUj>CnieJ&i| zsX5lhz-7rfUGFByqRat?l)%)y!=PEgsOx@{*%JtW#%q)`Z6Q4x@_b}EYC#HT?k>8p z?4jvgf{e)X2CA}TGETI5lP3MZvjK@~f(W-=M*6w4hGK$gDhAi*7JEvx3JSn`_&8rCv|cWJd~8flU`U6EP=Y0Yq=P zvHG%K)LPLUCq*yyDFp9{3^g^iS3vZ+DB-$3?DLT<ef3mp*kdWS4>W(50t+@vVi&|Oob>WZkcq|o}Kv0nP zm=T5g7O-D3#*~J@crVcaiWrqXB#ou5pN@9EzLpY7pp!5rvMq3y{Y{XGf33v+E5=J*0}wHVwbR?+Ap z<#=4EsdfwAQ7&AhiR-nNhpSlS@+bM#&OJ(&{wkor)H0!{NwBW$YQ8_3+Kq=L;BJ&n z)a%g0tdHw>34^yz2ILhdS>Bcus>wMMYBFuXxtAAbG?S`^g>_e|BRb%wA|@;l7$rLD zwT?fT-OgVfvu0ac{`wv~NUukcv8lFpd`j3ivW@;AOzy?7nVt{7Dl?N``>D+84YL$o zo4w7^=?F>n9=;8!yFHCxEJpwq7kzqLV;&lSK26C`z>sP*ogO^QL`7_u!4s zAor>^y?bB1Ts#{kt+ck;TX|(By^bAjl`to0v)AgpZYrNYDHulp#Ggbj`aAs5*e&Os zD{_nXG~cgFlOC5QcBT9F95;=89jd=(;Z2HHUL#r>+;MYjG&mOd0SM;h%A*k z_?AbbaIse5n^2J#YCiXet99wp5+5JmeS^F#NsK27giYbJz;|iyHFdr9dQP-RYZIQF z{ISb*b&bn}GVyB?+5@wleI`Rs$Jo^@-M+xg=NByd%4x~IGc^81V1n&_B!+rQDP(I` zr>u6KU^I4Xayj}3d^?j-NvFNcF~qj*2*7~>=eTTvaCWt^p10|;!GrhHk5i3EM??-{ z){uLC?cXm8)JQroqJonLPT%}xTVrh<00cYIbgtikt_-m=IuUav>4E7`Z5=G`Z;Kq2 z2j7!dgVURH;!_ZVFh64!m~J>0X+@u?^v0+-nyq+$Qi}3;g~f3y7HV_lqg7VYb4~4} z=XKNHj>|g?=ckH{e&JIo7TXT8V5^>u`UY4gO6A-S&z)-Oms&eW)rj~VO9Iw$Pc#f{ zo3ZPipU%cmS0?xh5>wP%#}?|_ODly0ae7-0SJgaP1Ccm}8zS{KTpU*M&Gysh&&p@N z{W!#1KfSWiPt`+r6kqH|m0gZsRIUI|G*gS8zSEw+U%zNlMQ;L5TaZE#CE8{?9AUOpsC2etx22zZE9ePl*2VRjN zi6(~Z2##_G#JKUp_WiYbK>ntyWY*~6>MTZsazsk->b$tsvna4Lh6tZzHN5ZEGK9=Edr!XnCnL#gixfbw4ElE{0=veZ+N8#mBppp<3>;uLJw3gm6Hu~J zA5nkZ+Qq2UU8os$L4EDw=+jiXaZ(f{kRHt=$(qBk&~dQkpjy5zSl~_Wk{P6BVo)|f z!wcxMtISJ(^@B7C(YpsaD0j&Y1d){NfYfHT)RH{PAfqt9r2^TsW|j@d?Hu`c>R%Vq zCKn*T&zwf_-h592lhM0m0@Mx)whdakmL(HRyg*DCj*cV9gV(mhbtqGgtWHD+UY}mr zf{ei0m>M|d#+o!qLR?gf3tLBYDJ-NfdleY54Rr80tS(mJBA>;A3^kkPGfbkq>Opg` z(ta75Vhx##GEFL_;%xRDOOdNPPeNG$?aO-SQ#tn zwqjUhamT-!Apalei~n#rikbuFv!JD>rZmR>jt>F%SJdT(l{DLuQ>yLvhn198Rv3tO zE@pIZA>q2Z3)p)w%Jiw{3M`mbD0u7G{l%%< zJBXfKP91~?#e;2qv0a!6!dmg+$Xo|hnWD&>@yh33anB3ddfT_r0nwGe2OQefIY#kB zeK-Y%Pn=8$hQyYUG)Wk10`xn<-AqKx6Kb}=3tX>b{FIZHSlI>L^;K`1LereIb%my- z{TR__tg74i-%6KCDkdg^)+(}+;-qnoU%Q`H`w7GpBHioU-SAxi#Zhb!z2yVuJXfyr zu2!Uf@9U1ZUm4m%VLcKk3GhaHG;7R06j#2C7q?qv}pf);k0Uh+%^bD$A&R>fP0 zd;|sF`d*kaj}=;*esW!+%3%)?@}n%$c0W_~(2Ab7JXWiT@25&Nr*5u^s z4(}Q%GTUM+7T|gnMS)7TUGQEoBOZWoks^1LK|Mf7i*3-?B#2xL;TGqP0mQc)bq?)) zk>1N_94S8}*&%$Gn;c|}&Pj~M-}bjfb`_al7q^osWF#w`J`z9U$^-x=wUq8WIq{)U z5@SRpk17{kgO~_YP5l-#HfNWSi!|?xB$o{-eLoN196yp2MwFAhqdzTYA{c;;5Fm=b zQo5qu3Q0XUS3lr6XSKHm?nO$Z>!g{99ulU6|02l~6|ih5JecO#tb8C|fC=x+5jdbE z{>HD4zp2>G5Ads5fYA#%AW z=7>Bj*1iFHKe5N+E1vWho$&8sBEgSQ*hn8Wp&}`UWOgbs#g2+DjNzHm&*62wm|Uis z>c9ZNRYX4+(M3>{rKiSA(+`lcjHxDSmjf0}hFY}WBW#%2O_1t%nOu^gDb0I4)p`w^ z0_r7=1Rk$uS@pz$P<4pY|AyPCG7bmTA({jUb2G%cPv)2)ZNyZo!0Fd-nnG~AE6HwO zv9hsZe*h(U<&>>7QL)gM1L^D=>PL5Yb`GUpe&vs(l^=&sob1=(kF`tGbsg z_^GUa)RE1Rn+==vIH=lH7TM0uy7Rq}zpRV$@QB>jGO%Pz$ehldns$omHEU3)R(7Ci z_`#7I0_*Py%4zPi-(uJKTQgRSs$A9ZZpqi(XZk%__7-*AsgIOB0gTHXjU;Ohqu428MQ(BTTXFwTxWdJ)@Qt=d&!G+o)s5+ zF@eQr&6*oC5=woE!FJz<3?3YD$Gxvl<*c%lmUY3q)7juTSXS=2}+PhO{&b2Hb9e)N?jN@~qCd#=o(7 zu5dK8)X-SZBc4OQ)rsWfO{1gMZQ7(3aC+XK>|zRf^9YBdbrc5SjkSVDYsH?V%P{@w zRVD+~Eh{UNpSL{N*GHY@s5NrbDCOstt#-E=K62!TFuT}EbptNee4o!473_^ZY3WBYPw)q}iKP@eJ&5i2}qjTrl8$Yrm zet}H!5`Q(XpkU0$*x1-sijm&liD4yApHj^Xc3t@F_3K`WK=!q@2XuENVY|h`tEHvx z2Y=|VJ2t(&me!%f#Kit}hJ}TPx63XDy{Q{8;b?wmL&Nd3_XP^OVfLLGy9uTE!Tk9f zw{G1!A$C&ENw~2sHU28sdGl@*rTVp3*KJxf;_#6p)>E9Eu3w+&;NVtyKRhg~(MC&M zG)1lp($)L)3C3htawlN}(X*f;fAB0%+=NVv=84 z%?nhtpNg$hy{MVt1!;* zVRJNp3-Zp*Xc~0W{SWAVTNW5NuGyN~n*&Q@3ywPW(bLy=AiXa>D!40KOVsGb|#ZXx}X&pOutTW81)rBKR8qxTg0c9M$EGzr| z_nx>-X(;}|mon<)}ZUu@g9ZMswbjJw@ZTQy1@tnfBCzz~!sJ9qB1Yw?0t_p|Jv zh7Gl*pNNl*RnE8S2>ith8k+EHfo76ZGg`5ye#U{V-n@D9Jnx;TlIPDiAil`ViHnOn;eMwxUR2tP7A?B%-oLV@CWC+$5*D_BcUR2${0UCY zY=TUf|fAZlJGV%hy$O=+MEnjO0AL;?;4R+xy>qOj-55 zTTV_+$j+T^OSY{&akRbhqqaSI^aud zH_u8b17z{dyCVOJ!?K z>YQuqZUTjM$8#ru(Ad61dt=u|8m(LJ2nh+Getrr~x6bn5ALufTxW&RVH8nNcJzxFE zM|_}2tPXjVZ1eT>uD-J`b$QRJdkN@oM_8Eal5uG-zj;lWHm!?+LF0)NCmuO=Z1kKt zo#EkT&z(EBa_P94U#mNM4^L$4QFGQ)K)GEZuz4)0AZxlEZCpO1GHmBgt#iY^`uhzH z2|QxHB+$H7t8cGLe;GxyZPQ`*8$ZQ1N#$1~LZ9h39g`z=eQ#Wl+V&7S@jlTuzYUVL z*QiO8%e0crnm12P;X_5(>TiGBbp866?%~&)zqPls>)a$~!TkA(Yn$|0I2KE%;m&jqkjGR9Z7SF&mggGI<)FE6A*&5 zhiI{YH}2lu4!PKN!hm~{lgDbyl~B+fdiCxN)~Gwy0$Z|Q-{Ubpdf~#}M8~btoPHlj z?yE(EQlQ?eJUL!bqln)3@Y?L>>FJ5IY-97|Ha0fl74zKOE?vA>hhVqy=+T}u@N5t` z!ePe1fddDbn~$~c?|tj+_qU$CvPmU|-GBDWm(N3(^z1`gs&n@H$dM0&>zK7_H6)*f zG-1-D4Uv(ZF)?jO^crbx-RQx?hel-Pihu(Lbf{dmgoL!@Zf8>>+qKNw9e#Rw*qE-A zOMx5#x<*E=X!FbYbM`lF?`6xDb#Eid*KAY)cB%X}sYBm6>4DAHgkHXU8SO`%jh5?( zg6JQb0&W@&x|Nx!PLgu%=FK-tG(UuDv}v<}5X%a_c>@_p?1*H1|uOs8i0K?P6-$4s()5>gpHKGO$Fe?#&et zh3j6&T6ZDyXH#84WU-ZWTdQMq1m;~M;E4K!aD6-^tnoU~;PmsxjSVo7Uk6eA6c)eo z{rk&ET6pE$eH~j{+p;UaE~-C@#BMEyT8f1g1-QDqy1CK!t?1pmw@*dV-H1sBh$R|( z7A2~4L8O6yU>0!#9QNuli&hg?x&(|LInp+XiiK#aB%num;Wuq=OdF0Qc_Yhn+;t)6vm`1#bS zez=bYQ%^l1L}Wl+7_ro@8qOqq%E<;ZsB3Jj!S#0U-Fwv1r3tSK2b7Q|U(3wANL9B4 z-7{&XE@S!3E)c_HO%fNUB)F;r**<;pB!Fv){a&X|oyvFbEL~moXg+EdvGCeAh@&bH zs>_cb>ku~;0UthipM#IMcXnkT9459?G{j9yZqDo8KHZ;?>DJBcR8bR>#~tcxDxcKB zTYSr|U7B&uXWl9Qb~sm#Iu>YQ-bQeVh}2XqZgtiAu3b7u>aW|H&TrkZzxCk3xf=&c zj2nP$jP&yxGRdGVugDAGoG&R5#l_=LLoN1lo!7(lDGF9wvZq_NZvAss*0=|$%bNg! zTqKkP-;C1l9O-Y-u#}J_pKbxQ-_M_DwOjEI|5wfh`Rq`iCCf}cu5~3U)qeh2fAmv} Z{Ipv;Zm&N^7q&v795sIAG0R!&{{`ycGXVeq literal 0 HcmV?d00001 diff --git a/docs/versioned_docs/version-2.17/_media/benchmark_net_p2svc_gcp.png b/docs/versioned_docs/version-2.17/_media/benchmark_net_p2svc_gcp.png new file mode 100644 index 0000000000000000000000000000000000000000..55916a1de91094b18b3d47c50fc5f5900adfe9a3 GIT binary patch literal 38395 zcmd43XH?YLw=D|B)>iBmF`$691qdh@2$IcGfS^PriU>%SoCItWjf$ZVkt|A%N-BbY z2@nv;MJ#AVG87^?-?{zY`@Y=q-guwRIgX~=)(ZQ#!&-CAIoI|-t9E+*TJE)MY;5bP zN+&ef*p~OPv9XW;whDiewrBM|{72gPb zw6{AXDkZvq@6IdE&R3me#Kdg>pBISQJ6edzZAtqBAF}4E(gi0rwhboahdn_t-ja$VKyPh zriI2hlV`EQna%xeYnJ8iu&TJ4nwl&-<ZO5Ay ztHGYCut0h5D_0V1B*XBwz;CwqtZQGKv|^-$%+Jp|4>D4s@tgWr}oNTekb{S-3*?p1U^}H)u0k%B(29)=7GV%!JGG<|5vML zpfQe}Ca zJFBGhPoziBwyJPxO)2}1H%%p3dyR_>s=}mn-`!ZrwRLMk%7x4%=l(i;cCgRFgf6|l zDpaDfReGwgb~klQ`3kdiVV5fFONWBt{6jjOo^iSSgtgm>wFHAW|cp|DrU~zs-ePXaly}Kev^Xk=C^9u_>V#W&E=|+Z} z0;)B!D#0{^rpLQai(h=p79^y3>O#ila~Cf@U&|#NQyQ?{`s@4Kcm4exWK#=9k}!2q zQBi9*?Rl=3ZDm>UL@3{L!b*9sC+*{U`B6m$1%`N?Mzq7=%+5s+Tn4N9?MF;jT>p-hxZ>o+`RWf2IWkv zNBW>G-f7txH>)p{&zbPnEc(siVtqYopcFi<9^2@}(15 z!}LzcqN1WTiwln5Kbh#H8H8MvfBpJ3`3Qf8_UlV0oxXis6YN5nC=f2+wCC(wo6aJ6 z2_65yuCj-Md4?FdDQnaLE!^|J+d-;%?Dm1yhEmmdA?sB=Y&xeFGI&YphQg)nQhIvv1mMs}#v?6_s-)vw3=B6{39y?ezMZmr==8C91Xy>%h? zYP7WL&@*Y@#WyVlZt2@_V#^=xy6JMn3CntUpXrGcw;C11#Kh`xZZlm5b(|)LE;tP} zAINm>*YLafmEP&omiQo-o#~UYQ&?E|-AtV85ggn+|NHl|6nqyZf~DPmJP$eS@L~-I zha~O(!-o&0ul{=^V_@n;FJF$yb02*{c1u;lxtFS?_qPR5 zx&{a5-g3-#+HAE~W7^Rv6^jmOw$9NW)%PQ9Pi6&Ehgj`y3sDJ%@2Xl7idIt{l<#LKiVn4dUx zDs-&3I?S-ZHDqyNZo8tQ;_mXx6;I0NXL_R&^X}e1@E|(gcWF^=?y>jWWC%Vm^!f9h z$%f@?3?u(N%2FZwz{sPUOEcfuGPq37pSt&XTUnm0Lr5#TcYCe_!<98~OnIKOjPKfy zqqIR*W3q12s_~DLzW%BDx~{BtOP(#KPoEYnIFm*Oq8f4#hjR2=iI7I`&0}O&yuPkr z{&}l)S#7R^X|QaG$5_t=GxN{SzKSn?^yg%}Q^GOlDaF{UVpM{^C>>OnpLo(%Q(#fe z%lXG27bzieXTk)mw_$@{x!u@Z8C~oLSpKTj%edGK1k#66qz`1qnm56IzHH!i43uD!a z^d5PW_bce#tJZD37^Gk5IdRi^=f*6Y@xhV0S0=~l#g?l%cDz!%7$mG+(QQB2WbA9( zI5Ci%9xCg`%1yDxlj`KrJ3K2buW9%kx_`iYxHY@fJaZehr#skK?V8DmW_wNG+5I!$ z?uoI4oIP%2wFgsz1y_%UN!f=Q0A`jNjXm&C~_HmS{^E4O=h@V<;X}w zV&LP;vy;PNFKoBrI6uBz5hN1)Vj@m5@@ScFDfWjr_AyoC_F66yF+Dt_eOFEnwd|&n zEQS~xUbKIPGd=xj>q{j3Pqq=;4w*lp1Z+EWYHn&o zT|<^POISN8;cWCV8Y^x2&V5fr4fP^qTxb+bhKld}=xJ{Hr?J!vnWt!*kUXV2+&|dn zMIZMQ_MRQ5#oz?Y|DCno->WymjY36gstuQRYF~^C+H>yM%~k7Zl!e8)k=9oxH#I}> z9_9SD-VgV;9r`{zJe-lX#rWE}YK6HJN`Jk&Vq?H|DOTbzV1ag5X#hV}C0MjE+q#LB z82N;eWvMwcH>dJ#YN*%>6Mpxff6hMLdttmzMU4M^4w5J>=C~gRf1>Wsl6zb97mjMB zoF84>KF8Mn#-o1V_W{HL_1gS4y1f{Zl)TquyQan8mbb4zSh}@-yJUiGTh77KzQ?C| zYwvQ2Y}&Nxdqzs(ma5Mohbo(zn#@A5%F<7=3$D#%Oe|f#tCKI6({$oJfPQKl5;a|LM&f@u$X5QoVM7!CwlUwunjj4y zAD@aq!G}g(!xB95p5pIvhFdaE1J>m?UNFYK(N5Kq@CLM^>P2DmXaKKp?bwlW{W=@6 zyXx}Q91U2iz$;-=HqFlk&V=r<_!9neY)lhqNyd$pl4((`SHIUF_bldI2cfNdWF-B@ z%HNZ$o6`J?1jh?Tit0tu-@L${t?2ADe)sNOl1A)Zd`wJV-<9C{=C;k7HDkV#V_rjy<0f$=HRpl$Zr>>aOt`UQ?`W#@8QTKcs&3cj3-*>QzHB*W0yg z7dbBE`3qcay%%SCr?Tu{jd0e-tB<()3R4MW>*SIg1pI@BBu+$-e9YS*!_0s3ru zsJQs-UuPj9IXQ#29NR!jwr!gZ4h;3xd~$kG5}?uTTeq&@*m89FOn+U?Bjs^`e~13EA=Ut_=lbK1=Qb@Fi6$TJ*gf@cRNjk8^l< z0Ykwb&?2w>q?&ztbhN)Nwq8?RKDNI;zF=?E);Wb_YM_9fx@SvclD5k2-?uz3Bblm`Cfa+(;qW}fBgOA`+($- zvF}1-{)DK0j*Y*@mVn)-|X%m5YbJ`YTdFF zk^^Y`3}-Lj&_Xh-YTb^*HMYz{=AW+?>|42dbr^tDo}v9HVvFFrV&i$UfPerA`@)H* zE-J5*tGga5+F`ka``&a7FjB)L7BDoLgsnm6wXuMSp|oW6K!G#iMIsLNWdU>H1&d3m z!Mf>2**WLj=$9g;ol5lt`F!VJOUSXNeoT*csnwGZ={Z@;bhAfnRI4v3Ee-v9`D%gO z^@UR%UQ=&)19!8!j1Ynf)AMmA%^F>%e|$Yr871$xMsM6}L*uS~eJ|Q;z2t-BUfcaMS1;=8*RMLha%l=!^4E)< zKKHzksyGeO9qez@mqf)a>pmjP)DDXmdQG|Jsj>{Pyt8xFA&1IrrRV1T)^9hLkL(9Z zUtFBCr`PY0asFi06m0Bcxxf%`zBflgB}zX-(Xis;;tSbULG{-RhL>oWc3sH`m5(ng z%zWnz?$S*;|M=fUMHDSV?RoXK3zKc_PTxO$&AA^>D(Q`iCn66!ydMaV-@m^Gwbkxg znKa{KyPw^a7BL08WPL2SRG#iVfYJ#dCvPbCd%0j#mMb@EJjZRc%zZ<@og9OPlhatxeX zYScA$(NA}t%KK(tyud)X|FT2Qy(ZczMkiHIy2=gg3S%0lEd-f91ZXe>ndzC&!t6HG z2dGHqhB7(oTYSa4MCY)pZN5Y)+WP>4Xr>#`!sA=#=a z8X<2$e!|m{+dn2jz4##GO>u{@?i{npYLv1im_yp|IDd zSO0_G26_cH+J_Vz05U~GoyDDRCK&n*w*)W~eV>1=0G<@M(~eLo z*6j>cALeMGao2R&1*aWTQ6Ba^ zbotZ8(uaKZ4|wIRFx{p_^FLJrk#~2O$EZhj^xvAmC{zIn0w{s}Dw_|v3}}&{M_$=e z9cAy>`(^m7uK@vy6Z)LS^PMS}3TEQ{LPN}=Tb|r#Q*VTZ0jDZ_QB$%#RC6- z{@EWUX?qax;p#SyrI}tnYrd^+@~wU)OsNv@RdPFbzI`+HMYg9V`gl)!o|AdWU9LC) zU`7$YkYL0Rnc+sS@1OppcYj+oj_OR`Ug2tESAik2bAa>IB`y4-Ez9>-%tk%z)bn|p z)BLoHXf zkrHJO`K0)~#~)``^?ZqF8@8`c(oRm1%#$gaII+T6PV3v9PXNLfqBWH}lCL7{TihPk zh*b_D74v-_S;iY+U{bH}@$nsU_;w<=o>$uOW2g>obZqPp$QN1&2r%!7$?e$ZjUhGK zxiSCn)db{u{b94=31F;as6h5|Pekk#K0mM#VJ}ZV3{BOihe~x`tDiOT?2ipL;B9Xi zx$+75nAG<5)496mzI7b^(@j3NEw63xOQ=Nhhd1`^xh4~$#)%sIPIHsC@s?eaeSA~j z&$eG@4cO0M2c373LSQs8XqQx+YIhQCvP3PGauEM=Y%vL3xTuJv$??ISnQs=6XxEmL zS~(l##gg959KLxgOhq1R=f!O%riyqW0< zJC*OXQIf@O)ZXob+-}Gy28)sW8P!dAXoI*uqWLo7w^Dw4lvP-;!>K2L?zZCIRMaWKh(?t^539e$i^O_gQOx$JH z*WZ#EFYPk$WWvjJ`iDuT&w?kRQ3eZY;??=$Wi%X@1_$nb15{5L#ZGbAIyF0(zP+Di zec6!7bXc7CptE~_`{>Vb`@u-n=ji%Y#9%bKjZSs?(n|@?BpNK}bL63yW4m^5AW9St zw~tJ9K?mBP)FiUU2ks?MYWXQ2f;xc2N zobCy;=QdTPEzeI*{)q*3C`c7>U48D-pkx~6g}Z#>A#LCNSCKRSeToVRppx+E7@X9IXsM)t0Lm0 zytQ7Mo}CR{wVwMKfEGpeI%Q($nnv#0zS6@T4`y2|qNG&=86!ve6t3k~-kiy$JC_u$ zlt=>((6_kQRWzl*^1M2=*g;sc`9H%HeTyX8nbx;oynLD3q1Dy#lw0a~f$R@bN8qI2 zH8XH%dt+9)Ik>)PX>rbfQNDd&6R><0YQ@j^X)p3?_R&5^%e(sZ#)rdmKM)oR!Wmn8 zujB1e`m2{=&$xMH?3Tce7-`Ql{Q~w9$K2ZR0MhxwxMs4djZI4VL_E{CLW$t;FZL4FHd>S_Qx|_ z-#*sq@SZZ{0?|Vo$0-tM^>4m8j$=3QVS}PGcM+komWB%l%X$X~lQ;4!E76E#5o`w5 zqubHF{lVjJuB|!VbFNf3uXpsR4DKkfqW~t!7(+ieEY}OAh8EPxnf!r0U%o8T?~37Y zGM2W8=3N#FdjH;pr6TGF;P28Bz- z)|cdo?`;uNdv)mb^d(bMmzket!BNu@hXu@0uITtlPU6cSg7SU&bf5kJG?AY_f7T(x zHbx&`ZJpogGj|44`G}HzrS`q;!pvB&E^-h>+O>Tv-82?zQb9zAf~~UK_bVd~1wi|x z3T$(nGy`}F=h$)hQHn=H$^}g@R!xAj6YqZ)+p~ZF**d28gdd+z0%j%w5a{mRyN=Jk zEH0=8i$*}+>CIq)jna!y%AfNoXp4g^HC`c-u0+%9y?|P%0k8ptPYhTLilwwKYVK{O z6l%5nRCt>s5njMuiUS5(Kl8p|-H`A#C$P4R*X#4_(lpQO5;vq8dgppKo>BfXefz># zC@DEIRpiY3ku;|JKPzS)UE&!6Rj zjjv5ldw6*bmht&I_cc^@cr+iXmh1XiB{RCsG{w8;o>);|PN0OB7fbip1f|1CmY0a4r-D5OYU+u_S@@?UW0}K80$La*3yTJw8S+ zXXFa&rr9j`0!=v&Gzj^PA`)>QGQSUI-E`qpX>WITED$SIIoI@*I$?}$QHaYp_dPmz z`O{9*`$)qWFmZG?m6X=+srZo^WKCc3mg~U}6Uw!mQhQ8BX05-Og{#mzs?&#sDRl zPTNgQO;eW?9lqU)DTo%aOOG9uU!3krI`{I0@NN?dMY?c>hLx2C3=DRp^8fZxu zgcj5|0njsh00Ap#{P#SkSP@qu0J7a*m_dn+);01dk(nNDe*LnIE|Lo^gi7CK^7+|; z@}x>0UteEBZQ)ZH&<4IcJBqR-r@XXj`CzaVX8U%_lUj=Xqe2vBy|S#V zYLw$H&3O(C@Sa zOW371k19@b255Y%%txf5cLrdi2f;kglAs|DARC|&=J{0#+e_L%Q# zPl-#H0N+Pky<5~j2{gVk`4H|?on};+#3SpP;Luen1Ia}%$0iY^YF_xF&s4Dkozv~x zVh+WH?@7(n+eNE4x$NGMQD`h5zYL4&Gz2CQNlAvMVG6~TnXgULD)w18(YBWgfT*)m zEg@B?gjqh9OB<85^-Zp#JP*Uj#p~^IrWiLSR$~5)_ zJ%f}Sv`=3LeV0eO^<8Xuj#cyzrDLfEUn0U z&I+OwgZ-q{KLz`WQC}uH{_#i)3rmi}hhBU;&i+%>Wl4Y>`EsLwOmW=GjV|TVUA@L( zY8S|+;?5E!Nw2xUR@eT;4UX6@@r1MomzK@Jr(nZ$cx_oPaOT1$GvAy!DSf+lXK}^2|+;fAZ+$b#S$6%v^`# zrCUY*X-lsw`tkmE+M-x4pNz8-R5`d6sQHzf-gOD!>lY|d;CbzoEkWbAfz~- zneHuk>Z2rA{OqYpM)vGS0;7hGETk;0_P_qXPp7>t8X^&7tb7Ps>v?1vy2Vk8Wqs)p zaQ3ew26eRUEP?mN#L> z#B7(c`*q%&dhXx2aYNjuc|WmEC(V%@fbB+zk0Arc8%$`pLGbIJ1inoE}|Eu_&x1v}ec(-jkKgK55A z=Esg5KR$s65QfG;i-Cakp4(!{XUjf4acbuX;^X0#F>n?P+d?d%>#!bKLZYoWUVXG< z>1jDrsyR5@wCn*@kMU7$2VqHu-FClTeu*j!v1?+fd?Dgqy8Gxi8q4UY+mym^F5!se z8Q)nv6NsFSvqb_^NtX=(S{(|CXtSTxG@5NB3DsW5w571R+&6eGSqE>Ndk*4K82mnp zo>mCJt|J|(U_}!yzPll8n4d+t@bE72#}Mc|JWL`w?Sre{h}eiOToROW&zPNn-JeWS zkI%_AzeMFAdw@7#`n(!JSQ^SqjWHd~z}5ndXb^ogt)T!yd-WC6et@{Nr((uw9fe-W z_^#Qxk>ZIjvLgxLr`AMfWkp?lmF}y48fmn=(YB0JP%SI6b32kP2#GFnCRoaptB-0L zV{%u=JEZRg|8^qJ5hzfhF#=Dcw-nXTc5>K)={wsmI2h7&YaO400hmYzbb6Z0Dfz>P z&l92{rl8WIxNy(Dl0t1+)|fRSSCI46X<^tX`mYZgEz{L#j@qEw-xg5c3X;KEzDoki z7A~&d};TR+W#d4#vwre`_lGAdl?+A2L`T+tPk&q@>%sJz2?>Ba_riPA=_zu(ZH{2!X95HoJ`Wuu- zJ>Bx{D1n03tY5F)l40huFzaI5{OTys^5bz|-Oj+jFaXBrg=4l8T9en^)7|1)>`j*7 z=9$2cHQpctdc;OjpY}kWxC>lmMOiO5OfG0DzwYd?E1srlK?~6Z*?3x>>-SDuwxSI2CN9a>FU z{pd0mYa9-%9bQz^8TV1*D#U;(MeV!IB<5J;i_obuuw4=CvM|-~J zMeHDdSEVPdLtjrg8uU&sUuLTMqFOudd+M3V2VW73Q+wMC6O9V<*KQFFzv8t?8aIE9S<$m#Y@CCg#NVIy8CWAi(botnnwz_5BhQ?| z0oG#8;sRLI3^2vruB~$mcEPYa!L9^P6@iJM;dcpn(CI1)4 zpPnr?GlX~J_?3GjN0~1|B&>BLtQo3xOnn+oL%dg7GO{dVxCbXnbv*CfT#+2SVxDj+ zu{??*E0`lKH#?SEf#ynQJNUD(HT1JZCMC<(_l?T#$~0y-D!P`Jt*AOM)?3Gv{X2t{q30lPz=)M|W zeTQf@+YE*Wb08~BHOl4{2G1fm4+82`fC_9g`kPrEEEeUW0#wpvShQw0)LTG;dT6XX zX$G$SbtmhX#plW%@EEc*3A#nV(JwYlMDQ?Cj#4N@l{|rxlj2U-Jw{J!vymKp9EeSr zfOBuhXEp<_E|qr}74Efax0CKkC@son7pfs7BS2aNcs-iy%q8OPurD5{70xQn5HQGs ztp}nPl&3+hrT~a(BLKS2aS!IA0w6Q{!iZ?GZhdfdZZ3 zk?1FvS8d=O+HVJbfKg!o`=&h?iJ1O?4=N(Ku%bDZtY)^AwsmXnNP}b#Ywi(o3I!nO zmsMf2Q~|$!MoRen^@Cp(So$-Vh17%Cf#rIoQ1L_LJbrGamZGu&A}Jec&8`er^zDGT z;^Q?y{y0P;orScHnLd_$Us`kLIjf}@hF1+x{=m2>le`_|;o&#+MTk;rF7rP=Y$%1{ zL+K!_4dysAJs^d9Fa~ohb`SVRaT=(pL*R5B@^}pjD-XRs=uif{TWQn$>KzeqFl0Vr z`77=0>{L2PB;jYGi(YRH9dvtq+QQG1bqj-?VR!khJ9k3CiG^YZgdjVHU>V!-XEHV$ z3fx9q6Pgs{qNkz+vgSdTq)zbm18&#a@(2kc}8RqEblY? zX(*1d-e76t+-vAtro(Q>jvf09149+|#%Fj|KVyQ0#|aMqM4*6L`;vA>Nz4EbsS<14q6kTJ`=Q*(|F%G@(v=c zy?_5cWopgpRjWclw97QSzEb;_pIMZ&Q{0*j8>HgZqa?}Gfb_cam{p{BZE10V;p|_y zBwvI&TE8ulQV)8JZpJzLfamblx3e5vd(YSGJ^$)$xSU5F`9aD2q1CsyBB*j6ULKBm z*Fi>A5*_Q?(`H{RK~xlQ`Vw$R9E6kVAWaq2WfdlcmSr$S+_8+D5Cw0~vB@_3Fo=R- zzi$zJMg(v$b{*?@<(g-=x7tYlN@OX?05y!C_*WGi!|lJmUctNd8WMdRzJ)P&xAKWl z*SLa<=|-Ooo_crZ?D~m!tbb}RGzK!@CvcewOTk;~C&T-3v5A;Fznu5|@bAAD55aIi ze4vB`$h`P&ndYmDNBuksIOzr$w!zca_GPrsON&#*m+2BfVsaA=nx|;Q3k!+w;OY&$ z;xKa`!r9nQRGTZw$z9o?EdnvqodR@cCzpt^ipbBwzLgo%YfPH)!WOLXR zX4>LYWLf$H56aZYP4x<|n%IJo%S$K%s=%+DfkT^!gxUL`ah4FntI6!g2M0Fl(E)x1 zpff8S^qL%^+PM5WFGHLVpiRIAnv?U3JZ)AHEM{-J+F@$R0W@fZ(m|ZjL(l{LztnU7 zQ8Rj$YIUR-%&`za_2bLnEIy;=OrS#C-Z$7Y(_cIIVmHGB?GJ1~pnebfB zopbl_2!SZftpD;2ahIW1&Md>}yw5A&+C5&rrVn4hA;_;G@?5Zc49@`~|6u7e#3en& zJ!uMXkf_( zmo8OyLQ+YNB&BewU~J5ZBT_vqcDwdK`?SgJYrK1lk+0~3@<4(;5E;(YE$%Bq;YECa z(haB!w)q{zu;Pr1eK^=97UN--fe-3Xxse#cnV-iuf5D9lK4cHufVel~A!WSU#@t!r z^h_}-Y&8k}zRKD3{)h6n(_aPCJ{Fn6^&mm&nYNCanzNa3KF0SW5uQP&;WSXk0!!g{ zDnAd#-a=jaMdtOR8bK_Rc{z>WZqVP~{{YgO+SMo_raYCTgkYEEN_WR2>O-cPEvnGW z4OzcycrAsU4FTo$4D?;z!usr}A+_f{R-<{BW&Fe$0-Y0y*-Dzp)P_$t*f$*L2u4SN;2V$Yj{rt5(MD}h`s ziE@s-@;i2VL$Yo)8GHW;ooo1@L-L;E`ysR+!ge5E@np}r_v6EDP2t#IiSvak#&g}) z@l%94Uz5~`!yiK9R|&=D3<2}-4Cph2sE`H)uKV82!kc1+Rs_2R9vIxNMEcBH9>^5T>XSPloSB8htQbej zMaw)g8(AbqryMrYf5x;p6JP1c*|x-=WfukG#_n>}Q1SAK3WqMTCBeXolcmBLI)q?J zY))}NzoP1{t%mSD<+trzEIF)heyGRz=dr`2rD=LgfzLudA$34@T7vfUgh#$UpSs~A z>RPUi8~*}%4<=i*r1QW?1uDZBqe9RA+S7cEILovK-@Ag(1Al#vI~!oNh07%=g!$Ez z=6AACESv;6rUj7Ywe#yd3=X6+qF6#hSPH!=N;NpT`d3F4MOauFRY4=%W6}6ZefiAY z-DnU|hVAkkns)-nlhh$T{O7e-kSmi=$%0qQ20zFpW+ayyHeNH`A0MR!hwRE#tB4VI zDRe5T&EcLbc|5rzfXg+Y8j0IA5j$_~h7Ib20`i+Mo_G{!jJk zRZQkNu*zH$Z9UG||LA2p{uQZ;@Tr90@thclb#Y>?q34pk(N7aPO~QZWOQta+*BitID_>;UEn8Hvp=HFl?Edkp zKkHZDafInJ3=AK)GrG4Lv~+A>Ch)qniNpht8VAKV(%G;}0t+=?nv4 zQ3DQeOB($5-Azwe28fd^}lQGw%ljz`A%EK~(zz{Szh0$;9SV`G!FPY}J3 zyO+&+ziP1|rrwDW=(L~AGh+>Jvau~$0-5N5dz^r94e|1vCrCFJbli}pGIT^dq7W8} z*v-=n3mP&l)B||s^&~ON5+<2FAzOpg8}W2q15-vy%c8ZCq(Teq2p% zhuuyqR+$SVgf4NQ6TOL8{t@D9WJlhNJ=evaUb0H$tG78(^%uZZ6PwISi$FE^6e=)*Va6}YBCD3603-x~9Z zcB8we?r${-3X`yYO1h&U(j5W8rvVx$3)K&?IzvM~tE&2Wx$y=zwt4*-iqZEDGR=T9 zI>>?&AmX7NUP0&^fWwEhcBB{03QJf-QQ&LSg>2IpLk$$SEhF+aAfTVfPs}+3luMdm z)U|`d+&%9}*Wtu~_FyMU*dPk}9qYM!x+i>leMsDb@>*V5sY0Yrqsw$Y{1|oz=#15q1~Ry#wH5zVTf8)2c&n32|!E*auYsDfJ!U^ zlyanb;V$UEsB5jmDHy~V;8N21lxl))e-3;h$`xVj^FUVPrQ7Wjj^13wVVih1`Udpg z1fntk(?IM8*!Wa;N^cX@K`8M`hSyXOuFERKO)s2PlL$AsRHwZgx|n% zx~3=fp`0k)KSm%Pz*XP=_4|#81E(;HNnnGryr%5XG||M}1jt5CntjnsT+!mJwO_xH z&y1O0O$S=wxIm$Ui>(3O0>$&?CPM)>_pSH&6gw=Np>et(J0X1-(1_4_Cgk8rJdOsu zrDUJM1Z0h+195d*f{95+UumBf(f82@>cNDd0gz+Wnw1y|zCp_l6)&OvfW0DbsQkwE z_QSqLJBKKE<}uK5lqoWX!$YWnPzu#^jpH09pb?97HGuGHKv#qzz+m+Kg}f1f#l#c- z8`rK~s{u%xWz%xd&k+iSCoG#ihu97Z56kk1>8Vs zqXrhg078%!co!_$zLr6h$iEK&3Zmme2h0%d99#X!u$#4g@Gx`OS1S}NEWHI1jz`hQ0DT8%p-DF&bosSq!r!^4pS7$>h2YhmuYRPz8PHza)(;Fv$GnGSXoPr^NtT$c%g!Tp&xAMDyS*y6Rgf zr^h$^vivxDm3Y;~P}QoV3j(E`%&8e_8Ek9@ATgeD@XB3T@Io<&>O3l@!23qC`Xj$v zw}@kgJPLSU(8+PcegQ_igQ(2-e=FFVevXdTJ`vJPk?C5zqf&?Dpq1xnHrR>XL?V)= z?KXBCkXXGViZJCwdJYKDyF|1SE-oyAWFlS}1huo+W+f6Ap#A|EYvz6btEVGs%Hm|(;Dz6Cr_TV#Lf%_HG$U%_Or(7 z5t>|c<-OkDS_7ML6w$=aropt!E$f=HS=8WJjLR!%tzfbVLe-H+RM&OHp17iImj|L44 zt;{N+hb$ft8w->%eYlNCBGCeOMy*3v<-|u$^*)&C&IOAaqJvJRF;Vk0m|iWU{M4ee z2&u&4WQ`7V234~F5nKbbP6H^sRAAb35QH_6J+jcPo%Uim+oKbSuJ`7!jU&FK6+lSn z+#?`x3V9>vSiJMpkQb(fY>{}&p=eFogaH$wD%Av`p%J^=1qF(AGssdGcwfwbjo(dz znL0um^GqMg$H5thzVALHWVm|5p?XHdn9*W-BfZo}G0F91_wLew!X3M00Q(*qS<`Ua7B=K?7e2FL=NDe_Y=F>U6?7H6t@QhmM zY9d z=(pv;ArLltLrh31#Ln>j(_<)J0q9(vxwx5|?YiHQq?OL7b`f%SQ_UXkkp7G6IbM63 z=MK1b9O+hWKA2R8F)1lm4^ zr@{INqq6?$YNq>6nl+d|L~~r3jf6^k=upq1fkdrwCdi2)xgI7Iei?6M_beQM6P5gz zu@t0qLimmc1(Jk`TDxvtR-{z1u25d&wQig?|jRRSlG+1!G$m;;DNlRMlSLj}=ORA}FP!C6Q>RL@@UF`Q2fw8xlAPH2d^(8bFhhmQ5uZ818?a8z*swHF1yvB}M?1 z2f*~B9J@X-8w@c_!oI@*UU(h&GvFxQMX&d}a|f;f=OoZt89m!Oak{wR<0Qn}*XR83 zIB<-Fo=JLQq&`XjhgrPO)Ju@lv>41#{<=P5@gk&WN3tlX1l&BOWZ2%yqhb!=k=4Pc zo+J4Hc1Ch2_41t)-+%a!eYt!iRRhT+3;hM4qtDDaD=nA=Pa^C1L03m2`Yn}ARlaznVAAc64J+!nC1hV>wxAz41ig>&K#^y}KG8XH4I^CRK;S1)KXH`M?f4h9^^Hd+aoqtMB>~UC zjzC?Ko1gX!Q#5bZPr>Gj(Vo&a*!1mGk*0&|`{Wu@5ua1_ve^8V{Ku!i?e!4rmzzO00f|Dgl97GgU8J ztLU1COJB`VVg>?ek$`9cv~~t6jrySZvbV=yBK+uVb?Zg9^lPK+r;m`cfeQ5fp8^Ct z0&y7BAh3*$O-f^UZ9aue7reswYdXP=>vtSJi|)Bl8J8q%{f?$8f|ZIIoD)nt)#d{jorGpq^4u*jOW1a#UMG3%)>16#$-D*pE~VT%1B$ zZczkZL4+GXPLZ_lAe<zs( z^7Yq)24QOtjvVN74L@)ySj?ClT#u&1yjyc*<*wK`O^Z<*MgDVj&`!($;tPWQXIxfv ztuCMah?VEQpIl~N!Y@dM?Mn^2vBYM2U(~qhvm`jY>t64<{`+~Y|BE}iuC6D=rgR46 z^qD~cvg#WO(QJzAe0bOXho=0mWZnL+(fzkEfbMUQpc2uy45Xlih)hZ&;-26zBgGyp zF2poQtPqGeNvMVnH@cu%juchM^Q1+c-0g(=qB^mi!~#@LXhIg*vquTRkb&5$VY|&+ zBh{QtIGe^>AQR9coCF)ef!hG0Ujl7+!=1&(h~tkypHH%w$vEsHryuMfcHCvlmWg{! z+Q_5xOb`Abz;J%53?vU?BS)r(FH9eTzup`7*TjpAy9}}|>rc^~!K#q73lk{`BsXr} z#CXL4^3_pulHT^9ZrqH0^>QZv?3TCs%2-0c2H_^CYVdoCkLV z$%RzhNVY1pP2AkVVO2eoP|qEzZAGEE-f#h2otZuyIY&CZkYW<9&HOCKMGJuTx?q^Y zpB~z~_j6(zZhj%j1Z{2SoSnzz>Dw_WZ;R_6?K=JhXlwx{h5_`h5i*Wsa^ROb@clwm zZZxsu8W3VugLc-T0R<4x`HN~qY^M)|?l-xyI6EjtEN_G_LkUAbE6Fp&ETqlKtX3d* zUx}l2h+G>&+QC6skt;|L*Y|5b4HW6K?1N0A17U_hCNi%echLLcCyrQ4%uubbP5lsG zpIqdDd$kctR0{SCvH5`KcvVW6Fx0xD@le?7<>_81MR9di(!@xPZJRO;SF%~IANx65 z?4$_#g=DJlpq-EmM1ZnES=JL|k4y!M-$w&%*9SQwP?FR|b4K|>DmlW5Ah{4is>LS9 z%T5t9cis0P+CZ*=oFRMwktWuYD_cls0@>5}Aw?4IMv1|-7kXyIj|@qQG`28a0jpSp z6D5{ZiO+3q`XCc?pNbk92*moVC9b#9#cqn~;$-(Z>eds*StSyo^M3b4%m{K*Am; z)D&7Ic?dHEz=-1C=Z0=IYRrkD%<2IgQ@uRL*tMJYK5IQwBnW#$4PHU)_J?mdQ8DdL zQ256~wiUspP__9(#xV^;Pl!}<-J%@i5x(ovN{0gIeX{dSEUX^kr-`FT9%gbv-gNlP z*~WX4-e1BNq3~-U_iUhywi@rNWlWPE6Y{QN-{KF>u;&C*fC-I-Ub}PT-iSN}EU}A9 z`add1iD)cqi)sbhR0`~4ns5Nr0$GKu-KV+@HmYC>UH6UPnb7a!JMv`_!*IXFQ#TBg zZHWgQ1mP74!%jGeEn-Fup!)f#;8HovydV(~Z}jXGgkK&z3;G-^SB-e-U?-uO(9vVM zPynbOikq(p>wx?1_Q1r81k{M4lOj}NZy)?ypQXTGe;q>%FVo9K}_)PfWbD#oYpJ~E+1ffgYF9SjZ@hsxGga|}KWUEJnjF54)?kp-KD~Aua z1h7Om#1jnd0 z^44e2)3I6y28TROuMNN#e35hNvAAxS%M}j+sw3 zCU#mpG;B-63|z~nnIvbfdPIFUNaDNq?>ld000Jlby#>6sgik^=ez^9fAGx{(Un2~l z42t^d1yPJ9RNgD6{s+3g+RbLL2lV7KRNT@%{rvm{O)T3pjT6=FHuyohaOMVOzwOsu zINo*S3EviLMjyMKQk0K^I}xZn31FSZDl$)n=ZExp?}#IJ>>=C6;V%*N49I;hB#NaO z%Emk5B7xj4qduJImo6*iB_(yp^+K3No(_W`4Xhaj?f}yAMXs7~*{BQhCwa@;mA`M! zjhF<_sfE~(W5-NFL6HnGHOa6bM>CJ~>tTVZcAD5X*`U1!J4d~!gkKt04?k>T`@mi*iPXXWP3Vn0L1uv*-E*b-E!oqHZV|6#sa-VQ#i(8z9V!Kp$tIRi0E%M z%>o+;ETO+;7Vtfmv>o9d8l>u+fp%ye*hbp8=OuVdyz~ludoox5y)K{@{!F;?B-Vu} zEvTWg(b-Lyw(@#Xf#Cpjbac$ZZ={`La{+&T44KTu(?~uKJs^V(^|K2Z#a}L>WD{NP ziFz~}oeh3dNh;(brihLJayRI|#e*oBNRbbMHUTsA3AGoh^T+Aw=@d&;wWM| zx%*TfYILBh5L{Yj7bF7WjnrwR^5yfHj)vFp1u)1Uy8N2Z3^5|!$-aD5A2cd$P^F|` z#o6B5`1COV1_i;7EHSQ?B!MFVDU)2{gt8$8LCG4U;HbV?K-?9iCO?sohsebk`?dz*_&)0Y@R%92MMzS+HI}i*R#6N|;Ez)grm^#r4! z0X|kmL!Ky3z%}F&PJ%KKHG`e$@$PQBeBn*mKzXjBf%udS{fgAk*!kLM*1|0qsW`Nj z*s4(BdY4-gvjdy^!7%?NUa^079ki^AA%!Pu(VBZ+ze}@ts{i*rwg1(Z(Ehj9n6I{( zs_IECQ`(2FzzTT3(2}7iwQ`BQbgN;}wGdm54eQ!=)Gce{;T6x3o)7*X=}h=Hkg=Xk zqyGMm$F#rd^S4b`n}n%Y+n?H^{Hy4sY}frCsxFj@y~5PKm8BGAKJZJfzG+_twGLTNoa_rQwZu{sGucfQpiOIq({N* zKDF%*I~&amDbA|-RkZTcy`*1XNJd64>e^3#Vu1jzOGN4gYA~1$YWnvQYe2@bC$Do*;s$&ga7 z+BL!Af~`WTOpXuerHMu^g$8znY!(m$sPg#z4o>PP_g00)1ExVbSAv_P7Wc*Ns5p80 z^dPi$P4sz_yFlTrB)l$m))NZ!&N8dug%$7NSxo5{Gt7?xFcX3&nZZRv4Z`mw51!*F z5oNJL=eHuqJof|K7g;Y7Yya0k51pdGw z_5x@S9$z+KAQ=$6LaD#S$>$!fBifOi9YI-y%NKA&3=xnoAE)#YPMCr35K1JsD&;Wf zYP-`8lk0$sYz!};2kdw(frA&#NDDTdM!S_Rnk;$%6N|E!oEB+PxuwT3W*x<;c#NK1 zVDqmvHBr|6W^SA z)n~vy{=0@CHMZBpV3fbn;&+1WX0G$$AEV2#?%8AVp6_x3F|s~0BT@NcF%`%pi@$u= zG81UZ7{kK5_9rLZtoexu*$wVi;wdmm??sCiSy-dC&O)HPrt)TEjX?|c+YP6+pw>*p zzr3r3Ftn(DLaB~U@y*IGin3GaN)PsT*{mJO-!NU9LES3&pCEJCB6v=dPgXGHZBx~r zVx%cV@u+x#nShfVFE4gh=G-KB33h~Bc4`%V9d<&SbLM$_dkHZkDgg(F{UCYIysqwZ zEK5;U0|Z0TAT=2IMYZoYQPlCn#l*hLq%y_#Abhp|7eax8Nd^N3Sc`KRy%Zd4eZOIM z#LZ4fObi#r#8zqe0vuA%Ixb?RPd;Vc_b*}9`V}M)ughk^y8v>=G9f2mrutAFk&8>w z+fLu{wc&Qt<(9F*Dkj7yqrS+IWiXHO)x9OYkufq&Pgd*sB$z%!m!4nXCABtfj&fo+ zh2we8Gr_O-T(DApqGm4@&hFM9TqV7_9qv4S7kk>dpN_b^@cC6Y{Y9fk-)>OmuaAC2 zc{pb4UC&f-4nc{G+_TJ)q>~o%8n|`x{kcy(LdlHsoT2|Ba7?M|UUip&B-H^kcvT2U zQ}pNVB#ri}s>dNH#qy4B`dZRjD`noAGGr;odA>`kIG5&@oBEW1O36f;@*eJHqm|;f zIwC$qyzCSn9A-RzfqZpPXdV98%Pl#}VXFR**Hmq<3e4<~q zJ2c2s*lVq~A}Oq@`IA&SB<&Pvl&I^}pOlMU20e1g(YGDc6pH*SYAPih6d~I4cf0^e zsNbLg0iwT$!}kZTwc}U!G}e2+IT}lRgbF9<{pZteN?Ri&rf^wY-2uo2Yc1>T} z^yxoToB+&jC6A8wwhr^>Cu*5hCYq;IsoDRl9sk@XuOfF=z!KvJ!%g%a?irUs6pmyL zaOksU%(~l@?OVsRHABcYh-xgCCMtHRVRb{tbXCNC#OSHto?szgj!9+0H*+O;oOn}B zkvXu`TJz59zAy3nadJ9GO%MrWX+ytPSgc%h>L(DcA&%ak7a^Lq?%nVcDY1k*mqBDZ z64TuYJuJPRJ>lMH-UCfjCN7j=K)XY#yuL9D7KxHQ<=_`i(h7!N#8XKm7{qDDACHUt zh7Ou%a|9UmwO0)qNCZ_A;N&OftS*!@!+=c{!hB;VS5e{9SRQ^?1514;h~OJ^q$Xa8 zIT--MgQCmiT+4)2%AWm!C`2K%D|dC8-0i5R7FYedn7 zdW1}pr%_y9?zt(K+~{!`;skU|^8{Xg=j5FD(9Lb?C1;g2(aoJ12ML@N(A&AA$M^f*uI6c@53xZhqGik-9K^^@L{uc3 zfEnBBg~bE9Omof;gjsvB?3o}z6CJSqvLfGqar%{4Xh^vC$e=K8UnJ329)na}v=am( zH<%a^9*&y&%_Dg@mLnpZ7V#5=lHu&zP5f4_>a|G*xQXKkuS*$h&ylMp9G(&$1FgB% z`a(eMY*I4i*zah+ClkZeup^g{%X60qMdS~|tbzOI=1xLY=J7SIGBMAm)flokRGd`= z4B~MDfA1ESK5^%2P)J!ZBl0Eg@|6}PR5TU8<6vr_-8GT4lvop8X^eF(jd9Wc9-1urRFthnX^H=KaDD&~f?DiWUp?E}O}Iio-9N% zU;53MSh6N=n$qoALR{(+kO)KNeL6qQ+=V~ASFJikOgw~HWHzz;u3HV|h;iIw91C7Q z40%D^y~7-7ZE$X?pGrvMZx&mLy$5J%rhPMT2{6VVO{~dDI!4JI26|V{>X9Pe2EAoo zP$Z_@&3P@$2-7m)Dnp2);`ysXNCd=(*Cn7od1avTJ~yqf-$O3v5I00;)z4Q=x$kKd zK6sBV5OB2HKgY{%p=hW?lrH92=p%MvXBW+HBwCM>rt8|*;!a{&!;HP<*&QfN-!f7< z1zJhQ5a90}3Po(e0}aXqFVGtkq@#xo0eWlk7m*rAuzP`SNKsZI4ubLsMZg0Piaq`qZqV{CDoCvD_FAfB$(IGyeIW7 z8K0Wd9+9Pudw(*Pa{Gi=ozF64q6?sjhBao?kf1QYm=e?>6D!|J3mClS^HgCnQAgN< zPS{*Y(R=WpILzsJqf~8JiiJF6?}Nj>eor{2%L{Hb!h6L|`3a*dVP<5tgb1uVoBEWn zpKZ4`ufG1x1W|WV>sf)LoZBpQ4ZuMLd0gurE?zU0pFrHgU%%pLYImylqh21G5$#B> z-{3CR?Bk$xmKYl_3d#-3k#>a6wuFam6+QPv0_4_7Dq`vRdBOJ>jt9^HZA`OW*wOdG zStQ%wuH$&^E`Ht#E*o3X6MMhOfP_Wm<@$OBzH9L^P5f}LPu+UC>+9Bec=J`Psfni3 zp3i$D{GbR!Q2&{?y#y)bYxw)fbvL?q?@m?ot}?%frbE3=n}W(M4?7$eJdp2s`{Md_ zO25}$ok60OMg0m&Qt({xH0@+Qp-q zz9yP@=1#QcIm$j5f#_s%Noa96*9u#E#0k<#z;oBBr_pRD%gyD(3e+iMuOb_gDEr*I zu%*SyiOA6vVLJ6|8sMd&U)R|Z2!BX(>^E_>{9G5G<#!;UAuV?1?IZln=bj6VNk5Ur?QWbgNTHG}a}HRSiq2gm zA4zuaq`473-6mp(QC}Xcv}K}?A5mMKbTsD469*Bsis7fk14`?mY45{>W=I6ONw3<}BM0m>U|DK8O3 zr7jhP5@F%UW`1d*LF%t;zX7R?tJP}T_E=?QrFP%6AMuEgw2hCP?La*${zm=!f*7(q zDh8xA@NIeh%2~Ahqd3dx)E~=wKhX@dD*W-|2QGtUhSNcZwT(Yl7+4T5a}Wfy!=Czhj(*DGhKoV5!y& z)xG=aotRZkK{zEA>_U&qIb-~Q#_I8!I6crT?3WfP@8QEUik5MiaRpCGxi{=HjyLnk zYyvRZRPy$(jh)a>QT?TqT0kZoz|-e*+Ju=&l20ls4WPfHM9&j+1%05%rN|MBWKai3 z`$yc=P;inc$_~~jrW40CMVS6)@y_4H#i%OT_D%E?`_+d?RoL?-G zqTni#OT1bd;=seM%3CaQdUP~~C)mru{`;EQ2xZ3ePa4yb^MPmfx4m-EP!(r;IH1Y!iJ};G4a5 zW&01--em=`)9>vcIkLb`hW9E-G6>c$AJC=l6B!H>g4Jh zek$;0K+OM7Z-&Jq77WU}?tbOmKlBGJ|6X)4H6f4JyaztcA3oH4$saNScgNJV7a6{x zAyWMZmp?N0$EujBy0@pYb&vl&-Np{T2ZHgz?vT}IP$o}7a}oz@aA9G)+D1f#2oi>_ z4C5oR6D1LK!jQdWLVqbBq^HN$c@j0g%;2KcW|}$ibFPO>>ym6)65Fw^7t9x=PXI{f zFl10!7UD50R7!}Aym+|M1eq@882oQphXaK+&(u{HZuPt zsaa}Os+0_}T>yuMImwtzyG?5YBEJ zH##IeeZDJ$qR;Gp+OF{kUUnBX}OGWG-xwsVP9#n7p2j@jE^d7moh z^wI^ZZv2!@P8m>m%+|Y7nW%U;Fgh&@RowvdH7>RYj&V3QTduGeKr!bmk@6twU3kao z|LXb(xX}ZUbM}*zLkE*{mTIk&MKMwG{AO9R1q8mIn0Sy&=bMlX4^rMoMy{DlCOOjq zXnz^=&bCvhc<;k5Ad5x3`zaHKHe7yjaM%UX)gj95{j_T-Mcx;U!!D4#_e3YZ9JoQhSU0JU_#+2-X-?m-za~rpzhE7CzA1 zTDc#QMZe{pq*(HZ>iet7T@eg|DV~H?6>=tN2-g#a7-5E}k7ckMc=j!|)7I_VSLh}U z^4sf0&SRt)*~DXw;YQF^2!o7-c#C^pt{8yde7H+W7* z9R~00jQ|oPA%;52!qWSjGE59KoT!-skvfk~wOAT8aILY))#pBC`n1tfX1HnQb+VR& z@EV?+KCllMgXkB;Hw1|DZg2TypHT~!(FIM0^9Ms2A{t%c8lb1Mf$dLe=5?-IS2t^8 zDOF^W`lKto&X!7u!M{QeZCrPb7EpwLLXn4E$+KsG$|k-#&))h{5+(CErOnifkAH3^ z*GYLNIW!PElZd|-EHbwsN7~VH2sA8`Ss03JA-n~PhiGJEVpyK0wG)`Ui0%Y4;QhL| z89~A0g4^2iu`aLQ;kUJa&zpb!wdhTQe2V&=;+I2o5{0O;?TfYV3T+ZJI}b-dF4BDJ zRh`Oap*N^EAU$p3bv13RhQxK zK5ad9`N{KLO8$Re3m?25qn+VE1c#QvS0?ph)4JWMD$lbgOo*VIso!IK2Ke_QGMGjq zJS)&8uR*O!JuQ_$j$TmMIY~jk4ULO&~h$^Eu5L6*DEEm zZ(dnaIas<63swcbCRSKLI!y?nIX|1&ZH)AJB+Qi>G6ig5J$iIQ?!5>eVJ7uWSyY^J z7OJn5g*_q-{RDf>9#wV!ZJ3l>0^TfV%T+{yhz#hL5q9r0oUdN1FXXWdG4e5mr36?g z=ywf~trTaO(M$Mp=5CLqtMSTnbTPHIK31e{?0NpL)Pe%wL^VbZr;An!)uQJbO7bwM zz@i67rV;9AuNt+rx8sGAa*GH)eg&T|*13c1PJ6!y7rQpq*URz$+cQud$ zCfy7OflOU{Jds8c!tPX^6mo!f!hh*kIREe=^eY@ZMAcc;ThY$++ak9Wx`tRXttgSp3DCU<=JM#k9V9#a8aA%*B=gaFY347Y<$=_@jvomZD z&rALp=$@tfk=%KJ_|TE?@{t}bV#PbV3@Mbx980krnZMJ5H(4;<0sE+>aOS0ieZrnzr$rg{DoK^dqHQcnTfoIJkLd z*((o>Dh*TrDSvUt?|J0V`#* z@ImgrxZcSH@aD?8_dU7WTBxXw2E&=(;IvObEF9$3{%wGwd=_kn%C;@*Qe5D z;gkM;PFmsGOJ`mu1Pw~2W}N$XMWJz#MkB?~Hn3bbt~=5b%jlSRBtgGU0w`eZrM77O zq7Utxvt7d|1L83dRC~_&AnThl)+BRx%vZd>VqhUKa%utXc_tXDj>U(ns_|2f#NU0$?-YyHQw@w?;Q@Tb$ zaSWLE;50p^z`&Wj;n9D=;wv%7A*qU`fw=J)8fKNcS8{%{NXdxFL=g8Dr=KMKEILYC znrf{RfIHhV?QU@Of{3;H*b0R}GOIwoh>lSz02EB6Qn)3H+ZKXV@v7ph1>sE|hXKqU zTl6}v_xDd09E#cP{FpP<_Ii02+>Rr05Xm`eCp&OzW}VN#zg~_`ia}o^3s^X6MTRon zC&Skm`Mol%APGxFP&;$g%Fe2Hp5CqZy}51t?c@24?x=cf(@^~_TGuhXsM0KawrRVQ zV;sY}&)?c^+wJp?lY6L{v^m;L{Wl$72iM=WT4ZO8JssEEQg4R&Z_Os>`#${E_~{>0 zy|&%`HuiDxH;bN2f)D&r{710X@#}x=ICu7}@0Kl1O-xNu0JJRi&Ko3vjqP({dr4_& z0i~?_SDjwHTo7?~;Dqe;qRO;7GE}{|xERlbKG;{R2SpejH{s{Ra=(w9hz=Z&euD@5 zMMmnKm>6P^9hvy))AAuhhu+G{Qsct!5Sg=f{3I;zH~C|L)%fww3m5L7fX>R!wz$it zkH&)s561sjbMD-^4m{C;f#r5S8!baSH?b{39y$gVEh{&me?Z1hn(0R_BhMhWf zI_(tSR$pJ={mtvwugxFEZ`ja)TiLiFjJ(1-{>u0|1kT!(zoc;(8K@G*@Qty{NN zn3|dz4j$YVpQ=RS^jaod~;$IS% zlaaB0^X6Ynyek#NL^B_sp`becD3U_S%nIMDS4}9`Z=|F&)zj1C12(3`Zm6Q7vi)lc ztl54ek9Lfo_#-WGMu$|5q@$j~tO=H$E$`g9BVSHf-$V&m2=F10{WPKH#L@fm$;L1J!W0Mi*}S zZR*sHkOMpEFQOlZM?@5o*`6e>8vLrTa0wzq5>jO1oXJ!1=(kebELR|obeTu!l_F~1co z0BDg`gs$wN3$C9$*#w3Ybleo_;O5xa0dZXujvcEX6BBbXGV&&tG_5;z+C~L<3t_c> z2mts?f{OY0@tZTUypv z{8_Y=%XSM(rblbtrOQqvesku`xsj34cEACvLY@0`60OzMb&5uf4zp?4rcJtsr9n`0 zg+?Ci)E%&}@Q(~wj<&Gaa^Xc*mNqY3AB8{EL6dG9`RQ#Hx9MHOK2|(WQzLP*PcBQcd7=eBU+!dq!+jz5Dj<>#6Y1$gqz7BcGqCXl-F((cQpcLWd3= z{HY8q?vB7C!^}%*} z#H-?BK8uw7mU&3Rau;a_rEUrj51+qaLDu{vnq>?9kbV2wMXyMoGPc`BLf0wBj$KT= zyPBAojCOaA$|+NCwn@>IRGFQDEV~eo9!6E zeGLHlNf@DclABxKH>Y#aMIxeNr00bAxVWli(e7v5RkNEkwCk)0)(Zirx=GG@dvx{p z>i*U?HU(tA6*n&?Cy$NPvSVV8Csds^!_iZzREnov+y@oSA+0}u{tR2Bo{^C;$;M^_ z60w&AANQn}cGlL`vlcAq>xs+M62C8f4GeM;R)n2C-Gaw>JZP23j=mWg87UO()6k3l z@qP*Z>{k2x)%)d_U*@~Jo7vc?9zJp;{M&`>YtbRe#19Fk*VYWXmztU$J#8>5;>hUR zXU2cqq(OVR<={aL+bL6C(HERNdGZDt_^=OyjEtPAHcp;8wI{f6USLRwN@!L59}O<;Y}Q0Ea{6?w`)O%$zYOv8vsmThGaD(D!uQ>~1stU$QUJ~J z$Q3J$P)qj%BFQ)LC20A-AjA+>^WrB z=e}e;KU}VC?d@H7Rmq^+a{?=I_|7iQpXTW3GiK{y07>C&#SG(R2Rxd9(5|GgXQEf8M)iM)Z(Z&)HeB zGs!)alz^3u*7M)9J#wFC)*sWjv0qS4+Piga)zmgJxqUn|R6&_{6C!9>i@muIAFuuJ zx~aRnd)V#<4||)MYQa+6W8C^ru#@42^XARlf9Oz;zI|I@ zU$>rspqPcJqyM&TqsEMBL`663>O(1h*MCB$*kDqZ;L~T${LJe1{>(i_Ghe=by%7XJ zS8eM$C(Ty#%c~Z+xlKMbZs9@$Vws`Uv`*AU+iQC1=s1I~X@q#A2579QrIr5ZkyK4B zw1$eY6vaZur;S0Lf9~o=Dj7X@?g_^lGHCEHR>}M-uNYGyx7g(oUXIqYCZzr+#63qL ztr%-jJkoe~X8M(O)On2ftoD0+;>3xl@_DYVH}BnR#?b%zJ$qEq$W$_xdMfboojZ+q zUozBMW`BJCd1cPN;);q^p(~aoUHpo|u`vZhMf1lY{w1z1z7s}|J`
    xlH_*x9qK zS$~ntnP}6tZGC%td!(Ih6)y`5H^7E=)7EYnA0O`kBd*raG}SV%H^tUsFRx^J*%4r;nl*pU89;oQP4Qrzuyd!1<+yR_n1Q!iwI?Yl$$8c+#R03$oEm(= zJIGxAkcT-r?Oa`5vCH@NOA4JCNb$6H@7^1?Zq)~S{^=bYA8)L<@%V9jV`F1;E31vy zua7u<_;A*gh(+>^7>eD%Sw*%)7lHtBs88paN|p|3*0A1m56ZJ`-jP zB0Jy~?@TcwVVG4$XHm?yzbE#n-qn@eoTg8g&kKz<`Vy$zk%uTIH;g*R{9P#_wA za(PI=G0JWoeQ z?1KNR}c6XB2X3 z^k83Z70LZXKh+P(5(`Htc-!mf=$KEKFlE)nIAib1uCeFO_h)2(_L@9fI0tg0GA@>O&t zu~0SXK`CzmtM1B!_PA6U|(a?(bisK1*dNzb3tp^|Wc*_!T`U*}uGhahF+;b3mWbA4_P;UhJ$VU&No? ztzLFt!q1mKLw*1AZ)ZtlkUwD!I)vi=BY#R2zm)v_FaO7WX>Eh`FQ%bAe^B;t{|u77CYYKdX{#$lVa-J*|TShRFvg3WoZ@p z*)NT&-r3|r$&)9m&i_JT-+cN3zP7XCZ_;11Gg|MUeZcvNM&XpdsGOF&P`zMR**9T{ zZ(jSa$mP9rSbg^6?L_h9JE_d9ug#B7^c1(Ywl?%$H8B|&ZAt4(mL!BSY^@(j zdX>~{NiMfM*KR~cK}Ex6k<&3hKTk(T_u|EiV}aW)_r5P*S^9?m_8&O#BH;E0AJ@N_ z7;}|+dwT=7vD{}QelII4YbzC1uSH|bVcWYQA>QR<1X)2!Vas4H^+>y~@1i<8^`>8w zZQOP}AmBxZ&Gc*UmBr!Dul-}hE=xL((FRs>Z2a=&%S96t1;^|1{kS(a883Ajg-e$% z$;*>UtPIwMRaI3jEiG+f5VYxdxlc^&VdL;la{JYl-z-O56qJ>Rhlhh)9KLtH+DOfM zlWi%&$gB4KdoClR61NvmpYk6*{PQiFcXz(6k-NL391TDHw-1lib{)PVb#0!%(88xp zk+P|dhWuV==;x6Ux2ex^&BhuUcjMz(nHVtugP#|F3=0SdaH~g7RWleB6cxE&y=pJM zJ4rJ#G&C_Sje(8rq()bvqeWNV{xUzfjNYHErbtDScK*0z;Z%B?1pgUx$+I^}rS zojZ3h6gghMm!26GYs5*mwzRZ-{3y!J9T?l4ZB(upM1QN@>f*&5?^UmvSDBgL{5EWn zI(n4*WIX;VL*Z{f`r&bz=P$3>X64tfUz?koCwR=qn`74cNj^V?RyM zFZVhsN0W9kfvYcG+}@A<=JvfxQ*Kg8nl&abaJcR>gX3O&A{FD`zt`8-*XHk4zRO8D zP;+nZU{{~luVD6@hNp_pI>pih*N$n|e-Y+5&#!l%gYd6xA#3W*_^6r8# z?b+hyG^5SK@S3W*DbL`kLGBUClsoPOe9oIMQtZB!L;iNQK znjI}FDk7I-WM-b9=s9xuux|V%E78t{=`RBO{5AP(9#g(aNf#_F(--20y6Jq{5;L(d z=0h@=b*M{H6 zEiZd;b8}DUVNxrQk@*h{3_N}M)Ro2WwXw>b&@`hN;}>U7yX;%_BIMG&uSlGW7Pb0N za`gu$jC22A0fE$Psvho`>VAHHv$IY!e0xIP);BhCU#p??tEsP#IeN{-$!QiBJ0>rG z|Necdty}xj7`ejEojb?tuCJ-7dFIRy=_BM#?&4(rZS|i%x&3v0Q;vDVSVvA;U|?WX z8Wn|q{gAn-X{gctEWKB%PQItuY1E?*nk`KACnY6)YtK$=whUqr@@h1Zbe-_{y)^go z$W!)6vp$b9cY* zh-bm*DF$-2Z{18z%D})dBM{S|p|1WkBV%TI+TPBt=KXsy5fSUIJb{j#mwRr;p6gDx zZhtl)qm`x+r+(su_JTL3PxN{?#!?^dauH^sn)yxo@`K?i1Y-GbCz=`>LCsA90cWK!Sin~tG9x1+dC#Phlao`iNiY9slv(}#v#(mFp{C|+fn9%f5JUJWqzFxo z`i*Dh&en^q@Q{jjq3OB1rHt4HZn3Y@pvCA;qLB! zn)P?Y!-rx{BbqaFp&ZBFgs?RZIn2$@Qu-~-ci9F~F?}d@wY`;dcw1nOb-N&MwYY@D ziCFRJ-(HEU8PA?=qo$s0PF9W(G>pgm#$3eA`t<2j$!a`Fukwi#C)CyNEYu)iVfbsO zZ``1ejMI?*dD_=JwEQgg9gVfUj)dromi zMn{i*`xf!w!Kbb+JovB9SJs<0ZNkKR`02Jr8a1=1O5GJK-L5?(c_!7j&FUYvwzYBX z+vhy?(du2~fi3j>;z+K)CYe5aKJOUE)u*=~K71H~%wf6e)=n=kufYbt>bJE~H*VZ` z|Ni|YzTL7r0xNlWcxg2a#r}Xu$FJC_Dz2YGwQ~vVh zOa1&SN4=H{Qd7USW$7b!?@e$?V#cZ+9UbM?h#l!Iz2@#-R9t+`*!VL>I`u?M>Pu!q z^y@colx9ch3Ez`>Nt9?5@P=5WJ;Y6GX#Ch&kGh*$SXf-TRM&5JzTB(Sq7zp~m);zbB&>(F0S=NA)Tp;zU($~(; zPCWI;_V%6R2XONzV#E%KicYze;Fs5L+}J^GKmO@O%xccXx7%D@e_~>094xI75k_q9 z$gv1>o>^SRfo^VYH(7Dy7UJS`72};>9mWtW3LhMMOjd z-nem>P3C-$A_*b)(ipXH#+0qXGkGmn0bsug#oY)I4gLhOCcP0dvhO$k?ZbKyvJ{y0 z^>wM_Qy^r8$Hnzz=^ws!?V2+KDf`xtw_Q0Fjd4d@kvdp*?|vv~$T!?`#hxP72Lto# z=cJ7LtV&M+fnd2QNmCqe1Ivm<+QY3O`cSfR$O=NiIsS)IU3)49|1!_nyJrvntgWwq zZDo0J`pa9avGigd0->(heJ%qzk(dYau|m`$1bYe{)1k3% zh39Utu(3hH5s?0?-)^vkMUYfI4?t8+P3@K(H+R}!f5{)xCTC~BKzxl6wYp!m*oJ%q zoX6gnS8$ytCMxQjoSbi!@#)h$;%le~Q}F;}o*o{l>QVC2BQFvYeO?>CixN?ezidyz z6%iU5iomdmoOI^9N%FhWh5+GeOO z{IG5BZYj6t?=EjQo?&hu!31YzWgUCAfgr24TgJ-+0AV1+7eI4)AV_F%ldyrj7FDp) z8P`n<7Sr?#I`!?d=tEDU~dSU%*3Y`$!qVRK`8(QlwEhf4&zfD}?nZUt=DnaA7xM z__ww!qy%LDSFc|E{u*ODGc)7o@BjBuG$^OFgs>c$|DNBcq^NixN}Yuz?)R^s-LzMkU2*DR!Mi{QlNo83^nFbYgFB zA0Ho2e3ZnwzxF9~V3nhUa+&C6qNAHzUUWQsINz|?<*K{;*RNk)zO|j`X(cJyxl|!r z%u!+bW!g{`Q;ewsr^MC+FE2~kY0p&Z4%}q^-6CVgEa(Fq1$s=u)l#~#EFsf`4 z4xELX0pQ3fDBdT?81+0xs5rl{O1)(f9htg9&I}va$#6$4PxW496cy>sx&T1pTHJ4~FI{qScD^bV zUsYhaf=Gr}RrT`*Axsxf=(W(lac0M(B5M*tVoIUo@XVq|v;LVgXPVtSJw4Bzi;9bj z!?((a@Vb{+!Y1wkVw+@ceD{u@hX+p?DD~s`!ZzY`ot*pDj*PVVvfsajw10x!zhWCn z0OPJ*`e)DbE6g5tbJa z!LWRRuB8_~`=84(?dOmHZ?Uh1JjZq(0oT)*kdDCj4XRobMv_u zCW@#!)6#~8%9r=hZjOtMt-0nxV#!Yo(`R&i%uG#jZ3h&Y+qP{RyeZ562_*q4x6ZuF zyS8tiuH{Zpu{mvEP=cZpRRvbnt)1NOqYnkK-y}xmnR=mt7D=a(=bpb@_J#Lwa)m9T z`bJrlWmFzt!Z6TN?1~)E$i(!d?jV6SKw7xz3h<@l@Ow;vrG^nhsy!LZKpzQe!AW(I6bzSm@_lGX`}AqQIYV$LA7)5&G&PCWM5*TO?L9pW$|6?AyUe07elYqb z{-Hwt3G=j;0lWi-86~x{n_GeMUWeGXUmBuBhQ~W{1kUF;f#G=e?Ad#8A+#ZsLrJj;5!hlaQ3Wg208yKPd1U z;mE_&lkRujcG+;?D!d^~_2db8f~knGaHx3Zz2k~O;^)getS($gO8znVNLfv-9<_>t zeN|T&a#P4|35UfQvs=^Y>FMG7b#I3-GBVn97o4iI$DsC=yDFN0$BC~=Uot~TXT#X~+p$=Bc$u6N!WAA$&bCRt_~<0wf};Lmz|w($lG5ilUi1lKk}9!k55h6 zIm}(xdwRZ9lAj;YzI?Jh+sM>(5P0qD`?$T22vsW=~EA|8aKA?dZ3%(9=f0j~;D!_wJ)113~s%Kyh=u z+42Ias~bDHHEaM~k$}=qCF?vrn>6u=K*$aJI`4a`CQCox>-U`QT6CXzri*JMX-Tm* zc6Uqd-Fp$MXs}>m889n^Nkqx>6&XQOTV$z%#`u0oX=(K;IgPV^*q8c;0(;w!son|8 zZgwPN-mspS@84lAwT=Zt(rvb2h?-^_@z>99VjdF9>%>?80^kP7_XJyFWGDADRy};V zQ`9*EV3?d#{Q@djZ6XxX;}H@%Ia{?uf}?`gf6GDOQQ3K4-rP;3>IXm|YT=L>`L$%q z=+pM+1FGd6q*Suj#DT?m2~!kH6+ZG!8&jPC@CZ#bl)}}xBte#m_^SeTGD0E%=o!gb zUy=a)K6lrj?-D=!eapB{T0d!Ff*YBqu`I`*qY0Ljkijn3 z-rqNM?0i7Tm*5(5}vZgVS1j|9UX& ze0iWc2=&&!eftWFiU2(q4MmV6{|eYL*;n4!Z>OabAG<#NqI)+gB{%a62rPQ6fQRBb z8P9KKZg2mhu&{99@C9a4tO7z^VzZ|)Di;t?s|cVL37+O=W`_`j4>~B{-F;3^PnD)B zzt1ZMS6rUe!|nJquHdq={)Cz`gOWzxJ@R8&3~ZJ1u!rHw-z{ z*VVa6vC7c^Gl68jtf&~^?_UXofv2lF{BvrGM!3y4*ywi#G?s5H)MTyQR3i*5l>LLfe8;Q z%eMCX#BfF|eF((wu6>v}+3JDQNlp~XVfCz6unsyAMiTaQ%16J+%@HB&!+I66DO%F6?Z zD0kY;6N^~UzNn%d5Uos5j1u&%=Cx;fXQBfdhUy;W3dpeCrQs;+a2)iQHaQ#^D? zdM!X;VC0&wBVaJl(LH(E>55=UydgjY!HR<-BG=}|6qB20XJ_5##`fJ)5@l|XeFvaB z+z^wNnYq8y<=6ao)FynH^s-ylqPd}&ax_vY77eQA6-2x+?vt#**M=gFj*gJA=D&9- zmkmw3fsX~f4Pw-U>rWW*Cx#Kt#nneGqqpM+Nz>~=ska)E`jn`usnPW)IFsaAHa|k# zbai$0V>dA|S^oXI?~o&|kAy37=+M4CA^>Yjlmqg<6BHB{S!;UmWSr!_p+rbR0$MBO zST2iu36^C*xzyCue>fd|P^6bHX8{KaR(d(J6K zOUp14dKQ+W4udMq0lxqoW1^##6cnJVB_t%o#U1rrnr+S0&HPp;O`Or9*Kd=eu&Da* z;X_;7LyvEtKWpmg@zHL!5{+IE6^khaQwFW?rjkyUp0=*8a+%l6;Bgn1`R5lZ6?7T2 z5jrrFLqUT58v;e`jA3t#K4gvBgrD9T6lQ;azbG@byUTb+pv1J~u@hsgYq{tBrrAz87nx%b!gB|G#)}N%!>WM{4b@ zN#91sS{|=XRz2C-5j341C>$RK!C|p^74KO z34L8VfiA%PmRB>7vzJ5rr?Ept{^5jWf-3WF{D3Pe}dCTSDBj8fe4*)+Tjz!=rD_dq* z=|H+flq+@|v+N?nPn+3WzxC|5g?j+^cfo$c4b8@_Iht2vP0qBnB97@SdQigWmLM>>XVJ z5P@P9)C=MtQ=q6w669U;XXFM_Qc}?ELAP(C_HrDk+B8$22RvjCvv(@M1t4{e*Ksoy&1?W{6zwV_O?=&j<*N>FH_6j$TurUt=6-C7tR~VIYO( zPW`Ar5d@*R{MW>hZGn6B3Z_9>;Y~x$5iM2)j07?U<8zzZK|B`82dZpbjK8MT= z66TiARsGACzk}PT`l6r#5f}yTMON2D(7?%OYg#l`vK(j>HC&JvDZ?k-kzVE3kSn@OqM`4ud_Njd8W1ZeaSYarljz=YZ3@eb^FH@`$U*`EK{Xl-kpe7v`IVlcCuh?5^h`jIfMkj>P_i^L zdqwnr%-NRzR_eV0C>#XJ3F&Yjr3o|?dhdYTai$ap0OkzL2FQ zcjTsKWl2fNty{O=X3gKQj*L~1ye?i8$vmaTVuR6#1>oVshmY<(ct8u$FgI6}fdP`v zgLm)V-M)Pr%sLg*!Ru0`yNnvHMX)M3IZ6o$0;dzC^$fh5%F}*8g{Ig zDW+_nKtl}nDLf{jXJr*UU~=KY3;QohGtSvcwzg&_CNuLl#{AZofmQH3gd=7(Js+$B zh`1Tg8S(F{$G1Gk{O#)O)QA!L4y~Maa{%8{SiSTj=)G7!eR^>b1rV5ah|~jvgQAFX z&z}ohSPcJswv#~kylSPy7MUv|4A~X05}t%Ik44a}<;z16n8gMdeuvqSQ}jV|y{)Hr ztV17zAaS^8h@L7$@5iaBDF1Lqef=&hw$fok&nJ|B6y2h#(A)e*gX(s~8kq32q4_R>DCuRe5=N zx8$FhQ6^JT#0rDs@^)fLcmP1i(eVeO6IM@Kb+zL18PJSKb-;mTWo73FI_fY`bzA}! z{QUfPS&q;%GNz}cwGWcxMS=8UFGb3kOEHwk$RJ8RRB*@mo`{!jUZ2qM}alncwY?94Xc* zW?X}N#E6e%o06KU+O2TA!Q8^k?CP~^`^&{nfQcjK%6@5K%t=(g;OuevdwaoG0u+mh ziS5|GLqA04+Sn#Sq88GY`K3$lSW3W`pP&Zf=j>TPKq;@~1;}}mhJ4!VQ@_S7aVSyF z9~#_t%<{0XV>H)`i+_POA9V_srXarh%P*5_Dk?rFhe)43egNY$bDzZ+HWREfIOqoa zF|)OtUP~ic$|FuHD+ekiA5Tb4OS8CmaVHZKuV?i0Qb3#ySJsKq{Ro7ZeMOP~q*&L}qal}dd4u*1ln|4>E*SWRaSl0MDL0}oM% z^qST(I_T+#tdGTEtsS0bzqZ6VQZ_KgG_Z=>8N;}U1g!Y8#}cLo@FFN5w6v4ViPV?R z4U8i^8()7c=3nX2E3iv?@#26)jj=EmAyB}79QJdvZxW!Xi~3~Jq0N9)zb0jtr;eRJA72$+gc6q5>F|?`48B_y zk~_)!zkEqf{;|3vx1?klB8`(|Ph;cB0X{P?FKIa%H!7%cp*RJUUJaP-s%~zFe1xcF z2zeV58BVO`Cug_=w*3GTNi=EpzU&x>&8qF=$D3&%F~U%628M?t;^OcHRyMXt_(!~) zK->{sTbbEqdWe4mGJD~e;6U(WU^tA)0Qb&z@)vk=tS$@;@##1@IeB&Zn}0rOk)6j$c2-8pO_l*V*<(9(FRL{!dQ!)jOPsEojY50Ap#JPA0y4;LA@2HlG{O-fd zJ2E<2Smg3RI=HeQxp#lAg%ydpi3tRUV}i7?!WaGmtJMDVT&1xvph?&Guy6I7H#*wd z!Av4w4R<~}U%CYAT_3>NcWybvyPGwXo0<>0G6&}sHeX{E;^P~`47q>ysE`ASDbx$A z2&#`Jdl5#WQ>Gd`Hu+6WO}T;m5D|m74L-M6aM25&>mydZ9@AnfAS=9##dKsN zWVFW;5u=E9pKM%2#DJSOQ&S%n6Qd7?F{81uQRwK=Qh29`wqZcs!+jommz>~tEBJmC z@A~-TJ`vBQ(KMv{fxYL?p9gP+i1vBf4Z?6}q)^!&lr_9CO=*Xd5`0q6Sos7qA5t~B zUTeChGE?Hz6&13)U9kG`6-put-2dtUrj?NBaw66j%QjX|4W z+#+6{fa~+}<;&sc=&+8dPLQ7k)%Ccq7eu}6_bC>@GotLWu9&PdBU?Tu zTGtLml5|>9DxdrGoJxAmFYie!PsL__dBp9gdpO^qc)N4fkSdwxc5+6-KBh=U#%Lzh zgi5oqk*EWv6RM4}Axg=w46F!zeneZ>zwG`0TTiQvV2xmg+?bJ>xl6{Y1Z85F<5~VT zL~wYXjLprJXsU<_M^lr1$qCY}q-2dDJXaczN%AhWWpY$t);vL#+fb^z-LWhNBm<;dQF3%cx!SkY0rr zb=u{uzWy&S?Q%tB9#cEB_a7LVtVEduE3NvI$!N$U>JJGEvlmw6z~6Upz9}GSOSOQ`kX#QBRSCi-r<~oSC_~ z7>Ez_8vusFV!Ml3Rhr5KX#ll$7K$!S9?r%JH>vYxW<%g8FIii|;sNcf_gPO2TS()u zjK_jzo&7m}o%$7ac?w-ieL=_QfQkniX$P=J9MVZ z-g8j;@rvfYdQqLdp9gVxYeJ(CFYiO?;QFDlF}`_YZD>*U_6LHM(4R1j@&WZX^2iF> z7?ziRtX@kQ2ZX|F6S4ZhIV}gzNP^cA-tZlbGz5F6@11j?lOR)Z$h5Y%Cx}?weei{g zlQVamT0XPA{VK;7UO#d<+Ua^k=&-Oe#3;JvjzEF$dq~dpLxl918v44}V>Aj|v*s0h zw-AHr;LuR>s8dv$&hBl><~7GPPx+vc!dI4tg{21+y&pSJU27M0 zHK!XzngAeog~oqnc4^LquaYkJgCEuA}VkT+<2%~ic1 zx22UxVjT1N9i$_{b8zRjp+hK={U%HmuxUxdehrJlnN)Rq2Zz(=8VJlaZ{KoD zO6tW&p|D{UalcbqTKX;u!iM#&4+Je$XA&3io}dBXv!4+Nd3){J`?~P`ke{SimmOiE zffnUp_c8qxOc;o`p34hxp18s=0-H%)9YvEUOonLvxNl*O&I7O<#V+47mLCy5$~u$i z=;<-<-VK!Z&h1YrR8>XxA8i)WOTx%cfuQJePc*#vyRz}K{%olQ-4AYplbL1MmqtFw>h zU;$~dLsSd@26HFL(!|6>vyg3x=>RdytbXp`z^50N2OjMiZDB6hDxaj8bTo68ipWU; zCO?Nxc*Mm9R?aHddN^$0j!6)=H__9J2F`(J2fU)Ojg1Eq1V)_Lj{*)ByrVzG)*Y80 z0mq_~XDAWWn!v9!O$(B_dSp>8V;c~d@TKmT${RHw`1+D~QOlJgXd`X3)Tk_px|5YY zd!~V#5UiLV?>M8YYjNeu3S!MZwTDPvN=iz%rRg@qb`tM;6AwtoDG_*b)h>~>}I#TREce?R9;^7Z@o6J;Yfq^xY^kz!C4*`0UK zQN)LC5iJAV1n(paS4GdB3Br<&8Ur{RcL;u0^x(lIkXG6{Vg%;{j8rKM=`0cT!JQ>f zo<3Fos?Ho7dUgBsMBI@_?PH^4M0eQP0F~rsIIH3LRIsgOAaW3rPU$f*yX0ul%>_>N zh}#r9EHA78;dk%eReCAdL*UVe`}O136CZ{Fs5{WS;Xa3)o}{Ug)>7NLgRf}k#*nu# zY3()2=@=)vT%p;4Hg9jonQv0%pyA`GVe!NIA-MhL$ItEBwQJ)>7)vFkuFfbpT|i|2 zhT1XX36sy*z?UyDdVMt9kn19!6k0#@(yS1LFkX$B#uqzr1HlM`zQji&!qN#c=IzZ3R@&Qs#p%j}h=_Kq z3e2?3_3#f59EJbA`1teS8_t~hf)`^fTw@R77tjcd*?n6q;WDchu9>1h%dYfvo|#|5 zcv?^$t+c?m%o>mTe9s-e&q({2;W(DFRH+IT1(|Cf(6W6&ln@k~1c;Y04LWd^!j!Zb z^PsyhrzjHzH)a-uYuZloMzVi*`(xy9_r`3LHN?V2rI6OdRd9X52y*o^?u;v2?$*Ux zaj|ERzjTc}#<@db@*(fG#6pZ58tSIR=@QB5gR}v3nz$&1{YvKH;V|o`h!Q!nokb+z z+`+U_nj$xOc7o68{v89}ib_hG1LWhM%Y9v4`Z>wnC|VZEuzhOr^Rip`#`kUB67$lkwLd|D=*Q^cjYS4ZFX9!1>M!eJ${GH$fBf~i6@t7cZ z1j@CfME9_njNr3GB&hz~wDh-egJ_{3I<@|LvlR!Cpprd)RtX&0lS|);@0ToU{B~VaHP$K=2@qs?I)aFt;UIWVfRUM}JU6iotRv_h%VBugy@(U7{xici9}Wm`%Q@b2cJc% zr&_*;oYINx0c?Lu37Vk4zyIUiv%q&q6KITuBj8~Vx6l11OHtS?mfw)>qot(<(|#Hb zEe2x|i}ys{+uxroL;Wh4ftQG-y9`u#ioC!Y& zxHLp__}Y<=(ZjjS!_7SmQF>)GEdk7q)*0b7=iK`1qBRCl1RV!9hV60JE))C58f6%$ zg=aQewm)N$qk&MHAZoQkVgcflkB<*DvAc{1$ViBGGjN7( zmR_~Viz@ErrEl4Ar=!(WK8e_Ug(pTUM&?2SX!gYrI$GL~FRNv)%|A7BrA(Ca{yi5V zzgkL2Zw8v!wp%>0iR+T3X=<}2Zfx-MT?mZCyk)(CNG8I(10?|W@#gK@;-Vs?064p# zIAxbDWqeshPx+HFa{?c6I#O;}s-X01YHg(xh?t$8#;9;azyPd36iZ(l-^`9N>QZBb1t-`#*9?|x3-iA-n8K_^ z#KX_;u%a8{KVvE`MGQ{FCJ>^7lo)CLTLTyTWniRK|2pUn#4CfSuA7Jv{d50$1i8p@Wf(K^!%MKgG4oswRRUhPR!@fdjyw-f~}BI+0&6@jkJFaIY{ijJCb$x?zXU6 z+F;jjZNVM}!ByfC=gRNRTq64upd~9{?uro5e;6GNmS~?e_*F#WGKiE!XPX{E!Er|Y(#<8OnBQ!jma z6;IXD{F)&!krzJL>g;@UXI`B#1*&lISun;{2qobYRP*yO=$0%?U_(11rep}|~Df~WM9+A0qr zTAqjYwzrv@*ChOUgG}ws&98OyWUcs?-o`Z!2L=SdLDSyd9osluU!DXkcJ3V0)ulOz zpv0j-X*J+2#>~jblV(cToY-u6Vud?#M4Ui}HUVO@n|V&ou6radXik7j7abT?q#Ky?%`RP1_2Qdm`GmGHAiv+ge@CgC8yIv$cg!{{{tA&|AR3}fOS*;c zF*L4QiZaX5z>tAl2{iVIAR;O{-dkF1nF@6YGBt7EjVq*PT)(4Btt>Ro=EiIUXG{06(*i*D!M~w#J$F^)y z$-@qYNZ@vEBk*I}SfvU|N^pZfK64|@Ur@|qLP1AEhC6kpwTbyRyp4blKsVP=RuKC{ zYJvouBW`v7nZi=r+TLU+7TX+B%1Y4Ozy< zA@EV3U6STak>^~?=xl?5gGe;Ej7L@}+lU=`-i)@s<9D@mbkL`ElPlD9{!=|4`r)Yf!$Y~>LcxN&i5dGQAs zGjX7HW9uAHhIq3N7W{mP=<(Cs>W|N_$-)`7WvN`f3S-i>pz%xCx@C~`F}!7|j~{bX z5aS?j3NN@2MIlN}V!t@|g^O?QfKY)M=`2kB3p(&d0E_nmg)(EcxO~@hrrnlx@9|?Z z7ZHDT~pgw-_Mo-n_yPZj|oMbPmtFRKZ_VyBY*D2n`BIP!P5B&5&%O8Obo0_H&HIb~!Ybp0PF>hrQ{)`kkXpJfywW^Si(DWwEwcMPXBkr>!3`QRJVq!8=4<>2<`1uq5 zv`azbssq0a$sqeExZ&*g-Z(u-9sEkC*o9S0oIOk4uF7AOobddh? z3EdmC1e#T_jYEOK1YAsdro*EAk~F+RLXhAlJ6~lku*Wob&5qp5&bHOjd59<#7sn!j zCfn0z&Y-;<1_OMswzmHM{X0_d-28DtpVOee(1nS8W4OXbKY#u_I(l4;Uj}R;?8YGR z26GVt0GJV*5re}YKD;fK|MI1Sv$M9*ViO-;Cwe_lLSa8D_?#o7qHamMgA2^b$w81@ z@SqP0zju$LNcoN|yNbFx>YRNMpWEBp(;h#D-DVwZ{_hBJKJ*pCKQObSK#+iezl%*a zRxeI^9gALCBKR1kIj*XIie+*?)gt;j>b@iI3AQIsTCCoW1ndhJ*?VBml%lDkw-K#+ z^rglrWV+u^d!9Rb&J52TQ(p0~Hjt)Yt7T;>e&BRqBVPCl>?<&)S znD$NJSjEM~IXSPtHU@Pk=`}Vwx;Q%;)@7l^7w%r_Wmc-r^<$y7r9}ktJUa~tr>gHc zIJGWcxTN*>(a{%Y`L86<`sr*a51^EL*79u*?R>(*P-+gr)Nv&rk;?j&9!$0ay78+A zUA<9JOfy)7RwQrlRnYt3lr?{3 zC&V7L6=imoWV!taQ^suwxi3q{8nVWDaDU@2M^^ezkjtS@CRa}&u=2u-v&K=c#uhkt z@QRAk8l=Et`?U2E*g9EK+#sZI2)vhGxg)_NuqD>R$_}XmGYKW}Ylbo4z-CK@Qx8-h z?>MFhEO6>UgE>mvFLR7HM(5mfI?!aSvm7ETDkWv}N)P*X-Ab0&LgBYUMIjfehJBT` zlV3%W&B($gF_eC2vhsb@Y^i?yI07Xu0+*1+i4%un8WNB5h2IDa-1&=D!a;#^hi?M5 zhXGBX!g*Rti#Db~ke9dr$0G8xzC^M**TtNU`ZxIZXN%1NFkrqNa#)k^NWvWoyW88L z@zW@tl8p138`Gw$v=Qq98@Qj3@8&W4!fxbWs!9-B(;WizL9*;q^YcjN&|T0cW-81G z7?SAh;UUGr@fslx@Br#JK+YRw{X>kDOK0q;sr(E+c6F)kxd%AyHQWz0jYWZt9IQo| zF%IyxYHCg$VL=c#G&0K8;%mM1s@f!}WprWRL+hNb?*MpMVu>UD{qQIY-BUsD2O2{$ zK8QQuAW+b%bG0lixM8yZqy~5|;enf<>^oVatCFQdO+`gZM<)<7fUpcRx3MsGbpS0f zKku?Uulrp8#-sFF)6-A10HY9>t0wKvF;S5h61apZ9hxzz&hgU+$S)3sLHoki1h7@3 z;lwyil`njLcGglf+GxHM<`bA!vEd5O`2xEO!AzIMVsJVhS};OzR#W)*PxV(OZmI-P zYNV%k+Z8RV$k;GGALhBOfDV-su%$k`Ch^QLR?D6-G$ihjf}ym32K!*40VdeC^UfbE zb0Hjm$=CNu(LQyGBsJ*PE$rQ7Wozq7PrTU)U%Akr5vL^#`R;9Rg@k-za6%Cnbn|9~ zwd_H(qu;uHTdz3#e720sIOBQL^C*Ap=byJ;YIy&C9x?Cd&yyM&*uZInzDdQ)hC+m8 zsE;OFBkD`NeoOkX@7~7E!2!ge!541A2)4oqR$Uvx9BfINp+@z*+I_L>a{O`$>13FIE1Mo~a}kl-oQ%e&5AUfqM}aFs?u6~xnAjIY4S`xR!2@V5QOWO z44Xi`KO}v9S{Ys>aBS1#;s*|3uL_^+TufsGP5f9}hpBMxFU~ppl-Qc9tNW$g7M94~ zx-Zkn!!UfSEn6?^t{mRB#73b@jESh5@PkMJ;p9zq^(h|O;y5%|e;br~Y+(OsH* zmLGd=O)ODA(U6aSa`8pb3iJ0%f18gaR zJp%Z`Z)fMHYmGsT{t3?q`ura}5XEE=71cU>)@^ygKA)Ugj?&Lf{Mr_3xh7lYUAw-G zkHx*GwVZp({<~b7Z_d#!IF#ocbxS>pYyZ`rG zWcsM6C?LaI3VWKC;DyE(OmP~hyU-0KAu6hn+>AQlVZbydEubaD^epBSbuN_Um3=e= z(2(giZwQd@pLVM+>i}Co9i^TJbcBgr^76?Oq>Be{zxWPd4+%9j+{LfLIu*)p3#lD$WJt4L-j*`&zKsz^x69-)-IlD(hv zqq?r^zV7>ep8I(Id5+`x9mnrDR9~O*e!s?fp0D%$y`iaoU=U848 z+uvRj{dvdXp^cljzt|YDSL6Dc6NmN&oH_fVB>uJYdiK3K4~{EoDhXEWnNQ~McFTL% znj0!+iM<+b;LCCL9t~>}&G~d!yFg;6P@oDyC|V_}n&1hlE)rD4K^6)c;@(C|MuPtk zH7B9yPbU_|Ehs2x@i9EdYu33}Hzy~D{MmClO|Xx0D-Q+DgA+BeYL9li@a}d#+pF7O zpVI#&XY?{XtLhOB^IrV6=Qg8ES+5yKV`JkRBf|x=&vcXY#6v#pb)sOed{?`S(0!!3 zDaquO^W;#g)Y-=8j=fsrQ#lUZEUc`!kK5GGW0lj}w{O43#P>`u&w?%vJH$XG#7Z&{ZZC>?R{-g#W)-o1O@OYcU?d1UUtvu4j##*v>t#X9cN9b`FR zt|+4;R2Q&WW0QJ#wq;FhN5}E;shRQq19y3CEG*(=rUNwOdutPFrboN)@+q`E*>_7V zY-fW0GFsZj(a6O-=fUQY@1-qSwyCC01C1|a9J=ym`jT$3Z@YQt&V0u$(KV7*Ix}aO z6b}gzyS!$4|JGAAwDJdy+bZ1yMFkJlk?Hb?BTX^TnP|4X+g@t3qe5>wl z^eghUe;;A*=*TT;ReN>C+Tzz{-qR&DHR%rBA3OLq+MTa>xb0B{3kU5=?w)}G&zUhx zyBF@`eSKb;HZ6KyM$xYHHWLF)9Z!r!hCfFiIDY)eDxbZI{@FA%5BBgJVco1g(3EcB z?(Uv)G^0M%Ou@4HDT{>dmu$OlZ?0g?k`C}Hczbr1vyF_}7S3m$s(3gxHC0<%J1}ro zSXg*`!MZm7F_-Pfk00^W`=`GV^c#wNZ}v53SYM)9;XU>3+PXbg!)4v<5iWh-CG0Nd z=X+u6^pg!9=jh^w)Jg_9_MQF$hxMKrPmh%HHKZ81l=|^Voc^F$b-$u>|Dq*Ph6~!C z*+%PJ9Z%{r&k%uc zBoWe~t0cYWrYeF&eWp8u5E3GC4t=!=Wo2a@gPa`)j~_p7Y8v5sn{Dk{;gxNva_Ttw*-&9C=;^PDxr;@0C*!6&2mIsq5pT-RI7o~-k zN_%>GqN4bfn5%1Q@J~rY*6bEtKYqj)uJYAe%3$d$bpMvogzv^x<|sDniwMFWuS9Gt z)2vcfJ$%@xz;im!ZPcpanTflNr{^3VI>6t5&CavZ4qd8v7A0m8)4Zwq$@Zk~+nn3i zOG`H@c2ac3J%4^4OT1YUW?h%$WZP^;vYQt9_ueIF0PWQrlz)H z<;rJ<>0K`^Yw$O@&Vxb)G99Uf3%h(4Jd1oR3rr||&#AcQ=IN6FE4+}2Ko4Gt<<>(8JY3%XOKRAett7k^b0Q6 zq-@)^&TBD7St0kwaA{T+mW4^(emyN&E{Yo5;1(lW!Uj%7JjqI`&IS6^RWXJ=qwpsuFo*KgnM2L{II2uYeT zty~e@D=7r3(&&kt>l#hM3T#TQUx)F;~dS~tCO#yfBRz)dYBCpND z@d-qo^ETs@U{8AXTh$&)9=Nru-} z@@Q>YeUYDB!LP3`bws}0aKP`n%Y0X7=Qf0Q35VIsj10-6ZoXV+K0hhxPc4*p>eH!S z{;h7 zp23+Q%8%z+n}-_e)?ZiMv>~4$*j}5k{D-W)@n1LW|02D2pxl_#9XfQ#V{&Mlh=}*M zD;&t`Gkx~NTND9_kzt?3*^ZK1Z?CS<779e}Sbd6mjY6Pmvf5lRT$%dAYjosuU$R&6 z^0wh8G!XCk@dhp~uKV}zFKrGbqZnPnfOwyGWV5v{^CUwo-gfGgo}At9k=LZ>Nn<;oSjN?>y_e;l(D@WE%4{pKuNGanxx zYwLaqi;s;hEkUp9l2QwHo&FGC>kd&@(RbtA>b^RoA8^(+lZv+l-!2%vC*4?Tq`PuHK9^F*bIe7;sydbNe1dLEPK% zeOY67q>p#cr*%rqXk59#JTG7FP-4cqW&(0yL)N4)625L?Nb;g0#ofDik9RE0&jzZT zD)gQ|T^Sk}5Kxn(pE@_^DJ7M~CagzIOPdsjo^wM=fRc#1q#C0Yl1n3Z{rdIiSy?_K zB^=`!Z)qI`QEvK5b~*LMmoCoq zV{PUD-&wx*P3!4}yIct2FCuy^o6=4hejgbb2?+@SBxVa?I=E(${Xa4lV=Af-H&atn z!@|N6l8D5vvNcTsN3<XCK{Gaq+YhrG8|K&$pVJ8d37eI@=_!#QbY?6rF~Lle6dh zcL~5rP?9zAJBw~Fqo&?rSzTPKOT06`x8XVV8jy6mq@?a+%?GBluW9*ybap0ipq1&T zn#w6LKiq2Q|L~#nK;w2JqZTC6hfvA>Qa+y@d)){^BI-BfL89&7zrVSq#ro0L?(T-U z!qp7>PM_|&zG_49LLk7jtD9S0qONuE^;PI6H6Av;P0>t@5BDq{FgGWgvH^-^i94`-(_V@S4mUHs*iii{}%=F_^-rnBM z&dxv%y<@#KlAEi-q%=yOtzW->%qUEC)9B=+i=Ex);d2ywZr!<~D-?*rLSB>min1M` z5_wHx7NqLkT|P4uJ-d;+3JX)f69rQpw}7ZU(aqc1+CV16kGT=Pi62f^zV!*IM6O{=?-P37=QTl1MNO`X{JI?Tnpy0(k zed^d>uV#F<`spD%yOB$@Onvn!)<53-`t|GKHlv64?rG}i)aE+%OSQSa1*v&2NmSjI z7c*G-UGBz-`eZ`@GByQ{)vG-0l|GPrqo0PW>{7Umv2cz}+ZKR?lerI+w_7hHWa z$jm#(tk65sYr+ulM^p3D)X4Whm6-b#L#^(U|)@@q;2>7rtVQ+btp)a>Y z3mRh%b5u?%EY78;r;i42Ke7Kd=VPq|U=EAy=JH>IS?%hP^7$n7JC0sr=KAdl3L94; z3*mcC93`l4%^3gs^>5nR765NNKhEFg**$TM&--~=nu?m56ZXl@&J8{3&6VX1$%fH! zDim*b+5b4`>^$-O*jrVydUu#yFDNKrYrlMLdf^V}n!37Q7ydmnIyxGSTWB*_--Zou z$&gp{ov+Nc`;I8EuDp*L?+(%!n?y%M@lZ@if#_nhZS%+LJ1c^spFBaO|JL8%605dW zyI~oz80xlUcEL=MJZR1hI`y48-cp5x|I%O)Iq6n5w&1R#Rz6=qot{MEx5NR8FcE@>C>UP3`LyMl>fPMF#Nqr z57nj4udCNDsUAhipZ@;((hsYCiy?oDU&k8UmHa$PRJt-B=T=(OlO-~B`U)8s>gyl|+i#f6RZpQ~CP?qYF^sW7pP4nHMdi-M}amDHB>EXQ5kDx>%#@S-vq^RRB zts6cr-MC}tjKBQU*Gni|L+yp_&CTv03&_u%e|PfY#f!4Cvf+;&q0g$CEdTpRzJ}k( z?fB;|&J>x;fWrRXP9>1l+doLu*l@-OgeOXg%1%~FN=iXt5uq#au5Of;krSX=a&kZU z$-R#?&(IhgIdb1!7AR!%=F)fXV$p}Zd%F`^L4Y@K?Q%S0_#Mi^D>CM`pAZr^I~gA) zz0bJ=@n3afr|ElN{l;rm7kpZn5Jl3p^p!=6C{zlDC2W#aszr6>9$HqHB?melQbmZ zL-hduTkOYv?c296)K)A6T?D8cEz|AJMnaKxp6>$c>Ndl)rxycI2u2}6y+0{#XNTG{ zG&Hnf|LtG}AMYC>!g|Tl9usE`XAh~Xd-tbgMMU@c>j>#8D_^{H=@RcGJ*SeRqa&&_ z@ZC~s_xAP%wiZ8-vNHw+!~I@453+Ei0@VPt)Wm66=eL}M9JR}tZPlvB?ae2}LkbHO zs(?v~-@Rk!;Gm_U3C(4WvhS-)3i9{YN>Eds-sp#3gYs(PX>t-lYhYmD>M9*VL9oAX zZf>rx&(sPF9-tdQFDXQgz++`+LtESJGL-D4BKy!d`}{W)oi}gZsOqjGiq52^rBzo~ z3pvq7mQfBMC!luefM1oApul@AOn3KXAcgwDxC1t+sp|3)MZwREbL_FwD*1|yt`s|6 ze||+htqPGipxO*A$Wq?^<+OHR$(7|CE7$Be=s>Nw?Am4)9@u;tEH1bW$aMXN4Z<1p z4Sx#?s1w_t;9t^je#4RT46Dc=l%Dh~)j2Ox$3fMATswAw;-Me;Dj;J^$ORu=QgMG5 zDipS*ANGExB^BP8rMkpNRyAB{E6=~yz~^5G?JcXZbD9z9(_e zKVr5B)iEDwNh-k`H_Ez?y+=!LZOw;LBj+)}E$e#zRJ7Jna(z!!8}S*~+y4UY0PX#V z`UcR>#4FoaS-DM4PEJH*2s)#2*11PXN&Toliz9b^kdX6rW>?TNZji-%&tYGIjT>Lu zwtIgqx&U>j2Z7p4k1ST0`}r1hf|rMfhnM%yIBh09%2quU);mra-wS3j3WXy^W%)yPJcXJK4z@xY*9_#Z(j8drXk2_<1)% z=o%RbCNAsRa2?!QB}U8G7`+o}63ATUv9~lQ0%@b{kzA1B&^I+L5u%)U^_ZQXoj5w6 z!0;(}pFK6cxMv7y0kF~p4R19=2}EJg_3|sn3Eu+QJ$%8>h*u8X>L`}QRli}R2O1Hz zQX}*|tQdr=B##C|LqjYuM4FgV&_T%qpoih%;kCCwh}ZK_6g|1_WxfP0_BIIa1)jtL z(_Osh@Ba(R3nVFRxd`Z2C-wxYjDxnl%E^HO6=b>_YDCu>Pft&P=k?FZKYrwu_srfU zsTL1?55tI^PHcp^APNB#CBpla3#`Y9cefJ;^b;S+x`_)2oSORijV(mhwoR7Ddc*ql5jnTh zbih@_#59LrEo1C^e}4mrE6;A{9Zu^MJDm?g(x2)c1YDh`AX3C41NZA34tNN($ zWzd_T3APt50vvCldjk;a1920n*MF+&YSC;F+RNC4yjVVv4HIPY6jO4Fft4(&LKlVV zkOXMon*!xU;A*%f`F*&cmg9(m8kni>a00Q5Bd1fBiK3`G(sF)ZVZUgo)! z7@Zx1x&Vb`2#vUK=>=TzVBI310RAYn$>9wN2>tnm*WO1@FALxNdA;<&^3&JSytr=xosr za>bwm4*)BGCG8&0OUIZAx;0F{JBGQ8BhLjM>GM(Qk9Lv23q_^l`*$Xu zT{}Fd&X4cg8KSxqC>jvrM|bzyq@&+a^id&A4wyfC_RJ{r>=Mp%xe6&v6s-kp*1VG< zK0H1?9(W5;7LvLZMz4pn)XBV55sV@mV$@_6Okb*6t2#3yz9Jq8px7;N6S zc93oL>f+K;+GWe+tnXJVqAhU-pdn$UANc!=V{$M%Iecpa#6DyrIk=qN&r05P2`n-^ zM_3IuzWCl?<}*GvmTZ_Fo0ODvW!JU?GC&J1}5Ro zpN7!_jR8tNW(;4_Ei@qgb&D_ *KwhBmqUz1x{AC#zssK!Rl5YaVk=2-mcsqc5mdDo6J=EeSr)NQm^ z6ZgmHjE6U5jR)H=cv%IC2Cy-d)Ro`JZOq?JyJ%sHrYqoBQe@ma)4FZzR>l=8Y%nlD z$b&hE236E0#i~C#8mG<^t#fA0*oDW5_YKSXGDcGxGQ)+b%af1mUMO#l4mT(-2uf+_ zBUnF;8+ng(lwf!*b?(d5JMGY<{TNKQVICjf;kc~PH}19pBT=L*M|NF{b(DlTx4SoA zFh8A)j12lOVk7X*9W`U)aDF=czAK6QQ`HG#VSm*ymGG7=J#G235J=hB*<-zjuHLfbqo=3t2zeS3{5Qo=(0$dS(g+)tvTQ4FM!&C5M^(h^^}l8~#L%9lTHtO%;9sp+l^)5oIOM@W6gu5=n0zS_r!mPin530Zo|zu{9!O?Oa^+?_webm;gHd0v>|>TdS#Ee}9%L*=KP91$t&6 zy-GboR>r1z$9T5trsa%`XInB;n)n`p-e7miAs(ZBl=%x_juI)G6K-^XAjITN8j6q; z+cDtU08LeKUtkSwCa&i*-*1*>+b%Mqm=Ni+kn<((P)Tv|jy8W2@UluasOep36F=8Z_m6bKs^!DwB-y>5DqcH9T(LkyA zoU04g4dC?|)eHjF8Lxg7N5?VX1x#a-zb7exo+Cx9{4it`Q&1>Op2lCR9(abw?5H8`(=je1H^l17ixpLuS$V~dp|wWGtt4^tMe%fl z$sN~J-M+uOlWJCY&c-ICLHvS0XHNyf6%YC&Vm}D!vBf9LmFFl3E124W zP!;p}_UtG4lI0K_EX!WKLIwXeq2y^=K>C&KJ z(+&w~d7r-N!Zaugp|<^#zkWdo(-bA!3Q`eh#&toIk_djGqVPeV`7*dde>S%+Wil$fBy>t?m2K`j8LHs3 z@blYS#8?%yjmh4c171(kU}MU)truGZejRmF!rb@D)vHz_(BusqJ`X3bggFkkwVof> zf!IlCmdI5I?mc`jBqYHtj-H50{A^FnzIJWWESpeCN$1$XP*TDmbi*GK4t93*D_7RP zP&d~ZSuT~bUTjgD|@41zcN3i)ji`||@)15E<; zhfZt|`UVtVkWC^=_1|VmY1u73`tbUociP7ZY}y2!2vgF;FCmbrQ10rqop7VHWKxzu zSr4GsGgUs(Dq&rpa6dA@XY1^fAxptGY)Z^P8DjDk3}R3!=-zBha=MUqF4saRg|{qu z;8eX|ZrmgNq2}15Q4MP-2sYS&{))N(^uhd3M!Y8ttCXpq9*)tPFBmH_YY!T|O1(KJ zI^~YZ>2t9|mNJ$y?kOw9C@2~4F)? zd0jmkYUBn#^w!MpnOzu;7}wuO5bySo?w|k3TQAv!{^f&vmKk7B0u2xK$+-S9`WGfW zr1pAV?9TX*8!EFh#AxenHGBIgGpDJ z%(ln>xbh}Ixz!>0flv;={+87<^Hxzia*WT#ywnoZ$&E``EmX$}^q73}6ih)3SCmJ` zeSO!x@3aq8(H&|JK!;8kh*A?sZ=n1eH*TC797QE{Unv%%(itHj&DIlfDpkjwAp&|uO}9Q(v#Yy%Gg~8j zyKpz3ZlZBa-whSbhpgtAZaX6)A|{91vobU5twR(K@$&MPl$2OnGC67p!#p)$8%^K# zK0Gwk9S#@BxbR>Olm`j}sLW#m5Vq4M*L&U_-Z3C^t5z$l=B^1YsJq=ly5dPcj;59R zzXnE{>J^W1hF((=W*v2xYpOce(AR-7Fn5xjUS8;I(MtnkFhup0aQ(b;@?K}l> zG?G9jOwt2_qz^?qw^N3r1e(b4icerKj zp<*N?By{M$LK}AJtL?>5>|?{%{(cV(o>L2E%FlFC5Kl{>2}7a4_-XmYPl!g$SKxJW z1{$@6TMt???TR%gUy2h%*K6N~B5!C$G%MD`b711z(c3HN&5QXgrg5BXY`Q@9=_@n(V?4I`f2jF9<0KJQ!_bAbi&u9QT!5eXctx&8g}LUES!ieG!S_lNUPa zdfm6JAT*CW)-FN>(x#?+>kF!M|gb&ysD}AqX?U z=hf`&rqVw0@lI<|L~h=+x95$E33NE|`pWX|-v#9uIILYw?48_hfMgGMcT5D**Y9>b ze;xxc;%Xq2e`90y!~Xnq$k80&h2k5m6_0w6*FS!crGv2oZl3iuU@4vWyTL(|5jh7| z+P{5c6;$jR^cp({hoss~#aU@PYs9* zkk?RuztM;qjI)H894T%;{B5Krg?tuf=6e{ekp=^DP}qS_YHFJQ5wjuAL)&@o2-daB zeJuVT&IR;5Q&X9{--so3=#N(a=b|ou=Ze2Yex)agntVX2LjVwK+1d5t%%#Ow}MmKkV5aWR%Yf}a6db6tib zf`S^5Xkb$}FX7?(TC!5n{9zLO^mva(xb(5>&BW+_%sj6x+%3}5*2c)~IqCyknO2W9 zjg4g;dp?o;K{S8NziSFchB-JM;AuF_Ozq+_si83M2*~X&$|Pn>jxi!I?)&Y)1h1%# zKe8vLdSM|S*$B*6xEJa-Gb`&TJd!seA&v0i6^)J0+SqLKBk3Q>Q2Gy7fsFz#&CfGm ztvpb9Ct{kq(K=%6~Lu4pIl4850p4&d8kFbg>) zZ6o>R}^$PSlr0Q1IJ67`d$?{uO3$V%E2>$8ad(O;xg}@;i@OGUz#~-#$-}e)RKix@jQ`hBDAU5I=V6Z|E;j*K56mesN`I zXFqT{_3ScwV0}%EwyL3`GUhaUN$FyQSAgu^a6u|Dzw_hqfY997XrRQ5F$A1fP!BX< z*>LL&ggk#E0F}Q2lGU1&orJHYB%GnZxG<2Rftxn8QK1P|;a(oPVrH`#Q=E9=xvvtT0i79{TwxAU)Ctqtw3T zE`Z{2V?xkFZwi#VN6k-4t-1m;MYY^KJdzxBS?`nFJUoKh5;3^CDxA>a>E$IntI0|f zNqAhHykJNB$QeENX#fq8C{BWD9H~%!1sc2ez=5z_hNx;77S>3eJG5Sd2o! zkl_C!ho`~Lzh|wNI>l-Qi{U*-6ctRic>r(4G(ZQNg|6RW0pZdGmU1W+kP-y9+hF<( z9hfFjQ|hmJ%ek=#c4hff<)j~|GI)Emqc3!=jk2ywW!I5ylg{gAf@+6xQo=>cgGq!?e;bHkP~W1X5GYdSYpqX8pB|IpC0 z$zQ}M=2ZzWOG4$xl(gvU7$4~agEaB-g`h(fqAhn=6R&ONHC_jqVFxXUIR>tJ^_x(% zFc$cg{xI1DS}RJRH~a$4z*7zm4%2m4egG%zl9AE1V!afuTzlWNqxbdGr%yMjg>DHf zCt)UzwqS}H%9?q$sTw0dc&DsZUd4=R*|NZlDqN*M`sd=O(k=&uufb^W03fS4Ue1649Q5?GAtpgfey!}J>8zP^`a zn;&;%eU`Fmt_1>aZS_JXV;%~Aub0}4^8oyGr%V(eZJnHv7lTPD$M~74F&+;^9!`cs zw~*FaWV&1%p&WQMT(BFO5HL(t1gunk(%G;pH8wT^&ELF5s&vmx^LKgAxkl?Q(S8&o zxIdz*k^1xV^J=8|h$fE)=KI8^<#|{Qgae5}QHL-A{7_bgwY7x&g{#%(A4lbf`stUS zpZ_fpq5>`a2MDbl93T^x78aZ7-n@?knS-XO5-v11(PFzopUIq_9CnMfnOqO$$fZ{L zs-)(-Zpph~8ux@}X>#QEmu;*1td+xwF5jg;{~jx2zaaD~J%MbvmG%Gt7kT_6-5zlQ zwQR{7^`|UUyq5fT^8V)tiR$jZ;e4Lq$UlFk{(WNXx9Nb{e5q7Dyku?OjDkbxa{nWv ze%lfLnNeR+`2J?sU;E|1nW`F!$a;oR4kdYS=o;Vu*t3womq;fAY4G~z&wor>zr9<> za^jfT81_Ng>UxizZAsJ>wv$y*Fk`+9Nb;gMTe=40^4Z}+sUzQfMaU{^aPA*g25oI^ z$lrhf<&T&MF?zVU{;*{K&Is7ywO}rV0q!qiTQZQrCjZBG_Ae#2f;24sE5F{;x}R_D z+SxXb;S|$+_$XeDHADUpTFo%x0EKN~Jk5utj zV-W)Q7b*l)Ys`}$ngUdwhuR7$=;p1CQJO%NPRPm_sioln1F#X8XbWK!H=wC#C+&Ff#+6k>10VM-2@V_ySvS#-hR0J=J%q{tax9HmK)Rt91f{}X0jWOJXl>|+lG+OKu@0l zJ6SKowHWlUFQDF$vTnEnD>wJng2*kqb~Trk3G(wRh6g~fz*#7qu7d^$!=Y}z4Sv10 z@SE={Sdzi;H$sW8t0NC#p}+R&qTzuf24W1_HFx{=ZFmi>7AlhiV-!@ZP}g9w*<){? zHsjL{@rOKrgp9HqL8ReuR~wWMqzguwgM&EcWa|S2@Z-lx9^30QjNQP2h|r44%E9^+ z68NjC-Ucne%yOAhu-GwWMa3eReMJhqH&6*qLDjjwv<}sPNG1h6Wc9*VqLa zb3xdhfk;3QTQC}eQVfn`{K{EPB&fTq3#^Yk%z4hJT=FW}fIwrkr$Vt-ruKE4Y` zY;r0B{Eh*32vqc5dT@qCR#sLA96`X80QeH(&;pX9LufgZcd!cf8<1yatT)|x@aVXC zF9%cSj~|TO(&usZ5zokR0MxDk1C#IU%So2*2D38y{#7PE5x;mHp%B%Fj~?-GbIZb# z3)_U{$9B*w=qw|sRpfEjqb>%&sh4+VkF`0LjESB;MAq#WfRDcWVBzBYFv4P}DgA(F ztoP~Du{aOuzRkAz@*&U3Ru^dJbWBVQ+&YVH?0`K#U{bp9_%$AoPnvXuW0(ZTByL)|cbxJKwi71pbEkB>B2kAV?K<`{ zG2KNAw(^UMiFq`Y3e*z4dO00DTXgjFpK}u-6~@pa@KW63`L%=sfu-gUO7Iihi->5$ zQepdy9DSiAZ9}%=sF--j0B9@dN4|R<9)^9}(J@H&D6-?`2re9}i^Oyh7zxK41rXJH zue^N{6Bh?T!(fgZoBYcR3U0?&lpe@sF8B@9&dL=hjvtp_NNx9?tz4b)mIYec7Fcpb zU%BIWR7n>1U2YkzJi#)1s zuE|X8>H&Vre#1cVZNFJxqc+1J|D!4rX_rtoEgNm`z3 zgl&XsF=qUxs5u=>7NlHR@eG@~+55bsqt2Gq57(OGNDfXOkUq)=4V$*SrmCu8nBP}b z6=lQ!mYYi++l8$y1T)|pHmHuE!(kB-yldB5Klybm2WDnWGX=e2Oz)j~&}Fi3VPOGU zDiWsMbF>nqQ1$3me$0ALkzzuV?hWgF+z}fJJ!awFx;@SF4Tvbos`U$ti;{YJh^Qvm z5jf9=UOSHE(A%;aa5y%ehusE7YY4H>t`l~>C_daFFeJo4M>jQzc*ZHT*toc`c&)FC zVTf$>o5_JD9L+N7u^A)L+YU?ruJ?^EPLQ+Yj*iT0*Ghr(N^f)30O0w|edmMV4Z%}% z>sBPm5AZr1FlG-A3~;YrO`gotUcGXTJOwKtAb^7sDB-UV z@hB-5`8O^N#&HH)KU^C?0}?h2Zzxr*IIfOpwiQi%BgV3 zKK1)Qoow{Ac&e2E+h`Eza8OVjFZf_t;RjUtcY<5Lav-l8vq`n!Pexrau@8sGGH=lokEu#vK?kp&9*!?L)5TeEcLNEu1 z%a8Y~SmnP=11Eqx;$It)Pe^~9QpVgPs&w85lRZq+-M_4h;-Kc#ltG14QBgtmk;1oh z^+ZBimjb-ZP+73|ObiTK3KH^YvRDITM&Es?s@Re`OhodJK{UcP!x@A!a9H+i0rhYk z!sinnA5HS-&-2@h;P-F+@&!r;B=fa6T!%(1Fa82D6B*^h?Y7lVZ$RqG4uEWe3S=e! zR0Lpd+cq`X;+I)j4Rh~st_A1)QPZ+>b00q2wtf2u>NHAo{TCy{5}b|EzOE>Mus;cp z7mQ%KaX~8)t>iZb;EBkQCq4?&2*3FuV<%)FzP+HUt1EHyA`CciXZ4kkhm+vrfdv^R zL%1<*OWGrvpB@UpNdJ1|f!mytcZWyg0-E(6)AvPh7tzv7#{6I@b*2PTwS2X zJ8^Wq(gc1<7YuPb1dH)~3%4$zG@&x4=%=<}3m^mTAU|~NI81PNIJZB6_Jom9Y-*}4 z$is|hZ2fWHZUFhf^O$+!>lwi7^iTeR&&>fx1ySMNm6V)1dD3y9(GKt@)W!2bCpHzzDWT7VVr54fon|v`5X8@9Q$ey&20@RLtmA{!E>MjXcR!I_yHLVr+F{R1Ar4w zbk24LnLQLS5u$qoIUUF;Bp_hJIe`727~(*PeNntni1RV9l{~`q8^sr4^*l3Ep7b>g zV$h8-$Nk`7SEvyXI~Vo4jzWt54zr z+B^(125Bd6OeM;qD}#jCpgWvmqmteH>;gsL*Pb4DGf@R=hrb9NhMWr@R#(P$BpyaJ z#s!`^Uu+Mls;*{LPJv}(*SToA<;&AEGMpS7tXnb%0mJ}=`Tde~67l^BmDW1AGK?tI zo{}DDE+Bs7bP%oqNShdW9Fn!k#zkN-cp$Hie5_7R0kZB(Pe7x7Ur~WXZ$;#n+(#Jf zKX4$4gi(6AoL^;DnJWq)fjm zyOa3h3Ou&e&>(7vzz~(^P7EFdj`yMjh=_=E94f@AIaq$qV^!>PzLb{6;bjGOV&M1; zsdJ+lQ{3Y3iO5`ri=S}QPoF+@i?VIuXejb6Cw+9#F=SkZj4MyXR+s7mtRwM_a_nPf zXx@O1>cwcSfXl~g<0LHbHKaBwBfz&p==(B_&$y;#?qAOxf5%Emsi>9CL$TawG%=6SA`#-@Zkb@OI3v zA-NDZEeV({A!=h!U)g;pZGejl^SDN>#}*Nhh2FSG`0!v}{q6Ad0ji{D-E`d=dII@< zDli5yGmDuQ`I5aKwGA@9KzX*$;sP4)4&dkUD_hhQ7UvxD-N$!14;UPu!&xGbM7U@{ zRk(Ma4R)2+-nM?da)OTES}AoodlVHMh91wt`@7<8Vambs@rs!%;)`+8(;c9O7H1%g zny|;9jL-@|yfA?(Ic!E&0*NKc`uCg|aqsCO2SF?@`cIV!>%ZSV(y{ob{nwbp*uT6?ee^X~n}em=k7=jqYyzOVbd&f_?~(|HA|Dxcc4fo%gp5Sz}N zK5?EP$d8f!PeV=+#K^p|AwgWQK664=%{6+g+vO7D#ooCot*{=(ld>o2RnJ{9;4{C% z$|U-LYc?ow&+HJ>Srw%$^E+ow=bqfEb4Pxxq$2ApXbnd_W0CAOPS3UzAn$sbNF=Um3-nBg1FBna)E^)%4KAI$q4R1f`T~BKt@H} z=O(8mxXw_rrtJ!lvs;`VjuN+(UU?{=c-Y}bZF`l5cAoI=61TJ#R4dqMn_zbE(T@Y*JFvgyPN3oD&U+H$y{1&!;j{?mT#~ zp{eQjT(8e$TW;d&B^O{=O#6!3qQ7xiwFC2Jxxxw?JX^d zk3U9#y|%X2y7R?)e|jb+rY&1?Et;Oy)+$YT+O(vp>-($}Oq54NMCcYf4~LN!===M7 zw>wz`F1_?z_=P`<+xD<;*EZ>T0YTjc|Mnm=J$`f-&0fD4jP@v z)+@n~bKNeT1yaGac6zks7)p7} zhI}-ZSzFGNP?e0gal2e~$8DzNV&(X7Q}WI0*B!^&a`nr+4Gj%7G&J(e>R0Q1R-1~P zMt}bNd1KS|)-2tlQc@*PyzR>!D!Q7FDIG@dFpL zJiiBvH(M6W9yp(MQ;-^mFzw&BeT|1;(`C%Lb;Ql zzpkmt0jnc!({6CE2D86xDI*-+)6t=%OXp!=P_QOo~{uX94@F|>bcs!-rO-tk4>r=)o&ZU)tk*KL$uA|l7vx?&~Wo~&^U*uV0-NzQvP z%P%1f-|@?h&73_6$8WM7vUD77OzPX1Q&7M^yQjY{N__N7w*FKo(fD>7Yg!T38yA9I z6LllnJM`wWvr*5Ik}L+_+jis+_f_8Bn@V|~nVeQV=GCi(4-a<#{`KqayLXk$b~kJS zm_B1e3ZexzPDFjr!h$}9G}OA9g}a- zbmz{Uj0`?oTU%NBhYuhA`t=Jx=X1W0s`e#I*QzxmvY?=#je&*5%)(-LVnXknjO16h zzr8M-o{V^S;y-VD#Ic7oLWD1OsG=`6xm909;PIPuD^u?|<68EKi_bk$k$z?OT|Rdf z-^F`*>ixhuCgSViryA+u{5oPog6NU^okgsq?r<9H-@iZRsLSlnpR6cdW8;2mPS2l? zaVT??oL$3{lP;4zE!Jzp$#HMrzV%)l-j{fB9pNfnvbs2W$g&xQ`>rZ@J6fN#KVv4b)uo_wPZ8gzI~|H9b447{>RpuC8VLet7toGM}|uw{GF~j=Zq#e8Dd) zY>yI=7hF&L^z10K)lb*Rq@rWz=~>IW{QhoJvWk9=f#1%{!D|ws=nWzg5}I9ET6xcs zlLsS3%<}6WF;Tv$s@i+xNJnGiuO=0l7LNIm^z0kguS<@$KR@a`b}Km8t2K(5nOQkX z?Cer>mrr(1&d*OVN4r#+9`5c5Z2M_;kL;P#^8D2O`}gPPU1jMn{k903x$}h&&Qa*ELe`|8vwbc`gYyFSKZL>L&7fkpl+~cz7(K^itH)LP8kP{FawJDLC6Lmx-E> z9~-=UGm?@_^z?elWHMaMCd>kF-(H%tJ$GkWP+o>lHLHKEra6G1+9q-JD=NWf{u}kU z;CK+z0o)PVZC1-fI(odR=`-hx398L$>NP`?S*HujI(#!&>y$12(dVVSwRB{#+S4g%isQzvX?7628p~^Ycn^(o&L= zT|cLJ!$opXCUub_$+(&8)~(yIV@H&jHA80^cF)(ZU(qVfJv!RjBv;OsDD4&LGnONc znW*1YG5%Cv|0TvcA}Y%2^5qN4c^z{v3wHlgBU=mz;>@mc;(u98|JS^bH=H=?_RDy( zr{t*P(9hMSNft)NkhXn?4mnK^HQ=A3;F@s3$>!7x_jX8WWL?tQ5kN-pZu(BGdFj%n z)2C0ny3V6Uw=yv7J^OgtF%D<|!(`!e!tu>JBtMJc=44}x@6#H?4cjuV3nk`i+c?EaE_Clb-*24KH?gcOM}EhWX$1GNh|mnjJ4g zV+R=M`TI5wiJS*9(L_bnx?bevS)s+hau{@<8A%#9xO~~+SO3Rk>Z+&o6rYgeFS@nt>hqY|o@umzaGph%K<+pNj+FrhVx#BW86PLJnA)rx$YD5uz z{FMzGHeiTVi&o5&g@uIlkBwz?XKLk{T3TABCaUqaU_cg7SYNqv#oC%v(p9z0+bh?k z|HFghH)!2je*#!-OPpQX{pjQCk`fMf_B$S$@vluxO!kK=u&}UPU?C3)R!9=&=5yR8 zQ~vAsZ%jSsivr;+%*<@U3W*I7kt@9yADfz*7HvH?y-y@rflzH>U1N*5eOpmp{)V&o z?%jzPqDgn{uU^f`&27-*KfuHD;p4}H##}_arLebe$Q~=bzpZ5I<_UDAtBAc8Ti4iaV+eG^p>Kg zEmBfaPW8E%-?6c=JJ{JTX=<`EGtc&TO#Xd`olWMV&$8ao?D|uk1x<5nCFpG)9v&!7 z`-lLVKnAm&?yjz^($_t9lK*GW{Xf>H@$ykSf-rdbFr0Ssw zCl0&`-Yz~n-f3oN*pRHkDJUp-A)JB;Z69h##8nqtwxs3f=lA#b18-ndH{8EzJjG;W z=P>w5H{blhy?ZLys)MzWdBz_ZE?lG}LR(9{mOAn+M9e>PMJnx;zUu>|2n;7`%ttmW z4pgU+-g29n|JU4{4>sY&tV`RrZ{NXS??0W}+2%alIPf-L ziET?4p4rr3>U*!uTx?RuheXE2bfdzYbb_Q>^*57`*`iK@bR{zYSCp0S4)c=xR$nRi zCBvX@wbsftI;p7{vGel!oHC2v(v=6hPdVz$PWJYuUfB2N&9r`(-PtZafwr8Ro6G4v z{|(hfMaydNLDO{SYTfnqTQOt$(OM@a1oRj>0St_dpQetI`zlzWs4x+_3ar8vlH36! z$;ruS*-!hf1Q!&{07(C+iwcj9#w{Ki9bLlqVV$?;BfiE>O-)&Rj+fQqG(Y3ZH2C%F z&xOIb-zQ87*H3nv{_?N?coY8@h~uA{R746pAP^enqrGRfU)c{}HAh;~ z!B0|*IKXfg=O#(WXD>JR>*+>C!LsG&ZPFgIW7E^qm}k1LUC*VeDaRaX`PbHnIeIFX zttH_&HKsi}+K$8a+OJ-{|Ocg3%22_eV>4XwYB(Jy;KRgBJO|z1P1V__1TY&V`uyU}xsQkZY?e zWh=9t6Wzs8k&#|&D|6qzeJi>deCrnISyx_<=;6a|s2}-dMz-L+($YO>the4%@*cCX zv5}SalS>eC+Ig&biuA zQ&g-0b~qa$BIB0un*K!)q1UD;YAY)TzP-EI(TzG} zUaJ4v!~sMjKqL2eb^%|4B5m9_+Ln9S-MuIvAfVv@C80)M6<5)adLjAIK9!)(!-o%( z5O&kEy1XOiqK`rTeSLlRsl;}b`IKQTjXZ!%ZwCbdzZv}Vp;wwy&UF^r-UDP04BRGe zLmHNu+69!d5l5Ux7H3A+$$h*Y?lYFTx(TZNKYncRH?X$$!t6#DxXW?$ zMNZCD%yy%jAW7iIo3{xYV{fnpo7Trl$!BjOR4qQl#v1QD`QX8W*4Ea9goLUi1_}y6 zB_&dM^g9pN%3VJZm`4u`M$7rOOkfX+E8anjf}&jhG> z^rQXALMwm;dff(NP%~dr&Rw1zYe%~jb~<@%VOP0t^;cjFlolwC+i+6&5toVAMwLMo z6%|1BQAGmr>{|?undAUN6!y3)7Mft`fc=GaPab=<8^4SZE^+ke=nLGC@2Kf#=`=hp zl&q@T@@;!pAygFczrV|2)%hY5{j-`QkKV8PYrz-2?GjfF(1Sr<`1BZ-CW#3=4F8m%e``0NSP7!i6 z%kMwco&L}Dz0ixkOw7#E-piUQ)CJn06S~TibVSNDdR^)AuNn|(QDAh`|HqFXRa`Xl zOwVGAqDTR)0io1o>7h26tc5@#2tDP7R#HAs<_!5{-9~26-rwNa=noi#2U>Ru2-rXv z+NT_ST3LARz0uG!KF?QzG5gy($DqeqYK-Mja%SOc4}Y_`J+;@1{RLlDk`2MtC~DQJM1TFFo?B%@!_@rLcj3rd?e`ds$x4w%&~5&f*sF$n5r7&c9xisB zwY3=lV?L`3$>HJQFOGv}qh}Ws2ZI*f)E9C)|=&45=C?lr0)aY4U6K-))TrVXw(h7{=}fDRdylBFa3gEM8s~qnkMZ&I|Ni~Epmt6)o{~sT1oHba0h6Pk0fAVDI`}bzX#+usNt!e7%=;gSD*!TrGIVt5w$cXu< zhxH__fSQhdXkcKbPP|uBQ*(N})1~UpwrkXzvo2=$1a932EIon75BwP{f8pCY3W6)d zlZu&>v-gE{CrT(<(oL9)>+3Mxt5>g33roLh1R)N-zS91DL+Vz-w`~8;a%16k=od$w zMy4|kIy*Z9SaL##K~dMdk|YQP4LM)8m86Oug`~!}Z{-BSHb`3g9Q570cWBBaUaGI(3m82lGg0C(hqBH$ zvsLl<`SlHm3>aBZftBdv`T2Rg!r0U_Y~UI}q%nJunVOl+eSJeAOFz+DMv^V}UwCHT znfLtpG;Oq~#d-9$s=FMW@v_&_FJ?=3e*>|E@U~D9xV5{h>n{7@C)Q>513~xh)nhiu ztV}oY>%3ULUB8Y<>7VurXoGfx?`jTNu=9oWC{P-{Z^bOG0lZ4esu_gh9{XX2?c1$v zZOd?Hfla_M&lJ7`2PwrEApx&UojIs`xURDb3eR(LUOEgagIhxbp=V_^f4!N8NQuUB zpc$0l7tpHIQ`I^Gw?o_g^y!n$m#pqQ`EdXXOtab9S%0qU0Rb=^Rsg0ek6gcTgCxJw zU&kI0GynV*LNGKH&0Hf;(Wfj#IsM|Na!Og(HNhf&w8lmsCtd(FsB#^;oSboOZJPS} z`qqj7t3Wda#n6ZYgM*<_LzV`%l)3t~ye0i&)FCTocJ_>a+UT%b6V$VjH9nJFdO;u( z2m22CZMcutpsE_L%A=%9qbdfm2D{6I?Yx|CWo2bx?~h^5$VZRzJmw~L9>2k81rg7? zz_KO37*2ztiprPq`wt&B;`)=1a_`&c0|@Hv?G4fx=QZ0-YT*KxQpRUnb!>9{suj+jcs{jx zf;Y64jdDXDDT zVlf~SpjAahMJyy#Op+~e^ytzL{fVwu-zO$k+s)zvZr+rUdW{x5H__cR(NpYF-_oL9 zc)Y}Y2D>!7y9CQ{la7N@Hbp%>Y&J?Bh#8&s>9c1L$+pe>CMS3UAMUej&eB~PjPp@e zQd&m&JjRs9&H3=*1LTJTq1BN7(PIw?2xO6j{cmuj+DkkNU&cU@jE?5}alz0qp=}bL&@@<{)JQ?^O?8pdh$aOs7vhk#zg@RHx7e zb#SHONhRzZaH1iM+x7mR0YJeJ*H-7sKnS?GE8f1{B_wopWpM_5P7gepi)P!lZ7~46 zu+gxoFg`l6^~>-d+vlJC8{%AKgmR3{e2L;(|J6;j414q_4m7zb?$4uNBLm5SYG~d5 ze9ysyQ%jR&UzDkEFO(oERW5A76_MBs&_u8I()dMvFZD51K#pFYH7{UZ5KdTEPN{jP z2|_(`s=i#wUqt9w#Wq&%5zc78VVw`OM7e{azAwsWpub7b&$dklG zkLjUY*D0f^y=?wmcUTYhLBwGN@j%-=slJgYUrQD&hXBCI#-@#3_eIac8n;AGPp>Gu z+W0w`WPOx4IN7~HQ>b$hr35?*ZH)c&>{8xXd#Spfp4E4oWw=WSf=Q+KkP!AKSdh^$ z(1@5(1x={Jo}SsCdG*o<)^?E*Jjz(cBaTCWY?W-F&giP=`x5!ch!mkka=xQSJL~Gk zhi9=ZjE#*$%+&E+DuLtrn zQk0W>3u6odWKi8{N+RBWc%#s%Q}40oAT@Wlv=o2|0Hooo!N=-;X?J;@1`Tm+y@J+< zF1!Z3X@|6@#Lk_v^pvR9^73O24&PXC3H*A3T#asWDAU>bc_q7mx45c1BKpR@Pj?QQ)T#kbP3I=kEBAx9PbB9c{T|=<_o@y9522;eoKN(nzRIQqtOK_i|?SuezLGfk3@hTA*V-1MfJXRyFh=vt*s4PQbWxRw?awZ zcYkO#DjS_aOj7caNAD)s&u{~E%e+gT{PTfm13bLEK|w)_uum`B+6szc835|g;?>ni zyYra7FV-dt#j7GCd2%+~UI16&HN6f}d?)k_7^gPhF~?9t^v~A1zhB6+|Vj_qnp5K{Iu|m!eL(ru|RHV>4p7vWAEX_>}0c=P5B_En^ek2gTkcH7qp*5MzGAt(vH{^?&(;Ixi;J#oyg zK007%WaJ1$BFvM!+eDrj0V~HlE@t_uXX|;vX!?6!c}+Olpgl74Y2J^B&>XvQ9*#?^ zk9cZI3eS{fWL};_AP0=;2pE;m&Tb!n6vMP3U_#0t9o|u}jEsm+4{oO)y`uJd)VIOG{8<$v0kYYa-SQ_+ zoM4@yKzrWjWo7`J3q7Il1!QsP7hE(L3WWs)D|m~zLnGjj*oXkwxYK}OfFvw}dVH-r zK{eoH(_bfDi*1i5z8j%=J6w=uVqHJe9Jzob02XDEzUd^|wtIOY?JV4HHM9%m5ejXm4(GusGb(#=t z%xWVZgodhPW655lIvXpw(2#hFM4fHANy2h#N`AiR)R;p5(9k?oY$H+!{^@uV#_0kY zG3F~N5Q1<7z^BvTvAa8@v{h0ugsD8+gztYe28X1hqpOnQQ|*Dp9iotQ`}XbBjbzpG zN#~QEJqxqAg^6(WDnu+H5s|Hwh9HYri>3ZYD)3Um0O|+b41oT@0z0~+quIM959A)l z;HQ)wnq$d5$irg}WAl4e@b`v#!j~b`Uho8>1|knhA_^ow2%BqtLg+H+&6XIiCFv#i zO%14J>9L?Op`kOVyXT(F#4)DxKcW^k_nO{&GJG7?hG8w8T%oBtBz-bC)hfv!2|8 zd#F|7?u6U}w82uSlD1_ltzFALJxKtnzBH`gyMO;GwlB(cwfG(c;o8+RzQgbrazO;JXZG&hs~jzn3(3!j1mY&f$N6p6 ze!klb7F~o7L=<5Kse&qOR1j%C*gEJM*sLbx>xg5Uzf(s<7=kBOvf)dncZYp6=2&~u znE<8m8r3G=d+ty=>t$Y1Q4zi$L$6XXZ{3=>wuQGSkDnlf0vX6_-@Hix&~>kJ9BKZD z0V$b|R>HW4GNQP6359DNWQ5l-e)%tb%>ny;bZ6iz%|pUQo$8=%VNJ06exGI`Ty=QJ%L#0;N;BwnIbMq9y1hv@JQdKnS4 zyL^@O^>^;vS;UV40M;m~dy?>dxW&NdvW<-%xI`yNBV-Y!i(80zW6HK(Fr6&z0);}8 zf$C5U3-Nzm-h_FA@mU*lRQ&Ma1+Xy~g^2njtmPN5jd$9WMiUJD=WiWAjcd+A~L#G*I?H zP59bur!DTA6f848ipT&OLMReF#HGj045%1eG&MC9Z7RELwJ0hoDm&XY_3~i~3L>Hw zp2IVhxQU@5o{8##U+Bmq0K4LFk1)m~K`$ZuL&40_)k#og6%IpmEkX(9l$e<4q(jo7 z#>TFE&?JEm;ob6gH1o|H&`>Mjx*rCLTw5NLxpBvYftn~cW@l#yg^~cV29P~^v>1bb zv-Es9l;Qiil&nN~2)LBEbw@~8SlGjdeS?E$^T$Z<>JH|2kvG(Y?d>5_Qsn=eP=eS@ zB~oSZcbDN#V4nbevK=(K4xirX95As2#ZnYpIy7{AKMydbjm&)Xl!jd|?Vbs2;JJps zg8p#fBAMEC`@HhdOcOOz2i|Ps^EQ9 z6tqaSG#J+B${P=%Sv&2%Ag z$l^HQR;QKq4-TfQ@q&@xx<%vdv~xXxPkW(l92X5xBBzvlzF+btxYQV_SWR;mXf;Sc zIa2WL-~X|Hhqt_mSeT%}tl4WWnCndonyQ!}$xrUM%>gyAB8d0;d8XX!M zf+q~irsqDbh_|nl=ltiM9=&1+K7!uK=PYkB9nfg&=m<(SQWg~MM#bnEHFKGY%c2^Dj@FW`?}M}=rVWAy^FxXEU=!5G$=E(75Nrzy4sMx%`$0-;3}3}oAf>fx z!uZ#(Uyp8Ql&Fwo3E>JTjN~&;Z}3w{#Z<+hkaijY(twWf7_27s0J%bVOiT%yE1>nj z;9&BzXLKA#rW5Z;yZ`)3if;LMivTe~f(r`2yO~|Wz|^!AwJ%FApkK=8%^_p{IUZ39 z6JuihFp^FW7^aNXAQL6M(=6XYKHuqF?v`K6reB={yoSuib9lnWc` z0?dEJ;UJj8ases>+bKl5g6I@_p%;MKnZGT!5TxXM!MUl{kchH=|$4T zFd4&9snli@yCQ-913j8u##{2p5qC)M=#17R^>uNSg&`Q}p)U(Y<+>*ne@J=Wetny#v6Jn{W7S>cXg7cRrFcAo6v*s{fN-DhvSmLgAkSdup!{jfEq%Gh_c^JlN8v|9GOZ zkeP6wU)p^KgxD^2W&TH$Ey9%;y}f@tQLS6YOs)bZ0YD=XaPq{74+Fm-Z3M_6XzCO3 zkBNI9W}BLtBTzItU3v?NHx<8pX>4K=`OhmRW9nm4@txf5VFL%RTKZ)u~o+h}HCn4rG2&#Gq=)4Gs} znJ@aBqUN8?;=F!LOk}C?0@0F$P&BLyU)F`}2Ji-WA)$%RzOk`Ot$EtS3ej1f)?PFb1c3MQvh!$x zkpbFftMS&=)tLylM;~_R>h3xn-+7`z`Lw5WwJJ_(7JU{uet$c36=MuBR_cam(2hzM4st3o!7mizKnx3nA*6LUs8 z1xdGm)rI2;$o`v@9NcUmmq8)&7})`U4HDB}A!qH!&75pVe2-ltYEsRZbRLwj4s@L) zY5pl7;y^q2g|4nHD)q{U9B~aLV2R>HP6Fg13^Ny#Yfmc|% zGOGjDg`^Sw26hFhr$gT+1$dn-j=B9Q?oXct4jibdtINczFkO0jq(wxU{s}aYidP6d z8WQx#3qH*p1AGrsj$*rvOc}ywp%ye`8p5~BB8oPYtD?pooSeLHI07dZe8A5DQy)h~ zxs0~fk=jq6n}PgRBmi4E_ZVo4nAXxm^8!hp`jF8pVq^44{z?NhaF{Ks%9l$6h zI9d*jhN$^7RUUE*isN!}u@m=0LkrN&5Y7V}-n?B*Y44*zafeQ{JK0f%>mpir_ z=Frg+u@3OfXQ77Rm9ShzZF`oHXAit}i>Gy`jEszs&`-GbtE;Q9+Hu_CF&B+xK@ntR zM0=)ZW(uA^XG2gLt9wT;>KmySey`fJl^ODHJy7}qjSO=Hf=CEU?+oICEg}0aKnuy| zcwyUXV`}=sw2m!O2@011S~Xr&hWp~PJayB#=Xze=ZwMc6*?EcbJUI4Hm>ZEmv@6C+ zLMf2)TFjr=y$cpVBSfPqtK%5C80|YGu5v+*b!pW5disPRjK+r%5%U@1QZ5sh zpbiBu$s*&q5{XR( zbCaY_aC0L^CboO`cT%h2K;ebN#jRzCXKG|VJ|}aX>(f)SUAwqXWopz6*aMy)#-d?F znXnlx6Bl?Gi$>Rwp9qo?Kd*9gsEm8>UZ}xI$;r^DFLu`99K%`^+syH075Daz4&gwG zhwzM1{R=Gt{V>6qnV9~h#WDa1FqJ#Ham2yQ%xr~&P1KyrMkVHmde=Pc&3A9#BBc?m z7we};Vq;QV<)5B&gwR3#nhcm;YmGHX|l(tfod9cJL+`8;vs=1m|djVm~dB^;T7 zw324=i#3;CFEg7@)cXDMSA(0E{A05kdX z{Z-$m$OI!_+2i^>7^eA=qeo@H-2oDemY|wL)+$>ZIe?(@Wa$#Vr!zqR@bEAc;1|!I zD<~>@AS~5y?}m!px^*kq4uVmar#ooh|1Re`hv>^W9>z*?+LVy$fvD@4YB<=yFC|ri zUD#2D3(16R**A+MH}xhqM<}D92Dka~MeOYC@EH)bG4#-Y2hIWcHu7X=zvbuWcftuZ z%I^IE{#+jh?5*7`S{4-#hf)$LN-x7U5<*hw7SChLe@f;&oRSnGQcg>5t~E!+2abGB zc!w>hq`OYlbj^T+)y&{nl982F%~}c9N%-ExUxr4NvU7C^!}6R=xCp-7u1dg z(foO*)6Jx-kCreT;q?tV_HTz=@(@^i_Wp=aq9F$>p~l_nw+(HX>s$uKwG+8?v?(K` zk2d0nXh5T2s5~O1#zCq1@$b)A)94_3kj?}m@`3y@uKn+C6Y;xp>Hc1{5eF-GkdwhN zb$r5U#?kUSH=GRa^R)UUjBu4JRQ>&#suMln>E8nb6?`WM-{F7xZGtJ#$w2O=?rof4M$&YV_2Hju9vU)V=|=S+qlnyy9&%pf8OHcfA`ybz(viNX zFM6DbWl;)A3MxKde`x6Y6gDL*ucMx6HW!WdliK=s)sDB|EKz6>j!#5xdz7cT=jUy` ze|LQcw*9+T{riaa)3iey&m}f|sOuM|FzPJGQdCy9QFc~Nm1^T}}pSr)vw~4)W%MP{z`LFu8jcIr7*XJOP2K>mw7z8Yd z;R5&4h=XD4)-s5)e`i8{^x>xJYK5gna0=A1n9u6+FCL}owD$MX&jl8jQtE__O z0fmB$jow4D21>m;;VghOlN1lQmA$22!Fo)pCxMLQ6IAj3pTYA6J|TLC8bq|`Rwtkh z%C5t|snG~=Ps4jBHkKQsw+MQD z!PqTq(W5@$^7 zkE7sj$$PtejYA&qTzbp0a^Hg8Xe&SR7`Bt=OPS~=<@KNK-Y!ED+xYp{CMzl-`K79b zr5+E&d`=#00Ulpza>p4q<7L9Z&JLZcqZ@z_AbNPRd~W7gDvqW^!vC@?gzSUgJ?;*) z?E;fbK8;R@3=#?Gyx^sm^vukA|D1>Yn`F_*IIgA^;yj0=P#7m-?%R&-0U}|QrMDEf zYw4})sruCTcI0#A?!{uMmk)S%To4G~UZ51;hnWou!^F-mi5J6@{Cfz^-NWPdnh#*Z zCK?)6N!Oprao+B$%L|a5G7#^D)(Tu9FG!JMY;5}c!D!X|W*b!8k@VAv%^!3X7Mkw1 zJ2<)ZR`y-CCJV%=jYGCQlDl?2fq@NC2Vxv<6LTlRQw&gW>FHH*)B=_j5(fy@k+d7^ znW8mnQ4x{!bBQ+^pzf;)qww#(@xfvjxlrB;3Tph+J=B^RC2?_NScl5h-My-!BIJ}h z;amNbeKJ6kFWPaEMcs&+AZSlrC;ol;{&P6`f5^V^zIQ@jLlPR_31^wrdL@qF%jnv&nKw?as)w&hJ#} zBmQ5dKA(B;qLsqJ!c!{-QS!|u)Wp`5AhH)aBH7KKQ`1wU z5Or%H1?k2Z~9=|Djb=)YNH{1G*aHQd4wRSzKsh0M`b*fSGkXPdOES8>xiS2%G3!T z@!PvLzN%8P$ZG5zUv2S_&&2K|r@eniF-ov%tTe6cUgEXH&?NQ6M8}ox4e9~%{G0y# zJr$6o`S8`XH`dcG7tEL}LfBp@?)T|9=#eEbS=^Sgj+`l&v{;Eas1E6{Q1ema5DOqGH(8GMe7P_w|+M<|i!&rAKekmKIoSO-xG?XUb3;Tv>u0ISCntes~% z^ect)?&zecm4%gsVd@9XjoAUJ(CJ=9A9(4ihu9V1a0rRjJcq^+W^tHYwTDEaju%;X7pW(xzDDL|K!1yY z5fH->=dllCw1jJH?)_~f$e{TVNQ@Z?z!6@Y9W(&G;O6G;9~eNsr2~!Jgmk=QpNfK; zrHBD9x^j`j0~o#)EeiNEly@LFsD`|)S>s4%fU}jEFq2WK@uK5H76RMkX@~2Esh?jA z7lq-P0tuo*#8N4|9kU(DgDqsvpk@%c{!T}5NRrMqO3%Tu@`jodi8^?|t0aK`X-)?& z5t=K;IYfME`0l?_Hl=hSRf!{LXMx0?WBf^`!$X4o%dA5^o3XmC-tAqFNq(eG?i{s}nz%B=V{D3f(s9D_BgrvBg z#l81bM96`^XBcrt>ZSGN%il*wJV<(PAUY+VY8LE)9 zvS< zo4c?Pag3d5G~Q!zm$NEwD40YeT|V+-1qEjn6&+k$Sae8+fZBBJKHHDR&y%zBhj9*k z;p4tI)*c*o!NjPZWVrnr>##H&+|FQGYEP6GBGmV@)03DQG(A^ zVN4aKYlFF?Ex-1a_)7gddi-1`>lY`rwK~bph^%tcv9N?=xh-5ogoT4L&mPFVhJP|M zt#Kf+EdnAO0-&uYarP+f-8>nds8Eb^8n-(Yl71oI1?{_jgp1}apjqY2Tj=#t4nOX^ zAi3hs&PkH^Af1ov#^LTDp(kH9pe(-_R=f+Bwz+q zIUWR2q7xUZz)>A8Vc$bJzWxX2uxed ze2Q#O8Teg)zw!9JNzl?Lv=lVv%5M0h_y_*pA^d}brpQ#`9wLJUSl{~lx_LYj3{^Ni z#|Ki18bxcuO!$l#%Q3p@(yy-d1CY==f}3zljkRYyLJ8bxt66f4;%aEyo{f17isilRYzRM}&jn;u1`Nd0V4Q&Q43g2ql zsEmE6GzGM*Zn$P>RsgM7tmfpSo{PiDxEzu>e@Q^U*f|p_2)w+C@HE$-@6^D{J+Q}c zjd9+KXFBJn-&Ld0Vp52}@;!10S~w}#l)Z`+2m%Qp7~%6Y z&H-}Y`ud)Dsn30DI2M2xnBbyF0$69tiU%`*(#?PXr^%ibnY9I#02Z3%I;84JTluWu zxJ)dRS5yk=%azv0$Fw1FNA%Qpb&9@Odl9<5Ni9LS0=$Y5pd zKX70aQK2G1+)`_FL&Vv#A^)^7?ATEXRRSfuZ_l2{6uo1lQ;}HJy4u)<@bm_AJb>g7 zIs)k#IfXEvR{GbFpU=K;L`F)?!R8Z~O2YF|q`OHnZ1;tA541B&F%}@nVS92)d$!@B z8^{x@4-@G0@{nxcPeK_+O5=3q`WJl_JK8*u|obW;T=62DI>bVs)stxPj;*d*V~GVpJaS`_rAA`Pq)XX zSA*WeoZb#QVn>6f-B<8cMnbZB+($Dp#td0s;4A0v|LC+;)6Oop(&)_T)0&V0k)+hp zifq3kuYN_0l+YpN$22sUb#EC)oaW}`=dZNus;N=j`{=B$EAdtK_smSvdli^Qq)863 z#KA!%CJS)~QMOGd&*3JTNzXT5P&u?bdiOvnAxU#dU=Av}@-QzqH>GY)`<2_3eMRf< zJmCpda6(eqzZ0QKoH$WeXL{`SZOZkMfD70K_>%`7KEn|^GdBlExpCML%N&#Z({J?Q zM`I{ILyzBmJ8gS;f|nui1mcgD1&eTdVUR_AF(504@&HQyJtT|0)m>NIucf6W;KmJ1 z&-W`sZ>8JUaaoB4R?4xDa@i*gsVhsZk2S{dSW;Q=@VCj}8iKJ0cHGHIaI0Ba6a$eRA z{#NHz*U%sxxgq5b9&(@DwdLeFTsjtQc5ZI1o`O2-?)&dh>}}egCm}v5AaJ+RXcH|h zpWbWNkr#KN?UMRJf~x1zcp>Wzyl(HFJqf%Cs*o^`aDJl*e}rHLBEYXM2{3MeYGotD z$`ge6X2yjhE)8oRJmHHVsgEWlvJqi}>cQX0U{X<0MRZ<<0Q~m*6l@pFAoxBdB_(?p z0^{O(Jt^tR*PI+3=_zr{ZVNqqj#1?XD2uf3-~)a#$_3b0jl#h_xJ8QG3?+Ip5)!9n zYE1JcUy{-KQdgLZ;=1i{sI6uIT<>#naf3__wg@}j&GsH+;hE{_)7%V>R(b6hIpV2m zL8ffArVbY`UQ|-Lb9=84K@b~bZj;U{5}HF?fBtpcxi$^Ls8p8fR zc`~4>mz0H}pr(^3>DAC#j1I-OXKqF38)~k!#;a)szFn<+|?+ z+O%oPRZ=VpTLC5*4r=(`Ra(a6^Kf^UKXq#Nu3bC4=M9_J-~A36RC{~`3Br7Bem0}$ zntVUDpOTkfTwDb2etBu4x$P=DCmt+u_pa%zn641fB_1J1X~2vLuCA?}rp7xw=EOpE zO;#YBdfhr`%X{|jMR*opCO!>z^v|DH6B|y8ufnhe#2MS=+JjR&K7RW2Y*1v9 zm6mWITTkn&H8eJcRa7~1Ci2X8H0~FLg>!RrE-o&l+&XWl^jw!iEeB_lg|)RhQUjqI z-cMnR19!(t*csi}A|@`5Qe)FCe)XyZ$J$}jYiG_Pk=uV&LOYYBrojWo(>}bsyudfr z)zuLNd@IBUjqlmBABgD5)dLzKv-hLFUt-#4dETx-+Y42kl_l_y8yg4*wTC*8r=6ai z?UV3EZUEvqLS#6%Fzg@sO`o#d5fvk}(fq2&qXB_yZ(y~ilJQ-t3nz zUGa*^*T3nCf`fwG@oX%BT9M-JQp0yt@S8?PEY;L?bQI4qa!`nf1;}mLy7iiUqsL^) zsd~!CO3xY_8&Qk#Dg#ps%NX@7t*y!|Sa3=!1EQ8Zs;){%Df>%PZ`WgGef_u=OOvc% zY|;c(oa%S0FZ?QTSC|sdTKXl>$pgfMo$D&8hX>2yuydSi-+DEh!cG(6Z4SXB@VvrL zbJwcmA(plZlOGEW?2j1MA{fZ$`~-!h>e|}qBg(sI{I^BjySG^?s-v^hN;op;_HBgx z&Ykh`DU(mk?Hor3xp0ll;O?KrluMvb@`JWrTqw#)%X$N2^58}-zE($%uKhtzvd`|_ zS{;&)q2IN~@1RSF#Lt--r(2emr+Hcuv`#=m5f$wp9$vsPmSseA=t{IQHEvf59};u) zYi)#W2Ajo{fwT;yeMhr?eIO1uAm5CG->!3E2o##D%H3<>3ED*?$IW2K`s3R-zu8?7 z{Svi*usm8vF6-kXlUMldo8e6_-?@E!e6>6I(POVlu!|0}aB_0)*pa1?4hx2o96^aE z?{Fw=0wdMombI}lWpFy^&OuroKt03;x{j~=8f&nL*0+7(>$T0=+S(xsdmL&-oi0Ie zjE;zK?f{qob&p*b|+^23JrjB=|pX!UN^bo;~a2(3!u8WSk&-rt^Rsq(0>ank@qMzmXyfFLvJiGoAR@>C()tLJiMS%jfn|kZ5%|^ zSa_Q(J;H;KlH{7K$o;qw@&+MDNO;rKl$V;ipPzpmgndXhK<=D|#@ik53=!z-Yt)28>&D=%QDz@GS!?`*4e2ouVsOvr(3Dq9QKFw^&+PTGIIE zXlHs#%k1C3e*B9BSOQ`;0uN5B=Hc8pGM=5C2k2>lq$-RKc3*3;%uGr7Y%YpEg0Tw} zRXkY=?=z*nuumZW9A5LHMp)-wHvG;5&W)@4wbI62#itjuS7a VZqJAB#@`TUPAZ?sk~8rCe*osmgx literal 0 HcmV?d00001 diff --git a/docs/versioned_docs/version-2.17/_media/benchmark_vault/5replicas/p99_latency.png b/docs/versioned_docs/version-2.17/_media/benchmark_vault/5replicas/p99_latency.png new file mode 100644 index 0000000000000000000000000000000000000000..0190118b22f8ea7dbfc862067b06a47bd6ce0d42 GIT binary patch literal 24062 zcmce;c|4Z=zCU^!LzFUQC{sxpL#AXXLxhl!h$JL46(Ukni9(sDB17h>l7tWvLXwJ% z88gor&imH0_TIm}_CDwQab9P=)>_X~Zr6Pc-|y%1o<7%I9c?u_8a5gNfk3BzOj(aW zAXOy(kBXE)AdD<(pCb@VtJRg2^xb2}I4NFk>FdF+*JHd%UUuh~+-zSEneVW+ za&Vb_HdWu-$Uum2?RxTDp3LDvCz@cNs#we4d&>`F;h5s z^5mH_-*F!!TKAb>4I^zCbuV39UH6`d|Iy#) z>F(bD>sR=rM~qBNK^!tJEy?O4W^W(0Ow69LYKo7GjI8x3zViE9S{i?`0r{t~9n->u z#C_Wt7*6WxUH|i2YR|LvwQcjO3qM6nU(e>0txYd1F78Ow>*3P{5hx3O5UaR?0zmK zdfWmIDF+h+gD*JS`VSvWOikBk64oF7p{Aqro*QZV{rzQFSXjfyk5~pj%X|{zkH#y(1&bzZ%$?1LuZY z_c8~zy}o>@;^l|>`o7-Y#<)WZ{dHmAzJ0rt@GK=IltD~PYk)r2j zhnjmoD<(C&UA`>Cv1Q3+eQkB;p(|eVV;wVtO{OL$SH`|71rtwWy1$M^*ktH)dTY_8 z_S*W(d-m+XlH`zf>c#@VQY&=oIpX5t?*1w+uJhUPh~B=wn)|GMeSMYdXFu1}Sl5RO z-K3=RT%7E|9q9b=qxSgK0|yS&Jm4I3Dc-hiTYI+YwW(eTCHf~%o)DK_;TWs96)n4@ zpuD`ighZkJ_ZJHjKOI}vNeMK*n-rD$S+3UA)vbigjkYt8hs4F1>gp;bHD{ZZHTsOU zJUdRVbj#m=%KZ(_jE#+rX8c2SwTh|f;eGq=dM$NVkcly|?Q;9@Xy4J>v^{0_@7_Hp zy5s6Z*T9tf-Me@9@82)w@Pq58=lobyXsDi@o#2BS-m(v_SFQ;2^LIOr4h~v7Iwm9} zh`jP)4!m&gT%JRx>@@!QBtE{YIZ3T9f?UaKq4Vm%z(9XJ9lK;&db+bT$F2tvF)_#K zs|u`}7E6|~h!0&JQC@pvp4R#Cr{3_rk?1pFI!tauBH}HXQ?s$bC;rS zH!UrH`tbB=1pPt~x?eQ7!ERl+`rb}(MDSY(kQQV=cYioZdaJW*>x#`*2vGyEJC3@?o z_@bhsof0usc>~X?clJZ&e;^pP7SXFSJQhw(jr{J8r4 zdyPT{0>zC>=8EbPY`?!1UBWfcP*HtqYx~`v^D}hM@m~!wsp;wJ^i`;0em8GMh?r?7 zHG9sD6gl^)Zr!@|89Jj}1?4YrgrJ0o~4NXnW z>`l^$9j^z-w3{(S%5y{Vpu_8Oj(K6GeC4Mme8wdi8&?RD`e zON;CTMmc3Gs}%D%a-}yu>t}Q22+vX0PqFUUG1gfUvF?H*Zd!6>kB@<&;rgoh^g!PE znve2-TC!0ps^x4R>^hu%w)C5miI!FtN{?DF$2N}7ZEXYVnNObRIx+}He0SQ5sx)V? zl#!9KS)0C~Q3TH(HT*|!bs)tif8|5IJV$+%j+a{%G$kmkKfACw^+dw_)D(BbOtX!I zWQ@=pDaX#8M~@!0x3kmN*H_lYt^Ly4dTnlmX=yI0TN~>ae{E-PzeiTK*h(+WFbKgj5wMCvmwh1c})4^-=b}m&F6;BEa zXFE%-wq#Y*)C4qGq2fMD;E9TgdiLyDkhX!I-t^pDXWn_WBS%POLL(y7=&QCWtaSJG zie37WnV&D_@}{s*LR|c0e{-F(*UDmEZPaFF!B;-(Z@Z(OeqKLGsHH{wy7wl3u5zma z%CMEC<&V;95pM{p!s$b;sSjdeV*LH92kIjxx=QQIKC~5GGK^?KS;X2F$+DoOr4>H= zW(OOat(DcUkr7*KYgCSs%*;%YhOIO-BOL{U3qO4(#>U3FyA|VI_U+pjC-43G>C<=b z-aWmxFpe@Sb?~6~>`;g_#mD%=*Q)O^p@zlcUOc>r3s!I&(lIwr#6AcN4D|O`$vImZ zJEq@pYFh>ulxReE4$>!ni@4C$}ua5y`iG2 zy0+N&;M)8c9%awgUD8hG4bcZtH&Hf50Yc7}T{m^iKq~`?`Y^seIU%jMjK=*`CGg16 zqcKV5A<`U;(*yM^f=2YLtgMWT5|>9lfB2wLtWV0Nck$wIvU=G2;GNgdx*tA#h})_X z$Xr*#?`y?1r)FtoZGA{unt0rI?|9_p;}sk(UAnfu<~==#{iD@BHrHK1A5fH$56!ga8fqB1jZR`N~q7_@wMV! z&7nudvN(T!^sv5PwZ#Q1E8^AmAHRBa0ZX<0dv0Q4`G*hBo4wcOzdMePqmExyz#c8_ z9PcVUbL_yEFJEvg>_>8@6-MBFzAW>jvji59}Gyuw1p!5hk64K8$<=P0ntJv}`?eE86RoPi2mITfm#j%F1%y%Z1nHXjK6#Z|UbdbiU5n znmax1vR2tWGc)tO=#pC3p6~{%&GOtVib|+YJ5Wr&=J5&$WaQ_&025eQS)oxczVfqp zo|$O^$P0Le=W*}e2SC03{Zj>gma~e$O&S%4&SK59x3!_GR{U{w?0j96mR9@qtMuW+ z-gTjS-oAZ{o12rCMny&S%BhD`VTHVTcowHaE#pvG(=B-;IC#s_E57Nv8~q7|z#m;* zUHwf2nrG;KyLRouwr*`{vHkwyH}>IRL(J8gUs_%!N+fw5WBX2~WS%X3eKcSTP?&~> z#@gB%u#4lO^qt$5h4;I@el>DZQoDFDJv-Z>H1+rnR#q8V*^$xFt0SK;0#RXSoXa!X z%pwewCA5FPC$QA_myQDa_oJWd>FRRF3bzt5~wk?HVb*>fDUWn9lw3l9&ksHmXJIdD)z)!LkokI&ZD z7EgkQ^9Kt9!%_M4q2rIxdF9XN8J#|Tx_>UUrKJTW@>GVw?~a00Fopc|SP5W4)IwTL z`5%pq!e|)H&CXcR`GN#RFC2;uwFNf?{eAQ1%^i00nWqbO$+>f_jM5N_-2t14%}Y)8 z%Gj&xtDep;9_#vIzb-8fHEB& zUBy8*0DNn)DBLkXoZnrge{dyKe#bO4jEihf85^^8@TcVD{7lheM_H%5**xhy;U;Se zGOC;HrHU2cW}pHKL(S*0<~D8Ns9n}nr+(QVU1BXmomddi|y>ioBUwS*4|=Y7cgGmihPyNBjZo z5e7B-{oOFu{=zI1k6C5)ElbZ38;NfbEt?5d`lhDdAZtTILpY4BjZLOeUN4r^@bK_- z_U1%qob;fRv|-NKww9Lt!ot5qhUlq(?k5yVY}vBKb+8dtN>D^ZgrA=)Z0yfOS;SRS zLJ+@*NP?7OJX#TM=Iz_JL8kx_>%P0++dV2SO0aRjj@qjod+gY;AwY5mhj9SU&!0c% z-XUXbz00r{4;?h%OXlgYn3ywX&%Sl)d8ZX4xl_(vr~d_&D0TnfpbsdHmKK1XaaR$+ zOV`viE-!Bi)qN)i2VlVb@9zt1tJi>tCSDWRoUwPG91WPC_?b{`v5mZEY>b10V{BqV zq!9m`l$Mpf9S{)l_%Zs&aXjI!%Ony!e0;x9S+PgKKci7{(8^G1Kqed< z9Ys(gM>6o_7JT=E^Z{`=zfkeLdjZAJ!NCCpLjBk=Cnu*nK|yf}K5x5Q>j{jTei!H_ zsmfeeO=^x;@DYBc$*Sm#syqf>SNo8=KW@D?b)BlLm4cI0Qv%Noeed9&wHb{+n5XcO0=Wr>uUg{WkNb!y_ZV`ujh# zgDh1rQRrx*61{bwdYYa-OeDEzX^Dx6xQFXYg9#hU3FP9;3p><2lpTEb>`RBZNcLU< zL3dpFZV2di&wkN@pi0u8Cmxku9cc;WqfzQc!0u}XoWA6?ZY1och1V_l=5 z;d($5Sr1s;!V(P*4kq5WA3$k`+=g;dKk%i%V4fZxafh$HXtq}Ta+AQovXpsgTGtY- z_0=;G{!DrAWvm%WN=nEVHkU4KqNIGgsJXFf1O-37duIWjEXW+Fo%&$Mfg>s^7l2uN zz0UbwGPl5;@BtBE+rB;Dt|K2ffQ5wx!0U9E3WpXBg%{m^pA|%*Z2xQYQhu7RnEH3X~@31E8HfzkdrY z@(Xi2QSxEI6zAnRm)7hne)Wn-e6FjIcx`)7Q~&Yf{X2Jb^z`6 z{W(P|=GLuSSScAZ= zxjd>GY-wq^d(WPZj*dF44b{Snt-k<@Kx9Y2BS8s3mOg&`SarIUg6oyzq1r0BPHD>?`30c9T5_OXZY36kJN*O;*&HlZxWWrj9GriSXGs>gxF1s zmey8)2{CbTaS4gfU%p5lJeZZ9zHNrxG4{sYfp#+=u<)lbG3-lw?JX>N-+0X66nKd@ z{+zvi9Hb_6RgjiakC|Ve(@)}2RY&vcXo6P)V9-)i_xSh^jgAWZIw*>xz3*|t76170 zW04mn6kqsfb~wz0xUC`&oY&OS0{SvDGOF#H+QKQn0_1(*{QFvBM}Fh|=L%5I*|TS* z9J{bG2e1plU_rgBJD5rMjL``z%gzGo04@&bZ}Sxeutj|Wp3Zpv+Vj+@$2mC@=x}p$ za|6WYH{`Yq=?1?V*=Ooo2U>dCJ7BoaO)h@JA$YNLvfdxWAHGKzt{9XD62KGD_IAz@! z3+eVkjHEq22effYUmp;#%EyMzSFpOe8k_JK9<`z2%jD!+V^w7?12o}{eikFpRl@3M zw`}<}<&NbQ2yyAb1D3(Qdnz0j!yu|(vd*A7Vwn)-A7f+B?s5|1<9*eZVJN=iKCfCZ zxSO=Jw6dC7Q{;g@h^f4)_a9!pNSG@{`1;s25R9kz@-rjy%y%+ETiqEI&K$dOhiN2sr zsai3=y1PFWyIQ+2@dQ*xVckfR-1hNNIWHDPt`r#=IjIIQ19%7>M4%ljsK%<`^5x4E zYG}x4=mUn^%2|NSDf`wBJ$~9;RrUMuvaDy%F5&hS8iA=4@8)O zXM+qIWEwSt_mYrN+Su4=MoXv@EAzXC1|bCnALs&rRCbbo-uZ8a3PVjrMQ?qEJkkii z)6>_-z`~+NuYBdoi-d%q==aXo9Cb8NY*FlXJ05q0!WR+Io}{)FOVFbo&jdB*jIlA4 z2lvX`bSf$;*z!y>W`=@EEQTmL=zI_i@Gz|#q6fyt1Rr;j9_tJjI)h^H83ht&Xl!Kk z>h)`3qg*agQTnX}QkC~*j~^|@m@_?ng{CcO|E;R5RLb|A=TvVs^e-yEp&!NKOU`ri z^KU)pY#~X!IZpPF&&!|c)AWHIv|9prC-xJPX-OzQwMfgz9QIi=aq34eMTLzpQz0~v z5`Q3Q`dUI-dJ*WtMEE5XeQ9YUQ`4P+R!;^h4vPAQt3q%5QS6F!S>iUV2WW-sEx$oF zV9Mw_3;V*D>)^p6fCY<&Z92yQQLkTr3-M?1Z?5rG$8i1o(5E~OS zGvBY<(qs?{iuVZ#ndVyp7u|tU;^2_&@9z)26tpQRDXG@pnG%wMiz{jY#b#!7)G(1@ zH>lS!SI53`6Q4MN@Gu4o-&0Cb?BGG%ekMG$9RxycP-&^Rrsnu$V_E}$>>Z^f9jYQp{zorv1qcj4EeQz;xT(uNGD6~>=9ZRa zkdncVQAw$(5GbP_Jt{|YAEBk1P9B09Zg2P4Kyrl0!=L@KMg> znpfbA`TN8O1mj(Qy&6kv>%snhx8L7R`3ZT5!P0p0>{+#?SX~4z8N@92;SwNLJt`)9 z@S#J8e!g-(y3!ZSsc?4Mf*n0SE+L_*ZweB261twBlA^lEzyntK zHhXg2LM#f^5x|aI36kiZ-Mi_@dqze)2OD>?v&ZE8R8SPJ`|u(3Dm9@O6{Gd@=SMaS ztQ3)1S@yUJ3kwT0Why`EtK%l%f)RY2(oTths&oZCAS+;Omt93}m|Fhw!lEK9u;!PJW>Qiw z@87>4yz>wnJG+!@ScBCB+I`RYM+t!M=n~kgG+lgws!2e+G%~_*+Uv``psG=tR=}SS z56Wuq+@YF|x`9o=l7B{ZVq$`moxQ}S`6;w8EOGCPA$4&0J~lM?EcR@wsDLg2Fb5~) z`}gnl&%4%}fKt4@ylSodK}PDr_Cn%Ks3;G5MIiL6rmT~X`l!-ZK~Lt>jQlhd3kZ~L zly}6bAJvE0t-P1rAgo!Qy6CN~t?h$81_cw6q{P94V9&gb-mjtFE!7ro)l^Y|{bUQ6 zy|lChg@arPh$j>L77hXSGPx2qerj^EC9I#7EELk^g$Yg$j?A2#6WQ@ti}WTn+~N=> z@#)H$eZJd)?{K^3N7@9~f_@DQ_=j(`39(#Y>IDEq?RxuXyyVTBH-8o;!tR0=UquD$ z?X_@egh_--%kADX0=x?R484PM#s@ubZ$UIk+MPPfV0I~OH8pFrT*$`7z#ceWKe7BY zyUWGDxn!dXtU%X((~B|(H(J0Bu3mt!+?Ro}?T1?XninyZX zB%;{uTQqp8g6Hfpr+%Oiw4Kn6 zsu`zA5Nd#Oh@1Z~B4V(+`(aE>$)$E-_@gF-o8g;?RTV1_EOs1x92X2f1<$_G5G;bvQZOgsi=lJOJ2Sa zASEoOaFyAN| zF;QK?Qq$x+iMCAeDxo)jddk3nNEeO11{e*kHu+b$$iI;4u`m>cXR}CDs)v=R<^gl?8=ISw;mQ6iVFuO<>BQeiqEO77f$ZNT?)S6Sgv>SBzzUf zpS2NS7ss`=0nh2I*>>!pC(m;o)c!HLlR&ujP}f&RTAJ8ry51BgCUOZ0*`u)G(STDz zX)gCA0jfb=WoAYyVDH|&B4=I*;xjN3^3&-EgtTL-B#<<=Gc$)rN6T7NQJI;U;Zymi zis9p?rQK<;Vj!PFLxaDm9WNK9nuH4fpo}M^e`x4VeKUbju6Akm+8gG|`ugLGVk+wB zpfVXq zh=_=c^z>7PhVATwP0+Q<@UXkPh+oac3rP8=MLMwhLqkK+ix&u{XJ!gE^DWYB`D+gy{c;Kd7r+FMZl5UUuv-Ef)(AG<$BI)-w9CkZ@qP*QT2tecIxx_T+KCZ8*I z<*#4A3=9mw$-s;H7f~={AUZ-lT4Rh6pu<(G_^Tz8-)&5d_r!$fi2fzRl1?HW;? z7t3HJ5E#S9n4LdDa%z66lByl|;p0b8e;G*frPQeNrmx+&ebDy$a2Ao8R?g0O#O)Uh zeXU!@>hk3|oRU9>{z&R2P%dg}>Xy#E|B3SU3kp7RW9Xpx3X0O&+6wiS%I_6a2AIZN ziw^4Q)M0g>TUvO`AR>Xq^$!f-6tBVM179Ypw3?c7PTh*&-iv3DMA)b%N~Le!B>y>M zV{02)MoQSz-AAJzf;$ot!rjc5zd0A;(&2SMF)_jR6=qzc^Fcewq*f9*=2Jty$`K2EijS4__!ONGR%h3>eq48oF z>F7KxD^mzk1-EojhBFgtB0t zwy^__GMT6jO`k56p*s^#tRK=$xT*hav0bUC1=FdoyiqF%NBA8$vGIJ}h=Do9HO6HR z;@_G*{nSK+PY-zndkKlTsMMYdo4!H_B0ApL&z_yq)opf)<+#}SdJfd9U-zJ|8&^4j z|KpDzZ<^J5L;A4(=HfTaKU*T`!@0J}1070y`V@tScj5>^`6#||B?EFbI$hT(!W|0Y znM`I8gM0tl`qcQVNfE@wub1y^<6Z2-!UJxhtEsD-pP$D*3NiZ)_(E?&mhqs%JdIlC z)F~#8GLIRnq`uvhWIpr+f`kgga{1&|2XDy)?~5ydIFN!Et>p=XJ6r$xE~Wb0#0&eh ziBgE2R8tJxG6HmppxDh8Sp|o2z?9VY6@JLra!VeXojRX_f?3xd!kx|D=8D{a5nvD7 z?fnR0A3=WcSptEcSQmAu+;?qM!R2y7x7iTc&2Ty(Ug9+xOOi)g;&_Bau1}lzSc%t~ z`1i^iwh#|FL`Ft)@d#&Ru6QmOHk{$Z9@D#JWFR9O!L_QbO~YSdzweZ^i%dST>k=zE z`x;EZ4<(3hF1}+mf`Wnt1w{&Ce0FB09CC-{<>ffJmkyoF$W&qP6~1`URbajKK~0zk z*4!sj^+6AF5M{JYPC0icB;+zOE>%*a_@H!sgTRS81}kWti3010UTc)>((ZB?VG8Rj zt&qe;?32>dS?TFTJ*N9%8AzmS6CP5`-cYLla?H2m`j;U)zA*F|&D2(EKOM*G!HP1;7TyBgKa0ffAB=gz6ELZ;w- z@a?8$Wqp;2Utxjfeer5|E&*_L_n#|p>~c(sw=*$Sb2>(+MG4i53*;Z{gKAoO_jXeB7=ct=5iLMr$n9x3dLu%RJ6EHeUuf_scD zGA8Cb*cUEU{K5xDP;C&$&_0|g)PU_f-&a=h8kR%rLFwU-Jlp@$RX1Uvzu)N08OI;5 zLb&e02BUJ2M$5_MAR*XzB(KQjqDg^N2ue#wR$EN5IN-^qfNY|TX=R7j^r8RSqg~Ct zhY<=WP3@Q1I*hgq_h63C^1=nvQqO~2T#0o700q^%$`z;l4`er9>0sDEmxs_i3A-CZ}i-*{^SVg)A z08rz#Ixk5$=sYA7Iddw%w9L#m@DTx#k^_F^UpNl+?jbc%^qw0zRa(7_{7t}?oxNrO zy#MNE+0i=jPIi*)fzrN50P&vJ;tOkQAKHYezCDuMIt&62+_`m^oQ+!yq<2uJLozbR z#b_8?fE^(Ygl6%OnwTT@T7nRh(!IF0`Uj1m^@aTz^#}Z>*qsC&`k>ew9bdn`xwhZ{ z#~LvXeO+BRZMiRBI%2KCDtu>+UJl%%q@;wE7c%P(`wl`z@V$E)NfQXUdLj=CZU5?( zE6f}@85sc85tCs;9g3Vgbf}igeUBu6*<=N>1^m+xBW3p1E6OWY!_BP_Oz+8)9t3p| z-~wGx?9$QTL7Lz-=ssEy#ikBB$(t2i5sCMA9hQX@+(Q$BVut3rx%hC>$A5~9BDdZ+ z84^%YOC5$R^9n>30$KXT4HBQ-e0=ZQ+71c}Ynz$3cyz-V5VU$`Tf1Y9-27R#!)ZhK7ej=<3Op1dVbNo3l{tu$_Odw4rtUK=s!&;uR<8 zu*GlG2?8Pt8JU@n&K)3dX`!+f+Pxzk13bVJLP({jr$=triQA|43I9_u+RIgg*s6P+ zVAu7Gk2`>1jgB5deS$Pxn=9vk6GejlpC+UEl{GRY<=3NqCviBUHH35o_$C}%utDOj z=@Nhac4z<01p+_Gf35gDUwF2-y3RnsTf#F!Y72=QScNc)U|p{ncC|&^L%9*2*p80; z(45J_&dv^NHz1$})?0+onR)m~NMJz7g7#k$B|uK_4bP!&B4cRYWPo%KQpM;~RaI5) z?(Qpd?PhRW_D;+nxY&}6hp_zT4-``$(+*;*4V#`R2OK(xjSgO_pioAX$G&}|d3!vm znHeE5KoM&-fJP04^O zQD)UkXJKo`NL<_=Sk05L7kRJGD=Pbm_l;PTNx&mZiPZ8YA0OYjbLX_&A6=-&7bHGJ zemOZgxfcB>56N)&y&8pga|r?>A}@1uZKNHntZ;#X9v(s@#Fb7gs5}Gmxd>YTSA8kD z%NSOtsi6VG`sB&LWXXSh8N!LtadC%%^5Js0z_P5yf~cxW?z)GNoo`Mv&ioun3KHzd ziX-qG866D@iuKj;?He(>k1}Ltx*triEcwSKReEJ?8px~TKg&*>rMcqdH1z$Y$W89n z8go*`R%{bv$!6W;loUzJTKXtPG6J#h+jJ;zGP1K9+W_n--QB(!Ge|Ljm zxw~9fZ3r(sdrlO6xI`5%VK*+?Q|=&M=A<04Ey-a~`=XA{!4^YA8pTHhlIX~^vERyy z*QQOIfQY!5iR%(U&g;W3{LOgmn0g^WQ_}9}?&-NP+e?I7zJBz~=GbrP?bRSZpEz(u zzj}JMadJMmmJXKZ8s@?YZ=w@t2&#l6&ljX`a7JrqAiks2n(6K*NE{;eXFkDl1papJ z+BH5j6uB7HeFij4&6k8<`kx+%a&rVk%^}WCGOwW=08XkthDF$5!0c**aI2f5| zP{>yUle3LR6Bs#{%M&j!Fq=cf!HO1SuJ7zTEH3Vf3dg{wIXOA`6~&TPKwt206X01c zM`{SoRu_ySHa0UQ~WPnPCPt3c)U-t zv$g4!;bnKTB*Bz@+!wc_8EfnlM>G((U^ym+q%ErMIQPAuoA~L2c@eZ}sGeBH-(l6l zF^Sgs3EKc3)_70P69|1aHjB>)MA00T7-JyFLQ(le%3ihw+b+97#MFq1Ye~P>N6ISf z6xtW#X=CI40s_a0b*}{L9D5PM6mAC?78LrVr%#c$kw8WWsQkF`5A+WhKx-H}skjhC z2Lo~ix-o>nl@P@1f%c1_&A0GM1`t(K1X`!FK{9Sp8o|Z~hg&MRdskgsI~Y15kPzhE zT?*I7dV08w}sS5Lq3aPY@L|Pz)*TBc23a0#y3Jdr-QSp9U-GZBghYZl zueAuX>mEo%!l0?UiqR*C3;X+DL6F|wwr_h(!~27x4@Gu8VBzF!ve&v(@J=UIW=~=M zgS(u>ll$-wxMV={dG_paXy{X<9* zf6(rzD2`ZV;jY#lfOHoS_k z|5YT(S_OD{D_dGzD*Pz?+Q(mC9z`ij2Ptup=8%okCf-=0;g>z}@G!A&AFKNMHL`M> zx7rSLLrj@??iDgaJhvHEZ3?*&cBiz|_N+mKPSFqni1VVNP9Hl~3uV7nWd@ZCs{<4t z4%-TmnSK7OZ)msxwgbkw))T;qg$_*#gJ$rLTW>`_+YlbMKV91NF>?P%_ANU}*k~sG zN!sx$s+7Ve<(6VGJIuAt+u3ojv$OBobyi0w7Xwz)4#|y;jj+M&-Bo^fSKRE^2vWL9 z34sokHn@Hum_tTy{Az_7u>>nWdSnBp|NDEOyV0J&>izt+FLUXglScAe#MYYfH;Ycw z{sqE7fglfd(kGpaUp86laX|^VUA46k8%&2Btf3T1uti?|s$vdQ@K2d+)S?i2kQSou zNI_aOC50!xkMPeA5X|m*`EoHFk^wPStOru`{eklMQD)c@kbp1K*^0iS2ZK&NT zw@PcH41%o!#^YIJgd!G!o?e5R{l~`wYx>d|WCMq!lpFi`FMJvf=SlrN;6CFnx9=35 zLQwfZ+?{_ZYX8fiMx6tzH~c&ZA&VklgRp+SIT=Hn0>DLIM5b-@ASt46vT!qyzZXk~ zvdsufYz)(akX>wlzCFCuQdgIL&KHSXCxl)=LqX!vrTrY4SXi!kdLkZ5dm5xO`iTe+d&MWsq*^{dJ(!bn|efI9cCmRXoz&!&=Wc12#qyU$7 z)h3O2#^>K<^xcg;N>3h_2u-)QkETHxZKkI0?usvfn8s`CsQ4THw{EQB*l|oRm6vpt^=B z8VHj*pmHBS{gm_{V!AO-xH_9i^HxVJc{f+ zF&B(@2#Dd_WY5tp0pj3;P`tv<89YEr84SUnLxP9r2+k`@Rb^j;a(|(mwlnSx=9kdsFqH*!-w^)rYHkH7suKq72*)(vrqbKJec`GU;HEo<9& zO9<>309>j>+eL)o=FOWFWcTX_kcD;l@hT5}om|NdMP5y9uZYM5A~HZKmt9>!p!@r@ zzklrOIzC!keu3w_*Lu_ z&*j;DQLdnd4WYWc;t};i81*TW!^c2+YFpF6&K{oF6(x4z1Da+X^#e`?gHxx9^7HRK zcwoIo)NtUp-mJ6aDaB&M^aDU}b8|D=TvZkEZsDO1HpcN%@$BFK0pM6zxDkU5Ku}n) z&R4F0O5M4CU(RjlVd!=TMxd0SFkN3DP3T)V!50`D1Fdds4CcTx`Gccvm={o)fPPSi ziQ_M*{#Yp^zmwq>15bn#HF4OvSLrk{G(hxQwlo|7`g|GM1#uiYXH0=AK1A!K zhRysxOjrF?nE%}q`?o^bQ}>YYh|zmQMS#J+$F=a%na4jf7>hGL5AN&d4I-pbkWebB zhiu|`w1elZ(#1=ik}^W4`?HOhG)b2z7$J=(CKqpIVLcQ{lW;PkT(~LMTBb z3t6-j?YQSzSwerJ!H%12muc@eSRn)D-S<9-V@qn+85r#g2pforA>z{jNfa0z3W0_O z!nDV2ZJ!quxEdKnLJ)@ufBzD+PYTRq5KS@oYJUJd>3+&yUvYPGngr;h^857V3vtp0 zwb$b)XnlxA(f57r$R&UTE7kf|-fuQa!j>gdb72R<>bU9dwg>6U?I!y`}Y|ef-V) z+my94dh(Gg#oSHuH8+AE7v|o;g4Q`+nVv44S{In=D9l@WG>y3*>I4JBlWOPrd(dB! z^YcS731nkSlkh(60_fbv8GZGm*bE@whO%+nu1qrMy}8B}o@c;qi!w61|;l){&$AnYLTP>IZBuUQ}N~YiY*p1d8lkadA00 zum0Q+5NBqYnUaaO#5<#os7z?+P}xHx!2!^gyYqrc1cW(TfW!?mjgYDTXjMS%cT8Jb z5-~kYAUA=8#6r#knnhbfSm!n!I|Po+(^-K2&=iPc%axT!B`L`G1+fSaS#Y+(a4zu` z5)f7!%ou$+YHgT$p#}ozL8g&(8~U`3SCyXpfbHir{O!zMkXwubLLBwwqLPh!i)b*&XGZ^&yvF@?Hc36oXdgS%%*MYl{)jhY-7Q{qF z5ntgMRPdNaCu{ihDHnVQM*&)$U08_FO2_u4c6rO71{vV5C4N!j8=@?vq@>8FLyznm z9lf@;;(;>(V21EVoK;v&AkK)rv?8Kgmsbp%;z{vqL>SA>b@w zVU+_eNcCw6#~Ht{>p(DU#9kO%GOf0?HSA|F>8I&h?sDuOMxztzDJ)ncQIM@0_183C zw2>6j(^4K)r(QVZ&%Bw_!Iv39Nf^3%@EeIQ(NGMWL-qswV8c)BpJC!55WILH;gGTj zf6enQnY@VKHZ#LGz1d>n?5xDJq$aT$*qjAdVIIsF!)?HDMRU?&l}3POSeM8+rhwqKs^6iyffWKg|bFCjhQGERkGr{A^+KQI8nmdgRBDT$hLKvR0DZq z%shlB$8_h2`!a7Bg$Q1RuI2d?XMdM~tgtV_Y#278xMsNF;H7*1hB*FdVDI)T`*{)E z=yb0HmFV_s9?kaTeyQ4D$cT43xJBq)CTMMFlJw^5b1<_IJy@omh^&qJO;w_NHnjGl z#w`~VxMcmEiVS}Z$FDwGYnri97_)SC=8P`mA?*9dYS{25$!L^7ae(%T?7%nl)21(D z%k#elHl%AsU-e8VJJZ7GUR0S!$ZhJNYzeV9mhUd`S-%eA!3E774yw3l9oB1Y2|2+T zU-@5rTq3^!J0LPoMRf>PSNQQ&YSWrG&BO4=+Y}H?J?JGMA>sBh z@&E!S&=|V60voL^kLF;7;azcJ-g9d@2oB9El(NZQhHd)LPL(@Sy zZ;Cqdr=FHB7hzc!|ytfp?mGSrA!O&03DibUvOj9P8oba{6 zi%&FCTc_?)Xz>4&F)=!OwhP0C2v?{jHM6~~w-iHW0`qZo5y)U8m5kID+`$zkKQ8ER zuCA_2BADfXqj-yB79yeE>Yh8$avg9Fh(4b@(L)s`Q53`!6X@M`d!7;k$bm6ts35(- zx?0-vq`L%K6^Nd8>iQYhn-!K~xMx^ai#O3qH2K2T_0-ktnwxcNm6lQ+T8LKfhKqyT z!&g*X>|)sUI9V2EW(0rXDnl<^Vt__4>?W(Q%SaHzRzcX7(90lY`WUOL-%T##E|=O^ zS;W{yGpiA%wr5AU ziZK3UQwTTMuIo+IN|eISmKHHNx!C%F{qMYsh+=6XSHF+cvgc+Bc2mm}!qSgUsSt$7 ziDn$To|4#xw!h)btu&RVL3{ZdTfmiz5;nvi|88RVL{a_TcN~hqMSgI(oS*KmlR&bu z%drKB)#PvL0@dUnOYUzaLCqjmkd1@-`m8FAxuapxN~Es2uoXQ}hkN=bX388d(OdN};>)dMqbs zKFAuDA^la&Vn!U!1DgJvjOeQP7e=OBO#Zao+>3Z86bVcnCXrqN_dp>!A-}X+LgLXD zc*f~%BT`-NH@T>wG&3^l8yMUs#lC5sWGgkufEYQBsu0wBXd)v!+lmt80x2#pIGx1g z0bZf<=uzz9YvB%UHWGLMTVI7&m`DETr=vUynAacAVE#^jKXDXaeENex4hEP{P5}l0 z_2qWhB}umd9;>RUojBP`c<&|~hv+fy&UZZO(|H5u$KtMbAqXC-@eB@RSJ5Swz-qS6 zR46z6jPNE}w)r2~#>S=*nym3``OnXF2Z@{unA9XOlqhr5^P%!(y|ufpr{|p2tp+PB z-GI9>QBgr_Z=`&wqgoWkNpF;+*;Z8ap#4Eqg{pQvG6~~gX~<`I%{0J%=i9v-?`;Sw z-hChG?LJLbb5*=;;ryD&WSTSKq{K5`(Qh@JJ_w^1Ll0@zQsvFXt&KSAsV*E*&|w$4 z8~Kjf0T-Y3KR-`+e8Ao<&}@kuHd${+S1&UQ^Iyn9Jc^56FWadGfbQ(&)aZl?isi`@Np z$MbI#fxnyPTvlct2FYYGm|IfPy6vuVJ```+mT%woht(Z9a)ipy=HkWTs}pB&LM0{F zkX}Iwa(2%a*Wj}`cr!s-PL7n6)YYq3x6;xkef+|vHfmx zR#uRFY)#+P(#r60&R@5%vOpFv*aII1DHpu$L<$KVyt%@u*u=`G$k_Dk*|o8PCi%s} z9XEo`IXQ{)@DN{{@UeU1`a(&Q{Ga>Z4EP!G&rFSHJXF1Cw8W9?6DLIW?IUJqFH4oP)H7q8c0_6ko_xf0OrS_* zDUf`;4v`%*0BDg9kL?Bs!D~J~KYva}MuuUjBTpt{9N(Us2Oq=m0cWZ0`i^5e2GCGp z2pR*#>7^&%6e*q6v#{V%5AE#i^panP5vdR1Q(QAWn(YEI*|I@b<69{9=a)-rELYir-{->Y5MCYF|$ z5rc2Zg5^0oIY}Q_4Z^*1=GLsEw0bCRS`Y9TP8O{6#EBD9wy+!Sy?U@5Ew4n6Q^HS^by#8H$_g#cU_?uuLS9a4meCT zr`7_a{qW&c0yvBmz6aZWEPKsPa}}?hB%=Q+}Bcph|6JF*=5|q&xt$CKj6Jocm+(u)*+;L>G3uT zcJ>me^j0Rq5iDzpPjuwgG|!DA-HZ|6T?NBY*72-6O$u$cxgJx*kS10UysqtcmDBZa z-@3JX_wGdBASFR&Y{~CGet1DpM+A`QehsIfvOy1kSUoc5DNEGPH!mP!7$@UOS>Iaz zNO%8ZRQAvF)(PIsUO!=7rBMY|L;9Q;AD8qjSER4PEz@32%*?d=zz`s#{7f$k%U(}= z?#mfRT@n7(*;Iwcb(Z|*sFkK*bhzJ&ii+mu=4NJ`uJlmR_Jth#Y&!?m9I5sj6D6-+ zEh2CV@f77_+->(3*AR?d9z9A{R0@L*;2yNEb-kZQT?}Oi{1msAm-nVeH?Zv6MJ3<` zxBe}z6cP1tnYwF;PNdUq2{_t0b%f-P2s{OsD_4jE9ZP@KaM@{@BaQmtZFz7ts9#OOIRU}d|^4-78&QX zUn(+wo&NguH@v$^c6&fEKQ0QTLO@`&q7!`P3M@)UzN2oh(>3V2*Fj4Ht9#)>);POp zTCP0+hyWjl*K^<|W+KpQpgMo-hWzt(c_ag04Y4E3q*#xOUT&#B43G(uO4ytuoiAtg z;0!kU`Sa)T4!>gCw*7uwpfm_usV>N2UKj?^PrUDPq3hZMt~+SxXf=9TI5CKR3DZB$ zWq(Cn0qyx|Qc?n5=z$kZEzHebEczx=w&J3v-T3bKCW*%yZCzdC0|V8xTj=OeZ!%3w zUc7zV_3hhodTRXBUbdi={QMTos%9A&8W_wkEMPu#Gr3>$O%vZ5jhyy~@bDKeU%EG2H)nwg+<`c!I4F@*k;Dli&`a&YB40 zWfoU^-ub(Q>Ffbmt5f-=>l^sKCBW!uh+?m)$ZxOlwOPeEFmKdjEn+go=7H1)9l zFOA{_ z)9IddgM`DO5FO<)I1U3m_2PniarckCdcj za4;q%bI0)%;=v?!_*Z%ZMfg@nh_@TBQgF{A?$o%ruekgRtRp%G#|GxLZSgC4mNExzpLhQQWse}8YRPsCVbs*Zc%{VV`j{k!Ao&EKIT z@{Pk{!41YsBCtjDE&IIt<{Z(FZEWz?Szz(hn<${@?{J>ok_!q>rnWY7cI~FZ%1FZd z$bcE(Td-LLd0fY8Lua(*evIKTWQYM)^e8g(@|uBY@D2-vo%NpsN}dcr9lJi$AcY4B zA>cF1NTIR4tE>2fnu5YY%M=MYxsQEQ2$CT3c%nu<6bn|LpAk{USs!w~bbY*(3ONS0 zUmfp{Q+78$B#07s61fr<@cj;1Y3XD1#MdIFccOnlIK;bLh*b)&jUv8MfuB+Tq=m)P zfPhUiUlUfxtf9Ysp2sU>FXfbC^coH-CdMYeUCP0IC|#ZZo|F?A8rs|4ZSEGIn8;-t z(_qEI#6(R_3Q-b6X8Ym9A&)&eHiol>%t@TH3r#l2fT#hXdHak$=?yMn;o#kM@YX&V z;zfasH2%mRnjtb8QD5rR<5yHP2U#QiOL#al3LJtD*6|+iK^ZV7liDO{B}RBa(}ZV} zmYe$tqdU8I_n(s`*7W!9RnztHMo0n1d%(#^dDa%?4yIG8THQLG8!CZ=c6po1p?;0tdi~wT+*yju@69E}K&Pe-&~4 zPfgZw9AX77Y>8eV9*uCM)d3DNIM{^g8f?<+;DFO)F$JL|j83?X1&VlpIyh_97voEU4mO>HOWC+ z8=re&4~uB3Jv}k%sSUdZbVM!m4cXL&pXaIvb`^lC#DT`S$doNm18ZityW(tCmS@8I zO9tipD}_S|pwHk*J9v;du}2d-+S~iPa}?oZGN^~El)$5N6x7YJFFHG29*>bYCkDhYVIdDcGw;C@{pe^qECa?Lo-fct;yhr5F)4HP z{we&PsHE+UnsA zjvL)Jb7Op50^Ey3hie4nbZkT^qjBi6w4(g{ty{MI)D}i+%3PnLkXX{XI%wumzu=`( z&{Uv;sZ?>zcP`h79=`cok#kI=CUEN%?cR1(EX|X=s7k7;hG2!>!!H*Ki5X`6B0El2J7u>7( zaQt$-*dX`y&w-Qd2UJ?E7SUkPbcuv4l4u@mnzL0@rl)P(ga=9M| zbgh1$dJ0t(*_T8licXDjZP!=z@HZbWEQGRn5SI(9ctFP|bE+H~@^K*$%r7nNgS{>> z@$_7Cq?x@~E}k8oM-{JW#fQbd zQ)8XK$i70KUc!~bDzfsfRtOI&DkbjviqwivNQ_hRqzMQ@qR~C<6|@KoAO$gFa=EX9 zR{32jnG1gOnqy|h2}hK{;J^(>xG^oFPAWw|M7@Q20#i)w$71pHojdRE-iA)masE7D zRPQuk>?Mtc&*c9B1vgr`NJOSkzB%Ie`%{vW0nFFxPghh7u;WJHWcPYgc#oZdja9 + diff --git a/docs/versioned_docs/version-2.17/_media/concept-managed.svg b/docs/versioned_docs/version-2.17/_media/concept-managed.svg new file mode 100644 index 000000000..5645a608f --- /dev/null +++ b/docs/versioned_docs/version-2.17/_media/concept-managed.svg @@ -0,0 +1,591 @@ + + diff --git a/docs/versioned_docs/version-2.17/_media/constellation_oneline.svg b/docs/versioned_docs/version-2.17/_media/constellation_oneline.svg new file mode 100644 index 000000000..4e354958a --- /dev/null +++ b/docs/versioned_docs/version-2.17/_media/constellation_oneline.svg @@ -0,0 +1,52 @@ + + + + + + + + diff --git a/docs/versioned_docs/version-2.17/_media/example-emojivoto.jpg b/docs/versioned_docs/version-2.17/_media/example-emojivoto.jpg new file mode 100644 index 0000000000000000000000000000000000000000..4be0d5b26dc70a6fb99a5105c234e6d7ab51a213 GIT binary patch literal 141236 zcmcG12Ut_d_x2>fK1QP$00aC>f*%HW zkCbIXK0n;^E!-pJQ0Vz~Zo+%?!u^9)@C&?H=>N_A*hhpoY;vvv>;f!IOw3G+SeTia zSy@@w*m*hF7cXXC$+MJ;S6~%JP+-;S)mWj;BG|Q?)~#MGx?{tpEnB6eq%b0~iZa_2 zHcLuvLmEM`va+%-W?#XpRc)Gu!IHFqu^lI0`w9T!xGe79>BnUE`l6I zn7VMG&wRQEMzqGcscXW1j_Y9AWj*U-DPEn?jaUtXUdd&~) zPvcqw$AxBOWME`Q#)U%L!Vkj|#zkwkGV$!xVm@_o>Dp~qSa_AZ9wxqGT_<^Pi0|~J za<*kcQlHlkBSWK)?4J$n>Tiwg+rYk$s~)g3prG&=mH<3>xmSI!Zrm*I#uDEL^*7qI z{d!g%;{+lMHIyR`O+!SgyR^X&eirpaT<`8yJ^{IdK~2JQ06j>>9#5lAq|AZrhBmeiWLti^wPNZ>wIgad=9V($Ib!8c>G}M9Qa~dem0^u&!AxiS>nZL z&eYD!29(}&bHF)m4lGrrV$&0-<6pazushttkegPUM{zC)CB9x9Lo7QnPY(Z?sS4j2 zA3ZzKLf!8mz?*fQVa8x-`=p>Fq$d3YQZpygshx$r#vDd^orCmxd)HyDKCDE)lZJnz z{UjAT9Zem7zA*SGSajWwMR^ZSXEMy3K$<1OW>x;wtjM7sn&s6RKg&FkDpEWk!!@OJ z8Bggo{WhjG$H@y+sA4(c{#8%z%;+p>pIpsF{o#!$q%QWY#T&MjTI0u0&BopunYp)^ z#+{`>bEuyKE#@>{;_KzGBV{KnA>UtT)NgRs4j`WYqLAHs4YnY85b0A39O@0s(9IqK zF)kH9BuV3I)>5t7aA)QaBrCXA$dWgK|7nfV5!Z*j^=UE0Lj6fvMh@-z`FQ(F+U6ML zl~&4Iq9UUnGYH;4c(5kMVQuvwY`g7T(j2%l2f8?pDy2ECnFH(glc`*DfN*}@@VelY zw82B=G}R~N%6!#MSS@8<@Q06Xb6TsOgo-#fF{ROiV!Y&&^NBFpW%tjsr=gztd+Y1z z-a2_DkuOf-E_qOzQ*F9t-v!^*ijlrv?>3oBoPDC)tgokdU}%dFY3I6l@ryL+MI!ghRDaSl2pATGDsV!Iwy29Y-0gVDeZzxp8%(Pd zL3|ktv9Q8q4lvAt533TztX^YAr0V8C?i?6n3di%vCXxrn6)|lNzPws`uCH(KY7rKF z{h0JdCb*8Tjl3#u{7NAE&~d(9y4ubRT1OTI)E5EwdiD4z?+PJB&Wgfmow}6JxTyja3AL_cRZhDTY=uVO zPwE^1BC?;@QGGaHRh7!k2?|<~6put)16N@dZYpj|n034*d;Z8&wEEHVknFl8ukSu! zW~@;dyS7)^@I!>_^)r#<{x;4>lzDXu$$NOUl);Z5dl#sKYaCmq2j;-^l9=a~Kk`pY zpPeS`d;@>Q0rJ={Su~$F1*%cm?s*;^Ti{XLo`xY;s{1k`0!xoQ^6u%H%w%b(QUs$Q z$#X-mlzBB#-#$kw2kPIbXJ#JZtR7N$sGht2@BaIM>!5$uP`|GSMH>_DW##R&%-&E)y!q>0Gc&U+;^AYkjp3dl|d%bPJR>wuc&Qegc@0Awc zb+SD7n|?_tqb0SES5i&WxIE%jcMoJpdZ%*w>K#uWuqWSi;qD0v*c)=Hlx&uZkyz>L zS`kiDn9)f%i(6Js-NEets4mjXWh{PFtwmdbCa_UlLofYV^-_(!yKP@CarX2t2-xej zS#@Ud&B>CTreF33X9U}Q!#)15lE~U`I z?z2x-_YE7j&w99uINBM?y-lmX;5M*!#oZgNv~*0s@Y~B(@6CRcBXVzlGx|qaR+&N+ z@_gR8U<*Sc!;-z-)Wsi;i$=v2ZS4y8%Q{rf);Q$xRdlgDsnm544V1s5f&T&;Jcek{ z=p^$E2{iQxqcLXAcOyNCXnY{^P|Ss6JvgO1cltlZ`n){M?h(Kl`qr-B4U}7}uRGhO zS(tlMdnKb_{==)UORJ8U_hWB~uGxL@My}A(yAGcCHJW=(ojxtfuHUjviQVTOF}ipE z3I0U(^EIV<7@G@QR9Fgn8sH#T^dhTtk|w+o>0BQvw6@dEub9~DsGWC^r#N-(`j!TeU2_qSoY4}>Ne>6`Av~%6jpoeWq97ko z6q^!;J#|}%>%zrZJ3gCg*)OiA`19C)5MvMh5BJRO_^4_C!% zKgUxR>l15iA(puxNg$K+$`Yc7BzB&K=4-rSOlz}jZe2pKG{0e!| zT(?)(=1kg8;|s^3*=KmT(g9ZGWX!Q!fZf~iV9oO3jU8V&m{`KspAIrl@@hnR;>)7U zU8DMAHlC~RxP0DGMs`AO*|4D7-6PLUv8s&ry)-HEkoQ^Q*fQvOa(ZdoKlAFmoV}w# z32Y~xE2C&Z?D_FEj7ZcU!T}sFrpnQ$3!qY0+k;%}%Zg}~G z@~t$+9?z9W?=fr!uS9Yx=0MGUIlVh37EvqeR~Wld^R}+$XkkmvnIRlA6$Kecjh*mPQ9gyl=srltl`xbeGL(^qF>Xm6vb?+xm$ zXotGe#X^P@OWxMp5Z7-@-sY!#rswc#t|6*ecmh-Wjsq545sAG@PQwTFl-xw)iV&eI z6#s}I=buAYQFwfGA;fSRgTCQ1^bL!Zd7lTWDDol^2I_NcHq82=il{&OP+FIC0 z+hj!x`k$y_m7w8IyPLvhvy zlxZlmoZB!Q(V7En1f!m#az zVK|J(s^-8fRfD!RV~^-GO@vbGe9&X$fdN%aU^&etVGay_Ar8aP?N8m{btW#Q_TiqW zQVvMa`0m}A19+V|Fgc8$a>IW<+LbdpPK1J9ItOk&{pg0vxlOad9FCwyFaL87aS}Jv zS6^Z}XKBnZC8+$0dVf{l*@)gLa_6b>blc7r6G2*}uFO~1R7whW z69w?Y@P7OUN9=mT?t}N~l9mbdTS%R{% zZw`DSPBUnWo7?TBsW{@NFf>x-XBZ1Erw!tvA16aU9_FO>4gLQd6aMdaR7cPc#AA=d zYtWR^$m399$JQNDc4~u~V~l7Hoa$(5c|iT?5hQ81T!*pgnXkHX^!fA8c*@GS`Mw=; z&AaDhFeK6i{Zqwlz;gh^9aGrF8q%6}#HU!sGT3X%CSJZG_4TLGJTtp#9e?3iQ&Snz4*H9W(*MlV%1h5ARIx0$}L{MlG& zH8(##UhnC;S5}+SM$I?16}%`^moETIb33DD7)g>JGaPy%R+Zm~O|UCE7%k#pxid-4 zOXZ{5t0ky2XJi0pWHrN7dhW{+ku+=l_)fOk$~7}8k^{MU+=c{NYPrHLk{9@uKPTUHq z7z|fi;Zc+#c6G|?^Iijv_=@`NZ*J#quK0vGMUok$)Hv$d9nY=~@*V6nHE1)`UhVyC z=@p-&J8+U8#7)i`Rca=6UfgY>b;V~Cb@R^ zx++X#cJ*tEmAR}qs^6e$fANBlTKjI4kO=l_9@#R}^h4}%t3w`AHrrw~>WY2cZDEvp zk55HCE~nqm+uZYnzhM8nSO;&ZAg7pXBA~U)v?Tc0wF57*o|6xxU%Vi=VM+8Eo(;^t zop-M_OzVW)O*p3GE_yc2e0|IN?$@7Z<4)`uOzf_nTrB6467l5Cnx2j4-wZXp+a6O? zU1An`aP8{@dw>k%Bv!lK=5x%<@$>pQp`F{0jugEy@;dDvX>~)(+musdDdCX{8ozm+ zt2mb5CEGVDW*v@hwBb; zn#qY%M5d@S{?cvtE%HuYYvguVm3*`r<869tz{2=?UXuFAhB1NOGZ|<19K3p|WxA&0 z)N#R53z486gAu-O;Y7Ula|sGt^FlbGoq#4T#RZXbv(SFteh=p{#5EjZ$ag!{7L89} zgha`H9y3h&a8Qsys?p z)@jDbvpMq~5%Nx2pE1C9d_S&KXY)j&q@cQ}Y^>D5`|HGoo^BTr2&i;lOYjO0zjsAt zk(}E`@6^|gVw-#4q#x<8*V8x~ztMWltyxt3o{h#Uimi1w9^f3ZS#>KhY`12N9O^*0 z+qw1OSTQ;C#Roz^y`N}xG;d_!=4W2FuJ<@XK;pLU=C$GBH)gYKlZoy*Y$8hC{CZ=I=n){=wMd*-JDA5l6(%dzoG4qEepQ(s zgduzULdbre5<^~!dx|jp{=q{rY+Iiwub0tz44te#^dw$>6)}X93$0I)FQ1o!ZA@Xu6D~u+`!j-P7=dSiSn%tYaN1In^xwr0!>Qi~` z%pU#b-CEv71m+yRJ0=n5W&{nARFaA`0(Q1%M_!J?KHrNic@DoyaWVtqZLx<4Fk-jnJ#{FbHEMzB-Bbx&>lP}1XW+T`VjAxHQmY)>T> zdghH3^>~H*oiQYVp8Zyr?27UVcS|;0U)`aa|G7soN3J>hdgIYD?v>5g4QuK%+w3gr zj}7ee(%aL^_BNB`qE)zV_F>vscbUSmn``6NuQ-&RV{GN5DDzHMZBQ!yQn3za>gXC@ zVB(=ba#-zvIsWmf#;fUrb;$>=5)`hxP6iYnnTaiUq|vEoeEC!Fp67hB#5V!eSFhLa zJXTX*^(b_`eTSROmsegPxeY#7D4`q2;)+*p+}0FJ8cy$(&S#Yh5p2;KHCk*Jmm_-w z`-la5m&d+Sz%+i{veJp>4*tjMf>!didhLqcP>7x66W9FsSuMWGP}9wAi6JIeapSBo z%heH^)D&-{+fl}=*WUFx62D!oE%o+O7Pm8)Z6}AUv z$7aL^v}KJXq{gOPN-}4u<5!XCjF-CJbT8pRj^BuS^jd1dGO*7~#Vi8%(v@%-`)5!f;KitkR6=TQP%CeZYFMK z7P(Aw#Y3mnp?d`#LdVN%v{zX~trzK}JP3HcU;DgwiUYgf(NDLde5=-J`9UA9vj*?M zcbQjBiqe+6vT1Y0OV`s8&!%aFqtbH)z9ys#EWFEG^v*K^KNf^OHE8SUC^sjm>kQ7e+>1DzQ2x zl~aLZl{7|}i>YMKj|z7i=h}U|ZYY|1H4Ny_0dohVV2^B;9^+oe-ic}1E&=iNBXc6kALM{1A1pK0b3?~y5M*A{&e zBD4Sad0NE5i&a~ntlE8LiPGaP5Ur(rP+e?|1#kZC)$LyD<7>&vTUI@Oe4vU!@gjsx zVCEH>m~u(f=+sp%2eT~&mTYf$Zn&!eftWp_=oR88Q#YS-*UYduEguvFBiJ}fiulGa z-J2g(^fz12BuN>rO%Z)Uhu8D_&GL>M){J?0*cu!xSJr;Lv88(=Ju2dOvvSAlJe~}< zPQg!ZhG(a(UfLvGPi$*5m<-VEL!5V_d-U}?dj zkMZToQt{7%&6`54o)8NU4$?C4FmIZ5tdiKa0ZyLv$a6qx`|<445bqwl=3e!K8N<8z zQM~uVvv!p)OLY>1ap?N!`K)O^-}BD~l$GLiz&mnis^&?F8;x-mW(@c9YUw{2e)z+D z{d*$p$E4Wzd*+by_z_+hvOg_D=JN^KmoXGJJ*W$Cvi`wcJHh|Suw>7gp|Gg%dsP8- zb9HlH(9hI&?K03jsG*|1PZ_R+!BwmcUP<&3#{&hW_{OL^XZk3{;3CZT;{2zkI@BWNc*!mz1!u6v6PqC2M$p65dPO zT3Tc;n`D0@IDUSZ@L6K2=8l==cniI`;dDR`aK%n0^Uo95AK3v@w^d{X&+;*o`fY9D;v^;Ab^Z1?pfw z&;(d;8e9hFfElm`;_$Bpd}0L-!uLwQsE@1|u7)))!k`OJU2JG9sp(^0A@Ys=4Kww&CQ0xRm?^JaxK2sw+sV7W*k2E z{QgXc3;@@408;b5KRfLYK$(Lq ztcw=0@^UQZ;Qc>ebFbmb>7rXqb_^)EX!v#IQ~)YI?ArHrQ>d6si2N`Xsmx)&p;~wT#|Sy9hv|tPrYO z0N_SJ*`o>9xk>6<02USlPEoL)P$5AGU{PB<0r1w^B*deJS`Th{qC|lb@IDC$jJW`; zXSog-eXvk6fal7RrKbr1tU>E>N2_B`+a@#%`%@N0R5YnsNB8q8;`q5U$p@R z60GHupqQcRaI*^Cx~k4p^sZG}Uk3r?-@JImRW){2T7UW~eny~^E>H&opqjH1guGd< z6fzha4F^kzx&I~sSdDF2L^NdBg#|N$+Tk{-oDO+~fCZ0wKBG4(Dao$H-#4H1+e8*E z)~fh$SwIFVHQkJ%xjr2`5%vSG0KbID-MVACXMdXp(0neS$gEXCS}+v|7i%-h2d;lp zEKUOY5ad>d*nh#TZ$#Ff)NxS!5P)be5L$v(2Ry-IBJTgqNa#R`K=LUFZUc|LYZl-@lD@cqWhBS%g0V&Sq9mWNY_VzB+0^72hoZ_1D(Z8UIQmV8bQ&c@bf^KVmd_L%x zJF#Hr8on|qPf!zM^{^(`b=S`P?+Pkd|LilBr?t}Lu}rq5gTagZaL%myqI%0Bf)5q{O+f_$*(lTbfi1Ml5HNk>lL z(|vGh!5#o=n_1jnc1nO~uxiHfJyeg|Z_b{Xd;q z!n=dTB<|J8I$iih8*6Zv28r@9{V#9lVBriVDy3)AQ8K76?s)%m$Ck2oT8(ennGyYj zxRc<D=&=Yguu}pTt+4IuBXb>!jFc(qg`A!kUvN(qjocb1p^Z#|HWTJ~O5kp6H zGco&XrURC`fC)RJew_T+YNle1glP*Y&V%)r9ka|!FE{Do#SCjlKcT;5OK;DCwtlU1 zNA#P)o&kJV{dD7pUv!ae8Trve7<1600W7N!ff38s>}mtrc5)+djRt5VHEC@Ffuu`Q zpMKHAMGcQRu=~rimjNzi37ZSZk3KmB(R9j^xp2d8XuhtsJ*Lj&P7<6c>zd@he%YQ~ z;ACQL=U|_xnBkm_OYN{dp`rEc7fl1GZs#E!upsjUDhW;mlmKL4-;Y8inZ;$x|Ah^F zA&a_rywbUpNHxGURy0hu)=rJ-Vh-t*Qas`Ox`1k;O--vUb9dG7i1uIFkXF-L;orJ_ z+(h7mxgsw27yUxC?J?9g`g8}GpC|#Lr`Ga`FlbiC!ubP#Nl_WSH zE3oF*(D*xkAv4J>Bq1-rO;SVPi*B4KArv%DA@Gm*b#i2wuzLC1;r_SIWPQb&*7Pq9 z^#cv}6bxjKQg4RVYB;(C|p6jJmp6nxy=JzC+H=B)jOpQ## zkzlkhHZfIHAepP5UZM^zL9i#eFt7ybYvE+VlM#k~jY#w=M8X1*4sO6yRNR_+z+m-H z>%(2}8%A8asLQw{kSy5FHp+NRZ)#%_&fb{-zvJRs(>bD}ktEtrFU_&p?OYlaB*eH@ zUq`eU#W!%rb|J_B`);BG?nLP9XIXFiuz9Bt>072?KQx~If0QrL14k^Hn-vh&TRm)s z5wJHP0Wuk)f_l=W7yUkge{Z^QbZEAmn`I@VJ;*?(lkas&hmubs_dmH%yDG*i74Zjt z;5H*)sjK}DV^(+fLIz#>D|U0A!zBb(&I(^En;e1^u(4BS)D~PA?8aU{PL0Y&7h1_} zIDnsC3*`5KfCa=tF`_d*48q7CaDzY|Bp<@@*VMtOZNt``8l}B@6aKNiFyHfC;OgeD z3tKXqThE@CoPqhHpI^L+`2COvx%=iF4G$n8?r?;_iiJrQ3I*Dc4}+2MaD#~Cy`MJ# zpXwxE7;DigHO=ZEKh6E#0iNT}W+!vx(;8Okd6(KJFN&^&Wbi%g9IMAP09=f=x%W8#+T8%=?9lGdjC| zS$Pq(HfVHPzKZ~;>vh?ZzKZ}zt3YpSCG+W*ZJ^mw-!SYSS7_(D81wn$)r8NVnG+2cx+Yu_Ji>li87!Fm4u0AJUdz`LMJk&`Yz!9y|rTF)`l79(wupv6#Ad5gGq=)W@5lSBp++GwW0FBh< z^HcwT>|gW

    7WMUN)A!Dz13)FebQ&t#s<6zabm0Q8^k5Q|R8&{3(_XAh z_^!dxz4|yvA2!I{7hE5@VF?h5dc3*G{6!sgL2>4*M~LDn^w_gB#rVS@(|K4Pd|k_x zO~#4fUB3)fOm`2XDj>uj;`bOZa1$Y@D1!uebLJ{~%f?BJIJhmXN>c<{c#B?T0@Iv( zKm4R#@=r68rx75dL=mJ&AgBw8Q85z_!Wvd9?KXbo=XHvLtr1L6@unpGssJ3nG!~^o zx#`AHY{%8|s^TTWfa%7iPrJFc7KMvzIO1mn)ZM=BIBqEtfmjGMxyBb#qS6sQOpf~W zBU&j{a2)C0su)&bwudP@;=IcA*0^}92RX6enW4Y9w*DL!VFC z1yxOunYPjRJ|)(KI;snsY07ge`d~C1y358PCGfhwT*kt@CGzLUyhS!R2F%uTvD~;+ z42qUH=#6U_E5J4O--%>>!pb#))4y4&*dh>BcjR(vDQ;nF)#$3fS8|e5RSPid^7oV+ zP_QdFJIlT!AKOZUot#$LVwDu-0Of^Nd(5&}VQMj49WZe~&JcDv-gUT2t}?0|i@=Rm zjYYM27PK!W>&yxzs9jeFq4Ui!1)nsk^m_P5PF)M7EzV!yjk?mUBNh!~nUa@CE-p3Z zByW&6R(NaE%tix>n$E}b+(>&sSZdy%NP`l{>@P#aVvrRt$@d%Fsxe5Wl=Wr|)A(WE zn4?>(V!O3_A=-sa2cf|!@J2Swd5o15zemulcPgKGxQ&BD`$CB#f`-?KL6Qt!u@)E` zmTz*!c#GXG)S^{7ORi&n(@m2A^D*qt;r{^TBIc&TP(;M+L73_(3=B$}$HOrS&OKrW z-{i{XxyI&96M$2nTt?2T5cv#;-U;%h0o9dpAP~6Vf0>)W!Cv)nNEM(TlLo{CyMYCP zytNU=qm2TWhkuq>kgJ0APwP;s^%r7Y^0%)L66CddH^)A)a{@A=Iqlo#FjD)<4c&I+ z{$WWeaC{jKam1uk5bX?3-Bd9}H%fLKdPcA|Q=#7dJv_=R0w;)DmXA*)@mxtmW-R^V zp(p^#=WmT=^^Q|e3<|8*?-8I%uP(j+0B>mQz)A(Rv$C#_NCi}4J{5JUh>!vvHhegh zGLV{OrvuKC6-M)~Y@ z;$%y^Q%d#fIuujJo-ptpVh|>cx%2b5ia-bmIp3Rjg(xT(ZSeV{QAnEsYLpaL9@;i4R%Ad#RlEQg%Ibsb@VJ$mNgHU`81 zI8QOG-BzL*#&?I$qy)U}J26!EEwY_ZoLl9Hfzthh>y`z8Ag|i<;t54;T3ro#FH-%K z3LO!guN-1tHPRG})pcKaPoN=9UF37POQcZH1kF}Ka?$6$C9D8p5Dp)-TET*E&XHh#=Ed@xKYbTPkFascO&2Ihm1r^1~>Ei z5uN5#)y?B1yE7?Jf->D=Ga%Ytpy9&~PwOxKQtQ_&R{9^IGdB7@Bd?)cAYd8|%*QXG zK@Z|=IW-8zB)qSTP8kB}97nWZDw^uvC4vhAsy=9O#4_S}P1W-#5VK~p<&{>DXer3_ zVo-D)Q^&`Mfg-U*zqTWQqLgh1FZ+VlXQ8uuIrWw>5mh%TTGwhL<`6Rm)pBui#p>&_ zmHqK36_>EJ9>2`AT&~MTvBx1eu%JO_S@f5x>e=Jz`^66B6%FT?pILSb0bp7J9RNo( z*u6IDJ2uc5k4`-!hTsltto%o#T&{}nbqE5=hHOtUtMaTcs~8*Gej~0b2Ak{g3QJ%q zO!eX*LJV-Nf4?!ySSpoU$rXfY0~%}gh{-mE6uaKHlhy-`va4JBc!tSoNK|vrw=t0l zG-;bpThp5P+-)YB_3VFI|8wp8@ihwFI+I0|`S$P;b;^3+bX*eA+m^$5+%w^afI3l;(Xzz&9ZiC(_ z78YV$58fec6`=#%cL15_zF%mts`5kOaj3E5fw}gKHH8KoxBX?~XNqsl@$VAxG*e2n zXw0?JLN*VQ@5M@4+M#S3yD9ujH7x3@s_LMEwV;x`?DP183OZzI$4Q(;++*+SR8CYoL+GRr!k0n&smpb<1FP*Da+}GGyur$aw$`y@bH&W+e?*sXU zJnh)uf{Kgzy#~O^X5%9WLIf)qg%pczr-Hp>1*3pr;NXUBeSv3ndi8?J7#S_%`d&l7`MF=mbmg_|gx7;+~#ZY12G19$52CzBKVle=7Q`{v@%vt(0 zb1>9A3QQKs=4&9o!~X!vca=q=P-b;vEDjj6n7YhYpP5_`l`BMMQUM%cPy5PYuw(MBPq8~FbKa6k=|@YDrxZ+Ca7Rl+6~ zeHPyl2sP6JgBF{6s0M{;LOuTg-PA7?8yhdI=31$@aqha(kaQj1m-(0>rUOf_gXLI=*`jCq5#NJ@OobTPwP*9w-LH6U@~QQi@wobg@Ur~))3 zqQ99-0WBaCjtt6`CgR`1I98<^BNTqpw)I$&datC>7%J^}#8p79fjzn6DHN(jFN`G0 zIKs#ds%3#@2rr`l05P%v8C&67mNv8$H;*wYj;T3!S1L%alNrp5MphaB08uF$HB2nn zBjJff<|XDe)lG_)8*u{ar;ie^NUJe4Y8qFc{#2zq%4$Z?yTA*nuvbGJv`Lgy|)^^?TE`cESo&Ny1=KUxf*e3BeH6o_m zTfqgVD=U)xuJ3Tf7imW8ntPT)*r>%Nfthy|FSXN`IHOXOaR@BNarcR}X}FZSrnw`O z?aZih+x$d(PEk<#?iM$SBKx(D<^b7)ey99}N}{Y`>~kFuszM9mpIMvyN;f{gvj$cG zR}^hPm}_fnY*y5#97YBG6zXbg+F4Adij)%-Togg5{^#TW0F^34iHUCKHeyz)A;S~| zJ!2%W*_lhJO}T=ry7sY-Nt#CCOcV>JhqR6=V$+3Zo4Z^nD`Ei1a!yjlIIxwD;{Rh&EX`$AP13L86C{1W)C zia?ID&aVX!ojGwSD}FUm3T`ZS(XV(-U?UT}e=wyyMS@;8;s)NO$$LxnC1)m$deKAI z<~R}?z(w6;L$79G%+wWiXbXR6GV4K7?_B=?OO#s6MKV}F--&$_Mr@j)+8<~H)!7t0 zX7Oqs$ zrtS2EASSSmEt?;gP|Zm}z!ZS%5Pi`=6;5ui)bj)&7MGh}k?clC8HFm|y=oSEr8uXf z?@(iLDxif@;7>@jfe3InWB~-IpDJ3eBE~Yswa*o|S%Op*5oLA#_l+qa=BWcX?*}s& zscm4|*BA2|$wH{-gn7QD0R>vw?)ZX;E=JnDXA-cXO4@OI`%3_WV8_Q#tfm#LQL6mI zgdWK+h$0lrFT4V`31NHV{mPOKXebvo_lahl*})Jo{^mC3ZxcC*L*h_sc4}F~q~Em5 zy72{SRg1sJ{{SiOk1_N{6TW43Kru@bak?Tdf%%$XuP`g2+fZdusSlA$Ae)q@fYN~5 z*o+0AsLWazD8m=`K$KTdiTR1+}-Wime zrES9Aj^+geuBf^Wuf$RyGA+Yv=4%k8+Pi(V7&3cvZ2+I#!^SQ<}KBQiaF||>jP?;-G9oA3#ekN!d2BrGPeW- z*eqaPh{3NY(FEhV1bKm9VCq*H?ij3!SE`P@>O5LwAQ4lGmI?v~yr^9hoPu)zS|z%~ zI}(Yf5M6!dOXgBPP_;Xg(Hnm29s)n$L!;q59|?c(PZz>?eh};UPY1$yJ`5|@!g#(D zy!cNa!H-mUJ|95vd>^EL$e;2j{04YF49UUh!T$h-h;i{}{FnKeKV|-AZ`psD{{SWa zVy&=R{{SL3Y9Xs-{{ZTGe)Bl=PeJ%)d$Ce8i1oNA5)UM0m}b0sdW}b$R%huU)|xaA%cg z{I~gnf4YB3pVNPt{{TIo(`7sR^ZV@n`!U^rGQFS7{`)fj06hNtKeof3exL6t+5FG% zvcLDw@3Z>s{`)_^&+D`L>_`3c`fUE2{LDIGRqy(DP@9Y9UL$Ck)J)3y7;oz>W?bqf z^&Yl*Lp6(~ad5X~x5*pWMXyy0fD+2Dz!I;6Js2%ebZP@$-Ta8kK^un~6x}S03IGQ} zmFqh~Pb0Ng%rWFmc6$P*avTmm)pIieofjIdoI)jWP@dm{Te@Isj(rh8YzNS`6%F4O zj!WXNB|{chlUUnN`+`&q7Zv9Bj;2hm1OUEIS2w*-gqd?qVQI6xacr3RMTd6m$(426I8vO z0eFk$32qd3PW^A%VFCbFnbkUhCfUA2yjiCu)OH}|LtNe6ok}3E@fziR9dbl~xJH3J z_WuB=&^SYwySr?q>OA7m2M)b&Qn3M}A~+HIM1q4_6a#?Ep7$RP(~>9`*Xsl|j@5hzaz*Ol1RJ;txzvpgb2x(X3gi5^_iucFRFw`W;1E^u2yea%nFmnM=T&GEZ z{XdZCORIebp~=kBR$ze+&?uD%s2zP36A>`_MljrBzKpn)HmO%CKSL>0>M_1z+4e8T z`1p^QtCjbJ2+nKiRVs5Ip^3M0u3_RbrPQtFItfrCAEzBndO;mWI*e!8KR@GsVC9yU zcJluK5iNUNtkelm4jDj9r88)d%2$a)4rW-W(3mo@xn3nRN$8Z{Q%p=biI=aY2U8M< ziB&2j{?C8Ys`AW?bC;b=?9Z55Z)HypqnJ3Gf2gFjL_E}ebsM~DZs1&PH@Ju_NZK3b zWvJTHb_dcUjrvOI@WepV?t&`krEySCUy>jc4^5iDH3o{<(hYn<7Vk&!NnU)yU$orQ zzwHn?RXVV`2|Z(kB~8>}C~Lex;{ZB0Lg)cnCB49vP0^ejw{GcP)$$-vLFImAQAq86 zVz)fyZ@P_@)0gtD7zEwW`S+6O!~4Y4{{U1q7=k?-{7Mhp!P@+m;+kKi2H*w+f$AO` zm*|-ALYzTDnSlwE8`dD)So0p?xH*7a?16Hz^n$6!iKpqmpj67Mm6#AQDpqBD%9R5! zE+jI<;q(+vC0t^@rAn+uFqw&%l~ST+VH!$_9H-hpAK_Y@9ZQ`<82UJx^ELEyFX_k9 z=YK~})}`|}kJ9ax%-mX=Vq!AA<37v&B=13^xuK&&L@`{7c+i+%U|dh4_~Aly@qw+)i;X zIp2wO^kpuIhrgpQaPxtHbEtNHXOd+v9%filQo?lCth`GlX_L5DrIxXwar#`JJVw=B zva$59X^rkwsY@u#?3G4!+{>AIfUbI*Y7K(CLn8T>yh|}ERIi~vg2;2!d+SJU=)J?L ze3pF0T&J&inTgCulkDH&b)$*+`eqoZsrZD)(4TLjPsh^ZFEYydE?l_5r^nOMaTvGh zG)E3%#E0O1f5MlB0zy(NiSiEH^UzY7xYx5ul1Ljl?A$q+4!8V2Z);H z6ma5UBSywzqAF_<%)I{q5!@n%vlM(qC1PHwWuAUv!sWc7LSeWb+m;;r%o)#_!wGRI z<_3rkvlF~RJ&=T<4%pS$hP}_r^tZhjCPW7NmEu&aYv{m*xs^w!(UIH%^snn2K+F;1 zrX^g#)WZ`D^na+vBF+7u->@(+Et`W};NyXK|lye}gd`^Ej?1;8C~|na9wdY5PY}_WCSdE?!@! zNpj`W(K-F0oW-f@FLLXc^)6|Kq?Ve0~G?} z^a7<_=jgN`l_)rrbrUcnVX0RtB}&JhAKR$Uiadue=1! zdP>H(74a#@&{|eEjd3VKt@j&E8DpPwy~7Uvlez{|ih$ky50o*DxvB4RubAM98yOYnUuS2hLn8DT^~`Oh^1Q%m3;{2#d^)5T^K%`yu&^xow^W6-1e}FcAO%q2ba# zJ(VtIi^X|Wz5!GJ8Y|Wyj;c@`Na{bm|+a+@#b$I0tRIcVCNF=3~@53 zwXDq|RASstt{a0kUl?60RLeJCz9uQlL%B{{XNmedT8p;q>NvM$)~dQ~{NI zMB*f-;z~jy<$VO7v-|#`g)#SzV2H&JabJkB47rzBS%bUq#oRuTu*52WZZ4cXOLc5j zm{xJ-I2IL(Oykx(#hw|ZbitfmLY>Vr!Etb^W(dvCTFRyGxV*s|C2N=$m`AR1nV4X! zJDj23Wb^eFRMRUea{~5Ej8i-{67i{F>paP0nTgUxPQB%BrW}Ofk`CHlp^dN7P&4z0 zjg6irmuE#WV8UIxAOm!Q#~EG+#7fN!12^#iqEpJ_776I6iteEM%|md<5Th_mcm11w zkzjWyL%NAx^DjuA(yGW5bvn!}cQCnMGPCAWUzm{FnOK@im8g=XO}-#;snIWW<#2M$ z>&e33(N;JO%NjN`9b@-xf-c1L_nO3PquM%tbL8-VFO3ZTtaqB7? zmcJ1!l~5&kkEF)qg~X`J0x>4u-{17_K5}g0Ggyl|i&HtcGUg?7<}1?WW;QX@N74vk zs6S`bm~xfmf@Ke+r%#!aA|j`nxv;BDeXc!6(4g(aC17Y3zG_vTa9bB;_FsWuG9OjU z7-GOCBR~rEg&n>VMNAX2Eb5+N>PNm6gn=<^p}t_fyTD@* zNMTxZ5GL*rZU*Qe_D!Ao%DyKFRSc5VxkurllHyO+d`Q z5s6H-z$^-CSF{O%P@ECgCoy2;;q;hKfZO2AN{3j{>xOW?wRwqL8*(|A{{VUD<(?}j zImzi4A-dzTWrYr7eRrraS zR7&v>4NnYAd5Dv7Bg;Q)_x(p&lZn1PrsfmX6Eg!)CuB68eGSy&wH!pYIWr9RQ0@#7 zQByJBaK_?&OjWqcn&tMnpeutAZAI3$zUGgx$~~o`g`J1Y2P^fKlJMuwY48$Q zDpoZExl@VeGh|Yw{xx#`d|oSV^#Ux{7rgV}k9JF({_?f{khZw{#ief;g~Sb{{R?>ISz&=1Nq?;6%wdbY7w7yRfBZ`JpNKbIP0ld`>r%W;{{RuhSc?~*r&+Yjp165IwhZgJ zQjX$Z(LT`!>3GiNW;8!cnTN;s{XUUz)>at2O)%USIF2R~Zp7v#l8TNPn_@$PTXh2$ zWw$U(C&)J(A`gn8{nMN-rPVM%3b2jZ!qy>n0*CE>@G(rv3LM75L9;wcvIKgH{{Rz~ zJk&?Tpk@^F4fiU{#DUx~`@*A)!zMK}?s5gfh8q=8FVR_b#l8p>9Nf)WHXXqgVua}T`P zIh8*<@cxipK^~CIp$0Fkt>Y52DxE-w)K5r|*$g2wSUcc5SLA` zHKV_@=lp?vL3mm|mmH_?6$DCN21<1MIT>hSZ6U&gMkr;|TYe3nVxi8X@1J7)e}HA{ zDqbQq#p-C!((=mrmBYs2Swwdu=4EM2{{TQ*z@C!VH;m4DxDQAR3@Y3wn}yuJm>A3i z4Pl3rC)M*2+@(y|vH1Rf!T0|F#0z{zd=nkRY$2>qx6-;H9HYbNHDl*3ST)=f33Mm< zm~DM){6m66oT8zW9YZlIiOfthM4|SJT*T+8+HZL0+*6niBO&uzEJrYz`&&KT1ch61iTq?6dWd~+% z<3!%(sl|HY5J5VZY-*~Zw0`g}dg?URVAKmdz_(Qqxbn^Y0IBFo#-d_rP{(rlR1BC< zV+YZ*f`}5t*11J;Km(h;Z_dU!uL?Es*(`cvM2 zQ^WdF=fp7<=W?#1c!~seAbYdLbBpa57M!X+^3W6%t`%{85H8CV^9==B$1?9GfLr&K zfD3Q7)OFNfyL99h(9K!9VaWE#2L`>|#2m^u40a=$zOGg!kwrZNzi1vAfj98i)Tg~i zOp28zFM_c=RPq4nq)@g7<>; z_{1e7ftSQh+jV?Y0M>&9A@~B*X^0kRfJ9vyv1Fj&W0-{G1X7)dD*#gnJsh8z_r-pf z@%|0ov$=HCXo_%LtC@c>IBsemyg_!ve5j5Q2ESr|Fk_Bpe)lf$_^A6wLE@FO_=t@C<-30Js<=|1)V83tym$M35T1VUuW)%l zA($TJdx?35u6k8}Kj8bn;us;gA3$e_PT`-R+ZHrFi7+yTfaP8YIhBdkJP3LPmnQ8g zOEqiKQUh>($6>;ys^RLR?3Z@(-DHJvP)LluF2FskgX(b_~M3+8ERx#0R|5m)d2*VYo9e%q{Bzw=9KLvjW`nG{Vhy3!|Eg z5e~_Ad}vwFLSoXj&$hHrC&d=Wp$z~S0|%#5SRO=lphXcJpx$pW5s0GQ?~W!i=oVqqr&JBa<)^{UuyJXS5MDm^Aeg{$OO45eQ?LH9sTp{*l#2 zyvno0W4JIt#qYo%D+aT#1OazlfOn1umNGD+hmstZFWz(i0AQ#LEwSg)D#~B`6Iq!g%v5ojZ@0qs-1}k^2!rMMP5O z-TWQKr+91wn=mSibC=L_4R3E8Z6MmRA; z!3Ozlpq$GdW3~R3{sEV)X2})g`gs^(5F=!`@E%w}To+P$uzL}b1CYK}U(D@{)dSNm zm3#9rA3EV>tHfQ{tQ@k$$WQ}Z3o@pf!&idEo1>+06!gBTFKB&G3-bX<>ekI+N3>Oo-b0op*)S(& zX!dYE{WE#)iZX;@A(!l9*A3hhQEhy2oQB}{VG9G16K9{IVK`j4v2RhV#xCNp+-L26 z{{W|S%$SZKCg#|_&}MNy$S&csQxy`C&lLtINZ7a;htUr)*ClRe$LiW>JhJd3Gz(mA zc}q=+u5x~7375RsK|oLk?Ko0BD2VoR3`kY6c_xuv0k$|Q0tehM$-S=t?eId1+PP01JQAP)bp@G~!L)s) zsT(0o-QtqlPw4=TE&ISUE8W{i+6w`*X>pC~vyuxjT$6YL17)rAxR?pq*yHeilAYEbf^_AQqO<4^G7CexlroPy4%6NeFqNN;0rP+7_vlIS*?zB#9shw1= z4M3__1JqaxTb-uGbM}FPqcm3qKb}0WC@t`4IwChSgNdpiGS#rC)j6)J6Tas z%9Ovc6FUOaM{n^gLzle&00)Um(9BMNJplgexoj19eC^R{ukiHB!y`aiH^JMS4>EvD zO*U^y9pgnD8ev})tL17@e3@@WM-KpjTQotVcU*0U2_RUg22MlP;)d(vXq`1z;%nwB ze*XXw{sER!FK-cII-9YH!|-IY<2iYIw>y^(Q#L&+J4}O!n_t8iWnKs$4F?ufDy-SL zYfZt+s#{R6IK0X`^D(d1ksT(aN^EM(^4xv_b z6f^ErTqN38!(>76fUDrM=Ajt{s>JZaxcCrMQR+ppbsR2OF)Hl+@9=%^@eIMJe(=tI zgK^@Z_?AVKO~L~Mb$2g(7V#a_>J4EDpr8zvtGi$XKcJx^;=q~5JCsPxHsV!N%}mO^ z2~3ppF$N2|%nTYpr07tzusO&^T#W#$wz@HcpFGRP0Ik)ci?q^xjtQyRGA4{EFqfI3 zmsdA6%(yA`{{H}{7DZ2)VAT=$OAK3l&NGfF`Q%DFn!|_kAtOl!k~klIY`GFwKZe=O`Jy%y76~VJ8W8@>YR;M7$_x=5HhUR zH__n&fZ-PY7w;=+Y1sGL0!v5JPcx3A7NTcEC~6O~4{&h0E-Q+L@e-ff2$?C0yi6Vt zK=p@+>}|TJ1s)2VnYaQq4+6P+e8EtaiKk5Ej6npY=9o}u0n#{=p`PFfP1uzJ{6RwBM9&c1!lCp8An`RW z*uMV&;r%9))s`XokGfC=t@W?EN=wD4;r{?lkzsH{LSzpkm`=DEy>A`y#zD%o;J%0w} zvzJBacpy3tnW&b%>O0W#G7e{^&qLplIJ6_?% zanUXSs_ga@HuOhKvnT>(!&t4k*KjB&NUattQn79;Jj&GWdIfHeR~;IT+DxHX7fY)+ zH5>*3eGUgV&qClGjl3W9R> zK-w)|i-AxEGpL}*_?8%>xoe#8kYXj#iH%{O97}ppY7xf6ajGcuP;v&spu%45_5msd zYj1tovT6`6A6EuIKM4Tu;0BRvoTt1YWh<H=5_({G02a}wDyT$? z;g}KG$mJ3%lF%g?0Ovp$zqH?0SaID-rxhG`YuK&LCrl3UG(a<5{X53no?m!)N2{9D zck%uI08rF@7sR^ULN_issMz_A?j;hbl)S#snnv~eORWxGQp^Wcu~sicxGRB^PIlJ zxIu=B_Iv!nCpIe>iRKl`Vgtl?Q;Ue%qH;$bNq9~m;yDuNy+KGLcRxWhmQ&RqAt3+8U<}6gh@i1}t~~03roVYOfpixmidO*s0IFQIMqS+tTI2 zk`9vK0Zg|B5_hb6b5r4ihgUW3OoE_}n}zo;GoIjPApjB78pLWX%(Y)fGcSl27gD0a zYd?qdnvo?lQ9Q?N0P8S#u!Ia5SH47kB6>yO;_mPFeWQ;g1jSY}De)Awvh|Lmk%`c{ z?7zbb0B>WDnx7~RL%j9V6~V`mwcOWlm!wf9v_{(gNnsQ?+j|NMZ@wd4&PXEzOTxXN1G2Fnn66BBL-tee zEY;q0{_$vobkB)DQfXa@^*OiiJGGPc~MS*dmdv-^^% zL*Rf-VW060@ZF0J-UG{sbga6Kyu4oCXomnkAdOQ9`&Z}u8T$VK#4vX`PbhNEzVMky zqQ#Y8hyyP5G|wel;S@g<=oD)C$-4p9BVhBv8mh!sKt%2mnG{2_Eie>zLg;2^=gms7 zv8HcO8!bv36q~C8w(x~OH*Q&98<+B37TjM&Bg%QUP-7JM=&>G`+E%v6j-}AIV!RY? zT93=s8|im#nzpHjPSG+%ECDKb(8J1Bn1s=G%y7K40Bp^c3_Dl4Pm6*4BH>uWd7fBJ z*x|WM$e4WtKV$d(M;O#%%y14bm+#IZYpsD2W`WqLv^ zZxEk@Gm2MFCAgG2{fDIPSYt6dVr-;T+bAL*6CyclQBMf?0KCJ+%?f!ij+Knl)63EZ zu$2Yt?06x-FcOTrI*E6)(kf`Uol_Lz{KSraBD<>~D}d#ChrvAq)Bvm}QrH0IWlvWs zq)33++4Be5qrpMcVq_dt1P!{tY&$UmvjmSEv)+4aE&hQ^Xo2 zH5tFd`d!4Bp(kqf9FaMf5)2Q(;pPq8$N{sn*9VwDQDE7-&V85SqT2&>wDIz<+Bve} z&D8=Pw*=|~0;#QWp=L@5-h3bK3C=BajfQH@VR~sQ#`$vrk-~B-Yv3g~R!djl2PwW7 zYzoL2D4o&WrIcK?ouk=lmag{6lal+*0!{{+CgU8I7?HxoV-hrO*k84x%YBaV;q@OTsT@f)#<1YQhDXx`t89NvT`_ zoGR9^7^FazL3q;7&1r+rRCF{H7K9hBVIFnSs>y1r&IQH2%)YIc+cRV=7H9`JL=4M0 zl+kB%fYWT+V1|{f0NB$U*!0iSmiiUGl9Y>hhHv@-ue81@VYzcJ&@J>C5LYiZ4wE3#|K_q6EZUPmjmSPQnZE3S~T^{p$C>D z23X6eRKrKjVld%s#kZFAxrneDj01%R;hw^3B|TG!4M5_cj10YJaJvU`gA{G?1_|>!7c6 zcTIqyMuf>niryp8^oi(!d2Pm7R}KX>*wVD=jJk;+s_+8zj_X$uvjk~2>`|}0U@4+4 zzH!U4u3fO^90fad^R?}o#kiDK5HF}|K1966(Ct6Hf54H64g5oib258;0&U@-fq|ln z@e~#+GnAc-YMeWPZFNp_D8`&eLnS_NiFChcR>4cf64WVXDDJwBh9|jz7pzW@@lj+h zs#*$alpi%wab;)icX1XsoYUeP6C8~DsTLU|yt$=i(9?kZlQdmS>(OiNFm#}2*aB5p zo+tr`AcdklPqBV~!S^r3Dse8gF;HW$_>Q8gW35I8lRm5YCh7*F>C+VKx34fB&EN}* zLaL{8YXNTrqBEG$K3QpO%0 z-jGBdp#ZMqk%gc;6u}$t88~+hr3MD!C0ks%hk>l53kyMZ*y5CeV{Fp&%7Mu^tzd2z zbOB@#i;&hUA;m+ZJ7W(Ds-OgDyNw4ah_e|1%z{$xsEG(cTqu?ero&k7k#PdY77O5K zw05%-zoFcejQv4h(G&JRf7Eff?mCu=FEh<9mxqGmSdzf`na?P)*hLC$pfV;tx9AQ;@ z6C6+qvV{X+q5`}C5mhU=p#iATYl70mHo8jE5KNavTX}P+cDa$~lj05U5}HLK)y?lb z`)&+%MgH=L5`z8@Sy-Uc5U*=k1@AZ3#FDHQ1znNBMl+Q%gdvN2P;Z*wu`q+?P~D`l zL0TKFvk`0o2EbhoS*uRt06H3~mK6ngD7CnNuOV4b0b{qT7jCaj1CGxjH_hguo-`5x zKrkKXhq2-HzXbkWGjC29*gSO#N16tTB!P|i9F?3agrqLIrmq5i%)B9LOCo`%nr~?9yCW5CP{Qb#QdtRuXYiynv?eHSYz0mhg<)WnLSKCq3PxFaRq`t9Nv8A^ae` zj0Q5(tG42kjABIKnGuN@HpcT;Q$d5EaF-_Ya4Tf}obQT3IN68M1YfR!_h z0#;c9`f~*|z+ec(J7=JPtI2FTHqDaSl(~zT9TLdVHGT(TJ07E8wBAj<=WqB*Adi{` zm-FGt0`}-{9Ip=>Au8Y$DnWA^#phP(IAfyb{>|<3LYjU->GJ}Ih6@r}v5}EVwc5)| zv}y&&Ic3y9rG4f5O#=a<2(&QYJ;69!rTCOi$f<(Z){Oz$#F)36dU#)e;#oA*O>(^- zcZg&_%Uze-GV^fu*wjZ+mU4fO2H|EMPC>6)Wj7BLP-FFn-9AdjEDxxD)uMreexNwrG8H(*?*TbeZpryuZR5x()!Bb;nOGR3% z9ubY`Dn&GKr=u&cFsx}rXTLz3?e~~jb-%T|5rq+8BqbipL2q<{Qn406<&st24g?7U zgBwkjnax|zgaxUybY0!WP>Q$&0=|Q+RSy^;#9M9AbD&TIw{*8KE)JB83NWiSRpzMO zDee0#yB)LDLm6bvZq?1Z!S0cV{zHx6zzurAY+8Av=E~s4B3cE|?*0!W1~HZ;5LvcU zLaSx}00~&dHT{o>?LWbceQqR7%o5X38L_XWjW~8eEN=eb0hT=m_@6vpi5I_PU@aVp z6LuPnRb`dM^RF-HCwxbfFS^$e0zdw+k_GCq>QnEn2YqPMAjAc+{civ4DH6U^cj zIw?fC72UXnqg8%b?JaYds0=eysk;WH3YuGi<16T{qNAy2S%d8o**1XCPh@Aify*m) z@xV=-95KDQ zMG8iacN5^^p@qZul|junIwZBY7K)bJ-hS(pyC~IqGgg@Enc$UEyN*QyT)Dg>oN-LN z>RWP~m6$Cs)Tv6;3T1mjt|s9Nj-aDXSz%_bAZ3YPpYZ;YxVc^~SDC1o%y$?dAq;#7 zL|Ar--fxpB!b1niY5=GdIOV&^vLZ?vu!3o^mnRI+6-5*%q6*;OSkV6fRYt1GDRo=2 z^%u%mlp5J?lx!_;Q6UOyO)Tlo0S9y&oL)to4pBr=(da>NcR$53a5q>#PPvy$!ZS*vyc-0P)t^zau(F4spdP4h{;GK zqm9ZOZJHJtkEI|=c$EaEvGfj5#^r7@P7LcS9TOwWY{h0dH}rc-{(r&uugBAK1Xfqk zV&V(Aj9`mHJg%dl8_lb;=y_d<3$=o*j%vEMU)_dA*6=MYj9FZ^D+~t8jol_06mFgi zfdZ`5i;h-6Py8 zG{<_3%in`u@#p2?@Xg{*bY8-nSvZkg?3$xHlYQP<01l2}}Cw^heDa?L2-__Ke=9Q8qlA z_$bUO^%^FCH8k-Xt|5V$#JR)MaygDs?YI$V?*VRL`Y|wh#43=poys9V+Fy;?I5Rd& zuQHAEE%t`|!E`0$mK{NbFq(dzNqU>Kvhys1?|vWBJwf-4;O1_BF>S=li>UNKCSKSXzi}7zfl0v33fZTp>gj9tvzxvpz|&)h9FiwmItl#8*#2DhF{zM0}++C&JMZdAkm#3c)J0L4>Gv^jPyZX4aNUV}l(dVfPV=$R}m5Muk1*3Q~n0oi&bE zuH{=(L=98H!N%(lbx411m081c9;JlrjiK?E7NYvcR=p{(j|V8*(M z?G;Kfu&BNuJtLM5Bc!me4d3}p^!*9uL_rJjN+->f}lg}W3$wNbI`+jCb zd7l_MJi-sb$M1r`s0M_b1mCPa+dU}n_N6V(7c0rc0G=U3gAi}T_lj&_{V%38@wO2w z7-VpKcqNk|P|ch^KatR!7%&7i)Vg==HKg>Ed4Qo}^DDxFCV7q;-hN`#AWp&v{o$?N z=7TxL=k`Y2{|7_D4g#Lb3fUHONKztR07q6>X_ zg^fT++YHL~mw-85raEOeNKt*XzATBD4pE_v`fcV55(TrWQR`-0Wtn|gfo4r1=TYwk zMXM9Gg~@xXnfWjWLo+CVy32+Ksb(QpLgcWaS=$Z8n#xrk3pbTpgE0pa*aW4M3aznP zXvr?%DG~_1mTc`=t18R-AVtuDb-FFvrO7G?EMqNETgGEJcUxuonVW9_?BF|P{DRO{ zc4$?%s}}4hR4FzZD`2*{P)RFv4W|0R%sF=mY9w4xPG5(x9m7Si&L;J%0T3<9F69kE zN{B5g>1$bW7~bD!5p-O;JC^pyZHC)09t=Y~yejv9Gg~dyJ-@=>4nnt|b{gUdgqUYI z8NzQ}N-*nb4RU9A`%L7{2D#--DT6pu-Fhb)GOHdb@o~=dD*}NZoOtYnpMRMWr&Zd8VyTRt#Y$d4yVTtvIaE>s$xpW zO7Zk}iLN52)KUC@&-gz70QinEHrL`&1J32*U3&F5G>34_N45tGTk2WtOD_##_se{L}h zT^37Io8J5QmYyaZ&yIaoUH})I9zd~=5O^b;<>)H=5M&A#7PPwpvzXR^5Pzm|E0e@GcS}7aaV)jvdxD<@YEWT4;+~-pmENGI zP{~?mkyoro)A*A8v(dHUV-6fo!j^A#g$3okt zMe-b;dYIwFsFfA#6N6+9F(SBfl^rQPqlk$pYuT~(e$n0so@Ig!Hk&#s?oET zeo-3Mb%BMqwL)tMD?>xNX31pE=}O_gJveAwsLLKJ7^^c%s?6-ZVHiqMhnb#oG!5a2 z9@tevnB8!QYXP~_w$!zdt*Y?lK%jjMsDzZt;)br1_~^&EWBvO*LP7J zjd$6wr06j%?J$D~({0j<$F_EYFd^XtVM2wuble%F+$7^yyEf+zLgQ35x%gXyfXcy* zzkuBr_lTjV7vO^e6qLTqvuVyZ>asa_42G_+i)XS+AnxmY1P#Y*f3|!=0Rj~A7t6q) zhq54p0zath`~={{W&`?51+iIgA}SQFfpfHFf8=?FDS3RFxHlPjf#o zn4|?t{f}4HV8VqM9_{B^D{+%jro3@ftXD_04?^D$jMc^k)#wB)4p(yn;8@Jra_t>J zqbf6FjML00V%`JZX1HU9E!HFJ z^nhf!gPcSUCvkYhx!uAouXF@7DQbEU63a!ylyAD#K+Dqtw$w6>64Wk;>`H0`tJWn) zGhECK!Gw8LiS1B9^Do*VWZzMGJhOSAAUkU(0~)w00SFScd?UhGkP5(fcCp8gPaRA* zhB_c0NISxmUL|W4_9c#(@b`y6IHkf$kK4EzA3ir1vThJ-{X2P>@$?U8;M(OT1kQjz z_=XM%i^K{`))`^A z+X@ols2G)SDkAYbr8|Y!aB!NqVIbK8rC^3pm{T)OVTR^wef}TPam_*bm4+2}9-sxQ zDwqkYqb&22zjQ5gZECx>mhc>6JtC(8tL!=TW74=XJqr}`VGttwU<~>blY))0n%}{) z$}-r2vYgAS=!FkEkQ8+467JRt656m8XPn9zhSvqb<;agYCPG%#fUq{43RWv5w7l%5 zDpiQ>_?mrX!N!wR5TGx0zYG`@dKvAbLhjpNP4N9L3@)%vpqA5A*&Hz5XZWZ_Ef}C-(lF#TeDc{{Us)lZGe*V5)m> z=ec0dJH3-LaXb?CYL5|w*)8rb#nbN;9t-ejg|C2P?7{3aQ;_9Hi>RO@beovvVU}P@ z+qISU{?QmKVBL20FHjEz&C=JIHp@djn8}Z6rBq5o60d1U>Ubq(${$!y*!}+iPU>ae z8JoBdh#8um8Hd(8`WM@Cg1|8k8jNtiPJMAGZ1GtNU z0QHB&LEHe-5|=Ona;O&%<(01NP=-?G)$+JJLWNpzBL4u?bzlSXSCVqQsvco0so&e$ z$uT;&yc3i?$C40L7E?%@Al&i{CIK8%E}xYqHUYQF;EY>KjrrkzVDc!p9sd9{@2=qr z;i3NTZ!ixr12V*#{s@KUA=1qmf}wvfK-rNE)pG){qsdGB!7Z@@bi^RMWP$_DrX>KS zZQ>qXn=hElouI|dN`sh7h+IJK1k*&&g`7@h;x4f;pOg51Nk*avyhrs^o4^)9P((4td@!B^WxxzW6?3P2B8-X(_ znp@uU2Ow`^t~M%xP6s@o6q7LAqhZwt#{|sMQ$Z11!*@|!z!X+0C|g9R9#0+;(rCf7 zHZhkgk1!2N1uK=wS()V}k+dK|-lwQC^#|mR+H&$7vz2B6mC8Glayj8~p$rnGwaH!F zC$v`2+YC4$Xq1Bj04#h$D++)#LZGUZDehhw{ik2x3=*@{a73fhRJxi*U_*z}VRP(} z9HgcnI5456A2F70^&e3cf&x4Slyea@1-hwFVq+nq20oV-KSe4jxc%bPcNk)e7sdSl z0E6#;iB)@R37 z!{p{Id7QiIV6u^-FUbcw&R$pj%gW5Puh3`l5ua8Z#1LM!JocdmxC<|*L`Y<6C77B* zP#B3-P=vcsikV8Osrw(l>CKZgM#V&4V@X4Bs_HevnNgRRc7>aQ$PHr~mMgn=I}?=1 z&Wt-+}2FJNYST5P03bHv|%Y7zYVsW@#+;VXV5Dlz6K3=r>=!5WADPw9OCL1K^ zy7h-l4v3QZ{6~dD*wz?vw?nhuV9@!?=ugLpW%uVuu?h+6S0 z*&GHL^q3mkBpX9cNRJ+kBbl*ZfluNgU}~0E!T$hNE-L4Jvi8nuvnXB^vlO>_j0iMA z&5#VL23R)tIJO>=n)*7Q)j-Vr{{X}KP7&0&!UYnUFBsd~FMYvuP$9?9uZ-c;74&U2Y;xUyFwZnqsszB;UB8IlVuCQ!gs`Cy*Mwyu6=4&=tQO-QWxy8I z`ZgTH1#{*%0RV%gc@xX833$pCO;2xxgm9_4vqfGX0AN}#2tXTK7{+ZBTB ztB|EAw=aoc`k_c3ES6Pvtz$KRp>-APVxfcsm{=;Y%l+aA#u;^;{6i5V2?mCtQxM8{ zflNZ4AvoS;&&>YQukc<2=%tk1LHo*&Jwbk9+!Q`0WIqG*8o|)_%NGjQIfMq5Za-Fr z#!j6p!f za{3U;ZTSeO1D@Yl*C&ZVXHuGqt4T<@LjzDTuciU05aX|+$A2H+^zNo>xRaRE#$!ga zFG5p_K7+(?xPj@4VAzm_;lUWbJam5ZpoW9lMl7@tC8s6-*#-kigkZKHhJb zab&S{Es^}Los#*;XTY5Yq|ITaR>5#WX4A|Ap&G|0I!A90Uz z&=}-eTHrlk5ZfvgMak2NUu822(RVv7k=FAI_kzzi2DIjELS8S-8G;>7J?E@&Yw6$b z@cxq;VXiBy&2QWIi1*9N%^bZML8J|ZBTjX*otu&b z#!RN%hr3wuWU~1%p)8ooRf9Ryq_&tB`C^{MX@WH}hOijz@#|afwMaHlPhxYT2(#<18C! zYSt04Wvb)GYzo$_X0>FU3S)@P0j1ZC^|il-6;lK>>>%LKFAp%IAhAo?YP8$8co))> z>cLd;Ld6)lbGDr}JN~kEs<~!jaXG&@e2=8YgQ}W>1}YLOaKPde^py=xW7NNPe`(kF zD;IIg65gfCv$zz&jmkin3>9R+ddyAWyk{|pKXuCrjIK#-TsKeI##kua#~e!Z_mvPh zVEKy{E+X(ni*c_JvvT7M$%=JF{Z4|2DJvdK&8?dH1&o|T%oC# zP@z5_OTK4OX8zyb^#y335sPz|iA#%O2ds0buW)?Du4Wj4;F^@CSd1}j5k)T!;ekPQ za}3GZsE;bstAj&Ta`ZUI(NRc@v_-*2Sigd0VPagW(?kL4o?CnE<_zEhm53REFyw~k ziz}#}B6AJFTPofIYTzaeR7@FcxafPcD_EIX$3hBDqB!b2zE>P$5VMbHvyv*BW+mVm z9^=C-xl$_KcuF7y-3BOd{{V3eLy9a&wG6C)sg>~+!d84r5XN%l(`7d`18)mvJ(gg- zqELXj=AlA?j3$1y&BI61O0capGpTpa#P&<3qvBDFLWx$zMqilGAm*Xcz`fyvT2IUT zKcsaI>L3m6X;tnP>S7&soT+||HGXO^lyVleE(3Ho*<`XD@G}J!kpS78W?smsaZuRb zHQAfe4vUI~N&~{`xH9D2*z~nba57#u0$^LtKtSC(GCvadx&^ddZ5cI~D<2Ve;Mf2f zQisHD+379f=@Q(xZ-|#9 zThSUwk*tmKhbifzZs{r;_P``kELJ!`qf)La6IBlQkI}=_ShM<$zrbYr08Gy3eM0Ij zkly`M1u--fHvpAba}Kfl)?Qt10_N|ytHc~ZYE~g3+e+8F z<(8LW8VjySqiKbF%Xsu5peQ(o8A_feM^kO?5R>s05H?8!^uLh%OJYP)4;9PFmRpHT zvut_%=ZQjERceFQy=>u@d~6Z8F3-8lYv!4;IJWhyNl%zqA z%5#M;f!w7ZglQc9%%p)di_$_w8|jr$l;02+TtlKQDG7)38g^(kOP9JqfZE~)&W>e( z92VNbB(^Y8)+U(vZP^1^Eth5{w}`zNV&fZt^Do{E-=wGo%!4ewL-RG2hcB<;{UXeO zQAgoYBez3?(Sn$bR0B!b#hBYQcYq`%__tNe!9(MJSe?OxXvcZJopZ#f!P5!dfK?+gbVsKi2uyC>uW#*9t`_ba6QKnz37 z0)5p0mJB0A5>m-m5-uJmHN;tXix=FV&~^R}2xyfkp75B9in1s#>1Ism1JtkZOX{cq z0ty5W0>)5E6Q&}E`%ET)3zZm@)Y4r=xV0A%3}1-1{LCZ5Hj7bW#ms*)=W`YPEdKxp z-oFs~6PfpwcXXb9oI+GfB7Fg0NM0a0qAQKWoJ92jwgPcb8>ljdU5TwhnyQ?`P@G3M z7K}tpCf?uQ^y3pQBNKAks*6~QbI~q1H8NlCE;mx#wTg5BzTn&Vf$J8QUjfT2hxK2FM0E(#+s^It=?BY#07A?#QwenD<8x+U*U-Jx z4BugId31ef=coX>hzdVr*bb!(P*Lc|Uu+zAI9_FCgipgB&*ak^9Zu!wjt^&!rKD|# zsO|p%2s9Ub6ZU*XxoG(#vm_cNk#TboZ)ygjc2nq^ATP_!(>jdz>jjP zNK&QuPUV_br(mCni*rYz{o)dz4RZp(E*80|YFK%cxy56`zKwGR{M@l>Ez9N^Vp}q+ z#0|4hK!!6Fz})=5!}?F$jOP4Z;acSj_M9&a#{kgN$8HEE@0>4NRJDfwE-I}=q0+>< zxCQsr3l6kfuXcZO07VprADHNMoD?MUE)v*%FLkKTYRo012GvXxY<^h z-cgh!iaigE?1P=vc!_t zq#C2*8}=#+V=#~e)reKe9DGET?h%cVH_0lZ#e-|2Ezj*bKfql?Xp31V5h)pW#YD0q z9yp1IA4w_2#ZwFBH5VtG>*ay6>=MF-$-!*}YFtEB4o-6#2P|v|VoXD#Rm2)Ti*bC# z#9yAJ;x1y#jb3#Y@fN&A8;I-aEB@wx!S}z!$qm98xzsbMn#33|&RNEJjCTY@%;I%e zm?P_z>)sj7r%W}@X4sfB47!!^Drygyvh^3{FA}qhpRxP?o%Z@$Wz<`kWS4u6If#m50LG_C4>F?q2{aF14K;{K4r!G&!UD>745^SsAV(b*XQA z3xxA1QSaVZ>4bjiv98Dp`9q(f!~nyO5K)di+bSc%UQ>urn2n zZfI5!iR~{VX2ItXU|CA`5_vFZpDaWaA-)V(@*j9nA=m&zjHq>&%(X9?(B8gPsfY0b z!ibRI134S2s9GTo92s4T%NQj)lA7tl3xF-;#zVvelWiC*9qKil$h(`s`U~PWtUSIS zW6bms_1k%CGLOuKSl^@tfO<-jm+1uJ9VJ(P7ZS>qhB;b}{{R;g;xD{)<}ERPA$5Gq zXA^=bpKtIO)ZP6z12GYfvowOpX+gZjbZ1{XdF-&93en^t8fuEg)zJ(=R!dOq9Of2K zaL^i{f?|TbW+Ml3_rzgu+FD#(#unnsm+=_VD;{PEgXsht#r^*Pz$o^JH}5qJZXfCy zob@{Txw!TAhZ4E#>6EN@9FQ=Kd`ua%t6P>Fss$3OBEu}He9Vz_TbEq*04>o}e+HDXXp5|QRI^W12lt(8quWTlIur><@(c!5~E^ch7c)OL4Fj7%EW%JZExy)`_moD|h z>V8k*{U@}*n92;UI+4i2Uy2;XrLfWHDy)gvngx(xRu*#E#8gbBJ0-{{hrA^*g!LGh z23Q?Z-s!2HhzPVf)*wSR*>Me2R|u5!1~%iEbwMpqN()@r9`Vw_48#nG-3{a36gB~y zc7WkFW7ZWh`vXa=s^qIW<;$|yQ zeWsd=g!%(0+OG?$<{vL>j?0?$REE~>^x2B3fi-Oq*aj(unB2uy{jmb8VEyF`5n`p$ zh^2Z=Pta{Lip8mSEDu?FmoPwBAxT(QsnLotD%9ZMm#3dH0o{N$a0yYM;^vq+2WP;6Bw^G0HPfq#JvUe8lUy z%QILqfho`|M`CpxxdgzRp?ri%d~$$U=TIed6~P z{bkfznQkm$ZaV5L*&J{bwt6-D{{V)F>mPZjwagk|;to8_EE<-}mJB^*q)Ui+MGCfw zMaD^W@h&*@kKgIfw6B@XMu~>mej%lrmKxkydCXd44p_YP6cwtm2TBxvpGmWDW0+QA zQ(}5YIgaDJ7aXdih~`oguV$s~vE0A|vE_%8ikStPo;<|Q1<=Kj464gAfvkZ!1h=x) zcM=$)8;_)Y&`YULS(qi{i&0+qpj%bZ1{*y*a6|k3yP2gRH7-@BmoFD8;Zf@5e)`+b zUqosiQ1YI*c5mo7UZu#JD3soqlJ10~1oF8%SYQz>wP4usT(g+t99qW;Oy-w z*#ht8QF)7AV&gGY!?;V;X_e@612LOo=N+YfAqDCkMPx+;ze#7!qcJZ*Zb-OSZN?0V zP1}?dCU)~E3!)Hi6)vvh%A!+=O+v#^y+mtKyOyt^ddwhW;w`wJllXs2%^a>IXEUVk zU{=yV;a_+8jBHoRungq$X@v(=ARrpz2SE0f=z)6AObwX!semv7@ej@d?zJ6#B4fFS zDFSm{`GtzqOn(uvz0W9-{pF7n?)o~Ha|@W2xogzv3JihK&6(cT6fV`?w#QN7`3I7B7>!zQ+&++@_#pjyZ>|!B-B`5KmaJ5G#pBTPg4*x_C{836fv* zmETDl>GFfbqD~t5`v$DU5`a~mA%vNX${f_q#}S7D;Vq?8+)I_=ybNbTi*L-fs-w5e z4%Np~K9$@wE97T;H!Jzk`a^IihG}yZJtbb8$7H;>#0&I+IU>H$ZZ630mw$)!$x^NK zo(WrsJVy?*Jrf1<5d23CL_%l_1JYKSGl@&NRG7ZfoJ1g2$P4~qmW!x>s>Y@qM})0z zZ52h-Tt5-}&YSg$^kyhjW^Nt&{{W1`aO0_UF@9L-yhjX2i1?0XjOX;Ff|mt07v^9< zfz6q$@tO>D!Nj<+h0eZ()M2E0%(3#!Qz(wvi!t$G0W|}g_P@tMyf$`0&zR>L`i^15 z8kg77>1F0`m@MR%xIIq#dWL-5u#V;DQuRG!nR>m=V+=6kxq0o2j}S`Ked6=D*{~eH zXaouj0s4<5nZ{ywE1b+5CEW24_a){o8Ha$nnUkW7z);!k7L;PJk%F+K6ZdG z62=3VinS^i3P^|-pJ{eI`GH77Roo0lk!2smr*}80sKiHuiD41KO~)x*&70)^0HQFt zPfOli_t8%!utC8N{hwkn z(~7#dbS+_QUPLir2GbY$h+{Eym6eN%y=KynPf2C_YFT*vLA8P35gO(`CgDq~he%V* z2g&$s`$w^Pi@eKYxahjSF-JDV zjBzr)?mjgr4BNVkL{3Q648Wj)ME2BmX8c!tpo)%Y4Zx4veYYo z=_uWPDTqgkmlw~_U!jLd?8Y#kD7cr2kc*ZBvgP3QoXHver};%D9J@vlDK1#MW8p6hub{Mr;4_JT; zZ4<*z_+MyuFB&3Q1er}F9NOX&-3S3y2|O-3wT$7ohOR({;`vp_v}*V`fI3+)MHgf> zTwDlZ9}@ahA$-T1)W3-AsD0`R5VIBJ@9_Sljbb(H6A{gE5Z;)Y)M9#09w#xd+o^)i zDqGBTH_yDjkq26ZhVE-V#m4U}$~ni-`oz%_rN+cMjKw?7d0&6fU(sTWW!n|Sxbo%= zthui1BCu2mYKv0X;0b~%H$G8@k>m6`W;x<8?GYTK3@}hVDEW@27x&C0a^U{}Ihf~! z*(_IHw9FDGvUSw{+%s$)%~a%a4;xSpXu<){3#{{WVs@zef#f6q_&>Hh#70WufO=s)A9 z{B-{SmY?#|{#s)FwEqB>pYqfGT7Sz=_-X$D0YBg;{KWqNfSOQxAFidoE+Fm(;)_vZ z%y;4;=HgUUnM=eM%mv+x1(m&f>RVo#sKl{nG+d!nwDYa8RSpQYOJ+w=Rpwf|fh`*& z)Zje0B1B1e3&Z&jYKXfdDLh~0aooZqzz;8L%H^FfE+n(5<512Ck6BX(i1W+^H4Gtc zp!>{Ubh9#^kX>Tdsd>a)MWPLzO|U8` zKGNPG^#*@S!~X!vUStaqa-l(}x9R3t7UO8rS=hv)-Y$p(V2?JzT7%$BR2y7CUf9&y zww3^^ZY%Y(MpL+sF=cLub zl-P3pA9smPD&g(6e4BZMSj4^`#4yED@t8FY?iKS8D^(3{11PSURT>8|bu!+YnsGKf zuvPw{eC|+|A;E<@B4m~7!0|DQmm*OqzG98BJckE%o(ur$sxi;;gyIH})2Q?LPnwyA z?3$ByIDkX%0V#(!+AZ46cZR1h4_rzH$!ocgQ!?+)CGW^U=KM;mOcBPVF7p*)Rl#|K zY*7A^`0iZ(r-$^187l}=Pynjn2+dJ5kP@myX~HM|&`ePRmQf2WC|TU?WbCPR435M9 z0L047#E7Xj9a+P(>72@)aIBkxtl{6)+}t2Vs=5Q1gb=W*>7XX5PHAiZ02V4tZVz6yKz7aocvtIX`#|pl0Cb77{1h_$u3*vgM&&7sGx)T66m#MK0KhT;TDl_9 zsN4c<03}_}@95)16X7-h60Ybx{d9gPwu5Y^HB&xvr70-{u`rkP^$Skei!!!5VXyxH z3Do*+ajM31ACQEh_^EBX*ON?at@K|$md=2F~GjRR^|`OcJUC<`~LKRB3Tkn)GD@xn)pP!CRTx(cEF8g2(Ii?&bynP6Mk3`}wIBcsO2z6~ z3A@JYhTP5qS3#gx z0?Rg+YzqVdDTSJ=#IdzhS_FXW6hUsVR)Wwg#7nC5h#O!U>gg9#t&24PSTurOL-j;n zwBAd|MAophLR*;$*898X81YfzEuBGbED(Sw91f)fG+MJMO$%Do9yNO02sLm6ms7Sa zZ-w46m<5N|bV9I6U5-lJMyw6A(s4A>fu^-8xaT&DK((MYs1SfIjyMqkAdC%(e?iub za{8;KbhANf7N@3{N><=X@$~+?r~d#Pgekre-l>p;(S|OB(WBT_F=$a|)+02q5SGFN zM+mrK+<+!a(r9uyIU($!CoMn#ZDpaw&404xwkW+L?7Lnamw--={hQjz* z0h2Y1ez_w^U743$F&0KzyPIz3LvSId<`;P-fW&e_jjT(UxMbK*E@c4IXw`CY!dx4n@Pl0?H1vG^Ge*LgE9kG_t8*X!K2?XCYln&>bN| zvZM;s6~u9nB;^W^u;e+<>rWM6MA3*4X%VXWX(5BMmF2)4uDwyhfRTnVvKIhB%Ce2` zm4y^icb3aHaHBz0eMXABaQ!Jo?_w2trGf^`wqTV5;jJtHP%crz*&rK0s$D7HMt~@Y z*a0h;R*;Wp65!-%#(qM2#nCMGdTgYEi%l4o48$ImU9DB^_ZSm{cYu0r3*U?q(xaE> z3ud*d=f$Q|R4kV9he(P=1EY;Jh8!8rdVi>D~G1-ZE}|@nP?TXbzv_ct5)y;b`zVHiU6e` z88)z|*??OWGm`G|0+@_iT573YF&{BjLq8BZ0iy*`gXnf?F(Em~qJ?3ogry(0;-DyT zbXZjpQ5*@9!B=g(&+EEjp_XiGU=@*BwV$S&4ZC`+PrM*j2(YLqpleDObmL->n!q1o z+ZHr&O-~Sqqe*E(q{;9gxPgJ7?97Bs(V#fn1zOULe6xu#F0nwdyJ`C(0>q_uOCu-Y zRafpAWt+Ufa`bp^R9dnoR>~K>h*j#A2pcllf<8!1f*?RztJ=S=rQrpNLXR^BYB~6g zGqNSrb1&@#xUHH@<%nz666yo=@wPuO{qY+SmB6*o+$Kh_S5Ptx1&~1tDwF~Eg^%cb zB;oJ~E&l+xrMYH~R%1!557Bq!&s7tmSBMoTAX^(aW=3u^iQm%fxrA)p!FYl3I${my zFx+5s5}d-#$610K+%DFkshG0avI@OLPHqiqtdzzPpLn!EhlzIHpb`a6q2+L!4iYIC zRJsIw8a&i)L8}1m>z)%*5KQ@GwB zabTSkXcV;21p*X>c?RVG?Q)ibd4aBJB2#dcTLD;Ea)ZR>oyy0N=jdRZKBAFFfhi6s z8Wj&h>!B%afpAK?x?1i}yl&Nv05G!CEO>O3$OM4l3gAP;(jl)h_zi8@a!QE@-U1^V z019tFe!K5~Q5F$e9fFazJxvAG#MRIds<9W_hO&%@rC}*n7db`G)>628en%uYFJ*-^HT;P0-}@&MoUMT>18z`d! zw)PDNB9pfU08wH_-2`fsWNyYfA^-wv5qE(~{bRxREsax16}u2YCW>(7pQSb5IDBy} zfw`b^@GK><1sc~%c%&QyO@oE8mYaO@I_Q|gYP`QyAb)EG6ftT7kRa61u99F3*+?8R zQLvieneG?UP{jj+g;1qGL#Q9wBbngAq7aBJT?6A876Q#p+O?KUY>r~AKmjX@*1~5Q& z*eJB8D-h!fPF)^PMB;^6mHr^*)-u{Cr!-gsu9ow~zVh^4@e>s@$>9X=O+v~*{d%21 z>UfwDSO`SoG{g<#GL9wF87e)byS%|y)ly)5#nn}qL1PXCCjp};pC~-4;!~pLwIe|9Dzw%R-9*EBV0WFB^ zj1s_EcCGmukK2`PdWIi(Y%B`J=Id-5P?>2_s>CYT^Lj%tFIE=Q=mGN(7vq%C0O3Ku zv{Nn`gOWKRXP6~s9n6F?<~{ux=5_x7rT+l&*>(L(m!k!DnKWejST6tv{{YQ8fR(*K zRG|GBiz$9cBXamaw)@9@Jv12m#51}dHF)iD((j&=b>PwI7lxM-v=wbaq@g@Nk($x< zvdq=;(0>xHloyoSO{)hC5aUvs!!k0FbE&>%`^<`|StU$XW4vS_`lD%S=?6QwC`lflzE1}OQbYeUzy5F$@>0H5>X4wta1?q=6aVRxb+^p(f zh>i&BGh{H8UXUJViIFU+{jV?nQ%Dx39A;#4^o3C_S~AAXRl`R_zSt5{ZZJ?^0zLF)F6ljYGrylID+aJ^F0hQ%T}Nr#f-xy z;e@r^9H$Yx;x>qkB8lc~sYY+;Z*Z-}iC-}l;yB_}!>JQ7YAf8}j2FZXBV;qg%LKmm z#F>rpEOQLLT71i)0s7({=J27wrw~w^{F6Wg)TJQ3M6d(1C>3t5U@Q(L#}1%|E%7S{ z(3JwcBZy+jS(txT-=(cWBd+nt7J?U_{{S`54!&uP2Ewv){{ZH3oDurk79bl|kN*H~ z+kq%zQ@FgvuGU+{N}}Ad?7$4YZqhM8C}euPz@eJKP^et4DBM97;mkIt10Ev)o+HRg z?hbo`6>YGfjxtYJg}78HH84-86{)#ivX85{WuDM0iJd}Z%ShCgGU{0~5#ki}fM$~@ zcN6AgnT}&_V@<~l1+HSgA)9!ESgbezycfh;x+rYylx}Mf?$A`e+9wlltnM04Ap6Xu zM-*lZ7}8|a)JrEwX`j~e{Uz$h+H1^)o>LnUGiUjuisYK6uC zZ<+=%!E~!uvdBk!DstNiMz|aare)Z?Ee7pj4IgZ4k-cB zRRBQ&oscbUXc#Xjz%)3(s*!-s(LqxQ6=4Evw>w?{MZ+Unw3gG!GTK1BQEtwsEh;%> zoxk# z7)T=(aiSS^%lmj9V~O60f-;3o7dc$ZK zl>!UmTlhlTGXmumsQ79s<<~g+W-4aR<({(noMgF@%AQOK%uDSW4hdM);u&U9Pf1FO z>ew$*z2(;s8I(71SDAKSRWp$1YB*xV>KUBBZIw>yl7hCn%wb0~bt*T8n3UTXh4qsX z;{h|lH^CD!vAL)=Lkxe>+w_lX851|b_Lt}Kw6TFT_rJTtBDr?WNbkJ*lvSSjVQc*6{11LPyYZ393i>TY_?cbSfoJ* z_%MF+dstc&3Im3i0a*MoM7eX@@dawJR)5GSI+_2Ch>=MzDDUL_Z8&+AnN~JkUwKYctRDKDjTUayj20FmU*d#Y6NRlKKuSO||w%n?z0@tf0 ztHVSXKeU045NvxO#p_mZK%kxZHom|t1we;CD8I!_ZbcZjuE06 z*(vTFpa^9>)GsMkK!J4zoW`wG&YP4U5yHrkmp7@VWs2ewpegh|kR=(5q4POh%B_6` za;jZ<^p>!uC-ju}Dxzb|x2QBS%LO$OKSU6_L)HwI5O_>Xg~QS0ngjw$l`)(R!vdBH zO5A8?stCIL*%M{3aW2j!X^H0NnU^skxaxmP%k+;4etX#hgnT5)<56j|b+wqlqje=3!Z zewDNcZUSI66V-l*4JqMq%22dWEykVry#g!AZNi#Lx~T!A0-YAl0Juy!&RPJrfLi7M z0Pt^okSLv;s~1+q+5=NyX?0a$XrL{ii<{&;f~^7so2#r#A$UM-R;?RUs;a8Nny{9L zEsCo+0$~h#dAwGoATJwZ<~N!!XeU&6y+Qu~Z4|Cj738X^L@wykty1m?kkT`E4!AU@ zAYcFjisJ1a?2D;+=P|UvkN*G&2q2CT=4A&EMuwuMDl5qr0S17JU|t71Sya`6J|LaE z?~Y*ez=>Vu8!Jq!l%x{R9PNzY3?>x31bHB|+A6jqS+{*+Jwuf&1X4$P(Wyx^;2RIu zQ^@E+Z>dZDM(*HWCTp%dAgF%xXK0Us2dPh(3zMcEjSP zw^4mgV%?WGh&i!C&qQ`|3u{CNm^qiLs5h0)XZH{cW(CT*KuhWpy&1Vr5nMs8C0h)7 zPhw#k@rYBz%W{HHV8N~+r=}T1@TjhF*fPga9ZP9!97U*FUNIZHk8H*IEw3_%)+I4j zK_yvS#jlfEIp_Q4E$RTaD(tbi^iN%GRG@r_;ZvncIPP>9nG6?1x?tUEQ(Q&rVVjqA znMtNMKegrm0Loru)3=as31?YZA|r2ijkqOkh#`LKC@HQmLpmKGpzbA)FGgi-6`?aC}OxCEtmb1YdXx z>Qg-t68V+x1Y(hW<_DRhFeQAWn)}XR-Rl^d`h=4+Hx}25A=tc zET_z%N5m&6HOv-(8^fkh%TRjmVQ*5B;mart+T|Y*b(rbyIe=5YqVI|QW@pd-&;J16 K-*lqjT literal 0 HcmV?d00001 diff --git a/docs/versioned_docs/version-2.17/_media/recovery-gcp-serial-console-link.png b/docs/versioned_docs/version-2.17/_media/recovery-gcp-serial-console-link.png new file mode 100644 index 0000000000000000000000000000000000000000..eb67f0e99985804d9f258a4bc74d42dfabf0d4a0 GIT binary patch literal 46134 zcmcG0Wl)?!&?dnN1Og-kf?Eh~!QCB#Ebi{^8XSVV2G>Oci^F0GPH+eg!DaEq7P(En z@4l<6y1PGjH&xWjyR$XZ(=*f4-On={{aIP&)ywxU5fBhw$;nEpAs`?rBOtuUM@NN! zVr>vY1%JG7QpaGK=_`3`Cx(qf5&i^)p0{W!2a>~??oCTHZcN1 zV&f$XeHncjZ5b`-s}8<-9Ggz>tcJF_*ss`3PI@k- z%JDa!I8mD`xwtk;f~?b+@EKoKD~_Rjdgr{;9`ZGW@%ggzhJ^RVchfKt5V$_E=R6?< z^O@LLxoJCfT>-;RIvS>@)pGgVP^~8Ne%@W~QI3p^%rfFmm2US0Bkiwsbv(sKMMVv9 zIoi!v(+dRLgI;F;`X*5R;eBt4F@lt2M)D)|THhUKUy%mOzz?h#%-(Ol|OS z4Gv$ve7SLSRMkxluXK&m3k(d*Qk6;w{#$hoS&qyT@;f|*w;!dyW%*ruWb8!>?k9F{ zsv?Ccc+F&om(wFDE-r48-AX)}5D<|LRZ()5G8O|9WdpJNPLN)oBMgZ;H<~rkN~(Y!0Cvr(pHa zO}Hx69dJvO`ktR|L;@I`AE66X!BG|M|JhC|nlki&{P`BG*?zI88;O8PyTDN7>DG*k zkfz|hpf?-0(^_nXQJ_x#%awqeRa*)wAPcIpq@<(2{6D&Xjl$*Q zQ{8jOUGu+G3aA#hv7!H!FH+ZywA5r*Za9(4SBxsL-0U#bV4;vJ;DueT{B61%u|}^& zGc+qdpWLwn!VTALl9~M$ycbC>Ro37c_=G^cJoe`GoGdmZC6(Eo;awGF8v}&?_WobJ z&HJc?qY~HcN}RT*^>Gz{G=K zSq$a!rk^7i6`JX* zmNZO>ixUmWtNHbLq|tV)H@C>tJu>;CapGn`;Ej(ZW#CgOVUSNnf^c{g%PTxy6w2CP zU_Tn?3#n~WV@pjU%h-839=_6{Okrd*qv;DJ;U{#mT}-Svsf#K~T^8WWDyv>*Hf(Q7 ze2WRxLwtucvJt6)^2;WNw-i^G+aq4 zj7S@7`XPj|C>036b0_RoThg=1tP7z~{mC_?A~W__D63mzu^xeH7G=J!c-PWXo=)MT z9F^YxnxI4_TCz_XT81~!t|}|Ui(_H{9gb&nwoSHe0bkzG?TITew_!%1T`&?|J zz=YlR6NOu_cgiW`QIrCsbQ44SLP(gNUE8?LO$W0Ones^y^XKHyyMhQB6rdj2_-*X6 z9^vmAuP{7lUt%zsGRn{5SJP|2|bjXUN>E=-^?4g?EO8Aiz*^9JNe z=$`Q@g?u2F>`V(?c_kevHrl;YO6A*ny%?l4s^_m;!g?B-s5O4~60Lu96BstKmxUgt z@%EEy%3Og%Zpmx~zr>b$*j0vEQqgL##F}or4-PEnt2Ae9F za)XNqX)_-&B2Omts`mC5Tmsi(Gr5(I>;)=27NwGs8P$#RMyZefwwrVVnucdVRJfIk zC?DyE#4Z|>2vq@W%`8OcY7j?#l0Rfkquo%<{;|Cx5H4o2W^K4#w_gSoH7(g9de3Zh zuk%9rbZKd?KxE>fXDwFH(`7!C>wS_#rL3<(Ot!xz#q|q2v6FEB*B7Fo_c`56>X=PY z6>X-IaQh+SFV5!X_^B@f*7^qY2J&krgk(I9dZVuF_r=BBrN%4j75J>JUD55PxWv173O_SW=lAC0idO7PMu(7k z(Sd)uXBpYvk8-A)`TPif&X!u9PP#Jx7;$^pHH<|ZBga}sc@y%iRvek9vy|C{mVMUq zG;iw+mUzw2Ti?gC8cs)d!T`CChIvW15o#Yd`5*3ShmB$mt}BAjZs z2}}FeVa#Fd;rmTYQVmx&plHQbmA2;G`r8QI{H%JLA~#guA!X6cAwKTqeVS|(T|Rsdj?y!Mbu`!w zIvxr+xYYvhi=R{itSJ55lA&t_aRR_<{VSVTXe+r~)ppS0?`GnVyhi0{Oc2;hxn2d7%+vB@#q@V+oijawEBd)cGgXbO{AS?|^<5EZfkBrgwpkemd|^t9^F`YG zWU5B{GF|R^Chyqh*o1D6JD1>lZjgz)zs{i_u7&VY>%`{{hz%_2spRu|`ee&qF*B#G zArumKu5~oZFN{Nzku|||iE?yRpNbgpb@*hvfvssx(P4C{EdbAm;JJZY5Z83|nRIIY zhLx4w!A)i{8GdYDqFL`*xCske;L@{{RILUYnB>X~^{ZMeL8irYQPRgBrgE>dJGUFq z$&Y+@Y`B(Gx^PHp^7}E%sE4v`zIm#+>iF0a4IbjF5Yl79ps9R=JOx&scb-+X>>m$Dg^- z+ef*_<87w@>Ik%Xy6<7*5!gyS>74Ehz^B7Jz_g%^Y`^AE0!1$Jy!;cel0a|~&l@|p) z^4yi$#fBT=lhfSSg zV0U}58kZ#5E%azcr)wpeUDD?ynPiYVOLioTC7O|v88vI>Z)^AnQ}+4h4e+I}4}w7Y z=E^=>oTbcKn0GxPDyC2<1XW#_%~?4f4Dy^)uU<|&7-+7^SAhgccY7Im=XYGq+HQbs z=YS0f!uLa#-jJpRdqfgWtKbwqYgYnZS~@zT`qPya{eXjZRSSwuMbA#?ZuM&Qu0#Ff z^h#0@nnu4>rla$KNbJfF(AWi0K*Pt`-2-ynyNmedQRCyu=V<3a!I`)&Q@`K|CVECT zCzTEzsRN#)M3gcvATDnjry~}&qocrD11jKMuFBmwM~VHKW`M56$c^5dvER(6UlLD? zRwX$TQjV$jICd@lY0{#lkLwxF6NE3u!ig%9S`#T%z1J=drJ=f0FKr_}#F>vOO9LOD~R<3y57}eAC5h4d*XdpT87f zy`$1%N;j?IHh>o}QG!2cOJ6QW?*KP=?PE~l4J?E%OrRp|U z-+O|2qR|!!soeG+w*G8*eb$e&j8zA|2P%Cr(*$golYipF%-tQ!a_a@tdIJ@>aB}5G z(nZX=f~86qR~Fru{2x)ZzB|k){mu=Zhj=q;GbcoRyFk?Oh>XXG&9 z-#G19FmFWP~FBj)J#^KCDu#vyz(Za-Sa7BaB(P)q;M?kj*ED*>(U&-L?dgW6) ze4bYB21TS>-WWAT?)Vt9tD>GmQmZ##ch zrwdL=WdTyqOukvsl7e*;8Tw>vjI@#gc9%g%YQi&DS->>^jqnnh_4{HlCCyj?vF)sIjs*<)Ba^%m7wcpd4wO#cm z9ifp2zTSt+=a(MZE%QssR5o8Eqq`>tt7~8U zHzAb?*-g#hH*bjjeo4&>0Q{AGVbrqk3+CsziegM1XUx4Jp#irN57+Ns#cA@KViKEb zT|O@-=TtrohR`7&O(=Zd;Sn}$!jF6Z!EZ!jzI?j<6GGCKIpe#F4r)AI%h&0jjy%KH zZ$EmdD8Sf?i&jl+K5(op7)Hua{k9%6*z!xs*m^#y?M3&|_G=oGkxoDFHuyUBc6g}@ zr)U7B^2+V^TF;7f1IL`OVGyz)Ezgg;%zJahX&$}Lx@!@%2;T>UW^}Yhb|AXrp=-hx zZrsV{S!m*~w<(lXkjxTm4JNi-z=y&)8ELgkm}r88)$ve7Byn8&t{Gjmq_$uDl_6C( z>hJh&1&vnDi5Qk*vm!BxneU)C?_lH{-=;Vs>H~s_l_pDwjkL!!pqWeH0AKi3qYaRxfe8;I}9I*@EiVDs5Vw(9l z5sHZm@=rFb$+WD4*_7TwZ`Q7P-Vz~}>2eCb@_hQ>>s4v;6yM`h^_Ga+EA{g!%ozc}&a zJ$TovFgmGoF|V6(u(3&zQtEOe_C2ChW$R}e~_>A~N-Qq_N=&h|Pgd|^} zlSQ`9IL)y3?6T35B@LoR@$s804TYtt)ZS}bHh#Ny^f_4P+(WLy*IC2YvvtDxVVRLv z!%0#8>mfbwrrDkYwZNCmvVH;S*9$K1woeS-wdsfJAKhlK1#4@y_dCxm1Z*qhRb6G29;N0Z@=0y>;Pg!l zvEOlJSZbss9Sf~&LwU@n<`nAO-TX+=csxQxUyX%={!o|NUYG9FMO0*?0f58jzW3C& zz1XS8hB31!=TQOP=!pX4F1TW6P~w=@w=DkZcVQH3Pu@p&Vp~cI2t};2bvsdHl@p#t zAj$4uzus7xXx58Fgegh+ei!L0qoLw6SkAaQ7SNibZsVQ1?=)E9Tc}er?;?zzTxi(1 zab`%)_t0qg^W~hWLcW~>$NRAF(&#C*-*pt#T*wQ9Fn~-}JVfDz*(IPVc*Y{bAfh)E zZ5fMMuX%P)bDZQ85fEQcu4V5UcCs|5V-Om%wL@MIuw%Qn(2d2Ynwl2&z1NJLTZ+~6 z6jCn2S%46p79g^-r`@3hIow$iajI#gaLVeu?;BM;f0Vj7SMNqc!nZVye*CNTWS0uN znrbZy&Ti4JdEzZCw=k1kI_&8(e`Cwi?+rM4YmfFKg3C=m&cyQO$g-2+TLt#2UQ>dB z!L#&g4J{D(Ne~Am4Zt@%5z25$c;e{x?B30e%n2d|9{Q>&smKSMOmQe6U7>vPaCLIU z5g+1Qn)dbRI!>#cH>wy!JH(t_`AJgecZv`uL=tn0GMc3RIV9wY2pwc@tSKqTp+8nG zpcbe&r~rIYRo$DJ@O`{wN?SF%Of3J(j<~UgU=$U%dHa&d=a8$X@sMa4cY%G+&XbTWCANhMw_ZQX5OMUhh0EazyYGkTUH(ApZm8S0N&_5dvrg4qkIh1@!S4o(m~rQm6}|w+ z9TF5JRISkR6gm~d`csKW2AF0IEm9wD>0#}J__XPf5=5M!q`S`6ud4lcK8Ps@S%|Vu zPS)*qH1B%icG#bbfMevuX1?i{i*%{`PrM3h!gmNkj|l$$A#+vzV@ehi;MX~Xd`I#F2Plp%8rM>XK}aVo+5T-+-8i$k~M*sHX6Nil_}7T9@TRr31D@jQ)} zPi!?$9c+Pj&jxEO;+WPXt8y{Ixh23CaRGX}_r1^3I{d`Lqa=?qwpj%h!-tV{`2rwV zhDUN5K@YM>wFM?Yx#_UD9amQc48r04ckW~+TR%F8s2Q-nIG|s0$yo*%#2%8J0(tGy zfHp*)VsRbmhN@9X1+&R|J_6`kyaHt&7=$MLsNE*>NBNI=TYgN<78E)_tNSnt<9ZLZ z0N}!wn>JJghX}J~4ka|w@K$i>C4qU}XO#@e&tF1!fXmfANxt_d++Z(8h0CRfHD&`L z%p_d;`idUPzMlnhZXZeMrws#cHNp~XzC?k!x63IGdyye2_#r;06QTwE>-+w%or_0M zC_TdatAhJN@2xpM!#7r6IOcgm&_lmv1rr4aJe@_PkCEqjx)#t2?uMNR1UMR;PZwR8 zOIokD+u%r3?Mieo_*umyLMJ}{kY_*H_m)&)6Q^Je6C}X7t8sZsnaXs!G4ANZDW_7- z6Ncc&{PsI+A95GAe405C14eSNxwX$OqV$nrGj~VdVxwyi#m1u04{@xs#kjIRw`tp9 z=vZ)XS3=S*UrNu~GovtJMEScup?o8LQ==@p-}8A)*FYypUuYU}+ZrQrK}qWB%6%CP zX;f(s*UnfU*7^EjND<;@D%KaO`p#c@JJ<)q3o5g(aPd*lb}ZZAOk?%gi8(6DPqd@M zpDePq1;TGI`7~J6*C&c{TC4YHE=QHTT3-$@QUHIN5|L)|r z5x)_w-lXXK{!f_#mk=6h-RxA?aDXCjnQd_L4lRUa!DjEZs+=C={u`LW$6p7ci?>rmybj*wlcme zPeZ|ux9H|nf9$b$q+TpZwKSW5O!Dn0la$PoUxVB!MQMIJ;%(pC?II7aSh(UD4_@mq ztf_GH+J0Be?k?lVCK82Qi{$`Svk5&}_^g=H#P7z;Ex#oJs)~>Q@YM zJj6Q&m6~&;Z62}@Q|`Eu_+cDXdoHExB zBrIIloApOs@2Wlg2b5gcjYKncN1+oC$4r9bn*iZeU)Opa0ygKDybnFwz4EuU#{_d8==*zWYc;8SS_ycFYz;Fq zv}xx{k7NpX9EqU1tP7i)V?`WZ;!+OeM}GRLW9#QbD;6a;Dt6C^J<&O@;jb*dkyn?m zl9vwkrNSM>~mS+esd zGQyEp&oQfp=&tucxL-EVc5Y0_$66&=&s#+u)^Zq-V`D&190sAbzJ^{ur~{Od9|E=w zGmw_Q%FhWH*0FOY>D23Yl!w7HrYvmRn_04}i81CK1Dk-;4!r3XKmFQ<`gLJ?N9|j9z3LlD z&P3b<*-PtNos0K4+`0Wy@GhNNfEv3u4`u$-@_w*r8;dSkFSwjDa=XJe^!jcA%=%#R znD^@v>!%{5!xlovsR8A&UcX#?Hru66XK(w`h=V~I z7Njf_VtckO*eZ8bl3?_y^1ao1tt@a-Zkeusl(oA$!5|m1+_E*!vp&0Svo6seSsVbn zz89zx3q`F|rW(Ta0gJ!>QxFiGKK^+QwbGI)hI&(g9pxWZ#z9Nm@lC+1$Y~vX-w|OF zIFRB_K-snXYF}MWYsLK_v03Pa`sU+2Hd7FYyJ6A2GI7uQPP&AWsT85|2DYyrosEb& zO?D-93+oxH=3wqwpff76ZTcbC{`?nx3_2yj_Samz0Drwk#ZA|LY zA#YLrntP1JMZo=qh|)DKV0dPJ_4uKfZ^$q`);^5F6zlY@~{ae>J`?Jk@PF-(XRy}i`;&aWSQ;wKq{b&$2870_H`@JP!)mSSU zf|#%=TgJuHRX(NL%i1?cU60F|eRScF9ZpFU{mSA{nv?SSfIJlBm#kX$%!HH5UG7By7ceIDuY2sQ7r0zBip8f1oPz-HGq9N~iXcV6a@g@kZQ&2))oy2op zM78;}!&72$0?W2GO8-Ksp!HVsu6@*&XnI|FK&`vMOFY9-(Y&X;f75E(LNhPA64sNEVenn@ufj=5o2&%8{-%s=8&WjE43|L9c5<>y=XswCJBqxgst zrLSMWoD%(`NB>8Bw0JiCcs&O}66Ol-r47qV*Ob?uY}jVyrHiP1*SR(7)hJI?C@n5_Fvzkb%I|6`;g83tB72%xHuOcMH!*xAcO5a8>c~_F6M@G-m`%Ut$t;~)7 z*QRY-6@qCIG}F9Twac!16e?d&4!r)(&$<>rq%&S(WD_v!h9xKCK@AO`FY})(4*pGg zl|wE_bR*BWgn1N%iZ7KV8zh8~WCnbh18VZOtNI=zNhE99x}aGkK*QUEv%5+% z?MOSZivv>_-vLRx&LkMUxmqeO)f0*>IYcV@=a{#o`j?VDQGk}MPmW8gBs(2k$Ffz=@^u42ub$jmw0W2 z7jmaV`;n1xCIXRWy?CNl{nrg-ZcYVeSAz=Z?%Z5OL(l3U2oKkNZNa%sHIHsD^oV?WlM1dd5YU;O79~ zgho)6s1U~tc>(Qv-IM$`L>Leb7+qCAIt+}UL3k&8d%Mz_hYpcryBr7_uCSk0I&8&e zQ`pfPX(;^~J>DDmYS!vk8m_Lco)3yVeHXOm81l7i+p4OraEt#7! zys3zWao(6{eqrrI>PuQ-z?Pc;>a-*LuPRGlOogfL4`OEDGFvOGB}Sk9kqm?R_Am3ik?W91Z2m~_ zLha8sQLJ~z-Ff!^QfYtFav6UKmF=l*X>y??R7D@G52j0jhc-uW z_n96*{K@(?Ho0&tH~@C2{`Z8_SBKI5B@@C+2H}4>FaP0cR0H?2@k{s4_W168*F(aD zQJkG-5P9PE!{oefL=#vXt}1(Y>=OR8@pvAd+C%qO-n%_>AjrjFCZ3zk8Ki^Hyp2|> z9gIi>T(H%j+K@V4DsPgfz$lFq%d;KX;++Q9)P6iq;Yd6zZHnYW218V?w~{)1H@v*A zCo@1EPyR&U`$Ad0YlLf3!P0=@w!(ZTJ;8HgquBS;Vr$%bSq1=6DcLwJdd^Y{UA-;&w6M$WIy)ugW|~pZ(l@W zle)I900C8rnVA&>kX7HK8t=1Sw7L81QCZ@VsbZNet?v7`{GP{Aal|}Sl$2tmZsz7C z<1V>EegyRN^s*`{gRw-MZ1%s|0|1P{=< zAiy#@CMKhi7kmc`6;IjXekntirIsV9VPNapK|65yNwboDYt)j?xkuM-ji zR>N3U@Gauh)YQ8xe|br0!ryrsm#j*6BowMfa>TikCeLqX*uQ-|b{JZ8Q8OwENgz-h zcHI?2tZCNm@qqSR@64F{H5i;?*RWmd)?FMlfGK%SX)Zto`?Fb>+9xy{!1&ZswDW0! zj;5YtCP$)!@T0oJFOQKE#=dIcnVu6h&%;^zhnw!_pAUDJb6d!PmpSVd#*%B@=L5vN zp2wNslC+0g=LG{V_(>>^@)FLF9ki?KDnrEDY5~Oj3<-LMt>0cRJGrcSEc~OuE~oF% zWF{+u7vp%=Dw?gx9v&YZ5Q#21;KW~B0jKWAW`6KmmtU2!(_lO)ukTd_IAZR6YcL7U zc|j!8`9<*p;OW`?eqwmIH;GziwpB>$R}1$LAJHBiEah<|fu}*m%oont1+X!S><&?r zE9X|+x)c`_Ai$Zl)V1Jy+cZzf*|WdoST20LE7^nbt4Nr!;fm-Fp=q?Aw0mb0sa?Ff zOcNg}*h+!~nsR-jvVP-}E;aqAb2?BHR%)hOhO8Ddn+7dc`QI0S$!rCZaUMM(s<{h> zdM&Q~?aXw}xBEm~r>1YnL}FMq-xZ}0)YCrtAUxggTV&puivWt|$~-VTVT*xHif%Mn z5Z3MoHH)!)pIxH2ygvs9{uD-%iEC;Sz~fwj9E3vka^=>YbUlq-LwT(aDtWPRM5HP? zF@>&13QV+ZHELQB0k5TWHF--TxK?Z7*b~T>)}T!{E5qkv zn2tU0!Q10l&6IkOrne8?ZxJGTqmbWqMUQN}YC5NE0nMn_=^81Vr>ZHIL0y~c)*V&=ha8p+{fML+sRw^;?A6dY`#5>UlJ10uNR)r4U4LM^%;xi|#VS|M z*D5u@YbC0kL~MpR9+d%+Mjm#{N=lGLo*x<+YLb9X@ZeBmW(TmQ(9}Gh!&9}xKs`5C z!k=%xX7ReTbe^t+cS9gO3eE(fGP0|2s!jpMw zVSyA4bAsaOQD{k6x$3|{ucarnaFw05Aw$WdcUK(f3t8_b&oJ=JQnHD)UZ^GYz1lAX zuD*TCS3B|%a8eSGkV+v(VV3GXbWNju2PcF8sQCCAWFD#3E3FY&`RSez9Qv+^LP)HaCEG-%>bm0{AvLcl`7+1 z$ycU;=9W6VSRGq8QPWN&XL-iv;j@OqA zQ@jXE)t04?NQJXHZDypKDwFP}$%ZJzLfsW9An7I45x2MAfSQwdfs>D{Q%SZ~97ghf zWh(jcR`~&%9=a5eIFh7a(y2AmfW1&@#u+J>EyTo^1%EM!w3N598}`n=2SP{?Q}Z_+~3XWZ>&tM(riZS@gft zS%k@ZNK({J%R8+a>W)R(n~bbvm{+4w;MTg2#cf|_jclYoJ-U7rL{#8=)=}gna4g{d zzOJ(yEyZvJ2qaIoD*;I?vB=>#O)IQITGnfQ2U9%Nq|0&C(oUL}9sgy~_<0hi3%%BS zWT1j{r8L*y7=C+UQ+931MQ3F3wI+K?&obk zA}`)__GyV5C;|7$gLkWCcx z6C&!IWAW{(?&qr*f)&t>bu>FQW8Nu^#OaBHs`~>|;8>;42Y~Nbidq$IRs3)FQkG?A zK~Dm;m@1E|-J7>`fDRgpBx7l^9$O8elxez3#1Ahbkf{KG7b$oo7`!FO4 zd4kTmOL#=)%hRx&)=WikYO)+LwT&0;L^Q`u7#%EKR1UE@9P=H}_%m>es8r3>aJpGe ze!3)5#0@HXz+oVtXAZu*lf6Ek$cU=oV9sCIhhGIz`f9$rouN}aYGFl#Pn%T&40Pyz z^Nmk0q7KX&vU6qw@HiRFHGQxee&PQxj_Yo}faju`QK*7r2N0sK)cL;qQC|7m;QT7B zcH7Bc%T{K3b?G4!dHwbvpne|t&}~M)iUPw@eZ!Qryb;mmfW86l)djZgK{}ry#7~AA+;w_ zh!Fq46?c++tG7VBkBhqk`6q+84o|H|oi0aBhPtSFq{@v{w93<{2gM1(Y6k8KHj{As z6QLsVr~!~mQ6szSPU?{fp|5=U@FJ>HK9O?t32u*p4ByI{L!Xgbo(%w157yL=`lCXL=ajh`tD z!KjPrBso{RbYdxj0`g@T2No*76cEXLl+!dkQbb1y;cj}h?{dmC`+;|F+GQFny7~sX zU{v)e=j0bZJ>u`!;D8}*K_o|haKB0tCMP$4vmTVdV$fdE)7;>fUNwrV+7Hh@m=W}uV4G%_SbQS_*>$1wuuc4LsbKE+Dw;Vwx1iext8h<2oAYLGx*geAMcgrII7WV zO&90h@u^FD2vNRBY|GBms7t}7HgAVVjUSd%o5fuN@dV|1sP*~QM=}?Z{xdC(k&TI@-m_BWS& zXa5-|QUW9GRe~{hDs-B8An`H~((H&CD4)p!dY1b&$e_Qes3?7XWMDOG7u4P&)(>bVUw;H7k0aO%Gm$zBss17S8=WQjQT zTLw&r!>_+FU$(HuT;2Q)N+mVO-&@rAdabSiUd3rCT#;`ElkKUPj1!=Vtprn1tShu|}LzCi6av3pddUL%k zCzrrF)QGgl%AxCgWSymdrDN&Ok9KPB$K|d26?N_B{D9l#`SeVZqsZs+Gck>c8Epo+h8gtgQOdmocuZw|hqpNXzi`YqyFB4aa1#Y-Y{!KU-v^Mxm&m{K&s3N6V%0|5loBfA`E|4!dypZ6)V6;pbF zqI_Y`WB^vW@9c)tdGp62Q|RUGX{Uj9a$Wi0nt^wqA-ghG#$90M%@?#^58i~F1X^mR zNfk*P;Qiz72j1CLW98FqXAtS%g<-wl>#tIDKl5>!my4*2|4;g_<~gWxwLow+fdlTR z&KlvL&IIWkPWtQRSmgdK-Bh={P2@&(3nA$RCuj3?fQ*}plT5PRP%={f!U<-fbI~9Q z#`XP(qStoZh}2Fe@kw2RQ(!%wl?PETMbas?mxEuLA(LPU1<;iAGH7Af>+G}LH|-$A zHqvF23+gTq#J8`*h+MH1Osni9XrpC1|5D}Q{N>6@9sbhIMemP}r9zoudV2x$Z+fj4 z=)!{Q*y{Pmkx#22$jx;8=@fRW?I}CcGL-^JPcn|Y^L@Lc_aQg)E0Ej%^U+%7${q=U zzk||3pAzkFESwdXUDjzdnU+EPFfQcv?wCko?HVIc1EZbp(C zE3EkI!C)jbY$*Hh^@OpTk3he;56e2f5MKgK%h-dYaaiHmsX-FAV5Z?JFpQR$D!>F(@n`$%gh}^xgLU3opd5MLgDz}O#9eb-f>mTJ zdj;bu{HOO*8U#JR{Y8+USDlg{V^LYpZ9@v{5BS~aB`m97xvHU$?%2Q3U?9%v1>r49 z{c&x=(X53%kFB0yi2&@hRU?+&HR*SQkp1Y(SIN`UccCCNV04D*1DpGo@~7HD(m@`K zJMV5QuZIpT+!I&@tzk5|F){kETP{KFfci}2M)S!9R)zk9iIL31DcDVy;&X^z9$Cnw z;ruTGGDW9Qt*6qOx;k40{!reiRmy;~h2@gW!KbddT`!&u8~6TloV$H>MfrH+ODh=r zR)^ayWVVFx8gJL`yOn%b>>J@(r0(m}Snisp=tIHJf&SPDH=@E% z+%Ou%xwgE%Y@VRrbzQIC@`S6|clE`rL38*So6VR6HadnL^(%MkA6GmO$U6-ZvInqj)c5=5INlOCkY;U-Mq;X|G< z4)s9+xCE^lzO#6bPPPfX9Wm#=hZy!J$H7UulNwepJt?2=^!?kkf=;K1LQl`7KaPNS zhfc)Wtr+A}J?#aSMkc5TUS&@t?ijB_nE}sKn94H*qMhH2ATqH z{c`*7A>~aJa!c9=5{%53e^|t3Z0w&-r5`o}y41fCH~{>r{G1%4XO@*sS`?{msWR_s zgOb;hPm+5RDTWAvriRM%TOQO!17#m>xZAzq+gC;sPa>ueSe@^7EY}A*u`82^gp9{v!fn8Yw4qI^ zTGN+uf@1S0d$G;lEe6qpnYy>m1%%}OJ_s;)qW4~j!sar}T;SI2Vur`07pJR!4IQh}vu+z124Y*vEXTKdC@ zxq?1;tL+{$85C3vw({_$ECgT5aNo3|c8IlM*T|yEl*z1GLUL9cum?98b-jq?*JRCr zr7{^PfL1OZHOtDfn*|OV0c^7ijitk)-gB-MA8LgH=J4VEW)zaluL8fl`Btc|QvlG6 zJSYI2PJW`lE<*q@a#3(IEsDjY8n^)BN-La7pV>BoYf^F*pkO zKgdQDLXI)Y3QL4T6pn`qQ+@COx9nLkGbkO&(2nP@|pFPmc&V?25$WR7c;t6HFW`9p^7F-ok5*_ z1Z2$zU^MhJ-j0gDJuX{^Y0|zkqH105sS7w?V-?z*swHUkJ(81=xmDhJY}n9jR1ql~ zcQpN`T~R|L&R5#9`|%85$z2zTu}EH2fkL&2+WqE(?qkz7giOc}fO0%kY-e-xH5U+V z@cg&?lYpaAvl2l*@`LU6n*a~B&hz%m{phyPkE}UA10Hf~}D;9l&FX?3|S%m9{MEUb^GnQ+|LEtYc07hdq` z)8kUTk6$`tsYbnTuCGS-2x-K03ld&m3~Ne%Umqr~_O_eR)=? zwscuQ;QG8p3eem9t#LFtiwy+4%p7hkCZC$}0JM^gon5O#Pbcy6Ot$}QP6|RQ{dZmC z@94*ebz3~&Q|8F>yiV%=&h^pQ3??m%CbsIIewTH(9Vd~6dxUy*jZHLMfs!3$$6S!=u1XMR!W%H*gV?{CR5r4nIKhH`i6&f za&!cccIv9C@_Ks7y|{7Y{Bn*rfPDp?mVNuqy+j*4ug!^E@EEc(k+6WP9SCu#eVxK% z@-ttVs5X;&JnSLWC$AmTXG=Z8G5tmSnuJusYFYK0%HXnnj_E{4iWr}&vWki~XXi*g zSy@?f3GYw6->5=x?T}h-%Pld7$u0))SvoOyh$H-%b=Wco$)2(tnyCrcWkw`=jQczg zTlenW!>F}X#^F99Y2Y@f!tG1u*4bfpGch!bO5%iL=%75ngi;A%6@Ap>4X6rDtUg>_ zU5&0P;H1!e>&qjM(>`=ih+tz7!h50 zVOj_a!}Rmy9YD_qguoQx0FZsd9k{7aK|0SgDM=_K{e5Vt`Ik`q^%itum&m;y@;+f| zD|+VQ1j06SEv~EUWtBfZ9^f7+1+TeoF&{X#2U_rfXO$>tUHiB>P&@~g1`I(3uZ`jw zF`uDBia1Xv3ulU!rZQAr?MXy>#7Nw`>k2{@Roa)*A(TB5lR4B50LfQ+bS4nY#IVL} z$2_hs@*vX~x&h=+=xz8mQHqE*dkTI3T;lTz*q!rO=4TqgnPUF59}Syw9W$bgPM-No zI?p-&e$3ac^CQLH*JdEuF6|E~CMug@7ZaDtS4eR0@c6TVV}M1i?WAlX z-T~0DFd^n1^K@0B&_ojTG_c}T70>AA5}7+gnhjHk1H$UPzqKJwVx>jbtHEr^^^^+? zxIzw$LE;be_v?1SbVfxhni!e!wS$@Me&)*G_s1krqbyIC$(QwM60{$bup}oWt*+8 zCEj!Cx>;*P90TQ04x=xOlDx+~Esz}?0DT@{_Z)>$Q4$inn1`tNgUFFey8|lhpgX<* z5ne*rny3wfF@h*gfJI9Sm&-k6D=6tBCMZ(GSvapK9YU zPZ#q7GX#3Xho6b=O-E~3$du8R|lIndtrIpK_z?7{%Y=~Rz z1nFRH(8A1`TQf%UC*M07j(Z=S`fT909P|Wmqw;vs6hrMah0-%!)_7Dp zzZMPUeGkW_yqBCD!td{M?C@GC!8nvhw?O&q1wW8))rUxag0KL46ETyuvwjeTObKnfU=_k9EapjoL5eren*bJinRRj_IR^IvywSY zd(B@h0GeWRTa>c|@d1Lv&CZN)Dk&`$TZO^VWY5{R5H*!=P8eaI(XA2G`TlPy7z!ki zJt-Y*xu|zCVrmE^@mgkX)vXU4Lps@({RL;BYSl~S~Q znl3-e2iXa1EZ1m|YTX;UcRiv58P7G3&RKa@4p?C_%Lky2q{Aqi6?;Ro{-f7XOB8VJ zUdw>7Xa6~2Zmsca(yBFEjwb9sqEq;_SIs8jsn-_)vC}1Znv(goYV`f7#6iTm$)NLm zH$^6!WRXglp>U=6O>4bSY#cpxg4teyjgZ|bZ<;xiJV(X8Y1375|HsQH9%e%1WU_f@ zra|((Yv7)uZNkJ8KfhG*X7SE6%g7|K}86C;k8ziUv*16Si^1(#LPbg4QUih ztD!+UFcoMho$ICev4EVB4zCWgS(hXV?n~l-ilsf|IX+-LSk9#J&;E~%R9(wzE30_V z{%ojhH78{i?K}_QJr>j$#xT=wtBZ15K%0Z~|(}$DO6JV0)xp zY3wRc`V^>S>M9~*@-NeQ(v;7V%qY85cU=#DJTK)?0Yi>>dTjdykf1vpY2OE>F4R6U zIm(0FIF=eVb4Ed+J3JfElAuf9H~pxqDd_{HLaIS_q)cC`&1)lYt+pIJg;R-&H6b#< zRoz6AR{$ReG=aqEl>6~4iFNPwtU`h%N<6JtR@rWb_a)fZu8relX&E^SY_)M%J0h<5 z@y@6r?2))c0Mucv4F+}b?kuNClZ5s*_Fh|M`|()Pt<)g=Rp%Gj{F!YNwp1R|Z}l!s zL3$!vQruGLWmS^UUmpU5ZBue0d9RRg@Kbz7OS-DEYKsI1I|aHHF{xwiv@$b3G;2#{VNglNDC@)G_**8_m@3&)^Mhq5lj+Ymv z|7nfoG3{F|=))=ii$(8ha2qu+{Kdrm9c}&iARUl#L|*zA{QW!mpuM?ToVKYtJo%B6 z?Qqjwr?Fs~wEzj$3S6rCtk2tbiWa78g;?gM338vikF}|lK8hn388w{;fh?YT@6PY{ z=j+ZP7ZFb3%mN(450QI`R?FVZ2OMcqJ%Zuy-}1XiUoS3BmA4h4nb-j5rCOWC-#Ad``uu9+keltCzo6i6I= z$l#dugjImuAVEesP8CxNeW5d22{B(_Q(q=ul2~@*?qUmhtt$2rVZ%m|L$k2HI;aIa z*^i|bX2~B1#!v^XtPMMKBX01q9mBX{umrr^M4jK+K6|Dn5S^ZMLqaU{sX#Ra!^?9( z76=2~p>H==8GVMK(|%UWkFK|@0^MOr^DmLIw&V+Kp)`B1^b-Ut1)(^Zah0Zt7#Zbt z8tb*Tutn;>*Z)VnB7jEt(}U=!q5lgUAw)3xL;oK_aeD`L6plqGgp8EJLMVs;k?3x= z-gB%d?iX`KVH%#bR75fVq9i5&t1-c_GBY!ulaCewA)rZ(d_=HHv*hvE2uh~L=aX|4 z#ZHY$c87cSD(!|@HmB<~1L3tmEa#tI&We9jV*UStu5>ur{=IvA99C3RB(*$L@3uN{ zPxXzKv2o0oFLE`G)1+8USxypAGmG`xc8}-sVUuzkNjdJ@x5y_)UJ4_bz#RbEwt2iWR}r@e$QLy zn-q4OD(-)uP~x1}$X6cTqB8G(erN|<{{{fN54T=z13(%jm-AGczc@ChQ|NlXkGB+V z18CL?O|jz1Md07?#fL>tCkar9Ng={tiJ+#oOeI` zs|DLq1utqpQv=W6v;M}LEm}>VMo?16Nb#Vgmodao!;-?HIL4U30>iO%kcnG+~iG|nI4TD&wDf7F@2l@(;muT zBBgs@y@eW(m3(GYi@tkJfMu(B;w_a4wWqSF1@hOJR12^5+75H|cG&Job;6MfDD2e! zz%QKs@H^qtHB~m71H^Tn)Z7m;`R(+m#2*Fr$yP5Lgt_rtro4?m^yd^f!o1iB@Z)iF z+b_R%dlnTi?377qT9|l|4m~e2w}%8C4Gv55-8(pPOc}029a>2criDO}#D4mEuKXw3o1ar`W= zNHKu2a8?MnZAx(NWp3)ZU3MGtQ=!|;D{e`~vc86gBgqD-rCXI8ic=nGp&x>tt(gW$ zz_P;+4%rL^==gop0i(|sG`#9{g=m6C8$fHzQY@v&;h&0({4l>Hak!-99JwhLZuru| zRY4WrM1H*eJ9<$1#`qz4+m_-H^=5cU7(6 zB`kNhu`=~MHzAfsvC~Z!PyIyRPmkdN0buF3Wnt`6Q#@z*Z1ctMDJc(-Iod<9Hg)+$ zAGg>3J4LD(7hZ{!i@vFTMDQ~K;!j{|*+Hv`y9ALDX~>WdZ~?8FwN!VTpa_L6EFd{@nYn6^tjLP40orC*%zr~#}Y3 z$^FmD;^FUgr$oUA~F9ku8RRyLOLwT3p)sGL=B=VGu#t8z%NGl=Ap5=}d8k;i;3RHa(sHml) z+FKi2QMZ07xv+r89?D)i2yhNvRg#AqSTm>&G*=xsGe~kt7dj}Dg`_H5wUJ#aDKjxJ z6EBz+aCtC>$MA|N-x(YPx1~=#N0k-fW{y$0Pemu~KA+NOY<=*;)$SW(^lT7r zW2K@f^?xkY*%C^IgA?*{60s`6=3)utRB;jG;R|}DEyTZbk(m;9s}(o%&d6acp{ww^ z?=X?q@K&bjK08|-w|bR<5`ml24EZCjfe@dKWr+~}gTCbmnv!<1N5g}01ZxWd9JmaS zZ~bfR-Mzfp%l$WpGmqsZ@?FT zT%EBsvux+Xsu(WL4Us9*@D-sKi$k_JtUl!^TnIq5c-c8C?`|4fDm5_q8}j*yLz=V6 z`zy*GCPZ2(lDs0o+O4WO?%^=01n2bNa&*@_HuMS$ zLpL%4BK^ku^pWgR^qTP2U_?Z}-bcgtJ_jo$+doQPLZakWS792k+_Ou<3yQoaoZ>Lo;^ip5$Ygr+m3%Bpfya z<2T|;rgs07CCX47Ew#bb>{iomIRA<#0-R_~&qGg=cI~2H1=DP=QWH^^B^&@#f#$lwVQLwbc+}+NBnA~a^@6UWr1Zl3`fSxvB|YGzd9LLCnd*x}K%J}p5X>`d znJqh(;1OB8XDbM}&3aJVoiq=@J4i%MFtlD>F6vk1yP_OYh41wD47w-GjUMT|;;8I4 z6(UHck|&m$BHH$SCg4z_;n83Lks;r;D|BowmS0QtH3ICHW1Vj=m~6e9Jh|RuvNX>= zOkImaLDUA4|1zcD-uEjdv~)_YlP}!rmT3Jw_MJn*iN}ybaUh=Jvt&RaCX!{Nim#6( z^e2AMt^np9sj40F&I)!lSD8{oSMpk|Wx3m~mfqFkM*+JPHABF+h?IjnrnHDCMb2b()=vGarc!X1n`wkK<&HZ7FD@+ z8Qi+`_zCuEM1ompUY>+yYjT7_D7|H()}zHoUR&Ae*H-tqNF6dLZgRCgzjADRKiOTq z#JHGMg69wFY4R32jme2h+twkL1dL@WVSdgpbPI;`^QojGQ5)n@g9BckO|!+AHV3FWWUDb^)2JP#w?Y7YkL>Ak-DskL%GsAK;-FJTOc zf46YEJB>EFWci@>svjCMC=kSx@>A=8fmsFVlXOgYGUFD%u2^c(71yv3M&%5cr5FSR zsx<-`DjaU#zU_THX*230#QI~oWn*7LQbJ-kT>A2M{aipZP^8Znqr#=H)-*9w^@)NM zOUj}P#rCsJ9+(prMtfXJ#d%P>`A385d*Ys(&LY6j=8yCcX+^st_(Y!Y2hHvtKav{( zzv;i^r_fr?lDADenylOnc+2H?2dP`~emvB>EK2~FVlY-FaP9?YDNg23aGD|F6RFRN z4U_01MFd5THDiki@j~0w^__f#C?7tB8&j{Uz27!eX}i}saR5KOqW-yG7i+G$F{Sp6 zt^xV{`}r;s;$%sD`Ih{I-0ib%Ja3jeq7~;%ZmtN=>{&ct!8>ikV1!7UXOmhgKQoD< zo7}?AZ#r4GsK;r^k*6+6iPjzug))VZDme&=U?*Mn#I3$-%k&y??Cuw%7)@Ft+i5ig9A~>js=N!QdyDq|_)iNSSZs9u*iSBRs4Jvt#K3FSTIsL@Voo%*d7&f@YtR*EwHaRhnnRwZBnNb{g zl=P3n&0@o8eIc<_%$n8!eoIO8e9QVLebRcta5&%w)Cq)3YCjl#nzN@+D@*&13f-Fc zveVX|M92u4fHbpT&V5%-E@+E*AO(`K!$b0C2-w8gchPrgQ}j@)Sf2pbzEr-K!D7<* z2+)(`zxnYP5>EWgq2Xa-3W`XF^2U32@7_Hf47|=)sRH4l2#YQ4yW;8M0j>knzm3H< zgN4svX5b{`FAp!Tt_GJy-Ons*>=fVM?zF;NQ!H$U3m^WY%NNf975V6ajb#q_cQKfC zFqarvnQVuQ-2Ryx;@fWCfuoiwLJT){c`v3UdT-M7#S4TlFD#+SYo{FC4kSFRzx;4< zveRV|FIlL= zg6Idy%v&RBrX!~w4Tu3Bcd%+G0!q#g%9bM>v(%N*t2rq zMwRWXt`@~L3UM zR4hCmBr)Xe=5Q;3q?%}b`+U3Y!YOGjsoxd?iFn{D{CeU8@7*N!)lpDwopb|#JqR7@*%xMfT{wdfyL@$_1Uag1Ba6-2Dt z6SRvmTVuXe4L3Bzln0eraPb1>gOoX9X1ukz_Vx!-%c;E0n_%O>t0VpPfL1XtU~B;k z=F4sbgFVIDpr9bklmYNmu%5ik`pi`TGC5?%uyirY<|J%m$&YlNait-p0rerRIFsb0 z4_Y{i&^L?qFPKc0)B9ZGx`mK&Dj*1|CdD86i6y9^dQP{rx!jl)%DX7m;|n&Wuo>@3 z5=^!N?ItXujtZ_2iIh;vDPZ7B-(H3VT%qBGy-;=+m@LYgiWfP)IC_PV^&RW7!-Y%{G2g!f2<6J0Rl93-j1?UH+XR%4NeX zu1Af)P5^fI1Q2r+g0=S-5xCkb>-IyHp^4?Gs+2roxXRkT%v}t(vk0|cF*D;M?UK&4 z*FhIT5W7TNul@Cy%u?NWMw3pSUOrbrYq9#jzOAT2GS1Qnqnvets<_&TRH~6H@_A+I6E#iZb z%CM!;3Q`$AxWL{DD>;BMGEScYh}@`+%+w6@S(h@ckAg?{QkmgPkFk%NVz2_t258!g zId-{Kl)FGdBW_&k7V-o*y3+K3Zx+SzJ}Kc?6|7r`0SeLU%212}rXnHoo^~fpjxit<3oIBteA_??g9p8p1aRUQLTET{tt>_YDjqvBqWcU1trfQG zV#qq~ZstSrWY2-|n1&hbA^vp)goD}=oVAVxU&^ro44^c(tRduGaOcpZCCuKP7T zz>nw{J~_TfJk}YSL~JS#X%8s+wg6iWO;To0rRuYavNEpP7F>g&wJ=?aM2qD927o>P zATwlgZ_Rx^nzzlF{WQU`yAJ*QdC!b$6Lj$Xknl$g?eG4jh9zIBaZ?o+kQ;ASI>Z^Y z$}+BA$J?hOBn&lz?qGt&0e)r6vRRw^m#qNn?I@S>DjGXC3p(S8((NW-eZXi8$;Y9| zNqfDz9$A)i<><;X&Y(8x3@+9zd&pWGI#<$WytS$84GXhXoESRc#w(3ABxV}rVF_d+ z(Q?-Ys$9cKv{0ZlvK|FdhxnHWv!sHpSj%n7C`-J8C1c7G)e5sA0e~7rFI)g+2CNf4 zpe*K#(7tCu!S2{_bA170ee}g!zuf(SIiDtq1h40X$`Lb@fB!H@26Y7u)187tI&}iF zQtn-AV;F9~>rW9(cIq!!8a~{wXl%jK8X7_y(w^Soz%6Mh-alMr6vTJU; z);tW!Y=5m}^O)$7UpO zY@wejszjp`A;(OzA-G#Zd!hNC$NaL98bD>1oC3(Jc!#(f5-+>?A!`Nb5X2BjR9Q40 z*v0(nfC8=Yx=QlQPxUiTtr5EVNn;!`VC71*d3zwP9rG69$FgKNQE!2qS1Yg9l~1JO z+ALk`JxaN_h20g#XheyBeYdy&o$y4IiP@Tj4Z`a{GV!xOK3Jx)d?lNgCgB1Fh+bY3 zYb}2Hk8myzHL)lJQpTMKH)uvd&2%F=aWE!6ja@1kp_{|Dfw-qg^0E(am=1SZ#a9@F`-O?c=^kwsXsU|a_St5(U+84 zwsyO-09;qzx`TU`JVd;Z%BevXz(!LINR=7sMJQ4c5ivj#ll2efP`DW59mWJ?1+VU# zvJUv^7kg#LBQ}ESnp`udkf~L7v3GE zX7qWc>WV`&>=Bt6x5t}W{v)HSv;5axjoI1R^VBWxMV+W2k12j%pS7Kbrg+(P)P1av ze$7Q|FY#nX{e0Qx?DiiiTlz5cU}=mGjTvF11IG{t=XXO%RqiK^d*i(ml<5ba8>If+D6_#_nPWBsn;)G<h};qmvsH$u`#qZrz%K3?Pbf^Hj}w{bjW*hqqGfPsEU zXDXx*2L4v7Mb%hjKegR-AVH2zm}cY&9T4Z!MT>bkiVu|2Vn@cr5Fl27JDc>H#bIOXm!5@&Cm4YpwRd z#NvF4FYRM$8@Lo;>?Jd<6l zH7~ntQAxPcj;MP`fBuz*t=}ZLxLSbtDo@G?j=7t~@VxMgzbnUsr6~#R;Iw>3{=kg3 zcb?k``F~!B$gXUxUjM`HT?DZ+-hIvC({^|Lo4L4umq(jEHam_HFedI2C=0uQWW(}y z2N{4w5_TlXyGgrE_)zxLLMx()mGHLIxt|N$LsXOE*Nr}jZ}FwJ)k#;qcrlR3Z&RE4 z+_wJ-j#=Yi@C!WI?`NlE*DIzT`X3Jj$dB7G}*i*9uK% zVb+kf+dDtgf96klXQ$aO!9ZA^2#Jo>K^$v`QRI(?5;V9PuctGPL#JKzBuoNEAaB1>{R&89`R1{KuKjn6kj7-<( z5@mA?+6)tAsAHCf6@T1XYJC#Pz?%Z(q}8&qbB2s;b3yQjSI3^yojx2hjY}yWqN@(} zyLiei^Agr7;_c(W;D|?3O@r2SQcRLR>3Er1N&iH=SLH>+E0)V4d1684EEfp_i8`bhZR zsl$dPy<2s&eY=)aw*>DrMJvH?^TQuXMvRhM1-tGq}4xrB(`1kDm#M5+;vVF<3=nw}=r5!Ki)x*Vca(*bts^CS{$goX}Q_Th}MBMx$tK@V`5NXT1 ztMNGpj5xqZgIVu)Oiz<7xTz4gxpG^_m6VNi(cB(P9p6*>nNP8smHe{W#K;scfQ$I$ zB#Q5wI3)!K52nYH=jm>dE?VkEC^~{+_hF0zCULoi>^9ectWXo?r)^O0roMN(Bx&1i zD4Eu)C+{Y#L?Psvk*PA=zx}@^=u^k_m!%b&9xu%dCy3sKr2nLwy}bZ%%;9L8qe-!x zx5$KMFm-|3mxa=T_?=VG(->8G%wd0#3mw^;=hC#v2(rOwV_n^ zT2dJKFaZ>+*osF<=MTsv{$yuvZsF(OX6Ap&ojg^;e0CS4Qy0w4eSEa z0;*mC;S2xjBu!d>m1Z|o(|gAw~WD(O%GVhDIhRk2|N z#ciM9|Ff&={~B}qKl5cV%5(lFG&3_ZBfCJWymcMyhFpoYAYfnr4{~bl6@bpZpDel_ zeFGGxyYn5Glh%N%^93N4>I-l%h5(4|hU%1<$NE!k9UT_{$xE&{0QyzY8r8k-$avFM zQuvTg%DDA8YU?9lvH{X;6#xs#h-;PEWFU|~Bt{DqeXp>=F1FafG@*D zz1pUXjG8*;doDDUq5$k_#}5FR>7KYuO3FI?(_?byE6R>sznO%Y#At?ADvB zoxoGz2Om4>0QkB#^ZP3;W;pQCh2rR>55z+&ciOEC969jAqUD z{$edz4JfY4Oq%s#iKv7L2PF;&%K`l2@b9lXFJHd&-fmnSkzj8;Un|NP0fbvxZk^bt zB}RCv19@_Ki`W1lO@FC7!NS11)a>F&aN+ZM!gjjaIx7>LQa22N}l+h zY=3Mo{R!}pLYhmfs}{?>Nm#ei&U;)v)}#~nuY^-n&f3=gDBhgdpWU< zgN2+}vV>31&oO&|ox6A(5N(wLisb{EkE;<}Ucj_Wg7>`LtnAW#$DF0may;eG-P7}O z8hZhFf=wBWea9&q1qi_Gt3iN9#X(07Wc)ClP+Le->^+}K71}YWB}c-i>cK2}IHJE_ z?YK-?K>__Q9S9F-pQl1sYV6|T;sZtL{&w^7^0I5i5K@c0s4YT%SOXx67mistI5;B` zC2g#uH(00Qzl)4kKA-vLcl-9j>FRm)kZk!7#5 zRRPdAm=UN-KJK&_uwDF{MNiS+l$&T$hM3lbG%?*+vgaGtkJLohzER%%$+Cx}wv3B) z(1AqTN>j}Jai{OiX_xd!i1Tts{g8NeWwt?%l)o-~RSvTbJz1oB?xY(uhPAh4->n5i z!X6TUK;lIoc8{}hvU+`_s-QkHRG_-Byj;*U=J_6%ii8}(t}cHD^l|M~jW+dOxGQn7 zS#56&>Ctd?1s4K5(G<1lK9(7*w*Db^alCcJ{uuz7`7AnP_QNOBq4SFi3%OHDP$FOK zg7NuT8+a3N^w|U$Ua)Hn;C8^aojzj64&M{(Zbyl~_IIJ*eOU{ySd)E83}pwzKqEvrms4eMJ@G1;Up^jcN+lOoC2%V1&B}l0B8t- zeZUJ4$77Tw@w>^f)m$auGfn?gsQ*WIZizx2h*9K_L1KKg^G2&}H2ncnDRE;IHc?SM z(|wb^bpe_IdW($;#F{aLc!Kh43jWcK^ew|nOU8mpC5}C9BM}D^X z+=^U!H-^3efw@?mzzHvq^^V=J9RIiRhfe=-;f)#~Ww@w? z;!zf>yKTgOP)70;^T3-#@9OMekp{=KAlcMI!#a~lb#`pO+wPZbQ^GSprJYGg^i1>% zb=aoy*D83Qgq&rl9*L%pR@ba8Kqf8x9dvh8E9_~sGNYdki@w)Tm7g{6pS@eQHh-L_ zW%sFk_`4@n?yxrEy2;b@iB64V29SmQ1&G)-oAivT;=k#6vEk>zh2JfP9>k`sGFE;4 zyvA6dp7XvoXs^4QTV`N}Z%Lg%t~+)ig7eYW%cS>g-Pw`Ell*vTS-J1!nj8;^x9OsT z_jdsVqN=i!aQ6;YZhOnbdXoa4Ym|w^B@gb&8 z&6MTU{lZs6SB89fgC6~pVm=TbFnMK02qG00@ukcgw~SEvr~B|;^M`?<IQX|uDPwiT!OTpop?+yMl^BTv|EIPkz+Glz~gLXwZ=0z9d0l@*1*hiRFcJWCj z`d`T>WHeN2Dt`vd;lAvEbGswo{iU8NfZHw^2ZXl8E*1#86)URn;Hss!FGwYxD+lsE z=u4Ie0>@;)>*RA7JzJg`hb`<`IUJpc5-|1#=Rij5UN9UOIJUk;9@(W?3HZMtP0}l# zr2w1lvVVP|TGML#RuiA|PF}Azk>M))HghV%RUG9Aam zglKl<3V&QQsih$5`;C5$Wt2J=`B7|LWy)l1MSZC$2A}qi)P0!DGA1qbKeVwfG0F-B znj-0=@31HP;@y^k@7uKDp5VgkyTn(XR9K@L@g0qKhBIQXfyB#=>%4w5;o6zxoKtpY8 z0>5{RVz98NO}#p2p4dFdL`AiRi7+@v-O{S!@%!f5UAyy$sKu0*^B`_@frKKBj(@@q z!QS9+_s_phe!3beBTvcZq^_gSp_cPi3C~``pC^6T-R0zG93RnLnCGAQhdWX--7~e1 z1{laHzaD*;_}}JV=dAxLb8p=#^0ko#WVwa|QcquowARRc#(e5dw4md|?U1tT?ymds z-KL#3u5u7ofeKsSr=z^f)u-UZ$?NR{BP99eLvi1T)fkd8dyPk#9UDXENLS}jP59rT z*S2B-yrQSoQ=SD+-+173&I%J4_{ueTjRqI9T0FLf${ky82x8|AW3|!~5tD$kW$&}) zl)i8PKTXm^jjM(WS;RL+LWaO6$(OIutt4?jSz*f(CiIM^v7eEwO#BXtv{6x9-B)~% zerb}@i-3wHii-(My%a18FStS#fh%1=LfsA^OnMT6c&U?MTJ+na8Od`yB9k_#HeQi& zTi%i4Y9jA-@~`Bk|0Uyki<;}-UGMtI69jjGxBQ*QpBNrh4s)y&*}(sJe=}YJ=PXm0b7nLj;JQ{QbBEq*wR(@p~vT%JtJIjogM0eP7K! zgX93}p5Yp+mabRUPLKbrq+<>uXJ118E7#h7b)G5;{hI+|^fdYwyURYIQp@j4Z&kKr z%O48PG_1V9xk@ag?le@JEoHhB6GxAcSIM)aui_XDW+RH>HVu}`puJxrs^8>Zf{B`J zs%^aZ-upk&(PH}|zi9Ud{^1PmjQh5nzh0;Q(yH#pwgVX|6ybZNS97w$ix14BFeM$> z4&YwkB8mc1kghH^RJ8y?zE?jc3ruIQJc?JuxSb@^?*~eieUcEJ+|s1WItOH0{G0EvxYMHAMnplA|s9mQ0b2;j3hp6t>wK=^d%EJ*&ita02d*t{|apE1&G!8?d>=~BebrA z83SaCYdcf~$EZrzOH=d`9#<^JNyyzPO?#H13}&(2MTX|iXx zMFO{5F!$=`dnypu6*(hfT|_`5q-vpZyv>p^ew4kNQT6f5Z&_ErI`f~QpS=z^4nV72 zkVgN}D_L|qd3`4*$kf?kp>Rypa~?!`b0iMZyt=p1-mN_C`4J{wG7IUv@5cQ41` zB7oIeRF8KmSkKXr(PGxu{qK5ioY55Q>iMw)AOQvAUK}+JZ0TEQ$qvU75q8YAHPfB6I7@-$OSO`9!gx+n~}2XtuU~b8+|M zRNY7&MV#_nlltA)MtWOX2gl2_dR^|nB|~(ZW)7PmvxxF{+wE6IS`?}9#qQQ^#(Y8b( zFRZb;XkcNr;H*KGz&9**qsX_13S3AO7Jj;>s=GAf+ck}lX}INBIu}aNaBlHr|AdZ!+E)KtGw2iD4tCmQqE8~ zjTw53Y8(0)!a`6Md=+!GX38+D7bU4Wk1<;cgn*)+RbLL)O`1Yr-lj7hAoN*`=Mfi5A}<=Jc-nHG-+&`yH=LK_3&8Z z7~QIs;rX$4zQ{9}+73Qi6q4G)2&!SsJ8krrvC&DG# zPX+Lm{O);MtPb9Po&Cn$@(uq$rWnB>&oh(VK4F>!4Qjvp2K8DfLFa;{Gcll8ikG}+rifN5` z`)9cYW_`Ba@Mq%17Ol5?(tMuQXW~kx@=KNVfCmd|!>7=)@;3vsx%pSZ`zKV8qYH@`~8YG;XK%ifTi(i-_Vt zxcFF6`^V3d2X96_*Z!~CzA7xLw(nO-1*DYjMp8k#rCS6Ha`_!!=$ZquS`7^#H zRnrDau+Pxd!mE?*&)Kw~EqgGRESu%(2aKr^8A1e;@ti2lY~$!QYxw!693y=P0JH6y z@ZeNbg^tFnZNI&RyCj1&@otdQrSIml9dso8%4io*Ie=1Nulc%GSO|uvyKe3Dv?(R` zOI4f@MR{x|TI(_;>fYR7TM=1B1KY@AhyJOW11Xu{LUg9t{>ju9)p8UKFInIovxU#p z8h9=}BOx(gQiK08IpqmrttsOz%{p68P(NGu$SK(UZ0eit*DgYi%M#FZ_bImZ>Qs*eVdtE@aVHBtY zg%Tj}Hoa#zekyDa$|NXzEmY_THmj?WufwWo`1^z;KZrM@OF($z)eaW;?PM~Q_aO?Q zE>7VI>uPuJZkIgR5*x;^a328DM`t=rc3u8sb*bTS5y_+vMf@%S&%ZmT^PH}!+TWeF zI*C3#SP1Vh@u)OF9NVRcTJA`-6!)x&1e1P|?%5nH7c``hsgUI!&hERg5x(-+?8YRe zC?epg<-ITC3|2e?PrVR7oK_Ak9ig}aY~eDbD~#>Ut?}MYdl?6R@G8$8d4V+>Q)nw_ zFdQiq&~L?{9|>D)ftyM?@c(g@tki)0xVdpoXsT=1?#0yX+%OeFZOZ?os=(eT?*&6T zHr4VYE~rOKOOJM;7u0~g3DwpUOh@7WUJ=EFV&0Ltilln!M)|pl6UN0Cb!EdW!M((G zt#C&CqvS$G6O!4p4$|3uB#Yz9sD?Edw0gV#>%z9eds&7>;SuwEGl`%-qgPyQPaU__ zEM)ss^Jm0AN%>gG$Oj-%Se4dU$p_5F2u}F(`t$z!7)bKZ-NPu9k3; z`_@g2&^buk?%_5h+4|!4N*+CN{_QHcOR#`k4^a6a!+aayf)VHa?Iu5oZdjauF1GBk zFqho3a7}SI$=DGiYy!Dez^Rij4RP}k7OkEw)^+;CZjHz~H352!!&S53aLYC76X{dInH`@xldx!`k|U4|K(G4sZyEY-K02HBsD z-OQKfsXRKEs21MPg>8`}Cr#pS7_Y648k~h4P!hF3nap5L6}s@_W2Vhw#;Y9kkwPc| zuz4G^hFy-m01C1_Q1|f+2vF_Msy9{{n zqI1Q1X?FTZE$o7hUdEF=%#8F;`zEg*=!yt*9-v3F%@6sr+-}hR11*yu$E4p_lxt#s zMsyr$PAFzn%Z9+MzJrPzf=fg33)A%rfw%^o^kVaqE8jcwHz(Gs#hQD>8)Id*=Z~3w zc|C~Fza%C^*OGrE6f54gpaGF=zRQA|{c>Fye;;mWG^Rr@@#ZT@SW@w&?#n?{q^IZl zmeR5AgY$$t8ckh75>Tz#!>x4-;-%8VBqu&AwoqCm{eH2o7*B; zezz42Uh(~0C5u^>6#p#Ci~Hvvie)6>?L-xVQA1S(BIqIxhr|yr%N2zl*F0nv4%L*zI<6q0bZs^RLIT zV?)+nWyYa7AoA8-U$>7Lnp|eM2Ta3As+!^X1ZjMrxDPnmdpcH0w~K?9r>pnA@2xK+ zXiALH0xw!TCsQ-FD*P zP#?i7mE#U7pGu=Oom}ZC5(lVCk2~Xsn>CO9GIWb3;U}G!=jL*dqxS`SEAQKSB3g@` z^Y~Uuar@E1uS%V(?S?a51WK-F@@BhvxY>Z6_O}C(r{)ynYqeiODNa8i_s(SZinPw% zvQlWUOtW$)hv1a4=f_&hBTi>($}z?n(>|& z4y5msw z_IIg6hbd5Jc3)f2-nss>Qby`&3X=KMVKMnU5>BJF?rrYGJF<9!`G3|FeoY&!?~nH& zJ#+nCZyJyF5G*l?TQMDRQ8i-gHK>r6I}S)h2w>q{=4Vlu>x0lW6oM%y%B4-r^ao;M#?V8lDk&%e;1Y$qEBfF1ZlC7Z{HNa5@Y4G^n zCqlI&3G4ir<}>ry7{>sJOTz!gC2V)|*kgk>U|#}X_(k)Krhwg@1nnx)h$=u_G*{to z!y_vc=k>ae#Q45do#1=je1eIW_~jToA{q`+ar)jc<^BS6aFHL~a6%x{bpFoBdb0|c zh<2vIB@swdz`%@Yr#jn(R`0rxe^vvJ{|yYyY+g7PLroUg@0FJH1Uy?mbbfP4d-cnR z=N2EoEL5Xn^(^tc$fZ3A+`JUWx^;jo^D-ZvG$Wm%1id-`itJ+}lY9wB|!vI!*^D<-*mD&vWL0-&J{^WNSK6)`vDac2>Ky7QO9g z5yW6l*Y9(v2z1_V(Z}CxQo!q#*Mtd(?F?C1n1aEnG*PNOqTnap6v3hlT^${H8xZ^E zQg)@85j7_bzYm&{B@fm|hHO#4N;EzV-||2Z7Wg{aq%1BCRMhQnFIVYSFj-#u8X9es zuxqJ3nwhJ<&u8uy%sqRC&=FDNB5jMR?D42~Adfjr?u3@o%>+xxg{jAT%ukntar=Zn z1NjE5Dd6`#)6<|ll!RU$jGaM?Ue2(n`gR7r9Iz+ejX~jA*;uriN#aWk)r1RR_y#a9f=vlMc80#_cgI=G@g+C4Za~q~L zuX~BWb|Kl5t@5aFo^Q+JQA-)ZD*@#mUvSFwe-u6(QfuMuy`o}z_&u4)-JtZvSWXVL zzl-&1wN$|jPA}jE21=s)Cn_$_@=^i~0C_7E*FVOH`313svqoe=SLk;$PltP-N+gjY z0VEwLk_H=>N!iRW310t|qj2b(nEBf=$2Mnh|82UgHOP6|5GFzvH7BnTXPax+Y&={j zT?HR!Dpcu}G44# zGs5dNuZlKx`P+b(Su2?bOkn@VV>De}{MdWWMzy?Hp$7+=a*IG@{cKphIbibM#;(K8 z4|p(IC(v=o)YTlWI~cxFSh^9eP2x9eKy8jxr%fkc!?yG2Ju^Vl0tWCGT{R5pmVFo}dwBj{GX5f_i-xAA zu|WUT7AXE=2&VfO^q-Hw>eg0#WF(e|K<79U`b;%2I2dxOG!X){#mc>}=}#7+_fOF1Jpi-hK~JD~xNE3%+<=jQ zV5Qnh_mfprB)u`EevlueH!;Iwo+(-8mh}y1iJSr zRsa{XLY=ERrD8D75ClaSw?qq{L6HkX-iJnM1?p<*2DacLs zCvF(7|9hjn=P$Dxu{Q;ASUmhmRkViXE86b-%>_hs?lFo3zBi?+jG*`lOv^C zqSEjQ!MVv!I!5R0MyG5l*F3qs7kTS3z$uz?Va2Cmr6GSP8cKsn7+9S%XrFkdHE04n zDJq~T5QRZ;z%}+K+QY+}T3S{xIIzxiUq+Uw3~_Y?T=Pu}`VI~YLzd!2wDVtC2A1ok z-@ox1G5shFN}jwNAk_v2tOAg;9mW(hFP>8qFT|4lW9Fj-DIh7JYKJ~G)^|hG@ihf zABhGWT8CDjHJ@=H&Hw|hkA~~%L+sg~)*~wssDwh~odKTQcLTZ{j$p=oJ(fEPtgm!* z6^z4DQ5Ibe|3%l4A>x1)mqag76j_1+{~8UZcWi!i$kRJYSX7VXt*CWik`_@Hg`=Fh z4}`W&AH;W5U0k84N#9J&vg14_C)-@VN3y^Y8}gVT$l>Jt?^GBFaE^b-2n|7Iv+|6sZP6WU1uwr10AY9s9RdwUPlp-|3nM6rHsa0Nrt? z{y{b0))^breuw4Zv|8JOuC*HBmmlBR0_?>#)}y;kH197Q9MnYfDf}kvY#^EY>)=sj zHd-*3s##+v-Q7z;?y7FG_TCjp&kcB3$)9`30suZ5n3)5Ni6RKq*t0+BU9Y65ghKS8HXZ z=0B5XO}!A=k_spQP1uRVbU4jry(D7t?Yv+21-w+lbh@Z6-H^PY>YL2Ye;)5M1S_4!{FKhRe#^LM`9bkX8&E--Y;-PEZjwqwjMrHj&OsjBF! z`Hof>8egDOg;8+FLI%~wA-DbgGsdRSdMY!=`#KqU-TCXQw%rZ)FZ3JeOWA+|KGQv8 zqvY7~uj&@{x=cQUnt;C*6S@E5-rnwHnW_3M(#vY;kdsiBi&Os|z>sHScaAncESP$j z{de&hAi>v*nhw~1!r9|tg3P?N3fLtr&7KRj-h|`woTYX=wHTdJ#AOV+wO5GU}cZ~rJ-45?2)(vvtmHI>KQ1sP>2A5fZsQEk|_$%3I67+{z z62@JABM=3n97GVe-fjG8CLhL5Q)3XQq@82xQ-;a1!+gH9(tspxg}<1Cb9fF4q!One z%s=jtv5XPv4({lE5@^~()Uk~I`(;`5e@83>H73eM-z1}bTA#Gi}PlPJf}~nat#}x zX86z4df4l@Y;yKY1D==s&~rZ^OgCB)!^NZ@%;n(4ULYB_5Ua;#%w3EcH?ui73=Z~O zXA)a_6V&25L;q2oi}W99Ri{__U^c`;NjlDDgBtK@M&LelZf$-NkDKyioE7Wq3LeBH z=XEmjr+gi&hC55K-v;1d!jU-&*E5~PZU}2J@}^np5i+Fz`>e*)G!tOvcCd3$jMXw9 zZ#v)Oe{n!RqzF-en604Emlx=iqYe7r+Ik%+3S^@btr)Hjn2Q`|8eiAT=g0^q9OTF0 zNDi=+VA4)g!Y{O_>YaApuE{-EN~LOeIj@>^NDc_e^|Td7^)>A9Jj4Ye35g)C)b_mx zNx9{Ju%`&gpD8sx+L+e+r4V0=68PB4NhghoMwcWTomB5k=`rFh=-j3qhe7rmF zAo~84ex1)z=xB2cFTAy#N>+zDGF*BsrpgLx_-KEH6Y2j{4A-}{pcwn(E6#{096a*! zUvecy#~CmUE8d-y#9PHCjSc%K#~tRECqHcWQ6mJ`pypyg6&4Jhy?}D1KyZx!KUBWG z>{g!I>v@?O@R3z%>6;A0UdZtxSLfhe{u&|3?g4>MH7L!W{7l_}%)9kfl4MMZzdm=BcjPX)-A#xE9M2Ll`l3UBZiV8v)d?fvk)GvyK{NmI zF;oa}@nGZxVrgIFsG{>gK|%ZMz+%>T3LeuZOk15+%ZEx^Se0t4RrC)<8aU5(8}=>p zOjjRUG@f=m3~4~A1wBl{p;%KQs>l$S=r z3_HiFvET?uYk&&4Y%bhf%xH!j4NTeiU+Y7IYS*5kYU0ioMc!FoZLUzKsb2rmZ+(sC zbgh@YVbX_Pf@er%i|4}epy`b*85Umfa?%$3q!gOapjlg0?;)g?9IWrBOVm2B5;;T% zW_2rhd+bp*6MAo~!TLG#^Yj&w^r~4l_r1?Q4BEsU#}B$6@^4%uQ#PqLXXD@f`R~~{ z@tWNf^m|EG0C1qb%Qyc?_Ew|SRw-!gk`+Q~9*|kC^WbK!fS>?U0@WSM$7f!>7y{RG zD-z0=L~q3{oW1n-m7{R|KyzE4s(R9S)~4PkZShqBp&M+#E|)GQAiBXEbD4syKLYy~ zPIi+=U06E(d53HNB)j;+aI4$T#6!Gl3?coq`wf7FJ@>|N;DB~Q-#^I4Hs7Jxgh z{iyS1R1N>L_#=fL^4VWA*CVS0Rk;O&S1VO|A2tOXm%~0LLZ9H4(rD4H`D>yb)uXpS zID529Ei_9>9FI66sz*8~{)FbGr;9?}R)!nq+pI~whkSI>j--dlhI)pNr2k{e_AggZ zj{>vMF#~J^+-aC$i2Jwi0swe;Fm*W0F#6ZtuKZoL9FAM?=oKKc!%Z1KGv7VB>5I{d zfyuC%#Q`dcIB=_E1Q1ej5F(qr*xVP|5>K|KTsSb#J#`qxF57FnB(}A+otZD525^B^ zVdwU4$+5|&{0?9`$j8?ZR#%1f>L<>KE#uK4)-4OpMzgy)WNW*KD zSaj-(MdOC<)ns9w;r4uv%-xydwm4#FrzhRndU|Z)hE{(Tu6VpO0by(q!;Za%6y!cL zjusk;-``(`(PQ3+AIg!x!X7i*JD}&{!i&MRLVaf}?E6*mMyF_P;<1Jd?%Ewa*9w^@ zwsghk^H8CB%p4^C-Ics^<#9>ba^zR69QvYQmqps2PM7GNPvXJ+$sty)LQxye)T&dz zIekA>Zx6E8RxpDEN|b+HW#~tJd%f}3Qm~mxlTjQF=%_f49MAd;FJ+oo=|z>-9zJWG znK6Uf1w9O*d+qQm=_Z17#+=q>f^KwVEa}<8^Cu^MtU`y5M@@N8u7^l#r%CBS(AS1A z5M1&~)7l~8=vv{56!y~5!$i43lccADueOZ-WjyAa8b@-Fe6s5}20SoUfHJ^$z(rvn zfV)A~gzj@-^GI+xdwc8in_GFuk|@0n-SM1sQnn9wSG>GY;hq{di}2)1+*lHQlHI4+ z0ZMHyWiZIBmAN4#=<=9(CK&V1%~5emp7whS&9}aM5s{)D&sNr)Qv2vOjRElJ;zp87hXZaTdgcrrmKJ|acJIU;;dg7tC|DX=5Pc#^uT+ zpMIO&^{7hF_wlJ~KAcaMyD86{bphJ={mg7w1ZAaUl2E&BvLRtP8^?BKq{#?!CU$5` zG+IAswJvHON)zq&{*De07R|$bE9$@&rj>I#HO7hJg`EiaSL`@Exwm6Mv$3Gp>2CX> zB0kJE+m5$ZCYi}M`8bEfQzcxZil=eW3|y?mL3WvpPaevOCvp7_Ar;+CV$NrJ+W2cX zslU)Ux2Ema!+9=G|Hkt5_4_ZSu-2Q$&XvgwC9?4grNqmL_2@%<$YsoBVy`SDlZqlc z1n43mt+DopYSxab2W)~^GfS#Q^kgL0Nh}}aG~R9Xu^xyKrnyTs3uIs?5*6WZkGtg& zbP1s%cQ$5EtUo9pXKpBSuyrMUwIlTst8kO~kg0fevGkShLH;I%O!Ze9<=}X#-a!`j zqawMX%YyhgS;;~z%jClVDL^fy+aGLL))^&9Bq~MPbhT*mNt*BC>H7Ust|B|lDq!^|Su23U zcAo6Dd8B2Z^P8=G#p$_T^}ZXmrI^$x)6QGC4heh|>$Kugq_SMAwU&$-q_ynnzPqqu zwOIFs$;ZuSDbBkp`}cSUKr#dTxf>x&v1p&)SG1R3NJ0KC-M9e(o$X9&GAk+@vDo)i zWD?A0Hy%VN?G{D8lm7K2mp<>+YoZq}_q@%cqaePewMIpri3$vD#suW!vGj-W^4tj{ z5XuuVevda~VQj=``G>)J)JYwJTOmIPA(cM440EG*T2Z5_WeK<`$dxFMGFRT`4suuK-EkRXr8@~o0lwy)%wF*tB;hTX2u`=+!1m1LWp9n4YS@XyK*c0&l>OFDMxkuBGNw zw7==Y8OJ;LqvfV-tQj-o@C^y=N*IVE^8CE{BIQd(oAJHqKIf^82*`I;CeR5a@|!)I z1^-$?c1g^49;`Z-(n_rhXKF`S;g{MW*0XHlk4%a7!D0#Piu?IVY`N(oV{!6|IGHU2 zsDtCoN8Xq8HBh4fP0=_}RickQaG?cBUV5pB5ihx-_rlyi`=2|+oL>8zBGjMJXeIn! ze6S;8t25EyZigQE{lSt+6-VG#nT?&lj*UU>u1Waf9HbTGaH`J zM3ntDCI(@nj;A4X#C~dDa}01Lz?a@ju^7AWOPrL!S1{0A%N{j;Al?KKp^TIbiwQ zUBBCRzosaCBx<9i?K@rl_+lQLJv`54^nm^)zJI~aeTj~~J4c)cf5OvG?Lf6+=`)iC zDuTkQ#L*8VsGKKx=i(})4Mov5By(E>j-(#b3+rbSmR~EQi6tdmpA|3cDsQyhwL=TX z(S;JPCX04@nc*=@Qs1!8&oecjUVP(i-BRe5!0jb`{rzR09I3_lt#y2d)T;%#N9Vy< zGJcAVbr+;2keAV4j9M%FKI9yP+YKIl_!OGHDr7p)Vt4bu-^^?yd9u$nohZq!p~AJ0 z;w0-2$s+AiAdKOwaAENJz?F3LPpJ>8}V!swk&sW<9sAcEAQ#@@gCK1 zuA2o_9TtXLV!N6zt62ctpuEpkD2sA^ot*0tP`|FrFEsG#ul15^ z1w?0yG8XcuJ>w_t&M;=Lf#jcvPZv@L_XX2E`T}RkH|%XRUe8I-e^k4Y@u3U?WG3Ju4@FKE|Jv z^?XD^I$~a1{j3s?T1y~$w<$&Iq(j!WGq#iyt7s+nQOFl;PEAwuP+gKsB#U?^@e|tC zQi?^KmAtSLRZH$X?@qf%9re5kt}aATG4=A#928F9us83%U3x-iL$O8nH!*s#+~UzP<6~dfto3+FSnO-@@#saE*QdF<4y|Gle=i;KDk+vGt=e!T z=>Y77+8>Yew5{3Lgji5%NKM5Kg+gbp(iJx3j8{_39aXW7HV|F#FnM!mlQBumUFC-|GV06#YRH)#a_ fzhzeZch178eTiYWYbMif0YhC`N2%(mP2~Rqh literal 0 HcmV?d00001 diff --git a/docs/versioned_docs/version-2.17/_media/tcb.svg b/docs/versioned_docs/version-2.17/_media/tcb.svg new file mode 100644 index 000000000..e5bcb5b95 --- /dev/null +++ b/docs/versioned_docs/version-2.17/_media/tcb.svg @@ -0,0 +1,535 @@ + + diff --git a/docs/versioned_docs/version-2.17/architecture/attestation.md b/docs/versioned_docs/version-2.17/architecture/attestation.md new file mode 100644 index 000000000..bc7ada851 --- /dev/null +++ b/docs/versioned_docs/version-2.17/architecture/attestation.md @@ -0,0 +1,391 @@ +# Attestation + +This page explains Constellation's attestation process and highlights the cornerstones of its trust model. + +## Terms + +The following lists terms and concepts that help to understand the attestation concept of Constellation. + +### Trusted Platform Module (TPM) + +A TPM chip is a dedicated tamper-resistant crypto-processor. +It can securely store artifacts such as passwords, certificates, encryption keys, or *runtime measurements* (more on this below). +When a TPM is implemented in software, it's typically called a *virtual* TPM (vTPM). + +### Runtime measurement + +A runtime measurement is a cryptographic hash of the memory pages of a so called *runtime component*. Runtime components of interest typically include a system's bootloader or OS kernel. + +### Platform Configuration Register (PCR) + +A Platform Configuration Register (PCR) is a memory location in the TPM that has some unique properties. +To store a new value in a PCR, the existing value is extended with a new value as follows: + +``` +PCR[N] = HASHalg( PCR[N] || ArgumentOfExtend ) +``` + +The PCRs are typically used to store runtime measurements. +The new value of a PCR is always an extension of the existing value. +Thus, storing the measurements of multiple components into the same PCR irreversibly links them together. + +### Measured boot + +Measured boot builds on the concept of chained runtime measurements. +Each component in the boot chain loads and measures the next component into the PCR before executing it. +By comparing the resulting PCR values against trusted reference values, the integrity of the entire boot chain and thereby the running system can be ensured. + +### Remote attestation (RA) + +Remote attestation is the process of verifying certain properties of an application or platform, such as integrity and confidentiality, from a remote location. +In the case of a measured boot, the goal is to obtain a signed attestation statement on the PCR values of the boot measurements. +The statement can then be verified and compared to a set of trusted reference values. +This way, the integrity of the platform can be ensured before sharing secrets with it. + +### Confidential virtual machine (CVM) + +Confidential computing (CC) is the protection of data in-use with hardware-based trusted execution environments (TEEs). +With CVMs, TEEs encapsulate entire virtual machines and isolate them against the hypervisor, other VMs, and direct memory access. +After loading the initial VM image into encrypted memory, the hypervisor calls for a secure processor to measure these initial memory pages. +The secure processor locks these pages and generates an attestation report on the initial page measurements. +CVM memory pages are encrypted with a key that resides inside the secure processor, which makes sure only the guest VM can access them. +The attestation report is signed by the secure processor and can be verified using remote attestation via the certificate authority of the hardware vendor. +Such an attestation statement guarantees the confidentiality and integrity of a CVM. + +### Attested TLS (aTLS) + +In a CC environment, attested TLS (aTLS) can be used to establish secure connections between two parties using the remote attestation features of the CC components. + +aTLS modifies the TLS handshake by embedding an attestation statement into the TLS certificate. +Instead of relying on a certificate authority, aTLS uses this attestation statement to establish trust in the certificate. + +The protocol can be used by clients to verify a server certificate, by a server to verify a client certificate, or for mutual verification (mutual aTLS). + +## Overview + +The challenge for Constellation is to lift a CVM's attestation statement to the Kubernetes software layer and make it end-to-end verifiable. +From there, Constellation needs to expand the attestation from a single CVM to the entire cluster. + +The [*JoinService*](microservices.md#joinservice) and [*VerificationService*](microservices.md#verificationservice) are where all runs together. +Internally, the *JoinService* uses remote attestation to securely join CVM nodes to the cluster. +Externally, the *VerificationService* provides an attestation statement for the cluster's CVMs and configuration. + +The following explains the details of both steps. + +## Node attestation + +The idea is that Constellation nodes should have verifiable integrity from the CVM hardware measurement up to the Kubernetes software layer. +The solution is a verifiable boot chain and an integrity-protected runtime environment. + +Constellation uses measured boot within CVMs, measuring each component in the boot process before executing it. +Outside of CC, this is usually implemented via TPMs. +CVM technologies differ in how they implement runtime measurements, but the general concepts are similar to those of a TPM. +For simplicity, TPM terminology like *PCR* is used in the following. + +When a Constellation node image boots inside a CVM, measured boot is used for all stages and components of the boot chain. +This process goes up to the root filesystem. +The root filesystem is mounted read-only with integrity protection. +For the details on the image and boot stages see the [image architecture](../architecture/images.md) documentation. +Any changes to the image will inevitably also change the corresponding PCR values. +To create a node attestation statement, the Constellation image obtains a CVM attestation statement from the hardware. +This includes the runtime measurements and thereby binds the measured boot results to the CVM hardware measurement. + +In addition to the image measurements, Constellation extends a PCR during the [initialization phase](../workflows/create.md) that irrevocably marks the node as initialized. +The measurement is created using the [*clusterID*](../architecture/keys.md#cluster-identity), tying all future attestation statements to this ID. +Thereby, an attestation statement is unique for every cluster and a node can be identified unambiguously as being initialized. + +To verify an attestation, the hardware's signature and a statement are verified first to establish trust in the contained runtime measurements. +If successful, the measurements are verified against the trusted values of the particular Constellation release version. +Finally, the measurement of the *clusterID* can be compared by calculating it with the [master secret](keys.md#master-secret). + +### Runtime measurements + +Constellation uses runtime measurements to implement the measured boot approach. +As stated above, the underlying hardware technology and guest firmware differ in their implementations of runtime measurements. +The following gives a detailed description of the available measurements in the different cloud environments. + +The runtime measurements consist of two types of values: + +* **Measurements produced by the cloud infrastructure and firmware of the CVM**: +These are measurements of closed-source firmware and other values controlled by the cloud provider. +While not being reproducible for the user, some of them can be compared against previously observed values. +Others may change frequently and aren't suitable for verification. +The [signed image measurements](#chain-of-trust) include measurements that are known, previously observed values. + +* **Measurements produced by the Constellation bootloader and boot chain**: +The Constellation Bootloader takes over from the CVM firmware and [measures the rest of the boot chain](images.md). +The Constellation [Bootstrapper](microservices.md#bootstrapper) is the first user mode component that runs in a Constellation image. +It extends PCR registers with the [IDs](keys.md#cluster-identity) of the cluster marking a node as initialized. + +Constellation allows to specify in the config which measurements should be enforced during the attestation process. +Enforcing non-reproducible measurements controlled by the cloud provider means that changes in these values require manual updates to the cluster's config. +By default, Constellation only enforces measurements that are stable values produced by the infrastructure or by Constellation directly. + + + + +Constellation uses the [vTPM](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) (NitroTPM) feature of the [AWS Nitro System](http://aws.amazon.com/ec2/nitro/) on AWS for runtime measurements. + +The vTPM adheres to the [TPM 2.0](https://trustedcomputinggroup.org/resource/tpm-library-specification/) specification. +The VMs are attested by obtaining signed PCR values over the VM's boot configuration from the TPM and comparing them to a known, good state (measured boot). + +The following table lists all PCR values of the vTPM and the measured components. +It also lists what components of the boot chain did the measurements and if the value is reproducible and verifiable. +The latter means that the value can be generated offline and compared to the one in the vTPM. + +| PCR | Components | Measured by | Reproducible and verifiable | +| ----------- | ---------------------------------------------------------------- | -------------------------------------- | --------------------------- | +| 0 | Firmware | AWS | No | +| 1 | Firmware | AWS | No | +| 2 | Firmware | AWS | No | +| 3 | Firmware | AWS | No | +| 4 | Constellation Bootloader, Kernel, initramfs, Kernel command line | AWS, Constellation Bootloader | Yes | +| 5 | Firmware | AWS | No | +| 6 | Firmware | AWS | No | +| 7 | Secure Boot Policy | AWS, Constellation Bootloader | No | +| 8 | - | - | - | +| 9 | initramfs, Kernel command line | Linux Kernel | Yes | +| 10 | User space | Linux IMA | No[^1] | +| 11 | Unified Kernel Image components | Constellation Bootloader | Yes | +| 12 | Reserved | (User space, Constellation Bootloader) | Yes | +| 13 | Reserved | (Constellation Bootloader) | Yes | +| 14 | Secure Boot State | Constellation Bootloader | No | +| 15 | ClusterID | Constellation Bootstrapper | Yes | +| 16–23 | Unused | - | - | + + + + +Constellation uses the [vTPM](https://docs.microsoft.com/en-us/azure/virtual-machines/trusted-launch#vtpm) feature of Azure CVMs for runtime measurements. +This vTPM adheres to the [TPM 2.0](https://trustedcomputinggroup.org/resource/tpm-library-specification/) specification. +It provides a [measured boot](https://docs.microsoft.com/en-us/azure/security/fundamentals/measured-boot-host-attestation#measured-boot) verification that's based on the trusted launch feature of [Trusted Launch VMs](https://docs.microsoft.com/en-us/azure/virtual-machines/trusted-launch). + +The following table lists all PCR values of the vTPM and the measured components. +It also lists what components of the boot chain did the measurements and if the value is reproducible and verifiable. +The latter means that the value can be generated offline and compared to the one in the vTPM. + +| PCR | Components | Measured by | Reproducible and verifiable | +| ----------- | ---------------------------------------------------------------- | -------------------------------------- | --------------------------- | +| 0 | Firmware | Azure | No | +| 1 | Firmware | Azure | No | +| 2 | Firmware | Azure | No | +| 3 | Firmware | Azure | No | +| 4 | Constellation Bootloader, Kernel, initramfs, Kernel command line | Azure, Constellation Bootloader | Yes | +| 5 | Reserved | Azure | No | +| 6 | VM Unique ID | Azure | No | +| 7 | Secure Boot State | Azure, Constellation Bootloader | No | +| 8 | - | - | - | +| 9 | initramfs, Kernel command line | Linux Kernel | Yes | +| 10 | User space | Linux IMA | No[^1] | +| 11 | Unified Kernel Image components | Constellation Bootloader | Yes | +| 12 | Reserved | (User space, Constellation Bootloader) | Yes | +| 13 | Reserved | (Constellation Bootloader) | Yes | +| 14 | Secure Boot State | Constellation Bootloader | No | +| 15 | ClusterID | Constellation Bootstrapper | Yes | +| 16–23 | Unused | - | - | + + + + +Constellation uses the [vTPM](https://cloud.google.com/compute/confidential-vm/docs/about-cvm) feature of CVMs on GCP for runtime measurements. +Note that this vTPM doesn't run inside the hardware-protected CVM context, but is emulated by the hypervisor. + +The vTPM adheres to the [TPM 2.0](https://trustedcomputinggroup.org/resource/tpm-library-specification/) specification. +It provides a [launch attestation report](https://cloud.google.com/compute/confidential-vm/docs/monitoring#about_launch_attestation_report_events) that's based on the measured boot feature of [Shielded VMs](https://cloud.google.com/compute/shielded-vm/docs/shielded-vm#measured-boot). + +The following table lists all PCR values of the vTPM and the measured components. +It also lists what components of the boot chain did the measurements and if the value is reproducible and verifiable. +The latter means that the value can be generated offline and compared to the one in the vTPM. + +| PCR | Components | Measured by | Reproducible and verifiable | +| ----------- | ---------------------------------------------------------------- | -------------------------------------- | --------------------------- | +| 0 | CVM version and technology | GCP | No | +| 1 | Firmware | GCP | No | +| 2 | Firmware | GCP | No | +| 3 | Firmware | GCP | No | +| 4 | Constellation Bootloader, Kernel, initramfs, Kernel command line | GCP, Constellation Bootloader | Yes | +| 5 | Disk GUID partition table | GCP | No | +| 6 | Disk GUID partition table | GCP | No | +| 7 | GCP Secure Boot Policy | GCP, Constellation Bootloader | No | +| 8 | - | - | - | +| 9 | initramfs, Kernel command line | Linux Kernel | Yes | +| 10 | User space | Linux IMA | No[^1] | +| 11 | Unified Kernel Image components | Constellation Bootloader | Yes | +| 12 | Reserved | (User space, Constellation Bootloader) | Yes | +| 13 | Reserved | (Constellation Bootloader) | Yes | +| 14 | Secure Boot State | Constellation Bootloader | No | +| 15 | ClusterID | Constellation Bootstrapper | Yes | +| 16–23 | Unused | - | - | + + + + +Constellation uses a hypervisor-based vTPM for runtime measurements. + +The vTPM adheres to the [TPM 2.0](https://trustedcomputinggroup.org/resource/tpm-library-specification/) specification. +The VMs are attested by obtaining signed PCR values over the VM's boot configuration from the TPM and comparing them to a known, good state (measured boot). + +The following table lists all PCR values of the vTPM and the measured components. +It also lists what components of the boot chain did the measurements and if the value is reproducible and verifiable. +The latter means that the value can be generated offline and compared to the one in the vTPM. + +| PCR | Components | Measured by | Reproducible and verifiable | +| ----------- | ---------------------------------------------------------------- | -------------------------------------- | --------------------------- | +| 0 | Firmware | STACKIT | No | +| 1 | Firmware | STACKIT | No | +| 2 | Firmware | STACKIT | No | +| 3 | Firmware | STACKIT | No | +| 4 | Constellation Bootloader, Kernel, initramfs, Kernel command line | STACKIT, Constellation Bootloader | Yes | +| 5 | Firmware | STACKIT | No | +| 6 | Firmware | STACKIT | No | +| 7 | Secure Boot Policy | STACKIT, Constellation Bootloader | No | +| 8 | - | - | - | +| 9 | initramfs, Kernel command line | Linux Kernel | Yes | +| 10 | User space | Linux IMA | No[^1] | +| 11 | Unified Kernel Image components | Constellation Bootloader | Yes | +| 12 | Reserved | (User space, Constellation Bootloader) | Yes | +| 13 | Reserved | (Constellation Bootloader) | Yes | +| 14 | Secure Boot State | Constellation Bootloader | No | +| 15 | ClusterID | Constellation Bootstrapper | Yes | +| 16–23 | Unused | - | - | + + + + +### CVM verification + +To verify the integrity of the received attestation statement, a chain of trust from the CVM technology to the interface providing the statement has to be established. +For verification of the CVM technology, Constellation may expose additional options in its config file. + + + + +On AWS, AMD SEV-SNP is used to provide runtime encryption to the VMs. +An SEV-SNP attestation report is used to establish trust in the VM. +You may customize certain parameters for verification of the attestation statement using the Constellation config file. + +* TCB versions + + You can set the minimum version numbers of components in the SEV-SNP TCB. + Use the latest versions to enforce that only machines with the most recent firmware updates are allowed to join the cluster. + Alternatively, you can set a lower minimum version to allow slightly out-of-date machines to still be able to join the cluster. + +* AMD Root Key Certificate + + This certificate is the root of trust for verifying the SEV-SNP certificate chain. + +* AMD Signing Key Certificate + + This is the intermediate certificate for verifying the SEV-SNP report's signature. + If it's not specified, the CLI fetches it from the AMD key distribution server. + + + + +On Azure, AMD SEV-SNP is used to provide runtime encryption to the VMs. +An SEV-SNP attestation report is used to establish trust in the vTPM running inside the VM. +You may customize certain parameters for verification of the attestation statement using the Constellation config file. + +* TCB versions + + You can set the minimum version numbers of components in the SEV-SNP TCB. + Use the latest versions to enforce that only machines with the most recent firmware updates are allowed to join the cluster. + Alternatively, you can set a lower minimum version to allow slightly out-of-date machines to still be able to join the cluster. + +* AMD Root Key Certificate + + This certificate is the root of trust for verifying the SEV-SNP certificate chain. + +* Firmware Signer + + This config option allows you to specify how the firmware signer should be verified. + More explicitly, it controls the verification of the `IDKeyDigest` value in the SEV-SNP attestation report. + You can provide a list of accepted key digests and specify a policy on how this list is compared against the reported `IDKeyDigest`. + + + + +On GCP, AMD SEV-ES is used to provide runtime encryption to the VMs. +The hypervisor-based vTPM is used to establish trust in the VM via [runtime measurements](#runtime-measurements). +There is no additional configuration available for GCP. + + + + +On STACKIT, AMD SEV-ES is used to provide runtime encryption to the VMs. +The hypervisor-based vTPM is used to establish trust in the VM via [runtime measurements](#runtime-measurements). +There is no additional configuration available for STACKIT. + + + + +## Cluster attestation + +Cluster-facing, Constellation's [*JoinService*](microservices.md#joinservice) verifies each node joining the cluster given the configured ground truth runtime measurements. +User-facing, the [*VerificationService*](microservices.md#verificationservice) provides an interface to verify a node using remote attestation. +By verifying the first node during the [initialization](microservices.md#bootstrapper) and configuring the ground truth measurements that are subsequently enforced by the *JoinService*, the whole cluster is verified in a transitive way. + +### Cluster-facing attestation + +The *JoinService* is provided with the runtime measurements of the whitelisted Constellation image version as the ground truth. +During the initialization and the cluster bootstrapping, each node connects to the *JoinService* using [aTLS](#attested-tls-atls). +During the handshake, the node transmits an attestation statement including its runtime measurements. +The *JoinService* verifies that statement and compares the measurements against the ground truth. +For details of the initialization process check the [microservice descriptions](microservices.md). + +After the initialization, every node updates its runtime measurements with the *clusterID* value, marking it irreversibly as initialized. +When an initialized node tries to join another cluster, its measurements inevitably mismatch the measurements of an uninitialized node and it will be declined. + +### User-facing attestation + +The [*VerificationService*](microservices.md#verificationservice) provides an endpoint for obtaining its hardware-based remote attestation statement, which includes the runtime measurements. +A user can [verify](../workflows/verify-cluster.md) this statement and compare the measurements against the configured ground truth and, thus, verify the identity and integrity of all Constellation components and the cluster configuration. Subsequently, the user knows that the entire cluster is in the expected state and is trustworthy. + +## Putting it all together +This section puts the aforementioned concepts together and illustrate how trust into a Constellation cluster is established and maintained. + +### CLI and node images + +It all starts with the CLI executable. The CLI is signed by Edgeless Systems. To ensure non-repudiability for CLI releases, Edgeless Systems publishes corresponding signatures to the public ledger of the [sigstore project](https://www.sigstore.dev/). There's a [step-by-step guide](../workflows/verify-cli.md) on how to verify CLI signatures based on sigstore. + +The CLI contains the latest runtime measurements of the Constellation node image for all supported cloud platforms. In case a different version of the node image is to be used, the corresponding runtime measurements can be fetched using the CLI's [fetch-measurements command](../reference/cli.md#constellation-config-fetch-measurements). This command downloads the runtime measurements and the corresponding signature from cdn.confidential.cloud. See for example the following files corresponding to node image v2.16.3: +* [Measurements](https://cdn.confidential.cloud/constellation/v2/ref/-/stream/stable/v2.16.3/image/measurements.json) +* [Signature](https://cdn.confidential.cloud/constellation/v2/ref/-/stream/stable/v2.16.3/image/measurements.json.sig) + +The CLI contains the long-term public key of Edgeless Systems to verify the signature of downloaded runtime measurements. + +### Cluster creation + +When a cluster is [created](../workflows/create.md), the CLI automatically verifies the runtime measurements of the *first node* using remote attestation. Based on this, the CLI and the first node set up a temporary TLS connection. This [aTLS](#attested-tls-atls) connection is used for two things: +1. The CLI sends the [master secret](../architecture/keys.md#master-secret) of the to-be-created cluster to the CLI. The master secret is generated by the first node. +2. The first node sends a [kubeconfig file](https://www.redhat.com/sysadmin/kubeconfig) with Kubernetes credentials to the CLI. + +After this, the aTLS connection is closed and the first node bootstraps the Kubernetes cluster. All subsequent interactions between the CLI and the cluster go via the [Kubernetes API](https://kubernetes.io/docs/concepts/overview/kubernetes-api/) server running inside the cluster. The CLI (and other tools like kubectl) use the credentials referenced by the kubeconfig file to authenticate themselves towards the Kubernetes API server and to establish a mTLS connection. + +The CLI connects to the Kubernetes API to write the runtime measurements for the applicable node image to etcd. The JoinService uses these runtime measurements to verify all nodes that join the cluster subsequently. + +### Chain of trust + +In summary, there's a chain of trust based on cryptographic signatures that goes from the user to the cluster via the CLI. This is illustrated in the following diagram. + +```mermaid +flowchart LR + A[User]-- "verifies" -->B[CLI] + B[CLI]-- "verifies" -->C([Runtime measurements]) + D[Edgeless Systems]-- "signs" -->B[CLI] + D[Edgeless Systems]-- "signs" -->C([Runtime measurements]) + B[CLI]-- "verifies (remote attestation)" -->E[First node] + E[First node]-- "verifies (remote attestation)" -->F[Other nodes] + C([Runtime measurements]) -.-> E[First node] + C([Runtime measurements]) -.-> F[Other nodes] +``` + +### Upgrades + +Whenever a cluster is [upgraded](../workflows/upgrade.md) to a new version of the node image, the CLI sends the corresponding runtime measurements via the Kubernetes API server. The new runtime measurements are stored in etcd within the cluster and replace any previous runtime measurements. The new runtime measurements are then used automatically by the JoinService for the verification of new nodes. + +## References + +[^1]: Linux IMA produces runtime measurements of user-space binaries. +However, these measurements aren't deterministic and thus, PCR\[10] can't be compared to a constant value. +Instead, a policy engine must be used to verify the TPM event log against a policy. diff --git a/docs/versioned_docs/version-2.17/architecture/encrypted-storage.md b/docs/versioned_docs/version-2.17/architecture/encrypted-storage.md new file mode 100644 index 000000000..f047fa4a9 --- /dev/null +++ b/docs/versioned_docs/version-2.17/architecture/encrypted-storage.md @@ -0,0 +1,62 @@ +# Encrypted persistent storage + +Confidential VMs provide runtime memory encryption to protect data in use. +In the context of Kubernetes, this is sufficient for the confidentiality and integrity of stateless services. +Consider a front-end web server, for example, that keeps all connection information cached in main memory. +No sensitive data is ever written to an insecure medium. +However, many real-world applications need some form of state or data-lake service that's connected to a persistent storage device and requires encryption at rest. +As described in [Use persistent storage](../workflows/storage.md), cloud service providers (CSPs) use the container storage interface (CSI) to make their storage solutions available to Kubernetes workloads. +These CSI storage solutions often support some sort of encryption. +For example, Google Cloud [encrypts data at rest by default](https://cloud.google.com/security/encryption/default-encryption), without any action required by the customer. + +## Cloud provider-managed encryption + +CSP-managed storage solutions encrypt the data in the cloud backend before writing it physically to disk. +In the context of confidential computing and Constellation, the CSP and its managed services aren't trusted. +Hence, cloud provider-managed encryption protects your data from offline hardware access to physical storage devices. +It doesn't protect it from anyone with infrastructure-level access to the storage backend or a malicious insider in the cloud platform. +Even with "bring your own key" or similar concepts, the CSP performs the encryption process with access to the keys and plaintext data. + +In the security model of Constellation, securing persistent storage and thereby data at rest requires that all cryptographic operations are performed inside a trusted execution environment. +Consequently, using CSP-managed encryption of persistent storage usually isn't an option. + +## Constellation-managed encryption + +Constellation provides CSI drivers for storage solutions in all major clouds with built-in encryption support. +Block storage provisioned by the CSP is [mapped](https://guix.gnu.org/manual/en/html_node/Mapped-Devices.html) using the [dm-crypt](https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/dm-crypt.html), and optionally the [dm-integrity](https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/dm-integrity.html), kernel modules, before it's formatted and accessed by the Kubernetes workloads. +All cryptographic operations happen inside the trusted environment of the confidential Constellation node. + +Note that for integrity-protected disks, [volume expansion](https://kubernetes.io/blog/2018/07/12/resizing-persistent-volumes-using-kubernetes/) isn't supported. + +By default the driver uses data encryption keys (DEKs) issued by the Constellation [*KeyService*](microservices.md#keyservice). +The DEKs are in turn derived from the Constellation's key encryption key (KEK), which is directly derived from the [master secret](keys.md#master-secret). +This is the recommended mode of operation, and also requires the least amount of setup by the cluster administrator. + +Alternatively, the driver can be configured to use a key management system to store and access KEKs and DEKs. + +Refer to [keys and cryptography](keys.md) for more details on key management in Constellation. + +Once deployed and configured, the CSI driver ensures transparent encryption and integrity of all persistent volumes provisioned via its storage class. +Data at rest is secured without any additional actions required by the developer. + +## Cryptographic algorithms + +This section gives an overview of the libraries, cryptographic algorithms, and their configurations, used in Constellation's CSI drivers. + +### dm-crypt + +To interact with the dm-crypt kernel module, Constellation uses [libcryptsetup](https://gitlab.com/cryptsetup/cryptsetup/). +New devices are formatted as [LUKS2](https://gitlab.com/cryptsetup/LUKS2-docs/-/tree/master) partitions with a sector size of 4096 bytes. +The used key derivation function is [Argon2id](https://datatracker.ietf.org/doc/html/rfc9106) with the [recommended parameters for memory-constrained environments](https://datatracker.ietf.org/doc/html/rfc9106#section-7.4) of 3 iterations and 64 MiB of memory, utilizing 4 parallel threads. +For encryption Constellation uses AES in XTS-Plain64. The key size is 512 bit. + +### dm-integrity + +To interact with the dm-integrity kernel module, Constellation uses [libcryptsetup](https://gitlab.com/cryptsetup/cryptsetup/). +When enabled, the used data integrity algorithm is [HMAC](https://datatracker.ietf.org/doc/html/rfc2104) with SHA256 as the hash function. +The tag size is 32 Bytes. + +## Encrypted S3 object storage + +Constellation comes with a service that you can use to transparently retrofit client-side encryption to existing applications that use S3 (AWS or compatible) for storage. +To learn more, check out the [s3proxy documentation](../workflows/s3proxy.md). diff --git a/docs/versioned_docs/version-2.17/architecture/images.md b/docs/versioned_docs/version-2.17/architecture/images.md new file mode 100644 index 000000000..8a9c51d36 --- /dev/null +++ b/docs/versioned_docs/version-2.17/architecture/images.md @@ -0,0 +1,49 @@ +# Constellation images + +Constellation uses a minimal version of Fedora as the operating system running inside confidential VMs. This Linux distribution is optimized for containers and designed to be stateless. +The Constellation images provide measured boot and an immutable filesystem. + +## Measured boot + +```mermaid +flowchart LR + Firmware --> Bootloader + Bootloader --> uki + subgraph uki[Unified Kernel Image] + Kernel[Kernel] + initramfs[Initramfs] + cmdline[Kernel Command Line] + end + uki --> rootfs[Root Filesystem] +``` + +Measured boot uses a Trusted Platform Module (TPM) to measure every part of the boot process. This allows for verification of the integrity of a running system at any point in time. To ensure correct measurements of every stage, each stage is responsible to measure the next stage before transitioning. + +### Firmware + +With confidential VMs, the firmware is the root of trust and is measured automatically at boot. After initialization, the firmware will load and measure the bootloader before executing it. + +### Bootloader + +The bootloader is the first modifiable part of the boot chain. The bootloader is tasked with loading the kernel, initramfs and setting the kernel command line. The Constellation bootloader measures these components before starting the kernel. + +### initramfs + +The initramfs is a small filesystem loaded to prepare the actual root filesystem. The Constellation initramfs maps the block device containing the root filesystem with [dm-verity](https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/verity.html). The initramfs then mounts the root filesystem from the mapped block device. + +dm-verity provides integrity checking using a cryptographic hash tree. When a block is read, its integrity is checked by verifying the tree against a trusted root hash. The initramfs reads this root hash from the previously measured kernel command line. Thus, if any block of the root filesystem's device is modified on disk, trying to read the modified block will result in a kernel panic at runtime. + +After mounting the root filesystem, the initramfs will switch over and start the `init` process of the integrity-protected root filesystem. + +## State disk + +In addition to the read-only root filesystem, each Constellation node has a disk for storing state data. +This disk is mounted readable and writable by the initramfs and contains data that should persist across reboots. +Such data can contain sensitive information and, therefore, must be stored securely. +To that end, the state disk is protected by authenticated encryption. +See the section on [keys and encryption](keys.md#storage-encryption) for more information on the cryptographic primitives in use. + +## Kubernetes components + +During initialization, the [*Bootstrapper*](microservices.md#bootstrapper) downloads and verifies the [Kubernetes components](https://kubernetes.io/docs/concepts/overview/components/) as configured by the user. +They're stored on the state partition and can be updated once new releases need to be installed. diff --git a/docs/versioned_docs/version-2.17/architecture/keys.md b/docs/versioned_docs/version-2.17/architecture/keys.md new file mode 100644 index 000000000..553d9d4e2 --- /dev/null +++ b/docs/versioned_docs/version-2.17/architecture/keys.md @@ -0,0 +1,131 @@ +# Key management and cryptographic primitives + +Constellation protects and isolates your cluster and workloads. +To that end, cryptography is the foundation that ensures the confidentiality and integrity of all components. +Evaluating the security and compliance of Constellation requires a precise understanding of the cryptographic primitives and keys used. +The following gives an overview of the architecture and explains the technical details. + +## Confidential VMs + +Confidential VM (CVM) technology comes with hardware and software components for memory encryption, isolation, and remote attestation. +For details on the implementations and cryptographic soundness, refer to the hardware vendors' documentation and advisories. + +## Master secret + +The master secret is the cryptographic material used for deriving the [*clusterID*](#cluster-identity) and the *key encryption key (KEK)* for [storage encryption](#storage-encryption). +It's generated during the bootstrapping of a Constellation cluster. +It can either be managed by [Constellation](#constellation-managed-key-management) or an [external key management system](#user-managed-key-management). +In case of [recovery](#recovery-and-migration), the master secret allows to decrypt the state and recover a Constellation cluster. + +## Cluster identity + +The identity of a Constellation cluster is represented by cryptographic [measurements](attestation.md#runtime-measurements): + +The **base measurements** represent the identity of a valid, uninitialized Constellation node. +They depend on the node image, but are otherwise the same for every Constellation cluster. +On node boot, they're determined using the CVM's attestation mechanism and [measured boot up to the read-only root filesystem](images.md). + +The **clusterID** represents the identity of a single initialized Constellation cluster. +It's derived from the master secret and a cryptographically random salt and unique for every Constellation cluster. +The [Bootstrapper](microservices.md#bootstrapper) measures the *clusterID* into its own PCR before executing any code not measured as part of the *base measurements*. +See [Node attestation](attestation.md#node-attestation) for details. + +The remote attestation statement of a Constellation cluster combines the *base measurements* and the *clusterID* for a verifiable, unspoofable, unique identity. + +## Network encryption + +Constellation encrypts all cluster network communication using the [container network interface (CNI)](https://github.com/containernetworking/cni). +See [network encryption](networking.md) for more details. + +The Cilium agent running on each node establishes a secure [WireGuard](https://www.wireguard.com/) tunnel between it and all other known nodes in the cluster. +Each node creates its own [Curve25519](http://cr.yp.to/ecdh.html) encryption key pair and distributes its public key via Kubernetes. +A node uses another node's public key to decrypt and encrypt traffic from and to Cilium-managed endpoints running on that node. +Connections are always encrypted peer-to-peer using [ChaCha20](http://cr.yp.to/chacha.html) with [Poly1305](http://cr.yp.to/mac.html). +WireGuard implements [forward secrecy with key rotation every 2 minutes](https://lists.zx2c4.com/pipermail/wireguard/2017-December/002141.html). +Cilium supports [key rotation](https://docs.cilium.io/en/stable/security/network/encryption-ipsec/#key-rotation) for the long-term node keys via Kubernetes secrets. + +## Storage encryption + +Constellation supports transparent encryption of persistent storage. +The Linux kernel's device mapper-based encryption features are used to encrypt the data on the block storage level. +Currently, the following primitives are used for block storage encryption: + +* [dm-crypt](https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/dm-crypt.html) +* [dm-integrity](https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/dm-integrity.html) + +Adding primitives for integrity protection in the CVM attacker model are under active development and will be available in a future version of Constellation. +See [encrypted storage](encrypted-storage.md) for more details. + +As a cluster administrator, when creating a cluster, you can use the Constellation [installation program](orchestration.md) to select one of the following methods for key management: + +* Constellation-managed key management +* User-managed key management + +### Constellation-managed key management + +#### Key material and key derivation + +During the creation of a Constellation cluster, the cluster's master secret is used to derive a KEK. +This means creating two clusters with the same master secret will yield the same KEK. +Any data encryption key (DEK) is derived from the KEK via HKDF. +Note that the master secret is recommended to be unique for every cluster and shouldn't be reused (except in case of [recovering](../workflows/recovery.md) a cluster). + +#### State and storage + +The KEK is derived from the master secret during the initialization. +Subsequently, all other key material is derived from the KEK. +Given the same KEK, any DEK can be derived deterministically from a given identifier. +Hence, there is no need to store DEKs. They can be derived on demand. +After the KEK was derived, it's stored in memory only and never leaves the CVM context. + +#### Availability + +Constellation-managed key management has the same availability as the underlying Kubernetes cluster. +Therefore, the KEK is stored in the [distributed Kubernetes etcd storage](https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/) to allow for unexpected but non-fatal (control-plane) node failure. +The etcd storage is backed by the encrypted and integrity protected [state disk](images.md#state-disk) of the nodes. + +#### Recovery + +Constellation clusters can be recovered in the event of a disaster, even when all node machines have been stopped and need to be rebooted. +For details on the process see the [recovery workflow](../workflows/recovery.md). + +### User-managed key management + +User-managed key management is under active development and will be available soon. +In scenarios where constellation-managed key management isn't an option, this mode allows you to keep full control of your keys. +For example, compliance requirements may force you to keep your KEKs in an on-prem key management system (KMS). + +During the creation of a Constellation cluster, you specify a KEK present in a remote KMS. +This follows the common scheme of "bring your own key" (BYOK). +Constellation will support several KMSs for managing the storage and access of your KEK. +Initially, it will support the following KMSs: + +* [AWS KMS](https://aws.amazon.com/kms/) +* [GCP KMS](https://cloud.google.com/security-key-management) +* [Azure Key Vault](https://azure.microsoft.com/en-us/services/key-vault/#product-overview) +* [KMIP-compatible KMS](https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=kmip) + +Storing the keys in Cloud KMS of AWS, Azure, or GCP binds the key usage to the particular cloud identity access management (IAM). +In the future, Constellation will support remote attestation-based access policies for Cloud KMS once available. +Note that using a Cloud KMS limits the isolation and protection to the guarantees of the particular offering. + +KMIP support allows you to use your KMIP-compatible on-prem KMS and keep full control over your keys. +This follows the common scheme of "hold your own key" (HYOK). + +The KEK is used to encrypt per-data "data encryption keys" (DEKs). +DEKs are generated to encrypt your data before storing it on persistent storage. +After being encrypted by the KEK, the DEKs are stored on dedicated cloud storage for persistence. +Currently, Constellation supports the following cloud storage options: + +* [AWS S3](https://aws.amazon.com/s3/) +* [GCP Cloud Storage](https://cloud.google.com/storage) +* [Azure Blob Storage](https://azure.microsoft.com/en-us/services/storage/blobs/#overview) + +The DEKs are only present in plaintext form in the encrypted main memory of the CVMs. +Similarly, the cryptographic operations for encrypting data before writing it to persistent storage are performed in the context of the CVMs. + +#### Recovery and migration + +In the case of a disaster, the KEK can be used to decrypt the DEKs locally and subsequently use them to decrypt and retrieve the data. +In case of migration, configuring the same KEK will provide seamless migration of data. +Thus, only the DEK storage needs to be transferred to the new cluster alongside the encrypted data for seamless migration. diff --git a/docs/versioned_docs/version-2.17/architecture/microservices.md b/docs/versioned_docs/version-2.17/architecture/microservices.md new file mode 100644 index 000000000..90bae783b --- /dev/null +++ b/docs/versioned_docs/version-2.17/architecture/microservices.md @@ -0,0 +1,73 @@ +# Microservices + +Constellation takes care of bootstrapping and initializing a Confidential Kubernetes cluster. +During the lifetime of the cluster, it handles day 2 operations such as key management, remote attestation, and updates. +These features are provided by several microservices: + +* The [Bootstrapper](microservices.md#bootstrapper) initializes a Constellation node and bootstraps the cluster +* The [JoinService](microservices.md#joinservice) joins new nodes to an existing cluster +* The [VerificationService](microservices.md#verificationservice) provides remote attestation functionality +* The [KeyService](microservices.md#keyservice) manages Constellation-internal keys + +The relations between microservices are shown in the following diagram: + +```mermaid +flowchart LR + subgraph admin [Admin's machine] + A[Constellation CLI] + end + subgraph img [Constellation OS image] + B[Constellation OS] + C[Bootstrapper] + end + subgraph Kubernetes + D[JoinService] + E[KeyService] + F[VerificationService] + end + A -- deploys --> + B -- starts --> C + C -- deploys --> D + C -- deploys --> E + C -- deploys --> F +``` + +## Bootstrapper + +The *Bootstrapper* is the first microservice launched after booting a Constellation node image. +It sets up that machine as a Kubernetes node and integrates that node into the Kubernetes cluster. +To this end, the *Bootstrapper* first downloads and verifies the [Kubernetes components](https://kubernetes.io/docs/concepts/overview/components/) at the configured versions. +The *Bootstrapper* tries to find an existing cluster and if successful, communicates with the [JoinService](microservices.md#joinservice) to join the node. +Otherwise, it waits for an initialization request to create a new Kubernetes cluster. + +## JoinService + +The *JoinService* runs as [DaemonSet](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) on each control-plane node. +New nodes (at cluster start, or later through autoscaling) send a request to the service over [attested TLS (aTLS)](attestation.md#attested-tls-atls). +The *JoinService* verifies the new node's certificate and attestation statement. +If attestation is successful, the new node is supplied with an encryption key from the [*KeyService*](microservices.md#keyservice) for its state disk, and a Kubernetes bootstrap token. + + +```mermaid +sequenceDiagram + participant New node + participant JoinService + New node->>JoinService: aTLS handshake (server side verification) + JoinService-->>New node: # + New node->>+JoinService: IssueJoinTicket(DiskUUID, NodeName, IsControlPlane) + JoinService->>+KeyService: GetDataKey(DiskUUID) + KeyService-->>-JoinService: DiskEncryptionKey + JoinService-->>-New node: DiskEncryptionKey, KubernetesJoinToken, ... +``` + +## VerificationService + +The *VerificationService* runs as DaemonSet on each node. +It provides user-facing functionality for remote attestation during the cluster's lifetime via an endpoint for [verifying the cluster](attestation.md#cluster-attestation). +Read more about the hardware-based [attestation feature](attestation.md) of Constellation and how to [verify](../workflows/verify-cluster.md) a cluster on the client side. + +## KeyService + +The *KeyService* runs as DaemonSet on each control-plane node. +It implements the key management for the [storage encryption keys](keys.md#storage-encryption) in Constellation. These keys are used for the [state disk](images.md#state-disk) of each node and the [transparently encrypted storage](encrypted-storage.md) for Kubernetes. +Depending on wether the [constellation-managed](keys.md#constellation-managed-key-management) or [user-managed](keys.md#user-managed-key-management) mode is used, the *KeyService* holds the key encryption key (KEK) directly or calls an external key management service (KMS) for key derivation respectively. diff --git a/docs/versioned_docs/version-2.17/architecture/networking.md b/docs/versioned_docs/version-2.17/architecture/networking.md new file mode 100644 index 000000000..e9cbdf029 --- /dev/null +++ b/docs/versioned_docs/version-2.17/architecture/networking.md @@ -0,0 +1,22 @@ +# Network encryption + +Constellation encrypts all pod communication using the [container network interface (CNI)](https://github.com/containernetworking/cni). +To that end, Constellation deploys, configures, and operates the [Cilium](https://cilium.io/) CNI plugin. +Cilium provides [transparent encryption](https://docs.cilium.io/en/stable/security/network/encryption) for all cluster traffic using either IPSec or [WireGuard](https://www.wireguard.com/). +Currently, Constellation only supports WireGuard as the encryption engine. +You can read more about the cryptographic soundness of WireGuard [in their white paper](https://www.wireguard.com/papers/wireguard.pdf). + +Cilium is actively working on implementing a feature called [`host-to-host`](https://github.com/cilium/cilium/pull/19401) encryption mode for WireGuard. +With `host-to-host`, all traffic between nodes will be tunneled via WireGuard (host-to-host, host-to-pod, pod-to-host, pod-to-pod). +Until the `host-to-host` feature is released, Constellation enables `pod-to-pod` encryption. +This mode encrypts all traffic between Kubernetes pods using WireGuard tunnels. + +When using Cilium in the default setup but with encryption enabled, there is a [known issue](https://docs.cilium.io/en/v1.12/gettingstarted/encryption/#egress-traffic-to-not-yet-discovered-remote-endpoints-may-be-unencrypted) +that can cause pod-to-pod traffic to be unencrypted. +To mitigate this issue, Constellation adds a *strict* mode to Cilium's `pod-to-pod` encryption. +This mode changes the default behavior of traffic that's destined for an unknown endpoint to not be send out in plaintext, but instead being dropped. +The strict mode distinguishes between traffic that's send to a pod from traffic that's destined for a cluster-external endpoint by considering the pod's CIDR range. + +Traffic originating from hosts isn't encrypted yet. +This mainly includes health checks from Kubernetes API server. +Also, traffic proxied over the API server via e.g. `kubectl port-forward` isn't encrypted. diff --git a/docs/versioned_docs/version-2.17/architecture/observability.md b/docs/versioned_docs/version-2.17/architecture/observability.md new file mode 100644 index 000000000..0f4daffd4 --- /dev/null +++ b/docs/versioned_docs/version-2.17/architecture/observability.md @@ -0,0 +1,74 @@ +# Observability + +In Kubernetes, observability is the ability to gain insight into the behavior and performance of applications. +It helps identify and resolve issues more effectively, ensuring stability and performance of Kubernetes workloads, reducing downtime and outages, and improving efficiency. +The "three pillars of observability" are logs, metrics, and traces. + +In the context of Confidential Computing, observability is a delicate subject and needs to be applied such that it doesn't leak any sensitive information. +The following gives an overview of where and how you can apply standard observability tools in Constellation. + +## Cloud resource monitoring + +While inaccessible, Constellation's nodes are still visible as black box VMs to the hypervisor. +Resource consumption, such as memory and CPU utilization, can be monitored from the outside and observed via the cloud platforms directly. +Similarly, other resources, such as storage and network and their respective metrics, are visible via the cloud platform. + +## Metrics + +Metrics are numeric representations of data measured over intervals of time. They're essential for understanding system health and gaining insights using telemetry signals. + +By default, Constellation exposes the [metrics for Kubernetes system components](https://kubernetes.io/docs/concepts/cluster-administration/system-metrics/) inside the cluster. +Similarly, the [etcd metrics](https://etcd.io/docs/v3.5/metrics/) endpoints are exposed inside the cluster. +These [metrics endpoints can be disabled](https://kubernetes.io/docs/concepts/cluster-administration/system-metrics/#disabling-metrics). + +You can collect these cluster-internal metrics via tools such as [Prometheus](https://prometheus.io/) or the [Elastic Stack](https://www.elastic.co/de/elastic-stack/). + +Constellation's CNI Cilium also supports [metrics via Prometheus endpoints](https://docs.cilium.io/en/latest/observability/metrics/). +However, in Constellation, they're disabled by default and must be enabled first. + +## Logs + +Logs represent discrete events that usually describe what's happening with your service. +The payload is an actual message emitted from your system along with a metadata section containing a timestamp, labels, and tracking identifiers. + +### System logs + +Detailed system-level logs are accessible via `/var/log` and [journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) on the nodes directly. +They can be collected from there, for example, via [Filebeat and Logstash](https://www.elastic.co/guide/en/beats/filebeat/current/logstash-output.html), which are tools of the [Elastic Stack](https://www.elastic.co/de/elastic-stack/). + +In case of an error during the initialization, the CLI automatically collects the [Bootstrapper](./microservices.md#bootstrapper) logs and returns these as a file for [troubleshooting](../workflows/troubleshooting.md). Here is an example of such an event: + +```shell-session +Cluster initialization failed. This error is not recoverable. +Terminate your cluster and try again. +Fetched bootstrapper logs are stored in "constellation-cluster.log" +``` + +### Kubernetes logs + +Constellation supports the [Kubernetes logging architecture](https://kubernetes.io/docs/concepts/cluster-administration/logging/). +By default, logs are written to the nodes' encrypted state disks. +These include the Pod and container logs and the [system component logs](https://kubernetes.io/docs/concepts/cluster-administration/logging/#system-component-logs). + +[Constellation services](microservices.md) run as Pods inside the `kube-system` namespace and use the standard container logging mechanism. +The same applies for the [Cilium Pods](https://docs.cilium.io/en/latest/operations/troubleshooting/#logs). + +You can collect logs from within the cluster via tools such as [Fluentd](https://github.com/fluent/fluentd), [Loki](https://github.com/grafana/loki), or the [Elastic Stack](https://www.elastic.co/de/elastic-stack/). + +## Traces + +Modern systems are implemented as interconnected complex and distributed microservices. Understanding request flows and system communications is challenging, mainly because all systems in a chain need to be modified to propagate tracing information. Distributed tracing is a new approach to increasing observability and understanding performance bottlenecks. A trace represents consecutive events that reflect an end-to-end request path in a distributed system. + +Constellation supports [traces for Kubernetes system components](https://kubernetes.io/docs/concepts/cluster-administration/system-traces/). +By default, they're disabled and need to be enabled first. + +Similarly, Cilium can be enabled to [export traces](https://cilium.io/use-cases/metrics-export/). + +You can collect these traces via tools such as [Jaeger](https://www.jaegertracing.io/) or [Zipkin](https://zipkin.io/). + +## Integrations + +Platforms and SaaS solutions such as Datadog, logz.io, Dynatrace, or New Relic facilitate the observability challenge for Kubernetes and provide all-in-one SaaS solutions. +They install agents into the cluster that collect metrics, logs, and tracing information and upload them into the data lake of the platform. +Technically, the agent-based approach is compatible with Constellation, and attaching these platforms is straightforward. +However, you need to evaluate if the exported data might violate Constellation's compliance and privacy guarantees by uploading them to a third-party platform. diff --git a/docs/versioned_docs/version-2.17/architecture/orchestration.md b/docs/versioned_docs/version-2.17/architecture/orchestration.md new file mode 100644 index 000000000..3c8d529e7 --- /dev/null +++ b/docs/versioned_docs/version-2.17/architecture/orchestration.md @@ -0,0 +1,83 @@ +# Orchestrating Constellation clusters + +You can use the CLI to create a cluster on the supported cloud platforms. +The CLI provisions the resources in your cloud environment and initiates the initialization of your cluster. +It uses a set of parameters and an optional configuration file to manage your cluster installation. +The CLI is also used for updating your cluster. + +## Workspaces + +Each Constellation cluster has an associated *workspace*. +The workspace is where data such as the Constellation state and config files are stored. +Each workspace is associated with a single cluster and configuration. +The CLI stores state in the local filesystem making the current directory the active workspace. +Multiple clusters require multiple workspaces, hence, multiple directories. +Note that every operation on a cluster always has to be performed from the directory associated with its workspace. + +You may copy files from the workspace to other locations, +but you shouldn't move or delete them while the cluster is still being used. +The Constellation CLI takes care of managing the workspace. +Only when a cluster was terminated, and you are sure the files aren't needed anymore, should you remove a workspace. + +## Cluster creation process + +To allow for fine-grained configuration of your cluster and cloud environment, Constellation supports an extensive configuration file with strong defaults. [Generating the configuration file](../workflows/config.md) is typically the first thing you do in the workspace. + +Altogether, the following files are generated during the creation of a Constellation cluster and stored in the current workspace: + +* a configuration file +* a state file +* a Base64-encoded master secret +* [Terraform artifacts](../reference/terraform.md), stored in subdirectories +* a Kubernetes `kubeconfig` file. + +After the initialization of your cluster, the CLI will provide you with a Kubernetes `kubeconfig` file. +This file grants you access to your Kubernetes cluster and configures the [kubectl](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/) tool. +In addition, the cluster's [identifier](orchestration.md#post-installation-configuration) is returned and stored in the state file. + +### Creation process details + +1. The CLI `apply` command first creates the confidential VM (CVM) resources in your cloud environment and configures the network +2. Each CVM boots the Constellation node image and measures every component in the boot chain +3. The first microservice launched in each node is the [*Bootstrapper*](microservices.md#bootstrapper) +4. The *Bootstrapper* waits until it either receives an initialization request or discovers an initialized cluster +5. The CLI then connects to the *Bootstrapper* of a selected node, sends the configuration, and initiates the initialization of the cluster +6. The *Bootstrapper* of **that** node [initializes the Kubernetes cluster](microservices.md#bootstrapper) and deploys the other Constellation [microservices](microservices.md) including the [*JoinService*](microservices.md#joinservice) +7. Subsequently, the *Bootstrappers* of the other nodes discover the initialized cluster and send join requests to the *JoinService* +8. As part of the join request each node includes an attestation statement of its boot measurements as authentication +9. The *JoinService* verifies the attestation statements and joins the nodes to the Kubernetes cluster +10. This process is repeated for every node joining the cluster later (e.g., through autoscaling) + +## Post-installation configuration + +Post-installation the CLI provides a configuration for [accessing the cluster using the Kubernetes API](https://kubernetes.io/docs/tasks/administer-cluster/access-cluster-api/). +The `kubeconfig` file provides the credentials and configuration for connecting and authenticating to the API server. +Once configured, orchestrate the Kubernetes cluster via `kubectl`. + +After the initialization, the CLI will present you with a couple of tokens: + +* The [*master secret*](keys.md#master-secret) (stored in the `constellation-mastersecret.json` file by default) +* The [*clusterID*](keys.md#cluster-identity) of your cluster in Base64 encoding + +You can read more about these values and their meaning in the guide on [cluster identity](keys.md#cluster-identity). + +The *master secret* must be kept secret and can be used to [recover your cluster](../workflows/recovery.md). +Instead of managing this secret manually, you can [use your key management solution of choice](keys.md#user-managed-key-management) with Constellation. + +The *clusterID* uniquely identifies a cluster and can be used to [verify your cluster](../workflows/verify-cluster.md). + +## Upgrades + +Constellation images and microservices may need to be upgraded to new versions during the lifetime of a cluster. +Constellation implements a rolling update mechanism ensuring no downtime of the control or data plane. +You can upgrade a Constellation cluster with a single operation by using the CLI. +For step-by-step instructions on how to do this, refer to [Upgrade your cluster](../workflows/upgrade.md). + +### Attestation of upgrades + +With every new image, corresponding measurements are released. +During an update procedure, the CLI provides new measurements to the [JoinService](microservices.md#joinservice) securely. +New measurements for an updated image are automatically pulled and verified by the CLI following the [supply chain security concept](attestation.md#chain-of-trust) of Constellation. +The [attestation section](attestation.md#cluster-facing-attestation) describes in detail how these measurements are then used by the JoinService for the attestation of nodes. + + diff --git a/docs/versioned_docs/version-2.17/architecture/overview.md b/docs/versioned_docs/version-2.17/architecture/overview.md new file mode 100644 index 000000000..386f93b2f --- /dev/null +++ b/docs/versioned_docs/version-2.17/architecture/overview.md @@ -0,0 +1,30 @@ +# Overview + +Constellation is a cloud-based confidential orchestration platform. +The foundation of Constellation is Kubernetes and therefore shares the same technology stack and architecture principles. +To learn more about Constellation and Kubernetes, see [product overview](../overview/product.md). + +## About orchestration and updates + +As a cluster administrator, you can use the [Constellation CLI](orchestration.md) to install and deploy a cluster. +Updates are provided in accordance with the [support policy](versions.md). + +## About microservices and attestation + +Constellation manages the nodes and network in your cluster. All nodes are bootstrapped by the [*Bootstrapper*](microservices.md#bootstrapper). They're verified and authenticated by the [*JoinService*](microservices.md#joinservice) before being added to the cluster and the network. Finally, the entire cluster can be verified via the [*VerificationService*](microservices.md#verificationservice) using [remote attestation](attestation.md). + +## About node images and verified boot + +Constellation comes with operating system images for Kubernetes control-plane and worker nodes. +They're highly optimized for running containerized workloads and specifically prepared for running inside confidential VMs. +You can learn more about [the images](images.md) and how verified boot ensures their integrity during boot and beyond. + +## About key management and cryptographic primitives + +Encryption of data at-rest, in-transit, and in-use is the fundamental building block for confidential computing and Constellation. Learn more about the [keys and cryptographic primitives](keys.md) used in Constellation, [encrypted persistent storage](encrypted-storage.md), and [network encryption](networking.md). + +## About observability + +Observability in Kubernetes refers to the capability to troubleshoot issues using telemetry signals such as logs, metrics, and traces. +In the realm of Confidential Computing, it's crucial that observability aligns with confidentiality, necessitating careful implementation. +Learn more about the [observability capabilities in Constellation](./observability.md). diff --git a/docs/versioned_docs/version-2.17/architecture/versions.md b/docs/versioned_docs/version-2.17/architecture/versions.md new file mode 100644 index 000000000..85d35e6a9 --- /dev/null +++ b/docs/versioned_docs/version-2.17/architecture/versions.md @@ -0,0 +1,21 @@ +# Versions and support policy + +All components of Constellation use a three-digit version number of the form `v..`. +The components are released in lock step, usually on the first Tuesday of every month. This release primarily introduces new features, but may also include security or performance improvements. The `MINOR` version will be incremented as part of this release. + +Additional `PATCH` releases may be created on demand, to fix security issues or bugs before the next `MINOR` release window. + +New releases are published on [GitHub](https://github.com/edgelesssys/constellation/releases). + +## Kubernetes support policy + +Constellation is aligned to the [version support policy of Kubernetes](https://kubernetes.io/releases/version-skew-policy/#supported-versions), and therefore usually supports the most recent three minor versions. +When a new minor version of Kubernetes is released, support is added to the next Constellation release, and that version then supports four Kubernetes versions. +Subsequent Constellation releases drop support for the oldest (and deprecated) Kubernetes version. + +The following Kubernetes versions are currently supported: + + +* v1.28.11 +* v1.29.6 +* v1.30.2 diff --git a/docs/versioned_docs/version-2.17/getting-started/examples.md b/docs/versioned_docs/version-2.17/getting-started/examples.md new file mode 100644 index 000000000..fded84980 --- /dev/null +++ b/docs/versioned_docs/version-2.17/getting-started/examples.md @@ -0,0 +1,6 @@ +# Examples + +After you [installed the CLI](install.md) and [created your first cluster](first-steps.md), you're ready to deploy applications. Why not start with one of the following examples? +* [Emojivoto](examples/emojivoto.md): a simple but fun web application +* [Online Boutique](examples/online-boutique.md): an e-commerce demo application by Google consisting of 11 separate microservices +* [Horizontal Pod Autoscaling](examples/horizontal-scaling.md): an example demonstrating Constellation's autoscaling capabilities diff --git a/docs/versioned_docs/version-2.17/getting-started/examples/emojivoto.md b/docs/versioned_docs/version-2.17/getting-started/examples/emojivoto.md new file mode 100644 index 000000000..2bbe27917 --- /dev/null +++ b/docs/versioned_docs/version-2.17/getting-started/examples/emojivoto.md @@ -0,0 +1,22 @@ +# Emojivoto +[Emojivoto](https://github.com/BuoyantIO/emojivoto) is a simple and fun application that's well suited to test the basic functionality of your cluster. + + + +emojivoto - Web UI + + + +1. Deploy the application: + ```bash + kubectl apply -k github.com/BuoyantIO/emojivoto/kustomize/deployment + ``` +2. Wait until it becomes available: + ```bash + kubectl wait --for=condition=available --timeout=60s -n emojivoto --all deployments + ``` +3. Forward the web service to your machine: + ```bash + kubectl -n emojivoto port-forward svc/web-svc 8080:80 + ``` +4. Visit [http://localhost:8080](http://localhost:8080) diff --git a/docs/versioned_docs/version-2.17/getting-started/examples/filestash-s3proxy.md b/docs/versioned_docs/version-2.17/getting-started/examples/filestash-s3proxy.md new file mode 100644 index 000000000..b9a394256 --- /dev/null +++ b/docs/versioned_docs/version-2.17/getting-started/examples/filestash-s3proxy.md @@ -0,0 +1,107 @@ + +# Deploying Filestash + +Filestash is a web frontend for different storage backends, including S3. +It's a useful application to showcase s3proxy in action. + +1. Deploy s3proxy as described in [Deployment](../../workflows/s3proxy.md#deployment). +2. Create a deployment file for Filestash with one pod: + +```sh +cat << EOF > "deployment-filestash.yaml" +apiVersion: apps/v1 +kind: Deployment +metadata: + name: filestash +spec: + replicas: 1 + selector: + matchLabels: + app: filestash + template: + metadata: + labels: + app: filestash + spec: + hostAliases: + - ip: $(kubectl get svc s3proxy-service -o=jsonpath='{.spec.clusterIP}') + hostnames: + - "s3.us-east-1.amazonaws.com" + - "s3.us-east-2.amazonaws.com" + - "s3.us-west-1.amazonaws.com" + - "s3.us-west-2.amazonaws.com" + - "s3.eu-north-1.amazonaws.com" + - "s3.eu-south-1.amazonaws.com" + - "s3.eu-south-2.amazonaws.com" + - "s3.eu-west-1.amazonaws.com" + - "s3.eu-west-2.amazonaws.com" + - "s3.eu-west-3.amazonaws.com" + - "s3.eu-central-1.amazonaws.com" + - "s3.eu-central-2.amazonaws.com" + - "s3.ap-northeast-1.amazonaws.com" + - "s3.ap-northeast-2.amazonaws.com" + - "s3.ap-northeast-3.amazonaws.com" + - "s3.ap-east-1.amazonaws.com" + - "s3.ap-southeast-1.amazonaws.com" + - "s3.ap-southeast-2.amazonaws.com" + - "s3.ap-southeast-3.amazonaws.com" + - "s3.ap-southeast-4.amazonaws.com" + - "s3.ap-south-1.amazonaws.com" + - "s3.ap-south-2.amazonaws.com" + - "s3.me-south-1.amazonaws.com" + - "s3.me-central-1.amazonaws.com" + - "s3.il-central-1.amazonaws.com" + - "s3.af-south-1.amazonaws.com" + - "s3.ca-central-1.amazonaws.com" + - "s3.sa-east-1.amazonaws.com" + containers: + - name: filestash + image: machines/filestash:latest + ports: + - containerPort: 8334 + volumeMounts: + - name: ca-cert + mountPath: /etc/ssl/certs/kube-ca.crt + subPath: kube-ca.crt + volumes: + - name: ca-cert + secret: + secretName: s3proxy-tls + items: + - key: ca.crt + path: kube-ca.crt +EOF +``` + +The pod spec includes the `hostAliases` key, which adds an entry to the pod's `/etc/hosts`. +The entry forwards all requests for any of the currently defined AWS regions to the Kubernetes service `s3proxy-service`. +If you followed the s3proxy [Deployment](../../workflows/s3proxy.md#deployment) guide, this service points to a s3proxy pod. + +The deployment specifies all regions explicitly to prevent accidental data leaks. +If one of your buckets were located in a region that's not part of the `hostAliases` key, traffic towards those buckets would not be redirected to s3proxy. +Similarly, if you want to exclude data for specific regions from going through s3proxy you can remove those regions from the deployment. + +The spec also includes a volume mount for the TLS certificate and adds it to the pod's certificate trust store. +The volume is called `ca-cert`. +The key `ca.crt` of that volume is mounted to `/etc/ssl/certs/kube-ca.crt`, which is the default certificate trust store location for that container's OpenSSL library. +Not adding the CA certificate will result in TLS authentication errors. + +3. Apply the file: `kubectl apply -f deployment-filestash.yaml` + +Afterward, you can use a port forward to access the Filestash pod: +`kubectl port-forward pod/$(kubectl get pod --selector='app=filestash' -o=jsonpath='{.items[*].metadata.name}') 8334:8334` + +4. After browsing to `localhost:8443`, Filestash will ask you to set an administrator password. +After setting it, you can directly leave the admin area by clicking the blue cloud symbol in the top left corner. +Subsequently, you can select S3 as storage backend and enter your credentials. +This will bring you to an overview of your buckets. +If you want to deploy Filestash in production, take a look at its [documentation](https://www.filestash.app/docs/). + +5. To see the logs of s3proxy intercepting requests made to S3, run: `kubectl logs -f pod/$(kubectl get pod --selector='app=s3proxy' -o=jsonpath='{.items[*].metadata.name}')` +Look out for log messages labeled `intercepting`. +There is one such log message for each message that's encrypted, decrypted, or blocked. + +6. Once you have uploaded a file with Filestash, you should be able to view the file in Filestash. +However, if you go to the AWS S3 [Web UI](https://s3.console.aws.amazon.com/s3/home) and download the file you just uploaded in Filestash, you won't be able to read it. +Another way to spot encrypted files without downloading them is to click on a file, scroll to the Metadata section, and look for the header named `x-amz-meta-constellation-encryption`. +This header holds the encrypted data encryption key of the object and is only present on objects that are encrypted by s3proxy. diff --git a/docs/versioned_docs/version-2.17/getting-started/examples/horizontal-scaling.md b/docs/versioned_docs/version-2.17/getting-started/examples/horizontal-scaling.md new file mode 100644 index 000000000..dfaf9e742 --- /dev/null +++ b/docs/versioned_docs/version-2.17/getting-started/examples/horizontal-scaling.md @@ -0,0 +1,98 @@ +# Horizontal Pod Autoscaling +This example demonstrates Constellation's autoscaling capabilities. It's based on the Kubernetes [HorizontalPodAutoscaler Walkthrough](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/). During the following steps, Constellation will spawn new VMs on demand, verify them, add them to the cluster, and delete them again when the load has settled down. + +## Requirements +The cluster needs to be initialized with Kubernetes 1.23 or later. In addition, [autoscaling must be enabled](../../workflows/scale.md) to enable Constellation to assign new nodes dynamically. + +Just for this example specifically, the cluster should have as few worker nodes in the beginning as possible. Start with a small cluster with only *one* low-powered node for the control-plane node and *one* low-powered worker node. + +:::info +We tested the example using instances of types `Standard_DC4as_v5` on Azure and `n2d-standard-4` on GCP. +::: + +## Setup + +1. Install the Kubernetes Metrics Server: + ```bash + kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml + ``` + +2. Deploy the HPA example server that's supposed to be scaled under load. + + This manifest is similar to the one from the Kubernetes HPA walkthrough, but with increased CPU limits and requests to facilitate the triggering of node scaling events. + ```bash + cat < + +Online Boutique - Web UI + + + +1. Create a namespace: + ```bash + kubectl create ns boutique + ``` +2. Deploy the application: + ```bash + kubectl apply -n boutique -f https://github.com/GoogleCloudPlatform/microservices-demo/raw/main/release/kubernetes-manifests.yaml + ``` +3. Wait for all services to become available: + ```bash + kubectl wait --for=condition=available --timeout=300s -n boutique --all deployments + ``` +4. Get the frontend's external IP address: + ```shell-session + $ kubectl get service frontend-external -n boutique | awk '{print $4}' + EXTERNAL-IP + + ``` + (`` is a placeholder for the IP assigned by your CSP.) +5. Enter the IP from the result in your browser to browse the online shop. diff --git a/docs/versioned_docs/version-2.17/getting-started/first-steps-local.md b/docs/versioned_docs/version-2.17/getting-started/first-steps-local.md new file mode 100644 index 000000000..052d29eae --- /dev/null +++ b/docs/versioned_docs/version-2.17/getting-started/first-steps-local.md @@ -0,0 +1,277 @@ +# First steps with a local cluster + +A local cluster lets you deploy and test Constellation without a cloud subscription. +You have two options: + +* Use MiniConstellation to automatically deploy a two-node cluster. +* For more fine-grained control, create the cluster using the QEMU provider. + +Both options use virtualization to create a local cluster with control-plane nodes and worker nodes. They **don't** require hardware with Confidential VM (CVM) support. For attestation, they currently use a software-based vTPM provided by KVM/QEMU. + +You need an x64 machine with a Linux OS. +You can use a VM, but it needs nested virtualization. + +## Prerequisites + +* Machine requirements: + * An x86-64 CPU with at least 4 cores (6 cores are recommended) + * At least 4 GB RAM (6 GB are recommended) + * 20 GB of free disk space + * Hardware virtualization enabled in the BIOS/UEFI (often referred to as Intel VT-x or AMD-V/SVM) / nested-virtualization support when using a VM +* Software requirements: + * Linux OS with [KVM kernel module](https://www.linux-kvm.org/page/Main_Page) + * Recommended: Ubuntu 22.04 LTS + * [Docker](https://docs.docker.com/engine/install/) + * [xsltproc](https://gitlab.gnome.org/GNOME/libxslt/-/wikis/home) + * (Optional) [virsh](https://www.libvirt.org/manpages/virsh.html) to observe and access your nodes + +### Software installation on Ubuntu + +```bash +# install Docker +curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg +echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null +sudo apt update +sudo apt install docker-ce +# install other dependencies +sudo apt install xsltproc +sudo snap install kubectl --classic +# install Constellation CLI +curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/constellation-linux-amd64 +sudo install constellation-linux-amd64 /usr/local/bin/constellation +# do not drop forwarded packages +sudo iptables -P FORWARD ACCEPT +``` + +## Create a cluster + + + + + +With the `constellation mini` command, you can deploy and test Constellation locally. This mode is called MiniConstellation. Conceptually, MiniConstellation is similar to [MicroK8s](https://microk8s.io/), [K3s](https://k3s.io/), and [minikube](https://minikube.sigs.k8s.io/docs/). + + +:::caution + +MiniConstellation has specific soft- and hardware requirements such as a Linux OS running on an x86-64 CPU. Pay attention to all [prerequisites](#prerequisites) when setting up. + +::: + +:::note + +Since MiniConstellation runs on your local system, cloud features such as load balancing, +attaching persistent storage, or autoscaling aren't available. + +::: + +The following creates your MiniConstellation cluster (may take up to 10 minutes to complete): + +```bash +constellation mini up +``` + +This will configure your current directory as the [workspace](../architecture/orchestration.md#workspaces) for this cluster. +All `constellation` commands concerning this cluster need to be issued from this directory. + + + + +With the QEMU provider, you can create a local Constellation cluster as if it were in the cloud. The provider uses [QEMU](https://www.qemu.org/) to create multiple VMs for the cluster nodes, which interact with each other. + +:::caution + +Constellation on QEMU has specific soft- and hardware requirements such as a Linux OS running on an x86-64 CPU. Pay attention to all [prerequisites](#prerequisites) when setting up. + +::: + +:::note + +Since Constellation on QEMU runs on your local system, cloud features such as load balancing, +attaching persistent storage, or autoscaling aren't available. + +::: + +1. To set up your local cluster, you need to create a configuration file for Constellation first. + + ```bash + constellation config generate qemu + ``` + + This creates a [configuration file](../workflows/config.md) for QEMU called `constellation-conf.yaml`. After that, your current folder also becomes your [workspace](../architecture/orchestration.md#workspaces). All `constellation` commands for your cluster need to be executed from this directory. + +2. Now you can create your cluster and its nodes. `constellation apply` uses the options set in `constellation-conf.yaml`. + + ```bash + constellation apply -y + ``` + + The Output should look like the following: + + ```shell-session + $ constellation apply -y + Checking for infrastructure changes + The following Constellation cluster will be created: + 3 control-plane nodes of type 2-vCPUs will be created. + 1 worker node of type 2-vCPUs will be created. + Creating + Cloud infrastructure created successfully. + Your Constellation master secret was successfully written to ./constellation-mastersecret.json + Connecting + Initializing cluster + Installing Kubernetes components + Your Constellation cluster was successfully initialized. + + Constellation cluster identifier g6iMP5wRU1b7mpOz2WEISlIYSfdAhB0oNaOg6XEwKFY= + Kubernetes configuration constellation-admin.conf + + You can now connect to your cluster by executing: + export KUBECONFIG="$PWD/constellation-admin.conf" + ``` + + The cluster's identifier will be different in your output. + Keep `constellation-mastersecret.json` somewhere safe. + This will allow you to [recover your cluster](../workflows/recovery.md) in case of a disaster. + + :::info + + Depending on your setup, `constellation apply` may take 10+ minutes to complete. + + ::: + +3. Configure kubectl + + ```bash + export KUBECONFIG="$PWD/constellation-admin.conf" + ``` + + + + +## Connect to the cluster + +Your cluster initially consists of a single control-plane node: + +```shell-session +$ kubectl get nodes +NAME STATUS ROLES AGE VERSION +control-plane-0 Ready control-plane 66s v1.24.6 +``` + +Additional nodes will request to join the cluster shortly. Before each additional node is allowed to join the cluster, its state is verified using remote attestation by the [JoinService](../architecture/microservices.md#joinservice). +If verification passes successfully, the new node receives keys and certificates to join the cluster. + +You can follow this process by viewing the logs of the JoinService: + +```shell-session +$ kubectl logs -n kube-system daemonsets/join-service -f +{"level":"INFO","ts":"2022-10-14T09:32:20Z","caller":"cmd/main.go:48","msg":"Constellation Node Join Service","version":"2.1.0","cloudProvider":"qemu"} +{"level":"INFO","ts":"2022-10-14T09:32:20Z","logger":"validator","caller":"watcher/validator.go:96","msg":"Updating expected measurements"} +... +``` + +Once all nodes have joined your cluster, it may take a couple of minutes for all resources to become available. +You can check on the state of your cluster by running the following: + +```shell-session +$ kubectl get nodes +NAME STATUS ROLES AGE VERSION +control-plane-0 Ready control-plane 2m59s v1.24.6 +worker-0 Ready 32s v1.24.6 +``` + +## Deploy a sample application + +1. Deploy the [emojivoto app](https://github.com/BuoyantIO/emojivoto) + + ```bash + kubectl apply -k github.com/BuoyantIO/emojivoto/kustomize/deployment + ``` + +2. Expose the frontend service locally + + ```bash + kubectl wait --for=condition=available --timeout=60s -n emojivoto --all deployments + kubectl -n emojivoto port-forward svc/web-svc 8080:80 & + curl http://localhost:8080 + kill %1 + ``` + +## Terminate your cluster + + + + +Once you are done, you can clean up the created resources using the following command: + +```bash +constellation mini down +``` + +This will destroy your cluster and clean up your workspace. +The VM image and cluster configuration file (`constellation-conf.yaml`) will be kept and may be reused to create new clusters. + + + + +Once you are done, you can clean up the created resources using the following command: + +```bash +constellation terminate +``` + +This should give the following output: + +```shell-session +$ constellation terminate +You are about to terminate a Constellation cluster. +All of its associated resources will be DESTROYED. +This action is irreversible and ALL DATA WILL BE LOST. +Do you want to continue? [y/n]: +``` + +Confirm with `y` to terminate the cluster: + +```shell-session +Terminating ... +Your Constellation cluster was terminated successfully. +``` + +This will destroy your cluster and clean up your workspace. +The VM image and cluster configuration file (`constellation-conf.yaml`) will be kept and may be reused to create new clusters. + + + + +## Troubleshooting + +Make sure to use the [latest release](https://github.com/edgelesssys/constellation/releases/latest) and check out the [known issues](https://github.com/edgelesssys/constellation/issues?q=is%3Aopen+is%3Aissue+label%3A%22known+issue%22). + +### VMs have no internet access / CLI remains in "Initializing cluster" state + +`iptables` rules may prevent your VMs from accessing the internet. +Make sure your rules aren't dropping forwarded packages. + +List your rules: + +```bash +sudo iptables -S +``` + +The output may look similar to the following: + +```shell-session +-P INPUT ACCEPT +-P FORWARD DROP +-P OUTPUT ACCEPT +-N DOCKER +-N DOCKER-ISOLATION-STAGE-1 +-N DOCKER-ISOLATION-STAGE-2 +-N DOCKER-USER +``` + +If your `FORWARD` chain is set to `DROP`, you need to update your rules: + +```bash +sudo iptables -P FORWARD ACCEPT +``` diff --git a/docs/versioned_docs/version-2.17/getting-started/first-steps.md b/docs/versioned_docs/version-2.17/getting-started/first-steps.md new file mode 100644 index 000000000..925ec7df9 --- /dev/null +++ b/docs/versioned_docs/version-2.17/getting-started/first-steps.md @@ -0,0 +1,229 @@ +# First steps with Constellation + +The following steps guide you through the process of creating a cluster and deploying a sample app. This example assumes that you have successfully [installed and set up Constellation](install.md), +and have access to a cloud subscription. + +:::tip +If you don't have a cloud subscription, you can also set up a [local Constellation cluster using virtualization](../getting-started/first-steps-local.md) for testing. +::: + +:::note +If you encounter any problem with the following steps, make sure to use the [latest release](https://github.com/edgelesssys/constellation/releases/latest) and check out the [known issues](https://github.com/edgelesssys/constellation/issues?q=is%3Aopen+is%3Aissue+label%3A%22known+issue%22). +::: + +## Create a cluster + +1. Create the [configuration file](../workflows/config.md) and state file for your cloud provider. If you are following the steps of this guide, there is no need to edit the file. + + + + + ```bash + constellation config generate aws + ``` + + + + + ```bash + constellation config generate azure + ``` + + + + + ```bash + constellation config generate gcp + ``` + + + + + ```bash + constellation config generate stackit + ``` + + + + +2. Create your [IAM configuration](../workflows/config.md#creating-an-iam-configuration). + + + + + ```bash + constellation iam create aws --zone=us-east-2a --prefix=constellTest --update-config + ``` + + This command creates IAM configuration for the AWS zone `us-east-2a` using the prefix `constellTest` for all named resources being created. It also updates the configuration file `constellation-conf.yaml` in your current directory with the IAM values filled in. + + Depending on the attestation variant selected on config generation, different regions are available. + AMD SEV-SNP machines (requires the default attestation variant `awsSEVSNP`) are currently available in the following regions: + * `eu-west-1` + * `us-east-2` + + You can find a list of regions that support AMD SEV-SNP in [AWS's documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snp-requirements.html). + + NitroTPM machines (requires the attestation variant `awsNitroTPM`) are available in all regions. + Constellation OS images are currently replicated to the following regions: + * `eu-central-1` + * `eu-west-1` + * `eu-west-3` + * `us-east-2` + * `ap-south-1` + + If you require the OS image to be available in another region, [let us know](https://github.com/edgelesssys/constellation/issues/new?assignees=&labels=&template=feature_request.md&title=Support+new+AWS+image+region:+xx-xxxx-x). + + You can find a list of all [regions in AWS's documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions). + + + + + ```bash + constellation iam create azure --region=westus --resourceGroup=constellTest --servicePrincipal=spTest --update-config + ``` + + This command creates IAM configuration on the Azure region `westus` creating a new resource group `constellTest` and a new service principal `spTest`. It also updates the configuration file `constellation-conf.yaml` in your current directory with the IAM values filled in. + + CVMs are available in several Azure regions. Constellation OS images are currently replicated to the following: + + * `germanywestcentral` + * `westus` + * `eastus` + * `northeurope` + * `westeurope` + * `southeastasia` + + If you require the OS image to be available in another region, [let us know](https://github.com/edgelesssys/constellation/issues/new?assignees=&labels=&template=feature_request.md&title=Support+new+Azure+image+region:+xx-xxxx-x). + + You can find a list of all [regions in Azure's documentation](https://azure.microsoft.com/en-us/global-infrastructure/services/?products=virtual-machines®ions=all). + + + + + ```bash + constellation iam create gcp --projectID=yourproject-12345 --zone=europe-west2-a --serviceAccountID=constell-test --update-config + ``` + + This command creates IAM configuration in the GCP project `yourproject-12345` on the GCP zone `europe-west2-a` creating a new service account `constell-test`. It also updates the configuration file `constellation-conf.yaml` in your current directory with the IAM values filled in. + + Note that only regions offering CVMs of the `C2D` or `N2D` series are supported. You can find a [list of all regions in Google's documentation](https://cloud.google.com/compute/docs/regions-zones#available), which you can filter by machine type `C2D` or `N2D`. + + + + + To use Constellation on STACKIT, the cluster will use the User Access Token (UAT) that's generated [during the install step](./install.md). + After creating the accounts, fill in the STACKIT details in `constellation-conf.yaml` under `provider.openstack`: + + - `stackitProjectID`: STACKIT project id (can be found after login on ) + + + + + :::tip + To learn about all options you have for managing IAM resources and Constellation configuration, see the [Configuration workflow](../workflows/config.md). + ::: + + + +3. Create the cluster. `constellation apply` uses options set in `constellation-conf.yaml`. + If you want to manually manage your cloud resources, for example by using [Terraform](../reference/terraform.md), follow the corresponding instructions in the [Create workflow](../workflows/create.md). + + :::tip + + On Azure, you may need to wait 15+ minutes at this point for role assignments to propagate. + + ::: + + ```bash + constellation apply -y + ``` + + This should look similar to the following: + + ```shell-session + $ constellation apply -y + Checking for infrastructure changes + The following Constellation cluster will be created: + 3 control-plane nodes of type n2d-standard-4 will be created. + 1 worker node of type n2d-standard-4 will be created. + Creating + Cloud infrastructure created successfully + Your Constellation master secret was successfully written to ./constellation-mastersecret.json + Connecting + Initializing cluster + Installing Kubernetes components + Your Constellation cluster was successfully initialized. + + Constellation cluster identifier g6iMP5wRU1b7mpOz2WEISlIYSfdAhB0oNaOg6XEwKFY= + Kubernetes configuration constellation-admin.conf + + You can now connect to your cluster by executing: + export KUBECONFIG="$PWD/constellation-admin.conf" + ``` + + The cluster's identifier will be different in your output. + Keep `constellation-mastersecret.json` somewhere safe. + This will allow you to [recover your cluster](../workflows/recovery.md) in case of a disaster. + + :::info + + Depending on your CSP and region, `constellation apply` may take 10+ minutes to complete. + + ::: + +4. Configure kubectl. + + ```bash + export KUBECONFIG="$PWD/constellation-admin.conf" + ``` + +## Deploy a sample application + +1. Deploy the [emojivoto app](https://github.com/BuoyantIO/emojivoto) + + ```bash + kubectl apply -k github.com/BuoyantIO/emojivoto/kustomize/deployment + ``` + +2. Expose the frontend service locally + + ```bash + kubectl wait --for=condition=available --timeout=60s -n emojivoto --all deployments + kubectl -n emojivoto port-forward svc/web-svc 8080:80 & + curl http://localhost:8080 + kill %1 + ``` + +## Terminate your cluster + +Use the CLI to terminate your cluster. If you manually used [Terraform](../reference/terraform.md) to manage your cloud resources, follow the corresponding instructions in the [Terminate workflow](../workflows/terminate.md). + +```bash +constellation terminate +``` + +This should give the following output: + +```shell-session +$ constellation terminate +You are about to terminate a Constellation cluster. +All of its associated resources will be DESTROYED. +This action is irreversible and ALL DATA WILL BE LOST. +Do you want to continue? [y/n]: +``` + +Confirm with `y` to terminate the cluster: + +```shell-session +Terminating ... +Your Constellation cluster was terminated successfully. +``` + +Optionally, you can also [delete your IAM resources](../workflows/config.md#deleting-an-iam-configuration). diff --git a/docs/versioned_docs/version-2.17/getting-started/install.md b/docs/versioned_docs/version-2.17/getting-started/install.md new file mode 100644 index 000000000..4ebd9351a --- /dev/null +++ b/docs/versioned_docs/version-2.17/getting-started/install.md @@ -0,0 +1,429 @@ +# Installation and setup + +Constellation runs entirely in your cloud environment and can be controlled via a dedicated [command-line interface (CLI)](../reference/cli.md) or a [Terraform provider](../workflows/terraform-provider.md). + +## Prerequisites + +Make sure the following requirements are met: + +* Your machine is running Linux, macOS, or Windows +* You have admin rights on your machine +* [kubectl](https://kubernetes.io/docs/tasks/tools/) is installed +* Your CSP is Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), or STACKIT + +## Install the Constellation CLI + +:::tip + +If you prefer to use Terraform, you can alternatively use the [Terraform provider](../workflows/terraform-provider.md) to manage the cluster's lifecycle. + +::: + +The CLI executable is available at [GitHub](https://github.com/edgelesssys/constellation/releases). +Install it with the following commands: + + + + +1. Download the CLI: + +```bash +curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/constellation-linux-amd64 +``` + +2. [Verify the signature](../workflows/verify-cli.md) (optional) + +3. Install the CLI to your PATH: + +```bash +sudo install constellation-linux-amd64 /usr/local/bin/constellation +``` + + + + +1. Download the CLI: + +```bash +curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/constellation-linux-arm64 +``` + +2. [Verify the signature](../workflows/verify-cli.md) (optional) + +3. Install the CLI to your PATH: + +```bash +sudo install constellation-linux-arm64 /usr/local/bin/constellation +``` + + + + + +1. Download the CLI: + +```bash +curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/constellation-darwin-arm64 +``` + +2. [Verify the signature](../workflows/verify-cli.md) (optional) + +3. Install the CLI to your PATH: + +```bash +sudo install constellation-darwin-arm64 /usr/local/bin/constellation +``` + + + + + +1. Download the CLI: + +```bash +curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/constellation-darwin-amd64 +``` + +2. [Verify the signature](../workflows/verify-cli.md) (optional) + +3. Install the CLI to your PATH: + +```bash +sudo install constellation-darwin-amd64 /usr/local/bin/constellation +``` + + + + + +1. Download the CLI: + +```bash +Invoke-WebRequest -OutFile ./constellation.exe -Uri 'https://github.com/edgelesssys/constellation/releases/latest/download/constellation-windows-amd64.exe' +``` + +2. [Verify the signature](../workflows/verify-cli.md) (optional) + +3. Install the CLI under `C:\Program Files\Constellation\bin\constellation.exe` + +3. Add the CLI to your PATH: + + 1. Open `Advanced system settings` by searching for the App in the Windows search + 2. Go to the `Advanced` tab + 3. Click `Environment Variables…` + 4. Click variable called `Path` and click `Edit…` + 5. Click `New` + 6. Enter the path to the folder containing the binary you want on your PATH: `C:\Program Files\Constellation\bin` + + + + +:::tip +The CLI supports autocompletion for various shells. To set it up, run `constellation completion` and follow the given steps. +::: + +## Set up cloud credentials + +Constellation makes authenticated calls to the CSP API. Therefore, you need to set up Constellation with the credentials for your CSP. + +:::tip +If you don't have a cloud subscription, you can also set up a [local Constellation cluster using virtualization](../getting-started/first-steps-local.md) for testing. +::: + +### Required permissions + + + + +To set up a Constellation cluster, you need to perform two tasks that require permissions: create the infrastructure and create roles for cluster nodes. Both of these actions can be performed by different users, e.g., an administrator to create roles and a DevOps engineer to create the infrastructure. + +To [create the IAM configuration](../workflows/config.md#creating-an-iam-configuration) for Constellation, you need the following permissions: + +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:DescribeAccountAttributes", + "iam:AddRoleToInstanceProfile", + "iam:AttachRolePolicy", + "iam:CreateInstanceProfile", + "iam:CreatePolicy", + "iam:CreateRole", + "iam:DeleteInstanceProfile", + "iam:DeletePolicy", + "iam:DeletePolicyVersion", + "iam:DeleteRole", + "iam:DetachRolePolicy", + "iam:GetInstanceProfile", + "iam:GetPolicy", + "iam:GetPolicyVersion", + "iam:GetRole", + "iam:ListAttachedRolePolicies", + "iam:ListInstanceProfilesForRole", + "iam:ListPolicyVersions", + "iam:ListRolePolicies", + "iam:PassRole", + "iam:RemoveRoleFromInstanceProfile", + "sts:GetCallerIdentity" + ], + "Resource": "*" + } + ] +} +``` + +The built-in `AdministratorAccess` policy is a superset of these permissions. + +To [create a Constellation cluster](../workflows/create.md), see the permissions of [main.tf](https://github.com/edgelesssys/constellation/blob/main/terraform/infrastructure/iam/aws/main.tf). + +The built-in `PowerUserAccess` policy is a superset of these permissions. + +Follow Amazon's guide on [understanding](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) and [managing policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html). + + + + +The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription: + +* `Microsoft.Attestation` +* `Microsoft.Compute` +* `Microsoft.Insights` +* `Microsoft.ManagedIdentity` +* `Microsoft.Network` + +By default, Constellation tries to register these automatically if they haven't been registered before. + +To [create the IAM configuration](../workflows/config.md#creating-an-iam-configuration) for Constellation, you need the following permissions: + +* `*/register/action` \[1] +* `Microsoft.Authorization/roleAssignments/*` +* `Microsoft.Authorization/roleDefinitions/*` +* `Microsoft.ManagedIdentity/userAssignedIdentities/*` +* `Microsoft.Resources/subscriptions/resourcegroups/*` + +The built-in `Owner` role is a superset of these permissions. + +To [create a Constellation cluster](../workflows/create.md), you need the following permissions: + +* `Microsoft.Attestation/attestationProviders/*` +* `Microsoft.Compute/virtualMachineScaleSets/*` +* `Microsoft.Insights/components/*` +* `Microsoft.ManagedIdentity/userAssignedIdentities/*` +* `Microsoft.Network/loadBalancers/*` +* `Microsoft.Network/loadBalancers/backendAddressPools/*` +* `Microsoft.Network/networkSecurityGroups/*` +* `Microsoft.Network/publicIPAddresses/*` +* `Microsoft.Network/virtualNetworks/*` +* `Microsoft.Network/virtualNetworks/subnets/*` +* `Microsoft.Network/natGateways/*` + +The built-in `Contributor` role is a superset of these permissions. + +Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/azure/role-based-access-control/role-definitions) and [assigning roles](https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments). + +1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration. + + + + +Create a new project for Constellation or use an existing one. +Enable the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com) on it. + +To [create the IAM configuration](../workflows/config.md#creating-an-iam-configuration) for Constellation, you need the following permissions: + +* `iam.serviceAccountKeys.create` +* `iam.serviceAccountKeys.delete` +* `iam.serviceAccountKeys.get` +* `iam.serviceAccounts.create` +* `iam.serviceAccounts.delete` +* `iam.serviceAccounts.get` +* `resourcemanager.projects.getIamPolicy` +* `resourcemanager.projects.setIamPolicy` + +Together, the built-in roles `roles/editor` and `roles/resourcemanager.projectIamAdmin` form a superset of these permissions. + +To [create a Constellation cluster](../workflows/create.md), you need the following permissions: + +* `compute.addresses.createInternal` +* `compute.addresses.deleteInternal` +* `compute.addresses.get` +* `compute.addresses.useInternal` +* `compute.backendServices.create` +* `compute.backendServices.delete` +* `compute.backendServices.get` +* `compute.backendServices.use` +* `compute.disks.create` +* `compute.firewalls.create` +* `compute.firewalls.delete` +* `compute.firewalls.get` +* `compute.firewalls.update` +* `compute.globalAddresses.create` +* `compute.globalAddresses.delete` +* `compute.globalAddresses.get` +* `compute.globalAddresses.use` +* `compute.globalForwardingRules.create` +* `compute.globalForwardingRules.delete` +* `compute.globalForwardingRules.get` +* `compute.globalForwardingRules.setLabels` +* `compute.globalOperations.get` +* `compute.healthChecks.create` +* `compute.healthChecks.delete` +* `compute.healthChecks.get` +* `compute.healthChecks.useReadOnly` +* `compute.instanceGroupManagers.create` +* `compute.instanceGroupManagers.delete` +* `compute.instanceGroupManagers.get` +* `compute.instanceGroupManagers.update` +* `compute.instanceGroups.create` +* `compute.instanceGroups.delete` +* `compute.instanceGroups.get` +* `compute.instanceGroups.update` +* `compute.instanceGroups.use` +* `compute.instances.create` +* `compute.instances.setLabels` +* `compute.instances.setMetadata` +* `compute.instances.setTags` +* `compute.instanceTemplates.create` +* `compute.instanceTemplates.delete` +* `compute.instanceTemplates.get` +* `compute.instanceTemplates.useReadOnly` +* `compute.networks.create` +* `compute.networks.delete` +* `compute.networks.get` +* `compute.networks.updatePolicy` +* `compute.routers.create` +* `compute.routers.delete` +* `compute.routers.get` +* `compute.routers.update` +* `compute.subnetworks.create` +* `compute.subnetworks.delete` +* `compute.subnetworks.get` +* `compute.subnetworks.use` +* `compute.targetTcpProxies.create` +* `compute.targetTcpProxies.delete` +* `compute.targetTcpProxies.get` +* `compute.targetTcpProxies.use` +* `iam.serviceAccounts.actAs` + +Together, the built-in roles `roles/editor`, `roles/compute.instanceAdmin` and `roles/resourcemanager.projectIamAdmin` form a superset of these permissions. + +Follow Google's guide on [understanding](https://cloud.google.com/iam/docs/understanding-roles) and [assigning roles](https://cloud.google.com/iam/docs/granting-changing-revoking-access). + + + + +Constellation on STACKIT requires a User Access Token (UAT) for the OpenStack API and a STACKIT service account. +The UAT already has all required permissions by default. +The STACKIT service account needs the `editor` role to create STACKIT LoadBalancers. +Look at the [STACKIT documentation](https://docs.stackit.cloud/stackit/en/getting-started-in-service-accounts-134415831.html) on how to create the service account and assign the role. + + + + +### Authentication + +You need to authenticate with your CSP. The following lists the required steps for *testing* and *production* environments. + +:::note +The steps for a *testing* environment are simpler. However, they may expose secrets to the CSP. If in doubt, follow the *production* steps. +::: + + + + +**Testing** + +You can use the [AWS CloudShell](https://console.aws.amazon.com/cloudshell/home). Make sure you are [authorized to use it](https://docs.aws.amazon.com/cloudshell/latest/userguide/sec-auth-with-identities.html). + +**Production** + +Use the latest version of the [AWS CLI](https://aws.amazon.com/cli/) on a trusted machine: + +```bash +aws configure +``` + +Options and first steps are described in the [AWS CLI documentation](https://docs.aws.amazon.com/cli/index.html). + + + + +**Testing** + +Simply open the [Azure Cloud Shell](https://docs.microsoft.com/en-us/azure/cloud-shell/overview). + +**Production** + +Use the latest version of the [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/) on a trusted machine: + +```bash +az login +``` + +Other options are described in Azure's [authentication guide](https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli). + + + + +**Testing** + +You can use the [Google Cloud Shell](https://cloud.google.com/shell). Make sure your [session is authorized](https://cloud.google.com/shell/docs/auth). For example, execute `gsutil` and accept the authorization prompt. + +**Production** + +Use one of the following options on a trusted machine: + +* Use the [`gcloud` CLI](https://cloud.google.com/sdk/gcloud) + + ```bash + gcloud auth application-default login + ``` + + This will ask you to log-in to your Google account and create your credentials. + The Constellation CLI will automatically load these credentials when needed. + +* Set up a service account and pass the credentials manually + + Follow [Google's guide](https://cloud.google.com/docs/authentication/production#manually) for setting up your credentials. + + + + +You need to authenticate with the infrastructure API (OpenStack) and create a service account (STACKIT API). + +1. [Follow the STACKIT documentation](https://docs.stackit.cloud/stackit/en/step-1-generating-of-user-access-token-11763726.html) for obtaining a User Access Token (UAT) to use the infrastructure API +2. Create a configuration file under `~/.config/openstack/clouds.yaml` (`%AppData%\openstack\clouds.yaml` on Windows) with the credentials from the User Access Token + + ```yaml + clouds: + stackit: + auth: + auth_url: https://keystone.api.iaas.eu01.stackit.cloud/v3 + username: REPLACE_WITH_UAT_USERNAME + password: REPLACE_WITH_UAT_PASSWORD + project_id: REPLACE_WITH_STACKIT_PROJECT_ID + project_name: REPLACE_WITH_STACKIT_PROJECT_NAME + user_domain_name: portal_mvp + project_domain_name: portal_mvp + region_name: RegionOne + identity_api_version: 3 + ``` + +3. [Follow the STACKIT documentation](https://docs.stackit.cloud/stackit/en/getting-started-in-service-accounts-134415831.html) for creating a service account and an access token +4. Assign the `editor` role to the service account by [following the documentation](https://docs.stackit.cloud/stackit/en/getting-started-in-service-accounts-134415831.html) +5. Create a configuration file under `~/.stackit/credentials.json` (`%USERPROFILE%\.stackit\credentials.json` on Windows) + + ```json + {"STACKIT_SERVICE_ACCOUNT_TOKEN":"REPLACE_WITH_TOKEN"} + ``` + + + + + +## Next steps + +You are now ready to [deploy your first confidential Kubernetes cluster and application](first-steps.md). diff --git a/docs/versioned_docs/version-2.17/getting-started/marketplaces.md b/docs/versioned_docs/version-2.17/getting-started/marketplaces.md new file mode 100644 index 000000000..b16d796d2 --- /dev/null +++ b/docs/versioned_docs/version-2.17/getting-started/marketplaces.md @@ -0,0 +1,56 @@ +# Using Constellation via Cloud Marketplaces + +Constellation is available through the Marketplaces of AWS, Azure, GCP, and STACKIT. This allows you to create self-managed Constellation clusters that are billed on a pay-per-use basis (hourly, per vCPU) with your CSP account. You can still get direct support by Edgeless Systems. For more information, please [contact us](https://www.edgeless.systems/enterprise-support/). + +This document explains how to run Constellation with the dynamically billed cloud marketplace images. + + + + +To use Constellation's marketplace images, ensure that you are subscribed to the [marketplace offering](https://aws.amazon.com/marketplace/pp/prodview-2mbn65nv57oys) through the web portal. + +Then, enable the use of marketplace images in your Constellation `constellation-conf.yaml` [config file](../workflows/config.md): + +```bash +yq eval -i ".provider.aws.useMarketplaceImage = true" constellation-conf.yaml +``` + + + + +Constellation has a private marketplace plan. Please [contact us](https://www.edgeless.systems/enterprise-support/) to gain access. + +To use a marketplace image, you need to accept the marketplace image's terms once for your subscription with the [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/vm/image/terms?view=azure-cli-latest): + +```bash +az vm image terms accept --publisher edgelesssystems --offer constellation --plan constellation +``` + +Then, enable the use of marketplace images in your Constellation `constellation-conf.yaml` [config file](../workflows/config.md): + +```bash +yq eval -i ".provider.azure.useMarketplaceImage = true" constellation-conf.yaml +``` + + + + +To use a marketplace image, ensure that the account is entitled to use marketplace images by Edgeless Systems by accepting the terms through the [web portal](https://console.cloud.google.com/marketplace/vm/config/edgeless-systems-public/constellation). + +Then, enable the use of marketplace images in your Constellation `constellation-conf.yaml` [config file](../workflows/config.md): + +```bash +yq eval -i ".provider.gcp.useMarketplaceImage = true" constellation-conf.yaml +``` + + + + +On STACKIT, the selected Constellation image is always a marketplace image. You can find more information on the STACKIT portal. + + + + +Ensure that the cluster uses an official release image version (i.e., `.image=vX.Y.Z` in the `constellation-conf.yaml` file). + +From there, you can proceed with the [cluster creation](../workflows/create.md) as usual. diff --git a/docs/versioned_docs/version-2.17/intro.md b/docs/versioned_docs/version-2.17/intro.md new file mode 100644 index 000000000..0bfe86da9 --- /dev/null +++ b/docs/versioned_docs/version-2.17/intro.md @@ -0,0 +1,34 @@ +--- +slug: / +id: intro +--- +# Introduction + +Welcome to the documentation of Constellation! Constellation is a Kubernetes engine that aims to provide the best possible data security. + +![Constellation concept](/img/concept.svg) + + Constellation shields your entire Kubernetes cluster from the underlying cloud infrastructure. Everything inside is always encrypted, including at runtime in memory. For this, Constellation leverages a technology called *confidential computing* and more specifically Confidential VMs. + +:::tip +See the 📄[whitepaper](https://content.edgeless.systems/hubfs/Confidential%20Computing%20Whitepaper.pdf) for more information on confidential computing. +::: + +## Goals + +From a security perspective, Constellation is designed to keep all data always encrypted and to prevent any access from the underlying (cloud) infrastructure. This includes access from datacenter employees, privileged cloud admins, and attackers coming through the infrastructure. Such attackers could be malicious co-tenants escalating their privileges or hackers who managed to compromise a cloud server. + +From a DevOps perspective, Constellation is designed to work just like what you would expect from a modern Kubernetes engine. + +## Use cases + +Constellation provides unique security [features](overview/confidential-kubernetes.md) and [benefits](overview/security-benefits.md). The core use cases are: + +* Increasing the overall security of your clusters +* Increasing the trustworthiness of your SaaS offerings +* Moving sensitive workloads from on-prem to the cloud +* Meeting regulatory requirements + +## Next steps + +You can learn more about the concept of Confidential Kubernetes, features, security benefits, and performance of Constellation in the *Basics* section. To jump right into the action head to *Getting started*. diff --git a/docs/versioned_docs/version-2.17/overview/clouds.md b/docs/versioned_docs/version-2.17/overview/clouds.md new file mode 100644 index 000000000..a7b1361e8 --- /dev/null +++ b/docs/versioned_docs/version-2.17/overview/clouds.md @@ -0,0 +1,65 @@ +# Feature status of clouds + +What works on which cloud? Currently, Confidential VMs (CVMs) are available in varying quality on the different clouds and software stacks. + +For Constellation, the ideal environment provides the following: + +1. Ability to run arbitrary software and images inside CVMs +2. CVMs based on AMD SEV-SNP (available in EPYC CPUs since the Milan generation) or Intel TDX (available in Xeon CPUs since the Sapphire Rapids generation) +3. Ability for CVM guests to obtain raw hardware attestation statements +4. Reviewable, open-source firmware inside CVMs +5. Capability of the firmware to attest the integrity of the code it passes control to, e.g., with an embedded virtual TPM (vTPM) + +(1) is a functional must-have. (2)--(5) are required for remote attestation that fully keeps the infrastructure/cloud out. Constellation can work without them or with approximations, but won't protect against certain privileged attackers anymore. + +The following table summarizes the state of features for different infrastructures as of June 2023. + +| **Feature** | **Azure** | **GCP** | **AWS** | **STACKIT** | **OpenStack (Yoga)** | +|-----------------------------------|-----------|---------|---------|--------------|----------------------| +| **1. Custom images** | Yes | Yes | Yes | Yes | Yes | +| **2. SEV-SNP or TDX** | Yes | Yes | Yes | No | Depends on kernel/HV | +| **3. Raw guest attestation** | Yes | Yes | Yes | No | Depends on kernel/HV | +| **4. Reviewable firmware** | No | No | Yes | No | Depends on kernel/HV | +| **5. Confidential measured boot** | Yes | No | No | No | Depends on kernel/HV | + +## Microsoft Azure + +With its [CVM offering](https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview), Azure provides the best foundations for Constellation. +Regarding (3), Azure provides direct access to remote-attestation statements. +The firmware runs in an isolated domain inside the CVM and exposes a vTPM (5), but it's closed source (4). +On SEV-SNP, Azure uses VM Privilege Level (VMPL) isolation for the separation of firmware and the rest of the VM; on TDX, they use TD partitioning. +This firmware is signed by Azure. +The signature is reflected in the remote-attestation statements of CVMs. +Thus, the Azure closed-source firmware becomes part of Constellation's trusted computing base (TCB). + +## Google Cloud Platform (GCP) + +The [CVMs Generally Available in GCP](https://cloud.google.com/confidential-computing/confidential-vm/docs/confidential-vm-overview#amd_sev) are based on AMD SEV but don't have SNP features enabled. +CVMs with [SEV-SNP enabled are in public preview](https://cloud.google.com/confidential-computing/confidential-vm/docs/confidential-vm-overview#amd_sev-snp). Regarding (3), with their SEV-SNP offering Google provides direct access to remote-attestation statements. +However, regarding (5), attestation is partially based on the [Shielded VM vTPM](https://cloud.google.com/compute/shielded-vm/docs/shielded-vm#vtpm) for [measured boot](../architecture/attestation.md#measured-boot), which is a vTPM managed by Google's hypervisor. +Hence, the hypervisor is currently part of Constellation's TCB. +Regarding (4), the CVMs still include closed-source firmware. + +In the past, Intel and Google have [collaborated](https://cloud.google.com/blog/products/identity-security/rsa-google-intel-confidential-computing-more-secure) to enhance the security of TDX. +Recently, Google has announced a [private preview for TDX](https://cloud.google.com/blog/products/identity-security/confidential-vms-on-intel-cpus-your-datas-new-intelligent-defense?hl=en). +With TDX on Google, Constellation has a similar TCB and attestation flow as with the current SEV-SNP offering. + +## Amazon Web Services (AWS) + +Amazon EC2 [supports AMD SEV-SNP](https://aws.amazon.com/de/about-aws/whats-new/2023/04/amazon-ec2-amd-sev-snp/). +Regarding (3), AWS provides direct access to remote-attestation statements. +However, regarding (5), attestation is partially based on the [NitroTPM](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) for [measured boot](../architecture/attestation.md#measured-boot), which is a vTPM managed by the Nitro hypervisor. +Hence, the hypervisor is currently part of Constellation's TCB. +Regarding (4), the [firmware is open source](https://github.com/aws/uefi) and can be reproducibly built. + +## STACKIT + +[STACKIT Compute Engine](https://www.stackit.de/en/product/stackit-compute-engine/) supports AMD SEV-ES. A vTPM is used for measured boot, which is a vTPM managed by STACKIT's hypervisor. Hence, the hypervisor is currently part of Constellation's TCB. + +## OpenStack + +OpenStack is an open-source cloud and infrastructure management software. It's used by many smaller CSPs and datacenters. In the latest *Yoga* version, OpenStack has basic support for CVMs. However, much depends on the employed kernel and hypervisor. Features (2)--(4) are likely to be a *Yes* with Linux kernel version 6.2. Thus, going forward, OpenStack on corresponding AMD or Intel hardware will be a viable underpinning for Constellation. + +## Conclusion + +The different clouds and software like the Linux kernel and OpenStack are in the process of building out their support for state-of-the-art CVMs. Azure has already most features in place. For Constellation, the status quo means that the TCB has different shapes on different infrastructures. With broad SEV-SNP support coming to the Linux kernel, we soon expect a normalization of features across infrastructures. diff --git a/docs/versioned_docs/version-2.17/overview/confidential-kubernetes.md b/docs/versioned_docs/version-2.17/overview/confidential-kubernetes.md new file mode 100644 index 000000000..ca20df4de --- /dev/null +++ b/docs/versioned_docs/version-2.17/overview/confidential-kubernetes.md @@ -0,0 +1,42 @@ +# Confidential Kubernetes + +We use the term *Confidential Kubernetes* to refer to the concept of using confidential-computing technology to shield entire Kubernetes clusters from the infrastructure. The three defining properties of this concept are: + +1. **Workload shielding**: the confidentiality and integrity of all workload-related data and code are enforced. +2. **Control plane shielding**: the confidentiality and integrity of the cluster's control plane, state, and workload configuration are enforced. +3. **Attestation and verifiability**: the two properties above can be verified remotely based on hardware-rooted cryptographic certificates. + +Each of the above properties is equally important. Only with all three in conjunction, an entire cluster can be shielded without gaps. + +## Constellation security features + +Constellation implements the Confidential Kubernetes concept with the following security features. + +* **Runtime encryption**: Constellation runs all Kubernetes nodes inside Confidential VMs (CVMs). This gives runtime encryption for the entire cluster. +* **Network and storage encryption**: Constellation augments this with transparent encryption of the [network](../architecture/networking.md), [persistent storage](../architecture/encrypted-storage.md), and other managed storage like [AWS S3](../architecture/encrypted-storage.md#encrypted-s3-object-storage). Thus, workloads and control plane are truly end-to-end encrypted: at rest, in transit, and at runtime. +* **Transparent key management**: Constellation manages the corresponding [cryptographic keys](../architecture/keys.md) inside CVMs. +* **Node attestation and verification**: Constellation verifies the integrity of each new CVM-based node using [remote attestation](../architecture/attestation.md). Only "good" nodes receive the cryptographic keys required to access the network and storage of a cluster. +* **Confidential computing-optimized images**: A node is "good" if it's running a signed Constellation [node image](../architecture/images.md) inside a CVM and is in the expected state. (Node images are hardware-measured during boot. The measurements are reflected in the attestation statements that are produced by nodes and verified by Constellation.) +* **"Whole cluster" attestation**: Towards the DevOps engineer, Constellation provides a single hardware-rooted certificate from which all of the above can be verified. + +With the above, Constellation wraps an entire cluster into one coherent and verifiable *confidential context*. The concept is depicted in the following. + +![Confidential Kubernetes](../_media/concept-constellation.svg) + +## Contrast: Managed Kubernetes with CVMs + +In contrast, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. + +![Concept: Managed Kubernetes plus CVMs](../_media/concept-managed.svg) + +The following table highlights the key differences in terms of features. + +| | Managed Kubernetes with CVMs | Confidential Kubernetes (Constellation✨) | +|-------------------------------------|------------------------------|--------------------------------------------| +| Runtime encryption | Partial (data plane only)| **Yes** | +| Node image verification | No | **Yes** | +| Full cluster attestation | No | **Yes** | +| Transparent network encryption | No | **Yes** | +| Transparent storage encryption | No | **Yes** | +| Confidential key management | No | **Yes** | +| Cloud agnostic / multi-cloud | No | **Yes** | diff --git a/docs/versioned_docs/version-2.17/overview/license.md b/docs/versioned_docs/version-2.17/overview/license.md new file mode 100644 index 000000000..34122c025 --- /dev/null +++ b/docs/versioned_docs/version-2.17/overview/license.md @@ -0,0 +1,33 @@ +# License + +## Source code + +Constellation's source code is available on [GitHub](https://github.com/edgelesssys/constellation) under the [GNU Affero General Public License v3.0](https://github.com/edgelesssys/constellation/blob/main/LICENSE). + +## Binaries + +Edgeless Systems provides ready-to-use and [signed](../architecture/attestation.md#chain-of-trust) binaries of Constellation. This includes the CLI and the [node images](../architecture/images.md). + +These binaries may be used free of charge within the bounds of Constellation's [**Community License**](#community-license). An [**Enterprise License**](#enterprise-license) can be purchased from Edgeless Systems. + +The Constellation CLI displays relevant license information when you initialize your cluster. You are responsible for staying within the bounds of your respective license. Constellation doesn't enforce any limits so as not to endanger your cluster's availability. + +## Terraform provider + +Edgeless Systems provides a [Terraform provider](https://github.com/edgelesssys/terraform-provider-constellation/releases), which may be used free of charge within the bounds of Constellation's [**Community License**](#community-license). An [**Enterprise License**](#enterprise-license) can be purchased from Edgeless Systems. + +You are responsible for staying within the bounds of your respective license. Constellation doesn't enforce any limits so as not to endanger your cluster's availability. + +## Community License + +You are free to use the Constellation binaries provided by Edgeless Systems to create services for internal consumption, evaluation purposes, or non-commercial use. You must not use the Constellation binaries to provide commercial hosted services to third parties. Edgeless Systems gives no warranties and offers no support. + +## Enterprise License + +Enterprise Licenses don't have the above limitations and come with support and additional features. Find out more at the [product website](https://www.edgeless.systems/products/constellation/). + +Once you have received your Enterprise License file, place it in your [Constellation workspace](../architecture/orchestration.md#workspaces) in a file named `constellation.license`. + +## CSP Marketplaces + +Constellation is available through the Marketplaces of AWS, Azure, GCP, and STACKIT. This allows you to create self-managed Constellation clusters that are billed on a pay-per-use basis (hourly, per vCPU) with your CSP account. You can still get direct support by Edgeless Systems. For more information, please [contact us](https://www.edgeless.systems/enterprise-support/). diff --git a/docs/versioned_docs/version-2.17/overview/performance/application.md b/docs/versioned_docs/version-2.17/overview/performance/application.md new file mode 100644 index 000000000..c67d59644 --- /dev/null +++ b/docs/versioned_docs/version-2.17/overview/performance/application.md @@ -0,0 +1,102 @@ +# Application benchmarks + +## HashiCorp Vault + +[HashiCorp Vault](https://www.vaultproject.io/) is a distributed secrets management software that can be deployed to Kubernetes. +HashiCorp maintains a benchmarking tool for vault, [vault-benchmark](https://github.com/hashicorp/vault-benchmark/). +Vault-benchmark generates load on a Vault deployment and measures response times. + +This article describes the results from running vault-benchmark on Constellation, AKS, and GKE. +You can find the setup for producing the data discussed in this article in the [vault-benchmarks](https://github.com/edgelesssys/vault-benchmarks) repository. + +The Vault API used during benchmarking is the [transits secret engine](https://developer.hashicorp.com/vault/docs/secrets/transit). +This allows services to send data to Vault for encryption, decryption, signing, and verification. + +## Results + +On each run, vault-benchmark sends requests and measures the latencies. +The measured latencies are aggregated through various statistical features. +After running the benchmark n times, the arithmetic mean over a subset of the reported statistics is calculated. +The selected features are arithmetic mean, 99th percentile, minimum, and maximum. + +Arithmetic mean gives a general sense of the latency on each target. +The 99th percentile shows performance in (most likely) erroneous states. +Minimum and maximum mark the range within which latency varies each run. + +The benchmark was configured with 1300 workers and 10 seconds per run. +Those numbers were chosen empirically. +The latency was stabilizing at 10 seconds runtime, not changing with further increase. +Increasing the number of workers beyond 1300 leads to request failures, marking the limit Vault was able to handle in this setup. +All results are based on 100 runs. + +The following data was generated while running five replicas, one primary, and four standby nodes. +All numbers are in seconds if not indicated otherwise. +``` +========== Results AKS ========== +Mean: mean: 1.632200, variance: 0.002057 +P99: mean: 5.480679, variance: 2.263700 +Max: mean: 6.651001, variance: 2.808401 +Min: mean: 0.011415, variance: 0.000133 +========== Results GKE ========== +Mean: mean: 1.656435, variance: 0.003615 +P99: mean: 6.030807, variance: 3.955051 +Max: mean: 7.164843, variance: 3.300004 +Min: mean: 0.010233, variance: 0.000111 +========== Results C11n ========== +Mean: mean: 1.651549, variance: 0.001610 +P99: mean: 5.780422, variance: 3.016106 +Max: mean: 6.942997, variance: 3.075796 +Min: mean: 0.013774, variance: 0.000228 +========== AKS vs C11n ========== +Mean: +1.171577 % (AKS is faster) +P99: +5.185495 % (AKS is faster) +Max: +4.205618 % (AKS is faster) +Min: +17.128781 % (AKS is faster) +========== GKE vs C11n ========== +Mean: -0.295851 % (GKE is slower) +P99: -4.331603 % (GKE is slower) +Max: -3.195248 % (GKE is slower) +Min: +25.710886 % (GKE is faster) +``` + +**Interpretation**: Latencies are all within ~5% of each other. +AKS performs slightly better than GKE and Constellation (C11n) in all cases except minimum latency. +Minimum latency is the lowest for GKE. +Compared to GKE, Constellation had slightly lower peak latencies (99th percentile and maximum), indicating that Constellation could have handled slightly more concurrent accesses than GKE. +Overall, performance is at comparable levels across all three distributions. +Based on these numbers, you can use a similarly sized Constellation cluster to run your existing Vault deployment. + +### Visualization + +The following plots visualize the data presented above as [box plots](https://en.wikipedia.org/wiki/Box_plot). +The whiskers denote the minimum and maximum. +The box stretches from the 25th to the 75th percentile, with the dividing bar marking the 50th percentile. +The circles outside the whiskers denote outliers. + +

    +Mean Latency + +![Mean Latency](../../_media/benchmark_vault/5replicas/mean_latency.png) + +
    + +
    +99th Percentile Latency + +![99th Percentile Latency](../../_media/benchmark_vault/5replicas/p99_latency.png) + +
    + +
    +Maximum Latency + +![Maximum Latency](../../_media/benchmark_vault/5replicas/max_latency.png) + +
    + +
    +Minimum Latency + +![Minimum Latency](../../_media/benchmark_vault/5replicas/min_latency.png) + +
    diff --git a/docs/versioned_docs/version-2.17/overview/performance/io.md b/docs/versioned_docs/version-2.17/overview/performance/io.md new file mode 100644 index 000000000..3ae796f8a --- /dev/null +++ b/docs/versioned_docs/version-2.17/overview/performance/io.md @@ -0,0 +1,204 @@ +# I/O performance benchmarks + +To assess the overall performance of Constellation, this benchmark evaluates Constellation v2.6.0 in terms of storage I/O using [`fio`](https://fio.readthedocs.io/en/latest/fio_doc.html) and network performance using the [Kubernetes Network Benchmark](https://github.com/InfraBuilder/k8s-bench-suite#knb--kubernetes-network-be). + +This benchmark tested Constellation on Azure and GCP and compared the results against the managed Kubernetes offerings AKS and GKE. + +## Configurations + +### Constellation + +The benchmark was conducted with Constellation v2.6.0, Kubernetes v1.25.7, and Cilium v1.12. +It ran on the following infrastructure configurations. + +Constellation on Azure: + +- Nodes: 3 (1 Control-plane, 2 Worker) +- Machines: `DC4as_v5`: 3rd Generation AMD EPYC 7763v (Milan) processor with 4 Cores, 16 GiB memory +- CVM: `true` +- Region: `West US` +- Zone: `2` + +Constellation on GCP: + +- Nodes: 3 (1 Control-plane, 2 Worker) +- Machines: `n2d-standard-4`: 2nd Generation AMD EPYC (Rome) processor with 4 Cores, 16 GiB of memory +- CVM: `true` +- Zone: `europe-west3-b` + +### AKS + +On AKS, the benchmark used Kubernetes `v1.24.9` and nodes with version `AKSUbuntu-1804gen2containerd-2023.02.15`. +AKS ran with the [`kubenet`](https://learn.microsoft.com/en-us/azure/aks/concepts-network#kubenet-basic-networking) CNI and the [default CSI driver](https://learn.microsoft.com/en-us/azure/aks/azure-disk-csi) for Azure Disk. + +The following infrastructure configurations was used: + +- Nodes: 2 (2 Worker) +- Machines: `D4as_v5`: 3rd Generation AMD EPYC 7763v (Milan) processor with 4 Cores, 16 GiB memory +- CVM: `false` +- Region: `West US` +- Zone: `2` + +### GKE + +On GKE, the benchmark used Kubernetes `v1.24.9` and nodes with version `1.24.9-gke.3200`. +GKE ran with the [`kubenet`](https://cloud.google.com/kubernetes-engine/docs/concepts/network-overview) CNI and the [default CSI driver](https://cloud.google.com/kubernetes-engine/docs/how-to/persistent-volumes/gce-pd-csi-driver) for Compute Engine persistent disk. + +The following infrastructure configurations was used: + +- Nodes: 2 (2 Worker) +- Machines: `n2d-standard-4` 2nd Generation AMD EPYC (Rome) processor with 4 Cores, 16 GiB of memory +- CVM: `false` +- Zone: `europe-west3-b` + +## Results + +### Network + +This section gives a thorough analysis of the network performance of Constellation, specifically focusing on measuring TCP and UDP bandwidth. +The benchmark measured the bandwidth of pod-to-pod and pod-to-service connections between two different nodes using [`iperf`](https://iperf.fr/). + +GKE and Constellation on GCP had a maximum network bandwidth of [10 Gbps](https://cloud.google.com/compute/docs/general-purpose-machines#n2d_machines). +AKS with `Standard_D4as_v5` machines a maximum network bandwidth of [12.5 Gbps](https://learn.microsoft.com/en-us/azure/virtual-machines/dasv5-dadsv5-series#dasv5-series). +The Confidential VM equivalent `Standard_DC4as_v5` currently has a network bandwidth of [1.25 Gbps](https://learn.microsoft.com/en-us/azure/virtual-machines/dcasv5-dcadsv5-series#dcasv5-series-products). +Therefore, to make the test comparable, both AKS and Constellation on Azure were running with `Standard_DC4as_v5` machines and 1.25 Gbps bandwidth. + +Constellation on Azure and AKS used an MTU of 1500. +Constellation on GCP used an MTU of 8896. GKE used an MTU of 1450. + +The difference in network bandwidth can largely be attributed to two factors. + +- Constellation's [network encryption](../../architecture/networking.md) via Cilium and WireGuard, which protects data in-transit. +- [AMD SEV using SWIOTLB bounce buffers](https://lore.kernel.org/all/20200204193500.GA15564@ashkalra_ubuntu_server/T/) for all DMA including network I/O. + +#### Pod-to-Pod + +In this scenario, the client Pod connects directly to the server pod via its IP address. + +```mermaid +flowchart LR + subgraph Node A + Client[Client] + end + subgraph Node B + Server[Server] + end + Client ==>|traffic| Server +``` + +The results for "Pod-to-Pod" on Azure are as follows: + +![Network Pod2Pod Azure benchmark graph](../../_media/benchmark_net_p2p_azure.png) + +The results for "Pod-to-Pod" on GCP are as follows: + +![Network Pod2Pod GCP benchmark graph](../../_media/benchmark_net_p2p_gcp.png) + +#### Pod-to-Service + +In this scenario, the client Pod connects to the server Pod via a ClusterIP service. This is more relevant to real-world use cases. + +```mermaid +flowchart LR + subgraph Node A + Client[Client] ==>|traffic| Service[Service] + end + subgraph Node B + Server[Server] + end + Service ==>|traffic| Server +``` + +The results for "Pod-to-Pod" on Azure are as follows: + +![Network Pod2SVC Azure benchmark graph](../../_media/benchmark_net_p2svc_azure.png) + +The results for "Pod-to-Pod" on GCP are as follows: + +![Network Pod2SVC GCP benchmark graph](../../_media/benchmark_net_p2svc_gcp.png) + +In our recent comparison of Constellation on GCP with GKE, Constellation has 58% less TCP bandwidth. However, UDP bandwidth was slightly better with Constellation, thanks to its higher MTU. + +Similarly, when comparing Constellation on Azure with AKS using CVMs, Constellation achieved approximately 10% less TCP and 40% less UDP bandwidth. + +### Storage I/O + +Azure and GCP offer persistent storage for their Kubernetes services AKS and GKE via the Container Storage Interface (CSI). CSI storage in Kubernetes is available via `PersistentVolumes` (PV) and consumed via `PersistentVolumeClaims` (PVC). +Upon requesting persistent storage through a PVC, GKE and AKS will provision a PV as defined by a default [storage class](https://kubernetes.io/docs/concepts/storage/storage-classes/). +Constellation provides persistent storage on Azure and GCP [that's encrypted on the CSI layer](../../architecture/encrypted-storage.md). +Similarly, upon a PVC request, Constellation will provision a PV via a default storage class. + +For Constellation on Azure and AKS, the benchmark ran with Azure Disk storage [Standard SSD](https://learn.microsoft.com/en-us/azure/virtual-machines/disks-types#standard-ssds) of 400 GiB size. +The [DC4as machine type](https://learn.microsoft.com/en-us/azure/virtual-machines/dasv5-dadsv5-series#dasv5-series) with four cores provides the following maximum performance: + +- 6400 (20000 burst) IOPS +- 144 MB/s (600 MB/s burst) throughput + +However, the performance is bound by the capabilities of the [512 GiB Standard SSD size](https://learn.microsoft.com/en-us/azure/virtual-machines/disks-types#standard-ssds) (the size class of 400 GiB volumes): + +- 500 (600 burst) IOPS +- 60 MB/s (150 MB/s burst) throughput + +For Constellation on GCP and GKE, the benchmark ran with Compute Engine Persistent Disk Storage [pd-balanced](https://cloud.google.com/compute/docs/disks) of 400 GiB size. +The N2D machine type with four cores and pd-balanced provides the following [maximum performance](https://cloud.google.com/compute/docs/disks/performance#n2d_vms): + +- 3,000 read IOPS +- 15,000 write IOPS +- 240 MB/s read throughput +- 240 MB/s write throughput + +However, the performance is bound by the capabilities of a [`Zonal balanced PD`](https://cloud.google.com/compute/docs/disks/performance#zonal-persistent-disks) with 400 GiB size: + +- 2400 read IOPS +- 2400 write IOPS +- 112 MB/s read throughput +- 112 MB/s write throughput + +The [`fio`](https://fio.readthedocs.io/en/latest/fio_doc.html) benchmark consists of several tests. +The benchmark used [`Kubestr`](https://github.com/kastenhq/kubestr) to run `fio` in Kubernetes. +The default test performs randomized access patterns that accurately depict worst-case I/O scenarios for most applications. + +The following `fio` settings were used: + +- No Cloud caching +- No OS caching +- Single CPU +- 60 seconds runtime +- 10 seconds ramp-up time +- 10 GiB file +- IOPS: 4 KB blocks and 128 iodepth +- Bandwidth: 1024 KB blocks and 128 iodepth + +For more details, see the [`fio` test configuration](https://github.com/edgelesssys/constellation/blob/main/.github/actions/e2e_benchmark/fio.ini). + +The results for IOPS on Azure are as follows: + +![I/O IOPS Azure benchmark graph](../../_media/benchmark_fio_azure_iops.png) + +The results for IOPS on GCP are as follows: + +![I/O IOPS GCP benchmark graph](../../_media/benchmark_fio_gcp_iops.png) + +The results for bandwidth on Azure are as follows: + +![I/O bandwidth Azure benchmark graph](../../_media/benchmark_fio_azure_bw.png) + +The results for bandwidth on GCP are as follows: + +![I/O bandwidth GCP benchmark graph](../../_media/benchmark_fio_gcp_bw.png) + +On GCP, the results exceed the maximum performance guarantees of the chosen disk type. There are two possible explanations for this. The first is that there may be cloud caching in place that isn't configurable. Alternatively, the underlying provisioned disk size may be larger than what was requested, resulting in higher performance boundaries. + +When comparing Constellation on GCP with GKE, Constellation has similar bandwidth but about 10% less IOPS performance. On Azure, Constellation has similar IOPS performance compared to AKS, where both likely hit the maximum storage performance. However, Constellation has approximately 15% less read and write bandwidth. + +## Conclusion + +Despite the added [security benefits](../security-benefits.md) that Constellation provides, it only incurs a slight performance overhead when compared to managed Kubernetes offerings such as AKS and GKE. In most compute benchmarks, Constellation is on par with it's alternatives. +While it may be slightly slower in certain I/O scenarios due to network and storage encryption, there is ongoing work to reduce this overhead to single digits. + +For instance, storage encryption only adds between 10% to 15% overhead in terms of bandwidth and IOPS. +Meanwhile, the biggest performance impact that Constellation currently faces is network encryption, which can incur up to 58% overhead on a 10 Gbps network. +However, the Cilium team has conducted [benchmarks with Cilium using WireGuard encryption](https://docs.cilium.io/en/latest/operations/performance/benchmark/#encryption-wireguard-ipsec) on a 100 Gbps network that yielded over 15 Gbps. +We're confident that Constellation will provide a similar level of performance with an upcoming release. + +Overall, Constellation strikes a great balance between security and performance, and we're continuously working to improve its performance capabilities while maintaining its high level of security. diff --git a/docs/versioned_docs/version-2.17/overview/performance/performance.md b/docs/versioned_docs/version-2.17/overview/performance/performance.md new file mode 100644 index 000000000..7f22a693e --- /dev/null +++ b/docs/versioned_docs/version-2.17/overview/performance/performance.md @@ -0,0 +1,25 @@ +# Performance analysis of Constellation + +This section provides a comprehensive examination of the performance characteristics of Constellation, encompassing various aspects, including runtime encryption, I/O benchmarks, and real-world applications. + +## Impact of runtime encryption on performance + +All nodes in a Constellation cluster are executed inside Confidential VMs (CVMs). Consequently, the performance of Constellation is inherently linked to the performance of these CVMs. + +### AMD and Azure benchmarking + +AMD and Azure have collectively released a [performance benchmark](https://community.amd.com/t5/business/microsoft-azure-confidential-computing-powered-by-3rd-gen-epyc/ba-p/497796) for CVMs that utilize 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. This benchmark, which included a variety of mostly compute-intensive tests such as SPEC CPU 2017 and CoreMark, demonstrated that CVMs experience only minor performance degradation (ranging from 2% to 8%) when compared to standard VMs. Such results are indicative of the performance that can be expected from compute-intensive workloads running with Constellation on Azure. + +### AMD and Google benchmarking + +Similarly, AMD and Google have jointly released a [performance benchmark](https://www.amd.com/system/files/documents/3rd-gen-epyc-gcp-c2d-conf-compute-perf-brief.pdf) for CVMs employing 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. With high-performance computing workloads such as WRF, NAMD, Ansys CFS, and Ansys LS_DYNA, they observed analogous findings, with only minor performance degradation (between 2% and 4%) compared to standard VMs. These outcomes are reflective of the performance that can be expected for compute-intensive workloads running with Constellation on GCP. + +## I/O performance benchmarks + +We evaluated the [I/O performance](io.md) of Constellation, utilizing a collection of synthetic benchmarks targeting networking and storage. +We further compared this performance to native managed Kubernetes offerings from various cloud providers, to better understand how Constellation stands in relation to standard practices. + +## Application benchmarking + +To gauge Constellation's applicability to well-known applications, we performed a [benchmark of HashiCorp Vault](application.md) running on Constellation. +The results were then compared to deployments on the managed Kubernetes offerings from different cloud providers, providing a tangible perspective on Constellation's performance in actual deployment scenarios. diff --git a/docs/versioned_docs/version-2.17/overview/product.md b/docs/versioned_docs/version-2.17/overview/product.md new file mode 100644 index 000000000..4b5d90706 --- /dev/null +++ b/docs/versioned_docs/version-2.17/overview/product.md @@ -0,0 +1,12 @@ +# Product features + +Constellation is a Kubernetes engine that aims to provide the best possible data security in combination with enterprise-grade scalability and reliability features---and a smooth user experience. + +From a security perspective, Constellation implements the [Confidential Kubernetes](confidential-kubernetes.md) concept and corresponding security features, which shield your entire cluster from the underlying infrastructure. + +From an operational perspective, Constellation provides the following key features: + +* **Native support for different clouds**: Constellation works on Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), and STACKIT. Support for OpenStack-based environments is coming with a future release. Constellation securely interfaces with the cloud infrastructure to provide [cluster autoscaling](https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler), [dynamic persistent volumes](https://kubernetes.io/docs/concepts/storage/dynamic-provisioning/), and [service load balancing](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer). +* **High availability**: Constellation uses a [multi-master architecture](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/high-availability/) with a [stacked etcd topology](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/ha-topology/#stacked-etcd-topology) to ensure high availability. +* **Integrated Day-2 operations**: Constellation lets you securely [upgrade](../workflows/upgrade.md) your cluster to a new release. It also lets you securely [recover](../workflows/recovery.md) a failed cluster. Both with a single command. +* **Support for Terraform**: Constellation includes a [Terraform provider](../workflows/terraform-provider.md) that lets you manage the full lifecycle of your cluster via Terraform. diff --git a/docs/versioned_docs/version-2.17/overview/security-benefits.md b/docs/versioned_docs/version-2.17/overview/security-benefits.md new file mode 100644 index 000000000..51a8b64f5 --- /dev/null +++ b/docs/versioned_docs/version-2.17/overview/security-benefits.md @@ -0,0 +1,22 @@ +# Security benefits and threat model + +Constellation implements the [Confidential Kubernetes](confidential-kubernetes.md) concept and shields entire Kubernetes deployments from the infrastructure. More concretely, Constellation decreases the size of the trusted computing base (TCB) of a Kubernetes deployment. The TCB is the totality of elements in a computing environment that must be trusted not to be compromised. A smaller TCB results in a smaller attack surface. The following diagram shows how Constellation removes the *cloud & datacenter infrastructure* and the *physical hosts*, including the hypervisor, the host OS, and other components, from the TCB (red). Inside the confidential context (green), Kubernetes remains part of the TCB, but its integrity is attested and can be [verified](../workflows/verify-cluster.md). + +![TCB comparison](../_media/tcb.svg) + +Given this background, the following describes the concrete threat classes that Constellation addresses. + +## Insider access + +Employees and third-party contractors of cloud service providers (CSPs) have access to different layers of the cloud infrastructure. +This opens up a large attack surface where workloads and data can be read, copied, or manipulated. With Constellation, Kubernetes deployments are shielded from the infrastructure and thus such accesses are prevented. + +## Infrastructure-based attacks + +Malicious cloud users ("hackers") may break out of their tenancy and access other tenants' data. Advanced attackers may even be able to establish a permanent foothold within the infrastructure and access data over a longer period. Analogously to the *insider access* scenario, Constellation also prevents access to a deployment's data in this scenario. + +## Supply chain attacks + +Supply chain security is receiving lots of attention recently due to an [increasing number of recorded attacks](https://www.enisa.europa.eu/news/enisa-news/understanding-the-increase-in-supply-chain-security-attacks). For instance, a malicious actor could attempt to tamper Constellation node images (including Kubernetes and other software) before they're loaded in the confidential VMs of a cluster. Constellation uses [remote attestation](../architecture/attestation.md) in conjunction with public [transparency logs](../workflows/verify-cli.md) to prevent this. + +In the future, Constellation will extend this feature to customer workloads. This will enable cluster owners to create auditable policies that precisely define which containers can run in a given deployment. diff --git a/docs/versioned_docs/version-2.17/reference/cli.md b/docs/versioned_docs/version-2.17/reference/cli.md new file mode 100644 index 000000000..a728474e7 --- /dev/null +++ b/docs/versioned_docs/version-2.17/reference/cli.md @@ -0,0 +1,843 @@ +# CLI reference + + + +Use the Constellation CLI to create and manage your clusters. + +Usage: + +``` +constellation [command] +``` +Commands: + +* [config](#constellation-config): Work with the Constellation configuration file + * [generate](#constellation-config-generate): Generate a default configuration and state file + * [fetch-measurements](#constellation-config-fetch-measurements): Fetch measurements for configured cloud provider and image + * [instance-types](#constellation-config-instance-types): Print the supported instance types for all cloud providers + * [kubernetes-versions](#constellation-config-kubernetes-versions): Print the Kubernetes versions supported by this CLI + * [migrate](#constellation-config-migrate): Migrate a configuration file to a new version +* [create](#constellation-create): Create instances on a cloud platform for your Constellation cluster +* [apply](#constellation-apply): Apply a configuration to a Constellation cluster +* [mini](#constellation-mini): Manage MiniConstellation clusters + * [up](#constellation-mini-up): Create and initialize a new MiniConstellation cluster + * [down](#constellation-mini-down): Destroy a MiniConstellation cluster +* [status](#constellation-status): Show status of a Constellation cluster +* [verify](#constellation-verify): Verify the confidential properties of a Constellation cluster +* [upgrade](#constellation-upgrade): Find and apply upgrades to your Constellation cluster + * [check](#constellation-upgrade-check): Check for possible upgrades + * [apply](#constellation-upgrade-apply): Apply an upgrade to a Constellation cluster +* [recover](#constellation-recover): Recover a completely stopped Constellation cluster +* [terminate](#constellation-terminate): Terminate a Constellation cluster +* [iam](#constellation-iam): Work with the IAM configuration on your cloud provider + * [create](#constellation-iam-create): Create IAM configuration on a cloud platform for your Constellation cluster + * [aws](#constellation-iam-create-aws): Create IAM configuration on AWS for your Constellation cluster + * [azure](#constellation-iam-create-azure): Create IAM configuration on Microsoft Azure for your Constellation cluster + * [gcp](#constellation-iam-create-gcp): Create IAM configuration on GCP for your Constellation cluster + * [destroy](#constellation-iam-destroy): Destroy an IAM configuration and delete local Terraform files + * [upgrade](#constellation-iam-upgrade): Find and apply upgrades to your IAM profile + * [apply](#constellation-iam-upgrade-apply): Apply an upgrade to an IAM profile +* [version](#constellation-version): Display version of this CLI +* [init](#constellation-init): Initialize the Constellation cluster + +## constellation config + +Work with the Constellation configuration file + +### Synopsis + +Work with the Constellation configuration file. + +### Options + +``` + -h, --help help for config +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation config generate + +Generate a default configuration and state file + +### Synopsis + +Generate a default configuration and state file for your selected cloud provider. + +``` +constellation config generate {aws|azure|gcp|openstack|qemu|stackit} [flags] +``` + +### Options + +``` + -a, --attestation string attestation variant to use {aws-sev-snp|aws-nitro-tpm|azure-sev-snp|azure-tdx|azure-trustedlaunch|gcp-sev-es|gcp-sev-snp|qemu-vtpm}. If not specified, the default for the cloud provider is used + -h, --help help for generate + -k, --kubernetes string Kubernetes version to use in format MAJOR.MINOR (default "v1.29") + -t, --tags strings additional tags for created resources given a list of key=value +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation config fetch-measurements + +Fetch measurements for configured cloud provider and image + +### Synopsis + +Fetch measurements for configured cloud provider and image. + +A config needs to be generated first. + +``` +constellation config fetch-measurements [flags] +``` + +### Options + +``` + -h, --help help for fetch-measurements + -s, --signature-url string alternative URL to fetch measurements' signature from + -u, --url string alternative URL to fetch measurements from +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation config instance-types + +Print the supported instance types for all cloud providers + +### Synopsis + +Print the supported instance types for all cloud providers. + +``` +constellation config instance-types [flags] +``` + +### Options + +``` + -h, --help help for instance-types +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation config kubernetes-versions + +Print the Kubernetes versions supported by this CLI + +### Synopsis + +Print the Kubernetes versions supported by this CLI. + +``` +constellation config kubernetes-versions [flags] +``` + +### Options + +``` + -h, --help help for kubernetes-versions +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation config migrate + +Migrate a configuration file to a new version + +### Synopsis + +Migrate a configuration file to a new version. + +``` +constellation config migrate [flags] +``` + +### Options + +``` + -h, --help help for migrate +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation create + +Create instances on a cloud platform for your Constellation cluster + +### Synopsis + +Create instances on a cloud platform for your Constellation cluster. + +``` +constellation create [flags] +``` + +### Options + +``` + -h, --help help for create + -y, --yes create the cluster without further confirmation +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation apply + +Apply a configuration to a Constellation cluster + +### Synopsis + +Apply a configuration to a Constellation cluster to initialize or upgrade the cluster. + +``` +constellation apply [flags] +``` + +### Options + +``` + --conformance enable conformance mode + -h, --help help for apply + --merge-kubeconfig merge Constellation kubeconfig file with default kubeconfig file in $HOME/.kube/config + --skip-helm-wait install helm charts without waiting for deployments to be ready + --skip-phases strings comma-separated list of upgrade phases to skip + one or multiple of { infrastructure | init | attestationconfig | certsans | helm | image | k8s } + -y, --yes run command without further confirmation + WARNING: the command might delete or update existing resources without additional checks. Please read the docs. + +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation mini + +Manage MiniConstellation clusters + +### Synopsis + +Manage MiniConstellation clusters. + +### Options + +``` + -h, --help help for mini +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation mini up + +Create and initialize a new MiniConstellation cluster + +### Synopsis + +Create and initialize a new MiniConstellation cluster. + +A mini cluster consists of a single control-plane and worker node, hosted using QEMU/KVM. + +``` +constellation mini up [flags] +``` + +### Options + +``` + -h, --help help for up + --merge-kubeconfig merge Constellation kubeconfig file with default kubeconfig file in $HOME/.kube/config (default true) +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation mini down + +Destroy a MiniConstellation cluster + +### Synopsis + +Destroy a MiniConstellation cluster. + +``` +constellation mini down [flags] +``` + +### Options + +``` + -h, --help help for down + -y, --yes terminate the cluster without further confirmation +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation status + +Show status of a Constellation cluster + +### Synopsis + +Show the status of a constellation cluster. + +Shows microservice, image, and Kubernetes versions installed in the cluster. Also shows status of current version upgrades. + +``` +constellation status [flags] +``` + +### Options + +``` + -h, --help help for status +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation verify + +Verify the confidential properties of a Constellation cluster + +### Synopsis + +Verify the confidential properties of a Constellation cluster. +If arguments aren't specified, values are read from `constellation-state.yaml`. + +``` +constellation verify [flags] +``` + +### Options + +``` + --cluster-id string expected cluster identifier + -h, --help help for verify + -e, --node-endpoint string endpoint of the node to verify, passed as HOST[:PORT] + -o, --output string print the attestation document in the output format {json|raw} +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation upgrade + +Find and apply upgrades to your Constellation cluster + +### Synopsis + +Find and apply upgrades to your Constellation cluster. + +### Options + +``` + -h, --help help for upgrade +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation upgrade check + +Check for possible upgrades + +### Synopsis + +Check which upgrades can be applied to your Constellation Cluster. + +``` +constellation upgrade check [flags] +``` + +### Options + +``` + -h, --help help for check + --ref string the reference to use for querying new versions (default "-") + --stream string the stream to use for querying new versions (default "stable") + -u, --update-config update the specified config file with the suggested versions +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation upgrade apply + +Apply an upgrade to a Constellation cluster + +### Synopsis + +Apply an upgrade to a Constellation cluster by applying the chosen configuration. + +``` +constellation upgrade apply [flags] +``` + +### Options + +``` + --conformance enable conformance mode + -h, --help help for apply + --skip-helm-wait install helm charts without waiting for deployments to be ready + --skip-phases strings comma-separated list of upgrade phases to skip + one or multiple of { infrastructure | helm | image | k8s } + -y, --yes run upgrades without further confirmation + WARNING: might delete your resources in case you are using cert-manager in your cluster. Please read the docs. + WARNING: might unintentionally overwrite measurements in the running cluster. +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation recover + +Recover a completely stopped Constellation cluster + +### Synopsis + +Recover a Constellation cluster by sending a recovery key to an instance in the boot stage. + +This is only required if instances restart without other instances available for bootstrapping. + +``` +constellation recover [flags] +``` + +### Options + +``` + -e, --endpoint string endpoint of the instance, passed as HOST[:PORT] + -h, --help help for recover +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation terminate + +Terminate a Constellation cluster + +### Synopsis + +Terminate a Constellation cluster. + +The cluster can't be started again, and all persistent storage will be lost. + +``` +constellation terminate [flags] +``` + +### Options + +``` + -h, --help help for terminate + -y, --yes terminate the cluster without further confirmation +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation iam + +Work with the IAM configuration on your cloud provider + +### Synopsis + +Work with the IAM configuration on your cloud provider. + +### Options + +``` + -h, --help help for iam +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation iam create + +Create IAM configuration on a cloud platform for your Constellation cluster + +### Synopsis + +Create IAM configuration on a cloud platform for your Constellation cluster. + +### Options + +``` + -h, --help help for create + --update-config update the config file with the specific IAM information + -y, --yes create the IAM configuration without further confirmation +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation iam create aws + +Create IAM configuration on AWS for your Constellation cluster + +### Synopsis + +Create IAM configuration on AWS for your Constellation cluster. + +``` +constellation iam create aws [flags] +``` + +### Options + +``` + -h, --help help for aws + --prefix string name prefix for all resources (required) + --zone string AWS availability zone the resources will be created in, e.g., us-east-2a (required) + See the Constellation docs for a list of currently supported regions. +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + --update-config update the config file with the specific IAM information + -C, --workspace string path to the Constellation workspace + -y, --yes create the IAM configuration without further confirmation +``` + +## constellation iam create azure + +Create IAM configuration on Microsoft Azure for your Constellation cluster + +### Synopsis + +Create IAM configuration on Microsoft Azure for your Constellation cluster. + +``` +constellation iam create azure [flags] +``` + +### Options + +``` + -h, --help help for azure + --region string region the resources will be created in, e.g., westus (required) + --resourceGroup string name prefix of the two resource groups your cluster / IAM resources will be created in (required) + --servicePrincipal string name of the service principal that will be created (required) +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + --update-config update the config file with the specific IAM information + -C, --workspace string path to the Constellation workspace + -y, --yes create the IAM configuration without further confirmation +``` + +## constellation iam create gcp + +Create IAM configuration on GCP for your Constellation cluster + +### Synopsis + +Create IAM configuration on GCP for your Constellation cluster. + +``` +constellation iam create gcp [flags] +``` + +### Options + +``` + -h, --help help for gcp + --projectID string ID of the GCP project the configuration will be created in (required) + Find it on the welcome screen of your project: https://console.cloud.google.com/welcome + --serviceAccountID string ID for the service account that will be created (required) + Must be 6 to 30 lowercase letters, digits, or hyphens. + --zone string GCP zone the cluster will be deployed in (required) + Find a list of available zones here: https://cloud.google.com/compute/docs/regions-zones#available +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + --update-config update the config file with the specific IAM information + -C, --workspace string path to the Constellation workspace + -y, --yes create the IAM configuration without further confirmation +``` + +## constellation iam destroy + +Destroy an IAM configuration and delete local Terraform files + +### Synopsis + +Destroy an IAM configuration and delete local Terraform files. + +``` +constellation iam destroy [flags] +``` + +### Options + +``` + -h, --help help for destroy + -y, --yes destroy the IAM configuration without asking for confirmation +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation iam upgrade + +Find and apply upgrades to your IAM profile + +### Synopsis + +Find and apply upgrades to your IAM profile. + +### Options + +``` + -h, --help help for upgrade +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation iam upgrade apply + +Apply an upgrade to an IAM profile + +### Synopsis + +Apply an upgrade to an IAM profile. + +``` +constellation iam upgrade apply [flags] +``` + +### Options + +``` + -h, --help help for apply + -y, --yes run upgrades without further confirmation +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation version + +Display version of this CLI + +### Synopsis + +Display version of this CLI. + +``` +constellation version [flags] +``` + +### Options + +``` + -h, --help help for version +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation init + +Initialize the Constellation cluster + +### Synopsis + +Initialize the Constellation cluster. + +Start your confidential Kubernetes. + +``` +constellation init [flags] +``` + +### Options + +``` + --conformance enable conformance mode + -h, --help help for init + --merge-kubeconfig merge Constellation kubeconfig file with default kubeconfig file in $HOME/.kube/config + --skip-helm-wait install helm charts without waiting for deployments to be ready +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + diff --git a/docs/versioned_docs/version-2.17/reference/migration.md b/docs/versioned_docs/version-2.17/reference/migration.md new file mode 100644 index 000000000..36680eef6 --- /dev/null +++ b/docs/versioned_docs/version-2.17/reference/migration.md @@ -0,0 +1,85 @@ +# Migrations + +This document describes breaking changes and migrations between Constellation releases. +Use [`constellation config migrate`](./cli.md#constellation-config-migrate) to automatically update an old config file to a new format. + +## Migrating from Azure's service principal authentication to managed identity authentication + +- The `provider.azure.appClientID` and `provider.azure.appClientSecret` fields are no longer supported and should be removed. +- To keep using an existing UAMI, add the `Owner` permission with the scope of your `resourceGroup`. +- Otherwise, simply [create new Constellation IAM credentials](../workflows/config.md#creating-an-iam-configuration) and use the created UAMI. +- To migrate the authentication for an existing cluster on Azure to an UAMI with the necessary permissions: + 1. Remove the `aadClientId` and `aadClientSecret` from the azureconfig secret. + 2. Set `useManagedIdentityExtension` to `true` and use the `userAssignedIdentity` from the Constellation config for the value of `userAssignedIdentityID`. + 3. Restart the CSI driver, cloud controller manager, cluster autoscaler, and Constellation operator pods. + + +## Migrating from CLI versions before 2.10 + +- AWS cluster upgrades require additional IAM permissions for the newly introduced `aws-load-balancer-controller`. Please upgrade your IAM roles using `iam upgrade apply`. This will show necessary changes and apply them, if desired. +- The global `nodeGroups` field was added. +- The fields `instanceType`, `stateDiskSizeGB`, and `stateDiskType` for each cloud provider are now part of the configuration of individual node groups. +- The `constellation create` command no longer uses the flags `--control-plane-count` and `--worker-count`. Instead, the initial node count is configured per node group in the `nodeGroups` field. + +## Migrating from CLI versions before 2.9 + +- The `provider.azure.appClientID` and `provider.azure.clientSecretValue` fields were removed to enforce migration to managed identity authentication + +## Migrating from CLI versions before 2.8 + +- The `measurements` field for each cloud service provider was replaced with a global `attestation` field. +- The `confidentialVM`, `idKeyDigest`, and `enforceIdKeyDigest` fields for the Azure cloud service provider were removed in favor of using the global `attestation` field. +- The optional global field `attestationVariant` was replaced by the now required `attestation` field. + +## Migrating from CLI versions before 2.3 + +- The `sshUsers` field was deprecated in v2.2 and has been removed from the configuration in v2.3. + As an alternative for SSH, check the workflow section [Connect to nodes](../workflows/troubleshooting.md#node-shell-access). +- The `image` field for each cloud service provider has been replaced with a global `image` field. Use the following mapping to migrate your configuration: +
    + Show all + + | CSP | old image | new image | + | ----- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------- | + | AWS | `ami-06b8cbf4837a0a57c` | `v2.2.2` | + | AWS | `ami-02e96dc04a9e438cd` | `v2.2.2` | + | AWS | `ami-028ead928a9034b2f` | `v2.2.2` | + | AWS | `ami-032ac10dd8d8266e3` | `v2.2.1` | + | AWS | `ami-032e0d57cc4395088` | `v2.2.1` | + | AWS | `ami-053c3e49e19b96bdd` | `v2.2.1` | + | AWS | `ami-0e27ebcefc38f648b` | `v2.2.0` | + | AWS | `ami-098cd37f66523b7c3` | `v2.2.0` | + | AWS | `ami-04a87d302e2509aad` | `v2.2.0` | + | Azure | `/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.Compute/galleries/Constellation/images/constellation/versions/2.2.2` | `v2.2.2` | + | Azure | `/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.Compute/galleries/Constellation_CVM/images/constellation/versions/2.2.2` | `v2.2.2` | + | Azure | `/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.Compute/galleries/Constellation/images/constellation/versions/2.2.1` | `v2.2.1` | + | Azure | `/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.Compute/galleries/Constellation_CVM/images/constellation/versions/2.2.1` | `v2.2.1` | + | Azure | `/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.Compute/galleries/Constellation/images/constellation/versions/2.2.0` | `v2.2.0` | + | Azure | `/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.Compute/galleries/Constellation_CVM/images/constellation/versions/2.2.0` | `v2.2.0` | + | Azure | `/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.Compute/galleries/Constellation/images/constellation/versions/2.1.0` | `v2.1.0` | + | Azure | `/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.Compute/galleries/Constellation_CVM/images/constellation/versions/2.1.0` | `v2.1.0` | + | Azure | `/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.Compute/galleries/Constellation/images/constellation/versions/2.0.0` | `v2.0.0` | + | Azure | `/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.Compute/galleries/Constellation_CVM/images/constellation/versions/2.0.0` | `v2.0.0` | + | GCP | `projects/constellation-images/global/images/constellation-v2-2-2` | `v2.2.2` | + | GCP | `projects/constellation-images/global/images/constellation-v2-2-1` | `v2.2.1` | + | GCP | `projects/constellation-images/global/images/constellation-v2-2-0` | `v2.2.0` | + | GCP | `projects/constellation-images/global/images/constellation-v2-1-0` | `v2.1.0` | + | GCP | `projects/constellation-images/global/images/constellation-v2-0-0` | `v2.0.0` | +
    +- The `enforcedMeasurements` field has been removed and merged with the `measurements` field. + - To migrate your config containing a new image (`v2.3` or greater), remove the old `measurements` and `enforcedMeasurements` entries from your config and run `constellation fetch-measurements` + - To migrate your config containing an image older than `v2.3`, remove the `enforcedMeasurements` entry and replace the entries in `measurements` as shown in the example below: + + ```diff + measurements: + - 0: DzXCFGCNk8em5ornNZtKi+Wg6Z7qkQfs5CfE3qTkOc8= + + 0: + + expected: DzXCFGCNk8em5ornNZtKi+Wg6Z7qkQfs5CfE3qTkOc8= + + warnOnly: true + - 8: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= + + 8: + + expected: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= + + warnOnly: false + -enforcedMeasurements: + - - 8 + ``` diff --git a/docs/versioned_docs/version-2.17/reference/slsa.md b/docs/versioned_docs/version-2.17/reference/slsa.md new file mode 100644 index 000000000..21f4e713c --- /dev/null +++ b/docs/versioned_docs/version-2.17/reference/slsa.md @@ -0,0 +1,73 @@ +# Supply chain levels for software artifacts (SLSA) adoption + +[Supply chain Levels for Software Artifacts, or SLSA (salsa)](https://slsa.dev/) is a framework for improving and grading a project's build system and engineering processes. SLSA focuses on security improvements for source code storage as well as build system definition, execution, and observation. SLSA is structured in [four levels](https://slsa.dev/spec/v0.1/levels). This page describes the adoption of SLSA for Constellation. + +:::info +SLSA is still in alpha status. The presented levels and their requirements might change in the future. We will adopt any changes into our engineering processes, as they get defined. +::: + +## Level 1 - Adopted + +**[Build - Scripted](https://slsa.dev/spec/v0.1/requirements#scripted-build)** + +All build steps are automated via [Bazel](https://github.com/edgelesssys/constellation/tree/main/bazel/ci) and [GitHub Actions](https://github.com/edgelesssys/constellation/tree/main/.github). + +**[Provenance - Available](https://slsa.dev/spec/v0.1/requirements#available)** + +Provenance for the CLI is generated using the [slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator). + +## Level 2 - Adopted + +**[Source - Version Controlled](https://slsa.dev/spec/v0.1/requirements#version-controlled)** + +Constellation is hosted on GitHub using git. + +**[Build - Build Service](https://slsa.dev/spec/v0.1/requirements#build-service)** + +All builds are carried out by [GitHub Actions](https://github.com/edgelesssys/constellation/tree/main/.github). + +**[Provenance - Authenticated](https://slsa.dev/spec/v0.1/requirements#authenticated)** + +Provenance for the CLI is signed using the [slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator). Learn [how to verify the CLI](../workflows/verify-cli.md) using the signed provenance, before using it for the first time. + +**[Provenance - Service Generated](https://slsa.dev/spec/v0.1/requirements#service-generated)** + +Provenance for the CLI is generated using the [slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) in GitHub Actions. + +## Level 3 - Adopted + +**[Source - Verified History](https://slsa.dev/spec/v0.1/requirements#verified-history)** + +The [Edgeless Systems](https://github.com/edgelesssys) GitHub organization [requires two-factor authentication](https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization) for all members. + +**[Source - Retained Indefinitely](https://slsa.dev/spec/v0.1/requirements#retained-indefinitely)** + +Since we use GitHub to host the repository, an external person can't modify or delete the history. Before a pull request can be merged, an explicit approval from an [Edgeless Systems](https://github.com/edgelesssys) team member is required. + +The same holds true for changes proposed by team members. Each change to `main` needs to be proposed via a pull request and requires at least one approval. + +The [Edgeless Systems](https://github.com/edgelesssys) GitHub organization admins control these settings and are able to make changes to the repository's history should legal requirements necessitate it. These changes require two-party approval following the obliterate policy. + +**[Build - Build as Code](https://slsa.dev/spec/v0.1/requirements#build-as-code)** + +All build files for Constellation are stored in [the same repository](https://github.com/edgelesssys/constellation/tree/main/.github). + +**[Build - Ephemeral Environment](https://slsa.dev/spec/v0.1/requirements#ephemeral-environment)** + +All GitHub Action workflows are executed on [GitHub-hosted runners](https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners). These runners are only available during workflow. + +We currently don't use [self-hosted runners](https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners). + +**[Build - Isolated](https://slsa.dev/spec/v0.1/requirements#isolated)** + +As outlined in the previous section, we use GitHub-hosted runners, which provide a new, isolated and ephemeral environment for each build. + +Additionally, the [SLSA GitHub generator](https://github.com/slsa-framework/slsa-github-generator#generation-of-provenance) itself is run in an isolated workflow with the artifact hash as defined inputs. + +**[Provenance - Non-falsifiable](https://slsa.dev/spec/v0.1/requirements#non-falsifiable)** + +As outlined by [SLSA GitHub generator](https://github.com/slsa-framework/slsa-github-generator) it already fulfills the non-falsifiable requirements for SLSA Level 3. The generated provenance is signed using [sigstore](https://sigstore.dev/) with an OIDC based proof of identity. + +## Level 4 - In Progress + +We strive to adopt certain aspect of SLSA Level 4 that support our engineering process. At the same time, SLSA is still in alpha status and the biggest changes to SLSA are expected to be around Level 4. diff --git a/docs/versioned_docs/version-2.17/reference/terraform.md b/docs/versioned_docs/version-2.17/reference/terraform.md new file mode 100644 index 000000000..9825a8bb8 --- /dev/null +++ b/docs/versioned_docs/version-2.17/reference/terraform.md @@ -0,0 +1,37 @@ +# Terraform usage + +[Terraform](https://www.terraform.io/) is an Infrastructure as Code (IaC) framework to manage cloud resources. This page explains how Constellation uses it internally and how advanced users may manually use it to have more control over the resource creation. + +:::info +Information on this page is intended for users who are familiar with Terraform. +It's not required for common usage of Constellation. +See the [Terraform documentation](https://developer.hashicorp.com/terraform/docs) if you want to learn more about it. +::: + +## Terraform state files + +Constellation keeps Terraform state files in subdirectories of the workspace together with the corresponding Terraform configuration files and metadata. +The subdirectories are created on the first Constellation CLI action that uses Terraform internally. + +Currently, these subdirectories are: + +* `constellation-terraform` - Terraform state files for the resources of the Constellation cluster +* `constellation-iam-terraform` - Terraform state files for IAM configuration + +As with all commands, commands that work with these files (e.g., `apply`, `terminate`, `iam`) have to be executed from the root of the cluster's [workspace directory](../architecture/orchestration.md#workspaces). You usually don't need and shouldn't manipulate or delete the subdirectories manually. + +## Interacting with Terraform manually + +Manual interaction with Terraform state created by Constellation (i.e., via the Terraform CLI) should only be performed by experienced users. It may lead to unrecoverable loss of cloud resources. For the majority of users and use cases, the interaction done by the [Constellation CLI](cli.md) is sufficient. + +## Terraform debugging + +To debug Terraform issues, the Constellation CLI offers the `tf-log` flag. You can set it to any of [Terraform's log levels](https://developer.hashicorp.com/terraform/internals/debugging): +* `JSON` (JSON-formatted logs at `TRACE` level) +* `TRACE` +* `DEBUG` +* `INFO` +* `WARN` +* `ERROR` + +The log output is written to the `terraform.log` file in the workspace directory. The output is appended to the file on each run. diff --git a/docs/versioned_docs/version-2.17/workflows/cert-manager.md b/docs/versioned_docs/version-2.17/workflows/cert-manager.md new file mode 100644 index 000000000..1d847e8bf --- /dev/null +++ b/docs/versioned_docs/version-2.17/workflows/cert-manager.md @@ -0,0 +1,13 @@ +# Install cert-manager + +:::caution +If you want to use cert-manager with Constellation, pay attention to the following to avoid potential pitfalls. +::: + +Constellation ships with cert-manager preinstalled. +The default installation is part of the `kube-system` namespace, as all other Constellation-managed microservices. +You are free to install more instances of cert-manager into other namespaces. +However, be aware that any new installation needs to use the same version as the one installed with Constellation or rely on the same CRD versions. +Also remember to set the `installCRDs` value to `false` when installing new cert-manager instances. +It will create problems if you have two installations of cert-manager depending on different versions of the installed CRDs. +CRDs are cluster-wide resources and cert-manager depends on specific versions of those CRDs for each release. diff --git a/docs/versioned_docs/version-2.17/workflows/config.md b/docs/versioned_docs/version-2.17/workflows/config.md new file mode 100644 index 000000000..c59207054 --- /dev/null +++ b/docs/versioned_docs/version-2.17/workflows/config.md @@ -0,0 +1,353 @@ +# Configure your cluster + +:::info +This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. +::: + + + +--- + +Before you can create your cluster, you need to configure the identity and access management (IAM) for your cloud service provider (CSP) and choose machine types for the nodes. + +## Creating the configuration file + +You can generate a configuration file for your CSP by using the following CLI command: + + + + +```bash +constellation config generate aws +``` + + + + +```bash +constellation config generate azure +``` + + + + +```bash +constellation config generate gcp +``` + + + + +```bash +constellation config generate stackit +``` + + + + +This creates the file `constellation-conf.yaml` in the current directory. + +## Choosing a VM type + +Constellation supports the following VM types: + + + +By default, Constellation uses `m6a.xlarge` VMs (4 vCPUs, 16 GB RAM) to create your cluster. +Optionally, you can switch to a different VM type by modifying `instanceType` in the configuration file. +If you are using the default attestation variant `awsSEVSNP`, you can use the instance types described in [AWS's AMD SEV-SNP docs](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snp-requirements.html). +Please mind the region restrictions mentioned in the [Getting started](../getting-started/first-steps.md#create-a-cluster) section. + +If you are using the attestation variant `awsNitroTPM`, you can choose any of the [nitroTPM-enabled instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enable-nitrotpm-prerequisites.html). + +The Constellation CLI can also print the supported instance types with: `constellation config instance-types`. + + + + +By default, Constellation uses `Standard_DC4as_v5` CVMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying `instanceType` in the configuration file. For CVMs, any VM type with a minimum of 4 vCPUs from the [DCasv5 & DCadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/dcasv5-dcadsv5-series) or [ECasv5 & ECadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/ecasv5-ecadsv5-series) families is supported. + +You can also run `constellation config instance-types` to get the list of all supported options. + + + + +By default, Constellation uses `n2d-standard-4` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying `instanceType` in the configuration file. Supported are all machines with a minimum of 4 vCPUs from the [C2D](https://cloud.google.com/compute/docs/compute-optimized-machines#c2d_machine_types) or [N2D](https://cloud.google.com/compute/docs/general-purpose-machines#n2d_machines) family. You can run `constellation config instance-types` to get the list of all supported options. + + + + +By default, Constellation uses `m1a.4cd` VMs (4 vCPUs, 30 GB RAM) to create your cluster. +Optionally, you can switch to a different VM type by modifying `instanceType` in the configuration file. + +The following instance types are known to be supported: + +| name | vCPUs | GB RAM | +|----------|-------|--------| +| m1a.4cd | 4 | 30 | +| m1a.8cd | 8 | 60 | +| m1a.16cd | 16 | 120 | +| m1a.30cd | 30 | 230 | + +You can choose any of the SEV-enabled instance types. You can find a list of all supported instance types in the [STACKIT documentation](https://docs.stackit.cloud/stackit/en/virtual-machine-flavors-75137231.html). + +The Constellation CLI can also print the supported instance types with: `constellation config instance-types`. + + + + +Fill the desired VM type into the `instanceType` fields in the `constellation-conf.yml` file. + +## Creating additional node groups + +By default, Constellation creates the node groups `control_plane_default` and `worker_default` for control-plane nodes and workers, respectively. +If you require additional control-plane or worker groups with different instance types, zone placements, or disk sizes, you can add additional node groups to the `constellation-conf.yml` file. +Each node group can be scaled individually. + +Consider the following example for AWS: + +```yaml +nodeGroups: + control_plane_default: + role: control-plane + instanceType: c6a.xlarge + stateDiskSizeGB: 30 + stateDiskType: gp3 + zone: eu-west-1c + initialCount: 3 + worker_default: + role: worker + instanceType: c6a.xlarge + stateDiskSizeGB: 30 + stateDiskType: gp3 + zone: eu-west-1c + initialCount: 2 + high_cpu: + role: worker + instanceType: c6a.24xlarge + stateDiskSizeGB: 128 + stateDiskType: gp3 + zone: eu-west-1c + initialCount: 1 +``` + +This configuration creates an additional node group `high_cpu` with a larger instance type and disk. + +You can use the field `zone` to specify what availability zone nodes of the group are placed in. +On Azure, this field is empty by default and nodes are automatically spread across availability zones. +STACKIT currently offers SEV-enabled CPUs in the `eu01-1`, `eu01-2`, and `eu01-3` zones. +Consult the documentation of your cloud provider for more information: + +* [AWS](https://aws.amazon.com/about-aws/global-infrastructure/regions_az/) +* [Azure](https://azure.microsoft.com/en-us/explore/global-infrastructure/availability-zones) +* [GCP](https://cloud.google.com/compute/docs/regions-zones) +* [STACKIT](https://docs.stackit.cloud/stackit/en/regions-and-availability-zones-75137212.html) + +## Choosing a Kubernetes version + +To learn which Kubernetes versions can be installed with your current CLI, you can run `constellation config kubernetes-versions`. +See also Constellation's [Kubernetes support policy](../architecture/versions.md#kubernetes-support-policy). + +## Creating an IAM configuration + +You can create an IAM configuration for your cluster automatically using the `constellation iam create` command. +If you already have a Constellation configuration file, you can add the `--update-config` flag to the command. This writes the needed IAM fields into your configuration. Furthermore, the flag updates the zone/region of the configuration if it hasn't been set yet. + + + + +You must be authenticated with the [AWS CLI](https://aws.amazon.com/en/cli/) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). + +```bash +constellation iam create aws --zone=us-east-2a --prefix=constellTest +``` + +This command creates IAM configuration for the AWS zone `us-east-2a` using the prefix `constellTest` for all named resources being created. + +Constellation OS images are currently replicated to the following regions: + +* `eu-central-1` +* `eu-west-1` +* `eu-west-3` +* `us-east-2` +* `ap-south-1` + +If you require the OS image to be available in another region, [let us know](https://github.com/edgelesssys/constellation/issues/new?assignees=&labels=&template=feature_request.md&title=Support+new+AWS+image+region:+xx-xxxx-x). + +You can find a list of all [regions in AWS's documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions). + +Paste the output into the corresponding fields of the `constellation-conf.yaml` file. + + + + +You must be authenticated with the [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). + +```bash +constellation iam create azure --region=westus --resourceGroup=constellTest --servicePrincipal=spTest +``` + +This command creates IAM configuration on the Azure region `westus` creating a new resource group `constellTest` and a new service principal `spTest`. + +CVMs are available in several Azure regions. Constellation OS images are currently replicated to the following: + +* `germanywestcentral` +* `westus` +* `eastus` +* `northeurope` +* `westeurope` +* `southeastasia` + +If you require the OS image to be available in another region, [let us know](https://github.com/edgelesssys/constellation/issues/new?assignees=&labels=&template=feature_request.md&title=Support+new+Azure+image+region:+xx-xxxx-x). + +You can find a list of all [regions in Azure's documentation](https://azure.microsoft.com/en-us/global-infrastructure/services/?products=virtual-machines®ions=all). + +Paste the output into the corresponding fields of the `constellation-conf.yaml` file. + + + + +You must be authenticated with the [GCP CLI](https://cloud.google.com/sdk/gcloud) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). + +```bash +constellation iam create gcp --projectID=yourproject-12345 --zone=europe-west2-a --serviceAccountID=constell-test +``` + +This command creates IAM configuration in the GCP project `yourproject-12345` on the GCP zone `europe-west2-a` creating a new service account `constell-test`. + +Note that only regions offering CVMs of the `C2D` or `N2D` series are supported. You can find a [list of all regions in Google's documentation](https://cloud.google.com/compute/docs/regions-zones#available), which you can filter by machine type `N2D`. + +Paste the output into the corresponding fields of the `constellation-conf.yaml` file. + + + + +STACKIT requires manual creation and configuration of service accounts. Look at the [first steps](../getting-started/first-steps.md) for more information. + + + + +
    +Alternatively, you can manually create the IAM configuration on your CSP. + +The following describes the configuration fields and how you obtain the required information or create the required resources. + + + + +* **region**: The name of your chosen AWS data center region, e.g., `us-east-2`. + + Constellation OS images are currently replicated to the following regions: + * `eu-central-1` + * `eu-west-1` + * `eu-west-3` + * `us-east-2` + * `ap-south-1` + + If you require the OS image to be available in another region, [let us know](https://github.com/edgelesssys/constellation/issues/new?assignees=&labels=&template=feature_request.md&title=Support+new+AWS+image+region:+xx-xxxx-x). + + You can find a list of all [regions in AWS's documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions). + +* **zone**: The name of your chosen AWS data center availability zone, e.g., `us-east-2a`. + + Learn more about [availability zones in AWS's documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-availability-zones). + +* **iamProfileControlPlane**: The name of an IAM instance profile attached to all control-plane nodes. + + You can create the resource with [Terraform](https://www.terraform.io/). For that, use the [provided Terraform script](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam) to generate the necessary profile. The profile name will be provided as Terraform output value: `control_plane_instance_profile_name`. + + Alternatively, you can create the AWS profile with a tool of your choice. Use the JSON policy in [main.tf](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam/main.tf) in the resource `aws_iam_policy.control_plane_policy`. + +* **iamProfileWorkerNodes**: The name of an IAM instance profile attached to all worker nodes. + + You can create the resource with [Terraform](https://www.terraform.io/). For that, use the [provided Terraform script](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam) to generate the necessary profile. The profile name will be provided as Terraform output value: `worker_nodes_instance_profile_name`. + + Alternatively, you can create the AWS profile with a tool of your choice. Use the JSON policy in [main.tf](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam/main.tf) in the resource `aws_iam_policy.worker_node_policy`. + + + + +* **subscription**: The UUID of your Azure subscription, e.g., `8b8bd01f-efd9-4113-9bd1-c82137c32da7`. + + You can view your subscription UUID via `az account show` and read the `id` field. For more information refer to [Azure's documentation](https://docs.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id#find-your-azure-subscription). + +* **tenant**: The UUID of your Azure tenant, e.g., `3400e5a2-8fe2-492a-886c-38cb66170f25`. + + You can view your tenant UUID via `az account show` and read the `tenant` field. For more information refer to [Azure's documentation](https://docs.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id#find-your-azure-ad-tenant). + +* **location**: The Azure datacenter location you want to deploy your cluster in, e.g., `westus`. + + CVMs are available in several Azure regions. Constellation OS images are currently replicated to the following: + + * `germanywestcentral` + * `westus` + * `eastus` + * `northeurope` + * `westeurope` + * `southeastasia` + + If you require the OS image to be available in another region, [let us know](https://github.com/edgelesssys/constellation/issues/new?assignees=&labels=&template=feature_request.md&title=Support+new+Azure+image+region:+xx-xxxx-x). + + You can find a list of all [regions in Azure's documentation](https://azure.microsoft.com/en-us/global-infrastructure/services/?products=virtual-machines®ions=all). + +* **resourceGroup**: [Create a new resource group in Azure](https://learn.microsoft.com/azure/azure-resource-manager/management/manage-resource-groups-portal) for your Constellation cluster. Set this configuration field to the name of the created resource group. + +* **userAssignedIdentity**: [Create a new managed identity in Azure](https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities). You should create the identity in a different resource group as all resources within the cluster resource group will be deleted on cluster termination. + + Add three role assignments to the identity: `Owner`, `Virtual Machine Contributor`, and `Application Insights Component Contributor`. The `scope` of all three should refer to the previously created cluster resource group. + + Set the configuration value to the full ID of the created identity, e.g., `/subscriptions/8b8bd01f-efd9-4113-9bd1-c82137c32da7/resourcegroups/constellation-identity/providers/Microsoft.ManagedIdentity/userAssignedIdentities/constellation-identity`. You can get it by opening the `JSON View` from the `Overview` section of the identity. + + The user-assigned identity is used by instances of the cluster to access other cloud resources. + For more information about managed identities refer to [Azure's documentation](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities). + + + + +* **project**: The ID of your GCP project, e.g., `constellation-129857`. + + You can find it on the [welcome screen of your GCP project](https://console.cloud.google.com/welcome). For more information refer to [Google's documentation](https://support.google.com/googleapi/answer/7014113). + +* **region**: The GCP region you want to deploy your cluster in, e.g., `us-west1`. + + You can find a [list of all regions in Google's documentation](https://cloud.google.com/compute/docs/regions-zones#available). + +* **zone**: The GCP zone you want to deploy your cluster in, e.g., `us-west1-a`. + + You can find a [list of all zones in Google's documentation](https://cloud.google.com/compute/docs/regions-zones#available). + +* **serviceAccountKeyPath**: To configure this, you need to create a GCP [service account](https://cloud.google.com/iam/docs/service-accounts) with the following permissions: + + * `Compute Instance Admin (v1) (roles/compute.instanceAdmin.v1)` + * `Compute Network Admin (roles/compute.networkAdmin)` + * `Compute Security Admin (roles/compute.securityAdmin)` + * `Compute Storage Admin (roles/compute.storageAdmin)` + * `Service Account User (roles/iam.serviceAccountUser)` + + Afterward, create and download a new JSON key for this service account. Place the downloaded file in your Constellation workspace, and set the config parameter to the filename, e.g., `constellation-129857-15343dba46cb.json`. + + + + +STACKIT requires manual creation and configuration of service accounts. Look at the [first steps](../getting-started/first-steps.md) for more information. + + + +
    + +Now that you've configured your CSP, you can [create your cluster](./create.md). + +## Deleting an IAM configuration + +You can keep a created IAM configuration and reuse it for new clusters. Alternatively, you can also delete it if you don't want to use it anymore. + +Delete the IAM configuration by executing the following command in the same directory where you executed `constellation iam create` (the directory that contains [`constellation-iam-terraform`](../reference/terraform.md) as a subdirectory): + +```bash +constellation iam destroy +``` + +:::caution +For Azure, deleting the IAM configuration by executing `constellation iam destroy` will delete the whole resource group created by `constellation iam create`. +This also includes any additional resources in the resource group that weren't created by Constellation. +::: diff --git a/docs/versioned_docs/version-2.17/workflows/create.md b/docs/versioned_docs/version-2.17/workflows/create.md new file mode 100644 index 000000000..06a869953 --- /dev/null +++ b/docs/versioned_docs/version-2.17/workflows/create.md @@ -0,0 +1,93 @@ +# Create your cluster + +:::info +This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. +::: + + + +--- + +Creating your cluster happens through multiple phases. +The most significant ones are: + +1. Creating the necessary resources in your cloud environment +2. Bootstrapping the Constellation cluster and setting up a connection +3. Installing the necessary Kubernetes components + +`constellation apply` handles all this in a single command. +You can use the `--skip-phases` flag to skip specific phases of the process. +For example, if you created the infrastructure manually, you can skip the cloud resource creation phase. + +See the [architecture](../architecture/orchestration.md) section for details on the inner workings of this process. + +:::tip +If you don't have a cloud subscription, you can also set up a [local Constellation cluster using virtualization](../getting-started/first-steps-local.md) for testing. +::: + +Before you create the cluster, make sure to have a [valid configuration file](./config.md). + + + + +```bash +constellation apply +``` + +`apply` stores the state of your cluster's cloud resources in a [`constellation-terraform`](../architecture/orchestration.md#cluster-creation-process) directory in your workspace. + + + + +Self-managed infrastructure allows for more flexibility in the setup, by separating the infrastructure setup from the Constellation cluster management. +This provides flexibility in DevOps and can meet potential regulatory requirements. +It's recommended to use Terraform for infrastructure management, but you can use any tool of your choice. + +:::info + + When using Terraform, you can use the [Constellation Terraform provider](./terraform-provider.md) to manage the entire Constellation cluster lifecycle. + +::: + +You can refer to the Terraform files for the selected CSP from the [Constellation GitHub repository](https://github.com/edgelesssys/constellation/tree/main/terraform/infrastructure) for a minimum Constellation cluster configuration. From this base, you can now add, edit, or substitute resources per your own requirements with the infrastructure +management tooling of your choice. You need to keep the essential functionality of the base configuration in order for your cluster to function correctly. + + + +:::info + + On Azure, a manual update to the MAA provider's policy is necessary. + You can apply the update with the following command after creating the infrastructure, with `` being the URL of the MAA provider (i.e., `$(terraform output attestation_url | jq -r)`, when using the minimal Terraform configuration). + + ```bash + constellation maa-patch + ``` + +::: + + + +Make sure all necessary resources are created, e.g., through checking your CSP's portal and retrieve the necessary values, aligned with the outputs (specified in `outputs.tf`) of the base configuration. + +Fill these outputs into the corresponding fields of the `Infrastructure` block inside the `constellation-state.yaml` file. For example, fill the IP or DNS name your cluster can be reached at into the `.Infrastructure.ClusterEndpoint` field. + +With the required cloud resources set up, continue with initializing your cluster. + +```bash +constellation apply --skip-phases=infrastructure +``` + + + + +Finally, configure `kubectl` for your cluster: + +```bash +export KUBECONFIG="$PWD/constellation-admin.conf" +``` + +🏁 That's it. You've successfully created a Constellation cluster. + +### Troubleshooting + +In case `apply` fails, the CLI collects logs from the bootstrapping instance and stores them inside `constellation-cluster.log`. diff --git a/docs/versioned_docs/version-2.17/workflows/lb.md b/docs/versioned_docs/version-2.17/workflows/lb.md new file mode 100644 index 000000000..868e61076 --- /dev/null +++ b/docs/versioned_docs/version-2.17/workflows/lb.md @@ -0,0 +1,28 @@ +# Expose a service + +Constellation integrates the native load balancers of each CSP. Therefore, to expose a service simply [create a service of type `LoadBalancer`](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer). + +## Internet-facing LB service on AWS + +To expose your application service externally you might want to use a Kubernetes Service of type `LoadBalancer`. On AWS, load-balancing is achieved through the [AWS Load Balancer Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller) as in the managed EKS. + +Since recent versions, the controller deploy an internal LB by default requiring to set an annotation `service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing` to have an internet-facing LB. For more details, see the [official docs](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.7/guide/service/nlb/). + +For general information on LB with AWS see [Network load balancing on Amazon EKS](https://docs.aws.amazon.com/eks/latest/userguide/network-load-balancing.html). + +:::caution +Before terminating the cluster, all LB backed services should be deleted, so that the controller can cleanup the related resources. +::: + +## Ingress on AWS + +The AWS Load Balancer Controller also provisions `Ingress` resources of class `alb`. +AWS Application Load Balancers (ALBs) can be configured with a [`target-type`](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.7/guide/ingress/annotations/#target-type). +The target type `ip` requires using the EKS container network solution, which makes it incompatible with Constellation. +If a service can be exposed on a `NodePort`, the target type `instance` can be used. + +See [Application load balancing on Amazon EKS](https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html) for more information. + +:::caution +Ingress handlers backed by AWS ALBs reside outside the Constellation cluster, so they shouldn't be handling sensitive traffic! +::: diff --git a/docs/versioned_docs/version-2.17/workflows/recovery.md b/docs/versioned_docs/version-2.17/workflows/recovery.md new file mode 100644 index 000000000..aea370e2f --- /dev/null +++ b/docs/versioned_docs/version-2.17/workflows/recovery.md @@ -0,0 +1,179 @@ +# Recover your cluster + +Recovery of a Constellation cluster means getting it back into a healthy state after too many concurrent node failures in the control plane. +Reasons for an unhealthy cluster can vary from a power outage, or planned reboot, to migration of nodes and regions. +Recovery events are rare, because Constellation is built for high availability and automatically and securely replaces failed nodes. When a node is replaced, Constellation's control plane first verifies the new node before it sends the node the cryptographic keys required to decrypt its [state disk](../architecture/images.md#state-disk). + +Constellation provides a recovery mechanism for cases where the control plane has failed and is unable to replace nodes. +The `constellation recover` command securely connects to all nodes in need of recovery using [attested TLS](../architecture/attestation.md#attested-tls-atls) and provides them with the keys to decrypt their state disks and continue booting. + +## Identify unhealthy clusters + +The first step to recovery is identifying when a cluster becomes unhealthy. +Usually, this can be first observed when the Kubernetes API server becomes unresponsive. + +You can check the health status of the nodes via the cloud service provider (CSP). +Constellation provides logging information on the boot process and status via serial console output. +In the following, you'll find detailed descriptions for identifying clusters stuck in recovery for each CSP. + + + + +First, open the AWS console to view all Auto Scaling Groups (ASGs) in the region of your cluster. Select the ASG of the control plane `--control-plane` and check that enough members are in a *Running* state. + +Second, check the boot logs of these *Instances*. In the ASG's *Instance management* view, select each desired instance. In the upper right corner, select **Action > Monitor and troubleshoot > Get system log**. + +In the serial console output, search for `Waiting for decryption key`. +Similar output to the following means your node was restarted and needs to decrypt the [state disk](../architecture/images.md#state-disk): + +```json +{"level":"INFO","ts":"2022-09-08T10:21:53Z","caller":"cmd/main.go:55","msg":"Starting disk-mapper","version":"2.0.0","cloudProvider":"gcp"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"setupManager","caller":"setup/setup.go:72","msg":"Preparing existing state disk"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:65","msg":"Starting RejoinClient"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"recoveryServer","caller":"recoveryserver/server.go:59","msg":"Starting RecoveryServer"} +``` + +The node will then try to connect to the [*JoinService*](../architecture/microservices.md#joinservice) and obtain the decryption key. +If this fails due to an unhealthy control plane, you will see log messages similar to the following: + +```json +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:77","msg":"Received list with JoinService endpoints","endpoints":["192.168.178.4:30090","192.168.178.2:30090"]} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:96","msg":"Requesting rejoin ticket","endpoint":"192.168.178.4:30090"} +{"level":"WARN","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:101","msg":"Failed to rejoin on endpoint","error":"rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing dial tcp 192.168.178.4:30090: connect: connection refused\"","endpoint":"192.168.178.4:30090"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:96","msg":"Requesting rejoin ticket","endpoint":"192.168.178.2:30090"} +{"level":"WARN","ts":"2022-09-08T10:22:13Z","logger":"rejoinClient","caller":"rejoinclient/client.go:101","msg":"Failed to rejoin on endpoint","error":"rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing dial tcp 192.168.178.2:30090: i/o timeout\"","endpoint":"192.168.178.2:30090"} +{"level":"ERROR","ts":"2022-09-08T10:22:13Z","logger":"rejoinClient","caller":"rejoinclient/client.go:110","msg":"Failed to rejoin on all endpoints"} +``` + +This means that you have to recover the node manually. + + + + +In the Azure portal, find the cluster's resource group. +Inside the resource group, open the control plane *Virtual machine scale set* `constellation-scale-set-controlplanes-`. +On the left, go to **Settings** > **Instances** and check that enough members are in a *Running* state. + +Second, check the boot logs of these *Instances*. +In the scale set's *Instances* view, open the details page of the desired instance. +On the left, go to **Support + troubleshooting** > **Serial console**. + +In the serial console output, search for `Waiting for decryption key`. +Similar output to the following means your node was restarted and needs to decrypt the [state disk](../architecture/images.md#state-disk): + +```json +{"level":"INFO","ts":"2022-09-08T09:56:41Z","caller":"cmd/main.go:55","msg":"Starting disk-mapper","version":"2.0.0","cloudProvider":"azure"} +{"level":"INFO","ts":"2022-09-08T09:56:43Z","logger":"setupManager","caller":"setup/setup.go:72","msg":"Preparing existing state disk"} +{"level":"INFO","ts":"2022-09-08T09:56:43Z","logger":"recoveryServer","caller":"recoveryserver/server.go:59","msg":"Starting RecoveryServer"} +{"level":"INFO","ts":"2022-09-08T09:56:43Z","logger":"rejoinClient","caller":"rejoinclient/client.go:65","msg":"Starting RejoinClient"} +``` + +The node will then try to connect to the [*JoinService*](../architecture/microservices.md#joinservice) and obtain the decryption key. +If this fails due to an unhealthy control plane, you will see log messages similar to the following: + +```json +{"level":"INFO","ts":"2022-09-08T09:56:43Z","logger":"rejoinClient","caller":"rejoinclient/client.go:77","msg":"Received list with JoinService endpoints","endpoints":["10.9.0.5:30090","10.9.0.6:30090"]} +{"level":"INFO","ts":"2022-09-08T09:56:43Z","logger":"rejoinClient","caller":"rejoinclient/client.go:96","msg":"Requesting rejoin ticket","endpoint":"10.9.0.5:30090"} +{"level":"WARN","ts":"2022-09-08T09:57:03Z","logger":"rejoinClient","caller":"rejoinclient/client.go:101","msg":"Failed to rejoin on endpoint","error":"rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing dial tcp 10.9.0.5:30090: i/o timeout\"","endpoint":"10.9.0.5:30090"} +{"level":"INFO","ts":"2022-09-08T09:57:03Z","logger":"rejoinClient","caller":"rejoinclient/client.go:96","msg":"Requesting rejoin ticket","endpoint":"10.9.0.6:30090"} +{"level":"WARN","ts":"2022-09-08T09:57:23Z","logger":"rejoinClient","caller":"rejoinclient/client.go:101","msg":"Failed to rejoin on endpoint","error":"rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing dial tcp 10.9.0.6:30090: i/o timeout\"","endpoint":"10.9.0.6:30090"} +{"level":"ERROR","ts":"2022-09-08T09:57:23Z","logger":"rejoinClient","caller":"rejoinclient/client.go:110","msg":"Failed to rejoin on all endpoints"} +``` + +This means that you have to recover the node manually. + + + + +First, check that the control plane *Instance Group* has enough members in a *Ready* state. +In the GCP Console, go to **Instance Groups** and check the group for the cluster's control plane `-control-plane-`. + +Second, check the status of the *VM Instances*. +Go to **VM Instances** and open the details of the desired instance. +Check the serial console output of that instance by opening the **Logs** > **Serial port 1 (console)** page: + +![GCP portal serial console link](../_media/recovery-gcp-serial-console-link.png) + +In the serial console output, search for `Waiting for decryption key`. +Similar output to the following means your node was restarted and needs to decrypt the [state disk](../architecture/images.md#state-disk): + +```json +{"level":"INFO","ts":"2022-09-08T10:21:53Z","caller":"cmd/main.go:55","msg":"Starting disk-mapper","version":"2.0.0","cloudProvider":"gcp"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"setupManager","caller":"setup/setup.go:72","msg":"Preparing existing state disk"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:65","msg":"Starting RejoinClient"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"recoveryServer","caller":"recoveryserver/server.go:59","msg":"Starting RecoveryServer"} +``` + +The node will then try to connect to the [*JoinService*](../architecture/microservices.md#joinservice) and obtain the decryption key. +If this fails due to an unhealthy control plane, you will see log messages similar to the following: + +```json +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:77","msg":"Received list with JoinService endpoints","endpoints":["192.168.178.4:30090","192.168.178.2:30090"]} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:96","msg":"Requesting rejoin ticket","endpoint":"192.168.178.4:30090"} +{"level":"WARN","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:101","msg":"Failed to rejoin on endpoint","error":"rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing dial tcp 192.168.178.4:30090: connect: connection refused\"","endpoint":"192.168.178.4:30090"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:96","msg":"Requesting rejoin ticket","endpoint":"192.168.178.2:30090"} +{"level":"WARN","ts":"2022-09-08T10:22:13Z","logger":"rejoinClient","caller":"rejoinclient/client.go:101","msg":"Failed to rejoin on endpoint","error":"rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing dial tcp 192.168.178.2:30090: i/o timeout\"","endpoint":"192.168.178.2:30090"} +{"level":"ERROR","ts":"2022-09-08T10:22:13Z","logger":"rejoinClient","caller":"rejoinclient/client.go:110","msg":"Failed to rejoin on all endpoints"} +``` + +This means that you have to recover the node manually. + + + + +First, open the STACKIT portal to view all servers in your project. Select individual control plane nodes `--control-plane--` and check that enough members are in a *Running* state. + +Second, check the boot logs of these servers. Click on a server name and select **Overview**. Find the **Machine Setup** section and click on **Web console** > **Open console**. + +In the serial console output, search for `Waiting for decryption key`. +Similar output to the following means your node was restarted and needs to decrypt the [state disk](../architecture/images.md#state-disk): + +```json +{"level":"INFO","ts":"2022-09-08T10:21:53Z","caller":"cmd/main.go:55","msg":"Starting disk-mapper","version":"2.0.0","cloudProvider":"gcp"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"setupManager","caller":"setup/setup.go:72","msg":"Preparing existing state disk"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:65","msg":"Starting RejoinClient"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"recoveryServer","caller":"recoveryserver/server.go:59","msg":"Starting RecoveryServer"} +``` + +The node will then try to connect to the [*JoinService*](../architecture/microservices.md#joinservice) and obtain the decryption key. +If this fails due to an unhealthy control plane, you will see log messages similar to the following: + +```json +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:77","msg":"Received list with JoinService endpoints","endpoints":["192.168.178.4:30090","192.168.178.2:30090"]} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:96","msg":"Requesting rejoin ticket","endpoint":"192.168.178.4:30090"} +{"level":"WARN","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:101","msg":"Failed to rejoin on endpoint","error":"rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing dial tcp 192.168.178.4:30090: connect: connection refused\"","endpoint":"192.168.178.4:30090"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:96","msg":"Requesting rejoin ticket","endpoint":"192.168.178.2:30090"} +{"level":"WARN","ts":"2022-09-08T10:22:13Z","logger":"rejoinClient","caller":"rejoinclient/client.go:101","msg":"Failed to rejoin on endpoint","error":"rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing dial tcp 192.168.178.2:30090: i/o timeout\"","endpoint":"192.168.178.2:30090"} +{"level":"ERROR","ts":"2022-09-08T10:22:13Z","logger":"rejoinClient","caller":"rejoinclient/client.go:110","msg":"Failed to rejoin on all endpoints"} +``` + +This means that you have to recover the node manually. + + + + +## Recover a cluster + +Recovering a cluster requires the following parameters: + +* The `constellation-state.yaml` file in your working directory or the cluster's endpoint +* The master secret of the cluster + +A cluster can be recovered like this: + +```bash +$ constellation recover --master-secret constellation-mastersecret.json +Pushed recovery key. +Pushed recovery key. +Pushed recovery key. +Recovered 3 control-plane nodes. +``` + +In the serial console output of the node you'll see a similar output to the following: + +```json +{"level":"INFO","ts":"2022-09-08T10:26:59Z","logger":"recoveryServer","caller":"recoveryserver/server.go:93","msg":"Received recover call"} +{"level":"INFO","ts":"2022-09-08T10:26:59Z","logger":"recoveryServer","caller":"recoveryserver/server.go:125","msg":"Received state disk key and measurement secret, shutting down server"} +{"level":"INFO","ts":"2022-09-08T10:26:59Z","logger":"recoveryServer.gRPC","caller":"zap/server_interceptors.go:61","msg":"finished streaming call with code OK","grpc.start_time":"2022-09-08T10:26:59Z","system":"grpc","span.kind":"server","grpc.service":"recoverproto.API","grpc.method":"Recover","peer.address":"192.0.2.3:41752","grpc.code":"OK","grpc.time_ms":15.701} +{"level":"INFO","ts":"2022-09-08T10:27:13Z","logger":"rejoinClient","caller":"rejoinclient/client.go:87","msg":"RejoinClient stopped"} +``` diff --git a/docs/versioned_docs/version-2.17/workflows/s3proxy.md b/docs/versioned_docs/version-2.17/workflows/s3proxy.md new file mode 100644 index 000000000..121e8a461 --- /dev/null +++ b/docs/versioned_docs/version-2.17/workflows/s3proxy.md @@ -0,0 +1,58 @@ +# Install s3proxy + +Constellation includes a transparent client-side encryption proxy for [AWS S3](https://aws.amazon.com/de/s3/) and compatible stores. +s3proxy encrypts objects before sending them to S3 and automatically decrypts them on retrieval, without requiring changes to your application. +With s3proxy, you can use S3 for storage in a confidential way without having to trust the storage provider. + +## Limitations + +Currently, s3proxy has the following limitations: +- Only `PutObject` and `GetObject` requests are encrypted/decrypted by s3proxy. +By default, s3proxy will block requests that may expose unencrypted data to S3 (e.g. UploadPart). +The `allow-multipart` flag disables request blocking for evaluation purposes. +- Using the [Range](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html#API_GetObject_RequestSyntax) header on `GetObject` is currently not supported and will result in an error. + +These limitations will be removed with future iterations of s3proxy. +If you want to use s3proxy but these limitations stop you from doing so, consider [opening an issue](https://github.com/edgelesssys/constellation/issues/new?assignees=&labels=&projects=&template=feature_request.yml). + +## Deployment + +You can add the s3proxy to your Constellation cluster as follows: +1. Add the Edgeless Systems chart repository: + ```bash + helm repo add edgeless https://helm.edgeless.systems/stable + helm repo update + ``` +2. Set ACCESS_KEY and ACCESS_SECRET to valid credentials you want s3proxy to use to interact with S3. +3. Deploy s3proxy: + ```bash + helm install s3proxy edgeless/s3proxy --set awsAccessKeyID="$ACCESS_KEY" --set awsSecretAccessKey="$ACCESS_SECRET" + ``` + +If you want to run a demo application, check out the [Filestash with s3proxy](../getting-started/examples/filestash-s3proxy.md) example. + + +## Technical details + +### Encryption + +s3proxy relies on Google's [Tink Cryptographic Library](https://developers.google.com/tink) to implement cryptographic operations securely. +The used cryptographic primitives are [NIST SP 800 38f](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf) for key wrapping and [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard)-[GCM](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Galois/counter_(GCM)) with 256 bit keys for data encryption. + +s3proxy uses [envelope encryption](https://cloud.google.com/kms/docs/envelope-encryption) to encrypt objects. +This means s3proxy uses a key encryption key (KEK) issued by the [KeyService](../architecture/microservices.md#keyservice) to encrypt data encryption keys (DEKs). +Each S3 object is encrypted with its own DEK. +The encrypted DEK is then saved as metadata of the encrypted object. +This enables key rotation of the KEK without re-encrypting the data in S3. +The approach also allows access to objects from different locations, as long as each location has access to the KEK. + +### Traffic interception + +To use s3proxy, you have to redirect your outbound S3 traffic to s3proxy. +This can either be done by modifying your client application or by changing the deployment of your application. + +The necessary deployment modifications are to add DNS redirection and a trusted TLS certificate to the client's trust store. +DNS redirection can be defined for each pod, allowing you to use s3proxy for one application without changing other applications in the same cluster. +Adding a trusted TLS certificate is necessary as clients communicate with s3proxy via HTTPS. +To have your client application trust s3proxy's TLS certificate, the certificate has to be added to the client's certificate trust store. +The [Filestash with s3proxy](../getting-started/examples/filestash-s3proxy.md) example shows how to do this. diff --git a/docs/versioned_docs/version-2.17/workflows/sbom.md b/docs/versioned_docs/version-2.17/workflows/sbom.md new file mode 100644 index 000000000..9ef6eb65c --- /dev/null +++ b/docs/versioned_docs/version-2.17/workflows/sbom.md @@ -0,0 +1,91 @@ +# Consume software bill of materials (SBOMs) + + + +--- + +Constellation builds produce a [software bill of materials (SBOM)](https://www.ntia.gov/SBOM) for each generated [artifact](../architecture/microservices.md). +You can use SBOMs to make informed decisions about dependencies and vulnerabilities in a given application. Enterprises rely on SBOMs to maintain an inventory of used applications, which allows them to take data-driven approaches to managing risks related to vulnerabilities. + +SBOMs for Constellation are generated using [Syft](https://github.com/anchore/syft), signed using [Cosign](https://github.com/sigstore/cosign), and stored with the produced artifact. + +:::note +The public key for Edgeless Systems' long-term code-signing key is: +``` +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEf8F1hpmwE+YCFXzjGtaQcrL6XZVT +JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== +-----END PUBLIC KEY----- +``` +The public key is also available for download at https://edgeless.systems/es.pub and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). + +Make sure the key is available in a file named `cosign.pub` to execute the following examples. +::: + +## Verify and download SBOMs + +The following sections detail how to work with each type of artifact to verify and extract the SBOM. + +### Constellation CLI + +The SBOM for Constellation CLI is made available on the [GitHub release page](https://github.com/edgelesssys/constellation/releases). The SBOM (`constellation.spdx.sbom`) and corresponding signature (`constellation.spdx.sbom.sig`) are valid for each Constellation CLI for a given version, regardless of architecture and operating system. + +```bash +curl -LO https://github.com/edgelesssys/constellation/releases/download/v2.2.0/constellation.spdx.sbom +curl -LO https://github.com/edgelesssys/constellation/releases/download/v2.2.0/constellation.spdx.sbom.sig +cosign verify-blob --key cosign.pub --signature constellation.spdx.sbom.sig constellation.spdx.sbom +``` + +### Container Images + +SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/signing/other_types#sboms-software-bill-of-materials) and uploaded to the same registry. + +As a consumer, use cosign to download and verify the SBOM: + +```bash +# Verify and download the attestation statement +cosign verify-attestation ghcr.io/edgelesssys/constellation/verification-service@v2.2.0 --type 'https://cyclonedx.org/bom' --key cosign.pub --output-file verification-service.att.json +# Extract SBOM from attestation statement +jq -r .payload verification-service.att.json | base64 -d > verification-service.cyclonedx.sbom +``` + +A successful verification should result in similar output: + +```shell-session +$ cosign verify-attestation ghcr.io/edgelesssys/constellation/verification-service@v2.2.0 --type 'https://cyclonedx.org/bom' --key cosign.pub --output-file verification-service.sbom + +Verification for ghcr.io/edgelesssys/constellation/verification-service@v2.2.0 -- +The following checks were performed on each of these signatures: + - The cosign claims were validated + - The signatures were verified against the specified public key +$ jq -r .payload verification-service.sbom | base64 -d > verification-service.cyclonedx.sbom +``` + +:::note + +This example considers only the `verification-service`. The same approach works for all containers in the [Constellation container registry](https://github.com/orgs/edgelesssys/packages?repo_name=constellation). + +::: + + + +## Vulnerability scanning + +You can use a plethora of tools to consume SBOMs. This section provides suggestions for tools that are popular and known to produce reliable results, but any tool that consumes [SPDX](https://spdx.dev/) or [CycloneDX](https://cyclonedx.org/) files should work. + +Syft is able to [convert between the two formats](https://github.com/anchore/syft#format-conversion-experimental) in case you require a specific type. + +### Grype + +[Grype](https://github.com/anchore/grype) is a CLI tool that lends itself well for integration into CI/CD systems or local developer machines. It's also able to consume the signed attestation statement directly and does the verification in one go. + +```bash +grype att:verification-service.sbom --key cosign.pub --add-cpes-if-none -q +``` + +### Dependency Track + +[Dependency Track](https://dependencytrack.org/) is one of the oldest and most mature solutions when it comes to managing software inventory and vulnerabilities. Once imported, it continuously scans SBOMs for new vulnerabilities. It supports the CycloneDX format and provides direct guidance on how to comply with [U.S. Executive Order 14028](https://docs.dependencytrack.org/usage/executive-order-14028/). diff --git a/docs/versioned_docs/version-2.17/workflows/scale.md b/docs/versioned_docs/version-2.17/workflows/scale.md new file mode 100644 index 000000000..0b52b9540 --- /dev/null +++ b/docs/versioned_docs/version-2.17/workflows/scale.md @@ -0,0 +1,122 @@ +# Scale your cluster + +Constellation provides all features of a Kubernetes cluster including scaling and autoscaling. + +## Worker node scaling + +### Autoscaling + +Constellation comes with autoscaling disabled by default. To enable autoscaling, find the scaling group of +worker nodes: + +```bash +kubectl get scalinggroups -o json | yq '.items | .[] | select(.spec.role == "Worker") | [{"name": .metadata.name, "nodeGoupName": .spec.nodeGroupName}]' +``` + +This will output a list of scaling groups with the corresponding cloud provider name (`name`) and the cloud provider agnostic name of the node group (`nodeGroupName`). + +Then, patch the `autoscaling` field of the scaling group resource with the desired `name` to `true`: + +```bash +# Replace with the name of the scaling group you want to enable autoscaling for +worker_group= +kubectl patch scalinggroups $worker_group --patch '{"spec":{"autoscaling": true}}' --type='merge' +kubectl get scalinggroup $worker_group -o jsonpath='{.spec}' | yq -P +``` + +The cluster autoscaler now automatically provisions additional worker nodes so that all pods have a place to run. +You can configure the minimum and maximum number of worker nodes in the scaling group by patching the `min` or +`max` fields of the scaling group resource: + +```bash +kubectl patch scalinggroups $worker_group --patch '{"spec":{"max": 5}}' --type='merge' +kubectl get scalinggroup $worker_group -o jsonpath='{.spec}' | yq -P +``` + +The cluster autoscaler will now never provision more than 5 worker nodes. + +If you want to see the autoscaling in action, try to add a deployment with a lot of replicas, like the +following Nginx deployment. The number of replicas needed to trigger the autoscaling depends on the size of +and count of your worker nodes. Wait for the rollout of the deployment to finish and compare the number of +worker nodes before and after the deployment: + +```bash +kubectl create deployment nginx --image=nginx --replicas 150 +kubectl -n kube-system get nodes +kubectl rollout status deployment nginx +kubectl -n kube-system get nodes +``` + +### Manual scaling + +Alternatively, you can manually scale your cluster up or down: + + + + +1. Go to Auto Scaling Groups and select the worker ASG to scale up. +2. Click **Edit** +3. Set the new (increased) **Desired capacity** and **Update**. + + + + +1. Find your Constellation resource group. +2. Select the `scale-set-workers`. +3. Go to **settings** and **scaling**. +4. Set the new **instance count** and **save**. + + + + +1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). +2. **Edit** the **worker** instance group. +3. Set the new **number of instances** and **save**. + + + + +Dynamic cluster scaling isn't yet supported for STACKIT. +Support will be introduced in one of the upcoming releases. + + + + +## Control-plane node scaling + +Control-plane nodes can **only be scaled manually and only scaled up**! + +To increase the number of control-plane nodes, follow these steps: + + + + +1. Go to Auto Scaling Groups and select the control-plane ASG to scale up. +2. Click **Edit** +3. Set the new (increased) **Desired capacity** and **Update**. + + + + +1. Find your Constellation resource group. +2. Select the `scale-set-controlplanes`. +3. Go to **settings** and **scaling**. +4. Set the new (increased) **instance count** and **save**. + + + + +1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). +2. **Edit** the **control-plane** instance group. +3. Set the new (increased) **number of instances** and **save**. + + + + +Dynamic cluster scaling isn't yet supported for STACKIT. +Support will be introduced in one of the upcoming releases. + + + + +If you scale down the number of control-planes nodes, the removed nodes won't be able to exit the `etcd` cluster correctly. This will endanger the quorum that's required to run a stable Kubernetes control plane. diff --git a/docs/versioned_docs/version-2.17/workflows/storage.md b/docs/versioned_docs/version-2.17/workflows/storage.md new file mode 100644 index 000000000..f1344d6ad --- /dev/null +++ b/docs/versioned_docs/version-2.17/workflows/storage.md @@ -0,0 +1,281 @@ +# Use persistent storage + +Persistent storage in Kubernetes requires cloud-specific configuration. +For abstraction of container storage, Kubernetes offers [volumes](https://kubernetes.io/docs/concepts/storage/volumes/), +allowing users to mount storage solutions directly into containers. +The [Container Storage Interface (CSI)](https://kubernetes-csi.github.io/docs/) is the standard interface for exposing arbitrary block and file storage systems into containers in Kubernetes. +Cloud service providers (CSPs) offer their own CSI-based solutions for cloud storage. + +## Confidential storage + +Most cloud storage solutions support encryption, such as [GCE Persistent Disks (PD)](https://cloud.google.com/kubernetes-engine/docs/how-to/using-cmek). +Constellation supports the available CSI-based storage options for Kubernetes engines in AWS, Azure, GCP, and STACKIT. +However, their encryption takes place in the storage backend and is managed by the CSP. +Thus, using the default CSI drivers for these storage types means trusting the CSP with your persistent data. + +To address this, Constellation provides CSI drivers for AWS EBS, Azure Disk, GCE PD, and OpenStack Cinder, offering [encryption on the node level](../architecture/keys.md#storage-encryption). They enable transparent encryption for persistent volumes without needing to trust the cloud backend. Plaintext data never leaves the confidential VM context, offering you confidential storage. + +For more details see [encrypted persistent storage](../architecture/encrypted-storage.md). + +## CSI drivers + +Constellation supports the following drivers, which offer node-level encryption and optional integrity protection. + + + + +**Constellation CSI driver for AWS Elastic Block Store** +Mount [Elastic Block Store](https://aws.amazon.com/ebs/) storage volumes into your Constellation cluster. +Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-aws-ebs-csi-driver) for more information. + + + + +**Constellation CSI driver for Azure Disk**: +Mount Azure [Disk Storage](https://azure.microsoft.com/en-us/services/storage/disks/#overview) into your Constellation cluster. +See the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-azuredisk-csi-driver) for more information. +Since Azure Disks are mounted as `ReadWriteOnce`, they're only available to a single pod. + + + + +**Constellation CSI driver for GCP Persistent Disk**: +Mount [Persistent Disk](https://cloud.google.com/persistent-disk) block storage into your Constellation cluster. +Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-gcp-compute-persistent-disk-csi-driver) for more information. + + + + +**Constellation CSI driver for STACKIT / OpenStack Cinder** +Mount [Cinder](https://docs.openstack.org/cinder/latest/) block storage volumes into your Constellation cluster. +Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-cloud-provider-openstack) for more information. + + + + +Note that in case the options above aren't a suitable solution for you, Constellation is compatible with all other CSI-based storage options. For example, you can use [AWS EFS](https://docs.aws.amazon.com/en_en/eks/latest/userguide/efs-csi.html), [Azure Files](https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction), or [GCP Filestore](https://cloud.google.com/filestore) with Constellation out of the box. Constellation is just not providing transparent encryption on the node level for these storage types yet. + +## Installation + +The Constellation CLI automatically installs Constellation's CSI driver for the selected CSP in your cluster. +If you don't need a CSI driver or wish to deploy your own, you can disable the automatic installation by setting `deployCSIDriver` to `false` in your Constellation config file. + + + + +AWS comes with two storage classes by default. + +* `encrypted-rwo` + * Uses [SSDs of `gp3` type](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html) + * ext-4 filesystem + * Encryption of all data written to disk +* `integrity-encrypted-rwo` + * Uses [SSDs of `gp3` type](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html) + * ext-4 filesystem + * Encryption of all data written to disk + * Integrity protection of data written to disk + +For more information on encryption algorithms and key sizes, refer to [cryptographic algorithms](../architecture/encrypted-storage.md#cryptographic-algorithms). + +:::info + +The default storage class is set to `encrypted-rwo` for performance reasons. +If you want integrity-protected storage, set the `storageClassName` parameter of your persistent volume claim to `integrity-encrypted-rwo`. + +Alternatively, you can create your own storage class with integrity protection enabled by adding `csi.storage.k8s.io/fstype: ext4-integrity` to the class `parameters`. +Or use another filesystem by specifying another file system type with the suffix `-integrity`, e.g., `csi.storage.k8s.io/fstype: xfs-integrity`. + +Note that volume expansion isn't supported for integrity-protected disks. + +::: + + + + +Azure comes with two storage classes by default. + +* `encrypted-rwo` + * Uses [Standard SSDs](https://learn.microsoft.com/en-us/azure/virtual-machines/disks-types#standard-ssds) + * ext-4 filesystem + * Encryption of all data written to disk +* `integrity-encrypted-rwo` + * Uses [Premium SSDs](https://learn.microsoft.com/en-us/azure/virtual-machines/disks-types#premium-ssds) + * ext-4 filesystem + * Encryption of all data written to disk + * Integrity protection of data written to disk + +For more information on encryption algorithms and key sizes, refer to [cryptographic algorithms](../architecture/encrypted-storage.md#cryptographic-algorithms). + +:::info + +The default storage class is set to `encrypted-rwo` for performance reasons. +If you want integrity-protected storage, set the `storageClassName` parameter of your persistent volume claim to `integrity-encrypted-rwo`. + +Alternatively, you can create your own storage class with integrity protection enabled by adding `csi.storage.k8s.io/fstype: ext4-integrity` to the class `parameters`. +Or use another filesystem by specifying another file system type with the suffix `-integrity`, e.g., `csi.storage.k8s.io/fstype: xfs-integrity`. + +Note that volume expansion isn't supported for integrity-protected disks. + +::: + + + + +GCP comes with two storage classes by default. + +* `encrypted-rwo` + * Uses [standard persistent disks](https://cloud.google.com/compute/docs/disks#pdspecs) + * ext-4 filesystem + * Encryption of all data written to disk +* `integrity-encrypted-rwo` + * Uses [performance (SSD) persistent disks](https://cloud.google.com/compute/docs/disks#pdspecs) + * ext-4 filesystem + * Encryption of all data written to disk + * Integrity protection of data written to disk + +For more information on encryption algorithms and key sizes, refer to [cryptographic algorithms](../architecture/encrypted-storage.md#cryptographic-algorithms). + +:::info + +The default storage class is set to `encrypted-rwo` for performance reasons. +If you want integrity-protected storage, set the `storageClassName` parameter of your persistent volume claim to `integrity-encrypted-rwo`. + +Alternatively, you can create your own storage class with integrity protection enabled by adding `csi.storage.k8s.io/fstype: ext4-integrity` to the class `parameters`. +Or use another filesystem by specifying another file system type with the suffix `-integrity`, e.g., `csi.storage.k8s.io/fstype: xfs-integrity`. + +Note that volume expansion isn't supported for integrity-protected disks. + +::: + + + + +STACKIT comes with two storage classes by default. + +* `encrypted-rwo` + * Uses [disks of `storage_premium_perf1` type](https://docs.stackit.cloud/stackit/en/service-plans-blockstorage-75137974.html) + * ext-4 filesystem + * Encryption of all data written to disk +* `integrity-encrypted-rwo` + * Uses [disks of `storage_premium_perf1` type](https://docs.stackit.cloud/stackit/en/service-plans-blockstorage-75137974.html) + * ext-4 filesystem + * Encryption of all data written to disk + * Integrity protection of data written to disk + +For more information on encryption algorithms and key sizes, refer to [cryptographic algorithms](../architecture/encrypted-storage.md#cryptographic-algorithms). + +:::info + +The default storage class is set to `encrypted-rwo` for performance reasons. +If you want integrity-protected storage, set the `storageClassName` parameter of your persistent volume claim to `integrity-encrypted-rwo`. + +Alternatively, you can create your own storage class with integrity protection enabled by adding `csi.storage.k8s.io/fstype: ext4-integrity` to the class `parameters`. +Or use another filesystem by specifying another file system type with the suffix `-integrity`, e.g., `csi.storage.k8s.io/fstype: xfs-integrity`. + +Note that volume expansion isn't supported for integrity-protected disks. + +::: + + + + +1. Create a [persistent volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) + + A [persistent volume claim](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims) is a request for storage with certain properties. + It can refer to a storage class. + The following creates a persistent volume claim, requesting 20 GB of storage via the `encrypted-rwo` storage class: + + ```bash + cat < + +--- + +You can terminate your cluster using the CLI. For this, you need the Terraform state directory named [`constellation-terraform`](../reference/terraform.md) in the current directory. + +:::danger + +All ephemeral storage and state of your cluster will be lost. Make sure any data is safely stored in persistent storage. Constellation can recreate your cluster and the associated encryption keys, but won't backup your application data automatically. + +::: + + + +Terminate the cluster by running: + +```bash +constellation terminate +``` + +Or without confirmation (e.g., for automation purposes): + +```bash +constellation terminate --yes +``` + +This deletes all resources created by Constellation in your cloud environment. +All local files created by the `apply` command are deleted as well, except for `constellation-mastersecret.json` and the configuration file. + +:::caution + +Termination can fail if additional resources have been created that depend on the ones managed by Constellation. In this case, you need to delete these additional +resources manually. Just run the `terminate` command again afterward to continue the termination process of the cluster. + +::: + + + +Terminate the cluster by running: + +```bash +terraform destroy +``` + +Delete all files that are no longer needed: + +```bash +rm constellation-state.yaml constellation-admin.conf +``` + +Only the `constellation-mastersecret.json` and the configuration file remain. + + + diff --git a/docs/versioned_docs/version-2.17/workflows/terraform-provider.md b/docs/versioned_docs/version-2.17/workflows/terraform-provider.md new file mode 100644 index 000000000..8a3cedc62 --- /dev/null +++ b/docs/versioned_docs/version-2.17/workflows/terraform-provider.md @@ -0,0 +1,128 @@ +# Use the Terraform provider + +The Constellation Terraform provider allows to manage the full lifecycle of a Constellation cluster (namely creation, upgrades, and deletion) via Terraform. +The provider is available through the [Terraform registry](https://registry.terraform.io/providers/edgelesssys/constellation/latest) and is released in lock-step with Constellation releases. + +## Prerequisites + +- a Linux / Mac operating system (ARM64/AMD64) +- a Terraform installation of version `v1.4.4` or above + +## Quick setup + +This example shows how to set up a Constellation cluster with the reference IAM and infrastructure setup. This setup is also used when creating a Constellation cluster through the Constellation CLI. You can either consume the IAM / infrastructure modules through a remote source (recommended) or local files. The latter requires downloading the infrastructure and IAM modules for the corresponding CSP from `terraform-modules.zip` on the [Constellation release page](https://github.com/edgelesssys/constellation/releases/latest) and placing them in the Terraform workspace directory. + +1. Create a directory (workspace) for your Constellation cluster. + + ```bash + mkdir constellation-workspace + cd constellation-workspace + ``` + +2. Use one of the [example configurations for using the Constellation Terraform provider](https://github.com/edgelesssys/constellation/tree/main/terraform-provider-constellation/examples/full) or create a `main.tf` file and fill it with the resources you want to create. The [Constellation Terraform provider documentation](https://registry.terraform.io/providers/edgelesssys/constellation/latest) offers thorough documentation on the resources and their attributes. +3. Initialize and apply the Terraform configuration. + + + Initialize the providers and apply the configuration. + + ```bash + terraform init + terraform apply + ``` + + Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios. + + + When creating a cluster on Azure, you need to manually patch the policy of the MAA provider before creating the Constellation cluster, as this feature isn't available in Azure's Terraform provider yet. The Constellation CLI provides a utility for patching, but you + can also do it manually. + + ```bash + terraform init + terraform apply -target module.azure_iam # adjust resource path if not using the example configuration + terraform apply -target module.azure_infrastructure # adjust resource path if not using the example configuration + constellation maa-patch $(terraform output -raw maa_url) # adjust output path / input if not using the example configuration or manually patch the resource + terraform apply -target constellation_cluster.azure_example # adjust resource path if not using the example configuration + ``` + + Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios. + + Use the following policy if manually performing the patch. + + ``` + version= 1.0; + authorizationrules + { + [type=="x-ms-azurevm-default-securebootkeysvalidated", value==false] => deny(); + [type=="x-ms-azurevm-debuggersdisabled", value==false] => deny(); + // The line below was edited to use the MAA provider within Constellation. Do not edit manually. + //[type=="secureboot", value==false] => deny(); + [type=="x-ms-azurevm-signingdisabled", value==false] => deny(); + [type=="x-ms-azurevm-dbvalidated", value==false] => deny(); + [type=="x-ms-azurevm-dbxvalidated", value==false] => deny(); + => permit(); + }; + issuancerules + { + }; + ``` + + + + Initialize the providers and apply the configuration. + + ```bash + terraform init + terraform apply + ``` + + Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios. + + + Initialize the providers and apply the configuration. + + ```bash + terraform init + terraform apply + ``` + + Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios. + + + +4. Connect to the cluster. + + ```bash + terraform output -raw kubeconfig > constellation-admin.conf + export KUBECONFIG=$(realpath constellation-admin.conf) + ``` + +## Bringing your own infrastructure + +Instead of using the example infrastructure used in the [quick setup](#quick-setup), you can also provide your own infrastructure. +If you need a starting point for a custom infrastructure setup, you can download the infrastructure / IAM Terraform modules for the respective CSP from the Constellation [GitHub releases](https://github.com/edgelesssys/constellation/releases). You can modify and extend the modules per your requirements, while keeping the basic functionality intact. +The module contains: + +- `{csp}`: cloud resources the cluster runs on +- `iam/{csp}`: IAM resources used within the cluster + +When upgrading your cluster, make sure to check the Constellation release notes for potential breaking changes in the reference infrastructure / IAM modules that need to be considered. + +## Cluster upgrades + +:::tip +Also see the [general documentation on cluster upgrades](./upgrade.md). +::: + +The steps for applying the upgrade are as follows: + +1. Update the version constraint of the Constellation Terraform provider in the `required_providers` block in your Terraform configuration. +2. If you explicitly set any of the version attributes of the provider's resources and data sources (e.g. `image_version` or `constellation_microservice_version`), make sure to update them too. Refer to Constellation's [version support policy](https://github.com/edgelesssys/constellation/blob/main/dev-docs/workflows/versions-support.md) for more information on how each Constellation version and its dependencies are supported. +3. Update the IAM / infrastructure configuration. + - For [remote addresses as module sources](https://developer.hashicorp.com/terraform/language/modules/sources#fetching-archives-over-http), update the version number inside the address of the `source` field of the infrastructure / IAM module to the target version. + - For [local paths as module sources](https://developer.hashicorp.com/terraform/language/modules/sources#local-paths) or when [providing your own infrastructure](#bringing-your-own-infrastructure), see the changes made in the reference modules since the upgrade's origin version and adjust your infrastructure / IAM configuration accordingly. +4. Upgrade the Terraform module and provider dependencies and apply the targeted configuration. + +```bash + terraform init -upgrade + terraform apply +``` diff --git a/docs/versioned_docs/version-2.17/workflows/troubleshooting.md b/docs/versioned_docs/version-2.17/workflows/troubleshooting.md new file mode 100644 index 000000000..195bce1cc --- /dev/null +++ b/docs/versioned_docs/version-2.17/workflows/troubleshooting.md @@ -0,0 +1,151 @@ +# Troubleshooting + +This section aids you in finding problems when working with Constellation. + +## Common issues + +### Issues with creating new clusters + +When you create a new cluster, you should always use the [latest release](https://github.com/edgelesssys/constellation/releases/latest). +If something doesn't work, check out the [known issues](https://github.com/edgelesssys/constellation/issues?q=is%3Aopen+is%3Aissue+label%3A%22known+issue%22). + +### Azure: Resource Providers can't be registered + +On Azure, you may receive the following error when running `apply` or `terminate` with limited IAM permissions: + +```shell-session +Error: Error ensuring Resource Providers are registered. + +Terraform automatically attempts to register the Resource Providers it supports to +ensure it's able to provision resources. + +If you don't have permission to register Resource Providers you may wish to use the +"skip_provider_registration" flag in the Provider block to disable this functionality. + +[...] +``` + +To continue, please ensure that the [required resource providers](../getting-started/install.md#required-permissions) have been registered in your subscription by your administrator. + +Afterward, set `ARM_SKIP_PROVIDER_REGISTRATION=true` as an environment variable and either run `apply` or `terminate` again. +For example: + +```bash +ARM_SKIP_PROVIDER_REGISTRATION=true constellation apply +``` + +Or alternatively, for `terminate`: + +```bash +ARM_SKIP_PROVIDER_REGISTRATION=true constellation terminate +``` + +### Azure: Can't update attestation policy + +On Azure, you may receive the following error when running `apply` from within an Azure environment, e.g., an Azure VM: + +```shell-session +An error occurred: patching policies: updating attestation policy: unexpected status code: 403 Forbidden +``` + +The problem occurs because the Azure SDK we use internally attempts to [authenticate towards the Azure API with the managed identity of your current environment instead of the Azure CLI token](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#DefaultAzureCredential). + +We decided not to deviate from this behavior and comply with the ordering of credentials. + +A solution is to add the [required permissions](../getting-started/install.md#required-permissions) to the managed identity of your environment. For example, the managed identity of your Azure VM, instead of the account that you've authenticated with in the Azure CLI. + +If your setup requires a change in the ordering of credentials, please open an issue and explain your desired behavior. + + + +### Nodes fail to join with error `untrusted measurement value` + +This error indicates that a node's [attestation statement](../architecture/attestation.md) contains measurements that don't match the trusted values expected by the [JoinService](../architecture/microservices.md#joinservice). +This may for example happen if the cloud provider updates the VM's firmware such that it influences the [runtime measurements](../architecture/attestation.md#runtime-measurements) in an unforeseen way. +A failed upgrade due to an erroneous attestation config can also cause this error. +You can change the expected measurements to resolve the failure. + +:::caution + +Attestation and trusted measurements are crucial for the security of your cluster. +Be extra careful when manually changing these settings. +When in doubt, check if the encountered [issue is known](https://github.com/edgelesssys/constellation/issues?q=is%3Aopen+is%3Aissue+label%3A%22known+issue%22) or [contact support](https://github.com/edgelesssys/constellation#support). + +::: + +:::tip + +During an upgrade with modified attestation config, a backup of the current configuration is stored in the `join-config` config map in the `kube-system` namespace under the `attestationConfig_backup` key. To restore the old attestation config after a failed upgrade, replace the value of `attestationConfig` with the value from `attestationConfig_backup`: + +```bash +kubectl patch configmaps -n kube-system join-config -p "{\"data\":{\"attestationConfig\":\"$(kubectl get configmaps -n kube-system join-config -o "jsonpath={.data.attestationConfig_backup}")\"}}" +``` + +::: + +You can use the `apply` command to change measurements of a running cluster: + +1. Modify the `measurements` key in your local `constellation-conf.yaml` to the expected values. +2. Run `constellation apply`. + +Keep in mind that running `apply` also applies any version changes from your config to the cluster. + +You can run these commands to learn about the versions currently configured in the cluster: + +- Kubernetes API server version: `kubectl get nodeversion constellation-version -o json -n kube-system | jq .spec.kubernetesClusterVersion` +- image version: `kubectl get nodeversion constellation-version -o json -n kube-system | jq .spec.imageVersion` +- microservices versions: `helm list --filter 'constellation-services' -n kube-system` + +### Upgrading Kubernetes resources fails + +Constellation manages its Kubernetes resources using Helm. +When applying an upgrade, the charts that are about to be installed, and a values override file `overrides.yaml`, +are saved to disk in your current workspace under `constellation-upgrade/upgrade-/helm-charts/`. +If upgrading the charts using the Constellation CLI fails, you can review these charts and try to manually apply the upgrade. + +:::caution + +Changing and manually applying the charts may destroy cluster resources and can lead to broken Constellation deployments. +Proceed with caution and when in doubt, +check if the encountered [issue is known](https://github.com/edgelesssys/constellation/issues?q=is%3Aopen+is%3Aissue+label%3A%22known+issue%22) or [contact support](https://github.com/edgelesssys/constellation#support). + +::: + +## Diagnosing issues + +### Logs + +To get started on diagnosing issues with Constellation, it's often helpful to collect logs from nodes, pods, or other resources in the cluster. Most logs are available through Kubernetes' standard +[logging interfaces](https://kubernetes.io/docs/concepts/cluster-administration/logging/). + +To debug issues occurring at boot time of the nodes, you can use the serial console interface of the CSP while the machine boots to get a read-only view of the boot logs. + +Apart from that, Constellation also offers further [observability integrations](../architecture/observability.md). + +### Node shell access + +Debugging via a shell on a node is [directly supported by Kubernetes](https://kubernetes.io/docs/tasks/debug/debug-application/debug-running-pod/#node-shell-session). + +1. Figure out which node to connect to: + + ```bash + kubectl get nodes + # or to see more information, such as IPs: + kubectl get nodes -o wide + ``` + +2. Connect to the node: + + ```bash + kubectl debug node/constell-worker-xksa0-000000 -it --image=busybox + ``` + + You will be presented with a prompt. + + The nodes file system is mounted at `/host`. + +3. Once finished, clean up the debug pod: + + ```bash + kubectl delete pod node-debugger-constell-worker-xksa0-000000-bjthj + ``` diff --git a/docs/versioned_docs/version-2.17/workflows/trusted-launch.md b/docs/versioned_docs/version-2.17/workflows/trusted-launch.md new file mode 100644 index 000000000..9bc7e785f --- /dev/null +++ b/docs/versioned_docs/version-2.17/workflows/trusted-launch.md @@ -0,0 +1,54 @@ +# Use Azure trusted launch VMs + +Constellation also supports [trusted launch VMs](https://docs.microsoft.com/en-us/azure/virtual-machines/trusted-launch) on Microsoft Azure. Trusted launch VMs don't offer the same level of security as Confidential VMs, but are available in more regions and in larger quantities. The main difference between trusted launch VMs and normal VMs is that the former offer vTPM-based remote attestation. When used with trusted launch VMs, Constellation relies on vTPM-based remote attestation to verify nodes. + +:::caution + +Trusted launch VMs don't provide runtime encryption and don't keep the cloud service provider (CSP) out of your trusted computing base. + +::: + +Constellation supports trusted launch VMs with instance types `Standard_D*_v4` and `Standard_E*_v4`. Run `constellation config instance-types` for a list of all supported instance types. + +## VM images + +Azure currently doesn't support [community galleries for trusted launch VMs](https://docs.microsoft.com/en-us/azure/virtual-machines/share-gallery-community). Thus, you need to manually import the Constellation node image into your cloud subscription. + +The latest image is available at . Simply adjust the version number to download a newer version. + +After you've downloaded the image, create a resource group `constellation-images` in your Azure subscription and import the image. +You can use a script to do this: + +```bash +wget https://raw.githubusercontent.com/edgelesssys/constellation/main/hack/importAzure.sh +chmod +x importAzure.sh +AZURE_IMAGE_VERSION=2.2.0 AZURE_RESOURCE_GROUP_NAME=constellation-images AZURE_IMAGE_FILE=./constellation.img ./importAzure.sh +``` + +The script creates the following resources: + +1. A new image gallery with the default name `constellation-import` +2. A new image definition with the default name `constellation` +3. The actual image with the provided version. In this case `2.2.0` + +Once the import is completed, use the `ID` of the image version in your `constellation-conf.yaml` for the `image` field. Set `confidentialVM` to `false`. + +Fetch the image measurements: + +```bash +IMAGE_VERSION=2.2.0 +URL=https://public-edgeless-constellation.s3.us-east-2.amazonaws.com//communitygalleries/constellationcvm-b3782fa0-0df7-4f2f-963e-fc7fc42663df/images/constellation/versions/$IMAGE_VERSION/measurements.yaml +constellation config fetch-measurements -u$URL -s$URL.sig +``` + +:::info + +The [`constellation apply`](create.md) command will issue a warning because manually imported images aren't recognized as production grade images: + +```shell-session +Configured image doesn't look like a released production image. Double check image before deploying to production. +``` + +Please ignore this warning. + +::: diff --git a/docs/versioned_docs/version-2.17/workflows/upgrade.md b/docs/versioned_docs/version-2.17/workflows/upgrade.md new file mode 100644 index 000000000..7348c0dbc --- /dev/null +++ b/docs/versioned_docs/version-2.17/workflows/upgrade.md @@ -0,0 +1,110 @@ +# Upgrade your cluster + +Constellation provides an easy way to upgrade all components of your cluster, without disrupting it's availability. +Specifically, you can upgrade the Kubernetes version, the nodes' image, and the Constellation microservices. +You configure the desired versions in your local Constellation configuration and trigger upgrades with the `apply` command. +To learn about available versions you use the `upgrade check` command. +Which versions are available depends on the CLI version you are using. + +## Update the CLI + +Each CLI comes with a set of supported microservice and Kubernetes versions. +Most importantly, a given CLI version can only upgrade a cluster of the previous minor version, but not older ones. +This means that you have to upgrade your CLI and cluster one minor version at a time. + +For example, if you are currently on CLI version v2.6 and the latest version is v2.8, you should + +* upgrade the CLI to v2.7, +* upgrade the cluster to v2.7, +* and only then continue upgrading the CLI (and the cluster) to v2.8 after. + +Also note that if your current Kubernetes version isn't supported by the next CLI version, use your current CLI to upgrade to a newer Kubernetes version first. + +To learn which Kubernetes versions are supported by a particular CLI, run [constellation config kubernetes-versions](../reference/cli.md#constellation-config-kubernetes-versions). + +## Migrate the configuration + +The Constellation configuration file is located in the file `constellation-conf.yaml` in your workspace. +Refer to the [migration reference](../reference/migration.md) to check if you need to update fields in your configuration file. +Use [`constellation config migrate`](../reference/cli.md#constellation-config-migrate) to automatically update an old config file to a new format. + +## Check for upgrades + +To learn which versions the current CLI can upgrade to and what's installed in your cluster, run: + +```bash +# Show possible upgrades +constellation upgrade check + +# Show possible upgrades and write them to config file +constellation upgrade check --update-config +``` + +You can either enter the reported target versions into your config manually or run the above command with the `--update-config` flag. +When using this flag, the `kubernetesVersion`, `image`, `microserviceVersion`, and `attestation` fields are overwritten with the smallest available upgrade. + +## Apply the upgrade + +Once you updated your config with the desired versions, you can trigger the upgrade with this command: + +```bash +constellation apply +``` + +Microservice upgrades will be finished within a few minutes, depending on the cluster size. +If you are interested, you can monitor pods restarting in the `kube-system` namespace with your tool of choice. + +Image and Kubernetes upgrades take longer. +For each node in your cluster, a new node has to be created and joined. +The process usually takes up to ten minutes per node. + +When applying an upgrade, the Helm charts for the upgrade as well as backup files of Constellation-managed Custom Resource Definitions, Custom Resources, and Terraform state are created. +You can use the Terraform state backup to restore previous resources in case an upgrade misconfigured or erroneously deleted a resource. +You can use the Custom Resource (Definition) backup files to restore Custom Resources and Definitions manually (e.g., via `kubectl apply`) if the automatic migration of those resources fails. +You can use the Helm charts to manually apply upgrades to the Kubernetes resources, should an upgrade fail. + +:::note + +For advanced users: the upgrade consists of several phases that can be individually skipped through the `--skip-phases` flag. +The phases are `infrastracture` for the cloud resource management through Terraform, `helm` for the chart management of the microservices, `image` for OS image upgrades, and `k8s` for Kubernetes version upgrades. + +::: + +## Check the status + +Upgrades are asynchronous operations. +After you run `apply`, it will take a while until the upgrade has completed. +To understand if an upgrade is finished, you can run: + +```bash +constellation status +``` + +This command displays the following information: + +* The installed services and their versions +* The image and Kubernetes version the cluster is expecting on each node +* How many nodes are up to date + +Here's an example output: + +```shell-session +Target versions: + Image: v2.6.0 + Kubernetes: v1.25.8 +Service versions: + Cilium: v1.12.1 + cert-manager: v1.10.0 + constellation-operators: v2.6.0 + constellation-services: v2.6.0 +Cluster status: Some node versions are out of date + Image: 23/25 + Kubernetes: 25/25 +``` + +This output indicates that the cluster is running Kubernetes version `1.25.8`, and all nodes have the appropriate binaries installed. +23 out of 25 nodes have already upgraded to the targeted image version of `2.6.0`, while two are still in progress. + +## Apply further upgrades + +After the upgrade is finished, you can run `constellation upgrade check` again to see if there are more upgrades available. If so, repeat the process. diff --git a/docs/versioned_docs/version-2.17/workflows/verify-cli.md b/docs/versioned_docs/version-2.17/workflows/verify-cli.md new file mode 100644 index 000000000..78341f314 --- /dev/null +++ b/docs/versioned_docs/version-2.17/workflows/verify-cli.md @@ -0,0 +1,129 @@ +# Verify the CLI + +:::info +This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. +::: + + + +--- + +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at . + +:::note +The public key for Edgeless Systems' long-term code-signing key is: + +``` +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEf8F1hpmwE+YCFXzjGtaQcrL6XZVT +JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== +-----END PUBLIC KEY----- +``` + +The public key is also available for download at and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). +::: + +The Rekor transparency log is a public append-only ledger that verifies and records signatures and associated metadata. The Rekor transparency log enables everyone to observe the sequence of (software) signatures issued by Edgeless Systems and many other parties. The transparency log allows for the public identification of dubious or malicious signatures. + +You should always ensure that (1) your CLI executable was signed with the private key corresponding to the above public key and that (2) there is a corresponding entry in the Rekor transparency log. Both can be done as described in the following. + +:::info +You don't need to verify the Constellation node images. This is done automatically by your CLI and the rest of Constellation. +::: + +## Verify the signature + +:::info +This guide assumes Linux on an amd64 processor. The exact steps for other platforms differ slightly. +::: + +First, [install the Cosign CLI](https://docs.sigstore.dev/system_config/installation). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: + +```shell-session +$ cosign verify-blob --key https://edgeless.systems/es.pub --signature constellation-linux-amd64.sig constellation-linux-amd64 + +Verified OK +``` + +The above performs an offline verification of the provided public key, signature, and executable. To also verify that a corresponding entry exists in the public Rekor transparency log, add the variable `COSIGN_EXPERIMENTAL=1`: + +```shell-session +$ COSIGN_EXPERIMENTAL=1 cosign verify-blob --key https://edgeless.systems/es.pub --signature constellation-linux-amd64.sig constellation-linux-amd64 + +tlog entry verified with uuid: afaba7f6635b3e058888692841848e5514357315be9528474b23f5dcccb82b13 index: 3477047 +Verified OK +``` + +🏁 You now know that your CLI executable was officially released and signed by Edgeless Systems. + +### Optional: Manually inspect the transparency log + +To further inspect the public Rekor transparency log, [install the Rekor CLI](https://docs.sigstore.dev/logging/installation). A search for the CLI executable should give a single UUID. (Note that this UUID contains the UUID from the previous `cosign` command.) + +```shell-session +$ rekor-cli search --artifact constellation-linux-amd64 + +Found matching entries (listed by UUID): +362f8ecba72f4326afaba7f6635b3e058888692841848e5514357315be9528474b23f5dcccb82b13 +``` + +With this UUID you can get the full entry from the transparency log: + +```shell-session +$ rekor-cli get --uuid=362f8ecba72f4326afaba7f6635b3e058888692841848e5514357315be9528474b23f5dcccb82b13 + +LogID: c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d +Index: 3477047 +IntegratedTime: 2022-09-12T22:28:16Z +UUID: afaba7f6635b3e058888692841848e5514357315be9528474b23f5dcccb82b13 +Body: { + "HashedRekordObj": { + "data": { + "hash": { + "algorithm": "sha256", + "value": "40e137b9b9b8204d672642fd1e181c6d5ccb50cfc5cc7fcbb06a8c2c78f44aff" + } + }, + "signature": { + "content": "MEUCIQCSER3mGj+j5Pr2kOXTlCIHQC3gT30I7qkLr9Awt6eUUQIgcLUKRIlY50UN8JGwVeNgkBZyYD8HMxwC/LFRWoMn180=", + "publicKey": { + "content": "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFZjhGMWhwbXdFK1lDRlh6akd0YVFjckw2WFpWVApKbUVlNWlTTHZHMVN5UVNBZXc3V2RNS0Y2bzl0OGUyVEZ1Q2t6bE9oaGx3czJPSFdiaUZabkZXQ0Z3PT0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==" + } + } + } +} +``` + +The field `publicKey` should contain Edgeless Systems' public key in Base64 encoding. + +You can get an exhaustive list of artifact signatures issued by Edgeless Systems via the following command: + +```bash +rekor-cli search --public-key https://edgeless.systems/es.pub --pki-format x509 +``` + +Edgeless Systems monitors this list to detect potential unauthorized use of its private key. + +## Verify the provenance + +Provenance attests that a software artifact was produced by a specific repository and build system invocation. For more information on provenance visit [slsa.dev](https://slsa.dev/provenance/v0.2) and learn about the [adoption of SLSA for Constellation](../reference/slsa.md). + +Just as checking its signature proves that the CLI hasn't been manipulated, checking the provenance proves that the artifact was produced by the expected build process and hasn't been tampered with. + +To verify the provenance, first install the [slsa-verifier](https://github.com/slsa-framework/slsa-verifier). Then make sure you have the provenance file (`constellation.intoto.jsonl`) and Constellation CLI downloaded. Both are available on the [GitHub release page](https://github.com/edgelesssys/constellation/releases). + +:::info +The same provenance file is valid for all Constellation CLI executables of a given version independent of the target platform. +::: + +Use the verifier to perform the check: + +```shell-session +$ slsa-verifier verify-artifact constellation-linux-amd64 \ + --provenance-path constellation.intoto.jsonl \ + --source-uri github.com/edgelesssys/constellation + +Verified signature against tlog entry index 7771317 at URL: https://rekor.sigstore.dev/api/v1/log/entries/24296fb24b8ad77af2c04c8b4ae0d5bc5... +Verified build using builder https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@refs/tags/v1.2.2 at commit 18e9924b416323c37b9cdfd6cc728de8a947424a +PASSED: Verified SLSA provenance +``` diff --git a/docs/versioned_docs/version-2.17/workflows/verify-cluster.md b/docs/versioned_docs/version-2.17/workflows/verify-cluster.md new file mode 100644 index 000000000..b6595ebf2 --- /dev/null +++ b/docs/versioned_docs/version-2.17/workflows/verify-cluster.md @@ -0,0 +1,97 @@ +# Verify your cluster + +Constellation's [attestation feature](../architecture/attestation.md) allows you, or a third party, to verify the integrity and confidentiality of your Constellation cluster. + +## Fetch measurements + +To verify the integrity of Constellation you need trusted measurements to verify against. For each node image released by Edgeless Systems, there are signed measurements, which you can download using the CLI: + +```bash +constellation config fetch-measurements +``` + +This command performs the following steps: + +1. Download the signed measurements for the configured image. By default, this will use Edgeless Systems' public measurement registry. +2. Verify the signature of the measurements. This will use Edgeless Systems' [public key](https://edgeless.systems/es.pub). +3. Write measurements into configuration file. + +The configuration file then contains a list of `measurements` similar to the following: + +```yaml +# ... +measurements: + 0: + expected: "0f35c214608d93c7a6e68ae7359b4a8be5a0e99eea9107ece427c4dea4e439cf" + warnOnly: false + 4: + expected: "02c7a67c01ec70ffaf23d73a12f749ab150a8ac6dc529bda2fe1096a98bf42ea" + warnOnly: false + 5: + expected: "e6949026b72e5045706cd1318889b3874480f7a3f7c5c590912391a2d15e6975" + warnOnly: true + 8: + expected: "0000000000000000000000000000000000000000000000000000000000000000" + warnOnly: false + 9: + expected: "f0a6e8601b00e2fdc57195686cd4ef45eb43a556ac1209b8e25d993213d68384" + warnOnly: false + 11: + expected: "0000000000000000000000000000000000000000000000000000000000000000" + warnOnly: false + 12: + expected: "da99eb6cf7c7fbb692067c87fd5ca0b7117dc293578e4fea41f95d3d3d6af5e2" + warnOnly: false + 13: + expected: "0000000000000000000000000000000000000000000000000000000000000000" + warnOnly: false + 14: + expected: "d7c4cc7ff7933022f013e03bdee875b91720b5b86cf1753cad830f95e791926f" + warnOnly: true + 15: + expected: "0000000000000000000000000000000000000000000000000000000000000000" + warnOnly: false +# ... +``` + +Each entry specifies the expected value of the Constellation node, and whether the measurement should be enforced (`warnOnly: false`), or only a warning should be logged (`warnOnly: true`). +By default, the subset of the [available measurements](../architecture/attestation.md#runtime-measurements) that can be locally reproduced and verified is enforced. + +During attestation, the validating side (CLI or [join service](../architecture/microservices.md#joinservice)) compares each measurement reported by the issuing side (first node or joining node) individually. +For mismatching measurements that have set `warnOnly` to `true` only a warning is emitted. +For mismatching measurements that have set `warnOnly` to `false` an error is emitted and attestation fails. +If attestation fails for a new node, it isn't permitted to join the cluster. + +## The *verify* command + +:::note +The steps below are purely optional. They're automatically executed by `constellation apply` when you initialize your cluster. The `constellation verify` command mostly has an illustrative purpose. +::: + +The `verify` command obtains and verifies an attestation statement from a running Constellation cluster. + +```bash +constellation verify [--cluster-id ...] +``` + +From the attestation statement, the command verifies the following properties: + +* The cluster is using the correct Confidential VM (CVM) type. +* Inside the CVMs, the correct node images are running. The node images are identified through the measurements obtained in the previous step. +* The unique ID of the cluster matches the one from your `constellation-state.yaml` file or passed in via `--cluster-id`. + +Once the above properties are verified, you know that you are talking to the right Constellation cluster and it's in a good and trustworthy shape. + +### Custom arguments + +The `verify` command also allows you to verify any Constellation deployment that you have network access to. For this you need the following: + +* The IP address of a running Constellation cluster's [VerificationService](../architecture/microservices.md#verificationservice). The `VerificationService` is exposed via a `NodePort` service using the external IP address of your cluster. Run `kubectl get nodes -o wide` and look for `EXTERNAL-IP`. +* The cluster's *clusterID*. See [cluster identity](../architecture/keys.md#cluster-identity) for more details. +* A `constellation-conf.yaml` file with the expected measurements of the cluster in your working directory. + +For example: + +```shell-session +constellation verify -e 192.0.2.1 --cluster-id Q29uc3RlbGxhdGlvbkRvY3VtZW50YXRpb25TZWNyZXQ= +``` diff --git a/docs/versioned_sidebars/version-2.17-sidebars.json b/docs/versioned_sidebars/version-2.17-sidebars.json new file mode 100644 index 000000000..b137f339c --- /dev/null +++ b/docs/versioned_sidebars/version-2.17-sidebars.json @@ -0,0 +1,294 @@ +{ + "docs": [ + { + "type": "doc", + "label": "Introduction", + "id": "intro" + }, + { + "type": "category", + "label": "Basics", + "link": { + "type": "generated-index" + }, + "items": [ + { + "type": "doc", + "label": "Confidential Kubernetes", + "id": "overview/confidential-kubernetes" + }, + { + "type": "doc", + "label": "Security benefits", + "id": "overview/security-benefits" + }, + { + "type": "doc", + "label": "Product features", + "id": "overview/product" + }, + { + "type": "doc", + "label": "Feature status of clouds", + "id": "overview/clouds" + }, + { + "type": "category", + "label": "Performance", + "link": { + "type": "doc", + "id": "overview/performance/performance" + }, + "items": [ + { + "type": "doc", + "label": "I/O benchmarks", + "id": "overview/performance/io" + }, + { + "type": "doc", + "label": "Application benchmarks", + "id": "overview/performance/application" + } + ] + }, + { + "type": "doc", + "label": "License", + "id": "overview/license" + } + ] + }, + { + "type": "category", + "label": "Getting started", + "link": { + "type": "generated-index" + }, + "items": [ + { + "type": "doc", + "label": "Installation", + "id": "getting-started/install" + }, + { + "type": "doc", + "label": "First steps (cloud)", + "id": "getting-started/first-steps" + }, + { + "type": "doc", + "label": "First steps (local)", + "id": "getting-started/first-steps-local" + }, + { + "type": "doc", + "label": "Cloud Marketplaces", + "id": "getting-started/marketplaces" + }, + { + "type": "category", + "label": "Examples", + "link": { + "type": "doc", + "id": "getting-started/examples" + }, + "items": [ + { + "type": "doc", + "label": "Emojivoto", + "id": "getting-started/examples/emojivoto" + }, + { + "type": "doc", + "label": "Online Boutique", + "id": "getting-started/examples/online-boutique" + }, + { + "type": "doc", + "label": "Horizontal Pod Autoscaling", + "id": "getting-started/examples/horizontal-scaling" + }, + { + "type": "doc", + "label": "Filestash with s3proxy", + "id": "getting-started/examples/filestash-s3proxy" + } + ] + } + ] + }, + { + "type": "category", + "label": "Workflows", + "link": { + "type": "generated-index" + }, + "items": [ + { + "type": "doc", + "label": "Verify the CLI", + "id": "workflows/verify-cli" + }, + { + "type": "doc", + "label": "Configure your cluster", + "id": "workflows/config" + }, + { + "type": "doc", + "label": "Create your cluster", + "id": "workflows/create" + }, + { + "type": "doc", + "label": "Scale your cluster", + "id": "workflows/scale" + }, + { + "type": "doc", + "label": "Upgrade your cluster", + "id": "workflows/upgrade" + }, + { + "type": "doc", + "label": "Expose a service", + "id": "workflows/lb" + }, + { + "type": "doc", + "label": "Install cert-manager", + "id": "workflows/cert-manager" + }, + { + "type": "doc", + "label": "Install s3proxy", + "id": "workflows/s3proxy" + }, + { + "type": "doc", + "label": "Terminate your cluster", + "id": "workflows/terminate" + }, + { + "type": "doc", + "label": "Recover your cluster", + "id": "workflows/recovery" + }, + { + "type": "doc", + "label": "Verify your cluster", + "id": "workflows/verify-cluster" + }, + { + "type": "doc", + "label": "Use persistent storage", + "id": "workflows/storage" + }, + { + "type": "doc", + "label": "Use the Terraform provider", + "id": "workflows/terraform-provider" + }, + { + "type": "doc", + "label": "Consume SBOMs", + "id": "workflows/sbom" + }, + { + "type": "doc", + "label": "Troubleshooting", + "id": "workflows/troubleshooting" + } + ] + }, + { + "type": "category", + "label": "Architecture", + "link": { + "type": "generated-index" + }, + "items": [ + { + "type": "doc", + "label": "Overview", + "id": "architecture/overview" + }, + { + "type": "doc", + "label": "Cluster orchestration", + "id": "architecture/orchestration" + }, + { + "type": "doc", + "label": "Versions and support", + "id": "architecture/versions" + }, + { + "type": "doc", + "label": "Microservices", + "id": "architecture/microservices" + }, + { + "type": "doc", + "label": "Attestation", + "id": "architecture/attestation" + }, + { + "type": "doc", + "label": "Images", + "id": "architecture/images" + }, + { + "type": "doc", + "label": "Keys and cryptographic primitives", + "id": "architecture/keys" + }, + { + "type": "doc", + "label": "Encrypted persistent storage", + "id": "architecture/encrypted-storage" + }, + { + "type": "doc", + "label": "Networking", + "id": "architecture/networking" + }, + { + "type": "doc", + "label": "Observability", + "id": "architecture/observability" + } + ] + }, + { + "type": "category", + "label": "Reference", + "link": { + "type": "generated-index" + }, + "items": [ + { + "type": "doc", + "label": "CLI", + "id": "reference/cli" + }, + { + "type": "doc", + "label": "Configuration migrations", + "id": "reference/migration" + }, + { + "type": "doc", + "label": "Terraform usage", + "id": "reference/terraform" + }, + { + "type": "doc", + "label": "SLSA adoption", + "id": "reference/slsa" + } + ] + } + ] +} diff --git a/docs/versions.json b/docs/versions.json index 2d1f36c9c..368eedb7e 100644 --- a/docs/versions.json +++ b/docs/versions.json @@ -1,4 +1,5 @@ [ + "2.17", "2.16", "2.15", "2.14", From 20269ab46e1d2e6e591bc4e1431a186c53c5d9bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Wed, 3 Jul 2024 14:41:29 +0200 Subject: [PATCH 136/380] gcp: pass context to metadata functions (#3228) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- internal/attestation/gcp/es/issuer_test.go | 6 ++--- internal/attestation/gcp/metadata.go | 28 +++++++++++----------- internal/attestation/gcp/snp/issuer.go | 12 +++++----- 3 files changed, 23 insertions(+), 23 deletions(-) diff --git a/internal/attestation/gcp/es/issuer_test.go b/internal/attestation/gcp/es/issuer_test.go index 483662855..d8d0075de 100644 --- a/internal/attestation/gcp/es/issuer_test.go +++ b/internal/attestation/gcp/es/issuer_test.go @@ -91,14 +91,14 @@ type fakeMetadataClient struct { zoneErr error } -func (c fakeMetadataClient) ProjectID() (string, error) { +func (c fakeMetadataClient) ProjectID(_ context.Context) (string, error) { return c.projectIDString, c.projecIDErr } -func (c fakeMetadataClient) InstanceName() (string, error) { +func (c fakeMetadataClient) InstanceName(_ context.Context) (string, error) { return c.instanceNameString, c.instanceNameErr } -func (c fakeMetadataClient) Zone() (string, error) { +func (c fakeMetadataClient) Zone(_ context.Context) (string, error) { return c.zoneString, c.zoneErr } diff --git a/internal/attestation/gcp/metadata.go b/internal/attestation/gcp/metadata.go index d0e32eb8a..471eceb99 100644 --- a/internal/attestation/gcp/metadata.go +++ b/internal/attestation/gcp/metadata.go @@ -21,17 +21,17 @@ func GCEInstanceInfo(client gcpMetadataClient) func(context.Context, io.ReadWrit // Ideally we would want to use the endorsement public key certificate // However, this is not available on GCE instances // Workaround: Provide ShieldedVM instance info - // The attestating party can request the VMs signing key using Google's API - return func(context.Context, io.ReadWriteCloser, []byte) ([]byte, error) { - projectID, err := client.ProjectID() + // The attesting party can request the VMs signing key using Google's API + return func(ctx context.Context, _ io.ReadWriteCloser, _ []byte) ([]byte, error) { + projectID, err := client.ProjectID(ctx) if err != nil { return nil, errors.New("unable to fetch projectID") } - zone, err := client.Zone() + zone, err := client.Zone(ctx) if err != nil { return nil, errors.New("unable to fetch zone") } - instanceName, err := client.InstanceName() + instanceName, err := client.InstanceName(ctx) if err != nil { return nil, errors.New("unable to fetch instance name") } @@ -45,25 +45,25 @@ func GCEInstanceInfo(client gcpMetadataClient) func(context.Context, io.ReadWrit } type gcpMetadataClient interface { - ProjectID() (string, error) - InstanceName() (string, error) - Zone() (string, error) + ProjectID(context.Context) (string, error) + InstanceName(context.Context) (string, error) + Zone(context.Context) (string, error) } // A MetadataClient fetches metadata from the GCE Metadata API. type MetadataClient struct{} // ProjectID returns the project ID of the GCE instance. -func (c MetadataClient) ProjectID() (string, error) { - return metadata.ProjectIDWithContext(context.Background()) +func (c MetadataClient) ProjectID(ctx context.Context) (string, error) { + return metadata.ProjectIDWithContext(ctx) } // InstanceName returns the instance name of the GCE instance. -func (c MetadataClient) InstanceName() (string, error) { - return metadata.InstanceNameWithContext(context.Background()) +func (c MetadataClient) InstanceName(ctx context.Context) (string, error) { + return metadata.InstanceNameWithContext(ctx) } // Zone returns the zone the GCE instance is located in. -func (c MetadataClient) Zone() (string, error) { - return metadata.ZoneWithContext(context.Background()) +func (c MetadataClient) Zone(ctx context.Context) (string, error) { + return metadata.ZoneWithContext(ctx) } diff --git a/internal/attestation/gcp/snp/issuer.go b/internal/attestation/gcp/snp/issuer.go index ff5b2fd16..215b21c8d 100644 --- a/internal/attestation/gcp/snp/issuer.go +++ b/internal/attestation/gcp/snp/issuer.go @@ -57,7 +57,7 @@ func getAttestationKey(tpm io.ReadWriter) (*tpmclient.Key, error) { // getInstanceInfo generates an extended SNP report, i.e. the report and any loaded certificates. // Report generation is triggered by sending ioctl syscalls to the SNP guest device, the AMD PSP generates the report. // The returned bytes will be written into the attestation document. -func getInstanceInfo(_ context.Context, _ io.ReadWriteCloser, extraData []byte) ([]byte, error) { +func getInstanceInfo(ctx context.Context, _ io.ReadWriteCloser, extraData []byte) ([]byte, error) { if len(extraData) > 64 { return nil, fmt.Errorf("extra data too long: %d, should be 64 bytes at most", len(extraData)) } @@ -74,7 +74,7 @@ func getInstanceInfo(_ context.Context, _ io.ReadWriteCloser, extraData []byte) return nil, fmt.Errorf("parsing vcek: %w", err) } - gceInstanceInfo, err := gceInstanceInfo() + gceInstanceInfo, err := gceInstanceInfo(ctx) if err != nil { return nil, fmt.Errorf("getting GCE instance info: %w", err) } @@ -93,20 +93,20 @@ func getInstanceInfo(_ context.Context, _ io.ReadWriteCloser, extraData []byte) } // gceInstanceInfo returns the instance info for a GCE instance from the metadata API. -func gceInstanceInfo() (*attest.GCEInstanceInfo, error) { +func gceInstanceInfo(ctx context.Context) (*attest.GCEInstanceInfo, error) { c := gcp.MetadataClient{} - instanceName, err := c.InstanceName() + instanceName, err := c.InstanceName(ctx) if err != nil { return nil, fmt.Errorf("getting instance name: %w", err) } - projectID, err := c.ProjectID() + projectID, err := c.ProjectID(ctx) if err != nil { return nil, fmt.Errorf("getting project ID: %w", err) } - zone, err := c.Zone() + zone, err := c.Zone(ctx) if err != nil { return nil, fmt.Errorf("getting zone: %w", err) } From e9a4ccd0096f3460d1ebd529b185ee720b0c075c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Thu, 4 Jul 2024 10:02:59 +0200 Subject: [PATCH 137/380] ci: run versionsapi through Bazel instead of building a container (#3231) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- .github/actions/find_latest_image/action.yml | 2 ++ .github/actions/select_image/action.yml | 4 +++ .github/actions/versionsapi/Dockerfile | 21 ------------ .github/actions/versionsapi/action.yml | 9 +----- .../workflows/build-versionsapi-ci-image.yml | 32 ------------------- .github/workflows/purge-main.yml | 2 ++ .github/workflows/versionsapi.yml | 2 ++ 7 files changed, 11 insertions(+), 61 deletions(-) delete mode 100644 .github/actions/versionsapi/Dockerfile delete mode 100644 .github/workflows/build-versionsapi-ci-image.yml diff --git a/.github/actions/find_latest_image/action.yml b/.github/actions/find_latest_image/action.yml index 7c21308f9..8c07ff307 100644 --- a/.github/actions/find_latest_image/action.yml +++ b/.github/actions/find_latest_image/action.yml @@ -43,6 +43,8 @@ runs: role-to-assume: arn:aws:iam::795746500882:role/GithubConstellationVersionsAPIRead aws-region: eu-central-1 + - uses: ./.github/actions/setup_bazel_nix + - name: Find latest image id: find-latest-image if: inputs.imageVersion == '' diff --git a/.github/actions/select_image/action.yml b/.github/actions/select_image/action.yml index 391814256..59f455619 100644 --- a/.github/actions/select_image/action.yml +++ b/.github/actions/select_image/action.yml @@ -43,6 +43,10 @@ runs: echo "ref=$(echo $REFSTREAM | cut -d/ -f2)" | tee -a "$GITHUB_OUTPUT" echo "stream=$(echo $REFSTREAM | cut -d/ -f4)" | tee -a "$GITHUB_OUTPUT" + - name: Setup Bazel & Nix + if: steps.input-is-preset.outputs.result == 'true' + uses: ./.github/actions/setup_bazel_nix + - name: Find latest image if: steps.input-is-preset.outputs.result == 'true' id: find-latest-image diff --git a/.github/actions/versionsapi/Dockerfile b/.github/actions/versionsapi/Dockerfile deleted file mode 100644 index 06f343486..000000000 --- a/.github/actions/versionsapi/Dockerfile +++ /dev/null @@ -1,21 +0,0 @@ -FROM golang:1.22.4@sha256:a66eda637829ce891e9cf61ff1ee0edf544e1f6c5b0e666c7310dce231a66f28 as builder - -# Download project root dependencies -WORKDIR /workspace -COPY go.mod go.mod -COPY go.sum go.sum -# cache deps before building and copying source so that we don't need to re-download as much -# and so that source changes don't invalidate our downloaded layer -RUN go mod download - -COPY . . - -# Build -WORKDIR /workspace/internal/api/versionsapi/cli -RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o versionsapi . - -FROM scratch as release - -COPY --from=builder /workspace/internal/api/versionsapi/cli/versionsapi . - -CMD ["/notIntendedToBeExecuted"] diff --git a/.github/actions/versionsapi/action.yml b/.github/actions/versionsapi/action.yml index fd236dec1..817064334 100644 --- a/.github/actions/versionsapi/action.yml +++ b/.github/actions/versionsapi/action.yml @@ -52,19 +52,12 @@ outputs: runs: using: composite steps: - - name: Get versionsapi binary - shell: bash - # TODO: This should probably be `bazel run`. - run: | - containerID=$(docker create "ghcr.io/edgelesssys/constellation/versionsapi-ci-cli:latest") - docker cp ${containerID}:/versionsapi . - - name: Run versionsapi id: run shell: bash run: | out=$( - ./versionsapi \ + bazel run //internal/api/versionsapi/cli:cli -- \ ${{ inputs.command }} \ ${{ inputs.ref != '' && format('--ref="{0}"', inputs.ref) || '' }} \ ${{ inputs.stream != '' && format('--stream="{0}"', inputs.stream) || '' }} \ diff --git a/.github/workflows/build-versionsapi-ci-image.yml b/.github/workflows/build-versionsapi-ci-image.yml deleted file mode 100644 index 7c8aa449c..000000000 --- a/.github/workflows/build-versionsapi-ci-image.yml +++ /dev/null @@ -1,32 +0,0 @@ -name: Build and upload versionsapi CI image - -on: - workflow_dispatch: - push: - branches: - - main - paths: - - "internal/api/versionsapi/**" - - ".github/workflows/build-versionsapi-ci-image.yml" - - ".github/actions/versionsapi/**" - - "go.mod" - -jobs: - build-versionsapi-ci-cli: - runs-on: ubuntu-22.04 - permissions: - contents: read - packages: write - steps: - - name: Check out repository - id: checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - - - name: Build and upload container image - uses: ./.github/actions/build_micro_service - with: - name: versionsapi-ci-cli - dockerfile: .github/actions/versionsapi/Dockerfile - githubToken: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/purge-main.yml b/.github/workflows/purge-main.yml index 100851c0b..20e39e0bf 100644 --- a/.github/workflows/purge-main.yml +++ b/.github/workflows/purge-main.yml @@ -47,6 +47,8 @@ jobs: ;; esac + - uses: ./.github/actions/setup_bazel_nix + - name: List versions id: list uses: ./.github/actions/versionsapi diff --git a/.github/workflows/versionsapi.yml b/.github/workflows/versionsapi.yml index 46188769d..50a99fed8 100644 --- a/.github/workflows/versionsapi.yml +++ b/.github/workflows/versionsapi.yml @@ -180,6 +180,8 @@ jobs: with: service_account: "image-deleter@constellation-images.iam.gserviceaccount.com" + - uses: ./.github/actions/setup_bazel_nix + - name: Execute versionsapi CLI id: run uses: ./.github/actions/versionsapi From 74e0f44230f1d1f79c2a2f0c5a98a09f33eb990d Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Thu, 4 Jul 2024 11:17:55 +0200 Subject: [PATCH 138/380] chore: v2.17.0 post-release (#3229) Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --- .github/workflows/e2e-test-release.yml | 2 +- .github/workflows/e2e-test-weekly.yml | 13 +++-- .../provider/attestation_data_source_test.go | 52 +++++++++---------- version.txt | 2 +- 4 files changed, 33 insertions(+), 36 deletions(-) diff --git a/.github/workflows/e2e-test-release.yml b/.github/workflows/e2e-test-release.yml index 076be724f..778c6c4e9 100644 --- a/.github/workflows/e2e-test-release.yml +++ b/.github/workflows/e2e-test-release.yml @@ -403,7 +403,7 @@ jobs: fail-fast: false max-parallel: 1 matrix: - fromVersion: ["v2.16.4"] + fromVersion: ["v2.17.0"] attestationVariant: ["gcp-sev-es", "azure-sev-snp", "azure-tdx", "aws-sev-snp"] name: Run upgrade tests secrets: inherit diff --git a/.github/workflows/e2e-test-weekly.yml b/.github/workflows/e2e-test-weekly.yml index ff8a02e27..b56a104d0 100644 --- a/.github/workflows/e2e-test-weekly.yml +++ b/.github/workflows/e2e-test-weekly.yml @@ -285,12 +285,11 @@ jobs: attestationVariant: "gcp-sev-es" kubernetes-version: "v1.29" clusterCreation: "cli" - # TODO(msanft): Enable once stable GCP SEV-SNP images exist. - # - test: "verify" - # refStream: "ref/release/stream/stable/?" - # attestationVariant: "gcp-sev-snp" - # kubernetes-version: "v1.29" - # clusterCreation: "cli" + - test: "verify" + refStream: "ref/release/stream/stable/?" + attestationVariant: "gcp-sev-snp" + kubernetes-version: "v1.29" + clusterCreation: "cli" - test: "verify" refStream: "ref/release/stream/stable/?" attestationVariant: "azure-sev-snp" @@ -413,7 +412,7 @@ jobs: fail-fast: false max-parallel: 1 matrix: - fromVersion: ["v2.16.4"] + fromVersion: ["v2.17.0"] attestationVariant: ["gcp-sev-es", "azure-sev-snp", "azure-tdx", "aws-sev-snp"] name: Run upgrade tests secrets: inherit diff --git a/terraform-provider-constellation/internal/provider/attestation_data_source_test.go b/terraform-provider-constellation/internal/provider/attestation_data_source_test.go index 3740e6b11..407900551 100644 --- a/terraform-provider-constellation/internal/provider/attestation_data_source_test.go +++ b/terraform-provider-constellation/internal/provider/attestation_data_source_test.go @@ -110,33 +110,31 @@ func TestAccAttestationSource(t *testing.T) { }, }, }, - // TODO(msanft): Enable once v2.17.0 is available - // "gcp sev-snp succcess": { - // ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, - // PreCheck: bazelPreCheck, - // Steps: []resource.TestStep{ - // { - // Config: testingConfig + ` - // data "constellation_attestation" "test" { - // csp = "gcp" - // attestation_variant = "gcp-sev-snp" - // image = { - // version = "v2.17.0" - // reference = "v2.17.0" - // short_path = "v2.17.0" - // } - // } - // `, - // Check: resource.ComposeAggregateTestCheckFunc( - // resource.TestCheckResourceAttr("data.constellation_attestation.test", "attestation.variant", "gcp-sev-snp"), - // resource.TestCheckResourceAttr("data.constellation_attestation.test", "attestation.bootloader_version", "0"), // since this is not supported on GCP, we expect 0 - - // resource.TestCheckResourceAttr("data.constellation_attestation.test", "attestation.measurements.1.expected", "745f2fb4235e4647aa0ad5ace781cd929eb68c28870e7dd5d1a1535854325e56"), - // resource.TestCheckResourceAttr("data.constellation_attestation.test", "attestation.measurements.1.warn_only", "true"), - // ), - // }, - // }, - // }, + "gcp sev-snp succcess": { + ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, + PreCheck: bazelPreCheck, + Steps: []resource.TestStep{ + { + Config: testingConfig + ` + data "constellation_attestation" "test" { + csp = "gcp" + attestation_variant = "gcp-sev-snp" + image = { + version = "v2.17.0" + reference = "v2.17.0" + short_path = "v2.17.0" + } + } + `, + Check: resource.ComposeAggregateTestCheckFunc( + resource.TestCheckResourceAttr("data.constellation_attestation.test", "attestation.variant", "gcp-sev-snp"), + resource.TestCheckResourceAttr("data.constellation_attestation.test", "attestation.bootloader_version", "3"), + resource.TestCheckResourceAttr("data.constellation_attestation.test", "attestation.measurements.1.expected", "3695dcc55e3aa34027c27793c85c723c697d708c42d1f73bd6fa4f26608a5b24"), + resource.TestCheckResourceAttr("data.constellation_attestation.test", "attestation.measurements.1.warn_only", "true"), + ), + }, + }, + }, "STACKIT qemu-vtpm success": { ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, PreCheck: bazelPreCheck, diff --git a/version.txt b/version.txt index 8dbd61013..4844671e4 100644 --- a/version.txt +++ b/version.txt @@ -1 +1 @@ -v2.17.0-pre +v2.18.0-pre From 9f28c62793d4a2990a2e4615bf319613e779f711 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Thu, 4 Jul 2024 11:34:24 +0200 Subject: [PATCH 139/380] terraform: update StackIT provider to v0.23.0 (#3232) --- .../openstack/.terraform.lock.hcl | 51 ++++++++----------- terraform/infrastructure/openstack/main.tf | 2 +- .../modules/stackit_loadbalancer/main.tf | 2 +- 3 files changed, 23 insertions(+), 32 deletions(-) diff --git a/terraform/infrastructure/openstack/.terraform.lock.hcl b/terraform/infrastructure/openstack/.terraform.lock.hcl index cdb768b99..3b40b4ac6 100644 --- a/terraform/infrastructure/openstack/.terraform.lock.hcl +++ b/terraform/infrastructure/openstack/.terraform.lock.hcl @@ -26,38 +26,29 @@ provider "registry.terraform.io/hashicorp/random" { } provider "registry.terraform.io/stackitcloud/stackit" { - version = "0.19.0" - constraints = "0.19.0" + version = "0.23.0" + constraints = "0.23.0" hashes = [ - "h1:2hgGNObJb6LPy5ErCMf2dl04H42UXPVQfO0ddELY70g=", - "h1:5PgdHlnRuQ9KtIPbxZW16KiYBxqpzZgD5lrqi9wl1NI=", - "h1:BLOc7TOVbJ5rDh7pBXWBKpv5JwdEJtJDfL6qL5DrRBk=", - "h1:EbzQdIJPZzWYiopHWWRw41nbVTQVEBULn98y+pSCUI0=", - "h1:HlOAdnuI4XME2hpwM/UJ7hkEfD6Kymd13cFbNXEpl1o=", - "h1:IXPIRVOON5xfjl0ahxmzn+HbuqoBZFjyvGJrQZUIrpA=", - "h1:MVQ9s55+e1sBM50gG2yKCDwtkarVyReomZTPHi9C+6Q=", - "h1:Sx8weH8CdXcBJMs5s9uDWQMERSqUw/sY0kv61Rer6bc=", - "h1:eW7vgkOSiJCkDfOjpCPPa509qf/mq2bohKuETcRMBDk=", - "h1:fNmM6YjXrz4Ms40GN/K1OiNuD4oXFdeMSEakaOvoW0c=", - "h1:hK4Kq58vY8lCOlFWX2uChXmgTMbsAUAwL+IMZmTYICg=", - "h1:iyfk2Gc5K7SqiIjpMBUmLZk2xqLPrtnv63+oLPrcgzo=", - "h1:t7KLgeRVx2k0a+I6StQNx5FWq43HtN6Lb/0+GD9M15Q=", - "h1:w3rZ31LGmYda+dhoqFcs3Cy4KcK/886FeD7e4el/IHg=", - "zh:0a1fcf458c53a6dc076e054c03c6580d1ba81af6848f3b12b57fbdffe5966154", + "h1:UT46iz4WQNfa7W8ye2QHkxPIsKxpZRlu9TnD2QmdAPk=", + "h1:asaFg0pI1yEkHlN5lk1jUq76BL6nOPzxg6LDi8dN8uE=", + "h1:rbo4uB/dsvbE9sRsGFazjiAMrCD4pSG4RCFdj2qUGLo=", + "h1:snPQsPQGcGrR3qKis6HVa/RewQO3dsloq7wMm8X7Mgs=", + "h1:vPFC/qsmLrY7u97UyATVPOh+UJWE5J0vqeTaGRRVAig=", "zh:0dde99e7b343fa01f8eefc378171fb8621bedb20f59157d6cc8e3d46c738105f", - "zh:3c693a6afde4d65eae6ca4b287e6ed5d35d90a923274f81b792cc92685433611", - "zh:477f252abd91b5a772e71d4a84c99a65969605095c5c207f2ee4718be856d438", - "zh:5f65659d143a016e9b5c3400e91ec34882a7054c0361b256aa975b9ee637b7db", - "zh:7a743de5cccb9190eb4517520f623a5e7a4651d8e8eaa231042ff5039fef0786", - "zh:7fd825b7da38cf77559e7b6c8ce37c873cd081c69b4be5e66ccdd16ddf040d79", - "zh:803e2a111b94a995d6c53c4a0e87e3a7f436df0f6810d2a5bca07ff5a5174c38", - "zh:8d403847edf4e15e5075a93eb336ab8df3e42c179d10356ac8e69a1357d4a3a6", - "zh:8d84df2750dca6ee20ae81648965d241ccb2bc93213a591b61b2df17a1914cba", - "zh:bc9ab8292cc65bf275446830a4ac6cd721ddf9bc24563112d672b66cfc080a26", - "zh:ca8aae314ef0abcc4e39bc18ba6e6891a41a497eeb8d9f6fcdc9c4cdc64aec98", - "zh:d99a35c688b7053f1127fa663d6783575e89aefe9226f87a5e20fd6e4031c142", - "zh:f4ec0886e09246bd79fd0e37805be4ffbd1128f3487018130610bcffe44f761e", - "zh:fb3dd70cda60663d053f14a791019abb0ea16e2bb1c2c048b1806d2a1d0db58d", + "zh:1d0241090e49ee8155ca35045aa5abb9b019a58c8a5e8ea438589f57b24c2349", + "zh:29add5ff5d36be1904fe304039a2e874e697425fc56cbac7f1163abe9b5a9bbb", + "zh:4126f0934f32ecf5b7a057a95b1fd31ffbca9f8400896f69dec625d292d214da", + "zh:63c524554acb611ba002227942fb8e7bcd7d39f9575ad1799958bbba37e1a8b1", + "zh:67f1716cca733c62a63a4eaf9f19ded01502e71f6495e92c59c57f0918eb921e", + "zh:6f0ec187c469aaeafc94b24bfcbdf7a8d12f9671b26711f5bf9283f44334bdc8", + "zh:7c78c551516cdc4743c83098c11343eaf85dbf860e3922345124c95cb5c727ac", + "zh:80fcfb25dabf2186657d332ce7274acb8859d85402fc524c39eb83956bf83230", + "zh:84c3e00028537e791eff81dc0e15d5feb7b6a5b69fa31e489799049f83fd0855", + "zh:9e695958afb97411237cd3260b494b5b51a53b18ff5be30d9b64110cc4bd3c7b", + "zh:afe7875b50a762e2d8417fcc636b37cfbab73ff0b30f7f01a5bc92be2ff3a73e", + "zh:d89d4436ad33069a56ed8c7c3e5cfd6446c5bed3322f757eec5a6f060ec3cb5c", + "zh:dfdfa1817fcfee99060a56276c3d190bc763cf9d033f8c4904788b84332e4956", + "zh:f9740a30e1f7a44140b97e18e906ed221fe78b10b9d661afecd41530058ac596", ] } diff --git a/terraform/infrastructure/openstack/main.tf b/terraform/infrastructure/openstack/main.tf index f8c874453..2baee62b5 100644 --- a/terraform/infrastructure/openstack/main.tf +++ b/terraform/infrastructure/openstack/main.tf @@ -7,7 +7,7 @@ terraform { stackit = { source = "stackitcloud/stackit" - version = "0.19.0" + version = "0.23.0" } random = { diff --git a/terraform/infrastructure/openstack/modules/stackit_loadbalancer/main.tf b/terraform/infrastructure/openstack/modules/stackit_loadbalancer/main.tf index 948d3cb3b..4a7dfea1b 100644 --- a/terraform/infrastructure/openstack/modules/stackit_loadbalancer/main.tf +++ b/terraform/infrastructure/openstack/modules/stackit_loadbalancer/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { stackit = { source = "stackitcloud/stackit" - version = "0.19.0" + version = "0.23.0" } } } From 5efe2a4c836348e1f6926c1a1413a9cfa9060580 Mon Sep 17 00:00:00 2001 From: Moritz Eckert Date: Thu, 4 Jul 2024 15:40:21 +0200 Subject: [PATCH 140/380] docs: update concept graphic (#3233) --- docs/static/img/concept.svg | 253 +++++++++++++++++++++++------------- 1 file changed, 164 insertions(+), 89 deletions(-) diff --git a/docs/static/img/concept.svg b/docs/static/img/concept.svg index eb248bf78..572113ec4 100644 --- a/docs/static/img/concept.svg +++ b/docs/static/img/concept.svg @@ -1,120 +1,195 @@ - - + + - - - - - - - - - - - - - - - - - - - - - - - - + + + - - - - - - - - - - - + + - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + - + - - + + - + - + - - + + - + + + + + + + + + + + + + + - - + + - + + + + + + From 2a59f2d464a9a7154356e6d7bc7b57d429f514f4 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Fri, 5 Jul 2024 08:38:48 +0200 Subject: [PATCH 141/380] image: update measurements and image version (#3234) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index f30248890..c8b12ec6b 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x62, 0x8e, 0x11, 0x6b, 0x04, 0xef, 0x02, 0x7d, 0x85, 0x79, 0x67, 0xd0, 0xff, 0xdb, 0x19, 0xc1, 0xf5, 0xd9, 0xed, 0xed, 0xe8, 0x7e, 0x6e, 0x16, 0x2f, 0x87, 0x85, 0xd4, 0x5f, 0x25, 0x2a, 0x07}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xed, 0x28, 0xec, 0xc6, 0xdf, 0x4c, 0x25, 0x90, 0x57, 0x99, 0x45, 0x3b, 0x3f, 0x62, 0x41, 0x35, 0x13, 0x80, 0x3c, 0xc3, 0x75, 0xf9, 0x35, 0xbc, 0x74, 0x1c, 0xd1, 0xa1, 0x19, 0x92, 0xe4, 0x11}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf8, 0x2c, 0x02, 0xee, 0x30, 0x94, 0x0b, 0x0a, 0xd7, 0x9a, 0xf3, 0xaa, 0x53, 0xe5, 0x12, 0xa3, 0x8b, 0xa7, 0x94, 0x7d, 0x85, 0xa2, 0x08, 0xcd, 0xf4, 0xd2, 0x02, 0x13, 0x4b, 0x7a, 0x8b, 0xe6}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xf3, 0x8c, 0x77, 0xe3, 0x16, 0x0c, 0x3f, 0xc1, 0x46, 0xff, 0x53, 0x73, 0x1f, 0xe8, 0xd3, 0x6e, 0x85, 0xbd, 0x77, 0x30, 0x00, 0xaf, 0x8c, 0x1b, 0xa7, 0xac, 0x07, 0xfe, 0x60, 0xf8, 0xe5, 0x06}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x43, 0x2e, 0x83, 0x37, 0x10, 0x1d, 0x74, 0x0c, 0x13, 0xb3, 0xd4, 0x9f, 0xfc, 0xce, 0x19, 0x2d, 0x3c, 0xe4, 0xe1, 0xc2, 0x4e, 0x79, 0xdf, 0x39, 0x71, 0x2d, 0xb0, 0x6d, 0x28, 0x14, 0x93, 0xa2}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x3f, 0x22, 0x7a, 0x07, 0x0e, 0x8e, 0x61, 0x6d, 0x6e, 0xf7, 0x20, 0xf5, 0xf3, 0x61, 0xfa, 0x49, 0xd2, 0xa9, 0xcc, 0xc7, 0xa3, 0xd2, 0x18, 0x26, 0x5e, 0x33, 0x49, 0x55, 0xba, 0x78, 0xa4, 0xc7}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x13, 0x43, 0xb3, 0xae, 0xe6, 0xd0, 0x68, 0x7a, 0xeb, 0xe4, 0x1a, 0xc0, 0xfa, 0x3c, 0x52, 0xb2, 0xdd, 0xd4, 0xee, 0x71, 0xa7, 0xf9, 0x61, 0x52, 0x1c, 0xc7, 0x90, 0x89, 0xf0, 0x1a, 0x57, 0xbc}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xf6, 0xdd, 0x52, 0x4d, 0x8a, 0x24, 0xfc, 0xa9, 0x6a, 0x51, 0xda, 0x5f, 0x98, 0x6a, 0x38, 0x85, 0x0e, 0x3e, 0x18, 0x68, 0xf5, 0x5b, 0xfc, 0x93, 0x3e, 0x47, 0x4e, 0x19, 0xf6, 0xf3, 0x1d, 0x7f}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x5a, 0x94, 0x60, 0x98, 0x56, 0x50, 0xdb, 0x0b, 0x3e, 0xdc, 0x3a, 0xb2, 0xb5, 0x57, 0xf1, 0xbb, 0xad, 0xfd, 0xdf, 0x53, 0xc3, 0xa1, 0x97, 0x7b, 0x38, 0x67, 0xb6, 0x64, 0xd0, 0x58, 0xbd, 0xd9}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x6d, 0xb2, 0x05, 0x8b, 0x70, 0x3c, 0x00, 0x7c, 0x27, 0x5f, 0x8a, 0x53, 0x87, 0xe2, 0x9d, 0x10, 0x1b, 0x70, 0x2b, 0x99, 0x1f, 0xe1, 0x94, 0x3a, 0x7a, 0x45, 0x06, 0x50, 0xc8, 0x58, 0x2e, 0x19}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x33, 0x4b, 0xb2, 0xa4, 0x51, 0xc0, 0x7d, 0x7b, 0xe1, 0xf6, 0xa8, 0xeb, 0x2e, 0x3f, 0x13, 0xb3, 0x99, 0xa4, 0xff, 0x62, 0xfb, 0x67, 0xf6, 0x2b, 0x18, 0xbb, 0xb9, 0x5c, 0xd0, 0xbd, 0x14, 0x4c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xed, 0x37, 0x7d, 0xae, 0xd8, 0xca, 0x15, 0x4d, 0xc0, 0x41, 0x22, 0x30, 0x86, 0x2b, 0x26, 0x9f, 0x59, 0xca, 0xcf, 0x80, 0xe6, 0xa9, 0x31, 0xd8, 0xe1, 0xf9, 0xc8, 0x8e, 0x51, 0x04, 0x67, 0x20}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xab, 0xdd, 0x69, 0x4a, 0x27, 0x1b, 0x1f, 0xc7, 0x47, 0xfa, 0xa5, 0xb1, 0x03, 0x39, 0x6c, 0x07, 0x13, 0x57, 0x32, 0x9f, 0x63, 0x17, 0x17, 0xcd, 0xe3, 0x03, 0x81, 0xae, 0xa5, 0xbd, 0x3e, 0xc5}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x56, 0xcc, 0xcb, 0x3b, 0x6a, 0x21, 0x0a, 0x5e, 0xdf, 0x47, 0x7d, 0x6d, 0x8d, 0x31, 0xbc, 0xc5, 0xbc, 0x55, 0x51, 0x95, 0xe9, 0x02, 0xf1, 0x78, 0x25, 0xe3, 0x60, 0x7d, 0xa5, 0x2f, 0x1d, 0x99}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x84, 0xb2, 0xb6, 0xae, 0x32, 0xf4, 0xaa, 0x33, 0x77, 0x85, 0xba, 0x53, 0x20, 0x64, 0x5e, 0x8d, 0xe9, 0xfc, 0xb2, 0xd1, 0x7d, 0xca, 0xe6, 0x8c, 0xaf, 0x3d, 0x98, 0x75, 0x56, 0x76, 0x3e, 0x3a}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xca, 0xbf, 0x72, 0x88, 0xdf, 0x72, 0xdf, 0xbe, 0x3f, 0x11, 0x75, 0x6b, 0x2f, 0x99, 0x61, 0xc3, 0xc6, 0x0d, 0x6a, 0x3a, 0xcc, 0xa1, 0x48, 0x4a, 0xd5, 0xd6, 0x34, 0x31, 0xfe, 0x17, 0xaa, 0x15}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x3e, 0x78, 0xd5, 0xec, 0x12, 0x33, 0x00, 0x26, 0x67, 0x1f, 0xbb, 0x71, 0x06, 0x0d, 0x57, 0xee, 0xb4, 0x48, 0x6e, 0x4f, 0x6a, 0x5e, 0xbe, 0x1e, 0x73, 0xe3, 0x40, 0x4c, 0x4e, 0x5f, 0x7c, 0x1c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x0b, 0x0f, 0xfe, 0x12, 0x53, 0xec, 0xbf, 0x1d, 0x7d, 0x58, 0xa3, 0xfc, 0x0b, 0x53, 0xff, 0x02, 0xb7, 0x24, 0xba, 0x97, 0xc3, 0x70, 0xad, 0xe2, 0xbf, 0x26, 0x40, 0x2c, 0xaa, 0x3f, 0x12, 0xb7}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x64, 0x63, 0x13, 0x6e, 0x8e, 0x08, 0x11, 0x24, 0xc6, 0x0b, 0x2b, 0x13, 0x28, 0xb0, 0x31, 0xbf, 0xdc, 0xbf, 0xa6, 0x9e, 0x0e, 0xf6, 0xda, 0x75, 0xb5, 0x66, 0xeb, 0x8a, 0xd1, 0xfc, 0x3e, 0xaa}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x1a, 0x40, 0xca, 0x85, 0x91, 0xb3, 0x3e, 0x71, 0x89, 0x7b, 0x81, 0x49, 0x6e, 0x80, 0xe0, 0xbb, 0x61, 0x80, 0x82, 0x20, 0x78, 0xc1, 0x53, 0xb7, 0x00, 0xc4, 0xda, 0x0c, 0xd8, 0x0c, 0x98, 0x10}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x33, 0x5d, 0x8c, 0x3d, 0xb3, 0x1a, 0x1b, 0x46, 0x1d, 0xd4, 0x00, 0x43, 0x84, 0x3c, 0x0b, 0x73, 0xb7, 0x7a, 0x3c, 0x22, 0x99, 0x64, 0x77, 0x4d, 0xce, 0xd5, 0xe0, 0xb0, 0x62, 0xfc, 0x38, 0x5d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x09, 0x62, 0xd2, 0x3d, 0xfb, 0xc0, 0x45, 0x70, 0xa2, 0xa8, 0x64, 0xe8, 0x58, 0x08, 0xe2, 0xdd, 0xa6, 0xec, 0x35, 0xc6, 0xf1, 0xa1, 0x49, 0x98, 0x44, 0xb5, 0x34, 0x65, 0xb7, 0x57, 0xce, 0x5f}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xe2, 0x0d, 0x24, 0x95, 0x17, 0xfc, 0x1a, 0xb3, 0xb7, 0x3e, 0x1f, 0x97, 0xdf, 0xb2, 0x40, 0x2d, 0x1a, 0xa4, 0xa4, 0x22, 0x4e, 0x59, 0x7e, 0x02, 0xb5, 0x5e, 0xfa, 0x1f, 0xd5, 0x97, 0x4d, 0x6f}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd4, 0x26, 0xd7, 0x9b, 0x70, 0x0d, 0x8f, 0x0f, 0x94, 0xc8, 0x0c, 0x97, 0x8c, 0x7b, 0x29, 0xa0, 0x25, 0xd5, 0x81, 0xd0, 0x50, 0x4e, 0x1c, 0x34, 0x95, 0xb5, 0xcc, 0x6d, 0xd2, 0xe9, 0xbd, 0xfc}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xfb, 0x8e, 0x26, 0xf2, 0x84, 0xcc, 0x1a, 0x31, 0xc7, 0x20, 0xae, 0xb5, 0xeb, 0x6f, 0x43, 0x88, 0x02, 0xa2, 0x54, 0x3c, 0x82, 0xdd, 0x7f, 0xca, 0x9b, 0xd9, 0x71, 0xd4, 0xa5, 0xc5, 0x4e, 0x5e}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x95, 0x1e, 0x99, 0x23, 0xdc, 0x71, 0x28, 0xca, 0x43, 0xef, 0xf7, 0xde, 0xe6, 0x69, 0xa7, 0x36, 0x6c, 0xe0, 0x8b, 0xef, 0x1d, 0x4f, 0x80, 0xb6, 0xfd, 0xb4, 0xae, 0x3a, 0x0f, 0x73, 0xf3, 0x65}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x63, 0xb9, 0xef, 0xf3, 0x1e, 0x41, 0x59, 0x2a, 0xd2, 0x7a, 0x7c, 0xaf, 0xad, 0x4a, 0xca, 0x00, 0xb5, 0x6f, 0xec, 0x26, 0x94, 0x4b, 0x7e, 0x6a, 0x53, 0xe7, 0x6b, 0xf0, 0x90, 0xee, 0xbd, 0x41}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xf4, 0xd3, 0x3b, 0x89, 0x0e, 0x5b, 0x37, 0xa0, 0x73, 0xeb, 0xc9, 0x9d, 0x30, 0xb7, 0xba, 0x59, 0x96, 0x06, 0x60, 0x13, 0x40, 0xd9, 0x48, 0xff, 0x0d, 0x0f, 0x0a, 0x70, 0x4b, 0x2e, 0x27, 0xd2}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x29, 0xac, 0x09, 0x04, 0x8c, 0xf3, 0x38, 0x90, 0xae, 0xd9, 0x56, 0x70, 0x73, 0x89, 0x48, 0xb8, 0x43, 0xea, 0xf6, 0xeb, 0x0a, 0x03, 0x80, 0xd3, 0xa7, 0x0d, 0xf6, 0x41, 0x6f, 0x8b, 0xc3, 0xd8}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xfb, 0x71, 0xa2, 0xa1, 0x24, 0x87, 0x0c, 0x78, 0xf6, 0x35, 0xf0, 0x6f, 0x7c, 0x83, 0x4b, 0xb5, 0xdb, 0x9b, 0xe9, 0x3b, 0x5f, 0xcb, 0x22, 0xe9, 0x48, 0xd3, 0xea, 0x0c, 0x07, 0x16, 0xc2, 0x72}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0x25, 0x4e, 0x47, 0x99, 0x2f, 0x3b, 0xb7, 0x5f, 0x00, 0x77, 0xe7, 0x63, 0xee, 0x22, 0x27, 0x97, 0x8c, 0xc8, 0xa3, 0x1b, 0x84, 0xa5, 0xa6, 0x1d, 0xc1, 0x75, 0x2d, 0x6e, 0xd6, 0x1a, 0xa1, 0xa7}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x26, 0x04, 0xb5, 0x75, 0x78, 0x9c, 0x96, 0x74, 0x82, 0xf2, 0xbc, 0x74, 0x54, 0xe6, 0xef, 0xf9, 0x54, 0x2b, 0xce, 0xd6, 0x9d, 0xa6, 0xb3, 0x53, 0x6d, 0x13, 0x44, 0xe4, 0x9b, 0x20, 0x42, 0x4f}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x4e, 0x28, 0x6a, 0x4c, 0x7f, 0x20, 0x0a, 0xaf, 0xf6, 0x98, 0x1d, 0x1c, 0xe2, 0xb9, 0xa5, 0xbe, 0xac, 0x19, 0xef, 0xb5, 0xeb, 0x44, 0xe3, 0x08, 0xe2, 0xd3, 0xf1, 0xf8, 0x0e, 0x4a, 0xff, 0xb9}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xca, 0x39, 0xbc, 0x37, 0x6a, 0x8e, 0xbf, 0x2f, 0xf5, 0xc6, 0x49, 0xa0, 0x43, 0x9c, 0x72, 0x38, 0x37, 0xf0, 0xe9, 0xed, 0x55, 0x88, 0x0d, 0x1d, 0x73, 0xd0, 0xda, 0x63, 0xa1, 0x90, 0xb4, 0x24}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x59, 0xec, 0x11, 0xb8, 0x7b, 0xef, 0xf1, 0x5d, 0x07, 0x6a, 0xd2, 0xc7, 0x6e, 0x23, 0xe9, 0x9e, 0xb6, 0xca, 0x0d, 0x15, 0xb3, 0x3b, 0x96, 0xfb, 0x16, 0xac, 0xce, 0xcf, 0x0d, 0x65, 0xad, 0xbb}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x04, 0x52, 0xe3, 0x8e, 0xc5, 0x50, 0xfd, 0xa8, 0xef, 0x20, 0xd6, 0x30, 0x06, 0x84, 0xb8, 0x46, 0x97, 0xb8, 0x0c, 0x1e, 0xb1, 0xfd, 0xc1, 0x1c, 0x88, 0xfb, 0x3a, 0xc8, 0xb9, 0x31, 0x78, 0xdb}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x68, 0x2f, 0x85, 0xb0, 0x9d, 0x71, 0x2a, 0x38, 0x43, 0x67, 0x5a, 0x86, 0x77, 0x8d, 0xae, 0x56, 0x9f, 0x90, 0x5b, 0x9a, 0xee, 0x5a, 0xeb, 0x4f, 0x8a, 0xc1, 0x18, 0x3b, 0x0a, 0x35, 0x46, 0x3b}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xef, 0x4e, 0x80, 0x3a, 0xa9, 0xf1, 0xe4, 0x79, 0x8e, 0x18, 0x70, 0xe5, 0xb6, 0x3a, 0x03, 0x45, 0xd4, 0x4d, 0x57, 0x33, 0x2d, 0x3a, 0xef, 0xd1, 0x2e, 0xdb, 0x3c, 0x13, 0x4b, 0x8a, 0x32, 0xdb}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xde, 0x7a, 0x98, 0xdd, 0x07, 0xab, 0x8d, 0x02, 0x2d, 0xf7, 0x2e, 0x07, 0x7e, 0x4e, 0x68, 0x23, 0xec, 0xf0, 0x86, 0x7d, 0x80, 0xee, 0x2f, 0x61, 0x6b, 0xcb, 0x69, 0x0d, 0xe1, 0x88, 0x7e, 0x23}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0x3b, 0x38, 0x8d, 0xd2, 0xdf, 0x8f, 0xab, 0x17, 0x5a, 0xfd, 0xfb, 0x7e, 0xc1, 0xf0, 0x8e, 0x71, 0x76, 0xcb, 0x69, 0x25, 0x93, 0xe7, 0x29, 0x69, 0x87, 0xe0, 0xb2, 0xe1, 0x5b, 0xdc, 0xdd, 0x8a}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x70, 0x68, 0x5d, 0xe3, 0x0f, 0xf2, 0xb6, 0x40, 0xeb, 0x27, 0x3f, 0x16, 0x3e, 0x9c, 0x8e, 0x00, 0x6b, 0x8f, 0xbe, 0xfa, 0x42, 0x62, 0x26, 0xdf, 0x4f, 0x77, 0x2b, 0x2f, 0x58, 0x16, 0x25, 0x3d}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x17, 0xf0, 0xff, 0x7f, 0xf4, 0x95, 0x28, 0xa1, 0x19, 0xc5, 0x23, 0xd6, 0xa6, 0xca, 0xf6, 0xf8, 0x96, 0x71, 0x41, 0xa2, 0x55, 0xe1, 0xbb, 0x58, 0x3f, 0x1a, 0xfb, 0x83, 0x60, 0xd0, 0x83, 0x5e}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0x45, 0xf8, 0xb2, 0x42, 0x61, 0x41, 0xa1, 0xe5, 0x23, 0xae, 0xe1, 0x36, 0x3e, 0xe8, 0xfe, 0x01, 0x2e, 0x0f, 0x90, 0xd3, 0x2f, 0xa6, 0xa2, 0xa3, 0x09, 0xe4, 0x7e, 0x5e, 0xd5, 0xea, 0xa9, 0x7b}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd9, 0x34, 0x42, 0xae, 0xa5, 0xcf, 0xd7, 0xa9, 0xf4, 0x54, 0x45, 0xd1, 0x24, 0x92, 0x97, 0x2d, 0x3b, 0x58, 0xbb, 0x98, 0x0f, 0x1d, 0xa8, 0xb6, 0xbc, 0xba, 0x65, 0xd4, 0xb0, 0x7d, 0xe0, 0xc5}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x0d, 0x36, 0xec, 0x7d, 0xa6, 0xcd, 0xf6, 0x1a, 0x50, 0x05, 0x89, 0xa3, 0x92, 0xbd, 0xc3, 0x3d, 0x68, 0x7e, 0xf0, 0x9f, 0x73, 0xa1, 0xc0, 0xdd, 0xed, 0xe0, 0x82, 0x4d, 0xec, 0x97, 0x85, 0x37}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0x90, 0x84, 0x4a, 0x76, 0xc8, 0xde, 0x32, 0x20, 0x16, 0x2e, 0xe7, 0x39, 0xdb, 0x74, 0x58, 0x56, 0xa4, 0x2a, 0xc6, 0xda, 0xbe, 0xcf, 0x24, 0x38, 0x14, 0x3c, 0x0e, 0x7b, 0x06, 0x76, 0xe5, 0xde}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x25, 0x54, 0x87, 0x59, 0x6b, 0x5a, 0x2e, 0x1c, 0x6e, 0xd7, 0xee, 0x90, 0x6b, 0xae, 0xc1, 0x7c, 0x7c, 0xce, 0x0a, 0x8a, 0x00, 0x3d, 0xba, 0x73, 0x11, 0xee, 0x1f, 0xe5, 0xf1, 0x7b, 0xb3, 0x43}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x48, 0x6f, 0x0a, 0x88, 0x18, 0xe4, 0x01, 0x97, 0xda, 0x2e, 0x1a, 0x5d, 0x0a, 0xd8, 0x4a, 0x29, 0xd4, 0xa4, 0xcb, 0xe5, 0x82, 0x8f, 0x46, 0x3d, 0x93, 0x40, 0x2f, 0x17, 0x55, 0x98, 0x7b, 0xdb}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index 259f2740f..28cef7370 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.17.0-pre.0.20240627193502-8aed4bb0fe45" + defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240704154021-5efe2a4c8363" ) From 2de4cdba74e6d787fb9a448d856e56e92f0479af Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Sun, 7 Jul 2024 21:46:07 +0200 Subject: [PATCH 142/380] image: update locked rpms (#3235) Co-authored-by: edgelessci --- image/mirror/SHA256SUMS | 68 ++++++++++++++++++++--------------------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/image/mirror/SHA256SUMS b/image/mirror/SHA256SUMS index 406c47750..8d3fb7df0 100644 --- a/image/mirror/SHA256SUMS +++ b/image/mirror/SHA256SUMS @@ -67,7 +67,7 @@ e85d69eeea62f4f5a7c6584bc8bae3cb559c1c381838ca89f7d63b28d2368c4b fedora-repos-4 a6f2098fc2ed16df92c9325bd7459cc41479e17306a4f9cddfd5df8a1b80d0f8 file-5.45-4.fc40.x86_64.rpm f76684ee78408660db83ab9932978a1346b280f4210cd744524b00b2e5891fe1 file-libs-5.45-4.fc40.x86_64.rpm 063af3db3808bea0d5c07dbb2d8369b275e1d05ad0850c80a8fec0413f47cd64 filesystem-3.18-8.fc40.x86_64.rpm -f17ca5526d2cf34b82916a0cd1afe73d68856fdb5b19754312f61512aef0a7c3 findutils-4.9.0-8.fc40.x86_64.rpm +21725de2a93e1ea19f8d298e32a2428a3a08b9c98f22561cc778a807ed43639f findutils-4.9.0-9.fc40.x86_64.rpm f94315e447afb7442033b7b82e43a4ed62754f603afda53930280300855e46c7 fuse-libs-2.9.9-21.fc40.x86_64.rpm 6c80dfdaf7b27ea92c1276856b8b2ae5fde1ae5c391b773805be725515fdc1ac gawk-5.3.0-3.fc40.x86_64.rpm c4cc69bf3a2655b9ee9ac23492d377bac57811c5b4f81fbf43537520ee33c7af gawk-all-langpacks-5.3.0-3.fc40.x86_64.rpm @@ -77,12 +77,12 @@ c4cc69bf3a2655b9ee9ac23492d377bac57811c5b4f81fbf43537520ee33c7af gawk-all-langp 834c3441835069b61208792b9b9ae1ebfadadb9d2d211357d7f42838932b59a7 gettext-libs-0.22.5-2.fc40.x86_64.rpm 1126bf8d28dff9f165865d83c239e6a2d3988fc935957b9b869d8ed7989a2ae9 gettext-runtime-0.22.5-2.fc40.x86_64.rpm 0a32c6874ce180375c2c0b1e2f0c8fed38131a598e5c4ba3866cf3aee1f3f5fc glib2-2.80.3-1.fc40.x86_64.rpm -0b21325cfcb62490cb84774b77460ef9a1e700c0ae1038ee122a2fe183288ca2 glibc-2.39-15.fc40.i686.rpm -e1a876099d362a01b4fd443fb49930391839716a40a5690655b169faa745f645 glibc-2.39-15.fc40.x86_64.rpm -e26c584d81956fd2c2d74feb37e3a2af9eb41f097194a0e87017142bb0d6b1f5 glibc-common-2.39-15.fc40.x86_64.rpm -18b7881accc752c047e34fda61502802b724a903ef9937a2d3c9057bab189fb3 glibc-gconv-extra-2.39-15.fc40.i686.rpm -e6f380f5158a05d7edda8cc9864a310d78c065f7be95d8a4e9843e34167fb48e glibc-gconv-extra-2.39-15.fc40.x86_64.rpm -d54a767deb16c78ec1acc0d62016c2ac61f2e7f832fbb7663c45dc46f299cdb5 glibc-minimal-langpack-2.39-15.fc40.x86_64.rpm +af50e83e6423550c1cbb0ac2443bf1df31ff6c6081d821cff18221c378ed79ca glibc-2.39-17.fc40.i686.rpm +1919afbf6730a2eb356f846ed157b3b89d52eeed0a8ab84f61ff068601f03408 glibc-2.39-17.fc40.x86_64.rpm +a50ab41586b2ecd74f666c84947de5b9152ca6504d6f00f20ef15cace7e0f4be glibc-common-2.39-17.fc40.x86_64.rpm +8040e9e3b6799bfca69b3129bfd19a04e183c9e6b09e4976df0070e8dce2e36c glibc-gconv-extra-2.39-17.fc40.i686.rpm +2beee10de06dde0142442ebe8ecbcfaadd6329a2bd892986515cea4ab9ebb57e glibc-gconv-extra-2.39-17.fc40.x86_64.rpm +b140d705003260cc46ee9e74508b1efaca4f3d0e05eba68a3d6d90cd8fa742cf glibc-minimal-langpack-2.39-17.fc40.x86_64.rpm b054d6a9ee3477e935686b327aa47379bd1909eac4ce06c4c45dff1a201ecb49 gmp-6.2.1-8.fc40.x86_64.rpm 0a8b1b3fb625e4d1864ad6726f583e2db5db7f10d9f3564b5916ca7fed1b71cb gnupg2-2.4.4-1.fc40.x86_64.rpm 4425dbd35ab65f25b092d12ac56c4b565371a1c52ac882c8896dbeae7d52bbb1 gnupg2-smime-2.4.4-1.fc40.x86_64.rpm @@ -153,10 +153,10 @@ c8b9967345ed0393c17101b970bb86258380494d99edf07787bc32ee4de96a7b libfdisk-2.40. 2481691bd2ee6aab48b1a0306357337007b2b0af082e4fdef47dcc5a8a8357be libfdisk-2.40.1-1.fc40.x86_64.rpm 25caa7ee56f6013369c2fac26afd3035a7d580af0b919621ba8d495d13a5af86 libffi-3.4.4-7.fc40.x86_64.rpm f9c5369b6d168a2b8e46159bc41ef0755ee1a8d12f4c6766fdfe23e827cf5cdf libfido2-1.14.0-4.fc40.x86_64.rpm -77ab37f70a091d9044948502336a5726c9d3c805a2978111b0d257bbc91c6f16 libgcc-14.1.1-6.fc40.i686.rpm -1c2efdca4306aa86ce302f82944dcd2713af8d3525f0b9ea8dfd518da1ddde41 libgcc-14.1.1-6.fc40.x86_64.rpm +1b6607413e7b4b32eeb468e69a1a5aea303ba5b47243ba1cf01799f70eb16d86 libgcc-14.1.1-7.fc40.i686.rpm +e48a0734c34e389575aa386c9f0a115116291fff877a351afc8be851e00a6a62 libgcc-14.1.1-7.fc40.x86_64.rpm 10c4c12c6539ffea68974cd9b57013d471ac35fe3bef4833c0a22f6b29fbf489 libgcrypt-1.10.3-3.fc40.x86_64.rpm -880876afaa03207423e68bd973f594682529ef0e8ce50c3d62799da89becc7b0 libgomp-14.1.1-6.fc40.x86_64.rpm +48c2bdea59f102f794f221aa255b1765b3361d068af7db58175ca9bbec48df12 libgomp-14.1.1-7.fc40.x86_64.rpm 8d0a9840e06e72ccf756fa5a79c49f572dc827b0c75ea5a1f923235150d27ae2 libgpg-error-1.49-1.fc40.x86_64.rpm 677a67726c759c94faa94475185e46d028f171c9215390ac601ccd914188afb2 libidn2-2.3.7-1.fc40.i686.rpm 2fd2038b4a94eeede34e46ed0e035e619f77d0e412c70cf4e9bb836957e8f31b libidn2-2.3.7-1.fc40.x86_64.rpm @@ -198,7 +198,7 @@ d5e6fc8b4595cccae415bc18b971ea4a4ed64c816e45de5d3f588b78ecf12708 libsepol-3.6-3 302124d98a491472ec0982b89afbf576922d6921a89dda479d354e6582566f0e libsmartcols-2.40.1-1.fc40.x86_64.rpm 45d032fb4d59ee0f6a921dd1f0addfcdd38fc46917243fdd6248194ffddb9067 libsodium-1.0.20-1.fc40.x86_64.rpm c8bbfa2762cc601f8a97d8d5a39a658f0e91ba477ebebd798b30f7fc8ffdd457 libss-1.47.0-5.fc40.x86_64.rpm -4604584a5a5e48353951a309f54a6b41f2320b1f34122f9eb3e521e664a8c71b libstdc++-14.1.1-6.fc40.x86_64.rpm +977d8b01c7c74afc3cc251e25c73ed070535576cb841bbfccf0c846d97fc5607 libstdc++-14.1.1-7.fc40.x86_64.rpm d92173d6fbfb7e2af3b35a8554229e247666e15dc5b36cba43b7bbfc4144b781 libtasn1-4.19.0-6.fc40.x86_64.rpm adc082c8d4af5cc81a9de428c39de59717177109aedb4b15888a8ca9d51167ab libtirpc-1.3.4-1.rc3.fc40.x86_64.rpm e5d150d23f95e4a23288b84145af442607a88bf457c0e04b325b1d1e8e708c2b libtool-ltdl-2.4.7-10.fc40.x86_64.rpm @@ -244,17 +244,17 @@ b09089231ec94ee1b2dc26e34d8d7f19586d411bc40df7d0e495e559ac2d871a openldap-2.6.7 2fa5030d1c80979dd5fd0c304e4151282e0eb2749186926c4d8283c4ca14340f openssl-libs-3.2.1-2.fc40.i686.rpm eba1bd09317cc1f1f80e722e9a545dd404e1fad444045438f254e99cab4f1ed6 openssl-libs-3.2.1-2.fc40.x86_64.rpm 9f0336deb6f1b1524ec48d837622e7e2291995369b0356d7ad1e1d427f3b659a os-prober-1.81-6.fc40.x86_64.rpm -2c8e47f98df74fe89b23f0a1347aba91383da06e0ae903949b015943da4e1b5b p11-kit-0.25.3-4.fc40.x86_64.rpm -93159ba4fffd7c91bd28d3942564368c402dc65ee7998e81688f3d566fe7633f p11-kit-trust-0.25.3-4.fc40.x86_64.rpm +70fba929aab38a9d69a457cef1b01962161a1df2b78dc5a4e86ff4b994b51079 p11-kit-0.25.5-1.fc40.x86_64.rpm +c728dbd90872b7597a8ace70a70555bff576231bb6dbde14b75626d601706af8 p11-kit-trust-0.25.5-1.fc40.x86_64.rpm 33d36e10f465b7b15de75ae1856b403ed37c23f026e3abb80497e496f43718c9 pam-1.6.1-3.fc40.x86_64.rpm 5981cdaf35f2ea96236eaccf1ce476379e51e5883ce57343a7727626e9fd9da3 pam-libs-1.6.1-3.fc40.i686.rpm fb85b93438336461a0b2b878158e552d30b6fb663404475eb0a050b35fd5d35f pam-libs-1.6.1-3.fc40.x86_64.rpm 9bbce784622e02af0371ced8e9a7d26adba7eabd66ecfcb8bbe2d24cf616e3c1 parted-3.6-4.fc40.x86_64.rpm 1ea1726576a274d8b6774e3d0aae25b0ce798ea87506414ad8b8c969de418642 passt-0^20240624.g1ee2eca-1.fc40.x86_64.rpm 9043472a87ec3461040e91268f95fd4570c373b3f49c5595f581014f791ad450 passt-selinux-0^20240624.g1ee2eca-1.fc40.noarch.rpm -757dc11e76123116a505879b5b00dbb1f132b25578f738979220397965d7fa38 pcre2-10.42-2.fc40.2.i686.rpm -8d36bcee4d3e39d5b8162ab8de347bb0f7d7b260a6b6c76bc4b577c5bff6ba5e pcre2-10.42-2.fc40.2.x86_64.rpm -f2042a010126c04faea45cea4b62f8443e73f4a0a218858092e0fcf5ca7967fa pcre2-syntax-10.42-2.fc40.2.noarch.rpm +a0fb808d6b7ff8cd9cfdc1a60f213851cecdcace334d6e5aa1e0e54b81d79a25 pcre2-10.44-1.fc40.i686.rpm +73e50df09266fcffda9c24a3738f579dd365c2c187c294da054ef9915edc3851 pcre2-10.44-1.fc40.x86_64.rpm +dbec699e88d42fc6fb1df0a8c0b9023941ed1b1b7625694253a612eaf9f2691d pcre2-syntax-10.44-1.fc40.noarch.rpm d207e7cdb8602403c8aab36c1342f55bcb4503bf4e296d11dae013e6fd9ac920 pcsc-lite-2.0.3-1.fc40.x86_64.rpm cbd3f6cdbb19126dc703f140fafcac84d0d2ef63b54dfa08332d4bce2def076f pcsc-lite-ccid-1.5.5-3.fc40.x86_64.rpm f796a31cad58f4ebea8787020868581d9a721297ee0ef6a7c63a7f8444f60c17 pcsc-lite-libs-2.0.3-1.fc40.x86_64.rpm @@ -272,9 +272,9 @@ af85755cda79959a19161ebc26a45e507003298bd97b472b9ab0d512afa5e46a protobuf-c-1.5 45ff2e9814aa059f323b23710c73309d41d36306667a3004f5fbb86b0cab4484 psmisc-23.6-6.fc40.x86_64.rpm cca50802d4f75306bc37126feb92db79fed44dcdabf76c1556853334995b9d3b publicsuffix-list-dafsa-20240107-3.fc40.noarch.rpm 1cfc81c8761cd0381cc5020a3686afec8350aadea01998518e8aa2407419fe9f python-pip-wheel-23.3.2-1.fc40.noarch.rpm -ce44e24ec0c7c292fdec76b055a5e32320a51545e3bc3147c27ba9c418b6afc6 python-unversioned-command-3.12.3-2.fc40.noarch.rpm -a8111a574e98417b87d6a5613da029eed14c12a545d10d5ffaf95024ffeae4bd python3-3.12.3-2.fc40.x86_64.rpm -9a6d3854bf22c47f9b14981dbcc606ccd5ddda631b2feaae460239881306e2db python3-libs-3.12.3-2.fc40.x86_64.rpm +013b02242bdd8fdbbc90f6596ee4f634f3f315f014274420f23c2140b591562c python-unversioned-command-3.12.4-1.fc40.noarch.rpm +5aeca7583eaf142e0669fdc3cc32fd3df518d89c0bae2090c30f699477830e14 python3-3.12.4-1.fc40.x86_64.rpm +2c606a81cc6eb1cd9aeda3be1b6c6ebaaec8901af02fde22948f69af6ca28015 python3-libs-3.12.4-1.fc40.x86_64.rpm 74f89e3304571c9d4eb8df444fa895aa71910dcb1909738c1f69781280da87e7 qemu-user-static-8.2.2-1.fc40.x86_64.rpm a40c17e5681b201891c6dfaed0f6fc0dba1cdb9eb208d9ff47f9be52de76d177 qemu-user-static-aarch64-8.2.2-1.fc40.x86_64.rpm fcf593362df5c9193264bf3bd74a6b25d73c1ef24cb7384b6f0bf4e36284365b qemu-user-static-alpha-8.2.2-1.fc40.x86_64.rpm @@ -314,16 +314,16 @@ d400a4e4440bea56566fb1e9582d86d1ac2e07745d37fa6e71f43a8fea05217c rpm-plugin-sel 0c1072b40e5fe451e7d2bc1a7530e743303591c3d26bce0ac2e09ff05b50ae26 shadow-utils-subid-4.15.1-3.fc40.x86_64.rpm 67eede27af5b4773eb2f7ac794df694be030310d40bce462864c05b8f65c87c3 socat-1.8.0.0-2.fc40.x86_64.rpm a1e23ae521e93ab19d3df77889a6a418c3432025e4880cfd893e40f7165876a7 sqlite-libs-3.45.1-2.fc40.x86_64.rpm -05bfc1e9b80ff927bdecab59e075e6b6eb83140540b5182e388f69b3ec5edc7a systemd-255.7-1.fc40.i686.rpm -2fc5e9028dc42fd78275b521b811bed9a76035c6fcea28468b4973f47378e408 systemd-255.7-1.fc40.x86_64.rpm -2777fed45f9944823d0ada17fdfb1076c6c65a6a14d72be4ec789399ddfdd286 systemd-boot-unsigned-255.7-1.fc40.x86_64.rpm -3a6e8969716c6c193f038b248e0f01abdb2abe17c6afa0417cb6168d5a6b59bc systemd-libs-255.7-1.fc40.i686.rpm -beaef724354afd9964959585112192cd4b5e9a9f828a1b1d8e8eb9552ec0f065 systemd-libs-255.7-1.fc40.x86_64.rpm -04aa6bc9c25e592dcf22da4b1a1832b2de1b0e74259f11c69b012225e13a4475 systemd-networkd-255.7-1.fc40.x86_64.rpm -d1c8e52f268a7e90b8000c695251dc684caedcea52f7d1e2e916007e121a5c83 systemd-pam-255.7-1.fc40.i686.rpm -ab38692d083371a7776bc0f6a1f58629fdb7f8587599b3782a1e148b33fa9003 systemd-pam-255.7-1.fc40.x86_64.rpm -5641ab2692d9b482f1e00888dc9d6b8be5bb827ca3195669702067561f62e62c systemd-resolved-255.7-1.fc40.x86_64.rpm -5c9df40bfe23084aa9b4e755d1b84654566a087e0c49e6b3a3da1e2644b7e3dd systemd-udev-255.7-1.fc40.x86_64.rpm +6fdb168f03a136dd5fb8546cc9f6ce4fcfc4cbf5b9122be1fdf6cb1aaa553ac2 systemd-255.8-1.fc40.i686.rpm +c4f64434fbb247012de092cbb878aff57d09600215cb1211811464b2fd6f4d6b systemd-255.8-1.fc40.x86_64.rpm +6b5670f700d3a7e3390985f7305f016df4a624ba5f217ea04275e02899b3c768 systemd-boot-unsigned-255.8-1.fc40.x86_64.rpm +23c1b6c7dcf354afcd8f3281061702ade8b8bbfce71e8a2bebcb0fe63a8e2c61 systemd-libs-255.8-1.fc40.i686.rpm +3a9ec34f3d9df87228def7d6640d6d22b3e96aade7c8e919a70a98ed1a8beac2 systemd-libs-255.8-1.fc40.x86_64.rpm +7abd00b55fa14f59d46fe88284f254d1a59604859b3ae9d9854d94e282b22e32 systemd-networkd-255.8-1.fc40.x86_64.rpm +d431e827886f7d13623ed6d687f36e2f1c4a2a1ccf0b20e22fb9ee8559fa18f1 systemd-pam-255.8-1.fc40.i686.rpm +c447f929c01d7b9ff9bcd78da741440ddb8dfbc73dda4b030474090f9f3383c9 systemd-pam-255.8-1.fc40.x86_64.rpm +86eae6a042efc01db9160414d291fd6d7867b9136d794665fbeff25481e8e634 systemd-resolved-255.8-1.fc40.x86_64.rpm +c51d2572313516a8b1f9cf61ca1c6694df7f5e1bfa14f5b4e8c23ca85d2515e9 systemd-udev-255.8-1.fc40.x86_64.rpm 65819c502727dc293a71a74b9a5f6b0ba781f12a99c5d5535085f168e5eac56e tar-1.35-3.fc40.x86_64.rpm 0478e12152cc3432a31dfca5ddbc80966800af437c6d7c0b26be307d5e1272e7 tpm2-tools-5.7-1.fc40.x86_64.rpm c3be8a6d0ea23b1d0bf466b19857b97f7ffde811ad7adec0599161059d84cc74 tpm2-tss-4.1.3-1.fc40.x86_64.rpm @@ -339,9 +339,9 @@ de119b002ef0c038d7327ecfc62e0813ee11bbb158d6eb02c58b1c1a3ca6e9f3 vim-common-9.1 19c2b029e7cf77fa55842ba4837ec7639da48a03eac0831db704e4f9c51451f4 vim-data-9.1.452-1.fc40.noarch.rpm 3cbc4622416817ea08a75d9749d5bbc60f7b6eef76ee7072f90b83c3d4cdd147 vim-enhanced-9.1.452-1.fc40.x86_64.rpm 148354b6558f424f6edb76f0791bed5bc2a3080b9ae8847ac733dcb779f9fede vim-filesystem-9.1.452-1.fc40.noarch.rpm -f573dbcaf6d08e84af7313b397a181efe369f5362908498f7c4a7ca80dad4170 wget2-2.1.0-9.fc40.x86_64.rpm -1cfb812e281cfa2059b7f753d8548810a3edc9e289b4313a2f60f361a51e300b wget2-libs-2.1.0-9.fc40.x86_64.rpm -21075ae2e021a0b0ec00e62f5441e4a975d39cc2c58183b7c855942f40b24539 wget2-wget-2.1.0-9.fc40.x86_64.rpm +c5682a1b02bb02578e9997ae221a7f6c6db711084129824e207fe1febdc55b9d wget2-2.1.0-11.fc40.x86_64.rpm +38aaee4829df7e1a4719991c4fc6d65a1265b6a556b182ecac3145c287c320f4 wget2-libs-2.1.0-11.fc40.x86_64.rpm +a12b44ee7cc5a0e916bcf72e80c4d618abb7406254578e947f3ba9dd0d445d25 wget2-wget-2.1.0-11.fc40.x86_64.rpm cf0306ceed1c6b3be39060d85f16b1953b464d3a625488b170d3b7aadf600645 which-2.21-41.fc40.x86_64.rpm 4ede95a2fa3bc0ae617c8bf3a375b800163d58733b4829b15d9f038505d79fee whois-nls-5.5.20-3.fc40.noarch.rpm e2195010e857f56b19246f8b821f9391922880b7691b3728a413f540edc890a6 xkeyboard-config-2.41-1.fc40.noarch.rpm @@ -350,5 +350,5 @@ ee599a1c4d7ee635e54ec137af4dded83f433b9c8a5976f75ecdcd000b5246e3 xz-5.4.6-3.fc4 b92ef78d8ab424c22130e457d0ef691d8197bff61c3b8852205d1b02baba3819 xz-libs-5.4.6-3.fc40.i686.rpm b6ee44b3d7e494b0364f26b7d0b169a8092180af787423cd5e8a47dc0f738a66 xz-libs-5.4.6-3.fc40.x86_64.rpm 9e263e0a9b656178519de20733f3e0950fef494aa056daaa2004b522ba50b952 yajl-2.1.0-23.fc40.x86_64.rpm -ba3ac34d621acd1c9a0efd0af555fafb4884a06052868edd3a18a49058d601f1 zlib-ng-compat-2.1.6-5.fc40.i686.rpm -29bd795ee1598cd4dd1b2bb738fd8247d8567ec1156bf597dc8c57a7e34ce492 zlib-ng-compat-2.1.6-5.fc40.x86_64.rpm +55ae62f3071a58a61b856883a34132b91083fff6202f037a4091875d8454ead5 zlib-ng-compat-2.1.7-1.fc40.i686.rpm +a83a76b73d38e154287b37700ffaa83052a0acf5a3e985f00fb39e384c2c61dd zlib-ng-compat-2.1.7-1.fc40.x86_64.rpm From f4a3ae7d279fe66310942b58b827f97a62853958 Mon Sep 17 00:00:00 2001 From: Adrian Stobbe Date: Tue, 9 Jul 2024 09:27:32 +0200 Subject: [PATCH 143/380] ci: fix IDE setup on mac (#3226) --- bootstrapper/cmd/bootstrapper/BUILD.bazel | 1 + bootstrapper/cmd/bootstrapper/run.go | 28 ++++-------------- bootstrapper/internal/etcdio/BUILD.bazel | 16 ++++++++-- bootstrapper/internal/etcdio/etcdio.go | 4 +-- .../internal/etcdio/setioprio_cross.go | 17 +++++++++++ .../internal/etcdio/setioprio_linux.go | 19 ++++++++++++ bootstrapper/internal/reboot/BUILD.bazel | 11 +++++++ bootstrapper/internal/reboot/reboot_cross.go | 14 +++++++++ bootstrapper/internal/reboot/reboot_linux.go | 29 +++++++++++++++++++ 9 files changed, 112 insertions(+), 27 deletions(-) create mode 100644 bootstrapper/internal/etcdio/setioprio_cross.go create mode 100644 bootstrapper/internal/etcdio/setioprio_linux.go create mode 100644 bootstrapper/internal/reboot/BUILD.bazel create mode 100644 bootstrapper/internal/reboot/reboot_cross.go create mode 100644 bootstrapper/internal/reboot/reboot_linux.go diff --git a/bootstrapper/cmd/bootstrapper/BUILD.bazel b/bootstrapper/cmd/bootstrapper/BUILD.bazel index 6a8c61c50..77896efe7 100644 --- a/bootstrapper/cmd/bootstrapper/BUILD.bazel +++ b/bootstrapper/cmd/bootstrapper/BUILD.bazel @@ -21,6 +21,7 @@ go_library( "//bootstrapper/internal/kubernetes/k8sapi", "//bootstrapper/internal/kubernetes/kubewaiter", "//bootstrapper/internal/nodelock", + "//bootstrapper/internal/reboot", "//internal/atls", "//internal/attestation/choose", "//internal/attestation/initialize", diff --git a/bootstrapper/cmd/bootstrapper/run.go b/bootstrapper/cmd/bootstrapper/run.go index 95bd46b06..815d879ce 100644 --- a/bootstrapper/cmd/bootstrapper/run.go +++ b/bootstrapper/cmd/bootstrapper/run.go @@ -10,17 +10,15 @@ import ( "context" "fmt" "log/slog" - "log/syslog" "net" "sync" - "syscall" - "time" "github.com/edgelesssys/constellation/v2/bootstrapper/internal/clean" "github.com/edgelesssys/constellation/v2/bootstrapper/internal/diskencryption" "github.com/edgelesssys/constellation/v2/bootstrapper/internal/initserver" "github.com/edgelesssys/constellation/v2/bootstrapper/internal/joinclient" "github.com/edgelesssys/constellation/v2/bootstrapper/internal/nodelock" + "github.com/edgelesssys/constellation/v2/bootstrapper/internal/reboot" "github.com/edgelesssys/constellation/v2/internal/atls" "github.com/edgelesssys/constellation/v2/internal/attestation/initialize" "github.com/edgelesssys/constellation/v2/internal/attestation/vtpm" @@ -46,13 +44,13 @@ func run(issuer atls.Issuer, openDevice vtpm.TPMOpenFunc, fileHandler file.Handl nodeBootstrapped, err := initialize.IsNodeBootstrapped(openDevice) if err != nil { log.With(slog.Any("error", err)).Error("Failed to check if node was previously bootstrapped") - reboot(fmt.Errorf("checking if node was previously bootstrapped: %w", err)) + reboot.Reboot(fmt.Errorf("checking if node was previously bootstrapped: %w", err)) } if nodeBootstrapped { if err := kube.StartKubelet(); err != nil { log.With(slog.Any("error", err)).Error("Failed to restart kubelet") - reboot(fmt.Errorf("restarting kubelet: %w", err)) + reboot.Reboot(fmt.Errorf("restarting kubelet: %w", err)) } return } @@ -61,7 +59,7 @@ func run(issuer atls.Issuer, openDevice vtpm.TPMOpenFunc, fileHandler file.Handl initServer, err := initserver.New(context.Background(), nodeLock, kube, issuer, disk, fileHandler, metadata, log) if err != nil { log.With(slog.Any("error", err)).Error("Failed to create init server") - reboot(fmt.Errorf("creating init server: %w", err)) + reboot.Reboot(fmt.Errorf("creating init server: %w", err)) } dialer := dialer.New(issuer, nil, &net.Dialer{}) @@ -79,7 +77,7 @@ func run(issuer atls.Issuer, openDevice vtpm.TPMOpenFunc, fileHandler file.Handl if err := joinClient.Start(cleaner); err != nil { log.With(slog.Any("error", err)).Error("Failed to join cluster") markDiskForReset(disk) - reboot(fmt.Errorf("joining cluster: %w", err)) + reboot.Reboot(fmt.Errorf("joining cluster: %w", err)) } }() @@ -89,7 +87,7 @@ func run(issuer atls.Issuer, openDevice vtpm.TPMOpenFunc, fileHandler file.Handl if err := initServer.Serve(bindIP, bindPort, cleaner); err != nil { log.With(slog.Any("error", err)).Error("Failed to serve init server") markDiskForReset(disk) - reboot(fmt.Errorf("serving init server: %w", err)) + reboot.Reboot(fmt.Errorf("serving init server: %w", err)) } }() wg.Wait() @@ -122,20 +120,6 @@ func markDiskForReset(disk *diskencryption.DiskEncryption) { _ = disk.MarkDiskForReset() } -// reboot writes an error message to the system log and reboots the system. -// We call this instead of os.Exit() since failures in the bootstrapper usually require a node reset. -func reboot(e error) { - syslogWriter, err := syslog.New(syslog.LOG_EMERG|syslog.LOG_KERN, "bootstrapper") - if err != nil { - _ = syscall.Reboot(syscall.LINUX_REBOOT_CMD_RESTART) - } - _ = syslogWriter.Err(e.Error()) - _ = syslogWriter.Emerg("bootstrapper has encountered a non recoverable error. Rebooting...") - time.Sleep(time.Minute) // sleep to allow the message to be written to syslog and seen by the user - - _ = syscall.Reboot(syscall.LINUX_REBOOT_CMD_RESTART) -} - type clusterInitJoiner interface { joinclient.ClusterJoiner initserver.ClusterInitializer diff --git a/bootstrapper/internal/etcdio/BUILD.bazel b/bootstrapper/internal/etcdio/BUILD.bazel index b7725d106..7f33bd901 100644 --- a/bootstrapper/internal/etcdio/BUILD.bazel +++ b/bootstrapper/internal/etcdio/BUILD.bazel @@ -2,8 +2,20 @@ load("@io_bazel_rules_go//go:def.bzl", "go_library") go_library( name = "etcdio", - srcs = ["etcdio.go"], + srcs = [ + "etcdio.go", + "setioprio_cross.go", + "setioprio_linux.go", + ], importpath = "github.com/edgelesssys/constellation/v2/bootstrapper/internal/etcdio", visibility = ["//bootstrapper:__subpackages__"], - deps = ["@org_golang_x_sys//unix"], + deps = select({ + "@io_bazel_rules_go//go/platform:android": [ + "@org_golang_x_sys//unix", + ], + "@io_bazel_rules_go//go/platform:linux": [ + "@org_golang_x_sys//unix", + ], + "//conditions:default": [], + }), ) diff --git a/bootstrapper/internal/etcdio/etcdio.go b/bootstrapper/internal/etcdio/etcdio.go index e6c967225..f9caf7dbb 100644 --- a/bootstrapper/internal/etcdio/etcdio.go +++ b/bootstrapper/internal/etcdio/etcdio.go @@ -16,8 +16,6 @@ import ( "path" "strconv" "time" - - "golang.org/x/sys/unix" ) var ( @@ -97,7 +95,7 @@ func (c *Client) setIOPriority() error { prioVal := ((targetClass & ioPrioClassMask) << ioPrioClassShift) | (targetPrio & ioPrioPrioMask) // see https://man7.org/linux/man-pages/man2/ioprio_set.2.html - ret, _, errno := unix.Syscall(unix.SYS_IOPRIO_SET, ioPrioWhoProcess, uintptr(pid), uintptr(prioVal)) + ret, _, errno := setioprio(ioPrioWhoProcess, uintptr(pid), uintptr(prioVal)) if ret != 0 { return fmt.Errorf("setting I/O priority for etcd: %w", errno) } diff --git a/bootstrapper/internal/etcdio/setioprio_cross.go b/bootstrapper/internal/etcdio/setioprio_cross.go new file mode 100644 index 000000000..6422f0c60 --- /dev/null +++ b/bootstrapper/internal/etcdio/setioprio_cross.go @@ -0,0 +1,17 @@ +//go:build !linux + +/* +Copyright (c) Edgeless Systems GmbH + +SPDX-License-Identifier: AGPL-3.0-only +*/ + +package etcdio + +import ( + "syscall" +) + +func setioprio(_, _, _ uintptr) (uintptr, uintptr, syscall.Errno) { + panic("setioprio not implemented on non-Linux platforms") +} diff --git a/bootstrapper/internal/etcdio/setioprio_linux.go b/bootstrapper/internal/etcdio/setioprio_linux.go new file mode 100644 index 000000000..61d82248f --- /dev/null +++ b/bootstrapper/internal/etcdio/setioprio_linux.go @@ -0,0 +1,19 @@ +//go:build linux + +/* +Copyright (c) Edgeless Systems GmbH + +SPDX-License-Identifier: AGPL-3.0-only +*/ + +package etcdio + +import ( + "syscall" + + "golang.org/x/sys/unix" +) + +func setioprio(ioPrioWhoProcess, pid, prioVal uintptr) (uintptr, uintptr, syscall.Errno) { + return unix.Syscall(unix.SYS_IOPRIO_SET, ioPrioWhoProcess, pid, prioVal) +} diff --git a/bootstrapper/internal/reboot/BUILD.bazel b/bootstrapper/internal/reboot/BUILD.bazel new file mode 100644 index 000000000..ce71293b3 --- /dev/null +++ b/bootstrapper/internal/reboot/BUILD.bazel @@ -0,0 +1,11 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") + +go_library( + name = "reboot", + srcs = [ + "reboot_cross.go", + "reboot_linux.go", + ], + importpath = "github.com/edgelesssys/constellation/v2/bootstrapper/internal/reboot", + visibility = ["//bootstrapper:__subpackages__"], +) diff --git a/bootstrapper/internal/reboot/reboot_cross.go b/bootstrapper/internal/reboot/reboot_cross.go new file mode 100644 index 000000000..708749461 --- /dev/null +++ b/bootstrapper/internal/reboot/reboot_cross.go @@ -0,0 +1,14 @@ +//go:build !linux + +/* +Copyright (c) Edgeless Systems GmbH + +SPDX-License-Identifier: AGPL-3.0-only +*/ + +package reboot + +// Reboot is not implemented on non-Linux platforms. +func Reboot(_ error) { + panic("reboot not implemented on non-Linux platforms") +} diff --git a/bootstrapper/internal/reboot/reboot_linux.go b/bootstrapper/internal/reboot/reboot_linux.go new file mode 100644 index 000000000..c39d1cce9 --- /dev/null +++ b/bootstrapper/internal/reboot/reboot_linux.go @@ -0,0 +1,29 @@ +//go:build linux + +/* +Copyright (c) Edgeless Systems GmbH + +SPDX-License-Identifier: AGPL-3.0-only +*/ + +package reboot + +import ( + "log/syslog" + "syscall" + "time" +) + +// Reboot writes an error message to the system log and reboots the system. +// We call this instead of os.Exit() since failures in the bootstrapper usually require a node reset. +func Reboot(e error) { + syslogWriter, err := syslog.New(syslog.LOG_EMERG|syslog.LOG_KERN, "bootstrapper") + if err != nil { + _ = syscall.Reboot(syscall.LINUX_REBOOT_CMD_RESTART) + } + _ = syslogWriter.Err(e.Error()) + _ = syslogWriter.Emerg("bootstrapper has encountered a non recoverable error. Rebooting...") + time.Sleep(time.Minute) // sleep to allow the message to be written to syslog and seen by the user + + _ = syscall.Reboot(syscall.LINUX_REBOOT_CMD_RESTART) +} From 0d421b905fd4491d64c9f35288bca810975e5301 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 9 Jul 2024 21:28:15 +0200 Subject: [PATCH 144/380] deps: update bufbuild/buf to v1.34.0 (#3210) * deps: update bufbuild/buf to v1.34.0 * deps: tidy all modules --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci --- bazel/toolchains/ci_deps.bzl | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/bazel/toolchains/ci_deps.bzl b/bazel/toolchains/ci_deps.bzl index ec23f6802..6e3774830 100644 --- a/bazel/toolchains/ci_deps.bzl +++ b/bazel/toolchains/ci_deps.bzl @@ -270,44 +270,44 @@ def _buf_deps(): strip_prefix = "buf/bin", build_file_content = """exports_files(["buf"], visibility = ["//visibility:public"])""", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/8a94dce37ce72c89c82e6c4baf77797a2a4a2eef3b02a7f39b40ef7fb0f39f94", - "https://github.com/bufbuild/buf/releases/download/v1.31.0/buf-Linux-x86_64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/82dcf1a5f45498b539a04d764e3cb274a13c8d94271c92508fc1624d227895ff", + "https://github.com/bufbuild/buf/releases/download/v1.34.0/buf-Linux-x86_64.tar.gz", ], type = "tar.gz", - sha256 = "8a94dce37ce72c89c82e6c4baf77797a2a4a2eef3b02a7f39b40ef7fb0f39f94", + sha256 = "82dcf1a5f45498b539a04d764e3cb274a13c8d94271c92508fc1624d227895ff", ) http_archive( name = "com_github_bufbuild_buf_linux_arm64", strip_prefix = "buf/bin", build_file_content = """exports_files(["buf"], visibility = ["//visibility:public"])""", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/ed435fe40a8b719354f746261cf9dbfcbfa4165fdb600e2f324ad8f6fe488dd2", - "https://github.com/bufbuild/buf/releases/download/v1.31.0/buf-Linux-aarch64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/564d3ee76d93940addc15ba99b6ccc08b199c345800947a6d7f92e123aa62343", + "https://github.com/bufbuild/buf/releases/download/v1.34.0/buf-Linux-aarch64.tar.gz", ], type = "tar.gz", - sha256 = "ed435fe40a8b719354f746261cf9dbfcbfa4165fdb600e2f324ad8f6fe488dd2", + sha256 = "564d3ee76d93940addc15ba99b6ccc08b199c345800947a6d7f92e123aa62343", ) http_archive( name = "com_github_bufbuild_buf_darwin_amd64", strip_prefix = "buf/bin", build_file_content = """exports_files(["buf"], visibility = ["//visibility:public"])""", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/a88b4ccf6aee4f7d525917bf4636253faa7c13b8f45c4c732a7fea55441ef835", - "https://github.com/bufbuild/buf/releases/download/v1.31.0/buf-Darwin-x86_64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/6f07be0a8db1798fae85e19bbe6eb5618dadddff4be3e3d1e80a30d4f2a35d20", + "https://github.com/bufbuild/buf/releases/download/v1.34.0/buf-Darwin-x86_64.tar.gz", ], type = "tar.gz", - sha256 = "a88b4ccf6aee4f7d525917bf4636253faa7c13b8f45c4c732a7fea55441ef835", + sha256 = "6f07be0a8db1798fae85e19bbe6eb5618dadddff4be3e3d1e80a30d4f2a35d20", ) http_archive( name = "com_github_bufbuild_buf_darwin_arm64", strip_prefix = "buf/bin", build_file_content = """exports_files(["buf"], visibility = ["//visibility:public"])""", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/7519df87d3f681d5348f00e96215543edc55c62d821527056b5d8201d8982f28", - "https://github.com/bufbuild/buf/releases/download/v1.31.0/buf-Darwin-arm64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/1a36e18b9aaaa69465d1a3b5fd061a9b6b9933ab93a71961824eba2afa0151fe", + "https://github.com/bufbuild/buf/releases/download/v1.34.0/buf-Darwin-arm64.tar.gz", ], type = "tar.gz", - sha256 = "7519df87d3f681d5348f00e96215543edc55c62d821527056b5d8201d8982f28", + sha256 = "1a36e18b9aaaa69465d1a3b5fd061a9b6b9933ab93a71961824eba2afa0151fe", ) def _talos_docgen_deps(): From f3ade03a3e7312dd2c9238128582628fa698555e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 10 Jul 2024 06:44:46 +0200 Subject: [PATCH 145/380] deps: update module google.golang.org/grpc to v1.64.1 [SECURITY] (#3244) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 17ef7c836..f99acab33 100644 --- a/go.mod +++ b/go.mod @@ -121,7 +121,7 @@ require ( golang.org/x/text v0.16.0 golang.org/x/tools v0.22.0 google.golang.org/api v0.187.0 - google.golang.org/grpc v1.64.0 + google.golang.org/grpc v1.64.1 google.golang.org/protobuf v1.34.2 gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.15.2 diff --git a/go.sum b/go.sum index 3bfe2f31a..b95267fa6 100644 --- a/go.sum +++ b/go.sum @@ -1036,8 +1036,8 @@ google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY= -google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg= +google.golang.org/grpc v1.64.1 h1:LKtvyfbX3UGVPFcGqJ9ItpVWW6oN/2XqTxfAnwRRXiA= +google.golang.org/grpc v1.64.1/go.mod h1:hiQF4LFZelK2WKaP6W0L92zGHtiQdZxk8CrSdvyjeP0= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= From 8c680ee8116669c2a72d14b6dd3b03cd6b7b60a8 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 10 Jul 2024 06:46:32 +0200 Subject: [PATCH 146/380] deps: update ghcr.io/edgelesssys/gcp-guest-agent Docker tag to v20240701 (#3227) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- internal/versions/versions.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/versions/versions.go b/internal/versions/versions.go index e2e9dd8fb..5eb0bba36 100644 --- a/internal/versions/versions.go +++ b/internal/versions/versions.go @@ -169,7 +169,7 @@ const ( // GcpGuestImage image for GCP guest agent. // Check for new versions at https://github.com/GoogleCloudPlatform/guest-agent/releases and update in /.github/workflows/build-gcp-guest-agent.yml. - GcpGuestImage = "ghcr.io/edgelesssys/gcp-guest-agent:v20240611.1.0@sha256:e751fda68957a70c8494999115aba2ccbc1e2f31d85986b7e133cbe02187da23" // renovate:container + GcpGuestImage = "ghcr.io/edgelesssys/gcp-guest-agent:v20240701.0.0@sha256:30986eeea5ae55dc98bd9b1c6d5252821effea5b27708c14dc414f6ee926c7d7" // renovate:container // NodeMaintenanceOperatorImage is the image for the node maintenance operator. NodeMaintenanceOperatorImage = "quay.io/medik8s/node-maintenance-operator:v0.15.0@sha256:8cb8dad93283268282c30e75c68f4bd76b28def4b68b563d2f9db9c74225d634" // renovate:container // LogstashImage is the container image of logstash, used for log collection by debugd. From 543ba96e5975249b08e9ab580bc2306138e6afb4 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Wed, 10 Jul 2024 07:40:24 +0200 Subject: [PATCH 147/380] image: update measurements and image version (#3243) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index c8b12ec6b..276be2a86 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xab, 0xdd, 0x69, 0x4a, 0x27, 0x1b, 0x1f, 0xc7, 0x47, 0xfa, 0xa5, 0xb1, 0x03, 0x39, 0x6c, 0x07, 0x13, 0x57, 0x32, 0x9f, 0x63, 0x17, 0x17, 0xcd, 0xe3, 0x03, 0x81, 0xae, 0xa5, 0xbd, 0x3e, 0xc5}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x56, 0xcc, 0xcb, 0x3b, 0x6a, 0x21, 0x0a, 0x5e, 0xdf, 0x47, 0x7d, 0x6d, 0x8d, 0x31, 0xbc, 0xc5, 0xbc, 0x55, 0x51, 0x95, 0xe9, 0x02, 0xf1, 0x78, 0x25, 0xe3, 0x60, 0x7d, 0xa5, 0x2f, 0x1d, 0x99}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x84, 0xb2, 0xb6, 0xae, 0x32, 0xf4, 0xaa, 0x33, 0x77, 0x85, 0xba, 0x53, 0x20, 0x64, 0x5e, 0x8d, 0xe9, 0xfc, 0xb2, 0xd1, 0x7d, 0xca, 0xe6, 0x8c, 0xaf, 0x3d, 0x98, 0x75, 0x56, 0x76, 0x3e, 0x3a}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xca, 0xbf, 0x72, 0x88, 0xdf, 0x72, 0xdf, 0xbe, 0x3f, 0x11, 0x75, 0x6b, 0x2f, 0x99, 0x61, 0xc3, 0xc6, 0x0d, 0x6a, 0x3a, 0xcc, 0xa1, 0x48, 0x4a, 0xd5, 0xd6, 0x34, 0x31, 0xfe, 0x17, 0xaa, 0x15}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x3e, 0x78, 0xd5, 0xec, 0x12, 0x33, 0x00, 0x26, 0x67, 0x1f, 0xbb, 0x71, 0x06, 0x0d, 0x57, 0xee, 0xb4, 0x48, 0x6e, 0x4f, 0x6a, 0x5e, 0xbe, 0x1e, 0x73, 0xe3, 0x40, 0x4c, 0x4e, 0x5f, 0x7c, 0x1c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x0b, 0x0f, 0xfe, 0x12, 0x53, 0xec, 0xbf, 0x1d, 0x7d, 0x58, 0xa3, 0xfc, 0x0b, 0x53, 0xff, 0x02, 0xb7, 0x24, 0xba, 0x97, 0xc3, 0x70, 0xad, 0xe2, 0xbf, 0x26, 0x40, 0x2c, 0xaa, 0x3f, 0x12, 0xb7}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x64, 0x63, 0x13, 0x6e, 0x8e, 0x08, 0x11, 0x24, 0xc6, 0x0b, 0x2b, 0x13, 0x28, 0xb0, 0x31, 0xbf, 0xdc, 0xbf, 0xa6, 0x9e, 0x0e, 0xf6, 0xda, 0x75, 0xb5, 0x66, 0xeb, 0x8a, 0xd1, 0xfc, 0x3e, 0xaa}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x1a, 0x40, 0xca, 0x85, 0x91, 0xb3, 0x3e, 0x71, 0x89, 0x7b, 0x81, 0x49, 0x6e, 0x80, 0xe0, 0xbb, 0x61, 0x80, 0x82, 0x20, 0x78, 0xc1, 0x53, 0xb7, 0x00, 0xc4, 0xda, 0x0c, 0xd8, 0x0c, 0x98, 0x10}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x33, 0x5d, 0x8c, 0x3d, 0xb3, 0x1a, 0x1b, 0x46, 0x1d, 0xd4, 0x00, 0x43, 0x84, 0x3c, 0x0b, 0x73, 0xb7, 0x7a, 0x3c, 0x22, 0x99, 0x64, 0x77, 0x4d, 0xce, 0xd5, 0xe0, 0xb0, 0x62, 0xfc, 0x38, 0x5d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x09, 0x62, 0xd2, 0x3d, 0xfb, 0xc0, 0x45, 0x70, 0xa2, 0xa8, 0x64, 0xe8, 0x58, 0x08, 0xe2, 0xdd, 0xa6, 0xec, 0x35, 0xc6, 0xf1, 0xa1, 0x49, 0x98, 0x44, 0xb5, 0x34, 0x65, 0xb7, 0x57, 0xce, 0x5f}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xe2, 0x0d, 0x24, 0x95, 0x17, 0xfc, 0x1a, 0xb3, 0xb7, 0x3e, 0x1f, 0x97, 0xdf, 0xb2, 0x40, 0x2d, 0x1a, 0xa4, 0xa4, 0x22, 0x4e, 0x59, 0x7e, 0x02, 0xb5, 0x5e, 0xfa, 0x1f, 0xd5, 0x97, 0x4d, 0x6f}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd4, 0x26, 0xd7, 0x9b, 0x70, 0x0d, 0x8f, 0x0f, 0x94, 0xc8, 0x0c, 0x97, 0x8c, 0x7b, 0x29, 0xa0, 0x25, 0xd5, 0x81, 0xd0, 0x50, 0x4e, 0x1c, 0x34, 0x95, 0xb5, 0xcc, 0x6d, 0xd2, 0xe9, 0xbd, 0xfc}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x06, 0xe9, 0x66, 0x25, 0xa9, 0xb1, 0xa7, 0xc9, 0x99, 0x94, 0x4d, 0xb8, 0xa6, 0x13, 0xa6, 0xae, 0x1a, 0x12, 0x90, 0x26, 0x70, 0xe9, 0x6f, 0x1e, 0xce, 0xb5, 0x5f, 0x6d, 0x48, 0x02, 0xd6, 0x81}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xdf, 0x67, 0xab, 0xa3, 0x8e, 0xf2, 0x34, 0x64, 0x07, 0xe2, 0xec, 0xeb, 0x44, 0x69, 0x71, 0x81, 0x16, 0x8d, 0xaa, 0x62, 0xde, 0xa9, 0xd8, 0xeb, 0xdb, 0x7e, 0x66, 0x86, 0x40, 0x63, 0x8b, 0x59}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x6a, 0x87, 0x92, 0xfe, 0xbb, 0xe7, 0x11, 0xbe, 0xa9, 0xd6, 0xf4, 0x56, 0x6d, 0xb4, 0xe3, 0x39, 0xc0, 0xdd, 0x5a, 0x2e, 0xec, 0xf0, 0x6d, 0xbd, 0xdd, 0x57, 0x6b, 0x35, 0xf1, 0xcc, 0x05, 0x45}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x71, 0xf6, 0xb8, 0x63, 0xf9, 0xf8, 0x3a, 0x6f, 0x28, 0xbc, 0x19, 0x8b, 0xb9, 0xb9, 0xe8, 0x39, 0xfe, 0xde, 0xe8, 0x67, 0x68, 0xc7, 0x8b, 0xd7, 0xe0, 0xcd, 0x97, 0x65, 0x79, 0xb5, 0x0c, 0x9e}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x88, 0x85, 0x6e, 0x71, 0x99, 0x86, 0x93, 0xc7, 0xea, 0x7a, 0xda, 0xd9, 0x03, 0x72, 0x83, 0x5a, 0xb8, 0xe6, 0x27, 0xc4, 0xd1, 0x4a, 0x3d, 0x92, 0x9a, 0x99, 0xf1, 0xbc, 0xd0, 0xa5, 0x51, 0x11}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa9, 0xcd, 0x02, 0x05, 0xa3, 0x8a, 0x37, 0x2b, 0xa4, 0x8a, 0x8f, 0x85, 0x05, 0xcc, 0x20, 0x9a, 0x1c, 0x15, 0x34, 0x3c, 0x12, 0x37, 0x63, 0xac, 0xd5, 0x06, 0x82, 0xa6, 0x2b, 0xe8, 0xf1, 0xb6}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xc8, 0x36, 0x58, 0xcf, 0xc1, 0x50, 0x5c, 0x27, 0x30, 0x16, 0x66, 0x2b, 0xe8, 0xc4, 0x0a, 0x7d, 0x43, 0x5b, 0xca, 0x85, 0x2b, 0xd2, 0x6c, 0x0d, 0x6c, 0x48, 0x95, 0x04, 0x9e, 0x70, 0x25, 0x9e}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xf4, 0x18, 0xc1, 0xbd, 0x9e, 0xd1, 0x12, 0x29, 0x6a, 0x14, 0xb1, 0xbe, 0xe8, 0x62, 0x0b, 0x68, 0xef, 0xc3, 0x29, 0xca, 0x7d, 0x0f, 0xd1, 0xb2, 0xe7, 0x96, 0x92, 0x1b, 0x2e, 0x93, 0xdf, 0x6d}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xde, 0xdf, 0x38, 0xc2, 0x51, 0xc6, 0x4c, 0x71, 0x43, 0xb6, 0xf9, 0xcc, 0x3c, 0x77, 0x20, 0x34, 0x72, 0x6d, 0x17, 0xf2, 0x0e, 0x1f, 0x33, 0xed, 0x55, 0x91, 0x87, 0x82, 0x7e, 0x81, 0x44, 0x9e}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x89, 0xef, 0x8b, 0x34, 0x9a, 0xe8, 0x49, 0x03, 0x64, 0x2e, 0x21, 0xd4, 0x68, 0x93, 0xf2, 0x57, 0x13, 0x81, 0x78, 0x6e, 0xb0, 0x1d, 0x94, 0x89, 0xf5, 0x4f, 0xea, 0x17, 0xbc, 0x7c, 0x63, 0xd6}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xf6, 0xcf, 0x06, 0xa4, 0xc2, 0xc4, 0x14, 0x15, 0x9f, 0x2e, 0xd6, 0x97, 0x1f, 0x4e, 0x40, 0x52, 0x41, 0xd6, 0x46, 0x00, 0x3a, 0x00, 0x6b, 0xcf, 0x61, 0x53, 0x55, 0x42, 0x14, 0x7b, 0xe3, 0x3b}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x9a, 0x72, 0xa8, 0x48, 0x4e, 0x17, 0x30, 0xbe, 0x3b, 0x39, 0x8d, 0x68, 0x83, 0xb4, 0x35, 0xc2, 0xba, 0x90, 0x43, 0x96, 0xd8, 0x2a, 0xdd, 0x89, 0x01, 0x11, 0x33, 0xcb, 0xfd, 0x01, 0xa6, 0x58}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xca, 0x39, 0xbc, 0x37, 0x6a, 0x8e, 0xbf, 0x2f, 0xf5, 0xc6, 0x49, 0xa0, 0x43, 0x9c, 0x72, 0x38, 0x37, 0xf0, 0xe9, 0xed, 0x55, 0x88, 0x0d, 0x1d, 0x73, 0xd0, 0xda, 0x63, 0xa1, 0x90, 0xb4, 0x24}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x59, 0xec, 0x11, 0xb8, 0x7b, 0xef, 0xf1, 0x5d, 0x07, 0x6a, 0xd2, 0xc7, 0x6e, 0x23, 0xe9, 0x9e, 0xb6, 0xca, 0x0d, 0x15, 0xb3, 0x3b, 0x96, 0xfb, 0x16, 0xac, 0xce, 0xcf, 0x0d, 0x65, 0xad, 0xbb}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x04, 0x52, 0xe3, 0x8e, 0xc5, 0x50, 0xfd, 0xa8, 0xef, 0x20, 0xd6, 0x30, 0x06, 0x84, 0xb8, 0x46, 0x97, 0xb8, 0x0c, 0x1e, 0xb1, 0xfd, 0xc1, 0x1c, 0x88, 0xfb, 0x3a, 0xc8, 0xb9, 0x31, 0x78, 0xdb}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x68, 0x2f, 0x85, 0xb0, 0x9d, 0x71, 0x2a, 0x38, 0x43, 0x67, 0x5a, 0x86, 0x77, 0x8d, 0xae, 0x56, 0x9f, 0x90, 0x5b, 0x9a, 0xee, 0x5a, 0xeb, 0x4f, 0x8a, 0xc1, 0x18, 0x3b, 0x0a, 0x35, 0x46, 0x3b}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xef, 0x4e, 0x80, 0x3a, 0xa9, 0xf1, 0xe4, 0x79, 0x8e, 0x18, 0x70, 0xe5, 0xb6, 0x3a, 0x03, 0x45, 0xd4, 0x4d, 0x57, 0x33, 0x2d, 0x3a, 0xef, 0xd1, 0x2e, 0xdb, 0x3c, 0x13, 0x4b, 0x8a, 0x32, 0xdb}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xde, 0x7a, 0x98, 0xdd, 0x07, 0xab, 0x8d, 0x02, 0x2d, 0xf7, 0x2e, 0x07, 0x7e, 0x4e, 0x68, 0x23, 0xec, 0xf0, 0x86, 0x7d, 0x80, 0xee, 0x2f, 0x61, 0x6b, 0xcb, 0x69, 0x0d, 0xe1, 0x88, 0x7e, 0x23}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0x3b, 0x38, 0x8d, 0xd2, 0xdf, 0x8f, 0xab, 0x17, 0x5a, 0xfd, 0xfb, 0x7e, 0xc1, 0xf0, 0x8e, 0x71, 0x76, 0xcb, 0x69, 0x25, 0x93, 0xe7, 0x29, 0x69, 0x87, 0xe0, 0xb2, 0xe1, 0x5b, 0xdc, 0xdd, 0x8a}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x70, 0x68, 0x5d, 0xe3, 0x0f, 0xf2, 0xb6, 0x40, 0xeb, 0x27, 0x3f, 0x16, 0x3e, 0x9c, 0x8e, 0x00, 0x6b, 0x8f, 0xbe, 0xfa, 0x42, 0x62, 0x26, 0xdf, 0x4f, 0x77, 0x2b, 0x2f, 0x58, 0x16, 0x25, 0x3d}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x17, 0xf0, 0xff, 0x7f, 0xf4, 0x95, 0x28, 0xa1, 0x19, 0xc5, 0x23, 0xd6, 0xa6, 0xca, 0xf6, 0xf8, 0x96, 0x71, 0x41, 0xa2, 0x55, 0xe1, 0xbb, 0x58, 0x3f, 0x1a, 0xfb, 0x83, 0x60, 0xd0, 0x83, 0x5e}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x2f, 0x28, 0x3c, 0xc7, 0x4d, 0x3e, 0x3a, 0x32, 0x02, 0x4c, 0x15, 0x20, 0x3a, 0xea, 0x36, 0xf8, 0xfe, 0x2c, 0xe0, 0xb1, 0xfc, 0x34, 0xfe, 0x64, 0x16, 0x39, 0x75, 0x54, 0xcf, 0x42, 0xe3, 0x32}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xe8, 0x7a, 0xbd, 0x6e, 0x96, 0x1e, 0x91, 0x52, 0x96, 0x8d, 0x5c, 0x2b, 0x8d, 0x91, 0xc9, 0x2c, 0x1b, 0x62, 0xb2, 0x75, 0xa0, 0x35, 0x87, 0x72, 0x41, 0x64, 0x18, 0xcd, 0x73, 0x97, 0xa8, 0x28}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xb5, 0x50, 0x3d, 0xac, 0x2b, 0xce, 0x0b, 0x0b, 0x05, 0x45, 0xc5, 0x29, 0x4c, 0xbe, 0xcd, 0x54, 0xad, 0x8c, 0xa5, 0xc4, 0xb2, 0xf5, 0x0d, 0xe1, 0x2a, 0x51, 0x41, 0xa5, 0x85, 0x5f, 0xa6, 0xfe}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xa6, 0xd2, 0xfc, 0x52, 0xf2, 0xcd, 0x65, 0x2d, 0x05, 0xa8, 0xc1, 0x81, 0x19, 0x0e, 0x05, 0x4d, 0x57, 0x60, 0x43, 0x66, 0xac, 0x36, 0x2b, 0x50, 0xeb, 0x27, 0xba, 0x55, 0x1f, 0x62, 0xd3, 0xcf}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x40, 0x93, 0xb6, 0x3b, 0x47, 0x66, 0xab, 0x87, 0x7a, 0x45, 0x6c, 0x78, 0x3a, 0x34, 0x0f, 0x1b, 0x9c, 0xb2, 0x16, 0x0c, 0x3b, 0x9c, 0x13, 0x6e, 0x62, 0x15, 0xaa, 0xfb, 0x22, 0x6b, 0xab, 0x48}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x4c, 0x2e, 0x97, 0xca, 0x09, 0x8d, 0x32, 0xe2, 0xb8, 0xee, 0x3e, 0x29, 0x60, 0xff, 0x2b, 0x4f, 0xc5, 0x2d, 0xe4, 0xf3, 0x7a, 0xae, 0x3e, 0x79, 0xea, 0xa1, 0xc4, 0x87, 0x41, 0x92, 0x4d, 0x2e}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0x5d, 0x20, 0xfb, 0x83, 0x8d, 0x3e, 0x32, 0x67, 0xd5, 0x83, 0x2b, 0x6b, 0x57, 0x2c, 0x73, 0xa4, 0xef, 0xd3, 0x1a, 0xf1, 0x5c, 0x81, 0xca, 0xed, 0x4d, 0x0e, 0x2f, 0x59, 0x39, 0x01, 0x7a, 0xff}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xdc, 0x53, 0x03, 0x46, 0x92, 0x7c, 0xd1, 0xca, 0x6e, 0x05, 0xc3, 0x39, 0xcf, 0x7d, 0x82, 0x9b, 0xeb, 0xb0, 0xfb, 0xf3, 0xe6, 0x77, 0xe5, 0x84, 0x9a, 0x12, 0x23, 0x8e, 0x17, 0x2b, 0x2c, 0xa1}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x61, 0xab, 0x3e, 0x9f, 0x65, 0x3c, 0xd9, 0x6d, 0xee, 0x88, 0x2c, 0xe2, 0xfd, 0xba, 0xd6, 0xaa, 0xe1, 0x90, 0x37, 0xf7, 0xe9, 0x4c, 0x3a, 0x23, 0xb1, 0xeb, 0x18, 0x6a, 0x08, 0xbb, 0x5d, 0xcc}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0x90, 0x84, 0x4a, 0x76, 0xc8, 0xde, 0x32, 0x20, 0x16, 0x2e, 0xe7, 0x39, 0xdb, 0x74, 0x58, 0x56, 0xa4, 0x2a, 0xc6, 0xda, 0xbe, 0xcf, 0x24, 0x38, 0x14, 0x3c, 0x0e, 0x7b, 0x06, 0x76, 0xe5, 0xde}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x25, 0x54, 0x87, 0x59, 0x6b, 0x5a, 0x2e, 0x1c, 0x6e, 0xd7, 0xee, 0x90, 0x6b, 0xae, 0xc1, 0x7c, 0x7c, 0xce, 0x0a, 0x8a, 0x00, 0x3d, 0xba, 0x73, 0x11, 0xee, 0x1f, 0xe5, 0xf1, 0x7b, 0xb3, 0x43}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x48, 0x6f, 0x0a, 0x88, 0x18, 0xe4, 0x01, 0x97, 0xda, 0x2e, 0x1a, 0x5d, 0x0a, 0xd8, 0x4a, 0x29, 0xd4, 0xa4, 0xcb, 0xe5, 0x82, 0x8f, 0x46, 0x3d, 0x93, 0x40, 0x2f, 0x17, 0x55, 0x98, 0x7b, 0xdb}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0x0a, 0xb1, 0xd4, 0x60, 0x5e, 0x2b, 0x43, 0x6c, 0x5c, 0x2c, 0x5c, 0x1c, 0x9f, 0xe4, 0x1e, 0x8a, 0x0b, 0x92, 0xab, 0x9c, 0x38, 0x19, 0xa3, 0x9b, 0xa8, 0x4c, 0xe4, 0x81, 0x50, 0x43, 0x68, 0x8f}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x4a, 0x38, 0xaf, 0x39, 0xa1, 0x37, 0x06, 0x37, 0x0a, 0x71, 0x99, 0x2e, 0xa1, 0x2c, 0x1f, 0xaa, 0xd5, 0xd4, 0x39, 0x3b, 0x00, 0x0d, 0x54, 0xb7, 0xa3, 0x6c, 0x06, 0xc1, 0x0f, 0xd6, 0x77, 0x66}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd9, 0x14, 0x58, 0xb8, 0xfc, 0xab, 0x5a, 0x80, 0x09, 0x69, 0x53, 0xea, 0x23, 0xc3, 0x98, 0x50, 0x9a, 0x6c, 0x15, 0x57, 0x9c, 0x18, 0x57, 0x65, 0x77, 0x99, 0x6c, 0x85, 0x15, 0x02, 0x32, 0x22}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index 28cef7370..33931bb88 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240704154021-5efe2a4c8363" + defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240709212815-0d421b905fd4" ) From 391deeae37949658004e563ae39f686cf7a072c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Wed, 10 Jul 2024 08:24:32 +0200 Subject: [PATCH 148/380] ci: reduce max parallel attestationconfig e2e tests back to 1 for stability (#3208) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- .github/workflows/e2e-attestationconfigapi.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e-attestationconfigapi.yml b/.github/workflows/e2e-attestationconfigapi.yml index 2fdc318d0..70153ec0e 100644 --- a/.github/workflows/e2e-attestationconfigapi.yml +++ b/.github/workflows/e2e-attestationconfigapi.yml @@ -15,7 +15,7 @@ jobs: e2e-api: strategy: fail-fast: false - max-parallel: 2 + max-parallel: 1 matrix: attestationVariant: ["azure-sev-snp", "azure-tdx", "aws-sev-snp", "gcp-sev-snp"] runs-on: ubuntu-22.04 From 5d25eded1d585578e50a04db34a998dc012b5797 Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Wed, 10 Jul 2024 09:11:32 +0200 Subject: [PATCH 149/380] csi: mark mount integration test as flaky (#3240) --- csi/test/BUILD.bazel | 2 ++ 1 file changed, 2 insertions(+) diff --git a/csi/test/BUILD.bazel b/csi/test/BUILD.bazel index b62498c20..5a27fdf89 100644 --- a/csi/test/BUILD.bazel +++ b/csi/test/BUILD.bazel @@ -28,6 +28,8 @@ go_test( "RM": "$(rlocationpath @coreutils//:bin/rm)", "UMOUNT": "$(rlocationpath @util-linux//:bin/umount)", }, + # This test frequently runs into https://github.com/martinjungblut/go-cryptsetup/issues/13. + flaky = 1, # keep tags = [ "integration", From 051cb20b09ae8d1e3d79509bfd3754ed88f160d7 Mon Sep 17 00:00:00 2001 From: Adrian Stobbe Date: Wed, 10 Jul 2024 09:56:36 +0200 Subject: [PATCH 150/380] ci: fix TF attestation version assertion in integration test (#3237) --- .../provider/attestation_data_source_test.go | 41 +++++++++++++++---- 1 file changed, 34 insertions(+), 7 deletions(-) diff --git a/terraform-provider-constellation/internal/provider/attestation_data_source_test.go b/terraform-provider-constellation/internal/provider/attestation_data_source_test.go index 407900551..ff97968e7 100644 --- a/terraform-provider-constellation/internal/provider/attestation_data_source_test.go +++ b/terraform-provider-constellation/internal/provider/attestation_data_source_test.go @@ -7,6 +7,8 @@ SPDX-License-Identifier: AGPL-3.0-only package provider import ( + "errors" + "strconv" "testing" "github.com/hashicorp/terraform-plugin-testing/helper/resource" @@ -16,6 +18,30 @@ func TestAccAttestationSource(t *testing.T) { // Set the path to the Terraform binary for acceptance testing when running under Bazel. bazelPreCheck := func() { bazelSetTerraformBinaryPath(t) } + assertNonZeroValue := func(attr string) resource.TestCheckFunc { + return resource.TestCheckResourceAttrWith( + "data.constellation_attestation.test", + attr, + func(value string) error { + parsedValue, err := strconv.ParseUint(value, 10, 8) + if err == nil && parsedValue == 0 { + return errors.New("expected non-zero value") + } + return err + }, + ) + } + assertUint8Value := func(attr string) resource.TestCheckFunc { + return resource.TestCheckResourceAttrWith( + "data.constellation_attestation.test", + attr, + func(value string) error { + _, err := strconv.ParseUint(value, 10, 8) + return err + }, + ) + } + testCases := map[string]resource.TestCase{ "azure sev-snp success": { ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, @@ -36,12 +62,10 @@ func TestAccAttestationSource(t *testing.T) { `, Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr("data.constellation_attestation.test", "attestation.variant", "azure-sev-snp"), - - resource.TestCheckResourceAttr("data.constellation_attestation.test", "attestation.bootloader_version", "3"), - resource.TestCheckResourceAttr("data.constellation_attestation.test", "attestation.microcode_version", "115"), - resource.TestCheckResourceAttr("data.constellation_attestation.test", "attestation.snp_version", "8"), - resource.TestCheckResourceAttr("data.constellation_attestation.test", "attestation.tee_version", "0"), - + assertNonZeroValue("attestation.bootloader_version"), + assertNonZeroValue("attestation.microcode_version"), + assertNonZeroValue("attestation.snp_version"), + assertUint8Value("attestation.tee_version"), // the valid value is 0 at the moment resource.TestCheckResourceAttr("data.constellation_attestation.test", "attestation.azure_firmware_signer_config.accepted_key_digests.0", "0356215882a825279a85b300b0b742931d113bf7e32dde2e50ffde7ec743ca491ecdd7f336dc28a6e0b2bb57af7a44a3"), resource.TestCheckResourceAttr("data.constellation_attestation.test", "attestation.azure_firmware_signer_config.enforcement_policy", "MAAFallback"), @@ -128,7 +152,10 @@ func TestAccAttestationSource(t *testing.T) { `, Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttr("data.constellation_attestation.test", "attestation.variant", "gcp-sev-snp"), - resource.TestCheckResourceAttr("data.constellation_attestation.test", "attestation.bootloader_version", "3"), + assertNonZeroValue("attestation.bootloader_version"), + assertNonZeroValue("attestation.microcode_version"), + assertNonZeroValue("attestation.snp_version"), + assertUint8Value("attestation.tee_version"), // the valid value is 0 at the moment resource.TestCheckResourceAttr("data.constellation_attestation.test", "attestation.measurements.1.expected", "3695dcc55e3aa34027c27793c85c723c697d708c42d1f73bd6fa4f26608a5b24"), resource.TestCheckResourceAttr("data.constellation_attestation.test", "attestation.measurements.1.warn_only", "true"), ), From 2cf315911d261be531f1546b64dfe57f9107767a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 10 Jul 2024 10:29:58 +0200 Subject: [PATCH 151/380] deps: update Go dependencies (#3242) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 58 +++++++++++------------ go.sum | 118 +++++++++++++++++++++++----------------------- hack/tools/go.mod | 12 ++--- hack/tools/go.sum | 24 +++++----- 4 files changed, 105 insertions(+), 107 deletions(-) diff --git a/go.mod b/go.mod index f99acab33..b79621cfa 100644 --- a/go.mod +++ b/go.mod @@ -30,7 +30,7 @@ require ( cloud.google.com/go/compute/metadata v0.4.0 cloud.google.com/go/kms v1.18.2 cloud.google.com/go/secretmanager v1.13.3 - cloud.google.com/go/storage v1.42.0 + cloud.google.com/go/storage v1.43.0 dario.cat/mergo v1.0.0 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 @@ -40,18 +40,18 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0 github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.3.2 github.com/BurntSushi/toml v1.4.0 - github.com/aws/aws-sdk-go v1.54.12 + github.com/aws/aws-sdk-go v1.54.17 github.com/aws/aws-sdk-go-v2 v1.30.1 - github.com/aws/aws-sdk-go-v2/config v1.27.23 - github.com/aws/aws-sdk-go-v2/credentials v1.17.23 + github.com/aws/aws-sdk-go-v2/config v1.27.24 + github.com/aws/aws-sdk-go-v2/credentials v1.17.24 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.9 - github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.3 + github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.5 github.com/aws/aws-sdk-go-v2/service/autoscaling v1.43.1 github.com/aws/aws-sdk-go-v2/service/cloudfront v1.38.2 - github.com/aws/aws-sdk-go-v2/service/ec2 v1.167.1 + github.com/aws/aws-sdk-go-v2/service/ec2 v1.168.0 github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.33.1 github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.23.1 - github.com/aws/aws-sdk-go-v2/service/s3 v1.57.1 + github.com/aws/aws-sdk-go-v2/service/s3 v1.58.0 github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.32.1 github.com/aws/smithy-go v1.20.3 github.com/bazelbuild/buildtools v0.0.0-20240626162158-92a716d768c0 @@ -72,7 +72,7 @@ require ( github.com/google/go-tpm-tools v0.4.4 github.com/google/uuid v1.6.0 github.com/googleapis/gax-go/v2 v2.12.5 - github.com/gophercloud/gophercloud v1.12.0 + github.com/gophercloud/gophercloud v1.13.0 github.com/gophercloud/utils v0.0.0-20231010081019-80377eca5d56 github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.1.0 github.com/hashicorp/go-kms-wrapping/v2 v2.0.16 @@ -84,11 +84,11 @@ require ( github.com/hashicorp/hcl/v2 v2.21.0 github.com/hashicorp/terraform-exec v0.21.0 github.com/hashicorp/terraform-json v0.22.1 - github.com/hashicorp/terraform-plugin-framework v1.9.0 - github.com/hashicorp/terraform-plugin-framework-validators v0.12.0 + github.com/hashicorp/terraform-plugin-framework v1.10.0 + github.com/hashicorp/terraform-plugin-framework-validators v0.13.0 github.com/hashicorp/terraform-plugin-go v0.23.0 github.com/hashicorp/terraform-plugin-log v0.9.0 - github.com/hashicorp/terraform-plugin-testing v1.8.0 + github.com/hashicorp/terraform-plugin-testing v1.9.0 github.com/hexops/gotextdiff v1.0.3 github.com/martinjungblut/go-cryptsetup v0.0.0-20220520180014-fd0874fd07a6 github.com/mattn/go-isatty v0.0.20 @@ -114,14 +114,14 @@ require ( go.etcd.io/etcd/client/pkg/v3 v3.5.14 go.etcd.io/etcd/client/v3 v3.5.14 go.uber.org/goleak v1.3.0 - golang.org/x/crypto v0.24.0 - golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 - golang.org/x/mod v0.18.0 - golang.org/x/sys v0.21.0 + golang.org/x/crypto v0.25.0 + golang.org/x/exp v0.0.0-20240707233637-46b078467d37 + golang.org/x/mod v0.19.0 + golang.org/x/sys v0.22.0 golang.org/x/text v0.16.0 - golang.org/x/tools v0.22.0 - google.golang.org/api v0.187.0 - google.golang.org/grpc v1.64.1 + golang.org/x/tools v0.23.0 + google.golang.org/api v0.188.0 + google.golang.org/grpc v1.65.0 google.golang.org/protobuf v1.34.2 gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.15.2 @@ -142,10 +142,10 @@ require ( require ( cloud.google.com/go v0.115.0 // indirect - cloud.google.com/go/auth v0.6.1 // indirect + cloud.google.com/go/auth v0.7.0 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect - cloud.google.com/go/iam v1.1.8 // indirect - cloud.google.com/go/longrunning v0.5.7 // indirect + cloud.google.com/go/iam v1.1.10 // indirect + cloud.google.com/go/longrunning v0.5.9 // indirect github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0 // indirect @@ -182,12 +182,12 @@ require ( github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.15 // indirect github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.13 // indirect github.com/aws/aws-sdk-go-v2/service/sso v1.22.1 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.1 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.2 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.30.1 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver v3.5.1+incompatible // indirect github.com/blang/semver/v4 v4.0.0 // indirect - github.com/cespare/xxhash/v2 v2.2.0 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/chai2010/gettext-go v1.0.2 // indirect github.com/cloudflare/circl v1.3.7 // indirect github.com/containerd/containerd v1.7.12 // indirect @@ -266,7 +266,7 @@ require ( github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6 // indirect github.com/hashicorp/go-uuid v1.0.3 // indirect github.com/hashicorp/logutils v1.0.0 // indirect - github.com/hashicorp/terraform-plugin-sdk/v2 v2.33.0 // indirect + github.com/hashicorp/terraform-plugin-sdk/v2 v2.34.0 // indirect github.com/hashicorp/terraform-registry-address v0.2.3 // indirect github.com/hashicorp/terraform-svchost v0.1.1 // indirect github.com/hashicorp/yamux v0.1.1 // indirect @@ -350,16 +350,16 @@ require ( go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect - golang.org/x/net v0.26.0 // indirect + golang.org/x/net v0.27.0 // indirect golang.org/x/oauth2 v0.21.0 // indirect golang.org/x/sync v0.7.0 // indirect - golang.org/x/term v0.21.0 // indirect + golang.org/x/term v0.22.0 // indirect golang.org/x/time v0.5.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.8 // indirect - google.golang.org/genproto v0.0.0-20240624140628-dc46fd24d27d // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240624140628-dc46fd24d27d // indirect + google.golang.org/genproto v0.0.0-20240708141625-4ad9e859172b // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240708141625-4ad9e859172b // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect k8s.io/cli-runtime v0.30.0 // indirect diff --git a/go.sum b/go.sum index b95267fa6..689362164 100644 --- a/go.sum +++ b/go.sum @@ -1,24 +1,24 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.115.0 h1:CnFSK6Xo3lDYRoBKEcAtia6VSC837/ZkJuRduSFnr14= cloud.google.com/go v0.115.0/go.mod h1:8jIM5vVgoAEoiVxQ/O4BFTfHqulPZgs/ufEzMcFMdWU= -cloud.google.com/go/auth v0.6.1 h1:T0Zw1XM5c1GlpN2HYr2s+m3vr1p2wy+8VN+Z1FKxW38= -cloud.google.com/go/auth v0.6.1/go.mod h1:eFHG7zDzbXHKmjJddFG/rBlcGp6t25SwRUiEQSlO4x4= +cloud.google.com/go/auth v0.7.0 h1:kf/x9B3WTbBUHkC+1VS8wwwli9TzhSt0vSTVBmMR8Ts= +cloud.google.com/go/auth v0.7.0/go.mod h1:D+WqdrpcjmiCgWrXmLLxOVq1GACoE36chW6KXoEvuIw= cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4= cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= cloud.google.com/go/compute v1.27.2 h1:5cE5hdrwJV/92ravlwIFRGnyH9CpLGhh4N0ZDVTU+BA= cloud.google.com/go/compute v1.27.2/go.mod h1:YQuHkNEwP3bIz4LBYQqf4DIMfFtTDtnEgnwG0mJQQ9I= cloud.google.com/go/compute/metadata v0.4.0 h1:vHzJCWaM4g8XIcm8kopr3XmDA4Gy/lblD3EhhSux05c= cloud.google.com/go/compute/metadata v0.4.0/go.mod h1:SIQh1Kkb4ZJ8zJ874fqVkslA29PRXuleyj6vOzlbK7M= -cloud.google.com/go/iam v1.1.8 h1:r7umDwhj+BQyz0ScZMp4QrGXjSTI3ZINnpgU2nlB/K0= -cloud.google.com/go/iam v1.1.8/go.mod h1:GvE6lyMmfxXauzNq8NbgJbeVQNspG+tcdL/W8QO1+zE= +cloud.google.com/go/iam v1.1.10 h1:ZSAr64oEhQSClwBL670MsJAW5/RLiC6kfw3Bqmd5ZDI= +cloud.google.com/go/iam v1.1.10/go.mod h1:iEgMq62sg8zx446GCaijmA2Miwg5o3UbO+nI47WHJps= cloud.google.com/go/kms v1.18.2 h1:EGgD0B9k9tOOkbPhYW1PHo2W0teamAUYMOUIcDRMfPk= cloud.google.com/go/kms v1.18.2/go.mod h1:YFz1LYrnGsXARuRePL729oINmN5J/5e7nYijgvfiIeY= -cloud.google.com/go/longrunning v0.5.7 h1:WLbHekDbjK1fVFD3ibpFFVoyizlLRl73I7YKuAKilhU= -cloud.google.com/go/longrunning v0.5.7/go.mod h1:8GClkudohy1Fxm3owmBGid8W0pSgodEMwEAztp38Xng= +cloud.google.com/go/longrunning v0.5.9 h1:haH9pAuXdPAMqHvzX0zlWQigXT7B0+CL4/2nXXdBo5k= +cloud.google.com/go/longrunning v0.5.9/go.mod h1:HD+0l9/OOW0za6UWdKJtXoFAX/BGg/3Wj8p10NeWF7c= cloud.google.com/go/secretmanager v1.13.3 h1:VqUVYY3U6uFXOhPdZgAoZH9m8E6p7eK02TsDRj2SBf4= cloud.google.com/go/secretmanager v1.13.3/go.mod h1:e45+CxK0w6GaL4hS+KabgQskl4RdSS30b+HRf0TH0kk= -cloud.google.com/go/storage v1.42.0 h1:4QtGpplCVt1wz6g5o1ifXd656P5z+yNgzdw1tVfp0cU= -cloud.google.com/go/storage v1.42.0/go.mod h1:HjMXRFq65pGKFn6hxj6x3HCyR41uSB72Z0SO/Vn6JFQ= +cloud.google.com/go/storage v1.43.0 h1:CcxnSohZwizt4LCzQHWvBf1/kvtHUn7gk9QERXPyXFs= +cloud.google.com/go/storage v1.43.0/go.mod h1:ajvxEa7WmZS1PxvKRq4bq0tFT3vMd502JwstCcYv0Q0= dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= @@ -119,20 +119,20 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/aws/aws-sdk-go v1.30.27/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= -github.com/aws/aws-sdk-go v1.54.12 h1:xPDB+GSBZq0rJbmDZF+EyfMbnWRyfEPcn7PZ7bJjXSw= -github.com/aws/aws-sdk-go v1.54.12/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go v1.54.17 h1:ZV/qwcCIhMHgsJ6iXXPVYI0s1MdLT+5LW28ClzCUPeI= +github.com/aws/aws-sdk-go v1.54.17/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/aws/aws-sdk-go-v2 v1.30.1 h1:4y/5Dvfrhd1MxRDD77SrfsDaj8kUkkljU7XE83NPV+o= github.com/aws/aws-sdk-go-v2 v1.30.1/go.mod h1:nIQjQVp5sfpQcTc9mPSr1B0PaWK5ByX9MOoDadSN4lc= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.3 h1:tW1/Rkad38LA15X4UQtjXZXNKsCgkshC3EbmcUmghTg= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.3/go.mod h1:UbnqO+zjqk3uIt9yCACHJ9IVNhyhOCnYk8yA19SAWrM= -github.com/aws/aws-sdk-go-v2/config v1.27.23 h1:Cr/gJEa9NAS7CDAjbnB7tHYb3aLZI2gVggfmSAasDac= -github.com/aws/aws-sdk-go-v2/config v1.27.23/go.mod h1:WMMYHqLCFu5LH05mFOF5tsq1PGEMfKbu083VKqLCd0o= -github.com/aws/aws-sdk-go-v2/credentials v1.17.23 h1:G1CfmLVoO2TdQ8z9dW+JBc/r8+MqyPQhXCafNZcXVZo= -github.com/aws/aws-sdk-go-v2/credentials v1.17.23/go.mod h1:V/DvSURn6kKgcuKEk4qwSwb/fZ2d++FFARtWSbXnLqY= +github.com/aws/aws-sdk-go-v2/config v1.27.24 h1:NM9XicZ5o1CBU/MZaHwFtimRpWx9ohAUAqkG6AqSqPo= +github.com/aws/aws-sdk-go-v2/config v1.27.24/go.mod h1:aXzi6QJTuQRVVusAO8/NxpdTeTyr/wRcybdDtfUwJSs= +github.com/aws/aws-sdk-go-v2/credentials v1.17.24 h1:YclAsrnb1/GTQNt2nzv+756Iw4mF8AOzcDfweWwwm/M= +github.com/aws/aws-sdk-go-v2/credentials v1.17.24/go.mod h1:Hld7tmnAkoBQdTMNYZGzztzKRdA4fCdn9L83LOoigac= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.9 h1:Aznqksmd6Rfv2HQN9cpqIV/lQRMaIpJkLLaJ1ZI76no= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.9/go.mod h1:WQr3MY7AxGNxaqAtsDWn+fBxmd4XvLkzeqQ8P1VM0/w= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.3 h1:J2mHCzCeDQNfBOas73ARi4/CsLm0wYpQ3Itll8dPDBQ= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.3/go.mod h1:6rYGWnaLHD+WRF4E709VW+HEEJPKZbNdjHgq9osFXuE= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.5 h1:qkipTyOc+ElVS+TgGJCf/6gqu0CL5+ii19W/eMQfY94= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.5/go.mod h1:UjB35RXl+ESpnVtyaKqdw11NhMxm90lF9o2zqJNbi14= github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.13 h1:5SAoZ4jYpGH4721ZNoS1znQrhOfZinOhc4XuTXx/nVc= github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.13/go.mod h1:+rdA6ZLpaSeM7tSg/B0IEDinCIBJGmW8rKDFkYpP04g= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.13 h1:WIijqeaAO7TYFLbhsZmi2rgLEAtWOC1LhxCAVTJlSKw= @@ -145,8 +145,8 @@ github.com/aws/aws-sdk-go-v2/service/autoscaling v1.43.1 h1:nV3iVzSwz69etCRlmifz github.com/aws/aws-sdk-go-v2/service/autoscaling v1.43.1/go.mod h1:SR3acVqfWMo5J4hI3WHHP0+cgC5yvEVjG9PJXtbOqQg= github.com/aws/aws-sdk-go-v2/service/cloudfront v1.38.2 h1:TMeILwDLX08G1Ws+jJIlzjqxWxPHdVjHgrbq+joq28s= github.com/aws/aws-sdk-go-v2/service/cloudfront v1.38.2/go.mod h1:bwqYM+9SeyLaryGx6R3ssp3d0CZvAvDrvUe3GCHZ1oM= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.167.1 h1:194kHl9h0FnIZ9PTWeBiAYVX8lKYJ9OT3rZXFM79X2M= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.167.1/go.mod h1:CtLD6CPq9z9dyMxV+H6/M5d9+/ea3dO80um029GXqV0= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.168.0 h1:xOPq0agGC1WMZvFpSZCKEjDVAQnLPZJZGvjuPVF2t9M= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.168.0/go.mod h1:CtLD6CPq9z9dyMxV+H6/M5d9+/ea3dO80um029GXqV0= github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.33.1 h1:XuwjSEGfLxo6UJtpJVy/E80GpE1gNclDBv5k1nTQcCs= github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.33.1/go.mod h1:74D8OQ00uEvvpuG5e4VX+/2v3MC2pltRtzNyXJnEjrI= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 h1:dT3MqvGhSoaIhRseqw2I0yH81l7wiR2vjs57O51EAm8= @@ -159,14 +159,14 @@ github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.13 h1:Eq2THzHt6P41m github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.13/go.mod h1:FgwTca6puegxgCInYwGjmd4tB9195Dd6LCuA+8MjpWw= github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.23.1 h1:FW82vjO+OizFvwSYsSVXVnkt11+zuRXFFPXBUDqFl5U= github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.23.1/go.mod h1:v8G7VgEsStrvK8Wu0UdJjhnIaU1Rvnikwz3IAv0027w= -github.com/aws/aws-sdk-go-v2/service/s3 v1.57.1 h1:aHPtNY87GZ214N4rShgIo+5JQz7ICrJ50i17JbueUTw= -github.com/aws/aws-sdk-go-v2/service/s3 v1.57.1/go.mod h1:hdV0NTYd0RwV4FvNKhKUNbPLZoq9CTr/lke+3I7aCAI= +github.com/aws/aws-sdk-go-v2/service/s3 v1.58.0 h1:4rhV0Hn+bf8IAIUphRX1moBcEvKJipCPmswMCl6Q5mw= +github.com/aws/aws-sdk-go-v2/service/s3 v1.58.0/go.mod h1:hdV0NTYd0RwV4FvNKhKUNbPLZoq9CTr/lke+3I7aCAI= github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.32.1 h1:ZoYRD8IJqPkzjBnpokiMNO6L/DQprtpVpD6k0YSaF5U= github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.32.1/go.mod h1:GlRarZzIMl9VDi0mLQt+qQOuEkVFPnTkkjyugV1uVa8= github.com/aws/aws-sdk-go-v2/service/sso v1.22.1 h1:p1GahKIjyMDZtiKoIn0/jAj/TkMzfzndDv5+zi2Mhgc= github.com/aws/aws-sdk-go-v2/service/sso v1.22.1/go.mod h1:/vWdhoIoYA5hYoPZ6fm7Sv4d8701PiG5VKe8/pPJL60= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.1 h1:lCEv9f8f+zJ8kcFeAjRZsekLd/x5SAm96Cva+VbUdo8= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.1/go.mod h1:xyFHA4zGxgYkdD73VeezHt3vSKEG9EmFnGwoKlP00u4= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.2 h1:ORnrOK0C4WmYV/uYt3koHEWBLYsRDwk2Np+eEoyV4Z0= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.2/go.mod h1:xyFHA4zGxgYkdD73VeezHt3vSKEG9EmFnGwoKlP00u4= github.com/aws/aws-sdk-go-v2/service/sts v1.30.1 h1:+woJ607dllHJQtsnJLi52ycuqHMwlW+Wqm2Ppsfp4nQ= github.com/aws/aws-sdk-go-v2/service/sts v1.30.1/go.mod h1:jiNR3JqT15Dm+QWq2SRgh0x0bCNSRP2L25+CqPNpJlQ= github.com/aws/smithy-go v1.20.3 h1:ryHwveWzPV5BIof6fyDvor6V3iUL7nTfiTKXHiW05nE= @@ -196,8 +196,8 @@ github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3k github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= -github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk= github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= @@ -453,8 +453,8 @@ github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksP github.com/googleapis/gax-go/v2 v2.12.5 h1:8gw9KZK8TiVKB6q3zHY3SBzLnrGp6HQjyfYBYGmXdxA= github.com/googleapis/gax-go/v2 v2.12.5/go.mod h1:BUDKcWo+RaKq5SC9vVYL0wLADa3VcfswbOMMRmB9H3E= github.com/gophercloud/gophercloud v1.3.0/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM= -github.com/gophercloud/gophercloud v1.12.0 h1:Jrz16vPAL93l80q16fp8NplrTCp93y7rZh2P3Q4Yq7g= -github.com/gophercloud/gophercloud v1.12.0/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM= +github.com/gophercloud/gophercloud v1.13.0 h1:8iY9d1DAbzMW6Vok1AxbbK5ZaUjzMp0tdyt4fX9IeJ0= +github.com/gophercloud/gophercloud v1.13.0/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM= github.com/gophercloud/utils v0.0.0-20231010081019-80377eca5d56 h1:sH7xkTfYzxIEgzq1tDHIMKRh1vThOEOGNsettdEeLbE= github.com/gophercloud/utils v0.0.0-20231010081019-80377eca5d56/go.mod h1:VSalo4adEk+3sNkmVJLnhHoOyOYYS8sTWLG4mv5BKto= github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4= @@ -519,18 +519,18 @@ github.com/hashicorp/terraform-exec v0.21.0 h1:uNkLAe95ey5Uux6KJdua6+cv8asgILFVW github.com/hashicorp/terraform-exec v0.21.0/go.mod h1:1PPeMYou+KDUSSeRE9szMZ/oHf4fYUmB923Wzbq1ICg= github.com/hashicorp/terraform-json v0.22.1 h1:xft84GZR0QzjPVWs4lRUwvTcPnegqlyS7orfb5Ltvec= github.com/hashicorp/terraform-json v0.22.1/go.mod h1:JbWSQCLFSXFFhg42T7l9iJwdGXBYV8fmmD6o/ML4p3A= -github.com/hashicorp/terraform-plugin-framework v1.9.0 h1:caLcDoxiRucNi2hk8+j3kJwkKfvHznubyFsJMWfZqKU= -github.com/hashicorp/terraform-plugin-framework v1.9.0/go.mod h1:qBXLDn69kM97NNVi/MQ9qgd1uWWsVftGSnygYG1tImM= -github.com/hashicorp/terraform-plugin-framework-validators v0.12.0 h1:HOjBuMbOEzl7snOdOoUfE2Jgeto6JOjLVQ39Ls2nksc= -github.com/hashicorp/terraform-plugin-framework-validators v0.12.0/go.mod h1:jfHGE/gzjxYz6XoUwi/aYiiKrJDeutQNUtGQXkaHklg= +github.com/hashicorp/terraform-plugin-framework v1.10.0 h1:xXhICE2Fns1RYZxEQebwkB2+kXouLC932Li9qelozrc= +github.com/hashicorp/terraform-plugin-framework v1.10.0/go.mod h1:qBXLDn69kM97NNVi/MQ9qgd1uWWsVftGSnygYG1tImM= +github.com/hashicorp/terraform-plugin-framework-validators v0.13.0 h1:bxZfGo9DIUoLLtHMElsu+zwqI4IsMZQBRRy4iLzZJ8E= +github.com/hashicorp/terraform-plugin-framework-validators v0.13.0/go.mod h1:wGeI02gEhj9nPANU62F2jCaHjXulejm/X+af4PdZaNo= github.com/hashicorp/terraform-plugin-go v0.23.0 h1:AALVuU1gD1kPb48aPQUjug9Ir/125t+AAurhqphJ2Co= github.com/hashicorp/terraform-plugin-go v0.23.0/go.mod h1:1E3Cr9h2vMlahWMbsSEcNrOCxovCZhOOIXjFHbjc/lQ= github.com/hashicorp/terraform-plugin-log v0.9.0 h1:i7hOA+vdAItN1/7UrfBqBwvYPQ9TFvymaRGZED3FCV0= github.com/hashicorp/terraform-plugin-log v0.9.0/go.mod h1:rKL8egZQ/eXSyDqzLUuwUYLVdlYeamldAHSxjUFADow= -github.com/hashicorp/terraform-plugin-sdk/v2 v2.33.0 h1:qHprzXy/As0rxedphECBEQAh3R4yp6pKksKHcqZx5G8= -github.com/hashicorp/terraform-plugin-sdk/v2 v2.33.0/go.mod h1:H+8tjs9TjV2w57QFVSMBQacf8k/E1XwLXGCARgViC6A= -github.com/hashicorp/terraform-plugin-testing v1.8.0 h1:wdYIgwDk4iO933gC4S8KbKdnMQShu6BXuZQPScmHvpk= -github.com/hashicorp/terraform-plugin-testing v1.8.0/go.mod h1:o2kOgf18ADUaZGhtOl0YCkfIxg01MAiMATT2EtIHlZk= +github.com/hashicorp/terraform-plugin-sdk/v2 v2.34.0 h1:kJiWGx2kiQVo97Y5IOGR4EMcZ8DtMswHhUuFibsCQQE= +github.com/hashicorp/terraform-plugin-sdk/v2 v2.34.0/go.mod h1:sl/UoabMc37HA6ICVMmGO+/0wofkVIRxf+BMb/dnoIg= +github.com/hashicorp/terraform-plugin-testing v1.9.0 h1:xOsQRqqlHKXpFq6etTxih3ubdK3HVDtfE1IY7Rpd37o= +github.com/hashicorp/terraform-plugin-testing v1.9.0/go.mod h1:fhhVx/8+XNJZTD5o3b4stfZ6+q7z9+lIWigIYdT6/44= github.com/hashicorp/terraform-registry-address v0.2.3 h1:2TAiKJ1A3MAkZlH1YI/aTVcLZRu7JseiXNRHbOAyoTI= github.com/hashicorp/terraform-registry-address v0.2.3/go.mod h1:lFHA76T8jfQteVfT7caREqguFrW3c4MFSPhZB7HHgUM= github.com/hashicorp/terraform-svchost v0.1.1 h1:EZZimZ1GxdqFRinZ1tpJwVxxt49xc/S52uzrw4x0jKQ= @@ -892,11 +892,11 @@ golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= -golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= -golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= +golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= +golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 h1:yixxcjnhBmY0nkL253HFVIm0JsFHwrHdT3Yh6szTnfY= -golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI= +golang.org/x/exp v0.0.0-20240707233637-46b078467d37 h1:uLDX+AfeFCct3a2C7uIWBKMJIR3CJMhcgfrUAqjRK6w= +golang.org/x/exp v0.0.0-20240707233637-46b078467d37/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= @@ -904,8 +904,8 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0= -golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8= +golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -924,8 +924,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= -golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= +golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= +golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= @@ -970,8 +970,8 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= -golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= +golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -980,8 +980,8 @@ golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= -golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= -golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= +golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk= +golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -1006,18 +1006,16 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA= -golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c= +golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg= +golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 h1:+cNy6SZtPcJQH3LJVLOSmiC7MMxXNOb3PU/VUEz+EhU= -golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/api v0.187.0 h1:Mxs7VATVC2v7CY+7Xwm4ndkX71hpElcvx0D1Ji/p1eo= -google.golang.org/api v0.187.0/go.mod h1:KIHlTc4x7N7gKKuVsdmfBXN13yEEWXWFURWY6SBp2gk= +google.golang.org/api v0.188.0 h1:51y8fJ/b1AaaBRJr4yWm96fPcuxSo0JcegXE3DaHQHw= +google.golang.org/api v0.188.0/go.mod h1:VR0d+2SIiWOYG3r/jdm7adPW9hI2aRv9ETOSCQ9Beag= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= @@ -1025,19 +1023,19 @@ google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJ google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20240624140628-dc46fd24d27d h1:PksQg4dV6Sem3/HkBX+Ltq8T0ke0PKIRBNBatoDTVls= -google.golang.org/genproto v0.0.0-20240624140628-dc46fd24d27d/go.mod h1:s7iA721uChleev562UJO2OYB0PPT9CMFjV+Ce7VJH5M= -google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4 h1:MuYw1wJzT+ZkybKfaOXKp5hJiZDn2iHaXRw0mRYdHSc= -google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4/go.mod h1:px9SlOOZBg1wM1zdnr8jEL4CNGUBZ+ZKYtNPApNQc4c= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240624140628-dc46fd24d27d h1:k3zyW3BYYR30e8v3x0bTDdE9vpYFjZHK+HcyqkrppWk= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240624140628-dc46fd24d27d/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= +google.golang.org/genproto v0.0.0-20240708141625-4ad9e859172b h1:dSTjko30weBaMj3eERKc0ZVXW4GudCswM3m+P++ukU0= +google.golang.org/genproto v0.0.0-20240708141625-4ad9e859172b/go.mod h1:FfBgJBJg9GcpPvKIuHSZ/aE1g2ecGL74upMzGZjiGEY= +google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 h1:0+ozOGcrp+Y8Aq8TLNN2Aliibms5LEzsq99ZZmAGYm0= +google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094/go.mod h1:fJ/e3If/Q67Mj99hin0hMhiNyCRmt6BQ2aWIJshUSJw= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240708141625-4ad9e859172b h1:04+jVzTs2XBnOZcPsLnmrTGqltqJbZQ1Ey26hjYdQQ0= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240708141625-4ad9e859172b/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.64.1 h1:LKtvyfbX3UGVPFcGqJ9ItpVWW6oN/2XqTxfAnwRRXiA= -google.golang.org/grpc v1.64.1/go.mod h1:hiQF4LFZelK2WKaP6W0L92zGHtiQdZxk8CrSdvyjeP0= +google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc= +google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= diff --git a/hack/tools/go.mod b/hack/tools/go.mod index 539665516..42e88a0a6 100644 --- a/hack/tools/go.mod +++ b/hack/tools/go.mod @@ -6,7 +6,7 @@ require ( github.com/google/go-licenses v1.6.0 github.com/google/keep-sorted v0.4.0 github.com/katexochen/sh/v3 v3.8.0 - golang.org/x/tools v0.22.0 + golang.org/x/tools v0.23.0 golang.org/x/vuln v1.1.2 ) @@ -35,14 +35,14 @@ require ( github.com/stretchr/testify v1.8.4 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect go.opencensus.io v0.24.0 // indirect - golang.org/x/crypto v0.24.0 // indirect + golang.org/x/crypto v0.25.0 // indirect golang.org/x/exp v0.0.0-20240213143201-ec583247a57a // indirect - golang.org/x/mod v0.18.0 // indirect - golang.org/x/net v0.26.0 // indirect + golang.org/x/mod v0.19.0 // indirect + golang.org/x/net v0.27.0 // indirect golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.21.0 // indirect + golang.org/x/sys v0.22.0 // indirect golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7 // indirect - golang.org/x/term v0.21.0 // indirect + golang.org/x/term v0.22.0 // indirect golang.org/x/text v0.16.0 // indirect google.golang.org/protobuf v1.33.0 // indirect gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect diff --git a/hack/tools/go.sum b/hack/tools/go.sum index 9a72bfc0d..adda023de 100644 --- a/hack/tools/go.sum +++ b/hack/tools/go.sum @@ -343,8 +343,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= -golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= -golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= +golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= +golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -384,8 +384,8 @@ golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0= -golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8= +golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -432,8 +432,8 @@ golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= -golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= -golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= +golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= +golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -542,16 +542,16 @@ golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= -golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= +golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7 h1:FemxDzfMUcK2f3YY4H+05K9CDzbSVr2+q/JKN45pey0= golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= -golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= -golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= +golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk= +golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -623,8 +623,8 @@ golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k= -golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA= -golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c= +golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg= +golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= golang.org/x/vuln v1.1.2 h1:UkLxe+kAMcrNBpGrFbU0Mc5l7cX97P2nhy21wx5+Qbk= golang.org/x/vuln v1.1.2/go.mod h1:2o3fRKD8Uz9AraAL3lwd/grWBv+t+SeJnPcqBUJrY24= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From a6b0885f189ef3dd36ab0ab732a07d57b8ffc491 Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Wed, 10 Jul 2024 10:55:48 +0200 Subject: [PATCH 152/380] dev-docs: set an MTU on the VPN route (#3239) --- dev-docs/howto/vpn/helm/templates/_helpers.tpl | 2 ++ dev-docs/howto/vpn/helm/values.yaml | 6 +++++- nix/container/vpn/sidecar.sh | 9 ++++++++- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/dev-docs/howto/vpn/helm/templates/_helpers.tpl b/dev-docs/howto/vpn/helm/templates/_helpers.tpl index a5218b3ee..ab8a91e66 100644 --- a/dev-docs/howto/vpn/helm/templates/_helpers.tpl +++ b/dev-docs/howto/vpn/helm/templates/_helpers.tpl @@ -39,4 +39,6 @@ app.kubernetes.io/instance: {{ .Release.Name }} value: {{ .Values.serviceCIDR | quote }} - name: VPN_FRONTEND_POD value: {{ include "..fullname" . }}-frontend-0 +- name: VPN_MTU + value: {{ .Values.mtu | quote }} {{- end }} diff --git a/dev-docs/howto/vpn/helm/values.yaml b/dev-docs/howto/vpn/helm/values.yaml index 13281c917..607a2775d 100644 --- a/dev-docs/howto/vpn/helm/values.yaml +++ b/dev-docs/howto/vpn/helm/values.yaml @@ -8,6 +8,10 @@ serviceCIDR: "10.96.0.0/12" # on-prem IP ranges to expose to Constellation. Must contain at least one CIDR. peerCIDRs: [] +# MTU to set on the VPN route. Leave empty if path MTU discovery is supported end-to-end. +# See also https://docs.strongswan.org/docs/5.9/howtos/forwarding.html#_mtumss_issues. +mtu: 1300 + # IPSec configuration ipsec: # pre-shared key used for authentication @@ -15,4 +19,4 @@ ipsec: # Address of the peer's gateway router. peer: "" -image: "ghcr.io/edgelesssys/constellation/vpn@sha256:34e28ced172d04dfdadaadbefb1a53b5857cb24fb24e275fbbc537f3639a789e" +image: "ghcr.io/edgelesssys/constellation/vpn@sha256:88b6a0265052cb0a68d20d9b20e0d42ef15e7a80e5f71201ecf32e004de2356e" diff --git a/nix/container/vpn/sidecar.sh b/nix/container/vpn/sidecar.sh index c6720f41b..a77c8bc7a 100755 --- a/nix/container/vpn/sidecar.sh +++ b/nix/container/vpn/sidecar.sh @@ -30,10 +30,17 @@ reconcile_sip_verification() { fi } +optional_mtu() { + if [ -n "${VPN_MTU}" ]; then + printf "mtu %s" "${VPN_MTU}" + fi +} + # Set up the route from the node network namespace to the VPN pod. reconcile_route() { for cidr in ${VPN_PEER_CIDRS}; do - nsenter -t 1 -n ip route replace "${cidr}" via "$(myip)" + # shellcheck disable=SC2046 # Word splitting is intentional here. + nsenter -t 1 -n ip route replace "${cidr}" via "$(myip)" $(optional_mtu) done } From 6c249635705d52299a92d6b97ae54de521bcd317 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Wed, 10 Jul 2024 12:59:02 +0200 Subject: [PATCH 153/380] attestationconfigapi: revise upload frequency (#3238) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Add attestationconfigapi compare command * Only upload the lowest version for each verify test --------- Signed-off-by: Daniel Weiße --- .github/actions/e2e_verify/action.yml | 16 ++- .../api/attestationconfigapi/cli/BUILD.bazel | 1 + .../cli/client/reporter.go | 40 +++---- .../api/attestationconfigapi/cli/compare.go | 101 ++++++++++++++++++ .../api/attestationconfigapi/cli/delete.go | 6 +- internal/api/attestationconfigapi/cli/main.go | 8 +- .../api/attestationconfigapi/cli/upload.go | 20 ++-- .../api/attestationconfigapi/cli/validargs.go | 11 +- 8 files changed, 153 insertions(+), 50 deletions(-) create mode 100644 internal/api/attestationconfigapi/cli/compare.go diff --git a/.github/actions/e2e_verify/action.yml b/.github/actions/e2e_verify/action.yml index 07abb7a88..6b0bcf885 100644 --- a/.github/actions/e2e_verify/action.yml +++ b/.github/actions/e2e_verify/action.yml @@ -94,13 +94,11 @@ runs: COSIGN_PASSWORD: ${{ inputs.cosignPassword }} COSIGN_PRIVATE_KEY: ${{ inputs.cosignPrivateKey }} run: | - reports=(attestation-report-*.json) - if [ -z ${#reports[@]} ]; then - exit 1 - fi + reports=attestation-report-*.json - for file in "${reports[@]}"; do - path=$(realpath "${file}") - cat "${path}" - bazel run //internal/api/attestationconfigapi/cli -- upload ${{ inputs.attestationVariant }} attestation-report "${path}" - done + report=$(bazel run //internal/api/attestationconfigapi/cli -- compare ${{ inputs.attestationVariant }} ${reports}) + + path=$(realpath "${report}") + cat "${path}" + + bazel run //internal/api/attestationconfigapi/cli -- upload ${{ inputs.attestationVariant }} attestation-report "${path}" diff --git a/internal/api/attestationconfigapi/cli/BUILD.bazel b/internal/api/attestationconfigapi/cli/BUILD.bazel index 32ec8ec2b..df2856aeb 100644 --- a/internal/api/attestationconfigapi/cli/BUILD.bazel +++ b/internal/api/attestationconfigapi/cli/BUILD.bazel @@ -10,6 +10,7 @@ go_binary( go_library( name = "cli_lib", srcs = [ + "compare.go", "delete.go", "main.go", "upload.go", diff --git a/internal/api/attestationconfigapi/cli/client/reporter.go b/internal/api/attestationconfigapi/cli/client/reporter.go index 7e40d6a3e..295c7b2b7 100644 --- a/internal/api/attestationconfigapi/cli/client/reporter.go +++ b/internal/api/attestationconfigapi/cli/client/reporter.go @@ -31,6 +31,25 @@ func reportVersionDir(attestation variant.Variant) string { return path.Join(attestationconfigapi.AttestationURLPath, attestation.String(), cachedVersionsSubDir) } +// IsInputNewerThanOtherVersion compares the input version with the other version and returns true if the input version is newer. +// This function panics if the input versions are not TDX or SEV-SNP versions. +func IsInputNewerThanOtherVersion(variant variant.Variant, inputVersion, otherVersion any) bool { + var result bool + actionForVariant(variant, + func() { + input := inputVersion.(attestationconfigapi.TDXVersion) + other := otherVersion.(attestationconfigapi.TDXVersion) + result = isInputNewerThanOtherTDXVersion(input, other) + }, + func() { + input := inputVersion.(attestationconfigapi.SEVSNPVersion) + other := otherVersion.(attestationconfigapi.SEVSNPVersion) + result = isInputNewerThanOtherSEVSNPVersion(input, other) + }, + ) + return result +} + // UploadLatestVersion saves the given version to the cache, determines the smallest // TCB version in the cache among the last cacheWindowSize versions and updates // the latest version in the API if there is an update. @@ -90,7 +109,7 @@ func (c Client) UploadLatestVersion( } c.log.Info(fmt.Sprintf("Found minimal version: %+v with date: %s", minVersion, minDate)) - if !isInputNewerThanOtherVersion(attestationVariant, minVersion, latestVersionInAPI) { + if !IsInputNewerThanOtherVersion(attestationVariant, minVersion, latestVersionInAPI) { c.log.Info(fmt.Sprintf("Input version: %+v is not newer than latest API version: %+v. Skipping list update", minVersion, latestVersionInAPI)) return ErrNoNewerVersion } @@ -200,7 +219,7 @@ func findMinimalVersion[T attestationconfigapi.TDXVersion | attestationconfigapi // If the current minimal version has newer versions than the one we just fetched, // update the minimal version to the older version. - if isInputNewerThanOtherVersion(variant, *minimalVersion, obj.getVersion()) { + if IsInputNewerThanOtherVersion(variant, *minimalVersion, obj.getVersion()) { v := obj.getVersion().(T) minimalVersion = &v minimalDate = date @@ -210,23 +229,6 @@ func findMinimalVersion[T attestationconfigapi.TDXVersion | attestationconfigapi return *minimalVersion, minimalDate, nil } -func isInputNewerThanOtherVersion(variant variant.Variant, inputVersion, otherVersion any) bool { - var result bool - actionForVariant(variant, - func() { - input := inputVersion.(attestationconfigapi.TDXVersion) - other := otherVersion.(attestationconfigapi.TDXVersion) - result = isInputNewerThanOtherTDXVersion(input, other) - }, - func() { - input := inputVersion.(attestationconfigapi.SEVSNPVersion) - other := otherVersion.(attestationconfigapi.SEVSNPVersion) - result = isInputNewerThanOtherSEVSNPVersion(input, other) - }, - ) - return result -} - type apiVersionObject struct { version string `json:"-"` variant variant.Variant `json:"-"` diff --git a/internal/api/attestationconfigapi/cli/compare.go b/internal/api/attestationconfigapi/cli/compare.go new file mode 100644 index 000000000..49988fefb --- /dev/null +++ b/internal/api/attestationconfigapi/cli/compare.go @@ -0,0 +1,101 @@ +/* +Copyright (c) Edgeless Systems GmbH + +SPDX-License-Identifier: AGPL-3.0-only +*/ +package main + +import ( + "fmt" + "os" + "slices" + + "github.com/edgelesssys/constellation/v2/internal/api/attestationconfigapi/cli/client" + "github.com/edgelesssys/constellation/v2/internal/attestation/variant" + "github.com/edgelesssys/constellation/v2/internal/file" + "github.com/edgelesssys/constellation/v2/internal/verify" + "github.com/google/go-tdx-guest/proto/tdx" + "github.com/spf13/afero" + "github.com/spf13/cobra" +) + +func newCompareCmd() *cobra.Command { + cmd := &cobra.Command{ + Use: "compare VARIANT FILE [FILE...]", + Short: "Returns the minimum version of all given attestation reports.", + Long: "Compare a list of attestation reports and return the report with the minimum version.", + Example: "cli compare azure-sev-snp report1.json report2.json", + Args: cobra.MatchAll(cobra.MinimumNArgs(2), arg0isAttestationVariant()), + RunE: runCompare, + } + + return cmd +} + +func runCompare(cmd *cobra.Command, args []string) error { + cmd.SetOut(os.Stdout) + + variant, err := variant.FromString(args[0]) + if err != nil { + return fmt.Errorf("parsing variant: %w", err) + } + + return compare(cmd, variant, args[1:], file.NewHandler(afero.NewOsFs())) +} + +func compare(cmd *cobra.Command, attestationVariant variant.Variant, files []string, fs file.Handler) (retErr error) { + if !slices.Contains([]variant.Variant{variant.AWSSEVSNP{}, variant.AzureSEVSNP{}, variant.GCPSEVSNP{}, variant.AzureTDX{}}, attestationVariant) { + return fmt.Errorf("variant %s not supported", attestationVariant) + } + + lowestVersion, err := compareVersions(attestationVariant, files, fs) + if err != nil { + return fmt.Errorf("comparing versions: %w", err) + } + + cmd.Println(lowestVersion) + return nil +} + +func compareVersions(attestationVariant variant.Variant, files []string, fs file.Handler) (string, error) { + readReport := readSNPReport + if attestationVariant.Equal(variant.AzureTDX{}) { + readReport = readTDXReport + } + + lowestVersion := files[0] + lowestReport, err := readReport(files[0], fs) + if err != nil { + return "", fmt.Errorf("reading tdx report: %w", err) + } + + for _, file := range files[1:] { + report, err := readReport(file, fs) + if err != nil { + return "", fmt.Errorf("reading tdx report: %w", err) + } + + if client.IsInputNewerThanOtherVersion(attestationVariant, lowestReport, report) { + lowestVersion = file + lowestReport = report + } + } + + return lowestVersion, nil +} + +func readSNPReport(file string, fs file.Handler) (any, error) { + var report verify.Report + if err := fs.ReadJSON(file, &report); err != nil { + return nil, fmt.Errorf("reading snp report: %w", err) + } + return convertTCBVersionToSNPVersion(report.SNPReport.LaunchTCB), nil +} + +func readTDXReport(file string, fs file.Handler) (any, error) { + var report *tdx.QuoteV4 + if err := fs.ReadJSON(file, &report); err != nil { + return nil, fmt.Errorf("reading tdx report: %w", err) + } + return convertQuoteToTDXVersion(report), nil +} diff --git a/internal/api/attestationconfigapi/cli/delete.go b/internal/api/attestationconfigapi/cli/delete.go index 013c69481..a800f7e80 100644 --- a/internal/api/attestationconfigapi/cli/delete.go +++ b/internal/api/attestationconfigapi/cli/delete.go @@ -26,11 +26,11 @@ import ( // newDeleteCmd creates the delete command. func newDeleteCmd() *cobra.Command { cmd := &cobra.Command{ - Use: "delete {aws-sev-snp|azure-sev-snp|azure-tdx|gcp-sev-snp} {attestation-report|guest-firmware} ", + Use: "delete VARIANT KIND ", Short: "Delete an object from the attestationconfig API", Long: "Delete a specific object version from the config api. is the name of the object to delete (without .json suffix)", Example: "COSIGN_PASSWORD=$CPW COSIGN_PRIVATE_KEY=$CKEY cli delete azure-sev-snp attestation-report 1.0.0", - Args: cobra.MatchAll(cobra.ExactArgs(3), isAttestationVariant(0), isValidKind(1)), + Args: cobra.MatchAll(cobra.ExactArgs(3), arg0isAttestationVariant(), isValidKind(1)), PreRunE: envCheck, RunE: runDelete, } @@ -40,7 +40,7 @@ func newDeleteCmd() *cobra.Command { Short: "delete all objects from the API path constellation/v1/attestation/", Long: "Delete all objects from the API path constellation/v1/attestation/", Example: "COSIGN_PASSWORD=$CPW COSIGN_PRIVATE_KEY=$CKEY cli delete recursive azure-sev-snp", - Args: cobra.MatchAll(cobra.ExactArgs(1), isAttestationVariant(0)), + Args: cobra.MatchAll(cobra.ExactArgs(1), arg0isAttestationVariant()), RunE: runRecursiveDelete, } diff --git a/internal/api/attestationconfigapi/cli/main.go b/internal/api/attestationconfigapi/cli/main.go index e6e951f1b..ee1b0c354 100644 --- a/internal/api/attestationconfigapi/cli/main.go +++ b/internal/api/attestationconfigapi/cli/main.go @@ -27,8 +27,11 @@ const ( distributionID = constants.CDNDefaultDistributionID envCosignPwd = "COSIGN_PASSWORD" envCosignPrivateKey = "COSIGN_PRIVATE_KEY" - // versionWindowSize defines the number of versions to be considered for the latest version. Each week 5 versions are uploaded for each node of the verify cluster. - versionWindowSize = 15 + // versionWindowSize defines the number of versions to be considered for the latest version. + // Through our weekly e2e tests, each week 2 versions are uploaded: + // One from a stable release, and one from a debug image. + // A window size of 6 ensures we update only after a version has been "stable" for 3 weeks. + versionWindowSize = 6 ) var ( @@ -56,6 +59,7 @@ func newRootCmd() *cobra.Command { rootCmd.AddCommand(newUploadCmd()) rootCmd.AddCommand(newDeleteCmd()) + rootCmd.AddCommand(newCompareCmd()) return rootCmd } diff --git a/internal/api/attestationconfigapi/cli/upload.go b/internal/api/attestationconfigapi/cli/upload.go index 54edb01c6..4032f4626 100644 --- a/internal/api/attestationconfigapi/cli/upload.go +++ b/internal/api/attestationconfigapi/cli/upload.go @@ -29,7 +29,7 @@ import ( func newUploadCmd() *cobra.Command { uploadCmd := &cobra.Command{ - Use: "upload {aws-sev-snp|azure-sev-snp|azure-tdx|gcp-sev-snp} {attestation-report|guest-firmware} ", + Use: "upload VARIANT KIND FILE", Short: "Upload an object to the attestationconfig API", Long: fmt.Sprintf("Upload a new object to the attestationconfig API. For snp-reports the new object is added to a cache folder first.\n"+ @@ -41,7 +41,7 @@ func newUploadCmd() *cobra.Command { ), Example: "COSIGN_PASSWORD=$CPW COSIGN_PRIVATE_KEY=$CKEY cli upload azure-sev-snp attestation-report /some/path/report.json", - Args: cobra.MatchAll(cobra.ExactArgs(3), isAttestationVariant(0), isValidKind(1)), + Args: cobra.MatchAll(cobra.ExactArgs(3), arg0isAttestationVariant(), isValidKind(1)), PreRunE: envCheck, RunE: runUpload, } @@ -120,24 +120,20 @@ func uploadReport( latestVersion = latestVersionInAPI.SEVSNPVersion log.Info(fmt.Sprintf("Reading SNP report from file: %s", cfg.path)) - var report verify.Report - if err := fs.ReadJSON(cfg.path, &report); err != nil { - return fmt.Errorf("reading snp report: %w", err) + newVersion, err = readSNPReport(cfg.path, fs) + if err != nil { + return err } - - newVersion = convertTCBVersionToSNPVersion(report.SNPReport.LaunchTCB) log.Info(fmt.Sprintf("Input SNP report: %+v", newVersion)) case variant.AzureTDX{}: latestVersion = latestVersionInAPI.TDXVersion log.Info(fmt.Sprintf("Reading TDX report from file: %s", cfg.path)) - var report *tdx.QuoteV4 - if err := fs.ReadJSON(cfg.path, &report); err != nil { - return fmt.Errorf("reading tdx report: %w", err) + newVersion, err = readTDXReport(cfg.path, fs) + if err != nil { + return err } - - newVersion = convertQuoteToTDXVersion(report) log.Info(fmt.Sprintf("Input TDX report: %+v", newVersion)) default: diff --git a/internal/api/attestationconfigapi/cli/validargs.go b/internal/api/attestationconfigapi/cli/validargs.go index 0c77ce051..b5366b0f9 100644 --- a/internal/api/attestationconfigapi/cli/validargs.go +++ b/internal/api/attestationconfigapi/cli/validargs.go @@ -7,6 +7,7 @@ SPDX-License-Identifier: AGPL-3.0-only package main import ( + "errors" "fmt" "strings" @@ -14,17 +15,17 @@ import ( "github.com/spf13/cobra" ) -func isAttestationVariant(arg int) cobra.PositionalArgs { +func arg0isAttestationVariant() cobra.PositionalArgs { return func(_ *cobra.Command, args []string) error { - attestationVariant, err := variant.FromString(args[arg]) + attestationVariant, err := variant.FromString(args[0]) if err != nil { - return fmt.Errorf("argument %s isn't a valid attestation variant", args[arg]) + return errors.New("argument 0 isn't a valid attestation variant") } switch attestationVariant { case variant.AWSSEVSNP{}, variant.AzureSEVSNP{}, variant.AzureTDX{}, variant.GCPSEVSNP{}: return nil default: - return fmt.Errorf("argument %s isn't a supported attestation variant", args[arg]) + return errors.New("argument 0 isn't a supported attestation variant") } } } @@ -32,7 +33,7 @@ func isAttestationVariant(arg int) cobra.PositionalArgs { func isValidKind(arg int) cobra.PositionalArgs { return func(_ *cobra.Command, args []string) error { if kind := kindFromString(args[arg]); kind == unknown { - return fmt.Errorf("argument %s isn't a valid kind", args[arg]) + return fmt.Errorf("argument %s isn't a valid kind: must be one of [%q, %q]", args[arg], attestationReport, guestFirmware) } return nil } From 65ed286c7dd69fef8537ce1402acf7235519e4b6 Mon Sep 17 00:00:00 2001 From: Malte Poll <1780588+malt3@users.noreply.github.com> Date: Thu, 11 Jul 2024 11:09:15 +0200 Subject: [PATCH 154/380] image: replicate nvidia Azure images in eastus2 (#3027) Co-authored-by: derpsteb --- internal/osimage/uplosi/uplosiupload.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/osimage/uplosi/uplosiupload.go b/internal/osimage/uplosi/uplosiupload.go index 2b54b2c33..588f332aa 100644 --- a/internal/osimage/uplosi/uplosiupload.go +++ b/internal/osimage/uplosi/uplosiupload.go @@ -255,7 +255,7 @@ func azureReplicationRegions(attestationVariant string) []string { case "azure-tdx": return []string{"northeurope", "westeurope", "centralus", "eastus2"} case "azure-sev-snp": - return []string{"northeurope", "westeurope", "germanywestcentral", "eastus", "westus", "southeastasia"} + return []string{"northeurope", "westeurope", "germanywestcentral", "eastus", "eastus2", "westus", "southeastasia"} } return nil } From e08ed38be863837faa1c45ae72d70c2865a9eba5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Fri, 12 Jul 2024 08:26:36 +0200 Subject: [PATCH 155/380] ci: fix relative paths for verify e2e test (#3249) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Use absolute paths to avoid issues with bazel run changing working directory * Fix error message in attestationconfig cli --------- Signed-off-by: Daniel Weiße --- .github/actions/e2e_verify/action.yml | 9 ++++++++- internal/api/attestationconfigapi/cli/compare.go | 4 ++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/.github/actions/e2e_verify/action.yml b/.github/actions/e2e_verify/action.yml index 6b0bcf885..22b86e893 100644 --- a/.github/actions/e2e_verify/action.yml +++ b/.github/actions/e2e_verify/action.yml @@ -96,7 +96,14 @@ runs: run: | reports=attestation-report-*.json - report=$(bazel run //internal/api/attestationconfigapi/cli -- compare ${{ inputs.attestationVariant }} ${reports}) + # bazel run changes the working directory + # convert the relative paths to absolute paths to avoid issues + absolute_reports="" + for report in ${reports}; do + absolute_reports="${absolute_reports} $(realpath "${report}")" + done + + report=$(bazel run //internal/api/attestationconfigapi/cli -- compare ${{ inputs.attestationVariant }} ${absolute_reports}) path=$(realpath "${report}") cat "${path}" diff --git a/internal/api/attestationconfigapi/cli/compare.go b/internal/api/attestationconfigapi/cli/compare.go index 49988fefb..9921ab76e 100644 --- a/internal/api/attestationconfigapi/cli/compare.go +++ b/internal/api/attestationconfigapi/cli/compare.go @@ -66,13 +66,13 @@ func compareVersions(attestationVariant variant.Variant, files []string, fs file lowestVersion := files[0] lowestReport, err := readReport(files[0], fs) if err != nil { - return "", fmt.Errorf("reading tdx report: %w", err) + return "", fmt.Errorf("reading report: %w", err) } for _, file := range files[1:] { report, err := readReport(file, fs) if err != nil { - return "", fmt.Errorf("reading tdx report: %w", err) + return "", fmt.Errorf("reading report: %w", err) } if client.IsInputNewerThanOtherVersion(attestationVariant, lowestReport, report) { From 529eab2bf911113de395a9973ddc893f5e2ad54b Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Fri, 12 Jul 2024 08:27:08 +0200 Subject: [PATCH 156/380] image: update measurements and image version (#3250) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index 276be2a86..20c32e91c 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x06, 0xe9, 0x66, 0x25, 0xa9, 0xb1, 0xa7, 0xc9, 0x99, 0x94, 0x4d, 0xb8, 0xa6, 0x13, 0xa6, 0xae, 0x1a, 0x12, 0x90, 0x26, 0x70, 0xe9, 0x6f, 0x1e, 0xce, 0xb5, 0x5f, 0x6d, 0x48, 0x02, 0xd6, 0x81}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xdf, 0x67, 0xab, 0xa3, 0x8e, 0xf2, 0x34, 0x64, 0x07, 0xe2, 0xec, 0xeb, 0x44, 0x69, 0x71, 0x81, 0x16, 0x8d, 0xaa, 0x62, 0xde, 0xa9, 0xd8, 0xeb, 0xdb, 0x7e, 0x66, 0x86, 0x40, 0x63, 0x8b, 0x59}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x6a, 0x87, 0x92, 0xfe, 0xbb, 0xe7, 0x11, 0xbe, 0xa9, 0xd6, 0xf4, 0x56, 0x6d, 0xb4, 0xe3, 0x39, 0xc0, 0xdd, 0x5a, 0x2e, 0xec, 0xf0, 0x6d, 0xbd, 0xdd, 0x57, 0x6b, 0x35, 0xf1, 0xcc, 0x05, 0x45}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x71, 0xf6, 0xb8, 0x63, 0xf9, 0xf8, 0x3a, 0x6f, 0x28, 0xbc, 0x19, 0x8b, 0xb9, 0xb9, 0xe8, 0x39, 0xfe, 0xde, 0xe8, 0x67, 0x68, 0xc7, 0x8b, 0xd7, 0xe0, 0xcd, 0x97, 0x65, 0x79, 0xb5, 0x0c, 0x9e}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x88, 0x85, 0x6e, 0x71, 0x99, 0x86, 0x93, 0xc7, 0xea, 0x7a, 0xda, 0xd9, 0x03, 0x72, 0x83, 0x5a, 0xb8, 0xe6, 0x27, 0xc4, 0xd1, 0x4a, 0x3d, 0x92, 0x9a, 0x99, 0xf1, 0xbc, 0xd0, 0xa5, 0x51, 0x11}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa9, 0xcd, 0x02, 0x05, 0xa3, 0x8a, 0x37, 0x2b, 0xa4, 0x8a, 0x8f, 0x85, 0x05, 0xcc, 0x20, 0x9a, 0x1c, 0x15, 0x34, 0x3c, 0x12, 0x37, 0x63, 0xac, 0xd5, 0x06, 0x82, 0xa6, 0x2b, 0xe8, 0xf1, 0xb6}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xc8, 0x36, 0x58, 0xcf, 0xc1, 0x50, 0x5c, 0x27, 0x30, 0x16, 0x66, 0x2b, 0xe8, 0xc4, 0x0a, 0x7d, 0x43, 0x5b, 0xca, 0x85, 0x2b, 0xd2, 0x6c, 0x0d, 0x6c, 0x48, 0x95, 0x04, 0x9e, 0x70, 0x25, 0x9e}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xf4, 0x18, 0xc1, 0xbd, 0x9e, 0xd1, 0x12, 0x29, 0x6a, 0x14, 0xb1, 0xbe, 0xe8, 0x62, 0x0b, 0x68, 0xef, 0xc3, 0x29, 0xca, 0x7d, 0x0f, 0xd1, 0xb2, 0xe7, 0x96, 0x92, 0x1b, 0x2e, 0x93, 0xdf, 0x6d}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xde, 0xdf, 0x38, 0xc2, 0x51, 0xc6, 0x4c, 0x71, 0x43, 0xb6, 0xf9, 0xcc, 0x3c, 0x77, 0x20, 0x34, 0x72, 0x6d, 0x17, 0xf2, 0x0e, 0x1f, 0x33, 0xed, 0x55, 0x91, 0x87, 0x82, 0x7e, 0x81, 0x44, 0x9e}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x89, 0xef, 0x8b, 0x34, 0x9a, 0xe8, 0x49, 0x03, 0x64, 0x2e, 0x21, 0xd4, 0x68, 0x93, 0xf2, 0x57, 0x13, 0x81, 0x78, 0x6e, 0xb0, 0x1d, 0x94, 0x89, 0xf5, 0x4f, 0xea, 0x17, 0xbc, 0x7c, 0x63, 0xd6}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xf6, 0xcf, 0x06, 0xa4, 0xc2, 0xc4, 0x14, 0x15, 0x9f, 0x2e, 0xd6, 0x97, 0x1f, 0x4e, 0x40, 0x52, 0x41, 0xd6, 0x46, 0x00, 0x3a, 0x00, 0x6b, 0xcf, 0x61, 0x53, 0x55, 0x42, 0x14, 0x7b, 0xe3, 0x3b}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x9a, 0x72, 0xa8, 0x48, 0x4e, 0x17, 0x30, 0xbe, 0x3b, 0x39, 0x8d, 0x68, 0x83, 0xb4, 0x35, 0xc2, 0xba, 0x90, 0x43, 0x96, 0xd8, 0x2a, 0xdd, 0x89, 0x01, 0x11, 0x33, 0xcb, 0xfd, 0x01, 0xa6, 0x58}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xde, 0x77, 0xa4, 0xca, 0xc3, 0x54, 0x4e, 0xe2, 0x1c, 0x3f, 0x13, 0x0c, 0xa1, 0x83, 0xd8, 0x4f, 0xd5, 0xf0, 0xf3, 0xc3, 0x38, 0x4e, 0x34, 0x6b, 0xf4, 0x98, 0xad, 0x4c, 0x6a, 0xb5, 0x78, 0xe3}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x6a, 0x46, 0xd2, 0x33, 0xdc, 0x4c, 0x61, 0x6f, 0x48, 0x20, 0x30, 0x70, 0xb0, 0x2f, 0x9d, 0xe1, 0xde, 0xec, 0x80, 0xfd, 0xf7, 0x3f, 0xc7, 0x15, 0xb4, 0x32, 0x26, 0x75, 0xdf, 0x10, 0xda, 0x74}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xda, 0x50, 0x44, 0x47, 0xc6, 0xc3, 0xfe, 0xbc, 0x60, 0xf7, 0x32, 0x4d, 0xe6, 0xf9, 0x47, 0xb3, 0x7b, 0x8a, 0x43, 0x7a, 0x84, 0x5b, 0xab, 0x96, 0x36, 0x76, 0xdd, 0x10, 0xf5, 0x3a, 0x26, 0x50}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x53, 0x75, 0xda, 0xf5, 0xca, 0x72, 0xc0, 0x09, 0x99, 0x70, 0x2b, 0x37, 0x7b, 0xea, 0xa5, 0xbf, 0x8e, 0x06, 0x11, 0xfc, 0x7e, 0x80, 0xd5, 0x71, 0x9a, 0xab, 0xee, 0x3b, 0x50, 0xf6, 0xf8, 0xf5}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x6b, 0x2e, 0xf1, 0x7c, 0x0f, 0x55, 0xb9, 0x35, 0x59, 0x97, 0x4b, 0xe7, 0x79, 0xa4, 0x09, 0xa3, 0xc1, 0xe6, 0x07, 0x3f, 0x6a, 0xa4, 0x45, 0x15, 0x5b, 0xac, 0xea, 0xd0, 0x40, 0xc2, 0x80, 0x5c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x1c, 0x9a, 0x49, 0xda, 0x18, 0x25, 0x0c, 0x79, 0xfc, 0xa9, 0x8e, 0xec, 0x31, 0x12, 0x47, 0xc7, 0x7d, 0x59, 0x5c, 0xd3, 0x67, 0xfd, 0x4c, 0xb4, 0x00, 0x3a, 0x87, 0xeb, 0xbd, 0x15, 0x9e, 0xd9}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x70, 0xf3, 0xab, 0x9f, 0x41, 0x57, 0x5d, 0x6c, 0x1c, 0x02, 0x61, 0x8d, 0x35, 0x9c, 0x91, 0xc5, 0x03, 0x3d, 0x07, 0xb0, 0x3e, 0xf5, 0xbc, 0xbe, 0xa1, 0x71, 0x2f, 0x42, 0x36, 0x95, 0x45, 0x64}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xa2, 0x39, 0x10, 0x83, 0xfa, 0x36, 0x4d, 0x1e, 0x02, 0x5b, 0x20, 0x12, 0xb6, 0x47, 0x19, 0x25, 0xbf, 0x06, 0x54, 0xce, 0xb6, 0x16, 0x35, 0xfc, 0x2f, 0xde, 0xe1, 0xda, 0x60, 0x26, 0xda, 0x9d}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xef, 0x14, 0xbb, 0x1e, 0xe2, 0x4c, 0xd3, 0x63, 0x80, 0x30, 0x8e, 0xa8, 0xbe, 0x1c, 0xc5, 0x9d, 0x39, 0xd9, 0x23, 0xfd, 0x63, 0x13, 0x3f, 0xb0, 0xf5, 0x0d, 0x48, 0x10, 0x39, 0xb4, 0x5b, 0xeb}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x22, 0x91, 0x56, 0x9f, 0x17, 0x60, 0x01, 0x37, 0x4f, 0x2b, 0x43, 0x6c, 0x86, 0x3c, 0x46, 0xb9, 0xc9, 0x99, 0xd6, 0x00, 0x02, 0xd5, 0x2f, 0x62, 0xb2, 0x54, 0x8c, 0xbc, 0xe8, 0xb5, 0x77, 0x69}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd0, 0x4e, 0x26, 0xfa, 0x50, 0x45, 0xae, 0x42, 0xa6, 0xdc, 0xfe, 0x60, 0x4b, 0x0b, 0x41, 0x8e, 0x23, 0xb2, 0xb9, 0x3c, 0x61, 0x6d, 0x49, 0x47, 0x45, 0x96, 0x71, 0xfe, 0x4a, 0x7e, 0x34, 0x7a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x73, 0xd4, 0xa5, 0x79, 0xe8, 0xaa, 0xbc, 0x11, 0xea, 0x8f, 0x38, 0x67, 0x4e, 0xa5, 0xa9, 0xce, 0x2a, 0x8c, 0x50, 0x1f, 0x46, 0x43, 0x38, 0x52, 0x38, 0x95, 0xe9, 0x3e, 0x83, 0x0b, 0xa2, 0xb3}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x2f, 0x28, 0x3c, 0xc7, 0x4d, 0x3e, 0x3a, 0x32, 0x02, 0x4c, 0x15, 0x20, 0x3a, 0xea, 0x36, 0xf8, 0xfe, 0x2c, 0xe0, 0xb1, 0xfc, 0x34, 0xfe, 0x64, 0x16, 0x39, 0x75, 0x54, 0xcf, 0x42, 0xe3, 0x32}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xe8, 0x7a, 0xbd, 0x6e, 0x96, 0x1e, 0x91, 0x52, 0x96, 0x8d, 0x5c, 0x2b, 0x8d, 0x91, 0xc9, 0x2c, 0x1b, 0x62, 0xb2, 0x75, 0xa0, 0x35, 0x87, 0x72, 0x41, 0x64, 0x18, 0xcd, 0x73, 0x97, 0xa8, 0x28}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xb5, 0x50, 0x3d, 0xac, 0x2b, 0xce, 0x0b, 0x0b, 0x05, 0x45, 0xc5, 0x29, 0x4c, 0xbe, 0xcd, 0x54, 0xad, 0x8c, 0xa5, 0xc4, 0xb2, 0xf5, 0x0d, 0xe1, 0x2a, 0x51, 0x41, 0xa5, 0x85, 0x5f, 0xa6, 0xfe}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xa6, 0xd2, 0xfc, 0x52, 0xf2, 0xcd, 0x65, 0x2d, 0x05, 0xa8, 0xc1, 0x81, 0x19, 0x0e, 0x05, 0x4d, 0x57, 0x60, 0x43, 0x66, 0xac, 0x36, 0x2b, 0x50, 0xeb, 0x27, 0xba, 0x55, 0x1f, 0x62, 0xd3, 0xcf}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x40, 0x93, 0xb6, 0x3b, 0x47, 0x66, 0xab, 0x87, 0x7a, 0x45, 0x6c, 0x78, 0x3a, 0x34, 0x0f, 0x1b, 0x9c, 0xb2, 0x16, 0x0c, 0x3b, 0x9c, 0x13, 0x6e, 0x62, 0x15, 0xaa, 0xfb, 0x22, 0x6b, 0xab, 0x48}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x4c, 0x2e, 0x97, 0xca, 0x09, 0x8d, 0x32, 0xe2, 0xb8, 0xee, 0x3e, 0x29, 0x60, 0xff, 0x2b, 0x4f, 0xc5, 0x2d, 0xe4, 0xf3, 0x7a, 0xae, 0x3e, 0x79, 0xea, 0xa1, 0xc4, 0x87, 0x41, 0x92, 0x4d, 0x2e}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0x5d, 0x20, 0xfb, 0x83, 0x8d, 0x3e, 0x32, 0x67, 0xd5, 0x83, 0x2b, 0x6b, 0x57, 0x2c, 0x73, 0xa4, 0xef, 0xd3, 0x1a, 0xf1, 0x5c, 0x81, 0xca, 0xed, 0x4d, 0x0e, 0x2f, 0x59, 0x39, 0x01, 0x7a, 0xff}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xdc, 0x53, 0x03, 0x46, 0x92, 0x7c, 0xd1, 0xca, 0x6e, 0x05, 0xc3, 0x39, 0xcf, 0x7d, 0x82, 0x9b, 0xeb, 0xb0, 0xfb, 0xf3, 0xe6, 0x77, 0xe5, 0x84, 0x9a, 0x12, 0x23, 0x8e, 0x17, 0x2b, 0x2c, 0xa1}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x61, 0xab, 0x3e, 0x9f, 0x65, 0x3c, 0xd9, 0x6d, 0xee, 0x88, 0x2c, 0xe2, 0xfd, 0xba, 0xd6, 0xaa, 0xe1, 0x90, 0x37, 0xf7, 0xe9, 0x4c, 0x3a, 0x23, 0xb1, 0xeb, 0x18, 0x6a, 0x08, 0xbb, 0x5d, 0xcc}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xb9, 0x79, 0xae, 0xc8, 0x97, 0xa0, 0x64, 0xca, 0x63, 0x9c, 0x9a, 0x91, 0xcb, 0xdd, 0x6e, 0x3e, 0x54, 0xa7, 0x7f, 0x3b, 0x76, 0x1b, 0x9d, 0xd6, 0x0d, 0xe4, 0xda, 0x42, 0x98, 0x88, 0x74, 0xcc}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x89, 0x2f, 0x9b, 0xdb, 0x18, 0x15, 0xb3, 0x28, 0x19, 0x23, 0xa3, 0xef, 0x87, 0xce, 0x33, 0xdf, 0x28, 0xa4, 0x91, 0x9f, 0x7f, 0x0a, 0x21, 0xd4, 0xdb, 0x35, 0xec, 0xf2, 0xad, 0x78, 0x66, 0x89}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x5f, 0xdc, 0xca, 0x85, 0xf6, 0xd2, 0xdf, 0xf8, 0x58, 0x61, 0x0c, 0x1d, 0x5c, 0x54, 0xa5, 0x65, 0x67, 0xd6, 0x09, 0x96, 0xf0, 0x1b, 0x27, 0xa0, 0x51, 0x4d, 0xaf, 0x1d, 0xb4, 0xb5, 0x6f, 0xd7}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x9b, 0xc7, 0xeb, 0x61, 0x3f, 0x41, 0x2f, 0xdc, 0x8a, 0xb6, 0xc6, 0xbf, 0x4f, 0x32, 0x4b, 0x27, 0xd3, 0x1a, 0xed, 0xf2, 0x8f, 0x90, 0xde, 0xdd, 0x03, 0xba, 0xcd, 0x46, 0x9c, 0xf4, 0x15, 0x3c}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x2d, 0x7b, 0x3f, 0x36, 0x9c, 0x59, 0x5a, 0xd8, 0xf3, 0xee, 0x68, 0xcb, 0xae, 0x07, 0x0c, 0xd1, 0xac, 0xb6, 0xf2, 0x09, 0xf9, 0xbb, 0xff, 0x5a, 0xb7, 0x39, 0xb0, 0xfb, 0x18, 0x79, 0x22, 0xc7}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xc2, 0xdb, 0x47, 0x7d, 0x13, 0x07, 0x16, 0x91, 0x89, 0x13, 0xb8, 0x47, 0x53, 0xc9, 0x76, 0xd4, 0x3d, 0x5f, 0x7e, 0x7c, 0x60, 0x1f, 0xc2, 0x7a, 0xb4, 0x82, 0xe4, 0x9b, 0x88, 0x14, 0x2d, 0xf5}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0x63, 0x09, 0x38, 0x5c, 0x32, 0x69, 0xd3, 0x21, 0x29, 0x22, 0x8a, 0xa2, 0x36, 0xdf, 0x0f, 0x8d, 0x39, 0x8b, 0xdd, 0x16, 0xb0, 0xc8, 0xdc, 0x2c, 0xce, 0x79, 0x7b, 0x48, 0x6e, 0x09, 0x68, 0xd3}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x77, 0xd4, 0xe4, 0xf1, 0x66, 0x4f, 0x46, 0x04, 0x5b, 0x10, 0x7f, 0x40, 0xbd, 0xa5, 0xe7, 0x1d, 0xf2, 0xbb, 0xe5, 0x64, 0x98, 0x72, 0x93, 0x23, 0xe3, 0xc3, 0x7c, 0xb3, 0xe5, 0xc2, 0xc7, 0x3e}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf2, 0xa5, 0xe2, 0x10, 0x73, 0x64, 0x3c, 0x32, 0xc5, 0x3e, 0x40, 0x2f, 0xfa, 0x89, 0x3f, 0xa4, 0x74, 0x76, 0xeb, 0x9f, 0x35, 0xc1, 0xef, 0xa0, 0xc4, 0x34, 0x30, 0xf0, 0x6f, 0xda, 0x40, 0xe9}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0x0a, 0xb1, 0xd4, 0x60, 0x5e, 0x2b, 0x43, 0x6c, 0x5c, 0x2c, 0x5c, 0x1c, 0x9f, 0xe4, 0x1e, 0x8a, 0x0b, 0x92, 0xab, 0x9c, 0x38, 0x19, 0xa3, 0x9b, 0xa8, 0x4c, 0xe4, 0x81, 0x50, 0x43, 0x68, 0x8f}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x4a, 0x38, 0xaf, 0x39, 0xa1, 0x37, 0x06, 0x37, 0x0a, 0x71, 0x99, 0x2e, 0xa1, 0x2c, 0x1f, 0xaa, 0xd5, 0xd4, 0x39, 0x3b, 0x00, 0x0d, 0x54, 0xb7, 0xa3, 0x6c, 0x06, 0xc1, 0x0f, 0xd6, 0x77, 0x66}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd9, 0x14, 0x58, 0xb8, 0xfc, 0xab, 0x5a, 0x80, 0x09, 0x69, 0x53, 0xea, 0x23, 0xc3, 0x98, 0x50, 0x9a, 0x6c, 0x15, 0x57, 0x9c, 0x18, 0x57, 0x65, 0x77, 0x99, 0x6c, 0x85, 0x15, 0x02, 0x32, 0x22}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0x49, 0xd6, 0x56, 0xed, 0x33, 0xa2, 0xae, 0xe3, 0x2b, 0x12, 0xf8, 0xa0, 0x3b, 0x4c, 0x2c, 0x52, 0xba, 0xec, 0xc8, 0x54, 0xa7, 0xad, 0x12, 0x14, 0xee, 0x49, 0xce, 0x94, 0x23, 0x61, 0xd3, 0xbc}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb9, 0x33, 0x35, 0x8d, 0x96, 0x8a, 0xa9, 0x0b, 0x46, 0xd9, 0xa2, 0xbc, 0x40, 0x21, 0xbf, 0x68, 0x3a, 0x53, 0xc5, 0xd4, 0x0d, 0xef, 0x00, 0x40, 0xd3, 0x04, 0x99, 0x7b, 0xe1, 0x50, 0x3b, 0xd0}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x32, 0x27, 0x83, 0xc8, 0xf5, 0x5d, 0x9f, 0x39, 0x40, 0xf7, 0x54, 0x54, 0xe3, 0x4b, 0xca, 0x1d, 0x70, 0x3a, 0xd6, 0xb8, 0xf3, 0x15, 0x45, 0x13, 0x13, 0x28, 0xf7, 0x53, 0x07, 0x59, 0xec, 0x41}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index 33931bb88..ab69a5ae3 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240709212815-0d421b905fd4" + defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240711110915-65ed286c7dd6" ) From 1826801f0ab1e8e79115847b420808387fd47d22 Mon Sep 17 00:00:00 2001 From: Thomas Tendyck Date: Thu, 11 Jul 2024 15:10:13 +0200 Subject: [PATCH 157/380] docs: move compute benchmarks to own page --- README.md | 2 +- docs/docs/overview/performance/compute.md | 11 +++++++++++ docs/docs/overview/performance/performance.md | 14 +++----------- docs/sidebars.js | 5 +++++ 4 files changed, 20 insertions(+), 12 deletions(-) create mode 100644 docs/docs/overview/performance/compute.md diff --git a/README.md b/README.md index a0d4db3ad..3b8a9ddbd 100644 --- a/README.md +++ b/README.md @@ -51,7 +51,7 @@ Encrypting your K8s is good for: * High availability with multi-master architecture and stacked etcd topology * Dynamic cluster autoscaling with verification and secure bootstrapping of new nodes -* Competitive performance ([see K-Bench comparison with AKS and GKE][performance]) +* Competitive [performance] ### 🧩 Easy to use and integrate diff --git a/docs/docs/overview/performance/compute.md b/docs/docs/overview/performance/compute.md new file mode 100644 index 000000000..88dd4b1b2 --- /dev/null +++ b/docs/docs/overview/performance/compute.md @@ -0,0 +1,11 @@ +# Impact of runtime encryption on compute performance + +All nodes in a Constellation cluster are executed inside Confidential VMs (CVMs). Consequently, the performance of Constellation is inherently linked to the performance of these CVMs. + +## AMD and Azure benchmarking + +AMD and Azure have collectively released a [performance benchmark](https://community.amd.com/t5/business/microsoft-azure-confidential-computing-powered-by-3rd-gen-epyc/ba-p/497796) for CVMs that utilize 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. This benchmark, which included a variety of mostly compute-intensive tests such as SPEC CPU 2017 and CoreMark, demonstrated that CVMs experience only minor performance degradation (ranging from 2% to 8%) when compared to standard VMs. Such results are indicative of the performance that can be expected from compute-intensive workloads running with Constellation on Azure. + +## AMD and Google benchmarking + +Similarly, AMD and Google have jointly released a [performance benchmark](https://www.amd.com/system/files/documents/3rd-gen-epyc-gcp-c2d-conf-compute-perf-brief.pdf) for CVMs employing 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. With high-performance computing workloads such as WRF, NAMD, Ansys CFS, and Ansys LS_DYNA, they observed analogous findings, with only minor performance degradation (between 2% and 4%) compared to standard VMs. These outcomes are reflective of the performance that can be expected for compute-intensive workloads running with Constellation on GCP. diff --git a/docs/docs/overview/performance/performance.md b/docs/docs/overview/performance/performance.md index 7f22a693e..59bf86602 100644 --- a/docs/docs/overview/performance/performance.md +++ b/docs/docs/overview/performance/performance.md @@ -1,18 +1,10 @@ # Performance analysis of Constellation -This section provides a comprehensive examination of the performance characteristics of Constellation, encompassing various aspects, including runtime encryption, I/O benchmarks, and real-world applications. +This section provides a comprehensive examination of the performance characteristics of Constellation. -## Impact of runtime encryption on performance +## Runtime encryption -All nodes in a Constellation cluster are executed inside Confidential VMs (CVMs). Consequently, the performance of Constellation is inherently linked to the performance of these CVMs. - -### AMD and Azure benchmarking - -AMD and Azure have collectively released a [performance benchmark](https://community.amd.com/t5/business/microsoft-azure-confidential-computing-powered-by-3rd-gen-epyc/ba-p/497796) for CVMs that utilize 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. This benchmark, which included a variety of mostly compute-intensive tests such as SPEC CPU 2017 and CoreMark, demonstrated that CVMs experience only minor performance degradation (ranging from 2% to 8%) when compared to standard VMs. Such results are indicative of the performance that can be expected from compute-intensive workloads running with Constellation on Azure. - -### AMD and Google benchmarking - -Similarly, AMD and Google have jointly released a [performance benchmark](https://www.amd.com/system/files/documents/3rd-gen-epyc-gcp-c2d-conf-compute-perf-brief.pdf) for CVMs employing 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. With high-performance computing workloads such as WRF, NAMD, Ansys CFS, and Ansys LS_DYNA, they observed analogous findings, with only minor performance degradation (between 2% and 4%) compared to standard VMs. These outcomes are reflective of the performance that can be expected for compute-intensive workloads running with Constellation on GCP. +Runtime encryption affects compute performance. [Benchmarks by Azure and Google](compute.md) show that the performance degradation of Confidential VMs (CVMs) is small, ranging from 2% to 8% for compute-intensive workloads. ## I/O performance benchmarks diff --git a/docs/sidebars.js b/docs/sidebars.js index 67f3de87b..45e56c66e 100644 --- a/docs/sidebars.js +++ b/docs/sidebars.js @@ -55,6 +55,11 @@ const sidebars = { label: 'Performance', link: { type: 'doc', id: 'overview/performance/performance' }, items: [ + { + type: 'doc', + label: 'Compute benchmarks', + id: 'overview/performance/compute', + }, { type: 'doc', label: 'I/O benchmarks', From 712ff90ba00919318ef0f3ee5ffe33ff013a5c6a Mon Sep 17 00:00:00 2001 From: Thomas Tendyck Date: Fri, 12 Jul 2024 08:55:34 +0200 Subject: [PATCH 158/380] docs: backport to old versions --- .../overview/performance/compute.md | 11 +++++++++++ .../overview/performance/performance.md | 14 +++----------- .../version-2.10/workflows/verify-cli.md | 4 ++++ .../overview/performance/compute.md | 11 +++++++++++ .../overview/performance/performance.md | 14 +++----------- .../version-2.11/workflows/verify-cli.md | 4 ++++ .../overview/performance/compute.md | 11 +++++++++++ .../overview/performance/performance.md | 14 +++----------- .../version-2.12/workflows/verify-cli.md | 4 ++++ .../overview/performance/compute.md | 11 +++++++++++ .../overview/performance/performance.md | 14 +++----------- .../version-2.13/workflows/verify-cli.md | 4 ++++ .../overview/performance/compute.md | 11 +++++++++++ .../overview/performance/performance.md | 14 +++----------- .../version-2.14/workflows/verify-cli.md | 4 ++++ .../overview/performance/compute.md | 11 +++++++++++ .../overview/performance/performance.md | 14 +++----------- .../version-2.15/workflows/verify-cli.md | 4 ++++ .../overview/performance/compute.md | 11 +++++++++++ .../overview/performance/performance.md | 14 +++----------- .../versioned_docs/version-2.16/workflows/lb.md | 17 +++++++++++++++-- .../overview/performance/compute.md | 11 +++++++++++ .../overview/performance/performance.md | 14 +++----------- .../version-2.10-sidebars.json | 5 +++++ .../version-2.11-sidebars.json | 5 +++++ .../version-2.12-sidebars.json | 5 +++++ .../version-2.13-sidebars.json | 5 +++++ .../version-2.14-sidebars.json | 5 +++++ .../version-2.15-sidebars.json | 5 +++++ .../version-2.16-sidebars.json | 5 +++++ .../version-2.17-sidebars.json | 5 +++++ 31 files changed, 191 insertions(+), 90 deletions(-) create mode 100644 docs/versioned_docs/version-2.10/overview/performance/compute.md create mode 100644 docs/versioned_docs/version-2.11/overview/performance/compute.md create mode 100644 docs/versioned_docs/version-2.12/overview/performance/compute.md create mode 100644 docs/versioned_docs/version-2.13/overview/performance/compute.md create mode 100644 docs/versioned_docs/version-2.14/overview/performance/compute.md create mode 100644 docs/versioned_docs/version-2.15/overview/performance/compute.md create mode 100644 docs/versioned_docs/version-2.16/overview/performance/compute.md create mode 100644 docs/versioned_docs/version-2.17/overview/performance/compute.md diff --git a/docs/versioned_docs/version-2.10/overview/performance/compute.md b/docs/versioned_docs/version-2.10/overview/performance/compute.md new file mode 100644 index 000000000..88dd4b1b2 --- /dev/null +++ b/docs/versioned_docs/version-2.10/overview/performance/compute.md @@ -0,0 +1,11 @@ +# Impact of runtime encryption on compute performance + +All nodes in a Constellation cluster are executed inside Confidential VMs (CVMs). Consequently, the performance of Constellation is inherently linked to the performance of these CVMs. + +## AMD and Azure benchmarking + +AMD and Azure have collectively released a [performance benchmark](https://community.amd.com/t5/business/microsoft-azure-confidential-computing-powered-by-3rd-gen-epyc/ba-p/497796) for CVMs that utilize 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. This benchmark, which included a variety of mostly compute-intensive tests such as SPEC CPU 2017 and CoreMark, demonstrated that CVMs experience only minor performance degradation (ranging from 2% to 8%) when compared to standard VMs. Such results are indicative of the performance that can be expected from compute-intensive workloads running with Constellation on Azure. + +## AMD and Google benchmarking + +Similarly, AMD and Google have jointly released a [performance benchmark](https://www.amd.com/system/files/documents/3rd-gen-epyc-gcp-c2d-conf-compute-perf-brief.pdf) for CVMs employing 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. With high-performance computing workloads such as WRF, NAMD, Ansys CFS, and Ansys LS_DYNA, they observed analogous findings, with only minor performance degradation (between 2% and 4%) compared to standard VMs. These outcomes are reflective of the performance that can be expected for compute-intensive workloads running with Constellation on GCP. diff --git a/docs/versioned_docs/version-2.10/overview/performance/performance.md b/docs/versioned_docs/version-2.10/overview/performance/performance.md index 7f22a693e..59bf86602 100644 --- a/docs/versioned_docs/version-2.10/overview/performance/performance.md +++ b/docs/versioned_docs/version-2.10/overview/performance/performance.md @@ -1,18 +1,10 @@ # Performance analysis of Constellation -This section provides a comprehensive examination of the performance characteristics of Constellation, encompassing various aspects, including runtime encryption, I/O benchmarks, and real-world applications. +This section provides a comprehensive examination of the performance characteristics of Constellation. -## Impact of runtime encryption on performance +## Runtime encryption -All nodes in a Constellation cluster are executed inside Confidential VMs (CVMs). Consequently, the performance of Constellation is inherently linked to the performance of these CVMs. - -### AMD and Azure benchmarking - -AMD and Azure have collectively released a [performance benchmark](https://community.amd.com/t5/business/microsoft-azure-confidential-computing-powered-by-3rd-gen-epyc/ba-p/497796) for CVMs that utilize 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. This benchmark, which included a variety of mostly compute-intensive tests such as SPEC CPU 2017 and CoreMark, demonstrated that CVMs experience only minor performance degradation (ranging from 2% to 8%) when compared to standard VMs. Such results are indicative of the performance that can be expected from compute-intensive workloads running with Constellation on Azure. - -### AMD and Google benchmarking - -Similarly, AMD and Google have jointly released a [performance benchmark](https://www.amd.com/system/files/documents/3rd-gen-epyc-gcp-c2d-conf-compute-perf-brief.pdf) for CVMs employing 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. With high-performance computing workloads such as WRF, NAMD, Ansys CFS, and Ansys LS_DYNA, they observed analogous findings, with only minor performance degradation (between 2% and 4%) compared to standard VMs. These outcomes are reflective of the performance that can be expected for compute-intensive workloads running with Constellation on GCP. +Runtime encryption affects compute performance. [Benchmarks by Azure and Google](compute.md) show that the performance degradation of Confidential VMs (CVMs) is small, ranging from 2% to 8% for compute-intensive workloads. ## I/O performance benchmarks diff --git a/docs/versioned_docs/version-2.10/workflows/verify-cli.md b/docs/versioned_docs/version-2.10/workflows/verify-cli.md index 1280c51b0..78341f314 100644 --- a/docs/versioned_docs/version-2.10/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.10/workflows/verify-cli.md @@ -33,6 +33,10 @@ You don't need to verify the Constellation node images. This is done automatical ## Verify the signature +:::info +This guide assumes Linux on an amd64 processor. The exact steps for other platforms differ slightly. +::: + First, [install the Cosign CLI](https://docs.sigstore.dev/system_config/installation). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: ```shell-session diff --git a/docs/versioned_docs/version-2.11/overview/performance/compute.md b/docs/versioned_docs/version-2.11/overview/performance/compute.md new file mode 100644 index 000000000..88dd4b1b2 --- /dev/null +++ b/docs/versioned_docs/version-2.11/overview/performance/compute.md @@ -0,0 +1,11 @@ +# Impact of runtime encryption on compute performance + +All nodes in a Constellation cluster are executed inside Confidential VMs (CVMs). Consequently, the performance of Constellation is inherently linked to the performance of these CVMs. + +## AMD and Azure benchmarking + +AMD and Azure have collectively released a [performance benchmark](https://community.amd.com/t5/business/microsoft-azure-confidential-computing-powered-by-3rd-gen-epyc/ba-p/497796) for CVMs that utilize 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. This benchmark, which included a variety of mostly compute-intensive tests such as SPEC CPU 2017 and CoreMark, demonstrated that CVMs experience only minor performance degradation (ranging from 2% to 8%) when compared to standard VMs. Such results are indicative of the performance that can be expected from compute-intensive workloads running with Constellation on Azure. + +## AMD and Google benchmarking + +Similarly, AMD and Google have jointly released a [performance benchmark](https://www.amd.com/system/files/documents/3rd-gen-epyc-gcp-c2d-conf-compute-perf-brief.pdf) for CVMs employing 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. With high-performance computing workloads such as WRF, NAMD, Ansys CFS, and Ansys LS_DYNA, they observed analogous findings, with only minor performance degradation (between 2% and 4%) compared to standard VMs. These outcomes are reflective of the performance that can be expected for compute-intensive workloads running with Constellation on GCP. diff --git a/docs/versioned_docs/version-2.11/overview/performance/performance.md b/docs/versioned_docs/version-2.11/overview/performance/performance.md index 7f22a693e..59bf86602 100644 --- a/docs/versioned_docs/version-2.11/overview/performance/performance.md +++ b/docs/versioned_docs/version-2.11/overview/performance/performance.md @@ -1,18 +1,10 @@ # Performance analysis of Constellation -This section provides a comprehensive examination of the performance characteristics of Constellation, encompassing various aspects, including runtime encryption, I/O benchmarks, and real-world applications. +This section provides a comprehensive examination of the performance characteristics of Constellation. -## Impact of runtime encryption on performance +## Runtime encryption -All nodes in a Constellation cluster are executed inside Confidential VMs (CVMs). Consequently, the performance of Constellation is inherently linked to the performance of these CVMs. - -### AMD and Azure benchmarking - -AMD and Azure have collectively released a [performance benchmark](https://community.amd.com/t5/business/microsoft-azure-confidential-computing-powered-by-3rd-gen-epyc/ba-p/497796) for CVMs that utilize 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. This benchmark, which included a variety of mostly compute-intensive tests such as SPEC CPU 2017 and CoreMark, demonstrated that CVMs experience only minor performance degradation (ranging from 2% to 8%) when compared to standard VMs. Such results are indicative of the performance that can be expected from compute-intensive workloads running with Constellation on Azure. - -### AMD and Google benchmarking - -Similarly, AMD and Google have jointly released a [performance benchmark](https://www.amd.com/system/files/documents/3rd-gen-epyc-gcp-c2d-conf-compute-perf-brief.pdf) for CVMs employing 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. With high-performance computing workloads such as WRF, NAMD, Ansys CFS, and Ansys LS_DYNA, they observed analogous findings, with only minor performance degradation (between 2% and 4%) compared to standard VMs. These outcomes are reflective of the performance that can be expected for compute-intensive workloads running with Constellation on GCP. +Runtime encryption affects compute performance. [Benchmarks by Azure and Google](compute.md) show that the performance degradation of Confidential VMs (CVMs) is small, ranging from 2% to 8% for compute-intensive workloads. ## I/O performance benchmarks diff --git a/docs/versioned_docs/version-2.11/workflows/verify-cli.md b/docs/versioned_docs/version-2.11/workflows/verify-cli.md index 1280c51b0..78341f314 100644 --- a/docs/versioned_docs/version-2.11/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.11/workflows/verify-cli.md @@ -33,6 +33,10 @@ You don't need to verify the Constellation node images. This is done automatical ## Verify the signature +:::info +This guide assumes Linux on an amd64 processor. The exact steps for other platforms differ slightly. +::: + First, [install the Cosign CLI](https://docs.sigstore.dev/system_config/installation). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: ```shell-session diff --git a/docs/versioned_docs/version-2.12/overview/performance/compute.md b/docs/versioned_docs/version-2.12/overview/performance/compute.md new file mode 100644 index 000000000..88dd4b1b2 --- /dev/null +++ b/docs/versioned_docs/version-2.12/overview/performance/compute.md @@ -0,0 +1,11 @@ +# Impact of runtime encryption on compute performance + +All nodes in a Constellation cluster are executed inside Confidential VMs (CVMs). Consequently, the performance of Constellation is inherently linked to the performance of these CVMs. + +## AMD and Azure benchmarking + +AMD and Azure have collectively released a [performance benchmark](https://community.amd.com/t5/business/microsoft-azure-confidential-computing-powered-by-3rd-gen-epyc/ba-p/497796) for CVMs that utilize 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. This benchmark, which included a variety of mostly compute-intensive tests such as SPEC CPU 2017 and CoreMark, demonstrated that CVMs experience only minor performance degradation (ranging from 2% to 8%) when compared to standard VMs. Such results are indicative of the performance that can be expected from compute-intensive workloads running with Constellation on Azure. + +## AMD and Google benchmarking + +Similarly, AMD and Google have jointly released a [performance benchmark](https://www.amd.com/system/files/documents/3rd-gen-epyc-gcp-c2d-conf-compute-perf-brief.pdf) for CVMs employing 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. With high-performance computing workloads such as WRF, NAMD, Ansys CFS, and Ansys LS_DYNA, they observed analogous findings, with only minor performance degradation (between 2% and 4%) compared to standard VMs. These outcomes are reflective of the performance that can be expected for compute-intensive workloads running with Constellation on GCP. diff --git a/docs/versioned_docs/version-2.12/overview/performance/performance.md b/docs/versioned_docs/version-2.12/overview/performance/performance.md index 7f22a693e..59bf86602 100644 --- a/docs/versioned_docs/version-2.12/overview/performance/performance.md +++ b/docs/versioned_docs/version-2.12/overview/performance/performance.md @@ -1,18 +1,10 @@ # Performance analysis of Constellation -This section provides a comprehensive examination of the performance characteristics of Constellation, encompassing various aspects, including runtime encryption, I/O benchmarks, and real-world applications. +This section provides a comprehensive examination of the performance characteristics of Constellation. -## Impact of runtime encryption on performance +## Runtime encryption -All nodes in a Constellation cluster are executed inside Confidential VMs (CVMs). Consequently, the performance of Constellation is inherently linked to the performance of these CVMs. - -### AMD and Azure benchmarking - -AMD and Azure have collectively released a [performance benchmark](https://community.amd.com/t5/business/microsoft-azure-confidential-computing-powered-by-3rd-gen-epyc/ba-p/497796) for CVMs that utilize 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. This benchmark, which included a variety of mostly compute-intensive tests such as SPEC CPU 2017 and CoreMark, demonstrated that CVMs experience only minor performance degradation (ranging from 2% to 8%) when compared to standard VMs. Such results are indicative of the performance that can be expected from compute-intensive workloads running with Constellation on Azure. - -### AMD and Google benchmarking - -Similarly, AMD and Google have jointly released a [performance benchmark](https://www.amd.com/system/files/documents/3rd-gen-epyc-gcp-c2d-conf-compute-perf-brief.pdf) for CVMs employing 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. With high-performance computing workloads such as WRF, NAMD, Ansys CFS, and Ansys LS_DYNA, they observed analogous findings, with only minor performance degradation (between 2% and 4%) compared to standard VMs. These outcomes are reflective of the performance that can be expected for compute-intensive workloads running with Constellation on GCP. +Runtime encryption affects compute performance. [Benchmarks by Azure and Google](compute.md) show that the performance degradation of Confidential VMs (CVMs) is small, ranging from 2% to 8% for compute-intensive workloads. ## I/O performance benchmarks diff --git a/docs/versioned_docs/version-2.12/workflows/verify-cli.md b/docs/versioned_docs/version-2.12/workflows/verify-cli.md index 1280c51b0..78341f314 100644 --- a/docs/versioned_docs/version-2.12/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.12/workflows/verify-cli.md @@ -33,6 +33,10 @@ You don't need to verify the Constellation node images. This is done automatical ## Verify the signature +:::info +This guide assumes Linux on an amd64 processor. The exact steps for other platforms differ slightly. +::: + First, [install the Cosign CLI](https://docs.sigstore.dev/system_config/installation). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: ```shell-session diff --git a/docs/versioned_docs/version-2.13/overview/performance/compute.md b/docs/versioned_docs/version-2.13/overview/performance/compute.md new file mode 100644 index 000000000..88dd4b1b2 --- /dev/null +++ b/docs/versioned_docs/version-2.13/overview/performance/compute.md @@ -0,0 +1,11 @@ +# Impact of runtime encryption on compute performance + +All nodes in a Constellation cluster are executed inside Confidential VMs (CVMs). Consequently, the performance of Constellation is inherently linked to the performance of these CVMs. + +## AMD and Azure benchmarking + +AMD and Azure have collectively released a [performance benchmark](https://community.amd.com/t5/business/microsoft-azure-confidential-computing-powered-by-3rd-gen-epyc/ba-p/497796) for CVMs that utilize 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. This benchmark, which included a variety of mostly compute-intensive tests such as SPEC CPU 2017 and CoreMark, demonstrated that CVMs experience only minor performance degradation (ranging from 2% to 8%) when compared to standard VMs. Such results are indicative of the performance that can be expected from compute-intensive workloads running with Constellation on Azure. + +## AMD and Google benchmarking + +Similarly, AMD and Google have jointly released a [performance benchmark](https://www.amd.com/system/files/documents/3rd-gen-epyc-gcp-c2d-conf-compute-perf-brief.pdf) for CVMs employing 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. With high-performance computing workloads such as WRF, NAMD, Ansys CFS, and Ansys LS_DYNA, they observed analogous findings, with only minor performance degradation (between 2% and 4%) compared to standard VMs. These outcomes are reflective of the performance that can be expected for compute-intensive workloads running with Constellation on GCP. diff --git a/docs/versioned_docs/version-2.13/overview/performance/performance.md b/docs/versioned_docs/version-2.13/overview/performance/performance.md index 7f22a693e..59bf86602 100644 --- a/docs/versioned_docs/version-2.13/overview/performance/performance.md +++ b/docs/versioned_docs/version-2.13/overview/performance/performance.md @@ -1,18 +1,10 @@ # Performance analysis of Constellation -This section provides a comprehensive examination of the performance characteristics of Constellation, encompassing various aspects, including runtime encryption, I/O benchmarks, and real-world applications. +This section provides a comprehensive examination of the performance characteristics of Constellation. -## Impact of runtime encryption on performance +## Runtime encryption -All nodes in a Constellation cluster are executed inside Confidential VMs (CVMs). Consequently, the performance of Constellation is inherently linked to the performance of these CVMs. - -### AMD and Azure benchmarking - -AMD and Azure have collectively released a [performance benchmark](https://community.amd.com/t5/business/microsoft-azure-confidential-computing-powered-by-3rd-gen-epyc/ba-p/497796) for CVMs that utilize 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. This benchmark, which included a variety of mostly compute-intensive tests such as SPEC CPU 2017 and CoreMark, demonstrated that CVMs experience only minor performance degradation (ranging from 2% to 8%) when compared to standard VMs. Such results are indicative of the performance that can be expected from compute-intensive workloads running with Constellation on Azure. - -### AMD and Google benchmarking - -Similarly, AMD and Google have jointly released a [performance benchmark](https://www.amd.com/system/files/documents/3rd-gen-epyc-gcp-c2d-conf-compute-perf-brief.pdf) for CVMs employing 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. With high-performance computing workloads such as WRF, NAMD, Ansys CFS, and Ansys LS_DYNA, they observed analogous findings, with only minor performance degradation (between 2% and 4%) compared to standard VMs. These outcomes are reflective of the performance that can be expected for compute-intensive workloads running with Constellation on GCP. +Runtime encryption affects compute performance. [Benchmarks by Azure and Google](compute.md) show that the performance degradation of Confidential VMs (CVMs) is small, ranging from 2% to 8% for compute-intensive workloads. ## I/O performance benchmarks diff --git a/docs/versioned_docs/version-2.13/workflows/verify-cli.md b/docs/versioned_docs/version-2.13/workflows/verify-cli.md index 1280c51b0..78341f314 100644 --- a/docs/versioned_docs/version-2.13/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.13/workflows/verify-cli.md @@ -33,6 +33,10 @@ You don't need to verify the Constellation node images. This is done automatical ## Verify the signature +:::info +This guide assumes Linux on an amd64 processor. The exact steps for other platforms differ slightly. +::: + First, [install the Cosign CLI](https://docs.sigstore.dev/system_config/installation). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: ```shell-session diff --git a/docs/versioned_docs/version-2.14/overview/performance/compute.md b/docs/versioned_docs/version-2.14/overview/performance/compute.md new file mode 100644 index 000000000..88dd4b1b2 --- /dev/null +++ b/docs/versioned_docs/version-2.14/overview/performance/compute.md @@ -0,0 +1,11 @@ +# Impact of runtime encryption on compute performance + +All nodes in a Constellation cluster are executed inside Confidential VMs (CVMs). Consequently, the performance of Constellation is inherently linked to the performance of these CVMs. + +## AMD and Azure benchmarking + +AMD and Azure have collectively released a [performance benchmark](https://community.amd.com/t5/business/microsoft-azure-confidential-computing-powered-by-3rd-gen-epyc/ba-p/497796) for CVMs that utilize 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. This benchmark, which included a variety of mostly compute-intensive tests such as SPEC CPU 2017 and CoreMark, demonstrated that CVMs experience only minor performance degradation (ranging from 2% to 8%) when compared to standard VMs. Such results are indicative of the performance that can be expected from compute-intensive workloads running with Constellation on Azure. + +## AMD and Google benchmarking + +Similarly, AMD and Google have jointly released a [performance benchmark](https://www.amd.com/system/files/documents/3rd-gen-epyc-gcp-c2d-conf-compute-perf-brief.pdf) for CVMs employing 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. With high-performance computing workloads such as WRF, NAMD, Ansys CFS, and Ansys LS_DYNA, they observed analogous findings, with only minor performance degradation (between 2% and 4%) compared to standard VMs. These outcomes are reflective of the performance that can be expected for compute-intensive workloads running with Constellation on GCP. diff --git a/docs/versioned_docs/version-2.14/overview/performance/performance.md b/docs/versioned_docs/version-2.14/overview/performance/performance.md index 7f22a693e..59bf86602 100644 --- a/docs/versioned_docs/version-2.14/overview/performance/performance.md +++ b/docs/versioned_docs/version-2.14/overview/performance/performance.md @@ -1,18 +1,10 @@ # Performance analysis of Constellation -This section provides a comprehensive examination of the performance characteristics of Constellation, encompassing various aspects, including runtime encryption, I/O benchmarks, and real-world applications. +This section provides a comprehensive examination of the performance characteristics of Constellation. -## Impact of runtime encryption on performance +## Runtime encryption -All nodes in a Constellation cluster are executed inside Confidential VMs (CVMs). Consequently, the performance of Constellation is inherently linked to the performance of these CVMs. - -### AMD and Azure benchmarking - -AMD and Azure have collectively released a [performance benchmark](https://community.amd.com/t5/business/microsoft-azure-confidential-computing-powered-by-3rd-gen-epyc/ba-p/497796) for CVMs that utilize 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. This benchmark, which included a variety of mostly compute-intensive tests such as SPEC CPU 2017 and CoreMark, demonstrated that CVMs experience only minor performance degradation (ranging from 2% to 8%) when compared to standard VMs. Such results are indicative of the performance that can be expected from compute-intensive workloads running with Constellation on Azure. - -### AMD and Google benchmarking - -Similarly, AMD and Google have jointly released a [performance benchmark](https://www.amd.com/system/files/documents/3rd-gen-epyc-gcp-c2d-conf-compute-perf-brief.pdf) for CVMs employing 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. With high-performance computing workloads such as WRF, NAMD, Ansys CFS, and Ansys LS_DYNA, they observed analogous findings, with only minor performance degradation (between 2% and 4%) compared to standard VMs. These outcomes are reflective of the performance that can be expected for compute-intensive workloads running with Constellation on GCP. +Runtime encryption affects compute performance. [Benchmarks by Azure and Google](compute.md) show that the performance degradation of Confidential VMs (CVMs) is small, ranging from 2% to 8% for compute-intensive workloads. ## I/O performance benchmarks diff --git a/docs/versioned_docs/version-2.14/workflows/verify-cli.md b/docs/versioned_docs/version-2.14/workflows/verify-cli.md index 1280c51b0..78341f314 100644 --- a/docs/versioned_docs/version-2.14/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.14/workflows/verify-cli.md @@ -33,6 +33,10 @@ You don't need to verify the Constellation node images. This is done automatical ## Verify the signature +:::info +This guide assumes Linux on an amd64 processor. The exact steps for other platforms differ slightly. +::: + First, [install the Cosign CLI](https://docs.sigstore.dev/system_config/installation). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: ```shell-session diff --git a/docs/versioned_docs/version-2.15/overview/performance/compute.md b/docs/versioned_docs/version-2.15/overview/performance/compute.md new file mode 100644 index 000000000..88dd4b1b2 --- /dev/null +++ b/docs/versioned_docs/version-2.15/overview/performance/compute.md @@ -0,0 +1,11 @@ +# Impact of runtime encryption on compute performance + +All nodes in a Constellation cluster are executed inside Confidential VMs (CVMs). Consequently, the performance of Constellation is inherently linked to the performance of these CVMs. + +## AMD and Azure benchmarking + +AMD and Azure have collectively released a [performance benchmark](https://community.amd.com/t5/business/microsoft-azure-confidential-computing-powered-by-3rd-gen-epyc/ba-p/497796) for CVMs that utilize 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. This benchmark, which included a variety of mostly compute-intensive tests such as SPEC CPU 2017 and CoreMark, demonstrated that CVMs experience only minor performance degradation (ranging from 2% to 8%) when compared to standard VMs. Such results are indicative of the performance that can be expected from compute-intensive workloads running with Constellation on Azure. + +## AMD and Google benchmarking + +Similarly, AMD and Google have jointly released a [performance benchmark](https://www.amd.com/system/files/documents/3rd-gen-epyc-gcp-c2d-conf-compute-perf-brief.pdf) for CVMs employing 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. With high-performance computing workloads such as WRF, NAMD, Ansys CFS, and Ansys LS_DYNA, they observed analogous findings, with only minor performance degradation (between 2% and 4%) compared to standard VMs. These outcomes are reflective of the performance that can be expected for compute-intensive workloads running with Constellation on GCP. diff --git a/docs/versioned_docs/version-2.15/overview/performance/performance.md b/docs/versioned_docs/version-2.15/overview/performance/performance.md index 7f22a693e..59bf86602 100644 --- a/docs/versioned_docs/version-2.15/overview/performance/performance.md +++ b/docs/versioned_docs/version-2.15/overview/performance/performance.md @@ -1,18 +1,10 @@ # Performance analysis of Constellation -This section provides a comprehensive examination of the performance characteristics of Constellation, encompassing various aspects, including runtime encryption, I/O benchmarks, and real-world applications. +This section provides a comprehensive examination of the performance characteristics of Constellation. -## Impact of runtime encryption on performance +## Runtime encryption -All nodes in a Constellation cluster are executed inside Confidential VMs (CVMs). Consequently, the performance of Constellation is inherently linked to the performance of these CVMs. - -### AMD and Azure benchmarking - -AMD and Azure have collectively released a [performance benchmark](https://community.amd.com/t5/business/microsoft-azure-confidential-computing-powered-by-3rd-gen-epyc/ba-p/497796) for CVMs that utilize 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. This benchmark, which included a variety of mostly compute-intensive tests such as SPEC CPU 2017 and CoreMark, demonstrated that CVMs experience only minor performance degradation (ranging from 2% to 8%) when compared to standard VMs. Such results are indicative of the performance that can be expected from compute-intensive workloads running with Constellation on Azure. - -### AMD and Google benchmarking - -Similarly, AMD and Google have jointly released a [performance benchmark](https://www.amd.com/system/files/documents/3rd-gen-epyc-gcp-c2d-conf-compute-perf-brief.pdf) for CVMs employing 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. With high-performance computing workloads such as WRF, NAMD, Ansys CFS, and Ansys LS_DYNA, they observed analogous findings, with only minor performance degradation (between 2% and 4%) compared to standard VMs. These outcomes are reflective of the performance that can be expected for compute-intensive workloads running with Constellation on GCP. +Runtime encryption affects compute performance. [Benchmarks by Azure and Google](compute.md) show that the performance degradation of Confidential VMs (CVMs) is small, ranging from 2% to 8% for compute-intensive workloads. ## I/O performance benchmarks diff --git a/docs/versioned_docs/version-2.15/workflows/verify-cli.md b/docs/versioned_docs/version-2.15/workflows/verify-cli.md index 1280c51b0..78341f314 100644 --- a/docs/versioned_docs/version-2.15/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.15/workflows/verify-cli.md @@ -33,6 +33,10 @@ You don't need to verify the Constellation node images. This is done automatical ## Verify the signature +:::info +This guide assumes Linux on an amd64 processor. The exact steps for other platforms differ slightly. +::: + First, [install the Cosign CLI](https://docs.sigstore.dev/system_config/installation). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: ```shell-session diff --git a/docs/versioned_docs/version-2.16/overview/performance/compute.md b/docs/versioned_docs/version-2.16/overview/performance/compute.md new file mode 100644 index 000000000..88dd4b1b2 --- /dev/null +++ b/docs/versioned_docs/version-2.16/overview/performance/compute.md @@ -0,0 +1,11 @@ +# Impact of runtime encryption on compute performance + +All nodes in a Constellation cluster are executed inside Confidential VMs (CVMs). Consequently, the performance of Constellation is inherently linked to the performance of these CVMs. + +## AMD and Azure benchmarking + +AMD and Azure have collectively released a [performance benchmark](https://community.amd.com/t5/business/microsoft-azure-confidential-computing-powered-by-3rd-gen-epyc/ba-p/497796) for CVMs that utilize 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. This benchmark, which included a variety of mostly compute-intensive tests such as SPEC CPU 2017 and CoreMark, demonstrated that CVMs experience only minor performance degradation (ranging from 2% to 8%) when compared to standard VMs. Such results are indicative of the performance that can be expected from compute-intensive workloads running with Constellation on Azure. + +## AMD and Google benchmarking + +Similarly, AMD and Google have jointly released a [performance benchmark](https://www.amd.com/system/files/documents/3rd-gen-epyc-gcp-c2d-conf-compute-perf-brief.pdf) for CVMs employing 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. With high-performance computing workloads such as WRF, NAMD, Ansys CFS, and Ansys LS_DYNA, they observed analogous findings, with only minor performance degradation (between 2% and 4%) compared to standard VMs. These outcomes are reflective of the performance that can be expected for compute-intensive workloads running with Constellation on GCP. diff --git a/docs/versioned_docs/version-2.16/overview/performance/performance.md b/docs/versioned_docs/version-2.16/overview/performance/performance.md index 7f22a693e..59bf86602 100644 --- a/docs/versioned_docs/version-2.16/overview/performance/performance.md +++ b/docs/versioned_docs/version-2.16/overview/performance/performance.md @@ -1,18 +1,10 @@ # Performance analysis of Constellation -This section provides a comprehensive examination of the performance characteristics of Constellation, encompassing various aspects, including runtime encryption, I/O benchmarks, and real-world applications. +This section provides a comprehensive examination of the performance characteristics of Constellation. -## Impact of runtime encryption on performance +## Runtime encryption -All nodes in a Constellation cluster are executed inside Confidential VMs (CVMs). Consequently, the performance of Constellation is inherently linked to the performance of these CVMs. - -### AMD and Azure benchmarking - -AMD and Azure have collectively released a [performance benchmark](https://community.amd.com/t5/business/microsoft-azure-confidential-computing-powered-by-3rd-gen-epyc/ba-p/497796) for CVMs that utilize 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. This benchmark, which included a variety of mostly compute-intensive tests such as SPEC CPU 2017 and CoreMark, demonstrated that CVMs experience only minor performance degradation (ranging from 2% to 8%) when compared to standard VMs. Such results are indicative of the performance that can be expected from compute-intensive workloads running with Constellation on Azure. - -### AMD and Google benchmarking - -Similarly, AMD and Google have jointly released a [performance benchmark](https://www.amd.com/system/files/documents/3rd-gen-epyc-gcp-c2d-conf-compute-perf-brief.pdf) for CVMs employing 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. With high-performance computing workloads such as WRF, NAMD, Ansys CFS, and Ansys LS_DYNA, they observed analogous findings, with only minor performance degradation (between 2% and 4%) compared to standard VMs. These outcomes are reflective of the performance that can be expected for compute-intensive workloads running with Constellation on GCP. +Runtime encryption affects compute performance. [Benchmarks by Azure and Google](compute.md) show that the performance degradation of Confidential VMs (CVMs) is small, ranging from 2% to 8% for compute-intensive workloads. ## I/O performance benchmarks diff --git a/docs/versioned_docs/version-2.16/workflows/lb.md b/docs/versioned_docs/version-2.16/workflows/lb.md index 11e403237..868e61076 100644 --- a/docs/versioned_docs/version-2.16/workflows/lb.md +++ b/docs/versioned_docs/version-2.16/workflows/lb.md @@ -4,12 +4,25 @@ Constellation integrates the native load balancers of each CSP. Therefore, to ex ## Internet-facing LB service on AWS -To expose your application service externally you might want to use a Kubernetes Service of type `LoadBalancer`. On AWS, load-balancing is achieved through the [AWS Load Balancing Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller) as in the managed EKS. +To expose your application service externally you might want to use a Kubernetes Service of type `LoadBalancer`. On AWS, load-balancing is achieved through the [AWS Load Balancer Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller) as in the managed EKS. -Since recent versions, the controller deploy an internal LB by default requiring to set an annotation `service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing` to have an internet-facing LB. For more details, see the [official docs](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/guide/service/nlb/). +Since recent versions, the controller deploy an internal LB by default requiring to set an annotation `service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing` to have an internet-facing LB. For more details, see the [official docs](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.7/guide/service/nlb/). For general information on LB with AWS see [Network load balancing on Amazon EKS](https://docs.aws.amazon.com/eks/latest/userguide/network-load-balancing.html). :::caution Before terminating the cluster, all LB backed services should be deleted, so that the controller can cleanup the related resources. ::: + +## Ingress on AWS + +The AWS Load Balancer Controller also provisions `Ingress` resources of class `alb`. +AWS Application Load Balancers (ALBs) can be configured with a [`target-type`](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.7/guide/ingress/annotations/#target-type). +The target type `ip` requires using the EKS container network solution, which makes it incompatible with Constellation. +If a service can be exposed on a `NodePort`, the target type `instance` can be used. + +See [Application load balancing on Amazon EKS](https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html) for more information. + +:::caution +Ingress handlers backed by AWS ALBs reside outside the Constellation cluster, so they shouldn't be handling sensitive traffic! +::: diff --git a/docs/versioned_docs/version-2.17/overview/performance/compute.md b/docs/versioned_docs/version-2.17/overview/performance/compute.md new file mode 100644 index 000000000..88dd4b1b2 --- /dev/null +++ b/docs/versioned_docs/version-2.17/overview/performance/compute.md @@ -0,0 +1,11 @@ +# Impact of runtime encryption on compute performance + +All nodes in a Constellation cluster are executed inside Confidential VMs (CVMs). Consequently, the performance of Constellation is inherently linked to the performance of these CVMs. + +## AMD and Azure benchmarking + +AMD and Azure have collectively released a [performance benchmark](https://community.amd.com/t5/business/microsoft-azure-confidential-computing-powered-by-3rd-gen-epyc/ba-p/497796) for CVMs that utilize 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. This benchmark, which included a variety of mostly compute-intensive tests such as SPEC CPU 2017 and CoreMark, demonstrated that CVMs experience only minor performance degradation (ranging from 2% to 8%) when compared to standard VMs. Such results are indicative of the performance that can be expected from compute-intensive workloads running with Constellation on Azure. + +## AMD and Google benchmarking + +Similarly, AMD and Google have jointly released a [performance benchmark](https://www.amd.com/system/files/documents/3rd-gen-epyc-gcp-c2d-conf-compute-perf-brief.pdf) for CVMs employing 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. With high-performance computing workloads such as WRF, NAMD, Ansys CFS, and Ansys LS_DYNA, they observed analogous findings, with only minor performance degradation (between 2% and 4%) compared to standard VMs. These outcomes are reflective of the performance that can be expected for compute-intensive workloads running with Constellation on GCP. diff --git a/docs/versioned_docs/version-2.17/overview/performance/performance.md b/docs/versioned_docs/version-2.17/overview/performance/performance.md index 7f22a693e..59bf86602 100644 --- a/docs/versioned_docs/version-2.17/overview/performance/performance.md +++ b/docs/versioned_docs/version-2.17/overview/performance/performance.md @@ -1,18 +1,10 @@ # Performance analysis of Constellation -This section provides a comprehensive examination of the performance characteristics of Constellation, encompassing various aspects, including runtime encryption, I/O benchmarks, and real-world applications. +This section provides a comprehensive examination of the performance characteristics of Constellation. -## Impact of runtime encryption on performance +## Runtime encryption -All nodes in a Constellation cluster are executed inside Confidential VMs (CVMs). Consequently, the performance of Constellation is inherently linked to the performance of these CVMs. - -### AMD and Azure benchmarking - -AMD and Azure have collectively released a [performance benchmark](https://community.amd.com/t5/business/microsoft-azure-confidential-computing-powered-by-3rd-gen-epyc/ba-p/497796) for CVMs that utilize 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. This benchmark, which included a variety of mostly compute-intensive tests such as SPEC CPU 2017 and CoreMark, demonstrated that CVMs experience only minor performance degradation (ranging from 2% to 8%) when compared to standard VMs. Such results are indicative of the performance that can be expected from compute-intensive workloads running with Constellation on Azure. - -### AMD and Google benchmarking - -Similarly, AMD and Google have jointly released a [performance benchmark](https://www.amd.com/system/files/documents/3rd-gen-epyc-gcp-c2d-conf-compute-perf-brief.pdf) for CVMs employing 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. With high-performance computing workloads such as WRF, NAMD, Ansys CFS, and Ansys LS_DYNA, they observed analogous findings, with only minor performance degradation (between 2% and 4%) compared to standard VMs. These outcomes are reflective of the performance that can be expected for compute-intensive workloads running with Constellation on GCP. +Runtime encryption affects compute performance. [Benchmarks by Azure and Google](compute.md) show that the performance degradation of Confidential VMs (CVMs) is small, ranging from 2% to 8% for compute-intensive workloads. ## I/O performance benchmarks diff --git a/docs/versioned_sidebars/version-2.10-sidebars.json b/docs/versioned_sidebars/version-2.10-sidebars.json index 02898994d..9d47f4b26 100644 --- a/docs/versioned_sidebars/version-2.10-sidebars.json +++ b/docs/versioned_sidebars/version-2.10-sidebars.json @@ -40,6 +40,11 @@ "id": "overview/performance/performance" }, "items": [ + { + "type": "doc", + "label": "Compute benchmarks", + "id": "overview/performance/compute" + }, { "type": "doc", "label": "I/O benchmarks", diff --git a/docs/versioned_sidebars/version-2.11-sidebars.json b/docs/versioned_sidebars/version-2.11-sidebars.json index 17740bcca..8e0ad0ffb 100644 --- a/docs/versioned_sidebars/version-2.11-sidebars.json +++ b/docs/versioned_sidebars/version-2.11-sidebars.json @@ -40,6 +40,11 @@ "id": "overview/performance/performance" }, "items": [ + { + "type": "doc", + "label": "Compute benchmarks", + "id": "overview/performance/compute" + }, { "type": "doc", "label": "I/O benchmarks", diff --git a/docs/versioned_sidebars/version-2.12-sidebars.json b/docs/versioned_sidebars/version-2.12-sidebars.json index 81aaba77d..e4c845754 100644 --- a/docs/versioned_sidebars/version-2.12-sidebars.json +++ b/docs/versioned_sidebars/version-2.12-sidebars.json @@ -40,6 +40,11 @@ "id": "overview/performance/performance" }, "items": [ + { + "type": "doc", + "label": "Compute benchmarks", + "id": "overview/performance/compute" + }, { "type": "doc", "label": "I/O benchmarks", diff --git a/docs/versioned_sidebars/version-2.13-sidebars.json b/docs/versioned_sidebars/version-2.13-sidebars.json index 38caa4ac8..6317fc3f0 100644 --- a/docs/versioned_sidebars/version-2.13-sidebars.json +++ b/docs/versioned_sidebars/version-2.13-sidebars.json @@ -40,6 +40,11 @@ "id": "overview/performance/performance" }, "items": [ + { + "type": "doc", + "label": "Compute benchmarks", + "id": "overview/performance/compute" + }, { "type": "doc", "label": "I/O benchmarks", diff --git a/docs/versioned_sidebars/version-2.14-sidebars.json b/docs/versioned_sidebars/version-2.14-sidebars.json index 80e7edbea..ed97049b8 100644 --- a/docs/versioned_sidebars/version-2.14-sidebars.json +++ b/docs/versioned_sidebars/version-2.14-sidebars.json @@ -40,6 +40,11 @@ "id": "overview/performance/performance" }, "items": [ + { + "type": "doc", + "label": "Compute benchmarks", + "id": "overview/performance/compute" + }, { "type": "doc", "label": "I/O benchmarks", diff --git a/docs/versioned_sidebars/version-2.15-sidebars.json b/docs/versioned_sidebars/version-2.15-sidebars.json index b137f339c..09b5ec04e 100644 --- a/docs/versioned_sidebars/version-2.15-sidebars.json +++ b/docs/versioned_sidebars/version-2.15-sidebars.json @@ -40,6 +40,11 @@ "id": "overview/performance/performance" }, "items": [ + { + "type": "doc", + "label": "Compute benchmarks", + "id": "overview/performance/compute" + }, { "type": "doc", "label": "I/O benchmarks", diff --git a/docs/versioned_sidebars/version-2.16-sidebars.json b/docs/versioned_sidebars/version-2.16-sidebars.json index b137f339c..09b5ec04e 100644 --- a/docs/versioned_sidebars/version-2.16-sidebars.json +++ b/docs/versioned_sidebars/version-2.16-sidebars.json @@ -40,6 +40,11 @@ "id": "overview/performance/performance" }, "items": [ + { + "type": "doc", + "label": "Compute benchmarks", + "id": "overview/performance/compute" + }, { "type": "doc", "label": "I/O benchmarks", diff --git a/docs/versioned_sidebars/version-2.17-sidebars.json b/docs/versioned_sidebars/version-2.17-sidebars.json index b137f339c..09b5ec04e 100644 --- a/docs/versioned_sidebars/version-2.17-sidebars.json +++ b/docs/versioned_sidebars/version-2.17-sidebars.json @@ -40,6 +40,11 @@ "id": "overview/performance/performance" }, "items": [ + { + "type": "doc", + "label": "Compute benchmarks", + "id": "overview/performance/compute" + }, { "type": "doc", "label": "I/O benchmarks", From c2b720ca56b484b61d0d922cb8449e3be8a280cd Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 12 Jul 2024 10:30:37 +0200 Subject: [PATCH 159/380] deps: update Terraform dependencies (#3209) Co-authored-by: Markus Rudy --- .../vpn/on-prem-terraform/.terraform.lock.hcl | 48 +++++----- dev-docs/howto/vpn/on-prem-terraform/main.tf | 2 +- .../azure-terraform/.terraform.lock.hcl | 48 +++++----- .../miniconstellation/azure-terraform/main.tf | 2 +- e2e/miniconstellation/.terraform.lock.hcl | 48 +++++----- e2e/miniconstellation/main.tf | 2 +- .../infrastructure/aws/.terraform.lock.hcl | 60 ++++++------ terraform/infrastructure/aws/main.tf | 2 +- .../aws/modules/instance_group/main.tf | 2 +- .../aws/modules/jump_host/main.tf | 2 +- .../aws/modules/load_balancer_target/main.tf | 2 +- .../aws/modules/public_private_subnet/main.tf | 2 +- .../infrastructure/azure/.terraform.lock.hcl | 48 +++++----- terraform/infrastructure/azure/main.tf | 2 +- .../modules/load_balancer_backend/main.tf | 2 +- .../azure/modules/scale_set/main.tf | 2 +- .../infrastructure/gcp/.terraform.lock.hcl | 96 +++++++++---------- terraform/infrastructure/gcp/main.tf | 4 +- .../gcp/modules/instance_group/main.tf | 4 +- .../modules/internal_load_balancer/main.tf | 2 +- .../gcp/modules/jump_host/main.tf | 2 +- .../gcp/modules/loadbalancer/main.tf | 2 +- .../iam/aws/.terraform.lock.hcl | 60 ++++++------ terraform/infrastructure/iam/aws/main.tf | 2 +- .../iam/azure/.terraform.lock.hcl | 96 +++++++++---------- terraform/infrastructure/iam/azure/main.tf | 4 +- .../iam/gcp/.terraform.lock.hcl | 48 +++++----- terraform/infrastructure/iam/gcp/main.tf | 2 +- 28 files changed, 298 insertions(+), 298 deletions(-) diff --git a/dev-docs/howto/vpn/on-prem-terraform/.terraform.lock.hcl b/dev-docs/howto/vpn/on-prem-terraform/.terraform.lock.hcl index d093857ef..8ceeadbf5 100644 --- a/dev-docs/howto/vpn/on-prem-terraform/.terraform.lock.hcl +++ b/dev-docs/howto/vpn/on-prem-terraform/.terraform.lock.hcl @@ -2,32 +2,32 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.109.0" - constraints = "3.109.0" + version = "3.111.0" + constraints = "3.111.0" hashes = [ - "h1:/rMaSj3rKkD+jjzRs+awKuz9Cd6pbIpEuR4qYr/5cq0=", - "h1:1nfnYOD5/tzjCgXLCtP0x8rHkSePJvVsIlQn5mKjBOY=", - "h1:D3wf+0k6WoH7L8I1CuyS4WEWKiM6A4RZR3bmERRSSuY=", - "h1:Fk7L51TM48PIqPlmSjja7iiEL0w5mmfOimWfMsthhLU=", - "h1:On2MrclW5OMUV0zubyVHXONYni97C9ubs3rTAwUJ96Q=", - "h1:UDFgKaoVb+ghSl1HibucaspWbY1k3EgvX2GUCW8Yux0=", - "h1:UK+UFYL+ihy81hdglJlcgenxCslOTs9MK+ySRLm4izw=", - "h1:fiXyGhR/RCxjnZhq3iWXkQBS6yFlwZ0/QQMRlrpKAqo=", - "h1:rrySPpbxkcuBtlWs0cIb+vxfDKZd0XMQB7dYhfxuw8U=", - "h1:tb3a5x6HV4YRxyL3VpdTWe1vsKocKi1HT0KFWnF5ZjM=", - "h1:zpYt7my8y0S6Ob47FwE8cv+YiSwQzxKelJiA4Zlof4U=", - "zh:4324c3df26709c7e669b751259cc5e62c4694ab44370dfcdfe197dcd9261c365", - "zh:4e3e83649240cea7105cd2802d0ae64b143fb543c2f559173feae5a108bc4287", - "zh:74ebf6be1277e9bd357b011026b80fc5ec1c26b70ec7ddd5fcae5e977f9a66ef", - "zh:82cfd3c92035f834a05f4b91d813a059a29ff4157792e36a0b3a224cba8737ae", - "zh:93f05c8ae3555c885c84b82781b2e90774671c321138b7f3c38ecd498009e1d8", - "zh:9b445a9a1544b4b38db10fadbd9ffd5efdded0def54feb9ca593e1bec6fbec5f", - "zh:b21ccd2c1bc691cf2f9876482b6e226d8a37a48de951b168a10f96ba929ebefd", - "zh:b7b7e458eb3c22669e1d36e9ef1886272c10f310501001abce8ae76383014fa5", - "zh:bd3c0cf7caab0a989227934bc60a8ac27131efcf84dd77cb6e32e68374170aee", - "zh:f4b9ccbb28eadf3825f6d7d38a3519379de222f136235a2f21a96c0221d65fb8", + "h1:06sKYI5V2anZnr7t3lOpzO3DSd3AVTGO+53a4OauwoI=", + "h1:1gVEyHY/I1EMev2vbb6C6o0fAR+pEZrwGDeqRCDOhvE=", + "h1:6mCR0XyitRMsVfvPVpaTGsyNvc44vGeyr5c1O8kryno=", + "h1:8r1THxkuezf0Hys/wnVlPibEB7BeXd6FBahH+xWnmeI=", + "h1:Q7QmdpMoWo5yQilXPzHjErBe58RVEbGDtM8XB4uGtnw=", + "h1:WkapXDimZe5CzZpq3hIrz3RJ5MqIwF0rbL2i3HcPtGw=", + "h1:ipFQShK0j3mtJeSgSBQDR985KzwC19913+0GkiF8Sfo=", + "h1:oX22BXo+EthR6z90Yuu7EopfeSyG5dxehOrSWbsE+jk=", + "h1:oy2sT6XGlo+axoqFYGd6JceoqJTlWOaVKS0rJB0hRus=", + "h1:uuThLccbeEWYo2wpwDmlZ+TGfm7zCrwaJdw91TA3azg=", + "h1:vgrdy5JWGAK5N44/V75etoHIAMvXKNlMrIHTaWApehA=", + "zh:0db8afb9278993df7e74796bdd125153b07a7045e5ca1756783a8b8cfec564f4", + "zh:22c424fcfda13dc720caa289248c1b71b2ad20e329fd4a52cc6be7e45f795a4a", + "zh:471a2c1d7353bc21ef28963f006d2cf5276e7885b423fc0b73f2d8ce6cde72dd", + "zh:68bf81cb353c755d48792e881b6405919daa041e35de1d510209237d90d6c21f", + "zh:841d8664955bbc77f12095c9b1a4b3923362564a790fd945337759e9bc95d07e", + "zh:86e92f959056c573bf4b2be1d6cfa838dab06d3e5a944f371a1131e4c6477d88", + "zh:95a096ced57616659687970b5d618c2ce3cd54fa0311b7a7569435cacf39f26f", + "zh:c5656a11253ffdaee973e7292dd3c10a1db81f1fc9ee2d3041ae1182f7d25379", + "zh:cd6a1049de69280f339d6f83f30a9006bbe003a840a39eb7b5900990c5aadbb0", + "zh:e7b3d96f0c9ea47261dbd015f1f64fdb43c8ccb196afda862c0865e30d88245c", + "zh:f1ec7da6ab5526845274bff77e023b9faec71c2cf38bd18587274932b2aa2e89", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f8ef0b4a970ff5edeadfdeed77f9d0682befdca5df4e9b6d9dcfdf9903305b26", ] } diff --git a/dev-docs/howto/vpn/on-prem-terraform/main.tf b/dev-docs/howto/vpn/on-prem-terraform/main.tf index b6e8850f5..91f8e801d 100644 --- a/dev-docs/howto/vpn/on-prem-terraform/main.tf +++ b/dev-docs/howto/vpn/on-prem-terraform/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.109.0" + version = "3.111.0" } random = { source = "hashicorp/random" diff --git a/dev-docs/miniconstellation/azure-terraform/.terraform.lock.hcl b/dev-docs/miniconstellation/azure-terraform/.terraform.lock.hcl index 44ad1671c..54208c1ec 100644 --- a/dev-docs/miniconstellation/azure-terraform/.terraform.lock.hcl +++ b/dev-docs/miniconstellation/azure-terraform/.terraform.lock.hcl @@ -2,32 +2,32 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.109.0" - constraints = "3.109.0" + version = "3.111.0" + constraints = "3.111.0" hashes = [ - "h1:/rMaSj3rKkD+jjzRs+awKuz9Cd6pbIpEuR4qYr/5cq0=", - "h1:1nfnYOD5/tzjCgXLCtP0x8rHkSePJvVsIlQn5mKjBOY=", - "h1:D3wf+0k6WoH7L8I1CuyS4WEWKiM6A4RZR3bmERRSSuY=", - "h1:Fk7L51TM48PIqPlmSjja7iiEL0w5mmfOimWfMsthhLU=", - "h1:On2MrclW5OMUV0zubyVHXONYni97C9ubs3rTAwUJ96Q=", - "h1:UDFgKaoVb+ghSl1HibucaspWbY1k3EgvX2GUCW8Yux0=", - "h1:UK+UFYL+ihy81hdglJlcgenxCslOTs9MK+ySRLm4izw=", - "h1:fiXyGhR/RCxjnZhq3iWXkQBS6yFlwZ0/QQMRlrpKAqo=", - "h1:rrySPpbxkcuBtlWs0cIb+vxfDKZd0XMQB7dYhfxuw8U=", - "h1:tb3a5x6HV4YRxyL3VpdTWe1vsKocKi1HT0KFWnF5ZjM=", - "h1:zpYt7my8y0S6Ob47FwE8cv+YiSwQzxKelJiA4Zlof4U=", - "zh:4324c3df26709c7e669b751259cc5e62c4694ab44370dfcdfe197dcd9261c365", - "zh:4e3e83649240cea7105cd2802d0ae64b143fb543c2f559173feae5a108bc4287", - "zh:74ebf6be1277e9bd357b011026b80fc5ec1c26b70ec7ddd5fcae5e977f9a66ef", - "zh:82cfd3c92035f834a05f4b91d813a059a29ff4157792e36a0b3a224cba8737ae", - "zh:93f05c8ae3555c885c84b82781b2e90774671c321138b7f3c38ecd498009e1d8", - "zh:9b445a9a1544b4b38db10fadbd9ffd5efdded0def54feb9ca593e1bec6fbec5f", - "zh:b21ccd2c1bc691cf2f9876482b6e226d8a37a48de951b168a10f96ba929ebefd", - "zh:b7b7e458eb3c22669e1d36e9ef1886272c10f310501001abce8ae76383014fa5", - "zh:bd3c0cf7caab0a989227934bc60a8ac27131efcf84dd77cb6e32e68374170aee", - "zh:f4b9ccbb28eadf3825f6d7d38a3519379de222f136235a2f21a96c0221d65fb8", + "h1:06sKYI5V2anZnr7t3lOpzO3DSd3AVTGO+53a4OauwoI=", + "h1:1gVEyHY/I1EMev2vbb6C6o0fAR+pEZrwGDeqRCDOhvE=", + "h1:6mCR0XyitRMsVfvPVpaTGsyNvc44vGeyr5c1O8kryno=", + "h1:8r1THxkuezf0Hys/wnVlPibEB7BeXd6FBahH+xWnmeI=", + "h1:Q7QmdpMoWo5yQilXPzHjErBe58RVEbGDtM8XB4uGtnw=", + "h1:WkapXDimZe5CzZpq3hIrz3RJ5MqIwF0rbL2i3HcPtGw=", + "h1:ipFQShK0j3mtJeSgSBQDR985KzwC19913+0GkiF8Sfo=", + "h1:oX22BXo+EthR6z90Yuu7EopfeSyG5dxehOrSWbsE+jk=", + "h1:oy2sT6XGlo+axoqFYGd6JceoqJTlWOaVKS0rJB0hRus=", + "h1:uuThLccbeEWYo2wpwDmlZ+TGfm7zCrwaJdw91TA3azg=", + "h1:vgrdy5JWGAK5N44/V75etoHIAMvXKNlMrIHTaWApehA=", + "zh:0db8afb9278993df7e74796bdd125153b07a7045e5ca1756783a8b8cfec564f4", + "zh:22c424fcfda13dc720caa289248c1b71b2ad20e329fd4a52cc6be7e45f795a4a", + "zh:471a2c1d7353bc21ef28963f006d2cf5276e7885b423fc0b73f2d8ce6cde72dd", + "zh:68bf81cb353c755d48792e881b6405919daa041e35de1d510209237d90d6c21f", + "zh:841d8664955bbc77f12095c9b1a4b3923362564a790fd945337759e9bc95d07e", + "zh:86e92f959056c573bf4b2be1d6cfa838dab06d3e5a944f371a1131e4c6477d88", + "zh:95a096ced57616659687970b5d618c2ce3cd54fa0311b7a7569435cacf39f26f", + "zh:c5656a11253ffdaee973e7292dd3c10a1db81f1fc9ee2d3041ae1182f7d25379", + "zh:cd6a1049de69280f339d6f83f30a9006bbe003a840a39eb7b5900990c5aadbb0", + "zh:e7b3d96f0c9ea47261dbd015f1f64fdb43c8ccb196afda862c0865e30d88245c", + "zh:f1ec7da6ab5526845274bff77e023b9faec71c2cf38bd18587274932b2aa2e89", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f8ef0b4a970ff5edeadfdeed77f9d0682befdca5df4e9b6d9dcfdf9903305b26", ] } diff --git a/dev-docs/miniconstellation/azure-terraform/main.tf b/dev-docs/miniconstellation/azure-terraform/main.tf index 0c728ec0a..57128eb86 100644 --- a/dev-docs/miniconstellation/azure-terraform/main.tf +++ b/dev-docs/miniconstellation/azure-terraform/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.109.0" + version = "3.111.0" } random = { source = "hashicorp/random" diff --git a/e2e/miniconstellation/.terraform.lock.hcl b/e2e/miniconstellation/.terraform.lock.hcl index 44ad1671c..54208c1ec 100644 --- a/e2e/miniconstellation/.terraform.lock.hcl +++ b/e2e/miniconstellation/.terraform.lock.hcl @@ -2,32 +2,32 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.109.0" - constraints = "3.109.0" + version = "3.111.0" + constraints = "3.111.0" hashes = [ - "h1:/rMaSj3rKkD+jjzRs+awKuz9Cd6pbIpEuR4qYr/5cq0=", - "h1:1nfnYOD5/tzjCgXLCtP0x8rHkSePJvVsIlQn5mKjBOY=", - "h1:D3wf+0k6WoH7L8I1CuyS4WEWKiM6A4RZR3bmERRSSuY=", - "h1:Fk7L51TM48PIqPlmSjja7iiEL0w5mmfOimWfMsthhLU=", - "h1:On2MrclW5OMUV0zubyVHXONYni97C9ubs3rTAwUJ96Q=", - "h1:UDFgKaoVb+ghSl1HibucaspWbY1k3EgvX2GUCW8Yux0=", - "h1:UK+UFYL+ihy81hdglJlcgenxCslOTs9MK+ySRLm4izw=", - "h1:fiXyGhR/RCxjnZhq3iWXkQBS6yFlwZ0/QQMRlrpKAqo=", - "h1:rrySPpbxkcuBtlWs0cIb+vxfDKZd0XMQB7dYhfxuw8U=", - "h1:tb3a5x6HV4YRxyL3VpdTWe1vsKocKi1HT0KFWnF5ZjM=", - "h1:zpYt7my8y0S6Ob47FwE8cv+YiSwQzxKelJiA4Zlof4U=", - "zh:4324c3df26709c7e669b751259cc5e62c4694ab44370dfcdfe197dcd9261c365", - "zh:4e3e83649240cea7105cd2802d0ae64b143fb543c2f559173feae5a108bc4287", - "zh:74ebf6be1277e9bd357b011026b80fc5ec1c26b70ec7ddd5fcae5e977f9a66ef", - "zh:82cfd3c92035f834a05f4b91d813a059a29ff4157792e36a0b3a224cba8737ae", - "zh:93f05c8ae3555c885c84b82781b2e90774671c321138b7f3c38ecd498009e1d8", - "zh:9b445a9a1544b4b38db10fadbd9ffd5efdded0def54feb9ca593e1bec6fbec5f", - "zh:b21ccd2c1bc691cf2f9876482b6e226d8a37a48de951b168a10f96ba929ebefd", - "zh:b7b7e458eb3c22669e1d36e9ef1886272c10f310501001abce8ae76383014fa5", - "zh:bd3c0cf7caab0a989227934bc60a8ac27131efcf84dd77cb6e32e68374170aee", - "zh:f4b9ccbb28eadf3825f6d7d38a3519379de222f136235a2f21a96c0221d65fb8", + "h1:06sKYI5V2anZnr7t3lOpzO3DSd3AVTGO+53a4OauwoI=", + "h1:1gVEyHY/I1EMev2vbb6C6o0fAR+pEZrwGDeqRCDOhvE=", + "h1:6mCR0XyitRMsVfvPVpaTGsyNvc44vGeyr5c1O8kryno=", + "h1:8r1THxkuezf0Hys/wnVlPibEB7BeXd6FBahH+xWnmeI=", + "h1:Q7QmdpMoWo5yQilXPzHjErBe58RVEbGDtM8XB4uGtnw=", + "h1:WkapXDimZe5CzZpq3hIrz3RJ5MqIwF0rbL2i3HcPtGw=", + "h1:ipFQShK0j3mtJeSgSBQDR985KzwC19913+0GkiF8Sfo=", + "h1:oX22BXo+EthR6z90Yuu7EopfeSyG5dxehOrSWbsE+jk=", + "h1:oy2sT6XGlo+axoqFYGd6JceoqJTlWOaVKS0rJB0hRus=", + "h1:uuThLccbeEWYo2wpwDmlZ+TGfm7zCrwaJdw91TA3azg=", + "h1:vgrdy5JWGAK5N44/V75etoHIAMvXKNlMrIHTaWApehA=", + "zh:0db8afb9278993df7e74796bdd125153b07a7045e5ca1756783a8b8cfec564f4", + "zh:22c424fcfda13dc720caa289248c1b71b2ad20e329fd4a52cc6be7e45f795a4a", + "zh:471a2c1d7353bc21ef28963f006d2cf5276e7885b423fc0b73f2d8ce6cde72dd", + "zh:68bf81cb353c755d48792e881b6405919daa041e35de1d510209237d90d6c21f", + "zh:841d8664955bbc77f12095c9b1a4b3923362564a790fd945337759e9bc95d07e", + "zh:86e92f959056c573bf4b2be1d6cfa838dab06d3e5a944f371a1131e4c6477d88", + "zh:95a096ced57616659687970b5d618c2ce3cd54fa0311b7a7569435cacf39f26f", + "zh:c5656a11253ffdaee973e7292dd3c10a1db81f1fc9ee2d3041ae1182f7d25379", + "zh:cd6a1049de69280f339d6f83f30a9006bbe003a840a39eb7b5900990c5aadbb0", + "zh:e7b3d96f0c9ea47261dbd015f1f64fdb43c8ccb196afda862c0865e30d88245c", + "zh:f1ec7da6ab5526845274bff77e023b9faec71c2cf38bd18587274932b2aa2e89", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f8ef0b4a970ff5edeadfdeed77f9d0682befdca5df4e9b6d9dcfdf9903305b26", ] } diff --git a/e2e/miniconstellation/main.tf b/e2e/miniconstellation/main.tf index 58287f33e..c2e1bc2a5 100644 --- a/e2e/miniconstellation/main.tf +++ b/e2e/miniconstellation/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.109.0" + version = "3.111.0" } random = { source = "hashicorp/random" diff --git a/terraform/infrastructure/aws/.terraform.lock.hcl b/terraform/infrastructure/aws/.terraform.lock.hcl index ed54a49eb..22f27bd4b 100644 --- a/terraform/infrastructure/aws/.terraform.lock.hcl +++ b/terraform/infrastructure/aws/.terraform.lock.hcl @@ -2,38 +2,38 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { - version = "5.55.0" - constraints = "5.55.0" + version = "5.57.0" + constraints = "5.57.0" hashes = [ - "h1:3zm88eQrbQHiptPt27WpSr8sJRonvMzeeegFYKZ9/vQ=", - "h1:E6Ax11q2/k3KDz0XfKz+NWvM+MOqKgbnoe5iGI6UpvI=", - "h1:Ecp/Us36Q7cPmM6CJuhVoQpJ8Fr3857u2aY5u90b744=", - "h1:Fm/qcPuwi3JXV+x+6zKHeQwVGDdGkCu+mjdPKY+eBCQ=", - "h1:K/aEWNwFhDOjbU9bmtAUvy84IZCkVZDhNubxm2J8KuU=", - "h1:NHFZsgJpjqVy+n9tt7uV5gWArMkjFzfo7bUdaT90CQk=", - "h1:NHgKROQfH2vdYgpcD046DrCbFLIONgIzj4UeVNdku3w=", - "h1:V3StWoMxIwKEJ61jlwin+0fdGqDFeBBNQqje57B9nqc=", - "h1:bBEd61mviRihR9/r+nsd8Sq3OU+etHQhBcBdOaVix2g=", - "h1:e8vKwGg6c6CsbbHEpnjQE+5luDVcC5qyKZ5Vv/T5Z1U=", - "h1:lpxW8Myr+VNsbe/xiqbsQ6cLXAkGlmgIjjJYLhhQMf4=", - "h1:pbABD0XsrwOxYmctcsGKjwSTEzaGFL2RR164CSf1O+Q=", - "h1:vChl08zNYLVzuSzfxz3wp3wNSx+vjwl/jPuyPbg59Ks=", - "h1:ys4tLt+sbqNUEicl2tO7gWvEZ6QPK4PwEv/mPc31Na0=", - "zh:06fbb1cc4b61b9d6370d391bf7538aa6ef8b60b91c67d125a6be60a70b1d49f0", - "zh:1d52acd2184f379433a0fce2c29d5ed8fc7958d6a9d1b403310dcc36b2a3f626", - "zh:290bbce092f8836a1db530ac86d933cfea27d52b827639974a81bc48dfba8c34", - "zh:3531f2822c2de3ba837381c4ee4816c5b437fd204c07d659526a04d9154a65e8", - "zh:56d70db4c8c6c0ec1b665380b87726275f4ab3665b4b78ac86dc90e1010c0fe3", - "zh:8251d713c0b2c8c51b6858e51c70d083b484342ff9782a88c39e7eaa966c3da2", - "zh:9a7d1f7207e51382a7dd139dfd5786e7e905edf9bf89bbee4b59ad41365e87be", + "h1:0vkeOAKaYJn/Qo1LT5BMMYcfxxorbdg6Wjm5cRUaSsk=", + "h1:47axyGCVgEBHaQThoNSabiGsrpFXGdIK+uLXqADLNeI=", + "h1:78RIKu5Kn+y7jwbk3Av+z64OQ+ubOqzkr+WkG2BLeXs=", + "h1:9yi3yb3XOMjj/xsSbOfscfmQzPUQ7sZqSYSBfGSfkBA=", + "h1:B8Rpgfr1+wt2ByOZYWZL0cIoOcfSUUYkajsF+ocZ97o=", + "h1:FPU7aOZNSo+wwydZpmA7sB4nt1d0Wgkh0cb5Zl+WNj4=", + "h1:KMPhyxoRthbmc11+RbClq5bricmGDICh1NgE3nPjN7U=", + "h1:PXidujIDQyFAIS9qHoEdsonNbfV7TWXiFYag/KLnq7c=", + "h1:RaNKerWC8c10tAXCRUNqO9FVLw3qIYwQN4Zp4+O/rWE=", + "h1:bSps73eq0YgIZf73/JvKKve40TNGfTB6+86bmT4ABGI=", + "h1:txjX+di/ltKLPAcNKskNjoVB4g/KjKfOYwCq9Tne+JI=", + "h1:u7FszdKvOSKA53nsWnNOuh0/GtKwzBe6uIlAoTEWeyU=", + "h1:y4fdaiu5VqzHOTjsuB0mTI33hoKYc4MnloHWjLCuA3c=", + "h1:yz3Y5KM6UgOzpOrlR/ExM4mlD2wAGvzlhkfODzuVHE8=", + "zh:03761bedb72290599aef0040d3cefb77842f0ef4338673a7e5b53557b0ca4960", + "zh:1c70c050116370688abd239979b06f33c5c8cb7f6e59e89f60cf08ee01666064", + "zh:1cc3b259028a65b2f68ffc25df876bbb0f46d108f262b8ec7c56fc597ac697af", + "zh:3bcdf1415b37f39b71e07d4d92977cf8697f07602382d63687d5f683fee0231a", + "zh:40b1774a2cacc84002ac88ef30fb017c273009456d7a1f9f7c5a4a057041ec75", + "zh:46d51fa066c6441594a1e242c9491cc31dbb2dc85f1acf8bc54ad6faa4de524b", + "zh:550e5635b0cd5d98fa66c2afd5dbb1563a8e019be9f760bd1543fbcca763f0c1", + "zh:7acc8357b5e02ed3eb478125614d049511d6faeb9850c084d6e6519db875f0d1", + "zh:7f7367299811ddf5560a0586e525d57dd52f1a0ca37e42e2c5284308069bf2b6", + "zh:8766cc10c83b1fc2e971c4e645bc4d3c871d4758eb54b0a3216600c66e3db681", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:a529c78dfc60063289524690af78794e99a768835b88e27cdfec15bc85439f7c", - "zh:b6da1843355db05c5d412126406fd97db2a6ff9edc166b81c1cea2994535b4eb", - "zh:bfc08cd23b1556b3287d1b28ac7f12c7d459471d97a0592bf2579ea68d11bae7", - "zh:c382088faf05894191636b57861069a21de10a5ff4eb8f7cc122e764ccf7a4a8", - "zh:e27f99f389921314ee428b24990d3a829057ce532b2beb33c69387458722edd9", - "zh:ef11285eedb45ffc3fb2ecdfefa206e64eb2760a87fff15c44dee42de9703436", - "zh:fedc4ebee0d6fe196691127004db5d1ff8bd22e3b667a74026bb92c607589b6c", + "zh:a1e85b1fb9004d8ffab7600304e02bce4aa14cea9f0ad77fbd7b84aae6390760", + "zh:bcf2fc83bd9e20e5a930d9d596eb813c319f2b007c620b1818e574c1702eb9a9", + "zh:d2538fcb20dc2afc04b716f67969944eef7f4fc4296410116d5b7af1811100f2", + "zh:e0e47c5d8710bbfcfe4db1cfa81c67e320056006d08063e69640cd2d492c6f64", ] } diff --git a/terraform/infrastructure/aws/main.tf b/terraform/infrastructure/aws/main.tf index 0ec6f7f98..b3bb9d298 100644 --- a/terraform/infrastructure/aws/main.tf +++ b/terraform/infrastructure/aws/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "5.55.0" + version = "5.57.0" } random = { source = "hashicorp/random" diff --git a/terraform/infrastructure/aws/modules/instance_group/main.tf b/terraform/infrastructure/aws/modules/instance_group/main.tf index 67be53632..bc067e225 100644 --- a/terraform/infrastructure/aws/modules/instance_group/main.tf +++ b/terraform/infrastructure/aws/modules/instance_group/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "5.55.0" + version = "5.57.0" } random = { source = "hashicorp/random" diff --git a/terraform/infrastructure/aws/modules/jump_host/main.tf b/terraform/infrastructure/aws/modules/jump_host/main.tf index 6d53d0064..31e6b69d9 100644 --- a/terraform/infrastructure/aws/modules/jump_host/main.tf +++ b/terraform/infrastructure/aws/modules/jump_host/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "5.55.0" + version = "5.57.0" } } } diff --git a/terraform/infrastructure/aws/modules/load_balancer_target/main.tf b/terraform/infrastructure/aws/modules/load_balancer_target/main.tf index c21b9589d..2dc9d0d39 100644 --- a/terraform/infrastructure/aws/modules/load_balancer_target/main.tf +++ b/terraform/infrastructure/aws/modules/load_balancer_target/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "5.55.0" + version = "5.57.0" } } } diff --git a/terraform/infrastructure/aws/modules/public_private_subnet/main.tf b/terraform/infrastructure/aws/modules/public_private_subnet/main.tf index 796981aa2..a6679e13a 100644 --- a/terraform/infrastructure/aws/modules/public_private_subnet/main.tf +++ b/terraform/infrastructure/aws/modules/public_private_subnet/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "5.55.0" + version = "5.57.0" } } } diff --git a/terraform/infrastructure/azure/.terraform.lock.hcl b/terraform/infrastructure/azure/.terraform.lock.hcl index d093857ef..8ceeadbf5 100644 --- a/terraform/infrastructure/azure/.terraform.lock.hcl +++ b/terraform/infrastructure/azure/.terraform.lock.hcl @@ -2,32 +2,32 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.109.0" - constraints = "3.109.0" + version = "3.111.0" + constraints = "3.111.0" hashes = [ - "h1:/rMaSj3rKkD+jjzRs+awKuz9Cd6pbIpEuR4qYr/5cq0=", - "h1:1nfnYOD5/tzjCgXLCtP0x8rHkSePJvVsIlQn5mKjBOY=", - "h1:D3wf+0k6WoH7L8I1CuyS4WEWKiM6A4RZR3bmERRSSuY=", - "h1:Fk7L51TM48PIqPlmSjja7iiEL0w5mmfOimWfMsthhLU=", - "h1:On2MrclW5OMUV0zubyVHXONYni97C9ubs3rTAwUJ96Q=", - "h1:UDFgKaoVb+ghSl1HibucaspWbY1k3EgvX2GUCW8Yux0=", - "h1:UK+UFYL+ihy81hdglJlcgenxCslOTs9MK+ySRLm4izw=", - "h1:fiXyGhR/RCxjnZhq3iWXkQBS6yFlwZ0/QQMRlrpKAqo=", - "h1:rrySPpbxkcuBtlWs0cIb+vxfDKZd0XMQB7dYhfxuw8U=", - "h1:tb3a5x6HV4YRxyL3VpdTWe1vsKocKi1HT0KFWnF5ZjM=", - "h1:zpYt7my8y0S6Ob47FwE8cv+YiSwQzxKelJiA4Zlof4U=", - "zh:4324c3df26709c7e669b751259cc5e62c4694ab44370dfcdfe197dcd9261c365", - "zh:4e3e83649240cea7105cd2802d0ae64b143fb543c2f559173feae5a108bc4287", - "zh:74ebf6be1277e9bd357b011026b80fc5ec1c26b70ec7ddd5fcae5e977f9a66ef", - "zh:82cfd3c92035f834a05f4b91d813a059a29ff4157792e36a0b3a224cba8737ae", - "zh:93f05c8ae3555c885c84b82781b2e90774671c321138b7f3c38ecd498009e1d8", - "zh:9b445a9a1544b4b38db10fadbd9ffd5efdded0def54feb9ca593e1bec6fbec5f", - "zh:b21ccd2c1bc691cf2f9876482b6e226d8a37a48de951b168a10f96ba929ebefd", - "zh:b7b7e458eb3c22669e1d36e9ef1886272c10f310501001abce8ae76383014fa5", - "zh:bd3c0cf7caab0a989227934bc60a8ac27131efcf84dd77cb6e32e68374170aee", - "zh:f4b9ccbb28eadf3825f6d7d38a3519379de222f136235a2f21a96c0221d65fb8", + "h1:06sKYI5V2anZnr7t3lOpzO3DSd3AVTGO+53a4OauwoI=", + "h1:1gVEyHY/I1EMev2vbb6C6o0fAR+pEZrwGDeqRCDOhvE=", + "h1:6mCR0XyitRMsVfvPVpaTGsyNvc44vGeyr5c1O8kryno=", + "h1:8r1THxkuezf0Hys/wnVlPibEB7BeXd6FBahH+xWnmeI=", + "h1:Q7QmdpMoWo5yQilXPzHjErBe58RVEbGDtM8XB4uGtnw=", + "h1:WkapXDimZe5CzZpq3hIrz3RJ5MqIwF0rbL2i3HcPtGw=", + "h1:ipFQShK0j3mtJeSgSBQDR985KzwC19913+0GkiF8Sfo=", + "h1:oX22BXo+EthR6z90Yuu7EopfeSyG5dxehOrSWbsE+jk=", + "h1:oy2sT6XGlo+axoqFYGd6JceoqJTlWOaVKS0rJB0hRus=", + "h1:uuThLccbeEWYo2wpwDmlZ+TGfm7zCrwaJdw91TA3azg=", + "h1:vgrdy5JWGAK5N44/V75etoHIAMvXKNlMrIHTaWApehA=", + "zh:0db8afb9278993df7e74796bdd125153b07a7045e5ca1756783a8b8cfec564f4", + "zh:22c424fcfda13dc720caa289248c1b71b2ad20e329fd4a52cc6be7e45f795a4a", + "zh:471a2c1d7353bc21ef28963f006d2cf5276e7885b423fc0b73f2d8ce6cde72dd", + "zh:68bf81cb353c755d48792e881b6405919daa041e35de1d510209237d90d6c21f", + "zh:841d8664955bbc77f12095c9b1a4b3923362564a790fd945337759e9bc95d07e", + "zh:86e92f959056c573bf4b2be1d6cfa838dab06d3e5a944f371a1131e4c6477d88", + "zh:95a096ced57616659687970b5d618c2ce3cd54fa0311b7a7569435cacf39f26f", + "zh:c5656a11253ffdaee973e7292dd3c10a1db81f1fc9ee2d3041ae1182f7d25379", + "zh:cd6a1049de69280f339d6f83f30a9006bbe003a840a39eb7b5900990c5aadbb0", + "zh:e7b3d96f0c9ea47261dbd015f1f64fdb43c8ccb196afda862c0865e30d88245c", + "zh:f1ec7da6ab5526845274bff77e023b9faec71c2cf38bd18587274932b2aa2e89", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f8ef0b4a970ff5edeadfdeed77f9d0682befdca5df4e9b6d9dcfdf9903305b26", ] } diff --git a/terraform/infrastructure/azure/main.tf b/terraform/infrastructure/azure/main.tf index 31fdbe9dd..7338f86ba 100644 --- a/terraform/infrastructure/azure/main.tf +++ b/terraform/infrastructure/azure/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.109.0" + version = "3.111.0" } random = { source = "hashicorp/random" diff --git a/terraform/infrastructure/azure/modules/load_balancer_backend/main.tf b/terraform/infrastructure/azure/modules/load_balancer_backend/main.tf index 177d08fef..bd2d05ac7 100644 --- a/terraform/infrastructure/azure/modules/load_balancer_backend/main.tf +++ b/terraform/infrastructure/azure/modules/load_balancer_backend/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.109.0" + version = "3.111.0" } } } diff --git a/terraform/infrastructure/azure/modules/scale_set/main.tf b/terraform/infrastructure/azure/modules/scale_set/main.tf index a02762e74..9bd3d6cb9 100644 --- a/terraform/infrastructure/azure/modules/scale_set/main.tf +++ b/terraform/infrastructure/azure/modules/scale_set/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.109.0" + version = "3.111.0" } random = { source = "hashicorp/random" diff --git a/terraform/infrastructure/gcp/.terraform.lock.hcl b/terraform/infrastructure/gcp/.terraform.lock.hcl index 025f4fc45..8906d5141 100644 --- a/terraform/infrastructure/gcp/.terraform.lock.hcl +++ b/terraform/infrastructure/gcp/.terraform.lock.hcl @@ -2,61 +2,61 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/google" { - version = "5.34.0" - constraints = "5.34.0" + version = "5.37.0" + constraints = "5.37.0" hashes = [ - "h1:7qETDYPpCPdi5LUEZTp+0T8xQxB48NEAShOQUKeRp6o=", - "h1:ALLNXSm0UWenGas2DL42FJDPIuyvxQAxD6EPtbLISFg=", - "h1:NsFcg40bkNRqt/A63I3VZJDH2zMbwgI4DmjqnZaQof0=", - "h1:S1WiA/Q04V+eD8ZPOj/GRkrHxdq3VbR59z+RhpbgEjs=", - "h1:ebx2A1dmlfIC2P4KwSopjSX8ul1rPpyW1YFmco3rJpY=", - "h1:ed7dedVq0ZYcIImS/+VXT5X5wYtEEgc6tiR2c3jKUhA=", - "h1:fi9xftzKft61lt4vI0oXgzEwpLtMW4D3S3/T63SsO7w=", - "h1:kDZ8ZLPGHTWzOoU6BHd3DmIgOXLuCZxX4i5lK6xdjPs=", - "h1:rTnarO24IRuRxU/iCjFhT6H6UFq+cEEk6qLOj8ZvTtU=", - "h1:t48NNfGkdHByEWWiKx6GtlZPlzEB1Dha3cq44Uidev0=", - "h1:wjyLpE+DlZ3bCD/A973p2apWr0xdwDsTiW75WJA00j8=", - "zh:143c88bb74631041c291ebf7b6213467bf376d3775a33815785939dc102fac09", - "zh:1616ac79345f472b33fcc388eaf4a8a3002e4cc3a5e8748d60d6f4786d0d16dc", - "zh:554ce78e73349ac2c893a74b6981f5e55169ca16f4d0f239e6ccdecadbe1c9e1", - "zh:8022f97aa907685b2eb6c39d5411cf2be2448c6f3b7fbeaf9c06618d376ac4bc", - "zh:85f1fe3628954c35379cc05b895091ec8fe8ba0a5610bc9660492d5be65d4902", - "zh:873fb64fca79695aa930cd868b41ac498809eb76bc3292e41460d916c6fa3538", - "zh:8d3c5112a4abf14b42d769f78373e66f2c2f5f03a7e6544d80019a695bd9b198", - "zh:93cbcfa38991965b976d1973bc528d666006b5247c3fda00c714d0f3a2b62d3e", - "zh:b7710246637aee522a4ea4c1b4f0effb83b701546124ae90c8b4afb97ce03aba", - "zh:e4e02fe946ccbe192b6bbc6bed5715cf68084f1faadc134ed99d5e732429d2ca", + "h1:+0FfxQm8+OxXM6tDF8UCA2ir59Gel4oSnLoJoKkGCpc=", + "h1:+WQTQ1s/MhzXNDaCp4OvTY46DB4/e2GyvpCH41kA5pY=", + "h1:/4KB6HjJ0ByYamKdb/3BjQlVrqtqkWygh8XINuwHwLg=", + "h1:0mhHpFpgMtiw0vhuKlMtst7bhiaO4aa0/qb0SS5e3ns=", + "h1:ECJCeUsjARe6GHI1yLQKdsx1GW1CFqgww/dzooBe/xk=", + "h1:MXuNmywxH/QrtJqzQBEo5fPlcYGIvy0OxlE5ZPA37wE=", + "h1:RefrtlcP4AXprPTHHmUNuHZEOgTld4JeDOTeo4zWiJA=", + "h1:UuDnLkrIGy1u1gmwyQ7JIaI7Hax8Rvn/gxSBbg9oRWI=", + "h1:lP9wJfnhHJj1FcpKRKEweqSnVWwvMtts6+Yypyfpfpw=", + "h1:lfzk7MUYSJG4nwsdX6DLZth3BePTuhWW9W6xM9buOMU=", + "h1:wUeVrQ1ss9vQbb6HP+hSgtQ7efSliSdHRef1/TRef6k=", + "zh:00754c426ec8c2416d54904b25ebf3d831b5af4f02a20336d0a60d91897497d7", + "zh:0b4128affc12ace78d9cbd8aac308b992cc1829effba0ac761b4c3e9e37a36e2", + "zh:46afda4cdadc242b0a27acb181967b7a37768aa084c84593506490483fbdefd6", + "zh:4ad56e9d5ed5e05184bd0a23e17b6eb985c28e7ce23ce29fdf50daa5594ead69", + "zh:557b021f77bd97462b20519148f454158e6cf89eba5461ae6016568b317e1c87", + "zh:6552bb5e901e9fbcd95dc95b4e017dfd7c1eca465dd749f9c8afdc4ae2bf3213", + "zh:687347e31e69f2c4518abc057ad157ed4fd2b78e399b3a172bcab4277f7a235b", + "zh:a66bfc55856693fe82a81554abf7fd72b8ca2d56a08cb59c4769c15b1a1acea5", + "zh:a8b242c5aab000f2a27e934930a75656efb4a96fdb06a419b22ae0daffa6fba3", + "zh:da9e9b40d632f218a3e0bb88b8cf95b91485cee1eb2fd2a384d45c2619c36da4", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:fb6b1e4fb2d019d2740aa21b5ecd5f0609f562633a78604a96c14c94aff762b4", + "zh:fda7bd1578e4b40e9e2d0298c77b0ad9f4486abee8ad38755299dd4b06be54c7", ] } provider "registry.terraform.io/hashicorp/google-beta" { - version = "5.34.0" - constraints = "5.34.0" + version = "5.37.0" + constraints = "5.37.0" hashes = [ - "h1:08e6reS//101sFAQCEPWg+eImpE4JeBktf4nNt8pEzg=", - "h1:7jfNNGpyW8TZ3BQ3uu8Nz20fhaPJuSwgciW1bVcg15Y=", - "h1:8c3ZwHiUYaOi6aFeWxL4Q8zb5Tm+5+YZoiueii7p2/o=", - "h1:EvMp8vg/dsqYk3hNqWaVHmN82ACqf2JDvOSiq3IaNOA=", - "h1:HIgDlZlb6fzgCHh/NZQW9byVzN11Mt6T0Ay0TDW87Sg=", - "h1:O9+a0swOhbfVeh9W+M/+aP+STJJFDCkgloMfylrhd4M=", - "h1:Ov+9j7tTby3o/DauvUObHvyHr3RS7pfQ9doWmCfwYwk=", - "h1:RrsRyCX6kbm6iR3r7fWPw+Y6LlpLF7zLpxUCPvTJ6sk=", - "h1:c4Wu49Y1XataOD8PwaXNka/FA382yhClzCnJn3S0sd0=", - "h1:fzhtxfHkkiNmt4TBS7Cq0xydvcIjM5eO85+OoeDYNU4=", - "h1:njwjNG5bavvKC8WndmHIR7t5asSbpcN8y48WGeuw08I=", - "zh:01619cfe684471dc88d470cf157f7adc659a2f6849346d6be2a71efe1cbd0250", - "zh:1b6b2401862aaaf08819cf83b27a147957f0bcc1821a3b94a438788760cb65ad", - "zh:30d3fbaa204dd1d197d01ed5385a5d325fd8d313a5fdcf7cdd80209f1740247f", - "zh:461d084c0a0590785134218d57df39f34863a8977e4e925585eea085c86c97b5", - "zh:534bc4652861bdcbe0451673269d326477781d70a9f03cae3b780d574f29f841", - "zh:6e8abcd37a9609b05aab3529ccc3414b6d1258b124e58754b62f28fd4f3877a7", - "zh:838a31873ce35e40e52ba0513aec5ff519159e99459829f0ea590eb62714801a", - "zh:9387550c9e45e68c7ac5d6839a8f88e8e525ebf81a4c76847f7c05f13bf5dc19", - "zh:997ac33e5d72f0aecfddd5235ba4dbe82b5bbaf811b801849e419942e204a12b", - "zh:a66fbccde0dd854f764bf247576eaea4898966b6814db232fa45e789dc2ca014", - "zh:d60efed82a54ff41a8f2380f83fefd9477616f49296e349b5a41fccb558fde08", + "h1:7KgxMd/i1rO/cSlbM2t0D6nB4Ib2ZEtWVtjeShp2D2c=", + "h1:965SYhz47hz+CmD4RVrGdy4XM9cDxUaAjqcNyEpWriw=", + "h1:Ey+JiF+0gvMdsPraA5D4Ia7f10gBIkMYRTvsfruHxw4=", + "h1:FBXp+od4ba3e9xDRSC8EDqjaFgGFGOQN2/7jf2tt6BA=", + "h1:HBlMZCUjS8wwrckbw3otzFLoyn1DooTP+fT6sJCaIoM=", + "h1:P/LLB5QFyBr99ex16Ba2Lkw327sBpcgcwblwGnNmiAg=", + "h1:PbPuajB/eQ9ta/l2AlKRfcfdmCs16cbVkiqKgRv+lOo=", + "h1:WZX+8D3Uj2Zulgtju8JpPZUNtNMS0VY4lBrE2iW606c=", + "h1:pr0HowX8labbBVVd4b0ljpXINgPGQo+2Z/zqDjcPL3E=", + "h1:yIknB3Xwv+hXDQP1PBRYxAOMn9BluPI2+uOd26iPqGo=", + "h1:zkVNOR/I98jO9a9G/OiFnnxETw8ScDQRlgbXNkw2LMo=", + "zh:01467c4b9c7169ed6326697064c1f7d449cde88f03a328af4bc475b258c21148", + "zh:0486a06cd78e816e38af10cd1c3b8cc09ef4f9d200a04814828f11ad38d41854", + "zh:0b59125a577f87f704429bb16779d1df032b271c5a7ea9b128cb14f190fb6747", + "zh:2f3a11b564184f245bb78e2914dde40091cd9e6e856da4477344b2e4c7a13eed", + "zh:7527aba218a0cdc865dbd8b5ca9a19a424c63bba7cbf036f7a8aac4b2b1dc491", + "zh:7821cfb469a8bd11461e8b7d45f026da6867d7caf9c511512f2677cd7c0a588c", + "zh:9aeed6e46cc632bd0dd8c8de63fe12e9e306437e68de7e556a05732ef8389a15", + "zh:9d6b7609b3832c8ee96c52a8c23741f7df0f79370f37ba684c11b1fc2f5a42bd", + "zh:d8c58b6bca74141ca8409af9959f0d54e4e941bfa637261dc1e2fc5fe523102a", + "zh:daa69120aff4356594c9fc811c9fe1297a321a4445f8d0ec1b95871bc618d410", + "zh:e3c56d0cbccb02fa17162eda3d85c74fe1e78d075db43f7d66f9878c80b8aa83", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } diff --git a/terraform/infrastructure/gcp/main.tf b/terraform/infrastructure/gcp/main.tf index 2d961c7e8..83fb9c182 100644 --- a/terraform/infrastructure/gcp/main.tf +++ b/terraform/infrastructure/gcp/main.tf @@ -2,12 +2,12 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = "5.34.0" + version = "5.37.0" } google-beta = { source = "hashicorp/google-beta" - version = "5.34.0" + version = "5.37.0" } random = { diff --git a/terraform/infrastructure/gcp/modules/instance_group/main.tf b/terraform/infrastructure/gcp/modules/instance_group/main.tf index bd52df53a..2e92d4375 100644 --- a/terraform/infrastructure/gcp/modules/instance_group/main.tf +++ b/terraform/infrastructure/gcp/modules/instance_group/main.tf @@ -2,12 +2,12 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = "5.34.0" + version = "5.37.0" } google-beta = { source = "hashicorp/google-beta" - version = "5.34.0" + version = "5.37.0" } random = { diff --git a/terraform/infrastructure/gcp/modules/internal_load_balancer/main.tf b/terraform/infrastructure/gcp/modules/internal_load_balancer/main.tf index f0e725039..c4f987808 100644 --- a/terraform/infrastructure/gcp/modules/internal_load_balancer/main.tf +++ b/terraform/infrastructure/gcp/modules/internal_load_balancer/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = "5.34.0" + version = "5.37.0" } } } diff --git a/terraform/infrastructure/gcp/modules/jump_host/main.tf b/terraform/infrastructure/gcp/modules/jump_host/main.tf index be7708248..1e2d9f65e 100644 --- a/terraform/infrastructure/gcp/modules/jump_host/main.tf +++ b/terraform/infrastructure/gcp/modules/jump_host/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = "5.34.0" + version = "5.37.0" } } } diff --git a/terraform/infrastructure/gcp/modules/loadbalancer/main.tf b/terraform/infrastructure/gcp/modules/loadbalancer/main.tf index e1cde0af8..5f33c1509 100644 --- a/terraform/infrastructure/gcp/modules/loadbalancer/main.tf +++ b/terraform/infrastructure/gcp/modules/loadbalancer/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = "5.34.0" + version = "5.37.0" } } } diff --git a/terraform/infrastructure/iam/aws/.terraform.lock.hcl b/terraform/infrastructure/iam/aws/.terraform.lock.hcl index daf5d1b3e..19a11d36f 100644 --- a/terraform/infrastructure/iam/aws/.terraform.lock.hcl +++ b/terraform/infrastructure/iam/aws/.terraform.lock.hcl @@ -2,38 +2,38 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { - version = "5.55.0" - constraints = "5.55.0" + version = "5.57.0" + constraints = "5.57.0" hashes = [ - "h1:3zm88eQrbQHiptPt27WpSr8sJRonvMzeeegFYKZ9/vQ=", - "h1:E6Ax11q2/k3KDz0XfKz+NWvM+MOqKgbnoe5iGI6UpvI=", - "h1:Ecp/Us36Q7cPmM6CJuhVoQpJ8Fr3857u2aY5u90b744=", - "h1:Fm/qcPuwi3JXV+x+6zKHeQwVGDdGkCu+mjdPKY+eBCQ=", - "h1:K/aEWNwFhDOjbU9bmtAUvy84IZCkVZDhNubxm2J8KuU=", - "h1:NHFZsgJpjqVy+n9tt7uV5gWArMkjFzfo7bUdaT90CQk=", - "h1:NHgKROQfH2vdYgpcD046DrCbFLIONgIzj4UeVNdku3w=", - "h1:V3StWoMxIwKEJ61jlwin+0fdGqDFeBBNQqje57B9nqc=", - "h1:bBEd61mviRihR9/r+nsd8Sq3OU+etHQhBcBdOaVix2g=", - "h1:e8vKwGg6c6CsbbHEpnjQE+5luDVcC5qyKZ5Vv/T5Z1U=", - "h1:lpxW8Myr+VNsbe/xiqbsQ6cLXAkGlmgIjjJYLhhQMf4=", - "h1:pbABD0XsrwOxYmctcsGKjwSTEzaGFL2RR164CSf1O+Q=", - "h1:vChl08zNYLVzuSzfxz3wp3wNSx+vjwl/jPuyPbg59Ks=", - "h1:ys4tLt+sbqNUEicl2tO7gWvEZ6QPK4PwEv/mPc31Na0=", - "zh:06fbb1cc4b61b9d6370d391bf7538aa6ef8b60b91c67d125a6be60a70b1d49f0", - "zh:1d52acd2184f379433a0fce2c29d5ed8fc7958d6a9d1b403310dcc36b2a3f626", - "zh:290bbce092f8836a1db530ac86d933cfea27d52b827639974a81bc48dfba8c34", - "zh:3531f2822c2de3ba837381c4ee4816c5b437fd204c07d659526a04d9154a65e8", - "zh:56d70db4c8c6c0ec1b665380b87726275f4ab3665b4b78ac86dc90e1010c0fe3", - "zh:8251d713c0b2c8c51b6858e51c70d083b484342ff9782a88c39e7eaa966c3da2", - "zh:9a7d1f7207e51382a7dd139dfd5786e7e905edf9bf89bbee4b59ad41365e87be", + "h1:0vkeOAKaYJn/Qo1LT5BMMYcfxxorbdg6Wjm5cRUaSsk=", + "h1:47axyGCVgEBHaQThoNSabiGsrpFXGdIK+uLXqADLNeI=", + "h1:78RIKu5Kn+y7jwbk3Av+z64OQ+ubOqzkr+WkG2BLeXs=", + "h1:9yi3yb3XOMjj/xsSbOfscfmQzPUQ7sZqSYSBfGSfkBA=", + "h1:B8Rpgfr1+wt2ByOZYWZL0cIoOcfSUUYkajsF+ocZ97o=", + "h1:FPU7aOZNSo+wwydZpmA7sB4nt1d0Wgkh0cb5Zl+WNj4=", + "h1:KMPhyxoRthbmc11+RbClq5bricmGDICh1NgE3nPjN7U=", + "h1:PXidujIDQyFAIS9qHoEdsonNbfV7TWXiFYag/KLnq7c=", + "h1:RaNKerWC8c10tAXCRUNqO9FVLw3qIYwQN4Zp4+O/rWE=", + "h1:bSps73eq0YgIZf73/JvKKve40TNGfTB6+86bmT4ABGI=", + "h1:txjX+di/ltKLPAcNKskNjoVB4g/KjKfOYwCq9Tne+JI=", + "h1:u7FszdKvOSKA53nsWnNOuh0/GtKwzBe6uIlAoTEWeyU=", + "h1:y4fdaiu5VqzHOTjsuB0mTI33hoKYc4MnloHWjLCuA3c=", + "h1:yz3Y5KM6UgOzpOrlR/ExM4mlD2wAGvzlhkfODzuVHE8=", + "zh:03761bedb72290599aef0040d3cefb77842f0ef4338673a7e5b53557b0ca4960", + "zh:1c70c050116370688abd239979b06f33c5c8cb7f6e59e89f60cf08ee01666064", + "zh:1cc3b259028a65b2f68ffc25df876bbb0f46d108f262b8ec7c56fc597ac697af", + "zh:3bcdf1415b37f39b71e07d4d92977cf8697f07602382d63687d5f683fee0231a", + "zh:40b1774a2cacc84002ac88ef30fb017c273009456d7a1f9f7c5a4a057041ec75", + "zh:46d51fa066c6441594a1e242c9491cc31dbb2dc85f1acf8bc54ad6faa4de524b", + "zh:550e5635b0cd5d98fa66c2afd5dbb1563a8e019be9f760bd1543fbcca763f0c1", + "zh:7acc8357b5e02ed3eb478125614d049511d6faeb9850c084d6e6519db875f0d1", + "zh:7f7367299811ddf5560a0586e525d57dd52f1a0ca37e42e2c5284308069bf2b6", + "zh:8766cc10c83b1fc2e971c4e645bc4d3c871d4758eb54b0a3216600c66e3db681", "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:a529c78dfc60063289524690af78794e99a768835b88e27cdfec15bc85439f7c", - "zh:b6da1843355db05c5d412126406fd97db2a6ff9edc166b81c1cea2994535b4eb", - "zh:bfc08cd23b1556b3287d1b28ac7f12c7d459471d97a0592bf2579ea68d11bae7", - "zh:c382088faf05894191636b57861069a21de10a5ff4eb8f7cc122e764ccf7a4a8", - "zh:e27f99f389921314ee428b24990d3a829057ce532b2beb33c69387458722edd9", - "zh:ef11285eedb45ffc3fb2ecdfefa206e64eb2760a87fff15c44dee42de9703436", - "zh:fedc4ebee0d6fe196691127004db5d1ff8bd22e3b667a74026bb92c607589b6c", + "zh:a1e85b1fb9004d8ffab7600304e02bce4aa14cea9f0ad77fbd7b84aae6390760", + "zh:bcf2fc83bd9e20e5a930d9d596eb813c319f2b007c620b1818e574c1702eb9a9", + "zh:d2538fcb20dc2afc04b716f67969944eef7f4fc4296410116d5b7af1811100f2", + "zh:e0e47c5d8710bbfcfe4db1cfa81c67e320056006d08063e69640cd2d492c6f64", ] } diff --git a/terraform/infrastructure/iam/aws/main.tf b/terraform/infrastructure/iam/aws/main.tf index dbc111c0c..ddc18adc7 100644 --- a/terraform/infrastructure/iam/aws/main.tf +++ b/terraform/infrastructure/iam/aws/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "5.55.0" + version = "5.57.0" } } } diff --git a/terraform/infrastructure/iam/azure/.terraform.lock.hcl b/terraform/infrastructure/iam/azure/.terraform.lock.hcl index 3cc75acbd..ed0aff224 100644 --- a/terraform/infrastructure/iam/azure/.terraform.lock.hcl +++ b/terraform/infrastructure/iam/azure/.terraform.lock.hcl @@ -2,61 +2,61 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/azuread" { - version = "2.52.0" - constraints = "2.52.0" + version = "2.53.1" + constraints = "2.53.1" hashes = [ - "h1:0gTsZaV/Z4wAloNuZ+A73gkY9lVDWHLw88+yagLjiWo=", - "h1:BawLlSMcrcY439A6d092jD1+0oHLfy+Ii2EYuLsD9jA=", - "h1:BeRG97PSzSbc4l1PIilC36c1pfvVvr/Hl501mrL6hrA=", - "h1:LT9NuV3RJKGuiEkE6JP39g/qPH+CqFxpQtGg4uyxI34=", - "h1:dT5mZx7PuRcODLZ+sBhhyFUV3V52A8X4JDoIFbJ7XEE=", - "h1:dbCzQ8Bm7aW630lsnXZgzsvzMTzkOZ5HyVHMYaEwrdo=", - "h1:e4dTY5wwP+uf9t+F14l1CW3On2sEjbbNg9DOufEgAlA=", - "h1:ibiKIxZYwyZW8PPT/khja2vXzJ/og8xng5Bf1wmNkN8=", - "h1:rTRveYXmVNgqbhRp4oWGurrGPOcWZXRNOKkraPgqOEc=", - "h1:yQzU2A8hNQZLl1fXn53bRV6XTwNGVk3qCqDT9CT7F6o=", - "h1:zvK6g8klUwmRd9aCB80d/J0lQFWRA+PNA5bBkoouiFY=", - "zh:0bc4c67e303164f1b85344bdef25830f093f7bed988a46331858e2e7543df077", + "h1:/8F5vc1FReT/eVgZqS90PcaDnrKa4LZ1b9YWNkbTDsI=", + "h1:/aBrKb5AE9eaRHMEpIp4x+/6/Z1tw4ik+OiTARqlCw8=", + "h1:0z/718jtR2TJHQQMMqi4nvd6XFPV/iA1jb/5fyAcn5o=", + "h1:2rk36pu4YyhBVz/Mf4swYCQxaB31iPaXOiWNlqZMXbM=", + "h1:7ZNdNGnUB6N6Z6St3COzRXFaghMEyYkZt7WyOCRKOqo=", + "h1:EZNO8sEtUABuRxujQrDrW1z1QsG0dq6iLbzWtnG7Om4=", + "h1:GS/WN8VS6Wp9hvs46lgDsR4ERV8o3Sr+zatF/z2XohU=", + "h1:NG9JvYCwaRabKtbi12uMbSvrvW29oAtzGwdfWA/4HGI=", + "h1:Pnaig5p8+RZLoGUIRcQ2toFgsp2u2OaqlXDQgi5X+RY=", + "h1:kAkPZLFPUEYqWjk5F2T3zC5huRq35o8HD4DJEmpEjyQ=", + "h1:nUxVPReSTQuIux+SRC1bH2QQ0HsJywR7IGqHhVNoXfA=", + "zh:162916b037e5133f49298b0ffa3e7dcef7d76530a8ca738e7293373980f73c68", "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", - "zh:2bc2f80135077016fee0434d0bad68dea197cc1a8b14bc077bacb684fa984701", - "zh:3e1ab7959b40a64e9f481e4375f991cb8e022c82821f4eb63d0920349c9d8190", - "zh:4b26ce0fea4ede6b78c355e15a3ff434f52a032edff8ae061f48225af577373f", - "zh:4ef6581cca562f433747a71e0d2f5b1ae6ea594af9aa6bea31f082e1c24052e1", - "zh:5f34a30f7c62fbd5f9d8b50c1bd7cd8bad7a1a77a0de0a955a4ad2b8c8e9f4c0", - "zh:7cae9b5b1b0d022dbc32efbc7d2cd46b1088319c34f76ca35493887e30c3bbdc", - "zh:b1cc9c0a50d90735b68bdec9f7518441481b6abdc4b10f84a91c92d3cbc30931", - "zh:b265c073a907574c5e434461c00060073825e017b3c8523a1980d959251139af", - "zh:c1685e94fd4fea7d3fd66dd5fad29109f8a9afaa873966c7f60417444397d131", - "zh:eb2584e3300f707f6d795e8dae4f0f6ecf077f47ab9abd4c1b300ea7c55cb154", + "zh:492931cea4f30887ab5bca36a8556dfcb897288eddd44619c0217fc5da2d57e7", + "zh:4c895e450e18335ad8714cc6d3488fc1a78816ad2851a91b06cb2ef775dd7c66", + "zh:60d92fdaf7235574201f2d8f68f733ee00a822993b3fc95e6952e09e6ec76999", + "zh:67a169119efa41c1fb867ef1a8e79bf03472a2324384c36eb55370c817dcce42", + "zh:9dd4d5ed9233cf9329262200bc5a1aa60942b80dbc611e2ef4b09f47531b39b1", + "zh:a3c160e35b9e40fc1497b83c2f37a8e24565b05a1783c7733609f3695735c2a9", + "zh:a4a221da42b1f46e7c436c7145e5beaadfd9d03f3be6fd526d132c03f18a5979", + "zh:af0d3476a9702d2287e168e3baa670e64daab9c9b01c01e17025a5248f3e28e9", + "zh:e3579bff7894f3d36066b74ec324be6d28f56a42a387a2b8a0eabf33cbff86df", + "zh:f1749ee8ad972ae6424665aa9d2c0ece8c40c51d41ec2f38b863148cb437e865", ] } provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.109.0" - constraints = "3.109.0" + version = "3.111.0" + constraints = "3.111.0" hashes = [ - "h1:/rMaSj3rKkD+jjzRs+awKuz9Cd6pbIpEuR4qYr/5cq0=", - "h1:1nfnYOD5/tzjCgXLCtP0x8rHkSePJvVsIlQn5mKjBOY=", - "h1:D3wf+0k6WoH7L8I1CuyS4WEWKiM6A4RZR3bmERRSSuY=", - "h1:Fk7L51TM48PIqPlmSjja7iiEL0w5mmfOimWfMsthhLU=", - "h1:On2MrclW5OMUV0zubyVHXONYni97C9ubs3rTAwUJ96Q=", - "h1:UDFgKaoVb+ghSl1HibucaspWbY1k3EgvX2GUCW8Yux0=", - "h1:UK+UFYL+ihy81hdglJlcgenxCslOTs9MK+ySRLm4izw=", - "h1:fiXyGhR/RCxjnZhq3iWXkQBS6yFlwZ0/QQMRlrpKAqo=", - "h1:rrySPpbxkcuBtlWs0cIb+vxfDKZd0XMQB7dYhfxuw8U=", - "h1:tb3a5x6HV4YRxyL3VpdTWe1vsKocKi1HT0KFWnF5ZjM=", - "h1:zpYt7my8y0S6Ob47FwE8cv+YiSwQzxKelJiA4Zlof4U=", - "zh:4324c3df26709c7e669b751259cc5e62c4694ab44370dfcdfe197dcd9261c365", - "zh:4e3e83649240cea7105cd2802d0ae64b143fb543c2f559173feae5a108bc4287", - "zh:74ebf6be1277e9bd357b011026b80fc5ec1c26b70ec7ddd5fcae5e977f9a66ef", - "zh:82cfd3c92035f834a05f4b91d813a059a29ff4157792e36a0b3a224cba8737ae", - "zh:93f05c8ae3555c885c84b82781b2e90774671c321138b7f3c38ecd498009e1d8", - "zh:9b445a9a1544b4b38db10fadbd9ffd5efdded0def54feb9ca593e1bec6fbec5f", - "zh:b21ccd2c1bc691cf2f9876482b6e226d8a37a48de951b168a10f96ba929ebefd", - "zh:b7b7e458eb3c22669e1d36e9ef1886272c10f310501001abce8ae76383014fa5", - "zh:bd3c0cf7caab0a989227934bc60a8ac27131efcf84dd77cb6e32e68374170aee", - "zh:f4b9ccbb28eadf3825f6d7d38a3519379de222f136235a2f21a96c0221d65fb8", + "h1:06sKYI5V2anZnr7t3lOpzO3DSd3AVTGO+53a4OauwoI=", + "h1:1gVEyHY/I1EMev2vbb6C6o0fAR+pEZrwGDeqRCDOhvE=", + "h1:6mCR0XyitRMsVfvPVpaTGsyNvc44vGeyr5c1O8kryno=", + "h1:8r1THxkuezf0Hys/wnVlPibEB7BeXd6FBahH+xWnmeI=", + "h1:Q7QmdpMoWo5yQilXPzHjErBe58RVEbGDtM8XB4uGtnw=", + "h1:WkapXDimZe5CzZpq3hIrz3RJ5MqIwF0rbL2i3HcPtGw=", + "h1:ipFQShK0j3mtJeSgSBQDR985KzwC19913+0GkiF8Sfo=", + "h1:oX22BXo+EthR6z90Yuu7EopfeSyG5dxehOrSWbsE+jk=", + "h1:oy2sT6XGlo+axoqFYGd6JceoqJTlWOaVKS0rJB0hRus=", + "h1:uuThLccbeEWYo2wpwDmlZ+TGfm7zCrwaJdw91TA3azg=", + "h1:vgrdy5JWGAK5N44/V75etoHIAMvXKNlMrIHTaWApehA=", + "zh:0db8afb9278993df7e74796bdd125153b07a7045e5ca1756783a8b8cfec564f4", + "zh:22c424fcfda13dc720caa289248c1b71b2ad20e329fd4a52cc6be7e45f795a4a", + "zh:471a2c1d7353bc21ef28963f006d2cf5276e7885b423fc0b73f2d8ce6cde72dd", + "zh:68bf81cb353c755d48792e881b6405919daa041e35de1d510209237d90d6c21f", + "zh:841d8664955bbc77f12095c9b1a4b3923362564a790fd945337759e9bc95d07e", + "zh:86e92f959056c573bf4b2be1d6cfa838dab06d3e5a944f371a1131e4c6477d88", + "zh:95a096ced57616659687970b5d618c2ce3cd54fa0311b7a7569435cacf39f26f", + "zh:c5656a11253ffdaee973e7292dd3c10a1db81f1fc9ee2d3041ae1182f7d25379", + "zh:cd6a1049de69280f339d6f83f30a9006bbe003a840a39eb7b5900990c5aadbb0", + "zh:e7b3d96f0c9ea47261dbd015f1f64fdb43c8ccb196afda862c0865e30d88245c", + "zh:f1ec7da6ab5526845274bff77e023b9faec71c2cf38bd18587274932b2aa2e89", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f8ef0b4a970ff5edeadfdeed77f9d0682befdca5df4e9b6d9dcfdf9903305b26", ] } diff --git a/terraform/infrastructure/iam/azure/main.tf b/terraform/infrastructure/iam/azure/main.tf index 002a7190f..c6e380dd5 100644 --- a/terraform/infrastructure/iam/azure/main.tf +++ b/terraform/infrastructure/iam/azure/main.tf @@ -2,11 +2,11 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.109.0" + version = "3.111.0" } azuread = { source = "hashicorp/azuread" - version = "2.52.0" + version = "2.53.1" } } } diff --git a/terraform/infrastructure/iam/gcp/.terraform.lock.hcl b/terraform/infrastructure/iam/gcp/.terraform.lock.hcl index ba969d0f0..0a75e503c 100644 --- a/terraform/infrastructure/iam/gcp/.terraform.lock.hcl +++ b/terraform/infrastructure/iam/gcp/.terraform.lock.hcl @@ -2,32 +2,32 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/google" { - version = "5.34.0" - constraints = "5.34.0" + version = "5.37.0" + constraints = "5.37.0" hashes = [ - "h1:7qETDYPpCPdi5LUEZTp+0T8xQxB48NEAShOQUKeRp6o=", - "h1:ALLNXSm0UWenGas2DL42FJDPIuyvxQAxD6EPtbLISFg=", - "h1:NsFcg40bkNRqt/A63I3VZJDH2zMbwgI4DmjqnZaQof0=", - "h1:S1WiA/Q04V+eD8ZPOj/GRkrHxdq3VbR59z+RhpbgEjs=", - "h1:ebx2A1dmlfIC2P4KwSopjSX8ul1rPpyW1YFmco3rJpY=", - "h1:ed7dedVq0ZYcIImS/+VXT5X5wYtEEgc6tiR2c3jKUhA=", - "h1:fi9xftzKft61lt4vI0oXgzEwpLtMW4D3S3/T63SsO7w=", - "h1:kDZ8ZLPGHTWzOoU6BHd3DmIgOXLuCZxX4i5lK6xdjPs=", - "h1:rTnarO24IRuRxU/iCjFhT6H6UFq+cEEk6qLOj8ZvTtU=", - "h1:t48NNfGkdHByEWWiKx6GtlZPlzEB1Dha3cq44Uidev0=", - "h1:wjyLpE+DlZ3bCD/A973p2apWr0xdwDsTiW75WJA00j8=", - "zh:143c88bb74631041c291ebf7b6213467bf376d3775a33815785939dc102fac09", - "zh:1616ac79345f472b33fcc388eaf4a8a3002e4cc3a5e8748d60d6f4786d0d16dc", - "zh:554ce78e73349ac2c893a74b6981f5e55169ca16f4d0f239e6ccdecadbe1c9e1", - "zh:8022f97aa907685b2eb6c39d5411cf2be2448c6f3b7fbeaf9c06618d376ac4bc", - "zh:85f1fe3628954c35379cc05b895091ec8fe8ba0a5610bc9660492d5be65d4902", - "zh:873fb64fca79695aa930cd868b41ac498809eb76bc3292e41460d916c6fa3538", - "zh:8d3c5112a4abf14b42d769f78373e66f2c2f5f03a7e6544d80019a695bd9b198", - "zh:93cbcfa38991965b976d1973bc528d666006b5247c3fda00c714d0f3a2b62d3e", - "zh:b7710246637aee522a4ea4c1b4f0effb83b701546124ae90c8b4afb97ce03aba", - "zh:e4e02fe946ccbe192b6bbc6bed5715cf68084f1faadc134ed99d5e732429d2ca", + "h1:+0FfxQm8+OxXM6tDF8UCA2ir59Gel4oSnLoJoKkGCpc=", + "h1:+WQTQ1s/MhzXNDaCp4OvTY46DB4/e2GyvpCH41kA5pY=", + "h1:/4KB6HjJ0ByYamKdb/3BjQlVrqtqkWygh8XINuwHwLg=", + "h1:0mhHpFpgMtiw0vhuKlMtst7bhiaO4aa0/qb0SS5e3ns=", + "h1:ECJCeUsjARe6GHI1yLQKdsx1GW1CFqgww/dzooBe/xk=", + "h1:MXuNmywxH/QrtJqzQBEo5fPlcYGIvy0OxlE5ZPA37wE=", + "h1:RefrtlcP4AXprPTHHmUNuHZEOgTld4JeDOTeo4zWiJA=", + "h1:UuDnLkrIGy1u1gmwyQ7JIaI7Hax8Rvn/gxSBbg9oRWI=", + "h1:lP9wJfnhHJj1FcpKRKEweqSnVWwvMtts6+Yypyfpfpw=", + "h1:lfzk7MUYSJG4nwsdX6DLZth3BePTuhWW9W6xM9buOMU=", + "h1:wUeVrQ1ss9vQbb6HP+hSgtQ7efSliSdHRef1/TRef6k=", + "zh:00754c426ec8c2416d54904b25ebf3d831b5af4f02a20336d0a60d91897497d7", + "zh:0b4128affc12ace78d9cbd8aac308b992cc1829effba0ac761b4c3e9e37a36e2", + "zh:46afda4cdadc242b0a27acb181967b7a37768aa084c84593506490483fbdefd6", + "zh:4ad56e9d5ed5e05184bd0a23e17b6eb985c28e7ce23ce29fdf50daa5594ead69", + "zh:557b021f77bd97462b20519148f454158e6cf89eba5461ae6016568b317e1c87", + "zh:6552bb5e901e9fbcd95dc95b4e017dfd7c1eca465dd749f9c8afdc4ae2bf3213", + "zh:687347e31e69f2c4518abc057ad157ed4fd2b78e399b3a172bcab4277f7a235b", + "zh:a66bfc55856693fe82a81554abf7fd72b8ca2d56a08cb59c4769c15b1a1acea5", + "zh:a8b242c5aab000f2a27e934930a75656efb4a96fdb06a419b22ae0daffa6fba3", + "zh:da9e9b40d632f218a3e0bb88b8cf95b91485cee1eb2fd2a384d45c2619c36da4", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:fb6b1e4fb2d019d2740aa21b5ecd5f0609f562633a78604a96c14c94aff762b4", + "zh:fda7bd1578e4b40e9e2d0298c77b0ad9f4486abee8ad38755299dd4b06be54c7", ] } diff --git a/terraform/infrastructure/iam/gcp/main.tf b/terraform/infrastructure/iam/gcp/main.tf index 50e43cf65..5faa9b531 100644 --- a/terraform/infrastructure/iam/gcp/main.tf +++ b/terraform/infrastructure/iam/gcp/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = "5.34.0" + version = "5.37.0" } } } From b872fbdfe8694e0adcc76b85815e0b82813db45c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 12 Jul 2024 10:57:20 +0200 Subject: [PATCH 160/380] deps: update distroless_static Docker digest to ce46866 (#3251) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- bazel/toolchains/container_images.bzl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bazel/toolchains/container_images.bzl b/bazel/toolchains/container_images.bzl index d64760349..00239519b 100644 --- a/bazel/toolchains/container_images.bzl +++ b/bazel/toolchains/container_images.bzl @@ -7,7 +7,7 @@ load("@rules_oci//oci:pull.bzl", "oci_pull") def containter_image_deps(): oci_pull( name = "distroless_static", - digest = "sha256:41972110a1c1a5c0b6adb283e8aa092c43c31f7c5d79b8656fbffff2c3e61f05", + digest = "sha256:ce46866b3a5170db3b49364900fb3168dc0833dfb46c26da5c77f22abb01d8c3", image = "gcr.io/distroless/static", platforms = [ "linux/amd64", From 807bbbfd16850385ec0df55935fc1b860d9a855d Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Wed, 3 Jul 2024 19:37:51 +0200 Subject: [PATCH 161/380] cli: annotate CoreDNS resources for Helm (#3236) --- cli/internal/cmd/apply.go | 4 ++ cli/internal/cmd/apply_test.go | 1 + cli/internal/cmd/init_test.go | 4 ++ cli/internal/cmd/upgradeapply_test.go | 4 ++ internal/constellation/BUILD.bazel | 5 ++ internal/constellation/apply.go | 12 +++++ internal/constellation/helm.go | 46 +++++++++++++++++++ .../internal/provider/cluster_resource.go | 5 ++ 8 files changed, 81 insertions(+) diff --git a/cli/internal/cmd/apply.go b/cli/internal/cmd/apply.go index 2db2f318c..f22e25a60 100644 --- a/cli/internal/cmd/apply.go +++ b/cli/internal/cmd/apply.go @@ -422,6 +422,9 @@ func (a *applyCmd) apply( // Apply Helm Charts if !a.flags.skipPhases.contains(skipHelmPhase) { + if err := a.applier.AnnotateCoreDNSResources(cmd.Context()); err != nil { + return fmt.Errorf("annotating CoreDNS: %w", err) + } if err := a.runHelmApply(cmd, conf, stateFile, upgradeDir); err != nil { return err } @@ -843,6 +846,7 @@ type applier interface { // methods required to install/upgrade Helm charts + AnnotateCoreDNSResources(context.Context) error PrepareHelmCharts( flags helm.Options, state *state.State, serviceAccURI string, masterSecret uri.MasterSecret, ) (helm.Applier, bool, error) diff --git a/cli/internal/cmd/apply_test.go b/cli/internal/cmd/apply_test.go index 064e1f42b..33fe6ba90 100644 --- a/cli/internal/cmd/apply_test.go +++ b/cli/internal/cmd/apply_test.go @@ -553,6 +553,7 @@ func (s *stubConstellApplier) Init(context.Context, atls.Validator, *state.State } type helmApplier interface { + AnnotateCoreDNSResources(context.Context) error PrepareHelmCharts( flags helm.Options, stateFile *state.State, serviceAccURI string, masterSecret uri.MasterSecret, ) ( diff --git a/cli/internal/cmd/init_test.go b/cli/internal/cmd/init_test.go index 8d6d2b1bb..ad2a95be5 100644 --- a/cli/internal/cmd/init_test.go +++ b/cli/internal/cmd/init_test.go @@ -278,6 +278,10 @@ type stubHelmApplier struct { err error } +func (s stubHelmApplier) AnnotateCoreDNSResources(_ context.Context) error { + return nil +} + func (s stubHelmApplier) PrepareHelmCharts( _ helm.Options, _ *state.State, _ string, _ uri.MasterSecret, ) (helm.Applier, bool, error) { diff --git a/cli/internal/cmd/upgradeapply_test.go b/cli/internal/cmd/upgradeapply_test.go index f396cc828..8a4341c2c 100644 --- a/cli/internal/cmd/upgradeapply_test.go +++ b/cli/internal/cmd/upgradeapply_test.go @@ -375,6 +375,10 @@ type mockApplier struct { mock.Mock } +func (m *mockApplier) AnnotateCoreDNSResources(_ context.Context) error { + return nil +} + func (m *mockApplier) PrepareHelmCharts( helmOpts helm.Options, stateFile *state.State, str string, masterSecret uri.MasterSecret, ) (helm.Applier, bool, error) { diff --git a/internal/constellation/BUILD.bazel b/internal/constellation/BUILD.bazel index 0e59b388d..02afff0e9 100644 --- a/internal/constellation/BUILD.bazel +++ b/internal/constellation/BUILD.bazel @@ -37,6 +37,11 @@ go_library( "//internal/semver", "//internal/versions", "@io_k8s_apiextensions_apiserver//pkg/apis/apiextensions/v1:apiextensions", + "@io_k8s_apimachinery//pkg/api/errors", + "@io_k8s_apimachinery//pkg/apis/meta/v1:meta", + "@io_k8s_apimachinery//pkg/runtime/schema", + "@io_k8s_apimachinery//pkg/types", + "@io_k8s_client_go//dynamic", "@io_k8s_client_go//tools/clientcmd", "@org_golang_google_grpc//:grpc", ], diff --git a/internal/constellation/apply.go b/internal/constellation/apply.go index c9844b435..a9f9228dd 100644 --- a/internal/constellation/apply.go +++ b/internal/constellation/apply.go @@ -18,6 +18,8 @@ import ( "github.com/edgelesssys/constellation/v2/internal/grpc/dialer" "github.com/edgelesssys/constellation/v2/internal/kms/uri" "github.com/edgelesssys/constellation/v2/internal/license" + "k8s.io/client-go/dynamic" + "k8s.io/client-go/tools/clientcmd" ) // ApplyContext denotes the context in which the apply command is run. @@ -44,6 +46,7 @@ type Applier struct { newDialer func(validator atls.Validator) *dialer.Dialer kubecmdClient kubecmdClient helmClient helmApplier + dynamicClient dynamic.Interface } type licenseChecker interface { @@ -79,8 +82,17 @@ func (a *Applier) SetKubeConfig(kubeConfig []byte) error { if err != nil { return err } + restConfig, err := clientcmd.RESTConfigFromKubeConfig(kubeConfig) + if err != nil { + return err + } + dynamicClient, err := dynamic.NewForConfig(restConfig) + if err != nil { + return err + } a.kubecmdClient = kubecmdClient a.helmClient = helmClient + a.dynamicClient = dynamicClient return nil } diff --git a/internal/constellation/helm.go b/internal/constellation/helm.go index 1378ce3a0..4551e6ef4 100644 --- a/internal/constellation/helm.go +++ b/internal/constellation/helm.go @@ -7,13 +7,59 @@ SPDX-License-Identifier: AGPL-3.0-only package constellation import ( + "context" "errors" + "fmt" "github.com/edgelesssys/constellation/v2/internal/constellation/helm" "github.com/edgelesssys/constellation/v2/internal/constellation/state" "github.com/edgelesssys/constellation/v2/internal/kms/uri" + k8serrors "k8s.io/apimachinery/pkg/api/errors" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apimachinery/pkg/types" ) +var patch = []byte(fmt.Sprintf(`{"metadata": {"labels": {%q: %q}, "annotations": {%q: %q, %q: %q}}}`, + "app.kubernetes.io/managed-by", "Helm", + "meta.helm.sh/release-name", "coredns", + "meta.helm.sh/release-namespace", "kube-system")) + +var namespacedCoreDNSResources = map[schema.GroupVersionResource]string{ + {Group: "apps", Version: "v1", Resource: "deployments"}: "coredns", + {Group: "", Version: "v1", Resource: "services"}: "kube-dns", + {Group: "", Version: "v1", Resource: "configmaps"}: "coredns", + {Group: "", Version: "v1", Resource: "serviceaccounts"}: "coredns", + {Group: "apps", Version: "v1", Resource: "statefulsets"}: "foobarbax", +} + +var coreDNSResources = map[schema.GroupVersionResource]string{ + {Group: "rbac.authorization.k8s.io", Version: "v1", Resource: "clusterroles"}: "system:coredns", + {Group: "rbac.authorization.k8s.io", Version: "v1", Resource: "clusterrolebindings"}: "system:coredns", +} + +// AnnotateCoreDNSResources imports existing CoreDNS resources into the Helm release. +// +// This is only required when CoreDNS was installed by kubeadm directly. +// TODO(burgerdev): remove after v2.19 is released. +func (a *Applier) AnnotateCoreDNSResources(ctx context.Context) error { + for gvk, name := range coreDNSResources { + _, err := a.dynamicClient.Resource(gvk).Patch(ctx, name, types.StrategicMergePatchType, patch, v1.PatchOptions{}) + if err != nil && !k8serrors.IsNotFound(err) { + return err + } + } + + for gvk, name := range namespacedCoreDNSResources { + _, err := a.dynamicClient.Resource(gvk).Namespace("kube-system").Patch(ctx, name, types.StrategicMergePatchType, patch, v1.PatchOptions{}) + if err != nil && !k8serrors.IsNotFound(err) { + return err + } + } + + return nil +} + // PrepareHelmCharts loads Helm charts for Constellation and returns an executor to apply them. func (a *Applier) PrepareHelmCharts( flags helm.Options, state *state.State, serviceAccURI string, masterSecret uri.MasterSecret, diff --git a/terraform-provider-constellation/internal/provider/cluster_resource.go b/terraform-provider-constellation/internal/provider/cluster_resource.go index a12fe38da..096621af6 100644 --- a/terraform-provider-constellation/internal/provider/cluster_resource.go +++ b/terraform-provider-constellation/internal/provider/cluster_resource.go @@ -1211,6 +1211,11 @@ func (r *ClusterResource) applyHelmCharts(ctx context.Context, applier *constell OpenStackValues: payload.openStackHelmValues, } + if err := applier.AnnotateCoreDNSResources(ctx); err != nil { + diags.AddError("Annotating CoreDNS resources", err.Error()) + return diags + } + executor, _, err := applier.PrepareHelmCharts(options, state, payload.serviceAccURI, payload.masterSecret) var upgradeErr *compatibility.InvalidUpgradeError From 97c77e2a78793a5519da7712ea87ef1475f7dc0c Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Wed, 3 Jul 2024 19:38:55 +0200 Subject: [PATCH 162/380] helm: manage CoreDNS addon as Helm chart (#3236) * helm: generate CoreDNS Helm chart * helm: load CoreDNS Helm chart * bootstrapper: don't install coredns addon --- .../internal/kubernetes/k8sapi/k8sutil.go | 3 +- .../internal/kubernetes/kubernetes.go | 4 - cli/internal/cmd/applyhelm.go | 1 + go.mod | 2 + go.sum | 196 ++++++++++++++++++ internal/constellation/helm/BUILD.bazel | 9 + .../helm/charts/coredns/Chart.yaml | 3 + .../charts/coredns/templates/clusterrole.yaml | 23 ++ .../coredns/templates/clusterrolebinding.yaml | 13 ++ .../charts/coredns/templates/configmap.yaml | 28 +++ .../charts/coredns/templates/deployment.yaml | 109 ++++++++++ .../charts/coredns/templates/service.yaml | 33 +++ .../coredns/templates/serviceaccount.yaml | 6 + .../helm/charts/coredns/values.yaml | 3 + .../constellation/helm/corednsgen/BUILD.bazel | 26 +++ .../helm/corednsgen/corednsgen.go | 153 ++++++++++++++ internal/constellation/helm/helm.go | 4 +- internal/constellation/helm/helm_test.go | 1 + internal/constellation/helm/loader.go | 18 +- internal/constellation/helm/loader_test.go | 51 ++++- internal/constellation/helm/overrides.go | 13 ++ internal/kubernetes/kubectl/kubectl.go | 59 ------ 22 files changed, 689 insertions(+), 69 deletions(-) create mode 100644 internal/constellation/helm/charts/coredns/Chart.yaml create mode 100644 internal/constellation/helm/charts/coredns/templates/clusterrole.yaml create mode 100644 internal/constellation/helm/charts/coredns/templates/clusterrolebinding.yaml create mode 100644 internal/constellation/helm/charts/coredns/templates/configmap.yaml create mode 100644 internal/constellation/helm/charts/coredns/templates/deployment.yaml create mode 100644 internal/constellation/helm/charts/coredns/templates/service.yaml create mode 100644 internal/constellation/helm/charts/coredns/templates/serviceaccount.yaml create mode 100644 internal/constellation/helm/charts/coredns/values.yaml create mode 100644 internal/constellation/helm/corednsgen/BUILD.bazel create mode 100644 internal/constellation/helm/corednsgen/corednsgen.go diff --git a/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go b/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go index 19713e00e..d2ec6e78f 100644 --- a/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go +++ b/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go @@ -48,7 +48,6 @@ type Client interface { AddNodeSelectorsToDeployment(ctx context.Context, selectors map[string]string, name string, namespace string) error ListAllNamespaces(ctx context.Context) (*corev1.NamespaceList, error) AnnotateNode(ctx context.Context, nodeName, annotationKey, annotationValue string) error - EnforceCoreDNSSpread(ctx context.Context) error PatchFirstNodePodCIDR(ctx context.Context, firstNodePodCIDR string) error } @@ -150,7 +149,7 @@ func (k *KubernetesUtil) InitCluster( // initialize the cluster log.Info("Initializing the cluster using kubeadm init") - skipPhases := "--skip-phases=preflight,certs" + skipPhases := "--skip-phases=preflight,certs,addon/coredns" if !conformanceMode { skipPhases += ",addon/kube-proxy" } diff --git a/bootstrapper/internal/kubernetes/kubernetes.go b/bootstrapper/internal/kubernetes/kubernetes.go index d4e916f0f..13c387d23 100644 --- a/bootstrapper/internal/kubernetes/kubernetes.go +++ b/bootstrapper/internal/kubernetes/kubernetes.go @@ -165,10 +165,6 @@ func (k *KubeWrapper) InitCluster( return nil, fmt.Errorf("waiting for Kubernetes API to be available: %w", err) } - if err := k.client.EnforceCoreDNSSpread(ctx); err != nil { - return nil, fmt.Errorf("configuring CoreDNS deployment: %w", err) - } - // Setup the K8s components ConfigMap. k8sComponentsConfigMap, err := k.setupK8sComponentsConfigMap(ctx, kubernetesComponents, versionString) if err != nil { diff --git a/cli/internal/cmd/applyhelm.go b/cli/internal/cmd/applyhelm.go index bd629d348..9b6ba7d69 100644 --- a/cli/internal/cmd/applyhelm.go +++ b/cli/internal/cmd/applyhelm.go @@ -42,6 +42,7 @@ func (a *applyCmd) runHelmApply(cmd *cobra.Command, conf *config.Config, stateFi HelmWaitMode: a.flags.helmWaitMode, ApplyTimeout: a.flags.helmTimeout, AllowDestructive: helm.DenyDestructive, + ServiceCIDR: conf.ServiceCIDR, } if conf.Provider.OpenStack != nil { var deployYawolLoadBalancer bool diff --git a/go.mod b/go.mod index b79621cfa..a943f904b 100644 --- a/go.mod +++ b/go.mod @@ -192,6 +192,8 @@ require ( github.com/cloudflare/circl v1.3.7 // indirect github.com/containerd/containerd v1.7.12 // indirect github.com/containerd/log v0.1.0 // indirect + github.com/coredns/caddy v1.1.1 // indirect + github.com/coredns/corefile-migration v1.0.21 // indirect github.com/coreos/go-semver v0.3.1 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7 // indirect diff --git a/go.sum b/go.sum index 689362164..417bad0ce 100644 --- a/go.sum +++ b/go.sum @@ -1,26 +1,38 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= +cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= +cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= +cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= +cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= cloud.google.com/go v0.115.0 h1:CnFSK6Xo3lDYRoBKEcAtia6VSC837/ZkJuRduSFnr14= cloud.google.com/go v0.115.0/go.mod h1:8jIM5vVgoAEoiVxQ/O4BFTfHqulPZgs/ufEzMcFMdWU= cloud.google.com/go/auth v0.7.0 h1:kf/x9B3WTbBUHkC+1VS8wwwli9TzhSt0vSTVBmMR8Ts= cloud.google.com/go/auth v0.7.0/go.mod h1:D+WqdrpcjmiCgWrXmLLxOVq1GACoE36chW6KXoEvuIw= cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4= cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= +cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/compute v1.27.2 h1:5cE5hdrwJV/92ravlwIFRGnyH9CpLGhh4N0ZDVTU+BA= cloud.google.com/go/compute v1.27.2/go.mod h1:YQuHkNEwP3bIz4LBYQqf4DIMfFtTDtnEgnwG0mJQQ9I= cloud.google.com/go/compute/metadata v0.4.0 h1:vHzJCWaM4g8XIcm8kopr3XmDA4Gy/lblD3EhhSux05c= cloud.google.com/go/compute/metadata v0.4.0/go.mod h1:SIQh1Kkb4ZJ8zJ874fqVkslA29PRXuleyj6vOzlbK7M= +cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= +cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= cloud.google.com/go/iam v1.1.10 h1:ZSAr64oEhQSClwBL670MsJAW5/RLiC6kfw3Bqmd5ZDI= cloud.google.com/go/iam v1.1.10/go.mod h1:iEgMq62sg8zx446GCaijmA2Miwg5o3UbO+nI47WHJps= cloud.google.com/go/kms v1.18.2 h1:EGgD0B9k9tOOkbPhYW1PHo2W0teamAUYMOUIcDRMfPk= cloud.google.com/go/kms v1.18.2/go.mod h1:YFz1LYrnGsXARuRePL729oINmN5J/5e7nYijgvfiIeY= cloud.google.com/go/longrunning v0.5.9 h1:haH9pAuXdPAMqHvzX0zlWQigXT7B0+CL4/2nXXdBo5k= cloud.google.com/go/longrunning v0.5.9/go.mod h1:HD+0l9/OOW0za6UWdKJtXoFAX/BGg/3Wj8p10NeWF7c= +cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/secretmanager v1.13.3 h1:VqUVYY3U6uFXOhPdZgAoZH9m8E6p7eK02TsDRj2SBf4= cloud.google.com/go/secretmanager v1.13.3/go.mod h1:e45+CxK0w6GaL4hS+KabgQskl4RdSS30b+HRf0TH0kk= +cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.43.0 h1:CcxnSohZwizt4LCzQHWvBf1/kvtHUn7gk9QERXPyXFs= cloud.google.com/go/storage v1.43.0/go.mod h1:ajvxEa7WmZS1PxvKRq4bq0tFT3vMd502JwstCcYv0Q0= dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= +dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU= @@ -84,6 +96,7 @@ github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0= github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= +github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU= github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU= github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ= @@ -101,6 +114,7 @@ github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migc github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/Microsoft/hcsshim v0.11.4 h1:68vKo2VN8DE9AdN4tnkWnmdhqdbpUFM8OF3Airm7fz8= github.com/Microsoft/hcsshim v0.11.4/go.mod h1:smjE4dvqPX9Zldna+t5FG3rnoHhaB7QYxPRqGcpAD9w= +github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/ProtonMail/go-crypto v1.1.0-alpha.2 h1:bkyFVUP+ROOARdgCiJzNQo2V2kiB97LyUpzH9P6Hrlg= github.com/ProtonMail/go-crypto v1.1.0-alpha.2/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs= @@ -114,6 +128,9 @@ github.com/alessio/shellescape v1.4.1/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPp github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec= github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY= github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= +github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= +github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= +github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= @@ -179,6 +196,8 @@ github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= +github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= @@ -196,6 +215,7 @@ github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3k github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk= @@ -215,10 +235,21 @@ github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= +github.com/coredns/caddy v1.1.0/go.mod h1:A6ntJQlAWuQfFlsd9hvigKbo2WS0VUs2l1e2F+BawD4= +github.com/coredns/caddy v1.1.1 h1:2eYKZT7i6yxIfGP3qLJoJ7HAsDJqYB+X68g4NYjSrE0= +github.com/coredns/caddy v1.1.1/go.mod h1:A6ntJQlAWuQfFlsd9hvigKbo2WS0VUs2l1e2F+BawD4= +github.com/coredns/corefile-migration v1.0.21 h1:W/DCETrHDiFo0Wj03EyMkaQ9fwsmSgqTCQDHpceaSsE= +github.com/coredns/corefile-migration v1.0.21/go.mod h1:XnhgULOEouimnzgn0t4WPuFDN2/PJQcTxdWKC5eXNGE= +github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= +github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= +github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4= github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= +github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= +github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= +github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4= github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= @@ -236,6 +267,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= +github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aBfCb7iqHmDEIp6fBvC/hQUddQfg+3qdYjwzaiP9Hnc= github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2/go.mod h1:WHNsWjnIn2V1LYOrME7e8KxSeKunYHsxEm4am0BUtcI= github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0= @@ -282,16 +315,19 @@ github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/foxboron/go-uefi v0.0.0-20240522180132-205d5597883a h1:Q/VIO3QAlaF95JqVVF39udInPR76lu02yrMDInavm8Q= github.com/foxboron/go-uefi v0.0.0-20240522180132-205d5597883a/go.mod h1:ffg/fkDeOYicEQLoO2yFFGt00KUTYVXI+rfnc8il6vQ= github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI= github.com/foxcpp/go-mockdns v1.0.0/go.mod h1:lgRN6+KxQBawyIghpnl5CezHFGS9VLzvtVlwxvzXTQ4= github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= +github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0= github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk= +github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/go-chi/chi v4.1.2+incompatible h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec= github.com/go-chi/chi v4.1.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= @@ -302,6 +338,7 @@ github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+ github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow= github.com/go-git/go-git/v5 v5.12.0 h1:7Md+ndsjrzZxbddRDZjF14qK+NN56sy6wkqaVrjZtys= github.com/go-git/go-git/v5 v5.12.0/go.mod h1:FTM9VKtnI2m65hNI/TenDDDnUf2Q9FHnXYjuz9i5OEY= +github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs= github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw= github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= @@ -367,6 +404,7 @@ github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5x github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= +github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= @@ -375,10 +413,13 @@ github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -396,6 +437,8 @@ github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/gomodule/redigo v1.8.2 h1:H5XSIre1MB5NbPYFp+i1NBbb5qN1W8Y8YAQoAYbkm8k= github.com/gomodule/redigo v1.8.2/go.mod h1:P9dn9mFrCBvWhGE1wpxx6fgq7BAeLBk+UUUzlpkBYO0= +github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU= github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= github.com/google/certificate-transparency-go v1.0.21/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg= @@ -435,10 +478,15 @@ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/logger v1.1.1 h1:+6Z2geNxc9G+4D4oDO9njjjn2d0wN5d7uOo0vOIW1NQ= github.com/google/logger v1.1.1/go.mod h1:BkeJZ+1FhQ+/d087r4dzojEg1u2ZX+ZqG1jTUrLM+zQ= +github.com/google/martian v2.1.0+incompatible h1:/CP5g8u/VJHijgedC/Legn3BAbAaWPgecwXBIDzw5no= +github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.3.3 h1:DIhPTQrbPkgs2yJYdXU/eNACCG5DVQjySNRNlflZ9Fc= github.com/google/martian/v3 v3.3.3/go.mod h1:iEPrYcgCF7jA9OtScMFQyAlZZ4YXTKEtJ1E6RWzmBA0= +github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= +github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= +github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= @@ -450,6 +498,8 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs= github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= +github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= +github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.12.5 h1:8gw9KZK8TiVKB6q3zHY3SBzLnrGp6HQjyfYBYGmXdxA= github.com/googleapis/gax-go/v2 v2.12.5/go.mod h1:BUDKcWo+RaKq5SC9vVYL0wLADa3VcfswbOMMRmB9H3E= github.com/gophercloud/gophercloud v1.3.0/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM= @@ -457,6 +507,7 @@ github.com/gophercloud/gophercloud v1.13.0 h1:8iY9d1DAbzMW6Vok1AxbbK5ZaUjzMp0tdy github.com/gophercloud/gophercloud v1.13.0/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM= github.com/gophercloud/utils v0.0.0-20231010081019-80377eca5d56 h1:sH7xkTfYzxIEgzq1tDHIMKRh1vThOEOGNsettdEeLbE= github.com/gophercloud/utils v0.0.0-20231010081019-80377eca5d56/go.mod h1:VSalo4adEk+3sNkmVJLnhHoOyOYYS8sTWLG4mv5BKto= +github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4= github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q= github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= @@ -468,17 +519,23 @@ github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY= github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= +github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.1.0 h1:pRhl55Yx1eC7BZ1N+BBWwnKaMyD8uC+34TLdndZMAKk= github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.1.0/go.mod h1:XKMd7iuf/RGPSMJ/U4HP0zS2Z9Fh8Ps9a+6X26m/tmI= +github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= +github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0= github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k= +github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= +github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-checkpoint v0.5.0 h1:MFYpPZCnQqQTE18jFwSII6eUQrD/oxMFp3mlgcqk5mU= github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg= github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= +github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 h1:1/D3zfFHttUKaCaGKZ/dR2roBXv0vKbSCnssIldfQdI= @@ -486,6 +543,7 @@ github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320/go.mod h1:EiZBM github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= +github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-kms-wrapping/v2 v2.0.16 h1:WZeXfD26QMWYC35at25KgE021SF9L3u9UMHK8fJAdV0= github.com/hashicorp/go-kms-wrapping/v2 v2.0.16/go.mod h1:ZiKZctjRTLEppuRwrttWkp71VYMbTTCkazK4xT7U/NQ= github.com/hashicorp/go-kms-wrapping/wrappers/awskms/v2 v2.0.9 h1:qdxeZvDMRGZ3YSE4Oz0Pp7WUSUn5S6cWZguEOkEVL50= @@ -494,27 +552,40 @@ github.com/hashicorp/go-kms-wrapping/wrappers/azurekeyvault/v2 v2.0.11 h1:/7SKkY github.com/hashicorp/go-kms-wrapping/wrappers/azurekeyvault/v2 v2.0.11/go.mod h1:LepS5s6ESGE0qQMpYaui5lX+mQYeiYiy06VzwWRioO8= github.com/hashicorp/go-kms-wrapping/wrappers/gcpckms/v2 v2.0.12 h1:PCqWzT/Hii0KL07JsBZ3lJbv/wx02IAHYlhWQq8rxRY= github.com/hashicorp/go-kms-wrapping/wrappers/gcpckms/v2 v2.0.12/go.mod h1:HSaOaX/lv3ShCdilUYbOTPnSvmoZ9xtQhgw+8hYcZkg= +github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= +github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/go-plugin v1.6.0 h1:wgd4KxHJTVGGqWBq4QPB1i5BZNEx9BR8+OFmHDmTk8A= github.com/hashicorp/go-plugin v1.6.0/go.mod h1:lBS5MtSSBZk0SHc66KACcjjlU6WzEVP/8pwz68aMkCI= github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU= github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= +github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6 h1:W9WN8p6moV1fjKLkeqEgkAMu5rauy9QeYDAmIaPuuiA= github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6/go.mod h1:MpCPSPGLDILGb4JMm94/mMi3YysIqsXzGCzkEZjcjXg= +github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= +github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY= github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= +github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc= github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/hc-install v0.7.0 h1:Uu9edVqjKQxxuD28mR5TikkKDd/p55S8vzPC1659aBk= github.com/hashicorp/hc-install v0.7.0/go.mod h1:ELmmzZlGnEcqoUMKUuykHaPCIR1sYLYX+KSggWSKZuA= +github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/hcl/v2 v2.21.0 h1:lve4q/o/2rqwYOgUg3y3V2YPyD1/zkCLGjIV74Jit14= github.com/hashicorp/hcl/v2 v2.21.0/go.mod h1:62ZYHrXgPoX8xBnzl8QzbWq4dyDsDtfCRgIq1rbJEvA= github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= +github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= +github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= +github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= github.com/hashicorp/terraform-exec v0.21.0 h1:uNkLAe95ey5Uux6KJdua6+cv8asgILFVWkd/RG0D2XQ= github.com/hashicorp/terraform-exec v0.21.0/go.mod h1:1PPeMYou+KDUSSeRE9szMZ/oHf4fYUmB923Wzbq1ICg= github.com/hashicorp/terraform-json v0.22.1 h1:xft84GZR0QzjPVWs4lRUwvTcPnegqlyS7orfb5Ltvec= @@ -547,6 +618,7 @@ github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM= github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= +github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= @@ -564,18 +636,22 @@ github.com/jmhodges/clock v1.2.0 h1:eq4kys+NI0PLngzaHEe7AmPT90XMGIEySD1JfV1PDIs= github.com/jmhodges/clock v1.2.0/go.mod h1:qKjhA7x7u/lQpPB1XAqX1b1lCI/w3/fNuYpI/ZjLynI= github.com/jmoiron/sqlx v1.3.5 h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g= github.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ= +github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= +github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/k0kubun/go-ansi v0.0.0-20180517002512-3bf9e2903213/go.mod h1:vNUNkEQ1e29fT/6vq2aBdFsgNPmy8qMdSay1npru+Sw= github.com/karrick/godirwalk v1.17.0 h1:b4kY7nqDdioR/6qnbHQyDvmA17u5G1cZ6J+CZXwSWoI= github.com/karrick/godirwalk v1.17.0/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk= github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= +github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.17.8 h1:YcnTYrq7MikUT7k0Yb5eceMmALQPYBW/Xltxn0NAMnU= @@ -607,6 +683,7 @@ github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhn github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= github.com/lithammer/dedent v1.1.0 h1:VNzHMVCBNG1j0fh3OrsFRkVUwStdDArbgBWoPAffktY= github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z9BP0jIOc= +github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/markbates/errx v1.1.0 h1:QDFeR+UP95dO12JgW+tgi2UVfo0V8YBHiUIOaeBPiEI= @@ -615,12 +692,14 @@ github.com/markbates/oncer v1.0.0 h1:E83IaVAHygyndzPimgUYJjbshhDTALZyXxvk9FOlQRY github.com/markbates/oncer v1.0.0/go.mod h1:Z59JA581E9GP6w96jai+TGqafHPW+cPfRxz2aSZ0mcI= github.com/markbates/safe v1.0.1 h1:yjZkbvRM6IzKj9tlu/zMJLS0n/V351OZWRnF3QfaUxI= github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0= +github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= +github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= @@ -634,19 +713,27 @@ github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU= github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= +github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4= github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY= +github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db h1:62I3jR2EmQ4l5rM/4FEfDWcRD+abF5XlKShorW5LRoQ= github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db/go.mod h1:l0dey0ia/Uv7NcFFVbCLtqEBQbrT4OCwCSKTEv6enCw= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= +github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= +github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU= github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8= github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= +github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= +github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= +github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= +github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= @@ -694,8 +781,10 @@ github.com/opencontainers/image-spec v1.1.0-rc6 h1:XDqvyKsJEbRtATzkgItUqBA7QHk58 github.com/opencontainers/image-spec v1.1.0-rc6/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= +github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pborman/uuid v1.2.1 h1:+ZZIw58t/ozdjRaXh/3awHfmWRbzYxJoAdNJxe/3pvw= github.com/pborman/uuid v1.2.1/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= +github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI= @@ -705,13 +794,16 @@ github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFz github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/poy/onpar v1.1.2 h1:QaNrNiZx0+Nar5dLgTVp5mXkyoVFIbepjyEoGSnhbAY= github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjzg= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= +github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g= github.com/prometheus/client_golang v1.19.0 h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU= @@ -721,27 +813,35 @@ github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1: github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= +github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= +github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE= github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= +github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/regclient/regclient v0.6.1 h1:4PxrGxMXrLpPrSaet8QZl568CVOolyHyukLL9UyogoU= github.com/regclient/regclient v0.6.1/go.mod h1:hCKbRHYMx6LJntAhXzWVV7Oxyn9DzNVJoOKJaSnU5BM= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= +github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= +github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/rubenv/sql-migrate v1.5.2 h1:bMDqOnrJVV/6JQgQ/MxOpU+AdO8uzYYA/TxFUBzFtS0= github.com/rubenv/sql-migrate v1.5.2/go.mod h1:H38GW8Vqf8F0Su5XignRyaRcbXbJunSWxs+kmzlg0Is= +github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/samber/lo v1.38.1 h1:j2XEAqXKb09Am4ebOg31SpvzUTTs6EN3VfgeLUhPdXM= github.com/samber/lo v1.38.1/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA= github.com/samber/slog-multi v1.1.0 h1:m5wfpXE8Qu2gCiR/JnhFGsLcWDOmTxnso32EMffVAY0= @@ -752,6 +852,7 @@ github.com/sassoftware/relic/v7 v7.6.2 h1:rS44Lbv9G9eXsukknS4mSjIAuuX+lMq/FnStgm github.com/sassoftware/relic/v7 v7.6.2/go.mod h1:kjmP0IBVkJZ6gXeAu35/KCEfca//+PKM6vTAsyDPY+k= github.com/schollz/progressbar/v3 v3.14.4 h1:W9ZrDSJk7eqmQhd3uxFNNcTr0QL+xuGNI9dEMrw0r74= github.com/schollz/progressbar/v3 v3.14.4/go.mod h1:aT3UQ7yGm+2ZjeXPqsjTenwL3ddUiuZ0kfQ/2tHlyNI= +github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/secure-systems-lab/go-securesystemslib v0.8.0 h1:mr5An6X45Kb2nddcFlbmfHkLguCE9laoZCUzEEpIZXA= github.com/secure-systems-lab/go-securesystemslib v0.8.0/go.mod h1:UH2VZVuJfCYR8WgMlCU1uFsOUU+KeyrTWcSS73NBOzU= github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= @@ -759,6 +860,7 @@ github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8= github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= +github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/siderolabs/talos/pkg/machinery v1.7.5 h1:M02UZSDfN0BB4bXhTYDjEmVvAIX1GsAS45cyKh6+HHU= github.com/siderolabs/talos/pkg/machinery v1.7.5/go.mod h1:OeamhNo92c3V96bddZNhcCgoRyzw2KWBtpma1lfchtg= github.com/sigstore/rekor v1.3.6 h1:QvpMMJVWAp69a3CHzdrLelqEqpTM3ByQRt5B5Kspbi8= @@ -770,15 +872,25 @@ github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/skeema/knownhosts v1.2.2 h1:Iug2P4fLmDw9f41PB6thxUkNUkJzB5i+1/exaj40L3A= github.com/skeema/knownhosts v1.2.2/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo= +github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= +github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= +github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= +github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= +github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY= +github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0= github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= +github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= +github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= +github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= @@ -796,12 +908,14 @@ github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/theupdateframework/go-tuf v0.7.0 h1:CqbQFrWo1ae3/I0UCblSbczevCCbS31Qvs5LdxRWqRI= github.com/theupdateframework/go-tuf v0.7.0/go.mod h1:uEB7WSY+7ZIugK6R1hiBMBjQftaFzn7ZCDJcp1tCUug= github.com/tink-crypto/tink-go/v2 v2.2.0 h1:L2Da0F2Udh2agtKztdr69mV/KpnY3/lGTkMgLTVIXlA= github.com/tink-crypto/tink-go/v2 v2.2.0/go.mod h1:JJ6PomeNPF3cJpfWC0lgyTES6zpJILkAX0cJNwlS3xU= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs= +github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/transparency-dev/merkle v0.0.2 h1:Q9nBoQcZcgPamMkGn7ghV8XiTZ/kRxn1yCG81+twTK4= github.com/transparency-dev/merkle v0.0.2/go.mod h1:pqSy+OXefQ1EDUVmAJ8MUhHB9TXGuzVAT58PqBoHz1A= github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc= @@ -826,6 +940,7 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHo github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74= github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= +github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ= github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -843,6 +958,7 @@ github.com/zclconf/go-cty v1.14.4 h1:uXXczd9QDGsgu0i/QFR/hzI5NYCHLf6NQw/atrbnhq8 github.com/zclconf/go-cty v1.14.4/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940 h1:4r45xpDWB6ZMSMNJFMOjqrGHynW3DIBuR2H9j0ug+Mo= github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940/go.mod h1:CmBdvvj3nqzfzJ6nTCIwDTPZ56aVGvDrmztiO5g3qrM= +go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/etcd/api/v3 v3.5.14 h1:vHObSCxyB9zlF60w7qzAdTcGaglbJOpSj1Xj9+WGxq0= go.etcd.io/etcd/api/v3 v3.5.14/go.mod h1:BmtWcRlQvwa1h3G2jvKYwIQy4PkHlDej5t7uLMUdJUU= go.etcd.io/etcd/client/pkg/v3 v3.5.14 h1:SaNH6Y+rVEdxfpA2Jr5wkEvN6Zykme5+YnbCkxvuWxQ= @@ -853,6 +969,8 @@ go.mongodb.org/mongo-driver v1.14.0 h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd go.mongodb.org/mongo-driver v1.14.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c= go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1 h1:A/5uWzF44DlIgdm/PQFwfMkW0JX+cIcQi/SwLAmZP5M= go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= +go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= +go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 h1:vS1Ao/R55RNV4O7TA2Qopok8yN+X0LIP6RVWLFkprck= @@ -876,14 +994,20 @@ go.opentelemetry.io/proto/otlp v1.2.0/go.mod h1:gGpR8txAl5M03pDhMC79G6SdqNV26naR go.starlark.net v0.0.0-20210223155950-e043a3d3c984/go.mod h1:t3mmBBPzAVvK0L0n1drDmrQsJ8FoIx4INCqVMTr/Zo0= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= +go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= +go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= +go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= @@ -895,11 +1019,25 @@ golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDf golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= +golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= +golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= golang.org/x/exp v0.0.0-20240707233637-46b078467d37 h1:uLDX+AfeFCct3a2C7uIWBKMJIR3CJMhcgfrUAqjRK6w= golang.org/x/exp v0.0.0-20240707233637-46b078467d37/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= +golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= +golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= +golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= +golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= +golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= +golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= @@ -908,10 +1046,17 @@ golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8= golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -927,11 +1072,14 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -939,12 +1087,20 @@ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -983,6 +1139,7 @@ golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk= golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -994,13 +1151,28 @@ golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= +golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= @@ -1014,14 +1186,28 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= +google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= +google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= +google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= +google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= +google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.188.0 h1:51y8fJ/b1AaaBRJr4yWm96fPcuxSo0JcegXE3DaHQHw= google.golang.org/api v0.188.0/go.mod h1:VR0d+2SIiWOYG3r/jdm7adPW9hI2aRv9ETOSCQ9Beag= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= +google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20240708141625-4ad9e859172b h1:dSTjko30weBaMj3eERKc0ZVXW4GudCswM3m+P++ukU0= google.golang.org/genproto v0.0.0-20240708141625-4ad9e859172b/go.mod h1:FfBgJBJg9GcpPvKIuHSZ/aE1g2ecGL74upMzGZjiGEY= @@ -1030,6 +1216,8 @@ google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094/go. google.golang.org/genproto/googleapis/rpc v0.0.0-20240708141625-4ad9e859172b h1:04+jVzTs2XBnOZcPsLnmrTGqltqJbZQ1Ey26hjYdQQ0= google.golang.org/genproto/googleapis/rpc v0.0.0-20240708141625-4ad9e859172b/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= +google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= +google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= @@ -1057,10 +1245,14 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EV gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= +gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= +gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= @@ -1073,7 +1265,10 @@ gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= helm.sh/helm/v3 v3.15.2 h1:/3XINUFinJOBjQplGnjw92eLGpgXXp1L8chWPkCkDuw= helm.sh/helm/v3 v3.15.2/go.mod h1:FzSIP8jDQaa6WAVg9F+OkKz7J0ZmAga4MABtTbsb9WQ= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= k8s.io/api v0.30.2 h1:+ZhRj+28QT4UOH+BKznu4CBgPWgkXO7XAvMcMl0qKvI= k8s.io/api v0.30.2/go.mod h1:ULg5g9JvOev2dG0u2hig4Z7tQ2hHIuS+m8MNZ+X6EmI= k8s.io/apiextensions-apiserver v0.30.2 h1:l7Eue2t6QiLHErfn2vwK4KgF4NeDgjQkCXtEbOocKIE= @@ -1108,6 +1303,7 @@ libvirt.org/go/libvirt v1.10003.0 h1:LEoawzuggD6IL5R/XtnBE8wWJx49i7UZ1HcB7p9glwE libvirt.org/go/libvirt v1.10003.0/go.mod h1:1WiFE8EjZfq+FCVog+rvr1yatKbKZ9FaFMZgEqxEJqQ= oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo= oras.land/oras-go v1.2.5/go.mod h1:PuAwRShRZCsZb7g8Ar3jKKQR/2A/qN+pkYxIOd/FAoo= +rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= sigs.k8s.io/controller-runtime v0.18.4 h1:87+guW1zhvuPLh1PHybKdYFLU0YJp4FhJRmiHvm5BZw= sigs.k8s.io/controller-runtime v0.18.4/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= diff --git a/internal/constellation/helm/BUILD.bazel b/internal/constellation/helm/BUILD.bazel index 8ab09ef41..928681b90 100644 --- a/internal/constellation/helm/BUILD.bazel +++ b/internal/constellation/helm/BUILD.bazel @@ -465,6 +465,14 @@ go_library( "charts/cert-manager/templates/cainjector-config.yaml", "charts/cert-manager/templates/extras-objects.yaml", "charts/cert-manager/templates/podmonitor.yaml", + "charts/coredns/Chart.yaml", + "charts/coredns/values.yaml", + "charts/coredns/templates/clusterrole.yaml", + "charts/coredns/templates/clusterrolebinding.yaml", + "charts/coredns/templates/configmap.yaml", + "charts/coredns/templates/deployment.yaml", + "charts/coredns/templates/service.yaml", + "charts/coredns/templates/serviceaccount.yaml", ], importpath = "github.com/edgelesssys/constellation/v2/internal/constellation/helm", visibility = ["//:__subpackages__"], @@ -492,6 +500,7 @@ go_library( "@io_k8s_client_go//restmapper", "@io_k8s_client_go//tools/clientcmd", "@io_k8s_client_go//util/retry", + "@io_k8s_kubernetes//cmd/kubeadm/app/constants", "@sh_helm_helm_v3//pkg/action", "@sh_helm_helm_v3//pkg/chart", "@sh_helm_helm_v3//pkg/chart/loader", diff --git a/internal/constellation/helm/charts/coredns/Chart.yaml b/internal/constellation/helm/charts/coredns/Chart.yaml new file mode 100644 index 000000000..bd531acd7 --- /dev/null +++ b/internal/constellation/helm/charts/coredns/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +name: kube-dns +version: 0.0.0 diff --git a/internal/constellation/helm/charts/coredns/templates/clusterrole.yaml b/internal/constellation/helm/charts/coredns/templates/clusterrole.yaml new file mode 100644 index 000000000..13d284c3c --- /dev/null +++ b/internal/constellation/helm/charts/coredns/templates/clusterrole.yaml @@ -0,0 +1,23 @@ + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: system:coredns +rules: +- apiGroups: + - "" + resources: + - endpoints + - services + - pods + - namespaces + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch diff --git a/internal/constellation/helm/charts/coredns/templates/clusterrolebinding.yaml b/internal/constellation/helm/charts/coredns/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..ab35291a1 --- /dev/null +++ b/internal/constellation/helm/charts/coredns/templates/clusterrolebinding.yaml @@ -0,0 +1,13 @@ + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: system:coredns +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:coredns +subjects: +- kind: ServiceAccount + name: coredns + namespace: kube-system diff --git a/internal/constellation/helm/charts/coredns/templates/configmap.yaml b/internal/constellation/helm/charts/coredns/templates/configmap.yaml new file mode 100644 index 000000000..3cec1e9e4 --- /dev/null +++ b/internal/constellation/helm/charts/coredns/templates/configmap.yaml @@ -0,0 +1,28 @@ + +apiVersion: v1 +kind: ConfigMap +metadata: + name: coredns + namespace: kube-system +data: + Corefile: | + .:53 { + errors + health { + lameduck 5s + } + ready + kubernetes {{ .Values.dnsDomain }} in-addr.arpa ip6.arpa { + pods insecure + fallthrough in-addr.arpa ip6.arpa + ttl 30 + } + prometheus :9153 + forward . /etc/resolv.conf { + max_concurrent 1000 + } + cache 30 + loop + reload + loadbalance + } diff --git a/internal/constellation/helm/charts/coredns/templates/deployment.yaml b/internal/constellation/helm/charts/coredns/templates/deployment.yaml new file mode 100644 index 000000000..c8e7dbff0 --- /dev/null +++ b/internal/constellation/helm/charts/coredns/templates/deployment.yaml @@ -0,0 +1,109 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + creationTimestamp: null + labels: + k8s-app: kube-dns + name: coredns + namespace: kube-system +spec: + replicas: 2 + selector: + matchLabels: + k8s-app: kube-dns + strategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + creationTimestamp: null + labels: + k8s-app: kube-dns + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: k8s-app + operator: In + values: + - kube-dns + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - args: + - -conf + - /etc/coredns/Corefile + image: '{{ .Values.image }}' + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 5 + httpGet: + path: /health + port: 8080 + scheme: HTTP + initialDelaySeconds: 60 + successThreshold: 1 + timeoutSeconds: 5 + name: coredns + ports: + - containerPort: 53 + name: dns + protocol: UDP + - containerPort: 53 + name: dns-tcp + protocol: TCP + - containerPort: 9153 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /ready + port: 8181 + scheme: HTTP + resources: + limits: + memory: 170Mi + requests: + cpu: 100m + memory: 70Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /etc/coredns + name: config-volume + readOnly: true + dnsPolicy: Default + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-cluster-critical + serviceAccountName: coredns + tolerations: + - key: CriticalAddonsOnly + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + - effect: NoSchedule + key: node.cloudprovider.kubernetes.io/uninitialized + value: "true" + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 10 + volumes: + - configMap: + items: + - key: Corefile + path: Corefile + name: coredns + name: config-volume +status: {} diff --git a/internal/constellation/helm/charts/coredns/templates/service.yaml b/internal/constellation/helm/charts/coredns/templates/service.yaml new file mode 100644 index 000000000..ba243aa19 --- /dev/null +++ b/internal/constellation/helm/charts/coredns/templates/service.yaml @@ -0,0 +1,33 @@ + +apiVersion: v1 +kind: Service +metadata: + labels: + k8s-app: kube-dns + kubernetes.io/cluster-service: "true" + kubernetes.io/name: "CoreDNS" + name: kube-dns + namespace: kube-system + annotations: + prometheus.io/port: "9153" + prometheus.io/scrape: "true" + # Without this resourceVersion value, an update of the Service between versions will yield: + # Service "kube-dns" is invalid: metadata.resourceVersion: Invalid value: "": must be specified for an update + resourceVersion: "0" +spec: + clusterIP: "{{ .Values.clusterIP }}" + ports: + - name: dns + port: 53 + protocol: UDP + targetPort: 53 + - name: dns-tcp + port: 53 + protocol: TCP + targetPort: 53 + - name: metrics + port: 9153 + protocol: TCP + targetPort: 9153 + selector: + k8s-app: kube-dns diff --git a/internal/constellation/helm/charts/coredns/templates/serviceaccount.yaml b/internal/constellation/helm/charts/coredns/templates/serviceaccount.yaml new file mode 100644 index 000000000..937b99fa5 --- /dev/null +++ b/internal/constellation/helm/charts/coredns/templates/serviceaccount.yaml @@ -0,0 +1,6 @@ + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: coredns + namespace: kube-system diff --git a/internal/constellation/helm/charts/coredns/values.yaml b/internal/constellation/helm/charts/coredns/values.yaml new file mode 100644 index 000000000..85986b74a --- /dev/null +++ b/internal/constellation/helm/charts/coredns/values.yaml @@ -0,0 +1,3 @@ +clusterIP: 10.96.0.10 +dnsDomain: cluster.local +image: registry.k8s.io/coredns/coredns:v1.11.1@sha256:1eeb4c7316bacb1d4c8ead65571cd92dd21e27359f0d4917f1a5822a73b75db1 diff --git a/internal/constellation/helm/corednsgen/BUILD.bazel b/internal/constellation/helm/corednsgen/BUILD.bazel new file mode 100644 index 000000000..4dbc61a61 --- /dev/null +++ b/internal/constellation/helm/corednsgen/BUILD.bazel @@ -0,0 +1,26 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") + +go_library( + name = "corednsgen_lib", + srcs = ["corednsgen.go"], + importpath = "github.com/edgelesssys/constellation/v2/internal/constellation/helm/corednsgen", + visibility = ["//visibility:private"], + deps = [ + "//internal/versions", + "@com_github_regclient_regclient//:regclient", + "@com_github_regclient_regclient//types/ref", + "@io_k8s_api//apps/v1:apps", + "@io_k8s_api//core/v1:core", + "@io_k8s_kubernetes//cmd/kubeadm/app/apis/kubeadm", + "@io_k8s_kubernetes//cmd/kubeadm/app/images", + "@io_k8s_kubernetes//cmd/kubeadm/app/phases/addons/dns", + "@io_k8s_kubernetes//cmd/kubeadm/app/util", + "@io_k8s_sigs_yaml//:yaml", + ], +) + +go_binary( + name = "corednsgen", + embed = [":corednsgen_lib"], + visibility = ["//:__subpackages__"], +) diff --git a/internal/constellation/helm/corednsgen/corednsgen.go b/internal/constellation/helm/corednsgen/corednsgen.go new file mode 100644 index 000000000..f777914c4 --- /dev/null +++ b/internal/constellation/helm/corednsgen/corednsgen.go @@ -0,0 +1,153 @@ +/* +Copyright (c) Edgeless Systems GmbH + +SPDX-License-Identifier: AGPL-3.0-only +*/ + +// corednsgen synthesizes a Helm chart from the resource templates embedded in +// kubeadm and writes it to the `charts` directory underneath the current +// working directory. This removes the existing `coredns` subdirectory! +package main + +import ( + "context" + "flag" + "fmt" + "log" + "os" + "path/filepath" + + "github.com/edgelesssys/constellation/v2/internal/versions" + "github.com/regclient/regclient" + "github.com/regclient/regclient/types/ref" + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" + "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm" + "k8s.io/kubernetes/cmd/kubeadm/app/images" + kubedns "k8s.io/kubernetes/cmd/kubeadm/app/phases/addons/dns" + kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util" + "sigs.k8s.io/yaml" +) + +var chartDir = flag.String("charts", "./charts", "target directory to create charts in") + +func main() { + flag.Parse() + + if err := os.RemoveAll(filepath.Join(*chartDir, "coredns")); err != nil { + log.Fatalf("Could not remove chart dir: %v", err) + } + + writeFileRelativeToChartDir(chartYAML(), "Chart.yaml") + writeFileRelativeToChartDir(valuesYAML(), "values.yaml") + + writeTemplate(kubedns.CoreDNSServiceAccount, "serviceaccount.yaml") + writeTemplate(kubedns.CoreDNSClusterRole, "clusterrole.yaml") + writeTemplate(kubedns.CoreDNSClusterRoleBinding, "clusterrolebinding.yaml") + writeTemplate(kubedns.CoreDNSConfigMap, "configmap.yaml") + writeTemplate(kubedns.CoreDNSService, "service.yaml") + + writeFileRelativeToChartDir(patchedDeployment(), "templates", "deployment.yaml") +} + +func chartYAML() []byte { + chart := map[string]string{ + "apiVersion": "v2", + "name": "kube-dns", + "version": "0.0.0", + } + data, err := yaml.Marshal(chart) + if err != nil { + log.Fatalf("Could not marshal Chart.yaml: %v", err) + } + return data +} + +func valuesYAML() []byte { + cfg := &kubeadm.ClusterConfiguration{ + KubernetesVersion: string(versions.Default), + ImageRepository: "registry.k8s.io", + } + img := images.GetDNSImage(cfg) + ref, err := ref.New(img) + if err != nil { + log.Fatalf("Could not parse image reference: %v", err) + } + + rc := regclient.New() + m, err := rc.ManifestGet(context.Background(), ref) + if err != nil { + log.Fatalf("Could not get image manifest: %v", err) + } + + values := map[string]string{ + "clusterIP": "10.96.0.10", + "dnsDomain": "cluster.local", + "image": fmt.Sprintf("%s/%s:%s@%s", ref.Registry, ref.Repository, ref.Tag, m.GetDescriptor().Digest.String()), + } + data, err := yaml.Marshal(values) + if err != nil { + log.Fatalf("Could not marshal values.yaml: %v", err) + } + return data +} + +// patchedDeployment extracts the CoreDNS deployment from kubeadm and adds necessary tolerations. +func patchedDeployment() []byte { + var d appsv1.Deployment + if err := yaml.Unmarshal(parseTemplate(kubedns.CoreDNSDeployment), &d); err != nil { + log.Fatalf("Could not parse deployment: %v", err) + } + + tolerations := []corev1.Toleration{ + {Key: "node.cloudprovider.kubernetes.io/uninitialized", Value: "true", Effect: corev1.TaintEffectNoSchedule}, + {Key: "node.kubernetes.io/unreachable", Operator: corev1.TolerationOpExists, Effect: corev1.TaintEffectNoExecute, TolerationSeconds: toPtr(int64(10))}, + } + d.Spec.Template.Spec.Tolerations = append(d.Spec.Template.Spec.Tolerations, tolerations...) + out, err := yaml.Marshal(d) + if err != nil { + log.Fatalf("Could not marshal patched deployment: %v", err) + } + return out +} + +func writeFileRelativeToChartDir(content []byte, pathElements ...string) { + p := filepath.Join(append([]string{*chartDir, "coredns"}, pathElements...)...) + d := filepath.Dir(p) + if err := os.MkdirAll(d, 0o755); err != nil { + log.Fatalf("Could not create dir %q: %v", d, err) + } + if err := os.WriteFile(p, content, 0o644); err != nil { + log.Fatalf("Could not write file %q: %v", p, err) + } +} + +// parseTemplate replaces the Go template placeholders in kubeadm resources +// with fixed values or Helm value placeholders. +func parseTemplate(tmpl string) []byte { + vars := struct { + DeploymentName, Image, ControlPlaneTaintKey, DNSDomain, DNSIP string + Replicas *int32 + }{ + DeploymentName: "coredns", + DNSDomain: `{{ .Values.dnsDomain }}`, + DNSIP: `"{{ .Values.clusterIP }}"`, + Image: `"{{ .Values.image }}"`, + ControlPlaneTaintKey: "node-role.kubernetes.io/control-plane", + Replicas: toPtr(int32(2)), + } + data, err := kubeadmutil.ParseTemplate(tmpl, vars) + if err != nil { + log.Fatalf("Could not interpolate template: %v", err) + } + return data +} + +func writeTemplate(tmpl string, name string) { + data := parseTemplate(tmpl) + writeFileRelativeToChartDir(data, "templates", name) +} + +func toPtr[T any](v T) *T { + return &v +} diff --git a/internal/constellation/helm/helm.go b/internal/constellation/helm/helm.go index dcc994c6c..474044138 100644 --- a/internal/constellation/helm/helm.go +++ b/internal/constellation/helm/helm.go @@ -91,6 +91,7 @@ type Options struct { HelmWaitMode WaitMode ApplyTimeout time.Duration OpenStackValues *OpenStackValues + ServiceCIDR string } // PrepareApply loads the charts and returns the executor to apply them. @@ -114,7 +115,8 @@ func (h Client) loadReleases( ) ([]release, error) { helmLoader := newLoader(flags.CSP, flags.AttestationVariant, flags.K8sVersion, stateFile, h.cliVersion) h.log.Debug("Created new Helm loader") - return helmLoader.loadReleases(flags.Conformance, flags.DeployCSIDriver, flags.HelmWaitMode, secret, serviceAccURI, flags.OpenStackValues) + // TODO(burgerdev): pass down the entire flags struct + return helmLoader.loadReleases(flags.Conformance, flags.DeployCSIDriver, flags.HelmWaitMode, secret, serviceAccURI, flags.OpenStackValues, flags.ServiceCIDR) } // Applier runs the Helm actions. diff --git a/internal/constellation/helm/helm_test.go b/internal/constellation/helm/helm_test.go index f9af7bafa..65dfb3396 100644 --- a/internal/constellation/helm/helm_test.go +++ b/internal/constellation/helm/helm_test.go @@ -199,6 +199,7 @@ func TestHelmApply(t *testing.T) { certManagerVersion = *tc.clusterCertManagerVersion } helmListVersion(lister, "cilium", "v1.15.5-edg.1") + helmListVersion(lister, "coredns", "v0.0.0") helmListVersion(lister, "cert-manager", certManagerVersion) helmListVersion(lister, "constellation-services", tc.clusterMicroServiceVersion) helmListVersion(lister, "constellation-operators", tc.clusterMicroServiceVersion) diff --git a/internal/constellation/helm/loader.go b/internal/constellation/helm/loader.go index 09b83cd68..da87308ad 100644 --- a/internal/constellation/helm/loader.go +++ b/internal/constellation/helm/loader.go @@ -31,6 +31,7 @@ import ( // Run `go generate` to download (and patch) upstream helm charts. //go:generate ./generateCilium.sh +//go:generate go run ./corednsgen/ //go:generate ./update-csi-charts.sh //go:generate ./generateCertManager.sh //go:generate ./update-aws-load-balancer-chart.sh @@ -46,6 +47,7 @@ type chartInfo struct { var ( // Charts we fetch from an upstream with real versions. + coreDNSInfo = chartInfo{releaseName: "coredns", chartName: "coredns", path: "charts/coredns"} ciliumInfo = chartInfo{releaseName: "cilium", chartName: "cilium", path: "charts/cilium"} certManagerInfo = chartInfo{releaseName: "cert-manager", chartName: "cert-manager", path: "charts/cert-manager"} awsLBControllerInfo = chartInfo{releaseName: "aws-load-balancer-controller", chartName: "aws-load-balancer-controller", path: "charts/aws-load-balancer-controller"} @@ -124,7 +126,7 @@ type OpenStackValues struct { // loadReleases loads the embedded helm charts and returns them as a HelmReleases object. func (i *chartLoader) loadReleases(conformanceMode, deployCSIDriver bool, helmWaitMode WaitMode, masterSecret uri.MasterSecret, - serviceAccURI string, openStackValues *OpenStackValues, + serviceAccURI string, openStackValues *OpenStackValues, serviceCIDR string, ) (releaseApplyOrder, error) { ciliumRelease, err := i.loadRelease(ciliumInfo, helmWaitMode) if err != nil { @@ -133,6 +135,16 @@ func (i *chartLoader) loadReleases(conformanceMode, deployCSIDriver bool, helmWa ciliumVals := extraCiliumValues(i.csp, conformanceMode, i.stateFile.Infrastructure) ciliumRelease.values = mergeMaps(ciliumRelease.values, ciliumVals) + coreDNSRelease, err := i.loadRelease(coreDNSInfo, helmWaitMode) + if err != nil { + return nil, fmt.Errorf("loading coredns: %w", err) + } + coreDNSVals, err := extraCoreDNSValues(serviceCIDR) + if err != nil { + return nil, fmt.Errorf("loading coredns values: %w", err) + } + coreDNSRelease.values = mergeMaps(coreDNSRelease.values, coreDNSVals) + certManagerRelease, err := i.loadRelease(certManagerInfo, helmWaitMode) if err != nil { return nil, fmt.Errorf("loading cert-manager: %w", err) @@ -156,7 +168,7 @@ func (i *chartLoader) loadReleases(conformanceMode, deployCSIDriver bool, helmWa } conServicesRelease.values = mergeMaps(conServicesRelease.values, svcVals) - releases := releaseApplyOrder{ciliumRelease, conServicesRelease, certManagerRelease, operatorRelease} + releases := releaseApplyOrder{ciliumRelease, coreDNSRelease, conServicesRelease, certManagerRelease, operatorRelease} if deployCSIDriver { csiRelease, err := i.loadRelease(csiInfo, WaitModeNone) if err != nil { @@ -224,6 +236,8 @@ func (i *chartLoader) loadRelease(info chartInfo, helmWaitMode WaitMode) (releas values = i.loadAWSLBControllerValues() case csiInfo.releaseName: values = i.loadCSIValues() + default: + values = map[string]any{} } // Charts we package ourselves have version 0.0.0. diff --git a/internal/constellation/helm/loader_test.go b/internal/constellation/helm/loader_test.go index 762f544b3..765bbf221 100644 --- a/internal/constellation/helm/loader_test.go +++ b/internal/constellation/helm/loader_test.go @@ -94,7 +94,7 @@ func TestLoadReleases(t *testing.T) { helmReleases, err := chartLoader.loadReleases( true, false, WaitModeAtomic, uri.MasterSecret{Key: []byte("secret"), Salt: []byte("masterSalt")}, - fakeServiceAccURI(cloudprovider.GCP), nil, + fakeServiceAccURI(cloudprovider.GCP), nil, "172.16.128.0/17", ) require.NoError(err) for _, release := range helmReleases { @@ -260,6 +260,55 @@ func TestConstellationServices(t *testing.T) { } } +func TestExtraCoreDNSValues(t *testing.T) { + testCases := map[string]struct { + cidr string + wantIP string + wantUnset bool + wantErr bool + }{ + "default": { + cidr: "10.96.0.0/12", + wantIP: "10.96.0.10", + }, + "custom": { + cidr: "172.16.128.0/17", + wantIP: "172.16.128.10", + }, + "too small": { + cidr: "172.16.0.0/30", + wantErr: true, + }, + "bad ip": { + cidr: "cluster.local", + wantErr: true, + }, + "v6": { + cidr: "fd12:3456:789a:100::/56", + wantIP: "fd12:3456:789a:100::a", + }, + "no ip": { + wantUnset: true, + }, + } + + for name, tc := range testCases { + t.Run(name, func(t *testing.T) { + values, err := extraCoreDNSValues(tc.cidr) + if tc.wantErr { + assert.Error(t, err) + return + } + ip, ok := values["clusterIP"] + if tc.wantUnset { + assert.False(t, ok) + return + } + assert.Equal(t, tc.wantIP, ip) + }) + } +} + // TestOperators checks if the rendered constellation-services chart produces the expected yaml files. func TestOperators(t *testing.T) { testCases := map[string]struct { diff --git a/internal/constellation/helm/overrides.go b/internal/constellation/helm/overrides.go index 2ef690935..c80c8aeb7 100644 --- a/internal/constellation/helm/overrides.go +++ b/internal/constellation/helm/overrides.go @@ -21,8 +21,21 @@ import ( "github.com/edgelesssys/constellation/v2/internal/constants" "github.com/edgelesssys/constellation/v2/internal/constellation/state" "github.com/edgelesssys/constellation/v2/internal/kms/uri" + kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants" ) +func extraCoreDNSValues(serviceCIDR string) (map[string]any, error) { + if serviceCIDR == "" { + return map[string]any{}, nil + } + ip, err := kubeadmconstants.GetDNSIP(serviceCIDR) + if err != nil { + return nil, fmt.Errorf("calculating DNS service IP: %w", err) + } + + return map[string]any{"clusterIP": ip.String()}, nil +} + // TODO(malt3): switch over to DNS name on AWS and Azure // soon as every apiserver certificate of every control-plane node // has the dns endpoint in its SAN list. diff --git a/internal/kubernetes/kubectl/kubectl.go b/internal/kubernetes/kubectl/kubectl.go index f61488082..dae2e2db6 100644 --- a/internal/kubernetes/kubectl/kubectl.go +++ b/internal/kubernetes/kubectl/kubectl.go @@ -188,65 +188,6 @@ func (k *Kubectl) PatchFirstNodePodCIDR(ctx context.Context, firstNodePodCIDR st return err } -// EnforceCoreDNSSpread adds a pod anti-affinity to the CoreDNS deployment to ensure that -// CoreDNS pods are spread across nodes. -func (k *Kubectl) EnforceCoreDNSSpread(ctx context.Context) error { - // allow CoreDNS Pods to run on uninitialized nodes, which is required by cloud-controller-manager - tolerationSeconds := int64(10) - tolerations := []corev1.Toleration{ - { - Key: "node.cloudprovider.kubernetes.io/uninitialized", - Value: "true", - Effect: corev1.TaintEffectNoSchedule, - }, - { - Key: "node.kubernetes.io/unreachable", - Operator: corev1.TolerationOpExists, - Effect: corev1.TaintEffectNoExecute, - TolerationSeconds: &tolerationSeconds, - }, - } - - deployments := k.AppsV1().Deployments("kube-system") - // retry resource update if an error occurs - return retry.RetryOnConflict(retry.DefaultRetry, func() error { - result, err := deployments.Get(ctx, "coredns", metav1.GetOptions{}) - if err != nil { - return fmt.Errorf("failed to get Deployment to add toleration: %w", err) - } - - result.Spec.Template.Spec.Tolerations = append(result.Spec.Template.Spec.Tolerations, tolerations...) - - if result.Spec.Template.Spec.Affinity == nil { - result.Spec.Template.Spec.Affinity = &corev1.Affinity{} - } - if result.Spec.Template.Spec.Affinity.PodAntiAffinity == nil { - result.Spec.Template.Spec.Affinity.PodAntiAffinity = &corev1.PodAntiAffinity{} - } - result.Spec.Template.Spec.Affinity.PodAntiAffinity.PreferredDuringSchedulingIgnoredDuringExecution = []corev1.WeightedPodAffinityTerm{} - if result.Spec.Template.Spec.Affinity.PodAntiAffinity.RequiredDuringSchedulingIgnoredDuringExecution == nil { - result.Spec.Template.Spec.Affinity.PodAntiAffinity.RequiredDuringSchedulingIgnoredDuringExecution = []corev1.PodAffinityTerm{} - } - - result.Spec.Template.Spec.Affinity.PodAntiAffinity.RequiredDuringSchedulingIgnoredDuringExecution = append(result.Spec.Template.Spec.Affinity.PodAntiAffinity.RequiredDuringSchedulingIgnoredDuringExecution, - corev1.PodAffinityTerm{ - LabelSelector: &metav1.LabelSelector{ - MatchExpressions: []metav1.LabelSelectorRequirement{ - { - Key: "k8s-app", - Operator: metav1.LabelSelectorOpIn, - Values: []string{"kube-dns"}, - }, - }, - }, - TopologyKey: "kubernetes.io/hostname", - }) - - _, err = deployments.Update(ctx, result, metav1.UpdateOptions{}) - return err - }) -} - // AddNodeSelectorsToDeployment adds [K8s selectors] to the deployment, identified // by name and namespace. // From 02cb4a3850b4e47bb3c1eb73fc66ba0e7c4f3604 Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Fri, 12 Jul 2024 13:23:49 +0200 Subject: [PATCH 163/380] renovate: exclude stackit from Terraform group (#3253) --- renovate.json5 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/renovate.json5 b/renovate.json5 index 98c0cba36..496f78826 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -71,6 +71,8 @@ "pinDigest", "rollback", ], + // stackit is excluded from the group so that we can ignore v0.24.1: https://github.com/stackitcloud/terraform-provider-stackit/issues/464. + "excludeDepNames": ["stackit"], }, { "matchManagers": ["bazelisk", "bazel", "bazel-module"], From 4f2418ed27e2cd29a60c34d72acfdc7ad372acf3 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Sun, 14 Jul 2024 12:56:13 +0200 Subject: [PATCH 164/380] image: update locked rpms (#3256) Co-authored-by: edgelessci --- image/mirror/SHA256SUMS | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/image/mirror/SHA256SUMS b/image/mirror/SHA256SUMS index 8d3fb7df0..554908ad2 100644 --- a/image/mirror/SHA256SUMS +++ b/image/mirror/SHA256SUMS @@ -86,8 +86,8 @@ b140d705003260cc46ee9e74508b1efaca4f3d0e05eba68a3d6d90cd8fa742cf glibc-minimal- b054d6a9ee3477e935686b327aa47379bd1909eac4ce06c4c45dff1a201ecb49 gmp-6.2.1-8.fc40.x86_64.rpm 0a8b1b3fb625e4d1864ad6726f583e2db5db7f10d9f3564b5916ca7fed1b71cb gnupg2-2.4.4-1.fc40.x86_64.rpm 4425dbd35ab65f25b092d12ac56c4b565371a1c52ac882c8896dbeae7d52bbb1 gnupg2-smime-2.4.4-1.fc40.x86_64.rpm -4a41802154b079185f306fb9a2e9522e2dc1b866b1f947707cdb04ee876f3fd2 gnutls-3.8.5-1.fc40.x86_64.rpm -41eccf83033fa7ba4d181659eb2e3a94d8b276c6f75557ca0a3b7fd196733f29 gnutls-dane-3.8.5-1.fc40.x86_64.rpm +4289ccbb44e4a764ef6f58593a56f2598c6821feebac52be6fa04c771eebf029 gnutls-3.8.6-1.fc40.x86_64.rpm +0e5c3c13d4c34d83453667a8011eab1859d0db5ff7409fba0dce3fbd68604226 gnutls-dane-3.8.6-1.fc40.x86_64.rpm f1d7b8ac27932363eeb6cb667ef26ea1c000379beb9348fbed295e062538b4ee google-compute-engine-guest-configs-udev-20240607.00-2.fc40.noarch.rpm 94e443590221fb17e0330f076ebac32baab17b8d9c22566db372899ae750ca64 gpgme-1.23.2-3.fc40.x86_64.rpm 6d54af0fc5ae216eb97720415acda4245ebc6c021420a2892b58620b5b25ca38 gpm-libs-1.20.7-46.fc40.x86_64.rpm @@ -117,8 +117,8 @@ c8e382e9de90e6946dd9bc2f706d6c307ea4ebba3eca91a283f1bb72b5b3ac9c kbd-2.6.4-3.fc 42994ac67877595861b55adafd75ab3ce02d397e2ccddac8fb40ec0fecb4436b kmod-libs-31-5.fc40.i686.rpm 53dd95341767a2ea40b68e4621a231883bd5b69426f0920ce1f1ca94e18765cb kmod-libs-31-5.fc40.x86_64.rpm 9a03b21936528f6d08700757cb460c48e9557a71efaaa5e93b01b3f7614320f3 kpartx-0.9.7-7.fc40.x86_64.rpm -b71c8e48abe4b3f4898e59233bf071b75ae9a58c691c7d1b988c661b700931ff krb5-libs-1.21.2-5.fc40.i686.rpm -9fa9b3dc437120759814d4b33f05d84b4317f55dc310d8075f4555f341e25ff1 krb5-libs-1.21.2-5.fc40.x86_64.rpm +a983bdcb68e5de1c648791c96bb88a87846fd52faded3f9e00e31277c3ebae50 krb5-libs-1.21.3-1.fc40.i686.rpm +2c32d410b49c6d3d4f66b361169ad76dfd9f75ee01d9866c62b14d1e5dfc5124 krb5-libs-1.21.3-1.fc40.x86_64.rpm 6f2f0a522f2f10f273a77a60fdb7e066c14059d0a3676c9f723162daa7110b42 libacl-2.3.2-1.fc40.i686.rpm b753174804f57c3c6bae7afeb6145005498f18ae5d1aa0d340f9df5b8d71312f libacl-2.3.2-1.fc40.x86_64.rpm 779fe018a49d05d6f8230cc780960fbbd8990790e0ebe5b0d9e043f998db121e libarchive-3.7.2-4.fc40.x86_64.rpm From 38b72f82943a6d331422308e4a96046ed900ed1d Mon Sep 17 00:00:00 2001 From: 3u13r Date: Sun, 14 Jul 2024 15:49:45 +0200 Subject: [PATCH 165/380] helm: add serviceProxyName to conformance values (#3247) --- internal/constellation/helm/overrides.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/internal/constellation/helm/overrides.go b/internal/constellation/helm/overrides.go index c80c8aeb7..deb515909 100644 --- a/internal/constellation/helm/overrides.go +++ b/internal/constellation/helm/overrides.go @@ -86,7 +86,6 @@ func extraCiliumValues(provider cloudprovider.Provider, conformanceMode bool, ou // Since there should always be workarounds, we only support this mode to // pass the K8s conformance tests. It is not supported to switch to or from // this mode after Constellation has been initialized. - // This only works for the K8s conformance tests up to K8s 1.28. if conformanceMode { extraVals["kubeProxyReplacementHealthzBindAddr"] = "" extraVals["kubeProxyReplacement"] = "false" @@ -100,6 +99,9 @@ func extraCiliumValues(provider cloudprovider.Provider, conformanceMode bool, ou extraVals["bpf"] = map[string]any{ "masquerade": false, } + extraVals["k8s"] = map[string]any{ + "serviceProxyName": "cilium", + } } return extraVals From eab42221a9d0e35f8ed9a2e61f11fcd27467206b Mon Sep 17 00:00:00 2001 From: laralaske <110233588+laralaske@users.noreply.github.com> Date: Sun, 14 Jul 2024 21:29:11 +0200 Subject: [PATCH 166/380] Update concept.svg (#3255) * Update concept.svg * Update concept.svg --- docs/static/img/concept.svg | 150 +++++++++++++++++++----------------- 1 file changed, 78 insertions(+), 72 deletions(-) diff --git a/docs/static/img/concept.svg b/docs/static/img/concept.svg index 572113ec4..2286ff308 100644 --- a/docs/static/img/concept.svg +++ b/docs/static/img/concept.svg @@ -1,7 +1,7 @@ - + - + @@ -17,78 +17,72 @@ - - + + - - - - - + + + + + - + - - - - - + + + + + - + - + - - - - + + + + - - + + - + - - + + - + - + - - + + - - - - - - - - + + - - - + + + @@ -106,27 +100,27 @@ - - - - - - - + + + + + + + - - - - - - - + + + + + + + - + @@ -134,10 +128,26 @@ - + + + + + + + + + + + + + + + + + @@ -160,20 +170,7 @@ - - - - - - - - - - - - - - + @@ -183,6 +180,16 @@ + + + + + + + + + + @@ -190,6 +197,5 @@ - From f6d7a33540fea7386a2a4d1b2b8bedc9124f9b1f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 16 Jul 2024 16:15:51 +0200 Subject: [PATCH 167/380] deps: update ghcr.io/edgelesssys/constellation/s3proxy Docker tag to v2.18.0-pre.0.20240716132742-505b29458eec (#3245) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- s3proxy/deploy/s3proxy/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/s3proxy/deploy/s3proxy/values.yaml b/s3proxy/deploy/s3proxy/values.yaml index dd84620c5..ccbd32b1e 100644 --- a/s3proxy/deploy/s3proxy/values.yaml +++ b/s3proxy/deploy/s3proxy/values.yaml @@ -3,7 +3,7 @@ awsAccessKeyID: "replaceme" awsSecretAccessKey: "replaceme" # Pod image to deploy. -image: "ghcr.io/edgelesssys/constellation/s3proxy:v2.17.0" +image: "ghcr.io/edgelesssys/constellation/s3proxy:v2.18.0-pre.0.20240716132742-505b29458eec" # Control if multipart uploads are blocked. allowMultipart: false From d2e74133a9caf27a2e6c9be079cd54b3cd78660d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 16 Jul 2024 16:40:18 +0200 Subject: [PATCH 168/380] deps: update ghcr.io/edgelesssys/constellation/s3proxy Docker tag to v2.18.0-pre.0.20240716154541-4d13479f9053 (#3258) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- s3proxy/deploy/s3proxy/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/s3proxy/deploy/s3proxy/values.yaml b/s3proxy/deploy/s3proxy/values.yaml index ccbd32b1e..9b7f621b7 100644 --- a/s3proxy/deploy/s3proxy/values.yaml +++ b/s3proxy/deploy/s3proxy/values.yaml @@ -3,7 +3,7 @@ awsAccessKeyID: "replaceme" awsSecretAccessKey: "replaceme" # Pod image to deploy. -image: "ghcr.io/edgelesssys/constellation/s3proxy:v2.18.0-pre.0.20240716132742-505b29458eec" +image: "ghcr.io/edgelesssys/constellation/s3proxy:v2.18.0-pre.0.20240716154541-4d13479f9053" # Control if multipart uploads are blocked. allowMultipart: false From 1edc1966f92463c32bcad3a6fdcfca0321dfb729 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Wed, 17 Jul 2024 08:46:15 +0200 Subject: [PATCH 169/380] image: update measurements and image version (#3260) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index 20c32e91c..f8295009e 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xde, 0x77, 0xa4, 0xca, 0xc3, 0x54, 0x4e, 0xe2, 0x1c, 0x3f, 0x13, 0x0c, 0xa1, 0x83, 0xd8, 0x4f, 0xd5, 0xf0, 0xf3, 0xc3, 0x38, 0x4e, 0x34, 0x6b, 0xf4, 0x98, 0xad, 0x4c, 0x6a, 0xb5, 0x78, 0xe3}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x6a, 0x46, 0xd2, 0x33, 0xdc, 0x4c, 0x61, 0x6f, 0x48, 0x20, 0x30, 0x70, 0xb0, 0x2f, 0x9d, 0xe1, 0xde, 0xec, 0x80, 0xfd, 0xf7, 0x3f, 0xc7, 0x15, 0xb4, 0x32, 0x26, 0x75, 0xdf, 0x10, 0xda, 0x74}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xda, 0x50, 0x44, 0x47, 0xc6, 0xc3, 0xfe, 0xbc, 0x60, 0xf7, 0x32, 0x4d, 0xe6, 0xf9, 0x47, 0xb3, 0x7b, 0x8a, 0x43, 0x7a, 0x84, 0x5b, 0xab, 0x96, 0x36, 0x76, 0xdd, 0x10, 0xf5, 0x3a, 0x26, 0x50}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x53, 0x75, 0xda, 0xf5, 0xca, 0x72, 0xc0, 0x09, 0x99, 0x70, 0x2b, 0x37, 0x7b, 0xea, 0xa5, 0xbf, 0x8e, 0x06, 0x11, 0xfc, 0x7e, 0x80, 0xd5, 0x71, 0x9a, 0xab, 0xee, 0x3b, 0x50, 0xf6, 0xf8, 0xf5}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x6b, 0x2e, 0xf1, 0x7c, 0x0f, 0x55, 0xb9, 0x35, 0x59, 0x97, 0x4b, 0xe7, 0x79, 0xa4, 0x09, 0xa3, 0xc1, 0xe6, 0x07, 0x3f, 0x6a, 0xa4, 0x45, 0x15, 0x5b, 0xac, 0xea, 0xd0, 0x40, 0xc2, 0x80, 0x5c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x1c, 0x9a, 0x49, 0xda, 0x18, 0x25, 0x0c, 0x79, 0xfc, 0xa9, 0x8e, 0xec, 0x31, 0x12, 0x47, 0xc7, 0x7d, 0x59, 0x5c, 0xd3, 0x67, 0xfd, 0x4c, 0xb4, 0x00, 0x3a, 0x87, 0xeb, 0xbd, 0x15, 0x9e, 0xd9}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x70, 0xf3, 0xab, 0x9f, 0x41, 0x57, 0x5d, 0x6c, 0x1c, 0x02, 0x61, 0x8d, 0x35, 0x9c, 0x91, 0xc5, 0x03, 0x3d, 0x07, 0xb0, 0x3e, 0xf5, 0xbc, 0xbe, 0xa1, 0x71, 0x2f, 0x42, 0x36, 0x95, 0x45, 0x64}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xa2, 0x39, 0x10, 0x83, 0xfa, 0x36, 0x4d, 0x1e, 0x02, 0x5b, 0x20, 0x12, 0xb6, 0x47, 0x19, 0x25, 0xbf, 0x06, 0x54, 0xce, 0xb6, 0x16, 0x35, 0xfc, 0x2f, 0xde, 0xe1, 0xda, 0x60, 0x26, 0xda, 0x9d}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xef, 0x14, 0xbb, 0x1e, 0xe2, 0x4c, 0xd3, 0x63, 0x80, 0x30, 0x8e, 0xa8, 0xbe, 0x1c, 0xc5, 0x9d, 0x39, 0xd9, 0x23, 0xfd, 0x63, 0x13, 0x3f, 0xb0, 0xf5, 0x0d, 0x48, 0x10, 0x39, 0xb4, 0x5b, 0xeb}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x22, 0x91, 0x56, 0x9f, 0x17, 0x60, 0x01, 0x37, 0x4f, 0x2b, 0x43, 0x6c, 0x86, 0x3c, 0x46, 0xb9, 0xc9, 0x99, 0xd6, 0x00, 0x02, 0xd5, 0x2f, 0x62, 0xb2, 0x54, 0x8c, 0xbc, 0xe8, 0xb5, 0x77, 0x69}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd0, 0x4e, 0x26, 0xfa, 0x50, 0x45, 0xae, 0x42, 0xa6, 0xdc, 0xfe, 0x60, 0x4b, 0x0b, 0x41, 0x8e, 0x23, 0xb2, 0xb9, 0x3c, 0x61, 0x6d, 0x49, 0x47, 0x45, 0x96, 0x71, 0xfe, 0x4a, 0x7e, 0x34, 0x7a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x73, 0xd4, 0xa5, 0x79, 0xe8, 0xaa, 0xbc, 0x11, 0xea, 0x8f, 0x38, 0x67, 0x4e, 0xa5, 0xa9, 0xce, 0x2a, 0x8c, 0x50, 0x1f, 0x46, 0x43, 0x38, 0x52, 0x38, 0x95, 0xe9, 0x3e, 0x83, 0x0b, 0xa2, 0xb3}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x01, 0x31, 0x81, 0x7b, 0x49, 0x1f, 0x09, 0xe7, 0xab, 0x35, 0x46, 0x24, 0xa6, 0x3f, 0xaf, 0x13, 0xa6, 0x34, 0xac, 0xf6, 0xaf, 0x4a, 0x00, 0x98, 0x7b, 0xba, 0x99, 0x84, 0x60, 0x23, 0x78, 0x3d}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x46, 0xfa, 0x7c, 0xff, 0x43, 0xfd, 0x15, 0x2a, 0xd1, 0xc6, 0x5d, 0x84, 0xc4, 0x06, 0xa5, 0xde, 0xa0, 0x82, 0x2b, 0x68, 0xed, 0x2b, 0x0d, 0x43, 0xf5, 0xf0, 0x6c, 0x3c, 0xcc, 0xc8, 0x86, 0xef}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x6d, 0x49, 0x32, 0x55, 0xa8, 0xee, 0x76, 0x26, 0xf9, 0x5f, 0x80, 0xf6, 0x67, 0xd6, 0x1e, 0xdd, 0xb0, 0xf3, 0x5c, 0x9a, 0xcb, 0x54, 0x6a, 0xed, 0x3b, 0xe4, 0x3f, 0xca, 0x6b, 0x7a, 0x6c, 0x35}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x68, 0xfe, 0xd5, 0xed, 0x72, 0xfc, 0x41, 0xd7, 0xce, 0x71, 0x1a, 0x72, 0x01, 0xd5, 0x18, 0x2b, 0xe0, 0xf6, 0xc1, 0xc6, 0xca, 0x85, 0xe5, 0xd7, 0xe4, 0x1e, 0x63, 0x39, 0xac, 0xaf, 0x4d, 0xde}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x9f, 0xe1, 0x93, 0xa5, 0xf2, 0x56, 0xe3, 0xae, 0x13, 0x18, 0x76, 0x9c, 0x1b, 0x46, 0x98, 0xd9, 0xc5, 0x32, 0x24, 0x08, 0x3b, 0x50, 0xd4, 0xaa, 0xb4, 0xe6, 0x1c, 0x25, 0xbb, 0x4b, 0xf3, 0xae}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x34, 0x88, 0x59, 0x88, 0x88, 0x1d, 0x60, 0x9e, 0xd8, 0xee, 0x66, 0xe0, 0xe9, 0xbf, 0x82, 0x4d, 0x83, 0x18, 0x91, 0xc6, 0x71, 0xad, 0x36, 0xa9, 0xdb, 0xae, 0xfa, 0xfe, 0x67, 0x34, 0x41, 0x89}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x2f, 0x5b, 0xf4, 0x0f, 0x5a, 0x47, 0x74, 0x56, 0x23, 0xfa, 0x0d, 0x23, 0xb3, 0xc5, 0xff, 0x66, 0x56, 0x58, 0x17, 0xb8, 0xc8, 0xe6, 0x33, 0x3f, 0xb6, 0x25, 0x3c, 0x98, 0xf2, 0x01, 0x2a, 0xad}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x5d, 0x02, 0xa8, 0x8a, 0x47, 0xa4, 0xaf, 0xee, 0xb2, 0xcc, 0x34, 0x2a, 0x27, 0x3e, 0xda, 0x65, 0x80, 0xf4, 0xac, 0x1d, 0x8d, 0x9f, 0x2c, 0xaf, 0x39, 0xd1, 0x1c, 0x5b, 0x4a, 0x9a, 0x2b, 0x02}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa3, 0x49, 0xef, 0xab, 0x72, 0xf4, 0xf4, 0xd7, 0x7f, 0x4a, 0xc5, 0x6b, 0x89, 0x80, 0x00, 0xe6, 0x66, 0x98, 0xde, 0x8e, 0x5a, 0xa1, 0x6e, 0xa7, 0x09, 0xc9, 0xb5, 0x9b, 0xab, 0x11, 0x60, 0xff}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x8b, 0x14, 0x32, 0xca, 0xcc, 0x1e, 0xc9, 0xe2, 0x33, 0x67, 0xfe, 0xf5, 0x68, 0xab, 0x96, 0x2d, 0xce, 0x68, 0x24, 0xd4, 0x7a, 0x19, 0x60, 0xbf, 0xe7, 0xaa, 0x40, 0x01, 0x24, 0xd2, 0x18, 0x19}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x0c, 0x6a, 0x84, 0x99, 0x0c, 0x6b, 0x26, 0x88, 0xe4, 0x98, 0x81, 0x09, 0xeb, 0x2c, 0xb6, 0xcc, 0xe2, 0xe4, 0x46, 0x5b, 0x18, 0xb5, 0xd2, 0x3f, 0xe2, 0xd5, 0xb0, 0x75, 0x69, 0xfe, 0x53, 0xe9}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x7f, 0x5f, 0xc5, 0x7e, 0x9f, 0x48, 0x7a, 0x55, 0xd0, 0xcf, 0x19, 0x5a, 0xea, 0x20, 0x9e, 0xa4, 0xe0, 0xeb, 0x26, 0xa5, 0x06, 0x87, 0x71, 0x32, 0xee, 0x51, 0xdb, 0x7f, 0x9e, 0x9b, 0x3b, 0x8b}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xb9, 0x79, 0xae, 0xc8, 0x97, 0xa0, 0x64, 0xca, 0x63, 0x9c, 0x9a, 0x91, 0xcb, 0xdd, 0x6e, 0x3e, 0x54, 0xa7, 0x7f, 0x3b, 0x76, 0x1b, 0x9d, 0xd6, 0x0d, 0xe4, 0xda, 0x42, 0x98, 0x88, 0x74, 0xcc}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x89, 0x2f, 0x9b, 0xdb, 0x18, 0x15, 0xb3, 0x28, 0x19, 0x23, 0xa3, 0xef, 0x87, 0xce, 0x33, 0xdf, 0x28, 0xa4, 0x91, 0x9f, 0x7f, 0x0a, 0x21, 0xd4, 0xdb, 0x35, 0xec, 0xf2, 0xad, 0x78, 0x66, 0x89}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x5f, 0xdc, 0xca, 0x85, 0xf6, 0xd2, 0xdf, 0xf8, 0x58, 0x61, 0x0c, 0x1d, 0x5c, 0x54, 0xa5, 0x65, 0x67, 0xd6, 0x09, 0x96, 0xf0, 0x1b, 0x27, 0xa0, 0x51, 0x4d, 0xaf, 0x1d, 0xb4, 0xb5, 0x6f, 0xd7}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x9b, 0xc7, 0xeb, 0x61, 0x3f, 0x41, 0x2f, 0xdc, 0x8a, 0xb6, 0xc6, 0xbf, 0x4f, 0x32, 0x4b, 0x27, 0xd3, 0x1a, 0xed, 0xf2, 0x8f, 0x90, 0xde, 0xdd, 0x03, 0xba, 0xcd, 0x46, 0x9c, 0xf4, 0x15, 0x3c}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x2d, 0x7b, 0x3f, 0x36, 0x9c, 0x59, 0x5a, 0xd8, 0xf3, 0xee, 0x68, 0xcb, 0xae, 0x07, 0x0c, 0xd1, 0xac, 0xb6, 0xf2, 0x09, 0xf9, 0xbb, 0xff, 0x5a, 0xb7, 0x39, 0xb0, 0xfb, 0x18, 0x79, 0x22, 0xc7}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xc2, 0xdb, 0x47, 0x7d, 0x13, 0x07, 0x16, 0x91, 0x89, 0x13, 0xb8, 0x47, 0x53, 0xc9, 0x76, 0xd4, 0x3d, 0x5f, 0x7e, 0x7c, 0x60, 0x1f, 0xc2, 0x7a, 0xb4, 0x82, 0xe4, 0x9b, 0x88, 0x14, 0x2d, 0xf5}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0x63, 0x09, 0x38, 0x5c, 0x32, 0x69, 0xd3, 0x21, 0x29, 0x22, 0x8a, 0xa2, 0x36, 0xdf, 0x0f, 0x8d, 0x39, 0x8b, 0xdd, 0x16, 0xb0, 0xc8, 0xdc, 0x2c, 0xce, 0x79, 0x7b, 0x48, 0x6e, 0x09, 0x68, 0xd3}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x77, 0xd4, 0xe4, 0xf1, 0x66, 0x4f, 0x46, 0x04, 0x5b, 0x10, 0x7f, 0x40, 0xbd, 0xa5, 0xe7, 0x1d, 0xf2, 0xbb, 0xe5, 0x64, 0x98, 0x72, 0x93, 0x23, 0xe3, 0xc3, 0x7c, 0xb3, 0xe5, 0xc2, 0xc7, 0x3e}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf2, 0xa5, 0xe2, 0x10, 0x73, 0x64, 0x3c, 0x32, 0xc5, 0x3e, 0x40, 0x2f, 0xfa, 0x89, 0x3f, 0xa4, 0x74, 0x76, 0xeb, 0x9f, 0x35, 0xc1, 0xef, 0xa0, 0xc4, 0x34, 0x30, 0xf0, 0x6f, 0xda, 0x40, 0xe9}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xa6, 0xfb, 0xd2, 0xf5, 0xdf, 0xe4, 0xb0, 0x96, 0xca, 0x77, 0x1b, 0x83, 0x90, 0xa8, 0xda, 0x6a, 0xa4, 0x2d, 0x03, 0xa9, 0x7d, 0x26, 0x8f, 0x7b, 0xb0, 0xdb, 0xdd, 0xbe, 0x72, 0xf2, 0x94, 0x68}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x9a, 0x78, 0x94, 0xdc, 0x52, 0xcf, 0xc1, 0xe6, 0xbd, 0x01, 0x6c, 0x5a, 0x68, 0x32, 0x73, 0x57, 0xea, 0x0b, 0xf8, 0xa6, 0x90, 0xbc, 0x6d, 0xc1, 0xaa, 0x9d, 0xbc, 0x9f, 0x32, 0xb2, 0xd2, 0xf9}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd6, 0x1d, 0x56, 0xa6, 0x78, 0x2a, 0x72, 0x40, 0xbf, 0x48, 0x90, 0x2b, 0x74, 0xea, 0xfe, 0xaf, 0xa2, 0x00, 0xf7, 0x8a, 0x97, 0x38, 0x90, 0x0d, 0xe1, 0x62, 0xab, 0x96, 0xec, 0x33, 0x11, 0x1a}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x4c, 0xb1, 0x83, 0xff, 0x1f, 0x9d, 0xb1, 0x10, 0x56, 0x6f, 0xaa, 0xd3, 0x67, 0x9f, 0xbf, 0xed, 0xf5, 0xbe, 0x29, 0x1d, 0x14, 0x9b, 0xee, 0xc5, 0x8f, 0x1c, 0xaa, 0xa8, 0x57, 0x13, 0x1d, 0xca}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xf8, 0x04, 0x62, 0xd4, 0xa3, 0x88, 0x70, 0xba, 0x62, 0xb6, 0x02, 0x53, 0xf9, 0xf6, 0xfa, 0xd5, 0x81, 0xa4, 0xd1, 0xad, 0xbd, 0x1b, 0x80, 0x50, 0xe8, 0x02, 0x2d, 0xfc, 0x69, 0x90, 0x30, 0x52}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xee, 0x1f, 0x80, 0xf7, 0x5b, 0xeb, 0x1f, 0x51, 0x98, 0xba, 0x40, 0xd5, 0xd7, 0xca, 0x50, 0x73, 0xb0, 0x71, 0xd9, 0x4d, 0x43, 0xd2, 0x87, 0xe9, 0xba, 0xe3, 0x11, 0x05, 0xf7, 0x3b, 0x32, 0x27}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0x1d, 0x88, 0x29, 0x15, 0x9d, 0x7f, 0x54, 0x85, 0x9a, 0x1f, 0x0a, 0x51, 0x7f, 0x1f, 0xa9, 0x75, 0x14, 0xcf, 0xe3, 0x33, 0xc9, 0x70, 0x50, 0x10, 0x4b, 0xf0, 0xbb, 0x56, 0x85, 0x73, 0xbc, 0xd0}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x44, 0x67, 0x20, 0x0f, 0x43, 0xd5, 0xfd, 0xe1, 0x6f, 0x93, 0x41, 0xe6, 0xf0, 0xc6, 0x07, 0xc7, 0x50, 0x67, 0x57, 0xba, 0x00, 0x05, 0x56, 0x08, 0x36, 0x2b, 0xc5, 0x17, 0x67, 0x6e, 0x0d, 0xdf}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xab, 0xbd, 0x47, 0xdd, 0x6b, 0x6c, 0x11, 0xce, 0x2a, 0x01, 0x32, 0x0a, 0x45, 0x96, 0x3c, 0x9c, 0x11, 0xc0, 0x98, 0xb0, 0x83, 0xe0, 0xab, 0x5b, 0xe7, 0x86, 0x95, 0x4e, 0x5b, 0x04, 0xcd, 0x89}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0x49, 0xd6, 0x56, 0xed, 0x33, 0xa2, 0xae, 0xe3, 0x2b, 0x12, 0xf8, 0xa0, 0x3b, 0x4c, 0x2c, 0x52, 0xba, 0xec, 0xc8, 0x54, 0xa7, 0xad, 0x12, 0x14, 0xee, 0x49, 0xce, 0x94, 0x23, 0x61, 0xd3, 0xbc}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb9, 0x33, 0x35, 0x8d, 0x96, 0x8a, 0xa9, 0x0b, 0x46, 0xd9, 0xa2, 0xbc, 0x40, 0x21, 0xbf, 0x68, 0x3a, 0x53, 0xc5, 0xd4, 0x0d, 0xef, 0x00, 0x40, 0xd3, 0x04, 0x99, 0x7b, 0xe1, 0x50, 0x3b, 0xd0}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x32, 0x27, 0x83, 0xc8, 0xf5, 0x5d, 0x9f, 0x39, 0x40, 0xf7, 0x54, 0x54, 0xe3, 0x4b, 0xca, 0x1d, 0x70, 0x3a, 0xd6, 0xb8, 0xf3, 0x15, 0x45, 0x13, 0x13, 0x28, 0xf7, 0x53, 0x07, 0x59, 0xec, 0x41}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0x1a, 0x18, 0xfa, 0x16, 0x3b, 0x6f, 0x48, 0x2e, 0x68, 0xd4, 0xdd, 0xce, 0xdc, 0xe7, 0xa1, 0xd0, 0x02, 0x46, 0x04, 0x68, 0x54, 0x10, 0xdb, 0x1a, 0x79, 0x8a, 0xf3, 0x95, 0x33, 0x87, 0xf3, 0x90}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xbd, 0x16, 0xf0, 0x61, 0xf3, 0x6f, 0x8e, 0x16, 0x09, 0x9c, 0x34, 0x3a, 0x79, 0x36, 0x9c, 0xdb, 0x2a, 0x9b, 0xf3, 0xcc, 0x01, 0xce, 0x82, 0xf1, 0x4c, 0x30, 0xf4, 0xf6, 0x79, 0x49, 0xcd, 0x7c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x62, 0x6b, 0x10, 0xfa, 0xd3, 0xbd, 0x07, 0x62, 0x11, 0xea, 0x04, 0xa6, 0x9d, 0xf7, 0xf7, 0x81, 0x35, 0xf3, 0xad, 0x51, 0x12, 0x5d, 0xc3, 0xe5, 0xd3, 0x15, 0x9a, 0xf4, 0x80, 0xe1, 0x86, 0x50}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index ab69a5ae3..863bdccec 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240711110915-65ed286c7dd6" + defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240716164018-d2e74133a9ca" ) From 78ce220cf992ccca755fa6a6af6678a900ff5d9b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 18 Jul 2024 08:49:57 +0200 Subject: [PATCH 170/380] deps: update GitHub action dependencies (#3259) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/actions/artifact_download/action.yml | 2 +- .github/actions/artifact_upload/action.yml | 2 +- .../download_release_binaries/action.yml | 20 ++++++------- .github/actions/e2e_benchmark/action.yml | 2 +- .../upload_terraform_module/action.yml | 2 +- .../workflows/aws-snp-launchmeasurement.yml | 2 +- .github/workflows/build-ccm-gcp.yml | 2 +- .../workflows/build-os-image-scheduled.yml | 2 +- .github/workflows/codeql.yml | 6 ++-- .github/workflows/draft-release.yml | 28 +++++++++---------- .github/workflows/e2e-upgrade.yml | 6 ++-- .github/workflows/e2e-windows.yml | 4 +-- .github/workflows/release.yml | 2 +- .github/workflows/reproducible-builds.yml | 12 ++++---- .github/workflows/scorecard.yml | 4 +-- .github/workflows/test-operator-codegen.yml | 2 +- 16 files changed, 49 insertions(+), 49 deletions(-) diff --git a/.github/actions/artifact_download/action.yml b/.github/actions/artifact_download/action.yml index 67f772fea..148adc258 100644 --- a/.github/actions/artifact_download/action.yml +++ b/.github/actions/artifact_download/action.yml @@ -28,7 +28,7 @@ runs: run: echo "directory=$(mktemp -d)" >> "$GITHUB_OUTPUT" - name: Download the artifact - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: ${{ inputs.name }} path: ${{ steps.tempdir.outputs.directory }} diff --git a/.github/actions/artifact_upload/action.yml b/.github/actions/artifact_upload/action.yml index a41b62de0..e44c7a05c 100644 --- a/.github/actions/artifact_upload/action.yml +++ b/.github/actions/artifact_upload/action.yml @@ -69,7 +69,7 @@ runs: done - name: Upload archive as artifact - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: ${{ inputs.name }} path: ${{ steps.tempdir.outputs.directory }}/archive.7z diff --git a/.github/actions/download_release_binaries/action.yml b/.github/actions/download_release_binaries/action.yml index 3fa79693b..a336a5e43 100644 --- a/.github/actions/download_release_binaries/action.yml +++ b/.github/actions/download_release_binaries/action.yml @@ -5,51 +5,51 @@ runs: using: "composite" steps: - name: Download CLI binaries darwin-amd64 - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: constellation-darwin-amd64 - name: Download CLI binaries darwin-arm64 - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: constellation-darwin-arm64 - name: Download CLI binaries linux-amd64 - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: constellation-linux-amd64 - name: Download CLI binaries linux-arm64 - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: constellation-linux-arm64 - name: Download CLI binaries windows-amd64 - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: constellation-windows-amd64 - name: Download Terraform module - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: terraform-module - name: Download Terraform provider binary darwin-amd64 - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: terraform-provider-constellation-darwin-amd64 - name: Download Terraform provider binary darwin-arm64 - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: terraform-provider-constellation-darwin-arm64 - name: Download Terraform provider binary linux-amd64 - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: terraform-provider-constellation-linux-amd64 - name: Download Terraform provider binary linux-arm64 - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: terraform-provider-constellation-linux-arm64 diff --git a/.github/actions/e2e_benchmark/action.yml b/.github/actions/e2e_benchmark/action.yml index 44f9e6777..3000304a9 100644 --- a/.github/actions/e2e_benchmark/action.yml +++ b/.github/actions/e2e_benchmark/action.yml @@ -32,7 +32,7 @@ runs: steps: - name: Setup python - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 + uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 with: python-version: "3.10" diff --git a/.github/actions/upload_terraform_module/action.yml b/.github/actions/upload_terraform_module/action.yml index 80e504cc5..0199fc2bd 100644 --- a/.github/actions/upload_terraform_module/action.yml +++ b/.github/actions/upload_terraform_module/action.yml @@ -15,7 +15,7 @@ runs: zip -r terraform-module.zip terraform-module - name: Upload artifact - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: terraform-module path: terraform-module.zip diff --git a/.github/workflows/aws-snp-launchmeasurement.yml b/.github/workflows/aws-snp-launchmeasurement.yml index 4f90c5721..998604220 100644 --- a/.github/workflows/aws-snp-launchmeasurement.yml +++ b/.github/workflows/aws-snp-launchmeasurement.yml @@ -27,7 +27,7 @@ jobs: - name: Download Firmware release id: download-firmware - uses: robinraju/release-downloader@c39a3b234af58f0cf85888573d361fb6fa281534 # v1.10 + uses: robinraju/release-downloader@a96f54c1b5f5e09e47d9504526e96febd949d4c2 # v1.11 with: repository: aws/uefi latest: true diff --git a/.github/workflows/build-ccm-gcp.yml b/.github/workflows/build-ccm-gcp.yml index 3a4082539..9cf8beea2 100644 --- a/.github/workflows/build-ccm-gcp.yml +++ b/.github/workflows/build-ccm-gcp.yml @@ -29,7 +29,7 @@ jobs: fetch-depth: 0 - name: Setup Go environment - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: "1.22.5" cache: false diff --git a/.github/workflows/build-os-image-scheduled.yml b/.github/workflows/build-os-image-scheduled.yml index 10f8c2024..d37301a0d 100644 --- a/.github/workflows/build-os-image-scheduled.yml +++ b/.github/workflows/build-os-image-scheduled.yml @@ -68,7 +68,7 @@ jobs: token: ${{ secrets.CI_COMMIT_PUSH_PR }} - name: Setup Go environment - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: "1.22.5" cache: false diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 3f213f094..480f17d0c 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -38,13 +38,13 @@ jobs: - name: Setup Go environment if: matrix.language == 'go' - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: "1.22.5" cache: false - name: Initialize CodeQL - uses: github/codeql-action/init@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 + uses: github/codeql-action/init@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 with: languages: ${{ matrix.language }} @@ -63,6 +63,6 @@ jobs: echo "::endgroup::" - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 + uses: github/codeql-action/analyze@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 with: category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/draft-release.yml b/.github/workflows/draft-release.yml index 594e646c1..6906b8404 100644 --- a/.github/workflows/draft-release.yml +++ b/.github/workflows/draft-release.yml @@ -92,7 +92,7 @@ jobs: cosignPassword: ${{ inputs.key == 'release' && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }} - name: Upload CLI as artifact (unix) - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 if : ${{ matrix.os != 'windows' }} with: name: constellation-${{ matrix.os }}-${{ matrix.arch }} @@ -101,7 +101,7 @@ jobs: build/constellation-${{ matrix.os }}-${{ matrix.arch }}.sig - name: Upload CLI as artifact (windows) - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 if : ${{ matrix.os == 'windows' }} with: name: constellation-${{ matrix.os }}-${{ matrix.arch }} @@ -149,7 +149,7 @@ jobs: targetArch: ${{ matrix.arch }} - name: Upload Terraform Provider Binary as artifact (unix) - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 if : ${{ matrix.os != 'windows' }} with: name: terraform-provider-constellation-${{ matrix.os }}-${{ matrix.arch }} @@ -157,7 +157,7 @@ jobs: build/terraform-provider-constellation-${{ matrix.os }}-${{ matrix.arch }} - name: Upload Terraform Provider Binary as artifact (windows) - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 if : ${{ matrix.os == 'windows' }} with: name: terraform-provider-constellation-${{ matrix.os }}-${{ matrix.arch }} @@ -227,7 +227,7 @@ jobs: uses: ./.github/actions/download_release_binaries - name: Download CLI SBOM - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: constellation.spdx.sbom @@ -296,13 +296,13 @@ jobs: COSIGN_PASSWORD: ${{ inputs.key == 'release' && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }} - name: Upload Constellation CLI SBOM - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: constellation.spdx.sbom path: constellation.spdx.sbom - name: Upload Constellation CLI SBOM's signature - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: constellation.spdx.sbom.sig path: constellation.spdx.sbom.sig @@ -340,12 +340,12 @@ jobs: uses: ./.github/actions/download_release_binaries - name: Download CLI SBOM - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: constellation.spdx.sbom - name: Download provenance - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: ${{ needs.provenance.outputs.provenance-name }} @@ -418,17 +418,17 @@ jobs: uses: ./.github/actions/download_release_binaries - name: Download CLI SBOM - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: constellation.spdx.sbom - name: Download Constellation CLI SBOM's signature - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: constellation.spdx.sbom.sig - name: Download Constellation provenance - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: ${{ needs.provenance.outputs.provenance-name }} @@ -472,7 +472,7 @@ jobs: - name: Create release with artifacts id: create-release # GitHub endorsed release project. See: https://github.com/actions/create-release - uses: softprops/action-gh-release@a74c6b72af54cfa997e81df42d94703d6313a2d0 # v2.0.6 + uses: softprops/action-gh-release@fb2d03176f42a1f0dd433ca263f314051d3edd44 # v2.0.7 with: draft: true generate_release_notes: true @@ -487,7 +487,7 @@ jobs: terraform-module.zip - name: Create Terraform provider release with artifcats - uses: softprops/action-gh-release@a74c6b72af54cfa997e81df42d94703d6313a2d0 # v2.0.6 + uses: softprops/action-gh-release@fb2d03176f42a1f0dd433ca263f314051d3edd44 # v2.0.7 with: draft: true generate_release_notes: false diff --git a/.github/workflows/e2e-upgrade.yml b/.github/workflows/e2e-upgrade.yml index 4716ba82b..d2d84020a 100644 --- a/.github/workflows/e2e-upgrade.yml +++ b/.github/workflows/e2e-upgrade.yml @@ -170,7 +170,7 @@ jobs: push: true - name: Upload CLI binary - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: constellation-upgrade-${{ inputs.attestationVariant }} path: build/constellation @@ -326,7 +326,7 @@ jobs: azure_credentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }} - name: Download CLI - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: constellation-upgrade-${{ inputs.attestationVariant }} path: build @@ -451,7 +451,7 @@ jobs: ref: ${{ inputs.gitRef }} - name: Download CLI - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: constellation-upgrade-${{ inputs.attestationVariant }} path: build diff --git a/.github/workflows/e2e-windows.yml b/.github/workflows/e2e-windows.yml index f3dee7882..7aeca9235 100644 --- a/.github/workflows/e2e-windows.yml +++ b/.github/workflows/e2e-windows.yml @@ -45,7 +45,7 @@ jobs: push: true - name: Upload CLI artifact - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: path: build/constellation.exe name: "constell-exe" @@ -61,7 +61,7 @@ jobs: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Download CLI artifact - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: name: "constell-exe" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 97692c8bd..3c1ab548d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -231,7 +231,7 @@ jobs: ref: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }} - name: Setup Go environment - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: "1.22.5" cache: true diff --git a/.github/workflows/reproducible-builds.yml b/.github/workflows/reproducible-builds.yml index 869f98ec8..87e400979 100644 --- a/.github/workflows/reproducible-builds.yml +++ b/.github/workflows/reproducible-builds.yml @@ -57,13 +57,13 @@ jobs: run: shasum -a 256 "${binary}" | tee "${binary}.sha256" - name: Upload binary artifact - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: "binaries-${{ matrix.target }}-${{ matrix.runner }}" path: "${{ env.binary }}" - name: Upload hash artifact - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: "sha256sums-${{ matrix.target }}-${{ matrix.runner }}" path: "${{ env.binary }}.sha256" @@ -110,13 +110,13 @@ jobs: run: shasum -a 256 "${binary}" | tee "${binary}.sha256" - name: Upload binary artifact - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: "osimages-${{ matrix.target }}-${{ matrix.runner }}" path: "${{ env.binary }}" - name: Upload hash artifact - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: "sha256sums-${{ matrix.target }}-${{ matrix.runner }}" path: "${{ env.binary }}.sha256" @@ -139,7 +139,7 @@ jobs: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Download binaries - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: pattern: "binaries-${{ matrix.target }}-*" merge-multiple: true @@ -173,7 +173,7 @@ jobs: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Download os images - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: pattern: "osimages-${{ matrix.target }}-*" merge-multiple: true diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 4ea8fc0d1..0145ed124 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -30,13 +30,13 @@ jobs: publish_results: true - name: Upload artifact - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: name: SARIF file path: results.sarif retention-days: 5 - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 + uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 with: sarif_file: results.sarif diff --git a/.github/workflows/test-operator-codegen.yml b/.github/workflows/test-operator-codegen.yml index 0db02b5fc..10bc88e17 100644 --- a/.github/workflows/test-operator-codegen.yml +++ b/.github/workflows/test-operator-codegen.yml @@ -26,7 +26,7 @@ jobs: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Setup Go environment - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: "1.22.5" cache: true From 3f6e7f9c532d8df0ae2875f6bb95cca7063dada7 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Fri, 19 Jul 2024 07:53:33 +0200 Subject: [PATCH 171/380] image: update measurements and image version (#3265) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index f8295009e..471aa7e08 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x01, 0x31, 0x81, 0x7b, 0x49, 0x1f, 0x09, 0xe7, 0xab, 0x35, 0x46, 0x24, 0xa6, 0x3f, 0xaf, 0x13, 0xa6, 0x34, 0xac, 0xf6, 0xaf, 0x4a, 0x00, 0x98, 0x7b, 0xba, 0x99, 0x84, 0x60, 0x23, 0x78, 0x3d}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x46, 0xfa, 0x7c, 0xff, 0x43, 0xfd, 0x15, 0x2a, 0xd1, 0xc6, 0x5d, 0x84, 0xc4, 0x06, 0xa5, 0xde, 0xa0, 0x82, 0x2b, 0x68, 0xed, 0x2b, 0x0d, 0x43, 0xf5, 0xf0, 0x6c, 0x3c, 0xcc, 0xc8, 0x86, 0xef}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x6d, 0x49, 0x32, 0x55, 0xa8, 0xee, 0x76, 0x26, 0xf9, 0x5f, 0x80, 0xf6, 0x67, 0xd6, 0x1e, 0xdd, 0xb0, 0xf3, 0x5c, 0x9a, 0xcb, 0x54, 0x6a, 0xed, 0x3b, 0xe4, 0x3f, 0xca, 0x6b, 0x7a, 0x6c, 0x35}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x68, 0xfe, 0xd5, 0xed, 0x72, 0xfc, 0x41, 0xd7, 0xce, 0x71, 0x1a, 0x72, 0x01, 0xd5, 0x18, 0x2b, 0xe0, 0xf6, 0xc1, 0xc6, 0xca, 0x85, 0xe5, 0xd7, 0xe4, 0x1e, 0x63, 0x39, 0xac, 0xaf, 0x4d, 0xde}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x9f, 0xe1, 0x93, 0xa5, 0xf2, 0x56, 0xe3, 0xae, 0x13, 0x18, 0x76, 0x9c, 0x1b, 0x46, 0x98, 0xd9, 0xc5, 0x32, 0x24, 0x08, 0x3b, 0x50, 0xd4, 0xaa, 0xb4, 0xe6, 0x1c, 0x25, 0xbb, 0x4b, 0xf3, 0xae}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x34, 0x88, 0x59, 0x88, 0x88, 0x1d, 0x60, 0x9e, 0xd8, 0xee, 0x66, 0xe0, 0xe9, 0xbf, 0x82, 0x4d, 0x83, 0x18, 0x91, 0xc6, 0x71, 0xad, 0x36, 0xa9, 0xdb, 0xae, 0xfa, 0xfe, 0x67, 0x34, 0x41, 0x89}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x2f, 0x5b, 0xf4, 0x0f, 0x5a, 0x47, 0x74, 0x56, 0x23, 0xfa, 0x0d, 0x23, 0xb3, 0xc5, 0xff, 0x66, 0x56, 0x58, 0x17, 0xb8, 0xc8, 0xe6, 0x33, 0x3f, 0xb6, 0x25, 0x3c, 0x98, 0xf2, 0x01, 0x2a, 0xad}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x5d, 0x02, 0xa8, 0x8a, 0x47, 0xa4, 0xaf, 0xee, 0xb2, 0xcc, 0x34, 0x2a, 0x27, 0x3e, 0xda, 0x65, 0x80, 0xf4, 0xac, 0x1d, 0x8d, 0x9f, 0x2c, 0xaf, 0x39, 0xd1, 0x1c, 0x5b, 0x4a, 0x9a, 0x2b, 0x02}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa3, 0x49, 0xef, 0xab, 0x72, 0xf4, 0xf4, 0xd7, 0x7f, 0x4a, 0xc5, 0x6b, 0x89, 0x80, 0x00, 0xe6, 0x66, 0x98, 0xde, 0x8e, 0x5a, 0xa1, 0x6e, 0xa7, 0x09, 0xc9, 0xb5, 0x9b, 0xab, 0x11, 0x60, 0xff}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x8b, 0x14, 0x32, 0xca, 0xcc, 0x1e, 0xc9, 0xe2, 0x33, 0x67, 0xfe, 0xf5, 0x68, 0xab, 0x96, 0x2d, 0xce, 0x68, 0x24, 0xd4, 0x7a, 0x19, 0x60, 0xbf, 0xe7, 0xaa, 0x40, 0x01, 0x24, 0xd2, 0x18, 0x19}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x0c, 0x6a, 0x84, 0x99, 0x0c, 0x6b, 0x26, 0x88, 0xe4, 0x98, 0x81, 0x09, 0xeb, 0x2c, 0xb6, 0xcc, 0xe2, 0xe4, 0x46, 0x5b, 0x18, 0xb5, 0xd2, 0x3f, 0xe2, 0xd5, 0xb0, 0x75, 0x69, 0xfe, 0x53, 0xe9}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x7f, 0x5f, 0xc5, 0x7e, 0x9f, 0x48, 0x7a, 0x55, 0xd0, 0xcf, 0x19, 0x5a, 0xea, 0x20, 0x9e, 0xa4, 0xe0, 0xeb, 0x26, 0xa5, 0x06, 0x87, 0x71, 0x32, 0xee, 0x51, 0xdb, 0x7f, 0x9e, 0x9b, 0x3b, 0x8b}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x40, 0xb5, 0x77, 0x69, 0x5f, 0xce, 0x18, 0xb2, 0xdb, 0xae, 0x28, 0x1b, 0xc2, 0xae, 0xba, 0x55, 0x31, 0xd1, 0x0c, 0x85, 0xef, 0x0c, 0x01, 0x76, 0xcb, 0x8f, 0xb9, 0x48, 0x03, 0xec, 0x2d, 0x8f}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x06, 0x8d, 0x00, 0xcf, 0x28, 0x8e, 0xbb, 0x6d, 0x51, 0x29, 0x1a, 0xa7, 0x4f, 0x9c, 0x03, 0xca, 0xd0, 0x55, 0x77, 0x8d, 0x24, 0x20, 0x2e, 0x66, 0xe2, 0x67, 0x71, 0x60, 0x81, 0xf5, 0xd0, 0xac}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe0, 0x86, 0xa7, 0x34, 0x47, 0xad, 0x73, 0xc7, 0xa8, 0x7c, 0xae, 0x20, 0x93, 0x7b, 0x03, 0xa5, 0x5a, 0xc8, 0x97, 0x5f, 0xa3, 0x34, 0x7b, 0xf7, 0x42, 0x97, 0xb9, 0x89, 0x0e, 0x72, 0xbb, 0xd0}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x01, 0xf7, 0xa3, 0x41, 0x4a, 0xd8, 0x45, 0x38, 0x53, 0xcd, 0x37, 0x3f, 0x06, 0xd0, 0x49, 0x03, 0xa0, 0x5b, 0x2a, 0x27, 0x85, 0xc4, 0x8e, 0x0e, 0x91, 0xf1, 0x48, 0x13, 0x07, 0x64, 0xb9, 0xa7}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x6c, 0xf5, 0x52, 0x4a, 0x1d, 0xae, 0x74, 0xd7, 0x30, 0x1d, 0x4f, 0x78, 0x62, 0x2c, 0x09, 0xb1, 0x04, 0xc8, 0xb2, 0x17, 0x1c, 0x91, 0xfc, 0x66, 0x67, 0xe0, 0x84, 0x9c, 0x58, 0x63, 0x05, 0x18}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x17, 0x57, 0xa6, 0x13, 0x55, 0x35, 0xbc, 0x4a, 0x3d, 0xdf, 0x3d, 0x8b, 0x6b, 0x6a, 0xd2, 0xf6, 0xba, 0xed, 0x25, 0xfc, 0xe7, 0x32, 0x7e, 0x95, 0x15, 0xd0, 0x4b, 0x67, 0x82, 0xde, 0x8d, 0x13}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xac, 0x3d, 0x97, 0x15, 0x03, 0xa8, 0x92, 0x9d, 0x05, 0x7d, 0x71, 0xdd, 0x54, 0xe5, 0x01, 0xfd, 0xf3, 0x73, 0x44, 0x3f, 0xb7, 0xae, 0x07, 0x77, 0xe9, 0x36, 0x22, 0x7e, 0x8d, 0x2e, 0x21, 0xa0}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd1, 0xd5, 0xb0, 0xde, 0x39, 0x6e, 0x6a, 0x18, 0xd5, 0xa9, 0x0f, 0xb1, 0x11, 0x60, 0xec, 0xaa, 0xac, 0x9c, 0xf0, 0xda, 0x67, 0xae, 0xda, 0x7c, 0xa3, 0x0f, 0xa0, 0xe1, 0x57, 0x19, 0xf9, 0xa3}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe9, 0xac, 0x9a, 0xbb, 0x1c, 0x4f, 0x85, 0x0d, 0x02, 0x4e, 0x0b, 0xf1, 0x11, 0x96, 0x20, 0xb1, 0x72, 0x21, 0xeb, 0x1c, 0xa2, 0xf1, 0x5b, 0x02, 0x48, 0xcc, 0xfd, 0xb9, 0x3c, 0x3a, 0x84, 0xdb}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x3d, 0x6a, 0x14, 0x27, 0x39, 0xa4, 0x2e, 0x3e, 0xf2, 0x59, 0x4e, 0x58, 0x4d, 0x8c, 0x5d, 0x89, 0xa1, 0xf3, 0xaa, 0x44, 0x3a, 0x8e, 0x41, 0x46, 0xc0, 0xd9, 0x40, 0xd0, 0xf6, 0xf7, 0x0d, 0x51}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x92, 0x83, 0x6b, 0x39, 0x20, 0x4f, 0x8d, 0x10, 0x01, 0x85, 0xd2, 0xa8, 0x49, 0x5b, 0xf9, 0x24, 0x98, 0x7f, 0xc5, 0x61, 0x46, 0xad, 0xfe, 0xb4, 0x9c, 0xb1, 0x1e, 0x06, 0xf9, 0x7a, 0x66, 0x1c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe6, 0x9f, 0x32, 0xd7, 0x7c, 0xf4, 0x2c, 0x4a, 0x41, 0xce, 0x3c, 0x63, 0xac, 0x32, 0x1e, 0x2a, 0xc0, 0xa1, 0x9d, 0xfd, 0x8f, 0x6c, 0x4a, 0x4d, 0x4e, 0x18, 0x99, 0x21, 0x1c, 0x4d, 0x19, 0xd0}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xa6, 0xfb, 0xd2, 0xf5, 0xdf, 0xe4, 0xb0, 0x96, 0xca, 0x77, 0x1b, 0x83, 0x90, 0xa8, 0xda, 0x6a, 0xa4, 0x2d, 0x03, 0xa9, 0x7d, 0x26, 0x8f, 0x7b, 0xb0, 0xdb, 0xdd, 0xbe, 0x72, 0xf2, 0x94, 0x68}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x9a, 0x78, 0x94, 0xdc, 0x52, 0xcf, 0xc1, 0xe6, 0xbd, 0x01, 0x6c, 0x5a, 0x68, 0x32, 0x73, 0x57, 0xea, 0x0b, 0xf8, 0xa6, 0x90, 0xbc, 0x6d, 0xc1, 0xaa, 0x9d, 0xbc, 0x9f, 0x32, 0xb2, 0xd2, 0xf9}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd6, 0x1d, 0x56, 0xa6, 0x78, 0x2a, 0x72, 0x40, 0xbf, 0x48, 0x90, 0x2b, 0x74, 0xea, 0xfe, 0xaf, 0xa2, 0x00, 0xf7, 0x8a, 0x97, 0x38, 0x90, 0x0d, 0xe1, 0x62, 0xab, 0x96, 0xec, 0x33, 0x11, 0x1a}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x4c, 0xb1, 0x83, 0xff, 0x1f, 0x9d, 0xb1, 0x10, 0x56, 0x6f, 0xaa, 0xd3, 0x67, 0x9f, 0xbf, 0xed, 0xf5, 0xbe, 0x29, 0x1d, 0x14, 0x9b, 0xee, 0xc5, 0x8f, 0x1c, 0xaa, 0xa8, 0x57, 0x13, 0x1d, 0xca}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xf8, 0x04, 0x62, 0xd4, 0xa3, 0x88, 0x70, 0xba, 0x62, 0xb6, 0x02, 0x53, 0xf9, 0xf6, 0xfa, 0xd5, 0x81, 0xa4, 0xd1, 0xad, 0xbd, 0x1b, 0x80, 0x50, 0xe8, 0x02, 0x2d, 0xfc, 0x69, 0x90, 0x30, 0x52}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xee, 0x1f, 0x80, 0xf7, 0x5b, 0xeb, 0x1f, 0x51, 0x98, 0xba, 0x40, 0xd5, 0xd7, 0xca, 0x50, 0x73, 0xb0, 0x71, 0xd9, 0x4d, 0x43, 0xd2, 0x87, 0xe9, 0xba, 0xe3, 0x11, 0x05, 0xf7, 0x3b, 0x32, 0x27}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0x1d, 0x88, 0x29, 0x15, 0x9d, 0x7f, 0x54, 0x85, 0x9a, 0x1f, 0x0a, 0x51, 0x7f, 0x1f, 0xa9, 0x75, 0x14, 0xcf, 0xe3, 0x33, 0xc9, 0x70, 0x50, 0x10, 0x4b, 0xf0, 0xbb, 0x56, 0x85, 0x73, 0xbc, 0xd0}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x44, 0x67, 0x20, 0x0f, 0x43, 0xd5, 0xfd, 0xe1, 0x6f, 0x93, 0x41, 0xe6, 0xf0, 0xc6, 0x07, 0xc7, 0x50, 0x67, 0x57, 0xba, 0x00, 0x05, 0x56, 0x08, 0x36, 0x2b, 0xc5, 0x17, 0x67, 0x6e, 0x0d, 0xdf}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xab, 0xbd, 0x47, 0xdd, 0x6b, 0x6c, 0x11, 0xce, 0x2a, 0x01, 0x32, 0x0a, 0x45, 0x96, 0x3c, 0x9c, 0x11, 0xc0, 0x98, 0xb0, 0x83, 0xe0, 0xab, 0x5b, 0xe7, 0x86, 0x95, 0x4e, 0x5b, 0x04, 0xcd, 0x89}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x22, 0x1e, 0x2e, 0x9a, 0x0b, 0x87, 0x2d, 0x84, 0x7c, 0x2b, 0x6f, 0x12, 0x5b, 0x09, 0xd8, 0x37, 0xc4, 0xdd, 0xdb, 0x17, 0x88, 0x32, 0x13, 0xba, 0x3f, 0x82, 0x1f, 0xc1, 0xd9, 0x05, 0xf6, 0x49}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x9b, 0xcd, 0x40, 0xc0, 0x7b, 0x05, 0x92, 0x69, 0x01, 0xf0, 0x10, 0x95, 0xf7, 0xd0, 0x31, 0x2e, 0x3c, 0xa0, 0x2b, 0xaf, 0xb0, 0xf8, 0xee, 0xd6, 0x6a, 0x1f, 0x6d, 0x70, 0x61, 0x60, 0xe9, 0x31}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x66, 0xb8, 0xf3, 0xc9, 0x8f, 0x9f, 0xa0, 0xbf, 0x09, 0xf8, 0xb5, 0x59, 0x22, 0x61, 0xbf, 0x36, 0x26, 0x6c, 0xed, 0x77, 0x4f, 0x8f, 0xc7, 0x2c, 0xf3, 0x57, 0x9c, 0x54, 0xae, 0xf8, 0xad, 0x89}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x74, 0xfa, 0xbc, 0x5a, 0x9f, 0x9d, 0x09, 0x90, 0xaa, 0x94, 0x4e, 0x2e, 0x01, 0x90, 0x00, 0x49, 0xa7, 0xa0, 0xae, 0x84, 0x3c, 0x7e, 0xaa, 0xdf, 0x5b, 0xd7, 0x24, 0xd8, 0x11, 0xd1, 0x53, 0xe5}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xc8, 0x48, 0x41, 0x0d, 0x43, 0xba, 0x02, 0x9d, 0x25, 0xc0, 0xab, 0x1e, 0x60, 0xcd, 0x51, 0x62, 0x8a, 0x42, 0x60, 0x04, 0xcb, 0x21, 0xa0, 0xd3, 0x84, 0x2d, 0x19, 0xdd, 0x09, 0x53, 0xf4, 0xca}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xb9, 0x30, 0x0b, 0xeb, 0xd4, 0xe2, 0x27, 0xb1, 0x9f, 0x72, 0x02, 0x6a, 0x02, 0xf6, 0x8a, 0x1b, 0xea, 0x7d, 0x42, 0x90, 0x36, 0x58, 0x4a, 0xb7, 0x42, 0x17, 0x07, 0x8b, 0x4e, 0xdf, 0x68, 0x76}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0x47, 0x07, 0x00, 0x4c, 0x8e, 0xc4, 0x14, 0x61, 0x70, 0x77, 0x71, 0x1f, 0x16, 0xe2, 0x48, 0xc6, 0x41, 0xfc, 0x97, 0x20, 0xeb, 0xf7, 0xfb, 0xb6, 0x61, 0x6d, 0x53, 0xbc, 0x24, 0x5a, 0xd9, 0x5b}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x95, 0xf8, 0x6b, 0x21, 0x2b, 0x53, 0xd0, 0xc6, 0x50, 0x44, 0xca, 0xd1, 0x65, 0x10, 0xc9, 0xc7, 0xc7, 0x61, 0xba, 0x51, 0x2e, 0x09, 0x94, 0x01, 0x60, 0x19, 0x85, 0xa3, 0x84, 0x7d, 0x8c, 0xab}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x9e, 0x72, 0x01, 0xd9, 0x21, 0xb5, 0x34, 0xfe, 0xba, 0x89, 0x18, 0x75, 0xa1, 0xa0, 0x06, 0xe0, 0x7d, 0xbc, 0x00, 0x89, 0x56, 0xca, 0x40, 0x9c, 0x79, 0x0f, 0x95, 0xbf, 0x03, 0x8f, 0x87, 0x92}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0x1a, 0x18, 0xfa, 0x16, 0x3b, 0x6f, 0x48, 0x2e, 0x68, 0xd4, 0xdd, 0xce, 0xdc, 0xe7, 0xa1, 0xd0, 0x02, 0x46, 0x04, 0x68, 0x54, 0x10, 0xdb, 0x1a, 0x79, 0x8a, 0xf3, 0x95, 0x33, 0x87, 0xf3, 0x90}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xbd, 0x16, 0xf0, 0x61, 0xf3, 0x6f, 0x8e, 0x16, 0x09, 0x9c, 0x34, 0x3a, 0x79, 0x36, 0x9c, 0xdb, 0x2a, 0x9b, 0xf3, 0xcc, 0x01, 0xce, 0x82, 0xf1, 0x4c, 0x30, 0xf4, 0xf6, 0x79, 0x49, 0xcd, 0x7c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x62, 0x6b, 0x10, 0xfa, 0xd3, 0xbd, 0x07, 0x62, 0x11, 0xea, 0x04, 0xa6, 0x9d, 0xf7, 0xf7, 0x81, 0x35, 0xf3, 0xad, 0x51, 0x12, 0x5d, 0xc3, 0xe5, 0xd3, 0x15, 0x9a, 0xf4, 0x80, 0xe1, 0x86, 0x50}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0x45, 0x55, 0xab, 0x30, 0xca, 0x3e, 0x81, 0xba, 0xf7, 0xef, 0x51, 0xa5, 0x98, 0xc0, 0xac, 0xdc, 0x0d, 0x47, 0x47, 0xfe, 0x1c, 0x57, 0x6a, 0x8d, 0x4e, 0xc6, 0x13, 0x8a, 0xe6, 0x91, 0x02, 0xad}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x67, 0x7f, 0xe8, 0x18, 0x92, 0x95, 0x7a, 0xde, 0x62, 0xa8, 0x61, 0x42, 0xbf, 0x3f, 0x42, 0x28, 0x94, 0x6a, 0x7e, 0xd4, 0xa4, 0x72, 0xc9, 0x7b, 0xb1, 0x95, 0xdb, 0x08, 0x65, 0xe7, 0x93, 0xe5}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x49, 0x75, 0xa8, 0xdf, 0x56, 0x10, 0xe9, 0xb5, 0xa2, 0x11, 0x28, 0x3f, 0x78, 0x1d, 0x39, 0x36, 0xa8, 0x47, 0xe4, 0x8e, 0xcc, 0xac, 0xf8, 0xd1, 0xc1, 0xd2, 0x30, 0xf4, 0xba, 0x5a, 0xdb, 0x9b}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index 863bdccec..676817d15 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240716164018-d2e74133a9ca" + defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240718084957-78ce220cf992" ) From 6e8d8d43f8cd0a682ed6af649f99fadd8f60e063 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Sun, 21 Jul 2024 11:49:59 +0200 Subject: [PATCH 172/380] image: update locked rpms (#3268) Co-authored-by: edgelessci --- image/mirror/SHA256SUMS | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/image/mirror/SHA256SUMS b/image/mirror/SHA256SUMS index 554908ad2..23e5a0740 100644 --- a/image/mirror/SHA256SUMS +++ b/image/mirror/SHA256SUMS @@ -18,9 +18,9 @@ adf4b75cdd9fae9d2d37fb71d9f0bf625a6705c0f0a7784569ab21463fe22152 conntrack-tool b0b0ba347f69131086934e836f03fb8b373923c88ac2958bd9661be28e30e869 container-selinux-2.232.1-1.fc40.noarch.rpm bbe29e0c7b4ca076d50b4ac3954eb383459230d96b13f353ee71ebd5de33b6d1 containerd-1.6.23-5.fc40.x86_64.rpm 25fffa3b5f1b0b2349fd6f8f6ccb6e84936c50eeb8d4a292bcc2b74895fa7fcc containernetworking-plugins-1.4.0-4.fc40.x86_64.rpm -80b36160387e4a77682c271b78b36dd807d876015649e72af4bc2ad4cb385337 containers-common-0.59.1-2.fc40.noarch.rpm -f2378a31b2f03887fbc675900b82ede2c4f56d51442188c1bd545a17b03e6ddd containers-common-extra-0.59.1-2.fc40.noarch.rpm -d90e0c786e9406ac4f4db67a8d4bbf3d7bf724797dbf1dd422ff376eaa214b3e coreutils-single-9.4-6.fc40.x86_64.rpm +4b5b50ec646765b28b5c41179ad5d6ba32a0275604b84d99f4845b3b05d5df48 containers-common-0.59.2-1.fc40.noarch.rpm +88d83c128517bc515d76796c666e19b8e263079bd5ec3207ccd425c0d3b9fd42 containers-common-extra-0.59.2-1.fc40.noarch.rpm +a42b290620077529be1c269ff440a6cf78a66bc239be5fd69dc5fdd509bcd70b coreutils-single-9.4-7.fc40.x86_64.rpm d941a78ffb6e2e0b4c24d0097d0351ced8796edde90208b4bddee459bce0a949 cpio-2.15-1.fc40.x86_64.rpm faa23cb6a7a612c0a6e874c788c5add967c5e193bd38c2e6093b82b38a162f81 cracklib-2.9.11-5.fc40.i686.rpm ea1f43ef9a4b02a9c66726ee386f090145696fb93dff80d593ac82126f8037ec cracklib-2.9.11-5.fc40.x86_64.rpm @@ -43,13 +43,13 @@ d4fb93847a0e94d3bdbea203c1df0895e254089d825dfaf040b1aae3ae9547ff device-mapper- 89cd53411d71097aeb5af16cf6d7fcb2c11103a5606a78e628fb1a138b0f0780 device-mapper-libs-1.02.197-1.fc40.i686.rpm c736bdca85feb3982cc8772058e95c7794d37503d5a26a2f84d4092bd5300d18 device-mapper-libs-1.02.197-1.fc40.x86_64.rpm 6913a547250df04ec388b96b7512977a25ab2fca62ed4345c3a9fc8782ce659f diffutils-3.10-5.fc40.x86_64.rpm -0e1612ab0048896d59b11a11269cf9c973d1f1d28b0ef282bd525978bf7eb3e2 dracut-101-1.fc40.x86_64.rpm +cb0736689bd171b6c6ac7a60737fd6b9534c950958ad8e03138068bf9498e0b1 dracut-102-2.fc40.x86_64.rpm fa40cda554dc644d5a8354b18be748f21996dadd6193ee4ac32c02581266d313 duktape-2.7.0-7.fc40.x86_64.rpm ac4f1b2eaf5d452512e7b6172c93880c2b501946b71a228adc02d50bb3fb56e0 e2fsprogs-1.47.0-5.fc40.x86_64.rpm 8476fda117e3cb808129ddc2f975069685a8c7875ee04c3dafa6ceed948a2628 e2fsprogs-libs-1.47.0-5.fc40.x86_64.rpm 3e0ec4d7b4b95d10f58c5269688e03da7abb4d73169c76761f4fc7e7f7797a47 ec2-utils-1.2-47.amzn2.noarch.rpm e6231ec4268b3efa928250eb4106311e0f33396422245b938bfed4ba2d79c573 efitools-1.9.2-9.fc38.x86_64.rpm -649b961082dcba4abcf10102c73fd3f9a6877176bdb302906d24b2da212904b6 efivar-libs-39-1.fc40.x86_64.rpm +6ac676d78c2df896f9794a8dffb75ea69c58d202c68f4bcf084f0d264154a666 efivar-libs-39-2.fc40.x86_64.rpm de10b1728571d2976e2f0f4cc5067d4575a5e97ec3914c57af537846ccaec753 elfutils-debuginfod-client-0.191-4.fc40.i686.rpm 877c66844c68044b2a29b5d7465eb97f429e9f38b56ebaa16d766c0979e93a80 elfutils-debuginfod-client-0.191-4.fc40.x86_64.rpm 3fbe1afd014386a436a25205d6727475a8f1107be734dd92fc40c3d5e0e5971d elfutils-default-yama-scope-0.191-4.fc40.noarch.rpm @@ -307,8 +307,8 @@ d400a4e4440bea56566fb1e9582d86d1ac2e07745d37fa6e71f43a8fea05217c rpm-plugin-sel 63af9d11e956f54577a54460afda4377d78fdb9e265b1eae3f0f7a6f94f70146 runc-1.1.12-3.fc40.x86_64.rpm 3b940ff1f16fdb3ddcc19d7d76241c9b81d81099ff5147c4c9967d2c4ca6fb5b sbsigntools-0.9.5-3.fc40.x86_64.rpm 6a21b2c132a54fd6d9acb846d0a96289ab739b745cdc4c2b31bdbf6b2434a1a7 sed-4.9-1.fc40.x86_64.rpm -0935cbc6dd3f49000b4e00350b50ee442ea0bc1556f1a43e748788d555f4078d selinux-policy-40.23-1.fc40.noarch.rpm -1cd030a103d3453344bd1dd7590aba7952f74dc9196fc604f412078b7af991a2 selinux-policy-targeted-40.23-1.fc40.noarch.rpm +2a9c01c5e4cf1242de438f5029f70fd64ac7c3281a706949d00b72ed09768369 selinux-policy-40.24-1.fc40.noarch.rpm +497a47c87fcee1aae430cc4b2b53943791adf0d0c6c530c9ccfea88d9d9567be selinux-policy-targeted-40.24-1.fc40.noarch.rpm 89862f646cd64e81497f01a8b69ab30ac8968c47afef92a2c333608fdb90ccc1 setup-2.14.5-2.fc40.noarch.rpm 95a0cce33e56359aa09507abfed062fb47a554307b0a029e6d2f076b813ae8d2 shadow-utils-4.15.1-3.fc40.x86_64.rpm 0c1072b40e5fe451e7d2bc1a7530e743303591c3d26bce0ac2e09ff05b50ae26 shadow-utils-subid-4.15.1-3.fc40.x86_64.rpm @@ -335,17 +335,17 @@ c3be8a6d0ea23b1d0bf466b19857b97f7ffde811ad7adec0599161059d84cc74 tpm2-tss-4.1.3 41b777c50f1ec74795551c7d930a3d6eceab278ff03608893a5dbd49f2de5363 util-linux-2.40.1-1.fc40.x86_64.rpm 7ec1b5df780c5a30f8e901179480125a6ea87f1f7bad3b69da7f4b351b88c3dd util-linux-core-2.40-0.9.rc1.fc40.x86_64.rpm a00108f45cd60afffb9c1b5db8bef9c6fd5b3c233a546dde787efa5b4485e5b6 util-linux-core-2.40.1-1.fc40.x86_64.rpm -de119b002ef0c038d7327ecfc62e0813ee11bbb158d6eb02c58b1c1a3ca6e9f3 vim-common-9.1.452-1.fc40.x86_64.rpm -19c2b029e7cf77fa55842ba4837ec7639da48a03eac0831db704e4f9c51451f4 vim-data-9.1.452-1.fc40.noarch.rpm -3cbc4622416817ea08a75d9749d5bbc60f7b6eef76ee7072f90b83c3d4cdd147 vim-enhanced-9.1.452-1.fc40.x86_64.rpm -148354b6558f424f6edb76f0791bed5bc2a3080b9ae8847ac733dcb779f9fede vim-filesystem-9.1.452-1.fc40.noarch.rpm +f1c755cd402a75a222101a07d662c2287f843d6d0a9a34ddd2380412b8eadf7e vim-common-9.1.571-1.fc40.x86_64.rpm +571fe8478a3334ae87e8f2aa97c0bf09030533b63b863c016ba9991703c6f768 vim-data-9.1.571-1.fc40.noarch.rpm +6cf927fe7300b43dffcb8c90c08f1bd1fc0fd0e033d2a3015aad4c9d45037ad0 vim-enhanced-9.1.571-1.fc40.x86_64.rpm +40c62de57feafa4d766c6c5da756ee1caafaf42b8e55dacc7cf67805ea8ff41f vim-filesystem-9.1.571-1.fc40.noarch.rpm c5682a1b02bb02578e9997ae221a7f6c6db711084129824e207fe1febdc55b9d wget2-2.1.0-11.fc40.x86_64.rpm 38aaee4829df7e1a4719991c4fc6d65a1265b6a556b182ecac3145c287c320f4 wget2-libs-2.1.0-11.fc40.x86_64.rpm a12b44ee7cc5a0e916bcf72e80c4d618abb7406254578e947f3ba9dd0d445d25 wget2-wget-2.1.0-11.fc40.x86_64.rpm cf0306ceed1c6b3be39060d85f16b1953b464d3a625488b170d3b7aadf600645 which-2.21-41.fc40.x86_64.rpm 4ede95a2fa3bc0ae617c8bf3a375b800163d58733b4829b15d9f038505d79fee whois-nls-5.5.20-3.fc40.noarch.rpm e2195010e857f56b19246f8b821f9391922880b7691b3728a413f540edc890a6 xkeyboard-config-2.41-1.fc40.noarch.rpm -13d927ed9d982c8fe37dd1a588df077b0d289b1c6d701a6b5f67e8a4048198db xxd-9.1.452-1.fc40.x86_64.rpm +f37d3ea7da571662ad698f027f208b4f597d98d4a379ec47b3fb07b51d5585f7 xxd-9.1.571-1.fc40.x86_64.rpm ee599a1c4d7ee635e54ec137af4dded83f433b9c8a5976f75ecdcd000b5246e3 xz-5.4.6-3.fc40.x86_64.rpm b92ef78d8ab424c22130e457d0ef691d8197bff61c3b8852205d1b02baba3819 xz-libs-5.4.6-3.fc40.i686.rpm b6ee44b3d7e494b0364f26b7d0b169a8092180af787423cd5e8a47dc0f738a66 xz-libs-5.4.6-3.fc40.x86_64.rpm From 4573f108845261ee95cf8c7ba2837d2a2e3c7f36 Mon Sep 17 00:00:00 2001 From: 3u13r Date: Mon, 22 Jul 2024 00:14:20 +0200 Subject: [PATCH 173/380] attestation: replace expired test vlek (#3269) Co-authored-by: Thomas Tendyck --- .../attestation/aws/snp/testdata/report.txt | 2 +- .../attestation/aws/snp/testdata/vlek.pem | 40 +++++++++---------- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/internal/attestation/aws/snp/testdata/report.txt b/internal/attestation/aws/snp/testdata/report.txt index efd90375f..a5ed00a9b 100644 --- a/internal/attestation/aws/snp/testdata/report.txt +++ b/internal/attestation/aws/snp/testdata/report.txt @@ -1 +1 @@ -AgAAAAAAAAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAADAAAAAAAK0QMAAAAAAAAABAAAAAAAAAADJjVhPI4zH6KeCWNxkQ/mofaTg92gLJRhQApwtm2Ho9pd2GMAJSK+Q6/DTywjOYm9bkAeNR0Q18yADW9d/PAZJayBD1xHUIkPsaFY8JeWLgTU1/tkDR0IqZgpz0pwVDpHzG+xkrvpCqcTFCNhpmFVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOsAob9aWVVnjx8VNbU/bqGewnLGnBSZbJu8smGfzcN///////////////////////////////////////////AwAAAAAACnMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAAAAAACqkBNgEAATYBAAMAAAAAAAqpAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAm8z1/Oxcd+Bhdxd1okDoZ9gMiYw5Y/fp74hylcA2Eu+XPt5p+7fqqG7d7YLdJtTuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIOZBrwmRpIFfKDCywiFaiILyguTq/6vefDmdzNBKiRKtjdNiHa0hNgeQFGHspRcZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= +AgAAAAAAAAAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAADAAAAAAAW1QMAAAAAAAAABAAAAAAAAAADJjVhPI4zH6KeCWNxkQ/mofaTg92gLJRhQApwtm2Ho9pd2GMAJSK+Q6/DTywjOYm9bkAeNR0Q18yADW9d/PAZ8amfwHRwvrA7EzD0SJUgr48CiBh/+2YccfNcqwm+oZzZYtTy0J9aFsPDi32mvtJEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACKGpDGe5jVOEMlqVJrJXkLPExDcn4NNEkTnWyr1bpRyf//////////////////////////////////////////AwAAAAAAFdEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAAAAAAFdMUNwEAEjcBAAMAAAAAABXTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABdtzdhdRVgTlqcv/jK6JowumHvC2VvXiZ9Zpf150hAG4Y4Zc/ypAlPoORo0uIcxPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATMdpGsLZn99jRGCI3eaEGkcNMvDnJVcVSviZtDTMpNjydn/F1cE2AKOFqCZQ4HnZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= diff --git a/internal/attestation/aws/snp/testdata/vlek.pem b/internal/attestation/aws/snp/testdata/vlek.pem index 406a84235..96a1db26d 100644 --- a/internal/attestation/aws/snp/testdata/vlek.pem +++ b/internal/attestation/aws/snp/testdata/vlek.pem @@ -1,30 +1,30 @@ -----BEGIN CERTIFICATE----- -MIIFLDCCAtugAwIBAgIBADBGBgkqhkiG9w0BAQowOaAPMA0GCWCGSAFlAwQCAgUA +MIIFLTCCAtygAwIBAgIBADBGBgkqhkiG9w0BAQowOaAPMA0GCWCGSAFlAwQCAgUA oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAgUAogMCATCjAwIBATCBgDEUMBIG A1UECwwLRW5naW5lZXJpbmcxCzAJBgNVBAYTAlVTMRQwEgYDVQQHDAtTYW50YSBD bGFyYTELMAkGA1UECAwCQ0ExHzAdBgNVBAoMFkFkdmFuY2VkIE1pY3JvIERldmlj -ZXMxFzAVBgNVBAMMDlNFVi1WTEVLLU1pbGFuMB4XDTIzMDcxOTA4MjkyOFoXDTI0 -MDcxOTA4MjkyOFowejEUMBIGA1UECwwLRW5naW5lZXJpbmcxCzAJBgNVBAYTAlVT +ZXMxFzAVBgNVBAMMDlNFVi1WTEVLLU1pbGFuMB4XDTI0MDUwNTIxNDUyNloXDTI1 +MDUwNTIxNDUyNlowejEUMBIGA1UECwwLRW5naW5lZXJpbmcxCzAJBgNVBAYTAlVT MRQwEgYDVQQHDAtTYW50YSBDbGFyYTELMAkGA1UECAwCQ0ExHzAdBgNVBAoMFkFk dmFuY2VkIE1pY3JvIERldmljZXMxETAPBgNVBAMMCFNFVi1WTEVLMHYwEAYHKoZI -zj0CAQYFK4EEACIDYgAEXFl4NHpiQCuZXIrehIEk/5XNIdMvo24wyaezN+0FouYB -9Z23nL523gpJUlT+mvb5ZMybh5tO1nBGFMOKwzP9dnSBwTs0qn57Ts9OTpW57EAo -Mx4SI7g1yz/mt4e6hma4o4HxMIHuMBAGCSsGAQQBnHgBAQQDAgEAMBQGCSsGAQQB +zj0CAQYFK4EEACIDYgAEHCsA6v0QwdgijkHV1KnV+1wMqjVaITbdleQV40cnL6ZT +Pq3IsXeFGI9tq2a2EoDksTTqeo5a1ZDq2BiNA2cue0PlZhHkv2MK1cNPMDGAOddc +k7VNaqrRLUo84kn6tRXpo4HyMIHvMBAGCSsGAQQBnHgBAQQDAgEAMBQGCSsGAQQB nHgBAgQHFgVNaWxhbjARBgorBgEEAZx4AQMBBAMCAQMwEQYKKwYBBAGceAEDAgQD AgEAMBEGCisGAQQBnHgBAwQEAwIBADARBgorBgEEAZx4AQMFBAMCAQAwEQYKKwYB BAGceAEDBgQDAgEAMBEGCisGAQQBnHgBAwcEAwIBADARBgorBgEEAZx4AQMDBAMC -AQowEQYKKwYBBAGceAEDCAQDAgFzMCwGCSsGAQQBnHgBBQQfFh1DTj1jYy11cy1l -YXN0LTIuYW1hem9uYXdzLmNvbTBGBgkqhkiG9w0BAQowOaAPMA0GCWCGSAFlAwQC -AgUAoRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAgUAogMCATCjAwIBAQOCAgEA -E2CR10QkVTofcjmQbuu787J+H+OjzQLPIi/dUbP/LvZdYi/eWglYQPRbYxhxnIi1 -PB9R9c7LLhbNRhroog+TzrxyKLibEAW3rwn2iygPnsIemyL89wqtPNqEKNjhBXsb -s/0bmf0rNJ3lugssCAzrIStkx8at0K/099BEs4FuUM5u97HVy+jqLdRa2XOHMgGa -K7sNdR4swuLhfts9gOOX8ntJ+XkxtUx2mz449fXn8KN70mKa2YShhNd2JWJmv1jW -K0I1UxVVwIOHBn/W8fQL5a061oRQQaW5+wPRTys0iEMmLU7+plC8LNWeEq93TfFY -eUZ9EzinZ5S7z+c8J1FVWYNHGJauWj4lkjf+XGUZqXwTCPzou6tYJqqwWQEUUxXC -M3QKgbkIGWg4WKHIAXGChbM86JLY0W6VueOHyu4S1Z4i81IcDp4cs83WxYWfCpKH -Fq3Si2BhzZ0YGgK25JCkomh5Yf7dlsByyuQssf3TCqNmOfSFOTLvxfwTvLD5Omlm -O1mPI0YaoZya4WcPxbpWS+2Em23/5inQvT+ZhvMNkljD2NVbhLVGP1v4YR+T2zaC -0qJ4YYJ2ERQTnEUlKnlF9bm6PwZSRHupK6ecsGjH+Bz5hBPbT09nEpJf0bWkzVSA -AY8POFt3zBJiqONQuOlBpXzqKRKvFYQVEaX2EXQ+W6s= +ARUwEgYKKwYBBAGceAEDCAQEAgIA0TAsBgkrBgEEAZx4AQUEHxYdQ049Y2MtZXUt +d2VzdC0xLmFtYXpvbmF3cy5jb20wRgYJKoZIhvcNAQEKMDmgDzANBglghkgBZQME +AgIFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgIFAKIDAgEwowMCAQEDggIB +ACeJ78s9Nrdz+WtvsNAecT7+ztE8jpxLZdgacsPtf3xU/JfcQHhVUuy/Lp5rIQ7B +h1HalTrmuY7goRO1kTp/lobXyntWkit0d5nR6iNjzp/uHr8+qEym2WbYX1Jesang +BQX06XxXTmEphrHElTrp8BovYIsPejdY2nNUYV6fhrdTXEh+qLDGQmwjK12FG+hu +4AS+rev2V7H9uE1XKXsM4TTqvI1hT3E2ocN4KjfUBi7yL/BF97kXfdqZH48pPD4y +i7TbZ7S89UikrAv0ZtgGyXY8yR094YVjfbnUvyYTyh4fgV8a8Mxsb4yhPoOOxkUI +8tNBhM4LkTPkR/4+Y2Dg6maglZJ5Hb2WWWNkd0CZchZC80T7HIgHztINMnHULiYi +sNRtKeUAqUNtwy0d2YehX+v9HzueTfKtvxIy2oBfT1LCykvTQTibE3aCvFMkEiw8 +4CunpWfPAoZEzzJUTxLQ6PkdE4MVRTTuuOAVHTrtkIUOB6tlkgMzijqAdwzTDdIj +NGQxTm0Vd2h+zvZl2HnSCi6PMoZml5RwZHiZXKRC90bPn0Vk1XlYW1wMEFHTWQqo +tFH44eWyGIoTwSqcqATR/HklCoUP0wMe2sSsMemJMPwAXWW4fZxmee72OR4p6c+w +TGzR0J5WFdJ0g2Ix+NobBydNaJnQz4H5Y+/gZFUCRrWh -----END CERTIFICATE----- From 399376d3e36698e0fcd4b2caf96c1df70eb710a3 Mon Sep 17 00:00:00 2001 From: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> Date: Mon, 22 Jul 2024 13:29:27 +0200 Subject: [PATCH 174/380] Make SEV-SNP the default attestation variant on GCP (#3267) * Make SNP the default on GCP * fixup! Make SNP * fixup! Make SNP --- .github/actions/terraform_apply/action.yml | 7 ++--- .github/workflows/e2e-test-daily.yml | 6 ---- .github/workflows/e2e-test-release.yml | 2 +- .github/workflows/e2e-test-weekly.yml | 4 +-- cli/internal/cmd/init_test.go | 6 ++-- docs/docs/architecture/attestation.md | 28 +++++++++++++++---- docs/docs/overview/clouds.md | 15 +++++----- docs/docs/reference/cli.md | 2 +- .../version-2.16/architecture/attestation.md | 7 +++-- .../version-2.17/architecture/attestation.md | 7 +++-- .../version-2.17/overview/clouds.md | 15 +++++----- internal/attestation/variant/variant.go | 2 +- internal/config/config.go | 2 +- internal/config/config_doc.go | 4 +-- internal/config/config_test.go | 8 +++--- internal/config/validation.go | 2 +- .../docs/data-sources/attestation.md | 4 +-- .../docs/data-sources/image.md | 2 +- .../docs/resources/cluster.md | 2 +- .../examples/full/gcp/main.tf | 2 +- .../internal/provider/shared_attributes.go | 2 +- 21 files changed, 72 insertions(+), 57 deletions(-) diff --git a/.github/actions/terraform_apply/action.yml b/.github/actions/terraform_apply/action.yml index 5340dae5b..885950ac9 100644 --- a/.github/actions/terraform_apply/action.yml +++ b/.github/actions/terraform_apply/action.yml @@ -26,10 +26,9 @@ runs: "gcpSEVES") attestationVariant="gcp-sev-es" ;; - # TODO(msanft): Enable once stable GCP SEV-SNP images exist. - # "gcpSEVSNP") - # attestationVariant="gcp-sev-snp" - # ;; + "gcpSEVSNP") + attestationVariant="gcp-sev-snp" + ;; *) echo "Unknown attestation variant: $(yq '.attestation | keys | .[0]' constellation-conf.yaml)" exit 1 diff --git a/.github/workflows/e2e-test-daily.yml b/.github/workflows/e2e-test-daily.yml index 97d8afce9..55e9ccb1f 100644 --- a/.github/workflows/e2e-test-daily.yml +++ b/.github/workflows/e2e-test-daily.yml @@ -49,12 +49,6 @@ jobs: attestationVariant: ["gcp-sev-es", "gcp-sev-snp", "azure-sev-snp", "azure-tdx", "aws-sev-snp"] refStream: ["ref/main/stream/debug/?", "ref/release/stream/stable/?"] test: ["sonobuoy quick"] - exclude: - # TODO(v2.18 msanft): Remove exclude rule for GCP SEV-SNP stable once images exist. - - kubernetesVersion: "1.28" - attestationVariant: "gcp-sev-snp" - refStream: "ref/release/stream/stable/?" - test: "sonobuoy quick" runs-on: ubuntu-22.04 permissions: id-token: write diff --git a/.github/workflows/e2e-test-release.yml b/.github/workflows/e2e-test-release.yml index 778c6c4e9..8f8f8a7e4 100644 --- a/.github/workflows/e2e-test-release.yml +++ b/.github/workflows/e2e-test-release.yml @@ -404,7 +404,7 @@ jobs: max-parallel: 1 matrix: fromVersion: ["v2.17.0"] - attestationVariant: ["gcp-sev-es", "azure-sev-snp", "azure-tdx", "aws-sev-snp"] + attestationVariant: ["gcp-sev-snp", "azure-sev-snp", "azure-tdx", "aws-sev-snp"] name: Run upgrade tests secrets: inherit permissions: diff --git a/.github/workflows/e2e-test-weekly.yml b/.github/workflows/e2e-test-weekly.yml index b56a104d0..42b351a8b 100644 --- a/.github/workflows/e2e-test-weekly.yml +++ b/.github/workflows/e2e-test-weekly.yml @@ -413,7 +413,7 @@ jobs: max-parallel: 1 matrix: fromVersion: ["v2.17.0"] - attestationVariant: ["gcp-sev-es", "azure-sev-snp", "azure-tdx", "aws-sev-snp"] + attestationVariant: ["gcp-sev-snp", "azure-sev-snp", "azure-tdx", "aws-sev-snp"] name: Run upgrade tests secrets: inherit permissions: @@ -491,7 +491,7 @@ jobs: strategy: fail-fast: false matrix: - attestationVariant: ["gcp-sev-es", "azure-sev-snp", "azure-tdx", "aws-sev-snp"] + attestationVariant: ["gcp-sev-snp", "azure-sev-snp", "azure-tdx", "aws-sev-snp"] permissions: id-token: write contents: read diff --git a/cli/internal/cmd/init_test.go b/cli/internal/cmd/init_test.go index ad2a95be5..ccad3eb30 100644 --- a/cli/internal/cmd/init_test.go +++ b/cli/internal/cmd/init_test.go @@ -535,9 +535,9 @@ func defaultConfigWithExpectedMeasurements(t *testing.T, conf *config.Config, cs conf.Provider.GCP.Project = "test-project" conf.Provider.GCP.Zone = "test-zone" conf.Provider.GCP.ServiceAccountKeyPath = "test-key-path" - conf.Attestation.GCPSEVES.Measurements[4] = measurements.WithAllBytes(0x44, measurements.Enforce, measurements.PCRMeasurementLength) - conf.Attestation.GCPSEVES.Measurements[9] = measurements.WithAllBytes(0x11, measurements.Enforce, measurements.PCRMeasurementLength) - conf.Attestation.GCPSEVES.Measurements[12] = measurements.WithAllBytes(0xcc, measurements.Enforce, measurements.PCRMeasurementLength) + conf.Attestation.GCPSEVSNP.Measurements[4] = measurements.WithAllBytes(0x44, measurements.Enforce, measurements.PCRMeasurementLength) + conf.Attestation.GCPSEVSNP.Measurements[9] = measurements.WithAllBytes(0x11, measurements.Enforce, measurements.PCRMeasurementLength) + conf.Attestation.GCPSEVSNP.Measurements[12] = measurements.WithAllBytes(0xcc, measurements.Enforce, measurements.PCRMeasurementLength) zone = "europe-west3-b" instanceType = "n2d-standard-4" diskType = "pd-ssd" diff --git a/docs/docs/architecture/attestation.md b/docs/docs/architecture/attestation.md index bc7ada851..8f12b5851 100644 --- a/docs/docs/architecture/attestation.md +++ b/docs/docs/architecture/attestation.md @@ -305,9 +305,24 @@ You may customize certain parameters for verification of the attestation stateme -On GCP, AMD SEV-ES is used to provide runtime encryption to the VMs. -The hypervisor-based vTPM is used to establish trust in the VM via [runtime measurements](#runtime-measurements). -There is no additional configuration available for GCP. +On GCP, AMD SEV-SNP is used to provide runtime encryption to the VMs. +An SEV-SNP attestation report is used to establish trust in the VM. +You may customize certain parameters for verification of the attestation statement using the Constellation config file. + +* TCB versions + + You can set the minimum version numbers of components in the SEV-SNP TCB. + Use the latest versions to enforce that only machines with the most recent firmware updates are allowed to join the cluster. + Alternatively, you can set a lower minimum version to allow slightly out-of-date machines to still be able to join the cluster. + +* AMD Root Key Certificate + + This certificate is the root of trust for verifying the SEV-SNP certificate chain. + +* AMD Signing Key Certificate + + This is the intermediate certificate for verifying the SEV-SNP report's signature. + If it's not specified, the CLI fetches it from the AMD key distribution server. @@ -342,6 +357,7 @@ The [*VerificationService*](microservices.md#verificationservice) provides an en A user can [verify](../workflows/verify-cluster.md) this statement and compare the measurements against the configured ground truth and, thus, verify the identity and integrity of all Constellation components and the cluster configuration. Subsequently, the user knows that the entire cluster is in the expected state and is trustworthy. ## Putting it all together + This section puts the aforementioned concepts together and illustrate how trust into a Constellation cluster is established and maintained. ### CLI and node images @@ -349,6 +365,7 @@ This section puts the aforementioned concepts together and illustrate how trust It all starts with the CLI executable. The CLI is signed by Edgeless Systems. To ensure non-repudiability for CLI releases, Edgeless Systems publishes corresponding signatures to the public ledger of the [sigstore project](https://www.sigstore.dev/). There's a [step-by-step guide](../workflows/verify-cli.md) on how to verify CLI signatures based on sigstore. The CLI contains the latest runtime measurements of the Constellation node image for all supported cloud platforms. In case a different version of the node image is to be used, the corresponding runtime measurements can be fetched using the CLI's [fetch-measurements command](../reference/cli.md#constellation-config-fetch-measurements). This command downloads the runtime measurements and the corresponding signature from cdn.confidential.cloud. See for example the following files corresponding to node image v2.16.3: + * [Measurements](https://cdn.confidential.cloud/constellation/v2/ref/-/stream/stable/v2.16.3/image/measurements.json) * [Signature](https://cdn.confidential.cloud/constellation/v2/ref/-/stream/stable/v2.16.3/image/measurements.json.sig) @@ -357,7 +374,8 @@ The CLI contains the long-term public key of Edgeless Systems to verify the sign ### Cluster creation When a cluster is [created](../workflows/create.md), the CLI automatically verifies the runtime measurements of the *first node* using remote attestation. Based on this, the CLI and the first node set up a temporary TLS connection. This [aTLS](#attested-tls-atls) connection is used for two things: -1. The CLI sends the [master secret](../architecture/keys.md#master-secret) of the to-be-created cluster to the CLI. The master secret is generated by the first node. + +1. The CLI sends the [master secret](../architecture/keys.md#master-secret) of the to-be-created cluster to the CLI. The master secret is generated by the first node. 2. The first node sends a [kubeconfig file](https://www.redhat.com/sysadmin/kubeconfig) with Kubernetes credentials to the CLI. After this, the aTLS connection is closed and the first node bootstraps the Kubernetes cluster. All subsequent interactions between the CLI and the cluster go via the [Kubernetes API](https://kubernetes.io/docs/concepts/overview/kubernetes-api/) server running inside the cluster. The CLI (and other tools like kubectl) use the credentials referenced by the kubeconfig file to authenticate themselves towards the Kubernetes API server and to establish a mTLS connection. @@ -382,7 +400,7 @@ flowchart LR ### Upgrades -Whenever a cluster is [upgraded](../workflows/upgrade.md) to a new version of the node image, the CLI sends the corresponding runtime measurements via the Kubernetes API server. The new runtime measurements are stored in etcd within the cluster and replace any previous runtime measurements. The new runtime measurements are then used automatically by the JoinService for the verification of new nodes. +Whenever a cluster is [upgraded](../workflows/upgrade.md) to a new version of the node image, the CLI sends the corresponding runtime measurements via the Kubernetes API server. The new runtime measurements are stored in etcd within the cluster and replace any previous runtime measurements. The new runtime measurements are then used automatically by the JoinService for the verification of new nodes. ## References diff --git a/docs/docs/overview/clouds.md b/docs/docs/overview/clouds.md index a7b1361e8..752a87da7 100644 --- a/docs/docs/overview/clouds.md +++ b/docs/docs/overview/clouds.md @@ -25,29 +25,28 @@ The following table summarizes the state of features for different infrastructur ## Microsoft Azure With its [CVM offering](https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview), Azure provides the best foundations for Constellation. -Regarding (3), Azure provides direct access to remote-attestation statements. +Regarding (3), Azure provides direct access to attestation statements. The firmware runs in an isolated domain inside the CVM and exposes a vTPM (5), but it's closed source (4). On SEV-SNP, Azure uses VM Privilege Level (VMPL) isolation for the separation of firmware and the rest of the VM; on TDX, they use TD partitioning. This firmware is signed by Azure. -The signature is reflected in the remote-attestation statements of CVMs. +The signature is reflected in the attestation statements of CVMs. Thus, the Azure closed-source firmware becomes part of Constellation's trusted computing base (TCB). ## Google Cloud Platform (GCP) -The [CVMs Generally Available in GCP](https://cloud.google.com/confidential-computing/confidential-vm/docs/confidential-vm-overview#amd_sev) are based on AMD SEV but don't have SNP features enabled. -CVMs with [SEV-SNP enabled are in public preview](https://cloud.google.com/confidential-computing/confidential-vm/docs/confidential-vm-overview#amd_sev-snp). Regarding (3), with their SEV-SNP offering Google provides direct access to remote-attestation statements. +The [CVMs Generally Available in GCP](https://cloud.google.com/confidential-computing/confidential-vm/docs/confidential-vm-overview#technologies) are based on AMD SEV-ES or SEV-SNP. +Regarding (3), with their SEV-SNP offering Google provides direct access to attestation statements. However, regarding (5), attestation is partially based on the [Shielded VM vTPM](https://cloud.google.com/compute/shielded-vm/docs/shielded-vm#vtpm) for [measured boot](../architecture/attestation.md#measured-boot), which is a vTPM managed by Google's hypervisor. Hence, the hypervisor is currently part of Constellation's TCB. Regarding (4), the CVMs still include closed-source firmware. -In the past, Intel and Google have [collaborated](https://cloud.google.com/blog/products/identity-security/rsa-google-intel-confidential-computing-more-secure) to enhance the security of TDX. -Recently, Google has announced a [private preview for TDX](https://cloud.google.com/blog/products/identity-security/confidential-vms-on-intel-cpus-your-datas-new-intelligent-defense?hl=en). -With TDX on Google, Constellation has a similar TCB and attestation flow as with the current SEV-SNP offering. +[TDX on Google](https://cloud.google.com/blog/products/identity-security/confidential-vms-on-intel-cpus-your-datas-new-intelligent-defense) is in public preview. +With it, Constellation would have a similar TCB and attestation flow as with the current SEV-SNP offering. ## Amazon Web Services (AWS) Amazon EC2 [supports AMD SEV-SNP](https://aws.amazon.com/de/about-aws/whats-new/2023/04/amazon-ec2-amd-sev-snp/). -Regarding (3), AWS provides direct access to remote-attestation statements. +Regarding (3), AWS provides direct access to attestation statements. However, regarding (5), attestation is partially based on the [NitroTPM](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) for [measured boot](../architecture/attestation.md#measured-boot), which is a vTPM managed by the Nitro hypervisor. Hence, the hypervisor is currently part of Constellation's TCB. Regarding (4), the [firmware is open source](https://github.com/aws/uefi) and can be reproducibly built. diff --git a/docs/docs/reference/cli.md b/docs/docs/reference/cli.md index a728474e7..6a911034e 100644 --- a/docs/docs/reference/cli.md +++ b/docs/docs/reference/cli.md @@ -78,7 +78,7 @@ constellation config generate {aws|azure|gcp|openstack|qemu|stackit} [flags] ### Options ``` - -a, --attestation string attestation variant to use {aws-sev-snp|aws-nitro-tpm|azure-sev-snp|azure-tdx|azure-trustedlaunch|gcp-sev-es|gcp-sev-snp|qemu-vtpm}. If not specified, the default for the cloud provider is used + -a, --attestation string attestation variant to use {aws-sev-snp|aws-nitro-tpm|azure-sev-snp|azure-tdx|azure-trustedlaunch|gcp-sev-snp|gcp-sev-es|qemu-vtpm}. If not specified, the default for the cloud provider is used -h, --help help for generate -k, --kubernetes string Kubernetes version to use in format MAJOR.MINOR (default "v1.29") -t, --tags strings additional tags for created resources given a list of key=value diff --git a/docs/versioned_docs/version-2.16/architecture/attestation.md b/docs/versioned_docs/version-2.16/architecture/attestation.md index bc7ada851..7dbfc9392 100644 --- a/docs/versioned_docs/version-2.16/architecture/attestation.md +++ b/docs/versioned_docs/version-2.16/architecture/attestation.md @@ -342,6 +342,7 @@ The [*VerificationService*](microservices.md#verificationservice) provides an en A user can [verify](../workflows/verify-cluster.md) this statement and compare the measurements against the configured ground truth and, thus, verify the identity and integrity of all Constellation components and the cluster configuration. Subsequently, the user knows that the entire cluster is in the expected state and is trustworthy. ## Putting it all together + This section puts the aforementioned concepts together and illustrate how trust into a Constellation cluster is established and maintained. ### CLI and node images @@ -349,6 +350,7 @@ This section puts the aforementioned concepts together and illustrate how trust It all starts with the CLI executable. The CLI is signed by Edgeless Systems. To ensure non-repudiability for CLI releases, Edgeless Systems publishes corresponding signatures to the public ledger of the [sigstore project](https://www.sigstore.dev/). There's a [step-by-step guide](../workflows/verify-cli.md) on how to verify CLI signatures based on sigstore. The CLI contains the latest runtime measurements of the Constellation node image for all supported cloud platforms. In case a different version of the node image is to be used, the corresponding runtime measurements can be fetched using the CLI's [fetch-measurements command](../reference/cli.md#constellation-config-fetch-measurements). This command downloads the runtime measurements and the corresponding signature from cdn.confidential.cloud. See for example the following files corresponding to node image v2.16.3: + * [Measurements](https://cdn.confidential.cloud/constellation/v2/ref/-/stream/stable/v2.16.3/image/measurements.json) * [Signature](https://cdn.confidential.cloud/constellation/v2/ref/-/stream/stable/v2.16.3/image/measurements.json.sig) @@ -357,7 +359,8 @@ The CLI contains the long-term public key of Edgeless Systems to verify the sign ### Cluster creation When a cluster is [created](../workflows/create.md), the CLI automatically verifies the runtime measurements of the *first node* using remote attestation. Based on this, the CLI and the first node set up a temporary TLS connection. This [aTLS](#attested-tls-atls) connection is used for two things: -1. The CLI sends the [master secret](../architecture/keys.md#master-secret) of the to-be-created cluster to the CLI. The master secret is generated by the first node. + +1. The CLI sends the [master secret](../architecture/keys.md#master-secret) of the to-be-created cluster to the CLI. The master secret is generated by the first node. 2. The first node sends a [kubeconfig file](https://www.redhat.com/sysadmin/kubeconfig) with Kubernetes credentials to the CLI. After this, the aTLS connection is closed and the first node bootstraps the Kubernetes cluster. All subsequent interactions between the CLI and the cluster go via the [Kubernetes API](https://kubernetes.io/docs/concepts/overview/kubernetes-api/) server running inside the cluster. The CLI (and other tools like kubectl) use the credentials referenced by the kubeconfig file to authenticate themselves towards the Kubernetes API server and to establish a mTLS connection. @@ -382,7 +385,7 @@ flowchart LR ### Upgrades -Whenever a cluster is [upgraded](../workflows/upgrade.md) to a new version of the node image, the CLI sends the corresponding runtime measurements via the Kubernetes API server. The new runtime measurements are stored in etcd within the cluster and replace any previous runtime measurements. The new runtime measurements are then used automatically by the JoinService for the verification of new nodes. +Whenever a cluster is [upgraded](../workflows/upgrade.md) to a new version of the node image, the CLI sends the corresponding runtime measurements via the Kubernetes API server. The new runtime measurements are stored in etcd within the cluster and replace any previous runtime measurements. The new runtime measurements are then used automatically by the JoinService for the verification of new nodes. ## References diff --git a/docs/versioned_docs/version-2.17/architecture/attestation.md b/docs/versioned_docs/version-2.17/architecture/attestation.md index bc7ada851..7dbfc9392 100644 --- a/docs/versioned_docs/version-2.17/architecture/attestation.md +++ b/docs/versioned_docs/version-2.17/architecture/attestation.md @@ -342,6 +342,7 @@ The [*VerificationService*](microservices.md#verificationservice) provides an en A user can [verify](../workflows/verify-cluster.md) this statement and compare the measurements against the configured ground truth and, thus, verify the identity and integrity of all Constellation components and the cluster configuration. Subsequently, the user knows that the entire cluster is in the expected state and is trustworthy. ## Putting it all together + This section puts the aforementioned concepts together and illustrate how trust into a Constellation cluster is established and maintained. ### CLI and node images @@ -349,6 +350,7 @@ This section puts the aforementioned concepts together and illustrate how trust It all starts with the CLI executable. The CLI is signed by Edgeless Systems. To ensure non-repudiability for CLI releases, Edgeless Systems publishes corresponding signatures to the public ledger of the [sigstore project](https://www.sigstore.dev/). There's a [step-by-step guide](../workflows/verify-cli.md) on how to verify CLI signatures based on sigstore. The CLI contains the latest runtime measurements of the Constellation node image for all supported cloud platforms. In case a different version of the node image is to be used, the corresponding runtime measurements can be fetched using the CLI's [fetch-measurements command](../reference/cli.md#constellation-config-fetch-measurements). This command downloads the runtime measurements and the corresponding signature from cdn.confidential.cloud. See for example the following files corresponding to node image v2.16.3: + * [Measurements](https://cdn.confidential.cloud/constellation/v2/ref/-/stream/stable/v2.16.3/image/measurements.json) * [Signature](https://cdn.confidential.cloud/constellation/v2/ref/-/stream/stable/v2.16.3/image/measurements.json.sig) @@ -357,7 +359,8 @@ The CLI contains the long-term public key of Edgeless Systems to verify the sign ### Cluster creation When a cluster is [created](../workflows/create.md), the CLI automatically verifies the runtime measurements of the *first node* using remote attestation. Based on this, the CLI and the first node set up a temporary TLS connection. This [aTLS](#attested-tls-atls) connection is used for two things: -1. The CLI sends the [master secret](../architecture/keys.md#master-secret) of the to-be-created cluster to the CLI. The master secret is generated by the first node. + +1. The CLI sends the [master secret](../architecture/keys.md#master-secret) of the to-be-created cluster to the CLI. The master secret is generated by the first node. 2. The first node sends a [kubeconfig file](https://www.redhat.com/sysadmin/kubeconfig) with Kubernetes credentials to the CLI. After this, the aTLS connection is closed and the first node bootstraps the Kubernetes cluster. All subsequent interactions between the CLI and the cluster go via the [Kubernetes API](https://kubernetes.io/docs/concepts/overview/kubernetes-api/) server running inside the cluster. The CLI (and other tools like kubectl) use the credentials referenced by the kubeconfig file to authenticate themselves towards the Kubernetes API server and to establish a mTLS connection. @@ -382,7 +385,7 @@ flowchart LR ### Upgrades -Whenever a cluster is [upgraded](../workflows/upgrade.md) to a new version of the node image, the CLI sends the corresponding runtime measurements via the Kubernetes API server. The new runtime measurements are stored in etcd within the cluster and replace any previous runtime measurements. The new runtime measurements are then used automatically by the JoinService for the verification of new nodes. +Whenever a cluster is [upgraded](../workflows/upgrade.md) to a new version of the node image, the CLI sends the corresponding runtime measurements via the Kubernetes API server. The new runtime measurements are stored in etcd within the cluster and replace any previous runtime measurements. The new runtime measurements are then used automatically by the JoinService for the verification of new nodes. ## References diff --git a/docs/versioned_docs/version-2.17/overview/clouds.md b/docs/versioned_docs/version-2.17/overview/clouds.md index a7b1361e8..752a87da7 100644 --- a/docs/versioned_docs/version-2.17/overview/clouds.md +++ b/docs/versioned_docs/version-2.17/overview/clouds.md @@ -25,29 +25,28 @@ The following table summarizes the state of features for different infrastructur ## Microsoft Azure With its [CVM offering](https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview), Azure provides the best foundations for Constellation. -Regarding (3), Azure provides direct access to remote-attestation statements. +Regarding (3), Azure provides direct access to attestation statements. The firmware runs in an isolated domain inside the CVM and exposes a vTPM (5), but it's closed source (4). On SEV-SNP, Azure uses VM Privilege Level (VMPL) isolation for the separation of firmware and the rest of the VM; on TDX, they use TD partitioning. This firmware is signed by Azure. -The signature is reflected in the remote-attestation statements of CVMs. +The signature is reflected in the attestation statements of CVMs. Thus, the Azure closed-source firmware becomes part of Constellation's trusted computing base (TCB). ## Google Cloud Platform (GCP) -The [CVMs Generally Available in GCP](https://cloud.google.com/confidential-computing/confidential-vm/docs/confidential-vm-overview#amd_sev) are based on AMD SEV but don't have SNP features enabled. -CVMs with [SEV-SNP enabled are in public preview](https://cloud.google.com/confidential-computing/confidential-vm/docs/confidential-vm-overview#amd_sev-snp). Regarding (3), with their SEV-SNP offering Google provides direct access to remote-attestation statements. +The [CVMs Generally Available in GCP](https://cloud.google.com/confidential-computing/confidential-vm/docs/confidential-vm-overview#technologies) are based on AMD SEV-ES or SEV-SNP. +Regarding (3), with their SEV-SNP offering Google provides direct access to attestation statements. However, regarding (5), attestation is partially based on the [Shielded VM vTPM](https://cloud.google.com/compute/shielded-vm/docs/shielded-vm#vtpm) for [measured boot](../architecture/attestation.md#measured-boot), which is a vTPM managed by Google's hypervisor. Hence, the hypervisor is currently part of Constellation's TCB. Regarding (4), the CVMs still include closed-source firmware. -In the past, Intel and Google have [collaborated](https://cloud.google.com/blog/products/identity-security/rsa-google-intel-confidential-computing-more-secure) to enhance the security of TDX. -Recently, Google has announced a [private preview for TDX](https://cloud.google.com/blog/products/identity-security/confidential-vms-on-intel-cpus-your-datas-new-intelligent-defense?hl=en). -With TDX on Google, Constellation has a similar TCB and attestation flow as with the current SEV-SNP offering. +[TDX on Google](https://cloud.google.com/blog/products/identity-security/confidential-vms-on-intel-cpus-your-datas-new-intelligent-defense) is in public preview. +With it, Constellation would have a similar TCB and attestation flow as with the current SEV-SNP offering. ## Amazon Web Services (AWS) Amazon EC2 [supports AMD SEV-SNP](https://aws.amazon.com/de/about-aws/whats-new/2023/04/amazon-ec2-amd-sev-snp/). -Regarding (3), AWS provides direct access to remote-attestation statements. +Regarding (3), AWS provides direct access to attestation statements. However, regarding (5), attestation is partially based on the [NitroTPM](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) for [measured boot](../architecture/attestation.md#measured-boot), which is a vTPM managed by the Nitro hypervisor. Hence, the hypervisor is currently part of Constellation's TCB. Regarding (4), the [firmware is open source](https://github.com/aws/uefi) and can be reproducibly built. diff --git a/internal/attestation/variant/variant.go b/internal/attestation/variant/variant.go index e71a51480..abe70fcaf 100644 --- a/internal/attestation/variant/variant.go +++ b/internal/attestation/variant/variant.go @@ -55,7 +55,7 @@ const ( var providerAttestationMapping = map[cloudprovider.Provider][]Variant{ cloudprovider.AWS: {AWSSEVSNP{}, AWSNitroTPM{}}, cloudprovider.Azure: {AzureSEVSNP{}, AzureTDX{}, AzureTrustedLaunch{}}, - cloudprovider.GCP: {GCPSEVES{}, GCPSEVSNP{}}, + cloudprovider.GCP: {GCPSEVSNP{}, GCPSEVES{}}, cloudprovider.QEMU: {QEMUVTPM{}}, cloudprovider.OpenStack: {QEMUVTPM{}}, } diff --git a/internal/config/config.go b/internal/config/config.go index b6533022b..5aefb05b3 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -281,7 +281,7 @@ type AttestationConfig struct { // GCP SEV-ES attestation. GCPSEVES *GCPSEVES `yaml:"gcpSEVES,omitempty" validate:"omitempty"` // description: | - // GCP SEV-SNP attestation. + // GCP SEV-SNP attestation. GCPSEVSNP *GCPSEVSNP `yaml:"gcpSEVSNP,omitempty" validate:"omitempty"` // description: | // QEMU tdx attestation. diff --git a/internal/config/config_doc.go b/internal/config/config_doc.go index cdca2733f..d26af1643 100644 --- a/internal/config/config_doc.go +++ b/internal/config/config_doc.go @@ -428,8 +428,8 @@ func init() { AttestationConfigDoc.Fields[6].Name = "gcpSEVSNP" AttestationConfigDoc.Fields[6].Type = "GCPSEVSNP" AttestationConfigDoc.Fields[6].Note = "" - AttestationConfigDoc.Fields[6].Description = "description: |\n GCP SEV-SNP attestation.\n" - AttestationConfigDoc.Fields[6].Comments[encoder.LineComment] = "description: |" + AttestationConfigDoc.Fields[6].Description = "GCP SEV-SNP attestation." + AttestationConfigDoc.Fields[6].Comments[encoder.LineComment] = "GCP SEV-SNP attestation." AttestationConfigDoc.Fields[7].Name = "qemuTDX" AttestationConfigDoc.Fields[7].Type = "QEMUTDX" AttestationConfigDoc.Fields[7].Note = "" diff --git a/internal/config/config_test.go b/internal/config/config_test.go index 5278136ac..c18e5d835 100644 --- a/internal/config/config_test.go +++ b/internal/config/config_test.go @@ -466,7 +466,7 @@ func TestValidate(t *testing.T) { gcp.ServiceAccountKeyPath = "test-key-path" cnf.Provider = ProviderConfig{} cnf.Provider.GCP = gcp - cnf.Attestation.GCPSEVES.Measurements = measurements.M{ + cnf.Attestation.GCPSEVSNP.Measurements = measurements.M{ 0: measurements.WithAllBytes(0x00, measurements.Enforce, measurements.PCRMeasurementLength), } cnf.NodeGroups = map[string]NodeGroup{ @@ -624,11 +624,11 @@ func TestConfig_UpdateMeasurements(t *testing.T) { { // GCP conf := Default() conf.RemoveProviderAndAttestationExcept(cloudprovider.GCP) - for k := range conf.Attestation.GCPSEVES.Measurements { - delete(conf.Attestation.GCPSEVES.Measurements, k) + for k := range conf.Attestation.GCPSEVSNP.Measurements { + delete(conf.Attestation.GCPSEVSNP.Measurements, k) } conf.UpdateMeasurements(newMeasurements) - assert.Equal(newMeasurements, conf.Attestation.GCPSEVES.Measurements) + assert.Equal(newMeasurements, conf.Attestation.GCPSEVSNP.Measurements) } { // QEMU conf := Default() diff --git a/internal/config/validation.go b/internal/config/validation.go index fab69ff29..4ea1576b2 100644 --- a/internal/config/validation.go +++ b/internal/config/validation.go @@ -250,7 +250,7 @@ func translateNoAttestationError(ut ut.Translator, fe validator.FieldError) stri } func registerNoAttestationError(ut ut.Translator) error { - return ut.Add("no_attestation", "{0}: No attestation has been defined (requires either awsSEVSNP, awsNitroTPM, azureSEVSNP, azureTDX, azureTrustedLaunch, gcpSEVES, or qemuVTPM)", true) + return ut.Add("no_attestation", "{0}: No attestation has been defined (requires either awsSEVSNP, awsNitroTPM, azureSEVSNP, azureTDX, azureTrustedLaunch, gcpSEVES, gcpSEVSNP, or qemuVTPM)", true) } func translateNoDefaultControlPlaneGroupError(ut ut.Translator, fe validator.FieldError) string { diff --git a/terraform-provider-constellation/docs/data-sources/attestation.md b/terraform-provider-constellation/docs/data-sources/attestation.md index b1b8891c0..ede4dc189 100644 --- a/terraform-provider-constellation/docs/data-sources/attestation.md +++ b/terraform-provider-constellation/docs/data-sources/attestation.md @@ -32,8 +32,8 @@ data "constellation_attestation" "test" { * `aws-nitro-tpm` * `azure-sev-snp` * `azure-tdx` - * `gcp-sev-es` * `gcp-sev-snp` + * `gcp-sev-es` * `qemu-vtpm` - `csp` (String) CSP (Cloud Service Provider) to use. (e.g. `azure`) See the [full list of CSPs](https://docs.edgeless.systems/constellation/overview/clouds) that Constellation supports. @@ -83,8 +83,8 @@ Read-Only: * `aws-nitro-tpm` * `azure-sev-snp` * `azure-tdx` - * `gcp-sev-es` * `gcp-sev-snp` + * `gcp-sev-es` * `qemu-vtpm` diff --git a/terraform-provider-constellation/docs/data-sources/image.md b/terraform-provider-constellation/docs/data-sources/image.md index f0b37455a..7933e93fc 100644 --- a/terraform-provider-constellation/docs/data-sources/image.md +++ b/terraform-provider-constellation/docs/data-sources/image.md @@ -31,8 +31,8 @@ data "constellation_image" "example" { * `aws-nitro-tpm` * `azure-sev-snp` * `azure-tdx` - * `gcp-sev-es` * `gcp-sev-snp` + * `gcp-sev-es` * `qemu-vtpm` - `csp` (String) CSP (Cloud Service Provider) to use. (e.g. `azure`) See the [full list of CSPs](https://docs.edgeless.systems/constellation/overview/clouds) that Constellation supports. diff --git a/terraform-provider-constellation/docs/resources/cluster.md b/terraform-provider-constellation/docs/resources/cluster.md index d62f8aa4b..2e03b2c0e 100644 --- a/terraform-provider-constellation/docs/resources/cluster.md +++ b/terraform-provider-constellation/docs/resources/cluster.md @@ -110,8 +110,8 @@ Required: * `aws-nitro-tpm` * `azure-sev-snp` * `azure-tdx` - * `gcp-sev-es` * `gcp-sev-snp` + * `gcp-sev-es` * `qemu-vtpm` Optional: diff --git a/terraform-provider-constellation/examples/full/gcp/main.tf b/terraform-provider-constellation/examples/full/gcp/main.tf index 12913be67..a6c2d09ab 100644 --- a/terraform-provider-constellation/examples/full/gcp/main.tf +++ b/terraform-provider-constellation/examples/full/gcp/main.tf @@ -17,7 +17,7 @@ locals { kubernetes_version = "vX.Y.Z" microservice_version = "vX.Y.Z" csp = "gcp" - attestation_variant = "gcp-sev-es" + attestation_variant = "gcp-sev-snp" region = "europe-west3" zone = "europe-west3-b" project_id = "constellation-331613" diff --git a/terraform-provider-constellation/internal/provider/shared_attributes.go b/terraform-provider-constellation/internal/provider/shared_attributes.go index 0a8c6a72d..e1cc4e1dd 100644 --- a/terraform-provider-constellation/internal/provider/shared_attributes.go +++ b/terraform-provider-constellation/internal/provider/shared_attributes.go @@ -31,8 +31,8 @@ func newAttestationVariantAttributeSchema(t attributeType) schema.Attribute { " * `aws-nitro-tpm`\n" + " * `azure-sev-snp`\n" + " * `azure-tdx`\n" + - " * `gcp-sev-es`\n" + " * `gcp-sev-snp`\n" + + " * `gcp-sev-es`\n" + " * `qemu-vtpm`\n", Required: isInput, Computed: !isInput, From a55e330f5e296bcde93759150754276acdb8620e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 24 Jul 2024 01:26:04 +0200 Subject: [PATCH 175/380] deps: update module k8s.io/kubernetes to v1.30.3 [SECURITY] (#3266) Co-authored-by: Leonard Cohnen --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index a943f904b..306cc03d6 100644 --- a/go.mod +++ b/go.mod @@ -132,7 +132,7 @@ require ( k8s.io/client-go v0.30.2 k8s.io/cluster-bootstrap v0.30.2 k8s.io/kubelet v0.30.2 - k8s.io/kubernetes v1.30.2 + k8s.io/kubernetes v1.30.3 k8s.io/mount-utils v0.30.2 k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 libvirt.org/go/libvirt v1.10003.0 diff --git a/go.sum b/go.sum index 417bad0ce..a3bbcbbe7 100644 --- a/go.sum +++ b/go.sum @@ -1293,8 +1293,8 @@ k8s.io/kubectl v0.30.0 h1:xbPvzagbJ6RNYVMVuiHArC1grrV5vSmmIcSZuCdzRyk= k8s.io/kubectl v0.30.0/go.mod h1:zgolRw2MQXLPwmic2l/+iHs239L49fhSeICuMhQQXTI= k8s.io/kubelet v0.30.2 h1:Ck4E/pHndI20IzDXxS57dElhDGASPO5pzXF7BcKfmCY= k8s.io/kubelet v0.30.2/go.mod h1:DSwwTbLQmdNkebAU7ypIALR4P9aXZNFwgRmedojUE94= -k8s.io/kubernetes v1.30.2 h1:11WhS78OYX/lnSy6TXxPO6Hk+E5K9ZNrEsk9JgMSX8I= -k8s.io/kubernetes v1.30.2/go.mod h1:yPbIk3MhmhGigX62FLJm+CphNtjxqCvAIFQXup6RKS0= +k8s.io/kubernetes v1.30.3 h1:A0qoXI1YQNzrQZiff33y5zWxYHFT/HeZRK98/sRDJI0= +k8s.io/kubernetes v1.30.3/go.mod h1:yPbIk3MhmhGigX62FLJm+CphNtjxqCvAIFQXup6RKS0= k8s.io/mount-utils v0.30.2 h1:2KDVY9hXyDyRw9EO4lmox4+Nn5atVOq+4ffZ/br2aAU= k8s.io/mount-utils v0.30.2/go.mod h1:9sCVmwGLcV1MPvbZ+rToMDnl1QcGozy+jBPd0MsQLIo= k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= From eb9aa8238a04ed7dca5a9b71c61d8a52e902e487 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Wed, 24 Jul 2024 08:19:30 +0200 Subject: [PATCH 176/380] image: update measurements and image version (#3271) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index 471aa7e08..75d6ea357 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x40, 0xb5, 0x77, 0x69, 0x5f, 0xce, 0x18, 0xb2, 0xdb, 0xae, 0x28, 0x1b, 0xc2, 0xae, 0xba, 0x55, 0x31, 0xd1, 0x0c, 0x85, 0xef, 0x0c, 0x01, 0x76, 0xcb, 0x8f, 0xb9, 0x48, 0x03, 0xec, 0x2d, 0x8f}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x06, 0x8d, 0x00, 0xcf, 0x28, 0x8e, 0xbb, 0x6d, 0x51, 0x29, 0x1a, 0xa7, 0x4f, 0x9c, 0x03, 0xca, 0xd0, 0x55, 0x77, 0x8d, 0x24, 0x20, 0x2e, 0x66, 0xe2, 0x67, 0x71, 0x60, 0x81, 0xf5, 0xd0, 0xac}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe0, 0x86, 0xa7, 0x34, 0x47, 0xad, 0x73, 0xc7, 0xa8, 0x7c, 0xae, 0x20, 0x93, 0x7b, 0x03, 0xa5, 0x5a, 0xc8, 0x97, 0x5f, 0xa3, 0x34, 0x7b, 0xf7, 0x42, 0x97, 0xb9, 0x89, 0x0e, 0x72, 0xbb, 0xd0}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x01, 0xf7, 0xa3, 0x41, 0x4a, 0xd8, 0x45, 0x38, 0x53, 0xcd, 0x37, 0x3f, 0x06, 0xd0, 0x49, 0x03, 0xa0, 0x5b, 0x2a, 0x27, 0x85, 0xc4, 0x8e, 0x0e, 0x91, 0xf1, 0x48, 0x13, 0x07, 0x64, 0xb9, 0xa7}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x6c, 0xf5, 0x52, 0x4a, 0x1d, 0xae, 0x74, 0xd7, 0x30, 0x1d, 0x4f, 0x78, 0x62, 0x2c, 0x09, 0xb1, 0x04, 0xc8, 0xb2, 0x17, 0x1c, 0x91, 0xfc, 0x66, 0x67, 0xe0, 0x84, 0x9c, 0x58, 0x63, 0x05, 0x18}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x17, 0x57, 0xa6, 0x13, 0x55, 0x35, 0xbc, 0x4a, 0x3d, 0xdf, 0x3d, 0x8b, 0x6b, 0x6a, 0xd2, 0xf6, 0xba, 0xed, 0x25, 0xfc, 0xe7, 0x32, 0x7e, 0x95, 0x15, 0xd0, 0x4b, 0x67, 0x82, 0xde, 0x8d, 0x13}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xac, 0x3d, 0x97, 0x15, 0x03, 0xa8, 0x92, 0x9d, 0x05, 0x7d, 0x71, 0xdd, 0x54, 0xe5, 0x01, 0xfd, 0xf3, 0x73, 0x44, 0x3f, 0xb7, 0xae, 0x07, 0x77, 0xe9, 0x36, 0x22, 0x7e, 0x8d, 0x2e, 0x21, 0xa0}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd1, 0xd5, 0xb0, 0xde, 0x39, 0x6e, 0x6a, 0x18, 0xd5, 0xa9, 0x0f, 0xb1, 0x11, 0x60, 0xec, 0xaa, 0xac, 0x9c, 0xf0, 0xda, 0x67, 0xae, 0xda, 0x7c, 0xa3, 0x0f, 0xa0, 0xe1, 0x57, 0x19, 0xf9, 0xa3}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe9, 0xac, 0x9a, 0xbb, 0x1c, 0x4f, 0x85, 0x0d, 0x02, 0x4e, 0x0b, 0xf1, 0x11, 0x96, 0x20, 0xb1, 0x72, 0x21, 0xeb, 0x1c, 0xa2, 0xf1, 0x5b, 0x02, 0x48, 0xcc, 0xfd, 0xb9, 0x3c, 0x3a, 0x84, 0xdb}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x3d, 0x6a, 0x14, 0x27, 0x39, 0xa4, 0x2e, 0x3e, 0xf2, 0x59, 0x4e, 0x58, 0x4d, 0x8c, 0x5d, 0x89, 0xa1, 0xf3, 0xaa, 0x44, 0x3a, 0x8e, 0x41, 0x46, 0xc0, 0xd9, 0x40, 0xd0, 0xf6, 0xf7, 0x0d, 0x51}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x92, 0x83, 0x6b, 0x39, 0x20, 0x4f, 0x8d, 0x10, 0x01, 0x85, 0xd2, 0xa8, 0x49, 0x5b, 0xf9, 0x24, 0x98, 0x7f, 0xc5, 0x61, 0x46, 0xad, 0xfe, 0xb4, 0x9c, 0xb1, 0x1e, 0x06, 0xf9, 0x7a, 0x66, 0x1c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe6, 0x9f, 0x32, 0xd7, 0x7c, 0xf4, 0x2c, 0x4a, 0x41, 0xce, 0x3c, 0x63, 0xac, 0x32, 0x1e, 0x2a, 0xc0, 0xa1, 0x9d, 0xfd, 0x8f, 0x6c, 0x4a, 0x4d, 0x4e, 0x18, 0x99, 0x21, 0x1c, 0x4d, 0x19, 0xd0}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x4e, 0x64, 0xe7, 0x1a, 0x3d, 0xf2, 0x50, 0xc3, 0xf4, 0x84, 0xc9, 0x3c, 0x20, 0x79, 0x7e, 0x2c, 0xa7, 0xa0, 0x47, 0x45, 0xb1, 0xd8, 0x6c, 0x1e, 0x6b, 0xc1, 0xd3, 0xb5, 0xb2, 0xf8, 0x13, 0x82}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x48, 0xfd, 0x85, 0x20, 0xd7, 0x3b, 0x01, 0x21, 0xb6, 0xcb, 0x0d, 0xc0, 0x33, 0xdf, 0xd9, 0x31, 0x74, 0xed, 0xf9, 0xd9, 0x63, 0x35, 0xdd, 0x26, 0x33, 0xf0, 0x7d, 0xed, 0x20, 0x74, 0xd9, 0xb6}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x36, 0x9b, 0x12, 0x0b, 0x62, 0x67, 0xc7, 0x07, 0x9f, 0x15, 0x74, 0x30, 0x2f, 0xdc, 0x4d, 0x66, 0xc8, 0xe2, 0xf7, 0x94, 0x99, 0x9b, 0x2d, 0x05, 0xed, 0x45, 0x3d, 0x8e, 0xc4, 0x71, 0xd0, 0xfd}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x0d, 0x16, 0x07, 0xdc, 0x23, 0x14, 0x7e, 0x32, 0x88, 0x42, 0xff, 0x5e, 0xfc, 0xbe, 0x45, 0x4f, 0x14, 0xc0, 0x40, 0xef, 0x1a, 0x31, 0x81, 0xfa, 0xba, 0x97, 0x54, 0x72, 0x40, 0xe3, 0x21, 0x23}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x66, 0x2e, 0x07, 0x69, 0x83, 0xe3, 0x48, 0xac, 0x82, 0x65, 0xaf, 0xc0, 0xe0, 0x0f, 0x63, 0xf9, 0x50, 0x6f, 0xec, 0xac, 0xff, 0xd6, 0x26, 0x9c, 0x82, 0x05, 0xf2, 0x2d, 0x60, 0x61, 0x13, 0x15}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x3c, 0xe5, 0xc2, 0xbb, 0xc7, 0xd8, 0xd0, 0x37, 0x53, 0x71, 0xf9, 0x9a, 0xd9, 0x84, 0xc3, 0x2a, 0xa1, 0xd7, 0xc2, 0x0a, 0x18, 0x51, 0x10, 0x6e, 0x1f, 0x42, 0x96, 0xc4, 0xfa, 0x0f, 0x89, 0xb0}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x5d, 0x12, 0xd1, 0x72, 0xc7, 0x34, 0x86, 0x43, 0xf2, 0x4d, 0x03, 0x83, 0xd8, 0xf1, 0xf3, 0x79, 0xfc, 0xd8, 0x2f, 0xa5, 0x07, 0x8d, 0x8f, 0x7c, 0x83, 0xbf, 0x6a, 0x34, 0x18, 0x7b, 0x6c, 0x9c}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x25, 0x44, 0xa9, 0x30, 0xd7, 0x64, 0x93, 0x62, 0xcd, 0xd0, 0x44, 0x0b, 0x45, 0x7c, 0x16, 0x1c, 0x37, 0xe1, 0x77, 0x69, 0x09, 0x5d, 0x62, 0x95, 0xbe, 0x5b, 0xa7, 0x1f, 0x29, 0x8c, 0xf8, 0x93}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x17, 0xc8, 0x5f, 0xbb, 0xac, 0xd0, 0x77, 0xb2, 0xc8, 0xd1, 0x67, 0xb9, 0x60, 0x99, 0x6e, 0x2a, 0x5e, 0x72, 0xb9, 0x5c, 0xf9, 0x54, 0xfc, 0x44, 0xdf, 0x4a, 0xfc, 0x0d, 0xd3, 0x77, 0x17, 0x7c}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x82, 0x61, 0x3d, 0x4c, 0xf9, 0x5a, 0x31, 0x50, 0xf1, 0xba, 0xd6, 0x6c, 0xd0, 0x70, 0x4c, 0x2b, 0x29, 0x5d, 0x58, 0x57, 0xcc, 0xa5, 0x24, 0xb1, 0xd8, 0x1b, 0xb8, 0x7f, 0x44, 0xb3, 0x10, 0x46}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x24, 0xf3, 0x04, 0x22, 0x94, 0x73, 0x3c, 0x28, 0xe6, 0xac, 0x89, 0x1a, 0xc7, 0xc2, 0x50, 0x79, 0xdc, 0x17, 0xaa, 0x33, 0xe8, 0xc6, 0xdd, 0xd9, 0xfb, 0xf8, 0x4e, 0xfa, 0x57, 0xee, 0xe7, 0xcd}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe2, 0x88, 0xf9, 0x36, 0x3b, 0xbc, 0x8d, 0x93, 0xd8, 0x86, 0x20, 0xc4, 0x4e, 0xda, 0x70, 0xf0, 0xdb, 0x05, 0x59, 0x40, 0x15, 0x62, 0xa5, 0x0e, 0xcb, 0x76, 0x7b, 0x95, 0x0b, 0xcc, 0x82, 0xc3}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x22, 0x1e, 0x2e, 0x9a, 0x0b, 0x87, 0x2d, 0x84, 0x7c, 0x2b, 0x6f, 0x12, 0x5b, 0x09, 0xd8, 0x37, 0xc4, 0xdd, 0xdb, 0x17, 0x88, 0x32, 0x13, 0xba, 0x3f, 0x82, 0x1f, 0xc1, 0xd9, 0x05, 0xf6, 0x49}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x9b, 0xcd, 0x40, 0xc0, 0x7b, 0x05, 0x92, 0x69, 0x01, 0xf0, 0x10, 0x95, 0xf7, 0xd0, 0x31, 0x2e, 0x3c, 0xa0, 0x2b, 0xaf, 0xb0, 0xf8, 0xee, 0xd6, 0x6a, 0x1f, 0x6d, 0x70, 0x61, 0x60, 0xe9, 0x31}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x66, 0xb8, 0xf3, 0xc9, 0x8f, 0x9f, 0xa0, 0xbf, 0x09, 0xf8, 0xb5, 0x59, 0x22, 0x61, 0xbf, 0x36, 0x26, 0x6c, 0xed, 0x77, 0x4f, 0x8f, 0xc7, 0x2c, 0xf3, 0x57, 0x9c, 0x54, 0xae, 0xf8, 0xad, 0x89}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x74, 0xfa, 0xbc, 0x5a, 0x9f, 0x9d, 0x09, 0x90, 0xaa, 0x94, 0x4e, 0x2e, 0x01, 0x90, 0x00, 0x49, 0xa7, 0xa0, 0xae, 0x84, 0x3c, 0x7e, 0xaa, 0xdf, 0x5b, 0xd7, 0x24, 0xd8, 0x11, 0xd1, 0x53, 0xe5}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xc8, 0x48, 0x41, 0x0d, 0x43, 0xba, 0x02, 0x9d, 0x25, 0xc0, 0xab, 0x1e, 0x60, 0xcd, 0x51, 0x62, 0x8a, 0x42, 0x60, 0x04, 0xcb, 0x21, 0xa0, 0xd3, 0x84, 0x2d, 0x19, 0xdd, 0x09, 0x53, 0xf4, 0xca}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xb9, 0x30, 0x0b, 0xeb, 0xd4, 0xe2, 0x27, 0xb1, 0x9f, 0x72, 0x02, 0x6a, 0x02, 0xf6, 0x8a, 0x1b, 0xea, 0x7d, 0x42, 0x90, 0x36, 0x58, 0x4a, 0xb7, 0x42, 0x17, 0x07, 0x8b, 0x4e, 0xdf, 0x68, 0x76}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0x47, 0x07, 0x00, 0x4c, 0x8e, 0xc4, 0x14, 0x61, 0x70, 0x77, 0x71, 0x1f, 0x16, 0xe2, 0x48, 0xc6, 0x41, 0xfc, 0x97, 0x20, 0xeb, 0xf7, 0xfb, 0xb6, 0x61, 0x6d, 0x53, 0xbc, 0x24, 0x5a, 0xd9, 0x5b}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x95, 0xf8, 0x6b, 0x21, 0x2b, 0x53, 0xd0, 0xc6, 0x50, 0x44, 0xca, 0xd1, 0x65, 0x10, 0xc9, 0xc7, 0xc7, 0x61, 0xba, 0x51, 0x2e, 0x09, 0x94, 0x01, 0x60, 0x19, 0x85, 0xa3, 0x84, 0x7d, 0x8c, 0xab}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x9e, 0x72, 0x01, 0xd9, 0x21, 0xb5, 0x34, 0xfe, 0xba, 0x89, 0x18, 0x75, 0xa1, 0xa0, 0x06, 0xe0, 0x7d, 0xbc, 0x00, 0x89, 0x56, 0xca, 0x40, 0x9c, 0x79, 0x0f, 0x95, 0xbf, 0x03, 0x8f, 0x87, 0x92}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xd1, 0x35, 0x49, 0x15, 0xd5, 0xc7, 0x76, 0xe0, 0x6f, 0x6e, 0xdd, 0xfb, 0xa2, 0xcb, 0x91, 0xe7, 0x14, 0xb8, 0x61, 0xd1, 0x56, 0x06, 0x03, 0xb9, 0x31, 0xce, 0xc3, 0x00, 0x73, 0xb2, 0x9b, 0xcf}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd8, 0x0d, 0x38, 0x27, 0x23, 0x7f, 0x6f, 0x2a, 0x9c, 0x83, 0xc8, 0x9a, 0xe2, 0x9a, 0xbb, 0x00, 0x11, 0x1a, 0xc4, 0xa4, 0xfe, 0xf7, 0xfe, 0xaa, 0x4e, 0x4d, 0xd6, 0x0f, 0x0b, 0x97, 0xb8, 0x43}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x7e, 0xce, 0xe2, 0x8f, 0xa7, 0x40, 0x25, 0x98, 0xfc, 0xba, 0xc9, 0x47, 0x03, 0x08, 0xa7, 0x2e, 0x0f, 0x89, 0x8d, 0x15, 0x09, 0x2e, 0xd4, 0x79, 0x6c, 0x4f, 0x04, 0x74, 0x34, 0x2c, 0xd6, 0x6a}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xf9, 0xeb, 0x0c, 0x5b, 0xfa, 0x1f, 0x0a, 0x5b, 0x22, 0x49, 0x0d, 0x7c, 0xd7, 0x22, 0x35, 0xa7, 0xcf, 0x19, 0x1a, 0x13, 0x05, 0x72, 0x13, 0x5e, 0x28, 0x20, 0xc9, 0x18, 0xb6, 0x02, 0x53, 0x09}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb2, 0x59, 0xad, 0x58, 0x9b, 0x52, 0x13, 0x83, 0xff, 0x91, 0x68, 0x53, 0x3c, 0x1e, 0x18, 0xaa, 0xaa, 0x8d, 0xdb, 0xc7, 0x82, 0xc1, 0x4b, 0x16, 0x20, 0x90, 0x26, 0xcb, 0x0f, 0x25, 0xba, 0xe3}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x33, 0x6b, 0x07, 0xc1, 0xab, 0x1d, 0x91, 0x96, 0xb5, 0x3d, 0x03, 0xd2, 0x8b, 0x1e, 0x90, 0x1d, 0xc1, 0x5c, 0x39, 0xc7, 0x7a, 0xe9, 0x09, 0xad, 0xf0, 0xff, 0x50, 0x5f, 0x08, 0xe0, 0xee, 0xa2}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0xd8, 0x3e, 0x91, 0x29, 0xed, 0x65, 0x39, 0x28, 0xa0, 0x9a, 0xe2, 0x65, 0xad, 0x0b, 0xc9, 0xc7, 0xe9, 0xf8, 0xca, 0xe1, 0x34, 0x67, 0x82, 0xf8, 0xca, 0x12, 0x6f, 0x38, 0x0b, 0xa8, 0xfc, 0x8e}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x00, 0x5f, 0x6e, 0x56, 0x1e, 0x58, 0xb6, 0xa8, 0x0e, 0xee, 0x35, 0x88, 0x7c, 0x43, 0x07, 0xbf, 0x66, 0xb3, 0xe1, 0xa1, 0x45, 0x05, 0x42, 0x4c, 0x06, 0x06, 0xd4, 0x7c, 0x3b, 0x20, 0x50, 0x0e}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xdb, 0xde, 0x93, 0x87, 0x30, 0xff, 0x08, 0xfb, 0x2b, 0x0c, 0xf5, 0x16, 0x3b, 0x10, 0x71, 0xe8, 0x1b, 0xcc, 0xc7, 0x54, 0x2b, 0x50, 0x82, 0x12, 0x0c, 0x74, 0x52, 0x19, 0xa2, 0xfa, 0x70, 0xa7}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0x45, 0x55, 0xab, 0x30, 0xca, 0x3e, 0x81, 0xba, 0xf7, 0xef, 0x51, 0xa5, 0x98, 0xc0, 0xac, 0xdc, 0x0d, 0x47, 0x47, 0xfe, 0x1c, 0x57, 0x6a, 0x8d, 0x4e, 0xc6, 0x13, 0x8a, 0xe6, 0x91, 0x02, 0xad}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x67, 0x7f, 0xe8, 0x18, 0x92, 0x95, 0x7a, 0xde, 0x62, 0xa8, 0x61, 0x42, 0xbf, 0x3f, 0x42, 0x28, 0x94, 0x6a, 0x7e, 0xd4, 0xa4, 0x72, 0xc9, 0x7b, 0xb1, 0x95, 0xdb, 0x08, 0x65, 0xe7, 0x93, 0xe5}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x49, 0x75, 0xa8, 0xdf, 0x56, 0x10, 0xe9, 0xb5, 0xa2, 0x11, 0x28, 0x3f, 0x78, 0x1d, 0x39, 0x36, 0xa8, 0x47, 0xe4, 0x8e, 0xcc, 0xac, 0xf8, 0xd1, 0xc1, 0xd2, 0x30, 0xf4, 0xba, 0x5a, 0xdb, 0x9b}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0xb1, 0xdc, 0xdf, 0x47, 0x51, 0x68, 0x81, 0x47, 0x3b, 0xc2, 0xaf, 0x24, 0xa6, 0xa0, 0x13, 0xce, 0x6a, 0x35, 0x7e, 0xcd, 0xeb, 0x95, 0xf4, 0x1c, 0xea, 0x20, 0x36, 0x44, 0x64, 0xa1, 0xda, 0x84}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xee, 0x82, 0xf3, 0x29, 0x34, 0xce, 0xa2, 0x88, 0x50, 0x8c, 0x8a, 0xaf, 0x69, 0x2b, 0x54, 0xe4, 0xf8, 0x17, 0x05, 0x5d, 0x1f, 0x6b, 0xa2, 0xf1, 0xc1, 0x58, 0x3b, 0xd9, 0xe9, 0xc4, 0x78, 0xa5}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x14, 0xa5, 0xc2, 0x21, 0x11, 0xc8, 0x70, 0x97, 0x81, 0xa4, 0xd1, 0x87, 0x29, 0x96, 0xc0, 0xee, 0x17, 0xd3, 0xad, 0x6b, 0xb0, 0x79, 0x0a, 0x37, 0xa9, 0x46, 0xf2, 0xc4, 0x1b, 0xd1, 0x63, 0x39}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index 676817d15..a60a1cc78 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240718084957-78ce220cf992" + defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240722132927-399376d3e366" ) From b781a75af7de7e91736ddb6d900807aeecea8e49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Thu, 25 Jul 2024 16:25:56 +0200 Subject: [PATCH 177/380] ci: run performance e2e tests using nightly image (#3272) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- .github/workflows/e2e-test-weekly.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/e2e-test-weekly.yml b/.github/workflows/e2e-test-weekly.yml index 42b351a8b..4aaa8f372 100644 --- a/.github/workflows/e2e-test-weekly.yml +++ b/.github/workflows/e2e-test-weekly.yml @@ -243,27 +243,27 @@ jobs: # perf-bench test on latest k8s version - test: "perf-bench" - refStream: "ref/main/stream/debug/?" + refStream: "ref/main/stream/nightly/?" attestationVariant: "gcp-sev-es" kubernetes-version: "v1.30" clusterCreation: "cli" - test: "perf-bench" - refStream: "ref/main/stream/debug/?" + refStream: "ref/main/stream/nightly/?" attestationVariant: "gcp-sev-snp" kubernetes-version: "v1.30" clusterCreation: "cli" - test: "perf-bench" - refStream: "ref/main/stream/debug/?" + refStream: "ref/main/stream/nightly/?" attestationVariant: "azure-sev-snp" kubernetes-version: "v1.30" clusterCreation: "cli" - test: "perf-bench" - refStream: "ref/main/stream/debug/?" + refStream: "ref/main/stream/nightly/?" attestationVariant: "azure-tdx" kubernetes-version: "v1.30" clusterCreation: "cli" - test: "perf-bench" - refStream: "ref/main/stream/debug/?" + refStream: "ref/main/stream/nightly/?" attestationVariant: "aws-sev-snp" kubernetes-version: "v1.30" clusterCreation: "cli" @@ -338,7 +338,7 @@ jobs: controlNodesCount: "3" cloudProvider: ${{ steps.split-attestationVariant.outputs.cloudProvider }} attestationVariant: ${{ matrix.attestationVariant }} - osImage: ${{ matrix.refStream == 'ref/release/stream/stable/?' && needs.find-latest-image.outputs.image-release-stable || needs.find-latest-image.outputs.image-main-debug }} + osImage: ${{ matrix.refStream == 'ref/release/stream/stable/?' && needs.find-latest-image.outputs.image-release-stable || matrix.refStream == 'ref/main/stream/nightly/?' && needs.find-latest-image.outputs.image-main-nightly || needs.find-latest-image.outputs.image-main-debug }} isDebugImage: ${{ matrix.refStream == 'ref/main/stream/debug/?' }} cliVersion: ${{ matrix.refStream == 'ref/release/stream/stable/?' && needs.find-latest-image.outputs.image-release-stable || '' }} kubernetesVersion: ${{ matrix.kubernetes-version }} From 212aa64f107a69d16757735cbbce6db5fa341585 Mon Sep 17 00:00:00 2001 From: Adrian Stobbe Date: Thu, 25 Jul 2024 17:38:17 +0200 Subject: [PATCH 178/380] ci: add conformance test to weekly (#3230) --- .github/actions/constellation_create/action.yml | 9 ++++++++- .github/actions/e2e_sonobuoy/action.yml | 6 ++++++ .github/actions/e2e_test/action.yml | 13 +++++++++++-- .github/workflows/e2e-test-weekly.yml | 7 +++++++ .github/workflows/e2e-test.yml | 5 +++-- 5 files changed, 35 insertions(+), 5 deletions(-) diff --git a/.github/actions/constellation_create/action.yml b/.github/actions/constellation_create/action.yml index 9aed0ac58..63cddf9d8 100644 --- a/.github/actions/constellation_create/action.yml +++ b/.github/actions/constellation_create/action.yml @@ -192,6 +192,13 @@ runs: run: | echo "flag=--force" | tee -a $GITHUB_OUTPUT + - name: Set conformance flag + id: set-conformance-flag + if: inputs.test == 'sonobuoy conformance' + shell: bash + run: | + echo "flag=--conformance" | tee -a $GITHUB_OUTPUT + - name: Constellation apply (Terraform) id: constellation-apply-terraform if: inputs.clusterCreation == 'terraform' @@ -204,7 +211,7 @@ runs: if: inputs.clusterCreation != 'terraform' shell: bash run: | - constellation apply --skip-phases=infrastructure --debug ${{ steps.set-force-flag.outputs.flag }} + constellation apply --skip-phases=infrastructure --debug ${{ steps.set-force-flag.outputs.flag }} ${{ steps.set-conformance-flag.outputs.flag }} - name: Get kubeconfig id: get-kubeconfig diff --git a/.github/actions/e2e_sonobuoy/action.yml b/.github/actions/e2e_sonobuoy/action.yml index 70dfed0e0..5671e7c9c 100644 --- a/.github/actions/e2e_sonobuoy/action.yml +++ b/.github/actions/e2e_sonobuoy/action.yml @@ -48,6 +48,12 @@ runs: sonobuoy results *_sonobuoy_*.tar.gz sonobuoy results *_sonobuoy_*.tar.gz --mode detailed | jq 'select(.status!="passed")' | jq 'select(.status!="skipped")' || true + - name: Cleanup sonobuoy deployment + env: + KUBECONFIG: ${{ inputs.kubeconfig }} + shell: bash + run: sonobuoy delete --wait + - name: Upload test results if: always() && !env.ACT uses: ./.github/actions/artifact_upload diff --git a/.github/actions/e2e_test/action.yml b/.github/actions/e2e_test/action.yml index 05ccbd016..bcd315cbd 100644 --- a/.github/actions/e2e_test/action.yml +++ b/.github/actions/e2e_test/action.yml @@ -53,7 +53,7 @@ inputs: description: "Azure credentials authorized to create an IAM configuration." required: true test: - description: "The test to run. Can currently be one of [sonobuoy full, sonobuoy quick, autoscaling, lb, perf-bench, verify, recover, malicious join, nop, upgrade]." + description: "The test to run. Can currently be one of [sonobuoy full, sonobuoy quick, sonobuoy conformance, autoscaling, lb, perf-bench, verify, recover, malicious join, nop, upgrade]." required: true sonobuoyTestSuiteCmd: description: "The sonobuoy test suite to run." @@ -103,7 +103,7 @@ runs: using: "composite" steps: - name: Check input - if: (!contains(fromJson('["sonobuoy full", "sonobuoy quick", "autoscaling", "perf-bench", "verify", "lb", "recover", "malicious join", "s3proxy", "nop", "upgrade"]'), inputs.test)) + if: (!contains(fromJson('["sonobuoy full", "sonobuoy quick", "sonobuoy conformance", "autoscaling", "perf-bench", "verify", "lb", "recover", "malicious join", "s3proxy", "nop", "upgrade"]'), inputs.test)) shell: bash run: | echo "::error::Invalid input for test field: ${{ inputs.test }}" @@ -348,6 +348,15 @@ runs: artifactNameSuffix: ${{ steps.create-prefix.outputs.prefix }} encryptionSecret: ${{ inputs.encryptionSecret }} + - name: Run sonobuoy conformance + if: inputs.test == 'sonobuoy conformance' + uses: ./.github/actions/e2e_sonobuoy + with: + sonobuoyTestSuiteCmd: "--plugin e2e --mode certified-conformance" + kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }} + artifactNameSuffix: ${{ steps.create-prefix.outputs.prefix }} + encryptionSecret: ${{ inputs.encryptionSecret }} + - name: Run autoscaling test if: inputs.test == 'autoscaling' uses: ./.github/actions/e2e_autoscaling diff --git a/.github/workflows/e2e-test-weekly.yml b/.github/workflows/e2e-test-weekly.yml index 4aaa8f372..6ae6382f1 100644 --- a/.github/workflows/e2e-test-weekly.yml +++ b/.github/workflows/e2e-test-weekly.yml @@ -78,6 +78,13 @@ jobs: kubernetes-version: "v1.30" clusterCreation: "cli" + # Sonobuoy conformance test + - test: "sonobuoy conformance" + refStream: "ref/main/stream/debug/?" + attestationVariant: "gcp-sev-snp" + kubernetes-version: "v1.30" + clusterCreation: "cli" + # Sonobuoy quick test on all but the latest k8s versions - test: "sonobuoy quick" refStream: "ref/main/stream/debug/?" diff --git a/.github/workflows/e2e-test.yml b/.github/workflows/e2e-test.yml index bc0d06ac3..1694b5ac6 100644 --- a/.github/workflows/e2e-test.yml +++ b/.github/workflows/e2e-test.yml @@ -26,11 +26,12 @@ on: - "macos-12" default: "ubuntu-22.04" test: - description: "The test to run." + description: "The test to run. The conformance test is only supported for clusterCreation=cli." type: choice options: - "sonobuoy quick" - "sonobuoy full" + - "sonobuoy conformance" - "autoscaling" - "lb" - "perf-bench" @@ -82,7 +83,7 @@ on: type: string required: true test: - description: "The test to run." + description: "The test to run. The conformance test is only supported for clusterCreation=cli." type: string required: true kubernetesVersion: From f4e6c910ab1c198c91f26809045e17c38ebd6cea Mon Sep 17 00:00:00 2001 From: 3u13r Date: Thu, 25 Jul 2024 22:53:13 +0200 Subject: [PATCH 179/380] terraform: azure detach unused lb backends (#3270) --- terraform/infrastructure/azure/main.tf | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/terraform/infrastructure/azure/main.tf b/terraform/infrastructure/azure/main.tf index 7338f86ba..e93da4745 100644 --- a/terraform/infrastructure/azure/main.tf +++ b/terraform/infrastructure/azure/main.tf @@ -170,6 +170,8 @@ module "loadbalancer_backend_control_plane" { ports = local.ports } +# We cannot delete them right away since we first need to to delete the dependency from the VMSS to this backend pool. +# TODO(@3u13r): Remove this resource after v2.18.0 has been released. module "loadbalancer_backend_worker" { source = "./modules/load_balancer_backend" @@ -179,11 +181,14 @@ module "loadbalancer_backend_worker" { ports = [] } +# We cannot delete them right away since we first need to to delete the dependency from the VMSS to this backend pool. +# TODO(@3u13r): Remove this resource after v2.18.0 has been released. resource "azurerm_lb_backend_address_pool" "all" { loadbalancer_id = azurerm_lb.loadbalancer.id name = "${var.name}-all" } + resource "azurerm_virtual_network" "network" { name = local.name resource_group_name = var.resource_group @@ -257,14 +262,14 @@ module "scale_set_group" { image_id = var.image_id network_security_group_id = azurerm_network_security_group.security_group.id subnet_id = azurerm_subnet.node_subnet.id - backend_address_pool_ids = each.value.role == "control-plane" ? [ - azurerm_lb_backend_address_pool.all.id, - module.loadbalancer_backend_control_plane.backendpool_id - ] : [ - azurerm_lb_backend_address_pool.all.id, - module.loadbalancer_backend_worker.backendpool_id - ] - marketplace_image = var.marketplace_image + backend_address_pool_ids = each.value.role == "control-plane" ? [module.loadbalancer_backend_control_plane.backendpool_id] : [] + marketplace_image = var.marketplace_image + + # We still depend on the backends, since we are not sure if the VMs inside the VMSS have been + # "updated" to the new version (note: this is the update in Azure which "refreshes" the NICs and not + # our Constellation update). + # TODO(@3u13r): Remove this dependency after v2.18.0 has been released. + depends_on = [module.loadbalancer_backend_worker, azurerm_lb_backend_address_pool.all] } module "jump_host" { From 60bdec5fb11910fceb6a1bc33004d0339733f727 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Fri, 26 Jul 2024 08:20:53 +0200 Subject: [PATCH 180/380] image: update measurements and image version (#3273) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index 75d6ea357..82db66d76 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x4e, 0x64, 0xe7, 0x1a, 0x3d, 0xf2, 0x50, 0xc3, 0xf4, 0x84, 0xc9, 0x3c, 0x20, 0x79, 0x7e, 0x2c, 0xa7, 0xa0, 0x47, 0x45, 0xb1, 0xd8, 0x6c, 0x1e, 0x6b, 0xc1, 0xd3, 0xb5, 0xb2, 0xf8, 0x13, 0x82}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x48, 0xfd, 0x85, 0x20, 0xd7, 0x3b, 0x01, 0x21, 0xb6, 0xcb, 0x0d, 0xc0, 0x33, 0xdf, 0xd9, 0x31, 0x74, 0xed, 0xf9, 0xd9, 0x63, 0x35, 0xdd, 0x26, 0x33, 0xf0, 0x7d, 0xed, 0x20, 0x74, 0xd9, 0xb6}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x36, 0x9b, 0x12, 0x0b, 0x62, 0x67, 0xc7, 0x07, 0x9f, 0x15, 0x74, 0x30, 0x2f, 0xdc, 0x4d, 0x66, 0xc8, 0xe2, 0xf7, 0x94, 0x99, 0x9b, 0x2d, 0x05, 0xed, 0x45, 0x3d, 0x8e, 0xc4, 0x71, 0xd0, 0xfd}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x0d, 0x16, 0x07, 0xdc, 0x23, 0x14, 0x7e, 0x32, 0x88, 0x42, 0xff, 0x5e, 0xfc, 0xbe, 0x45, 0x4f, 0x14, 0xc0, 0x40, 0xef, 0x1a, 0x31, 0x81, 0xfa, 0xba, 0x97, 0x54, 0x72, 0x40, 0xe3, 0x21, 0x23}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x66, 0x2e, 0x07, 0x69, 0x83, 0xe3, 0x48, 0xac, 0x82, 0x65, 0xaf, 0xc0, 0xe0, 0x0f, 0x63, 0xf9, 0x50, 0x6f, 0xec, 0xac, 0xff, 0xd6, 0x26, 0x9c, 0x82, 0x05, 0xf2, 0x2d, 0x60, 0x61, 0x13, 0x15}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x3c, 0xe5, 0xc2, 0xbb, 0xc7, 0xd8, 0xd0, 0x37, 0x53, 0x71, 0xf9, 0x9a, 0xd9, 0x84, 0xc3, 0x2a, 0xa1, 0xd7, 0xc2, 0x0a, 0x18, 0x51, 0x10, 0x6e, 0x1f, 0x42, 0x96, 0xc4, 0xfa, 0x0f, 0x89, 0xb0}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x5d, 0x12, 0xd1, 0x72, 0xc7, 0x34, 0x86, 0x43, 0xf2, 0x4d, 0x03, 0x83, 0xd8, 0xf1, 0xf3, 0x79, 0xfc, 0xd8, 0x2f, 0xa5, 0x07, 0x8d, 0x8f, 0x7c, 0x83, 0xbf, 0x6a, 0x34, 0x18, 0x7b, 0x6c, 0x9c}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x25, 0x44, 0xa9, 0x30, 0xd7, 0x64, 0x93, 0x62, 0xcd, 0xd0, 0x44, 0x0b, 0x45, 0x7c, 0x16, 0x1c, 0x37, 0xe1, 0x77, 0x69, 0x09, 0x5d, 0x62, 0x95, 0xbe, 0x5b, 0xa7, 0x1f, 0x29, 0x8c, 0xf8, 0x93}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x17, 0xc8, 0x5f, 0xbb, 0xac, 0xd0, 0x77, 0xb2, 0xc8, 0xd1, 0x67, 0xb9, 0x60, 0x99, 0x6e, 0x2a, 0x5e, 0x72, 0xb9, 0x5c, 0xf9, 0x54, 0xfc, 0x44, 0xdf, 0x4a, 0xfc, 0x0d, 0xd3, 0x77, 0x17, 0x7c}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x82, 0x61, 0x3d, 0x4c, 0xf9, 0x5a, 0x31, 0x50, 0xf1, 0xba, 0xd6, 0x6c, 0xd0, 0x70, 0x4c, 0x2b, 0x29, 0x5d, 0x58, 0x57, 0xcc, 0xa5, 0x24, 0xb1, 0xd8, 0x1b, 0xb8, 0x7f, 0x44, 0xb3, 0x10, 0x46}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x24, 0xf3, 0x04, 0x22, 0x94, 0x73, 0x3c, 0x28, 0xe6, 0xac, 0x89, 0x1a, 0xc7, 0xc2, 0x50, 0x79, 0xdc, 0x17, 0xaa, 0x33, 0xe8, 0xc6, 0xdd, 0xd9, 0xfb, 0xf8, 0x4e, 0xfa, 0x57, 0xee, 0xe7, 0xcd}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe2, 0x88, 0xf9, 0x36, 0x3b, 0xbc, 0x8d, 0x93, 0xd8, 0x86, 0x20, 0xc4, 0x4e, 0xda, 0x70, 0xf0, 0xdb, 0x05, 0x59, 0x40, 0x15, 0x62, 0xa5, 0x0e, 0xcb, 0x76, 0x7b, 0x95, 0x0b, 0xcc, 0x82, 0xc3}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x16, 0xb2, 0xe9, 0xd7, 0x0e, 0x3a, 0xa0, 0xfd, 0xc3, 0xc9, 0xf2, 0x43, 0xf4, 0x1c, 0xbe, 0xfd, 0x56, 0x5f, 0xca, 0xbe, 0x4e, 0xba, 0xa8, 0x84, 0x19, 0x37, 0x7f, 0x5d, 0xa0, 0x52, 0x4b, 0x8a}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xf6, 0xbc, 0x39, 0x89, 0xb5, 0x06, 0x54, 0x28, 0xc3, 0x8c, 0xd7, 0x67, 0xe8, 0xb8, 0x03, 0xe3, 0x50, 0xaa, 0xc0, 0xa6, 0x09, 0x79, 0x02, 0x5e, 0x22, 0xd4, 0xd7, 0xf6, 0x2c, 0x9f, 0xce, 0xaa}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x6d, 0x47, 0x71, 0xbd, 0x50, 0x68, 0xbe, 0xa3, 0x65, 0x99, 0x43, 0x15, 0x0c, 0x21, 0x47, 0xde, 0xfd, 0x36, 0xac, 0xe6, 0xc6, 0xfb, 0xd2, 0xe0, 0x03, 0x7b, 0x9e, 0xa1, 0x4f, 0xf1, 0x17, 0x67}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xf4, 0x06, 0xe9, 0x55, 0xdf, 0x8f, 0x2a, 0xb8, 0x55, 0xd7, 0x62, 0xe6, 0xce, 0x38, 0xd8, 0xb9, 0x05, 0x97, 0xad, 0xc8, 0xdb, 0x7f, 0xbe, 0xf0, 0xec, 0xfd, 0x27, 0xba, 0xc6, 0x99, 0xaa, 0x8a}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x96, 0xbd, 0x1d, 0x4d, 0xc5, 0xc8, 0x5d, 0x1b, 0x0c, 0xb9, 0x78, 0x44, 0xd9, 0x2b, 0x14, 0x0e, 0x67, 0xa1, 0x2b, 0x77, 0xfd, 0x4e, 0xf5, 0x5b, 0x9e, 0x60, 0x31, 0xe4, 0x93, 0xce, 0x3c, 0x30}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd3, 0xfd, 0x80, 0x98, 0x25, 0xd0, 0xc0, 0xca, 0xb4, 0x13, 0xcf, 0xa9, 0xde, 0xc6, 0xe9, 0xb3, 0x44, 0x07, 0xd3, 0xb9, 0xfc, 0x18, 0xf4, 0xc6, 0xb6, 0xd6, 0x12, 0xc6, 0x3c, 0x39, 0xfa, 0xa7}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xec, 0x8b, 0xff, 0x67, 0x20, 0xaf, 0x91, 0x25, 0x8f, 0x09, 0x71, 0x0c, 0x84, 0x06, 0x58, 0x21, 0x8f, 0x84, 0xe3, 0x88, 0x05, 0xfa, 0xed, 0x2e, 0x4c, 0xd2, 0x9c, 0x8e, 0xaf, 0xbf, 0x15, 0xcc}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x51, 0x0e, 0x39, 0x09, 0x7f, 0x74, 0x03, 0x90, 0x27, 0x9a, 0x83, 0x26, 0xa6, 0xe5, 0x2b, 0x74, 0xc3, 0x6d, 0x48, 0x11, 0x75, 0x8d, 0x62, 0x7d, 0x9b, 0x6f, 0x9f, 0x30, 0xe3, 0x79, 0xe6, 0x86}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x9f, 0x70, 0x3e, 0x23, 0x00, 0xf1, 0x0d, 0xb4, 0x89, 0x72, 0x8f, 0x20, 0x0f, 0x17, 0x79, 0x2d, 0x42, 0xde, 0xb6, 0xbf, 0x87, 0x53, 0x2c, 0x5d, 0xcd, 0xbb, 0x44, 0x01, 0xce, 0xb4, 0x7d, 0x38}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x89, 0xbc, 0x56, 0x2c, 0x40, 0x66, 0xd9, 0xc2, 0x01, 0xfc, 0xa4, 0xe6, 0xb3, 0x06, 0x15, 0x66, 0xb5, 0x57, 0x7e, 0x77, 0xe9, 0x17, 0x08, 0x2b, 0xde, 0x9a, 0xe2, 0x5e, 0xab, 0x08, 0x69, 0x50}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd2, 0x56, 0x50, 0x85, 0x38, 0xec, 0xf6, 0xa5, 0x69, 0x0e, 0xdf, 0x1e, 0x94, 0xd3, 0x7b, 0x6d, 0x10, 0xdb, 0x36, 0xf1, 0x64, 0x46, 0x7d, 0xe3, 0xba, 0xe9, 0x7f, 0xee, 0x3a, 0x6f, 0xec, 0xc6}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x60, 0x83, 0xca, 0xf0, 0xd6, 0x61, 0x28, 0xab, 0xaa, 0x88, 0x13, 0x3b, 0x8d, 0xa7, 0x0b, 0x47, 0x44, 0xd5, 0x26, 0x3c, 0x2c, 0xf8, 0x77, 0x1d, 0xad, 0xc8, 0x76, 0x79, 0x49, 0x91, 0x71, 0x42}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xd1, 0x35, 0x49, 0x15, 0xd5, 0xc7, 0x76, 0xe0, 0x6f, 0x6e, 0xdd, 0xfb, 0xa2, 0xcb, 0x91, 0xe7, 0x14, 0xb8, 0x61, 0xd1, 0x56, 0x06, 0x03, 0xb9, 0x31, 0xce, 0xc3, 0x00, 0x73, 0xb2, 0x9b, 0xcf}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd8, 0x0d, 0x38, 0x27, 0x23, 0x7f, 0x6f, 0x2a, 0x9c, 0x83, 0xc8, 0x9a, 0xe2, 0x9a, 0xbb, 0x00, 0x11, 0x1a, 0xc4, 0xa4, 0xfe, 0xf7, 0xfe, 0xaa, 0x4e, 0x4d, 0xd6, 0x0f, 0x0b, 0x97, 0xb8, 0x43}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x7e, 0xce, 0xe2, 0x8f, 0xa7, 0x40, 0x25, 0x98, 0xfc, 0xba, 0xc9, 0x47, 0x03, 0x08, 0xa7, 0x2e, 0x0f, 0x89, 0x8d, 0x15, 0x09, 0x2e, 0xd4, 0x79, 0x6c, 0x4f, 0x04, 0x74, 0x34, 0x2c, 0xd6, 0x6a}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xf9, 0xeb, 0x0c, 0x5b, 0xfa, 0x1f, 0x0a, 0x5b, 0x22, 0x49, 0x0d, 0x7c, 0xd7, 0x22, 0x35, 0xa7, 0xcf, 0x19, 0x1a, 0x13, 0x05, 0x72, 0x13, 0x5e, 0x28, 0x20, 0xc9, 0x18, 0xb6, 0x02, 0x53, 0x09}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb2, 0x59, 0xad, 0x58, 0x9b, 0x52, 0x13, 0x83, 0xff, 0x91, 0x68, 0x53, 0x3c, 0x1e, 0x18, 0xaa, 0xaa, 0x8d, 0xdb, 0xc7, 0x82, 0xc1, 0x4b, 0x16, 0x20, 0x90, 0x26, 0xcb, 0x0f, 0x25, 0xba, 0xe3}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x33, 0x6b, 0x07, 0xc1, 0xab, 0x1d, 0x91, 0x96, 0xb5, 0x3d, 0x03, 0xd2, 0x8b, 0x1e, 0x90, 0x1d, 0xc1, 0x5c, 0x39, 0xc7, 0x7a, 0xe9, 0x09, 0xad, 0xf0, 0xff, 0x50, 0x5f, 0x08, 0xe0, 0xee, 0xa2}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0xd8, 0x3e, 0x91, 0x29, 0xed, 0x65, 0x39, 0x28, 0xa0, 0x9a, 0xe2, 0x65, 0xad, 0x0b, 0xc9, 0xc7, 0xe9, 0xf8, 0xca, 0xe1, 0x34, 0x67, 0x82, 0xf8, 0xca, 0x12, 0x6f, 0x38, 0x0b, 0xa8, 0xfc, 0x8e}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x00, 0x5f, 0x6e, 0x56, 0x1e, 0x58, 0xb6, 0xa8, 0x0e, 0xee, 0x35, 0x88, 0x7c, 0x43, 0x07, 0xbf, 0x66, 0xb3, 0xe1, 0xa1, 0x45, 0x05, 0x42, 0x4c, 0x06, 0x06, 0xd4, 0x7c, 0x3b, 0x20, 0x50, 0x0e}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xdb, 0xde, 0x93, 0x87, 0x30, 0xff, 0x08, 0xfb, 0x2b, 0x0c, 0xf5, 0x16, 0x3b, 0x10, 0x71, 0xe8, 0x1b, 0xcc, 0xc7, 0x54, 0x2b, 0x50, 0x82, 0x12, 0x0c, 0x74, 0x52, 0x19, 0xa2, 0xfa, 0x70, 0xa7}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x97, 0x61, 0xc2, 0xdc, 0x01, 0x8c, 0xdb, 0x99, 0xb6, 0x18, 0x45, 0x41, 0x66, 0x00, 0xdb, 0x31, 0x68, 0x43, 0x09, 0x3a, 0x3e, 0x79, 0xf2, 0x56, 0xe7, 0xdc, 0x3a, 0xf4, 0x4b, 0x38, 0xc9, 0xae}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x69, 0x22, 0x42, 0x88, 0x16, 0x8d, 0xaa, 0x5e, 0x51, 0xf5, 0x0a, 0xaa, 0xb4, 0xde, 0x3a, 0xcc, 0xd9, 0xe8, 0xfa, 0x92, 0x16, 0xad, 0x52, 0xe0, 0xfb, 0xb5, 0x9a, 0x1b, 0xa1, 0x10, 0x79, 0xb0}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x1d, 0x50, 0x92, 0xa9, 0xd1, 0x26, 0xe1, 0xd1, 0x4a, 0xba, 0x47, 0x08, 0x64, 0xb8, 0x98, 0x67, 0x0c, 0x9c, 0xf2, 0x8d, 0xd2, 0x04, 0x37, 0xa1, 0x74, 0x15, 0x12, 0x71, 0xad, 0x68, 0x62, 0x87}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x47, 0x90, 0x83, 0x17, 0xa9, 0x98, 0x28, 0x95, 0x8c, 0x41, 0xf1, 0x3b, 0x4e, 0x28, 0x88, 0x0e, 0x82, 0xf6, 0x1e, 0x99, 0x49, 0xaa, 0x3f, 0xbd, 0x49, 0x0d, 0x2b, 0x56, 0x72, 0x68, 0xe5, 0xe1}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x05, 0x38, 0x81, 0xc3, 0xb5, 0xd8, 0x81, 0x77, 0xd3, 0x54, 0xd0, 0x33, 0x4e, 0xb3, 0x86, 0x13, 0xaa, 0x94, 0x66, 0xb5, 0x9a, 0x56, 0xc9, 0x25, 0x8e, 0xbf, 0xa9, 0x13, 0x1b, 0xe3, 0xa3, 0xcb}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe9, 0x07, 0x26, 0xe0, 0xdc, 0xef, 0xf6, 0xc9, 0x70, 0xae, 0xc4, 0x5e, 0xf0, 0xd3, 0xff, 0x8a, 0xef, 0x68, 0xb4, 0xb5, 0x31, 0x21, 0x7c, 0x65, 0x64, 0xb0, 0x82, 0x7d, 0x28, 0x8f, 0x50, 0x67}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0x4c, 0x0e, 0xea, 0x8b, 0x9a, 0x1b, 0x7f, 0x7b, 0x56, 0x1c, 0x41, 0x01, 0xf3, 0x50, 0xbe, 0xa5, 0x50, 0x76, 0xb9, 0x51, 0x80, 0xb6, 0x75, 0x92, 0x9f, 0x03, 0x03, 0x12, 0x43, 0x6f, 0x24, 0xce}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x04, 0x89, 0xa4, 0x8a, 0x85, 0xf0, 0x00, 0xd9, 0xe3, 0xd0, 0xa9, 0xdf, 0x11, 0x13, 0x5f, 0x36, 0xc8, 0x2c, 0xa4, 0x8b, 0xf8, 0xcf, 0xc5, 0x52, 0xe7, 0x29, 0x77, 0x9d, 0x0c, 0x0c, 0xbe, 0xac}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xde, 0xbf, 0xd8, 0xff, 0x66, 0xe0, 0x0b, 0x61, 0xd0, 0x63, 0xc8, 0x23, 0x6e, 0x7f, 0xa5, 0xd5, 0xe5, 0x6d, 0x4b, 0x5a, 0x10, 0xec, 0xf1, 0xb7, 0x30, 0x82, 0x7c, 0xa5, 0x30, 0xcb, 0xd3, 0xb6}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0xb1, 0xdc, 0xdf, 0x47, 0x51, 0x68, 0x81, 0x47, 0x3b, 0xc2, 0xaf, 0x24, 0xa6, 0xa0, 0x13, 0xce, 0x6a, 0x35, 0x7e, 0xcd, 0xeb, 0x95, 0xf4, 0x1c, 0xea, 0x20, 0x36, 0x44, 0x64, 0xa1, 0xda, 0x84}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xee, 0x82, 0xf3, 0x29, 0x34, 0xce, 0xa2, 0x88, 0x50, 0x8c, 0x8a, 0xaf, 0x69, 0x2b, 0x54, 0xe4, 0xf8, 0x17, 0x05, 0x5d, 0x1f, 0x6b, 0xa2, 0xf1, 0xc1, 0x58, 0x3b, 0xd9, 0xe9, 0xc4, 0x78, 0xa5}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x14, 0xa5, 0xc2, 0x21, 0x11, 0xc8, 0x70, 0x97, 0x81, 0xa4, 0xd1, 0x87, 0x29, 0x96, 0xc0, 0xee, 0x17, 0xd3, 0xad, 0x6b, 0xb0, 0x79, 0x0a, 0x37, 0xa9, 0x46, 0xf2, 0xc4, 0x1b, 0xd1, 0x63, 0x39}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0xb3, 0x9f, 0xe3, 0xae, 0xfd, 0x76, 0x80, 0x89, 0xe3, 0x43, 0xc0, 0x91, 0x24, 0xed, 0x6c, 0x41, 0x0c, 0x88, 0x37, 0xe9, 0x45, 0xb3, 0x46, 0xaf, 0x84, 0x00, 0x76, 0xec, 0xbc, 0xad, 0x08, 0x8d}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x49, 0xbb, 0x74, 0xd4, 0x4f, 0x75, 0xea, 0x1b, 0xba, 0xba, 0xd0, 0x1c, 0x09, 0xc4, 0xe1, 0xf4, 0x19, 0xac, 0x3f, 0x1b, 0xc4, 0x7f, 0xfb, 0x40, 0x9c, 0x36, 0x16, 0xe3, 0x16, 0x5e, 0x2c, 0xb6}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa6, 0xce, 0xae, 0x5d, 0x47, 0xe9, 0x6c, 0x2a, 0x93, 0x63, 0xbd, 0x0a, 0xc3, 0x83, 0x13, 0x0f, 0xfe, 0x6a, 0x89, 0x33, 0xa6, 0x77, 0xaa, 0x36, 0xd1, 0x26, 0xc6, 0xeb, 0x04, 0x10, 0x36, 0xeb}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index a60a1cc78..2c3373e87 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240722132927-399376d3e366" + defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240725225313-f4e6c910ab1c" ) From 2e9dda52b7ab7b2b8431579701cf5e27d316a5e2 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Fri, 26 Jul 2024 12:43:16 +0200 Subject: [PATCH 181/380] ci: mirror GCP SEV-SNP marketplace images (#3274) --- .github/workflows/on-release.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/on-release.yml b/.github/workflows/on-release.yml index 5004da580..abbf75f4b 100644 --- a/.github/workflows/on-release.yml +++ b/.github/workflows/on-release.yml @@ -159,9 +159,8 @@ jobs: id: fetch-reference shell: bash run: | - # TODO(msanft): Implement marketplace images for GCP SEV-SNP aws s3 cp s3://cdn-constellation-backend/constellation/v2/ref/-/stream/stable/${{ steps.fetch-version.outputs.output }}/image/info.json . - FULL_REF=$(yq e -r -oy '.list.[] | select(.attestationVariant == "gcp-sev-es") | .reference' info.json) + FULL_REF=$(yq e -r -oy '.list.[] | select(.attestationVariant == "gcp-sev-snp") | .reference' info.json) IMAGE_NAME=$(echo "${FULL_REF}" | cut -d / -f 5) echo "reference=$IMAGE_NAME" | tee -a "$GITHUB_OUTPUT" From 9d58f8a494a2fa712e22b0a6ecd3c039d81f14dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Tue, 30 Jul 2024 12:58:57 +0200 Subject: [PATCH 182/380] ci: correctly fetch image on nightly image ref (#3276) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- .github/actions/select_image/action.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/actions/select_image/action.yml b/.github/actions/select_image/action.yml index 59f455619..e36e145ed 100644 --- a/.github/actions/select_image/action.yml +++ b/.github/actions/select_image/action.yml @@ -3,15 +3,15 @@ description: Resolve string presets and shortpaths to shortpaths only inputs: osImage: - description: "Shortpath or main-debug or release-stable" + description: "Shortpath, main-debug, main-nightly, or release-stable" required: true outputs: osImage: - description: "Shortpath of for input string, original input if that was already a shortpath" + description: "Shortpath of input string, original input if that was already a shortpath" value: ${{ steps.set-output.outputs.osImage }} isDebugImage: - description: "Input represents a debug image or not" + description: "Input is a debug image or not" value: ${{ steps.set-output.outputs.isDebugImage }} runs: @@ -27,7 +27,7 @@ runs: id: input-is-preset shell: bash run: | - if [[ "${{ inputs.osImage }}" == "ref/main/stream/debug/?" || "${{ inputs.osImage }}" == "ref/release/stream/stable/?" ]]; then + if [[ "${{ inputs.osImage }}" == "ref/main/stream/debug/?" || "${{ inputs.osImage }}" == "ref/main/stream/nightly/?" || "${{ inputs.osImage }}" == "ref/release/stream/stable/?" ]]; then echo "result=true" | tee -a "$GITHUB_OUTPUT" else echo "result=false" | tee -a "$GITHUB_OUTPUT" From 43fde2ea79d112166907afc3d9af9e73c1b06727 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Wed, 31 Jul 2024 08:45:51 +0200 Subject: [PATCH 183/380] image: update measurements and image version (#3277) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index 82db66d76..514230f9a 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x16, 0xb2, 0xe9, 0xd7, 0x0e, 0x3a, 0xa0, 0xfd, 0xc3, 0xc9, 0xf2, 0x43, 0xf4, 0x1c, 0xbe, 0xfd, 0x56, 0x5f, 0xca, 0xbe, 0x4e, 0xba, 0xa8, 0x84, 0x19, 0x37, 0x7f, 0x5d, 0xa0, 0x52, 0x4b, 0x8a}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xf6, 0xbc, 0x39, 0x89, 0xb5, 0x06, 0x54, 0x28, 0xc3, 0x8c, 0xd7, 0x67, 0xe8, 0xb8, 0x03, 0xe3, 0x50, 0xaa, 0xc0, 0xa6, 0x09, 0x79, 0x02, 0x5e, 0x22, 0xd4, 0xd7, 0xf6, 0x2c, 0x9f, 0xce, 0xaa}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x6d, 0x47, 0x71, 0xbd, 0x50, 0x68, 0xbe, 0xa3, 0x65, 0x99, 0x43, 0x15, 0x0c, 0x21, 0x47, 0xde, 0xfd, 0x36, 0xac, 0xe6, 0xc6, 0xfb, 0xd2, 0xe0, 0x03, 0x7b, 0x9e, 0xa1, 0x4f, 0xf1, 0x17, 0x67}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xf4, 0x06, 0xe9, 0x55, 0xdf, 0x8f, 0x2a, 0xb8, 0x55, 0xd7, 0x62, 0xe6, 0xce, 0x38, 0xd8, 0xb9, 0x05, 0x97, 0xad, 0xc8, 0xdb, 0x7f, 0xbe, 0xf0, 0xec, 0xfd, 0x27, 0xba, 0xc6, 0x99, 0xaa, 0x8a}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x96, 0xbd, 0x1d, 0x4d, 0xc5, 0xc8, 0x5d, 0x1b, 0x0c, 0xb9, 0x78, 0x44, 0xd9, 0x2b, 0x14, 0x0e, 0x67, 0xa1, 0x2b, 0x77, 0xfd, 0x4e, 0xf5, 0x5b, 0x9e, 0x60, 0x31, 0xe4, 0x93, 0xce, 0x3c, 0x30}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd3, 0xfd, 0x80, 0x98, 0x25, 0xd0, 0xc0, 0xca, 0xb4, 0x13, 0xcf, 0xa9, 0xde, 0xc6, 0xe9, 0xb3, 0x44, 0x07, 0xd3, 0xb9, 0xfc, 0x18, 0xf4, 0xc6, 0xb6, 0xd6, 0x12, 0xc6, 0x3c, 0x39, 0xfa, 0xa7}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xec, 0x8b, 0xff, 0x67, 0x20, 0xaf, 0x91, 0x25, 0x8f, 0x09, 0x71, 0x0c, 0x84, 0x06, 0x58, 0x21, 0x8f, 0x84, 0xe3, 0x88, 0x05, 0xfa, 0xed, 0x2e, 0x4c, 0xd2, 0x9c, 0x8e, 0xaf, 0xbf, 0x15, 0xcc}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x51, 0x0e, 0x39, 0x09, 0x7f, 0x74, 0x03, 0x90, 0x27, 0x9a, 0x83, 0x26, 0xa6, 0xe5, 0x2b, 0x74, 0xc3, 0x6d, 0x48, 0x11, 0x75, 0x8d, 0x62, 0x7d, 0x9b, 0x6f, 0x9f, 0x30, 0xe3, 0x79, 0xe6, 0x86}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x9f, 0x70, 0x3e, 0x23, 0x00, 0xf1, 0x0d, 0xb4, 0x89, 0x72, 0x8f, 0x20, 0x0f, 0x17, 0x79, 0x2d, 0x42, 0xde, 0xb6, 0xbf, 0x87, 0x53, 0x2c, 0x5d, 0xcd, 0xbb, 0x44, 0x01, 0xce, 0xb4, 0x7d, 0x38}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x89, 0xbc, 0x56, 0x2c, 0x40, 0x66, 0xd9, 0xc2, 0x01, 0xfc, 0xa4, 0xe6, 0xb3, 0x06, 0x15, 0x66, 0xb5, 0x57, 0x7e, 0x77, 0xe9, 0x17, 0x08, 0x2b, 0xde, 0x9a, 0xe2, 0x5e, 0xab, 0x08, 0x69, 0x50}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd2, 0x56, 0x50, 0x85, 0x38, 0xec, 0xf6, 0xa5, 0x69, 0x0e, 0xdf, 0x1e, 0x94, 0xd3, 0x7b, 0x6d, 0x10, 0xdb, 0x36, 0xf1, 0x64, 0x46, 0x7d, 0xe3, 0xba, 0xe9, 0x7f, 0xee, 0x3a, 0x6f, 0xec, 0xc6}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x60, 0x83, 0xca, 0xf0, 0xd6, 0x61, 0x28, 0xab, 0xaa, 0x88, 0x13, 0x3b, 0x8d, 0xa7, 0x0b, 0x47, 0x44, 0xd5, 0x26, 0x3c, 0x2c, 0xf8, 0x77, 0x1d, 0xad, 0xc8, 0x76, 0x79, 0x49, 0x91, 0x71, 0x42}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x9a, 0xae, 0x5f, 0xe6, 0x13, 0xd3, 0xd6, 0xf4, 0xa0, 0xac, 0x1c, 0x37, 0xa6, 0x9b, 0xc4, 0x82, 0x9c, 0x67, 0xaa, 0xcf, 0xf6, 0x25, 0xda, 0xa4, 0xc2, 0x17, 0x28, 0xe0, 0x1d, 0xdd, 0x5c, 0x4b}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb5, 0x9c, 0xc1, 0x46, 0x26, 0x33, 0x7e, 0x57, 0x3c, 0x1a, 0x9d, 0xfa, 0xd8, 0xde, 0x0a, 0x9e, 0x41, 0x7c, 0xd6, 0xb1, 0x6a, 0x21, 0x6c, 0x8a, 0xbf, 0x05, 0xc6, 0xba, 0xb5, 0xb9, 0x64, 0xba}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xb7, 0x39, 0xfb, 0xde, 0xcd, 0x2d, 0x0e, 0x96, 0x6f, 0x9c, 0x95, 0xf2, 0xed, 0x3a, 0xb1, 0x92, 0xc7, 0x3e, 0xe3, 0x9b, 0x1a, 0x19, 0xd7, 0x4d, 0x3a, 0x87, 0x13, 0x92, 0x46, 0xb8, 0xba, 0x64}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x51, 0x03, 0x8f, 0xd5, 0x03, 0x58, 0x8f, 0x8c, 0xe3, 0x09, 0xa3, 0xea, 0xc2, 0x75, 0xe3, 0xe5, 0x9f, 0x47, 0xa5, 0x32, 0xa4, 0x09, 0x5f, 0xe8, 0xff, 0xcd, 0xbb, 0xee, 0x38, 0x7d, 0xf8, 0x88}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x7a, 0xf3, 0x8f, 0x16, 0xb1, 0x24, 0x91, 0xe2, 0x9d, 0x85, 0x6f, 0x18, 0xac, 0xa7, 0x86, 0x6a, 0xf8, 0xc2, 0xc8, 0x77, 0x68, 0xdb, 0xb2, 0x77, 0xdd, 0x67, 0x6e, 0x86, 0x9b, 0xfb, 0x6c, 0x3b}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xaa, 0x94, 0xaa, 0x4a, 0xa7, 0x7b, 0xc3, 0x66, 0x92, 0xc8, 0x5d, 0x24, 0x3f, 0x12, 0x3f, 0xe9, 0xb0, 0xec, 0xf0, 0x41, 0xe4, 0xc3, 0xe4, 0x23, 0x68, 0x57, 0x83, 0xd4, 0xc0, 0x44, 0x1a, 0x65}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xf4, 0xb6, 0xf0, 0x0f, 0xa4, 0x46, 0x09, 0xdb, 0x22, 0xc1, 0xe0, 0xd7, 0xb1, 0x42, 0x5f, 0xe9, 0x01, 0x98, 0xa1, 0x61, 0xc3, 0xb0, 0x78, 0xb8, 0x8c, 0xc3, 0xfa, 0xe6, 0x32, 0xd6, 0x8f, 0xa9}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x26, 0x29, 0xa6, 0x50, 0xe3, 0xdb, 0x3a, 0xaf, 0xeb, 0x55, 0x9b, 0x26, 0x21, 0xa9, 0xac, 0x4f, 0x60, 0xb1, 0x3a, 0x3b, 0x31, 0x3b, 0x74, 0xea, 0x21, 0x14, 0xc7, 0x68, 0x82, 0x72, 0x62, 0x54}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xcf, 0xf3, 0xea, 0x7a, 0xd8, 0xfd, 0x1d, 0xff, 0x0a, 0x06, 0x43, 0x87, 0xcc, 0xff, 0x32, 0xef, 0x50, 0x1f, 0xe5, 0x25, 0x35, 0xf4, 0xd0, 0x19, 0xfc, 0x49, 0x55, 0x3f, 0x0e, 0xb8, 0xec, 0x10}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x2a, 0xd9, 0x92, 0xd9, 0xf8, 0xc0, 0x7d, 0xc9, 0x76, 0x2e, 0x6a, 0x8b, 0x8e, 0x87, 0x9a, 0x6a, 0x66, 0x1a, 0xbe, 0x9e, 0x5a, 0x3c, 0x02, 0xe7, 0xe5, 0x1f, 0xd7, 0x1a, 0x26, 0x34, 0xcf, 0xdc}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x0d, 0x1f, 0x46, 0x46, 0xcd, 0xd2, 0x71, 0x13, 0xe5, 0xb9, 0xc1, 0x7f, 0xd7, 0x1b, 0x31, 0xcd, 0xaa, 0xc0, 0x0d, 0x42, 0x0b, 0x8d, 0x45, 0x05, 0xce, 0xda, 0xff, 0x50, 0xae, 0x53, 0x3c, 0x57}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x16, 0x72, 0x2d, 0xfe, 0x9b, 0xc8, 0xa7, 0x25, 0x65, 0x9e, 0x04, 0xde, 0xb1, 0x2a, 0x95, 0x9c, 0x27, 0x1d, 0xf5, 0x66, 0xa2, 0x27, 0x91, 0xf7, 0x7e, 0x28, 0x12, 0x37, 0x62, 0x8f, 0x80, 0xb3}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x97, 0x61, 0xc2, 0xdc, 0x01, 0x8c, 0xdb, 0x99, 0xb6, 0x18, 0x45, 0x41, 0x66, 0x00, 0xdb, 0x31, 0x68, 0x43, 0x09, 0x3a, 0x3e, 0x79, 0xf2, 0x56, 0xe7, 0xdc, 0x3a, 0xf4, 0x4b, 0x38, 0xc9, 0xae}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x69, 0x22, 0x42, 0x88, 0x16, 0x8d, 0xaa, 0x5e, 0x51, 0xf5, 0x0a, 0xaa, 0xb4, 0xde, 0x3a, 0xcc, 0xd9, 0xe8, 0xfa, 0x92, 0x16, 0xad, 0x52, 0xe0, 0xfb, 0xb5, 0x9a, 0x1b, 0xa1, 0x10, 0x79, 0xb0}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x1d, 0x50, 0x92, 0xa9, 0xd1, 0x26, 0xe1, 0xd1, 0x4a, 0xba, 0x47, 0x08, 0x64, 0xb8, 0x98, 0x67, 0x0c, 0x9c, 0xf2, 0x8d, 0xd2, 0x04, 0x37, 0xa1, 0x74, 0x15, 0x12, 0x71, 0xad, 0x68, 0x62, 0x87}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x47, 0x90, 0x83, 0x17, 0xa9, 0x98, 0x28, 0x95, 0x8c, 0x41, 0xf1, 0x3b, 0x4e, 0x28, 0x88, 0x0e, 0x82, 0xf6, 0x1e, 0x99, 0x49, 0xaa, 0x3f, 0xbd, 0x49, 0x0d, 0x2b, 0x56, 0x72, 0x68, 0xe5, 0xe1}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x05, 0x38, 0x81, 0xc3, 0xb5, 0xd8, 0x81, 0x77, 0xd3, 0x54, 0xd0, 0x33, 0x4e, 0xb3, 0x86, 0x13, 0xaa, 0x94, 0x66, 0xb5, 0x9a, 0x56, 0xc9, 0x25, 0x8e, 0xbf, 0xa9, 0x13, 0x1b, 0xe3, 0xa3, 0xcb}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe9, 0x07, 0x26, 0xe0, 0xdc, 0xef, 0xf6, 0xc9, 0x70, 0xae, 0xc4, 0x5e, 0xf0, 0xd3, 0xff, 0x8a, 0xef, 0x68, 0xb4, 0xb5, 0x31, 0x21, 0x7c, 0x65, 0x64, 0xb0, 0x82, 0x7d, 0x28, 0x8f, 0x50, 0x67}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0x4c, 0x0e, 0xea, 0x8b, 0x9a, 0x1b, 0x7f, 0x7b, 0x56, 0x1c, 0x41, 0x01, 0xf3, 0x50, 0xbe, 0xa5, 0x50, 0x76, 0xb9, 0x51, 0x80, 0xb6, 0x75, 0x92, 0x9f, 0x03, 0x03, 0x12, 0x43, 0x6f, 0x24, 0xce}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x04, 0x89, 0xa4, 0x8a, 0x85, 0xf0, 0x00, 0xd9, 0xe3, 0xd0, 0xa9, 0xdf, 0x11, 0x13, 0x5f, 0x36, 0xc8, 0x2c, 0xa4, 0x8b, 0xf8, 0xcf, 0xc5, 0x52, 0xe7, 0x29, 0x77, 0x9d, 0x0c, 0x0c, 0xbe, 0xac}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xde, 0xbf, 0xd8, 0xff, 0x66, 0xe0, 0x0b, 0x61, 0xd0, 0x63, 0xc8, 0x23, 0x6e, 0x7f, 0xa5, 0xd5, 0xe5, 0x6d, 0x4b, 0x5a, 0x10, 0xec, 0xf1, 0xb7, 0x30, 0x82, 0x7c, 0xa5, 0x30, 0xcb, 0xd3, 0xb6}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xf5, 0xef, 0x1d, 0x20, 0x44, 0xe1, 0xd9, 0xf6, 0xba, 0x33, 0xe5, 0x5c, 0x6d, 0xcc, 0x62, 0x5f, 0x6f, 0x0b, 0xf8, 0x5e, 0xba, 0x32, 0x47, 0xbd, 0x2b, 0xb8, 0x93, 0xb0, 0x91, 0xee, 0x14, 0xc2}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xbb, 0x5f, 0x91, 0x87, 0xaf, 0x52, 0x97, 0xb3, 0x6b, 0xa9, 0x5d, 0x88, 0xb5, 0xfd, 0x2a, 0x42, 0x79, 0x05, 0xc3, 0xb3, 0x64, 0xd8, 0xd4, 0xdc, 0xa1, 0x99, 0x31, 0xd8, 0xd2, 0xd5, 0xfe, 0x99}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x7a, 0x1f, 0x1d, 0x1f, 0x42, 0x77, 0xaa, 0x84, 0x97, 0xdc, 0x1b, 0x44, 0x36, 0xde, 0x25, 0x8b, 0x92, 0x7f, 0xe2, 0x07, 0xd2, 0xe2, 0x5c, 0x1a, 0x38, 0xb5, 0x4d, 0x68, 0xbd, 0xea, 0xab, 0xc9}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x67, 0x5d, 0x7e, 0xff, 0xa1, 0x22, 0xca, 0xdc, 0xc0, 0xd7, 0xe8, 0x8a, 0x6d, 0x7f, 0x6e, 0x72, 0xe9, 0xcf, 0x73, 0xb4, 0x43, 0x40, 0x08, 0xcc, 0x4e, 0x65, 0x0a, 0x92, 0x63, 0x8b, 0x16, 0x6d}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x4f, 0x85, 0xd0, 0xc6, 0xd6, 0x31, 0x94, 0x59, 0x95, 0x48, 0x64, 0x8c, 0x45, 0x5b, 0x1d, 0x0c, 0x04, 0x4a, 0x9d, 0x3b, 0x20, 0xe6, 0xa9, 0x31, 0x7b, 0x12, 0x17, 0x83, 0x4b, 0x61, 0x97, 0x60}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x23, 0x5d, 0xeb, 0x7a, 0x6f, 0x43, 0xe7, 0xde, 0xb9, 0xda, 0x73, 0x87, 0xa9, 0xf8, 0x2b, 0x81, 0xa2, 0x9c, 0x1d, 0xad, 0x46, 0x54, 0x64, 0xc0, 0x67, 0x7f, 0xe4, 0x5d, 0xdc, 0x52, 0x55, 0xd1}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0xea, 0x9c, 0x3c, 0x07, 0x42, 0x15, 0x22, 0x3a, 0x5c, 0x4f, 0xf2, 0xda, 0x82, 0xd9, 0x27, 0x2c, 0xaa, 0x5d, 0x37, 0xe6, 0x8e, 0xed, 0x99, 0x2f, 0x48, 0x77, 0x96, 0x9a, 0xc4, 0xb9, 0x9f, 0xac}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x58, 0x37, 0xee, 0xdb, 0xcc, 0x73, 0xfc, 0xfd, 0x45, 0xee, 0x91, 0x5e, 0x47, 0x73, 0x21, 0xe8, 0xc6, 0xf5, 0x11, 0x90, 0xc9, 0x62, 0x19, 0xaf, 0x66, 0x0b, 0x4d, 0xb9, 0x5f, 0xdb, 0x3b, 0xf9}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x20, 0xee, 0xb9, 0x1f, 0xd4, 0x0f, 0x0b, 0x69, 0xec, 0x55, 0xe3, 0x99, 0x9d, 0xe7, 0x44, 0x93, 0x97, 0xb5, 0x36, 0xb3, 0xb5, 0xe0, 0x45, 0x18, 0xe0, 0x50, 0x06, 0x4b, 0xf2, 0x56, 0x81, 0x5c}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0xb3, 0x9f, 0xe3, 0xae, 0xfd, 0x76, 0x80, 0x89, 0xe3, 0x43, 0xc0, 0x91, 0x24, 0xed, 0x6c, 0x41, 0x0c, 0x88, 0x37, 0xe9, 0x45, 0xb3, 0x46, 0xaf, 0x84, 0x00, 0x76, 0xec, 0xbc, 0xad, 0x08, 0x8d}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x49, 0xbb, 0x74, 0xd4, 0x4f, 0x75, 0xea, 0x1b, 0xba, 0xba, 0xd0, 0x1c, 0x09, 0xc4, 0xe1, 0xf4, 0x19, 0xac, 0x3f, 0x1b, 0xc4, 0x7f, 0xfb, 0x40, 0x9c, 0x36, 0x16, 0xe3, 0x16, 0x5e, 0x2c, 0xb6}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa6, 0xce, 0xae, 0x5d, 0x47, 0xe9, 0x6c, 0x2a, 0x93, 0x63, 0xbd, 0x0a, 0xc3, 0x83, 0x13, 0x0f, 0xfe, 0x6a, 0x89, 0x33, 0xa6, 0x77, 0xaa, 0x36, 0xd1, 0x26, 0xc6, 0xeb, 0x04, 0x10, 0x36, 0xeb}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0xef, 0x0d, 0xec, 0xad, 0xe5, 0xf6, 0x0c, 0xd2, 0x04, 0x5a, 0xfe, 0xb5, 0x07, 0x08, 0x83, 0x3e, 0x19, 0x91, 0xde, 0xdf, 0xe6, 0xaf, 0x0a, 0x61, 0x60, 0xc7, 0x3c, 0xa9, 0xa6, 0x23, 0xfa, 0x6e}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xa1, 0x19, 0x31, 0x1c, 0x89, 0xa1, 0xa3, 0x4f, 0x12, 0x53, 0x33, 0x84, 0xbf, 0x89, 0x5f, 0x1b, 0x01, 0xaa, 0xa8, 0x01, 0x56, 0x16, 0x36, 0xb9, 0x61, 0x65, 0x5b, 0x9d, 0x68, 0xd4, 0x73, 0x18}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x57, 0xe7, 0x9f, 0x05, 0x25, 0xeb, 0x18, 0xe0, 0x14, 0xc9, 0xb0, 0x5e, 0x9e, 0xb9, 0x6e, 0x8b, 0x5b, 0x1f, 0xb6, 0xb2, 0x0f, 0xf1, 0x14, 0x8f, 0xe0, 0x96, 0x1b, 0xaa, 0xf8, 0xf6, 0x42, 0xc4}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index 2c3373e87..f64b57347 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240725225313-f4e6c910ab1c" + defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240730125857-9d58f8a494a2" ) From ed22f88f7eb8fb530547c5724a065a82241de552 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Thu, 1 Aug 2024 10:34:35 +0200 Subject: [PATCH 184/380] image: update locked rpms (#3275) Co-authored-by: edgelessci --- image/mirror/SHA256SUMS | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/image/mirror/SHA256SUMS b/image/mirror/SHA256SUMS index 23e5a0740..15aa5ec27 100644 --- a/image/mirror/SHA256SUMS +++ b/image/mirror/SHA256SUMS @@ -178,7 +178,7 @@ ad8d041ab07f62567f80e9a751529091f591a542dd91b6473b7cba5749b56d69 libnetfilter_q db4841a294c5ec3759d77f356a05d0c7f852270aa75c900daac4992f12147dd3 libnftnl-1.2.6-5.fc40.x86_64.rpm 0e9b7c72112f58e83d66422eb2d77d346dc0810cdb652906f0d0fcbd9799fc7d libnghttp2-1.59.0-3.fc40.i686.rpm 550160732fc268914a422cfddc3c745febf8da161f8eacbce8649c67117b1476 libnghttp2-1.59.0-3.fc40.x86_64.rpm -7bfd9a41bedcf082dcc40ba2a980115ccdb1a843b9d28912a3bd8d99771f6015 libnl3-3.9.0-3.fc40.x86_64.rpm +13c21b26297876c42723a5557d97ecfada4ab2a79a4e4e771a6a3df29ffd5e47 libnl3-3.10.0-1.fc40.x86_64.rpm fa6dccd7aee4a74a5cfa12c7927c7326485704ebe57c54774b0f157fda639360 libnsl2-2.0.1-1.fc40.x86_64.rpm 9e27ce1072ef67dd8877175f9a7daa1bcddbbcec3fd6f161e6bc2f2b453c360b libnvme-1.8-1.fc40.x86_64.rpm bb9ceaba0d3283777777524e8c99b8eaa2155e9000d8e3ef5d0ece336f8c1392 libpsl-0.21.5-3.fc40.x86_64.rpm @@ -200,7 +200,7 @@ d5e6fc8b4595cccae415bc18b971ea4a4ed64c816e45de5d3f588b78ecf12708 libsepol-3.6-3 c8bbfa2762cc601f8a97d8d5a39a658f0e91ba477ebebd798b30f7fc8ffdd457 libss-1.47.0-5.fc40.x86_64.rpm 977d8b01c7c74afc3cc251e25c73ed070535576cb841bbfccf0c846d97fc5607 libstdc++-14.1.1-7.fc40.x86_64.rpm d92173d6fbfb7e2af3b35a8554229e247666e15dc5b36cba43b7bbfc4144b781 libtasn1-4.19.0-6.fc40.x86_64.rpm -adc082c8d4af5cc81a9de428c39de59717177109aedb4b15888a8ca9d51167ab libtirpc-1.3.4-1.rc3.fc40.x86_64.rpm +c52aa65956ce5076c7036d486ec29d06832461450c77838c7b9e360c701b6ad2 libtirpc-1.3.5-0.fc40.x86_64.rpm e5d150d23f95e4a23288b84145af442607a88bf457c0e04b325b1d1e8e708c2b libtool-ltdl-2.4.7-10.fc40.x86_64.rpm e541a1c8397dccf159b3602eb6bbb381ba21c544db337a3b3bfc49ccc2ef5c21 libunistring-1.1-7.fc40.i686.rpm 58719c2f205b23598e31b72144ab55215947ad8fca96af46a641288692c159d2 libunistring-1.1-7.fc40.x86_64.rpm @@ -261,7 +261,7 @@ f796a31cad58f4ebea8787020868581d9a721297ee0ef6a7c63a7f8444f60c17 pcsc-lite-libs 5443db8875acc0c1c436dbe1ed62b776543e049b8d9c7e33198379d367814093 pigz-2.8-4.fc40.x86_64.rpm cb7c5036f1d25c696de23a6670cb64caec9945116fb0c9a93555414746ecf253 pinentry-1.3.0-2.fc40.x86_64.rpm bbb4abafa9f7664e21350b56d49af2c928288e6d4dd68c304c4ab5d45b2c8ad7 pkcs11-provider-0.3-2.fc40.x86_64.rpm -4bb0400e33de59ad4bcec35e5c4e58e71308b3247caf9e821dae7e89f2e43609 podman-5.1.1-1.fc40.x86_64.rpm +d011839058e0ab6e132b6ae01015f9a66490e4be94ed2e9dde1fa0d6c4b7e83c podman-5.1.2-1.fc40.x86_64.rpm fc0270713aefd482937adc4d6905f806760ea54c70379cb675be521251e5a177 policycoreutils-3.6-3.fc40.x86_64.rpm 30a4f9d3631aaa1280c93ce4305847a9773973aa312e1802d1cd676cb2421689 polkit-124-2.fc40.x86_64.rpm f47bc65177a8b160916c00df9c84442afa1dd353880b3c0503d5a0b052d4956c polkit-libs-124-2.fc40.x86_64.rpm @@ -303,7 +303,7 @@ dacd59edbe4744fd9f6823d672e01eff89f871e88537554f16c0a275a17d04e9 readline-8.2-8 c48c149f4aebfe44d649eea6f7a8eaa229dc8db71ff70b66c7403aa9bd072820 rpm-libs-4.19.1.1-1.fc40.x86_64.rpm 7bebda41ea91faf8cf8911a403c051eb59d444e60f8091d14d10987b713f39ff rpm-plugin-audit-4.19.1.1-1.fc40.x86_64.rpm d400a4e4440bea56566fb1e9582d86d1ac2e07745d37fa6e71f43a8fea05217c rpm-plugin-selinux-4.19.1.1-1.fc40.x86_64.rpm -516c91108f0cb904578e2aaa8b3968d66f1361d8713e2c7810f4b0ceaa426545 rpm-sequoia-1.6.0-3.fc40.x86_64.rpm +9015e31297a54b708071d347b7877d885a2a97c3b18a89fa31f1481b6406eb06 rpm-sequoia-1.7.0-1.fc40.x86_64.rpm 63af9d11e956f54577a54460afda4377d78fdb9e265b1eae3f0f7a6f94f70146 runc-1.1.12-3.fc40.x86_64.rpm 3b940ff1f16fdb3ddcc19d7d76241c9b81d81099ff5147c4c9967d2c4ca6fb5b sbsigntools-0.9.5-3.fc40.x86_64.rpm 6a21b2c132a54fd6d9acb846d0a96289ab739b745cdc4c2b31bdbf6b2434a1a7 sed-4.9-1.fc40.x86_64.rpm @@ -314,16 +314,16 @@ d400a4e4440bea56566fb1e9582d86d1ac2e07745d37fa6e71f43a8fea05217c rpm-plugin-sel 0c1072b40e5fe451e7d2bc1a7530e743303591c3d26bce0ac2e09ff05b50ae26 shadow-utils-subid-4.15.1-3.fc40.x86_64.rpm 67eede27af5b4773eb2f7ac794df694be030310d40bce462864c05b8f65c87c3 socat-1.8.0.0-2.fc40.x86_64.rpm a1e23ae521e93ab19d3df77889a6a418c3432025e4880cfd893e40f7165876a7 sqlite-libs-3.45.1-2.fc40.x86_64.rpm -6fdb168f03a136dd5fb8546cc9f6ce4fcfc4cbf5b9122be1fdf6cb1aaa553ac2 systemd-255.8-1.fc40.i686.rpm -c4f64434fbb247012de092cbb878aff57d09600215cb1211811464b2fd6f4d6b systemd-255.8-1.fc40.x86_64.rpm -6b5670f700d3a7e3390985f7305f016df4a624ba5f217ea04275e02899b3c768 systemd-boot-unsigned-255.8-1.fc40.x86_64.rpm -23c1b6c7dcf354afcd8f3281061702ade8b8bbfce71e8a2bebcb0fe63a8e2c61 systemd-libs-255.8-1.fc40.i686.rpm -3a9ec34f3d9df87228def7d6640d6d22b3e96aade7c8e919a70a98ed1a8beac2 systemd-libs-255.8-1.fc40.x86_64.rpm -7abd00b55fa14f59d46fe88284f254d1a59604859b3ae9d9854d94e282b22e32 systemd-networkd-255.8-1.fc40.x86_64.rpm -d431e827886f7d13623ed6d687f36e2f1c4a2a1ccf0b20e22fb9ee8559fa18f1 systemd-pam-255.8-1.fc40.i686.rpm -c447f929c01d7b9ff9bcd78da741440ddb8dfbc73dda4b030474090f9f3383c9 systemd-pam-255.8-1.fc40.x86_64.rpm -86eae6a042efc01db9160414d291fd6d7867b9136d794665fbeff25481e8e634 systemd-resolved-255.8-1.fc40.x86_64.rpm -c51d2572313516a8b1f9cf61ca1c6694df7f5e1bfa14f5b4e8c23ca85d2515e9 systemd-udev-255.8-1.fc40.x86_64.rpm +d55b9e8a99eb2d7128c59ad7f62d45007516be97cda9c79fa0c725d34d5da51f systemd-255.10-1.fc40.i686.rpm +37e05e9899b60553ec281887c4707a9000820c48860fe14ad7bdb3051c8a3b25 systemd-255.10-1.fc40.x86_64.rpm +dd46220094beb50b710e862f63fac2b51647fb523de4fb376f8265a10e664d9b systemd-boot-unsigned-255.10-1.fc40.x86_64.rpm +e9a90d6abf803726d3a6deda7a1df69213e179f0f92f66855398dc82f322074b systemd-libs-255.10-1.fc40.i686.rpm +a3be6d4d55d392a758fecf2abae850448491a8195259b66fb9753511f0e89d27 systemd-libs-255.10-1.fc40.x86_64.rpm +f85947f1ceac21bb13518017eb4230e5f714d8a575b1dcc5fcbd13d79666f75e systemd-networkd-255.10-1.fc40.x86_64.rpm +06dd0f4717ab0b45fbb230a67ea7693f8d7ea7a288f5d2ae41204a12e39d7232 systemd-pam-255.10-1.fc40.i686.rpm +fa58c54bd2939922e9ca8d1355b24fa17e43b540d851169d49659db8f311e1f4 systemd-pam-255.10-1.fc40.x86_64.rpm +ee1e2c7fb798aa9750e7aeccd3bfcc84f475c01360d74f3c374c97a75838cc0c systemd-resolved-255.10-1.fc40.x86_64.rpm +cb065e5a3ffbc6f3eca8d18b73d7e2c759089fa003efa79bd44f86127f246fb7 systemd-udev-255.10-1.fc40.x86_64.rpm 65819c502727dc293a71a74b9a5f6b0ba781f12a99c5d5535085f168e5eac56e tar-1.35-3.fc40.x86_64.rpm 0478e12152cc3432a31dfca5ddbc80966800af437c6d7c0b26be307d5e1272e7 tpm2-tools-5.7-1.fc40.x86_64.rpm c3be8a6d0ea23b1d0bf466b19857b97f7ffde811ad7adec0599161059d84cc74 tpm2-tss-4.1.3-1.fc40.x86_64.rpm From 92b9d5ab20c9b60b2981637ce7f6b567fed3db7e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 1 Aug 2024 10:34:44 +0200 Subject: [PATCH 185/380] deps: update GitHub action dependencies (#3278) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/actions/container_registry_login/action.yml | 2 +- .github/workflows/codeql.yml | 4 ++-- .github/workflows/draft-release.yml | 4 ++-- .github/workflows/scorecard.yml | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/actions/container_registry_login/action.yml b/.github/actions/container_registry_login/action.yml index 6f7942331..1c0e5d50f 100644 --- a/.github/actions/container_registry_login/action.yml +++ b/.github/actions/container_registry_login/action.yml @@ -17,7 +17,7 @@ runs: steps: - name: Use docker for logging in if: runner.os != 'macOS' - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ${{ inputs.registry }} username: ${{ inputs.username }} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 480f17d0c..ff70af4bf 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -44,7 +44,7 @@ jobs: cache: false - name: Initialize CodeQL - uses: github/codeql-action/init@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 + uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 with: languages: ${{ matrix.language }} @@ -63,6 +63,6 @@ jobs: echo "::endgroup::" - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 + uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 with: category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/draft-release.yml b/.github/workflows/draft-release.yml index 6906b8404..b037e7af0 100644 --- a/.github/workflows/draft-release.yml +++ b/.github/workflows/draft-release.yml @@ -472,7 +472,7 @@ jobs: - name: Create release with artifacts id: create-release # GitHub endorsed release project. See: https://github.com/actions/create-release - uses: softprops/action-gh-release@fb2d03176f42a1f0dd433ca263f314051d3edd44 # v2.0.7 + uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8 with: draft: true generate_release_notes: true @@ -487,7 +487,7 @@ jobs: terraform-module.zip - name: Create Terraform provider release with artifcats - uses: softprops/action-gh-release@fb2d03176f42a1f0dd433ca263f314051d3edd44 # v2.0.7 + uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8 with: draft: true generate_release_notes: false diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 0145ed124..ac48a3012 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -23,7 +23,7 @@ jobs: persist-credentials: false - name: Run analysis - uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 + uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 with: results_file: results.sarif results_format: sarif @@ -37,6 +37,6 @@ jobs: retention-days: 5 - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 + uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 with: sarif_file: results.sarif From 61bb7c2c265e8e6e3a0072ff94ade68745211fae Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 1 Aug 2024 11:28:15 +0200 Subject: [PATCH 186/380] deps: update module github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 to v6 (#3279) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Daniel Weiße --- MODULE.bazel | 2 +- go.mod | 6 +++--- go.sum | 18 ++++++++---------- internal/api/versionsapi/cli/BUILD.bazel | 2 +- internal/api/versionsapi/cli/rm.go | 2 +- internal/cloud/azure/BUILD.bazel | 4 ++-- internal/cloud/azure/azure.go | 2 +- internal/cloud/azure/azure_test.go | 2 +- internal/cloud/azure/interface.go | 2 +- .../internal/cloud/azure/client/BUILD.bazel | 4 ++-- .../internal/cloud/azure/client/api.go | 2 +- .../internal/cloud/azure/client/client.go | 2 +- .../internal/cloud/azure/client/client_test.go | 2 +- .../cloud/azure/client/instanceview.go | 2 +- .../cloud/azure/client/instanceview_test.go | 2 +- .../internal/cloud/azure/client/nodeimage.go | 2 +- .../cloud/azure/client/nodeimage_test.go | 2 +- .../cloud/azure/client/pendingnode_test.go | 2 +- .../cloud/azure/client/scalinggroup.go | 2 +- .../cloud/azure/client/scalinggroup_test.go | 2 +- 20 files changed, 31 insertions(+), 33 deletions(-) diff --git a/MODULE.bazel b/MODULE.bazel index 2c8f02e1a..29abdc1da 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -43,7 +43,7 @@ use_repo( "com_github_azure_azure_sdk_for_go", "com_github_azure_azure_sdk_for_go_sdk_azcore", "com_github_azure_azure_sdk_for_go_sdk_azidentity", - "com_github_azure_azure_sdk_for_go_sdk_resourcemanager_compute_armcompute_v5", + "com_github_azure_azure_sdk_for_go_sdk_resourcemanager_compute_armcompute_v6", "com_github_azure_azure_sdk_for_go_sdk_resourcemanager_network_armnetwork_v5", "com_github_azure_azure_sdk_for_go_sdk_security_keyvault_azsecrets", "com_github_azure_azure_sdk_for_go_sdk_storage_azblob", diff --git a/go.mod b/go.mod index 306cc03d6..4915f4cbe 100644 --- a/go.mod +++ b/go.mod @@ -33,9 +33,9 @@ require ( cloud.google.com/go/storage v1.43.0 dario.cat/mergo v1.0.0 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 - github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.7.0 + github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6 v6.0.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5 v5.2.0 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0 github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.3.2 @@ -147,7 +147,7 @@ require ( cloud.google.com/go/iam v1.1.10 // indirect cloud.google.com/go/longrunning v0.5.9 // indirect github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect - github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 // indirect diff --git a/go.sum b/go.sum index a3bbcbbe7..d1b131863 100644 --- a/go.sum +++ b/go.sum @@ -41,22 +41,20 @@ github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230919221257-8b5d3ce2d11d h1:zjq github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230919221257-8b5d3ce2d11d/go.mod h1:XNqJ7hv2kY++g8XEHREpi+JqZo3+0l+CH2egBVN4yqM= github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU= github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 h1:1nGuui+4POelzDwI7RG56yfQJHCnKvwfMoU7VsEp+Zg= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0/go.mod h1:99EvauvlcJ1U06amZiksfYz/3aFGyIhWGHVyiZXtBAI= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 h1:GJHeeA2N7xrG3q30L2UXDyuWRzDM900/65j70wcM4Ww= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0/go.mod h1:l38EPgmsp71HHLq9j7De57JcKOWPyhrsW1Awm1JS6K0= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH5sE0o6eCJuNDTmH09nDpbc= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 h1:H+U3Gk9zY56G3u872L82bk4thcsy2Gghb9ExT4Zvm1o= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0/go.mod h1:mgrmMSgaLp9hmax62XQTd0N4aAqSE5E0DulSpVYK7vc= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY= github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0 h1:m/sWOGCREuSBqg2htVQTBY8nOZpyajYztF0vUvSZTuM= github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0/go.mod h1:Pu5Zksi2KrU7LPbZbNINx6fuVrUp/ffvpxdDj+i8LeE= github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 h1:FbH3BbSb4bvGluTesZZ+ttN/MDsnMmQP36OSnDuSXqw= github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1/go.mod h1:9V2j0jn9jDEkCkv8w/bKTNppX/d0FVA1ud77xCIP4KA= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.7.0 h1:LkHbJbgF3YyvC53aqYGR+wWQDn2Rdp9AQdGndf9QvY4= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.7.0/go.mod h1:QyiQdW4f4/BIfB8ZutZ2s+28RAgfa/pT+zS++ZHyM1I= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0 h1:PTFGRSlMKCQelWwxUyYVEUqseBJVemLyqWJjvMyt0do= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v2 v2.0.0/go.mod h1:LRr2FzBTQlONPPa5HREE5+RjSCTXl7BwOvYOaWTqCaI= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v3 v3.0.0 h1:Kb8eVvjdP6kZqYnER5w/PiGCFp91yVgaxve3d7kCEpY= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v3 v3.0.0/go.mod h1:lYq15QkJyEsNegz5EhI/0SXQ6spvGfgwBH/Qyzkoc/s= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6 v6.0.0 h1:ubTqH0Sqcc7KgjHGKstw446zi7SurSXESKgd4hJea7w= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6 v6.0.0/go.mod h1:zflC9v4VfViJrSvcvplqws/yGXVbUEMZi/iHpZdSPWA= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v3 v3.1.0 h1:2qsIIvxVT+uE6yrNldntJKlLRgxGbZ85kgtz5SNBhMw= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v3 v3.1.0/go.mod h1:AW8VEadnhw9xox+VaVd9sP7NjzOAnaZBLRH6Tq3cJ38= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5 v5.2.0 h1:qBlqTo40ARdI7Pmq+enBiTnejZk2BF+PHgktgG8k3r8= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5 v5.2.0/go.mod h1:UmyOatRyQodVpp55Jr5WJmnkmVW4wKfo85uHFmMEjfM= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 h1:Dd+RhdJn0OTtVGaeDLZpcumkIVCtA/3/Fo42+eoYvVM= diff --git a/internal/api/versionsapi/cli/BUILD.bazel b/internal/api/versionsapi/cli/BUILD.bazel index 411c68f38..cc720acb4 100644 --- a/internal/api/versionsapi/cli/BUILD.bazel +++ b/internal/api/versionsapi/cli/BUILD.bazel @@ -21,7 +21,7 @@ go_library( "@com_github_aws_smithy_go//:smithy-go", "@com_github_azure_azure_sdk_for_go_sdk_azcore//runtime", "@com_github_azure_azure_sdk_for_go_sdk_azidentity//:azidentity", - "@com_github_azure_azure_sdk_for_go_sdk_resourcemanager_compute_armcompute_v5//:armcompute", + "@com_github_azure_azure_sdk_for_go_sdk_resourcemanager_compute_armcompute_v6//:armcompute", "@com_github_googleapis_gax_go_v2//:gax-go", "@com_github_spf13_cobra//:cobra", "@com_google_cloud_go_compute//apiv1", diff --git a/internal/api/versionsapi/cli/rm.go b/internal/api/versionsapi/cli/rm.go index b5e90bb58..d25ff59a1 100644 --- a/internal/api/versionsapi/cli/rm.go +++ b/internal/api/versionsapi/cli/rm.go @@ -21,7 +21,7 @@ import ( "cloud.google.com/go/compute/apiv1/computepb" "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - armcomputev5 "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5" + armcomputev5 "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6" awsconfig "github.com/aws/aws-sdk-go-v2/config" "github.com/aws/aws-sdk-go-v2/service/ec2" "github.com/aws/smithy-go" diff --git a/internal/cloud/azure/BUILD.bazel b/internal/cloud/azure/BUILD.bazel index d157af807..e43a99b6d 100644 --- a/internal/cloud/azure/BUILD.bazel +++ b/internal/cloud/azure/BUILD.bazel @@ -20,7 +20,7 @@ go_library( "//internal/role", "@com_github_azure_azure_sdk_for_go_sdk_azcore//runtime", "@com_github_azure_azure_sdk_for_go_sdk_azidentity//:azidentity", - "@com_github_azure_azure_sdk_for_go_sdk_resourcemanager_compute_armcompute_v5//:armcompute", + "@com_github_azure_azure_sdk_for_go_sdk_resourcemanager_compute_armcompute_v6//:armcompute", "@com_github_azure_azure_sdk_for_go_sdk_resourcemanager_network_armnetwork_v5//:armnetwork", ] + select({ "@io_bazel_rules_go//go/platform:android": [ @@ -48,7 +48,7 @@ go_test( "//internal/role", "@com_github_azure_azure_sdk_for_go_sdk_azcore//runtime", "@com_github_azure_azure_sdk_for_go_sdk_azcore//to", - "@com_github_azure_azure_sdk_for_go_sdk_resourcemanager_compute_armcompute_v5//:armcompute", + "@com_github_azure_azure_sdk_for_go_sdk_resourcemanager_compute_armcompute_v6//:armcompute", "@com_github_azure_azure_sdk_for_go_sdk_resourcemanager_network_armnetwork_v5//:armnetwork", "@com_github_stretchr_testify//assert", "@com_github_stretchr_testify//require", diff --git a/internal/cloud/azure/azure.go b/internal/cloud/azure/azure.go index 85f718026..f507a9c83 100644 --- a/internal/cloud/azure/azure.go +++ b/internal/cloud/azure/azure.go @@ -23,7 +23,7 @@ import ( "strconv" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5" "github.com/edgelesssys/constellation/v2/internal/cloud" "github.com/edgelesssys/constellation/v2/internal/cloud/azureshared" diff --git a/internal/cloud/azure/azure_test.go b/internal/cloud/azure/azure_test.go index f364f3f2f..67446a1ac 100644 --- a/internal/cloud/azure/azure_test.go +++ b/internal/cloud/azure/azure_test.go @@ -13,7 +13,7 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5" "github.com/edgelesssys/constellation/v2/internal/cloud" "github.com/edgelesssys/constellation/v2/internal/cloud/metadata" diff --git a/internal/cloud/azure/interface.go b/internal/cloud/azure/interface.go index fc61e09b2..d85006deb 100644 --- a/internal/cloud/azure/interface.go +++ b/internal/cloud/azure/interface.go @@ -10,7 +10,7 @@ import ( "context" "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5" ) diff --git a/operators/constellation-node-operator/internal/cloud/azure/client/BUILD.bazel b/operators/constellation-node-operator/internal/cloud/azure/client/BUILD.bazel index 2c763b1e2..ee7e27d79 100644 --- a/operators/constellation-node-operator/internal/cloud/azure/client/BUILD.bazel +++ b/operators/constellation-node-operator/internal/cloud/azure/client/BUILD.bazel @@ -27,7 +27,7 @@ go_library( "@com_github_azure_azure_sdk_for_go_sdk_azcore//runtime", "@com_github_azure_azure_sdk_for_go_sdk_azcore//to", "@com_github_azure_azure_sdk_for_go_sdk_azidentity//:azidentity", - "@com_github_azure_azure_sdk_for_go_sdk_resourcemanager_compute_armcompute_v5//:armcompute", + "@com_github_azure_azure_sdk_for_go_sdk_resourcemanager_compute_armcompute_v6//:armcompute", "@com_github_spf13_afero//:afero", ], ) @@ -53,7 +53,7 @@ go_test( "@com_github_azure_azure_sdk_for_go_sdk_azcore//:azcore", "@com_github_azure_azure_sdk_for_go_sdk_azcore//runtime", "@com_github_azure_azure_sdk_for_go_sdk_azcore//to", - "@com_github_azure_azure_sdk_for_go_sdk_resourcemanager_compute_armcompute_v5//:armcompute", + "@com_github_azure_azure_sdk_for_go_sdk_resourcemanager_compute_armcompute_v6//:armcompute", "@com_github_spf13_afero//:afero", "@com_github_stretchr_testify//assert", "@com_github_stretchr_testify//require", diff --git a/operators/constellation-node-operator/internal/cloud/azure/client/api.go b/operators/constellation-node-operator/internal/cloud/azure/client/api.go index 6f77a9929..33a4369a7 100644 --- a/operators/constellation-node-operator/internal/cloud/azure/client/api.go +++ b/operators/constellation-node-operator/internal/cloud/azure/client/api.go @@ -10,7 +10,7 @@ import ( "context" "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6" "github.com/edgelesssys/constellation/v2/operators/constellation-node-operator/internal/poller" ) diff --git a/operators/constellation-node-operator/internal/cloud/azure/client/client.go b/operators/constellation-node-operator/internal/cloud/azure/client/client.go index af78fee88..2e767a9f7 100644 --- a/operators/constellation-node-operator/internal/cloud/azure/client/client.go +++ b/operators/constellation-node-operator/internal/cloud/azure/client/client.go @@ -8,7 +8,7 @@ package client import ( "github.com/Azure/azure-sdk-for-go/sdk/azidentity" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6" "github.com/edgelesssys/constellation/v2/operators/constellation-node-operator/internal/poller" "github.com/spf13/afero" ) diff --git a/operators/constellation-node-operator/internal/cloud/azure/client/client_test.go b/operators/constellation-node-operator/internal/cloud/azure/client/client_test.go index f798d2be8..e63904b2c 100644 --- a/operators/constellation-node-operator/internal/cloud/azure/client/client_test.go +++ b/operators/constellation-node-operator/internal/cloud/azure/client/client_test.go @@ -11,7 +11,7 @@ import ( "net/http" "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6" ) type stubScaleSetsAPI struct { diff --git a/operators/constellation-node-operator/internal/cloud/azure/client/instanceview.go b/operators/constellation-node-operator/internal/cloud/azure/client/instanceview.go index e55ab21c6..da38b1aef 100644 --- a/operators/constellation-node-operator/internal/cloud/azure/client/instanceview.go +++ b/operators/constellation-node-operator/internal/cloud/azure/client/instanceview.go @@ -7,7 +7,7 @@ SPDX-License-Identifier: AGPL-3.0-only package client import ( - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6" updatev1alpha1 "github.com/edgelesssys/constellation/v2/operators/constellation-node-operator/api/v1alpha1" ) diff --git a/operators/constellation-node-operator/internal/cloud/azure/client/instanceview_test.go b/operators/constellation-node-operator/internal/cloud/azure/client/instanceview_test.go index 26737e6cc..16ece38f7 100644 --- a/operators/constellation-node-operator/internal/cloud/azure/client/instanceview_test.go +++ b/operators/constellation-node-operator/internal/cloud/azure/client/instanceview_test.go @@ -10,7 +10,7 @@ import ( "testing" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6" "github.com/stretchr/testify/assert" updatev1alpha1 "github.com/edgelesssys/constellation/v2/operators/constellation-node-operator/api/v1alpha1" diff --git a/operators/constellation-node-operator/internal/cloud/azure/client/nodeimage.go b/operators/constellation-node-operator/internal/cloud/azure/client/nodeimage.go index 0af5c5885..8b4d438a1 100644 --- a/operators/constellation-node-operator/internal/cloud/azure/client/nodeimage.go +++ b/operators/constellation-node-operator/internal/cloud/azure/client/nodeimage.go @@ -11,7 +11,7 @@ import ( "fmt" "strings" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6" "github.com/edgelesssys/constellation/v2/internal/mpimage" ) diff --git a/operators/constellation-node-operator/internal/cloud/azure/client/nodeimage_test.go b/operators/constellation-node-operator/internal/cloud/azure/client/nodeimage_test.go index 135859602..866cf535f 100644 --- a/operators/constellation-node-operator/internal/cloud/azure/client/nodeimage_test.go +++ b/operators/constellation-node-operator/internal/cloud/azure/client/nodeimage_test.go @@ -13,7 +13,7 @@ import ( "testing" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6" "github.com/edgelesssys/constellation/v2/operators/constellation-node-operator/internal/poller" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/operators/constellation-node-operator/internal/cloud/azure/client/pendingnode_test.go b/operators/constellation-node-operator/internal/cloud/azure/client/pendingnode_test.go index aeda7edad..7c12ed749 100644 --- a/operators/constellation-node-operator/internal/cloud/azure/client/pendingnode_test.go +++ b/operators/constellation-node-operator/internal/cloud/azure/client/pendingnode_test.go @@ -14,7 +14,7 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azcore" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6" updatev1alpha1 "github.com/edgelesssys/constellation/v2/operators/constellation-node-operator/api/v1alpha1" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/operators/constellation-node-operator/internal/cloud/azure/client/scalinggroup.go b/operators/constellation-node-operator/internal/cloud/azure/client/scalinggroup.go index 26c682c64..470bb2d90 100644 --- a/operators/constellation-node-operator/internal/cloud/azure/client/scalinggroup.go +++ b/operators/constellation-node-operator/internal/cloud/azure/client/scalinggroup.go @@ -12,7 +12,7 @@ import ( "strings" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6" "github.com/edgelesssys/constellation/v2/internal/constants" "github.com/edgelesssys/constellation/v2/internal/mpimage" updatev1alpha1 "github.com/edgelesssys/constellation/v2/operators/constellation-node-operator/api/v1alpha1" diff --git a/operators/constellation-node-operator/internal/cloud/azure/client/scalinggroup_test.go b/operators/constellation-node-operator/internal/cloud/azure/client/scalinggroup_test.go index 11b65da0f..1f9e1516d 100644 --- a/operators/constellation-node-operator/internal/cloud/azure/client/scalinggroup_test.go +++ b/operators/constellation-node-operator/internal/cloud/azure/client/scalinggroup_test.go @@ -12,7 +12,7 @@ import ( "testing" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6" "github.com/edgelesssys/constellation/v2/internal/constants" cspapi "github.com/edgelesssys/constellation/v2/operators/constellation-node-operator/internal/cloud/api" "github.com/stretchr/testify/assert" From 211670f89d457bf8024ea84ae13f1b2d987e5a9d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 1 Aug 2024 12:46:03 +0200 Subject: [PATCH 187/380] deps: update module github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5 to v6 (#3280) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Daniel Weiße --- MODULE.bazel | 2 +- go.mod | 2 +- go.sum | 4 ++-- internal/cloud/azure/BUILD.bazel | 4 ++-- internal/cloud/azure/azure.go | 2 +- internal/cloud/azure/azure_test.go | 2 +- internal/cloud/azure/interface.go | 2 +- 7 files changed, 9 insertions(+), 9 deletions(-) diff --git a/MODULE.bazel b/MODULE.bazel index 29abdc1da..87b28bc07 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -44,7 +44,7 @@ use_repo( "com_github_azure_azure_sdk_for_go_sdk_azcore", "com_github_azure_azure_sdk_for_go_sdk_azidentity", "com_github_azure_azure_sdk_for_go_sdk_resourcemanager_compute_armcompute_v6", - "com_github_azure_azure_sdk_for_go_sdk_resourcemanager_network_armnetwork_v5", + "com_github_azure_azure_sdk_for_go_sdk_resourcemanager_network_armnetwork_v6", "com_github_azure_azure_sdk_for_go_sdk_security_keyvault_azsecrets", "com_github_azure_azure_sdk_for_go_sdk_storage_azblob", "com_github_bazelbuild_buildtools", diff --git a/go.mod b/go.mod index 4915f4cbe..9443d5fc4 100644 --- a/go.mod +++ b/go.mod @@ -36,7 +36,7 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6 v6.0.0 - github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5 v5.2.0 + github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6 v6.0.0 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0 github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.3.2 github.com/BurntSushi/toml v1.4.0 diff --git a/go.sum b/go.sum index d1b131863..215298ae5 100644 --- a/go.sum +++ b/go.sum @@ -55,8 +55,8 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6 v6.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6 v6.0.0/go.mod h1:zflC9v4VfViJrSvcvplqws/yGXVbUEMZi/iHpZdSPWA= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v3 v3.1.0 h1:2qsIIvxVT+uE6yrNldntJKlLRgxGbZ85kgtz5SNBhMw= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v3 v3.1.0/go.mod h1:AW8VEadnhw9xox+VaVd9sP7NjzOAnaZBLRH6Tq3cJ38= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5 v5.2.0 h1:qBlqTo40ARdI7Pmq+enBiTnejZk2BF+PHgktgG8k3r8= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5 v5.2.0/go.mod h1:UmyOatRyQodVpp55Jr5WJmnkmVW4wKfo85uHFmMEjfM= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6 v6.0.0 h1:6gbgo57khn0HUCcozxGgDodl7HPH0wr9x3QPt1uJSMM= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6 v6.0.0/go.mod h1:ulHyBFJOI0ONiRL4vcJTmS7rx18jQQlEPmAgo80cRdM= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 h1:Dd+RhdJn0OTtVGaeDLZpcumkIVCtA/3/Fo42+eoYvVM= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0/go.mod h1:5kakwfW5CjC9KK+Q4wjXAg+ShuIm2mBMua0ZFj2C8PE= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.5.0 h1:AifHbc4mg0x9zW52WOpKbsHaDKuRhlI7TVl47thgQ70= diff --git a/internal/cloud/azure/BUILD.bazel b/internal/cloud/azure/BUILD.bazel index e43a99b6d..e91e22cb3 100644 --- a/internal/cloud/azure/BUILD.bazel +++ b/internal/cloud/azure/BUILD.bazel @@ -21,7 +21,7 @@ go_library( "@com_github_azure_azure_sdk_for_go_sdk_azcore//runtime", "@com_github_azure_azure_sdk_for_go_sdk_azidentity//:azidentity", "@com_github_azure_azure_sdk_for_go_sdk_resourcemanager_compute_armcompute_v6//:armcompute", - "@com_github_azure_azure_sdk_for_go_sdk_resourcemanager_network_armnetwork_v5//:armnetwork", + "@com_github_azure_azure_sdk_for_go_sdk_resourcemanager_network_armnetwork_v6//:armnetwork", ] + select({ "@io_bazel_rules_go//go/platform:android": [ "@io_k8s_kubernetes//pkg/util/iptables", @@ -49,7 +49,7 @@ go_test( "@com_github_azure_azure_sdk_for_go_sdk_azcore//runtime", "@com_github_azure_azure_sdk_for_go_sdk_azcore//to", "@com_github_azure_azure_sdk_for_go_sdk_resourcemanager_compute_armcompute_v6//:armcompute", - "@com_github_azure_azure_sdk_for_go_sdk_resourcemanager_network_armnetwork_v5//:armnetwork", + "@com_github_azure_azure_sdk_for_go_sdk_resourcemanager_network_armnetwork_v6//:armnetwork", "@com_github_stretchr_testify//assert", "@com_github_stretchr_testify//require", "@org_golang_google_grpc//test/bufconn", diff --git a/internal/cloud/azure/azure.go b/internal/cloud/azure/azure.go index f507a9c83..e0ee19750 100644 --- a/internal/cloud/azure/azure.go +++ b/internal/cloud/azure/azure.go @@ -24,7 +24,7 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6" "github.com/edgelesssys/constellation/v2/internal/cloud" "github.com/edgelesssys/constellation/v2/internal/cloud/azureshared" "github.com/edgelesssys/constellation/v2/internal/cloud/metadata" diff --git a/internal/cloud/azure/azure_test.go b/internal/cloud/azure/azure_test.go index 67446a1ac..2b1daaab7 100644 --- a/internal/cloud/azure/azure_test.go +++ b/internal/cloud/azure/azure_test.go @@ -14,7 +14,7 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6" "github.com/edgelesssys/constellation/v2/internal/cloud" "github.com/edgelesssys/constellation/v2/internal/cloud/metadata" "github.com/edgelesssys/constellation/v2/internal/role" diff --git a/internal/cloud/azure/interface.go b/internal/cloud/azure/interface.go index d85006deb..e2b44ad6d 100644 --- a/internal/cloud/azure/interface.go +++ b/internal/cloud/azure/interface.go @@ -11,7 +11,7 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azcore/runtime" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6" - "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5" + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6" ) type imdsAPI interface { From 302a5191987fc3d156cb396f476710c50800d21c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Thu, 1 Aug 2024 12:46:32 +0200 Subject: [PATCH 188/380] renovate: group non-core bazel dependency updates (#3281) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- renovate.json5 | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/renovate.json5 b/renovate.json5 index 496f78826..e469e29da 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -79,6 +79,28 @@ "matchDepNames": ["bazel", "io_bazel_rules_go", "bazel_gazelle", "rules_go", "gazelle"], "groupName": "bazel (core)", }, + { + "matchManagers": ["bazel"], + "matchDepNames": [ + "!bazel", + "!io_bazel_rules_go", + "!bazel_gazelle", + "!rules_go", + "!gazelle", + ] + "groupName": "bazel (plugins)", + }, + { + "matchManagers": ["bazel-module"], + "matchDepNames": [ + "!bazel", + "!io_bazel_rules_go", + "!bazel_gazelle", + "!rules_go", + "!gazelle", + ] + "groupName": "bazel (modules)", + }, { "matchDatasources": ["golang-version"], "allowedVersions": "1.22", From 5a577728fd2333c69f86ccc68f3f80523d560cd2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Thu, 1 Aug 2024 13:52:59 +0200 Subject: [PATCH 189/380] renovate: fix missing comma in renovate config (#3283) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- renovate.json5 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/renovate.json5 b/renovate.json5 index e469e29da..479c4be07 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -87,7 +87,7 @@ "!bazel_gazelle", "!rules_go", "!gazelle", - ] + ], "groupName": "bazel (plugins)", }, { @@ -98,7 +98,7 @@ "!bazel_gazelle", "!rules_go", "!gazelle", - ] + ], "groupName": "bazel (modules)", }, { From e3077aa80f7d21a6e3082ad6593d8c2051d61acc Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Fri, 2 Aug 2024 08:34:08 +0200 Subject: [PATCH 190/380] image: update measurements and image version (#3284) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index 514230f9a..b4b0ec24a 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x9a, 0xae, 0x5f, 0xe6, 0x13, 0xd3, 0xd6, 0xf4, 0xa0, 0xac, 0x1c, 0x37, 0xa6, 0x9b, 0xc4, 0x82, 0x9c, 0x67, 0xaa, 0xcf, 0xf6, 0x25, 0xda, 0xa4, 0xc2, 0x17, 0x28, 0xe0, 0x1d, 0xdd, 0x5c, 0x4b}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb5, 0x9c, 0xc1, 0x46, 0x26, 0x33, 0x7e, 0x57, 0x3c, 0x1a, 0x9d, 0xfa, 0xd8, 0xde, 0x0a, 0x9e, 0x41, 0x7c, 0xd6, 0xb1, 0x6a, 0x21, 0x6c, 0x8a, 0xbf, 0x05, 0xc6, 0xba, 0xb5, 0xb9, 0x64, 0xba}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xb7, 0x39, 0xfb, 0xde, 0xcd, 0x2d, 0x0e, 0x96, 0x6f, 0x9c, 0x95, 0xf2, 0xed, 0x3a, 0xb1, 0x92, 0xc7, 0x3e, 0xe3, 0x9b, 0x1a, 0x19, 0xd7, 0x4d, 0x3a, 0x87, 0x13, 0x92, 0x46, 0xb8, 0xba, 0x64}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x51, 0x03, 0x8f, 0xd5, 0x03, 0x58, 0x8f, 0x8c, 0xe3, 0x09, 0xa3, 0xea, 0xc2, 0x75, 0xe3, 0xe5, 0x9f, 0x47, 0xa5, 0x32, 0xa4, 0x09, 0x5f, 0xe8, 0xff, 0xcd, 0xbb, 0xee, 0x38, 0x7d, 0xf8, 0x88}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x7a, 0xf3, 0x8f, 0x16, 0xb1, 0x24, 0x91, 0xe2, 0x9d, 0x85, 0x6f, 0x18, 0xac, 0xa7, 0x86, 0x6a, 0xf8, 0xc2, 0xc8, 0x77, 0x68, 0xdb, 0xb2, 0x77, 0xdd, 0x67, 0x6e, 0x86, 0x9b, 0xfb, 0x6c, 0x3b}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xaa, 0x94, 0xaa, 0x4a, 0xa7, 0x7b, 0xc3, 0x66, 0x92, 0xc8, 0x5d, 0x24, 0x3f, 0x12, 0x3f, 0xe9, 0xb0, 0xec, 0xf0, 0x41, 0xe4, 0xc3, 0xe4, 0x23, 0x68, 0x57, 0x83, 0xd4, 0xc0, 0x44, 0x1a, 0x65}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xf4, 0xb6, 0xf0, 0x0f, 0xa4, 0x46, 0x09, 0xdb, 0x22, 0xc1, 0xe0, 0xd7, 0xb1, 0x42, 0x5f, 0xe9, 0x01, 0x98, 0xa1, 0x61, 0xc3, 0xb0, 0x78, 0xb8, 0x8c, 0xc3, 0xfa, 0xe6, 0x32, 0xd6, 0x8f, 0xa9}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x26, 0x29, 0xa6, 0x50, 0xe3, 0xdb, 0x3a, 0xaf, 0xeb, 0x55, 0x9b, 0x26, 0x21, 0xa9, 0xac, 0x4f, 0x60, 0xb1, 0x3a, 0x3b, 0x31, 0x3b, 0x74, 0xea, 0x21, 0x14, 0xc7, 0x68, 0x82, 0x72, 0x62, 0x54}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xcf, 0xf3, 0xea, 0x7a, 0xd8, 0xfd, 0x1d, 0xff, 0x0a, 0x06, 0x43, 0x87, 0xcc, 0xff, 0x32, 0xef, 0x50, 0x1f, 0xe5, 0x25, 0x35, 0xf4, 0xd0, 0x19, 0xfc, 0x49, 0x55, 0x3f, 0x0e, 0xb8, 0xec, 0x10}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x2a, 0xd9, 0x92, 0xd9, 0xf8, 0xc0, 0x7d, 0xc9, 0x76, 0x2e, 0x6a, 0x8b, 0x8e, 0x87, 0x9a, 0x6a, 0x66, 0x1a, 0xbe, 0x9e, 0x5a, 0x3c, 0x02, 0xe7, 0xe5, 0x1f, 0xd7, 0x1a, 0x26, 0x34, 0xcf, 0xdc}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x0d, 0x1f, 0x46, 0x46, 0xcd, 0xd2, 0x71, 0x13, 0xe5, 0xb9, 0xc1, 0x7f, 0xd7, 0x1b, 0x31, 0xcd, 0xaa, 0xc0, 0x0d, 0x42, 0x0b, 0x8d, 0x45, 0x05, 0xce, 0xda, 0xff, 0x50, 0xae, 0x53, 0x3c, 0x57}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x16, 0x72, 0x2d, 0xfe, 0x9b, 0xc8, 0xa7, 0x25, 0x65, 0x9e, 0x04, 0xde, 0xb1, 0x2a, 0x95, 0x9c, 0x27, 0x1d, 0xf5, 0x66, 0xa2, 0x27, 0x91, 0xf7, 0x7e, 0x28, 0x12, 0x37, 0x62, 0x8f, 0x80, 0xb3}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xb6, 0x49, 0x73, 0x25, 0xf5, 0x39, 0x6a, 0x8d, 0xdd, 0x7c, 0xba, 0x6e, 0x79, 0xef, 0x11, 0xf8, 0xa8, 0x6a, 0xe3, 0x54, 0x63, 0xf4, 0x5a, 0xd8, 0xb1, 0x81, 0x90, 0x5f, 0x06, 0xf7, 0xa2, 0x50}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x05, 0xe3, 0xc2, 0xa1, 0x8c, 0x48, 0x27, 0xd2, 0xbf, 0xe7, 0x06, 0x3e, 0x24, 0x95, 0xf9, 0xe9, 0xef, 0xeb, 0x82, 0xab, 0x26, 0x61, 0x7a, 0x03, 0xbf, 0x40, 0x67, 0x24, 0xaf, 0x57, 0x26, 0xc1}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x13, 0xe1, 0xea, 0x1b, 0x53, 0x63, 0x65, 0x6a, 0xa4, 0xfd, 0x6e, 0xb0, 0x5b, 0xac, 0x34, 0xc0, 0x3c, 0xa8, 0xc9, 0xb9, 0xfe, 0xab, 0x43, 0xcd, 0xa3, 0xf0, 0xfb, 0x11, 0xb0, 0x8b, 0x2d, 0x38}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xd6, 0x28, 0x33, 0xb9, 0x40, 0xc3, 0xff, 0xc5, 0xfe, 0x2a, 0x81, 0xef, 0x96, 0xf0, 0x8a, 0x8c, 0x80, 0xe2, 0xd9, 0xac, 0x20, 0xb0, 0xdc, 0x2e, 0xfd, 0x74, 0xf7, 0x49, 0xf5, 0x4a, 0x7d, 0xce}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xbf, 0xc8, 0x09, 0xea, 0x44, 0xb5, 0x61, 0xda, 0x7b, 0x72, 0x03, 0xcc, 0xa9, 0x49, 0x8e, 0x9c, 0x3d, 0xb5, 0x5b, 0xda, 0x76, 0x58, 0xfd, 0x3e, 0x03, 0xc8, 0x44, 0x0d, 0x6a, 0xf5, 0xdb, 0x4b}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x07, 0x77, 0xbf, 0xe2, 0xd8, 0xfe, 0x7c, 0xf0, 0x6b, 0x23, 0xbb, 0x85, 0x0e, 0xbb, 0x8c, 0xad, 0xbd, 0x5f, 0x67, 0x46, 0xa1, 0x14, 0x5d, 0x3f, 0x2d, 0xf2, 0xe5, 0x93, 0xbf, 0xb5, 0x95, 0x2d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x80, 0x1e, 0xc3, 0xef, 0x88, 0xd7, 0xbd, 0x61, 0xe0, 0xae, 0xd5, 0x12, 0x8c, 0x32, 0x18, 0x79, 0x72, 0xb1, 0xf3, 0xf0, 0x27, 0x88, 0xc5, 0x0a, 0xbb, 0x51, 0x81, 0x47, 0xb0, 0x7c, 0xb4, 0x38}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xa8, 0xc3, 0x7a, 0xaf, 0x64, 0x30, 0x83, 0x58, 0xe4, 0xcc, 0xa1, 0x09, 0x99, 0x31, 0xac, 0xea, 0xa4, 0xb6, 0x54, 0x49, 0x5b, 0x3c, 0x58, 0xa1, 0xb0, 0xd6, 0x99, 0x50, 0x94, 0xc2, 0x5c, 0xd3}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x11, 0xf0, 0xe8, 0x55, 0x3b, 0x53, 0xfb, 0xed, 0x19, 0xd9, 0x24, 0x88, 0x3f, 0xc7, 0x58, 0x77, 0x32, 0x58, 0xb4, 0xc0, 0x8e, 0xa7, 0x28, 0x8b, 0xba, 0x34, 0x8e, 0x60, 0xa5, 0x0a, 0x02, 0x98}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x9a, 0x9b, 0x75, 0x43, 0xde, 0xe6, 0xcd, 0x87, 0x4e, 0x75, 0x01, 0x78, 0xb9, 0x6e, 0x94, 0x4d, 0x13, 0x23, 0xa3, 0x4d, 0x9e, 0xe2, 0x73, 0x35, 0x78, 0x92, 0x0e, 0xb5, 0x09, 0x97, 0x13, 0xa2}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x6e, 0xf1, 0xea, 0xec, 0xff, 0xd0, 0x93, 0xe5, 0x43, 0x08, 0xdd, 0x0e, 0xe6, 0xa1, 0xd4, 0x95, 0x0d, 0x65, 0x90, 0xf0, 0x9a, 0x3c, 0x1f, 0x29, 0x42, 0xcd, 0xa7, 0x16, 0xa9, 0x90, 0xe2, 0xae}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x8c, 0x84, 0x9f, 0x67, 0x9e, 0xf8, 0x3f, 0xd4, 0x41, 0x01, 0x92, 0xa7, 0x77, 0x57, 0xde, 0x80, 0x1b, 0x24, 0x97, 0xb0, 0x96, 0x8a, 0x90, 0xc5, 0xf9, 0x24, 0x3c, 0x86, 0x3a, 0xac, 0x10, 0x3f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xf5, 0xef, 0x1d, 0x20, 0x44, 0xe1, 0xd9, 0xf6, 0xba, 0x33, 0xe5, 0x5c, 0x6d, 0xcc, 0x62, 0x5f, 0x6f, 0x0b, 0xf8, 0x5e, 0xba, 0x32, 0x47, 0xbd, 0x2b, 0xb8, 0x93, 0xb0, 0x91, 0xee, 0x14, 0xc2}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xbb, 0x5f, 0x91, 0x87, 0xaf, 0x52, 0x97, 0xb3, 0x6b, 0xa9, 0x5d, 0x88, 0xb5, 0xfd, 0x2a, 0x42, 0x79, 0x05, 0xc3, 0xb3, 0x64, 0xd8, 0xd4, 0xdc, 0xa1, 0x99, 0x31, 0xd8, 0xd2, 0xd5, 0xfe, 0x99}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x7a, 0x1f, 0x1d, 0x1f, 0x42, 0x77, 0xaa, 0x84, 0x97, 0xdc, 0x1b, 0x44, 0x36, 0xde, 0x25, 0x8b, 0x92, 0x7f, 0xe2, 0x07, 0xd2, 0xe2, 0x5c, 0x1a, 0x38, 0xb5, 0x4d, 0x68, 0xbd, 0xea, 0xab, 0xc9}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x67, 0x5d, 0x7e, 0xff, 0xa1, 0x22, 0xca, 0xdc, 0xc0, 0xd7, 0xe8, 0x8a, 0x6d, 0x7f, 0x6e, 0x72, 0xe9, 0xcf, 0x73, 0xb4, 0x43, 0x40, 0x08, 0xcc, 0x4e, 0x65, 0x0a, 0x92, 0x63, 0x8b, 0x16, 0x6d}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x4f, 0x85, 0xd0, 0xc6, 0xd6, 0x31, 0x94, 0x59, 0x95, 0x48, 0x64, 0x8c, 0x45, 0x5b, 0x1d, 0x0c, 0x04, 0x4a, 0x9d, 0x3b, 0x20, 0xe6, 0xa9, 0x31, 0x7b, 0x12, 0x17, 0x83, 0x4b, 0x61, 0x97, 0x60}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x23, 0x5d, 0xeb, 0x7a, 0x6f, 0x43, 0xe7, 0xde, 0xb9, 0xda, 0x73, 0x87, 0xa9, 0xf8, 0x2b, 0x81, 0xa2, 0x9c, 0x1d, 0xad, 0x46, 0x54, 0x64, 0xc0, 0x67, 0x7f, 0xe4, 0x5d, 0xdc, 0x52, 0x55, 0xd1}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0xea, 0x9c, 0x3c, 0x07, 0x42, 0x15, 0x22, 0x3a, 0x5c, 0x4f, 0xf2, 0xda, 0x82, 0xd9, 0x27, 0x2c, 0xaa, 0x5d, 0x37, 0xe6, 0x8e, 0xed, 0x99, 0x2f, 0x48, 0x77, 0x96, 0x9a, 0xc4, 0xb9, 0x9f, 0xac}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x58, 0x37, 0xee, 0xdb, 0xcc, 0x73, 0xfc, 0xfd, 0x45, 0xee, 0x91, 0x5e, 0x47, 0x73, 0x21, 0xe8, 0xc6, 0xf5, 0x11, 0x90, 0xc9, 0x62, 0x19, 0xaf, 0x66, 0x0b, 0x4d, 0xb9, 0x5f, 0xdb, 0x3b, 0xf9}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x20, 0xee, 0xb9, 0x1f, 0xd4, 0x0f, 0x0b, 0x69, 0xec, 0x55, 0xe3, 0x99, 0x9d, 0xe7, 0x44, 0x93, 0x97, 0xb5, 0x36, 0xb3, 0xb5, 0xe0, 0x45, 0x18, 0xe0, 0x50, 0x06, 0x4b, 0xf2, 0x56, 0x81, 0x5c}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x5d, 0x53, 0x9a, 0xd6, 0xce, 0x0f, 0xeb, 0xb6, 0xa3, 0xb1, 0x49, 0xc0, 0x1d, 0xa5, 0x8e, 0xeb, 0x90, 0xc1, 0xae, 0xaa, 0x4f, 0xd3, 0xc9, 0x4c, 0x2e, 0x6d, 0x7e, 0x75, 0xcd, 0x21, 0x77, 0xbc}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xe9, 0xb4, 0x11, 0x59, 0x45, 0x5f, 0x3a, 0x02, 0x58, 0xac, 0xf1, 0x4c, 0x11, 0x89, 0x3e, 0x65, 0xbf, 0x57, 0x32, 0x2f, 0xd5, 0xe1, 0xe8, 0xa8, 0x7c, 0x05, 0x4d, 0x86, 0x90, 0xe1, 0x05, 0xb5}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x1e, 0x29, 0xba, 0xa0, 0x76, 0xf7, 0x9a, 0xa4, 0x2d, 0x47, 0x65, 0x1b, 0xad, 0xca, 0x64, 0xbd, 0x27, 0xb3, 0xd3, 0x3f, 0x7e, 0xe4, 0xdc, 0x6b, 0x2a, 0x57, 0xe9, 0xae, 0x38, 0xf1, 0x6a, 0x2a}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x88, 0xa5, 0xbc, 0x2c, 0x84, 0x93, 0x62, 0x93, 0xbf, 0xbd, 0xdf, 0x86, 0xf4, 0x07, 0x80, 0xdf, 0x24, 0xbf, 0x65, 0x22, 0xa6, 0xa3, 0x94, 0xbe, 0x27, 0x60, 0xb9, 0xa4, 0xa9, 0x23, 0x4c, 0x62}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb2, 0xc2, 0xcb, 0x67, 0x3e, 0xe7, 0x64, 0xef, 0xfe, 0x28, 0xf9, 0x5f, 0xd7, 0xbd, 0x82, 0xcb, 0x84, 0xf2, 0xc2, 0x68, 0xda, 0xe4, 0xe3, 0x37, 0x70, 0x2c, 0x0c, 0x8a, 0x74, 0x83, 0xdc, 0xd3}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x08, 0xda, 0x81, 0xf7, 0xc6, 0x3c, 0xef, 0x62, 0x31, 0x57, 0xd8, 0xc9, 0x78, 0x75, 0x65, 0xba, 0xd4, 0x26, 0x76, 0xd1, 0x69, 0x42, 0x3f, 0x96, 0x4c, 0xe8, 0x35, 0x5c, 0xa5, 0x4a, 0xf8, 0x45}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0x46, 0x28, 0x33, 0x77, 0xc4, 0xeb, 0x47, 0xdb, 0x9f, 0xe2, 0x4a, 0xc2, 0x97, 0x38, 0xf2, 0x46, 0x0c, 0xad, 0x13, 0xc6, 0xc6, 0x60, 0x9c, 0x5a, 0x88, 0xb6, 0xc0, 0x85, 0x43, 0x79, 0x12, 0xf1}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xc7, 0x3e, 0xd4, 0x3e, 0xa7, 0x52, 0x60, 0x4c, 0x65, 0xa4, 0x11, 0x58, 0xa7, 0x57, 0x9f, 0x53, 0x4e, 0x75, 0x51, 0xd3, 0xc2, 0xad, 0x6b, 0x53, 0x59, 0x8e, 0x4b, 0xd6, 0x8f, 0x34, 0x82, 0x12}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa5, 0x46, 0x9d, 0xbc, 0x44, 0x80, 0xff, 0x6d, 0xfe, 0x2a, 0xe3, 0xb3, 0xed, 0x80, 0x51, 0xf3, 0x8b, 0xf9, 0xc6, 0x78, 0x05, 0x0d, 0x00, 0x31, 0xc4, 0x6d, 0x04, 0xbe, 0xe9, 0xf8, 0xc8, 0x0d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0xef, 0x0d, 0xec, 0xad, 0xe5, 0xf6, 0x0c, 0xd2, 0x04, 0x5a, 0xfe, 0xb5, 0x07, 0x08, 0x83, 0x3e, 0x19, 0x91, 0xde, 0xdf, 0xe6, 0xaf, 0x0a, 0x61, 0x60, 0xc7, 0x3c, 0xa9, 0xa6, 0x23, 0xfa, 0x6e}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xa1, 0x19, 0x31, 0x1c, 0x89, 0xa1, 0xa3, 0x4f, 0x12, 0x53, 0x33, 0x84, 0xbf, 0x89, 0x5f, 0x1b, 0x01, 0xaa, 0xa8, 0x01, 0x56, 0x16, 0x36, 0xb9, 0x61, 0x65, 0x5b, 0x9d, 0x68, 0xd4, 0x73, 0x18}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x57, 0xe7, 0x9f, 0x05, 0x25, 0xeb, 0x18, 0xe0, 0x14, 0xc9, 0xb0, 0x5e, 0x9e, 0xb9, 0x6e, 0x8b, 0x5b, 0x1f, 0xb6, 0xb2, 0x0f, 0xf1, 0x14, 0x8f, 0xe0, 0x96, 0x1b, 0xaa, 0xf8, 0xf6, 0x42, 0xc4}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0xf0, 0x23, 0x29, 0x55, 0xfb, 0x3e, 0xa9, 0x4f, 0xa8, 0xeb, 0xc5, 0xd3, 0x77, 0x92, 0x81, 0xd8, 0xb1, 0x1b, 0x88, 0x8a, 0xc9, 0x9b, 0x5f, 0x8d, 0x41, 0x28, 0x50, 0xe1, 0xc1, 0x4b, 0xb9, 0xc3}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x47, 0xcd, 0x1f, 0x36, 0xaf, 0xea, 0x34, 0xd1, 0x09, 0xb4, 0x63, 0xc9, 0xef, 0x4f, 0x1a, 0x87, 0x4a, 0xa7, 0x50, 0xf1, 0x2a, 0x30, 0xda, 0xf8, 0xd4, 0xb0, 0x43, 0x88, 0xe8, 0x58, 0x2c, 0x6c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x18, 0xe3, 0x88, 0xb6, 0xf9, 0x50, 0x39, 0xcb, 0x0b, 0x99, 0x97, 0xdb, 0xb9, 0x3a, 0x33, 0x14, 0x1c, 0x08, 0x7d, 0x56, 0xae, 0xe8, 0x46, 0xa7, 0x4d, 0x33, 0xd8, 0x32, 0x20, 0x6e, 0xdb, 0xa3}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index f64b57347..d052abd82 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240730125857-9d58f8a494a2" + defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240801135259-5a577728fd23" ) From b38dcc1f529075de421221238b7f1f1e8f08f256 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 2 Aug 2024 14:28:20 +0200 Subject: [PATCH 191/380] deps: update ghcr.io/edgelesssys/constellation/s3proxy Docker tag to v2.18.0-pre.0.20240801135259-5a577728fd23 (#3264) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- s3proxy/deploy/s3proxy/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/s3proxy/deploy/s3proxy/values.yaml b/s3proxy/deploy/s3proxy/values.yaml index 9b7f621b7..e74b7152f 100644 --- a/s3proxy/deploy/s3proxy/values.yaml +++ b/s3proxy/deploy/s3proxy/values.yaml @@ -3,7 +3,7 @@ awsAccessKeyID: "replaceme" awsSecretAccessKey: "replaceme" # Pod image to deploy. -image: "ghcr.io/edgelesssys/constellation/s3proxy:v2.18.0-pre.0.20240716154541-4d13479f9053" +image: "ghcr.io/edgelesssys/constellation/s3proxy:v2.18.0-pre.0.20240801135259-5a577728fd23" # Control if multipart uploads are blocked. allowMultipart: false From f33e7e5ac5935516bfc733e9f7ce4dcbb32b9dec Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 2 Aug 2024 15:05:28 +0200 Subject: [PATCH 192/380] deps: update ubuntu:22.04 Docker digest to 340d9b0 (#3252) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- 3rdparty/gcp-guest-agent/Dockerfile | 2 +- docs/screencasts/docker/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/3rdparty/gcp-guest-agent/Dockerfile b/3rdparty/gcp-guest-agent/Dockerfile index 05ea53a02..97f0e1486 100644 --- a/3rdparty/gcp-guest-agent/Dockerfile +++ b/3rdparty/gcp-guest-agent/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:22.04@sha256:19478ce7fc2ffbce89df29fea5725a8d12e57de52eb9ea570890dc5852aac1ac as build +FROM ubuntu:22.04@sha256:340d9b015b194dc6e2a13938944e0d016e57b9679963fdeb9ce021daac430221 as build # Install packages RUN apt-get update && apt-get install -y \ diff --git a/docs/screencasts/docker/Dockerfile b/docs/screencasts/docker/Dockerfile index c5e7c47a0..71063ea40 100644 --- a/docs/screencasts/docker/Dockerfile +++ b/docs/screencasts/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:22.04@sha256:19478ce7fc2ffbce89df29fea5725a8d12e57de52eb9ea570890dc5852aac1ac +FROM ubuntu:22.04@sha256:340d9b015b194dc6e2a13938944e0d016e57b9679963fdeb9ce021daac430221 # Install requirements RUN apt-get update && apt-get install -y software-properties-common &&\ From 5538a7a23d6160089598d71a533158433a4c1762 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 2 Aug 2024 15:06:00 +0200 Subject: [PATCH 193/380] deps: update GitHub action dependencies (#3288) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/actions/build_micro_service/action.yml | 2 +- .github/actions/setup_bazel_nix/action.yml | 2 +- .github/workflows/aws-snp-launchmeasurement.yml | 2 +- .github/workflows/build-ccm-gcp.yml | 2 +- .github/workflows/build-gcp-guest-agent.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/actions/build_micro_service/action.yml b/.github/actions/build_micro_service/action.yml index 41aabcb62..6e484ac28 100644 --- a/.github/actions/build_micro_service/action.yml +++ b/.github/actions/build_micro_service/action.yml @@ -62,7 +62,7 @@ runs: - name: Build and push container image id: build-micro-service - uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0 + uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 # v6.5.0 with: context: . file: ${{ inputs.dockerfile }} diff --git a/.github/actions/setup_bazel_nix/action.yml b/.github/actions/setup_bazel_nix/action.yml index 8ef8403d6..378d36e00 100644 --- a/.github/actions/setup_bazel_nix/action.yml +++ b/.github/actions/setup_bazel_nix/action.yml @@ -113,7 +113,7 @@ runs: - name: Install nix if: steps.check_inputs.outputs.nixPreinstalled == 'false' - uses: cachix/install-nix-action@8887e596b4ee1134dae06b98d573bd674693f47c # v26 + uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27 - name: Set $USER if not set shell: bash diff --git a/.github/workflows/aws-snp-launchmeasurement.yml b/.github/workflows/aws-snp-launchmeasurement.yml index 998604220..a6fa04402 100644 --- a/.github/workflows/aws-snp-launchmeasurement.yml +++ b/.github/workflows/aws-snp-launchmeasurement.yml @@ -23,7 +23,7 @@ jobs: sudo python3 -m pip install --user --require-hashes -r constellation/.github/workflows/aws-snp-launchmeasurements-requirements.txt - name: Install Nix - uses: cachix/install-nix-action@8887e596b4ee1134dae06b98d573bd674693f47c # v26 + uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27 - name: Download Firmware release id: download-firmware diff --git a/.github/workflows/build-ccm-gcp.yml b/.github/workflows/build-ccm-gcp.yml index 9cf8beea2..80d781e2e 100644 --- a/.github/workflows/build-ccm-gcp.yml +++ b/.github/workflows/build-ccm-gcp.yml @@ -113,7 +113,7 @@ jobs: - name: Build and push container image id: build - uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0 + uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 # v6.5.0 with: context: ./cloud-provider-gcp push: ${{ github.ref_name == 'main' }} diff --git a/.github/workflows/build-gcp-guest-agent.yml b/.github/workflows/build-gcp-guest-agent.yml index 7c5aa2bf8..9a5274aeb 100644 --- a/.github/workflows/build-gcp-guest-agent.yml +++ b/.github/workflows/build-gcp-guest-agent.yml @@ -114,7 +114,7 @@ jobs: - name: Build and push container image if: steps.needs-build.outputs.out == 'true' id: build - uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0 + uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 # v6.5.0 with: context: ./guest-agent file: ./constellation/3rdparty/gcp-guest-agent/Dockerfile From aca61bda4e2c781f453b606fbcf6cc8b38faf084 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 2 Aug 2024 15:15:55 +0200 Subject: [PATCH 194/380] deps: update golangci/golangci-lint to v1.59.1 (#3287) * deps: update golangci/golangci-lint to v1.59.1 * deps: tidy all modules --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci --- bazel/toolchains/ci_deps.bzl | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/bazel/toolchains/ci_deps.bzl b/bazel/toolchains/ci_deps.bzl index 6e3774830..870bba0d6 100644 --- a/bazel/toolchains/ci_deps.bzl +++ b/bazel/toolchains/ci_deps.bzl @@ -223,45 +223,45 @@ def _golangci_lint_deps(): name = "com_github_golangci_golangci_lint_linux_amd64", build_file = "//bazel/toolchains:BUILD.golangci.bazel", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/2e7c1b2af70ecb7ce18da79a3951db7046dcb709566c018fb93c61e8733b2239", - "https://github.com/golangci/golangci-lint/releases/download/v1.58.1/golangci-lint-1.58.1-linux-amd64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/c30696f1292cff8778a495400745f0f9c0406a3f38d8bb12cef48d599f6c7791", + "https://github.com/golangci/golangci-lint/releases/download/v1.59.1/golangci-lint-1.59.1-linux-amd64.tar.gz", ], - strip_prefix = "golangci-lint-1.58.1-linux-amd64", + strip_prefix = "golangci-lint-1.59.1-linux-amd64", type = "tar.gz", - sha256 = "2e7c1b2af70ecb7ce18da79a3951db7046dcb709566c018fb93c61e8733b2239", + sha256 = "c30696f1292cff8778a495400745f0f9c0406a3f38d8bb12cef48d599f6c7791", ) http_archive( name = "com_github_golangci_golangci_lint_linux_arm64", build_file = "//bazel/toolchains:BUILD.golangci.bazel", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/e78f55156ef7f8bd4a746aa695c6bd299dc0aa71b91ec066680d2c59e443708b", - "https://github.com/golangci/golangci-lint/releases/download/v1.58.1/golangci-lint-1.58.1-linux-arm64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/8264507b560ae89dd080d5a0c7198ca5198e2b45f937a1f7fd873a8baa8e0b8f", + "https://github.com/golangci/golangci-lint/releases/download/v1.59.1/golangci-lint-1.59.1-linux-arm64.tar.gz", ], - strip_prefix = "golangci-lint-1.58.1-linux-arm64", + strip_prefix = "golangci-lint-1.59.1-linux-arm64", type = "tar.gz", - sha256 = "e78f55156ef7f8bd4a746aa695c6bd299dc0aa71b91ec066680d2c59e443708b", + sha256 = "8264507b560ae89dd080d5a0c7198ca5198e2b45f937a1f7fd873a8baa8e0b8f", ) http_archive( name = "com_github_golangci_golangci_lint_darwin_amd64", build_file = "//bazel/toolchains:BUILD.golangci.bazel", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/79f587134955808e245aa78a734bc28f6e03fc42efb3e91d2a705930909fe0c0", - "https://github.com/golangci/golangci-lint/releases/download/v1.58.1/golangci-lint-1.58.1-darwin-amd64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/2f945063394a489c0037f0369c0ce21bc007565c08f90b924a35f4c04721cbc0", + "https://github.com/golangci/golangci-lint/releases/download/v1.59.1/golangci-lint-1.59.1-darwin-amd64.tar.gz", ], - strip_prefix = "golangci-lint-1.58.1-darwin-amd64", + strip_prefix = "golangci-lint-1.59.1-darwin-amd64", type = "tar.gz", - sha256 = "79f587134955808e245aa78a734bc28f6e03fc42efb3e91d2a705930909fe0c0", + sha256 = "2f945063394a489c0037f0369c0ce21bc007565c08f90b924a35f4c04721cbc0", ) http_archive( name = "com_github_golangci_golangci_lint_darwin_arm64", build_file = "//bazel/toolchains:BUILD.golangci.bazel", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/bd59615a2fdf8e8ff544ba79e15c53f81a538bd68cccf52f4802b65e0216199d", - "https://github.com/golangci/golangci-lint/releases/download/v1.58.1/golangci-lint-1.58.1-darwin-arm64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/16ec8a86974ddebd466a5cc071bb9f44d06d2a1f4bf93d13fbcb59e1704edb39", + "https://github.com/golangci/golangci-lint/releases/download/v1.59.1/golangci-lint-1.59.1-darwin-arm64.tar.gz", ], - strip_prefix = "golangci-lint-1.58.1-darwin-arm64", + strip_prefix = "golangci-lint-1.59.1-darwin-arm64", type = "tar.gz", - sha256 = "bd59615a2fdf8e8ff544ba79e15c53f81a538bd68cccf52f4802b65e0216199d", + sha256 = "16ec8a86974ddebd466a5cc071bb9f44d06d2a1f4bf93d13fbcb59e1704edb39", ) def _buf_deps(): From c6eec7384b0b1bb9edbd653064ec544118d9aeb2 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 2 Aug 2024 15:43:40 +0200 Subject: [PATCH 195/380] deps: update bazel (core) (#3286) * deps: update bazel (core) * deps: tidy all modules --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci --- MODULE.bazel | 4 ++-- MODULE.bazel.lock | 14 ++++++++------ 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/MODULE.bazel b/MODULE.bazel index 87b28bc07..ea112494d 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -2,10 +2,10 @@ module(name = "constellation") bazel_dep(name = "aspect_bazel_lib", version = "2.7.8") bazel_dep(name = "bazel_skylib", version = "1.7.1") -bazel_dep(name = "gazelle", version = "0.37.0") +bazel_dep(name = "gazelle", version = "0.38.0") bazel_dep(name = "hermetic_cc_toolchain", version = "3.1.0") bazel_dep(name = "rules_cc", version = "0.0.9") -bazel_dep(name = "rules_go", version = "0.48.1", repo_name = "io_bazel_rules_go") +bazel_dep(name = "rules_go", version = "0.49.0", repo_name = "io_bazel_rules_go") bazel_dep(name = "rules_pkg", version = "0.10.1") bazel_dep(name = "rules_proto", version = "6.0.2") bazel_dep(name = "rules_python", version = "0.32.2") diff --git a/MODULE.bazel.lock b/MODULE.bazel.lock index aaff5a961..6eac3c38d 100644 --- a/MODULE.bazel.lock +++ b/MODULE.bazel.lock @@ -31,19 +31,20 @@ "https://bcr.bazel.build/modules/gazelle/0.33.0/MODULE.bazel": "a13a0f279b462b784fb8dd52a4074526c4a2afe70e114c7d09066097a46b3350", "https://bcr.bazel.build/modules/gazelle/0.34.0/MODULE.bazel": "abdd8ce4d70978933209db92e436deb3a8b737859e9354fb5fd11fb5c2004c8a", "https://bcr.bazel.build/modules/gazelle/0.36.0/MODULE.bazel": "e375d5d6e9a6ca59b0cb38b0540bc9a05b6aa926d322f2de268ad267a2ee74c0", - "https://bcr.bazel.build/modules/gazelle/0.37.0/MODULE.bazel": "d1327ba0907d0275ed5103bfbbb13518f6c04955b402213319d0d6c0ce9839d4", - "https://bcr.bazel.build/modules/gazelle/0.37.0/source.json": "b3adc10e2394e7f63ea88fb1d622d4894bfe9ec6961c493ae9a887723ab16831", + "https://bcr.bazel.build/modules/gazelle/0.38.0/MODULE.bazel": "51bb3ca009bc9320492894aece6ba5f50aae68a39fff2567844b77fc12e2d0a5", + "https://bcr.bazel.build/modules/gazelle/0.38.0/source.json": "7fedf9b531bcbbe90b009e4d3aef478a2defb8b8a6e31e931445231e425fc37c", "https://bcr.bazel.build/modules/googletest/1.11.0/MODULE.bazel": "3a83f095183f66345ca86aa13c58b59f9f94a2f81999c093d4eeaa2d262d12f4", "https://bcr.bazel.build/modules/googletest/1.11.0/source.json": "c73d9ef4268c91bd0c1cd88f1f9dfa08e814b1dbe89b5f594a9f08ba0244d206", "https://bcr.bazel.build/modules/hermetic_cc_toolchain/3.1.0/MODULE.bazel": "ea4b3a25a9417a7db57a8a2f9ebdee91d679823c6274b482b817ed128d81c594", "https://bcr.bazel.build/modules/hermetic_cc_toolchain/3.1.0/source.json": "9d1df0459caefdf41052d360469922a73e219f67c8ce4da0628cc604469822b9", + "https://bcr.bazel.build/modules/platforms/0.0.10/MODULE.bazel": "8cb8efaf200bdeb2150d93e162c40f388529a25852b332cec879373771e48ed5", + "https://bcr.bazel.build/modules/platforms/0.0.10/source.json": "f22828ff4cf021a6b577f1bf6341cb9dcd7965092a439f64fc1bb3b7a5ae4bd5", "https://bcr.bazel.build/modules/platforms/0.0.4/MODULE.bazel": "9b328e31ee156f53f3c416a64f8491f7eb731742655a47c9eec4703a71644aee", "https://bcr.bazel.build/modules/platforms/0.0.5/MODULE.bazel": "5733b54ea419d5eaf7997054bb55f6a1d0b5ff8aedf0176fef9eea44f3acda37", "https://bcr.bazel.build/modules/platforms/0.0.6/MODULE.bazel": "ad6eeef431dc52aefd2d77ed20a4b353f8ebf0f4ecdd26a807d2da5aa8cd0615", "https://bcr.bazel.build/modules/platforms/0.0.7/MODULE.bazel": "72fd4a0ede9ee5c021f6a8dd92b503e089f46c227ba2813ff183b71616034814", "https://bcr.bazel.build/modules/platforms/0.0.8/MODULE.bazel": "9f142c03e348f6d263719f5074b21ef3adf0b139ee4c5133e2aa35664da9eb2d", "https://bcr.bazel.build/modules/platforms/0.0.9/MODULE.bazel": "4a87a60c927b56ddd67db50c89acaa62f4ce2a1d2149ccb63ffd871d5ce29ebc", - "https://bcr.bazel.build/modules/platforms/0.0.9/source.json": "cd74d854bf16a9e002fb2ca7b1a421f4403cda29f824a765acd3a8c56f8d43e6", "https://bcr.bazel.build/modules/protobuf/21.7/MODULE.bazel": "a5a29bb89544f9b97edce05642fac225a808b5b7be74038ea3640fae2f8e66a7", "https://bcr.bazel.build/modules/protobuf/21.7/source.json": "bbe500720421e582ff2d18b0802464205138c06056f443184de39fbb8187b09b", "https://bcr.bazel.build/modules/protobuf/3.19.0/MODULE.bazel": "6b5fbb433f760a99a22b18b6850ed5784ef0e9928a72668b66e4d7ccd47db9b0", @@ -57,8 +58,9 @@ "https://bcr.bazel.build/modules/rules_go/0.41.0/MODULE.bazel": "55861d8e8bb0e62cbd2896f60ff303f62ffcb0eddb74ecb0e5c0cbe36fc292c8", "https://bcr.bazel.build/modules/rules_go/0.42.0/MODULE.bazel": "8cfa875b9aa8c6fce2b2e5925e73c1388173ea3c32a0db4d2b4804b453c14270", "https://bcr.bazel.build/modules/rules_go/0.46.0/MODULE.bazel": "3477df8bdcc49e698b9d25f734c4f3a9f5931ff34ee48a2c662be168f5f2d3fd", - "https://bcr.bazel.build/modules/rules_go/0.48.1/MODULE.bazel": "ad27296e268624d7d53043fe5ff88d5486e7a29596336f629b379b83c67e6d8b", - "https://bcr.bazel.build/modules/rules_go/0.48.1/source.json": "83321289aa500090871d8f761d991f0534946414640cce5c18d2df44cff8e082", + "https://bcr.bazel.build/modules/rules_go/0.47.0/MODULE.bazel": "e425890d2a4d668abc0f59d8388b70bf63ad025edec76a385c35d85882519417", + "https://bcr.bazel.build/modules/rules_go/0.49.0/MODULE.bazel": "61cfc1ba17123356d1b12b6c50f6e0162b2cc7fd6f51753c12471e973a0f72a5", + "https://bcr.bazel.build/modules/rules_go/0.49.0/source.json": "ab2261ea5e29d29a41c8e5c67896f946ab7855b786d28fe25d74987b84e5e85d", "https://bcr.bazel.build/modules/rules_java/4.0.0/MODULE.bazel": "5a78a7ae82cd1a33cef56dc578c7d2a46ed0dca12643ee45edbb8417899e6f74", "https://bcr.bazel.build/modules/rules_java/5.3.5/MODULE.bazel": "a4ec4f2db570171e3e5eb753276ee4b389bae16b96207e9d3230895c99644b86", "https://bcr.bazel.build/modules/rules_java/7.6.1/MODULE.bazel": "2f14b7e8a1aa2f67ae92bc69d1ec0fa8d9f827c4e17ff5e5f02e91caa3b2d0fe", @@ -793,7 +795,7 @@ "@@platforms//host:extension.bzl%host_platform": { "general": { "bzlTransitiveDigest": "xelQcPZH8+tmuOHVjL9vDxMnnQNMlwj0SlvgoqBkm4U=", - "usagesDigest": "meSzxn3DUCcYEhq4HQwExWkWtU4EjriRBQLsZN+Q0SU=", + "usagesDigest": "V1R2Y2oMxKNfx2WCWpSCaUV1WefW1o8HZGm3v1vHgY4=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, From c5a5cd7d720af58dd97d103193c227ca173d162f Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Mon, 5 Aug 2024 09:47:35 +0200 Subject: [PATCH 196/380] image: update locked rpms (#3290) Co-authored-by: edgelessci --- image/mirror/SHA256SUMS | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/image/mirror/SHA256SUMS b/image/mirror/SHA256SUMS index 15aa5ec27..eacb65b56 100644 --- a/image/mirror/SHA256SUMS +++ b/image/mirror/SHA256SUMS @@ -1,5 +1,5 @@ 37abef83e8927b4b48f69fcbdcc249d349c6029cc669401676d01f0ea326999e WALinuxAgent-udev-2.10.0.8-2.fc40.noarch.rpm -8a934257282276e953748cbc9eca045f5d79047027bfad9fcc630e697fe05c15 aardvark-dns-1.11.0-1.fc40.x86_64.rpm +447b89ea37df3781701202f5d57072254a2775e93e897336e3c2bf15dedd5426 aardvark-dns-1.11.0-3.fc40.x86_64.rpm ac860c52abbc65af5835d1bd97400c531a5635d39bc1d68e36a1fe54863385ea alternatives-1.27-1.fc40.x86_64.rpm a8aac6e068011d76e89536ffcb29e516c3ccd0095ef8ada0a37a9fd21a2b39b0 audit-libs-4.0.1-1.fc40.i686.rpm 5b6386ac345c3fd388c509df4ad31ffe04f1a1ed6eb4f10d2b5f56c2a5b300dc audit-libs-4.0.1-1.fc40.x86_64.rpm @@ -18,8 +18,8 @@ adf4b75cdd9fae9d2d37fb71d9f0bf625a6705c0f0a7784569ab21463fe22152 conntrack-tool b0b0ba347f69131086934e836f03fb8b373923c88ac2958bd9661be28e30e869 container-selinux-2.232.1-1.fc40.noarch.rpm bbe29e0c7b4ca076d50b4ac3954eb383459230d96b13f353ee71ebd5de33b6d1 containerd-1.6.23-5.fc40.x86_64.rpm 25fffa3b5f1b0b2349fd6f8f6ccb6e84936c50eeb8d4a292bcc2b74895fa7fcc containernetworking-plugins-1.4.0-4.fc40.x86_64.rpm -4b5b50ec646765b28b5c41179ad5d6ba32a0275604b84d99f4845b3b05d5df48 containers-common-0.59.2-1.fc40.noarch.rpm -88d83c128517bc515d76796c666e19b8e263079bd5ec3207ccd425c0d3b9fd42 containers-common-extra-0.59.2-1.fc40.noarch.rpm +3ebc876ed0fc1e20e8c959bb27827aa80e432ea15492d00bb93565fb0450e3d1 containers-common-0.60.0-1.fc40.noarch.rpm +3d2becabe64711aeeaf330401cf1b7c7d3cfd11e1630e758046fdba7dcad2369 containers-common-extra-0.60.0-1.fc40.noarch.rpm a42b290620077529be1c269ff440a6cf78a66bc239be5fd69dc5fdd509bcd70b coreutils-single-9.4-7.fc40.x86_64.rpm d941a78ffb6e2e0b4c24d0097d0351ced8796edde90208b4bddee459bce0a949 cpio-2.15-1.fc40.x86_64.rpm faa23cb6a7a612c0a6e874c788c5add967c5e193bd38c2e6093b82b38a162f81 cracklib-2.9.11-5.fc40.i686.rpm @@ -28,12 +28,12 @@ fe24641e69545c428890a4b094f015c03f65a6c30c3db7bb0de7672bab66bfd6 cracklib-dicts e4407cbfeb01494457e941a56971ec3aefbd35206792918d60fc9417acacd1a8 criu-3.19-4.fc40.x86_64.rpm 6dd4fe61a462d20fd6fc07ecf8bf47198cc24733d82fe0e46ed4d5f988dffef4 criu-libs-3.19-4.fc40.x86_64.rpm 4e913c3232f3d304820e6e1746911d5d4c981407673edbd3426118a2fd2dd977 crun-1.15-1.fc40.x86_64.rpm -4ff80ee580e20cae3578c254c9c56698090cbcce3a4c2feb42e6a29156c15497 crypto-policies-20240510-1.gitd287a42.fc40.noarch.rpm -8bc661a223cc065e257444b97131cb2fdc4d2e80932958d9d40df09472756f71 crypto-policies-scripts-20240510-1.gitd287a42.fc40.noarch.rpm +2469a287d9fe6ea5f4aa0686fa5f223c14505218743230afbd322fdd90b1d396 crypto-policies-20240725-1.git28d3e2d.fc40.noarch.rpm +8271834b39fd9a7efef95f9bf40337cc636d55a9c4b56ee2500811b318794ae3 crypto-policies-scripts-20240725-1.git28d3e2d.fc40.noarch.rpm 694606bd827a928ef8c50f90d90de30491cdd56248a02ca539dc11968b831eca cryptsetup-2.7.3-1.fc40.x86_64.rpm 5e42ee5d5ec44b645e1a506e8b4fa9eab27eb491913e4591b26b464941283333 cryptsetup-libs-2.7.3-1.fc40.i686.rpm bc2e1fe5df71d47b8b7d28d641c2ce988c9dbce90ae36409f18748ef0d6012bb cryptsetup-libs-2.7.3-1.fc40.x86_64.rpm -eb071367cc23b314bfc3f3d7d9611bd6d19fc17cebae4f790e4d6719545f283a curl-8.6.0-8.fc40.x86_64.rpm +20b0f2923feae4c2f1d339e959d3f03d81f8ca985faa05872377b827d6f30467 curl-8.6.0-10.fc40.x86_64.rpm 0dff67dfeca59cb68cadafe8d9909b88dfaa2fc0a9a4426352f66a5fe351fbe3 cyrus-sasl-lib-2.1.28-19.fc40.x86_64.rpm 19197df26f76af5e78bd1e3ad2f777bea071eef6dfec1219f6b8ee3c80e10193 dbus-1.14.10-3.fc40.x86_64.rpm 84ca6055aa354df549fdc78d6d9df692ed4d12c14a489a6d2ce844b5f225a502 dbus-broker-36-2.fc40.x86_64.rpm @@ -141,8 +141,8 @@ dc22477c3ac762f92ecc322af4f39fee2c5371bedc495ce242f9b94c590c580f libcap-ng-0.8. 274fd72d27570f3fcc9f06efedd21ea7a71e0903c286222fdbbefd6b30b9a80c libcbor-0.11.0-1.fc40.x86_64.rpm c890a19d2c4a3da836bae1db40b778fe0339cd0d26bddfbe584aaccb1a0f1485 libcom_err-1.47.0-5.fc40.i686.rpm 0d100701976c37fe94e904ed78437db7477ae1dc600ece07bea23fbbd968762c libcom_err-1.47.0-5.fc40.x86_64.rpm -7cacae48a3f76e77ffae047db34146efd3ae45b51188431a161ea93f83b9a231 libcurl-minimal-8.6.0-8.fc40.i686.rpm -df01bb4a19148d5ef8bad7e97d6b9ff0926bdd6c04f97620b27dc3d2ff9059cb libcurl-minimal-8.6.0-8.fc40.x86_64.rpm +7583f6b188f19e5112403ad53d0e5c98d35a5b736d355ea91d4a35ade5ef014c libcurl-minimal-8.6.0-10.fc40.i686.rpm +e3dc770fc4c48bec2da9ac948bcd43e053608d0397ad0a57056409a7d427289d libcurl-minimal-8.6.0-10.fc40.x86_64.rpm 700d56839e1bc16c08f71c505a7e62f655e4c18f4bf71bf2f36f3854f829e6f5 libeconf-0.6.2-2.fc40.i686.rpm 2ef764049e121ee2a9fa5d0296e6e2dd0abc7541040b8e49d67960bd9bde74e4 libeconf-0.6.2-2.fc40.x86_64.rpm 9e6e3e3ae465342b139c97b782e55701d20c72e7330545d5c66f901ede7228db libedit-3.1-51.20240517cvs.fc40.x86_64.rpm @@ -235,7 +235,7 @@ b404c27af03bb1e43fb0dc472d5a1fa152e0563fa2e4eefa29199c47578a829b nano-default-e 8a93376ce7423bd1a649a13f4b5105f270b4603f5cf3b3e230bdbda7f25dd788 ncurses-base-6.4-12.20240127.fc40.noarch.rpm 39bba59320e6276a3b7b07bc94d319511bdd7d32ba098fd49723f4d542794d41 ncurses-libs-6.4-12.20240127.fc40.i686.rpm a18edf32e89aefd453998d5d0ec3aa1ea193dac43f80b99db195abd7e8cf1a04 ncurses-libs-6.4-12.20240127.fc40.x86_64.rpm -47c9ccca51428497dfe8d39d86f77b13135f2c621608f29d6ce2994c556d2b2b netavark-1.11.0-1.fc40.x86_64.rpm +2bd5e58775af7085d2656db931b8b9f5aea752cd42c98c95b3944a03a728c890 netavark-1.11.0-3.fc40.x86_64.rpm 16172412cfd45453292e18f84fc57e42a3ce92aca72b47ef7e15b44554049cfe nettle-3.9.1-6.fc40.x86_64.rpm 188ce5004e6ed764b4a619b64a4a0f36f1cc4fa919fe0a300599ff1171844144 nftables-1.0.9-3.fc40.x86_64.rpm 784e0fbc9ccb7087c10f4c41edbed13904f94244ff658f308614abe48cdf0d42 npth-1.7-1.fc40.x86_64.rpm @@ -307,8 +307,8 @@ d400a4e4440bea56566fb1e9582d86d1ac2e07745d37fa6e71f43a8fea05217c rpm-plugin-sel 63af9d11e956f54577a54460afda4377d78fdb9e265b1eae3f0f7a6f94f70146 runc-1.1.12-3.fc40.x86_64.rpm 3b940ff1f16fdb3ddcc19d7d76241c9b81d81099ff5147c4c9967d2c4ca6fb5b sbsigntools-0.9.5-3.fc40.x86_64.rpm 6a21b2c132a54fd6d9acb846d0a96289ab739b745cdc4c2b31bdbf6b2434a1a7 sed-4.9-1.fc40.x86_64.rpm -2a9c01c5e4cf1242de438f5029f70fd64ac7c3281a706949d00b72ed09768369 selinux-policy-40.24-1.fc40.noarch.rpm -497a47c87fcee1aae430cc4b2b53943791adf0d0c6c530c9ccfea88d9d9567be selinux-policy-targeted-40.24-1.fc40.noarch.rpm +553b360f74e225e07f6f6d7a0977e12fdc9decbc70f2d3ca317cc4e98b1481ee selinux-policy-40.26-1.fc40.noarch.rpm +f8c85ce96424f49b800d5ad909ad825321d64c7650408690d6b2fc0a87955274 selinux-policy-targeted-40.26-1.fc40.noarch.rpm 89862f646cd64e81497f01a8b69ab30ac8968c47afef92a2c333608fdb90ccc1 setup-2.14.5-2.fc40.noarch.rpm 95a0cce33e56359aa09507abfed062fb47a554307b0a029e6d2f076b813ae8d2 shadow-utils-4.15.1-3.fc40.x86_64.rpm 0c1072b40e5fe451e7d2bc1a7530e743303591c3d26bce0ac2e09ff05b50ae26 shadow-utils-subid-4.15.1-3.fc40.x86_64.rpm From f186bbb2350cab9aaaa8b3bbdb6414b845645310 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 6 Aug 2024 09:31:03 +0200 Subject: [PATCH 197/380] deps: update Go dependencies (#3291) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 142 +++++++++++------------ go.sum | 290 +++++++++++++++++++++++----------------------- hack/tools/go.mod | 2 +- hack/tools/go.sum | 4 +- 4 files changed, 218 insertions(+), 220 deletions(-) diff --git a/go.mod b/go.mod index 9443d5fc4..484ccf454 100644 --- a/go.mod +++ b/go.mod @@ -26,10 +26,10 @@ replace ( ) require ( - cloud.google.com/go/compute v1.27.2 - cloud.google.com/go/compute/metadata v0.4.0 - cloud.google.com/go/kms v1.18.2 - cloud.google.com/go/secretmanager v1.13.3 + cloud.google.com/go/compute v1.27.4 + cloud.google.com/go/compute/metadata v0.5.0 + cloud.google.com/go/kms v1.18.4 + cloud.google.com/go/secretmanager v1.13.5 cloud.google.com/go/storage v1.43.0 dario.cat/mergo v1.0.0 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible @@ -38,29 +38,29 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6 v6.0.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6 v6.0.0 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0 - github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.3.2 + github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.4.0 github.com/BurntSushi/toml v1.4.0 - github.com/aws/aws-sdk-go v1.54.17 - github.com/aws/aws-sdk-go-v2 v1.30.1 - github.com/aws/aws-sdk-go-v2/config v1.27.24 - github.com/aws/aws-sdk-go-v2/credentials v1.17.24 - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.9 - github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.5 - github.com/aws/aws-sdk-go-v2/service/autoscaling v1.43.1 - github.com/aws/aws-sdk-go-v2/service/cloudfront v1.38.2 - github.com/aws/aws-sdk-go-v2/service/ec2 v1.168.0 - github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.33.1 - github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.23.1 - github.com/aws/aws-sdk-go-v2/service/s3 v1.58.0 - github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.32.1 + github.com/aws/aws-sdk-go v1.55.5 + github.com/aws/aws-sdk-go-v2 v1.30.3 + github.com/aws/aws-sdk-go-v2/config v1.27.27 + github.com/aws/aws-sdk-go-v2/credentials v1.17.27 + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11 + github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.10 + github.com/aws/aws-sdk-go-v2/service/autoscaling v1.43.3 + github.com/aws/aws-sdk-go-v2/service/cloudfront v1.38.4 + github.com/aws/aws-sdk-go-v2/service/ec2 v1.173.0 + github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.34.0 + github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.23.3 + github.com/aws/aws-sdk-go-v2/service/s3 v1.58.3 + github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.32.4 github.com/aws/smithy-go v1.20.3 - github.com/bazelbuild/buildtools v0.0.0-20240626162158-92a716d768c0 - github.com/bazelbuild/rules_go v0.48.1 + github.com/bazelbuild/buildtools v0.0.0-20240804201302-37932ddd7230 + github.com/bazelbuild/rules_go v0.49.0 github.com/coreos/go-systemd/v22 v22.5.0 - github.com/docker/docker v26.1.4+incompatible + github.com/docker/docker v26.1.5+incompatible github.com/edgelesssys/go-azguestattestation v0.0.0-20240513062303-05f8770a633d github.com/edgelesssys/go-tdx-qpl v0.0.0-20240123150912-dcad3c41ec5f - github.com/foxboron/go-uefi v0.0.0-20240522180132-205d5597883a + github.com/foxboron/go-uefi v0.0.0-20240805124652-e2076f0e58ca github.com/fsnotify/fsnotify v1.7.0 github.com/go-playground/locales v0.14.1 github.com/go-playground/universal-translator v0.18.1 @@ -71,8 +71,8 @@ require ( github.com/google/go-tpm v0.9.1 github.com/google/go-tpm-tools v0.4.4 github.com/google/uuid v1.6.0 - github.com/googleapis/gax-go/v2 v2.12.5 - github.com/gophercloud/gophercloud v1.13.0 + github.com/googleapis/gax-go/v2 v2.13.0 + github.com/gophercloud/gophercloud v1.14.0 github.com/gophercloud/utils v0.0.0-20231010081019-80377eca5d56 github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.1.0 github.com/hashicorp/go-kms-wrapping/v2 v2.0.16 @@ -80,7 +80,7 @@ require ( github.com/hashicorp/go-kms-wrapping/wrappers/azurekeyvault/v2 v2.0.11 github.com/hashicorp/go-kms-wrapping/wrappers/gcpckms/v2 v2.0.12 github.com/hashicorp/go-version v1.7.0 - github.com/hashicorp/hc-install v0.7.0 + github.com/hashicorp/hc-install v0.8.0 github.com/hashicorp/hcl/v2 v2.21.0 github.com/hashicorp/terraform-exec v0.21.0 github.com/hashicorp/terraform-json v0.22.1 @@ -93,59 +93,59 @@ require ( github.com/martinjungblut/go-cryptsetup v0.0.0-20220520180014-fd0874fd07a6 github.com/mattn/go-isatty v0.0.20 github.com/mitchellh/go-homedir v1.1.0 - github.com/onsi/ginkgo/v2 v2.19.0 - github.com/onsi/gomega v1.33.1 + github.com/onsi/ginkgo/v2 v2.19.1 + github.com/onsi/gomega v1.34.1 github.com/pkg/errors v0.9.1 - github.com/regclient/regclient v0.6.1 + github.com/regclient/regclient v0.7.1 github.com/rogpeppe/go-internal v1.12.0 - github.com/samber/slog-multi v1.1.0 - github.com/schollz/progressbar/v3 v3.14.4 + github.com/samber/slog-multi v1.2.0 + github.com/schollz/progressbar/v3 v3.14.6 github.com/secure-systems-lab/go-securesystemslib v0.8.0 github.com/siderolabs/talos/pkg/machinery v1.7.5 github.com/sigstore/rekor v1.3.6 - github.com/sigstore/sigstore v1.8.6 + github.com/sigstore/sigstore v1.8.7 github.com/spf13/afero v1.11.0 github.com/spf13/cobra v1.8.1 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.9.0 github.com/tink-crypto/tink-go/v2 v2.2.0 github.com/vincent-petithory/dataurl v1.0.0 - go.etcd.io/etcd/api/v3 v3.5.14 - go.etcd.io/etcd/client/pkg/v3 v3.5.14 - go.etcd.io/etcd/client/v3 v3.5.14 + go.etcd.io/etcd/api/v3 v3.5.15 + go.etcd.io/etcd/client/pkg/v3 v3.5.15 + go.etcd.io/etcd/client/v3 v3.5.15 go.uber.org/goleak v1.3.0 golang.org/x/crypto v0.25.0 - golang.org/x/exp v0.0.0-20240707233637-46b078467d37 - golang.org/x/mod v0.19.0 - golang.org/x/sys v0.22.0 + golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 + golang.org/x/mod v0.20.0 + golang.org/x/sys v0.23.0 golang.org/x/text v0.16.0 golang.org/x/tools v0.23.0 - google.golang.org/api v0.188.0 + google.golang.org/api v0.190.0 google.golang.org/grpc v1.65.0 google.golang.org/protobuf v1.34.2 gopkg.in/yaml.v3 v3.0.1 - helm.sh/helm/v3 v3.15.2 - k8s.io/api v0.30.2 - k8s.io/apiextensions-apiserver v0.30.2 - k8s.io/apimachinery v0.30.2 - k8s.io/apiserver v0.30.2 - k8s.io/client-go v0.30.2 - k8s.io/cluster-bootstrap v0.30.2 - k8s.io/kubelet v0.30.2 + helm.sh/helm/v3 v3.15.3 + k8s.io/api v0.30.3 + k8s.io/apiextensions-apiserver v0.30.3 + k8s.io/apimachinery v0.30.3 + k8s.io/apiserver v0.30.3 + k8s.io/client-go v0.30.3 + k8s.io/cluster-bootstrap v0.30.3 + k8s.io/kubelet v0.30.3 k8s.io/kubernetes v1.30.3 - k8s.io/mount-utils v0.30.2 - k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 - libvirt.org/go/libvirt v1.10003.0 + k8s.io/mount-utils v0.30.3 + k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 + libvirt.org/go/libvirt v1.10005.0 sigs.k8s.io/controller-runtime v0.18.4 sigs.k8s.io/yaml v1.4.0 ) require ( cloud.google.com/go v0.115.0 // indirect - cloud.google.com/go/auth v0.7.0 // indirect - cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect - cloud.google.com/go/iam v1.1.10 // indirect - cloud.google.com/go/longrunning v0.5.9 // indirect + cloud.google.com/go/auth v0.7.3 // indirect + cloud.google.com/go/auth/oauth2adapt v0.2.3 // indirect + cloud.google.com/go/iam v1.1.12 // indirect + cloud.google.com/go/longrunning v0.5.11 // indirect github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0 // indirect @@ -173,17 +173,17 @@ require ( github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.3 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.13 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.13 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect - github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.13 // indirect + github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.15 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.15 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.15 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.13 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.22.1 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.2 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.30.1 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.17 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.15 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.22.4 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.30.3 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver v3.5.1+incompatible // indirect github.com/blang/semver/v4 v4.0.0 // indirect @@ -218,8 +218,8 @@ require ( github.com/go-errors/errors v1.4.2 // indirect github.com/go-gorp/gorp/v3 v3.1.0 // indirect github.com/go-jose/go-jose/v3 v3.0.3 // indirect - github.com/go-jose/go-jose/v4 v4.0.1 // indirect - github.com/go-logr/logr v1.4.1 // indirect + github.com/go-jose/go-jose/v4 v4.0.2 // indirect + github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-logr/zapr v1.3.0 // indirect github.com/go-openapi/analysis v0.23.0 // indirect @@ -245,12 +245,12 @@ require ( github.com/google/go-attestation v0.5.1 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-configfs-tsm v0.2.2 // indirect - github.com/google/go-containerregistry v0.19.2 // indirect + github.com/google/go-containerregistry v0.20.0 // indirect github.com/google/go-tspi v0.3.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/logger v1.1.1 // indirect github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 // indirect - github.com/google/s2a-go v0.1.7 // indirect + github.com/google/s2a-go v0.1.8 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect github.com/gorilla/mux v1.8.1 // indirect @@ -280,7 +280,7 @@ require ( github.com/jmoiron/sqlx v1.3.5 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/klauspost/compress v1.17.8 // indirect + github.com/klauspost/compress v1.17.9 // indirect github.com/kylelemons/godebug v1.1.0 // indirect github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect @@ -359,13 +359,13 @@ require ( golang.org/x/time v0.5.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.8 // indirect - google.golang.org/genproto v0.0.0-20240708141625-4ad9e859172b // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240708141625-4ad9e859172b // indirect + google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect k8s.io/cli-runtime v0.30.0 // indirect - k8s.io/component-base v0.30.2 // indirect + k8s.io/component-base v0.30.3 // indirect k8s.io/klog/v2 v2.120.1 // indirect k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect k8s.io/kubectl v0.30.0 // indirect diff --git a/go.sum b/go.sum index 215298ae5..2262c3c92 100644 --- a/go.sum +++ b/go.sum @@ -7,26 +7,26 @@ cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTj cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= cloud.google.com/go v0.115.0 h1:CnFSK6Xo3lDYRoBKEcAtia6VSC837/ZkJuRduSFnr14= cloud.google.com/go v0.115.0/go.mod h1:8jIM5vVgoAEoiVxQ/O4BFTfHqulPZgs/ufEzMcFMdWU= -cloud.google.com/go/auth v0.7.0 h1:kf/x9B3WTbBUHkC+1VS8wwwli9TzhSt0vSTVBmMR8Ts= -cloud.google.com/go/auth v0.7.0/go.mod h1:D+WqdrpcjmiCgWrXmLLxOVq1GACoE36chW6KXoEvuIw= -cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4= -cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= +cloud.google.com/go/auth v0.7.3 h1:98Vr+5jMaCZ5NZk6e/uBgf60phTk/XN84r8QEWB9yjY= +cloud.google.com/go/auth v0.7.3/go.mod h1:HJtWUx1P5eqjy/f6Iq5KeytNpbAcGolPhOgyop2LlzA= +cloud.google.com/go/auth/oauth2adapt v0.2.3 h1:MlxF+Pd3OmSudg/b1yZ5lJwoXCEaeedAguodky1PcKI= +cloud.google.com/go/auth/oauth2adapt v0.2.3/go.mod h1:tMQXOfZzFuNuUxOypHlQEXgdfX5cuhwU+ffUuXRJE8I= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= -cloud.google.com/go/compute v1.27.2 h1:5cE5hdrwJV/92ravlwIFRGnyH9CpLGhh4N0ZDVTU+BA= -cloud.google.com/go/compute v1.27.2/go.mod h1:YQuHkNEwP3bIz4LBYQqf4DIMfFtTDtnEgnwG0mJQQ9I= -cloud.google.com/go/compute/metadata v0.4.0 h1:vHzJCWaM4g8XIcm8kopr3XmDA4Gy/lblD3EhhSux05c= -cloud.google.com/go/compute/metadata v0.4.0/go.mod h1:SIQh1Kkb4ZJ8zJ874fqVkslA29PRXuleyj6vOzlbK7M= +cloud.google.com/go/compute v1.27.4 h1:XM8ulx6crjdl09XBfji7viFgZOEQuIxBwKmjRH9Rtmc= +cloud.google.com/go/compute v1.27.4/go.mod h1:7JZS+h21ERAGHOy5qb7+EPyXlQwzshzrx1x6L9JhTqU= +cloud.google.com/go/compute/metadata v0.5.0 h1:Zr0eK8JbFv6+Wi4ilXAR8FJ3wyNdpxHKJNPos6LTZOY= +cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= -cloud.google.com/go/iam v1.1.10 h1:ZSAr64oEhQSClwBL670MsJAW5/RLiC6kfw3Bqmd5ZDI= -cloud.google.com/go/iam v1.1.10/go.mod h1:iEgMq62sg8zx446GCaijmA2Miwg5o3UbO+nI47WHJps= -cloud.google.com/go/kms v1.18.2 h1:EGgD0B9k9tOOkbPhYW1PHo2W0teamAUYMOUIcDRMfPk= -cloud.google.com/go/kms v1.18.2/go.mod h1:YFz1LYrnGsXARuRePL729oINmN5J/5e7nYijgvfiIeY= -cloud.google.com/go/longrunning v0.5.9 h1:haH9pAuXdPAMqHvzX0zlWQigXT7B0+CL4/2nXXdBo5k= -cloud.google.com/go/longrunning v0.5.9/go.mod h1:HD+0l9/OOW0za6UWdKJtXoFAX/BGg/3Wj8p10NeWF7c= +cloud.google.com/go/iam v1.1.12 h1:JixGLimRrNGcxvJEQ8+clfLxPlbeZA6MuRJ+qJNQ5Xw= +cloud.google.com/go/iam v1.1.12/go.mod h1:9LDX8J7dN5YRyzVHxwQzrQs9opFFqn0Mxs9nAeB+Hhg= +cloud.google.com/go/kms v1.18.4 h1:dYN3OCsQ6wJLLtOnI8DGUwQ5shMusXsWCCC+s09ATsk= +cloud.google.com/go/kms v1.18.4/go.mod h1:SG1bgQ3UWW6/KdPo9uuJnzELXY5YTTMJtDYvajiQ22g= +cloud.google.com/go/longrunning v0.5.11 h1:Havn1kGjz3whCfoD8dxMLP73Ph5w+ODyZB9RUsDxtGk= +cloud.google.com/go/longrunning v0.5.11/go.mod h1:rDn7//lmlfWV1Dx6IB4RatCPenTwwmqXuiP0/RgoEO4= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= -cloud.google.com/go/secretmanager v1.13.3 h1:VqUVYY3U6uFXOhPdZgAoZH9m8E6p7eK02TsDRj2SBf4= -cloud.google.com/go/secretmanager v1.13.3/go.mod h1:e45+CxK0w6GaL4hS+KabgQskl4RdSS30b+HRf0TH0kk= +cloud.google.com/go/secretmanager v1.13.5 h1:tXlHvpm97mFD0Lv50N4U4zlXfkoTNay3BmpNA/W7/oI= +cloud.google.com/go/secretmanager v1.13.5/go.mod h1:/OeZ88l5Z6nBVilV0SXgv6XJ243KP2aIhSWRMrbvDCQ= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.43.0 h1:CcxnSohZwizt4LCzQHWvBf1/kvtHUn7gk9QERXPyXFs= cloud.google.com/go/storage v1.43.0/go.mod h1:ajvxEa7WmZS1PxvKRq4bq0tFT3vMd502JwstCcYv0Q0= @@ -59,14 +59,14 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6 v6.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6 v6.0.0/go.mod h1:ulHyBFJOI0ONiRL4vcJTmS7rx18jQQlEPmAgo80cRdM= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 h1:Dd+RhdJn0OTtVGaeDLZpcumkIVCtA/3/Fo42+eoYvVM= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0/go.mod h1:5kakwfW5CjC9KK+Q4wjXAg+ShuIm2mBMua0ZFj2C8PE= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.5.0 h1:AifHbc4mg0x9zW52WOpKbsHaDKuRhlI7TVl47thgQ70= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.5.0/go.mod h1:T5RfihdXtBDxt1Ch2wobif3TvzTdumDy29kahv6AV9A= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.6.0 h1:PiSrjRPpkQNjrM8H0WwKMnZUdu1RGMtd/LdGKUrOo+c= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.6.0/go.mod h1:oDrbWx4ewMylP7xHivfgixbfGBT6APAwsSoHRKotnIc= github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0 h1:h4Zxgmi9oyZL2l8jeg1iRTqPloHktywWcu0nlJmo1tA= github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0/go.mod h1:LgLGXawqSreJz135Elog0ywTJDsm0Hz2k+N+6ZK35u8= github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 h1:D3occbWoio4EBLkbkevetNMAVX197GkzbUMtqjGWn80= github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0/go.mod h1:bTSOgj05NGRuHHhQwAdPnYr9TOdNmKlZTgGLL6nyAdI= -github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.3.2 h1:YUUxeiOWgdAQE3pXt2H7QXzZs0q8UBjgRbl56qo8GYM= -github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.3.2/go.mod h1:dmXQgZuiSubAecswZE+Sm8jkvEa7kQgTPVRvwL/nd0E= +github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.4.0 h1:Be6KInmFEKV81c0pOAEbRYehLMwmmGI1exuFj248AMk= +github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.4.0/go.mod h1:WCPBHsOXfBVnivScjs2ypRfimjEW0qPVLGgJkZlrIOA= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= @@ -134,62 +134,62 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/aws/aws-sdk-go v1.30.27/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= -github.com/aws/aws-sdk-go v1.54.17 h1:ZV/qwcCIhMHgsJ6iXXPVYI0s1MdLT+5LW28ClzCUPeI= -github.com/aws/aws-sdk-go v1.54.17/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= -github.com/aws/aws-sdk-go-v2 v1.30.1 h1:4y/5Dvfrhd1MxRDD77SrfsDaj8kUkkljU7XE83NPV+o= -github.com/aws/aws-sdk-go-v2 v1.30.1/go.mod h1:nIQjQVp5sfpQcTc9mPSr1B0PaWK5ByX9MOoDadSN4lc= +github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU= +github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go-v2 v1.30.3 h1:jUeBtG0Ih+ZIFH0F4UkmL9w3cSpaMv9tYYDbzILP8dY= +github.com/aws/aws-sdk-go-v2 v1.30.3/go.mod h1:nIQjQVp5sfpQcTc9mPSr1B0PaWK5ByX9MOoDadSN4lc= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.3 h1:tW1/Rkad38LA15X4UQtjXZXNKsCgkshC3EbmcUmghTg= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.3/go.mod h1:UbnqO+zjqk3uIt9yCACHJ9IVNhyhOCnYk8yA19SAWrM= -github.com/aws/aws-sdk-go-v2/config v1.27.24 h1:NM9XicZ5o1CBU/MZaHwFtimRpWx9ohAUAqkG6AqSqPo= -github.com/aws/aws-sdk-go-v2/config v1.27.24/go.mod h1:aXzi6QJTuQRVVusAO8/NxpdTeTyr/wRcybdDtfUwJSs= -github.com/aws/aws-sdk-go-v2/credentials v1.17.24 h1:YclAsrnb1/GTQNt2nzv+756Iw4mF8AOzcDfweWwwm/M= -github.com/aws/aws-sdk-go-v2/credentials v1.17.24/go.mod h1:Hld7tmnAkoBQdTMNYZGzztzKRdA4fCdn9L83LOoigac= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.9 h1:Aznqksmd6Rfv2HQN9cpqIV/lQRMaIpJkLLaJ1ZI76no= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.9/go.mod h1:WQr3MY7AxGNxaqAtsDWn+fBxmd4XvLkzeqQ8P1VM0/w= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.5 h1:qkipTyOc+ElVS+TgGJCf/6gqu0CL5+ii19W/eMQfY94= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.5/go.mod h1:UjB35RXl+ESpnVtyaKqdw11NhMxm90lF9o2zqJNbi14= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.13 h1:5SAoZ4jYpGH4721ZNoS1znQrhOfZinOhc4XuTXx/nVc= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.13/go.mod h1:+rdA6ZLpaSeM7tSg/B0IEDinCIBJGmW8rKDFkYpP04g= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.13 h1:WIijqeaAO7TYFLbhsZmi2rgLEAtWOC1LhxCAVTJlSKw= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.13/go.mod h1:i+kbfa76PQbWw/ULoWnp51EYVWH4ENln76fLQE3lXT8= +github.com/aws/aws-sdk-go-v2/config v1.27.27 h1:HdqgGt1OAP0HkEDDShEl0oSYa9ZZBSOmKpdpsDMdO90= +github.com/aws/aws-sdk-go-v2/config v1.27.27/go.mod h1:MVYamCg76dFNINkZFu4n4RjDixhVr51HLj4ErWzrVwg= +github.com/aws/aws-sdk-go-v2/credentials v1.17.27 h1:2raNba6gr2IfA0eqqiP2XiQ0UVOpGPgDSi0I9iAP+UI= +github.com/aws/aws-sdk-go-v2/credentials v1.17.27/go.mod h1:gniiwbGahQByxan6YjQUMcW4Aov6bLC3m+evgcoN4r4= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11 h1:KreluoV8FZDEtI6Co2xuNk/UqI9iwMrOx/87PBNIKqw= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11/go.mod h1:SeSUYBLsMYFoRvHE0Tjvn7kbxaUhl75CJi1sbfhMxkU= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.10 h1:zeN9UtUlA6FTx0vFSayxSX32HDw73Yb6Hh2izDSFxXY= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.10/go.mod h1:3HKuexPDcwLWPaqpW2UR/9n8N/u/3CKcGAzSs8p8u8g= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15 h1:SoNJ4RlFEQEbtDcCEt+QG56MY4fm4W8rYirAmq+/DdU= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15/go.mod h1:U9ke74k1n2bf+RIgoX1SXFed1HLs51OgUSs+Ph0KJP8= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15 h1:C6WHdGnTDIYETAm5iErQUiVNsclNx9qbJVPIt03B6bI= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15/go.mod h1:ZQLZqhcu+JhSrA9/NXRm8SkDvsycE+JkV3WGY41e+IM= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.13 h1:THZJJ6TU/FOiM7DZFnisYV9d49oxXWUzsVIMTuf3VNU= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.13/go.mod h1:VISUTg6n+uBaYIWPBaIG0jk7mbBxm7DUqBtU2cUDDWI= -github.com/aws/aws-sdk-go-v2/service/autoscaling v1.43.1 h1:nV3iVzSwz69etCRlmifzbxueN9KnnCq0hQow9ezJSzU= -github.com/aws/aws-sdk-go-v2/service/autoscaling v1.43.1/go.mod h1:SR3acVqfWMo5J4hI3WHHP0+cgC5yvEVjG9PJXtbOqQg= -github.com/aws/aws-sdk-go-v2/service/cloudfront v1.38.2 h1:TMeILwDLX08G1Ws+jJIlzjqxWxPHdVjHgrbq+joq28s= -github.com/aws/aws-sdk-go-v2/service/cloudfront v1.38.2/go.mod h1:bwqYM+9SeyLaryGx6R3ssp3d0CZvAvDrvUe3GCHZ1oM= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.168.0 h1:xOPq0agGC1WMZvFpSZCKEjDVAQnLPZJZGvjuPVF2t9M= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.168.0/go.mod h1:CtLD6CPq9z9dyMxV+H6/M5d9+/ea3dO80um029GXqV0= -github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.33.1 h1:XuwjSEGfLxo6UJtpJVy/E80GpE1gNclDBv5k1nTQcCs= -github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.33.1/go.mod h1:74D8OQ00uEvvpuG5e4VX+/2v3MC2pltRtzNyXJnEjrI= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.15 h1:Z5r7SycxmSllHYmaAZPpmN8GviDrSGhMS6bldqtXZPw= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.15/go.mod h1:CetW7bDE00QoGEmPUoZuRog07SGVAUVW6LFpNP0YfIg= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.43.3 h1:y4kBd6IXizNoJ1QnVa1kFFmonxnv6mm6z+q7z0Jkdhg= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.43.3/go.mod h1:j2WsKJ/NQS+y8JUgpv+BBzyzddNZP2SG60fB5aQBZaA= +github.com/aws/aws-sdk-go-v2/service/cloudfront v1.38.4 h1:I/sQ9uGOs72/483obb2SPoa9ZEsYGbel6jcTTwD/0zU= +github.com/aws/aws-sdk-go-v2/service/cloudfront v1.38.4/go.mod h1:P6ByphKl2oNQZlv4WsCaLSmRncKEcOnbitYLtJPfqZI= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.173.0 h1:ta62lid9JkIpKZtZZXSj6rP2AqY5x1qYGq53ffxqD9Q= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.173.0/go.mod h1:o6QDjdVKpP5EF0dp/VlvqckzuSDATr1rLdHt3A5m0YY= +github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.34.0 h1:8rDRtPOu3ax8jEctw7G926JQlnFdhZZA4KJzQ+4ks3Q= +github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.34.0/go.mod h1:L5bVuO4PeXuDuMYZfL3IW69E6mz6PDCYpp6IKDlcLMA= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 h1:dT3MqvGhSoaIhRseqw2I0yH81l7wiR2vjs57O51EAm8= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3/go.mod h1:GlAeCkHwugxdHaueRr4nhPuY+WW+gR8UjlcqzPr1SPI= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.15 h1:2jyRZ9rVIMisyQRnhSS/SqlckveoxXneIumECVFP91Y= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.15/go.mod h1:bDRG3m382v1KJBk1cKz7wIajg87/61EiiymEyfLvAe0= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.15 h1:I9zMeF107l0rJrpnHpjEiiTSCKYAIw8mALiXcPsGBiA= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.15/go.mod h1:9xWJ3Q/S6Ojusz1UIkfycgD1mGirJfLLKqq3LPT7WN8= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.13 h1:Eq2THzHt6P41mpjS2sUzz/3dJYFRqdWZ+vQaEMm98EM= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.13/go.mod h1:FgwTca6puegxgCInYwGjmd4tB9195Dd6LCuA+8MjpWw= -github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.23.1 h1:FW82vjO+OizFvwSYsSVXVnkt11+zuRXFFPXBUDqFl5U= -github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.23.1/go.mod h1:v8G7VgEsStrvK8Wu0UdJjhnIaU1Rvnikwz3IAv0027w= -github.com/aws/aws-sdk-go-v2/service/s3 v1.58.0 h1:4rhV0Hn+bf8IAIUphRX1moBcEvKJipCPmswMCl6Q5mw= -github.com/aws/aws-sdk-go-v2/service/s3 v1.58.0/go.mod h1:hdV0NTYd0RwV4FvNKhKUNbPLZoq9CTr/lke+3I7aCAI= -github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.32.1 h1:ZoYRD8IJqPkzjBnpokiMNO6L/DQprtpVpD6k0YSaF5U= -github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.32.1/go.mod h1:GlRarZzIMl9VDi0mLQt+qQOuEkVFPnTkkjyugV1uVa8= -github.com/aws/aws-sdk-go-v2/service/sso v1.22.1 h1:p1GahKIjyMDZtiKoIn0/jAj/TkMzfzndDv5+zi2Mhgc= -github.com/aws/aws-sdk-go-v2/service/sso v1.22.1/go.mod h1:/vWdhoIoYA5hYoPZ6fm7Sv4d8701PiG5VKe8/pPJL60= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.2 h1:ORnrOK0C4WmYV/uYt3koHEWBLYsRDwk2Np+eEoyV4Z0= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.2/go.mod h1:xyFHA4zGxgYkdD73VeezHt3vSKEG9EmFnGwoKlP00u4= -github.com/aws/aws-sdk-go-v2/service/sts v1.30.1 h1:+woJ607dllHJQtsnJLi52ycuqHMwlW+Wqm2Ppsfp4nQ= -github.com/aws/aws-sdk-go-v2/service/sts v1.30.1/go.mod h1:jiNR3JqT15Dm+QWq2SRgh0x0bCNSRP2L25+CqPNpJlQ= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.17 h1:YPYe6ZmvUfDDDELqEKtAd6bo8zxhkm+XEFEzQisqUIE= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.17/go.mod h1:oBtcnYua/CgzCWYN7NZ5j7PotFDaFSUjCYVTtfyn7vw= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17 h1:HGErhhrxZlQ044RiM+WdoZxp0p+EGM62y3L6pwA4olE= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17/go.mod h1:RkZEx4l0EHYDJpWppMJ3nD9wZJAa8/0lq9aVC+r2UII= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.15 h1:246A4lSTXWJw/rmlQI+TT2OcqeDMKBdyjEQrafMaQdA= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.15/go.mod h1:haVfg3761/WF7YPuJOER2MP0k4UAXyHaLclKXB6usDg= +github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.23.3 h1:ByynKMsGZGmpUpnQ99y+lS7VxZrNt3mdagCnHd011Kk= +github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.23.3/go.mod h1:ZR4h87npHPuVQ2SEeoWMe+CO/HcS9g2iYMLnT5HawW8= +github.com/aws/aws-sdk-go-v2/service/s3 v1.58.3 h1:hT8ZAZRIfqBqHbzKTII+CIiY8G2oC9OpLedkZ51DWl8= +github.com/aws/aws-sdk-go-v2/service/s3 v1.58.3/go.mod h1:Lcxzg5rojyVPU/0eFwLtcyTaek/6Mtic5B1gJo7e/zE= +github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.32.4 h1:NgRFYyFpiMD62y4VPXh4DosPFbZd4vdMVBWKk0VmWXc= +github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.32.4/go.mod h1:TKKN7IQoM7uTnyuFm9bm9cw5P//ZYTl4m3htBWQ1G/c= +github.com/aws/aws-sdk-go-v2/service/sso v1.22.4 h1:BXx0ZIxvrJdSgSvKTZ+yRBeSqqgPM89VPlulEcl37tM= +github.com/aws/aws-sdk-go-v2/service/sso v1.22.4/go.mod h1:ooyCOXjvJEsUw7x+ZDHeISPMhtwI3ZCB7ggFMcFfWLU= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4 h1:yiwVzJW2ZxZTurVbYWA7QOrAaCYQR72t0wrSBfoesUE= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4/go.mod h1:0oxfLkpz3rQ/CHlx5hB7H69YUpFiI1tql6Q6Ne+1bCw= +github.com/aws/aws-sdk-go-v2/service/sts v1.30.3 h1:ZsDKRLXGWHk8WdtyYMoGNO7bTudrvuKpDKgMVRlepGE= +github.com/aws/aws-sdk-go-v2/service/sts v1.30.3/go.mod h1:zwySh8fpFyXp9yOr/KVzxOl8SRqgf/IDw5aUt9UKFcQ= github.com/aws/smithy-go v1.20.3 h1:ryHwveWzPV5BIof6fyDvor6V3iUL7nTfiTKXHiW05nE= github.com/aws/smithy-go v1.20.3/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= -github.com/bazelbuild/buildtools v0.0.0-20240626162158-92a716d768c0 h1:tVa7swb7n+9X2nS9XsCqOQ7ZGm0t+t11vWYTKoFiWB8= -github.com/bazelbuild/buildtools v0.0.0-20240626162158-92a716d768c0/go.mod h1:689QdV3hBP7Vo9dJMmzhoYIyo/9iMhEmHkJcnaPRCbo= -github.com/bazelbuild/rules_go v0.48.1 h1:uFAO3cNJyiZlf3r4HzApyMDiNch7lU0VtQBHrjnfCyw= -github.com/bazelbuild/rules_go v0.48.1/go.mod h1:Dhcz716Kqg1RHNWos+N6MlXNkjNP2EwZQ0LukRKJfMs= +github.com/bazelbuild/buildtools v0.0.0-20240804201302-37932ddd7230 h1:KaVZjqijBr8cjmGm8rnM+7fuQ69d2AZN+gFQA2MBKhY= +github.com/bazelbuild/buildtools v0.0.0-20240804201302-37932ddd7230/go.mod h1:yBQGNvRAGhcBTxe4MHiW3Ul7DwoBim4XsKUaXnW1LWc= +github.com/bazelbuild/rules_go v0.49.0 h1:5vCbuvy8Q11g41lseGJDc5vxhDjJtfxr6nM/IC4VmqM= +github.com/bazelbuild/rules_go v0.49.0/go.mod h1:Dhcz716Kqg1RHNWos+N6MlXNkjNP2EwZQ0LukRKJfMs= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -275,8 +275,8 @@ github.com/docker/cli v25.0.1+incompatible h1:mFpqnrS6Hsm3v1k7Wa/BO23oz0k121MTbT github.com/docker/cli v25.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v26.1.4+incompatible h1:vuTpXDuoga+Z38m1OZHzl7NKisKWaWlhjQk7IDPSLsU= -github.com/docker/docker v26.1.4+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v26.1.5+incompatible h1:NEAxTwEjxV6VbBMBoGG3zPqbiJosIApZjxlbrG9q3/g= +github.com/docker/docker v26.1.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= @@ -314,8 +314,8 @@ github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4Nij github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= -github.com/foxboron/go-uefi v0.0.0-20240522180132-205d5597883a h1:Q/VIO3QAlaF95JqVVF39udInPR76lu02yrMDInavm8Q= -github.com/foxboron/go-uefi v0.0.0-20240522180132-205d5597883a/go.mod h1:ffg/fkDeOYicEQLoO2yFFGt00KUTYVXI+rfnc8il6vQ= +github.com/foxboron/go-uefi v0.0.0-20240805124652-e2076f0e58ca h1:ErxkaWK5AIt8gQf3KpAuQQBdZI4ps72HzEe123kh+So= +github.com/foxboron/go-uefi v0.0.0-20240805124652-e2076f0e58ca/go.mod h1:ffg/fkDeOYicEQLoO2yFFGt00KUTYVXI+rfnc8il6vQ= github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI= github.com/foxcpp/go-mockdns v1.0.0/go.mod h1:lgRN6+KxQBawyIghpnl5CezHFGS9VLzvtVlwxvzXTQ4= github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= @@ -341,14 +341,14 @@ github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw= github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= -github.com/go-jose/go-jose/v4 v4.0.1 h1:QVEPDE3OluqXBQZDcnNvQrInro2h0e4eqNbnZSWqS6U= -github.com/go-jose/go-jose/v4 v4.0.1/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= +github.com/go-jose/go-jose/v4 v4.0.2 h1:R3l3kkBds16bO7ZFAEEcofK0MkrAJt3jlJznWZG0nvk= +github.com/go-jose/go-jose/v4 v4.0.2/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= -github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= @@ -459,8 +459,8 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-configfs-tsm v0.2.2 h1:YnJ9rXIOj5BYD7/0DNnzs8AOp7UcvjfTvt215EWcs98= github.com/google/go-configfs-tsm v0.2.2/go.mod h1:EL1GTDFMb5PZQWDviGfZV9n87WeGTR/JUg13RfwkgRo= -github.com/google/go-containerregistry v0.19.2 h1:TannFKE1QSajsP6hPWb5oJNgKe1IKjHukIKDUmvsV6w= -github.com/google/go-containerregistry v0.19.2/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= +github.com/google/go-containerregistry v0.20.0 h1:wRqHpOeVh3DnenOrPy9xDOLdnLatiGuuNRVelR2gSbg= +github.com/google/go-containerregistry v0.20.0/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= github.com/google/go-sev-guest v0.11.1 h1:gnww4U8fHV5DCPz4gykr1s8SEX1fFNcxCBy+vvXN24k= github.com/google/go-sev-guest v0.11.1/go.mod h1:qBOfb+JmgsUI3aUyzQoGC13Kpp9zwLeWvuyXmA9q77w= github.com/google/go-tdx-guest v0.3.1 h1:gl0KvjdsD4RrJzyLefDOvFOUH3NAJri/3qvaL5m83Iw= @@ -485,8 +485,8 @@ github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OI github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= -github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= +github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= +github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -498,11 +498,11 @@ github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfF github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/gax-go/v2 v2.12.5 h1:8gw9KZK8TiVKB6q3zHY3SBzLnrGp6HQjyfYBYGmXdxA= -github.com/googleapis/gax-go/v2 v2.12.5/go.mod h1:BUDKcWo+RaKq5SC9vVYL0wLADa3VcfswbOMMRmB9H3E= +github.com/googleapis/gax-go/v2 v2.13.0 h1:yitjD5f7jQHhyDsnhKEBU52NdvvdSeGzlAnDPT0hH1s= +github.com/googleapis/gax-go/v2 v2.13.0/go.mod h1:Z/fvTZXF8/uw7Xu5GuslPw+bplx6SS338j1Is2S+B7A= github.com/gophercloud/gophercloud v1.3.0/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM= -github.com/gophercloud/gophercloud v1.13.0 h1:8iY9d1DAbzMW6Vok1AxbbK5ZaUjzMp0tdyt4fX9IeJ0= -github.com/gophercloud/gophercloud v1.13.0/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM= +github.com/gophercloud/gophercloud v1.14.0 h1:Bt9zQDhPrbd4qX7EILGmy+i7GP35cc+AAL2+wIJpUE8= +github.com/gophercloud/gophercloud v1.14.0/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM= github.com/gophercloud/utils v0.0.0-20231010081019-80377eca5d56 h1:sH7xkTfYzxIEgzq1tDHIMKRh1vThOEOGNsettdEeLbE= github.com/gophercloud/utils v0.0.0-20231010081019-80377eca5d56/go.mod h1:VSalo4adEk+3sNkmVJLnhHoOyOYYS8sTWLG4mv5BKto= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= @@ -574,8 +574,8 @@ github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc= github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= -github.com/hashicorp/hc-install v0.7.0 h1:Uu9edVqjKQxxuD28mR5TikkKDd/p55S8vzPC1659aBk= -github.com/hashicorp/hc-install v0.7.0/go.mod h1:ELmmzZlGnEcqoUMKUuykHaPCIR1sYLYX+KSggWSKZuA= +github.com/hashicorp/hc-install v0.8.0 h1:LdpZeXkZYMQhoKPCecJHlKvUkQFixN/nvyR1CdfOLjI= +github.com/hashicorp/hc-install v0.8.0/go.mod h1:+MwJYjDfCruSD/udvBmRB22Nlkwwkwf5sAB6uTIhSaU= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/hcl/v2 v2.21.0 h1:lve4q/o/2rqwYOgUg3y3V2YPyD1/zkCLGjIV74Jit14= github.com/hashicorp/hcl/v2 v2.21.0/go.mod h1:62ZYHrXgPoX8xBnzl8QzbWq4dyDsDtfCRgIq1rbJEvA= @@ -652,8 +652,8 @@ github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.17.8 h1:YcnTYrq7MikUT7k0Yb5eceMmALQPYBW/Xltxn0NAMnU= -github.com/klauspost/compress v1.17.8/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= +github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= +github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= @@ -769,10 +769,10 @@ github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/olareg/olareg v0.1.0 h1:1dXBOgPrig5N7zoXyIZVQqU0QBo6sD9pbL6UYjY75CA= github.com/olareg/olareg v0.1.0/go.mod h1:RBuU7JW7SoIIxZKzLRhq8sVtQeAHzCAtRrXEBx2KlM4= -github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA= -github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= -github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= -github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= +github.com/onsi/ginkgo/v2 v2.19.1 h1:QXgq3Z8Crl5EL1WBAC98A5sEBHARrAJNzAmMxzLcRF0= +github.com/onsi/ginkgo/v2 v2.19.1/go.mod h1:O3DtEWQkPa/F7fBMgmZQKKsluAy8pd3rEQdrjkPb9zA= +github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= +github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0-rc6 h1:XDqvyKsJEbRtATzkgItUqBA7QHk58yxX1Ov9HERHNqU= @@ -824,8 +824,8 @@ github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDa github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= -github.com/regclient/regclient v0.6.1 h1:4PxrGxMXrLpPrSaet8QZl568CVOolyHyukLL9UyogoU= -github.com/regclient/regclient v0.6.1/go.mod h1:hCKbRHYMx6LJntAhXzWVV7Oxyn9DzNVJoOKJaSnU5BM= +github.com/regclient/regclient v0.7.1 h1:qEsJrTmZd98fZKjueAbrZCSNGU+ifnr6xjlSAs3WOPs= +github.com/regclient/regclient v0.7.1/go.mod h1:+w/BFtJuw0h0nzIw/z2+1FuA2/dVXBzDq4rYmziJpMc= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= @@ -842,14 +842,14 @@ github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQD github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/samber/lo v1.38.1 h1:j2XEAqXKb09Am4ebOg31SpvzUTTs6EN3VfgeLUhPdXM= github.com/samber/lo v1.38.1/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA= -github.com/samber/slog-multi v1.1.0 h1:m5wfpXE8Qu2gCiR/JnhFGsLcWDOmTxnso32EMffVAY0= -github.com/samber/slog-multi v1.1.0/go.mod h1:uLAvHpGqbYgX4FSL0p1ZwoLuveIAJvBECtE07XmYvFo= +github.com/samber/slog-multi v1.2.0 h1:JIebVdmeGkCMd5/ticlmU+aDYl4tdAZBmp5uLaSzr0k= +github.com/samber/slog-multi v1.2.0/go.mod h1:uLAvHpGqbYgX4FSL0p1ZwoLuveIAJvBECtE07XmYvFo= github.com/sassoftware/relic v7.2.1+incompatible h1:Pwyh1F3I0r4clFJXkSI8bOyJINGqpgjJU3DYAZeI05A= github.com/sassoftware/relic v7.2.1+incompatible/go.mod h1:CWfAxv73/iLZ17rbyhIEq3K9hs5w6FpNMdUT//qR+zk= github.com/sassoftware/relic/v7 v7.6.2 h1:rS44Lbv9G9eXsukknS4mSjIAuuX+lMq/FnStgmZlUv4= github.com/sassoftware/relic/v7 v7.6.2/go.mod h1:kjmP0IBVkJZ6gXeAu35/KCEfca//+PKM6vTAsyDPY+k= -github.com/schollz/progressbar/v3 v3.14.4 h1:W9ZrDSJk7eqmQhd3uxFNNcTr0QL+xuGNI9dEMrw0r74= -github.com/schollz/progressbar/v3 v3.14.4/go.mod h1:aT3UQ7yGm+2ZjeXPqsjTenwL3ddUiuZ0kfQ/2tHlyNI= +github.com/schollz/progressbar/v3 v3.14.6 h1:GyjwcWBAf+GFDMLziwerKvpuS7ZF+mNTAXIB2aspiZs= +github.com/schollz/progressbar/v3 v3.14.6/go.mod h1:Nrzpuw3Nl0srLY0VlTvC4V6RL50pcEymjy6qyJAaLa0= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/secure-systems-lab/go-securesystemslib v0.8.0 h1:mr5An6X45Kb2nddcFlbmfHkLguCE9laoZCUzEEpIZXA= github.com/secure-systems-lab/go-securesystemslib v0.8.0/go.mod h1:UH2VZVuJfCYR8WgMlCU1uFsOUU+KeyrTWcSS73NBOzU= @@ -863,8 +863,8 @@ github.com/siderolabs/talos/pkg/machinery v1.7.5 h1:M02UZSDfN0BB4bXhTYDjEmVvAIX1 github.com/siderolabs/talos/pkg/machinery v1.7.5/go.mod h1:OeamhNo92c3V96bddZNhcCgoRyzw2KWBtpma1lfchtg= github.com/sigstore/rekor v1.3.6 h1:QvpMMJVWAp69a3CHzdrLelqEqpTM3ByQRt5B5Kspbi8= github.com/sigstore/rekor v1.3.6/go.mod h1:JDTSNNMdQ/PxdsS49DJkJ+pRJCO/83nbR5p3aZQteXc= -github.com/sigstore/sigstore v1.8.6 h1:g066b/Nw5r5oxhNv4XqJUUzVcyf1b07itUueiQe7rZM= -github.com/sigstore/sigstore v1.8.6/go.mod h1:UOBrJd9JBQ81DrkpGljzsIFXEtfC30raHvLWFWG857U= +github.com/sigstore/sigstore v1.8.7 h1:L7/zKauHTg0d0Hukx7qlR4nifh6T6O6UIt9JBwAmTIg= +github.com/sigstore/sigstore v1.8.7/go.mod h1:MPiQ/NIV034Fc3Kk2IX9/XmBQdK60wfmpvgK9Z1UjRA= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= @@ -957,12 +957,12 @@ github.com/zclconf/go-cty v1.14.4/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgr github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940 h1:4r45xpDWB6ZMSMNJFMOjqrGHynW3DIBuR2H9j0ug+Mo= github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940/go.mod h1:CmBdvvj3nqzfzJ6nTCIwDTPZ56aVGvDrmztiO5g3qrM= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= -go.etcd.io/etcd/api/v3 v3.5.14 h1:vHObSCxyB9zlF60w7qzAdTcGaglbJOpSj1Xj9+WGxq0= -go.etcd.io/etcd/api/v3 v3.5.14/go.mod h1:BmtWcRlQvwa1h3G2jvKYwIQy4PkHlDej5t7uLMUdJUU= -go.etcd.io/etcd/client/pkg/v3 v3.5.14 h1:SaNH6Y+rVEdxfpA2Jr5wkEvN6Zykme5+YnbCkxvuWxQ= -go.etcd.io/etcd/client/pkg/v3 v3.5.14/go.mod h1:8uMgAokyG1czCtIdsq+AGyYQMvpIKnSvPjFMunkgeZI= -go.etcd.io/etcd/client/v3 v3.5.14 h1:CWfRs4FDaDoSz81giL7zPpZH2Z35tbOrAJkkjMqOupg= -go.etcd.io/etcd/client/v3 v3.5.14/go.mod h1:k3XfdV/VIHy/97rqWjoUzrj9tk7GgJGH9J8L4dNXmAk= +go.etcd.io/etcd/api/v3 v3.5.15 h1:3KpLJir1ZEBrYuV2v+Twaa/e2MdDCEZ/70H+lzEiwsk= +go.etcd.io/etcd/api/v3 v3.5.15/go.mod h1:N9EhGzXq58WuMllgH9ZvnEr7SI9pS0k0+DHZezGp7jM= +go.etcd.io/etcd/client/pkg/v3 v3.5.15 h1:fo0HpWz/KlHGMCC+YejpiCmyWDEuIpnTDzpJLB5fWlA= +go.etcd.io/etcd/client/pkg/v3 v3.5.15/go.mod h1:mXDI4NAOwEiszrHCb0aqfAYNCrZP4e9hRca3d1YK8EU= +go.etcd.io/etcd/client/v3 v3.5.15 h1:23M0eY4Fd/inNv1ZfU3AxrbbOdW79r9V9Rl62Nm6ip4= +go.etcd.io/etcd/client/v3 v3.5.15/go.mod h1:CLSJxrYjvLtHsrPKsy7LmZEE+DK2ktfd2bN4RhBMwlU= go.mongodb.org/mongo-driver v1.14.0 h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd80= go.mongodb.org/mongo-driver v1.14.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c= go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1 h1:A/5uWzF44DlIgdm/PQFwfMkW0JX+cIcQi/SwLAmZP5M= @@ -989,7 +989,6 @@ go.opentelemetry.io/otel/trace v1.27.0 h1:IqYb813p7cmbHk0a5y6pD5JPakbVfftRXABGt5 go.opentelemetry.io/otel/trace v1.27.0/go.mod h1:6RiD1hkAprV4/q+yd2ln1HG9GoPx39SuvvstaLBl+l4= go.opentelemetry.io/proto/otlp v1.2.0 h1:pVeZGk7nXDC9O2hncA6nHldxEjm6LByfA2aN8IOkz94= go.opentelemetry.io/proto/otlp v1.2.0/go.mod h1:gGpR8txAl5M03pDhMC79G6SdqNV26naRm/KDsgaHD8A= -go.starlark.net v0.0.0-20210223155950-e043a3d3c984/go.mod h1:t3mmBBPzAVvK0L0n1drDmrQsJ8FoIx4INCqVMTr/Zo0= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= @@ -1021,8 +1020,8 @@ golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= -golang.org/x/exp v0.0.0-20240707233637-46b078467d37 h1:uLDX+AfeFCct3a2C7uIWBKMJIR3CJMhcgfrUAqjRK6w= -golang.org/x/exp v0.0.0-20240707233637-46b078467d37/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -1040,8 +1039,8 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8= -golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0= +golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1123,9 +1122,9 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM= +golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -1133,7 +1132,6 @@ golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= -golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk= golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1189,8 +1187,8 @@ google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.188.0 h1:51y8fJ/b1AaaBRJr4yWm96fPcuxSo0JcegXE3DaHQHw= -google.golang.org/api v0.188.0/go.mod h1:VR0d+2SIiWOYG3r/jdm7adPW9hI2aRv9ETOSCQ9Beag= +google.golang.org/api v0.190.0 h1:ASM+IhLY1zljNdLu19W1jTmU6A+gMk6M46Wlur61s+Q= +google.golang.org/api v0.190.0/go.mod h1:QIr6I9iedBLnfqoD6L6Vze1UvS5Hzj5r2aUBOaZnLHo= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1207,12 +1205,12 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98 google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20240708141625-4ad9e859172b h1:dSTjko30weBaMj3eERKc0ZVXW4GudCswM3m+P++ukU0= -google.golang.org/genproto v0.0.0-20240708141625-4ad9e859172b/go.mod h1:FfBgJBJg9GcpPvKIuHSZ/aE1g2ecGL74upMzGZjiGEY= -google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 h1:0+ozOGcrp+Y8Aq8TLNN2Aliibms5LEzsq99ZZmAGYm0= -google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094/go.mod h1:fJ/e3If/Q67Mj99hin0hMhiNyCRmt6BQ2aWIJshUSJw= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240708141625-4ad9e859172b h1:04+jVzTs2XBnOZcPsLnmrTGqltqJbZQ1Ey26hjYdQQ0= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240708141625-4ad9e859172b/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= +google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf h1:OqdXDEakZCVtDiZTjcxfwbHPCT11ycCEsTKesBVKvyY= +google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf/go.mod h1:mCr1K1c8kX+1iSBREvU3Juo11CB+QOEWxbRS01wWl5M= +google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f h1:b1Ln/PG8orm0SsBbHZWke8dDp2lrCD4jSmfglFpTZbk= +google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f/go.mod h1:AHT0dDg3SoMOgZGnZk29b5xTbPHMoEC8qthmBLJCpys= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf h1:liao9UHurZLtiEwBgT9LMOnKYsHze6eA6w1KQCMVN2Q= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1260,45 +1258,45 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o= gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= -helm.sh/helm/v3 v3.15.2 h1:/3XINUFinJOBjQplGnjw92eLGpgXXp1L8chWPkCkDuw= -helm.sh/helm/v3 v3.15.2/go.mod h1:FzSIP8jDQaa6WAVg9F+OkKz7J0ZmAga4MABtTbsb9WQ= +helm.sh/helm/v3 v3.15.3 h1:HcZDaVFe9uHa6hpsR54mJjYyRy4uz/pc6csg27nxFOc= +helm.sh/helm/v3 v3.15.3/go.mod h1:FzSIP8jDQaa6WAVg9F+OkKz7J0ZmAga4MABtTbsb9WQ= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= -k8s.io/api v0.30.2 h1:+ZhRj+28QT4UOH+BKznu4CBgPWgkXO7XAvMcMl0qKvI= -k8s.io/api v0.30.2/go.mod h1:ULg5g9JvOev2dG0u2hig4Z7tQ2hHIuS+m8MNZ+X6EmI= -k8s.io/apiextensions-apiserver v0.30.2 h1:l7Eue2t6QiLHErfn2vwK4KgF4NeDgjQkCXtEbOocKIE= -k8s.io/apiextensions-apiserver v0.30.2/go.mod h1:lsJFLYyK40iguuinsb3nt+Sj6CmodSI4ACDLep1rgjw= -k8s.io/apimachinery v0.30.2 h1:fEMcnBj6qkzzPGSVsAZtQThU62SmQ4ZymlXRC5yFSCg= -k8s.io/apimachinery v0.30.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= -k8s.io/apiserver v0.30.2 h1:ACouHiYl1yFI2VFI3YGM+lvxgy6ir4yK2oLOsLI1/tw= -k8s.io/apiserver v0.30.2/go.mod h1:BOTdFBIch9Sv0ypSEcUR6ew/NUFGocRFNl72Ra7wTm8= +k8s.io/api v0.30.3 h1:ImHwK9DCsPA9uoU3rVh4QHAHHK5dTSv1nxJUapx8hoQ= +k8s.io/api v0.30.3/go.mod h1:GPc8jlzoe5JG3pb0KJCSLX5oAFIW3/qNJITlDj8BH04= +k8s.io/apiextensions-apiserver v0.30.3 h1:oChu5li2vsZHx2IvnGP3ah8Nj3KyqG3kRSaKmijhB9U= +k8s.io/apiextensions-apiserver v0.30.3/go.mod h1:uhXxYDkMAvl6CJw4lrDN4CPbONkF3+XL9cacCT44kV4= +k8s.io/apimachinery v0.30.3 h1:q1laaWCmrszyQuSQCfNB8cFgCuDAoPszKY4ucAjDwHc= +k8s.io/apimachinery v0.30.3/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/apiserver v0.30.3 h1:QZJndA9k2MjFqpnyYv/PH+9PE0SHhx3hBho4X0vE65g= +k8s.io/apiserver v0.30.3/go.mod h1:6Oa88y1CZqnzetd2JdepO0UXzQX4ZnOekx2/PtEjrOg= k8s.io/cli-runtime v0.30.0 h1:0vn6/XhOvn1RJ2KJOC6IRR2CGqrpT6QQF4+8pYpWQ48= k8s.io/cli-runtime v0.30.0/go.mod h1:vATpDMATVTMA79sZ0YUCzlMelf6rUjoBzlp+RnoM+cg= -k8s.io/client-go v0.30.2 h1:sBIVJdojUNPDU/jObC+18tXWcTJVcwyqS9diGdWHk50= -k8s.io/client-go v0.30.2/go.mod h1:JglKSWULm9xlJLx4KCkfLLQ7XwtlbflV6uFFSHTMgVs= -k8s.io/cluster-bootstrap v0.30.2 h1:9PQ5phjWTxmPFKPEzTG6QJzPaUIfuW2RqcHDME5gqPg= -k8s.io/cluster-bootstrap v0.30.2/go.mod h1:dvzAgNVmwRfZ0BzHI/WTvzqlzmNH7w21mdnahEq61KY= -k8s.io/component-base v0.30.2 h1:pqGBczYoW1sno8q9ObExUqrYSKhtE5rW3y6gX88GZII= -k8s.io/component-base v0.30.2/go.mod h1:yQLkQDrkK8J6NtP+MGJOws+/PPeEXNpwFixsUI7h/OE= +k8s.io/client-go v0.30.3 h1:bHrJu3xQZNXIi8/MoxYtZBBWQQXwy16zqJwloXXfD3k= +k8s.io/client-go v0.30.3/go.mod h1:8d4pf8vYu665/kUbsxWAQ/JDBNWqfFeZnvFiVdmx89U= +k8s.io/cluster-bootstrap v0.30.3 h1:MgxyxMkpaC6mu0BKWJ8985XCOnKU+eH3Iy+biwtDXRk= +k8s.io/cluster-bootstrap v0.30.3/go.mod h1:h8BoLDfdD7XEEIXy7Bx9FcMzxHwz29jsYYi34bM5DKU= +k8s.io/component-base v0.30.3 h1:Ci0UqKWf4oiwy8hr1+E3dsnliKnkMLZMVbWzeorlk7s= +k8s.io/component-base v0.30.3/go.mod h1:C1SshT3rGPCuNtBs14RmVD2xW0EhRSeLvBh7AGk1quA= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= k8s.io/kubectl v0.30.0 h1:xbPvzagbJ6RNYVMVuiHArC1grrV5vSmmIcSZuCdzRyk= k8s.io/kubectl v0.30.0/go.mod h1:zgolRw2MQXLPwmic2l/+iHs239L49fhSeICuMhQQXTI= -k8s.io/kubelet v0.30.2 h1:Ck4E/pHndI20IzDXxS57dElhDGASPO5pzXF7BcKfmCY= -k8s.io/kubelet v0.30.2/go.mod h1:DSwwTbLQmdNkebAU7ypIALR4P9aXZNFwgRmedojUE94= +k8s.io/kubelet v0.30.3 h1:KvGWDdhzD0vEyDyGTCjsDc8D+0+lwRMw3fJbfQgF7ys= +k8s.io/kubelet v0.30.3/go.mod h1:D9or45Vkzcqg55CEiqZ8dVbwP3Ksj7DruEVRS9oq3Ys= k8s.io/kubernetes v1.30.3 h1:A0qoXI1YQNzrQZiff33y5zWxYHFT/HeZRK98/sRDJI0= k8s.io/kubernetes v1.30.3/go.mod h1:yPbIk3MhmhGigX62FLJm+CphNtjxqCvAIFQXup6RKS0= -k8s.io/mount-utils v0.30.2 h1:2KDVY9hXyDyRw9EO4lmox4+Nn5atVOq+4ffZ/br2aAU= -k8s.io/mount-utils v0.30.2/go.mod h1:9sCVmwGLcV1MPvbZ+rToMDnl1QcGozy+jBPd0MsQLIo= -k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= -k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -libvirt.org/go/libvirt v1.10003.0 h1:LEoawzuggD6IL5R/XtnBE8wWJx49i7UZ1HcB7p9glwE= -libvirt.org/go/libvirt v1.10003.0/go.mod h1:1WiFE8EjZfq+FCVog+rvr1yatKbKZ9FaFMZgEqxEJqQ= +k8s.io/mount-utils v0.30.3 h1:8Z3wSW5+GSvGNtlDhtoZrBCKLMIf5z/9tf8pie+G06s= +k8s.io/mount-utils v0.30.3/go.mod h1:9sCVmwGLcV1MPvbZ+rToMDnl1QcGozy+jBPd0MsQLIo= +k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= +k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +libvirt.org/go/libvirt v1.10005.0 h1:KQv+SZNQvHJOG7B34TI2hyKnKW6hpXTEJFHUerYuGNI= +libvirt.org/go/libvirt v1.10005.0/go.mod h1:1WiFE8EjZfq+FCVog+rvr1yatKbKZ9FaFMZgEqxEJqQ= oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo= oras.land/oras-go v1.2.5/go.mod h1:PuAwRShRZCsZb7g8Ar3jKKQR/2A/qN+pkYxIOd/FAoo= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= diff --git a/hack/tools/go.mod b/hack/tools/go.mod index 42e88a0a6..0d95991c5 100644 --- a/hack/tools/go.mod +++ b/hack/tools/go.mod @@ -7,7 +7,7 @@ require ( github.com/google/keep-sorted v0.4.0 github.com/katexochen/sh/v3 v3.8.0 golang.org/x/tools v0.23.0 - golang.org/x/vuln v1.1.2 + golang.org/x/vuln v1.1.3 ) require ( diff --git a/hack/tools/go.sum b/hack/tools/go.sum index adda023de..482b42e7f 100644 --- a/hack/tools/go.sum +++ b/hack/tools/go.sum @@ -625,8 +625,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k= golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg= golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= -golang.org/x/vuln v1.1.2 h1:UkLxe+kAMcrNBpGrFbU0Mc5l7cX97P2nhy21wx5+Qbk= -golang.org/x/vuln v1.1.2/go.mod h1:2o3fRKD8Uz9AraAL3lwd/grWBv+t+SeJnPcqBUJrY24= +golang.org/x/vuln v1.1.3 h1:NPGnvPOTgnjBc9HTaUx+nj+EaUYxl5SJOWqaDYGaFYw= +golang.org/x/vuln v1.1.3/go.mod h1:7Le6Fadm5FOqE9C926BCD0g12NWyhg7cxV4BwcPFuNY= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From b010015326f38ececf4e014ed0507ba0d27261ba Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 7 Aug 2024 08:30:52 +0200 Subject: [PATCH 198/380] deps: update dependency Pillow to v10.3.0 [SECURITY] (#3293) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/actions/e2e_benchmark/evaluate/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/e2e_benchmark/evaluate/requirements.txt b/.github/actions/e2e_benchmark/evaluate/requirements.txt index 7f2f1bd57..ea9316757 100644 --- a/.github/actions/e2e_benchmark/evaluate/requirements.txt +++ b/.github/actions/e2e_benchmark/evaluate/requirements.txt @@ -1,3 +1,3 @@ numpy ==1.26.4 matplotlib ==3.8.3 -Pillow ==10.2.0 \ No newline at end of file +Pillow ==10.3.0 \ No newline at end of file From e41bb6169465db7678746c1e80d730181a174084 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Wed, 7 Aug 2024 09:03:54 +0200 Subject: [PATCH 199/380] image: update measurements and image version (#3296) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index b4b0ec24a..252e7c8d0 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xb6, 0x49, 0x73, 0x25, 0xf5, 0x39, 0x6a, 0x8d, 0xdd, 0x7c, 0xba, 0x6e, 0x79, 0xef, 0x11, 0xf8, 0xa8, 0x6a, 0xe3, 0x54, 0x63, 0xf4, 0x5a, 0xd8, 0xb1, 0x81, 0x90, 0x5f, 0x06, 0xf7, 0xa2, 0x50}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x05, 0xe3, 0xc2, 0xa1, 0x8c, 0x48, 0x27, 0xd2, 0xbf, 0xe7, 0x06, 0x3e, 0x24, 0x95, 0xf9, 0xe9, 0xef, 0xeb, 0x82, 0xab, 0x26, 0x61, 0x7a, 0x03, 0xbf, 0x40, 0x67, 0x24, 0xaf, 0x57, 0x26, 0xc1}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x13, 0xe1, 0xea, 0x1b, 0x53, 0x63, 0x65, 0x6a, 0xa4, 0xfd, 0x6e, 0xb0, 0x5b, 0xac, 0x34, 0xc0, 0x3c, 0xa8, 0xc9, 0xb9, 0xfe, 0xab, 0x43, 0xcd, 0xa3, 0xf0, 0xfb, 0x11, 0xb0, 0x8b, 0x2d, 0x38}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xd6, 0x28, 0x33, 0xb9, 0x40, 0xc3, 0xff, 0xc5, 0xfe, 0x2a, 0x81, 0xef, 0x96, 0xf0, 0x8a, 0x8c, 0x80, 0xe2, 0xd9, 0xac, 0x20, 0xb0, 0xdc, 0x2e, 0xfd, 0x74, 0xf7, 0x49, 0xf5, 0x4a, 0x7d, 0xce}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xbf, 0xc8, 0x09, 0xea, 0x44, 0xb5, 0x61, 0xda, 0x7b, 0x72, 0x03, 0xcc, 0xa9, 0x49, 0x8e, 0x9c, 0x3d, 0xb5, 0x5b, 0xda, 0x76, 0x58, 0xfd, 0x3e, 0x03, 0xc8, 0x44, 0x0d, 0x6a, 0xf5, 0xdb, 0x4b}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x07, 0x77, 0xbf, 0xe2, 0xd8, 0xfe, 0x7c, 0xf0, 0x6b, 0x23, 0xbb, 0x85, 0x0e, 0xbb, 0x8c, 0xad, 0xbd, 0x5f, 0x67, 0x46, 0xa1, 0x14, 0x5d, 0x3f, 0x2d, 0xf2, 0xe5, 0x93, 0xbf, 0xb5, 0x95, 0x2d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x80, 0x1e, 0xc3, 0xef, 0x88, 0xd7, 0xbd, 0x61, 0xe0, 0xae, 0xd5, 0x12, 0x8c, 0x32, 0x18, 0x79, 0x72, 0xb1, 0xf3, 0xf0, 0x27, 0x88, 0xc5, 0x0a, 0xbb, 0x51, 0x81, 0x47, 0xb0, 0x7c, 0xb4, 0x38}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xa8, 0xc3, 0x7a, 0xaf, 0x64, 0x30, 0x83, 0x58, 0xe4, 0xcc, 0xa1, 0x09, 0x99, 0x31, 0xac, 0xea, 0xa4, 0xb6, 0x54, 0x49, 0x5b, 0x3c, 0x58, 0xa1, 0xb0, 0xd6, 0x99, 0x50, 0x94, 0xc2, 0x5c, 0xd3}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x11, 0xf0, 0xe8, 0x55, 0x3b, 0x53, 0xfb, 0xed, 0x19, 0xd9, 0x24, 0x88, 0x3f, 0xc7, 0x58, 0x77, 0x32, 0x58, 0xb4, 0xc0, 0x8e, 0xa7, 0x28, 0x8b, 0xba, 0x34, 0x8e, 0x60, 0xa5, 0x0a, 0x02, 0x98}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x9a, 0x9b, 0x75, 0x43, 0xde, 0xe6, 0xcd, 0x87, 0x4e, 0x75, 0x01, 0x78, 0xb9, 0x6e, 0x94, 0x4d, 0x13, 0x23, 0xa3, 0x4d, 0x9e, 0xe2, 0x73, 0x35, 0x78, 0x92, 0x0e, 0xb5, 0x09, 0x97, 0x13, 0xa2}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x6e, 0xf1, 0xea, 0xec, 0xff, 0xd0, 0x93, 0xe5, 0x43, 0x08, 0xdd, 0x0e, 0xe6, 0xa1, 0xd4, 0x95, 0x0d, 0x65, 0x90, 0xf0, 0x9a, 0x3c, 0x1f, 0x29, 0x42, 0xcd, 0xa7, 0x16, 0xa9, 0x90, 0xe2, 0xae}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x8c, 0x84, 0x9f, 0x67, 0x9e, 0xf8, 0x3f, 0xd4, 0x41, 0x01, 0x92, 0xa7, 0x77, 0x57, 0xde, 0x80, 0x1b, 0x24, 0x97, 0xb0, 0x96, 0x8a, 0x90, 0xc5, 0xf9, 0x24, 0x3c, 0x86, 0x3a, 0xac, 0x10, 0x3f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xef, 0x88, 0x9a, 0x3f, 0x0b, 0x03, 0xd6, 0x42, 0x75, 0xaf, 0x66, 0xf1, 0x66, 0x2a, 0xfb, 0x9f, 0x93, 0xda, 0xa7, 0xc9, 0xee, 0x74, 0xd6, 0xd9, 0x44, 0x05, 0x51, 0x81, 0x10, 0x03, 0x18, 0x76}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xeb, 0x54, 0x49, 0x8c, 0x47, 0x94, 0x78, 0x19, 0xa1, 0x43, 0xa6, 0x7c, 0x14, 0x00, 0xbc, 0xbc, 0xc5, 0xd2, 0x34, 0x4d, 0x63, 0xc9, 0x15, 0xa6, 0xb1, 0x02, 0x6a, 0x55, 0xc8, 0x69, 0x04, 0x50}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe7, 0x64, 0x4e, 0x76, 0xa5, 0x11, 0x8d, 0x77, 0xe2, 0xdd, 0x68, 0xe7, 0x0e, 0xd6, 0x70, 0x6f, 0xa4, 0x97, 0x37, 0x23, 0xdd, 0xc1, 0xeb, 0xfc, 0xfc, 0x28, 0x04, 0x35, 0xa4, 0xf0, 0xd2, 0x59}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xa1, 0xc0, 0x58, 0x36, 0x19, 0x36, 0x10, 0xf6, 0x83, 0x58, 0x9b, 0x25, 0x68, 0x00, 0xe1, 0x0f, 0x57, 0xf2, 0x19, 0x4c, 0xb2, 0xee, 0xa2, 0xbf, 0xd8, 0xed, 0x76, 0x1b, 0xde, 0x82, 0x8b, 0xe8}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xe6, 0x2b, 0xe7, 0xf6, 0xce, 0x17, 0xd1, 0xe3, 0x21, 0x99, 0xdc, 0x3d, 0xe6, 0x00, 0xb7, 0x2b, 0xa1, 0x05, 0x83, 0x01, 0x75, 0x95, 0x38, 0xa3, 0x3b, 0x6e, 0x7a, 0x6c, 0xea, 0x8f, 0xb4, 0xfd}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x74, 0x7e, 0x5b, 0x66, 0xf5, 0x4c, 0x70, 0x1e, 0x8d, 0xc0, 0x07, 0x4e, 0x89, 0x93, 0x36, 0x37, 0xab, 0x1d, 0x0d, 0x6a, 0x9d, 0x1e, 0x56, 0xfe, 0x4e, 0xd0, 0x59, 0xcc, 0xa7, 0x46, 0x0a, 0x08}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x88, 0xa5, 0x3c, 0x49, 0x9e, 0x04, 0xed, 0x28, 0xc1, 0xb1, 0x1e, 0x44, 0x96, 0x25, 0x14, 0x1f, 0xee, 0x34, 0x84, 0x43, 0xa6, 0x59, 0x59, 0x08, 0x2c, 0x4c, 0x20, 0x71, 0xdd, 0xf7, 0x19, 0xc2}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xf0, 0x85, 0xdb, 0x17, 0x11, 0xc6, 0xb2, 0xfe, 0x52, 0xfb, 0xb9, 0x17, 0xcd, 0x6f, 0xd7, 0x25, 0x0f, 0xd6, 0xaf, 0x0c, 0x98, 0x07, 0x42, 0x92, 0x41, 0x08, 0xd1, 0x7d, 0xea, 0x83, 0x0a, 0x6b}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x63, 0xa2, 0x96, 0x4c, 0x69, 0x4c, 0x4a, 0x4d, 0xe4, 0x15, 0x3f, 0x67, 0x4c, 0x38, 0xc5, 0xde, 0xea, 0xf4, 0xfb, 0x9b, 0xcc, 0xb3, 0x53, 0xc3, 0xfe, 0x87, 0x22, 0xef, 0x35, 0x27, 0x8a, 0x3f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x98, 0x89, 0xd4, 0xd5, 0x88, 0x06, 0xf6, 0x42, 0x2d, 0xab, 0x3e, 0x8c, 0x49, 0xc0, 0xae, 0xf9, 0x36, 0x1a, 0x5a, 0x7c, 0xcc, 0xf6, 0x52, 0x6e, 0x3b, 0x62, 0xbb, 0xcf, 0xa5, 0x5f, 0xf3, 0xff}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x3e, 0x3b, 0x5e, 0x65, 0x46, 0xa1, 0xaa, 0x8c, 0xbe, 0x48, 0x99, 0xe8, 0xed, 0x15, 0x52, 0x5d, 0x0d, 0x42, 0xea, 0x4f, 0x25, 0xd2, 0x96, 0x92, 0xea, 0x2a, 0x42, 0xee, 0x71, 0xbc, 0xda, 0xf5}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x8d, 0xd4, 0xf6, 0xa0, 0xff, 0x24, 0xb8, 0xe7, 0x14, 0x42, 0xec, 0xf2, 0x32, 0x34, 0x51, 0x79, 0x39, 0xf2, 0x89, 0x76, 0xb9, 0xdb, 0x9a, 0xaf, 0xa9, 0x27, 0x2f, 0xd1, 0xe2, 0x97, 0x30, 0xe0}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x5d, 0x53, 0x9a, 0xd6, 0xce, 0x0f, 0xeb, 0xb6, 0xa3, 0xb1, 0x49, 0xc0, 0x1d, 0xa5, 0x8e, 0xeb, 0x90, 0xc1, 0xae, 0xaa, 0x4f, 0xd3, 0xc9, 0x4c, 0x2e, 0x6d, 0x7e, 0x75, 0xcd, 0x21, 0x77, 0xbc}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xe9, 0xb4, 0x11, 0x59, 0x45, 0x5f, 0x3a, 0x02, 0x58, 0xac, 0xf1, 0x4c, 0x11, 0x89, 0x3e, 0x65, 0xbf, 0x57, 0x32, 0x2f, 0xd5, 0xe1, 0xe8, 0xa8, 0x7c, 0x05, 0x4d, 0x86, 0x90, 0xe1, 0x05, 0xb5}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x1e, 0x29, 0xba, 0xa0, 0x76, 0xf7, 0x9a, 0xa4, 0x2d, 0x47, 0x65, 0x1b, 0xad, 0xca, 0x64, 0xbd, 0x27, 0xb3, 0xd3, 0x3f, 0x7e, 0xe4, 0xdc, 0x6b, 0x2a, 0x57, 0xe9, 0xae, 0x38, 0xf1, 0x6a, 0x2a}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x88, 0xa5, 0xbc, 0x2c, 0x84, 0x93, 0x62, 0x93, 0xbf, 0xbd, 0xdf, 0x86, 0xf4, 0x07, 0x80, 0xdf, 0x24, 0xbf, 0x65, 0x22, 0xa6, 0xa3, 0x94, 0xbe, 0x27, 0x60, 0xb9, 0xa4, 0xa9, 0x23, 0x4c, 0x62}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb2, 0xc2, 0xcb, 0x67, 0x3e, 0xe7, 0x64, 0xef, 0xfe, 0x28, 0xf9, 0x5f, 0xd7, 0xbd, 0x82, 0xcb, 0x84, 0xf2, 0xc2, 0x68, 0xda, 0xe4, 0xe3, 0x37, 0x70, 0x2c, 0x0c, 0x8a, 0x74, 0x83, 0xdc, 0xd3}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x08, 0xda, 0x81, 0xf7, 0xc6, 0x3c, 0xef, 0x62, 0x31, 0x57, 0xd8, 0xc9, 0x78, 0x75, 0x65, 0xba, 0xd4, 0x26, 0x76, 0xd1, 0x69, 0x42, 0x3f, 0x96, 0x4c, 0xe8, 0x35, 0x5c, 0xa5, 0x4a, 0xf8, 0x45}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0x46, 0x28, 0x33, 0x77, 0xc4, 0xeb, 0x47, 0xdb, 0x9f, 0xe2, 0x4a, 0xc2, 0x97, 0x38, 0xf2, 0x46, 0x0c, 0xad, 0x13, 0xc6, 0xc6, 0x60, 0x9c, 0x5a, 0x88, 0xb6, 0xc0, 0x85, 0x43, 0x79, 0x12, 0xf1}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xc7, 0x3e, 0xd4, 0x3e, 0xa7, 0x52, 0x60, 0x4c, 0x65, 0xa4, 0x11, 0x58, 0xa7, 0x57, 0x9f, 0x53, 0x4e, 0x75, 0x51, 0xd3, 0xc2, 0xad, 0x6b, 0x53, 0x59, 0x8e, 0x4b, 0xd6, 0x8f, 0x34, 0x82, 0x12}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa5, 0x46, 0x9d, 0xbc, 0x44, 0x80, 0xff, 0x6d, 0xfe, 0x2a, 0xe3, 0xb3, 0xed, 0x80, 0x51, 0xf3, 0x8b, 0xf9, 0xc6, 0x78, 0x05, 0x0d, 0x00, 0x31, 0xc4, 0x6d, 0x04, 0xbe, 0xe9, 0xf8, 0xc8, 0x0d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x5d, 0xd0, 0x25, 0x53, 0x1d, 0xbd, 0xf6, 0xdd, 0x3d, 0x91, 0xaa, 0x63, 0xaa, 0xad, 0x6b, 0x60, 0x63, 0xea, 0xf8, 0x43, 0xd2, 0x85, 0xd8, 0x78, 0x3f, 0xc7, 0xd0, 0x46, 0x25, 0x59, 0x07, 0x81}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x60, 0xaf, 0x5f, 0x69, 0xc1, 0x09, 0x60, 0xe6, 0xcd, 0xcd, 0x45, 0x1a, 0x07, 0x29, 0xbf, 0x01, 0x36, 0x33, 0x9c, 0xd3, 0x8c, 0xd9, 0xd6, 0x94, 0x33, 0x28, 0x11, 0xc0, 0x23, 0x77, 0xe5, 0x4a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x4d, 0xad, 0xac, 0x7f, 0x6b, 0x19, 0xe7, 0x3b, 0xad, 0xdc, 0xd8, 0x4f, 0xbc, 0x6f, 0x4e, 0xc7, 0xf8, 0x88, 0xde, 0x6c, 0x3f, 0xe0, 0x28, 0xd7, 0x61, 0x20, 0x84, 0xd4, 0x01, 0xd1, 0x84, 0x58}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x07, 0x0b, 0xba, 0xb6, 0x52, 0x96, 0xbe, 0x97, 0xf1, 0xea, 0x41, 0x1e, 0xff, 0x7d, 0x8b, 0x0a, 0xf6, 0x7e, 0xdc, 0xb1, 0xae, 0xc3, 0x89, 0x1f, 0x64, 0x94, 0x29, 0xf1, 0xa5, 0xd7, 0x1d, 0x22}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb3, 0xc4, 0x33, 0xa1, 0x22, 0x5e, 0x01, 0x66, 0xdc, 0xa3, 0x3a, 0x25, 0x6f, 0x45, 0x52, 0x21, 0xdc, 0xde, 0xc8, 0xdb, 0xb2, 0x99, 0xe0, 0xa6, 0x4c, 0xa0, 0x09, 0x99, 0x34, 0x47, 0xfe, 0xbf}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf4, 0x85, 0x57, 0x9f, 0x4e, 0xcb, 0xb1, 0x01, 0x5f, 0x63, 0x9e, 0xe1, 0x98, 0x37, 0x6d, 0x94, 0xd4, 0x82, 0x81, 0x1c, 0x4c, 0x27, 0xbd, 0x0d, 0x62, 0x5d, 0x02, 0xa7, 0x0a, 0xba, 0x56, 0x95}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0x61, 0x0f, 0xd9, 0x88, 0x00, 0x04, 0x29, 0x62, 0xa1, 0xef, 0x54, 0xe4, 0xce, 0xb3, 0xe7, 0x42, 0xb0, 0x5f, 0x37, 0xe8, 0xfb, 0xfd, 0xcd, 0xa8, 0x3c, 0xc9, 0x2b, 0x19, 0x42, 0x10, 0x53, 0x33}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xc6, 0x2f, 0x93, 0x36, 0xab, 0xc6, 0x72, 0x2e, 0xcb, 0x06, 0x01, 0x06, 0x37, 0x0f, 0x1c, 0x65, 0x8e, 0xf2, 0xcc, 0x18, 0x63, 0xfc, 0xdb, 0x39, 0x26, 0xb4, 0x20, 0x0a, 0xaa, 0x1d, 0x78, 0x6d}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xb9, 0xdd, 0x68, 0xe0, 0xe0, 0xb5, 0xd8, 0x09, 0x2c, 0xdd, 0xaf, 0x97, 0x74, 0x5f, 0x0e, 0x8f, 0xc2, 0x40, 0xb9, 0x49, 0x0e, 0xbd, 0x2c, 0x7e, 0x8d, 0x92, 0xfa, 0x7c, 0xec, 0xd1, 0x5b, 0x27}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0xf0, 0x23, 0x29, 0x55, 0xfb, 0x3e, 0xa9, 0x4f, 0xa8, 0xeb, 0xc5, 0xd3, 0x77, 0x92, 0x81, 0xd8, 0xb1, 0x1b, 0x88, 0x8a, 0xc9, 0x9b, 0x5f, 0x8d, 0x41, 0x28, 0x50, 0xe1, 0xc1, 0x4b, 0xb9, 0xc3}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x47, 0xcd, 0x1f, 0x36, 0xaf, 0xea, 0x34, 0xd1, 0x09, 0xb4, 0x63, 0xc9, 0xef, 0x4f, 0x1a, 0x87, 0x4a, 0xa7, 0x50, 0xf1, 0x2a, 0x30, 0xda, 0xf8, 0xd4, 0xb0, 0x43, 0x88, 0xe8, 0x58, 0x2c, 0x6c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x18, 0xe3, 0x88, 0xb6, 0xf9, 0x50, 0x39, 0xcb, 0x0b, 0x99, 0x97, 0xdb, 0xb9, 0x3a, 0x33, 0x14, 0x1c, 0x08, 0x7d, 0x56, 0xae, 0xe8, 0x46, 0xa7, 0x4d, 0x33, 0xd8, 0x32, 0x20, 0x6e, 0xdb, 0xa3}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0x56, 0xbf, 0x1f, 0xab, 0x2f, 0xed, 0xb0, 0xea, 0xd2, 0x27, 0xee, 0x85, 0x09, 0xa2, 0xa8, 0xd1, 0x83, 0x0b, 0x20, 0x58, 0xa5, 0x9f, 0x43, 0x94, 0x08, 0x82, 0x70, 0x56, 0xb1, 0xbe, 0x0c, 0xb2}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x8f, 0x95, 0x87, 0x4e, 0xd9, 0x88, 0xf3, 0x2f, 0xc3, 0xe4, 0xa3, 0xe7, 0x54, 0x49, 0xea, 0x79, 0x75, 0x20, 0x11, 0xaa, 0x38, 0x15, 0xa8, 0x7e, 0x67, 0x45, 0xef, 0x0c, 0xad, 0x34, 0x4c, 0x2a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x5e, 0x53, 0x1c, 0xcf, 0x7f, 0x5e, 0xf3, 0xd0, 0x6a, 0xe9, 0x3f, 0xf6, 0x03, 0x14, 0x14, 0xdb, 0x78, 0x37, 0x51, 0x17, 0x94, 0xfd, 0xe9, 0xd0, 0x7b, 0xd7, 0xb4, 0x77, 0xa3, 0xb1, 0x5f, 0xd8}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index d052abd82..b0dd316a4 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240801135259-5a577728fd23" + defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240806093103-f186bbb2350c" ) From 59df2b7d92e8066131bb12df7f69d5deae41451f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 7 Aug 2024 09:32:38 +0200 Subject: [PATCH 200/380] deps: update rules_oci digest to v2.0.0-beta1 (#3135) Co-authored-by: Markus Rudy --- MODULE.bazel | 5 ++ MODULE.bazel.lock | 2 +- WORKSPACE.bzlmod | 7 +- .../0001-disable-Windows-support.patch | 75 +++++++++++++++++++ bazel/toolchains/oci_deps.bzl | 10 ++- 5 files changed, 89 insertions(+), 10 deletions(-) create mode 100644 bazel/toolchains/0001-disable-Windows-support.patch diff --git a/MODULE.bazel b/MODULE.bazel index ea112494d..310e8d432 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -1,6 +1,11 @@ module(name = "constellation") bazel_dep(name = "aspect_bazel_lib", version = "2.7.8") + +bazel_lib = use_extension("@aspect_bazel_lib//lib:extensions.bzl", "toolchains") +bazel_lib.yq() +use_repo(bazel_lib, "yq_toolchains") + bazel_dep(name = "bazel_skylib", version = "1.7.1") bazel_dep(name = "gazelle", version = "0.38.0") bazel_dep(name = "hermetic_cc_toolchain", version = "3.1.0") diff --git a/MODULE.bazel.lock b/MODULE.bazel.lock index 6eac3c38d..9989e1ffa 100644 --- a/MODULE.bazel.lock +++ b/MODULE.bazel.lock @@ -129,7 +129,7 @@ "@@aspect_bazel_lib~//lib:extensions.bzl%toolchains": { "general": { "bzlTransitiveDigest": "SK+5VjMKVX5gfuC//JqN+b1rWW3PNLeAEsqwiD3CAOA=", - "usagesDigest": "un2V6RGFYjsvM5ras99mEMrstkY0R2xhQv9URU0NcoU=", + "usagesDigest": "eNtXd1h5FcxLG/P9Z/5OyYQ9VN3CC1T5NJk/eKHf1oU=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, diff --git a/WORKSPACE.bzlmod b/WORKSPACE.bzlmod index 228e281b0..7461c0d0f 100644 --- a/WORKSPACE.bzlmod +++ b/WORKSPACE.bzlmod @@ -215,12 +215,9 @@ load("@rules_oci//oci:dependencies.bzl", "rules_oci_dependencies") rules_oci_dependencies() -load("@rules_oci//oci:repositories.bzl", "LATEST_CRANE_VERSION", "oci_register_toolchains") +load("@rules_oci//oci:repositories.bzl", "oci_register_toolchains") -oci_register_toolchains( - name = "oci", - crane_version = LATEST_CRANE_VERSION, -) +oci_register_toolchains(name = "oci") load("//bazel/toolchains:container_images.bzl", "containter_image_deps") diff --git a/bazel/toolchains/0001-disable-Windows-support.patch b/bazel/toolchains/0001-disable-Windows-support.patch new file mode 100644 index 000000000..1cb9c8340 --- /dev/null +++ b/bazel/toolchains/0001-disable-Windows-support.patch @@ -0,0 +1,75 @@ +From d10473f4ac89c23dcd8ea02488b28a649f4a9735 Mon Sep 17 00:00:00 2001 +From: Markus Rudy +Date: Tue, 6 Aug 2024 11:33:29 +0200 +Subject: [PATCH] disable Windows support + +It's broken and we don't need it, see +https://github.com/bazel-contrib/rules_oci/issues/420. +--- + oci/private/image.bzl | 9 --------- + oci/private/util.bzl | 29 +---------------------------- + 2 files changed, 1 insertion(+), 37 deletions(-) + +diff --git a/oci/private/image.bzl b/oci/private/image.bzl +index e8a6ca5..434947c 100644 +--- a/oci/private/image.bzl ++++ b/oci/private/image.bzl +@@ -226,15 +226,6 @@ def _oci_image_impl(ctx): + + action_env = {} + +- # Windows: Don't convert arguments like --entrypoint=/some/bin to --entrypoint=C:/msys64/some/bin +- if ctx.target_platform_has_constraint(ctx.attr._windows_constraint[platform_common.ConstraintValueInfo]): +- # See https://www.msys2.org/wiki/Porting/: +- # > Setting MSYS2_ARG_CONV_EXCL=* prevents any path transformation. +- action_env["MSYS2_ARG_CONV_EXCL"] = "*" +- +- # This one is for Windows Git MSys +- action_env["MSYS_NO_PATHCONV"] = "1" +- + ctx.actions.run( + inputs = depset(inputs, transitive = transitive_inputs), + arguments = [args], +diff --git a/oci/private/util.bzl b/oci/private/util.bzl +index 7c2a2c2..479ca7d 100644 +--- a/oci/private/util.bzl ++++ b/oci/private/util.bzl +@@ -141,34 +141,7 @@ def _maybe_wrap_launcher_for_windows(ctx, bash_launcher): + - make sure the bash_launcher is in the inputs to the action + - @bazel_tools//tools/sh:toolchain_type should appear in the rules toolchains + """ +- if not ctx.target_platform_has_constraint(ctx.attr._windows_constraint[platform_common.ConstraintValueInfo]): +- return bash_launcher +- +- win_launcher = ctx.actions.declare_file("wrap_%s.bat" % ctx.label.name) +- ctx.actions.write( +- output = win_launcher, +- content = r"""@echo off +-SETLOCAL ENABLEEXTENSIONS +-SETLOCAL ENABLEDELAYEDEXPANSION +-for %%a in ("{bash_bin}") do set "bash_bin_dir=%%~dpa" +-set PATH=%bash_bin_dir%;%PATH% +-set "parent_dir=%~dp0" +-set "parent_dir=!parent_dir:\=/!" +-set args=%* +-rem Escape \ and * in args before passing it with double quote +-if defined args ( +- set args=!args:\=\\\\! +- set args=!args:"=\"! +-) +-"{bash_bin}" -c "%parent_dir%{launcher} !args!" +-""".format( +- bash_bin = ctx.toolchains["@bazel_tools//tools/sh:toolchain_type"].path, +- launcher = paths.relativize(bash_launcher.path, win_launcher.dirname), +- ), +- is_executable = True, +- ) +- +- return win_launcher ++ return bash_launcher + + def _file_exists(rctx, path): + result = rctx.execute(["stat", path]) +-- +2.46.0 + diff --git a/bazel/toolchains/oci_deps.bzl b/bazel/toolchains/oci_deps.bzl index 22f5cb148..d07e56c14 100644 --- a/bazel/toolchains/oci_deps.bzl +++ b/bazel/toolchains/oci_deps.bzl @@ -7,11 +7,13 @@ def oci_deps(): # Remove this override once https://github.com/bazel-contrib/rules_oci/issues/420 is fixed. http_archive( name = "rules_oci", - strip_prefix = "rules_oci-c622bf79d269473d3d9bc33510e16cfd9a1142bc", + strip_prefix = "rules_oci-2.0.0-beta1", type = "tar.gz", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/dca0cfa2a8eb4ab79c231617964fc821f6d1a3bb9d996358975a5ceee5b8d25f", - "https://github.com/bazel-contrib/rules_oci/archive/c622bf79d269473d3d9bc33510e16cfd9a1142bc.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/f70f07f9d0d6c275d7ec7d3c7f236d9b552ba3205e8f37df9c1125031cf967cc", + "https://github.com/bazel-contrib/rules_oci/releases/download/v2.0.0-beta1/rules_oci-v2.0.0-beta1.tar.gz", ], - sha256 = "dca0cfa2a8eb4ab79c231617964fc821f6d1a3bb9d996358975a5ceee5b8d25f", + sha256 = "f70f07f9d0d6c275d7ec7d3c7f236d9b552ba3205e8f37df9c1125031cf967cc", + patches = ["//bazel/toolchains:0001-disable-Windows-support.patch"], + patch_args = ["-p1"], ) From ffde0ef7b7d3277c63f3c67ee666237f5863c744 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Wed, 7 Aug 2024 13:27:06 +0200 Subject: [PATCH 201/380] ci: give scheduled image builds more time between executions (#3297) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- .github/workflows/build-os-image-scheduled.yml | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build-os-image-scheduled.yml b/.github/workflows/build-os-image-scheduled.yml index d37301a0d..4575ace11 100644 --- a/.github/workflows/build-os-image-scheduled.yml +++ b/.github/workflows/build-os-image-scheduled.yml @@ -4,11 +4,11 @@ on: workflow_dispatch: schedule: - cron: "0 21 * * 2" # At 21:00 on Tuesday. - - cron: "10 21 * * 2" # At 21:10 on Tuesday. - cron: "20 21 * * 2" # At 21:20 on Tuesday. + - cron: "40 21 * * 2" # At 21:40 on Tuesday. - cron: "0 21 * * 4" # At 21:00 on Thursday. - - cron: "10 21 * * 4" # At 21:10 on Thursday. - cron: "20 21 * * 4" # At 21:20 on Thursday. + - cron: "40 21 * * 4" # At 21:40 on Thursday. jobs: stream: @@ -28,10 +28,10 @@ jobs: "0 21 * * 4" | "0 21 * * 2") echo "stream=debug" | tee -a "$GITHUB_OUTPUT" ;; - "10 21 * * 4" | "10 21 * * 2") + "20 21 * * 4" | "20 21 * * 2") echo "stream=console" | tee -a "$GITHUB_OUTPUT" ;; - "20 21 * * 4" | "20 21 * * 2") + "40 21 * * 4" | "40 21 * * 2") echo "stream=nightly" | tee -a "$GITHUB_OUTPUT" ;; *) @@ -54,11 +54,8 @@ jobs: update-code: # On nightly stream only. - if: | - github.event_name == 'workflow_dispatch' || - github.event.schedule == '20 21 * * 4' || - github.event.schedule == '20 21 * * 2' - needs: build-image + if: needs.stream.outputs.stream == 'nightly' + needs: ["build-image", "stream"] runs-on: ubuntu-22.04 steps: - name: Checkout From 2e15e54e3327c1b9dab377ad6149e75c1cbb0399 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 8 Aug 2024 09:34:22 +0200 Subject: [PATCH 202/380] deps: update ghcr.io/edgelesssys/constellation/s3proxy Docker tag to v2.18.0-pre.0.20240807132706-ffde0ef7b7d3 (#3295) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- s3proxy/deploy/s3proxy/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/s3proxy/deploy/s3proxy/values.yaml b/s3proxy/deploy/s3proxy/values.yaml index e74b7152f..cc41d5887 100644 --- a/s3proxy/deploy/s3proxy/values.yaml +++ b/s3proxy/deploy/s3proxy/values.yaml @@ -3,7 +3,7 @@ awsAccessKeyID: "replaceme" awsSecretAccessKey: "replaceme" # Pod image to deploy. -image: "ghcr.io/edgelesssys/constellation/s3proxy:v2.18.0-pre.0.20240801135259-5a577728fd23" +image: "ghcr.io/edgelesssys/constellation/s3proxy:v2.18.0-pre.0.20240807132706-ffde0ef7b7d3" # Control if multipart uploads are blocked. allowMultipart: false From 8b256f20b847a59b9b69e9c6ccf35f69532ad3d5 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 8 Aug 2024 10:24:32 +0200 Subject: [PATCH 203/380] deps: update module github.com/docker/docker to v27 (#3299) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 484ccf454..6a923cc00 100644 --- a/go.mod +++ b/go.mod @@ -57,7 +57,7 @@ require ( github.com/bazelbuild/buildtools v0.0.0-20240804201302-37932ddd7230 github.com/bazelbuild/rules_go v0.49.0 github.com/coreos/go-systemd/v22 v22.5.0 - github.com/docker/docker v26.1.5+incompatible + github.com/docker/docker v27.1.1+incompatible github.com/edgelesssys/go-azguestattestation v0.0.0-20240513062303-05f8770a633d github.com/edgelesssys/go-tdx-qpl v0.0.0-20240123150912-dcad3c41ec5f github.com/foxboron/go-uefi v0.0.0-20240805124652-e2076f0e58ca diff --git a/go.sum b/go.sum index 2262c3c92..e9a47ae89 100644 --- a/go.sum +++ b/go.sum @@ -275,8 +275,8 @@ github.com/docker/cli v25.0.1+incompatible h1:mFpqnrS6Hsm3v1k7Wa/BO23oz0k121MTbT github.com/docker/cli v25.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v26.1.5+incompatible h1:NEAxTwEjxV6VbBMBoGG3zPqbiJosIApZjxlbrG9q3/g= -github.com/docker/docker v26.1.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v27.1.1+incompatible h1:hO/M4MtV36kzKldqnA37IWhebRA+LnqqcqDja6kVaKY= +github.com/docker/docker v27.1.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= From 087855ec0005ea87d837bd4d8cfbeb2071a2731e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 8 Aug 2024 10:37:09 +0200 Subject: [PATCH 204/380] deps: update module github.com/gophercloud/gophercloud to v2 (#3300) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * deps: update module github.com/gophercloud/gophercloud to v2 * update module github.com/gophercloud/utils to v2 and add context Signed-off-by: Daniel Weiße --------- Signed-off-by: Daniel Weiße Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Daniel Weiße --- MODULE.bazel | 4 ++-- go.mod | 9 ++++---- go.sum | 20 ++++++++--------- internal/cloud/openstack/BUILD.bazel | 22 +++++++++--------- internal/cloud/openstack/api.go | 10 ++++----- internal/cloud/openstack/api_test.go | 10 ++++----- internal/cloud/openstack/openstack.go | 26 +++++++++++----------- internal/cloud/openstack/openstack_test.go | 10 ++++----- internal/cloud/openstack/wrappers.go | 8 +++---- 9 files changed, 60 insertions(+), 59 deletions(-) diff --git a/MODULE.bazel b/MODULE.bazel index 310e8d432..3ad53d697 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -72,8 +72,8 @@ use_repo( "com_github_google_keep_sorted", "com_github_google_uuid", "com_github_googleapis_gax_go_v2", - "com_github_gophercloud_gophercloud", - "com_github_gophercloud_utils", + "com_github_gophercloud_gophercloud_v2", + "com_github_gophercloud_utils_v2", "com_github_grpc_ecosystem_go_grpc_middleware_v2", "com_github_hashicorp_go_kms_wrapping_v2", "com_github_hashicorp_go_kms_wrapping_wrappers_awskms_v2", diff --git a/go.mod b/go.mod index 6a923cc00..f4b66e794 100644 --- a/go.mod +++ b/go.mod @@ -72,8 +72,8 @@ require ( github.com/google/go-tpm-tools v0.4.4 github.com/google/uuid v1.6.0 github.com/googleapis/gax-go/v2 v2.13.0 - github.com/gophercloud/gophercloud v1.14.0 - github.com/gophercloud/utils v0.0.0-20231010081019-80377eca5d56 + github.com/gophercloud/gophercloud/v2 v2.1.0 + github.com/gophercloud/utils/v2 v2.0.0-20240807081201-990d90b23c70 github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.1.0 github.com/hashicorp/go-kms-wrapping/v2 v2.0.16 github.com/hashicorp/go-kms-wrapping/wrappers/awskms/v2 v2.0.9 @@ -118,7 +118,7 @@ require ( golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 golang.org/x/mod v0.20.0 golang.org/x/sys v0.23.0 - golang.org/x/text v0.16.0 + golang.org/x/text v0.17.0 golang.org/x/tools v0.23.0 google.golang.org/api v0.190.0 google.golang.org/grpc v1.65.0 @@ -235,6 +235,7 @@ require ( github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/gobwas/glob v0.2.3 // indirect github.com/godbus/dbus/v5 v5.1.0 // indirect + github.com/gofrs/uuid/v5 v5.2.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v4 v4.5.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect @@ -354,7 +355,7 @@ require ( go.uber.org/zap v1.27.0 // indirect golang.org/x/net v0.27.0 // indirect golang.org/x/oauth2 v0.21.0 // indirect - golang.org/x/sync v0.7.0 // indirect + golang.org/x/sync v0.8.0 // indirect golang.org/x/term v0.22.0 // indirect golang.org/x/time v0.5.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect diff --git a/go.sum b/go.sum index e9a47ae89..8386c801e 100644 --- a/go.sum +++ b/go.sum @@ -401,6 +401,8 @@ github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJA github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= +github.com/gofrs/uuid/v5 v5.2.0 h1:qw1GMx6/y8vhVsx626ImfKMuS5CvJmhIKKtuyvfajMM= +github.com/gofrs/uuid/v5 v5.2.0/go.mod h1:CDOjlDMVAtN56jqyRUZh58JT31Tiw7/oQyEXZV+9bD8= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= @@ -500,11 +502,10 @@ github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+ github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.13.0 h1:yitjD5f7jQHhyDsnhKEBU52NdvvdSeGzlAnDPT0hH1s= github.com/googleapis/gax-go/v2 v2.13.0/go.mod h1:Z/fvTZXF8/uw7Xu5GuslPw+bplx6SS338j1Is2S+B7A= -github.com/gophercloud/gophercloud v1.3.0/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM= -github.com/gophercloud/gophercloud v1.14.0 h1:Bt9zQDhPrbd4qX7EILGmy+i7GP35cc+AAL2+wIJpUE8= -github.com/gophercloud/gophercloud v1.14.0/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM= -github.com/gophercloud/utils v0.0.0-20231010081019-80377eca5d56 h1:sH7xkTfYzxIEgzq1tDHIMKRh1vThOEOGNsettdEeLbE= -github.com/gophercloud/utils v0.0.0-20231010081019-80377eca5d56/go.mod h1:VSalo4adEk+3sNkmVJLnhHoOyOYYS8sTWLG4mv5BKto= +github.com/gophercloud/gophercloud/v2 v2.1.0 h1:91p6c+uMckXyx39nSIYjDirDBnPVFQq0q1njLNPX+NY= +github.com/gophercloud/gophercloud/v2 v2.1.0/go.mod h1:f2hMRC7Kakbv5vM7wSGHrIPZh6JZR60GVHryJlF/K44= +github.com/gophercloud/utils/v2 v2.0.0-20240807081201-990d90b23c70 h1:UFRmN3w9eSxwHsOGjA3BiYGEBDUAFaHHv5alaMHbbFE= +github.com/gophercloud/utils/v2 v2.0.0-20240807081201-990d90b23c70/go.mod h1:ZNbSKwPYzyQ7PKmlCvVdI2JvwVHsl/ZVVXnpJRNkLrQ= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4= github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q= @@ -1009,7 +1010,6 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= @@ -1082,8 +1082,8 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= -golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= +golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1145,8 +1145,8 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= -golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= +golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= +golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= diff --git a/internal/cloud/openstack/BUILD.bazel b/internal/cloud/openstack/BUILD.bazel index b42e5a6a5..719f3fe02 100644 --- a/internal/cloud/openstack/BUILD.bazel +++ b/internal/cloud/openstack/BUILD.bazel @@ -18,12 +18,12 @@ go_library( "//internal/cloud/metadata", "//internal/constants", "//internal/role", - "@com_github_gophercloud_gophercloud//:gophercloud", - "@com_github_gophercloud_gophercloud//openstack/compute/v2/servers", - "@com_github_gophercloud_gophercloud//openstack/networking/v2/networks", - "@com_github_gophercloud_gophercloud//openstack/networking/v2/subnets", - "@com_github_gophercloud_gophercloud//pagination", - "@com_github_gophercloud_utils//openstack/clientconfig", + "@com_github_gophercloud_gophercloud_v2//:gophercloud", + "@com_github_gophercloud_gophercloud_v2//openstack/compute/v2/servers", + "@com_github_gophercloud_gophercloud_v2//openstack/networking/v2/networks", + "@com_github_gophercloud_gophercloud_v2//openstack/networking/v2/subnets", + "@com_github_gophercloud_gophercloud_v2//pagination", + "@com_github_gophercloud_utils_v2//openstack/clientconfig", ], ) @@ -40,11 +40,11 @@ go_test( deps = [ "//internal/cloud/metadata", "//internal/role", - "@com_github_gophercloud_gophercloud//:gophercloud", - "@com_github_gophercloud_gophercloud//openstack/compute/v2/servers", - "@com_github_gophercloud_gophercloud//openstack/networking/v2/networks", - "@com_github_gophercloud_gophercloud//openstack/networking/v2/subnets", - "@com_github_gophercloud_gophercloud//pagination", + "@com_github_gophercloud_gophercloud_v2//:gophercloud", + "@com_github_gophercloud_gophercloud_v2//openstack/compute/v2/servers", + "@com_github_gophercloud_gophercloud_v2//openstack/networking/v2/networks", + "@com_github_gophercloud_gophercloud_v2//openstack/networking/v2/subnets", + "@com_github_gophercloud_gophercloud_v2//pagination", "@com_github_stretchr_testify//assert", "@com_github_stretchr_testify//require", ], diff --git a/internal/cloud/openstack/api.go b/internal/cloud/openstack/api.go index b133d2a47..f81e51e67 100644 --- a/internal/cloud/openstack/api.go +++ b/internal/cloud/openstack/api.go @@ -10,10 +10,10 @@ import ( "context" "github.com/edgelesssys/constellation/v2/internal/role" - "github.com/gophercloud/gophercloud/openstack/compute/v2/servers" - "github.com/gophercloud/gophercloud/openstack/networking/v2/networks" - "github.com/gophercloud/gophercloud/openstack/networking/v2/subnets" - "github.com/gophercloud/gophercloud/pagination" + "github.com/gophercloud/gophercloud/v2/openstack/compute/v2/servers" + "github.com/gophercloud/gophercloud/v2/openstack/networking/v2/networks" + "github.com/gophercloud/gophercloud/v2/openstack/networking/v2/subnets" + "github.com/gophercloud/gophercloud/v2/pagination" ) type imdsAPI interface { @@ -34,5 +34,5 @@ type serversAPI interface { } type pagerAPI interface { - AllPages() (pagination.Page, error) + AllPages(context.Context) (pagination.Page, error) } diff --git a/internal/cloud/openstack/api_test.go b/internal/cloud/openstack/api_test.go index 44c26c4ba..11479d233 100644 --- a/internal/cloud/openstack/api_test.go +++ b/internal/cloud/openstack/api_test.go @@ -10,10 +10,10 @@ import ( "context" "github.com/edgelesssys/constellation/v2/internal/role" - "github.com/gophercloud/gophercloud/openstack/compute/v2/servers" - "github.com/gophercloud/gophercloud/openstack/networking/v2/networks" - "github.com/gophercloud/gophercloud/openstack/networking/v2/subnets" - "github.com/gophercloud/gophercloud/pagination" + "github.com/gophercloud/gophercloud/v2/openstack/compute/v2/servers" + "github.com/gophercloud/gophercloud/v2/openstack/networking/v2/networks" + "github.com/gophercloud/gophercloud/v2/openstack/networking/v2/subnets" + "github.com/gophercloud/gophercloud/v2/pagination" ) type stubIMDSClient struct { @@ -90,6 +90,6 @@ type stubPager struct { allPagesErr error } -func (p *stubPager) AllPages() (pagination.Page, error) { +func (p *stubPager) AllPages(_ context.Context) (pagination.Page, error) { return p.page, p.allPagesErr } diff --git a/internal/cloud/openstack/openstack.go b/internal/cloud/openstack/openstack.go index 9472b3068..6c1dead67 100644 --- a/internal/cloud/openstack/openstack.go +++ b/internal/cloud/openstack/openstack.go @@ -17,10 +17,10 @@ import ( "github.com/edgelesssys/constellation/v2/internal/cloud/metadata" "github.com/edgelesssys/constellation/v2/internal/constants" "github.com/edgelesssys/constellation/v2/internal/role" - "github.com/gophercloud/gophercloud/openstack/compute/v2/servers" - "github.com/gophercloud/gophercloud/openstack/networking/v2/networks" - "github.com/gophercloud/gophercloud/openstack/networking/v2/subnets" - "github.com/gophercloud/utils/openstack/clientconfig" + "github.com/gophercloud/gophercloud/v2/openstack/compute/v2/servers" + "github.com/gophercloud/gophercloud/v2/openstack/networking/v2/networks" + "github.com/gophercloud/gophercloud/v2/openstack/networking/v2/subnets" + "github.com/gophercloud/utils/v2/openstack/clientconfig" ) const ( @@ -65,13 +65,13 @@ func New(ctx context.Context) (*MetadataClient, error) { }, } - serversClient, err := clientconfig.NewServiceClient("compute", clientOpts) + serversClient, err := clientconfig.NewServiceClient(ctx, "compute", clientOpts) if err != nil { return nil, fmt.Errorf("creating compute client: %w", err) } serversClient.Microversion = microversion - networksClient, err := clientconfig.NewServiceClient("network", clientOpts) + networksClient, err := clientconfig.NewServiceClient(ctx, "network", clientOpts) if err != nil { return nil, fmt.Errorf("creating network client: %w", err) } @@ -122,12 +122,12 @@ func (c *MetadataClient) List(ctx context.Context) ([]metadata.InstanceMetadata, uidTag := fmt.Sprintf("constellation-uid-%s", uid) - subnet, err := c.getSubnetCIDR(uidTag) + subnet, err := c.getSubnetCIDR(ctx, uidTag) if err != nil { return nil, err } - srvs, err := c.getServers(uidTag) + srvs, err := c.getServers(ctx, uidTag) if err != nil { return nil, err } @@ -240,9 +240,9 @@ func (c *MetadataClient) GetLoadBalancerEndpoint(ctx context.Context) (host, por return host, strconv.FormatInt(constants.KubernetesPort, 10), nil } -func (c *MetadataClient) getSubnetCIDR(uidTag string) (netip.Prefix, error) { +func (c *MetadataClient) getSubnetCIDR(ctx context.Context, uidTag string) (netip.Prefix, error) { listNetworksOpts := networks.ListOpts{Tags: uidTag} - networksPage, err := c.api.ListNetworks(listNetworksOpts).AllPages() + networksPage, err := c.api.ListNetworks(listNetworksOpts).AllPages(ctx) if err != nil { return netip.Prefix{}, fmt.Errorf("listing networks: %w", err) } @@ -255,7 +255,7 @@ func (c *MetadataClient) getSubnetCIDR(uidTag string) (netip.Prefix, error) { } listSubnetsOpts := subnets.ListOpts{Tags: uidTag} - subnetsPage, err := c.api.ListSubnets(listSubnetsOpts).AllPages() + subnetsPage, err := c.api.ListSubnets(listSubnetsOpts).AllPages(ctx) if err != nil { return netip.Prefix{}, fmt.Errorf("listing subnets: %w", err) } @@ -285,9 +285,9 @@ func (c *MetadataClient) getSubnetCIDR(uidTag string) (netip.Prefix, error) { return cidr, nil } -func (c *MetadataClient) getServers(uidTag string) ([]servers.Server, error) { +func (c *MetadataClient) getServers(ctx context.Context, uidTag string) ([]servers.Server, error) { listServersOpts := servers.ListOpts{Tags: uidTag} - serversPage, err := c.api.ListServers(listServersOpts).AllPages() + serversPage, err := c.api.ListServers(listServersOpts).AllPages(ctx) if err != nil { return nil, fmt.Errorf("listing servers: %w", err) } diff --git a/internal/cloud/openstack/openstack_test.go b/internal/cloud/openstack/openstack_test.go index da8ed9d6b..33835b243 100644 --- a/internal/cloud/openstack/openstack_test.go +++ b/internal/cloud/openstack/openstack_test.go @@ -14,11 +14,11 @@ import ( "github.com/edgelesssys/constellation/v2/internal/cloud/metadata" "github.com/edgelesssys/constellation/v2/internal/role" - "github.com/gophercloud/gophercloud" - "github.com/gophercloud/gophercloud/openstack/compute/v2/servers" - "github.com/gophercloud/gophercloud/openstack/networking/v2/networks" - "github.com/gophercloud/gophercloud/openstack/networking/v2/subnets" - "github.com/gophercloud/gophercloud/pagination" + "github.com/gophercloud/gophercloud/v2" + "github.com/gophercloud/gophercloud/v2/openstack/compute/v2/servers" + "github.com/gophercloud/gophercloud/v2/openstack/networking/v2/networks" + "github.com/gophercloud/gophercloud/v2/openstack/networking/v2/subnets" + "github.com/gophercloud/gophercloud/v2/pagination" "github.com/stretchr/testify/assert" ) diff --git a/internal/cloud/openstack/wrappers.go b/internal/cloud/openstack/wrappers.go index c2c732698..6a0cb7aaf 100644 --- a/internal/cloud/openstack/wrappers.go +++ b/internal/cloud/openstack/wrappers.go @@ -7,10 +7,10 @@ SPDX-License-Identifier: AGPL-3.0-only package openstack import ( - "github.com/gophercloud/gophercloud" - "github.com/gophercloud/gophercloud/openstack/compute/v2/servers" - "github.com/gophercloud/gophercloud/openstack/networking/v2/networks" - "github.com/gophercloud/gophercloud/openstack/networking/v2/subnets" + "github.com/gophercloud/gophercloud/v2" + "github.com/gophercloud/gophercloud/v2/openstack/compute/v2/servers" + "github.com/gophercloud/gophercloud/v2/openstack/networking/v2/networks" + "github.com/gophercloud/gophercloud/v2/openstack/networking/v2/subnets" ) type apiClient struct { From 0ad89ebcd8b1df4770f503ccbdf00c18a6cff0c2 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 8 Aug 2024 11:25:39 +0200 Subject: [PATCH 205/380] deps: update aquasecurity/tfsec to v1.28.10 (#3301) * deps: update aquasecurity/tfsec to v1.28.10 * deps: tidy all modules --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci --- bazel/toolchains/ci_deps.bzl | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/bazel/toolchains/ci_deps.bzl b/bazel/toolchains/ci_deps.bzl index 870bba0d6..6fd86b53d 100644 --- a/bazel/toolchains/ci_deps.bzl +++ b/bazel/toolchains/ci_deps.bzl @@ -181,41 +181,41 @@ def _tfsec_deps(): name = "com_github_aquasecurity_tfsec_linux_amd64", build_file_content = """exports_files(["tfsec"], visibility = ["//visibility:public"])""", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/8cbd8d64cbd1f25b38f33fa04db602466dade79e99c99dc9da053b5962d34014", - "https://github.com/aquasecurity/tfsec/releases/download/v1.28.6/tfsec_1.28.6_linux_amd64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/16601d830bf13590cf2e9537e48d1a9c33f87b2f715f46e359f93fc4457320bc", + "https://github.com/aquasecurity/tfsec/releases/download/v1.28.10/tfsec_1.28.10_linux_amd64.tar.gz", ], type = "tar.gz", - sha256 = "8cbd8d64cbd1f25b38f33fa04db602466dade79e99c99dc9da053b5962d34014", + sha256 = "16601d830bf13590cf2e9537e48d1a9c33f87b2f715f46e359f93fc4457320bc", ) http_archive( name = "com_github_aquasecurity_tfsec_linux_arm64", build_file_content = """exports_files(["tfsec"], visibility = ["//visibility:public"])""", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/4bc7b0f0592be4fa384cff52af5b1cdd2066ba7a06001bea98690340851c0bce", - "https://github.com/aquasecurity/tfsec/releases/download/v1.28.6/tfsec_1.28.6_linux_arm64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/2b982c966d23891e5e8d1b3348865fd24b9b0fde68608512dde4a39b00e2fef8", + "https://github.com/aquasecurity/tfsec/releases/download/v1.28.10/tfsec_1.28.10_linux_arm64.tar.gz", ], type = "tar.gz", - sha256 = "4bc7b0f0592be4fa384cff52af5b1cdd2066ba7a06001bea98690340851c0bce", + sha256 = "2b982c966d23891e5e8d1b3348865fd24b9b0fde68608512dde4a39b00e2fef8", ) http_archive( name = "com_github_aquasecurity_tfsec_darwin_amd64", build_file_content = """exports_files(["tfsec"], visibility = ["//visibility:public"])""", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/3b31e954819faa7d6151b999548cefb782f2f4dc64b355c8747e44d4b0b2faca", - "https://github.com/aquasecurity/tfsec/releases/download/v1.28.6/tfsec_1.28.6_darwin_amd64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/e337e274e1dd4dfd66d420b508da8338cf4768828f1b24301bea7d847e937e57", + "https://github.com/aquasecurity/tfsec/releases/download/v1.28.10/tfsec_1.28.10_darwin_amd64.tar.gz", ], type = "tar.gz", - sha256 = "3b31e954819faa7d6151b999548cefb782f2f4dc64b355c8747e44d4b0b2faca", + sha256 = "e337e274e1dd4dfd66d420b508da8338cf4768828f1b24301bea7d847e937e57", ) http_archive( name = "com_github_aquasecurity_tfsec_darwin_arm64", build_file_content = """exports_files(["tfsec"], visibility = ["//visibility:public"])""", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/aa132b7e0e69e16f1c9320257841751e52c42d9791b7f900de72cf0b06ffe74c", - "https://github.com/aquasecurity/tfsec/releases/download/v1.28.6/tfsec_1.28.6_darwin_arm64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/b7c68b6cfc618e64335579bcd4c64cf8fc9aea674e466230048160b6fadcfa1e", + "https://github.com/aquasecurity/tfsec/releases/download/v1.28.10/tfsec_1.28.10_darwin_arm64.tar.gz", ], type = "tar.gz", - sha256 = "aa132b7e0e69e16f1c9320257841751e52c42d9791b7f900de72cf0b06ffe74c", + sha256 = "b7c68b6cfc618e64335579bcd4c64cf8fc9aea674e466230048160b6fadcfa1e", ) def _golangci_lint_deps(): From 6257d0a2833f488087c990b3add05af29fc86505 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 8 Aug 2024 11:25:49 +0200 Subject: [PATCH 206/380] deps: update bufbuild/buf to v1.36.0 (#3302) * deps: update bufbuild/buf to v1.36.0 * deps: tidy all modules --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci --- bazel/toolchains/ci_deps.bzl | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/bazel/toolchains/ci_deps.bzl b/bazel/toolchains/ci_deps.bzl index 6fd86b53d..fdb5a1fe2 100644 --- a/bazel/toolchains/ci_deps.bzl +++ b/bazel/toolchains/ci_deps.bzl @@ -270,44 +270,44 @@ def _buf_deps(): strip_prefix = "buf/bin", build_file_content = """exports_files(["buf"], visibility = ["//visibility:public"])""", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/82dcf1a5f45498b539a04d764e3cb274a13c8d94271c92508fc1624d227895ff", - "https://github.com/bufbuild/buf/releases/download/v1.34.0/buf-Linux-x86_64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/b0515420c9705332a0cc2161b7c515d55ed7111ef2ccc791c2282ca4eeaf5115", + "https://github.com/bufbuild/buf/releases/download/v1.36.0/buf-Linux-x86_64.tar.gz", ], type = "tar.gz", - sha256 = "82dcf1a5f45498b539a04d764e3cb274a13c8d94271c92508fc1624d227895ff", + sha256 = "b0515420c9705332a0cc2161b7c515d55ed7111ef2ccc791c2282ca4eeaf5115", ) http_archive( name = "com_github_bufbuild_buf_linux_arm64", strip_prefix = "buf/bin", build_file_content = """exports_files(["buf"], visibility = ["//visibility:public"])""", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/564d3ee76d93940addc15ba99b6ccc08b199c345800947a6d7f92e123aa62343", - "https://github.com/bufbuild/buf/releases/download/v1.34.0/buf-Linux-aarch64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/b71f79c5057bdf733d39ab5cbf05eaba172e5fbfcead2629a3eaf3d24d9afab9", + "https://github.com/bufbuild/buf/releases/download/v1.36.0/buf-Linux-aarch64.tar.gz", ], type = "tar.gz", - sha256 = "564d3ee76d93940addc15ba99b6ccc08b199c345800947a6d7f92e123aa62343", + sha256 = "b71f79c5057bdf733d39ab5cbf05eaba172e5fbfcead2629a3eaf3d24d9afab9", ) http_archive( name = "com_github_bufbuild_buf_darwin_amd64", strip_prefix = "buf/bin", build_file_content = """exports_files(["buf"], visibility = ["//visibility:public"])""", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/6f07be0a8db1798fae85e19bbe6eb5618dadddff4be3e3d1e80a30d4f2a35d20", - "https://github.com/bufbuild/buf/releases/download/v1.34.0/buf-Darwin-x86_64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/c5880bff78014f3204b442fe538aa2a5d9653ef73869913cdb01d84ae841f95d", + "https://github.com/bufbuild/buf/releases/download/v1.36.0/buf-Darwin-x86_64.tar.gz", ], type = "tar.gz", - sha256 = "6f07be0a8db1798fae85e19bbe6eb5618dadddff4be3e3d1e80a30d4f2a35d20", + sha256 = "c5880bff78014f3204b442fe538aa2a5d9653ef73869913cdb01d84ae841f95d", ) http_archive( name = "com_github_bufbuild_buf_darwin_arm64", strip_prefix = "buf/bin", build_file_content = """exports_files(["buf"], visibility = ["//visibility:public"])""", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/1a36e18b9aaaa69465d1a3b5fd061a9b6b9933ab93a71961824eba2afa0151fe", - "https://github.com/bufbuild/buf/releases/download/v1.34.0/buf-Darwin-arm64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/abd9cadbd1f86ae9e8683b73e1f44455ecdd3b908f65c72795c47e94bccae2f2", + "https://github.com/bufbuild/buf/releases/download/v1.36.0/buf-Darwin-arm64.tar.gz", ], type = "tar.gz", - sha256 = "1a36e18b9aaaa69465d1a3b5fd061a9b6b9933ab93a71961824eba2afa0151fe", + sha256 = "abd9cadbd1f86ae9e8683b73e1f44455ecdd3b908f65c72795c47e94bccae2f2", ) def _talos_docgen_deps(): From 2d008c2923950fe311af0114d5a610267205dd92 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 8 Aug 2024 15:43:52 +0200 Subject: [PATCH 207/380] deps: update bazel (plugins) (#3303) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * deps: update bazel (plugins) --------- Signed-off-by: Daniel Weiße Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Daniel Weiße --- .../source.bzl | 8 ++++---- bazel/toolchains/multirun_deps.bzl | 8 ++++---- bazel/toolchains/nixpkgs_deps.bzl | 8 ++++---- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/3rdparty/bazel/com_github_medik8s_node_maintainance_operator/source.bzl b/3rdparty/bazel/com_github_medik8s_node_maintainance_operator/source.bzl index a9d20a08c..aa81fc947 100644 --- a/3rdparty/bazel/com_github_medik8s_node_maintainance_operator/source.bzl +++ b/3rdparty/bazel/com_github_medik8s_node_maintainance_operator/source.bzl @@ -6,10 +6,10 @@ def node_maintainance_operator_deps(): http_archive( name = "com_github_medik8s_node_maintainance_operator", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/df5ea2f9d982dd78770f2549333fd40aaf40e50a28deec9d7892f83cf9d1bdb2", - "https://github.com/medik8s/node-maintenance-operator/archive/refs/tags/v0.15.0.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/6ccc7f152e5c595ab24eaadcda77870101eccc482694dc6f0d93be2528406ae2", + "https://github.com/medik8s/node-maintenance-operator/archive/refs/tags/v0.17.0.tar.gz", ], - strip_prefix = "node-maintenance-operator-0.15.0", + strip_prefix = "node-maintenance-operator-0.17.0", build_file_content = """ api_v1beta1 = glob(["api/v1beta1/*.go"]) filegroup( @@ -19,5 +19,5 @@ filegroup( ) """, type = "tar.gz", - sha256 = "df5ea2f9d982dd78770f2549333fd40aaf40e50a28deec9d7892f83cf9d1bdb2", + sha256 = "6ccc7f152e5c595ab24eaadcda77870101eccc482694dc6f0d93be2528406ae2", ) diff --git a/bazel/toolchains/multirun_deps.bzl b/bazel/toolchains/multirun_deps.bzl index 0db8f32e9..ee1f3a584 100644 --- a/bazel/toolchains/multirun_deps.bzl +++ b/bazel/toolchains/multirun_deps.bzl @@ -5,11 +5,11 @@ load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") def multirun_deps(): http_archive( name = "com_github_ash2k_bazel_tools", - sha256 = "c5c2bb097ef427ab021f522828167c6d85c3e9077763629343282c51dbde03db", - strip_prefix = "bazel-tools-ad2d84beb4e577bda323c8517533b046ed34e6ad", + sha256 = "dc32a65c69c843f1ba2a328b79974163896e5b8ed283cd711abe12bf7cd12ffc", + strip_prefix = "bazel-tools-415483a9e13342a6603a710b0296f6d85b8d26bf", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/c5c2bb097ef427ab021f522828167c6d85c3e9077763629343282c51dbde03db", - "https://github.com/ash2k/bazel-tools/archive/ad2d84beb4e577bda323c8517533b046ed34e6ad.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/dc32a65c69c843f1ba2a328b79974163896e5b8ed283cd711abe12bf7cd12ffc", + "https://github.com/ash2k/bazel-tools/archive/415483a9e13342a6603a710b0296f6d85b8d26bf.tar.gz", ], type = "tar.gz", ) diff --git a/bazel/toolchains/nixpkgs_deps.bzl b/bazel/toolchains/nixpkgs_deps.bzl index d1df61706..a392ef9ba 100644 --- a/bazel/toolchains/nixpkgs_deps.bzl +++ b/bazel/toolchains/nixpkgs_deps.bzl @@ -5,11 +5,11 @@ load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") def nixpkgs_deps(): http_archive( name = "io_tweag_rules_nixpkgs", - sha256 = "2a555348d7f8593fca2bf3fc6ce53c5d62929de81b6c292e23f16c557c0ae45a", - strip_prefix = "rules_nixpkgs-0.11.1", + sha256 = "1adb04dc0416915fef427757f4272c4f7dacefeceeefc50f683aec7f7e9b787a", + strip_prefix = "rules_nixpkgs-0.12.0", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/2a555348d7f8593fca2bf3fc6ce53c5d62929de81b6c292e23f16c557c0ae45a", - "https://github.com/tweag/rules_nixpkgs/releases/download/v0.11.1/rules_nixpkgs-0.11.1.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/1adb04dc0416915fef427757f4272c4f7dacefeceeefc50f683aec7f7e9b787a", + "https://github.com/tweag/rules_nixpkgs/releases/download/v0.12.0/rules_nixpkgs-0.12.0.tar.gz", ], type = "tar.gz", ) From e881705f73e560f521242b8af8f1a33affc51ffd Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 8 Aug 2024 16:34:04 +0200 Subject: [PATCH 208/380] deps: update Terraform constellation to v2 (#3306) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- terraform-provider-constellation/examples/full/aws/main.tf | 2 +- terraform-provider-constellation/examples/full/azure/main.tf | 2 +- terraform-provider-constellation/examples/full/gcp/main.tf | 2 +- terraform-provider-constellation/examples/full/stackit/main.tf | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/terraform-provider-constellation/examples/full/aws/main.tf b/terraform-provider-constellation/examples/full/aws/main.tf index b50a014e3..0df608981 100644 --- a/terraform-provider-constellation/examples/full/aws/main.tf +++ b/terraform-provider-constellation/examples/full/aws/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { constellation = { source = "edgelesssys/constellation" - version = "0.0.0" // replace with the version you want to use + version = "2.17.0" // replace with the version you want to use } random = { source = "hashicorp/random" diff --git a/terraform-provider-constellation/examples/full/azure/main.tf b/terraform-provider-constellation/examples/full/azure/main.tf index 84237eeb1..857023874 100644 --- a/terraform-provider-constellation/examples/full/azure/main.tf +++ b/terraform-provider-constellation/examples/full/azure/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { constellation = { source = "edgelesssys/constellation" - version = "0.0.0" // replace with the version you want to use + version = "2.17.0" // replace with the version you want to use } random = { source = "hashicorp/random" diff --git a/terraform-provider-constellation/examples/full/gcp/main.tf b/terraform-provider-constellation/examples/full/gcp/main.tf index a6c2d09ab..9f8df7a08 100644 --- a/terraform-provider-constellation/examples/full/gcp/main.tf +++ b/terraform-provider-constellation/examples/full/gcp/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { constellation = { source = "edgelesssys/constellation" - version = "0.0.0" // replace with the version you want to use + version = "2.17.0" // replace with the version you want to use } random = { source = "hashicorp/random" diff --git a/terraform-provider-constellation/examples/full/stackit/main.tf b/terraform-provider-constellation/examples/full/stackit/main.tf index 5eaa27151..a380daec7 100644 --- a/terraform-provider-constellation/examples/full/stackit/main.tf +++ b/terraform-provider-constellation/examples/full/stackit/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { constellation = { source = "edgelesssys/constellation" - version = "0.0.0" // replace with the version you want to use + version = "2.17.0" // replace with the version you want to use } random = { source = "hashicorp/random" From 1e5dcc3f769dae538c626811668dfd9428546691 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Fri, 9 Aug 2024 08:23:08 +0200 Subject: [PATCH 209/380] renovate: schedule dependency updates (#3305) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Run large dependency group upgrades on schedule * Stop ignoring stackit Terraform releases * Put s3proxy container updates on a schedule --------- Signed-off-by: Daniel Weiße --- renovate.json5 | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/renovate.json5 b/renovate.json5 index 479c4be07..49cc84650 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -56,6 +56,7 @@ "pinDigest", "rollback", ], + "schedule": ["before 8am on monday"], }, { // Group update of Terraform dependencies. @@ -71,8 +72,7 @@ "pinDigest", "rollback", ], - // stackit is excluded from the group so that we can ignore v0.24.1: https://github.com/stackitcloud/terraform-provider-stackit/issues/464. - "excludeDepNames": ["stackit"], + "schedule": ["before 8am on wednesday"], }, { "matchManagers": ["bazelisk", "bazel", "bazel-module"], @@ -123,6 +123,7 @@ "rollback", "bump", ], + "schedule": ["before 8am on tuesday"], }, { "matchDepNames": ["kubernetes/kubernetes"], @@ -184,6 +185,7 @@ "ignoreUnstable": false, "groupName": "Constellation containers", "prPriority": 20, + "schedule": ["before 8am on thursday"], }, { "matchDepNames": [ From 9b1b04f4e59cee004387d5c06d2bbf64f3d34083 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Fri, 9 Aug 2024 08:24:39 +0200 Subject: [PATCH 210/380] image: update measurements and image version (#3307) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index 252e7c8d0..c8eb07211 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xef, 0x88, 0x9a, 0x3f, 0x0b, 0x03, 0xd6, 0x42, 0x75, 0xaf, 0x66, 0xf1, 0x66, 0x2a, 0xfb, 0x9f, 0x93, 0xda, 0xa7, 0xc9, 0xee, 0x74, 0xd6, 0xd9, 0x44, 0x05, 0x51, 0x81, 0x10, 0x03, 0x18, 0x76}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xeb, 0x54, 0x49, 0x8c, 0x47, 0x94, 0x78, 0x19, 0xa1, 0x43, 0xa6, 0x7c, 0x14, 0x00, 0xbc, 0xbc, 0xc5, 0xd2, 0x34, 0x4d, 0x63, 0xc9, 0x15, 0xa6, 0xb1, 0x02, 0x6a, 0x55, 0xc8, 0x69, 0x04, 0x50}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe7, 0x64, 0x4e, 0x76, 0xa5, 0x11, 0x8d, 0x77, 0xe2, 0xdd, 0x68, 0xe7, 0x0e, 0xd6, 0x70, 0x6f, 0xa4, 0x97, 0x37, 0x23, 0xdd, 0xc1, 0xeb, 0xfc, 0xfc, 0x28, 0x04, 0x35, 0xa4, 0xf0, 0xd2, 0x59}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xa1, 0xc0, 0x58, 0x36, 0x19, 0x36, 0x10, 0xf6, 0x83, 0x58, 0x9b, 0x25, 0x68, 0x00, 0xe1, 0x0f, 0x57, 0xf2, 0x19, 0x4c, 0xb2, 0xee, 0xa2, 0xbf, 0xd8, 0xed, 0x76, 0x1b, 0xde, 0x82, 0x8b, 0xe8}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xe6, 0x2b, 0xe7, 0xf6, 0xce, 0x17, 0xd1, 0xe3, 0x21, 0x99, 0xdc, 0x3d, 0xe6, 0x00, 0xb7, 0x2b, 0xa1, 0x05, 0x83, 0x01, 0x75, 0x95, 0x38, 0xa3, 0x3b, 0x6e, 0x7a, 0x6c, 0xea, 0x8f, 0xb4, 0xfd}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x74, 0x7e, 0x5b, 0x66, 0xf5, 0x4c, 0x70, 0x1e, 0x8d, 0xc0, 0x07, 0x4e, 0x89, 0x93, 0x36, 0x37, 0xab, 0x1d, 0x0d, 0x6a, 0x9d, 0x1e, 0x56, 0xfe, 0x4e, 0xd0, 0x59, 0xcc, 0xa7, 0x46, 0x0a, 0x08}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x88, 0xa5, 0x3c, 0x49, 0x9e, 0x04, 0xed, 0x28, 0xc1, 0xb1, 0x1e, 0x44, 0x96, 0x25, 0x14, 0x1f, 0xee, 0x34, 0x84, 0x43, 0xa6, 0x59, 0x59, 0x08, 0x2c, 0x4c, 0x20, 0x71, 0xdd, 0xf7, 0x19, 0xc2}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xf0, 0x85, 0xdb, 0x17, 0x11, 0xc6, 0xb2, 0xfe, 0x52, 0xfb, 0xb9, 0x17, 0xcd, 0x6f, 0xd7, 0x25, 0x0f, 0xd6, 0xaf, 0x0c, 0x98, 0x07, 0x42, 0x92, 0x41, 0x08, 0xd1, 0x7d, 0xea, 0x83, 0x0a, 0x6b}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x63, 0xa2, 0x96, 0x4c, 0x69, 0x4c, 0x4a, 0x4d, 0xe4, 0x15, 0x3f, 0x67, 0x4c, 0x38, 0xc5, 0xde, 0xea, 0xf4, 0xfb, 0x9b, 0xcc, 0xb3, 0x53, 0xc3, 0xfe, 0x87, 0x22, 0xef, 0x35, 0x27, 0x8a, 0x3f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x98, 0x89, 0xd4, 0xd5, 0x88, 0x06, 0xf6, 0x42, 0x2d, 0xab, 0x3e, 0x8c, 0x49, 0xc0, 0xae, 0xf9, 0x36, 0x1a, 0x5a, 0x7c, 0xcc, 0xf6, 0x52, 0x6e, 0x3b, 0x62, 0xbb, 0xcf, 0xa5, 0x5f, 0xf3, 0xff}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x3e, 0x3b, 0x5e, 0x65, 0x46, 0xa1, 0xaa, 0x8c, 0xbe, 0x48, 0x99, 0xe8, 0xed, 0x15, 0x52, 0x5d, 0x0d, 0x42, 0xea, 0x4f, 0x25, 0xd2, 0x96, 0x92, 0xea, 0x2a, 0x42, 0xee, 0x71, 0xbc, 0xda, 0xf5}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x8d, 0xd4, 0xf6, 0xa0, 0xff, 0x24, 0xb8, 0xe7, 0x14, 0x42, 0xec, 0xf2, 0x32, 0x34, 0x51, 0x79, 0x39, 0xf2, 0x89, 0x76, 0xb9, 0xdb, 0x9a, 0xaf, 0xa9, 0x27, 0x2f, 0xd1, 0xe2, 0x97, 0x30, 0xe0}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x63, 0x19, 0x85, 0x8d, 0x03, 0x0c, 0xcc, 0x24, 0x2d, 0xc9, 0xce, 0xa9, 0xa2, 0x9e, 0x8c, 0x16, 0x07, 0x8f, 0x9b, 0x93, 0x25, 0x72, 0xa0, 0x8a, 0x46, 0x30, 0xb4, 0x3d, 0xcc, 0x31, 0xe7, 0x97}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x0b, 0x7c, 0x0e, 0x02, 0x1b, 0xd8, 0x90, 0x7b, 0x79, 0xca, 0x4f, 0x41, 0xe0, 0xe1, 0x7f, 0x53, 0x00, 0xc5, 0x49, 0x47, 0x53, 0x54, 0x6a, 0xa3, 0xe2, 0x89, 0x61, 0x2c, 0xa8, 0x3c, 0x14, 0x26}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xdf, 0x29, 0xfc, 0x81, 0xc9, 0x5d, 0x29, 0xfa, 0x3e, 0x78, 0x6d, 0x00, 0xb8, 0x87, 0x6b, 0x20, 0xbc, 0xad, 0x3d, 0x5e, 0xec, 0xed, 0x8d, 0x6c, 0xf0, 0xfc, 0x84, 0x1a, 0x59, 0xd5, 0xfd, 0x82}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xd9, 0x8d, 0x3c, 0x16, 0xc9, 0x42, 0x41, 0x40, 0x18, 0x32, 0x28, 0x0c, 0x3f, 0xc3, 0x1b, 0xe1, 0x0f, 0x01, 0xcb, 0xe0, 0xd3, 0x26, 0x6c, 0xd4, 0xa3, 0xb5, 0xbb, 0xaa, 0x29, 0xed, 0xe3, 0x81}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x2f, 0xfa, 0xe9, 0x5e, 0x5f, 0xb9, 0x10, 0xe2, 0x28, 0x3f, 0x83, 0xf1, 0x4b, 0x14, 0xd9, 0x0a, 0x0c, 0x61, 0xfe, 0xac, 0x86, 0x3e, 0xba, 0x81, 0xa2, 0x83, 0xea, 0xc1, 0xe0, 0x0a, 0xf9, 0x23}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xc5, 0xb4, 0x77, 0x54, 0xb0, 0x09, 0x00, 0x5d, 0xab, 0xdd, 0xd3, 0xe9, 0x6d, 0x0f, 0xcb, 0x7a, 0x17, 0x14, 0x59, 0x19, 0x43, 0xd5, 0x96, 0xcb, 0x49, 0xf7, 0xd8, 0x93, 0x14, 0x5a, 0xa6, 0xd2}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xde, 0xec, 0xd9, 0x63, 0x75, 0xe0, 0x42, 0x6b, 0x46, 0x26, 0xad, 0xc7, 0x25, 0x19, 0x6d, 0x7f, 0x30, 0x72, 0xf8, 0xa3, 0x08, 0xac, 0xcb, 0xce, 0x5f, 0xd1, 0x8a, 0x4e, 0x97, 0x8a, 0xe6, 0x3d}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x64, 0xc2, 0x4f, 0xea, 0x89, 0x1a, 0x12, 0x9b, 0xa0, 0xfc, 0x43, 0xf6, 0x6b, 0x5d, 0xd1, 0x4d, 0x1e, 0x9d, 0x9d, 0xec, 0xe6, 0x7a, 0xee, 0x3c, 0x0e, 0xca, 0x11, 0xf5, 0xc9, 0x9b, 0x6b, 0xec}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x1c, 0x43, 0x00, 0x8e, 0x66, 0x16, 0xc3, 0x0c, 0xf5, 0x2b, 0xdc, 0x63, 0x0e, 0x27, 0x3b, 0xac, 0x1d, 0xf6, 0x7d, 0x14, 0xd6, 0x42, 0x0f, 0xf7, 0x55, 0xac, 0x68, 0x4e, 0x82, 0x76, 0x62, 0x38}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xad, 0x2d, 0x68, 0xc7, 0x30, 0x1a, 0xcf, 0xd2, 0x64, 0x1e, 0x3b, 0x99, 0x6e, 0x83, 0x9b, 0xd8, 0xc0, 0x61, 0xda, 0xb5, 0xba, 0x06, 0x8d, 0xca, 0xa4, 0xa3, 0x25, 0x66, 0x6b, 0x4f, 0x56, 0x23}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xff, 0x9c, 0xa4, 0x2d, 0x70, 0x99, 0x5b, 0x7f, 0x19, 0xc0, 0xa5, 0x31, 0x66, 0x69, 0xfe, 0xd8, 0x4c, 0xbe, 0x92, 0x1c, 0x31, 0x9e, 0xcf, 0x29, 0x75, 0x67, 0xda, 0x23, 0xa5, 0x19, 0x62, 0x85}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x0c, 0x20, 0x29, 0xc1, 0xe3, 0x22, 0x02, 0x84, 0x11, 0x2e, 0x39, 0xef, 0x19, 0x85, 0x23, 0xe8, 0x57, 0xfd, 0x3a, 0xec, 0x50, 0x97, 0x0b, 0x9d, 0xfb, 0x4a, 0xc2, 0x18, 0x89, 0x8e, 0xe7, 0x44}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x5d, 0xd0, 0x25, 0x53, 0x1d, 0xbd, 0xf6, 0xdd, 0x3d, 0x91, 0xaa, 0x63, 0xaa, 0xad, 0x6b, 0x60, 0x63, 0xea, 0xf8, 0x43, 0xd2, 0x85, 0xd8, 0x78, 0x3f, 0xc7, 0xd0, 0x46, 0x25, 0x59, 0x07, 0x81}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x60, 0xaf, 0x5f, 0x69, 0xc1, 0x09, 0x60, 0xe6, 0xcd, 0xcd, 0x45, 0x1a, 0x07, 0x29, 0xbf, 0x01, 0x36, 0x33, 0x9c, 0xd3, 0x8c, 0xd9, 0xd6, 0x94, 0x33, 0x28, 0x11, 0xc0, 0x23, 0x77, 0xe5, 0x4a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x4d, 0xad, 0xac, 0x7f, 0x6b, 0x19, 0xe7, 0x3b, 0xad, 0xdc, 0xd8, 0x4f, 0xbc, 0x6f, 0x4e, 0xc7, 0xf8, 0x88, 0xde, 0x6c, 0x3f, 0xe0, 0x28, 0xd7, 0x61, 0x20, 0x84, 0xd4, 0x01, 0xd1, 0x84, 0x58}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x07, 0x0b, 0xba, 0xb6, 0x52, 0x96, 0xbe, 0x97, 0xf1, 0xea, 0x41, 0x1e, 0xff, 0x7d, 0x8b, 0x0a, 0xf6, 0x7e, 0xdc, 0xb1, 0xae, 0xc3, 0x89, 0x1f, 0x64, 0x94, 0x29, 0xf1, 0xa5, 0xd7, 0x1d, 0x22}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb3, 0xc4, 0x33, 0xa1, 0x22, 0x5e, 0x01, 0x66, 0xdc, 0xa3, 0x3a, 0x25, 0x6f, 0x45, 0x52, 0x21, 0xdc, 0xde, 0xc8, 0xdb, 0xb2, 0x99, 0xe0, 0xa6, 0x4c, 0xa0, 0x09, 0x99, 0x34, 0x47, 0xfe, 0xbf}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf4, 0x85, 0x57, 0x9f, 0x4e, 0xcb, 0xb1, 0x01, 0x5f, 0x63, 0x9e, 0xe1, 0x98, 0x37, 0x6d, 0x94, 0xd4, 0x82, 0x81, 0x1c, 0x4c, 0x27, 0xbd, 0x0d, 0x62, 0x5d, 0x02, 0xa7, 0x0a, 0xba, 0x56, 0x95}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0x61, 0x0f, 0xd9, 0x88, 0x00, 0x04, 0x29, 0x62, 0xa1, 0xef, 0x54, 0xe4, 0xce, 0xb3, 0xe7, 0x42, 0xb0, 0x5f, 0x37, 0xe8, 0xfb, 0xfd, 0xcd, 0xa8, 0x3c, 0xc9, 0x2b, 0x19, 0x42, 0x10, 0x53, 0x33}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xc6, 0x2f, 0x93, 0x36, 0xab, 0xc6, 0x72, 0x2e, 0xcb, 0x06, 0x01, 0x06, 0x37, 0x0f, 0x1c, 0x65, 0x8e, 0xf2, 0xcc, 0x18, 0x63, 0xfc, 0xdb, 0x39, 0x26, 0xb4, 0x20, 0x0a, 0xaa, 0x1d, 0x78, 0x6d}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xb9, 0xdd, 0x68, 0xe0, 0xe0, 0xb5, 0xd8, 0x09, 0x2c, 0xdd, 0xaf, 0x97, 0x74, 0x5f, 0x0e, 0x8f, 0xc2, 0x40, 0xb9, 0x49, 0x0e, 0xbd, 0x2c, 0x7e, 0x8d, 0x92, 0xfa, 0x7c, 0xec, 0xd1, 0x5b, 0x27}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x09, 0xec, 0x2d, 0xb2, 0x6c, 0x39, 0x48, 0xdd, 0x4c, 0xc5, 0xbb, 0x72, 0x57, 0x83, 0x1a, 0x57, 0x78, 0x9a, 0x42, 0xa6, 0x4d, 0x71, 0xe1, 0xa6, 0x31, 0x6e, 0xc8, 0xe1, 0xc4, 0x68, 0xbe, 0x53}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x5b, 0x6a, 0xed, 0x68, 0xe8, 0x20, 0x44, 0xfc, 0xcd, 0x75, 0xf7, 0x59, 0x53, 0x56, 0x9f, 0x17, 0xdc, 0x45, 0x02, 0x5a, 0xba, 0xc5, 0x77, 0xcf, 0x1c, 0xfe, 0x1c, 0xe1, 0x3d, 0x39, 0xbe, 0xd7}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xcb, 0x80, 0x51, 0x03, 0x79, 0x15, 0x44, 0x2b, 0x4b, 0x58, 0xcc, 0xcd, 0xb9, 0x97, 0x30, 0xf1, 0x2a, 0xf2, 0xbe, 0xed, 0x7d, 0xef, 0xde, 0x8c, 0x4c, 0x64, 0x0a, 0x92, 0x94, 0x0d, 0x53, 0x2f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xb3, 0xfe, 0x21, 0x38, 0xf4, 0xf0, 0x1b, 0x05, 0x84, 0x20, 0x7a, 0x7e, 0x27, 0x9d, 0x8e, 0x75, 0x26, 0x38, 0xd3, 0x35, 0xe6, 0xbe, 0xdf, 0xae, 0x84, 0xe6, 0x7b, 0x25, 0x41, 0x50, 0x73, 0x48}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x16, 0xdb, 0xc8, 0x3b, 0xc5, 0x1c, 0x0e, 0x17, 0x12, 0x1d, 0x1a, 0x9c, 0xb4, 0x9e, 0x8e, 0xe8, 0xba, 0x12, 0x0c, 0xaa, 0x07, 0x53, 0x17, 0x80, 0xbe, 0x0f, 0x7d, 0x1d, 0x90, 0x34, 0xcc, 0x44}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x44, 0x4f, 0xc5, 0xe4, 0x2e, 0x06, 0x29, 0x1b, 0x0e, 0xea, 0x14, 0x89, 0x00, 0x04, 0x2d, 0x8c, 0x38, 0xa8, 0x53, 0xb7, 0xd0, 0xa4, 0x8e, 0x6c, 0xd6, 0xd5, 0x87, 0xde, 0xd4, 0xa9, 0x1a, 0x13}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0x28, 0xe5, 0x5e, 0xb6, 0x21, 0x7d, 0xed, 0xc6, 0x5e, 0xf0, 0x81, 0x0b, 0x19, 0x3e, 0xe7, 0x65, 0x9c, 0xa9, 0x98, 0x47, 0x50, 0xfd, 0x9f, 0x9d, 0xfc, 0xb6, 0xae, 0x3d, 0x09, 0x52, 0x6e, 0x80}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xad, 0x9f, 0xc5, 0xe2, 0x06, 0x9d, 0x86, 0x28, 0xcd, 0x3e, 0x7c, 0xf3, 0xf8, 0x06, 0xab, 0x0d, 0x93, 0x82, 0xa7, 0x6f, 0x27, 0x23, 0x1e, 0x44, 0x89, 0x0e, 0x7b, 0xd3, 0x5a, 0xd8, 0x62, 0xb2}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x79, 0x7e, 0xd8, 0x23, 0x1b, 0x39, 0x49, 0x5e, 0x89, 0x15, 0x56, 0x5f, 0xa9, 0x6b, 0x72, 0xd5, 0xd7, 0x47, 0x94, 0xa7, 0xe4, 0xb4, 0xfb, 0x11, 0x55, 0x6e, 0xdc, 0x2e, 0xd9, 0x83, 0x4d, 0xe0}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0x56, 0xbf, 0x1f, 0xab, 0x2f, 0xed, 0xb0, 0xea, 0xd2, 0x27, 0xee, 0x85, 0x09, 0xa2, 0xa8, 0xd1, 0x83, 0x0b, 0x20, 0x58, 0xa5, 0x9f, 0x43, 0x94, 0x08, 0x82, 0x70, 0x56, 0xb1, 0xbe, 0x0c, 0xb2}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x8f, 0x95, 0x87, 0x4e, 0xd9, 0x88, 0xf3, 0x2f, 0xc3, 0xe4, 0xa3, 0xe7, 0x54, 0x49, 0xea, 0x79, 0x75, 0x20, 0x11, 0xaa, 0x38, 0x15, 0xa8, 0x7e, 0x67, 0x45, 0xef, 0x0c, 0xad, 0x34, 0x4c, 0x2a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x5e, 0x53, 0x1c, 0xcf, 0x7f, 0x5e, 0xf3, 0xd0, 0x6a, 0xe9, 0x3f, 0xf6, 0x03, 0x14, 0x14, 0xdb, 0x78, 0x37, 0x51, 0x17, 0x94, 0xfd, 0xe9, 0xd0, 0x7b, 0xd7, 0xb4, 0x77, 0xa3, 0xb1, 0x5f, 0xd8}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0xbb, 0x0d, 0x91, 0x26, 0xb7, 0x81, 0xa3, 0xa0, 0x3f, 0xc2, 0xd0, 0xdb, 0xb7, 0x9a, 0x5b, 0xa3, 0x87, 0x91, 0x44, 0xb0, 0x55, 0x46, 0xb3, 0x1b, 0xbf, 0x4f, 0xbf, 0x5f, 0x63, 0x22, 0x5d, 0xd0}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x69, 0x25, 0x1a, 0xd0, 0xb0, 0xaf, 0xaf, 0x89, 0x18, 0xa6, 0x43, 0xfc, 0x4b, 0x4a, 0xa8, 0x6e, 0x96, 0x5e, 0x83, 0x8d, 0x13, 0x75, 0xd3, 0x2c, 0xfd, 0xec, 0x75, 0x08, 0x9e, 0x4d, 0xcd, 0x1c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xda, 0xd8, 0xf9, 0xb0, 0x56, 0x3e, 0x27, 0x60, 0x48, 0xfd, 0xec, 0xff, 0xa3, 0xb5, 0x05, 0x6c, 0x67, 0x00, 0xb2, 0x6a, 0x6d, 0xde, 0xc7, 0xb0, 0x01, 0xcd, 0xc6, 0x6b, 0xbf, 0x1b, 0xd0, 0x3f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index b0dd316a4..fc7e27d49 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240806093103-f186bbb2350c" + defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240808163404-e881705f73e5" ) From fe9615350719549aa07078a18150cb07107f54bc Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 9 Aug 2024 11:00:22 +0200 Subject: [PATCH 211/380] deps: update bazel (modules) (#3304) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * deps: update bazel (modules) * Set std=c++14 * deps: tidy all modules --------- Signed-off-by: Daniel Weiße Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Daniel Weiße Co-authored-by: edgelessci Co-authored-by: Markus Rudy --- MODULE.bazel | 4 +- MODULE.bazel.lock | 3127 ++++++++++++----- WORKSPACE.bzlmod | 2 + bootstrapper/initproto/init.pb.go | 2 +- debugd/service/debugd.pb.go | 2 +- disk-mapper/recoverproto/recover.pb.go | 2 +- internal/versions/components/components.pb.go | 2 +- joinservice/joinproto/join.pb.go | 2 +- keyservice/keyserviceproto/keyservice.pb.go | 2 +- upgrade-agent/upgradeproto/upgrade.pb.go | 2 +- verify/verifyproto/verify.pb.go | 2 +- 11 files changed, 2203 insertions(+), 946 deletions(-) diff --git a/MODULE.bazel b/MODULE.bazel index 3ad53d697..f527eb597 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -1,6 +1,6 @@ module(name = "constellation") -bazel_dep(name = "aspect_bazel_lib", version = "2.7.8") +bazel_dep(name = "aspect_bazel_lib", version = "2.7.9") bazel_lib = use_extension("@aspect_bazel_lib//lib:extensions.bzl", "toolchains") bazel_lib.yq() @@ -13,7 +13,7 @@ bazel_dep(name = "rules_cc", version = "0.0.9") bazel_dep(name = "rules_go", version = "0.49.0", repo_name = "io_bazel_rules_go") bazel_dep(name = "rules_pkg", version = "0.10.1") bazel_dep(name = "rules_proto", version = "6.0.2") -bazel_dep(name = "rules_python", version = "0.32.2") +bazel_dep(name = "rules_python", version = "0.34.0") bazel_dep(name = "buildifier_prebuilt", version = "6.4.0", dev_dependency = True) diff --git a/MODULE.bazel.lock b/MODULE.bazel.lock index 9989e1ffa..c624e4c0d 100644 --- a/MODULE.bazel.lock +++ b/MODULE.bazel.lock @@ -4,11 +4,13 @@ "https://bcr.bazel.build/bazel_registry.json": "8a28e4aff06ee60aed2a8c281907fb8bcbf3b753c91fb5a5c57da3215d5b3497", "https://bcr.bazel.build/modules/abseil-cpp/20210324.2/MODULE.bazel": "7cd0312e064fde87c8d1cd79ba06c876bd23630c83466e9500321be55c96ace2", "https://bcr.bazel.build/modules/abseil-cpp/20211102.0/MODULE.bazel": "70390338f7a5106231d20620712f7cccb659cd0e9d073d1991c038eb9fc57589", - "https://bcr.bazel.build/modules/abseil-cpp/20211102.0/source.json": "7e3a9adf473e9af076ae485ed649d5641ad50ec5c11718103f34de03170d94ad", + "https://bcr.bazel.build/modules/abseil-cpp/20230125.1/MODULE.bazel": "89047429cb0207707b2dface14ba7f8df85273d484c2572755be4bab7ce9c3a0", + "https://bcr.bazel.build/modules/abseil-cpp/20230802.0.bcr.1/MODULE.bazel": "1c8cec495288dccd14fdae6e3f95f772c1c91857047a098fad772034264cc8cb", + "https://bcr.bazel.build/modules/abseil-cpp/20230802.0.bcr.1/source.json": "14892cc698e02ffedf4967546e6bedb7245015906888d3465fcf27c90a26da10", "https://bcr.bazel.build/modules/apple_support/1.5.0/MODULE.bazel": "50341a62efbc483e8a2a6aec30994a58749bd7b885e18dd96aa8c33031e558ef", "https://bcr.bazel.build/modules/apple_support/1.5.0/source.json": "eb98a7627c0bc486b57f598ad8da50f6625d974c8f723e9ea71bd39f709c9862", - "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.8/MODULE.bazel": "1631a1bbb119fc372f9aaa55df6c7d0a59fdb1640324b3d5c0047d976eb57aae", - "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.8/source.json": "896a2b322e70b0d1517b8758159e71fa3c2bf7bce5ecda3eb99c9e84fdd71e5e", + "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.9/MODULE.bazel": "06e54f2b345b8eb7adceed2329b273da00d0368e28a9ebd9dfc75b4a052dac85", + "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.9/source.json": "72c2d5294e6ac7d05c72d46fbf439171291a8db4912312c95e146e11828dc84b", "https://bcr.bazel.build/modules/bazel_features/1.1.0/MODULE.bazel": "cfd42ff3b815a5f39554d97182657f8c4b9719568eb7fded2b9135f084bf760b", "https://bcr.bazel.build/modules/bazel_features/1.1.1/MODULE.bazel": "27b8c79ef57efe08efccbd9dd6ef70d61b4798320b8d3c134fd571f78963dbcd", "https://bcr.bazel.build/modules/bazel_features/1.11.0/MODULE.bazel": "f9382337dd5a474c3b7d334c2f83e50b6eaedc284253334cf823044a26de03e8", @@ -19,6 +21,7 @@ "https://bcr.bazel.build/modules/bazel_skylib/1.2.0/MODULE.bazel": "44fe84260e454ed94ad326352a698422dbe372b21a1ac9f3eab76eb531223686", "https://bcr.bazel.build/modules/bazel_skylib/1.2.1/MODULE.bazel": "f35baf9da0efe45fa3da1696ae906eea3d615ad41e2e3def4aeb4e8bc0ef9a7a", "https://bcr.bazel.build/modules/bazel_skylib/1.3.0/MODULE.bazel": "20228b92868bf5cfc41bda7afc8a8ba2a543201851de39d990ec957b513579c5", + "https://bcr.bazel.build/modules/bazel_skylib/1.4.1/MODULE.bazel": "a0dcb779424be33100dcae821e9e27e4f2901d9dfd5333efe5ac6a8d7ab75e1d", "https://bcr.bazel.build/modules/bazel_skylib/1.5.0/MODULE.bazel": "32880f5e2945ce6a03d1fbd588e9198c0a959bb42297b2cfaf1685b7bc32e138", "https://bcr.bazel.build/modules/bazel_skylib/1.6.1/MODULE.bazel": "8fdee2dbaace6c252131c00e1de4b165dc65af02ea278476187765e1a617b917", "https://bcr.bazel.build/modules/bazel_skylib/1.7.1/MODULE.bazel": "3120d80c5861aa616222ec015332e5f8d3171e062e3e804a2a0253e1be26e59b", @@ -34,7 +37,8 @@ "https://bcr.bazel.build/modules/gazelle/0.38.0/MODULE.bazel": "51bb3ca009bc9320492894aece6ba5f50aae68a39fff2567844b77fc12e2d0a5", "https://bcr.bazel.build/modules/gazelle/0.38.0/source.json": "7fedf9b531bcbbe90b009e4d3aef478a2defb8b8a6e31e931445231e425fc37c", "https://bcr.bazel.build/modules/googletest/1.11.0/MODULE.bazel": "3a83f095183f66345ca86aa13c58b59f9f94a2f81999c093d4eeaa2d262d12f4", - "https://bcr.bazel.build/modules/googletest/1.11.0/source.json": "c73d9ef4268c91bd0c1cd88f1f9dfa08e814b1dbe89b5f594a9f08ba0244d206", + "https://bcr.bazel.build/modules/googletest/1.14.0/MODULE.bazel": "cfbcbf3e6eac06ef9d85900f64424708cc08687d1b527f0ef65aa7517af8118f", + "https://bcr.bazel.build/modules/googletest/1.14.0/source.json": "2478949479000fdd7de9a3d0107ba2c85bb5f961c3ecb1aa448f52549ce310b5", "https://bcr.bazel.build/modules/hermetic_cc_toolchain/3.1.0/MODULE.bazel": "ea4b3a25a9417a7db57a8a2f9ebdee91d679823c6274b482b817ed128d81c594", "https://bcr.bazel.build/modules/hermetic_cc_toolchain/3.1.0/source.json": "9d1df0459caefdf41052d360469922a73e219f67c8ce4da0628cc604469822b9", "https://bcr.bazel.build/modules/platforms/0.0.10/MODULE.bazel": "8cb8efaf200bdeb2150d93e162c40f388529a25852b332cec879373771e48ed5", @@ -46,12 +50,15 @@ "https://bcr.bazel.build/modules/platforms/0.0.8/MODULE.bazel": "9f142c03e348f6d263719f5074b21ef3adf0b139ee4c5133e2aa35664da9eb2d", "https://bcr.bazel.build/modules/platforms/0.0.9/MODULE.bazel": "4a87a60c927b56ddd67db50c89acaa62f4ce2a1d2149ccb63ffd871d5ce29ebc", "https://bcr.bazel.build/modules/protobuf/21.7/MODULE.bazel": "a5a29bb89544f9b97edce05642fac225a808b5b7be74038ea3640fae2f8e66a7", - "https://bcr.bazel.build/modules/protobuf/21.7/source.json": "bbe500720421e582ff2d18b0802464205138c06056f443184de39fbb8187b09b", + "https://bcr.bazel.build/modules/protobuf/23.1/MODULE.bazel": "88b393b3eb4101d18129e5db51847cd40a5517a53e81216144a8c32dfeeca52a", + "https://bcr.bazel.build/modules/protobuf/24.4/MODULE.bazel": "7bc7ce5f2abf36b3b7b7c8218d3acdebb9426aeb35c2257c96445756f970eb12", + "https://bcr.bazel.build/modules/protobuf/24.4/source.json": "ace4b8c65d4cfe64efe544f09fc5e5df77faf3a67fbb29c5341e0d755d9b15d6", "https://bcr.bazel.build/modules/protobuf/3.19.0/MODULE.bazel": "6b5fbb433f760a99a22b18b6850ed5784ef0e9928a72668b66e4d7ccd47db9b0", "https://bcr.bazel.build/modules/protobuf/3.19.2/MODULE.bazel": "532ffe5f2186b69fdde039efe6df13ba726ff338c6bc82275ad433013fa10573", "https://bcr.bazel.build/modules/protobuf/3.19.6/MODULE.bazel": "9233edc5e1f2ee276a60de3eaa47ac4132302ef9643238f23128fea53ea12858", "https://bcr.bazel.build/modules/rules_cc/0.0.1/MODULE.bazel": "cb2aa0747f84c6c3a78dad4e2049c154f08ab9d166b1273835a8174940365647", "https://bcr.bazel.build/modules/rules_cc/0.0.2/MODULE.bazel": "6915987c90970493ab97393024c156ea8fb9f3bea953b2f3ec05c34f19b5695c", + "https://bcr.bazel.build/modules/rules_cc/0.0.6/MODULE.bazel": "abf360251023dfe3efcef65ab9d56beefa8394d4176dd29529750e1c57eaa33f", "https://bcr.bazel.build/modules/rules_cc/0.0.8/MODULE.bazel": "964c85c82cfeb6f3855e6a07054fdb159aced38e99a5eecf7bce9d53990afa3e", "https://bcr.bazel.build/modules/rules_cc/0.0.9/MODULE.bazel": "836e76439f354b89afe6a911a7adf59a6b2518fafb174483ad78a2a2fde7b1c5", "https://bcr.bazel.build/modules/rules_cc/0.0.9/source.json": "1f1ba6fea244b616de4a554a0f4983c91a9301640c8fe0dd1d410254115c8430", @@ -63,10 +70,12 @@ "https://bcr.bazel.build/modules/rules_go/0.49.0/source.json": "ab2261ea5e29d29a41c8e5c67896f946ab7855b786d28fe25d74987b84e5e85d", "https://bcr.bazel.build/modules/rules_java/4.0.0/MODULE.bazel": "5a78a7ae82cd1a33cef56dc578c7d2a46ed0dca12643ee45edbb8417899e6f74", "https://bcr.bazel.build/modules/rules_java/5.3.5/MODULE.bazel": "a4ec4f2db570171e3e5eb753276ee4b389bae16b96207e9d3230895c99644b86", + "https://bcr.bazel.build/modules/rules_java/7.1.0/MODULE.bazel": "30d9135a2b6561c761bd67bd4990da591e6bdc128790ce3e7afd6a3558b2fb64", "https://bcr.bazel.build/modules/rules_java/7.6.1/MODULE.bazel": "2f14b7e8a1aa2f67ae92bc69d1ec0fa8d9f827c4e17ff5e5f02e91caa3b2d0fe", "https://bcr.bazel.build/modules/rules_java/7.6.1/source.json": "8f3f3076554e1558e8e468b2232991c510ecbcbed9e6f8c06ac31c93bcf38362", "https://bcr.bazel.build/modules/rules_jvm_external/4.4.2/MODULE.bazel": "a56b85e418c83eb1839819f0b515c431010160383306d13ec21959ac412d2fe7", - "https://bcr.bazel.build/modules/rules_jvm_external/4.4.2/source.json": "a075731e1b46bc8425098512d038d416e966ab19684a10a34f4741295642fc35", + "https://bcr.bazel.build/modules/rules_jvm_external/5.1/MODULE.bazel": "33f6f999e03183f7d088c9be518a63467dfd0be94a11d0055fe2d210f89aa909", + "https://bcr.bazel.build/modules/rules_jvm_external/5.1/source.json": "5abb45cc9beb27b77aec6a65a11855ef2b55d95dfdc358e9f312b78ae0ba32d5", "https://bcr.bazel.build/modules/rules_license/0.0.3/MODULE.bazel": "627e9ab0247f7d1e05736b59dbb1b6871373de5ad31c3011880b4133cafd4bd0", "https://bcr.bazel.build/modules/rules_license/0.0.4/MODULE.bazel": "6a88dd22800cf1f9f79ba32cacad0d3a423ed28efa2c2ed5582eaa78dd3ac1e5", "https://bcr.bazel.build/modules/rules_license/0.0.7/MODULE.bazel": "088fbeb0b6a419005b89cf93fe62d9517c0a2b8bb56af3244af65ecfe37e7d5d", @@ -83,14 +92,16 @@ "https://bcr.bazel.build/modules/rules_python/0.10.2/MODULE.bazel": "cc82bc96f2997baa545ab3ce73f196d040ffb8756fd2d66125a530031cd90e5f", "https://bcr.bazel.build/modules/rules_python/0.22.1/MODULE.bazel": "26114f0c0b5e93018c0c066d6673f1a2c3737c7e90af95eff30cfee38d0bbac7", "https://bcr.bazel.build/modules/rules_python/0.24.0/MODULE.bazel": "4bff7f583653d0762cda21303da0643cc4c545ddfd9593337f18dad8d1787801", - "https://bcr.bazel.build/modules/rules_python/0.32.2/MODULE.bazel": "01052470fc30b49de91fb8483d26bea6f664500cfad0b078d4605b03e3a83ed4", - "https://bcr.bazel.build/modules/rules_python/0.32.2/source.json": "d0442db378276bcdc3bed9ce6d7018ab4022e99401d89e3c50dfecac874ca74f", + "https://bcr.bazel.build/modules/rules_python/0.34.0/MODULE.bazel": "1d623d026e075b78c9fde483a889cda7996f5da4f36dffb24c246ab30f06513a", + "https://bcr.bazel.build/modules/rules_python/0.34.0/source.json": "113116e287eec64a7d005a9db44865d810499fdc4f621e352aff58214f5ea2d8", "https://bcr.bazel.build/modules/rules_python/0.4.0/MODULE.bazel": "9208ee05fd48bf09ac60ed269791cf17fb343db56c8226a720fbb1cdf467166c", "https://bcr.bazel.build/modules/stardoc/0.5.1/MODULE.bazel": "1a05d92974d0c122f5ccf09291442580317cdd859f07a8655f1db9a60374f9f8", + "https://bcr.bazel.build/modules/stardoc/0.5.3/MODULE.bazel": "c7f6948dae6999bf0db32c1858ae345f112cacf98f174c7a8bb707e41b974f1c", "https://bcr.bazel.build/modules/stardoc/0.5.4/MODULE.bazel": "6569966df04610b8520957cb8e97cf2e9faac2c0309657c537ab51c16c18a2a4", "https://bcr.bazel.build/modules/stardoc/0.5.4/source.json": "a961f58a71e735aa9dcb2d79b288e06b0a2d860ba730302c8f11be411b76631e", "https://bcr.bazel.build/modules/upb/0.0.0-20220923-a547704/MODULE.bazel": "7298990c00040a0e2f121f6c32544bab27d4452f80d9ce51349b1a28f3005c43", - "https://bcr.bazel.build/modules/upb/0.0.0-20220923-a547704/source.json": "f1ef7d3f9e0e26d4b23d1c39b5f5de71f584dd7d1b4ef83d9bbba6ec7a6a6459", + "https://bcr.bazel.build/modules/upb/0.0.0-20230516-61a97ef/MODULE.bazel": "c0df5e35ad55e264160417fd0875932ee3c9dda63d9fccace35ac62f45e1b6f9", + "https://bcr.bazel.build/modules/upb/0.0.0-20230516-61a97ef/source.json": "b2150404947339e8b947c6b16baa39fa75657f4ddec5e37272c7b11c7ab533bc", "https://bcr.bazel.build/modules/zlib/1.2.11/MODULE.bazel": "07b389abc85fdbca459b69e2ec656ae5622873af3f845e1c9d80fe179f3effa0", "https://bcr.bazel.build/modules/zlib/1.2.12/MODULE.bazel": "3b1a8834ada2a883674be8cbd36ede1b6ec481477ada359cd2d3ddc562340b27", "https://bcr.bazel.build/modules/zlib/1.3/MODULE.bazel": "6a9c02f19a24dcedb05572b2381446e27c272cd383aed11d41d99da9e3167a72", @@ -128,8 +139,8 @@ }, "@@aspect_bazel_lib~//lib:extensions.bzl%toolchains": { "general": { - "bzlTransitiveDigest": "SK+5VjMKVX5gfuC//JqN+b1rWW3PNLeAEsqwiD3CAOA=", - "usagesDigest": "eNtXd1h5FcxLG/P9Z/5OyYQ9VN3CC1T5NJk/eKHf1oU=", + "bzlTransitiveDigest": "jl6upvbQ+op05W1a3gE6bja6dc7fvsNfslO0m46Ma3s=", + "usagesDigest": "VOOY7/r/L6rv7ZTKtrrIJm6T19J5407E/KRXas8hl+w=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, @@ -809,12 +820,41 @@ "recordedRepoMappingEntries": [] } }, + "@@protobuf~//:non_module_deps.bzl%non_module_deps": { + "general": { + "bzlTransitiveDigest": "jsbfONl9OksDWiAs7KDFK5chH/tYI3DngdM30NKdk5Y=", + "usagesDigest": "eVrT3hFCIZNRuTKpfWDzSIwTi2p6U6PWbt+tNWl/Tqk=", + "recordedFileInputs": {}, + "recordedDirentsInputs": {}, + "envVariables": {}, + "generatedRepoSpecs": { + "utf8_range": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "urls": [ + "https://github.com/protocolbuffers/utf8_range/archive/de0b4a8ff9b5d4c98108bdfe723291a33c52c54f.zip" + ], + "strip_prefix": "utf8_range-de0b4a8ff9b5d4c98108bdfe723291a33c52c54f", + "sha256": "5da960e5e5d92394c809629a03af3c7709d2d3d0ca731dacb3a9fb4bf28f7702" + } + } + }, + "recordedRepoMappingEntries": [ + [ + "protobuf~", + "bazel_tools", + "bazel_tools" + ] + ] + } + }, "@@rules_jvm_external~//:extensions.bzl%maven": { "general": { - "bzlTransitiveDigest": "06WDcwoMOciaDDX09JBCxhi9KiKFGUIcXpQjCSle5AE=", - "usagesDigest": "UPebZtX4g40+QepdK3oMHged0o0tq6ojKbW84wE6XRA=", + "bzlTransitiveDigest": "4ijz6uc3T4E+d+U8LQv4EAt+8OqZNVY/lzvhLx3y1yg=", + "usagesDigest": "WfVTcbopbu3jyxPgDWx1iqIv1QV6L/T7utvDxAj5k84=", "recordedFileInputs": { - "@@rules_jvm_external~//rules_jvm_external_deps_install.json": "10442a5ae27d9ff4c2003e5ab71643bf0d8b48dcf968b4173fa274c3232a8c06" + "@@rules_jvm_external~//rules_jvm_external_deps_install.json": "3ab1f67b0de4815df110bc72ccd6c77882b3b21d3d1e0a84445847b6ce3235a3" }, "recordedDirentsInputs": {}, "envVariables": {}, @@ -828,7 +868,7 @@ "https://repo1.maven.org/maven2/org/slf4j/slf4j-api/1.7.30/slf4j-api-1.7.30.jar", "https://maven.google.com/org/slf4j/slf4j-api/1.7.30/slf4j-api-1.7.30.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/org/slf4j/slf4j-api/1.7.30/slf4j-api-1.7.30.jar" + "downloaded_file_path": "org/slf4j/slf4j-api/1.7.30/slf4j-api-1.7.30.jar" } }, "com_google_api_grpc_proto_google_common_protos_2_0_1": { @@ -840,7 +880,7 @@ "https://repo1.maven.org/maven2/com/google/api/grpc/proto-google-common-protos/2.0.1/proto-google-common-protos-2.0.1.jar", "https://maven.google.com/com/google/api/grpc/proto-google-common-protos/2.0.1/proto-google-common-protos-2.0.1.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/api/grpc/proto-google-common-protos/2.0.1/proto-google-common-protos-2.0.1.jar" + "downloaded_file_path": "com/google/api/grpc/proto-google-common-protos/2.0.1/proto-google-common-protos-2.0.1.jar" } }, "com_google_api_gax_1_60_0": { @@ -852,7 +892,7 @@ "https://repo1.maven.org/maven2/com/google/api/gax/1.60.0/gax-1.60.0.jar", "https://maven.google.com/com/google/api/gax/1.60.0/gax-1.60.0.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/api/gax/1.60.0/gax-1.60.0.jar" + "downloaded_file_path": "com/google/api/gax/1.60.0/gax-1.60.0.jar" } }, "com_google_guava_failureaccess_1_0_1": { @@ -864,7 +904,7 @@ "https://repo1.maven.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar", "https://maven.google.com/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar" + "downloaded_file_path": "com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar" } }, "commons_logging_commons_logging_1_2": { @@ -876,7 +916,7 @@ "https://repo1.maven.org/maven2/commons-logging/commons-logging/1.2/commons-logging-1.2.jar", "https://maven.google.com/commons-logging/commons-logging/1.2/commons-logging-1.2.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/commons-logging/commons-logging/1.2/commons-logging-1.2.jar" + "downloaded_file_path": "commons-logging/commons-logging/1.2/commons-logging-1.2.jar" } }, "com_google_http_client_google_http_client_appengine_1_38_0": { @@ -888,7 +928,7 @@ "https://repo1.maven.org/maven2/com/google/http-client/google-http-client-appengine/1.38.0/google-http-client-appengine-1.38.0.jar", "https://maven.google.com/com/google/http-client/google-http-client-appengine/1.38.0/google-http-client-appengine-1.38.0.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/http-client/google-http-client-appengine/1.38.0/google-http-client-appengine-1.38.0.jar" + "downloaded_file_path": "com/google/http-client/google-http-client-appengine/1.38.0/google-http-client-appengine-1.38.0.jar" } }, "com_google_cloud_google_cloud_storage_1_113_4": { @@ -900,7 +940,7 @@ "https://repo1.maven.org/maven2/com/google/cloud/google-cloud-storage/1.113.4/google-cloud-storage-1.113.4.jar", "https://maven.google.com/com/google/cloud/google-cloud-storage/1.113.4/google-cloud-storage-1.113.4.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/cloud/google-cloud-storage/1.113.4/google-cloud-storage-1.113.4.jar" + "downloaded_file_path": "com/google/cloud/google-cloud-storage/1.113.4/google-cloud-storage-1.113.4.jar" } }, "io_grpc_grpc_context_1_33_1": { @@ -912,7 +952,7 @@ "https://repo1.maven.org/maven2/io/grpc/grpc-context/1.33.1/grpc-context-1.33.1.jar", "https://maven.google.com/io/grpc/grpc-context/1.33.1/grpc-context-1.33.1.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/io/grpc/grpc-context/1.33.1/grpc-context-1.33.1.jar" + "downloaded_file_path": "io/grpc/grpc-context/1.33.1/grpc-context-1.33.1.jar" } }, "com_google_api_grpc_proto_google_iam_v1_1_0_3": { @@ -924,7 +964,7 @@ "https://repo1.maven.org/maven2/com/google/api/grpc/proto-google-iam-v1/1.0.3/proto-google-iam-v1-1.0.3.jar", "https://maven.google.com/com/google/api/grpc/proto-google-iam-v1/1.0.3/proto-google-iam-v1-1.0.3.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/api/grpc/proto-google-iam-v1/1.0.3/proto-google-iam-v1-1.0.3.jar" + "downloaded_file_path": "com/google/api/grpc/proto-google-iam-v1/1.0.3/proto-google-iam-v1-1.0.3.jar" } }, "com_google_api_api_common_1_10_1": { @@ -936,7 +976,7 @@ "https://repo1.maven.org/maven2/com/google/api/api-common/1.10.1/api-common-1.10.1.jar", "https://maven.google.com/com/google/api/api-common/1.10.1/api-common-1.10.1.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/api/api-common/1.10.1/api-common-1.10.1.jar" + "downloaded_file_path": "com/google/api/api-common/1.10.1/api-common-1.10.1.jar" } }, "com_google_auth_google_auth_library_oauth2_http_0_22_0": { @@ -948,7 +988,7 @@ "https://repo1.maven.org/maven2/com/google/auth/google-auth-library-oauth2-http/0.22.0/google-auth-library-oauth2-http-0.22.0.jar", "https://maven.google.com/com/google/auth/google-auth-library-oauth2-http/0.22.0/google-auth-library-oauth2-http-0.22.0.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/auth/google-auth-library-oauth2-http/0.22.0/google-auth-library-oauth2-http-0.22.0.jar" + "downloaded_file_path": "com/google/auth/google-auth-library-oauth2-http/0.22.0/google-auth-library-oauth2-http-0.22.0.jar" } }, "com_typesafe_netty_netty_reactive_streams_2_0_5": { @@ -960,7 +1000,7 @@ "https://repo1.maven.org/maven2/com/typesafe/netty/netty-reactive-streams/2.0.5/netty-reactive-streams-2.0.5.jar", "https://maven.google.com/com/typesafe/netty/netty-reactive-streams/2.0.5/netty-reactive-streams-2.0.5.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/typesafe/netty/netty-reactive-streams/2.0.5/netty-reactive-streams-2.0.5.jar" + "downloaded_file_path": "com/typesafe/netty/netty-reactive-streams/2.0.5/netty-reactive-streams-2.0.5.jar" } }, "com_typesafe_netty_netty_reactive_streams_http_2_0_5": { @@ -972,7 +1012,7 @@ "https://repo1.maven.org/maven2/com/typesafe/netty/netty-reactive-streams-http/2.0.5/netty-reactive-streams-http-2.0.5.jar", "https://maven.google.com/com/typesafe/netty/netty-reactive-streams-http/2.0.5/netty-reactive-streams-http-2.0.5.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/typesafe/netty/netty-reactive-streams-http/2.0.5/netty-reactive-streams-http-2.0.5.jar" + "downloaded_file_path": "com/typesafe/netty/netty-reactive-streams-http/2.0.5/netty-reactive-streams-http-2.0.5.jar" } }, "javax_annotation_javax_annotation_api_1_3_2": { @@ -984,7 +1024,7 @@ "https://repo1.maven.org/maven2/javax/annotation/javax.annotation-api/1.3.2/javax.annotation-api-1.3.2.jar", "https://maven.google.com/javax/annotation/javax.annotation-api/1.3.2/javax.annotation-api-1.3.2.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/javax/annotation/javax.annotation-api/1.3.2/javax.annotation-api-1.3.2.jar" + "downloaded_file_path": "javax/annotation/javax.annotation-api/1.3.2/javax.annotation-api-1.3.2.jar" } }, "com_google_j2objc_j2objc_annotations_1_3": { @@ -996,7 +1036,7 @@ "https://repo1.maven.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar", "https://maven.google.com/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar" + "downloaded_file_path": "com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar" } }, "software_amazon_awssdk_metrics_spi_2_17_183": { @@ -1008,7 +1048,7 @@ "https://repo1.maven.org/maven2/software/amazon/awssdk/metrics-spi/2.17.183/metrics-spi-2.17.183.jar", "https://maven.google.com/software/amazon/awssdk/metrics-spi/2.17.183/metrics-spi-2.17.183.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/metrics-spi/2.17.183/metrics-spi-2.17.183.jar" + "downloaded_file_path": "software/amazon/awssdk/metrics-spi/2.17.183/metrics-spi-2.17.183.jar" } }, "org_reactivestreams_reactive_streams_1_0_3": { @@ -1020,7 +1060,7 @@ "https://repo1.maven.org/maven2/org/reactivestreams/reactive-streams/1.0.3/reactive-streams-1.0.3.jar", "https://maven.google.com/org/reactivestreams/reactive-streams/1.0.3/reactive-streams-1.0.3.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/org/reactivestreams/reactive-streams/1.0.3/reactive-streams-1.0.3.jar" + "downloaded_file_path": "org/reactivestreams/reactive-streams/1.0.3/reactive-streams-1.0.3.jar" } }, "com_google_http_client_google_http_client_jackson2_1_38_0": { @@ -1032,7 +1072,7 @@ "https://repo1.maven.org/maven2/com/google/http-client/google-http-client-jackson2/1.38.0/google-http-client-jackson2-1.38.0.jar", "https://maven.google.com/com/google/http-client/google-http-client-jackson2/1.38.0/google-http-client-jackson2-1.38.0.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/http-client/google-http-client-jackson2/1.38.0/google-http-client-jackson2-1.38.0.jar" + "downloaded_file_path": "com/google/http-client/google-http-client-jackson2/1.38.0/google-http-client-jackson2-1.38.0.jar" } }, "io_netty_netty_transport_4_1_72_Final": { @@ -1044,7 +1084,7 @@ "https://repo1.maven.org/maven2/io/netty/netty-transport/4.1.72.Final/netty-transport-4.1.72.Final.jar", "https://maven.google.com/io/netty/netty-transport/4.1.72.Final/netty-transport-4.1.72.Final.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/io/netty/netty-transport/4.1.72.Final/netty-transport-4.1.72.Final.jar" + "downloaded_file_path": "io/netty/netty-transport/4.1.72.Final/netty-transport-4.1.72.Final.jar" } }, "io_netty_netty_codec_http2_4_1_72_Final": { @@ -1056,7 +1096,7 @@ "https://repo1.maven.org/maven2/io/netty/netty-codec-http2/4.1.72.Final/netty-codec-http2-4.1.72.Final.jar", "https://maven.google.com/io/netty/netty-codec-http2/4.1.72.Final/netty-codec-http2-4.1.72.Final.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/io/netty/netty-codec-http2/4.1.72.Final/netty-codec-http2-4.1.72.Final.jar" + "downloaded_file_path": "io/netty/netty-codec-http2/4.1.72.Final/netty-codec-http2-4.1.72.Final.jar" } }, "io_opencensus_opencensus_api_0_24_0": { @@ -1068,7 +1108,7 @@ "https://repo1.maven.org/maven2/io/opencensus/opencensus-api/0.24.0/opencensus-api-0.24.0.jar", "https://maven.google.com/io/opencensus/opencensus-api/0.24.0/opencensus-api-0.24.0.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/io/opencensus/opencensus-api/0.24.0/opencensus-api-0.24.0.jar" + "downloaded_file_path": "io/opencensus/opencensus-api/0.24.0/opencensus-api-0.24.0.jar" } }, "rules_jvm_external_deps": { @@ -1079,11 +1119,15 @@ "{ \"repo_url\": \"https://repo1.maven.org/maven2\" }" ], "artifacts": [ - "{\"artifact\":\"google-cloud-core\",\"group\":\"com.google.cloud\",\"version\":\"1.93.10\"}", - "{\"artifact\":\"google-cloud-storage\",\"group\":\"com.google.cloud\",\"version\":\"1.113.4\"}", - "{\"artifact\":\"gson\",\"group\":\"com.google.code.gson\",\"version\":\"2.9.0\"}", - "{\"artifact\":\"maven-artifact\",\"group\":\"org.apache.maven\",\"version\":\"3.8.6\"}", - "{\"artifact\":\"s3\",\"group\":\"software.amazon.awssdk\",\"version\":\"2.17.183\"}" + "{ \"group\": \"com.google.auth\", \"artifact\": \"google-auth-library-credentials\", \"version\": \"0.22.0\" }", + "{ \"group\": \"com.google.auth\", \"artifact\": \"google-auth-library-oauth2-http\", \"version\": \"0.22.0\" }", + "{ \"group\": \"com.google.cloud\", \"artifact\": \"google-cloud-core\", \"version\": \"1.93.10\" }", + "{ \"group\": \"com.google.cloud\", \"artifact\": \"google-cloud-storage\", \"version\": \"1.113.4\" }", + "{ \"group\": \"com.google.code.gson\", \"artifact\": \"gson\", \"version\": \"2.9.0\" }", + "{ \"group\": \"com.google.googlejavaformat\", \"artifact\": \"google-java-format\", \"version\": \"1.15.0\" }", + "{ \"group\": \"com.google.guava\", \"artifact\": \"guava\", \"version\": \"31.1-jre\" }", + "{ \"group\": \"org.apache.maven\", \"artifact\": \"maven-artifact\", \"version\": \"3.8.6\" }", + "{ \"group\": \"software.amazon.awssdk\", \"artifact\": \"s3\", \"version\": \"2.17.183\" }" ], "fetch_sources": true, "fetch_javadoc": false, @@ -1114,7 +1158,7 @@ "https://repo1.maven.org/maven2/org/threeten/threetenbp/1.5.0/threetenbp-1.5.0.jar", "https://maven.google.com/org/threeten/threetenbp/1.5.0/threetenbp-1.5.0.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/org/threeten/threetenbp/1.5.0/threetenbp-1.5.0.jar" + "downloaded_file_path": "org/threeten/threetenbp/1.5.0/threetenbp-1.5.0.jar" } }, "software_amazon_awssdk_http_client_spi_2_17_183": { @@ -1126,7 +1170,7 @@ "https://repo1.maven.org/maven2/software/amazon/awssdk/http-client-spi/2.17.183/http-client-spi-2.17.183.jar", "https://maven.google.com/software/amazon/awssdk/http-client-spi/2.17.183/http-client-spi-2.17.183.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/http-client-spi/2.17.183/http-client-spi-2.17.183.jar" + "downloaded_file_path": "software/amazon/awssdk/http-client-spi/2.17.183/http-client-spi-2.17.183.jar" } }, "software_amazon_awssdk_third_party_jackson_core_2_17_183": { @@ -1138,7 +1182,7 @@ "https://repo1.maven.org/maven2/software/amazon/awssdk/third-party-jackson-core/2.17.183/third-party-jackson-core-2.17.183.jar", "https://maven.google.com/software/amazon/awssdk/third-party-jackson-core/2.17.183/third-party-jackson-core-2.17.183.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/third-party-jackson-core/2.17.183/third-party-jackson-core-2.17.183.jar" + "downloaded_file_path": "software/amazon/awssdk/third-party-jackson-core/2.17.183/third-party-jackson-core-2.17.183.jar" } }, "software_amazon_eventstream_eventstream_1_0_1": { @@ -1150,7 +1194,7 @@ "https://repo1.maven.org/maven2/software/amazon/eventstream/eventstream/1.0.1/eventstream-1.0.1.jar", "https://maven.google.com/software/amazon/eventstream/eventstream/1.0.1/eventstream-1.0.1.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/eventstream/eventstream/1.0.1/eventstream-1.0.1.jar" + "downloaded_file_path": "software/amazon/eventstream/eventstream/1.0.1/eventstream-1.0.1.jar" } }, "com_google_oauth_client_google_oauth_client_1_31_1": { @@ -1162,7 +1206,7 @@ "https://repo1.maven.org/maven2/com/google/oauth-client/google-oauth-client/1.31.1/google-oauth-client-1.31.1.jar", "https://maven.google.com/com/google/oauth-client/google-oauth-client/1.31.1/google-oauth-client-1.31.1.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/oauth-client/google-oauth-client/1.31.1/google-oauth-client-1.31.1.jar" + "downloaded_file_path": "com/google/oauth-client/google-oauth-client/1.31.1/google-oauth-client-1.31.1.jar" } }, "maven": { @@ -1173,20 +1217,19 @@ "{ \"repo_url\": \"https://repo1.maven.org/maven2\" }" ], "artifacts": [ - "{\"artifact\":\"jsr305\",\"group\":\"com.google.code.findbugs\",\"version\":\"3.0.2\"}", - "{\"artifact\":\"gson\",\"group\":\"com.google.code.gson\",\"version\":\"2.8.9\"}", - "{\"artifact\":\"error_prone_annotations\",\"group\":\"com.google.errorprone\",\"version\":\"2.3.2\"}", - "{\"artifact\":\"j2objc-annotations\",\"group\":\"com.google.j2objc\",\"version\":\"1.3\"}", - "{\"artifact\":\"guava\",\"group\":\"com.google.guava\",\"version\":\"31.1-jre\"}", - "{\"artifact\":\"guava-testlib\",\"group\":\"com.google.guava\",\"version\":\"31.1-jre\"}", - "{\"artifact\":\"truth\",\"group\":\"com.google.truth\",\"version\":\"1.1.2\"}", - "{\"artifact\":\"junit\",\"group\":\"junit\",\"version\":\"4.13.2\"}", - "{\"artifact\":\"mockito-core\",\"group\":\"org.mockito\",\"version\":\"4.3.1\"}" + "{ \"group\": \"com.google.code.findbugs\", \"artifact\": \"jsr305\", \"version\": \"3.0.2\" }", + "{ \"group\": \"com.google.code.gson\", \"artifact\": \"gson\", \"version\": \"2.8.9\" }", + "{ \"group\": \"com.google.errorprone\", \"artifact\": \"error_prone_annotations\", \"version\": \"2.3.2\" }", + "{ \"group\": \"com.google.j2objc\", \"artifact\": \"j2objc-annotations\", \"version\": \"1.3\" }", + "{ \"group\": \"com.google.guava\", \"artifact\": \"guava\", \"version\": \"31.1-jre\" }", + "{ \"group\": \"com.google.guava\", \"artifact\": \"guava-testlib\", \"version\": \"31.1-jre\" }", + "{ \"group\": \"com.google.truth\", \"artifact\": \"truth\", \"version\": \"1.1.2\" }", + "{ \"group\": \"junit\", \"artifact\": \"junit\", \"version\": \"4.13.2\" }", + "{ \"group\": \"org.mockito\", \"artifact\": \"mockito-core\", \"version\": \"4.3.1\" }" ], "fail_on_missing_checksum": true, "fetch_sources": true, "fetch_javadoc": false, - "use_unsafe_shared_cache": false, "excluded_artifacts": [], "generate_compat_repositories": false, "version_conflict_policy": "default", @@ -1214,7 +1257,7 @@ "https://repo1.maven.org/maven2/software/amazon/awssdk/aws-xml-protocol/2.17.183/aws-xml-protocol-2.17.183.jar", "https://maven.google.com/software/amazon/awssdk/aws-xml-protocol/2.17.183/aws-xml-protocol-2.17.183.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/aws-xml-protocol/2.17.183/aws-xml-protocol-2.17.183.jar" + "downloaded_file_path": "software/amazon/awssdk/aws-xml-protocol/2.17.183/aws-xml-protocol-2.17.183.jar" } }, "software_amazon_awssdk_annotations_2_17_183": { @@ -1226,7 +1269,7 @@ "https://repo1.maven.org/maven2/software/amazon/awssdk/annotations/2.17.183/annotations-2.17.183.jar", "https://maven.google.com/software/amazon/awssdk/annotations/2.17.183/annotations-2.17.183.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/annotations/2.17.183/annotations-2.17.183.jar" + "downloaded_file_path": "software/amazon/awssdk/annotations/2.17.183/annotations-2.17.183.jar" } }, "software_amazon_awssdk_netty_nio_client_2_17_183": { @@ -1238,7 +1281,19 @@ "https://repo1.maven.org/maven2/software/amazon/awssdk/netty-nio-client/2.17.183/netty-nio-client-2.17.183.jar", "https://maven.google.com/software/amazon/awssdk/netty-nio-client/2.17.183/netty-nio-client-2.17.183.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/netty-nio-client/2.17.183/netty-nio-client-2.17.183.jar" + "downloaded_file_path": "software/amazon/awssdk/netty-nio-client/2.17.183/netty-nio-client-2.17.183.jar" + } + }, + "com_google_guava_guava_31_1_jre": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "a42edc9cab792e39fe39bb94f3fca655ed157ff87a8af78e1d6ba5b07c4a00ab", + "urls": [ + "https://repo1.maven.org/maven2/com/google/guava/guava/31.1-jre/guava-31.1-jre.jar", + "https://maven.google.com/com/google/guava/guava/31.1-jre/guava-31.1-jre.jar" + ], + "downloaded_file_path": "com/google/guava/guava/31.1-jre/guava-31.1-jre.jar" } }, "com_google_auto_value_auto_value_annotations_1_7_4": { @@ -1250,7 +1305,7 @@ "https://repo1.maven.org/maven2/com/google/auto/value/auto-value-annotations/1.7.4/auto-value-annotations-1.7.4.jar", "https://maven.google.com/com/google/auto/value/auto-value-annotations/1.7.4/auto-value-annotations-1.7.4.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/auto/value/auto-value-annotations/1.7.4/auto-value-annotations-1.7.4.jar" + "downloaded_file_path": "com/google/auto/value/auto-value-annotations/1.7.4/auto-value-annotations-1.7.4.jar" } }, "io_netty_netty_transport_native_unix_common_4_1_72_Final": { @@ -1262,7 +1317,7 @@ "https://repo1.maven.org/maven2/io/netty/netty-transport-native-unix-common/4.1.72.Final/netty-transport-native-unix-common-4.1.72.Final.jar", "https://maven.google.com/io/netty/netty-transport-native-unix-common/4.1.72.Final/netty-transport-native-unix-common-4.1.72.Final.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/io/netty/netty-transport-native-unix-common/4.1.72.Final/netty-transport-native-unix-common-4.1.72.Final.jar" + "downloaded_file_path": "io/netty/netty-transport-native-unix-common/4.1.72.Final/netty-transport-native-unix-common-4.1.72.Final.jar" } }, "io_opencensus_opencensus_contrib_http_util_0_24_0": { @@ -1274,7 +1329,7 @@ "https://repo1.maven.org/maven2/io/opencensus/opencensus-contrib-http-util/0.24.0/opencensus-contrib-http-util-0.24.0.jar", "https://maven.google.com/io/opencensus/opencensus-contrib-http-util/0.24.0/opencensus-contrib-http-util-0.24.0.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/io/opencensus/opencensus-contrib-http-util/0.24.0/opencensus-contrib-http-util-0.24.0.jar" + "downloaded_file_path": "io/opencensus/opencensus-contrib-http-util/0.24.0/opencensus-contrib-http-util-0.24.0.jar" } }, "com_fasterxml_jackson_core_jackson_core_2_11_3": { @@ -1286,7 +1341,7 @@ "https://repo1.maven.org/maven2/com/fasterxml/jackson/core/jackson-core/2.11.3/jackson-core-2.11.3.jar", "https://maven.google.com/com/fasterxml/jackson/core/jackson-core/2.11.3/jackson-core-2.11.3.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/fasterxml/jackson/core/jackson-core/2.11.3/jackson-core-2.11.3.jar" + "downloaded_file_path": "com/fasterxml/jackson/core/jackson-core/2.11.3/jackson-core-2.11.3.jar" } }, "com_google_cloud_google_cloud_core_1_93_10": { @@ -1298,7 +1353,7 @@ "https://repo1.maven.org/maven2/com/google/cloud/google-cloud-core/1.93.10/google-cloud-core-1.93.10.jar", "https://maven.google.com/com/google/cloud/google-cloud-core/1.93.10/google-cloud-core-1.93.10.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/cloud/google-cloud-core/1.93.10/google-cloud-core-1.93.10.jar" + "downloaded_file_path": "com/google/cloud/google-cloud-core/1.93.10/google-cloud-core-1.93.10.jar" } }, "com_google_auth_google_auth_library_credentials_0_22_0": { @@ -1310,19 +1365,7 @@ "https://repo1.maven.org/maven2/com/google/auth/google-auth-library-credentials/0.22.0/google-auth-library-credentials-0.22.0.jar", "https://maven.google.com/com/google/auth/google-auth-library-credentials/0.22.0/google-auth-library-credentials-0.22.0.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/auth/google-auth-library-credentials/0.22.0/google-auth-library-credentials-0.22.0.jar" - } - }, - "com_google_guava_guava_30_0_android": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "3345c82c2cc70a0053e8db9031edc6d71625ef0dea6a2c8f5ebd6cb76d2bf843", - "urls": [ - "https://repo1.maven.org/maven2/com/google/guava/guava/30.0-android/guava-30.0-android.jar", - "https://maven.google.com/com/google/guava/guava/30.0-android/guava-30.0-android.jar" - ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/guava/guava/30.0-android/guava-30.0-android.jar" + "downloaded_file_path": "com/google/auth/google-auth-library-credentials/0.22.0/google-auth-library-credentials-0.22.0.jar" } }, "software_amazon_awssdk_profiles_2_17_183": { @@ -1334,7 +1377,7 @@ "https://repo1.maven.org/maven2/software/amazon/awssdk/profiles/2.17.183/profiles-2.17.183.jar", "https://maven.google.com/software/amazon/awssdk/profiles/2.17.183/profiles-2.17.183.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/profiles/2.17.183/profiles-2.17.183.jar" + "downloaded_file_path": "software/amazon/awssdk/profiles/2.17.183/profiles-2.17.183.jar" } }, "org_apache_httpcomponents_httpcore_4_4_13": { @@ -1346,7 +1389,7 @@ "https://repo1.maven.org/maven2/org/apache/httpcomponents/httpcore/4.4.13/httpcore-4.4.13.jar", "https://maven.google.com/org/apache/httpcomponents/httpcore/4.4.13/httpcore-4.4.13.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/org/apache/httpcomponents/httpcore/4.4.13/httpcore-4.4.13.jar" + "downloaded_file_path": "org/apache/httpcomponents/httpcore/4.4.13/httpcore-4.4.13.jar" } }, "io_netty_netty_common_4_1_72_Final": { @@ -1358,7 +1401,7 @@ "https://repo1.maven.org/maven2/io/netty/netty-common/4.1.72.Final/netty-common-4.1.72.Final.jar", "https://maven.google.com/io/netty/netty-common/4.1.72.Final/netty-common-4.1.72.Final.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/io/netty/netty-common/4.1.72.Final/netty-common-4.1.72.Final.jar" + "downloaded_file_path": "io/netty/netty-common/4.1.72.Final/netty-common-4.1.72.Final.jar" } }, "io_netty_netty_transport_classes_epoll_4_1_72_Final": { @@ -1370,7 +1413,19 @@ "https://repo1.maven.org/maven2/io/netty/netty-transport-classes-epoll/4.1.72.Final/netty-transport-classes-epoll-4.1.72.Final.jar", "https://maven.google.com/io/netty/netty-transport-classes-epoll/4.1.72.Final/netty-transport-classes-epoll-4.1.72.Final.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/io/netty/netty-transport-classes-epoll/4.1.72.Final/netty-transport-classes-epoll-4.1.72.Final.jar" + "downloaded_file_path": "io/netty/netty-transport-classes-epoll/4.1.72.Final/netty-transport-classes-epoll-4.1.72.Final.jar" + } + }, + "org_checkerframework_checker_qual_3_12_0": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "ff10785ac2a357ec5de9c293cb982a2cbb605c0309ea4cc1cb9b9bc6dbe7f3cb", + "urls": [ + "https://repo1.maven.org/maven2/org/checkerframework/checker-qual/3.12.0/checker-qual-3.12.0.jar", + "https://maven.google.com/org/checkerframework/checker-qual/3.12.0/checker-qual-3.12.0.jar" + ], + "downloaded_file_path": "org/checkerframework/checker-qual/3.12.0/checker-qual-3.12.0.jar" } }, "com_google_cloud_google_cloud_core_http_1_93_10": { @@ -1382,7 +1437,7 @@ "https://repo1.maven.org/maven2/com/google/cloud/google-cloud-core-http/1.93.10/google-cloud-core-http-1.93.10.jar", "https://maven.google.com/com/google/cloud/google-cloud-core-http/1.93.10/google-cloud-core-http-1.93.10.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/cloud/google-cloud-core-http/1.93.10/google-cloud-core-http-1.93.10.jar" + "downloaded_file_path": "com/google/cloud/google-cloud-core-http/1.93.10/google-cloud-core-http-1.93.10.jar" } }, "software_amazon_awssdk_utils_2_17_183": { @@ -1394,7 +1449,7 @@ "https://repo1.maven.org/maven2/software/amazon/awssdk/utils/2.17.183/utils-2.17.183.jar", "https://maven.google.com/software/amazon/awssdk/utils/2.17.183/utils-2.17.183.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/utils/2.17.183/utils-2.17.183.jar" + "downloaded_file_path": "software/amazon/awssdk/utils/2.17.183/utils-2.17.183.jar" } }, "org_apache_commons_commons_lang3_3_8_1": { @@ -1406,7 +1461,7 @@ "https://repo1.maven.org/maven2/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.jar", "https://maven.google.com/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.jar" + "downloaded_file_path": "org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.jar" } }, "software_amazon_awssdk_aws_core_2_17_183": { @@ -1418,7 +1473,7 @@ "https://repo1.maven.org/maven2/software/amazon/awssdk/aws-core/2.17.183/aws-core-2.17.183.jar", "https://maven.google.com/software/amazon/awssdk/aws-core/2.17.183/aws-core-2.17.183.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/aws-core/2.17.183/aws-core-2.17.183.jar" + "downloaded_file_path": "software/amazon/awssdk/aws-core/2.17.183/aws-core-2.17.183.jar" } }, "com_google_api_gax_httpjson_0_77_0": { @@ -1430,7 +1485,7 @@ "https://repo1.maven.org/maven2/com/google/api/gax-httpjson/0.77.0/gax-httpjson-0.77.0.jar", "https://maven.google.com/com/google/api/gax-httpjson/0.77.0/gax-httpjson-0.77.0.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/api/gax-httpjson/0.77.0/gax-httpjson-0.77.0.jar" + "downloaded_file_path": "com/google/api/gax-httpjson/0.77.0/gax-httpjson-0.77.0.jar" } }, "unpinned_rules_jvm_external_deps": { @@ -1441,16 +1496,19 @@ "{ \"repo_url\": \"https://repo1.maven.org/maven2\" }" ], "artifacts": [ - "{\"artifact\":\"google-cloud-core\",\"group\":\"com.google.cloud\",\"version\":\"1.93.10\"}", - "{\"artifact\":\"google-cloud-storage\",\"group\":\"com.google.cloud\",\"version\":\"1.113.4\"}", - "{\"artifact\":\"gson\",\"group\":\"com.google.code.gson\",\"version\":\"2.9.0\"}", - "{\"artifact\":\"maven-artifact\",\"group\":\"org.apache.maven\",\"version\":\"3.8.6\"}", - "{\"artifact\":\"s3\",\"group\":\"software.amazon.awssdk\",\"version\":\"2.17.183\"}" + "{ \"group\": \"com.google.auth\", \"artifact\": \"google-auth-library-credentials\", \"version\": \"0.22.0\" }", + "{ \"group\": \"com.google.auth\", \"artifact\": \"google-auth-library-oauth2-http\", \"version\": \"0.22.0\" }", + "{ \"group\": \"com.google.cloud\", \"artifact\": \"google-cloud-core\", \"version\": \"1.93.10\" }", + "{ \"group\": \"com.google.cloud\", \"artifact\": \"google-cloud-storage\", \"version\": \"1.113.4\" }", + "{ \"group\": \"com.google.code.gson\", \"artifact\": \"gson\", \"version\": \"2.9.0\" }", + "{ \"group\": \"com.google.googlejavaformat\", \"artifact\": \"google-java-format\", \"version\": \"1.15.0\" }", + "{ \"group\": \"com.google.guava\", \"artifact\": \"guava\", \"version\": \"31.1-jre\" }", + "{ \"group\": \"org.apache.maven\", \"artifact\": \"maven-artifact\", \"version\": \"3.8.6\" }", + "{ \"group\": \"software.amazon.awssdk\", \"artifact\": \"s3\", \"version\": \"2.17.183\" }" ], "fail_on_missing_checksum": true, "fetch_sources": true, "fetch_javadoc": false, - "use_unsafe_shared_cache": false, "excluded_artifacts": [], "generate_compat_repositories": false, "version_conflict_policy": "default", @@ -1470,6 +1528,18 @@ "duplicate_version_warning": "warn" } }, + "com_google_errorprone_error_prone_annotations_2_11_0": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "721cb91842b46fa056847d104d5225c8b8e1e8b62263b993051e1e5a0137b7ec", + "urls": [ + "https://repo1.maven.org/maven2/com/google/errorprone/error_prone_annotations/2.11.0/error_prone_annotations-2.11.0.jar", + "https://maven.google.com/com/google/errorprone/error_prone_annotations/2.11.0/error_prone_annotations-2.11.0.jar" + ], + "downloaded_file_path": "com/google/errorprone/error_prone_annotations/2.11.0/error_prone_annotations-2.11.0.jar" + } + }, "software_amazon_awssdk_regions_2_17_183": { "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", "ruleClassName": "http_file", @@ -1479,19 +1549,7 @@ "https://repo1.maven.org/maven2/software/amazon/awssdk/regions/2.17.183/regions-2.17.183.jar", "https://maven.google.com/software/amazon/awssdk/regions/2.17.183/regions-2.17.183.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/regions/2.17.183/regions-2.17.183.jar" - } - }, - "com_google_errorprone_error_prone_annotations_2_4_0": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "5f2a0648230a662e8be049df308d583d7369f13af683e44ddf5829b6d741a228", - "urls": [ - "https://repo1.maven.org/maven2/com/google/errorprone/error_prone_annotations/2.4.0/error_prone_annotations-2.4.0.jar", - "https://maven.google.com/com/google/errorprone/error_prone_annotations/2.4.0/error_prone_annotations-2.4.0.jar" - ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/errorprone/error_prone_annotations/2.4.0/error_prone_annotations-2.4.0.jar" + "downloaded_file_path": "software/amazon/awssdk/regions/2.17.183/regions-2.17.183.jar" } }, "io_netty_netty_handler_4_1_72_Final": { @@ -1503,7 +1561,7 @@ "https://repo1.maven.org/maven2/io/netty/netty-handler/4.1.72.Final/netty-handler-4.1.72.Final.jar", "https://maven.google.com/io/netty/netty-handler/4.1.72.Final/netty-handler-4.1.72.Final.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/io/netty/netty-handler/4.1.72.Final/netty-handler-4.1.72.Final.jar" + "downloaded_file_path": "io/netty/netty-handler/4.1.72.Final/netty-handler-4.1.72.Final.jar" } }, "software_amazon_awssdk_aws_query_protocol_2_17_183": { @@ -1515,7 +1573,7 @@ "https://repo1.maven.org/maven2/software/amazon/awssdk/aws-query-protocol/2.17.183/aws-query-protocol-2.17.183.jar", "https://maven.google.com/software/amazon/awssdk/aws-query-protocol/2.17.183/aws-query-protocol-2.17.183.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/aws-query-protocol/2.17.183/aws-query-protocol-2.17.183.jar" + "downloaded_file_path": "software/amazon/awssdk/aws-query-protocol/2.17.183/aws-query-protocol-2.17.183.jar" } }, "io_netty_netty_codec_http_4_1_72_Final": { @@ -1527,7 +1585,7 @@ "https://repo1.maven.org/maven2/io/netty/netty-codec-http/4.1.72.Final/netty-codec-http-4.1.72.Final.jar", "https://maven.google.com/io/netty/netty-codec-http/4.1.72.Final/netty-codec-http-4.1.72.Final.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/io/netty/netty-codec-http/4.1.72.Final/netty-codec-http-4.1.72.Final.jar" + "downloaded_file_path": "io/netty/netty-codec-http/4.1.72.Final/netty-codec-http-4.1.72.Final.jar" } }, "io_netty_netty_resolver_4_1_72_Final": { @@ -1539,7 +1597,7 @@ "https://repo1.maven.org/maven2/io/netty/netty-resolver/4.1.72.Final/netty-resolver-4.1.72.Final.jar", "https://maven.google.com/io/netty/netty-resolver/4.1.72.Final/netty-resolver-4.1.72.Final.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/io/netty/netty-resolver/4.1.72.Final/netty-resolver-4.1.72.Final.jar" + "downloaded_file_path": "io/netty/netty-resolver/4.1.72.Final/netty-resolver-4.1.72.Final.jar" } }, "software_amazon_awssdk_protocol_core_2_17_183": { @@ -1551,7 +1609,7 @@ "https://repo1.maven.org/maven2/software/amazon/awssdk/protocol-core/2.17.183/protocol-core-2.17.183.jar", "https://maven.google.com/software/amazon/awssdk/protocol-core/2.17.183/protocol-core-2.17.183.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/protocol-core/2.17.183/protocol-core-2.17.183.jar" + "downloaded_file_path": "software/amazon/awssdk/protocol-core/2.17.183/protocol-core-2.17.183.jar" } }, "org_checkerframework_checker_compat_qual_2_5_5": { @@ -1563,7 +1621,7 @@ "https://repo1.maven.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar", "https://maven.google.com/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar" + "downloaded_file_path": "org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar" } }, "com_google_apis_google_api_services_storage_v1_rev20200927_1_30_10": { @@ -1575,7 +1633,7 @@ "https://repo1.maven.org/maven2/com/google/apis/google-api-services-storage/v1-rev20200927-1.30.10/google-api-services-storage-v1-rev20200927-1.30.10.jar", "https://maven.google.com/com/google/apis/google-api-services-storage/v1-rev20200927-1.30.10/google-api-services-storage-v1-rev20200927-1.30.10.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/apis/google-api-services-storage/v1-rev20200927-1.30.10/google-api-services-storage-v1-rev20200927-1.30.10.jar" + "downloaded_file_path": "com/google/apis/google-api-services-storage/v1-rev20200927-1.30.10/google-api-services-storage-v1-rev20200927-1.30.10.jar" } }, "com_google_api_client_google_api_client_1_30_11": { @@ -1587,7 +1645,7 @@ "https://repo1.maven.org/maven2/com/google/api-client/google-api-client/1.30.11/google-api-client-1.30.11.jar", "https://maven.google.com/com/google/api-client/google-api-client/1.30.11/google-api-client-1.30.11.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/api-client/google-api-client/1.30.11/google-api-client-1.30.11.jar" + "downloaded_file_path": "com/google/api-client/google-api-client/1.30.11/google-api-client-1.30.11.jar" } }, "software_amazon_awssdk_s3_2_17_183": { @@ -1599,7 +1657,7 @@ "https://repo1.maven.org/maven2/software/amazon/awssdk/s3/2.17.183/s3-2.17.183.jar", "https://maven.google.com/software/amazon/awssdk/s3/2.17.183/s3-2.17.183.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/s3/2.17.183/s3-2.17.183.jar" + "downloaded_file_path": "software/amazon/awssdk/s3/2.17.183/s3-2.17.183.jar" } }, "org_apache_maven_maven_artifact_3_8_6": { @@ -1611,7 +1669,19 @@ "https://repo1.maven.org/maven2/org/apache/maven/maven-artifact/3.8.6/maven-artifact-3.8.6.jar", "https://maven.google.com/org/apache/maven/maven-artifact/3.8.6/maven-artifact-3.8.6.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/org/apache/maven/maven-artifact/3.8.6/maven-artifact-3.8.6.jar" + "downloaded_file_path": "org/apache/maven/maven-artifact/3.8.6/maven-artifact-3.8.6.jar" + } + }, + "com_google_googlejavaformat_google_java_format_1_15_0": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "4f546cfe159547ac3b9547daa9649e728f6abc254979c975f1cb9971793692c3", + "urls": [ + "https://repo1.maven.org/maven2/com/google/googlejavaformat/google-java-format/1.15.0/google-java-format-1.15.0.jar", + "https://maven.google.com/com/google/googlejavaformat/google-java-format/1.15.0/google-java-format-1.15.0.jar" + ], + "downloaded_file_path": "com/google/googlejavaformat/google-java-format/1.15.0/google-java-format-1.15.0.jar" } }, "org_apache_httpcomponents_httpclient_4_5_13": { @@ -1623,7 +1693,7 @@ "https://repo1.maven.org/maven2/org/apache/httpcomponents/httpclient/4.5.13/httpclient-4.5.13.jar", "https://maven.google.com/org/apache/httpcomponents/httpclient/4.5.13/httpclient-4.5.13.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/org/apache/httpcomponents/httpclient/4.5.13/httpclient-4.5.13.jar" + "downloaded_file_path": "org/apache/httpcomponents/httpclient/4.5.13/httpclient-4.5.13.jar" } }, "com_google_guava_listenablefuture_9999_0_empty_to_avoid_conflict_with_guava": { @@ -1635,7 +1705,7 @@ "https://repo1.maven.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar", "https://maven.google.com/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar" + "downloaded_file_path": "com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar" } }, "com_google_http_client_google_http_client_1_38_0": { @@ -1647,7 +1717,7 @@ "https://repo1.maven.org/maven2/com/google/http-client/google-http-client/1.38.0/google-http-client-1.38.0.jar", "https://maven.google.com/com/google/http-client/google-http-client/1.38.0/google-http-client-1.38.0.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/http-client/google-http-client/1.38.0/google-http-client-1.38.0.jar" + "downloaded_file_path": "com/google/http-client/google-http-client/1.38.0/google-http-client-1.38.0.jar" } }, "software_amazon_awssdk_apache_client_2_17_183": { @@ -1659,7 +1729,7 @@ "https://repo1.maven.org/maven2/software/amazon/awssdk/apache-client/2.17.183/apache-client-2.17.183.jar", "https://maven.google.com/software/amazon/awssdk/apache-client/2.17.183/apache-client-2.17.183.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/apache-client/2.17.183/apache-client-2.17.183.jar" + "downloaded_file_path": "software/amazon/awssdk/apache-client/2.17.183/apache-client-2.17.183.jar" } }, "software_amazon_awssdk_arns_2_17_183": { @@ -1671,7 +1741,7 @@ "https://repo1.maven.org/maven2/software/amazon/awssdk/arns/2.17.183/arns-2.17.183.jar", "https://maven.google.com/software/amazon/awssdk/arns/2.17.183/arns-2.17.183.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/arns/2.17.183/arns-2.17.183.jar" + "downloaded_file_path": "software/amazon/awssdk/arns/2.17.183/arns-2.17.183.jar" } }, "com_google_code_gson_gson_2_9_0": { @@ -1683,7 +1753,7 @@ "https://repo1.maven.org/maven2/com/google/code/gson/gson/2.9.0/gson-2.9.0.jar", "https://maven.google.com/com/google/code/gson/gson/2.9.0/gson-2.9.0.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/code/gson/gson/2.9.0/gson-2.9.0.jar" + "downloaded_file_path": "com/google/code/gson/gson/2.9.0/gson-2.9.0.jar" } }, "io_netty_netty_buffer_4_1_72_Final": { @@ -1695,7 +1765,7 @@ "https://repo1.maven.org/maven2/io/netty/netty-buffer/4.1.72.Final/netty-buffer-4.1.72.Final.jar", "https://maven.google.com/io/netty/netty-buffer/4.1.72.Final/netty-buffer-4.1.72.Final.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/io/netty/netty-buffer/4.1.72.Final/netty-buffer-4.1.72.Final.jar" + "downloaded_file_path": "io/netty/netty-buffer/4.1.72.Final/netty-buffer-4.1.72.Final.jar" } }, "com_google_code_findbugs_jsr305_3_0_2": { @@ -1707,7 +1777,7 @@ "https://repo1.maven.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar", "https://maven.google.com/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar" + "downloaded_file_path": "com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar" } }, "commons_codec_commons_codec_1_11": { @@ -1719,7 +1789,7 @@ "https://repo1.maven.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.jar", "https://maven.google.com/commons-codec/commons-codec/1.11/commons-codec-1.11.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.jar" + "downloaded_file_path": "commons-codec/commons-codec/1.11/commons-codec-1.11.jar" } }, "software_amazon_awssdk_auth_2_17_183": { @@ -1731,7 +1801,7 @@ "https://repo1.maven.org/maven2/software/amazon/awssdk/auth/2.17.183/auth-2.17.183.jar", "https://maven.google.com/software/amazon/awssdk/auth/2.17.183/auth-2.17.183.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/auth/2.17.183/auth-2.17.183.jar" + "downloaded_file_path": "software/amazon/awssdk/auth/2.17.183/auth-2.17.183.jar" } }, "software_amazon_awssdk_json_utils_2_17_183": { @@ -1743,7 +1813,7 @@ "https://repo1.maven.org/maven2/software/amazon/awssdk/json-utils/2.17.183/json-utils-2.17.183.jar", "https://maven.google.com/software/amazon/awssdk/json-utils/2.17.183/json-utils-2.17.183.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/json-utils/2.17.183/json-utils-2.17.183.jar" + "downloaded_file_path": "software/amazon/awssdk/json-utils/2.17.183/json-utils-2.17.183.jar" } }, "org_codehaus_plexus_plexus_utils_3_3_1": { @@ -1755,7 +1825,7 @@ "https://repo1.maven.org/maven2/org/codehaus/plexus/plexus-utils/3.3.1/plexus-utils-3.3.1.jar", "https://maven.google.com/org/codehaus/plexus/plexus-utils/3.3.1/plexus-utils-3.3.1.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/org/codehaus/plexus/plexus-utils/3.3.1/plexus-utils-3.3.1.jar" + "downloaded_file_path": "org/codehaus/plexus/plexus-utils/3.3.1/plexus-utils-3.3.1.jar" } }, "com_google_protobuf_protobuf_java_util_3_13_0": { @@ -1767,7 +1837,7 @@ "https://repo1.maven.org/maven2/com/google/protobuf/protobuf-java-util/3.13.0/protobuf-java-util-3.13.0.jar", "https://maven.google.com/com/google/protobuf/protobuf-java-util/3.13.0/protobuf-java-util-3.13.0.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/protobuf/protobuf-java-util/3.13.0/protobuf-java-util-3.13.0.jar" + "downloaded_file_path": "com/google/protobuf/protobuf-java-util/3.13.0/protobuf-java-util-3.13.0.jar" } }, "io_netty_netty_codec_4_1_72_Final": { @@ -1779,7 +1849,7 @@ "https://repo1.maven.org/maven2/io/netty/netty-codec/4.1.72.Final/netty-codec-4.1.72.Final.jar", "https://maven.google.com/io/netty/netty-codec/4.1.72.Final/netty-codec-4.1.72.Final.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/io/netty/netty-codec/4.1.72.Final/netty-codec-4.1.72.Final.jar" + "downloaded_file_path": "io/netty/netty-codec/4.1.72.Final/netty-codec-4.1.72.Final.jar" } }, "com_google_protobuf_protobuf_java_3_13_0": { @@ -1791,7 +1861,7 @@ "https://repo1.maven.org/maven2/com/google/protobuf/protobuf-java/3.13.0/protobuf-java-3.13.0.jar", "https://maven.google.com/com/google/protobuf/protobuf-java/3.13.0/protobuf-java-3.13.0.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/com/google/protobuf/protobuf-java/3.13.0/protobuf-java-3.13.0.jar" + "downloaded_file_path": "com/google/protobuf/protobuf-java/3.13.0/protobuf-java-3.13.0.jar" } }, "io_netty_netty_tcnative_classes_2_0_46_Final": { @@ -1803,7 +1873,7 @@ "https://repo1.maven.org/maven2/io/netty/netty-tcnative-classes/2.0.46.Final/netty-tcnative-classes-2.0.46.Final.jar", "https://maven.google.com/io/netty/netty-tcnative-classes/2.0.46.Final/netty-tcnative-classes-2.0.46.Final.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/io/netty/netty-tcnative-classes/2.0.46.Final/netty-tcnative-classes-2.0.46.Final.jar" + "downloaded_file_path": "io/netty/netty-tcnative-classes/2.0.46.Final/netty-tcnative-classes-2.0.46.Final.jar" } }, "software_amazon_awssdk_sdk_core_2_17_183": { @@ -1815,7 +1885,7 @@ "https://repo1.maven.org/maven2/software/amazon/awssdk/sdk-core/2.17.183/sdk-core-2.17.183.jar", "https://maven.google.com/software/amazon/awssdk/sdk-core/2.17.183/sdk-core-2.17.183.jar" ], - "downloaded_file_path": "v1/https/repo1.maven.org/maven2/software/amazon/awssdk/sdk-core/2.17.183/sdk-core-2.17.183.jar" + "downloaded_file_path": "software/amazon/awssdk/sdk-core/2.17.183/sdk-core-2.17.183.jar" } } }, @@ -1836,7 +1906,7 @@ "@@rules_jvm_external~//:non-module-deps.bzl%non_module_deps": { "general": { "bzlTransitiveDigest": "l6SlNloqPvd60dcuPdWiJNi3g3jfK76fcZc0i/Yr0dQ=", - "usagesDigest": "bTG4ItERqhG1LeSs62hQ01DiMarFsflWgpZaghM5qik=", + "usagesDigest": "pX61d12AFioOtqChQDmxvlNGDYT69e5MrKT2E/S6TeQ=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, @@ -1861,558 +1931,2110 @@ ] } }, - "@@rules_python~//python/extensions:pip.bzl%pip": { - "os:linux,arch:amd64": { - "bzlTransitiveDigest": "Qobw0mqix3Lyru/l40RZpc1OSUFNKKDU1svu1wF6aWQ=", - "usagesDigest": "GjGeoW3Y1ie+feloBPcuU2ovSDtUFE43ddOvIqLCEtk=", + "@@rules_python~//python/private/pypi:pip.bzl%pip_internal": { + "general": { + "bzlTransitiveDigest": "K1h7nEO1U/rpFfJOYYfw8DzGLZtin3FFsWrhUy3j0uE=", + "usagesDigest": "oYkedjxSdBorV3xQF7DIKk/vNNIQfMYhJ6f7cAJ0nis=", "recordedFileInputs": { - "@@rules_python~//tools/publish/requirements.txt": "8ced1e640eab3ee44298590e5ad88cd612f5bf96245af1981709f7a8884a982b" + "@@rules_python~//tools/publish/requirements.txt": "031e35d03dde03ae6305fe4b3d1f58ad7bdad857379752deede0f93649991b8a", + "@@rules_python~//tools/publish/requirements_windows.txt": "349252b9ff6f0095e3a22046e33c7650cd2d833d8edcf11641a5d95e08829250", + "@@rules_python~//tools/publish/requirements_darwin.txt": "ce2f5127a385350df974ba1e73a51f32ac201c63d92fc5a4cb1628f0b8c393c1" }, "recordedDirentsInputs": {}, "envVariables": {}, "generatedRepoSpecs": { - "rules_python_publish_deps_311_keyring": { - "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "rules_python_publish_deps_311_cffi_cp311_cp311_manylinux_2_17_aarch64_3548db28": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", - "filename": "keyring-23.13.1-py3-none-any.whl", - "isolated": true, + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64" + ], + "filename": "cffi-1.15.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "quiet": true, "repo": "rules_python_publish_deps_311", - "requirement": "keyring==23.13.1", - "sha256": "771ed2a91909389ed6148631de678f82ddc73737d85a927f382a8a1b157898cd", - "timeout": 600, + "requirement": "cffi==1.15.1", + "sha256": "3548db281cd7d2561c9ad9984681c95f7b0e38881201e157833a2342c30d5e8c", "urls": [ - "https://files.pythonhosted.org/packages/62/db/0e9a09b2b95986dcd73ac78be6ed2bd73ebe8bac65cba7add5b83eb9d899/keyring-23.13.1-py3-none-any.whl" + "https://files.pythonhosted.org/packages/91/bc/b7723c2fe7a22eee71d7edf2102cd43423d5f95ff3932ebaa2f82c7ec8d0/cffi-1.15.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl" ] } }, - "rules_python_publish_deps_311_more_itertools": { - "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "rules_python_publish_deps_311_zipp_sdist_a7a22e05": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", - "filename": "more_itertools-9.0.0-py3-none-any.whl", - "isolated": true, + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "zipp-3.11.0.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "quiet": true, - "repo": "rules_python_publish_deps_311", - "requirement": "more-itertools==9.0.0", - "sha256": "250e83d7e81d0c87ca6bd942e6aeab8cc9daa6096d12c5308f3f92fa5e5c1f41", - "timeout": 600, - "urls": [ - "https://files.pythonhosted.org/packages/5d/87/1ec3fcc09d2c04b977eabf8a1083222f82eaa2f46d5a4f85f403bf8e7b30/more_itertools-9.0.0-py3-none-any.whl" - ] - } - }, - "rules_python_publish_deps_311_rich": { - "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "filename": "rich-13.2.0-py3-none-any.whl", - "isolated": true, - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "quiet": true, - "repo": "rules_python_publish_deps_311", - "requirement": "rich==13.2.0", - "sha256": "7c963f0d03819221e9ac561e1bc866e3f95a02248c1234daa48954e6d381c003", - "timeout": 600, - "urls": [ - "https://files.pythonhosted.org/packages/0e/cf/a6369a2aee266c2d7604230f083d4bd14b8f69bc69eb25b3da63b9f2f853/rich-13.2.0-py3-none-any.whl" - ] - } - }, - "rules_python_publish_deps_311_importlib_metadata": { - "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "filename": "importlib_metadata-6.0.0-py3-none-any.whl", - "isolated": true, - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "quiet": true, - "repo": "rules_python_publish_deps_311", - "requirement": "importlib-metadata==6.0.0", - "sha256": "7efb448ec9a5e313a57655d35aa54cd3e01b7e1fbcf72dce1bf06119420f5bad", - "timeout": 600, - "urls": [ - "https://files.pythonhosted.org/packages/26/a7/9da7d5b23fc98ab3d424ac2c65613d63c1f401efb84ad50f2fa27b2caab4/importlib_metadata-6.0.0-py3-none-any.whl" - ] - } - }, - "rules_python_publish_deps_311_secretstorage": { - "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "filename": "SecretStorage-3.3.3-py3-none-any.whl", - "isolated": true, - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "quiet": true, - "repo": "rules_python_publish_deps_311", - "requirement": "secretstorage==3.3.3", - "sha256": "f356e6628222568e3af06f2eba8df495efa13b3b63081dafd4f7d9a7b7bc9f99", - "timeout": 600, - "urls": [ - "https://files.pythonhosted.org/packages/54/24/b4293291fa1dd830f353d2cb163295742fa87f179fcc8a20a306a81978b7/SecretStorage-3.3.3-py3-none-any.whl" - ] - } - }, - "rules_python_publish_deps_311_urllib3": { - "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "filename": "urllib3-1.26.14-py2.py3-none-any.whl", - "isolated": true, - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "quiet": true, - "repo": "rules_python_publish_deps_311", - "requirement": "urllib3==1.26.14", - "sha256": "75edcdc2f7d85b137124a6c3c9fc3933cdeaa12ecb9a6a959f22797a0feca7e1", - "timeout": 600, - "urls": [ - "https://files.pythonhosted.org/packages/fe/ca/466766e20b767ddb9b951202542310cba37ea5f2d792dae7589f1741af58/urllib3-1.26.14-py2.py3-none-any.whl" - ] - } - }, - "rules_python_publish_deps_311_mdurl": { - "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "filename": "mdurl-0.1.2-py3-none-any.whl", - "isolated": true, - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "quiet": true, - "repo": "rules_python_publish_deps_311", - "requirement": "mdurl==0.1.2", - "sha256": "84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8", - "timeout": 600, - "urls": [ - "https://files.pythonhosted.org/packages/b3/38/89ba8ad64ae25be8de66a6d463314cf1eb366222074cfda9ee839c56a4b4/mdurl-0.1.2-py3-none-any.whl" - ] - } - }, - "rules_python_publish_deps_311_readme_renderer": { - "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "filename": "readme_renderer-37.3-py3-none-any.whl", - "isolated": true, - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "quiet": true, - "repo": "rules_python_publish_deps_311", - "requirement": "readme-renderer==37.3", - "sha256": "f67a16caedfa71eef48a31b39708637a6f4664c4394801a7b0d6432d13907343", - "timeout": 600, - "urls": [ - "https://files.pythonhosted.org/packages/97/52/fd8a77d6f0a9ddeb26ed8fb334e01ac546106bf0c5b8e40dc826c5bd160f/readme_renderer-37.3-py3-none-any.whl" - ] - } - }, - "rules_python_publish_deps_311_markdown_it_py": { - "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "filename": "markdown_it_py-2.1.0-py3-none-any.whl", - "isolated": true, - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "quiet": true, - "repo": "rules_python_publish_deps_311", - "requirement": "markdown-it-py==2.1.0", - "sha256": "93de681e5c021a432c63147656fe21790bc01231e0cd2da73626f1aa3ac0fe27", - "timeout": 600, - "urls": [ - "https://files.pythonhosted.org/packages/f9/3f/ecd1b708973b9a3e4574b43cffc1ce8eb98696da34f1a1c44a68c3c0d737/markdown_it_py-2.1.0-py3-none-any.whl" - ] - } - }, - "rules_python_publish_deps_311_zipp": { - "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "filename": "zipp-3.11.0-py3-none-any.whl", - "isolated": true, - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "quiet": true, "repo": "rules_python_publish_deps_311", "requirement": "zipp==3.11.0", - "sha256": "83a28fcb75844b5c0cdaf5aa4003c2d728c77e05f5aeabe8e95e56727005fbaa", - "timeout": 600, + "sha256": "a7a22e05929290a67401440b39690ae6563279bced5f314609d9d03798f56766", "urls": [ - "https://files.pythonhosted.org/packages/d8/20/256eb3f3f437c575fb1a2efdce5e801a5ce3162ea8117da96c43e6ee97d8/zipp-3.11.0-py3-none-any.whl" + "https://files.pythonhosted.org/packages/8e/b3/8b16a007184714f71157b1a71bbe632c5d66dd43bc8152b3c799b13881e1/zipp-3.11.0.tar.gz" ] } }, - "rules_python_publish_deps_311_certifi": { - "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "rules_python_publish_deps_311_urllib3_sdist_076907bf": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", - "filename": "certifi-2022.12.7-py3-none-any.whl", - "isolated": true, + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64" + ], + "filename": "urllib3-1.26.14.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "quiet": true, "repo": "rules_python_publish_deps_311", - "requirement": "certifi==2022.12.7", - "sha256": "4ad3232f5e926d6718ec31cfc1fcadfde020920e278684144551c91769c7bc18", - "timeout": 600, + "requirement": "urllib3==1.26.14", + "sha256": "076907bf8fd355cde77728471316625a4d2f7e713c125f51953bb5b3eecf4f72", "urls": [ - "https://files.pythonhosted.org/packages/71/4c/3db2b8021bd6f2f0ceb0e088d6b2d49147671f25832fb17970e9b583d742/certifi-2022.12.7-py3-none-any.whl" + "https://files.pythonhosted.org/packages/c5/52/fe421fb7364aa738b3506a2d99e4f3a56e079c0a798e9f4fa5e14c60922f/urllib3-1.26.14.tar.gz" ] } }, - "rules_python_publish_deps_311_bleach": { - "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "rules_python_publish_deps_311_cffi_cp311_cp311_manylinux_2_17_ppc64le_91fc98ad": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", - "filename": "bleach-6.0.0-py3-none-any.whl", - "isolated": true, + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64" + ], + "filename": "cffi-1.15.1-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "quiet": true, "repo": "rules_python_publish_deps_311", - "requirement": "bleach==6.0.0", - "sha256": "33c16e3353dbd13028ab4799a0f89a83f113405c766e9c122df8a06f5b85b3f4", - "timeout": 600, + "requirement": "cffi==1.15.1", + "sha256": "91fc98adde3d7881af9b59ed0294046f3806221863722ba7d8d120c575314325", "urls": [ - "https://files.pythonhosted.org/packages/ac/e2/dfcab68c9b2e7800c8f06b85c76e5f978d05b195a958daa9b1dda54a1db6/bleach-6.0.0-py3-none-any.whl" + "https://files.pythonhosted.org/packages/5d/4e/4e0bb5579b01fdbfd4388bd1eb9394a989e1336203a4b7f700d887b233c1/cffi-1.15.1-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl" ] } }, - "rules_python_publish_deps_311_pycparser": { - "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "filename": "pycparser-2.21-py2.py3-none-any.whl", - "isolated": true, - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "quiet": true, - "repo": "rules_python_publish_deps_311", - "requirement": "pycparser==2.21", - "sha256": "8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9", - "timeout": 600, - "urls": [ - "https://files.pythonhosted.org/packages/62/d5/5f610ebe421e85889f2e55e33b7f9a6795bd982198517d912eb1c76e1a53/pycparser-2.21-py2.py3-none-any.whl" - ] - } - }, - "rules_python_publish_deps_311_requests": { - "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "rules_python_publish_deps_311_requests_py3_none_any_64299f49": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], "filename": "requests-2.28.2-py3-none-any.whl", - "isolated": true, "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "quiet": true, "repo": "rules_python_publish_deps_311", "requirement": "requests==2.28.2", "sha256": "64299f4909223da747622c030b781c0d7811e359c37124b4bd368fb8c6518baa", - "timeout": 600, "urls": [ "https://files.pythonhosted.org/packages/d2/f4/274d1dbe96b41cf4e0efb70cbced278ffd61b5c7bb70338b62af94ccb25b/requests-2.28.2-py3-none-any.whl" ] } }, - "rules_python_publish_deps_311_idna": { - "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "rules_python_publish_deps_311_certifi_sdist_35824b4c": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", - "filename": "idna-3.4-py3-none-any.whl", - "isolated": true, + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64" + ], + "filename": "certifi-2022.12.7.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "quiet": true, "repo": "rules_python_publish_deps_311", - "requirement": "idna==3.4", - "sha256": "90b77e79eaa3eba6de819a0c442c0b4ceefc341a7a2ab77d7562bf49f425c5c2", - "timeout": 600, + "requirement": "certifi==2022.12.7", + "sha256": "35824b4c3a97115964b408844d64aa14db1cc518f6562e8d7261699d1350a9e3", "urls": [ - "https://files.pythonhosted.org/packages/fc/34/3030de6f1370931b9dbb4dad48f6ab1015ab1d32447850b9fc94e60097be/idna-3.4-py3-none-any.whl" + "https://files.pythonhosted.org/packages/37/f7/2b1b0ec44fdc30a3d31dfebe52226be9ddc40cd6c0f34ffc8923ba423b69/certifi-2022.12.7.tar.gz" ] } }, - "rules_python_publish_deps_311_jeepney": { - "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "rules_python_publish_deps_311_readme_renderer_py3_none_any_f67a16ca": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", - "filename": "jeepney-0.8.0-py3-none-any.whl", - "isolated": true, + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "readme_renderer-37.3-py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "quiet": true, "repo": "rules_python_publish_deps_311", - "requirement": "jeepney==0.8.0", - "sha256": "c0a454ad016ca575060802ee4d590dd912e35c122fa04e70306de3d076cce755", - "timeout": 600, + "requirement": "readme-renderer==37.3", + "sha256": "f67a16caedfa71eef48a31b39708637a6f4664c4394801a7b0d6432d13907343", "urls": [ - "https://files.pythonhosted.org/packages/ae/72/2a1e2290f1ab1e06f71f3d0f1646c9e4634e70e1d37491535e19266e8dc9/jeepney-0.8.0-py3-none-any.whl" + "https://files.pythonhosted.org/packages/97/52/fd8a77d6f0a9ddeb26ed8fb334e01ac546106bf0c5b8e40dc826c5bd160f/readme_renderer-37.3-py3-none-any.whl" ] } }, - "rules_python_publish_deps_311_docutils": { - "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "rules_python_publish_deps_311_cffi_sdist_d400bfb9": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", - "filename": "docutils-0.19-py3-none-any.whl", - "isolated": true, + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64" + ], + "filename": "cffi-1.15.1.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "quiet": true, "repo": "rules_python_publish_deps_311", - "requirement": "docutils==0.19", - "sha256": "5e1de4d849fee02c63b040a4a3fd567f4ab104defd8a5511fbbc24a8a017efbc", - "timeout": 600, + "requirement": "cffi==1.15.1", + "sha256": "d400bfb9a37b1351253cb402671cea7e89bdecc294e8016a707f6d1d8ac934f9", "urls": [ - "https://files.pythonhosted.org/packages/93/69/e391bd51bc08ed9141ecd899a0ddb61ab6465309f1eb470905c0c8868081/docutils-0.19-py3-none-any.whl" + "https://files.pythonhosted.org/packages/2b/a8/050ab4f0c3d4c1b8aaa805f70e26e84d0e27004907c5b8ecc1d31815f92a/cffi-1.15.1.tar.gz" ] } }, - "rules_python_publish_deps_311_webencodings": { - "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "rules_python_publish_deps_311_idna_py3_none_any_82fee1fc": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", - "filename": "webencodings-0.5.1-py2.py3-none-any.whl", - "isolated": true, + "experimental_target_platforms": [ + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "idna-3.7-py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "quiet": true, "repo": "rules_python_publish_deps_311", - "requirement": "webencodings==0.5.1", - "sha256": "a0af1213f3c2226497a97e2b3aa01a7e4bee4f403f95be16fc9acd2947514a78", - "timeout": 600, + "requirement": "idna==3.7", + "sha256": "82fee1fc78add43492d3a1898bfa6d8a904cc97d8427f683ed8e798d07761aa0", "urls": [ - "https://files.pythonhosted.org/packages/f4/24/2a3e3df732393fed8b3ebf2ec078f05546de641fe1b667ee316ec1dcf3b7/webencodings-0.5.1-py2.py3-none-any.whl" + "https://files.pythonhosted.org/packages/e5/3e/741d8c82801c347547f8a2a06aa57dbb1992be9e948df2ea0eda2c8b79e8/idna-3.7-py3-none-any.whl" ] } }, - "rules_python_publish_deps_311_rfc3986": { - "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "filename": "rfc3986-2.0.0-py2.py3-none-any.whl", - "isolated": true, - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "quiet": true, - "repo": "rules_python_publish_deps_311", - "requirement": "rfc3986==2.0.0", - "sha256": "50b1502b60e289cb37883f3dfd34532b8873c7de9f49bb546641ce9cbd256ebd", - "timeout": 600, - "urls": [ - "https://files.pythonhosted.org/packages/ff/9a/9afaade874b2fa6c752c36f1548f718b5b83af81ed9b76628329dab81c1b/rfc3986-2.0.0-py2.py3-none-any.whl" - ] - } - }, - "rules_python_publish_deps_311_cryptography": { - "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "filename": "cryptography-41.0.6-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", - "isolated": true, - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "quiet": true, - "repo": "rules_python_publish_deps_311", - "requirement": "cryptography==41.0.6", - "sha256": "da46e2b5df770070412c46f87bac0849b8d685c5f2679771de277a422c7d0b86", - "timeout": 600, - "urls": [ - "https://files.pythonhosted.org/packages/ce/4e/54960380dda23ceb2027500e568aeafd6f06ce031847d7f2d3157f2bd12b/cryptography-41.0.6-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl" - ] - } - }, - "rules_python_publish_deps_311_requests_toolbelt": { - "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "rules_python_publish_deps_311_requests_toolbelt_py2_none_any_18565aa5": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], "filename": "requests_toolbelt-0.10.1-py2.py3-none-any.whl", - "isolated": true, "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "quiet": true, "repo": "rules_python_publish_deps_311", "requirement": "requests-toolbelt==0.10.1", "sha256": "18565aa58116d9951ac39baa288d3adb5b3ff975c4f25eee78555d89e8f247f7", - "timeout": 600, "urls": [ "https://files.pythonhosted.org/packages/05/d3/bf87a36bff1cb88fd30a509fd366c70ec30676517ee791b2f77e0e29817a/requests_toolbelt-0.10.1-py2.py3-none-any.whl" ] } }, - "rules_python_publish_deps_311_pygments": { - "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "filename": "Pygments-2.14.0-py3-none-any.whl", - "isolated": true, - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "quiet": true, - "repo": "rules_python_publish_deps_311", - "requirement": "pygments==2.14.0", - "sha256": "fa7bd7bd2771287c0de303af8bfdfc731f51bd2c6a47ab69d117138893b82717", - "timeout": 600, - "urls": [ - "https://files.pythonhosted.org/packages/0b/42/d9d95cc461f098f204cd20c85642ae40fbff81f74c300341b8d0e0df14e0/Pygments-2.14.0-py3-none-any.whl" - ] - } - }, - "rules_python_publish_deps_311_jaraco_classes": { - "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "filename": "jaraco.classes-3.2.3-py3-none-any.whl", - "isolated": true, - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "quiet": true, - "repo": "rules_python_publish_deps_311", - "requirement": "jaraco-classes==3.2.3", - "sha256": "2353de3288bc6b82120752201c6b1c1a14b058267fa424ed5ce5984e3b922158", - "timeout": 600, - "urls": [ - "https://files.pythonhosted.org/packages/60/28/220d3ae0829171c11e50dded4355d17824d60895285631d7eb9dee0ab5e5/jaraco.classes-3.2.3-py3-none-any.whl" - ] - } - }, - "rules_python_publish_deps_311_twine": { - "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "filename": "twine-4.0.2-py3-none-any.whl", - "isolated": true, - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "quiet": true, - "repo": "rules_python_publish_deps_311", - "requirement": "twine==4.0.2", - "sha256": "929bc3c280033347a00f847236564d1c52a3e61b1ac2516c97c48f3ceab756d8", - "timeout": 600, - "urls": [ - "https://files.pythonhosted.org/packages/3a/38/a3f27a9e8ce45523d7d1e28c09e9085b61a98dab15d35ec086f36a44b37c/twine-4.0.2-py3-none-any.whl" - ] - } - }, - "rules_python_publish_deps_311_six": { - "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "filename": "six-1.16.0-py2.py3-none-any.whl", - "isolated": true, - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "quiet": true, - "repo": "rules_python_publish_deps_311", - "requirement": "six==1.16.0", - "sha256": "8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254", - "timeout": 600, - "urls": [ - "https://files.pythonhosted.org/packages/d9/5a/e7c31adbe875f2abbb91bd84cf2dc52d792b5a01506781dbcf25c91daf11/six-1.16.0-py2.py3-none-any.whl" - ] - } - }, - "rules_python_publish_deps_311_pkginfo": { - "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "filename": "pkginfo-1.9.6-py3-none-any.whl", - "isolated": true, - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "quiet": true, - "repo": "rules_python_publish_deps_311", - "requirement": "pkginfo==1.9.6", - "sha256": "4b7a555a6d5a22169fcc9cf7bfd78d296b0361adad412a346c1226849af5e546", - "timeout": 600, - "urls": [ - "https://files.pythonhosted.org/packages/b3/f2/6e95c86a23a30fa205ea6303a524b20cbae27fbee69216377e3d95266406/pkginfo-1.9.6-py3-none-any.whl" - ] - } - }, - "rules_python_publish_deps_311_charset_normalizer": { - "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "filename": "charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", - "isolated": true, - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "quiet": true, - "repo": "rules_python_publish_deps_311", - "requirement": "charset-normalizer==3.0.1", - "sha256": "79909e27e8e4fcc9db4addea88aa63f6423ebb171db091fb4373e3312cb6d603", - "timeout": 600, - "urls": [ - "https://files.pythonhosted.org/packages/d9/7a/60d45c9453212b30eebbf8b5cddbdef330eebddfcf335bce7920c43fb72e/charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl" - ] - } - }, - "rules_python_publish_deps_311_cffi": { - "bzlFile": "@@rules_python~//python/pip_install:pip_repository.bzl", + "rules_python_publish_deps_311_cffi_cp311_cp311_manylinux_2_17_x86_64_94411f22": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64" + ], "filename": "cffi-1.15.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", - "isolated": true, "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "quiet": true, "repo": "rules_python_publish_deps_311", "requirement": "cffi==1.15.1", "sha256": "94411f22c3985acaec6f83c6df553f2dbe17b698cc7f8ae751ff2237d96b9e3c", - "timeout": 600, "urls": [ "https://files.pythonhosted.org/packages/37/5a/c37631a86be838bdd84cc0259130942bf7e6e32f70f4cab95f479847fb91/cffi-1.15.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl" ] } }, + "rules_python_publish_deps_311_cryptography_cp39_abi3_musllinux_1_1_x86_64_6d0fbe73": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64" + ], + "filename": "cryptography-42.0.4-cp39-abi3-musllinux_1_1_x86_64.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "cryptography==42.0.4", + "sha256": "6d0fbe73728c44ca3a241eff9aefe6496ab2656d6e7a4ea2459865f2e8613257", + "urls": [ + "https://files.pythonhosted.org/packages/41/5d/33f17e40dbb7441ad51e8a6920e726f68443cdbfb388cb8eff53e4b6ffd4/cryptography-42.0.4-cp39-abi3-musllinux_1_1_x86_64.whl" + ] + } + }, + "rules_python_publish_deps_311_pygments_py3_none_any_fa7bd7bd": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "Pygments-2.14.0-py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "pygments==2.14.0", + "sha256": "fa7bd7bd2771287c0de303af8bfdfc731f51bd2c6a47ab69d117138893b82717", + "urls": [ + "https://files.pythonhosted.org/packages/0b/42/d9d95cc461f098f204cd20c85642ae40fbff81f74c300341b8d0e0df14e0/Pygments-2.14.0-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_cryptography_cp39_abi3_musllinux_1_1_aarch64_3c6048f2": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64" + ], + "filename": "cryptography-42.0.4-cp39-abi3-musllinux_1_1_aarch64.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "cryptography==42.0.4", + "sha256": "3c6048f217533d89f2f8f4f0fe3044bf0b2090453b7b73d0b77db47b80af8dff", + "urls": [ + "https://files.pythonhosted.org/packages/ea/a1/04733ecbe1e77a228c738f4ab321ca050e45284997f3e3a1539461cd4bca/cryptography-42.0.4-cp39-abi3-musllinux_1_1_aarch64.whl" + ] + } + }, + "rules_python_publish_deps_311_bleach_py3_none_any_33c16e33": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "bleach-6.0.0-py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "bleach==6.0.0", + "sha256": "33c16e3353dbd13028ab4799a0f89a83f113405c766e9c122df8a06f5b85b3f4", + "urls": [ + "https://files.pythonhosted.org/packages/ac/e2/dfcab68c9b2e7800c8f06b85c76e5f978d05b195a958daa9b1dda54a1db6/bleach-6.0.0-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_cryptography_cp39_abi3_manylinux_2_17_aarch64_a1327f28": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64" + ], + "filename": "cryptography-42.0.4-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "cryptography==42.0.4", + "sha256": "a1327f280c824ff7885bdeef8578f74690e9079267c1c8bd7dc5cc5aa065ae52", + "urls": [ + "https://files.pythonhosted.org/packages/44/61/644e21048102cd72a13325fd6443db741746fbf0157e7c5d5c7628afc336/cryptography-42.0.4-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl" + ] + } + }, + "rules_python_publish_deps_311_keyring_py3_none_any_771ed2a9": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "keyring-23.13.1-py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "keyring==23.13.1", + "sha256": "771ed2a91909389ed6148631de678f82ddc73737d85a927f382a8a1b157898cd", + "urls": [ + "https://files.pythonhosted.org/packages/62/db/0e9a09b2b95986dcd73ac78be6ed2bd73ebe8bac65cba7add5b83eb9d899/keyring-23.13.1-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_jaraco_classes_sdist_89559fa5": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "jaraco.classes-3.2.3.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "jaraco-classes==3.2.3", + "sha256": "89559fa5c1d3c34eff6f631ad80bb21f378dbcbb35dd161fd2c6b93f5be2f98a", + "urls": [ + "https://files.pythonhosted.org/packages/bf/02/a956c9bfd2dfe60b30c065ed8e28df7fcf72b292b861dca97e951c145ef6/jaraco.classes-3.2.3.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_rich_py3_none_any_7c963f0d": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "rich-13.2.0-py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "rich==13.2.0", + "sha256": "7c963f0d03819221e9ac561e1bc866e3f95a02248c1234daa48954e6d381c003", + "urls": [ + "https://files.pythonhosted.org/packages/0e/cf/a6369a2aee266c2d7604230f083d4bd14b8f69bc69eb25b3da63b9f2f853/rich-13.2.0-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_cryptography_cp39_abi3_manylinux_2_17_x86_64_6ffb03d4": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64" + ], + "filename": "cryptography-42.0.4-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "cryptography==42.0.4", + "sha256": "6ffb03d419edcab93b4b19c22ee80c007fb2d708429cecebf1dd3258956a563a", + "urls": [ + "https://files.pythonhosted.org/packages/32/c2/4ff3cf950504aa6ccd3db3712f515151536eea0cf6125442015b0532a46d/cryptography-42.0.4-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl" + ] + } + }, + "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_manylinux_2_17_s390x_8c7fe7af": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "charset-normalizer==3.0.1", + "sha256": "8c7fe7afa480e3e82eed58e0ca89f751cd14d767638e2550c77a92a9e749c317", + "urls": [ + "https://files.pythonhosted.org/packages/df/c5/dd3a17a615775d0ffc3e12b0e47833d8b7e0a4871431dad87a3f92382a19/charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl" + ] + } + }, + "rules_python_publish_deps_311_secretstorage_sdist_2403533e": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64" + ], + "filename": "SecretStorage-3.3.3.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "secretstorage==3.3.3", + "sha256": "2403533ef369eca6d2ba81718576c5e0f564d5cca1b58f73a8b23e7d4eeebd77", + "urls": [ + "https://files.pythonhosted.org/packages/53/a4/f48c9d79cb507ed1373477dbceaba7401fd8a23af63b837fa61f1dcd3691/SecretStorage-3.3.3.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_musllinux_1_1_ppc64le_5995f016": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_ppc64le.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "charset-normalizer==3.0.1", + "sha256": "5995f0164fa7df59db4746112fec3f49c461dd6b31b841873443bdb077c13cfc", + "urls": [ + "https://files.pythonhosted.org/packages/86/eb/31c9025b4ed7eddd930c5f2ac269efb953de33140608c7539675d74a2081/charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_ppc64le.whl" + ] + } + }, + "rules_python_publish_deps_311_cryptography_cp39_abi3_musllinux_1_2_aarch64_887623fe": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64" + ], + "filename": "cryptography-42.0.4-cp39-abi3-musllinux_1_2_aarch64.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "cryptography==42.0.4", + "sha256": "887623fe0d70f48ab3f5e4dbf234986b1329a64c066d719432d0698522749929", + "urls": [ + "https://files.pythonhosted.org/packages/da/56/1b2c8aa8e62bfb568022b68d77ebd2bd9afddea37898350fbfe008dcefa7/cryptography-42.0.4-cp39-abi3-musllinux_1_2_aarch64.whl" + ] + } + }, + "rules_python_publish_deps_311_more_itertools_sdist_5a6257e4": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "more-itertools-9.0.0.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "more-itertools==9.0.0", + "sha256": "5a6257e40878ef0520b1803990e3e22303a41b5714006c32a3fd8304b26ea1ab", + "urls": [ + "https://files.pythonhosted.org/packages/13/b3/397aa9668da8b1f0c307bc474608653d46122ae0563d1d32f60e24fa0cbd/more-itertools-9.0.0.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_importlib_metadata_py3_none_any_7efb448e": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "importlib_metadata-6.0.0-py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "importlib-metadata==6.0.0", + "sha256": "7efb448ec9a5e313a57655d35aa54cd3e01b7e1fbcf72dce1bf06119420f5bad", + "urls": [ + "https://files.pythonhosted.org/packages/26/a7/9da7d5b23fc98ab3d424ac2c65613d63c1f401efb84ad50f2fa27b2caab4/importlib_metadata-6.0.0-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_win_amd64_9ab77acb": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "charset_normalizer-3.0.1-cp311-cp311-win_amd64.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "charset-normalizer==3.0.1", + "sha256": "9ab77acb98eba3fd2a85cd160851816bfce6871d944d885febf012713f06659c", + "urls": [ + "https://files.pythonhosted.org/packages/2e/7b/5053a4a46fac017fd2aea3dc9abdd9983fd4cef153b6eb6aedcb0d7cb6e3/charset_normalizer-3.0.1-cp311-cp311-win_amd64.whl" + ] + } + }, + "rules_python_publish_deps_311_importlib_metadata_sdist_e354bede": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "importlib_metadata-6.0.0.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "importlib-metadata==6.0.0", + "sha256": "e354bedeb60efa6affdcc8ae121b73544a7aa74156d047311948f6d711cd378d", + "urls": [ + "https://files.pythonhosted.org/packages/90/07/6397ad02d31bddf1841c9ad3ec30a693a3ff208e09c2ef45c9a8a5f85156/importlib_metadata-6.0.0.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_macosx_11_0_arm64_87701167": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "charset_normalizer-3.0.1-cp311-cp311-macosx_11_0_arm64.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "charset-normalizer==3.0.1", + "sha256": "87701167f2a5c930b403e9756fab1d31d4d4da52856143b609e30a1ce7160f3c", + "urls": [ + "https://files.pythonhosted.org/packages/02/49/78b4c1bc8b1b0e0fc66fb31ce30d8302f10a1412ba75de72c57532f0beb0/charset_normalizer-3.0.1-cp311-cp311-macosx_11_0_arm64.whl" + ] + } + }, + "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_musllinux_1_1_x86_64_761e8904": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_x86_64.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "charset-normalizer==3.0.1", + "sha256": "761e8904c07ad053d285670f36dd94e1b6ab7f16ce62b9805c475b7aa1cffde6", + "urls": [ + "https://files.pythonhosted.org/packages/82/49/ab81421d5aa25bc8535896a017c93204cb4051f2a4e72b1ad8f3b594e072/charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_x86_64.whl" + ] + } + }, + "rules_python_publish_deps_311_certifi_py3_none_any_4ad3232f": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64" + ], + "filename": "certifi-2022.12.7-py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "certifi==2022.12.7", + "sha256": "4ad3232f5e926d6718ec31cfc1fcadfde020920e278684144551c91769c7bc18", + "urls": [ + "https://files.pythonhosted.org/packages/71/4c/3db2b8021bd6f2f0ceb0e088d6b2d49147671f25832fb17970e9b583d742/certifi-2022.12.7-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_jeepney_py3_none_any_c0a454ad": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64" + ], + "filename": "jeepney-0.8.0-py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "jeepney==0.8.0", + "sha256": "c0a454ad016ca575060802ee4d590dd912e35c122fa04e70306de3d076cce755", + "urls": [ + "https://files.pythonhosted.org/packages/ae/72/2a1e2290f1ab1e06f71f3d0f1646c9e4634e70e1d37491535e19266e8dc9/jeepney-0.8.0-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_secretstorage_py3_none_any_f356e662": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64" + ], + "filename": "SecretStorage-3.3.3-py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "secretstorage==3.3.3", + "sha256": "f356e6628222568e3af06f2eba8df495efa13b3b63081dafd4f7d9a7b7bc9f99", + "urls": [ + "https://files.pythonhosted.org/packages/54/24/b4293291fa1dd830f353d2cb163295742fa87f179fcc8a20a306a81978b7/SecretStorage-3.3.3-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_idna_py3_none_any_90b77e79": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64" + ], + "filename": "idna-3.4-py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "idna==3.4", + "sha256": "90b77e79eaa3eba6de819a0c442c0b4ceefc341a7a2ab77d7562bf49f425c5c2", + "urls": [ + "https://files.pythonhosted.org/packages/fc/34/3030de6f1370931b9dbb4dad48f6ab1015ab1d32447850b9fc94e60097be/idna-3.4-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_cryptography_cp39_abi3_manylinux_2_28_x86_64_44a64043": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64" + ], + "filename": "cryptography-42.0.4-cp39-abi3-manylinux_2_28_x86_64.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "cryptography==42.0.4", + "sha256": "44a64043f743485925d3bcac548d05df0f9bb445c5fcca6681889c7c3ab12764", + "urls": [ + "https://files.pythonhosted.org/packages/7e/45/81f378eb85aab14b229c1032ba3694eff85a3d75b35092c3e71abd2d34f6/cryptography-42.0.4-cp39-abi3-manylinux_2_28_x86_64.whl" + ] + } + }, + "rules_python_publish_deps_311_urllib3_py2_none_any_75edcdc2": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64" + ], + "filename": "urllib3-1.26.14-py2.py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "urllib3==1.26.14", + "sha256": "75edcdc2f7d85b137124a6c3c9fc3933cdeaa12ecb9a6a959f22797a0feca7e1", + "urls": [ + "https://files.pythonhosted.org/packages/fe/ca/466766e20b767ddb9b951202542310cba37ea5f2d792dae7589f1741af58/urllib3-1.26.14-py2.py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_urllib3_sdist_3e3d753a": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "urllib3-1.26.19.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "urllib3==1.26.19", + "sha256": "3e3d753a8618b86d7de333b4223005f68720bcd6a7d2bcb9fbd2229ec7c1e429", + "urls": [ + "https://files.pythonhosted.org/packages/c8/93/65e479b023bbc46dab3e092bda6b0005424ea3217d711964ccdede3f9b1b/urllib3-1.26.19.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_charset_normalizer_py3_none_any_7e189e2e": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "charset_normalizer-3.0.1-py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "charset-normalizer==3.0.1", + "sha256": "7e189e2e1d3ed2f4aebabd2d5b0f931e883676e51c7624826e0a4e5fe8a0bf24", + "urls": [ + "https://files.pythonhosted.org/packages/68/2b/02e9d6a98ddb73fa238d559a9edcc30b247b8dc4ee848b6184c936e99dc0/charset_normalizer-3.0.1-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_twine_sdist_9e102ef5": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "twine-4.0.2.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "twine==4.0.2", + "sha256": "9e102ef5fdd5a20661eb88fad46338806c3bd32cf1db729603fe3697b1bc83c8", + "urls": [ + "https://files.pythonhosted.org/packages/b7/1a/a7884359429d801cd63c2c5512ad0a337a509994b0e42d9696d4778d71f6/twine-4.0.2.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_pywin32_ctypes_py2_none_any_9dc2d991": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "windows_x86_64" + ], + "filename": "pywin32_ctypes-0.2.0-py2.py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "pywin32-ctypes==0.2.0", + "sha256": "9dc2d991b3479cc2df15930958b674a48a227d5361d413827a4cfd0b5876fc98", + "urls": [ + "https://files.pythonhosted.org/packages/9e/4b/3ab2720f1fa4b4bc924ef1932b842edf10007e4547ea8157b0b9fc78599a/pywin32_ctypes-0.2.0-py2.py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_pkginfo_py3_none_any_4b7a555a": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "pkginfo-1.9.6-py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "pkginfo==1.9.6", + "sha256": "4b7a555a6d5a22169fcc9cf7bfd78d296b0361adad412a346c1226849af5e546", + "urls": [ + "https://files.pythonhosted.org/packages/b3/f2/6e95c86a23a30fa205ea6303a524b20cbae27fbee69216377e3d95266406/pkginfo-1.9.6-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_cffi_cp311_cp311_musllinux_1_1_x86_64_cc4d65ae": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64" + ], + "filename": "cffi-1.15.1-cp311-cp311-musllinux_1_1_x86_64.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "cffi==1.15.1", + "sha256": "cc4d65aeeaa04136a12677d3dd0b1c0c94dc43abac5860ab33cceb42b801c1e8", + "urls": [ + "https://files.pythonhosted.org/packages/d3/56/3e94aa719ae96eeda8b68b3ec6e347e0a23168c6841dc276ccdcdadc9f32/cffi-1.15.1-cp311-cp311-musllinux_1_1_x86_64.whl" + ] + } + }, + "rules_python_publish_deps_311_cryptography_sdist_831a4b37": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64" + ], + "filename": "cryptography-42.0.4.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "cryptography==42.0.4", + "sha256": "831a4b37accef30cccd34fcb916a5d7b5be3cbbe27268a02832c3e450aea39cb", + "urls": [ + "https://files.pythonhosted.org/packages/81/d8/214d25515bf6034dce99aba22eeb47443b14c82160114e3d3f33067c6d3b/cryptography-42.0.4.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_mdurl_py3_none_any_84008a41": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "mdurl-0.1.2-py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "mdurl==0.1.2", + "sha256": "84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8", + "urls": [ + "https://files.pythonhosted.org/packages/b3/38/89ba8ad64ae25be8de66a6d463314cf1eb366222074cfda9ee839c56a4b4/mdurl-0.1.2-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_cryptography_cp39_abi3_musllinux_1_2_x86_64_ce8613be": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64" + ], + "filename": "cryptography-42.0.4-cp39-abi3-musllinux_1_2_x86_64.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "cryptography==42.0.4", + "sha256": "ce8613beaffc7c14f091497346ef117c1798c202b01153a8cc7b8e2ebaaf41c0", + "urls": [ + "https://files.pythonhosted.org/packages/a2/8e/dac70232d4231c53448e29aa4b768cf82d891fcfd6e0caa7ace242da8c9b/cryptography-42.0.4-cp39-abi3-musllinux_1_2_x86_64.whl" + ] + } + }, + "rules_python_publish_deps_311_more_itertools_py3_none_any_250e83d7": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "more_itertools-9.0.0-py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "more-itertools==9.0.0", + "sha256": "250e83d7e81d0c87ca6bd942e6aeab8cc9daa6096d12c5308f3f92fa5e5c1f41", + "urls": [ + "https://files.pythonhosted.org/packages/5d/87/1ec3fcc09d2c04b977eabf8a1083222f82eaa2f46d5a4f85f403bf8e7b30/more_itertools-9.0.0-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_mdurl_sdist_bb413d29": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "mdurl-0.1.2.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "mdurl==0.1.2", + "sha256": "bb413d29f5eea38f31dd4754dd7377d4465116fb207585f97bf925588687c1ba", + "urls": [ + "https://files.pythonhosted.org/packages/d6/54/cfe61301667036ec958cb99bd3efefba235e65cdeb9c84d24a8293ba1d90/mdurl-0.1.2.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_keyring_sdist_ba2e15a9": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "keyring-23.13.1.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "keyring==23.13.1", + "sha256": "ba2e15a9b35e21908d0aaf4e0a47acc52d6ae33444df0da2b49d41a46ef6d678", + "urls": [ + "https://files.pythonhosted.org/packages/55/fe/282f4c205add8e8bb3a1635cbbac59d6def2e0891b145aa553a0e40dd2d0/keyring-23.13.1.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_rfc3986_sdist_97aacf9d": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "rfc3986-2.0.0.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "rfc3986==2.0.0", + "sha256": "97aacf9dbd4bfd829baad6e6309fa6573aaf1be3f6fa735c8ab05e46cecb261c", + "urls": [ + "https://files.pythonhosted.org/packages/85/40/1520d68bfa07ab5a6f065a186815fb6610c86fe957bc065754e47f7b0840/rfc3986-2.0.0.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_six_py2_none_any_8abb2f1d": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "six-1.16.0-py2.py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "six==1.16.0", + "sha256": "8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254", + "urls": [ + "https://files.pythonhosted.org/packages/d9/5a/e7c31adbe875f2abbb91bd84cf2dc52d792b5a01506781dbcf25c91daf11/six-1.16.0-py2.py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_cryptography_cp39_abi3_manylinux_2_28_aarch64_1df6fcbf": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64" + ], + "filename": "cryptography-42.0.4-cp39-abi3-manylinux_2_28_aarch64.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "cryptography==42.0.4", + "sha256": "1df6fcbf60560d2113b5ed90f072dc0b108d64750d4cbd46a21ec882c7aefce9", + "urls": [ + "https://files.pythonhosted.org/packages/4c/e1/18056b2c0e4ba031ea6b9d660bc2bdf491f7ef64ab7ef1a803a03a8b8d26/cryptography-42.0.4-cp39-abi3-manylinux_2_28_aarch64.whl" + ] + } + }, + "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_manylinux_2_17_aarch64_14e76c0f": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "charset-normalizer==3.0.1", + "sha256": "14e76c0f23218b8f46c4d87018ca2e441535aed3632ca134b10239dfb6dadd6b", + "urls": [ + "https://files.pythonhosted.org/packages/c0/4d/6b82099e3f25a9ed87431e2f51156c14f3a9ce8fad73880a3856cd95f1d5/charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl" + ] + } + }, + "rules_python_publish_deps_311_readme_renderer_sdist_cd653186": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "readme_renderer-37.3.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "readme-renderer==37.3", + "sha256": "cd653186dfc73055656f090f227f5cb22a046d7f71a841dfa305f55c9a513273", + "urls": [ + "https://files.pythonhosted.org/packages/81/c3/d20152fcd1986117b898f66928938f329d0c91ddc47f081c58e64e0f51dc/readme_renderer-37.3.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_markdown_it_py_py3_none_any_93de681e": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "markdown_it_py-2.1.0-py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "markdown-it-py==2.1.0", + "sha256": "93de681e5c021a432c63147656fe21790bc01231e0cd2da73626f1aa3ac0fe27", + "urls": [ + "https://files.pythonhosted.org/packages/f9/3f/ecd1b708973b9a3e4574b43cffc1ce8eb98696da34f1a1c44a68c3c0d737/markdown_it_py-2.1.0-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_six_sdist_1e61c374": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "six-1.16.0.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "six==1.16.0", + "sha256": "1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926", + "urls": [ + "https://files.pythonhosted.org/packages/71/39/171f1c67cd00715f190ba0b100d606d440a28c93c7714febeca8b79af85e/six-1.16.0.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_twine_py3_none_any_929bc3c2": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "twine-4.0.2-py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "twine==4.0.2", + "sha256": "929bc3c280033347a00f847236564d1c52a3e61b1ac2516c97c48f3ceab756d8", + "urls": [ + "https://files.pythonhosted.org/packages/3a/38/a3f27a9e8ce45523d7d1e28c09e9085b61a98dab15d35ec086f36a44b37c/twine-4.0.2-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_webencodings_sdist_b36a1c24": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "webencodings-0.5.1.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "webencodings==0.5.1", + "sha256": "b36a1c245f2d304965eb4e0a82848379241dc04b865afcc4aab16748587e1923", + "urls": [ + "https://files.pythonhosted.org/packages/0b/02/ae6ceac1baeda530866a85075641cec12989bd8d31af6d5ab4a3e8c92f47/webencodings-0.5.1.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_musllinux_1_1_s390x_4a8fcf28": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_s390x.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "charset-normalizer==3.0.1", + "sha256": "4a8fcf28c05c1f6d7e177a9a46a1c52798bfe2ad80681d275b10dcf317deaf0b", + "urls": [ + "https://files.pythonhosted.org/packages/80/54/183163f9910936e57a60ee618f4f5cc91c2f8333ee2d4ebc6c50f6c8684d/charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_s390x.whl" + ] + } + }, + "rules_python_publish_deps_311_markdown_it_py_sdist_cf7e59fe": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "markdown-it-py-2.1.0.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "markdown-it-py==2.1.0", + "sha256": "cf7e59fed14b5ae17c0006eff14a2d9a00ed5f3a846148153899a0224e2c07da", + "urls": [ + "https://files.pythonhosted.org/packages/33/e9/ac8a93e9eda3891ecdfecf5e01c060bbd2c44d4e3e77efc83b9c7ce9db32/markdown-it-py-2.1.0.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_urllib3_py2_none_any_37a03444": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "urllib3-1.26.19-py2.py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "urllib3==1.26.19", + "sha256": "37a0344459b199fce0e80b0d3569837ec6b6937435c5244e7fd73fa6006830f3", + "urls": [ + "https://files.pythonhosted.org/packages/ae/6a/99eaaeae8becaa17a29aeb334a18e5d582d873b6f084c11f02581b8d7f7f/urllib3-1.26.19-py2.py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_manylinux_2_17_x86_64_79909e27": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "charset-normalizer==3.0.1", + "sha256": "79909e27e8e4fcc9db4addea88aa63f6423ebb171db091fb4373e3312cb6d603", + "urls": [ + "https://files.pythonhosted.org/packages/d9/7a/60d45c9453212b30eebbf8b5cddbdef330eebddfcf335bce7920c43fb72e/charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl" + ] + } + }, + "rules_python_publish_deps_311_idna_sdist_814f528e": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64" + ], + "filename": "idna-3.4.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "idna==3.4", + "sha256": "814f528e8dead7d329833b91c5faa87d60bf71824cd12a7530b5526063d02cb4", + "urls": [ + "https://files.pythonhosted.org/packages/8b/e1/43beb3d38dba6cb420cefa297822eac205a277ab43e5ba5d5c46faf96438/idna-3.4.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_jaraco_classes_py3_none_any_2353de32": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "jaraco.classes-3.2.3-py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "jaraco-classes==3.2.3", + "sha256": "2353de3288bc6b82120752201c6b1c1a14b058267fa424ed5ce5984e3b922158", + "urls": [ + "https://files.pythonhosted.org/packages/60/28/220d3ae0829171c11e50dded4355d17824d60895285631d7eb9dee0ab5e5/jaraco.classes-3.2.3-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_pycparser_py2_none_any_8ee45429": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64" + ], + "filename": "pycparser-2.21-py2.py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "pycparser==2.21", + "sha256": "8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9", + "urls": [ + "https://files.pythonhosted.org/packages/62/d5/5f610ebe421e85889f2e55e33b7f9a6795bd982198517d912eb1c76e1a53/pycparser-2.21-py2.py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_rich_sdist_f1a00cdd": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "rich-13.2.0.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "rich==13.2.0", + "sha256": "f1a00cdd3eebf999a15d85ec498bfe0b1a77efe9b34f645768a54132ef444ac5", + "urls": [ + "https://files.pythonhosted.org/packages/9e/5e/c3dc3ea32e2c14bfe46e48de954dd175bff76bcc549dd300acb9689521ae/rich-13.2.0.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_pywin32_ctypes_sdist_24ffc3b3": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "windows_x86_64" + ], + "filename": "pywin32-ctypes-0.2.0.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "pywin32-ctypes==0.2.0", + "sha256": "24ffc3b341d457d48e8922352130cf2644024a4ff09762a2261fd34c36ee5942", + "urls": [ + "https://files.pythonhosted.org/packages/7a/7d/0dbc4c99379452a819b0fb075a0ffbb98611df6b6d59f54db67367af5bc0/pywin32-ctypes-0.2.0.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_pkginfo_sdist_8fd5896e": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "pkginfo-1.9.6.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "pkginfo==1.9.6", + "sha256": "8fd5896e8718a4372f0ea9cc9d96f6417c9b986e23a4d116dda26b62cc29d046", + "urls": [ + "https://files.pythonhosted.org/packages/b4/1c/89b38e431c20d6b2389ed8b3926c2ab72f58944733ba029354c6d9f69129/pkginfo-1.9.6.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_pygments_sdist_b3ed06a9": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "Pygments-2.14.0.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "pygments==2.14.0", + "sha256": "b3ed06a9e8ac9a9aae5a6f5dbe78a8a58655d17b43b93c078f094ddc476ae297", + "urls": [ + "https://files.pythonhosted.org/packages/da/6a/c427c06913204e24de28de5300d3f0e809933f376e0b7df95194b2bb3f71/Pygments-2.14.0.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_certifi_py3_none_any_92d60375": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "certifi-2023.7.22-py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "certifi==2023.7.22", + "sha256": "92d6037539857d8206b8f6ae472e8b77db8058fec5937a1ef3f54304089edbb9", + "urls": [ + "https://files.pythonhosted.org/packages/4c/dd/2234eab22353ffc7d94e8d13177aaa050113286e93e7b40eae01fbf7c3d9/certifi-2023.7.22-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_zipp_py3_none_any_83a28fcb": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "zipp-3.11.0-py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "zipp==3.11.0", + "sha256": "83a28fcb75844b5c0cdaf5aa4003c2d728c77e05f5aeabe8e95e56727005fbaa", + "urls": [ + "https://files.pythonhosted.org/packages/d8/20/256eb3f3f437c575fb1a2efdce5e801a5ce3162ea8117da96c43e6ee97d8/zipp-3.11.0-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_macosx_10_9_x86_64_a8d0fc94": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "charset_normalizer-3.0.1-cp311-cp311-macosx_10_9_x86_64.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "charset-normalizer==3.0.1", + "sha256": "a8d0fc946c784ff7f7c3742310cc8a57c5c6dc31631269876a88b809dbeff3d3", + "urls": [ + "https://files.pythonhosted.org/packages/90/59/941e2e5ae6828a688c6437ad16e026eb3606d0cfdd13ea5c9090980f3ffd/charset_normalizer-3.0.1-cp311-cp311-macosx_10_9_x86_64.whl" + ] + } + }, + "rules_python_publish_deps_311_docutils_py3_none_any_5e1de4d8": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "docutils-0.19-py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "docutils==0.19", + "sha256": "5e1de4d849fee02c63b040a4a3fd567f4ab104defd8a5511fbbc24a8a017efbc", + "urls": [ + "https://files.pythonhosted.org/packages/93/69/e391bd51bc08ed9141ecd899a0ddb61ab6465309f1eb470905c0c8868081/docutils-0.19-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_docutils_sdist_33995a67": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "docutils-0.19.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "docutils==0.19", + "sha256": "33995a6753c30b7f577febfc2c50411fec6aac7f7ffeb7c4cfe5991072dcf9e6", + "urls": [ + "https://files.pythonhosted.org/packages/6b/5c/330ea8d383eb2ce973df34d1239b3b21e91cd8c865d21ff82902d952f91f/docutils-0.19.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_macosx_10_9_universal2_0298eaff": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "charset_normalizer-3.0.1-cp311-cp311-macosx_10_9_universal2.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "charset-normalizer==3.0.1", + "sha256": "0298eafff88c99982a4cf66ba2efa1128e4ddaca0b05eec4c456bbc7db691d8d", + "urls": [ + "https://files.pythonhosted.org/packages/37/00/ca188e0a2b3cd3184cdd2521b8765cf579327d128caa8aedc3dc7614020a/charset_normalizer-3.0.1-cp311-cp311-macosx_10_9_universal2.whl" + ] + } + }, + "rules_python_publish_deps_311_idna_sdist_028ff3aa": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "idna-3.7.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "idna==3.7", + "sha256": "028ff3aadf0609c1fd278d8ea3089299412a7a8b9bd005dd08b9f8285bcb5cfc", + "urls": [ + "https://files.pythonhosted.org/packages/21/ed/f86a79a07470cb07819390452f178b3bef1d375f2ec021ecfc709fc7cf07/idna-3.7.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_jeepney_sdist_5efe48d2": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64" + ], + "filename": "jeepney-0.8.0.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "jeepney==0.8.0", + "sha256": "5efe48d255973902f6badc3ce55e2aa6c5c3b3bc642059ef3a91247bcfcc5806", + "urls": [ + "https://files.pythonhosted.org/packages/d6/f4/154cf374c2daf2020e05c3c6a03c91348d59b23c5366e968feb198306fdf/jeepney-0.8.0.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_requests_toolbelt_sdist_62e09f7f": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "requests-toolbelt-0.10.1.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "requests-toolbelt==0.10.1", + "sha256": "62e09f7ff5ccbda92772a29f394a49c3ad6cb181d568b1337626b2abb628a63d", + "urls": [ + "https://files.pythonhosted.org/packages/0c/4c/07f01c6ac44f7784fa399137fbc8d0cdc1b5d35304e8c0f278ad82105b58/requests-toolbelt-0.10.1.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_certifi_sdist_539cc1d1": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "certifi-2023.7.22.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "certifi==2023.7.22", + "sha256": "539cc1d13202e33ca466e88b2807e29f4c13049d6d87031a3c110744495cb082", + "urls": [ + "https://files.pythonhosted.org/packages/98/98/c2ff18671db109c9f10ed27f5ef610ae05b73bd876664139cf95bd1429aa/certifi-2023.7.22.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_manylinux_2_17_ppc64le_0c0a5902": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "charset-normalizer==3.0.1", + "sha256": "0c0a590235ccd933d9892c627dec5bc7511ce6ad6c1011fdf5b11363022746c1", + "urls": [ + "https://files.pythonhosted.org/packages/12/e5/aa09a1c39c3e444dd223d63e2c816c18ed78d035cff954143b2a539bdc9e/charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl" + ] + } + }, + "rules_python_publish_deps_311_rfc3986_py2_none_any_50b1502b": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "rfc3986-2.0.0-py2.py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "rfc3986==2.0.0", + "sha256": "50b1502b60e289cb37883f3dfd34532b8873c7de9f49bb546641ce9cbd256ebd", + "urls": [ + "https://files.pythonhosted.org/packages/ff/9a/9afaade874b2fa6c752c36f1548f718b5b83af81ed9b76628329dab81c1b/rfc3986-2.0.0-py2.py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_requests_sdist_98b1b278": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "requests-2.28.2.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "requests==2.28.2", + "sha256": "98b1b2782e3c6c4904938b84c0eb932721069dfdb9134313beff7c83c2df24bf", + "urls": [ + "https://files.pythonhosted.org/packages/9d/ee/391076f5937f0a8cdf5e53b701ffc91753e87b07d66bae4a09aa671897bf/requests-2.28.2.tar.gz" + ] + } + }, "rules_python_publish_deps": { - "bzlFile": "@@rules_python~//python/private/bzlmod:pip_repository.bzl", - "ruleClassName": "pip_repository", + "bzlFile": "@@rules_python~//python/private/pypi:hub_repository.bzl", + "ruleClassName": "hub_repository", "attributes": { "repo_name": "rules_python_publish_deps", "whl_map": { - "bleach": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_bleach\",\"version\":\"3.11\"}]", - "certifi": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_certifi\",\"version\":\"3.11\"}]", - "cffi": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_cffi\",\"version\":\"3.11\"}]", - "charset_normalizer": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_charset_normalizer\",\"version\":\"3.11\"}]", - "cryptography": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_cryptography\",\"version\":\"3.11\"}]", - "docutils": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_docutils\",\"version\":\"3.11\"}]", - "idna": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_idna\",\"version\":\"3.11\"}]", - "importlib_metadata": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_importlib_metadata\",\"version\":\"3.11\"}]", - "jaraco_classes": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_jaraco_classes\",\"version\":\"3.11\"}]", - "jeepney": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_jeepney\",\"version\":\"3.11\"}]", - "keyring": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_keyring\",\"version\":\"3.11\"}]", - "markdown_it_py": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_markdown_it_py\",\"version\":\"3.11\"}]", - "mdurl": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_mdurl\",\"version\":\"3.11\"}]", - "more_itertools": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_more_itertools\",\"version\":\"3.11\"}]", - "pkginfo": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_pkginfo\",\"version\":\"3.11\"}]", - "pycparser": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_pycparser\",\"version\":\"3.11\"}]", - "pygments": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_pygments\",\"version\":\"3.11\"}]", - "readme_renderer": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_readme_renderer\",\"version\":\"3.11\"}]", - "requests": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_requests\",\"version\":\"3.11\"}]", - "requests_toolbelt": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_requests_toolbelt\",\"version\":\"3.11\"}]", - "rfc3986": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_rfc3986\",\"version\":\"3.11\"}]", - "rich": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_rich\",\"version\":\"3.11\"}]", - "secretstorage": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_secretstorage\",\"version\":\"3.11\"}]", - "six": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_six\",\"version\":\"3.11\"}]", - "twine": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_twine\",\"version\":\"3.11\"}]", - "urllib3": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_urllib3\",\"version\":\"3.11\"}]", - "webencodings": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_webencodings\",\"version\":\"3.11\"}]", - "zipp": "[{\"config_setting\":\"@@rules_python~//python/config_settings:is_python_3.11\",\"extra_targets\":[],\"repo\":\"rules_python_publish_deps_311_zipp\",\"version\":\"3.11\"}]" + "six": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"six-1.16.0-py2.py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_six_py2_none_any_8abb2f1d\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"six-1.16.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_six_sdist_1e61c374\",\"target_platforms\":null,\"version\":\"3.11\"}]", + "cffi": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"cffi-1.15.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl\",\"repo\":\"rules_python_publish_deps_311_cffi_cp311_cp311_manylinux_2_17_aarch64_3548db28\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"cffi-1.15.1-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl\",\"repo\":\"rules_python_publish_deps_311_cffi_cp311_cp311_manylinux_2_17_ppc64le_91fc98ad\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"cffi-1.15.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_cffi_cp311_cp311_manylinux_2_17_x86_64_94411f22\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"cffi-1.15.1-cp311-cp311-musllinux_1_1_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_cffi_cp311_cp311_musllinux_1_1_x86_64_cc4d65ae\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"cffi-1.15.1.tar.gz\",\"repo\":\"rules_python_publish_deps_311_cffi_sdist_d400bfb9\",\"target_platforms\":null,\"version\":\"3.11\"}]", + "idna": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"idna-3.4-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_idna_py3_none_any_90b77e79\",\"target_platforms\":[\"linux_aarch64\",\"linux_arm\",\"linux_ppc\",\"linux_s390x\",\"linux_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"idna-3.4.tar.gz\",\"repo\":\"rules_python_publish_deps_311_idna_sdist_814f528e\",\"target_platforms\":[\"linux_aarch64\",\"linux_arm\",\"linux_ppc\",\"linux_s390x\",\"linux_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"idna-3.7-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_idna_py3_none_any_82fee1fc\",\"target_platforms\":[\"osx_aarch64\",\"osx_x86_64\",\"windows_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"idna-3.7.tar.gz\",\"repo\":\"rules_python_publish_deps_311_idna_sdist_028ff3aa\",\"target_platforms\":[\"osx_aarch64\",\"osx_x86_64\",\"windows_x86_64\"],\"version\":\"3.11\"}]", + "rich": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"rich-13.2.0-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_rich_py3_none_any_7c963f0d\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"rich-13.2.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_rich_sdist_f1a00cdd\",\"target_platforms\":null,\"version\":\"3.11\"}]", + "zipp": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"zipp-3.11.0-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_zipp_py3_none_any_83a28fcb\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"zipp-3.11.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_zipp_sdist_a7a22e05\",\"target_platforms\":null,\"version\":\"3.11\"}]", + "mdurl": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"mdurl-0.1.2-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_mdurl_py3_none_any_84008a41\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"mdurl-0.1.2.tar.gz\",\"repo\":\"rules_python_publish_deps_311_mdurl_sdist_bb413d29\",\"target_platforms\":null,\"version\":\"3.11\"}]", + "twine": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"twine-4.0.2-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_twine_py3_none_any_929bc3c2\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"twine-4.0.2.tar.gz\",\"repo\":\"rules_python_publish_deps_311_twine_sdist_9e102ef5\",\"target_platforms\":null,\"version\":\"3.11\"}]", + "bleach": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"bleach-6.0.0-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_bleach_py3_none_any_33c16e33\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"bleach-6.0.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_bleach_sdist_1a1a85c1\",\"target_platforms\":null,\"version\":\"3.11\"}]", + "certifi": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"certifi-2022.12.7-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_certifi_py3_none_any_4ad3232f\",\"target_platforms\":[\"linux_aarch64\",\"linux_arm\",\"linux_ppc\",\"linux_s390x\",\"linux_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"certifi-2022.12.7.tar.gz\",\"repo\":\"rules_python_publish_deps_311_certifi_sdist_35824b4c\",\"target_platforms\":[\"linux_aarch64\",\"linux_arm\",\"linux_ppc\",\"linux_s390x\",\"linux_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"certifi-2023.7.22-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_certifi_py3_none_any_92d60375\",\"target_platforms\":[\"osx_aarch64\",\"osx_x86_64\",\"windows_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"certifi-2023.7.22.tar.gz\",\"repo\":\"rules_python_publish_deps_311_certifi_sdist_539cc1d1\",\"target_platforms\":[\"osx_aarch64\",\"osx_x86_64\",\"windows_x86_64\"],\"version\":\"3.11\"}]", + "jeepney": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"jeepney-0.8.0-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_jeepney_py3_none_any_c0a454ad\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"jeepney-0.8.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_jeepney_sdist_5efe48d2\",\"target_platforms\":null,\"version\":\"3.11\"}]", + "keyring": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"keyring-23.13.1-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_keyring_py3_none_any_771ed2a9\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"keyring-23.13.1.tar.gz\",\"repo\":\"rules_python_publish_deps_311_keyring_sdist_ba2e15a9\",\"target_platforms\":null,\"version\":\"3.11\"}]", + "pkginfo": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"pkginfo-1.9.6-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_pkginfo_py3_none_any_4b7a555a\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"pkginfo-1.9.6.tar.gz\",\"repo\":\"rules_python_publish_deps_311_pkginfo_sdist_8fd5896e\",\"target_platforms\":null,\"version\":\"3.11\"}]", + "rfc3986": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"rfc3986-2.0.0-py2.py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_rfc3986_py2_none_any_50b1502b\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"rfc3986-2.0.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_rfc3986_sdist_97aacf9d\",\"target_platforms\":null,\"version\":\"3.11\"}]", + "urllib3": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"urllib3-1.26.14-py2.py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_urllib3_py2_none_any_75edcdc2\",\"target_platforms\":[\"linux_aarch64\",\"linux_arm\",\"linux_ppc\",\"linux_s390x\",\"linux_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"urllib3-1.26.14.tar.gz\",\"repo\":\"rules_python_publish_deps_311_urllib3_sdist_076907bf\",\"target_platforms\":[\"linux_aarch64\",\"linux_arm\",\"linux_ppc\",\"linux_s390x\",\"linux_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"urllib3-1.26.19-py2.py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_urllib3_py2_none_any_37a03444\",\"target_platforms\":[\"osx_aarch64\",\"osx_x86_64\",\"windows_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"urllib3-1.26.19.tar.gz\",\"repo\":\"rules_python_publish_deps_311_urllib3_sdist_3e3d753a\",\"target_platforms\":[\"osx_aarch64\",\"osx_x86_64\",\"windows_x86_64\"],\"version\":\"3.11\"}]", + "docutils": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"docutils-0.19-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_docutils_py3_none_any_5e1de4d8\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"docutils-0.19.tar.gz\",\"repo\":\"rules_python_publish_deps_311_docutils_sdist_33995a67\",\"target_platforms\":null,\"version\":\"3.11\"}]", + "pygments": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"Pygments-2.14.0-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_pygments_py3_none_any_fa7bd7bd\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"Pygments-2.14.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_pygments_sdist_b3ed06a9\",\"target_platforms\":null,\"version\":\"3.11\"}]", + "requests": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"requests-2.28.2-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_requests_py3_none_any_64299f49\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"requests-2.28.2.tar.gz\",\"repo\":\"rules_python_publish_deps_311_requests_sdist_98b1b278\",\"target_platforms\":null,\"version\":\"3.11\"}]", + "pycparser": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"pycparser-2.21-py2.py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_pycparser_py2_none_any_8ee45429\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"pycparser-2.21.tar.gz\",\"repo\":\"rules_python_publish_deps_311_pycparser_sdist_e644fdec\",\"target_platforms\":null,\"version\":\"3.11\"}]", + "cryptography": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"cryptography-42.0.4-cp39-abi3-musllinux_1_2_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_cryptography_cp39_abi3_musllinux_1_2_x86_64_ce8613be\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"cryptography-42.0.4-cp39-abi3-manylinux_2_28_aarch64.whl\",\"repo\":\"rules_python_publish_deps_311_cryptography_cp39_abi3_manylinux_2_28_aarch64_1df6fcbf\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"cryptography-42.0.4-cp39-abi3-musllinux_1_1_aarch64.whl\",\"repo\":\"rules_python_publish_deps_311_cryptography_cp39_abi3_musllinux_1_1_aarch64_3c6048f2\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"cryptography-42.0.4-cp39-abi3-manylinux_2_28_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_cryptography_cp39_abi3_manylinux_2_28_x86_64_44a64043\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"cryptography-42.0.4-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_cryptography_cp39_abi3_manylinux_2_17_x86_64_6ffb03d4\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"cryptography-42.0.4-cp39-abi3-musllinux_1_2_aarch64.whl\",\"repo\":\"rules_python_publish_deps_311_cryptography_cp39_abi3_musllinux_1_2_aarch64_887623fe\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"cryptography-42.0.4-cp39-abi3-musllinux_1_1_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_cryptography_cp39_abi3_musllinux_1_1_x86_64_6d0fbe73\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"cryptography-42.0.4-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl\",\"repo\":\"rules_python_publish_deps_311_cryptography_cp39_abi3_manylinux_2_17_aarch64_a1327f28\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"cryptography-42.0.4.tar.gz\",\"repo\":\"rules_python_publish_deps_311_cryptography_sdist_831a4b37\",\"target_platforms\":null,\"version\":\"3.11\"}]", + "webencodings": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"webencodings-0.5.1-py2.py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_webencodings_py2_none_any_a0af1213\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"webencodings-0.5.1.tar.gz\",\"repo\":\"rules_python_publish_deps_311_webencodings_sdist_b36a1c24\",\"target_platforms\":null,\"version\":\"3.11\"}]", + "secretstorage": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"SecretStorage-3.3.3-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_secretstorage_py3_none_any_f356e662\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"SecretStorage-3.3.3.tar.gz\",\"repo\":\"rules_python_publish_deps_311_secretstorage_sdist_2403533e\",\"target_platforms\":null,\"version\":\"3.11\"}]", + "jaraco_classes": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"jaraco.classes-3.2.3-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_jaraco_classes_py3_none_any_2353de32\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"jaraco.classes-3.2.3.tar.gz\",\"repo\":\"rules_python_publish_deps_311_jaraco_classes_sdist_89559fa5\",\"target_platforms\":null,\"version\":\"3.11\"}]", + "markdown_it_py": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"markdown_it_py-2.1.0-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_markdown_it_py_py3_none_any_93de681e\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"markdown-it-py-2.1.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_markdown_it_py_sdist_cf7e59fe\",\"target_platforms\":null,\"version\":\"3.11\"}]", + "more_itertools": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"more_itertools-9.0.0-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_more_itertools_py3_none_any_250e83d7\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"more-itertools-9.0.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_more_itertools_sdist_5a6257e4\",\"target_platforms\":null,\"version\":\"3.11\"}]", + "readme_renderer": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"readme_renderer-37.3-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_readme_renderer_py3_none_any_f67a16ca\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"readme_renderer-37.3.tar.gz\",\"repo\":\"rules_python_publish_deps_311_readme_renderer_sdist_cd653186\",\"target_platforms\":null,\"version\":\"3.11\"}]", + "requests_toolbelt": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"requests_toolbelt-0.10.1-py2.py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_requests_toolbelt_py2_none_any_18565aa5\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"requests-toolbelt-0.10.1.tar.gz\",\"repo\":\"rules_python_publish_deps_311_requests_toolbelt_sdist_62e09f7f\",\"target_platforms\":null,\"version\":\"3.11\"}]", + "charset_normalizer": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-macosx_10_9_universal2.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_macosx_10_9_universal2_0298eaff\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_manylinux_2_17_ppc64le_0c0a5902\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_manylinux_2_17_aarch64_14e76c0f\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_s390x.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_musllinux_1_1_s390x_4a8fcf28\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_ppc64le.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_musllinux_1_1_ppc64le_5995f016\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_aarch64.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_musllinux_1_1_aarch64_72966d1b\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_musllinux_1_1_x86_64_761e8904\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_manylinux_2_17_x86_64_79909e27\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_py3_none_any_7e189e2e\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-macosx_11_0_arm64.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_macosx_11_0_arm64_87701167\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_manylinux_2_17_s390x_8c7fe7af\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-win_amd64.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_win_amd64_9ab77acb\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-macosx_10_9_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_macosx_10_9_x86_64_a8d0fc94\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset-normalizer-3.0.1.tar.gz\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_sdist_ebea339a\",\"target_platforms\":null,\"version\":\"3.11\"}]", + "importlib_metadata": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"importlib_metadata-6.0.0-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_importlib_metadata_py3_none_any_7efb448e\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"importlib_metadata-6.0.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_importlib_metadata_sdist_e354bede\",\"target_platforms\":null,\"version\":\"3.11\"}]", + "pywin32_ctypes": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"pywin32_ctypes-0.2.0-py2.py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_pywin32_ctypes_py2_none_any_9dc2d991\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"pywin32-ctypes-0.2.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_pywin32_ctypes_sdist_24ffc3b3\",\"target_platforms\":null,\"version\":\"3.11\"}]" }, "default_version": "3.11", + "packages": [ + "bleach", + "certifi", + "charset_normalizer", + "docutils", + "idna", + "importlib_metadata", + "jaraco_classes", + "keyring", + "markdown_it_py", + "mdurl", + "more_itertools", + "pkginfo", + "pygments", + "readme_renderer", + "requests", + "requests_toolbelt", + "rfc3986", + "rich", + "six", + "twine", + "urllib3", + "webencodings", + "zipp" + ], "groups": {} } + }, + "rules_python_publish_deps_311_webencodings_py2_none_any_a0af1213": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "webencodings-0.5.1-py2.py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "webencodings==0.5.1", + "sha256": "a0af1213f3c2226497a97e2b3aa01a7e4bee4f403f95be16fc9acd2947514a78", + "urls": [ + "https://files.pythonhosted.org/packages/f4/24/2a3e3df732393fed8b3ebf2ec078f05546de641fe1b667ee316ec1dcf3b7/webencodings-0.5.1-py2.py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_charset_normalizer_sdist_ebea339a": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "charset-normalizer-3.0.1.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "charset-normalizer==3.0.1", + "sha256": "ebea339af930f8ca5d7a699b921106c6e29c617fe9606fa7baa043c1cdae326f", + "urls": [ + "https://files.pythonhosted.org/packages/96/d7/1675d9089a1f4677df5eb29c3f8b064aa1e70c1251a0a8a127803158942d/charset-normalizer-3.0.1.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_musllinux_1_1_aarch64_72966d1b": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_aarch64.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "charset-normalizer==3.0.1", + "sha256": "72966d1b297c741541ca8cf1223ff262a6febe52481af742036a0b296e35fa5a", + "urls": [ + "https://files.pythonhosted.org/packages/01/ff/9ee4a44e8c32fe96dfc12daa42f29294608a55eadc88f327939327fb20fb/charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_aarch64.whl" + ] + } + }, + "rules_python_publish_deps_311_pycparser_sdist_e644fdec": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64" + ], + "filename": "pycparser-2.21.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "pycparser==2.21", + "sha256": "e644fdec12f7872f86c58ff790da456218b10f863970249516d60a5eaca77206", + "urls": [ + "https://files.pythonhosted.org/packages/5e/0b/95d387f5f4433cb0f53ff7ad859bd2c6051051cebbb564f139a999ab46de/pycparser-2.21.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_bleach_sdist_1a1a85c1": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "linux_aarch64", + "linux_arm", + "linux_ppc", + "linux_s390x", + "linux_x86_64", + "osx_aarch64", + "osx_x86_64", + "windows_x86_64" + ], + "filename": "bleach-6.0.0.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "bleach==6.0.0", + "sha256": "1a1a85c1595e07d8db14c5f09f09e6433502c51c595970edc090551f0db99414", + "urls": [ + "https://files.pythonhosted.org/packages/7e/e6/d5f220ca638f6a25557a611860482cb6e54b2d97f0332966b1b005742e1f/bleach-6.0.0.tar.gz" + ] + } } }, "recordedRepoMappingEntries": [ @@ -2431,11 +4053,6 @@ "bazel_features", "bazel_features~" ], - [ - "rules_python~", - "bazel_skylib", - "bazel_skylib~" - ], [ "rules_python~", "bazel_tools", @@ -2525,395 +4142,33 @@ "rules_python~~python~pythons_hub", "python_3_11_host", "rules_python~~python~python_3_11_host" - ], - [ - "rules_python~~python~pythons_hub", - "python_3_11_x86_64-unknown-linux-gnu", - "rules_python~~python~python_3_11_x86_64-unknown-linux-gnu" ] ] } }, - "@@rules_python~//python/extensions:python.bzl%python": { + "@@upb~//:non_module_deps.bzl%non_module_deps": { "general": { - "bzlTransitiveDigest": "SzqtFAs2aDt1NfgP9ptYHKrwR0NAgstbCtGa+0pc9QM=", - "usagesDigest": "qF8xO9+p3+osY2dAO6a6v4e+er9jRhK3jMdKsxoamNI=", - "recordedFileInputs": {}, - "recordedDirentsInputs": {}, - "envVariables": { - "RULES_PYTHON_BZLMOD_DEBUG": null - }, - "generatedRepoSpecs": { - "python_3_11_s390x-unknown-linux-gnu": { - "bzlFile": "@@rules_python~//python:repositories.bzl", - "ruleClassName": "python_repository", - "attributes": { - "sha256": "3f7a0dd64fa292977c4da09e865ee504a48e55dbc2dbfd9ff4b991af891e4446", - "patches": [], - "platform": "s390x-unknown-linux-gnu", - "python_version": "3.11.9", - "release_filename": "20240415/cpython-3.11.9+20240415-s390x-unknown-linux-gnu-install_only.tar.gz", - "urls": [ - "https://github.com/indygreg/python-build-standalone/releases/download/20240415/cpython-3.11.9+20240415-s390x-unknown-linux-gnu-install_only.tar.gz" - ], - "distutils_content": "", - "strip_prefix": "python", - "coverage_tool": "", - "ignore_root_user_error": false - } - }, - "python_3_11_host": { - "bzlFile": "@@rules_python~//python/private:toolchains_repo.bzl", - "ruleClassName": "host_toolchain", - "attributes": { - "python_version": "3.11.9", - "user_repository_name": "python_3_11", - "platforms": [ - "aarch64-apple-darwin", - "aarch64-unknown-linux-gnu", - "ppc64le-unknown-linux-gnu", - "s390x-unknown-linux-gnu", - "x86_64-apple-darwin", - "x86_64-pc-windows-msvc", - "x86_64-unknown-linux-gnu" - ] - } - }, - "python_3_11": { - "bzlFile": "@@rules_python~//python/private:toolchains_repo.bzl", - "ruleClassName": "toolchain_aliases", - "attributes": { - "python_version": "3.11.9", - "user_repository_name": "python_3_11", - "platforms": [ - "aarch64-apple-darwin", - "aarch64-unknown-linux-gnu", - "ppc64le-unknown-linux-gnu", - "s390x-unknown-linux-gnu", - "x86_64-apple-darwin", - "x86_64-pc-windows-msvc", - "x86_64-unknown-linux-gnu" - ] - } - }, - "python_3_11_aarch64-unknown-linux-gnu": { - "bzlFile": "@@rules_python~//python:repositories.bzl", - "ruleClassName": "python_repository", - "attributes": { - "sha256": "b3a7199ac2615d75fb906e5ba556432efcf24baf8651fc70370d9f052d4069ee", - "patches": [], - "platform": "aarch64-unknown-linux-gnu", - "python_version": "3.11.9", - "release_filename": "20240415/cpython-3.11.9+20240415-aarch64-unknown-linux-gnu-install_only.tar.gz", - "urls": [ - "https://github.com/indygreg/python-build-standalone/releases/download/20240415/cpython-3.11.9+20240415-aarch64-unknown-linux-gnu-install_only.tar.gz" - ], - "distutils_content": "", - "strip_prefix": "python", - "coverage_tool": "", - "ignore_root_user_error": false - } - }, - "python_3_11_aarch64-apple-darwin": { - "bzlFile": "@@rules_python~//python:repositories.bzl", - "ruleClassName": "python_repository", - "attributes": { - "sha256": "7af7058f7c268b4d87ed7e08c2c7844ef8460863b3e679db3afdce8bb1eedfae", - "patches": [], - "platform": "aarch64-apple-darwin", - "python_version": "3.11.9", - "release_filename": "20240415/cpython-3.11.9+20240415-aarch64-apple-darwin-install_only.tar.gz", - "urls": [ - "https://github.com/indygreg/python-build-standalone/releases/download/20240415/cpython-3.11.9+20240415-aarch64-apple-darwin-install_only.tar.gz" - ], - "distutils_content": "", - "strip_prefix": "python", - "coverage_tool": "", - "ignore_root_user_error": false - } - }, - "python_3_11_ppc64le-unknown-linux-gnu": { - "bzlFile": "@@rules_python~//python:repositories.bzl", - "ruleClassName": "python_repository", - "attributes": { - "sha256": "03f62d1e2d400c9662cdd12ae33a6f328c34ae8e2b872f8563a144834742bd6a", - "patches": [], - "platform": "ppc64le-unknown-linux-gnu", - "python_version": "3.11.9", - "release_filename": "20240415/cpython-3.11.9+20240415-ppc64le-unknown-linux-gnu-install_only.tar.gz", - "urls": [ - "https://github.com/indygreg/python-build-standalone/releases/download/20240415/cpython-3.11.9+20240415-ppc64le-unknown-linux-gnu-install_only.tar.gz" - ], - "distutils_content": "", - "strip_prefix": "python", - "coverage_tool": "", - "ignore_root_user_error": false - } - }, - "python_3_11_x86_64-apple-darwin": { - "bzlFile": "@@rules_python~//python:repositories.bzl", - "ruleClassName": "python_repository", - "attributes": { - "sha256": "9afd734f63a23783cf0257bef25c9231ffc80e7747486dc54cf72f325213fd15", - "patches": [], - "platform": "x86_64-apple-darwin", - "python_version": "3.11.9", - "release_filename": "20240415/cpython-3.11.9+20240415-x86_64-apple-darwin-install_only.tar.gz", - "urls": [ - "https://github.com/indygreg/python-build-standalone/releases/download/20240415/cpython-3.11.9+20240415-x86_64-apple-darwin-install_only.tar.gz" - ], - "distutils_content": "", - "strip_prefix": "python", - "coverage_tool": "", - "ignore_root_user_error": false - } - }, - "pythons_hub": { - "bzlFile": "@@rules_python~//python/private/bzlmod:pythons_hub.bzl", - "ruleClassName": "hub_repo", - "attributes": { - "default_python_version": "3.11", - "toolchain_prefixes": [ - "_0000_python_3_11_" - ], - "toolchain_python_versions": [ - "3.11" - ], - "toolchain_set_python_version_constraints": [ - "False" - ], - "toolchain_user_repository_names": [ - "python_3_11" - ] - } - }, - "python_versions": { - "bzlFile": "@@rules_python~//python/private:toolchains_repo.bzl", - "ruleClassName": "multi_toolchain_aliases", - "attributes": { - "python_versions": { - "3.11": "python_3_11" - } - } - }, - "python_3_11_x86_64-pc-windows-msvc": { - "bzlFile": "@@rules_python~//python:repositories.bzl", - "ruleClassName": "python_repository", - "attributes": { - "sha256": "368474c69f476e7de4adaf50b61d9fcf6ec8b4db88cc43c5f71c860b3cd29c69", - "patches": [], - "platform": "x86_64-pc-windows-msvc", - "python_version": "3.11.9", - "release_filename": "20240415/cpython-3.11.9+20240415-x86_64-pc-windows-msvc-shared-install_only.tar.gz", - "urls": [ - "https://github.com/indygreg/python-build-standalone/releases/download/20240415/cpython-3.11.9+20240415-x86_64-pc-windows-msvc-shared-install_only.tar.gz" - ], - "distutils_content": "", - "strip_prefix": "python", - "coverage_tool": "", - "ignore_root_user_error": false - } - }, - "python_3_11_x86_64-unknown-linux-gnu": { - "bzlFile": "@@rules_python~//python:repositories.bzl", - "ruleClassName": "python_repository", - "attributes": { - "sha256": "78b1c16a9fd032997ba92a60f46a64f795cd18ff335659dfdf6096df277b24d5", - "patches": [], - "platform": "x86_64-unknown-linux-gnu", - "python_version": "3.11.9", - "release_filename": "20240415/cpython-3.11.9+20240415-x86_64-unknown-linux-gnu-install_only.tar.gz", - "urls": [ - "https://github.com/indygreg/python-build-standalone/releases/download/20240415/cpython-3.11.9+20240415-x86_64-unknown-linux-gnu-install_only.tar.gz" - ], - "distutils_content": "", - "strip_prefix": "python", - "coverage_tool": "", - "ignore_root_user_error": false - } - } - }, - "recordedRepoMappingEntries": [ - [ - "rules_python~", - "bazel_skylib", - "bazel_skylib~" - ], - [ - "rules_python~", - "bazel_tools", - "bazel_tools" - ] - ] - } - }, - "@@rules_python~//python/private/bzlmod:internal_deps.bzl%internal_deps": { - "general": { - "bzlTransitiveDigest": "4NafXqYhWbGZ7vn2yGFHwz5KSLTDx7SMuCBE0kxFwQA=", - "usagesDigest": "Kq7vfQRPNwgMCS7LHqfbd537Z6mL5YLiH/u3myb/5EY=", + "bzlTransitiveDigest": "jsbfONl9OksDWiAs7KDFK5chH/tYI3DngdM30NKdk5Y=", + "usagesDigest": "IDJOf8yjMDcQ7vE4CsKItkDBrOU4C+76gC1pczv03FQ=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, "generatedRepoSpecs": { - "pypi__wheel": { + "utf8_range": { "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", "ruleClassName": "http_archive", "attributes": { - "url": "https://files.pythonhosted.org/packages/b8/8b/31273bf66016be6ad22bb7345c37ff350276cfd46e389a0c2ac5da9d9073/wheel-0.41.2-py3-none-any.whl", - "sha256": "75909db2664838d015e3d9139004ee16711748a52c8f336b52882266540215d8", - "type": "zip", - "build_file_content": "package(default_visibility = [\"//visibility:public\"])\n\nload(\"@rules_python//python:defs.bzl\", \"py_library\")\n\npy_library(\n name = \"lib\",\n srcs = glob([\"**/*.py\"]),\n data = glob([\"**/*\"], exclude=[\n # These entries include those put into user-installed dependencies by\n # data_exclude in /python/pip_install/tools/bazel.py\n # to avoid non-determinism following pip install's behavior.\n \"**/*.py\",\n \"**/*.pyc\",\n \"**/*.pyc.*\", # During pyc creation, temp files named *.pyc.NNN are created\n \"**/* *\",\n \"**/*.dist-info/RECORD\",\n \"BUILD\",\n \"WORKSPACE\",\n ]),\n # This makes this directory a top-level in the python import\n # search path for anything that depends on this.\n imports = [\".\"],\n)\n" - } - }, - "pypi__click": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "url": "https://files.pythonhosted.org/packages/00/2e/d53fa4befbf2cfa713304affc7ca780ce4fc1fd8710527771b58311a3229/click-8.1.7-py3-none-any.whl", - "sha256": "ae74fb96c20a0277a1d615f1e4d73c8414f5a98db8b799a7931d1582f3390c28", - "type": "zip", - "build_file_content": "package(default_visibility = [\"//visibility:public\"])\n\nload(\"@rules_python//python:defs.bzl\", \"py_library\")\n\npy_library(\n name = \"lib\",\n srcs = glob([\"**/*.py\"]),\n data = glob([\"**/*\"], exclude=[\n # These entries include those put into user-installed dependencies by\n # data_exclude in /python/pip_install/tools/bazel.py\n # to avoid non-determinism following pip install's behavior.\n \"**/*.py\",\n \"**/*.pyc\",\n \"**/*.pyc.*\", # During pyc creation, temp files named *.pyc.NNN are created\n \"**/* *\",\n \"**/*.dist-info/RECORD\",\n \"BUILD\",\n \"WORKSPACE\",\n ]),\n # This makes this directory a top-level in the python import\n # search path for anything that depends on this.\n imports = [\".\"],\n)\n" - } - }, - "pypi__importlib_metadata": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "url": "https://files.pythonhosted.org/packages/cc/37/db7ba97e676af155f5fcb1a35466f446eadc9104e25b83366e8088c9c926/importlib_metadata-6.8.0-py3-none-any.whl", - "sha256": "3ebb78df84a805d7698245025b975d9d67053cd94c79245ba4b3eb694abe68bb", - "type": "zip", - "build_file_content": "package(default_visibility = [\"//visibility:public\"])\n\nload(\"@rules_python//python:defs.bzl\", \"py_library\")\n\npy_library(\n name = \"lib\",\n srcs = glob([\"**/*.py\"]),\n data = glob([\"**/*\"], exclude=[\n # These entries include those put into user-installed dependencies by\n # data_exclude in /python/pip_install/tools/bazel.py\n # to avoid non-determinism following pip install's behavior.\n \"**/*.py\",\n \"**/*.pyc\",\n \"**/*.pyc.*\", # During pyc creation, temp files named *.pyc.NNN are created\n \"**/* *\",\n \"**/*.dist-info/RECORD\",\n \"BUILD\",\n \"WORKSPACE\",\n ]),\n # This makes this directory a top-level in the python import\n # search path for anything that depends on this.\n imports = [\".\"],\n)\n" - } - }, - "pypi__pyproject_hooks": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "url": "https://files.pythonhosted.org/packages/d5/ea/9ae603de7fbb3df820b23a70f6aff92bf8c7770043254ad8d2dc9d6bcba4/pyproject_hooks-1.0.0-py3-none-any.whl", - "sha256": "283c11acd6b928d2f6a7c73fa0d01cb2bdc5f07c57a2eeb6e83d5e56b97976f8", - "type": "zip", - "build_file_content": "package(default_visibility = [\"//visibility:public\"])\n\nload(\"@rules_python//python:defs.bzl\", \"py_library\")\n\npy_library(\n name = \"lib\",\n srcs = glob([\"**/*.py\"]),\n data = glob([\"**/*\"], exclude=[\n # These entries include those put into user-installed dependencies by\n # data_exclude in /python/pip_install/tools/bazel.py\n # to avoid non-determinism following pip install's behavior.\n \"**/*.py\",\n \"**/*.pyc\",\n \"**/*.pyc.*\", # During pyc creation, temp files named *.pyc.NNN are created\n \"**/* *\",\n \"**/*.dist-info/RECORD\",\n \"BUILD\",\n \"WORKSPACE\",\n ]),\n # This makes this directory a top-level in the python import\n # search path for anything that depends on this.\n imports = [\".\"],\n)\n" - } - }, - "pypi__pep517": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "url": "https://files.pythonhosted.org/packages/ee/2f/ef63e64e9429111e73d3d6cbee80591672d16f2725e648ebc52096f3d323/pep517-0.13.0-py3-none-any.whl", - "sha256": "4ba4446d80aed5b5eac6509ade100bff3e7943a8489de249654a5ae9b33ee35b", - "type": "zip", - "build_file_content": "package(default_visibility = [\"//visibility:public\"])\n\nload(\"@rules_python//python:defs.bzl\", \"py_library\")\n\npy_library(\n name = \"lib\",\n srcs = glob([\"**/*.py\"]),\n data = glob([\"**/*\"], exclude=[\n # These entries include those put into user-installed dependencies by\n # data_exclude in /python/pip_install/tools/bazel.py\n # to avoid non-determinism following pip install's behavior.\n \"**/*.py\",\n \"**/*.pyc\",\n \"**/*.pyc.*\", # During pyc creation, temp files named *.pyc.NNN are created\n \"**/* *\",\n \"**/*.dist-info/RECORD\",\n \"BUILD\",\n \"WORKSPACE\",\n ]),\n # This makes this directory a top-level in the python import\n # search path for anything that depends on this.\n imports = [\".\"],\n)\n" - } - }, - "pypi__packaging": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "url": "https://files.pythonhosted.org/packages/ab/c3/57f0601a2d4fe15de7a553c00adbc901425661bf048f2a22dfc500caf121/packaging-23.1-py3-none-any.whl", - "sha256": "994793af429502c4ea2ebf6bf664629d07c1a9fe974af92966e4b8d2df7edc61", - "type": "zip", - "build_file_content": "package(default_visibility = [\"//visibility:public\"])\n\nload(\"@rules_python//python:defs.bzl\", \"py_library\")\n\npy_library(\n name = \"lib\",\n srcs = glob([\"**/*.py\"]),\n data = glob([\"**/*\"], exclude=[\n # These entries include those put into user-installed dependencies by\n # data_exclude in /python/pip_install/tools/bazel.py\n # to avoid non-determinism following pip install's behavior.\n \"**/*.py\",\n \"**/*.pyc\",\n \"**/*.pyc.*\", # During pyc creation, temp files named *.pyc.NNN are created\n \"**/* *\",\n \"**/*.dist-info/RECORD\",\n \"BUILD\",\n \"WORKSPACE\",\n ]),\n # This makes this directory a top-level in the python import\n # search path for anything that depends on this.\n imports = [\".\"],\n)\n" - } - }, - "pypi__pip_tools": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "url": "https://files.pythonhosted.org/packages/0d/dc/38f4ce065e92c66f058ea7a368a9c5de4e702272b479c0992059f7693941/pip_tools-7.4.1-py3-none-any.whl", - "sha256": "4c690e5fbae2f21e87843e89c26191f0d9454f362d8acdbd695716493ec8b3a9", - "type": "zip", - "build_file_content": "package(default_visibility = [\"//visibility:public\"])\n\nload(\"@rules_python//python:defs.bzl\", \"py_library\")\n\npy_library(\n name = \"lib\",\n srcs = glob([\"**/*.py\"]),\n data = glob([\"**/*\"], exclude=[\n # These entries include those put into user-installed dependencies by\n # data_exclude in /python/pip_install/tools/bazel.py\n # to avoid non-determinism following pip install's behavior.\n \"**/*.py\",\n \"**/*.pyc\",\n \"**/*.pyc.*\", # During pyc creation, temp files named *.pyc.NNN are created\n \"**/* *\",\n \"**/*.dist-info/RECORD\",\n \"BUILD\",\n \"WORKSPACE\",\n ]),\n # This makes this directory a top-level in the python import\n # search path for anything that depends on this.\n imports = [\".\"],\n)\n" - } - }, - "pypi__setuptools": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "url": "https://files.pythonhosted.org/packages/4f/ab/0bcfebdfc3bfa8554b2b2c97a555569c4c1ebc74ea288741ea8326c51906/setuptools-68.1.2-py3-none-any.whl", - "sha256": "3d8083eed2d13afc9426f227b24fd1659489ec107c0e86cec2ffdde5c92e790b", - "type": "zip", - "build_file_content": "package(default_visibility = [\"//visibility:public\"])\n\nload(\"@rules_python//python:defs.bzl\", \"py_library\")\n\npy_library(\n name = \"lib\",\n srcs = glob([\"**/*.py\"]),\n data = glob([\"**/*\"], exclude=[\n # These entries include those put into user-installed dependencies by\n # data_exclude in /python/pip_install/tools/bazel.py\n # to avoid non-determinism following pip install's behavior.\n \"**/*.py\",\n \"**/*.pyc\",\n \"**/*.pyc.*\", # During pyc creation, temp files named *.pyc.NNN are created\n \"**/* *\",\n \"**/*.dist-info/RECORD\",\n \"BUILD\",\n \"WORKSPACE\",\n ]),\n # This makes this directory a top-level in the python import\n # search path for anything that depends on this.\n imports = [\".\"],\n)\n" - } - }, - "pypi__zipp": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "url": "https://files.pythonhosted.org/packages/8c/08/d3006317aefe25ea79d3b76c9650afabaf6d63d1c8443b236e7405447503/zipp-3.16.2-py3-none-any.whl", - "sha256": "679e51dd4403591b2d6838a48de3d283f3d188412a9782faadf845f298736ba0", - "type": "zip", - "build_file_content": "package(default_visibility = [\"//visibility:public\"])\n\nload(\"@rules_python//python:defs.bzl\", \"py_library\")\n\npy_library(\n name = \"lib\",\n srcs = glob([\"**/*.py\"]),\n data = glob([\"**/*\"], exclude=[\n # These entries include those put into user-installed dependencies by\n # data_exclude in /python/pip_install/tools/bazel.py\n # to avoid non-determinism following pip install's behavior.\n \"**/*.py\",\n \"**/*.pyc\",\n \"**/*.pyc.*\", # During pyc creation, temp files named *.pyc.NNN are created\n \"**/* *\",\n \"**/*.dist-info/RECORD\",\n \"BUILD\",\n \"WORKSPACE\",\n ]),\n # This makes this directory a top-level in the python import\n # search path for anything that depends on this.\n imports = [\".\"],\n)\n" - } - }, - "pypi__colorama": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "url": "https://files.pythonhosted.org/packages/d1/d6/3965ed04c63042e047cb6a3e6ed1a63a35087b6a609aa3a15ed8ac56c221/colorama-0.4.6-py2.py3-none-any.whl", - "sha256": "4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6", - "type": "zip", - "build_file_content": "package(default_visibility = [\"//visibility:public\"])\n\nload(\"@rules_python//python:defs.bzl\", \"py_library\")\n\npy_library(\n name = \"lib\",\n srcs = glob([\"**/*.py\"]),\n data = glob([\"**/*\"], exclude=[\n # These entries include those put into user-installed dependencies by\n # data_exclude in /python/pip_install/tools/bazel.py\n # to avoid non-determinism following pip install's behavior.\n \"**/*.py\",\n \"**/*.pyc\",\n \"**/*.pyc.*\", # During pyc creation, temp files named *.pyc.NNN are created\n \"**/* *\",\n \"**/*.dist-info/RECORD\",\n \"BUILD\",\n \"WORKSPACE\",\n ]),\n # This makes this directory a top-level in the python import\n # search path for anything that depends on this.\n imports = [\".\"],\n)\n" - } - }, - "pypi__build": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "url": "https://files.pythonhosted.org/packages/e2/03/f3c8ba0a6b6e30d7d18c40faab90807c9bb5e9a1e3b2fe2008af624a9c97/build-1.2.1-py3-none-any.whl", - "sha256": "75e10f767a433d9a86e50d83f418e83efc18ede923ee5ff7df93b6cb0306c5d4", - "type": "zip", - "build_file_content": "package(default_visibility = [\"//visibility:public\"])\n\nload(\"@rules_python//python:defs.bzl\", \"py_library\")\n\npy_library(\n name = \"lib\",\n srcs = glob([\"**/*.py\"]),\n data = glob([\"**/*\"], exclude=[\n # These entries include those put into user-installed dependencies by\n # data_exclude in /python/pip_install/tools/bazel.py\n # to avoid non-determinism following pip install's behavior.\n \"**/*.py\",\n \"**/*.pyc\",\n \"**/*.pyc.*\", # During pyc creation, temp files named *.pyc.NNN are created\n \"**/* *\",\n \"**/*.dist-info/RECORD\",\n \"BUILD\",\n \"WORKSPACE\",\n ]),\n # This makes this directory a top-level in the python import\n # search path for anything that depends on this.\n imports = [\".\"],\n)\n" - } - }, - "rules_python_internal": { - "bzlFile": "@@rules_python~//python/private:internal_config_repo.bzl", - "ruleClassName": "internal_config_repo", - "attributes": {} - }, - "pypi__pip": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "url": "https://files.pythonhosted.org/packages/50/c2/e06851e8cc28dcad7c155f4753da8833ac06a5c704c109313b8d5a62968a/pip-23.2.1-py3-none-any.whl", - "sha256": "7ccf472345f20d35bdc9d1841ff5f313260c2c33fe417f48c30ac46cccabf5be", - "type": "zip", - "build_file_content": "package(default_visibility = [\"//visibility:public\"])\n\nload(\"@rules_python//python:defs.bzl\", \"py_library\")\n\npy_library(\n name = \"lib\",\n srcs = glob([\"**/*.py\"]),\n data = glob([\"**/*\"], exclude=[\n # These entries include those put into user-installed dependencies by\n # data_exclude in /python/pip_install/tools/bazel.py\n # to avoid non-determinism following pip install's behavior.\n \"**/*.py\",\n \"**/*.pyc\",\n \"**/*.pyc.*\", # During pyc creation, temp files named *.pyc.NNN are created\n \"**/* *\",\n \"**/*.dist-info/RECORD\",\n \"BUILD\",\n \"WORKSPACE\",\n ]),\n # This makes this directory a top-level in the python import\n # search path for anything that depends on this.\n imports = [\".\"],\n)\n" - } - }, - "pypi__installer": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "url": "https://files.pythonhosted.org/packages/e5/ca/1172b6638d52f2d6caa2dd262ec4c811ba59eee96d54a7701930726bce18/installer-0.7.0-py3-none-any.whl", - "sha256": "05d1933f0a5ba7d8d6296bb6d5018e7c94fa473ceb10cf198a92ccea19c27b53", - "type": "zip", - "build_file_content": "package(default_visibility = [\"//visibility:public\"])\n\nload(\"@rules_python//python:defs.bzl\", \"py_library\")\n\npy_library(\n name = \"lib\",\n srcs = glob([\"**/*.py\"]),\n data = glob([\"**/*\"], exclude=[\n # These entries include those put into user-installed dependencies by\n # data_exclude in /python/pip_install/tools/bazel.py\n # to avoid non-determinism following pip install's behavior.\n \"**/*.py\",\n \"**/*.pyc\",\n \"**/*.pyc.*\", # During pyc creation, temp files named *.pyc.NNN are created\n \"**/* *\",\n \"**/*.dist-info/RECORD\",\n \"BUILD\",\n \"WORKSPACE\",\n ]),\n # This makes this directory a top-level in the python import\n # search path for anything that depends on this.\n imports = [\".\"],\n)\n" - } - }, - "pypi__more_itertools": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "url": "https://files.pythonhosted.org/packages/5a/cb/6dce742ea14e47d6f565589e859ad225f2a5de576d7696e0623b784e226b/more_itertools-10.1.0-py3-none-any.whl", - "sha256": "64e0735fcfdc6f3464ea133afe8ea4483b1c5fe3a3d69852e6503b43a0b222e6", - "type": "zip", - "build_file_content": "package(default_visibility = [\"//visibility:public\"])\n\nload(\"@rules_python//python:defs.bzl\", \"py_library\")\n\npy_library(\n name = \"lib\",\n srcs = glob([\"**/*.py\"]),\n data = glob([\"**/*\"], exclude=[\n # These entries include those put into user-installed dependencies by\n # data_exclude in /python/pip_install/tools/bazel.py\n # to avoid non-determinism following pip install's behavior.\n \"**/*.py\",\n \"**/*.pyc\",\n \"**/*.pyc.*\", # During pyc creation, temp files named *.pyc.NNN are created\n \"**/* *\",\n \"**/*.dist-info/RECORD\",\n \"BUILD\",\n \"WORKSPACE\",\n ]),\n # This makes this directory a top-level in the python import\n # search path for anything that depends on this.\n imports = [\".\"],\n)\n" - } - }, - "pypi__tomli": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "url": "https://files.pythonhosted.org/packages/97/75/10a9ebee3fd790d20926a90a2547f0bf78f371b2f13aa822c759680ca7b9/tomli-2.0.1-py3-none-any.whl", - "sha256": "939de3e7a6161af0c887ef91b7d41a53e7c5a1ca976325f429cb46ea9bc30ecc", - "type": "zip", - "build_file_content": "package(default_visibility = [\"//visibility:public\"])\n\nload(\"@rules_python//python:defs.bzl\", \"py_library\")\n\npy_library(\n name = \"lib\",\n srcs = glob([\"**/*.py\"]),\n data = glob([\"**/*\"], exclude=[\n # These entries include those put into user-installed dependencies by\n # data_exclude in /python/pip_install/tools/bazel.py\n # to avoid non-determinism following pip install's behavior.\n \"**/*.py\",\n \"**/*.pyc\",\n \"**/*.pyc.*\", # During pyc creation, temp files named *.pyc.NNN are created\n \"**/* *\",\n \"**/*.dist-info/RECORD\",\n \"BUILD\",\n \"WORKSPACE\",\n ]),\n # This makes this directory a top-level in the python import\n # search path for anything that depends on this.\n imports = [\".\"],\n)\n" + "urls": [ + "https://github.com/protocolbuffers/utf8_range/archive/de0b4a8ff9b5d4c98108bdfe723291a33c52c54f.zip" + ], + "strip_prefix": "utf8_range-de0b4a8ff9b5d4c98108bdfe723291a33c52c54f", + "sha256": "5da960e5e5d92394c809629a03af3c7709d2d3d0ca731dacb3a9fb4bf28f7702" } } }, "recordedRepoMappingEntries": [ [ - "rules_python~", + "upb~", "bazel_tools", "bazel_tools" ] diff --git a/WORKSPACE.bzlmod b/WORKSPACE.bzlmod index 7461c0d0f..5bf5f4fd9 100644 --- a/WORKSPACE.bzlmod +++ b/WORKSPACE.bzlmod @@ -165,6 +165,7 @@ zig_toolchains() nixpkgs_cc_configure( name = "nixpkgs_cc_toolchain", + cc_std = "c++14", # TODO(malt3): Use clang once cc-wrapper path reset bug is fixed upstream. # attribute_path = "clang_11", repository = "@nixpkgs", @@ -172,6 +173,7 @@ nixpkgs_cc_configure( nixpkgs_cc_configure( name = "nixpkgs_cc_aarch64_darwin_x86_64_linux", + cc_std = "c++14", cross_cpu = "k8", exec_constraints = [ "@platforms//os:osx", diff --git a/bootstrapper/initproto/init.pb.go b/bootstrapper/initproto/init.pb.go index 328b6eeb1..2919d6a6e 100644 --- a/bootstrapper/initproto/init.pb.go +++ b/bootstrapper/initproto/init.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.34.2 -// protoc v3.21.7 +// protoc v4.24.4 // source: bootstrapper/initproto/init.proto package initproto diff --git a/debugd/service/debugd.pb.go b/debugd/service/debugd.pb.go index c60ce592f..daaa5b765 100644 --- a/debugd/service/debugd.pb.go +++ b/debugd/service/debugd.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.34.2 -// protoc v3.21.7 +// protoc v4.24.4 // source: debugd/service/debugd.proto package service diff --git a/disk-mapper/recoverproto/recover.pb.go b/disk-mapper/recoverproto/recover.pb.go index 3810a2a5b..f8d6b4fc5 100644 --- a/disk-mapper/recoverproto/recover.pb.go +++ b/disk-mapper/recoverproto/recover.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.34.2 -// protoc v3.21.7 +// protoc v4.24.4 // source: disk-mapper/recoverproto/recover.proto package recoverproto diff --git a/internal/versions/components/components.pb.go b/internal/versions/components/components.pb.go index 2147ab236..318364ffc 100644 --- a/internal/versions/components/components.pb.go +++ b/internal/versions/components/components.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.34.2 -// protoc v3.21.7 +// protoc v4.24.4 // source: internal/versions/components/components.proto package components diff --git a/joinservice/joinproto/join.pb.go b/joinservice/joinproto/join.pb.go index 00c5972cd..dbd10c5c9 100644 --- a/joinservice/joinproto/join.pb.go +++ b/joinservice/joinproto/join.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.34.2 -// protoc v3.21.7 +// protoc v4.24.4 // source: joinservice/joinproto/join.proto package joinproto diff --git a/keyservice/keyserviceproto/keyservice.pb.go b/keyservice/keyserviceproto/keyservice.pb.go index 90c2996d0..c770110f7 100644 --- a/keyservice/keyserviceproto/keyservice.pb.go +++ b/keyservice/keyserviceproto/keyservice.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.34.2 -// protoc v3.21.7 +// protoc v4.24.4 // source: keyservice/keyserviceproto/keyservice.proto package keyserviceproto diff --git a/upgrade-agent/upgradeproto/upgrade.pb.go b/upgrade-agent/upgradeproto/upgrade.pb.go index 2ea7d45c4..98a8f64f6 100644 --- a/upgrade-agent/upgradeproto/upgrade.pb.go +++ b/upgrade-agent/upgradeproto/upgrade.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.34.2 -// protoc v3.21.7 +// protoc v4.24.4 // source: upgrade-agent/upgradeproto/upgrade.proto package upgradeproto diff --git a/verify/verifyproto/verify.pb.go b/verify/verifyproto/verify.pb.go index 819fb0438..38475ac09 100644 --- a/verify/verifyproto/verify.pb.go +++ b/verify/verifyproto/verify.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.34.2 -// protoc v3.21.7 +// protoc v4.24.4 // source: verify/verifyproto/verify.proto package verifyproto From 85d4208f26a231e17978d74af622c58cc675d985 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Mon, 12 Aug 2024 09:37:35 +0200 Subject: [PATCH 212/380] image: update locked rpms (#3309) Co-authored-by: edgelessci --- image/mirror/SHA256SUMS | 79 +++++++++++++++++++++-------------------- 1 file changed, 40 insertions(+), 39 deletions(-) diff --git a/image/mirror/SHA256SUMS b/image/mirror/SHA256SUMS index eacb65b56..3484626ec 100644 --- a/image/mirror/SHA256SUMS +++ b/image/mirror/SHA256SUMS @@ -1,5 +1,5 @@ 37abef83e8927b4b48f69fcbdcc249d349c6029cc669401676d01f0ea326999e WALinuxAgent-udev-2.10.0.8-2.fc40.noarch.rpm -447b89ea37df3781701202f5d57072254a2775e93e897336e3c2bf15dedd5426 aardvark-dns-1.11.0-3.fc40.x86_64.rpm +aa20a35c98c094c3d384c311c33ff393ca75e5be81b7eaf2b223a1dc6bd8217b aardvark-dns-1.12.1-1.fc40.x86_64.rpm ac860c52abbc65af5835d1bd97400c531a5635d39bc1d68e36a1fe54863385ea alternatives-1.27-1.fc40.x86_64.rpm a8aac6e068011d76e89536ffcb29e516c3ccd0095ef8ada0a37a9fd21a2b39b0 audit-libs-4.0.1-1.fc40.i686.rpm 5b6386ac345c3fd388c509df4ad31ffe04f1a1ed6eb4f10d2b5f56c2a5b300dc audit-libs-4.0.1-1.fc40.x86_64.rpm @@ -30,9 +30,9 @@ e4407cbfeb01494457e941a56971ec3aefbd35206792918d60fc9417acacd1a8 criu-3.19-4.fc 4e913c3232f3d304820e6e1746911d5d4c981407673edbd3426118a2fd2dd977 crun-1.15-1.fc40.x86_64.rpm 2469a287d9fe6ea5f4aa0686fa5f223c14505218743230afbd322fdd90b1d396 crypto-policies-20240725-1.git28d3e2d.fc40.noarch.rpm 8271834b39fd9a7efef95f9bf40337cc636d55a9c4b56ee2500811b318794ae3 crypto-policies-scripts-20240725-1.git28d3e2d.fc40.noarch.rpm -694606bd827a928ef8c50f90d90de30491cdd56248a02ca539dc11968b831eca cryptsetup-2.7.3-1.fc40.x86_64.rpm -5e42ee5d5ec44b645e1a506e8b4fa9eab27eb491913e4591b26b464941283333 cryptsetup-libs-2.7.3-1.fc40.i686.rpm -bc2e1fe5df71d47b8b7d28d641c2ce988c9dbce90ae36409f18748ef0d6012bb cryptsetup-libs-2.7.3-1.fc40.x86_64.rpm +f7af23a6e1efe4e5fdb0ba0cda9e4a1b6767c7d8ccbcf17ed0fb6ad973339b8c cryptsetup-2.7.4-1.fc40.x86_64.rpm +a719620c685806aa0cbe58d5ce5f761f52325cce25d7720fd32c92afdd14537f cryptsetup-libs-2.7.4-1.fc40.i686.rpm +17598a1d8dfcd8f1a8f09d044096cd2e488c79fec1047f17c4ba50b1fc520f9f cryptsetup-libs-2.7.4-1.fc40.x86_64.rpm 20b0f2923feae4c2f1d339e959d3f03d81f8ca985faa05872377b827d6f30467 curl-8.6.0-10.fc40.x86_64.rpm 0dff67dfeca59cb68cadafe8d9909b88dfaa2fc0a9a4426352f66a5fe351fbe3 cyrus-sasl-lib-2.1.28-19.fc40.x86_64.rpm 19197df26f76af5e78bd1e3ad2f777bea071eef6dfec1219f6b8ee3c80e10193 dbus-1.14.10-3.fc40.x86_64.rpm @@ -73,16 +73,16 @@ f94315e447afb7442033b7b82e43a4ed62754f603afda53930280300855e46c7 fuse-libs-2.9. c4cc69bf3a2655b9ee9ac23492d377bac57811c5b4f81fbf43537520ee33c7af gawk-all-langpacks-5.3.0-3.fc40.x86_64.rpm 21470eb4ec55006c9efeee84c97772462008fceda1ab332e58d2caddfdaa0d1e gdbm-1.23-6.fc40.x86_64.rpm 93450209842a296ea4b295f6d86b69aa52dd8ec45b121ede0d5125aa49bad509 gdbm-libs-1.23-6.fc40.x86_64.rpm -1af2b6d450ecc168e5604654dc83433bf0658bba5cacd55377400d7db7db650b gettext-envsubst-0.22.5-2.fc40.x86_64.rpm -834c3441835069b61208792b9b9ae1ebfadadb9d2d211357d7f42838932b59a7 gettext-libs-0.22.5-2.fc40.x86_64.rpm -1126bf8d28dff9f165865d83c239e6a2d3988fc935957b9b869d8ed7989a2ae9 gettext-runtime-0.22.5-2.fc40.x86_64.rpm +40337d9167737abe23af9c6b586b883f33cc82028d69b29c1d68b524201d9248 gettext-envsubst-0.22.5-4.fc40.x86_64.rpm +554a68e692ccdd0cf71ea67a4c550bac910685465f17eee503732d48ccda9c90 gettext-libs-0.22.5-4.fc40.x86_64.rpm +046971e9f5f0c88737854e1c9e02cce8f5854633575984b235cf3f8b11ec7b91 gettext-runtime-0.22.5-4.fc40.x86_64.rpm 0a32c6874ce180375c2c0b1e2f0c8fed38131a598e5c4ba3866cf3aee1f3f5fc glib2-2.80.3-1.fc40.x86_64.rpm -af50e83e6423550c1cbb0ac2443bf1df31ff6c6081d821cff18221c378ed79ca glibc-2.39-17.fc40.i686.rpm -1919afbf6730a2eb356f846ed157b3b89d52eeed0a8ab84f61ff068601f03408 glibc-2.39-17.fc40.x86_64.rpm -a50ab41586b2ecd74f666c84947de5b9152ca6504d6f00f20ef15cace7e0f4be glibc-common-2.39-17.fc40.x86_64.rpm -8040e9e3b6799bfca69b3129bfd19a04e183c9e6b09e4976df0070e8dce2e36c glibc-gconv-extra-2.39-17.fc40.i686.rpm -2beee10de06dde0142442ebe8ecbcfaadd6329a2bd892986515cea4ab9ebb57e glibc-gconv-extra-2.39-17.fc40.x86_64.rpm -b140d705003260cc46ee9e74508b1efaca4f3d0e05eba68a3d6d90cd8fa742cf glibc-minimal-langpack-2.39-17.fc40.x86_64.rpm +a2d94eb4028fad9789f0d5561b4c4a7a03020013af2a79be7aea3fb0390b8caf glibc-2.39-22.fc40.i686.rpm +726a1d707dfcf20d1f4c94f76bdba38d166eb574ecc2d83ec438bdc161f3ec27 glibc-2.39-22.fc40.x86_64.rpm +0b502c1140a1f6461dbd63d3daefedded6c705769476cec5e69466aab7693ea6 glibc-common-2.39-22.fc40.x86_64.rpm +c09983bc2c7fbc23e7e622739532b554357103d99161d458c4f0c5eabce5d8c5 glibc-gconv-extra-2.39-22.fc40.i686.rpm +c185634bd4f161c35292daa028823a607c78f1e71727b6c506d640771ddd88aa glibc-gconv-extra-2.39-22.fc40.x86_64.rpm +e99290c1fa76536f0bb0024dbe14527a6d5efcf00436493f705a75c6f76d3df3 glibc-minimal-langpack-2.39-22.fc40.x86_64.rpm b054d6a9ee3477e935686b327aa47379bd1909eac4ce06c4c45dff1a201ecb49 gmp-6.2.1-8.fc40.x86_64.rpm 0a8b1b3fb625e4d1864ad6726f583e2db5db7f10d9f3564b5916ca7fed1b71cb gnupg2-2.4.4-1.fc40.x86_64.rpm 4425dbd35ab65f25b092d12ac56c4b565371a1c52ac882c8896dbeae7d52bbb1 gnupg2-smime-2.4.4-1.fc40.x86_64.rpm @@ -96,8 +96,8 @@ cfdba55bf65221d4cb6574e18586340f813ee948fb90f94088ab730a8cbd4400 grub2-common-2 a265c8c4acac4c2a3c5f63f98df89e689b87f6f6bcceac1c83882d9cdab90eab grub2-tools-2.06-123.fc40.x86_64.rpm 3ff26313487d9656195f2e121eb57ea6411deab71b0ec3ae57f11785ba86f330 grub2-tools-minimal-2.06-123.fc40.x86_64.rpm 6a146fa9b154e67eb67eeb258df37814a863997c87171fdc2bd771e5a46b1cc4 grubby-8.40-75.fc40.x86_64.rpm -6a502364cc7cfa1ec1918dbff2d678b4392c9f0279b66302bc8c039c36d7bde6 gvisor-tap-vsock-0.7.3-2.fc40.x86_64.rpm -7976f6318044e7adbf543edb4d3da4fbc43ef628e433a0c55b4652dc1c15a735 gvisor-tap-vsock-gvforwarder-0.7.3-2.fc40.x86_64.rpm +f37f97c430327c60dbedf7a7c40e49a84d3a0dd794be5a39a6a0e10ea73da4f4 gvisor-tap-vsock-0.7.4-1.fc40.x86_64.rpm +439cf54eeba5962afb3d6f3e59adcafbacd5e9d746abfd7633f77e0c4452c8b3 gvisor-tap-vsock-gvforwarder-0.7.4-1.fc40.x86_64.rpm 6dcc2f8885135fc873c8ab94a6c7df05883060c5b25287956bebb3aa15a84e71 gzip-1.13-1.fc40.x86_64.rpm 7ea61bdaada7c1ab5b8567e054a73e2cb3ca6019e3db887049998fed7eea8514 iproute-6.7.0-2.fc40.x86_64.rpm 21d9bc4c677edd86b2e88ebe4c20b097412c2fa3ef4a91d7de0f9b03e1306f5d iproute-tc-6.7.0-2.fc40.x86_64.rpm @@ -153,10 +153,10 @@ c8b9967345ed0393c17101b970bb86258380494d99edf07787bc32ee4de96a7b libfdisk-2.40. 2481691bd2ee6aab48b1a0306357337007b2b0af082e4fdef47dcc5a8a8357be libfdisk-2.40.1-1.fc40.x86_64.rpm 25caa7ee56f6013369c2fac26afd3035a7d580af0b919621ba8d495d13a5af86 libffi-3.4.4-7.fc40.x86_64.rpm f9c5369b6d168a2b8e46159bc41ef0755ee1a8d12f4c6766fdfe23e827cf5cdf libfido2-1.14.0-4.fc40.x86_64.rpm -1b6607413e7b4b32eeb468e69a1a5aea303ba5b47243ba1cf01799f70eb16d86 libgcc-14.1.1-7.fc40.i686.rpm -e48a0734c34e389575aa386c9f0a115116291fff877a351afc8be851e00a6a62 libgcc-14.1.1-7.fc40.x86_64.rpm +d83c434aeec6b5e80adbbaac5f1983b1f739a8fc1660652565da26714125d09c libgcc-14.2.1-1.fc40.i686.rpm +ee6aa81323dedfdda0f6f845ea0ee8e03cf67569fb1c71335e7ded797efc97db libgcc-14.2.1-1.fc40.x86_64.rpm 10c4c12c6539ffea68974cd9b57013d471ac35fe3bef4833c0a22f6b29fbf489 libgcrypt-1.10.3-3.fc40.x86_64.rpm -48c2bdea59f102f794f221aa255b1765b3361d068af7db58175ca9bbec48df12 libgomp-14.1.1-7.fc40.x86_64.rpm +057bcff33669ee015aebee05ee7c67ac47a15d89e5d83e77c730f96f259083f6 libgomp-14.2.1-1.fc40.x86_64.rpm 8d0a9840e06e72ccf756fa5a79c49f572dc827b0c75ea5a1f923235150d27ae2 libgpg-error-1.49-1.fc40.x86_64.rpm 677a67726c759c94faa94475185e46d028f171c9215390ac601ccd914188afb2 libidn2-2.3.7-1.fc40.i686.rpm 2fd2038b4a94eeede34e46ed0e035e619f77d0e412c70cf4e9bb836957e8f31b libidn2-2.3.7-1.fc40.x86_64.rpm @@ -198,8 +198,9 @@ d5e6fc8b4595cccae415bc18b971ea4a4ed64c816e45de5d3f588b78ecf12708 libsepol-3.6-3 302124d98a491472ec0982b89afbf576922d6921a89dda479d354e6582566f0e libsmartcols-2.40.1-1.fc40.x86_64.rpm 45d032fb4d59ee0f6a921dd1f0addfcdd38fc46917243fdd6248194ffddb9067 libsodium-1.0.20-1.fc40.x86_64.rpm c8bbfa2762cc601f8a97d8d5a39a658f0e91ba477ebebd798b30f7fc8ffdd457 libss-1.47.0-5.fc40.x86_64.rpm -977d8b01c7c74afc3cc251e25c73ed070535576cb841bbfccf0c846d97fc5607 libstdc++-14.1.1-7.fc40.x86_64.rpm +fbbfce1657c5d09246c315afa59ab5b834796e30fc776eca4ede4263ea6df9dc libstdc++-14.2.1-1.fc40.x86_64.rpm d92173d6fbfb7e2af3b35a8554229e247666e15dc5b36cba43b7bbfc4144b781 libtasn1-4.19.0-6.fc40.x86_64.rpm +9ca680998686ee852fa8e1667cd6e7c436bfd5fe7da898bd314d808303d447f8 libtextstyle-0.22.5-4.fc40.x86_64.rpm c52aa65956ce5076c7036d486ec29d06832461450c77838c7b9e360c701b6ad2 libtirpc-1.3.5-0.fc40.x86_64.rpm e5d150d23f95e4a23288b84145af442607a88bf457c0e04b325b1d1e8e708c2b libtool-ltdl-2.4.7-10.fc40.x86_64.rpm e541a1c8397dccf159b3602eb6bbb381ba21c544db337a3b3bfc49ccc2ef5c21 libunistring-1.1-7.fc40.i686.rpm @@ -235,7 +236,7 @@ b404c27af03bb1e43fb0dc472d5a1fa152e0563fa2e4eefa29199c47578a829b nano-default-e 8a93376ce7423bd1a649a13f4b5105f270b4603f5cf3b3e230bdbda7f25dd788 ncurses-base-6.4-12.20240127.fc40.noarch.rpm 39bba59320e6276a3b7b07bc94d319511bdd7d32ba098fd49723f4d542794d41 ncurses-libs-6.4-12.20240127.fc40.i686.rpm a18edf32e89aefd453998d5d0ec3aa1ea193dac43f80b99db195abd7e8cf1a04 ncurses-libs-6.4-12.20240127.fc40.x86_64.rpm -2bd5e58775af7085d2656db931b8b9f5aea752cd42c98c95b3944a03a728c890 netavark-1.11.0-3.fc40.x86_64.rpm +5dc7d6c8b55514beabfcd1cb23a682ed7f4ec413c48b2093918fca569c694ccc netavark-1.12.1-1.fc40.x86_64.rpm 16172412cfd45453292e18f84fc57e42a3ce92aca72b47ef7e15b44554049cfe nettle-3.9.1-6.fc40.x86_64.rpm 188ce5004e6ed764b4a619b64a4a0f36f1cc4fa919fe0a300599ff1171844144 nftables-1.0.9-3.fc40.x86_64.rpm 784e0fbc9ccb7087c10f4c41edbed13904f94244ff658f308614abe48cdf0d42 npth-1.7-1.fc40.x86_64.rpm @@ -250,8 +251,8 @@ c728dbd90872b7597a8ace70a70555bff576231bb6dbde14b75626d601706af8 p11-kit-trust- 5981cdaf35f2ea96236eaccf1ce476379e51e5883ce57343a7727626e9fd9da3 pam-libs-1.6.1-3.fc40.i686.rpm fb85b93438336461a0b2b878158e552d30b6fb663404475eb0a050b35fd5d35f pam-libs-1.6.1-3.fc40.x86_64.rpm 9bbce784622e02af0371ced8e9a7d26adba7eabd66ecfcb8bbe2d24cf616e3c1 parted-3.6-4.fc40.x86_64.rpm -1ea1726576a274d8b6774e3d0aae25b0ce798ea87506414ad8b8c969de418642 passt-0^20240624.g1ee2eca-1.fc40.x86_64.rpm -9043472a87ec3461040e91268f95fd4570c373b3f49c5595f581014f791ad450 passt-selinux-0^20240624.g1ee2eca-1.fc40.noarch.rpm +6033fca551a60e4c56424958dad43173793e7f1a46c3ce3d78e2d9e8d451d6f0 passt-0^20240726.g57a21d2-1.fc40.x86_64.rpm +6ab2f001b3b7187146a827ba84c88300ce10896c59176223e04b03b90dae4a7b passt-selinux-0^20240726.g57a21d2-1.fc40.noarch.rpm a0fb808d6b7ff8cd9cfdc1a60f213851cecdcace334d6e5aa1e0e54b81d79a25 pcre2-10.44-1.fc40.i686.rpm 73e50df09266fcffda9c24a3738f579dd365c2c187c294da054ef9915edc3851 pcre2-10.44-1.fc40.x86_64.rpm dbec699e88d42fc6fb1df0a8c0b9023941ed1b1b7625694253a612eaf9f2691d pcre2-syntax-10.44-1.fc40.noarch.rpm @@ -307,23 +308,23 @@ d400a4e4440bea56566fb1e9582d86d1ac2e07745d37fa6e71f43a8fea05217c rpm-plugin-sel 63af9d11e956f54577a54460afda4377d78fdb9e265b1eae3f0f7a6f94f70146 runc-1.1.12-3.fc40.x86_64.rpm 3b940ff1f16fdb3ddcc19d7d76241c9b81d81099ff5147c4c9967d2c4ca6fb5b sbsigntools-0.9.5-3.fc40.x86_64.rpm 6a21b2c132a54fd6d9acb846d0a96289ab739b745cdc4c2b31bdbf6b2434a1a7 sed-4.9-1.fc40.x86_64.rpm -553b360f74e225e07f6f6d7a0977e12fdc9decbc70f2d3ca317cc4e98b1481ee selinux-policy-40.26-1.fc40.noarch.rpm -f8c85ce96424f49b800d5ad909ad825321d64c7650408690d6b2fc0a87955274 selinux-policy-targeted-40.26-1.fc40.noarch.rpm +f2edc048484f98d9c52136539ff4720e124ded9619a54e97740bf69491bfc05c selinux-policy-40.27-1.fc40.noarch.rpm +65f63b667d43d687921b77b77833500ee6a7bf9c9bf6358ba6e73b4091b80c9d selinux-policy-targeted-40.27-1.fc40.noarch.rpm 89862f646cd64e81497f01a8b69ab30ac8968c47afef92a2c333608fdb90ccc1 setup-2.14.5-2.fc40.noarch.rpm 95a0cce33e56359aa09507abfed062fb47a554307b0a029e6d2f076b813ae8d2 shadow-utils-4.15.1-3.fc40.x86_64.rpm 0c1072b40e5fe451e7d2bc1a7530e743303591c3d26bce0ac2e09ff05b50ae26 shadow-utils-subid-4.15.1-3.fc40.x86_64.rpm 67eede27af5b4773eb2f7ac794df694be030310d40bce462864c05b8f65c87c3 socat-1.8.0.0-2.fc40.x86_64.rpm a1e23ae521e93ab19d3df77889a6a418c3432025e4880cfd893e40f7165876a7 sqlite-libs-3.45.1-2.fc40.x86_64.rpm -d55b9e8a99eb2d7128c59ad7f62d45007516be97cda9c79fa0c725d34d5da51f systemd-255.10-1.fc40.i686.rpm -37e05e9899b60553ec281887c4707a9000820c48860fe14ad7bdb3051c8a3b25 systemd-255.10-1.fc40.x86_64.rpm -dd46220094beb50b710e862f63fac2b51647fb523de4fb376f8265a10e664d9b systemd-boot-unsigned-255.10-1.fc40.x86_64.rpm -e9a90d6abf803726d3a6deda7a1df69213e179f0f92f66855398dc82f322074b systemd-libs-255.10-1.fc40.i686.rpm -a3be6d4d55d392a758fecf2abae850448491a8195259b66fb9753511f0e89d27 systemd-libs-255.10-1.fc40.x86_64.rpm -f85947f1ceac21bb13518017eb4230e5f714d8a575b1dcc5fcbd13d79666f75e systemd-networkd-255.10-1.fc40.x86_64.rpm -06dd0f4717ab0b45fbb230a67ea7693f8d7ea7a288f5d2ae41204a12e39d7232 systemd-pam-255.10-1.fc40.i686.rpm -fa58c54bd2939922e9ca8d1355b24fa17e43b540d851169d49659db8f311e1f4 systemd-pam-255.10-1.fc40.x86_64.rpm -ee1e2c7fb798aa9750e7aeccd3bfcc84f475c01360d74f3c374c97a75838cc0c systemd-resolved-255.10-1.fc40.x86_64.rpm -cb065e5a3ffbc6f3eca8d18b73d7e2c759089fa003efa79bd44f86127f246fb7 systemd-udev-255.10-1.fc40.x86_64.rpm +5c758f079525854951b2947468cf105cb93a9c5a52891eb75ee1fdb2b535def3 systemd-255.10-3.fc40.i686.rpm +de919f2e59e47536d8995bed16d01fce3f92fb2fb0f45a0c4812b1c848196b28 systemd-255.10-3.fc40.x86_64.rpm +2f661f5157dcbe1a8b7eb9b3add2967d2ce543f918e772dae812256a9bae0804 systemd-boot-unsigned-255.10-3.fc40.x86_64.rpm +f8514df5d5336e286b2852e099b26ce437cb3a70b25957c85efe51080138da37 systemd-libs-255.10-3.fc40.i686.rpm +c7b2a785ff09cd6bda9502476efd38da0ac6c6923fb22da28a0f9584af7556cf systemd-libs-255.10-3.fc40.x86_64.rpm +1d419b02c9c698ea61cf72202f815696ea7af948fc7eb7f75fc9873c5a87982f systemd-networkd-255.10-3.fc40.x86_64.rpm +5ad233464879b520ebf8b8a4b0efa04ed042fc5fcf520332893cd3eb2825d984 systemd-pam-255.10-3.fc40.i686.rpm +80899b235d777172b958e82065c21c070205eb45faa4e8222d2ad105734fcfa9 systemd-pam-255.10-3.fc40.x86_64.rpm +001feabc2da654b194feb61b301dc1a475f418ccddd7429b33914497581abdab systemd-resolved-255.10-3.fc40.x86_64.rpm +f08877a091d75a07b2855507565625ecca17e5efb6a709aad29d9abd654c9260 systemd-udev-255.10-3.fc40.x86_64.rpm 65819c502727dc293a71a74b9a5f6b0ba781f12a99c5d5535085f168e5eac56e tar-1.35-3.fc40.x86_64.rpm 0478e12152cc3432a31dfca5ddbc80966800af437c6d7c0b26be307d5e1272e7 tpm2-tools-5.7-1.fc40.x86_64.rpm c3be8a6d0ea23b1d0bf466b19857b97f7ffde811ad7adec0599161059d84cc74 tpm2-tss-4.1.3-1.fc40.x86_64.rpm @@ -335,17 +336,17 @@ c3be8a6d0ea23b1d0bf466b19857b97f7ffde811ad7adec0599161059d84cc74 tpm2-tss-4.1.3 41b777c50f1ec74795551c7d930a3d6eceab278ff03608893a5dbd49f2de5363 util-linux-2.40.1-1.fc40.x86_64.rpm 7ec1b5df780c5a30f8e901179480125a6ea87f1f7bad3b69da7f4b351b88c3dd util-linux-core-2.40-0.9.rc1.fc40.x86_64.rpm a00108f45cd60afffb9c1b5db8bef9c6fd5b3c233a546dde787efa5b4485e5b6 util-linux-core-2.40.1-1.fc40.x86_64.rpm -f1c755cd402a75a222101a07d662c2287f843d6d0a9a34ddd2380412b8eadf7e vim-common-9.1.571-1.fc40.x86_64.rpm -571fe8478a3334ae87e8f2aa97c0bf09030533b63b863c016ba9991703c6f768 vim-data-9.1.571-1.fc40.noarch.rpm -6cf927fe7300b43dffcb8c90c08f1bd1fc0fd0e033d2a3015aad4c9d45037ad0 vim-enhanced-9.1.571-1.fc40.x86_64.rpm -40c62de57feafa4d766c6c5da756ee1caafaf42b8e55dacc7cf67805ea8ff41f vim-filesystem-9.1.571-1.fc40.noarch.rpm +294f50c8809eb96e6cb27dc45658b8ebaeb578686a9af71ac1fa2012c5760d18 vim-common-9.1.660-1.fc40.x86_64.rpm +5baee8d68feab4c84bbf6a24eff4f6d9c13f936e5954d77e63efb855ead76179 vim-data-9.1.660-1.fc40.noarch.rpm +ae554ce439a2a30671400e69021f716318c5868e5afeecd615bc12b899efc4a2 vim-enhanced-9.1.660-1.fc40.x86_64.rpm +a58f45ba20164a016396233611971f971ed7c8e8b9607753c00c5533e29b296b vim-filesystem-9.1.660-1.fc40.noarch.rpm c5682a1b02bb02578e9997ae221a7f6c6db711084129824e207fe1febdc55b9d wget2-2.1.0-11.fc40.x86_64.rpm 38aaee4829df7e1a4719991c4fc6d65a1265b6a556b182ecac3145c287c320f4 wget2-libs-2.1.0-11.fc40.x86_64.rpm a12b44ee7cc5a0e916bcf72e80c4d618abb7406254578e947f3ba9dd0d445d25 wget2-wget-2.1.0-11.fc40.x86_64.rpm cf0306ceed1c6b3be39060d85f16b1953b464d3a625488b170d3b7aadf600645 which-2.21-41.fc40.x86_64.rpm 4ede95a2fa3bc0ae617c8bf3a375b800163d58733b4829b15d9f038505d79fee whois-nls-5.5.20-3.fc40.noarch.rpm e2195010e857f56b19246f8b821f9391922880b7691b3728a413f540edc890a6 xkeyboard-config-2.41-1.fc40.noarch.rpm -f37d3ea7da571662ad698f027f208b4f597d98d4a379ec47b3fb07b51d5585f7 xxd-9.1.571-1.fc40.x86_64.rpm +be8f910530a68332435ffcec345a299f4e136c07587b41bf36f9cc0369a4f7c6 xxd-9.1.660-1.fc40.x86_64.rpm ee599a1c4d7ee635e54ec137af4dded83f433b9c8a5976f75ecdcd000b5246e3 xz-5.4.6-3.fc40.x86_64.rpm b92ef78d8ab424c22130e457d0ef691d8197bff61c3b8852205d1b02baba3819 xz-libs-5.4.6-3.fc40.i686.rpm b6ee44b3d7e494b0364f26b7d0b169a8092180af787423cd5e8a47dc0f738a66 xz-libs-5.4.6-3.fc40.x86_64.rpm From 0f57261c676f62c2e1c2edda6cebf8c054b5382f Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Mon, 12 Aug 2024 13:34:03 +0200 Subject: [PATCH 213/380] image: document uidmap dependency (#3310) --- image/README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/image/README.md b/image/README.md index 24666a5c6..4316f6cfc 100644 --- a/image/README.md +++ b/image/README.md @@ -4,6 +4,9 @@ Ensure you have Nix installed. This is a requirement for the following steps. Consult the [developer docs](/dev-docs/workflows/build-develop-deploy.md) for more info. At the very least, `nix` should be in your PATH. +Building the image also requires `newuidmap` and `newgidmap` to be present in the PATH. On Debian and Ubuntu, these can be sourced through +the `uidmap` package. + ## Build You can build any image using Bazel. From 0551a862b3061ca13dbf637e2add9cfd17c969a7 Mon Sep 17 00:00:00 2001 From: Thomas Tendyck Date: Tue, 13 Aug 2024 18:04:29 +0200 Subject: [PATCH 214/380] docs: remove date from "feature status of clouds" page --- docs/docs/overview/clouds.md | 2 +- docs/versioned_docs/version-2.17/overview/clouds.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/docs/overview/clouds.md b/docs/docs/overview/clouds.md index 752a87da7..1440b5430 100644 --- a/docs/docs/overview/clouds.md +++ b/docs/docs/overview/clouds.md @@ -12,7 +12,7 @@ For Constellation, the ideal environment provides the following: (1) is a functional must-have. (2)--(5) are required for remote attestation that fully keeps the infrastructure/cloud out. Constellation can work without them or with approximations, but won't protect against certain privileged attackers anymore. -The following table summarizes the state of features for different infrastructures as of June 2023. +The following table summarizes the state of features for different infrastructures. | **Feature** | **Azure** | **GCP** | **AWS** | **STACKIT** | **OpenStack (Yoga)** | |-----------------------------------|-----------|---------|---------|--------------|----------------------| diff --git a/docs/versioned_docs/version-2.17/overview/clouds.md b/docs/versioned_docs/version-2.17/overview/clouds.md index 752a87da7..1440b5430 100644 --- a/docs/versioned_docs/version-2.17/overview/clouds.md +++ b/docs/versioned_docs/version-2.17/overview/clouds.md @@ -12,7 +12,7 @@ For Constellation, the ideal environment provides the following: (1) is a functional must-have. (2)--(5) are required for remote attestation that fully keeps the infrastructure/cloud out. Constellation can work without them or with approximations, but won't protect against certain privileged attackers anymore. -The following table summarizes the state of features for different infrastructures as of June 2023. +The following table summarizes the state of features for different infrastructures. | **Feature** | **Azure** | **GCP** | **AWS** | **STACKIT** | **OpenStack (Yoga)** | |-----------------------------------|-----------|---------|---------|--------------|----------------------| From f41b7fa9d74c8153fd1efd426dce00ee94656137 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Wed, 14 Aug 2024 08:12:10 +0200 Subject: [PATCH 215/380] image: update measurements and image version (#3312) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index c8eb07211..d930ea0cc 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x63, 0x19, 0x85, 0x8d, 0x03, 0x0c, 0xcc, 0x24, 0x2d, 0xc9, 0xce, 0xa9, 0xa2, 0x9e, 0x8c, 0x16, 0x07, 0x8f, 0x9b, 0x93, 0x25, 0x72, 0xa0, 0x8a, 0x46, 0x30, 0xb4, 0x3d, 0xcc, 0x31, 0xe7, 0x97}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x0b, 0x7c, 0x0e, 0x02, 0x1b, 0xd8, 0x90, 0x7b, 0x79, 0xca, 0x4f, 0x41, 0xe0, 0xe1, 0x7f, 0x53, 0x00, 0xc5, 0x49, 0x47, 0x53, 0x54, 0x6a, 0xa3, 0xe2, 0x89, 0x61, 0x2c, 0xa8, 0x3c, 0x14, 0x26}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xdf, 0x29, 0xfc, 0x81, 0xc9, 0x5d, 0x29, 0xfa, 0x3e, 0x78, 0x6d, 0x00, 0xb8, 0x87, 0x6b, 0x20, 0xbc, 0xad, 0x3d, 0x5e, 0xec, 0xed, 0x8d, 0x6c, 0xf0, 0xfc, 0x84, 0x1a, 0x59, 0xd5, 0xfd, 0x82}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xd9, 0x8d, 0x3c, 0x16, 0xc9, 0x42, 0x41, 0x40, 0x18, 0x32, 0x28, 0x0c, 0x3f, 0xc3, 0x1b, 0xe1, 0x0f, 0x01, 0xcb, 0xe0, 0xd3, 0x26, 0x6c, 0xd4, 0xa3, 0xb5, 0xbb, 0xaa, 0x29, 0xed, 0xe3, 0x81}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x2f, 0xfa, 0xe9, 0x5e, 0x5f, 0xb9, 0x10, 0xe2, 0x28, 0x3f, 0x83, 0xf1, 0x4b, 0x14, 0xd9, 0x0a, 0x0c, 0x61, 0xfe, 0xac, 0x86, 0x3e, 0xba, 0x81, 0xa2, 0x83, 0xea, 0xc1, 0xe0, 0x0a, 0xf9, 0x23}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xc5, 0xb4, 0x77, 0x54, 0xb0, 0x09, 0x00, 0x5d, 0xab, 0xdd, 0xd3, 0xe9, 0x6d, 0x0f, 0xcb, 0x7a, 0x17, 0x14, 0x59, 0x19, 0x43, 0xd5, 0x96, 0xcb, 0x49, 0xf7, 0xd8, 0x93, 0x14, 0x5a, 0xa6, 0xd2}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xde, 0xec, 0xd9, 0x63, 0x75, 0xe0, 0x42, 0x6b, 0x46, 0x26, 0xad, 0xc7, 0x25, 0x19, 0x6d, 0x7f, 0x30, 0x72, 0xf8, 0xa3, 0x08, 0xac, 0xcb, 0xce, 0x5f, 0xd1, 0x8a, 0x4e, 0x97, 0x8a, 0xe6, 0x3d}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x64, 0xc2, 0x4f, 0xea, 0x89, 0x1a, 0x12, 0x9b, 0xa0, 0xfc, 0x43, 0xf6, 0x6b, 0x5d, 0xd1, 0x4d, 0x1e, 0x9d, 0x9d, 0xec, 0xe6, 0x7a, 0xee, 0x3c, 0x0e, 0xca, 0x11, 0xf5, 0xc9, 0x9b, 0x6b, 0xec}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x1c, 0x43, 0x00, 0x8e, 0x66, 0x16, 0xc3, 0x0c, 0xf5, 0x2b, 0xdc, 0x63, 0x0e, 0x27, 0x3b, 0xac, 0x1d, 0xf6, 0x7d, 0x14, 0xd6, 0x42, 0x0f, 0xf7, 0x55, 0xac, 0x68, 0x4e, 0x82, 0x76, 0x62, 0x38}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xad, 0x2d, 0x68, 0xc7, 0x30, 0x1a, 0xcf, 0xd2, 0x64, 0x1e, 0x3b, 0x99, 0x6e, 0x83, 0x9b, 0xd8, 0xc0, 0x61, 0xda, 0xb5, 0xba, 0x06, 0x8d, 0xca, 0xa4, 0xa3, 0x25, 0x66, 0x6b, 0x4f, 0x56, 0x23}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xff, 0x9c, 0xa4, 0x2d, 0x70, 0x99, 0x5b, 0x7f, 0x19, 0xc0, 0xa5, 0x31, 0x66, 0x69, 0xfe, 0xd8, 0x4c, 0xbe, 0x92, 0x1c, 0x31, 0x9e, 0xcf, 0x29, 0x75, 0x67, 0xda, 0x23, 0xa5, 0x19, 0x62, 0x85}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x0c, 0x20, 0x29, 0xc1, 0xe3, 0x22, 0x02, 0x84, 0x11, 0x2e, 0x39, 0xef, 0x19, 0x85, 0x23, 0xe8, 0x57, 0xfd, 0x3a, 0xec, 0x50, 0x97, 0x0b, 0x9d, 0xfb, 0x4a, 0xc2, 0x18, 0x89, 0x8e, 0xe7, 0x44}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xa9, 0x2e, 0x7a, 0xd7, 0xc0, 0x06, 0x06, 0xc7, 0x06, 0x3e, 0xa4, 0x4f, 0x2e, 0x1c, 0xd5, 0x60, 0x4c, 0xaa, 0xae, 0x45, 0xfb, 0x12, 0x81, 0x00, 0x1d, 0x4d, 0x1d, 0x74, 0x81, 0xc2, 0x21, 0x43}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb2, 0xe8, 0xd4, 0xbb, 0xd9, 0x9a, 0x0b, 0xc2, 0x95, 0xf6, 0x0f, 0xa4, 0x86, 0xef, 0x97, 0x8c, 0x1e, 0x59, 0xb5, 0xcd, 0xb6, 0x1f, 0x76, 0xdc, 0xe6, 0x3b, 0x70, 0x8f, 0x4a, 0xb8, 0xcc, 0x48}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x9f, 0x4a, 0x51, 0x53, 0x57, 0xf2, 0xb6, 0x07, 0x94, 0xe6, 0x8b, 0x57, 0x8e, 0xe4, 0xff, 0x7d, 0x1a, 0xa4, 0xb8, 0x70, 0xf8, 0xfd, 0x8a, 0xa5, 0x47, 0x16, 0x82, 0x6d, 0x39, 0x11, 0x30, 0xca}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xbd, 0xbe, 0x0a, 0x43, 0xc4, 0xc8, 0x84, 0x6f, 0xa1, 0xae, 0x18, 0xb0, 0x76, 0x68, 0x09, 0xe6, 0x59, 0x30, 0x5b, 0xa6, 0x45, 0xad, 0x61, 0xde, 0xe2, 0x55, 0x96, 0x60, 0xab, 0x88, 0x74, 0xbf}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd6, 0x22, 0x0c, 0x61, 0x02, 0xe6, 0x00, 0xa5, 0x3b, 0xb7, 0xbc, 0x91, 0xcc, 0xb9, 0xba, 0x52, 0x6b, 0xe0, 0x21, 0x66, 0x77, 0x02, 0xb5, 0x1a, 0xad, 0xec, 0x06, 0x8c, 0x43, 0xdd, 0x3e, 0xe1}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe5, 0x1d, 0xff, 0x7b, 0x8f, 0x46, 0xaa, 0x6d, 0xd8, 0xf6, 0x8e, 0xfc, 0xfe, 0x1c, 0xb1, 0xa1, 0x4c, 0x16, 0xf3, 0xf8, 0xd3, 0x64, 0x5a, 0x0f, 0xfb, 0x6b, 0x96, 0x32, 0x3a, 0x3c, 0x3b, 0x84}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x25, 0xdd, 0xe5, 0x04, 0xbf, 0xee, 0x32, 0xb0, 0x2c, 0xaa, 0x75, 0xee, 0x98, 0x41, 0x41, 0xbb, 0x4f, 0xa2, 0x5e, 0x27, 0x84, 0xc8, 0xaf, 0xc4, 0x96, 0x03, 0x60, 0xbf, 0x9d, 0xbd, 0xfd, 0xd3}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xc6, 0x73, 0xf8, 0xde, 0xea, 0xa3, 0x03, 0x6b, 0xec, 0x0f, 0x7a, 0xc9, 0xb5, 0xd6, 0x43, 0x8c, 0x81, 0x0e, 0x76, 0xc2, 0x07, 0x2c, 0x29, 0xb8, 0xd8, 0x76, 0xcb, 0x48, 0x70, 0x44, 0xb0, 0xe6}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf0, 0xca, 0xaa, 0x41, 0x40, 0xf6, 0x79, 0x31, 0x46, 0x24, 0x92, 0xd2, 0x82, 0x8e, 0x4b, 0xd8, 0xcb, 0xd0, 0xcb, 0x0f, 0xef, 0x1a, 0xcc, 0x65, 0x5c, 0x12, 0xdb, 0x75, 0x02, 0x6f, 0xd9, 0x64}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xc8, 0x83, 0x15, 0x0c, 0x4c, 0x9e, 0xce, 0x2d, 0x67, 0x40, 0xea, 0x45, 0xc6, 0x72, 0xf0, 0x55, 0x03, 0x81, 0xdf, 0x66, 0xc9, 0xce, 0x3a, 0xfd, 0x05, 0x93, 0x00, 0x33, 0xa9, 0x1d, 0x68, 0x5a}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x7c, 0x64, 0x31, 0xf0, 0xe3, 0xda, 0x2f, 0x51, 0x97, 0x07, 0xfd, 0x40, 0x5b, 0x11, 0x9d, 0xe3, 0x51, 0x11, 0xed, 0x5f, 0x81, 0x4d, 0x99, 0xd3, 0x3a, 0x5a, 0x55, 0x60, 0x98, 0x98, 0xe3, 0x89}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xc8, 0x8d, 0x29, 0x8f, 0xa2, 0x57, 0x73, 0x45, 0xaa, 0x1d, 0x21, 0xd6, 0xaa, 0x6c, 0xf2, 0xbc, 0xd0, 0xed, 0xc7, 0xa6, 0x89, 0xd6, 0x70, 0x92, 0x37, 0x1b, 0x71, 0xd6, 0x66, 0xd2, 0xd2, 0xa2}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x09, 0xec, 0x2d, 0xb2, 0x6c, 0x39, 0x48, 0xdd, 0x4c, 0xc5, 0xbb, 0x72, 0x57, 0x83, 0x1a, 0x57, 0x78, 0x9a, 0x42, 0xa6, 0x4d, 0x71, 0xe1, 0xa6, 0x31, 0x6e, 0xc8, 0xe1, 0xc4, 0x68, 0xbe, 0x53}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x5b, 0x6a, 0xed, 0x68, 0xe8, 0x20, 0x44, 0xfc, 0xcd, 0x75, 0xf7, 0x59, 0x53, 0x56, 0x9f, 0x17, 0xdc, 0x45, 0x02, 0x5a, 0xba, 0xc5, 0x77, 0xcf, 0x1c, 0xfe, 0x1c, 0xe1, 0x3d, 0x39, 0xbe, 0xd7}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xcb, 0x80, 0x51, 0x03, 0x79, 0x15, 0x44, 0x2b, 0x4b, 0x58, 0xcc, 0xcd, 0xb9, 0x97, 0x30, 0xf1, 0x2a, 0xf2, 0xbe, 0xed, 0x7d, 0xef, 0xde, 0x8c, 0x4c, 0x64, 0x0a, 0x92, 0x94, 0x0d, 0x53, 0x2f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xb3, 0xfe, 0x21, 0x38, 0xf4, 0xf0, 0x1b, 0x05, 0x84, 0x20, 0x7a, 0x7e, 0x27, 0x9d, 0x8e, 0x75, 0x26, 0x38, 0xd3, 0x35, 0xe6, 0xbe, 0xdf, 0xae, 0x84, 0xe6, 0x7b, 0x25, 0x41, 0x50, 0x73, 0x48}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x16, 0xdb, 0xc8, 0x3b, 0xc5, 0x1c, 0x0e, 0x17, 0x12, 0x1d, 0x1a, 0x9c, 0xb4, 0x9e, 0x8e, 0xe8, 0xba, 0x12, 0x0c, 0xaa, 0x07, 0x53, 0x17, 0x80, 0xbe, 0x0f, 0x7d, 0x1d, 0x90, 0x34, 0xcc, 0x44}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x44, 0x4f, 0xc5, 0xe4, 0x2e, 0x06, 0x29, 0x1b, 0x0e, 0xea, 0x14, 0x89, 0x00, 0x04, 0x2d, 0x8c, 0x38, 0xa8, 0x53, 0xb7, 0xd0, 0xa4, 0x8e, 0x6c, 0xd6, 0xd5, 0x87, 0xde, 0xd4, 0xa9, 0x1a, 0x13}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0x28, 0xe5, 0x5e, 0xb6, 0x21, 0x7d, 0xed, 0xc6, 0x5e, 0xf0, 0x81, 0x0b, 0x19, 0x3e, 0xe7, 0x65, 0x9c, 0xa9, 0x98, 0x47, 0x50, 0xfd, 0x9f, 0x9d, 0xfc, 0xb6, 0xae, 0x3d, 0x09, 0x52, 0x6e, 0x80}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xad, 0x9f, 0xc5, 0xe2, 0x06, 0x9d, 0x86, 0x28, 0xcd, 0x3e, 0x7c, 0xf3, 0xf8, 0x06, 0xab, 0x0d, 0x93, 0x82, 0xa7, 0x6f, 0x27, 0x23, 0x1e, 0x44, 0x89, 0x0e, 0x7b, 0xd3, 0x5a, 0xd8, 0x62, 0xb2}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x79, 0x7e, 0xd8, 0x23, 0x1b, 0x39, 0x49, 0x5e, 0x89, 0x15, 0x56, 0x5f, 0xa9, 0x6b, 0x72, 0xd5, 0xd7, 0x47, 0x94, 0xa7, 0xe4, 0xb4, 0xfb, 0x11, 0x55, 0x6e, 0xdc, 0x2e, 0xd9, 0x83, 0x4d, 0xe0}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x0c, 0x37, 0x39, 0x6e, 0x2a, 0x78, 0xe4, 0x71, 0xc3, 0xec, 0x41, 0x81, 0xdd, 0x5c, 0xa0, 0x3f, 0x84, 0x08, 0xd7, 0xee, 0xbc, 0x47, 0x51, 0x30, 0xb7, 0x40, 0xbb, 0x6c, 0xab, 0xdc, 0x1a, 0x01}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd5, 0x93, 0x79, 0x8f, 0xac, 0xff, 0x19, 0x41, 0x3e, 0xc0, 0x21, 0xd6, 0x33, 0xde, 0x83, 0xf5, 0x3d, 0x69, 0xa1, 0x39, 0x7d, 0x53, 0xb4, 0xeb, 0xe6, 0xfc, 0xa1, 0x09, 0xfa, 0xd3, 0xfa, 0x3e}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x24, 0xca, 0x28, 0x96, 0xed, 0xa5, 0x1e, 0x23, 0x61, 0xad, 0x3c, 0x84, 0xfa, 0x65, 0x70, 0xf9, 0xd3, 0x66, 0xb6, 0x6e, 0x60, 0x3a, 0xa1, 0xfe, 0x8e, 0x4f, 0x3c, 0x43, 0xb2, 0xf4, 0xbd, 0x2f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x01, 0x4e, 0x86, 0x89, 0xf2, 0xa1, 0xd2, 0x81, 0x7c, 0x92, 0xd5, 0xc3, 0xcb, 0xf6, 0x59, 0x13, 0x38, 0x88, 0xc4, 0x2c, 0x7c, 0x90, 0x07, 0x43, 0xf4, 0xfb, 0x75, 0x3f, 0xca, 0x0f, 0xa7, 0xa7}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x10, 0x9e, 0x2e, 0x03, 0x98, 0x67, 0x36, 0xae, 0x95, 0xef, 0xad, 0x77, 0xb9, 0x5f, 0x95, 0x58, 0x40, 0x3e, 0x9d, 0xfb, 0xf0, 0x5f, 0x83, 0xe5, 0x96, 0x2e, 0xfa, 0x96, 0xdd, 0x11, 0xd9, 0x9e}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x27, 0x66, 0xfb, 0x3d, 0x0c, 0x6d, 0xd8, 0x54, 0x99, 0xcf, 0xf9, 0xf6, 0xc6, 0x7e, 0xdd, 0x34, 0x17, 0xe1, 0x6b, 0x0b, 0xd4, 0x4a, 0x0d, 0x49, 0x8e, 0xd7, 0x96, 0xc1, 0x3f, 0xc6, 0xf8, 0x93}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0x28, 0x9e, 0x7b, 0xc7, 0x0e, 0x4a, 0x02, 0x4e, 0xb9, 0x37, 0x99, 0x24, 0xf9, 0x2c, 0xc6, 0x08, 0xc8, 0x33, 0x62, 0x90, 0xb9, 0xf4, 0xb9, 0x39, 0x40, 0xbc, 0x5c, 0xf4, 0x57, 0xe3, 0x76, 0x32}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x1d, 0x98, 0xb5, 0xbc, 0x79, 0x0e, 0x7c, 0x8e, 0x15, 0x76, 0x80, 0xd7, 0x2d, 0xbc, 0x36, 0xcf, 0xb8, 0xab, 0xbe, 0x2d, 0x73, 0xbe, 0x87, 0xe4, 0x5f, 0xf3, 0xc1, 0xe1, 0xea, 0xd3, 0xd3, 0xaf}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xfe, 0xc9, 0x8f, 0x09, 0x9c, 0xcc, 0x2e, 0xc1, 0xf7, 0x02, 0x68, 0x22, 0x20, 0x44, 0x68, 0x8f, 0xb5, 0x42, 0xb9, 0x8b, 0x94, 0xf5, 0x1c, 0xc6, 0xe0, 0x9a, 0x0f, 0x95, 0x1a, 0x11, 0x89, 0xfc}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0xbb, 0x0d, 0x91, 0x26, 0xb7, 0x81, 0xa3, 0xa0, 0x3f, 0xc2, 0xd0, 0xdb, 0xb7, 0x9a, 0x5b, 0xa3, 0x87, 0x91, 0x44, 0xb0, 0x55, 0x46, 0xb3, 0x1b, 0xbf, 0x4f, 0xbf, 0x5f, 0x63, 0x22, 0x5d, 0xd0}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x69, 0x25, 0x1a, 0xd0, 0xb0, 0xaf, 0xaf, 0x89, 0x18, 0xa6, 0x43, 0xfc, 0x4b, 0x4a, 0xa8, 0x6e, 0x96, 0x5e, 0x83, 0x8d, 0x13, 0x75, 0xd3, 0x2c, 0xfd, 0xec, 0x75, 0x08, 0x9e, 0x4d, 0xcd, 0x1c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xda, 0xd8, 0xf9, 0xb0, 0x56, 0x3e, 0x27, 0x60, 0x48, 0xfd, 0xec, 0xff, 0xa3, 0xb5, 0x05, 0x6c, 0x67, 0x00, 0xb2, 0x6a, 0x6d, 0xde, 0xc7, 0xb0, 0x01, 0xcd, 0xc6, 0x6b, 0xbf, 0x1b, 0xd0, 0x3f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0xdd, 0x9f, 0xcb, 0xc7, 0x66, 0xc9, 0xb2, 0xd5, 0xa3, 0x26, 0x5f, 0x5b, 0xdf, 0xfe, 0x6c, 0x4c, 0x17, 0xdd, 0x5f, 0x7d, 0x77, 0x93, 0x1a, 0xcf, 0x1b, 0xaf, 0x6d, 0x24, 0xe9, 0xa4, 0x80, 0x34}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x41, 0xf4, 0xef, 0xe3, 0x0b, 0x23, 0x54, 0x35, 0x40, 0xd0, 0x3b, 0x5f, 0x62, 0x69, 0x1d, 0x8b, 0xd1, 0xcf, 0xc1, 0x1c, 0xc2, 0x60, 0x0c, 0x63, 0x0b, 0x75, 0xd4, 0x1c, 0xd8, 0xa1, 0x3d, 0x5f}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x2b, 0x98, 0x95, 0x99, 0x65, 0xe9, 0x6b, 0x54, 0xe2, 0xfe, 0xda, 0xb1, 0xfb, 0xf2, 0x56, 0x00, 0xd7, 0xd5, 0x88, 0x74, 0x92, 0xea, 0x1a, 0x1c, 0x95, 0xd3, 0x0c, 0x8d, 0x14, 0x22, 0x17, 0xcb}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index fc7e27d49..8db621928 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240808163404-e881705f73e5" + defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240813222857-0551a862b306" ) From f92d9db78acd26d41a71e73aad3042bbcc703857 Mon Sep 17 00:00:00 2001 From: edgelessci Date: Sun, 18 Aug 2024 08:07:56 +0000 Subject: [PATCH 216/380] image: update locked rpms --- image/mirror/SHA256SUMS | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/image/mirror/SHA256SUMS b/image/mirror/SHA256SUMS index 3484626ec..b10931bc4 100644 --- a/image/mirror/SHA256SUMS +++ b/image/mirror/SHA256SUMS @@ -1,8 +1,8 @@ 37abef83e8927b4b48f69fcbdcc249d349c6029cc669401676d01f0ea326999e WALinuxAgent-udev-2.10.0.8-2.fc40.noarch.rpm aa20a35c98c094c3d384c311c33ff393ca75e5be81b7eaf2b223a1dc6bd8217b aardvark-dns-1.12.1-1.fc40.x86_64.rpm ac860c52abbc65af5835d1bd97400c531a5635d39bc1d68e36a1fe54863385ea alternatives-1.27-1.fc40.x86_64.rpm -a8aac6e068011d76e89536ffcb29e516c3ccd0095ef8ada0a37a9fd21a2b39b0 audit-libs-4.0.1-1.fc40.i686.rpm -5b6386ac345c3fd388c509df4ad31ffe04f1a1ed6eb4f10d2b5f56c2a5b300dc audit-libs-4.0.1-1.fc40.x86_64.rpm +6d0cfcd0e97421b42af58a824c7e99a6cbcdd0e81980b4ea9e0d4051ef723db3 audit-libs-4.0.2-1.fc40.i686.rpm +f4ed40457780c13bebf84c1cf8981550da7e0e728e80250aed179eda8915bc7f audit-libs-4.0.2-1.fc40.x86_64.rpm 0fe4ed8770711ede2fcec43c4545b62461a24f03b3aa836d0e7071f4436e26f1 authselect-1.5.0-5.fc40.x86_64.rpm db7d946583f2a91a3301d964a5adc7afb1620e0f72c9a9033ae3a4cfc2f332ad authselect-libs-1.5.0-5.fc40.x86_64.rpm 6404b1028262aeaf3e083f08959969abea1301f7f5e8610492cf900b3d13d5db basesystem-11-20.fc40.noarch.rpm @@ -57,7 +57,7 @@ de10b1728571d2976e2f0f4cc5067d4575a5e97ec3914c57af537846ccaec753 elfutils-debug c1eca14924981b987f9b17c01a97511d641f49ac6b2b0f2d8e83563343932302 elfutils-libelf-0.191-4.fc40.x86_64.rpm 393c5920c3b69834e5a75b05f48f04e696f509cb52c8055e686e63e677342547 elfutils-libs-0.191-4.fc40.i686.rpm d7d1ed3fca0696b8c38effe21bc70c84a94cb66c0b59bb1980c0f455d23b7fec elfutils-libs-0.191-4.fc40.x86_64.rpm -3f28119308f5297577da9013e36585f5bd86953e61f5a10f8543b4c5f35e84fd ethtool-6.9-1.fc40.x86_64.rpm +46faf7414373116864994d8e6877e00a799226e60bb685e073b398074ec7dc49 ethtool-6.10-1.fc40.x86_64.rpm 19d6e2f987c80d97b82c3d837d584eca60621b6d8cbd6797ba01a01ed8848799 expat-2.6.2-1.fc40.x86_64.rpm 849feb04544096f9bbe16bc78c2198708fe658bdafa08575c911e538a7d31c18 fedora-gpg-keys-40-2.noarch.rpm bd62f80ae7dc50c20b0633d86f1c4a9f205f7df13c8ee1a5d5f624872c29271e fedora-release-40-39.noarch.rpm @@ -96,8 +96,6 @@ cfdba55bf65221d4cb6574e18586340f813ee948fb90f94088ab730a8cbd4400 grub2-common-2 a265c8c4acac4c2a3c5f63f98df89e689b87f6f6bcceac1c83882d9cdab90eab grub2-tools-2.06-123.fc40.x86_64.rpm 3ff26313487d9656195f2e121eb57ea6411deab71b0ec3ae57f11785ba86f330 grub2-tools-minimal-2.06-123.fc40.x86_64.rpm 6a146fa9b154e67eb67eeb258df37814a863997c87171fdc2bd771e5a46b1cc4 grubby-8.40-75.fc40.x86_64.rpm -f37f97c430327c60dbedf7a7c40e49a84d3a0dd794be5a39a6a0e10ea73da4f4 gvisor-tap-vsock-0.7.4-1.fc40.x86_64.rpm -439cf54eeba5962afb3d6f3e59adcafbacd5e9d746abfd7633f77e0c4452c8b3 gvisor-tap-vsock-gvforwarder-0.7.4-1.fc40.x86_64.rpm 6dcc2f8885135fc873c8ab94a6c7df05883060c5b25287956bebb3aa15a84e71 gzip-1.13-1.fc40.x86_64.rpm 7ea61bdaada7c1ab5b8567e054a73e2cb3ca6019e3db887049998fed7eea8514 iproute-6.7.0-2.fc40.x86_64.rpm 21d9bc4c677edd86b2e88ebe4c20b097412c2fa3ef4a91d7de0f9b03e1306f5d iproute-tc-6.7.0-2.fc40.x86_64.rpm @@ -145,7 +143,7 @@ c890a19d2c4a3da836bae1db40b778fe0339cd0d26bddfbe584aaccb1a0f1485 libcom_err-1.4 e3dc770fc4c48bec2da9ac948bcd43e053608d0397ad0a57056409a7d427289d libcurl-minimal-8.6.0-10.fc40.x86_64.rpm 700d56839e1bc16c08f71c505a7e62f655e4c18f4bf71bf2f36f3854f829e6f5 libeconf-0.6.2-2.fc40.i686.rpm 2ef764049e121ee2a9fa5d0296e6e2dd0abc7541040b8e49d67960bd9bde74e4 libeconf-0.6.2-2.fc40.x86_64.rpm -9e6e3e3ae465342b139c97b782e55701d20c72e7330545d5c66f901ede7228db libedit-3.1-51.20240517cvs.fc40.x86_64.rpm +b003de79beac86385d212fce137417439e8ec7cb863115d560e02834c84efd1e libedit-3.1-53.20240808cvs.fc40.x86_64.rpm c4adcee5dd9e22ea50d6c318ac4936a8df708121741958ce5aa8f038c46c61a9 libevent-2.1.12-12.fc40.x86_64.rpm a1ba3045c99ef1b266383f0801731a68f9e0cb069a6c808267ad33b759381907 libfdisk-2.40-0.9.rc1.fc40.i686.rpm 17f02ca51b90580887d739f52b995034e0929fc6bcd92be308554a2f5337bbe4 libfdisk-2.40-0.9.rc1.fc40.x86_64.rpm @@ -242,8 +240,8 @@ a18edf32e89aefd453998d5d0ec3aa1ea193dac43f80b99db195abd7e8cf1a04 ncurses-libs-6 784e0fbc9ccb7087c10f4c41edbed13904f94244ff658f308614abe48cdf0d42 npth-1.7-1.fc40.x86_64.rpm f814bc09b50daaab468715088ec056373dbc209a5075306e4ce76f5c55eb2b42 nvme-cli-2.8-1.fc40.x86_64.rpm b09089231ec94ee1b2dc26e34d8d7f19586d411bc40df7d0e495e559ac2d871a openldap-2.6.7-1.fc40.x86_64.rpm -2fa5030d1c80979dd5fd0c304e4151282e0eb2749186926c4d8283c4ca14340f openssl-libs-3.2.1-2.fc40.i686.rpm -eba1bd09317cc1f1f80e722e9a545dd404e1fad444045438f254e99cab4f1ed6 openssl-libs-3.2.1-2.fc40.x86_64.rpm +5df04d37e492e5f107cc21e547240f9f98b0b7613320467bc0b08f6aa1b0fb88 openssl-libs-3.2.2-3.fc40.i686.rpm +e9fca52d76eb6277b9fec3238226faafc0938806318fad1143a527fdd28a16cf openssl-libs-3.2.2-3.fc40.x86_64.rpm 9f0336deb6f1b1524ec48d837622e7e2291995369b0356d7ad1e1d427f3b659a os-prober-1.81-6.fc40.x86_64.rpm 70fba929aab38a9d69a457cef1b01962161a1df2b78dc5a4e86ff4b994b51079 p11-kit-0.25.5-1.fc40.x86_64.rpm c728dbd90872b7597a8ace70a70555bff576231bb6dbde14b75626d601706af8 p11-kit-trust-0.25.5-1.fc40.x86_64.rpm @@ -251,8 +249,8 @@ c728dbd90872b7597a8ace70a70555bff576231bb6dbde14b75626d601706af8 p11-kit-trust- 5981cdaf35f2ea96236eaccf1ce476379e51e5883ce57343a7727626e9fd9da3 pam-libs-1.6.1-3.fc40.i686.rpm fb85b93438336461a0b2b878158e552d30b6fb663404475eb0a050b35fd5d35f pam-libs-1.6.1-3.fc40.x86_64.rpm 9bbce784622e02af0371ced8e9a7d26adba7eabd66ecfcb8bbe2d24cf616e3c1 parted-3.6-4.fc40.x86_64.rpm -6033fca551a60e4c56424958dad43173793e7f1a46c3ce3d78e2d9e8d451d6f0 passt-0^20240726.g57a21d2-1.fc40.x86_64.rpm -6ab2f001b3b7187146a827ba84c88300ce10896c59176223e04b03b90dae4a7b passt-selinux-0^20240726.g57a21d2-1.fc40.noarch.rpm +e2aa0ef50a4b321131b8d9c73e5fdf9b77929158fa0642490f0963a39fca8a0e passt-0^20240814.g61c0b0d-1.fc40.x86_64.rpm +49cce314c70cbfbacd72c3c6a55b379afa7ea11ad76e0696dad706509c1343f9 passt-selinux-0^20240814.g61c0b0d-1.fc40.noarch.rpm a0fb808d6b7ff8cd9cfdc1a60f213851cecdcace334d6e5aa1e0e54b81d79a25 pcre2-10.44-1.fc40.i686.rpm 73e50df09266fcffda9c24a3738f579dd365c2c187c294da054ef9915edc3851 pcre2-10.44-1.fc40.x86_64.rpm dbec699e88d42fc6fb1df0a8c0b9023941ed1b1b7625694253a612eaf9f2691d pcre2-syntax-10.44-1.fc40.noarch.rpm @@ -262,7 +260,7 @@ f796a31cad58f4ebea8787020868581d9a721297ee0ef6a7c63a7f8444f60c17 pcsc-lite-libs 5443db8875acc0c1c436dbe1ed62b776543e049b8d9c7e33198379d367814093 pigz-2.8-4.fc40.x86_64.rpm cb7c5036f1d25c696de23a6670cb64caec9945116fb0c9a93555414746ecf253 pinentry-1.3.0-2.fc40.x86_64.rpm bbb4abafa9f7664e21350b56d49af2c928288e6d4dd68c304c4ab5d45b2c8ad7 pkcs11-provider-0.3-2.fc40.x86_64.rpm -d011839058e0ab6e132b6ae01015f9a66490e4be94ed2e9dde1fa0d6c4b7e83c podman-5.1.2-1.fc40.x86_64.rpm +bddbd4b95e7aad221499e512bf2f1e2484339d3f1aac2b3c7575f0c4547f5753 podman-5.2.0-1.fc40.x86_64.rpm fc0270713aefd482937adc4d6905f806760ea54c70379cb675be521251e5a177 policycoreutils-3.6-3.fc40.x86_64.rpm 30a4f9d3631aaa1280c93ce4305847a9773973aa312e1802d1cd676cb2421689 polkit-124-2.fc40.x86_64.rpm f47bc65177a8b160916c00df9c84442afa1dd353880b3c0503d5a0b052d4956c polkit-libs-124-2.fc40.x86_64.rpm @@ -336,17 +334,17 @@ c3be8a6d0ea23b1d0bf466b19857b97f7ffde811ad7adec0599161059d84cc74 tpm2-tss-4.1.3 41b777c50f1ec74795551c7d930a3d6eceab278ff03608893a5dbd49f2de5363 util-linux-2.40.1-1.fc40.x86_64.rpm 7ec1b5df780c5a30f8e901179480125a6ea87f1f7bad3b69da7f4b351b88c3dd util-linux-core-2.40-0.9.rc1.fc40.x86_64.rpm a00108f45cd60afffb9c1b5db8bef9c6fd5b3c233a546dde787efa5b4485e5b6 util-linux-core-2.40.1-1.fc40.x86_64.rpm -294f50c8809eb96e6cb27dc45658b8ebaeb578686a9af71ac1fa2012c5760d18 vim-common-9.1.660-1.fc40.x86_64.rpm -5baee8d68feab4c84bbf6a24eff4f6d9c13f936e5954d77e63efb855ead76179 vim-data-9.1.660-1.fc40.noarch.rpm -ae554ce439a2a30671400e69021f716318c5868e5afeecd615bc12b899efc4a2 vim-enhanced-9.1.660-1.fc40.x86_64.rpm -a58f45ba20164a016396233611971f971ed7c8e8b9607753c00c5533e29b296b vim-filesystem-9.1.660-1.fc40.noarch.rpm +e87361bf8eaaa87699e311e853b2c171c16f36f7d5e8f5eddb1f09c4a0202014 vim-common-9.1.672-1.fc40.x86_64.rpm +44986383b56588459663da041f9d144010cf91ae377ef9b957f7e262ef55ae19 vim-data-9.1.672-1.fc40.noarch.rpm +6fc8a60a8fae42a30666848f972129d2abfb0c7f2fb073616972a811b697bbc7 vim-enhanced-9.1.672-1.fc40.x86_64.rpm +13ae5c6fc04aa31b8c2f43885e94e222497d35dadf6858c13aa35e25d131019b vim-filesystem-9.1.672-1.fc40.noarch.rpm c5682a1b02bb02578e9997ae221a7f6c6db711084129824e207fe1febdc55b9d wget2-2.1.0-11.fc40.x86_64.rpm 38aaee4829df7e1a4719991c4fc6d65a1265b6a556b182ecac3145c287c320f4 wget2-libs-2.1.0-11.fc40.x86_64.rpm a12b44ee7cc5a0e916bcf72e80c4d618abb7406254578e947f3ba9dd0d445d25 wget2-wget-2.1.0-11.fc40.x86_64.rpm cf0306ceed1c6b3be39060d85f16b1953b464d3a625488b170d3b7aadf600645 which-2.21-41.fc40.x86_64.rpm 4ede95a2fa3bc0ae617c8bf3a375b800163d58733b4829b15d9f038505d79fee whois-nls-5.5.20-3.fc40.noarch.rpm e2195010e857f56b19246f8b821f9391922880b7691b3728a413f540edc890a6 xkeyboard-config-2.41-1.fc40.noarch.rpm -be8f910530a68332435ffcec345a299f4e136c07587b41bf36f9cc0369a4f7c6 xxd-9.1.660-1.fc40.x86_64.rpm +e6006fd24e866d8747f8444ee21dcf66af86936839cf019ffed2718819ae20cc xxd-9.1.672-1.fc40.x86_64.rpm ee599a1c4d7ee635e54ec137af4dded83f433b9c8a5976f75ecdcd000b5246e3 xz-5.4.6-3.fc40.x86_64.rpm b92ef78d8ab424c22130e457d0ef691d8197bff61c3b8852205d1b02baba3819 xz-libs-5.4.6-3.fc40.i686.rpm b6ee44b3d7e494b0364f26b7d0b169a8092180af787423cd5e8a47dc0f738a66 xz-libs-5.4.6-3.fc40.x86_64.rpm From ec7b40d93387f253e5a094e96bbce6c98c74b637 Mon Sep 17 00:00:00 2001 From: Moritz Eckert Date: Tue, 20 Aug 2024 10:35:41 +0200 Subject: [PATCH 217/380] docs: sort clouds table alphabetical (#3315) --- docs/docs/overview/clouds.md | 30 +++++++++---------- .../version-2.17/overview/clouds.md | 30 +++++++++---------- 2 files changed, 30 insertions(+), 30 deletions(-) diff --git a/docs/docs/overview/clouds.md b/docs/docs/overview/clouds.md index 1440b5430..34f48d3f8 100644 --- a/docs/docs/overview/clouds.md +++ b/docs/docs/overview/clouds.md @@ -14,13 +14,21 @@ For Constellation, the ideal environment provides the following: The following table summarizes the state of features for different infrastructures. -| **Feature** | **Azure** | **GCP** | **AWS** | **STACKIT** | **OpenStack (Yoga)** | -|-----------------------------------|-----------|---------|---------|--------------|----------------------| -| **1. Custom images** | Yes | Yes | Yes | Yes | Yes | -| **2. SEV-SNP or TDX** | Yes | Yes | Yes | No | Depends on kernel/HV | -| **3. Raw guest attestation** | Yes | Yes | Yes | No | Depends on kernel/HV | -| **4. Reviewable firmware** | No | No | Yes | No | Depends on kernel/HV | -| **5. Confidential measured boot** | Yes | No | No | No | Depends on kernel/HV | +| **Feature** | **AWS** | **Azure** | **GCP** | **STACKIT** | **OpenStack (Yoga)** | +|-----------------------------------|---------|-----------|---------|--------------|----------------------| +| **1. Custom images** | Yes | Yes | Yes | Yes | Yes | +| **2. SEV-SNP or TDX** | Yes | Yes | Yes | No | Depends on kernel/HV | +| **3. Raw guest attestation** | Yes | Yes | Yes | No | Depends on kernel/HV | +| **4. Reviewable firmware** | Yes | No | No | No | Depends on kernel/HV | +| **5. Confidential measured boot** | No | Yes | No | No | Depends on kernel/HV | + +## Amazon Web Services (AWS) + +Amazon EC2 [supports AMD SEV-SNP](https://aws.amazon.com/de/about-aws/whats-new/2023/04/amazon-ec2-amd-sev-snp/). +Regarding (3), AWS provides direct access to attestation statements. +However, regarding (5), attestation is partially based on the [NitroTPM](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) for [measured boot](../architecture/attestation.md#measured-boot), which is a vTPM managed by the Nitro hypervisor. +Hence, the hypervisor is currently part of Constellation's TCB. +Regarding (4), the [firmware is open source](https://github.com/aws/uefi) and can be reproducibly built. ## Microsoft Azure @@ -43,14 +51,6 @@ Regarding (4), the CVMs still include closed-source firmware. [TDX on Google](https://cloud.google.com/blog/products/identity-security/confidential-vms-on-intel-cpus-your-datas-new-intelligent-defense) is in public preview. With it, Constellation would have a similar TCB and attestation flow as with the current SEV-SNP offering. -## Amazon Web Services (AWS) - -Amazon EC2 [supports AMD SEV-SNP](https://aws.amazon.com/de/about-aws/whats-new/2023/04/amazon-ec2-amd-sev-snp/). -Regarding (3), AWS provides direct access to attestation statements. -However, regarding (5), attestation is partially based on the [NitroTPM](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) for [measured boot](../architecture/attestation.md#measured-boot), which is a vTPM managed by the Nitro hypervisor. -Hence, the hypervisor is currently part of Constellation's TCB. -Regarding (4), the [firmware is open source](https://github.com/aws/uefi) and can be reproducibly built. - ## STACKIT [STACKIT Compute Engine](https://www.stackit.de/en/product/stackit-compute-engine/) supports AMD SEV-ES. A vTPM is used for measured boot, which is a vTPM managed by STACKIT's hypervisor. Hence, the hypervisor is currently part of Constellation's TCB. diff --git a/docs/versioned_docs/version-2.17/overview/clouds.md b/docs/versioned_docs/version-2.17/overview/clouds.md index 1440b5430..34f48d3f8 100644 --- a/docs/versioned_docs/version-2.17/overview/clouds.md +++ b/docs/versioned_docs/version-2.17/overview/clouds.md @@ -14,13 +14,21 @@ For Constellation, the ideal environment provides the following: The following table summarizes the state of features for different infrastructures. -| **Feature** | **Azure** | **GCP** | **AWS** | **STACKIT** | **OpenStack (Yoga)** | -|-----------------------------------|-----------|---------|---------|--------------|----------------------| -| **1. Custom images** | Yes | Yes | Yes | Yes | Yes | -| **2. SEV-SNP or TDX** | Yes | Yes | Yes | No | Depends on kernel/HV | -| **3. Raw guest attestation** | Yes | Yes | Yes | No | Depends on kernel/HV | -| **4. Reviewable firmware** | No | No | Yes | No | Depends on kernel/HV | -| **5. Confidential measured boot** | Yes | No | No | No | Depends on kernel/HV | +| **Feature** | **AWS** | **Azure** | **GCP** | **STACKIT** | **OpenStack (Yoga)** | +|-----------------------------------|---------|-----------|---------|--------------|----------------------| +| **1. Custom images** | Yes | Yes | Yes | Yes | Yes | +| **2. SEV-SNP or TDX** | Yes | Yes | Yes | No | Depends on kernel/HV | +| **3. Raw guest attestation** | Yes | Yes | Yes | No | Depends on kernel/HV | +| **4. Reviewable firmware** | Yes | No | No | No | Depends on kernel/HV | +| **5. Confidential measured boot** | No | Yes | No | No | Depends on kernel/HV | + +## Amazon Web Services (AWS) + +Amazon EC2 [supports AMD SEV-SNP](https://aws.amazon.com/de/about-aws/whats-new/2023/04/amazon-ec2-amd-sev-snp/). +Regarding (3), AWS provides direct access to attestation statements. +However, regarding (5), attestation is partially based on the [NitroTPM](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) for [measured boot](../architecture/attestation.md#measured-boot), which is a vTPM managed by the Nitro hypervisor. +Hence, the hypervisor is currently part of Constellation's TCB. +Regarding (4), the [firmware is open source](https://github.com/aws/uefi) and can be reproducibly built. ## Microsoft Azure @@ -43,14 +51,6 @@ Regarding (4), the CVMs still include closed-source firmware. [TDX on Google](https://cloud.google.com/blog/products/identity-security/confidential-vms-on-intel-cpus-your-datas-new-intelligent-defense) is in public preview. With it, Constellation would have a similar TCB and attestation flow as with the current SEV-SNP offering. -## Amazon Web Services (AWS) - -Amazon EC2 [supports AMD SEV-SNP](https://aws.amazon.com/de/about-aws/whats-new/2023/04/amazon-ec2-amd-sev-snp/). -Regarding (3), AWS provides direct access to attestation statements. -However, regarding (5), attestation is partially based on the [NitroTPM](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) for [measured boot](../architecture/attestation.md#measured-boot), which is a vTPM managed by the Nitro hypervisor. -Hence, the hypervisor is currently part of Constellation's TCB. -Regarding (4), the [firmware is open source](https://github.com/aws/uefi) and can be reproducibly built. - ## STACKIT [STACKIT Compute Engine](https://www.stackit.de/en/product/stackit-compute-engine/) supports AMD SEV-ES. A vTPM is used for measured boot, which is a vTPM managed by STACKIT's hypervisor. Hence, the hypervisor is currently part of Constellation's TCB. From 57ffe6d4a7bd3e3b46016069c1c20dc9f5821424 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Thu, 22 Aug 2024 08:27:27 +0200 Subject: [PATCH 218/380] image: update measurements and image version (#3316) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index d930ea0cc..0f1cb8846 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xa9, 0x2e, 0x7a, 0xd7, 0xc0, 0x06, 0x06, 0xc7, 0x06, 0x3e, 0xa4, 0x4f, 0x2e, 0x1c, 0xd5, 0x60, 0x4c, 0xaa, 0xae, 0x45, 0xfb, 0x12, 0x81, 0x00, 0x1d, 0x4d, 0x1d, 0x74, 0x81, 0xc2, 0x21, 0x43}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb2, 0xe8, 0xd4, 0xbb, 0xd9, 0x9a, 0x0b, 0xc2, 0x95, 0xf6, 0x0f, 0xa4, 0x86, 0xef, 0x97, 0x8c, 0x1e, 0x59, 0xb5, 0xcd, 0xb6, 0x1f, 0x76, 0xdc, 0xe6, 0x3b, 0x70, 0x8f, 0x4a, 0xb8, 0xcc, 0x48}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x9f, 0x4a, 0x51, 0x53, 0x57, 0xf2, 0xb6, 0x07, 0x94, 0xe6, 0x8b, 0x57, 0x8e, 0xe4, 0xff, 0x7d, 0x1a, 0xa4, 0xb8, 0x70, 0xf8, 0xfd, 0x8a, 0xa5, 0x47, 0x16, 0x82, 0x6d, 0x39, 0x11, 0x30, 0xca}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xbd, 0xbe, 0x0a, 0x43, 0xc4, 0xc8, 0x84, 0x6f, 0xa1, 0xae, 0x18, 0xb0, 0x76, 0x68, 0x09, 0xe6, 0x59, 0x30, 0x5b, 0xa6, 0x45, 0xad, 0x61, 0xde, 0xe2, 0x55, 0x96, 0x60, 0xab, 0x88, 0x74, 0xbf}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd6, 0x22, 0x0c, 0x61, 0x02, 0xe6, 0x00, 0xa5, 0x3b, 0xb7, 0xbc, 0x91, 0xcc, 0xb9, 0xba, 0x52, 0x6b, 0xe0, 0x21, 0x66, 0x77, 0x02, 0xb5, 0x1a, 0xad, 0xec, 0x06, 0x8c, 0x43, 0xdd, 0x3e, 0xe1}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe5, 0x1d, 0xff, 0x7b, 0x8f, 0x46, 0xaa, 0x6d, 0xd8, 0xf6, 0x8e, 0xfc, 0xfe, 0x1c, 0xb1, 0xa1, 0x4c, 0x16, 0xf3, 0xf8, 0xd3, 0x64, 0x5a, 0x0f, 0xfb, 0x6b, 0x96, 0x32, 0x3a, 0x3c, 0x3b, 0x84}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x25, 0xdd, 0xe5, 0x04, 0xbf, 0xee, 0x32, 0xb0, 0x2c, 0xaa, 0x75, 0xee, 0x98, 0x41, 0x41, 0xbb, 0x4f, 0xa2, 0x5e, 0x27, 0x84, 0xc8, 0xaf, 0xc4, 0x96, 0x03, 0x60, 0xbf, 0x9d, 0xbd, 0xfd, 0xd3}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xc6, 0x73, 0xf8, 0xde, 0xea, 0xa3, 0x03, 0x6b, 0xec, 0x0f, 0x7a, 0xc9, 0xb5, 0xd6, 0x43, 0x8c, 0x81, 0x0e, 0x76, 0xc2, 0x07, 0x2c, 0x29, 0xb8, 0xd8, 0x76, 0xcb, 0x48, 0x70, 0x44, 0xb0, 0xe6}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf0, 0xca, 0xaa, 0x41, 0x40, 0xf6, 0x79, 0x31, 0x46, 0x24, 0x92, 0xd2, 0x82, 0x8e, 0x4b, 0xd8, 0xcb, 0xd0, 0xcb, 0x0f, 0xef, 0x1a, 0xcc, 0x65, 0x5c, 0x12, 0xdb, 0x75, 0x02, 0x6f, 0xd9, 0x64}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xc8, 0x83, 0x15, 0x0c, 0x4c, 0x9e, 0xce, 0x2d, 0x67, 0x40, 0xea, 0x45, 0xc6, 0x72, 0xf0, 0x55, 0x03, 0x81, 0xdf, 0x66, 0xc9, 0xce, 0x3a, 0xfd, 0x05, 0x93, 0x00, 0x33, 0xa9, 0x1d, 0x68, 0x5a}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x7c, 0x64, 0x31, 0xf0, 0xe3, 0xda, 0x2f, 0x51, 0x97, 0x07, 0xfd, 0x40, 0x5b, 0x11, 0x9d, 0xe3, 0x51, 0x11, 0xed, 0x5f, 0x81, 0x4d, 0x99, 0xd3, 0x3a, 0x5a, 0x55, 0x60, 0x98, 0x98, 0xe3, 0x89}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xc8, 0x8d, 0x29, 0x8f, 0xa2, 0x57, 0x73, 0x45, 0xaa, 0x1d, 0x21, 0xd6, 0xaa, 0x6c, 0xf2, 0xbc, 0xd0, 0xed, 0xc7, 0xa6, 0x89, 0xd6, 0x70, 0x92, 0x37, 0x1b, 0x71, 0xd6, 0x66, 0xd2, 0xd2, 0xa2}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x94, 0xc0, 0xa1, 0xac, 0x80, 0x22, 0x14, 0x9a, 0x8d, 0xbc, 0x3a, 0x8c, 0x7d, 0xc5, 0xdc, 0x7b, 0x64, 0xb2, 0xde, 0x13, 0xe1, 0x88, 0x45, 0x78, 0x53, 0xa5, 0x16, 0x96, 0x0c, 0xbd, 0x7e, 0x8c}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xa9, 0xca, 0x57, 0xa6, 0x07, 0x74, 0xe7, 0xd8, 0xd4, 0x45, 0xef, 0x34, 0x61, 0xcd, 0x99, 0x3b, 0xbd, 0x3d, 0x66, 0x15, 0x06, 0xad, 0x16, 0xd0, 0x4b, 0xf7, 0xe5, 0x77, 0xe7, 0xa8, 0xb5, 0xfa}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x57, 0x78, 0xa1, 0xd1, 0x78, 0x76, 0xc2, 0x58, 0x21, 0x05, 0xc6, 0x79, 0x09, 0x8f, 0x0c, 0x53, 0x7d, 0x6c, 0xf8, 0xcc, 0xfe, 0xa7, 0xae, 0xa7, 0x80, 0xc4, 0x72, 0x7d, 0x02, 0xab, 0x40, 0xed}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x54, 0x17, 0x4b, 0x7b, 0x40, 0x95, 0x90, 0xfe, 0x07, 0x91, 0x00, 0xff, 0xe1, 0x2c, 0x1a, 0x2d, 0x9d, 0x5b, 0xb0, 0x29, 0x59, 0xe9, 0x48, 0x03, 0xa6, 0xf2, 0x60, 0x12, 0x40, 0x02, 0xd4, 0x28}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x72, 0xb4, 0x9b, 0x74, 0x1f, 0xad, 0xee, 0xaf, 0xd6, 0x27, 0x03, 0xba, 0x46, 0x7c, 0xf7, 0x1a, 0x70, 0x60, 0x5d, 0x1e, 0x7b, 0x86, 0xbc, 0xc6, 0xee, 0x70, 0x61, 0x61, 0x4a, 0xdf, 0x64, 0xfb}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x5d, 0xa4, 0xf6, 0x21, 0xe8, 0x39, 0x3c, 0x5f, 0xc7, 0x3a, 0xbc, 0x6e, 0xc5, 0x66, 0x18, 0xc5, 0x7d, 0xc8, 0x2d, 0x41, 0x1e, 0xc6, 0xcd, 0x4d, 0x0a, 0xad, 0x04, 0x80, 0xec, 0x4c, 0x1d, 0xa4}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xbb, 0x55, 0x53, 0x59, 0x1d, 0xdb, 0xaa, 0x28, 0x80, 0x02, 0x4e, 0x0d, 0x12, 0xc2, 0x90, 0xf7, 0x5e, 0xac, 0xe0, 0xba, 0xe6, 0xcc, 0x51, 0x0c, 0x9f, 0x77, 0x2e, 0x8e, 0x15, 0x40, 0x58, 0x41}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x4b, 0x39, 0xff, 0xd5, 0x8c, 0x9c, 0xa0, 0x7c, 0x4b, 0xba, 0xcb, 0xe7, 0x29, 0x7c, 0x69, 0x9b, 0x9a, 0xc0, 0x56, 0x22, 0x51, 0x2e, 0x34, 0x94, 0xa8, 0xc5, 0xb1, 0x64, 0x73, 0x6b, 0x04, 0xb3}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xce, 0x7d, 0x6a, 0xad, 0xc6, 0x29, 0x30, 0xed, 0xf2, 0x4e, 0xbc, 0x46, 0xf0, 0x6b, 0x05, 0x5e, 0xd1, 0x20, 0x20, 0x69, 0x9e, 0x8b, 0x8a, 0x0c, 0xde, 0x3d, 0xb6, 0x47, 0x30, 0x1e, 0x07, 0xc5}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xf7, 0x0f, 0x33, 0x44, 0xd7, 0x57, 0x8d, 0x0d, 0x85, 0x0f, 0x82, 0x25, 0xac, 0xc5, 0xf7, 0x64, 0x0c, 0x2c, 0x57, 0x2a, 0xa8, 0x17, 0xf6, 0x55, 0x37, 0xf2, 0x0b, 0x9f, 0x01, 0x00, 0x09, 0xe4}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb9, 0x70, 0xa7, 0x8d, 0x24, 0x73, 0x9d, 0x9c, 0x16, 0x21, 0xda, 0xe2, 0xdb, 0x2c, 0xc1, 0x2b, 0x43, 0x1b, 0xf9, 0x1b, 0xab, 0x0a, 0x8e, 0x26, 0x27, 0x81, 0xf6, 0x01, 0x49, 0x3b, 0x2f, 0x70}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x7a, 0x8a, 0xe1, 0x31, 0xfe, 0xe5, 0xb6, 0x09, 0xb1, 0xff, 0xd2, 0x63, 0x2b, 0x89, 0x35, 0xca, 0xed, 0xbb, 0x6a, 0x50, 0x6c, 0x42, 0x01, 0xa2, 0xb3, 0xeb, 0x4e, 0xae, 0x4e, 0x71, 0xdc, 0x30}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x0c, 0x37, 0x39, 0x6e, 0x2a, 0x78, 0xe4, 0x71, 0xc3, 0xec, 0x41, 0x81, 0xdd, 0x5c, 0xa0, 0x3f, 0x84, 0x08, 0xd7, 0xee, 0xbc, 0x47, 0x51, 0x30, 0xb7, 0x40, 0xbb, 0x6c, 0xab, 0xdc, 0x1a, 0x01}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd5, 0x93, 0x79, 0x8f, 0xac, 0xff, 0x19, 0x41, 0x3e, 0xc0, 0x21, 0xd6, 0x33, 0xde, 0x83, 0xf5, 0x3d, 0x69, 0xa1, 0x39, 0x7d, 0x53, 0xb4, 0xeb, 0xe6, 0xfc, 0xa1, 0x09, 0xfa, 0xd3, 0xfa, 0x3e}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x24, 0xca, 0x28, 0x96, 0xed, 0xa5, 0x1e, 0x23, 0x61, 0xad, 0x3c, 0x84, 0xfa, 0x65, 0x70, 0xf9, 0xd3, 0x66, 0xb6, 0x6e, 0x60, 0x3a, 0xa1, 0xfe, 0x8e, 0x4f, 0x3c, 0x43, 0xb2, 0xf4, 0xbd, 0x2f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x01, 0x4e, 0x86, 0x89, 0xf2, 0xa1, 0xd2, 0x81, 0x7c, 0x92, 0xd5, 0xc3, 0xcb, 0xf6, 0x59, 0x13, 0x38, 0x88, 0xc4, 0x2c, 0x7c, 0x90, 0x07, 0x43, 0xf4, 0xfb, 0x75, 0x3f, 0xca, 0x0f, 0xa7, 0xa7}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x10, 0x9e, 0x2e, 0x03, 0x98, 0x67, 0x36, 0xae, 0x95, 0xef, 0xad, 0x77, 0xb9, 0x5f, 0x95, 0x58, 0x40, 0x3e, 0x9d, 0xfb, 0xf0, 0x5f, 0x83, 0xe5, 0x96, 0x2e, 0xfa, 0x96, 0xdd, 0x11, 0xd9, 0x9e}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x27, 0x66, 0xfb, 0x3d, 0x0c, 0x6d, 0xd8, 0x54, 0x99, 0xcf, 0xf9, 0xf6, 0xc6, 0x7e, 0xdd, 0x34, 0x17, 0xe1, 0x6b, 0x0b, 0xd4, 0x4a, 0x0d, 0x49, 0x8e, 0xd7, 0x96, 0xc1, 0x3f, 0xc6, 0xf8, 0x93}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0x28, 0x9e, 0x7b, 0xc7, 0x0e, 0x4a, 0x02, 0x4e, 0xb9, 0x37, 0x99, 0x24, 0xf9, 0x2c, 0xc6, 0x08, 0xc8, 0x33, 0x62, 0x90, 0xb9, 0xf4, 0xb9, 0x39, 0x40, 0xbc, 0x5c, 0xf4, 0x57, 0xe3, 0x76, 0x32}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x1d, 0x98, 0xb5, 0xbc, 0x79, 0x0e, 0x7c, 0x8e, 0x15, 0x76, 0x80, 0xd7, 0x2d, 0xbc, 0x36, 0xcf, 0xb8, 0xab, 0xbe, 0x2d, 0x73, 0xbe, 0x87, 0xe4, 0x5f, 0xf3, 0xc1, 0xe1, 0xea, 0xd3, 0xd3, 0xaf}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xfe, 0xc9, 0x8f, 0x09, 0x9c, 0xcc, 0x2e, 0xc1, 0xf7, 0x02, 0x68, 0x22, 0x20, 0x44, 0x68, 0x8f, 0xb5, 0x42, 0xb9, 0x8b, 0x94, 0xf5, 0x1c, 0xc6, 0xe0, 0x9a, 0x0f, 0x95, 0x1a, 0x11, 0x89, 0xfc}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x1a, 0xb0, 0x35, 0x1b, 0x6e, 0xc7, 0x76, 0x61, 0x62, 0xc2, 0xd1, 0x74, 0xdf, 0x97, 0x0a, 0x47, 0x20, 0x88, 0xbe, 0x25, 0x7e, 0x35, 0xfd, 0x41, 0x5f, 0xae, 0x20, 0x23, 0x31, 0x4c, 0x0a, 0xa8}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xf0, 0xd7, 0x9c, 0x5e, 0x91, 0xd6, 0x8d, 0x8e, 0xd2, 0x0b, 0x87, 0x09, 0x72, 0x70, 0x7d, 0x2f, 0xcd, 0x73, 0xd8, 0x0b, 0x6e, 0xd8, 0x68, 0x86, 0x24, 0xbc, 0x7e, 0xdc, 0xb6, 0xb9, 0x1f, 0x76}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x44, 0x27, 0x99, 0x46, 0x10, 0x7d, 0xc0, 0xe7, 0x9d, 0x3f, 0xc7, 0x7d, 0x80, 0x1e, 0x01, 0xd5, 0x43, 0xb8, 0x54, 0xe8, 0xff, 0xa9, 0x56, 0x19, 0xa8, 0xcb, 0xd4, 0x55, 0x81, 0xb5, 0xa5, 0xe1}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x23, 0xee, 0x59, 0xff, 0x4b, 0xd0, 0xce, 0x5c, 0xd5, 0xce, 0xc8, 0x3a, 0x22, 0xd0, 0x49, 0x3c, 0xa5, 0xc4, 0xa6, 0x20, 0xe0, 0xe7, 0x7c, 0x8d, 0xaa, 0x8e, 0x3e, 0x1e, 0x8a, 0x8a, 0x6e, 0x10}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x5b, 0xb8, 0x51, 0xdb, 0xa9, 0xf0, 0xba, 0x2b, 0x1f, 0x8c, 0xf6, 0xb4, 0x82, 0x97, 0xab, 0xfa, 0x07, 0xef, 0x41, 0xa9, 0x94, 0x2e, 0x1b, 0x87, 0x9f, 0x0a, 0x59, 0x42, 0x13, 0x89, 0x6d, 0x77}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xaa, 0x5f, 0x0c, 0x75, 0xe4, 0xec, 0xfd, 0x71, 0x7c, 0x08, 0xef, 0x7f, 0x55, 0x71, 0xcf, 0xd2, 0xe8, 0x1c, 0xd4, 0xcc, 0x6f, 0xc8, 0x91, 0x68, 0x3d, 0xc7, 0x7f, 0x8a, 0x2b, 0xc1, 0x1e, 0xff}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0xbe, 0xc5, 0xd8, 0x7e, 0x8f, 0x2b, 0x5e, 0x16, 0x8a, 0xc8, 0xf9, 0x9e, 0x97, 0xfb, 0xd1, 0x3b, 0x1e, 0xf5, 0x77, 0x24, 0x81, 0xe7, 0xe9, 0x35, 0xd5, 0x2e, 0xe4, 0xf3, 0x10, 0x04, 0x63, 0x11}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x70, 0xe5, 0xe6, 0x60, 0x2b, 0x96, 0x06, 0x92, 0xdc, 0xda, 0x99, 0xb2, 0xc6, 0x62, 0x3f, 0x36, 0x2c, 0xe4, 0xca, 0xb7, 0x7d, 0x2c, 0xb0, 0x21, 0xa2, 0xce, 0xdf, 0x0f, 0x65, 0xb8, 0x82, 0x9e}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x9d, 0x66, 0x29, 0xfd, 0x3b, 0x54, 0x5f, 0x82, 0x39, 0xe0, 0xf4, 0x43, 0x7c, 0x35, 0x57, 0xa0, 0xfa, 0xb8, 0x14, 0x6b, 0xbd, 0xc6, 0xce, 0x18, 0x4a, 0xdb, 0x81, 0x6c, 0x7b, 0xc0, 0x94, 0x6c}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0xdd, 0x9f, 0xcb, 0xc7, 0x66, 0xc9, 0xb2, 0xd5, 0xa3, 0x26, 0x5f, 0x5b, 0xdf, 0xfe, 0x6c, 0x4c, 0x17, 0xdd, 0x5f, 0x7d, 0x77, 0x93, 0x1a, 0xcf, 0x1b, 0xaf, 0x6d, 0x24, 0xe9, 0xa4, 0x80, 0x34}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x41, 0xf4, 0xef, 0xe3, 0x0b, 0x23, 0x54, 0x35, 0x40, 0xd0, 0x3b, 0x5f, 0x62, 0x69, 0x1d, 0x8b, 0xd1, 0xcf, 0xc1, 0x1c, 0xc2, 0x60, 0x0c, 0x63, 0x0b, 0x75, 0xd4, 0x1c, 0xd8, 0xa1, 0x3d, 0x5f}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x2b, 0x98, 0x95, 0x99, 0x65, 0xe9, 0x6b, 0x54, 0xe2, 0xfe, 0xda, 0xb1, 0xfb, 0xf2, 0x56, 0x00, 0xd7, 0xd5, 0x88, 0x74, 0x92, 0xea, 0x1a, 0x1c, 0x95, 0xd3, 0x0c, 0x8d, 0x14, 0x22, 0x17, 0xcb}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0x6a, 0x41, 0x53, 0xfc, 0x1a, 0x8a, 0x83, 0x3a, 0x3a, 0x15, 0xba, 0x4c, 0x50, 0x51, 0x6c, 0xe7, 0x29, 0x42, 0x8d, 0x74, 0xa9, 0xd8, 0x8f, 0x68, 0x67, 0xc0, 0x71, 0x3c, 0x02, 0xfb, 0xec, 0xc2}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xfb, 0x09, 0xfb, 0x12, 0x69, 0x1d, 0xbd, 0xf8, 0xbd, 0x25, 0x42, 0x84, 0xc7, 0x28, 0x66, 0xd1, 0xfb, 0x57, 0x7f, 0xf2, 0xb3, 0x1b, 0x12, 0xae, 0x33, 0x55, 0xe6, 0xa1, 0x3c, 0xea, 0x1e, 0x2f}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe5, 0x8d, 0x0e, 0x34, 0x74, 0x88, 0x5c, 0x37, 0xd2, 0xbb, 0x15, 0xa5, 0x61, 0x17, 0x77, 0x7a, 0x81, 0x3f, 0x67, 0x21, 0x45, 0xac, 0x67, 0x13, 0xc1, 0x38, 0xbd, 0x43, 0x9c, 0xc2, 0xa3, 0x84}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index 8db621928..44424ed91 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240813222857-0551a862b306" + defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240820103541-ec7b40d93387" ) From 1c78d2fde1e1bd772182a7748eea55c70d55b455 Mon Sep 17 00:00:00 2001 From: laralaske <110233588+laralaske@users.noreply.github.com> Date: Thu, 22 Aug 2024 12:29:52 +0200 Subject: [PATCH 219/380] update readme banner (#3318) * Add files via upload * Update README.md * Rename GitHub Banner_Constellation animated.svg to BannerConstellationanimated.svg * Update README.md * Delete docs/static/img/banner.svg * Update BannerConstellationanimated.svg --- README.md | 2 +- .../img/BannerConstellationanimated.svg | 65 ++++++++ docs/static/img/banner.svg | 155 ------------------ 3 files changed, 66 insertions(+), 156 deletions(-) create mode 100644 docs/static/img/BannerConstellationanimated.svg delete mode 100644 docs/static/img/banner.svg diff --git a/README.md b/README.md index 3b8a9ddbd..5e698b772 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -![Constellation](docs/static/img/banner.svg) +![Constellation](docs/static/img/BannerConstellationanimated.svg) # Always Encrypted Kubernetes diff --git a/docs/static/img/BannerConstellationanimated.svg b/docs/static/img/BannerConstellationanimated.svg new file mode 100644 index 000000000..f937f69a0 --- /dev/null +++ b/docs/static/img/BannerConstellationanimated.svg @@ -0,0 +1,65 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/static/img/banner.svg b/docs/static/img/banner.svg deleted file mode 100644 index cb19bc6e9..000000000 --- a/docs/static/img/banner.svg +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - From 5e1c09bdd6127fc454d88d33686986d6c6508e8a Mon Sep 17 00:00:00 2001 From: Joseph Mearman Date: Wed, 21 Aug 2024 11:26:39 +0100 Subject: [PATCH 220/380] chore: remove rogue character --- dev-docs/workflows/terraform-provider.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-docs/workflows/terraform-provider.md b/dev-docs/workflows/terraform-provider.md index 7f255710f..3dff8e290 100644 --- a/dev-docs/workflows/terraform-provider.md +++ b/dev-docs/workflows/terraform-provider.md @@ -12,7 +12,7 @@ The [`devbuild` target](./build-develop-deploy.md), will create a `terraform` di with the provider binary and some utility files in the dedicated local Terraform registry directory. ```bash -bazel run //:devbuild' +bazel run //:devbuild ``` > [!IMPORTANT] when making changes on the provider without a commit, subsequent applies will fail due to the changed binary hash. To solve this, in your Terraform directory run: From 10b08a030e905db464002a061949a89c422ed1d3 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 22 Aug 2024 23:42:05 +0200 Subject: [PATCH 221/380] deps: update K8s constrained Azure versions (#3246) Co-authored-by: Leonard Cohnen --- internal/versions/versions.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/internal/versions/versions.go b/internal/versions/versions.go index 5eb0bba36..26b231f62 100644 --- a/internal/versions/versions.go +++ b/internal/versions/versions.go @@ -252,10 +252,10 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ CloudControllerManagerImageAWS: "registry.k8s.io/provider-aws/cloud-controller-manager:v1.28.6@sha256:bb42961c336c2dbc736c1354b01208523962b4f4be4ebd582f697391766d510e", // renovate:container // CloudControllerManagerImageAzure is the CCM image used on Azure. // Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md. - CloudControllerManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.28.9@sha256:7abf813ad41b8f1ed91f50bfefb6f285b367664c57758af0b5a623b65f55b34b", // renovate:container + CloudControllerManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.28.11@sha256:6fe43ab439e2faef8dd198a84c13e295a4c112cd27ede1016b0f3e2d6c9882dc", // renovate:container // CloudNodeManagerImageAzure is the cloud-node-manager image used on Azure. // Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md. - CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.28.9@sha256:65285c13cc3eced1005a1c6c5f727570d781ac25f421a9e5cf169de8d7e1d6a9", // renovate:container + CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.28.11@sha256:0d50766bd56f20812073d00a973d64fb49cc6f7b4a23484b521c3e34abe31984", // renovate:container // CloudControllerManagerImageGCP is the CCM image used on GCP. CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v28.10.0@sha256:f3b6fa7faea27b4a303c91b3bc7ee192b050e21e27579e9f3da90ae4ba38e626", // renovate:container // CloudControllerManagerImageOpenStack is the CCM image used on OpenStack. @@ -319,10 +319,10 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ CloudControllerManagerImageAWS: "registry.k8s.io/provider-aws/cloud-controller-manager:v1.29.3@sha256:26a61ab55d8be6365348b78c3cf691276a7b078c58dd789729704fb56bcaac8c", // renovate:container // CloudControllerManagerImageAzure is the CCM image used on Azure. // Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md. - CloudControllerManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.29.7@sha256:01f3e57f0dfed05a940face4f1a543eed613e3bfbfb1983997f75a4a11a6e0bb", // renovate:container + CloudControllerManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.29.9@sha256:bbeda8d6d36fc12d07314714b88e5f0433c2ae61feb59cd62fbe05d2f3c2aa17", // renovate:container // CloudNodeManagerImageAzure is the cloud-node-manager image used on Azure. // Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md. - CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.29.7@sha256:79f1ebd0f462713dd20b9630ae177ab1b1dc14f0faae7c8fd4837e8d494d11b9", // renovate:container + CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.29.9@sha256:175d52f1d48d1b947823974166bcdd403c0644c5bca6f7275a3087d29fe8f36d", // renovate:container // CloudControllerManagerImageGCP is the CCM image used on GCP. CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v29.5.0@sha256:4b17e16f9b5dfa20c9ff62cb382c3f754b70ed36be7f85cc3f46213dae21ec91", // renovate:container // CloudControllerManagerImageOpenStack is the CCM image used on OpenStack. @@ -386,10 +386,10 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ CloudControllerManagerImageAWS: "registry.k8s.io/provider-aws/cloud-controller-manager:v1.30.1@sha256:ee0e0c0de56e7dace71e2b4a0e45dcdae84e325c78f72c5495b109976fb3362c", // renovate:container // CloudControllerManagerImageAzure is the CCM image used on Azure. // Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md. - CloudControllerManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.30.3@sha256:0c74b1d476f30bcd4c68d1bb2cce6957f9dfeae529b7260f21b0059e0a6b4450", // renovate:container + CloudControllerManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.30.5@sha256:932215506d0701783dd60e26ebe21ca3381eaa6517cf769aae339a082c2638f7", // renovate:container // CloudNodeManagerImageAzure is the cloud-node-manager image used on Azure. // Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md. - CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.30.3@sha256:7605738917b4f9c55dba985073724de359d97f02688f62e65b4173491b2697ce", // renovate:container + CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.30.5@sha256:16203c47820604328950e7b7bbf6fd103aec51e1c13c2a3689546e0ba6119b2c", // renovate:container // CloudControllerManagerImageGCP is the CCM image used on GCP. CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v30.0.0@sha256:529382b3a16cee9d61d4cfd9b8ba74fff51856ae8cbaf1825c075112229284d9", // renovate:container // CloudControllerManagerImageOpenStack is the CCM image used on OpenStack. From f9dd864229b4e884a8092f73e7cdd0cd241689c6 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 23 Aug 2024 00:30:51 +0200 Subject: [PATCH 222/380] deps: update ghcr.io/edgelesssys/gcp-guest-agent Docker tag to v20240816 (#3285) Co-authored-by: Leonard Cohnen --- internal/versions/versions.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/versions/versions.go b/internal/versions/versions.go index 26b231f62..7f3149f8b 100644 --- a/internal/versions/versions.go +++ b/internal/versions/versions.go @@ -169,7 +169,7 @@ const ( // GcpGuestImage image for GCP guest agent. // Check for new versions at https://github.com/GoogleCloudPlatform/guest-agent/releases and update in /.github/workflows/build-gcp-guest-agent.yml. - GcpGuestImage = "ghcr.io/edgelesssys/gcp-guest-agent:v20240701.0.0@sha256:30986eeea5ae55dc98bd9b1c6d5252821effea5b27708c14dc414f6ee926c7d7" // renovate:container + GcpGuestImage = "ghcr.io/edgelesssys/gcp-guest-agent:v20240816.0.0@sha256:a6f871346da12d95a1961cb247343ccaa708039f49999ce56d00e35f3f701b97" // renovate:container // NodeMaintenanceOperatorImage is the image for the node maintenance operator. NodeMaintenanceOperatorImage = "quay.io/medik8s/node-maintenance-operator:v0.15.0@sha256:8cb8dad93283268282c30e75c68f4bd76b28def4b68b563d2f9db9c74225d634" // renovate:container // LogstashImage is the container image of logstash, used for log collection by debugd. From 7f2b38816828c029847847ee8500ead2915e4729 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 23 Aug 2024 01:17:24 +0200 Subject: [PATCH 223/380] deps: update K8s constrained GCP versions (#3289) Co-authored-by: Leonard Cohnen --- internal/versions/versions.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/internal/versions/versions.go b/internal/versions/versions.go index 7f3149f8b..445f0ab73 100644 --- a/internal/versions/versions.go +++ b/internal/versions/versions.go @@ -262,7 +262,7 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ CloudControllerManagerImageOpenStack: "docker.io/k8scloudprovider/openstack-cloud-controller-manager:v1.26.4@sha256:05e846fb13481b6dbe4a1e50491feb219e8f5101af6cf662a086115735624db0", // renovate:container // External service image. Depends on k8s version. // Check for new versions at https://github.com/kubernetes/autoscaler/releases. - ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.28.5@sha256:d82acf2ae3287227b979fa7068dae7c2db96de22c96295d2e89029065e895bca", // renovate:container + ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.28.6@sha256:acfc7fe7543f4cf2fcf8156145925bee76eb6c602bb0b8e155456c6818fe8335", // renovate:container }, V1_29: { ClusterVersion: "v1.29.6", // renovate:kubernetes-release @@ -329,7 +329,7 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ CloudControllerManagerImageOpenStack: "docker.io/k8scloudprovider/openstack-cloud-controller-manager:v1.26.4@sha256:05e846fb13481b6dbe4a1e50491feb219e8f5101af6cf662a086115735624db0", // renovate:container // External service image. Depends on k8s version. // Check for new versions at https://github.com/kubernetes/autoscaler/releases. - ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.29.3@sha256:ea973cf727ff98a0c8c8f770a0787c26a86604182565ce180a5665936f3b38bc", // renovate:container + ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.29.4@sha256:786728c85787a58c6376b47d2e22cc04db3ecfdd73a52b5b9be20fd869abce2f", // renovate:container }, V1_30: { ClusterVersion: "v1.30.2", // renovate:kubernetes-release @@ -396,7 +396,7 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ CloudControllerManagerImageOpenStack: "docker.io/k8scloudprovider/openstack-cloud-controller-manager:v1.26.4@sha256:05e846fb13481b6dbe4a1e50491feb219e8f5101af6cf662a086115735624db0", // renovate:container // External service image. Depends on k8s version. // Check for new versions at https://github.com/kubernetes/autoscaler/releases. - ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.30.1@sha256:21a0003fa059f679631a301ae09d9369e1cf6a1c063b78978844ccd494dab38a", // renovate:container + ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.30.2@sha256:ef370d1d06a1603c4b1e47e64bb27c3ff51cb20680712dc3d41c34f3fbf7be9f", // renovate:container }, } From 03c6ae20bbbbfa23591359975aaa47cab8d18176 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Fri, 23 Aug 2024 10:20:46 +0200 Subject: [PATCH 224/380] image: update measurements and image version (#3322) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index 0f1cb8846..3a25e75e6 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x94, 0xc0, 0xa1, 0xac, 0x80, 0x22, 0x14, 0x9a, 0x8d, 0xbc, 0x3a, 0x8c, 0x7d, 0xc5, 0xdc, 0x7b, 0x64, 0xb2, 0xde, 0x13, 0xe1, 0x88, 0x45, 0x78, 0x53, 0xa5, 0x16, 0x96, 0x0c, 0xbd, 0x7e, 0x8c}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xa9, 0xca, 0x57, 0xa6, 0x07, 0x74, 0xe7, 0xd8, 0xd4, 0x45, 0xef, 0x34, 0x61, 0xcd, 0x99, 0x3b, 0xbd, 0x3d, 0x66, 0x15, 0x06, 0xad, 0x16, 0xd0, 0x4b, 0xf7, 0xe5, 0x77, 0xe7, 0xa8, 0xb5, 0xfa}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x57, 0x78, 0xa1, 0xd1, 0x78, 0x76, 0xc2, 0x58, 0x21, 0x05, 0xc6, 0x79, 0x09, 0x8f, 0x0c, 0x53, 0x7d, 0x6c, 0xf8, 0xcc, 0xfe, 0xa7, 0xae, 0xa7, 0x80, 0xc4, 0x72, 0x7d, 0x02, 0xab, 0x40, 0xed}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x54, 0x17, 0x4b, 0x7b, 0x40, 0x95, 0x90, 0xfe, 0x07, 0x91, 0x00, 0xff, 0xe1, 0x2c, 0x1a, 0x2d, 0x9d, 0x5b, 0xb0, 0x29, 0x59, 0xe9, 0x48, 0x03, 0xa6, 0xf2, 0x60, 0x12, 0x40, 0x02, 0xd4, 0x28}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x72, 0xb4, 0x9b, 0x74, 0x1f, 0xad, 0xee, 0xaf, 0xd6, 0x27, 0x03, 0xba, 0x46, 0x7c, 0xf7, 0x1a, 0x70, 0x60, 0x5d, 0x1e, 0x7b, 0x86, 0xbc, 0xc6, 0xee, 0x70, 0x61, 0x61, 0x4a, 0xdf, 0x64, 0xfb}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x5d, 0xa4, 0xf6, 0x21, 0xe8, 0x39, 0x3c, 0x5f, 0xc7, 0x3a, 0xbc, 0x6e, 0xc5, 0x66, 0x18, 0xc5, 0x7d, 0xc8, 0x2d, 0x41, 0x1e, 0xc6, 0xcd, 0x4d, 0x0a, 0xad, 0x04, 0x80, 0xec, 0x4c, 0x1d, 0xa4}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xbb, 0x55, 0x53, 0x59, 0x1d, 0xdb, 0xaa, 0x28, 0x80, 0x02, 0x4e, 0x0d, 0x12, 0xc2, 0x90, 0xf7, 0x5e, 0xac, 0xe0, 0xba, 0xe6, 0xcc, 0x51, 0x0c, 0x9f, 0x77, 0x2e, 0x8e, 0x15, 0x40, 0x58, 0x41}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x4b, 0x39, 0xff, 0xd5, 0x8c, 0x9c, 0xa0, 0x7c, 0x4b, 0xba, 0xcb, 0xe7, 0x29, 0x7c, 0x69, 0x9b, 0x9a, 0xc0, 0x56, 0x22, 0x51, 0x2e, 0x34, 0x94, 0xa8, 0xc5, 0xb1, 0x64, 0x73, 0x6b, 0x04, 0xb3}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xce, 0x7d, 0x6a, 0xad, 0xc6, 0x29, 0x30, 0xed, 0xf2, 0x4e, 0xbc, 0x46, 0xf0, 0x6b, 0x05, 0x5e, 0xd1, 0x20, 0x20, 0x69, 0x9e, 0x8b, 0x8a, 0x0c, 0xde, 0x3d, 0xb6, 0x47, 0x30, 0x1e, 0x07, 0xc5}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xf7, 0x0f, 0x33, 0x44, 0xd7, 0x57, 0x8d, 0x0d, 0x85, 0x0f, 0x82, 0x25, 0xac, 0xc5, 0xf7, 0x64, 0x0c, 0x2c, 0x57, 0x2a, 0xa8, 0x17, 0xf6, 0x55, 0x37, 0xf2, 0x0b, 0x9f, 0x01, 0x00, 0x09, 0xe4}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb9, 0x70, 0xa7, 0x8d, 0x24, 0x73, 0x9d, 0x9c, 0x16, 0x21, 0xda, 0xe2, 0xdb, 0x2c, 0xc1, 0x2b, 0x43, 0x1b, 0xf9, 0x1b, 0xab, 0x0a, 0x8e, 0x26, 0x27, 0x81, 0xf6, 0x01, 0x49, 0x3b, 0x2f, 0x70}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x7a, 0x8a, 0xe1, 0x31, 0xfe, 0xe5, 0xb6, 0x09, 0xb1, 0xff, 0xd2, 0x63, 0x2b, 0x89, 0x35, 0xca, 0xed, 0xbb, 0x6a, 0x50, 0x6c, 0x42, 0x01, 0xa2, 0xb3, 0xeb, 0x4e, 0xae, 0x4e, 0x71, 0xdc, 0x30}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x11, 0xcb, 0x1a, 0x1e, 0xef, 0x6a, 0xdd, 0x8a, 0xc6, 0x83, 0x54, 0xae, 0x03, 0xda, 0xc4, 0x8b, 0xfb, 0x62, 0x45, 0x45, 0x0d, 0x67, 0x91, 0x95, 0x82, 0xd6, 0xe8, 0xd6, 0x12, 0x25, 0x09, 0x41}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb1, 0xc1, 0x27, 0x80, 0xe3, 0x0b, 0xd7, 0xf4, 0x23, 0x62, 0x20, 0xb7, 0x71, 0x8e, 0xb4, 0xf3, 0x0e, 0xac, 0x4a, 0x3d, 0xae, 0x6b, 0x73, 0xbf, 0x54, 0x47, 0xd0, 0x1e, 0x1d, 0x7b, 0x81, 0x0a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x3d, 0xfb, 0x75, 0xc0, 0x13, 0x95, 0x71, 0x49, 0x05, 0xc0, 0x20, 0xc3, 0xae, 0xde, 0x55, 0xab, 0x20, 0xd3, 0x21, 0x9c, 0x2a, 0x89, 0xb3, 0x4e, 0x36, 0xb2, 0x27, 0x40, 0x90, 0x39, 0x9b, 0x26}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x29, 0x5d, 0x0b, 0x88, 0xf8, 0x3a, 0x6b, 0x00, 0x9d, 0x37, 0x14, 0x39, 0x41, 0x09, 0xb0, 0xf2, 0x90, 0xf6, 0x02, 0x52, 0x50, 0xd9, 0x0d, 0x7e, 0x32, 0x3f, 0x02, 0x01, 0x07, 0xfe, 0xb3, 0xeb}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x76, 0xa5, 0x20, 0x1b, 0x0b, 0x26, 0x05, 0x7b, 0xe0, 0x17, 0x0b, 0x95, 0x20, 0x31, 0xc6, 0x43, 0x21, 0x83, 0x24, 0x2f, 0xc7, 0xb3, 0x3d, 0x26, 0xce, 0xa3, 0xce, 0xc6, 0x6d, 0x3b, 0xff, 0x58}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x84, 0x23, 0xef, 0xc6, 0x9d, 0xdc, 0x45, 0x1e, 0xe9, 0xbf, 0xee, 0xfd, 0x9a, 0x44, 0xf7, 0x4a, 0x5d, 0xf5, 0xe3, 0x4b, 0x32, 0x0b, 0x9f, 0x0b, 0xaa, 0x28, 0x45, 0x78, 0xdc, 0x5c, 0x15, 0x5a}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x45, 0x0f, 0x34, 0x1b, 0x94, 0xe9, 0x2c, 0xb6, 0x29, 0xe2, 0x3e, 0x09, 0x50, 0x80, 0xcb, 0x4f, 0x59, 0xe0, 0x82, 0xac, 0xe5, 0x5a, 0x0a, 0x7d, 0x27, 0xd7, 0x08, 0x3c, 0x10, 0x6f, 0x0c, 0x90}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x52, 0xb0, 0xc4, 0xb1, 0xd8, 0x9c, 0xb7, 0xa2, 0x35, 0xde, 0xbc, 0x17, 0xd6, 0x4c, 0x49, 0xe3, 0xab, 0x5e, 0xdf, 0x18, 0x8b, 0xf8, 0x14, 0x73, 0xfb, 0x1b, 0x17, 0xdd, 0x60, 0x1d, 0xea, 0xb7}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xce, 0x98, 0x99, 0x98, 0x41, 0xfa, 0x43, 0x0d, 0x8a, 0x2c, 0x05, 0xdb, 0xff, 0x98, 0x54, 0x40, 0x94, 0x70, 0xae, 0x91, 0x1e, 0x56, 0x43, 0x18, 0xd7, 0x22, 0x71, 0xde, 0xeb, 0x11, 0x1d, 0x5e}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x15, 0x92, 0x2e, 0x0e, 0x65, 0x34, 0xcc, 0xb7, 0x4f, 0x02, 0xfe, 0xfc, 0xf3, 0x74, 0x45, 0x3c, 0x37, 0xcd, 0x1b, 0x06, 0x23, 0xc6, 0x61, 0x04, 0x75, 0x59, 0x62, 0xa5, 0xb8, 0x94, 0x75, 0x02}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x3d, 0xb5, 0xe6, 0x27, 0x03, 0x96, 0xfd, 0xda, 0xb9, 0xa2, 0x3a, 0x1f, 0x40, 0xd0, 0xca, 0x30, 0xc1, 0x0d, 0x10, 0x41, 0x51, 0x08, 0xba, 0x33, 0x2b, 0xde, 0x3a, 0xe5, 0x7f, 0x86, 0xe4, 0x05}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xfa, 0x60, 0x5d, 0x1b, 0xf0, 0x7d, 0x44, 0xbb, 0x61, 0x58, 0x75, 0xc2, 0x04, 0x17, 0x09, 0x61, 0x01, 0x60, 0xed, 0xe7, 0x32, 0xd6, 0x65, 0x51, 0x62, 0x84, 0xe2, 0x72, 0xb0, 0x62, 0x6a, 0x55}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x1a, 0xb0, 0x35, 0x1b, 0x6e, 0xc7, 0x76, 0x61, 0x62, 0xc2, 0xd1, 0x74, 0xdf, 0x97, 0x0a, 0x47, 0x20, 0x88, 0xbe, 0x25, 0x7e, 0x35, 0xfd, 0x41, 0x5f, 0xae, 0x20, 0x23, 0x31, 0x4c, 0x0a, 0xa8}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xf0, 0xd7, 0x9c, 0x5e, 0x91, 0xd6, 0x8d, 0x8e, 0xd2, 0x0b, 0x87, 0x09, 0x72, 0x70, 0x7d, 0x2f, 0xcd, 0x73, 0xd8, 0x0b, 0x6e, 0xd8, 0x68, 0x86, 0x24, 0xbc, 0x7e, 0xdc, 0xb6, 0xb9, 0x1f, 0x76}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x44, 0x27, 0x99, 0x46, 0x10, 0x7d, 0xc0, 0xe7, 0x9d, 0x3f, 0xc7, 0x7d, 0x80, 0x1e, 0x01, 0xd5, 0x43, 0xb8, 0x54, 0xe8, 0xff, 0xa9, 0x56, 0x19, 0xa8, 0xcb, 0xd4, 0x55, 0x81, 0xb5, 0xa5, 0xe1}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x23, 0xee, 0x59, 0xff, 0x4b, 0xd0, 0xce, 0x5c, 0xd5, 0xce, 0xc8, 0x3a, 0x22, 0xd0, 0x49, 0x3c, 0xa5, 0xc4, 0xa6, 0x20, 0xe0, 0xe7, 0x7c, 0x8d, 0xaa, 0x8e, 0x3e, 0x1e, 0x8a, 0x8a, 0x6e, 0x10}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x5b, 0xb8, 0x51, 0xdb, 0xa9, 0xf0, 0xba, 0x2b, 0x1f, 0x8c, 0xf6, 0xb4, 0x82, 0x97, 0xab, 0xfa, 0x07, 0xef, 0x41, 0xa9, 0x94, 0x2e, 0x1b, 0x87, 0x9f, 0x0a, 0x59, 0x42, 0x13, 0x89, 0x6d, 0x77}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xaa, 0x5f, 0x0c, 0x75, 0xe4, 0xec, 0xfd, 0x71, 0x7c, 0x08, 0xef, 0x7f, 0x55, 0x71, 0xcf, 0xd2, 0xe8, 0x1c, 0xd4, 0xcc, 0x6f, 0xc8, 0x91, 0x68, 0x3d, 0xc7, 0x7f, 0x8a, 0x2b, 0xc1, 0x1e, 0xff}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0xbe, 0xc5, 0xd8, 0x7e, 0x8f, 0x2b, 0x5e, 0x16, 0x8a, 0xc8, 0xf9, 0x9e, 0x97, 0xfb, 0xd1, 0x3b, 0x1e, 0xf5, 0x77, 0x24, 0x81, 0xe7, 0xe9, 0x35, 0xd5, 0x2e, 0xe4, 0xf3, 0x10, 0x04, 0x63, 0x11}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x70, 0xe5, 0xe6, 0x60, 0x2b, 0x96, 0x06, 0x92, 0xdc, 0xda, 0x99, 0xb2, 0xc6, 0x62, 0x3f, 0x36, 0x2c, 0xe4, 0xca, 0xb7, 0x7d, 0x2c, 0xb0, 0x21, 0xa2, 0xce, 0xdf, 0x0f, 0x65, 0xb8, 0x82, 0x9e}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x9d, 0x66, 0x29, 0xfd, 0x3b, 0x54, 0x5f, 0x82, 0x39, 0xe0, 0xf4, 0x43, 0x7c, 0x35, 0x57, 0xa0, 0xfa, 0xb8, 0x14, 0x6b, 0xbd, 0xc6, 0xce, 0x18, 0x4a, 0xdb, 0x81, 0x6c, 0x7b, 0xc0, 0x94, 0x6c}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x5c, 0xaf, 0xcd, 0x2d, 0x09, 0x3a, 0xf7, 0x74, 0x75, 0x10, 0x35, 0x41, 0x8d, 0xa5, 0x00, 0xf5, 0x1b, 0x8d, 0xd1, 0xfc, 0xef, 0xd0, 0xfe, 0x73, 0x5c, 0xe7, 0x96, 0xf4, 0x9e, 0x4a, 0x3f, 0x88}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x8f, 0x51, 0xe4, 0xf8, 0x8c, 0xea, 0xd8, 0xb3, 0x9a, 0x9d, 0x47, 0x32, 0xfe, 0xbb, 0xe0, 0xda, 0x1f, 0x8a, 0x0f, 0x8d, 0x68, 0x21, 0xdc, 0x7a, 0xe2, 0x82, 0xae, 0xf3, 0xe9, 0xa1, 0x42, 0xb5}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xda, 0x2c, 0xae, 0x3c, 0xf2, 0x27, 0x3e, 0x71, 0xea, 0x31, 0x8e, 0x5c, 0x98, 0xbf, 0x55, 0x79, 0x07, 0x6f, 0xa1, 0x49, 0xe5, 0xf7, 0x63, 0x00, 0x9d, 0x4a, 0xca, 0xb4, 0xbf, 0xc3, 0x42, 0x9c}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x4a, 0x99, 0x65, 0x3a, 0x41, 0x6d, 0xe3, 0xe3, 0x9b, 0xdc, 0x0f, 0x7f, 0x8a, 0x51, 0xfd, 0x10, 0x7b, 0x56, 0xeb, 0x21, 0xc0, 0x9e, 0x46, 0xd2, 0x37, 0xa8, 0x5a, 0xc4, 0xcc, 0x8d, 0xdb, 0xc7}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x9a, 0xfc, 0x04, 0x0f, 0x8e, 0xf9, 0x4b, 0xa2, 0xc1, 0xc9, 0xc6, 0x03, 0x35, 0xe0, 0x8d, 0x13, 0x72, 0x1e, 0xbb, 0xe0, 0xa5, 0x64, 0x38, 0x95, 0xf9, 0x03, 0xa7, 0x10, 0x84, 0x2b, 0x6f, 0x35}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x2a, 0x07, 0x87, 0x2d, 0xe3, 0xed, 0xed, 0x74, 0xc6, 0x8d, 0xc3, 0xd8, 0x6f, 0xa6, 0x2e, 0xca, 0x37, 0x1a, 0x07, 0x16, 0x65, 0x47, 0x1f, 0xed, 0x01, 0x7e, 0xf7, 0xaa, 0x08, 0xcb, 0x8e, 0xfb}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0x08, 0xe5, 0x24, 0x8c, 0x1e, 0xc5, 0x3a, 0xf0, 0x56, 0xe4, 0x38, 0xed, 0x1d, 0x2a, 0xef, 0x14, 0x1b, 0x48, 0x49, 0x23, 0x59, 0xb1, 0x05, 0x74, 0x00, 0x68, 0x6d, 0x89, 0x1e, 0x5e, 0xba, 0xec}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x0d, 0x4c, 0xfe, 0x60, 0x8c, 0xb5, 0x6b, 0x5f, 0x36, 0xbf, 0x0b, 0x45, 0x95, 0xac, 0x8e, 0xa7, 0x85, 0xd1, 0x33, 0xa4, 0x25, 0xb7, 0x2a, 0x28, 0xea, 0xdb, 0xde, 0x08, 0x4d, 0x2c, 0x1d, 0x8d}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd1, 0x0f, 0x26, 0xf7, 0x78, 0xbc, 0x6e, 0x27, 0x85, 0x70, 0x27, 0xc6, 0x76, 0x94, 0xa7, 0x01, 0x01, 0xd4, 0x84, 0x5e, 0x5e, 0xbf, 0x0d, 0xb9, 0xa3, 0xa6, 0x0d, 0xd3, 0x47, 0xc8, 0x31, 0xc8}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0x6a, 0x41, 0x53, 0xfc, 0x1a, 0x8a, 0x83, 0x3a, 0x3a, 0x15, 0xba, 0x4c, 0x50, 0x51, 0x6c, 0xe7, 0x29, 0x42, 0x8d, 0x74, 0xa9, 0xd8, 0x8f, 0x68, 0x67, 0xc0, 0x71, 0x3c, 0x02, 0xfb, 0xec, 0xc2}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xfb, 0x09, 0xfb, 0x12, 0x69, 0x1d, 0xbd, 0xf8, 0xbd, 0x25, 0x42, 0x84, 0xc7, 0x28, 0x66, 0xd1, 0xfb, 0x57, 0x7f, 0xf2, 0xb3, 0x1b, 0x12, 0xae, 0x33, 0x55, 0xe6, 0xa1, 0x3c, 0xea, 0x1e, 0x2f}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe5, 0x8d, 0x0e, 0x34, 0x74, 0x88, 0x5c, 0x37, 0xd2, 0xbb, 0x15, 0xa5, 0x61, 0x17, 0x77, 0x7a, 0x81, 0x3f, 0x67, 0x21, 0x45, 0xac, 0x67, 0x13, 0xc1, 0x38, 0xbd, 0x43, 0x9c, 0xc2, 0xa3, 0x84}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0xf5, 0x36, 0x83, 0x73, 0xa2, 0xed, 0xba, 0xaa, 0x34, 0x36, 0x22, 0x6f, 0x7f, 0x00, 0x8a, 0x88, 0x05, 0x63, 0x89, 0xe8, 0xa2, 0x7e, 0x7c, 0x46, 0xfc, 0x66, 0xfa, 0xfc, 0x99, 0x80, 0x16, 0xf9}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xbf, 0x83, 0x6c, 0x2e, 0x96, 0xb0, 0x32, 0x59, 0x1b, 0x64, 0xa9, 0xdf, 0x13, 0x3d, 0xcc, 0x07, 0xc7, 0x50, 0xc9, 0xde, 0x38, 0x7b, 0x94, 0x81, 0x9e, 0x7b, 0xff, 0xb9, 0x68, 0x40, 0xf9, 0xf9}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x97, 0x54, 0x75, 0xca, 0x37, 0xec, 0xd0, 0x1e, 0x09, 0x44, 0xae, 0xe5, 0x88, 0xc2, 0xef, 0xa7, 0xd5, 0xcc, 0xa0, 0xf0, 0xdf, 0x59, 0x51, 0x9f, 0x07, 0xb4, 0xfb, 0xf1, 0x38, 0xf6, 0x8d, 0x39}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index 44424ed91..cf7c592a9 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240820103541-ec7b40d93387" + defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240822142944-5e1c09bdd612" ) From abe0397e0d25ee0e005c75611d991d64219effc7 Mon Sep 17 00:00:00 2001 From: Thomas Tendyck Date: Fri, 23 Aug 2024 11:40:34 +0200 Subject: [PATCH 225/380] docs: replace angle bracket links, which aren't supported by new mdx version --- docs/docs/getting-started/first-steps.md | 4 ++-- docs/docs/workflows/sbom.md | 4 +++- docs/docs/workflows/trusted-launch.md | 2 +- docs/docs/workflows/verify-cli.md | 4 ++-- docs/versioned_docs/version-2.0/workflows/verify-cli.md | 4 ++-- docs/versioned_docs/version-2.1/workflows/verify-cli.md | 4 ++-- docs/versioned_docs/version-2.10/workflows/sbom.md | 4 +++- docs/versioned_docs/version-2.10/workflows/trusted-launch.md | 3 ++- docs/versioned_docs/version-2.10/workflows/verify-cli.md | 4 ++-- docs/versioned_docs/version-2.11/workflows/sbom.md | 4 +++- docs/versioned_docs/version-2.11/workflows/trusted-launch.md | 3 ++- docs/versioned_docs/version-2.11/workflows/verify-cli.md | 4 ++-- docs/versioned_docs/version-2.12/workflows/sbom.md | 4 +++- docs/versioned_docs/version-2.12/workflows/trusted-launch.md | 3 ++- docs/versioned_docs/version-2.12/workflows/verify-cli.md | 4 ++-- docs/versioned_docs/version-2.13/workflows/sbom.md | 4 +++- docs/versioned_docs/version-2.13/workflows/trusted-launch.md | 3 ++- docs/versioned_docs/version-2.13/workflows/verify-cli.md | 4 ++-- docs/versioned_docs/version-2.14/workflows/sbom.md | 4 +++- docs/versioned_docs/version-2.14/workflows/trusted-launch.md | 2 +- docs/versioned_docs/version-2.14/workflows/verify-cli.md | 4 ++-- docs/versioned_docs/version-2.15/workflows/sbom.md | 4 +++- docs/versioned_docs/version-2.15/workflows/trusted-launch.md | 2 +- docs/versioned_docs/version-2.15/workflows/verify-cli.md | 4 ++-- .../version-2.16/getting-started/first-steps.md | 2 +- docs/versioned_docs/version-2.16/workflows/sbom.md | 4 +++- docs/versioned_docs/version-2.16/workflows/trusted-launch.md | 2 +- docs/versioned_docs/version-2.16/workflows/verify-cli.md | 4 ++-- .../version-2.17/getting-started/first-steps.md | 4 ++-- docs/versioned_docs/version-2.17/workflows/sbom.md | 4 +++- docs/versioned_docs/version-2.17/workflows/trusted-launch.md | 2 +- docs/versioned_docs/version-2.17/workflows/verify-cli.md | 4 ++-- docs/versioned_docs/version-2.2/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.2/workflows/trusted-launch.md | 3 ++- docs/versioned_docs/version-2.2/workflows/verify-cli.md | 4 ++-- docs/versioned_docs/version-2.3/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.3/workflows/trusted-launch.md | 3 ++- docs/versioned_docs/version-2.3/workflows/verify-cli.md | 4 ++-- docs/versioned_docs/version-2.4/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.4/workflows/trusted-launch.md | 3 ++- docs/versioned_docs/version-2.4/workflows/verify-cli.md | 4 ++-- docs/versioned_docs/version-2.5/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.5/workflows/trusted-launch.md | 3 ++- docs/versioned_docs/version-2.5/workflows/verify-cli.md | 4 ++-- docs/versioned_docs/version-2.6/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.6/workflows/trusted-launch.md | 3 ++- docs/versioned_docs/version-2.6/workflows/verify-cli.md | 4 ++-- docs/versioned_docs/version-2.7/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.7/workflows/trusted-launch.md | 3 ++- docs/versioned_docs/version-2.7/workflows/verify-cli.md | 4 ++-- docs/versioned_docs/version-2.8/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.8/workflows/trusted-launch.md | 3 ++- docs/versioned_docs/version-2.8/workflows/verify-cli.md | 4 ++-- docs/versioned_docs/version-2.9/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.9/workflows/trusted-launch.md | 3 ++- docs/versioned_docs/version-2.9/workflows/verify-cli.md | 4 ++-- 56 files changed, 107 insertions(+), 77 deletions(-) diff --git a/docs/docs/getting-started/first-steps.md b/docs/docs/getting-started/first-steps.md index 925ec7df9..8c1da1967 100644 --- a/docs/docs/getting-started/first-steps.md +++ b/docs/docs/getting-started/first-steps.md @@ -13,7 +13,7 @@ If you encounter any problem with the following steps, make sure to use the [lat ## Create a cluster -1. Create the [configuration file](../workflows/config.md) and state file for your cloud provider. If you are following the steps of this guide, there is no need to edit the file. +1. Create the [configuration file](../workflows/config.md) and state file for your cloud provider. If you are following the steps of this guide, there is no need to edit the file. @@ -115,7 +115,7 @@ If you encounter any problem with the following steps, make sure to use the [lat To use Constellation on STACKIT, the cluster will use the User Access Token (UAT) that's generated [during the install step](./install.md). After creating the accounts, fill in the STACKIT details in `constellation-conf.yaml` under `provider.openstack`: - - `stackitProjectID`: STACKIT project id (can be found after login on ) + * `stackitProjectID`: STACKIT project id (can be found after login on the [STACKIT portal](https://portal.stackit.cloud)) diff --git a/docs/docs/workflows/sbom.md b/docs/docs/workflows/sbom.md index 9ef6eb65c..358b9a97c 100644 --- a/docs/docs/workflows/sbom.md +++ b/docs/docs/workflows/sbom.md @@ -11,13 +11,15 @@ SBOMs for Constellation are generated using [Syft](https://github.com/anchore/sy :::note The public key for Edgeless Systems' long-term code-signing key is: + ``` -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEf8F1hpmwE+YCFXzjGtaQcrL6XZVT JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at https://edgeless.systems/es.pub and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). + +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). Make sure the key is available in a file named `cosign.pub` to execute the following examples. ::: diff --git a/docs/docs/workflows/trusted-launch.md b/docs/docs/workflows/trusted-launch.md index 9bc7e785f..d6d01d8eb 100644 --- a/docs/docs/workflows/trusted-launch.md +++ b/docs/docs/workflows/trusted-launch.md @@ -14,7 +14,7 @@ Constellation supports trusted launch VMs with instance types `Standard_D*_v4` a Azure currently doesn't support [community galleries for trusted launch VMs](https://docs.microsoft.com/en-us/azure/virtual-machines/share-gallery-community). Thus, you need to manually import the Constellation node image into your cloud subscription. -The latest image is available at . Simply adjust the version number to download a newer version. +The latest image is available at `https://cdn.confidential.cloud/constellation/images/azure/trusted-launch/v2.2.0/constellation.img`. Simply adjust the version number to download a newer version. After you've downloaded the image, create a resource group `constellation-images` in your Azure subscription and import the image. You can use a script to do this: diff --git a/docs/docs/workflows/verify-cli.md b/docs/docs/workflows/verify-cli.md index 78341f314..58d19f572 100644 --- a/docs/docs/workflows/verify-cli.md +++ b/docs/docs/workflows/verify-cli.md @@ -8,7 +8,7 @@ This recording presents the essence of this page. It's recommended to read it in --- -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at . +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -20,7 +20,7 @@ JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). ::: The Rekor transparency log is a public append-only ledger that verifies and records signatures and associated metadata. The Rekor transparency log enables everyone to observe the sequence of (software) signatures issued by Edgeless Systems and many other parties. The transparency log allows for the public identification of dubious or malicious signatures. diff --git a/docs/versioned_docs/version-2.0/workflows/verify-cli.md b/docs/versioned_docs/version-2.0/workflows/verify-cli.md index 0a52fedd4..a65a5a749 100644 --- a/docs/versioned_docs/version-2.0/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.0/workflows/verify-cli.md @@ -1,6 +1,6 @@ # Verify the CLI -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at . +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -12,7 +12,7 @@ JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). ::: The Rekor transparency log is a public append-only ledger that verifies and records signatures and associated metadata. The Rekor transparency log enables everyone to observe the sequence of (software) signatures issued by Edgeless Systems and many other parties. The transparency log allows for the public identification of dubious or malicious signatures. diff --git a/docs/versioned_docs/version-2.1/workflows/verify-cli.md b/docs/versioned_docs/version-2.1/workflows/verify-cli.md index 0a52fedd4..a65a5a749 100644 --- a/docs/versioned_docs/version-2.1/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.1/workflows/verify-cli.md @@ -1,6 +1,6 @@ # Verify the CLI -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at . +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -12,7 +12,7 @@ JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). ::: The Rekor transparency log is a public append-only ledger that verifies and records signatures and associated metadata. The Rekor transparency log enables everyone to observe the sequence of (software) signatures issued by Edgeless Systems and many other parties. The transparency log allows for the public identification of dubious or malicious signatures. diff --git a/docs/versioned_docs/version-2.10/workflows/sbom.md b/docs/versioned_docs/version-2.10/workflows/sbom.md index 9ef6eb65c..358b9a97c 100644 --- a/docs/versioned_docs/version-2.10/workflows/sbom.md +++ b/docs/versioned_docs/version-2.10/workflows/sbom.md @@ -11,13 +11,15 @@ SBOMs for Constellation are generated using [Syft](https://github.com/anchore/sy :::note The public key for Edgeless Systems' long-term code-signing key is: + ``` -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEf8F1hpmwE+YCFXzjGtaQcrL6XZVT JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at https://edgeless.systems/es.pub and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). + +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). Make sure the key is available in a file named `cosign.pub` to execute the following examples. ::: diff --git a/docs/versioned_docs/version-2.10/workflows/trusted-launch.md b/docs/versioned_docs/version-2.10/workflows/trusted-launch.md index 13bd63ba6..11d0a096c 100644 --- a/docs/versioned_docs/version-2.10/workflows/trusted-launch.md +++ b/docs/versioned_docs/version-2.10/workflows/trusted-launch.md @@ -14,7 +14,7 @@ Constellation supports trusted launch VMs with instance types `Standard_D*_v4` a Azure currently doesn't support [community galleries for trusted launch VMs](https://docs.microsoft.com/en-us/azure/virtual-machines/share-gallery-community). Thus, you need to manually import the Constellation node image into your cloud subscription. -The latest image is available at . Simply adjust the version number to download a newer version. +The latest image is available at `https://cdn.confidential.cloud/constellation/images/azure/trusted-launch/v2.2.0/constellation.img`. Simply adjust the version number to download a newer version. After you've downloaded the image, create a resource group `constellation-images` in your Azure subscription and import the image. You can use a script to do this: @@ -26,6 +26,7 @@ AZURE_IMAGE_VERSION=2.2.0 AZURE_RESOURCE_GROUP_NAME=constellation-images AZURE_I ``` The script creates the following resources: + 1. A new image gallery with the default name `constellation-import` 2. A new image definition with the default name `constellation` 3. The actual image with the provided version. In this case `2.2.0` diff --git a/docs/versioned_docs/version-2.10/workflows/verify-cli.md b/docs/versioned_docs/version-2.10/workflows/verify-cli.md index 78341f314..58d19f572 100644 --- a/docs/versioned_docs/version-2.10/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.10/workflows/verify-cli.md @@ -8,7 +8,7 @@ This recording presents the essence of this page. It's recommended to read it in --- -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at . +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -20,7 +20,7 @@ JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). ::: The Rekor transparency log is a public append-only ledger that verifies and records signatures and associated metadata. The Rekor transparency log enables everyone to observe the sequence of (software) signatures issued by Edgeless Systems and many other parties. The transparency log allows for the public identification of dubious or malicious signatures. diff --git a/docs/versioned_docs/version-2.11/workflows/sbom.md b/docs/versioned_docs/version-2.11/workflows/sbom.md index 9ef6eb65c..358b9a97c 100644 --- a/docs/versioned_docs/version-2.11/workflows/sbom.md +++ b/docs/versioned_docs/version-2.11/workflows/sbom.md @@ -11,13 +11,15 @@ SBOMs for Constellation are generated using [Syft](https://github.com/anchore/sy :::note The public key for Edgeless Systems' long-term code-signing key is: + ``` -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEf8F1hpmwE+YCFXzjGtaQcrL6XZVT JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at https://edgeless.systems/es.pub and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). + +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). Make sure the key is available in a file named `cosign.pub` to execute the following examples. ::: diff --git a/docs/versioned_docs/version-2.11/workflows/trusted-launch.md b/docs/versioned_docs/version-2.11/workflows/trusted-launch.md index 13bd63ba6..11d0a096c 100644 --- a/docs/versioned_docs/version-2.11/workflows/trusted-launch.md +++ b/docs/versioned_docs/version-2.11/workflows/trusted-launch.md @@ -14,7 +14,7 @@ Constellation supports trusted launch VMs with instance types `Standard_D*_v4` a Azure currently doesn't support [community galleries for trusted launch VMs](https://docs.microsoft.com/en-us/azure/virtual-machines/share-gallery-community). Thus, you need to manually import the Constellation node image into your cloud subscription. -The latest image is available at . Simply adjust the version number to download a newer version. +The latest image is available at `https://cdn.confidential.cloud/constellation/images/azure/trusted-launch/v2.2.0/constellation.img`. Simply adjust the version number to download a newer version. After you've downloaded the image, create a resource group `constellation-images` in your Azure subscription and import the image. You can use a script to do this: @@ -26,6 +26,7 @@ AZURE_IMAGE_VERSION=2.2.0 AZURE_RESOURCE_GROUP_NAME=constellation-images AZURE_I ``` The script creates the following resources: + 1. A new image gallery with the default name `constellation-import` 2. A new image definition with the default name `constellation` 3. The actual image with the provided version. In this case `2.2.0` diff --git a/docs/versioned_docs/version-2.11/workflows/verify-cli.md b/docs/versioned_docs/version-2.11/workflows/verify-cli.md index 78341f314..58d19f572 100644 --- a/docs/versioned_docs/version-2.11/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.11/workflows/verify-cli.md @@ -8,7 +8,7 @@ This recording presents the essence of this page. It's recommended to read it in --- -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at . +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -20,7 +20,7 @@ JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). ::: The Rekor transparency log is a public append-only ledger that verifies and records signatures and associated metadata. The Rekor transparency log enables everyone to observe the sequence of (software) signatures issued by Edgeless Systems and many other parties. The transparency log allows for the public identification of dubious or malicious signatures. diff --git a/docs/versioned_docs/version-2.12/workflows/sbom.md b/docs/versioned_docs/version-2.12/workflows/sbom.md index 9ef6eb65c..358b9a97c 100644 --- a/docs/versioned_docs/version-2.12/workflows/sbom.md +++ b/docs/versioned_docs/version-2.12/workflows/sbom.md @@ -11,13 +11,15 @@ SBOMs for Constellation are generated using [Syft](https://github.com/anchore/sy :::note The public key for Edgeless Systems' long-term code-signing key is: + ``` -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEf8F1hpmwE+YCFXzjGtaQcrL6XZVT JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at https://edgeless.systems/es.pub and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). + +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). Make sure the key is available in a file named `cosign.pub` to execute the following examples. ::: diff --git a/docs/versioned_docs/version-2.12/workflows/trusted-launch.md b/docs/versioned_docs/version-2.12/workflows/trusted-launch.md index 13bd63ba6..11d0a096c 100644 --- a/docs/versioned_docs/version-2.12/workflows/trusted-launch.md +++ b/docs/versioned_docs/version-2.12/workflows/trusted-launch.md @@ -14,7 +14,7 @@ Constellation supports trusted launch VMs with instance types `Standard_D*_v4` a Azure currently doesn't support [community galleries for trusted launch VMs](https://docs.microsoft.com/en-us/azure/virtual-machines/share-gallery-community). Thus, you need to manually import the Constellation node image into your cloud subscription. -The latest image is available at . Simply adjust the version number to download a newer version. +The latest image is available at `https://cdn.confidential.cloud/constellation/images/azure/trusted-launch/v2.2.0/constellation.img`. Simply adjust the version number to download a newer version. After you've downloaded the image, create a resource group `constellation-images` in your Azure subscription and import the image. You can use a script to do this: @@ -26,6 +26,7 @@ AZURE_IMAGE_VERSION=2.2.0 AZURE_RESOURCE_GROUP_NAME=constellation-images AZURE_I ``` The script creates the following resources: + 1. A new image gallery with the default name `constellation-import` 2. A new image definition with the default name `constellation` 3. The actual image with the provided version. In this case `2.2.0` diff --git a/docs/versioned_docs/version-2.12/workflows/verify-cli.md b/docs/versioned_docs/version-2.12/workflows/verify-cli.md index 78341f314..58d19f572 100644 --- a/docs/versioned_docs/version-2.12/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.12/workflows/verify-cli.md @@ -8,7 +8,7 @@ This recording presents the essence of this page. It's recommended to read it in --- -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at . +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -20,7 +20,7 @@ JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). ::: The Rekor transparency log is a public append-only ledger that verifies and records signatures and associated metadata. The Rekor transparency log enables everyone to observe the sequence of (software) signatures issued by Edgeless Systems and many other parties. The transparency log allows for the public identification of dubious or malicious signatures. diff --git a/docs/versioned_docs/version-2.13/workflows/sbom.md b/docs/versioned_docs/version-2.13/workflows/sbom.md index 9ef6eb65c..358b9a97c 100644 --- a/docs/versioned_docs/version-2.13/workflows/sbom.md +++ b/docs/versioned_docs/version-2.13/workflows/sbom.md @@ -11,13 +11,15 @@ SBOMs for Constellation are generated using [Syft](https://github.com/anchore/sy :::note The public key for Edgeless Systems' long-term code-signing key is: + ``` -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEf8F1hpmwE+YCFXzjGtaQcrL6XZVT JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at https://edgeless.systems/es.pub and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). + +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). Make sure the key is available in a file named `cosign.pub` to execute the following examples. ::: diff --git a/docs/versioned_docs/version-2.13/workflows/trusted-launch.md b/docs/versioned_docs/version-2.13/workflows/trusted-launch.md index 13bd63ba6..11d0a096c 100644 --- a/docs/versioned_docs/version-2.13/workflows/trusted-launch.md +++ b/docs/versioned_docs/version-2.13/workflows/trusted-launch.md @@ -14,7 +14,7 @@ Constellation supports trusted launch VMs with instance types `Standard_D*_v4` a Azure currently doesn't support [community galleries for trusted launch VMs](https://docs.microsoft.com/en-us/azure/virtual-machines/share-gallery-community). Thus, you need to manually import the Constellation node image into your cloud subscription. -The latest image is available at . Simply adjust the version number to download a newer version. +The latest image is available at `https://cdn.confidential.cloud/constellation/images/azure/trusted-launch/v2.2.0/constellation.img`. Simply adjust the version number to download a newer version. After you've downloaded the image, create a resource group `constellation-images` in your Azure subscription and import the image. You can use a script to do this: @@ -26,6 +26,7 @@ AZURE_IMAGE_VERSION=2.2.0 AZURE_RESOURCE_GROUP_NAME=constellation-images AZURE_I ``` The script creates the following resources: + 1. A new image gallery with the default name `constellation-import` 2. A new image definition with the default name `constellation` 3. The actual image with the provided version. In this case `2.2.0` diff --git a/docs/versioned_docs/version-2.13/workflows/verify-cli.md b/docs/versioned_docs/version-2.13/workflows/verify-cli.md index 78341f314..58d19f572 100644 --- a/docs/versioned_docs/version-2.13/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.13/workflows/verify-cli.md @@ -8,7 +8,7 @@ This recording presents the essence of this page. It's recommended to read it in --- -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at . +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -20,7 +20,7 @@ JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). ::: The Rekor transparency log is a public append-only ledger that verifies and records signatures and associated metadata. The Rekor transparency log enables everyone to observe the sequence of (software) signatures issued by Edgeless Systems and many other parties. The transparency log allows for the public identification of dubious or malicious signatures. diff --git a/docs/versioned_docs/version-2.14/workflows/sbom.md b/docs/versioned_docs/version-2.14/workflows/sbom.md index 9ef6eb65c..358b9a97c 100644 --- a/docs/versioned_docs/version-2.14/workflows/sbom.md +++ b/docs/versioned_docs/version-2.14/workflows/sbom.md @@ -11,13 +11,15 @@ SBOMs for Constellation are generated using [Syft](https://github.com/anchore/sy :::note The public key for Edgeless Systems' long-term code-signing key is: + ``` -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEf8F1hpmwE+YCFXzjGtaQcrL6XZVT JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at https://edgeless.systems/es.pub and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). + +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). Make sure the key is available in a file named `cosign.pub` to execute the following examples. ::: diff --git a/docs/versioned_docs/version-2.14/workflows/trusted-launch.md b/docs/versioned_docs/version-2.14/workflows/trusted-launch.md index 9bc7e785f..d6d01d8eb 100644 --- a/docs/versioned_docs/version-2.14/workflows/trusted-launch.md +++ b/docs/versioned_docs/version-2.14/workflows/trusted-launch.md @@ -14,7 +14,7 @@ Constellation supports trusted launch VMs with instance types `Standard_D*_v4` a Azure currently doesn't support [community galleries for trusted launch VMs](https://docs.microsoft.com/en-us/azure/virtual-machines/share-gallery-community). Thus, you need to manually import the Constellation node image into your cloud subscription. -The latest image is available at . Simply adjust the version number to download a newer version. +The latest image is available at `https://cdn.confidential.cloud/constellation/images/azure/trusted-launch/v2.2.0/constellation.img`. Simply adjust the version number to download a newer version. After you've downloaded the image, create a resource group `constellation-images` in your Azure subscription and import the image. You can use a script to do this: diff --git a/docs/versioned_docs/version-2.14/workflows/verify-cli.md b/docs/versioned_docs/version-2.14/workflows/verify-cli.md index 78341f314..58d19f572 100644 --- a/docs/versioned_docs/version-2.14/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.14/workflows/verify-cli.md @@ -8,7 +8,7 @@ This recording presents the essence of this page. It's recommended to read it in --- -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at . +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -20,7 +20,7 @@ JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). ::: The Rekor transparency log is a public append-only ledger that verifies and records signatures and associated metadata. The Rekor transparency log enables everyone to observe the sequence of (software) signatures issued by Edgeless Systems and many other parties. The transparency log allows for the public identification of dubious or malicious signatures. diff --git a/docs/versioned_docs/version-2.15/workflows/sbom.md b/docs/versioned_docs/version-2.15/workflows/sbom.md index 9ef6eb65c..358b9a97c 100644 --- a/docs/versioned_docs/version-2.15/workflows/sbom.md +++ b/docs/versioned_docs/version-2.15/workflows/sbom.md @@ -11,13 +11,15 @@ SBOMs for Constellation are generated using [Syft](https://github.com/anchore/sy :::note The public key for Edgeless Systems' long-term code-signing key is: + ``` -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEf8F1hpmwE+YCFXzjGtaQcrL6XZVT JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at https://edgeless.systems/es.pub and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). + +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). Make sure the key is available in a file named `cosign.pub` to execute the following examples. ::: diff --git a/docs/versioned_docs/version-2.15/workflows/trusted-launch.md b/docs/versioned_docs/version-2.15/workflows/trusted-launch.md index 9bc7e785f..d6d01d8eb 100644 --- a/docs/versioned_docs/version-2.15/workflows/trusted-launch.md +++ b/docs/versioned_docs/version-2.15/workflows/trusted-launch.md @@ -14,7 +14,7 @@ Constellation supports trusted launch VMs with instance types `Standard_D*_v4` a Azure currently doesn't support [community galleries for trusted launch VMs](https://docs.microsoft.com/en-us/azure/virtual-machines/share-gallery-community). Thus, you need to manually import the Constellation node image into your cloud subscription. -The latest image is available at . Simply adjust the version number to download a newer version. +The latest image is available at `https://cdn.confidential.cloud/constellation/images/azure/trusted-launch/v2.2.0/constellation.img`. Simply adjust the version number to download a newer version. After you've downloaded the image, create a resource group `constellation-images` in your Azure subscription and import the image. You can use a script to do this: diff --git a/docs/versioned_docs/version-2.15/workflows/verify-cli.md b/docs/versioned_docs/version-2.15/workflows/verify-cli.md index 78341f314..58d19f572 100644 --- a/docs/versioned_docs/version-2.15/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.15/workflows/verify-cli.md @@ -8,7 +8,7 @@ This recording presents the essence of this page. It's recommended to read it in --- -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at . +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -20,7 +20,7 @@ JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). ::: The Rekor transparency log is a public append-only ledger that verifies and records signatures and associated metadata. The Rekor transparency log enables everyone to observe the sequence of (software) signatures issued by Edgeless Systems and many other parties. The transparency log allows for the public identification of dubious or malicious signatures. diff --git a/docs/versioned_docs/version-2.16/getting-started/first-steps.md b/docs/versioned_docs/version-2.16/getting-started/first-steps.md index ff4975496..b29bf5926 100644 --- a/docs/versioned_docs/version-2.16/getting-started/first-steps.md +++ b/docs/versioned_docs/version-2.16/getting-started/first-steps.md @@ -115,7 +115,7 @@ If you encounter any problem with the following steps, make sure to use the [lat To use Constellation on STACKIT, the cluster will use the User Access Token (UAT) that's generated [during the install step](./install.md). After creating the accounts, fill in the STACKIT details in `constellation-conf.yaml` under `provider.openstack`: - - `stackitProjectID`: STACKIT project id (can be found after login on ) + * `stackitProjectID`: STACKIT project id (can be found after login on the [STACKIT portal](https://portal.stackit.cloud)) diff --git a/docs/versioned_docs/version-2.16/workflows/sbom.md b/docs/versioned_docs/version-2.16/workflows/sbom.md index 9ef6eb65c..358b9a97c 100644 --- a/docs/versioned_docs/version-2.16/workflows/sbom.md +++ b/docs/versioned_docs/version-2.16/workflows/sbom.md @@ -11,13 +11,15 @@ SBOMs for Constellation are generated using [Syft](https://github.com/anchore/sy :::note The public key for Edgeless Systems' long-term code-signing key is: + ``` -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEf8F1hpmwE+YCFXzjGtaQcrL6XZVT JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at https://edgeless.systems/es.pub and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). + +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). Make sure the key is available in a file named `cosign.pub` to execute the following examples. ::: diff --git a/docs/versioned_docs/version-2.16/workflows/trusted-launch.md b/docs/versioned_docs/version-2.16/workflows/trusted-launch.md index 9bc7e785f..d6d01d8eb 100644 --- a/docs/versioned_docs/version-2.16/workflows/trusted-launch.md +++ b/docs/versioned_docs/version-2.16/workflows/trusted-launch.md @@ -14,7 +14,7 @@ Constellation supports trusted launch VMs with instance types `Standard_D*_v4` a Azure currently doesn't support [community galleries for trusted launch VMs](https://docs.microsoft.com/en-us/azure/virtual-machines/share-gallery-community). Thus, you need to manually import the Constellation node image into your cloud subscription. -The latest image is available at . Simply adjust the version number to download a newer version. +The latest image is available at `https://cdn.confidential.cloud/constellation/images/azure/trusted-launch/v2.2.0/constellation.img`. Simply adjust the version number to download a newer version. After you've downloaded the image, create a resource group `constellation-images` in your Azure subscription and import the image. You can use a script to do this: diff --git a/docs/versioned_docs/version-2.16/workflows/verify-cli.md b/docs/versioned_docs/version-2.16/workflows/verify-cli.md index 78341f314..58d19f572 100644 --- a/docs/versioned_docs/version-2.16/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.16/workflows/verify-cli.md @@ -8,7 +8,7 @@ This recording presents the essence of this page. It's recommended to read it in --- -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at . +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -20,7 +20,7 @@ JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). ::: The Rekor transparency log is a public append-only ledger that verifies and records signatures and associated metadata. The Rekor transparency log enables everyone to observe the sequence of (software) signatures issued by Edgeless Systems and many other parties. The transparency log allows for the public identification of dubious or malicious signatures. diff --git a/docs/versioned_docs/version-2.17/getting-started/first-steps.md b/docs/versioned_docs/version-2.17/getting-started/first-steps.md index 925ec7df9..8c1da1967 100644 --- a/docs/versioned_docs/version-2.17/getting-started/first-steps.md +++ b/docs/versioned_docs/version-2.17/getting-started/first-steps.md @@ -13,7 +13,7 @@ If you encounter any problem with the following steps, make sure to use the [lat ## Create a cluster -1. Create the [configuration file](../workflows/config.md) and state file for your cloud provider. If you are following the steps of this guide, there is no need to edit the file. +1. Create the [configuration file](../workflows/config.md) and state file for your cloud provider. If you are following the steps of this guide, there is no need to edit the file. @@ -115,7 +115,7 @@ If you encounter any problem with the following steps, make sure to use the [lat To use Constellation on STACKIT, the cluster will use the User Access Token (UAT) that's generated [during the install step](./install.md). After creating the accounts, fill in the STACKIT details in `constellation-conf.yaml` under `provider.openstack`: - - `stackitProjectID`: STACKIT project id (can be found after login on ) + * `stackitProjectID`: STACKIT project id (can be found after login on the [STACKIT portal](https://portal.stackit.cloud)) diff --git a/docs/versioned_docs/version-2.17/workflows/sbom.md b/docs/versioned_docs/version-2.17/workflows/sbom.md index 9ef6eb65c..358b9a97c 100644 --- a/docs/versioned_docs/version-2.17/workflows/sbom.md +++ b/docs/versioned_docs/version-2.17/workflows/sbom.md @@ -11,13 +11,15 @@ SBOMs for Constellation are generated using [Syft](https://github.com/anchore/sy :::note The public key for Edgeless Systems' long-term code-signing key is: + ``` -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEf8F1hpmwE+YCFXzjGtaQcrL6XZVT JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at https://edgeless.systems/es.pub and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). + +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). Make sure the key is available in a file named `cosign.pub` to execute the following examples. ::: diff --git a/docs/versioned_docs/version-2.17/workflows/trusted-launch.md b/docs/versioned_docs/version-2.17/workflows/trusted-launch.md index 9bc7e785f..d6d01d8eb 100644 --- a/docs/versioned_docs/version-2.17/workflows/trusted-launch.md +++ b/docs/versioned_docs/version-2.17/workflows/trusted-launch.md @@ -14,7 +14,7 @@ Constellation supports trusted launch VMs with instance types `Standard_D*_v4` a Azure currently doesn't support [community galleries for trusted launch VMs](https://docs.microsoft.com/en-us/azure/virtual-machines/share-gallery-community). Thus, you need to manually import the Constellation node image into your cloud subscription. -The latest image is available at . Simply adjust the version number to download a newer version. +The latest image is available at `https://cdn.confidential.cloud/constellation/images/azure/trusted-launch/v2.2.0/constellation.img`. Simply adjust the version number to download a newer version. After you've downloaded the image, create a resource group `constellation-images` in your Azure subscription and import the image. You can use a script to do this: diff --git a/docs/versioned_docs/version-2.17/workflows/verify-cli.md b/docs/versioned_docs/version-2.17/workflows/verify-cli.md index 78341f314..58d19f572 100644 --- a/docs/versioned_docs/version-2.17/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.17/workflows/verify-cli.md @@ -8,7 +8,7 @@ This recording presents the essence of this page. It's recommended to read it in --- -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at . +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -20,7 +20,7 @@ JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). ::: The Rekor transparency log is a public append-only ledger that verifies and records signatures and associated metadata. The Rekor transparency log enables everyone to observe the sequence of (software) signatures issued by Edgeless Systems and many other parties. The transparency log allows for the public identification of dubious or malicious signatures. diff --git a/docs/versioned_docs/version-2.2/workflows/sbom.md b/docs/versioned_docs/version-2.2/workflows/sbom.md index ec9834b4f..817685a02 100644 --- a/docs/versioned_docs/version-2.2/workflows/sbom.md +++ b/docs/versioned_docs/version-2.2/workflows/sbom.md @@ -15,7 +15,7 @@ JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). Make sure the key is available in a file named `cosign.pub` to execute the following examples. ::: diff --git a/docs/versioned_docs/version-2.2/workflows/trusted-launch.md b/docs/versioned_docs/version-2.2/workflows/trusted-launch.md index 13bd63ba6..11d0a096c 100644 --- a/docs/versioned_docs/version-2.2/workflows/trusted-launch.md +++ b/docs/versioned_docs/version-2.2/workflows/trusted-launch.md @@ -14,7 +14,7 @@ Constellation supports trusted launch VMs with instance types `Standard_D*_v4` a Azure currently doesn't support [community galleries for trusted launch VMs](https://docs.microsoft.com/en-us/azure/virtual-machines/share-gallery-community). Thus, you need to manually import the Constellation node image into your cloud subscription. -The latest image is available at . Simply adjust the version number to download a newer version. +The latest image is available at `https://cdn.confidential.cloud/constellation/images/azure/trusted-launch/v2.2.0/constellation.img`. Simply adjust the version number to download a newer version. After you've downloaded the image, create a resource group `constellation-images` in your Azure subscription and import the image. You can use a script to do this: @@ -26,6 +26,7 @@ AZURE_IMAGE_VERSION=2.2.0 AZURE_RESOURCE_GROUP_NAME=constellation-images AZURE_I ``` The script creates the following resources: + 1. A new image gallery with the default name `constellation-import` 2. A new image definition with the default name `constellation` 3. The actual image with the provided version. In this case `2.2.0` diff --git a/docs/versioned_docs/version-2.2/workflows/verify-cli.md b/docs/versioned_docs/version-2.2/workflows/verify-cli.md index 0a52fedd4..a65a5a749 100644 --- a/docs/versioned_docs/version-2.2/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.2/workflows/verify-cli.md @@ -1,6 +1,6 @@ # Verify the CLI -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at . +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -12,7 +12,7 @@ JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). ::: The Rekor transparency log is a public append-only ledger that verifies and records signatures and associated metadata. The Rekor transparency log enables everyone to observe the sequence of (software) signatures issued by Edgeless Systems and many other parties. The transparency log allows for the public identification of dubious or malicious signatures. diff --git a/docs/versioned_docs/version-2.3/workflows/sbom.md b/docs/versioned_docs/version-2.3/workflows/sbom.md index ec9834b4f..817685a02 100644 --- a/docs/versioned_docs/version-2.3/workflows/sbom.md +++ b/docs/versioned_docs/version-2.3/workflows/sbom.md @@ -15,7 +15,7 @@ JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). Make sure the key is available in a file named `cosign.pub` to execute the following examples. ::: diff --git a/docs/versioned_docs/version-2.3/workflows/trusted-launch.md b/docs/versioned_docs/version-2.3/workflows/trusted-launch.md index 13bd63ba6..11d0a096c 100644 --- a/docs/versioned_docs/version-2.3/workflows/trusted-launch.md +++ b/docs/versioned_docs/version-2.3/workflows/trusted-launch.md @@ -14,7 +14,7 @@ Constellation supports trusted launch VMs with instance types `Standard_D*_v4` a Azure currently doesn't support [community galleries for trusted launch VMs](https://docs.microsoft.com/en-us/azure/virtual-machines/share-gallery-community). Thus, you need to manually import the Constellation node image into your cloud subscription. -The latest image is available at . Simply adjust the version number to download a newer version. +The latest image is available at `https://cdn.confidential.cloud/constellation/images/azure/trusted-launch/v2.2.0/constellation.img`. Simply adjust the version number to download a newer version. After you've downloaded the image, create a resource group `constellation-images` in your Azure subscription and import the image. You can use a script to do this: @@ -26,6 +26,7 @@ AZURE_IMAGE_VERSION=2.2.0 AZURE_RESOURCE_GROUP_NAME=constellation-images AZURE_I ``` The script creates the following resources: + 1. A new image gallery with the default name `constellation-import` 2. A new image definition with the default name `constellation` 3. The actual image with the provided version. In this case `2.2.0` diff --git a/docs/versioned_docs/version-2.3/workflows/verify-cli.md b/docs/versioned_docs/version-2.3/workflows/verify-cli.md index 4f6008cd0..ebaa86b21 100644 --- a/docs/versioned_docs/version-2.3/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.3/workflows/verify-cli.md @@ -1,6 +1,6 @@ # Verify the CLI -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at . +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -12,7 +12,7 @@ JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). ::: The Rekor transparency log is a public append-only ledger that verifies and records signatures and associated metadata. The Rekor transparency log enables everyone to observe the sequence of (software) signatures issued by Edgeless Systems and many other parties. The transparency log allows for the public identification of dubious or malicious signatures. diff --git a/docs/versioned_docs/version-2.4/workflows/sbom.md b/docs/versioned_docs/version-2.4/workflows/sbom.md index ec9834b4f..817685a02 100644 --- a/docs/versioned_docs/version-2.4/workflows/sbom.md +++ b/docs/versioned_docs/version-2.4/workflows/sbom.md @@ -15,7 +15,7 @@ JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). Make sure the key is available in a file named `cosign.pub` to execute the following examples. ::: diff --git a/docs/versioned_docs/version-2.4/workflows/trusted-launch.md b/docs/versioned_docs/version-2.4/workflows/trusted-launch.md index 13bd63ba6..11d0a096c 100644 --- a/docs/versioned_docs/version-2.4/workflows/trusted-launch.md +++ b/docs/versioned_docs/version-2.4/workflows/trusted-launch.md @@ -14,7 +14,7 @@ Constellation supports trusted launch VMs with instance types `Standard_D*_v4` a Azure currently doesn't support [community galleries for trusted launch VMs](https://docs.microsoft.com/en-us/azure/virtual-machines/share-gallery-community). Thus, you need to manually import the Constellation node image into your cloud subscription. -The latest image is available at . Simply adjust the version number to download a newer version. +The latest image is available at `https://cdn.confidential.cloud/constellation/images/azure/trusted-launch/v2.2.0/constellation.img`. Simply adjust the version number to download a newer version. After you've downloaded the image, create a resource group `constellation-images` in your Azure subscription and import the image. You can use a script to do this: @@ -26,6 +26,7 @@ AZURE_IMAGE_VERSION=2.2.0 AZURE_RESOURCE_GROUP_NAME=constellation-images AZURE_I ``` The script creates the following resources: + 1. A new image gallery with the default name `constellation-import` 2. A new image definition with the default name `constellation` 3. The actual image with the provided version. In this case `2.2.0` diff --git a/docs/versioned_docs/version-2.4/workflows/verify-cli.md b/docs/versioned_docs/version-2.4/workflows/verify-cli.md index 4f6008cd0..ebaa86b21 100644 --- a/docs/versioned_docs/version-2.4/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.4/workflows/verify-cli.md @@ -1,6 +1,6 @@ # Verify the CLI -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at . +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -12,7 +12,7 @@ JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). ::: The Rekor transparency log is a public append-only ledger that verifies and records signatures and associated metadata. The Rekor transparency log enables everyone to observe the sequence of (software) signatures issued by Edgeless Systems and many other parties. The transparency log allows for the public identification of dubious or malicious signatures. diff --git a/docs/versioned_docs/version-2.5/workflows/sbom.md b/docs/versioned_docs/version-2.5/workflows/sbom.md index ec9834b4f..817685a02 100644 --- a/docs/versioned_docs/version-2.5/workflows/sbom.md +++ b/docs/versioned_docs/version-2.5/workflows/sbom.md @@ -15,7 +15,7 @@ JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). Make sure the key is available in a file named `cosign.pub` to execute the following examples. ::: diff --git a/docs/versioned_docs/version-2.5/workflows/trusted-launch.md b/docs/versioned_docs/version-2.5/workflows/trusted-launch.md index 13bd63ba6..11d0a096c 100644 --- a/docs/versioned_docs/version-2.5/workflows/trusted-launch.md +++ b/docs/versioned_docs/version-2.5/workflows/trusted-launch.md @@ -14,7 +14,7 @@ Constellation supports trusted launch VMs with instance types `Standard_D*_v4` a Azure currently doesn't support [community galleries for trusted launch VMs](https://docs.microsoft.com/en-us/azure/virtual-machines/share-gallery-community). Thus, you need to manually import the Constellation node image into your cloud subscription. -The latest image is available at . Simply adjust the version number to download a newer version. +The latest image is available at `https://cdn.confidential.cloud/constellation/images/azure/trusted-launch/v2.2.0/constellation.img`. Simply adjust the version number to download a newer version. After you've downloaded the image, create a resource group `constellation-images` in your Azure subscription and import the image. You can use a script to do this: @@ -26,6 +26,7 @@ AZURE_IMAGE_VERSION=2.2.0 AZURE_RESOURCE_GROUP_NAME=constellation-images AZURE_I ``` The script creates the following resources: + 1. A new image gallery with the default name `constellation-import` 2. A new image definition with the default name `constellation` 3. The actual image with the provided version. In this case `2.2.0` diff --git a/docs/versioned_docs/version-2.5/workflows/verify-cli.md b/docs/versioned_docs/version-2.5/workflows/verify-cli.md index 4f6008cd0..ebaa86b21 100644 --- a/docs/versioned_docs/version-2.5/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.5/workflows/verify-cli.md @@ -1,6 +1,6 @@ # Verify the CLI -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at . +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -12,7 +12,7 @@ JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). ::: The Rekor transparency log is a public append-only ledger that verifies and records signatures and associated metadata. The Rekor transparency log enables everyone to observe the sequence of (software) signatures issued by Edgeless Systems and many other parties. The transparency log allows for the public identification of dubious or malicious signatures. diff --git a/docs/versioned_docs/version-2.6/workflows/sbom.md b/docs/versioned_docs/version-2.6/workflows/sbom.md index 44b347a55..4fcf264ec 100644 --- a/docs/versioned_docs/version-2.6/workflows/sbom.md +++ b/docs/versioned_docs/version-2.6/workflows/sbom.md @@ -19,7 +19,7 @@ JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). Make sure the key is available in a file named `cosign.pub` to execute the following examples. ::: diff --git a/docs/versioned_docs/version-2.6/workflows/trusted-launch.md b/docs/versioned_docs/version-2.6/workflows/trusted-launch.md index 13bd63ba6..11d0a096c 100644 --- a/docs/versioned_docs/version-2.6/workflows/trusted-launch.md +++ b/docs/versioned_docs/version-2.6/workflows/trusted-launch.md @@ -14,7 +14,7 @@ Constellation supports trusted launch VMs with instance types `Standard_D*_v4` a Azure currently doesn't support [community galleries for trusted launch VMs](https://docs.microsoft.com/en-us/azure/virtual-machines/share-gallery-community). Thus, you need to manually import the Constellation node image into your cloud subscription. -The latest image is available at . Simply adjust the version number to download a newer version. +The latest image is available at `https://cdn.confidential.cloud/constellation/images/azure/trusted-launch/v2.2.0/constellation.img`. Simply adjust the version number to download a newer version. After you've downloaded the image, create a resource group `constellation-images` in your Azure subscription and import the image. You can use a script to do this: @@ -26,6 +26,7 @@ AZURE_IMAGE_VERSION=2.2.0 AZURE_RESOURCE_GROUP_NAME=constellation-images AZURE_I ``` The script creates the following resources: + 1. A new image gallery with the default name `constellation-import` 2. A new image definition with the default name `constellation` 3. The actual image with the provided version. In this case `2.2.0` diff --git a/docs/versioned_docs/version-2.6/workflows/verify-cli.md b/docs/versioned_docs/version-2.6/workflows/verify-cli.md index 1280c51b0..b2edd2465 100644 --- a/docs/versioned_docs/version-2.6/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.6/workflows/verify-cli.md @@ -8,7 +8,7 @@ This recording presents the essence of this page. It's recommended to read it in --- -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at . +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -20,7 +20,7 @@ JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). ::: The Rekor transparency log is a public append-only ledger that verifies and records signatures and associated metadata. The Rekor transparency log enables everyone to observe the sequence of (software) signatures issued by Edgeless Systems and many other parties. The transparency log allows for the public identification of dubious or malicious signatures. diff --git a/docs/versioned_docs/version-2.7/workflows/sbom.md b/docs/versioned_docs/version-2.7/workflows/sbom.md index 44b347a55..4fcf264ec 100644 --- a/docs/versioned_docs/version-2.7/workflows/sbom.md +++ b/docs/versioned_docs/version-2.7/workflows/sbom.md @@ -19,7 +19,7 @@ JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). Make sure the key is available in a file named `cosign.pub` to execute the following examples. ::: diff --git a/docs/versioned_docs/version-2.7/workflows/trusted-launch.md b/docs/versioned_docs/version-2.7/workflows/trusted-launch.md index 13bd63ba6..11d0a096c 100644 --- a/docs/versioned_docs/version-2.7/workflows/trusted-launch.md +++ b/docs/versioned_docs/version-2.7/workflows/trusted-launch.md @@ -14,7 +14,7 @@ Constellation supports trusted launch VMs with instance types `Standard_D*_v4` a Azure currently doesn't support [community galleries for trusted launch VMs](https://docs.microsoft.com/en-us/azure/virtual-machines/share-gallery-community). Thus, you need to manually import the Constellation node image into your cloud subscription. -The latest image is available at . Simply adjust the version number to download a newer version. +The latest image is available at `https://cdn.confidential.cloud/constellation/images/azure/trusted-launch/v2.2.0/constellation.img`. Simply adjust the version number to download a newer version. After you've downloaded the image, create a resource group `constellation-images` in your Azure subscription and import the image. You can use a script to do this: @@ -26,6 +26,7 @@ AZURE_IMAGE_VERSION=2.2.0 AZURE_RESOURCE_GROUP_NAME=constellation-images AZURE_I ``` The script creates the following resources: + 1. A new image gallery with the default name `constellation-import` 2. A new image definition with the default name `constellation` 3. The actual image with the provided version. In this case `2.2.0` diff --git a/docs/versioned_docs/version-2.7/workflows/verify-cli.md b/docs/versioned_docs/version-2.7/workflows/verify-cli.md index 1280c51b0..b2edd2465 100644 --- a/docs/versioned_docs/version-2.7/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.7/workflows/verify-cli.md @@ -8,7 +8,7 @@ This recording presents the essence of this page. It's recommended to read it in --- -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at . +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -20,7 +20,7 @@ JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). ::: The Rekor transparency log is a public append-only ledger that verifies and records signatures and associated metadata. The Rekor transparency log enables everyone to observe the sequence of (software) signatures issued by Edgeless Systems and many other parties. The transparency log allows for the public identification of dubious or malicious signatures. diff --git a/docs/versioned_docs/version-2.8/workflows/sbom.md b/docs/versioned_docs/version-2.8/workflows/sbom.md index c9dc0d5cc..358b9a97c 100644 --- a/docs/versioned_docs/version-2.8/workflows/sbom.md +++ b/docs/versioned_docs/version-2.8/workflows/sbom.md @@ -19,7 +19,7 @@ JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). Make sure the key is available in a file named `cosign.pub` to execute the following examples. ::: diff --git a/docs/versioned_docs/version-2.8/workflows/trusted-launch.md b/docs/versioned_docs/version-2.8/workflows/trusted-launch.md index 13bd63ba6..11d0a096c 100644 --- a/docs/versioned_docs/version-2.8/workflows/trusted-launch.md +++ b/docs/versioned_docs/version-2.8/workflows/trusted-launch.md @@ -14,7 +14,7 @@ Constellation supports trusted launch VMs with instance types `Standard_D*_v4` a Azure currently doesn't support [community galleries for trusted launch VMs](https://docs.microsoft.com/en-us/azure/virtual-machines/share-gallery-community). Thus, you need to manually import the Constellation node image into your cloud subscription. -The latest image is available at . Simply adjust the version number to download a newer version. +The latest image is available at `https://cdn.confidential.cloud/constellation/images/azure/trusted-launch/v2.2.0/constellation.img`. Simply adjust the version number to download a newer version. After you've downloaded the image, create a resource group `constellation-images` in your Azure subscription and import the image. You can use a script to do this: @@ -26,6 +26,7 @@ AZURE_IMAGE_VERSION=2.2.0 AZURE_RESOURCE_GROUP_NAME=constellation-images AZURE_I ``` The script creates the following resources: + 1. A new image gallery with the default name `constellation-import` 2. A new image definition with the default name `constellation` 3. The actual image with the provided version. In this case `2.2.0` diff --git a/docs/versioned_docs/version-2.8/workflows/verify-cli.md b/docs/versioned_docs/version-2.8/workflows/verify-cli.md index 1280c51b0..b2edd2465 100644 --- a/docs/versioned_docs/version-2.8/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.8/workflows/verify-cli.md @@ -8,7 +8,7 @@ This recording presents the essence of this page. It's recommended to read it in --- -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at . +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -20,7 +20,7 @@ JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). ::: The Rekor transparency log is a public append-only ledger that verifies and records signatures and associated metadata. The Rekor transparency log enables everyone to observe the sequence of (software) signatures issued by Edgeless Systems and many other parties. The transparency log allows for the public identification of dubious or malicious signatures. diff --git a/docs/versioned_docs/version-2.9/workflows/sbom.md b/docs/versioned_docs/version-2.9/workflows/sbom.md index c9dc0d5cc..358b9a97c 100644 --- a/docs/versioned_docs/version-2.9/workflows/sbom.md +++ b/docs/versioned_docs/version-2.9/workflows/sbom.md @@ -19,7 +19,7 @@ JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). Make sure the key is available in a file named `cosign.pub` to execute the following examples. ::: diff --git a/docs/versioned_docs/version-2.9/workflows/trusted-launch.md b/docs/versioned_docs/version-2.9/workflows/trusted-launch.md index 13bd63ba6..11d0a096c 100644 --- a/docs/versioned_docs/version-2.9/workflows/trusted-launch.md +++ b/docs/versioned_docs/version-2.9/workflows/trusted-launch.md @@ -14,7 +14,7 @@ Constellation supports trusted launch VMs with instance types `Standard_D*_v4` a Azure currently doesn't support [community galleries for trusted launch VMs](https://docs.microsoft.com/en-us/azure/virtual-machines/share-gallery-community). Thus, you need to manually import the Constellation node image into your cloud subscription. -The latest image is available at . Simply adjust the version number to download a newer version. +The latest image is available at `https://cdn.confidential.cloud/constellation/images/azure/trusted-launch/v2.2.0/constellation.img`. Simply adjust the version number to download a newer version. After you've downloaded the image, create a resource group `constellation-images` in your Azure subscription and import the image. You can use a script to do this: @@ -26,6 +26,7 @@ AZURE_IMAGE_VERSION=2.2.0 AZURE_RESOURCE_GROUP_NAME=constellation-images AZURE_I ``` The script creates the following resources: + 1. A new image gallery with the default name `constellation-import` 2. A new image definition with the default name `constellation` 3. The actual image with the provided version. In this case `2.2.0` diff --git a/docs/versioned_docs/version-2.9/workflows/verify-cli.md b/docs/versioned_docs/version-2.9/workflows/verify-cli.md index 1280c51b0..b2edd2465 100644 --- a/docs/versioned_docs/version-2.9/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.9/workflows/verify-cli.md @@ -8,7 +8,7 @@ This recording presents the essence of this page. It's recommended to read it in --- -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at . +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -20,7 +20,7 @@ JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== -----END PUBLIC KEY----- ``` -The public key is also available for download at and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). ::: The Rekor transparency log is a public append-only ledger that verifies and records signatures and associated metadata. The Rekor transparency log enables everyone to observe the sequence of (software) signatures issued by Edgeless Systems and many other parties. The transparency log allows for the public identification of dubious or malicious signatures. From ded559a3fe4cc0b12cc43ea9126e7d96566018ed Mon Sep 17 00:00:00 2001 From: Thomas Tendyck Date: Fri, 23 Aug 2024 12:34:46 +0200 Subject: [PATCH 226/380] docs: update AsciinemaWidget tags --- docs/docs/workflows/config.md | 2 +- docs/docs/workflows/create.md | 2 +- docs/docs/workflows/sbom.md | 2 +- docs/docs/workflows/terminate.md | 2 +- docs/docs/workflows/verify-cli.md | 2 +- docs/versioned_docs/version-2.10/workflows/config.md | 9 ++++----- docs/versioned_docs/version-2.10/workflows/create.md | 2 +- docs/versioned_docs/version-2.10/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.10/workflows/terminate.md | 2 +- docs/versioned_docs/version-2.10/workflows/verify-cli.md | 2 +- docs/versioned_docs/version-2.11/workflows/config.md | 9 ++++----- docs/versioned_docs/version-2.11/workflows/create.md | 4 ++-- docs/versioned_docs/version-2.11/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.11/workflows/terminate.md | 2 +- docs/versioned_docs/version-2.11/workflows/verify-cli.md | 2 +- docs/versioned_docs/version-2.12/workflows/config.md | 9 ++++----- docs/versioned_docs/version-2.12/workflows/create.md | 4 ++-- docs/versioned_docs/version-2.12/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.12/workflows/terminate.md | 2 +- docs/versioned_docs/version-2.12/workflows/verify-cli.md | 2 +- docs/versioned_docs/version-2.13/workflows/config.md | 9 ++++----- docs/versioned_docs/version-2.13/workflows/create.md | 2 +- docs/versioned_docs/version-2.13/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.13/workflows/terminate.md | 2 +- docs/versioned_docs/version-2.13/workflows/verify-cli.md | 2 +- docs/versioned_docs/version-2.14/workflows/config.md | 2 +- docs/versioned_docs/version-2.14/workflows/create.md | 2 +- docs/versioned_docs/version-2.14/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.14/workflows/terminate.md | 2 +- docs/versioned_docs/version-2.14/workflows/verify-cli.md | 2 +- docs/versioned_docs/version-2.15/workflows/config.md | 2 +- docs/versioned_docs/version-2.15/workflows/create.md | 2 +- docs/versioned_docs/version-2.15/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.15/workflows/terminate.md | 2 +- docs/versioned_docs/version-2.15/workflows/verify-cli.md | 2 +- docs/versioned_docs/version-2.16/workflows/config.md | 2 +- docs/versioned_docs/version-2.16/workflows/create.md | 2 +- docs/versioned_docs/version-2.16/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.16/workflows/terminate.md | 2 +- docs/versioned_docs/version-2.16/workflows/verify-cli.md | 2 +- docs/versioned_docs/version-2.17/workflows/config.md | 2 +- docs/versioned_docs/version-2.17/workflows/create.md | 2 +- docs/versioned_docs/version-2.17/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.17/workflows/terminate.md | 2 +- docs/versioned_docs/version-2.17/workflows/verify-cli.md | 2 +- docs/versioned_docs/version-2.6/workflows/config.md | 2 +- docs/versioned_docs/version-2.6/workflows/create.md | 2 +- docs/versioned_docs/version-2.6/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.6/workflows/terminate.md | 2 +- docs/versioned_docs/version-2.6/workflows/verify-cli.md | 2 +- docs/versioned_docs/version-2.7/workflows/config.md | 2 +- docs/versioned_docs/version-2.7/workflows/create.md | 2 +- docs/versioned_docs/version-2.7/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.7/workflows/terminate.md | 2 +- docs/versioned_docs/version-2.7/workflows/verify-cli.md | 2 +- docs/versioned_docs/version-2.8/workflows/config.md | 2 +- docs/versioned_docs/version-2.8/workflows/create.md | 2 +- docs/versioned_docs/version-2.8/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.8/workflows/terminate.md | 2 +- docs/versioned_docs/version-2.8/workflows/verify-cli.md | 2 +- docs/versioned_docs/version-2.9/workflows/config.md | 2 +- docs/versioned_docs/version-2.9/workflows/create.md | 2 +- docs/versioned_docs/version-2.9/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.9/workflows/terminate.md | 2 +- docs/versioned_docs/version-2.9/workflows/verify-cli.md | 2 +- 65 files changed, 79 insertions(+), 83 deletions(-) diff --git a/docs/docs/workflows/config.md b/docs/docs/workflows/config.md index c59207054..9da4305de 100644 --- a/docs/docs/workflows/config.md +++ b/docs/docs/workflows/config.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/docs/workflows/create.md b/docs/docs/workflows/create.md index 06a869953..388cbedf8 100644 --- a/docs/docs/workflows/create.md +++ b/docs/docs/workflows/create.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/docs/workflows/sbom.md b/docs/docs/workflows/sbom.md index 358b9a97c..ca1ae7d4b 100644 --- a/docs/docs/workflows/sbom.md +++ b/docs/docs/workflows/sbom.md @@ -1,6 +1,6 @@ # Consume software bill of materials (SBOMs) - + --- diff --git a/docs/docs/workflows/terminate.md b/docs/docs/workflows/terminate.md index 58c274bdd..11bbbb2ac 100644 --- a/docs/docs/workflows/terminate.md +++ b/docs/docs/workflows/terminate.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/docs/workflows/verify-cli.md b/docs/docs/workflows/verify-cli.md index 58d19f572..86392346b 100644 --- a/docs/docs/workflows/verify-cli.md +++ b/docs/docs/workflows/verify-cli.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.10/workflows/config.md b/docs/versioned_docs/version-2.10/workflows/config.md index 95f95aeec..e076e2e34 100644 --- a/docs/versioned_docs/version-2.10/workflows/config.md +++ b/docs/versioned_docs/version-2.10/workflows/config.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- @@ -86,7 +86,6 @@ By default, Constellation creates the node groups `control_plane_default` and `w If you require additional control-plane or worker groups with different instance types, zone placements, or disk sizes, you can add additional node groups to the `constellation-conf.yml` file. Each node group can be scaled individually. - Consider the following example for AWS: ```yaml @@ -120,9 +119,9 @@ You can use the field `zone` to specify what availability zone nodes of the grou On Azure, this field is empty by default and nodes are automatically spread across availability zones. Consult the documentation of your cloud provider for more information: -- [AWS](https://aws.amazon.com/about-aws/global-infrastructure/regions_az/) -- [Azure](https://azure.microsoft.com/en-us/explore/global-infrastructure/availability-zones) -- [GCP](https://cloud.google.com/compute/docs/regions-zones) +* [AWS](https://aws.amazon.com/about-aws/global-infrastructure/regions_az/) +* [Azure](https://azure.microsoft.com/en-us/explore/global-infrastructure/availability-zones) +* [GCP](https://cloud.google.com/compute/docs/regions-zones) ## Choosing a Kubernetes version diff --git a/docs/versioned_docs/version-2.10/workflows/create.md b/docs/versioned_docs/version-2.10/workflows/create.md index c0e0cd23d..9ef9b4020 100644 --- a/docs/versioned_docs/version-2.10/workflows/create.md +++ b/docs/versioned_docs/version-2.10/workflows/create.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.10/workflows/sbom.md b/docs/versioned_docs/version-2.10/workflows/sbom.md index 358b9a97c..ca1ae7d4b 100644 --- a/docs/versioned_docs/version-2.10/workflows/sbom.md +++ b/docs/versioned_docs/version-2.10/workflows/sbom.md @@ -1,6 +1,6 @@ # Consume software bill of materials (SBOMs) - + --- diff --git a/docs/versioned_docs/version-2.10/workflows/terminate.md b/docs/versioned_docs/version-2.10/workflows/terminate.md index 647eadb42..6c1eebb14 100644 --- a/docs/versioned_docs/version-2.10/workflows/terminate.md +++ b/docs/versioned_docs/version-2.10/workflows/terminate.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.10/workflows/verify-cli.md b/docs/versioned_docs/version-2.10/workflows/verify-cli.md index 58d19f572..86392346b 100644 --- a/docs/versioned_docs/version-2.10/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.10/workflows/verify-cli.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.11/workflows/config.md b/docs/versioned_docs/version-2.11/workflows/config.md index 95f95aeec..e076e2e34 100644 --- a/docs/versioned_docs/version-2.11/workflows/config.md +++ b/docs/versioned_docs/version-2.11/workflows/config.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- @@ -86,7 +86,6 @@ By default, Constellation creates the node groups `control_plane_default` and `w If you require additional control-plane or worker groups with different instance types, zone placements, or disk sizes, you can add additional node groups to the `constellation-conf.yml` file. Each node group can be scaled individually. - Consider the following example for AWS: ```yaml @@ -120,9 +119,9 @@ You can use the field `zone` to specify what availability zone nodes of the grou On Azure, this field is empty by default and nodes are automatically spread across availability zones. Consult the documentation of your cloud provider for more information: -- [AWS](https://aws.amazon.com/about-aws/global-infrastructure/regions_az/) -- [Azure](https://azure.microsoft.com/en-us/explore/global-infrastructure/availability-zones) -- [GCP](https://cloud.google.com/compute/docs/regions-zones) +* [AWS](https://aws.amazon.com/about-aws/global-infrastructure/regions_az/) +* [Azure](https://azure.microsoft.com/en-us/explore/global-infrastructure/availability-zones) +* [GCP](https://cloud.google.com/compute/docs/regions-zones) ## Choosing a Kubernetes version diff --git a/docs/versioned_docs/version-2.11/workflows/create.md b/docs/versioned_docs/version-2.11/workflows/create.md index d2b0adf90..aa421d88a 100644 --- a/docs/versioned_docs/version-2.11/workflows/create.md +++ b/docs/versioned_docs/version-2.11/workflows/create.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- @@ -94,6 +94,6 @@ export KUBECONFIG="$PWD/constellation-admin.conf" 🏁 That's it. You've successfully created a Constellation cluster. - ### Troubleshooting + In case `init` fails, the CLI collects logs from the bootstrapping instance and stores them inside `constellation-cluster.log`. diff --git a/docs/versioned_docs/version-2.11/workflows/sbom.md b/docs/versioned_docs/version-2.11/workflows/sbom.md index 358b9a97c..ca1ae7d4b 100644 --- a/docs/versioned_docs/version-2.11/workflows/sbom.md +++ b/docs/versioned_docs/version-2.11/workflows/sbom.md @@ -1,6 +1,6 @@ # Consume software bill of materials (SBOMs) - + --- diff --git a/docs/versioned_docs/version-2.11/workflows/terminate.md b/docs/versioned_docs/version-2.11/workflows/terminate.md index 647eadb42..6c1eebb14 100644 --- a/docs/versioned_docs/version-2.11/workflows/terminate.md +++ b/docs/versioned_docs/version-2.11/workflows/terminate.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.11/workflows/verify-cli.md b/docs/versioned_docs/version-2.11/workflows/verify-cli.md index 58d19f572..86392346b 100644 --- a/docs/versioned_docs/version-2.11/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.11/workflows/verify-cli.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.12/workflows/config.md b/docs/versioned_docs/version-2.12/workflows/config.md index 95f95aeec..e076e2e34 100644 --- a/docs/versioned_docs/version-2.12/workflows/config.md +++ b/docs/versioned_docs/version-2.12/workflows/config.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- @@ -86,7 +86,6 @@ By default, Constellation creates the node groups `control_plane_default` and `w If you require additional control-plane or worker groups with different instance types, zone placements, or disk sizes, you can add additional node groups to the `constellation-conf.yml` file. Each node group can be scaled individually. - Consider the following example for AWS: ```yaml @@ -120,9 +119,9 @@ You can use the field `zone` to specify what availability zone nodes of the grou On Azure, this field is empty by default and nodes are automatically spread across availability zones. Consult the documentation of your cloud provider for more information: -- [AWS](https://aws.amazon.com/about-aws/global-infrastructure/regions_az/) -- [Azure](https://azure.microsoft.com/en-us/explore/global-infrastructure/availability-zones) -- [GCP](https://cloud.google.com/compute/docs/regions-zones) +* [AWS](https://aws.amazon.com/about-aws/global-infrastructure/regions_az/) +* [Azure](https://azure.microsoft.com/en-us/explore/global-infrastructure/availability-zones) +* [GCP](https://cloud.google.com/compute/docs/regions-zones) ## Choosing a Kubernetes version diff --git a/docs/versioned_docs/version-2.12/workflows/create.md b/docs/versioned_docs/version-2.12/workflows/create.md index ab7bf80ea..58c0efe39 100644 --- a/docs/versioned_docs/version-2.12/workflows/create.md +++ b/docs/versioned_docs/version-2.12/workflows/create.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- @@ -96,6 +96,6 @@ export KUBECONFIG="$PWD/constellation-admin.conf" 🏁 That's it. You've successfully created a Constellation cluster. - ### Troubleshooting + In case `init` fails, the CLI collects logs from the bootstrapping instance and stores them inside `constellation-cluster.log`. diff --git a/docs/versioned_docs/version-2.12/workflows/sbom.md b/docs/versioned_docs/version-2.12/workflows/sbom.md index 358b9a97c..ca1ae7d4b 100644 --- a/docs/versioned_docs/version-2.12/workflows/sbom.md +++ b/docs/versioned_docs/version-2.12/workflows/sbom.md @@ -1,6 +1,6 @@ # Consume software bill of materials (SBOMs) - + --- diff --git a/docs/versioned_docs/version-2.12/workflows/terminate.md b/docs/versioned_docs/version-2.12/workflows/terminate.md index 14a130d55..a990bc108 100644 --- a/docs/versioned_docs/version-2.12/workflows/terminate.md +++ b/docs/versioned_docs/version-2.12/workflows/terminate.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.12/workflows/verify-cli.md b/docs/versioned_docs/version-2.12/workflows/verify-cli.md index 58d19f572..86392346b 100644 --- a/docs/versioned_docs/version-2.12/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.12/workflows/verify-cli.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.13/workflows/config.md b/docs/versioned_docs/version-2.13/workflows/config.md index 95f95aeec..e076e2e34 100644 --- a/docs/versioned_docs/version-2.13/workflows/config.md +++ b/docs/versioned_docs/version-2.13/workflows/config.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- @@ -86,7 +86,6 @@ By default, Constellation creates the node groups `control_plane_default` and `w If you require additional control-plane or worker groups with different instance types, zone placements, or disk sizes, you can add additional node groups to the `constellation-conf.yml` file. Each node group can be scaled individually. - Consider the following example for AWS: ```yaml @@ -120,9 +119,9 @@ You can use the field `zone` to specify what availability zone nodes of the grou On Azure, this field is empty by default and nodes are automatically spread across availability zones. Consult the documentation of your cloud provider for more information: -- [AWS](https://aws.amazon.com/about-aws/global-infrastructure/regions_az/) -- [Azure](https://azure.microsoft.com/en-us/explore/global-infrastructure/availability-zones) -- [GCP](https://cloud.google.com/compute/docs/regions-zones) +* [AWS](https://aws.amazon.com/about-aws/global-infrastructure/regions_az/) +* [Azure](https://azure.microsoft.com/en-us/explore/global-infrastructure/availability-zones) +* [GCP](https://cloud.google.com/compute/docs/regions-zones) ## Choosing a Kubernetes version diff --git a/docs/versioned_docs/version-2.13/workflows/create.md b/docs/versioned_docs/version-2.13/workflows/create.md index 80ed3d3c6..387f68c8e 100644 --- a/docs/versioned_docs/version-2.13/workflows/create.md +++ b/docs/versioned_docs/version-2.13/workflows/create.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.13/workflows/sbom.md b/docs/versioned_docs/version-2.13/workflows/sbom.md index 358b9a97c..ca1ae7d4b 100644 --- a/docs/versioned_docs/version-2.13/workflows/sbom.md +++ b/docs/versioned_docs/version-2.13/workflows/sbom.md @@ -1,6 +1,6 @@ # Consume software bill of materials (SBOMs) - + --- diff --git a/docs/versioned_docs/version-2.13/workflows/terminate.md b/docs/versioned_docs/version-2.13/workflows/terminate.md index 062214c1c..168039fd2 100644 --- a/docs/versioned_docs/version-2.13/workflows/terminate.md +++ b/docs/versioned_docs/version-2.13/workflows/terminate.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.13/workflows/verify-cli.md b/docs/versioned_docs/version-2.13/workflows/verify-cli.md index 58d19f572..86392346b 100644 --- a/docs/versioned_docs/version-2.13/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.13/workflows/verify-cli.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.14/workflows/config.md b/docs/versioned_docs/version-2.14/workflows/config.md index 165100b81..17be3792a 100644 --- a/docs/versioned_docs/version-2.14/workflows/config.md +++ b/docs/versioned_docs/version-2.14/workflows/config.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.14/workflows/create.md b/docs/versioned_docs/version-2.14/workflows/create.md index 06a869953..388cbedf8 100644 --- a/docs/versioned_docs/version-2.14/workflows/create.md +++ b/docs/versioned_docs/version-2.14/workflows/create.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.14/workflows/sbom.md b/docs/versioned_docs/version-2.14/workflows/sbom.md index 358b9a97c..ca1ae7d4b 100644 --- a/docs/versioned_docs/version-2.14/workflows/sbom.md +++ b/docs/versioned_docs/version-2.14/workflows/sbom.md @@ -1,6 +1,6 @@ # Consume software bill of materials (SBOMs) - + --- diff --git a/docs/versioned_docs/version-2.14/workflows/terminate.md b/docs/versioned_docs/version-2.14/workflows/terminate.md index 58c274bdd..11bbbb2ac 100644 --- a/docs/versioned_docs/version-2.14/workflows/terminate.md +++ b/docs/versioned_docs/version-2.14/workflows/terminate.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.14/workflows/verify-cli.md b/docs/versioned_docs/version-2.14/workflows/verify-cli.md index 58d19f572..86392346b 100644 --- a/docs/versioned_docs/version-2.14/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.14/workflows/verify-cli.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.15/workflows/config.md b/docs/versioned_docs/version-2.15/workflows/config.md index a5216510d..dc5dd0e41 100644 --- a/docs/versioned_docs/version-2.15/workflows/config.md +++ b/docs/versioned_docs/version-2.15/workflows/config.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.15/workflows/create.md b/docs/versioned_docs/version-2.15/workflows/create.md index 06a869953..388cbedf8 100644 --- a/docs/versioned_docs/version-2.15/workflows/create.md +++ b/docs/versioned_docs/version-2.15/workflows/create.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.15/workflows/sbom.md b/docs/versioned_docs/version-2.15/workflows/sbom.md index 358b9a97c..ca1ae7d4b 100644 --- a/docs/versioned_docs/version-2.15/workflows/sbom.md +++ b/docs/versioned_docs/version-2.15/workflows/sbom.md @@ -1,6 +1,6 @@ # Consume software bill of materials (SBOMs) - + --- diff --git a/docs/versioned_docs/version-2.15/workflows/terminate.md b/docs/versioned_docs/version-2.15/workflows/terminate.md index 58c274bdd..11bbbb2ac 100644 --- a/docs/versioned_docs/version-2.15/workflows/terminate.md +++ b/docs/versioned_docs/version-2.15/workflows/terminate.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.15/workflows/verify-cli.md b/docs/versioned_docs/version-2.15/workflows/verify-cli.md index 58d19f572..86392346b 100644 --- a/docs/versioned_docs/version-2.15/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.15/workflows/verify-cli.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.16/workflows/config.md b/docs/versioned_docs/version-2.16/workflows/config.md index c59207054..9da4305de 100644 --- a/docs/versioned_docs/version-2.16/workflows/config.md +++ b/docs/versioned_docs/version-2.16/workflows/config.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.16/workflows/create.md b/docs/versioned_docs/version-2.16/workflows/create.md index 06a869953..388cbedf8 100644 --- a/docs/versioned_docs/version-2.16/workflows/create.md +++ b/docs/versioned_docs/version-2.16/workflows/create.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.16/workflows/sbom.md b/docs/versioned_docs/version-2.16/workflows/sbom.md index 358b9a97c..ca1ae7d4b 100644 --- a/docs/versioned_docs/version-2.16/workflows/sbom.md +++ b/docs/versioned_docs/version-2.16/workflows/sbom.md @@ -1,6 +1,6 @@ # Consume software bill of materials (SBOMs) - + --- diff --git a/docs/versioned_docs/version-2.16/workflows/terminate.md b/docs/versioned_docs/version-2.16/workflows/terminate.md index 58c274bdd..11bbbb2ac 100644 --- a/docs/versioned_docs/version-2.16/workflows/terminate.md +++ b/docs/versioned_docs/version-2.16/workflows/terminate.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.16/workflows/verify-cli.md b/docs/versioned_docs/version-2.16/workflows/verify-cli.md index 58d19f572..86392346b 100644 --- a/docs/versioned_docs/version-2.16/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.16/workflows/verify-cli.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.17/workflows/config.md b/docs/versioned_docs/version-2.17/workflows/config.md index c59207054..9da4305de 100644 --- a/docs/versioned_docs/version-2.17/workflows/config.md +++ b/docs/versioned_docs/version-2.17/workflows/config.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.17/workflows/create.md b/docs/versioned_docs/version-2.17/workflows/create.md index 06a869953..388cbedf8 100644 --- a/docs/versioned_docs/version-2.17/workflows/create.md +++ b/docs/versioned_docs/version-2.17/workflows/create.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.17/workflows/sbom.md b/docs/versioned_docs/version-2.17/workflows/sbom.md index 358b9a97c..ca1ae7d4b 100644 --- a/docs/versioned_docs/version-2.17/workflows/sbom.md +++ b/docs/versioned_docs/version-2.17/workflows/sbom.md @@ -1,6 +1,6 @@ # Consume software bill of materials (SBOMs) - + --- diff --git a/docs/versioned_docs/version-2.17/workflows/terminate.md b/docs/versioned_docs/version-2.17/workflows/terminate.md index 58c274bdd..11bbbb2ac 100644 --- a/docs/versioned_docs/version-2.17/workflows/terminate.md +++ b/docs/versioned_docs/version-2.17/workflows/terminate.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.17/workflows/verify-cli.md b/docs/versioned_docs/version-2.17/workflows/verify-cli.md index 58d19f572..86392346b 100644 --- a/docs/versioned_docs/version-2.17/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.17/workflows/verify-cli.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.6/workflows/config.md b/docs/versioned_docs/version-2.6/workflows/config.md index 5da01beeb..4824210f1 100644 --- a/docs/versioned_docs/version-2.6/workflows/config.md +++ b/docs/versioned_docs/version-2.6/workflows/config.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.6/workflows/create.md b/docs/versioned_docs/version-2.6/workflows/create.md index d527618b0..b078c16ff 100644 --- a/docs/versioned_docs/version-2.6/workflows/create.md +++ b/docs/versioned_docs/version-2.6/workflows/create.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.6/workflows/sbom.md b/docs/versioned_docs/version-2.6/workflows/sbom.md index 4fcf264ec..e304466bb 100644 --- a/docs/versioned_docs/version-2.6/workflows/sbom.md +++ b/docs/versioned_docs/version-2.6/workflows/sbom.md @@ -1,6 +1,6 @@ # Consume software bill of materials (SBOMs) - + --- diff --git a/docs/versioned_docs/version-2.6/workflows/terminate.md b/docs/versioned_docs/version-2.6/workflows/terminate.md index 647eadb42..6c1eebb14 100644 --- a/docs/versioned_docs/version-2.6/workflows/terminate.md +++ b/docs/versioned_docs/version-2.6/workflows/terminate.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.6/workflows/verify-cli.md b/docs/versioned_docs/version-2.6/workflows/verify-cli.md index b2edd2465..906031c7a 100644 --- a/docs/versioned_docs/version-2.6/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.6/workflows/verify-cli.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.7/workflows/config.md b/docs/versioned_docs/version-2.7/workflows/config.md index dd86a34a2..7145028a8 100644 --- a/docs/versioned_docs/version-2.7/workflows/config.md +++ b/docs/versioned_docs/version-2.7/workflows/config.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.7/workflows/create.md b/docs/versioned_docs/version-2.7/workflows/create.md index aff59bb6a..33d2f12f8 100644 --- a/docs/versioned_docs/version-2.7/workflows/create.md +++ b/docs/versioned_docs/version-2.7/workflows/create.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.7/workflows/sbom.md b/docs/versioned_docs/version-2.7/workflows/sbom.md index 4fcf264ec..e304466bb 100644 --- a/docs/versioned_docs/version-2.7/workflows/sbom.md +++ b/docs/versioned_docs/version-2.7/workflows/sbom.md @@ -1,6 +1,6 @@ # Consume software bill of materials (SBOMs) - + --- diff --git a/docs/versioned_docs/version-2.7/workflows/terminate.md b/docs/versioned_docs/version-2.7/workflows/terminate.md index 647eadb42..6c1eebb14 100644 --- a/docs/versioned_docs/version-2.7/workflows/terminate.md +++ b/docs/versioned_docs/version-2.7/workflows/terminate.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.7/workflows/verify-cli.md b/docs/versioned_docs/version-2.7/workflows/verify-cli.md index b2edd2465..906031c7a 100644 --- a/docs/versioned_docs/version-2.7/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.7/workflows/verify-cli.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.8/workflows/config.md b/docs/versioned_docs/version-2.8/workflows/config.md index 260c4e6ec..ca1719b85 100644 --- a/docs/versioned_docs/version-2.8/workflows/config.md +++ b/docs/versioned_docs/version-2.8/workflows/config.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.8/workflows/create.md b/docs/versioned_docs/version-2.8/workflows/create.md index aff59bb6a..33d2f12f8 100644 --- a/docs/versioned_docs/version-2.8/workflows/create.md +++ b/docs/versioned_docs/version-2.8/workflows/create.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.8/workflows/sbom.md b/docs/versioned_docs/version-2.8/workflows/sbom.md index 358b9a97c..ca1ae7d4b 100644 --- a/docs/versioned_docs/version-2.8/workflows/sbom.md +++ b/docs/versioned_docs/version-2.8/workflows/sbom.md @@ -1,6 +1,6 @@ # Consume software bill of materials (SBOMs) - + --- diff --git a/docs/versioned_docs/version-2.8/workflows/terminate.md b/docs/versioned_docs/version-2.8/workflows/terminate.md index 647eadb42..6c1eebb14 100644 --- a/docs/versioned_docs/version-2.8/workflows/terminate.md +++ b/docs/versioned_docs/version-2.8/workflows/terminate.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.8/workflows/verify-cli.md b/docs/versioned_docs/version-2.8/workflows/verify-cli.md index b2edd2465..906031c7a 100644 --- a/docs/versioned_docs/version-2.8/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.8/workflows/verify-cli.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.9/workflows/config.md b/docs/versioned_docs/version-2.9/workflows/config.md index f276f3f63..7d4a297fb 100644 --- a/docs/versioned_docs/version-2.9/workflows/config.md +++ b/docs/versioned_docs/version-2.9/workflows/config.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.9/workflows/create.md b/docs/versioned_docs/version-2.9/workflows/create.md index aff59bb6a..33d2f12f8 100644 --- a/docs/versioned_docs/version-2.9/workflows/create.md +++ b/docs/versioned_docs/version-2.9/workflows/create.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.9/workflows/sbom.md b/docs/versioned_docs/version-2.9/workflows/sbom.md index 358b9a97c..ca1ae7d4b 100644 --- a/docs/versioned_docs/version-2.9/workflows/sbom.md +++ b/docs/versioned_docs/version-2.9/workflows/sbom.md @@ -1,6 +1,6 @@ # Consume software bill of materials (SBOMs) - + --- diff --git a/docs/versioned_docs/version-2.9/workflows/terminate.md b/docs/versioned_docs/version-2.9/workflows/terminate.md index 647eadb42..6c1eebb14 100644 --- a/docs/versioned_docs/version-2.9/workflows/terminate.md +++ b/docs/versioned_docs/version-2.9/workflows/terminate.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- diff --git a/docs/versioned_docs/version-2.9/workflows/verify-cli.md b/docs/versioned_docs/version-2.9/workflows/verify-cli.md index b2edd2465..906031c7a 100644 --- a/docs/versioned_docs/version-2.9/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.9/workflows/verify-cli.md @@ -4,7 +4,7 @@ This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. ::: - + --- From e90b0e5109cafabf628043ba847cbd296daa4b2d Mon Sep 17 00:00:00 2001 From: Thomas Tendyck Date: Fri, 23 Aug 2024 13:03:38 +0200 Subject: [PATCH 227/380] docs: update docusaurus and enable broken anchor detection --- docs/docusaurus.config.js | 1 + docs/package.json | 33 ++++++++++++------- docs/src/theme/MDXComponents.js | 6 ++-- .../version-2.0/workflows/create.md | 2 +- .../version-2.1/workflows/create.md | 2 +- 5 files changed, 27 insertions(+), 17 deletions(-) diff --git a/docs/docusaurus.config.js b/docs/docusaurus.config.js index 2dc60e883..a4b1f30f7 100644 --- a/docs/docusaurus.config.js +++ b/docs/docusaurus.config.js @@ -13,6 +13,7 @@ async function createConfig() { baseUrl: '/constellation/', onBrokenLinks: 'throw', onBrokenMarkdownLinks: 'throw', + onBrokenAnchors: 'throw', favicon: 'img/favicon.ico', // GitHub pages deployment config. diff --git a/docs/package.json b/docs/package.json index 1e4020dd4..3a3709df8 100644 --- a/docs/package.json +++ b/docs/package.json @@ -14,18 +14,27 @@ "write-heading-ids": "docusaurus write-heading-ids" }, "dependencies": { - "@cmfcmf/docusaurus-search-local": "^1.1.0", - "@docusaurus/core": "^2.2.0", - "@docusaurus/module-type-aliases": "^2.2.0", - "@docusaurus/plugin-google-gtag": "^2.4.1", - "@docusaurus/preset-classic": "^2.4.1", - "@docusaurus/theme-mermaid": "^2.4.1", - "@mdx-js/react": "^1.6.22", - "asciinema-player": "^3.5.0", - "clsx": "^1.2.1", - "prism-react-renderer": "^2.0.6", - "react": "^17.0.2", - "react-dom": "^17.0.2" + "@cmfcmf/docusaurus-search-local": "^1.2.0", + "@docusaurus/core": "^3.5.2", + "@docusaurus/plugin-google-gtag": "^3.5.2", + "@docusaurus/preset-classic": "^3.5.2", + "@docusaurus/theme-mermaid": "^3.5.2", + "@mdx-js/react": "^3.0.0", + "asciinema-player": "^3.8.0", + "clsx": "^2.0.0", + "prism-react-renderer": "^2.3.0", + "react": "^18.0.0", + "react-dom": "^18.0.0" + }, + "devDependencies": { + "@docusaurus/module-type-aliases": "^3.5.2", + "@docusaurus/types": "^3.5.2" + }, + "overrides": { + "@cmfcmf/docusaurus-search-local": { + "@docusaurus/core": "3.5.2", + "cheerio": "1.0.0-rc.12" + } }, "browserslist": { "production": [ diff --git a/docs/src/theme/MDXComponents.js b/docs/src/theme/MDXComponents.js index a0852811a..2a1413d73 100644 --- a/docs/src/theme/MDXComponents.js +++ b/docs/src/theme/MDXComponents.js @@ -10,7 +10,7 @@ export default { ...MDXComponents, // Map the "highlight" tag to our component! // `Highlight` will receive all props that were passed to `highlight` in MDX - tabs: Tabs, - tabItem: TabItem, - asciinemaWidget: AsciinemaWidget, + Tabs, + TabItem, + AsciinemaWidget, }; diff --git a/docs/versioned_docs/version-2.0/workflows/create.md b/docs/versioned_docs/version-2.0/workflows/create.md index 357ab6703..1dd1088d5 100644 --- a/docs/versioned_docs/version-2.0/workflows/create.md +++ b/docs/versioned_docs/version-2.0/workflows/create.md @@ -53,7 +53,7 @@ constellation create --control-plane-nodes 1 --worker-nodes 2 For details on the flags, consult the command help via `constellation create -h`. -*create* stores your cluster's configuration to a file named [`constellation-state.json`](../architecture/orchestration.md#installation-process) in your current directory. +*create* stores your cluster's configuration to a file named [`constellation-state.json`](../architecture/orchestration.md#cluster-creation-process) in your current directory. ## The *init* step diff --git a/docs/versioned_docs/version-2.1/workflows/create.md b/docs/versioned_docs/version-2.1/workflows/create.md index a567c5d23..b95ffb5fd 100644 --- a/docs/versioned_docs/version-2.1/workflows/create.md +++ b/docs/versioned_docs/version-2.1/workflows/create.md @@ -57,7 +57,7 @@ constellation create --control-plane-nodes 1 --worker-nodes 2 For details on the flags, consult the command help via `constellation create -h`. -*create* stores your cluster's configuration to a file named [`constellation-state.json`](../architecture/orchestration.md#installation-process) in your current directory. +*create* stores your cluster's configuration to a file named [`constellation-state.json`](../architecture/orchestration.md#cluster-creation-process) in your current directory. ## The *init* step From e2ee775483060158896758886a23f0764fa3c77b Mon Sep 17 00:00:00 2001 From: Thomas Tendyck Date: Fri, 23 Aug 2024 13:04:15 +0200 Subject: [PATCH 228/380] docs: update Tab tags --- docs/docs/architecture/attestation.md | 40 +-- .../docs/getting-started/first-steps-local.md | 24 +- docs/docs/getting-started/first-steps.md | 40 +-- docs/docs/getting-started/install.md | 64 ++--- docs/docs/getting-started/marketplaces.md | 20 +- docs/docs/workflows/config.md | 80 +++--- docs/docs/workflows/create.md | 12 +- docs/docs/workflows/recovery.md | 20 +- docs/docs/workflows/scale.md | 40 +-- docs/docs/workflows/storage.md | 40 +-- docs/docs/workflows/terminate.md | 12 +- docs/docs/workflows/terraform-provider.md | 21 +- .../version-2.0/architecture/attestation.md | 12 +- .../getting-started/first-steps.md | 32 +-- .../version-2.0/getting-started/install.md | 47 ++-- .../version-2.0/workflows/create.md | 12 +- .../version-2.0/workflows/recovery.md | 12 +- .../version-2.0/workflows/scale.md | 24 +- .../version-2.0/workflows/storage.md | 36 +-- .../version-2.0/workflows/troubleshooting.md | 12 +- .../version-2.1/architecture/attestation.md | 12 +- .../getting-started/first-steps.md | 32 +-- .../version-2.1/getting-started/install.md | 47 ++-- .../version-2.1/workflows/create.md | 12 +- .../version-2.1/workflows/recovery.md | 12 +- .../version-2.1/workflows/scale.md | 24 +- .../version-2.1/workflows/storage.md | 36 +-- .../version-2.1/workflows/troubleshooting.md | 12 +- .../version-2.10/architecture/attestation.md | 32 +-- .../getting-started/first-steps-local.md | 24 +- .../getting-started/first-steps.md | 32 +-- .../version-2.10/getting-started/install.md | 229 ++++++++--------- .../version-2.10/workflows/config.md | 64 ++--- .../version-2.10/workflows/create.md | 12 +- .../version-2.10/workflows/recovery.md | 16 +- .../version-2.10/workflows/scale.md | 32 +-- .../version-2.10/workflows/storage.md | 32 +-- .../version-2.10/workflows/terminate.md | 12 +- .../version-2.10/workflows/troubleshooting.md | 18 +- .../version-2.11/architecture/attestation.md | 32 +-- .../getting-started/first-steps-local.md | 24 +- .../getting-started/first-steps.md | 32 +-- .../version-2.11/getting-started/install.md | 229 ++++++++--------- .../version-2.11/workflows/config.md | 64 ++--- .../version-2.11/workflows/create.md | 12 +- .../version-2.11/workflows/recovery.md | 16 +- .../version-2.11/workflows/scale.md | 32 +-- .../version-2.11/workflows/storage.md | 32 +-- .../version-2.11/workflows/terminate.md | 12 +- .../version-2.11/workflows/troubleshooting.md | 16 +- .../version-2.12/architecture/attestation.md | 32 +-- .../getting-started/first-steps-local.md | 24 +- .../getting-started/first-steps.md | 32 +-- .../version-2.12/getting-started/install.md | 235 +++++++++--------- .../version-2.12/workflows/config.md | 64 ++--- .../version-2.12/workflows/create.md | 12 +- .../version-2.12/workflows/recovery.md | 16 +- .../version-2.12/workflows/scale.md | 32 +-- .../version-2.12/workflows/storage.md | 32 +-- .../version-2.12/workflows/terminate.md | 12 +- .../version-2.12/workflows/troubleshooting.md | 16 +- .../version-2.13/architecture/attestation.md | 32 +-- .../getting-started/first-steps-local.md | 24 +- .../getting-started/first-steps.md | 32 +-- .../version-2.13/getting-started/install.md | 235 +++++++++--------- .../version-2.13/workflows/config.md | 64 ++--- .../version-2.13/workflows/create.md | 12 +- .../version-2.13/workflows/recovery.md | 16 +- .../version-2.13/workflows/scale.md | 32 +-- .../version-2.13/workflows/storage.md | 32 +-- .../version-2.13/workflows/terminate.md | 12 +- .../workflows/terraform-module.md | 25 +- .../version-2.13/workflows/troubleshooting.md | 16 +- .../version-2.14/architecture/attestation.md | 32 +-- .../getting-started/first-steps-local.md | 24 +- .../getting-started/first-steps.md | 32 +-- .../version-2.14/getting-started/install.md | 52 ++-- .../version-2.14/workflows/config.md | 64 ++--- .../version-2.14/workflows/create.md | 12 +- .../version-2.14/workflows/recovery.md | 16 +- .../version-2.14/workflows/scale.md | 32 +-- .../version-2.14/workflows/storage.md | 32 +-- .../version-2.14/workflows/terminate.md | 12 +- .../workflows/terraform-provider.md | 16 +- .../version-2.14/workflows/troubleshooting.md | 16 +- .../version-2.15/architecture/attestation.md | 32 +-- .../getting-started/first-steps-local.md | 24 +- .../getting-started/first-steps.md | 32 +-- .../version-2.15/getting-started/install.md | 52 ++-- .../version-2.15/workflows/config.md | 64 ++--- .../version-2.15/workflows/create.md | 12 +- .../version-2.15/workflows/recovery.md | 16 +- .../version-2.15/workflows/scale.md | 32 +-- .../version-2.15/workflows/storage.md | 32 +-- .../version-2.15/workflows/terminate.md | 12 +- .../workflows/terraform-provider.md | 16 +- .../version-2.16/architecture/attestation.md | 40 +-- .../getting-started/first-steps-local.md | 24 +- .../getting-started/first-steps.md | 40 +-- .../version-2.16/getting-started/install.md | 64 ++--- .../getting-started/marketplaces.md | 20 +- .../version-2.16/workflows/config.md | 80 +++--- .../version-2.16/workflows/create.md | 12 +- .../version-2.16/workflows/recovery.md | 20 +- .../version-2.16/workflows/scale.md | 40 +-- .../version-2.16/workflows/storage.md | 40 +-- .../version-2.16/workflows/terminate.md | 12 +- .../workflows/terraform-provider.md | 21 +- .../version-2.17/architecture/attestation.md | 40 +-- .../getting-started/first-steps-local.md | 24 +- .../getting-started/first-steps.md | 40 +-- .../version-2.17/getting-started/install.md | 64 ++--- .../getting-started/marketplaces.md | 20 +- .../version-2.17/workflows/config.md | 80 +++--- .../version-2.17/workflows/create.md | 12 +- .../version-2.17/workflows/recovery.md | 20 +- .../version-2.17/workflows/scale.md | 40 +-- .../version-2.17/workflows/storage.md | 40 +-- .../version-2.17/workflows/terminate.md | 12 +- .../workflows/terraform-provider.md | 21 +- .../version-2.2/architecture/attestation.md | 16 +- .../getting-started/first-steps.md | 40 +-- .../version-2.2/getting-started/install.md | 61 ++--- .../version-2.2/workflows/create.md | 16 +- .../version-2.2/workflows/recovery.md | 16 +- .../version-2.2/workflows/scale.md | 32 +-- .../version-2.2/workflows/storage.md | 48 ++-- .../version-2.2/workflows/troubleshooting.md | 19 +- .../version-2.3/architecture/attestation.md | 16 +- .../getting-started/first-steps.md | 32 +-- .../version-2.3/getting-started/install.md | 61 ++--- .../version-2.3/workflows/config.md | 64 ++--- .../version-2.3/workflows/recovery.md | 16 +- .../version-2.3/workflows/scale.md | 32 +-- .../version-2.3/workflows/storage.md | 48 ++-- .../version-2.3/workflows/troubleshooting.md | 19 +- .../version-2.4/architecture/attestation.md | 16 +- .../getting-started/first-steps.md | 32 +-- .../version-2.4/getting-started/install.md | 61 ++--- .../version-2.4/workflows/config.md | 64 ++--- .../version-2.4/workflows/recovery.md | 16 +- .../version-2.4/workflows/scale.md | 32 +-- .../version-2.4/workflows/storage.md | 48 ++-- .../version-2.4/workflows/troubleshooting.md | 19 +- .../version-2.5/architecture/attestation.md | 16 +- .../getting-started/first-steps.md | 16 +- .../version-2.5/getting-started/install.md | 61 ++--- .../version-2.5/workflows/config.md | 64 ++--- .../version-2.5/workflows/create.md | 12 +- .../version-2.5/workflows/recovery.md | 16 +- .../version-2.5/workflows/scale.md | 32 +-- .../version-2.5/workflows/storage.md | 48 ++-- .../version-2.5/workflows/terminate.md | 12 +- .../version-2.5/workflows/troubleshooting.md | 19 +- .../version-2.6/architecture/attestation.md | 16 +- .../getting-started/first-steps.md | 16 +- .../version-2.6/getting-started/install.md | 61 ++--- .../version-2.6/workflows/config.md | 64 ++--- .../version-2.6/workflows/create.md | 12 +- .../version-2.6/workflows/recovery.md | 16 +- .../version-2.6/workflows/scale.md | 32 +-- .../version-2.6/workflows/storage.md | 48 ++-- .../version-2.6/workflows/terminate.md | 12 +- .../version-2.6/workflows/troubleshooting.md | 19 +- .../version-2.7/architecture/attestation.md | 16 +- .../getting-started/first-steps-local.md | 24 +- .../getting-started/first-steps.md | 16 +- .../version-2.7/getting-started/install.md | 227 ++++++++--------- .../version-2.7/workflows/config.md | 64 ++--- .../version-2.7/workflows/create.md | 12 +- .../version-2.7/workflows/recovery.md | 16 +- .../version-2.7/workflows/scale.md | 32 +-- .../version-2.7/workflows/storage.md | 48 ++-- .../version-2.7/workflows/terminate.md | 12 +- .../version-2.7/workflows/troubleshooting.md | 16 +- .../version-2.8/architecture/attestation.md | 32 +-- .../getting-started/first-steps-local.md | 24 +- .../getting-started/first-steps.md | 16 +- .../version-2.8/getting-started/install.md | 229 ++++++++--------- .../version-2.8/workflows/config.md | 64 ++--- .../version-2.8/workflows/create.md | 12 +- .../version-2.8/workflows/recovery.md | 16 +- .../version-2.8/workflows/scale.md | 32 +-- .../version-2.8/workflows/storage.md | 48 ++-- .../version-2.8/workflows/terminate.md | 12 +- .../version-2.8/workflows/troubleshooting.md | 16 +- .../version-2.9/architecture/attestation.md | 32 +-- .../getting-started/first-steps-local.md | 24 +- .../getting-started/first-steps.md | 32 +-- .../version-2.9/getting-started/install.md | 229 ++++++++--------- .../version-2.9/workflows/config.md | 64 ++--- .../version-2.9/workflows/create.md | 12 +- .../version-2.9/workflows/recovery.md | 16 +- .../version-2.9/workflows/scale.md | 32 +-- .../version-2.9/workflows/storage.md | 32 +-- .../version-2.9/workflows/terminate.md | 12 +- .../version-2.9/workflows/troubleshooting.md | 16 +- 197 files changed, 3640 insertions(+), 3581 deletions(-) diff --git a/docs/docs/architecture/attestation.md b/docs/docs/architecture/attestation.md index 8f12b5851..9bd157460 100644 --- a/docs/docs/architecture/attestation.md +++ b/docs/docs/architecture/attestation.md @@ -121,8 +121,8 @@ Constellation allows to specify in the config which measurements should be enfor Enforcing non-reproducible measurements controlled by the cloud provider means that changes in these values require manual updates to the cluster's config. By default, Constellation only enforces measurements that are stable values produced by the infrastructure or by Constellation directly. - - + + Constellation uses the [vTPM](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) (NitroTPM) feature of the [AWS Nitro System](http://aws.amazon.com/ec2/nitro/) on AWS for runtime measurements. @@ -153,8 +153,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://docs.microsoft.com/en-us/azure/virtual-machines/trusted-launch#vtpm) feature of Azure CVMs for runtime measurements. This vTPM adheres to the [TPM 2.0](https://trustedcomputinggroup.org/resource/tpm-library-specification/) specification. @@ -184,8 +184,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://cloud.google.com/compute/confidential-vm/docs/about-cvm) feature of CVMs on GCP for runtime measurements. Note that this vTPM doesn't run inside the hardware-protected CVM context, but is emulated by the hypervisor. @@ -217,8 +217,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses a hypervisor-based vTPM for runtime measurements. @@ -249,16 +249,16 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + ### CVM verification To verify the integrity of the received attestation statement, a chain of trust from the CVM technology to the interface providing the statement has to be established. For verification of the CVM technology, Constellation may expose additional options in its config file. - - + + On AWS, AMD SEV-SNP is used to provide runtime encryption to the VMs. An SEV-SNP attestation report is used to establish trust in the VM. @@ -279,8 +279,8 @@ You may customize certain parameters for verification of the attestation stateme This is the intermediate certificate for verifying the SEV-SNP report's signature. If it's not specified, the CLI fetches it from the AMD key distribution server. - - + + On Azure, AMD SEV-SNP is used to provide runtime encryption to the VMs. An SEV-SNP attestation report is used to establish trust in the vTPM running inside the VM. @@ -302,8 +302,8 @@ You may customize certain parameters for verification of the attestation stateme More explicitly, it controls the verification of the `IDKeyDigest` value in the SEV-SNP attestation report. You can provide a list of accepted key digests and specify a policy on how this list is compared against the reported `IDKeyDigest`. - - + + On GCP, AMD SEV-SNP is used to provide runtime encryption to the VMs. An SEV-SNP attestation report is used to establish trust in the VM. @@ -324,15 +324,15 @@ You may customize certain parameters for verification of the attestation stateme This is the intermediate certificate for verifying the SEV-SNP report's signature. If it's not specified, the CLI fetches it from the AMD key distribution server. - - + + On STACKIT, AMD SEV-ES is used to provide runtime encryption to the VMs. The hypervisor-based vTPM is used to establish trust in the VM via [runtime measurements](#runtime-measurements). There is no additional configuration available for STACKIT. - - + + ## Cluster attestation diff --git a/docs/docs/getting-started/first-steps-local.md b/docs/docs/getting-started/first-steps-local.md index 052d29eae..98f0302de 100644 --- a/docs/docs/getting-started/first-steps-local.md +++ b/docs/docs/getting-started/first-steps-local.md @@ -45,8 +45,8 @@ sudo iptables -P FORWARD ACCEPT ## Create a cluster - - + + With the `constellation mini` command, you can deploy and test Constellation locally. This mode is called MiniConstellation. Conceptually, MiniConstellation is similar to [MicroK8s](https://microk8s.io/), [K3s](https://k3s.io/), and [minikube](https://minikube.sigs.k8s.io/docs/). @@ -74,8 +74,8 @@ constellation mini up This will configure your current directory as the [workspace](../architecture/orchestration.md#workspaces) for this cluster. All `constellation` commands concerning this cluster need to be issued from this directory. - - + + With the QEMU provider, you can create a local Constellation cluster as if it were in the cloud. The provider uses [QEMU](https://www.qemu.org/) to create multiple VMs for the cluster nodes, which interact with each other. @@ -145,8 +145,8 @@ attaching persistent storage, or autoscaling aren't available. export KUBECONFIG="$PWD/constellation-admin.conf" ``` - - + + ## Connect to the cluster @@ -199,8 +199,8 @@ worker-0 Ready 32s v1.24.6 ## Terminate your cluster - - + + Once you are done, you can clean up the created resources using the following command: @@ -211,8 +211,8 @@ constellation mini down This will destroy your cluster and clean up your workspace. The VM image and cluster configuration file (`constellation-conf.yaml`) will be kept and may be reused to create new clusters. - - + + Once you are done, you can clean up the created resources using the following command: @@ -240,8 +240,8 @@ Your Constellation cluster was terminated successfully. This will destroy your cluster and clean up your workspace. The VM image and cluster configuration file (`constellation-conf.yaml`) will be kept and may be reused to create new clusters. - - + + ## Troubleshooting diff --git a/docs/docs/getting-started/first-steps.md b/docs/docs/getting-started/first-steps.md index 8c1da1967..9b37efa64 100644 --- a/docs/docs/getting-started/first-steps.md +++ b/docs/docs/getting-started/first-steps.md @@ -15,41 +15,41 @@ If you encounter any problem with the following steps, make sure to use the [lat 1. Create the [configuration file](../workflows/config.md) and state file for your cloud provider. If you are following the steps of this guide, there is no need to edit the file. - - + + ```bash constellation config generate aws ``` - - + + ```bash constellation config generate azure ``` - - + + ```bash constellation config generate gcp ``` - - + + ```bash constellation config generate stackit ``` - - + + 2. Create your [IAM configuration](../workflows/config.md#creating-an-iam-configuration). - - + + ```bash constellation iam create aws --zone=us-east-2a --prefix=constellTest --update-config @@ -76,8 +76,8 @@ If you encounter any problem with the following steps, make sure to use the [lat You can find a list of all [regions in AWS's documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions). - - + + ```bash constellation iam create azure --region=westus --resourceGroup=constellTest --servicePrincipal=spTest --update-config @@ -98,8 +98,8 @@ If you encounter any problem with the following steps, make sure to use the [lat You can find a list of all [regions in Azure's documentation](https://azure.microsoft.com/en-us/global-infrastructure/services/?products=virtual-machines®ions=all). - - + + ```bash constellation iam create gcp --projectID=yourproject-12345 --zone=europe-west2-a --serviceAccountID=constell-test --update-config @@ -109,16 +109,16 @@ If you encounter any problem with the following steps, make sure to use the [lat Note that only regions offering CVMs of the `C2D` or `N2D` series are supported. You can find a [list of all regions in Google's documentation](https://cloud.google.com/compute/docs/regions-zones#available), which you can filter by machine type `C2D` or `N2D`. - - + + To use Constellation on STACKIT, the cluster will use the User Access Token (UAT) that's generated [during the install step](./install.md). After creating the accounts, fill in the STACKIT details in `constellation-conf.yaml` under `provider.openstack`: * `stackitProjectID`: STACKIT project id (can be found after login on the [STACKIT portal](https://portal.stackit.cloud)) - - + + :::tip To learn about all options you have for managing IAM resources and Constellation configuration, see the [Configuration workflow](../workflows/config.md). diff --git a/docs/docs/getting-started/install.md b/docs/docs/getting-started/install.md index 4ebd9351a..d52e43476 100644 --- a/docs/docs/getting-started/install.md +++ b/docs/docs/getting-started/install.md @@ -22,8 +22,8 @@ If you prefer to use Terraform, you can alternatively use the [Terraform provide The CLI executable is available at [GitHub](https://github.com/edgelesssys/constellation/releases). Install it with the following commands: - - + + 1. Download the CLI: @@ -39,8 +39,8 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-amd64 /usr/local/bin/constellation ``` - - + + 1. Download the CLI: @@ -56,9 +56,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-arm64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -74,9 +74,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-arm64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -92,9 +92,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-amd64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -115,8 +115,8 @@ Invoke-WebRequest -OutFile ./constellation.exe -Uri 'https://github.com/edgeless 5. Click `New` 6. Enter the path to the folder containing the binary you want on your PATH: `C:\Program Files\Constellation\bin` - - + + :::tip The CLI supports autocompletion for various shells. To set it up, run `constellation completion` and follow the given steps. @@ -132,8 +132,8 @@ If you don't have a cloud subscription, you can also set up a [local Constellati ### Required permissions - - + + To set up a Constellation cluster, you need to perform two tasks that require permissions: create the infrastructure and create roles for cluster nodes. Both of these actions can be performed by different users, e.g., an administrator to create roles and a DevOps engineer to create the infrastructure. @@ -183,8 +183,8 @@ The built-in `PowerUserAccess` policy is a superset of these permissions. Follow Amazon's guide on [understanding](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) and [managing policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html). - - + + The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription: @@ -226,8 +226,8 @@ Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/az 1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration. - - + + Create a new project for Constellation or use an existing one. Enable the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com) on it. @@ -312,16 +312,16 @@ Together, the built-in roles `roles/editor`, `roles/compute.instanceAdmin` and ` Follow Google's guide on [understanding](https://cloud.google.com/iam/docs/understanding-roles) and [assigning roles](https://cloud.google.com/iam/docs/granting-changing-revoking-access). - - + + Constellation on STACKIT requires a User Access Token (UAT) for the OpenStack API and a STACKIT service account. The UAT already has all required permissions by default. The STACKIT service account needs the `editor` role to create STACKIT LoadBalancers. Look at the [STACKIT documentation](https://docs.stackit.cloud/stackit/en/getting-started-in-service-accounts-134415831.html) on how to create the service account and assign the role. - - + + ### Authentication @@ -331,8 +331,8 @@ You need to authenticate with your CSP. The following lists the required steps f The steps for a *testing* environment are simpler. However, they may expose secrets to the CSP. If in doubt, follow the *production* steps. ::: - - + + **Testing** @@ -348,8 +348,8 @@ aws configure Options and first steps are described in the [AWS CLI documentation](https://docs.aws.amazon.com/cli/index.html). - - + + **Testing** @@ -365,8 +365,8 @@ az login Other options are described in Azure's [authentication guide](https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli). - - + + **Testing** @@ -389,8 +389,8 @@ Use one of the following options on a trusted machine: Follow [Google's guide](https://cloud.google.com/docs/authentication/production#manually) for setting up your credentials. - - + + You need to authenticate with the infrastructure API (OpenStack) and create a service account (STACKIT API). @@ -420,9 +420,9 @@ You need to authenticate with the infrastructure API (OpenStack) and create a se {"STACKIT_SERVICE_ACCOUNT_TOKEN":"REPLACE_WITH_TOKEN"} ``` - + - + ## Next steps diff --git a/docs/docs/getting-started/marketplaces.md b/docs/docs/getting-started/marketplaces.md index b16d796d2..a6763a42a 100644 --- a/docs/docs/getting-started/marketplaces.md +++ b/docs/docs/getting-started/marketplaces.md @@ -4,8 +4,8 @@ Constellation is available through the Marketplaces of AWS, Azure, GCP, and STAC This document explains how to run Constellation with the dynamically billed cloud marketplace images. - - + + To use Constellation's marketplace images, ensure that you are subscribed to the [marketplace offering](https://aws.amazon.com/marketplace/pp/prodview-2mbn65nv57oys) through the web portal. @@ -15,8 +15,8 @@ Then, enable the use of marketplace images in your Constellation `constellation- yq eval -i ".provider.aws.useMarketplaceImage = true" constellation-conf.yaml ``` - - + + Constellation has a private marketplace plan. Please [contact us](https://www.edgeless.systems/enterprise-support/) to gain access. @@ -32,8 +32,8 @@ Then, enable the use of marketplace images in your Constellation `constellation- yq eval -i ".provider.azure.useMarketplaceImage = true" constellation-conf.yaml ``` - - + + To use a marketplace image, ensure that the account is entitled to use marketplace images by Edgeless Systems by accepting the terms through the [web portal](https://console.cloud.google.com/marketplace/vm/config/edgeless-systems-public/constellation). @@ -43,13 +43,13 @@ Then, enable the use of marketplace images in your Constellation `constellation- yq eval -i ".provider.gcp.useMarketplaceImage = true" constellation-conf.yaml ``` - - + + On STACKIT, the selected Constellation image is always a marketplace image. You can find more information on the STACKIT portal. - - + + Ensure that the cluster uses an official release image version (i.e., `.image=vX.Y.Z` in the `constellation-conf.yaml` file). diff --git a/docs/docs/workflows/config.md b/docs/docs/workflows/config.md index 9da4305de..120bf8ed7 100644 --- a/docs/docs/workflows/config.md +++ b/docs/docs/workflows/config.md @@ -14,44 +14,44 @@ Before you can create your cluster, you need to configure the identity and acces You can generate a configuration file for your CSP by using the following CLI command: - - + + ```bash constellation config generate aws ``` - - + + ```bash constellation config generate azure ``` - - + + ```bash constellation config generate gcp ``` - - + + ```bash constellation config generate stackit ``` - - + + This creates the file `constellation-conf.yaml` in the current directory. ## Choosing a VM type Constellation supports the following VM types: - - + + By default, Constellation uses `m6a.xlarge` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying `instanceType` in the configuration file. @@ -62,20 +62,20 @@ If you are using the attestation variant `awsNitroTPM`, you can choose any of th The Constellation CLI can also print the supported instance types with: `constellation config instance-types`. - - + + By default, Constellation uses `Standard_DC4as_v5` CVMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying `instanceType` in the configuration file. For CVMs, any VM type with a minimum of 4 vCPUs from the [DCasv5 & DCadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/dcasv5-dcadsv5-series) or [ECasv5 & ECadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/ecasv5-ecadsv5-series) families is supported. You can also run `constellation config instance-types` to get the list of all supported options. - - + + By default, Constellation uses `n2d-standard-4` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying `instanceType` in the configuration file. Supported are all machines with a minimum of 4 vCPUs from the [C2D](https://cloud.google.com/compute/docs/compute-optimized-machines#c2d_machine_types) or [N2D](https://cloud.google.com/compute/docs/general-purpose-machines#n2d_machines) family. You can run `constellation config instance-types` to get the list of all supported options. - - + + By default, Constellation uses `m1a.4cd` VMs (4 vCPUs, 30 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying `instanceType` in the configuration file. @@ -93,8 +93,8 @@ You can choose any of the SEV-enabled instance types. You can find a list of all The Constellation CLI can also print the supported instance types with: `constellation config instance-types`. - - + + Fill the desired VM type into the `instanceType` fields in the `constellation-conf.yml` file. @@ -153,8 +153,8 @@ See also Constellation's [Kubernetes support policy](../architecture/versions.md You can create an IAM configuration for your cluster automatically using the `constellation iam create` command. If you already have a Constellation configuration file, you can add the `--update-config` flag to the command. This writes the needed IAM fields into your configuration. Furthermore, the flag updates the zone/region of the configuration if it hasn't been set yet. - - + + You must be authenticated with the [AWS CLI](https://aws.amazon.com/en/cli/) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -178,8 +178,8 @@ You can find a list of all [regions in AWS's documentation](https://docs.aws.ama Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + + You must be authenticated with the [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -204,8 +204,8 @@ You can find a list of all [regions in Azure's documentation](https://azure.micr Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + + You must be authenticated with the [GCP CLI](https://cloud.google.com/sdk/gcloud) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -219,21 +219,21 @@ Note that only regions offering CVMs of the `C2D` or `N2D` series are supported. Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + + STACKIT requires manual creation and configuration of service accounts. Look at the [first steps](../getting-started/first-steps.md) for more information. - - + +
    Alternatively, you can manually create the IAM configuration on your CSP. The following describes the configuration fields and how you obtain the required information or create the required resources. - - + + * **region**: The name of your chosen AWS data center region, e.g., `us-east-2`. @@ -264,8 +264,8 @@ The following describes the configuration fields and how you obtain the required Alternatively, you can create the AWS profile with a tool of your choice. Use the JSON policy in [main.tf](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam/main.tf) in the resource `aws_iam_policy.worker_node_policy`. - - + + * **subscription**: The UUID of your Azure subscription, e.g., `8b8bd01f-efd9-4113-9bd1-c82137c32da7`. @@ -301,8 +301,8 @@ The following describes the configuration fields and how you obtain the required The user-assigned identity is used by instances of the cluster to access other cloud resources. For more information about managed identities refer to [Azure's documentation](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities). - - + + * **project**: The ID of your GCP project, e.g., `constellation-129857`. @@ -326,13 +326,13 @@ The following describes the configuration fields and how you obtain the required Afterward, create and download a new JSON key for this service account. Place the downloaded file in your Constellation workspace, and set the config parameter to the filename, e.g., `constellation-129857-15343dba46cb.json`. - - + + STACKIT requires manual creation and configuration of service accounts. Look at the [first steps](../getting-started/first-steps.md) for more information. - - + +
    Now that you've configured your CSP, you can [create your cluster](./create.md). diff --git a/docs/docs/workflows/create.md b/docs/docs/workflows/create.md index 388cbedf8..6074ebb16 100644 --- a/docs/docs/workflows/create.md +++ b/docs/docs/workflows/create.md @@ -27,8 +27,8 @@ If you don't have a cloud subscription, you can also set up a [local Constellati Before you create the cluster, make sure to have a [valid configuration file](./config.md). - - + + ```bash constellation apply @@ -36,8 +36,8 @@ constellation apply `apply` stores the state of your cluster's cloud resources in a [`constellation-terraform`](../architecture/orchestration.md#cluster-creation-process) directory in your workspace. - - + + Self-managed infrastructure allows for more flexibility in the setup, by separating the infrastructure setup from the Constellation cluster management. This provides flexibility in DevOps and can meet potential regulatory requirements. @@ -77,8 +77,8 @@ With the required cloud resources set up, continue with initializing your cluste constellation apply --skip-phases=infrastructure ``` - - + + Finally, configure `kubectl` for your cluster: diff --git a/docs/docs/workflows/recovery.md b/docs/docs/workflows/recovery.md index aea370e2f..50cd7ee72 100644 --- a/docs/docs/workflows/recovery.md +++ b/docs/docs/workflows/recovery.md @@ -16,8 +16,8 @@ You can check the health status of the nodes via the cloud service provider (CSP Constellation provides logging information on the boot process and status via serial console output. In the following, you'll find detailed descriptions for identifying clusters stuck in recovery for each CSP. - - + + First, open the AWS console to view all Auto Scaling Groups (ASGs) in the region of your cluster. Select the ASG of the control plane `--control-plane` and check that enough members are in a *Running* state. @@ -47,8 +47,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + In the Azure portal, find the cluster's resource group. Inside the resource group, open the control plane *Virtual machine scale set* `constellation-scale-set-controlplanes-`. @@ -82,8 +82,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + First, check that the control plane *Instance Group* has enough members in a *Ready* state. In the GCP Console, go to **Instance Groups** and check the group for the cluster's control plane `-control-plane-`. @@ -118,8 +118,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + First, open the STACKIT portal to view all servers in your project. Select individual control plane nodes `--control-plane--` and check that enough members are in a *Running* state. @@ -149,8 +149,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + ## Recover a cluster diff --git a/docs/docs/workflows/scale.md b/docs/docs/workflows/scale.md index 0b52b9540..28f19e3f1 100644 --- a/docs/docs/workflows/scale.md +++ b/docs/docs/workflows/scale.md @@ -51,36 +51,36 @@ kubectl -n kube-system get nodes Alternatively, you can manually scale your cluster up or down: - - + + 1. Go to Auto Scaling Groups and select the worker ASG to scale up. 2. Click **Edit** 3. Set the new (increased) **Desired capacity** and **Update**. - - + + 1. Find your Constellation resource group. 2. Select the `scale-set-workers`. 3. Go to **settings** and **scaling**. 4. Set the new **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **worker** instance group. 3. Set the new **number of instances** and **save**. - - + + Dynamic cluster scaling isn't yet supported for STACKIT. Support will be introduced in one of the upcoming releases. - - + + ## Control-plane node scaling @@ -88,35 +88,35 @@ Control-plane nodes can **only be scaled manually and only scaled up**! To increase the number of control-plane nodes, follow these steps: - - + + 1. Go to Auto Scaling Groups and select the control-plane ASG to scale up. 2. Click **Edit** 3. Set the new (increased) **Desired capacity** and **Update**. - - + + 1. Find your Constellation resource group. 2. Select the `scale-set-controlplanes`. 3. Go to **settings** and **scaling**. 4. Set the new (increased) **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **control-plane** instance group. 3. Set the new (increased) **number of instances** and **save**. - - + + Dynamic cluster scaling isn't yet supported for STACKIT. Support will be introduced in one of the upcoming releases. - - + + If you scale down the number of control-planes nodes, the removed nodes won't be able to exit the `etcd` cluster correctly. This will endanger the quorum that's required to run a stable Kubernetes control plane. diff --git a/docs/docs/workflows/storage.md b/docs/docs/workflows/storage.md index f1344d6ad..a5c52be90 100644 --- a/docs/docs/workflows/storage.md +++ b/docs/docs/workflows/storage.md @@ -21,37 +21,37 @@ For more details see [encrypted persistent storage](../architecture/encrypted-st Constellation supports the following drivers, which offer node-level encryption and optional integrity protection. - - + + **Constellation CSI driver for AWS Elastic Block Store** Mount [Elastic Block Store](https://aws.amazon.com/ebs/) storage volumes into your Constellation cluster. Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-aws-ebs-csi-driver) for more information. - - + + **Constellation CSI driver for Azure Disk**: Mount Azure [Disk Storage](https://azure.microsoft.com/en-us/services/storage/disks/#overview) into your Constellation cluster. See the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-azuredisk-csi-driver) for more information. Since Azure Disks are mounted as `ReadWriteOnce`, they're only available to a single pod. - - + + **Constellation CSI driver for GCP Persistent Disk**: Mount [Persistent Disk](https://cloud.google.com/persistent-disk) block storage into your Constellation cluster. Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-gcp-compute-persistent-disk-csi-driver) for more information. - - + + **Constellation CSI driver for STACKIT / OpenStack Cinder** Mount [Cinder](https://docs.openstack.org/cinder/latest/) block storage volumes into your Constellation cluster. Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-cloud-provider-openstack) for more information. - - + + Note that in case the options above aren't a suitable solution for you, Constellation is compatible with all other CSI-based storage options. For example, you can use [AWS EFS](https://docs.aws.amazon.com/en_en/eks/latest/userguide/efs-csi.html), [Azure Files](https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction), or [GCP Filestore](https://cloud.google.com/filestore) with Constellation out of the box. Constellation is just not providing transparent encryption on the node level for these storage types yet. @@ -60,8 +60,8 @@ Note that in case the options above aren't a suitable solution for you, Constell The Constellation CLI automatically installs Constellation's CSI driver for the selected CSP in your cluster. If you don't need a CSI driver or wish to deploy your own, you can disable the automatic installation by setting `deployCSIDriver` to `false` in your Constellation config file. - - + + AWS comes with two storage classes by default. @@ -89,8 +89,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + Azure comes with two storage classes by default. @@ -118,8 +118,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + GCP comes with two storage classes by default. @@ -147,8 +147,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + STACKIT comes with two storage classes by default. @@ -176,8 +176,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + 1. Create a [persistent volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) diff --git a/docs/docs/workflows/terminate.md b/docs/docs/workflows/terminate.md index 11bbbb2ac..2c45bebe3 100644 --- a/docs/docs/workflows/terminate.md +++ b/docs/docs/workflows/terminate.md @@ -16,8 +16,8 @@ All ephemeral storage and state of your cluster will be lost. Make sure any data ::: - - + + Terminate the cluster by running: ```bash @@ -40,8 +40,8 @@ resources manually. Just run the `terminate` command again afterward to continue ::: - - + + Terminate the cluster by running: ```bash @@ -56,5 +56,5 @@ rm constellation-state.yaml constellation-admin.conf Only the `constellation-mastersecret.json` and the configuration file remain. - - + + diff --git a/docs/docs/workflows/terraform-provider.md b/docs/docs/workflows/terraform-provider.md index 8a3cedc62..ed8f46eda 100644 --- a/docs/docs/workflows/terraform-provider.md +++ b/docs/docs/workflows/terraform-provider.md @@ -21,8 +21,9 @@ This example shows how to set up a Constellation cluster with the reference IAM 2. Use one of the [example configurations for using the Constellation Terraform provider](https://github.com/edgelesssys/constellation/tree/main/terraform-provider-constellation/examples/full) or create a `main.tf` file and fill it with the resources you want to create. The [Constellation Terraform provider documentation](https://registry.terraform.io/providers/edgelesssys/constellation/latest) offers thorough documentation on the resources and their attributes. 3. Initialize and apply the Terraform configuration. - - + + + Initialize the providers and apply the configuration. ```bash @@ -31,8 +32,8 @@ This example shows how to set up a Constellation cluster with the reference IAM ``` Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios. - - + + When creating a cluster on Azure, you need to manually patch the policy of the MAA provider before creating the Constellation cluster, as this feature isn't available in Azure's Terraform provider yet. The Constellation CLI provides a utility for patching, but you can also do it manually. @@ -66,8 +67,8 @@ This example shows how to set up a Constellation cluster with the reference IAM }; ``` - - + + Initialize the providers and apply the configuration. ```bash @@ -76,8 +77,8 @@ This example shows how to set up a Constellation cluster with the reference IAM ``` Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios. - - + + Initialize the providers and apply the configuration. ```bash @@ -86,9 +87,9 @@ This example shows how to set up a Constellation cluster with the reference IAM ``` Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios. - + - + 4. Connect to the cluster. ```bash diff --git a/docs/versioned_docs/version-2.0/architecture/attestation.md b/docs/versioned_docs/version-2.0/architecture/attestation.md index 443c19639..92ee2e9a2 100644 --- a/docs/versioned_docs/version-2.0/architecture/attestation.md +++ b/docs/versioned_docs/version-2.0/architecture/attestation.md @@ -121,8 +121,8 @@ Constellation allows to specify in the config which measurements should be enfor Enforcing non-reproducible measurements controlled by the cloud provider means that changes in these values require manual updates to the cluster's config. By default, Constellation only enforces measurements that are stable values produced by the infrastructure or by Constellation directly. - - + + Constellation uses the [vTPM](https://docs.microsoft.com/en-us/azure/virtual-machines/trusted-launch#vtpm) feature of Azure CVMs for runtime measurements. This vTPM adheres to the [TPM 2.0](https://trustedcomputinggroup.org/resource/tpm-library-specification/) specification. @@ -149,8 +149,8 @@ The latter means that the value can be generated offline and compared to the one | 12 | ClusterID | Constellation Bootstrapper | Yes | | 13–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://cloud.google.com/compute/confidential-vm/docs/about-cvm) feature of CVMs on GCP for runtime measurements. Note that this vTPM doesn't run inside the hardware-protected CVM context, but is emulated by the hypervisor. @@ -179,8 +179,8 @@ The latter means that the value can be generated offline and compared to the one | 12 | ClusterID | Constellation Bootstrapper | Yes | | 13–23 | Unused |- | - | - - + + ## Cluster attestation diff --git a/docs/versioned_docs/version-2.0/getting-started/first-steps.md b/docs/versioned_docs/version-2.0/getting-started/first-steps.md index 9be306396..08adfbd12 100644 --- a/docs/versioned_docs/version-2.0/getting-started/first-steps.md +++ b/docs/versioned_docs/version-2.0/getting-started/first-steps.md @@ -6,29 +6,29 @@ The following steps guide you through the process of creating a cluster and depl 1. Create the configuration file for your selected cloud provider. - - + + ```bash constellation config generate azure ``` - - + + ```bash constellation config generate gcp ``` - - + + This creates the file `constellation-conf.yaml` in your current working directory. 2. Fill in your cloud provider specific information. - - + + You need several resources for the cluster. You can use the following `az` script to create them: @@ -59,8 +59,8 @@ The following steps guide you through the process of creating a cluster and depl Run `constellation config instance-types` to get the list of all supported options. - - + + * **subscription**: The UUID of your Azure subscription, e.g., `8b8bd01f-efd9-4113-9bd1-c82137c32da7`. @@ -106,8 +106,8 @@ The following steps guide you through the process of creating a cluster and depl Run `constellation config instance-types` to get the list of all supported options. - - + + You need a service account for the cluster. You can use the following `gcloud` script to create it: @@ -130,8 +130,8 @@ The following steps guide you through the process of creating a cluster and depl By default, Constellation uses `n2d-standard-4` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. Supported are all machines from the N2D family. Refer to [N2D machine series](https://cloud.google.com/compute/docs/general-purpose-machines#n2d_machines) or run `constellation config instance-types` to get the list of all supported options. - - + + * **project**: The ID of your GCP project, e.g., `constellation-129857`. @@ -159,8 +159,8 @@ The following steps guide you through the process of creating a cluster and depl Supported are all machines from the N2D family with a minimum of 4 vCPUs. It defaults to `n2d-standard-4` (4 vCPUs, 16 GB RAM), but you can use any other VMs from the same family. Refer to [N2D machine series](https://cloud.google.com/compute/docs/general-purpose-machines#n2d_machines) or run `constellation config instance-types` to get the list of all supported options. - - + + :::info diff --git a/docs/versioned_docs/version-2.0/getting-started/install.md b/docs/versioned_docs/version-2.0/getting-started/install.md index 8e3545c1a..5945f0405 100644 --- a/docs/versioned_docs/version-2.0/getting-started/install.md +++ b/docs/versioned_docs/version-2.0/getting-started/install.md @@ -18,8 +18,8 @@ Make sure the following requirements are met: The CLI executable is available at [GitHub](https://github.com/edgelesssys/constellation/releases). Install it with the following commands: - - + + 1. Download the CLI: @@ -35,8 +35,8 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-amd64 /usr/local/bin/constellation ``` - - + + 1. Download the CLI: @@ -52,10 +52,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-arm64 /usr/local/bin/constellation ``` + - - - + 1. Download the CLI: @@ -71,11 +70,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-arm64 /usr/local/bin/constellation ``` + - - - - + 1. Download the CLI: @@ -91,8 +88,8 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-amd64 /usr/local/bin/constellation ``` - - + + :::tip The CLI supports autocompletion for various shells. To set it up, run `constellation completion` and follow the given steps. @@ -104,8 +101,8 @@ The CLI makes authenticated calls to the CSP API. Therefore, you need to set up ### Required permissions - - + + You need the following permissions for your user account: @@ -115,8 +112,8 @@ You need the following permissions for your user account: If you don't have these permissions with scope *subscription*, ask your administrator to [create the service account and a resource group for your Constellation cluster](first-steps.md). Your user account needs the `Contributor` permission scoped to this resource group. - - + + Create a new project for Constellation or use an existing one. Enable the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com) on it. @@ -128,8 +125,8 @@ You need the following permissions on this project: Follow Google's guide on [understanding](https://cloud.google.com/iam/docs/understanding-roles) and [assigning roles](https://cloud.google.com/iam/docs/granting-changing-revoking-access). - - + + ### Authentication @@ -139,8 +136,8 @@ You need to authenticate with your CSP. The following lists the required steps f The steps for a *testing* environment are simpler. However, they may expose secrets to the CSP. If in doubt, follow the *production* steps. ::: - - + + **Testing** @@ -156,8 +153,8 @@ az login Other options are described in Azure's [authentication guide](https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli). - - + + **Testing** @@ -180,8 +177,8 @@ Use one of the following options on a trusted machine: Follow [Google's guide](https://cloud.google.com/docs/authentication/production#manually) for setting up your credentials. - - + + ## Next steps diff --git a/docs/versioned_docs/version-2.0/workflows/create.md b/docs/versioned_docs/version-2.0/workflows/create.md index 1dd1088d5..a426202e5 100644 --- a/docs/versioned_docs/version-2.0/workflows/create.md +++ b/docs/versioned_docs/version-2.0/workflows/create.md @@ -15,22 +15,22 @@ This step creates the necessary resources for your cluster in your cloud environ Generate a configuration file for your cloud service provider (CSP): - - + + ```bash constellation config generate azure ``` - - + + ```bash constellation config generate gcp ``` - - + + This creates the file `constellation-conf.yaml` in the current directory. [Fill in your CSP-specific information](../getting-started/first-steps.md#create-a-cluster) before you continue. diff --git a/docs/versioned_docs/version-2.0/workflows/recovery.md b/docs/versioned_docs/version-2.0/workflows/recovery.md index 4c6010d98..ca37ca839 100644 --- a/docs/versioned_docs/version-2.0/workflows/recovery.md +++ b/docs/versioned_docs/version-2.0/workflows/recovery.md @@ -17,8 +17,8 @@ You can check the health status of the nodes via the cloud service provider (CSP Constellation provides logging information on the boot process and status via [cloud logging](troubleshooting.md#cloud-logging). In the following, you'll find detailed descriptions for identifying clusters stuck in recovery for each CSP. - - + + In the Azure portal, find the cluster's resource group. Inside the resource group, open the control plane *Virtual machine scale set* `constellation-scale-set-controlplanes-`. @@ -52,8 +52,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. For this, you need its IP address, which you can obtain from the *Overview* page under *Private IP address*. - - + + First, check that the control plane *Instance Group* has enough members in a *Ready* state. In the GCP Console, go to **Instance Groups** and check the group for the cluster's control plane `-control-plane-`. @@ -88,8 +88,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. For this, you need its IP address, which you can obtain from the **VM Instance** > **network interfaces** table under *Primary internal IP address*. - - + + ## Recover a cluster diff --git a/docs/versioned_docs/version-2.0/workflows/scale.md b/docs/versioned_docs/version-2.0/workflows/scale.md index 3318d8aee..84773b80c 100644 --- a/docs/versioned_docs/version-2.0/workflows/scale.md +++ b/docs/versioned_docs/version-2.0/workflows/scale.md @@ -6,23 +6,23 @@ Constellation provides all features of a Kubernetes cluster including scaling an [During cluster initialization](create.md#the-init-step) you can choose to deploy the [cluster autoscaler](https://github.com/kubernetes/autoscaler). It automatically provisions additional worker nodes so that all pods have a place to run. Alternatively, you can choose to manually scale your cluster up or down: - - + + 1. Find your Constellation resource group. 2. Select the `scale-set-workers`. 3. Go to **settings** and **scaling**. 4. Set the new **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **worker** instance group. 3. Set the new **number of instances** and **save**. - - + + ## Control-plane node scaling @@ -30,23 +30,23 @@ Control-plane nodes can **only be scaled manually and only scaled up**! To increase the number of control-plane nodes, follow these steps: - + - + 1. Find your Constellation resource group. 2. Select the `scale-set-controlplanes`. 3. Go to **settings** and **scaling**. 4. Set the new (increased) **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **control-plane** instance group. 3. Set the new (increased) **number of instances** and **save**. - - + + If you scale down the number of control-planes nodes, the removed nodes won't be able to exit the `etcd` cluster correctly. This will endanger the quorum that's required to run a stable Kubernetes control plane. diff --git a/docs/versioned_docs/version-2.0/workflows/storage.md b/docs/versioned_docs/version-2.0/workflows/storage.md index 958c73261..38d77c694 100644 --- a/docs/versioned_docs/version-2.0/workflows/storage.md +++ b/docs/versioned_docs/version-2.0/workflows/storage.md @@ -21,14 +21,14 @@ For more details see [encrypted persistent storage](../architecture/encrypted-st Constellation supports the following drivers, which offer node-level encryption and optional integrity protection. - - + + **Constellation CSI driver for Azure Disk**: Mount Azure [Disk Storage](https://azure.microsoft.com/en-us/services/storage/disks/#overview) into your Constellation cluster. See the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-azuredisk-csi-driver) for more information. Since Azure Disks are mounted as ReadWriteOnce, they're only available to a single pod. - - + + **Constellation CSI driver for GCP Persistent Disk**: Mount [Persistent Disk](https://cloud.google.com/persistent-disk) block storage into your Constellation cluster. @@ -36,8 +36,8 @@ This includes support for [volume snapshots](https://cloud.google.com/kubernetes You can use them to bring a volume back to a prior state or provision new volumes. Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-gcp-compute-persistent-disk-csi-driver) for information about the configuration. - - + + Note that in case the options above aren't a suitable solution for you, Constellation is compatible with all other CSI-based storage options. For example, you can use [Azure Files](https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction) or [GCP Filestore](https://cloud.google.com/filestore) with Constellation out of the box. Constellation is just not providing transparent encryption on the node level for these storage types yet. @@ -45,8 +45,8 @@ Note that in case the options above aren't a suitable solution for you, Constell The following installation guide gives an overview of how to securely use CSI-based cloud storage for persistent volumes in Constellation. - - + + 1. Install the driver: @@ -56,8 +56,8 @@ The following installation guide gives an overview of how to securely use CSI-ba helm install azuredisk-csi-driver charts/edgeless --namespace kube-system ``` - - + + 1. Install the driver: @@ -66,8 +66,8 @@ The following installation guide gives an overview of how to securely use CSI-ba helm install gcp-compute-persistent-disk-csi-driver charts/ --namespace kube-system ``` - - + + :::info @@ -138,8 +138,8 @@ The default storage class is responsible for all persistent volume claims that d The previous instructions create a storage class with encryption enabled and sets this as the default class. In case you wish to change it, follow the steps below: - - + + 1. List the storage classes in your cluster: @@ -185,8 +185,8 @@ In case you wish to change it, follow the steps below: integrity-encrypted-rwo (default) azuredisk.csi.confidential.cloud Delete Immediate false 1d ``` - - + + 1. List the storage classes in your cluster: @@ -232,5 +232,5 @@ In case you wish to change it, follow the steps below: integrity-encrypted-rwo (default) gcp.csi.confidential.cloud Delete Immediate false 1d ``` - - + + diff --git a/docs/versioned_docs/version-2.0/workflows/troubleshooting.md b/docs/versioned_docs/version-2.0/workflows/troubleshooting.md index ba340601b..afc9274c6 100644 --- a/docs/versioned_docs/version-2.0/workflows/troubleshooting.md +++ b/docs/versioned_docs/version-2.0/workflows/troubleshooting.md @@ -8,8 +8,8 @@ To provide information during early stages of the node's boot process, Constella You can view these information in the follow places: - - + + 1. In your Azure subscription find the Constellation resource group. 2. Inside the resource group find the Application Insights resource called `constellation-insights-*`. @@ -19,8 +19,8 @@ You can view these information in the follow places: To **find the disk UUIDs** use the following query: `traces | where message contains "Disk UUID"` - - + + 1. Select the project that hosts Constellation. 2. Go to the `Compute Engine` service. @@ -35,5 +35,5 @@ Constellation uses the default bucket to store logs. Its [default retention peri ::: - - + + diff --git a/docs/versioned_docs/version-2.1/architecture/attestation.md b/docs/versioned_docs/version-2.1/architecture/attestation.md index 443c19639..92ee2e9a2 100644 --- a/docs/versioned_docs/version-2.1/architecture/attestation.md +++ b/docs/versioned_docs/version-2.1/architecture/attestation.md @@ -121,8 +121,8 @@ Constellation allows to specify in the config which measurements should be enfor Enforcing non-reproducible measurements controlled by the cloud provider means that changes in these values require manual updates to the cluster's config. By default, Constellation only enforces measurements that are stable values produced by the infrastructure or by Constellation directly. - - + + Constellation uses the [vTPM](https://docs.microsoft.com/en-us/azure/virtual-machines/trusted-launch#vtpm) feature of Azure CVMs for runtime measurements. This vTPM adheres to the [TPM 2.0](https://trustedcomputinggroup.org/resource/tpm-library-specification/) specification. @@ -149,8 +149,8 @@ The latter means that the value can be generated offline and compared to the one | 12 | ClusterID | Constellation Bootstrapper | Yes | | 13–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://cloud.google.com/compute/confidential-vm/docs/about-cvm) feature of CVMs on GCP for runtime measurements. Note that this vTPM doesn't run inside the hardware-protected CVM context, but is emulated by the hypervisor. @@ -179,8 +179,8 @@ The latter means that the value can be generated offline and compared to the one | 12 | ClusterID | Constellation Bootstrapper | Yes | | 13–23 | Unused |- | - | - - + + ## Cluster attestation diff --git a/docs/versioned_docs/version-2.1/getting-started/first-steps.md b/docs/versioned_docs/version-2.1/getting-started/first-steps.md index bd9513650..d729fd0cf 100644 --- a/docs/versioned_docs/version-2.1/getting-started/first-steps.md +++ b/docs/versioned_docs/version-2.1/getting-started/first-steps.md @@ -11,29 +11,29 @@ If you don't have a cloud subscription, check out [MiniConstellation](first-step 1. Create the configuration file for your selected cloud provider. - - + + ```bash constellation config generate azure ``` - - + + ```bash constellation config generate gcp ``` - - + + This creates the file `constellation-conf.yaml` in your current working directory. 2. Fill in your cloud provider specific information. - - + + You need several resources for the cluster. You can use the following `az` script to create them: @@ -64,8 +64,8 @@ If you don't have a cloud subscription, check out [MiniConstellation](first-step Run `constellation config instance-types` to get the list of all supported options. - - + + * **subscription**: The UUID of your Azure subscription, e.g., `8b8bd01f-efd9-4113-9bd1-c82137c32da7`. @@ -111,8 +111,8 @@ If you don't have a cloud subscription, check out [MiniConstellation](first-step Run `constellation config instance-types` to get the list of all supported options. - - + + You need a service account for the cluster. You can use the following `gcloud` script to create it: @@ -135,8 +135,8 @@ If you don't have a cloud subscription, check out [MiniConstellation](first-step By default, Constellation uses `n2d-standard-4` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. Supported are all machines from the N2D family. Refer to [N2D machine series](https://cloud.google.com/compute/docs/general-purpose-machines#n2d_machines) or run `constellation config instance-types` to get the list of all supported options. - - + + * **project**: The ID of your GCP project, e.g., `constellation-129857`. @@ -164,8 +164,8 @@ If you don't have a cloud subscription, check out [MiniConstellation](first-step Supported are all machines from the N2D family with a minimum of 4 vCPUs. It defaults to `n2d-standard-4` (4 vCPUs, 16 GB RAM), but you can use any other VMs from the same family. Refer to [N2D machine series](https://cloud.google.com/compute/docs/general-purpose-machines#n2d_machines) or run `constellation config instance-types` to get the list of all supported options. - - + + :::info diff --git a/docs/versioned_docs/version-2.1/getting-started/install.md b/docs/versioned_docs/version-2.1/getting-started/install.md index 56029b806..d4cf81ff7 100644 --- a/docs/versioned_docs/version-2.1/getting-started/install.md +++ b/docs/versioned_docs/version-2.1/getting-started/install.md @@ -18,8 +18,8 @@ Make sure the following requirements are met: The CLI executable is available at [GitHub](https://github.com/edgelesssys/constellation/releases). Install it with the following commands: - - + + 1. Download the CLI: @@ -35,8 +35,8 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-amd64 /usr/local/bin/constellation ``` - - + + 1. Download the CLI: @@ -52,10 +52,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-arm64 /usr/local/bin/constellation ``` + - - - + 1. Download the CLI: @@ -71,11 +70,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-arm64 /usr/local/bin/constellation ``` + - - - - + 1. Download the CLI: @@ -91,8 +88,8 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-amd64 /usr/local/bin/constellation ``` - - + + :::tip The CLI supports autocompletion for various shells. To set it up, run `constellation completion` and follow the given steps. @@ -108,8 +105,8 @@ If you don't have a cloud subscription, you can try [MiniConstellation](first-st ### Required permissions - - + + You need the following permissions for your user account: @@ -119,8 +116,8 @@ You need the following permissions for your user account: If you don't have these permissions with scope *subscription*, ask your administrator to [create the service account and a resource group for your Constellation cluster](first-steps.md). Your user account needs the `Contributor` permission scoped to this resource group. - - + + Create a new project for Constellation or use an existing one. Enable the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com) on it. @@ -132,8 +129,8 @@ You need the following permissions on this project: Follow Google's guide on [understanding](https://cloud.google.com/iam/docs/understanding-roles) and [assigning roles](https://cloud.google.com/iam/docs/granting-changing-revoking-access). - - + + ### Authentication @@ -143,8 +140,8 @@ You need to authenticate with your CSP. The following lists the required steps f The steps for a *testing* environment are simpler. However, they may expose secrets to the CSP. If in doubt, follow the *production* steps. ::: - - + + **Testing** @@ -160,8 +157,8 @@ az login Other options are described in Azure's [authentication guide](https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli). - - + + **Testing** @@ -184,8 +181,8 @@ Use one of the following options on a trusted machine: Follow [Google's guide](https://cloud.google.com/docs/authentication/production#manually) for setting up your credentials. - - + + ## Next steps diff --git a/docs/versioned_docs/version-2.1/workflows/create.md b/docs/versioned_docs/version-2.1/workflows/create.md index b95ffb5fd..a8956d7e4 100644 --- a/docs/versioned_docs/version-2.1/workflows/create.md +++ b/docs/versioned_docs/version-2.1/workflows/create.md @@ -19,22 +19,22 @@ This step creates the necessary resources for your cluster in your cloud environ Generate a configuration file for your cloud service provider (CSP): - - + + ```bash constellation config generate azure ``` - - + + ```bash constellation config generate gcp ``` - - + + This creates the file `constellation-conf.yaml` in the current directory. [Fill in your CSP-specific information](../getting-started/first-steps.md#create-a-cluster) before you continue. diff --git a/docs/versioned_docs/version-2.1/workflows/recovery.md b/docs/versioned_docs/version-2.1/workflows/recovery.md index cde039ea7..c55daf413 100644 --- a/docs/versioned_docs/version-2.1/workflows/recovery.md +++ b/docs/versioned_docs/version-2.1/workflows/recovery.md @@ -16,8 +16,8 @@ You can check the health status of the nodes via the cloud service provider (CSP Constellation provides logging information on the boot process and status via [cloud logging](troubleshooting.md#cloud-logging). In the following, you'll find detailed descriptions for identifying clusters stuck in recovery for each CSP. - - + + In the Azure portal, find the cluster's resource group. Inside the resource group, open the control plane *Virtual machine scale set* `constellation-scale-set-controlplanes-`. @@ -51,8 +51,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + First, check that the control plane *Instance Group* has enough members in a *Ready* state. In the GCP Console, go to **Instance Groups** and check the group for the cluster's control plane `-control-plane-`. @@ -87,8 +87,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + ## Recover a cluster diff --git a/docs/versioned_docs/version-2.1/workflows/scale.md b/docs/versioned_docs/version-2.1/workflows/scale.md index 1c8757fe8..669856655 100644 --- a/docs/versioned_docs/version-2.1/workflows/scale.md +++ b/docs/versioned_docs/version-2.1/workflows/scale.md @@ -48,23 +48,23 @@ kubectl -n kube-system get nodes Alternatively, you can manually scale your cluster up or down: - - + + 1. Find your Constellation resource group. 2. Select the `scale-set-workers`. 3. Go to **settings** and **scaling**. 4. Set the new **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **worker** instance group. 3. Set the new **number of instances** and **save**. - - + + ## Control-plane node scaling @@ -72,23 +72,23 @@ Control-plane nodes can **only be scaled manually and only scaled up**! To increase the number of control-plane nodes, follow these steps: - + - + 1. Find your Constellation resource group. 2. Select the `scale-set-controlplanes`. 3. Go to **settings** and **scaling**. 4. Set the new (increased) **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **control-plane** instance group. 3. Set the new (increased) **number of instances** and **save**. - - + + If you scale down the number of control-planes nodes, the removed nodes won't be able to exit the `etcd` cluster correctly. This will endanger the quorum that's required to run a stable Kubernetes control plane. diff --git a/docs/versioned_docs/version-2.1/workflows/storage.md b/docs/versioned_docs/version-2.1/workflows/storage.md index 958c73261..38d77c694 100644 --- a/docs/versioned_docs/version-2.1/workflows/storage.md +++ b/docs/versioned_docs/version-2.1/workflows/storage.md @@ -21,14 +21,14 @@ For more details see [encrypted persistent storage](../architecture/encrypted-st Constellation supports the following drivers, which offer node-level encryption and optional integrity protection. - - + + **Constellation CSI driver for Azure Disk**: Mount Azure [Disk Storage](https://azure.microsoft.com/en-us/services/storage/disks/#overview) into your Constellation cluster. See the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-azuredisk-csi-driver) for more information. Since Azure Disks are mounted as ReadWriteOnce, they're only available to a single pod. - - + + **Constellation CSI driver for GCP Persistent Disk**: Mount [Persistent Disk](https://cloud.google.com/persistent-disk) block storage into your Constellation cluster. @@ -36,8 +36,8 @@ This includes support for [volume snapshots](https://cloud.google.com/kubernetes You can use them to bring a volume back to a prior state or provision new volumes. Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-gcp-compute-persistent-disk-csi-driver) for information about the configuration. - - + + Note that in case the options above aren't a suitable solution for you, Constellation is compatible with all other CSI-based storage options. For example, you can use [Azure Files](https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction) or [GCP Filestore](https://cloud.google.com/filestore) with Constellation out of the box. Constellation is just not providing transparent encryption on the node level for these storage types yet. @@ -45,8 +45,8 @@ Note that in case the options above aren't a suitable solution for you, Constell The following installation guide gives an overview of how to securely use CSI-based cloud storage for persistent volumes in Constellation. - - + + 1. Install the driver: @@ -56,8 +56,8 @@ The following installation guide gives an overview of how to securely use CSI-ba helm install azuredisk-csi-driver charts/edgeless --namespace kube-system ``` - - + + 1. Install the driver: @@ -66,8 +66,8 @@ The following installation guide gives an overview of how to securely use CSI-ba helm install gcp-compute-persistent-disk-csi-driver charts/ --namespace kube-system ``` - - + + :::info @@ -138,8 +138,8 @@ The default storage class is responsible for all persistent volume claims that d The previous instructions create a storage class with encryption enabled and sets this as the default class. In case you wish to change it, follow the steps below: - - + + 1. List the storage classes in your cluster: @@ -185,8 +185,8 @@ In case you wish to change it, follow the steps below: integrity-encrypted-rwo (default) azuredisk.csi.confidential.cloud Delete Immediate false 1d ``` - - + + 1. List the storage classes in your cluster: @@ -232,5 +232,5 @@ In case you wish to change it, follow the steps below: integrity-encrypted-rwo (default) gcp.csi.confidential.cloud Delete Immediate false 1d ``` - - + + diff --git a/docs/versioned_docs/version-2.1/workflows/troubleshooting.md b/docs/versioned_docs/version-2.1/workflows/troubleshooting.md index ba340601b..afc9274c6 100644 --- a/docs/versioned_docs/version-2.1/workflows/troubleshooting.md +++ b/docs/versioned_docs/version-2.1/workflows/troubleshooting.md @@ -8,8 +8,8 @@ To provide information during early stages of the node's boot process, Constella You can view these information in the follow places: - - + + 1. In your Azure subscription find the Constellation resource group. 2. Inside the resource group find the Application Insights resource called `constellation-insights-*`. @@ -19,8 +19,8 @@ You can view these information in the follow places: To **find the disk UUIDs** use the following query: `traces | where message contains "Disk UUID"` - - + + 1. Select the project that hosts Constellation. 2. Go to the `Compute Engine` service. @@ -35,5 +35,5 @@ Constellation uses the default bucket to store logs. Its [default retention peri ::: - - + + diff --git a/docs/versioned_docs/version-2.10/architecture/attestation.md b/docs/versioned_docs/version-2.10/architecture/attestation.md index 07ac3aa72..592063193 100644 --- a/docs/versioned_docs/version-2.10/architecture/attestation.md +++ b/docs/versioned_docs/version-2.10/architecture/attestation.md @@ -121,8 +121,8 @@ Constellation allows to specify in the config which measurements should be enfor Enforcing non-reproducible measurements controlled by the cloud provider means that changes in these values require manual updates to the cluster's config. By default, Constellation only enforces measurements that are stable values produced by the infrastructure or by Constellation directly. - - + + Constellation uses the [vTPM](https://docs.microsoft.com/en-us/azure/virtual-machines/trusted-launch#vtpm) feature of Azure CVMs for runtime measurements. This vTPM adheres to the [TPM 2.0](https://trustedcomputinggroup.org/resource/tpm-library-specification/) specification. @@ -152,8 +152,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://cloud.google.com/compute/confidential-vm/docs/about-cvm) feature of CVMs on GCP for runtime measurements. Note that this vTPM doesn't run inside the hardware-protected CVM context, but is emulated by the hypervisor. @@ -185,8 +185,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) (NitroTPM) feature of the [AWS Nitro System](http://aws.amazon.com/ec2/nitro/) on AWS for runtime measurements. @@ -217,16 +217,16 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + ### CVM verification To verify the integrity of the received attestation statement, a chain of trust from the CVM technology to the interface providing the statement has to be established. For verification of the CVM technology, Constellation may expose additional options in its config file. - - + + On Azure, AMD SEV-SNP is used to provide runtime encryption to the VMs. An SEV-SNP attestation report is used to establish trust in the vTPM running inside the VM. @@ -248,18 +248,18 @@ You may customize certain parameters for verification of the attestation stateme More explicitly, it controls the verification of the `IDKeyDigest` value in the SEV-SNP attestation report. You can provide a list of accepted key digests and specify a policy on how this list is compared against the reported `IDKeyDigest`. - - + + There is no additional configuration available for GCP. - - + + There is no additional configuration available for AWS. - - + + ## Cluster attestation diff --git a/docs/versioned_docs/version-2.10/getting-started/first-steps-local.md b/docs/versioned_docs/version-2.10/getting-started/first-steps-local.md index de9c66e9b..a6e825906 100644 --- a/docs/versioned_docs/version-2.10/getting-started/first-steps-local.md +++ b/docs/versioned_docs/version-2.10/getting-started/first-steps-local.md @@ -45,8 +45,8 @@ sudo iptables -P FORWARD ACCEPT ## Create a cluster - - + + With the `constellation mini` command, you can deploy and test Constellation locally. This mode is called MiniConstellation. Conceptually, MiniConstellation is similar to [MicroK8s](https://microk8s.io/), [K3s](https://k3s.io/), and [minikube](https://minikube.sigs.k8s.io/docs/). @@ -74,8 +74,8 @@ constellation mini up This will configure your current directory as the [workspace](../architecture/orchestration.md#workspaces) for this cluster. All `constellation` commands concerning this cluster need to be issued from this directory. - - + + With the QEMU provider, you can create a local Constellation cluster as if it were in the cloud. The provider uses [QEMU](https://www.qemu.org/) to create multiple VMs for the cluster nodes, which interact with each other. @@ -151,8 +151,8 @@ attaching persistent storage, or autoscaling aren't available. export KUBECONFIG="$PWD/constellation-admin.conf" ``` - - + + ## Connect to the cluster @@ -205,8 +205,8 @@ worker-0 Ready 32s v1.24.6 ## Terminate your cluster - - + + Once you are done, you can clean up the created resources using the following command: @@ -217,8 +217,8 @@ constellation mini down This will destroy your cluster and clean up your workspace. The VM image and cluster configuration file (`constellation-conf.yaml`) will be kept and may be reused to create new clusters. - - + + Once you are done, you can clean up the created resources using the following command: @@ -246,8 +246,8 @@ Your Constellation cluster was terminated successfully. This will destroy your cluster and clean up your workspace. The VM image and cluster configuration file (`constellation-conf.yaml`) will be kept and may be reused to create new clusters. - - + + ## Troubleshooting diff --git a/docs/versioned_docs/version-2.10/getting-started/first-steps.md b/docs/versioned_docs/version-2.10/getting-started/first-steps.md index 0b224e04d..9f6034e6b 100644 --- a/docs/versioned_docs/version-2.10/getting-started/first-steps.md +++ b/docs/versioned_docs/version-2.10/getting-started/first-steps.md @@ -15,39 +15,39 @@ If you encounter any problem with the following steps, make sure to use the [lat 1. Create the [configuration file](../workflows/config.md) for your cloud provider. - + - + ```bash constellation config generate azure ``` - + - + ```bash constellation config generate gcp ``` - + - + ```bash constellation config generate aws ``` - + - + 2. Create your [IAM configuration](../workflows/config.md#creating-an-iam-configuration). - + - + ```bash constellation iam create azure --region=westus --resourceGroup=constellTest --servicePrincipal=spTest --update-config @@ -62,9 +62,9 @@ If you encounter any problem with the following steps, make sure to use the [lat * `westeurope` * `southeastasia` - + - + ```bash constellation iam create gcp --projectID=yourproject-12345 --zone=europe-west2-a --serviceAccountID=constell-test --update-config @@ -74,9 +74,9 @@ If you encounter any problem with the following steps, make sure to use the [lat Note that only regions offering CVMs of the `C2D` or `N2D` series are supported. You can find a [list of all regions in Google's documentation](https://cloud.google.com/compute/docs/regions-zones#available), which you can filter by machine type `C2D` or `N2D`. - + - + ```bash constellation iam create aws --zone=us-east-2a --prefix=constellTest --update-config @@ -103,8 +103,8 @@ If you encounter any problem with the following steps, make sure to use the [lat You can find a list of all [regions in AWS's documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions). - - + + :::tip To learn about all options you have for managing IAM resources and Constellation configuration, see the [Configuration workflow](../workflows/config.md). diff --git a/docs/versioned_docs/version-2.10/getting-started/install.md b/docs/versioned_docs/version-2.10/getting-started/install.md index 1a90b6513..c21ad259c 100644 --- a/docs/versioned_docs/version-2.10/getting-started/install.md +++ b/docs/versioned_docs/version-2.10/getting-started/install.md @@ -18,8 +18,8 @@ Make sure the following requirements are met: The CLI executable is available at [GitHub](https://github.com/edgelesssys/constellation/releases). Install it with the following commands: - - + + 1. Download the CLI: @@ -35,8 +35,8 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-amd64 /usr/local/bin/constellation ``` - - + + 1. Download the CLI: @@ -52,9 +52,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-arm64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -70,9 +70,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-arm64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -88,8 +88,8 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-amd64 /usr/local/bin/constellation ``` - - + + :::tip The CLI supports autocompletion for various shells. To set it up, run `constellation completion` and follow the given steps. @@ -105,39 +105,42 @@ If you don't have a cloud subscription, you can also set up a [local Constellati ### Required permissions - - + + The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription: -* `Microsoft.Attestation` -* `Microsoft.Compute` -* `Microsoft.Insights` -* `Microsoft.ManagedIdentity` -* `Microsoft.Network` + +- `Microsoft.Attestation` +- `Microsoft.Compute` +- `Microsoft.Insights` +- `Microsoft.ManagedIdentity` +- `Microsoft.Network` By default, Constellation tries to register these automatically if they haven't been registered before. To [create the IAM configuration](../workflows/config.md#creating-an-iam-configuration) for Constellation, you need the following permissions: -* `*/register/action` \[1] -* `Microsoft.Authorization/roleAssignments/*` -* `Microsoft.Authorization/roleDefinitions/*` -* `Microsoft.ManagedIdentity/userAssignedIdentities/*` -* `Microsoft.Resources/subscriptions/resourcegroups/*` + +- `*/register/action` \[1] +- `Microsoft.Authorization/roleAssignments/*` +- `Microsoft.Authorization/roleDefinitions/*` +- `Microsoft.ManagedIdentity/userAssignedIdentities/*` +- `Microsoft.Resources/subscriptions/resourcegroups/*` The built-in `Owner` role is a superset of these permissions. To [create a Constellation cluster](../workflows/create.md#the-create-step), you need the following permissions: -* `Microsoft.Attestation/attestationProviders/*` -* `Microsoft.Compute/virtualMachineScaleSets/*` -* `Microsoft.Insights/components/*` -* `Microsoft.ManagedIdentity/userAssignedIdentities/*` -* `Microsoft.Network/loadBalancers/*` -* `Microsoft.Network/loadBalancers/backendAddressPools/*` -* `Microsoft.Network/networkSecurityGroups/*` -* `Microsoft.Network/publicIPAddresses/*` -* `Microsoft.Network/virtualNetworks/*` -* `Microsoft.Network/virtualNetworks/subnets/*` -* `Microsoft.Network/natGateways/*` + +- `Microsoft.Attestation/attestationProviders/*` +- `Microsoft.Compute/virtualMachineScaleSets/*` +- `Microsoft.Insights/components/*` +- `Microsoft.ManagedIdentity/userAssignedIdentities/*` +- `Microsoft.Network/loadBalancers/*` +- `Microsoft.Network/loadBalancers/backendAddressPools/*` +- `Microsoft.Network/networkSecurityGroups/*` +- `Microsoft.Network/publicIPAddresses/*` +- `Microsoft.Network/virtualNetworks/*` +- `Microsoft.Network/virtualNetworks/subnets/*` +- `Microsoft.Network/natGateways/*` The built-in `Contributor` role is a superset of these permissions. @@ -145,89 +148,91 @@ Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/az 1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration. - - + + Create a new project for Constellation or use an existing one. Enable the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com) on it. To [create the IAM configuration](../workflows/config.md#creating-an-iam-configuration) for Constellation, you need the following permissions: -* `iam.serviceAccountKeys.create` -* `iam.serviceAccountKeys.delete` -* `iam.serviceAccountKeys.get` -* `iam.serviceAccounts.create` -* `iam.serviceAccounts.delete` -* `iam.serviceAccounts.get` -* `resourcemanager.projects.getIamPolicy` -* `resourcemanager.projects.setIamPolicy` + +- `iam.serviceAccountKeys.create` +- `iam.serviceAccountKeys.delete` +- `iam.serviceAccountKeys.get` +- `iam.serviceAccounts.create` +- `iam.serviceAccounts.delete` +- `iam.serviceAccounts.get` +- `resourcemanager.projects.getIamPolicy` +- `resourcemanager.projects.setIamPolicy` Together, the built-in roles `roles/editor` and `roles/resourcemanager.projectIamAdmin` form a superset of these permissions. To [create a Constellation cluster](../workflows/create.md#the-create-step), you need the following permissions: -* `compute.addresses.createInternal` -* `compute.addresses.deleteInternal` -* `compute.addresses.get` -* `compute.addresses.useInternal` -* `compute.backendServices.create` -* `compute.backendServices.delete` -* `compute.backendServices.get` -* `compute.backendServices.use` -* `compute.disks.create` -* `compute.firewalls.create` -* `compute.firewalls.delete` -* `compute.firewalls.get` -* `compute.globalAddresses.create` -* `compute.globalAddresses.delete` -* `compute.globalAddresses.get` -* `compute.globalAddresses.use` -* `compute.globalForwardingRules.create` -* `compute.globalForwardingRules.delete` -* `compute.globalForwardingRules.get` -* `compute.globalForwardingRules.setLabels` -* `compute.globalOperations.get` -* `compute.healthChecks.create` -* `compute.healthChecks.delete` -* `compute.healthChecks.get` -* `compute.healthChecks.useReadOnly` -* `compute.instanceGroupManagers.create` -* `compute.instanceGroupManagers.delete` -* `compute.instanceGroupManagers.get` -* `compute.instanceGroups.create` -* `compute.instanceGroups.delete` -* `compute.instanceGroups.get` -* `compute.instanceGroups.use` -* `compute.instances.create` -* `compute.instances.setLabels` -* `compute.instances.setMetadata` -* `compute.instances.setTags` -* `compute.instanceTemplates.create` -* `compute.instanceTemplates.delete` -* `compute.instanceTemplates.get` -* `compute.instanceTemplates.useReadOnly` -* `compute.networks.create` -* `compute.networks.delete` -* `compute.networks.get` -* `compute.networks.updatePolicy` -* `compute.routers.create` -* `compute.routers.delete` -* `compute.routers.get` -* `compute.routers.update` -* `compute.subnetworks.create` -* `compute.subnetworks.delete` -* `compute.subnetworks.get` -* `compute.subnetworks.use` -* `compute.targetTcpProxies.create` -* `compute.targetTcpProxies.delete` -* `compute.targetTcpProxies.get` -* `compute.targetTcpProxies.use` -* `iam.serviceAccounts.actAs` + +- `compute.addresses.createInternal` +- `compute.addresses.deleteInternal` +- `compute.addresses.get` +- `compute.addresses.useInternal` +- `compute.backendServices.create` +- `compute.backendServices.delete` +- `compute.backendServices.get` +- `compute.backendServices.use` +- `compute.disks.create` +- `compute.firewalls.create` +- `compute.firewalls.delete` +- `compute.firewalls.get` +- `compute.globalAddresses.create` +- `compute.globalAddresses.delete` +- `compute.globalAddresses.get` +- `compute.globalAddresses.use` +- `compute.globalForwardingRules.create` +- `compute.globalForwardingRules.delete` +- `compute.globalForwardingRules.get` +- `compute.globalForwardingRules.setLabels` +- `compute.globalOperations.get` +- `compute.healthChecks.create` +- `compute.healthChecks.delete` +- `compute.healthChecks.get` +- `compute.healthChecks.useReadOnly` +- `compute.instanceGroupManagers.create` +- `compute.instanceGroupManagers.delete` +- `compute.instanceGroupManagers.get` +- `compute.instanceGroups.create` +- `compute.instanceGroups.delete` +- `compute.instanceGroups.get` +- `compute.instanceGroups.use` +- `compute.instances.create` +- `compute.instances.setLabels` +- `compute.instances.setMetadata` +- `compute.instances.setTags` +- `compute.instanceTemplates.create` +- `compute.instanceTemplates.delete` +- `compute.instanceTemplates.get` +- `compute.instanceTemplates.useReadOnly` +- `compute.networks.create` +- `compute.networks.delete` +- `compute.networks.get` +- `compute.networks.updatePolicy` +- `compute.routers.create` +- `compute.routers.delete` +- `compute.routers.get` +- `compute.routers.update` +- `compute.subnetworks.create` +- `compute.subnetworks.delete` +- `compute.subnetworks.get` +- `compute.subnetworks.use` +- `compute.targetTcpProxies.create` +- `compute.targetTcpProxies.delete` +- `compute.targetTcpProxies.get` +- `compute.targetTcpProxies.use` +- `iam.serviceAccounts.actAs` Together, the built-in roles `roles/editor`, `roles/compute.instanceAdmin` and `roles/resourcemanager.projectIamAdmin` form a superset of these permissions. Follow Google's guide on [understanding](https://cloud.google.com/iam/docs/understanding-roles) and [assigning roles](https://cloud.google.com/iam/docs/granting-changing-revoking-access). - - + + To set up a Constellation cluster, you need to perform two tasks that require permissions: create the infrastructure and create roles for cluster nodes. Both of these actions can be performed by different users, e.g., an administrator to create roles and a DevOps engineer to create the infrastructure. @@ -277,8 +282,8 @@ The built-in `PowerUserAccess` policy is a superset of these permissions. Follow Amazon's guide on [understanding](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) and [managing policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html). - - + + ### Authentication @@ -288,8 +293,8 @@ You need to authenticate with your CSP. The following lists the required steps f The steps for a *testing* environment are simpler. However, they may expose secrets to the CSP. If in doubt, follow the *production* steps. ::: - - + + **Testing** @@ -305,8 +310,8 @@ az login Other options are described in Azure's [authentication guide](https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli). - - + + **Testing** @@ -329,8 +334,8 @@ Use one of the following options on a trusted machine: Follow [Google's guide](https://cloud.google.com/docs/authentication/production#manually) for setting up your credentials. - - + + **Testing** @@ -346,9 +351,9 @@ aws configure Options and first steps are described in the [AWS CLI documentation](https://docs.aws.amazon.com/cli/index.html). - + - + ## Next steps diff --git a/docs/versioned_docs/version-2.10/workflows/config.md b/docs/versioned_docs/version-2.10/workflows/config.md index e076e2e34..4dab6bd50 100644 --- a/docs/versioned_docs/version-2.10/workflows/config.md +++ b/docs/versioned_docs/version-2.10/workflows/config.md @@ -14,49 +14,49 @@ Before you can create your cluster, you need to configure the identity and acces You can generate a configuration file for your CSP by using the following CLI command: - - + + ```bash constellation config generate azure ``` - - + + ```bash constellation config generate gcp ``` - - + + ```bash constellation config generate aws ``` - - + + This creates the file `constellation-conf.yaml` in the current directory. ## Choosing a VM type Constellation supports the following VM types: - - + + By default, Constellation uses `Standard_DC4as_v5` CVMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. For CVMs, any VM type with a minimum of 4 vCPUs from the [DCasv5 & DCadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/dcasv5-dcadsv5-series) or [ECasv5 & ECadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/ecasv5-ecadsv5-series) families is supported. You can also run `constellation config instance-types` to get the list of all supported options. - - + + By default, Constellation uses `n2d-standard-4` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. Supported are all machines with a minimum of 4 vCPUs from the [C2D](https://cloud.google.com/compute/docs/compute-optimized-machines#c2d_machine_types) or [N2D](https://cloud.google.com/compute/docs/general-purpose-machines#n2d_machines) family. You can run `constellation config instance-types` to get the list of all supported options. - - + + By default, Constellation uses `m6a.xlarge` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. @@ -75,8 +75,8 @@ AWS is currently investigating the issue. SNP-based attestation will be enabled as soon as a fix is verified. ::: - - + + Fill the desired VM type into the **instanceType** fields in the `constellation-conf.yml` file. @@ -133,8 +133,8 @@ See also Constellation's [Kubernetes support policy](../architecture/versions.md You can create an IAM configuration for your cluster automatically using the `constellation iam create` command. If you already have a Constellation configuration file, you can add the `--update-config` flag to the command. This writes the needed IAM fields into your configuration. Furthermore, the flag updates the zone/region of the configuration if it hasn't been set yet. - - + + You must be authenticated with the [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -154,8 +154,8 @@ Note that CVMs are currently only supported in a few regions, check [Azure's pro Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + + You must be authenticated with the [GCP CLI](https://cloud.google.com/sdk/gcloud) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -169,8 +169,8 @@ Note that only regions offering CVMs of the `C2D` or `N2D` series are supported. Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + + You must be authenticated with the [AWS CLI](https://aws.amazon.com/en/cli/) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -194,16 +194,16 @@ You can find a list of all [regions in AWS's documentation](https://docs.aws.ama Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + +
    Alternatively, you can manually create the IAM configuration on your CSP. The following describes the configuration fields and how you obtain the required information or create the required resources. - - + + * **subscription**: The UUID of your Azure subscription, e.g., `8b8bd01f-efd9-4113-9bd1-c82137c32da7`. @@ -232,9 +232,9 @@ The following describes the configuration fields and how you obtain the required The user-assigned identity is used by instances of the cluster to access other cloud resources. For more information about managed identities refer to [Azure's documentation](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities). - + - + * **project**: The ID of your GCP project, e.g., `constellation-129857`. @@ -258,9 +258,9 @@ The following describes the configuration fields and how you obtain the required Afterward, create and download a new JSON key for this service account. Place the downloaded file in your Constellation workspace, and set the config parameter to the filename, e.g., `constellation-129857-15343dba46cb.json`. - + - + * **region**: The name of your chosen AWS data center region, e.g., `us-east-2`. @@ -291,9 +291,9 @@ The following describes the configuration fields and how you obtain the required Alternatively, you can create the AWS profile with a tool of your choice. Use the JSON policy in [main.tf](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam/main.tf) in the resource `aws_iam_policy.worker_node_policy`. - + - +
    Now that you've configured your CSP, you can [create your cluster](./create.md). diff --git a/docs/versioned_docs/version-2.10/workflows/create.md b/docs/versioned_docs/version-2.10/workflows/create.md index 9ef9b4020..dd56bc8b7 100644 --- a/docs/versioned_docs/version-2.10/workflows/create.md +++ b/docs/versioned_docs/version-2.10/workflows/create.md @@ -26,8 +26,8 @@ Before you create the cluster, make sure to have a [valid configuration file](./ ### Create - - + + ```bash constellation create @@ -35,8 +35,8 @@ constellation create *create* stores your cluster's state in a [`constellation-terraform`](../architecture/orchestration.md#cluster-creation-process) directory in your workspace. - - + + Terraform allows for an easier GitOps integration as well as meeting regulatory requirements. Since the Constellation CLI also uses Terraform under the hood, you can reuse the same Terraform files. @@ -75,8 +75,8 @@ CONSTELL_CSP=$(cat constellation-conf.yaml | yq ".provider | keys | .[0]") jq --null-input --arg cloudprovider "$CONSTELL_CSP" --arg ip "$CONSTELL_IP" --arg initsecret "$CONSTELL_INIT_SECRET" '{"cloudprovider":$cloudprovider,"ip":$ip,"initsecret":$initsecret}' > constellation-id.json ``` - - + + ## The *init* step diff --git a/docs/versioned_docs/version-2.10/workflows/recovery.md b/docs/versioned_docs/version-2.10/workflows/recovery.md index c26fb32eb..35596b8c9 100644 --- a/docs/versioned_docs/version-2.10/workflows/recovery.md +++ b/docs/versioned_docs/version-2.10/workflows/recovery.md @@ -16,8 +16,8 @@ You can check the health status of the nodes via the cloud service provider (CSP Constellation provides logging information on the boot process and status via [cloud logging](troubleshooting.md#cloud-logging). In the following, you'll find detailed descriptions for identifying clusters stuck in recovery for each CSP. - - + + In the Azure portal, find the cluster's resource group. Inside the resource group, open the control plane *Virtual machine scale set* `constellation-scale-set-controlplanes-`. @@ -51,8 +51,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + First, check that the control plane *Instance Group* has enough members in a *Ready* state. In the GCP Console, go to **Instance Groups** and check the group for the cluster's control plane `-control-plane-`. @@ -87,8 +87,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + First, open the AWS console to view all Auto Scaling Groups (ASGs) in the region of your cluster. Select the ASG of the control plane `--control-plane` and check that enough members are in a *Running* state. @@ -118,8 +118,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + ## Recover a cluster diff --git a/docs/versioned_docs/version-2.10/workflows/scale.md b/docs/versioned_docs/version-2.10/workflows/scale.md index 06898ad0c..63b727c7d 100644 --- a/docs/versioned_docs/version-2.10/workflows/scale.md +++ b/docs/versioned_docs/version-2.10/workflows/scale.md @@ -51,30 +51,30 @@ kubectl -n kube-system get nodes Alternatively, you can manually scale your cluster up or down: - - + + 1. Find your Constellation resource group. 2. Select the `scale-set-workers`. 3. Go to **settings** and **scaling**. 4. Set the new **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **worker** instance group. 3. Set the new **number of instances** and **save**. - - + + 1. Go to Auto Scaling Groups and select the worker ASG to scale up. 2. Click **Edit** 3. Set the new (increased) **Desired capacity** and **Update**. - - + + ## Control-plane node scaling @@ -82,30 +82,30 @@ Control-plane nodes can **only be scaled manually and only scaled up**! To increase the number of control-plane nodes, follow these steps: - + - + 1. Find your Constellation resource group. 2. Select the `scale-set-controlplanes`. 3. Go to **settings** and **scaling**. 4. Set the new (increased) **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **control-plane** instance group. 3. Set the new (increased) **number of instances** and **save**. - - + + 1. Go to Auto Scaling Groups and select the control-plane ASG to scale up. 2. Click **Edit** 3. Set the new (increased) **Desired capacity** and **Update**. - - + + If you scale down the number of control-planes nodes, the removed nodes won't be able to exit the `etcd` cluster correctly. This will endanger the quorum that's required to run a stable Kubernetes control plane. diff --git a/docs/versioned_docs/version-2.10/workflows/storage.md b/docs/versioned_docs/version-2.10/workflows/storage.md index 9e3d96346..06fbc4de6 100644 --- a/docs/versioned_docs/version-2.10/workflows/storage.md +++ b/docs/versioned_docs/version-2.10/workflows/storage.md @@ -21,30 +21,30 @@ For more details see [encrypted persistent storage](../architecture/encrypted-st Constellation supports the following drivers, which offer node-level encryption and optional integrity protection. - - + + **Constellation CSI driver for Azure Disk**: Mount Azure [Disk Storage](https://azure.microsoft.com/en-us/services/storage/disks/#overview) into your Constellation cluster. See the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-azuredisk-csi-driver) for more information. Since Azure Disks are mounted as `ReadWriteOnce`, they're only available to a single pod. - - + + **Constellation CSI driver for GCP Persistent Disk**: Mount [Persistent Disk](https://cloud.google.com/persistent-disk) block storage into your Constellation cluster. Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-gcp-compute-persistent-disk-csi-driver) for more information. - - + + **Constellation CSI driver for AWS Elastic Block Store** Mount [Elastic Block Store](https://aws.amazon.com/ebs/) storage volumes into your Constellation cluster. Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-aws-ebs-csi-driver) for more information. - - + + Note that in case the options above aren't a suitable solution for you, Constellation is compatible with all other CSI-based storage options. For example, you can use [AWS EFS](https://docs.aws.amazon.com/en_en/eks/latest/userguide/efs-csi.html), [Azure Files](https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction), or [GCP Filestore](https://cloud.google.com/filestore) with Constellation out of the box. Constellation is just not providing transparent encryption on the node level for these storage types yet. @@ -53,8 +53,8 @@ Note that in case the options above aren't a suitable solution for you, Constell The Constellation CLI automatically installs Constellation's CSI driver for the selected CSP in your cluster. If you don't need a CSI driver or wish to deploy your own, you can disable the automatic installation by setting `deployCSIDriver` to `false` in your Constellation config file. - - + + Azure comes with two storage classes by default. @@ -82,8 +82,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + GCP comes with two storage classes by default. @@ -111,8 +111,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + AWS comes with two storage classes by default. @@ -140,8 +140,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + 1. Create a [persistent volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) diff --git a/docs/versioned_docs/version-2.10/workflows/terminate.md b/docs/versioned_docs/version-2.10/workflows/terminate.md index 6c1eebb14..f33489ca5 100644 --- a/docs/versioned_docs/version-2.10/workflows/terminate.md +++ b/docs/versioned_docs/version-2.10/workflows/terminate.md @@ -16,8 +16,8 @@ All ephemeral storage and state of your cluster will be lost. Make sure any data ::: - - + + Terminate the cluster by running: ```bash @@ -40,8 +40,8 @@ resources manually. Just run the `terminate` command again afterward to continue ::: - - + + Terminate the cluster by running: ```bash @@ -56,5 +56,5 @@ rm constellation-id.json constellation-admin.conf Only the `constellation-mastersecret.json` and the configuration file remain. - - + + diff --git a/docs/versioned_docs/version-2.10/workflows/troubleshooting.md b/docs/versioned_docs/version-2.10/workflows/troubleshooting.md index 781cae8c5..38c0d87e9 100644 --- a/docs/versioned_docs/version-2.10/workflows/troubleshooting.md +++ b/docs/versioned_docs/version-2.10/workflows/troubleshooting.md @@ -55,14 +55,12 @@ When in doubt, check if the encountered [issue is known](https://github.com/edge ::: - :::tip During an upgrade with modified attestation config, a backup of the current configuration is stored in the `join-config-backup` config map in the `kube-system` namespace. To restore the old attestation config after a failed upgrade, you can copy the attestation config from this resource, put it in your configuration file and retry the upgrade. ::: - You can use the `upgrade apply` command to change measurements of a running cluster: 1. Modify the `measurements` key in your local `constellation-conf.yaml` to the expected values. @@ -84,8 +82,8 @@ To provide information during early stages of a node's boot process, Constellati You can view this information in the following places: - - + + 1. In your Azure subscription find the Constellation resource group. 2. Inside the resource group find the Application Insights resource called `constellation-insights-*`. @@ -95,8 +93,8 @@ You can view this information in the following places: To **find the disk UUIDs** use the following query: `traces | where message contains "Disk UUID"` - - + + 1. Select the project that hosts Constellation. 2. Go to the `Compute Engine` service. @@ -111,16 +109,16 @@ Constellation uses the default bucket to store logs. Its [default retention peri ::: - - + + 1. Open [AWS CloudWatch](https://console.aws.amazon.com/cloudwatch/home) 2. Select [Log Groups](https://console.aws.amazon.com/cloudwatch/home#logsV2:log-groups) 3. Select the log group that matches the name of your cluster. 4. Select the log stream for control or worker type nodes. - - + + ### Node shell access diff --git a/docs/versioned_docs/version-2.11/architecture/attestation.md b/docs/versioned_docs/version-2.11/architecture/attestation.md index 07ac3aa72..592063193 100644 --- a/docs/versioned_docs/version-2.11/architecture/attestation.md +++ b/docs/versioned_docs/version-2.11/architecture/attestation.md @@ -121,8 +121,8 @@ Constellation allows to specify in the config which measurements should be enfor Enforcing non-reproducible measurements controlled by the cloud provider means that changes in these values require manual updates to the cluster's config. By default, Constellation only enforces measurements that are stable values produced by the infrastructure or by Constellation directly. - - + + Constellation uses the [vTPM](https://docs.microsoft.com/en-us/azure/virtual-machines/trusted-launch#vtpm) feature of Azure CVMs for runtime measurements. This vTPM adheres to the [TPM 2.0](https://trustedcomputinggroup.org/resource/tpm-library-specification/) specification. @@ -152,8 +152,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://cloud.google.com/compute/confidential-vm/docs/about-cvm) feature of CVMs on GCP for runtime measurements. Note that this vTPM doesn't run inside the hardware-protected CVM context, but is emulated by the hypervisor. @@ -185,8 +185,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) (NitroTPM) feature of the [AWS Nitro System](http://aws.amazon.com/ec2/nitro/) on AWS for runtime measurements. @@ -217,16 +217,16 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + ### CVM verification To verify the integrity of the received attestation statement, a chain of trust from the CVM technology to the interface providing the statement has to be established. For verification of the CVM technology, Constellation may expose additional options in its config file. - - + + On Azure, AMD SEV-SNP is used to provide runtime encryption to the VMs. An SEV-SNP attestation report is used to establish trust in the vTPM running inside the VM. @@ -248,18 +248,18 @@ You may customize certain parameters for verification of the attestation stateme More explicitly, it controls the verification of the `IDKeyDigest` value in the SEV-SNP attestation report. You can provide a list of accepted key digests and specify a policy on how this list is compared against the reported `IDKeyDigest`. - - + + There is no additional configuration available for GCP. - - + + There is no additional configuration available for AWS. - - + + ## Cluster attestation diff --git a/docs/versioned_docs/version-2.11/getting-started/first-steps-local.md b/docs/versioned_docs/version-2.11/getting-started/first-steps-local.md index de9c66e9b..a6e825906 100644 --- a/docs/versioned_docs/version-2.11/getting-started/first-steps-local.md +++ b/docs/versioned_docs/version-2.11/getting-started/first-steps-local.md @@ -45,8 +45,8 @@ sudo iptables -P FORWARD ACCEPT ## Create a cluster - - + + With the `constellation mini` command, you can deploy and test Constellation locally. This mode is called MiniConstellation. Conceptually, MiniConstellation is similar to [MicroK8s](https://microk8s.io/), [K3s](https://k3s.io/), and [minikube](https://minikube.sigs.k8s.io/docs/). @@ -74,8 +74,8 @@ constellation mini up This will configure your current directory as the [workspace](../architecture/orchestration.md#workspaces) for this cluster. All `constellation` commands concerning this cluster need to be issued from this directory. - - + + With the QEMU provider, you can create a local Constellation cluster as if it were in the cloud. The provider uses [QEMU](https://www.qemu.org/) to create multiple VMs for the cluster nodes, which interact with each other. @@ -151,8 +151,8 @@ attaching persistent storage, or autoscaling aren't available. export KUBECONFIG="$PWD/constellation-admin.conf" ``` - - + + ## Connect to the cluster @@ -205,8 +205,8 @@ worker-0 Ready 32s v1.24.6 ## Terminate your cluster - - + + Once you are done, you can clean up the created resources using the following command: @@ -217,8 +217,8 @@ constellation mini down This will destroy your cluster and clean up your workspace. The VM image and cluster configuration file (`constellation-conf.yaml`) will be kept and may be reused to create new clusters. - - + + Once you are done, you can clean up the created resources using the following command: @@ -246,8 +246,8 @@ Your Constellation cluster was terminated successfully. This will destroy your cluster and clean up your workspace. The VM image and cluster configuration file (`constellation-conf.yaml`) will be kept and may be reused to create new clusters. - - + + ## Troubleshooting diff --git a/docs/versioned_docs/version-2.11/getting-started/first-steps.md b/docs/versioned_docs/version-2.11/getting-started/first-steps.md index 07b7f8410..9811597e6 100644 --- a/docs/versioned_docs/version-2.11/getting-started/first-steps.md +++ b/docs/versioned_docs/version-2.11/getting-started/first-steps.md @@ -15,39 +15,39 @@ If you encounter any problem with the following steps, make sure to use the [lat 1. Create the [configuration file](../workflows/config.md) for your cloud provider. - + - + ```bash constellation config generate azure ``` - + - + ```bash constellation config generate gcp ``` - + - + ```bash constellation config generate aws ``` - + - + 2. Create your [IAM configuration](../workflows/config.md#creating-an-iam-configuration). - + - + ```bash constellation iam create azure --region=westus --resourceGroup=constellTest --servicePrincipal=spTest --update-config @@ -62,9 +62,9 @@ If you encounter any problem with the following steps, make sure to use the [lat * `westeurope` * `southeastasia` - + - + ```bash constellation iam create gcp --projectID=yourproject-12345 --zone=europe-west2-a --serviceAccountID=constell-test --update-config @@ -74,9 +74,9 @@ If you encounter any problem with the following steps, make sure to use the [lat Note that only regions offering CVMs of the `C2D` or `N2D` series are supported. You can find a [list of all regions in Google's documentation](https://cloud.google.com/compute/docs/regions-zones#available), which you can filter by machine type `C2D` or `N2D`. - + - + ```bash constellation iam create aws --zone=us-east-2a --prefix=constellTest --update-config @@ -103,8 +103,8 @@ If you encounter any problem with the following steps, make sure to use the [lat You can find a list of all [regions in AWS's documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions). - - + + :::tip To learn about all options you have for managing IAM resources and Constellation configuration, see the [Configuration workflow](../workflows/config.md). diff --git a/docs/versioned_docs/version-2.11/getting-started/install.md b/docs/versioned_docs/version-2.11/getting-started/install.md index 6a3acaea9..f134ca3c2 100644 --- a/docs/versioned_docs/version-2.11/getting-started/install.md +++ b/docs/versioned_docs/version-2.11/getting-started/install.md @@ -18,8 +18,8 @@ Make sure the following requirements are met: The CLI executable is available at [GitHub](https://github.com/edgelesssys/constellation/releases). Install it with the following commands: - - + + 1. Download the CLI: @@ -35,8 +35,8 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-amd64 /usr/local/bin/constellation ``` - - + + 1. Download the CLI: @@ -52,9 +52,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-arm64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -70,9 +70,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-arm64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -88,8 +88,8 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-amd64 /usr/local/bin/constellation ``` - - + + :::tip The CLI supports autocompletion for various shells. To set it up, run `constellation completion` and follow the given steps. @@ -105,39 +105,42 @@ If you don't have a cloud subscription, you can also set up a [local Constellati ### Required permissions - - + + The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription: -* `Microsoft.Attestation` \[2] -* `Microsoft.Compute` -* `Microsoft.Insights` -* `Microsoft.ManagedIdentity` -* `Microsoft.Network` + +- `Microsoft.Attestation` \[2] +- `Microsoft.Compute` +- `Microsoft.Insights` +- `Microsoft.ManagedIdentity` +- `Microsoft.Network` By default, Constellation tries to register these automatically if they haven't been registered before. To [create the IAM configuration](../workflows/config.md#creating-an-iam-configuration) for Constellation, you need the following permissions: -* `*/register/action` \[1] -* `Microsoft.Authorization/roleAssignments/*` -* `Microsoft.Authorization/roleDefinitions/*` -* `Microsoft.ManagedIdentity/userAssignedIdentities/*` -* `Microsoft.Resources/subscriptions/resourcegroups/*` + +- `*/register/action` \[1] +- `Microsoft.Authorization/roleAssignments/*` +- `Microsoft.Authorization/roleDefinitions/*` +- `Microsoft.ManagedIdentity/userAssignedIdentities/*` +- `Microsoft.Resources/subscriptions/resourcegroups/*` The built-in `Owner` role is a superset of these permissions. To [create a Constellation cluster](../workflows/create.md#the-create-step), you need the following permissions: -* `Microsoft.Attestation/attestationProviders/*` -* `Microsoft.Compute/virtualMachineScaleSets/*` -* `Microsoft.Insights/components/*` -* `Microsoft.ManagedIdentity/userAssignedIdentities/*` -* `Microsoft.Network/loadBalancers/*` -* `Microsoft.Network/loadBalancers/backendAddressPools/*` -* `Microsoft.Network/networkSecurityGroups/*` -* `Microsoft.Network/publicIPAddresses/*` -* `Microsoft.Network/virtualNetworks/*` -* `Microsoft.Network/virtualNetworks/subnets/*` -* `Microsoft.Network/natGateways/*` + +- `Microsoft.Attestation/attestationProviders/*` +- `Microsoft.Compute/virtualMachineScaleSets/*` +- `Microsoft.Insights/components/*` +- `Microsoft.ManagedIdentity/userAssignedIdentities/*` +- `Microsoft.Network/loadBalancers/*` +- `Microsoft.Network/loadBalancers/backendAddressPools/*` +- `Microsoft.Network/networkSecurityGroups/*` +- `Microsoft.Network/publicIPAddresses/*` +- `Microsoft.Network/virtualNetworks/*` +- `Microsoft.Network/virtualNetworks/subnets/*` +- `Microsoft.Network/natGateways/*` The built-in `Contributor` role is a superset of these permissions. @@ -145,89 +148,91 @@ Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/az 1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration. - - + + Create a new project for Constellation or use an existing one. Enable the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com) on it. To [create the IAM configuration](../workflows/config.md#creating-an-iam-configuration) for Constellation, you need the following permissions: -* `iam.serviceAccountKeys.create` -* `iam.serviceAccountKeys.delete` -* `iam.serviceAccountKeys.get` -* `iam.serviceAccounts.create` -* `iam.serviceAccounts.delete` -* `iam.serviceAccounts.get` -* `resourcemanager.projects.getIamPolicy` -* `resourcemanager.projects.setIamPolicy` + +- `iam.serviceAccountKeys.create` +- `iam.serviceAccountKeys.delete` +- `iam.serviceAccountKeys.get` +- `iam.serviceAccounts.create` +- `iam.serviceAccounts.delete` +- `iam.serviceAccounts.get` +- `resourcemanager.projects.getIamPolicy` +- `resourcemanager.projects.setIamPolicy` Together, the built-in roles `roles/editor` and `roles/resourcemanager.projectIamAdmin` form a superset of these permissions. To [create a Constellation cluster](../workflows/create.md#the-create-step), you need the following permissions: -* `compute.addresses.createInternal` -* `compute.addresses.deleteInternal` -* `compute.addresses.get` -* `compute.addresses.useInternal` -* `compute.backendServices.create` -* `compute.backendServices.delete` -* `compute.backendServices.get` -* `compute.backendServices.use` -* `compute.disks.create` -* `compute.firewalls.create` -* `compute.firewalls.delete` -* `compute.firewalls.get` -* `compute.globalAddresses.create` -* `compute.globalAddresses.delete` -* `compute.globalAddresses.get` -* `compute.globalAddresses.use` -* `compute.globalForwardingRules.create` -* `compute.globalForwardingRules.delete` -* `compute.globalForwardingRules.get` -* `compute.globalForwardingRules.setLabels` -* `compute.globalOperations.get` -* `compute.healthChecks.create` -* `compute.healthChecks.delete` -* `compute.healthChecks.get` -* `compute.healthChecks.useReadOnly` -* `compute.instanceGroupManagers.create` -* `compute.instanceGroupManagers.delete` -* `compute.instanceGroupManagers.get` -* `compute.instanceGroups.create` -* `compute.instanceGroups.delete` -* `compute.instanceGroups.get` -* `compute.instanceGroups.use` -* `compute.instances.create` -* `compute.instances.setLabels` -* `compute.instances.setMetadata` -* `compute.instances.setTags` -* `compute.instanceTemplates.create` -* `compute.instanceTemplates.delete` -* `compute.instanceTemplates.get` -* `compute.instanceTemplates.useReadOnly` -* `compute.networks.create` -* `compute.networks.delete` -* `compute.networks.get` -* `compute.networks.updatePolicy` -* `compute.routers.create` -* `compute.routers.delete` -* `compute.routers.get` -* `compute.routers.update` -* `compute.subnetworks.create` -* `compute.subnetworks.delete` -* `compute.subnetworks.get` -* `compute.subnetworks.use` -* `compute.targetTcpProxies.create` -* `compute.targetTcpProxies.delete` -* `compute.targetTcpProxies.get` -* `compute.targetTcpProxies.use` -* `iam.serviceAccounts.actAs` + +- `compute.addresses.createInternal` +- `compute.addresses.deleteInternal` +- `compute.addresses.get` +- `compute.addresses.useInternal` +- `compute.backendServices.create` +- `compute.backendServices.delete` +- `compute.backendServices.get` +- `compute.backendServices.use` +- `compute.disks.create` +- `compute.firewalls.create` +- `compute.firewalls.delete` +- `compute.firewalls.get` +- `compute.globalAddresses.create` +- `compute.globalAddresses.delete` +- `compute.globalAddresses.get` +- `compute.globalAddresses.use` +- `compute.globalForwardingRules.create` +- `compute.globalForwardingRules.delete` +- `compute.globalForwardingRules.get` +- `compute.globalForwardingRules.setLabels` +- `compute.globalOperations.get` +- `compute.healthChecks.create` +- `compute.healthChecks.delete` +- `compute.healthChecks.get` +- `compute.healthChecks.useReadOnly` +- `compute.instanceGroupManagers.create` +- `compute.instanceGroupManagers.delete` +- `compute.instanceGroupManagers.get` +- `compute.instanceGroups.create` +- `compute.instanceGroups.delete` +- `compute.instanceGroups.get` +- `compute.instanceGroups.use` +- `compute.instances.create` +- `compute.instances.setLabels` +- `compute.instances.setMetadata` +- `compute.instances.setTags` +- `compute.instanceTemplates.create` +- `compute.instanceTemplates.delete` +- `compute.instanceTemplates.get` +- `compute.instanceTemplates.useReadOnly` +- `compute.networks.create` +- `compute.networks.delete` +- `compute.networks.get` +- `compute.networks.updatePolicy` +- `compute.routers.create` +- `compute.routers.delete` +- `compute.routers.get` +- `compute.routers.update` +- `compute.subnetworks.create` +- `compute.subnetworks.delete` +- `compute.subnetworks.get` +- `compute.subnetworks.use` +- `compute.targetTcpProxies.create` +- `compute.targetTcpProxies.delete` +- `compute.targetTcpProxies.get` +- `compute.targetTcpProxies.use` +- `iam.serviceAccounts.actAs` Together, the built-in roles `roles/editor`, `roles/compute.instanceAdmin` and `roles/resourcemanager.projectIamAdmin` form a superset of these permissions. Follow Google's guide on [understanding](https://cloud.google.com/iam/docs/understanding-roles) and [assigning roles](https://cloud.google.com/iam/docs/granting-changing-revoking-access). - - + + To set up a Constellation cluster, you need to perform two tasks that require permissions: create the infrastructure and create roles for cluster nodes. Both of these actions can be performed by different users, e.g., an administrator to create roles and a DevOps engineer to create the infrastructure. @@ -277,8 +282,8 @@ The built-in `PowerUserAccess` policy is a superset of these permissions. Follow Amazon's guide on [understanding](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) and [managing policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html). - - + + ### Authentication @@ -288,8 +293,8 @@ You need to authenticate with your CSP. The following lists the required steps f The steps for a *testing* environment are simpler. However, they may expose secrets to the CSP. If in doubt, follow the *production* steps. ::: - - + + **Testing** @@ -305,8 +310,8 @@ az login Other options are described in Azure's [authentication guide](https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli). - - + + **Testing** @@ -329,8 +334,8 @@ Use one of the following options on a trusted machine: Follow [Google's guide](https://cloud.google.com/docs/authentication/production#manually) for setting up your credentials. - - + + **Testing** @@ -346,9 +351,9 @@ aws configure Options and first steps are described in the [AWS CLI documentation](https://docs.aws.amazon.com/cli/index.html). - + - + ## Next steps diff --git a/docs/versioned_docs/version-2.11/workflows/config.md b/docs/versioned_docs/version-2.11/workflows/config.md index e076e2e34..4dab6bd50 100644 --- a/docs/versioned_docs/version-2.11/workflows/config.md +++ b/docs/versioned_docs/version-2.11/workflows/config.md @@ -14,49 +14,49 @@ Before you can create your cluster, you need to configure the identity and acces You can generate a configuration file for your CSP by using the following CLI command: - - + + ```bash constellation config generate azure ``` - - + + ```bash constellation config generate gcp ``` - - + + ```bash constellation config generate aws ``` - - + + This creates the file `constellation-conf.yaml` in the current directory. ## Choosing a VM type Constellation supports the following VM types: - - + + By default, Constellation uses `Standard_DC4as_v5` CVMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. For CVMs, any VM type with a minimum of 4 vCPUs from the [DCasv5 & DCadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/dcasv5-dcadsv5-series) or [ECasv5 & ECadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/ecasv5-ecadsv5-series) families is supported. You can also run `constellation config instance-types` to get the list of all supported options. - - + + By default, Constellation uses `n2d-standard-4` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. Supported are all machines with a minimum of 4 vCPUs from the [C2D](https://cloud.google.com/compute/docs/compute-optimized-machines#c2d_machine_types) or [N2D](https://cloud.google.com/compute/docs/general-purpose-machines#n2d_machines) family. You can run `constellation config instance-types` to get the list of all supported options. - - + + By default, Constellation uses `m6a.xlarge` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. @@ -75,8 +75,8 @@ AWS is currently investigating the issue. SNP-based attestation will be enabled as soon as a fix is verified. ::: - - + + Fill the desired VM type into the **instanceType** fields in the `constellation-conf.yml` file. @@ -133,8 +133,8 @@ See also Constellation's [Kubernetes support policy](../architecture/versions.md You can create an IAM configuration for your cluster automatically using the `constellation iam create` command. If you already have a Constellation configuration file, you can add the `--update-config` flag to the command. This writes the needed IAM fields into your configuration. Furthermore, the flag updates the zone/region of the configuration if it hasn't been set yet. - - + + You must be authenticated with the [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -154,8 +154,8 @@ Note that CVMs are currently only supported in a few regions, check [Azure's pro Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + + You must be authenticated with the [GCP CLI](https://cloud.google.com/sdk/gcloud) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -169,8 +169,8 @@ Note that only regions offering CVMs of the `C2D` or `N2D` series are supported. Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + + You must be authenticated with the [AWS CLI](https://aws.amazon.com/en/cli/) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -194,16 +194,16 @@ You can find a list of all [regions in AWS's documentation](https://docs.aws.ama Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + +
    Alternatively, you can manually create the IAM configuration on your CSP. The following describes the configuration fields and how you obtain the required information or create the required resources. - - + + * **subscription**: The UUID of your Azure subscription, e.g., `8b8bd01f-efd9-4113-9bd1-c82137c32da7`. @@ -232,9 +232,9 @@ The following describes the configuration fields and how you obtain the required The user-assigned identity is used by instances of the cluster to access other cloud resources. For more information about managed identities refer to [Azure's documentation](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities). - + - + * **project**: The ID of your GCP project, e.g., `constellation-129857`. @@ -258,9 +258,9 @@ The following describes the configuration fields and how you obtain the required Afterward, create and download a new JSON key for this service account. Place the downloaded file in your Constellation workspace, and set the config parameter to the filename, e.g., `constellation-129857-15343dba46cb.json`. - + - + * **region**: The name of your chosen AWS data center region, e.g., `us-east-2`. @@ -291,9 +291,9 @@ The following describes the configuration fields and how you obtain the required Alternatively, you can create the AWS profile with a tool of your choice. Use the JSON policy in [main.tf](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam/main.tf) in the resource `aws_iam_policy.worker_node_policy`. - + - +
    Now that you've configured your CSP, you can [create your cluster](./create.md). diff --git a/docs/versioned_docs/version-2.11/workflows/create.md b/docs/versioned_docs/version-2.11/workflows/create.md index aa421d88a..8dd4946de 100644 --- a/docs/versioned_docs/version-2.11/workflows/create.md +++ b/docs/versioned_docs/version-2.11/workflows/create.md @@ -26,8 +26,8 @@ Before you create the cluster, make sure to have a [valid configuration file](./ ### Create - - + + ```bash constellation create @@ -35,8 +35,8 @@ constellation create *create* stores your cluster's state in a [`constellation-terraform`](../architecture/orchestration.md#cluster-creation-process) directory in your workspace. - - + + Terraform allows for an easier GitOps integration as well as meeting regulatory requirements. Since the Constellation CLI also uses Terraform under the hood, you can reuse the same Terraform files. @@ -75,8 +75,8 @@ CONSTELL_CSP=$(cat constellation-conf.yaml | yq ".provider | keys | .[0]") jq --null-input --arg cloudprovider "$CONSTELL_CSP" --arg ip "$CONSTELL_IP" --arg initsecret "$CONSTELL_INIT_SECRET" '{"cloudprovider":$cloudprovider,"ip":$ip,"initsecret":$initsecret}' > constellation-id.json ``` - - + + ## The *init* step diff --git a/docs/versioned_docs/version-2.11/workflows/recovery.md b/docs/versioned_docs/version-2.11/workflows/recovery.md index c26fb32eb..35596b8c9 100644 --- a/docs/versioned_docs/version-2.11/workflows/recovery.md +++ b/docs/versioned_docs/version-2.11/workflows/recovery.md @@ -16,8 +16,8 @@ You can check the health status of the nodes via the cloud service provider (CSP Constellation provides logging information on the boot process and status via [cloud logging](troubleshooting.md#cloud-logging). In the following, you'll find detailed descriptions for identifying clusters stuck in recovery for each CSP. - - + + In the Azure portal, find the cluster's resource group. Inside the resource group, open the control plane *Virtual machine scale set* `constellation-scale-set-controlplanes-`. @@ -51,8 +51,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + First, check that the control plane *Instance Group* has enough members in a *Ready* state. In the GCP Console, go to **Instance Groups** and check the group for the cluster's control plane `-control-plane-`. @@ -87,8 +87,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + First, open the AWS console to view all Auto Scaling Groups (ASGs) in the region of your cluster. Select the ASG of the control plane `--control-plane` and check that enough members are in a *Running* state. @@ -118,8 +118,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + ## Recover a cluster diff --git a/docs/versioned_docs/version-2.11/workflows/scale.md b/docs/versioned_docs/version-2.11/workflows/scale.md index 06898ad0c..63b727c7d 100644 --- a/docs/versioned_docs/version-2.11/workflows/scale.md +++ b/docs/versioned_docs/version-2.11/workflows/scale.md @@ -51,30 +51,30 @@ kubectl -n kube-system get nodes Alternatively, you can manually scale your cluster up or down: - - + + 1. Find your Constellation resource group. 2. Select the `scale-set-workers`. 3. Go to **settings** and **scaling**. 4. Set the new **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **worker** instance group. 3. Set the new **number of instances** and **save**. - - + + 1. Go to Auto Scaling Groups and select the worker ASG to scale up. 2. Click **Edit** 3. Set the new (increased) **Desired capacity** and **Update**. - - + + ## Control-plane node scaling @@ -82,30 +82,30 @@ Control-plane nodes can **only be scaled manually and only scaled up**! To increase the number of control-plane nodes, follow these steps: - + - + 1. Find your Constellation resource group. 2. Select the `scale-set-controlplanes`. 3. Go to **settings** and **scaling**. 4. Set the new (increased) **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **control-plane** instance group. 3. Set the new (increased) **number of instances** and **save**. - - + + 1. Go to Auto Scaling Groups and select the control-plane ASG to scale up. 2. Click **Edit** 3. Set the new (increased) **Desired capacity** and **Update**. - - + + If you scale down the number of control-planes nodes, the removed nodes won't be able to exit the `etcd` cluster correctly. This will endanger the quorum that's required to run a stable Kubernetes control plane. diff --git a/docs/versioned_docs/version-2.11/workflows/storage.md b/docs/versioned_docs/version-2.11/workflows/storage.md index 9e3d96346..06fbc4de6 100644 --- a/docs/versioned_docs/version-2.11/workflows/storage.md +++ b/docs/versioned_docs/version-2.11/workflows/storage.md @@ -21,30 +21,30 @@ For more details see [encrypted persistent storage](../architecture/encrypted-st Constellation supports the following drivers, which offer node-level encryption and optional integrity protection. - - + + **Constellation CSI driver for Azure Disk**: Mount Azure [Disk Storage](https://azure.microsoft.com/en-us/services/storage/disks/#overview) into your Constellation cluster. See the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-azuredisk-csi-driver) for more information. Since Azure Disks are mounted as `ReadWriteOnce`, they're only available to a single pod. - - + + **Constellation CSI driver for GCP Persistent Disk**: Mount [Persistent Disk](https://cloud.google.com/persistent-disk) block storage into your Constellation cluster. Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-gcp-compute-persistent-disk-csi-driver) for more information. - - + + **Constellation CSI driver for AWS Elastic Block Store** Mount [Elastic Block Store](https://aws.amazon.com/ebs/) storage volumes into your Constellation cluster. Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-aws-ebs-csi-driver) for more information. - - + + Note that in case the options above aren't a suitable solution for you, Constellation is compatible with all other CSI-based storage options. For example, you can use [AWS EFS](https://docs.aws.amazon.com/en_en/eks/latest/userguide/efs-csi.html), [Azure Files](https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction), or [GCP Filestore](https://cloud.google.com/filestore) with Constellation out of the box. Constellation is just not providing transparent encryption on the node level for these storage types yet. @@ -53,8 +53,8 @@ Note that in case the options above aren't a suitable solution for you, Constell The Constellation CLI automatically installs Constellation's CSI driver for the selected CSP in your cluster. If you don't need a CSI driver or wish to deploy your own, you can disable the automatic installation by setting `deployCSIDriver` to `false` in your Constellation config file. - - + + Azure comes with two storage classes by default. @@ -82,8 +82,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + GCP comes with two storage classes by default. @@ -111,8 +111,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + AWS comes with two storage classes by default. @@ -140,8 +140,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + 1. Create a [persistent volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) diff --git a/docs/versioned_docs/version-2.11/workflows/terminate.md b/docs/versioned_docs/version-2.11/workflows/terminate.md index 6c1eebb14..f33489ca5 100644 --- a/docs/versioned_docs/version-2.11/workflows/terminate.md +++ b/docs/versioned_docs/version-2.11/workflows/terminate.md @@ -16,8 +16,8 @@ All ephemeral storage and state of your cluster will be lost. Make sure any data ::: - - + + Terminate the cluster by running: ```bash @@ -40,8 +40,8 @@ resources manually. Just run the `terminate` command again afterward to continue ::: - - + + Terminate the cluster by running: ```bash @@ -56,5 +56,5 @@ rm constellation-id.json constellation-admin.conf Only the `constellation-mastersecret.json` and the configuration file remain. - - + + diff --git a/docs/versioned_docs/version-2.11/workflows/troubleshooting.md b/docs/versioned_docs/version-2.11/workflows/troubleshooting.md index a3e25a0fe..c40e6496e 100644 --- a/docs/versioned_docs/version-2.11/workflows/troubleshooting.md +++ b/docs/versioned_docs/version-2.11/workflows/troubleshooting.md @@ -101,8 +101,8 @@ To provide information during early stages of a node's boot process, Constellati You can view this information in the following places: - - + + 1. In your Azure subscription find the Constellation resource group. 2. Inside the resource group find the Application Insights resource called `constellation-insights-*`. @@ -112,8 +112,8 @@ You can view this information in the following places: To **find the disk UUIDs** use the following query: `traces | where message contains "Disk UUID"` - - + + 1. Select the project that hosts Constellation. 2. Go to the `Compute Engine` service. @@ -128,16 +128,16 @@ Constellation uses the default bucket to store logs. Its [default retention peri ::: - - + + 1. Open [AWS CloudWatch](https://console.aws.amazon.com/cloudwatch/home) 2. Select [Log Groups](https://console.aws.amazon.com/cloudwatch/home#logsV2:log-groups) 3. Select the log group that matches the name of your cluster. 4. Select the log stream for control or worker type nodes. - - + + ### Node shell access diff --git a/docs/versioned_docs/version-2.12/architecture/attestation.md b/docs/versioned_docs/version-2.12/architecture/attestation.md index e37533995..f9c9ac38e 100644 --- a/docs/versioned_docs/version-2.12/architecture/attestation.md +++ b/docs/versioned_docs/version-2.12/architecture/attestation.md @@ -121,8 +121,8 @@ Constellation allows to specify in the config which measurements should be enfor Enforcing non-reproducible measurements controlled by the cloud provider means that changes in these values require manual updates to the cluster's config. By default, Constellation only enforces measurements that are stable values produced by the infrastructure or by Constellation directly. - - + + Constellation uses the [vTPM](https://docs.microsoft.com/en-us/azure/virtual-machines/trusted-launch#vtpm) feature of Azure CVMs for runtime measurements. This vTPM adheres to the [TPM 2.0](https://trustedcomputinggroup.org/resource/tpm-library-specification/) specification. @@ -152,8 +152,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://cloud.google.com/compute/confidential-vm/docs/about-cvm) feature of CVMs on GCP for runtime measurements. Note that this vTPM doesn't run inside the hardware-protected CVM context, but is emulated by the hypervisor. @@ -185,8 +185,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) (NitroTPM) feature of the [AWS Nitro System](http://aws.amazon.com/ec2/nitro/) on AWS for runtime measurements. @@ -217,16 +217,16 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + ### CVM verification To verify the integrity of the received attestation statement, a chain of trust from the CVM technology to the interface providing the statement has to be established. For verification of the CVM technology, Constellation may expose additional options in its config file. - - + + On Azure, AMD SEV-SNP is used to provide runtime encryption to the VMs. An SEV-SNP attestation report is used to establish trust in the vTPM running inside the VM. @@ -248,18 +248,18 @@ You may customize certain parameters for verification of the attestation stateme More explicitly, it controls the verification of the `IDKeyDigest` value in the SEV-SNP attestation report. You can provide a list of accepted key digests and specify a policy on how this list is compared against the reported `IDKeyDigest`. - - + + There is no additional configuration available for GCP. - - + + There is no additional configuration available for AWS. - - + + ## Cluster attestation diff --git a/docs/versioned_docs/version-2.12/getting-started/first-steps-local.md b/docs/versioned_docs/version-2.12/getting-started/first-steps-local.md index de9c66e9b..a6e825906 100644 --- a/docs/versioned_docs/version-2.12/getting-started/first-steps-local.md +++ b/docs/versioned_docs/version-2.12/getting-started/first-steps-local.md @@ -45,8 +45,8 @@ sudo iptables -P FORWARD ACCEPT ## Create a cluster - - + + With the `constellation mini` command, you can deploy and test Constellation locally. This mode is called MiniConstellation. Conceptually, MiniConstellation is similar to [MicroK8s](https://microk8s.io/), [K3s](https://k3s.io/), and [minikube](https://minikube.sigs.k8s.io/docs/). @@ -74,8 +74,8 @@ constellation mini up This will configure your current directory as the [workspace](../architecture/orchestration.md#workspaces) for this cluster. All `constellation` commands concerning this cluster need to be issued from this directory. - - + + With the QEMU provider, you can create a local Constellation cluster as if it were in the cloud. The provider uses [QEMU](https://www.qemu.org/) to create multiple VMs for the cluster nodes, which interact with each other. @@ -151,8 +151,8 @@ attaching persistent storage, or autoscaling aren't available. export KUBECONFIG="$PWD/constellation-admin.conf" ``` - - + + ## Connect to the cluster @@ -205,8 +205,8 @@ worker-0 Ready 32s v1.24.6 ## Terminate your cluster - - + + Once you are done, you can clean up the created resources using the following command: @@ -217,8 +217,8 @@ constellation mini down This will destroy your cluster and clean up your workspace. The VM image and cluster configuration file (`constellation-conf.yaml`) will be kept and may be reused to create new clusters. - - + + Once you are done, you can clean up the created resources using the following command: @@ -246,8 +246,8 @@ Your Constellation cluster was terminated successfully. This will destroy your cluster and clean up your workspace. The VM image and cluster configuration file (`constellation-conf.yaml`) will be kept and may be reused to create new clusters. - - + + ## Troubleshooting diff --git a/docs/versioned_docs/version-2.12/getting-started/first-steps.md b/docs/versioned_docs/version-2.12/getting-started/first-steps.md index 07b7f8410..9811597e6 100644 --- a/docs/versioned_docs/version-2.12/getting-started/first-steps.md +++ b/docs/versioned_docs/version-2.12/getting-started/first-steps.md @@ -15,39 +15,39 @@ If you encounter any problem with the following steps, make sure to use the [lat 1. Create the [configuration file](../workflows/config.md) for your cloud provider. - + - + ```bash constellation config generate azure ``` - + - + ```bash constellation config generate gcp ``` - + - + ```bash constellation config generate aws ``` - + - + 2. Create your [IAM configuration](../workflows/config.md#creating-an-iam-configuration). - + - + ```bash constellation iam create azure --region=westus --resourceGroup=constellTest --servicePrincipal=spTest --update-config @@ -62,9 +62,9 @@ If you encounter any problem with the following steps, make sure to use the [lat * `westeurope` * `southeastasia` - + - + ```bash constellation iam create gcp --projectID=yourproject-12345 --zone=europe-west2-a --serviceAccountID=constell-test --update-config @@ -74,9 +74,9 @@ If you encounter any problem with the following steps, make sure to use the [lat Note that only regions offering CVMs of the `C2D` or `N2D` series are supported. You can find a [list of all regions in Google's documentation](https://cloud.google.com/compute/docs/regions-zones#available), which you can filter by machine type `C2D` or `N2D`. - + - + ```bash constellation iam create aws --zone=us-east-2a --prefix=constellTest --update-config @@ -103,8 +103,8 @@ If you encounter any problem with the following steps, make sure to use the [lat You can find a list of all [regions in AWS's documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions). - - + + :::tip To learn about all options you have for managing IAM resources and Constellation configuration, see the [Configuration workflow](../workflows/config.md). diff --git a/docs/versioned_docs/version-2.12/getting-started/install.md b/docs/versioned_docs/version-2.12/getting-started/install.md index 035f679b2..2fabcf0b1 100644 --- a/docs/versioned_docs/version-2.12/getting-started/install.md +++ b/docs/versioned_docs/version-2.12/getting-started/install.md @@ -18,8 +18,8 @@ Make sure the following requirements are met: The CLI executable is available at [GitHub](https://github.com/edgelesssys/constellation/releases). Install it with the following commands: - - + + 1. Download the CLI: @@ -35,8 +35,8 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-amd64 /usr/local/bin/constellation ``` - - + + 1. Download the CLI: @@ -52,9 +52,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-arm64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -70,9 +70,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-arm64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -88,8 +88,8 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-amd64 /usr/local/bin/constellation ``` - - + + :::tip The CLI supports autocompletion for various shells. To set it up, run `constellation completion` and follow the given steps. @@ -105,39 +105,42 @@ If you don't have a cloud subscription, you can also set up a [local Constellati ### Required permissions - - + + The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription: -* `Microsoft.Attestation` -* `Microsoft.Compute` -* `Microsoft.Insights` -* `Microsoft.ManagedIdentity` -* `Microsoft.Network` + +- `Microsoft.Attestation` +- `Microsoft.Compute` +- `Microsoft.Insights` +- `Microsoft.ManagedIdentity` +- `Microsoft.Network` By default, Constellation tries to register these automatically if they haven't been registered before. To [create the IAM configuration](../workflows/config.md#creating-an-iam-configuration) for Constellation, you need the following permissions: -* `*/register/action` \[1] -* `Microsoft.Authorization/roleAssignments/*` -* `Microsoft.Authorization/roleDefinitions/*` -* `Microsoft.ManagedIdentity/userAssignedIdentities/*` -* `Microsoft.Resources/subscriptions/resourcegroups/*` + +- `*/register/action` \[1] +- `Microsoft.Authorization/roleAssignments/*` +- `Microsoft.Authorization/roleDefinitions/*` +- `Microsoft.ManagedIdentity/userAssignedIdentities/*` +- `Microsoft.Resources/subscriptions/resourcegroups/*` The built-in `Owner` role is a superset of these permissions. To [create a Constellation cluster](../workflows/create.md#the-create-step), you need the following permissions: -* `Microsoft.Attestation/attestationProviders/*` -* `Microsoft.Compute/virtualMachineScaleSets/*` -* `Microsoft.Insights/components/*` -* `Microsoft.ManagedIdentity/userAssignedIdentities/*` -* `Microsoft.Network/loadBalancers/*` -* `Microsoft.Network/loadBalancers/backendAddressPools/*` -* `Microsoft.Network/networkSecurityGroups/*` -* `Microsoft.Network/publicIPAddresses/*` -* `Microsoft.Network/virtualNetworks/*` -* `Microsoft.Network/virtualNetworks/subnets/*` -* `Microsoft.Network/natGateways/*` + +- `Microsoft.Attestation/attestationProviders/*` +- `Microsoft.Compute/virtualMachineScaleSets/*` +- `Microsoft.Insights/components/*` +- `Microsoft.ManagedIdentity/userAssignedIdentities/*` +- `Microsoft.Network/loadBalancers/*` +- `Microsoft.Network/loadBalancers/backendAddressPools/*` +- `Microsoft.Network/networkSecurityGroups/*` +- `Microsoft.Network/publicIPAddresses/*` +- `Microsoft.Network/virtualNetworks/*` +- `Microsoft.Network/virtualNetworks/subnets/*` +- `Microsoft.Network/natGateways/*` The built-in `Contributor` role is a superset of these permissions. @@ -145,92 +148,94 @@ Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/az 1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration. - - + + Create a new project for Constellation or use an existing one. Enable the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com) on it. To [create the IAM configuration](../workflows/config.md#creating-an-iam-configuration) for Constellation, you need the following permissions: -* `iam.serviceAccountKeys.create` -* `iam.serviceAccountKeys.delete` -* `iam.serviceAccountKeys.get` -* `iam.serviceAccounts.create` -* `iam.serviceAccounts.delete` -* `iam.serviceAccounts.get` -* `resourcemanager.projects.getIamPolicy` -* `resourcemanager.projects.setIamPolicy` + +- `iam.serviceAccountKeys.create` +- `iam.serviceAccountKeys.delete` +- `iam.serviceAccountKeys.get` +- `iam.serviceAccounts.create` +- `iam.serviceAccounts.delete` +- `iam.serviceAccounts.get` +- `resourcemanager.projects.getIamPolicy` +- `resourcemanager.projects.setIamPolicy` Together, the built-in roles `roles/editor` and `roles/resourcemanager.projectIamAdmin` form a superset of these permissions. To [create a Constellation cluster](../workflows/create.md#the-create-step), you need the following permissions: -* `compute.addresses.createInternal` -* `compute.addresses.deleteInternal` -* `compute.addresses.get` -* `compute.addresses.useInternal` -* `compute.backendServices.create` -* `compute.backendServices.delete` -* `compute.backendServices.get` -* `compute.backendServices.use` -* `compute.disks.create` -* `compute.firewalls.create` -* `compute.firewalls.delete` -* `compute.firewalls.get` -* `compute.firewalls.update` -* `compute.globalAddresses.create` -* `compute.globalAddresses.delete` -* `compute.globalAddresses.get` -* `compute.globalAddresses.use` -* `compute.globalForwardingRules.create` -* `compute.globalForwardingRules.delete` -* `compute.globalForwardingRules.get` -* `compute.globalForwardingRules.setLabels` -* `compute.globalOperations.get` -* `compute.healthChecks.create` -* `compute.healthChecks.delete` -* `compute.healthChecks.get` -* `compute.healthChecks.useReadOnly` -* `compute.instanceGroupManagers.create` -* `compute.instanceGroupManagers.delete` -* `compute.instanceGroupManagers.get` -* `compute.instanceGroupManagers.update` -* `compute.instanceGroups.create` -* `compute.instanceGroups.delete` -* `compute.instanceGroups.get` -* `compute.instanceGroups.update` -* `compute.instanceGroups.use` -* `compute.instances.create` -* `compute.instances.setLabels` -* `compute.instances.setMetadata` -* `compute.instances.setTags` -* `compute.instanceTemplates.create` -* `compute.instanceTemplates.delete` -* `compute.instanceTemplates.get` -* `compute.instanceTemplates.useReadOnly` -* `compute.networks.create` -* `compute.networks.delete` -* `compute.networks.get` -* `compute.networks.updatePolicy` -* `compute.routers.create` -* `compute.routers.delete` -* `compute.routers.get` -* `compute.routers.update` -* `compute.subnetworks.create` -* `compute.subnetworks.delete` -* `compute.subnetworks.get` -* `compute.subnetworks.use` -* `compute.targetTcpProxies.create` -* `compute.targetTcpProxies.delete` -* `compute.targetTcpProxies.get` -* `compute.targetTcpProxies.use` -* `iam.serviceAccounts.actAs` + +- `compute.addresses.createInternal` +- `compute.addresses.deleteInternal` +- `compute.addresses.get` +- `compute.addresses.useInternal` +- `compute.backendServices.create` +- `compute.backendServices.delete` +- `compute.backendServices.get` +- `compute.backendServices.use` +- `compute.disks.create` +- `compute.firewalls.create` +- `compute.firewalls.delete` +- `compute.firewalls.get` +- `compute.firewalls.update` +- `compute.globalAddresses.create` +- `compute.globalAddresses.delete` +- `compute.globalAddresses.get` +- `compute.globalAddresses.use` +- `compute.globalForwardingRules.create` +- `compute.globalForwardingRules.delete` +- `compute.globalForwardingRules.get` +- `compute.globalForwardingRules.setLabels` +- `compute.globalOperations.get` +- `compute.healthChecks.create` +- `compute.healthChecks.delete` +- `compute.healthChecks.get` +- `compute.healthChecks.useReadOnly` +- `compute.instanceGroupManagers.create` +- `compute.instanceGroupManagers.delete` +- `compute.instanceGroupManagers.get` +- `compute.instanceGroupManagers.update` +- `compute.instanceGroups.create` +- `compute.instanceGroups.delete` +- `compute.instanceGroups.get` +- `compute.instanceGroups.update` +- `compute.instanceGroups.use` +- `compute.instances.create` +- `compute.instances.setLabels` +- `compute.instances.setMetadata` +- `compute.instances.setTags` +- `compute.instanceTemplates.create` +- `compute.instanceTemplates.delete` +- `compute.instanceTemplates.get` +- `compute.instanceTemplates.useReadOnly` +- `compute.networks.create` +- `compute.networks.delete` +- `compute.networks.get` +- `compute.networks.updatePolicy` +- `compute.routers.create` +- `compute.routers.delete` +- `compute.routers.get` +- `compute.routers.update` +- `compute.subnetworks.create` +- `compute.subnetworks.delete` +- `compute.subnetworks.get` +- `compute.subnetworks.use` +- `compute.targetTcpProxies.create` +- `compute.targetTcpProxies.delete` +- `compute.targetTcpProxies.get` +- `compute.targetTcpProxies.use` +- `iam.serviceAccounts.actAs` Together, the built-in roles `roles/editor`, `roles/compute.instanceAdmin` and `roles/resourcemanager.projectIamAdmin` form a superset of these permissions. Follow Google's guide on [understanding](https://cloud.google.com/iam/docs/understanding-roles) and [assigning roles](https://cloud.google.com/iam/docs/granting-changing-revoking-access). - - + + To set up a Constellation cluster, you need to perform two tasks that require permissions: create the infrastructure and create roles for cluster nodes. Both of these actions can be performed by different users, e.g., an administrator to create roles and a DevOps engineer to create the infrastructure. @@ -280,8 +285,8 @@ The built-in `PowerUserAccess` policy is a superset of these permissions. Follow Amazon's guide on [understanding](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) and [managing policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html). - - + + ### Authentication @@ -291,8 +296,8 @@ You need to authenticate with your CSP. The following lists the required steps f The steps for a *testing* environment are simpler. However, they may expose secrets to the CSP. If in doubt, follow the *production* steps. ::: - - + + **Testing** @@ -308,8 +313,8 @@ az login Other options are described in Azure's [authentication guide](https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli). - - + + **Testing** @@ -332,8 +337,8 @@ Use one of the following options on a trusted machine: Follow [Google's guide](https://cloud.google.com/docs/authentication/production#manually) for setting up your credentials. - - + + **Testing** @@ -349,9 +354,9 @@ aws configure Options and first steps are described in the [AWS CLI documentation](https://docs.aws.amazon.com/cli/index.html). - + - + ## Next steps diff --git a/docs/versioned_docs/version-2.12/workflows/config.md b/docs/versioned_docs/version-2.12/workflows/config.md index e076e2e34..4dab6bd50 100644 --- a/docs/versioned_docs/version-2.12/workflows/config.md +++ b/docs/versioned_docs/version-2.12/workflows/config.md @@ -14,49 +14,49 @@ Before you can create your cluster, you need to configure the identity and acces You can generate a configuration file for your CSP by using the following CLI command: - - + + ```bash constellation config generate azure ``` - - + + ```bash constellation config generate gcp ``` - - + + ```bash constellation config generate aws ``` - - + + This creates the file `constellation-conf.yaml` in the current directory. ## Choosing a VM type Constellation supports the following VM types: - - + + By default, Constellation uses `Standard_DC4as_v5` CVMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. For CVMs, any VM type with a minimum of 4 vCPUs from the [DCasv5 & DCadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/dcasv5-dcadsv5-series) or [ECasv5 & ECadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/ecasv5-ecadsv5-series) families is supported. You can also run `constellation config instance-types` to get the list of all supported options. - - + + By default, Constellation uses `n2d-standard-4` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. Supported are all machines with a minimum of 4 vCPUs from the [C2D](https://cloud.google.com/compute/docs/compute-optimized-machines#c2d_machine_types) or [N2D](https://cloud.google.com/compute/docs/general-purpose-machines#n2d_machines) family. You can run `constellation config instance-types` to get the list of all supported options. - - + + By default, Constellation uses `m6a.xlarge` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. @@ -75,8 +75,8 @@ AWS is currently investigating the issue. SNP-based attestation will be enabled as soon as a fix is verified. ::: - - + + Fill the desired VM type into the **instanceType** fields in the `constellation-conf.yml` file. @@ -133,8 +133,8 @@ See also Constellation's [Kubernetes support policy](../architecture/versions.md You can create an IAM configuration for your cluster automatically using the `constellation iam create` command. If you already have a Constellation configuration file, you can add the `--update-config` flag to the command. This writes the needed IAM fields into your configuration. Furthermore, the flag updates the zone/region of the configuration if it hasn't been set yet. - - + + You must be authenticated with the [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -154,8 +154,8 @@ Note that CVMs are currently only supported in a few regions, check [Azure's pro Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + + You must be authenticated with the [GCP CLI](https://cloud.google.com/sdk/gcloud) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -169,8 +169,8 @@ Note that only regions offering CVMs of the `C2D` or `N2D` series are supported. Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + + You must be authenticated with the [AWS CLI](https://aws.amazon.com/en/cli/) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -194,16 +194,16 @@ You can find a list of all [regions in AWS's documentation](https://docs.aws.ama Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + +
    Alternatively, you can manually create the IAM configuration on your CSP. The following describes the configuration fields and how you obtain the required information or create the required resources. - - + + * **subscription**: The UUID of your Azure subscription, e.g., `8b8bd01f-efd9-4113-9bd1-c82137c32da7`. @@ -232,9 +232,9 @@ The following describes the configuration fields and how you obtain the required The user-assigned identity is used by instances of the cluster to access other cloud resources. For more information about managed identities refer to [Azure's documentation](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities). - + - + * **project**: The ID of your GCP project, e.g., `constellation-129857`. @@ -258,9 +258,9 @@ The following describes the configuration fields and how you obtain the required Afterward, create and download a new JSON key for this service account. Place the downloaded file in your Constellation workspace, and set the config parameter to the filename, e.g., `constellation-129857-15343dba46cb.json`. - + - + * **region**: The name of your chosen AWS data center region, e.g., `us-east-2`. @@ -291,9 +291,9 @@ The following describes the configuration fields and how you obtain the required Alternatively, you can create the AWS profile with a tool of your choice. Use the JSON policy in [main.tf](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam/main.tf) in the resource `aws_iam_policy.worker_node_policy`. - + - +
    Now that you've configured your CSP, you can [create your cluster](./create.md). diff --git a/docs/versioned_docs/version-2.12/workflows/create.md b/docs/versioned_docs/version-2.12/workflows/create.md index 58c0efe39..eccb2699a 100644 --- a/docs/versioned_docs/version-2.12/workflows/create.md +++ b/docs/versioned_docs/version-2.12/workflows/create.md @@ -26,8 +26,8 @@ Before you create the cluster, make sure to have a [valid configuration file](./ ### Create - - + + ```bash constellation create @@ -35,8 +35,8 @@ constellation create *create* stores your cluster's state in a [`constellation-terraform`](../architecture/orchestration.md#cluster-creation-process) directory in your workspace. - - + + Terraform allows for an easier GitOps integration as well as meeting regulatory requirements. Since the Constellation CLI also uses Terraform under the hood, you can reuse the same Terraform files. @@ -77,8 +77,8 @@ yq eval '.infrastructure.initSecret ="$CONSTELL_INIT_SECRET"' --inplace constell yq eval '.infrastructure.clusterEndpoint ="$CONSTELL_IP"' --inplace constellation-state.yaml ``` - - + + ## The *init* step diff --git a/docs/versioned_docs/version-2.12/workflows/recovery.md b/docs/versioned_docs/version-2.12/workflows/recovery.md index 955981749..f2d5f22c1 100644 --- a/docs/versioned_docs/version-2.12/workflows/recovery.md +++ b/docs/versioned_docs/version-2.12/workflows/recovery.md @@ -16,8 +16,8 @@ You can check the health status of the nodes via the cloud service provider (CSP Constellation provides logging information on the boot process and status via [cloud logging](troubleshooting.md#cloud-logging). In the following, you'll find detailed descriptions for identifying clusters stuck in recovery for each CSP. - - + + In the Azure portal, find the cluster's resource group. Inside the resource group, open the control plane *Virtual machine scale set* `constellation-scale-set-controlplanes-`. @@ -51,8 +51,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + First, check that the control plane *Instance Group* has enough members in a *Ready* state. In the GCP Console, go to **Instance Groups** and check the group for the cluster's control plane `-control-plane-`. @@ -87,8 +87,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + First, open the AWS console to view all Auto Scaling Groups (ASGs) in the region of your cluster. Select the ASG of the control plane `--control-plane` and check that enough members are in a *Running* state. @@ -118,8 +118,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + ## Recover a cluster diff --git a/docs/versioned_docs/version-2.12/workflows/scale.md b/docs/versioned_docs/version-2.12/workflows/scale.md index 06898ad0c..63b727c7d 100644 --- a/docs/versioned_docs/version-2.12/workflows/scale.md +++ b/docs/versioned_docs/version-2.12/workflows/scale.md @@ -51,30 +51,30 @@ kubectl -n kube-system get nodes Alternatively, you can manually scale your cluster up or down: - - + + 1. Find your Constellation resource group. 2. Select the `scale-set-workers`. 3. Go to **settings** and **scaling**. 4. Set the new **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **worker** instance group. 3. Set the new **number of instances** and **save**. - - + + 1. Go to Auto Scaling Groups and select the worker ASG to scale up. 2. Click **Edit** 3. Set the new (increased) **Desired capacity** and **Update**. - - + + ## Control-plane node scaling @@ -82,30 +82,30 @@ Control-plane nodes can **only be scaled manually and only scaled up**! To increase the number of control-plane nodes, follow these steps: - + - + 1. Find your Constellation resource group. 2. Select the `scale-set-controlplanes`. 3. Go to **settings** and **scaling**. 4. Set the new (increased) **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **control-plane** instance group. 3. Set the new (increased) **number of instances** and **save**. - - + + 1. Go to Auto Scaling Groups and select the control-plane ASG to scale up. 2. Click **Edit** 3. Set the new (increased) **Desired capacity** and **Update**. - - + + If you scale down the number of control-planes nodes, the removed nodes won't be able to exit the `etcd` cluster correctly. This will endanger the quorum that's required to run a stable Kubernetes control plane. diff --git a/docs/versioned_docs/version-2.12/workflows/storage.md b/docs/versioned_docs/version-2.12/workflows/storage.md index 9e3d96346..06fbc4de6 100644 --- a/docs/versioned_docs/version-2.12/workflows/storage.md +++ b/docs/versioned_docs/version-2.12/workflows/storage.md @@ -21,30 +21,30 @@ For more details see [encrypted persistent storage](../architecture/encrypted-st Constellation supports the following drivers, which offer node-level encryption and optional integrity protection. - - + + **Constellation CSI driver for Azure Disk**: Mount Azure [Disk Storage](https://azure.microsoft.com/en-us/services/storage/disks/#overview) into your Constellation cluster. See the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-azuredisk-csi-driver) for more information. Since Azure Disks are mounted as `ReadWriteOnce`, they're only available to a single pod. - - + + **Constellation CSI driver for GCP Persistent Disk**: Mount [Persistent Disk](https://cloud.google.com/persistent-disk) block storage into your Constellation cluster. Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-gcp-compute-persistent-disk-csi-driver) for more information. - - + + **Constellation CSI driver for AWS Elastic Block Store** Mount [Elastic Block Store](https://aws.amazon.com/ebs/) storage volumes into your Constellation cluster. Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-aws-ebs-csi-driver) for more information. - - + + Note that in case the options above aren't a suitable solution for you, Constellation is compatible with all other CSI-based storage options. For example, you can use [AWS EFS](https://docs.aws.amazon.com/en_en/eks/latest/userguide/efs-csi.html), [Azure Files](https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction), or [GCP Filestore](https://cloud.google.com/filestore) with Constellation out of the box. Constellation is just not providing transparent encryption on the node level for these storage types yet. @@ -53,8 +53,8 @@ Note that in case the options above aren't a suitable solution for you, Constell The Constellation CLI automatically installs Constellation's CSI driver for the selected CSP in your cluster. If you don't need a CSI driver or wish to deploy your own, you can disable the automatic installation by setting `deployCSIDriver` to `false` in your Constellation config file. - - + + Azure comes with two storage classes by default. @@ -82,8 +82,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + GCP comes with two storage classes by default. @@ -111,8 +111,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + AWS comes with two storage classes by default. @@ -140,8 +140,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + 1. Create a [persistent volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) diff --git a/docs/versioned_docs/version-2.12/workflows/terminate.md b/docs/versioned_docs/version-2.12/workflows/terminate.md index a990bc108..af7dbc1db 100644 --- a/docs/versioned_docs/version-2.12/workflows/terminate.md +++ b/docs/versioned_docs/version-2.12/workflows/terminate.md @@ -16,8 +16,8 @@ All ephemeral storage and state of your cluster will be lost. Make sure any data ::: - - + + Terminate the cluster by running: ```bash @@ -40,8 +40,8 @@ resources manually. Just run the `terminate` command again afterward to continue ::: - - + + Terminate the cluster by running: ```bash @@ -56,5 +56,5 @@ rm constellation-state.yaml constellation-admin.conf Only the `constellation-mastersecret.json` and the configuration file remain. - - + + diff --git a/docs/versioned_docs/version-2.12/workflows/troubleshooting.md b/docs/versioned_docs/version-2.12/workflows/troubleshooting.md index a3e25a0fe..c40e6496e 100644 --- a/docs/versioned_docs/version-2.12/workflows/troubleshooting.md +++ b/docs/versioned_docs/version-2.12/workflows/troubleshooting.md @@ -101,8 +101,8 @@ To provide information during early stages of a node's boot process, Constellati You can view this information in the following places: - - + + 1. In your Azure subscription find the Constellation resource group. 2. Inside the resource group find the Application Insights resource called `constellation-insights-*`. @@ -112,8 +112,8 @@ You can view this information in the following places: To **find the disk UUIDs** use the following query: `traces | where message contains "Disk UUID"` - - + + 1. Select the project that hosts Constellation. 2. Go to the `Compute Engine` service. @@ -128,16 +128,16 @@ Constellation uses the default bucket to store logs. Its [default retention peri ::: - - + + 1. Open [AWS CloudWatch](https://console.aws.amazon.com/cloudwatch/home) 2. Select [Log Groups](https://console.aws.amazon.com/cloudwatch/home#logsV2:log-groups) 3. Select the log group that matches the name of your cluster. 4. Select the log stream for control or worker type nodes. - - + + ### Node shell access diff --git a/docs/versioned_docs/version-2.13/architecture/attestation.md b/docs/versioned_docs/version-2.13/architecture/attestation.md index 576bc8865..8408cc5f0 100644 --- a/docs/versioned_docs/version-2.13/architecture/attestation.md +++ b/docs/versioned_docs/version-2.13/architecture/attestation.md @@ -121,8 +121,8 @@ Constellation allows to specify in the config which measurements should be enfor Enforcing non-reproducible measurements controlled by the cloud provider means that changes in these values require manual updates to the cluster's config. By default, Constellation only enforces measurements that are stable values produced by the infrastructure or by Constellation directly. - - + + Constellation uses the [vTPM](https://docs.microsoft.com/en-us/azure/virtual-machines/trusted-launch#vtpm) feature of Azure CVMs for runtime measurements. This vTPM adheres to the [TPM 2.0](https://trustedcomputinggroup.org/resource/tpm-library-specification/) specification. @@ -152,8 +152,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://cloud.google.com/compute/confidential-vm/docs/about-cvm) feature of CVMs on GCP for runtime measurements. Note that this vTPM doesn't run inside the hardware-protected CVM context, but is emulated by the hypervisor. @@ -185,8 +185,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) (NitroTPM) feature of the [AWS Nitro System](http://aws.amazon.com/ec2/nitro/) on AWS for runtime measurements. @@ -217,16 +217,16 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + ### CVM verification To verify the integrity of the received attestation statement, a chain of trust from the CVM technology to the interface providing the statement has to be established. For verification of the CVM technology, Constellation may expose additional options in its config file. - - + + On Azure, AMD SEV-SNP is used to provide runtime encryption to the VMs. An SEV-SNP attestation report is used to establish trust in the vTPM running inside the VM. @@ -248,18 +248,18 @@ You may customize certain parameters for verification of the attestation stateme More explicitly, it controls the verification of the `IDKeyDigest` value in the SEV-SNP attestation report. You can provide a list of accepted key digests and specify a policy on how this list is compared against the reported `IDKeyDigest`. - - + + There is no additional configuration available for GCP. - - + + There is no additional configuration available for AWS. - - + + ## Cluster attestation diff --git a/docs/versioned_docs/version-2.13/getting-started/first-steps-local.md b/docs/versioned_docs/version-2.13/getting-started/first-steps-local.md index 90a7317af..890a12654 100644 --- a/docs/versioned_docs/version-2.13/getting-started/first-steps-local.md +++ b/docs/versioned_docs/version-2.13/getting-started/first-steps-local.md @@ -45,8 +45,8 @@ sudo iptables -P FORWARD ACCEPT ## Create a cluster - - + + With the `constellation mini` command, you can deploy and test Constellation locally. This mode is called MiniConstellation. Conceptually, MiniConstellation is similar to [MicroK8s](https://microk8s.io/), [K3s](https://k3s.io/), and [minikube](https://minikube.sigs.k8s.io/docs/). @@ -74,8 +74,8 @@ constellation mini up This will configure your current directory as the [workspace](../architecture/orchestration.md#workspaces) for this cluster. All `constellation` commands concerning this cluster need to be issued from this directory. - - + + With the QEMU provider, you can create a local Constellation cluster as if it were in the cloud. The provider uses [QEMU](https://www.qemu.org/) to create multiple VMs for the cluster nodes, which interact with each other. @@ -152,8 +152,8 @@ attaching persistent storage, or autoscaling aren't available. export KUBECONFIG="$PWD/constellation-admin.conf" ``` - - + + ## Connect to the cluster @@ -206,8 +206,8 @@ worker-0 Ready 32s v1.24.6 ## Terminate your cluster - - + + Once you are done, you can clean up the created resources using the following command: @@ -218,8 +218,8 @@ constellation mini down This will destroy your cluster and clean up your workspace. The VM image and cluster configuration file (`constellation-conf.yaml`) will be kept and may be reused to create new clusters. - - + + Once you are done, you can clean up the created resources using the following command: @@ -247,8 +247,8 @@ Your Constellation cluster was terminated successfully. This will destroy your cluster and clean up your workspace. The VM image and cluster configuration file (`constellation-conf.yaml`) will be kept and may be reused to create new clusters. - - + + ## Troubleshooting diff --git a/docs/versioned_docs/version-2.13/getting-started/first-steps.md b/docs/versioned_docs/version-2.13/getting-started/first-steps.md index 040be5478..287e0737a 100644 --- a/docs/versioned_docs/version-2.13/getting-started/first-steps.md +++ b/docs/versioned_docs/version-2.13/getting-started/first-steps.md @@ -15,39 +15,39 @@ If you encounter any problem with the following steps, make sure to use the [lat 1. Create the [configuration file](../workflows/config.md) and state file for your cloud provider. - + - + ```bash constellation config generate azure ``` - + - + ```bash constellation config generate gcp ``` - + - + ```bash constellation config generate aws ``` - + - + 2. Create your [IAM configuration](../workflows/config.md#creating-an-iam-configuration). - + - + ```bash constellation iam create azure --region=westus --resourceGroup=constellTest --servicePrincipal=spTest --update-config @@ -62,9 +62,9 @@ If you encounter any problem with the following steps, make sure to use the [lat * `westeurope` * `southeastasia` - + - + ```bash constellation iam create gcp --projectID=yourproject-12345 --zone=europe-west2-a --serviceAccountID=constell-test --update-config @@ -74,9 +74,9 @@ If you encounter any problem with the following steps, make sure to use the [lat Note that only regions offering CVMs of the `C2D` or `N2D` series are supported. You can find a [list of all regions in Google's documentation](https://cloud.google.com/compute/docs/regions-zones#available), which you can filter by machine type `C2D` or `N2D`. - + - + ```bash constellation iam create aws --zone=us-east-2a --prefix=constellTest --update-config @@ -103,8 +103,8 @@ If you encounter any problem with the following steps, make sure to use the [lat You can find a list of all [regions in AWS's documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions). - - + + :::tip To learn about all options you have for managing IAM resources and Constellation configuration, see the [Configuration workflow](../workflows/config.md). diff --git a/docs/versioned_docs/version-2.13/getting-started/install.md b/docs/versioned_docs/version-2.13/getting-started/install.md index 035f679b2..2fabcf0b1 100644 --- a/docs/versioned_docs/version-2.13/getting-started/install.md +++ b/docs/versioned_docs/version-2.13/getting-started/install.md @@ -18,8 +18,8 @@ Make sure the following requirements are met: The CLI executable is available at [GitHub](https://github.com/edgelesssys/constellation/releases). Install it with the following commands: - - + + 1. Download the CLI: @@ -35,8 +35,8 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-amd64 /usr/local/bin/constellation ``` - - + + 1. Download the CLI: @@ -52,9 +52,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-arm64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -70,9 +70,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-arm64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -88,8 +88,8 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-amd64 /usr/local/bin/constellation ``` - - + + :::tip The CLI supports autocompletion for various shells. To set it up, run `constellation completion` and follow the given steps. @@ -105,39 +105,42 @@ If you don't have a cloud subscription, you can also set up a [local Constellati ### Required permissions - - + + The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription: -* `Microsoft.Attestation` -* `Microsoft.Compute` -* `Microsoft.Insights` -* `Microsoft.ManagedIdentity` -* `Microsoft.Network` + +- `Microsoft.Attestation` +- `Microsoft.Compute` +- `Microsoft.Insights` +- `Microsoft.ManagedIdentity` +- `Microsoft.Network` By default, Constellation tries to register these automatically if they haven't been registered before. To [create the IAM configuration](../workflows/config.md#creating-an-iam-configuration) for Constellation, you need the following permissions: -* `*/register/action` \[1] -* `Microsoft.Authorization/roleAssignments/*` -* `Microsoft.Authorization/roleDefinitions/*` -* `Microsoft.ManagedIdentity/userAssignedIdentities/*` -* `Microsoft.Resources/subscriptions/resourcegroups/*` + +- `*/register/action` \[1] +- `Microsoft.Authorization/roleAssignments/*` +- `Microsoft.Authorization/roleDefinitions/*` +- `Microsoft.ManagedIdentity/userAssignedIdentities/*` +- `Microsoft.Resources/subscriptions/resourcegroups/*` The built-in `Owner` role is a superset of these permissions. To [create a Constellation cluster](../workflows/create.md#the-create-step), you need the following permissions: -* `Microsoft.Attestation/attestationProviders/*` -* `Microsoft.Compute/virtualMachineScaleSets/*` -* `Microsoft.Insights/components/*` -* `Microsoft.ManagedIdentity/userAssignedIdentities/*` -* `Microsoft.Network/loadBalancers/*` -* `Microsoft.Network/loadBalancers/backendAddressPools/*` -* `Microsoft.Network/networkSecurityGroups/*` -* `Microsoft.Network/publicIPAddresses/*` -* `Microsoft.Network/virtualNetworks/*` -* `Microsoft.Network/virtualNetworks/subnets/*` -* `Microsoft.Network/natGateways/*` + +- `Microsoft.Attestation/attestationProviders/*` +- `Microsoft.Compute/virtualMachineScaleSets/*` +- `Microsoft.Insights/components/*` +- `Microsoft.ManagedIdentity/userAssignedIdentities/*` +- `Microsoft.Network/loadBalancers/*` +- `Microsoft.Network/loadBalancers/backendAddressPools/*` +- `Microsoft.Network/networkSecurityGroups/*` +- `Microsoft.Network/publicIPAddresses/*` +- `Microsoft.Network/virtualNetworks/*` +- `Microsoft.Network/virtualNetworks/subnets/*` +- `Microsoft.Network/natGateways/*` The built-in `Contributor` role is a superset of these permissions. @@ -145,92 +148,94 @@ Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/az 1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration. - - + + Create a new project for Constellation or use an existing one. Enable the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com) on it. To [create the IAM configuration](../workflows/config.md#creating-an-iam-configuration) for Constellation, you need the following permissions: -* `iam.serviceAccountKeys.create` -* `iam.serviceAccountKeys.delete` -* `iam.serviceAccountKeys.get` -* `iam.serviceAccounts.create` -* `iam.serviceAccounts.delete` -* `iam.serviceAccounts.get` -* `resourcemanager.projects.getIamPolicy` -* `resourcemanager.projects.setIamPolicy` + +- `iam.serviceAccountKeys.create` +- `iam.serviceAccountKeys.delete` +- `iam.serviceAccountKeys.get` +- `iam.serviceAccounts.create` +- `iam.serviceAccounts.delete` +- `iam.serviceAccounts.get` +- `resourcemanager.projects.getIamPolicy` +- `resourcemanager.projects.setIamPolicy` Together, the built-in roles `roles/editor` and `roles/resourcemanager.projectIamAdmin` form a superset of these permissions. To [create a Constellation cluster](../workflows/create.md#the-create-step), you need the following permissions: -* `compute.addresses.createInternal` -* `compute.addresses.deleteInternal` -* `compute.addresses.get` -* `compute.addresses.useInternal` -* `compute.backendServices.create` -* `compute.backendServices.delete` -* `compute.backendServices.get` -* `compute.backendServices.use` -* `compute.disks.create` -* `compute.firewalls.create` -* `compute.firewalls.delete` -* `compute.firewalls.get` -* `compute.firewalls.update` -* `compute.globalAddresses.create` -* `compute.globalAddresses.delete` -* `compute.globalAddresses.get` -* `compute.globalAddresses.use` -* `compute.globalForwardingRules.create` -* `compute.globalForwardingRules.delete` -* `compute.globalForwardingRules.get` -* `compute.globalForwardingRules.setLabels` -* `compute.globalOperations.get` -* `compute.healthChecks.create` -* `compute.healthChecks.delete` -* `compute.healthChecks.get` -* `compute.healthChecks.useReadOnly` -* `compute.instanceGroupManagers.create` -* `compute.instanceGroupManagers.delete` -* `compute.instanceGroupManagers.get` -* `compute.instanceGroupManagers.update` -* `compute.instanceGroups.create` -* `compute.instanceGroups.delete` -* `compute.instanceGroups.get` -* `compute.instanceGroups.update` -* `compute.instanceGroups.use` -* `compute.instances.create` -* `compute.instances.setLabels` -* `compute.instances.setMetadata` -* `compute.instances.setTags` -* `compute.instanceTemplates.create` -* `compute.instanceTemplates.delete` -* `compute.instanceTemplates.get` -* `compute.instanceTemplates.useReadOnly` -* `compute.networks.create` -* `compute.networks.delete` -* `compute.networks.get` -* `compute.networks.updatePolicy` -* `compute.routers.create` -* `compute.routers.delete` -* `compute.routers.get` -* `compute.routers.update` -* `compute.subnetworks.create` -* `compute.subnetworks.delete` -* `compute.subnetworks.get` -* `compute.subnetworks.use` -* `compute.targetTcpProxies.create` -* `compute.targetTcpProxies.delete` -* `compute.targetTcpProxies.get` -* `compute.targetTcpProxies.use` -* `iam.serviceAccounts.actAs` + +- `compute.addresses.createInternal` +- `compute.addresses.deleteInternal` +- `compute.addresses.get` +- `compute.addresses.useInternal` +- `compute.backendServices.create` +- `compute.backendServices.delete` +- `compute.backendServices.get` +- `compute.backendServices.use` +- `compute.disks.create` +- `compute.firewalls.create` +- `compute.firewalls.delete` +- `compute.firewalls.get` +- `compute.firewalls.update` +- `compute.globalAddresses.create` +- `compute.globalAddresses.delete` +- `compute.globalAddresses.get` +- `compute.globalAddresses.use` +- `compute.globalForwardingRules.create` +- `compute.globalForwardingRules.delete` +- `compute.globalForwardingRules.get` +- `compute.globalForwardingRules.setLabels` +- `compute.globalOperations.get` +- `compute.healthChecks.create` +- `compute.healthChecks.delete` +- `compute.healthChecks.get` +- `compute.healthChecks.useReadOnly` +- `compute.instanceGroupManagers.create` +- `compute.instanceGroupManagers.delete` +- `compute.instanceGroupManagers.get` +- `compute.instanceGroupManagers.update` +- `compute.instanceGroups.create` +- `compute.instanceGroups.delete` +- `compute.instanceGroups.get` +- `compute.instanceGroups.update` +- `compute.instanceGroups.use` +- `compute.instances.create` +- `compute.instances.setLabels` +- `compute.instances.setMetadata` +- `compute.instances.setTags` +- `compute.instanceTemplates.create` +- `compute.instanceTemplates.delete` +- `compute.instanceTemplates.get` +- `compute.instanceTemplates.useReadOnly` +- `compute.networks.create` +- `compute.networks.delete` +- `compute.networks.get` +- `compute.networks.updatePolicy` +- `compute.routers.create` +- `compute.routers.delete` +- `compute.routers.get` +- `compute.routers.update` +- `compute.subnetworks.create` +- `compute.subnetworks.delete` +- `compute.subnetworks.get` +- `compute.subnetworks.use` +- `compute.targetTcpProxies.create` +- `compute.targetTcpProxies.delete` +- `compute.targetTcpProxies.get` +- `compute.targetTcpProxies.use` +- `iam.serviceAccounts.actAs` Together, the built-in roles `roles/editor`, `roles/compute.instanceAdmin` and `roles/resourcemanager.projectIamAdmin` form a superset of these permissions. Follow Google's guide on [understanding](https://cloud.google.com/iam/docs/understanding-roles) and [assigning roles](https://cloud.google.com/iam/docs/granting-changing-revoking-access). - - + + To set up a Constellation cluster, you need to perform two tasks that require permissions: create the infrastructure and create roles for cluster nodes. Both of these actions can be performed by different users, e.g., an administrator to create roles and a DevOps engineer to create the infrastructure. @@ -280,8 +285,8 @@ The built-in `PowerUserAccess` policy is a superset of these permissions. Follow Amazon's guide on [understanding](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) and [managing policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html). - - + + ### Authentication @@ -291,8 +296,8 @@ You need to authenticate with your CSP. The following lists the required steps f The steps for a *testing* environment are simpler. However, they may expose secrets to the CSP. If in doubt, follow the *production* steps. ::: - - + + **Testing** @@ -308,8 +313,8 @@ az login Other options are described in Azure's [authentication guide](https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli). - - + + **Testing** @@ -332,8 +337,8 @@ Use one of the following options on a trusted machine: Follow [Google's guide](https://cloud.google.com/docs/authentication/production#manually) for setting up your credentials. - - + + **Testing** @@ -349,9 +354,9 @@ aws configure Options and first steps are described in the [AWS CLI documentation](https://docs.aws.amazon.com/cli/index.html). - + - + ## Next steps diff --git a/docs/versioned_docs/version-2.13/workflows/config.md b/docs/versioned_docs/version-2.13/workflows/config.md index e076e2e34..4dab6bd50 100644 --- a/docs/versioned_docs/version-2.13/workflows/config.md +++ b/docs/versioned_docs/version-2.13/workflows/config.md @@ -14,49 +14,49 @@ Before you can create your cluster, you need to configure the identity and acces You can generate a configuration file for your CSP by using the following CLI command: - - + + ```bash constellation config generate azure ``` - - + + ```bash constellation config generate gcp ``` - - + + ```bash constellation config generate aws ``` - - + + This creates the file `constellation-conf.yaml` in the current directory. ## Choosing a VM type Constellation supports the following VM types: - - + + By default, Constellation uses `Standard_DC4as_v5` CVMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. For CVMs, any VM type with a minimum of 4 vCPUs from the [DCasv5 & DCadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/dcasv5-dcadsv5-series) or [ECasv5 & ECadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/ecasv5-ecadsv5-series) families is supported. You can also run `constellation config instance-types` to get the list of all supported options. - - + + By default, Constellation uses `n2d-standard-4` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. Supported are all machines with a minimum of 4 vCPUs from the [C2D](https://cloud.google.com/compute/docs/compute-optimized-machines#c2d_machine_types) or [N2D](https://cloud.google.com/compute/docs/general-purpose-machines#n2d_machines) family. You can run `constellation config instance-types` to get the list of all supported options. - - + + By default, Constellation uses `m6a.xlarge` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. @@ -75,8 +75,8 @@ AWS is currently investigating the issue. SNP-based attestation will be enabled as soon as a fix is verified. ::: - - + + Fill the desired VM type into the **instanceType** fields in the `constellation-conf.yml` file. @@ -133,8 +133,8 @@ See also Constellation's [Kubernetes support policy](../architecture/versions.md You can create an IAM configuration for your cluster automatically using the `constellation iam create` command. If you already have a Constellation configuration file, you can add the `--update-config` flag to the command. This writes the needed IAM fields into your configuration. Furthermore, the flag updates the zone/region of the configuration if it hasn't been set yet. - - + + You must be authenticated with the [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -154,8 +154,8 @@ Note that CVMs are currently only supported in a few regions, check [Azure's pro Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + + You must be authenticated with the [GCP CLI](https://cloud.google.com/sdk/gcloud) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -169,8 +169,8 @@ Note that only regions offering CVMs of the `C2D` or `N2D` series are supported. Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + + You must be authenticated with the [AWS CLI](https://aws.amazon.com/en/cli/) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -194,16 +194,16 @@ You can find a list of all [regions in AWS's documentation](https://docs.aws.ama Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + +
    Alternatively, you can manually create the IAM configuration on your CSP. The following describes the configuration fields and how you obtain the required information or create the required resources. - - + + * **subscription**: The UUID of your Azure subscription, e.g., `8b8bd01f-efd9-4113-9bd1-c82137c32da7`. @@ -232,9 +232,9 @@ The following describes the configuration fields and how you obtain the required The user-assigned identity is used by instances of the cluster to access other cloud resources. For more information about managed identities refer to [Azure's documentation](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities). - + - + * **project**: The ID of your GCP project, e.g., `constellation-129857`. @@ -258,9 +258,9 @@ The following describes the configuration fields and how you obtain the required Afterward, create and download a new JSON key for this service account. Place the downloaded file in your Constellation workspace, and set the config parameter to the filename, e.g., `constellation-129857-15343dba46cb.json`. - + - + * **region**: The name of your chosen AWS data center region, e.g., `us-east-2`. @@ -291,9 +291,9 @@ The following describes the configuration fields and how you obtain the required Alternatively, you can create the AWS profile with a tool of your choice. Use the JSON policy in [main.tf](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam/main.tf) in the resource `aws_iam_policy.worker_node_policy`. - + - +
    Now that you've configured your CSP, you can [create your cluster](./create.md). diff --git a/docs/versioned_docs/version-2.13/workflows/create.md b/docs/versioned_docs/version-2.13/workflows/create.md index 387f68c8e..f347e9f27 100644 --- a/docs/versioned_docs/version-2.13/workflows/create.md +++ b/docs/versioned_docs/version-2.13/workflows/create.md @@ -26,8 +26,8 @@ Before you create the cluster, make sure to have a [valid configuration file](./ ### Create - - + + ```bash constellation create @@ -35,8 +35,8 @@ constellation create *create* stores your cluster's state in a [`constellation-terraform`](../architecture/orchestration.md#cluster-creation-process) directory in your workspace. - - + + Self-managed infrastructure allows for more flexibility in the setup, by separating the infrastructure setup from the Constellation cluster management. This provides flexibility in DevOps and can meet potential regulatory requirements. @@ -72,8 +72,8 @@ Fill these outputs into the corresponding fields of the `Infrastructure` block i Continue with [initializing your cluster](#the-apply-step). - - + + ## The *apply* step diff --git a/docs/versioned_docs/version-2.13/workflows/recovery.md b/docs/versioned_docs/version-2.13/workflows/recovery.md index 955981749..f2d5f22c1 100644 --- a/docs/versioned_docs/version-2.13/workflows/recovery.md +++ b/docs/versioned_docs/version-2.13/workflows/recovery.md @@ -16,8 +16,8 @@ You can check the health status of the nodes via the cloud service provider (CSP Constellation provides logging information on the boot process and status via [cloud logging](troubleshooting.md#cloud-logging). In the following, you'll find detailed descriptions for identifying clusters stuck in recovery for each CSP. - - + + In the Azure portal, find the cluster's resource group. Inside the resource group, open the control plane *Virtual machine scale set* `constellation-scale-set-controlplanes-`. @@ -51,8 +51,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + First, check that the control plane *Instance Group* has enough members in a *Ready* state. In the GCP Console, go to **Instance Groups** and check the group for the cluster's control plane `-control-plane-`. @@ -87,8 +87,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + First, open the AWS console to view all Auto Scaling Groups (ASGs) in the region of your cluster. Select the ASG of the control plane `--control-plane` and check that enough members are in a *Running* state. @@ -118,8 +118,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + ## Recover a cluster diff --git a/docs/versioned_docs/version-2.13/workflows/scale.md b/docs/versioned_docs/version-2.13/workflows/scale.md index 06898ad0c..63b727c7d 100644 --- a/docs/versioned_docs/version-2.13/workflows/scale.md +++ b/docs/versioned_docs/version-2.13/workflows/scale.md @@ -51,30 +51,30 @@ kubectl -n kube-system get nodes Alternatively, you can manually scale your cluster up or down: - - + + 1. Find your Constellation resource group. 2. Select the `scale-set-workers`. 3. Go to **settings** and **scaling**. 4. Set the new **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **worker** instance group. 3. Set the new **number of instances** and **save**. - - + + 1. Go to Auto Scaling Groups and select the worker ASG to scale up. 2. Click **Edit** 3. Set the new (increased) **Desired capacity** and **Update**. - - + + ## Control-plane node scaling @@ -82,30 +82,30 @@ Control-plane nodes can **only be scaled manually and only scaled up**! To increase the number of control-plane nodes, follow these steps: - + - + 1. Find your Constellation resource group. 2. Select the `scale-set-controlplanes`. 3. Go to **settings** and **scaling**. 4. Set the new (increased) **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **control-plane** instance group. 3. Set the new (increased) **number of instances** and **save**. - - + + 1. Go to Auto Scaling Groups and select the control-plane ASG to scale up. 2. Click **Edit** 3. Set the new (increased) **Desired capacity** and **Update**. - - + + If you scale down the number of control-planes nodes, the removed nodes won't be able to exit the `etcd` cluster correctly. This will endanger the quorum that's required to run a stable Kubernetes control plane. diff --git a/docs/versioned_docs/version-2.13/workflows/storage.md b/docs/versioned_docs/version-2.13/workflows/storage.md index 9e3d96346..06fbc4de6 100644 --- a/docs/versioned_docs/version-2.13/workflows/storage.md +++ b/docs/versioned_docs/version-2.13/workflows/storage.md @@ -21,30 +21,30 @@ For more details see [encrypted persistent storage](../architecture/encrypted-st Constellation supports the following drivers, which offer node-level encryption and optional integrity protection. - - + + **Constellation CSI driver for Azure Disk**: Mount Azure [Disk Storage](https://azure.microsoft.com/en-us/services/storage/disks/#overview) into your Constellation cluster. See the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-azuredisk-csi-driver) for more information. Since Azure Disks are mounted as `ReadWriteOnce`, they're only available to a single pod. - - + + **Constellation CSI driver for GCP Persistent Disk**: Mount [Persistent Disk](https://cloud.google.com/persistent-disk) block storage into your Constellation cluster. Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-gcp-compute-persistent-disk-csi-driver) for more information. - - + + **Constellation CSI driver for AWS Elastic Block Store** Mount [Elastic Block Store](https://aws.amazon.com/ebs/) storage volumes into your Constellation cluster. Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-aws-ebs-csi-driver) for more information. - - + + Note that in case the options above aren't a suitable solution for you, Constellation is compatible with all other CSI-based storage options. For example, you can use [AWS EFS](https://docs.aws.amazon.com/en_en/eks/latest/userguide/efs-csi.html), [Azure Files](https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction), or [GCP Filestore](https://cloud.google.com/filestore) with Constellation out of the box. Constellation is just not providing transparent encryption on the node level for these storage types yet. @@ -53,8 +53,8 @@ Note that in case the options above aren't a suitable solution for you, Constell The Constellation CLI automatically installs Constellation's CSI driver for the selected CSP in your cluster. If you don't need a CSI driver or wish to deploy your own, you can disable the automatic installation by setting `deployCSIDriver` to `false` in your Constellation config file. - - + + Azure comes with two storage classes by default. @@ -82,8 +82,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + GCP comes with two storage classes by default. @@ -111,8 +111,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + AWS comes with two storage classes by default. @@ -140,8 +140,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + 1. Create a [persistent volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) diff --git a/docs/versioned_docs/version-2.13/workflows/terminate.md b/docs/versioned_docs/version-2.13/workflows/terminate.md index 168039fd2..e9599cb2b 100644 --- a/docs/versioned_docs/version-2.13/workflows/terminate.md +++ b/docs/versioned_docs/version-2.13/workflows/terminate.md @@ -16,8 +16,8 @@ All ephemeral storage and state of your cluster will be lost. Make sure any data ::: - - + + Terminate the cluster by running: ```bash @@ -40,8 +40,8 @@ resources manually. Just run the `terminate` command again afterward to continue ::: - - + + Terminate the cluster by running: ```bash @@ -56,5 +56,5 @@ rm constellation-state.yaml constellation-admin.conf Only the `constellation-mastersecret.json` and the configuration file remain. - - + + diff --git a/docs/versioned_docs/version-2.13/workflows/terraform-module.md b/docs/versioned_docs/version-2.13/workflows/terraform-module.md index e0534b9f5..07525cd27 100644 --- a/docs/versioned_docs/version-2.13/workflows/terraform-module.md +++ b/docs/versioned_docs/version-2.13/workflows/terraform-module.md @@ -1,12 +1,15 @@ # Use the Terraform module + You can manage a Constellation cluster through Terraform. The module package is available as part of the [GitHub release](https://github.com/edgelesssys/constellation/releases/). It consists of a convenience module for each cloud service provider (`{csp}-constellation`) that combines the IAM (`infrastructure/{csp}/iam`), infrastructure (`infrastructure/{csp}`), and constellation (`constellation-cluster`) modules. ## Prerequisites + - a Linux / Mac operating system - a Terraform installation of version `v1.4.4` or above ## Quick setup + The convenience module allows setting up a Constellation cluster with a single module. It's easiest to consume the module through a remote source, as shown below. This allows to upgrade the cluster to a newer Constellation version by simply updating the module source. @@ -18,6 +21,7 @@ The files are deleted on `terraform destroy`. ::: 1. Create a directory (workspace) for your Constellation cluster. + ```bash mkdir constellation-workspace cd constellation-workspace @@ -25,9 +29,9 @@ The files are deleted on `terraform destroy`. 1. Create a `main.tf` file to call the CSP specific Constellation module. - + - + ``` module "azure-constellation" { @@ -55,9 +59,9 @@ The files are deleted on `terraform destroy`. } ``` - + - + ``` module "aws-constellation" { @@ -86,9 +90,9 @@ The files are deleted on `terraform destroy`. } ``` - + - + ``` module "gcp-constellation" { @@ -118,25 +122,29 @@ The files are deleted on `terraform destroy`. } ``` - - + + 3. Initialize and apply the module. + ```bash terraform init terraform apply ``` ## Custom setup + If you need to separate IAM and cluster management or need custom infrastructure, you can also call the submodules individually. Look at the respective convenience module (`{csp}-constellation`) for how you can structure the module calls. The submodules are: + - `constellation-cluster`: manages the Constellation cluster - `fetch-image`: translates the Constellation image version to the image ID of the cloud service provider - `infrastructure/{csp}`: contains the cluster infrastructure resources - `infrastructure/iam/{csp}`: contains the IAM resources used within the cluster ## Cluster upgrades + :::tip For general information on cluster upgrades, see [Upgrade your cluster](./upgrade.md). ::: @@ -145,6 +153,7 @@ Using a [remote address as module source](https://developer.hashicorp.com/terraf 1. Update the `` variable inside the `source` field of the module. 2. Upgrade the Terraform module and provider dependencies and apply the Constellation upgrade. + ```bash terraform init -upgrade terraform apply diff --git a/docs/versioned_docs/version-2.13/workflows/troubleshooting.md b/docs/versioned_docs/version-2.13/workflows/troubleshooting.md index 05f515ed7..e8220c9a2 100644 --- a/docs/versioned_docs/version-2.13/workflows/troubleshooting.md +++ b/docs/versioned_docs/version-2.13/workflows/troubleshooting.md @@ -101,8 +101,8 @@ To provide information during early stages of a node's boot process, Constellati You can view this information in the following places: - - + + 1. In your Azure subscription find the Constellation resource group. 2. Inside the resource group find the Application Insights resource called `constellation-insights-*`. @@ -112,8 +112,8 @@ You can view this information in the following places: To **find the disk UUIDs** use the following query: `traces | where message contains "Disk UUID"` - - + + 1. Select the project that hosts Constellation. 2. Go to the `Compute Engine` service. @@ -128,16 +128,16 @@ Constellation uses the default bucket to store logs. Its [default retention peri ::: - - + + 1. Open [AWS CloudWatch](https://console.aws.amazon.com/cloudwatch/home) 2. Select [Log Groups](https://console.aws.amazon.com/cloudwatch/home#logsV2:log-groups) 3. Select the log group that matches the name of your cluster. 4. Select the log stream for control or worker type nodes. - - + + ### Node shell access diff --git a/docs/versioned_docs/version-2.14/architecture/attestation.md b/docs/versioned_docs/version-2.14/architecture/attestation.md index 04b85d8ad..415b41f47 100644 --- a/docs/versioned_docs/version-2.14/architecture/attestation.md +++ b/docs/versioned_docs/version-2.14/architecture/attestation.md @@ -121,8 +121,8 @@ Constellation allows to specify in the config which measurements should be enfor Enforcing non-reproducible measurements controlled by the cloud provider means that changes in these values require manual updates to the cluster's config. By default, Constellation only enforces measurements that are stable values produced by the infrastructure or by Constellation directly. - - + + Constellation uses the [vTPM](https://docs.microsoft.com/en-us/azure/virtual-machines/trusted-launch#vtpm) feature of Azure CVMs for runtime measurements. This vTPM adheres to the [TPM 2.0](https://trustedcomputinggroup.org/resource/tpm-library-specification/) specification. @@ -152,8 +152,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://cloud.google.com/compute/confidential-vm/docs/about-cvm) feature of CVMs on GCP for runtime measurements. Note that this vTPM doesn't run inside the hardware-protected CVM context, but is emulated by the hypervisor. @@ -185,8 +185,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) (NitroTPM) feature of the [AWS Nitro System](http://aws.amazon.com/ec2/nitro/) on AWS for runtime measurements. @@ -217,16 +217,16 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + ### CVM verification To verify the integrity of the received attestation statement, a chain of trust from the CVM technology to the interface providing the statement has to be established. For verification of the CVM technology, Constellation may expose additional options in its config file. - - + + On Azure, AMD SEV-SNP is used to provide runtime encryption to the VMs. An SEV-SNP attestation report is used to establish trust in the vTPM running inside the VM. @@ -248,13 +248,13 @@ You may customize certain parameters for verification of the attestation stateme More explicitly, it controls the verification of the `IDKeyDigest` value in the SEV-SNP attestation report. You can provide a list of accepted key digests and specify a policy on how this list is compared against the reported `IDKeyDigest`. - - + + There is no additional configuration available for GCP. - - + + On AWS, AMD SEV-SNP is used to provide runtime encryption to the VMs. An SEV-SNP attestation report is used to establish trust in the VM and it's vTPM. @@ -275,8 +275,8 @@ You may customize certain parameters for verification of the attestation stateme This is the intermediate certificate for verifying the SEV-SNP report's signature. If it's not specified, the CLI fetches it from the AMD key distribution server. - - + + ## Cluster attestation diff --git a/docs/versioned_docs/version-2.14/getting-started/first-steps-local.md b/docs/versioned_docs/version-2.14/getting-started/first-steps-local.md index 052d29eae..98f0302de 100644 --- a/docs/versioned_docs/version-2.14/getting-started/first-steps-local.md +++ b/docs/versioned_docs/version-2.14/getting-started/first-steps-local.md @@ -45,8 +45,8 @@ sudo iptables -P FORWARD ACCEPT ## Create a cluster - - + + With the `constellation mini` command, you can deploy and test Constellation locally. This mode is called MiniConstellation. Conceptually, MiniConstellation is similar to [MicroK8s](https://microk8s.io/), [K3s](https://k3s.io/), and [minikube](https://minikube.sigs.k8s.io/docs/). @@ -74,8 +74,8 @@ constellation mini up This will configure your current directory as the [workspace](../architecture/orchestration.md#workspaces) for this cluster. All `constellation` commands concerning this cluster need to be issued from this directory. - - + + With the QEMU provider, you can create a local Constellation cluster as if it were in the cloud. The provider uses [QEMU](https://www.qemu.org/) to create multiple VMs for the cluster nodes, which interact with each other. @@ -145,8 +145,8 @@ attaching persistent storage, or autoscaling aren't available. export KUBECONFIG="$PWD/constellation-admin.conf" ``` - - + + ## Connect to the cluster @@ -199,8 +199,8 @@ worker-0 Ready 32s v1.24.6 ## Terminate your cluster - - + + Once you are done, you can clean up the created resources using the following command: @@ -211,8 +211,8 @@ constellation mini down This will destroy your cluster and clean up your workspace. The VM image and cluster configuration file (`constellation-conf.yaml`) will be kept and may be reused to create new clusters. - - + + Once you are done, you can clean up the created resources using the following command: @@ -240,8 +240,8 @@ Your Constellation cluster was terminated successfully. This will destroy your cluster and clean up your workspace. The VM image and cluster configuration file (`constellation-conf.yaml`) will be kept and may be reused to create new clusters. - - + + ## Troubleshooting diff --git a/docs/versioned_docs/version-2.14/getting-started/first-steps.md b/docs/versioned_docs/version-2.14/getting-started/first-steps.md index c58d4a0ae..a1f6cba25 100644 --- a/docs/versioned_docs/version-2.14/getting-started/first-steps.md +++ b/docs/versioned_docs/version-2.14/getting-started/first-steps.md @@ -15,39 +15,39 @@ If you encounter any problem with the following steps, make sure to use the [lat 1. Create the [configuration file](../workflows/config.md) and state file for your cloud provider. - + - + ```bash constellation config generate azure ``` - + - + ```bash constellation config generate gcp ``` - + - + ```bash constellation config generate aws ``` - + - + 2. Create your [IAM configuration](../workflows/config.md#creating-an-iam-configuration). - + - + ```bash constellation iam create azure --region=westus --resourceGroup=constellTest --servicePrincipal=spTest --update-config @@ -62,9 +62,9 @@ If you encounter any problem with the following steps, make sure to use the [lat * `westeurope` * `southeastasia` - + - + ```bash constellation iam create gcp --projectID=yourproject-12345 --zone=europe-west2-a --serviceAccountID=constell-test --update-config @@ -74,9 +74,9 @@ If you encounter any problem with the following steps, make sure to use the [lat Note that only regions offering CVMs of the `C2D` or `N2D` series are supported. You can find a [list of all regions in Google's documentation](https://cloud.google.com/compute/docs/regions-zones#available), which you can filter by machine type `C2D` or `N2D`. - + - + ```bash constellation iam create aws --zone=us-east-2a --prefix=constellTest --update-config @@ -103,8 +103,8 @@ If you encounter any problem with the following steps, make sure to use the [lat You can find a list of all [regions in AWS's documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions). - - + + :::tip To learn about all options you have for managing IAM resources and Constellation configuration, see the [Configuration workflow](../workflows/config.md). diff --git a/docs/versioned_docs/version-2.14/getting-started/install.md b/docs/versioned_docs/version-2.14/getting-started/install.md index e74a45741..08e2315ef 100644 --- a/docs/versioned_docs/version-2.14/getting-started/install.md +++ b/docs/versioned_docs/version-2.14/getting-started/install.md @@ -22,8 +22,8 @@ If you prefer to use Terraform, you can alternatively use the [Terraform provide The CLI executable is available at [GitHub](https://github.com/edgelesssys/constellation/releases). Install it with the following commands: - - + + 1. Download the CLI: @@ -39,8 +39,8 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-amd64 /usr/local/bin/constellation ``` - - + + 1. Download the CLI: @@ -56,9 +56,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-arm64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -74,9 +74,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-arm64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -92,8 +92,8 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-amd64 /usr/local/bin/constellation ``` - - + + :::tip The CLI supports autocompletion for various shells. To set it up, run `constellation completion` and follow the given steps. @@ -109,8 +109,8 @@ If you don't have a cloud subscription, you can also set up a [local Constellati ### Required permissions - - + + The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription: @@ -152,8 +152,8 @@ Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/az 1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration. - - + + Create a new project for Constellation or use an existing one. Enable the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com) on it. @@ -238,8 +238,8 @@ Together, the built-in roles `roles/editor`, `roles/compute.instanceAdmin` and ` Follow Google's guide on [understanding](https://cloud.google.com/iam/docs/understanding-roles) and [assigning roles](https://cloud.google.com/iam/docs/granting-changing-revoking-access). - - + + To set up a Constellation cluster, you need to perform two tasks that require permissions: create the infrastructure and create roles for cluster nodes. Both of these actions can be performed by different users, e.g., an administrator to create roles and a DevOps engineer to create the infrastructure. @@ -289,8 +289,8 @@ The built-in `PowerUserAccess` policy is a superset of these permissions. Follow Amazon's guide on [understanding](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) and [managing policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html). - - + + ### Authentication @@ -300,8 +300,8 @@ You need to authenticate with your CSP. The following lists the required steps f The steps for a *testing* environment are simpler. However, they may expose secrets to the CSP. If in doubt, follow the *production* steps. ::: - - + + **Testing** @@ -317,8 +317,8 @@ az login Other options are described in Azure's [authentication guide](https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli). - - + + **Testing** @@ -341,8 +341,8 @@ Use one of the following options on a trusted machine: Follow [Google's guide](https://cloud.google.com/docs/authentication/production#manually) for setting up your credentials. - - + + **Testing** @@ -358,9 +358,9 @@ aws configure Options and first steps are described in the [AWS CLI documentation](https://docs.aws.amazon.com/cli/index.html). - + - + ## Next steps diff --git a/docs/versioned_docs/version-2.14/workflows/config.md b/docs/versioned_docs/version-2.14/workflows/config.md index 17be3792a..81d2b49fd 100644 --- a/docs/versioned_docs/version-2.14/workflows/config.md +++ b/docs/versioned_docs/version-2.14/workflows/config.md @@ -14,49 +14,49 @@ Before you can create your cluster, you need to configure the identity and acces You can generate a configuration file for your CSP by using the following CLI command: - - + + ```bash constellation config generate azure ``` - - + + ```bash constellation config generate gcp ``` - - + + ```bash constellation config generate aws ``` - - + + This creates the file `constellation-conf.yaml` in the current directory. ## Choosing a VM type Constellation supports the following VM types: - - + + By default, Constellation uses `Standard_DC4as_v5` CVMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. For CVMs, any VM type with a minimum of 4 vCPUs from the [DCasv5 & DCadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/dcasv5-dcadsv5-series) or [ECasv5 & ECadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/ecasv5-ecadsv5-series) families is supported. You can also run `constellation config instance-types` to get the list of all supported options. - - + + By default, Constellation uses `n2d-standard-4` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. Supported are all machines with a minimum of 4 vCPUs from the [C2D](https://cloud.google.com/compute/docs/compute-optimized-machines#c2d_machine_types) or [N2D](https://cloud.google.com/compute/docs/general-purpose-machines#n2d_machines) family. You can run `constellation config instance-types` to get the list of all supported options. - - + + By default, Constellation uses `m6a.xlarge` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. @@ -67,8 +67,8 @@ If you are using the attestation variant `awsNitroTPM`, you can choose any of th The Constellation CLI can also print the supported instance types with: `constellation config instance-types`. - - + + Fill the desired VM type into the **instanceType** fields in the `constellation-conf.yml` file. @@ -125,8 +125,8 @@ See also Constellation's [Kubernetes support policy](../architecture/versions.md You can create an IAM configuration for your cluster automatically using the `constellation iam create` command. If you already have a Constellation configuration file, you can add the `--update-config` flag to the command. This writes the needed IAM fields into your configuration. Furthermore, the flag updates the zone/region of the configuration if it hasn't been set yet. - - + + You must be authenticated with the [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -146,8 +146,8 @@ Note that CVMs are currently only supported in a few regions, check [Azure's pro Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + + You must be authenticated with the [GCP CLI](https://cloud.google.com/sdk/gcloud) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -161,8 +161,8 @@ Note that only regions offering CVMs of the `C2D` or `N2D` series are supported. Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + + You must be authenticated with the [AWS CLI](https://aws.amazon.com/en/cli/) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -186,16 +186,16 @@ You can find a list of all [regions in AWS's documentation](https://docs.aws.ama Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + +
    Alternatively, you can manually create the IAM configuration on your CSP. The following describes the configuration fields and how you obtain the required information or create the required resources. - - + + * **subscription**: The UUID of your Azure subscription, e.g., `8b8bd01f-efd9-4113-9bd1-c82137c32da7`. @@ -224,9 +224,9 @@ The following describes the configuration fields and how you obtain the required The user-assigned identity is used by instances of the cluster to access other cloud resources. For more information about managed identities refer to [Azure's documentation](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities). - + - + * **project**: The ID of your GCP project, e.g., `constellation-129857`. @@ -250,9 +250,9 @@ The following describes the configuration fields and how you obtain the required Afterward, create and download a new JSON key for this service account. Place the downloaded file in your Constellation workspace, and set the config parameter to the filename, e.g., `constellation-129857-15343dba46cb.json`. - + - + * **region**: The name of your chosen AWS data center region, e.g., `us-east-2`. @@ -283,9 +283,9 @@ The following describes the configuration fields and how you obtain the required Alternatively, you can create the AWS profile with a tool of your choice. Use the JSON policy in [main.tf](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam/main.tf) in the resource `aws_iam_policy.worker_node_policy`. - + - +
    Now that you've configured your CSP, you can [create your cluster](./create.md). diff --git a/docs/versioned_docs/version-2.14/workflows/create.md b/docs/versioned_docs/version-2.14/workflows/create.md index 388cbedf8..6074ebb16 100644 --- a/docs/versioned_docs/version-2.14/workflows/create.md +++ b/docs/versioned_docs/version-2.14/workflows/create.md @@ -27,8 +27,8 @@ If you don't have a cloud subscription, you can also set up a [local Constellati Before you create the cluster, make sure to have a [valid configuration file](./config.md). - - + + ```bash constellation apply @@ -36,8 +36,8 @@ constellation apply `apply` stores the state of your cluster's cloud resources in a [`constellation-terraform`](../architecture/orchestration.md#cluster-creation-process) directory in your workspace. - - + + Self-managed infrastructure allows for more flexibility in the setup, by separating the infrastructure setup from the Constellation cluster management. This provides flexibility in DevOps and can meet potential regulatory requirements. @@ -77,8 +77,8 @@ With the required cloud resources set up, continue with initializing your cluste constellation apply --skip-phases=infrastructure ``` - - + + Finally, configure `kubectl` for your cluster: diff --git a/docs/versioned_docs/version-2.14/workflows/recovery.md b/docs/versioned_docs/version-2.14/workflows/recovery.md index 955981749..f2d5f22c1 100644 --- a/docs/versioned_docs/version-2.14/workflows/recovery.md +++ b/docs/versioned_docs/version-2.14/workflows/recovery.md @@ -16,8 +16,8 @@ You can check the health status of the nodes via the cloud service provider (CSP Constellation provides logging information on the boot process and status via [cloud logging](troubleshooting.md#cloud-logging). In the following, you'll find detailed descriptions for identifying clusters stuck in recovery for each CSP. - - + + In the Azure portal, find the cluster's resource group. Inside the resource group, open the control plane *Virtual machine scale set* `constellation-scale-set-controlplanes-`. @@ -51,8 +51,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + First, check that the control plane *Instance Group* has enough members in a *Ready* state. In the GCP Console, go to **Instance Groups** and check the group for the cluster's control plane `-control-plane-`. @@ -87,8 +87,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + First, open the AWS console to view all Auto Scaling Groups (ASGs) in the region of your cluster. Select the ASG of the control plane `--control-plane` and check that enough members are in a *Running* state. @@ -118,8 +118,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + ## Recover a cluster diff --git a/docs/versioned_docs/version-2.14/workflows/scale.md b/docs/versioned_docs/version-2.14/workflows/scale.md index 06898ad0c..63b727c7d 100644 --- a/docs/versioned_docs/version-2.14/workflows/scale.md +++ b/docs/versioned_docs/version-2.14/workflows/scale.md @@ -51,30 +51,30 @@ kubectl -n kube-system get nodes Alternatively, you can manually scale your cluster up or down: - - + + 1. Find your Constellation resource group. 2. Select the `scale-set-workers`. 3. Go to **settings** and **scaling**. 4. Set the new **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **worker** instance group. 3. Set the new **number of instances** and **save**. - - + + 1. Go to Auto Scaling Groups and select the worker ASG to scale up. 2. Click **Edit** 3. Set the new (increased) **Desired capacity** and **Update**. - - + + ## Control-plane node scaling @@ -82,30 +82,30 @@ Control-plane nodes can **only be scaled manually and only scaled up**! To increase the number of control-plane nodes, follow these steps: - + - + 1. Find your Constellation resource group. 2. Select the `scale-set-controlplanes`. 3. Go to **settings** and **scaling**. 4. Set the new (increased) **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **control-plane** instance group. 3. Set the new (increased) **number of instances** and **save**. - - + + 1. Go to Auto Scaling Groups and select the control-plane ASG to scale up. 2. Click **Edit** 3. Set the new (increased) **Desired capacity** and **Update**. - - + + If you scale down the number of control-planes nodes, the removed nodes won't be able to exit the `etcd` cluster correctly. This will endanger the quorum that's required to run a stable Kubernetes control plane. diff --git a/docs/versioned_docs/version-2.14/workflows/storage.md b/docs/versioned_docs/version-2.14/workflows/storage.md index 9e3d96346..06fbc4de6 100644 --- a/docs/versioned_docs/version-2.14/workflows/storage.md +++ b/docs/versioned_docs/version-2.14/workflows/storage.md @@ -21,30 +21,30 @@ For more details see [encrypted persistent storage](../architecture/encrypted-st Constellation supports the following drivers, which offer node-level encryption and optional integrity protection. - - + + **Constellation CSI driver for Azure Disk**: Mount Azure [Disk Storage](https://azure.microsoft.com/en-us/services/storage/disks/#overview) into your Constellation cluster. See the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-azuredisk-csi-driver) for more information. Since Azure Disks are mounted as `ReadWriteOnce`, they're only available to a single pod. - - + + **Constellation CSI driver for GCP Persistent Disk**: Mount [Persistent Disk](https://cloud.google.com/persistent-disk) block storage into your Constellation cluster. Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-gcp-compute-persistent-disk-csi-driver) for more information. - - + + **Constellation CSI driver for AWS Elastic Block Store** Mount [Elastic Block Store](https://aws.amazon.com/ebs/) storage volumes into your Constellation cluster. Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-aws-ebs-csi-driver) for more information. - - + + Note that in case the options above aren't a suitable solution for you, Constellation is compatible with all other CSI-based storage options. For example, you can use [AWS EFS](https://docs.aws.amazon.com/en_en/eks/latest/userguide/efs-csi.html), [Azure Files](https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction), or [GCP Filestore](https://cloud.google.com/filestore) with Constellation out of the box. Constellation is just not providing transparent encryption on the node level for these storage types yet. @@ -53,8 +53,8 @@ Note that in case the options above aren't a suitable solution for you, Constell The Constellation CLI automatically installs Constellation's CSI driver for the selected CSP in your cluster. If you don't need a CSI driver or wish to deploy your own, you can disable the automatic installation by setting `deployCSIDriver` to `false` in your Constellation config file. - - + + Azure comes with two storage classes by default. @@ -82,8 +82,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + GCP comes with two storage classes by default. @@ -111,8 +111,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + AWS comes with two storage classes by default. @@ -140,8 +140,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + 1. Create a [persistent volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) diff --git a/docs/versioned_docs/version-2.14/workflows/terminate.md b/docs/versioned_docs/version-2.14/workflows/terminate.md index 11bbbb2ac..2c45bebe3 100644 --- a/docs/versioned_docs/version-2.14/workflows/terminate.md +++ b/docs/versioned_docs/version-2.14/workflows/terminate.md @@ -16,8 +16,8 @@ All ephemeral storage and state of your cluster will be lost. Make sure any data ::: - - + + Terminate the cluster by running: ```bash @@ -40,8 +40,8 @@ resources manually. Just run the `terminate` command again afterward to continue ::: - - + + Terminate the cluster by running: ```bash @@ -56,5 +56,5 @@ rm constellation-state.yaml constellation-admin.conf Only the `constellation-mastersecret.json` and the configuration file remain. - - + + diff --git a/docs/versioned_docs/version-2.14/workflows/terraform-provider.md b/docs/versioned_docs/version-2.14/workflows/terraform-provider.md index 7de44a530..e831ccc9e 100644 --- a/docs/versioned_docs/version-2.14/workflows/terraform-provider.md +++ b/docs/versioned_docs/version-2.14/workflows/terraform-provider.md @@ -21,9 +21,9 @@ This example shows how to set up a Constellation cluster with the reference IAM 2. Use one of the [example configurations for using the Constellation Terraform provider](https://github.com/edgelesssys/constellation/tree/main/terraform-provider-constellation/examples/full) or create a `main.tf` file and fill it with the resources you want to create. The [Constellation Terraform provider documentation](https://registry.terraform.io/providers/edgelesssys/constellation/latest) offers thorough documentation on the resources and their attributes. 3. Initialize and apply the Terraform configuration. - + - + When creating a cluster on Azure, you need to manually patch the policy of the MAA provider before creating the Constellation cluster, as this feature isn't available in Azure's Terraform provider yet. The Constellation CLI provides a utility for patching, but you can also do it manually. @@ -57,8 +57,8 @@ This example shows how to set up a Constellation cluster with the reference IAM }; ``` - - + + Initialize the providers and apply the configuration. ```bash @@ -67,8 +67,8 @@ This example shows how to set up a Constellation cluster with the reference IAM ``` Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios. - - + + Initialize the providers and apply the configuration. ```bash @@ -77,8 +77,8 @@ This example shows how to set up a Constellation cluster with the reference IAM ``` Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios. - - + + 4. Connect to the cluster. ```bash diff --git a/docs/versioned_docs/version-2.14/workflows/troubleshooting.md b/docs/versioned_docs/version-2.14/workflows/troubleshooting.md index 633053e0b..64d7d3355 100644 --- a/docs/versioned_docs/version-2.14/workflows/troubleshooting.md +++ b/docs/versioned_docs/version-2.14/workflows/troubleshooting.md @@ -101,8 +101,8 @@ To provide information during early stages of a node's boot process, Constellati You can view this information in the following places: - - + + 1. In your Azure subscription find the Constellation resource group. 2. Inside the resource group find the Application Insights resource called `constellation-insights-*`. @@ -112,8 +112,8 @@ You can view this information in the following places: To **find the disk UUIDs** use the following query: `traces | where message contains "Disk UUID"` - - + + 1. Select the project that hosts Constellation. 2. Go to the `Compute Engine` service. @@ -128,16 +128,16 @@ Constellation uses the default bucket to store logs. Its [default retention peri ::: - - + + 1. Open [AWS CloudWatch](https://console.aws.amazon.com/cloudwatch/home) 2. Select [Log Groups](https://console.aws.amazon.com/cloudwatch/home#logsV2:log-groups) 3. Select the log group that matches the name of your cluster. 4. Select the log stream for control or worker type nodes. - - + + ### Node shell access diff --git a/docs/versioned_docs/version-2.15/architecture/attestation.md b/docs/versioned_docs/version-2.15/architecture/attestation.md index 3e184fa03..286b2466d 100644 --- a/docs/versioned_docs/version-2.15/architecture/attestation.md +++ b/docs/versioned_docs/version-2.15/architecture/attestation.md @@ -121,8 +121,8 @@ Constellation allows to specify in the config which measurements should be enfor Enforcing non-reproducible measurements controlled by the cloud provider means that changes in these values require manual updates to the cluster's config. By default, Constellation only enforces measurements that are stable values produced by the infrastructure or by Constellation directly. - - + + Constellation uses the [vTPM](https://docs.microsoft.com/en-us/azure/virtual-machines/trusted-launch#vtpm) feature of Azure CVMs for runtime measurements. This vTPM adheres to the [TPM 2.0](https://trustedcomputinggroup.org/resource/tpm-library-specification/) specification. @@ -152,8 +152,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://cloud.google.com/compute/confidential-vm/docs/about-cvm) feature of CVMs on GCP for runtime measurements. Note that this vTPM doesn't run inside the hardware-protected CVM context, but is emulated by the hypervisor. @@ -185,8 +185,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) (NitroTPM) feature of the [AWS Nitro System](http://aws.amazon.com/ec2/nitro/) on AWS for runtime measurements. @@ -217,16 +217,16 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + ### CVM verification To verify the integrity of the received attestation statement, a chain of trust from the CVM technology to the interface providing the statement has to be established. For verification of the CVM technology, Constellation may expose additional options in its config file. - - + + On Azure, AMD SEV-SNP is used to provide runtime encryption to the VMs. An SEV-SNP attestation report is used to establish trust in the vTPM running inside the VM. @@ -248,13 +248,13 @@ You may customize certain parameters for verification of the attestation stateme More explicitly, it controls the verification of the `IDKeyDigest` value in the SEV-SNP attestation report. You can provide a list of accepted key digests and specify a policy on how this list is compared against the reported `IDKeyDigest`. - - + + There is no additional configuration available for GCP. - - + + On AWS, AMD SEV-SNP is used to provide runtime encryption to the VMs. An SEV-SNP attestation report is used to establish trust in the VM and it's vTPM. @@ -275,8 +275,8 @@ You may customize certain parameters for verification of the attestation stateme This is the intermediate certificate for verifying the SEV-SNP report's signature. If it's not specified, the CLI fetches it from the AMD key distribution server. - - + + ## Cluster attestation diff --git a/docs/versioned_docs/version-2.15/getting-started/first-steps-local.md b/docs/versioned_docs/version-2.15/getting-started/first-steps-local.md index 052d29eae..98f0302de 100644 --- a/docs/versioned_docs/version-2.15/getting-started/first-steps-local.md +++ b/docs/versioned_docs/version-2.15/getting-started/first-steps-local.md @@ -45,8 +45,8 @@ sudo iptables -P FORWARD ACCEPT ## Create a cluster - - + + With the `constellation mini` command, you can deploy and test Constellation locally. This mode is called MiniConstellation. Conceptually, MiniConstellation is similar to [MicroK8s](https://microk8s.io/), [K3s](https://k3s.io/), and [minikube](https://minikube.sigs.k8s.io/docs/). @@ -74,8 +74,8 @@ constellation mini up This will configure your current directory as the [workspace](../architecture/orchestration.md#workspaces) for this cluster. All `constellation` commands concerning this cluster need to be issued from this directory. - - + + With the QEMU provider, you can create a local Constellation cluster as if it were in the cloud. The provider uses [QEMU](https://www.qemu.org/) to create multiple VMs for the cluster nodes, which interact with each other. @@ -145,8 +145,8 @@ attaching persistent storage, or autoscaling aren't available. export KUBECONFIG="$PWD/constellation-admin.conf" ``` - - + + ## Connect to the cluster @@ -199,8 +199,8 @@ worker-0 Ready 32s v1.24.6 ## Terminate your cluster - - + + Once you are done, you can clean up the created resources using the following command: @@ -211,8 +211,8 @@ constellation mini down This will destroy your cluster and clean up your workspace. The VM image and cluster configuration file (`constellation-conf.yaml`) will be kept and may be reused to create new clusters. - - + + Once you are done, you can clean up the created resources using the following command: @@ -240,8 +240,8 @@ Your Constellation cluster was terminated successfully. This will destroy your cluster and clean up your workspace. The VM image and cluster configuration file (`constellation-conf.yaml`) will be kept and may be reused to create new clusters. - - + + ## Troubleshooting diff --git a/docs/versioned_docs/version-2.15/getting-started/first-steps.md b/docs/versioned_docs/version-2.15/getting-started/first-steps.md index dc867bf77..a6efd758f 100644 --- a/docs/versioned_docs/version-2.15/getting-started/first-steps.md +++ b/docs/versioned_docs/version-2.15/getting-started/first-steps.md @@ -15,39 +15,39 @@ If you encounter any problem with the following steps, make sure to use the [lat 1. Create the [configuration file](../workflows/config.md) and state file for your cloud provider. - + - + ```bash constellation config generate azure ``` - + - + ```bash constellation config generate gcp ``` - + - + ```bash constellation config generate aws ``` - + - + 2. Create your [IAM configuration](../workflows/config.md#creating-an-iam-configuration). - + - + ```bash constellation iam create azure --region=westus --resourceGroup=constellTest --servicePrincipal=spTest --update-config @@ -68,9 +68,9 @@ If you encounter any problem with the following steps, make sure to use the [lat You can find a list of all [regions in Azure's documentation](https://azure.microsoft.com/en-us/global-infrastructure/services/?products=virtual-machines®ions=all). - + - + ```bash constellation iam create gcp --projectID=yourproject-12345 --zone=europe-west2-a --serviceAccountID=constell-test --update-config @@ -80,9 +80,9 @@ If you encounter any problem with the following steps, make sure to use the [lat Note that only regions offering CVMs of the `C2D` or `N2D` series are supported. You can find a [list of all regions in Google's documentation](https://cloud.google.com/compute/docs/regions-zones#available), which you can filter by machine type `C2D` or `N2D`. - + - + ```bash constellation iam create aws --zone=us-east-2a --prefix=constellTest --update-config @@ -109,8 +109,8 @@ If you encounter any problem with the following steps, make sure to use the [lat You can find a list of all [regions in AWS's documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions). - - + + :::tip To learn about all options you have for managing IAM resources and Constellation configuration, see the [Configuration workflow](../workflows/config.md). diff --git a/docs/versioned_docs/version-2.15/getting-started/install.md b/docs/versioned_docs/version-2.15/getting-started/install.md index e74a45741..08e2315ef 100644 --- a/docs/versioned_docs/version-2.15/getting-started/install.md +++ b/docs/versioned_docs/version-2.15/getting-started/install.md @@ -22,8 +22,8 @@ If you prefer to use Terraform, you can alternatively use the [Terraform provide The CLI executable is available at [GitHub](https://github.com/edgelesssys/constellation/releases). Install it with the following commands: - - + + 1. Download the CLI: @@ -39,8 +39,8 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-amd64 /usr/local/bin/constellation ``` - - + + 1. Download the CLI: @@ -56,9 +56,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-arm64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -74,9 +74,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-arm64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -92,8 +92,8 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-amd64 /usr/local/bin/constellation ``` - - + + :::tip The CLI supports autocompletion for various shells. To set it up, run `constellation completion` and follow the given steps. @@ -109,8 +109,8 @@ If you don't have a cloud subscription, you can also set up a [local Constellati ### Required permissions - - + + The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription: @@ -152,8 +152,8 @@ Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/az 1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration. - - + + Create a new project for Constellation or use an existing one. Enable the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com) on it. @@ -238,8 +238,8 @@ Together, the built-in roles `roles/editor`, `roles/compute.instanceAdmin` and ` Follow Google's guide on [understanding](https://cloud.google.com/iam/docs/understanding-roles) and [assigning roles](https://cloud.google.com/iam/docs/granting-changing-revoking-access). - - + + To set up a Constellation cluster, you need to perform two tasks that require permissions: create the infrastructure and create roles for cluster nodes. Both of these actions can be performed by different users, e.g., an administrator to create roles and a DevOps engineer to create the infrastructure. @@ -289,8 +289,8 @@ The built-in `PowerUserAccess` policy is a superset of these permissions. Follow Amazon's guide on [understanding](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) and [managing policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html). - - + + ### Authentication @@ -300,8 +300,8 @@ You need to authenticate with your CSP. The following lists the required steps f The steps for a *testing* environment are simpler. However, they may expose secrets to the CSP. If in doubt, follow the *production* steps. ::: - - + + **Testing** @@ -317,8 +317,8 @@ az login Other options are described in Azure's [authentication guide](https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli). - - + + **Testing** @@ -341,8 +341,8 @@ Use one of the following options on a trusted machine: Follow [Google's guide](https://cloud.google.com/docs/authentication/production#manually) for setting up your credentials. - - + + **Testing** @@ -358,9 +358,9 @@ aws configure Options and first steps are described in the [AWS CLI documentation](https://docs.aws.amazon.com/cli/index.html). - + - + ## Next steps diff --git a/docs/versioned_docs/version-2.15/workflows/config.md b/docs/versioned_docs/version-2.15/workflows/config.md index dc5dd0e41..92ff9d040 100644 --- a/docs/versioned_docs/version-2.15/workflows/config.md +++ b/docs/versioned_docs/version-2.15/workflows/config.md @@ -14,49 +14,49 @@ Before you can create your cluster, you need to configure the identity and acces You can generate a configuration file for your CSP by using the following CLI command: - - + + ```bash constellation config generate azure ``` - - + + ```bash constellation config generate gcp ``` - - + + ```bash constellation config generate aws ``` - - + + This creates the file `constellation-conf.yaml` in the current directory. ## Choosing a VM type Constellation supports the following VM types: - - + + By default, Constellation uses `Standard_DC4as_v5` CVMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying `instanceType` in the configuration file. For CVMs, any VM type with a minimum of 4 vCPUs from the [DCasv5 & DCadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/dcasv5-dcadsv5-series) or [ECasv5 & ECadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/ecasv5-ecadsv5-series) families is supported. You can also run `constellation config instance-types` to get the list of all supported options. - - + + By default, Constellation uses `n2d-standard-4` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying `instanceType` in the configuration file. Supported are all machines with a minimum of 4 vCPUs from the [C2D](https://cloud.google.com/compute/docs/compute-optimized-machines#c2d_machine_types) or [N2D](https://cloud.google.com/compute/docs/general-purpose-machines#n2d_machines) family. You can run `constellation config instance-types` to get the list of all supported options. - - + + By default, Constellation uses `m6a.xlarge` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying `instanceType` in the configuration file. @@ -67,8 +67,8 @@ If you are using the attestation variant `awsNitroTPM`, you can choose any of th The Constellation CLI can also print the supported instance types with: `constellation config instance-types`. - - + + Fill the desired VM type into the `instanceType` fields in the `constellation-conf.yml` file. @@ -125,8 +125,8 @@ See also Constellation's [Kubernetes support policy](../architecture/versions.md You can create an IAM configuration for your cluster automatically using the `constellation iam create` command. If you already have a Constellation configuration file, you can add the `--update-config` flag to the command. This writes the needed IAM fields into your configuration. Furthermore, the flag updates the zone/region of the configuration if it hasn't been set yet. - - + + You must be authenticated with the [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -151,8 +151,8 @@ You can find a list of all [regions in Azure's documentation](https://azure.micr Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + + You must be authenticated with the [GCP CLI](https://cloud.google.com/sdk/gcloud) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -166,8 +166,8 @@ Note that only regions offering CVMs of the `C2D` or `N2D` series are supported. Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + + You must be authenticated with the [AWS CLI](https://aws.amazon.com/en/cli/) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -191,16 +191,16 @@ You can find a list of all [regions in AWS's documentation](https://docs.aws.ama Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + +
    Alternatively, you can manually create the IAM configuration on your CSP. The following describes the configuration fields and how you obtain the required information or create the required resources. - - + + * **subscription**: The UUID of your Azure subscription, e.g., `8b8bd01f-efd9-4113-9bd1-c82137c32da7`. @@ -236,9 +236,9 @@ The following describes the configuration fields and how you obtain the required The user-assigned identity is used by instances of the cluster to access other cloud resources. For more information about managed identities refer to [Azure's documentation](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities). - + - + * **project**: The ID of your GCP project, e.g., `constellation-129857`. @@ -262,9 +262,9 @@ The following describes the configuration fields and how you obtain the required Afterward, create and download a new JSON key for this service account. Place the downloaded file in your Constellation workspace, and set the config parameter to the filename, e.g., `constellation-129857-15343dba46cb.json`. - + - + * **region**: The name of your chosen AWS data center region, e.g., `us-east-2`. @@ -295,9 +295,9 @@ The following describes the configuration fields and how you obtain the required Alternatively, you can create the AWS profile with a tool of your choice. Use the JSON policy in [main.tf](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam/main.tf) in the resource `aws_iam_policy.worker_node_policy`. - + - +
    Now that you've configured your CSP, you can [create your cluster](./create.md). diff --git a/docs/versioned_docs/version-2.15/workflows/create.md b/docs/versioned_docs/version-2.15/workflows/create.md index 388cbedf8..6074ebb16 100644 --- a/docs/versioned_docs/version-2.15/workflows/create.md +++ b/docs/versioned_docs/version-2.15/workflows/create.md @@ -27,8 +27,8 @@ If you don't have a cloud subscription, you can also set up a [local Constellati Before you create the cluster, make sure to have a [valid configuration file](./config.md). - - + + ```bash constellation apply @@ -36,8 +36,8 @@ constellation apply `apply` stores the state of your cluster's cloud resources in a [`constellation-terraform`](../architecture/orchestration.md#cluster-creation-process) directory in your workspace. - - + + Self-managed infrastructure allows for more flexibility in the setup, by separating the infrastructure setup from the Constellation cluster management. This provides flexibility in DevOps and can meet potential regulatory requirements. @@ -77,8 +77,8 @@ With the required cloud resources set up, continue with initializing your cluste constellation apply --skip-phases=infrastructure ``` - - + + Finally, configure `kubectl` for your cluster: diff --git a/docs/versioned_docs/version-2.15/workflows/recovery.md b/docs/versioned_docs/version-2.15/workflows/recovery.md index 9396bf8f2..592ab74af 100644 --- a/docs/versioned_docs/version-2.15/workflows/recovery.md +++ b/docs/versioned_docs/version-2.15/workflows/recovery.md @@ -16,8 +16,8 @@ You can check the health status of the nodes via the cloud service provider (CSP Constellation provides logging information on the boot process and status via serial console output. In the following, you'll find detailed descriptions for identifying clusters stuck in recovery for each CSP. - - + + In the Azure portal, find the cluster's resource group. Inside the resource group, open the control plane *Virtual machine scale set* `constellation-scale-set-controlplanes-`. @@ -51,8 +51,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + First, check that the control plane *Instance Group* has enough members in a *Ready* state. In the GCP Console, go to **Instance Groups** and check the group for the cluster's control plane `-control-plane-`. @@ -87,8 +87,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + First, open the AWS console to view all Auto Scaling Groups (ASGs) in the region of your cluster. Select the ASG of the control plane `--control-plane` and check that enough members are in a *Running* state. @@ -118,8 +118,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + ## Recover a cluster diff --git a/docs/versioned_docs/version-2.15/workflows/scale.md b/docs/versioned_docs/version-2.15/workflows/scale.md index 06898ad0c..63b727c7d 100644 --- a/docs/versioned_docs/version-2.15/workflows/scale.md +++ b/docs/versioned_docs/version-2.15/workflows/scale.md @@ -51,30 +51,30 @@ kubectl -n kube-system get nodes Alternatively, you can manually scale your cluster up or down: - - + + 1. Find your Constellation resource group. 2. Select the `scale-set-workers`. 3. Go to **settings** and **scaling**. 4. Set the new **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **worker** instance group. 3. Set the new **number of instances** and **save**. - - + + 1. Go to Auto Scaling Groups and select the worker ASG to scale up. 2. Click **Edit** 3. Set the new (increased) **Desired capacity** and **Update**. - - + + ## Control-plane node scaling @@ -82,30 +82,30 @@ Control-plane nodes can **only be scaled manually and only scaled up**! To increase the number of control-plane nodes, follow these steps: - + - + 1. Find your Constellation resource group. 2. Select the `scale-set-controlplanes`. 3. Go to **settings** and **scaling**. 4. Set the new (increased) **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **control-plane** instance group. 3. Set the new (increased) **number of instances** and **save**. - - + + 1. Go to Auto Scaling Groups and select the control-plane ASG to scale up. 2. Click **Edit** 3. Set the new (increased) **Desired capacity** and **Update**. - - + + If you scale down the number of control-planes nodes, the removed nodes won't be able to exit the `etcd` cluster correctly. This will endanger the quorum that's required to run a stable Kubernetes control plane. diff --git a/docs/versioned_docs/version-2.15/workflows/storage.md b/docs/versioned_docs/version-2.15/workflows/storage.md index 9e3d96346..06fbc4de6 100644 --- a/docs/versioned_docs/version-2.15/workflows/storage.md +++ b/docs/versioned_docs/version-2.15/workflows/storage.md @@ -21,30 +21,30 @@ For more details see [encrypted persistent storage](../architecture/encrypted-st Constellation supports the following drivers, which offer node-level encryption and optional integrity protection. - - + + **Constellation CSI driver for Azure Disk**: Mount Azure [Disk Storage](https://azure.microsoft.com/en-us/services/storage/disks/#overview) into your Constellation cluster. See the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-azuredisk-csi-driver) for more information. Since Azure Disks are mounted as `ReadWriteOnce`, they're only available to a single pod. - - + + **Constellation CSI driver for GCP Persistent Disk**: Mount [Persistent Disk](https://cloud.google.com/persistent-disk) block storage into your Constellation cluster. Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-gcp-compute-persistent-disk-csi-driver) for more information. - - + + **Constellation CSI driver for AWS Elastic Block Store** Mount [Elastic Block Store](https://aws.amazon.com/ebs/) storage volumes into your Constellation cluster. Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-aws-ebs-csi-driver) for more information. - - + + Note that in case the options above aren't a suitable solution for you, Constellation is compatible with all other CSI-based storage options. For example, you can use [AWS EFS](https://docs.aws.amazon.com/en_en/eks/latest/userguide/efs-csi.html), [Azure Files](https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction), or [GCP Filestore](https://cloud.google.com/filestore) with Constellation out of the box. Constellation is just not providing transparent encryption on the node level for these storage types yet. @@ -53,8 +53,8 @@ Note that in case the options above aren't a suitable solution for you, Constell The Constellation CLI automatically installs Constellation's CSI driver for the selected CSP in your cluster. If you don't need a CSI driver or wish to deploy your own, you can disable the automatic installation by setting `deployCSIDriver` to `false` in your Constellation config file. - - + + Azure comes with two storage classes by default. @@ -82,8 +82,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + GCP comes with two storage classes by default. @@ -111,8 +111,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + AWS comes with two storage classes by default. @@ -140,8 +140,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + 1. Create a [persistent volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) diff --git a/docs/versioned_docs/version-2.15/workflows/terminate.md b/docs/versioned_docs/version-2.15/workflows/terminate.md index 11bbbb2ac..2c45bebe3 100644 --- a/docs/versioned_docs/version-2.15/workflows/terminate.md +++ b/docs/versioned_docs/version-2.15/workflows/terminate.md @@ -16,8 +16,8 @@ All ephemeral storage and state of your cluster will be lost. Make sure any data ::: - - + + Terminate the cluster by running: ```bash @@ -40,8 +40,8 @@ resources manually. Just run the `terminate` command again afterward to continue ::: - - + + Terminate the cluster by running: ```bash @@ -56,5 +56,5 @@ rm constellation-state.yaml constellation-admin.conf Only the `constellation-mastersecret.json` and the configuration file remain. - - + + diff --git a/docs/versioned_docs/version-2.15/workflows/terraform-provider.md b/docs/versioned_docs/version-2.15/workflows/terraform-provider.md index 7de44a530..e831ccc9e 100644 --- a/docs/versioned_docs/version-2.15/workflows/terraform-provider.md +++ b/docs/versioned_docs/version-2.15/workflows/terraform-provider.md @@ -21,9 +21,9 @@ This example shows how to set up a Constellation cluster with the reference IAM 2. Use one of the [example configurations for using the Constellation Terraform provider](https://github.com/edgelesssys/constellation/tree/main/terraform-provider-constellation/examples/full) or create a `main.tf` file and fill it with the resources you want to create. The [Constellation Terraform provider documentation](https://registry.terraform.io/providers/edgelesssys/constellation/latest) offers thorough documentation on the resources and their attributes. 3. Initialize and apply the Terraform configuration. - + - + When creating a cluster on Azure, you need to manually patch the policy of the MAA provider before creating the Constellation cluster, as this feature isn't available in Azure's Terraform provider yet. The Constellation CLI provides a utility for patching, but you can also do it manually. @@ -57,8 +57,8 @@ This example shows how to set up a Constellation cluster with the reference IAM }; ``` - - + + Initialize the providers and apply the configuration. ```bash @@ -67,8 +67,8 @@ This example shows how to set up a Constellation cluster with the reference IAM ``` Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios. - - + + Initialize the providers and apply the configuration. ```bash @@ -77,8 +77,8 @@ This example shows how to set up a Constellation cluster with the reference IAM ``` Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios. - - + + 4. Connect to the cluster. ```bash diff --git a/docs/versioned_docs/version-2.16/architecture/attestation.md b/docs/versioned_docs/version-2.16/architecture/attestation.md index 7dbfc9392..a07b35e5a 100644 --- a/docs/versioned_docs/version-2.16/architecture/attestation.md +++ b/docs/versioned_docs/version-2.16/architecture/attestation.md @@ -121,8 +121,8 @@ Constellation allows to specify in the config which measurements should be enfor Enforcing non-reproducible measurements controlled by the cloud provider means that changes in these values require manual updates to the cluster's config. By default, Constellation only enforces measurements that are stable values produced by the infrastructure or by Constellation directly. - - + + Constellation uses the [vTPM](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) (NitroTPM) feature of the [AWS Nitro System](http://aws.amazon.com/ec2/nitro/) on AWS for runtime measurements. @@ -153,8 +153,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://docs.microsoft.com/en-us/azure/virtual-machines/trusted-launch#vtpm) feature of Azure CVMs for runtime measurements. This vTPM adheres to the [TPM 2.0](https://trustedcomputinggroup.org/resource/tpm-library-specification/) specification. @@ -184,8 +184,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://cloud.google.com/compute/confidential-vm/docs/about-cvm) feature of CVMs on GCP for runtime measurements. Note that this vTPM doesn't run inside the hardware-protected CVM context, but is emulated by the hypervisor. @@ -217,8 +217,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses a hypervisor-based vTPM for runtime measurements. @@ -249,16 +249,16 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + ### CVM verification To verify the integrity of the received attestation statement, a chain of trust from the CVM technology to the interface providing the statement has to be established. For verification of the CVM technology, Constellation may expose additional options in its config file. - - + + On AWS, AMD SEV-SNP is used to provide runtime encryption to the VMs. An SEV-SNP attestation report is used to establish trust in the VM. @@ -279,8 +279,8 @@ You may customize certain parameters for verification of the attestation stateme This is the intermediate certificate for verifying the SEV-SNP report's signature. If it's not specified, the CLI fetches it from the AMD key distribution server. - - + + On Azure, AMD SEV-SNP is used to provide runtime encryption to the VMs. An SEV-SNP attestation report is used to establish trust in the vTPM running inside the VM. @@ -302,22 +302,22 @@ You may customize certain parameters for verification of the attestation stateme More explicitly, it controls the verification of the `IDKeyDigest` value in the SEV-SNP attestation report. You can provide a list of accepted key digests and specify a policy on how this list is compared against the reported `IDKeyDigest`. - - + + On GCP, AMD SEV-ES is used to provide runtime encryption to the VMs. The hypervisor-based vTPM is used to establish trust in the VM via [runtime measurements](#runtime-measurements). There is no additional configuration available for GCP. - - + + On STACKIT, AMD SEV-ES is used to provide runtime encryption to the VMs. The hypervisor-based vTPM is used to establish trust in the VM via [runtime measurements](#runtime-measurements). There is no additional configuration available for STACKIT. - - + + ## Cluster attestation diff --git a/docs/versioned_docs/version-2.16/getting-started/first-steps-local.md b/docs/versioned_docs/version-2.16/getting-started/first-steps-local.md index 052d29eae..98f0302de 100644 --- a/docs/versioned_docs/version-2.16/getting-started/first-steps-local.md +++ b/docs/versioned_docs/version-2.16/getting-started/first-steps-local.md @@ -45,8 +45,8 @@ sudo iptables -P FORWARD ACCEPT ## Create a cluster - - + + With the `constellation mini` command, you can deploy and test Constellation locally. This mode is called MiniConstellation. Conceptually, MiniConstellation is similar to [MicroK8s](https://microk8s.io/), [K3s](https://k3s.io/), and [minikube](https://minikube.sigs.k8s.io/docs/). @@ -74,8 +74,8 @@ constellation mini up This will configure your current directory as the [workspace](../architecture/orchestration.md#workspaces) for this cluster. All `constellation` commands concerning this cluster need to be issued from this directory. - - + + With the QEMU provider, you can create a local Constellation cluster as if it were in the cloud. The provider uses [QEMU](https://www.qemu.org/) to create multiple VMs for the cluster nodes, which interact with each other. @@ -145,8 +145,8 @@ attaching persistent storage, or autoscaling aren't available. export KUBECONFIG="$PWD/constellation-admin.conf" ``` - - + + ## Connect to the cluster @@ -199,8 +199,8 @@ worker-0 Ready 32s v1.24.6 ## Terminate your cluster - - + + Once you are done, you can clean up the created resources using the following command: @@ -211,8 +211,8 @@ constellation mini down This will destroy your cluster and clean up your workspace. The VM image and cluster configuration file (`constellation-conf.yaml`) will be kept and may be reused to create new clusters. - - + + Once you are done, you can clean up the created resources using the following command: @@ -240,8 +240,8 @@ Your Constellation cluster was terminated successfully. This will destroy your cluster and clean up your workspace. The VM image and cluster configuration file (`constellation-conf.yaml`) will be kept and may be reused to create new clusters. - - + + ## Troubleshooting diff --git a/docs/versioned_docs/version-2.16/getting-started/first-steps.md b/docs/versioned_docs/version-2.16/getting-started/first-steps.md index b29bf5926..d82d93836 100644 --- a/docs/versioned_docs/version-2.16/getting-started/first-steps.md +++ b/docs/versioned_docs/version-2.16/getting-started/first-steps.md @@ -15,41 +15,41 @@ If you encounter any problem with the following steps, make sure to use the [lat 1. Create the [configuration file](../workflows/config.md) and state file for your cloud provider. - - + + ```bash constellation config generate aws ``` - - + + ```bash constellation config generate azure ``` - - + + ```bash constellation config generate gcp ``` - - + + ```bash constellation config generate stackit ``` - - + + 2. Create your [IAM configuration](../workflows/config.md#creating-an-iam-configuration). - - + + ```bash constellation iam create aws --zone=us-east-2a --prefix=constellTest --update-config @@ -76,8 +76,8 @@ If you encounter any problem with the following steps, make sure to use the [lat You can find a list of all [regions in AWS's documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions). - - + + ```bash constellation iam create azure --region=westus --resourceGroup=constellTest --servicePrincipal=spTest --update-config @@ -98,8 +98,8 @@ If you encounter any problem with the following steps, make sure to use the [lat You can find a list of all [regions in Azure's documentation](https://azure.microsoft.com/en-us/global-infrastructure/services/?products=virtual-machines®ions=all). - - + + ```bash constellation iam create gcp --projectID=yourproject-12345 --zone=europe-west2-a --serviceAccountID=constell-test --update-config @@ -109,16 +109,16 @@ If you encounter any problem with the following steps, make sure to use the [lat Note that only regions offering CVMs of the `C2D` or `N2D` series are supported. You can find a [list of all regions in Google's documentation](https://cloud.google.com/compute/docs/regions-zones#available), which you can filter by machine type `C2D` or `N2D`. - - + + To use Constellation on STACKIT, the cluster will use the User Access Token (UAT) that's generated [during the install step](./install.md). After creating the accounts, fill in the STACKIT details in `constellation-conf.yaml` under `provider.openstack`: * `stackitProjectID`: STACKIT project id (can be found after login on the [STACKIT portal](https://portal.stackit.cloud)) - - + + :::tip To learn about all options you have for managing IAM resources and Constellation configuration, see the [Configuration workflow](../workflows/config.md). diff --git a/docs/versioned_docs/version-2.16/getting-started/install.md b/docs/versioned_docs/version-2.16/getting-started/install.md index 4ebd9351a..d52e43476 100644 --- a/docs/versioned_docs/version-2.16/getting-started/install.md +++ b/docs/versioned_docs/version-2.16/getting-started/install.md @@ -22,8 +22,8 @@ If you prefer to use Terraform, you can alternatively use the [Terraform provide The CLI executable is available at [GitHub](https://github.com/edgelesssys/constellation/releases). Install it with the following commands: - - + + 1. Download the CLI: @@ -39,8 +39,8 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-amd64 /usr/local/bin/constellation ``` - - + + 1. Download the CLI: @@ -56,9 +56,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-arm64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -74,9 +74,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-arm64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -92,9 +92,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-amd64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -115,8 +115,8 @@ Invoke-WebRequest -OutFile ./constellation.exe -Uri 'https://github.com/edgeless 5. Click `New` 6. Enter the path to the folder containing the binary you want on your PATH: `C:\Program Files\Constellation\bin` - - + + :::tip The CLI supports autocompletion for various shells. To set it up, run `constellation completion` and follow the given steps. @@ -132,8 +132,8 @@ If you don't have a cloud subscription, you can also set up a [local Constellati ### Required permissions - - + + To set up a Constellation cluster, you need to perform two tasks that require permissions: create the infrastructure and create roles for cluster nodes. Both of these actions can be performed by different users, e.g., an administrator to create roles and a DevOps engineer to create the infrastructure. @@ -183,8 +183,8 @@ The built-in `PowerUserAccess` policy is a superset of these permissions. Follow Amazon's guide on [understanding](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) and [managing policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html). - - + + The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription: @@ -226,8 +226,8 @@ Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/az 1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration. - - + + Create a new project for Constellation or use an existing one. Enable the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com) on it. @@ -312,16 +312,16 @@ Together, the built-in roles `roles/editor`, `roles/compute.instanceAdmin` and ` Follow Google's guide on [understanding](https://cloud.google.com/iam/docs/understanding-roles) and [assigning roles](https://cloud.google.com/iam/docs/granting-changing-revoking-access). - - + + Constellation on STACKIT requires a User Access Token (UAT) for the OpenStack API and a STACKIT service account. The UAT already has all required permissions by default. The STACKIT service account needs the `editor` role to create STACKIT LoadBalancers. Look at the [STACKIT documentation](https://docs.stackit.cloud/stackit/en/getting-started-in-service-accounts-134415831.html) on how to create the service account and assign the role. - - + + ### Authentication @@ -331,8 +331,8 @@ You need to authenticate with your CSP. The following lists the required steps f The steps for a *testing* environment are simpler. However, they may expose secrets to the CSP. If in doubt, follow the *production* steps. ::: - - + + **Testing** @@ -348,8 +348,8 @@ aws configure Options and first steps are described in the [AWS CLI documentation](https://docs.aws.amazon.com/cli/index.html). - - + + **Testing** @@ -365,8 +365,8 @@ az login Other options are described in Azure's [authentication guide](https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli). - - + + **Testing** @@ -389,8 +389,8 @@ Use one of the following options on a trusted machine: Follow [Google's guide](https://cloud.google.com/docs/authentication/production#manually) for setting up your credentials. - - + + You need to authenticate with the infrastructure API (OpenStack) and create a service account (STACKIT API). @@ -420,9 +420,9 @@ You need to authenticate with the infrastructure API (OpenStack) and create a se {"STACKIT_SERVICE_ACCOUNT_TOKEN":"REPLACE_WITH_TOKEN"} ``` - + - + ## Next steps diff --git a/docs/versioned_docs/version-2.16/getting-started/marketplaces.md b/docs/versioned_docs/version-2.16/getting-started/marketplaces.md index b16d796d2..a6763a42a 100644 --- a/docs/versioned_docs/version-2.16/getting-started/marketplaces.md +++ b/docs/versioned_docs/version-2.16/getting-started/marketplaces.md @@ -4,8 +4,8 @@ Constellation is available through the Marketplaces of AWS, Azure, GCP, and STAC This document explains how to run Constellation with the dynamically billed cloud marketplace images. - - + + To use Constellation's marketplace images, ensure that you are subscribed to the [marketplace offering](https://aws.amazon.com/marketplace/pp/prodview-2mbn65nv57oys) through the web portal. @@ -15,8 +15,8 @@ Then, enable the use of marketplace images in your Constellation `constellation- yq eval -i ".provider.aws.useMarketplaceImage = true" constellation-conf.yaml ``` - - + + Constellation has a private marketplace plan. Please [contact us](https://www.edgeless.systems/enterprise-support/) to gain access. @@ -32,8 +32,8 @@ Then, enable the use of marketplace images in your Constellation `constellation- yq eval -i ".provider.azure.useMarketplaceImage = true" constellation-conf.yaml ``` - - + + To use a marketplace image, ensure that the account is entitled to use marketplace images by Edgeless Systems by accepting the terms through the [web portal](https://console.cloud.google.com/marketplace/vm/config/edgeless-systems-public/constellation). @@ -43,13 +43,13 @@ Then, enable the use of marketplace images in your Constellation `constellation- yq eval -i ".provider.gcp.useMarketplaceImage = true" constellation-conf.yaml ``` - - + + On STACKIT, the selected Constellation image is always a marketplace image. You can find more information on the STACKIT portal. - - + + Ensure that the cluster uses an official release image version (i.e., `.image=vX.Y.Z` in the `constellation-conf.yaml` file). diff --git a/docs/versioned_docs/version-2.16/workflows/config.md b/docs/versioned_docs/version-2.16/workflows/config.md index 9da4305de..120bf8ed7 100644 --- a/docs/versioned_docs/version-2.16/workflows/config.md +++ b/docs/versioned_docs/version-2.16/workflows/config.md @@ -14,44 +14,44 @@ Before you can create your cluster, you need to configure the identity and acces You can generate a configuration file for your CSP by using the following CLI command: - - + + ```bash constellation config generate aws ``` - - + + ```bash constellation config generate azure ``` - - + + ```bash constellation config generate gcp ``` - - + + ```bash constellation config generate stackit ``` - - + + This creates the file `constellation-conf.yaml` in the current directory. ## Choosing a VM type Constellation supports the following VM types: - - + + By default, Constellation uses `m6a.xlarge` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying `instanceType` in the configuration file. @@ -62,20 +62,20 @@ If you are using the attestation variant `awsNitroTPM`, you can choose any of th The Constellation CLI can also print the supported instance types with: `constellation config instance-types`. - - + + By default, Constellation uses `Standard_DC4as_v5` CVMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying `instanceType` in the configuration file. For CVMs, any VM type with a minimum of 4 vCPUs from the [DCasv5 & DCadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/dcasv5-dcadsv5-series) or [ECasv5 & ECadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/ecasv5-ecadsv5-series) families is supported. You can also run `constellation config instance-types` to get the list of all supported options. - - + + By default, Constellation uses `n2d-standard-4` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying `instanceType` in the configuration file. Supported are all machines with a minimum of 4 vCPUs from the [C2D](https://cloud.google.com/compute/docs/compute-optimized-machines#c2d_machine_types) or [N2D](https://cloud.google.com/compute/docs/general-purpose-machines#n2d_machines) family. You can run `constellation config instance-types` to get the list of all supported options. - - + + By default, Constellation uses `m1a.4cd` VMs (4 vCPUs, 30 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying `instanceType` in the configuration file. @@ -93,8 +93,8 @@ You can choose any of the SEV-enabled instance types. You can find a list of all The Constellation CLI can also print the supported instance types with: `constellation config instance-types`. - - + + Fill the desired VM type into the `instanceType` fields in the `constellation-conf.yml` file. @@ -153,8 +153,8 @@ See also Constellation's [Kubernetes support policy](../architecture/versions.md You can create an IAM configuration for your cluster automatically using the `constellation iam create` command. If you already have a Constellation configuration file, you can add the `--update-config` flag to the command. This writes the needed IAM fields into your configuration. Furthermore, the flag updates the zone/region of the configuration if it hasn't been set yet. - - + + You must be authenticated with the [AWS CLI](https://aws.amazon.com/en/cli/) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -178,8 +178,8 @@ You can find a list of all [regions in AWS's documentation](https://docs.aws.ama Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + + You must be authenticated with the [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -204,8 +204,8 @@ You can find a list of all [regions in Azure's documentation](https://azure.micr Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + + You must be authenticated with the [GCP CLI](https://cloud.google.com/sdk/gcloud) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -219,21 +219,21 @@ Note that only regions offering CVMs of the `C2D` or `N2D` series are supported. Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + + STACKIT requires manual creation and configuration of service accounts. Look at the [first steps](../getting-started/first-steps.md) for more information. - - + +
    Alternatively, you can manually create the IAM configuration on your CSP. The following describes the configuration fields and how you obtain the required information or create the required resources. - - + + * **region**: The name of your chosen AWS data center region, e.g., `us-east-2`. @@ -264,8 +264,8 @@ The following describes the configuration fields and how you obtain the required Alternatively, you can create the AWS profile with a tool of your choice. Use the JSON policy in [main.tf](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam/main.tf) in the resource `aws_iam_policy.worker_node_policy`. - - + + * **subscription**: The UUID of your Azure subscription, e.g., `8b8bd01f-efd9-4113-9bd1-c82137c32da7`. @@ -301,8 +301,8 @@ The following describes the configuration fields and how you obtain the required The user-assigned identity is used by instances of the cluster to access other cloud resources. For more information about managed identities refer to [Azure's documentation](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities). - - + + * **project**: The ID of your GCP project, e.g., `constellation-129857`. @@ -326,13 +326,13 @@ The following describes the configuration fields and how you obtain the required Afterward, create and download a new JSON key for this service account. Place the downloaded file in your Constellation workspace, and set the config parameter to the filename, e.g., `constellation-129857-15343dba46cb.json`. - - + + STACKIT requires manual creation and configuration of service accounts. Look at the [first steps](../getting-started/first-steps.md) for more information. - - + +
    Now that you've configured your CSP, you can [create your cluster](./create.md). diff --git a/docs/versioned_docs/version-2.16/workflows/create.md b/docs/versioned_docs/version-2.16/workflows/create.md index 388cbedf8..6074ebb16 100644 --- a/docs/versioned_docs/version-2.16/workflows/create.md +++ b/docs/versioned_docs/version-2.16/workflows/create.md @@ -27,8 +27,8 @@ If you don't have a cloud subscription, you can also set up a [local Constellati Before you create the cluster, make sure to have a [valid configuration file](./config.md). - - + + ```bash constellation apply @@ -36,8 +36,8 @@ constellation apply `apply` stores the state of your cluster's cloud resources in a [`constellation-terraform`](../architecture/orchestration.md#cluster-creation-process) directory in your workspace. - - + + Self-managed infrastructure allows for more flexibility in the setup, by separating the infrastructure setup from the Constellation cluster management. This provides flexibility in DevOps and can meet potential regulatory requirements. @@ -77,8 +77,8 @@ With the required cloud resources set up, continue with initializing your cluste constellation apply --skip-phases=infrastructure ``` - - + + Finally, configure `kubectl` for your cluster: diff --git a/docs/versioned_docs/version-2.16/workflows/recovery.md b/docs/versioned_docs/version-2.16/workflows/recovery.md index aea370e2f..50cd7ee72 100644 --- a/docs/versioned_docs/version-2.16/workflows/recovery.md +++ b/docs/versioned_docs/version-2.16/workflows/recovery.md @@ -16,8 +16,8 @@ You can check the health status of the nodes via the cloud service provider (CSP Constellation provides logging information on the boot process and status via serial console output. In the following, you'll find detailed descriptions for identifying clusters stuck in recovery for each CSP. - - + + First, open the AWS console to view all Auto Scaling Groups (ASGs) in the region of your cluster. Select the ASG of the control plane `--control-plane` and check that enough members are in a *Running* state. @@ -47,8 +47,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + In the Azure portal, find the cluster's resource group. Inside the resource group, open the control plane *Virtual machine scale set* `constellation-scale-set-controlplanes-`. @@ -82,8 +82,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + First, check that the control plane *Instance Group* has enough members in a *Ready* state. In the GCP Console, go to **Instance Groups** and check the group for the cluster's control plane `-control-plane-`. @@ -118,8 +118,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + First, open the STACKIT portal to view all servers in your project. Select individual control plane nodes `--control-plane--` and check that enough members are in a *Running* state. @@ -149,8 +149,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + ## Recover a cluster diff --git a/docs/versioned_docs/version-2.16/workflows/scale.md b/docs/versioned_docs/version-2.16/workflows/scale.md index 0b52b9540..28f19e3f1 100644 --- a/docs/versioned_docs/version-2.16/workflows/scale.md +++ b/docs/versioned_docs/version-2.16/workflows/scale.md @@ -51,36 +51,36 @@ kubectl -n kube-system get nodes Alternatively, you can manually scale your cluster up or down: - - + + 1. Go to Auto Scaling Groups and select the worker ASG to scale up. 2. Click **Edit** 3. Set the new (increased) **Desired capacity** and **Update**. - - + + 1. Find your Constellation resource group. 2. Select the `scale-set-workers`. 3. Go to **settings** and **scaling**. 4. Set the new **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **worker** instance group. 3. Set the new **number of instances** and **save**. - - + + Dynamic cluster scaling isn't yet supported for STACKIT. Support will be introduced in one of the upcoming releases. - - + + ## Control-plane node scaling @@ -88,35 +88,35 @@ Control-plane nodes can **only be scaled manually and only scaled up**! To increase the number of control-plane nodes, follow these steps: - - + + 1. Go to Auto Scaling Groups and select the control-plane ASG to scale up. 2. Click **Edit** 3. Set the new (increased) **Desired capacity** and **Update**. - - + + 1. Find your Constellation resource group. 2. Select the `scale-set-controlplanes`. 3. Go to **settings** and **scaling**. 4. Set the new (increased) **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **control-plane** instance group. 3. Set the new (increased) **number of instances** and **save**. - - + + Dynamic cluster scaling isn't yet supported for STACKIT. Support will be introduced in one of the upcoming releases. - - + + If you scale down the number of control-planes nodes, the removed nodes won't be able to exit the `etcd` cluster correctly. This will endanger the quorum that's required to run a stable Kubernetes control plane. diff --git a/docs/versioned_docs/version-2.16/workflows/storage.md b/docs/versioned_docs/version-2.16/workflows/storage.md index f1344d6ad..a5c52be90 100644 --- a/docs/versioned_docs/version-2.16/workflows/storage.md +++ b/docs/versioned_docs/version-2.16/workflows/storage.md @@ -21,37 +21,37 @@ For more details see [encrypted persistent storage](../architecture/encrypted-st Constellation supports the following drivers, which offer node-level encryption and optional integrity protection. - - + + **Constellation CSI driver for AWS Elastic Block Store** Mount [Elastic Block Store](https://aws.amazon.com/ebs/) storage volumes into your Constellation cluster. Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-aws-ebs-csi-driver) for more information. - - + + **Constellation CSI driver for Azure Disk**: Mount Azure [Disk Storage](https://azure.microsoft.com/en-us/services/storage/disks/#overview) into your Constellation cluster. See the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-azuredisk-csi-driver) for more information. Since Azure Disks are mounted as `ReadWriteOnce`, they're only available to a single pod. - - + + **Constellation CSI driver for GCP Persistent Disk**: Mount [Persistent Disk](https://cloud.google.com/persistent-disk) block storage into your Constellation cluster. Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-gcp-compute-persistent-disk-csi-driver) for more information. - - + + **Constellation CSI driver for STACKIT / OpenStack Cinder** Mount [Cinder](https://docs.openstack.org/cinder/latest/) block storage volumes into your Constellation cluster. Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-cloud-provider-openstack) for more information. - - + + Note that in case the options above aren't a suitable solution for you, Constellation is compatible with all other CSI-based storage options. For example, you can use [AWS EFS](https://docs.aws.amazon.com/en_en/eks/latest/userguide/efs-csi.html), [Azure Files](https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction), or [GCP Filestore](https://cloud.google.com/filestore) with Constellation out of the box. Constellation is just not providing transparent encryption on the node level for these storage types yet. @@ -60,8 +60,8 @@ Note that in case the options above aren't a suitable solution for you, Constell The Constellation CLI automatically installs Constellation's CSI driver for the selected CSP in your cluster. If you don't need a CSI driver or wish to deploy your own, you can disable the automatic installation by setting `deployCSIDriver` to `false` in your Constellation config file. - - + + AWS comes with two storage classes by default. @@ -89,8 +89,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + Azure comes with two storage classes by default. @@ -118,8 +118,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + GCP comes with two storage classes by default. @@ -147,8 +147,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + STACKIT comes with two storage classes by default. @@ -176,8 +176,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + 1. Create a [persistent volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) diff --git a/docs/versioned_docs/version-2.16/workflows/terminate.md b/docs/versioned_docs/version-2.16/workflows/terminate.md index 11bbbb2ac..2c45bebe3 100644 --- a/docs/versioned_docs/version-2.16/workflows/terminate.md +++ b/docs/versioned_docs/version-2.16/workflows/terminate.md @@ -16,8 +16,8 @@ All ephemeral storage and state of your cluster will be lost. Make sure any data ::: - - + + Terminate the cluster by running: ```bash @@ -40,8 +40,8 @@ resources manually. Just run the `terminate` command again afterward to continue ::: - - + + Terminate the cluster by running: ```bash @@ -56,5 +56,5 @@ rm constellation-state.yaml constellation-admin.conf Only the `constellation-mastersecret.json` and the configuration file remain. - - + + diff --git a/docs/versioned_docs/version-2.16/workflows/terraform-provider.md b/docs/versioned_docs/version-2.16/workflows/terraform-provider.md index 8a3cedc62..ed8f46eda 100644 --- a/docs/versioned_docs/version-2.16/workflows/terraform-provider.md +++ b/docs/versioned_docs/version-2.16/workflows/terraform-provider.md @@ -21,8 +21,9 @@ This example shows how to set up a Constellation cluster with the reference IAM 2. Use one of the [example configurations for using the Constellation Terraform provider](https://github.com/edgelesssys/constellation/tree/main/terraform-provider-constellation/examples/full) or create a `main.tf` file and fill it with the resources you want to create. The [Constellation Terraform provider documentation](https://registry.terraform.io/providers/edgelesssys/constellation/latest) offers thorough documentation on the resources and their attributes. 3. Initialize and apply the Terraform configuration. - - + + + Initialize the providers and apply the configuration. ```bash @@ -31,8 +32,8 @@ This example shows how to set up a Constellation cluster with the reference IAM ``` Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios. - - + + When creating a cluster on Azure, you need to manually patch the policy of the MAA provider before creating the Constellation cluster, as this feature isn't available in Azure's Terraform provider yet. The Constellation CLI provides a utility for patching, but you can also do it manually. @@ -66,8 +67,8 @@ This example shows how to set up a Constellation cluster with the reference IAM }; ``` - - + + Initialize the providers and apply the configuration. ```bash @@ -76,8 +77,8 @@ This example shows how to set up a Constellation cluster with the reference IAM ``` Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios. - - + + Initialize the providers and apply the configuration. ```bash @@ -86,9 +87,9 @@ This example shows how to set up a Constellation cluster with the reference IAM ``` Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios. - + - + 4. Connect to the cluster. ```bash diff --git a/docs/versioned_docs/version-2.17/architecture/attestation.md b/docs/versioned_docs/version-2.17/architecture/attestation.md index 7dbfc9392..a07b35e5a 100644 --- a/docs/versioned_docs/version-2.17/architecture/attestation.md +++ b/docs/versioned_docs/version-2.17/architecture/attestation.md @@ -121,8 +121,8 @@ Constellation allows to specify in the config which measurements should be enfor Enforcing non-reproducible measurements controlled by the cloud provider means that changes in these values require manual updates to the cluster's config. By default, Constellation only enforces measurements that are stable values produced by the infrastructure or by Constellation directly. - - + + Constellation uses the [vTPM](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) (NitroTPM) feature of the [AWS Nitro System](http://aws.amazon.com/ec2/nitro/) on AWS for runtime measurements. @@ -153,8 +153,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://docs.microsoft.com/en-us/azure/virtual-machines/trusted-launch#vtpm) feature of Azure CVMs for runtime measurements. This vTPM adheres to the [TPM 2.0](https://trustedcomputinggroup.org/resource/tpm-library-specification/) specification. @@ -184,8 +184,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://cloud.google.com/compute/confidential-vm/docs/about-cvm) feature of CVMs on GCP for runtime measurements. Note that this vTPM doesn't run inside the hardware-protected CVM context, but is emulated by the hypervisor. @@ -217,8 +217,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses a hypervisor-based vTPM for runtime measurements. @@ -249,16 +249,16 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + ### CVM verification To verify the integrity of the received attestation statement, a chain of trust from the CVM technology to the interface providing the statement has to be established. For verification of the CVM technology, Constellation may expose additional options in its config file. - - + + On AWS, AMD SEV-SNP is used to provide runtime encryption to the VMs. An SEV-SNP attestation report is used to establish trust in the VM. @@ -279,8 +279,8 @@ You may customize certain parameters for verification of the attestation stateme This is the intermediate certificate for verifying the SEV-SNP report's signature. If it's not specified, the CLI fetches it from the AMD key distribution server. - - + + On Azure, AMD SEV-SNP is used to provide runtime encryption to the VMs. An SEV-SNP attestation report is used to establish trust in the vTPM running inside the VM. @@ -302,22 +302,22 @@ You may customize certain parameters for verification of the attestation stateme More explicitly, it controls the verification of the `IDKeyDigest` value in the SEV-SNP attestation report. You can provide a list of accepted key digests and specify a policy on how this list is compared against the reported `IDKeyDigest`. - - + + On GCP, AMD SEV-ES is used to provide runtime encryption to the VMs. The hypervisor-based vTPM is used to establish trust in the VM via [runtime measurements](#runtime-measurements). There is no additional configuration available for GCP. - - + + On STACKIT, AMD SEV-ES is used to provide runtime encryption to the VMs. The hypervisor-based vTPM is used to establish trust in the VM via [runtime measurements](#runtime-measurements). There is no additional configuration available for STACKIT. - - + + ## Cluster attestation diff --git a/docs/versioned_docs/version-2.17/getting-started/first-steps-local.md b/docs/versioned_docs/version-2.17/getting-started/first-steps-local.md index 052d29eae..98f0302de 100644 --- a/docs/versioned_docs/version-2.17/getting-started/first-steps-local.md +++ b/docs/versioned_docs/version-2.17/getting-started/first-steps-local.md @@ -45,8 +45,8 @@ sudo iptables -P FORWARD ACCEPT ## Create a cluster - - + + With the `constellation mini` command, you can deploy and test Constellation locally. This mode is called MiniConstellation. Conceptually, MiniConstellation is similar to [MicroK8s](https://microk8s.io/), [K3s](https://k3s.io/), and [minikube](https://minikube.sigs.k8s.io/docs/). @@ -74,8 +74,8 @@ constellation mini up This will configure your current directory as the [workspace](../architecture/orchestration.md#workspaces) for this cluster. All `constellation` commands concerning this cluster need to be issued from this directory. - - + + With the QEMU provider, you can create a local Constellation cluster as if it were in the cloud. The provider uses [QEMU](https://www.qemu.org/) to create multiple VMs for the cluster nodes, which interact with each other. @@ -145,8 +145,8 @@ attaching persistent storage, or autoscaling aren't available. export KUBECONFIG="$PWD/constellation-admin.conf" ``` - - + + ## Connect to the cluster @@ -199,8 +199,8 @@ worker-0 Ready 32s v1.24.6 ## Terminate your cluster - - + + Once you are done, you can clean up the created resources using the following command: @@ -211,8 +211,8 @@ constellation mini down This will destroy your cluster and clean up your workspace. The VM image and cluster configuration file (`constellation-conf.yaml`) will be kept and may be reused to create new clusters. - - + + Once you are done, you can clean up the created resources using the following command: @@ -240,8 +240,8 @@ Your Constellation cluster was terminated successfully. This will destroy your cluster and clean up your workspace. The VM image and cluster configuration file (`constellation-conf.yaml`) will be kept and may be reused to create new clusters. - - + + ## Troubleshooting diff --git a/docs/versioned_docs/version-2.17/getting-started/first-steps.md b/docs/versioned_docs/version-2.17/getting-started/first-steps.md index 8c1da1967..9b37efa64 100644 --- a/docs/versioned_docs/version-2.17/getting-started/first-steps.md +++ b/docs/versioned_docs/version-2.17/getting-started/first-steps.md @@ -15,41 +15,41 @@ If you encounter any problem with the following steps, make sure to use the [lat 1. Create the [configuration file](../workflows/config.md) and state file for your cloud provider. If you are following the steps of this guide, there is no need to edit the file. - - + + ```bash constellation config generate aws ``` - - + + ```bash constellation config generate azure ``` - - + + ```bash constellation config generate gcp ``` - - + + ```bash constellation config generate stackit ``` - - + + 2. Create your [IAM configuration](../workflows/config.md#creating-an-iam-configuration). - - + + ```bash constellation iam create aws --zone=us-east-2a --prefix=constellTest --update-config @@ -76,8 +76,8 @@ If you encounter any problem with the following steps, make sure to use the [lat You can find a list of all [regions in AWS's documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions). - - + + ```bash constellation iam create azure --region=westus --resourceGroup=constellTest --servicePrincipal=spTest --update-config @@ -98,8 +98,8 @@ If you encounter any problem with the following steps, make sure to use the [lat You can find a list of all [regions in Azure's documentation](https://azure.microsoft.com/en-us/global-infrastructure/services/?products=virtual-machines®ions=all). - - + + ```bash constellation iam create gcp --projectID=yourproject-12345 --zone=europe-west2-a --serviceAccountID=constell-test --update-config @@ -109,16 +109,16 @@ If you encounter any problem with the following steps, make sure to use the [lat Note that only regions offering CVMs of the `C2D` or `N2D` series are supported. You can find a [list of all regions in Google's documentation](https://cloud.google.com/compute/docs/regions-zones#available), which you can filter by machine type `C2D` or `N2D`. - - + + To use Constellation on STACKIT, the cluster will use the User Access Token (UAT) that's generated [during the install step](./install.md). After creating the accounts, fill in the STACKIT details in `constellation-conf.yaml` under `provider.openstack`: * `stackitProjectID`: STACKIT project id (can be found after login on the [STACKIT portal](https://portal.stackit.cloud)) - - + + :::tip To learn about all options you have for managing IAM resources and Constellation configuration, see the [Configuration workflow](../workflows/config.md). diff --git a/docs/versioned_docs/version-2.17/getting-started/install.md b/docs/versioned_docs/version-2.17/getting-started/install.md index 4ebd9351a..d52e43476 100644 --- a/docs/versioned_docs/version-2.17/getting-started/install.md +++ b/docs/versioned_docs/version-2.17/getting-started/install.md @@ -22,8 +22,8 @@ If you prefer to use Terraform, you can alternatively use the [Terraform provide The CLI executable is available at [GitHub](https://github.com/edgelesssys/constellation/releases). Install it with the following commands: - - + + 1. Download the CLI: @@ -39,8 +39,8 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-amd64 /usr/local/bin/constellation ``` - - + + 1. Download the CLI: @@ -56,9 +56,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-arm64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -74,9 +74,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-arm64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -92,9 +92,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-amd64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -115,8 +115,8 @@ Invoke-WebRequest -OutFile ./constellation.exe -Uri 'https://github.com/edgeless 5. Click `New` 6. Enter the path to the folder containing the binary you want on your PATH: `C:\Program Files\Constellation\bin` - - + + :::tip The CLI supports autocompletion for various shells. To set it up, run `constellation completion` and follow the given steps. @@ -132,8 +132,8 @@ If you don't have a cloud subscription, you can also set up a [local Constellati ### Required permissions - - + + To set up a Constellation cluster, you need to perform two tasks that require permissions: create the infrastructure and create roles for cluster nodes. Both of these actions can be performed by different users, e.g., an administrator to create roles and a DevOps engineer to create the infrastructure. @@ -183,8 +183,8 @@ The built-in `PowerUserAccess` policy is a superset of these permissions. Follow Amazon's guide on [understanding](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) and [managing policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html). - - + + The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription: @@ -226,8 +226,8 @@ Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/az 1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration. - - + + Create a new project for Constellation or use an existing one. Enable the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com) on it. @@ -312,16 +312,16 @@ Together, the built-in roles `roles/editor`, `roles/compute.instanceAdmin` and ` Follow Google's guide on [understanding](https://cloud.google.com/iam/docs/understanding-roles) and [assigning roles](https://cloud.google.com/iam/docs/granting-changing-revoking-access). - - + + Constellation on STACKIT requires a User Access Token (UAT) for the OpenStack API and a STACKIT service account. The UAT already has all required permissions by default. The STACKIT service account needs the `editor` role to create STACKIT LoadBalancers. Look at the [STACKIT documentation](https://docs.stackit.cloud/stackit/en/getting-started-in-service-accounts-134415831.html) on how to create the service account and assign the role. - - + + ### Authentication @@ -331,8 +331,8 @@ You need to authenticate with your CSP. The following lists the required steps f The steps for a *testing* environment are simpler. However, they may expose secrets to the CSP. If in doubt, follow the *production* steps. ::: - - + + **Testing** @@ -348,8 +348,8 @@ aws configure Options and first steps are described in the [AWS CLI documentation](https://docs.aws.amazon.com/cli/index.html). - - + + **Testing** @@ -365,8 +365,8 @@ az login Other options are described in Azure's [authentication guide](https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli). - - + + **Testing** @@ -389,8 +389,8 @@ Use one of the following options on a trusted machine: Follow [Google's guide](https://cloud.google.com/docs/authentication/production#manually) for setting up your credentials. - - + + You need to authenticate with the infrastructure API (OpenStack) and create a service account (STACKIT API). @@ -420,9 +420,9 @@ You need to authenticate with the infrastructure API (OpenStack) and create a se {"STACKIT_SERVICE_ACCOUNT_TOKEN":"REPLACE_WITH_TOKEN"} ``` - + - + ## Next steps diff --git a/docs/versioned_docs/version-2.17/getting-started/marketplaces.md b/docs/versioned_docs/version-2.17/getting-started/marketplaces.md index b16d796d2..a6763a42a 100644 --- a/docs/versioned_docs/version-2.17/getting-started/marketplaces.md +++ b/docs/versioned_docs/version-2.17/getting-started/marketplaces.md @@ -4,8 +4,8 @@ Constellation is available through the Marketplaces of AWS, Azure, GCP, and STAC This document explains how to run Constellation with the dynamically billed cloud marketplace images. - - + + To use Constellation's marketplace images, ensure that you are subscribed to the [marketplace offering](https://aws.amazon.com/marketplace/pp/prodview-2mbn65nv57oys) through the web portal. @@ -15,8 +15,8 @@ Then, enable the use of marketplace images in your Constellation `constellation- yq eval -i ".provider.aws.useMarketplaceImage = true" constellation-conf.yaml ``` - - + + Constellation has a private marketplace plan. Please [contact us](https://www.edgeless.systems/enterprise-support/) to gain access. @@ -32,8 +32,8 @@ Then, enable the use of marketplace images in your Constellation `constellation- yq eval -i ".provider.azure.useMarketplaceImage = true" constellation-conf.yaml ``` - - + + To use a marketplace image, ensure that the account is entitled to use marketplace images by Edgeless Systems by accepting the terms through the [web portal](https://console.cloud.google.com/marketplace/vm/config/edgeless-systems-public/constellation). @@ -43,13 +43,13 @@ Then, enable the use of marketplace images in your Constellation `constellation- yq eval -i ".provider.gcp.useMarketplaceImage = true" constellation-conf.yaml ``` - - + + On STACKIT, the selected Constellation image is always a marketplace image. You can find more information on the STACKIT portal. - - + + Ensure that the cluster uses an official release image version (i.e., `.image=vX.Y.Z` in the `constellation-conf.yaml` file). diff --git a/docs/versioned_docs/version-2.17/workflows/config.md b/docs/versioned_docs/version-2.17/workflows/config.md index 9da4305de..120bf8ed7 100644 --- a/docs/versioned_docs/version-2.17/workflows/config.md +++ b/docs/versioned_docs/version-2.17/workflows/config.md @@ -14,44 +14,44 @@ Before you can create your cluster, you need to configure the identity and acces You can generate a configuration file for your CSP by using the following CLI command: - - + + ```bash constellation config generate aws ``` - - + + ```bash constellation config generate azure ``` - - + + ```bash constellation config generate gcp ``` - - + + ```bash constellation config generate stackit ``` - - + + This creates the file `constellation-conf.yaml` in the current directory. ## Choosing a VM type Constellation supports the following VM types: - - + + By default, Constellation uses `m6a.xlarge` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying `instanceType` in the configuration file. @@ -62,20 +62,20 @@ If you are using the attestation variant `awsNitroTPM`, you can choose any of th The Constellation CLI can also print the supported instance types with: `constellation config instance-types`. - - + + By default, Constellation uses `Standard_DC4as_v5` CVMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying `instanceType` in the configuration file. For CVMs, any VM type with a minimum of 4 vCPUs from the [DCasv5 & DCadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/dcasv5-dcadsv5-series) or [ECasv5 & ECadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/ecasv5-ecadsv5-series) families is supported. You can also run `constellation config instance-types` to get the list of all supported options. - - + + By default, Constellation uses `n2d-standard-4` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying `instanceType` in the configuration file. Supported are all machines with a minimum of 4 vCPUs from the [C2D](https://cloud.google.com/compute/docs/compute-optimized-machines#c2d_machine_types) or [N2D](https://cloud.google.com/compute/docs/general-purpose-machines#n2d_machines) family. You can run `constellation config instance-types` to get the list of all supported options. - - + + By default, Constellation uses `m1a.4cd` VMs (4 vCPUs, 30 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying `instanceType` in the configuration file. @@ -93,8 +93,8 @@ You can choose any of the SEV-enabled instance types. You can find a list of all The Constellation CLI can also print the supported instance types with: `constellation config instance-types`. - - + + Fill the desired VM type into the `instanceType` fields in the `constellation-conf.yml` file. @@ -153,8 +153,8 @@ See also Constellation's [Kubernetes support policy](../architecture/versions.md You can create an IAM configuration for your cluster automatically using the `constellation iam create` command. If you already have a Constellation configuration file, you can add the `--update-config` flag to the command. This writes the needed IAM fields into your configuration. Furthermore, the flag updates the zone/region of the configuration if it hasn't been set yet. - - + + You must be authenticated with the [AWS CLI](https://aws.amazon.com/en/cli/) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -178,8 +178,8 @@ You can find a list of all [regions in AWS's documentation](https://docs.aws.ama Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + + You must be authenticated with the [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -204,8 +204,8 @@ You can find a list of all [regions in Azure's documentation](https://azure.micr Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + + You must be authenticated with the [GCP CLI](https://cloud.google.com/sdk/gcloud) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -219,21 +219,21 @@ Note that only regions offering CVMs of the `C2D` or `N2D` series are supported. Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + + STACKIT requires manual creation and configuration of service accounts. Look at the [first steps](../getting-started/first-steps.md) for more information. - - + +
    Alternatively, you can manually create the IAM configuration on your CSP. The following describes the configuration fields and how you obtain the required information or create the required resources. - - + + * **region**: The name of your chosen AWS data center region, e.g., `us-east-2`. @@ -264,8 +264,8 @@ The following describes the configuration fields and how you obtain the required Alternatively, you can create the AWS profile with a tool of your choice. Use the JSON policy in [main.tf](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam/main.tf) in the resource `aws_iam_policy.worker_node_policy`. - - + + * **subscription**: The UUID of your Azure subscription, e.g., `8b8bd01f-efd9-4113-9bd1-c82137c32da7`. @@ -301,8 +301,8 @@ The following describes the configuration fields and how you obtain the required The user-assigned identity is used by instances of the cluster to access other cloud resources. For more information about managed identities refer to [Azure's documentation](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities). - - + + * **project**: The ID of your GCP project, e.g., `constellation-129857`. @@ -326,13 +326,13 @@ The following describes the configuration fields and how you obtain the required Afterward, create and download a new JSON key for this service account. Place the downloaded file in your Constellation workspace, and set the config parameter to the filename, e.g., `constellation-129857-15343dba46cb.json`. - - + + STACKIT requires manual creation and configuration of service accounts. Look at the [first steps](../getting-started/first-steps.md) for more information. - - + +
    Now that you've configured your CSP, you can [create your cluster](./create.md). diff --git a/docs/versioned_docs/version-2.17/workflows/create.md b/docs/versioned_docs/version-2.17/workflows/create.md index 388cbedf8..6074ebb16 100644 --- a/docs/versioned_docs/version-2.17/workflows/create.md +++ b/docs/versioned_docs/version-2.17/workflows/create.md @@ -27,8 +27,8 @@ If you don't have a cloud subscription, you can also set up a [local Constellati Before you create the cluster, make sure to have a [valid configuration file](./config.md). - - + + ```bash constellation apply @@ -36,8 +36,8 @@ constellation apply `apply` stores the state of your cluster's cloud resources in a [`constellation-terraform`](../architecture/orchestration.md#cluster-creation-process) directory in your workspace. - - + + Self-managed infrastructure allows for more flexibility in the setup, by separating the infrastructure setup from the Constellation cluster management. This provides flexibility in DevOps and can meet potential regulatory requirements. @@ -77,8 +77,8 @@ With the required cloud resources set up, continue with initializing your cluste constellation apply --skip-phases=infrastructure ``` - - + + Finally, configure `kubectl` for your cluster: diff --git a/docs/versioned_docs/version-2.17/workflows/recovery.md b/docs/versioned_docs/version-2.17/workflows/recovery.md index aea370e2f..50cd7ee72 100644 --- a/docs/versioned_docs/version-2.17/workflows/recovery.md +++ b/docs/versioned_docs/version-2.17/workflows/recovery.md @@ -16,8 +16,8 @@ You can check the health status of the nodes via the cloud service provider (CSP Constellation provides logging information on the boot process and status via serial console output. In the following, you'll find detailed descriptions for identifying clusters stuck in recovery for each CSP. - - + + First, open the AWS console to view all Auto Scaling Groups (ASGs) in the region of your cluster. Select the ASG of the control plane `--control-plane` and check that enough members are in a *Running* state. @@ -47,8 +47,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + In the Azure portal, find the cluster's resource group. Inside the resource group, open the control plane *Virtual machine scale set* `constellation-scale-set-controlplanes-`. @@ -82,8 +82,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + First, check that the control plane *Instance Group* has enough members in a *Ready* state. In the GCP Console, go to **Instance Groups** and check the group for the cluster's control plane `-control-plane-`. @@ -118,8 +118,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + First, open the STACKIT portal to view all servers in your project. Select individual control plane nodes `--control-plane--` and check that enough members are in a *Running* state. @@ -149,8 +149,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + ## Recover a cluster diff --git a/docs/versioned_docs/version-2.17/workflows/scale.md b/docs/versioned_docs/version-2.17/workflows/scale.md index 0b52b9540..28f19e3f1 100644 --- a/docs/versioned_docs/version-2.17/workflows/scale.md +++ b/docs/versioned_docs/version-2.17/workflows/scale.md @@ -51,36 +51,36 @@ kubectl -n kube-system get nodes Alternatively, you can manually scale your cluster up or down: - - + + 1. Go to Auto Scaling Groups and select the worker ASG to scale up. 2. Click **Edit** 3. Set the new (increased) **Desired capacity** and **Update**. - - + + 1. Find your Constellation resource group. 2. Select the `scale-set-workers`. 3. Go to **settings** and **scaling**. 4. Set the new **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **worker** instance group. 3. Set the new **number of instances** and **save**. - - + + Dynamic cluster scaling isn't yet supported for STACKIT. Support will be introduced in one of the upcoming releases. - - + + ## Control-plane node scaling @@ -88,35 +88,35 @@ Control-plane nodes can **only be scaled manually and only scaled up**! To increase the number of control-plane nodes, follow these steps: - - + + 1. Go to Auto Scaling Groups and select the control-plane ASG to scale up. 2. Click **Edit** 3. Set the new (increased) **Desired capacity** and **Update**. - - + + 1. Find your Constellation resource group. 2. Select the `scale-set-controlplanes`. 3. Go to **settings** and **scaling**. 4. Set the new (increased) **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **control-plane** instance group. 3. Set the new (increased) **number of instances** and **save**. - - + + Dynamic cluster scaling isn't yet supported for STACKIT. Support will be introduced in one of the upcoming releases. - - + + If you scale down the number of control-planes nodes, the removed nodes won't be able to exit the `etcd` cluster correctly. This will endanger the quorum that's required to run a stable Kubernetes control plane. diff --git a/docs/versioned_docs/version-2.17/workflows/storage.md b/docs/versioned_docs/version-2.17/workflows/storage.md index f1344d6ad..a5c52be90 100644 --- a/docs/versioned_docs/version-2.17/workflows/storage.md +++ b/docs/versioned_docs/version-2.17/workflows/storage.md @@ -21,37 +21,37 @@ For more details see [encrypted persistent storage](../architecture/encrypted-st Constellation supports the following drivers, which offer node-level encryption and optional integrity protection. - - + + **Constellation CSI driver for AWS Elastic Block Store** Mount [Elastic Block Store](https://aws.amazon.com/ebs/) storage volumes into your Constellation cluster. Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-aws-ebs-csi-driver) for more information. - - + + **Constellation CSI driver for Azure Disk**: Mount Azure [Disk Storage](https://azure.microsoft.com/en-us/services/storage/disks/#overview) into your Constellation cluster. See the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-azuredisk-csi-driver) for more information. Since Azure Disks are mounted as `ReadWriteOnce`, they're only available to a single pod. - - + + **Constellation CSI driver for GCP Persistent Disk**: Mount [Persistent Disk](https://cloud.google.com/persistent-disk) block storage into your Constellation cluster. Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-gcp-compute-persistent-disk-csi-driver) for more information. - - + + **Constellation CSI driver for STACKIT / OpenStack Cinder** Mount [Cinder](https://docs.openstack.org/cinder/latest/) block storage volumes into your Constellation cluster. Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-cloud-provider-openstack) for more information. - - + + Note that in case the options above aren't a suitable solution for you, Constellation is compatible with all other CSI-based storage options. For example, you can use [AWS EFS](https://docs.aws.amazon.com/en_en/eks/latest/userguide/efs-csi.html), [Azure Files](https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction), or [GCP Filestore](https://cloud.google.com/filestore) with Constellation out of the box. Constellation is just not providing transparent encryption on the node level for these storage types yet. @@ -60,8 +60,8 @@ Note that in case the options above aren't a suitable solution for you, Constell The Constellation CLI automatically installs Constellation's CSI driver for the selected CSP in your cluster. If you don't need a CSI driver or wish to deploy your own, you can disable the automatic installation by setting `deployCSIDriver` to `false` in your Constellation config file. - - + + AWS comes with two storage classes by default. @@ -89,8 +89,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + Azure comes with two storage classes by default. @@ -118,8 +118,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + GCP comes with two storage classes by default. @@ -147,8 +147,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + STACKIT comes with two storage classes by default. @@ -176,8 +176,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + 1. Create a [persistent volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) diff --git a/docs/versioned_docs/version-2.17/workflows/terminate.md b/docs/versioned_docs/version-2.17/workflows/terminate.md index 11bbbb2ac..2c45bebe3 100644 --- a/docs/versioned_docs/version-2.17/workflows/terminate.md +++ b/docs/versioned_docs/version-2.17/workflows/terminate.md @@ -16,8 +16,8 @@ All ephemeral storage and state of your cluster will be lost. Make sure any data ::: - - + + Terminate the cluster by running: ```bash @@ -40,8 +40,8 @@ resources manually. Just run the `terminate` command again afterward to continue ::: - - + + Terminate the cluster by running: ```bash @@ -56,5 +56,5 @@ rm constellation-state.yaml constellation-admin.conf Only the `constellation-mastersecret.json` and the configuration file remain. - - + + diff --git a/docs/versioned_docs/version-2.17/workflows/terraform-provider.md b/docs/versioned_docs/version-2.17/workflows/terraform-provider.md index 8a3cedc62..ed8f46eda 100644 --- a/docs/versioned_docs/version-2.17/workflows/terraform-provider.md +++ b/docs/versioned_docs/version-2.17/workflows/terraform-provider.md @@ -21,8 +21,9 @@ This example shows how to set up a Constellation cluster with the reference IAM 2. Use one of the [example configurations for using the Constellation Terraform provider](https://github.com/edgelesssys/constellation/tree/main/terraform-provider-constellation/examples/full) or create a `main.tf` file and fill it with the resources you want to create. The [Constellation Terraform provider documentation](https://registry.terraform.io/providers/edgelesssys/constellation/latest) offers thorough documentation on the resources and their attributes. 3. Initialize and apply the Terraform configuration. - - + + + Initialize the providers and apply the configuration. ```bash @@ -31,8 +32,8 @@ This example shows how to set up a Constellation cluster with the reference IAM ``` Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios. - - + + When creating a cluster on Azure, you need to manually patch the policy of the MAA provider before creating the Constellation cluster, as this feature isn't available in Azure's Terraform provider yet. The Constellation CLI provides a utility for patching, but you can also do it manually. @@ -66,8 +67,8 @@ This example shows how to set up a Constellation cluster with the reference IAM }; ``` - - + + Initialize the providers and apply the configuration. ```bash @@ -76,8 +77,8 @@ This example shows how to set up a Constellation cluster with the reference IAM ``` Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios. - - + + Initialize the providers and apply the configuration. ```bash @@ -86,9 +87,9 @@ This example shows how to set up a Constellation cluster with the reference IAM ``` Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios. - + - + 4. Connect to the cluster. ```bash diff --git a/docs/versioned_docs/version-2.2/architecture/attestation.md b/docs/versioned_docs/version-2.2/architecture/attestation.md index c70a61264..c09d0f546 100644 --- a/docs/versioned_docs/version-2.2/architecture/attestation.md +++ b/docs/versioned_docs/version-2.2/architecture/attestation.md @@ -121,8 +121,8 @@ Constellation allows to specify in the config which measurements should be enfor Enforcing non-reproducible measurements controlled by the cloud provider means that changes in these values require manual updates to the cluster's config. By default, Constellation only enforces measurements that are stable values produced by the infrastructure or by Constellation directly. - - + + Constellation uses the [vTPM](https://docs.microsoft.com/en-us/azure/virtual-machines/trusted-launch#vtpm) feature of Azure CVMs for runtime measurements. This vTPM adheres to the [TPM 2.0](https://trustedcomputinggroup.org/resource/tpm-library-specification/) specification. @@ -152,8 +152,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://cloud.google.com/compute/confidential-vm/docs/about-cvm) feature of CVMs on GCP for runtime measurements. Note that this vTPM doesn't run inside the hardware-protected CVM context, but is emulated by the hypervisor. @@ -185,8 +185,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) (NitroTPM) feature of the [AWS Nitro System](http://aws.amazon.com/ec2/nitro/) on AWS for runtime measurements. @@ -217,8 +217,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + ## Cluster attestation diff --git a/docs/versioned_docs/version-2.2/getting-started/first-steps.md b/docs/versioned_docs/version-2.2/getting-started/first-steps.md index 2850176a0..3dcb4f6c5 100644 --- a/docs/versioned_docs/version-2.2/getting-started/first-steps.md +++ b/docs/versioned_docs/version-2.2/getting-started/first-steps.md @@ -11,36 +11,36 @@ If you don't have a cloud subscription, check out [MiniConstellation](first-step 1. Create the configuration file for your selected cloud provider. - - + + ```bash constellation config generate azure ``` - - + + ```bash constellation config generate gcp ``` - - + + ```bash constellation config generate aws ``` - - + + This creates the file `constellation-conf.yaml` in your current working directory. 2. Fill in your cloud provider specific information. - - + + You need several resources for the cluster. You can use the following `az` script to create them: @@ -71,8 +71,8 @@ If you don't have a cloud subscription, check out [MiniConstellation](first-step Run `constellation config instance-types` to get the list of all supported options. - - + + * **subscription**: The UUID of your Azure subscription, e.g., `8b8bd01f-efd9-4113-9bd1-c82137c32da7`. @@ -118,8 +118,8 @@ If you don't have a cloud subscription, check out [MiniConstellation](first-step Run `constellation config instance-types` to get the list of all supported options. - - + + You need a service account for the cluster. You can use the following `gcloud` script to create it: @@ -142,8 +142,8 @@ If you don't have a cloud subscription, check out [MiniConstellation](first-step By default, Constellation uses `n2d-standard-4` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. Supported are all machines from the N2D family with a minimum of 4 vCPUs. Refer to [N2D machine series](https://cloud.google.com/compute/docs/general-purpose-machines#n2d_machines) or run `constellation config instance-types` to get the list of all supported options. - - + + * **project**: The ID of your GCP project, e.g., `constellation-129857`. @@ -171,8 +171,8 @@ If you don't have a cloud subscription, check out [MiniConstellation](first-step Supported are all machines from the N2D family with a minimum of 4 vCPUs. It defaults to `n2d-standard-4` (4 vCPUs, 16 GB RAM), but you can use any other VMs from the same family. Refer to [N2D machine series](https://cloud.google.com/compute/docs/general-purpose-machines#n2d_machines) or run `constellation config instance-types` to get the list of all supported options. - - + + * **region**: The name of your chosen AWS data center region, e.g., `us-east-2`. @@ -211,8 +211,8 @@ If you don't have a cloud subscription, check out [MiniConstellation](first-step Alternatively, you can create the AWS profile with a tool of your choice. Use the JSON policy in [main.tf](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam/main.tf) in the resource `aws_iam_policy.worker_node_policy`. - - + + :::info diff --git a/docs/versioned_docs/version-2.2/getting-started/install.md b/docs/versioned_docs/version-2.2/getting-started/install.md index 6bf421b16..439b734dd 100644 --- a/docs/versioned_docs/version-2.2/getting-started/install.md +++ b/docs/versioned_docs/version-2.2/getting-started/install.md @@ -18,8 +18,8 @@ Make sure the following requirements are met: The CLI executable is available at [GitHub](https://github.com/edgelesssys/constellation/releases). Install it with the following commands: - - + + 1. Download the CLI: @@ -35,8 +35,8 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-amd64 /usr/local/bin/constellation ``` - - + + 1. Download the CLI: @@ -52,9 +52,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-arm64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -70,9 +70,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-arm64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -88,8 +88,8 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-amd64 /usr/local/bin/constellation ``` - - + + :::tip The CLI supports autocompletion for various shells. To set it up, run `constellation completion` and follow the given steps. @@ -105,14 +105,15 @@ If you don't have a cloud subscription, you can try [MiniConstellation](first-st ### Required permissions - - + + The following [resource providers need to be need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription: -* `Microsoft.Compute` -* `Microsoft.ManagedIdentity` -* `Microsoft.Network` -* `microsoft.insights` + +- `Microsoft.Compute` +- `Microsoft.ManagedIdentity` +- `Microsoft.Network` +- `microsoft.insights` By default, Constellation tries to register these automatically if they haven't been registered before. @@ -124,8 +125,8 @@ You need the following permissions for your user account: If you don't have these permissions with scope *subscription*, ask your administrator to [create the service account and a resource group for your Constellation cluster](first-steps.md). Your user account needs the `Contributor` permission scoped to this resource group. - - + + Create a new project for Constellation or use an existing one. Enable the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com) on it. @@ -137,8 +138,8 @@ You need the following permissions on this project: Follow Google's guide on [understanding](https://cloud.google.com/iam/docs/understanding-roles) and [assigning roles](https://cloud.google.com/iam/docs/granting-changing-revoking-access). - - + + To set up a Constellation cluster, you need to perform two tasks that require permissions: create the infrastructure and create roles for cluster nodes. Both of these actions can be performed by different users, e.g., an administrator to create roles and a DevOps engineer to create the infrastructure. @@ -269,8 +270,8 @@ such as `PowerUserAccess`, or use the following minimal set of permissions: Follow Amazon's guide on [understanding](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) and [managing policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html). - - + + ### Authentication @@ -280,8 +281,8 @@ You need to authenticate with your CSP. The following lists the required steps f The steps for a *testing* environment are simpler. However, they may expose secrets to the CSP. If in doubt, follow the *production* steps. ::: - - + + **Testing** @@ -297,8 +298,8 @@ az login Other options are described in Azure's [authentication guide](https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli). - - + + **Testing** @@ -321,8 +322,8 @@ Use one of the following options on a trusted machine: Follow [Google's guide](https://cloud.google.com/docs/authentication/production#manually) for setting up your credentials. - - + + **Testing** @@ -338,9 +339,9 @@ aws configure Options and first steps are described in the [AWS CLI documentation](https://docs.aws.amazon.com/cli/index.html). - + - + ## Next steps diff --git a/docs/versioned_docs/version-2.2/workflows/create.md b/docs/versioned_docs/version-2.2/workflows/create.md index d886fb347..dcb3ff285 100644 --- a/docs/versioned_docs/version-2.2/workflows/create.md +++ b/docs/versioned_docs/version-2.2/workflows/create.md @@ -19,29 +19,29 @@ This step creates the necessary resources for your cluster in your cloud environ Generate a configuration file for your cloud service provider (CSP): - - + + ```bash constellation config generate azure ``` - - + + ```bash constellation config generate gcp ``` - - + + ```bash constellation config generate aws ``` - - + + This creates the file `constellation-conf.yaml` in the current directory. [Fill in your CSP-specific information](../getting-started/first-steps.md#create-a-cluster) before you continue. diff --git a/docs/versioned_docs/version-2.2/workflows/recovery.md b/docs/versioned_docs/version-2.2/workflows/recovery.md index fd610fc67..0fd171036 100644 --- a/docs/versioned_docs/version-2.2/workflows/recovery.md +++ b/docs/versioned_docs/version-2.2/workflows/recovery.md @@ -16,8 +16,8 @@ You can check the health status of the nodes via the cloud service provider (CSP Constellation provides logging information on the boot process and status via [cloud logging](troubleshooting.md#cloud-logging). In the following, you'll find detailed descriptions for identifying clusters stuck in recovery for each CSP. - - + + In the Azure portal, find the cluster's resource group. Inside the resource group, open the control plane *Virtual machine scale set* `constellation-scale-set-controlplanes-`. @@ -51,8 +51,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + First, check that the control plane *Instance Group* has enough members in a *Ready* state. In the GCP Console, go to **Instance Groups** and check the group for the cluster's control plane `-control-plane-`. @@ -87,8 +87,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + First, open the AWS console to view all Auto Scaling Groups (ASGs) in the region of your cluster. Select the ASG of the control plane `--control-plane` and check that enough members are in a *Running* state. @@ -118,8 +118,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + ## Recover a cluster diff --git a/docs/versioned_docs/version-2.2/workflows/scale.md b/docs/versioned_docs/version-2.2/workflows/scale.md index 3b7c0d479..bce045c66 100644 --- a/docs/versioned_docs/version-2.2/workflows/scale.md +++ b/docs/versioned_docs/version-2.2/workflows/scale.md @@ -48,23 +48,23 @@ kubectl -n kube-system get nodes Alternatively, you can manually scale your cluster up or down: - - + + 1. Find your Constellation resource group. 2. Select the `scale-set-workers`. 3. Go to **settings** and **scaling**. 4. Set the new **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **worker** instance group. 3. Set the new **number of instances** and **save**. - - + + :::caution @@ -72,8 +72,8 @@ Scaling isn't yet implemented for AWS. If you require this feature, [let us know ::: - - + + ## Control-plane node scaling @@ -81,24 +81,24 @@ Control-plane nodes can **only be scaled manually and only scaled up**! To increase the number of control-plane nodes, follow these steps: - + - + 1. Find your Constellation resource group. 2. Select the `scale-set-controlplanes`. 3. Go to **settings** and **scaling**. 4. Set the new (increased) **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **control-plane** instance group. 3. Set the new (increased) **number of instances** and **save**. - - + + :::caution @@ -106,7 +106,7 @@ Scaling isn't yet implemented for AWS. If you require this feature, [let us know ::: - - + + If you scale down the number of control-planes nodes, the removed nodes won't be able to exit the `etcd` cluster correctly. This will endanger the quorum that's required to run a stable Kubernetes control plane. diff --git a/docs/versioned_docs/version-2.2/workflows/storage.md b/docs/versioned_docs/version-2.2/workflows/storage.md index 878449fa5..c322d97d1 100644 --- a/docs/versioned_docs/version-2.2/workflows/storage.md +++ b/docs/versioned_docs/version-2.2/workflows/storage.md @@ -21,14 +21,14 @@ For more details see [encrypted persistent storage](../architecture/encrypted-st Constellation supports the following drivers, which offer node-level encryption and optional integrity protection. - - + + **Constellation CSI driver for Azure Disk**: Mount Azure [Disk Storage](https://azure.microsoft.com/en-us/services/storage/disks/#overview) into your Constellation cluster. See the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-azuredisk-csi-driver) for more information. Since Azure Disks are mounted as ReadWriteOnce, they're only available to a single pod. - - + + **Constellation CSI driver for GCP Persistent Disk**: Mount [Persistent Disk](https://cloud.google.com/persistent-disk) block storage into your Constellation cluster. @@ -36,8 +36,8 @@ This includes support for [volume snapshots](https://cloud.google.com/kubernetes You can use them to bring a volume back to a prior state or provision new volumes. Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-gcp-compute-persistent-disk-csi-driver) for information about the configuration. - - + + :::caution @@ -47,8 +47,8 @@ You may use other (non-confidential) CSI drivers that are compatible with Kubern ::: - - + + Note that in case the options above aren't a suitable solution for you, Constellation is compatible with all other CSI-based storage options. For example, you can use [Azure Files](https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction) or [GCP Filestore](https://cloud.google.com/filestore) with Constellation out of the box. Constellation is just not providing transparent encryption on the node level for these storage types yet. @@ -56,8 +56,8 @@ Note that in case the options above aren't a suitable solution for you, Constell The following installation guide gives an overview of how to securely use CSI-based cloud storage for persistent volumes in Constellation. - - + + 1. Install the driver: @@ -67,8 +67,8 @@ The following installation guide gives an overview of how to securely use CSI-ba helm install azuredisk-csi-driver charts/edgeless --namespace kube-system ``` - - + + 1. Install the driver: @@ -77,8 +77,8 @@ The following installation guide gives an overview of how to securely use CSI-ba helm install gcp-compute-persistent-disk-csi-driver charts/ --namespace kube-system ``` - - + + :::caution @@ -88,8 +88,8 @@ You may use other (non-confidential) CSI drivers that are compatible with Kubern ::: - - + + :::info @@ -160,8 +160,8 @@ The default storage class is responsible for all persistent volume claims that d The previous instructions create a storage class with encryption enabled and sets this as the default class. In case you wish to change it, follow the steps below: - - + + 1. List the storage classes in your cluster: @@ -207,8 +207,8 @@ In case you wish to change it, follow the steps below: integrity-encrypted-rwo (default) azuredisk.csi.confidential.cloud Delete Immediate false 1d ``` - - + + 1. List the storage classes in your cluster: @@ -254,8 +254,8 @@ In case you wish to change it, follow the steps below: integrity-encrypted-rwo (default) gcp.csi.confidential.cloud Delete Immediate false 1d ``` - - + + :::caution @@ -265,5 +265,5 @@ You may use other (non-confidential) CSI drivers that are compatible with Kubern ::: - - + + diff --git a/docs/versioned_docs/version-2.2/workflows/troubleshooting.md b/docs/versioned_docs/version-2.2/workflows/troubleshooting.md index ad5e1c51b..59015efcb 100644 --- a/docs/versioned_docs/version-2.2/workflows/troubleshooting.md +++ b/docs/versioned_docs/version-2.2/workflows/troubleshooting.md @@ -5,6 +5,7 @@ This section aids you in finding problems when working with Constellation. ## Azure: Resource Providers can't be registered On Azure, you may receive the following error when running `create` or `terminate` with limited IAM permissions: + ```shell-session Error: Error ensuring Resource Providers are registered. @@ -21,11 +22,13 @@ To continue, please ensure that the [required resource providers](../getting-sta Afterward, set `ARM_SKIP_PROVIDER_REGISTRATION=true` as an environment variable and either run `create` or `terminate` again. For example: + ```bash ARM_SKIP_PROVIDER_REGISTRATION=true constellation create --control-plane-nodes 1 --worker-nodes 2 -y ``` Or alternatively, for `terminate`: + ```bash ARM_SKIP_PROVIDER_REGISTRATION=true constellation terminate ``` @@ -36,8 +39,8 @@ To provide information during early stages of the node's boot process, Constella You can view these information in the follow places: - - + + 1. In your Azure subscription find the Constellation resource group. 2. Inside the resource group find the Application Insights resource called `constellation-insights-*`. @@ -47,8 +50,8 @@ You can view these information in the follow places: To **find the disk UUIDs** use the following query: `traces | where message contains "Disk UUID"` - - + + 1. Select the project that hosts Constellation. 2. Go to the `Compute Engine` service. @@ -63,16 +66,16 @@ Constellation uses the default bucket to store logs. Its [default retention peri ::: - - + + 1. Open [AWS CloudWatch](https://console.aws.amazon.com/cloudwatch/home) 2. Select [Log Groups](https://console.aws.amazon.com/cloudwatch/home#logsV2:log-groups) 3. Select the log group that matches the name of your cluster. 4. Select the log stream for control or worker type nodes. - - + + ## Connect to nodes via SSH diff --git a/docs/versioned_docs/version-2.3/architecture/attestation.md b/docs/versioned_docs/version-2.3/architecture/attestation.md index f335038f6..28e8e62cf 100644 --- a/docs/versioned_docs/version-2.3/architecture/attestation.md +++ b/docs/versioned_docs/version-2.3/architecture/attestation.md @@ -121,8 +121,8 @@ Constellation allows to specify in the config which measurements should be enfor Enforcing non-reproducible measurements controlled by the cloud provider means that changes in these values require manual updates to the cluster's config. By default, Constellation only enforces measurements that are stable values produced by the infrastructure or by Constellation directly. - - + + Constellation uses the [vTPM](https://docs.microsoft.com/en-us/azure/virtual-machines/trusted-launch#vtpm) feature of Azure CVMs for runtime measurements. This vTPM adheres to the [TPM 2.0](https://trustedcomputinggroup.org/resource/tpm-library-specification/) specification. @@ -152,8 +152,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://cloud.google.com/compute/confidential-vm/docs/about-cvm) feature of CVMs on GCP for runtime measurements. Note that this vTPM doesn't run inside the hardware-protected CVM context, but is emulated by the hypervisor. @@ -185,8 +185,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) (NitroTPM) feature of the [AWS Nitro System](http://aws.amazon.com/ec2/nitro/) on AWS for runtime measurements. @@ -217,8 +217,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + ## Cluster attestation diff --git a/docs/versioned_docs/version-2.3/getting-started/first-steps.md b/docs/versioned_docs/version-2.3/getting-started/first-steps.md index a749ca6a9..02fbdb696 100644 --- a/docs/versioned_docs/version-2.3/getting-started/first-steps.md +++ b/docs/versioned_docs/version-2.3/getting-started/first-steps.md @@ -11,29 +11,29 @@ If you don't have a cloud subscription, check out [MiniConstellation](first-step 1. Create the configuration file for your selected cloud provider. - - + + ```bash constellation config generate azure ``` - - + + ```bash constellation config generate gcp ``` - - + + ```bash constellation config generate aws ``` - - + + This creates the file `constellation-conf.yaml` in your current working directory. @@ -41,9 +41,9 @@ If you don't have a cloud subscription, check out [MiniConstellation](first-step First you need to create an [IAM configuration](../workflows/config.md#creating-an-iam-configuration). The easiest way to do this is the following CLI command: - + - + ```bash constellation iam create azure --region=westus --resourceGroup=constellTest --servicePrincipal=spTest @@ -57,9 +57,9 @@ If you don't have a cloud subscription, check out [MiniConstellation](first-step * `northeurope` * `westeurope` - + - + ```bash constellation iam create gcp --projectID=yourproject-12345 --zone=europe-west2-a --serviceAccountID=constell-test @@ -69,9 +69,9 @@ If you don't have a cloud subscription, check out [MiniConstellation](first-step Note that only regions offering CVMs of the `N2D` series are supported. You can find a [list of all regions in Google's documentation](https://cloud.google.com/compute/docs/regions-zones#available), which you can filter by machine type `N2D`. - + - + ```bash constellation iam create aws --zone=eu-central-1a --prefix=constellTest @@ -88,8 +88,8 @@ If you don't have a cloud subscription, check out [MiniConstellation](first-step You can find a list of all [regions in AWS's documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions). - - + + Now, fill the output values of the command into the corresponding fields of the `constellation-conf.yaml` file. diff --git a/docs/versioned_docs/version-2.3/getting-started/install.md b/docs/versioned_docs/version-2.3/getting-started/install.md index d830c7792..36d8f541a 100644 --- a/docs/versioned_docs/version-2.3/getting-started/install.md +++ b/docs/versioned_docs/version-2.3/getting-started/install.md @@ -18,8 +18,8 @@ Make sure the following requirements are met: The CLI executable is available at [GitHub](https://github.com/edgelesssys/constellation/releases). Install it with the following commands: - - + + 1. Download the CLI: @@ -35,8 +35,8 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-amd64 /usr/local/bin/constellation ``` - - + + 1. Download the CLI: @@ -52,9 +52,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-arm64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -70,9 +70,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-arm64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -88,8 +88,8 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-amd64 /usr/local/bin/constellation ``` - - + + :::tip The CLI supports autocompletion for various shells. To set it up, run `constellation completion` and follow the given steps. @@ -105,14 +105,15 @@ If you don't have a cloud subscription, you can try [MiniConstellation](first-st ### Required permissions - - + + The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription: -* `Microsoft.Compute` -* `Microsoft.ManagedIdentity` -* `Microsoft.Network` -* `microsoft.insights` + +- `Microsoft.Compute` +- `Microsoft.ManagedIdentity` +- `Microsoft.Network` +- `microsoft.insights` By default, Constellation tries to register these automatically if they haven't been registered before. @@ -124,8 +125,8 @@ You need the following permissions for your user account: If you don't have these permissions with scope *subscription*, ask your administrator to [create the service account and a resource group for your Constellation cluster](first-steps.md). Your user account needs the `Contributor` permission scoped to this resource group. - - + + Create a new project for Constellation or use an existing one. Enable the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com) on it. @@ -137,8 +138,8 @@ You need the following permissions on this project: Follow Google's guide on [understanding](https://cloud.google.com/iam/docs/understanding-roles) and [assigning roles](https://cloud.google.com/iam/docs/granting-changing-revoking-access). - - + + To set up a Constellation cluster, you need to perform two tasks that require permissions: create the infrastructure and create roles for cluster nodes. Both of these actions can be performed by different users, e.g., an administrator to create roles and a DevOps engineer to create the infrastructure. @@ -269,8 +270,8 @@ such as `PowerUserAccess`, or use the following minimal set of permissions: Follow Amazon's guide on [understanding](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) and [managing policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html). - - + + ### Authentication @@ -280,8 +281,8 @@ You need to authenticate with your CSP. The following lists the required steps f The steps for a *testing* environment are simpler. However, they may expose secrets to the CSP. If in doubt, follow the *production* steps. ::: - - + + **Testing** @@ -297,8 +298,8 @@ az login Other options are described in Azure's [authentication guide](https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli). - - + + **Testing** @@ -321,8 +322,8 @@ Use one of the following options on a trusted machine: Follow [Google's guide](https://cloud.google.com/docs/authentication/production#manually) for setting up your credentials. - - + + **Testing** @@ -338,9 +339,9 @@ aws configure Options and first steps are described in the [AWS CLI documentation](https://docs.aws.amazon.com/cli/index.html). - + - + ## Next steps diff --git a/docs/versioned_docs/version-2.3/workflows/config.md b/docs/versioned_docs/version-2.3/workflows/config.md index afd53812e..652e58a38 100644 --- a/docs/versioned_docs/version-2.3/workflows/config.md +++ b/docs/versioned_docs/version-2.3/workflows/config.md @@ -6,62 +6,62 @@ Before you can create your cluster, you need to configure the identity and acces You can generate a configuration file for your CSP by using the following CLI command: - - + + ```bash constellation config generate azure ``` - - + + ```bash constellation config generate gcp ``` - - + + ```bash constellation config generate aws ``` - - + + This creates the file `constellation-conf.yaml` in the current directory. ## Choosing a VM type Constellation supports the following VM types: - - + + By default, Constellation uses `Standard_DC4as_v5` CVMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. For CVMs, any VM type with a minimum of 4 vCPUs from the [DCasv5 & DCadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/dcasv5-dcadsv5-series) or [ECasv5 & ECadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/ecasv5-ecadsv5-series) families is supported. You can also run `constellation config instance-types` to get the list of all supported options. - - + + By default, Constellation uses `n2d-standard-4` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. Supported are all machines with a minimum of 4 vCPUs from the N2D family. Refer to [N2D machine series](https://cloud.google.com/compute/docs/general-purpose-machines#n2d_machines) or run `constellation config instance-types` to get the list of all supported options. - - + + By default, Constellation uses `m6a.xlarge` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. Supported are all nitroTPM-enabled machines with a minimum of 4 vCPUs (`xlarge` or larger). Refer to the [list of nitroTPM-enabled instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enable-nitrotpm-prerequisites.html) or run `constellation config instance-types` to get the list of all supported options. - - + + Fill the desired VM type into the **instanceType** field in the `constellation-conf.yml` file. ## Creating an IAM configuration You can create an IAM configuration for your cluster automatically using the `constellation iam create` command. - - + + You must be authenticated with the [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) in the shell session. @@ -84,8 +84,8 @@ Paste the output into the corresponding fields of the `constellation-conf.yaml` Since `clientSecretValue` is a sensitive value, you can leave it empty in the configuration file and pass it via an environment variable instead. To this end, create the environment variable `CONSTELL_AZURE_CLIENT_SECRET_VALUE` and set it to the secret value. ::: - - + + You must be authenticated with the [GCP CLI](https://cloud.google.com/sdk/gcloud) in the shell session. @@ -99,8 +99,8 @@ Note that only regions offering CVMs of the `N2D` series are supported. You can Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + + You must be authenticated with the [AWS CLI](https://aws.amazon.com/en/cli/) in the shell session. @@ -122,16 +122,16 @@ You can find a list of all [regions in AWS's documentation](https://docs.aws.ama Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + +
    Alternatively, you can manually create the IAM configuration on your CSP. The following describes the configuration fields and how you obtain the required information or create the required resources. - - + + * **subscription**: The UUID of your Azure subscription, e.g., `8b8bd01f-efd9-4113-9bd1-c82137c32da7`. @@ -175,9 +175,9 @@ The following describes the configuration fields and how you obtain the required Since this is a sensitive value, alternatively you can leave `clientSecretValue` empty in the configuration file and pass it via an environment variable instead. To this end, create the environment variable `CONSTELL_AZURE_CLIENT_SECRET_VALUE` and set it to the secret value. ::: - + - + * **project**: The ID of your GCP project, e.g., `constellation-129857`. @@ -201,9 +201,9 @@ The following describes the configuration fields and how you obtain the required Afterward, create and download a new JSON key for this service account. Place the downloaded file in your Constellation workspace, and set the config parameter to the filename, e.g., `constellation-129857-15343dba46cb.json`. - + - + * **region**: The name of your chosen AWS data center region, e.g., `us-east-2`. @@ -232,9 +232,9 @@ The following describes the configuration fields and how you obtain the required Alternatively, you can create the AWS profile with a tool of your choice. Use the JSON policy in [main.tf](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam/main.tf) in the resource `aws_iam_policy.worker_node_policy`. - + - +
    Now that you've configured your CSP, you can [create your cluster](./create.md). diff --git a/docs/versioned_docs/version-2.3/workflows/recovery.md b/docs/versioned_docs/version-2.3/workflows/recovery.md index fd610fc67..0fd171036 100644 --- a/docs/versioned_docs/version-2.3/workflows/recovery.md +++ b/docs/versioned_docs/version-2.3/workflows/recovery.md @@ -16,8 +16,8 @@ You can check the health status of the nodes via the cloud service provider (CSP Constellation provides logging information on the boot process and status via [cloud logging](troubleshooting.md#cloud-logging). In the following, you'll find detailed descriptions for identifying clusters stuck in recovery for each CSP. - - + + In the Azure portal, find the cluster's resource group. Inside the resource group, open the control plane *Virtual machine scale set* `constellation-scale-set-controlplanes-`. @@ -51,8 +51,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + First, check that the control plane *Instance Group* has enough members in a *Ready* state. In the GCP Console, go to **Instance Groups** and check the group for the cluster's control plane `-control-plane-`. @@ -87,8 +87,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + First, open the AWS console to view all Auto Scaling Groups (ASGs) in the region of your cluster. Select the ASG of the control plane `--control-plane` and check that enough members are in a *Running* state. @@ -118,8 +118,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + ## Recover a cluster diff --git a/docs/versioned_docs/version-2.3/workflows/scale.md b/docs/versioned_docs/version-2.3/workflows/scale.md index 3b7c0d479..bce045c66 100644 --- a/docs/versioned_docs/version-2.3/workflows/scale.md +++ b/docs/versioned_docs/version-2.3/workflows/scale.md @@ -48,23 +48,23 @@ kubectl -n kube-system get nodes Alternatively, you can manually scale your cluster up or down: - - + + 1. Find your Constellation resource group. 2. Select the `scale-set-workers`. 3. Go to **settings** and **scaling**. 4. Set the new **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **worker** instance group. 3. Set the new **number of instances** and **save**. - - + + :::caution @@ -72,8 +72,8 @@ Scaling isn't yet implemented for AWS. If you require this feature, [let us know ::: - - + + ## Control-plane node scaling @@ -81,24 +81,24 @@ Control-plane nodes can **only be scaled manually and only scaled up**! To increase the number of control-plane nodes, follow these steps: - + - + 1. Find your Constellation resource group. 2. Select the `scale-set-controlplanes`. 3. Go to **settings** and **scaling**. 4. Set the new (increased) **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **control-plane** instance group. 3. Set the new (increased) **number of instances** and **save**. - - + + :::caution @@ -106,7 +106,7 @@ Scaling isn't yet implemented for AWS. If you require this feature, [let us know ::: - - + + If you scale down the number of control-planes nodes, the removed nodes won't be able to exit the `etcd` cluster correctly. This will endanger the quorum that's required to run a stable Kubernetes control plane. diff --git a/docs/versioned_docs/version-2.3/workflows/storage.md b/docs/versioned_docs/version-2.3/workflows/storage.md index d0e5b188f..be9998676 100644 --- a/docs/versioned_docs/version-2.3/workflows/storage.md +++ b/docs/versioned_docs/version-2.3/workflows/storage.md @@ -21,14 +21,14 @@ For more details see [encrypted persistent storage](../architecture/encrypted-st Constellation supports the following drivers, which offer node-level encryption and optional integrity protection. - - + + **Constellation CSI driver for Azure Disk**: Mount Azure [Disk Storage](https://azure.microsoft.com/en-us/services/storage/disks/#overview) into your Constellation cluster. See the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-azuredisk-csi-driver) for more information. Since Azure Disks are mounted as ReadWriteOnce, they're only available to a single pod. - - + + **Constellation CSI driver for GCP Persistent Disk**: Mount [Persistent Disk](https://cloud.google.com/persistent-disk) block storage into your Constellation cluster. @@ -36,8 +36,8 @@ This includes support for [volume snapshots](https://cloud.google.com/kubernetes You can use them to bring a volume back to a prior state or provision new volumes. Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-gcp-compute-persistent-disk-csi-driver) for information about the configuration. - - + + :::caution @@ -47,8 +47,8 @@ You may use other (non-confidential) CSI drivers that are compatible with Kubern ::: - - + + Note that in case the options above aren't a suitable solution for you, Constellation is compatible with all other CSI-based storage options. For example, you can use [Azure Files](https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction) or [GCP Filestore](https://cloud.google.com/filestore) with Constellation out of the box. Constellation is just not providing transparent encryption on the node level for these storage types yet. @@ -57,8 +57,8 @@ Note that in case the options above aren't a suitable solution for you, Constell The Constellation CLI automatically installs Constellation's CSI driver for the selected CSP in your cluster. If you don't need a CSI driver or wish to deploy your own, you can disable the automatic installation by setting `deployCSIDriver` to `false` in your Constellation config file. - - + + Azure comes with two storage classes by default. @@ -86,8 +86,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + GCP comes with two storage classes by default. @@ -115,8 +115,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + :::caution @@ -126,8 +126,8 @@ You may use other (non-confidential) CSI drivers that are compatible with Kubern ::: - - + + 1. Create a [persistent volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) @@ -186,8 +186,8 @@ The default storage class is responsible for all persistent volume claims that d Constellation creates a storage class with encryption enabled and sets this as the default class. In case you wish to change it, follow the steps below: - - + + 1. List the storage classes in your cluster: @@ -233,8 +233,8 @@ In case you wish to change it, follow the steps below: integrity-encrypted-rwo (default) azuredisk.csi.confidential.cloud Delete Immediate false 1d ``` - - + + 1. List the storage classes in your cluster: @@ -280,8 +280,8 @@ In case you wish to change it, follow the steps below: integrity-encrypted-rwo (default) gcp.csi.confidential.cloud Delete Immediate false 1d ``` - - + + :::caution @@ -291,5 +291,5 @@ You may use other (non-confidential) CSI drivers that are compatible with Kubern ::: - - + + diff --git a/docs/versioned_docs/version-2.3/workflows/troubleshooting.md b/docs/versioned_docs/version-2.3/workflows/troubleshooting.md index 3a28c9cd0..f948f5d06 100644 --- a/docs/versioned_docs/version-2.3/workflows/troubleshooting.md +++ b/docs/versioned_docs/version-2.3/workflows/troubleshooting.md @@ -5,6 +5,7 @@ This section aids you in finding problems when working with Constellation. ## Azure: Resource Providers can't be registered On Azure, you may receive the following error when running `create` or `terminate` with limited IAM permissions: + ```shell-session Error: Error ensuring Resource Providers are registered. @@ -21,11 +22,13 @@ To continue, please ensure that the [required resource providers](../getting-sta Afterward, set `ARM_SKIP_PROVIDER_REGISTRATION=true` as an environment variable and either run `create` or `terminate` again. For example: + ```bash ARM_SKIP_PROVIDER_REGISTRATION=true constellation create --control-plane-nodes 1 --worker-nodes 2 -y ``` Or alternatively, for `terminate`: + ```bash ARM_SKIP_PROVIDER_REGISTRATION=true constellation terminate ``` @@ -36,8 +39,8 @@ To provide information during early stages of the node's boot process, Constella You can view these information in the follow places: - - + + 1. In your Azure subscription find the Constellation resource group. 2. Inside the resource group find the Application Insights resource called `constellation-insights-*`. @@ -47,8 +50,8 @@ You can view these information in the follow places: To **find the disk UUIDs** use the following query: `traces | where message contains "Disk UUID"` - - + + 1. Select the project that hosts Constellation. 2. Go to the `Compute Engine` service. @@ -63,16 +66,16 @@ Constellation uses the default bucket to store logs. Its [default retention peri ::: - - + + 1. Open [AWS CloudWatch](https://console.aws.amazon.com/cloudwatch/home) 2. Select [Log Groups](https://console.aws.amazon.com/cloudwatch/home#logsV2:log-groups) 3. Select the log group that matches the name of your cluster. 4. Select the log stream for control or worker type nodes. - - + + ## Connect to nodes diff --git a/docs/versioned_docs/version-2.4/architecture/attestation.md b/docs/versioned_docs/version-2.4/architecture/attestation.md index f335038f6..28e8e62cf 100644 --- a/docs/versioned_docs/version-2.4/architecture/attestation.md +++ b/docs/versioned_docs/version-2.4/architecture/attestation.md @@ -121,8 +121,8 @@ Constellation allows to specify in the config which measurements should be enfor Enforcing non-reproducible measurements controlled by the cloud provider means that changes in these values require manual updates to the cluster's config. By default, Constellation only enforces measurements that are stable values produced by the infrastructure or by Constellation directly. - - + + Constellation uses the [vTPM](https://docs.microsoft.com/en-us/azure/virtual-machines/trusted-launch#vtpm) feature of Azure CVMs for runtime measurements. This vTPM adheres to the [TPM 2.0](https://trustedcomputinggroup.org/resource/tpm-library-specification/) specification. @@ -152,8 +152,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://cloud.google.com/compute/confidential-vm/docs/about-cvm) feature of CVMs on GCP for runtime measurements. Note that this vTPM doesn't run inside the hardware-protected CVM context, but is emulated by the hypervisor. @@ -185,8 +185,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) (NitroTPM) feature of the [AWS Nitro System](http://aws.amazon.com/ec2/nitro/) on AWS for runtime measurements. @@ -217,8 +217,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + ## Cluster attestation diff --git a/docs/versioned_docs/version-2.4/getting-started/first-steps.md b/docs/versioned_docs/version-2.4/getting-started/first-steps.md index 768e8dfcd..d277b9e09 100644 --- a/docs/versioned_docs/version-2.4/getting-started/first-steps.md +++ b/docs/versioned_docs/version-2.4/getting-started/first-steps.md @@ -11,29 +11,29 @@ If you don't have a cloud subscription, check out [MiniConstellation](first-step 1. Create the configuration file for your selected cloud provider. - - + + ```bash constellation config generate azure ``` - - + + ```bash constellation config generate gcp ``` - - + + ```bash constellation config generate aws ``` - - + + This creates the file `constellation-conf.yaml` in your current working directory. @@ -41,9 +41,9 @@ If you don't have a cloud subscription, check out [MiniConstellation](first-step First you need to create an [IAM configuration](../workflows/config.md#creating-an-iam-configuration). The easiest way to do this is the following CLI command: - + - + ```bash constellation iam create azure --region=westus --resourceGroup=constellTest --servicePrincipal=spTest @@ -57,9 +57,9 @@ If you don't have a cloud subscription, check out [MiniConstellation](first-step * `northeurope` * `westeurope` - + - + ```bash constellation iam create gcp --projectID=yourproject-12345 --zone=europe-west2-a --serviceAccountID=constell-test @@ -69,9 +69,9 @@ If you don't have a cloud subscription, check out [MiniConstellation](first-step Note that only regions offering CVMs of the `N2D` series are supported. You can find a [list of all regions in Google's documentation](https://cloud.google.com/compute/docs/regions-zones#available), which you can filter by machine type `N2D`. - + - + ```bash constellation iam create aws --zone=eu-central-1a --prefix=constellTest @@ -88,8 +88,8 @@ If you don't have a cloud subscription, check out [MiniConstellation](first-step You can find a list of all [regions in AWS's documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions). - - + + Now, fill the output values of the command into the corresponding fields of the `constellation-conf.yaml` file. diff --git a/docs/versioned_docs/version-2.4/getting-started/install.md b/docs/versioned_docs/version-2.4/getting-started/install.md index d830c7792..36d8f541a 100644 --- a/docs/versioned_docs/version-2.4/getting-started/install.md +++ b/docs/versioned_docs/version-2.4/getting-started/install.md @@ -18,8 +18,8 @@ Make sure the following requirements are met: The CLI executable is available at [GitHub](https://github.com/edgelesssys/constellation/releases). Install it with the following commands: - - + + 1. Download the CLI: @@ -35,8 +35,8 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-amd64 /usr/local/bin/constellation ``` - - + + 1. Download the CLI: @@ -52,9 +52,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-arm64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -70,9 +70,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-arm64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -88,8 +88,8 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-amd64 /usr/local/bin/constellation ``` - - + + :::tip The CLI supports autocompletion for various shells. To set it up, run `constellation completion` and follow the given steps. @@ -105,14 +105,15 @@ If you don't have a cloud subscription, you can try [MiniConstellation](first-st ### Required permissions - - + + The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription: -* `Microsoft.Compute` -* `Microsoft.ManagedIdentity` -* `Microsoft.Network` -* `microsoft.insights` + +- `Microsoft.Compute` +- `Microsoft.ManagedIdentity` +- `Microsoft.Network` +- `microsoft.insights` By default, Constellation tries to register these automatically if they haven't been registered before. @@ -124,8 +125,8 @@ You need the following permissions for your user account: If you don't have these permissions with scope *subscription*, ask your administrator to [create the service account and a resource group for your Constellation cluster](first-steps.md). Your user account needs the `Contributor` permission scoped to this resource group. - - + + Create a new project for Constellation or use an existing one. Enable the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com) on it. @@ -137,8 +138,8 @@ You need the following permissions on this project: Follow Google's guide on [understanding](https://cloud.google.com/iam/docs/understanding-roles) and [assigning roles](https://cloud.google.com/iam/docs/granting-changing-revoking-access). - - + + To set up a Constellation cluster, you need to perform two tasks that require permissions: create the infrastructure and create roles for cluster nodes. Both of these actions can be performed by different users, e.g., an administrator to create roles and a DevOps engineer to create the infrastructure. @@ -269,8 +270,8 @@ such as `PowerUserAccess`, or use the following minimal set of permissions: Follow Amazon's guide on [understanding](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) and [managing policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html). - - + + ### Authentication @@ -280,8 +281,8 @@ You need to authenticate with your CSP. The following lists the required steps f The steps for a *testing* environment are simpler. However, they may expose secrets to the CSP. If in doubt, follow the *production* steps. ::: - - + + **Testing** @@ -297,8 +298,8 @@ az login Other options are described in Azure's [authentication guide](https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli). - - + + **Testing** @@ -321,8 +322,8 @@ Use one of the following options on a trusted machine: Follow [Google's guide](https://cloud.google.com/docs/authentication/production#manually) for setting up your credentials. - - + + **Testing** @@ -338,9 +339,9 @@ aws configure Options and first steps are described in the [AWS CLI documentation](https://docs.aws.amazon.com/cli/index.html). - + - + ## Next steps diff --git a/docs/versioned_docs/version-2.4/workflows/config.md b/docs/versioned_docs/version-2.4/workflows/config.md index afd53812e..652e58a38 100644 --- a/docs/versioned_docs/version-2.4/workflows/config.md +++ b/docs/versioned_docs/version-2.4/workflows/config.md @@ -6,62 +6,62 @@ Before you can create your cluster, you need to configure the identity and acces You can generate a configuration file for your CSP by using the following CLI command: - - + + ```bash constellation config generate azure ``` - - + + ```bash constellation config generate gcp ``` - - + + ```bash constellation config generate aws ``` - - + + This creates the file `constellation-conf.yaml` in the current directory. ## Choosing a VM type Constellation supports the following VM types: - - + + By default, Constellation uses `Standard_DC4as_v5` CVMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. For CVMs, any VM type with a minimum of 4 vCPUs from the [DCasv5 & DCadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/dcasv5-dcadsv5-series) or [ECasv5 & ECadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/ecasv5-ecadsv5-series) families is supported. You can also run `constellation config instance-types` to get the list of all supported options. - - + + By default, Constellation uses `n2d-standard-4` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. Supported are all machines with a minimum of 4 vCPUs from the N2D family. Refer to [N2D machine series](https://cloud.google.com/compute/docs/general-purpose-machines#n2d_machines) or run `constellation config instance-types` to get the list of all supported options. - - + + By default, Constellation uses `m6a.xlarge` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. Supported are all nitroTPM-enabled machines with a minimum of 4 vCPUs (`xlarge` or larger). Refer to the [list of nitroTPM-enabled instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enable-nitrotpm-prerequisites.html) or run `constellation config instance-types` to get the list of all supported options. - - + + Fill the desired VM type into the **instanceType** field in the `constellation-conf.yml` file. ## Creating an IAM configuration You can create an IAM configuration for your cluster automatically using the `constellation iam create` command. - - + + You must be authenticated with the [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) in the shell session. @@ -84,8 +84,8 @@ Paste the output into the corresponding fields of the `constellation-conf.yaml` Since `clientSecretValue` is a sensitive value, you can leave it empty in the configuration file and pass it via an environment variable instead. To this end, create the environment variable `CONSTELL_AZURE_CLIENT_SECRET_VALUE` and set it to the secret value. ::: - - + + You must be authenticated with the [GCP CLI](https://cloud.google.com/sdk/gcloud) in the shell session. @@ -99,8 +99,8 @@ Note that only regions offering CVMs of the `N2D` series are supported. You can Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + + You must be authenticated with the [AWS CLI](https://aws.amazon.com/en/cli/) in the shell session. @@ -122,16 +122,16 @@ You can find a list of all [regions in AWS's documentation](https://docs.aws.ama Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + +
    Alternatively, you can manually create the IAM configuration on your CSP. The following describes the configuration fields and how you obtain the required information or create the required resources. - - + + * **subscription**: The UUID of your Azure subscription, e.g., `8b8bd01f-efd9-4113-9bd1-c82137c32da7`. @@ -175,9 +175,9 @@ The following describes the configuration fields and how you obtain the required Since this is a sensitive value, alternatively you can leave `clientSecretValue` empty in the configuration file and pass it via an environment variable instead. To this end, create the environment variable `CONSTELL_AZURE_CLIENT_SECRET_VALUE` and set it to the secret value. ::: - + - + * **project**: The ID of your GCP project, e.g., `constellation-129857`. @@ -201,9 +201,9 @@ The following describes the configuration fields and how you obtain the required Afterward, create and download a new JSON key for this service account. Place the downloaded file in your Constellation workspace, and set the config parameter to the filename, e.g., `constellation-129857-15343dba46cb.json`. - + - + * **region**: The name of your chosen AWS data center region, e.g., `us-east-2`. @@ -232,9 +232,9 @@ The following describes the configuration fields and how you obtain the required Alternatively, you can create the AWS profile with a tool of your choice. Use the JSON policy in [main.tf](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam/main.tf) in the resource `aws_iam_policy.worker_node_policy`. - + - +
    Now that you've configured your CSP, you can [create your cluster](./create.md). diff --git a/docs/versioned_docs/version-2.4/workflows/recovery.md b/docs/versioned_docs/version-2.4/workflows/recovery.md index fd610fc67..0fd171036 100644 --- a/docs/versioned_docs/version-2.4/workflows/recovery.md +++ b/docs/versioned_docs/version-2.4/workflows/recovery.md @@ -16,8 +16,8 @@ You can check the health status of the nodes via the cloud service provider (CSP Constellation provides logging information on the boot process and status via [cloud logging](troubleshooting.md#cloud-logging). In the following, you'll find detailed descriptions for identifying clusters stuck in recovery for each CSP. - - + + In the Azure portal, find the cluster's resource group. Inside the resource group, open the control plane *Virtual machine scale set* `constellation-scale-set-controlplanes-`. @@ -51,8 +51,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + First, check that the control plane *Instance Group* has enough members in a *Ready* state. In the GCP Console, go to **Instance Groups** and check the group for the cluster's control plane `-control-plane-`. @@ -87,8 +87,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + First, open the AWS console to view all Auto Scaling Groups (ASGs) in the region of your cluster. Select the ASG of the control plane `--control-plane` and check that enough members are in a *Running* state. @@ -118,8 +118,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + ## Recover a cluster diff --git a/docs/versioned_docs/version-2.4/workflows/scale.md b/docs/versioned_docs/version-2.4/workflows/scale.md index 3b7c0d479..bce045c66 100644 --- a/docs/versioned_docs/version-2.4/workflows/scale.md +++ b/docs/versioned_docs/version-2.4/workflows/scale.md @@ -48,23 +48,23 @@ kubectl -n kube-system get nodes Alternatively, you can manually scale your cluster up or down: - - + + 1. Find your Constellation resource group. 2. Select the `scale-set-workers`. 3. Go to **settings** and **scaling**. 4. Set the new **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **worker** instance group. 3. Set the new **number of instances** and **save**. - - + + :::caution @@ -72,8 +72,8 @@ Scaling isn't yet implemented for AWS. If you require this feature, [let us know ::: - - + + ## Control-plane node scaling @@ -81,24 +81,24 @@ Control-plane nodes can **only be scaled manually and only scaled up**! To increase the number of control-plane nodes, follow these steps: - + - + 1. Find your Constellation resource group. 2. Select the `scale-set-controlplanes`. 3. Go to **settings** and **scaling**. 4. Set the new (increased) **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **control-plane** instance group. 3. Set the new (increased) **number of instances** and **save**. - - + + :::caution @@ -106,7 +106,7 @@ Scaling isn't yet implemented for AWS. If you require this feature, [let us know ::: - - + + If you scale down the number of control-planes nodes, the removed nodes won't be able to exit the `etcd` cluster correctly. This will endanger the quorum that's required to run a stable Kubernetes control plane. diff --git a/docs/versioned_docs/version-2.4/workflows/storage.md b/docs/versioned_docs/version-2.4/workflows/storage.md index d0e5b188f..be9998676 100644 --- a/docs/versioned_docs/version-2.4/workflows/storage.md +++ b/docs/versioned_docs/version-2.4/workflows/storage.md @@ -21,14 +21,14 @@ For more details see [encrypted persistent storage](../architecture/encrypted-st Constellation supports the following drivers, which offer node-level encryption and optional integrity protection. - - + + **Constellation CSI driver for Azure Disk**: Mount Azure [Disk Storage](https://azure.microsoft.com/en-us/services/storage/disks/#overview) into your Constellation cluster. See the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-azuredisk-csi-driver) for more information. Since Azure Disks are mounted as ReadWriteOnce, they're only available to a single pod. - - + + **Constellation CSI driver for GCP Persistent Disk**: Mount [Persistent Disk](https://cloud.google.com/persistent-disk) block storage into your Constellation cluster. @@ -36,8 +36,8 @@ This includes support for [volume snapshots](https://cloud.google.com/kubernetes You can use them to bring a volume back to a prior state or provision new volumes. Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-gcp-compute-persistent-disk-csi-driver) for information about the configuration. - - + + :::caution @@ -47,8 +47,8 @@ You may use other (non-confidential) CSI drivers that are compatible with Kubern ::: - - + + Note that in case the options above aren't a suitable solution for you, Constellation is compatible with all other CSI-based storage options. For example, you can use [Azure Files](https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction) or [GCP Filestore](https://cloud.google.com/filestore) with Constellation out of the box. Constellation is just not providing transparent encryption on the node level for these storage types yet. @@ -57,8 +57,8 @@ Note that in case the options above aren't a suitable solution for you, Constell The Constellation CLI automatically installs Constellation's CSI driver for the selected CSP in your cluster. If you don't need a CSI driver or wish to deploy your own, you can disable the automatic installation by setting `deployCSIDriver` to `false` in your Constellation config file. - - + + Azure comes with two storage classes by default. @@ -86,8 +86,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + GCP comes with two storage classes by default. @@ -115,8 +115,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + :::caution @@ -126,8 +126,8 @@ You may use other (non-confidential) CSI drivers that are compatible with Kubern ::: - - + + 1. Create a [persistent volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) @@ -186,8 +186,8 @@ The default storage class is responsible for all persistent volume claims that d Constellation creates a storage class with encryption enabled and sets this as the default class. In case you wish to change it, follow the steps below: - - + + 1. List the storage classes in your cluster: @@ -233,8 +233,8 @@ In case you wish to change it, follow the steps below: integrity-encrypted-rwo (default) azuredisk.csi.confidential.cloud Delete Immediate false 1d ``` - - + + 1. List the storage classes in your cluster: @@ -280,8 +280,8 @@ In case you wish to change it, follow the steps below: integrity-encrypted-rwo (default) gcp.csi.confidential.cloud Delete Immediate false 1d ``` - - + + :::caution @@ -291,5 +291,5 @@ You may use other (non-confidential) CSI drivers that are compatible with Kubern ::: - - + + diff --git a/docs/versioned_docs/version-2.4/workflows/troubleshooting.md b/docs/versioned_docs/version-2.4/workflows/troubleshooting.md index 3a28c9cd0..f948f5d06 100644 --- a/docs/versioned_docs/version-2.4/workflows/troubleshooting.md +++ b/docs/versioned_docs/version-2.4/workflows/troubleshooting.md @@ -5,6 +5,7 @@ This section aids you in finding problems when working with Constellation. ## Azure: Resource Providers can't be registered On Azure, you may receive the following error when running `create` or `terminate` with limited IAM permissions: + ```shell-session Error: Error ensuring Resource Providers are registered. @@ -21,11 +22,13 @@ To continue, please ensure that the [required resource providers](../getting-sta Afterward, set `ARM_SKIP_PROVIDER_REGISTRATION=true` as an environment variable and either run `create` or `terminate` again. For example: + ```bash ARM_SKIP_PROVIDER_REGISTRATION=true constellation create --control-plane-nodes 1 --worker-nodes 2 -y ``` Or alternatively, for `terminate`: + ```bash ARM_SKIP_PROVIDER_REGISTRATION=true constellation terminate ``` @@ -36,8 +39,8 @@ To provide information during early stages of the node's boot process, Constella You can view these information in the follow places: - - + + 1. In your Azure subscription find the Constellation resource group. 2. Inside the resource group find the Application Insights resource called `constellation-insights-*`. @@ -47,8 +50,8 @@ You can view these information in the follow places: To **find the disk UUIDs** use the following query: `traces | where message contains "Disk UUID"` - - + + 1. Select the project that hosts Constellation. 2. Go to the `Compute Engine` service. @@ -63,16 +66,16 @@ Constellation uses the default bucket to store logs. Its [default retention peri ::: - - + + 1. Open [AWS CloudWatch](https://console.aws.amazon.com/cloudwatch/home) 2. Select [Log Groups](https://console.aws.amazon.com/cloudwatch/home#logsV2:log-groups) 3. Select the log group that matches the name of your cluster. 4. Select the log stream for control or worker type nodes. - - + + ## Connect to nodes diff --git a/docs/versioned_docs/version-2.5/architecture/attestation.md b/docs/versioned_docs/version-2.5/architecture/attestation.md index f335038f6..28e8e62cf 100644 --- a/docs/versioned_docs/version-2.5/architecture/attestation.md +++ b/docs/versioned_docs/version-2.5/architecture/attestation.md @@ -121,8 +121,8 @@ Constellation allows to specify in the config which measurements should be enfor Enforcing non-reproducible measurements controlled by the cloud provider means that changes in these values require manual updates to the cluster's config. By default, Constellation only enforces measurements that are stable values produced by the infrastructure or by Constellation directly. - - + + Constellation uses the [vTPM](https://docs.microsoft.com/en-us/azure/virtual-machines/trusted-launch#vtpm) feature of Azure CVMs for runtime measurements. This vTPM adheres to the [TPM 2.0](https://trustedcomputinggroup.org/resource/tpm-library-specification/) specification. @@ -152,8 +152,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://cloud.google.com/compute/confidential-vm/docs/about-cvm) feature of CVMs on GCP for runtime measurements. Note that this vTPM doesn't run inside the hardware-protected CVM context, but is emulated by the hypervisor. @@ -185,8 +185,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) (NitroTPM) feature of the [AWS Nitro System](http://aws.amazon.com/ec2/nitro/) on AWS for runtime measurements. @@ -217,8 +217,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + ## Cluster attestation diff --git a/docs/versioned_docs/version-2.5/getting-started/first-steps.md b/docs/versioned_docs/version-2.5/getting-started/first-steps.md index 4e89bb0f2..02b60d45a 100644 --- a/docs/versioned_docs/version-2.5/getting-started/first-steps.md +++ b/docs/versioned_docs/version-2.5/getting-started/first-steps.md @@ -13,9 +13,9 @@ If you don't have a cloud subscription, check out [MiniConstellation](first-step First, you need to create a [configuration file](../workflows/config.md) and an [IAM configuration](../workflows/config.md#creating-an-iam-configuration). The easiest way to do this is the following CLI command: - + - + ```bash constellation iam create azure --region=westus --resourceGroup=constellTest --servicePrincipal=spTest --generate-config @@ -29,9 +29,9 @@ If you don't have a cloud subscription, check out [MiniConstellation](first-step * `northeurope` * `westeurope` - + - + ```bash constellation iam create gcp --projectID=yourproject-12345 --zone=europe-west2-a --serviceAccountID=constell-test --generate-config @@ -41,9 +41,9 @@ If you don't have a cloud subscription, check out [MiniConstellation](first-step Note that only regions offering CVMs of the `N2D` series are supported. You can find a [list of all regions in Google's documentation](https://cloud.google.com/compute/docs/regions-zones#available), which you can filter by machine type `N2D`. - + - + ```bash constellation iam create aws --zone=eu-central-1a --prefix=constellTest --generate-config @@ -60,8 +60,8 @@ If you don't have a cloud subscription, check out [MiniConstellation](first-step You can find a list of all [regions in AWS's documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions). - - + + :::tip To learn about all options you have for managing IAM resources and Constellation configuration, see the [Configuration workflow](../workflows/config.md). diff --git a/docs/versioned_docs/version-2.5/getting-started/install.md b/docs/versioned_docs/version-2.5/getting-started/install.md index d830c7792..36d8f541a 100644 --- a/docs/versioned_docs/version-2.5/getting-started/install.md +++ b/docs/versioned_docs/version-2.5/getting-started/install.md @@ -18,8 +18,8 @@ Make sure the following requirements are met: The CLI executable is available at [GitHub](https://github.com/edgelesssys/constellation/releases). Install it with the following commands: - - + + 1. Download the CLI: @@ -35,8 +35,8 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-amd64 /usr/local/bin/constellation ``` - - + + 1. Download the CLI: @@ -52,9 +52,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-arm64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -70,9 +70,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-arm64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -88,8 +88,8 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-amd64 /usr/local/bin/constellation ``` - - + + :::tip The CLI supports autocompletion for various shells. To set it up, run `constellation completion` and follow the given steps. @@ -105,14 +105,15 @@ If you don't have a cloud subscription, you can try [MiniConstellation](first-st ### Required permissions - - + + The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription: -* `Microsoft.Compute` -* `Microsoft.ManagedIdentity` -* `Microsoft.Network` -* `microsoft.insights` + +- `Microsoft.Compute` +- `Microsoft.ManagedIdentity` +- `Microsoft.Network` +- `microsoft.insights` By default, Constellation tries to register these automatically if they haven't been registered before. @@ -124,8 +125,8 @@ You need the following permissions for your user account: If you don't have these permissions with scope *subscription*, ask your administrator to [create the service account and a resource group for your Constellation cluster](first-steps.md). Your user account needs the `Contributor` permission scoped to this resource group. - - + + Create a new project for Constellation or use an existing one. Enable the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com) on it. @@ -137,8 +138,8 @@ You need the following permissions on this project: Follow Google's guide on [understanding](https://cloud.google.com/iam/docs/understanding-roles) and [assigning roles](https://cloud.google.com/iam/docs/granting-changing-revoking-access). - - + + To set up a Constellation cluster, you need to perform two tasks that require permissions: create the infrastructure and create roles for cluster nodes. Both of these actions can be performed by different users, e.g., an administrator to create roles and a DevOps engineer to create the infrastructure. @@ -269,8 +270,8 @@ such as `PowerUserAccess`, or use the following minimal set of permissions: Follow Amazon's guide on [understanding](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) and [managing policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html). - - + + ### Authentication @@ -280,8 +281,8 @@ You need to authenticate with your CSP. The following lists the required steps f The steps for a *testing* environment are simpler. However, they may expose secrets to the CSP. If in doubt, follow the *production* steps. ::: - - + + **Testing** @@ -297,8 +298,8 @@ az login Other options are described in Azure's [authentication guide](https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli). - - + + **Testing** @@ -321,8 +322,8 @@ Use one of the following options on a trusted machine: Follow [Google's guide](https://cloud.google.com/docs/authentication/production#manually) for setting up your credentials. - - + + **Testing** @@ -338,9 +339,9 @@ aws configure Options and first steps are described in the [AWS CLI documentation](https://docs.aws.amazon.com/cli/index.html). - + - + ## Next steps diff --git a/docs/versioned_docs/version-2.5/workflows/config.md b/docs/versioned_docs/version-2.5/workflows/config.md index 100dedc8c..2edf3bdf6 100644 --- a/docs/versioned_docs/version-2.5/workflows/config.md +++ b/docs/versioned_docs/version-2.5/workflows/config.md @@ -6,29 +6,29 @@ Before you can create your cluster, you need to configure the identity and acces You can generate a configuration file for your CSP by using the following CLI command: - - + + ```bash constellation config generate azure ``` - - + + ```bash constellation config generate gcp ``` - - + + ```bash constellation config generate aws ``` - - + + This creates the file `constellation-conf.yaml` in the current directory. @@ -39,25 +39,25 @@ You can also automatically generate a configuration file by adding the `--genera ## Choosing a VM type Constellation supports the following VM types: - - + + By default, Constellation uses `Standard_DC4as_v5` CVMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. For CVMs, any VM type with a minimum of 4 vCPUs from the [DCasv5 & DCadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/dcasv5-dcadsv5-series) or [ECasv5 & ECadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/ecasv5-ecadsv5-series) families is supported. You can also run `constellation config instance-types` to get the list of all supported options. - - + + By default, Constellation uses `n2d-standard-4` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. Supported are all machines with a minimum of 4 vCPUs from the N2D family. Refer to [N2D machine series](https://cloud.google.com/compute/docs/general-purpose-machines#n2d_machines) or run `constellation config instance-types` to get the list of all supported options. - - + + By default, Constellation uses `m6a.xlarge` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. Supported are all nitroTPM-enabled machines with a minimum of 4 vCPUs (`xlarge` or larger). Refer to the [list of nitroTPM-enabled instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enable-nitrotpm-prerequisites.html) or run `constellation config instance-types` to get the list of all supported options. - - + + Fill the desired VM type into the **instanceType** field in the `constellation-conf.yml` file. @@ -66,8 +66,8 @@ Fill the desired VM type into the **instanceType** field in the `constellation-c You can create an IAM configuration for your cluster automatically using the `constellation iam create` command. If you haven't generated a configuration file yet, you can do so by adding the `--generate-config` flag to the command. This creates a configuration file and populates it with the created IAM values. - - + + You must be authenticated with the [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) in the shell session. @@ -90,8 +90,8 @@ Paste the output into the corresponding fields of the `constellation-conf.yaml` Since `clientSecretValue` is a sensitive value, you can leave it empty in the configuration file and pass it via an environment variable instead. To this end, create the environment variable `CONSTELL_AZURE_CLIENT_SECRET_VALUE` and set it to the secret value. ::: - - + + You must be authenticated with the [GCP CLI](https://cloud.google.com/sdk/gcloud) in the shell session. @@ -105,8 +105,8 @@ Note that only regions offering CVMs of the `N2D` series are supported. You can Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + + You must be authenticated with the [AWS CLI](https://aws.amazon.com/en/cli/) in the shell session. @@ -128,16 +128,16 @@ You can find a list of all [regions in AWS's documentation](https://docs.aws.ama Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + +
    Alternatively, you can manually create the IAM configuration on your CSP. The following describes the configuration fields and how you obtain the required information or create the required resources. - - + + * **subscription**: The UUID of your Azure subscription, e.g., `8b8bd01f-efd9-4113-9bd1-c82137c32da7`. @@ -181,9 +181,9 @@ The following describes the configuration fields and how you obtain the required Since this is a sensitive value, alternatively you can leave `clientSecretValue` empty in the configuration file and pass it via an environment variable instead. To this end, create the environment variable `CONSTELL_AZURE_CLIENT_SECRET_VALUE` and set it to the secret value. ::: - + - + * **project**: The ID of your GCP project, e.g., `constellation-129857`. @@ -207,9 +207,9 @@ The following describes the configuration fields and how you obtain the required Afterward, create and download a new JSON key for this service account. Place the downloaded file in your Constellation workspace, and set the config parameter to the filename, e.g., `constellation-129857-15343dba46cb.json`. - + - + * **region**: The name of your chosen AWS data center region, e.g., `us-east-2`. @@ -238,9 +238,9 @@ The following describes the configuration fields and how you obtain the required Alternatively, you can create the AWS profile with a tool of your choice. Use the JSON policy in [main.tf](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam/main.tf) in the resource `aws_iam_policy.worker_node_policy`. - + - +
    Now that you've configured your CSP, you can [create your cluster](./create.md). diff --git a/docs/versioned_docs/version-2.5/workflows/create.md b/docs/versioned_docs/version-2.5/workflows/create.md index 7fc991fd7..115effbdf 100644 --- a/docs/versioned_docs/version-2.5/workflows/create.md +++ b/docs/versioned_docs/version-2.5/workflows/create.md @@ -18,8 +18,8 @@ Before you create the cluster, make sure to have a [valid configuration file](./ ### Create - - + + Choose the initial size of your cluster. The following command creates a cluster with one control-plane and two worker nodes: @@ -32,8 +32,8 @@ For details on the flags, consult the command help via `constellation create -h` *create* stores your cluster's state into a [`terraform.tfstate`](../architecture/orchestration.md#cluster-creation-process) file in your workspace. - - + + Constellation supports managing the infrastructure via Terraform. This allows for an easier GitOps integration as well as meeting regulatory requirements. Since the Constellation CLI also uses Terraform under the hood, you can reuse the same Terraform files. @@ -68,8 +68,8 @@ CONSTELL_CSP=$(cat constellation-conf.yaml | yq ".provider | keys | .[0]") jq --null-input --arg cloudprovider "$CONSTELL_CSP" --arg ip "$CONSTELL_IP" --arg initsecret "$CONSTELL_INIT_SECRET" '{"cloudprovider":$cloudprovider,"ip":$ip,"initsecret":$initsecret}' > constellation-id.json ``` - - + + ## The *init* step diff --git a/docs/versioned_docs/version-2.5/workflows/recovery.md b/docs/versioned_docs/version-2.5/workflows/recovery.md index fd610fc67..0fd171036 100644 --- a/docs/versioned_docs/version-2.5/workflows/recovery.md +++ b/docs/versioned_docs/version-2.5/workflows/recovery.md @@ -16,8 +16,8 @@ You can check the health status of the nodes via the cloud service provider (CSP Constellation provides logging information on the boot process and status via [cloud logging](troubleshooting.md#cloud-logging). In the following, you'll find detailed descriptions for identifying clusters stuck in recovery for each CSP. - - + + In the Azure portal, find the cluster's resource group. Inside the resource group, open the control plane *Virtual machine scale set* `constellation-scale-set-controlplanes-`. @@ -51,8 +51,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + First, check that the control plane *Instance Group* has enough members in a *Ready* state. In the GCP Console, go to **Instance Groups** and check the group for the cluster's control plane `-control-plane-`. @@ -87,8 +87,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + First, open the AWS console to view all Auto Scaling Groups (ASGs) in the region of your cluster. Select the ASG of the control plane `--control-plane` and check that enough members are in a *Running* state. @@ -118,8 +118,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + ## Recover a cluster diff --git a/docs/versioned_docs/version-2.5/workflows/scale.md b/docs/versioned_docs/version-2.5/workflows/scale.md index 3b7c0d479..bce045c66 100644 --- a/docs/versioned_docs/version-2.5/workflows/scale.md +++ b/docs/versioned_docs/version-2.5/workflows/scale.md @@ -48,23 +48,23 @@ kubectl -n kube-system get nodes Alternatively, you can manually scale your cluster up or down: - - + + 1. Find your Constellation resource group. 2. Select the `scale-set-workers`. 3. Go to **settings** and **scaling**. 4. Set the new **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **worker** instance group. 3. Set the new **number of instances** and **save**. - - + + :::caution @@ -72,8 +72,8 @@ Scaling isn't yet implemented for AWS. If you require this feature, [let us know ::: - - + + ## Control-plane node scaling @@ -81,24 +81,24 @@ Control-plane nodes can **only be scaled manually and only scaled up**! To increase the number of control-plane nodes, follow these steps: - + - + 1. Find your Constellation resource group. 2. Select the `scale-set-controlplanes`. 3. Go to **settings** and **scaling**. 4. Set the new (increased) **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **control-plane** instance group. 3. Set the new (increased) **number of instances** and **save**. - - + + :::caution @@ -106,7 +106,7 @@ Scaling isn't yet implemented for AWS. If you require this feature, [let us know ::: - - + + If you scale down the number of control-planes nodes, the removed nodes won't be able to exit the `etcd` cluster correctly. This will endanger the quorum that's required to run a stable Kubernetes control plane. diff --git a/docs/versioned_docs/version-2.5/workflows/storage.md b/docs/versioned_docs/version-2.5/workflows/storage.md index d0e5b188f..be9998676 100644 --- a/docs/versioned_docs/version-2.5/workflows/storage.md +++ b/docs/versioned_docs/version-2.5/workflows/storage.md @@ -21,14 +21,14 @@ For more details see [encrypted persistent storage](../architecture/encrypted-st Constellation supports the following drivers, which offer node-level encryption and optional integrity protection. - - + + **Constellation CSI driver for Azure Disk**: Mount Azure [Disk Storage](https://azure.microsoft.com/en-us/services/storage/disks/#overview) into your Constellation cluster. See the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-azuredisk-csi-driver) for more information. Since Azure Disks are mounted as ReadWriteOnce, they're only available to a single pod. - - + + **Constellation CSI driver for GCP Persistent Disk**: Mount [Persistent Disk](https://cloud.google.com/persistent-disk) block storage into your Constellation cluster. @@ -36,8 +36,8 @@ This includes support for [volume snapshots](https://cloud.google.com/kubernetes You can use them to bring a volume back to a prior state or provision new volumes. Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-gcp-compute-persistent-disk-csi-driver) for information about the configuration. - - + + :::caution @@ -47,8 +47,8 @@ You may use other (non-confidential) CSI drivers that are compatible with Kubern ::: - - + + Note that in case the options above aren't a suitable solution for you, Constellation is compatible with all other CSI-based storage options. For example, you can use [Azure Files](https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction) or [GCP Filestore](https://cloud.google.com/filestore) with Constellation out of the box. Constellation is just not providing transparent encryption on the node level for these storage types yet. @@ -57,8 +57,8 @@ Note that in case the options above aren't a suitable solution for you, Constell The Constellation CLI automatically installs Constellation's CSI driver for the selected CSP in your cluster. If you don't need a CSI driver or wish to deploy your own, you can disable the automatic installation by setting `deployCSIDriver` to `false` in your Constellation config file. - - + + Azure comes with two storage classes by default. @@ -86,8 +86,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + GCP comes with two storage classes by default. @@ -115,8 +115,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + :::caution @@ -126,8 +126,8 @@ You may use other (non-confidential) CSI drivers that are compatible with Kubern ::: - - + + 1. Create a [persistent volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) @@ -186,8 +186,8 @@ The default storage class is responsible for all persistent volume claims that d Constellation creates a storage class with encryption enabled and sets this as the default class. In case you wish to change it, follow the steps below: - - + + 1. List the storage classes in your cluster: @@ -233,8 +233,8 @@ In case you wish to change it, follow the steps below: integrity-encrypted-rwo (default) azuredisk.csi.confidential.cloud Delete Immediate false 1d ``` - - + + 1. List the storage classes in your cluster: @@ -280,8 +280,8 @@ In case you wish to change it, follow the steps below: integrity-encrypted-rwo (default) gcp.csi.confidential.cloud Delete Immediate false 1d ``` - - + + :::caution @@ -291,5 +291,5 @@ You may use other (non-confidential) CSI drivers that are compatible with Kubern ::: - - + + diff --git a/docs/versioned_docs/version-2.5/workflows/terminate.md b/docs/versioned_docs/version-2.5/workflows/terminate.md index a2556fe95..ee64a2784 100644 --- a/docs/versioned_docs/version-2.5/workflows/terminate.md +++ b/docs/versioned_docs/version-2.5/workflows/terminate.md @@ -8,8 +8,8 @@ All ephemeral storage and state of your cluster will be lost. Make sure any data ::: - - + + Terminate the cluster by running: ```bash @@ -32,8 +32,8 @@ resources manually. Just run the `terminate` command again afterward to continue ::: - - + + Terminate the cluster by running: ```bash @@ -48,5 +48,5 @@ rm constellation-id.json constellation-admin.conf Only the `constellation-mastersecret.json` and the configuration file remain. - - + + diff --git a/docs/versioned_docs/version-2.5/workflows/troubleshooting.md b/docs/versioned_docs/version-2.5/workflows/troubleshooting.md index 3a28c9cd0..f948f5d06 100644 --- a/docs/versioned_docs/version-2.5/workflows/troubleshooting.md +++ b/docs/versioned_docs/version-2.5/workflows/troubleshooting.md @@ -5,6 +5,7 @@ This section aids you in finding problems when working with Constellation. ## Azure: Resource Providers can't be registered On Azure, you may receive the following error when running `create` or `terminate` with limited IAM permissions: + ```shell-session Error: Error ensuring Resource Providers are registered. @@ -21,11 +22,13 @@ To continue, please ensure that the [required resource providers](../getting-sta Afterward, set `ARM_SKIP_PROVIDER_REGISTRATION=true` as an environment variable and either run `create` or `terminate` again. For example: + ```bash ARM_SKIP_PROVIDER_REGISTRATION=true constellation create --control-plane-nodes 1 --worker-nodes 2 -y ``` Or alternatively, for `terminate`: + ```bash ARM_SKIP_PROVIDER_REGISTRATION=true constellation terminate ``` @@ -36,8 +39,8 @@ To provide information during early stages of the node's boot process, Constella You can view these information in the follow places: - - + + 1. In your Azure subscription find the Constellation resource group. 2. Inside the resource group find the Application Insights resource called `constellation-insights-*`. @@ -47,8 +50,8 @@ You can view these information in the follow places: To **find the disk UUIDs** use the following query: `traces | where message contains "Disk UUID"` - - + + 1. Select the project that hosts Constellation. 2. Go to the `Compute Engine` service. @@ -63,16 +66,16 @@ Constellation uses the default bucket to store logs. Its [default retention peri ::: - - + + 1. Open [AWS CloudWatch](https://console.aws.amazon.com/cloudwatch/home) 2. Select [Log Groups](https://console.aws.amazon.com/cloudwatch/home#logsV2:log-groups) 3. Select the log group that matches the name of your cluster. 4. Select the log stream for control or worker type nodes. - - + + ## Connect to nodes diff --git a/docs/versioned_docs/version-2.6/architecture/attestation.md b/docs/versioned_docs/version-2.6/architecture/attestation.md index 0c7a1487b..20f9909fd 100644 --- a/docs/versioned_docs/version-2.6/architecture/attestation.md +++ b/docs/versioned_docs/version-2.6/architecture/attestation.md @@ -121,8 +121,8 @@ Constellation allows to specify in the config which measurements should be enfor Enforcing non-reproducible measurements controlled by the cloud provider means that changes in these values require manual updates to the cluster's config. By default, Constellation only enforces measurements that are stable values produced by the infrastructure or by Constellation directly. - - + + Constellation uses the [vTPM](https://docs.microsoft.com/en-us/azure/virtual-machines/trusted-launch#vtpm) feature of Azure CVMs for runtime measurements. This vTPM adheres to the [TPM 2.0](https://trustedcomputinggroup.org/resource/tpm-library-specification/) specification. @@ -152,8 +152,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://cloud.google.com/compute/confidential-vm/docs/about-cvm) feature of CVMs on GCP for runtime measurements. Note that this vTPM doesn't run inside the hardware-protected CVM context, but is emulated by the hypervisor. @@ -185,8 +185,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) (NitroTPM) feature of the [AWS Nitro System](http://aws.amazon.com/ec2/nitro/) on AWS for runtime measurements. @@ -217,8 +217,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + ## Cluster attestation diff --git a/docs/versioned_docs/version-2.6/getting-started/first-steps.md b/docs/versioned_docs/version-2.6/getting-started/first-steps.md index ad89d89c8..aba09f5c7 100644 --- a/docs/versioned_docs/version-2.6/getting-started/first-steps.md +++ b/docs/versioned_docs/version-2.6/getting-started/first-steps.md @@ -17,9 +17,9 @@ If you encounter any problem with the following steps, make sure to use the [lat First, you need to create a [configuration file](../workflows/config.md) and an [IAM configuration](../workflows/config.md#creating-an-iam-configuration). The easiest way to do this is the following CLI command: - + - + ```bash constellation iam create azure --region=westus --resourceGroup=constellTest --servicePrincipal=spTest --generate-config @@ -33,9 +33,9 @@ If you encounter any problem with the following steps, make sure to use the [lat * `northeurope` * `westeurope` - + - + ```bash constellation iam create gcp --projectID=yourproject-12345 --zone=europe-west2-a --serviceAccountID=constell-test --generate-config @@ -45,9 +45,9 @@ If you encounter any problem with the following steps, make sure to use the [lat Note that only regions offering CVMs of the `C2D` or `N2D` series are supported. You can find a [list of all regions in Google's documentation](https://cloud.google.com/compute/docs/regions-zones#available), which you can filter by machine type `C2D` or `N2D`. - + - + ```bash constellation iam create aws --zone=eu-central-1a --prefix=constellTest --generate-config @@ -64,8 +64,8 @@ If you encounter any problem with the following steps, make sure to use the [lat You can find a list of all [regions in AWS's documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions). - - + + :::tip To learn about all options you have for managing IAM resources and Constellation configuration, see the [Configuration workflow](../workflows/config.md). diff --git a/docs/versioned_docs/version-2.6/getting-started/install.md b/docs/versioned_docs/version-2.6/getting-started/install.md index d830c7792..36d8f541a 100644 --- a/docs/versioned_docs/version-2.6/getting-started/install.md +++ b/docs/versioned_docs/version-2.6/getting-started/install.md @@ -18,8 +18,8 @@ Make sure the following requirements are met: The CLI executable is available at [GitHub](https://github.com/edgelesssys/constellation/releases). Install it with the following commands: - - + + 1. Download the CLI: @@ -35,8 +35,8 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-amd64 /usr/local/bin/constellation ``` - - + + 1. Download the CLI: @@ -52,9 +52,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-arm64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -70,9 +70,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-arm64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -88,8 +88,8 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-amd64 /usr/local/bin/constellation ``` - - + + :::tip The CLI supports autocompletion for various shells. To set it up, run `constellation completion` and follow the given steps. @@ -105,14 +105,15 @@ If you don't have a cloud subscription, you can try [MiniConstellation](first-st ### Required permissions - - + + The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription: -* `Microsoft.Compute` -* `Microsoft.ManagedIdentity` -* `Microsoft.Network` -* `microsoft.insights` + +- `Microsoft.Compute` +- `Microsoft.ManagedIdentity` +- `Microsoft.Network` +- `microsoft.insights` By default, Constellation tries to register these automatically if they haven't been registered before. @@ -124,8 +125,8 @@ You need the following permissions for your user account: If you don't have these permissions with scope *subscription*, ask your administrator to [create the service account and a resource group for your Constellation cluster](first-steps.md). Your user account needs the `Contributor` permission scoped to this resource group. - - + + Create a new project for Constellation or use an existing one. Enable the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com) on it. @@ -137,8 +138,8 @@ You need the following permissions on this project: Follow Google's guide on [understanding](https://cloud.google.com/iam/docs/understanding-roles) and [assigning roles](https://cloud.google.com/iam/docs/granting-changing-revoking-access). - - + + To set up a Constellation cluster, you need to perform two tasks that require permissions: create the infrastructure and create roles for cluster nodes. Both of these actions can be performed by different users, e.g., an administrator to create roles and a DevOps engineer to create the infrastructure. @@ -269,8 +270,8 @@ such as `PowerUserAccess`, or use the following minimal set of permissions: Follow Amazon's guide on [understanding](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) and [managing policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html). - - + + ### Authentication @@ -280,8 +281,8 @@ You need to authenticate with your CSP. The following lists the required steps f The steps for a *testing* environment are simpler. However, they may expose secrets to the CSP. If in doubt, follow the *production* steps. ::: - - + + **Testing** @@ -297,8 +298,8 @@ az login Other options are described in Azure's [authentication guide](https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli). - - + + **Testing** @@ -321,8 +322,8 @@ Use one of the following options on a trusted machine: Follow [Google's guide](https://cloud.google.com/docs/authentication/production#manually) for setting up your credentials. - - + + **Testing** @@ -338,9 +339,9 @@ aws configure Options and first steps are described in the [AWS CLI documentation](https://docs.aws.amazon.com/cli/index.html). - + - + ## Next steps diff --git a/docs/versioned_docs/version-2.6/workflows/config.md b/docs/versioned_docs/version-2.6/workflows/config.md index 4824210f1..5a1ba92d1 100644 --- a/docs/versioned_docs/version-2.6/workflows/config.md +++ b/docs/versioned_docs/version-2.6/workflows/config.md @@ -14,29 +14,29 @@ Before you can create your cluster, you need to configure the identity and acces You can generate a configuration file for your CSP by using the following CLI command: - - + + ```bash constellation config generate azure ``` - - + + ```bash constellation config generate gcp ``` - - + + ```bash constellation config generate aws ``` - - + + This creates the file `constellation-conf.yaml` in the current directory. @@ -47,25 +47,25 @@ You can also automatically generate a configuration file by adding the `--genera ## Choosing a VM type Constellation supports the following VM types: - - + + By default, Constellation uses `Standard_DC4as_v5` CVMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. For CVMs, any VM type with a minimum of 4 vCPUs from the [DCasv5 & DCadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/dcasv5-dcadsv5-series) or [ECasv5 & ECadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/ecasv5-ecadsv5-series) families is supported. You can also run `constellation config instance-types` to get the list of all supported options. - - + + By default, Constellation uses `n2d-standard-4` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. Supported are all machines with a minimum of 4 vCPUs from the [C2D](https://cloud.google.com/compute/docs/compute-optimized-machines#c2d_machine_types) or [N2D](https://cloud.google.com/compute/docs/general-purpose-machines#n2d_machines) family. You can run `constellation config instance-types` to get the list of all supported options. - - + + By default, Constellation uses `m6a.xlarge` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. Supported are all nitroTPM-enabled machines with a minimum of 4 vCPUs (`xlarge` or larger). Refer to the [list of nitroTPM-enabled instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enable-nitrotpm-prerequisites.html) or run `constellation config instance-types` to get the list of all supported options. - - + + Fill the desired VM type into the **instanceType** field in the `constellation-conf.yml` file. @@ -79,8 +79,8 @@ See also Constellation's [Kubernetes support policy](../architecture/versions.md You can create an IAM configuration for your cluster automatically using the `constellation iam create` command. If you haven't generated a configuration file yet, you can do so by adding the `--generate-config` flag to the command. This creates a configuration file and populates it with the created IAM values. - - + + You must be authenticated with the [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) in the shell session. @@ -103,8 +103,8 @@ Paste the output into the corresponding fields of the `constellation-conf.yaml` Since `clientSecretValue` is a sensitive value, you can leave it empty in the configuration file and pass it via an environment variable instead. To this end, create the environment variable `CONSTELL_AZURE_CLIENT_SECRET_VALUE` and set it to the secret value. ::: - - + + You must be authenticated with the [GCP CLI](https://cloud.google.com/sdk/gcloud) in the shell session. @@ -118,8 +118,8 @@ Note that only regions offering CVMs of the `C2D` or `N2D` series are supported. Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + + You must be authenticated with the [AWS CLI](https://aws.amazon.com/en/cli/) in the shell session. @@ -141,16 +141,16 @@ You can find a list of all [regions in AWS's documentation](https://docs.aws.ama Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + +
    Alternatively, you can manually create the IAM configuration on your CSP. The following describes the configuration fields and how you obtain the required information or create the required resources. - - + + * **subscription**: The UUID of your Azure subscription, e.g., `8b8bd01f-efd9-4113-9bd1-c82137c32da7`. @@ -194,9 +194,9 @@ The following describes the configuration fields and how you obtain the required Since this is a sensitive value, alternatively you can leave `clientSecretValue` empty in the configuration file and pass it via an environment variable instead. To this end, create the environment variable `CONSTELL_AZURE_CLIENT_SECRET_VALUE` and set it to the secret value. ::: - + - + * **project**: The ID of your GCP project, e.g., `constellation-129857`. @@ -220,9 +220,9 @@ The following describes the configuration fields and how you obtain the required Afterward, create and download a new JSON key for this service account. Place the downloaded file in your Constellation workspace, and set the config parameter to the filename, e.g., `constellation-129857-15343dba46cb.json`. - + - + * **region**: The name of your chosen AWS data center region, e.g., `us-east-2`. @@ -251,9 +251,9 @@ The following describes the configuration fields and how you obtain the required Alternatively, you can create the AWS profile with a tool of your choice. Use the JSON policy in [main.tf](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam/main.tf) in the resource `aws_iam_policy.worker_node_policy`. - + - +
    Now that you've configured your CSP, you can [create your cluster](./create.md). diff --git a/docs/versioned_docs/version-2.6/workflows/create.md b/docs/versioned_docs/version-2.6/workflows/create.md index b078c16ff..81ed55582 100644 --- a/docs/versioned_docs/version-2.6/workflows/create.md +++ b/docs/versioned_docs/version-2.6/workflows/create.md @@ -26,8 +26,8 @@ Before you create the cluster, make sure to have a [valid configuration file](./ ### Create - - + + Choose the initial size of your cluster. The following command creates a cluster with one control-plane and two worker nodes: @@ -40,8 +40,8 @@ For details on the flags, consult the command help via `constellation create -h` *create* stores your cluster's state in a [`constellation-terraform`](../architecture/orchestration.md#cluster-creation-process) directory in your workspace. - - + + Terraform allows for an easier GitOps integration as well as meeting regulatory requirements. Since the Constellation CLI also uses Terraform under the hood, you can reuse the same Terraform files. @@ -80,8 +80,8 @@ CONSTELL_CSP=$(cat constellation-conf.yaml | yq ".provider | keys | .[0]") jq --null-input --arg cloudprovider "$CONSTELL_CSP" --arg ip "$CONSTELL_IP" --arg initsecret "$CONSTELL_INIT_SECRET" '{"cloudprovider":$cloudprovider,"ip":$ip,"initsecret":$initsecret}' > constellation-id.json ``` - - + + ## The *init* step diff --git a/docs/versioned_docs/version-2.6/workflows/recovery.md b/docs/versioned_docs/version-2.6/workflows/recovery.md index c26fb32eb..35596b8c9 100644 --- a/docs/versioned_docs/version-2.6/workflows/recovery.md +++ b/docs/versioned_docs/version-2.6/workflows/recovery.md @@ -16,8 +16,8 @@ You can check the health status of the nodes via the cloud service provider (CSP Constellation provides logging information on the boot process and status via [cloud logging](troubleshooting.md#cloud-logging). In the following, you'll find detailed descriptions for identifying clusters stuck in recovery for each CSP. - - + + In the Azure portal, find the cluster's resource group. Inside the resource group, open the control plane *Virtual machine scale set* `constellation-scale-set-controlplanes-`. @@ -51,8 +51,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + First, check that the control plane *Instance Group* has enough members in a *Ready* state. In the GCP Console, go to **Instance Groups** and check the group for the cluster's control plane `-control-plane-`. @@ -87,8 +87,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + First, open the AWS console to view all Auto Scaling Groups (ASGs) in the region of your cluster. Select the ASG of the control plane `--control-plane` and check that enough members are in a *Running* state. @@ -118,8 +118,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + ## Recover a cluster diff --git a/docs/versioned_docs/version-2.6/workflows/scale.md b/docs/versioned_docs/version-2.6/workflows/scale.md index 3b7c0d479..bce045c66 100644 --- a/docs/versioned_docs/version-2.6/workflows/scale.md +++ b/docs/versioned_docs/version-2.6/workflows/scale.md @@ -48,23 +48,23 @@ kubectl -n kube-system get nodes Alternatively, you can manually scale your cluster up or down: - - + + 1. Find your Constellation resource group. 2. Select the `scale-set-workers`. 3. Go to **settings** and **scaling**. 4. Set the new **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **worker** instance group. 3. Set the new **number of instances** and **save**. - - + + :::caution @@ -72,8 +72,8 @@ Scaling isn't yet implemented for AWS. If you require this feature, [let us know ::: - - + + ## Control-plane node scaling @@ -81,24 +81,24 @@ Control-plane nodes can **only be scaled manually and only scaled up**! To increase the number of control-plane nodes, follow these steps: - + - + 1. Find your Constellation resource group. 2. Select the `scale-set-controlplanes`. 3. Go to **settings** and **scaling**. 4. Set the new (increased) **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **control-plane** instance group. 3. Set the new (increased) **number of instances** and **save**. - - + + :::caution @@ -106,7 +106,7 @@ Scaling isn't yet implemented for AWS. If you require this feature, [let us know ::: - - + + If you scale down the number of control-planes nodes, the removed nodes won't be able to exit the `etcd` cluster correctly. This will endanger the quorum that's required to run a stable Kubernetes control plane. diff --git a/docs/versioned_docs/version-2.6/workflows/storage.md b/docs/versioned_docs/version-2.6/workflows/storage.md index d0e5b188f..be9998676 100644 --- a/docs/versioned_docs/version-2.6/workflows/storage.md +++ b/docs/versioned_docs/version-2.6/workflows/storage.md @@ -21,14 +21,14 @@ For more details see [encrypted persistent storage](../architecture/encrypted-st Constellation supports the following drivers, which offer node-level encryption and optional integrity protection. - - + + **Constellation CSI driver for Azure Disk**: Mount Azure [Disk Storage](https://azure.microsoft.com/en-us/services/storage/disks/#overview) into your Constellation cluster. See the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-azuredisk-csi-driver) for more information. Since Azure Disks are mounted as ReadWriteOnce, they're only available to a single pod. - - + + **Constellation CSI driver for GCP Persistent Disk**: Mount [Persistent Disk](https://cloud.google.com/persistent-disk) block storage into your Constellation cluster. @@ -36,8 +36,8 @@ This includes support for [volume snapshots](https://cloud.google.com/kubernetes You can use them to bring a volume back to a prior state or provision new volumes. Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-gcp-compute-persistent-disk-csi-driver) for information about the configuration. - - + + :::caution @@ -47,8 +47,8 @@ You may use other (non-confidential) CSI drivers that are compatible with Kubern ::: - - + + Note that in case the options above aren't a suitable solution for you, Constellation is compatible with all other CSI-based storage options. For example, you can use [Azure Files](https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction) or [GCP Filestore](https://cloud.google.com/filestore) with Constellation out of the box. Constellation is just not providing transparent encryption on the node level for these storage types yet. @@ -57,8 +57,8 @@ Note that in case the options above aren't a suitable solution for you, Constell The Constellation CLI automatically installs Constellation's CSI driver for the selected CSP in your cluster. If you don't need a CSI driver or wish to deploy your own, you can disable the automatic installation by setting `deployCSIDriver` to `false` in your Constellation config file. - - + + Azure comes with two storage classes by default. @@ -86,8 +86,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + GCP comes with two storage classes by default. @@ -115,8 +115,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + :::caution @@ -126,8 +126,8 @@ You may use other (non-confidential) CSI drivers that are compatible with Kubern ::: - - + + 1. Create a [persistent volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) @@ -186,8 +186,8 @@ The default storage class is responsible for all persistent volume claims that d Constellation creates a storage class with encryption enabled and sets this as the default class. In case you wish to change it, follow the steps below: - - + + 1. List the storage classes in your cluster: @@ -233,8 +233,8 @@ In case you wish to change it, follow the steps below: integrity-encrypted-rwo (default) azuredisk.csi.confidential.cloud Delete Immediate false 1d ``` - - + + 1. List the storage classes in your cluster: @@ -280,8 +280,8 @@ In case you wish to change it, follow the steps below: integrity-encrypted-rwo (default) gcp.csi.confidential.cloud Delete Immediate false 1d ``` - - + + :::caution @@ -291,5 +291,5 @@ You may use other (non-confidential) CSI drivers that are compatible with Kubern ::: - - + + diff --git a/docs/versioned_docs/version-2.6/workflows/terminate.md b/docs/versioned_docs/version-2.6/workflows/terminate.md index 6c1eebb14..f33489ca5 100644 --- a/docs/versioned_docs/version-2.6/workflows/terminate.md +++ b/docs/versioned_docs/version-2.6/workflows/terminate.md @@ -16,8 +16,8 @@ All ephemeral storage and state of your cluster will be lost. Make sure any data ::: - - + + Terminate the cluster by running: ```bash @@ -40,8 +40,8 @@ resources manually. Just run the `terminate` command again afterward to continue ::: - - + + Terminate the cluster by running: ```bash @@ -56,5 +56,5 @@ rm constellation-id.json constellation-admin.conf Only the `constellation-mastersecret.json` and the configuration file remain. - - + + diff --git a/docs/versioned_docs/version-2.6/workflows/troubleshooting.md b/docs/versioned_docs/version-2.6/workflows/troubleshooting.md index 801bb995a..6bdf1d75c 100644 --- a/docs/versioned_docs/version-2.6/workflows/troubleshooting.md +++ b/docs/versioned_docs/version-2.6/workflows/troubleshooting.md @@ -10,6 +10,7 @@ If something doesn't work, check out the [known issues](https://github.com/edgel ## Azure: Resource Providers can't be registered On Azure, you may receive the following error when running `create` or `terminate` with limited IAM permissions: + ```shell-session Error: Error ensuring Resource Providers are registered. @@ -26,11 +27,13 @@ To continue, please ensure that the [required resource providers](../getting-sta Afterward, set `ARM_SKIP_PROVIDER_REGISTRATION=true` as an environment variable and either run `create` or `terminate` again. For example: + ```bash ARM_SKIP_PROVIDER_REGISTRATION=true constellation create --control-plane-nodes 1 --worker-nodes 2 -y ``` Or alternatively, for `terminate`: + ```bash ARM_SKIP_PROVIDER_REGISTRATION=true constellation terminate ``` @@ -41,8 +44,8 @@ To provide information during early stages of the node's boot process, Constella You can view these information in the follow places: - - + + 1. In your Azure subscription find the Constellation resource group. 2. Inside the resource group find the Application Insights resource called `constellation-insights-*`. @@ -52,8 +55,8 @@ You can view these information in the follow places: To **find the disk UUIDs** use the following query: `traces | where message contains "Disk UUID"` - - + + 1. Select the project that hosts Constellation. 2. Go to the `Compute Engine` service. @@ -68,16 +71,16 @@ Constellation uses the default bucket to store logs. Its [default retention peri ::: - - + + 1. Open [AWS CloudWatch](https://console.aws.amazon.com/cloudwatch/home) 2. Select [Log Groups](https://console.aws.amazon.com/cloudwatch/home#logsV2:log-groups) 3. Select the log group that matches the name of your cluster. 4. Select the log stream for control or worker type nodes. - - + + ## Connect to nodes diff --git a/docs/versioned_docs/version-2.7/architecture/attestation.md b/docs/versioned_docs/version-2.7/architecture/attestation.md index 0c7a1487b..20f9909fd 100644 --- a/docs/versioned_docs/version-2.7/architecture/attestation.md +++ b/docs/versioned_docs/version-2.7/architecture/attestation.md @@ -121,8 +121,8 @@ Constellation allows to specify in the config which measurements should be enfor Enforcing non-reproducible measurements controlled by the cloud provider means that changes in these values require manual updates to the cluster's config. By default, Constellation only enforces measurements that are stable values produced by the infrastructure or by Constellation directly. - - + + Constellation uses the [vTPM](https://docs.microsoft.com/en-us/azure/virtual-machines/trusted-launch#vtpm) feature of Azure CVMs for runtime measurements. This vTPM adheres to the [TPM 2.0](https://trustedcomputinggroup.org/resource/tpm-library-specification/) specification. @@ -152,8 +152,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://cloud.google.com/compute/confidential-vm/docs/about-cvm) feature of CVMs on GCP for runtime measurements. Note that this vTPM doesn't run inside the hardware-protected CVM context, but is emulated by the hypervisor. @@ -185,8 +185,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) (NitroTPM) feature of the [AWS Nitro System](http://aws.amazon.com/ec2/nitro/) on AWS for runtime measurements. @@ -217,8 +217,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + ## Cluster attestation diff --git a/docs/versioned_docs/version-2.7/getting-started/first-steps-local.md b/docs/versioned_docs/version-2.7/getting-started/first-steps-local.md index 707074bb9..81d8e141d 100644 --- a/docs/versioned_docs/version-2.7/getting-started/first-steps-local.md +++ b/docs/versioned_docs/version-2.7/getting-started/first-steps-local.md @@ -30,8 +30,8 @@ Both options use virtualization to create a local cluster with control-plane nod ## Create a cluster - - + + With the `constellation mini` command, you can deploy and test Constellation locally. This mode is called MiniConstellation. Conceptually, MiniConstellation is similar to [MicroK8s](https://microk8s.io/), [K3s](https://k3s.io/), and [minikube](https://minikube.sigs.k8s.io/docs/). @@ -59,8 +59,8 @@ constellation mini up This will configure your current directory as the [workspace](../architecture/orchestration.md#workspaces) for this cluster. All `constellation` commands concerning this cluster need to be issued from this directory. - - + + With the QEMU provider, you can create a local Constellation cluster as if it were in the cloud. The provider uses [QEMU](https://www.qemu.org/) to create multiple VMs for the cluster nodes, which interact with each other. @@ -138,8 +138,8 @@ attaching persistent storage, or autoscaling aren't available. export KUBECONFIG="$PWD/constellation-admin.conf" ``` - - + + ## Connect to the cluster @@ -192,8 +192,8 @@ worker-0 Ready 32s v1.24.6 ## Terminate your cluster - - + + Once you are done, you can clean up the created resources using the following command: @@ -204,8 +204,8 @@ constellation mini down This will destroy your cluster and clean up your workspace. The VM image and cluster configuration file (`constellation-conf.yaml`) will be kept and may be reused to create new clusters. - - + + Once you are done, you can clean up the created resources using the following command: @@ -233,8 +233,8 @@ Your Constellation cluster was terminated successfully. This will destroy your cluster and clean up your workspace. The VM image and cluster configuration file (`constellation-conf.yaml`) will be kept and may be reused to create new clusters. - - + + ## Troubleshooting diff --git a/docs/versioned_docs/version-2.7/getting-started/first-steps.md b/docs/versioned_docs/version-2.7/getting-started/first-steps.md index 1569afc14..eca497438 100644 --- a/docs/versioned_docs/version-2.7/getting-started/first-steps.md +++ b/docs/versioned_docs/version-2.7/getting-started/first-steps.md @@ -17,9 +17,9 @@ If you encounter any problem with the following steps, make sure to use the [lat First, you need to create a [configuration file](../workflows/config.md) and an [IAM configuration](../workflows/config.md#creating-an-iam-configuration). The easiest way to do this is the following CLI command: - + - + ```bash constellation iam create azure --region=westus --resourceGroup=constellTest --servicePrincipal=spTest --generate-config @@ -33,9 +33,9 @@ If you encounter any problem with the following steps, make sure to use the [lat * `northeurope` * `westeurope` - + - + ```bash constellation iam create gcp --projectID=yourproject-12345 --zone=europe-west2-a --serviceAccountID=constell-test --generate-config @@ -45,9 +45,9 @@ If you encounter any problem with the following steps, make sure to use the [lat Note that only regions offering CVMs of the `C2D` or `N2D` series are supported. You can find a [list of all regions in Google's documentation](https://cloud.google.com/compute/docs/regions-zones#available), which you can filter by machine type `C2D` or `N2D`. - + - + ```bash constellation iam create aws --zone=eu-central-1a --prefix=constellTest --generate-config @@ -66,8 +66,8 @@ If you encounter any problem with the following steps, make sure to use the [lat You can find a list of all [regions in AWS's documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions). - - + + :::tip To learn about all options you have for managing IAM resources and Constellation configuration, see the [Configuration workflow](../workflows/config.md). diff --git a/docs/versioned_docs/version-2.7/getting-started/install.md b/docs/versioned_docs/version-2.7/getting-started/install.md index d0b60441e..ac0ef3da8 100644 --- a/docs/versioned_docs/version-2.7/getting-started/install.md +++ b/docs/versioned_docs/version-2.7/getting-started/install.md @@ -18,8 +18,8 @@ Make sure the following requirements are met: The CLI executable is available at [GitHub](https://github.com/edgelesssys/constellation/releases). Install it with the following commands: - - + + 1. Download the CLI: @@ -35,8 +35,8 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-amd64 /usr/local/bin/constellation ``` - - + + 1. Download the CLI: @@ -52,9 +52,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-arm64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -70,9 +70,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-arm64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -88,8 +88,8 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-amd64 /usr/local/bin/constellation ``` - - + + :::tip The CLI supports autocompletion for various shells. To set it up, run `constellation completion` and follow the given steps. @@ -105,38 +105,41 @@ If you don't have a cloud subscription, you can try [MiniConstellation](first-st ### Required permissions - - + + The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription: -* `Microsoft.Attestation` -* `Microsoft.Compute` -* `Microsoft.Insights` -* `Microsoft.ManagedIdentity` -* `Microsoft.Network` + +- `Microsoft.Attestation` +- `Microsoft.Compute` +- `Microsoft.Insights` +- `Microsoft.ManagedIdentity` +- `Microsoft.Network` By default, Constellation tries to register these automatically if they haven't been registered before. To [create the IAM configuration](../workflows/config.md#creating-an-iam-configuration) for Constellation, you need the following permissions: -* `*/register/action` \[1] -* `Microsoft.Authorization/roleAssignments/*` -* `Microsoft.Authorization/roleDefinitions/*` -* `Microsoft.ManagedIdentity/userAssignedIdentities/*` -* `Microsoft.Resources/subscriptions/resourcegroups/*` + +- `*/register/action` \[1] +- `Microsoft.Authorization/roleAssignments/*` +- `Microsoft.Authorization/roleDefinitions/*` +- `Microsoft.ManagedIdentity/userAssignedIdentities/*` +- `Microsoft.Resources/subscriptions/resourcegroups/*` The built-in `Owner` role is a superset of these permissions. To [create a Constellation cluster](../workflows/create.md#the-create-step), you need the following permissions: -* `Microsoft.Attestation/attestationProviders/*` -* `Microsoft.Compute/virtualMachineScaleSets/*` -* `Microsoft.Insights/components/*` -* `Microsoft.ManagedIdentity/userAssignedIdentities/*` -* `Microsoft.Network/loadBalancers/*` -* `Microsoft.Network/loadBalancers/backendAddressPools/*` -* `Microsoft.Network/networkSecurityGroups/*` -* `Microsoft.Network/publicIPAddresses/*` -* `Microsoft.Network/virtualNetworks/*` -* `Microsoft.Network/virtualNetworks/subnets/*` + +- `Microsoft.Attestation/attestationProviders/*` +- `Microsoft.Compute/virtualMachineScaleSets/*` +- `Microsoft.Insights/components/*` +- `Microsoft.ManagedIdentity/userAssignedIdentities/*` +- `Microsoft.Network/loadBalancers/*` +- `Microsoft.Network/loadBalancers/backendAddressPools/*` +- `Microsoft.Network/networkSecurityGroups/*` +- `Microsoft.Network/publicIPAddresses/*` +- `Microsoft.Network/virtualNetworks/*` +- `Microsoft.Network/virtualNetworks/subnets/*` The built-in `Contributor` role is a superset of these permissions. @@ -144,89 +147,91 @@ Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/az 1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration. - - + + Create a new project for Constellation or use an existing one. Enable the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com) on it. To [create the IAM configuration](../workflows/config.md#creating-an-iam-configuration) for Constellation, you need the following permissions: -* `iam.serviceAccountKeys.create` -* `iam.serviceAccountKeys.delete` -* `iam.serviceAccountKeys.get` -* `iam.serviceAccounts.create` -* `iam.serviceAccounts.delete` -* `iam.serviceAccounts.get` -* `resourcemanager.projects.getIamPolicy` -* `resourcemanager.projects.setIamPolicy` + +- `iam.serviceAccountKeys.create` +- `iam.serviceAccountKeys.delete` +- `iam.serviceAccountKeys.get` +- `iam.serviceAccounts.create` +- `iam.serviceAccounts.delete` +- `iam.serviceAccounts.get` +- `resourcemanager.projects.getIamPolicy` +- `resourcemanager.projects.setIamPolicy` Together, the built-in roles `roles/editor` and `roles/resourcemanager.projectIamAdmin` form a superset of these permissions. To [create a Constellation cluster](../workflows/create.md#the-create-step), you need the following permissions: -* `compute.addresses.createInternal` -* `compute.addresses.deleteInternal` -* `compute.addresses.get` -* `compute.addresses.useInternal` -* `compute.backendServices.create` -* `compute.backendServices.delete` -* `compute.backendServices.get` -* `compute.backendServices.use` -* `compute.disks.create` -* `compute.firewalls.create` -* `compute.firewalls.delete` -* `compute.firewalls.get` -* `compute.globalAddresses.create` -* `compute.globalAddresses.delete` -* `compute.globalAddresses.get` -* `compute.globalAddresses.use` -* `compute.globalForwardingRules.create` -* `compute.globalForwardingRules.delete` -* `compute.globalForwardingRules.get` -* `compute.globalForwardingRules.setLabels` -* `compute.globalOperations.get` -* `compute.healthChecks.create` -* `compute.healthChecks.delete` -* `compute.healthChecks.get` -* `compute.healthChecks.useReadOnly` -* `compute.instanceGroupManagers.create` -* `compute.instanceGroupManagers.delete` -* `compute.instanceGroupManagers.get` -* `compute.instanceGroups.create` -* `compute.instanceGroups.delete` -* `compute.instanceGroups.get` -* `compute.instanceGroups.use` -* `compute.instances.create` -* `compute.instances.setLabels` -* `compute.instances.setMetadata` -* `compute.instances.setTags` -* `compute.instanceTemplates.create` -* `compute.instanceTemplates.delete` -* `compute.instanceTemplates.get` -* `compute.instanceTemplates.useReadOnly` -* `compute.networks.create` -* `compute.networks.delete` -* `compute.networks.get` -* `compute.networks.updatePolicy` -* `compute.routers.create` -* `compute.routers.delete` -* `compute.routers.get` -* `compute.routers.update` -* `compute.subnetworks.create` -* `compute.subnetworks.delete` -* `compute.subnetworks.get` -* `compute.subnetworks.use` -* `compute.targetTcpProxies.create` -* `compute.targetTcpProxies.delete` -* `compute.targetTcpProxies.get` -* `compute.targetTcpProxies.use` -* `iam.serviceAccounts.actAs` + +- `compute.addresses.createInternal` +- `compute.addresses.deleteInternal` +- `compute.addresses.get` +- `compute.addresses.useInternal` +- `compute.backendServices.create` +- `compute.backendServices.delete` +- `compute.backendServices.get` +- `compute.backendServices.use` +- `compute.disks.create` +- `compute.firewalls.create` +- `compute.firewalls.delete` +- `compute.firewalls.get` +- `compute.globalAddresses.create` +- `compute.globalAddresses.delete` +- `compute.globalAddresses.get` +- `compute.globalAddresses.use` +- `compute.globalForwardingRules.create` +- `compute.globalForwardingRules.delete` +- `compute.globalForwardingRules.get` +- `compute.globalForwardingRules.setLabels` +- `compute.globalOperations.get` +- `compute.healthChecks.create` +- `compute.healthChecks.delete` +- `compute.healthChecks.get` +- `compute.healthChecks.useReadOnly` +- `compute.instanceGroupManagers.create` +- `compute.instanceGroupManagers.delete` +- `compute.instanceGroupManagers.get` +- `compute.instanceGroups.create` +- `compute.instanceGroups.delete` +- `compute.instanceGroups.get` +- `compute.instanceGroups.use` +- `compute.instances.create` +- `compute.instances.setLabels` +- `compute.instances.setMetadata` +- `compute.instances.setTags` +- `compute.instanceTemplates.create` +- `compute.instanceTemplates.delete` +- `compute.instanceTemplates.get` +- `compute.instanceTemplates.useReadOnly` +- `compute.networks.create` +- `compute.networks.delete` +- `compute.networks.get` +- `compute.networks.updatePolicy` +- `compute.routers.create` +- `compute.routers.delete` +- `compute.routers.get` +- `compute.routers.update` +- `compute.subnetworks.create` +- `compute.subnetworks.delete` +- `compute.subnetworks.get` +- `compute.subnetworks.use` +- `compute.targetTcpProxies.create` +- `compute.targetTcpProxies.delete` +- `compute.targetTcpProxies.get` +- `compute.targetTcpProxies.use` +- `iam.serviceAccounts.actAs` Together, the built-in roles `roles/editor`, `roles/compute.instanceAdmin` and `roles/resourcemanager.projectIamAdmin` form a superset of these permissions. Follow Google's guide on [understanding](https://cloud.google.com/iam/docs/understanding-roles) and [assigning roles](https://cloud.google.com/iam/docs/granting-changing-revoking-access). - - + + To set up a Constellation cluster, you need to perform two tasks that require permissions: create the infrastructure and create roles for cluster nodes. Both of these actions can be performed by different users, e.g., an administrator to create roles and a DevOps engineer to create the infrastructure. @@ -361,8 +366,8 @@ The built-in `PowerUserAccess` policy is a superset of these permissions. Follow Amazon's guide on [understanding](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) and [managing policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html). - - + + ### Authentication @@ -372,8 +377,8 @@ You need to authenticate with your CSP. The following lists the required steps f The steps for a *testing* environment are simpler. However, they may expose secrets to the CSP. If in doubt, follow the *production* steps. ::: - - + + **Testing** @@ -389,8 +394,8 @@ az login Other options are described in Azure's [authentication guide](https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli). - - + + **Testing** @@ -413,8 +418,8 @@ Use one of the following options on a trusted machine: Follow [Google's guide](https://cloud.google.com/docs/authentication/production#manually) for setting up your credentials. - - + + **Testing** @@ -430,9 +435,9 @@ aws configure Options and first steps are described in the [AWS CLI documentation](https://docs.aws.amazon.com/cli/index.html). - + - + ## Next steps diff --git a/docs/versioned_docs/version-2.7/workflows/config.md b/docs/versioned_docs/version-2.7/workflows/config.md index 7145028a8..5640bfd7d 100644 --- a/docs/versioned_docs/version-2.7/workflows/config.md +++ b/docs/versioned_docs/version-2.7/workflows/config.md @@ -14,29 +14,29 @@ Before you can create your cluster, you need to configure the identity and acces You can generate a configuration file for your CSP by using the following CLI command: - - + + ```bash constellation config generate azure ``` - - + + ```bash constellation config generate gcp ``` - - + + ```bash constellation config generate aws ``` - - + + This creates the file `constellation-conf.yaml` in the current directory. @@ -47,25 +47,25 @@ You can also automatically generate a configuration file by adding the `--genera ## Choosing a VM type Constellation supports the following VM types: - - + + By default, Constellation uses `Standard_DC4as_v5` CVMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. For CVMs, any VM type with a minimum of 4 vCPUs from the [DCasv5 & DCadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/dcasv5-dcadsv5-series) or [ECasv5 & ECadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/ecasv5-ecadsv5-series) families is supported. You can also run `constellation config instance-types` to get the list of all supported options. - - + + By default, Constellation uses `n2d-standard-4` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. Supported are all machines with a minimum of 4 vCPUs from the [C2D](https://cloud.google.com/compute/docs/compute-optimized-machines#c2d_machine_types) or [N2D](https://cloud.google.com/compute/docs/general-purpose-machines#n2d_machines) family. You can run `constellation config instance-types` to get the list of all supported options. - - + + By default, Constellation uses `m6a.xlarge` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. Supported are all nitroTPM-enabled machines with a minimum of 4 vCPUs (`xlarge` or larger). Refer to the [list of nitroTPM-enabled instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enable-nitrotpm-prerequisites.html) or run `constellation config instance-types` to get the list of all supported options. - - + + Fill the desired VM type into the **instanceType** field in the `constellation-conf.yml` file. @@ -79,8 +79,8 @@ See also Constellation's [Kubernetes support policy](../architecture/versions.md You can create an IAM configuration for your cluster automatically using the `constellation iam create` command. If you haven't generated a configuration file yet, you can do so by adding the `--generate-config` flag to the command. This creates a configuration file and populates it with the created IAM values. - - + + You must be authenticated with the [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -103,8 +103,8 @@ Paste the output into the corresponding fields of the `constellation-conf.yaml` Since `clientSecretValue` is a sensitive value, you can leave it empty in the configuration file and pass it via an environment variable instead. To this end, create the environment variable `CONSTELL_AZURE_CLIENT_SECRET_VALUE` and set it to the secret value. ::: - - + + You must be authenticated with the [GCP CLI](https://cloud.google.com/sdk/gcloud) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -118,8 +118,8 @@ Note that only regions offering CVMs of the `C2D` or `N2D` series are supported. Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + + You must be authenticated with the [AWS CLI](https://aws.amazon.com/en/cli/) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -143,16 +143,16 @@ You can find a list of all [regions in AWS's documentation](https://docs.aws.ama Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + +
    Alternatively, you can manually create the IAM configuration on your CSP. The following describes the configuration fields and how you obtain the required information or create the required resources. - - + + * **subscription**: The UUID of your Azure subscription, e.g., `8b8bd01f-efd9-4113-9bd1-c82137c32da7`. @@ -196,9 +196,9 @@ The following describes the configuration fields and how you obtain the required Since this is a sensitive value, alternatively you can leave `clientSecretValue` empty in the configuration file and pass it via an environment variable instead. To this end, create the environment variable `CONSTELL_AZURE_CLIENT_SECRET_VALUE` and set it to the secret value. ::: - + - + * **project**: The ID of your GCP project, e.g., `constellation-129857`. @@ -222,9 +222,9 @@ The following describes the configuration fields and how you obtain the required Afterward, create and download a new JSON key for this service account. Place the downloaded file in your Constellation workspace, and set the config parameter to the filename, e.g., `constellation-129857-15343dba46cb.json`. - + - + * **region**: The name of your chosen AWS data center region, e.g., `us-east-2`. @@ -255,9 +255,9 @@ The following describes the configuration fields and how you obtain the required Alternatively, you can create the AWS profile with a tool of your choice. Use the JSON policy in [main.tf](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam/main.tf) in the resource `aws_iam_policy.worker_node_policy`. - + - +
    Now that you've configured your CSP, you can [create your cluster](./create.md). diff --git a/docs/versioned_docs/version-2.7/workflows/create.md b/docs/versioned_docs/version-2.7/workflows/create.md index 33d2f12f8..5c4dd2948 100644 --- a/docs/versioned_docs/version-2.7/workflows/create.md +++ b/docs/versioned_docs/version-2.7/workflows/create.md @@ -26,8 +26,8 @@ Before you create the cluster, make sure to have a [valid configuration file](./ ### Create - - + + Choose the initial size of your cluster. The following command creates a cluster with one control-plane and two worker nodes: @@ -40,8 +40,8 @@ For details on the flags, consult the command help via `constellation create -h` *create* stores your cluster's state in a [`constellation-terraform`](../architecture/orchestration.md#cluster-creation-process) directory in your workspace. - - + + Terraform allows for an easier GitOps integration as well as meeting regulatory requirements. Since the Constellation CLI also uses Terraform under the hood, you can reuse the same Terraform files. @@ -80,8 +80,8 @@ CONSTELL_CSP=$(cat constellation-conf.yaml | yq ".provider | keys | .[0]") jq --null-input --arg cloudprovider "$CONSTELL_CSP" --arg ip "$CONSTELL_IP" --arg initsecret "$CONSTELL_INIT_SECRET" '{"cloudprovider":$cloudprovider,"ip":$ip,"initsecret":$initsecret}' > constellation-id.json ``` - - + + ## The *init* step diff --git a/docs/versioned_docs/version-2.7/workflows/recovery.md b/docs/versioned_docs/version-2.7/workflows/recovery.md index c26fb32eb..35596b8c9 100644 --- a/docs/versioned_docs/version-2.7/workflows/recovery.md +++ b/docs/versioned_docs/version-2.7/workflows/recovery.md @@ -16,8 +16,8 @@ You can check the health status of the nodes via the cloud service provider (CSP Constellation provides logging information on the boot process and status via [cloud logging](troubleshooting.md#cloud-logging). In the following, you'll find detailed descriptions for identifying clusters stuck in recovery for each CSP. - - + + In the Azure portal, find the cluster's resource group. Inside the resource group, open the control plane *Virtual machine scale set* `constellation-scale-set-controlplanes-`. @@ -51,8 +51,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + First, check that the control plane *Instance Group* has enough members in a *Ready* state. In the GCP Console, go to **Instance Groups** and check the group for the cluster's control plane `-control-plane-`. @@ -87,8 +87,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + First, open the AWS console to view all Auto Scaling Groups (ASGs) in the region of your cluster. Select the ASG of the control plane `--control-plane` and check that enough members are in a *Running* state. @@ -118,8 +118,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + ## Recover a cluster diff --git a/docs/versioned_docs/version-2.7/workflows/scale.md b/docs/versioned_docs/version-2.7/workflows/scale.md index 3b7c0d479..bce045c66 100644 --- a/docs/versioned_docs/version-2.7/workflows/scale.md +++ b/docs/versioned_docs/version-2.7/workflows/scale.md @@ -48,23 +48,23 @@ kubectl -n kube-system get nodes Alternatively, you can manually scale your cluster up or down: - - + + 1. Find your Constellation resource group. 2. Select the `scale-set-workers`. 3. Go to **settings** and **scaling**. 4. Set the new **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **worker** instance group. 3. Set the new **number of instances** and **save**. - - + + :::caution @@ -72,8 +72,8 @@ Scaling isn't yet implemented for AWS. If you require this feature, [let us know ::: - - + + ## Control-plane node scaling @@ -81,24 +81,24 @@ Control-plane nodes can **only be scaled manually and only scaled up**! To increase the number of control-plane nodes, follow these steps: - + - + 1. Find your Constellation resource group. 2. Select the `scale-set-controlplanes`. 3. Go to **settings** and **scaling**. 4. Set the new (increased) **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **control-plane** instance group. 3. Set the new (increased) **number of instances** and **save**. - - + + :::caution @@ -106,7 +106,7 @@ Scaling isn't yet implemented for AWS. If you require this feature, [let us know ::: - - + + If you scale down the number of control-planes nodes, the removed nodes won't be able to exit the `etcd` cluster correctly. This will endanger the quorum that's required to run a stable Kubernetes control plane. diff --git a/docs/versioned_docs/version-2.7/workflows/storage.md b/docs/versioned_docs/version-2.7/workflows/storage.md index d0e5b188f..be9998676 100644 --- a/docs/versioned_docs/version-2.7/workflows/storage.md +++ b/docs/versioned_docs/version-2.7/workflows/storage.md @@ -21,14 +21,14 @@ For more details see [encrypted persistent storage](../architecture/encrypted-st Constellation supports the following drivers, which offer node-level encryption and optional integrity protection. - - + + **Constellation CSI driver for Azure Disk**: Mount Azure [Disk Storage](https://azure.microsoft.com/en-us/services/storage/disks/#overview) into your Constellation cluster. See the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-azuredisk-csi-driver) for more information. Since Azure Disks are mounted as ReadWriteOnce, they're only available to a single pod. - - + + **Constellation CSI driver for GCP Persistent Disk**: Mount [Persistent Disk](https://cloud.google.com/persistent-disk) block storage into your Constellation cluster. @@ -36,8 +36,8 @@ This includes support for [volume snapshots](https://cloud.google.com/kubernetes You can use them to bring a volume back to a prior state or provision new volumes. Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-gcp-compute-persistent-disk-csi-driver) for information about the configuration. - - + + :::caution @@ -47,8 +47,8 @@ You may use other (non-confidential) CSI drivers that are compatible with Kubern ::: - - + + Note that in case the options above aren't a suitable solution for you, Constellation is compatible with all other CSI-based storage options. For example, you can use [Azure Files](https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction) or [GCP Filestore](https://cloud.google.com/filestore) with Constellation out of the box. Constellation is just not providing transparent encryption on the node level for these storage types yet. @@ -57,8 +57,8 @@ Note that in case the options above aren't a suitable solution for you, Constell The Constellation CLI automatically installs Constellation's CSI driver for the selected CSP in your cluster. If you don't need a CSI driver or wish to deploy your own, you can disable the automatic installation by setting `deployCSIDriver` to `false` in your Constellation config file. - - + + Azure comes with two storage classes by default. @@ -86,8 +86,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + GCP comes with two storage classes by default. @@ -115,8 +115,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + :::caution @@ -126,8 +126,8 @@ You may use other (non-confidential) CSI drivers that are compatible with Kubern ::: - - + + 1. Create a [persistent volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) @@ -186,8 +186,8 @@ The default storage class is responsible for all persistent volume claims that d Constellation creates a storage class with encryption enabled and sets this as the default class. In case you wish to change it, follow the steps below: - - + + 1. List the storage classes in your cluster: @@ -233,8 +233,8 @@ In case you wish to change it, follow the steps below: integrity-encrypted-rwo (default) azuredisk.csi.confidential.cloud Delete Immediate false 1d ``` - - + + 1. List the storage classes in your cluster: @@ -280,8 +280,8 @@ In case you wish to change it, follow the steps below: integrity-encrypted-rwo (default) gcp.csi.confidential.cloud Delete Immediate false 1d ``` - - + + :::caution @@ -291,5 +291,5 @@ You may use other (non-confidential) CSI drivers that are compatible with Kubern ::: - - + + diff --git a/docs/versioned_docs/version-2.7/workflows/terminate.md b/docs/versioned_docs/version-2.7/workflows/terminate.md index 6c1eebb14..f33489ca5 100644 --- a/docs/versioned_docs/version-2.7/workflows/terminate.md +++ b/docs/versioned_docs/version-2.7/workflows/terminate.md @@ -16,8 +16,8 @@ All ephemeral storage and state of your cluster will be lost. Make sure any data ::: - - + + Terminate the cluster by running: ```bash @@ -40,8 +40,8 @@ resources manually. Just run the `terminate` command again afterward to continue ::: - - + + Terminate the cluster by running: ```bash @@ -56,5 +56,5 @@ rm constellation-id.json constellation-admin.conf Only the `constellation-mastersecret.json` and the configuration file remain. - - + + diff --git a/docs/versioned_docs/version-2.7/workflows/troubleshooting.md b/docs/versioned_docs/version-2.7/workflows/troubleshooting.md index 2ddf3335d..cd095be28 100644 --- a/docs/versioned_docs/version-2.7/workflows/troubleshooting.md +++ b/docs/versioned_docs/version-2.7/workflows/troubleshooting.md @@ -75,8 +75,8 @@ To provide information during early stages of a node's boot process, Constellati You can view this information in the following places: - - + + 1. In your Azure subscription find the Constellation resource group. 2. Inside the resource group find the Application Insights resource called `constellation-insights-*`. @@ -86,8 +86,8 @@ You can view this information in the following places: To **find the disk UUIDs** use the following query: `traces | where message contains "Disk UUID"` - - + + 1. Select the project that hosts Constellation. 2. Go to the `Compute Engine` service. @@ -102,16 +102,16 @@ Constellation uses the default bucket to store logs. Its [default retention peri ::: - - + + 1. Open [AWS CloudWatch](https://console.aws.amazon.com/cloudwatch/home) 2. Select [Log Groups](https://console.aws.amazon.com/cloudwatch/home#logsV2:log-groups) 3. Select the log group that matches the name of your cluster. 4. Select the log stream for control or worker type nodes. - - + + ### Node shell access diff --git a/docs/versioned_docs/version-2.8/architecture/attestation.md b/docs/versioned_docs/version-2.8/architecture/attestation.md index 07ac3aa72..592063193 100644 --- a/docs/versioned_docs/version-2.8/architecture/attestation.md +++ b/docs/versioned_docs/version-2.8/architecture/attestation.md @@ -121,8 +121,8 @@ Constellation allows to specify in the config which measurements should be enfor Enforcing non-reproducible measurements controlled by the cloud provider means that changes in these values require manual updates to the cluster's config. By default, Constellation only enforces measurements that are stable values produced by the infrastructure or by Constellation directly. - - + + Constellation uses the [vTPM](https://docs.microsoft.com/en-us/azure/virtual-machines/trusted-launch#vtpm) feature of Azure CVMs for runtime measurements. This vTPM adheres to the [TPM 2.0](https://trustedcomputinggroup.org/resource/tpm-library-specification/) specification. @@ -152,8 +152,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://cloud.google.com/compute/confidential-vm/docs/about-cvm) feature of CVMs on GCP for runtime measurements. Note that this vTPM doesn't run inside the hardware-protected CVM context, but is emulated by the hypervisor. @@ -185,8 +185,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) (NitroTPM) feature of the [AWS Nitro System](http://aws.amazon.com/ec2/nitro/) on AWS for runtime measurements. @@ -217,16 +217,16 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + ### CVM verification To verify the integrity of the received attestation statement, a chain of trust from the CVM technology to the interface providing the statement has to be established. For verification of the CVM technology, Constellation may expose additional options in its config file. - - + + On Azure, AMD SEV-SNP is used to provide runtime encryption to the VMs. An SEV-SNP attestation report is used to establish trust in the vTPM running inside the VM. @@ -248,18 +248,18 @@ You may customize certain parameters for verification of the attestation stateme More explicitly, it controls the verification of the `IDKeyDigest` value in the SEV-SNP attestation report. You can provide a list of accepted key digests and specify a policy on how this list is compared against the reported `IDKeyDigest`. - - + + There is no additional configuration available for GCP. - - + + There is no additional configuration available for AWS. - - + + ## Cluster attestation diff --git a/docs/versioned_docs/version-2.8/getting-started/first-steps-local.md b/docs/versioned_docs/version-2.8/getting-started/first-steps-local.md index 707074bb9..81d8e141d 100644 --- a/docs/versioned_docs/version-2.8/getting-started/first-steps-local.md +++ b/docs/versioned_docs/version-2.8/getting-started/first-steps-local.md @@ -30,8 +30,8 @@ Both options use virtualization to create a local cluster with control-plane nod ## Create a cluster - - + + With the `constellation mini` command, you can deploy and test Constellation locally. This mode is called MiniConstellation. Conceptually, MiniConstellation is similar to [MicroK8s](https://microk8s.io/), [K3s](https://k3s.io/), and [minikube](https://minikube.sigs.k8s.io/docs/). @@ -59,8 +59,8 @@ constellation mini up This will configure your current directory as the [workspace](../architecture/orchestration.md#workspaces) for this cluster. All `constellation` commands concerning this cluster need to be issued from this directory. - - + + With the QEMU provider, you can create a local Constellation cluster as if it were in the cloud. The provider uses [QEMU](https://www.qemu.org/) to create multiple VMs for the cluster nodes, which interact with each other. @@ -138,8 +138,8 @@ attaching persistent storage, or autoscaling aren't available. export KUBECONFIG="$PWD/constellation-admin.conf" ``` - - + + ## Connect to the cluster @@ -192,8 +192,8 @@ worker-0 Ready 32s v1.24.6 ## Terminate your cluster - - + + Once you are done, you can clean up the created resources using the following command: @@ -204,8 +204,8 @@ constellation mini down This will destroy your cluster and clean up your workspace. The VM image and cluster configuration file (`constellation-conf.yaml`) will be kept and may be reused to create new clusters. - - + + Once you are done, you can clean up the created resources using the following command: @@ -233,8 +233,8 @@ Your Constellation cluster was terminated successfully. This will destroy your cluster and clean up your workspace. The VM image and cluster configuration file (`constellation-conf.yaml`) will be kept and may be reused to create new clusters. - - + + ## Troubleshooting diff --git a/docs/versioned_docs/version-2.8/getting-started/first-steps.md b/docs/versioned_docs/version-2.8/getting-started/first-steps.md index 4449e6d37..43ed0f923 100644 --- a/docs/versioned_docs/version-2.8/getting-started/first-steps.md +++ b/docs/versioned_docs/version-2.8/getting-started/first-steps.md @@ -17,9 +17,9 @@ If you encounter any problem with the following steps, make sure to use the [lat First, you need to create a [configuration file](../workflows/config.md) and an [IAM configuration](../workflows/config.md#creating-an-iam-configuration). The easiest way to do this is the following CLI command: - + - + ```bash constellation iam create azure --region=westus --resourceGroup=constellTest --servicePrincipal=spTest --generate-config @@ -34,9 +34,9 @@ If you encounter any problem with the following steps, make sure to use the [lat * `westeurope` * `southeastasia` - + - + ```bash constellation iam create gcp --projectID=yourproject-12345 --zone=europe-west2-a --serviceAccountID=constell-test --generate-config @@ -46,9 +46,9 @@ If you encounter any problem with the following steps, make sure to use the [lat Note that only regions offering CVMs of the `C2D` or `N2D` series are supported. You can find a [list of all regions in Google's documentation](https://cloud.google.com/compute/docs/regions-zones#available), which you can filter by machine type `C2D` or `N2D`. - + - + ```bash constellation iam create aws --zone=eu-central-1a --prefix=constellTest --generate-config @@ -67,8 +67,8 @@ If you encounter any problem with the following steps, make sure to use the [lat You can find a list of all [regions in AWS's documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions). - - + + :::tip To learn about all options you have for managing IAM resources and Constellation configuration, see the [Configuration workflow](../workflows/config.md). diff --git a/docs/versioned_docs/version-2.8/getting-started/install.md b/docs/versioned_docs/version-2.8/getting-started/install.md index 11167c34c..2aa274b98 100644 --- a/docs/versioned_docs/version-2.8/getting-started/install.md +++ b/docs/versioned_docs/version-2.8/getting-started/install.md @@ -18,8 +18,8 @@ Make sure the following requirements are met: The CLI executable is available at [GitHub](https://github.com/edgelesssys/constellation/releases). Install it with the following commands: - - + + 1. Download the CLI: @@ -35,8 +35,8 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-amd64 /usr/local/bin/constellation ``` - - + + 1. Download the CLI: @@ -52,9 +52,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-arm64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -70,9 +70,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-arm64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -88,8 +88,8 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-amd64 /usr/local/bin/constellation ``` - - + + :::tip The CLI supports autocompletion for various shells. To set it up, run `constellation completion` and follow the given steps. @@ -105,39 +105,42 @@ If you don't have a cloud subscription, you can also set up a [local Constellati ### Required permissions - - + + The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription: -* `Microsoft.Attestation` -* `Microsoft.Compute` -* `Microsoft.Insights` -* `Microsoft.ManagedIdentity` -* `Microsoft.Network` + +- `Microsoft.Attestation` +- `Microsoft.Compute` +- `Microsoft.Insights` +- `Microsoft.ManagedIdentity` +- `Microsoft.Network` By default, Constellation tries to register these automatically if they haven't been registered before. To [create the IAM configuration](../workflows/config.md#creating-an-iam-configuration) for Constellation, you need the following permissions: -* `*/register/action` \[1] -* `Microsoft.Authorization/roleAssignments/*` -* `Microsoft.Authorization/roleDefinitions/*` -* `Microsoft.ManagedIdentity/userAssignedIdentities/*` -* `Microsoft.Resources/subscriptions/resourcegroups/*` + +- `*/register/action` \[1] +- `Microsoft.Authorization/roleAssignments/*` +- `Microsoft.Authorization/roleDefinitions/*` +- `Microsoft.ManagedIdentity/userAssignedIdentities/*` +- `Microsoft.Resources/subscriptions/resourcegroups/*` The built-in `Owner` role is a superset of these permissions. To [create a Constellation cluster](../workflows/create.md#the-create-step), you need the following permissions: -* `Microsoft.Attestation/attestationProviders/*` -* `Microsoft.Compute/virtualMachineScaleSets/*` -* `Microsoft.Insights/components/*` -* `Microsoft.ManagedIdentity/userAssignedIdentities/*` -* `Microsoft.Network/loadBalancers/*` -* `Microsoft.Network/loadBalancers/backendAddressPools/*` -* `Microsoft.Network/networkSecurityGroups/*` -* `Microsoft.Network/publicIPAddresses/*` -* `Microsoft.Network/virtualNetworks/*` -* `Microsoft.Network/virtualNetworks/subnets/*` -* `Microsoft.Network/natGateways/*` + +- `Microsoft.Attestation/attestationProviders/*` +- `Microsoft.Compute/virtualMachineScaleSets/*` +- `Microsoft.Insights/components/*` +- `Microsoft.ManagedIdentity/userAssignedIdentities/*` +- `Microsoft.Network/loadBalancers/*` +- `Microsoft.Network/loadBalancers/backendAddressPools/*` +- `Microsoft.Network/networkSecurityGroups/*` +- `Microsoft.Network/publicIPAddresses/*` +- `Microsoft.Network/virtualNetworks/*` +- `Microsoft.Network/virtualNetworks/subnets/*` +- `Microsoft.Network/natGateways/*` The built-in `Contributor` role is a superset of these permissions. @@ -145,89 +148,91 @@ Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/az 1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration. - - + + Create a new project for Constellation or use an existing one. Enable the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com) on it. To [create the IAM configuration](../workflows/config.md#creating-an-iam-configuration) for Constellation, you need the following permissions: -* `iam.serviceAccountKeys.create` -* `iam.serviceAccountKeys.delete` -* `iam.serviceAccountKeys.get` -* `iam.serviceAccounts.create` -* `iam.serviceAccounts.delete` -* `iam.serviceAccounts.get` -* `resourcemanager.projects.getIamPolicy` -* `resourcemanager.projects.setIamPolicy` + +- `iam.serviceAccountKeys.create` +- `iam.serviceAccountKeys.delete` +- `iam.serviceAccountKeys.get` +- `iam.serviceAccounts.create` +- `iam.serviceAccounts.delete` +- `iam.serviceAccounts.get` +- `resourcemanager.projects.getIamPolicy` +- `resourcemanager.projects.setIamPolicy` Together, the built-in roles `roles/editor` and `roles/resourcemanager.projectIamAdmin` form a superset of these permissions. To [create a Constellation cluster](../workflows/create.md#the-create-step), you need the following permissions: -* `compute.addresses.createInternal` -* `compute.addresses.deleteInternal` -* `compute.addresses.get` -* `compute.addresses.useInternal` -* `compute.backendServices.create` -* `compute.backendServices.delete` -* `compute.backendServices.get` -* `compute.backendServices.use` -* `compute.disks.create` -* `compute.firewalls.create` -* `compute.firewalls.delete` -* `compute.firewalls.get` -* `compute.globalAddresses.create` -* `compute.globalAddresses.delete` -* `compute.globalAddresses.get` -* `compute.globalAddresses.use` -* `compute.globalForwardingRules.create` -* `compute.globalForwardingRules.delete` -* `compute.globalForwardingRules.get` -* `compute.globalForwardingRules.setLabels` -* `compute.globalOperations.get` -* `compute.healthChecks.create` -* `compute.healthChecks.delete` -* `compute.healthChecks.get` -* `compute.healthChecks.useReadOnly` -* `compute.instanceGroupManagers.create` -* `compute.instanceGroupManagers.delete` -* `compute.instanceGroupManagers.get` -* `compute.instanceGroups.create` -* `compute.instanceGroups.delete` -* `compute.instanceGroups.get` -* `compute.instanceGroups.use` -* `compute.instances.create` -* `compute.instances.setLabels` -* `compute.instances.setMetadata` -* `compute.instances.setTags` -* `compute.instanceTemplates.create` -* `compute.instanceTemplates.delete` -* `compute.instanceTemplates.get` -* `compute.instanceTemplates.useReadOnly` -* `compute.networks.create` -* `compute.networks.delete` -* `compute.networks.get` -* `compute.networks.updatePolicy` -* `compute.routers.create` -* `compute.routers.delete` -* `compute.routers.get` -* `compute.routers.update` -* `compute.subnetworks.create` -* `compute.subnetworks.delete` -* `compute.subnetworks.get` -* `compute.subnetworks.use` -* `compute.targetTcpProxies.create` -* `compute.targetTcpProxies.delete` -* `compute.targetTcpProxies.get` -* `compute.targetTcpProxies.use` -* `iam.serviceAccounts.actAs` + +- `compute.addresses.createInternal` +- `compute.addresses.deleteInternal` +- `compute.addresses.get` +- `compute.addresses.useInternal` +- `compute.backendServices.create` +- `compute.backendServices.delete` +- `compute.backendServices.get` +- `compute.backendServices.use` +- `compute.disks.create` +- `compute.firewalls.create` +- `compute.firewalls.delete` +- `compute.firewalls.get` +- `compute.globalAddresses.create` +- `compute.globalAddresses.delete` +- `compute.globalAddresses.get` +- `compute.globalAddresses.use` +- `compute.globalForwardingRules.create` +- `compute.globalForwardingRules.delete` +- `compute.globalForwardingRules.get` +- `compute.globalForwardingRules.setLabels` +- `compute.globalOperations.get` +- `compute.healthChecks.create` +- `compute.healthChecks.delete` +- `compute.healthChecks.get` +- `compute.healthChecks.useReadOnly` +- `compute.instanceGroupManagers.create` +- `compute.instanceGroupManagers.delete` +- `compute.instanceGroupManagers.get` +- `compute.instanceGroups.create` +- `compute.instanceGroups.delete` +- `compute.instanceGroups.get` +- `compute.instanceGroups.use` +- `compute.instances.create` +- `compute.instances.setLabels` +- `compute.instances.setMetadata` +- `compute.instances.setTags` +- `compute.instanceTemplates.create` +- `compute.instanceTemplates.delete` +- `compute.instanceTemplates.get` +- `compute.instanceTemplates.useReadOnly` +- `compute.networks.create` +- `compute.networks.delete` +- `compute.networks.get` +- `compute.networks.updatePolicy` +- `compute.routers.create` +- `compute.routers.delete` +- `compute.routers.get` +- `compute.routers.update` +- `compute.subnetworks.create` +- `compute.subnetworks.delete` +- `compute.subnetworks.get` +- `compute.subnetworks.use` +- `compute.targetTcpProxies.create` +- `compute.targetTcpProxies.delete` +- `compute.targetTcpProxies.get` +- `compute.targetTcpProxies.use` +- `iam.serviceAccounts.actAs` Together, the built-in roles `roles/editor`, `roles/compute.instanceAdmin` and `roles/resourcemanager.projectIamAdmin` form a superset of these permissions. Follow Google's guide on [understanding](https://cloud.google.com/iam/docs/understanding-roles) and [assigning roles](https://cloud.google.com/iam/docs/granting-changing-revoking-access). - - + + To set up a Constellation cluster, you need to perform two tasks that require permissions: create the infrastructure and create roles for cluster nodes. Both of these actions can be performed by different users, e.g., an administrator to create roles and a DevOps engineer to create the infrastructure. @@ -362,8 +367,8 @@ The built-in `PowerUserAccess` policy is a superset of these permissions. Follow Amazon's guide on [understanding](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) and [managing policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html). - - + + ### Authentication @@ -373,8 +378,8 @@ You need to authenticate with your CSP. The following lists the required steps f The steps for a *testing* environment are simpler. However, they may expose secrets to the CSP. If in doubt, follow the *production* steps. ::: - - + + **Testing** @@ -390,8 +395,8 @@ az login Other options are described in Azure's [authentication guide](https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli). - - + + **Testing** @@ -414,8 +419,8 @@ Use one of the following options on a trusted machine: Follow [Google's guide](https://cloud.google.com/docs/authentication/production#manually) for setting up your credentials. - - + + **Testing** @@ -431,9 +436,9 @@ aws configure Options and first steps are described in the [AWS CLI documentation](https://docs.aws.amazon.com/cli/index.html). - + - + ## Next steps diff --git a/docs/versioned_docs/version-2.8/workflows/config.md b/docs/versioned_docs/version-2.8/workflows/config.md index ca1719b85..3330abe8a 100644 --- a/docs/versioned_docs/version-2.8/workflows/config.md +++ b/docs/versioned_docs/version-2.8/workflows/config.md @@ -14,29 +14,29 @@ Before you can create your cluster, you need to configure the identity and acces You can generate a configuration file for your CSP by using the following CLI command: - - + + ```bash constellation config generate azure ``` - - + + ```bash constellation config generate gcp ``` - - + + ```bash constellation config generate aws ``` - - + + This creates the file `constellation-conf.yaml` in the current directory. @@ -47,25 +47,25 @@ You can also automatically generate a configuration file by adding the `--genera ## Choosing a VM type Constellation supports the following VM types: - - + + By default, Constellation uses `Standard_DC4as_v5` CVMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. For CVMs, any VM type with a minimum of 4 vCPUs from the [DCasv5 & DCadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/dcasv5-dcadsv5-series) or [ECasv5 & ECadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/ecasv5-ecadsv5-series) families is supported. You can also run `constellation config instance-types` to get the list of all supported options. - - + + By default, Constellation uses `n2d-standard-4` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. Supported are all machines with a minimum of 4 vCPUs from the [C2D](https://cloud.google.com/compute/docs/compute-optimized-machines#c2d_machine_types) or [N2D](https://cloud.google.com/compute/docs/general-purpose-machines#n2d_machines) family. You can run `constellation config instance-types` to get the list of all supported options. - - + + By default, Constellation uses `m6a.xlarge` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. Supported are all nitroTPM-enabled machines with a minimum of 4 vCPUs (`xlarge` or larger). Refer to the [list of nitroTPM-enabled instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enable-nitrotpm-prerequisites.html) or run `constellation config instance-types` to get the list of all supported options. - - + + Fill the desired VM type into the **instanceType** field in the `constellation-conf.yml` file. @@ -79,8 +79,8 @@ See also Constellation's [Kubernetes support policy](../architecture/versions.md You can create an IAM configuration for your cluster automatically using the `constellation iam create` command. If you haven't generated a configuration file yet, you can do so by adding the `--generate-config` flag to the command. This creates a configuration file and populates it with the created IAM values. - - + + You must be authenticated with the [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -104,8 +104,8 @@ Paste the output into the corresponding fields of the `constellation-conf.yaml` Since `clientSecretValue` is a sensitive value, you can leave it empty in the configuration file and pass it via an environment variable instead. To this end, create the environment variable `CONSTELL_AZURE_CLIENT_SECRET_VALUE` and set it to the secret value. ::: - - + + You must be authenticated with the [GCP CLI](https://cloud.google.com/sdk/gcloud) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -119,8 +119,8 @@ Note that only regions offering CVMs of the `C2D` or `N2D` series are supported. Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + + You must be authenticated with the [AWS CLI](https://aws.amazon.com/en/cli/) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -144,16 +144,16 @@ You can find a list of all [regions in AWS's documentation](https://docs.aws.ama Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + +
    Alternatively, you can manually create the IAM configuration on your CSP. The following describes the configuration fields and how you obtain the required information or create the required resources. - - + + * **subscription**: The UUID of your Azure subscription, e.g., `8b8bd01f-efd9-4113-9bd1-c82137c32da7`. @@ -198,9 +198,9 @@ The following describes the configuration fields and how you obtain the required Since this is a sensitive value, alternatively you can leave `clientSecretValue` empty in the configuration file and pass it via an environment variable instead. To this end, create the environment variable `CONSTELL_AZURE_CLIENT_SECRET_VALUE` and set it to the secret value. ::: - + - + * **project**: The ID of your GCP project, e.g., `constellation-129857`. @@ -224,9 +224,9 @@ The following describes the configuration fields and how you obtain the required Afterward, create and download a new JSON key for this service account. Place the downloaded file in your Constellation workspace, and set the config parameter to the filename, e.g., `constellation-129857-15343dba46cb.json`. - + - + * **region**: The name of your chosen AWS data center region, e.g., `us-east-2`. @@ -257,9 +257,9 @@ The following describes the configuration fields and how you obtain the required Alternatively, you can create the AWS profile with a tool of your choice. Use the JSON policy in [main.tf](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam/main.tf) in the resource `aws_iam_policy.worker_node_policy`. - + - +
    Now that you've configured your CSP, you can [create your cluster](./create.md). diff --git a/docs/versioned_docs/version-2.8/workflows/create.md b/docs/versioned_docs/version-2.8/workflows/create.md index 33d2f12f8..5c4dd2948 100644 --- a/docs/versioned_docs/version-2.8/workflows/create.md +++ b/docs/versioned_docs/version-2.8/workflows/create.md @@ -26,8 +26,8 @@ Before you create the cluster, make sure to have a [valid configuration file](./ ### Create - - + + Choose the initial size of your cluster. The following command creates a cluster with one control-plane and two worker nodes: @@ -40,8 +40,8 @@ For details on the flags, consult the command help via `constellation create -h` *create* stores your cluster's state in a [`constellation-terraform`](../architecture/orchestration.md#cluster-creation-process) directory in your workspace. - - + + Terraform allows for an easier GitOps integration as well as meeting regulatory requirements. Since the Constellation CLI also uses Terraform under the hood, you can reuse the same Terraform files. @@ -80,8 +80,8 @@ CONSTELL_CSP=$(cat constellation-conf.yaml | yq ".provider | keys | .[0]") jq --null-input --arg cloudprovider "$CONSTELL_CSP" --arg ip "$CONSTELL_IP" --arg initsecret "$CONSTELL_INIT_SECRET" '{"cloudprovider":$cloudprovider,"ip":$ip,"initsecret":$initsecret}' > constellation-id.json ``` - - + + ## The *init* step diff --git a/docs/versioned_docs/version-2.8/workflows/recovery.md b/docs/versioned_docs/version-2.8/workflows/recovery.md index c26fb32eb..35596b8c9 100644 --- a/docs/versioned_docs/version-2.8/workflows/recovery.md +++ b/docs/versioned_docs/version-2.8/workflows/recovery.md @@ -16,8 +16,8 @@ You can check the health status of the nodes via the cloud service provider (CSP Constellation provides logging information on the boot process and status via [cloud logging](troubleshooting.md#cloud-logging). In the following, you'll find detailed descriptions for identifying clusters stuck in recovery for each CSP. - - + + In the Azure portal, find the cluster's resource group. Inside the resource group, open the control plane *Virtual machine scale set* `constellation-scale-set-controlplanes-`. @@ -51,8 +51,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + First, check that the control plane *Instance Group* has enough members in a *Ready* state. In the GCP Console, go to **Instance Groups** and check the group for the cluster's control plane `-control-plane-`. @@ -87,8 +87,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + First, open the AWS console to view all Auto Scaling Groups (ASGs) in the region of your cluster. Select the ASG of the control plane `--control-plane` and check that enough members are in a *Running* state. @@ -118,8 +118,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + ## Recover a cluster diff --git a/docs/versioned_docs/version-2.8/workflows/scale.md b/docs/versioned_docs/version-2.8/workflows/scale.md index 9531e90c9..46b048870 100644 --- a/docs/versioned_docs/version-2.8/workflows/scale.md +++ b/docs/versioned_docs/version-2.8/workflows/scale.md @@ -48,30 +48,30 @@ kubectl -n kube-system get nodes Alternatively, you can manually scale your cluster up or down: - - + + 1. Find your Constellation resource group. 2. Select the `scale-set-workers`. 3. Go to **settings** and **scaling**. 4. Set the new **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **worker** instance group. 3. Set the new **number of instances** and **save**. - - + + 1. Go to Auto Scaling Groups and select the worker ASG to scale up. 2. Click **Edit** 3. Set the new (increased) **Desired capacity** and **Update**. - - + + ## Control-plane node scaling @@ -79,30 +79,30 @@ Control-plane nodes can **only be scaled manually and only scaled up**! To increase the number of control-plane nodes, follow these steps: - + - + 1. Find your Constellation resource group. 2. Select the `scale-set-controlplanes`. 3. Go to **settings** and **scaling**. 4. Set the new (increased) **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **control-plane** instance group. 3. Set the new (increased) **number of instances** and **save**. - - + + 1. Go to Auto Scaling Groups and select the control-plane ASG to scale up. 2. Click **Edit** 3. Set the new (increased) **Desired capacity** and **Update**. - - + + If you scale down the number of control-planes nodes, the removed nodes won't be able to exit the `etcd` cluster correctly. This will endanger the quorum that's required to run a stable Kubernetes control plane. diff --git a/docs/versioned_docs/version-2.8/workflows/storage.md b/docs/versioned_docs/version-2.8/workflows/storage.md index d0e5b188f..be9998676 100644 --- a/docs/versioned_docs/version-2.8/workflows/storage.md +++ b/docs/versioned_docs/version-2.8/workflows/storage.md @@ -21,14 +21,14 @@ For more details see [encrypted persistent storage](../architecture/encrypted-st Constellation supports the following drivers, which offer node-level encryption and optional integrity protection. - - + + **Constellation CSI driver for Azure Disk**: Mount Azure [Disk Storage](https://azure.microsoft.com/en-us/services/storage/disks/#overview) into your Constellation cluster. See the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-azuredisk-csi-driver) for more information. Since Azure Disks are mounted as ReadWriteOnce, they're only available to a single pod. - - + + **Constellation CSI driver for GCP Persistent Disk**: Mount [Persistent Disk](https://cloud.google.com/persistent-disk) block storage into your Constellation cluster. @@ -36,8 +36,8 @@ This includes support for [volume snapshots](https://cloud.google.com/kubernetes You can use them to bring a volume back to a prior state or provision new volumes. Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-gcp-compute-persistent-disk-csi-driver) for information about the configuration. - - + + :::caution @@ -47,8 +47,8 @@ You may use other (non-confidential) CSI drivers that are compatible with Kubern ::: - - + + Note that in case the options above aren't a suitable solution for you, Constellation is compatible with all other CSI-based storage options. For example, you can use [Azure Files](https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction) or [GCP Filestore](https://cloud.google.com/filestore) with Constellation out of the box. Constellation is just not providing transparent encryption on the node level for these storage types yet. @@ -57,8 +57,8 @@ Note that in case the options above aren't a suitable solution for you, Constell The Constellation CLI automatically installs Constellation's CSI driver for the selected CSP in your cluster. If you don't need a CSI driver or wish to deploy your own, you can disable the automatic installation by setting `deployCSIDriver` to `false` in your Constellation config file. - - + + Azure comes with two storage classes by default. @@ -86,8 +86,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + GCP comes with two storage classes by default. @@ -115,8 +115,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + :::caution @@ -126,8 +126,8 @@ You may use other (non-confidential) CSI drivers that are compatible with Kubern ::: - - + + 1. Create a [persistent volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) @@ -186,8 +186,8 @@ The default storage class is responsible for all persistent volume claims that d Constellation creates a storage class with encryption enabled and sets this as the default class. In case you wish to change it, follow the steps below: - - + + 1. List the storage classes in your cluster: @@ -233,8 +233,8 @@ In case you wish to change it, follow the steps below: integrity-encrypted-rwo (default) azuredisk.csi.confidential.cloud Delete Immediate false 1d ``` - - + + 1. List the storage classes in your cluster: @@ -280,8 +280,8 @@ In case you wish to change it, follow the steps below: integrity-encrypted-rwo (default) gcp.csi.confidential.cloud Delete Immediate false 1d ``` - - + + :::caution @@ -291,5 +291,5 @@ You may use other (non-confidential) CSI drivers that are compatible with Kubern ::: - - + + diff --git a/docs/versioned_docs/version-2.8/workflows/terminate.md b/docs/versioned_docs/version-2.8/workflows/terminate.md index 6c1eebb14..f33489ca5 100644 --- a/docs/versioned_docs/version-2.8/workflows/terminate.md +++ b/docs/versioned_docs/version-2.8/workflows/terminate.md @@ -16,8 +16,8 @@ All ephemeral storage and state of your cluster will be lost. Make sure any data ::: - - + + Terminate the cluster by running: ```bash @@ -40,8 +40,8 @@ resources manually. Just run the `terminate` command again afterward to continue ::: - - + + Terminate the cluster by running: ```bash @@ -56,5 +56,5 @@ rm constellation-id.json constellation-admin.conf Only the `constellation-mastersecret.json` and the configuration file remain. - - + + diff --git a/docs/versioned_docs/version-2.8/workflows/troubleshooting.md b/docs/versioned_docs/version-2.8/workflows/troubleshooting.md index 2ddf3335d..cd095be28 100644 --- a/docs/versioned_docs/version-2.8/workflows/troubleshooting.md +++ b/docs/versioned_docs/version-2.8/workflows/troubleshooting.md @@ -75,8 +75,8 @@ To provide information during early stages of a node's boot process, Constellati You can view this information in the following places: - - + + 1. In your Azure subscription find the Constellation resource group. 2. Inside the resource group find the Application Insights resource called `constellation-insights-*`. @@ -86,8 +86,8 @@ You can view this information in the following places: To **find the disk UUIDs** use the following query: `traces | where message contains "Disk UUID"` - - + + 1. Select the project that hosts Constellation. 2. Go to the `Compute Engine` service. @@ -102,16 +102,16 @@ Constellation uses the default bucket to store logs. Its [default retention peri ::: - - + + 1. Open [AWS CloudWatch](https://console.aws.amazon.com/cloudwatch/home) 2. Select [Log Groups](https://console.aws.amazon.com/cloudwatch/home#logsV2:log-groups) 3. Select the log group that matches the name of your cluster. 4. Select the log stream for control or worker type nodes. - - + + ### Node shell access diff --git a/docs/versioned_docs/version-2.9/architecture/attestation.md b/docs/versioned_docs/version-2.9/architecture/attestation.md index 07ac3aa72..592063193 100644 --- a/docs/versioned_docs/version-2.9/architecture/attestation.md +++ b/docs/versioned_docs/version-2.9/architecture/attestation.md @@ -121,8 +121,8 @@ Constellation allows to specify in the config which measurements should be enfor Enforcing non-reproducible measurements controlled by the cloud provider means that changes in these values require manual updates to the cluster's config. By default, Constellation only enforces measurements that are stable values produced by the infrastructure or by Constellation directly. - - + + Constellation uses the [vTPM](https://docs.microsoft.com/en-us/azure/virtual-machines/trusted-launch#vtpm) feature of Azure CVMs for runtime measurements. This vTPM adheres to the [TPM 2.0](https://trustedcomputinggroup.org/resource/tpm-library-specification/) specification. @@ -152,8 +152,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://cloud.google.com/compute/confidential-vm/docs/about-cvm) feature of CVMs on GCP for runtime measurements. Note that this vTPM doesn't run inside the hardware-protected CVM context, but is emulated by the hypervisor. @@ -185,8 +185,8 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + Constellation uses the [vTPM](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) (NitroTPM) feature of the [AWS Nitro System](http://aws.amazon.com/ec2/nitro/) on AWS for runtime measurements. @@ -217,16 +217,16 @@ The latter means that the value can be generated offline and compared to the one | 15 | ClusterID | Constellation Bootstrapper | Yes | | 16–23 | Unused | - | - | - - + + ### CVM verification To verify the integrity of the received attestation statement, a chain of trust from the CVM technology to the interface providing the statement has to be established. For verification of the CVM technology, Constellation may expose additional options in its config file. - - + + On Azure, AMD SEV-SNP is used to provide runtime encryption to the VMs. An SEV-SNP attestation report is used to establish trust in the vTPM running inside the VM. @@ -248,18 +248,18 @@ You may customize certain parameters for verification of the attestation stateme More explicitly, it controls the verification of the `IDKeyDigest` value in the SEV-SNP attestation report. You can provide a list of accepted key digests and specify a policy on how this list is compared against the reported `IDKeyDigest`. - - + + There is no additional configuration available for GCP. - - + + There is no additional configuration available for AWS. - - + + ## Cluster attestation diff --git a/docs/versioned_docs/version-2.9/getting-started/first-steps-local.md b/docs/versioned_docs/version-2.9/getting-started/first-steps-local.md index 8fcd71811..f9cfa5cd3 100644 --- a/docs/versioned_docs/version-2.9/getting-started/first-steps-local.md +++ b/docs/versioned_docs/version-2.9/getting-started/first-steps-local.md @@ -45,8 +45,8 @@ sudo iptables -P FORWARD ACCEPT ## Create a cluster - - + + With the `constellation mini` command, you can deploy and test Constellation locally. This mode is called MiniConstellation. Conceptually, MiniConstellation is similar to [MicroK8s](https://microk8s.io/), [K3s](https://k3s.io/), and [minikube](https://minikube.sigs.k8s.io/docs/). @@ -74,8 +74,8 @@ constellation mini up This will configure your current directory as the [workspace](../architecture/orchestration.md#workspaces) for this cluster. All `constellation` commands concerning this cluster need to be issued from this directory. - - + + With the QEMU provider, you can create a local Constellation cluster as if it were in the cloud. The provider uses [QEMU](https://www.qemu.org/) to create multiple VMs for the cluster nodes, which interact with each other. @@ -153,8 +153,8 @@ attaching persistent storage, or autoscaling aren't available. export KUBECONFIG="$PWD/constellation-admin.conf" ``` - - + + ## Connect to the cluster @@ -207,8 +207,8 @@ worker-0 Ready 32s v1.24.6 ## Terminate your cluster - - + + Once you are done, you can clean up the created resources using the following command: @@ -219,8 +219,8 @@ constellation mini down This will destroy your cluster and clean up your workspace. The VM image and cluster configuration file (`constellation-conf.yaml`) will be kept and may be reused to create new clusters. - - + + Once you are done, you can clean up the created resources using the following command: @@ -248,8 +248,8 @@ Your Constellation cluster was terminated successfully. This will destroy your cluster and clean up your workspace. The VM image and cluster configuration file (`constellation-conf.yaml`) will be kept and may be reused to create new clusters. - - + + ## Troubleshooting diff --git a/docs/versioned_docs/version-2.9/getting-started/first-steps.md b/docs/versioned_docs/version-2.9/getting-started/first-steps.md index 0329c5776..a29ff276c 100644 --- a/docs/versioned_docs/version-2.9/getting-started/first-steps.md +++ b/docs/versioned_docs/version-2.9/getting-started/first-steps.md @@ -15,39 +15,39 @@ If you encounter any problem with the following steps, make sure to use the [lat 1. Create the [configuration file](../workflows/config.md) for your cloud provider. - + - + ```bash constellation config generate azure ``` - + - + ```bash constellation config generate gcp ``` - + - + ```bash constellation config generate aws ``` - + - + 2. Create your [IAM configuration](../workflows/config.md#creating-an-iam-configuration). - + - + ```bash constellation iam create azure --region=westus --resourceGroup=constellTest --servicePrincipal=spTest --update-config @@ -62,9 +62,9 @@ If you encounter any problem with the following steps, make sure to use the [lat * `westeurope` * `southeastasia` - + - + ```bash constellation iam create gcp --projectID=yourproject-12345 --zone=europe-west2-a --serviceAccountID=constell-test --update-config @@ -74,9 +74,9 @@ If you encounter any problem with the following steps, make sure to use the [lat Note that only regions offering CVMs of the `C2D` or `N2D` series are supported. You can find a [list of all regions in Google's documentation](https://cloud.google.com/compute/docs/regions-zones#available), which you can filter by machine type `C2D` or `N2D`. - + - + ```bash constellation iam create aws --zone=us-east-2a --prefix=constellTest --update-config @@ -103,8 +103,8 @@ If you encounter any problem with the following steps, make sure to use the [lat You can find a list of all [regions in AWS's documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions). - - + + :::tip To learn about all options you have for managing IAM resources and Constellation configuration, see the [Configuration workflow](../workflows/config.md). diff --git a/docs/versioned_docs/version-2.9/getting-started/install.md b/docs/versioned_docs/version-2.9/getting-started/install.md index 11167c34c..2aa274b98 100644 --- a/docs/versioned_docs/version-2.9/getting-started/install.md +++ b/docs/versioned_docs/version-2.9/getting-started/install.md @@ -18,8 +18,8 @@ Make sure the following requirements are met: The CLI executable is available at [GitHub](https://github.com/edgelesssys/constellation/releases). Install it with the following commands: - - + + 1. Download the CLI: @@ -35,8 +35,8 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-amd64 /usr/local/bin/constellation ``` - - + + 1. Download the CLI: @@ -52,9 +52,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-linux-arm64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -70,9 +70,9 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-arm64 /usr/local/bin/constellation ``` - + - + 1. Download the CLI: @@ -88,8 +88,8 @@ curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/c sudo install constellation-darwin-amd64 /usr/local/bin/constellation ``` - - + + :::tip The CLI supports autocompletion for various shells. To set it up, run `constellation completion` and follow the given steps. @@ -105,39 +105,42 @@ If you don't have a cloud subscription, you can also set up a [local Constellati ### Required permissions - - + + The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription: -* `Microsoft.Attestation` -* `Microsoft.Compute` -* `Microsoft.Insights` -* `Microsoft.ManagedIdentity` -* `Microsoft.Network` + +- `Microsoft.Attestation` +- `Microsoft.Compute` +- `Microsoft.Insights` +- `Microsoft.ManagedIdentity` +- `Microsoft.Network` By default, Constellation tries to register these automatically if they haven't been registered before. To [create the IAM configuration](../workflows/config.md#creating-an-iam-configuration) for Constellation, you need the following permissions: -* `*/register/action` \[1] -* `Microsoft.Authorization/roleAssignments/*` -* `Microsoft.Authorization/roleDefinitions/*` -* `Microsoft.ManagedIdentity/userAssignedIdentities/*` -* `Microsoft.Resources/subscriptions/resourcegroups/*` + +- `*/register/action` \[1] +- `Microsoft.Authorization/roleAssignments/*` +- `Microsoft.Authorization/roleDefinitions/*` +- `Microsoft.ManagedIdentity/userAssignedIdentities/*` +- `Microsoft.Resources/subscriptions/resourcegroups/*` The built-in `Owner` role is a superset of these permissions. To [create a Constellation cluster](../workflows/create.md#the-create-step), you need the following permissions: -* `Microsoft.Attestation/attestationProviders/*` -* `Microsoft.Compute/virtualMachineScaleSets/*` -* `Microsoft.Insights/components/*` -* `Microsoft.ManagedIdentity/userAssignedIdentities/*` -* `Microsoft.Network/loadBalancers/*` -* `Microsoft.Network/loadBalancers/backendAddressPools/*` -* `Microsoft.Network/networkSecurityGroups/*` -* `Microsoft.Network/publicIPAddresses/*` -* `Microsoft.Network/virtualNetworks/*` -* `Microsoft.Network/virtualNetworks/subnets/*` -* `Microsoft.Network/natGateways/*` + +- `Microsoft.Attestation/attestationProviders/*` +- `Microsoft.Compute/virtualMachineScaleSets/*` +- `Microsoft.Insights/components/*` +- `Microsoft.ManagedIdentity/userAssignedIdentities/*` +- `Microsoft.Network/loadBalancers/*` +- `Microsoft.Network/loadBalancers/backendAddressPools/*` +- `Microsoft.Network/networkSecurityGroups/*` +- `Microsoft.Network/publicIPAddresses/*` +- `Microsoft.Network/virtualNetworks/*` +- `Microsoft.Network/virtualNetworks/subnets/*` +- `Microsoft.Network/natGateways/*` The built-in `Contributor` role is a superset of these permissions. @@ -145,89 +148,91 @@ Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/az 1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration. - - + + Create a new project for Constellation or use an existing one. Enable the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com) on it. To [create the IAM configuration](../workflows/config.md#creating-an-iam-configuration) for Constellation, you need the following permissions: -* `iam.serviceAccountKeys.create` -* `iam.serviceAccountKeys.delete` -* `iam.serviceAccountKeys.get` -* `iam.serviceAccounts.create` -* `iam.serviceAccounts.delete` -* `iam.serviceAccounts.get` -* `resourcemanager.projects.getIamPolicy` -* `resourcemanager.projects.setIamPolicy` + +- `iam.serviceAccountKeys.create` +- `iam.serviceAccountKeys.delete` +- `iam.serviceAccountKeys.get` +- `iam.serviceAccounts.create` +- `iam.serviceAccounts.delete` +- `iam.serviceAccounts.get` +- `resourcemanager.projects.getIamPolicy` +- `resourcemanager.projects.setIamPolicy` Together, the built-in roles `roles/editor` and `roles/resourcemanager.projectIamAdmin` form a superset of these permissions. To [create a Constellation cluster](../workflows/create.md#the-create-step), you need the following permissions: -* `compute.addresses.createInternal` -* `compute.addresses.deleteInternal` -* `compute.addresses.get` -* `compute.addresses.useInternal` -* `compute.backendServices.create` -* `compute.backendServices.delete` -* `compute.backendServices.get` -* `compute.backendServices.use` -* `compute.disks.create` -* `compute.firewalls.create` -* `compute.firewalls.delete` -* `compute.firewalls.get` -* `compute.globalAddresses.create` -* `compute.globalAddresses.delete` -* `compute.globalAddresses.get` -* `compute.globalAddresses.use` -* `compute.globalForwardingRules.create` -* `compute.globalForwardingRules.delete` -* `compute.globalForwardingRules.get` -* `compute.globalForwardingRules.setLabels` -* `compute.globalOperations.get` -* `compute.healthChecks.create` -* `compute.healthChecks.delete` -* `compute.healthChecks.get` -* `compute.healthChecks.useReadOnly` -* `compute.instanceGroupManagers.create` -* `compute.instanceGroupManagers.delete` -* `compute.instanceGroupManagers.get` -* `compute.instanceGroups.create` -* `compute.instanceGroups.delete` -* `compute.instanceGroups.get` -* `compute.instanceGroups.use` -* `compute.instances.create` -* `compute.instances.setLabels` -* `compute.instances.setMetadata` -* `compute.instances.setTags` -* `compute.instanceTemplates.create` -* `compute.instanceTemplates.delete` -* `compute.instanceTemplates.get` -* `compute.instanceTemplates.useReadOnly` -* `compute.networks.create` -* `compute.networks.delete` -* `compute.networks.get` -* `compute.networks.updatePolicy` -* `compute.routers.create` -* `compute.routers.delete` -* `compute.routers.get` -* `compute.routers.update` -* `compute.subnetworks.create` -* `compute.subnetworks.delete` -* `compute.subnetworks.get` -* `compute.subnetworks.use` -* `compute.targetTcpProxies.create` -* `compute.targetTcpProxies.delete` -* `compute.targetTcpProxies.get` -* `compute.targetTcpProxies.use` -* `iam.serviceAccounts.actAs` + +- `compute.addresses.createInternal` +- `compute.addresses.deleteInternal` +- `compute.addresses.get` +- `compute.addresses.useInternal` +- `compute.backendServices.create` +- `compute.backendServices.delete` +- `compute.backendServices.get` +- `compute.backendServices.use` +- `compute.disks.create` +- `compute.firewalls.create` +- `compute.firewalls.delete` +- `compute.firewalls.get` +- `compute.globalAddresses.create` +- `compute.globalAddresses.delete` +- `compute.globalAddresses.get` +- `compute.globalAddresses.use` +- `compute.globalForwardingRules.create` +- `compute.globalForwardingRules.delete` +- `compute.globalForwardingRules.get` +- `compute.globalForwardingRules.setLabels` +- `compute.globalOperations.get` +- `compute.healthChecks.create` +- `compute.healthChecks.delete` +- `compute.healthChecks.get` +- `compute.healthChecks.useReadOnly` +- `compute.instanceGroupManagers.create` +- `compute.instanceGroupManagers.delete` +- `compute.instanceGroupManagers.get` +- `compute.instanceGroups.create` +- `compute.instanceGroups.delete` +- `compute.instanceGroups.get` +- `compute.instanceGroups.use` +- `compute.instances.create` +- `compute.instances.setLabels` +- `compute.instances.setMetadata` +- `compute.instances.setTags` +- `compute.instanceTemplates.create` +- `compute.instanceTemplates.delete` +- `compute.instanceTemplates.get` +- `compute.instanceTemplates.useReadOnly` +- `compute.networks.create` +- `compute.networks.delete` +- `compute.networks.get` +- `compute.networks.updatePolicy` +- `compute.routers.create` +- `compute.routers.delete` +- `compute.routers.get` +- `compute.routers.update` +- `compute.subnetworks.create` +- `compute.subnetworks.delete` +- `compute.subnetworks.get` +- `compute.subnetworks.use` +- `compute.targetTcpProxies.create` +- `compute.targetTcpProxies.delete` +- `compute.targetTcpProxies.get` +- `compute.targetTcpProxies.use` +- `iam.serviceAccounts.actAs` Together, the built-in roles `roles/editor`, `roles/compute.instanceAdmin` and `roles/resourcemanager.projectIamAdmin` form a superset of these permissions. Follow Google's guide on [understanding](https://cloud.google.com/iam/docs/understanding-roles) and [assigning roles](https://cloud.google.com/iam/docs/granting-changing-revoking-access). - - + + To set up a Constellation cluster, you need to perform two tasks that require permissions: create the infrastructure and create roles for cluster nodes. Both of these actions can be performed by different users, e.g., an administrator to create roles and a DevOps engineer to create the infrastructure. @@ -362,8 +367,8 @@ The built-in `PowerUserAccess` policy is a superset of these permissions. Follow Amazon's guide on [understanding](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) and [managing policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html). - - + + ### Authentication @@ -373,8 +378,8 @@ You need to authenticate with your CSP. The following lists the required steps f The steps for a *testing* environment are simpler. However, they may expose secrets to the CSP. If in doubt, follow the *production* steps. ::: - - + + **Testing** @@ -390,8 +395,8 @@ az login Other options are described in Azure's [authentication guide](https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli). - - + + **Testing** @@ -414,8 +419,8 @@ Use one of the following options on a trusted machine: Follow [Google's guide](https://cloud.google.com/docs/authentication/production#manually) for setting up your credentials. - - + + **Testing** @@ -431,9 +436,9 @@ aws configure Options and first steps are described in the [AWS CLI documentation](https://docs.aws.amazon.com/cli/index.html). - + - + ## Next steps diff --git a/docs/versioned_docs/version-2.9/workflows/config.md b/docs/versioned_docs/version-2.9/workflows/config.md index 7d4a297fb..43313d88e 100644 --- a/docs/versioned_docs/version-2.9/workflows/config.md +++ b/docs/versioned_docs/version-2.9/workflows/config.md @@ -14,49 +14,49 @@ Before you can create your cluster, you need to configure the identity and acces You can generate a configuration file for your CSP by using the following CLI command: - - + + ```bash constellation config generate azure ``` - - + + ```bash constellation config generate gcp ``` - - + + ```bash constellation config generate aws ``` - - + + This creates the file `constellation-conf.yaml` in the current directory. ## Choosing a VM type Constellation supports the following VM types: - - + + By default, Constellation uses `Standard_DC4as_v5` CVMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. For CVMs, any VM type with a minimum of 4 vCPUs from the [DCasv5 & DCadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/dcasv5-dcadsv5-series) or [ECasv5 & ECadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/ecasv5-ecadsv5-series) families is supported. You can also run `constellation config instance-types` to get the list of all supported options. - - + + By default, Constellation uses `n2d-standard-4` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. Supported are all machines with a minimum of 4 vCPUs from the [C2D](https://cloud.google.com/compute/docs/compute-optimized-machines#c2d_machine_types) or [N2D](https://cloud.google.com/compute/docs/general-purpose-machines#n2d_machines) family. You can run `constellation config instance-types` to get the list of all supported options. - - + + By default, Constellation uses `m6a.xlarge` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying **instanceType** in the configuration file. @@ -75,8 +75,8 @@ AWS is currently investigating the issue. SNP-based attestation will be enabled as soon as a fix is verified. ::: - - + + Fill the desired VM type into the **instanceType** field in the `constellation-conf.yml` file. @@ -90,8 +90,8 @@ See also Constellation's [Kubernetes support policy](../architecture/versions.md You can create an IAM configuration for your cluster automatically using the `constellation iam create` command. If you already have a Constellation configuration file, you can add the `--update-config` flag to the command. This writes the needed IAM fields into your configuration. Furthermore, the flag updates the zone/region of the configuration if it hasn't been set yet. - - + + You must be authenticated with the [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -111,8 +111,8 @@ Note that CVMs are currently only supported in a few regions, check [Azure's pro Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + + You must be authenticated with the [GCP CLI](https://cloud.google.com/sdk/gcloud) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -126,8 +126,8 @@ Note that only regions offering CVMs of the `C2D` or `N2D` series are supported. Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + + You must be authenticated with the [AWS CLI](https://aws.amazon.com/en/cli/) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). @@ -151,16 +151,16 @@ You can find a list of all [regions in AWS's documentation](https://docs.aws.ama Paste the output into the corresponding fields of the `constellation-conf.yaml` file. - - + +
    Alternatively, you can manually create the IAM configuration on your CSP. The following describes the configuration fields and how you obtain the required information or create the required resources. - - + + * **subscription**: The UUID of your Azure subscription, e.g., `8b8bd01f-efd9-4113-9bd1-c82137c32da7`. @@ -189,9 +189,9 @@ The following describes the configuration fields and how you obtain the required The user-assigned identity is used by instances of the cluster to access other cloud resources. For more information about managed identities refer to [Azure's documentation](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities). - + - + * **project**: The ID of your GCP project, e.g., `constellation-129857`. @@ -215,9 +215,9 @@ The following describes the configuration fields and how you obtain the required Afterward, create and download a new JSON key for this service account. Place the downloaded file in your Constellation workspace, and set the config parameter to the filename, e.g., `constellation-129857-15343dba46cb.json`. - + - + * **region**: The name of your chosen AWS data center region, e.g., `us-east-2`. @@ -248,9 +248,9 @@ The following describes the configuration fields and how you obtain the required Alternatively, you can create the AWS profile with a tool of your choice. Use the JSON policy in [main.tf](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam/main.tf) in the resource `aws_iam_policy.worker_node_policy`. - + - +
    Now that you've configured your CSP, you can [create your cluster](./create.md). diff --git a/docs/versioned_docs/version-2.9/workflows/create.md b/docs/versioned_docs/version-2.9/workflows/create.md index 33d2f12f8..5c4dd2948 100644 --- a/docs/versioned_docs/version-2.9/workflows/create.md +++ b/docs/versioned_docs/version-2.9/workflows/create.md @@ -26,8 +26,8 @@ Before you create the cluster, make sure to have a [valid configuration file](./ ### Create - - + + Choose the initial size of your cluster. The following command creates a cluster with one control-plane and two worker nodes: @@ -40,8 +40,8 @@ For details on the flags, consult the command help via `constellation create -h` *create* stores your cluster's state in a [`constellation-terraform`](../architecture/orchestration.md#cluster-creation-process) directory in your workspace. - - + + Terraform allows for an easier GitOps integration as well as meeting regulatory requirements. Since the Constellation CLI also uses Terraform under the hood, you can reuse the same Terraform files. @@ -80,8 +80,8 @@ CONSTELL_CSP=$(cat constellation-conf.yaml | yq ".provider | keys | .[0]") jq --null-input --arg cloudprovider "$CONSTELL_CSP" --arg ip "$CONSTELL_IP" --arg initsecret "$CONSTELL_INIT_SECRET" '{"cloudprovider":$cloudprovider,"ip":$ip,"initsecret":$initsecret}' > constellation-id.json ``` - - + + ## The *init* step diff --git a/docs/versioned_docs/version-2.9/workflows/recovery.md b/docs/versioned_docs/version-2.9/workflows/recovery.md index c26fb32eb..35596b8c9 100644 --- a/docs/versioned_docs/version-2.9/workflows/recovery.md +++ b/docs/versioned_docs/version-2.9/workflows/recovery.md @@ -16,8 +16,8 @@ You can check the health status of the nodes via the cloud service provider (CSP Constellation provides logging information on the boot process and status via [cloud logging](troubleshooting.md#cloud-logging). In the following, you'll find detailed descriptions for identifying clusters stuck in recovery for each CSP. - - + + In the Azure portal, find the cluster's resource group. Inside the resource group, open the control plane *Virtual machine scale set* `constellation-scale-set-controlplanes-`. @@ -51,8 +51,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + First, check that the control plane *Instance Group* has enough members in a *Ready* state. In the GCP Console, go to **Instance Groups** and check the group for the cluster's control plane `-control-plane-`. @@ -87,8 +87,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + First, open the AWS console to view all Auto Scaling Groups (ASGs) in the region of your cluster. Select the ASG of the control plane `--control-plane` and check that enough members are in a *Running* state. @@ -118,8 +118,8 @@ If this fails due to an unhealthy control plane, you will see log messages simil This means that you have to recover the node manually. - - + + ## Recover a cluster diff --git a/docs/versioned_docs/version-2.9/workflows/scale.md b/docs/versioned_docs/version-2.9/workflows/scale.md index 06898ad0c..63b727c7d 100644 --- a/docs/versioned_docs/version-2.9/workflows/scale.md +++ b/docs/versioned_docs/version-2.9/workflows/scale.md @@ -51,30 +51,30 @@ kubectl -n kube-system get nodes Alternatively, you can manually scale your cluster up or down: - - + + 1. Find your Constellation resource group. 2. Select the `scale-set-workers`. 3. Go to **settings** and **scaling**. 4. Set the new **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **worker** instance group. 3. Set the new **number of instances** and **save**. - - + + 1. Go to Auto Scaling Groups and select the worker ASG to scale up. 2. Click **Edit** 3. Set the new (increased) **Desired capacity** and **Update**. - - + + ## Control-plane node scaling @@ -82,30 +82,30 @@ Control-plane nodes can **only be scaled manually and only scaled up**! To increase the number of control-plane nodes, follow these steps: - + - + 1. Find your Constellation resource group. 2. Select the `scale-set-controlplanes`. 3. Go to **settings** and **scaling**. 4. Set the new (increased) **instance count** and **save**. - - + + 1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). 2. **Edit** the **control-plane** instance group. 3. Set the new (increased) **number of instances** and **save**. - - + + 1. Go to Auto Scaling Groups and select the control-plane ASG to scale up. 2. Click **Edit** 3. Set the new (increased) **Desired capacity** and **Update**. - - + + If you scale down the number of control-planes nodes, the removed nodes won't be able to exit the `etcd` cluster correctly. This will endanger the quorum that's required to run a stable Kubernetes control plane. diff --git a/docs/versioned_docs/version-2.9/workflows/storage.md b/docs/versioned_docs/version-2.9/workflows/storage.md index 9e3d96346..06fbc4de6 100644 --- a/docs/versioned_docs/version-2.9/workflows/storage.md +++ b/docs/versioned_docs/version-2.9/workflows/storage.md @@ -21,30 +21,30 @@ For more details see [encrypted persistent storage](../architecture/encrypted-st Constellation supports the following drivers, which offer node-level encryption and optional integrity protection. - - + + **Constellation CSI driver for Azure Disk**: Mount Azure [Disk Storage](https://azure.microsoft.com/en-us/services/storage/disks/#overview) into your Constellation cluster. See the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-azuredisk-csi-driver) for more information. Since Azure Disks are mounted as `ReadWriteOnce`, they're only available to a single pod. - - + + **Constellation CSI driver for GCP Persistent Disk**: Mount [Persistent Disk](https://cloud.google.com/persistent-disk) block storage into your Constellation cluster. Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-gcp-compute-persistent-disk-csi-driver) for more information. - - + + **Constellation CSI driver for AWS Elastic Block Store** Mount [Elastic Block Store](https://aws.amazon.com/ebs/) storage volumes into your Constellation cluster. Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-aws-ebs-csi-driver) for more information. - - + + Note that in case the options above aren't a suitable solution for you, Constellation is compatible with all other CSI-based storage options. For example, you can use [AWS EFS](https://docs.aws.amazon.com/en_en/eks/latest/userguide/efs-csi.html), [Azure Files](https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction), or [GCP Filestore](https://cloud.google.com/filestore) with Constellation out of the box. Constellation is just not providing transparent encryption on the node level for these storage types yet. @@ -53,8 +53,8 @@ Note that in case the options above aren't a suitable solution for you, Constell The Constellation CLI automatically installs Constellation's CSI driver for the selected CSP in your cluster. If you don't need a CSI driver or wish to deploy your own, you can disable the automatic installation by setting `deployCSIDriver` to `false` in your Constellation config file. - - + + Azure comes with two storage classes by default. @@ -82,8 +82,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + GCP comes with two storage classes by default. @@ -111,8 +111,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + AWS comes with two storage classes by default. @@ -140,8 +140,8 @@ Note that volume expansion isn't supported for integrity-protected disks. ::: - - + + 1. Create a [persistent volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) diff --git a/docs/versioned_docs/version-2.9/workflows/terminate.md b/docs/versioned_docs/version-2.9/workflows/terminate.md index 6c1eebb14..f33489ca5 100644 --- a/docs/versioned_docs/version-2.9/workflows/terminate.md +++ b/docs/versioned_docs/version-2.9/workflows/terminate.md @@ -16,8 +16,8 @@ All ephemeral storage and state of your cluster will be lost. Make sure any data ::: - - + + Terminate the cluster by running: ```bash @@ -40,8 +40,8 @@ resources manually. Just run the `terminate` command again afterward to continue ::: - - + + Terminate the cluster by running: ```bash @@ -56,5 +56,5 @@ rm constellation-id.json constellation-admin.conf Only the `constellation-mastersecret.json` and the configuration file remain. - - + + diff --git a/docs/versioned_docs/version-2.9/workflows/troubleshooting.md b/docs/versioned_docs/version-2.9/workflows/troubleshooting.md index 2ddf3335d..cd095be28 100644 --- a/docs/versioned_docs/version-2.9/workflows/troubleshooting.md +++ b/docs/versioned_docs/version-2.9/workflows/troubleshooting.md @@ -75,8 +75,8 @@ To provide information during early stages of a node's boot process, Constellati You can view this information in the following places: - - + + 1. In your Azure subscription find the Constellation resource group. 2. Inside the resource group find the Application Insights resource called `constellation-insights-*`. @@ -86,8 +86,8 @@ You can view this information in the following places: To **find the disk UUIDs** use the following query: `traces | where message contains "Disk UUID"` - - + + 1. Select the project that hosts Constellation. 2. Go to the `Compute Engine` service. @@ -102,16 +102,16 @@ Constellation uses the default bucket to store logs. Its [default retention peri ::: - - + + 1. Open [AWS CloudWatch](https://console.aws.amazon.com/cloudwatch/home) 2. Select [Log Groups](https://console.aws.amazon.com/cloudwatch/home#logsV2:log-groups) 3. Select the log group that matches the name of your cluster. 4. Select the log stream for control or worker type nodes. - - + + ### Node shell access From cf5d9c2f12d1a63716b3d85dda024a659c05f2d8 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 26 Aug 2024 09:18:56 +0200 Subject: [PATCH 229/380] deps: update Kubernetes versions (#3298) * deps: update Kubernetes versions * deps: tidy all modules --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci --- docs/docs/architecture/versions.md | 6 +- internal/versions/versions.go | 66 +++++++++---------- .../docs/resources/cluster.md | 2 +- 3 files changed, 37 insertions(+), 37 deletions(-) diff --git a/docs/docs/architecture/versions.md b/docs/docs/architecture/versions.md index 85d35e6a9..7f85a6f24 100644 --- a/docs/docs/architecture/versions.md +++ b/docs/docs/architecture/versions.md @@ -16,6 +16,6 @@ Subsequent Constellation releases drop support for the oldest (and deprecated) K The following Kubernetes versions are currently supported: -* v1.28.11 -* v1.29.6 -* v1.30.2 +* v1.28.12 +* v1.29.7 +* v1.30.3 diff --git a/internal/versions/versions.go b/internal/versions/versions.go index 445f0ab73..4141f0476 100644 --- a/internal/versions/versions.go +++ b/internal/versions/versions.go @@ -181,11 +181,11 @@ const ( // currently supported versions. //nolint:revive - V1_28 ValidK8sVersion = "v1.28.11" // renovate:kubernetes-release + V1_28 ValidK8sVersion = "v1.28.12" // renovate:kubernetes-release //nolint:revive - V1_29 ValidK8sVersion = "v1.29.6" // renovate:kubernetes-release + V1_29 ValidK8sVersion = "v1.29.7" // renovate:kubernetes-release //nolint:revive - V1_30 ValidK8sVersion = "v1.30.2" // renovate:kubernetes-release + V1_30 ValidK8sVersion = "v1.30.3" // renovate:kubernetes-release // Default k8s version deployed by Constellation. Default ValidK8sVersion = V1_29 @@ -198,7 +198,7 @@ const ( // VersionConfigs holds download URLs for all required kubernetes components for every supported version. var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ V1_28: { - ClusterVersion: "v1.28.11", // renovate:kubernetes-release + ClusterVersion: "v1.28.12", // renovate:kubernetes-release KubernetesComponents: components.Components{ { Url: "https://github.com/containernetworking/plugins/releases/download/v1.4.0/cni-plugins-linux-amd64-v1.4.0.tgz", // renovate:cni-plugins-release @@ -213,33 +213,33 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ Extract: true, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.28.11/bin/linux/amd64/kubelet", // renovate:kubernetes-release - Hash: "sha256:230f0634ea42a54a6c96771f12eecd6cadfe0b76ab41c3bc39aa7cbbe4dfb12e", + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.28.12/bin/linux/amd64/kubelet", // renovate:kubernetes-release + Hash: "sha256:4648ae155b1ab05ab8dbef417bde4d5acfcd5ad32e8d1e3209006b40c440a56c", InstallPath: constants.KubeletPath, Extract: false, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.28.11/bin/linux/amd64/kubeadm", // renovate:kubernetes-release - Hash: "sha256:1f2c7c69736698aa13a59c6705ac26b7b6752d9651330605369357c1ac99c7c6", + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.28.12/bin/linux/amd64/kubeadm", // renovate:kubernetes-release + Hash: "sha256:3ffcf5100c6bca3dd0a6c317c744dd97fe497c7c4aefe468321171f940d34971", InstallPath: constants.KubeadmPath, Extract: false, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.28.11/bin/linux/amd64/kubectl", // renovate:kubernetes-release - Hash: "sha256:1dba63e1a5c9520fc516c6e817924d927b9b83b8e08254c8fe2a2edb65da7a9c", + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.28.12/bin/linux/amd64/kubectl", // renovate:kubernetes-release + Hash: "sha256:e8aee7c9206c00062ced394418a17994b58f279a93a1be1143b08afe1758a3a2", InstallPath: constants.KubectlPath, Extract: false, }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjI4LjExQHNoYTI1NjphZWM5ZDE3MDFjMzA0ZWVlODYwN2Q3MjhhMzliYWFhNTExZDY1YmVmNmRkOTg2MTAxMDYxOGY2M2ZiYWRlYjEwIn1d", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjI4LjEyQHNoYTI1NjphYzNiNjg3NmQ5NWZlN2I3NjkxZTY5ZjIxNjFhNTQ2NmFkYmU5ZDcyZDQ0ZjM0MmQ1OTU2NzQzMjFjZTE2ZDIzIn1d", InstallPath: patchFilePath("kube-apiserver"), }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjI4LjExQHNoYTI1Njo2MDE0YzM1NzJlYzY4Mzg0MWJiYjE2Zjg3Yjk0ZGEyOGVlMDI1NGI5NWUyZGJhMmQxODUwZDYyYmQwMTExZjA5In1d", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjI4LjEyQHNoYTI1Njo5OTZjNjI1OWU0NDA1YWI3OTA4M2ZiYjUyYmNmNTMwMDM2OTFhNTBiNTc5ODYyYmYyOWIzYWJhYTQ2ODQ2MGRiIn1d", InstallPath: patchFilePath("kube-controller-manager"), }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjI4LjExQHNoYTI1Njo0NmNmNzQ3NWM4ZGFmZmI3NDNjODU2YTFhZWEwZGRlYTM1ZTVhY2QyNDE4YmUxOGIxZTIyY2Y5OGQ5YzliNDQ1In1d", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjI4LjEyQHNoYTI1NjpkOTNhM2I1OTYxMjQ4ODIwYmViNWVjNmRmYjAzMjBkMTJjMGRiYTgyZmM0ODY5M2QyMGQzNDU3NTQ4ODM1NTFjIn1d", InstallPath: patchFilePath("kube-scheduler"), }, { @@ -265,7 +265,7 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.28.6@sha256:acfc7fe7543f4cf2fcf8156145925bee76eb6c602bb0b8e155456c6818fe8335", // renovate:container }, V1_29: { - ClusterVersion: "v1.29.6", // renovate:kubernetes-release + ClusterVersion: "v1.29.7", // renovate:kubernetes-release KubernetesComponents: components.Components{ { Url: "https://github.com/containernetworking/plugins/releases/download/v1.4.0/cni-plugins-linux-amd64-v1.4.0.tgz", // renovate:cni-plugins-release @@ -280,33 +280,33 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ Extract: true, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.29.6/bin/linux/amd64/kubelet", // renovate:kubernetes-release - Hash: "sha256:a946789d4fef64e6f5905dbd7dca01d4c3abd302d0da7958fdaa924fe2729c0b", + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.29.7/bin/linux/amd64/kubelet", // renovate:kubernetes-release + Hash: "sha256:f16329e64f5b2204c1cb906f694abebb7f6869d56e6e8b60b54afa0057006b84", InstallPath: constants.KubeletPath, Extract: false, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.29.6/bin/linux/amd64/kubeadm", // renovate:kubernetes-release - Hash: "sha256:8f1e04079e614dd549e36be8114ee7022517d646ea715b5778e7c6ab353eb354", + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.29.7/bin/linux/amd64/kubeadm", // renovate:kubernetes-release + Hash: "sha256:7699c6f06fbc8e813766b8237de69a095ad820fe484856ffd921a7894b5af605", InstallPath: constants.KubeadmPath, Extract: false, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.29.6/bin/linux/amd64/kubectl", // renovate:kubernetes-release - Hash: "sha256:339553c919874ebe3b719e9e1fcd68b55bc8875f9b5a005cf4c028738d54d309", + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.29.7/bin/linux/amd64/kubectl", // renovate:kubernetes-release + Hash: "sha256:e3df008ef60ea50286ea93c3c40a020e178a338cea64a185b4e21792d88c75d6", InstallPath: constants.KubectlPath, Extract: false, }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjI5LjZAc2hhMjU2OmY0ZDk5M2IzZDczY2MwZDU5NTU4YmU1ODRiNWI0MDc4NWI0YTk2ODc0YmM3Njg3M2I2OWQxZGQ4MTg0ODVlNzAifV0=", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjI5LjdAc2hhMjU2OjdiMTA0NzcxYzEzYjllMzUzNzg0NmMzZjY5NDkwMDA3ODVlMWZiYzY2ZDA3ZjEyM2ViY2VhMjJjOGViOTE4YjMifV0=", InstallPath: patchFilePath("kube-apiserver"), }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjI5LjZAc2hhMjU2OjY5MmZjM2Y4OGE2MGIzYWZjNzY0OTJhZDM0NzMwNmQzNDA0MjAwMGY1NmYyMzA5NTllOTM2N2ZkNTljNDhiMWUifV0=", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjI5LjdAc2hhMjU2OmUzMzU2ZjA3OGY3Y2U3Mjk4NDM4NWQ0Y2E1ZTcyNmE4Y2IwNWNlMzU1ZDZiMTU4ZjQxYWE5YjVkYmFmZjliMTkifV0=", InstallPath: patchFilePath("kube-controller-manager"), }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjI5LjZAc2hhMjU2OmI5MWE0ZTQ1ZGViZDBkNTMzNmQ5ZjUzM2FlZmRmNDdkNGIzOWIyNDA3MWZlYjQ1OWU1MjE3MDliOWU0ZWMyNGYifV0=", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjI5LjdAc2hhMjU2OmM2MjAzZmJjMTAyY2M4MGE3ZDkzNDk0NmI3ZWFjYjc0OTE0ODBhNjVkYjU2ZGIyMDNjYjMwMzVkZWVjYWFhMzkifV0=", InstallPath: patchFilePath("kube-scheduler"), }, { @@ -332,7 +332,7 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.29.4@sha256:786728c85787a58c6376b47d2e22cc04db3ecfdd73a52b5b9be20fd869abce2f", // renovate:container }, V1_30: { - ClusterVersion: "v1.30.2", // renovate:kubernetes-release + ClusterVersion: "v1.30.3", // renovate:kubernetes-release KubernetesComponents: components.Components{ { Url: "https://github.com/containernetworking/plugins/releases/download/v1.4.0/cni-plugins-linux-amd64-v1.4.0.tgz", // renovate:cni-plugins-release @@ -347,33 +347,33 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ Extract: true, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.30.2/bin/linux/amd64/kubelet", // renovate:kubernetes-release - Hash: "sha256:6923abe67ef069afca61c71c585023840426e802b198298055af3a82e11a4e52", + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.30.3/bin/linux/amd64/kubelet", // renovate:kubernetes-release + Hash: "sha256:9a37ddd5ea026639b7d85e98fa742e392df7aa5ec917bed0711a451613de3c1c", InstallPath: constants.KubeletPath, Extract: false, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.30.2/bin/linux/amd64/kubeadm", // renovate:kubernetes-release - Hash: "sha256:672b0cae2accce5eac10a1fe4ea6b166e5b518c79ccf71a2fbe7b53c2ca74062", + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.30.3/bin/linux/amd64/kubeadm", // renovate:kubernetes-release + Hash: "sha256:bb78c2a27027278ee644d523f583ed7fdba48b4fbf31e3cfb0e309b6457dda69", InstallPath: constants.KubeadmPath, Extract: false, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.30.2/bin/linux/amd64/kubectl", // renovate:kubernetes-release - Hash: "sha256:c6e9c45ce3f82c90663e3c30db3b27c167e8b19d83ed4048b61c1013f6a7c66e", + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.30.3/bin/linux/amd64/kubectl", // renovate:kubernetes-release + Hash: "sha256:abd83816bd236b266c3643e6c852b446f068fe260f3296af1a25b550854ec7e5", InstallPath: constants.KubectlPath, Extract: false, }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjMwLjJAc2hhMjU2OjM0MGFiNGExZDY2YTYwNjMwYTdhMjk4YWEwYjI1NzZmY2Q4MmU1MWVjZGRkYjc1MWNmNjFlNWQzODQ2ZmRlMmQifV0=", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjMwLjNAc2hhMjU2OmEzNmQ1NTg4MzVlNDg5NTBmNmQxM2IxZWRiZTIwNjA1YjhkZmJjODFlMDg4ZjU4MjIxNzk2NjMxZTEwNzk2NmMifV0=", InstallPath: patchFilePath("kube-apiserver"), }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjMwLjJAc2hhMjU2OjRjNDEyYmMxZmM1ODVkZGViYTEwZDM0YTAyZTc1MDdlYTc4N2VjMmM1NzI1NmQ0YzE4ZmQyMzAzNzdhYjA0OGUifV0=", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjMwLjNAc2hhMjU2OmVmZjQzZGE1NWEyOWE1ZTY2ZWM5NDgwZjI4MjMzZDczM2E2YTg0MzNiN2E0NmY2ZThjMDcwODZmYTRlZjY5YjcifV0=", InstallPath: patchFilePath("kube-controller-manager"), }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjMwLjJAc2hhMjU2OjBlZDc1YTMzMzcwNGY1ZDMxNTM5NWM2ZWMwNGQ3YWY3NDA1NzE1NTM3MDY5YjY1ZDQwYjQzZWMxYzhlMDMwYmMifV0=", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjMwLjNAc2hhMjU2OjIxNDdhYjVkMmM3M2RkODRlMjgzMzJmY2JlZTY4MjZkMTY0OGVlZDMwYTUzMWE1MmE5NjUwMWIzN2Q3ZWU0ZTQifV0=", InstallPath: patchFilePath("kube-scheduler"), }, { diff --git a/terraform-provider-constellation/docs/resources/cluster.md b/terraform-provider-constellation/docs/resources/cluster.md index 2e03b2c0e..c81f36588 100644 --- a/terraform-provider-constellation/docs/resources/cluster.md +++ b/terraform-provider-constellation/docs/resources/cluster.md @@ -69,7 +69,7 @@ resource "constellation_cluster" "azure_example" { See the [full list of CSPs](https://docs.edgeless.systems/constellation/overview/clouds) that Constellation supports. - `image` (Attributes) Constellation OS Image to use on the nodes. (see [below for nested schema](#nestedatt--image)) - `init_secret` (String) Secret used for initialization of the cluster. -- `kubernetes_version` (String) The Kubernetes version to use for the cluster. The supported versions are [v1.28.11 v1.29.6 v1.30.2]. +- `kubernetes_version` (String) The Kubernetes version to use for the cluster. The supported versions are [v1.28.12 v1.29.7 v1.30.3]. - `master_secret` (String) Hex-encoded 32-byte master secret for the cluster. - `master_secret_salt` (String) Hex-encoded 32-byte master secret salt for the cluster. - `measurement_salt` (String) Hex-encoded 32-byte measurement salt for the cluster. From 5efa7ffefb1c31da8efd3d30c76a1728a1c0404f Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Mon, 26 Aug 2024 09:19:10 +0200 Subject: [PATCH 230/380] image: update locked rpms (#3324) Co-authored-by: edgelessci --- image/mirror/SHA256SUMS | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/image/mirror/SHA256SUMS b/image/mirror/SHA256SUMS index b10931bc4..72fe21cbb 100644 --- a/image/mirror/SHA256SUMS +++ b/image/mirror/SHA256SUMS @@ -249,8 +249,8 @@ c728dbd90872b7597a8ace70a70555bff576231bb6dbde14b75626d601706af8 p11-kit-trust- 5981cdaf35f2ea96236eaccf1ce476379e51e5883ce57343a7727626e9fd9da3 pam-libs-1.6.1-3.fc40.i686.rpm fb85b93438336461a0b2b878158e552d30b6fb663404475eb0a050b35fd5d35f pam-libs-1.6.1-3.fc40.x86_64.rpm 9bbce784622e02af0371ced8e9a7d26adba7eabd66ecfcb8bbe2d24cf616e3c1 parted-3.6-4.fc40.x86_64.rpm -e2aa0ef50a4b321131b8d9c73e5fdf9b77929158fa0642490f0963a39fca8a0e passt-0^20240814.g61c0b0d-1.fc40.x86_64.rpm -49cce314c70cbfbacd72c3c6a55b379afa7ea11ad76e0696dad706509c1343f9 passt-selinux-0^20240814.g61c0b0d-1.fc40.noarch.rpm +f589c505169ab06a3249b4db7c5f4929fa5049a08950cbdda234223681633148 passt-0^20240821.g1d6142f-1.fc40.x86_64.rpm +9bd649835a1e9e211d46411986f3ad9159578572e9ac334678c5ff5aa34556cd passt-selinux-0^20240821.g1d6142f-1.fc40.noarch.rpm a0fb808d6b7ff8cd9cfdc1a60f213851cecdcace334d6e5aa1e0e54b81d79a25 pcre2-10.44-1.fc40.i686.rpm 73e50df09266fcffda9c24a3738f579dd365c2c187c294da054ef9915edc3851 pcre2-10.44-1.fc40.x86_64.rpm dbec699e88d42fc6fb1df0a8c0b9023941ed1b1b7625694253a612eaf9f2691d pcre2-syntax-10.44-1.fc40.noarch.rpm @@ -260,7 +260,7 @@ f796a31cad58f4ebea8787020868581d9a721297ee0ef6a7c63a7f8444f60c17 pcsc-lite-libs 5443db8875acc0c1c436dbe1ed62b776543e049b8d9c7e33198379d367814093 pigz-2.8-4.fc40.x86_64.rpm cb7c5036f1d25c696de23a6670cb64caec9945116fb0c9a93555414746ecf253 pinentry-1.3.0-2.fc40.x86_64.rpm bbb4abafa9f7664e21350b56d49af2c928288e6d4dd68c304c4ab5d45b2c8ad7 pkcs11-provider-0.3-2.fc40.x86_64.rpm -bddbd4b95e7aad221499e512bf2f1e2484339d3f1aac2b3c7575f0c4547f5753 podman-5.2.0-1.fc40.x86_64.rpm +5f47e12ae5b4a65b7624ab2099cbaac7610e68566b5333a3149ab1b913429f80 podman-5.2.1-1.fc40.x86_64.rpm fc0270713aefd482937adc4d6905f806760ea54c70379cb675be521251e5a177 policycoreutils-3.6-3.fc40.x86_64.rpm 30a4f9d3631aaa1280c93ce4305847a9773973aa312e1802d1cd676cb2421689 polkit-124-2.fc40.x86_64.rpm f47bc65177a8b160916c00df9c84442afa1dd353880b3c0503d5a0b052d4956c polkit-libs-124-2.fc40.x86_64.rpm From a54b59ab2541b8d977e557e893019ee14c6af3c4 Mon Sep 17 00:00:00 2001 From: Moritz Eckert Date: Mon, 26 Aug 2024 12:54:58 +0200 Subject: [PATCH 231/380] docs: remove deprecated master-secret flag from recovery (#3326) --- docs/docs/workflows/recovery.md | 2 +- docs/versioned_docs/version-2.17/workflows/recovery.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/docs/workflows/recovery.md b/docs/docs/workflows/recovery.md index 50cd7ee72..592ae247b 100644 --- a/docs/docs/workflows/recovery.md +++ b/docs/docs/workflows/recovery.md @@ -162,7 +162,7 @@ Recovering a cluster requires the following parameters: A cluster can be recovered like this: ```bash -$ constellation recover --master-secret constellation-mastersecret.json +$ constellation recover Pushed recovery key. Pushed recovery key. Pushed recovery key. diff --git a/docs/versioned_docs/version-2.17/workflows/recovery.md b/docs/versioned_docs/version-2.17/workflows/recovery.md index 50cd7ee72..592ae247b 100644 --- a/docs/versioned_docs/version-2.17/workflows/recovery.md +++ b/docs/versioned_docs/version-2.17/workflows/recovery.md @@ -162,7 +162,7 @@ Recovering a cluster requires the following parameters: A cluster can be recovered like this: ```bash -$ constellation recover --master-secret constellation-mastersecret.json +$ constellation recover Pushed recovery key. Pushed recovery key. Pushed recovery key. From 6e6ea1a9d543e5b6f6e68e3e33d1dbdd3bb2f862 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 26 Aug 2024 13:46:46 +0200 Subject: [PATCH 232/380] deps: update Kubernetes versions (#3325) * deps: update Kubernetes versions * deps: tidy all modules --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci --- docs/docs/architecture/versions.md | 6 +- internal/versions/versions.go | 66 +++++++++---------- .../docs/resources/cluster.md | 2 +- 3 files changed, 37 insertions(+), 37 deletions(-) diff --git a/docs/docs/architecture/versions.md b/docs/docs/architecture/versions.md index 7f85a6f24..30d9d28e2 100644 --- a/docs/docs/architecture/versions.md +++ b/docs/docs/architecture/versions.md @@ -16,6 +16,6 @@ Subsequent Constellation releases drop support for the oldest (and deprecated) K The following Kubernetes versions are currently supported: -* v1.28.12 -* v1.29.7 -* v1.30.3 +* v1.28.13 +* v1.29.8 +* v1.30.4 diff --git a/internal/versions/versions.go b/internal/versions/versions.go index 4141f0476..8079ea36c 100644 --- a/internal/versions/versions.go +++ b/internal/versions/versions.go @@ -181,11 +181,11 @@ const ( // currently supported versions. //nolint:revive - V1_28 ValidK8sVersion = "v1.28.12" // renovate:kubernetes-release + V1_28 ValidK8sVersion = "v1.28.13" // renovate:kubernetes-release //nolint:revive - V1_29 ValidK8sVersion = "v1.29.7" // renovate:kubernetes-release + V1_29 ValidK8sVersion = "v1.29.8" // renovate:kubernetes-release //nolint:revive - V1_30 ValidK8sVersion = "v1.30.3" // renovate:kubernetes-release + V1_30 ValidK8sVersion = "v1.30.4" // renovate:kubernetes-release // Default k8s version deployed by Constellation. Default ValidK8sVersion = V1_29 @@ -198,7 +198,7 @@ const ( // VersionConfigs holds download URLs for all required kubernetes components for every supported version. var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ V1_28: { - ClusterVersion: "v1.28.12", // renovate:kubernetes-release + ClusterVersion: "v1.28.13", // renovate:kubernetes-release KubernetesComponents: components.Components{ { Url: "https://github.com/containernetworking/plugins/releases/download/v1.4.0/cni-plugins-linux-amd64-v1.4.0.tgz", // renovate:cni-plugins-release @@ -213,33 +213,33 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ Extract: true, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.28.12/bin/linux/amd64/kubelet", // renovate:kubernetes-release - Hash: "sha256:4648ae155b1ab05ab8dbef417bde4d5acfcd5ad32e8d1e3209006b40c440a56c", + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.28.13/bin/linux/amd64/kubelet", // renovate:kubernetes-release + Hash: "sha256:9b9cc3a19551ade6f3d98ad3acf0a2b65a27ef575bd089f115f8bb80791f3900", InstallPath: constants.KubeletPath, Extract: false, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.28.12/bin/linux/amd64/kubeadm", // renovate:kubernetes-release - Hash: "sha256:3ffcf5100c6bca3dd0a6c317c744dd97fe497c7c4aefe468321171f940d34971", + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.28.13/bin/linux/amd64/kubeadm", // renovate:kubernetes-release + Hash: "sha256:f23e9586811312998bc5e8847f6df52fc04809aed8c2c2fd750f2c42b3f87192", InstallPath: constants.KubeadmPath, Extract: false, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.28.12/bin/linux/amd64/kubectl", // renovate:kubernetes-release - Hash: "sha256:e8aee7c9206c00062ced394418a17994b58f279a93a1be1143b08afe1758a3a2", + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.28.13/bin/linux/amd64/kubectl", // renovate:kubernetes-release + Hash: "sha256:d7d363dd5a4c95444329bc5239b8718ebe84a043052958b2f15ee2feef9a28c6", InstallPath: constants.KubectlPath, Extract: false, }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjI4LjEyQHNoYTI1NjphYzNiNjg3NmQ5NWZlN2I3NjkxZTY5ZjIxNjFhNTQ2NmFkYmU5ZDcyZDQ0ZjM0MmQ1OTU2NzQzMjFjZTE2ZDIzIn1d", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjI4LjEzQHNoYTI1Njo3ZDJjOTI1NmFkNTc2YTBiMzc0NWI3NDllZmU3ZjRmYThiMjc2ZWM3ZWY0NDhmYzBmNDU3OTRjYTc4ZWI4NjI1In1d", InstallPath: patchFilePath("kube-apiserver"), }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjI4LjEyQHNoYTI1Njo5OTZjNjI1OWU0NDA1YWI3OTA4M2ZiYjUyYmNmNTMwMDM2OTFhNTBiNTc5ODYyYmYyOWIzYWJhYTQ2ODQ2MGRiIn1d", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjI4LjEzQHNoYTI1NjplN2I0NGMxNzQxZmUxODAyZDE1OWZmZGJkMGQxZjc4ZDQ4YTQxODVkN2ZiMWNkZjhhMTEyZmJiNTA2OTZmN2UxIn1d", InstallPath: patchFilePath("kube-controller-manager"), }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjI4LjEyQHNoYTI1NjpkOTNhM2I1OTYxMjQ4ODIwYmViNWVjNmRmYjAzMjBkMTJjMGRiYTgyZmM0ODY5M2QyMGQzNDU3NTQ4ODM1NTFjIn1d", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjI4LjEzQHNoYTI1NjplZmViNzkxNzE4ZjRiOWM2MmJkNjgzZjViNDAzZGE1MjBmMzY1MWNiMzZhZDlmODAwZTBmOThiNTk1YmVhZmE0In1d", InstallPath: patchFilePath("kube-scheduler"), }, { @@ -265,7 +265,7 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.28.6@sha256:acfc7fe7543f4cf2fcf8156145925bee76eb6c602bb0b8e155456c6818fe8335", // renovate:container }, V1_29: { - ClusterVersion: "v1.29.7", // renovate:kubernetes-release + ClusterVersion: "v1.29.8", // renovate:kubernetes-release KubernetesComponents: components.Components{ { Url: "https://github.com/containernetworking/plugins/releases/download/v1.4.0/cni-plugins-linux-amd64-v1.4.0.tgz", // renovate:cni-plugins-release @@ -280,33 +280,33 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ Extract: true, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.29.7/bin/linux/amd64/kubelet", // renovate:kubernetes-release - Hash: "sha256:f16329e64f5b2204c1cb906f694abebb7f6869d56e6e8b60b54afa0057006b84", + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.29.8/bin/linux/amd64/kubelet", // renovate:kubernetes-release + Hash: "sha256:df6e130928403af8b4f49f1197e26f2873a147cd0e23aa6597a26c982c652ae0", InstallPath: constants.KubeletPath, Extract: false, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.29.7/bin/linux/amd64/kubeadm", // renovate:kubernetes-release - Hash: "sha256:7699c6f06fbc8e813766b8237de69a095ad820fe484856ffd921a7894b5af605", + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.29.8/bin/linux/amd64/kubeadm", // renovate:kubernetes-release + Hash: "sha256:fe054355e0ae8dc35d868a3d3bc408ccdff0969c20bf7a231ae9b71484e41be3", InstallPath: constants.KubeadmPath, Extract: false, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.29.7/bin/linux/amd64/kubectl", // renovate:kubernetes-release - Hash: "sha256:e3df008ef60ea50286ea93c3c40a020e178a338cea64a185b4e21792d88c75d6", + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.29.8/bin/linux/amd64/kubectl", // renovate:kubernetes-release + Hash: "sha256:038454e0d79748aab41668f44ca6e4ac8affd1895a94f592b9739a0ae2a5f06a", InstallPath: constants.KubectlPath, Extract: false, }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjI5LjdAc2hhMjU2OjdiMTA0NzcxYzEzYjllMzUzNzg0NmMzZjY5NDkwMDA3ODVlMWZiYzY2ZDA3ZjEyM2ViY2VhMjJjOGViOTE4YjMifV0=", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjI5LjhAc2hhMjU2OjZmNzJmYTkyNmM5YjA1ZTEwNjI5ZmUxYTA5MmZkMjhkY2Q2NWI0ZmRmZDBjYzdiZDU1Zjg1YTU3YTZiYTFmYTUifV0=", InstallPath: patchFilePath("kube-apiserver"), }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjI5LjdAc2hhMjU2OmUzMzU2ZjA3OGY3Y2U3Mjk4NDM4NWQ0Y2E1ZTcyNmE4Y2IwNWNlMzU1ZDZiMTU4ZjQxYWE5YjVkYmFmZjliMTkifV0=", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjI5LjhAc2hhMjU2OjZmMjdkNjNkZWQyMDYxNGM2ODU1NGI0NzdjZDdhNzhlZGE3OGE0OThhOTJiZmU4OTM1Y2Y5NjRjYTViNzRkMGIifV0=", InstallPath: patchFilePath("kube-controller-manager"), }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjI5LjdAc2hhMjU2OmM2MjAzZmJjMTAyY2M4MGE3ZDkzNDk0NmI3ZWFjYjc0OTE0ODBhNjVkYjU2ZGIyMDNjYjMwMzVkZWVjYWFhMzkifV0=", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjI5LjhAc2hhMjU2OmRhNzRhNjY2NzVkOTVlMzllYzI1ZGE1ZTcwNzI5ZGE3NDZkMGZhMGIxNWVlMGRhODcyYWM5ODA1MTliYzI4YmQifV0=", InstallPath: patchFilePath("kube-scheduler"), }, { @@ -332,7 +332,7 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.29.4@sha256:786728c85787a58c6376b47d2e22cc04db3ecfdd73a52b5b9be20fd869abce2f", // renovate:container }, V1_30: { - ClusterVersion: "v1.30.3", // renovate:kubernetes-release + ClusterVersion: "v1.30.4", // renovate:kubernetes-release KubernetesComponents: components.Components{ { Url: "https://github.com/containernetworking/plugins/releases/download/v1.4.0/cni-plugins-linux-amd64-v1.4.0.tgz", // renovate:cni-plugins-release @@ -347,33 +347,33 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ Extract: true, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.30.3/bin/linux/amd64/kubelet", // renovate:kubernetes-release - Hash: "sha256:9a37ddd5ea026639b7d85e98fa742e392df7aa5ec917bed0711a451613de3c1c", + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.30.4/bin/linux/amd64/kubelet", // renovate:kubernetes-release + Hash: "sha256:0c02c0f997b3e9769eae7ca051856054411fca947b3d5409d991ce1964dd0e69", InstallPath: constants.KubeletPath, Extract: false, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.30.3/bin/linux/amd64/kubeadm", // renovate:kubernetes-release - Hash: "sha256:bb78c2a27027278ee644d523f583ed7fdba48b4fbf31e3cfb0e309b6457dda69", + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.30.4/bin/linux/amd64/kubeadm", // renovate:kubernetes-release + Hash: "sha256:6c6053fb8b31030ef7fffe146eb29489f7bf53d7a5ca10e0b10c907bf4b7e281", InstallPath: constants.KubeadmPath, Extract: false, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.30.3/bin/linux/amd64/kubectl", // renovate:kubernetes-release - Hash: "sha256:abd83816bd236b266c3643e6c852b446f068fe260f3296af1a25b550854ec7e5", + Url: "https://storage.googleapis.com/kubernetes-release/release/v1.30.4/bin/linux/amd64/kubectl", // renovate:kubernetes-release + Hash: "sha256:2ffd023712bbc1a9390dbd8c0c15201c165a69d394787ef03eda3eccb4b9ac06", InstallPath: constants.KubectlPath, Extract: false, }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjMwLjNAc2hhMjU2OmEzNmQ1NTg4MzVlNDg5NTBmNmQxM2IxZWRiZTIwNjA1YjhkZmJjODFlMDg4ZjU4MjIxNzk2NjMxZTEwNzk2NmMifV0=", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjMwLjRAc2hhMjU2OjdiMGM0YTk1OWFhZWU1NjYwZTEyMzQ0NTJkYzMxMjMzMTAyMzFiOWY5MmQyOWViZDE3NWM4NmRjOWY3OTdlZTcifV0=", InstallPath: patchFilePath("kube-apiserver"), }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjMwLjNAc2hhMjU2OmVmZjQzZGE1NWEyOWE1ZTY2ZWM5NDgwZjI4MjMzZDczM2E2YTg0MzNiN2E0NmY2ZThjMDcwODZmYTRlZjY5YjcifV0=", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjMwLjRAc2hhMjU2Ojk5MmNjY2JmNjUyZmE5NTFjMWEzZDQxYjBjMTAzM2FlMGJmNjRmMzNkYTAzZDUwMzk1MjgyYzU1MTkwMGFmOWUifV0=", InstallPath: patchFilePath("kube-controller-manager"), }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjMwLjNAc2hhMjU2OjIxNDdhYjVkMmM3M2RkODRlMjgzMzJmY2JlZTY4MjZkMTY0OGVlZDMwYTUzMWE1MmE5NjUwMWIzN2Q3ZWU0ZTQifV0=", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjMwLjRAc2hhMjU2OjM3ZWFlZWU1YmNhOGRhMzRhZDNkMzZlMzc1ODZkZDI5ZjVlZGIxZTI5MjdlNzY0NGRmYjExM2U3MDA2MmJkYTgifV0=", InstallPath: patchFilePath("kube-scheduler"), }, { diff --git a/terraform-provider-constellation/docs/resources/cluster.md b/terraform-provider-constellation/docs/resources/cluster.md index c81f36588..e4a4f963a 100644 --- a/terraform-provider-constellation/docs/resources/cluster.md +++ b/terraform-provider-constellation/docs/resources/cluster.md @@ -69,7 +69,7 @@ resource "constellation_cluster" "azure_example" { See the [full list of CSPs](https://docs.edgeless.systems/constellation/overview/clouds) that Constellation supports. - `image` (Attributes) Constellation OS Image to use on the nodes. (see [below for nested schema](#nestedatt--image)) - `init_secret` (String) Secret used for initialization of the cluster. -- `kubernetes_version` (String) The Kubernetes version to use for the cluster. The supported versions are [v1.28.12 v1.29.7 v1.30.3]. +- `kubernetes_version` (String) The Kubernetes version to use for the cluster. The supported versions are [v1.28.13 v1.29.8 v1.30.4]. - `master_secret` (String) Hex-encoded 32-byte master secret for the cluster. - `master_secret_salt` (String) Hex-encoded 32-byte master secret salt for the cluster. - `measurement_salt` (String) Hex-encoded 32-byte measurement salt for the cluster. From c11631ec11ed695d5ed02e57812b52dd15c90dd9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Thu, 29 Aug 2024 10:44:22 +0200 Subject: [PATCH 233/380] logging: reduce grpc logging noise (#3329) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Normalize gRPC logs to print at warn level only * Fix grpcLogger level enablement --------- Signed-off-by: Daniel Weiße --- bootstrapper/cmd/bootstrapper/main.go | 6 +---- .../internal/initserver/initserver.go | 2 +- debugd/internal/debugd/server/server.go | 4 +-- .../internal/recoveryserver/recoveryserver.go | 2 +- internal/logger/grpclogger.go | 22 +++++++++------- internal/logger/levelhandler.go | 26 +++++++++---------- internal/logger/log.go | 5 ++++ joinservice/internal/server/server.go | 5 ++-- keyservice/internal/server/server.go | 6 +++-- upgrade-agent/cmd/main.go | 6 +---- upgrade-agent/internal/server/server.go | 2 +- verify/server/server.go | 5 ++-- 12 files changed, 48 insertions(+), 43 deletions(-) diff --git a/bootstrapper/cmd/bootstrapper/main.go b/bootstrapper/cmd/bootstrapper/main.go index 23b2cf474..ebd5a82c5 100644 --- a/bootstrapper/cmd/bootstrapper/main.go +++ b/bootstrapper/cmd/bootstrapper/main.go @@ -46,11 +46,7 @@ func main() { verbosity := flag.Int("v", 0, logger.CmdLineVerbosityDescription) flag.Parse() log := logger.NewJSONLogger(logger.VerbosityFromInt(*verbosity)).WithGroup("bootstrapper") - logger.ReplaceGRPCLogger( - slog.New( - logger.NewLevelHandler(logger.VerbosityFromInt(*verbosity), log.Handler()), - ).WithGroup("gRPC"), - ) + logger.ReplaceGRPCLogger(logger.GRPCLogger(log)) ctx, cancel := context.WithCancel(context.Background()) defer cancel() diff --git a/bootstrapper/internal/initserver/initserver.go b/bootstrapper/internal/initserver/initserver.go index 9c2ef36a9..a65a5f8b7 100644 --- a/bootstrapper/internal/initserver/initserver.go +++ b/bootstrapper/internal/initserver/initserver.go @@ -109,7 +109,7 @@ func New( grpcServer := grpc.NewServer( grpc.Creds(atlscredentials.New(issuer, nil)), grpc.KeepaliveParams(keepalive.ServerParameters{Time: 15 * time.Second}), - logger.GetServerUnaryInterceptor(log.WithGroup("gRPC")), + logger.GetServerUnaryInterceptor(logger.GRPCLogger(log)), ) initproto.RegisterAPIServer(grpcServer, server) diff --git a/debugd/internal/debugd/server/server.go b/debugd/internal/debugd/server/server.go index a644e7c9d..64bbbc042 100644 --- a/debugd/internal/debugd/server/server.go +++ b/debugd/internal/debugd/server/server.go @@ -157,8 +157,8 @@ func Start(log *slog.Logger, wg *sync.WaitGroup, serv pb.DebugdServer) { go func() { defer wg.Done() - grpcLog := log.WithGroup("gRPC") - logger.ReplaceGRPCLogger(slog.New(logger.NewLevelHandler(slog.LevelWarn, grpcLog.Handler()))) + grpcLog := logger.GRPCLogger(log) + logger.ReplaceGRPCLogger(grpcLog) grpcServer := grpc.NewServer( logger.GetServerStreamInterceptor(grpcLog), diff --git a/disk-mapper/internal/recoveryserver/recoveryserver.go b/disk-mapper/internal/recoveryserver/recoveryserver.go index 5234d2e63..f4a58724e 100644 --- a/disk-mapper/internal/recoveryserver/recoveryserver.go +++ b/disk-mapper/internal/recoveryserver/recoveryserver.go @@ -59,7 +59,7 @@ func New(issuer atls.Issuer, factory kmsFactory, log *slog.Logger) *RecoveryServ grpcServer := grpc.NewServer( grpc.Creds(atlscredentials.New(issuer, nil)), - logger.GetServerStreamInterceptor(log.WithGroup("gRPC")), + logger.GetServerStreamInterceptor(logger.GRPCLogger(log)), ) recoverproto.RegisterAPIServer(grpcServer, server) diff --git a/internal/logger/grpclogger.go b/internal/logger/grpclogger.go index 716b0e495..d67e4af8e 100644 --- a/internal/logger/grpclogger.go +++ b/internal/logger/grpclogger.go @@ -19,24 +19,28 @@ import ( func replaceGRPCLogger(log *slog.Logger) { gl := &grpcLogger{ - logger: log.With(slog.String("system", "grpc"), slog.Bool("grpc_log", true)), + logger: log, verbosity: 0, } grpclog.SetLoggerV2(gl) } func (l *grpcLogger) log(level slog.Level, args ...interface{}) { - var pcs [1]uintptr - runtime.Callers(3, pcs[:]) - r := slog.NewRecord(time.Now(), level, fmt.Sprint(args...), pcs[0]) - _ = l.logger.Handler().Handle(context.Background(), r) + if l.logger.Enabled(context.Background(), level) { + var pcs [1]uintptr + runtime.Callers(3, pcs[:]) + r := slog.NewRecord(time.Now(), level, fmt.Sprint(args...), pcs[0]) + _ = l.logger.Handler().Handle(context.Background(), r) + } } func (l *grpcLogger) logf(level slog.Level, format string, args ...interface{}) { - var pcs [1]uintptr - runtime.Callers(3, pcs[:]) - r := slog.NewRecord(time.Now(), level, fmt.Sprintf(format, args...), pcs[0]) - _ = l.logger.Handler().Handle(context.Background(), r) + if l.logger.Enabled(context.Background(), level) { + var pcs [1]uintptr + runtime.Callers(3, pcs[:]) + r := slog.NewRecord(time.Now(), level, fmt.Sprintf(format, args...), pcs[0]) + _ = l.logger.Handler().Handle(context.Background(), r) + } } type grpcLogger struct { diff --git a/internal/logger/levelhandler.go b/internal/logger/levelhandler.go index f0e4e1544..201bc90a0 100644 --- a/internal/logger/levelhandler.go +++ b/internal/logger/levelhandler.go @@ -13,45 +13,45 @@ import ( // LevelHandler copied from the official LevelHandler example in the slog package documentation. -// LevelHandler wraps a Handler with an Enabled method +// levelHandler wraps a Handler with an Enabled method // that returns false for levels below a minimum. -type LevelHandler struct { +type levelHandler struct { level slog.Leveler handler slog.Handler } -// NewLevelHandler returns a LevelHandler with the given level. +// newLevelHandler returns a LevelHandler with the given level. // All methods except Enabled delegate to h. -func NewLevelHandler(level slog.Leveler, h slog.Handler) *LevelHandler { +func newLevelHandler(level slog.Leveler, h slog.Handler) *levelHandler { // Optimization: avoid chains of LevelHandlers. - if lh, ok := h.(*LevelHandler); ok { + if lh, ok := h.(*levelHandler); ok { h = lh.Handler() } - return &LevelHandler{level, h} + return &levelHandler{level, h} } // Enabled implements Handler.Enabled by reporting whether // level is at least as large as h's level. -func (h *LevelHandler) Enabled(_ context.Context, level slog.Level) bool { +func (h *levelHandler) Enabled(_ context.Context, level slog.Level) bool { return level >= h.level.Level() } // Handle implements Handler.Handle. -func (h *LevelHandler) Handle(ctx context.Context, r slog.Record) error { +func (h *levelHandler) Handle(ctx context.Context, r slog.Record) error { return h.handler.Handle(ctx, r) } // WithAttrs implements Handler.WithAttrs. -func (h *LevelHandler) WithAttrs(attrs []slog.Attr) slog.Handler { - return NewLevelHandler(h.level, h.handler.WithAttrs(attrs)) +func (h *levelHandler) WithAttrs(attrs []slog.Attr) slog.Handler { + return newLevelHandler(h.level, h.handler.WithAttrs(attrs)) } // WithGroup implements Handler.WithGroup. -func (h *LevelHandler) WithGroup(name string) slog.Handler { - return NewLevelHandler(h.level, h.handler.WithGroup(name)) +func (h *levelHandler) WithGroup(name string) slog.Handler { + return newLevelHandler(h.level, h.handler.WithGroup(name)) } // Handler returns the Handler wrapped by h. -func (h *LevelHandler) Handler() slog.Handler { +func (h *levelHandler) Handler() slog.Handler { return h.handler } diff --git a/internal/logger/log.go b/internal/logger/log.go index d8d62b13a..0b6426b6e 100644 --- a/internal/logger/log.go +++ b/internal/logger/log.go @@ -35,6 +35,11 @@ import ( "google.golang.org/grpc" ) +// GRPCLogger returns a logger at warn level for gRPC logging. +func GRPCLogger(l *slog.Logger) *slog.Logger { + return slog.New(newLevelHandler(slog.LevelWarn, l.Handler())).WithGroup("gRPC") +} + // ReplaceGRPCLogger replaces grpc's internal logger with the given logger. func ReplaceGRPCLogger(l *slog.Logger) { replaceGRPCLogger(l) diff --git a/joinservice/internal/server/server.go b/joinservice/internal/server/server.go index 0b8a98f10..21bb24d67 100644 --- a/joinservice/internal/server/server.go +++ b/joinservice/internal/server/server.go @@ -58,10 +58,11 @@ func New( // Run starts the gRPC server on the given port, using the provided tlsConfig. func (s *Server) Run(creds credentials.TransportCredentials, port string) error { - logger.ReplaceGRPCLogger(slog.New(logger.NewLevelHandler(slog.LevelWarn, s.log.Handler())).WithGroup("gRPC")) + grpcLog := logger.GRPCLogger(s.log) + logger.ReplaceGRPCLogger(grpcLog) grpcServer := grpc.NewServer( grpc.Creds(creds), - logger.GetServerUnaryInterceptor(s.log.WithGroup("gRPC")), + logger.GetServerUnaryInterceptor(grpcLog), ) joinproto.RegisterAPIServer(grpcServer, s) diff --git a/keyservice/internal/server/server.go b/keyservice/internal/server/server.go index b7517bceb..8ff9bed8a 100644 --- a/keyservice/internal/server/server.go +++ b/keyservice/internal/server/server.go @@ -48,9 +48,11 @@ func (s *Server) Run(port string) error { return fmt.Errorf("failed to listen on port %s: %v", port, err) } - server := grpc.NewServer(logger.GetServerUnaryInterceptor(s.log.WithGroup("gRPC"))) + grpcLog := logger.GRPCLogger(s.log) + logger.ReplaceGRPCLogger(grpcLog) + + server := grpc.NewServer(logger.GetServerUnaryInterceptor(grpcLog)) keyserviceproto.RegisterAPIServer(server, s) - logger.ReplaceGRPCLogger(slog.New(logger.NewLevelHandler(slog.LevelWarn, s.log.Handler())).WithGroup("gRPC")) // start the server s.log.Info(fmt.Sprintf("Starting Constellation key management service on %s", listener.Addr().String())) diff --git a/upgrade-agent/cmd/main.go b/upgrade-agent/cmd/main.go index fe16caa13..ba2906bc7 100644 --- a/upgrade-agent/cmd/main.go +++ b/upgrade-agent/cmd/main.go @@ -26,11 +26,7 @@ func main() { verbosity := flag.Int("v", 0, logger.CmdLineVerbosityDescription) flag.Parse() log := logger.NewJSONLogger(logger.VerbosityFromInt(*verbosity)).WithGroup("upgrade-agent") - logger.ReplaceGRPCLogger( - slog.New( - logger.NewLevelHandler(logger.VerbosityFromInt(*verbosity), log.Handler()), - ).WithGroup("gRPC"), - ) + logger.ReplaceGRPCLogger(logger.GRPCLogger(log)) handler := file.NewHandler(afero.NewOsFs()) server, err := server.New(log, handler) diff --git a/upgrade-agent/internal/server/server.go b/upgrade-agent/internal/server/server.go index ea18e3d57..1c8ff41b8 100644 --- a/upgrade-agent/internal/server/server.go +++ b/upgrade-agent/internal/server/server.go @@ -54,7 +54,7 @@ func New(log *slog.Logger, fileHandler file.Handler) (*Server, error) { } grpcServer := grpc.NewServer( - logger.GetServerUnaryInterceptor(log.WithGroup("gRPC")), + logger.GetServerUnaryInterceptor(logger.GRPCLogger(log)), ) upgradeproto.RegisterUpdateServer(grpcServer, server) diff --git a/verify/server/server.go b/verify/server/server.go index c8d7b2c82..16ab70b07 100644 --- a/verify/server/server.go +++ b/verify/server/server.go @@ -56,9 +56,10 @@ func (s *Server) Run(httpListener, grpcListener net.Listener) error { var wg sync.WaitGroup var once sync.Once - logger.ReplaceGRPCLogger(slog.New(logger.NewLevelHandler(slog.LevelWarn, s.log.Handler()).WithGroup("grpc"))) + grpcLog := logger.GRPCLogger(s.log) + logger.ReplaceGRPCLogger(grpcLog) grpcServer := grpc.NewServer( - logger.GetServerUnaryInterceptor(s.log.WithGroup("gRPC")), + logger.GetServerUnaryInterceptor(grpcLog), grpc.KeepaliveParams(keepalive.ServerParameters{Time: 15 * time.Second}), ) verifyproto.RegisterAPIServer(grpcServer, s) From 8555bd00a9925767ff6c6aefa78da579d0e7afda Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Thu, 29 Aug 2024 15:50:26 +0200 Subject: [PATCH 234/380] terraform-provider: document MAA patching more prominently (#3330) --- .../docs/data-sources/attestation.md | 3 ++- .../examples/full/azure/main.tf | 2 ++ .../internal/provider/attestation_data_source.go | 14 ++++++++++++-- 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/terraform-provider-constellation/docs/data-sources/attestation.md b/terraform-provider-constellation/docs/data-sources/attestation.md index ede4dc189..0dbf32a3d 100644 --- a/terraform-provider-constellation/docs/data-sources/attestation.md +++ b/terraform-provider-constellation/docs/data-sources/attestation.md @@ -42,7 +42,8 @@ See the [full list of CSPs](https://docs.edgeless.systems/constellation/overview ### Optional - `insecure` (Boolean) DON'T USE IN PRODUCTION Skip the signature verification when fetching measurements for the image. -- `maa_url` (String) For Azure only, the URL of the Microsoft Azure Attestation service +- `maa_url` (String) For Azure only, the URL of the Microsoft Azure Attestation service. The MAA's policy needs to be patched manually to work with Constellation OS images. +See the [Constellation documentation](https://docs.edgeless.systems/constellation/workflows/terraform-provider#quick-setup) for more information. ### Read-Only diff --git a/terraform-provider-constellation/examples/full/azure/main.tf b/terraform-provider-constellation/examples/full/azure/main.tf index 857023874..7860f331c 100644 --- a/terraform-provider-constellation/examples/full/azure/main.tf +++ b/terraform-provider-constellation/examples/full/azure/main.tf @@ -80,6 +80,8 @@ data "constellation_attestation" "foo" { csp = local.csp attestation_variant = local.attestation_variant image = data.constellation_image.bar.image + # Needs to be patched manually, see: + # https://docs.edgeless.systems/constellation/workflows/terraform-provider#quick-setup maa_url = module.azure_infrastructure.attestation_url } diff --git a/terraform-provider-constellation/internal/provider/attestation_data_source.go b/terraform-provider-constellation/internal/provider/attestation_data_source.go index a15ace4a8..f48c24a13 100644 --- a/terraform-provider-constellation/internal/provider/attestation_data_source.go +++ b/terraform-provider-constellation/internal/provider/attestation_data_source.go @@ -98,8 +98,9 @@ func (d *AttestationDataSource) Schema(_ context.Context, _ datasource.SchemaReq "attestation_variant": newAttestationVariantAttributeSchema(attributeInput), "image": newImageAttributeSchema(attributeInput), "maa_url": schema.StringAttribute{ - MarkdownDescription: "For Azure only, the URL of the Microsoft Azure Attestation service", - Optional: true, + MarkdownDescription: `For Azure only, the URL of the Microsoft Azure Attestation service. The MAA's policy needs to be patched manually to work with Constellation OS images. +See the [Constellation documentation](https://docs.edgeless.systems/constellation/workflows/terraform-provider#quick-setup) for more information.`, + Optional: true, }, "insecure": schema.BoolAttribute{ MarkdownDescription: "DON'T USE IN PRODUCTION Skip the signature verification when fetching measurements for the image.", @@ -125,6 +126,15 @@ func (d *AttestationDataSource) ValidateConfig(ctx context.Context, req datasour ) return } + + if !data.MaaURL.IsNull() { + resp.Diagnostics.AddAttributeWarning( + path.Root("maa_url"), + "Ensure that the MAA's policy is patched", "When MAA is used, please ensure the MAA's policy is patche properly for use within Constellation. See https://docs.edgeless.systems/constellation/workflows/terraform-provider#quick-setup for more information.", + ) + return + } + if data.AttestationVariant.Equal(types.StringValue("azure-sev-snp")) && data.MaaURL.IsNull() { tflog.Info(ctx, "MAA URL not set, MAA fallback will be unavailable") } From d7bdfccdd7bb4d1c2074a39b07f866a9128b4070 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Tue, 3 Sep 2024 09:57:05 +0200 Subject: [PATCH 235/380] terraform: tidy files (#3333) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- terraform-provider-constellation/examples/full/azure/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform-provider-constellation/examples/full/azure/main.tf b/terraform-provider-constellation/examples/full/azure/main.tf index 7860f331c..0a2afd44c 100644 --- a/terraform-provider-constellation/examples/full/azure/main.tf +++ b/terraform-provider-constellation/examples/full/azure/main.tf @@ -82,7 +82,7 @@ data "constellation_attestation" "foo" { image = data.constellation_image.bar.image # Needs to be patched manually, see: # https://docs.edgeless.systems/constellation/workflows/terraform-provider#quick-setup - maa_url = module.azure_infrastructure.attestation_url + maa_url = module.azure_infrastructure.attestation_url } data "constellation_image" "bar" { From 40d0811298e8a923aeb0170142560a2619e4ef05 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Tue, 3 Sep 2024 10:43:40 +0200 Subject: [PATCH 236/380] image: update measurements and image version (#3332) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index 3a25e75e6..ce9c6d361 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x11, 0xcb, 0x1a, 0x1e, 0xef, 0x6a, 0xdd, 0x8a, 0xc6, 0x83, 0x54, 0xae, 0x03, 0xda, 0xc4, 0x8b, 0xfb, 0x62, 0x45, 0x45, 0x0d, 0x67, 0x91, 0x95, 0x82, 0xd6, 0xe8, 0xd6, 0x12, 0x25, 0x09, 0x41}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb1, 0xc1, 0x27, 0x80, 0xe3, 0x0b, 0xd7, 0xf4, 0x23, 0x62, 0x20, 0xb7, 0x71, 0x8e, 0xb4, 0xf3, 0x0e, 0xac, 0x4a, 0x3d, 0xae, 0x6b, 0x73, 0xbf, 0x54, 0x47, 0xd0, 0x1e, 0x1d, 0x7b, 0x81, 0x0a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x3d, 0xfb, 0x75, 0xc0, 0x13, 0x95, 0x71, 0x49, 0x05, 0xc0, 0x20, 0xc3, 0xae, 0xde, 0x55, 0xab, 0x20, 0xd3, 0x21, 0x9c, 0x2a, 0x89, 0xb3, 0x4e, 0x36, 0xb2, 0x27, 0x40, 0x90, 0x39, 0x9b, 0x26}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x29, 0x5d, 0x0b, 0x88, 0xf8, 0x3a, 0x6b, 0x00, 0x9d, 0x37, 0x14, 0x39, 0x41, 0x09, 0xb0, 0xf2, 0x90, 0xf6, 0x02, 0x52, 0x50, 0xd9, 0x0d, 0x7e, 0x32, 0x3f, 0x02, 0x01, 0x07, 0xfe, 0xb3, 0xeb}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x76, 0xa5, 0x20, 0x1b, 0x0b, 0x26, 0x05, 0x7b, 0xe0, 0x17, 0x0b, 0x95, 0x20, 0x31, 0xc6, 0x43, 0x21, 0x83, 0x24, 0x2f, 0xc7, 0xb3, 0x3d, 0x26, 0xce, 0xa3, 0xce, 0xc6, 0x6d, 0x3b, 0xff, 0x58}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x84, 0x23, 0xef, 0xc6, 0x9d, 0xdc, 0x45, 0x1e, 0xe9, 0xbf, 0xee, 0xfd, 0x9a, 0x44, 0xf7, 0x4a, 0x5d, 0xf5, 0xe3, 0x4b, 0x32, 0x0b, 0x9f, 0x0b, 0xaa, 0x28, 0x45, 0x78, 0xdc, 0x5c, 0x15, 0x5a}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x45, 0x0f, 0x34, 0x1b, 0x94, 0xe9, 0x2c, 0xb6, 0x29, 0xe2, 0x3e, 0x09, 0x50, 0x80, 0xcb, 0x4f, 0x59, 0xe0, 0x82, 0xac, 0xe5, 0x5a, 0x0a, 0x7d, 0x27, 0xd7, 0x08, 0x3c, 0x10, 0x6f, 0x0c, 0x90}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x52, 0xb0, 0xc4, 0xb1, 0xd8, 0x9c, 0xb7, 0xa2, 0x35, 0xde, 0xbc, 0x17, 0xd6, 0x4c, 0x49, 0xe3, 0xab, 0x5e, 0xdf, 0x18, 0x8b, 0xf8, 0x14, 0x73, 0xfb, 0x1b, 0x17, 0xdd, 0x60, 0x1d, 0xea, 0xb7}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xce, 0x98, 0x99, 0x98, 0x41, 0xfa, 0x43, 0x0d, 0x8a, 0x2c, 0x05, 0xdb, 0xff, 0x98, 0x54, 0x40, 0x94, 0x70, 0xae, 0x91, 0x1e, 0x56, 0x43, 0x18, 0xd7, 0x22, 0x71, 0xde, 0xeb, 0x11, 0x1d, 0x5e}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x15, 0x92, 0x2e, 0x0e, 0x65, 0x34, 0xcc, 0xb7, 0x4f, 0x02, 0xfe, 0xfc, 0xf3, 0x74, 0x45, 0x3c, 0x37, 0xcd, 0x1b, 0x06, 0x23, 0xc6, 0x61, 0x04, 0x75, 0x59, 0x62, 0xa5, 0xb8, 0x94, 0x75, 0x02}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x3d, 0xb5, 0xe6, 0x27, 0x03, 0x96, 0xfd, 0xda, 0xb9, 0xa2, 0x3a, 0x1f, 0x40, 0xd0, 0xca, 0x30, 0xc1, 0x0d, 0x10, 0x41, 0x51, 0x08, 0xba, 0x33, 0x2b, 0xde, 0x3a, 0xe5, 0x7f, 0x86, 0xe4, 0x05}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xfa, 0x60, 0x5d, 0x1b, 0xf0, 0x7d, 0x44, 0xbb, 0x61, 0x58, 0x75, 0xc2, 0x04, 0x17, 0x09, 0x61, 0x01, 0x60, 0xed, 0xe7, 0x32, 0xd6, 0x65, 0x51, 0x62, 0x84, 0xe2, 0x72, 0xb0, 0x62, 0x6a, 0x55}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x3b, 0x04, 0xbb, 0xba, 0xaa, 0xef, 0xd5, 0x02, 0x12, 0x39, 0x43, 0x77, 0xd9, 0x08, 0x20, 0xc4, 0x2c, 0xa7, 0xfc, 0xa5, 0x75, 0xb2, 0x96, 0x31, 0x35, 0x6d, 0x4e, 0xbf, 0xb2, 0xb4, 0x25, 0x56}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x12, 0xdf, 0x44, 0xe0, 0xeb, 0x63, 0x4e, 0xeb, 0x40, 0x81, 0x8c, 0x69, 0xbf, 0xd7, 0xf7, 0x46, 0x42, 0xbf, 0xd1, 0xa8, 0x49, 0x6c, 0x95, 0x31, 0xdd, 0x83, 0x39, 0x6a, 0x53, 0xd2, 0x19, 0x4c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x7e, 0x23, 0xfa, 0x09, 0x4f, 0x6f, 0xda, 0x85, 0x2f, 0x69, 0x1d, 0xf7, 0xe8, 0x52, 0x83, 0x37, 0x62, 0x97, 0xbf, 0x38, 0x23, 0xf3, 0x4d, 0xef, 0x64, 0xad, 0x7b, 0x35, 0x07, 0xf1, 0xdc, 0xfb}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xc0, 0xb4, 0x1b, 0xc3, 0xbe, 0xa2, 0x24, 0x2d, 0x71, 0xf7, 0x07, 0xef, 0x29, 0x96, 0x24, 0x49, 0x3a, 0x45, 0x65, 0xbb, 0xaa, 0x45, 0xb5, 0x74, 0x37, 0x31, 0x72, 0x83, 0x8b, 0x5c, 0x7f, 0x3c}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x7a, 0xdc, 0x55, 0x89, 0x0e, 0xb3, 0x0e, 0xa7, 0xe0, 0xac, 0x29, 0x8f, 0x8c, 0xf7, 0x86, 0x2d, 0xfb, 0x62, 0x3d, 0xc2, 0xfc, 0x1c, 0x91, 0x57, 0xec, 0xc8, 0x8e, 0x30, 0x20, 0xd1, 0xa6, 0xbd}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x03, 0x95, 0xd2, 0x36, 0xf9, 0x70, 0xd0, 0x23, 0xfc, 0x79, 0x69, 0x07, 0x9c, 0xf1, 0x4f, 0x12, 0x4b, 0x3d, 0x76, 0x9d, 0xdd, 0xf7, 0x38, 0x83, 0x51, 0x1f, 0xda, 0x63, 0xe1, 0x46, 0xac, 0x3e}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xe4, 0x99, 0xee, 0xb2, 0xa1, 0x1b, 0xfd, 0x69, 0x95, 0xc4, 0x5e, 0x59, 0xaf, 0x66, 0xe1, 0x3e, 0x87, 0x14, 0xd9, 0xe9, 0xe6, 0x45, 0x95, 0x43, 0x82, 0x77, 0x45, 0xf1, 0x12, 0xa4, 0x70, 0xab}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb6, 0x41, 0x6f, 0x25, 0x2c, 0x98, 0x8b, 0xf2, 0x4d, 0x2a, 0x4c, 0x00, 0xd7, 0xc8, 0x01, 0x3c, 0x96, 0x53, 0xf3, 0x47, 0xcb, 0x89, 0x9f, 0x18, 0x16, 0x6c, 0x8f, 0x8e, 0x80, 0x46, 0x5d, 0x92}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x36, 0xeb, 0xfc, 0x2c, 0x4e, 0x84, 0xa5, 0x98, 0xff, 0xc3, 0x1a, 0xec, 0xe4, 0x8e, 0x22, 0x6d, 0xe0, 0x5e, 0x0d, 0x52, 0xc6, 0x1f, 0x4a, 0x45, 0x5c, 0xac, 0x77, 0xb0, 0x08, 0xbd, 0x40, 0x07}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xab, 0xb4, 0x6e, 0x19, 0x80, 0x6f, 0x5a, 0xa3, 0x64, 0x27, 0x6b, 0xc6, 0x2c, 0x75, 0x08, 0x5d, 0x2e, 0xdb, 0x21, 0xba, 0xcd, 0x4a, 0x30, 0xdc, 0x66, 0xd5, 0x93, 0x58, 0x24, 0xb7, 0x85, 0xb6}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xac, 0x23, 0x6c, 0x41, 0x8d, 0x4d, 0x02, 0x68, 0xe1, 0x08, 0x5b, 0x46, 0xf4, 0xd7, 0xa7, 0xfc, 0xb8, 0xda, 0x3a, 0x78, 0x2f, 0xe6, 0xa2, 0xdf, 0xc5, 0xf3, 0xbf, 0xfb, 0x70, 0x1a, 0x5c, 0x1d}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x7b, 0x16, 0xa4, 0x20, 0x06, 0x58, 0x5f, 0x44, 0xd3, 0x94, 0xe5, 0x56, 0xc5, 0xab, 0x31, 0x35, 0x3e, 0x4c, 0x8e, 0x1d, 0x40, 0x45, 0x7b, 0x05, 0xb6, 0xf4, 0xa6, 0x39, 0xc0, 0x3f, 0x53, 0xde}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x5c, 0xaf, 0xcd, 0x2d, 0x09, 0x3a, 0xf7, 0x74, 0x75, 0x10, 0x35, 0x41, 0x8d, 0xa5, 0x00, 0xf5, 0x1b, 0x8d, 0xd1, 0xfc, 0xef, 0xd0, 0xfe, 0x73, 0x5c, 0xe7, 0x96, 0xf4, 0x9e, 0x4a, 0x3f, 0x88}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x8f, 0x51, 0xe4, 0xf8, 0x8c, 0xea, 0xd8, 0xb3, 0x9a, 0x9d, 0x47, 0x32, 0xfe, 0xbb, 0xe0, 0xda, 0x1f, 0x8a, 0x0f, 0x8d, 0x68, 0x21, 0xdc, 0x7a, 0xe2, 0x82, 0xae, 0xf3, 0xe9, 0xa1, 0x42, 0xb5}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xda, 0x2c, 0xae, 0x3c, 0xf2, 0x27, 0x3e, 0x71, 0xea, 0x31, 0x8e, 0x5c, 0x98, 0xbf, 0x55, 0x79, 0x07, 0x6f, 0xa1, 0x49, 0xe5, 0xf7, 0x63, 0x00, 0x9d, 0x4a, 0xca, 0xb4, 0xbf, 0xc3, 0x42, 0x9c}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x4a, 0x99, 0x65, 0x3a, 0x41, 0x6d, 0xe3, 0xe3, 0x9b, 0xdc, 0x0f, 0x7f, 0x8a, 0x51, 0xfd, 0x10, 0x7b, 0x56, 0xeb, 0x21, 0xc0, 0x9e, 0x46, 0xd2, 0x37, 0xa8, 0x5a, 0xc4, 0xcc, 0x8d, 0xdb, 0xc7}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x9a, 0xfc, 0x04, 0x0f, 0x8e, 0xf9, 0x4b, 0xa2, 0xc1, 0xc9, 0xc6, 0x03, 0x35, 0xe0, 0x8d, 0x13, 0x72, 0x1e, 0xbb, 0xe0, 0xa5, 0x64, 0x38, 0x95, 0xf9, 0x03, 0xa7, 0x10, 0x84, 0x2b, 0x6f, 0x35}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x2a, 0x07, 0x87, 0x2d, 0xe3, 0xed, 0xed, 0x74, 0xc6, 0x8d, 0xc3, 0xd8, 0x6f, 0xa6, 0x2e, 0xca, 0x37, 0x1a, 0x07, 0x16, 0x65, 0x47, 0x1f, 0xed, 0x01, 0x7e, 0xf7, 0xaa, 0x08, 0xcb, 0x8e, 0xfb}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0x08, 0xe5, 0x24, 0x8c, 0x1e, 0xc5, 0x3a, 0xf0, 0x56, 0xe4, 0x38, 0xed, 0x1d, 0x2a, 0xef, 0x14, 0x1b, 0x48, 0x49, 0x23, 0x59, 0xb1, 0x05, 0x74, 0x00, 0x68, 0x6d, 0x89, 0x1e, 0x5e, 0xba, 0xec}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x0d, 0x4c, 0xfe, 0x60, 0x8c, 0xb5, 0x6b, 0x5f, 0x36, 0xbf, 0x0b, 0x45, 0x95, 0xac, 0x8e, 0xa7, 0x85, 0xd1, 0x33, 0xa4, 0x25, 0xb7, 0x2a, 0x28, 0xea, 0xdb, 0xde, 0x08, 0x4d, 0x2c, 0x1d, 0x8d}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd1, 0x0f, 0x26, 0xf7, 0x78, 0xbc, 0x6e, 0x27, 0x85, 0x70, 0x27, 0xc6, 0x76, 0x94, 0xa7, 0x01, 0x01, 0xd4, 0x84, 0x5e, 0x5e, 0xbf, 0x0d, 0xb9, 0xa3, 0xa6, 0x0d, 0xd3, 0x47, 0xc8, 0x31, 0xc8}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x9c, 0xd2, 0xbf, 0x41, 0x9e, 0x48, 0x0e, 0xf0, 0x55, 0x89, 0x07, 0x88, 0xa3, 0x1b, 0x24, 0x6d, 0xc6, 0xde, 0xb0, 0xe6, 0x56, 0x20, 0x15, 0x44, 0x1e, 0x80, 0xac, 0xdf, 0x5c, 0x65, 0xd6, 0x2e}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x1a, 0x7d, 0x34, 0xf5, 0x77, 0xcb, 0xdc, 0x70, 0x50, 0x9c, 0xb0, 0xa8, 0x4f, 0x88, 0xb1, 0x64, 0x62, 0x9f, 0xcc, 0xb6, 0xc4, 0x94, 0xfb, 0xd3, 0xc7, 0x4c, 0x88, 0x5d, 0x9b, 0xce, 0x20, 0x88}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xff, 0x4b, 0x09, 0xb2, 0xb9, 0x93, 0x22, 0xdc, 0x8a, 0xbf, 0x5e, 0x64, 0xc7, 0x7c, 0x3e, 0xd1, 0xb3, 0xbc, 0xa8, 0x48, 0x9c, 0x1a, 0x4c, 0x6e, 0xc8, 0x27, 0xff, 0x86, 0x82, 0xf1, 0x22, 0x51}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xca, 0xc8, 0x55, 0x4d, 0x5a, 0xe0, 0x12, 0x51, 0xc8, 0xaa, 0x70, 0xf2, 0xd1, 0x74, 0x19, 0x79, 0x82, 0x01, 0x30, 0x75, 0xd7, 0x59, 0xdb, 0x65, 0x13, 0x73, 0x51, 0xc6, 0xc1, 0x14, 0x99, 0xf3}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x84, 0x4c, 0x74, 0x69, 0xca, 0xbd, 0xd1, 0xa7, 0x9f, 0x1e, 0x94, 0x60, 0xa5, 0x33, 0x64, 0x68, 0x42, 0x8a, 0xcf, 0xbd, 0x13, 0xf3, 0xe3, 0xc1, 0x67, 0xcf, 0x38, 0xfe, 0x8a, 0xb4, 0x8c, 0x8f}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xb1, 0x66, 0x9b, 0x69, 0x38, 0xe5, 0x9c, 0x73, 0xb1, 0x7c, 0x25, 0xca, 0x0b, 0x06, 0xa9, 0xf6, 0x0c, 0x25, 0x84, 0xad, 0x8e, 0xaf, 0xe3, 0xbb, 0xa9, 0xc1, 0x79, 0x3f, 0x44, 0x6a, 0xdf, 0xe2}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0xce, 0xc9, 0xb5, 0xde, 0x1f, 0xf7, 0x41, 0x80, 0x4d, 0x33, 0x9e, 0x56, 0xaf, 0x67, 0x6b, 0x7e, 0x49, 0x80, 0x8e, 0xd0, 0xe4, 0x42, 0x78, 0x94, 0x96, 0x8c, 0x2f, 0x16, 0xfa, 0xb7, 0x36, 0x5b}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x35, 0x20, 0xc9, 0xb1, 0x9b, 0xe4, 0xcc, 0x35, 0x42, 0xcb, 0x34, 0x4b, 0x40, 0xdc, 0x75, 0xd2, 0x5d, 0x83, 0x6c, 0x1c, 0x5d, 0xe0, 0x87, 0x58, 0x88, 0xb8, 0x28, 0x54, 0x47, 0x00, 0x0a, 0xde}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x44, 0xec, 0x5d, 0xc8, 0xb0, 0x61, 0xa0, 0xd1, 0x11, 0xab, 0x26, 0x1d, 0x77, 0x1a, 0xb2, 0xcd, 0xe5, 0x24, 0xa8, 0x09, 0x8b, 0xa0, 0x7e, 0xff, 0xd4, 0xd4, 0x42, 0xec, 0x59, 0x3b, 0x8a, 0x2a}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0xf5, 0x36, 0x83, 0x73, 0xa2, 0xed, 0xba, 0xaa, 0x34, 0x36, 0x22, 0x6f, 0x7f, 0x00, 0x8a, 0x88, 0x05, 0x63, 0x89, 0xe8, 0xa2, 0x7e, 0x7c, 0x46, 0xfc, 0x66, 0xfa, 0xfc, 0x99, 0x80, 0x16, 0xf9}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xbf, 0x83, 0x6c, 0x2e, 0x96, 0xb0, 0x32, 0x59, 0x1b, 0x64, 0xa9, 0xdf, 0x13, 0x3d, 0xcc, 0x07, 0xc7, 0x50, 0xc9, 0xde, 0x38, 0x7b, 0x94, 0x81, 0x9e, 0x7b, 0xff, 0xb9, 0x68, 0x40, 0xf9, 0xf9}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x97, 0x54, 0x75, 0xca, 0x37, 0xec, 0xd0, 0x1e, 0x09, 0x44, 0xae, 0xe5, 0x88, 0xc2, 0xef, 0xa7, 0xd5, 0xcc, 0xa0, 0xf0, 0xdf, 0x59, 0x51, 0x9f, 0x07, 0xb4, 0xfb, 0xf1, 0x38, 0xf6, 0x8d, 0x39}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0xfb, 0x2c, 0x8a, 0xeb, 0x47, 0x64, 0x71, 0x0c, 0x48, 0xc7, 0x37, 0x2a, 0x18, 0x64, 0x51, 0x6e, 0xa4, 0x8a, 0xc6, 0x54, 0xd4, 0x6e, 0x82, 0x3c, 0xc9, 0x10, 0x6a, 0xe8, 0x92, 0xed, 0xfd, 0x00}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb8, 0x56, 0x10, 0x89, 0x91, 0x1b, 0x39, 0x21, 0x5b, 0xde, 0x77, 0x02, 0x78, 0x87, 0x94, 0xa4, 0x46, 0x59, 0x19, 0x8c, 0xe9, 0x3f, 0x9c, 0x26, 0x3c, 0x27, 0x63, 0x38, 0x8d, 0x37, 0x39, 0x7d}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x66, 0xb1, 0x28, 0x1c, 0x3a, 0x4e, 0x34, 0x3e, 0x57, 0xdd, 0xb1, 0x30, 0x6e, 0xac, 0x27, 0xbf, 0x26, 0x64, 0x0e, 0x9f, 0x40, 0x39, 0xce, 0xcc, 0x8b, 0xc2, 0x07, 0x81, 0xda, 0x5b, 0xe1, 0x49}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index cf7c592a9..b2d7e9899 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240822142944-5e1c09bdd612" + defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240829155026-8555bd00a992" ) From d04fbe88af1339d3f24ab332139c15e92b861b00 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Tue, 3 Sep 2024 16:14:59 +0200 Subject: [PATCH 237/380] image: update locked rpms (#3331) Co-authored-by: edgelessci --- image/mirror/SHA256SUMS | 54 ++++++++++++++++++++--------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/image/mirror/SHA256SUMS b/image/mirror/SHA256SUMS index 72fe21cbb..a2db3a2c2 100644 --- a/image/mirror/SHA256SUMS +++ b/image/mirror/SHA256SUMS @@ -18,8 +18,8 @@ adf4b75cdd9fae9d2d37fb71d9f0bf625a6705c0f0a7784569ab21463fe22152 conntrack-tool b0b0ba347f69131086934e836f03fb8b373923c88ac2958bd9661be28e30e869 container-selinux-2.232.1-1.fc40.noarch.rpm bbe29e0c7b4ca076d50b4ac3954eb383459230d96b13f353ee71ebd5de33b6d1 containerd-1.6.23-5.fc40.x86_64.rpm 25fffa3b5f1b0b2349fd6f8f6ccb6e84936c50eeb8d4a292bcc2b74895fa7fcc containernetworking-plugins-1.4.0-4.fc40.x86_64.rpm -3ebc876ed0fc1e20e8c959bb27827aa80e432ea15492d00bb93565fb0450e3d1 containers-common-0.60.0-1.fc40.noarch.rpm -3d2becabe64711aeeaf330401cf1b7c7d3cfd11e1630e758046fdba7dcad2369 containers-common-extra-0.60.0-1.fc40.noarch.rpm +2b469c1a5d65c0378a076c4fdd86196ace5775feabdd42bba1344a57b3fecae2 containers-common-0.60.1-1.fc40.noarch.rpm +b9bbec6ff8ed2e8ffe5631cda62d948500801843824abdd02104142ec2927e3b containers-common-extra-0.60.1-1.fc40.noarch.rpm a42b290620077529be1c269ff440a6cf78a66bc239be5fd69dc5fdd509bcd70b coreutils-single-9.4-7.fc40.x86_64.rpm d941a78ffb6e2e0b4c24d0097d0351ced8796edde90208b4bddee459bce0a949 cpio-2.15-1.fc40.x86_64.rpm faa23cb6a7a612c0a6e874c788c5add967c5e193bd38c2e6093b82b38a162f81 cracklib-2.9.11-5.fc40.i686.rpm @@ -260,7 +260,7 @@ f796a31cad58f4ebea8787020868581d9a721297ee0ef6a7c63a7f8444f60c17 pcsc-lite-libs 5443db8875acc0c1c436dbe1ed62b776543e049b8d9c7e33198379d367814093 pigz-2.8-4.fc40.x86_64.rpm cb7c5036f1d25c696de23a6670cb64caec9945116fb0c9a93555414746ecf253 pinentry-1.3.0-2.fc40.x86_64.rpm bbb4abafa9f7664e21350b56d49af2c928288e6d4dd68c304c4ab5d45b2c8ad7 pkcs11-provider-0.3-2.fc40.x86_64.rpm -5f47e12ae5b4a65b7624ab2099cbaac7610e68566b5333a3149ab1b913429f80 podman-5.2.1-1.fc40.x86_64.rpm +9006a2de704b633a780f331328a5e304dc32f3cf33c19ef09ac9b04bd61159bb podman-5.2.2-1.fc40.x86_64.rpm fc0270713aefd482937adc4d6905f806760ea54c70379cb675be521251e5a177 policycoreutils-3.6-3.fc40.x86_64.rpm 30a4f9d3631aaa1280c93ce4305847a9773973aa312e1802d1cd676cb2421689 polkit-124-2.fc40.x86_64.rpm f47bc65177a8b160916c00df9c84442afa1dd353880b3c0503d5a0b052d4956c polkit-libs-124-2.fc40.x86_64.rpm @@ -271,29 +271,29 @@ af85755cda79959a19161ebc26a45e507003298bd97b472b9ab0d512afa5e46a protobuf-c-1.5 45ff2e9814aa059f323b23710c73309d41d36306667a3004f5fbb86b0cab4484 psmisc-23.6-6.fc40.x86_64.rpm cca50802d4f75306bc37126feb92db79fed44dcdabf76c1556853334995b9d3b publicsuffix-list-dafsa-20240107-3.fc40.noarch.rpm 1cfc81c8761cd0381cc5020a3686afec8350aadea01998518e8aa2407419fe9f python-pip-wheel-23.3.2-1.fc40.noarch.rpm -013b02242bdd8fdbbc90f6596ee4f634f3f315f014274420f23c2140b591562c python-unversioned-command-3.12.4-1.fc40.noarch.rpm -5aeca7583eaf142e0669fdc3cc32fd3df518d89c0bae2090c30f699477830e14 python3-3.12.4-1.fc40.x86_64.rpm -2c606a81cc6eb1cd9aeda3be1b6c6ebaaec8901af02fde22948f69af6ca28015 python3-libs-3.12.4-1.fc40.x86_64.rpm -74f89e3304571c9d4eb8df444fa895aa71910dcb1909738c1f69781280da87e7 qemu-user-static-8.2.2-1.fc40.x86_64.rpm -a40c17e5681b201891c6dfaed0f6fc0dba1cdb9eb208d9ff47f9be52de76d177 qemu-user-static-aarch64-8.2.2-1.fc40.x86_64.rpm -fcf593362df5c9193264bf3bd74a6b25d73c1ef24cb7384b6f0bf4e36284365b qemu-user-static-alpha-8.2.2-1.fc40.x86_64.rpm -a241f91547dd638bfb15a1ac1c97baaaabb9b5bd64e40cd1ea444758233f119b qemu-user-static-arm-8.2.2-1.fc40.x86_64.rpm -f236b50236e4003b71eb293b769588d779fc68719f1562dd05a788b9f996a856 qemu-user-static-cris-8.2.2-1.fc40.x86_64.rpm -b8250ea3b6ab5511ffb68f01aab0253de627c6e65f1bc8f61a1322d04390c1c1 qemu-user-static-hexagon-8.2.2-1.fc40.x86_64.rpm -91f9eb36f2d9556058f320573b785775603c7c2bc31886ddfef1fd30b39f8893 qemu-user-static-hppa-8.2.2-1.fc40.x86_64.rpm -689376c3a0f33907c88b619414bd8ea6cd5c09a1ad8f45f208c1a7b6f0f536b5 qemu-user-static-loongarch64-8.2.2-1.fc40.x86_64.rpm -939ef3d38ee0c6a616879a5be56a42956cda3bc4a0e278343e06978ad1fd7feb qemu-user-static-m68k-8.2.2-1.fc40.x86_64.rpm -e3f3af44aa7ea424025872a34267354f9f28e463ef4fce4e96855724935f49ac qemu-user-static-microblaze-8.2.2-1.fc40.x86_64.rpm -2975de005d77b208c8acb01ec2b628f8ae72fa1ffca00ec4aa43ff75f29a1bca qemu-user-static-mips-8.2.2-1.fc40.x86_64.rpm -d095a53430ac1cedb2ea88a322ce8d01514d9deb4c5c187632954f48fe3ae518 qemu-user-static-nios2-8.2.2-1.fc40.x86_64.rpm -fb1eb4db02470dd2ef9f7ae0a25a9418b281d2fd9d19094b5c5b7b70731efcd6 qemu-user-static-or1k-8.2.2-1.fc40.x86_64.rpm -c81aa2cb89a3b5e939021c232c70176798480788a867773ba42a30805249483d qemu-user-static-ppc-8.2.2-1.fc40.x86_64.rpm -cb3cea7ef4e920cf4d1917c5e9f19bcc487357405e697e8a31eb2c21ae7cd961 qemu-user-static-riscv-8.2.2-1.fc40.x86_64.rpm -17782c2c4cc9c647c40ae3208635ef7c6c31f1eab07e359597816e7517f24425 qemu-user-static-s390x-8.2.2-1.fc40.x86_64.rpm -4d87a91ff166cd2a3af5420be4e668c716e4adb0dc1859e207455d5f03217257 qemu-user-static-sh4-8.2.2-1.fc40.x86_64.rpm -d3f2ab7e3d249654b1f7dca507f81de64ea004c079f7c34858e12916c2f99db8 qemu-user-static-sparc-8.2.2-1.fc40.x86_64.rpm -0111d6f799d20f1dca09b2a06f5c9510e8951bd5e56e3075c5802f17ed41a445 qemu-user-static-x86-8.2.2-1.fc40.x86_64.rpm -fd2dec7911de16e5a076eb5b8be246ec2845481dbca49a16b52293eb42d3d1bd qemu-user-static-xtensa-8.2.2-1.fc40.x86_64.rpm +2eca9489d4cc2d3bb5f1efd452007d49f00334e8949afa7c634c76758305f5db python-unversioned-command-3.12.5-1.fc40.noarch.rpm +d9f4e1f212b42eabc565e6369088603c2782b1f0bbedfa392cb4f6c5cd0c914b python3-3.12.5-1.fc40.x86_64.rpm +3de9ae7033e56cc56c493f901baa16ed115658ee7cc3b2d689750c6b5346bb0c python3-libs-3.12.5-1.fc40.x86_64.rpm +31d3560d4e4d9c6eedbc48911b38f1958b03d69d53859251ca53adc2c0db083b qemu-user-static-8.2.6-3.fc40.x86_64.rpm +0f8288155f67cdc89680d17f77f742a58e7f2076231dc824b40411903c5bfb0d qemu-user-static-aarch64-8.2.6-3.fc40.x86_64.rpm +9d6240b8b25f010e64f583112fe8c152fc9ba469b261fb33fb4834724924c0dd qemu-user-static-alpha-8.2.6-3.fc40.x86_64.rpm +f4a6f78834d4a5636319a185055789ec791488f4e7ee6b47b00e6c4e269f8e05 qemu-user-static-arm-8.2.6-3.fc40.x86_64.rpm +f7ce8500ce5e7564a01a7c0f1bc87b0257b2fe2950103302be1bc01966b0bbef qemu-user-static-cris-8.2.6-3.fc40.x86_64.rpm +62e793b810cfacbfd283e673a2d8467dcddbf087eb17537076d220147e4c9ca5 qemu-user-static-hexagon-8.2.6-3.fc40.x86_64.rpm +12d8a93f6b61c2059627bcdd115539d89024e886c189935dd5257ec8cebccbd8 qemu-user-static-hppa-8.2.6-3.fc40.x86_64.rpm +19b21a04720fdf3003d8ce67e559af6668e44ad5e95a03db59b8930cd9d7e397 qemu-user-static-loongarch64-8.2.6-3.fc40.x86_64.rpm +fab31e38fed5b4630bdfb2b2ee97edf7ffde0038fd7c2c0945dbdbb64ebbbe44 qemu-user-static-m68k-8.2.6-3.fc40.x86_64.rpm +35a7fbb8c29e6f50962a1fd656a8ba6fb855f2f0daf8bd3986ec56e3909f9465 qemu-user-static-microblaze-8.2.6-3.fc40.x86_64.rpm +88484450122f6ab5329172368dc600119faa877ead25ebfa9a0dd2c2bf2a055f qemu-user-static-mips-8.2.6-3.fc40.x86_64.rpm +e0107e099ea2fdcc949b804ae910deeaf93ca8838edd9d23ae69adf54c4a8155 qemu-user-static-nios2-8.2.6-3.fc40.x86_64.rpm +d7f6cb73067427d6ed86e46a75dc6efd088cd4b28f1d0f318a99b3ad5e0d1a90 qemu-user-static-or1k-8.2.6-3.fc40.x86_64.rpm +ad30ee5ac42f1ed503b4a4db327877838094148bb7e2c626e1e60e554c6dc5f6 qemu-user-static-ppc-8.2.6-3.fc40.x86_64.rpm +ef903179c047453d22a7caf4b28f81792ed933c5ad6d1fd99892810dda1155b1 qemu-user-static-riscv-8.2.6-3.fc40.x86_64.rpm +752de837b1cfe48320dcd4fdef809937481cffc74533da1a49bf736367db9910 qemu-user-static-s390x-8.2.6-3.fc40.x86_64.rpm +446017f2cb59e00efd05760de9f699fdf97fa82078dc9bcfeb3a375ac6575989 qemu-user-static-sh4-8.2.6-3.fc40.x86_64.rpm +007037d0f3660316252b5080e57db7d02766389200c1442fd8f18d2fd571f0c4 qemu-user-static-sparc-8.2.6-3.fc40.x86_64.rpm +f8ae6311b48fc301763a4e9d0f2e2b23714a5955a1d0c07b5f7ee34df0842f44 qemu-user-static-x86-8.2.6-3.fc40.x86_64.rpm +77f6493f5271b2af50a1c979b1544db5909fd40c7f7200ef8d0d7852aaf325ba qemu-user-static-xtensa-8.2.6-3.fc40.x86_64.rpm 8d50fba416f81e4091b144748fff22665ee88699fdc4a372b905d999d05fd3e8 qrencode-libs-4.1.1-7.fc40.i686.rpm 93781052576cc40a2c203bbc1bf865189a11b2c82436e614da9811baedc082fc qrencode-libs-4.1.1-7.fc40.x86_64.rpm 3527582fddcb54892228658b3929ffbb89766941a9794e726216e0800ac05721 readline-8.2-8.fc40.i686.rpm @@ -304,7 +304,7 @@ c48c149f4aebfe44d649eea6f7a8eaa229dc8db71ff70b66c7403aa9bd072820 rpm-libs-4.19. d400a4e4440bea56566fb1e9582d86d1ac2e07745d37fa6e71f43a8fea05217c rpm-plugin-selinux-4.19.1.1-1.fc40.x86_64.rpm 9015e31297a54b708071d347b7877d885a2a97c3b18a89fa31f1481b6406eb06 rpm-sequoia-1.7.0-1.fc40.x86_64.rpm 63af9d11e956f54577a54460afda4377d78fdb9e265b1eae3f0f7a6f94f70146 runc-1.1.12-3.fc40.x86_64.rpm -3b940ff1f16fdb3ddcc19d7d76241c9b81d81099ff5147c4c9967d2c4ca6fb5b sbsigntools-0.9.5-3.fc40.x86_64.rpm +5dbd069183076ed8048c839c31f713c0f6080fb9ebfdda92ac550030688e811b sbsigntools-0.9.5-6.fc40.x86_64.rpm 6a21b2c132a54fd6d9acb846d0a96289ab739b745cdc4c2b31bdbf6b2434a1a7 sed-4.9-1.fc40.x86_64.rpm f2edc048484f98d9c52136539ff4720e124ded9619a54e97740bf69491bfc05c selinux-policy-40.27-1.fc40.noarch.rpm 65f63b667d43d687921b77b77833500ee6a7bf9c9bf6358ba6e73b4091b80c9d selinux-policy-targeted-40.27-1.fc40.noarch.rpm From eab9aca26fca0f48244be4991235cb6568c8197e Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Tue, 3 Sep 2024 16:26:08 +0200 Subject: [PATCH 238/380] terraform-provider-constellation: make kubeconfig output fine-grained (#3334) --- .../docs/resources/cluster.md | 6 +- .../internal/provider/BUILD.bazel | 1 + .../internal/provider/cluster_resource.go | 90 +++++++++++++++++-- 3 files changed, 91 insertions(+), 6 deletions(-) diff --git a/terraform-provider-constellation/docs/resources/cluster.md b/terraform-provider-constellation/docs/resources/cluster.md index e4a4f963a..542200750 100644 --- a/terraform-provider-constellation/docs/resources/cluster.md +++ b/terraform-provider-constellation/docs/resources/cluster.md @@ -90,8 +90,12 @@ See the [full list of CSPs](https://docs.edgeless.systems/constellation/overview ### Read-Only +- `client_certificate` (String) The client certificate of the cluster. +- `client_key` (String, Sensitive) The client key of the cluster. +- `cluster_ca_certificate` (String) The cluster CA certificate of the cluster. - `cluster_id` (String) The cluster ID of the cluster. -- `kubeconfig` (String, Sensitive) The kubeconfig of the cluster. +- `host` (String) The host of the cluster. +- `kubeconfig` (String, Sensitive) The kubeconfig (file) of the cluster. - `owner_id` (String) The owner ID of the cluster. diff --git a/terraform-provider-constellation/internal/provider/BUILD.bazel b/terraform-provider-constellation/internal/provider/BUILD.bazel index 54400f07f..8f6f573d1 100644 --- a/terraform-provider-constellation/internal/provider/BUILD.bazel +++ b/terraform-provider-constellation/internal/provider/BUILD.bazel @@ -58,6 +58,7 @@ go_library( "@com_github_hashicorp_terraform_plugin_framework_validators//stringvalidator", "@com_github_hashicorp_terraform_plugin_log//tflog", "@com_github_spf13_afero//:afero", + "@io_k8s_client_go//tools/clientcmd", ], ) diff --git a/terraform-provider-constellation/internal/provider/cluster_resource.go b/terraform-provider-constellation/internal/provider/cluster_resource.go index 096621af6..01aa6615b 100644 --- a/terraform-provider-constellation/internal/provider/cluster_resource.go +++ b/terraform-provider-constellation/internal/provider/cluster_resource.go @@ -54,6 +54,7 @@ import ( "github.com/hashicorp/terraform-plugin-framework/types/basetypes" "github.com/hashicorp/terraform-plugin-log/tflog" "github.com/spf13/afero" + "k8s.io/client-go/tools/clientcmd" ) var ( @@ -102,9 +103,13 @@ type ClusterResourceModel struct { Azure types.Object `tfsdk:"azure"` OpenStack types.Object `tfsdk:"openstack"` - OwnerID types.String `tfsdk:"owner_id"` - ClusterID types.String `tfsdk:"cluster_id"` - KubeConfig types.String `tfsdk:"kubeconfig"` + OwnerID types.String `tfsdk:"owner_id"` + ClusterID types.String `tfsdk:"cluster_id"` + KubeConfig types.String `tfsdk:"kubeconfig"` + Host types.String `tfsdk:"host"` + ClientCertificate types.String `tfsdk:"client_certificate"` + ClientKey types.String `tfsdk:"client_key"` + ClusterCACertificate types.String `tfsdk:"cluster_ca_certificate"` } // networkConfigAttribute is the network config attribute's data model. @@ -417,8 +422,8 @@ func (r *ClusterResource) Schema(_ context.Context, _ resource.SchemaRequest, re }, }, "kubeconfig": schema.StringAttribute{ - MarkdownDescription: "The kubeconfig of the cluster.", - Description: "The kubeconfig of the cluster.", + MarkdownDescription: "The kubeconfig (file) of the cluster.", + Description: "The kubeconfig (file) of the cluster.", Computed: true, Sensitive: true, PlanModifiers: []planmodifier.String{ @@ -426,6 +431,43 @@ func (r *ClusterResource) Schema(_ context.Context, _ resource.SchemaRequest, re stringplanmodifier.UseStateForUnknown(), }, }, + "host": schema.StringAttribute{ + MarkdownDescription: "The host of the cluster.", + Description: "The host of the cluster.", + Computed: true, + PlanModifiers: []planmodifier.String{ + // We know that this value will never change after creation, so we can use the state value for upgrades. + stringplanmodifier.UseStateForUnknown(), + }, + }, + "client_certificate": schema.StringAttribute{ + MarkdownDescription: "The client certificate of the cluster.", + Description: "The client certificate of the cluster.", + Computed: true, + PlanModifiers: []planmodifier.String{ + // We know that this value will never change after creation, so we can use the state value for upgrades. + stringplanmodifier.UseStateForUnknown(), + }, + }, + "client_key": schema.StringAttribute{ + MarkdownDescription: "The client key of the cluster.", + Description: "The client key of the cluster.", + Computed: true, + Sensitive: true, + PlanModifiers: []planmodifier.String{ + // We know that this value will never change after creation, so we can use the state value for upgrades. + stringplanmodifier.UseStateForUnknown(), + }, + }, + "cluster_ca_certificate": schema.StringAttribute{ + MarkdownDescription: "The cluster CA certificate of the cluster.", + Description: "The cluster CA certificate of the cluster.", + Computed: true, + PlanModifiers: []planmodifier.String{ + // We know that this value will never change after creation, so we can use the state value for upgrades. + stringplanmodifier.UseStateForUnknown(), + }, + }, }, } } @@ -1171,7 +1213,45 @@ func (r *ClusterResource) runInitRPC(ctx context.Context, applier *constellation } // Save data from init response into the Terraform state + + // Save the raw kubeconfig file. data.KubeConfig = types.StringValue(string(initOutput.Kubeconfig)) + + // Unmarshal the kubeconfig to get the fine-grained values. + kubeconfig, err := clientcmd.Load(initOutput.Kubeconfig) + if err != nil { + diags.AddError("Unmarshalling kubeconfig", err.Error()) + return diags + } + + clusterContext, ok := kubeconfig.Contexts[kubeconfig.CurrentContext] + if !ok { + diags.AddError("Getting cluster context", + fmt.Sprintf("Context %s not found in kubeconfig", kubeconfig.CurrentContext)) + return diags + } + + cluster, ok := kubeconfig.Clusters[clusterContext.Cluster] + if !ok { + diags.AddError("Getting cluster", + fmt.Sprintf("Cluster %s not found in kubeconfig", clusterContext.Cluster)) + return diags + } + + data.Host = types.StringValue(cluster.Server) + data.ClusterCACertificate = types.StringValue(string(cluster.CertificateAuthorityData)) + + authInfo, ok := kubeconfig.AuthInfos[clusterContext.AuthInfo] + if !ok { + diags.AddError("Getting auth info", + fmt.Sprintf("Auth info %s not found in kubeconfig", clusterContext.AuthInfo)) + return diags + } + + data.ClientCertificate = types.StringValue(string(authInfo.ClientCertificateData)) + data.ClientKey = types.StringValue(string(authInfo.ClientKeyData)) + + // Save other values from the init response. data.ClusterID = types.StringValue(initOutput.ClusterID) data.OwnerID = types.StringValue(initOutput.OwnerID) From a3bd2e029ce99bc711d596e137a9c62002c66030 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Wed, 4 Sep 2024 08:36:51 +0200 Subject: [PATCH 239/380] image: update measurements and image version (#3335) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index ce9c6d361..db47d3291 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x3b, 0x04, 0xbb, 0xba, 0xaa, 0xef, 0xd5, 0x02, 0x12, 0x39, 0x43, 0x77, 0xd9, 0x08, 0x20, 0xc4, 0x2c, 0xa7, 0xfc, 0xa5, 0x75, 0xb2, 0x96, 0x31, 0x35, 0x6d, 0x4e, 0xbf, 0xb2, 0xb4, 0x25, 0x56}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x12, 0xdf, 0x44, 0xe0, 0xeb, 0x63, 0x4e, 0xeb, 0x40, 0x81, 0x8c, 0x69, 0xbf, 0xd7, 0xf7, 0x46, 0x42, 0xbf, 0xd1, 0xa8, 0x49, 0x6c, 0x95, 0x31, 0xdd, 0x83, 0x39, 0x6a, 0x53, 0xd2, 0x19, 0x4c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x7e, 0x23, 0xfa, 0x09, 0x4f, 0x6f, 0xda, 0x85, 0x2f, 0x69, 0x1d, 0xf7, 0xe8, 0x52, 0x83, 0x37, 0x62, 0x97, 0xbf, 0x38, 0x23, 0xf3, 0x4d, 0xef, 0x64, 0xad, 0x7b, 0x35, 0x07, 0xf1, 0xdc, 0xfb}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xc0, 0xb4, 0x1b, 0xc3, 0xbe, 0xa2, 0x24, 0x2d, 0x71, 0xf7, 0x07, 0xef, 0x29, 0x96, 0x24, 0x49, 0x3a, 0x45, 0x65, 0xbb, 0xaa, 0x45, 0xb5, 0x74, 0x37, 0x31, 0x72, 0x83, 0x8b, 0x5c, 0x7f, 0x3c}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x7a, 0xdc, 0x55, 0x89, 0x0e, 0xb3, 0x0e, 0xa7, 0xe0, 0xac, 0x29, 0x8f, 0x8c, 0xf7, 0x86, 0x2d, 0xfb, 0x62, 0x3d, 0xc2, 0xfc, 0x1c, 0x91, 0x57, 0xec, 0xc8, 0x8e, 0x30, 0x20, 0xd1, 0xa6, 0xbd}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x03, 0x95, 0xd2, 0x36, 0xf9, 0x70, 0xd0, 0x23, 0xfc, 0x79, 0x69, 0x07, 0x9c, 0xf1, 0x4f, 0x12, 0x4b, 0x3d, 0x76, 0x9d, 0xdd, 0xf7, 0x38, 0x83, 0x51, 0x1f, 0xda, 0x63, 0xe1, 0x46, 0xac, 0x3e}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xe4, 0x99, 0xee, 0xb2, 0xa1, 0x1b, 0xfd, 0x69, 0x95, 0xc4, 0x5e, 0x59, 0xaf, 0x66, 0xe1, 0x3e, 0x87, 0x14, 0xd9, 0xe9, 0xe6, 0x45, 0x95, 0x43, 0x82, 0x77, 0x45, 0xf1, 0x12, 0xa4, 0x70, 0xab}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb6, 0x41, 0x6f, 0x25, 0x2c, 0x98, 0x8b, 0xf2, 0x4d, 0x2a, 0x4c, 0x00, 0xd7, 0xc8, 0x01, 0x3c, 0x96, 0x53, 0xf3, 0x47, 0xcb, 0x89, 0x9f, 0x18, 0x16, 0x6c, 0x8f, 0x8e, 0x80, 0x46, 0x5d, 0x92}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x36, 0xeb, 0xfc, 0x2c, 0x4e, 0x84, 0xa5, 0x98, 0xff, 0xc3, 0x1a, 0xec, 0xe4, 0x8e, 0x22, 0x6d, 0xe0, 0x5e, 0x0d, 0x52, 0xc6, 0x1f, 0x4a, 0x45, 0x5c, 0xac, 0x77, 0xb0, 0x08, 0xbd, 0x40, 0x07}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xab, 0xb4, 0x6e, 0x19, 0x80, 0x6f, 0x5a, 0xa3, 0x64, 0x27, 0x6b, 0xc6, 0x2c, 0x75, 0x08, 0x5d, 0x2e, 0xdb, 0x21, 0xba, 0xcd, 0x4a, 0x30, 0xdc, 0x66, 0xd5, 0x93, 0x58, 0x24, 0xb7, 0x85, 0xb6}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xac, 0x23, 0x6c, 0x41, 0x8d, 0x4d, 0x02, 0x68, 0xe1, 0x08, 0x5b, 0x46, 0xf4, 0xd7, 0xa7, 0xfc, 0xb8, 0xda, 0x3a, 0x78, 0x2f, 0xe6, 0xa2, 0xdf, 0xc5, 0xf3, 0xbf, 0xfb, 0x70, 0x1a, 0x5c, 0x1d}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x7b, 0x16, 0xa4, 0x20, 0x06, 0x58, 0x5f, 0x44, 0xd3, 0x94, 0xe5, 0x56, 0xc5, 0xab, 0x31, 0x35, 0x3e, 0x4c, 0x8e, 0x1d, 0x40, 0x45, 0x7b, 0x05, 0xb6, 0xf4, 0xa6, 0x39, 0xc0, 0x3f, 0x53, 0xde}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x9c, 0x56, 0xa6, 0x86, 0x76, 0x02, 0x13, 0x2b, 0xbd, 0xd4, 0x84, 0xd8, 0x89, 0xa5, 0x58, 0x65, 0x0b, 0xc4, 0x9d, 0x14, 0x05, 0x32, 0x0a, 0xa1, 0x02, 0x3d, 0x91, 0x6e, 0xf2, 0x6b, 0xb9, 0xef}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xde, 0x68, 0xf8, 0xff, 0xbe, 0x2c, 0x18, 0x21, 0xed, 0x0b, 0x93, 0x2c, 0xb7, 0xb6, 0x74, 0xda, 0x52, 0x97, 0x37, 0x41, 0x22, 0xe6, 0xe3, 0xf2, 0xe0, 0x4e, 0x9c, 0x94, 0x60, 0xcf, 0xd8, 0x76}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x76, 0xc5, 0x22, 0x1e, 0xd9, 0x79, 0x35, 0xdc, 0xad, 0xa9, 0x78, 0x09, 0xa4, 0x55, 0x89, 0x6b, 0xd1, 0x81, 0xb1, 0x75, 0x41, 0xc6, 0x26, 0x4e, 0x88, 0xc0, 0x3e, 0xcb, 0x03, 0x02, 0x2a, 0x25}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xcb, 0xab, 0x69, 0x86, 0xc0, 0xfc, 0xc4, 0x96, 0x88, 0x95, 0x14, 0xf8, 0x3a, 0xd5, 0x5f, 0x8f, 0x49, 0x8f, 0xe8, 0xfb, 0xda, 0x39, 0x3b, 0x4d, 0xb4, 0xf4, 0xc7, 0xab, 0xd1, 0xc2, 0x54, 0x94}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x0b, 0xd3, 0xc9, 0xaa, 0x5e, 0x89, 0x5a, 0x09, 0x1f, 0x06, 0x9d, 0xdf, 0xde, 0x6a, 0x29, 0xc4, 0x7f, 0xad, 0xe9, 0x15, 0x57, 0x65, 0xed, 0x5e, 0x3b, 0x68, 0xcc, 0x64, 0xf0, 0xa2, 0x15, 0x9d}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x91, 0xae, 0xae, 0xcf, 0x1f, 0x6a, 0xa7, 0x33, 0xb4, 0x2c, 0x7c, 0x9e, 0x5f, 0xcc, 0x54, 0xb4, 0x55, 0x2f, 0x0e, 0xec, 0x22, 0x08, 0xf5, 0xdd, 0x37, 0x30, 0xae, 0x69, 0xc9, 0x6e, 0xb1, 0xbb}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x1f, 0x4f, 0x46, 0xdb, 0x17, 0xed, 0x0f, 0x0b, 0xcd, 0x0c, 0xdf, 0xfb, 0xb8, 0xdf, 0xce, 0xb6, 0x21, 0xf2, 0x83, 0x9f, 0x7d, 0x2e, 0x4f, 0xb7, 0x11, 0xfc, 0x3c, 0xc8, 0xd8, 0xfd, 0xa5, 0xfb}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x24, 0x3a, 0xa1, 0x4a, 0xa1, 0xbb, 0x08, 0x6e, 0x54, 0x8b, 0x11, 0x86, 0x03, 0x4c, 0x02, 0x8f, 0xd8, 0xb8, 0xc8, 0xe7, 0x93, 0xf1, 0x7c, 0x1b, 0x12, 0x60, 0x4a, 0x67, 0xda, 0x3f, 0x64, 0xbd}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xbb, 0x54, 0xa1, 0x51, 0x9b, 0xc5, 0x2e, 0xc9, 0x69, 0x54, 0x70, 0x04, 0x51, 0xa6, 0xd3, 0xdc, 0xd3, 0x19, 0x2b, 0xf1, 0xc8, 0x41, 0xe4, 0xa2, 0x74, 0x46, 0xc8, 0x4e, 0xba, 0x55, 0xf9, 0x6f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xf8, 0x3e, 0xd1, 0x1a, 0x5d, 0x7b, 0x17, 0xff, 0xed, 0x82, 0xd9, 0x4f, 0xec, 0x20, 0xd6, 0xa8, 0x88, 0xfe, 0xde, 0x66, 0x5c, 0x0d, 0xfd, 0xa8, 0x64, 0x65, 0x53, 0x14, 0x1d, 0xfc, 0xb6, 0x9d}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x81, 0x77, 0x77, 0x39, 0x0e, 0x6e, 0x23, 0xa6, 0x0e, 0xe7, 0x1f, 0xf4, 0x7e, 0xc5, 0xaa, 0x71, 0x89, 0xeb, 0x3a, 0xad, 0x95, 0xb6, 0xc6, 0x2d, 0x32, 0x3f, 0x50, 0x30, 0x79, 0x10, 0x84, 0x30}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xfe, 0x87, 0x47, 0x6a, 0xed, 0xc8, 0x87, 0x84, 0x51, 0x00, 0x66, 0x96, 0x7b, 0x3f, 0x03, 0x7b, 0x51, 0xa9, 0x52, 0x69, 0x9b, 0xe7, 0xed, 0xfe, 0xa4, 0xdf, 0x5f, 0x25, 0xed, 0xa1, 0xf0, 0x24}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x9c, 0xd2, 0xbf, 0x41, 0x9e, 0x48, 0x0e, 0xf0, 0x55, 0x89, 0x07, 0x88, 0xa3, 0x1b, 0x24, 0x6d, 0xc6, 0xde, 0xb0, 0xe6, 0x56, 0x20, 0x15, 0x44, 0x1e, 0x80, 0xac, 0xdf, 0x5c, 0x65, 0xd6, 0x2e}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x1a, 0x7d, 0x34, 0xf5, 0x77, 0xcb, 0xdc, 0x70, 0x50, 0x9c, 0xb0, 0xa8, 0x4f, 0x88, 0xb1, 0x64, 0x62, 0x9f, 0xcc, 0xb6, 0xc4, 0x94, 0xfb, 0xd3, 0xc7, 0x4c, 0x88, 0x5d, 0x9b, 0xce, 0x20, 0x88}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xff, 0x4b, 0x09, 0xb2, 0xb9, 0x93, 0x22, 0xdc, 0x8a, 0xbf, 0x5e, 0x64, 0xc7, 0x7c, 0x3e, 0xd1, 0xb3, 0xbc, 0xa8, 0x48, 0x9c, 0x1a, 0x4c, 0x6e, 0xc8, 0x27, 0xff, 0x86, 0x82, 0xf1, 0x22, 0x51}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xca, 0xc8, 0x55, 0x4d, 0x5a, 0xe0, 0x12, 0x51, 0xc8, 0xaa, 0x70, 0xf2, 0xd1, 0x74, 0x19, 0x79, 0x82, 0x01, 0x30, 0x75, 0xd7, 0x59, 0xdb, 0x65, 0x13, 0x73, 0x51, 0xc6, 0xc1, 0x14, 0x99, 0xf3}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x84, 0x4c, 0x74, 0x69, 0xca, 0xbd, 0xd1, 0xa7, 0x9f, 0x1e, 0x94, 0x60, 0xa5, 0x33, 0x64, 0x68, 0x42, 0x8a, 0xcf, 0xbd, 0x13, 0xf3, 0xe3, 0xc1, 0x67, 0xcf, 0x38, 0xfe, 0x8a, 0xb4, 0x8c, 0x8f}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xb1, 0x66, 0x9b, 0x69, 0x38, 0xe5, 0x9c, 0x73, 0xb1, 0x7c, 0x25, 0xca, 0x0b, 0x06, 0xa9, 0xf6, 0x0c, 0x25, 0x84, 0xad, 0x8e, 0xaf, 0xe3, 0xbb, 0xa9, 0xc1, 0x79, 0x3f, 0x44, 0x6a, 0xdf, 0xe2}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0xce, 0xc9, 0xb5, 0xde, 0x1f, 0xf7, 0x41, 0x80, 0x4d, 0x33, 0x9e, 0x56, 0xaf, 0x67, 0x6b, 0x7e, 0x49, 0x80, 0x8e, 0xd0, 0xe4, 0x42, 0x78, 0x94, 0x96, 0x8c, 0x2f, 0x16, 0xfa, 0xb7, 0x36, 0x5b}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x35, 0x20, 0xc9, 0xb1, 0x9b, 0xe4, 0xcc, 0x35, 0x42, 0xcb, 0x34, 0x4b, 0x40, 0xdc, 0x75, 0xd2, 0x5d, 0x83, 0x6c, 0x1c, 0x5d, 0xe0, 0x87, 0x58, 0x88, 0xb8, 0x28, 0x54, 0x47, 0x00, 0x0a, 0xde}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x44, 0xec, 0x5d, 0xc8, 0xb0, 0x61, 0xa0, 0xd1, 0x11, 0xab, 0x26, 0x1d, 0x77, 0x1a, 0xb2, 0xcd, 0xe5, 0x24, 0xa8, 0x09, 0x8b, 0xa0, 0x7e, 0xff, 0xd4, 0xd4, 0x42, 0xec, 0x59, 0x3b, 0x8a, 0x2a}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xe9, 0x1d, 0x35, 0x65, 0xeb, 0x5d, 0xb6, 0x5e, 0x76, 0x0d, 0x7e, 0x5e, 0x91, 0x39, 0xad, 0x80, 0x98, 0x6f, 0x39, 0xb7, 0x42, 0x7f, 0x03, 0x1d, 0xe1, 0xa5, 0xcd, 0xe5, 0x35, 0x52, 0xb4, 0x8f}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xca, 0xa7, 0x9a, 0x6c, 0x58, 0x2c, 0x9d, 0x72, 0x82, 0x73, 0x56, 0xee, 0x3b, 0xef, 0xae, 0x7e, 0x6c, 0x7e, 0x4c, 0x3d, 0x25, 0xd3, 0x67, 0x87, 0xdd, 0x19, 0x1b, 0xf0, 0x25, 0xf5, 0xee, 0x31}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf8, 0x50, 0x12, 0x5f, 0x26, 0xda, 0xfc, 0x19, 0xca, 0xfb, 0x0e, 0xff, 0x4c, 0xa9, 0x7b, 0x11, 0xec, 0xa4, 0x85, 0x3a, 0xee, 0xb3, 0x65, 0xbe, 0xd0, 0xbb, 0x33, 0xeb, 0xbb, 0xf1, 0xbc, 0x40}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x51, 0xd1, 0x60, 0xb2, 0x6e, 0x9a, 0xb9, 0xce, 0x9f, 0x62, 0x04, 0xf5, 0x42, 0x64, 0x76, 0xd0, 0x2b, 0x8d, 0x00, 0x8b, 0x0a, 0x1e, 0x28, 0x38, 0x87, 0x55, 0x75, 0x44, 0x90, 0xb2, 0xbc, 0x19}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xbe, 0x3e, 0x53, 0x2f, 0x8b, 0xb0, 0x23, 0x35, 0x30, 0xeb, 0x8b, 0xf3, 0x5f, 0x25, 0xa7, 0x10, 0xd4, 0xea, 0x6d, 0x4a, 0xaa, 0xd3, 0x7b, 0x25, 0xe0, 0x56, 0x8e, 0xc0, 0xbf, 0xb4, 0xbe, 0x5e}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x16, 0xc0, 0x65, 0x84, 0x5f, 0x7f, 0x81, 0x87, 0xb5, 0x4d, 0x52, 0x6a, 0x87, 0x34, 0xf0, 0xcb, 0xa8, 0x00, 0xea, 0x08, 0x0e, 0x7f, 0x96, 0xdd, 0x76, 0xe9, 0x60, 0x43, 0xf3, 0x01, 0x72, 0x96}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0xf0, 0x23, 0x76, 0x9e, 0x24, 0xae, 0x35, 0x4f, 0x93, 0x7c, 0x5c, 0xfe, 0xc4, 0x96, 0xe8, 0xa7, 0xf7, 0x1b, 0x85, 0x7a, 0xfc, 0x9c, 0xe5, 0x8d, 0x52, 0xf9, 0x47, 0x42, 0xcc, 0xa7, 0x72, 0x98}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x6f, 0x8b, 0x4d, 0x24, 0x0e, 0xe7, 0x13, 0x07, 0x27, 0xbf, 0xbe, 0xc4, 0x32, 0xa6, 0xad, 0xf8, 0x1c, 0x40, 0x7a, 0xa9, 0x9d, 0xf4, 0xfd, 0xfb, 0x8d, 0x6f, 0xf1, 0x83, 0x68, 0x0c, 0x4a, 0x0e}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x0d, 0x59, 0x65, 0x0f, 0x7c, 0x0c, 0xaf, 0xc4, 0xc3, 0x7e, 0xd7, 0xa0, 0xb8, 0x92, 0x7a, 0xb3, 0xda, 0xd1, 0xa6, 0xb2, 0x6f, 0x02, 0xfb, 0x45, 0xc8, 0x5e, 0x68, 0x13, 0x04, 0x39, 0x1d, 0x9c}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0xfb, 0x2c, 0x8a, 0xeb, 0x47, 0x64, 0x71, 0x0c, 0x48, 0xc7, 0x37, 0x2a, 0x18, 0x64, 0x51, 0x6e, 0xa4, 0x8a, 0xc6, 0x54, 0xd4, 0x6e, 0x82, 0x3c, 0xc9, 0x10, 0x6a, 0xe8, 0x92, 0xed, 0xfd, 0x00}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb8, 0x56, 0x10, 0x89, 0x91, 0x1b, 0x39, 0x21, 0x5b, 0xde, 0x77, 0x02, 0x78, 0x87, 0x94, 0xa4, 0x46, 0x59, 0x19, 0x8c, 0xe9, 0x3f, 0x9c, 0x26, 0x3c, 0x27, 0x63, 0x38, 0x8d, 0x37, 0x39, 0x7d}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x66, 0xb1, 0x28, 0x1c, 0x3a, 0x4e, 0x34, 0x3e, 0x57, 0xdd, 0xb1, 0x30, 0x6e, 0xac, 0x27, 0xbf, 0x26, 0x64, 0x0e, 0x9f, 0x40, 0x39, 0xce, 0xcc, 0x8b, 0xc2, 0x07, 0x81, 0xda, 0x5b, 0xe1, 0x49}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0xad, 0xe9, 0xee, 0x15, 0xc4, 0xdc, 0x47, 0x0f, 0x75, 0x4f, 0xdd, 0x24, 0xa0, 0x1d, 0x3e, 0x27, 0x7b, 0x57, 0xc0, 0x6d, 0x90, 0xcd, 0x05, 0xbe, 0x79, 0x3e, 0xe1, 0x1a, 0x22, 0xbe, 0x8d, 0x2b}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x6c, 0x28, 0xbd, 0xa4, 0x3d, 0x02, 0xad, 0x3d, 0xef, 0x02, 0x3f, 0x6e, 0xdb, 0x8d, 0xdf, 0xc8, 0xb2, 0x06, 0x23, 0xa0, 0xe5, 0x96, 0x5d, 0x50, 0xfc, 0xff, 0x29, 0xe2, 0x82, 0xbf, 0xcd, 0xc2}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x0a, 0x5a, 0x99, 0x07, 0x21, 0x16, 0xf6, 0xbb, 0xc6, 0x9d, 0x66, 0xfa, 0x09, 0x9a, 0x48, 0x58, 0x28, 0xd4, 0xd2, 0x99, 0x5e, 0x55, 0x60, 0x82, 0x73, 0x54, 0xc3, 0x46, 0xc3, 0x26, 0xb9, 0xf9}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index b2d7e9899..9142b6295 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240829155026-8555bd00a992" + defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240903162608-eab9aca26fca" ) From a4b29ebdb6e8c423762f2455a5c5533ed6b577cd Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Fri, 6 Sep 2024 08:13:50 +0200 Subject: [PATCH 240/380] image: update measurements and image version (#3338) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index db47d3291..95e2ca037 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x9c, 0x56, 0xa6, 0x86, 0x76, 0x02, 0x13, 0x2b, 0xbd, 0xd4, 0x84, 0xd8, 0x89, 0xa5, 0x58, 0x65, 0x0b, 0xc4, 0x9d, 0x14, 0x05, 0x32, 0x0a, 0xa1, 0x02, 0x3d, 0x91, 0x6e, 0xf2, 0x6b, 0xb9, 0xef}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xde, 0x68, 0xf8, 0xff, 0xbe, 0x2c, 0x18, 0x21, 0xed, 0x0b, 0x93, 0x2c, 0xb7, 0xb6, 0x74, 0xda, 0x52, 0x97, 0x37, 0x41, 0x22, 0xe6, 0xe3, 0xf2, 0xe0, 0x4e, 0x9c, 0x94, 0x60, 0xcf, 0xd8, 0x76}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x76, 0xc5, 0x22, 0x1e, 0xd9, 0x79, 0x35, 0xdc, 0xad, 0xa9, 0x78, 0x09, 0xa4, 0x55, 0x89, 0x6b, 0xd1, 0x81, 0xb1, 0x75, 0x41, 0xc6, 0x26, 0x4e, 0x88, 0xc0, 0x3e, 0xcb, 0x03, 0x02, 0x2a, 0x25}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xcb, 0xab, 0x69, 0x86, 0xc0, 0xfc, 0xc4, 0x96, 0x88, 0x95, 0x14, 0xf8, 0x3a, 0xd5, 0x5f, 0x8f, 0x49, 0x8f, 0xe8, 0xfb, 0xda, 0x39, 0x3b, 0x4d, 0xb4, 0xf4, 0xc7, 0xab, 0xd1, 0xc2, 0x54, 0x94}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x0b, 0xd3, 0xc9, 0xaa, 0x5e, 0x89, 0x5a, 0x09, 0x1f, 0x06, 0x9d, 0xdf, 0xde, 0x6a, 0x29, 0xc4, 0x7f, 0xad, 0xe9, 0x15, 0x57, 0x65, 0xed, 0x5e, 0x3b, 0x68, 0xcc, 0x64, 0xf0, 0xa2, 0x15, 0x9d}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x91, 0xae, 0xae, 0xcf, 0x1f, 0x6a, 0xa7, 0x33, 0xb4, 0x2c, 0x7c, 0x9e, 0x5f, 0xcc, 0x54, 0xb4, 0x55, 0x2f, 0x0e, 0xec, 0x22, 0x08, 0xf5, 0xdd, 0x37, 0x30, 0xae, 0x69, 0xc9, 0x6e, 0xb1, 0xbb}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x1f, 0x4f, 0x46, 0xdb, 0x17, 0xed, 0x0f, 0x0b, 0xcd, 0x0c, 0xdf, 0xfb, 0xb8, 0xdf, 0xce, 0xb6, 0x21, 0xf2, 0x83, 0x9f, 0x7d, 0x2e, 0x4f, 0xb7, 0x11, 0xfc, 0x3c, 0xc8, 0xd8, 0xfd, 0xa5, 0xfb}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x24, 0x3a, 0xa1, 0x4a, 0xa1, 0xbb, 0x08, 0x6e, 0x54, 0x8b, 0x11, 0x86, 0x03, 0x4c, 0x02, 0x8f, 0xd8, 0xb8, 0xc8, 0xe7, 0x93, 0xf1, 0x7c, 0x1b, 0x12, 0x60, 0x4a, 0x67, 0xda, 0x3f, 0x64, 0xbd}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xbb, 0x54, 0xa1, 0x51, 0x9b, 0xc5, 0x2e, 0xc9, 0x69, 0x54, 0x70, 0x04, 0x51, 0xa6, 0xd3, 0xdc, 0xd3, 0x19, 0x2b, 0xf1, 0xc8, 0x41, 0xe4, 0xa2, 0x74, 0x46, 0xc8, 0x4e, 0xba, 0x55, 0xf9, 0x6f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xf8, 0x3e, 0xd1, 0x1a, 0x5d, 0x7b, 0x17, 0xff, 0xed, 0x82, 0xd9, 0x4f, 0xec, 0x20, 0xd6, 0xa8, 0x88, 0xfe, 0xde, 0x66, 0x5c, 0x0d, 0xfd, 0xa8, 0x64, 0x65, 0x53, 0x14, 0x1d, 0xfc, 0xb6, 0x9d}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x81, 0x77, 0x77, 0x39, 0x0e, 0x6e, 0x23, 0xa6, 0x0e, 0xe7, 0x1f, 0xf4, 0x7e, 0xc5, 0xaa, 0x71, 0x89, 0xeb, 0x3a, 0xad, 0x95, 0xb6, 0xc6, 0x2d, 0x32, 0x3f, 0x50, 0x30, 0x79, 0x10, 0x84, 0x30}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xfe, 0x87, 0x47, 0x6a, 0xed, 0xc8, 0x87, 0x84, 0x51, 0x00, 0x66, 0x96, 0x7b, 0x3f, 0x03, 0x7b, 0x51, 0xa9, 0x52, 0x69, 0x9b, 0xe7, 0xed, 0xfe, 0xa4, 0xdf, 0x5f, 0x25, 0xed, 0xa1, 0xf0, 0x24}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x30, 0x7a, 0x94, 0xe1, 0x89, 0x45, 0x4d, 0x46, 0x15, 0x3a, 0x46, 0x91, 0xff, 0x8c, 0x98, 0xef, 0x00, 0x9c, 0x7b, 0xe4, 0x62, 0x5e, 0x84, 0xde, 0xc7, 0xef, 0xd9, 0x5e, 0x37, 0x46, 0x3a, 0xa0}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x0f, 0x4f, 0x5a, 0x19, 0x7b, 0xd9, 0x31, 0x7a, 0x0a, 0x91, 0x20, 0xbe, 0xc7, 0xb0, 0xcf, 0x3c, 0x5d, 0xea, 0xb8, 0xc2, 0x8c, 0xb3, 0xce, 0x12, 0xb9, 0xfe, 0x08, 0xcc, 0x05, 0xf4, 0x66, 0xd1}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xc3, 0x71, 0x7d, 0x5d, 0xbf, 0xde, 0x1a, 0xc1, 0x4e, 0x19, 0x66, 0xa2, 0x99, 0x14, 0x1f, 0x8c, 0xb9, 0x65, 0xb8, 0x00, 0xfd, 0x4b, 0x2b, 0x48, 0x1e, 0x79, 0x60, 0xd8, 0x8f, 0x56, 0xe2, 0x9d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x76, 0xdc, 0x23, 0x5d, 0x2b, 0xb9, 0xeb, 0xe5, 0xb0, 0x90, 0x03, 0xbb, 0x5e, 0x32, 0x28, 0xaa, 0xeb, 0xda, 0x89, 0x3d, 0x97, 0x08, 0x9a, 0xcf, 0x6f, 0xcb, 0xb6, 0x58, 0x15, 0x32, 0xc9, 0xeb}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xf9, 0xbe, 0x4e, 0x39, 0x53, 0xf8, 0xb2, 0x1c, 0xee, 0x6f, 0x9b, 0x70, 0xef, 0xf4, 0x14, 0x6c, 0xef, 0xb3, 0x55, 0x6c, 0x4a, 0xb7, 0xbb, 0x75, 0x60, 0x4d, 0xdd, 0x00, 0x88, 0x3c, 0x37, 0x34}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa5, 0x4f, 0x6f, 0x78, 0x3c, 0x68, 0x15, 0x0c, 0x02, 0xe0, 0x48, 0xa5, 0x73, 0x9b, 0xc5, 0xe6, 0xa3, 0x27, 0x1c, 0x91, 0xb9, 0xd5, 0x29, 0x84, 0x75, 0x33, 0x54, 0x3f, 0x2a, 0x9b, 0x6e, 0x7c}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xaa, 0x0f, 0x8f, 0x6a, 0x2f, 0x9a, 0x81, 0x86, 0x0a, 0x3f, 0x90, 0xe7, 0x90, 0x71, 0x07, 0xe1, 0x59, 0x25, 0x22, 0x93, 0xea, 0x79, 0x5b, 0xf8, 0xb8, 0x2b, 0xfb, 0xb8, 0x2b, 0x49, 0x1b, 0x43}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xab, 0xc5, 0x12, 0x44, 0x18, 0x43, 0x74, 0x13, 0x03, 0x26, 0xbf, 0xae, 0xd0, 0x4a, 0x03, 0x92, 0x56, 0x24, 0xd1, 0xf5, 0x7a, 0xcc, 0xae, 0x24, 0x0a, 0xa3, 0x31, 0x6f, 0xaf, 0xdf, 0xbd, 0xb4}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x87, 0x0b, 0x7b, 0xda, 0x69, 0x74, 0x37, 0xa8, 0x89, 0xd5, 0x60, 0xdf, 0x4c, 0x53, 0x40, 0x51, 0x26, 0xe7, 0xfd, 0x8a, 0xdf, 0xf2, 0x12, 0xa4, 0xb9, 0x49, 0xe2, 0x68, 0xbb, 0x0b, 0xc1, 0x49}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x7c, 0x25, 0x56, 0xb7, 0x80, 0x77, 0x26, 0xd6, 0xb3, 0x81, 0x14, 0xa1, 0x74, 0xcf, 0xa8, 0xcd, 0xbb, 0x23, 0x34, 0x4f, 0x81, 0x8b, 0x16, 0xf1, 0xa8, 0xf8, 0x5d, 0x31, 0x57, 0x0b, 0x41, 0x1a}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb0, 0xa7, 0x51, 0xc3, 0xd5, 0x78, 0x49, 0x0a, 0x83, 0xe0, 0x0e, 0x04, 0xbb, 0x2c, 0x4e, 0x6b, 0xce, 0x82, 0xe0, 0x46, 0x6b, 0xb2, 0xfd, 0x1e, 0x5d, 0x17, 0xb3, 0x58, 0x34, 0xab, 0x13, 0x4a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x35, 0xa3, 0x65, 0x5f, 0x4a, 0xd1, 0xad, 0x98, 0xc4, 0x0a, 0x13, 0x73, 0x29, 0x66, 0x98, 0x3a, 0x68, 0xe5, 0x55, 0x20, 0x35, 0x67, 0x32, 0x78, 0x2b, 0xda, 0x5a, 0xfe, 0xd4, 0x95, 0xbc, 0x85}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xe9, 0x1d, 0x35, 0x65, 0xeb, 0x5d, 0xb6, 0x5e, 0x76, 0x0d, 0x7e, 0x5e, 0x91, 0x39, 0xad, 0x80, 0x98, 0x6f, 0x39, 0xb7, 0x42, 0x7f, 0x03, 0x1d, 0xe1, 0xa5, 0xcd, 0xe5, 0x35, 0x52, 0xb4, 0x8f}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xca, 0xa7, 0x9a, 0x6c, 0x58, 0x2c, 0x9d, 0x72, 0x82, 0x73, 0x56, 0xee, 0x3b, 0xef, 0xae, 0x7e, 0x6c, 0x7e, 0x4c, 0x3d, 0x25, 0xd3, 0x67, 0x87, 0xdd, 0x19, 0x1b, 0xf0, 0x25, 0xf5, 0xee, 0x31}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf8, 0x50, 0x12, 0x5f, 0x26, 0xda, 0xfc, 0x19, 0xca, 0xfb, 0x0e, 0xff, 0x4c, 0xa9, 0x7b, 0x11, 0xec, 0xa4, 0x85, 0x3a, 0xee, 0xb3, 0x65, 0xbe, 0xd0, 0xbb, 0x33, 0xeb, 0xbb, 0xf1, 0xbc, 0x40}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x51, 0xd1, 0x60, 0xb2, 0x6e, 0x9a, 0xb9, 0xce, 0x9f, 0x62, 0x04, 0xf5, 0x42, 0x64, 0x76, 0xd0, 0x2b, 0x8d, 0x00, 0x8b, 0x0a, 0x1e, 0x28, 0x38, 0x87, 0x55, 0x75, 0x44, 0x90, 0xb2, 0xbc, 0x19}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xbe, 0x3e, 0x53, 0x2f, 0x8b, 0xb0, 0x23, 0x35, 0x30, 0xeb, 0x8b, 0xf3, 0x5f, 0x25, 0xa7, 0x10, 0xd4, 0xea, 0x6d, 0x4a, 0xaa, 0xd3, 0x7b, 0x25, 0xe0, 0x56, 0x8e, 0xc0, 0xbf, 0xb4, 0xbe, 0x5e}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x16, 0xc0, 0x65, 0x84, 0x5f, 0x7f, 0x81, 0x87, 0xb5, 0x4d, 0x52, 0x6a, 0x87, 0x34, 0xf0, 0xcb, 0xa8, 0x00, 0xea, 0x08, 0x0e, 0x7f, 0x96, 0xdd, 0x76, 0xe9, 0x60, 0x43, 0xf3, 0x01, 0x72, 0x96}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0xf0, 0x23, 0x76, 0x9e, 0x24, 0xae, 0x35, 0x4f, 0x93, 0x7c, 0x5c, 0xfe, 0xc4, 0x96, 0xe8, 0xa7, 0xf7, 0x1b, 0x85, 0x7a, 0xfc, 0x9c, 0xe5, 0x8d, 0x52, 0xf9, 0x47, 0x42, 0xcc, 0xa7, 0x72, 0x98}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x6f, 0x8b, 0x4d, 0x24, 0x0e, 0xe7, 0x13, 0x07, 0x27, 0xbf, 0xbe, 0xc4, 0x32, 0xa6, 0xad, 0xf8, 0x1c, 0x40, 0x7a, 0xa9, 0x9d, 0xf4, 0xfd, 0xfb, 0x8d, 0x6f, 0xf1, 0x83, 0x68, 0x0c, 0x4a, 0x0e}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x0d, 0x59, 0x65, 0x0f, 0x7c, 0x0c, 0xaf, 0xc4, 0xc3, 0x7e, 0xd7, 0xa0, 0xb8, 0x92, 0x7a, 0xb3, 0xda, 0xd1, 0xa6, 0xb2, 0x6f, 0x02, 0xfb, 0x45, 0xc8, 0x5e, 0x68, 0x13, 0x04, 0x39, 0x1d, 0x9c}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x3e, 0xba, 0x05, 0x7f, 0x84, 0x62, 0x0b, 0x4f, 0xfd, 0xe7, 0xe0, 0xed, 0x5b, 0xa9, 0x5b, 0xf7, 0x22, 0xe3, 0x93, 0x72, 0xea, 0x98, 0x25, 0xc2, 0x9b, 0x95, 0x68, 0x40, 0x38, 0xa8, 0x10, 0xe9}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xae, 0x56, 0x1c, 0xf2, 0x8b, 0xca, 0xdf, 0x0a, 0xd4, 0x45, 0xf0, 0xe4, 0xed, 0x17, 0xd9, 0x19, 0xbb, 0xe7, 0x08, 0xbd, 0x21, 0xfc, 0x1f, 0xeb, 0x49, 0x58, 0xec, 0x7b, 0x47, 0x80, 0xd0, 0xe1}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe3, 0x7c, 0x49, 0x2d, 0x99, 0xeb, 0x88, 0x53, 0x44, 0x04, 0x26, 0xc5, 0xd5, 0x04, 0x04, 0x77, 0x71, 0xe3, 0x46, 0xd8, 0xcc, 0x11, 0xba, 0xee, 0x72, 0x35, 0x07, 0xc9, 0x3a, 0x78, 0x8f, 0x61}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x4d, 0x28, 0xe1, 0x4f, 0x7c, 0xa3, 0xed, 0xae, 0x05, 0xcd, 0x79, 0xe9, 0x20, 0x21, 0x01, 0x90, 0xd7, 0x77, 0x53, 0x77, 0xf1, 0x47, 0x26, 0xdb, 0x1a, 0x42, 0x04, 0xfc, 0x8e, 0x69, 0x8c, 0xfb}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x4a, 0xe6, 0x7a, 0xb6, 0xd8, 0xe6, 0xa1, 0xb1, 0xec, 0x9f, 0xd0, 0x1d, 0x36, 0x0f, 0xca, 0xd5, 0xcd, 0x22, 0xb5, 0xee, 0xa0, 0x8f, 0xfb, 0x1d, 0x90, 0xbb, 0x59, 0xf7, 0x6e, 0xe8, 0x68, 0x70}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x30, 0xd4, 0x4b, 0x4a, 0xe1, 0xb8, 0x50, 0xf8, 0x2c, 0xd1, 0x13, 0x97, 0x3f, 0x7d, 0x61, 0xba, 0x1f, 0xb5, 0x77, 0x6f, 0x1e, 0x83, 0x74, 0xa5, 0x76, 0x63, 0x06, 0xbf, 0x57, 0xaf, 0x41, 0xd8}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0xa7, 0xc2, 0x0e, 0x68, 0x6c, 0x93, 0xe5, 0x86, 0xbb, 0xd7, 0x86, 0xc5, 0x66, 0x47, 0xea, 0xae, 0xbe, 0x59, 0xd1, 0xfe, 0x32, 0x34, 0xc7, 0xd4, 0xf1, 0xef, 0x1e, 0x4d, 0x3d, 0x5e, 0xeb, 0xf6}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x95, 0xbe, 0x6f, 0xc3, 0xe9, 0x10, 0xb8, 0xea, 0x95, 0x09, 0x14, 0x72, 0x95, 0xef, 0xdb, 0x1b, 0xc3, 0xb2, 0xdd, 0x0e, 0xa5, 0xf4, 0xf4, 0xbd, 0x4f, 0x4d, 0x04, 0x3d, 0xad, 0xb2, 0x3a, 0x07}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x89, 0x2a, 0xc1, 0xb2, 0xe0, 0x12, 0xe0, 0xe7, 0xd3, 0x5a, 0x14, 0xfd, 0xec, 0x38, 0x57, 0x05, 0xd6, 0x2f, 0x53, 0x0f, 0xd3, 0x51, 0x06, 0xf2, 0x5f, 0x79, 0xdb, 0xcd, 0xce, 0x2a, 0xe2, 0x33}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0xad, 0xe9, 0xee, 0x15, 0xc4, 0xdc, 0x47, 0x0f, 0x75, 0x4f, 0xdd, 0x24, 0xa0, 0x1d, 0x3e, 0x27, 0x7b, 0x57, 0xc0, 0x6d, 0x90, 0xcd, 0x05, 0xbe, 0x79, 0x3e, 0xe1, 0x1a, 0x22, 0xbe, 0x8d, 0x2b}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x6c, 0x28, 0xbd, 0xa4, 0x3d, 0x02, 0xad, 0x3d, 0xef, 0x02, 0x3f, 0x6e, 0xdb, 0x8d, 0xdf, 0xc8, 0xb2, 0x06, 0x23, 0xa0, 0xe5, 0x96, 0x5d, 0x50, 0xfc, 0xff, 0x29, 0xe2, 0x82, 0xbf, 0xcd, 0xc2}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x0a, 0x5a, 0x99, 0x07, 0x21, 0x16, 0xf6, 0xbb, 0xc6, 0x9d, 0x66, 0xfa, 0x09, 0x9a, 0x48, 0x58, 0x28, 0xd4, 0xd2, 0x99, 0x5e, 0x55, 0x60, 0x82, 0x73, 0x54, 0xc3, 0x46, 0xc3, 0x26, 0xb9, 0xf9}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0xc0, 0x21, 0xed, 0x56, 0x8e, 0x91, 0xdb, 0x68, 0xd9, 0x7f, 0xa2, 0x7f, 0xb7, 0x40, 0xcb, 0xc6, 0x83, 0x74, 0xe6, 0x6a, 0xba, 0x28, 0x97, 0x0c, 0xea, 0xa4, 0x73, 0x21, 0x58, 0xc4, 0xc3, 0xfd}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xa3, 0xa1, 0x57, 0x91, 0xad, 0xc3, 0x20, 0x36, 0x11, 0xcf, 0xfd, 0x34, 0x01, 0xee, 0x86, 0x41, 0x80, 0xd3, 0x48, 0xdd, 0x92, 0x44, 0xd5, 0xa8, 0x66, 0xd0, 0xdb, 0x58, 0x46, 0x37, 0xda, 0xde}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x2e, 0xa7, 0x04, 0x85, 0xf2, 0x17, 0xda, 0x60, 0x9c, 0xd8, 0xdd, 0xbc, 0x66, 0xc0, 0x40, 0x4d, 0x28, 0xcf, 0x24, 0xc4, 0xcf, 0x55, 0xbe, 0xbd, 0x37, 0xdd, 0x7c, 0x26, 0xee, 0x38, 0x08, 0x00}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index 9142b6295..47597e758 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240903162608-eab9aca26fca" + defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240904083651-a3bd2e029ce9" ) From 5720fcc330d7dc6f225a5dcf6f204168c1883d71 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 9 Sep 2024 08:35:43 +0200 Subject: [PATCH 241/380] deps: update ubuntu:22.04 Docker digest to adbb901 (#3321) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- 3rdparty/gcp-guest-agent/Dockerfile | 2 +- docs/screencasts/docker/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/3rdparty/gcp-guest-agent/Dockerfile b/3rdparty/gcp-guest-agent/Dockerfile index 97f0e1486..0c7fc4bf0 100644 --- a/3rdparty/gcp-guest-agent/Dockerfile +++ b/3rdparty/gcp-guest-agent/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:22.04@sha256:340d9b015b194dc6e2a13938944e0d016e57b9679963fdeb9ce021daac430221 as build +FROM ubuntu:22.04@sha256:adbb90115a21969d2fe6fa7f9af4253e16d45f8d4c1e930182610c4731962658 as build # Install packages RUN apt-get update && apt-get install -y \ diff --git a/docs/screencasts/docker/Dockerfile b/docs/screencasts/docker/Dockerfile index 71063ea40..97d23cce6 100644 --- a/docs/screencasts/docker/Dockerfile +++ b/docs/screencasts/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:22.04@sha256:340d9b015b194dc6e2a13938944e0d016e57b9679963fdeb9ce021daac430221 +FROM ubuntu:22.04@sha256:adbb90115a21969d2fe6fa7f9af4253e16d45f8d4c1e930182610c4731962658 # Install requirements RUN apt-get update && apt-get install -y software-properties-common &&\ From f7c2392be2ec56ce06a2535753cbd539102dae44 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Mon, 9 Sep 2024 11:18:51 +0200 Subject: [PATCH 242/380] image: update mkosi to 24.3 (#3342) * flake: format * image: update mkosi to 24.3 This updates mkosi to a next-version of v24.3, which is now available in nixpkgs. This removes the non-hermetic `uidmap` dependency, which is a great advantage. It will also be less of an effort to upgrade to v25 going forward. Changes required are keeping `/var/cache` around (which is reproducible for our images, so no problem), as mkosi needs files from it in the build process. mkosi now additionally requires an explicit option to fetch the signing keys for the package repositories from the internet. A hack was required to satisfy the Bazel package, which should probably be solved properly at some point. --- flake.lock | 12 ++-- flake.nix | 140 ++++++++++++++++++++++---------------- image/base/mkosi.conf | 1 + image/base/mkosi.postinst | 16 +++++ image/initrd/mkosi.conf | 1 + image/system/mkosi.conf | 1 + 6 files changed, 106 insertions(+), 65 deletions(-) diff --git a/flake.lock b/flake.lock index e66669ccb..a633bfa33 100644 --- a/flake.lock +++ b/flake.lock @@ -36,11 +36,11 @@ }, "nixpkgsUnstable": { "locked": { - "lastModified": 1717399147, - "narHash": "sha256-eCWaE/q1VItpFAxxLVt171MdtDcjEnwi6QB/yuF73JU=", + "lastModified": 1725816686, + "narHash": "sha256-0Kq2MkQ/sQX1rhWJ/ySBBQlBJBUK8mPMDcuDhhdBkSU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4a4ecb0ab415c9fccfb005567a215e6a9564cdf5", + "rev": "add0443ee587a0c44f22793b8c8649a0dbc3bb00", "type": "github" }, "original": { @@ -83,11 +83,11 @@ ] }, "locked": { - "lastModified": 1715947971, - "narHash": "sha256-1YpxN5R3lEQnOUg94B2B/Ah2WDABUQTZ6kpyQMPt/xI=", + "lastModified": 1725522308, + "narHash": "sha256-AtsFZ92WkVkH8fd0Xa0D6/PR84/dtOH6gpM4mtn32Hk=", "owner": "edgelesssys", "repo": "uplosi", - "rev": "73b6208ac21603bb69e8079fa8be821e590de286", + "rev": "c8a482de299b5442f558d7381f0cbf898e0de0e1", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 657d09f28..ddd1521c7 100644 --- a/flake.nix +++ b/flake.nix @@ -21,76 +21,98 @@ }; outputs = - { self - , nixpkgsUnstable - , nixpkgsBazel - , flake-utils - , uplosi - }: - flake-utils.lib.eachDefaultSystem (system: - let - pkgsUnstable = import nixpkgsUnstable { inherit system; }; - - bazelPkgsUnstable = import nixpkgsBazel { inherit system; }; - - callPackage = pkgsUnstable.callPackage; - - mkosiDev = (pkgsUnstable.mkosi.overrideAttrs (oldAttrs: rec { - propagatedBuildInputs = oldAttrs.propagatedBuildInputs ++ (with pkgsUnstable; [ - # package management - dnf5 - rpm - createrepo_c - - # filesystem tools - squashfsTools # mksquashfs - dosfstools # mkfs.vfat - mtools # mcopy - cryptsetup # dm-verity - util-linux # flock - kmod # depmod - cpio # cpio - zstd # zstd - xz # xz - - # utils - gnused # sed - gnugrep # grep - ]); - })); - - uplosiDev = uplosi.outputs.packages."${system}".uplosi; - - openssl-static = pkgsUnstable.openssl.override { static = true; }; - - bazel_7 = bazelPkgsUnstable.callPackage ./nix/packages/bazel.nix { pkgs = bazelPkgsUnstable; nixpkgs = nixpkgsBazel; }; - - in { - packages.mkosi = mkosiDev; + self, + nixpkgsUnstable, + nixpkgsBazel, + flake-utils, + uplosi, + }: + flake-utils.lib.eachDefaultSystem ( + system: + let + pkgsUnstable = import nixpkgsUnstable { inherit system; }; - packages.uplosi = uplosiDev; + bazelPkgsUnstable = import nixpkgsBazel { inherit system; }; - packages.openssl = callPackage ./nix/cc/openssl.nix { pkgs = pkgsUnstable; }; + callPackage = pkgsUnstable.callPackage; - packages.cryptsetup = callPackage ./nix/cc/cryptsetup.nix { pkgs = pkgsUnstable; pkgsLinux = import nixpkgsUnstable { system = "x86_64-linux"; }; }; + mkosiDev = ( + pkgsUnstable.mkosi.overrideAttrs (oldAttrs: rec { + propagatedBuildInputs = + oldAttrs.propagatedBuildInputs + ++ (with pkgsUnstable; [ + # package management + dnf5 + rpm + createrepo_c - packages.libvirt = callPackage ./nix/cc/libvirt.nix { pkgs = pkgsUnstable; pkgsLinux = import nixpkgsUnstable { system = "x86_64-linux"; }; }; + # filesystem tools + squashfsTools # mksquashfs + dosfstools # mkfs.vfat + mtools # mcopy + cryptsetup # dm-verity + util-linux # flock + kmod # depmod + cpio # cpio + zstd # zstd + xz # xz - packages.libvirtd_base = callPackage ./nix/container/libvirtd_base.nix { pkgs = pkgsUnstable; pkgsLinux = import nixpkgsUnstable { system = "x86_64-linux"; }; }; + # utils + gnused # sed + gnugrep # grep + ]); + }) + ); - packages.vpn = callPackage ./nix/container/vpn/vpn.nix { pkgs = pkgsUnstable; pkgsLinux = import nixpkgsUnstable { system = "x86_64-linux"; }; }; + uplosiDev = uplosi.outputs.packages."${system}".uplosi; - packages.awscli2 = pkgsUnstable.awscli2; + openssl-static = pkgsUnstable.openssl.override { static = true; }; - packages.bazel_7 = bazel_7; + bazel_7 = bazelPkgsUnstable.callPackage ./nix/packages/bazel.nix { + pkgs = bazelPkgsUnstable; + nixpkgs = nixpkgsBazel; + }; - packages.createrepo_c = pkgsUnstable.createrepo_c; + in + { + packages.mkosi = mkosiDev; - packages.dnf5 = pkgsUnstable.dnf5; + packages.uplosi = uplosiDev; - devShells.default = callPackage ./nix/shells/default.nix { inherit bazel_7; }; + packages.openssl = callPackage ./nix/cc/openssl.nix { pkgs = pkgsUnstable; }; - formatter = nixpkgsUnstable.legacyPackages.${system}.nixpkgs-fmt; - }); + packages.cryptsetup = callPackage ./nix/cc/cryptsetup.nix { + pkgs = pkgsUnstable; + pkgsLinux = import nixpkgsUnstable { system = "x86_64-linux"; }; + }; + + packages.libvirt = callPackage ./nix/cc/libvirt.nix { + pkgs = pkgsUnstable; + pkgsLinux = import nixpkgsUnstable { system = "x86_64-linux"; }; + }; + + packages.libvirtd_base = callPackage ./nix/container/libvirtd_base.nix { + pkgs = pkgsUnstable; + pkgsLinux = import nixpkgsUnstable { system = "x86_64-linux"; }; + }; + + packages.vpn = callPackage ./nix/container/vpn/vpn.nix { + pkgs = pkgsUnstable; + pkgsLinux = import nixpkgsUnstable { system = "x86_64-linux"; }; + }; + + packages.awscli2 = pkgsUnstable.awscli2; + + packages.bazel_7 = bazel_7; + + packages.createrepo_c = pkgsUnstable.createrepo_c; + + packages.dnf5 = pkgsUnstable.dnf5; + + devShells.default = callPackage ./nix/shells/default.nix { inherit bazel_7; }; + + formatter = nixpkgsUnstable.legacyPackages.${system}.nixpkgs-fmt; + } + ); } diff --git a/image/base/mkosi.conf b/image/base/mkosi.conf index dad6a0e9f..5deab82c8 100644 --- a/image/base/mkosi.conf +++ b/image/base/mkosi.conf @@ -1,6 +1,7 @@ [Distribution] Distribution=fedora Release=40 +RepositoryKeyFetch=yes [Output] Format=tar diff --git a/image/base/mkosi.postinst b/image/base/mkosi.postinst index 62b680654..728e5ad17 100755 --- a/image/base/mkosi.postinst +++ b/image/base/mkosi.postinst @@ -15,3 +15,19 @@ cp "${BUILDROOT}/usr/share/constellation/packagemanifest" "${OUTPUTDIR}/" # copy rpmdb to outputs cp "${BUILDROOT}"/var/lib/rpm/{rpmdb.sqlite-wal,rpmdb.sqlite-shm,rpmdb.sqlite,.rpm.lock} "${OUTPUTDIR}/" + +# FIXME(msanft): +# Hack to satisfy Bazel's [output expectations](./BUILD.bazel). +# 2 Bazel packages can't share the same output paths, as it seems, and the +# files being copied around here aren't large, so copying them around doesn't +# hurt. +cp "${OUTPUTDIR}/packagemanifest" "${OUTPUTDIR}/lts-packagemanifest" +cp "${OUTPUTDIR}/.rpm.lock" "${OUTPUTDIR}/lts-.rpm.lock" +cp "${OUTPUTDIR}/rpmdb.sqlite" "${OUTPUTDIR}/lts-rpmdb.sqlite" +cp "${OUTPUTDIR}/rpmdb.sqlite-shm" "${OUTPUTDIR}/lts-rpmdb.sqlite-shm" +cp "${OUTPUTDIR}/rpmdb.sqlite-wal" "${OUTPUTDIR}/lts-rpmdb.sqlite-wal" +cp "${OUTPUTDIR}/packagemanifest" "${OUTPUTDIR}/mainline-packagemanifest" +cp "${OUTPUTDIR}/.rpm.lock" "${OUTPUTDIR}/mainline-.rpm.lock" +cp "${OUTPUTDIR}/rpmdb.sqlite" "${OUTPUTDIR}/mainline-rpmdb.sqlite" +cp "${OUTPUTDIR}/rpmdb.sqlite-shm" "${OUTPUTDIR}/mainline-rpmdb.sqlite-shm" +cp "${OUTPUTDIR}/rpmdb.sqlite-wal" "${OUTPUTDIR}/mainline-rpmdb.sqlite-wal" diff --git a/image/initrd/mkosi.conf b/image/initrd/mkosi.conf index 18dc92361..bceb53c8a 100644 --- a/image/initrd/mkosi.conf +++ b/image/initrd/mkosi.conf @@ -1,6 +1,7 @@ [Distribution] Distribution=fedora Release=40 +RepositoryKeyFetch=yes [Output] Format=cpio diff --git a/image/system/mkosi.conf b/image/system/mkosi.conf index fc956f06e..d97bbc1bb 100644 --- a/image/system/mkosi.conf +++ b/image/system/mkosi.conf @@ -1,6 +1,7 @@ [Distribution] Distribution=fedora Release=40 +RepositoryKeyFetch=yes [Output] Format=disk From 0aeda78089905d87dccbfa5e2c2ef0a02725df3f Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Mon, 9 Sep 2024 11:19:05 +0200 Subject: [PATCH 243/380] image: update locked rpms (#3341) Co-authored-by: edgelessci --- image/mirror/SHA256SUMS | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/image/mirror/SHA256SUMS b/image/mirror/SHA256SUMS index a2db3a2c2..386ad7cde 100644 --- a/image/mirror/SHA256SUMS +++ b/image/mirror/SHA256SUMS @@ -30,9 +30,9 @@ e4407cbfeb01494457e941a56971ec3aefbd35206792918d60fc9417acacd1a8 criu-3.19-4.fc 4e913c3232f3d304820e6e1746911d5d4c981407673edbd3426118a2fd2dd977 crun-1.15-1.fc40.x86_64.rpm 2469a287d9fe6ea5f4aa0686fa5f223c14505218743230afbd322fdd90b1d396 crypto-policies-20240725-1.git28d3e2d.fc40.noarch.rpm 8271834b39fd9a7efef95f9bf40337cc636d55a9c4b56ee2500811b318794ae3 crypto-policies-scripts-20240725-1.git28d3e2d.fc40.noarch.rpm -f7af23a6e1efe4e5fdb0ba0cda9e4a1b6767c7d8ccbcf17ed0fb6ad973339b8c cryptsetup-2.7.4-1.fc40.x86_64.rpm -a719620c685806aa0cbe58d5ce5f761f52325cce25d7720fd32c92afdd14537f cryptsetup-libs-2.7.4-1.fc40.i686.rpm -17598a1d8dfcd8f1a8f09d044096cd2e488c79fec1047f17c4ba50b1fc520f9f cryptsetup-libs-2.7.4-1.fc40.x86_64.rpm +26aadc06a9f98c58ca6250d811e749ee5fa76059b37445ec28b50ee73d548174 cryptsetup-2.7.5-1.fc40.x86_64.rpm +765d5162ad7b1eef16a3d3e4285743a3a358552112e7946dcd974e355dc9fa28 cryptsetup-libs-2.7.5-1.fc40.i686.rpm +6559b4d59d898317972e8d728253ba4315578c15fe23553958d6fb8033698794 cryptsetup-libs-2.7.5-1.fc40.x86_64.rpm 20b0f2923feae4c2f1d339e959d3f03d81f8ca985faa05872377b827d6f30467 curl-8.6.0-10.fc40.x86_64.rpm 0dff67dfeca59cb68cadafe8d9909b88dfaa2fc0a9a4426352f66a5fe351fbe3 cyrus-sasl-lib-2.1.28-19.fc40.x86_64.rpm 19197df26f76af5e78bd1e3ad2f777bea071eef6dfec1219f6b8ee3c80e10193 dbus-1.14.10-3.fc40.x86_64.rpm @@ -158,8 +158,9 @@ ee6aa81323dedfdda0f6f845ea0ee8e03cf67569fb1c71335e7ded797efc97db libgcc-14.2.1- 8d0a9840e06e72ccf756fa5a79c49f572dc827b0c75ea5a1f923235150d27ae2 libgpg-error-1.49-1.fc40.x86_64.rpm 677a67726c759c94faa94475185e46d028f171c9215390ac601ccd914188afb2 libidn2-2.3.7-1.fc40.i686.rpm 2fd2038b4a94eeede34e46ed0e035e619f77d0e412c70cf4e9bb836957e8f31b libidn2-2.3.7-1.fc40.x86_64.rpm -e6dd9a7c8c5e03f30363a1bd3abe97a33fed294c695a9d1029587635bdb9b04e libkcapi-1.4.0-10.fc40.x86_64.rpm -8692d0bfe4c5ed1fa4594dae4d020815217ed1999676cedbef58e6c9549d681d libkcapi-hmaccalc-1.4.0-10.fc40.x86_64.rpm +98b0d9d25bd93c7061ce50480e214944a02d7de725e1d31f4461604380ffb74a libkcapi-1.5.0-4.fc40.x86_64.rpm +84977f5f157172dc7642a3f6602692bb6323b4b106c69f7081882e6c6a81a346 libkcapi-hasher-1.5.0-4.fc40.x86_64.rpm +906bb224af7b2e1ea64c258c6978a610b899b0af5be572ce1c09e36ec58b8a79 libkcapi-hmaccalc-1.5.0-4.fc40.x86_64.rpm a77eed0fe1b84c11f9175f4642db058753d4eaa1f88e999f01df72e1d10a3826 libksba-1.6.6-1.fc40.x86_64.rpm d5d9c95e38aeb8c852cda4516057d86a5fec2485cb3413067d625059a4d97b30 libmd-1.1.0-4.fc40.x86_64.rpm 7b307e95fb7584889d35108de86ebfa34d0aea6eabb5a68d574647f83f25ed77 libmnl-1.0.5-5.fc40.x86_64.rpm @@ -234,7 +235,7 @@ b404c27af03bb1e43fb0dc472d5a1fa152e0563fa2e4eefa29199c47578a829b nano-default-e 8a93376ce7423bd1a649a13f4b5105f270b4603f5cf3b3e230bdbda7f25dd788 ncurses-base-6.4-12.20240127.fc40.noarch.rpm 39bba59320e6276a3b7b07bc94d319511bdd7d32ba098fd49723f4d542794d41 ncurses-libs-6.4-12.20240127.fc40.i686.rpm a18edf32e89aefd453998d5d0ec3aa1ea193dac43f80b99db195abd7e8cf1a04 ncurses-libs-6.4-12.20240127.fc40.x86_64.rpm -5dc7d6c8b55514beabfcd1cb23a682ed7f4ec413c48b2093918fca569c694ccc netavark-1.12.1-1.fc40.x86_64.rpm +f1e77a65e098b105ce6a47e386de84937217ed72a0c47f2568ae11da0ea7d75d netavark-1.12.2-1.fc40.x86_64.rpm 16172412cfd45453292e18f84fc57e42a3ce92aca72b47ef7e15b44554049cfe nettle-3.9.1-6.fc40.x86_64.rpm 188ce5004e6ed764b4a619b64a4a0f36f1cc4fa919fe0a300599ff1171844144 nftables-1.0.9-3.fc40.x86_64.rpm 784e0fbc9ccb7087c10f4c41edbed13904f94244ff658f308614abe48cdf0d42 npth-1.7-1.fc40.x86_64.rpm @@ -271,9 +272,9 @@ af85755cda79959a19161ebc26a45e507003298bd97b472b9ab0d512afa5e46a protobuf-c-1.5 45ff2e9814aa059f323b23710c73309d41d36306667a3004f5fbb86b0cab4484 psmisc-23.6-6.fc40.x86_64.rpm cca50802d4f75306bc37126feb92db79fed44dcdabf76c1556853334995b9d3b publicsuffix-list-dafsa-20240107-3.fc40.noarch.rpm 1cfc81c8761cd0381cc5020a3686afec8350aadea01998518e8aa2407419fe9f python-pip-wheel-23.3.2-1.fc40.noarch.rpm -2eca9489d4cc2d3bb5f1efd452007d49f00334e8949afa7c634c76758305f5db python-unversioned-command-3.12.5-1.fc40.noarch.rpm -d9f4e1f212b42eabc565e6369088603c2782b1f0bbedfa392cb4f6c5cd0c914b python3-3.12.5-1.fc40.x86_64.rpm -3de9ae7033e56cc56c493f901baa16ed115658ee7cc3b2d689750c6b5346bb0c python3-libs-3.12.5-1.fc40.x86_64.rpm +368e6771820860a47152246355d1f09358cebc0b464224d70739a303dbdf9158 python-unversioned-command-3.12.5-2.fc40.noarch.rpm +c9022e8d2879fb454163b5c81376418f96eaed8b1a5220ac0c53288c1d7a35df python3-3.12.5-2.fc40.x86_64.rpm +077e728ea0ec62c079e90336b4c57a7b2b8c7ba897904520b4a5070c2078b498 python3-libs-3.12.5-2.fc40.x86_64.rpm 31d3560d4e4d9c6eedbc48911b38f1958b03d69d53859251ca53adc2c0db083b qemu-user-static-8.2.6-3.fc40.x86_64.rpm 0f8288155f67cdc89680d17f77f742a58e7f2076231dc824b40411903c5bfb0d qemu-user-static-aarch64-8.2.6-3.fc40.x86_64.rpm 9d6240b8b25f010e64f583112fe8c152fc9ba469b261fb33fb4834724924c0dd qemu-user-static-alpha-8.2.6-3.fc40.x86_64.rpm @@ -334,17 +335,17 @@ c3be8a6d0ea23b1d0bf466b19857b97f7ffde811ad7adec0599161059d84cc74 tpm2-tss-4.1.3 41b777c50f1ec74795551c7d930a3d6eceab278ff03608893a5dbd49f2de5363 util-linux-2.40.1-1.fc40.x86_64.rpm 7ec1b5df780c5a30f8e901179480125a6ea87f1f7bad3b69da7f4b351b88c3dd util-linux-core-2.40-0.9.rc1.fc40.x86_64.rpm a00108f45cd60afffb9c1b5db8bef9c6fd5b3c233a546dde787efa5b4485e5b6 util-linux-core-2.40.1-1.fc40.x86_64.rpm -e87361bf8eaaa87699e311e853b2c171c16f36f7d5e8f5eddb1f09c4a0202014 vim-common-9.1.672-1.fc40.x86_64.rpm -44986383b56588459663da041f9d144010cf91ae377ef9b957f7e262ef55ae19 vim-data-9.1.672-1.fc40.noarch.rpm -6fc8a60a8fae42a30666848f972129d2abfb0c7f2fb073616972a811b697bbc7 vim-enhanced-9.1.672-1.fc40.x86_64.rpm -13ae5c6fc04aa31b8c2f43885e94e222497d35dadf6858c13aa35e25d131019b vim-filesystem-9.1.672-1.fc40.noarch.rpm +e628db101de7abf521cc792ae0b540424daee0f486913865b3a0553f85da4bbb vim-common-9.1.703-1.fc40.x86_64.rpm +f0f25976a9e4b1c2de3e5252273b86e484388312d3ab3359d42562c0cacf75e0 vim-data-9.1.703-1.fc40.noarch.rpm +ea583b2614de4351637182d2dc8a3de929c293615da9c6db581dac2a6f2adbfb vim-enhanced-9.1.703-1.fc40.x86_64.rpm +ffafca2aa509cb51553daea521268f7820038068d61655f9b1caad9b2b6683e5 vim-filesystem-9.1.703-1.fc40.noarch.rpm c5682a1b02bb02578e9997ae221a7f6c6db711084129824e207fe1febdc55b9d wget2-2.1.0-11.fc40.x86_64.rpm 38aaee4829df7e1a4719991c4fc6d65a1265b6a556b182ecac3145c287c320f4 wget2-libs-2.1.0-11.fc40.x86_64.rpm a12b44ee7cc5a0e916bcf72e80c4d618abb7406254578e947f3ba9dd0d445d25 wget2-wget-2.1.0-11.fc40.x86_64.rpm cf0306ceed1c6b3be39060d85f16b1953b464d3a625488b170d3b7aadf600645 which-2.21-41.fc40.x86_64.rpm 4ede95a2fa3bc0ae617c8bf3a375b800163d58733b4829b15d9f038505d79fee whois-nls-5.5.20-3.fc40.noarch.rpm e2195010e857f56b19246f8b821f9391922880b7691b3728a413f540edc890a6 xkeyboard-config-2.41-1.fc40.noarch.rpm -e6006fd24e866d8747f8444ee21dcf66af86936839cf019ffed2718819ae20cc xxd-9.1.672-1.fc40.x86_64.rpm +0ced8100c1c1a2e18806d574f1f79fcdd6c3d47ee386686f138cf9b65f582ca2 xxd-9.1.703-1.fc40.x86_64.rpm ee599a1c4d7ee635e54ec137af4dded83f433b9c8a5976f75ecdcd000b5246e3 xz-5.4.6-3.fc40.x86_64.rpm b92ef78d8ab424c22130e457d0ef691d8197bff61c3b8852205d1b02baba3819 xz-libs-5.4.6-3.fc40.i686.rpm b6ee44b3d7e494b0364f26b7d0b169a8092180af787423cd5e8a47dc0f738a66 xz-libs-5.4.6-3.fc40.x86_64.rpm From fe2fd0a2dae1baa28053796b82509815a603c2e5 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Mon, 9 Sep 2024 12:45:48 +0200 Subject: [PATCH 244/380] treewide: update Go toolchain to 1.22.7 (#3343) --- .github/workflows/build-ccm-gcp.yml | 2 +- .github/workflows/build-os-image-scheduled.yml | 2 +- .github/workflows/codeql.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/test-operator-codegen.yml | 2 +- MODULE.bazel | 2 +- go.mod | 2 +- go.work | 4 ++-- 8 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build-ccm-gcp.yml b/.github/workflows/build-ccm-gcp.yml index 80d781e2e..fdc2446a4 100644 --- a/.github/workflows/build-ccm-gcp.yml +++ b/.github/workflows/build-ccm-gcp.yml @@ -31,7 +31,7 @@ jobs: - name: Setup Go environment uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: - go-version: "1.22.5" + go-version: "1.22.7" cache: false - name: Install Crane diff --git a/.github/workflows/build-os-image-scheduled.yml b/.github/workflows/build-os-image-scheduled.yml index 4575ace11..56e65cfdf 100644 --- a/.github/workflows/build-os-image-scheduled.yml +++ b/.github/workflows/build-os-image-scheduled.yml @@ -67,7 +67,7 @@ jobs: - name: Setup Go environment uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: - go-version: "1.22.5" + go-version: "1.22.7" cache: false - name: Determine version diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index ff70af4bf..7af6ca82c 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -40,7 +40,7 @@ jobs: if: matrix.language == 'go' uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: - go-version: "1.22.5" + go-version: "1.22.7" cache: false - name: Initialize CodeQL diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3c1ab548d..0639dc623 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -233,7 +233,7 @@ jobs: - name: Setup Go environment uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: - go-version: "1.22.5" + go-version: "1.22.7" cache: true - name: Build generateMeasurements tool diff --git a/.github/workflows/test-operator-codegen.yml b/.github/workflows/test-operator-codegen.yml index 10bc88e17..fbb05eac8 100644 --- a/.github/workflows/test-operator-codegen.yml +++ b/.github/workflows/test-operator-codegen.yml @@ -28,7 +28,7 @@ jobs: - name: Setup Go environment uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: - go-version: "1.22.5" + go-version: "1.22.7" cache: true - name: Run code generation diff --git a/MODULE.bazel b/MODULE.bazel index f527eb597..384e8b66a 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -21,7 +21,7 @@ go_sdk = use_extension("@io_bazel_rules_go//go:extensions.bzl", "go_sdk") go_sdk.download( name = "go_sdk", patches = ["//3rdparty/bazel/org_golang:go_tls_max_handshake_size.patch"], - version = "1.22.5", + version = "1.22.7", ) # the use_repo rule needs to list all top-level go dependencies diff --git a/go.mod b/go.mod index f4b66e794..588e47c0e 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/edgelesssys/constellation/v2 -go 1.22.5 +go 1.22.7 // TODO(daniel-weisse): revert after merging https://github.com/martinjungblut/go-cryptsetup/pull/16. replace github.com/martinjungblut/go-cryptsetup => github.com/daniel-weisse/go-cryptsetup v0.0.0-20230705150314-d8c07bd1723c diff --git a/go.work b/go.work index 645982cbc..da7888adb 100644 --- a/go.work +++ b/go.work @@ -1,6 +1,6 @@ -go 1.22.5 +go 1.22.7 -toolchain go1.22.5 +toolchain go1.22.7 use ( . From 282fd315d21b0ff73561a966d327ee6f84aa48dd Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 10 Sep 2024 11:39:05 +0200 Subject: [PATCH 245/380] deps: update K8s constrained Azure versions (#3346) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- internal/versions/versions.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/internal/versions/versions.go b/internal/versions/versions.go index 8079ea36c..94d38f1ba 100644 --- a/internal/versions/versions.go +++ b/internal/versions/versions.go @@ -252,10 +252,10 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ CloudControllerManagerImageAWS: "registry.k8s.io/provider-aws/cloud-controller-manager:v1.28.6@sha256:bb42961c336c2dbc736c1354b01208523962b4f4be4ebd582f697391766d510e", // renovate:container // CloudControllerManagerImageAzure is the CCM image used on Azure. // Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md. - CloudControllerManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.28.11@sha256:6fe43ab439e2faef8dd198a84c13e295a4c112cd27ede1016b0f3e2d6c9882dc", // renovate:container + CloudControllerManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.28.12@sha256:5ba85a312fdb6b65d4267a1e42090aaa9ebb69f44858d9f9f806a317a9260530", // renovate:container // CloudNodeManagerImageAzure is the cloud-node-manager image used on Azure. // Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md. - CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.28.11@sha256:0d50766bd56f20812073d00a973d64fb49cc6f7b4a23484b521c3e34abe31984", // renovate:container + CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.28.12@sha256:e4a4ddb678f625399b85f4becff16ef07a06da7f5f4673ca21cfb356c370930d", // renovate:container // CloudControllerManagerImageGCP is the CCM image used on GCP. CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v28.10.0@sha256:f3b6fa7faea27b4a303c91b3bc7ee192b050e21e27579e9f3da90ae4ba38e626", // renovate:container // CloudControllerManagerImageOpenStack is the CCM image used on OpenStack. @@ -319,10 +319,10 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ CloudControllerManagerImageAWS: "registry.k8s.io/provider-aws/cloud-controller-manager:v1.29.3@sha256:26a61ab55d8be6365348b78c3cf691276a7b078c58dd789729704fb56bcaac8c", // renovate:container // CloudControllerManagerImageAzure is the CCM image used on Azure. // Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md. - CloudControllerManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.29.9@sha256:bbeda8d6d36fc12d07314714b88e5f0433c2ae61feb59cd62fbe05d2f3c2aa17", // renovate:container + CloudControllerManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.29.10@sha256:2e4d2c0bb15f2987cb7abb52e86c9b62504226fdbf19d5b597ac4707adb52a56", // renovate:container // CloudNodeManagerImageAzure is the cloud-node-manager image used on Azure. // Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md. - CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.29.9@sha256:175d52f1d48d1b947823974166bcdd403c0644c5bca6f7275a3087d29fe8f36d", // renovate:container + CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.29.10@sha256:ef27f4e2c104614fa44265d6e0a193bf1f9b5abda542f5b64efb868d3796ffc8", // renovate:container // CloudControllerManagerImageGCP is the CCM image used on GCP. CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v29.5.0@sha256:4b17e16f9b5dfa20c9ff62cb382c3f754b70ed36be7f85cc3f46213dae21ec91", // renovate:container // CloudControllerManagerImageOpenStack is the CCM image used on OpenStack. @@ -386,10 +386,10 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ CloudControllerManagerImageAWS: "registry.k8s.io/provider-aws/cloud-controller-manager:v1.30.1@sha256:ee0e0c0de56e7dace71e2b4a0e45dcdae84e325c78f72c5495b109976fb3362c", // renovate:container // CloudControllerManagerImageAzure is the CCM image used on Azure. // Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md. - CloudControllerManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.30.5@sha256:932215506d0701783dd60e26ebe21ca3381eaa6517cf769aae339a082c2638f7", // renovate:container + CloudControllerManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.30.6@sha256:4cbf44b038ff426dccb457b160f7c675d736a062ec9e729996c568bf3d252c67", // renovate:container // CloudNodeManagerImageAzure is the cloud-node-manager image used on Azure. // Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md. - CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.30.5@sha256:16203c47820604328950e7b7bbf6fd103aec51e1c13c2a3689546e0ba6119b2c", // renovate:container + CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.30.6@sha256:89ea8b66d026fe313f7f5781d1be6c44bf2c345ead89b8fe256c2bfab47304d1", // renovate:container // CloudControllerManagerImageGCP is the CCM image used on GCP. CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v30.0.0@sha256:529382b3a16cee9d61d4cfd9b8ba74fff51856ae8cbaf1825c075112229284d9", // renovate:container // CloudControllerManagerImageOpenStack is the CCM image used on OpenStack. From 665cff00711e76dc35bfae269ffde6b7109a6db9 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 10 Sep 2024 11:41:44 +0200 Subject: [PATCH 246/380] deps: update K8s constrained AWS versions (#3319) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- internal/versions/versions.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/internal/versions/versions.go b/internal/versions/versions.go index 94d38f1ba..b443f977a 100644 --- a/internal/versions/versions.go +++ b/internal/versions/versions.go @@ -249,7 +249,7 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ }, // CloudControllerManagerImageAWS is the CCM image used on AWS. // Check for newer versions at https://github.com/kubernetes/cloud-provider-aws/releases. - CloudControllerManagerImageAWS: "registry.k8s.io/provider-aws/cloud-controller-manager:v1.28.6@sha256:bb42961c336c2dbc736c1354b01208523962b4f4be4ebd582f697391766d510e", // renovate:container + CloudControllerManagerImageAWS: "registry.k8s.io/provider-aws/cloud-controller-manager:v1.28.9@sha256:168905b591796fbd07cb35cd0e3f206fdb7efb30e325c9bf7fa70d1b48989f73", // renovate:container // CloudControllerManagerImageAzure is the CCM image used on Azure. // Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md. CloudControllerManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.28.12@sha256:5ba85a312fdb6b65d4267a1e42090aaa9ebb69f44858d9f9f806a317a9260530", // renovate:container @@ -316,7 +316,7 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ }, // CloudControllerManagerImageAWS is the CCM image used on AWS. // Check for newer versions at https://github.com/kubernetes/cloud-provider-aws/releases. - CloudControllerManagerImageAWS: "registry.k8s.io/provider-aws/cloud-controller-manager:v1.29.3@sha256:26a61ab55d8be6365348b78c3cf691276a7b078c58dd789729704fb56bcaac8c", // renovate:container + CloudControllerManagerImageAWS: "registry.k8s.io/provider-aws/cloud-controller-manager:v1.29.6@sha256:8074b8828a33fb273833e8fd374dda6a0ab10335ae8e19684fbd61eeff7d3594", // renovate:container // CloudControllerManagerImageAzure is the CCM image used on Azure. // Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md. CloudControllerManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.29.10@sha256:2e4d2c0bb15f2987cb7abb52e86c9b62504226fdbf19d5b597ac4707adb52a56", // renovate:container @@ -383,7 +383,7 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ }, // CloudControllerManagerImageAWS is the CCM image used on AWS. // Check for newer versions at https://github.com/kubernetes/cloud-provider-aws/releases. - CloudControllerManagerImageAWS: "registry.k8s.io/provider-aws/cloud-controller-manager:v1.30.1@sha256:ee0e0c0de56e7dace71e2b4a0e45dcdae84e325c78f72c5495b109976fb3362c", // renovate:container + CloudControllerManagerImageAWS: "registry.k8s.io/provider-aws/cloud-controller-manager:v1.30.3@sha256:30a1758dec30814178c787e2d50f46bb141e9f0bb2e16190ddd19df15f957874", // renovate:container // CloudControllerManagerImageAzure is the CCM image used on Azure. // Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md. CloudControllerManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.30.6@sha256:4cbf44b038ff426dccb457b160f7c675d736a062ec9e729996c568bf3d252c67", // renovate:container From 3e37819fe7ba8c91e6c7c9d27a32fd008f6434da Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 10 Sep 2024 13:16:51 +0200 Subject: [PATCH 247/380] deps: update cloud-provider-gcp (K8s version constrained) (#3320) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- internal/versions/versions.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/versions/versions.go b/internal/versions/versions.go index b443f977a..0621b5d74 100644 --- a/internal/versions/versions.go +++ b/internal/versions/versions.go @@ -324,7 +324,7 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ // Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md. CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.29.10@sha256:ef27f4e2c104614fa44265d6e0a193bf1f9b5abda542f5b64efb868d3796ffc8", // renovate:container // CloudControllerManagerImageGCP is the CCM image used on GCP. - CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v29.5.0@sha256:4b17e16f9b5dfa20c9ff62cb382c3f754b70ed36be7f85cc3f46213dae21ec91", // renovate:container + CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v29.5.1@sha256:ebbc6f5755725b6c2c81ca1d1580e2feba83572c41608b739c50f85b2e5de936", // renovate:container // CloudControllerManagerImageOpenStack is the CCM image used on OpenStack. CloudControllerManagerImageOpenStack: "docker.io/k8scloudprovider/openstack-cloud-controller-manager:v1.26.4@sha256:05e846fb13481b6dbe4a1e50491feb219e8f5101af6cf662a086115735624db0", // renovate:container // External service image. Depends on k8s version. @@ -391,7 +391,7 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ // Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md. CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.30.6@sha256:89ea8b66d026fe313f7f5781d1be6c44bf2c345ead89b8fe256c2bfab47304d1", // renovate:container // CloudControllerManagerImageGCP is the CCM image used on GCP. - CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v30.0.0@sha256:529382b3a16cee9d61d4cfd9b8ba74fff51856ae8cbaf1825c075112229284d9", // renovate:container + CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v30.1.0@sha256:64d2d5d4d2b5fb426c307c64ada9a61b64e797b56d9768363f145f2bd957998f", // renovate:container // CloudControllerManagerImageOpenStack is the CCM image used on OpenStack. CloudControllerManagerImageOpenStack: "docker.io/k8scloudprovider/openstack-cloud-controller-manager:v1.26.4@sha256:05e846fb13481b6dbe4a1e50491feb219e8f5101af6cf662a086115735624db0", // renovate:container // External service image. Depends on k8s version. From 98f359e03924dc2c0d57fa9d4ffeb6f618c9770b Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Tue, 10 Sep 2024 13:17:26 +0200 Subject: [PATCH 248/380] helm: allow multiple default routes (#3344) --- .../templates/cilium-agent/daemonset.yaml | 15 +++++----- internal/constellation/helm/cilium.patch | 29 +++++++++++++++++-- 2 files changed, 35 insertions(+), 9 deletions(-) diff --git a/internal/constellation/helm/charts/cilium/templates/cilium-agent/daemonset.yaml b/internal/constellation/helm/charts/cilium/templates/cilium-agent/daemonset.yaml index ffd5935ba..e2b8ccff6 100644 --- a/internal/constellation/helm/charts/cilium/templates/cilium-agent/daemonset.yaml +++ b/internal/constellation/helm/charts/cilium/templates/cilium-agent/daemonset.yaml @@ -764,13 +764,14 @@ spec: - -exc - | pref=32 - interface=$(ip route | awk '/^default/ { print $5 }') - tc qdisc add dev "${interface}" clsact || true - tc filter del dev "${interface}" ingress pref "${pref}" 2>/dev/null || true - handle=0 - for cidr in ${POD_CIDRS}; do - handle=$((handle + 1)) - tc filter replace dev "${interface}" ingress pref "${pref}" handle "${handle}" protocol ip flower dst_ip "${cidr}" action drop + for interface in $(ip route | awk '/^default/ { print $5 }'); do + tc qdisc add dev "${interface}" clsact || true + tc filter del dev "${interface}" ingress pref "${pref}" 2>/dev/null || true + handle=0 + for cidr in ${POD_CIDRS}; do + handle=$((handle + 1)) + tc filter replace dev "${interface}" ingress pref "${pref}" handle "${handle}" protocol ip flower dst_ip "${cidr}" action drop + done done env: - name: POD_CIDRS diff --git a/internal/constellation/helm/cilium.patch b/internal/constellation/helm/cilium.patch index 44857e283..b9c255c25 100644 --- a/internal/constellation/helm/cilium.patch +++ b/internal/constellation/helm/cilium.patch @@ -1,5 +1,5 @@ diff --git a/install/kubernetes/cilium/Chart.yaml b/install/kubernetes/cilium/Chart.yaml -index 256a79542..3f3fc714b 100644 +index 4df10f166b..9f079933b2 100644 --- a/install/kubernetes/cilium/Chart.yaml +++ b/install/kubernetes/cilium/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 @@ -13,4 +13,29 @@ index 256a79542..3f3fc714b 100644 kubeVersion: ">= 1.16.0-0" icon: https://cdn.jsdelivr.net/gh/cilium/cilium@v1.15/Documentation/images/logo-solo.svg description: eBPF-based Networking, Security, and Observability - \ No newline at end of file +diff --git a/install/kubernetes/cilium/templates/cilium-agent/daemonset.yaml b/install/kubernetes/cilium/templates/cilium-agent/daemonset.yaml +index ffd5935ba1..e2b8ccff6c 100644 +--- a/install/kubernetes/cilium/templates/cilium-agent/daemonset.yaml ++++ b/install/kubernetes/cilium/templates/cilium-agent/daemonset.yaml +@@ -764,13 +764,14 @@ spec: + - -exc + - | + pref=32 +- interface=$(ip route | awk '/^default/ { print $5 }') +- tc qdisc add dev "${interface}" clsact || true +- tc filter del dev "${interface}" ingress pref "${pref}" 2>/dev/null || true +- handle=0 +- for cidr in ${POD_CIDRS}; do +- handle=$((handle + 1)) +- tc filter replace dev "${interface}" ingress pref "${pref}" handle "${handle}" protocol ip flower dst_ip "${cidr}" action drop ++ for interface in $(ip route | awk '/^default/ { print $5 }'); do ++ tc qdisc add dev "${interface}" clsact || true ++ tc filter del dev "${interface}" ingress pref "${pref}" 2>/dev/null || true ++ handle=0 ++ for cidr in ${POD_CIDRS}; do ++ handle=$((handle + 1)) ++ tc filter replace dev "${interface}" ingress pref "${pref}" handle "${handle}" protocol ip flower dst_ip "${cidr}" action drop ++ done + done + env: + - name: POD_CIDRS From 7e9c316201863989d4ad327c71808a4f13d6ab84 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Wed, 11 Sep 2024 08:30:27 +0200 Subject: [PATCH 249/380] image: update measurements and image version (#3350) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index 95e2ca037..df55e7fa0 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x30, 0x7a, 0x94, 0xe1, 0x89, 0x45, 0x4d, 0x46, 0x15, 0x3a, 0x46, 0x91, 0xff, 0x8c, 0x98, 0xef, 0x00, 0x9c, 0x7b, 0xe4, 0x62, 0x5e, 0x84, 0xde, 0xc7, 0xef, 0xd9, 0x5e, 0x37, 0x46, 0x3a, 0xa0}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x0f, 0x4f, 0x5a, 0x19, 0x7b, 0xd9, 0x31, 0x7a, 0x0a, 0x91, 0x20, 0xbe, 0xc7, 0xb0, 0xcf, 0x3c, 0x5d, 0xea, 0xb8, 0xc2, 0x8c, 0xb3, 0xce, 0x12, 0xb9, 0xfe, 0x08, 0xcc, 0x05, 0xf4, 0x66, 0xd1}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xc3, 0x71, 0x7d, 0x5d, 0xbf, 0xde, 0x1a, 0xc1, 0x4e, 0x19, 0x66, 0xa2, 0x99, 0x14, 0x1f, 0x8c, 0xb9, 0x65, 0xb8, 0x00, 0xfd, 0x4b, 0x2b, 0x48, 0x1e, 0x79, 0x60, 0xd8, 0x8f, 0x56, 0xe2, 0x9d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x76, 0xdc, 0x23, 0x5d, 0x2b, 0xb9, 0xeb, 0xe5, 0xb0, 0x90, 0x03, 0xbb, 0x5e, 0x32, 0x28, 0xaa, 0xeb, 0xda, 0x89, 0x3d, 0x97, 0x08, 0x9a, 0xcf, 0x6f, 0xcb, 0xb6, 0x58, 0x15, 0x32, 0xc9, 0xeb}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xf9, 0xbe, 0x4e, 0x39, 0x53, 0xf8, 0xb2, 0x1c, 0xee, 0x6f, 0x9b, 0x70, 0xef, 0xf4, 0x14, 0x6c, 0xef, 0xb3, 0x55, 0x6c, 0x4a, 0xb7, 0xbb, 0x75, 0x60, 0x4d, 0xdd, 0x00, 0x88, 0x3c, 0x37, 0x34}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa5, 0x4f, 0x6f, 0x78, 0x3c, 0x68, 0x15, 0x0c, 0x02, 0xe0, 0x48, 0xa5, 0x73, 0x9b, 0xc5, 0xe6, 0xa3, 0x27, 0x1c, 0x91, 0xb9, 0xd5, 0x29, 0x84, 0x75, 0x33, 0x54, 0x3f, 0x2a, 0x9b, 0x6e, 0x7c}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xaa, 0x0f, 0x8f, 0x6a, 0x2f, 0x9a, 0x81, 0x86, 0x0a, 0x3f, 0x90, 0xe7, 0x90, 0x71, 0x07, 0xe1, 0x59, 0x25, 0x22, 0x93, 0xea, 0x79, 0x5b, 0xf8, 0xb8, 0x2b, 0xfb, 0xb8, 0x2b, 0x49, 0x1b, 0x43}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xab, 0xc5, 0x12, 0x44, 0x18, 0x43, 0x74, 0x13, 0x03, 0x26, 0xbf, 0xae, 0xd0, 0x4a, 0x03, 0x92, 0x56, 0x24, 0xd1, 0xf5, 0x7a, 0xcc, 0xae, 0x24, 0x0a, 0xa3, 0x31, 0x6f, 0xaf, 0xdf, 0xbd, 0xb4}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x87, 0x0b, 0x7b, 0xda, 0x69, 0x74, 0x37, 0xa8, 0x89, 0xd5, 0x60, 0xdf, 0x4c, 0x53, 0x40, 0x51, 0x26, 0xe7, 0xfd, 0x8a, 0xdf, 0xf2, 0x12, 0xa4, 0xb9, 0x49, 0xe2, 0x68, 0xbb, 0x0b, 0xc1, 0x49}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x7c, 0x25, 0x56, 0xb7, 0x80, 0x77, 0x26, 0xd6, 0xb3, 0x81, 0x14, 0xa1, 0x74, 0xcf, 0xa8, 0xcd, 0xbb, 0x23, 0x34, 0x4f, 0x81, 0x8b, 0x16, 0xf1, 0xa8, 0xf8, 0x5d, 0x31, 0x57, 0x0b, 0x41, 0x1a}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb0, 0xa7, 0x51, 0xc3, 0xd5, 0x78, 0x49, 0x0a, 0x83, 0xe0, 0x0e, 0x04, 0xbb, 0x2c, 0x4e, 0x6b, 0xce, 0x82, 0xe0, 0x46, 0x6b, 0xb2, 0xfd, 0x1e, 0x5d, 0x17, 0xb3, 0x58, 0x34, 0xab, 0x13, 0x4a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x35, 0xa3, 0x65, 0x5f, 0x4a, 0xd1, 0xad, 0x98, 0xc4, 0x0a, 0x13, 0x73, 0x29, 0x66, 0x98, 0x3a, 0x68, 0xe5, 0x55, 0x20, 0x35, 0x67, 0x32, 0x78, 0x2b, 0xda, 0x5a, 0xfe, 0xd4, 0x95, 0xbc, 0x85}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xa4, 0x21, 0x56, 0x16, 0x26, 0xe6, 0xd2, 0x2c, 0x0d, 0x41, 0x57, 0x98, 0x9e, 0xfc, 0x62, 0x2d, 0x71, 0xee, 0x35, 0x68, 0xb0, 0xb9, 0x00, 0x06, 0x34, 0x24, 0xfe, 0xa0, 0x93, 0xbe, 0xcf, 0xb0}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xa7, 0xd9, 0xae, 0x13, 0x82, 0x83, 0xe1, 0x2a, 0x89, 0x36, 0x56, 0xf6, 0x0e, 0x88, 0x1d, 0x93, 0x2b, 0x39, 0x06, 0xf6, 0xec, 0xc7, 0x7a, 0xdf, 0xa5, 0x5f, 0xbb, 0x18, 0x18, 0xbe, 0xf1, 0x7d}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd7, 0x52, 0x00, 0x96, 0x4e, 0x30, 0x38, 0x01, 0x98, 0xc3, 0xc4, 0x42, 0xa9, 0x22, 0x26, 0xf8, 0xca, 0x01, 0x51, 0x77, 0x36, 0x75, 0xc4, 0x81, 0xbe, 0xf4, 0x5d, 0x2e, 0x54, 0x13, 0x4b, 0xe3}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x45, 0xab, 0x2f, 0xa8, 0xd6, 0xd0, 0x7d, 0xb5, 0x66, 0x90, 0x75, 0x9c, 0x44, 0xfb, 0x76, 0x00, 0xd3, 0xc4, 0x56, 0x20, 0x31, 0x9a, 0x90, 0xb7, 0x0f, 0x79, 0xde, 0x3d, 0x70, 0xb7, 0xaf, 0xeb}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd7, 0x42, 0x96, 0xca, 0x44, 0x88, 0x5d, 0x21, 0x6d, 0x92, 0x83, 0xdf, 0x49, 0xc4, 0xeb, 0x64, 0xfc, 0x88, 0x0d, 0x02, 0x86, 0x37, 0x11, 0x23, 0x51, 0xa1, 0x2b, 0xa6, 0xa8, 0x39, 0x45, 0x67}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa4, 0x1b, 0xd1, 0xff, 0x4e, 0x64, 0x0c, 0x72, 0x44, 0xe3, 0x6c, 0xf2, 0x84, 0x12, 0x4a, 0x87, 0x61, 0x64, 0x5d, 0x3e, 0x1d, 0x52, 0xda, 0x30, 0xa6, 0xcd, 0x7b, 0x05, 0x29, 0xd4, 0xe7, 0xb9}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x8f, 0xd3, 0x87, 0x3c, 0x92, 0x9f, 0x7a, 0xb8, 0x31, 0xfe, 0x3a, 0x00, 0x00, 0x79, 0xbd, 0x1f, 0xf0, 0x5a, 0xb0, 0x26, 0x4f, 0x19, 0x62, 0x16, 0xbb, 0xf7, 0x21, 0x67, 0x7d, 0xf3, 0xcf, 0x7d}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x0a, 0x29, 0xf3, 0xf8, 0xf5, 0xff, 0x49, 0x38, 0x22, 0x01, 0x89, 0x26, 0x14, 0x24, 0xaa, 0xd0, 0x95, 0xbb, 0x65, 0x4c, 0x1c, 0x09, 0x1f, 0x32, 0x61, 0xcb, 0x09, 0x15, 0x46, 0xfa, 0x5f, 0xfe}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xde, 0xe6, 0xc5, 0xf1, 0x3d, 0x1b, 0xa2, 0x87, 0xdb, 0x14, 0x72, 0xd8, 0xbe, 0x40, 0xb7, 0xed, 0x23, 0xfb, 0x77, 0xca, 0x11, 0x02, 0x9a, 0xad, 0x53, 0x83, 0xa8, 0xcd, 0xd8, 0x26, 0xb7, 0x6f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x3e, 0x41, 0x60, 0x6c, 0x2f, 0x51, 0xce, 0x69, 0x09, 0xa3, 0xa7, 0x90, 0x7d, 0x62, 0x84, 0x17, 0x38, 0xf5, 0x5d, 0xb3, 0xeb, 0x6a, 0x69, 0x8c, 0x0e, 0xed, 0x8e, 0x59, 0x69, 0x04, 0x0d, 0x10}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x10, 0xd0, 0x7f, 0xbf, 0x93, 0x4d, 0xef, 0x6d, 0x97, 0xe2, 0x6f, 0xd3, 0x06, 0x39, 0xdd, 0x1d, 0x1b, 0x91, 0x96, 0x84, 0xdf, 0x91, 0x91, 0x30, 0xa2, 0x16, 0x37, 0x0c, 0xef, 0xc0, 0x48, 0x60}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd1, 0xd5, 0x00, 0xc0, 0x8e, 0x41, 0x3a, 0xf9, 0xa4, 0xa2, 0xe1, 0xd1, 0x4e, 0xa1, 0xdf, 0xd9, 0xa2, 0x47, 0x04, 0x96, 0xcd, 0x47, 0xb2, 0x84, 0x82, 0x18, 0xfc, 0x01, 0x99, 0x26, 0xe2, 0x54}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x3e, 0xba, 0x05, 0x7f, 0x84, 0x62, 0x0b, 0x4f, 0xfd, 0xe7, 0xe0, 0xed, 0x5b, 0xa9, 0x5b, 0xf7, 0x22, 0xe3, 0x93, 0x72, 0xea, 0x98, 0x25, 0xc2, 0x9b, 0x95, 0x68, 0x40, 0x38, 0xa8, 0x10, 0xe9}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xae, 0x56, 0x1c, 0xf2, 0x8b, 0xca, 0xdf, 0x0a, 0xd4, 0x45, 0xf0, 0xe4, 0xed, 0x17, 0xd9, 0x19, 0xbb, 0xe7, 0x08, 0xbd, 0x21, 0xfc, 0x1f, 0xeb, 0x49, 0x58, 0xec, 0x7b, 0x47, 0x80, 0xd0, 0xe1}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe3, 0x7c, 0x49, 0x2d, 0x99, 0xeb, 0x88, 0x53, 0x44, 0x04, 0x26, 0xc5, 0xd5, 0x04, 0x04, 0x77, 0x71, 0xe3, 0x46, 0xd8, 0xcc, 0x11, 0xba, 0xee, 0x72, 0x35, 0x07, 0xc9, 0x3a, 0x78, 0x8f, 0x61}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x4d, 0x28, 0xe1, 0x4f, 0x7c, 0xa3, 0xed, 0xae, 0x05, 0xcd, 0x79, 0xe9, 0x20, 0x21, 0x01, 0x90, 0xd7, 0x77, 0x53, 0x77, 0xf1, 0x47, 0x26, 0xdb, 0x1a, 0x42, 0x04, 0xfc, 0x8e, 0x69, 0x8c, 0xfb}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x4a, 0xe6, 0x7a, 0xb6, 0xd8, 0xe6, 0xa1, 0xb1, 0xec, 0x9f, 0xd0, 0x1d, 0x36, 0x0f, 0xca, 0xd5, 0xcd, 0x22, 0xb5, 0xee, 0xa0, 0x8f, 0xfb, 0x1d, 0x90, 0xbb, 0x59, 0xf7, 0x6e, 0xe8, 0x68, 0x70}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x30, 0xd4, 0x4b, 0x4a, 0xe1, 0xb8, 0x50, 0xf8, 0x2c, 0xd1, 0x13, 0x97, 0x3f, 0x7d, 0x61, 0xba, 0x1f, 0xb5, 0x77, 0x6f, 0x1e, 0x83, 0x74, 0xa5, 0x76, 0x63, 0x06, 0xbf, 0x57, 0xaf, 0x41, 0xd8}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0xa7, 0xc2, 0x0e, 0x68, 0x6c, 0x93, 0xe5, 0x86, 0xbb, 0xd7, 0x86, 0xc5, 0x66, 0x47, 0xea, 0xae, 0xbe, 0x59, 0xd1, 0xfe, 0x32, 0x34, 0xc7, 0xd4, 0xf1, 0xef, 0x1e, 0x4d, 0x3d, 0x5e, 0xeb, 0xf6}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x95, 0xbe, 0x6f, 0xc3, 0xe9, 0x10, 0xb8, 0xea, 0x95, 0x09, 0x14, 0x72, 0x95, 0xef, 0xdb, 0x1b, 0xc3, 0xb2, 0xdd, 0x0e, 0xa5, 0xf4, 0xf4, 0xbd, 0x4f, 0x4d, 0x04, 0x3d, 0xad, 0xb2, 0x3a, 0x07}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x89, 0x2a, 0xc1, 0xb2, 0xe0, 0x12, 0xe0, 0xe7, 0xd3, 0x5a, 0x14, 0xfd, 0xec, 0x38, 0x57, 0x05, 0xd6, 0x2f, 0x53, 0x0f, 0xd3, 0x51, 0x06, 0xf2, 0x5f, 0x79, 0xdb, 0xcd, 0xce, 0x2a, 0xe2, 0x33}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x77, 0xb2, 0xc2, 0xb5, 0x14, 0x58, 0x94, 0xe0, 0xe4, 0xdf, 0xa3, 0xa4, 0xe1, 0x5c, 0xcd, 0xe9, 0x28, 0xa3, 0x01, 0xb7, 0x3a, 0x5b, 0x57, 0x9c, 0xed, 0x91, 0x62, 0xd6, 0x73, 0xc9, 0x37, 0xa0}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xcb, 0xde, 0x79, 0x7c, 0xa2, 0xd1, 0x7b, 0x13, 0xda, 0xff, 0x95, 0x29, 0x19, 0xc7, 0x1b, 0xae, 0xd5, 0x27, 0xde, 0x76, 0x77, 0x25, 0x22, 0x2c, 0x99, 0xc2, 0x38, 0xc2, 0x5a, 0x9b, 0xd2, 0x5d}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x83, 0xc2, 0x07, 0x7c, 0x05, 0x2c, 0xcd, 0x74, 0xc8, 0xfd, 0x6e, 0x02, 0x32, 0xa2, 0x2b, 0x0c, 0x1f, 0x2a, 0x32, 0x0c, 0xf7, 0x6c, 0x3f, 0xc1, 0xb9, 0xc5, 0xe5, 0xcc, 0x3e, 0x0b, 0x1d, 0x20}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x9c, 0xcf, 0xd9, 0xf4, 0xbf, 0xbf, 0x27, 0xaf, 0xcc, 0x83, 0x40, 0x52, 0x8e, 0xae, 0x1b, 0xf4, 0xfc, 0x76, 0x16, 0x3f, 0x5e, 0x5a, 0x55, 0x1f, 0x94, 0x44, 0x83, 0xfc, 0xae, 0x55, 0x58, 0x1c}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x2e, 0x77, 0x34, 0x5c, 0x49, 0x55, 0xeb, 0xe1, 0x18, 0x66, 0x05, 0x4e, 0x38, 0xae, 0x0e, 0x25, 0x4e, 0x82, 0x7f, 0x10, 0xfe, 0x11, 0x67, 0x42, 0xe9, 0x91, 0xad, 0x9f, 0xbe, 0x4a, 0x13, 0x06}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x88, 0xbd, 0xaa, 0xde, 0x7e, 0x96, 0xb6, 0xdf, 0x0b, 0x94, 0xd5, 0x89, 0xe2, 0xa1, 0xd4, 0x8d, 0x66, 0xff, 0xaf, 0x51, 0x50, 0x6e, 0xfb, 0x69, 0x16, 0xa6, 0xbc, 0xdf, 0xa3, 0xfc, 0xbf, 0x5c}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0xfc, 0xba, 0xfa, 0x0d, 0x70, 0x56, 0xaa, 0x10, 0x62, 0x6f, 0x94, 0x33, 0x69, 0xc9, 0x12, 0x3e, 0xa6, 0xd4, 0x81, 0xe2, 0x87, 0x0f, 0x9c, 0x80, 0xc5, 0x95, 0x85, 0xf3, 0x54, 0xee, 0x33, 0x79}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x20, 0xd0, 0xa7, 0x68, 0x56, 0x7d, 0x2c, 0x07, 0xfc, 0xed, 0x39, 0xb9, 0x3d, 0xfe, 0x93, 0x24, 0x87, 0x7d, 0xd2, 0xf2, 0x7e, 0xb1, 0x4a, 0x4f, 0xe8, 0xbc, 0x02, 0xb6, 0x98, 0xf8, 0x58, 0x8c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x69, 0xbb, 0x26, 0xd3, 0x5d, 0x50, 0x13, 0xa7, 0x39, 0xde, 0xd2, 0xd1, 0x29, 0x62, 0xb1, 0xbf, 0x24, 0x91, 0x0d, 0xbb, 0x25, 0x25, 0xe1, 0x2b, 0x10, 0x67, 0x31, 0xe2, 0xe1, 0x2f, 0x51, 0x97}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0xc0, 0x21, 0xed, 0x56, 0x8e, 0x91, 0xdb, 0x68, 0xd9, 0x7f, 0xa2, 0x7f, 0xb7, 0x40, 0xcb, 0xc6, 0x83, 0x74, 0xe6, 0x6a, 0xba, 0x28, 0x97, 0x0c, 0xea, 0xa4, 0x73, 0x21, 0x58, 0xc4, 0xc3, 0xfd}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xa3, 0xa1, 0x57, 0x91, 0xad, 0xc3, 0x20, 0x36, 0x11, 0xcf, 0xfd, 0x34, 0x01, 0xee, 0x86, 0x41, 0x80, 0xd3, 0x48, 0xdd, 0x92, 0x44, 0xd5, 0xa8, 0x66, 0xd0, 0xdb, 0x58, 0x46, 0x37, 0xda, 0xde}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x2e, 0xa7, 0x04, 0x85, 0xf2, 0x17, 0xda, 0x60, 0x9c, 0xd8, 0xdd, 0xbc, 0x66, 0xc0, 0x40, 0x4d, 0x28, 0xcf, 0x24, 0xc4, 0xcf, 0x55, 0xbe, 0xbd, 0x37, 0xdd, 0x7c, 0x26, 0xee, 0x38, 0x08, 0x00}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0x79, 0x05, 0x5e, 0xd9, 0x6f, 0x52, 0x56, 0xc5, 0x70, 0xf2, 0x23, 0xb8, 0x22, 0x95, 0x12, 0x06, 0xb7, 0xcb, 0x56, 0xe3, 0x0e, 0x40, 0x72, 0xdf, 0x09, 0xde, 0x06, 0xef, 0x53, 0xe3, 0xc1, 0x93}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xc3, 0xe0, 0x13, 0x38, 0xf9, 0xdb, 0xa4, 0x6b, 0x3c, 0xd8, 0x27, 0xf0, 0x06, 0x39, 0x71, 0x03, 0xf3, 0x30, 0xae, 0xb0, 0x3b, 0xc8, 0x3d, 0xb5, 0xe1, 0xae, 0x97, 0xa3, 0x98, 0xf5, 0x3a, 0xbb}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x4e, 0x86, 0xe4, 0x6a, 0xf5, 0xb4, 0x9d, 0xf6, 0xb9, 0x1d, 0x3d, 0x33, 0x21, 0xd5, 0x84, 0xfa, 0x5e, 0xe0, 0x75, 0xde, 0xcb, 0x3a, 0xbe, 0xbe, 0x85, 0x66, 0xfa, 0x50, 0xf6, 0x57, 0x7f, 0x97}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index 47597e758..2c5e4b11b 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240904083651-a3bd2e029ce9" + defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240910131726-98f359e03924" ) From 5f5df1fc3692f014bb4c2bc28b14491c32058135 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Thu, 12 Sep 2024 13:31:21 +0200 Subject: [PATCH 250/380] terraform-provider-constellation: set correct cc_technology in GCP example (#3352) --- terraform-provider-constellation/examples/full/gcp/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform-provider-constellation/examples/full/gcp/main.tf b/terraform-provider-constellation/examples/full/gcp/main.tf index 9f8df7a08..04ede4b59 100644 --- a/terraform-provider-constellation/examples/full/gcp/main.tf +++ b/terraform-provider-constellation/examples/full/gcp/main.tf @@ -24,7 +24,7 @@ locals { control_plane_count = 3 worker_count = 2 instance_type = "n2d-standard-4" - cc_technology = "SEV" + cc_technology = "SEV_SNP" master_secret = random_bytes.master_secret.hex master_secret_salt = random_bytes.master_secret_salt.hex From e077eaf02c11ca2661a15635feda39c8437092a8 Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Thu, 12 Sep 2024 22:44:38 +0200 Subject: [PATCH 251/380] e2e: remove immediate node status printing (#3351) --- e2e/internal/upgrade/upgrade.go | 1 - 1 file changed, 1 deletion(-) diff --git a/e2e/internal/upgrade/upgrade.go b/e2e/internal/upgrade/upgrade.go index 14eb2227a..e31b7b67a 100644 --- a/e2e/internal/upgrade/upgrade.go +++ b/e2e/internal/upgrade/upgrade.go @@ -142,7 +142,6 @@ func testNodesEventuallyHaveVersion(t *testing.T, k *kubernetes.Clientset, targe if key == "constellation.edgeless.systems/node-image" { if !strings.EqualFold(value, targetVersions.ImageRef) { log.Printf("\t%s: Image %s, want %s\n", node.Name, value, targetVersions.ImageRef) - fmt.Printf("\tP: %s: Image %s, want %s\n", node.Name, value, targetVersions.ImageRef) allUpdated = false } } From 8ef5ea2efe48f44bc5cbdacc5bcd15511cc7440a Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Fri, 13 Sep 2024 09:47:33 +0200 Subject: [PATCH 252/380] helm: fix kubeadm bugs caused by CoreDNS installation (#3353) * helm: rename CoreDNS configmap * upgrade-agent: ignore CoreDNS preflight errors * fixup! helm: rename CoreDNS configmap --- cli/internal/cmd/apply.go | 4 +++ cli/internal/cmd/apply_test.go | 1 + cli/internal/cmd/init_test.go | 4 +++ cli/internal/cmd/upgradeapply_test.go | 4 +++ internal/constellation/helm.go | 15 +++++++++ .../charts/coredns/templates/configmap.yaml | 10 +++--- .../charts/coredns/templates/deployment.yaml | 2 +- .../helm/corednsgen/corednsgen.go | 32 +++++++++++++++++-- .../internal/provider/cluster_resource.go | 5 +++ upgrade-agent/internal/server/server.go | 10 ++++-- 10 files changed, 77 insertions(+), 10 deletions(-) diff --git a/cli/internal/cmd/apply.go b/cli/internal/cmd/apply.go index f22e25a60..aba3aa378 100644 --- a/cli/internal/cmd/apply.go +++ b/cli/internal/cmd/apply.go @@ -428,6 +428,9 @@ func (a *applyCmd) apply( if err := a.runHelmApply(cmd, conf, stateFile, upgradeDir); err != nil { return err } + if err := a.applier.CleanupCoreDNSResources(cmd.Context()); err != nil { + return fmt.Errorf("cleaning up CoreDNS: %w", err) + } } // Upgrade node image @@ -847,6 +850,7 @@ type applier interface { // methods required to install/upgrade Helm charts AnnotateCoreDNSResources(context.Context) error + CleanupCoreDNSResources(context.Context) error PrepareHelmCharts( flags helm.Options, state *state.State, serviceAccURI string, masterSecret uri.MasterSecret, ) (helm.Applier, bool, error) diff --git a/cli/internal/cmd/apply_test.go b/cli/internal/cmd/apply_test.go index 33fe6ba90..17c03f33f 100644 --- a/cli/internal/cmd/apply_test.go +++ b/cli/internal/cmd/apply_test.go @@ -554,6 +554,7 @@ func (s *stubConstellApplier) Init(context.Context, atls.Validator, *state.State type helmApplier interface { AnnotateCoreDNSResources(context.Context) error + CleanupCoreDNSResources(ctx context.Context) error PrepareHelmCharts( flags helm.Options, stateFile *state.State, serviceAccURI string, masterSecret uri.MasterSecret, ) ( diff --git a/cli/internal/cmd/init_test.go b/cli/internal/cmd/init_test.go index ccad3eb30..568c31ff8 100644 --- a/cli/internal/cmd/init_test.go +++ b/cli/internal/cmd/init_test.go @@ -282,6 +282,10 @@ func (s stubHelmApplier) AnnotateCoreDNSResources(_ context.Context) error { return nil } +func (s stubHelmApplier) CleanupCoreDNSResources(_ context.Context) error { + return nil +} + func (s stubHelmApplier) PrepareHelmCharts( _ helm.Options, _ *state.State, _ string, _ uri.MasterSecret, ) (helm.Applier, bool, error) { diff --git a/cli/internal/cmd/upgradeapply_test.go b/cli/internal/cmd/upgradeapply_test.go index 8a4341c2c..db4012596 100644 --- a/cli/internal/cmd/upgradeapply_test.go +++ b/cli/internal/cmd/upgradeapply_test.go @@ -379,6 +379,10 @@ func (m *mockApplier) AnnotateCoreDNSResources(_ context.Context) error { return nil } +func (m *mockApplier) CleanupCoreDNSResources(_ context.Context) error { + return nil +} + func (m *mockApplier) PrepareHelmCharts( helmOpts helm.Options, stateFile *state.State, str string, masterSecret uri.MasterSecret, ) (helm.Applier, bool, error) { diff --git a/internal/constellation/helm.go b/internal/constellation/helm.go index 4551e6ef4..ed1345459 100644 --- a/internal/constellation/helm.go +++ b/internal/constellation/helm.go @@ -60,6 +60,21 @@ func (a *Applier) AnnotateCoreDNSResources(ctx context.Context) error { return nil } +// CleanupCoreDNSResources removes CoreDNS resources that are not managed by Helm. +// +// This is only required when CoreDNS was installed by kubeadm directly. +// TODO(burgerdev): remove after v2.19 is released. +func (a *Applier) CleanupCoreDNSResources(ctx context.Context) error { + err := a.dynamicClient. + Resource(schema.GroupVersionResource{Group: "", Version: "v1", Resource: "configmaps"}). + Namespace("kube-system"). + Delete(ctx, "coredns", v1.DeleteOptions{}) + if !k8serrors.IsNotFound(err) { + return err + } + return nil +} + // PrepareHelmCharts loads Helm charts for Constellation and returns an executor to apply them. func (a *Applier) PrepareHelmCharts( flags helm.Options, state *state.State, serviceAccURI string, masterSecret uri.MasterSecret, diff --git a/internal/constellation/helm/charts/coredns/templates/configmap.yaml b/internal/constellation/helm/charts/coredns/templates/configmap.yaml index 3cec1e9e4..58a48a318 100644 --- a/internal/constellation/helm/charts/coredns/templates/configmap.yaml +++ b/internal/constellation/helm/charts/coredns/templates/configmap.yaml @@ -1,9 +1,4 @@ - apiVersion: v1 -kind: ConfigMap -metadata: - name: coredns - namespace: kube-system data: Corefile: | .:53 { @@ -26,3 +21,8 @@ data: reload loadbalance } +kind: ConfigMap +metadata: + creationTimestamp: null + name: edg-coredns + namespace: kube-system diff --git a/internal/constellation/helm/charts/coredns/templates/deployment.yaml b/internal/constellation/helm/charts/coredns/templates/deployment.yaml index c8e7dbff0..b7fd735df 100644 --- a/internal/constellation/helm/charts/coredns/templates/deployment.yaml +++ b/internal/constellation/helm/charts/coredns/templates/deployment.yaml @@ -104,6 +104,6 @@ spec: items: - key: Corefile path: Corefile - name: coredns + name: edg-coredns name: config-volume status: {} diff --git a/internal/constellation/helm/corednsgen/corednsgen.go b/internal/constellation/helm/corednsgen/corednsgen.go index f777914c4..5c7bc08f2 100644 --- a/internal/constellation/helm/corednsgen/corednsgen.go +++ b/internal/constellation/helm/corednsgen/corednsgen.go @@ -29,6 +29,8 @@ import ( "sigs.k8s.io/yaml" ) +const configMapName = "edg-coredns" + var chartDir = flag.String("charts", "./charts", "target directory to create charts in") func main() { @@ -44,9 +46,9 @@ func main() { writeTemplate(kubedns.CoreDNSServiceAccount, "serviceaccount.yaml") writeTemplate(kubedns.CoreDNSClusterRole, "clusterrole.yaml") writeTemplate(kubedns.CoreDNSClusterRoleBinding, "clusterrolebinding.yaml") - writeTemplate(kubedns.CoreDNSConfigMap, "configmap.yaml") writeTemplate(kubedns.CoreDNSService, "service.yaml") + writeFileRelativeToChartDir(patchedConfigMap(), "templates", "configmap.yaml") writeFileRelativeToChartDir(patchedDeployment(), "templates", "deployment.yaml") } @@ -92,7 +94,25 @@ func valuesYAML() []byte { return data } -// patchedDeployment extracts the CoreDNS deployment from kubeadm and adds necessary tolerations. +// patchedConfigMap renames the CoreDNS ConfigMap such that kubeadm does not find it. +// +// See https://github.com/kubernetes/kubeadm/issues/2846#issuecomment-1899942683. +func patchedConfigMap() []byte { + var cm corev1.ConfigMap + if err := yaml.Unmarshal(parseTemplate(kubedns.CoreDNSConfigMap), &cm); err != nil { + log.Fatalf("Could not parse configmap: %v", err) + } + + cm.Name = configMapName + + out, err := yaml.Marshal(cm) + if err != nil { + log.Fatalf("Could not marshal patched deployment: %v", err) + } + return out +} + +// patchedDeployment extracts the CoreDNS Deployment from kubeadm, adds necessary tolerations and updates the ConfigMap reference. func patchedDeployment() []byte { var d appsv1.Deployment if err := yaml.Unmarshal(parseTemplate(kubedns.CoreDNSDeployment), &d); err != nil { @@ -104,6 +124,14 @@ func patchedDeployment() []byte { {Key: "node.kubernetes.io/unreachable", Operator: corev1.TolerationOpExists, Effect: corev1.TaintEffectNoExecute, TolerationSeconds: toPtr(int64(10))}, } d.Spec.Template.Spec.Tolerations = append(d.Spec.Template.Spec.Tolerations, tolerations...) + + for i, vol := range d.Spec.Template.Spec.Volumes { + if vol.ConfigMap != nil { + vol.ConfigMap.Name = configMapName + } + d.Spec.Template.Spec.Volumes[i] = vol + } + out, err := yaml.Marshal(d) if err != nil { log.Fatalf("Could not marshal patched deployment: %v", err) diff --git a/terraform-provider-constellation/internal/provider/cluster_resource.go b/terraform-provider-constellation/internal/provider/cluster_resource.go index 01aa6615b..978771e83 100644 --- a/terraform-provider-constellation/internal/provider/cluster_resource.go +++ b/terraform-provider-constellation/internal/provider/cluster_resource.go @@ -1311,6 +1311,11 @@ func (r *ClusterResource) applyHelmCharts(ctx context.Context, applier *constell diags.AddError("Applying Helm charts", err.Error()) return diags } + + if err := applier.CleanupCoreDNSResources(ctx); err != nil { + diags.AddError("Cleaning up CoreDNS resources", err.Error()) + return diags + } return diags } diff --git a/upgrade-agent/internal/server/server.go b/upgrade-agent/internal/server/server.go index 1c8ff41b8..3221baed5 100644 --- a/upgrade-agent/internal/server/server.go +++ b/upgrade-agent/internal/server/server.go @@ -111,12 +111,18 @@ func (s *Server) ExecuteUpdate(ctx context.Context, updateRequest *upgradeproto. return nil, status.Errorf(codes.Internal, "unable to install the kubeadm binary: %s", err) } - upgradeCmd := exec.CommandContext(ctx, "kubeadm", "upgrade", "plan", updateRequest.WantedKubernetesVersion) + // CoreDNS addon status is checked even though we did not install it. + // TODO(burgerdev): Use kubeadm phases once supported: https://github.com/kubernetes/kubeadm/issues/1318. + commonArgs := []string{"--ignore-preflight-errors", "CoreDNSMigration,CoreDNSUnsupportedPlugins", updateRequest.WantedKubernetesVersion} + planArgs := append([]string{"upgrade", "plan"}, commonArgs...) + applyArgs := append([]string{"upgrade", "apply", "--yes", "--patches", constants.KubeadmPatchDir}, commonArgs...) + + upgradeCmd := exec.CommandContext(ctx, "kubeadm", planArgs...) if out, err := upgradeCmd.CombinedOutput(); err != nil { return nil, status.Errorf(codes.Internal, "unable to execute kubeadm upgrade plan %s: %s: %s", updateRequest.WantedKubernetesVersion, err, string(out)) } - applyCmd := exec.CommandContext(ctx, "kubeadm", "upgrade", "apply", "--yes", "--patches", constants.KubeadmPatchDir, updateRequest.WantedKubernetesVersion) + applyCmd := exec.CommandContext(ctx, "kubeadm", applyArgs...) if out, err := applyCmd.CombinedOutput(); err != nil { return nil, status.Errorf(codes.Internal, "unable to execute kubeadm upgrade apply: %s: %s", err, string(out)) } From 994c4523b0e713d4cae24d47ae2078d6e4fa4187 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Fri, 13 Sep 2024 10:30:55 +0200 Subject: [PATCH 253/380] image: update measurements and image version (#3354) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index df55e7fa0..ec2bcb82c 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xa4, 0x21, 0x56, 0x16, 0x26, 0xe6, 0xd2, 0x2c, 0x0d, 0x41, 0x57, 0x98, 0x9e, 0xfc, 0x62, 0x2d, 0x71, 0xee, 0x35, 0x68, 0xb0, 0xb9, 0x00, 0x06, 0x34, 0x24, 0xfe, 0xa0, 0x93, 0xbe, 0xcf, 0xb0}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xa7, 0xd9, 0xae, 0x13, 0x82, 0x83, 0xe1, 0x2a, 0x89, 0x36, 0x56, 0xf6, 0x0e, 0x88, 0x1d, 0x93, 0x2b, 0x39, 0x06, 0xf6, 0xec, 0xc7, 0x7a, 0xdf, 0xa5, 0x5f, 0xbb, 0x18, 0x18, 0xbe, 0xf1, 0x7d}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd7, 0x52, 0x00, 0x96, 0x4e, 0x30, 0x38, 0x01, 0x98, 0xc3, 0xc4, 0x42, 0xa9, 0x22, 0x26, 0xf8, 0xca, 0x01, 0x51, 0x77, 0x36, 0x75, 0xc4, 0x81, 0xbe, 0xf4, 0x5d, 0x2e, 0x54, 0x13, 0x4b, 0xe3}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x45, 0xab, 0x2f, 0xa8, 0xd6, 0xd0, 0x7d, 0xb5, 0x66, 0x90, 0x75, 0x9c, 0x44, 0xfb, 0x76, 0x00, 0xd3, 0xc4, 0x56, 0x20, 0x31, 0x9a, 0x90, 0xb7, 0x0f, 0x79, 0xde, 0x3d, 0x70, 0xb7, 0xaf, 0xeb}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd7, 0x42, 0x96, 0xca, 0x44, 0x88, 0x5d, 0x21, 0x6d, 0x92, 0x83, 0xdf, 0x49, 0xc4, 0xeb, 0x64, 0xfc, 0x88, 0x0d, 0x02, 0x86, 0x37, 0x11, 0x23, 0x51, 0xa1, 0x2b, 0xa6, 0xa8, 0x39, 0x45, 0x67}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa4, 0x1b, 0xd1, 0xff, 0x4e, 0x64, 0x0c, 0x72, 0x44, 0xe3, 0x6c, 0xf2, 0x84, 0x12, 0x4a, 0x87, 0x61, 0x64, 0x5d, 0x3e, 0x1d, 0x52, 0xda, 0x30, 0xa6, 0xcd, 0x7b, 0x05, 0x29, 0xd4, 0xe7, 0xb9}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x8f, 0xd3, 0x87, 0x3c, 0x92, 0x9f, 0x7a, 0xb8, 0x31, 0xfe, 0x3a, 0x00, 0x00, 0x79, 0xbd, 0x1f, 0xf0, 0x5a, 0xb0, 0x26, 0x4f, 0x19, 0x62, 0x16, 0xbb, 0xf7, 0x21, 0x67, 0x7d, 0xf3, 0xcf, 0x7d}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x0a, 0x29, 0xf3, 0xf8, 0xf5, 0xff, 0x49, 0x38, 0x22, 0x01, 0x89, 0x26, 0x14, 0x24, 0xaa, 0xd0, 0x95, 0xbb, 0x65, 0x4c, 0x1c, 0x09, 0x1f, 0x32, 0x61, 0xcb, 0x09, 0x15, 0x46, 0xfa, 0x5f, 0xfe}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xde, 0xe6, 0xc5, 0xf1, 0x3d, 0x1b, 0xa2, 0x87, 0xdb, 0x14, 0x72, 0xd8, 0xbe, 0x40, 0xb7, 0xed, 0x23, 0xfb, 0x77, 0xca, 0x11, 0x02, 0x9a, 0xad, 0x53, 0x83, 0xa8, 0xcd, 0xd8, 0x26, 0xb7, 0x6f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x3e, 0x41, 0x60, 0x6c, 0x2f, 0x51, 0xce, 0x69, 0x09, 0xa3, 0xa7, 0x90, 0x7d, 0x62, 0x84, 0x17, 0x38, 0xf5, 0x5d, 0xb3, 0xeb, 0x6a, 0x69, 0x8c, 0x0e, 0xed, 0x8e, 0x59, 0x69, 0x04, 0x0d, 0x10}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x10, 0xd0, 0x7f, 0xbf, 0x93, 0x4d, 0xef, 0x6d, 0x97, 0xe2, 0x6f, 0xd3, 0x06, 0x39, 0xdd, 0x1d, 0x1b, 0x91, 0x96, 0x84, 0xdf, 0x91, 0x91, 0x30, 0xa2, 0x16, 0x37, 0x0c, 0xef, 0xc0, 0x48, 0x60}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd1, 0xd5, 0x00, 0xc0, 0x8e, 0x41, 0x3a, 0xf9, 0xa4, 0xa2, 0xe1, 0xd1, 0x4e, 0xa1, 0xdf, 0xd9, 0xa2, 0x47, 0x04, 0x96, 0xcd, 0x47, 0xb2, 0x84, 0x82, 0x18, 0xfc, 0x01, 0x99, 0x26, 0xe2, 0x54}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x32, 0xd5, 0xd0, 0x83, 0xfb, 0xdf, 0xc1, 0x54, 0x52, 0xc1, 0x0b, 0x09, 0xc4, 0x66, 0x70, 0x0e, 0x90, 0x42, 0x44, 0xed, 0x55, 0x54, 0xae, 0x9b, 0x39, 0xc2, 0x45, 0x17, 0x86, 0xa7, 0xb0, 0x03}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x72, 0x5f, 0x6f, 0xfa, 0xc0, 0x4a, 0x17, 0xef, 0x9b, 0x1a, 0x6d, 0x56, 0x7d, 0xc2, 0x34, 0x74, 0x35, 0x89, 0xb4, 0x90, 0x83, 0x48, 0x5e, 0x92, 0x49, 0x2d, 0x12, 0x91, 0xeb, 0xd2, 0x0b, 0x99}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe0, 0x84, 0xef, 0xe1, 0x50, 0xcf, 0xe6, 0xca, 0x81, 0x3e, 0xaf, 0xca, 0x65, 0xc9, 0xd7, 0xb7, 0x18, 0x9c, 0x7b, 0x85, 0x3e, 0x21, 0x5f, 0xf3, 0xbf, 0x26, 0xc1, 0xc7, 0x14, 0x85, 0xb7, 0xec}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xd3, 0x83, 0xc8, 0xf7, 0x9c, 0x25, 0xb1, 0x9c, 0xaf, 0x91, 0x79, 0x64, 0x86, 0x5b, 0x99, 0x00, 0x9f, 0x1f, 0xd8, 0x22, 0xff, 0x07, 0xa7, 0x65, 0xbb, 0xde, 0xf0, 0x84, 0x17, 0x18, 0x14, 0x0d}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd9, 0x20, 0xd8, 0x75, 0x1c, 0x0e, 0x35, 0xb3, 0xac, 0xc8, 0xa2, 0x40, 0xed, 0x8a, 0xef, 0xc7, 0x9a, 0x61, 0x3b, 0x74, 0x74, 0xa7, 0x2d, 0x81, 0x31, 0x20, 0x81, 0x85, 0x9d, 0xf5, 0xee, 0xec}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x1c, 0xaf, 0x35, 0x7c, 0xd4, 0x13, 0x07, 0x2c, 0x99, 0x3b, 0x2d, 0x5a, 0x62, 0x3d, 0x9c, 0xb9, 0x2c, 0xbf, 0x14, 0xbe, 0xb4, 0x98, 0x30, 0xc4, 0x7e, 0xe7, 0x56, 0xab, 0x0c, 0xc2, 0xe3, 0x91}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x10, 0x59, 0x59, 0x98, 0xf0, 0xa3, 0x10, 0xcb, 0xcb, 0xe4, 0xde, 0x02, 0x94, 0xdb, 0xe3, 0x96, 0x84, 0x10, 0x44, 0x81, 0x4b, 0xba, 0x59, 0x4e, 0x56, 0x39, 0xfc, 0xd9, 0x64, 0x1d, 0x42, 0xa4}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb2, 0xc3, 0xd7, 0x1b, 0xc4, 0x67, 0x09, 0x1f, 0x1b, 0xf1, 0x05, 0xff, 0xc6, 0xb3, 0xdd, 0x9e, 0x10, 0x1d, 0xa7, 0x68, 0x45, 0xe3, 0x3f, 0x99, 0x58, 0x6e, 0x37, 0x79, 0x67, 0xa1, 0xa9, 0xe7}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x8e, 0x8a, 0x3d, 0x12, 0x0b, 0x65, 0x5b, 0x89, 0xc4, 0xf2, 0x6a, 0xbe, 0x19, 0xcd, 0x19, 0x26, 0xaf, 0xab, 0x6e, 0x14, 0x0a, 0x11, 0x0e, 0x6a, 0xc0, 0xa8, 0x2b, 0xdd, 0x4b, 0xfb, 0xfc, 0x42}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x18, 0xe1, 0x70, 0x29, 0x51, 0xad, 0x5c, 0x5c, 0xde, 0xea, 0x16, 0xd4, 0x07, 0x15, 0x2b, 0xbc, 0x18, 0x79, 0xaa, 0xdb, 0x61, 0x2f, 0x6c, 0xf3, 0xc2, 0xa1, 0x95, 0x2c, 0xc7, 0xea, 0xd9, 0x26}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd6, 0x10, 0x10, 0x35, 0xac, 0xc9, 0x49, 0x1e, 0x53, 0x44, 0x1d, 0x19, 0xe4, 0xb7, 0x8b, 0x9d, 0x21, 0x24, 0x05, 0x5b, 0x6b, 0x4b, 0x38, 0x06, 0x81, 0x7e, 0xf3, 0x3d, 0xf4, 0xfe, 0xf5, 0x46}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf4, 0xd7, 0x7c, 0x34, 0x37, 0xef, 0xe9, 0xd5, 0x52, 0x09, 0x06, 0x1e, 0x4c, 0x5e, 0x5a, 0x89, 0x92, 0x97, 0x83, 0xbc, 0x80, 0xdb, 0x67, 0x6f, 0x86, 0x51, 0x63, 0x05, 0x75, 0xe8, 0x1c, 0xb0}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x77, 0xb2, 0xc2, 0xb5, 0x14, 0x58, 0x94, 0xe0, 0xe4, 0xdf, 0xa3, 0xa4, 0xe1, 0x5c, 0xcd, 0xe9, 0x28, 0xa3, 0x01, 0xb7, 0x3a, 0x5b, 0x57, 0x9c, 0xed, 0x91, 0x62, 0xd6, 0x73, 0xc9, 0x37, 0xa0}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xcb, 0xde, 0x79, 0x7c, 0xa2, 0xd1, 0x7b, 0x13, 0xda, 0xff, 0x95, 0x29, 0x19, 0xc7, 0x1b, 0xae, 0xd5, 0x27, 0xde, 0x76, 0x77, 0x25, 0x22, 0x2c, 0x99, 0xc2, 0x38, 0xc2, 0x5a, 0x9b, 0xd2, 0x5d}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x83, 0xc2, 0x07, 0x7c, 0x05, 0x2c, 0xcd, 0x74, 0xc8, 0xfd, 0x6e, 0x02, 0x32, 0xa2, 0x2b, 0x0c, 0x1f, 0x2a, 0x32, 0x0c, 0xf7, 0x6c, 0x3f, 0xc1, 0xb9, 0xc5, 0xe5, 0xcc, 0x3e, 0x0b, 0x1d, 0x20}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x9c, 0xcf, 0xd9, 0xf4, 0xbf, 0xbf, 0x27, 0xaf, 0xcc, 0x83, 0x40, 0x52, 0x8e, 0xae, 0x1b, 0xf4, 0xfc, 0x76, 0x16, 0x3f, 0x5e, 0x5a, 0x55, 0x1f, 0x94, 0x44, 0x83, 0xfc, 0xae, 0x55, 0x58, 0x1c}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x2e, 0x77, 0x34, 0x5c, 0x49, 0x55, 0xeb, 0xe1, 0x18, 0x66, 0x05, 0x4e, 0x38, 0xae, 0x0e, 0x25, 0x4e, 0x82, 0x7f, 0x10, 0xfe, 0x11, 0x67, 0x42, 0xe9, 0x91, 0xad, 0x9f, 0xbe, 0x4a, 0x13, 0x06}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x88, 0xbd, 0xaa, 0xde, 0x7e, 0x96, 0xb6, 0xdf, 0x0b, 0x94, 0xd5, 0x89, 0xe2, 0xa1, 0xd4, 0x8d, 0x66, 0xff, 0xaf, 0x51, 0x50, 0x6e, 0xfb, 0x69, 0x16, 0xa6, 0xbc, 0xdf, 0xa3, 0xfc, 0xbf, 0x5c}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0xfc, 0xba, 0xfa, 0x0d, 0x70, 0x56, 0xaa, 0x10, 0x62, 0x6f, 0x94, 0x33, 0x69, 0xc9, 0x12, 0x3e, 0xa6, 0xd4, 0x81, 0xe2, 0x87, 0x0f, 0x9c, 0x80, 0xc5, 0x95, 0x85, 0xf3, 0x54, 0xee, 0x33, 0x79}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x20, 0xd0, 0xa7, 0x68, 0x56, 0x7d, 0x2c, 0x07, 0xfc, 0xed, 0x39, 0xb9, 0x3d, 0xfe, 0x93, 0x24, 0x87, 0x7d, 0xd2, 0xf2, 0x7e, 0xb1, 0x4a, 0x4f, 0xe8, 0xbc, 0x02, 0xb6, 0x98, 0xf8, 0x58, 0x8c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x69, 0xbb, 0x26, 0xd3, 0x5d, 0x50, 0x13, 0xa7, 0x39, 0xde, 0xd2, 0xd1, 0x29, 0x62, 0xb1, 0xbf, 0x24, 0x91, 0x0d, 0xbb, 0x25, 0x25, 0xe1, 0x2b, 0x10, 0x67, 0x31, 0xe2, 0xe1, 0x2f, 0x51, 0x97}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x88, 0x18, 0x22, 0xad, 0x60, 0xaf, 0x68, 0x01, 0xae, 0x08, 0x4d, 0x38, 0x3a, 0xd0, 0xba, 0x17, 0x8c, 0xe5, 0x4f, 0x68, 0x6d, 0x93, 0x49, 0x73, 0xd4, 0xe8, 0x70, 0xf8, 0x67, 0x33, 0x6c, 0x0f}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x3b, 0xc7, 0x5d, 0xa7, 0x47, 0x4b, 0xde, 0x25, 0x27, 0xdb, 0x9d, 0x25, 0x06, 0xd0, 0x2c, 0x6f, 0x24, 0x2b, 0xfe, 0x76, 0x9b, 0xf6, 0x70, 0x05, 0x30, 0xcd, 0xbc, 0xd2, 0x23, 0x6a, 0xb9, 0x15}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x74, 0x22, 0x50, 0x42, 0xf6, 0xba, 0x98, 0x70, 0xd8, 0x28, 0xe5, 0xde, 0x36, 0x9b, 0x16, 0x3d, 0xc7, 0x91, 0x18, 0x33, 0x41, 0x3b, 0xf8, 0x4c, 0x36, 0x35, 0xe4, 0xd3, 0xfc, 0x88, 0x2a, 0xc6}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xe5, 0x02, 0x01, 0x93, 0x14, 0x8f, 0xba, 0xd0, 0xdb, 0xaf, 0x61, 0x8f, 0xb3, 0xef, 0x15, 0x66, 0x5c, 0x72, 0xff, 0x87, 0xa5, 0x4e, 0x24, 0xb2, 0xd8, 0xf5, 0xbd, 0xf9, 0x71, 0x9b, 0xb5, 0x0b}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x37, 0xef, 0x16, 0xfd, 0x0a, 0xe8, 0xd2, 0xfb, 0x3b, 0x19, 0x14, 0xf0, 0xb8, 0xff, 0x04, 0x6e, 0x76, 0x5b, 0x57, 0xfe, 0xc6, 0x73, 0x9d, 0x2e, 0xbf, 0x1f, 0xd4, 0xd1, 0x82, 0x07, 0x14, 0x37}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf0, 0x9c, 0xef, 0x0d, 0x07, 0x71, 0x27, 0xfb, 0x26, 0xbc, 0x8d, 0x01, 0x3f, 0xc0, 0x9e, 0x13, 0xaf, 0xbb, 0x70, 0xf0, 0xf7, 0x34, 0xce, 0xd9, 0x8f, 0x46, 0x66, 0x65, 0x44, 0x99, 0x8e, 0xfe}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0x3c, 0xd2, 0x21, 0xe4, 0x4d, 0x51, 0x8f, 0x2c, 0xcd, 0x5e, 0x7e, 0x66, 0xbf, 0xac, 0x7d, 0x28, 0x68, 0x10, 0xe9, 0x95, 0x35, 0x71, 0x4e, 0x89, 0x9e, 0x57, 0x12, 0x41, 0x5c, 0x25, 0x42, 0x7c}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xfc, 0x54, 0x14, 0xbb, 0x5e, 0x8a, 0xe1, 0x25, 0x7c, 0x21, 0x65, 0x03, 0x70, 0x27, 0xc9, 0x91, 0xfb, 0x80, 0xcd, 0xa2, 0x85, 0x2d, 0x20, 0x49, 0x9b, 0x8a, 0x7d, 0xfd, 0xea, 0xe4, 0xae, 0x0e}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa5, 0xe7, 0xdd, 0x33, 0xc0, 0x2b, 0x1e, 0x53, 0x50, 0x5c, 0x29, 0xb1, 0x01, 0x04, 0x06, 0xd0, 0x43, 0x9b, 0x87, 0x9c, 0xbe, 0xc3, 0x3e, 0x42, 0xf1, 0x49, 0x12, 0x83, 0x87, 0xd5, 0x7d, 0xee}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0x79, 0x05, 0x5e, 0xd9, 0x6f, 0x52, 0x56, 0xc5, 0x70, 0xf2, 0x23, 0xb8, 0x22, 0x95, 0x12, 0x06, 0xb7, 0xcb, 0x56, 0xe3, 0x0e, 0x40, 0x72, 0xdf, 0x09, 0xde, 0x06, 0xef, 0x53, 0xe3, 0xc1, 0x93}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xc3, 0xe0, 0x13, 0x38, 0xf9, 0xdb, 0xa4, 0x6b, 0x3c, 0xd8, 0x27, 0xf0, 0x06, 0x39, 0x71, 0x03, 0xf3, 0x30, 0xae, 0xb0, 0x3b, 0xc8, 0x3d, 0xb5, 0xe1, 0xae, 0x97, 0xa3, 0x98, 0xf5, 0x3a, 0xbb}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x4e, 0x86, 0xe4, 0x6a, 0xf5, 0xb4, 0x9d, 0xf6, 0xb9, 0x1d, 0x3d, 0x33, 0x21, 0xd5, 0x84, 0xfa, 0x5e, 0xe0, 0x75, 0xde, 0xcb, 0x3a, 0xbe, 0xbe, 0x85, 0x66, 0xfa, 0x50, 0xf6, 0x57, 0x7f, 0x97}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0x4f, 0xfc, 0x5e, 0xb4, 0xc8, 0xd3, 0x04, 0x5d, 0x50, 0x16, 0x81, 0xe8, 0xd4, 0x6b, 0x6b, 0xcc, 0x12, 0x68, 0xdf, 0x78, 0xef, 0x94, 0x5f, 0x60, 0x8b, 0x9a, 0x35, 0x82, 0xfc, 0x55, 0x43, 0x27}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xaa, 0xfc, 0x49, 0xed, 0x13, 0x41, 0xcd, 0x7e, 0xf9, 0x4b, 0xc2, 0xe2, 0x55, 0x8c, 0x52, 0x65, 0x90, 0x29, 0x18, 0xa1, 0xf3, 0x63, 0x43, 0x87, 0xc5, 0xbc, 0x9d, 0x86, 0xf4, 0x2c, 0xee, 0x8a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf7, 0xfc, 0x33, 0x27, 0xc8, 0xe7, 0x17, 0x3a, 0xda, 0x2a, 0xbc, 0xeb, 0xe5, 0x6c, 0x5b, 0xb0, 0xd2, 0x2a, 0x0d, 0xa2, 0xa6, 0xa0, 0xdf, 0x10, 0xc8, 0x5c, 0xc8, 0x72, 0xa3, 0xcb, 0x1b, 0x29}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index 2c5e4b11b..e373c1523 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240910131726-98f359e03924" + defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240912224438-e077eaf02c11" ) From c6a9c2574bf1e2031aa0c7a157b32ad5bd7c1a14 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Sun, 15 Sep 2024 16:49:40 +0200 Subject: [PATCH 254/380] image: update locked rpms (#3356) Co-authored-by: edgelessci --- image/mirror/SHA256SUMS | 46 ++++++++++++++++++++--------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/image/mirror/SHA256SUMS b/image/mirror/SHA256SUMS index 386ad7cde..21942c7c0 100644 --- a/image/mirror/SHA256SUMS +++ b/image/mirror/SHA256SUMS @@ -1,5 +1,5 @@ 37abef83e8927b4b48f69fcbdcc249d349c6029cc669401676d01f0ea326999e WALinuxAgent-udev-2.10.0.8-2.fc40.noarch.rpm -aa20a35c98c094c3d384c311c33ff393ca75e5be81b7eaf2b223a1dc6bd8217b aardvark-dns-1.12.1-1.fc40.x86_64.rpm +eeca1e4f380330d602278b8069c03e0a712f9d7c1c9533c5869c66e5f5fce4a0 aardvark-dns-1.12.2-2.fc40.x86_64.rpm ac860c52abbc65af5835d1bd97400c531a5635d39bc1d68e36a1fe54863385ea alternatives-1.27-1.fc40.x86_64.rpm 6d0cfcd0e97421b42af58a824c7e99a6cbcdd0e81980b4ea9e0d4051ef723db3 audit-libs-4.0.2-1.fc40.i686.rpm f4ed40457780c13bebf84c1cf8981550da7e0e728e80250aed179eda8915bc7f audit-libs-4.0.2-1.fc40.x86_64.rpm @@ -13,7 +13,7 @@ e61d6858790314f9d9ab539c5531d2b67ce763c9e5ac6c22dd76293fec12f3f5 ca-certificate 99d4976979c8b9d18c9d2d686de77882dc6a4e72ebfe358fb9a37a83f0ecdc90 catatonit-0.1.7-22.fc40.x86_64.rpm 75a442ef2c8b3ab75a2692657c7838e806d56b607201ee463a68e0d448312391 composefs-1.0.3-1.fc40.x86_64.rpm 26e873722d8c94ba8150cb5afc7adcda1be17a21804d9c19e54eff530e3249a5 composefs-libs-1.0.3-1.fc40.x86_64.rpm -ef93475ea699c80bb8e49b5a80fefeed23e553b0e492d74748a55958b4dde568 conmon-2.1.10-1.fc40.x86_64.rpm +db246f6445469b5a71e965a081685471768393cf04181e7250ce0ddcb8a9c3d4 conmon-2.1.12-2.fc40.x86_64.rpm adf4b75cdd9fae9d2d37fb71d9f0bf625a6705c0f0a7784569ab21463fe22152 conntrack-tools-1.4.7-7.fc40.x86_64.rpm b0b0ba347f69131086934e836f03fb8b373923c88ac2958bd9661be28e30e869 container-selinux-2.232.1-1.fc40.noarch.rpm bbe29e0c7b4ca076d50b4ac3954eb383459230d96b13f353ee71ebd5de33b6d1 containerd-1.6.23-5.fc40.x86_64.rpm @@ -58,7 +58,7 @@ c1eca14924981b987f9b17c01a97511d641f49ac6b2b0f2d8e83563343932302 elfutils-libel 393c5920c3b69834e5a75b05f48f04e696f509cb52c8055e686e63e677342547 elfutils-libs-0.191-4.fc40.i686.rpm d7d1ed3fca0696b8c38effe21bc70c84a94cb66c0b59bb1980c0f455d23b7fec elfutils-libs-0.191-4.fc40.x86_64.rpm 46faf7414373116864994d8e6877e00a799226e60bb685e073b398074ec7dc49 ethtool-6.10-1.fc40.x86_64.rpm -19d6e2f987c80d97b82c3d837d584eca60621b6d8cbd6797ba01a01ed8848799 expat-2.6.2-1.fc40.x86_64.rpm +3a5ba168021a01107d6dd4dc7cffe8bb5553c64f236c436979b9fddfdc4cb59d expat-2.6.3-1.fc40.x86_64.rpm 849feb04544096f9bbe16bc78c2198708fe658bdafa08575c911e538a7d31c18 fedora-gpg-keys-40-2.noarch.rpm bd62f80ae7dc50c20b0633d86f1c4a9f205f7df13c8ee1a5d5f624872c29271e fedora-release-40-39.noarch.rpm 590c9439a81fb9e35a8b4d19dc159ce09b756f8f7f66a6290d8785f424d97003 fedora-release-common-40-39.noarch.rpm @@ -88,7 +88,7 @@ b054d6a9ee3477e935686b327aa47379bd1909eac4ce06c4c45dff1a201ecb49 gmp-6.2.1-8.fc 4425dbd35ab65f25b092d12ac56c4b565371a1c52ac882c8896dbeae7d52bbb1 gnupg2-smime-2.4.4-1.fc40.x86_64.rpm 4289ccbb44e4a764ef6f58593a56f2598c6821feebac52be6fa04c771eebf029 gnutls-3.8.6-1.fc40.x86_64.rpm 0e5c3c13d4c34d83453667a8011eab1859d0db5ff7409fba0dce3fbd68604226 gnutls-dane-3.8.6-1.fc40.x86_64.rpm -f1d7b8ac27932363eeb6cb667ef26ea1c000379beb9348fbed295e062538b4ee google-compute-engine-guest-configs-udev-20240607.00-2.fc40.noarch.rpm +f8510eeec17b9258de9a68ce15af21f3ea135b5e767f3bc9047f851d81dbac6e google-compute-engine-guest-configs-udev-20240830.00-1.fc40.noarch.rpm 94e443590221fb17e0330f076ebac32baab17b8d9c22566db372899ae750ca64 gpgme-1.23.2-3.fc40.x86_64.rpm 6d54af0fc5ae216eb97720415acda4245ebc6c021420a2892b58620b5b25ca38 gpm-libs-1.20.7-46.fc40.x86_64.rpm 8e2310f6cde324576e537749cf1d4fee8028edfc0c8df3070f147ee162b423ce grep-3.11-7.fc40.x86_64.rpm @@ -128,8 +128,8 @@ e131ab89604dbd4fdc4f80af632099e48bf68bb328dbf0e7dcbef1d1e134dc09 libassuan-2.5. f4278c28f2bb21b0c24a5975384a5ccfc0934504d8a7c036ca1346b7683e1b5c libblkid-2.40-0.9.rc1.fc40.x86_64.rpm 688ef20e1e1fd0e3884c9f0070a3251636a81e08d299b13609dfb4152434b5da libblkid-2.40.1-1.fc40.i686.rpm 0870933f0565a25e0cbf5246dd754722f5df9946f4f5c09cf420e85cc1a1e4fb libblkid-2.40.1-1.fc40.x86_64.rpm -e653f622e46e8fd6a5d7fd1ba3d4691a7a7f57ae54879da4577c0788b7da2c4f libbpf-1.2.0-3.fc40.i686.rpm -6aaea5de69154d81ef39d3faa72d42d04ae57fc5071492d6ccb9899ca43948fc libbpf-1.2.0-3.fc40.x86_64.rpm +d8fab37e62c441e5d35421086a20923ff15561ad28c858cfb670b7c095106dee libbpf-1.2.3-1.fc40.i686.rpm +fca2d942f6264b630b33991e48dcb605543a4c837371f28f92994bf956677f24 libbpf-1.2.3-1.fc40.x86_64.rpm 97e9e5339bb0ca6ce3d0195c8ebe48384bcfc087ee6bc7a35b1d27d4de23fbfa libbrotli-1.1.0-3.fc40.x86_64.rpm 8163fa05deeb06414a6e9ad78ba8d3e65eab9af87f35f0790f8c81bee8359ab6 libbsd-0.12.2-3.fc40.x86_64.rpm 0bdb66863b60abc8c2ca540e80ef58e9d4da3f700b685ecc49042616387dee8d libcap-2.69-8.fc40.i686.rpm @@ -250,8 +250,8 @@ c728dbd90872b7597a8ace70a70555bff576231bb6dbde14b75626d601706af8 p11-kit-trust- 5981cdaf35f2ea96236eaccf1ce476379e51e5883ce57343a7727626e9fd9da3 pam-libs-1.6.1-3.fc40.i686.rpm fb85b93438336461a0b2b878158e552d30b6fb663404475eb0a050b35fd5d35f pam-libs-1.6.1-3.fc40.x86_64.rpm 9bbce784622e02af0371ced8e9a7d26adba7eabd66ecfcb8bbe2d24cf616e3c1 parted-3.6-4.fc40.x86_64.rpm -f589c505169ab06a3249b4db7c5f4929fa5049a08950cbdda234223681633148 passt-0^20240821.g1d6142f-1.fc40.x86_64.rpm -9bd649835a1e9e211d46411986f3ad9159578572e9ac334678c5ff5aa34556cd passt-selinux-0^20240821.g1d6142f-1.fc40.noarch.rpm +f28384f2d445fdb3d4a6e1ca19d87eb0da82a61e10c878fd316429307e6fa4a8 passt-0^20240906.g6b38f07-1.fc40.x86_64.rpm +6d49aff6c1d0c15e7e1f42f464bb8524c72f1a9594057b877d66f44718b20cf7 passt-selinux-0^20240906.g6b38f07-1.fc40.noarch.rpm a0fb808d6b7ff8cd9cfdc1a60f213851cecdcace334d6e5aa1e0e54b81d79a25 pcre2-10.44-1.fc40.i686.rpm 73e50df09266fcffda9c24a3738f579dd365c2c187c294da054ef9915edc3851 pcre2-10.44-1.fc40.x86_64.rpm dbec699e88d42fc6fb1df0a8c0b9023941ed1b1b7625694253a612eaf9f2691d pcre2-syntax-10.44-1.fc40.noarch.rpm @@ -314,16 +314,16 @@ f2edc048484f98d9c52136539ff4720e124ded9619a54e97740bf69491bfc05c selinux-policy 0c1072b40e5fe451e7d2bc1a7530e743303591c3d26bce0ac2e09ff05b50ae26 shadow-utils-subid-4.15.1-3.fc40.x86_64.rpm 67eede27af5b4773eb2f7ac794df694be030310d40bce462864c05b8f65c87c3 socat-1.8.0.0-2.fc40.x86_64.rpm a1e23ae521e93ab19d3df77889a6a418c3432025e4880cfd893e40f7165876a7 sqlite-libs-3.45.1-2.fc40.x86_64.rpm -5c758f079525854951b2947468cf105cb93a9c5a52891eb75ee1fdb2b535def3 systemd-255.10-3.fc40.i686.rpm -de919f2e59e47536d8995bed16d01fce3f92fb2fb0f45a0c4812b1c848196b28 systemd-255.10-3.fc40.x86_64.rpm -2f661f5157dcbe1a8b7eb9b3add2967d2ce543f918e772dae812256a9bae0804 systemd-boot-unsigned-255.10-3.fc40.x86_64.rpm -f8514df5d5336e286b2852e099b26ce437cb3a70b25957c85efe51080138da37 systemd-libs-255.10-3.fc40.i686.rpm -c7b2a785ff09cd6bda9502476efd38da0ac6c6923fb22da28a0f9584af7556cf systemd-libs-255.10-3.fc40.x86_64.rpm -1d419b02c9c698ea61cf72202f815696ea7af948fc7eb7f75fc9873c5a87982f systemd-networkd-255.10-3.fc40.x86_64.rpm -5ad233464879b520ebf8b8a4b0efa04ed042fc5fcf520332893cd3eb2825d984 systemd-pam-255.10-3.fc40.i686.rpm -80899b235d777172b958e82065c21c070205eb45faa4e8222d2ad105734fcfa9 systemd-pam-255.10-3.fc40.x86_64.rpm -001feabc2da654b194feb61b301dc1a475f418ccddd7429b33914497581abdab systemd-resolved-255.10-3.fc40.x86_64.rpm -f08877a091d75a07b2855507565625ecca17e5efb6a709aad29d9abd654c9260 systemd-udev-255.10-3.fc40.x86_64.rpm +396c39638da6e98946f64e7c0fe54b147f9d8bf62bf5b0bed63d135902257cd0 systemd-255.12-1.fc40.i686.rpm +d3be67e8aa74e6ffb4ddff6ac42a3b8361c1450e31a8a4da5a886cd4f73a7cfb systemd-255.12-1.fc40.x86_64.rpm +8ccfeb100aba2f3d60c330c116e6abe908ea847cf4ec7519bdee590082cdff52 systemd-boot-unsigned-255.12-1.fc40.x86_64.rpm +5ecb10563e1641a3a370abf1645a7e4161cbd5e47563ca90f63028c8289be4b7 systemd-libs-255.12-1.fc40.i686.rpm +06b1e927bd8c386772eefbce7eb45015f20aff79bb2260660898069ef28dc9c3 systemd-libs-255.12-1.fc40.x86_64.rpm +a4f193cf893b65f7580feff3ff5fb3d50b8617b3292457d5e51312e57b777d19 systemd-networkd-255.12-1.fc40.x86_64.rpm +76eabba4c8a98aaccac8ecef7186fead475f44b2d03e53f2bdba2b557973cf64 systemd-pam-255.12-1.fc40.i686.rpm +44ef28bb78a75d182afe507537e88c8cff12da2dfd1766dc169f174346f1bd18 systemd-pam-255.12-1.fc40.x86_64.rpm +11b352e471b1025e706557b45758224a27e57fdee0b7df4300d5875e9c796f0d systemd-resolved-255.12-1.fc40.x86_64.rpm +42de89b7514f4864c1cf4a45078321e19e2d34739f612e89cc2164f24bef8b96 systemd-udev-255.12-1.fc40.x86_64.rpm 65819c502727dc293a71a74b9a5f6b0ba781f12a99c5d5535085f168e5eac56e tar-1.35-3.fc40.x86_64.rpm 0478e12152cc3432a31dfca5ddbc80966800af437c6d7c0b26be307d5e1272e7 tpm2-tools-5.7-1.fc40.x86_64.rpm c3be8a6d0ea23b1d0bf466b19857b97f7ffde811ad7adec0599161059d84cc74 tpm2-tss-4.1.3-1.fc40.x86_64.rpm @@ -335,17 +335,17 @@ c3be8a6d0ea23b1d0bf466b19857b97f7ffde811ad7adec0599161059d84cc74 tpm2-tss-4.1.3 41b777c50f1ec74795551c7d930a3d6eceab278ff03608893a5dbd49f2de5363 util-linux-2.40.1-1.fc40.x86_64.rpm 7ec1b5df780c5a30f8e901179480125a6ea87f1f7bad3b69da7f4b351b88c3dd util-linux-core-2.40-0.9.rc1.fc40.x86_64.rpm a00108f45cd60afffb9c1b5db8bef9c6fd5b3c233a546dde787efa5b4485e5b6 util-linux-core-2.40.1-1.fc40.x86_64.rpm -e628db101de7abf521cc792ae0b540424daee0f486913865b3a0553f85da4bbb vim-common-9.1.703-1.fc40.x86_64.rpm -f0f25976a9e4b1c2de3e5252273b86e484388312d3ab3359d42562c0cacf75e0 vim-data-9.1.703-1.fc40.noarch.rpm -ea583b2614de4351637182d2dc8a3de929c293615da9c6db581dac2a6f2adbfb vim-enhanced-9.1.703-1.fc40.x86_64.rpm -ffafca2aa509cb51553daea521268f7820038068d61655f9b1caad9b2b6683e5 vim-filesystem-9.1.703-1.fc40.noarch.rpm +245d6685d2a70e2b8556a689c8b8643886dfcccaf5b1ba7de22d6e0e70733f8d vim-common-9.1.719-1.fc40.x86_64.rpm +58916eeba8db00df5544001510343dcad1b65cdbba8570af7d2265f24adea958 vim-data-9.1.719-1.fc40.noarch.rpm +7e831338b3b095a2d6056c965549f991b3f4cf52b713d96a16859ae5bb78fca9 vim-enhanced-9.1.719-1.fc40.x86_64.rpm +eba02aafc793580784b306572b818af70fc9012072cf2a14d1195d6aff25608d vim-filesystem-9.1.719-1.fc40.noarch.rpm c5682a1b02bb02578e9997ae221a7f6c6db711084129824e207fe1febdc55b9d wget2-2.1.0-11.fc40.x86_64.rpm 38aaee4829df7e1a4719991c4fc6d65a1265b6a556b182ecac3145c287c320f4 wget2-libs-2.1.0-11.fc40.x86_64.rpm a12b44ee7cc5a0e916bcf72e80c4d618abb7406254578e947f3ba9dd0d445d25 wget2-wget-2.1.0-11.fc40.x86_64.rpm cf0306ceed1c6b3be39060d85f16b1953b464d3a625488b170d3b7aadf600645 which-2.21-41.fc40.x86_64.rpm 4ede95a2fa3bc0ae617c8bf3a375b800163d58733b4829b15d9f038505d79fee whois-nls-5.5.20-3.fc40.noarch.rpm e2195010e857f56b19246f8b821f9391922880b7691b3728a413f540edc890a6 xkeyboard-config-2.41-1.fc40.noarch.rpm -0ced8100c1c1a2e18806d574f1f79fcdd6c3d47ee386686f138cf9b65f582ca2 xxd-9.1.703-1.fc40.x86_64.rpm +cb9deebe9f55b4b936271b68bf11f4f09771f479936d6526186a85b28a513ce0 xxd-9.1.719-1.fc40.x86_64.rpm ee599a1c4d7ee635e54ec137af4dded83f433b9c8a5976f75ecdcd000b5246e3 xz-5.4.6-3.fc40.x86_64.rpm b92ef78d8ab424c22130e457d0ef691d8197bff61c3b8852205d1b02baba3819 xz-libs-5.4.6-3.fc40.i686.rpm b6ee44b3d7e494b0364f26b7d0b169a8092180af787423cd5e8a47dc0f738a66 xz-libs-5.4.6-3.fc40.x86_64.rpm From a295ecaffbc1c31a425a60e29e74e5726b2e3f7a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 17 Sep 2024 12:30:22 +0200 Subject: [PATCH 255/380] cli: add `--subscriptionID` flag for `iam create azure` command (#3328) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * deps: update Terraform azurerm to v4 * Set Azure subscription ID when applying Terraform files * Upgrade azurerm to v4.1.0 * Mark subscriptionID flag as not required * deps: tidy all modules --------- Signed-off-by: Daniel Weiße Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Daniel Weiße Co-authored-by: edgelessci --- .../constellation_iam_create/action.yml | 4 ++ .github/actions/e2e_test/action.yml | 4 ++ .github/workflows/e2e-test-daily.yml | 1 + .../workflows/e2e-test-provider-example.yml | 13 ++++++ .github/workflows/e2e-test-release.yml | 1 + .github/workflows/e2e-test-weekly.yml | 1 + .github/workflows/e2e-test.yml | 1 + .github/workflows/e2e-upgrade.yml | 1 + .github/workflows/e2e-windows.yml | 2 +- cli/internal/cloudcmd/iam.go | 2 + cli/internal/cloudcmd/tfvars.go | 2 + cli/internal/cmd/iamcreateazure.go | 14 +++++++ cli/internal/terraform/variables.go | 6 ++- cli/internal/terraform/variables_test.go | 10 +++-- .../vpn/on-prem-terraform/.terraform.lock.hcl | 42 ++++++++----------- dev-docs/howto/vpn/on-prem-terraform/main.tf | 8 +++- .../howto/vpn/on-prem-terraform/variables.tf | 6 +++ .../azure-terraform/.terraform.lock.hcl | 42 ++++++++----------- .../miniconstellation/azure-terraform/main.tf | 5 ++- docs/docs/getting-started/first-steps.md | 2 +- docs/docs/reference/cli.md | 1 + docs/docs/workflows/config.md | 2 +- e2e/miniconstellation/.terraform.lock.hcl | 42 ++++++++----------- e2e/miniconstellation/main.tf | 5 ++- .../examples/full/azure/main.tf | 3 ++ .../infrastructure/azure/.terraform.lock.hcl | 42 ++++++++----------- terraform/infrastructure/azure/main.tf | 10 +++-- .../modules/load_balancer_backend/main.tf | 2 +- .../azure/modules/scale_set/main.tf | 3 +- terraform/infrastructure/azure/variables.tf | 6 +++ .../iam/azure/.terraform.lock.hcl | 42 ++++++++----------- terraform/infrastructure/iam/azure/main.tf | 6 ++- .../infrastructure/iam/azure/variables.tf | 6 +++ 33 files changed, 200 insertions(+), 137 deletions(-) diff --git a/.github/actions/constellation_iam_create/action.yml b/.github/actions/constellation_iam_create/action.yml index eac3d0d76..3bb062dc1 100644 --- a/.github/actions/constellation_iam_create/action.yml +++ b/.github/actions/constellation_iam_create/action.yml @@ -27,6 +27,9 @@ inputs: # # Azure specific inputs # + azureSubscriptionID: + description: "Azure subscription ID to deploy Constellation in." + required: true azureRegion: description: "Azure region to deploy Constellation in." required: false @@ -77,6 +80,7 @@ runs: if: inputs.cloudProvider == 'azure' run: | constellation iam create azure \ + --subscriptionID="${{ inputs.azureSubscriptionID }}" \ --region="${{ inputs.azureRegion }}" \ --resourceGroup="${{ inputs.namePrefix }}-rg" \ --servicePrincipal="${{ inputs.namePrefix }}-sp" \ diff --git a/.github/actions/e2e_test/action.yml b/.github/actions/e2e_test/action.yml index bcd315cbd..c2cca982d 100644 --- a/.github/actions/e2e_test/action.yml +++ b/.github/actions/e2e_test/action.yml @@ -46,6 +46,9 @@ inputs: description: "AWS OpenSearch User to upload the benchmark results." awsOpenSearchPwd: description: "AWS OpenSearch Password to upload the benchmark results." + azureSubscriptionID: + description: "Azure subscription ID to deploy Constellation in." + required: true azureClusterCreateCredentials: description: "Azure credentials authorized to create a Constellation cluster." required: true @@ -249,6 +252,7 @@ runs: attestationVariant: ${{ inputs.attestationVariant }} namePrefix: ${{ steps.create-prefix.outputs.prefix }} awsZone: ${{ inputs.regionZone || 'us-east-2c' }} + azureSubscriptionID: ${{ inputs.azureSubscriptionID }} azureRegion: ${{ inputs.regionZone || steps.pick-az-region.outputs.region }} gcpProjectID: ${{ inputs.gcpProject }} gcpZone: ${{ inputs.regionZone || 'europe-west3-b' }} diff --git a/.github/workflows/e2e-test-daily.yml b/.github/workflows/e2e-test-daily.yml index 55e9ccb1f..ccac30e5c 100644 --- a/.github/workflows/e2e-test-daily.yml +++ b/.github/workflows/e2e-test-daily.yml @@ -90,6 +90,7 @@ jobs: gcpIAMCreateServiceAccount: "iam-e2e@constellation-e2e.iam.gserviceaccount.com" kubernetesVersion: ${{ matrix.kubernetesVersion }} test: ${{ matrix.test }} + azureSubscriptionID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} azureClusterCreateCredentials: ${{ secrets.AZURE_E2E_CLUSTER_CREDENTIALS }} azureIAMCreateCredentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }} registry: ghcr.io diff --git a/.github/workflows/e2e-test-provider-example.yml b/.github/workflows/e2e-test-provider-example.yml index 592492f84..6a66c2016 100644 --- a/.github/workflows/e2e-test-provider-example.yml +++ b/.github/workflows/e2e-test-provider-example.yml @@ -306,6 +306,19 @@ jobs: cat >> _override.tf <> _override.tf < ```bash - constellation iam create azure --region=westus --resourceGroup=constellTest --servicePrincipal=spTest --update-config + constellation iam create azure --subscriptionID 00000000-0000-0000-0000-000000000000 --region=westus --resourceGroup=constellTest --servicePrincipal=spTest --update-config ``` This command creates IAM configuration on the Azure region `westus` creating a new resource group `constellTest` and a new service principal `spTest`. It also updates the configuration file `constellation-conf.yaml` in your current directory with the IAM values filled in. diff --git a/docs/docs/reference/cli.md b/docs/docs/reference/cli.md index 6a911034e..99acef520 100644 --- a/docs/docs/reference/cli.md +++ b/docs/docs/reference/cli.md @@ -655,6 +655,7 @@ constellation iam create azure [flags] --region string region the resources will be created in, e.g., westus (required) --resourceGroup string name prefix of the two resource groups your cluster / IAM resources will be created in (required) --servicePrincipal string name of the service principal that will be created (required) + --subscriptionID string subscription ID of the Azure account. Required if the 'ARM_SUBSCRIPTION_ID' environment variable is not set ``` ### Options inherited from parent commands diff --git a/docs/docs/workflows/config.md b/docs/docs/workflows/config.md index 120bf8ed7..95f791acd 100644 --- a/docs/docs/workflows/config.md +++ b/docs/docs/workflows/config.md @@ -184,7 +184,7 @@ Paste the output into the corresponding fields of the `constellation-conf.yaml` You must be authenticated with the [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). ```bash -constellation iam create azure --region=westus --resourceGroup=constellTest --servicePrincipal=spTest +constellation iam create azure --subscriptionID 00000000-0000-0000-0000-000000000000 --region=westus --resourceGroup=constellTest --servicePrincipal=spTest ``` This command creates IAM configuration on the Azure region `westus` creating a new resource group `constellTest` and a new service principal `spTest`. diff --git a/e2e/miniconstellation/.terraform.lock.hcl b/e2e/miniconstellation/.terraform.lock.hcl index 54208c1ec..842851385 100644 --- a/e2e/miniconstellation/.terraform.lock.hcl +++ b/e2e/miniconstellation/.terraform.lock.hcl @@ -2,31 +2,25 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.111.0" - constraints = "3.111.0" + version = "4.1.0" + constraints = "4.1.0" hashes = [ - "h1:06sKYI5V2anZnr7t3lOpzO3DSd3AVTGO+53a4OauwoI=", - "h1:1gVEyHY/I1EMev2vbb6C6o0fAR+pEZrwGDeqRCDOhvE=", - "h1:6mCR0XyitRMsVfvPVpaTGsyNvc44vGeyr5c1O8kryno=", - "h1:8r1THxkuezf0Hys/wnVlPibEB7BeXd6FBahH+xWnmeI=", - "h1:Q7QmdpMoWo5yQilXPzHjErBe58RVEbGDtM8XB4uGtnw=", - "h1:WkapXDimZe5CzZpq3hIrz3RJ5MqIwF0rbL2i3HcPtGw=", - "h1:ipFQShK0j3mtJeSgSBQDR985KzwC19913+0GkiF8Sfo=", - "h1:oX22BXo+EthR6z90Yuu7EopfeSyG5dxehOrSWbsE+jk=", - "h1:oy2sT6XGlo+axoqFYGd6JceoqJTlWOaVKS0rJB0hRus=", - "h1:uuThLccbeEWYo2wpwDmlZ+TGfm7zCrwaJdw91TA3azg=", - "h1:vgrdy5JWGAK5N44/V75etoHIAMvXKNlMrIHTaWApehA=", - "zh:0db8afb9278993df7e74796bdd125153b07a7045e5ca1756783a8b8cfec564f4", - "zh:22c424fcfda13dc720caa289248c1b71b2ad20e329fd4a52cc6be7e45f795a4a", - "zh:471a2c1d7353bc21ef28963f006d2cf5276e7885b423fc0b73f2d8ce6cde72dd", - "zh:68bf81cb353c755d48792e881b6405919daa041e35de1d510209237d90d6c21f", - "zh:841d8664955bbc77f12095c9b1a4b3923362564a790fd945337759e9bc95d07e", - "zh:86e92f959056c573bf4b2be1d6cfa838dab06d3e5a944f371a1131e4c6477d88", - "zh:95a096ced57616659687970b5d618c2ce3cd54fa0311b7a7569435cacf39f26f", - "zh:c5656a11253ffdaee973e7292dd3c10a1db81f1fc9ee2d3041ae1182f7d25379", - "zh:cd6a1049de69280f339d6f83f30a9006bbe003a840a39eb7b5900990c5aadbb0", - "zh:e7b3d96f0c9ea47261dbd015f1f64fdb43c8ccb196afda862c0865e30d88245c", - "zh:f1ec7da6ab5526845274bff77e023b9faec71c2cf38bd18587274932b2aa2e89", + "h1:K2OLOYxwF/onOegr+Y6Sfu/DjEjDLobQBBrLBF3i9TI=", + "h1:cwtEEnEESVOgcxtXGz0A2wXCiNZIzm3dC2xHmYuxg9M=", + "h1:dKXFrVrjv579ax6iX4wc6lmEAVFsr3iTDjErnPHIjH4=", + "h1:iqN6KxIOGYv0N1p5xfNTgsjvDHpE3bZM8s5vIAEgfnQ=", + "h1:qDmSr5+vMVdWmfBEaIwqSLo5ZLyYk7KYoJo5flny6lk=", + "zh:3f332bca3a8b7dc982e428e09c73862d1afda34c2ad7803e70d8ba7b9e2445fd", + "zh:66b7e4a7a4fd06e0a5a3a22b4f76bda48e50ed3dd26c388738d9cc882b801bce", + "zh:6a271175d6e079241f24129f5026e0b16f04e7a548807f115600003d615e0ec3", + "zh:7a6abc7e2ae8d1041d0446bbe87156e0436639676ee1fad40321e8ee6759a454", + "zh:903f6e7f03e5952347ce6ee589d58c829179f2f22220f25cf52ae4efecd7053c", + "zh:a572b9834cf3b51799c82c5009705c59309d947a6ecdb7e17729868c55e7d0e0", + "zh:a7fca14338f0cfb82b17ce085400c210cbc986a87086702e3a11efcb4e53d6e4", + "zh:af36c7004702b0a273794914a17a77af1eb972caaad64e0068739e55c1488845", + "zh:b36f308db1cdc02dee659e3e518186d7dec970d88b6149be3f6b3f8d544e4282", + "zh:bedf6d13cf4bccc128d8cbb0703a3a8b547629674439ffda5e73563ab775d0f7", + "zh:d1df286a2e5d4a5f6a7f4d29700a25588167ccffa31c686550ef617503df3254", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } diff --git a/e2e/miniconstellation/main.tf b/e2e/miniconstellation/main.tf index c2e1bc2a5..e4aa02b3f 100644 --- a/e2e/miniconstellation/main.tf +++ b/e2e/miniconstellation/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.111.0" + version = "4.1.0" } random = { source = "hashicorp/random" @@ -22,6 +22,9 @@ terraform { provider "azurerm" { use_oidc = true features {} + # This enables all resource providers. + # In the future, we might want to use `resource_providers_to_register` to registers just the ones we need. + resource_provider_registrations = "all" } provider "tls" {} diff --git a/terraform-provider-constellation/examples/full/azure/main.tf b/terraform-provider-constellation/examples/full/azure/main.tf index 0a2afd44c..f1f567940 100644 --- a/terraform-provider-constellation/examples/full/azure/main.tf +++ b/terraform-provider-constellation/examples/full/azure/main.tf @@ -22,6 +22,7 @@ locals { control_plane_count = 3 worker_count = 2 instance_type = "Standard_DC4as_v5" + subscription_id = "00000000-0000-0000-0000-000000000000" master_secret = random_bytes.master_secret.hex master_secret_salt = random_bytes.master_secret_salt.hex @@ -43,6 +44,7 @@ resource "random_bytes" "measurement_salt" { module "azure_iam" { // replace $VERSION with the Constellation version you want to use, e.g., v2.14.0 source = "https://github.com/edgelesssys/constellation/releases/download/$VERSION/terraform-module.zip//terraform-module/iam/azure" + subscription_id = local.subscription_id location = local.location service_principal_name = "${local.name}-sp" resource_group_name = "${local.name}-rg" @@ -51,6 +53,7 @@ module "azure_iam" { module "azure_infrastructure" { // replace $VERSION with the Constellation version you want to use, e.g., v2.14.0 source = "https://github.com/edgelesssys/constellation/releases/download/$VERSION/terraform-module.zip//terraform-module/azure" + subscription_id = local.subscription_id name = local.name user_assigned_identity = module.azure_iam.uami_id node_groups = { diff --git a/terraform/infrastructure/azure/.terraform.lock.hcl b/terraform/infrastructure/azure/.terraform.lock.hcl index 8ceeadbf5..78936e6a3 100644 --- a/terraform/infrastructure/azure/.terraform.lock.hcl +++ b/terraform/infrastructure/azure/.terraform.lock.hcl @@ -2,31 +2,25 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.111.0" - constraints = "3.111.0" + version = "4.1.0" + constraints = "4.1.0" hashes = [ - "h1:06sKYI5V2anZnr7t3lOpzO3DSd3AVTGO+53a4OauwoI=", - "h1:1gVEyHY/I1EMev2vbb6C6o0fAR+pEZrwGDeqRCDOhvE=", - "h1:6mCR0XyitRMsVfvPVpaTGsyNvc44vGeyr5c1O8kryno=", - "h1:8r1THxkuezf0Hys/wnVlPibEB7BeXd6FBahH+xWnmeI=", - "h1:Q7QmdpMoWo5yQilXPzHjErBe58RVEbGDtM8XB4uGtnw=", - "h1:WkapXDimZe5CzZpq3hIrz3RJ5MqIwF0rbL2i3HcPtGw=", - "h1:ipFQShK0j3mtJeSgSBQDR985KzwC19913+0GkiF8Sfo=", - "h1:oX22BXo+EthR6z90Yuu7EopfeSyG5dxehOrSWbsE+jk=", - "h1:oy2sT6XGlo+axoqFYGd6JceoqJTlWOaVKS0rJB0hRus=", - "h1:uuThLccbeEWYo2wpwDmlZ+TGfm7zCrwaJdw91TA3azg=", - "h1:vgrdy5JWGAK5N44/V75etoHIAMvXKNlMrIHTaWApehA=", - "zh:0db8afb9278993df7e74796bdd125153b07a7045e5ca1756783a8b8cfec564f4", - "zh:22c424fcfda13dc720caa289248c1b71b2ad20e329fd4a52cc6be7e45f795a4a", - "zh:471a2c1d7353bc21ef28963f006d2cf5276e7885b423fc0b73f2d8ce6cde72dd", - "zh:68bf81cb353c755d48792e881b6405919daa041e35de1d510209237d90d6c21f", - "zh:841d8664955bbc77f12095c9b1a4b3923362564a790fd945337759e9bc95d07e", - "zh:86e92f959056c573bf4b2be1d6cfa838dab06d3e5a944f371a1131e4c6477d88", - "zh:95a096ced57616659687970b5d618c2ce3cd54fa0311b7a7569435cacf39f26f", - "zh:c5656a11253ffdaee973e7292dd3c10a1db81f1fc9ee2d3041ae1182f7d25379", - "zh:cd6a1049de69280f339d6f83f30a9006bbe003a840a39eb7b5900990c5aadbb0", - "zh:e7b3d96f0c9ea47261dbd015f1f64fdb43c8ccb196afda862c0865e30d88245c", - "zh:f1ec7da6ab5526845274bff77e023b9faec71c2cf38bd18587274932b2aa2e89", + "h1:K2OLOYxwF/onOegr+Y6Sfu/DjEjDLobQBBrLBF3i9TI=", + "h1:cwtEEnEESVOgcxtXGz0A2wXCiNZIzm3dC2xHmYuxg9M=", + "h1:dKXFrVrjv579ax6iX4wc6lmEAVFsr3iTDjErnPHIjH4=", + "h1:iqN6KxIOGYv0N1p5xfNTgsjvDHpE3bZM8s5vIAEgfnQ=", + "h1:qDmSr5+vMVdWmfBEaIwqSLo5ZLyYk7KYoJo5flny6lk=", + "zh:3f332bca3a8b7dc982e428e09c73862d1afda34c2ad7803e70d8ba7b9e2445fd", + "zh:66b7e4a7a4fd06e0a5a3a22b4f76bda48e50ed3dd26c388738d9cc882b801bce", + "zh:6a271175d6e079241f24129f5026e0b16f04e7a548807f115600003d615e0ec3", + "zh:7a6abc7e2ae8d1041d0446bbe87156e0436639676ee1fad40321e8ee6759a454", + "zh:903f6e7f03e5952347ce6ee589d58c829179f2f22220f25cf52ae4efecd7053c", + "zh:a572b9834cf3b51799c82c5009705c59309d947a6ecdb7e17729868c55e7d0e0", + "zh:a7fca14338f0cfb82b17ce085400c210cbc986a87086702e3a11efcb4e53d6e4", + "zh:af36c7004702b0a273794914a17a77af1eb972caaad64e0068739e55c1488845", + "zh:b36f308db1cdc02dee659e3e518186d7dec970d88b6149be3f6b3f8d544e4282", + "zh:bedf6d13cf4bccc128d8cbb0703a3a8b547629674439ffda5e73563ab775d0f7", + "zh:d1df286a2e5d4a5f6a7f4d29700a25588167ccffa31c686550ef617503df3254", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } diff --git a/terraform/infrastructure/azure/main.tf b/terraform/infrastructure/azure/main.tf index e93da4745..7f8214540 100644 --- a/terraform/infrastructure/azure/main.tf +++ b/terraform/infrastructure/azure/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.111.0" + version = "4.1.0" } random = { source = "hashicorp/random" @@ -17,6 +17,10 @@ provider "azurerm" { prevent_deletion_if_contains_resources = false } } + subscription_id = var.subscription_id + # This enables all resource providers. + # In the future, we might want to use `resource_providers_to_register` to registers just the ones we need. + resource_provider_registrations = "all" } locals { @@ -266,8 +270,8 @@ module "scale_set_group" { marketplace_image = var.marketplace_image # We still depend on the backends, since we are not sure if the VMs inside the VMSS have been - # "updated" to the new version (note: this is the update in Azure which "refreshes" the NICs and not - # our Constellation update). + # "updated" to the new version (note: this is the update in Azure which "refreshes" the NICs and not + # our Constellation update). # TODO(@3u13r): Remove this dependency after v2.18.0 has been released. depends_on = [module.loadbalancer_backend_worker, azurerm_lb_backend_address_pool.all] } diff --git a/terraform/infrastructure/azure/modules/load_balancer_backend/main.tf b/terraform/infrastructure/azure/modules/load_balancer_backend/main.tf index bd2d05ac7..31ffa3781 100644 --- a/terraform/infrastructure/azure/modules/load_balancer_backend/main.tf +++ b/terraform/infrastructure/azure/modules/load_balancer_backend/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.111.0" + version = "4.1.0" } } } diff --git a/terraform/infrastructure/azure/modules/scale_set/main.tf b/terraform/infrastructure/azure/modules/scale_set/main.tf index 9bd3d6cb9..86e95b0ff 100644 --- a/terraform/infrastructure/azure/modules/scale_set/main.tf +++ b/terraform/infrastructure/azure/modules/scale_set/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.111.0" + version = "4.1.0" } random = { source = "hashicorp/random" @@ -45,6 +45,7 @@ resource "azurerm_linux_virtual_machine_scale_set" "scale_set" { provision_vm_agent = false vtpm_enabled = true disable_password_authentication = false + extension_operations_enabled = false upgrade_mode = "Manual" secure_boot_enabled = var.secure_boot # specify the image id only if a non-marketplace image is used diff --git a/terraform/infrastructure/azure/variables.tf b/terraform/infrastructure/azure/variables.tf index 577cdd4f0..a3ab1fd0b 100644 --- a/terraform/infrastructure/azure/variables.tf +++ b/terraform/infrastructure/azure/variables.tf @@ -46,6 +46,12 @@ variable "internal_load_balancer" { # Azure-specific variables +variable "subscription_id" { + type = string + description = "Azure subscription ID. This can also be sourced from the ARM_SUBSCRIPTION_ID environment variable: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs#subscription_id" + default = "" +} + variable "location" { type = string description = "Azure location to deploy the cluster in." diff --git a/terraform/infrastructure/iam/azure/.terraform.lock.hcl b/terraform/infrastructure/iam/azure/.terraform.lock.hcl index ed0aff224..db90d94e1 100644 --- a/terraform/infrastructure/iam/azure/.terraform.lock.hcl +++ b/terraform/infrastructure/iam/azure/.terraform.lock.hcl @@ -32,31 +32,25 @@ provider "registry.terraform.io/hashicorp/azuread" { } provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.111.0" - constraints = "3.111.0" + version = "4.1.0" + constraints = "4.1.0" hashes = [ - "h1:06sKYI5V2anZnr7t3lOpzO3DSd3AVTGO+53a4OauwoI=", - "h1:1gVEyHY/I1EMev2vbb6C6o0fAR+pEZrwGDeqRCDOhvE=", - "h1:6mCR0XyitRMsVfvPVpaTGsyNvc44vGeyr5c1O8kryno=", - "h1:8r1THxkuezf0Hys/wnVlPibEB7BeXd6FBahH+xWnmeI=", - "h1:Q7QmdpMoWo5yQilXPzHjErBe58RVEbGDtM8XB4uGtnw=", - "h1:WkapXDimZe5CzZpq3hIrz3RJ5MqIwF0rbL2i3HcPtGw=", - "h1:ipFQShK0j3mtJeSgSBQDR985KzwC19913+0GkiF8Sfo=", - "h1:oX22BXo+EthR6z90Yuu7EopfeSyG5dxehOrSWbsE+jk=", - "h1:oy2sT6XGlo+axoqFYGd6JceoqJTlWOaVKS0rJB0hRus=", - "h1:uuThLccbeEWYo2wpwDmlZ+TGfm7zCrwaJdw91TA3azg=", - "h1:vgrdy5JWGAK5N44/V75etoHIAMvXKNlMrIHTaWApehA=", - "zh:0db8afb9278993df7e74796bdd125153b07a7045e5ca1756783a8b8cfec564f4", - "zh:22c424fcfda13dc720caa289248c1b71b2ad20e329fd4a52cc6be7e45f795a4a", - "zh:471a2c1d7353bc21ef28963f006d2cf5276e7885b423fc0b73f2d8ce6cde72dd", - "zh:68bf81cb353c755d48792e881b6405919daa041e35de1d510209237d90d6c21f", - "zh:841d8664955bbc77f12095c9b1a4b3923362564a790fd945337759e9bc95d07e", - "zh:86e92f959056c573bf4b2be1d6cfa838dab06d3e5a944f371a1131e4c6477d88", - "zh:95a096ced57616659687970b5d618c2ce3cd54fa0311b7a7569435cacf39f26f", - "zh:c5656a11253ffdaee973e7292dd3c10a1db81f1fc9ee2d3041ae1182f7d25379", - "zh:cd6a1049de69280f339d6f83f30a9006bbe003a840a39eb7b5900990c5aadbb0", - "zh:e7b3d96f0c9ea47261dbd015f1f64fdb43c8ccb196afda862c0865e30d88245c", - "zh:f1ec7da6ab5526845274bff77e023b9faec71c2cf38bd18587274932b2aa2e89", + "h1:K2OLOYxwF/onOegr+Y6Sfu/DjEjDLobQBBrLBF3i9TI=", + "h1:cwtEEnEESVOgcxtXGz0A2wXCiNZIzm3dC2xHmYuxg9M=", + "h1:dKXFrVrjv579ax6iX4wc6lmEAVFsr3iTDjErnPHIjH4=", + "h1:iqN6KxIOGYv0N1p5xfNTgsjvDHpE3bZM8s5vIAEgfnQ=", + "h1:qDmSr5+vMVdWmfBEaIwqSLo5ZLyYk7KYoJo5flny6lk=", + "zh:3f332bca3a8b7dc982e428e09c73862d1afda34c2ad7803e70d8ba7b9e2445fd", + "zh:66b7e4a7a4fd06e0a5a3a22b4f76bda48e50ed3dd26c388738d9cc882b801bce", + "zh:6a271175d6e079241f24129f5026e0b16f04e7a548807f115600003d615e0ec3", + "zh:7a6abc7e2ae8d1041d0446bbe87156e0436639676ee1fad40321e8ee6759a454", + "zh:903f6e7f03e5952347ce6ee589d58c829179f2f22220f25cf52ae4efecd7053c", + "zh:a572b9834cf3b51799c82c5009705c59309d947a6ecdb7e17729868c55e7d0e0", + "zh:a7fca14338f0cfb82b17ce085400c210cbc986a87086702e3a11efcb4e53d6e4", + "zh:af36c7004702b0a273794914a17a77af1eb972caaad64e0068739e55c1488845", + "zh:b36f308db1cdc02dee659e3e518186d7dec970d88b6149be3f6b3f8d544e4282", + "zh:bedf6d13cf4bccc128d8cbb0703a3a8b547629674439ffda5e73563ab775d0f7", + "zh:d1df286a2e5d4a5f6a7f4d29700a25588167ccffa31c686550ef617503df3254", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } diff --git a/terraform/infrastructure/iam/azure/main.tf b/terraform/infrastructure/iam/azure/main.tf index c6e380dd5..d8e6dac2d 100644 --- a/terraform/infrastructure/iam/azure/main.tf +++ b/terraform/infrastructure/iam/azure/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "3.111.0" + version = "4.1.0" } azuread = { source = "hashicorp/azuread" @@ -18,6 +18,10 @@ provider "azurerm" { prevent_deletion_if_contains_resources = false } } + subscription_id = var.subscription_id + # This enables all resource providers. + # In the future, we might want to use `resource_providers_to_register` to registers just the ones we need. + resource_provider_registrations = "all" } # Configure Azure active directory provider diff --git a/terraform/infrastructure/iam/azure/variables.tf b/terraform/infrastructure/iam/azure/variables.tf index 4a63ba609..28c75e840 100644 --- a/terraform/infrastructure/iam/azure/variables.tf +++ b/terraform/infrastructure/iam/azure/variables.tf @@ -1,3 +1,9 @@ +variable "subscription_id" { + type = string + description = "Azure subscription ID. This can also be sourced from the ARM_SUBSCRIPTION_ID environment variable: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs#subscription_id" + default = "" +} + variable "resource_group_name" { type = string description = "Name for the resource group the cluster should reside in." From 1f887c7868f666aa0f351d0decf0e2d70fcd008f Mon Sep 17 00:00:00 2001 From: 3u13r Date: Tue, 17 Sep 2024 14:07:28 +0200 Subject: [PATCH 256/380] image: re-enable autologin for debug and console images (#3355) * image: remove autologin via mkosi In mkosi v24 --autologin no longer works for ttyS consoles. Since the CSPs use those exclusively for their serial consoles, we need to replace this with another solution (see next commit) * image: add getty systemd unit for debug images This replaces the mkosi --autologin solution with a getty systemd unit for ttyS0. Note that both console and debug images hace their consoles enabled. --- bazel/mkosi/mkosi_image.bzl | 3 --- .../20-constellation-base.preset | 1 + .../autologin.conf | 12 +++++++++ image/system/BUILD.bazel | 7 +----- image/system/variants.bzl | 25 ++----------------- 5 files changed, 16 insertions(+), 32 deletions(-) create mode 100644 image/sysroot-tree/usr/lib/systemd/system/serial-getty@ttyS0.service.d/autologin.conf diff --git a/bazel/mkosi/mkosi_image.bzl b/bazel/mkosi/mkosi_image.bzl index 6af63dff1..fb11a81c2 100644 --- a/bazel/mkosi/mkosi_image.bzl +++ b/bazel/mkosi/mkosi_image.bzl @@ -70,8 +70,6 @@ def _mkosi_image_impl(ctx): args.add("--kernel-command-line", ctx.attr.kernel_command_line) for key, value in ctx.attr.kernel_command_line_dict.items(): args.add("--kernel-command-line", "{}={}".format(key, value)) - if ctx.attr.autologin: - args.add("--autologin", "yes") info = ctx.toolchains["@constellation//bazel/mkosi:toolchain_type"].mkosi if not info.valid: @@ -110,7 +108,6 @@ mkosi_image = rule( implementation = _mkosi_image_impl, attrs = { "architecture": attr.string(), - "autologin": attr.bool(), "base_trees": attr.label_list(allow_files = True), "distribution": attr.string(), "env": attr.string_dict(), diff --git a/image/sysroot-tree/usr/lib/systemd/system-preset/20-constellation-base.preset b/image/sysroot-tree/usr/lib/systemd/system-preset/20-constellation-base.preset index b213385af..f74d34ec8 100644 --- a/image/sysroot-tree/usr/lib/systemd/system-preset/20-constellation-base.preset +++ b/image/sysroot-tree/usr/lib/systemd/system-preset/20-constellation-base.preset @@ -2,6 +2,7 @@ enable systemd-timesyncd.service enable systemd-networkd.service enable systemd-networkd-wait-online.service enable configure-constel-csp.service +enable serial-getty@tty0.service enable dbus.service enable dbus-broker.service enable dbus-daemon.service diff --git a/image/sysroot-tree/usr/lib/systemd/system/serial-getty@ttyS0.service.d/autologin.conf b/image/sysroot-tree/usr/lib/systemd/system/serial-getty@ttyS0.service.d/autologin.conf new file mode 100644 index 000000000..77db15a0a --- /dev/null +++ b/image/sysroot-tree/usr/lib/systemd/system/serial-getty@ttyS0.service.d/autologin.conf @@ -0,0 +1,12 @@ +[Unit] +Description=autologin +ConditionPathExists=/proc/cmdline +ConditionKernelCommandLine=|constellation.console +ConditionKernelCommandLine=|constellation.debug + +[Service] +ExecStart= +ExecStart=-/sbin/agetty -o '-p -f -- \\u' --keep-baud --autologin root 115200,57600,38400,9600 - $TERM + +[Install] +WantedBy=multi-user.target diff --git a/image/system/BUILD.bazel b/image/system/BUILD.bazel index 3765667b8..3a51c92a4 100644 --- a/image/system/BUILD.bazel +++ b/image/system/BUILD.bazel @@ -1,6 +1,6 @@ load("//bazel/mkosi:mkosi_image.bzl", "mkosi_image") load("//bazel/osimage:upload_os_images.bzl", "upload_os_images") -load(":variants.bzl", "CSPS", "STREAMS", "VARIANTS", "autologin", "base_image", "constellation_packages", "images_for_csp", "images_for_csp_and_stream", "images_for_stream", "kernel_command_line", "kernel_command_line_dict") +load(":variants.bzl", "CSPS", "STREAMS", "VARIANTS", "base_image", "constellation_packages", "images_for_csp", "images_for_csp_and_stream", "images_for_stream", "kernel_command_line", "kernel_command_line_dict") [ mkosi_image( @@ -10,11 +10,6 @@ load(":variants.bzl", "CSPS", "STREAMS", "VARIANTS", "autologin", "base_image", ] + glob([ "mkosi.repart/**", ]), - autologin = autologin( - variant["csp"], - variant["attestation_variant"], - stream, - ), base_trees = [ base_image( variant["csp"], diff --git a/image/system/variants.bzl b/image/system/variants.bzl index 3cca05c95..cfc8c5392 100644 --- a/image/system/variants.bzl +++ b/image/system/variants.bzl @@ -86,7 +86,7 @@ csp_settings = { }, }, "qemu": { - "autologin": True, + "kernel_command_line": "constellation.console", # All qemu images have console enabled independent of stream "kernel_command_line_dict": { "console": "ttyS0", "constel.csp": "qemu", @@ -136,10 +136,9 @@ attestation_variant_settings = { stream_settings = { "console": { - "autologin": True, + "kernel_command_line": "constellation.console", }, "debug": { - "autologin": True, "kernel_command_line": "constellation.debug", }, "nightly": {}, @@ -181,26 +180,6 @@ def constellation_packages(stream): "//bootstrapper/cmd/bootstrapper:bootstrapper-package", ] + base_packages -def autologin(csp, attestation_variant, stream): - """Generates a boolean indicating whether autologin should be enabled for the given csp, attestation_variant and stream. - - Args: - csp: The cloud service provider to use. - attestation_variant: The attestation variant to use. - stream: The stream to use. - - Returns: - A boolean indicating whether autologin should be enabled. - """ - out = None - for settings in from_settings(csp, attestation_variant, stream): - if not "autologin" in settings: - continue - if out != None and out != settings["autologin"]: - fail("Inconsistent autologin settings") - out = settings["autologin"] - return out - def kernel_command_line(csp, attestation_variant, stream): cmdline = base_cmdline for settings in from_settings(csp, attestation_variant, stream, default = {}): From d2cbc0adef79b8500670dd7bc9c2d7cc4a5540a8 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Tue, 17 Sep 2024 15:01:33 +0200 Subject: [PATCH 257/380] terraform: enable serial console by default (#3360) --- terraform/infrastructure/azure/modules/jump_host/main.tf | 2 +- terraform/infrastructure/azure/modules/scale_set/main.tf | 4 +++- terraform/infrastructure/gcp/modules/instance_group/main.tf | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/terraform/infrastructure/azure/modules/jump_host/main.tf b/terraform/infrastructure/azure/modules/jump_host/main.tf index c35136ff7..ba7d5f726 100644 --- a/terraform/infrastructure/azure/modules/jump_host/main.tf +++ b/terraform/infrastructure/azure/modules/jump_host/main.tf @@ -29,7 +29,7 @@ resource "azurerm_linux_virtual_machine" "jump_host" { } boot_diagnostics { - + storage_account_uri = null } user_data = base64encode(< Date: Tue, 17 Sep 2024 15:33:08 +0200 Subject: [PATCH 258/380] docs: fix broken links (#3359) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Update cosign installation guide link * Update cosign overview link * Update cosign sbom link --------- Signed-off-by: Daniel Weiße --- docs/docs/workflows/sbom.md | 2 +- docs/docs/workflows/verify-cli.md | 4 ++-- docs/versioned_docs/version-2.0/workflows/verify-cli.md | 4 ++-- docs/versioned_docs/version-2.1/workflows/verify-cli.md | 4 ++-- docs/versioned_docs/version-2.10/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.10/workflows/verify-cli.md | 4 ++-- docs/versioned_docs/version-2.11/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.11/workflows/verify-cli.md | 4 ++-- docs/versioned_docs/version-2.12/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.12/workflows/verify-cli.md | 4 ++-- docs/versioned_docs/version-2.13/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.13/workflows/verify-cli.md | 4 ++-- docs/versioned_docs/version-2.14/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.14/workflows/verify-cli.md | 4 ++-- docs/versioned_docs/version-2.15/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.15/workflows/verify-cli.md | 4 ++-- docs/versioned_docs/version-2.16/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.16/workflows/verify-cli.md | 4 ++-- docs/versioned_docs/version-2.17/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.17/workflows/verify-cli.md | 4 ++-- docs/versioned_docs/version-2.2/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.2/workflows/verify-cli.md | 4 ++-- docs/versioned_docs/version-2.3/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.3/workflows/verify-cli.md | 4 ++-- docs/versioned_docs/version-2.4/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.4/workflows/verify-cli.md | 4 ++-- docs/versioned_docs/version-2.5/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.5/workflows/verify-cli.md | 4 ++-- docs/versioned_docs/version-2.6/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.6/workflows/verify-cli.md | 4 ++-- docs/versioned_docs/version-2.7/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.7/workflows/verify-cli.md | 4 ++-- docs/versioned_docs/version-2.8/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.8/workflows/verify-cli.md | 4 ++-- docs/versioned_docs/version-2.9/workflows/sbom.md | 2 +- docs/versioned_docs/version-2.9/workflows/verify-cli.md | 4 ++-- 36 files changed, 55 insertions(+), 55 deletions(-) diff --git a/docs/docs/workflows/sbom.md b/docs/docs/workflows/sbom.md index ca1ae7d4b..6c1702dee 100644 --- a/docs/docs/workflows/sbom.md +++ b/docs/docs/workflows/sbom.md @@ -40,7 +40,7 @@ cosign verify-blob --key cosign.pub --signature constellation.spdx.sbom.sig cons ### Container Images -SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/signing/other_types#sboms-software-bill-of-materials) and uploaded to the same registry. +SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/cosign/signing/other_types/#sboms-software-bill-of-materials) and uploaded to the same registry. As a consumer, use cosign to download and verify the SBOM: diff --git a/docs/docs/workflows/verify-cli.md b/docs/docs/workflows/verify-cli.md index 86392346b..e33569d37 100644 --- a/docs/docs/workflows/verify-cli.md +++ b/docs/docs/workflows/verify-cli.md @@ -8,7 +8,7 @@ This recording presents the essence of this page. It's recommended to read it in --- -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/cosign/signing/overview/), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -37,7 +37,7 @@ You don't need to verify the Constellation node images. This is done automatical This guide assumes Linux on an amd64 processor. The exact steps for other platforms differ slightly. ::: -First, [install the Cosign CLI](https://docs.sigstore.dev/system_config/installation). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: +First, [install the Cosign CLI](https://docs.sigstore.dev/cosign/system_config/installation/). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: ```shell-session $ cosign verify-blob --key https://edgeless.systems/es.pub --signature constellation-linux-amd64.sig constellation-linux-amd64 diff --git a/docs/versioned_docs/version-2.0/workflows/verify-cli.md b/docs/versioned_docs/version-2.0/workflows/verify-cli.md index a65a5a749..52ed24d95 100644 --- a/docs/versioned_docs/version-2.0/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.0/workflows/verify-cli.md @@ -1,6 +1,6 @@ # Verify the CLI -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/cosign/signing/overview/), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -25,7 +25,7 @@ You don't need to verify the Constellation node images. This is done automatical ## Verify the signature -First, [install the Cosign CLI](https://docs.sigstore.dev/system_config/installation). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: +First, [install the Cosign CLI](https://docs.sigstore.dev/cosign/system_config/installation/). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: ```shell-session $ cosign verify-blob --key https://edgeless.systems/es.pub --signature constellation-linux-amd64.sig constellation-linux-amd64 diff --git a/docs/versioned_docs/version-2.1/workflows/verify-cli.md b/docs/versioned_docs/version-2.1/workflows/verify-cli.md index a65a5a749..52ed24d95 100644 --- a/docs/versioned_docs/version-2.1/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.1/workflows/verify-cli.md @@ -1,6 +1,6 @@ # Verify the CLI -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/cosign/signing/overview/), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -25,7 +25,7 @@ You don't need to verify the Constellation node images. This is done automatical ## Verify the signature -First, [install the Cosign CLI](https://docs.sigstore.dev/system_config/installation). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: +First, [install the Cosign CLI](https://docs.sigstore.dev/cosign/system_config/installation/). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: ```shell-session $ cosign verify-blob --key https://edgeless.systems/es.pub --signature constellation-linux-amd64.sig constellation-linux-amd64 diff --git a/docs/versioned_docs/version-2.10/workflows/sbom.md b/docs/versioned_docs/version-2.10/workflows/sbom.md index ca1ae7d4b..6c1702dee 100644 --- a/docs/versioned_docs/version-2.10/workflows/sbom.md +++ b/docs/versioned_docs/version-2.10/workflows/sbom.md @@ -40,7 +40,7 @@ cosign verify-blob --key cosign.pub --signature constellation.spdx.sbom.sig cons ### Container Images -SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/signing/other_types#sboms-software-bill-of-materials) and uploaded to the same registry. +SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/cosign/signing/other_types/#sboms-software-bill-of-materials) and uploaded to the same registry. As a consumer, use cosign to download and verify the SBOM: diff --git a/docs/versioned_docs/version-2.10/workflows/verify-cli.md b/docs/versioned_docs/version-2.10/workflows/verify-cli.md index 86392346b..e33569d37 100644 --- a/docs/versioned_docs/version-2.10/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.10/workflows/verify-cli.md @@ -8,7 +8,7 @@ This recording presents the essence of this page. It's recommended to read it in --- -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/cosign/signing/overview/), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -37,7 +37,7 @@ You don't need to verify the Constellation node images. This is done automatical This guide assumes Linux on an amd64 processor. The exact steps for other platforms differ slightly. ::: -First, [install the Cosign CLI](https://docs.sigstore.dev/system_config/installation). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: +First, [install the Cosign CLI](https://docs.sigstore.dev/cosign/system_config/installation/). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: ```shell-session $ cosign verify-blob --key https://edgeless.systems/es.pub --signature constellation-linux-amd64.sig constellation-linux-amd64 diff --git a/docs/versioned_docs/version-2.11/workflows/sbom.md b/docs/versioned_docs/version-2.11/workflows/sbom.md index ca1ae7d4b..6c1702dee 100644 --- a/docs/versioned_docs/version-2.11/workflows/sbom.md +++ b/docs/versioned_docs/version-2.11/workflows/sbom.md @@ -40,7 +40,7 @@ cosign verify-blob --key cosign.pub --signature constellation.spdx.sbom.sig cons ### Container Images -SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/signing/other_types#sboms-software-bill-of-materials) and uploaded to the same registry. +SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/cosign/signing/other_types/#sboms-software-bill-of-materials) and uploaded to the same registry. As a consumer, use cosign to download and verify the SBOM: diff --git a/docs/versioned_docs/version-2.11/workflows/verify-cli.md b/docs/versioned_docs/version-2.11/workflows/verify-cli.md index 86392346b..e33569d37 100644 --- a/docs/versioned_docs/version-2.11/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.11/workflows/verify-cli.md @@ -8,7 +8,7 @@ This recording presents the essence of this page. It's recommended to read it in --- -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/cosign/signing/overview/), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -37,7 +37,7 @@ You don't need to verify the Constellation node images. This is done automatical This guide assumes Linux on an amd64 processor. The exact steps for other platforms differ slightly. ::: -First, [install the Cosign CLI](https://docs.sigstore.dev/system_config/installation). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: +First, [install the Cosign CLI](https://docs.sigstore.dev/cosign/system_config/installation/). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: ```shell-session $ cosign verify-blob --key https://edgeless.systems/es.pub --signature constellation-linux-amd64.sig constellation-linux-amd64 diff --git a/docs/versioned_docs/version-2.12/workflows/sbom.md b/docs/versioned_docs/version-2.12/workflows/sbom.md index ca1ae7d4b..6c1702dee 100644 --- a/docs/versioned_docs/version-2.12/workflows/sbom.md +++ b/docs/versioned_docs/version-2.12/workflows/sbom.md @@ -40,7 +40,7 @@ cosign verify-blob --key cosign.pub --signature constellation.spdx.sbom.sig cons ### Container Images -SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/signing/other_types#sboms-software-bill-of-materials) and uploaded to the same registry. +SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/cosign/signing/other_types/#sboms-software-bill-of-materials) and uploaded to the same registry. As a consumer, use cosign to download and verify the SBOM: diff --git a/docs/versioned_docs/version-2.12/workflows/verify-cli.md b/docs/versioned_docs/version-2.12/workflows/verify-cli.md index 86392346b..e33569d37 100644 --- a/docs/versioned_docs/version-2.12/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.12/workflows/verify-cli.md @@ -8,7 +8,7 @@ This recording presents the essence of this page. It's recommended to read it in --- -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/cosign/signing/overview/), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -37,7 +37,7 @@ You don't need to verify the Constellation node images. This is done automatical This guide assumes Linux on an amd64 processor. The exact steps for other platforms differ slightly. ::: -First, [install the Cosign CLI](https://docs.sigstore.dev/system_config/installation). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: +First, [install the Cosign CLI](https://docs.sigstore.dev/cosign/system_config/installation/). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: ```shell-session $ cosign verify-blob --key https://edgeless.systems/es.pub --signature constellation-linux-amd64.sig constellation-linux-amd64 diff --git a/docs/versioned_docs/version-2.13/workflows/sbom.md b/docs/versioned_docs/version-2.13/workflows/sbom.md index ca1ae7d4b..6c1702dee 100644 --- a/docs/versioned_docs/version-2.13/workflows/sbom.md +++ b/docs/versioned_docs/version-2.13/workflows/sbom.md @@ -40,7 +40,7 @@ cosign verify-blob --key cosign.pub --signature constellation.spdx.sbom.sig cons ### Container Images -SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/signing/other_types#sboms-software-bill-of-materials) and uploaded to the same registry. +SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/cosign/signing/other_types/#sboms-software-bill-of-materials) and uploaded to the same registry. As a consumer, use cosign to download and verify the SBOM: diff --git a/docs/versioned_docs/version-2.13/workflows/verify-cli.md b/docs/versioned_docs/version-2.13/workflows/verify-cli.md index 86392346b..e33569d37 100644 --- a/docs/versioned_docs/version-2.13/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.13/workflows/verify-cli.md @@ -8,7 +8,7 @@ This recording presents the essence of this page. It's recommended to read it in --- -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/cosign/signing/overview/), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -37,7 +37,7 @@ You don't need to verify the Constellation node images. This is done automatical This guide assumes Linux on an amd64 processor. The exact steps for other platforms differ slightly. ::: -First, [install the Cosign CLI](https://docs.sigstore.dev/system_config/installation). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: +First, [install the Cosign CLI](https://docs.sigstore.dev/cosign/system_config/installation/). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: ```shell-session $ cosign verify-blob --key https://edgeless.systems/es.pub --signature constellation-linux-amd64.sig constellation-linux-amd64 diff --git a/docs/versioned_docs/version-2.14/workflows/sbom.md b/docs/versioned_docs/version-2.14/workflows/sbom.md index ca1ae7d4b..6c1702dee 100644 --- a/docs/versioned_docs/version-2.14/workflows/sbom.md +++ b/docs/versioned_docs/version-2.14/workflows/sbom.md @@ -40,7 +40,7 @@ cosign verify-blob --key cosign.pub --signature constellation.spdx.sbom.sig cons ### Container Images -SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/signing/other_types#sboms-software-bill-of-materials) and uploaded to the same registry. +SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/cosign/signing/other_types/#sboms-software-bill-of-materials) and uploaded to the same registry. As a consumer, use cosign to download and verify the SBOM: diff --git a/docs/versioned_docs/version-2.14/workflows/verify-cli.md b/docs/versioned_docs/version-2.14/workflows/verify-cli.md index 86392346b..e33569d37 100644 --- a/docs/versioned_docs/version-2.14/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.14/workflows/verify-cli.md @@ -8,7 +8,7 @@ This recording presents the essence of this page. It's recommended to read it in --- -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/cosign/signing/overview/), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -37,7 +37,7 @@ You don't need to verify the Constellation node images. This is done automatical This guide assumes Linux on an amd64 processor. The exact steps for other platforms differ slightly. ::: -First, [install the Cosign CLI](https://docs.sigstore.dev/system_config/installation). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: +First, [install the Cosign CLI](https://docs.sigstore.dev/cosign/system_config/installation/). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: ```shell-session $ cosign verify-blob --key https://edgeless.systems/es.pub --signature constellation-linux-amd64.sig constellation-linux-amd64 diff --git a/docs/versioned_docs/version-2.15/workflows/sbom.md b/docs/versioned_docs/version-2.15/workflows/sbom.md index ca1ae7d4b..6c1702dee 100644 --- a/docs/versioned_docs/version-2.15/workflows/sbom.md +++ b/docs/versioned_docs/version-2.15/workflows/sbom.md @@ -40,7 +40,7 @@ cosign verify-blob --key cosign.pub --signature constellation.spdx.sbom.sig cons ### Container Images -SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/signing/other_types#sboms-software-bill-of-materials) and uploaded to the same registry. +SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/cosign/signing/other_types/#sboms-software-bill-of-materials) and uploaded to the same registry. As a consumer, use cosign to download and verify the SBOM: diff --git a/docs/versioned_docs/version-2.15/workflows/verify-cli.md b/docs/versioned_docs/version-2.15/workflows/verify-cli.md index 86392346b..e33569d37 100644 --- a/docs/versioned_docs/version-2.15/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.15/workflows/verify-cli.md @@ -8,7 +8,7 @@ This recording presents the essence of this page. It's recommended to read it in --- -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/cosign/signing/overview/), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -37,7 +37,7 @@ You don't need to verify the Constellation node images. This is done automatical This guide assumes Linux on an amd64 processor. The exact steps for other platforms differ slightly. ::: -First, [install the Cosign CLI](https://docs.sigstore.dev/system_config/installation). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: +First, [install the Cosign CLI](https://docs.sigstore.dev/cosign/system_config/installation/). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: ```shell-session $ cosign verify-blob --key https://edgeless.systems/es.pub --signature constellation-linux-amd64.sig constellation-linux-amd64 diff --git a/docs/versioned_docs/version-2.16/workflows/sbom.md b/docs/versioned_docs/version-2.16/workflows/sbom.md index ca1ae7d4b..6c1702dee 100644 --- a/docs/versioned_docs/version-2.16/workflows/sbom.md +++ b/docs/versioned_docs/version-2.16/workflows/sbom.md @@ -40,7 +40,7 @@ cosign verify-blob --key cosign.pub --signature constellation.spdx.sbom.sig cons ### Container Images -SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/signing/other_types#sboms-software-bill-of-materials) and uploaded to the same registry. +SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/cosign/signing/other_types/#sboms-software-bill-of-materials) and uploaded to the same registry. As a consumer, use cosign to download and verify the SBOM: diff --git a/docs/versioned_docs/version-2.16/workflows/verify-cli.md b/docs/versioned_docs/version-2.16/workflows/verify-cli.md index 86392346b..e33569d37 100644 --- a/docs/versioned_docs/version-2.16/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.16/workflows/verify-cli.md @@ -8,7 +8,7 @@ This recording presents the essence of this page. It's recommended to read it in --- -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/cosign/signing/overview/), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -37,7 +37,7 @@ You don't need to verify the Constellation node images. This is done automatical This guide assumes Linux on an amd64 processor. The exact steps for other platforms differ slightly. ::: -First, [install the Cosign CLI](https://docs.sigstore.dev/system_config/installation). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: +First, [install the Cosign CLI](https://docs.sigstore.dev/cosign/system_config/installation/). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: ```shell-session $ cosign verify-blob --key https://edgeless.systems/es.pub --signature constellation-linux-amd64.sig constellation-linux-amd64 diff --git a/docs/versioned_docs/version-2.17/workflows/sbom.md b/docs/versioned_docs/version-2.17/workflows/sbom.md index ca1ae7d4b..6c1702dee 100644 --- a/docs/versioned_docs/version-2.17/workflows/sbom.md +++ b/docs/versioned_docs/version-2.17/workflows/sbom.md @@ -40,7 +40,7 @@ cosign verify-blob --key cosign.pub --signature constellation.spdx.sbom.sig cons ### Container Images -SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/signing/other_types#sboms-software-bill-of-materials) and uploaded to the same registry. +SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/cosign/signing/other_types/#sboms-software-bill-of-materials) and uploaded to the same registry. As a consumer, use cosign to download and verify the SBOM: diff --git a/docs/versioned_docs/version-2.17/workflows/verify-cli.md b/docs/versioned_docs/version-2.17/workflows/verify-cli.md index 86392346b..e33569d37 100644 --- a/docs/versioned_docs/version-2.17/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.17/workflows/verify-cli.md @@ -8,7 +8,7 @@ This recording presents the essence of this page. It's recommended to read it in --- -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/cosign/signing/overview/), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -37,7 +37,7 @@ You don't need to verify the Constellation node images. This is done automatical This guide assumes Linux on an amd64 processor. The exact steps for other platforms differ slightly. ::: -First, [install the Cosign CLI](https://docs.sigstore.dev/system_config/installation). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: +First, [install the Cosign CLI](https://docs.sigstore.dev/cosign/system_config/installation/). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: ```shell-session $ cosign verify-blob --key https://edgeless.systems/es.pub --signature constellation-linux-amd64.sig constellation-linux-amd64 diff --git a/docs/versioned_docs/version-2.2/workflows/sbom.md b/docs/versioned_docs/version-2.2/workflows/sbom.md index 817685a02..e8ba25a64 100644 --- a/docs/versioned_docs/version-2.2/workflows/sbom.md +++ b/docs/versioned_docs/version-2.2/workflows/sbom.md @@ -36,7 +36,7 @@ cosign verify-blob --key cosign.pub --signature constellation.spdx.sbom.sig cons ### Container Images -SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/signing/other_types#sboms-software-bill-of-materials) and uploaded to the same registry. +SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/cosign/signing/other_types/#sboms-software-bill-of-materials) and uploaded to the same registry. As a consumer, use cosign to download and verify the SBOM: diff --git a/docs/versioned_docs/version-2.2/workflows/verify-cli.md b/docs/versioned_docs/version-2.2/workflows/verify-cli.md index a65a5a749..52ed24d95 100644 --- a/docs/versioned_docs/version-2.2/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.2/workflows/verify-cli.md @@ -1,6 +1,6 @@ # Verify the CLI -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/cosign/signing/overview/), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -25,7 +25,7 @@ You don't need to verify the Constellation node images. This is done automatical ## Verify the signature -First, [install the Cosign CLI](https://docs.sigstore.dev/system_config/installation). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: +First, [install the Cosign CLI](https://docs.sigstore.dev/cosign/system_config/installation/). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: ```shell-session $ cosign verify-blob --key https://edgeless.systems/es.pub --signature constellation-linux-amd64.sig constellation-linux-amd64 diff --git a/docs/versioned_docs/version-2.3/workflows/sbom.md b/docs/versioned_docs/version-2.3/workflows/sbom.md index 817685a02..e8ba25a64 100644 --- a/docs/versioned_docs/version-2.3/workflows/sbom.md +++ b/docs/versioned_docs/version-2.3/workflows/sbom.md @@ -36,7 +36,7 @@ cosign verify-blob --key cosign.pub --signature constellation.spdx.sbom.sig cons ### Container Images -SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/signing/other_types#sboms-software-bill-of-materials) and uploaded to the same registry. +SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/cosign/signing/other_types/#sboms-software-bill-of-materials) and uploaded to the same registry. As a consumer, use cosign to download and verify the SBOM: diff --git a/docs/versioned_docs/version-2.3/workflows/verify-cli.md b/docs/versioned_docs/version-2.3/workflows/verify-cli.md index ebaa86b21..01a2583d6 100644 --- a/docs/versioned_docs/version-2.3/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.3/workflows/verify-cli.md @@ -1,6 +1,6 @@ # Verify the CLI -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/cosign/signing/overview/), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -25,7 +25,7 @@ You don't need to verify the Constellation node images. This is done automatical ## Verify the signature -First, [install the Cosign CLI](https://docs.sigstore.dev/system_config/installation). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: +First, [install the Cosign CLI](https://docs.sigstore.dev/cosign/system_config/installation/). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: ```shell-session $ cosign verify-blob --key https://edgeless.systems/es.pub --signature constellation-linux-amd64.sig constellation-linux-amd64 diff --git a/docs/versioned_docs/version-2.4/workflows/sbom.md b/docs/versioned_docs/version-2.4/workflows/sbom.md index 817685a02..e8ba25a64 100644 --- a/docs/versioned_docs/version-2.4/workflows/sbom.md +++ b/docs/versioned_docs/version-2.4/workflows/sbom.md @@ -36,7 +36,7 @@ cosign verify-blob --key cosign.pub --signature constellation.spdx.sbom.sig cons ### Container Images -SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/signing/other_types#sboms-software-bill-of-materials) and uploaded to the same registry. +SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/cosign/signing/other_types/#sboms-software-bill-of-materials) and uploaded to the same registry. As a consumer, use cosign to download and verify the SBOM: diff --git a/docs/versioned_docs/version-2.4/workflows/verify-cli.md b/docs/versioned_docs/version-2.4/workflows/verify-cli.md index ebaa86b21..01a2583d6 100644 --- a/docs/versioned_docs/version-2.4/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.4/workflows/verify-cli.md @@ -1,6 +1,6 @@ # Verify the CLI -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/cosign/signing/overview/), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -25,7 +25,7 @@ You don't need to verify the Constellation node images. This is done automatical ## Verify the signature -First, [install the Cosign CLI](https://docs.sigstore.dev/system_config/installation). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: +First, [install the Cosign CLI](https://docs.sigstore.dev/cosign/system_config/installation/). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: ```shell-session $ cosign verify-blob --key https://edgeless.systems/es.pub --signature constellation-linux-amd64.sig constellation-linux-amd64 diff --git a/docs/versioned_docs/version-2.5/workflows/sbom.md b/docs/versioned_docs/version-2.5/workflows/sbom.md index 817685a02..e8ba25a64 100644 --- a/docs/versioned_docs/version-2.5/workflows/sbom.md +++ b/docs/versioned_docs/version-2.5/workflows/sbom.md @@ -36,7 +36,7 @@ cosign verify-blob --key cosign.pub --signature constellation.spdx.sbom.sig cons ### Container Images -SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/signing/other_types#sboms-software-bill-of-materials) and uploaded to the same registry. +SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/cosign/signing/other_types/#sboms-software-bill-of-materials) and uploaded to the same registry. As a consumer, use cosign to download and verify the SBOM: diff --git a/docs/versioned_docs/version-2.5/workflows/verify-cli.md b/docs/versioned_docs/version-2.5/workflows/verify-cli.md index ebaa86b21..01a2583d6 100644 --- a/docs/versioned_docs/version-2.5/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.5/workflows/verify-cli.md @@ -1,6 +1,6 @@ # Verify the CLI -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/cosign/signing/overview/), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -25,7 +25,7 @@ You don't need to verify the Constellation node images. This is done automatical ## Verify the signature -First, [install the Cosign CLI](https://docs.sigstore.dev/system_config/installation). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: +First, [install the Cosign CLI](https://docs.sigstore.dev/cosign/system_config/installation/). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: ```shell-session $ cosign verify-blob --key https://edgeless.systems/es.pub --signature constellation-linux-amd64.sig constellation-linux-amd64 diff --git a/docs/versioned_docs/version-2.6/workflows/sbom.md b/docs/versioned_docs/version-2.6/workflows/sbom.md index e304466bb..92550c182 100644 --- a/docs/versioned_docs/version-2.6/workflows/sbom.md +++ b/docs/versioned_docs/version-2.6/workflows/sbom.md @@ -40,7 +40,7 @@ cosign verify-blob --key cosign.pub --signature constellation.spdx.sbom.sig cons ### Container Images -SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/signing/other_types#sboms-software-bill-of-materials) and uploaded to the same registry. +SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/cosign/signing/other_types/#sboms-software-bill-of-materials) and uploaded to the same registry. As a consumer, use cosign to download and verify the SBOM: diff --git a/docs/versioned_docs/version-2.6/workflows/verify-cli.md b/docs/versioned_docs/version-2.6/workflows/verify-cli.md index 906031c7a..aa2df4be4 100644 --- a/docs/versioned_docs/version-2.6/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.6/workflows/verify-cli.md @@ -8,7 +8,7 @@ This recording presents the essence of this page. It's recommended to read it in --- -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/cosign/signing/overview/), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -33,7 +33,7 @@ You don't need to verify the Constellation node images. This is done automatical ## Verify the signature -First, [install the Cosign CLI](https://docs.sigstore.dev/system_config/installation). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: +First, [install the Cosign CLI](https://docs.sigstore.dev/cosign/system_config/installation/). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: ```shell-session $ cosign verify-blob --key https://edgeless.systems/es.pub --signature constellation-linux-amd64.sig constellation-linux-amd64 diff --git a/docs/versioned_docs/version-2.7/workflows/sbom.md b/docs/versioned_docs/version-2.7/workflows/sbom.md index e304466bb..92550c182 100644 --- a/docs/versioned_docs/version-2.7/workflows/sbom.md +++ b/docs/versioned_docs/version-2.7/workflows/sbom.md @@ -40,7 +40,7 @@ cosign verify-blob --key cosign.pub --signature constellation.spdx.sbom.sig cons ### Container Images -SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/signing/other_types#sboms-software-bill-of-materials) and uploaded to the same registry. +SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/cosign/signing/other_types/#sboms-software-bill-of-materials) and uploaded to the same registry. As a consumer, use cosign to download and verify the SBOM: diff --git a/docs/versioned_docs/version-2.7/workflows/verify-cli.md b/docs/versioned_docs/version-2.7/workflows/verify-cli.md index 906031c7a..aa2df4be4 100644 --- a/docs/versioned_docs/version-2.7/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.7/workflows/verify-cli.md @@ -8,7 +8,7 @@ This recording presents the essence of this page. It's recommended to read it in --- -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/cosign/signing/overview/), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -33,7 +33,7 @@ You don't need to verify the Constellation node images. This is done automatical ## Verify the signature -First, [install the Cosign CLI](https://docs.sigstore.dev/system_config/installation). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: +First, [install the Cosign CLI](https://docs.sigstore.dev/cosign/system_config/installation/). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: ```shell-session $ cosign verify-blob --key https://edgeless.systems/es.pub --signature constellation-linux-amd64.sig constellation-linux-amd64 diff --git a/docs/versioned_docs/version-2.8/workflows/sbom.md b/docs/versioned_docs/version-2.8/workflows/sbom.md index ca1ae7d4b..6c1702dee 100644 --- a/docs/versioned_docs/version-2.8/workflows/sbom.md +++ b/docs/versioned_docs/version-2.8/workflows/sbom.md @@ -40,7 +40,7 @@ cosign verify-blob --key cosign.pub --signature constellation.spdx.sbom.sig cons ### Container Images -SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/signing/other_types#sboms-software-bill-of-materials) and uploaded to the same registry. +SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/cosign/signing/other_types/#sboms-software-bill-of-materials) and uploaded to the same registry. As a consumer, use cosign to download and verify the SBOM: diff --git a/docs/versioned_docs/version-2.8/workflows/verify-cli.md b/docs/versioned_docs/version-2.8/workflows/verify-cli.md index 906031c7a..aa2df4be4 100644 --- a/docs/versioned_docs/version-2.8/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.8/workflows/verify-cli.md @@ -8,7 +8,7 @@ This recording presents the essence of this page. It's recommended to read it in --- -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/cosign/signing/overview/), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -33,7 +33,7 @@ You don't need to verify the Constellation node images. This is done automatical ## Verify the signature -First, [install the Cosign CLI](https://docs.sigstore.dev/system_config/installation). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: +First, [install the Cosign CLI](https://docs.sigstore.dev/cosign/system_config/installation/). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: ```shell-session $ cosign verify-blob --key https://edgeless.systems/es.pub --signature constellation-linux-amd64.sig constellation-linux-amd64 diff --git a/docs/versioned_docs/version-2.9/workflows/sbom.md b/docs/versioned_docs/version-2.9/workflows/sbom.md index ca1ae7d4b..6c1702dee 100644 --- a/docs/versioned_docs/version-2.9/workflows/sbom.md +++ b/docs/versioned_docs/version-2.9/workflows/sbom.md @@ -40,7 +40,7 @@ cosign verify-blob --key cosign.pub --signature constellation.spdx.sbom.sig cons ### Container Images -SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/signing/other_types#sboms-software-bill-of-materials) and uploaded to the same registry. +SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/cosign/signing/other_types/#sboms-software-bill-of-materials) and uploaded to the same registry. As a consumer, use cosign to download and verify the SBOM: diff --git a/docs/versioned_docs/version-2.9/workflows/verify-cli.md b/docs/versioned_docs/version-2.9/workflows/verify-cli.md index 906031c7a..aa2df4be4 100644 --- a/docs/versioned_docs/version-2.9/workflows/verify-cli.md +++ b/docs/versioned_docs/version-2.9/workflows/verify-cli.md @@ -8,7 +8,7 @@ This recording presents the essence of this page. It's recommended to read it in --- -Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/signing/quickstart), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/cosign/signing/overview/), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. :::note The public key for Edgeless Systems' long-term code-signing key is: @@ -33,7 +33,7 @@ You don't need to verify the Constellation node images. This is done automatical ## Verify the signature -First, [install the Cosign CLI](https://docs.sigstore.dev/system_config/installation). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: +First, [install the Cosign CLI](https://docs.sigstore.dev/cosign/system_config/installation/). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: ```shell-session $ cosign verify-blob --key https://edgeless.systems/es.pub --signature constellation-linux-amd64.sig constellation-linux-amd64 From 9c13603756d7cb614c99de00433edb8536ccb088 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 18 Sep 2024 08:15:50 +0200 Subject: [PATCH 259/380] deps: update distroless_static Docker digest to 95eb83a (#3347) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- bazel/toolchains/container_images.bzl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bazel/toolchains/container_images.bzl b/bazel/toolchains/container_images.bzl index 00239519b..745137865 100644 --- a/bazel/toolchains/container_images.bzl +++ b/bazel/toolchains/container_images.bzl @@ -7,7 +7,7 @@ load("@rules_oci//oci:pull.bzl", "oci_pull") def containter_image_deps(): oci_pull( name = "distroless_static", - digest = "sha256:ce46866b3a5170db3b49364900fb3168dc0833dfb46c26da5c77f22abb01d8c3", + digest = "sha256:95eb83a44a62c1c27e5f0b38d26085c486d71ece83dd64540b7209536bb13f6d", image = "gcr.io/distroless/static", platforms = [ "linux/amd64", From 3a40e797792f7187a97dea0d5beb24ba2e4727df Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Wed, 18 Sep 2024 08:35:33 +0200 Subject: [PATCH 260/380] image: update measurements and image version (#3362) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index ec2bcb82c..57bc53b3e 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x32, 0xd5, 0xd0, 0x83, 0xfb, 0xdf, 0xc1, 0x54, 0x52, 0xc1, 0x0b, 0x09, 0xc4, 0x66, 0x70, 0x0e, 0x90, 0x42, 0x44, 0xed, 0x55, 0x54, 0xae, 0x9b, 0x39, 0xc2, 0x45, 0x17, 0x86, 0xa7, 0xb0, 0x03}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x72, 0x5f, 0x6f, 0xfa, 0xc0, 0x4a, 0x17, 0xef, 0x9b, 0x1a, 0x6d, 0x56, 0x7d, 0xc2, 0x34, 0x74, 0x35, 0x89, 0xb4, 0x90, 0x83, 0x48, 0x5e, 0x92, 0x49, 0x2d, 0x12, 0x91, 0xeb, 0xd2, 0x0b, 0x99}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe0, 0x84, 0xef, 0xe1, 0x50, 0xcf, 0xe6, 0xca, 0x81, 0x3e, 0xaf, 0xca, 0x65, 0xc9, 0xd7, 0xb7, 0x18, 0x9c, 0x7b, 0x85, 0x3e, 0x21, 0x5f, 0xf3, 0xbf, 0x26, 0xc1, 0xc7, 0x14, 0x85, 0xb7, 0xec}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xd3, 0x83, 0xc8, 0xf7, 0x9c, 0x25, 0xb1, 0x9c, 0xaf, 0x91, 0x79, 0x64, 0x86, 0x5b, 0x99, 0x00, 0x9f, 0x1f, 0xd8, 0x22, 0xff, 0x07, 0xa7, 0x65, 0xbb, 0xde, 0xf0, 0x84, 0x17, 0x18, 0x14, 0x0d}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd9, 0x20, 0xd8, 0x75, 0x1c, 0x0e, 0x35, 0xb3, 0xac, 0xc8, 0xa2, 0x40, 0xed, 0x8a, 0xef, 0xc7, 0x9a, 0x61, 0x3b, 0x74, 0x74, 0xa7, 0x2d, 0x81, 0x31, 0x20, 0x81, 0x85, 0x9d, 0xf5, 0xee, 0xec}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x1c, 0xaf, 0x35, 0x7c, 0xd4, 0x13, 0x07, 0x2c, 0x99, 0x3b, 0x2d, 0x5a, 0x62, 0x3d, 0x9c, 0xb9, 0x2c, 0xbf, 0x14, 0xbe, 0xb4, 0x98, 0x30, 0xc4, 0x7e, 0xe7, 0x56, 0xab, 0x0c, 0xc2, 0xe3, 0x91}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x10, 0x59, 0x59, 0x98, 0xf0, 0xa3, 0x10, 0xcb, 0xcb, 0xe4, 0xde, 0x02, 0x94, 0xdb, 0xe3, 0x96, 0x84, 0x10, 0x44, 0x81, 0x4b, 0xba, 0x59, 0x4e, 0x56, 0x39, 0xfc, 0xd9, 0x64, 0x1d, 0x42, 0xa4}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb2, 0xc3, 0xd7, 0x1b, 0xc4, 0x67, 0x09, 0x1f, 0x1b, 0xf1, 0x05, 0xff, 0xc6, 0xb3, 0xdd, 0x9e, 0x10, 0x1d, 0xa7, 0x68, 0x45, 0xe3, 0x3f, 0x99, 0x58, 0x6e, 0x37, 0x79, 0x67, 0xa1, 0xa9, 0xe7}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x8e, 0x8a, 0x3d, 0x12, 0x0b, 0x65, 0x5b, 0x89, 0xc4, 0xf2, 0x6a, 0xbe, 0x19, 0xcd, 0x19, 0x26, 0xaf, 0xab, 0x6e, 0x14, 0x0a, 0x11, 0x0e, 0x6a, 0xc0, 0xa8, 0x2b, 0xdd, 0x4b, 0xfb, 0xfc, 0x42}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x18, 0xe1, 0x70, 0x29, 0x51, 0xad, 0x5c, 0x5c, 0xde, 0xea, 0x16, 0xd4, 0x07, 0x15, 0x2b, 0xbc, 0x18, 0x79, 0xaa, 0xdb, 0x61, 0x2f, 0x6c, 0xf3, 0xc2, 0xa1, 0x95, 0x2c, 0xc7, 0xea, 0xd9, 0x26}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd6, 0x10, 0x10, 0x35, 0xac, 0xc9, 0x49, 0x1e, 0x53, 0x44, 0x1d, 0x19, 0xe4, 0xb7, 0x8b, 0x9d, 0x21, 0x24, 0x05, 0x5b, 0x6b, 0x4b, 0x38, 0x06, 0x81, 0x7e, 0xf3, 0x3d, 0xf4, 0xfe, 0xf5, 0x46}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf4, 0xd7, 0x7c, 0x34, 0x37, 0xef, 0xe9, 0xd5, 0x52, 0x09, 0x06, 0x1e, 0x4c, 0x5e, 0x5a, 0x89, 0x92, 0x97, 0x83, 0xbc, 0x80, 0xdb, 0x67, 0x6f, 0x86, 0x51, 0x63, 0x05, 0x75, 0xe8, 0x1c, 0xb0}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xdc, 0xc1, 0xe0, 0x27, 0xd4, 0x62, 0x18, 0x35, 0x71, 0x22, 0x0b, 0x1c, 0x06, 0xdc, 0xa7, 0x99, 0xae, 0xf8, 0x1e, 0xcd, 0x33, 0x36, 0xbd, 0x6c, 0x6d, 0x9a, 0x11, 0xe3, 0xa4, 0x35, 0x7c, 0xaf}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x2a, 0x79, 0xf4, 0xa0, 0x35, 0x02, 0xa5, 0x8b, 0xb3, 0x73, 0x3b, 0x8d, 0x9d, 0x94, 0x94, 0xa8, 0xd2, 0x0f, 0x26, 0x56, 0xd2, 0x09, 0x97, 0x10, 0x47, 0x86, 0x33, 0x40, 0x53, 0x16, 0x3d, 0x42}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x4d, 0x06, 0x8d, 0xc3, 0xfe, 0x11, 0x6b, 0x31, 0xa3, 0x48, 0x72, 0x24, 0x5e, 0x82, 0xd7, 0x4a, 0xf2, 0xab, 0x6e, 0xc9, 0x8e, 0x6c, 0x7e, 0x35, 0xc0, 0x1f, 0x37, 0xea, 0x1c, 0x43, 0xc3, 0xa9}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xc1, 0x6e, 0xac, 0xc4, 0x10, 0xf2, 0x09, 0x6f, 0x99, 0x5d, 0xf8, 0x98, 0x57, 0xcf, 0x85, 0xf7, 0xa5, 0xe6, 0x3e, 0x82, 0x8c, 0x91, 0x82, 0x4d, 0x89, 0xfe, 0x65, 0xf5, 0x3d, 0x36, 0xdd, 0x15}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xaf, 0xf0, 0xe2, 0x82, 0x99, 0x2e, 0x61, 0x84, 0x6f, 0x2e, 0x30, 0x75, 0x1a, 0xf7, 0x6e, 0xc4, 0x92, 0x36, 0xa4, 0xd2, 0xb8, 0xad, 0x13, 0x8f, 0x58, 0xc6, 0xa5, 0xc2, 0x4d, 0x1e, 0x7c, 0xc3}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xfb, 0x9f, 0x83, 0xe8, 0x56, 0x9c, 0xdb, 0xca, 0x30, 0x61, 0xab, 0xb8, 0x36, 0x31, 0xef, 0x64, 0x64, 0xae, 0x21, 0x74, 0x10, 0x44, 0x6e, 0x40, 0x08, 0x42, 0x1a, 0x24, 0x0c, 0xd9, 0x64, 0x3b}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x40, 0x1f, 0xa0, 0xbd, 0x87, 0x71, 0x32, 0x85, 0x7d, 0xe1, 0xc5, 0x34, 0x6f, 0xf8, 0xa8, 0x53, 0x11, 0x79, 0x3d, 0x1a, 0x08, 0xb8, 0xed, 0x73, 0x36, 0x24, 0x3a, 0x5e, 0x41, 0x38, 0x39, 0xd7}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x06, 0x7f, 0xb3, 0xc1, 0x44, 0xeb, 0x49, 0xaa, 0xf1, 0xdf, 0x91, 0x43, 0xc5, 0x74, 0x01, 0xd2, 0x24, 0x49, 0xbb, 0xec, 0xd9, 0x24, 0x24, 0x68, 0x83, 0xbd, 0x51, 0xcf, 0x5a, 0x32, 0xed, 0x48}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x41, 0x93, 0x69, 0x05, 0x8d, 0x7b, 0xb7, 0x5f, 0x52, 0x39, 0x0a, 0xdd, 0x84, 0x22, 0x6c, 0x08, 0x4d, 0x2c, 0xf3, 0xc6, 0x08, 0xab, 0x62, 0x43, 0xd3, 0xd5, 0x5f, 0xc2, 0x95, 0x4f, 0xc2, 0x99}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xb7, 0x34, 0x64, 0x1d, 0x4d, 0xc7, 0x05, 0x85, 0xa6, 0x27, 0xfd, 0x2c, 0x79, 0xc8, 0x70, 0x97, 0xc0, 0x30, 0x12, 0x7a, 0xf5, 0xcf, 0x91, 0x5d, 0x07, 0x67, 0x69, 0xee, 0x12, 0xab, 0x83, 0x6d}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xe1, 0x2d, 0xa1, 0x7e, 0x52, 0x02, 0x24, 0x13, 0x21, 0xe5, 0x1b, 0xea, 0x6e, 0x4e, 0x2d, 0x4a, 0x24, 0xb1, 0xf0, 0xba, 0x30, 0x59, 0x0f, 0xc0, 0xaf, 0x87, 0xdd, 0x54, 0xc4, 0xed, 0xbe, 0x7c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa5, 0x32, 0xe0, 0xd9, 0xa1, 0x67, 0x7e, 0xe7, 0xae, 0x69, 0xfa, 0xc9, 0xed, 0xec, 0x66, 0xc3, 0x44, 0x9b, 0x7b, 0x68, 0x96, 0x21, 0xcc, 0xb8, 0xa8, 0xd4, 0x6f, 0x13, 0xc7, 0xc2, 0xb2, 0x90}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x88, 0x18, 0x22, 0xad, 0x60, 0xaf, 0x68, 0x01, 0xae, 0x08, 0x4d, 0x38, 0x3a, 0xd0, 0xba, 0x17, 0x8c, 0xe5, 0x4f, 0x68, 0x6d, 0x93, 0x49, 0x73, 0xd4, 0xe8, 0x70, 0xf8, 0x67, 0x33, 0x6c, 0x0f}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x3b, 0xc7, 0x5d, 0xa7, 0x47, 0x4b, 0xde, 0x25, 0x27, 0xdb, 0x9d, 0x25, 0x06, 0xd0, 0x2c, 0x6f, 0x24, 0x2b, 0xfe, 0x76, 0x9b, 0xf6, 0x70, 0x05, 0x30, 0xcd, 0xbc, 0xd2, 0x23, 0x6a, 0xb9, 0x15}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x74, 0x22, 0x50, 0x42, 0xf6, 0xba, 0x98, 0x70, 0xd8, 0x28, 0xe5, 0xde, 0x36, 0x9b, 0x16, 0x3d, 0xc7, 0x91, 0x18, 0x33, 0x41, 0x3b, 0xf8, 0x4c, 0x36, 0x35, 0xe4, 0xd3, 0xfc, 0x88, 0x2a, 0xc6}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xe5, 0x02, 0x01, 0x93, 0x14, 0x8f, 0xba, 0xd0, 0xdb, 0xaf, 0x61, 0x8f, 0xb3, 0xef, 0x15, 0x66, 0x5c, 0x72, 0xff, 0x87, 0xa5, 0x4e, 0x24, 0xb2, 0xd8, 0xf5, 0xbd, 0xf9, 0x71, 0x9b, 0xb5, 0x0b}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x37, 0xef, 0x16, 0xfd, 0x0a, 0xe8, 0xd2, 0xfb, 0x3b, 0x19, 0x14, 0xf0, 0xb8, 0xff, 0x04, 0x6e, 0x76, 0x5b, 0x57, 0xfe, 0xc6, 0x73, 0x9d, 0x2e, 0xbf, 0x1f, 0xd4, 0xd1, 0x82, 0x07, 0x14, 0x37}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf0, 0x9c, 0xef, 0x0d, 0x07, 0x71, 0x27, 0xfb, 0x26, 0xbc, 0x8d, 0x01, 0x3f, 0xc0, 0x9e, 0x13, 0xaf, 0xbb, 0x70, 0xf0, 0xf7, 0x34, 0xce, 0xd9, 0x8f, 0x46, 0x66, 0x65, 0x44, 0x99, 0x8e, 0xfe}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0x3c, 0xd2, 0x21, 0xe4, 0x4d, 0x51, 0x8f, 0x2c, 0xcd, 0x5e, 0x7e, 0x66, 0xbf, 0xac, 0x7d, 0x28, 0x68, 0x10, 0xe9, 0x95, 0x35, 0x71, 0x4e, 0x89, 0x9e, 0x57, 0x12, 0x41, 0x5c, 0x25, 0x42, 0x7c}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xfc, 0x54, 0x14, 0xbb, 0x5e, 0x8a, 0xe1, 0x25, 0x7c, 0x21, 0x65, 0x03, 0x70, 0x27, 0xc9, 0x91, 0xfb, 0x80, 0xcd, 0xa2, 0x85, 0x2d, 0x20, 0x49, 0x9b, 0x8a, 0x7d, 0xfd, 0xea, 0xe4, 0xae, 0x0e}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa5, 0xe7, 0xdd, 0x33, 0xc0, 0x2b, 0x1e, 0x53, 0x50, 0x5c, 0x29, 0xb1, 0x01, 0x04, 0x06, 0xd0, 0x43, 0x9b, 0x87, 0x9c, 0xbe, 0xc3, 0x3e, 0x42, 0xf1, 0x49, 0x12, 0x83, 0x87, 0xd5, 0x7d, 0xee}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xda, 0x7d, 0x94, 0x16, 0x8c, 0x5b, 0x20, 0x0f, 0xaa, 0x16, 0x8e, 0x63, 0x7c, 0x1d, 0xe6, 0x75, 0x14, 0x9a, 0x65, 0xd0, 0x54, 0x71, 0xcf, 0xe9, 0xf7, 0x95, 0x72, 0xb7, 0xa9, 0x95, 0xb5, 0xf3}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x8c, 0x0b, 0xd0, 0xc6, 0xde, 0x8e, 0xe2, 0xbd, 0x30, 0x01, 0x06, 0x4f, 0x04, 0xf7, 0xbe, 0x2a, 0x12, 0x00, 0xcf, 0x07, 0x1b, 0x1b, 0x06, 0x77, 0x55, 0xd4, 0xb5, 0x79, 0x42, 0x5b, 0x59, 0xa2}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x97, 0x57, 0xd5, 0x67, 0x4f, 0xa7, 0x05, 0x69, 0xff, 0xdb, 0xc3, 0x8c, 0x12, 0x6c, 0xe5, 0x52, 0x18, 0x48, 0x2c, 0xe4, 0x4d, 0x8b, 0x7f, 0xf5, 0x13, 0x5d, 0xc6, 0x53, 0x4a, 0xdb, 0xce, 0x25}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xe3, 0x7e, 0x48, 0x07, 0xb5, 0xde, 0x67, 0xf2, 0x29, 0xed, 0x2a, 0x7a, 0x06, 0xb7, 0x7b, 0xa6, 0x87, 0x84, 0x74, 0x56, 0xe5, 0x90, 0xa5, 0x16, 0x0d, 0x4c, 0x51, 0xf0, 0x08, 0x05, 0x0e, 0xae}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xda, 0xc4, 0x82, 0x50, 0xc3, 0x86, 0x55, 0xf4, 0x77, 0x52, 0x96, 0x7f, 0xea, 0x7e, 0x35, 0xf6, 0x28, 0x26, 0xf7, 0x62, 0xd6, 0x91, 0x80, 0x52, 0x2a, 0xbf, 0xfd, 0x15, 0x07, 0x76, 0x09, 0x7f}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x4c, 0x7f, 0x4e, 0x2d, 0x30, 0x44, 0xd2, 0x00, 0x21, 0x13, 0xae, 0x34, 0x46, 0xf3, 0x1e, 0xdd, 0xe4, 0x99, 0xcf, 0x99, 0xd4, 0xbf, 0x2a, 0x64, 0x18, 0x13, 0x91, 0x37, 0x5c, 0x58, 0x16, 0x7a}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0x69, 0x23, 0xb5, 0xa8, 0xb1, 0x1b, 0x37, 0xac, 0x6f, 0xff, 0xc5, 0x6f, 0xd6, 0xe8, 0xbd, 0xf8, 0xcf, 0x16, 0x15, 0x80, 0x1b, 0xc7, 0x0b, 0x8b, 0x84, 0x12, 0xdd, 0x04, 0x2c, 0xfc, 0x46, 0x49}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x39, 0x7f, 0xc5, 0xf0, 0xd3, 0x7d, 0x4c, 0x61, 0x7d, 0xfb, 0xc4, 0x4e, 0x5a, 0xc5, 0xfa, 0x6b, 0xe8, 0x9d, 0x60, 0x60, 0x5b, 0x75, 0x86, 0x3b, 0xa0, 0xe1, 0xcc, 0x18, 0x90, 0x76, 0xfc, 0xee}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x27, 0x4e, 0x12, 0xb0, 0x84, 0x43, 0x45, 0x3a, 0x01, 0xb4, 0x86, 0xa9, 0xe9, 0x76, 0x05, 0xe4, 0x60, 0x50, 0x81, 0xed, 0xb4, 0xf2, 0xcc, 0x3e, 0xc1, 0x9d, 0x15, 0x51, 0x12, 0xfd, 0xe7, 0xf1}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0x4f, 0xfc, 0x5e, 0xb4, 0xc8, 0xd3, 0x04, 0x5d, 0x50, 0x16, 0x81, 0xe8, 0xd4, 0x6b, 0x6b, 0xcc, 0x12, 0x68, 0xdf, 0x78, 0xef, 0x94, 0x5f, 0x60, 0x8b, 0x9a, 0x35, 0x82, 0xfc, 0x55, 0x43, 0x27}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xaa, 0xfc, 0x49, 0xed, 0x13, 0x41, 0xcd, 0x7e, 0xf9, 0x4b, 0xc2, 0xe2, 0x55, 0x8c, 0x52, 0x65, 0x90, 0x29, 0x18, 0xa1, 0xf3, 0x63, 0x43, 0x87, 0xc5, 0xbc, 0x9d, 0x86, 0xf4, 0x2c, 0xee, 0x8a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf7, 0xfc, 0x33, 0x27, 0xc8, 0xe7, 0x17, 0x3a, 0xda, 0x2a, 0xbc, 0xeb, 0xe5, 0x6c, 0x5b, 0xb0, 0xd2, 0x2a, 0x0d, 0xa2, 0xa6, 0xa0, 0xdf, 0x10, 0xc8, 0x5c, 0xc8, 0x72, 0xa3, 0xcb, 0x1b, 0x29}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0x4b, 0xca, 0x14, 0xb0, 0xe6, 0x3f, 0x62, 0x93, 0x67, 0xc8, 0x30, 0x69, 0x12, 0x03, 0x56, 0x4c, 0x53, 0x5b, 0x90, 0x71, 0xb1, 0xf3, 0x40, 0x33, 0xd0, 0x5c, 0xc4, 0x77, 0x8f, 0x3c, 0x2a, 0x6b}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x24, 0xfe, 0xd2, 0x2a, 0x0b, 0x06, 0x5e, 0xc9, 0xa7, 0xe2, 0x3d, 0x6b, 0xe2, 0xe3, 0xdd, 0xb1, 0x0f, 0xba, 0xdf, 0xd1, 0x8f, 0x73, 0x6a, 0x77, 0xcf, 0x13, 0x30, 0xd2, 0xf0, 0x8a, 0x90, 0x70}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x65, 0xf5, 0xca, 0x0c, 0x86, 0x10, 0x86, 0x81, 0xcf, 0x0e, 0x71, 0x4f, 0x36, 0x78, 0xff, 0x92, 0x42, 0x6f, 0x23, 0xf5, 0x81, 0x1d, 0xe0, 0x44, 0x60, 0xee, 0x8a, 0x97, 0x9e, 0x46, 0x27, 0xa8}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index e373c1523..029b240f8 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240912224438-e077eaf02c11" + defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240917153308-7bb6ad6cc272" ) From dda6d5c16c346d8ffebb72384d20a59f6d337494 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 18 Sep 2024 08:49:43 +0200 Subject: [PATCH 261/380] deps: update fedora:40 Docker digest to d0207db (#3363) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- debugd/filebeat/Dockerfile | 2 +- debugd/logstash/Dockerfile | 4 ++-- debugd/metricbeat/Dockerfile | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/debugd/filebeat/Dockerfile b/debugd/filebeat/Dockerfile index c4e7c6b1a..dc52305c9 100644 --- a/debugd/filebeat/Dockerfile +++ b/debugd/filebeat/Dockerfile @@ -1,4 +1,4 @@ -FROM fedora:40@sha256:5ce8497aeea599bf6b54ab3979133923d82aaa4f6ca5ced1812611b197c79eb0 AS release +FROM fedora:40@sha256:d0207dbb078ee261852590b9a8f1ab1f8320547be79a2f39af9f3d23db33735e AS release RUN dnf install -y https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-8.6.2-x86_64.rpm diff --git a/debugd/logstash/Dockerfile b/debugd/logstash/Dockerfile index 92efbdb30..cdc603187 100644 --- a/debugd/logstash/Dockerfile +++ b/debugd/logstash/Dockerfile @@ -1,11 +1,11 @@ -FROM fedora:40@sha256:5ce8497aeea599bf6b54ab3979133923d82aaa4f6ca5ced1812611b197c79eb0 AS build +FROM fedora:40@sha256:d0207dbb078ee261852590b9a8f1ab1f8320547be79a2f39af9f3d23db33735e AS build ARG LOGSTASH_VER=8.6.1 RUN curl -fsSLO https://artifacts.opensearch.org/logstash/logstash-oss-with-opensearch-output-plugin-$LOGSTASH_VER-linux-x64.tar.gz RUN tar -zxvf logstash-oss-with-opensearch-output-plugin-$LOGSTASH_VER-linux-x64.tar.gz -FROM fedora:40@sha256:5ce8497aeea599bf6b54ab3979133923d82aaa4f6ca5ced1812611b197c79eb0 AS release +FROM fedora:40@sha256:d0207dbb078ee261852590b9a8f1ab1f8320547be79a2f39af9f3d23db33735e AS release COPY --from=build logstash-* /usr/share/logstash diff --git a/debugd/metricbeat/Dockerfile b/debugd/metricbeat/Dockerfile index a399973da..c6aca1f5f 100644 --- a/debugd/metricbeat/Dockerfile +++ b/debugd/metricbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM fedora:40@sha256:5ce8497aeea599bf6b54ab3979133923d82aaa4f6ca5ced1812611b197c79eb0 AS release +FROM fedora:40@sha256:d0207dbb078ee261852590b9a8f1ab1f8320547be79a2f39af9f3d23db33735e AS release RUN dnf install -y https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-8.9.2-x86_64.rpm From effb086cd33129a3b4046419b4615b43d4380038 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Wed, 18 Sep 2024 08:57:14 +0200 Subject: [PATCH 262/380] operator: use GCP REST API for instance templates (#3361) --- go.mod | 52 ++++----- go.sum | 107 +++++++++--------- .../internal/cloud/gcp/client/BUILD.bazel | 2 + .../internal/cloud/gcp/client/api.go | 11 +- .../internal/cloud/gcp/client/client.go | 11 +- .../internal/cloud/gcp/client/client_test.go | 27 ++--- .../internal/cloud/gcp/client/gcpwrappers.go | 21 ++-- .../internal/cloud/gcp/client/scalinggroup.go | 38 +++---- .../cloud/gcp/client/scalinggroup_test.go | 97 ++++++++-------- 9 files changed, 174 insertions(+), 192 deletions(-) diff --git a/go.mod b/go.mod index 588e47c0e..85ff9a9c0 100644 --- a/go.mod +++ b/go.mod @@ -26,10 +26,10 @@ replace ( ) require ( - cloud.google.com/go/compute v1.27.4 + cloud.google.com/go/compute v1.28.0 cloud.google.com/go/compute/metadata v0.5.0 - cloud.google.com/go/kms v1.18.4 - cloud.google.com/go/secretmanager v1.13.5 + cloud.google.com/go/kms v1.19.0 + cloud.google.com/go/secretmanager v1.14.0 cloud.google.com/go/storage v1.43.0 dario.cat/mergo v1.0.0 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible @@ -114,14 +114,14 @@ require ( go.etcd.io/etcd/client/pkg/v3 v3.5.15 go.etcd.io/etcd/client/v3 v3.5.15 go.uber.org/goleak v1.3.0 - golang.org/x/crypto v0.25.0 + golang.org/x/crypto v0.27.0 golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 golang.org/x/mod v0.20.0 - golang.org/x/sys v0.23.0 - golang.org/x/text v0.17.0 + golang.org/x/sys v0.25.0 + golang.org/x/text v0.18.0 golang.org/x/tools v0.23.0 - google.golang.org/api v0.190.0 - google.golang.org/grpc v1.65.0 + google.golang.org/api v0.197.0 + google.golang.org/grpc v1.66.1 google.golang.org/protobuf v1.34.2 gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.15.3 @@ -141,11 +141,11 @@ require ( ) require ( - cloud.google.com/go v0.115.0 // indirect - cloud.google.com/go/auth v0.7.3 // indirect - cloud.google.com/go/auth/oauth2adapt v0.2.3 // indirect - cloud.google.com/go/iam v1.1.12 // indirect - cloud.google.com/go/longrunning v0.5.11 // indirect + cloud.google.com/go v0.115.1 // indirect + cloud.google.com/go/auth v0.9.3 // indirect + cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect + cloud.google.com/go/iam v1.2.0 // indirect + cloud.google.com/go/longrunning v0.6.0 // indirect github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0 // indirect @@ -253,7 +253,7 @@ require ( github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 // indirect github.com/google/s2a-go v0.1.8 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect - github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect + github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect github.com/gorilla/mux v1.8.1 // indirect github.com/gorilla/websocket v1.5.0 // indirect github.com/gosuri/uitable v0.0.4 // indirect @@ -345,24 +345,24 @@ require ( github.com/zclconf/go-cty v1.14.4 // indirect go.mongodb.org/mongo-driver v1.14.0 // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 // indirect - go.opentelemetry.io/otel v1.27.0 // indirect - go.opentelemetry.io/otel/metric v1.27.0 // indirect - go.opentelemetry.io/otel/trace v1.27.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect + go.opentelemetry.io/otel v1.29.0 // indirect + go.opentelemetry.io/otel/metric v1.29.0 // indirect + go.opentelemetry.io/otel/trace v1.29.0 // indirect go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect - golang.org/x/net v0.27.0 // indirect - golang.org/x/oauth2 v0.21.0 // indirect + golang.org/x/net v0.29.0 // indirect + golang.org/x/oauth2 v0.23.0 // indirect golang.org/x/sync v0.8.0 // indirect - golang.org/x/term v0.22.0 // indirect - golang.org/x/time v0.5.0 // indirect + golang.org/x/term v0.24.0 // indirect + golang.org/x/time v0.6.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.8 // indirect - google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf // indirect + google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect k8s.io/cli-runtime v0.30.0 // indirect diff --git a/go.sum b/go.sum index 8386c801e..f8c0d3c9b 100644 --- a/go.sum +++ b/go.sum @@ -5,28 +5,28 @@ cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6A cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= -cloud.google.com/go v0.115.0 h1:CnFSK6Xo3lDYRoBKEcAtia6VSC837/ZkJuRduSFnr14= -cloud.google.com/go v0.115.0/go.mod h1:8jIM5vVgoAEoiVxQ/O4BFTfHqulPZgs/ufEzMcFMdWU= -cloud.google.com/go/auth v0.7.3 h1:98Vr+5jMaCZ5NZk6e/uBgf60phTk/XN84r8QEWB9yjY= -cloud.google.com/go/auth v0.7.3/go.mod h1:HJtWUx1P5eqjy/f6Iq5KeytNpbAcGolPhOgyop2LlzA= -cloud.google.com/go/auth/oauth2adapt v0.2.3 h1:MlxF+Pd3OmSudg/b1yZ5lJwoXCEaeedAguodky1PcKI= -cloud.google.com/go/auth/oauth2adapt v0.2.3/go.mod h1:tMQXOfZzFuNuUxOypHlQEXgdfX5cuhwU+ffUuXRJE8I= +cloud.google.com/go v0.115.1 h1:Jo0SM9cQnSkYfp44+v+NQXHpcHqlnRJk2qxh6yvxxxQ= +cloud.google.com/go v0.115.1/go.mod h1:DuujITeaufu3gL68/lOFIirVNJwQeyf5UXyi+Wbgknc= +cloud.google.com/go/auth v0.9.3 h1:VOEUIAADkkLtyfr3BLa3R8Ed/j6w1jTBmARx+wb5w5U= +cloud.google.com/go/auth v0.9.3/go.mod h1:7z6VY+7h3KUdRov5F1i8NDP5ZzWKYmEPO842BgCsmTk= +cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY= +cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= -cloud.google.com/go/compute v1.27.4 h1:XM8ulx6crjdl09XBfji7viFgZOEQuIxBwKmjRH9Rtmc= -cloud.google.com/go/compute v1.27.4/go.mod h1:7JZS+h21ERAGHOy5qb7+EPyXlQwzshzrx1x6L9JhTqU= +cloud.google.com/go/compute v1.28.0 h1:OPtBxMcheSS+DWfci803qvPly3d4w7Eu5ztKBcFfzwk= +cloud.google.com/go/compute v1.28.0/go.mod h1:DEqZBtYrDnD5PvjsKwb3onnhX+qjdCVM7eshj1XdjV4= cloud.google.com/go/compute/metadata v0.5.0 h1:Zr0eK8JbFv6+Wi4ilXAR8FJ3wyNdpxHKJNPos6LTZOY= cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= -cloud.google.com/go/iam v1.1.12 h1:JixGLimRrNGcxvJEQ8+clfLxPlbeZA6MuRJ+qJNQ5Xw= -cloud.google.com/go/iam v1.1.12/go.mod h1:9LDX8J7dN5YRyzVHxwQzrQs9opFFqn0Mxs9nAeB+Hhg= -cloud.google.com/go/kms v1.18.4 h1:dYN3OCsQ6wJLLtOnI8DGUwQ5shMusXsWCCC+s09ATsk= -cloud.google.com/go/kms v1.18.4/go.mod h1:SG1bgQ3UWW6/KdPo9uuJnzELXY5YTTMJtDYvajiQ22g= -cloud.google.com/go/longrunning v0.5.11 h1:Havn1kGjz3whCfoD8dxMLP73Ph5w+ODyZB9RUsDxtGk= -cloud.google.com/go/longrunning v0.5.11/go.mod h1:rDn7//lmlfWV1Dx6IB4RatCPenTwwmqXuiP0/RgoEO4= +cloud.google.com/go/iam v1.2.0 h1:kZKMKVNk/IsSSc/udOb83K0hL/Yh/Gcqpz+oAkoIFN8= +cloud.google.com/go/iam v1.2.0/go.mod h1:zITGuWgsLZxd8OwAlX+eMFgZDXzBm7icj1PVTYG766Q= +cloud.google.com/go/kms v1.19.0 h1:x0OVJDl6UH1BSX4THKlMfdcFWoE4ruh90ZHuilZekrU= +cloud.google.com/go/kms v1.19.0/go.mod h1:e4imokuPJUc17Trz2s6lEXFDt8bgDmvpVynH39bdrHM= +cloud.google.com/go/longrunning v0.6.0 h1:mM1ZmaNsQsnb+5n1DNPeL0KwQd9jQRqSqSDEkBZr+aI= +cloud.google.com/go/longrunning v0.6.0/go.mod h1:uHzSZqW89h7/pasCWNYdUpwGz3PcVWhrWupreVPYLts= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= -cloud.google.com/go/secretmanager v1.13.5 h1:tXlHvpm97mFD0Lv50N4U4zlXfkoTNay3BmpNA/W7/oI= -cloud.google.com/go/secretmanager v1.13.5/go.mod h1:/OeZ88l5Z6nBVilV0SXgv6XJ243KP2aIhSWRMrbvDCQ= +cloud.google.com/go/secretmanager v1.14.0 h1:P2RRu2NEsQyOjplhUPvWKqzDXUKzwejHLuSUBHI8c4w= +cloud.google.com/go/secretmanager v1.14.0/go.mod h1:q0hSFHzoW7eRgyYFH8trqEFavgrMeiJI4FETNN78vhM= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.43.0 h1:CcxnSohZwizt4LCzQHWvBf1/kvtHUn7gk9QERXPyXFs= cloud.google.com/go/storage v1.43.0/go.mod h1:ajvxEa7WmZS1PxvKRq4bq0tFT3vMd502JwstCcYv0Q0= @@ -496,8 +496,8 @@ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs= -github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= +github.com/googleapis/enterprise-certificate-proxy v0.3.4 h1:XYIDZApgAnrN1c855gTgghdIA6Stxb52D5RnLI1SLyw= +github.com/googleapis/enterprise-certificate-proxy v0.3.4/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.13.0 h1:yitjD5f7jQHhyDsnhKEBU52NdvvdSeGzlAnDPT0hH1s= @@ -972,22 +972,22 @@ go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 h1:vS1Ao/R55RNV4O7TA2Qopok8yN+X0LIP6RVWLFkprck= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0/go.mod h1:BMsdeOxN04K0L5FNUBfjFdvwWGNe/rkmSwH4Aelu/X0= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 h1:9l89oX4ba9kHbBol3Xin3leYJ+252h0zszDtBwyKe2A= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0/go.mod h1:XLZfZboOJWHNKUv7eH0inh0E9VV6eWDFB/9yJyTLPp0= -go.opentelemetry.io/otel v1.27.0 h1:9BZoF3yMK/O1AafMiQTVu0YDj5Ea4hPhxCs7sGva+cg= -go.opentelemetry.io/otel v1.27.0/go.mod h1:DMpAK8fzYRzs+bi3rS5REupisuqTheUlSZJ1WnZaPAQ= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 h1:r6I7RJCN86bpD/FQwedZ0vSixDpwuWREjW9oRMsmqDc= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0/go.mod h1:B9yO6b04uB80CzjedvewuqDhxJxi11s7/GtiGa8bAjI= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 h1:TT4fX+nBOA/+LUkobKGW1ydGcn+G3vRw9+g5HwCphpk= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0/go.mod h1:L7UH0GbB0p47T4Rri3uHjbpCFYrVrwc1I25QhNPiGK8= +go.opentelemetry.io/otel v1.29.0 h1:PdomN/Al4q/lN6iBJEN3AwPvUiHPMlt93c8bqTG5Llw= +go.opentelemetry.io/otel v1.29.0/go.mod h1:N/WtXPs1CNCUEx+Agz5uouwCba+i+bJGFicT8SR4NP8= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.0 h1:R9DE4kQ4k+YtfLI2ULwX82VtNQ2J8yZmA7ZIF/D+7Mc= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.0/go.mod h1:OQFyQVrDlbe+R7xrEyDr/2Wr67Ol0hRUgsfA+V5A95s= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0 h1:IeMeyr1aBvBiPVYihXIaeIZba6b8E1bYp7lbdxK8CQg= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0/go.mod h1:oVdCUtjq9MK9BlS7TtucsQwUcXcymNiEDjgDD2jMtZU= -go.opentelemetry.io/otel/metric v1.27.0 h1:hvj3vdEKyeCi4YaYfNjv2NUje8FqKqUY8IlF0FxV/ik= -go.opentelemetry.io/otel/metric v1.27.0/go.mod h1:mVFgmRlhljgBiuk/MP/oKylr4hs85GZAylncepAX/ak= -go.opentelemetry.io/otel/sdk v1.27.0 h1:mlk+/Y1gLPLn84U4tI8d3GNJmGT/eXe3ZuOXN9kTWmI= -go.opentelemetry.io/otel/sdk v1.27.0/go.mod h1:Ha9vbLwJE6W86YstIywK2xFfPjbWlCuwPtMkKdz/Y4A= -go.opentelemetry.io/otel/trace v1.27.0 h1:IqYb813p7cmbHk0a5y6pD5JPakbVfftRXABGt5/Rscw= -go.opentelemetry.io/otel/trace v1.27.0/go.mod h1:6RiD1hkAprV4/q+yd2ln1HG9GoPx39SuvvstaLBl+l4= +go.opentelemetry.io/otel/metric v1.29.0 h1:vPf/HFWTNkPu1aYeIsc98l4ktOQaL6LeSoeV2g+8YLc= +go.opentelemetry.io/otel/metric v1.29.0/go.mod h1:auu/QWieFVWx+DmQOUMgj0F8LHWdgalxXqvp7BII/W8= +go.opentelemetry.io/otel/sdk v1.28.0 h1:b9d7hIry8yZsgtbmM0DKyPWMMUMlK9NEKuIG4aBqWyE= +go.opentelemetry.io/otel/sdk v1.28.0/go.mod h1:oYj7ClPUA7Iw3m+r7GeEjz0qckQRJK2B8zjcZEfu7Pg= +go.opentelemetry.io/otel/trace v1.29.0 h1:J/8ZNK4XgR7a21DZUAsbF8pZ5Jcw1VhACmnYt39JTi4= +go.opentelemetry.io/otel/trace v1.29.0/go.mod h1:eHl3w0sp3paPkYstJOmAimxhiFXPg+MMTlEh3nsQgWQ= go.opentelemetry.io/proto/otlp v1.2.0 h1:pVeZGk7nXDC9O2hncA6nHldxEjm6LByfA2aN8IOkz94= go.opentelemetry.io/proto/otlp v1.2.0/go.mod h1:gGpR8txAl5M03pDhMC79G6SdqNV26naRm/KDsgaHD8A= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY= @@ -1013,8 +1013,8 @@ golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= -golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= -golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= +golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A= +golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -1066,13 +1066,13 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= -golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= +golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo= +golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= -golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= +golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1123,8 +1123,8 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM= -golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= +golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -1132,8 +1132,9 @@ golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= -golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk= golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= +golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM= +golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= @@ -1145,12 +1146,12 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= -golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224= +golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= -golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= +golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -1187,8 +1188,8 @@ google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.190.0 h1:ASM+IhLY1zljNdLu19W1jTmU6A+gMk6M46Wlur61s+Q= -google.golang.org/api v0.190.0/go.mod h1:QIr6I9iedBLnfqoD6L6Vze1UvS5Hzj5r2aUBOaZnLHo= +google.golang.org/api v0.197.0 h1:x6CwqQLsFiA5JKAiGyGBjc2bNtHtLddhJCE2IKuhhcQ= +google.golang.org/api v0.197.0/go.mod h1:AuOuo20GoQ331nq7DquGHlU6d+2wN2fZ8O0ta60nRNw= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1205,12 +1206,12 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98 google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf h1:OqdXDEakZCVtDiZTjcxfwbHPCT11ycCEsTKesBVKvyY= -google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf/go.mod h1:mCr1K1c8kX+1iSBREvU3Juo11CB+QOEWxbRS01wWl5M= -google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f h1:b1Ln/PG8orm0SsBbHZWke8dDp2lrCD4jSmfglFpTZbk= -google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f/go.mod h1:AHT0dDg3SoMOgZGnZk29b5xTbPHMoEC8qthmBLJCpys= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf h1:liao9UHurZLtiEwBgT9LMOnKYsHze6eA6w1KQCMVN2Q= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= +google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 h1:BulPr26Jqjnd4eYDVe+YvyR7Yc2vJGkO5/0UxD0/jZU= +google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:hL97c3SYopEHblzpxRL4lSs523++l8DYxGM1FQiYmb4= +google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed h1:3RgNmBoI9MZhsj3QxC+AP/qQhNwpCLOvYDYYsFrhFt0= +google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed/go.mod h1:OCdP9MfskevB/rbYvHTsXTtKC+3bHWajPdoKgjcYkfo= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 h1:pPJltXNxVzT4pK9yD8vR9X75DaWYYmLGMsEvBfFQZzQ= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1218,8 +1219,8 @@ google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc= -google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ= +google.golang.org/grpc v1.66.1 h1:hO5qAXR19+/Z44hmvIM4dQFMSYX9XcWsByfoxutBpAM= +google.golang.org/grpc v1.66.1/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= diff --git a/operators/constellation-node-operator/internal/cloud/gcp/client/BUILD.bazel b/operators/constellation-node-operator/internal/cloud/gcp/client/BUILD.bazel index 72548055d..54100de98 100644 --- a/operators/constellation-node-operator/internal/cloud/gcp/client/BUILD.bazel +++ b/operators/constellation-node-operator/internal/cloud/gcp/client/BUILD.bazel @@ -29,6 +29,7 @@ go_library( "@com_github_spf13_afero//:afero", "@com_google_cloud_go_compute//apiv1", "@com_google_cloud_go_compute//apiv1/computepb", + "@org_golang_google_api//compute/v1:compute", "@org_golang_google_api//googleapi", "@org_golang_google_api//iterator", "@org_golang_google_protobuf//proto", @@ -61,6 +62,7 @@ go_test( "@com_github_stretchr_testify//require", "@com_google_cloud_go_compute//apiv1", "@com_google_cloud_go_compute//apiv1/computepb", + "@org_golang_google_api//compute/v1:compute", "@org_golang_google_api//googleapi", "@org_golang_google_api//iterator", "@org_golang_google_protobuf//proto", diff --git a/operators/constellation-node-operator/internal/cloud/gcp/client/api.go b/operators/constellation-node-operator/internal/cloud/gcp/client/api.go index 12966da9e..15c56ece5 100644 --- a/operators/constellation-node-operator/internal/cloud/gcp/client/api.go +++ b/operators/constellation-node-operator/internal/cloud/gcp/client/api.go @@ -12,6 +12,7 @@ import ( compute "cloud.google.com/go/compute/apiv1" "cloud.google.com/go/compute/apiv1/computepb" "github.com/googleapis/gax-go/v2" + computeREST "google.golang.org/api/compute/v1" ) type projectAPI interface { @@ -27,13 +28,9 @@ type instanceAPI interface { } type instanceTemplateAPI interface { - Close() error - Get(ctx context.Context, req *computepb.GetInstanceTemplateRequest, - opts ...gax.CallOption) (*computepb.InstanceTemplate, error) - Delete(ctx context.Context, req *computepb.DeleteInstanceTemplateRequest, - opts ...gax.CallOption) (Operation, error) - Insert(ctx context.Context, req *computepb.InsertInstanceTemplateRequest, - opts ...gax.CallOption) (Operation, error) + Get(projectID, template string) (*computeREST.InstanceTemplate, error) + Delete(projectID, template string) (*computeREST.Operation, error) + Insert(projectID string, template *computeREST.InstanceTemplate) (*computeREST.Operation, error) } type instanceGroupManagersAPI interface { diff --git a/operators/constellation-node-operator/internal/cloud/gcp/client/client.go b/operators/constellation-node-operator/internal/cloud/gcp/client/client.go index aa0a46ae7..e9dbc3a4e 100644 --- a/operators/constellation-node-operator/internal/cloud/gcp/client/client.go +++ b/operators/constellation-node-operator/internal/cloud/gcp/client/client.go @@ -14,6 +14,7 @@ import ( compute "cloud.google.com/go/compute/apiv1" "github.com/spf13/afero" + computeREST "google.golang.org/api/compute/v1" ) // Client is a client for the Google Compute Engine. @@ -48,12 +49,17 @@ func New(ctx context.Context, configPath string) (*Client, error) { return nil, err } closers = append(closers, insAPI) - templAPI, err := compute.NewInstanceTemplatesRESTClient(ctx) + + // TODO(msanft): Go back to protobuf-based API when it supports setting + // a confidential instance type. + // See https://github.com/googleapis/google-cloud-go/issues/10873 for the current status. + restClient, err := computeREST.NewService(ctx) if err != nil { _ = closeAll(closers) return nil, err } - closers = append(closers, templAPI) + templAPI := computeREST.NewInstanceTemplatesService(restClient) + groupAPI, err := compute.NewInstanceGroupManagersRESTClient(ctx) if err != nil { _ = closeAll(closers) @@ -81,7 +87,6 @@ func (c *Client) Close() error { closers := []closer{ c.projectAPI, c.instanceAPI, - c.instanceTemplateAPI, c.instanceGroupManagersAPI, c.diskAPI, } diff --git a/operators/constellation-node-operator/internal/cloud/gcp/client/client_test.go b/operators/constellation-node-operator/internal/cloud/gcp/client/client_test.go index e7779453b..58816c561 100644 --- a/operators/constellation-node-operator/internal/cloud/gcp/client/client_test.go +++ b/operators/constellation-node-operator/internal/cloud/gcp/client/client_test.go @@ -12,6 +12,7 @@ import ( compute "cloud.google.com/go/compute/apiv1" "cloud.google.com/go/compute/apiv1/computepb" "github.com/googleapis/gax-go/v2" + computeREST "google.golang.org/api/compute/v1" "google.golang.org/api/iterator" "google.golang.org/protobuf/proto" ) @@ -47,7 +48,7 @@ func (a stubInstanceAPI) Get(_ context.Context, _ *computepb.GetInstanceRequest, } type stubInstanceTemplateAPI struct { - template *computepb.InstanceTemplate + template *computeREST.InstanceTemplate getErr error deleteErr error insertErr error @@ -57,30 +58,16 @@ func (a stubInstanceTemplateAPI) Close() error { return nil } -func (a stubInstanceTemplateAPI) Get(_ context.Context, _ *computepb.GetInstanceTemplateRequest, - _ ...gax.CallOption, -) (*computepb.InstanceTemplate, error) { +func (a stubInstanceTemplateAPI) Get(_, _ string) (*computeREST.InstanceTemplate, error) { return a.template, a.getErr } -func (a stubInstanceTemplateAPI) Delete(_ context.Context, _ *computepb.DeleteInstanceTemplateRequest, - _ ...gax.CallOption, -) (Operation, error) { - return &stubOperation{ - &computepb.Operation{ - Name: proto.String("name"), - }, - }, a.deleteErr +func (a stubInstanceTemplateAPI) Delete(_, _ string) (*computeREST.Operation, error) { + return &computeREST.Operation{}, a.deleteErr } -func (a stubInstanceTemplateAPI) Insert(_ context.Context, _ *computepb.InsertInstanceTemplateRequest, - _ ...gax.CallOption, -) (Operation, error) { - return &stubOperation{ - &computepb.Operation{ - Name: proto.String("name"), - }, - }, a.insertErr +func (a stubInstanceTemplateAPI) Insert(_ string, _ *computeREST.InstanceTemplate) (*computeREST.Operation, error) { + return &computeREST.Operation{}, a.insertErr } type stubInstanceGroupManagersAPI struct { diff --git a/operators/constellation-node-operator/internal/cloud/gcp/client/gcpwrappers.go b/operators/constellation-node-operator/internal/cloud/gcp/client/gcpwrappers.go index 3d34efba7..da87f596c 100644 --- a/operators/constellation-node-operator/internal/cloud/gcp/client/gcpwrappers.go +++ b/operators/constellation-node-operator/internal/cloud/gcp/client/gcpwrappers.go @@ -12,26 +12,27 @@ import ( compute "cloud.google.com/go/compute/apiv1" "cloud.google.com/go/compute/apiv1/computepb" "github.com/googleapis/gax-go/v2" + computeREST "google.golang.org/api/compute/v1" ) type instanceTemplateClient struct { - *compute.InstanceTemplatesClient + *computeREST.InstanceTemplatesService } func (c *instanceTemplateClient) Close() error { - return c.InstanceTemplatesClient.Close() + return nil // no-op } -func (c *instanceTemplateClient) Delete(ctx context.Context, req *computepb.DeleteInstanceTemplateRequest, - opts ...gax.CallOption, -) (Operation, error) { - return c.InstanceTemplatesClient.Delete(ctx, req, opts...) +func (c *instanceTemplateClient) Get(project, template string) (*computeREST.InstanceTemplate, error) { + return c.InstanceTemplatesService.Get(project, template).Do() } -func (c *instanceTemplateClient) Insert(ctx context.Context, req *computepb.InsertInstanceTemplateRequest, - opts ...gax.CallOption, -) (Operation, error) { - return c.InstanceTemplatesClient.Insert(ctx, req, opts...) +func (c *instanceTemplateClient) Delete(project, template string) (*computeREST.Operation, error) { + return c.InstanceTemplatesService.Delete(project, template).Do() +} + +func (c *instanceTemplateClient) Insert(projectID string, template *computeREST.InstanceTemplate) (*computeREST.Operation, error) { + return c.InstanceTemplatesService.Insert(projectID, template).Do() } type instanceGroupManagersClient struct { diff --git a/operators/constellation-node-operator/internal/cloud/gcp/client/scalinggroup.go b/operators/constellation-node-operator/internal/cloud/gcp/client/scalinggroup.go index 683ad89ce..658aaea96 100644 --- a/operators/constellation-node-operator/internal/cloud/gcp/client/scalinggroup.go +++ b/operators/constellation-node-operator/internal/cloud/gcp/client/scalinggroup.go @@ -16,6 +16,7 @@ import ( "github.com/edgelesssys/constellation/v2/internal/constants" updatev1alpha1 "github.com/edgelesssys/constellation/v2/operators/constellation-node-operator/api/v1alpha1" cspapi "github.com/edgelesssys/constellation/v2/operators/constellation-node-operator/internal/cloud/api" + computeREST "google.golang.org/api/compute/v1" "google.golang.org/api/iterator" ) @@ -49,29 +50,22 @@ func (c *Client) SetScalingGroupImage(ctx context.Context, scalingGroupID, image } // clone template with desired image - if instanceTemplate.Name == nil { + if instanceTemplate.Name == "" { return fmt.Errorf("instance template of scaling group %q has no name", scalingGroupID) } - instanceTemplate.Properties.Disks[0].InitializeParams.SourceImage = &imageURI - newTemplateName, err := generateInstanceTemplateName(*instanceTemplate.Name) + instanceTemplate.Properties.Disks[0].InitializeParams.SourceImage = imageURI + newTemplateName, err := generateInstanceTemplateName(instanceTemplate.Name) if err != nil { return err } - instanceTemplate.Name = &newTemplateName - op, err := c.instanceTemplateAPI.Insert(ctx, &computepb.InsertInstanceTemplateRequest{ - Project: project, - InstanceTemplateResource: instanceTemplate, - }) - if err != nil { + instanceTemplate.Name = newTemplateName + if _, err := c.instanceTemplateAPI.Insert(project, instanceTemplate); err != nil { return fmt.Errorf("cloning instance template: %w", err) } - if err := op.Wait(ctx); err != nil { - return fmt.Errorf("waiting for cloned instance template: %w", err) - } newTemplateURI := joinInstanceTemplateURI(project, newTemplateName) // update instance group manager to use new template - op, err = c.instanceGroupManagersAPI.SetInstanceTemplate(ctx, &computepb.SetInstanceTemplateInstanceGroupManagerRequest{ + op, err := c.instanceGroupManagersAPI.SetInstanceTemplate(ctx, &computepb.SetInstanceTemplateInstanceGroupManagerRequest{ InstanceGroupManager: instanceGroupName, Project: project, Zone: zone, @@ -133,10 +127,7 @@ func (c *Client) ListScalingGroups(ctx context.Context, uid string) ([]cspapi.Sc if len(templateURI) < 1 { continue // invalid template URI } - template, err := c.instanceTemplateAPI.Get(ctx, &computepb.GetInstanceTemplateRequest{ - Project: c.projectID, - InstanceTemplate: templateURI[len(templateURI)-1], - }) + template, err := c.instanceTemplateAPI.Get(c.projectID, templateURI[len(templateURI)-1]) if err != nil { return nil, fmt.Errorf("getting instance template: %w", err) } @@ -188,7 +179,7 @@ func (c *Client) ListScalingGroups(ctx context.Context, uid string) ([]cspapi.Sc return results, nil } -func (c *Client) getScalingGroupTemplate(ctx context.Context, scalingGroupID string) (*computepb.InstanceTemplate, error) { +func (c *Client) getScalingGroupTemplate(ctx context.Context, scalingGroupID string) (*computeREST.InstanceTemplate, error) { project, zone, instanceGroupName, err := splitInstanceGroupID(scalingGroupID) if err != nil { return nil, err @@ -208,22 +199,19 @@ func (c *Client) getScalingGroupTemplate(ctx context.Context, scalingGroupID str if err != nil { return nil, fmt.Errorf("splitting instance template name: %w", err) } - instanceTemplate, err := c.instanceTemplateAPI.Get(ctx, &computepb.GetInstanceTemplateRequest{ - InstanceTemplate: instanceTemplateName, - Project: instanceTemplateProject, - }) + instanceTemplate, err := c.instanceTemplateAPI.Get(instanceTemplateProject, instanceTemplateName) if err != nil { return nil, fmt.Errorf("getting instance template %q: %w", instanceTemplateName, err) } return instanceTemplate, nil } -func instanceTemplateSourceImage(instanceTemplate *computepb.InstanceTemplate) (string, error) { +func instanceTemplateSourceImage(instanceTemplate *computeREST.InstanceTemplate) (string, error) { if instanceTemplate.Properties == nil || len(instanceTemplate.Properties.Disks) == 0 || instanceTemplate.Properties.Disks[0].InitializeParams == nil || - instanceTemplate.Properties.Disks[0].InitializeParams.SourceImage == nil { + instanceTemplate.Properties.Disks[0].InitializeParams.SourceImage == "" { return "", errors.New("instance template has no source image") } - return uriNormalize(*instanceTemplate.Properties.Disks[0].InitializeParams.SourceImage), nil + return uriNormalize(instanceTemplate.Properties.Disks[0].InitializeParams.SourceImage), nil } diff --git a/operators/constellation-node-operator/internal/cloud/gcp/client/scalinggroup_test.go b/operators/constellation-node-operator/internal/cloud/gcp/client/scalinggroup_test.go index a91f49d1d..26983cb97 100644 --- a/operators/constellation-node-operator/internal/cloud/gcp/client/scalinggroup_test.go +++ b/operators/constellation-node-operator/internal/cloud/gcp/client/scalinggroup_test.go @@ -16,6 +16,7 @@ import ( cspapi "github.com/edgelesssys/constellation/v2/operators/constellation-node-operator/internal/cloud/api" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + computeREST "google.golang.org/api/compute/v1" "google.golang.org/protobuf/proto" ) @@ -23,7 +24,7 @@ func TestGetScalingGroupImage(t *testing.T) { testCases := map[string]struct { scalingGroupID string instanceGroupManagerTemplateID *string - instanceTemplate *computepb.InstanceTemplate + instanceTemplate *computeREST.InstanceTemplate getInstanceGroupManagerErr error getInstanceTemplateErr error wantImage string @@ -32,12 +33,12 @@ func TestGetScalingGroupImage(t *testing.T) { "getting image works": { scalingGroupID: "projects/project/zones/zone/instanceGroupManagers/instance-group", instanceGroupManagerTemplateID: proto.String("projects/project/global/instanceTemplates/instance-template"), - instanceTemplate: &computepb.InstanceTemplate{ - Properties: &computepb.InstanceProperties{ - Disks: []*computepb.AttachedDisk{ + instanceTemplate: &computeREST.InstanceTemplate{ + Properties: &computeREST.InstanceProperties{ + Disks: []*computeREST.AttachedDisk{ { - InitializeParams: &computepb.AttachedDiskInitializeParams{ - SourceImage: proto.String("https://www.googleapis.com/compute/v1/projects/project/global/images/image"), + InitializeParams: &computeREST.AttachedDiskInitializeParams{ + SourceImage: "https://www.googleapis.com/compute/v1/projects/project/global/images/image", }, }, }, @@ -72,8 +73,8 @@ func TestGetScalingGroupImage(t *testing.T) { "instance template has no disks": { scalingGroupID: "projects/project/zones/zone/instanceGroupManagers/instance-group", instanceGroupManagerTemplateID: proto.String("projects/project/global/instanceTemplates/instance-template"), - instanceTemplate: &computepb.InstanceTemplate{ - Properties: &computepb.InstanceProperties{}, + instanceTemplate: &computeREST.InstanceTemplate{ + Properties: &computeREST.InstanceProperties{}, }, wantErr: true, }, @@ -112,7 +113,7 @@ func TestSetScalingGroupImage(t *testing.T) { scalingGroupID string imageURI string instanceGroupManagerTemplateID *string - instanceTemplate *computepb.InstanceTemplate + instanceTemplate *computeREST.InstanceTemplate getInstanceGroupManagerErr error getInstanceTemplateErr error setInstanceTemplateErr error @@ -123,13 +124,13 @@ func TestSetScalingGroupImage(t *testing.T) { scalingGroupID: "projects/project/zones/zone/instanceGroupManagers/instance-group", imageURI: "projects/project/global/images/image-2", instanceGroupManagerTemplateID: proto.String("projects/project/global/instanceTemplates/instance-template"), - instanceTemplate: &computepb.InstanceTemplate{ - Name: proto.String("instance-template"), - Properties: &computepb.InstanceProperties{ - Disks: []*computepb.AttachedDisk{ + instanceTemplate: &computeREST.InstanceTemplate{ + Name: "instance-template", + Properties: &computeREST.InstanceProperties{ + Disks: []*computeREST.AttachedDisk{ { - InitializeParams: &computepb.AttachedDiskInitializeParams{ - SourceImage: proto.String("https://www.googleapis.com/compute/v1/projects/project/global/images/image-1"), + InitializeParams: &computeREST.AttachedDiskInitializeParams{ + SourceImage: "https://www.googleapis.com/compute/v1/projects/project/global/images/image-1", }, }, }, @@ -140,13 +141,13 @@ func TestSetScalingGroupImage(t *testing.T) { scalingGroupID: "projects/project/zones/zone/instanceGroupManagers/instance-group", imageURI: "projects/project/global/images/image", instanceGroupManagerTemplateID: proto.String("projects/project/global/instanceTemplates/instance-template"), - instanceTemplate: &computepb.InstanceTemplate{ - Name: proto.String("instance-template"), - Properties: &computepb.InstanceProperties{ - Disks: []*computepb.AttachedDisk{ + instanceTemplate: &computeREST.InstanceTemplate{ + Name: "instance-template", + Properties: &computeREST.InstanceProperties{ + Disks: []*computeREST.AttachedDisk{ { - InitializeParams: &computepb.AttachedDiskInitializeParams{ - SourceImage: proto.String("https://www.googleapis.com/compute/v1/projects/project/global/images/image"), + InitializeParams: &computeREST.AttachedDiskInitializeParams{ + SourceImage: "https://www.googleapis.com/compute/v1/projects/project/global/images/image", }, }, }, @@ -182,8 +183,8 @@ func TestSetScalingGroupImage(t *testing.T) { "instance template has no disks": { scalingGroupID: "projects/project/zones/zone/instanceGroupManagers/instance-group", instanceGroupManagerTemplateID: proto.String("projects/project/global/instanceTemplates/instance-template"), - instanceTemplate: &computepb.InstanceTemplate{ - Properties: &computepb.InstanceProperties{}, + instanceTemplate: &computeREST.InstanceTemplate{ + Properties: &computeREST.InstanceProperties{}, }, wantErr: true, }, @@ -191,12 +192,12 @@ func TestSetScalingGroupImage(t *testing.T) { scalingGroupID: "projects/project/zones/zone/instanceGroupManagers/instance-group", imageURI: "projects/project/global/images/image-2", instanceGroupManagerTemplateID: proto.String("projects/project/global/instanceTemplates/instance-template"), - instanceTemplate: &computepb.InstanceTemplate{ - Properties: &computepb.InstanceProperties{ - Disks: []*computepb.AttachedDisk{ + instanceTemplate: &computeREST.InstanceTemplate{ + Properties: &computeREST.InstanceProperties{ + Disks: []*computeREST.AttachedDisk{ { - InitializeParams: &computepb.AttachedDiskInitializeParams{ - SourceImage: proto.String("https://www.googleapis.com/compute/v1/projects/project/global/images/image-1"), + InitializeParams: &computeREST.AttachedDiskInitializeParams{ + SourceImage: "https://www.googleapis.com/compute/v1/projects/project/global/images/image-1", }, }, }, @@ -208,13 +209,13 @@ func TestSetScalingGroupImage(t *testing.T) { scalingGroupID: "projects/project/zones/zone/instanceGroupManagers/instance-group", imageURI: "projects/project/global/images/image-2", instanceGroupManagerTemplateID: proto.String("projects/project/global/instanceTemplates/instance-template"), - instanceTemplate: &computepb.InstanceTemplate{ - Name: proto.String("instance-template-999999999999999999999"), - Properties: &computepb.InstanceProperties{ - Disks: []*computepb.AttachedDisk{ + instanceTemplate: &computeREST.InstanceTemplate{ + Name: "instance-template-999999999999999999999", + Properties: &computeREST.InstanceProperties{ + Disks: []*computeREST.AttachedDisk{ { - InitializeParams: &computepb.AttachedDiskInitializeParams{ - SourceImage: proto.String("https://www.googleapis.com/compute/v1/projects/project/global/images/image-1"), + InitializeParams: &computeREST.AttachedDiskInitializeParams{ + SourceImage: "https://www.googleapis.com/compute/v1/projects/project/global/images/image-1", }, }, }, @@ -226,13 +227,13 @@ func TestSetScalingGroupImage(t *testing.T) { scalingGroupID: "projects/project/zones/zone/instanceGroupManagers/instance-group", imageURI: "projects/project/global/images/image-2", instanceGroupManagerTemplateID: proto.String("projects/project/global/instanceTemplates/instance-template"), - instanceTemplate: &computepb.InstanceTemplate{ - Name: proto.String("instance-template"), - Properties: &computepb.InstanceProperties{ - Disks: []*computepb.AttachedDisk{ + instanceTemplate: &computeREST.InstanceTemplate{ + Name: "instance-template", + Properties: &computeREST.InstanceProperties{ + Disks: []*computeREST.AttachedDisk{ { - InitializeParams: &computepb.AttachedDiskInitializeParams{ - SourceImage: proto.String("https://www.googleapis.com/compute/v1/projects/project/global/images/image-1"), + InitializeParams: &computeREST.AttachedDiskInitializeParams{ + SourceImage: "https://www.googleapis.com/compute/v1/projects/project/global/images/image-1", }, }, }, @@ -245,13 +246,13 @@ func TestSetScalingGroupImage(t *testing.T) { scalingGroupID: "projects/project/zones/zone/instanceGroupManagers/instance-group", imageURI: "projects/project/global/images/image-2", instanceGroupManagerTemplateID: proto.String("projects/project/global/instanceTemplates/instance-template"), - instanceTemplate: &computepb.InstanceTemplate{ - Name: proto.String("instance-template"), - Properties: &computepb.InstanceProperties{ - Disks: []*computepb.AttachedDisk{ + instanceTemplate: &computeREST.InstanceTemplate{ + Name: "instance-template", + Properties: &computeREST.InstanceProperties{ + Disks: []*computeREST.AttachedDisk{ { - InitializeParams: &computepb.AttachedDiskInitializeParams{ - SourceImage: proto.String("https://www.googleapis.com/compute/v1/projects/project/global/images/image-1"), + InitializeParams: &computeREST.AttachedDiskInitializeParams{ + SourceImage: "https://www.googleapis.com/compute/v1/projects/project/global/images/image-1", }, }, }, @@ -445,8 +446,8 @@ func TestListScalingGroups(t *testing.T) { }, }, instanceTemplateAPI: &stubInstanceTemplateAPI{ - template: &computepb.InstanceTemplate{ - Properties: &computepb.InstanceProperties{ + template: &computeREST.InstanceTemplate{ + Properties: &computeREST.InstanceProperties{ Labels: tc.templateLabels, }, }, From 89eb8ca6aeea55bcfaf0d654dece84bd7cfdc14f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Wed, 18 Sep 2024 10:04:29 +0200 Subject: [PATCH 263/380] ci: check if CLI version supports `--subscriptionID` flag before using it (#3364) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- .github/actions/constellation_iam_create/action.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/actions/constellation_iam_create/action.yml b/.github/actions/constellation_iam_create/action.yml index 3bb062dc1..a6607d982 100644 --- a/.github/actions/constellation_iam_create/action.yml +++ b/.github/actions/constellation_iam_create/action.yml @@ -79,14 +79,19 @@ runs: shell: bash if: inputs.cloudProvider == 'azure' run: | + extraFlags="" + + if [[ $(constellation iam create azure --help | grep -c -- --subscriptionID) -ne 0 ]]; then + extraFlags="--subscriptionID=${{ inputs.azureSubscriptionID }}" + fi + constellation iam create azure \ - --subscriptionID="${{ inputs.azureSubscriptionID }}" \ --region="${{ inputs.azureRegion }}" \ --resourceGroup="${{ inputs.namePrefix }}-rg" \ --servicePrincipal="${{ inputs.namePrefix }}-sp" \ --update-config \ --tf-log=DEBUG \ - --yes + --yes ${extraFlags} - name: Constellation iam create gcp shell: bash From 850b460002b8973f72e3d5a2f195ac0be09a47ac Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Thu, 19 Sep 2024 10:55:21 +0200 Subject: [PATCH 264/380] helm: revert parts of CoreDNS Helm chart packaging (#3366) * Revert "helm: fix kubeadm bugs caused by CoreDNS installation (#3353)" This reverts commit 8ef5ea2efe48f44bc5cbdacc5bcd15511cc7440a. * Revert "helm: manage CoreDNS addon as Helm chart (#3236)" This reverts commit 97c77e2a78793a5519da7712ea87ef1475f7dc0c. * upgrade-agent: ignore CoreDNS preflight errors --- .../internal/kubernetes/k8sapi/k8sutil.go | 3 +- .../internal/kubernetes/kubernetes.go | 4 + cli/internal/cmd/apply.go | 4 - cli/internal/cmd/apply_test.go | 1 - cli/internal/cmd/applyhelm.go | 1 - cli/internal/cmd/init_test.go | 4 - cli/internal/cmd/upgradeapply_test.go | 4 - go.mod | 2 - go.sum | 196 ------------------ internal/constellation/helm.go | 15 -- internal/constellation/helm/BUILD.bazel | 9 - .../helm/charts/coredns/Chart.yaml | 3 - .../charts/coredns/templates/clusterrole.yaml | 23 -- .../coredns/templates/clusterrolebinding.yaml | 13 -- .../charts/coredns/templates/configmap.yaml | 28 --- .../charts/coredns/templates/deployment.yaml | 109 ---------- .../charts/coredns/templates/service.yaml | 33 --- .../coredns/templates/serviceaccount.yaml | 6 - .../helm/charts/coredns/values.yaml | 3 - .../constellation/helm/corednsgen/BUILD.bazel | 26 --- .../helm/corednsgen/corednsgen.go | 181 ---------------- internal/constellation/helm/helm.go | 4 +- internal/constellation/helm/helm_test.go | 1 - internal/constellation/helm/loader.go | 18 +- internal/constellation/helm/loader_test.go | 51 +---- internal/constellation/helm/overrides.go | 13 -- internal/kubernetes/kubectl/kubectl.go | 59 ++++++ .../internal/provider/cluster_resource.go | 5 - 28 files changed, 69 insertions(+), 750 deletions(-) delete mode 100644 internal/constellation/helm/charts/coredns/Chart.yaml delete mode 100644 internal/constellation/helm/charts/coredns/templates/clusterrole.yaml delete mode 100644 internal/constellation/helm/charts/coredns/templates/clusterrolebinding.yaml delete mode 100644 internal/constellation/helm/charts/coredns/templates/configmap.yaml delete mode 100644 internal/constellation/helm/charts/coredns/templates/deployment.yaml delete mode 100644 internal/constellation/helm/charts/coredns/templates/service.yaml delete mode 100644 internal/constellation/helm/charts/coredns/templates/serviceaccount.yaml delete mode 100644 internal/constellation/helm/charts/coredns/values.yaml delete mode 100644 internal/constellation/helm/corednsgen/BUILD.bazel delete mode 100644 internal/constellation/helm/corednsgen/corednsgen.go diff --git a/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go b/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go index d2ec6e78f..19713e00e 100644 --- a/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go +++ b/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go @@ -48,6 +48,7 @@ type Client interface { AddNodeSelectorsToDeployment(ctx context.Context, selectors map[string]string, name string, namespace string) error ListAllNamespaces(ctx context.Context) (*corev1.NamespaceList, error) AnnotateNode(ctx context.Context, nodeName, annotationKey, annotationValue string) error + EnforceCoreDNSSpread(ctx context.Context) error PatchFirstNodePodCIDR(ctx context.Context, firstNodePodCIDR string) error } @@ -149,7 +150,7 @@ func (k *KubernetesUtil) InitCluster( // initialize the cluster log.Info("Initializing the cluster using kubeadm init") - skipPhases := "--skip-phases=preflight,certs,addon/coredns" + skipPhases := "--skip-phases=preflight,certs" if !conformanceMode { skipPhases += ",addon/kube-proxy" } diff --git a/bootstrapper/internal/kubernetes/kubernetes.go b/bootstrapper/internal/kubernetes/kubernetes.go index 13c387d23..d4e916f0f 100644 --- a/bootstrapper/internal/kubernetes/kubernetes.go +++ b/bootstrapper/internal/kubernetes/kubernetes.go @@ -165,6 +165,10 @@ func (k *KubeWrapper) InitCluster( return nil, fmt.Errorf("waiting for Kubernetes API to be available: %w", err) } + if err := k.client.EnforceCoreDNSSpread(ctx); err != nil { + return nil, fmt.Errorf("configuring CoreDNS deployment: %w", err) + } + // Setup the K8s components ConfigMap. k8sComponentsConfigMap, err := k.setupK8sComponentsConfigMap(ctx, kubernetesComponents, versionString) if err != nil { diff --git a/cli/internal/cmd/apply.go b/cli/internal/cmd/apply.go index aba3aa378..f22e25a60 100644 --- a/cli/internal/cmd/apply.go +++ b/cli/internal/cmd/apply.go @@ -428,9 +428,6 @@ func (a *applyCmd) apply( if err := a.runHelmApply(cmd, conf, stateFile, upgradeDir); err != nil { return err } - if err := a.applier.CleanupCoreDNSResources(cmd.Context()); err != nil { - return fmt.Errorf("cleaning up CoreDNS: %w", err) - } } // Upgrade node image @@ -850,7 +847,6 @@ type applier interface { // methods required to install/upgrade Helm charts AnnotateCoreDNSResources(context.Context) error - CleanupCoreDNSResources(context.Context) error PrepareHelmCharts( flags helm.Options, state *state.State, serviceAccURI string, masterSecret uri.MasterSecret, ) (helm.Applier, bool, error) diff --git a/cli/internal/cmd/apply_test.go b/cli/internal/cmd/apply_test.go index 17c03f33f..33fe6ba90 100644 --- a/cli/internal/cmd/apply_test.go +++ b/cli/internal/cmd/apply_test.go @@ -554,7 +554,6 @@ func (s *stubConstellApplier) Init(context.Context, atls.Validator, *state.State type helmApplier interface { AnnotateCoreDNSResources(context.Context) error - CleanupCoreDNSResources(ctx context.Context) error PrepareHelmCharts( flags helm.Options, stateFile *state.State, serviceAccURI string, masterSecret uri.MasterSecret, ) ( diff --git a/cli/internal/cmd/applyhelm.go b/cli/internal/cmd/applyhelm.go index 9b6ba7d69..bd629d348 100644 --- a/cli/internal/cmd/applyhelm.go +++ b/cli/internal/cmd/applyhelm.go @@ -42,7 +42,6 @@ func (a *applyCmd) runHelmApply(cmd *cobra.Command, conf *config.Config, stateFi HelmWaitMode: a.flags.helmWaitMode, ApplyTimeout: a.flags.helmTimeout, AllowDestructive: helm.DenyDestructive, - ServiceCIDR: conf.ServiceCIDR, } if conf.Provider.OpenStack != nil { var deployYawolLoadBalancer bool diff --git a/cli/internal/cmd/init_test.go b/cli/internal/cmd/init_test.go index 568c31ff8..ccad3eb30 100644 --- a/cli/internal/cmd/init_test.go +++ b/cli/internal/cmd/init_test.go @@ -282,10 +282,6 @@ func (s stubHelmApplier) AnnotateCoreDNSResources(_ context.Context) error { return nil } -func (s stubHelmApplier) CleanupCoreDNSResources(_ context.Context) error { - return nil -} - func (s stubHelmApplier) PrepareHelmCharts( _ helm.Options, _ *state.State, _ string, _ uri.MasterSecret, ) (helm.Applier, bool, error) { diff --git a/cli/internal/cmd/upgradeapply_test.go b/cli/internal/cmd/upgradeapply_test.go index db4012596..8a4341c2c 100644 --- a/cli/internal/cmd/upgradeapply_test.go +++ b/cli/internal/cmd/upgradeapply_test.go @@ -379,10 +379,6 @@ func (m *mockApplier) AnnotateCoreDNSResources(_ context.Context) error { return nil } -func (m *mockApplier) CleanupCoreDNSResources(_ context.Context) error { - return nil -} - func (m *mockApplier) PrepareHelmCharts( helmOpts helm.Options, stateFile *state.State, str string, masterSecret uri.MasterSecret, ) (helm.Applier, bool, error) { diff --git a/go.mod b/go.mod index 85ff9a9c0..769aae5c9 100644 --- a/go.mod +++ b/go.mod @@ -192,8 +192,6 @@ require ( github.com/cloudflare/circl v1.3.7 // indirect github.com/containerd/containerd v1.7.12 // indirect github.com/containerd/log v0.1.0 // indirect - github.com/coredns/caddy v1.1.1 // indirect - github.com/coredns/corefile-migration v1.0.21 // indirect github.com/coreos/go-semver v0.3.1 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7 // indirect diff --git a/go.sum b/go.sum index f8c0d3c9b..db1ae1007 100644 --- a/go.sum +++ b/go.sum @@ -1,38 +1,26 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= -cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= -cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= -cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= cloud.google.com/go v0.115.1 h1:Jo0SM9cQnSkYfp44+v+NQXHpcHqlnRJk2qxh6yvxxxQ= cloud.google.com/go v0.115.1/go.mod h1:DuujITeaufu3gL68/lOFIirVNJwQeyf5UXyi+Wbgknc= cloud.google.com/go/auth v0.9.3 h1:VOEUIAADkkLtyfr3BLa3R8Ed/j6w1jTBmARx+wb5w5U= cloud.google.com/go/auth v0.9.3/go.mod h1:7z6VY+7h3KUdRov5F1i8NDP5ZzWKYmEPO842BgCsmTk= cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY= cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc= -cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/compute v1.28.0 h1:OPtBxMcheSS+DWfci803qvPly3d4w7Eu5ztKBcFfzwk= cloud.google.com/go/compute v1.28.0/go.mod h1:DEqZBtYrDnD5PvjsKwb3onnhX+qjdCVM7eshj1XdjV4= cloud.google.com/go/compute/metadata v0.5.0 h1:Zr0eK8JbFv6+Wi4ilXAR8FJ3wyNdpxHKJNPos6LTZOY= cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY= -cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= -cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= cloud.google.com/go/iam v1.2.0 h1:kZKMKVNk/IsSSc/udOb83K0hL/Yh/Gcqpz+oAkoIFN8= cloud.google.com/go/iam v1.2.0/go.mod h1:zITGuWgsLZxd8OwAlX+eMFgZDXzBm7icj1PVTYG766Q= cloud.google.com/go/kms v1.19.0 h1:x0OVJDl6UH1BSX4THKlMfdcFWoE4ruh90ZHuilZekrU= cloud.google.com/go/kms v1.19.0/go.mod h1:e4imokuPJUc17Trz2s6lEXFDt8bgDmvpVynH39bdrHM= cloud.google.com/go/longrunning v0.6.0 h1:mM1ZmaNsQsnb+5n1DNPeL0KwQd9jQRqSqSDEkBZr+aI= cloud.google.com/go/longrunning v0.6.0/go.mod h1:uHzSZqW89h7/pasCWNYdUpwGz3PcVWhrWupreVPYLts= -cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/secretmanager v1.14.0 h1:P2RRu2NEsQyOjplhUPvWKqzDXUKzwejHLuSUBHI8c4w= cloud.google.com/go/secretmanager v1.14.0/go.mod h1:q0hSFHzoW7eRgyYFH8trqEFavgrMeiJI4FETNN78vhM= -cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.43.0 h1:CcxnSohZwizt4LCzQHWvBf1/kvtHUn7gk9QERXPyXFs= cloud.google.com/go/storage v1.43.0/go.mod h1:ajvxEa7WmZS1PxvKRq4bq0tFT3vMd502JwstCcYv0Q0= dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= -dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU= @@ -94,7 +82,6 @@ github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0= github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= -github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU= github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU= github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ= @@ -112,7 +99,6 @@ github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migc github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/Microsoft/hcsshim v0.11.4 h1:68vKo2VN8DE9AdN4tnkWnmdhqdbpUFM8OF3Airm7fz8= github.com/Microsoft/hcsshim v0.11.4/go.mod h1:smjE4dvqPX9Zldna+t5FG3rnoHhaB7QYxPRqGcpAD9w= -github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/ProtonMail/go-crypto v1.1.0-alpha.2 h1:bkyFVUP+ROOARdgCiJzNQo2V2kiB97LyUpzH9P6Hrlg= github.com/ProtonMail/go-crypto v1.1.0-alpha.2/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs= @@ -126,9 +112,6 @@ github.com/alessio/shellescape v1.4.1/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPp github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec= github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY= github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= -github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= -github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= -github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= @@ -194,8 +177,6 @@ github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= -github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= @@ -213,7 +194,6 @@ github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3k github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk= @@ -233,21 +213,10 @@ github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= -github.com/coredns/caddy v1.1.0/go.mod h1:A6ntJQlAWuQfFlsd9hvigKbo2WS0VUs2l1e2F+BawD4= -github.com/coredns/caddy v1.1.1 h1:2eYKZT7i6yxIfGP3qLJoJ7HAsDJqYB+X68g4NYjSrE0= -github.com/coredns/caddy v1.1.1/go.mod h1:A6ntJQlAWuQfFlsd9hvigKbo2WS0VUs2l1e2F+BawD4= -github.com/coredns/corefile-migration v1.0.21 h1:W/DCETrHDiFo0Wj03EyMkaQ9fwsmSgqTCQDHpceaSsE= -github.com/coredns/corefile-migration v1.0.21/go.mod h1:XnhgULOEouimnzgn0t4WPuFDN2/PJQcTxdWKC5eXNGE= -github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= -github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= -github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4= github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= -github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= -github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4= github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= @@ -265,8 +234,6 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= -github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aBfCb7iqHmDEIp6fBvC/hQUddQfg+3qdYjwzaiP9Hnc= github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2/go.mod h1:WHNsWjnIn2V1LYOrME7e8KxSeKunYHsxEm4am0BUtcI= github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0= @@ -313,19 +280,16 @@ github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/foxboron/go-uefi v0.0.0-20240805124652-e2076f0e58ca h1:ErxkaWK5AIt8gQf3KpAuQQBdZI4ps72HzEe123kh+So= github.com/foxboron/go-uefi v0.0.0-20240805124652-e2076f0e58ca/go.mod h1:ffg/fkDeOYicEQLoO2yFFGt00KUTYVXI+rfnc8il6vQ= github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI= github.com/foxcpp/go-mockdns v1.0.0/go.mod h1:lgRN6+KxQBawyIghpnl5CezHFGS9VLzvtVlwxvzXTQ4= github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= -github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0= github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk= -github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/go-chi/chi v4.1.2+incompatible h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec= github.com/go-chi/chi v4.1.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= @@ -336,7 +300,6 @@ github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+ github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow= github.com/go-git/go-git/v5 v5.12.0 h1:7Md+ndsjrzZxbddRDZjF14qK+NN56sy6wkqaVrjZtys= github.com/go-git/go-git/v5 v5.12.0/go.mod h1:FTM9VKtnI2m65hNI/TenDDDnUf2Q9FHnXYjuz9i5OEY= -github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs= github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw= github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= @@ -404,7 +367,6 @@ github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5x github.com/gofrs/uuid/v5 v5.2.0 h1:qw1GMx6/y8vhVsx626ImfKMuS5CvJmhIKKtuyvfajMM= github.com/gofrs/uuid/v5 v5.2.0/go.mod h1:CDOjlDMVAtN56jqyRUZh58JT31Tiw7/oQyEXZV+9bD8= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= @@ -413,13 +375,10 @@ github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -437,8 +396,6 @@ github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/gomodule/redigo v1.8.2 h1:H5XSIre1MB5NbPYFp+i1NBbb5qN1W8Y8YAQoAYbkm8k= github.com/gomodule/redigo v1.8.2/go.mod h1:P9dn9mFrCBvWhGE1wpxx6fgq7BAeLBk+UUUzlpkBYO0= -github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU= github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= github.com/google/certificate-transparency-go v1.0.21/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg= @@ -478,15 +435,10 @@ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/logger v1.1.1 h1:+6Z2geNxc9G+4D4oDO9njjjn2d0wN5d7uOo0vOIW1NQ= github.com/google/logger v1.1.1/go.mod h1:BkeJZ+1FhQ+/d087r4dzojEg1u2ZX+ZqG1jTUrLM+zQ= -github.com/google/martian v2.1.0+incompatible h1:/CP5g8u/VJHijgedC/Legn3BAbAaWPgecwXBIDzw5no= -github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.3.3 h1:DIhPTQrbPkgs2yJYdXU/eNACCG5DVQjySNRNlflZ9Fc= github.com/google/martian/v3 v3.3.3/go.mod h1:iEPrYcgCF7jA9OtScMFQyAlZZ4YXTKEtJ1E6RWzmBA0= -github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= -github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= @@ -498,15 +450,12 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/enterprise-certificate-proxy v0.3.4 h1:XYIDZApgAnrN1c855gTgghdIA6Stxb52D5RnLI1SLyw= github.com/googleapis/enterprise-certificate-proxy v0.3.4/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA= -github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= -github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.13.0 h1:yitjD5f7jQHhyDsnhKEBU52NdvvdSeGzlAnDPT0hH1s= github.com/googleapis/gax-go/v2 v2.13.0/go.mod h1:Z/fvTZXF8/uw7Xu5GuslPw+bplx6SS338j1Is2S+B7A= github.com/gophercloud/gophercloud/v2 v2.1.0 h1:91p6c+uMckXyx39nSIYjDirDBnPVFQq0q1njLNPX+NY= github.com/gophercloud/gophercloud/v2 v2.1.0/go.mod h1:f2hMRC7Kakbv5vM7wSGHrIPZh6JZR60GVHryJlF/K44= github.com/gophercloud/utils/v2 v2.0.0-20240807081201-990d90b23c70 h1:UFRmN3w9eSxwHsOGjA3BiYGEBDUAFaHHv5alaMHbbFE= github.com/gophercloud/utils/v2 v2.0.0-20240807081201-990d90b23c70/go.mod h1:ZNbSKwPYzyQ7PKmlCvVdI2JvwVHsl/ZVVXnpJRNkLrQ= -github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4= github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q= github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= @@ -518,23 +467,17 @@ github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY= github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= -github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.1.0 h1:pRhl55Yx1eC7BZ1N+BBWwnKaMyD8uC+34TLdndZMAKk= github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.1.0/go.mod h1:XKMd7iuf/RGPSMJ/U4HP0zS2Z9Fh8Ps9a+6X26m/tmI= -github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= -github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0= github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k= -github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= -github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-checkpoint v0.5.0 h1:MFYpPZCnQqQTE18jFwSII6eUQrD/oxMFp3mlgcqk5mU= github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg= github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= -github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 h1:1/D3zfFHttUKaCaGKZ/dR2roBXv0vKbSCnssIldfQdI= @@ -542,7 +485,6 @@ github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320/go.mod h1:EiZBM github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= -github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-kms-wrapping/v2 v2.0.16 h1:WZeXfD26QMWYC35at25KgE021SF9L3u9UMHK8fJAdV0= github.com/hashicorp/go-kms-wrapping/v2 v2.0.16/go.mod h1:ZiKZctjRTLEppuRwrttWkp71VYMbTTCkazK4xT7U/NQ= github.com/hashicorp/go-kms-wrapping/wrappers/awskms/v2 v2.0.9 h1:qdxeZvDMRGZ3YSE4Oz0Pp7WUSUn5S6cWZguEOkEVL50= @@ -551,40 +493,27 @@ github.com/hashicorp/go-kms-wrapping/wrappers/azurekeyvault/v2 v2.0.11 h1:/7SKkY github.com/hashicorp/go-kms-wrapping/wrappers/azurekeyvault/v2 v2.0.11/go.mod h1:LepS5s6ESGE0qQMpYaui5lX+mQYeiYiy06VzwWRioO8= github.com/hashicorp/go-kms-wrapping/wrappers/gcpckms/v2 v2.0.12 h1:PCqWzT/Hii0KL07JsBZ3lJbv/wx02IAHYlhWQq8rxRY= github.com/hashicorp/go-kms-wrapping/wrappers/gcpckms/v2 v2.0.12/go.mod h1:HSaOaX/lv3ShCdilUYbOTPnSvmoZ9xtQhgw+8hYcZkg= -github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= -github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/go-plugin v1.6.0 h1:wgd4KxHJTVGGqWBq4QPB1i5BZNEx9BR8+OFmHDmTk8A= github.com/hashicorp/go-plugin v1.6.0/go.mod h1:lBS5MtSSBZk0SHc66KACcjjlU6WzEVP/8pwz68aMkCI= github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU= github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= -github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6 h1:W9WN8p6moV1fjKLkeqEgkAMu5rauy9QeYDAmIaPuuiA= github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6/go.mod h1:MpCPSPGLDILGb4JMm94/mMi3YysIqsXzGCzkEZjcjXg= -github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= -github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY= github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= -github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc= github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/hc-install v0.8.0 h1:LdpZeXkZYMQhoKPCecJHlKvUkQFixN/nvyR1CdfOLjI= github.com/hashicorp/hc-install v0.8.0/go.mod h1:+MwJYjDfCruSD/udvBmRB22Nlkwwkwf5sAB6uTIhSaU= -github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/hcl/v2 v2.21.0 h1:lve4q/o/2rqwYOgUg3y3V2YPyD1/zkCLGjIV74Jit14= github.com/hashicorp/hcl/v2 v2.21.0/go.mod h1:62ZYHrXgPoX8xBnzl8QzbWq4dyDsDtfCRgIq1rbJEvA= github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= -github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= -github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= -github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= github.com/hashicorp/terraform-exec v0.21.0 h1:uNkLAe95ey5Uux6KJdua6+cv8asgILFVWkd/RG0D2XQ= github.com/hashicorp/terraform-exec v0.21.0/go.mod h1:1PPeMYou+KDUSSeRE9szMZ/oHf4fYUmB923Wzbq1ICg= github.com/hashicorp/terraform-json v0.22.1 h1:xft84GZR0QzjPVWs4lRUwvTcPnegqlyS7orfb5Ltvec= @@ -617,7 +546,6 @@ github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM= github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= -github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= @@ -635,22 +563,18 @@ github.com/jmhodges/clock v1.2.0 h1:eq4kys+NI0PLngzaHEe7AmPT90XMGIEySD1JfV1PDIs= github.com/jmhodges/clock v1.2.0/go.mod h1:qKjhA7x7u/lQpPB1XAqX1b1lCI/w3/fNuYpI/ZjLynI= github.com/jmoiron/sqlx v1.3.5 h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g= github.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ= -github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= -github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/k0kubun/go-ansi v0.0.0-20180517002512-3bf9e2903213/go.mod h1:vNUNkEQ1e29fT/6vq2aBdFsgNPmy8qMdSay1npru+Sw= github.com/karrick/godirwalk v1.17.0 h1:b4kY7nqDdioR/6qnbHQyDvmA17u5G1cZ6J+CZXwSWoI= github.com/karrick/godirwalk v1.17.0/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk= github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= -github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= @@ -682,7 +606,6 @@ github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhn github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= github.com/lithammer/dedent v1.1.0 h1:VNzHMVCBNG1j0fh3OrsFRkVUwStdDArbgBWoPAffktY= github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z9BP0jIOc= -github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/markbates/errx v1.1.0 h1:QDFeR+UP95dO12JgW+tgi2UVfo0V8YBHiUIOaeBPiEI= @@ -691,14 +614,12 @@ github.com/markbates/oncer v1.0.0 h1:E83IaVAHygyndzPimgUYJjbshhDTALZyXxvk9FOlQRY github.com/markbates/oncer v1.0.0/go.mod h1:Z59JA581E9GP6w96jai+TGqafHPW+cPfRxz2aSZ0mcI= github.com/markbates/safe v1.0.1 h1:yjZkbvRM6IzKj9tlu/zMJLS0n/V351OZWRnF3QfaUxI= github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0= -github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= -github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= @@ -712,27 +633,19 @@ github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU= github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4= github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY= -github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db h1:62I3jR2EmQ4l5rM/4FEfDWcRD+abF5XlKShorW5LRoQ= github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db/go.mod h1:l0dey0ia/Uv7NcFFVbCLtqEBQbrT4OCwCSKTEv6enCw= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= -github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU= github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8= github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= -github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= -github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= -github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= @@ -780,10 +693,8 @@ github.com/opencontainers/image-spec v1.1.0-rc6 h1:XDqvyKsJEbRtATzkgItUqBA7QHk58 github.com/opencontainers/image-spec v1.1.0-rc6/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= -github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pborman/uuid v1.2.1 h1:+ZZIw58t/ozdjRaXh/3awHfmWRbzYxJoAdNJxe/3pvw= github.com/pborman/uuid v1.2.1/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= -github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI= @@ -793,16 +704,13 @@ github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFz github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/poy/onpar v1.1.2 h1:QaNrNiZx0+Nar5dLgTVp5mXkyoVFIbepjyEoGSnhbAY= github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjzg= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g= github.com/prometheus/client_golang v1.19.0 h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU= @@ -812,35 +720,27 @@ github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1: github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= -github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE= github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= -github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/regclient/regclient v0.7.1 h1:qEsJrTmZd98fZKjueAbrZCSNGU+ifnr6xjlSAs3WOPs= github.com/regclient/regclient v0.7.1/go.mod h1:+w/BFtJuw0h0nzIw/z2+1FuA2/dVXBzDq4rYmziJpMc= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= -github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= -github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/rubenv/sql-migrate v1.5.2 h1:bMDqOnrJVV/6JQgQ/MxOpU+AdO8uzYYA/TxFUBzFtS0= github.com/rubenv/sql-migrate v1.5.2/go.mod h1:H38GW8Vqf8F0Su5XignRyaRcbXbJunSWxs+kmzlg0Is= -github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/samber/lo v1.38.1 h1:j2XEAqXKb09Am4ebOg31SpvzUTTs6EN3VfgeLUhPdXM= github.com/samber/lo v1.38.1/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA= github.com/samber/slog-multi v1.2.0 h1:JIebVdmeGkCMd5/ticlmU+aDYl4tdAZBmp5uLaSzr0k= @@ -851,7 +751,6 @@ github.com/sassoftware/relic/v7 v7.6.2 h1:rS44Lbv9G9eXsukknS4mSjIAuuX+lMq/FnStgm github.com/sassoftware/relic/v7 v7.6.2/go.mod h1:kjmP0IBVkJZ6gXeAu35/KCEfca//+PKM6vTAsyDPY+k= github.com/schollz/progressbar/v3 v3.14.6 h1:GyjwcWBAf+GFDMLziwerKvpuS7ZF+mNTAXIB2aspiZs= github.com/schollz/progressbar/v3 v3.14.6/go.mod h1:Nrzpuw3Nl0srLY0VlTvC4V6RL50pcEymjy6qyJAaLa0= -github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/secure-systems-lab/go-securesystemslib v0.8.0 h1:mr5An6X45Kb2nddcFlbmfHkLguCE9laoZCUzEEpIZXA= github.com/secure-systems-lab/go-securesystemslib v0.8.0/go.mod h1:UH2VZVuJfCYR8WgMlCU1uFsOUU+KeyrTWcSS73NBOzU= github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= @@ -859,7 +758,6 @@ github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8= github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= -github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/siderolabs/talos/pkg/machinery v1.7.5 h1:M02UZSDfN0BB4bXhTYDjEmVvAIX1GsAS45cyKh6+HHU= github.com/siderolabs/talos/pkg/machinery v1.7.5/go.mod h1:OeamhNo92c3V96bddZNhcCgoRyzw2KWBtpma1lfchtg= github.com/sigstore/rekor v1.3.6 h1:QvpMMJVWAp69a3CHzdrLelqEqpTM3ByQRt5B5Kspbi8= @@ -871,25 +769,15 @@ github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/skeema/knownhosts v1.2.2 h1:Iug2P4fLmDw9f41PB6thxUkNUkJzB5i+1/exaj40L3A= github.com/skeema/knownhosts v1.2.2/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo= -github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= -github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= -github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= -github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= -github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY= -github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0= github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= -github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= -github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= -github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= @@ -907,14 +795,12 @@ github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/theupdateframework/go-tuf v0.7.0 h1:CqbQFrWo1ae3/I0UCblSbczevCCbS31Qvs5LdxRWqRI= github.com/theupdateframework/go-tuf v0.7.0/go.mod h1:uEB7WSY+7ZIugK6R1hiBMBjQftaFzn7ZCDJcp1tCUug= github.com/tink-crypto/tink-go/v2 v2.2.0 h1:L2Da0F2Udh2agtKztdr69mV/KpnY3/lGTkMgLTVIXlA= github.com/tink-crypto/tink-go/v2 v2.2.0/go.mod h1:JJ6PomeNPF3cJpfWC0lgyTES6zpJILkAX0cJNwlS3xU= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs= -github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/transparency-dev/merkle v0.0.2 h1:Q9nBoQcZcgPamMkGn7ghV8XiTZ/kRxn1yCG81+twTK4= github.com/transparency-dev/merkle v0.0.2/go.mod h1:pqSy+OXefQ1EDUVmAJ8MUhHB9TXGuzVAT58PqBoHz1A= github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc= @@ -939,7 +825,6 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHo github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74= github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= -github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ= github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -957,7 +842,6 @@ github.com/zclconf/go-cty v1.14.4 h1:uXXczd9QDGsgu0i/QFR/hzI5NYCHLf6NQw/atrbnhq8 github.com/zclconf/go-cty v1.14.4/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940 h1:4r45xpDWB6ZMSMNJFMOjqrGHynW3DIBuR2H9j0ug+Mo= github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940/go.mod h1:CmBdvvj3nqzfzJ6nTCIwDTPZ56aVGvDrmztiO5g3qrM= -go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/etcd/api/v3 v3.5.15 h1:3KpLJir1ZEBrYuV2v+Twaa/e2MdDCEZ/70H+lzEiwsk= go.etcd.io/etcd/api/v3 v3.5.15/go.mod h1:N9EhGzXq58WuMllgH9ZvnEr7SI9pS0k0+DHZezGp7jM= go.etcd.io/etcd/client/pkg/v3 v3.5.15 h1:fo0HpWz/KlHGMCC+YejpiCmyWDEuIpnTDzpJLB5fWlA= @@ -968,8 +852,6 @@ go.mongodb.org/mongo-driver v1.14.0 h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd go.mongodb.org/mongo-driver v1.14.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c= go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1 h1:A/5uWzF44DlIgdm/PQFwfMkW0JX+cIcQi/SwLAmZP5M= go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= -go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= -go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 h1:r6I7RJCN86bpD/FQwedZ0vSixDpwuWREjW9oRMsmqDc= @@ -992,20 +874,14 @@ go.opentelemetry.io/proto/otlp v1.2.0 h1:pVeZGk7nXDC9O2hncA6nHldxEjm6LByfA2aN8IO go.opentelemetry.io/proto/otlp v1.2.0/go.mod h1:gGpR8txAl5M03pDhMC79G6SdqNV26naRm/KDsgaHD8A= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= -go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= -go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= @@ -1016,25 +892,11 @@ golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDf golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A= golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= -golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= -golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= -golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= -golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= -golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= -golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= -golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= @@ -1043,17 +905,10 @@ golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0= golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -1069,14 +924,11 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo= golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1084,20 +936,12 @@ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1136,7 +980,6 @@ golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM= golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -1148,28 +991,13 @@ golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224= golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= -golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= -golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= @@ -1183,28 +1011,14 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= -google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.197.0 h1:x6CwqQLsFiA5JKAiGyGBjc2bNtHtLddhJCE2IKuhhcQ= google.golang.org/api v0.197.0/go.mod h1:AuOuo20GoQ331nq7DquGHlU6d+2wN2fZ8O0ta60nRNw= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= -google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 h1:BulPr26Jqjnd4eYDVe+YvyR7Yc2vJGkO5/0UxD0/jZU= google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:hL97c3SYopEHblzpxRL4lSs523++l8DYxGM1FQiYmb4= @@ -1213,8 +1027,6 @@ google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed/go. google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 h1:pPJltXNxVzT4pK9yD8vR9X75DaWYYmLGMsEvBfFQZzQ= google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= -google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= @@ -1242,14 +1054,10 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EV gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= -gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= @@ -1262,10 +1070,7 @@ gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= helm.sh/helm/v3 v3.15.3 h1:HcZDaVFe9uHa6hpsR54mJjYyRy4uz/pc6csg27nxFOc= helm.sh/helm/v3 v3.15.3/go.mod h1:FzSIP8jDQaa6WAVg9F+OkKz7J0ZmAga4MABtTbsb9WQ= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= k8s.io/api v0.30.3 h1:ImHwK9DCsPA9uoU3rVh4QHAHHK5dTSv1nxJUapx8hoQ= k8s.io/api v0.30.3/go.mod h1:GPc8jlzoe5JG3pb0KJCSLX5oAFIW3/qNJITlDj8BH04= k8s.io/apiextensions-apiserver v0.30.3 h1:oChu5li2vsZHx2IvnGP3ah8Nj3KyqG3kRSaKmijhB9U= @@ -1300,7 +1105,6 @@ libvirt.org/go/libvirt v1.10005.0 h1:KQv+SZNQvHJOG7B34TI2hyKnKW6hpXTEJFHUerYuGNI libvirt.org/go/libvirt v1.10005.0/go.mod h1:1WiFE8EjZfq+FCVog+rvr1yatKbKZ9FaFMZgEqxEJqQ= oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo= oras.land/oras-go v1.2.5/go.mod h1:PuAwRShRZCsZb7g8Ar3jKKQR/2A/qN+pkYxIOd/FAoo= -rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= sigs.k8s.io/controller-runtime v0.18.4 h1:87+guW1zhvuPLh1PHybKdYFLU0YJp4FhJRmiHvm5BZw= sigs.k8s.io/controller-runtime v0.18.4/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= diff --git a/internal/constellation/helm.go b/internal/constellation/helm.go index ed1345459..4551e6ef4 100644 --- a/internal/constellation/helm.go +++ b/internal/constellation/helm.go @@ -60,21 +60,6 @@ func (a *Applier) AnnotateCoreDNSResources(ctx context.Context) error { return nil } -// CleanupCoreDNSResources removes CoreDNS resources that are not managed by Helm. -// -// This is only required when CoreDNS was installed by kubeadm directly. -// TODO(burgerdev): remove after v2.19 is released. -func (a *Applier) CleanupCoreDNSResources(ctx context.Context) error { - err := a.dynamicClient. - Resource(schema.GroupVersionResource{Group: "", Version: "v1", Resource: "configmaps"}). - Namespace("kube-system"). - Delete(ctx, "coredns", v1.DeleteOptions{}) - if !k8serrors.IsNotFound(err) { - return err - } - return nil -} - // PrepareHelmCharts loads Helm charts for Constellation and returns an executor to apply them. func (a *Applier) PrepareHelmCharts( flags helm.Options, state *state.State, serviceAccURI string, masterSecret uri.MasterSecret, diff --git a/internal/constellation/helm/BUILD.bazel b/internal/constellation/helm/BUILD.bazel index 928681b90..8ab09ef41 100644 --- a/internal/constellation/helm/BUILD.bazel +++ b/internal/constellation/helm/BUILD.bazel @@ -465,14 +465,6 @@ go_library( "charts/cert-manager/templates/cainjector-config.yaml", "charts/cert-manager/templates/extras-objects.yaml", "charts/cert-manager/templates/podmonitor.yaml", - "charts/coredns/Chart.yaml", - "charts/coredns/values.yaml", - "charts/coredns/templates/clusterrole.yaml", - "charts/coredns/templates/clusterrolebinding.yaml", - "charts/coredns/templates/configmap.yaml", - "charts/coredns/templates/deployment.yaml", - "charts/coredns/templates/service.yaml", - "charts/coredns/templates/serviceaccount.yaml", ], importpath = "github.com/edgelesssys/constellation/v2/internal/constellation/helm", visibility = ["//:__subpackages__"], @@ -500,7 +492,6 @@ go_library( "@io_k8s_client_go//restmapper", "@io_k8s_client_go//tools/clientcmd", "@io_k8s_client_go//util/retry", - "@io_k8s_kubernetes//cmd/kubeadm/app/constants", "@sh_helm_helm_v3//pkg/action", "@sh_helm_helm_v3//pkg/chart", "@sh_helm_helm_v3//pkg/chart/loader", diff --git a/internal/constellation/helm/charts/coredns/Chart.yaml b/internal/constellation/helm/charts/coredns/Chart.yaml deleted file mode 100644 index bd531acd7..000000000 --- a/internal/constellation/helm/charts/coredns/Chart.yaml +++ /dev/null @@ -1,3 +0,0 @@ -apiVersion: v2 -name: kube-dns -version: 0.0.0 diff --git a/internal/constellation/helm/charts/coredns/templates/clusterrole.yaml b/internal/constellation/helm/charts/coredns/templates/clusterrole.yaml deleted file mode 100644 index 13d284c3c..000000000 --- a/internal/constellation/helm/charts/coredns/templates/clusterrole.yaml +++ /dev/null @@ -1,23 +0,0 @@ - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: system:coredns -rules: -- apiGroups: - - "" - resources: - - endpoints - - services - - pods - - namespaces - verbs: - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch diff --git a/internal/constellation/helm/charts/coredns/templates/clusterrolebinding.yaml b/internal/constellation/helm/charts/coredns/templates/clusterrolebinding.yaml deleted file mode 100644 index ab35291a1..000000000 --- a/internal/constellation/helm/charts/coredns/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,13 +0,0 @@ - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: system:coredns -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:coredns -subjects: -- kind: ServiceAccount - name: coredns - namespace: kube-system diff --git a/internal/constellation/helm/charts/coredns/templates/configmap.yaml b/internal/constellation/helm/charts/coredns/templates/configmap.yaml deleted file mode 100644 index 58a48a318..000000000 --- a/internal/constellation/helm/charts/coredns/templates/configmap.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -data: - Corefile: | - .:53 { - errors - health { - lameduck 5s - } - ready - kubernetes {{ .Values.dnsDomain }} in-addr.arpa ip6.arpa { - pods insecure - fallthrough in-addr.arpa ip6.arpa - ttl 30 - } - prometheus :9153 - forward . /etc/resolv.conf { - max_concurrent 1000 - } - cache 30 - loop - reload - loadbalance - } -kind: ConfigMap -metadata: - creationTimestamp: null - name: edg-coredns - namespace: kube-system diff --git a/internal/constellation/helm/charts/coredns/templates/deployment.yaml b/internal/constellation/helm/charts/coredns/templates/deployment.yaml deleted file mode 100644 index b7fd735df..000000000 --- a/internal/constellation/helm/charts/coredns/templates/deployment.yaml +++ /dev/null @@ -1,109 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - creationTimestamp: null - labels: - k8s-app: kube-dns - name: coredns - namespace: kube-system -spec: - replicas: 2 - selector: - matchLabels: - k8s-app: kube-dns - strategy: - rollingUpdate: - maxUnavailable: 1 - type: RollingUpdate - template: - metadata: - creationTimestamp: null - labels: - k8s-app: kube-dns - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: k8s-app - operator: In - values: - - kube-dns - topologyKey: kubernetes.io/hostname - weight: 100 - containers: - - args: - - -conf - - /etc/coredns/Corefile - image: '{{ .Values.image }}' - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 5 - httpGet: - path: /health - port: 8080 - scheme: HTTP - initialDelaySeconds: 60 - successThreshold: 1 - timeoutSeconds: 5 - name: coredns - ports: - - containerPort: 53 - name: dns - protocol: UDP - - containerPort: 53 - name: dns-tcp - protocol: TCP - - containerPort: 9153 - name: metrics - protocol: TCP - readinessProbe: - httpGet: - path: /ready - port: 8181 - scheme: HTTP - resources: - limits: - memory: 170Mi - requests: - cpu: 100m - memory: 70Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /etc/coredns - name: config-volume - readOnly: true - dnsPolicy: Default - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-cluster-critical - serviceAccountName: coredns - tolerations: - - key: CriticalAddonsOnly - operator: Exists - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - - effect: NoSchedule - key: node.cloudprovider.kubernetes.io/uninitialized - value: "true" - - effect: NoExecute - key: node.kubernetes.io/unreachable - operator: Exists - tolerationSeconds: 10 - volumes: - - configMap: - items: - - key: Corefile - path: Corefile - name: edg-coredns - name: config-volume -status: {} diff --git a/internal/constellation/helm/charts/coredns/templates/service.yaml b/internal/constellation/helm/charts/coredns/templates/service.yaml deleted file mode 100644 index ba243aa19..000000000 --- a/internal/constellation/helm/charts/coredns/templates/service.yaml +++ /dev/null @@ -1,33 +0,0 @@ - -apiVersion: v1 -kind: Service -metadata: - labels: - k8s-app: kube-dns - kubernetes.io/cluster-service: "true" - kubernetes.io/name: "CoreDNS" - name: kube-dns - namespace: kube-system - annotations: - prometheus.io/port: "9153" - prometheus.io/scrape: "true" - # Without this resourceVersion value, an update of the Service between versions will yield: - # Service "kube-dns" is invalid: metadata.resourceVersion: Invalid value: "": must be specified for an update - resourceVersion: "0" -spec: - clusterIP: "{{ .Values.clusterIP }}" - ports: - - name: dns - port: 53 - protocol: UDP - targetPort: 53 - - name: dns-tcp - port: 53 - protocol: TCP - targetPort: 53 - - name: metrics - port: 9153 - protocol: TCP - targetPort: 9153 - selector: - k8s-app: kube-dns diff --git a/internal/constellation/helm/charts/coredns/templates/serviceaccount.yaml b/internal/constellation/helm/charts/coredns/templates/serviceaccount.yaml deleted file mode 100644 index 937b99fa5..000000000 --- a/internal/constellation/helm/charts/coredns/templates/serviceaccount.yaml +++ /dev/null @@ -1,6 +0,0 @@ - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: coredns - namespace: kube-system diff --git a/internal/constellation/helm/charts/coredns/values.yaml b/internal/constellation/helm/charts/coredns/values.yaml deleted file mode 100644 index 85986b74a..000000000 --- a/internal/constellation/helm/charts/coredns/values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -clusterIP: 10.96.0.10 -dnsDomain: cluster.local -image: registry.k8s.io/coredns/coredns:v1.11.1@sha256:1eeb4c7316bacb1d4c8ead65571cd92dd21e27359f0d4917f1a5822a73b75db1 diff --git a/internal/constellation/helm/corednsgen/BUILD.bazel b/internal/constellation/helm/corednsgen/BUILD.bazel deleted file mode 100644 index 4dbc61a61..000000000 --- a/internal/constellation/helm/corednsgen/BUILD.bazel +++ /dev/null @@ -1,26 +0,0 @@ -load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") - -go_library( - name = "corednsgen_lib", - srcs = ["corednsgen.go"], - importpath = "github.com/edgelesssys/constellation/v2/internal/constellation/helm/corednsgen", - visibility = ["//visibility:private"], - deps = [ - "//internal/versions", - "@com_github_regclient_regclient//:regclient", - "@com_github_regclient_regclient//types/ref", - "@io_k8s_api//apps/v1:apps", - "@io_k8s_api//core/v1:core", - "@io_k8s_kubernetes//cmd/kubeadm/app/apis/kubeadm", - "@io_k8s_kubernetes//cmd/kubeadm/app/images", - "@io_k8s_kubernetes//cmd/kubeadm/app/phases/addons/dns", - "@io_k8s_kubernetes//cmd/kubeadm/app/util", - "@io_k8s_sigs_yaml//:yaml", - ], -) - -go_binary( - name = "corednsgen", - embed = [":corednsgen_lib"], - visibility = ["//:__subpackages__"], -) diff --git a/internal/constellation/helm/corednsgen/corednsgen.go b/internal/constellation/helm/corednsgen/corednsgen.go deleted file mode 100644 index 5c7bc08f2..000000000 --- a/internal/constellation/helm/corednsgen/corednsgen.go +++ /dev/null @@ -1,181 +0,0 @@ -/* -Copyright (c) Edgeless Systems GmbH - -SPDX-License-Identifier: AGPL-3.0-only -*/ - -// corednsgen synthesizes a Helm chart from the resource templates embedded in -// kubeadm and writes it to the `charts` directory underneath the current -// working directory. This removes the existing `coredns` subdirectory! -package main - -import ( - "context" - "flag" - "fmt" - "log" - "os" - "path/filepath" - - "github.com/edgelesssys/constellation/v2/internal/versions" - "github.com/regclient/regclient" - "github.com/regclient/regclient/types/ref" - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm" - "k8s.io/kubernetes/cmd/kubeadm/app/images" - kubedns "k8s.io/kubernetes/cmd/kubeadm/app/phases/addons/dns" - kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util" - "sigs.k8s.io/yaml" -) - -const configMapName = "edg-coredns" - -var chartDir = flag.String("charts", "./charts", "target directory to create charts in") - -func main() { - flag.Parse() - - if err := os.RemoveAll(filepath.Join(*chartDir, "coredns")); err != nil { - log.Fatalf("Could not remove chart dir: %v", err) - } - - writeFileRelativeToChartDir(chartYAML(), "Chart.yaml") - writeFileRelativeToChartDir(valuesYAML(), "values.yaml") - - writeTemplate(kubedns.CoreDNSServiceAccount, "serviceaccount.yaml") - writeTemplate(kubedns.CoreDNSClusterRole, "clusterrole.yaml") - writeTemplate(kubedns.CoreDNSClusterRoleBinding, "clusterrolebinding.yaml") - writeTemplate(kubedns.CoreDNSService, "service.yaml") - - writeFileRelativeToChartDir(patchedConfigMap(), "templates", "configmap.yaml") - writeFileRelativeToChartDir(patchedDeployment(), "templates", "deployment.yaml") -} - -func chartYAML() []byte { - chart := map[string]string{ - "apiVersion": "v2", - "name": "kube-dns", - "version": "0.0.0", - } - data, err := yaml.Marshal(chart) - if err != nil { - log.Fatalf("Could not marshal Chart.yaml: %v", err) - } - return data -} - -func valuesYAML() []byte { - cfg := &kubeadm.ClusterConfiguration{ - KubernetesVersion: string(versions.Default), - ImageRepository: "registry.k8s.io", - } - img := images.GetDNSImage(cfg) - ref, err := ref.New(img) - if err != nil { - log.Fatalf("Could not parse image reference: %v", err) - } - - rc := regclient.New() - m, err := rc.ManifestGet(context.Background(), ref) - if err != nil { - log.Fatalf("Could not get image manifest: %v", err) - } - - values := map[string]string{ - "clusterIP": "10.96.0.10", - "dnsDomain": "cluster.local", - "image": fmt.Sprintf("%s/%s:%s@%s", ref.Registry, ref.Repository, ref.Tag, m.GetDescriptor().Digest.String()), - } - data, err := yaml.Marshal(values) - if err != nil { - log.Fatalf("Could not marshal values.yaml: %v", err) - } - return data -} - -// patchedConfigMap renames the CoreDNS ConfigMap such that kubeadm does not find it. -// -// See https://github.com/kubernetes/kubeadm/issues/2846#issuecomment-1899942683. -func patchedConfigMap() []byte { - var cm corev1.ConfigMap - if err := yaml.Unmarshal(parseTemplate(kubedns.CoreDNSConfigMap), &cm); err != nil { - log.Fatalf("Could not parse configmap: %v", err) - } - - cm.Name = configMapName - - out, err := yaml.Marshal(cm) - if err != nil { - log.Fatalf("Could not marshal patched deployment: %v", err) - } - return out -} - -// patchedDeployment extracts the CoreDNS Deployment from kubeadm, adds necessary tolerations and updates the ConfigMap reference. -func patchedDeployment() []byte { - var d appsv1.Deployment - if err := yaml.Unmarshal(parseTemplate(kubedns.CoreDNSDeployment), &d); err != nil { - log.Fatalf("Could not parse deployment: %v", err) - } - - tolerations := []corev1.Toleration{ - {Key: "node.cloudprovider.kubernetes.io/uninitialized", Value: "true", Effect: corev1.TaintEffectNoSchedule}, - {Key: "node.kubernetes.io/unreachable", Operator: corev1.TolerationOpExists, Effect: corev1.TaintEffectNoExecute, TolerationSeconds: toPtr(int64(10))}, - } - d.Spec.Template.Spec.Tolerations = append(d.Spec.Template.Spec.Tolerations, tolerations...) - - for i, vol := range d.Spec.Template.Spec.Volumes { - if vol.ConfigMap != nil { - vol.ConfigMap.Name = configMapName - } - d.Spec.Template.Spec.Volumes[i] = vol - } - - out, err := yaml.Marshal(d) - if err != nil { - log.Fatalf("Could not marshal patched deployment: %v", err) - } - return out -} - -func writeFileRelativeToChartDir(content []byte, pathElements ...string) { - p := filepath.Join(append([]string{*chartDir, "coredns"}, pathElements...)...) - d := filepath.Dir(p) - if err := os.MkdirAll(d, 0o755); err != nil { - log.Fatalf("Could not create dir %q: %v", d, err) - } - if err := os.WriteFile(p, content, 0o644); err != nil { - log.Fatalf("Could not write file %q: %v", p, err) - } -} - -// parseTemplate replaces the Go template placeholders in kubeadm resources -// with fixed values or Helm value placeholders. -func parseTemplate(tmpl string) []byte { - vars := struct { - DeploymentName, Image, ControlPlaneTaintKey, DNSDomain, DNSIP string - Replicas *int32 - }{ - DeploymentName: "coredns", - DNSDomain: `{{ .Values.dnsDomain }}`, - DNSIP: `"{{ .Values.clusterIP }}"`, - Image: `"{{ .Values.image }}"`, - ControlPlaneTaintKey: "node-role.kubernetes.io/control-plane", - Replicas: toPtr(int32(2)), - } - data, err := kubeadmutil.ParseTemplate(tmpl, vars) - if err != nil { - log.Fatalf("Could not interpolate template: %v", err) - } - return data -} - -func writeTemplate(tmpl string, name string) { - data := parseTemplate(tmpl) - writeFileRelativeToChartDir(data, "templates", name) -} - -func toPtr[T any](v T) *T { - return &v -} diff --git a/internal/constellation/helm/helm.go b/internal/constellation/helm/helm.go index 474044138..dcc994c6c 100644 --- a/internal/constellation/helm/helm.go +++ b/internal/constellation/helm/helm.go @@ -91,7 +91,6 @@ type Options struct { HelmWaitMode WaitMode ApplyTimeout time.Duration OpenStackValues *OpenStackValues - ServiceCIDR string } // PrepareApply loads the charts and returns the executor to apply them. @@ -115,8 +114,7 @@ func (h Client) loadReleases( ) ([]release, error) { helmLoader := newLoader(flags.CSP, flags.AttestationVariant, flags.K8sVersion, stateFile, h.cliVersion) h.log.Debug("Created new Helm loader") - // TODO(burgerdev): pass down the entire flags struct - return helmLoader.loadReleases(flags.Conformance, flags.DeployCSIDriver, flags.HelmWaitMode, secret, serviceAccURI, flags.OpenStackValues, flags.ServiceCIDR) + return helmLoader.loadReleases(flags.Conformance, flags.DeployCSIDriver, flags.HelmWaitMode, secret, serviceAccURI, flags.OpenStackValues) } // Applier runs the Helm actions. diff --git a/internal/constellation/helm/helm_test.go b/internal/constellation/helm/helm_test.go index 65dfb3396..f9af7bafa 100644 --- a/internal/constellation/helm/helm_test.go +++ b/internal/constellation/helm/helm_test.go @@ -199,7 +199,6 @@ func TestHelmApply(t *testing.T) { certManagerVersion = *tc.clusterCertManagerVersion } helmListVersion(lister, "cilium", "v1.15.5-edg.1") - helmListVersion(lister, "coredns", "v0.0.0") helmListVersion(lister, "cert-manager", certManagerVersion) helmListVersion(lister, "constellation-services", tc.clusterMicroServiceVersion) helmListVersion(lister, "constellation-operators", tc.clusterMicroServiceVersion) diff --git a/internal/constellation/helm/loader.go b/internal/constellation/helm/loader.go index da87308ad..09b83cd68 100644 --- a/internal/constellation/helm/loader.go +++ b/internal/constellation/helm/loader.go @@ -31,7 +31,6 @@ import ( // Run `go generate` to download (and patch) upstream helm charts. //go:generate ./generateCilium.sh -//go:generate go run ./corednsgen/ //go:generate ./update-csi-charts.sh //go:generate ./generateCertManager.sh //go:generate ./update-aws-load-balancer-chart.sh @@ -47,7 +46,6 @@ type chartInfo struct { var ( // Charts we fetch from an upstream with real versions. - coreDNSInfo = chartInfo{releaseName: "coredns", chartName: "coredns", path: "charts/coredns"} ciliumInfo = chartInfo{releaseName: "cilium", chartName: "cilium", path: "charts/cilium"} certManagerInfo = chartInfo{releaseName: "cert-manager", chartName: "cert-manager", path: "charts/cert-manager"} awsLBControllerInfo = chartInfo{releaseName: "aws-load-balancer-controller", chartName: "aws-load-balancer-controller", path: "charts/aws-load-balancer-controller"} @@ -126,7 +124,7 @@ type OpenStackValues struct { // loadReleases loads the embedded helm charts and returns them as a HelmReleases object. func (i *chartLoader) loadReleases(conformanceMode, deployCSIDriver bool, helmWaitMode WaitMode, masterSecret uri.MasterSecret, - serviceAccURI string, openStackValues *OpenStackValues, serviceCIDR string, + serviceAccURI string, openStackValues *OpenStackValues, ) (releaseApplyOrder, error) { ciliumRelease, err := i.loadRelease(ciliumInfo, helmWaitMode) if err != nil { @@ -135,16 +133,6 @@ func (i *chartLoader) loadReleases(conformanceMode, deployCSIDriver bool, helmWa ciliumVals := extraCiliumValues(i.csp, conformanceMode, i.stateFile.Infrastructure) ciliumRelease.values = mergeMaps(ciliumRelease.values, ciliumVals) - coreDNSRelease, err := i.loadRelease(coreDNSInfo, helmWaitMode) - if err != nil { - return nil, fmt.Errorf("loading coredns: %w", err) - } - coreDNSVals, err := extraCoreDNSValues(serviceCIDR) - if err != nil { - return nil, fmt.Errorf("loading coredns values: %w", err) - } - coreDNSRelease.values = mergeMaps(coreDNSRelease.values, coreDNSVals) - certManagerRelease, err := i.loadRelease(certManagerInfo, helmWaitMode) if err != nil { return nil, fmt.Errorf("loading cert-manager: %w", err) @@ -168,7 +156,7 @@ func (i *chartLoader) loadReleases(conformanceMode, deployCSIDriver bool, helmWa } conServicesRelease.values = mergeMaps(conServicesRelease.values, svcVals) - releases := releaseApplyOrder{ciliumRelease, coreDNSRelease, conServicesRelease, certManagerRelease, operatorRelease} + releases := releaseApplyOrder{ciliumRelease, conServicesRelease, certManagerRelease, operatorRelease} if deployCSIDriver { csiRelease, err := i.loadRelease(csiInfo, WaitModeNone) if err != nil { @@ -236,8 +224,6 @@ func (i *chartLoader) loadRelease(info chartInfo, helmWaitMode WaitMode) (releas values = i.loadAWSLBControllerValues() case csiInfo.releaseName: values = i.loadCSIValues() - default: - values = map[string]any{} } // Charts we package ourselves have version 0.0.0. diff --git a/internal/constellation/helm/loader_test.go b/internal/constellation/helm/loader_test.go index 765bbf221..762f544b3 100644 --- a/internal/constellation/helm/loader_test.go +++ b/internal/constellation/helm/loader_test.go @@ -94,7 +94,7 @@ func TestLoadReleases(t *testing.T) { helmReleases, err := chartLoader.loadReleases( true, false, WaitModeAtomic, uri.MasterSecret{Key: []byte("secret"), Salt: []byte("masterSalt")}, - fakeServiceAccURI(cloudprovider.GCP), nil, "172.16.128.0/17", + fakeServiceAccURI(cloudprovider.GCP), nil, ) require.NoError(err) for _, release := range helmReleases { @@ -260,55 +260,6 @@ func TestConstellationServices(t *testing.T) { } } -func TestExtraCoreDNSValues(t *testing.T) { - testCases := map[string]struct { - cidr string - wantIP string - wantUnset bool - wantErr bool - }{ - "default": { - cidr: "10.96.0.0/12", - wantIP: "10.96.0.10", - }, - "custom": { - cidr: "172.16.128.0/17", - wantIP: "172.16.128.10", - }, - "too small": { - cidr: "172.16.0.0/30", - wantErr: true, - }, - "bad ip": { - cidr: "cluster.local", - wantErr: true, - }, - "v6": { - cidr: "fd12:3456:789a:100::/56", - wantIP: "fd12:3456:789a:100::a", - }, - "no ip": { - wantUnset: true, - }, - } - - for name, tc := range testCases { - t.Run(name, func(t *testing.T) { - values, err := extraCoreDNSValues(tc.cidr) - if tc.wantErr { - assert.Error(t, err) - return - } - ip, ok := values["clusterIP"] - if tc.wantUnset { - assert.False(t, ok) - return - } - assert.Equal(t, tc.wantIP, ip) - }) - } -} - // TestOperators checks if the rendered constellation-services chart produces the expected yaml files. func TestOperators(t *testing.T) { testCases := map[string]struct { diff --git a/internal/constellation/helm/overrides.go b/internal/constellation/helm/overrides.go index deb515909..c1e1d6c92 100644 --- a/internal/constellation/helm/overrides.go +++ b/internal/constellation/helm/overrides.go @@ -21,21 +21,8 @@ import ( "github.com/edgelesssys/constellation/v2/internal/constants" "github.com/edgelesssys/constellation/v2/internal/constellation/state" "github.com/edgelesssys/constellation/v2/internal/kms/uri" - kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants" ) -func extraCoreDNSValues(serviceCIDR string) (map[string]any, error) { - if serviceCIDR == "" { - return map[string]any{}, nil - } - ip, err := kubeadmconstants.GetDNSIP(serviceCIDR) - if err != nil { - return nil, fmt.Errorf("calculating DNS service IP: %w", err) - } - - return map[string]any{"clusterIP": ip.String()}, nil -} - // TODO(malt3): switch over to DNS name on AWS and Azure // soon as every apiserver certificate of every control-plane node // has the dns endpoint in its SAN list. diff --git a/internal/kubernetes/kubectl/kubectl.go b/internal/kubernetes/kubectl/kubectl.go index dae2e2db6..f61488082 100644 --- a/internal/kubernetes/kubectl/kubectl.go +++ b/internal/kubernetes/kubectl/kubectl.go @@ -188,6 +188,65 @@ func (k *Kubectl) PatchFirstNodePodCIDR(ctx context.Context, firstNodePodCIDR st return err } +// EnforceCoreDNSSpread adds a pod anti-affinity to the CoreDNS deployment to ensure that +// CoreDNS pods are spread across nodes. +func (k *Kubectl) EnforceCoreDNSSpread(ctx context.Context) error { + // allow CoreDNS Pods to run on uninitialized nodes, which is required by cloud-controller-manager + tolerationSeconds := int64(10) + tolerations := []corev1.Toleration{ + { + Key: "node.cloudprovider.kubernetes.io/uninitialized", + Value: "true", + Effect: corev1.TaintEffectNoSchedule, + }, + { + Key: "node.kubernetes.io/unreachable", + Operator: corev1.TolerationOpExists, + Effect: corev1.TaintEffectNoExecute, + TolerationSeconds: &tolerationSeconds, + }, + } + + deployments := k.AppsV1().Deployments("kube-system") + // retry resource update if an error occurs + return retry.RetryOnConflict(retry.DefaultRetry, func() error { + result, err := deployments.Get(ctx, "coredns", metav1.GetOptions{}) + if err != nil { + return fmt.Errorf("failed to get Deployment to add toleration: %w", err) + } + + result.Spec.Template.Spec.Tolerations = append(result.Spec.Template.Spec.Tolerations, tolerations...) + + if result.Spec.Template.Spec.Affinity == nil { + result.Spec.Template.Spec.Affinity = &corev1.Affinity{} + } + if result.Spec.Template.Spec.Affinity.PodAntiAffinity == nil { + result.Spec.Template.Spec.Affinity.PodAntiAffinity = &corev1.PodAntiAffinity{} + } + result.Spec.Template.Spec.Affinity.PodAntiAffinity.PreferredDuringSchedulingIgnoredDuringExecution = []corev1.WeightedPodAffinityTerm{} + if result.Spec.Template.Spec.Affinity.PodAntiAffinity.RequiredDuringSchedulingIgnoredDuringExecution == nil { + result.Spec.Template.Spec.Affinity.PodAntiAffinity.RequiredDuringSchedulingIgnoredDuringExecution = []corev1.PodAffinityTerm{} + } + + result.Spec.Template.Spec.Affinity.PodAntiAffinity.RequiredDuringSchedulingIgnoredDuringExecution = append(result.Spec.Template.Spec.Affinity.PodAntiAffinity.RequiredDuringSchedulingIgnoredDuringExecution, + corev1.PodAffinityTerm{ + LabelSelector: &metav1.LabelSelector{ + MatchExpressions: []metav1.LabelSelectorRequirement{ + { + Key: "k8s-app", + Operator: metav1.LabelSelectorOpIn, + Values: []string{"kube-dns"}, + }, + }, + }, + TopologyKey: "kubernetes.io/hostname", + }) + + _, err = deployments.Update(ctx, result, metav1.UpdateOptions{}) + return err + }) +} + // AddNodeSelectorsToDeployment adds [K8s selectors] to the deployment, identified // by name and namespace. // diff --git a/terraform-provider-constellation/internal/provider/cluster_resource.go b/terraform-provider-constellation/internal/provider/cluster_resource.go index 978771e83..01aa6615b 100644 --- a/terraform-provider-constellation/internal/provider/cluster_resource.go +++ b/terraform-provider-constellation/internal/provider/cluster_resource.go @@ -1311,11 +1311,6 @@ func (r *ClusterResource) applyHelmCharts(ctx context.Context, applier *constell diags.AddError("Applying Helm charts", err.Error()) return diags } - - if err := applier.CleanupCoreDNSResources(ctx); err != nil { - diags.AddError("Cleaning up CoreDNS resources", err.Error()) - return diags - } return diags } From 681393ef28414dd91007756eae308d368cd05805 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 19 Sep 2024 13:23:09 +0200 Subject: [PATCH 265/380] deps: update distroless_static Docker digest to b033683 (#3367) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- bazel/toolchains/container_images.bzl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bazel/toolchains/container_images.bzl b/bazel/toolchains/container_images.bzl index 745137865..38e7bc04b 100644 --- a/bazel/toolchains/container_images.bzl +++ b/bazel/toolchains/container_images.bzl @@ -7,7 +7,7 @@ load("@rules_oci//oci:pull.bzl", "oci_pull") def containter_image_deps(): oci_pull( name = "distroless_static", - digest = "sha256:95eb83a44a62c1c27e5f0b38d26085c486d71ece83dd64540b7209536bb13f6d", + digest = "sha256:b033683de7de51d8cce5aa4b47c1b9906786f6256017ca8b17b2551947fcf6d8", image = "gcr.io/distroless/static", platforms = [ "linux/amd64", From 1ca8d4f97772bfa79032301f3d20621cd3c3de5f Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Thu, 19 Sep 2024 14:16:51 +0200 Subject: [PATCH 266/380] ci: remove obsolete python dep (#3369) --- .../workflows/aws-snp-launchmeasurement.yml | 6 - ...ws-snp-launchmeasurements-requirements.txt | 106 ------------------ 2 files changed, 112 deletions(-) delete mode 100644 .github/workflows/aws-snp-launchmeasurements-requirements.txt diff --git a/.github/workflows/aws-snp-launchmeasurement.yml b/.github/workflows/aws-snp-launchmeasurement.yml index a6fa04402..a08088896 100644 --- a/.github/workflows/aws-snp-launchmeasurement.yml +++ b/.github/workflows/aws-snp-launchmeasurement.yml @@ -16,12 +16,6 @@ jobs: ref: ${{ github.head_ref }} path: constellation - - name: Install necessary tools - run: | - sudo apt-get update - sudo apt-get install -y python3 python3-pip - sudo python3 -m pip install --user --require-hashes -r constellation/.github/workflows/aws-snp-launchmeasurements-requirements.txt - - name: Install Nix uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27 diff --git a/.github/workflows/aws-snp-launchmeasurements-requirements.txt b/.github/workflows/aws-snp-launchmeasurements-requirements.txt deleted file mode 100644 index 6d4195056..000000000 --- a/.github/workflows/aws-snp-launchmeasurements-requirements.txt +++ /dev/null @@ -1,106 +0,0 @@ -# -# This file is autogenerated by pip-compile with Python 3.11 -# by the following command: -# -# pip-compile --generate-hashes --output-file=aws-snp-launchmeasurements-requirements.txt input.txt -# -cffi==1.16.0 \ - --hash=sha256:0c9ef6ff37e974b73c25eecc13952c55bceed9112be2d9d938ded8e856138bcc \ - --hash=sha256:131fd094d1065b19540c3d72594260f118b231090295d8c34e19a7bbcf2e860a \ - --hash=sha256:1b8ebc27c014c59692bb2664c7d13ce7a6e9a629be20e54e7271fa696ff2b417 \ - --hash=sha256:2c56b361916f390cd758a57f2e16233eb4f64bcbeee88a4881ea90fca14dc6ab \ - --hash=sha256:2d92b25dbf6cae33f65005baf472d2c245c050b1ce709cc4588cdcdd5495b520 \ - --hash=sha256:31d13b0f99e0836b7ff893d37af07366ebc90b678b6664c955b54561fc36ef36 \ - --hash=sha256:32c68ef735dbe5857c810328cb2481e24722a59a2003018885514d4c09af9743 \ - --hash=sha256:3686dffb02459559c74dd3d81748269ffb0eb027c39a6fc99502de37d501faa8 \ - --hash=sha256:582215a0e9adbe0e379761260553ba11c58943e4bbe9c36430c4ca6ac74b15ed \ - --hash=sha256:5b50bf3f55561dac5438f8e70bfcdfd74543fd60df5fa5f62d94e5867deca684 \ - --hash=sha256:5bf44d66cdf9e893637896c7faa22298baebcd18d1ddb6d2626a6e39793a1d56 \ - --hash=sha256:6602bc8dc6f3a9e02b6c22c4fc1e47aa50f8f8e6d3f78a5e16ac33ef5fefa324 \ - --hash=sha256:673739cb539f8cdaa07d92d02efa93c9ccf87e345b9a0b556e3ecc666718468d \ - --hash=sha256:68678abf380b42ce21a5f2abde8efee05c114c2fdb2e9eef2efdb0257fba1235 \ - --hash=sha256:68e7c44931cc171c54ccb702482e9fc723192e88d25a0e133edd7aff8fcd1f6e \ - --hash=sha256:6b3d6606d369fc1da4fd8c357d026317fbb9c9b75d36dc16e90e84c26854b088 \ - --hash=sha256:748dcd1e3d3d7cd5443ef03ce8685043294ad6bd7c02a38d1bd367cfd968e000 \ - --hash=sha256:7651c50c8c5ef7bdb41108b7b8c5a83013bfaa8a935590c5d74627c047a583c7 \ - --hash=sha256:7b78010e7b97fef4bee1e896df8a4bbb6712b7f05b7ef630f9d1da00f6444d2e \ - --hash=sha256:7e61e3e4fa664a8588aa25c883eab612a188c725755afff6289454d6362b9673 \ - --hash=sha256:80876338e19c951fdfed6198e70bc88f1c9758b94578d5a7c4c91a87af3cf31c \ - --hash=sha256:8895613bcc094d4a1b2dbe179d88d7fb4a15cee43c052e8885783fac397d91fe \ - --hash=sha256:88e2b3c14bdb32e440be531ade29d3c50a1a59cd4e51b1dd8b0865c54ea5d2e2 \ - --hash=sha256:8f8e709127c6c77446a8c0a8c8bf3c8ee706a06cd44b1e827c3e6a2ee6b8c098 \ - --hash=sha256:9cb4a35b3642fc5c005a6755a5d17c6c8b6bcb6981baf81cea8bfbc8903e8ba8 \ - --hash=sha256:9f90389693731ff1f659e55c7d1640e2ec43ff725cc61b04b2f9c6d8d017df6a \ - --hash=sha256:a09582f178759ee8128d9270cd1344154fd473bb77d94ce0aeb2a93ebf0feaf0 \ - --hash=sha256:a6a14b17d7e17fa0d207ac08642c8820f84f25ce17a442fd15e27ea18d67c59b \ - --hash=sha256:a72e8961a86d19bdb45851d8f1f08b041ea37d2bd8d4fd19903bc3083d80c896 \ - --hash=sha256:abd808f9c129ba2beda4cfc53bde801e5bcf9d6e0f22f095e45327c038bfe68e \ - --hash=sha256:ac0f5edd2360eea2f1daa9e26a41db02dd4b0451b48f7c318e217ee092a213e9 \ - --hash=sha256:b29ebffcf550f9da55bec9e02ad430c992a87e5f512cd63388abb76f1036d8d2 \ - --hash=sha256:b2ca4e77f9f47c55c194982e10f058db063937845bb2b7a86c84a6cfe0aefa8b \ - --hash=sha256:b7be2d771cdba2942e13215c4e340bfd76398e9227ad10402a8767ab1865d2e6 \ - --hash=sha256:b84834d0cf97e7d27dd5b7f3aca7b6e9263c56308ab9dc8aae9784abb774d404 \ - --hash=sha256:b86851a328eedc692acf81fb05444bdf1891747c25af7529e39ddafaf68a4f3f \ - --hash=sha256:bcb3ef43e58665bbda2fb198698fcae6776483e0c4a631aa5647806c25e02cc0 \ - --hash=sha256:c0f31130ebc2d37cdd8e44605fb5fa7ad59049298b3f745c74fa74c62fbfcfc4 \ - --hash=sha256:c6a164aa47843fb1b01e941d385aab7215563bb8816d80ff3a363a9f8448a8dc \ - --hash=sha256:d8a9d3ebe49f084ad71f9269834ceccbf398253c9fac910c4fd7053ff1386936 \ - --hash=sha256:db8e577c19c0fda0beb7e0d4e09e0ba74b1e4c092e0e40bfa12fe05b6f6d75ba \ - --hash=sha256:dc9b18bf40cc75f66f40a7379f6a9513244fe33c0e8aa72e2d56b0196a7ef872 \ - --hash=sha256:e09f3ff613345df5e8c3667da1d918f9149bd623cd9070c983c013792a9a62eb \ - --hash=sha256:e4108df7fe9b707191e55f33efbcb2d81928e10cea45527879a4749cbe472614 \ - --hash=sha256:e6024675e67af929088fda399b2094574609396b1decb609c55fa58b028a32a1 \ - --hash=sha256:e70f54f1796669ef691ca07d046cd81a29cb4deb1e5f942003f401c0c4a2695d \ - --hash=sha256:e715596e683d2ce000574bae5d07bd522c781a822866c20495e52520564f0969 \ - --hash=sha256:e760191dd42581e023a68b758769e2da259b5d52e3103c6060ddc02c9edb8d7b \ - --hash=sha256:ed86a35631f7bfbb28e108dd96773b9d5a6ce4811cf6ea468bb6a359b256b1e4 \ - --hash=sha256:ee07e47c12890ef248766a6e55bd38ebfb2bb8edd4142d56db91b21ea68b7627 \ - --hash=sha256:fa3a0128b152627161ce47201262d3140edb5a5c3da88d73a1b790a959126956 \ - --hash=sha256:fcc8eb6d5902bb1cf6dc4f187ee3ea80a1eba0a89aba40a5cb20a5087d961357 - # via cryptography -cryptography==42.0.4 \ - --hash=sha256:01911714117642a3f1792c7f376db572aadadbafcd8d75bb527166009c9f1d1b \ - --hash=sha256:0e89f7b84f421c56e7ff69f11c441ebda73b8a8e6488d322ef71746224c20fce \ - --hash=sha256:12d341bd42cdb7d4937b0cabbdf2a94f949413ac4504904d0cdbdce4a22cbf88 \ - --hash=sha256:15a1fb843c48b4a604663fa30af60818cd28f895572386e5f9b8a665874c26e7 \ - --hash=sha256:1cdcdbd117681c88d717437ada72bdd5be9de117f96e3f4d50dab3f59fd9ab20 \ - --hash=sha256:1df6fcbf60560d2113b5ed90f072dc0b108d64750d4cbd46a21ec882c7aefce9 \ - --hash=sha256:3c6048f217533d89f2f8f4f0fe3044bf0b2090453b7b73d0b77db47b80af8dff \ - --hash=sha256:3e970a2119507d0b104f0a8e281521ad28fc26f2820687b3436b8c9a5fcf20d1 \ - --hash=sha256:44a64043f743485925d3bcac548d05df0f9bb445c5fcca6681889c7c3ab12764 \ - --hash=sha256:4e36685cb634af55e0677d435d425043967ac2f3790ec652b2b88ad03b85c27b \ - --hash=sha256:5f8907fcf57392cd917892ae83708761c6ff3c37a8e835d7246ff0ad251d9298 \ - --hash=sha256:69b22ab6506a3fe483d67d1ed878e1602bdd5912a134e6202c1ec672233241c1 \ - --hash=sha256:6bfadd884e7280df24d26f2186e4e07556a05d37393b0f220a840b083dc6a824 \ - --hash=sha256:6d0fbe73728c44ca3a241eff9aefe6496ab2656d6e7a4ea2459865f2e8613257 \ - --hash=sha256:6ffb03d419edcab93b4b19c22ee80c007fb2d708429cecebf1dd3258956a563a \ - --hash=sha256:810bcf151caefc03e51a3d61e53335cd5c7316c0a105cc695f0959f2c638b129 \ - --hash=sha256:831a4b37accef30cccd34fcb916a5d7b5be3cbbe27268a02832c3e450aea39cb \ - --hash=sha256:887623fe0d70f48ab3f5e4dbf234986b1329a64c066d719432d0698522749929 \ - --hash=sha256:a0298bdc6e98ca21382afe914c642620370ce0470a01e1bef6dd9b5354c36854 \ - --hash=sha256:a1327f280c824ff7885bdeef8578f74690e9079267c1c8bd7dc5cc5aa065ae52 \ - --hash=sha256:c1f25b252d2c87088abc8bbc4f1ecbf7c919e05508a7e8628e6875c40bc70923 \ - --hash=sha256:c3a5cbc620e1e17009f30dd34cb0d85c987afd21c41a74352d1719be33380885 \ - --hash=sha256:ce8613beaffc7c14f091497346ef117c1798c202b01153a8cc7b8e2ebaaf41c0 \ - --hash=sha256:d2a27aca5597c8a71abbe10209184e1a8e91c1fd470b5070a2ea60cafec35bcd \ - --hash=sha256:dad9c385ba8ee025bb0d856714f71d7840020fe176ae0229de618f14dae7a6e2 \ - --hash=sha256:db4b65b02f59035037fde0998974d84244a64c3265bdef32a827ab9b63d61b18 \ - --hash=sha256:e09469a2cec88fb7b078e16d4adec594414397e8879a4341c6ace96013463d5b \ - --hash=sha256:e53dc41cda40b248ebc40b83b31516487f7db95ab8ceac1f042626bc43a2f992 \ - --hash=sha256:f1e85a178384bf19e36779d91ff35c7617c885da487d689b05c1366f9933ad74 \ - --hash=sha256:f47be41843200f7faec0683ad751e5ef11b9a56a220d57f300376cd8aba81660 \ - --hash=sha256:fb0cef872d8193e487fc6bdb08559c3aa41b659a7d9be48b2e10747f47863925 \ - --hash=sha256:ffc73996c4fca3d2b6c1c8c12bfd3ad00def8621da24f547626bf06441400449 - # via sev-snp-measure -pycparser==2.21 \ - --hash=sha256:8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9 \ - --hash=sha256:e644fdec12f7872f86c58ff790da456218b10f863970249516d60a5eaca77206 - # via cffi -sev-snp-measure==0.0.9 \ - --hash=sha256:32ac67a0db6b639186116d8806a730aac4743584e6ca810c65e8fc57b875f87d \ - --hash=sha256:a1796822e15430c2db7749d1da269819b8cec1330600bb5589ed0ed61400dc41 - # via -r input.txt -types-cryptography==3.3.23.2 \ - --hash=sha256:09cc53f273dd4d8c29fa7ad11fefd9b734126d467960162397bc5e3e604dea75 \ - --hash=sha256:b965d548f148f8e87f353ccf2b7bd92719fdf6c845ff7cedf2abb393a0643e4f - # via sev-snp-measure From 6fc051cf98b3907ac4cd212b1529213de046825d Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Fri, 20 Sep 2024 08:21:52 +0200 Subject: [PATCH 267/380] image: update measurements and image version (#3371) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index 57bc53b3e..337efc17c 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xdc, 0xc1, 0xe0, 0x27, 0xd4, 0x62, 0x18, 0x35, 0x71, 0x22, 0x0b, 0x1c, 0x06, 0xdc, 0xa7, 0x99, 0xae, 0xf8, 0x1e, 0xcd, 0x33, 0x36, 0xbd, 0x6c, 0x6d, 0x9a, 0x11, 0xe3, 0xa4, 0x35, 0x7c, 0xaf}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x2a, 0x79, 0xf4, 0xa0, 0x35, 0x02, 0xa5, 0x8b, 0xb3, 0x73, 0x3b, 0x8d, 0x9d, 0x94, 0x94, 0xa8, 0xd2, 0x0f, 0x26, 0x56, 0xd2, 0x09, 0x97, 0x10, 0x47, 0x86, 0x33, 0x40, 0x53, 0x16, 0x3d, 0x42}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x4d, 0x06, 0x8d, 0xc3, 0xfe, 0x11, 0x6b, 0x31, 0xa3, 0x48, 0x72, 0x24, 0x5e, 0x82, 0xd7, 0x4a, 0xf2, 0xab, 0x6e, 0xc9, 0x8e, 0x6c, 0x7e, 0x35, 0xc0, 0x1f, 0x37, 0xea, 0x1c, 0x43, 0xc3, 0xa9}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xc1, 0x6e, 0xac, 0xc4, 0x10, 0xf2, 0x09, 0x6f, 0x99, 0x5d, 0xf8, 0x98, 0x57, 0xcf, 0x85, 0xf7, 0xa5, 0xe6, 0x3e, 0x82, 0x8c, 0x91, 0x82, 0x4d, 0x89, 0xfe, 0x65, 0xf5, 0x3d, 0x36, 0xdd, 0x15}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xaf, 0xf0, 0xe2, 0x82, 0x99, 0x2e, 0x61, 0x84, 0x6f, 0x2e, 0x30, 0x75, 0x1a, 0xf7, 0x6e, 0xc4, 0x92, 0x36, 0xa4, 0xd2, 0xb8, 0xad, 0x13, 0x8f, 0x58, 0xc6, 0xa5, 0xc2, 0x4d, 0x1e, 0x7c, 0xc3}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xfb, 0x9f, 0x83, 0xe8, 0x56, 0x9c, 0xdb, 0xca, 0x30, 0x61, 0xab, 0xb8, 0x36, 0x31, 0xef, 0x64, 0x64, 0xae, 0x21, 0x74, 0x10, 0x44, 0x6e, 0x40, 0x08, 0x42, 0x1a, 0x24, 0x0c, 0xd9, 0x64, 0x3b}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x40, 0x1f, 0xa0, 0xbd, 0x87, 0x71, 0x32, 0x85, 0x7d, 0xe1, 0xc5, 0x34, 0x6f, 0xf8, 0xa8, 0x53, 0x11, 0x79, 0x3d, 0x1a, 0x08, 0xb8, 0xed, 0x73, 0x36, 0x24, 0x3a, 0x5e, 0x41, 0x38, 0x39, 0xd7}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x06, 0x7f, 0xb3, 0xc1, 0x44, 0xeb, 0x49, 0xaa, 0xf1, 0xdf, 0x91, 0x43, 0xc5, 0x74, 0x01, 0xd2, 0x24, 0x49, 0xbb, 0xec, 0xd9, 0x24, 0x24, 0x68, 0x83, 0xbd, 0x51, 0xcf, 0x5a, 0x32, 0xed, 0x48}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x41, 0x93, 0x69, 0x05, 0x8d, 0x7b, 0xb7, 0x5f, 0x52, 0x39, 0x0a, 0xdd, 0x84, 0x22, 0x6c, 0x08, 0x4d, 0x2c, 0xf3, 0xc6, 0x08, 0xab, 0x62, 0x43, 0xd3, 0xd5, 0x5f, 0xc2, 0x95, 0x4f, 0xc2, 0x99}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xb7, 0x34, 0x64, 0x1d, 0x4d, 0xc7, 0x05, 0x85, 0xa6, 0x27, 0xfd, 0x2c, 0x79, 0xc8, 0x70, 0x97, 0xc0, 0x30, 0x12, 0x7a, 0xf5, 0xcf, 0x91, 0x5d, 0x07, 0x67, 0x69, 0xee, 0x12, 0xab, 0x83, 0x6d}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xe1, 0x2d, 0xa1, 0x7e, 0x52, 0x02, 0x24, 0x13, 0x21, 0xe5, 0x1b, 0xea, 0x6e, 0x4e, 0x2d, 0x4a, 0x24, 0xb1, 0xf0, 0xba, 0x30, 0x59, 0x0f, 0xc0, 0xaf, 0x87, 0xdd, 0x54, 0xc4, 0xed, 0xbe, 0x7c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa5, 0x32, 0xe0, 0xd9, 0xa1, 0x67, 0x7e, 0xe7, 0xae, 0x69, 0xfa, 0xc9, 0xed, 0xec, 0x66, 0xc3, 0x44, 0x9b, 0x7b, 0x68, 0x96, 0x21, 0xcc, 0xb8, 0xa8, 0xd4, 0x6f, 0x13, 0xc7, 0xc2, 0xb2, 0x90}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x4e, 0x5c, 0xa7, 0x50, 0xb6, 0xfd, 0x7a, 0xbc, 0x9e, 0x66, 0xfe, 0x51, 0xec, 0xd9, 0x1a, 0x39, 0x4b, 0x5e, 0xb3, 0x83, 0x1f, 0x40, 0xff, 0xac, 0xd8, 0x56, 0x9f, 0x6e, 0x67, 0x36, 0xaa, 0xfd}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x07, 0xae, 0x7b, 0xa1, 0x8b, 0x74, 0x69, 0x60, 0x55, 0x60, 0x83, 0x91, 0xbb, 0x0d, 0xa0, 0x04, 0xcd, 0x58, 0xc1, 0x4c, 0x02, 0x7d, 0x72, 0xb1, 0xea, 0xdc, 0xf8, 0x66, 0x8d, 0xff, 0x5e, 0x4f}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x32, 0x42, 0x23, 0x95, 0x6e, 0xfd, 0xfe, 0xe9, 0xdb, 0x7a, 0xbb, 0xb9, 0x64, 0x2d, 0x86, 0x49, 0xb7, 0x0a, 0x94, 0x90, 0xb9, 0x6f, 0xea, 0xfe, 0xf9, 0x1e, 0xd2, 0x61, 0xb5, 0xac, 0x2a, 0x8d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x05, 0x27, 0x51, 0x07, 0xff, 0xde, 0x56, 0x48, 0xa6, 0x32, 0xd8, 0x84, 0xf9, 0x14, 0x5a, 0x7c, 0x21, 0xcf, 0xb5, 0x52, 0xb9, 0xcb, 0xc8, 0xc1, 0xd6, 0x08, 0x7f, 0xd8, 0xd8, 0x85, 0x07, 0x59}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x46, 0x94, 0xdb, 0x23, 0x70, 0x89, 0xca, 0xf1, 0x81, 0x55, 0x8d, 0x95, 0xb8, 0x6f, 0x4a, 0x2c, 0x3a, 0xb0, 0xdf, 0x8b, 0xc5, 0xf6, 0xf4, 0xb3, 0x9f, 0x76, 0x42, 0x89, 0xfc, 0xc5, 0x61, 0xe5}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x32, 0xa2, 0xcd, 0x8c, 0x2f, 0xb6, 0xbf, 0x32, 0x10, 0x92, 0xf1, 0x9f, 0x33, 0xe9, 0xad, 0xc4, 0xf3, 0xbc, 0x87, 0xb8, 0xa8, 0x85, 0xfa, 0xfa, 0x1e, 0xa1, 0x29, 0x36, 0x27, 0x27, 0x31, 0x00}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xb7, 0xef, 0xd6, 0xd5, 0xae, 0xb6, 0x2c, 0x69, 0x9a, 0x59, 0x3e, 0x14, 0x1d, 0x7b, 0xa1, 0x60, 0xc5, 0xac, 0x95, 0x74, 0x19, 0x9f, 0x7d, 0x2f, 0xd4, 0x63, 0xef, 0x9e, 0x15, 0xeb, 0x18, 0xba}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb7, 0xce, 0xd7, 0x77, 0xce, 0x13, 0x8f, 0x21, 0xe4, 0xf2, 0xf3, 0x30, 0xea, 0x4c, 0xad, 0x66, 0xfa, 0x91, 0x63, 0xba, 0x49, 0x51, 0xcf, 0x9a, 0xb4, 0x60, 0x22, 0xfb, 0x2c, 0xd9, 0xb9, 0xf1}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xeb, 0xc7, 0x09, 0xfc, 0xbe, 0xa8, 0xab, 0xe9, 0x46, 0xed, 0x55, 0x27, 0xf5, 0xb0, 0xee, 0x50, 0xf5, 0xdb, 0x28, 0xbe, 0x35, 0x2b, 0xd0, 0x48, 0x29, 0xb4, 0xf4, 0x56, 0x45, 0x8d, 0x60, 0x7d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x22, 0x6d, 0xd9, 0x23, 0x69, 0x92, 0x3a, 0xcb, 0x8d, 0xc7, 0x3d, 0x46, 0x10, 0x0a, 0xc8, 0xdd, 0x8c, 0xcb, 0xdf, 0x27, 0xe7, 0x55, 0x3a, 0x75, 0x07, 0x1a, 0xae, 0xd1, 0x2f, 0x4a, 0xac, 0x5a}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x81, 0xd0, 0x9f, 0x5d, 0xc2, 0x60, 0xac, 0xa7, 0x00, 0x72, 0xb2, 0x57, 0x44, 0x2a, 0xde, 0xe2, 0xb8, 0xb2, 0xf4, 0x27, 0x61, 0x09, 0xbb, 0x1d, 0x36, 0x9f, 0x8b, 0x53, 0xeb, 0xbb, 0x86, 0x60}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe9, 0xc2, 0x6c, 0x5e, 0x23, 0xc6, 0x7b, 0x25, 0x07, 0xc8, 0x9d, 0x13, 0x27, 0x04, 0x5d, 0xb9, 0xe4, 0x6a, 0xf3, 0x3e, 0x80, 0xe0, 0x8d, 0xa5, 0xf9, 0x7b, 0xb8, 0xe1, 0x42, 0x80, 0x33, 0xe7}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xda, 0x7d, 0x94, 0x16, 0x8c, 0x5b, 0x20, 0x0f, 0xaa, 0x16, 0x8e, 0x63, 0x7c, 0x1d, 0xe6, 0x75, 0x14, 0x9a, 0x65, 0xd0, 0x54, 0x71, 0xcf, 0xe9, 0xf7, 0x95, 0x72, 0xb7, 0xa9, 0x95, 0xb5, 0xf3}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x8c, 0x0b, 0xd0, 0xc6, 0xde, 0x8e, 0xe2, 0xbd, 0x30, 0x01, 0x06, 0x4f, 0x04, 0xf7, 0xbe, 0x2a, 0x12, 0x00, 0xcf, 0x07, 0x1b, 0x1b, 0x06, 0x77, 0x55, 0xd4, 0xb5, 0x79, 0x42, 0x5b, 0x59, 0xa2}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x97, 0x57, 0xd5, 0x67, 0x4f, 0xa7, 0x05, 0x69, 0xff, 0xdb, 0xc3, 0x8c, 0x12, 0x6c, 0xe5, 0x52, 0x18, 0x48, 0x2c, 0xe4, 0x4d, 0x8b, 0x7f, 0xf5, 0x13, 0x5d, 0xc6, 0x53, 0x4a, 0xdb, 0xce, 0x25}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xe3, 0x7e, 0x48, 0x07, 0xb5, 0xde, 0x67, 0xf2, 0x29, 0xed, 0x2a, 0x7a, 0x06, 0xb7, 0x7b, 0xa6, 0x87, 0x84, 0x74, 0x56, 0xe5, 0x90, 0xa5, 0x16, 0x0d, 0x4c, 0x51, 0xf0, 0x08, 0x05, 0x0e, 0xae}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xda, 0xc4, 0x82, 0x50, 0xc3, 0x86, 0x55, 0xf4, 0x77, 0x52, 0x96, 0x7f, 0xea, 0x7e, 0x35, 0xf6, 0x28, 0x26, 0xf7, 0x62, 0xd6, 0x91, 0x80, 0x52, 0x2a, 0xbf, 0xfd, 0x15, 0x07, 0x76, 0x09, 0x7f}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x4c, 0x7f, 0x4e, 0x2d, 0x30, 0x44, 0xd2, 0x00, 0x21, 0x13, 0xae, 0x34, 0x46, 0xf3, 0x1e, 0xdd, 0xe4, 0x99, 0xcf, 0x99, 0xd4, 0xbf, 0x2a, 0x64, 0x18, 0x13, 0x91, 0x37, 0x5c, 0x58, 0x16, 0x7a}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0x69, 0x23, 0xb5, 0xa8, 0xb1, 0x1b, 0x37, 0xac, 0x6f, 0xff, 0xc5, 0x6f, 0xd6, 0xe8, 0xbd, 0xf8, 0xcf, 0x16, 0x15, 0x80, 0x1b, 0xc7, 0x0b, 0x8b, 0x84, 0x12, 0xdd, 0x04, 0x2c, 0xfc, 0x46, 0x49}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x39, 0x7f, 0xc5, 0xf0, 0xd3, 0x7d, 0x4c, 0x61, 0x7d, 0xfb, 0xc4, 0x4e, 0x5a, 0xc5, 0xfa, 0x6b, 0xe8, 0x9d, 0x60, 0x60, 0x5b, 0x75, 0x86, 0x3b, 0xa0, 0xe1, 0xcc, 0x18, 0x90, 0x76, 0xfc, 0xee}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x27, 0x4e, 0x12, 0xb0, 0x84, 0x43, 0x45, 0x3a, 0x01, 0xb4, 0x86, 0xa9, 0xe9, 0x76, 0x05, 0xe4, 0x60, 0x50, 0x81, 0xed, 0xb4, 0xf2, 0xcc, 0x3e, 0xc1, 0x9d, 0x15, 0x51, 0x12, 0xfd, 0xe7, 0xf1}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x85, 0x70, 0x29, 0x4b, 0xfc, 0x64, 0xfe, 0x71, 0x7b, 0x76, 0x54, 0x2d, 0x9e, 0x8a, 0x2b, 0x61, 0x0e, 0xb3, 0x16, 0x13, 0xe3, 0x8f, 0x9a, 0x58, 0xaf, 0x01, 0xb3, 0x97, 0x63, 0xe5, 0x81, 0xa3}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x94, 0x39, 0xc3, 0x69, 0xa5, 0x03, 0x53, 0x22, 0x4f, 0xf3, 0xe3, 0x7f, 0x1c, 0x06, 0x5b, 0x14, 0x8c, 0x5a, 0xe7, 0xf2, 0xae, 0xd4, 0xe5, 0xf7, 0x77, 0xd2, 0xaf, 0x08, 0xd8, 0x46, 0x6a, 0xd2}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa0, 0x1c, 0x6c, 0xbb, 0x52, 0xee, 0x97, 0x18, 0xcf, 0xef, 0x08, 0x2f, 0x3b, 0x70, 0xa2, 0x05, 0xe7, 0xd6, 0xf3, 0x11, 0x84, 0x87, 0xf4, 0xa4, 0xfc, 0xf9, 0x36, 0x05, 0xfd, 0xcf, 0x4b, 0x27}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x1b, 0x02, 0x1c, 0x64, 0xbe, 0x14, 0x37, 0x83, 0xde, 0xaa, 0x4e, 0xcb, 0x12, 0xd1, 0x7b, 0x8f, 0x6f, 0x41, 0xc1, 0x9d, 0x69, 0xe5, 0xbb, 0xaf, 0xee, 0x75, 0x09, 0xa7, 0x60, 0x18, 0x53, 0x64}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x65, 0x20, 0x26, 0xee, 0x58, 0xb0, 0x33, 0x74, 0x28, 0xde, 0xd2, 0xee, 0xe9, 0xed, 0x10, 0xee, 0x12, 0xe3, 0x77, 0x80, 0x02, 0xfe, 0xb9, 0xdb, 0xb2, 0xf7, 0x22, 0xf1, 0x41, 0x1f, 0xcf, 0x17}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xcf, 0x36, 0x2a, 0xf7, 0xb0, 0xaa, 0x12, 0xcb, 0xcc, 0xa6, 0xf9, 0x41, 0x5e, 0xd4, 0x5a, 0xac, 0xcf, 0x94, 0xc5, 0x7a, 0xc6, 0x45, 0xe6, 0x1f, 0x66, 0x8e, 0x97, 0x79, 0xb5, 0x03, 0xc7, 0xd4}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0x7e, 0x6c, 0xb7, 0xf6, 0x37, 0x81, 0x44, 0x17, 0xe8, 0x0c, 0x36, 0x71, 0x72, 0x12, 0xcd, 0xaa, 0x06, 0x22, 0x35, 0xf2, 0x1d, 0xc5, 0x66, 0x84, 0xff, 0x5f, 0xbc, 0x91, 0x2a, 0x60, 0xd3, 0xaa}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x0b, 0xa2, 0xa6, 0xcf, 0x76, 0xa9, 0x57, 0x68, 0x55, 0x09, 0x39, 0xce, 0x52, 0x97, 0xcf, 0x7c, 0xe4, 0x65, 0xe1, 0xd2, 0x4b, 0x44, 0x60, 0xf6, 0x8d, 0x46, 0x69, 0xa3, 0x75, 0xb9, 0x8b, 0xaf}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x79, 0x24, 0x0c, 0x4e, 0x71, 0x2c, 0x95, 0x4f, 0x00, 0x14, 0xc7, 0xe0, 0xf2, 0x3e, 0xb5, 0xf9, 0xf7, 0x6a, 0x5e, 0xbc, 0xf9, 0x25, 0x30, 0xaf, 0xce, 0x75, 0xb8, 0x09, 0x44, 0x44, 0xf7, 0x86}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0x4b, 0xca, 0x14, 0xb0, 0xe6, 0x3f, 0x62, 0x93, 0x67, 0xc8, 0x30, 0x69, 0x12, 0x03, 0x56, 0x4c, 0x53, 0x5b, 0x90, 0x71, 0xb1, 0xf3, 0x40, 0x33, 0xd0, 0x5c, 0xc4, 0x77, 0x8f, 0x3c, 0x2a, 0x6b}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x24, 0xfe, 0xd2, 0x2a, 0x0b, 0x06, 0x5e, 0xc9, 0xa7, 0xe2, 0x3d, 0x6b, 0xe2, 0xe3, 0xdd, 0xb1, 0x0f, 0xba, 0xdf, 0xd1, 0x8f, 0x73, 0x6a, 0x77, 0xcf, 0x13, 0x30, 0xd2, 0xf0, 0x8a, 0x90, 0x70}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x65, 0xf5, 0xca, 0x0c, 0x86, 0x10, 0x86, 0x81, 0xcf, 0x0e, 0x71, 0x4f, 0x36, 0x78, 0xff, 0x92, 0x42, 0x6f, 0x23, 0xf5, 0x81, 0x1d, 0xe0, 0x44, 0x60, 0xee, 0x8a, 0x97, 0x9e, 0x46, 0x27, 0xa8}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0x9e, 0x3d, 0x94, 0x36, 0x2e, 0x76, 0x54, 0x47, 0x1c, 0xb4, 0xfb, 0xde, 0x45, 0x76, 0x87, 0x6d, 0xa3, 0xe6, 0x83, 0x44, 0x1b, 0x62, 0x80, 0xb4, 0xd3, 0x59, 0x46, 0x3a, 0x87, 0xe3, 0xa9, 0x4f}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x79, 0x81, 0xfe, 0xfe, 0x22, 0xb9, 0x6e, 0x5e, 0xef, 0x67, 0x27, 0x69, 0x58, 0x0c, 0x2d, 0x2f, 0x9f, 0x4a, 0x2c, 0x48, 0x0f, 0x48, 0x33, 0xd1, 0x63, 0x1b, 0xa3, 0x9a, 0xb8, 0x0f, 0xb4, 0xcf}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x99, 0xc2, 0x38, 0xa3, 0x01, 0xfe, 0x7f, 0x79, 0x0e, 0x2d, 0x9b, 0x62, 0x41, 0x20, 0xc1, 0x33, 0x4b, 0x3b, 0x57, 0x11, 0x72, 0xfc, 0x55, 0x7f, 0x0c, 0xbd, 0x84, 0x17, 0x10, 0x27, 0xff, 0xef}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index 029b240f8..dd89407a6 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240917153308-7bb6ad6cc272" + defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240919141651-1ca8d4f97772" ) From ea9d5122f320133118228e0eea56d6609d2b4382 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Sun, 22 Sep 2024 11:36:40 +0200 Subject: [PATCH 268/380] image: update locked rpms (#3372) Co-authored-by: edgelessci --- image/mirror/SHA256SUMS | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/image/mirror/SHA256SUMS b/image/mirror/SHA256SUMS index 21942c7c0..6812b0820 100644 --- a/image/mirror/SHA256SUMS +++ b/image/mirror/SHA256SUMS @@ -15,7 +15,7 @@ e61d6858790314f9d9ab539c5531d2b67ce763c9e5ac6c22dd76293fec12f3f5 ca-certificate 26e873722d8c94ba8150cb5afc7adcda1be17a21804d9c19e54eff530e3249a5 composefs-libs-1.0.3-1.fc40.x86_64.rpm db246f6445469b5a71e965a081685471768393cf04181e7250ce0ddcb8a9c3d4 conmon-2.1.12-2.fc40.x86_64.rpm adf4b75cdd9fae9d2d37fb71d9f0bf625a6705c0f0a7784569ab21463fe22152 conntrack-tools-1.4.7-7.fc40.x86_64.rpm -b0b0ba347f69131086934e836f03fb8b373923c88ac2958bd9661be28e30e869 container-selinux-2.232.1-1.fc40.noarch.rpm +fa073cc08e035fab231c2e9aa3116468e75f5056c169d5b095f3ee2956123d95 container-selinux-2.233.0-1.fc40.noarch.rpm bbe29e0c7b4ca076d50b4ac3954eb383459230d96b13f353ee71ebd5de33b6d1 containerd-1.6.23-5.fc40.x86_64.rpm 25fffa3b5f1b0b2349fd6f8f6ccb6e84936c50eeb8d4a292bcc2b74895fa7fcc containernetworking-plugins-1.4.0-4.fc40.x86_64.rpm 2b469c1a5d65c0378a076c4fdd86196ace5775feabdd42bba1344a57b3fecae2 containers-common-0.60.1-1.fc40.noarch.rpm @@ -27,7 +27,7 @@ ea1f43ef9a4b02a9c66726ee386f090145696fb93dff80d593ac82126f8037ec cracklib-2.9.1 fe24641e69545c428890a4b094f015c03f65a6c30c3db7bb0de7672bab66bfd6 cracklib-dicts-2.9.11-5.fc40.x86_64.rpm e4407cbfeb01494457e941a56971ec3aefbd35206792918d60fc9417acacd1a8 criu-3.19-4.fc40.x86_64.rpm 6dd4fe61a462d20fd6fc07ecf8bf47198cc24733d82fe0e46ed4d5f988dffef4 criu-libs-3.19-4.fc40.x86_64.rpm -4e913c3232f3d304820e6e1746911d5d4c981407673edbd3426118a2fd2dd977 crun-1.15-1.fc40.x86_64.rpm +23cf494259d04acbfc40fb5ac0654d0dc1d79713ad2f232ffd4b81f68b693fe8 crun-1.17-1.fc40.x86_64.rpm 2469a287d9fe6ea5f4aa0686fa5f223c14505218743230afbd322fdd90b1d396 crypto-policies-20240725-1.git28d3e2d.fc40.noarch.rpm 8271834b39fd9a7efef95f9bf40337cc636d55a9c4b56ee2500811b318794ae3 crypto-policies-scripts-20240725-1.git28d3e2d.fc40.noarch.rpm 26aadc06a9f98c58ca6250d811e749ee5fa76059b37445ec28b50ee73d548174 cryptsetup-2.7.5-1.fc40.x86_64.rpm @@ -151,10 +151,10 @@ c8b9967345ed0393c17101b970bb86258380494d99edf07787bc32ee4de96a7b libfdisk-2.40. 2481691bd2ee6aab48b1a0306357337007b2b0af082e4fdef47dcc5a8a8357be libfdisk-2.40.1-1.fc40.x86_64.rpm 25caa7ee56f6013369c2fac26afd3035a7d580af0b919621ba8d495d13a5af86 libffi-3.4.4-7.fc40.x86_64.rpm f9c5369b6d168a2b8e46159bc41ef0755ee1a8d12f4c6766fdfe23e827cf5cdf libfido2-1.14.0-4.fc40.x86_64.rpm -d83c434aeec6b5e80adbbaac5f1983b1f739a8fc1660652565da26714125d09c libgcc-14.2.1-1.fc40.i686.rpm -ee6aa81323dedfdda0f6f845ea0ee8e03cf67569fb1c71335e7ded797efc97db libgcc-14.2.1-1.fc40.x86_64.rpm +460a36745833f629ac1f5d232ec0daec092b7cb654a4bf3e4fde7c693fea9fbb libgcc-14.2.1-3.fc40.i686.rpm +cd073c42cb4dfcd224e9b4619883f2c7923ab0b083d7c90b01e3052c89f6b814 libgcc-14.2.1-3.fc40.x86_64.rpm 10c4c12c6539ffea68974cd9b57013d471ac35fe3bef4833c0a22f6b29fbf489 libgcrypt-1.10.3-3.fc40.x86_64.rpm -057bcff33669ee015aebee05ee7c67ac47a15d89e5d83e77c730f96f259083f6 libgomp-14.2.1-1.fc40.x86_64.rpm +03d5f4d139dec2e7c94714b1b9f59d37236dbda9f09271bdda99c71251f15f0e libgomp-14.2.1-3.fc40.x86_64.rpm 8d0a9840e06e72ccf756fa5a79c49f572dc827b0c75ea5a1f923235150d27ae2 libgpg-error-1.49-1.fc40.x86_64.rpm 677a67726c759c94faa94475185e46d028f171c9215390ac601ccd914188afb2 libidn2-2.3.7-1.fc40.i686.rpm 2fd2038b4a94eeede34e46ed0e035e619f77d0e412c70cf4e9bb836957e8f31b libidn2-2.3.7-1.fc40.x86_64.rpm @@ -197,7 +197,7 @@ d5e6fc8b4595cccae415bc18b971ea4a4ed64c816e45de5d3f588b78ecf12708 libsepol-3.6-3 302124d98a491472ec0982b89afbf576922d6921a89dda479d354e6582566f0e libsmartcols-2.40.1-1.fc40.x86_64.rpm 45d032fb4d59ee0f6a921dd1f0addfcdd38fc46917243fdd6248194ffddb9067 libsodium-1.0.20-1.fc40.x86_64.rpm c8bbfa2762cc601f8a97d8d5a39a658f0e91ba477ebebd798b30f7fc8ffdd457 libss-1.47.0-5.fc40.x86_64.rpm -fbbfce1657c5d09246c315afa59ab5b834796e30fc776eca4ede4263ea6df9dc libstdc++-14.2.1-1.fc40.x86_64.rpm +89e7282e0a94d641871dfed423ba2ce6f8b088eaf9aabdea1805708bcafa6a01 libstdc++-14.2.1-3.fc40.x86_64.rpm d92173d6fbfb7e2af3b35a8554229e247666e15dc5b36cba43b7bbfc4144b781 libtasn1-4.19.0-6.fc40.x86_64.rpm 9ca680998686ee852fa8e1667cd6e7c436bfd5fe7da898bd314d808303d447f8 libtextstyle-0.22.5-4.fc40.x86_64.rpm c52aa65956ce5076c7036d486ec29d06832461450c77838c7b9e360c701b6ad2 libtirpc-1.3.5-0.fc40.x86_64.rpm @@ -272,9 +272,9 @@ af85755cda79959a19161ebc26a45e507003298bd97b472b9ab0d512afa5e46a protobuf-c-1.5 45ff2e9814aa059f323b23710c73309d41d36306667a3004f5fbb86b0cab4484 psmisc-23.6-6.fc40.x86_64.rpm cca50802d4f75306bc37126feb92db79fed44dcdabf76c1556853334995b9d3b publicsuffix-list-dafsa-20240107-3.fc40.noarch.rpm 1cfc81c8761cd0381cc5020a3686afec8350aadea01998518e8aa2407419fe9f python-pip-wheel-23.3.2-1.fc40.noarch.rpm -368e6771820860a47152246355d1f09358cebc0b464224d70739a303dbdf9158 python-unversioned-command-3.12.5-2.fc40.noarch.rpm -c9022e8d2879fb454163b5c81376418f96eaed8b1a5220ac0c53288c1d7a35df python3-3.12.5-2.fc40.x86_64.rpm -077e728ea0ec62c079e90336b4c57a7b2b8c7ba897904520b4a5070c2078b498 python3-libs-3.12.5-2.fc40.x86_64.rpm +c1b05e20130bc9c402b865866d5f244800b04af459c2a15ef4e834f2742219be python-unversioned-command-3.12.6-1.fc40.noarch.rpm +cab29f836249f65e06275625a74012319914c478e03f7acfb454bd16c382d16a python3-3.12.6-1.fc40.x86_64.rpm +8f0508c73ef2fed4dacf727ca4c89dbfbe7c28131857ef47be756bc379196201 python3-libs-3.12.6-1.fc40.x86_64.rpm 31d3560d4e4d9c6eedbc48911b38f1958b03d69d53859251ca53adc2c0db083b qemu-user-static-8.2.6-3.fc40.x86_64.rpm 0f8288155f67cdc89680d17f77f742a58e7f2076231dc824b40411903c5bfb0d qemu-user-static-aarch64-8.2.6-3.fc40.x86_64.rpm 9d6240b8b25f010e64f583112fe8c152fc9ba469b261fb33fb4834724924c0dd qemu-user-static-alpha-8.2.6-3.fc40.x86_64.rpm @@ -350,5 +350,5 @@ ee599a1c4d7ee635e54ec137af4dded83f433b9c8a5976f75ecdcd000b5246e3 xz-5.4.6-3.fc4 b92ef78d8ab424c22130e457d0ef691d8197bff61c3b8852205d1b02baba3819 xz-libs-5.4.6-3.fc40.i686.rpm b6ee44b3d7e494b0364f26b7d0b169a8092180af787423cd5e8a47dc0f738a66 xz-libs-5.4.6-3.fc40.x86_64.rpm 9e263e0a9b656178519de20733f3e0950fef494aa056daaa2004b522ba50b952 yajl-2.1.0-23.fc40.x86_64.rpm -55ae62f3071a58a61b856883a34132b91083fff6202f037a4091875d8454ead5 zlib-ng-compat-2.1.7-1.fc40.i686.rpm -a83a76b73d38e154287b37700ffaa83052a0acf5a3e985f00fb39e384c2c61dd zlib-ng-compat-2.1.7-1.fc40.x86_64.rpm +ffab1c8720480b498f65d0d480825ccd890e4f797c3850712879eb04a4739690 zlib-ng-compat-2.1.7-2.fc40.i686.rpm +e50b69054de16d757f5667e3acf2e7439302c91a9c418243467f288dfb79f6ea zlib-ng-compat-2.1.7-2.fc40.x86_64.rpm From 068e68d478a5a4000c17c994c2bb66a1f66fe02b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 24 Sep 2024 09:52:45 +0200 Subject: [PATCH 269/380] deps: update bazel (modules) (#3370) * deps: update bazel (modules) * deps: tidy all modules --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci Co-authored-by: Adrian Stobbe --- MODULE.bazel | 6 +- MODULE.bazel.lock | 1583 +++++++++++++++++++++++++-------------------- 2 files changed, 889 insertions(+), 700 deletions(-) diff --git a/MODULE.bazel b/MODULE.bazel index 384e8b66a..6f1c055a9 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -1,6 +1,6 @@ module(name = "constellation") -bazel_dep(name = "aspect_bazel_lib", version = "2.7.9") +bazel_dep(name = "aspect_bazel_lib", version = "2.9.0") bazel_lib = use_extension("@aspect_bazel_lib//lib:extensions.bzl", "toolchains") bazel_lib.yq() @@ -9,11 +9,11 @@ use_repo(bazel_lib, "yq_toolchains") bazel_dep(name = "bazel_skylib", version = "1.7.1") bazel_dep(name = "gazelle", version = "0.38.0") bazel_dep(name = "hermetic_cc_toolchain", version = "3.1.0") -bazel_dep(name = "rules_cc", version = "0.0.9") +bazel_dep(name = "rules_cc", version = "0.0.10") bazel_dep(name = "rules_go", version = "0.49.0", repo_name = "io_bazel_rules_go") bazel_dep(name = "rules_pkg", version = "0.10.1") bazel_dep(name = "rules_proto", version = "6.0.2") -bazel_dep(name = "rules_python", version = "0.34.0") +bazel_dep(name = "rules_python", version = "0.35.0") bazel_dep(name = "buildifier_prebuilt", version = "6.4.0", dev_dependency = True) diff --git a/MODULE.bazel.lock b/MODULE.bazel.lock index c624e4c0d..2f977c0fb 100644 --- a/MODULE.bazel.lock +++ b/MODULE.bazel.lock @@ -9,8 +9,8 @@ "https://bcr.bazel.build/modules/abseil-cpp/20230802.0.bcr.1/source.json": "14892cc698e02ffedf4967546e6bedb7245015906888d3465fcf27c90a26da10", "https://bcr.bazel.build/modules/apple_support/1.5.0/MODULE.bazel": "50341a62efbc483e8a2a6aec30994a58749bd7b885e18dd96aa8c33031e558ef", "https://bcr.bazel.build/modules/apple_support/1.5.0/source.json": "eb98a7627c0bc486b57f598ad8da50f6625d974c8f723e9ea71bd39f709c9862", - "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.9/MODULE.bazel": "06e54f2b345b8eb7adceed2329b273da00d0368e28a9ebd9dfc75b4a052dac85", - "https://bcr.bazel.build/modules/aspect_bazel_lib/2.7.9/source.json": "72c2d5294e6ac7d05c72d46fbf439171291a8db4912312c95e146e11828dc84b", + "https://bcr.bazel.build/modules/aspect_bazel_lib/2.9.0/MODULE.bazel": "3d2ebf65f610a34f1c105c6060cf95737f5a660f8b298eb69d5ecbceb1092421", + "https://bcr.bazel.build/modules/aspect_bazel_lib/2.9.0/source.json": "ab3d44179bb682fdb921ebcb78490a32f1c8df46504816777ae5b7cf629de3d3", "https://bcr.bazel.build/modules/bazel_features/1.1.0/MODULE.bazel": "cfd42ff3b815a5f39554d97182657f8c4b9719568eb7fded2b9135f084bf760b", "https://bcr.bazel.build/modules/bazel_features/1.1.1/MODULE.bazel": "27b8c79ef57efe08efccbd9dd6ef70d61b4798320b8d3c134fd571f78963dbcd", "https://bcr.bazel.build/modules/bazel_features/1.11.0/MODULE.bazel": "f9382337dd5a474c3b7d334c2f83e50b6eaedc284253334cf823044a26de03e8", @@ -22,6 +22,7 @@ "https://bcr.bazel.build/modules/bazel_skylib/1.2.1/MODULE.bazel": "f35baf9da0efe45fa3da1696ae906eea3d615ad41e2e3def4aeb4e8bc0ef9a7a", "https://bcr.bazel.build/modules/bazel_skylib/1.3.0/MODULE.bazel": "20228b92868bf5cfc41bda7afc8a8ba2a543201851de39d990ec957b513579c5", "https://bcr.bazel.build/modules/bazel_skylib/1.4.1/MODULE.bazel": "a0dcb779424be33100dcae821e9e27e4f2901d9dfd5333efe5ac6a8d7ab75e1d", + "https://bcr.bazel.build/modules/bazel_skylib/1.4.2/MODULE.bazel": "3bd40978e7a1fac911d5989e6b09d8f64921865a45822d8b09e815eaa726a651", "https://bcr.bazel.build/modules/bazel_skylib/1.5.0/MODULE.bazel": "32880f5e2945ce6a03d1fbd588e9198c0a959bb42297b2cfaf1685b7bc32e138", "https://bcr.bazel.build/modules/bazel_skylib/1.6.1/MODULE.bazel": "8fdee2dbaace6c252131c00e1de4b165dc65af02ea278476187765e1a617b917", "https://bcr.bazel.build/modules/bazel_skylib/1.7.1/MODULE.bazel": "3120d80c5861aa616222ec015332e5f8d3171e062e3e804a2a0253e1be26e59b", @@ -57,11 +58,12 @@ "https://bcr.bazel.build/modules/protobuf/3.19.2/MODULE.bazel": "532ffe5f2186b69fdde039efe6df13ba726ff338c6bc82275ad433013fa10573", "https://bcr.bazel.build/modules/protobuf/3.19.6/MODULE.bazel": "9233edc5e1f2ee276a60de3eaa47ac4132302ef9643238f23128fea53ea12858", "https://bcr.bazel.build/modules/rules_cc/0.0.1/MODULE.bazel": "cb2aa0747f84c6c3a78dad4e2049c154f08ab9d166b1273835a8174940365647", + "https://bcr.bazel.build/modules/rules_cc/0.0.10/MODULE.bazel": "ec1705118f7eaedd6e118508d3d26deba2a4e76476ada7e0e3965211be012002", + "https://bcr.bazel.build/modules/rules_cc/0.0.10/source.json": "90310b16e0e7df0cf40f8d1dccd7d373360f42419a6bfbbf5bb013182dd70e84", "https://bcr.bazel.build/modules/rules_cc/0.0.2/MODULE.bazel": "6915987c90970493ab97393024c156ea8fb9f3bea953b2f3ec05c34f19b5695c", "https://bcr.bazel.build/modules/rules_cc/0.0.6/MODULE.bazel": "abf360251023dfe3efcef65ab9d56beefa8394d4176dd29529750e1c57eaa33f", "https://bcr.bazel.build/modules/rules_cc/0.0.8/MODULE.bazel": "964c85c82cfeb6f3855e6a07054fdb159aced38e99a5eecf7bce9d53990afa3e", "https://bcr.bazel.build/modules/rules_cc/0.0.9/MODULE.bazel": "836e76439f354b89afe6a911a7adf59a6b2518fafb174483ad78a2a2fde7b1c5", - "https://bcr.bazel.build/modules/rules_cc/0.0.9/source.json": "1f1ba6fea244b616de4a554a0f4983c91a9301640c8fe0dd1d410254115c8430", "https://bcr.bazel.build/modules/rules_go/0.41.0/MODULE.bazel": "55861d8e8bb0e62cbd2896f60ff303f62ffcb0eddb74ecb0e5c0cbe36fc292c8", "https://bcr.bazel.build/modules/rules_go/0.42.0/MODULE.bazel": "8cfa875b9aa8c6fce2b2e5925e73c1388173ea3c32a0db4d2b4804b453c14270", "https://bcr.bazel.build/modules/rules_go/0.46.0/MODULE.bazel": "3477df8bdcc49e698b9d25f734c4f3a9f5931ff34ee48a2c662be168f5f2d3fd", @@ -69,13 +71,14 @@ "https://bcr.bazel.build/modules/rules_go/0.49.0/MODULE.bazel": "61cfc1ba17123356d1b12b6c50f6e0162b2cc7fd6f51753c12471e973a0f72a5", "https://bcr.bazel.build/modules/rules_go/0.49.0/source.json": "ab2261ea5e29d29a41c8e5c67896f946ab7855b786d28fe25d74987b84e5e85d", "https://bcr.bazel.build/modules/rules_java/4.0.0/MODULE.bazel": "5a78a7ae82cd1a33cef56dc578c7d2a46ed0dca12643ee45edbb8417899e6f74", - "https://bcr.bazel.build/modules/rules_java/5.3.5/MODULE.bazel": "a4ec4f2db570171e3e5eb753276ee4b389bae16b96207e9d3230895c99644b86", + "https://bcr.bazel.build/modules/rules_java/6.3.0/MODULE.bazel": "a97c7678c19f236a956ad260d59c86e10a463badb7eb2eda787490f4c969b963", "https://bcr.bazel.build/modules/rules_java/7.1.0/MODULE.bazel": "30d9135a2b6561c761bd67bd4990da591e6bdc128790ce3e7afd6a3558b2fb64", "https://bcr.bazel.build/modules/rules_java/7.6.1/MODULE.bazel": "2f14b7e8a1aa2f67ae92bc69d1ec0fa8d9f827c4e17ff5e5f02e91caa3b2d0fe", "https://bcr.bazel.build/modules/rules_java/7.6.1/source.json": "8f3f3076554e1558e8e468b2232991c510ecbcbed9e6f8c06ac31c93bcf38362", "https://bcr.bazel.build/modules/rules_jvm_external/4.4.2/MODULE.bazel": "a56b85e418c83eb1839819f0b515c431010160383306d13ec21959ac412d2fe7", "https://bcr.bazel.build/modules/rules_jvm_external/5.1/MODULE.bazel": "33f6f999e03183f7d088c9be518a63467dfd0be94a11d0055fe2d210f89aa909", - "https://bcr.bazel.build/modules/rules_jvm_external/5.1/source.json": "5abb45cc9beb27b77aec6a65a11855ef2b55d95dfdc358e9f312b78ae0ba32d5", + "https://bcr.bazel.build/modules/rules_jvm_external/5.2/MODULE.bazel": "d9351ba35217ad0de03816ef3ed63f89d411349353077348a45348b096615036", + "https://bcr.bazel.build/modules/rules_jvm_external/5.2/source.json": "10572111995bc349ce31c78f74b3c147f6b3233975c7fa5eff9211f6db0d34d9", "https://bcr.bazel.build/modules/rules_license/0.0.3/MODULE.bazel": "627e9ab0247f7d1e05736b59dbb1b6871373de5ad31c3011880b4133cafd4bd0", "https://bcr.bazel.build/modules/rules_license/0.0.4/MODULE.bazel": "6a88dd22800cf1f9f79ba32cacad0d3a423ed28efa2c2ed5582eaa78dd3ac1e5", "https://bcr.bazel.build/modules/rules_license/0.0.7/MODULE.bazel": "088fbeb0b6a419005b89cf93fe62d9517c0a2b8bb56af3244af65ecfe37e7d5d", @@ -92,13 +95,14 @@ "https://bcr.bazel.build/modules/rules_python/0.10.2/MODULE.bazel": "cc82bc96f2997baa545ab3ce73f196d040ffb8756fd2d66125a530031cd90e5f", "https://bcr.bazel.build/modules/rules_python/0.22.1/MODULE.bazel": "26114f0c0b5e93018c0c066d6673f1a2c3737c7e90af95eff30cfee38d0bbac7", "https://bcr.bazel.build/modules/rules_python/0.24.0/MODULE.bazel": "4bff7f583653d0762cda21303da0643cc4c545ddfd9593337f18dad8d1787801", - "https://bcr.bazel.build/modules/rules_python/0.34.0/MODULE.bazel": "1d623d026e075b78c9fde483a889cda7996f5da4f36dffb24c246ab30f06513a", - "https://bcr.bazel.build/modules/rules_python/0.34.0/source.json": "113116e287eec64a7d005a9db44865d810499fdc4f621e352aff58214f5ea2d8", + "https://bcr.bazel.build/modules/rules_python/0.35.0/MODULE.bazel": "c3657951764cdcdb5a7370d5e885fad5e8c1583320aad18d46f9f110d2c22755", + "https://bcr.bazel.build/modules/rules_python/0.35.0/source.json": "8fd2681b96184fa441f07f7d58462361366c216ce920f6c3e3c42c27e02c3931", "https://bcr.bazel.build/modules/rules_python/0.4.0/MODULE.bazel": "9208ee05fd48bf09ac60ed269791cf17fb343db56c8226a720fbb1cdf467166c", "https://bcr.bazel.build/modules/stardoc/0.5.1/MODULE.bazel": "1a05d92974d0c122f5ccf09291442580317cdd859f07a8655f1db9a60374f9f8", "https://bcr.bazel.build/modules/stardoc/0.5.3/MODULE.bazel": "c7f6948dae6999bf0db32c1858ae345f112cacf98f174c7a8bb707e41b974f1c", - "https://bcr.bazel.build/modules/stardoc/0.5.4/MODULE.bazel": "6569966df04610b8520957cb8e97cf2e9faac2c0309657c537ab51c16c18a2a4", - "https://bcr.bazel.build/modules/stardoc/0.5.4/source.json": "a961f58a71e735aa9dcb2d79b288e06b0a2d860ba730302c8f11be411b76631e", + "https://bcr.bazel.build/modules/stardoc/0.6.2/MODULE.bazel": "7060193196395f5dd668eda046ccbeacebfd98efc77fed418dbe2b82ffaa39fd", + "https://bcr.bazel.build/modules/stardoc/0.7.0/MODULE.bazel": "05e3d6d30c099b6770e97da986c53bd31844d7f13d41412480ea265ac9e8079c", + "https://bcr.bazel.build/modules/stardoc/0.7.0/source.json": "e3c524bf2ef20992539ce2bc4a2243f4853130209ee831689983e28d05769099", "https://bcr.bazel.build/modules/upb/0.0.0-20220923-a547704/MODULE.bazel": "7298990c00040a0e2f121f6c32544bab27d4452f80d9ce51349b1a28f3005c43", "https://bcr.bazel.build/modules/upb/0.0.0-20230516-61a97ef/MODULE.bazel": "c0df5e35ad55e264160417fd0875932ee3c9dda63d9fccace35ac62f45e1b6f9", "https://bcr.bazel.build/modules/upb/0.0.0-20230516-61a97ef/source.json": "b2150404947339e8b947c6b16baa39fa75657f4ddec5e37272c7b11c7ab533bc", @@ -139,8 +143,8 @@ }, "@@aspect_bazel_lib~//lib:extensions.bzl%toolchains": { "general": { - "bzlTransitiveDigest": "jl6upvbQ+op05W1a3gE6bja6dc7fvsNfslO0m46Ma3s=", - "usagesDigest": "VOOY7/r/L6rv7ZTKtrrIJm6T19J5407E/KRXas8hl+w=", + "bzlTransitiveDigest": "w/CHOzFR7H7jxnYVn2nZCc5t8JsSe8erirmxjfrhtlI=", + "usagesDigest": "HQqVKxWf/TFIAHRREB4grJcVvLyM7Y55mQZT9A/mAms=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, @@ -194,7 +198,7 @@ "ruleClassName": "coreutils_platform_repo", "attributes": { "platform": "darwin_arm64", - "version": "0.0.26" + "version": "0.0.27" } }, "copy_to_directory_linux_arm64": { @@ -223,7 +227,7 @@ "ruleClassName": "coreutils_platform_repo", "attributes": { "platform": "darwin_amd64", - "version": "0.0.26" + "version": "0.0.27" } }, "coreutils_linux_arm64": { @@ -231,7 +235,7 @@ "ruleClassName": "coreutils_platform_repo", "attributes": { "platform": "linux_arm64", - "version": "0.0.26" + "version": "0.0.27" } }, "zstd_linux_arm64": { @@ -395,7 +399,7 @@ "ruleClassName": "coreutils_platform_repo", "attributes": { "platform": "linux_amd64", - "version": "0.0.26" + "version": "0.0.27" } }, "copy_directory_toolchains": { @@ -573,7 +577,7 @@ "ruleClassName": "coreutils_platform_repo", "attributes": { "platform": "windows_amd64", - "version": "0.0.26" + "version": "0.0.27" } }, "yq_linux_arm64": { @@ -851,9 +855,10 @@ }, "@@rules_jvm_external~//:extensions.bzl%maven": { "general": { - "bzlTransitiveDigest": "4ijz6uc3T4E+d+U8LQv4EAt+8OqZNVY/lzvhLx3y1yg=", - "usagesDigest": "WfVTcbopbu3jyxPgDWx1iqIv1QV6L/T7utvDxAj5k84=", + "bzlTransitiveDigest": "U98JuBYMWVrcyiXT1L6KAYSAA0chnjRZZloIUmNmZ7M=", + "usagesDigest": "u38mZroTtN53UEe7YtmVA0gxhbXlyIy/hRbXGWAXN1w=", "recordedFileInputs": { + "@@stardoc~//maven_install.json": "de0bfa778b4ed6aebb77509362dd87ab8d20fc7c7c18d2a7429cdfee03949a21", "@@rules_jvm_external~//rules_jvm_external_deps_install.json": "3ab1f67b0de4815df110bc72ccd6c77882b3b21d3d1e0a84445847b6ce3235a3" }, "recordedDirentsInputs": {}, @@ -901,8 +906,7 @@ "attributes": { "sha256": "a171ee4c734dd2da837e4b16be9df4661afab72a41adaf31eb84dfdaf936ca26", "urls": [ - "https://repo1.maven.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar", - "https://maven.google.com/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar" + "https://repo1.maven.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar" ], "downloaded_file_path": "com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar" } @@ -943,6 +947,42 @@ "downloaded_file_path": "com/google/cloud/google-cloud-storage/1.113.4/google-cloud-storage-1.113.4.jar" } }, + "unpinned_stardoc_maven": { + "bzlFile": "@@rules_jvm_external~//:coursier.bzl", + "ruleClassName": "coursier_fetch", + "attributes": { + "repositories": [ + "{ \"repo_url\": \"https://repo1.maven.org/maven2\" }" + ], + "artifacts": [ + "{ \"group\": \"com.beust\", \"artifact\": \"jcommander\", \"version\": \"1.82\" }", + "{ \"group\": \"com.google.escapevelocity\", \"artifact\": \"escapevelocity\", \"version\": \"1.1\" }", + "{ \"group\": \"com.google.guava\", \"artifact\": \"guava\", \"version\": \"31.1-jre\" }", + "{ \"group\": \"com.google.truth\", \"artifact\": \"truth\", \"version\": \"1.1.3\" }", + "{ \"group\": \"junit\", \"artifact\": \"junit\", \"version\": \"4.13.2\" }" + ], + "fail_on_missing_checksum": true, + "fetch_sources": true, + "fetch_javadoc": false, + "excluded_artifacts": [], + "generate_compat_repositories": false, + "version_conflict_policy": "default", + "override_targets": {}, + "strict_visibility": true, + "strict_visibility_value": [ + "@@//visibility:private" + ], + "maven_install_json": "@@stardoc~//:maven_install.json", + "resolve_timeout": 600, + "jetify": false, + "jetify_include_list": [ + "*" + ], + "use_starlark_android_rules": false, + "aar_import_bzl_label": "@build_bazel_rules_android//android:rules.bzl", + "duplicate_version_warning": "warn" + } + }, "io_grpc_grpc_context_1_33_1": { "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", "ruleClassName": "http_file", @@ -1033,8 +1073,7 @@ "attributes": { "sha256": "21af30c92267bd6122c0e0b4d20cccb6641a37eaf956c6540ec471d584e64a7b", "urls": [ - "https://repo1.maven.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar", - "https://maven.google.com/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar" + "https://repo1.maven.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar" ], "downloaded_file_path": "com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar" } @@ -1051,6 +1090,17 @@ "downloaded_file_path": "software/amazon/awssdk/metrics-spi/2.17.183/metrics-spi-2.17.183.jar" } }, + "com_google_escapevelocity_escapevelocity_1_1": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "37e76e4466836dedb864fb82355cd01c3bd21325ab642d89a0f759291b171231", + "urls": [ + "https://repo1.maven.org/maven2/com/google/escapevelocity/escapevelocity/1.1/escapevelocity-1.1.jar" + ], + "downloaded_file_path": "com/google/escapevelocity/escapevelocity/1.1/escapevelocity-1.1.jar" + } + }, "org_reactivestreams_reactive_streams_1_0_3": { "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", "ruleClassName": "http_file", @@ -1087,6 +1137,17 @@ "downloaded_file_path": "io/netty/netty-transport/4.1.72.Final/netty-transport-4.1.72.Final.jar" } }, + "com_beust_jcommander_1_82": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "deeac157c8de6822878d85d0c7bc8467a19cc8484d37788f7804f039dde280b1", + "urls": [ + "https://repo1.maven.org/maven2/com/beust/jcommander/1.82/jcommander-1.82.jar" + ], + "downloaded_file_path": "com/beust/jcommander/1.82/jcommander-1.82.jar" + } + }, "io_netty_netty_codec_http2_4_1_72_Final": { "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", "ruleClassName": "http_file", @@ -1290,8 +1351,7 @@ "attributes": { "sha256": "a42edc9cab792e39fe39bb94f3fca655ed157ff87a8af78e1d6ba5b07c4a00ab", "urls": [ - "https://repo1.maven.org/maven2/com/google/guava/guava/31.1-jre/guava-31.1-jre.jar", - "https://maven.google.com/com/google/guava/guava/31.1-jre/guava-31.1-jre.jar" + "https://repo1.maven.org/maven2/com/google/guava/guava/31.1-jre/guava-31.1-jre.jar" ], "downloaded_file_path": "com/google/guava/guava/31.1-jre/guava-31.1-jre.jar" } @@ -1320,6 +1380,17 @@ "downloaded_file_path": "io/netty/netty-transport-native-unix-common/4.1.72.Final/netty-transport-native-unix-common-4.1.72.Final.jar" } }, + "junit_junit_4_13_2": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "8e495b634469d64fb8acfa3495a065cbacc8a0fff55ce1e31007be4c16dc57d3", + "urls": [ + "https://repo1.maven.org/maven2/junit/junit/4.13.2/junit-4.13.2.jar" + ], + "downloaded_file_path": "junit/junit/4.13.2/junit-4.13.2.jar" + } + }, "io_opencensus_opencensus_contrib_http_util_0_24_0": { "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", "ruleClassName": "http_file", @@ -1428,6 +1499,17 @@ "downloaded_file_path": "org/checkerframework/checker-qual/3.12.0/checker-qual-3.12.0.jar" } }, + "org_hamcrest_hamcrest_core_1_3": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9", + "urls": [ + "https://repo1.maven.org/maven2/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar" + ], + "downloaded_file_path": "org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar" + } + }, "com_google_cloud_google_cloud_core_http_1_93_10": { "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", "ruleClassName": "http_file", @@ -1534,8 +1616,7 @@ "attributes": { "sha256": "721cb91842b46fa056847d104d5225c8b8e1e8b62263b993051e1e5a0137b7ec", "urls": [ - "https://repo1.maven.org/maven2/com/google/errorprone/error_prone_annotations/2.11.0/error_prone_annotations-2.11.0.jar", - "https://maven.google.com/com/google/errorprone/error_prone_annotations/2.11.0/error_prone_annotations-2.11.0.jar" + "https://repo1.maven.org/maven2/com/google/errorprone/error_prone_annotations/2.11.0/error_prone_annotations-2.11.0.jar" ], "downloaded_file_path": "com/google/errorprone/error_prone_annotations/2.11.0/error_prone_annotations-2.11.0.jar" } @@ -1612,6 +1693,51 @@ "downloaded_file_path": "software/amazon/awssdk/protocol-core/2.17.183/protocol-core-2.17.183.jar" } }, + "stardoc_maven": { + "bzlFile": "@@rules_jvm_external~//:coursier.bzl", + "ruleClassName": "pinned_coursier_fetch", + "attributes": { + "repositories": [ + "{ \"repo_url\": \"https://repo1.maven.org/maven2\" }" + ], + "artifacts": [ + "{ \"group\": \"com.beust\", \"artifact\": \"jcommander\", \"version\": \"1.82\" }", + "{ \"group\": \"com.google.escapevelocity\", \"artifact\": \"escapevelocity\", \"version\": \"1.1\" }", + "{ \"group\": \"com.google.guava\", \"artifact\": \"guava\", \"version\": \"31.1-jre\" }", + "{ \"group\": \"com.google.truth\", \"artifact\": \"truth\", \"version\": \"1.1.3\" }", + "{ \"group\": \"junit\", \"artifact\": \"junit\", \"version\": \"4.13.2\" }" + ], + "fetch_sources": true, + "fetch_javadoc": false, + "generate_compat_repositories": false, + "maven_install_json": "@@stardoc~//:maven_install.json", + "override_targets": {}, + "strict_visibility": true, + "strict_visibility_value": [ + "@@//visibility:private" + ], + "jetify": false, + "jetify_include_list": [ + "*" + ], + "additional_netrc_lines": [], + "fail_if_repin_required": true, + "use_starlark_android_rules": false, + "aar_import_bzl_label": "@build_bazel_rules_android//android:rules.bzl", + "duplicate_version_warning": "warn" + } + }, + "com_google_truth_truth_1_1_3": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "fc0b67782289a2aabfddfdf99eff1dcd5edc890d49143fcd489214b107b8f4f3", + "urls": [ + "https://repo1.maven.org/maven2/com/google/truth/truth/1.1.3/truth-1.1.3.jar" + ], + "downloaded_file_path": "com/google/truth/truth/1.1.3/truth-1.1.3.jar" + } + }, "org_checkerframework_checker_compat_qual_2_5_5": { "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", "ruleClassName": "http_file", @@ -1636,6 +1762,17 @@ "downloaded_file_path": "com/google/apis/google-api-services-storage/v1-rev20200927-1.30.10/google-api-services-storage-v1-rev20200927-1.30.10.jar" } }, + "org_ow2_asm_asm_9_1": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "cda4de455fab48ff0bcb7c48b4639447d4de859a7afc30a094a986f0936beba2", + "urls": [ + "https://repo1.maven.org/maven2/org/ow2/asm/asm/9.1/asm-9.1.jar" + ], + "downloaded_file_path": "org/ow2/asm/asm/9.1/asm-9.1.jar" + } + }, "com_google_api_client_google_api_client_1_30_11": { "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", "ruleClassName": "http_file", @@ -1702,8 +1839,7 @@ "attributes": { "sha256": "b372a037d4230aa57fbeffdef30fd6123f9c0c2db85d0aced00c91b974f33f99", "urls": [ - "https://repo1.maven.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar", - "https://maven.google.com/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar" + "https://repo1.maven.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar" ], "downloaded_file_path": "com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar" } @@ -1744,6 +1880,17 @@ "downloaded_file_path": "software/amazon/awssdk/arns/2.17.183/arns-2.17.183.jar" } }, + "com_google_auto_value_auto_value_annotations_1_8_1": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "37ec09b47d7ed35a99d13927db5c86fc9071f620f943ead5d757144698310852", + "urls": [ + "https://repo1.maven.org/maven2/com/google/auto/value/auto-value-annotations/1.8.1/auto-value-annotations-1.8.1.jar" + ], + "downloaded_file_path": "com/google/auto/value/auto-value-annotations/1.8.1/auto-value-annotations-1.8.1.jar" + } + }, "com_google_code_gson_gson_2_9_0": { "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", "ruleClassName": "http_file", @@ -1774,8 +1921,7 @@ "attributes": { "sha256": "766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7", "urls": [ - "https://repo1.maven.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar", - "https://maven.google.com/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar" + "https://repo1.maven.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar" ], "downloaded_file_path": "com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar" } @@ -1828,6 +1974,17 @@ "downloaded_file_path": "org/codehaus/plexus/plexus-utils/3.3.1/plexus-utils-3.3.1.jar" } }, + "org_checkerframework_checker_qual_3_13_0": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "3ea0dcd73b4d6cb2fb34bd7ed4dad6db327a01ebad7db05eb7894076b3d64491", + "urls": [ + "https://repo1.maven.org/maven2/org/checkerframework/checker-qual/3.13.0/checker-qual-3.13.0.jar" + ], + "downloaded_file_path": "org/checkerframework/checker-qual/3.13.0/checker-qual-3.13.0.jar" + } + }, "com_google_protobuf_protobuf_java_util_3_13_0": { "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", "ruleClassName": "http_file", @@ -1906,7 +2063,7 @@ "@@rules_jvm_external~//:non-module-deps.bzl%non_module_deps": { "general": { "bzlTransitiveDigest": "l6SlNloqPvd60dcuPdWiJNi3g3jfK76fcZc0i/Yr0dQ=", - "usagesDigest": "pX61d12AFioOtqChQDmxvlNGDYT69e5MrKT2E/S6TeQ=", + "usagesDigest": "hiuzyio8ny4T3UoEFpHaxXzNFc6OGUFvx5DDVLBBUmU=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, @@ -1933,15 +2090,18 @@ }, "@@rules_python~//python/private/pypi:pip.bzl%pip_internal": { "general": { - "bzlTransitiveDigest": "K1h7nEO1U/rpFfJOYYfw8DzGLZtin3FFsWrhUy3j0uE=", - "usagesDigest": "oYkedjxSdBorV3xQF7DIKk/vNNIQfMYhJ6f7cAJ0nis=", + "bzlTransitiveDigest": "DOkXZJKMSBhWfnEJAioWcWNMz4ATErhs2R/UydF7P4M=", + "usagesDigest": "moHoYY1OP7kHaHHJ5EAvm+zksRZt5n3lvjcOhYhq7uY=", "recordedFileInputs": { "@@rules_python~//tools/publish/requirements.txt": "031e35d03dde03ae6305fe4b3d1f58ad7bdad857379752deede0f93649991b8a", - "@@rules_python~//tools/publish/requirements_windows.txt": "349252b9ff6f0095e3a22046e33c7650cd2d833d8edcf11641a5d95e08829250", - "@@rules_python~//tools/publish/requirements_darwin.txt": "ce2f5127a385350df974ba1e73a51f32ac201c63d92fc5a4cb1628f0b8c393c1" + "@@rules_python~//tools/publish/requirements_windows.txt": "15472d5a28e068d31ba9e2dc389459698afaff366e9db06e15890283a3ea252e", + "@@rules_python~//tools/publish/requirements_darwin.txt": "61cf602ff33b58c5f42a6cee30112985e9b502209605314e313157f8aad679f9" }, "recordedDirentsInputs": {}, - "envVariables": {}, + "envVariables": { + "RULES_PYTHON_REPO_DEBUG": null, + "RULES_PYTHON_REPO_DEBUG_VERBOSITY": null + }, "generatedRepoSpecs": { "rules_python_publish_deps_311_cffi_cp311_cp311_manylinux_2_17_aarch64_3548db28": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", @@ -1949,11 +2109,11 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "cffi-1.15.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -1971,14 +2131,11 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "zipp-3.11.0.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -1996,11 +2153,11 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "urllib3-1.26.14.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2018,11 +2175,11 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "cffi-1.15.1-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2040,14 +2197,14 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "requests-2.28.2-py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2065,11 +2222,11 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "certifi-2022.12.7.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2087,14 +2244,14 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "readme_renderer-37.3-py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2112,11 +2269,11 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "cffi-1.15.1.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2134,9 +2291,9 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "idna-3.7-py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2148,20 +2305,40 @@ ] } }, + "rules_python_publish_deps_311_certifi_py3_none_any_c198e21b": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "filename": "certifi-2024.7.4-py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "certifi==2024.7.4", + "sha256": "c198e21b1289c2ab85ee4e67bb4b4ef3ead0892059901a8d5b622f24a1101e90", + "urls": [ + "https://files.pythonhosted.org/packages/1c/d5/c84e1a17bf61d4df64ca866a1c9a913874b4e9bdc131ec689a0ad013fb36/certifi-2024.7.4-py3-none-any.whl" + ] + } + }, "rules_python_publish_deps_311_requests_toolbelt_py2_none_any_18565aa5": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "requests_toolbelt-0.10.1-py2.py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2173,17 +2350,37 @@ ] } }, + "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_macosx_10_9_universal2_802fe99c": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "filename": "charset_normalizer-3.3.2-cp311-cp311-macosx_10_9_universal2.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "charset-normalizer==3.3.2", + "sha256": "802fe99cca7457642125a8a88a084cef28ff0cf9407060f7b93dca5aa25480db", + "urls": [ + "https://files.pythonhosted.org/packages/68/77/02839016f6fbbf808e8b38601df6e0e66c17bbab76dff4613f7511413597/charset_normalizer-3.3.2-cp311-cp311-macosx_10_9_universal2.whl" + ] + } + }, "rules_python_publish_deps_311_cffi_cp311_cp311_manylinux_2_17_x86_64_94411f22": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "cffi-1.15.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2201,11 +2398,11 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "cryptography-42.0.4-cp39-abi3-musllinux_1_1_x86_64.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2223,14 +2420,14 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "Pygments-2.14.0-py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2248,11 +2445,11 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "cryptography-42.0.4-cp39-abi3-musllinux_1_1_aarch64.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2270,14 +2467,14 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "bleach-6.0.0-py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2295,11 +2492,11 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "cryptography-42.0.4-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2317,14 +2514,14 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "keyring-23.13.1-py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2342,14 +2539,14 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "jaraco.classes-3.2.3.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2367,14 +2564,14 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "rich-13.2.0-py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2392,11 +2589,11 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "cryptography-42.0.4-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2414,14 +2611,11 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2439,11 +2633,11 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "SecretStorage-3.3.3.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2461,14 +2655,11 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_ppc64le.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2486,11 +2677,11 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "cryptography-42.0.4-cp39-abi3-musllinux_1_2_aarch64.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2508,14 +2699,14 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "more-itertools-9.0.0.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2533,14 +2724,14 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "importlib_metadata-6.0.0-py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2552,45 +2743,20 @@ ] } }, - "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_win_amd64_9ab77acb": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" - ], - "filename": "charset_normalizer-3.0.1-cp311-cp311-win_amd64.whl", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "charset-normalizer==3.0.1", - "sha256": "9ab77acb98eba3fd2a85cd160851816bfce6871d944d885febf012713f06659c", - "urls": [ - "https://files.pythonhosted.org/packages/2e/7b/5053a4a46fac017fd2aea3dc9abdd9983fd4cef153b6eb6aedcb0d7cb6e3/charset_normalizer-3.0.1-cp311-cp311-win_amd64.whl" - ] - } - }, "rules_python_publish_deps_311_importlib_metadata_sdist_e354bede": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "importlib_metadata-6.0.0.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2602,45 +2768,17 @@ ] } }, - "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_macosx_11_0_arm64_87701167": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" - ], - "filename": "charset_normalizer-3.0.1-cp311-cp311-macosx_11_0_arm64.whl", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "charset-normalizer==3.0.1", - "sha256": "87701167f2a5c930b403e9756fab1d31d4d4da52856143b609e30a1ce7160f3c", - "urls": [ - "https://files.pythonhosted.org/packages/02/49/78b4c1bc8b1b0e0fc66fb31ce30d8302f10a1412ba75de72c57532f0beb0/charset_normalizer-3.0.1-cp311-cp311-macosx_11_0_arm64.whl" - ] - } - }, "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_musllinux_1_1_x86_64_761e8904": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_x86_64.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2658,11 +2796,11 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "certifi-2022.12.7-py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2680,11 +2818,11 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "jeepney-0.8.0-py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2702,11 +2840,11 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "SecretStorage-3.3.3-py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2724,11 +2862,11 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "idna-3.4-py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2746,11 +2884,11 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "cryptography-42.0.4-cp39-abi3-manylinux_2_28_x86_64.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2768,11 +2906,11 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "urllib3-1.26.14-py2.py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2790,9 +2928,9 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "urllib3-1.26.19.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2810,14 +2948,11 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "charset_normalizer-3.0.1-py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2835,14 +2970,14 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "twine-4.0.2.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2860,7 +2995,7 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "windows_x86_64" + "cp311_windows_x86_64" ], "filename": "pywin32_ctypes-0.2.0-py2.py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2878,14 +3013,14 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "pkginfo-1.9.6-py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2903,11 +3038,11 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "cffi-1.15.1-cp311-cp311-musllinux_1_1_x86_64.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2925,11 +3060,11 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "cryptography-42.0.4.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2941,20 +3076,60 @@ ] } }, + "rules_python_publish_deps_311_charset_normalizer_sdist_f30c3cb3": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "filename": "charset-normalizer-3.3.2.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "charset-normalizer==3.3.2", + "sha256": "f30c3cb33b24454a82faecaf01b19c18562b1e89558fb6c56de4d9118a032fd5", + "urls": [ + "https://files.pythonhosted.org/packages/63/09/c1bc53dab74b1816a00d8d030de5bf98f724c52c1635e07681d312f20be8/charset-normalizer-3.3.2.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_zipp_sdist_bf1dcf64": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "filename": "zipp-3.19.2.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "zipp==3.19.2", + "sha256": "bf1dcf6450f873a13e952a29504887c89e6de7506209e5b1bcc3460135d4de19", + "urls": [ + "https://files.pythonhosted.org/packages/d3/20/b48f58857d98dcb78f9e30ed2cfe533025e2e9827bbd36ea0a64cc00cbc1/zipp-3.19.2.tar.gz" + ] + } + }, "rules_python_publish_deps_311_mdurl_py3_none_any_84008a41": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "mdurl-0.1.2-py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2972,11 +3147,11 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "cryptography-42.0.4-cp39-abi3-musllinux_1_2_x86_64.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -2994,14 +3169,14 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "more_itertools-9.0.0-py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -3019,14 +3194,14 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "mdurl-0.1.2.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -3044,14 +3219,14 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "keyring-23.13.1.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -3069,14 +3244,14 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "rfc3986-2.0.0.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -3088,20 +3263,40 @@ ] } }, + "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_macosx_11_0_arm64_549a3a73": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "filename": "charset_normalizer-3.3.2-cp311-cp311-macosx_11_0_arm64.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "charset-normalizer==3.3.2", + "sha256": "549a3a73da901d5bc3ce8d24e0600d1fa85524c10287f6004fbab87672bf3e1e", + "urls": [ + "https://files.pythonhosted.org/packages/dd/51/68b61b90b24ca35495956b718f35a9756ef7d3dd4b3c1508056fa98d1a1b/charset_normalizer-3.3.2-cp311-cp311-macosx_11_0_arm64.whl" + ] + } + }, "rules_python_publish_deps_311_six_py2_none_any_8abb2f1d": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "six-1.16.0-py2.py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -3113,17 +3308,37 @@ ] } }, + "rules_python_publish_deps_311_charset_normalizer_py3_none_any_3e4d1f65": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "filename": "charset_normalizer-3.3.2-py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "charset-normalizer==3.3.2", + "sha256": "3e4d1f6587322d2788836a99c69062fbb091331ec940e02d12d179c1d53e25fc", + "urls": [ + "https://files.pythonhosted.org/packages/28/76/e6222113b83e3622caa4bb41032d0b1bf785250607392e1b778aca0b8a7d/charset_normalizer-3.3.2-py3-none-any.whl" + ] + } + }, "rules_python_publish_deps_311_cryptography_cp39_abi3_manylinux_2_28_aarch64_1df6fcbf": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "cryptography-42.0.4-cp39-abi3-manylinux_2_28_aarch64.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -3141,14 +3356,11 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -3166,14 +3378,14 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "readme_renderer-37.3.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -3191,14 +3403,14 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "markdown_it_py-2.1.0-py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -3216,14 +3428,14 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "six-1.16.0.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -3235,20 +3447,40 @@ ] } }, + "rules_python_publish_deps_311_certifi_sdist_5a1e7645": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "filename": "certifi-2024.7.4.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "certifi==2024.7.4", + "sha256": "5a1e7645bc0ec61a09e26c36f6106dd4cf40c6db3a1fb6352b0244e7fb057c7b", + "urls": [ + "https://files.pythonhosted.org/packages/c2/02/a95f2b11e207f68bc64d7aae9666fed2e2b3f307748d5123dffb72a1bbea/certifi-2024.7.4.tar.gz" + ] + } + }, "rules_python_publish_deps_311_twine_py3_none_any_929bc3c2": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "twine-4.0.2-py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -3266,14 +3498,14 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "webencodings-0.5.1.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -3291,14 +3523,11 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_s390x.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -3316,14 +3545,14 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "markdown-it-py-2.1.0.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -3341,9 +3570,9 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "urllib3-1.26.19-py2.py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -3361,14 +3590,11 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -3386,11 +3612,11 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "idna-3.4.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -3408,14 +3634,14 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "jaraco.classes-3.2.3-py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -3433,11 +3659,11 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "pycparser-2.21-py2.py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -3455,14 +3681,14 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "rich-13.2.0.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -3480,7 +3706,7 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "windows_x86_64" + "cp311_windows_x86_64" ], "filename": "pywin32-ctypes-0.2.0.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -3498,14 +3724,14 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "pkginfo-1.9.6.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -3523,14 +3749,14 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "Pygments-2.14.0.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -3542,40 +3768,17 @@ ] } }, - "rules_python_publish_deps_311_certifi_py3_none_any_92d60375": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" - ], - "filename": "certifi-2023.7.22-py3-none-any.whl", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "certifi==2023.7.22", - "sha256": "92d6037539857d8206b8f6ae472e8b77db8058fec5937a1ef3f54304089edbb9", - "urls": [ - "https://files.pythonhosted.org/packages/4c/dd/2234eab22353ffc7d94e8d13177aaa050113286e93e7b40eae01fbf7c3d9/certifi-2023.7.22-py3-none-any.whl" - ] - } - }, "rules_python_publish_deps_311_zipp_py3_none_any_83a28fcb": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "zipp-3.11.0-py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -3587,45 +3790,20 @@ ] } }, - "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_macosx_10_9_x86_64_a8d0fc94": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" - ], - "filename": "charset_normalizer-3.0.1-cp311-cp311-macosx_10_9_x86_64.whl", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "charset-normalizer==3.0.1", - "sha256": "a8d0fc946c784ff7f7c3742310cc8a57c5c6dc31631269876a88b809dbeff3d3", - "urls": [ - "https://files.pythonhosted.org/packages/90/59/941e2e5ae6828a688c6437ad16e026eb3606d0cfdd13ea5c9090980f3ffd/charset_normalizer-3.0.1-cp311-cp311-macosx_10_9_x86_64.whl" - ] - } - }, "rules_python_publish_deps_311_docutils_py3_none_any_5e1de4d8": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "docutils-0.19-py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -3643,14 +3821,14 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "docutils-0.19.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -3662,28 +3840,23 @@ ] } }, - "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_macosx_10_9_universal2_0298eaff": { + "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_win_amd64_66394663": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], - "filename": "charset_normalizer-3.0.1-cp311-cp311-macosx_10_9_universal2.whl", + "filename": "charset_normalizer-3.3.2-cp311-cp311-win_amd64.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "charset-normalizer==3.0.1", - "sha256": "0298eafff88c99982a4cf66ba2efa1128e4ddaca0b05eec4c456bbc7db691d8d", + "requirement": "charset-normalizer==3.3.2", + "sha256": "663946639d296df6a2bb2aa51b60a2454ca1cb29835324c640dafb5ff2131a77", "urls": [ - "https://files.pythonhosted.org/packages/37/00/ca188e0a2b3cd3184cdd2521b8765cf579327d128caa8aedc3dc7614020a/charset_normalizer-3.0.1-cp311-cp311-macosx_10_9_universal2.whl" + "https://files.pythonhosted.org/packages/57/ec/80c8d48ac8b1741d5b963797b7c0c869335619e13d4744ca2f67fc11c6fc/charset_normalizer-3.3.2-cp311-cp311-win_amd64.whl" ] } }, @@ -3693,9 +3866,9 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "idna-3.7.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -3713,11 +3886,11 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "jeepney-0.8.0.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -3729,20 +3902,40 @@ ] } }, + "rules_python_publish_deps_311_zipp_py3_none_any_f091755f": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "filename": "zipp-3.19.2-py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "zipp==3.19.2", + "sha256": "f091755f667055f2d02b32c53771a7a6c8b47e1fdbc4b72a8b9072b3eef8015c", + "urls": [ + "https://files.pythonhosted.org/packages/20/38/f5c473fe9b90c8debdd29ea68d5add0289f1936d6f923b6b9cc0b931194c/zipp-3.19.2-py3-none-any.whl" + ] + } + }, "rules_python_publish_deps_311_requests_toolbelt_sdist_62e09f7f": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "requests-toolbelt-0.10.1.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -3754,40 +3947,17 @@ ] } }, - "rules_python_publish_deps_311_certifi_sdist_539cc1d1": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" - ], - "filename": "certifi-2023.7.22.tar.gz", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "certifi==2023.7.22", - "sha256": "539cc1d13202e33ca466e88b2807e29f4c13049d6d87031a3c110744495cb082", - "urls": [ - "https://files.pythonhosted.org/packages/98/98/c2ff18671db109c9f10ed27f5ef610ae05b73bd876664139cf95bd1429aa/certifi-2023.7.22.tar.gz" - ] - } - }, "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_manylinux_2_17_ppc64le_0c0a5902": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -3805,14 +3975,14 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "rfc3986-2.0.0-py2.py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -3830,14 +4000,14 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "requests-2.28.2.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -3857,18 +4027,18 @@ "whl_map": { "six": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"six-1.16.0-py2.py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_six_py2_none_any_8abb2f1d\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"six-1.16.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_six_sdist_1e61c374\",\"target_platforms\":null,\"version\":\"3.11\"}]", "cffi": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"cffi-1.15.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl\",\"repo\":\"rules_python_publish_deps_311_cffi_cp311_cp311_manylinux_2_17_aarch64_3548db28\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"cffi-1.15.1-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl\",\"repo\":\"rules_python_publish_deps_311_cffi_cp311_cp311_manylinux_2_17_ppc64le_91fc98ad\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"cffi-1.15.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_cffi_cp311_cp311_manylinux_2_17_x86_64_94411f22\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"cffi-1.15.1-cp311-cp311-musllinux_1_1_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_cffi_cp311_cp311_musllinux_1_1_x86_64_cc4d65ae\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"cffi-1.15.1.tar.gz\",\"repo\":\"rules_python_publish_deps_311_cffi_sdist_d400bfb9\",\"target_platforms\":null,\"version\":\"3.11\"}]", - "idna": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"idna-3.4-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_idna_py3_none_any_90b77e79\",\"target_platforms\":[\"linux_aarch64\",\"linux_arm\",\"linux_ppc\",\"linux_s390x\",\"linux_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"idna-3.4.tar.gz\",\"repo\":\"rules_python_publish_deps_311_idna_sdist_814f528e\",\"target_platforms\":[\"linux_aarch64\",\"linux_arm\",\"linux_ppc\",\"linux_s390x\",\"linux_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"idna-3.7-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_idna_py3_none_any_82fee1fc\",\"target_platforms\":[\"osx_aarch64\",\"osx_x86_64\",\"windows_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"idna-3.7.tar.gz\",\"repo\":\"rules_python_publish_deps_311_idna_sdist_028ff3aa\",\"target_platforms\":[\"osx_aarch64\",\"osx_x86_64\",\"windows_x86_64\"],\"version\":\"3.11\"}]", + "idna": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"idna-3.4-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_idna_py3_none_any_90b77e79\",\"target_platforms\":[\"cp311_linux_aarch64\",\"cp311_linux_arm\",\"cp311_linux_ppc\",\"cp311_linux_s390x\",\"cp311_linux_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"idna-3.4.tar.gz\",\"repo\":\"rules_python_publish_deps_311_idna_sdist_814f528e\",\"target_platforms\":[\"cp311_linux_aarch64\",\"cp311_linux_arm\",\"cp311_linux_ppc\",\"cp311_linux_s390x\",\"cp311_linux_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"idna-3.7-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_idna_py3_none_any_82fee1fc\",\"target_platforms\":[\"cp311_osx_aarch64\",\"cp311_osx_x86_64\",\"cp311_windows_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"idna-3.7.tar.gz\",\"repo\":\"rules_python_publish_deps_311_idna_sdist_028ff3aa\",\"target_platforms\":[\"cp311_osx_aarch64\",\"cp311_osx_x86_64\",\"cp311_windows_x86_64\"],\"version\":\"3.11\"}]", "rich": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"rich-13.2.0-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_rich_py3_none_any_7c963f0d\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"rich-13.2.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_rich_sdist_f1a00cdd\",\"target_platforms\":null,\"version\":\"3.11\"}]", - "zipp": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"zipp-3.11.0-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_zipp_py3_none_any_83a28fcb\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"zipp-3.11.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_zipp_sdist_a7a22e05\",\"target_platforms\":null,\"version\":\"3.11\"}]", + "zipp": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"zipp-3.11.0-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_zipp_py3_none_any_83a28fcb\",\"target_platforms\":[\"cp311_linux_aarch64\",\"cp311_linux_arm\",\"cp311_linux_ppc\",\"cp311_linux_s390x\",\"cp311_linux_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"zipp-3.11.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_zipp_sdist_a7a22e05\",\"target_platforms\":[\"cp311_linux_aarch64\",\"cp311_linux_arm\",\"cp311_linux_ppc\",\"cp311_linux_s390x\",\"cp311_linux_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"zipp-3.19.2-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_zipp_py3_none_any_f091755f\",\"target_platforms\":[\"cp311_osx_aarch64\",\"cp311_osx_x86_64\",\"cp311_windows_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"zipp-3.19.2.tar.gz\",\"repo\":\"rules_python_publish_deps_311_zipp_sdist_bf1dcf64\",\"target_platforms\":[\"cp311_osx_aarch64\",\"cp311_osx_x86_64\",\"cp311_windows_x86_64\"],\"version\":\"3.11\"}]", "mdurl": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"mdurl-0.1.2-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_mdurl_py3_none_any_84008a41\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"mdurl-0.1.2.tar.gz\",\"repo\":\"rules_python_publish_deps_311_mdurl_sdist_bb413d29\",\"target_platforms\":null,\"version\":\"3.11\"}]", "twine": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"twine-4.0.2-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_twine_py3_none_any_929bc3c2\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"twine-4.0.2.tar.gz\",\"repo\":\"rules_python_publish_deps_311_twine_sdist_9e102ef5\",\"target_platforms\":null,\"version\":\"3.11\"}]", "bleach": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"bleach-6.0.0-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_bleach_py3_none_any_33c16e33\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"bleach-6.0.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_bleach_sdist_1a1a85c1\",\"target_platforms\":null,\"version\":\"3.11\"}]", - "certifi": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"certifi-2022.12.7-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_certifi_py3_none_any_4ad3232f\",\"target_platforms\":[\"linux_aarch64\",\"linux_arm\",\"linux_ppc\",\"linux_s390x\",\"linux_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"certifi-2022.12.7.tar.gz\",\"repo\":\"rules_python_publish_deps_311_certifi_sdist_35824b4c\",\"target_platforms\":[\"linux_aarch64\",\"linux_arm\",\"linux_ppc\",\"linux_s390x\",\"linux_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"certifi-2023.7.22-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_certifi_py3_none_any_92d60375\",\"target_platforms\":[\"osx_aarch64\",\"osx_x86_64\",\"windows_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"certifi-2023.7.22.tar.gz\",\"repo\":\"rules_python_publish_deps_311_certifi_sdist_539cc1d1\",\"target_platforms\":[\"osx_aarch64\",\"osx_x86_64\",\"windows_x86_64\"],\"version\":\"3.11\"}]", + "certifi": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"certifi-2022.12.7-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_certifi_py3_none_any_4ad3232f\",\"target_platforms\":[\"cp311_linux_aarch64\",\"cp311_linux_arm\",\"cp311_linux_ppc\",\"cp311_linux_s390x\",\"cp311_linux_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"certifi-2022.12.7.tar.gz\",\"repo\":\"rules_python_publish_deps_311_certifi_sdist_35824b4c\",\"target_platforms\":[\"cp311_linux_aarch64\",\"cp311_linux_arm\",\"cp311_linux_ppc\",\"cp311_linux_s390x\",\"cp311_linux_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"certifi-2024.7.4-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_certifi_py3_none_any_c198e21b\",\"target_platforms\":[\"cp311_osx_aarch64\",\"cp311_osx_x86_64\",\"cp311_windows_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"certifi-2024.7.4.tar.gz\",\"repo\":\"rules_python_publish_deps_311_certifi_sdist_5a1e7645\",\"target_platforms\":[\"cp311_osx_aarch64\",\"cp311_osx_x86_64\",\"cp311_windows_x86_64\"],\"version\":\"3.11\"}]", "jeepney": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"jeepney-0.8.0-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_jeepney_py3_none_any_c0a454ad\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"jeepney-0.8.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_jeepney_sdist_5efe48d2\",\"target_platforms\":null,\"version\":\"3.11\"}]", "keyring": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"keyring-23.13.1-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_keyring_py3_none_any_771ed2a9\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"keyring-23.13.1.tar.gz\",\"repo\":\"rules_python_publish_deps_311_keyring_sdist_ba2e15a9\",\"target_platforms\":null,\"version\":\"3.11\"}]", "pkginfo": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"pkginfo-1.9.6-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_pkginfo_py3_none_any_4b7a555a\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"pkginfo-1.9.6.tar.gz\",\"repo\":\"rules_python_publish_deps_311_pkginfo_sdist_8fd5896e\",\"target_platforms\":null,\"version\":\"3.11\"}]", "rfc3986": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"rfc3986-2.0.0-py2.py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_rfc3986_py2_none_any_50b1502b\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"rfc3986-2.0.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_rfc3986_sdist_97aacf9d\",\"target_platforms\":null,\"version\":\"3.11\"}]", - "urllib3": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"urllib3-1.26.14-py2.py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_urllib3_py2_none_any_75edcdc2\",\"target_platforms\":[\"linux_aarch64\",\"linux_arm\",\"linux_ppc\",\"linux_s390x\",\"linux_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"urllib3-1.26.14.tar.gz\",\"repo\":\"rules_python_publish_deps_311_urllib3_sdist_076907bf\",\"target_platforms\":[\"linux_aarch64\",\"linux_arm\",\"linux_ppc\",\"linux_s390x\",\"linux_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"urllib3-1.26.19-py2.py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_urllib3_py2_none_any_37a03444\",\"target_platforms\":[\"osx_aarch64\",\"osx_x86_64\",\"windows_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"urllib3-1.26.19.tar.gz\",\"repo\":\"rules_python_publish_deps_311_urllib3_sdist_3e3d753a\",\"target_platforms\":[\"osx_aarch64\",\"osx_x86_64\",\"windows_x86_64\"],\"version\":\"3.11\"}]", + "urllib3": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"urllib3-1.26.14-py2.py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_urllib3_py2_none_any_75edcdc2\",\"target_platforms\":[\"cp311_linux_aarch64\",\"cp311_linux_arm\",\"cp311_linux_ppc\",\"cp311_linux_s390x\",\"cp311_linux_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"urllib3-1.26.14.tar.gz\",\"repo\":\"rules_python_publish_deps_311_urllib3_sdist_076907bf\",\"target_platforms\":[\"cp311_linux_aarch64\",\"cp311_linux_arm\",\"cp311_linux_ppc\",\"cp311_linux_s390x\",\"cp311_linux_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"urllib3-1.26.19-py2.py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_urllib3_py2_none_any_37a03444\",\"target_platforms\":[\"cp311_osx_aarch64\",\"cp311_osx_x86_64\",\"cp311_windows_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"urllib3-1.26.19.tar.gz\",\"repo\":\"rules_python_publish_deps_311_urllib3_sdist_3e3d753a\",\"target_platforms\":[\"cp311_osx_aarch64\",\"cp311_osx_x86_64\",\"cp311_windows_x86_64\"],\"version\":\"3.11\"}]", "docutils": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"docutils-0.19-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_docutils_py3_none_any_5e1de4d8\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"docutils-0.19.tar.gz\",\"repo\":\"rules_python_publish_deps_311_docutils_sdist_33995a67\",\"target_platforms\":null,\"version\":\"3.11\"}]", "pygments": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"Pygments-2.14.0-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_pygments_py3_none_any_fa7bd7bd\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"Pygments-2.14.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_pygments_sdist_b3ed06a9\",\"target_platforms\":null,\"version\":\"3.11\"}]", "requests": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"requests-2.28.2-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_requests_py3_none_any_64299f49\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"requests-2.28.2.tar.gz\",\"repo\":\"rules_python_publish_deps_311_requests_sdist_98b1b278\",\"target_platforms\":null,\"version\":\"3.11\"}]", @@ -3881,7 +4051,7 @@ "more_itertools": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"more_itertools-9.0.0-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_more_itertools_py3_none_any_250e83d7\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"more-itertools-9.0.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_more_itertools_sdist_5a6257e4\",\"target_platforms\":null,\"version\":\"3.11\"}]", "readme_renderer": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"readme_renderer-37.3-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_readme_renderer_py3_none_any_f67a16ca\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"readme_renderer-37.3.tar.gz\",\"repo\":\"rules_python_publish_deps_311_readme_renderer_sdist_cd653186\",\"target_platforms\":null,\"version\":\"3.11\"}]", "requests_toolbelt": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"requests_toolbelt-0.10.1-py2.py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_requests_toolbelt_py2_none_any_18565aa5\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"requests-toolbelt-0.10.1.tar.gz\",\"repo\":\"rules_python_publish_deps_311_requests_toolbelt_sdist_62e09f7f\",\"target_platforms\":null,\"version\":\"3.11\"}]", - "charset_normalizer": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-macosx_10_9_universal2.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_macosx_10_9_universal2_0298eaff\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_manylinux_2_17_ppc64le_0c0a5902\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_manylinux_2_17_aarch64_14e76c0f\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_s390x.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_musllinux_1_1_s390x_4a8fcf28\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_ppc64le.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_musllinux_1_1_ppc64le_5995f016\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_aarch64.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_musllinux_1_1_aarch64_72966d1b\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_musllinux_1_1_x86_64_761e8904\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_manylinux_2_17_x86_64_79909e27\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_py3_none_any_7e189e2e\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-macosx_11_0_arm64.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_macosx_11_0_arm64_87701167\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_manylinux_2_17_s390x_8c7fe7af\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-win_amd64.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_win_amd64_9ab77acb\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-macosx_10_9_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_macosx_10_9_x86_64_a8d0fc94\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset-normalizer-3.0.1.tar.gz\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_sdist_ebea339a\",\"target_platforms\":null,\"version\":\"3.11\"}]", + "charset_normalizer": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_manylinux_2_17_ppc64le_0c0a5902\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_manylinux_2_17_aarch64_14e76c0f\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_s390x.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_musllinux_1_1_s390x_4a8fcf28\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_ppc64le.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_musllinux_1_1_ppc64le_5995f016\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_aarch64.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_musllinux_1_1_aarch64_72966d1b\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_musllinux_1_1_x86_64_761e8904\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_manylinux_2_17_x86_64_79909e27\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_py3_none_any_7e189e2e\",\"target_platforms\":[\"cp311_linux_aarch64\",\"cp311_linux_arm\",\"cp311_linux_ppc\",\"cp311_linux_s390x\",\"cp311_linux_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_manylinux_2_17_s390x_8c7fe7af\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset-normalizer-3.0.1.tar.gz\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_sdist_ebea339a\",\"target_platforms\":[\"cp311_linux_aarch64\",\"cp311_linux_arm\",\"cp311_linux_ppc\",\"cp311_linux_s390x\",\"cp311_linux_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.3.2-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_py3_none_any_3e4d1f65\",\"target_platforms\":[\"cp311_osx_aarch64\",\"cp311_osx_x86_64\",\"cp311_windows_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.3.2-cp311-cp311-macosx_11_0_arm64.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_macosx_11_0_arm64_549a3a73\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.3.2-cp311-cp311-macosx_10_9_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_macosx_10_9_x86_64_573f6eac\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.3.2-cp311-cp311-win_amd64.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_win_amd64_66394663\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.3.2-cp311-cp311-macosx_10_9_universal2.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_macosx_10_9_universal2_802fe99c\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset-normalizer-3.3.2.tar.gz\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_sdist_f30c3cb3\",\"target_platforms\":[\"cp311_osx_aarch64\",\"cp311_osx_x86_64\",\"cp311_windows_x86_64\"],\"version\":\"3.11\"}]", "importlib_metadata": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"importlib_metadata-6.0.0-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_importlib_metadata_py3_none_any_7efb448e\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"importlib_metadata-6.0.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_importlib_metadata_sdist_e354bede\",\"target_platforms\":null,\"version\":\"3.11\"}]", "pywin32_ctypes": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"pywin32_ctypes-0.2.0-py2.py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_pywin32_ctypes_py2_none_any_9dc2d991\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"pywin32-ctypes-0.2.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_pywin32_ctypes_sdist_24ffc3b3\",\"target_platforms\":null,\"version\":\"3.11\"}]" }, @@ -3920,14 +4090,14 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "webencodings-0.5.1-py2.py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -3945,14 +4115,11 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "charset-normalizer-3.0.1.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -3970,14 +4137,11 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_aarch64.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -3989,17 +4153,37 @@ ] } }, + "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_macosx_10_9_x86_64_573f6eac": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "filename": "charset_normalizer-3.3.2-cp311-cp311-macosx_10_9_x86_64.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "charset-normalizer==3.3.2", + "sha256": "573f6eac48f4769d667c4442081b1794f52919e7edada77495aaed9236d13a96", + "urls": [ + "https://files.pythonhosted.org/packages/3e/33/21a875a61057165e92227466e54ee076b73af1e21fe1b31f1e292251aa1e/charset_normalizer-3.3.2-cp311-cp311-macosx_10_9_x86_64.whl" + ] + } + }, "rules_python_publish_deps_311_pycparser_sdist_e644fdec": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" ], "filename": "pycparser-2.21.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -4017,14 +4201,14 @@ "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "linux_aarch64", - "linux_arm", - "linux_ppc", - "linux_s390x", - "linux_x86_64", - "osx_aarch64", - "osx_x86_64", - "windows_x86_64" + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], "filename": "bleach-6.0.0.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", @@ -4053,6 +4237,11 @@ "bazel_features", "bazel_features~" ], + [ + "rules_python~", + "bazel_skylib", + "bazel_skylib~" + ], [ "rules_python~", "bazel_tools", From c0a59a18d5e733d8f074d1033bf7c8819c28a98d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Wed, 25 Sep 2024 08:37:27 +0200 Subject: [PATCH 270/380] ci: update e2e mini default region and always return resource group name (#3373) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Choose resource group name outside of Terraform to catch issues during apply * Run test in West Europe --------- Signed-off-by: Daniel Weiße --- .github/actions/e2e_mini/action.yml | 5 ++-- e2e/miniconstellation/.terraform.lock.hcl | 30 ----------------------- e2e/miniconstellation/BUILD.bazel | 1 + e2e/miniconstellation/main.sh.in | 8 +++--- e2e/miniconstellation/main.tf | 25 ++++++------------- e2e/miniconstellation/output.tf | 6 ----- e2e/miniconstellation/variables.tf | 4 +++ 7 files changed, 20 insertions(+), 59 deletions(-) create mode 100644 e2e/miniconstellation/variables.tf diff --git a/.github/actions/e2e_mini/action.yml b/.github/actions/e2e_mini/action.yml index 49a550414..6783f0ef7 100644 --- a/.github/actions/e2e_mini/action.yml +++ b/.github/actions/e2e_mini/action.yml @@ -61,6 +61,5 @@ runs: # clean up if e2e test failed or if the run was cancelled if: (failure() && steps.e2e-test.conclusion == 'failure') || cancelled() run: | - rg_name=${{ steps.e2e-test.outputs.rgname }} - echo "[*] Deleting resource group $rg_name" - az group delete -y --resource-group "$rg_name" + echo "[*] Deleting resource group ${{ steps.e2e-test.outputs.rgname }}" + az group delete -y --resource-group "${{ steps.e2e-test.outputs.rgname }}" diff --git a/e2e/miniconstellation/.terraform.lock.hcl b/e2e/miniconstellation/.terraform.lock.hcl index 842851385..2e5970afe 100644 --- a/e2e/miniconstellation/.terraform.lock.hcl +++ b/e2e/miniconstellation/.terraform.lock.hcl @@ -55,36 +55,6 @@ provider "registry.terraform.io/hashicorp/cloudinit" { ] } -provider "registry.terraform.io/hashicorp/random" { - version = "3.6.2" - constraints = "3.6.2" - hashes = [ - "h1:5lstwe/L8AZS/CP0lil2nPvmbbjAu8kCaU/ogSGNbxk=", - "h1:Gd3WitYIzSYo/Suo+PMxpZpIGpRPrwl0JU0+DhxycFM=", - "h1:J9EOvuE7qCS/S0lqMX6DNqsh/wq2uhwxE2bOpSn0/hc=", - "h1:R5qdQjKzOU16TziCN1vR3Exr/B+8WGK80glLTT4ZCPk=", - "h1:UQlmHGddu39vVzG8kruMsde4GHlG+1S7OLqFApbJvtc=", - "h1:VYBb5/CQ1tPhV92eUsfxSZ4Ta2OCfNggYwE+Qo+yCD0=", - "h1:VavG5unYCa3SYISMKF9pzc3718M0bhPlcbUZZGl7wuo=", - "h1:jke+2u84Hrc7szJKevP1BKFn1o3pfxYhYtity2RPCS8=", - "h1:m/7/S7a6RzGgeRAJJCsDza2kbaNmFpQDDd849RxD2FE=", - "h1:uOP0uuF8PKF98YlLqgtjdHBELJLI4BMOOHYXQMYhdlI=", - "h1:wmG0QFjQ2OfyPy6BB7mQ57WtoZZGGV07uAPQeDmIrAE=", - "zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec", - "zh:1bcd2d8161e89e39886119965ef0f37fcce2da9c1aca34263dd3002ba05fcb53", - "zh:37c75d15e9514556a5f4ed02e1548aaa95c0ecd6ff9af1119ac905144c70c114", - "zh:4210550a767226976bc7e57d988b9ce48f4411fa8a60cd74a6b246baf7589dad", - "zh:562007382520cd4baa7320f35e1370ffe84e46ed4e2071fdc7e4b1a9b1f8ae9b", - "zh:5efb9da90f665e43f22c2e13e0ce48e86cae2d960aaf1abf721b497f32025916", - "zh:6f71257a6b1218d02a573fc9bff0657410404fb2ef23bc66ae8cd968f98d5ff6", - "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:9647e18f221380a85f2f0ab387c68fdafd58af6193a932417299cdcae4710150", - "zh:bb6297ce412c3c2fa9fec726114e5e0508dd2638cad6a0cb433194930c97a544", - "zh:f83e925ed73ff8a5ef6e3608ad9225baa5376446349572c2449c0c0b3cf184b7", - "zh:fbef0781cb64de76b1df1ca11078aecba7800d82fd4a956302734999cfd9a4af", - ] -} - provider "registry.terraform.io/hashicorp/tls" { version = "4.0.5" constraints = "4.0.5" diff --git a/e2e/miniconstellation/BUILD.bazel b/e2e/miniconstellation/BUILD.bazel index 836b2d075..e8df73984 100644 --- a/e2e/miniconstellation/BUILD.bazel +++ b/e2e/miniconstellation/BUILD.bazel @@ -9,6 +9,7 @@ filegroup( "main.tf", "output.tf", "test-remote.sh", + "variables.tf", ], ) diff --git a/e2e/miniconstellation/main.sh.in b/e2e/miniconstellation/main.sh.in index 19e1df279..f25975554 100755 --- a/e2e/miniconstellation/main.sh.in +++ b/e2e/miniconstellation/main.sh.in @@ -23,14 +23,16 @@ cd e2e/miniconstellation echo "::group::Terraform" +random_string=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 6) +rg_name="e2e-mini-${random_string}" +echo "rgname=${rg_name}" >> "${GITHUB_OUTPUT:-/dev/null}" +echo "resource_name = \"${rg_name}\"" > terraform.tfvars + terraform init terraform apply -auto-approve terraform output -raw ssh_private_key > id_rsa chmod 600 id_rsa -rg_name=$(terraform output -raw rg_name) -echo "rgname=$rg_name" >> "${GITHUB_OUTPUT:-/dev/null}" - azure_vm_ip=$(terraform output -raw public_ip) echo "::endgroup::" diff --git a/e2e/miniconstellation/main.tf b/e2e/miniconstellation/main.tf index e4aa02b3f..601f0a3fb 100644 --- a/e2e/miniconstellation/main.tf +++ b/e2e/miniconstellation/main.tf @@ -4,10 +4,6 @@ terraform { source = "hashicorp/azurerm" version = "4.1.0" } - random = { - source = "hashicorp/random" - version = "3.6.2" - } tls = { source = "hashicorp/tls" version = "4.0.5" @@ -29,11 +25,6 @@ provider "azurerm" { provider "tls" {} -resource "random_string" "suffix" { - length = 6 - special = false -} - resource "tls_private_key" "ssh_key" { algorithm = "RSA" rsa_bits = 2048 @@ -50,26 +41,26 @@ data "cloudinit_config" "cloud_init" { } resource "azurerm_resource_group" "main" { - name = "e2e-mini-${random_string.suffix.result}" - location = "North Europe" + name = var.resource_name + location = "West Europe" } resource "azurerm_virtual_network" "main" { - name = "e2e-mini-${random_string.suffix.result}" + name = var.resource_name address_space = ["10.0.0.0/16"] location = azurerm_resource_group.main.location resource_group_name = azurerm_resource_group.main.name } resource "azurerm_subnet" "main" { - name = "e2e-mini-${random_string.suffix.result}" + name = var.resource_name resource_group_name = azurerm_resource_group.main.name virtual_network_name = azurerm_virtual_network.main.name address_prefixes = ["10.0.2.0/24"] } resource "azurerm_public_ip" "main" { - name = "e2e-mini-${random_string.suffix.result}" + name = var.resource_name location = azurerm_resource_group.main.location resource_group_name = azurerm_resource_group.main.name allocation_method = "Static" @@ -77,7 +68,7 @@ resource "azurerm_public_ip" "main" { } resource "azurerm_network_interface" "main" { - name = "e2e-mini-${random_string.suffix.result}" + name = var.resource_name resource_group_name = azurerm_resource_group.main.name location = azurerm_resource_group.main.location @@ -90,7 +81,7 @@ resource "azurerm_network_interface" "main" { } resource "azurerm_network_security_group" "ssh" { - name = "e2e-mini-${random_string.suffix.result}" + name = var.resource_name resource_group_name = azurerm_resource_group.main.name location = azurerm_resource_group.main.location @@ -113,7 +104,7 @@ resource "azurerm_subnet_network_security_group_association" "ssh" { } resource "azurerm_linux_virtual_machine" "main" { - name = "e2e-mini-${random_string.suffix.result}" + name = var.resource_name resource_group_name = azurerm_resource_group.main.name location = azurerm_resource_group.main.location diff --git a/e2e/miniconstellation/output.tf b/e2e/miniconstellation/output.tf index c8f961a46..14f541264 100644 --- a/e2e/miniconstellation/output.tf +++ b/e2e/miniconstellation/output.tf @@ -9,9 +9,3 @@ output "ssh_private_key" { sensitive = true depends_on = [tls_private_key.ssh_key] } - -output "rg_name" { - value = "e2e-mini-${random_string.suffix.result}" - sensitive = false - depends_on = [random_string.suffix] -} diff --git a/e2e/miniconstellation/variables.tf b/e2e/miniconstellation/variables.tf new file mode 100644 index 000000000..eb2034c7f --- /dev/null +++ b/e2e/miniconstellation/variables.tf @@ -0,0 +1,4 @@ +variable "resource_name" { + type = string + description = "name for resources to create" +} From d65987cb15cf9ebdbbd2975f177937c1acbc90f8 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Wed, 25 Sep 2024 08:41:47 +0200 Subject: [PATCH 271/380] image: update measurements and image version (#3377) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index 337efc17c..477407384 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x4e, 0x5c, 0xa7, 0x50, 0xb6, 0xfd, 0x7a, 0xbc, 0x9e, 0x66, 0xfe, 0x51, 0xec, 0xd9, 0x1a, 0x39, 0x4b, 0x5e, 0xb3, 0x83, 0x1f, 0x40, 0xff, 0xac, 0xd8, 0x56, 0x9f, 0x6e, 0x67, 0x36, 0xaa, 0xfd}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x07, 0xae, 0x7b, 0xa1, 0x8b, 0x74, 0x69, 0x60, 0x55, 0x60, 0x83, 0x91, 0xbb, 0x0d, 0xa0, 0x04, 0xcd, 0x58, 0xc1, 0x4c, 0x02, 0x7d, 0x72, 0xb1, 0xea, 0xdc, 0xf8, 0x66, 0x8d, 0xff, 0x5e, 0x4f}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x32, 0x42, 0x23, 0x95, 0x6e, 0xfd, 0xfe, 0xe9, 0xdb, 0x7a, 0xbb, 0xb9, 0x64, 0x2d, 0x86, 0x49, 0xb7, 0x0a, 0x94, 0x90, 0xb9, 0x6f, 0xea, 0xfe, 0xf9, 0x1e, 0xd2, 0x61, 0xb5, 0xac, 0x2a, 0x8d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x05, 0x27, 0x51, 0x07, 0xff, 0xde, 0x56, 0x48, 0xa6, 0x32, 0xd8, 0x84, 0xf9, 0x14, 0x5a, 0x7c, 0x21, 0xcf, 0xb5, 0x52, 0xb9, 0xcb, 0xc8, 0xc1, 0xd6, 0x08, 0x7f, 0xd8, 0xd8, 0x85, 0x07, 0x59}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x46, 0x94, 0xdb, 0x23, 0x70, 0x89, 0xca, 0xf1, 0x81, 0x55, 0x8d, 0x95, 0xb8, 0x6f, 0x4a, 0x2c, 0x3a, 0xb0, 0xdf, 0x8b, 0xc5, 0xf6, 0xf4, 0xb3, 0x9f, 0x76, 0x42, 0x89, 0xfc, 0xc5, 0x61, 0xe5}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x32, 0xa2, 0xcd, 0x8c, 0x2f, 0xb6, 0xbf, 0x32, 0x10, 0x92, 0xf1, 0x9f, 0x33, 0xe9, 0xad, 0xc4, 0xf3, 0xbc, 0x87, 0xb8, 0xa8, 0x85, 0xfa, 0xfa, 0x1e, 0xa1, 0x29, 0x36, 0x27, 0x27, 0x31, 0x00}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xb7, 0xef, 0xd6, 0xd5, 0xae, 0xb6, 0x2c, 0x69, 0x9a, 0x59, 0x3e, 0x14, 0x1d, 0x7b, 0xa1, 0x60, 0xc5, 0xac, 0x95, 0x74, 0x19, 0x9f, 0x7d, 0x2f, 0xd4, 0x63, 0xef, 0x9e, 0x15, 0xeb, 0x18, 0xba}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb7, 0xce, 0xd7, 0x77, 0xce, 0x13, 0x8f, 0x21, 0xe4, 0xf2, 0xf3, 0x30, 0xea, 0x4c, 0xad, 0x66, 0xfa, 0x91, 0x63, 0xba, 0x49, 0x51, 0xcf, 0x9a, 0xb4, 0x60, 0x22, 0xfb, 0x2c, 0xd9, 0xb9, 0xf1}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xeb, 0xc7, 0x09, 0xfc, 0xbe, 0xa8, 0xab, 0xe9, 0x46, 0xed, 0x55, 0x27, 0xf5, 0xb0, 0xee, 0x50, 0xf5, 0xdb, 0x28, 0xbe, 0x35, 0x2b, 0xd0, 0x48, 0x29, 0xb4, 0xf4, 0x56, 0x45, 0x8d, 0x60, 0x7d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x22, 0x6d, 0xd9, 0x23, 0x69, 0x92, 0x3a, 0xcb, 0x8d, 0xc7, 0x3d, 0x46, 0x10, 0x0a, 0xc8, 0xdd, 0x8c, 0xcb, 0xdf, 0x27, 0xe7, 0x55, 0x3a, 0x75, 0x07, 0x1a, 0xae, 0xd1, 0x2f, 0x4a, 0xac, 0x5a}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x81, 0xd0, 0x9f, 0x5d, 0xc2, 0x60, 0xac, 0xa7, 0x00, 0x72, 0xb2, 0x57, 0x44, 0x2a, 0xde, 0xe2, 0xb8, 0xb2, 0xf4, 0x27, 0x61, 0x09, 0xbb, 0x1d, 0x36, 0x9f, 0x8b, 0x53, 0xeb, 0xbb, 0x86, 0x60}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe9, 0xc2, 0x6c, 0x5e, 0x23, 0xc6, 0x7b, 0x25, 0x07, 0xc8, 0x9d, 0x13, 0x27, 0x04, 0x5d, 0xb9, 0xe4, 0x6a, 0xf3, 0x3e, 0x80, 0xe0, 0x8d, 0xa5, 0xf9, 0x7b, 0xb8, 0xe1, 0x42, 0x80, 0x33, 0xe7}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x1e, 0x17, 0x6c, 0x5e, 0x77, 0x25, 0x7c, 0x61, 0x46, 0x92, 0x0e, 0x96, 0xe8, 0x41, 0xff, 0x37, 0x69, 0x75, 0xca, 0x69, 0x71, 0x05, 0xcf, 0x1e, 0xcc, 0xf6, 0x9c, 0x72, 0x95, 0x13, 0x33, 0xba}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x94, 0x51, 0x75, 0xd4, 0x24, 0xe4, 0xa5, 0xc7, 0xc2, 0xac, 0x2e, 0xb4, 0x61, 0x90, 0x1c, 0xd5, 0x88, 0xbd, 0x53, 0xd1, 0x94, 0x3c, 0x8e, 0x60, 0x65, 0x08, 0xb8, 0x13, 0xf9, 0xed, 0x88, 0x14}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x39, 0xf5, 0xf6, 0x99, 0xc1, 0x0f, 0x64, 0x84, 0x7f, 0x47, 0xd3, 0xdf, 0x8a, 0xe9, 0x84, 0xb3, 0xea, 0x51, 0x09, 0x17, 0xc4, 0x79, 0x10, 0x01, 0x6b, 0xda, 0xcc, 0xdb, 0x3b, 0x8b, 0x5e, 0x24}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x8d, 0x83, 0xd5, 0x70, 0x40, 0x33, 0x15, 0xb9, 0x72, 0x1d, 0x83, 0x2b, 0x38, 0x86, 0x19, 0x50, 0x55, 0x4b, 0x97, 0x02, 0xb8, 0x66, 0x28, 0xcc, 0xa8, 0x42, 0xeb, 0x6a, 0xf5, 0x49, 0x68, 0x0c}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x42, 0x72, 0x67, 0x55, 0xa8, 0xc4, 0xc1, 0xf2, 0x1c, 0x76, 0x1b, 0xb6, 0x34, 0x1e, 0x88, 0xaf, 0x94, 0xc1, 0x6a, 0x01, 0x56, 0x32, 0x2e, 0x73, 0x81, 0x0b, 0x2b, 0xec, 0x99, 0x75, 0x9f, 0x35}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x4c, 0xc7, 0xe6, 0x78, 0xb6, 0x4b, 0xeb, 0xc5, 0x59, 0x32, 0xc7, 0x76, 0x4c, 0x3f, 0x54, 0x36, 0xd8, 0xda, 0x97, 0xa1, 0xd2, 0x5c, 0xaa, 0x63, 0x07, 0x9c, 0xeb, 0x18, 0x62, 0xcd, 0x1d, 0xe5}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x59, 0x27, 0xab, 0x8e, 0x19, 0xe3, 0x38, 0xe4, 0x94, 0x76, 0x4f, 0xbc, 0xa5, 0x0d, 0xf6, 0x4f, 0xdd, 0x07, 0xd0, 0xea, 0xc9, 0xdb, 0xaa, 0x2d, 0x84, 0x6c, 0x6b, 0x5b, 0x88, 0x61, 0x5b, 0xf7}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x50, 0x90, 0x4b, 0xff, 0xce, 0x66, 0x2a, 0xd9, 0x68, 0xc9, 0xc4, 0x7b, 0xfe, 0xfd, 0x93, 0xa0, 0x85, 0x23, 0x31, 0x09, 0x17, 0x78, 0x49, 0x25, 0x06, 0x2c, 0x42, 0x3b, 0xdd, 0xf2, 0xb8, 0xbc}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x1a, 0x43, 0xce, 0x26, 0xb1, 0x55, 0xdb, 0x97, 0xe3, 0x86, 0xb2, 0xb5, 0x7b, 0x42, 0xe9, 0xf4, 0x90, 0x52, 0x65, 0x61, 0xd3, 0x16, 0xf5, 0xdb, 0xdf, 0x54, 0xd4, 0x78, 0xd7, 0x61, 0xef, 0xbe}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x56, 0xb5, 0x0e, 0x67, 0x48, 0x1d, 0x19, 0x1e, 0xfd, 0x56, 0xf9, 0x78, 0xf1, 0xef, 0xe8, 0x98, 0xe7, 0x52, 0xac, 0xc3, 0xb4, 0xdb, 0x2c, 0x7e, 0x48, 0x57, 0x99, 0xbd, 0x6d, 0xfd, 0x47, 0x7d}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xef, 0x25, 0x0d, 0x1a, 0x1c, 0x24, 0x96, 0xe4, 0x7a, 0x11, 0xe5, 0x9a, 0x07, 0xdd, 0x05, 0x03, 0x5d, 0x34, 0x11, 0x0a, 0xae, 0x26, 0xf7, 0x49, 0x35, 0xbd, 0xea, 0xe3, 0x09, 0x0d, 0x2b, 0x53}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x8a, 0x5d, 0x5f, 0xef, 0x80, 0x51, 0x48, 0xdb, 0xf2, 0xa4, 0x9b, 0x28, 0x4d, 0x0c, 0x8d, 0x95, 0x2e, 0x42, 0x6a, 0xd3, 0x46, 0x78, 0x4f, 0xce, 0x43, 0xc1, 0x97, 0x8f, 0x1f, 0xb5, 0xc0, 0xc7}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x85, 0x70, 0x29, 0x4b, 0xfc, 0x64, 0xfe, 0x71, 0x7b, 0x76, 0x54, 0x2d, 0x9e, 0x8a, 0x2b, 0x61, 0x0e, 0xb3, 0x16, 0x13, 0xe3, 0x8f, 0x9a, 0x58, 0xaf, 0x01, 0xb3, 0x97, 0x63, 0xe5, 0x81, 0xa3}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x94, 0x39, 0xc3, 0x69, 0xa5, 0x03, 0x53, 0x22, 0x4f, 0xf3, 0xe3, 0x7f, 0x1c, 0x06, 0x5b, 0x14, 0x8c, 0x5a, 0xe7, 0xf2, 0xae, 0xd4, 0xe5, 0xf7, 0x77, 0xd2, 0xaf, 0x08, 0xd8, 0x46, 0x6a, 0xd2}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa0, 0x1c, 0x6c, 0xbb, 0x52, 0xee, 0x97, 0x18, 0xcf, 0xef, 0x08, 0x2f, 0x3b, 0x70, 0xa2, 0x05, 0xe7, 0xd6, 0xf3, 0x11, 0x84, 0x87, 0xf4, 0xa4, 0xfc, 0xf9, 0x36, 0x05, 0xfd, 0xcf, 0x4b, 0x27}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x1b, 0x02, 0x1c, 0x64, 0xbe, 0x14, 0x37, 0x83, 0xde, 0xaa, 0x4e, 0xcb, 0x12, 0xd1, 0x7b, 0x8f, 0x6f, 0x41, 0xc1, 0x9d, 0x69, 0xe5, 0xbb, 0xaf, 0xee, 0x75, 0x09, 0xa7, 0x60, 0x18, 0x53, 0x64}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x65, 0x20, 0x26, 0xee, 0x58, 0xb0, 0x33, 0x74, 0x28, 0xde, 0xd2, 0xee, 0xe9, 0xed, 0x10, 0xee, 0x12, 0xe3, 0x77, 0x80, 0x02, 0xfe, 0xb9, 0xdb, 0xb2, 0xf7, 0x22, 0xf1, 0x41, 0x1f, 0xcf, 0x17}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xcf, 0x36, 0x2a, 0xf7, 0xb0, 0xaa, 0x12, 0xcb, 0xcc, 0xa6, 0xf9, 0x41, 0x5e, 0xd4, 0x5a, 0xac, 0xcf, 0x94, 0xc5, 0x7a, 0xc6, 0x45, 0xe6, 0x1f, 0x66, 0x8e, 0x97, 0x79, 0xb5, 0x03, 0xc7, 0xd4}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0x7e, 0x6c, 0xb7, 0xf6, 0x37, 0x81, 0x44, 0x17, 0xe8, 0x0c, 0x36, 0x71, 0x72, 0x12, 0xcd, 0xaa, 0x06, 0x22, 0x35, 0xf2, 0x1d, 0xc5, 0x66, 0x84, 0xff, 0x5f, 0xbc, 0x91, 0x2a, 0x60, 0xd3, 0xaa}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x0b, 0xa2, 0xa6, 0xcf, 0x76, 0xa9, 0x57, 0x68, 0x55, 0x09, 0x39, 0xce, 0x52, 0x97, 0xcf, 0x7c, 0xe4, 0x65, 0xe1, 0xd2, 0x4b, 0x44, 0x60, 0xf6, 0x8d, 0x46, 0x69, 0xa3, 0x75, 0xb9, 0x8b, 0xaf}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x79, 0x24, 0x0c, 0x4e, 0x71, 0x2c, 0x95, 0x4f, 0x00, 0x14, 0xc7, 0xe0, 0xf2, 0x3e, 0xb5, 0xf9, 0xf7, 0x6a, 0x5e, 0xbc, 0xf9, 0x25, 0x30, 0xaf, 0xce, 0x75, 0xb8, 0x09, 0x44, 0x44, 0xf7, 0x86}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xf6, 0x83, 0x82, 0xd6, 0x00, 0x89, 0xaf, 0x08, 0xa7, 0x08, 0xac, 0x9a, 0x76, 0x8f, 0x7f, 0x5c, 0xc8, 0xf2, 0x54, 0x79, 0x18, 0xc1, 0xbd, 0xed, 0xdf, 0x2f, 0x0c, 0xb5, 0x92, 0x63, 0x42, 0x9a}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xf1, 0xcf, 0xd9, 0x4b, 0x5e, 0xae, 0x0a, 0x9c, 0x95, 0xba, 0xb7, 0x64, 0xf1, 0xa7, 0x52, 0x36, 0x44, 0x86, 0xb7, 0x71, 0x7b, 0x7d, 0xa9, 0x11, 0xb7, 0xd3, 0x45, 0x9b, 0x20, 0x4c, 0x41, 0x33}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xc7, 0xc1, 0x64, 0x9f, 0x8b, 0xca, 0x4e, 0x38, 0x10, 0xc7, 0x65, 0xce, 0xcc, 0xcf, 0x1a, 0xaa, 0x0b, 0x73, 0xb4, 0x6f, 0xec, 0xe7, 0xb1, 0x67, 0xf1, 0xe6, 0xf1, 0x26, 0xcb, 0x63, 0x95, 0x7d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xa0, 0x42, 0x1e, 0x73, 0x8f, 0x8d, 0x07, 0x7c, 0xf4, 0x14, 0x7e, 0x8d, 0x7d, 0x25, 0xab, 0x6e, 0x6e, 0x7c, 0x75, 0x38, 0xe4, 0x4b, 0xb0, 0xb8, 0x57, 0x75, 0xed, 0x28, 0x4d, 0xc0, 0xc3, 0x16}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x57, 0x16, 0xe8, 0x06, 0xb1, 0x14, 0xb8, 0x75, 0xf6, 0xc3, 0xae, 0x0f, 0xc4, 0x18, 0xec, 0x2c, 0x2c, 0x7a, 0xed, 0x1e, 0xab, 0xf9, 0xcb, 0x58, 0x79, 0xad, 0xb0, 0xcc, 0xdb, 0x8b, 0xa6, 0x38}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xef, 0x75, 0x48, 0x4b, 0x8f, 0x42, 0x54, 0xfc, 0xb6, 0xbc, 0xc0, 0xa2, 0xd5, 0xd5, 0xc9, 0x3b, 0x27, 0x4a, 0x87, 0xad, 0xe4, 0x09, 0x82, 0x21, 0xec, 0xac, 0x6b, 0x5f, 0xb0, 0xdd, 0x94, 0x30}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0xce, 0xc0, 0x58, 0x19, 0x70, 0x82, 0xab, 0x4e, 0x26, 0x93, 0x44, 0xa4, 0x90, 0x53, 0xf8, 0x91, 0x8d, 0xc8, 0xde, 0x88, 0x9f, 0x09, 0x2b, 0xdc, 0x2e, 0xe2, 0xe5, 0x8e, 0xfb, 0x89, 0xe6, 0x64}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x28, 0x1b, 0x4c, 0x14, 0xfd, 0xb6, 0x17, 0x85, 0x46, 0x29, 0x52, 0x2f, 0x22, 0x31, 0x40, 0x31, 0xbb, 0x4a, 0x2b, 0x58, 0xf3, 0xae, 0x32, 0x92, 0x1a, 0xe7, 0x2d, 0x10, 0x6d, 0x1e, 0x74, 0x48}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xbb, 0x81, 0x51, 0xf1, 0xb1, 0x4e, 0x3a, 0x6a, 0x70, 0x19, 0x9a, 0x15, 0xa5, 0xd7, 0xc6, 0xa3, 0x18, 0x83, 0xe9, 0x0b, 0x46, 0x94, 0x8a, 0x22, 0x05, 0xf2, 0xfd, 0x1c, 0x29, 0x9f, 0xa9, 0x77}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0x9e, 0x3d, 0x94, 0x36, 0x2e, 0x76, 0x54, 0x47, 0x1c, 0xb4, 0xfb, 0xde, 0x45, 0x76, 0x87, 0x6d, 0xa3, 0xe6, 0x83, 0x44, 0x1b, 0x62, 0x80, 0xb4, 0xd3, 0x59, 0x46, 0x3a, 0x87, 0xe3, 0xa9, 0x4f}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x79, 0x81, 0xfe, 0xfe, 0x22, 0xb9, 0x6e, 0x5e, 0xef, 0x67, 0x27, 0x69, 0x58, 0x0c, 0x2d, 0x2f, 0x9f, 0x4a, 0x2c, 0x48, 0x0f, 0x48, 0x33, 0xd1, 0x63, 0x1b, 0xa3, 0x9a, 0xb8, 0x0f, 0xb4, 0xcf}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x99, 0xc2, 0x38, 0xa3, 0x01, 0xfe, 0x7f, 0x79, 0x0e, 0x2d, 0x9b, 0x62, 0x41, 0x20, 0xc1, 0x33, 0x4b, 0x3b, 0x57, 0x11, 0x72, 0xfc, 0x55, 0x7f, 0x0c, 0xbd, 0x84, 0x17, 0x10, 0x27, 0xff, 0xef}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0x05, 0xbf, 0x6b, 0xfc, 0xa8, 0x0e, 0xcc, 0x06, 0xf0, 0xa5, 0x61, 0x1e, 0xe1, 0x23, 0x89, 0x8c, 0x49, 0x07, 0xc9, 0x19, 0xf0, 0x58, 0x01, 0xc0, 0x3e, 0xf6, 0xc1, 0x77, 0xad, 0xa3, 0x00, 0xe3}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xa8, 0x46, 0xbd, 0x23, 0xdd, 0x5e, 0x08, 0xf9, 0xdb, 0x15, 0x7c, 0xd2, 0xab, 0xca, 0x1d, 0x98, 0x86, 0x50, 0x17, 0x68, 0xbf, 0x25, 0x69, 0x7c, 0x1a, 0xcf, 0xfe, 0xd1, 0x47, 0xb5, 0x05, 0x15}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x1c, 0x10, 0xd0, 0xb6, 0x10, 0xb4, 0x41, 0xbb, 0x5f, 0xd4, 0xd4, 0x00, 0xc6, 0x3a, 0x1f, 0x89, 0xbb, 0xbe, 0x67, 0xfc, 0xe4, 0xb6, 0x82, 0x23, 0x3e, 0xc2, 0x3f, 0xb7, 0x7b, 0x3e, 0x65, 0x3d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index dd89407a6..d2f93f3a4 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240919141651-1ca8d4f97772" + defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240924095245-068e68d478a5" ) From 882d602524e556163767134f1cf832d44dc57e26 Mon Sep 17 00:00:00 2001 From: 3u13r Date: Thu, 26 Sep 2024 11:08:06 +0200 Subject: [PATCH 272/380] openstack: set region in cluster cloud client (#3375) --- internal/cloud/openstack/imds.go | 15 +++++++++++++++ internal/cloud/openstack/openstack.go | 5 +++++ terraform/infrastructure/openstack/main.tf | 1 + .../openstack/modules/instance_group/main.tf | 1 + .../openstack/modules/instance_group/variables.tf | 5 +++++ 5 files changed, 27 insertions(+) diff --git a/internal/cloud/openstack/imds.go b/internal/cloud/openstack/imds.go index 792a0d881..101808a37 100644 --- a/internal/cloud/openstack/imds.go +++ b/internal/cloud/openstack/imds.go @@ -172,6 +172,20 @@ func (c *imdsClient) userDomainName(ctx context.Context) (string, error) { return c.userDataCache.UserDomainName, nil } +func (c *imdsClient) regionName(ctx context.Context) (string, error) { + if c.timeForUpdate(c.cacheTime) || c.userDataCache.RegionName == "" { + if err := c.update(ctx); err != nil { + return "", err + } + } + + if c.userDataCache.RegionName == "" { + return "", errors.New("unable to get user domain name") + } + + return c.userDataCache.RegionName, nil +} + func (c *imdsClient) username(ctx context.Context) (string, error) { if c.timeForUpdate(c.cacheTime) || c.userDataCache.Username == "" { if err := c.update(ctx); err != nil { @@ -295,6 +309,7 @@ type metadataTags struct { type userDataResponse struct { AuthURL string `json:"openstack-auth-url,omitempty"` UserDomainName string `json:"openstack-user-domain-name,omitempty"` + RegionName string `json:"openstack-region-name,omitempty"` Username string `json:"openstack-username,omitempty"` Password string `json:"openstack-password,omitempty"` LoadBalancerEndpoint string `json:"openstack-load-balancer-endpoint,omitempty"` diff --git a/internal/cloud/openstack/openstack.go b/internal/cloud/openstack/openstack.go index 6c1dead67..4ff3b2b32 100644 --- a/internal/cloud/openstack/openstack.go +++ b/internal/cloud/openstack/openstack.go @@ -54,6 +54,10 @@ func New(ctx context.Context) (*MetadataClient, error) { if err != nil { return nil, fmt.Errorf("getting user domain name: %w", err) } + regionName, err := imds.regionName(ctx) + if err != nil { + return nil, fmt.Errorf("getting region name: %w", err) + } clientOpts := &clientconfig.ClientOpts{ AuthType: clientconfig.AuthV3Password, @@ -63,6 +67,7 @@ func New(ctx context.Context) (*MetadataClient, error) { Username: username, Password: password, }, + RegionName: regionName, } serversClient, err := clientconfig.NewServiceClient(ctx, "compute", clientOpts) diff --git a/terraform/infrastructure/openstack/main.tf b/terraform/infrastructure/openstack/main.tf index 2baee62b5..e571977a0 100644 --- a/terraform/infrastructure/openstack/main.tf +++ b/terraform/infrastructure/openstack/main.tf @@ -242,6 +242,7 @@ module "instance_group" { openstack_username = local.cloudyaml["auth"]["username"] openstack_password = local.cloudyaml["auth"]["password"] openstack_user_domain_name = local.cloudyaml["auth"]["user_domain_name"] + openstack_region_name = local.cloudyaml["region_name"] openstack_load_balancer_endpoint = openstack_networking_floatingip_v2.public_ip.address } diff --git a/terraform/infrastructure/openstack/modules/instance_group/main.tf b/terraform/infrastructure/openstack/modules/instance_group/main.tf index b104506d5..b2feecb5f 100644 --- a/terraform/infrastructure/openstack/modules/instance_group/main.tf +++ b/terraform/infrastructure/openstack/modules/instance_group/main.tf @@ -80,6 +80,7 @@ resource "openstack_compute_instance_v2" "instance_group_member" { openstack-username = var.openstack_username openstack-password = var.openstack_password openstack-user-domain-name = var.openstack_user_domain_name + openstack-region-name = var.openstack_region_name openstack-load-balancer-endpoint = var.openstack_load_balancer_endpoint }) availability_zone_hints = length(var.availability_zone) > 0 ? var.availability_zone : null diff --git a/terraform/infrastructure/openstack/modules/instance_group/variables.tf b/terraform/infrastructure/openstack/modules/instance_group/variables.tf index 74f0f9e28..991985c97 100644 --- a/terraform/infrastructure/openstack/modules/instance_group/variables.tf +++ b/terraform/infrastructure/openstack/modules/instance_group/variables.tf @@ -97,6 +97,11 @@ variable "openstack_password" { description = "OpenStack password." } +variable "openstack_region_name" { + type = string + description = "OpenStack region name." +} + variable "openstack_load_balancer_endpoint" { type = string description = "OpenStack load balancer endpoint." From 2f67eb3f54765d7e3f181ff26534d973d690965f Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Fri, 27 Sep 2024 08:10:42 +0200 Subject: [PATCH 273/380] image: update measurements and image version (#3379) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index 477407384..6f5eed8e9 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x1e, 0x17, 0x6c, 0x5e, 0x77, 0x25, 0x7c, 0x61, 0x46, 0x92, 0x0e, 0x96, 0xe8, 0x41, 0xff, 0x37, 0x69, 0x75, 0xca, 0x69, 0x71, 0x05, 0xcf, 0x1e, 0xcc, 0xf6, 0x9c, 0x72, 0x95, 0x13, 0x33, 0xba}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x94, 0x51, 0x75, 0xd4, 0x24, 0xe4, 0xa5, 0xc7, 0xc2, 0xac, 0x2e, 0xb4, 0x61, 0x90, 0x1c, 0xd5, 0x88, 0xbd, 0x53, 0xd1, 0x94, 0x3c, 0x8e, 0x60, 0x65, 0x08, 0xb8, 0x13, 0xf9, 0xed, 0x88, 0x14}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x39, 0xf5, 0xf6, 0x99, 0xc1, 0x0f, 0x64, 0x84, 0x7f, 0x47, 0xd3, 0xdf, 0x8a, 0xe9, 0x84, 0xb3, 0xea, 0x51, 0x09, 0x17, 0xc4, 0x79, 0x10, 0x01, 0x6b, 0xda, 0xcc, 0xdb, 0x3b, 0x8b, 0x5e, 0x24}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x8d, 0x83, 0xd5, 0x70, 0x40, 0x33, 0x15, 0xb9, 0x72, 0x1d, 0x83, 0x2b, 0x38, 0x86, 0x19, 0x50, 0x55, 0x4b, 0x97, 0x02, 0xb8, 0x66, 0x28, 0xcc, 0xa8, 0x42, 0xeb, 0x6a, 0xf5, 0x49, 0x68, 0x0c}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x42, 0x72, 0x67, 0x55, 0xa8, 0xc4, 0xc1, 0xf2, 0x1c, 0x76, 0x1b, 0xb6, 0x34, 0x1e, 0x88, 0xaf, 0x94, 0xc1, 0x6a, 0x01, 0x56, 0x32, 0x2e, 0x73, 0x81, 0x0b, 0x2b, 0xec, 0x99, 0x75, 0x9f, 0x35}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x4c, 0xc7, 0xe6, 0x78, 0xb6, 0x4b, 0xeb, 0xc5, 0x59, 0x32, 0xc7, 0x76, 0x4c, 0x3f, 0x54, 0x36, 0xd8, 0xda, 0x97, 0xa1, 0xd2, 0x5c, 0xaa, 0x63, 0x07, 0x9c, 0xeb, 0x18, 0x62, 0xcd, 0x1d, 0xe5}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x59, 0x27, 0xab, 0x8e, 0x19, 0xe3, 0x38, 0xe4, 0x94, 0x76, 0x4f, 0xbc, 0xa5, 0x0d, 0xf6, 0x4f, 0xdd, 0x07, 0xd0, 0xea, 0xc9, 0xdb, 0xaa, 0x2d, 0x84, 0x6c, 0x6b, 0x5b, 0x88, 0x61, 0x5b, 0xf7}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x50, 0x90, 0x4b, 0xff, 0xce, 0x66, 0x2a, 0xd9, 0x68, 0xc9, 0xc4, 0x7b, 0xfe, 0xfd, 0x93, 0xa0, 0x85, 0x23, 0x31, 0x09, 0x17, 0x78, 0x49, 0x25, 0x06, 0x2c, 0x42, 0x3b, 0xdd, 0xf2, 0xb8, 0xbc}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x1a, 0x43, 0xce, 0x26, 0xb1, 0x55, 0xdb, 0x97, 0xe3, 0x86, 0xb2, 0xb5, 0x7b, 0x42, 0xe9, 0xf4, 0x90, 0x52, 0x65, 0x61, 0xd3, 0x16, 0xf5, 0xdb, 0xdf, 0x54, 0xd4, 0x78, 0xd7, 0x61, 0xef, 0xbe}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x56, 0xb5, 0x0e, 0x67, 0x48, 0x1d, 0x19, 0x1e, 0xfd, 0x56, 0xf9, 0x78, 0xf1, 0xef, 0xe8, 0x98, 0xe7, 0x52, 0xac, 0xc3, 0xb4, 0xdb, 0x2c, 0x7e, 0x48, 0x57, 0x99, 0xbd, 0x6d, 0xfd, 0x47, 0x7d}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xef, 0x25, 0x0d, 0x1a, 0x1c, 0x24, 0x96, 0xe4, 0x7a, 0x11, 0xe5, 0x9a, 0x07, 0xdd, 0x05, 0x03, 0x5d, 0x34, 0x11, 0x0a, 0xae, 0x26, 0xf7, 0x49, 0x35, 0xbd, 0xea, 0xe3, 0x09, 0x0d, 0x2b, 0x53}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x8a, 0x5d, 0x5f, 0xef, 0x80, 0x51, 0x48, 0xdb, 0xf2, 0xa4, 0x9b, 0x28, 0x4d, 0x0c, 0x8d, 0x95, 0x2e, 0x42, 0x6a, 0xd3, 0x46, 0x78, 0x4f, 0xce, 0x43, 0xc1, 0x97, 0x8f, 0x1f, 0xb5, 0xc0, 0xc7}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x8e, 0x5d, 0xcc, 0x78, 0xdb, 0x94, 0x6a, 0x6d, 0x23, 0x83, 0x8a, 0x97, 0x58, 0xd5, 0xc2, 0x17, 0xe3, 0xcc, 0x4a, 0x63, 0xe3, 0xea, 0xa7, 0xa4, 0x36, 0xea, 0x6d, 0xd0, 0xf4, 0xb4, 0x70, 0x96}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x54, 0x19, 0x3f, 0x42, 0x93, 0xc9, 0xfb, 0x98, 0xa6, 0x5e, 0x0b, 0x53, 0x58, 0xe0, 0xc7, 0x25, 0x8e, 0xe5, 0x33, 0x47, 0x4f, 0x66, 0x75, 0xc7, 0xad, 0x5f, 0xbb, 0x7d, 0xf3, 0x12, 0x3d, 0x30}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xfd, 0x43, 0x03, 0xc1, 0x91, 0xdc, 0xb7, 0xae, 0x2e, 0x57, 0x4a, 0x29, 0x0e, 0x9f, 0x6e, 0x15, 0xda, 0x03, 0xc7, 0xe5, 0xa7, 0x27, 0xa0, 0xf0, 0x53, 0x57, 0xee, 0x2f, 0x2c, 0x30, 0xba, 0x6b}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xb2, 0x95, 0x27, 0x16, 0xd7, 0x82, 0xd6, 0xfa, 0xfb, 0x72, 0x62, 0x8f, 0x10, 0x67, 0x54, 0x58, 0x09, 0x7d, 0x97, 0x83, 0xab, 0x85, 0x0e, 0x8c, 0xec, 0xb0, 0x66, 0x60, 0x3b, 0x86, 0x41, 0xa9}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x69, 0x65, 0x75, 0x77, 0xa7, 0x98, 0xfa, 0xf6, 0x10, 0xc6, 0x3d, 0x4b, 0x14, 0x63, 0x0b, 0x6c, 0x3c, 0x7a, 0xd8, 0x20, 0x6c, 0x1b, 0x9d, 0xa8, 0xba, 0xa7, 0x4a, 0xe4, 0xeb, 0x6f, 0x27, 0x47}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xc6, 0x67, 0x06, 0xe6, 0x5d, 0x52, 0x40, 0x16, 0xb6, 0x21, 0x8e, 0x27, 0x83, 0x05, 0xb8, 0x52, 0x2b, 0xad, 0x21, 0x52, 0xf2, 0x82, 0x3a, 0x1a, 0x58, 0xd9, 0xd7, 0x36, 0x56, 0x01, 0x52, 0x9a}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xb8, 0x09, 0x3d, 0x31, 0xc0, 0x50, 0x5b, 0x79, 0x54, 0x19, 0x0d, 0x2b, 0xfd, 0xa7, 0xa3, 0x7c, 0xc8, 0xf4, 0xea, 0x58, 0x25, 0x54, 0x8b, 0x89, 0x65, 0x01, 0x8f, 0x34, 0x57, 0xa4, 0x1e, 0xae}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x2a, 0x79, 0x61, 0xee, 0x67, 0x66, 0x8b, 0x44, 0xf1, 0x31, 0x3b, 0x93, 0x24, 0xd2, 0x1b, 0x17, 0x9f, 0x7f, 0x4f, 0x8e, 0x06, 0x36, 0x3d, 0xcf, 0xb7, 0xb3, 0xf8, 0xa5, 0x79, 0x8a, 0xef, 0xec}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xeb, 0xf7, 0x64, 0xd0, 0x77, 0xf0, 0xe0, 0xfc, 0x4b, 0x87, 0x78, 0xe9, 0x8a, 0xfb, 0x13, 0xc9, 0x1d, 0x98, 0xd0, 0x43, 0x56, 0x4e, 0x5a, 0x9d, 0x37, 0xde, 0x3c, 0x5f, 0x84, 0xa6, 0x0c, 0x64}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x20, 0x9b, 0x2e, 0x39, 0x6c, 0x37, 0x72, 0x06, 0x83, 0x17, 0xdd, 0x14, 0x2f, 0x63, 0x11, 0x5e, 0x82, 0x07, 0xab, 0xb1, 0xc5, 0x57, 0xb5, 0x93, 0x97, 0x53, 0x6b, 0xd3, 0x4e, 0x66, 0x09, 0xc6}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x57, 0xee, 0x33, 0xf8, 0x48, 0xe4, 0x4d, 0x63, 0x61, 0xac, 0x5b, 0xcb, 0x60, 0x8a, 0xc4, 0x15, 0x57, 0xf2, 0xce, 0xb6, 0x2a, 0x9a, 0xcc, 0xb4, 0x21, 0xb3, 0x41, 0x15, 0x24, 0x76, 0x6b, 0x24}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x6a, 0xa0, 0xe6, 0x4e, 0x86, 0x14, 0x2d, 0xb3, 0x62, 0xe3, 0x49, 0x9b, 0xe3, 0xb5, 0xc2, 0x08, 0x30, 0x4d, 0x3f, 0x0b, 0xc1, 0x15, 0x46, 0xb6, 0x40, 0x5b, 0xa1, 0x8d, 0xc4, 0xb9, 0x5a, 0x80}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xf6, 0x83, 0x82, 0xd6, 0x00, 0x89, 0xaf, 0x08, 0xa7, 0x08, 0xac, 0x9a, 0x76, 0x8f, 0x7f, 0x5c, 0xc8, 0xf2, 0x54, 0x79, 0x18, 0xc1, 0xbd, 0xed, 0xdf, 0x2f, 0x0c, 0xb5, 0x92, 0x63, 0x42, 0x9a}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xf1, 0xcf, 0xd9, 0x4b, 0x5e, 0xae, 0x0a, 0x9c, 0x95, 0xba, 0xb7, 0x64, 0xf1, 0xa7, 0x52, 0x36, 0x44, 0x86, 0xb7, 0x71, 0x7b, 0x7d, 0xa9, 0x11, 0xb7, 0xd3, 0x45, 0x9b, 0x20, 0x4c, 0x41, 0x33}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xc7, 0xc1, 0x64, 0x9f, 0x8b, 0xca, 0x4e, 0x38, 0x10, 0xc7, 0x65, 0xce, 0xcc, 0xcf, 0x1a, 0xaa, 0x0b, 0x73, 0xb4, 0x6f, 0xec, 0xe7, 0xb1, 0x67, 0xf1, 0xe6, 0xf1, 0x26, 0xcb, 0x63, 0x95, 0x7d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xa0, 0x42, 0x1e, 0x73, 0x8f, 0x8d, 0x07, 0x7c, 0xf4, 0x14, 0x7e, 0x8d, 0x7d, 0x25, 0xab, 0x6e, 0x6e, 0x7c, 0x75, 0x38, 0xe4, 0x4b, 0xb0, 0xb8, 0x57, 0x75, 0xed, 0x28, 0x4d, 0xc0, 0xc3, 0x16}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x57, 0x16, 0xe8, 0x06, 0xb1, 0x14, 0xb8, 0x75, 0xf6, 0xc3, 0xae, 0x0f, 0xc4, 0x18, 0xec, 0x2c, 0x2c, 0x7a, 0xed, 0x1e, 0xab, 0xf9, 0xcb, 0x58, 0x79, 0xad, 0xb0, 0xcc, 0xdb, 0x8b, 0xa6, 0x38}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xef, 0x75, 0x48, 0x4b, 0x8f, 0x42, 0x54, 0xfc, 0xb6, 0xbc, 0xc0, 0xa2, 0xd5, 0xd5, 0xc9, 0x3b, 0x27, 0x4a, 0x87, 0xad, 0xe4, 0x09, 0x82, 0x21, 0xec, 0xac, 0x6b, 0x5f, 0xb0, 0xdd, 0x94, 0x30}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0xce, 0xc0, 0x58, 0x19, 0x70, 0x82, 0xab, 0x4e, 0x26, 0x93, 0x44, 0xa4, 0x90, 0x53, 0xf8, 0x91, 0x8d, 0xc8, 0xde, 0x88, 0x9f, 0x09, 0x2b, 0xdc, 0x2e, 0xe2, 0xe5, 0x8e, 0xfb, 0x89, 0xe6, 0x64}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x28, 0x1b, 0x4c, 0x14, 0xfd, 0xb6, 0x17, 0x85, 0x46, 0x29, 0x52, 0x2f, 0x22, 0x31, 0x40, 0x31, 0xbb, 0x4a, 0x2b, 0x58, 0xf3, 0xae, 0x32, 0x92, 0x1a, 0xe7, 0x2d, 0x10, 0x6d, 0x1e, 0x74, 0x48}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xbb, 0x81, 0x51, 0xf1, 0xb1, 0x4e, 0x3a, 0x6a, 0x70, 0x19, 0x9a, 0x15, 0xa5, 0xd7, 0xc6, 0xa3, 0x18, 0x83, 0xe9, 0x0b, 0x46, 0x94, 0x8a, 0x22, 0x05, 0xf2, 0xfd, 0x1c, 0x29, 0x9f, 0xa9, 0x77}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xcb, 0xeb, 0x9e, 0x6c, 0xa1, 0x65, 0xcd, 0xf4, 0x72, 0x56, 0x03, 0xc0, 0x58, 0x1b, 0xf5, 0x40, 0x8b, 0x82, 0x74, 0xdd, 0x2e, 0xba, 0x34, 0x63, 0x88, 0x3f, 0x1a, 0x8b, 0xf1, 0xc3, 0xa9, 0xdb}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xcd, 0x4a, 0x90, 0x46, 0x00, 0x87, 0x59, 0x0c, 0x74, 0x5f, 0x4e, 0x38, 0x3e, 0xa3, 0x38, 0x9f, 0xc7, 0x19, 0x8a, 0x4c, 0x99, 0x32, 0xb5, 0x49, 0xe3, 0xc1, 0xb4, 0xb1, 0x36, 0xb2, 0x3b, 0x43}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x42, 0x0b, 0x0b, 0x47, 0x1c, 0x3d, 0x50, 0x06, 0x4a, 0xbc, 0x88, 0x38, 0x6a, 0x0e, 0xba, 0x9c, 0xfa, 0x4d, 0x65, 0x90, 0xcf, 0xd0, 0xf5, 0xc7, 0x1d, 0x50, 0xe9, 0xab, 0x73, 0x16, 0xa6, 0x03}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xc2, 0xf7, 0xe6, 0xb8, 0xee, 0x45, 0x6d, 0x8c, 0x4d, 0x60, 0xf3, 0x9c, 0x2b, 0x3e, 0xaa, 0x6c, 0x1f, 0x00, 0x77, 0x29, 0xd0, 0x03, 0x99, 0xab, 0x36, 0x47, 0xc9, 0xa0, 0x3a, 0x72, 0xe9, 0x45}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb3, 0x95, 0xea, 0x94, 0x84, 0xe5, 0x85, 0x69, 0x9b, 0xaf, 0x94, 0x91, 0x2c, 0x2b, 0xc9, 0x27, 0x7c, 0x06, 0x18, 0xd5, 0xf1, 0xb1, 0x1d, 0xc4, 0xd5, 0xe0, 0x37, 0xfa, 0x6d, 0x57, 0xc6, 0x90}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x4d, 0xd4, 0x5a, 0xaf, 0x01, 0x38, 0xe8, 0x7f, 0x14, 0xf1, 0x11, 0x65, 0x62, 0x52, 0xd3, 0xaa, 0x1f, 0x63, 0x0f, 0xc8, 0xd1, 0xa7, 0xb7, 0xe4, 0x84, 0x41, 0x7d, 0x8e, 0x8b, 0x91, 0x7a, 0x86}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0x66, 0x6e, 0x10, 0x3d, 0x59, 0xc1, 0xd2, 0xfe, 0xd2, 0x06, 0xa5, 0x59, 0x2f, 0x45, 0x33, 0x0d, 0x20, 0xdb, 0x5a, 0x76, 0x1c, 0x94, 0x28, 0x41, 0x0c, 0x39, 0xef, 0xa1, 0x92, 0x63, 0x93, 0xff}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x25, 0x67, 0x56, 0x0d, 0x02, 0xae, 0xae, 0x4e, 0xc7, 0x1d, 0x0c, 0xe1, 0xb7, 0x86, 0xdf, 0xb2, 0x30, 0xf5, 0x4b, 0x74, 0x25, 0xa6, 0x5d, 0x64, 0xcc, 0xbc, 0x43, 0x51, 0x9d, 0xdd, 0x28, 0xb1}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x46, 0x2a, 0x8b, 0x2e, 0xec, 0x40, 0x26, 0x09, 0x3f, 0xf2, 0x98, 0xf2, 0x99, 0x43, 0x1e, 0x18, 0x5b, 0x76, 0x20, 0xc6, 0xac, 0x2c, 0x8d, 0x9e, 0x2d, 0x9b, 0x0b, 0x14, 0xf4, 0x79, 0x71, 0xb2}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0x05, 0xbf, 0x6b, 0xfc, 0xa8, 0x0e, 0xcc, 0x06, 0xf0, 0xa5, 0x61, 0x1e, 0xe1, 0x23, 0x89, 0x8c, 0x49, 0x07, 0xc9, 0x19, 0xf0, 0x58, 0x01, 0xc0, 0x3e, 0xf6, 0xc1, 0x77, 0xad, 0xa3, 0x00, 0xe3}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xa8, 0x46, 0xbd, 0x23, 0xdd, 0x5e, 0x08, 0xf9, 0xdb, 0x15, 0x7c, 0xd2, 0xab, 0xca, 0x1d, 0x98, 0x86, 0x50, 0x17, 0x68, 0xbf, 0x25, 0x69, 0x7c, 0x1a, 0xcf, 0xfe, 0xd1, 0x47, 0xb5, 0x05, 0x15}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x1c, 0x10, 0xd0, 0xb6, 0x10, 0xb4, 0x41, 0xbb, 0x5f, 0xd4, 0xd4, 0x00, 0xc6, 0x3a, 0x1f, 0x89, 0xbb, 0xbe, 0x67, 0xfc, 0xe4, 0xb6, 0x82, 0x23, 0x3e, 0xc2, 0x3f, 0xb7, 0x7b, 0x3e, 0x65, 0x3d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0x5c, 0x71, 0x5b, 0xac, 0x0f, 0xec, 0x53, 0x0a, 0x9b, 0xfb, 0x70, 0x09, 0xdc, 0x2a, 0x28, 0x6f, 0x5e, 0xa6, 0xdf, 0xcd, 0x41, 0x33, 0x2b, 0x32, 0x40, 0x73, 0x5d, 0x7f, 0xdf, 0xb8, 0x8b, 0x97}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xcf, 0x4d, 0xb0, 0x6b, 0x38, 0x67, 0x86, 0x47, 0x0b, 0x36, 0xd2, 0xfd, 0x79, 0x46, 0x73, 0x35, 0xb5, 0xfb, 0xda, 0xd8, 0xe7, 0x11, 0x5d, 0x58, 0x7b, 0x5b, 0x54, 0x1f, 0xcc, 0x6b, 0xfb, 0x5a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xb4, 0xef, 0x47, 0x83, 0x36, 0x41, 0x1c, 0x99, 0x79, 0xb4, 0xdd, 0xe6, 0x6f, 0x13, 0xa6, 0x76, 0xd2, 0x95, 0x12, 0xbd, 0x08, 0x0f, 0xee, 0x55, 0xa0, 0x64, 0x2b, 0x27, 0x1e, 0xcc, 0xf2, 0x19}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index d2f93f3a4..cfc43630b 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240924095245-068e68d478a5" + defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240926110806-882d602524e5" ) From 692cb3fa00042828c396786dfc2f3c5b0a3fff9e Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Fri, 27 Sep 2024 09:08:18 +0200 Subject: [PATCH 274/380] docs: add release v2.18.0 (#3378) Co-authored-by: msanft <58110325+msanft@users.noreply.github.com> --- .../_media/SLSA-Badge-full-level3.svg | 47 + .../_media/benchmark_fio_azure_bw.png | Bin 0 -> 30975 bytes .../_media/benchmark_fio_azure_iops.png | Bin 0 -> 29702 bytes .../_media/benchmark_fio_gcp_bw.png | Bin 0 -> 30401 bytes .../_media/benchmark_fio_gcp_iops.png | Bin 0 -> 30221 bytes .../_media/benchmark_net_p2p_azure.png | Bin 0 -> 36902 bytes .../_media/benchmark_net_p2p_gcp.png | Bin 0 -> 36961 bytes .../_media/benchmark_net_p2svc_azure.png | Bin 0 -> 38309 bytes .../_media/benchmark_net_p2svc_gcp.png | Bin 0 -> 38395 bytes .../benchmark_vault/5replicas/max_latency.png | Bin 0 -> 21327 bytes .../5replicas/mean_latency.png | Bin 0 -> 18809 bytes .../benchmark_vault/5replicas/min_latency.png | Bin 0 -> 21414 bytes .../benchmark_vault/5replicas/p99_latency.png | Bin 0 -> 24062 bytes .../_media/concept-constellation.svg | 460 ++++++++++ .../version-2.18/_media/concept-managed.svg | 591 ++++++++++++ .../_media/constellation_oneline.svg | 52 ++ .../version-2.18/_media/example-emojivoto.jpg | Bin 0 -> 141236 bytes .../_media/example-online-boutique.jpg | Bin 0 -> 263458 bytes .../recovery-gcp-serial-console-link.png | Bin 0 -> 46134 bytes .../version-2.18/_media/tcb.svg | 535 +++++++++++ .../version-2.18/architecture/attestation.md | 409 +++++++++ .../architecture/encrypted-storage.md | 62 ++ .../version-2.18/architecture/images.md | 49 + .../version-2.18/architecture/keys.md | 131 +++ .../architecture/microservices.md | 73 ++ .../version-2.18/architecture/networking.md | 22 + .../architecture/observability.md | 74 ++ .../architecture/orchestration.md | 83 ++ .../version-2.18/architecture/overview.md | 30 + .../version-2.18/architecture/versions.md | 21 + .../version-2.18/getting-started/examples.md | 6 + .../getting-started/examples/emojivoto.md | 22 + .../examples/filestash-s3proxy.md | 107 +++ .../examples/horizontal-scaling.md | 98 ++ .../examples/online-boutique.md | 29 + .../getting-started/first-steps-local.md | 277 ++++++ .../getting-started/first-steps.md | 229 +++++ .../version-2.18/getting-started/install.md | 429 +++++++++ .../getting-started/marketplaces.md | 56 ++ docs/versioned_docs/version-2.18/intro.md | 34 + .../version-2.18/overview/clouds.md | 64 ++ .../overview/confidential-kubernetes.md | 42 + .../version-2.18/overview/license.md | 33 + .../overview/performance/application.md | 102 +++ .../overview/performance/compute.md | 11 + .../version-2.18/overview/performance/io.md | 204 +++++ .../overview/performance/performance.md | 17 + .../version-2.18/overview/product.md | 12 + .../overview/security-benefits.md | 22 + .../version-2.18/reference/cli.md | 844 ++++++++++++++++++ .../version-2.18/reference/migration.md | 85 ++ .../version-2.18/reference/slsa.md | 73 ++ .../version-2.18/reference/terraform.md | 37 + .../version-2.18/workflows/cert-manager.md | 13 + .../version-2.18/workflows/config.md | 353 ++++++++ .../version-2.18/workflows/create.md | 93 ++ .../version-2.18/workflows/lb.md | 28 + .../version-2.18/workflows/recovery.md | 179 ++++ .../version-2.18/workflows/s3proxy.md | 58 ++ .../version-2.18/workflows/sbom.md | 93 ++ .../version-2.18/workflows/scale.md | 122 +++ .../version-2.18/workflows/storage.md | 281 ++++++ .../version-2.18/workflows/terminate.md | 60 ++ .../workflows/terraform-provider.md | 129 +++ .../version-2.18/workflows/troubleshooting.md | 151 ++++ .../version-2.18/workflows/trusted-launch.md | 54 ++ .../version-2.18/workflows/upgrade.md | 110 +++ .../version-2.18/workflows/verify-cli.md | 129 +++ .../version-2.18/workflows/verify-cluster.md | 97 ++ .../version-2.18-sidebars.json | 299 +++++++ docs/versions.json | 1 + 71 files changed, 7722 insertions(+) create mode 100644 docs/versioned_docs/version-2.18/_media/SLSA-Badge-full-level3.svg create mode 100644 docs/versioned_docs/version-2.18/_media/benchmark_fio_azure_bw.png create mode 100644 docs/versioned_docs/version-2.18/_media/benchmark_fio_azure_iops.png create mode 100644 docs/versioned_docs/version-2.18/_media/benchmark_fio_gcp_bw.png create mode 100644 docs/versioned_docs/version-2.18/_media/benchmark_fio_gcp_iops.png create mode 100644 docs/versioned_docs/version-2.18/_media/benchmark_net_p2p_azure.png create mode 100644 docs/versioned_docs/version-2.18/_media/benchmark_net_p2p_gcp.png create mode 100644 docs/versioned_docs/version-2.18/_media/benchmark_net_p2svc_azure.png create mode 100644 docs/versioned_docs/version-2.18/_media/benchmark_net_p2svc_gcp.png create mode 100644 docs/versioned_docs/version-2.18/_media/benchmark_vault/5replicas/max_latency.png create mode 100644 docs/versioned_docs/version-2.18/_media/benchmark_vault/5replicas/mean_latency.png create mode 100644 docs/versioned_docs/version-2.18/_media/benchmark_vault/5replicas/min_latency.png create mode 100644 docs/versioned_docs/version-2.18/_media/benchmark_vault/5replicas/p99_latency.png create mode 100644 docs/versioned_docs/version-2.18/_media/concept-constellation.svg create mode 100644 docs/versioned_docs/version-2.18/_media/concept-managed.svg create mode 100644 docs/versioned_docs/version-2.18/_media/constellation_oneline.svg create mode 100644 docs/versioned_docs/version-2.18/_media/example-emojivoto.jpg create mode 100644 docs/versioned_docs/version-2.18/_media/example-online-boutique.jpg create mode 100644 docs/versioned_docs/version-2.18/_media/recovery-gcp-serial-console-link.png create mode 100644 docs/versioned_docs/version-2.18/_media/tcb.svg create mode 100644 docs/versioned_docs/version-2.18/architecture/attestation.md create mode 100644 docs/versioned_docs/version-2.18/architecture/encrypted-storage.md create mode 100644 docs/versioned_docs/version-2.18/architecture/images.md create mode 100644 docs/versioned_docs/version-2.18/architecture/keys.md create mode 100644 docs/versioned_docs/version-2.18/architecture/microservices.md create mode 100644 docs/versioned_docs/version-2.18/architecture/networking.md create mode 100644 docs/versioned_docs/version-2.18/architecture/observability.md create mode 100644 docs/versioned_docs/version-2.18/architecture/orchestration.md create mode 100644 docs/versioned_docs/version-2.18/architecture/overview.md create mode 100644 docs/versioned_docs/version-2.18/architecture/versions.md create mode 100644 docs/versioned_docs/version-2.18/getting-started/examples.md create mode 100644 docs/versioned_docs/version-2.18/getting-started/examples/emojivoto.md create mode 100644 docs/versioned_docs/version-2.18/getting-started/examples/filestash-s3proxy.md create mode 100644 docs/versioned_docs/version-2.18/getting-started/examples/horizontal-scaling.md create mode 100644 docs/versioned_docs/version-2.18/getting-started/examples/online-boutique.md create mode 100644 docs/versioned_docs/version-2.18/getting-started/first-steps-local.md create mode 100644 docs/versioned_docs/version-2.18/getting-started/first-steps.md create mode 100644 docs/versioned_docs/version-2.18/getting-started/install.md create mode 100644 docs/versioned_docs/version-2.18/getting-started/marketplaces.md create mode 100644 docs/versioned_docs/version-2.18/intro.md create mode 100644 docs/versioned_docs/version-2.18/overview/clouds.md create mode 100644 docs/versioned_docs/version-2.18/overview/confidential-kubernetes.md create mode 100644 docs/versioned_docs/version-2.18/overview/license.md create mode 100644 docs/versioned_docs/version-2.18/overview/performance/application.md create mode 100644 docs/versioned_docs/version-2.18/overview/performance/compute.md create mode 100644 docs/versioned_docs/version-2.18/overview/performance/io.md create mode 100644 docs/versioned_docs/version-2.18/overview/performance/performance.md create mode 100644 docs/versioned_docs/version-2.18/overview/product.md create mode 100644 docs/versioned_docs/version-2.18/overview/security-benefits.md create mode 100644 docs/versioned_docs/version-2.18/reference/cli.md create mode 100644 docs/versioned_docs/version-2.18/reference/migration.md create mode 100644 docs/versioned_docs/version-2.18/reference/slsa.md create mode 100644 docs/versioned_docs/version-2.18/reference/terraform.md create mode 100644 docs/versioned_docs/version-2.18/workflows/cert-manager.md create mode 100644 docs/versioned_docs/version-2.18/workflows/config.md create mode 100644 docs/versioned_docs/version-2.18/workflows/create.md create mode 100644 docs/versioned_docs/version-2.18/workflows/lb.md create mode 100644 docs/versioned_docs/version-2.18/workflows/recovery.md create mode 100644 docs/versioned_docs/version-2.18/workflows/s3proxy.md create mode 100644 docs/versioned_docs/version-2.18/workflows/sbom.md create mode 100644 docs/versioned_docs/version-2.18/workflows/scale.md create mode 100644 docs/versioned_docs/version-2.18/workflows/storage.md create mode 100644 docs/versioned_docs/version-2.18/workflows/terminate.md create mode 100644 docs/versioned_docs/version-2.18/workflows/terraform-provider.md create mode 100644 docs/versioned_docs/version-2.18/workflows/troubleshooting.md create mode 100644 docs/versioned_docs/version-2.18/workflows/trusted-launch.md create mode 100644 docs/versioned_docs/version-2.18/workflows/upgrade.md create mode 100644 docs/versioned_docs/version-2.18/workflows/verify-cli.md create mode 100644 docs/versioned_docs/version-2.18/workflows/verify-cluster.md create mode 100644 docs/versioned_sidebars/version-2.18-sidebars.json diff --git a/docs/versioned_docs/version-2.18/_media/SLSA-Badge-full-level3.svg b/docs/versioned_docs/version-2.18/_media/SLSA-Badge-full-level3.svg new file mode 100644 index 000000000..7154d4a13 --- /dev/null +++ b/docs/versioned_docs/version-2.18/_media/SLSA-Badge-full-level3.svg @@ -0,0 +1,47 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/versioned_docs/version-2.18/_media/benchmark_fio_azure_bw.png b/docs/versioned_docs/version-2.18/_media/benchmark_fio_azure_bw.png new file mode 100644 index 0000000000000000000000000000000000000000..a82ebe2d0511dc0a54f663e23c25dc275edaa15c GIT binary patch literal 30975 zcmd?S2UL~mmMx08)KVA{5>;}RoZ-&Tb58d?_q~4Sb@%Ce`;F%qHOfL^|Nj@(nrqIvR^2}@dv?RRo$Ki6 z=r&L#Pb<*Tt>~enTQ>gNYJ4T(z?wt&mypdFH5)~9eH*(=R(f&$LgD%u)6}zP(L&X9LFf=YwNzgF%Tagy>a7)mEi7mzyB^hnzqd15uW+z)-iYa%aPBY?=kt> z;O6s@%dT^%B`ZMGDQzdead>lvHK%P~P05pe?#4AyFYa$)>+7qHEl#F4s(z*X{llHw z3~K|^ugRTH(wB+EopRr(9-4pR*6Iiw>qYAybLClCS*7*$s+}di)z_D;uo>_9;$s#w z$f!F$KUTqM+L$ui6XvCmDMZJ-0&6AmesZuWlEx|(W8Gb@kzo}f8!Q~rly2TX@byh& zw!@p*iT=owch(tA^wm;x2Tke|dcDLKEAfZQIgYjyz13{R>C4`3o;&vg&%AZ(R$r?} z4mVGqJ=iu71_gFEw`&@5XW9 zfTWZkm&~Z`3i~72*w+~c)sqkK@{Zo9&evYsoMo37qnenoV$H@+rKM8CxpN8E1{)*p z-TQ4}ac+2ay4}l{Rcc$Xn2Ux?z>zN{zML!$ETbL8TOxCcJejIro_VPB^7LA2Rb;4Z z3?rYu$mr4Q1@}BX>w<)=~UT!htSkDoBEe)Xu@Zt=sN^}-h4u8S>0}E)X_c=gW)N%a$mzQTICY#LJW@g!BgQBL|+(NH!Y`Ay!oB$o&VfQ|Iwc$AyS!3*tK}7-{D#o-aEk-*hb0d>*I99wD zKSs4KPMyWk$;`~ma&oV3p+|`ycc^iFLOfQ#cYbDUcD!0{qAxaav8iRnkJM{}8VeKk zI<)ZJLRJU<{PQG!tjev`8x-E^Es2JNgjnWI`STg5;HW6Sl4ewnRgtk9Zml&4b$Lbg z-X9^oZ)uHmh=@=`Al)~fAM0=kZgf?ICgwOzouloS3Fu%b*Db}-!`HZRvaxk0KML+s zTes=x=loyrWko&Y#Hq=jn)4gKnusleA?mNFb3<8N`LzpS+lxe2pN~4fH-hRdk(-+v zqm!45HGX`tsXRn97MCH~e&okFKd#`aNV!BTeBZ)UTm8p}+gaY4=PfN}3ETAS5f>MC zaC9uGsE}hicFjiUc-?}jnDg{&ZI=n<&Qd?QXvIjCrw7$*;?(&TaB=E*^X5k%YNQ%R z;N+B4S1aOX*FWUWjlwsJyw)<$9=W@2+rb0e+}sgzq1vqHd@7%xxMlPG!z#bh0_HC> z*g(gLT24=6{~T_50k(J2Tqpo&WtjjyS{C ztr6^sucC0&$eKAjJ1gZnJGd;)bgxZ2gwrMJG?|hXh-Xi|`c>hW-H?s?(zo}wRK&T| zUcb`|#x|CIw}`s@@c~!2+f<8Po$%zq*LEwn3mLZkPbIvV<2SRO`_$B=Nw!J-&8uyP zG&+)9+j3pv2ZIDHPtq7RZytSD5yK-f*7aEtVaAt7R|0DkeWjSTlTY7cs5PhGijmIi z9Ua}(Xo*KVC1@j4Q*J$aUQEaIDU4M8hS!&5$GCKIuQs=|Jfc*`swSR}H~(;ZZQbnT zP)lIXHOe&>ZO2~LeZ{zEjm*tG!*js1dx4FTep3x4zFQ0DL})i3cW-Yx2Q zr1faJ;g=8LRPVyhtWQIo$=%fV%>Hejj7%fin#i5otLK!EG#Ut`@M#<0-m*-dhmSt@kad@I zQ0M%@0#*};Uoq9V*4}TpJ~6a(aHui0^a{dRYuok;(W#))3j18=84t=B!cw7nH*Tzl zpP%28E7>_YpFal*w70Zf$gs+2W>GB~`|%j~#5qEr{&t!sLuU4N)KqmE@pPJAIH!?OKu>V*N_JuT}; z_zcRAeEj-&zwd9yQictc$Q`E*m6xiTv|QCQ#qm z#U)<+6}NV_;UPP>XR%7rw6*Kk;|B%t%uNjoxXewacBPuPwHgIZrDr%!^yv>argoM2 z^L15-FWE3ohdTDLzq$Nz-IhQ8xP;}tOp;4%%c^w@hp{`dP1868@p>jTQJ3lxv`qf| z^Ut#H`R3d-{)mPH~KNuF%%vy{QT1_U0+ss$f zGhYqvaX@%zKe%g)VT2P~%-xMl#v6AFUc?R3&0Sh_8bh|yWaC15>qr?uK-WcdGNt$* zF{*loGwqL%hx}Cj4B5P#fkWw2@7(q|zQw{_=4yElhte zkz@1*_@_=d%cl1-Ab=iu9M}1gv(-`Z`~2R|0jbm(2z0IN7^@IB_if3vE!A)vsCW)E z)QiJAGnn2cefsq6udgrNV%JQI<9EZ~uxwoO?fV~<%ig`BaXxpO8%(du#uIVL_csA_ zq?X-YyJd5W=QEd2G}ebgPLpv$*9M;P4>o61d$5SNUMYS0d7U?pD!=Y7QO6Y9PGATb z%dX+poTkiu-|z@_4!=|U_nq}D$TFkqPYt!mj_o{Rcrn~bH8Vdyzy07`DR-V)6BEC& zk23Qy`{}v4V+%>U_U%8Shls*{ysb@NwKNyGPSzH0xht|fNBm8*rNyG#ez<*_Y#SbI3qY&n>Su0ohNp z6GtLB;c4znS0H^(D{e=P#&FM8%nhT?9_6n+Mnv{yg{X7JZz9)YF6a-wf2os^z?uCw>%<~27P;}+gbNv$7Y5qfy`%K1Udfm&I3xF+ zHs>q^9Q6@(x+XeNqgbbuc2#|1xJ?IO98%9W0{}4`RO2r%?*NA~8@M9C zE2W!hQ6Eexp8!%wUmgD7kiHOA*s9~+#28>hig7Imbt= z&07bovb^`p&>|xZf<_T4s5CC^>>b13u3%rSG6vRjXJ1?x7#uR8l`Qy}rhBpRY0Y{8p?h-Kj)Yhhh+%q~c zAybn~W!JZO>%qvUaclFrDT$rtUy~y!$Q%yz69)%FM4jSPb!wv(&#qYgyX1#$#~u#b z%LNN715>ErXC1jV&>%P_Dk4&os3T6T!pX8hK)qtpzVMVwiv!51|JV|4cr0FmAaL96 za;6;ISB(_IC%ZSE4bl@wl#5qOIvMIR>0fGFg3ZTjmD$@+(ehT`<^XCF#h`O^>;;Po}U z#UhXEll4l+f!&K3-vbZ2)dN_vQgK(j>}HP+W0^u11e(5neRyVOMzluwa-;1M zLz|^FD+k9p03mOi;nQ+`HPOLc*b(ijoMp>Y6E65i*=nP3iq}Z3iq}jh2lsREv3k8q zX)}|$xFO-(Gx;l5uH00_QQVS4!h^av+a!HVgBxAZ1qa6+i;IiAQ_Qi+uSgY&;DmzM z2PY%~cQMAYz3_pjXWG+;E@xiZ_ScQHo;a*uwuAb>ZhYi-MqZKEkCM`N@g-YIH?@-l z#CiDe`3jM-vK95A&jt&(=`=hzG|5CaVrgr|DlDu4C{=?vok;L}e*P&&-Ybt26B89J zyu4zMFA{q?ITmOXx9Slezge^3mwvTWV_&4YeZ5N`?63NAs@7G@ zi65e_^-N>d^kNnr2L%80-Qoa+LTSD3!?0Pn6-$ef=;PeN0fq2;%Hp}hk{&Fs)9*V+ zCUH|OkQ9Wk4eaQ4a$A_SU6}1pbnNt1Wng5C7HD(kEAN@$F>A|>M~xJvo#R-7Tr{C= zOG+`5x`7)_UKz=Oj~m+Z5NkBVyG#9sZJBqAyrUtuPl zK|%FTr70oEBKV1j%kezU-s-4H;<`;t^2=q5V#*Tt{fu)(Frl=Tj(4>fTERM>0i znLYThqO!CUEcu$d4KriioD|Aw+IXF&xsa&BW>-=m2<`)VcJ<_NR2i()EW2UZ z8r~#xCOJ>>n#MF!la_0{=f0K!-KdG1H>C~Uu-jZPB{G%&VBxB(LVPtBsVNtJ=F`){ z0f-FS3m*yF_W9u9Sam%-nT|aTZ(6@`qY477o`*b0i+Ikj_ig8=M+8+bJ>sc5^qzhc zvFcdxjsqGgQ4bi{HydcYwRoXyusA<6k}&-9d%k1)BLPawuBJU*{y%&+k1_S4D14dA z!kss7b+do{@4wqPWIy5=$#tKTx9zPugQ9cOkhlYwk@bUZc{)QwLw(heUTLT$0myoQ zw0H{(914%I7c91lm#kgZ+uF_9<@svEuA@DG-?J#_I|c{i8&gfBGVQt_0`6ZMZjHx6 z8e=mv5pED+C(qlp7o<$dH?4aY@@w6wp<+2DPY-eSwr&k75Yb`gdnXT!y4kj=C!Z9q z6T5W>VkeS9RmH5k%2o_hBxAY{>5B9Itk-d4Efya9hR>}#?g*f*EGc=9@L{B?*!_5@ zjYMOtWH^pUDN;grMX0L#Mkbnz^sNTw$+WAzORIgd+7NncGi^<@GOW%Z+}Gb+wf@4! zl(3Vx((Y6G+fe>XBIFE+7EgM@JB_+s^hV{``P4F zw#g~6NnNffr^@(d9@Y2ti8_gZi?RUnF2ox(Oz z6eAQMbuPjjubuX2^w#apm8$8IDmw*4@g)6p!?!o@jE;7=%Ttw)xf_I}CjRI5mK9eJL)0 z=d)db<`=l~EZZe~*%c+$Y}_qLo9rkLZp!???>cYqm#)Vm?s@?@y!y$$v&_bibA1@* z)Rk3T%sk{#at191E0HqgPVtLV?tO%qO13TPPH%IqPSDDtWH9d@az$oMPPo@5uGWmY zBmR#fB*-{WDk2sx$PTX)HoM=slM%;f@$KE31h&0AY)xjZ+0l48b`A~>*>69wf`wyv@i^4-1u|Ukqx^b{x6z$qjGh?^1Aw_N;A}#`1U8HLALQZBcVSh7iV{yB#h!$zSwfHWWD6nqby5!{+xaSiH#YQM; zgzbicTo)!(H|#ik9ND-QCyd$Nci|GsBW(c{2qNa2;e6X&Tj^ErWm zfrO<*Y26R1oKUu4eS)s^+p%`3*xK1monF<4KhsQ1pF>Sc5Gl0^7aq`slTnvor41}% zBCV=Vv@&gqd$;xYX**J@ayXlL_T_~N+n(EX^y+z#G)GVvyQO;J+N6Hy!?NKBMpagx z4;HePIP1ks;txqHhcwd+fi^RNM)De4^WUO43DO-yxatL1SA4XSKaR7AaEd!CV^ZbFvbY)!Y;EZAM*244Zr;9%dOLDbo^8Je9&ZHZKm^J8*~QRiQ*^m9Yr zkycXjDb?Myd-wdi_Kuixs1!0dW{cIP zzV_p%j|?f|wc|pa#(Tb}T$OgKi;~apytd`d5@N}lE|jXmtrPQ_c%-z+H=uOyYY!oQ zr8Q1{7H9(rHiJ5H^MX*WTORj?w-=W$U;ZN=rBRrDUhI9L*1{c-GnlFYMOHQ`y|uVx z4He`xi@RIt}QWR zP3CzY=a?+5t@-d>uHWpO2O5%8f)QdegYjlt5)Vw2lly6tZ)UzK7|!Hl>-#qm}I2KNCQ*;(eVh+3vT zfZt^Nt3jw}O@G(sFhE#g`=8HO|GwinREH8^d7LLjlqW}wYYq&yWT}FwmaH<}pN>B@ z26@rfl%5#kI%{NdJr{h630_F!^~D=_p67t!l+xNdFk+~JwQ1q2)^F=UnJhVKDp`fo zYOb~RYJGy%OFt9fP5y?9Wn1l4(;u;^;ISugyQ9t9a@YO#+j&4oAMm>*FMx%$bKE`| zHv02t<#=y(DsEA#QMH7_XvY(*1}Tn6@&#BT(UN60Rk!#(9-lCJjp^p3a5@Cc+4;^E z;u={^ZHLaSou32iXLD+@9ju{_odLjC0x_x-Ch>^kR(cWyugV z5PH0Y;Wm7m9`f9EO=6ra2Z zFe2NrfA`4lH7B?uY&hvOi4OJ8SfT%~{g7$7x2_ABCr_SKf}ncm_U!`y zJl&#=gd;$~`!qd0on)ME-@XY>5M>MX!vRFj(aA{_&`=~@6(y~=|L{lU(ke)Gxb5mo zLp9OfAYn@Qd)97aV4(a>n^wfa{CvhFVt*dQry{86nrKBfa!m?%L<)mRJdaQ^fgoo5 z?)tKw$F9XSH#gTrNNtx16>EvHn;O!pO+?M@&;YFYn|AeawTw6zE*Pfo9j#itOD_5;DLhxa4`CTSRP#%KiHI6ydx9VtP9#=&(I1$Za=o-Qw3R{2gVcl-uG=Bzb?(b>TK+WW8_qwB}@?#CwIp^nlyq zJXilfW2zMXt|AJcI9_0UqRkRgwS;__fPes~z!DB?!QI9!nW-qMqgt};*qU7Fn2S?? zgu2dBPu=}p9^q>1=FOK|W?OQc>~hA+j}e9hWbrY=O=JZ86t95#4<$gRSHFPh{j%xP zQVIaTBoD4ywJI7CFnjf3Jf4U=sn*^J0}xuPyLNo~0}oy{YiDo&mgJ%oqiW&W^}qf0 zn8E~94L8Bu_V`sl{I052vdIKc=;`T!Avnsdzb?#9Kt`-Y0tqTX1s?&fhMh!8Urs-i zBoPm{a|_qrcNlU)y~+XhgWoV8pBmKHl3{%o$5;NzpJzHcJ6YY_+%__s zXf+wDmaV-Fx?jCiC)-{=F=sM>|L|!nP71J@yVyoNvLXodnqbNp&licf`z%MW4^;p>2j!UeL#Fb z=^=3Oj=TG@T8GM{2Y)a#Cjb_+V-0Z$y)$ikUt){d)Th>C@s>n!55HhxS zJ=r(g;VqW}?PCGd)#%7bQXlf3D&V#v_ReOkO9od_i*SD^Uwqi)n5k9oZmb}ZBB|=J z3Dsa}k2sDS0(nZW-*&JP-jA9Dtz))B&FVCU-MixeyQws@=C>~Z5c=?Oz-oT;^Yf5j zU*h3S01-KGgI;>R2m8VR+zYKP8lbl%fIoH{w{{%3Cw3@Oj^O4=Tu_eJsEuXj`=g(Mq`bG5%ujXLFe35Ewn zLfy|!4HFj57}25e^`%qE1N2zm#Xvyi+FTbW!l~k&Qc75ks65pwtoq=ln7nEnWCf9{ zN6Hh`l3q@XeF;0u4^zvfS=8QLhggrK~lhB36 z0Seg<9xRL2hGJUi$rKAEVSnF_tB9vCaA;)PC#8m60V@mLMYtdaGv2Gc#M;cBQN> zSW>q5+QT_eBEbod**fqJ%E0ffE>l{O^v;1tO$mkpsuC>c<$0kC-*9_8f|@JW$*EN4e0#337$h zuky{q!$axHmGIH7&;2!Z1?N258JZAr;}#y>yH^SRX3NzIWRG~90+Lur?BGy|ivq?p z1QA9+sWL(fzvECwHvU**I? z?4c415BLDv#d!yOm7{#DUrbC4#pk)8&dX+|c}rhy_OP>R9-kT?mmVKubf;%|N+Fd_ zbTj-6r|)mBn{Vj%Jk)hi6|1B?3GJdEpqONb5Qi?t4LgrWLIGBVT*5q^FbaN(otL+2 zT_}&DnwnZr_bZkw2-JjqMI9N5v&fDY`-R}M{djn2?SdcEEWV$NT#za28F}&I1&Gkp z!Y!Xd#q*GPbU%9uok#}%DOfaywU901<0;}05xKBz*|O1}7P&L~a=!?}?sk0#s3*sn zPQO%C19$G;jk);#re)vCl`CPM;w|4H$KzHn24%}DBHo^twdv3hh^$ITa6f|ckQs@^ z;{1z~D*mzG2Ku&n|DrkOpvRE|l?uT+UMoulT0lK2H-7t{7hR^myVG9~L;k^$dcUHd z^$Nl-xzfaTf`}Az{Kj(R&_XPi#!Qo0EeBt6Cd$sfqsj^hFq`49UVF zE2L>lS;8bmts*2mif7Ss;mbq%_Rn-Do^Lsb-Mh{Sx}*lLpK8@vVqfGNgP%y$^UwZ# zMVXv6JHpO9+y*80swLOcWmNXB%N-HBNoh^2V5pF-0_?EsqGM%zFi{1g3<(1k(V(Tc zEiDSFnobQiO;xI%<<`lK!zJQGNI>HDCH5YuHlz%Ja;t=TCcd8XmWG5sGd(SMr{XLR zPCrRpC|j+BkNF|{fKKRrQSVn%)a#00Tx%wz;z+d*dSIuR^IMIytL*Oims&1|f&f|R zWpLR`8HI6*Nj(>2ETNXJB`5_VR$17~pKStAGGrjZ;hZZX1;bi6ctjkSAx0xL2Ga3! zgl%J3(Fi%BC?^^LT7po@0fLs7gN_N^2=}>~{&or|NM2qZM9l*};(_5UR8v)lP|F2i z@raSHu=iRQ(kF57oktPOY}`a}9}+Nfz-8ZztSrqJM{$HXrcjX~PzF6kw(EwsLF|xv zazV5+61Ya5tINwKOO)0oyLie&#S^hbYGaqf5$$D<4Ph17qp?zkfRM9DZWE|ir81{} zcSc|bV)h{hzS!liPENyzFnBIPwlpDmIbi?7W_0&wg+diB}On>XQgl+XG3VLdGz zv86B2JXb#J+F%XzQtDK~@AOQh8!(Sju2~lZ5Hue=h+7%$?k{Rxlxc*^0E-jWd2VaX^x0NFb zXV9{atfY|5aH|%J+kDbpdX@y3rl2U1X8|kpltU@%xtPoB0dgBNZK44kBY}6xDZVeJ z!X#`{Nh($@txUtE#f8zav4_@wuEOfdB>-RhwTp_DtqO)LY>b?Y2U6Ia_PhP-D_J+W zsGvitAvuNN#25oM?G&+p?a3mZ04mNH?6|D$t(!LqkRZSScEWYgEO0|e-5zP@#C8|_ z9O%mk;Dlc^7@|Je|9)Rp?JvluK_T@aSOKW-u^|0SAal^dLD!ieMndNFCd?kb(+K50 z2vm)iAv#|2ggVsDR)a!8o`mp|Ac5Fn76q?ZhaHH|3_I(kg8U0VN*p3rQC4}lh-~qD zSj~VyYEUOkfGLus!Sxo0;~azJOptP`^Oy{FNCuSOYcnUgfh26CFImFX8+IDv(m2Ax z<||;XO)3HQvWhE&`6x=`g5h`Q#QtBVN9$4(tdEu|G zq#q1NU7CL*d%9#fi7DhsG6Q!}s5^>i_nnY6G1@Nw&k7Lgremg4CI#KH`4?t65_HY2>mDJTDPD=ISroks2CMy-*K|lCq zQim`EevZ9mH@OV#-{2Z0F?ZWRwdb6w36eA zVJSJ)(sEVHY9tz#VaC86!NRsyLQANM2ow+z5g|_U*m*=gqI-b=?&$3$mV^EXKkX`T z&rd0)oLp6ANMpS6O&>Y}LE5a8(G<#30ZM zBPQ70^9br#nIn22VWI;}zi*pjNCRLU{QBlBp`t*e!Wpg8+x0n+{(>2N-Xus9BnFmA z`13Io9h7Kzi)A}e&Jd})V`wM=S{qx7Yyq6-90>e!+qo`O;xps$VHU(_0JZKsj#dqP z5U6!3jK1Qq^|aWvDI*1uLvsB(9kDABy;?B`P!#7$mN2^nsc+YDmIono?&$()DEZlD zJ^l02BW6(zydC-WAMtjO>ssDgo`PMzj$}(fS1kw@ipZX%0it8@$2!M#f#~E=h?I>d zG80gH0DNR%d|m=&7i5(Ia@4#rkRzu6m&r0g0Tv+*+7aMCm!I#~$c~|^NF>TwX>LIS z{5HtbVaV6#XhasoCij3ta2)$A;LD{YOaLQxuNukD_n4g-P$i*v8gpH;wA~hLML{KC zC4C7r0)c>f_Z$uNQ#`OnKagh)>c|&__=jS=llO{b^3WE%^7SQ89I~G1$PmYiM~Qd< zPVFTKdMO$lx(VR+df>+*xV#pAXNu`|)k?)muv8PBemXHQF#lr6;r)SXuUTQ6HHsq^ z3#1M?vXUo_{PRNqIQcL@8$&1$q-u^!+rY?s z8kN%*Jo5zDglL^S*T%P&VSrJjmw`$nlmc+1Avw+=+Nqlc* zMnX+McKIM2>OFcbW>~q$cA!BX&v7kA6+aQBwpfiTtdVWA4sb#csus`p^2Ula=V-R6 zc}md=J4GFBf;w}EBLr%$3dqw=gdG@EW1#(=3p^SRtQn5lN$^nqr=R4Nn9m@5Xz7QL zULd5fUu-}Xp-V}x6F8}8L|c^>?%e5Aa#}h~bn~1|GSR4BM%}oHq8(z+_OxNbR9lh9^C%t%J@Nj6Ga1`_GLr=-YO*iU# z$dhUtcOCb%7^M(MEfoY)TTm@vVC2AzkUIjk`%l6r^flBh)XxD%XJ&#V6!??~F-t@m@x|#=DBt6MvAB?!D^VbKKr=^crOdO# zCm_@&;|%bTCPcUS5%<(b=D9NxNH{gPW~7ggm`UpHO^_G(nfHLR$NsYAD$;FgpZ)e` z$YBWf`R|AQ|>0)Qn!GuD%BHGWU}%zF&Ul&K*K{5s9c&7@XS^*j@>$M8b~&2qP~D zm=^&%nEC|4ui)5YU<<_8OWPY)L1kwBM=EpCewIc66!WI*+OaB!Tt+@_=RgiEIl{pV za1W5(l=eB=8HExp97Jd@GPmp)9)Jto#zgseZ<_~z8z5{OqsaKHQ{F2Exdvj@GYO9! zFVK3L754^|GpUqF!$JxA^B~{xqf{*6aO(0mu<0seBxEZoNG8+Ti#wmxaL&WobmYpX zO$7R(NU4i&1IDjEHk=)X_4-Bdp{nzCtX^USU^7PgIw!Etvtii+M3VFpsG52U^X*>Z z8WWcnwSXub>?!l|oJd}q)3;$&<&ptsL|>PqX1nl|1$-_N)SE>R_p=m}?T;T*@@|SD zo5D?_mVUIT4lO8f1>it@igpJ13V`54N+O`xXb>}*_9HJ9gP(QhVrLWoJoA8bnns-S zt@@9N%n-hfgGHTun$$?Kh19_5G&w*_$}nEP1Vf=YrURc59w!*Bt5D2nP`+WOrBLB# zc#7YnO7R{P6kP|H(^>3&7Q1E3LBD>zB4k{$Q)sShB~Py@Uo7Ya`piSWGg-01a1 zlx0yMItby*#|?3sRDrFobEdHe!I=_aoT&QbY~nbPD@P=7fC!;O;vfZxC_|VGvcsez z##s<{7!6l8faC!6;V~gm<-}%AgCwaz%}>Z3Y89?=kc8gvAc7%Uu(qssC4Y+ZHc`Tv zXh?h(4r8xK3p?tk{j)o;VP`-F1&F)l0_ep6c91azIgS&_s{?y*p@Xhvk5@^JB=ALh zRfmxxgn*u3<&|uRNHh_ZQP1GPo+=*q%GfG)?YJLte)q$(QU~<+&4yJ>;$+c&bavoj zstHIW-Y&?8M7!5^9yx=Cq#ruNELgpe3upp`E}26BCb4JOSd%5xY_13r3IhpWa4Zju zLtO>r@7jBR>?1~$Lt2?izp57m#V9NwX?x;_UnJJm#wG>Lkul&4&t*;>l!V)i0c8*F zKb3|?iWi84_!M~b?et#$86uU={eXB zW3W;8g;zu4dIEACBK+0(NL*}eup*2n+D?P~L{NrYuX6tUW6)sTHJ)>Pap)L~#KdclEQJg)H^J`E{#aS=|q(JN@zQ5@B`@Xx2*wfGjr#80>in@W% zWWx~40j`4wr2)j1VJISbg_scldTB!&Ho;@0?icDl{bA--K@bJqEH`RfQ3(>VsWHbX z-L!Qxj>`2VrvF7mmaj-$QM|W!MJ8N|NT4B6ng92?@#oKj+GAlaU&bXP<6S_rfGT{O z<7Ipm#FEnZ7hY%V-J6S0Kop^jlY;jMG7US3P5C(n-G56wcKSQ<*l>IrF^`xIiCr6u z4zs;5&gFTU59lBQdWlN~=K*m%S1>(YN&(25`E}9AF`J&p;ZAIOE~h&n+h>BDK=U!P zLknKnev}OG0G(5Zz(me67|d5T-al7L;f7elwY`N+w&0i>Dia943Z#>aSM|Nnex*WU z4qaoGhth{MC#b}!y?`cf49rgaWJIK)7oY!mqtxKj;}b9r*k8=KJrT45ei_YG}2w{@U0` zR;i~whyp6ai+r7Vj_bPn*0BMnfyu(I{{Fd7{j15DjYOg*<4r&rL?bnj8-H7B^g1ww zGJzVTN(W;S)DK=B zr^X299Hrw-LNX3(FKPBfun#KS9i^HW0&XRdv;%;AK}ow5V>(qDD3D0pVR%aMpS7mg zwBsk?#0!H|hY<_3Kk8^)uL{sM?LjJh>=cq*~6c7kd` zPq<*qYz~HaEPxO~x9i7KrcNlC2?>EhJ&xDT&W^K2LPA2LlbM+r(d%jTC=PZu$jI&8 zzFNd80JaGI`DmI@Yr1C%@f{3rQNZ?n2rHJ2mU(#3C6zMek#FBF;yhOLa=5|=*9l?> zU%){fxKXjdR#2Nn+RC@$T7%pZ@=XLAqvJAByU(0huH-_VW%2rfM#VA~`RkVl`F}W6 z;Jv??`-Do25>YP|5eGqD#$cep30ex;L|j0Vl6o1GGNrfG_dDtQAg(K5m)aB~MUuop zdZ{K|{urcP^mGTZQ_O{oWKvdQugM4z;&~y_8unk3TUA6E|x*)CAlS~UmqYw6L z!qAhp!yb?siXe!XXD3~;V)Ik0Ra#8Dk_0qh7|je%P=9BU}Ocn4o?Y1h9bTb{XM-d9serz4vcRcnPct5A|X=xfCHya znHlBjNPo@CVfs{?LFxTjc9l5 z{|gpikL!gK|K;Ph{=EydyKskh)gwBEoB7`*d-s!_Us_vG68?Vce}~y&|K6ARC-6ZH ztsns5!+8nv9WAw#_nF}IpX7gkod5kEA4-2+Vu6C|>`&N|Ne3=Mx?F<3ID?nZFYcC( zZiH0!BpH$34+uas;xVDTl}11Dg{Mo1NMN@CL0*!f0fbF#a~^v{@+dL_Ap)o^^X?zE zjx*Q*5!hGs74(2RD4jtkq&zCoj_==JAjfHT!W&r!v*FfFoAzK71vEn~?woO&E4u&O zT3Y|LR=>~3ox3oN!808ef(RTxR@S%V{i?Z&W9e-ya2{Ce`Gtp5kC_u((6 zRHnuEnv=V`XT-?^r<9;jz|#5Ode{$4nldDuG(Sm77r>f6s0i{PZ&|5? z|AwP8kyJ;d{{~!eZMwM*Vx8Pp4y8(hc@i5nQE&g6qYzZGG~G_$-wi+;>44(KPUEN; zsjTDF-;h`q>+#Ds^8D}XcQ&;tJRAvSM1sST7Ws$5s!3`#xGU01(3A{(tB&TeBhi72 zKYv${Mst8Ps9tG=*UwP-z9-8fm49AnIRZ6cUvV~3fIGpE^U%uh(}GKoXZ6uoY7WoS zVq&8cv_fxTTVuj?M~$;qi7`}7!+8@d4JKbeApN`)>a6ANoqy{P?C;4#iqZlzyzi<=;QP0aOPY>iAPQm#1jGtKoX%C zN~`+={4{D*&OLjMqnS~jjC}*SAwKF#^tI_WyT8|kH^(_m^eGPl&ysA8;Vy9~SPeTq zJ@JZ;SS#7fw^A+!6-xk`E&@@oyn*PxubAjJmVF<^`rm;2ZXX&lLvgE*o>IohA+$c} zQ~YrnpP_r=iqRCxa$Sl)fcFmFAuZ*p$;qQw*Dg5Yj>6RWIxPp!j-LnKsBRR^O%gPA zrKrb@K;7!Vw?PZd(CgN2+?ZBgxN6OsK&*#Gzda~-4@z~C?pZ#)5(cu<`--Ilj`Y5m zJVUifdwlm%zn2Mp4Z1~)-$jx6g20$H0@}gHS5?B>O6X1aSlzm&#p4|UD{Ns z_zvZ!G|DV#;13U;!qaEY_(KE^gltg|y=&|R=^gh#&Gh8T;^LgSUqAHo1T5_RCs#nY z84;H@Y0{&Z&S4ci#@*Pqs3dA*WDp!7UxmNC#s=zo@BjrIrIi82#dYc~cSO}xy5RA- z_RtVYT7Fs?l!V|C9K9YJt35mlvwl0a{Own@o1Wu^AM1M{TO6U40ldZ~-(Eh8Yg`71 zRtDVq*=ab(0M|$coFnZ`@BI&lhS)Dcwj<^Y+z>V@QI24dhr2*HSj3^KlNYO4hda(n zg@@8Yy$Jp1FacB}@UT+JSRB|UPK5%QX9j#I>MFiy5LA24)5nRb*tS%um8OTPmi$Qr(MC3`a?N^~zVH+`N!UbFzv^5S$l){X!@qT_`>3C|P z)(P=X*hdN#T%DEiFq%&(RFE=W*?)=HPJ|4AGuH&`Bg?oKH9U=c#;?j2V-_fY;GE^c zAm#p~3M0_Bo4j4m%$_;HR!LmsxYv@zy}sLEkuB8uC1$r2I7Ch(>nUg27-3|JD)OKz z*-YHRjEs+No)I8H2(3uKD(D|lp!YQ-g#oe-C?!IVha4+2E~W%}6vop!^iEHJtTh4d zugeCGH3CIO>UmTp-Mr5uQKEfm%G4>-S~-$hU&}+Bmp|KTu|s|{&yfX%F-VFSqmS9= zVNRB5Tdo#&_RpJ&T#XpEN#gkP<2Qhan zEmC>&7H4CtlMyLiL4&lc^KUSyM3TNr@y7+3?_YSlA*A-w<-h%!<(Bp;y`}wTTVSk5 zl6AK%MsDaKIU1ti)WwVhL&B}?D;^(i6Zh8$wqH43G~jO#!ULt&Qs~)Nusn~TDE4AG zmAm>**`kvS27Uf^4A}#*YwnB3YVH7i1J6KVv@0t3wZH#<1T7R@aGWeTvXB{H6h;6N zMVu4CF)~ff8zY~*_nun4W$V_?Bg2=LJ3@7pfruPbg4sk^En&F=T+@rrUS9euvbn)}!h^VVkK#0ZxOtizNTzAm)0-t*Q{SiWq5XBMH=gTi<5 z-F5qZw1rh-HqkSfh<51ySUOJzZ|=wZs{MdZUAXXtJ9I(CUPAYf42ga)G<-&w|BPzv zDy};g6|^Pm*IY8^Op+H3L6?FYP%C9VxdK9NlR<0#%5ku`yLwxLm*W$T6zuyxc=&&~!Q6Z&JHD2^=uYjitV^-WSt0@CKICsznovhP2L*^H9BXp=co zNSQaj4nVgPPILqh-QYnXoIwY;!K8u2WKhORL$#1WVpN9=Ov|lLgkMMEfz$ddoC+GGd}XyNjAe_pFk*hb^c+f2xe*p{_?!KD+(=)P7@CxJQm7eUVMbC^=15dKN^X- zj83ClkP2j>0v4$gN+s$f6Oh=JeP0BMN&C>cwQJ=8OHqeyHgLV{wS)j!`{L9ZGF=!3 zN0No08jJ{D`!3#n!X^3NXa(-^4xf1LdVdfOdak7Ii!9(mm zGtekx00JHXC4a>XoO1%h_sNuA5`0NJ18FkDdKeJoj~83JVFN$rCP3zI@9s7Le7@4^ z(9OhW`Qx-A2Da@hMnu_jXX;xXx3F-dQjAiuBrg((3Rwy?emw&Xy#vT*45CW_lu&=z zMm5KJy^G8NiwZIFhJousgU4>6DzFKK7*|jt$xC{G$f|UskFg8RH-0QQAI*cZW%up@ zCAOp@;`Dt5*Fj-vY3cZ2Q$65maSfP5NnXG}*D|NcJWd`L%=*ZCMo=}Xl0d-qKrn1b zKMsYGyr|CJ^nGEYvhgff<-z@{ZmS!n!_2*0IAjMzCti|dfEZQOF%=S~s9<1G>bkUn zVtGsz_C|GO-CnpMb^vLJd_F#*XoqeYSUL|10q?Qpzz~lxCxTu6Wr42wn0FU!DFPry z_k(7YT^8)>FpprZhn(;kBAi8RbIIndaQvO|k zXh;Dh)?)-jzFv>yz{nElJ)|K_WQ{#YRy|Jb3+AsD16H$ro$Aip!{ed=O~V@@#2S3- zuP)U6Kv%EOjHSZpLbKUi&7DLvM@e2ZCs{5RUKq8ve0VHm2k9zBd8mX}jXj7bCXIDy zJ-y3t^{e+@s5=0Ks^Eov_si^z6+xOKZc0>Gn1&`!a3KI|a-Y3}LoY@`RwCcp;*b@! zPO^PO7vvGR<%o|5zr7Z4Hcvzw*c=0x`j3EeM(eaT>U$MPW{OO+9V3|JNrMp!$AKgE zAZTJ@*dnGeUz`e}bp4%#?cLCx2lP!m0}v-wMB#cwQQVI)8>Pl7~v&&Rm|of{qlB z=pmpnF8ew-ImLpNty@}Rou#m|zS6neoM|gXW_aV>lp%x&j`jK#JwyzWK*LptV_&pj zC(OE;juRYihgtd1@7|K_polWrlEVul!=cDw19+%wr@To^w8+<{*>FeXTCz&NSatHY zzymsHsc?GSy^+s#%sf!(oX@4OCmc|lSyNaOr>?-5~GaUC`Nt$q{K?U*x=0apDONLfXU0Aw>|RuoD9|#+c#J z`R7tE-4|UP zuWq*kfkb*CAV1ZE|9TF$htTIpIp$CR+$b2hjT>ISc(CnI-}utfvn5AVhmd^7OLYsk z+KBL=aJGSoQ?L`7uslkP&i?+u~{=G*3S6#F)`c$Zh7{W<4`u@?VdM#qpCfQaRSU3lCKcr&!t)jy zVx?3>bv;N+3fZ?7_8V@Ae-%$rVD*hp%U&HXZm%WJ=*|5j^MZ)v+5uxMaVJlgYoBo_BY2ZElD}6G9OzZa)OM<4sly_ z@CI1Kq==nk18*t&|>w2<-kKAfuMm@f4pdL!Tl8B~pA{0>u$T1oi|{v!~$ zv@rT?8zm2N7>1?`3JR8I7ceh@k*r2TiZ||bdvC81Dem{nh0O2JSZZU?2_+4*@0XS^ z81YMtR466qb}r{sKX%A+>mNv;MVHD}w2BgzgN}~IRPoR9%ZB_0;0|}y>-~^HiAYNR z#~+01ZD{-heY)@7y*sPzinBrHp(1YjUnF?o`Sa&1`#aDYf$w#U8uY>(I#|qr64IHC zGa7JW%qH^D$Mqw=9uq7;Oc6xJ;q?8^b}}-mzs;*L5y)H-gc`F0%jSJA+K*xKDgGLg z{RLVIxGN%RAfV{JtY@*_jXSY0yesfGud2d1Y!VgZvQ(zTvUhGCXUYEyeAc<>9_(%Ie|GMCn)}8#bCqklJdQs9++#1o)E3A|hgdDJbTeu6e*k2g^5*-9*3;$Py8G zQFliaL{MO$6;RYb0hJVmMFsZv_q3n)<91G8a2RHu=YH<{y8dsMPcn_qa7p$l#3?UQ z0ng{P`K_3-0Q^&!DT_ds7m(#p?+#@HGLqvwNpE23H_ z4$Q~(aSOoPJ?=#3_(y=1jKBuYIr&t~0}OI6W9Vegm~eb>yXNLlE>qMmD zpF7@MJxJqODBKc?ndXp&B1^)2Ss4`W4TLgbrK_7i6g@+NJXSm3CYFur;$v=$gzOxk zAG2j`4Xb&=r>Q*fQ9m`O`r_<$IL;cp0`!pxhm|iwZbMp;?8Y;-5*n`LH{G~iDqj0r z3Kbzl@h%lD2jv^Af2Y%BGh*nOn(%vhvh@lgrC=)z><0XmcLe!i5p#Fo=gYZI1~;%E z2t(yakQy)qNGYmR>)Ea2)q6`(T4WVSs7Gl_^)M4z8^8ZFrB z=c`SXw6+94Or+2|sO-A@_RB$v9~kCVI7mgc^tq_ll33KfNVTd!M-Mj)Mhu6$e>kZc z<@q%~j)cf`tBN#Gp1W(7%=swUH`y{%fV^QD3p|mQKz)W>$i#cfq?tusYk^-O!FD`s z{k3eCCIqX(QHstj>zy9s$I+xEiD)IR)uE4Xtn1VUAG&FRH%FEB{SpqO8KK@xR!{$| zF7tz+7#3s;MV(ST(tlvdr{O!47V`IwzNtDLp-6DUuN)Hl{u4^`gVcb9dr*_?s1N1& zoyEQv{^Z}EUBD>=HebzZPZ&SJNF09#vbd!>lnH^?wSZoj*QS(qg$JoP8H;$7)uy+sAj$|Zy5Fc1JGe*|^YL+cJZE7Rs)R`q=;2R|BW zU#f{uVYoEYu0U*DVEa%1;%Z(*MakYV=ckOK69I_?V*r??LY(&yPK6emKLEc(QS!E_ z1YK6T3q{#v(;+w)W8rR?@WFg*{Zfok13tuPlC!d#!^Flf1`6)09ZT>)#UG2J@8f;+ zZ6!p3j`{vr82iG|qTeDw8G&)-FNgTQ!dR5xnhg`ydDAZKHb=u)%E#Ca=NEX9xx4N4 z#^Y?>mqz$-dhA%jdTI!@6}a=1Qr*Kc6QHluutr39HJU^rT8<$S`w){B=Gtw&Q!TUf zsHd0f6SfI=s+NRe(r=rO*8Rk~@s|L}ov-NFLbZ~++~>A^vfWr#wPBAc1HYI(w2}Pf z)+@p3t?Z(cO_q$^H`eqdhEak!k*p=4sPn#m9F%n%@m00&bgp|1+I$?3` z)k551P9B3n_?Pn_1pwu@gxVUr9wJxr@n<(24dP;?%vp80l-r!{!r>z}^KHPHP?v&^ zj!RvMWxIpPeXx*`WEtT@Da=Q@TN@aY(~)Bu7_zYUsT==5%yDYKKdIO`arVCb=|+)U zTKjLM+wIvPh>w7wB{c;b||z$v%D%^L_QogH8g7N z>g9^HGQ2x(7Tk9G78}d>#@*%u�awQ>N&Uf?MYaB0>911Z$XQDz2h_WnZ`HC#RNE z!^--ER8y`idG#DJ^S*`AQZ)A?B2TZ|+U9cym9>-1W^uOW7)R$)K(^14rJp}O1A@Q{ zrD^>B&i3~9ZwxdFrH58lL-w19_n8aC@{_8<#c;ask%ydW%RddczL*aLqkmYN)lE0BH1lmwgU=85$AaQkE| z$SA!pvu{qynrTubh)%=0x;k&Y^)UO=M~e#%SZ((lWO%{q7xTG2qf>|%t@mm~3CN3^ zB;*8ARS=rkK2EE0e&mQyn6ScOm$F^=^?VT&0`)6)?tZ`SpR&h}CF@FdK|>%7xxfiU zx5%czMh3VW2Z$hyW>-x#Aym}S^GjXH)v>N=xpAZIluKVZBI9qG{dRv4lav6lq#;*& zJE5OSoklEO$qBIcmXjfQ;lZ_;sps*hk_p!0mCbP>Q7K(j3Qx&-mLWjRC1eVu8h+zk zgZHp3-edegsM#yW8p;yYBy5|tp7!>c4w~&DSGKS1X}gxuCpY@tcH^hx3qCUN!^4So z?GFP~x3WJzytc*eJMau)MpDwF(lonTEnJuREW26S`p$-zQk+tF9zF6OpItsBhB{*z z?QPYRo+D@ClT1tMUhQXPzZFTzns2`zK69c;0XYg0(_9V(H_;M$4~?EsytW(_KoWp# z@t^?#7qfr*G#4*qBsS`-B}M%=gOG4FRcVtKr&Q)3PRV9QL2RtaK{s<=!FKN7Z=;9l zX->H9b`ZpGFaCGo?JMr35xAw5R&ULgGSc1Y(e68OOQCn2#utg za)wNd_o&;{JHoSw33ThbI|FvL-R)PN;W5NKg{r|22tSQPGc>+a*51m$t+;1T;iL2z zq^+9MCO}T9&0Mpbbq*8n*5=I5xXC)GO0Y8qU!hWnAK)8%KXQT!%Cf|(fs68<&3e|# z^ZAZ@*aDUsvn_?2_M<*w{91**85E)G@70ePN7BSCmMOQGabyl|9@%dJV=my!%^~JS zmRX18${kV#puUvvWjLO|^X0nv0VMXc(1Q8Z$ie@dotLr`j8no=EmIAwyLI|n|IjZ^ zzKRH*%eHNF?-Nglh{%W;-s*IpYp3x#M>B3EZ-SY=g&=9A%^!YYKQ--4?Nz(joabN9 z&n_bS400Dfz{t&$k%?V+QoJZLVDy!YPx0mnEs3o5*AYWn&FeII`v5mBz<&x38|JOx|aQ$U5bqOUiL;=5ol9X+z3G8-vhVV*gk&# z1U?59UF0}`A61SBVG4&ZJa}-I(`iL;3cKJk^a@48$xyK3+BbLW`V@eoy|u8Qw&}&- z&o7ZL5L|a+wsPvFgkAP8^8-z@)NKMC9A2t%obtcO8>`RH=M@&Z0X4?}1)X!x(tz9G|N6yzoOpFvTL73im?9OqLZVg3 z@6NqZ_ZuafRZ`(tXnC0gHwn3t(!~!uRBX)(Z}LaB0gV%|~fZl?QN@Yvb!b6~j$m8;wv(vZV&0mlS7;Zx- zm*TA1E_9!Yej>Wc=K4A%5K2Ib@qEkVN`#-F(U1IsFuS0dScV zKA@LX(bFloizcx~b@r&M1GP|A4;{4vRy|JyT5VV|@xK~ooxJ+*|3@YNZ$h`er&n&p Wd&#xuzHQJ)b^FlcgN%ubHvR|v6RGR~ literal 0 HcmV?d00001 diff --git a/docs/versioned_docs/version-2.18/_media/benchmark_fio_azure_iops.png b/docs/versioned_docs/version-2.18/_media/benchmark_fio_azure_iops.png new file mode 100644 index 0000000000000000000000000000000000000000..1723257a812a773fea286d512d38ed9186a9a46e GIT binary patch literal 29702 zcmd?S2T+yiwk?WnciU>4Gb*SoR8T+^M6v;eg$POx0xAds0+J+ySy2>Oph#ANWKjgk zU<47#Nr@_w1tcr+j!E}E;nsWi)O~NCdrsB0cJH=qSp5GN<{Wd3F{d7f6=mnmVV}ds z#x{>BC!@^9HnW|LZN}gqzvE9HZJx!4e~H@e*R)l!G_tinZheyN&~e){r!8$yo19p8 z_N29qiKWF3ei8m{Ti2bkwLN1aCLmz`FJHiKX>BYZvEtD}e8}uGa#}WQYzvOlKQp4G zqfFS?Y;2e^dsH2Qx*HsW6kD37`bH$jj@^6WWqvQ-JJL7!iSH$4UKuTwyH6rFxELLl zsa~i&&qMB+>RZKYEZ3%y2F;{-J8F6t7oFH@#_QIjJ4ChS-tN5O#02S znZMdj|H0{V=jPLI&dpm`I)i@mc*fr!vh$zzA?xl0?6L}5Gyf|7H-D{|Z+Vg9*YeSy zGub$#@f6P`fBWq>tv#CrxrKx(Ylll8?6czcD(tRH6}I{!QuZZfdvm8)Eo-(LzP%r||3>V|!n@ijrd2aJXQt^pkMyKWt{rYK6Dpj zXe$Yw3bCt6)K5IyT^l3kz2V*M^%u9Fd>8TM&5gK&e*Cr1%yll*@$2VEyeN4+*ijL8 z?8ODAiJ_XIffDI0yu7?GCe}*39bLbEJ+FRF*7*4N*Uz6HNI3RK<0rC9IwkY#WjSza z%y`~>3G4XyvU%OJ7{daV>Bpo8uLguGZs%U+UzCG8vme? zs8`j~kV&tpmY}T`EN-vZZ@^~dkF^>a_*&qzY}G1%>zmB*4I4I8X4skC5zyCb&bwI= zBI#^9)TySMxg$b6Li#4Ox3#U(^VQ98#}Aw{3a(x^n=Ch(1+cWvR?Y4+zqh`0H!}t4cqaB+hhbmQA5dyj6%1bsXID9f-^H{WOStP!) zadhIf$C85n-hjzb3eQe|^kk@n$#{&_=B~Yb`Lb5c=871VO>ugfnws%qg?IT5o^e&kb{=`w zd5c4`wqw`Nfi@AA!sPhRLkG^r*XO2xdu1+Hj_IIS+-5i~qc+INgorbD3Qrsq-%mQ)rb#Af?vvPBDB_t$# zxn$=HpZ;)oYJ8wXvaafpuJ|(kqnfxu@9qhPhd6ce47Hc-Yby@EVH4P1kbB|61>50o zTG?YgneY5}L}g`XryyuK>&@*b4*#>P?MJbAFQYIw>c`P6ha)(8-V9;0Y6Z)jpAYeq zY;h_N1&awccAqF#a8Fc@Q|B|w%pBVx)pw}fA-Bf4yEetNKJCf)#6(L+M+`+Urq9OF zuEgA)E-~(?7?r5bcXzh1Y)kU3kLv0Uy_m%*$GWvfGz{lU`ny#_eZA_F6Z@Iv2tM&G zf}7k5gG6mEj72L)UcbJSCk%n59d~#^{c^UQzUBLVu(6FDe56w^pr3OZA9j2qa4yZoLk9wc0Z4IAfKPl9J8XaJOccQqZpBA#S54ar5l`)`(iaHr04< zR+{Z>-`v~F+4hW|pWmoDUd!s4S>Km88&w`E^l^yT_tdwBx=&iwZfxai40Rigv9h=K zvZ;ITzawzwtog6&T5I&(8yp-R-=rsGW@c)ooq4cI)H=dy*BYzpzVF|+-B`|deIV<~ z0#1wi`uZ=DiSb%b0}vAOYxy&z58mNDDLJ}O_b#8#@~-jToHwrhUklWo5l74{8Zwp{ zkFg3rJTXYfWNT4itWN493fw2(-#fx}z_S!_&91$4{h<&E zErg-Uj*6(N`+F{G`bh6zz1{FySXkI#kw{ZJa*UYu*K2vV*2W=2A}h-4W}dw%tTKr7 zrG}89n_+S(D{BVB1;A)7_M-ukZFV5*KCJqD2peyX*4VAK>+xs#44}8gg89s$$hDkmv2_ zYwJ>#F3wtT*U!%nD-)I4=(MHrnR#QDR+M6JIWmkL9z0mmS-s`mog1k+j0s!~%Hp1a zv6@f9jNac{FCvoqYbw*UEH$+zMnzUD$C5Pj6<90+y&H>Pg~tdLP`H`AN|Cr9NON z$IJrZ3sPp)Tg@60b0-6$C(Ii%s%njXeE;lWAv-8)SQJndB;{JWM#7<#clFNG+YqaF ze0*w*)bU{N<@h5-_oSxAZOkH^-&|kzq}sAJxgdk<6VBeP0d~3VVm}RovxOh$5ALb`qezy2kyGi3U zqU@N$7eY#h@Q~N&qO%lmZw(T1?Yi#r0K?$|smD7swT-M>Jo=5ou-#R;6Ose(cT@-e zD%eo+$EcU|ImLZyz>8NR*!V)SQ!OQDC9da_MhF^}x6HN1!KpHmBQY+Ys7RecDl z_Xw7MI$Nmjcu0tdHHgy|2XOnO+K*RFULfoH1%_71il*+5#-VD*jvb3{DXU|a1J)&k zdf`I-Hg~xkE5o)U4A&s976>DWpb~?*MdOj@Kw9{Lo2;u>W#d~?%xdo18ZVX1DH{n8 zHp@#lzxeyS_|TcZ{1Oz>lcT&B{`jNx<>k38ZEb$h=03`U?dge$iNZV&7>*7Onu(uBKVRjv zMJSi)wLzvF{r+kJcZ2`;Z{c22@-LT*-{^JnS}U#&Fx=nYUk(UlkYI0PqXM|f&BTtE zA-b^=Zek&S`g|zi=$Mjn?-_a8R-0l*+wC;e8EN0>C|e%9XyDdbaj~kx0O7dmN4jx{ zvjxb`M~)oPMtHAHHsNx2cSkv4(pecZGGsaPdGlq!a)`mSpEUYvfm zn-~YKhKwCaGGzYz`ST4gcI)7v)bg#G_kA`g$&co4<4{5H8+yG&Nly8~(}euW2m5Aq zH)iVq*!pZdq>R;G+z>K$r*!DnitcIJ~mk()6+w7#c8np z!MBf3;}BZ3pPlwcrg{LF&$M>?P5DH9mg5d)?ec-S9uZ>tnQ3P}U(j=GSvK*rEp$Pa z*XvtLL&fagjp9sI1xUN+;K~d<&v!j+kmvcttr+V zxnf~?aZ*Px~WumPK%^s_cXX_sd+^L3@vjgO%JgvTaq`yC@696vHgt1NZjf>Py z0OBLzAH8naH@Vi#Y3t1zxP^K>a_{9iJh-*}-@k)pxT<=8_j!gm3afiKLE#4Zw_<={ zYJsMJk(XpoOuSEA=r_<-BAzWhhKJ2++llu+f;DJ9nrhi3h3KkS9-KZ;YV6z7tENq_ zD6FCOtpc6UrO3Jz0czpJ(4IYe3P$A)`fop(j5Rd>n6w|EY9y#YQbOV=^1_p6H@y-Q zEm>~ft9;_(;u>8?bOB!6JF61{sVqaBZy&1BSGwCg!(lM(4NAEa+l}5w8;3X^U=0=u z|7KOJ$ z4)<6fdQ%PY=xBPF=c*m1h__aX$t(DbekeS$!L?w1Ym&7d9GHkc5`HB@+-B}p-HgGI zA@_+PjjpzPiBAu{8~*yALSa#|#N1?2SqxLB|?^ z1~d>p{TQHic(pdZ%y9XcG<5p(``JMNLS{FA9P;1J{lb-Tl8wNbU5KEpe(!LZEN2Y3 z8!M@r)3USXuX!Be=p}HwzU1kPk;Rgt`aptJxJ=A)MC2vH<$CSYE}pUX z$XVuwoK>4A6VQLu*rx*7%YwV#)m4$!|Lf6EY>= z3G827o@}DhB|6w{pPIi3z!=HG&$i8Gy(ov*TNd{X;u#QIJ8|@9SKs`Z`l7pgcjsO@ z+R;Fug#jN?SQcAdS=3Q{>TJcsL(4#kpnlOwG?O<4Sbe5<9HGyUZ)9*#6&Qw_`P8VW z9RIz!-VF$YSLLDS*`9iTMmKP!*U-_v$H!mA&(1qRTuI)|)lm~;BTY37S00|$@tIab z>4JG3)jbh^+PRJnK6z<~oRW-EhEZql0ss+43$9%6^Qs}?Nce&3Yd;!%-b_r6^|A|| zxD+A2*ZFzI@Im8|m2|lS$q9VWxG@5;kyg8C0cXr|4K& zHRnlIK4I<6^ITPxX>Z9a#|kWCXJ@x;@RAyRJ8I9qc<~02)ChO^WL#!eL|08>SN2Hb zjS)3d+z@uu9z)JW0m436d~C||!Cl@C!;KyUV&+BNo8izG#;X<^(U|RQhB`ycrqvU% zDiTjl+#4{1A1b=R?$jn;V66qVS!sF=wxfe433}PueA>y6Lz?mb(d;4?-;&Kwor+#| zZncO-Ji@OTHh?~Br$v1<9#W2A7~qdf$&ukP!P6hMIXXIaVDV#BV^|NBLLY_8dUc|1 z812dIRgF>R)=jtGj}i*my@B;Dt)RnWQ^;eZpk4&`16~{n$g1t&+D7qE*wL@Hb$zdH z_2hm1@+FK%<>BUoceiG^jy=Pbv~KE6$xPbM>DZ8OEMg`%Wk68{v zqcZvk*D3?z6^447q#HH7b+a7GOpGQ)8XfilAN92RHxWhz0_dpH(672QdkIJ9nowZR zuIxsv-I2qGZ?~3&CL-x|A|q22c<0L#t`?_m(q8%?!);=8-&z44+up{8jACL#4hm#P zpyKMn!;67rbHioM{{C_C+C zv+=S1NDk$(t2KyE^9SD97rgI;yvJhh_lVqI>PtXGD0pw!zqmdJX%yA-_F}Vz%a@-m z=~}803^4o35O39JfH!SILV9Bo`1tWQvk6qY%@P(acC4_Xk=UmIfj)dX&m2l(=**X_ z6|+54yE8*NPAzVEo7EDVN!-koY7vY2U5yhG@z<{X(IwGU8ROI5?Kb(-IL>v4aj{U| z%8Eq&T$w5HoUyEuU~%JLX3lIzrE1aOFr~i4Ci|vfE7*>Qc$wMHVosHXwPL|Na^^4K z5)9SF8wr`$CJWBL%GJ12e9iod99L%>-0@u_Pw>FblYEQ=s;a&}2P>3r`uWvJBHN`l z?Zh{^d@`8vc+&y!v(FA^IapBvOKd5UH$h(@@y$BVPSX+neI9!Rc*4dS@u($#Gg#HM znV^df;J|y11UFxvv#cDP008A?wHW37fZ%sQlpy;J)tV)ml!fi5ee4nC8k}&N{Mm+t z$L~5=ChOE+u<4GJtJBXPKcW@2#LT)VRt#^SUiA2H?y9f3htZ~(qd8=8rXD6?=fX1J_WMez3W#zhO=0IrcBMl+ps{i19{xeoqZW&-H_tjU6j6I&6EL<*ps&qHq!qn7M z3d%U2uWM@%?<(W9cAP8;(FKbQ?&2O@ZSd2ZbjBK3<|QWQa5#ZpNJnBSgVhu=DQB!Q zP=0pYA`&hR~RlJr8 z;I1+tHOW%0U}dgfzb@aiZ<9P8ruDr)4sYqTMO^XsIlDoHspHb5oOpBH*F^Ofu-`#B zH?8gL)P}!(q)Hlcltg48DVgi$iJkp+PyP;X7O@kAbbzSM!{7g0c^@=E2Uy55Xe=>M!@2-i3d$!9=e46KJB%n}J27f^ z`O>9!$OF)DE?1`87z-ori!KO0h4)P{-<^mQmNV8PE(x&DQxWY<(C+2SmrEh4VUsrR z+NB9q;s^i>7}qRc3l2Q;IiXhMOsdcrpk@zV_w=;YcJKSLp9ym2YRdaJZ}ww1t22Id zGHI>s#)i!i?}R&6CmLqGaYbd`*^rsq=r(2!8KfYiEf>!*in2-Q%%|N{^2967fF4X-Oox9wmNaHpaovp1*W z&5ac;&CTJ@%!6yXj<{`CLTHpB%~P%Kp_2?lteMR&S>M35E4h1 zLAwD*i3G-kpcZ>HJqgj7wYBZ`X|8tSpYUnF&tKC%xI2eo*IlcI8d`c{(5Ir`GIv5f zQvMDLB&>DIyU0(Uj_IbIc@c99CzuZI$#+YaZBbXidXbPMWZ!c%$_d%D9F(+byr!U| zv-1`RL!i+s5rw&#C=QZpmreZkGR>+vzFPo1@<^kz5}sED3u7+V$8agsl~|mPyPRjU`1I5D^eU9gm=#6tV(q&*m)d zKADAIU(f6kI`R4s6fgUcL8?)MCKwl*)jUerXKlY;jp-Ml}AN}j3!>$c*xX1c)f$Sqv$8%Xef3&bjCz|X)spS zkBTtzEQ50HyTe$~>?62)%K7-oho;7wrk0{$BHWKKTAN`PhxNZ5ZN|;S?N9@)VfXEW zAW^Q9lam2EjBi2Bxx2NE{12b{7Oq?w{r&qHCLKja3?4LAJt2Su4k_2scHr6S-B!DI zpCbhhIe-6w1E_ng)Nkinw_L}@b2Fip`H_hLbVWNL6hP3iq(h7SPS2Qt5bV^G-u6XT z|Ity=t~UCD3MFZxc7(uGr)OlyPXlg%9@DqC*Uy(B8 zf1X{!;V}x8kZ7~VsG`%;(oUfmt9GkRwM+!#w`J>A1wt*j4$;?_ZQ&IXQU%WUvMY2@ zD6k6V$U{XKr4psc%vkc?i$gLN_rwfIhF!`fO)U|~*m~C*+SVlF68?_jwSSgKjs&4} zk4GKG-KotiN9coAI%8V!js>++okADk_SyZj22PdPFHh7?kq6kVzy-7Y*?$uCm>e!M zi$SIaybv^{34&lat9qcyE4;a6X&F*XDh{xgLg>M6n}Ed@nHo5+sdp#v zQOF_zP!ocVIb(A+N=r+V9z*I7NL$;McgsNR9sn^QS1HOYCnSyS&^o^ZOb+Nz+B+4U zC0j%vsVKl}l3F~1noZ1k`1FNtQCxmfU3+^I!L`KT9|FR_p${Q{Y1$#7MX(E-Zsz5E zS8I>UhoEerTk={j4!f}h1sf_T|LJr=TJPfoTE=oBZI~H8f~YQ{kUX_MAI%uJXMqK^ z!(&2yIanSnS_N4%>J8d5Do88I>*ixmsk z&c8}}w3+LB*Zi+vtlNZ66qk;Ged@wx;8l&jP1-DlNO(>jhcM;dB5^F`;IOz{(w=nY z^GnT=LrsPFN=n-(3^wDz`$tAoy#Xf*r-FJ=bALbdq@L4MGr2`Sh|hiRFY&QT5bV$#wXn@kqTC{$#<#_bGgU zDhk(@0v}m$DMtVp@Oj;XeD5#Hz3W<9foz(HSJcUMc6Q#RDUE~$#w%=S46FYLkclp# zX=SuGL(6?lVpjk4MqD(_v1>VjpWPl+W#=5DLgDuC*P=iTl10GR4Ymea%4ZCG=mq6U z4-RrQ4x1jZ?f8ZHoKoLxZ;TRu&wX(DmQZyVA+Yjg*ocJmcMOx_AW>@@n}g3Zj&IW0 zjnkJzMjV)QUS>qDtA+eGgz_>D*=7_}&ouMRf-1YHOD5I4?rc+dxSxQ2H5dn90evaT z4sbOn8yZG{G6^3R)9!P`?2w#16!~Vik}DejMFuO&PKF4Xd<0Lo3C#_58ldt zE#KK?n~LYm7md+Bfv|jp96VE#6GM2pcc0H_rhaHcWP8!&|G|u06%(-i5MmnLX*SZ+ zu%O<8_TDR(xP0z|cVWy)fXKbkY;Q+ZoW>RgLk5VmoRSjp4@lTfQxhXCU0reDb335s zm6BHP-A7Odnx^{1=uj2NeF(h=k&Y^HQHMZgi66Qi?91w2J_3@SEJhC=Ja|$K%fivT zm1e#}DK&aN5Z{5kzuJlq;6+lLM=Y`@N4rMszCr($g%nVM{fR&M=+Ptf=$j!Ql~~}Q z$deJ(tq;x}vEmTK#IxE`z&L!m8A4^#a&r?8DRmdO-c4ef$r8HYGU4vQL02xCd zG)W&AMUv-kaQr>TwxgWrnu_jkc`L#FG-==cU`FfLiN{e~GK8R)=d_G$e&>?kKolcv zjLH_mjS$RXx=6V-gu9QjFI;$^>S)9eVsWH?e40tRHxyd?jAjv>aqVoU6n3Fg_kon- z5b22#$C(Ys)!0}k%BcIp3B18l$U^{_Yj>U5J&#@JHUm)oC~%4@3U|`CnDz&*jDb{# z&=w1!#|c#c>Fe`W?^FQptbxGgpr1c~&KzZ|TNThYEf1+n5T1mM-mfID7~vYVRD>3& z0^UTS0sY5-Zy;O@HYpBim0<;EdOkgEfX-H47ky*Id2}tSVFic`^ekmileM(w{PFRWvDfp z^S$DbljqExtAb#k0(Csf-g(m%989`!K+{wjfNQ=%6cuGl5Q|n$dd`FGW#oFq%`_@{ z?T1j2pqr_Vq+1HZ25eaI1oMG!Je=GlwE@qC4D$X2P>IFS938H+tO}Q1aQVs=UZoI; zYQx{kgWFPP&YVeMaRS$-uV)8OqKdVgAAhjaqUN| zc1VY$P}$WvpGdp|`i2a9fV-z)QXoGe;#w3U<%T!KtLV0~F1(U>Yx`w4?>0a{+a+|Y zg(9EUN|m0?TM5eZNKQ^pj8l2L;aX_%^vh%4e=E-`p6Gu?j{H-|g!u-Z%#H(WJnMl$ zupEG7JPk`Fewkh$Zz&~%_7UP)h;H!!>ryTsy5qusy4UxA_r231ZD*eI?SHjEI^yq5 zUcYPCuE@aen#bT>q+kCfmgWE5*Z60er@c~81QmQf^I9v66hp+X<4}JG88v%~PrmkP>5Ee)fBPl~}na^*r)e z-sssj3j~mBHWT2x2Vrh3EGjw#681*QIPP(0MU)qTH*l=5^0nU-X)Hxy!ip#=>-K9k3j}GC*9qchJXDU9j{!h`a^2Q=cP~mT?I$NL@7=q%5^gSfBlvg8 z?i@TU3>Ks)NK^$*VlpHk&?GUKnxf?2M!C#k$M~LEQcqs*ab1n7tEdO118P3_5G>|ASEI` zgq;RYkztN`YnsrVE$TL&rsveb&9v`73;_DIv(q#o7xEMXwv<=etzW)u5D*YB3uZv1 zIHd2=cR4`B@)4?isxVRU`oW;dCA#21srj)luRVBmp2eepJ@#AU>mNk*phidHZs7S7 zdX66Wr83C;!iH}bQdvkD0wsj6h@~F!@&&aV6A7wt2NRM3#+g(GhXT2c7mnGr)A8|( zbw~NMMm2Z&*4r@VfjcJ_1F}~aY;&v#WXOXoB+mzXF8*!;jmh-G;|JKYhZ=g0Z)$76 z1=*oaJ6RNQKBs#nxP_kd2Aojh ztq4Pci9D;F3N4(e4ChJE-6(MGs65x5XT{wn;RHx`FV zV@m`;_}pA6NNV>H06}5f_QPEt`>`u=kRwqchmx%Vw4n+3Nmh?x+$orYSd4kAw##6- z@n=toP=ehS#{CreVVlp(N0#mcCkZ!jCr z+Vyb|OL}lxq=Donn$Qc$pMdk$w#DZ8x7NZ;z=FAo@ejQbM!7+x(6{;dviKCWJG^Si zc3tXJfxsCNtDl=gW+*rZ^pzy~E)f<0Hp8;-1N-31*uQ^&3_uv5K`s^5l0U!t&>43c z=?RW+`;{VH2retU-TX}YxeQ^Gav3sC0yUFlPDhv6yJ=H)V`F1&rhOu$ULr`hybXop zpEZbU#S1LPs=U8vCK(t2P%6OKs3xB(GZbHOpj4$4c12;kPSxze@`L?DL&VM8fj{9_ zOB?hfWb3(4*b&8oa;1N8&{Hi68%!@nmV`U}y4s}MK)Um3S%V!pc?X38;Zj_skVfZT z$vAV!T+@D0m!H-Xz3x+FDoerd!KbPb8Ob0}f-rC=@w|3Y{5}d=H zcDhfEg%Zp~gUTuJ&sKWV*T&=`_@QOR+z7|fh)nQum13I)bEhVhs5*ju(-zTyx*}Ha zAD!loLAlZoo~FZ?%Gk@`;VFQq!j<$>Hg-8K#A-k#dPJ-qN-tKAf^sP=1jNR{kABl8 z5N0=?4I8kkFcrPl%7^;}FI$Dc&P{$B4IC{B$#|GIbs}Eo617=>iMhoHjxE?%wU4;AlE)Pqle&Ow7Pa6j}XR2yvF_UV`$ApMLQB& zk%NXE9;U}Txdj)`gz+`!}oqlxv6z=p;E&O;bT`o-etU4GqIgtjgyoV1P2@y%y; zRl<=s9Z+_fEB7{LlLKj5cHVhfGpLS?K0If}#>Sck){vHs2k!zi>cap*+~uPr^~6X) z!oDX6MXj`XeVSl(jy*s*!ieS=F}bLrHh|nApBQ*S#l%}aJrac>0L3SZgFc!#f`a)6 z*H8kkAzs$h;5x_Pdl(KSBqi^x-*-i`ZuG|wxzXH@4KRglW!9$KM5$!AizbF$bh2K5 zKk7CtLuR->tO#mN+I{{Pk^qpTHZdVh7zRDPKZOlJQItV+8B%F1f+#5@-!*}}l~EE? zJYTj|^RT4TU@6|rplXX&QpB>f@WSk@A75@bq0Sfr{bT|J0JS~?N7f+0Ym$oxWlX$l z33d)i5$-`PFKm!$0gIc;0WyW*qvAlEJh|mxI`)NDu(xG1P9z-+kX0y5|%O5P|aDNzF2 zDaEoU!}|?Z`Gtuq?&lB$WU23>)X&t}l$%S18x`r`9H@7PwgtlYuOpIR{wTL&TPo)Y zWF6z<6tM_`f#dW<2q*>O7*`1BC2xG-L+4NOOeQUYM2?>8kQxzv2;}8N4S}YEjpGy| z6pFGVXq|!N%}E}^SnZTpkTtGoU?DY|nz*PyGy7E%oFP$>Rk`l&P+atJZ?hXux5XiE6FNnRWur$V zA{TV56WnLXxa(A>6LKcy2lek>4i1h0h_DxyluB;B`sx8Pc`!_S>@ED@v8&O>i2P&v z{+=LMpQq@mNYLB3@5WM!TKPx>xcJazBBeZnq3&QL=FIXG0|6M>VpPAm_2stSSi zP|&U;oNhlJSTyCB7imr(1FtOyO1+H)r|UxrcF+5p=Ko(O$v;2tDah0C$2#sy@K^vl z!kH5pctQ60%5e0fl((7uIT12k+GeuAHDqU5uZfa&hs{69)iGU3{FB>mKiw^#$EN%) z_2Vn<%TcyFzP~MNGgShnfv ztK$h<;5LL=;7h#)(gu~Od5h4{oTw6mO6|(5qECW3|2xv%MsQAgQOQU@5 z8_sPfOBAU^L^H#9tWE}nShX!gqVx0fNT1<^l^j1R4$+mT_7<`(6+XyzkMB;PE+;CS znt{o5)xvJ?M+&*V`$P(`b~ub?T7@vMJwh#4P*I@*uiKegBeXb@(;yk$jAVD{>&XOv zNuVG4@(I2hUA6S0ayoz4>m3QHjZ~_r?Dkt~thX)i6uzCXJ1PopCep(lEb-*{fKp3w zuntQ#$Hg%lPAx32FEXmnw>E2m0+#PASTuloJE+G5MCb~A7rf&f;#)~|wO-SoGt^zD z0bzsLVRQ=Z-_>$1$%y}*urVCmR{HQ#yCr$Anv-2n$+03(gJSh{6uYPnu1;LN0YttT1muFU@v*yKXSkx4hXzyu64s!> zsT52KDqmtV6btEX=%)eAQGP@ZxZUTMzeR}w`s4TzH%z7ra>W6eQjpY zoOnZ0)VXtPL*G8CK=AZq0P+@^){sU8mjh};voYYXc6fSKaBh70b;ZbH2;nB9x9bcD zl@!Y+JyGkgw;|L~B>{3qr>hSAJIHv@vCRM+L1&U7f?)#SRDEeyfn6|%3?%vf)*>Q& z#QF5m@dFcYJd#=$M4rcYd(q(s$~xtOtL+$$$3w!1Ah$-_!@U?xuwm7yCuZxe?kMIP z;&dJKhChK1JODL*1z^Yag>urlb|$st76WJne!u8bfjsFM8jB4poWry)}`BBEA+ zQ;-}NSbEJupfpI?Erya;$GpGJm;hi?g(?+fvHBWd#7-jIDdnbYh0YG^$q_6Hc|oYH zh5!jxk2=(&x=|IAv5M3+x`npb5#miy8m4r*jQ8c!l2H8zNjw&JW)xSP2tOvtUtfhh zcB7ktqDqJ2_c+uT)cH;3lJB2hP&YgTib!ZMj8S%oKl`yH)B}!UE&)$_6iqW^F+q`x zzAcaMJ!i9kw?Xg6BvxD`-eTwJ5633Lr69S&bRL6CdIUhmb`B;jbPLYRV34Z?E^ZBA z*}->P5?_lQ*juv^hIq2Y5avY)0~K?es6R9^Mx*wS9Q;YC@3GhO=eyx+>_X^MN2|?X zwT@*6u9XVTCIReVX?LmWokX5le|`G^;A$72Wm8Tzv3JxH2D@t+0tZn}OcwfOrsRs- z^jI#eG;%nnw}srWcLjWn4_&Zk*L@}F2~`053aF}J>Uf!?F+q%vMOC+%!FV0Z2{#ET ziuyS&ENVE?#x7Jr-lV1uW;v|XgD>X_wAWeY-eC|4hpM9z0frPSDo$Au*y&ijnBtN- ze?mBf>Q2< zM=7gWOfnkZVG4jx83RiEeW>PdK}P^UlWClITNqi;(_{i74M^F(bKn#r60E$=LHTm+ zwF*G>R1#rh6Kouj4yJv1=&MDTp4=Dw*Rk&d@gtZQa9eEj(PzXx6I^uaDU8p6JE8`~ zIT1l1x5T=m@Ly|l-E&dG7@o|82p0n*P%RjkaPbGfGJgKygjTPx(BKeZv%3hX#LRB7 zl~=~Ls-kBK(UGfqXW0Xlj2)3Vwr&3BPoe#x8a95a@6A3gkRHDeu+D=>Kl_<63S6}8 ztDuA>&>W0O6UdQAaHo3Aew~03s~p^I{28F-M|gcGSS2wD9(UH%@I1sR)M<03?~!!g z+4!t}V$CSFVd(vilFeXIi8iO6Hp7C&O#6-3oPol>jE^kT-<9jvE*$|7j*%5;0zgEJ zLOsO8%iDQ=crK3Vr#|m38vIQABy|Nq0w1uHU^`ZrtzNNW#k@7U4&#DWAq!K_GL=yv zhjQ8?s=ee{vuqbESO5-sOPAfP$m!gO)pZR<;5~fa>Tw-*_j4 zmH;%4c(CQ(r}-;jr$dEP1_A=(L}E~hX*OvRZ%8sM2#P@zjV7puo>*A=k)^Al*|Rwn zjwhyl&bezJTdBgQ`6bwanZ2vA3g@y>v&rCQT02=BWexqXK;lg}i5V+3q&%R11|~bM zMpp>5I@o&+2Z7g*RNT_${e*vBd$I=zl z)zvx8pWMUUVt2g*%6Sd0Z$eXZz{hPytHJ8WBW983yBzPY1}fRi6_-XBKAi;pTs?59 zR=*G4v!79)*e?D4UiVE9620d~=Hb1c>rvjpH=hDhaA#$-#noXY*d!YNg)-4eCAOao8%4q58U%x2#)U}5U{bar zHWe8s1_-6Erx$%!0b+Ks!@W(3IGtM{S(0A>8ZbxMD(E@iLz`?e+j zv-5(ldP^o{LO_{~8Eb*ml5Q=c^(SXT3V#3sW&GKCKIFMq*EyC!^ijc?2tLpUu)+&E z3?8-^^t6n)^hmF_(hY;;kV2$v}m0qyYL zzKfvkZJ!5E2r3B7V0BmZKw%?iH^FAG@71_b7&EdBZGiP1cBefSpPCr>&@7HaELI&jKpmKK2pPE(p6N2YVmw}$5xW)v z;USqZka4Nwlo-e%r<6>65B0P&$Kh*HC9dA4L~=zN-)9(EIMflZ2`M71ix%D6+~9xw z3GORS=ANK7Yw0f;JMklOXm1us{n$-2SMa@2w7+1s%JGj=Q|btz^~WNx8CDTad>Nt8ig#1miJA7nVUiS|wWA%)RgJRI+5{;VXAcLTBu?CXY;-PV;WWae7+ygSTQvd_S9gAn0GjE<6 znt+2EWzkm?x@Ft8!$6?6PFH_4u=>R$x1x&~9y+-Un}cHwVSZ|lj{babYe`K?-{4>+ z`e7>*bVSH`(OLT7BKbUET;J6oI!z*Yt-k7b+vLr8)nnJj&ih(W5%K*)m)n*}#~jvm z!2_T_J?(#$Op&{b!6EePjQf9!`CxdG|8%d!KMWVo`65@dMfg@5kK+_=x%$ex{Ll-o zW1eNW$sGeiSN=_RihYE-=YPSlwEti+{_3hRL>7t+#Fw%~Y&KAk7nvcr?Z2P3Tn(|L$hX_9!!r!ofDlx2pz2`(NHWl8FZH^UH-)qKv<&BtKyI|Np{2*iK|bcylO z?zPC`-iBaxIn8uk+61AHautlDIG^2NTL-#sX7VqYKO~@?^iACUBc=V9vt4h zbk60y4eB^P zjllk^m_}e=6btRUYflE}L#_+1MzG9JAGd&UL>S=IRvY}9@REfKzaKVNl#_Q~sr=W& z9^TBO%L)Ws?Ep0<*s7?Pj^d?a6!~J6hK9xxc6L)w!B(JdYMFd8JOEruV~;Ar_RqzD zCFuOZz@Y{8qq1Jc5KsX&)j-6be0zHj`cFI>d+@4daNbv;T?zJ#7ur(jXut>;SqN;^ zkdsK=Af^KL?ZY79&=!$-)wCD0#kOF^1}OAAlb;uUn;Rdxf=~NvvIUL{nZ}`C`hUuS zUm_Z^)#nGbBnUs3`UfWi4hQ9l52!EDGSntT^M+Vt9tJ|g+(7x?<}AHU=p6DWLjR^Jvb24+A&gqEX%}<5D7r!P>hO#6VJrFJ=%~2HgXlXz;DtTY~LsdZ&xc4?vu_2 z$qQ1bh`9=cOe^1F^o3{@a$thDAwF}lnKYJC7);G}e3Vo4S&bOwH&~H;6D?#p1@I{V z(kB%loy505AK!uL5f92|QxUbI2*{*|Kubm-ZH!>qc!(f1bI_U!05~bu#YFaBj^^oo^I8AAU*?{*&T1Xacj3^ zZMp-q%4@mp@O|&hTWJGxr4Lq{j+)f?_kBL-C+YeCm+UsydyI)NHs@Tp@EF4%zVLf6 z8w8@t#yY@jK&``F3$|_D`hKf^PJOK`v?)(U1!NQm-zx{;zh!3{0ho{2@$*a^m;0By zY0I<#FJ{kv&GY*8?GR@LQK`0qL{mQ&3gbe>S+F|WAXM#uZ(v*A$^mFYtC>b1niYot zkWPY?{s>=eQfOiL?%hf=fLXW0ubsN_;5AQA7=ykFg0XRl&nSCg2SAtyuaVq#6k%RA zxnPKQLh!?2Clt;_IQsA5+hrwp;}~x%pK|s84lK8_qj<+)nZA&WlH3UJ2YxOj_UhrX z8R!d;C?4?Sd1PFQ8;7w==&}~$a|aO+l(R<8(|2-P#6R|1IV0i{y1A<5wi7>%xk@fU z-PbrC>)?b7=G_CdT**XNc6m%A+KxQGN^JhIt9jMn((g3R5riEzH86;T2e7IFra>Go z+m#xlkr*=cXCC73663W93RF}q*`(;pApbH*bp+oN@y4$V$c2HPj39XzVE@hdLd;)4 z@Zv>vPaZ1J>tUc}h!lhn{&N6qPb>yQJQ;2VZtN9YydC{B(^JucYjq$I60-o1?tXuQ z@REZNx{tV-n8c<5Sn7-Du4xz6_V{}7M(iIe0wb>kUO0J)|Kc=fC7i+xstjn}0wGMa zNTQ2F9@p@ueI{xRdLE~-?o>O>j@#9>Yt4K#2Ob5~uZGNAiJ1u0m_Fz(yjX4rc7wQ;(*^%~xNoM`=NGQuTk2N98~5Stf-)FLTQIBe;1+477d4 z?s>Ckdo$3C_Vur-bzR3ls`Y?xhgia!{b^DN<`3e`l|udq>XccKwSU%kupJR@}-Na)us}x6)ua|It%8mSiQ0uM_`b17=bMIKH{3#{xFO z6=oACLyJ&t2g~mjv+tq7e?|E7n~VYEVePJ*@&1D}%IleBlLf;cJbSrGT|4tj&)p9? z^>}p?#v4;hTaVu1skHhy&VOVK-%34J1)Tn#j2+lBGc6=yyeF$~cz7ozEFgRg&V-r# zR23x?`cDOz=aud>6pJ&6ld}>8uNkZ36l`caVN_@ZH&Nik?=@$}#G!z zt;Fx3OkKrPToU$X+0pP#rgPDhbr+0eAjJY)G>PJ7D6I{0G@8t@-R2&;O1%xS>&Nhp z2_CCG1&sg|s(&)4M&9gAzB;cRUPU3+m+`RAZjpmm*CSC+Um8|9w`fC_V}T<4iWK2125hmDQ7thqmS2Tg)wg4+c(u zaH3*WUI-!Je)HbEc@wnD>dS+Y&-nHOEG8`6bc*7Kkh!*jo)kjDxGwz8U3x|~Qu;=? z925(Y5)Bys2iy6uUgy79Vz`M&omx6yxG^6zkm->8eB-#(#?mTVN zfExaiuw)`A4u(#z8ua z*vKTxzH24>l zMisQg6A4Z5;u7CTmMFMiq3~9~{&%8E93!=}n z{#@k0Xlj-N4Jo=CUy$o{S=<0PhcVWJD0bZm4-mVTz`=L0)1I6FU z&Q2JNsA5O!XDRqYE3z=uH!nXwUv4`~0i2UcFkB@8z=MH+L(})(bEV)*-z^%&a@$d| zJ|(HO5XC{QgR^rWYL0t=;{H$^Rx?{cNV&f@zVhRJuy{>cTG~Cl=RNR$f!N6aR59%E z9KaQ6iTNNZ; zUX%=ezv*0=wP^9;6DVShk;G17i1R|@-JEDU^EQMh|1@7FV)1MY4povI@=ZC7>~esG z)-B8UlQ_uKEk+65!@6o00*@Jj z%Ts`}%TsXB*>o6u@oMmDKA4*nb&lSVDqCoirdeGb1C>!=Yx7DS{sAN8@IbGL+=0gS3=xhr7LX|#U4w6z2Wb#|}t zyCnT`ai57Fk z{0xPj_Jf;lO2JfeVS*NqkdRQd*rI8tM_$ULq$J{t*GwL91C(^?UhI)CjecJ zpp%ljtS#mvHFNiWWzxh3WJ(QOdLmSrI3qMSo?;KpLPe*+iG-*U6&e6oSXg)vo(POf zz75sS?Z@X?^VW)~qR^^_VW)jS)d)LD;|l@X9!$Z2{w`EHmxd5w*PzOxNpV-vu;`4n zCRYSEz8JD^QooqrlszisI}<=dV=o#R=j?4#Eij^3^Nuf;rlF=p(qYB$mTUgqE+9m{z%=qqw`HL}I{` z5rYl`qWy(1Xcx8%DLhST8dp);*w9vcXeO>Qd@sVS6Lmg?k4ZckI>w1Bqm1CA2G<~X zC5>upgiSK>0=YlJW74by>Zw3=v;l2p=A`XI{>^i0P*xap>}+mnX%U*!2?sZr8;~BS z@KJ+~yiZ9}OnRBlNYBiS1CXL|E_g_m(OA$T+lW2B$1Q~&(Co44;TE!?QF^dFszJ1(QIfH6l#&aZ+BQ*ImG{QrILlJ_Njd#d z86cJ#_!$k3uh(ZFm{zoz$bc_lH281!MU;OqMQ+HC~#)|il4YN$h#IOb2hkg=nNs9p*BV({H8a$(hupB5R zm%-&sM(pVpd!p+Ojql5i;(#-y3?-g0h^n7sV>%~s^63!K^euEXV1wV|s{Ol8_Xu(Q zQrdVZGqjDAAWR$wb+m}5!aCADCczWYG6htK*++xGM;1kq24<~s*i|gL`gbo_rhRWUa4p2XNlm-iWDO?{72p=5-ss#IKVgywXd;~oHwVl19 zErv!kQ-{%^d)r=UpT#5*l6}!e|lz88bP%)r~ws3gR^DwC=tm}IEl zz}*st>KTcXa?9HgH@WYW((ip_oneG`^0VtnWp6tT!{#?23 zxdhtA@;;wIVc5FT;D?UVTm)^SUw-)|z6rUd1xx)9({VP!Q1}pcx)qZB z^lA=2f&v)Un_#j!pz5qbeuS3fiSms(5Ze8#Z3GX71Pjr$0Gy*6@M>&_-$4Wc9fr8i z>))&>#iTh%imgQG;u(a%l|97KF@h-kq>~C+!@i34fzUqf-|j zfk6y0|gpQirGQPqCSs~u(8$I9HhU1=UfB{ zrsT>ZNt&_&kSdr3wb38VUNr6-Q}#c`xFPIe@}E%G2ndQ(I7K8WAd-cX-w3u5b!h$6 zI0@>FIH%YH6z|@y7qjGxrvAEtV>Pw6s%4H`4off zPaWcff*)D2v27yhOW7Z{GY$<(WWC4!V0aP~4*Vz@-%o!*1v2^LPG|gO3GBKSrT57< z5Rdjr1?bgeaYEqR0}HthShi=KG~#Rj^`%FEVuAZO-*nKdO9w{2<4Ui6t7otczvAnG zF0}z%dnqwpXcXTPBnv1ULfuJ7$HO6G#5E92w^sbD9LsKXCMYkJY``ef=jUc1eY%$i z?cVSevl~q+M{s*cj)qad7yc>I!{I8uIq>W!az-3lH|4x%6H-uHF zu>%Qa>8e#7s%>OR!>OjfJp-IMjRe6Af809qDPr{_#J%PS!P$>nLqUtdL=g1FAwlOG zHxt?g>Cogk1oEbFNiY{A-J+3guw%M{BqV?5oaI{`O7M3{F*q>s^qi_8_L~)fjFO+8 z1I#`OLSjiuB6gSuK#UcEv0qyBTTB5-LA%>gPIq-02J%(97!T*x8@-h8-ZKBEg0 zd2)(gNKJ7QArc=LPtMCzpmLFdL=^1?_Ik7ai2TW4kgwm*`JT`Fob!IakNf7svh+eU zNVn(^B1uPo^`_IPdydiP5QjuzidJM^nnR((bw%&)zy++%G;B}#=YD$2hK_N$gM};3 zED?lmEVkp43-vA0DmLW+ARn-eU#G*vFa~0S!6~^5NCO)XDUq$sd3n*2}eeYEGsmO(+}!* zF+BIPNfLOEByV#!yf+?Aaob5O%vY@%>imWC4zgxgES6Jd9PczPc$kEh5ntoRYT#rM zDa)-Eq8i;GmbyeV6Xg3i;b~Rs)b;;qZ-mqRW=je49eZ3EC+U(MFyC{SF37-u$})k$ z6-AtST2Ngs#~rG%i|D#<=k2-{x`$1sH|V#XI35VptS0-!*3$$3o|xS6 zS&nbTC)Imu^1f47Q*JR&@X~K@G81k=R*X2)YWwi2zp5rz6Hme9XD`?5eo~fSz4}}C zA3T_)#(zcm(418k-(f3Nip*t&F+lL<$d}yQRss^@RHgY=e3O=TIe(A!yOpJEotjhRRtsHDBAm&ww>M^v=EUN^TaT=-Er23gP?)L%8@!)4g8a z?Q}+Ksa71_a+GpML=+O!3#T9%O>eOyOD*pjpjoc6NA^IBQgaB}u3bx`PTrzPJq`pJ z3N;68c{ADeIWWn31iEgd6DOH4US-U|r_}F>(avWL9?xZ!8x1=$xt0U1TDdbLwc<;5 zxgc<^kJ}5%XIqy~*R^%OL5dYKtI(bugETelKMod@)F|LrEv;u&Jz7H$3L~VbfTS8( z7To%}`=Q4PR~G#$+$k)T7-=4`^bzuziSBowUQaONM$F{nYFv$C|ld`(trSM7b@L1^4do>5;%*82C>{4QSVmOCergDsf zcXck-J7pPA0wa&D>3gR3^~5&v6((Iz7GsZL%HODoV~V!U?Hif`>oFG!X90;osGjVQ z3l@u3YC`|i-rU2@6IvFWz6Oq>J*Drt74RQ08ORu^AaY%b{N$|l%ko3_iT1?f_d{O`FiHAY$e0B^*iAY>;l8{ z6N~VrSq$Am8n@g>?}GHiHe{;n-Ssq~ayt^%M=vxM6SyH(*)g3i8}ZDTV@!oyHxC(7 z%VRLHNDaG7b2glgl&(BtMfqDMJ7Se%+dS>s&WA~I`VBwx#cC!yA=u$**9P3I*|?sm zVj@_o)_M)d>0QKQqJ9^XSYXD6>zxf9vp7yk7>R$87WCjUf{}NNjmvVhxpX5{5RB)1 zva7fbvgU#WnGd>i5G0G%+6k#B^Z^zca63Z7< zp`laHqYqyEeYVeLRI=hniGnC6A9$5An7n;=eM-mk>T=LELV!M5A{vb#Dc|6lwx`eY zr<4$ljbr$L?s`Ada7jVM^^7tMKuPry^C&6i8Y6CC6B&YVHf(SabynuEubj5VY>hp|`NNk)vX(s&Bx z179k<39$qmY(g4r>N;vPtc}(N8^d-ReJF1P31Uf*rotJCVAuKZE3Zo<4O2X|1du-` jj9wYTjo|-v>;7>{_G;tOAmfVDdghS8&;`fmf4t>iK&%pw literal 0 HcmV?d00001 diff --git a/docs/versioned_docs/version-2.18/_media/benchmark_fio_gcp_bw.png b/docs/versioned_docs/version-2.18/_media/benchmark_fio_gcp_bw.png new file mode 100644 index 0000000000000000000000000000000000000000..4f0ecc94bb43d5f9534300605a74aca374da4c3c GIT binary patch literal 30401 zcmd?S2UL}3w=IksV>F0K?22H)1_&xm5X7z<6qG7R5$PT29gPueh$2O#sdP|KddEl< z5s(hjRqCcHRr;L^^ZloeasNBcIrp3~u45Po!rt%uyw9`NTyxH~xN%12#L^|}mawp} zEM=TLD#yaIpo@iN-tbR9;w$kx7VW|ZQR`#ptmV!1tnIWcby-epSzDNxTbmeO+-R$7 zX=P|`Ccr1cx0`pPfwi@Tl^8$2>Hqf)eCC$={Nk(Qf5D3^wm7L`#lo^oi~i1wmW(oF zVX@_796h99AJo_6V1K&y^X%7B#@!ot@BVUVv!W4)s+#tb$e&`9h168#&p&(Y-te2^ z%IYV}Ri#!gFyZ%s{w_ZcY$0)`9(NEla3VeE7ICJar*gLs?Kbq>87t$$yx+bKi zS*5e8^Jz+L>RNZLpKui{EN$HWjq!7zv21*_fIhjf_y_B`FYsQz%toJFUieGdJo@B0 z%X~5V$g=9-!A11(<@}$pI{0&rW!{FlPk#Q#i_H5^dy)Rf0RsB(^pXnol6D?Aa3C$t zs#Kz@bD8liFE5dX&f)+8t1Pj!73}Q1fhCb(mE>-LV0$jg^ms^itqYrnZ&{%l;ev>wKcQt&pM6uS7UvupKBc% z8EBDg@R}E1m+g?m;n4Q$2($78kJ8h!7up5ZBi)Kyw{7dL)pV;a;BxCt8T_of-4+RkOPPJam-TMag8)eG$t&opwx zDl?m=a!;N*Rn?s1v~t6SXNkH+-4i1{>qITXo84xodvkdMK1&2jXt<0h(&9}|jL6^H zd@ONpNvhu7+p@Up<@6gCmPY@>M~*CI96xiW%+%cJ%f~}Uyf+oD*>mxa{6Re9HF(y- zTx)Z4bKkrV-XGlG`R!}#oBU;xCMWk!O-uQj}}kwso$quI^l6auHH#DQ-MB z@7xhin8xDZ(2NCDzn2sht=l0VdAqL0uCKn`ItR~o-LJp?s@LT9?b9L;oA*JY+CDqZ zzPhWkf?uQYLz;PLrAzPum-?UB*zn$0u3ULj9jDyqho7w$m(hD4B4Ml$edf=*I_X(i z>v5-ct4b%{Pgk}iF(ucBg@w%>)D(7mxbYuf6Pai^H1b z^3?|q*7V__d(-k`ufJwGzP`Cq{?w`4Cc=R-!D7B!B!mzIjG8i2!q*?^=U314=_`17 zwI^?OI$^Z0VLM};h*=O$WSezPw!=_&rL3f4bGF0QrmhXSby1H2SpCCSE-&a;JP`G$PXA z=%~`n)Hv>DD{Wu~gTdC*B7WYg-jt>No$vjutSo0|=M@|r@hQf&da7y5x6ACl}T8u9wQEe=vE!#}s}-J}+v8wwZ&2j7 zD=m9fh3CgW+dHKaV`_I~gM^$$O&H#xp`n@9OmAi;4x$21>&g`?+J*-Nu;vW9DcooX zGdIL}kdcv*!Km2fk)gj$P_Sxh+)HvMy>(hA?P<3DvJGP4wHi*RvBhcS+S}VBEZg73 zn78Dveg7p?_=*PZkIS$wQP-&a$+ep+c5W6C5uvNUckf<+jD|z|yOo|B_ABA1{i33x zu((yxXTwV41Oqlf}Zr(&+kRhE*r4va<3K@A3rAJl;O@sc&C9 zX7;Yz+NGxvqN?M~$fFIHsI^e&J76uk~xz7??C=R+|M5AIWZUoiyEI-kdFyHZn3I#Kykw zu2yiU>x5x`Q&ST&)nTYZNa^W0E$89#6YeE?R+%!n&f~XnqoNWC$W!YbaPeQVvAP$h zu;thqBBmwcl%5$iPuv|<&9Z%#Ki(q#*Yqv^+}%A5iMrCQ^(n?OJ^t$0_j>mB_G`Rv zyUk9v*rg#vhiQkIU*EQy>FfHwR0+w}|T$HXf=Q}s)Y zQB8>*A40N8OgWG@JsNmXTYD>G!+u+zxVX3`3dzyBMSk_Erh&*3LRznW*dT6y=Iht5 z6Q6JK)1e98cj>U~f$?x4gx=vboX%ga$jQqKxlCAZIN*HFV;N_S&rbO^?DVQCg{AEK z${s753^eCZphH-V^WG}Wy=~iZ54H^zkB@i^VdN)&hwbk zu~Png>T>u}@aS*S6`%4wMt}(7FRfq<%lM6K9UdupBq z0)TB}beD&D;FCzi^fy{rEna1zGUokh=kKHj<69TqnK64?Iz(}=Til@_Ze44dUC~F z`15zYy0*gm!5qe2Wsh%OzfQo;2iOGL?7_g-1&i1W8q+VS#0p$Cx!cf!I->uS%*Z3R zp%RgfM1)%%L$@s3zP)K{C0(8UdhXe>9lN<=k4(@$Ep~DHGUw^3q0%?$ms(lf+}x5n z-_>!Q(=NCpAkkSAGFe*BKGLXj$z$4 zq)xZY&ggU46+hUc=P<$1_UO^Zs2t~#KoOC#;D-+%Y6SK&KIHAaJ$rTE`DE4CHfC6rxI8=e;&c3{Z#Bm-&Pvh-slC8qV_9NmN;(Bj z!q1dH)YjG-miA7K50zMDIt)uq7zL$kuaMUK~ z+}w;W;U8pLdhi35^#ZPOE>Vn@tNkWFFr=hziZ0f|E(z*iaBwti(FT@&E9L-yahGrT zbkO@CNw?;yx}qW;>4vt_(3Yuj+?2`zrH9D2=dsd?IAA5U0HLvmuKvixW^n9|i5doy ziLvJv3Gf7`ZgdLJg6(=Ta9H5|YK zb(8|<*pAI_$#yIJn%j=|+bJxpr0F^yA-YM`k#?<{OrTmxfS66UPC9Q+@P4~ko1Pje z85yNBXYL}gY~th$`=o;#=&pbZNR+Lo#rea&YbZJqM z^hkI0eVy45-iHeMsg$Paa0Iddk73NVzJ$;b^n=H})&5r=`s(^9-p zz=#I>@W_UU+iJ2m-RNsbi^B$4%U8;@ zraK(s+cs?LffI!?tvowt+i5*h-Z1{d74>5!%U?&FR`?KocFW3Ls#VO?_qn@IE(cx( z>aAO7oxeL-r|>t1NG?}hhE)`jVv7COi_@Kwv-h}Ma4w}7jI#h1!#H93>2CTqBZGq# z$XWLyO#6=?uiX-6ym(`0*;O`{v5d{fZax@Wtv8$*>?Hs5iX9hbf~wtoB4$rmAJ-BT zz+T+Tn%{4OJhWk-#X;ojvw#bfKCyk?@!gIXsAhh6q3yoqrwYgVy$@Zo5lYjZYEQIs zh*`gl?_cZC_1I&@s#THegp3+3XH`Va9N!}Sr4my5UwWXZ1aOf@C5J(bxo(d1h9 z@zW=*nV@o)%DUIp)ru%wDg{c#!_0HXkGHst1vh;aXzf*{S4AXAQ}o#HQW}|NQn%Np z_rqD-o~4bAZ(3TKN@%ae(4}RZ2Y49)?;nH&Bu|zB4(qs%hBwV>M4npf%de?n+K}q2 z4qRNn|D)nb$4s_-xD#{@a0oi1#Cv;q6~zTV%w*>>)i8$8^o;d`dl)ZT)Cd&B~Y4MUJ8U zESJ?3k^GYiw#5k~MsbRT_;S=VRA*S}4+WGP<}eOex8ghY8y0b$uUg)LExI_94blZj_w{N`gI9kneux!z?;*h1uLyjewWRZX zysy@phoV*;8wM%^ZZ{`Ycsj6EymCMwPj()+Bq&%|Sg7Y>dANRZR3`7>i#n4Ii8jOh zMsv0hx*&oV@2z6SWZ@kU9= z#hkpiS;h6Qsy+)VD*=z3$bo0FZh3>i_Zwc_PExi#=~ncz#7iwRG+5lBBIu+!5F_{> zKM)U!+4f)A1HSe4rL`!fnKi9gzI+SHmS8a(DO7un66(Rp;XBZ_ax-KtF2W=5hPN}kSun=F3SXGC*{ZMa6Z)2&_=?t?WB9! zPb}Z`H-off&jvf?ZPvJG9Luhg*$-S%-29G1!coV;eyDGsU4M|ntUZuf$zTD8Q*qE` zAn9$DE;{;MaloDqApzIo@UY`f1?+VMmy^`@L6rIO$^yMLZ==)r_iw)?6&RF&_ z2pj8-k&h~_D-vOgsyADhb%cBICP2I*UI?Wugvl$f;VLdWEIhHmlk;Te+K<)A4 z#~r1pBD7Qc_6vBf7ZJ{{1Y8*b}?@eO~GKfC?ukr$DjZaK>JvsvSd}y(Zd7g7>YphYzc!=hl7v^Qu6T2X4x! zI(91q+}%Si(c(mo6)VEKtK)hAo+dtCUB=baJl*MC6?uBS)eo<5if#Jpg*ysI{%F6u%*;|-zTylZXlN*G&x!dkmsv!nF=ZKtV*A^O*4tjTW4&p%h<%odL%4b3i8uV^4eIxhsxMw2^|>yq?)9(!)X<#3r9?*tL; zC#w3F%E!Tx5u%NK5xelDG-E+PfTVpyi?LlcqzVO$pzgaB)d&-RjP@Wyg-L)HDhEFON1A-qpEHb@7Pp zK(i^)mTI+iMWv;s*F8OR;;i1jiv#y?9LJz?dJ0wIabVKDO*5djh2`Yrf;6snb#b8L`}apR5cjH9YLwV2;ne$KPb(htJBuuWeBUb+JZRg7 zNcF(t17my7clOpL9S6NCAa09|Xg)qO4kDqqyStb_Z|Y+F{kq9dN}WT4Mg02bYOzt) zw-@<~aIFQqX!AiBN$<<>a5Bn|K;e$TU$-1@Obpi5-M~^uwCzE6Zl$Nur~tZg(3Js@ zSN!tJBRsys(o$L4%UJ`tabVX4q)UTx)dAJzFI;%EdGlsLpf}T&T#5V>JQ7o1^6LQ~ zx1k{Uap}6Z2>t+MiU$u~24N5dQpyl)RNah0EZ)C+ti`PsK>^&{LI($jn1fg5$7;8(XXllVxU-gn z>4*oV^H?lW;F4rxRn0*!w&|N zqkWWDxD}!|Lf&w2a-y>Cp@dT^y|urFV_|mtrv3ObDNv38(~23Ex}aF%Pzr&ZtOmuV zSrQ;{0*^YNzx71{hk#qIgT2$k;epA9oLTXl!u#8MkV=&d45F8;*s)PoR+i)=RE0HI z#^Epd%kS zpFdM*;_Ymi_1m`-VV;|!zF+gQ+cS=P(&8*y9-+XeKmP^d=fAk3|5h3H-@B5r6r9YR zyu7Ct{=7!uGXdzHQSBhHlFtw zaX2_QD2LLKv_T#rA)%;c!CUd(s_7P5X39sFZ#z|n6xjEUUT@`2xuZR`38leOx|?}< zi>KZ|i7rHahav@t#24zJe?v7%=U*YPTMXAnKME3=RVDR~`8|x%pvnNLTC@aU<_SHLnhixP568`KLHy%`sRUnnRuO<&=5NLuhTu%(+{x-JB zTeoiA$6rccP&|aGY6TNt56$yV@GY+P!k7)SsPT!R9qvskHA4RFC^FY<_N{BM zy@;(HB)%B(Hk3DQ?@fFE_H7@ok|0re;lL8D zxAwLgQN0}y0kMyaP@&tlXW0!X9X(W}dKnH0n-E(MM!#XPg=^{v%?j-M;-ot&h- z`Jk%`telY)t+_gb4HpNDDpN2rIX-R(YHM(KSg;6KP7p;1qy}9hs;v~97}D$jnyQe6 zh3vmvpkquD0oSn;CjwjIxwdbQI~#VqKF=)=v`5s-mj{6=rB6Q;Ebk}@9O(-4(qpaz zv#Oz`r6uM#9F48JMN(3d$P9X<0NC_Is8R!jPm4PNg;StW-&QlKS8t6w>G&&ol!|#L zQSB-uXh?uAVU~!r5bH*W1Ud&n2|)7FiWG0NY%Q=z;Up#FfXe}+tm0FPhIrfYcAOSE zJY2&d4L+Yz(;o8dit3ardU4rx>f0qGUY`7R{Isy! z0gI29o1xj^lt`iGBVCD$%7bnYB?rEJTmTv8m71iGkRsGZxfrWV~g)14M*tKML0Tn{kLwC)yxJ;WKZXDA;|NN8f z$eYTd8$H${d}`^BAQ>@4ejmTL<%A$8&OV4Ttp#2pwLN(LQ16A!n|Xnq7$V1aR{?Bj zI)A+e)w!Klorm#I%qAA{JlReT>@tvg#zTu1({wG zVw-}RS`d`0z)z!md;!b$mNFafX&-4!07qJTBqV@1x1Bq8t`jzS(6rdDyNUt%pd4~O zdn)7SVDDkXnUk4cvoi$|iD^HkpioINK{ZIqwX=(hz_U{9!gic5Xzx3~wL;<&bDPPI zRZfTxb(;~D?&M;?CQ+Z`l(u%?eQ$3cAD?iP3w6~(ah9LOAT9@)gqXvnLXHJP7n#rl z&tL*t_`?s;pdn(_vr;?W2ghA%ePal^r9%wCy#kRr9@MK<3yJ0+%8Gjes*O|dSiy6} zO8fKa1t9d2x4}@I!s1jCTo|gKK79gS%kzWQ*-?(YY5ei!6_ER9t}R*FyVr{gmDhtb zRwoAsCgK6xq|Ewy*P$F{-L8W9jv!Tb`*v6(N^YN#HIGQ{=cNVgS8YbZA>}wQp;W?jbauzqE@aW(? zTsAkdNkf`BB)+s1&Yk-4@{U6tB}w~Ro)&ZD;l>~!6bH#Z0_#HYAw#_HXK#p+HJ=b0v98MbNDrg!%XT)&(M*sE)%qD;GD_7sVEcpvMTDTimMzSuK(n!2JTY?_4NG0Gns-~I*jAwaxoQUjMv~b~0aq-3} zm);LA5ap||ABziq3tzeu-{z^|$lU7T67H#&9&BtA$A6A)ReT?6O>z~HaIs$4gnS)M zgV(SBlofP85{QXBNT`J)4_{lt$h>#s0H~Of5Qzr%l_qQ4J4!?OaojxKSM>U6&&zS0 zo_HwfmP=MC5Qh!B_SCj@{CqM$qi zP1WNgi^w{H6NU79|F{>&Gt}GesZUijk`2xV zgXl~h^KYtU>fxlxY#%9#Mc(NKej!UnRj!K@kc8EB7f^u$IUy=JN(d>WpyRfC-Ny%- zvc~T8EX6{6oT*MT*95fe23=bQ#Fb*xql8#9LW(ayXOs$;xVRb#cjs%K9Qzqz@g&t} zU`Z4q!(ywQ0(+4I7USb?Z;`C_55J7zGPohF0P?XFz47AY&);3FQ3I?~`16WInrod<7lE5|=Y#t7`e79|7=7r=c=u0%PSXMc5HwM#V|@Fg0^lr{`$>~IDe zzrDN35sXWcf)^M$WBd?#ARI?~W7^tuP6vxAR(KX%i%?EAQF*44bez-m+hc(62xQiM zz5H1T@-kgu9OshdIw2_{nUHy)W-ce7g1ky76HNRevIqd0#Hu7kBL4Zd8;>+vl`;W! zl)X44h!I=($&Vl5{-K^NnZ`gBPlVJ5T!ft14N1(0v>&9}SOP~Mh zjni4xer{PN7n1a0kUc4cc;3D}xpae=0md7Z>$Pr;-)fYthYUBP7xAzCguzy?h?PO@X?Mi&&wVlyp@?{fPpPISAAT5F-c0 z^$ftPWo*6oPhHeW$*xWr3R{Rt#Np3e;u zj#Xwk-@e%+594J;d$my*5pTIp(BM&#Kfkm$>|iD4SAueW`|Y>>*k)8$wv$#+s`K*l zC?|ltX{yepBmPl_l|!8HT0Jc0KeDcQbiif809(M)&W^Zy_8Ltr2JkvnZXUYu)m8nm zcsa57rj6-eH54=*`U}r~tb$xZnf}@ze;5GFLY1yX^&teKCaG5SiMqGIuIz0BEZIMd zN}Gp^>nPbVprm9JH#MotN1nQrsSbEHkU4Yh=hZcfIGr~#-#qsMh0+bD;u%!pDHfj& zrwn%AFm0M%3jtZ-o#x4_3yL(T_eNtn9IcQSp-7Dw5T_W%pBnN zwMN+n>qm2v)y7Ai-tgQKj*o>qFn4waaN8lED8y~Xfv8qMW}q%t_sM;*wSoI>`}FBC zNS;DCl*}AZQX+Gv1&J+ehYd(;mQpBn97IR&nCr8+?DVFfpn&~skOs<7HV$zrL$e0q z*zbl`h;&d1#JM4LXms@bi%h*gHuY!dAi~30{SY6tSHIsH1MY%iut1-LEQlT~l=Wz@ z3OVn9n%*08fMuij&S@44|kj{COG@!-E-2#OC2oCv%XI7BJVEiLvl5b#OAht#V zxDHYFR=hcBI$&J*H8nMrk# z8IF34FaT0m$uoIs?zwO_Z))%sbkk^9SnG8YuzjOZG~gVZ=~sNec)lYat8DgNg2RdCrxAG5l_=kFX5VdDs0vmjch4Vsnyn58fquDHVDfI6L$X~YdDJe2b0iF zPuyWIhfO~PdKb8lX0-&j*%>fCbYiBar?)b|W}JneWEh2e7nG(NP?hbUKR*Gx8jYgf zJN%z2alM0~|5P(u*}I^U1L$+C?Ia%ZW9XIx2Q*NcD8Pb34J%2`AlXziEF(UD{_F!2 zgxb@`TW~`er~>C0GhxszfL7JB)iWJy3-%bL#wFvFSnc!mS6P}oOB zeYS7k-mr9~9il*JsHS_T#l)~-)Fda0Q_=Y!q3=?k2(eIzYyxF4;>s;tvZ4&KCNG1E zQ&3kKUdVImI9w4@z7;o?Z!aE9cIwNrW?uBmNKcPOU5w3L^n9)>iGv*$5+!V1a>hcu zv3ipBFALpbXYZLj;Bu=6Ej=2W9(Dc(@B)pY&X>@YBUq2E48n*?2^xLY4ayo0$Doxs zg62UxPz2z$sCsEjON-XF!wg5*po8Nj!IjtyG&fC2Kq&MpU8#xcEqwjb92|0zfF{NU z%=ubCL2)sG^Q&PY?s@JqFSo89v+Q@T@QzKO@d~^Z(F54?DD#P{dtkNArL5eWes4@hpts75&MkxnjsvZ zfS55@omgDGN^?In_q!!}_d#;yP7O+9T~34IuR&yI?^n)KN4dC!l{LGy4-#42GRdhk z@QusibEpamu?jn3H@o|`x9E3TKhUzOxy~8y{B{}pt=^@o0F&V!w`FL_!Nz5GAN^-l zWawj*NH;w_tI1V}&})S5A7V52k3*H{5cL1U!^0T7bz1eG0n6=+Rr#28Nz^{D0<928 zA!59C!Wn^FS!YzU?JuFuJ`Xiq0bGO+jIY`wB}-5TFGUI@KOlj222peh&s2rx^2WX_ ztuKrFKgsOc%?({zKoNPd0ch~N0Jo&r~+3gqy0voucF3#T~M&U zG0c@&u@$-bZA**hoHO3s9FKL$D&A;PBOt1v{CtcUGYrWEOotlrlvrY-^`ns;;0>)o z7l}>V+h14mo-6A;mWO0TRU#5_&O~<{9(WawR2=pK!HVqjMv+Cn+joH?30RgYARFSmp|ip(8jM~r z7b>FbTo2&hSS%9CuHIR+Y7Q;G%sIBqu_OKeIbHDsYyNJitOw0VnL_Ig1Vqa$?r)2L z%W$e6du}Qy`>T^WWT}iYxdB=>MlHxh$TcK5t`M@fTUp!wuChB{}|C5f|n; zEuZbUi;LuA@`ux(|5xPWbpEHRDN?8;xX(R*M18I#CkPAIm<1yck_I~X_3K%%AJn%> zju$OW5GdUh5x0Pm+99Pv4eUXHsfLgP)9=2Gk6Pw^Z~YC(v+JorRkdr3`v+RkS&Lh% z`IVpw!;2jSRigV@S~EGG2yE`s%vJMF)-GU!EF?=In_5{(41@iW`Yy;()VI^6QbeAoM$$58w`%t73NJNu(8Ut|IZ3%3P zQ91R03)AouZDkOznJ)&vVGRgo1=9Ygd4~A45H#Ll$I23C2#~V^vOG3G9LjM~yS)K# zM>&R(cDdo(?kk9h5Q-I4hIaw^NV5izWK_T=0Zf(*3X(lb z#%?o2aY$G=VS&Bxl%Jk^j9VoqF9bWmqOrb)C|Eb@7TV&6Q9lu3jc(H#c)7MR5D(Bb zncJRn&x|#O6F!Rh3l`96C(;p(jD6~%oV4hZMKEI)_xfr;q(^hoV;tW&z}!rfGR@9I zr>z{Qom3d&Uw2An4;nSeeNo@H?&1;}lwE)gar| zBBoTO7%St7>UOOM4^3hb5%Lfy)(Pm{24L3XlSCy0eS8OlTO&Ii)Br#B3qz!%{M|0$ z{N1;E8y|x)fY+zBOuD}qr&R%@eTqT(;eTk`OzPSev+I9~lMUMZ^YLS|3AK}G;{pBR z!(|A|Gl{>EGQqK{HJ#5^cuxKd@!43!(-q7YiP~h7WRJa&R7V$@jpd^L-K`Y`Jfc5#8`WhvY+?fD;i70-zQZ9Ai_>u$-HMfvR|Fl04M=gQ@Dwd1 zhXyW=v;%K59iMHd9~!_$F9wgn@4x@vUpF3Jh?s+Ze=)V7+smZ zKw^mtgQ_&w_=$Ky6aX42HZ$Ke8iJnKeL_`QWZUhY$|x^1vH8!#&5V8tSm+ZA5^`2B02-(6n2GY92hU9h=cQUTJ5 z2GN-asy=A`NKfB)4Dz-&sW>3V5cw4|Ek6AY8*|_8Y;|u)_LjE<-hY5kVJGv=>R*^W z;_%s0p^sIz%QmM)sCYUyVU7}G&m@5pb*!r%4q@W4yx`-%Si-th5W%9Krm-)L$Fj{FL6 zMhMY72x?@>b7$KS3!bFYuVFRsxi9hC7b41eAaN=_Il7p@7YhC7=r-=n4bE6z=MY?h zsU0+=MQ^76)2Dle8$jnJz(3c6q+CYxHX!v{VU!^T6x)ZDDb0gc++G^ zZY~quR*hfh_~~=X_($+8(V$bP?(g8LWFicAAqiszeb*)~%`XFpQG|dB@{r+8J{K&y z5e!eU@=(sm&&J(J+3@7^E5zH^|CnX}y3=^xU!fPyS)I=c4ZAPxE`h ztl~UnJkt*S-%0A+TwJY_n-P0xvOa47weaOKnZA(@{WeJjGuuQlAJ#vSk zV|4=NZADCdz?LXdtI2k-Lg_C95bTF7o8vgrA8RJUgV>6u%W6c6^9M3XTz@Hf0`wvE zd{fH~bZ(n9?r3WhqMrpxqJ$r;LK~HOy2T-)ng~&XsSOOiM)LB3$zB2Q>8iw&qs4}V z%;~Yb*=khL)H2by?{zQd=VlbX5#iwwo8M{GfdJKA;|>_Hkvb-WF$QNC5W0TpGzNq3!8|eG4U45tDz;H;;v` z)vv{!31jNbUVXJwNsc2%E(qXu&b)Ky#ZUMqH8pfM=Vav@g9N4$0dGcY?a3jbO5OZ8 zFyX*@WVGzaB~ApdHs?~s&Zy3Fb0a?#WN}9P`_CbL>UV9rtIDtcx`lWHbV+r=&g#R3 z)s`Xcm^Kl%y;NqofH*ifPj*o`(8AO<35tOYRNAH3b1$AWwSGv1A@vkx1<2YdG#w~b zfk8t5_E6_1IFsbt>&Qe!h5ZmG2)iK_JNR3Re%Qx!t#~z}$U&XOp{LLgrnz-{b*^)` zO?~C94g=@;P|(mDY!taYxG^clIlI2Z>nMCaPmx8#h?PSOu@vJH$5w124?ax_Kx7%3 z84^SxLKbzv(BP1wJ_}n@GPuxzlbjv*qUk-jCTXxz)g<|VscYb9UWTRqICFRAhHQZ0 zhv$z0ymow7K!Nt(GW%Y^aQpCpi=%MuV84#je?)3W0n$`+NnK5iv@-(bs07LZc!pua zV8TMH3~!mb>;R6457ZlKuw-9%7JimBkV>o}fQ>J@GW#9cK$a?^IU51cXpHr1AlyNj=h0fUXS*yKJu>nKlN0fZE!CG$ z-T_3te*N08?9m~j?8$>m72}rUx1X<{V_#Xu0!`f5#4PeYijooJ;An<_>7i1zlRY|r z_RjG4AzqgozH`q1cSdyKD*i41@qc|-n1f~3{DWpphl&%Zv7nw7^~HYVd^=~`a2IxG zKLYLiyLq4G#NVrQ;XiLm*?)KmzF+-UV5z>jri*1OhzeWccYN7@!_2k+@ZJ0;On;l% z185Wh>X{r7WQ#-|0-V6imI5zMe<%kuvql{H2bn?POR55v4T??Wn$u2MK6275jwQ>M z)necd1z8lUfa_AAa?2?u{oOVI4;NA4$hg(WmSinOaw#nAUS4J;jUa%M`Z4l;QAx>Z zIMWExlW`|&F zfF6apGG`D(Nwpy_I9bHVvw8C5$;e4UV#HC9^iH!cK7IHXf_i#0!eE(xs7oXO7**VQ ztT3@leU%*#*}HLU88vq+~yEY!~&5NUCi$9$jXJb}Bley0UScH18>fZMvf=m@|t z){xR75OUFOjE4Ho_Ixf|>j*m?ji*D+MJ?lkFx+LeqjoMs#oEqfI+VV@a@o}jOqDEI ztdT`VVB0FfAGJ}^J+O@Atwix5&{%+Ux#HJf$>m8NK+H7t-oX zi2lSwq*)K7F?rJ{1GqdOgGE38*PM(MCpgS?|As*^WeX9d#h;|)Wc^*%Z{S6#ANmHO zAS#kLC>0s!_B;JB>|_Ge>uvUfoIV*j;5ZOdx5ZOQF|0feXy8HaWpIfd3PJ)^j}9%M zxiXokZMm43T{i(JPP5Dar5hFwW3L1@gs=WrBm}689b#hjQxalgs-@yXx5L-BxYC?5 zxW#K}h!zxJI3$#zW+_Ap2vAjL{{MnB@x%nV)?$}Oek~R##YigB=kupw!(EI0WbvT|JIWI#mlm68j7XC| z;{5_$2>H8NTa!u;2!N7>t#7e5-pU=WJd8guSmUmh4Vm;fnh87ssvkB;@8wzxPkKs& zIX1?xm~&>qhkj05-93BuxN~WPw$W2T(Qy_{dtr!WX*PU@HlNUD!LNbddTiqTkb$~8<8FO@}=lU;8V!GF1YEI)-S1)yNMyPDlc-G?q zgNray)|+bi<4410$DUn7ooGnZfPe_%*T(TS5Z%s=8(%&aN54Jbqva07pBmIAB`xae z>L9r~ty`D_M`+t)TFYbN*{GulXaptjO1Oo9!&MO;%2ADXTgzP=US8OA2f>Enji{(4 zvc&}llqSA`>3;Y6+LcXsOfRqYLjNZlAi7f!tBv)%|CL&Q>fYaKeJ82)E!rSPfVdNR zoZ5YrhcO#K%KO07mm?S|RnJVt+^?G$r8NTU2M=tjG&n3X1iqtu)<3+5!Lx~}yWvR? zBp-KzxQ(M49Dg2k=t@4db5I^D0O(fWHc0gMRzQJ?c50$~<-n0qt!(}FB*fdG{{1{N zQ$w$^M7VF-=&^O3)C@3dmskPY4$QD|5~$m^&+bm0b4xj z62@m};E$H9tj!8_=MJX;{^tpXd1X*H41d)=*2Re;V^CVNrYRq;UQO&OWc{=9K>* zDm_(qS+Uf~iyAa3+Z81>xV_C(G|@~>)YQ6s#<)rZf+(y+kzNu>DRzo!fsiqzK%W{_ zgct7OY@&<&_-6$w#D8w@Mi~iK8&h8y-XzT@3kZDocV|Ak^FHWhN#@u&xMqnTMOr5h zo0h}GWNf8$OOM*Wr_I}Jd!{UoV1sa!merXBju4iHGuGD0Xe_Z;9y4o$f0c?#9-6|1 z@uM_+GHVcpQV+!A>{e~kp3`R|M()T43ZEtk9-+A!iaeYm>R@?m0THayeos5Nx=lg} zWdc<>q}Nbx`nOViebcg#duV7Ri!FJhFhC#-(KoQjb?WO0^nFz_ZDqy3{-rK!ew)fy@Yj$-buu#)I@^V4hg6o5j0b-@L|g^o zKoKyczxx61hNWMV*;(;jRy_-$wU}f0c5#rXKt8LltD7j_iO%aM+@YguqndmD(@#I` zMq<=PC*B&k-}aJSBWt9BBT4w;Uq5-csAbufM8lf(sk__gDH`{7-(K&vO@5n~&$RFX}PO2g&aL+v^PJw7v(y;-_ENimhW>auBXm(YQBGqO8qOE_#d>RGhKkLe+@97 zAiXcmSXl$gIX|qyY->`_U;h+9S10tkHA&NSKd1rs9zJxG^>Pw1algc$`yklthO6U(F{gR=X`croFDS>_zt*RJw6vPRl zdEgYH`B^mO47}bM5F1umH`7bmMJY&eN0dqRDr>^h*-)`BX>zk*Kq!N3CvJw1I5^p`9Zzq@xYKq!7`fZO7$VI7M*!Qt?i0fsKR7r|b41XvFY zUs5kZE9NWT1w?CiI(w{fJKWP+bMXd^gL|N!9P$2j!v@nd8Ks6wgj3U#dn08-&HQjF z>!@QBP~8*tMEke#myWm)m{;J?_M9t!`0LjM?Zmvpvl!X61=JZYnDPf`*wdo9rMp>i z>2~xJtuwRi+Sm7UtU>#PWABRsg?Kg5q^BsrNUXp#u6nhnYx|WUY$?)crKYYXj1PWs zo@4du?WB*GHGbe7`tpUkcVYk+nSg(}Q6txE$goSDwD2fC!{Eey>f7V`cJlGbprzAx ziy)9K@!%Mu)%W4WmJ_85YkYi#w=u{WJDy<+e>q;NL~BF+8Z*D|=4jli4Cp*PhkvHX zf5ztGi!(iyIV)N4Q4uSV|>^N6&m;h5*UMie&D^xL+{iinWP^P2(bDaoJjIz?of=z>(C#h>6!-=6J z*?fAn(2B0G11|{#PkxXT9@*2UtKo_OqkD|ueCN}9-4sv8*lg#Tu}7^}F2VnsW!_j} zkM`!wJ(t+-D#BRmhf*A?LDOw8E!qhEpA!ICHkg=n`oZo)Gigf5vOzyYdTx>?;fNRlY)2@S_y6i#ljxr$JSzL``}SgTy0qVp zi|e7c-3j`jFV`gnRV8MeVya*)G{>)g`3ys=^bL3j$@?2U(JTL8Hv05^;f6^7INX$l zF&Q)d?#0Eu1-9eHvUIB6gip>|-M)Nhk-NXY|F}WGaE1HxM(1TqEVe@y;bXqh*_JG- z6E$}uiRULug>DGD7yrxN)y;71TCEM$e#;h+^5S-*?Dut|DGG?09)obj2QGJ>r!qnl z<$)ln(p0A&W3DFq_j=$)U=-}yeaZ+7xObcN6ZVZ;a0`ZMnizeqm&sv~gk_?!xMHqT z>FN&OFW@$2#WILcM&$j=pH50-q0_i$B{3>5O492{jsiQessZLmz1ak zd7+oiNeG|DIc{Hn&#WjVQ&hDh?RphL51@@8wUZ}n&u zas?6_3bDW*e8e>r!A=QKoLQ?_;PM2%%?VJ@Bk+KK@WrsoPH&y&R>u0P0@Qp7dVmy? zl{`v2_U-$iwE5uH=X~mgrBTvmq4WC%u((iO$&D)r z*Tc}g<6sIZ$tzA~WLb`x+GU+kb)FHv#jJCRDfH_Gz?Coq&2!IELp&lJBYDrh+JA-k zA@^jpBhf?6X6pK(2YhaZz@ZnRh ze+#AdEM8k1lXh%-rZ9Bk4a#`q6=>_H(RWCpMkucN{f%x<{)q>Rx%$BW`H4?cqwu`K z;6ynNW&JkFu(hbZgrJsNFEjF*JfvqzIpPhbj_CSenlHT+xGYbQTb1e9iA|2ldm4Fn z?09?E=acbY*MD`_`XcJS-@jVeHqY%&9c$~V(vUe-nnm=^-~Da>@n*7Re*j)!21x)v zbuXj05~Wuq(s93v1e%S21Z)c$_%Zi@JZ3m2d(}(vn={a_Uup9<3)dhv1J?(Y#4zEv zr>08tW4hDS{<)dIBaXven-E<j2Mfa|M(3p4Grf3Ug{G0F?|hhA&tY~4O@FtB8nS1FbI|(wt=91 z+-o}<4}eEgXDmm=nt9>%Ler3unerC-u_GJieRM7O#g66W0+e^o-r>N#NhVk(YI>n8 zGk@Wd9h)~F#;Cr)3~^KYLF6lHd`8?sBshnJ^Sohchb>Iy?RC4j>hD4>4_PnWFyctWV%>vs8v z!=DEKgB+z`&?snv`pTN141c5gbcH)_X^^Nq4vsHGRdNb}Zq-Tm5+sEf4zP}7e<$#0 zMlg$m@$7w<+DIktfvlN7f zjzNeU*WBId*T2j$-B`HuAq!aAen2Ji@d{=zJOO^{fx(Ujno#Q;m{@obWB{k`aS@?S z=omdT)GtJ1gh&nt0PTB~!bQ`0sQYVbAQ!WsQ$&5fVZqQdqr!dXMd=z~AFy<@v(7Z)3g*NCM!j*pY zo0kTti_>&7fAx>lc1*vkf(DwXh`B1w#2XS@Mh>?YjJ;Gz#du+=jYx2zMIloc1}ebi zXs{~b;2Rn}3Iw_@8#RkSQ$J`{jGKxo8e*#6Gjx=LtBEF|8xtQP z|LgJ545MmLJ2a4*qxov}b^OQh*rZ3x*h80wLJ1 z;8;EkrQ^Nz^>N%Sjku%WM(!wl501O;Sj0hqyOd)veJgsE-{EviW8ckST&-Ns0aij zm1qTNK}04|kx>PtAVEv$Z{Mu^1zr8(2baG0z4v*Z^PIEK-uuXXU;a$;PTIF=4m3(K zx#{Iw*zw7>Pa^M}SsQPP?6EjIYMW)m4zQ9sKvIqhL0^@npGfxb7 z2jS!}&xvvP)E9s}mam@ph_ca^9pD_D4QFx+1T|_QE?;o((SY)C{&_e^tej+T&lr~- zwli;%vEqn0-C-y{>a-HJEdwf4`%vt_^jWWh3uhS6>0Iib{%~+dGep4#PVrisn6ucb z@bo`i?US(%O6Na$)(-{IKd!r&o<0;ZQf(ly!RY3!qH8Y)VVJ=4l4N{HV;rhUT#Tje zld}BD*xw7c`z`+_xx4PIGP5Tp?Kc2ZH@Z1P8>kH#`4h~~OXSk9*KCby)KImp;J#N| zut_Ar-Czymud1eH?$^)5Jd3_sF;h&+vliHS2f1149@s|}O&1%u5U;v2Ju@pD-KAb?7D_u>0$ajPR#l*k3>8TV~GeObY&NZtI_){{5AA z=@i%q$3la$M&`7kkFbZmd3-W%tslGiLoPlDIi!H4Df?R9wTu8g|nBpASHji z$z$bSKM1CINktLEi;M$S;|xLIExu&l7;HBr!M3}+3w@%4K`90*U9x1J6#ux%Y0~nv`c3&8l0rQTJC;;M zPH-+d>OO?QFixPgg|Q>*pcoz}g9zQ7vwqCDXkUZg6=BW2$(dP%Y{B6o<|83iYFR{< zw&(uidfsC<_fTgU0)iMbiTfd#&Gjw#%tRlnvv6i<`JKzr&Hur_J$d)>{qa*B+XIbVi z=rkG=Ss1CP3DSmm`QaN>J}s-_a?*9nRw~(4yf|KV4+PO0Sc+7v=FJ_iuZ<39UTk%3 zg2&6f$w92Gt?Se44xJlEq3=zbn~$1rnc~3=78J#j9#}?Dp`GF}=jK+F{*Zkni*u^k zWJS>}DI@Pzz>|~1YkV>aO6B?#8->y`@zvE5AOk|B9Tt&ECOoh8+Gwu?I^~Uf+p%iD zR5K^h$@}m}Ik*z<7@wEC3h#_>KCJSCT$nBzy+ABgz6k2#YUcRYG`~?9{hpA=n*Ty(+B0aK&-RZZ0eVn1>R)*lSJtF;#*AS4U#7E{bCE$iFD z-^Bh4?L_yvlfe-6>~3dlxfye67LGZJ9XH#O{K^uR#OK|AY8AI1^}$EImlGi!4YcFD zDGjHgnuWQukcc_`y}{YL>ylsKXf$QY;+VCwJf81${XlmmSCU1q2G3lw6}3I+g|vf3 z$jVL1;bY%-LN-4*@!vSVrtRdcg|&M;d)$gEp$tUioK3oQdQt4K%Eg1+n`^UAI%u6V z-f6gTM}p};b|N6~4x%(SmS50_s}%bCvrg?_HmYDEf5~R(dKglgzo4u%;gnZQE|ajv!3nayoWGREalyIUdP_NsOtds-@`k1`P6Zl z&5r!eJod8=?Kh>3V{$W=ZnGM7Ve-!2RxNM3+xqMu93gWP*0S`Ii!A5eXHftMfsSLx zZbb8GEahN0UN_wdVl#_PDI-M4Zc}n@3#LLm&J;gCYRGGCvw$7X^lhLywcCIG$`XpY zy>HzOc4zaEW;$x4a(CsoKHQv`-r4+|zy|i`IbiBxcVVozP#_YNPsw&-M>6iO$ z$+3Z5ZptbP?p>Bt4I)MI=|rYvl^mC>i-TIY03nG41_0 zzK(^g%VwJ^6Dnv{fZJ`>xyz?O*5g?LkTU1Aoz|e zZAp%4@y67wW1!O;=)(ME`}V*HyXHOe8Nxwp1D-tOx<|=^oL+nF!TFBr=H^t`ZVE+> zsAlEuBZQdLDRgRS)pq`E033A@KGUnnjZe@34_#1}NXQb6cArbwY3{&@hT3hNoIZIK zNb#!7N%#U1A1R~DG@34tX`IpQYTmlZtfssL5L5U zTW?a?B5)RI4tnET`)Rs!+<= zWcgdCs35dqdx92v94r?Rmb8Sx2FAs3GU2}ap2F$GfUT~@eJL5^dRpWY+r zk6f!FMnP?-HuRHH2QJ33%a<=xP$n2#?tLe(p(w`pDNggL@;GA4g!!5yg(=gcg`9t! z<<-uk97}^F+ON(d&NSCAmAhY^fkRuHW((!S%lP*Q@$$_|QUxmWzm}4pi%KfNE<~GY zC2%P|hs3M>9Q@!a8QmMSYWZA&`3?p;2|7d~cuT)5iML#nIf!y3zjSh=l~rlJ(SLof zA)=<-f(dc!^ePv-`B4?7+=!Fza0B++b+g;iar}$44r9oBK;l-TQY>wo@wJG9VP9oR zbWUqjz#c?NZ|Ftxg znmc>xY%VUYxlCn6O)jqKEnHmF`hS^;S7O$2Z^VBjZTB3q)v`KmYk%D46qnj@+q33Y zw&tcMR-8X&bI#Pta_gq;n>KG)VPb20_MDWcsKwvDVUv}Ov8c@AnBVXwv(73XKF7ty zdz}867A_xV%Ee{p#8lj+?eM6x*8b?hriRI$p}Bwlx_FgHU|?gN$zgTzp?B|Xf}6sR zGH<=V^YDJ?VV->jPrX%z3sejC6>#F8{IG6*b$6?E(5j)GM? zS*jwn(5`Ssc97P?&PLFy!h!C+%>)qaZTf& z`oo+RkEhcgj!pa7cIt%<7cNZw?1dS>eV9hCJo~3NS@fUwCZEN=4^$ZDpN`Kv9WT6P z%a)+@z8A7xxx8EsJLp60Lk>pk4LhtLJx-lm2yoJp^JpQA%F>kf5u5MGI-;ssu50>6usbKs4^UHL}xm*I=Gr2CL|F&Sk zNk)hhpM?2+mudxfo;8PE(>tq^ec5YNLO)q%IuE}u4pAu?UsC7P9?hz9FS~U4a;0bM zhbIbrwSL@%k-1sNvuA2OJN9yc+e`}y-&s6765Flna0zzpU6=wDh?~TrnYvQ!}ntrm2rE7H2g~o{iL^@?>N--?yd?xB=+I9GoglV;{*PlPj>$C z)3p&+%ZHUNljB1oN0Od0T1zzK%X|!79g9Y}*nL>jCJurB(hYM8eOA36qZ*%@})@7_G z*VIL?tMcug)dS^6tXkX3qC|8ey-&Zt|71EhPfNYqWEt+IL*tjR!D_3>!||b;j;7o` z!Lq1MQnMAn#tq4u7*Ux%^Vi!^QBhcmz_n@*P3kjUc&Y{DoDU7Om6d$ScE7vvh{VmM z+xAr_S(HR*g(bL6x)%7$PHh<4%Ji`}L^G9(w5ESP&i<(T3qq04kMtreian>(uj{d4 zmTRr|#v|p*TO`kY6UV!##QDt^QokR#=f+ZIPHt}QBRLnT0?#kl2J|;&oEGoYsKMyB zk@mL*7ew*9+1e%uYX)B(H+I41W|pU0H(W8TNqNrc&YGNH1xhs+1#HI|O_o0#=QcUP zs2;)V9rmBb$Hv~@T(*6AxlqPMfA*Zko9<&FD!aJ?WLXk-m0Y^JY`I;=M+S28^753o z;2R|>VhuIo{BVt*+U>C3c~U*2OiP!Hde_l{Pv#P<^D=&Xy}{FN;4+}II&X)xv@agr z`n*o7nv~;azIt4bIr@!3dmtMuM)kV~Tf=fZ_*OHeT*p!}v5i@6 ztTF!Mt>x0)=b8&SVdsmB)4MaHQc`vd|M;;^M&>A@1GD^0S>#=({+5-@k#D|M{YCPV zHGOjJWl>?@3Vc=Ai#8m3tm3n&vSOotns#yY@Fv<^jf0yuZCWa66U?CP_E45JC_6Oc zMbJe=@@F2{Ap6*39r63r4-9?JY+u@??3I&7U76 ztQ8t=Ru=j0-bUZJlX-!-Qxk-r>({UE)0Y3D=!g@TIKJ(|*Ecuv3kuW>3=GUZJ$r&+ zefLB?ZQVbnb4RK^*z)e-wy3yM`JpyV?@WJu{~~4IRm1OT(Ol@~G*G77)Z8qD05?25 z9D(@4RM)d(1q^l9$8N84P`EsMp(e%k^}3r9O+M~+8|!g*@s*z((~3Tld@nXO_Nc!8 zT_FvDMDt2bgn|nG(J~Ip9$`|otE-DH8UIA#8rnK4%s3g<#TimUAF1F`p=^W&7in$hLd*PZq9;rj~8v!ds|;GpV#vM ztI3E!*ut$IziuHrIo9{?kz_ohwnuEp`{x-mDzh>JZu>48?5GUF+1tlXvuh7sj-@y> z>1SVer{J`g*tblkHSfm7b>UFXK3GVEq@#mWtSbo`C^1nj*!JDl6}4$nDHU%>S%y(TDWw`}^v>_n$r6?A}`{_tnxv z3^_fiLanpAeO$Tq_n|y5q3Vk9@uB(%vsir8UUr0bgl3>!k40_k@AgI>55!G1*`u4Z zLOt%B%*e=ik8js16XM!@MX6>Q*P`bZ)e>)Va`v%Bw8L*lS|G_=O-ij=wMuO?o;75- zQ7=K6T^g#kOj24}`e~Nyc-lj8)4+{KlGYtbGM_znZW)$s0Uuw)gRRCQR&^Otc5UAN zZWE6B>E}1*xp?qPAGEf%9%+k;wQYR+JHMojqE@Ktov^U5uV25GhG_`CdGkinJl?+B zfTGIcO-J|t@zab20s=AF?!4{azhsY$^%XTWHH9?fdbX!F`>XWwWHRRRZBf*a8xFp= zNk0;C*`y*yzpXYsnbC@Xyi~&cP+W79yP)fS|4*1NGQJ@?*PF1&d0;y15f zhwr*L6M?{I_Ck^1JvSD$Hs*Oro&9_PxmYVTJ-t2W=CZbrK}vzrr3jc&BmJ#GzT2%t z)~!>{_YtkYgG)p{aq0i4WOMFZ3DV_2Z@#Edbuuy(y%8P_n@3RY=~m;yme#NU^`uP3 zIBub>G{Vb6EK)Bq@>`)_6oNoVO2N34^N(k!zt%8A_T5d3O*-FMb!sxrwzW8-D)dZ6 z%+f6%`A~-pP-YT%BxXpYq#BEc6~FrS-U!s%OV9 z&R($Ym|;cY8C{)7ZDx^7pU1@bkfEBN)V93C{o~`~iB1D%qpUQ?zHeohX3bBaEr@8I zHP(B>LoBY+oH^)-OW>)-kv#PAt+9B`8Ap zUzPsoX;{O2b7OG@qHag`(dIlarS6QrTZ{-~->M`FU)*Hmix)2#qe-@{nsjSL>h6l;X8{_8fUGPwp;&kFGpaG@acYYm*iC?hQ@jT$;bZ(a9;)%y+}#xKCM` z4m~F#hZc4tcD?fw@|?YRler)aTGs%`8T4=r9zNcRi|dZ^IqNKv!+`%161Z-aMhQ6l)`9 zT$T?j{n~t?wR|U+ikqxxJ$M0mh2IhGlI3s(ABHI%w4`?{~DEh zh?61xJ-LE?b&?kpQ!eswIhfQI1w}+WKl^33qoZRhBK#e9cXy66GW5t$z1te5XvX*5 zan(NSb=7el<)|CjN9$ws(;4~mXTCvEYY{haT-5-_M4kOjX9bch;pYk#X8%-6RDzCztE;PhSq^see2(jiTBr9?$A6?R#-1wE(vZE|G15Pg>f_x}GJn=K%bG)m zDE}g>R5o2rOG}d)vy@#IA?d#L^!pDUd|Nf2BA11J_^{vohDMLMgfFV9C&>9a@uv%l zpB|1+FfCb&=xjRFRohmdm9^JXAlg%IL^&2wQC4uy1*JK_$Y(VWNJ3ENh8z+~y>QM!C043m-{30hFN3F>D3E(aUsBee}pu*5Tgw znDf387RWKa3x>RE8io*7vy24iUwMHnAl)x3sUg#&7$=x`SC4sFqqQ(zQ{|Qh7egrG z!h*$%!>}#ds;#oh1l`7-;91qB2F+p&FcdWP5=@R;rK2(#vgJ;}e|Q>x7ex?{(v4NO zuD&GSKE!&y^2_RB6wz6+NnNiiD-WZ>i98T=1tB2{^-Zu-b)&y}%ZDcyfvej`+jPf< zRXgkFwoXi(Pf1UY0_LIWF3r9>2Dl*fkUS1eTY0oE6*#yIvoEhMKNK^%B4JS#93H-o zN-QbcmfP89rgI4xf=hTI+tc5l5jG^@<@MdAS1U|C#LV|ncXU|UXfjF*k)tWkX7Vf# zM?z~)tS~5v)QJ+e?>d@jS*xenYd_t~>)=b_3WW{gd}^-ZaGsgk5S88+Dj);{PlmZ4O-u=WSpn{zoU*zpy#aB6BPRhR~ z`1nu|s)NBIj|l{h&Zb%Q%jm=e1_pMe1Yf@Naz%7i!gUn9*#d>Md!r3Fdbys06$9-R zr#!5Gc(f+`wrEl4*l=I|k{}*_sg~E*=G!N_oIDxqA$IMabgit9Wx*i-B;%Ez+~NuK zdFm2L*m~L)ThDz{y?o`08TMdadETAX?%8YrfzjE`OuzL;?_KI;eI~l?$0u{6pg zdfcRm>*%=bM`fWD@6h~0E8Y0hYVO0rrwboFIBhZA!Qpq1G52ocOi~(S_XA~zwDEuZ z;khdxC3>X%i8jlVg^wyHOe|le56r69m9ze;80hv|C=vH4*nm}dE^b;fTRlL|f>#7c zxf~~Q!GZIUmN3LYUkeKUnn53$=KMK@K8O`qOr|9yU@)b!6id%%Ys+B;^0S9&OtlHE6ZhdTUWoAjq z%ZuEd-5J}>KW)yFvhQ>4@q4XNNDp)_zmzsR0d?9L50+` z4=hDm!}?{Yum^im>hoqylUYg>U%ta|laEf!QAws|tN|wh><*)y9&u+?qSn!)k8HlZ zkC1a23085F8);cxo8hR%?y#2$IbvVlFnN3uh`|iIpJ|zeI%USpnPv!(ro{nx#MQ<( z1ms)#E0V83N?qQSa^&!pMw}fA=?9IMY=`)jE@1aDo zi>*z5bRcMN9wL}=k-rZ33LMHrM*GG?&vqgb-D4zLR3Ai%xvwu1Aw5SRi8a&}T@t1t zbi^J=e=xH=LQAM%^rz2X6lm42fLO^K?UHVK|3C{lSU1tEO#I~A-z;j=biy7Q6od$vDmU_aMku1`L5eRAc$_?z8$5h9%XOvgtq-H2XN!s zxMI2(6k}`fak|JkYVqTtVM6{6yMb}N861>jRDBaGL}&qo*8u?B1e>OPtnmcr$vSY8 zpg4L52g^Z55!_E7IodJWQ?R|h<(iQHZLz(GNjf(cZA?H-MRX>L)sIN);w~e$*eaD1 z3CfyYmGoE$=7ZOuII8pX&;jrwRq@82ILOg>2U9@5$V1Nq2?U_dH!Xj9nCV(KmK_P+ zV2Xn<1#F~mKp2U*$j#dZ&_FdY{_&Z8?6k6&!0?KlclT94@Z2i~s!dPY*^zceh(bwSbiETjee6 z_s@=Jv!j#2-DpK>3$tp27YPaq#+!T$9F@9Kx&b_v*qu9fm`T{WllOtW!%|$Zxz)_g z&DqT>Hf-p))hrw#l{G%-n}>Z6H@X3EaTo!m`I*|GL-$?A0R-7KRyKCUfkpO_@#mV= zfj7K5#E`bCCI)=1GFzWnj5*AlF=I_?ed+SaSC{8>wpS;ZdYMa`cD{eGH59PSeoQi< z(mYhjQ{Y=w;+edpL{#M1!~P4Z^ZcZfacB+MQ^f0_)4{FgpPorij4d^Kk7woK?yhvb zdBwVQZy!n7iBw8_B}VK^=ExX=GM}Mgz4R>$oPhU$b=_wSxdix$Z9SxpmB87MPz#XL z2Wn#fg+gg+Xb8eunZCa-R+VfOKy=l&(erk8cLM?fmTtFviZHwnwU*l8)?93sNEEX~ zm{H+?ut5lOcx0sQ@?wJzKpXv_)3{a|Rre|;?=wQ?#AA6hf%W$d}3TrC*`}-3iW7Aw1jVi+I#f53KS=Va#n@?*0 z5scGlNZ=SWTo7=>+v@5gAlcpp$Y-H+c!JUpkwgVtqw9*?d%xE?_o;Q(rt4zY9z1sJ zu}$OKCs?+qV=w=7Y7Oy8IQH@O-00K=bs*q3V8-C?=|fWNq#3bx{-zfSxh! zs!1I|814|0)3e=V>>%g?~szx}eHeJ8eafbHldnLFpIzPkS}q{pj~% z`pZM|0!x~6r#Fl_I9$z1^+`KvyZHN(FFb$It^VI%_J6+k^?!SSFQ%7+POCIeV)!`V z2HnO7pf) z&x6KCK}1W9?f&v|)~s2n4T3A_GevF*$VP&}xP1BY8a;+E6b{NiB(p#vxhWv4hf`+; z68~V#(Ff+~pcP#s2Pc8cg7d6bScI^4P9ipGBa5FZ^4G_iBRo%p5&%@lP>dF&I>kAQ zHoR@ITn9Oh5{N=2ul(3!;1c3q_(~!clt$|0e-R0YkDofLfI>DiNNG&Di1IZ8MIo-- zC~yyZug8*=Ch20N+5z>{WW%xa|PvU;-+!HRzH+;N%MDVi|}YI<#%AQ zs$+Xy5PqQum4k5(0?CJ@v4^i#mY!YQEkXGhgmV=()SAbiJ{@u&_~Va1X3v^s{mVxH zeNZYPB-1gfJL)*;D63;h97^d1Vi88P0-Nx`MPNp;UTD9W14;-=aR!b}3k&XxWlyx& zdkV<*ccpim^|yQ^7N!g}On=)eg`)g?l_J@pqkHXFA3hv+(%Rv*Asb5_GH=bkb$Hl# zsQLGAkwUxZ{FhfV^wVsa6c|x;*iDQ%(&NHQA3+m_Q<6q0d@U*ceCNYKQ0>@2LVDYc za(<0A%reNDoJe=Yjh`IipxPt;09RN7=v~sEa(1$~lV=3*qsh(~Z5DJvdd%u6*Kiu1t2&%!|2}SDCt*1Ru z(+YzI268_0;qfjaNf>3(M=I)Kf6V!XL==}%5Oxv3T)jO#L`+biMgdzp;JCwOB;l|1 z;yQ5FB8TIGA&;FjoE&M7g__(7I#nS3u0a2a*}8PK+`pA`BP>SO?xgk#UVgOp5FG8VEO3*YK=6i<4m-Z0KZ zF5@P#BuJW%P~tW39|D}ce)Z}Hh_U@O=Zad9;hnlUL(AI~_v~qf9B{yA zlfI_&h{W2pdjSIWXJ45+@M?}|aQ^cz6T#K|{lI_gH*emYH?-8**_p@*M+b*b`Oucd zAuJ-@DWOE7g1bLYD8K}Vw<^OiUPe~7(+-7P1WH6ww9~N0l#ok8xI6}s~M`vSuy|WhBg@@AiG1vu7U%v*Tu#ChyMjCL^6y!;q zG50lf@h^TTwwLMzz>CgP>Gs_Rakd*#j||nZG{B-i++iJvnl1qa17hA9o#uUPVvO({ z+Yubvs*_`#U0f0=59=k0=-(nwgYuba)22}#WTd91GTFp!Jbt`F?ZK8kkeBWzCnqx^ zP-{Gd7U5FO^jaGMk(;OUP5tL(+sw4DkD?5I3Ys-Mz;#48nrDXThT5M-Kmlr}+BBW4 zkcW0X7|VXC&nQ9n1LOh)xlRo(hA$bD>VYyoHjdd{fkh|z+EVDzONzCV8T>QzT`ByiW@ISMv1zka>wnDImCSVi=aFu;r`>xLY*rR)P4 zlMgEh#2|LYI}LV3fH_)8>(*t2{V6P@_5yr>%sMZe8~*1 zUfs3bvgT}xfg zm3Pf>8tSr$jR##z*!*e((%Zg2~TSvp;BGJnDo zJP2J&ju}_4?-PuYmx5%ZVOA!k(rs3CM~M{yPkO@0h_p>q%?GiuY=0zYFx=frxVgF4 zgJ{LdXt4*rX6?<{mn_|aauzpl7TMNSpJm9_4prrIw?TM9ao$#8=%!YBez&@Ma?Do7 zqv7u`1?-PH7_FUPazH11|1QKEUE~B!XJ?r@6bvUl?!?Ag1=@k0i;xO+0F*7}7Ic0L zS)>K!_MnZM+hn?#(!PK`?+>`M4$rFGp&s>s^~BIKlLeZsAY0RFVP{oV zttcSCWb{(^ldx|`Ng2aYednFmqm-~ zBilPHv*JCu*Vq2!gm_~IDf(oElA_{U_;Qfnl6`9B9z5!Id$Q%p55dRYrB4rQaq|k4 zg6kx*2BEz@$WyNP@ve*gFS!M4tVgj}wD$H-ec0gE$#>)ia0Z^^`l5{@$Y<`qIg1we z%B<0jHIQX}zQ?e)A6n2pIyxE!=h0xd{MdH|;^Pq#b=u3L5klCz*$=l{#aPy+tub3Y zVR|K9QkTgukH_)-**ZjR(wk;$e@nbKzkU!Rc zoGT~e(7NaYDB~C$4g>6VtH3Bpq>}@H=w+EMESJ85?S#`9Ol*{W;_aWYPr63Q zkikGCst;Z94aS_WlhfchowEaOv#Y-+<8;Br=V*k!xHk~{hFd0RFOMt-7 z!P$ZzYaSJt2>THT=y#>6VrlUXhe*ASvg5W;*Uc4w<|sq#%* z7B>g+@cPZ0I?Bq*fp&kV2gHwminh4pK1Cxqx>=b|sO zc(IS-c#6JWKv=@J*4BuL@zFD+*?e&qgaw5=6RC|D`Rs;{oFzAxh`lnnS9Ok-*-w^L zempSq)2C00f_o@u9=Zz-3_&w!lYW{B_H-Kz1C+&4(y&~oFhI0k2rBp1i@b6luKvE- zcA!mX;D) z2M-A#!k^V8Ns1}TcwG<^1BKGvHD#G_yM&;Mh(zsD_1wrES7jp3I*=I<(p^)oaqGB_PFHD=>-w|IF8Yzex0YBk| zgT0jl&J-0*IRfXJ+L4rJm*^+3UvRJ1kw;VGP-5N*=OoB!v_1hdLwOx2n_6|fN%f6kbbaN^BuS(s_y<~tTyRECd^B)EYMSdNt3*xc;XnBIwJ zec^7?+dB%l=L)b{UeQ`$gv*{D?u)7BnKg^qySKFy68QbEVai`#svwxN#lasVt!hB> zFM)!z4QX}H-o0jcEM!ty-gf2ErFC$ekz8=ZiW3661l^ln`uXT=V^-J|Y`=RO4hMez zd~8aThiSm|#}{r6^c{rT%h{tQ|7wRHx456?lp# z+y(-r@R<=AbT1?v+d3=Y?o5Hz0WCK?x+slqh?(LF1k7@l_{qB&fW|)-*Q~8vA^jJF z>k7O75l&ZJ=s(1k{3Eo(i_;!re6_PytOnW;R=TwuP6EE#g~9WUJPHHki+0G*T+%+p zvmARQ$m`M9aPfJjG_i#LotOCU@D^`5Wy^iRV++{BzpV3jUAd@um9Jjm6^tQwFEn1h+9@NrX$Oef*}weq0ajtJqmzL5 zQLyWv?k&R$R6vuo2oOz@20r;t<9T9;*iA4nYlDig>uqEbPQ-^2ghxV&MM)At4nRAT z^EJDQj;%lVbbrv^n~gAE6Q_z#ZUa|>i|yJkx@C(d;_S+mE3Z}k=uEC}Y-@{Ly3MQw zu#X*#q_&1-2dqNoqoJ~HByq`v=8lf1z}iuS$v|7UB+jLsk&Fa-pV$`^DQoo@p zu_;D=-3GIc%lDVuutp|o?pgcKUo8aG_kL9RBEq? z^+BSXId`e|rrfvu{l6019f8!3=d?dS&cz$fNurBOLe)wT`@^v~!Yfv+cq0L4S^w7? zq9Q9+?1anJ+t=6E#Si}?rMdAuN&npwEEekws$O<5+z|Y5q!98#k|B;61$Rg0(3JPS zI6Ajr*>=kfOxSGxgduYkh_TTTda@`+c#fxodlJ!02q*rA(VYRDs}DDbE*>-0Pwx1> zXfF^bWL9H60Qpbg7>|rhq9A6JONmVCx>C*7_h3pEz<&YhL;BJ=CXqsNummmW_E*}oCju#jo}KH&u<^o8 zM|W`2ABn(QrG+gEx8^4IUgW)SK-k{?es3QiA3d0&OyaIUiHkxVK!zjq0z3tsV}?rN z+MqRTH)Ko&9d`gSdl|S|{gksS^*!fc_wCFfa;W3DB=}Fra727S7YG9f$YfImPDd9n z40gg7Xp3j4*tzGQS)qQol-8scL6O2)KSye?!Z19?>zPulL32HRe}4N9Ti=4hM4jg& zEetVT{d_gHXB5)wNOORjI11^LZjZP8`5$0c_7E9`8p(F-hc##Tn=jb5kNE6`%a?Be zuS~WFwk@1yWik3kAk%9BY&W&HM*)%$^~7iQmQGyp;hj4#z}CRXo6xg@!nqLgKD>J- zFqObz=w9d0FqZ>oq!Ub1c*AYvS!d6yT>xj@V@73#PzXrA5nyV3hBS3UKn;X9{vL$J zjZD)ChjhiAMVpDh0E?3?-GES2iVBmzZOyM~#nD`25Z+BdNYR^XIeUzOjbf_LY=)H* z@uj}`cV+UACR=%Y#KzbL&I3A@8cOwN74TB~fFdM-h5J=u!_*Q5C+iv1`4p1CoB^*3 z75GW(0wDV^23kHU0G-U9Gbf(AA7<({IKSvG@&@(s#v1PS8uTD!oaUVtVj|-b{f>8- zqDFxAh@T+o2_AN3Hg;Du@ygwGoWV}o;6yl6O$8E?U2BLvvCX(}Idr{U2m#&xDGu*L209_X$&ge$;q-PW8P&H>+7bK&U5qQF0y-HM#h*xv3N z?hN{xc$dK5mKGCtr8ji@pMR%r75t1Ls#-R(24@Tjl^qNe zRhbW}u48K|84tX zpo47$V`$gemn-TzpQ_$>{QCEtg#SrF4>7`!C^SOQRwO>xvupCV4_lS7O8qdrnSxv}0}hHz zUIxJgCl*M3pw_;gC|tbmhb%jf6YH8h&%iWo@xS5?)DWq>ZQB=%gxr{cq^_x|>Osip z#GC7t`F)LfK`?<;XNf}JhxLcu@^Ru)w>KSRhlB(Kc;r4UAnS#{|9(7RgA;gqy39D^ zqD@R{1Ih%_A#*TD+ykHw;b;{Ciee`FZ&4TV8AJOJ5%c(oa9pV5(^23yg2*6~HK=+5 zVrFOTdbsGv{ls5;tIovcLFd69FNGU^ezb;}&2}cw6LC0?2=CdB^qay!Yk(DQEw3;A z-rui1IWe9H0eT!6lpT!cANj9P|DyTxS2KA$V*=p!K}?R1^$I5H0^4PfDHwdD`_5AX zj+87fl}tNl+Su7qKN9iMQ(C~tKnX5n;nJm%0C_A9q`6j9WaZ#8pi5~XhIYpIi>SY& z!hjm1;L6fVwFv<|ay~%GOU5_VWziOy&0vQPqE>AB^5qFt5__&M_=t9(0az8NEsw0? zp&9|3nAC6u!5jvF&F+FbnUKkD%Yh~%p9}G7!AI;LYM`qG35Ai`4L3mHgu^fggxEcl zaPv7quBdru{QUDew3kfrBZGqoPV1m9V8{Dlv0^A!fyWvF0bPn9Lxc|kt2T<1emr+! zDJeaK&@x1+yRxkFqx${#?=K<36;(75A~>`Z2EZ$*vTc#j6m>J$TTwW&Yy5ti>U5VurlQ3<%w=2iw}~V9V|w4Wa~yuf`~y2ZiV8a-2xSC-Z6(pZ-9|2ybqp0mX3qaW9n-8kUDJ1cz)?tRqX zB_)>A0w&d?&*;MQzu7Ea?2wmR(w?5p|KHa@i-q|Q(F!N2A(-!!Ue`M20lwO~GQUmX z|G(YAZLx+L(X}fS2Ithw`cLwvOu?7`g4W^x=$-#tP0Y7vlK&E`+c>Wq#&1pVV}Pg| zarmGZp|^9xfg?D@YH=2D{zx4dhicpgzcN_7g5tj4?i3PRA+Q(Vm0!yC17h7qCKZ5a z_FQSCnsfeFT; zs{jOUDq4`Mk!}0+^(+qLUc#FslKnJewoHq{-lZx&7v#)J*O90JBMRkPpg1F{83|aD z7-i&RZvjYuZ*B`x2pJu~zG|FO4Pyi2&4mILz%+qk&9>BkdE?qO>qE&Tpih;Mo8KhW zv$|!W3BP&bLEY^a-1Cs+bW+Y9XBMODfaHW{u1HwafDOvxlxQDp3kcu@joj0Ke&Unu zhI>yzxRw1l0R`F)_dwYa1(vthe5=j!9mUQ+gTa5gQsGL=U0s8Z$cMzR5_CXJE`x|f zEGkj5rkrY}>v$qWhC|*zX{)=OvG{|}hQlW&srSPE&=9pRgIovW+mtL!YzCr!$N>!; zs0-X=MS!TxMkTWf8YeN!Xu_myWm%UY%#?yZ0`jMyNi_PT}H9Ac4}ok|%_a zE6jGbaImucfRomPCxo}b;aRcFV~s~U4m{X$Do(!Y5wRO5<171t{iVG%AY5ZLeZXKq z2MhzZ43fL>$*qFZT7U6x#{eL|%g$E7H&x&Q`P)e6fxD2PI9e{7P;bNeNconnoouPk z%A)fDiIQ4dGsmIsmcnO`4%knzr;!x9Vv4d`OTx;6lz5w<>p|f<2m%3Z|BTTQswQyQ z+<67dQMBL+sSAr)jFjpb*@nN2ZJaTv`3w9*nVv#VV(qbVaM9<&cjbe%d#vt zH>xX9X|owHghgP(u`Oq0k@Q&Ckf|A!&8JC(goi}@)Vl@bKL@A4Q;qseF*c+3I$%RIIx2QNt%gMu;#V-*4Vi2M zhc7e8)h6it{SVji0o{q((X0FVF1X^9!xt@CIRJ2yFy0PVs2P|~lCsc+y#iDmQxjMg z&n)b@Q7*Ly500QvpX&cxv|$~SJkXHA0--fWf%9Sqi)M{!VznzkSTUI7&ca^^@e}ni zMKvI)j!v|m4!BfmbybkJ^nnw^0E&|qy5^&)Fojud51e8!acO}lBq15}?w$h&4#1#M zjOw%zxnuLU9trbLw@oD8ISBjtlK&Qh-9st6$nisDI5`;-^p-uP^2dqK||jk@gfRa5!s~_1w%nFx?9lE?k3V5cgA9 zBFwx{j=UvYhh;1UT%(8&=E)n>FIqsIGy?AW3p5Kq!Am=qTkVU_McUEC`Jf$3qBs=I z(Yr5D-$o&I=p~sy*kqVVkBs4zq0dIRbaP*=UWaBsMr|6`oo7X8UAjv}3-r;tbJe)% z7aUSf0Y^f?4eapFb@O)|d*6v?=LDXMeCQhuG7bTdsg#!EoBA8QG}fju9au*k`h&3# zKxLMJW%kks|F9DE#6nSn8iRYKl$fa`uV7AB@}5RXwH{mGdC;19>}IueJWRw$nz z1^&!Kv5CBx5j9?Ci30HYwQC=dxtGUWr96vU&uSkmM!+sCDiY0OjBL71U5}T7cb(Tq(e?W7F zH?TH3q4uIleyS1yrS5`!$z!nqUVa>BT^Ij!~oh6VtdTS3@fjQg6c z&o|GMp^i!|xK3chWhPj@x-@G`PB`wKZCRk$0`^hNC})Sv2nRWWG#a!9f7S0Cr4pa2 z3Akxk58yyZlfull8gUpq5Dm%MsDPM|PYhOVUnU;Zh0!lahhQYa5p77BLY*H5qriG` z@lyYrUju%EuANDItI06>B04%TNr8!J0JMRq`Hc<}3>kVUXTR_p*1pMJUtqQCAYwb% zDlL!ztrw00bY18I-Qe(Um9cHv4;N4Aq+i-;=tb#-9Wpd}A*8GL{qS?dbV zAv&w3Yf$Twa}SzdK;sDBEG%s!lK2325!gf30SOR45ixVl?Cbk4_hI-%=H}lFLKkuiOf%BwIc>WbFWsIt@`fQV3JaFlUW$}xL~{_A zUs&Aq*KUmz>Ho$VVz{3F5C!sY5dr_$NVMC+LDF0&y(`pN|EA+&>uqrwcYv?|)>&)+ z#&deGC2ji7y?H=cd+mv{aR}!#+LAWMbHV?>YyEH8T`$;wBZRB~#heB!jho=L1A+)g z=%WHFFbNPM7`YZ>+m1p<|9}As5#PUmM+XJG@sx4VXmB`f`4P=6vd?6vh_JJZ|Jr;5 zL?WIyfRZ#BP-G)ABS91rVrdkKd1WB*uL!~vJD7-fj8{1bFEBFSYUm696vH88z%sUu zNg0b=!_?e|8v70dmQ>lR3Y<496gC)U*1$;iq4E8Ll9aTxrI39nMxH}Ir@Ip%;9uG# z=OsQz^I^l+uO|RtEl~pB6wCQBI=YORw@FC-QA)F%eQWU>~&#yx#aO9nn5W^pt z_=0ZXV}3(rr2M>dv4O)&K)v!O=E%Qm(Lm`x$`TUx6I%4QuY1y>_VduEgurYJWYN`H z-?3(&_huTna^3|cyhnO^y27my+^Ywp51_9)e`K)p4Ah=VXeFEuh%2Foo}UOsMLHM< zIf@Uxvn6nx#yj+!(1PK5{(=Rz8ZKFjVKL#NfKSvm3~2+cB}ynu%3%=&qa;3#5h0L5 zy+Ffhny*Id6HN-iUkHqY@T#o9zo@U3Y3YMh!0NIG`9p)>s8s^3(5W2fzc5P{sG08E zxN*a!mVgqr1*WPjsCGq6solF;h?x&?86J6jcksw$$t2g7UInS*^8WakU*#K=PohNEwA!73+MU^91p%7VE?3kZ7t zk|p=e{rU?T$wurHZgZ>z)t=Btak5&U#lSx@f(6pbUtg zkNNy`%tLG~`goP&vbMSk&FX$^n0~$hQzf!@V1ga>q2!IUx?FCCXe9xb=^Ki|oFzth z*e4hdP`y@V^cSnpWVOLGXxp3F@9`m>r$#1qtI*3PycIr&c-L_!qxaE$U%R`lJj70; z9K^YNZ?GNz8UrtdHv`sFLnW^YKawikvkzn(<06hE$2_kz&-3?cTz4~8Anw^eeaTqn z`_*(yx1dhrsT77ofUXoV0{p-#gwT$b8 zY2FuX&swu?d<(Tn57kZ*SE#%N&sjWYNgqz;65oQ;5V}v1Z>yoP@g#*853x{)XBcVr z1}wmvOqVgySKyqMSE()eFkc|QGwWAyOMBT5P;PQINJx}Z-1_o$r`gGV!L9!suH0Qx zy+-G@Flp}Fos)1@EuOz@*%@GN6T~Er2Hh-Z8Zm%Fjf76rs_!wDssM{n!0P50<9w?j znzL&wF7mXf&KtS_oUTUAd+XXkF`_T4ZU1RZ_`o!%`eZi_779bjq*QO+{(zePUz;}I zEqXb@0ZPHKWSdJ*SP$TKB0<$rdk_sl0s#~SW)P@`}?3BTNPzqnT(uU{83=gB{K{+)sC3kGO<)X zocG|7a4iSnZLkB!PyHnLYf@|gP#PlpJrhBo3vUM8>N{k4zQkB_k55~Vo{Yh++9)Lb zPeRw$W9lLnVht0x?R;GIl`B_7KvUA37?_xeBBg$x102BXNVI=MbZJ4vps@?1L$Ffh zl_yr3lL++hpdC`BCnJ8J%zyAKYZmCO+9{re>uJ#cPCIOyR`Y)|U<~#ex(@Fl5e15l zC>}0r7;D%B7bT7MnVc5#)3otvQIL^bM?1F@SVuNc891+Sssiq zz(^IAp$l4Y&;6)*A&psAp^G*h4aezKN8_9(+!LMcQ1c%{WNC*{lR@BCP5&dF-~9PG?o~Bj^?S%btPHN_Apv zxBztRyl5+kJ=rJcFkN`k#Bw%(55h=M_yPFoxQn{|=CuTqTm|>CVK~~1yFPblF+aZr z)C@IbHgs*AnrE>-4~pK(1CE+ruQ7+Q2Wv6syUl&LU`4y^a^@Ue7rSI$w5 ze2GT7zkKy>7PYs@@_G&X-vhK`-p5H=hKZP384lL-mo9DFZ;aiXQ&3PK)AM>h&B;3r z>m4(RyeLFeH?+5(ffMuunrKYmqUgFEW|_;d_S}I*1qO~Htq#f>jm)6o2uRlzV6TG# z$zfenw>J;Nb|f@Tc#)V`GFrIQqRJXTZV*bXB{~2dLUk2lKhK;=6O7T9k(lKsP=tA( zyLRo;i#y3=dnVW4gpbA)>rAb$h!0PZ-@*}lXY=w_fY6VIKop4_Rh4cZD>vG)l{}NM zj&NdK$UgK8$;`$Cd;`F^bDSN@uAr8d7U?8(*f}D9bjJ(|^6@$94s=&fPhY^rO(hMu zi|r_Z)`F{mWnC)+?z%XBaA!ufOl_LcAFBhB>mJk0X0^hoXO%eatxso->e%O>0)7jL5U8|FVd zL%O@QKO2?P|M;&Mrj2*~9{_~^&$GebdVl2S+VTz&pGFyAwt+|2?BZ)v41)0^!Rh~U zWCfq{(*Ni7gB4nP?YZ9mlCy-*2*cNe$oEmZOA5m^1pnog4)@&oXk-yzDG(VT<|~$S z(pKmK_eNv@l-uxE&`P(`&}bVQCkKJ$LXR7sFK}DKODh$0>;MM=q7{?t?s|H9qJGfEaU_H4wKje95d#+Cg<9JE zfg&6&eor1*yZ%7*uarwl7VTNmtfYiCT++KBzfGBfQK4o#1#A38=hy1UHW^fq9=etYk;b2vf!9-ej!K!w_`IQb{=XdiwgdB7KM>Q^m}h zJ9iridv{JkGPj6bJb%6sB(q}_;$hG&K!cDYgPHRiIy%hB(!3Q~H0rEn ztMhEz%R6^1A2c$Bjg7`uBW6B?>Utk)@B_3rQ;`afgSp4?r-CzR)~dCQ4b9RP3vlke z#s{rL80D3S zl*WQltqBpd0Ns-B;T!2_=W9<;+L>##ddH4WJ0v9^V8uS=(>H?vGy~mw?+@ARP7r*j zp%j>)#mYPr<0To>NAU9=3{3B}VO3(w+yvGVM&ljF96bD9_7wAc3dQ0#0CWj@bcnUc zrX(b;&ij>b%j@Ivgf%HvO4_w)ODz|M*WD6*z$ZvkJ4MO_-5^r*)|}1do`0fFB|739 zW>l~aW27BD5t5R{u2{R4I`_O;OfepgXBnPpe%7wy-s=v$f}F6ba=@c6CG2tbmIEimEc%f&s4CPvi03WDG_P z|J(;`eLG-g1t6o{V8>yWEPUTI%gLbVbbJIzRxm-2;4U+z=D95WOI zrjA!{LwXB&`&OCr{nZ?d^^Er!9T`D4p^cR5SPCO&ar-zvU30s0&d)U z(&b*>;RV(0D?1%9`4crD4dhU8#7H>ev|yoEIf1Q89h$K3E`Nsy9zuSJ>B}3&S{$1F z?CJd9zI|JJ-B`vR<`kQoFZH(6nAKv2F9O_O25K#9Y?7}^%&ln0j7%-c5I+h zAZn}F>_cH38VK}x7YfGf+4^Y?aDsc;p4q)cMg|ifR#{nfD>fy28k^;gqhM!yhi{S> zDahFVq=Dm=Erp&C4u65mM;}!j4er1+g_SgB6&TtJo*gtt^0nLU z#2L$8;`Mc;TCnnu#9GsguN7f-vca)HhLPx_X~R5CY`!(up1XR>U^GA#V$t|0;Np6~ zDK=u;E)aM$RFmcwei19bgePhE*Di{2!>fPqUhuYdReW7vU;qpRyvJaISbP9tBZ|h9 zVuHxArzO+q2w0EiX4Di`Rt`@a_}TP}y61~rPh-6bg^_D8*h2ErPO~+I_+mV0lQZ)1 z`T0)0&YDy$)ZCgt?PYPNR8TjnoOmQSgDeM-cjvkMthF2K_YyVe7oM=c*nI37a^_lK zWFIc5qdHlG-SOop8&wlc&4xm(3eNI4E@m3P=UlkZ;B62-;5ZhvB{^&U^fM}*4s~j> z%xi7EeLcsh`GESXX}UZ*#SQ~i4%&GP1g!>_id*zXJ47TV@&j0_uioo%8%L!B8$1v{ zMdJ=NQN^LvEKe~Xdk@d@&=hig$c5)5zChIADD1GR+Wz>pAk1WgBPS3ba6vag2X@wH z$sZUd*TDQopTGS6+i#CSC9ZKQr6H~C2`igBKa_d^OYC!<*z?9cY7BTyyCF1^(}PSR z03K>6U(O#YIwW61FTff-`aYuvgaFX+@qq8{)~+d}jo}_XqQw|}GG`14E23v2zoJ4H zB*3Xhg400h0;ZJN;z_#q(u{*NyOp=-!g0}~L*2UA7YdGJVNV+ie0`p)^YV>LTD`c~ z3vz84(g;w;2~la*;L|)%1=jHY4xHz;D^|Qf7OKie4nE0v zfS~ayAGE6~0Dou3V8ypxm|;5x);(f_yRb1zWFb2{RODnD?`? zpav4}R`z=g|2_`bHg6-)&8eq?(~zCS*zeTcCWd z3NaOl@vD`+)GE}DaTpL@lHqu+p|jJXrl#io)*=}rWQ02(Yj@9P&uPh7Ld1R_+M({l zDE<(xKJw{FAN}aLc;UiRAjC~cB*gDdP(!MuS%UM*fT?3gvByt`7P8*_|;5?wt3X}-c2SG3#jf%XOxmEJS)nCRD zRw?t*Au5@$x5B|&PdV@40Kquga5UEJ#i$o*k|19T;uj5YqzTjX9+;NY^vCjgtUo~3 zE$+Bj)~OIV%nC4pVRlQ-r+m}^WB~=2AAvB$S0Tyuf}cQ#!&PEUh~-169E7c-!Y1N| zJ`8(O3-#pyOsm!H>2L+7rH|pyQBY%OB0YQ!GO(j5k)seQ3+9B1u{dxmgk$y59;bEo z?Dva1WMsi%@Sc<(YB=7qn(OnI7puF#$pusOh!LqIRu7&Ph(${(O_Kxhc0Tt!ArJU@ ziGX5vcs@7AK%FNBq>I4K0&QiT1<#6wpz|BgR?sgXBBvsha~vy@?fK;;mpZy0a)#|_ zJVSWJbN*8Mp9uE;0flI_`h%LethxC9zMq}hFtza^^O)7Vh|_2=R3NJ6qUEVynZayI z*W(r3Mv6J{%$X0sdF+pIR4Vrf#CMSe`ZrzZa^Yx}eo@e?ZdRI@5VqTnS=tITA*# zQGz41bmja&$uDI#Ch>|~U!_Cc@EuhI=|dH=utr%~h%=yx{l48i))GXjzYxHd9#M    k=uB>WAM4+V%JAuMP<8~ zg&mRH@0wQ7lA~EoNGybeG_J5MIthoA(F2$;o38dG6h^LCkz>BaWw#<#?98lhmI`b2 zNyZfD$ktjC{}mTJdXV>b9#7gm0IZTG2QjmQqbe`5cTvRX&$XB9#7TN6R&IR_KnKT5 zv%SmtF-sCZu;p%gQ|r6@8lG^>ftK?W6?N5xY*@mn>qdAr$pK`RGSzW$!m{c?hl09A zj3e*&c)F5q=`so?AF{A9cNV|JmN{U+_DRpNk4xq_DKsUn-jRY;87^@MgK=Mqaz*sB z$!CIllO$-IU9E7RifZ{c&Bb%;J?5moa82mwl;q0W8B)Ck{6BE>LrPC8>==s(&lf7~ zx2!p#06TW=FlJS%ZMd-#@ypLcu1|E~o;REX5ci5WI`5FWVn)1{nIXrhHc)x@E(>#V z6#q45o+48Soq=O6Sz(JY4EmZS8#^8b=A*cqVoOTp3KUR!a__obyPVFwW2xrLxpX5h znVpJFo<5QeNH>@lMiJ|NatX3gwNwN@J1@gzI!nxzzO1k3`IKu{KL*B-)$27`x4k(N|f3OYa*)&APbLK?0@oic*i;3?&q4Z^1OcG^bUX>*{`+msH%)iKq73JTiag;F z@-Su%`v9`2Aw6fb(TQ1W&#=&8@19lnQo2}M?FW)1L`8x8d-y$~B+vaK?mtOp)&2yh z%@$QWDZYT&f4}=zze!xz>rqq8H6|G){y7LlGYL_4Z5_+@y1n~JEKu7%LcjuEJsI3U zWQyW!<3T^P1Zr!gm#631+s~RiInb2T?T)t4T)7s_ROC?1#grE}w>RLWzS-V>t@Z65 zFB<{|2i$Q*J_TCJBQ0y7y!Ous1!Q_bZjC*G;^TFXfa@Nw*<>%nq++A9A?O{6ISI{; z*vSmp<~=j-L8eupyePupGc`DB{p<}hFFz~cIW+Y&S(71YObwlFCJ3?1s@DDOx}C(g z(@(@Zr-+^ga~Su6kz%Zp`rMy}!Z?#$Ry}NkImuRBRCL2?O3xtRTT;mY{@K$>zT3UR zp6*HNX;^BOlgX*!!odYj%imH00nEF^#Fc3Pv9)iBe{IYF=q5z@FcIuPYX50%m6A_W zxn+@&Ww?3m=`d>9d|@u2jssB@%>8rMC)&DUi>)nb;dTmE(FItmHieTnQW7oVV=IU} zf##f5{E&>1gjI=$!h~I@yWBpQ1bG)NE@-*eU5ZH2R>7Xr`NH=xMLSjy--$AYhgwdV za(klw1x(&AYCmt8SZAnY`oM7;A3`eW;^vk{kSd|$<`>+7vH%I_0n$C5(jz5(k|`-R z`yotEDX}K=O#us+O=KZtUa%}`{_fS4OAybeFyyGg)JVo@97YZwPic_q4_%-Okj1)Y zKN4aKaS)wfXeIymc+crYGn(NTG$N{Xdi)P>`OLFxWm6=ON9#vwsHvAQ@e9!YCZPy%aX4`J zqL7gH9Tko4p?s>LhgKvNFkn(AEIK!Z@rX-DMmaH^I06Jx`{R!AOB~N=5-CrPr}7<; z<+l8+7_e}P2QMC_FFfOOx==W8%9lgPybCoCs+M!J`Cjkyf&E^JeZ_F9)%HdVyxfZ` zsVS7jbfV9mP?>Ml$lP8g9n?9;FQ1$NsHod5s; literal 0 HcmV?d00001 diff --git a/docs/versioned_docs/version-2.18/_media/benchmark_net_p2p_azure.png b/docs/versioned_docs/version-2.18/_media/benchmark_net_p2p_azure.png new file mode 100644 index 0000000000000000000000000000000000000000..9130349c764286e66108a54ffa77a2079807a57b GIT binary patch literal 36902 zcmd?RXHb>fwk?WzsY@`6NKl!IAc6rwi3S8G3W(&aAShWRNj5G}Q3MH+m7I~B!9Y-g z<4>*LuqDe*0v7&g(+&}^Yz z7QIeGv!;)RX4T|h>+vV?M>ZV8f6kg;QZkn{(KWZac~6H%@}~J+LlbjDJ+1wgI`_=< zOpH%)@o^pJ+<(X1{H_^4H@DG$d;^!sz1!S^d*Zj^LpI*MtZYU@LwA#Wt%?+h(4(Po zeM1#JFL&R6sMYHJPWhFYv5N55VjFX34p(pMSl=)CT7TWzb!*SRJ{&A(a&FbC{!4Nn zuZ2C6yA(R3YO}+$ZR6=l-(P}`zlRo+nj{}T;p|w-iqG7Cs@MPQsoPeTd8clFZ*(~! zh96BsvtP!VV!7_mFKJfs|M{=+LmH+(zu-IffR_B?!M^?HHjrO@+_LrE8uE*u>;I}; zMSgL2%~~u9{+F?8wfUc4{P>TLdGKHQF`eJOy*JEsOj@%nq;&$MWv7RlES49o<>S?qR~9FvwG?}!_Ma;@i<9u=NSrs#vKkHK zkc-^!SALj|j;`G2R55$`%YA%2cYmJqn~3H)mU!c+4GKK5jYk=&gvk_WpuIkZ^8&yt-dw9d&E|(zKuO!qBNONk0YrR2eT$!mD*;SKg(Y?I1a2O9ScHMvcQiN0hznHro z&T5WF@Ar(yv<2_XdcUh=+eyPPU+T)yngrJfav@WV+vFX3}CjD(C;o3*$fpNZ7a zKv8p+#UKxU5WVZVjYglJY?NA#1Vt&(yXi+Lqy)1jMgA}{uEsa4_)YIAL^tgWs4u@w4^AKs6&=Oa5=sGioZy%wjE zI$3>%yZg*Dt$^xzKmKo~e&h9cW2UphR8uIoX_JolKUb`+I=u-jlbkjdd2*MM$$4HGVjs zmzS4ye=N9W-J`cDdNpEfQvR>Ky}frIQwgQMIUI%9DDgj=e6RO=+&^3P>6iPSuBR(e z)U*#DrwFfyU?%|pZMN!OS$CQ(9ZTkD~lyH2?z|%b%*KlZ4?o=J5UcYlEGH+?R zMKq4hor{~B8ykD$#=GjUD-rncD67%7<`lg*i;IhszdJ5k3^$)f_A48knXzilZ%WdU zP1Ua>$9J$1X;(_p=j0(bgN4Z^7CQVWkA#E-Y*Io~@@+QbF!#u>L4|+sJ=quLtx?U_ zZWrRPG*5MZ#Uc`qlXd8xWUJypZB#0b{%~XB#V`p^iJ^gln4dpyNc!?nt3%ES@oMce z4-#<{{v@JkF;H8D@H=fgZHV(wc*RF#c{YSnI9T|0ac&~Uw5#Z35oP}DoeQkzHUu9x zsOKC!`#wphbRZ(g!QIJeLQ!{Sq}83Gsi~Pe(`GAGYWC~vd%m{&7v25ig^in2sOcu{ zUKIQYDsrNkviJ5w5`C>!?VgllN+0&uS7a~E^#;{HT&j^4kw=Y_e zwK`fpCip5J%Dc6#?O?|jC;ir})X$$kYsq^@9J~0>-|jnyZyZ#NSCa`6wx8^L!L9PR zM?Uh}`5kOhayXf?^It>0E+ZG|BONE{mPgOhX~tr*ujTlTh*F-4d=SLxYvMMaKd}*;iGN|_*=1~X9s6Urv;sII zReJH_#nXD#6!|z6`Tpv#Hwcz{-6dfPaVmw;o7<6*ChJvA*tLsX#;2y_0|l*tP}q>h zilYLN{}ZQg7Q_!vTgykwnfi=Yh^)xrV0fImEj2ek&tX458Lg3<<*+zbyjFzwzO{9f z-Q2jl+Nf%O)iW)e{V6Om$Nv52Pz|o*YqCyJv+zviwfpxo@)kw}JlSQ%*sq6PEAe2T z3R+ndM+&hIrjts)*DWz<_0D>tr@pWQ$5MQOukIwL*?DMRTll#mvHo+bp=Y?pKfPhA86mF?b7o-AjW2DK)JXL`5+R<(O1|$ z%jJZWwUqyvj^l6jQCDoHhoZ1yB|v%rgbIikZN|ID;)|U}^A^6Vn8@i3m8ws1c!Z9$ zW|!(FvjhCpTOAso&e)FJjPQg8n!h;yqIB{^;*46Nh|P|G!;-#7bV@u<7AaY^hG@A| z{rdLi5EXD$0ZB4;U?P8IN!lcDF8ri!*%1_VMB)`DeskyXABm1D%k{#^wmGu^$~JdVqY^wR~W zII993HvD)H^RR4sq}AYh_*FfM4^XPlMJL)zszoROv7c%lJ$|en9;Ke0=5~uiKKj>j z$KqE^^&c4}{dny=ho5oclf>Mu0baE{9e|p8fSFICHt@WE|Gs|F`EhcrdUpNfa7)9y z?dqPP$m;BGN3rYO{Q06Mx0n0}S-)qzTGJ`O?BnNUYgJ zPkBh0A70h0vtVNl-s4Ekt#aQwe?*_2AG6^78@{|o48!{+xbqj2G7+yH!^-K#>Rr9P zy|3BEr?cld?Poij6y^b_vVZiBl?z{1!_sMA%{FX08RM{dH|Jd?%jqFy*pA(vxxjteWjIe) z0bzn;WygPgLk%}zHi;;dF%)^>xHRSMX^cZERci7h<0dlc?%}+6fXFW<@h6HHMI3&p zwBaS*U@5(=g#-oFXeD&Zx|moINH@cLP8)d1`rwqOcwskMyKSy`a~V;JCw!e-y7V1K zno~;&geWm`$)Fn!`qWwYLOffO)j?r+LU{J)8rgT}9v+!MdMxVZy`%#qqtLcxAFrqn zS7(~zWR&1Ck%?~X4=CSsKmKbNFqlLm7*vd(wn;dghNo;`lN5^dBMJt5Rcvw7hn zop!OE%*@8<>I^78=pZt#P9Ud?3mm`q-T!Pk`jwC$+z9P>w_C_NJ9K<+Gp*teG;n+T z^$nY}N=V|u+?-FGYI>1U5mJw2nqgBcOUTy^El)S^VL&6Io!nG5n!hsQu>vTcMk_Iz zI}=z+(`PDp|My3ZbfcCuX*q>oG)q`1(#nXr6ZB%eU$TrwNXuT`({c9q&B23LvE${) zIAy>wW%(=126^)XM+cp{Q2JjcsZqlbc0K9s4ySr6g7_R)meTv{=&*At;On~-!N^CuMl1+>qt)1 zE~Yi>_`ELpb_KH&O&0c6CM|;UhFeoO8IAA`Mn=Q$fkJ~ROKu`pglwl%#sPopqK2Mq z_olJOc~W3vef7$=_dC-BiU9+)sI;_na;T|>@yy+i{vwWTC><>IGve-hdG5TH&1^|C zN|wq=)+yC>nD1vZo1fG(8~;T;1ukH4f~n5xcv5BMwH@2HYhAc-;VSY(Y|gYbpGlkf zWsw^nX^u*Ia>$qA;Fgia0c!gbX!cIecOTP7q1@LsKip|!_|=;`$nDmqJzPU_ua*{& zWw;Dh7zHfL>=uU8>-#>hTD6KmSql!n&f9rF+PX-ee-;eU7Y_JH8`KiP^v>zY6ME!e z)^9G1XRCcpOws|YFIiWkXETbCWR)&dC&mUi8!TPhFA2d;ms$ zu&oXLXU&Q@)iNqKMPHAQGQw{Co)tLmrL~}(!V)AXBvcOg65xd?MQpApL25kBfQEtKukcfZ|SBkKZyIsAVT#WTAF!-Fm~mm^J@lH}%!F>2?DC1&pK% zZhUWPX;I6zEWbH7HP{e0CFRFk-aRea7SxcSnf^V*&fdPfLDSKQmPOd`dyt3;T5R1- zyE*$#p2;!o`e)g8YEiALQj7O2vi#dP#2qTfXb=^Txk+2zUSdV zO@G(#052w~qv+RyukJBzVXfzjesQ#jexk?Egn=5al&DoizaxgG)j=>N$d8fV{OjKg zJYV^Be|>fP@*~f_;lD&*;cLK0R$k)FGQa9_XJa7tI-ZeaI zMDcMybVV#v^YGQTH|&>#TY4)_t~M8JIJn*osVLRKgW`kZP@Ls&zc8&V!i6~IU0E7+ zEdOxxOPQZZo*pXo*!cKK?c!G!J~N=26f_o|eItK?SL&YpvS-hyPoETgs#>4Ec=>fz z)`=pLi}_c@E5!NA20o#!+;>|47Fhsv7sh|Sn1%GweceD7HfH+SZZ{#hgPD0m?w_Ua zNa{`ZN|=>O{0gyuKHB_pE3Q+zJj=5il7lXsK{opjY-I+mj4qW8A>Zk zhnkY(PO7!ayGW?L+On--+nDXP-Me+yjbz^IKDmcm!@OhxxKU}9#4inAghu)+Be#5M z%WW;AdK>!M9TwttZ517Qzco?39-Uy9TD%bbZ)}JkuhBiF-9f8tY>|o614s-&EUZYLP#W$PYFtQHq@dJZ0>`~#+&?;OWDAaOu4k$@KR9xu6!D$W` zu5&BnrQC5k@fugG2kVbHS%@wFU1V<6Mqgae)&yn2hy{N_DeO1&pR3-J{d2%pP0>wP6_eM-0NgO|84%gd3sEPnR;+?Ik@ z_GsF5+{;}0oP{Rq-HjOgRizmX~PfSf%2ncn^{`UavmZ$Kv{(pq$)XNzkR`WN{fEhzdpu_iqeE z?9prUTMpeR4-&Lax)@mCKsWzj)f%<+v@6RC37$RZA}lgrZJ=XTVtcf$-Im2vgi|%G zOsCC_Ra`|6)QeX6N`FL9?3|3nW1zYBb%oqoGu6)6EGyQ1Ja=w{id%8AK3D2RrpYeb zH@4wK^t7{nHj=P`7niy|`H~70>_3^Xq@PZSxbaO`1k1)X!O+F{Ze_O1RbfwFbE-jc zzkSl!fh-y!9-dkP*UJ3Q)?lZLoAc05ev&{~8C!_I8VG)N!c}Ty*eVz}Uawrlem+Is z7)36mjHT|I)m5!cmBT`Zu>?#b55#mwo7~7zV#(Ly=OuY&5x6oOv_t(jgZasRrh%Ju zTPY2DM26PWF&l<0ptQ!$ZL<{`0({YFa~ARlw0ywa`Yd2&@V!Xdw@Mv0dp1m#Wx18C|7m3aBY}>qN-ihz3RL`}k;}_P*GXJK-urTwj zy}kXWLqYp*Z%v0Loi_DsOJ%)-!WSk&i=91>DyozoTt72?50s&v&1BzAN^hVpjzOl| z^61!R#g-j&*+%*A6mss59T}WoUKkah+v{TRV59_RB(9rP%*8p0*{v>8=F8=H6S)kP z{9Fg%8s6%Vk%f4!ca7Y6vkMEVd#A(V-J9MMthCPCP2asiZ$h=<*_3C$v*Bw_PR?X8i{l-1c!Wk*3m==B zdTE(kwIyE5B<3r^;pz6} z`bS@b8J=(^q3MqX>N{D~N8Wiir_$E$pDyv}!N~V=MP%e%u>~xZT4MmRf^Z4?Z8@2! znM97TA1mBb|25g&{O8A2>N)pi+=H1qc+s#$%SE|UiXZM<0d`YfF#)CEF*j`8W&0rw zJAB2aRu>(`vy%b#Ehy6ok2la2Sqp93KuMAYav>TF&Tgy|9SaA3m`cw5#EU{hQxh{Y z>0*4Y@eb}?%g6*Vq2ldNQ8Tm3_IX$M?{o~x#;53mZgywhLc7Puz72&Ie59w6r!^kU ze*7DoJM)r5Q@e)y*5LWT_6*aDKxuDwPMIpZKi_rqFm)b*qGi`RONu>uB%!bEXmG+o zlzq{20MQoLrCrc9gujgK3bCgtN0k#*c91K67U^ITI7u%9-UiynW%v46W$p6x{OoL? z$9nL^-rQF7a&^MzZUpdK1gn{d0_{~J`%r`!&K=_bdGu1=`h*_nozgj(;nKH_8x~#; ze+;*r{?z&T%a^!^KZmY{e(FGLv}^EQDPVqg5-6C#KUHdD=Fp2ptf=QK>t@1%o-=W*5vDZW>G zvdwn1@Ql_xDo<^!@~PH5dsRS*IslbgXcnN&)X{;~;J3eqhvN`mdW*ATRbKMovWPqb zs9ilh+)@`JPG_)o76&QHuqg>AM=>_7u%e=3-tj8iN!O!DjwH|z3C+9BBR%f8B@_=j z^+Jyf_kIKN9+snRabVz&P$;574)ama(neo%cm6d967BiDwb~1V_YSVyFSt~|@)4;( z!e*!WB}VqsN!}VZRFFD}8arkvgLaG%2VR|cd7?i7prSfl^@aMNEnRg^Cewl&D`RAi<3Bwl8j9OWHp3$LumIHL) zx&QkHli>Zz{#3DPi(Q;b$D7abqs6a}{2D)PV!pr|-#KV@+wr9e8riA&!32S0Ca8FT zbLi^dDJSa|Dz$-QtIaUg2I(&i-m3=6j(VOHPoC(MkcesLlU)?>_NPj^?&0Vk65{{< z^vM&^?Dzv0{}IisV0CcPVujY!KXVwX8l#w?0P4*g?OX12vw=+Bs&1r=v#e&MXF*Nn=Bt5ckdm)V5GW@l%WRwc&J$73cmN!R zGk4!@+Ii&0x&Rz;g_>~55TP3&e#ODgL|+ek&TldBDI zx!^pjyo?9YS}OVU|aPWNFE|;%c=WYR!>|C4*6)M4i&zQv-FSIzP9!%wM|NrN45xDDR~dDBoRW zyEx=7lPDBfS?oFvdAGr4m}pkooXKc&6-NKTu@-A#J$OJ!>cdve;-2DN^z@M^YzXX0xH)J5`UV--Y25O21z&ka` zCbDtOOt~N5QAlnNA3i*hM<*ye==)a7OnCP$+u!!kjv-E!`Ik8l>fhf3M?mcz5 zUMN5C)=KuN)#g7}Ufkc64MJJLyB37dzzgoYyFR@jIGaD*d`wXmQHrmPQIxI@`Kbkl z&otT_nAB!w#Aw|L0HI6Wf?IBGt|y;~2Gup|cu^73)oH+#Gfa$O;tSuGzcgdX=tm6& zw@e?+fXt|pXP0@pz3q}9%9a${N_@Dph_Cc#2a8swX-PYhy%=~6Bk|xR?d_Tq`6D%z1SEOI0w+cc}i4et~oaC4gdp2>^1p_kn*U=?Wz zrKRmz!4)3wF@58dmUo`BmHzhePF1;~DOaP`unemek6$S!Ymm%1m6PtrXcq8iHRq3I znsjxU%|LHd%@qf45|6$r(;w~lernd;jtd^HeV1LC%ag1^5Unu-^>GWg_RXz5D4aC` z>7j6-k+F_dz!JT=>%E}j-T)OyJu&;{&?pU8?(0IYVlz?BX8}}2M0WIE4d`Sopm;uY zaw?@KvQ(j}`cP*V{Y|>cia?4y``TKgX=*HZ|@ly9t0OIr2A^R?(*YMbxZ&fj@(^5F~%JJ%uRfQjqUT5Xw znq6>SfM33YxX&{0cke0pi$L8u3eKM&;&_(ja5U1nK*{1ZZmxo`g_YzdG)%7tjf+vr zQUk5_oxJ6&5UbSTF*-jrsBm{{Ypbs_n&Pb8y{E*gLxvFys<9J?J)G53xz)37Es4N@;La@6 z&H|19CUAGm$$B8zkUGF9~tP9i&ZRZ+m`1>mGom=8U!IHM1<_z{H1K1QrFFJ!n*Pq%+ zj5|10dwNfHzF8``c<)CqQjgbUA7ui1=<_s}*&%)%7J4oUrNAby)e|h{Q8-#oyi)wh zHB|A9DkEZcCqHI8%h2PAsi7uWfL(8jJscDDw`Y{EVJTyZzhR?7u3EwGGx(%IIK!3V z$*tMOpBW@zWekX1@wCX|T=HAF7zN4dkT;eKttyH`EndJ9M>fb`{cCz2N%&|p^YLvn z_617@ECqeY@-oxHNpwR~Dexo}HhbZS@stRBnf~T5gWg$L%EBIoyfAH8=}({CKuxW(#;&T*6}g;f(E! z<-%gd^MS>Ks1cCd+$a0CmCWXROoj45tQn}buPk3@;mAe9>_keq!(8{Ch;B&9$y|9? zT$zK+4t3@^`0jBGI=tF^Kf}7syKAl5?b-UP7Mui48S04mk}zi zxQSKxO>?;9KC0`ZE@mMcQDs*cGW5W&yE9u@rw5%Y3MI7D2Xtz8y+g_*TvyK$35=8T zDl;>4B13Jd=d&GbDnc8#Cm*$ftYabm^~;xwIO!=~x#J~A6)Kz&!h_)Qxk~AI4d0?W z+-kDsb}dr`3% zSw9k@r+X+4MaGcl7{$cSxlyR9&MXg9KfcAAAV=u08HP3B!UsWzdQ$AcPj9qIKb{1D zq{LO*htS{BZMx*Ny=E@XIzlpC`dXs)x@F zCgjV-DxHW(kEetK!6^&vf~YZg{4bxS+57#~hrD|?5UCwVKzoTva}P`BApOn!9m}QM z`F)5j8?=`Js}C;Rc&ceX<;g5;7YT4znAso|qYy_C(zjLIQ#bM>bI0&3?+K>l?e0sT zOJVS1iP=Lf_|!>ScIa!DtGldBz>`Ikj!f4?NT(a0yu_#Ca4WGXJ#jCilud07MDY-n ze23h+Fp(tZ*54sn0>&aH6XWCe=v{cI&)U<|R#kZQwbe1nfXs`v;+pQS0p*4o@)B$9 zb_?9@&2ULST|%3}=yKZunNAkT=BP=5mHxhoKKri#ZOLBwu-oXO3)XGVv+u#)_Tc>J zBHx9JKHIL~ivv}xw+}6u5lnenl)cDcHF2tZ$^RxSGNP>#M(gmIGmY>J6rmrjY39>( zm!J^Ms#ESRu$uhY59{&Jvo@2FK71yD>>4>4Uxc3x z2=!GB6APISn%i$3jZ66}OBHGvcR!J3(S;Uu7-<~tIVA1anbxl7v&xKo#{OUOGLg^8 z_WFPe{T3*c?Fn;^9<2__O)FcUTueCU>ZM22>h;Sm`(R0&yuG;YdamQoMz|)eK_=s z!*e@9m}pXk_W?SbA`I+V(ASyv3u&H*d4oO`&q;~f?O8&sXmPg4tAa*txw#N*!(wOH z_L%FN2W(@U>RGk^Lbmmc!gh^+q?E(G<$eu6vaKo(IGT^1chzeTgwzIq#$FQ>6Eiq* z`mDT8=%UutXCVpSfd5nvzCs=H1;>QJzqC^r$ld}`W^i_Wp%dY8zlwH4ORb%7AQh>Q z4$y|4fYI-?y9@Sz4!S#|7mT7c9UC~tZy_+)g6ukzhR`s)#Ub7&EnRVBqNQO0jwZj~ zzki=G=^g7Tmc%CpA8Us$^*6I%qt0^1+CE}C-E(L=$2r$>VoLFWttp%HHag?Oa7M`V zOpT41MyuMb&4%G7b=R2;-)M!n0duXP??jm?L(1jfWTkEu(()G3%R+@$Vi93=H0CvF8`>IsDe$0%oQ*%> z<>9lC1pg5nr-*L2%e<=B^b)O2upe0La*!)(UZ?PJM=(=1xkO@gTK{g!6g+`s=8VJW&GK>Vr#-7UGc>8XM^V2ut^ ztfc`0>29|mMaR&WzKTAEw4rmfoMg$9l7_1%(Upl=t4Vot1vKH~WHYPQ^%aTcn+yky zqDl&t7`ev6P+R2?1oK`Ql0u*kUz;s!Uyj|egf9GKYKK<2Kau* zaH_gHiOzoXxpj#1;5{1m&o3`8O9TpLB5Q|3WViso@xA+thYn)nj=^I4=CEWnfJrPU ztuS=!2inkPTZNirgk~CO!&i)xEjtaOi z8Tfot5%)(}WEWt*PepA5UDG}vh_WRM1lR!kDvwsdUxfGsW_K9seH*f!rP$edP2Q!c z5^h^QD{7*{TJ9v+bq8RI9{7=&OgKHV_IL`?>8HY*VvmGh)w2Sjn-D{T$v&_|+~4=> z^kJkFFG_ik$Vy`A2P-|gzy7+0lh2&(59c*$%ZXvw6TCC*!dFp?J~Zdx=}oy#W!W2u z2p8(y&48&3e76PJV<3h@U>Xo6{e^opYsnU%HH-$Iz%>CDr(vLzx%KjB1;5`3<1@`< zUWO(k6H_O|ZAtVC5*gqx*(^N+pX22Ac`9niU=1vwft|@+>NO>lKZB4>3gM~@{NIE+ z3;Y=}`ArXDKzAww0^hYxg&y`S$CW&Qxd_0L>8Q260J&*mnWHV~CXW)hPnd4_GsMDN z1D7~x$ph+ncFLe{%K@3Q^ z9elc*Tf_g?V>9Zw#1NS#qWPE{5C1-qqw*b=0{h}N&WeCLATC7GTkYc3z+}aQ98wnf z=FV^MVZd6wTo5njes^j>ey_F%a#BHjiR{IHAJ6%@*PNmUGkYgP?L;yC#TJo>I}5#g zj8+zdhl4azmL}Mv(gpr~xaYriDu?EOa7O6k(Zr)Pl+gaDUN*~Jujvilud`VmdVSHf$T1|>0)q9VETTIj(MqUbV5CS$ zHuDfQ{i~To9Mlly3ZQjB(ksx_NkoBD7YWx<#m$Gb( zDhI)}Q~oa;w+AgiNRG8>Myg1WRQ!D{1{ZW(OfQ>(M3j%ZerX@CVI@S&SmY{DP5l7W zwLtE1=I8`vQ1{`J=74iv9y;(fSnGZHOyUWHt&E79J@B5FZtTdXHIt|*@`w*bywT3B zTi?NUeg_>sin4T{e6a*<1gS_p1@ZqtY8{?@I*%v9v=o1wX1=f~$F8Sv_$n*52m3-! zWgJKLQUTis8KmhK{N6y!g8+-QkaL-;r$*b`qc|NM9f@%qQd$)V(4e01)p$*5Log2@ zmY!l_Bo|@dFoI{DahM%xKl{rM*l}uwXj(mlCNS(O-HNdMB#Jt@MELMZvjm=k0)jvet zv}sdPkM;e<_S7I4i=t3_#()35hCY`#%9y}5iY)$qjLZ{@)nSK4n09a$nau<1NUcUQ zmI}Ox?)D1VPDtDm(qslu@D$L?yA_!B@LA4DwsQa~q$I#0-s%fSY6RS0dS!1ZLfENN`CyM&8Ce`3oex?|rPJ_wG6d-nAO)Bct&|wd zYy5-0cj+#K3X8tV^MIKi&`7{BgrcocEp18BV+G+3wN)RI1|DtzBuc3G!-SagjGbm8 zhf?r?Aa|Cp1J?Ox)$T-mAaJVzQOyy3^rcBGEj^W@&%z?D>n7s2K z(-~+q44~o;C?*?Vz$qvO2ETuPqSYfL57|@5aZ-FuKLfW9(az(b%O%~SdRLqc#nXdo z@KrTRZg=W0e9URet>aZ8s+z7Z{HE{gv zNjVgonBuQ)62?f%T1%}E+H=w3(CYm| z#}W?;L=V7tOi_jsxps491^g6fEJQPNkkRW`TrtRoEE|n3K_%sm8!VZJr~qejKy5sr zKVfaEkYHhEjz>>(6tc8?DBK27*c&2v0eT;$lBNPuVHh^t`xg+D*k zUo}yK#B;YVPzdXYfFUi%-OJuk&EbD8yScNl&k$lUm{ng9$2@r{Kx&WE1`6xet%C>O zl0!2uhd^WyU;;vqnUyaLMLe-YLq)xg)T+)^fp)GmUN9a+keEA0XFknFF=9o29zOW0 zb5Y2wv@AI|V0aWe@`$p`ww3JPZ0b9K`@?`~8 zv>V0WJrq8MGiB*bhGd|F2viYCtVxKGw?peZ5x9JVA@<0O&>gWOj`#O$H@UXD4 z6rxvyX{b2bxVMZ@Vf z+4pg~_x{%9jPs%-iMfg_M?x4CkqN*n(pcf`nTff8P$*V4!+eaxxl+Y1_pzY>ry935 zA8@k-{5j@4kQ+GVsE8-Q(a85 zn#GiJIa4iZ0Z~uLycSsWFbJ`PwkFN=7u&TV?i}(Qn6PFmGOt4QcSX&OMHux%TE2!l z(2Wnn@X><{T}b+O8_u=k`dPftv|udK@A)w~9IdGeJW%L^wQ^U_BLGNzq6q1|ES^MK)d$Lg;^>BP zQiJYxXbA{iG8~EEE$hf>Ge!dP6|jmYJOX?fXId*Sc3$~FlZ)~IxD*JsDgr{m8P06z zq=Z?3R!ZD~C4PJflzxatQlpE)m@xAX^2vZRntVIs*?W-~1=RnMkx2Xi=^`~M&`8h=X`2rvI0PjM8}izEoaAcuomR_P~3 zFjS;Spae1o2R}}VX_pvA3(ujXCO@)NOe8EU8IZ!G#o$e)4QjS-*f{;S4MhK4yLX3^ z%yJB-V-J@T(A*Vj$y>pfXR}$x-cver(=nLIFYB%nKx5Yb1m1# zA{X{aQj&dmcfRchG~et^ax0F;$ZBxNJn;PP8T~c zcBqlboC-T;5dQof8O;XVBmobC|2>pGe*51rnHvZ3Qe*a&e#;}O~O`|8x zb_o<{I0SW)o3>|j+<)$J0^7`Bw8Hpr?8l2VM~ABEiips*kss&(x8Gy(-+QC`hb-4U zc)|l&z961-r>}p3Kx9vhc}=+_mBSfUB&Xh@M$WZ5b^`OcC=b%5^{Ub$#OLD zsW(2Yu8UJuL`paJ(M4@Uhr<;C5J|o6Q93LOfw|LuA*VA}l!O#bCsC+FVBOURFeUau z3W4!=FPmX*lB81aQt)yqRT~Gq_3WDxqc< zw>)2MRoVIx|1LJ>xC}bXu+nanRXOxT#3+VRuQY)%#`lDZ23;=$ao7X1QpAVejH&w_ z4e4k-PH0Ht$%z5Vvlr=zT>AoS$cn)(LcRbW*MUG_DhY(GMfR+)urOr%d`uZcp^FkS zT_P9o2&xh+iwqoz3`Z!_QXY_;wU}j`M8?7#`K2l^tDdsG$YUyCVBRAM_8%u7?(W~y z67gaWHwTzweUM9nCWr7opMjZUS5O{=N@4`#Q;b_xu$I**Uv=-!uc20><&Y1*x;H?? zQG;+U4_B`v*G5PN39A!69bjG#5U)6X6n%I+P>ZT#OSYwG-e(WY%u-#27cm`&7Tdcv z%ff(ES8`bgk+=v=1#W`_R?mxVC_qYz@x%v#Y_4D6ylo!BUW)aEF1ThP%YS?4e`hJM zcqFTr@_>^kWH#y2;1m^AZG&ge1FjruH9!#l^cV|E5dEMjMhMH_p16qK)kS_jQm(K_&6_4ZV1^e5Eg`~0R2G*1Be1s^7e$b#~esHHmW`h z3b75l_L!SW-$Jdd1FnJ2qnbNbw9i+_HVsYm9_>7^CsIVyA;q6uiNh&?{wP#@m60fz z1$;s-z^Vlt39~KEcYrHJ0hAS?Cow%Tqbl&tU{eUCbHZy1e(<9htcNv8I&y#{t^2g# z0mVV*$fJoO5lWob1ZEHxAMM&DpWCQ=xOaq_a(?m6{&Ui|u=t)}E!rFwjB%rIqc|ViuGXbt*trDXL80PgT4m;- zA#Bbt4FT@nr>zWvX47APRiaz#N_|E0Kp;16XmTaUL0WiD)Ffx@AFNsg771lleSSE- zU9D#h_1XfI4Y~W{)4-(%fzB5$UYvr_vOl#!Ll%4{#Hwg)*rl^7? zgX|G^bA=T?@j%4ReyUW3Q47qP`cT?^kv%BNArWY#HIN%zl7#7)1+M{lf0+!$l_hAl zXXZ1Um7HL(8HC(g14A!6_#QHLF0IB*7S8zyW;xtLfu|#M$dv)Wt6uM{Dh{ol6g>?h zf_fd78d+ev9TeRK;wr@L3b^)Vn@%3M&?7)YHsI)D1!~=z40%E9ULZ#k?OkoUi6(~l za8XoUHL)A@5Y_nP?e9a!h1eIEmXY@h*fqfu#_?k+^CFUa9m)Kd_l0A+?_X{8&$$%K zVHI+d7QWm3tw}!B7Z@`_5Z|Z>1QyG8`_N7?Q)vq5&%`XLMoqTeRfrZs8b$P$V$h3@ z^v6j5*I=zhQ+NuBxCAq^jHUsxbKo`+f(pr%HH1Awm(wx%!wPQb6f`vV8?#ol9i4tc zL?TyA@E^;^z#GCh4ExAIZ10OCk%eTiK}VbZN0^~M zlS;Jxe7G|QXG#wfg;hoBV-IPB+!o>DbZ5?;=Num_Ak7307fF?*7=AgqFhNUtdvqUU zP=PoVNi#v|2bQ0&a9j>Sj~oT)O>2!fizCb}ZaqNed<}0_?*~D2YteX;MWfJLxhD36 zA(f4IRWptnczws=tCg5=Vp?skn4nDVdwakJoPQWyyA-l(EfOCT%Cko8d4K3>5)$YJ z_(NIXEWzCYH-$n1U;kCP;~N+jLezO%eM1gOKxN^;JOleV*FK__A@m3}OHOsPN@_IV zTQ`z7lspA6QXfWcT)B=@WI5D$0M2rFQjWgoEkBPoUOwB>h}0Y8Axrw7$Iz+6N~C}c z?g`o;;yMdiWqLq*j914J!Vqk}ETA@=sBEYaUk?Z`fL|h9v&G1dxu~3tFKC3e4YlWM zV(6zDRcmCY|CQ_H_Ocj-V@r@|8UEEBj3hBiOG{%kQx!7>q|l^b5MAf%>+__1ApGQW z?wi8Ps)itM!0Jrl1@9nd5>~Radv3gu4A02JSO(-Eg`*}54$cDLV+pe~Hn4c&W+tZy zg+1iiEB@S{BPjSohf~L!Sj-ir#L1m)2sx4wtKwrYAO@ktaVV>3*W-dik3eEl-A~(O zAI00|fvSyz@kdNm;a@$KIk^i8{Uo_#=L&ajC>VHg()yqWB-*e&6k{T<_f!P24AYoz zJOCDv$ewMO=^!)#2A`_Y<;vqKH$3$fU>dvVsXy2LS=~BSrLI5|2-4x@l_3uD|C zy>qX&IZ8|O@>$Uqk^KKh<&>u8wr2jTpZh=Jvc>@w<@3Ly@F60c)1 zFf-&06Iv!zNw2)6^U7gT(<@`RtXJ}N4YL3;Zeu~D*Zq&Bx90PMg~8@UWH=@ zEe2HvE}J`Ah72@6_j=q|H4l0#8W7?rC>da;Yd~8(mP1NUot)TeIl4lj)u8&xXenNV zI9ZRh&eTIb5!d+y)F)^Lo$-7w_UpxtZIS`}^8b>U-%tn?;Popf8m$NJD+Ca@3NMdo zNxpF_ztbeX3v6478>LYUP-lUA-X5AN>hkt3I3og#!N@jQ_t1sF>-g1~#jt7xcoXo!e-jBAD@ zNTX@|BcsEd^(Lsj65N_YZjmaVn3#a)^<|3ViUZs#O%k}X<2~x6YCixWo-P>ZE-UBw z7MgRnG{)3_g2##?5^vyE{ z+h7DgZTv%tbc6)vK!86JngC2%qdt$zs-p14fRP)3IJe)P>uD&~WUdEDoeZVm{2WEu zg>#aKhm-9q%Zl#iU@LH)UkkelP!~mL;1~w%`B6P2$R%ayXhW_lLj79Xb`az_SKH{j z|E!+|mM)`A!mtTBT+nF_TP*|7N-i-YZg~_~GV5@W!M0(5FpHS7uK#%yC&u#f3<%sU zO#E_?xmh&9v5Qy-M8RW*hpxIMb;u}7kfND~p#i0C2ob&* zYW(Tdy1a^}A{?D%A9_O4h?AR53D=ENNKP8LHH}&gaDX=(^x#9k>>m0D;=<%p^=yX5 z9!M9rvxP#K97y2=9g6!TW5{P1Xh4yzLq|i@NMa5E{Fp=ri9!F61%vLzW#TaeElQe5 zk{@tNqEVOmaS?%MIPf0_i3o;gjOIZfrxh0`Ja#J{0GJ` z{3EWcYd0EE;DvEqqP0L(be_ssi(FX$bT|4iWRM7)l0Xdl@{#70^zgXqB@#c8os*NZ zsQt*ocw_h)n*ID^ZG}s)Kyu(zc$6X|8Z51#`y`X3$W{>$X}*Dnbtn2V$uI==W2s{& zp+Gg`mPu$f2dIRI#?)L4XmXPG+{ryqL_YGxY%(PZe?nYjgo)j_ga*j#E>{8DVfHPEr&I{sjdP#rf`^Q911_@0NGNI#fg-Tt%qa(qs zB@Y|6>x*PQhSUO2%OxnBGGuWjZ9$yiG)RN!vzAC*LqoB^%)A#R7qbTSf^Zt*x;)V} z>;JCAQvK@Kwv_w#g2_F@npHGg1McTPUWQ8@e#v5vVPulv4@TeOFqDH~ZymDRQ&5i5cR{H9zLn=QfXPNH|j6QvM55kHOoeVwY0OT>; zA^37ky_-1dzzhFrDC2N%*TDKcs^HD!!Pp@{&i6$M0JFR1u1IVN5U z)#Rn=65+`bwTn|Q3PL(k#9KA$7||1)W<13XVF~|Cg7pWZ_hBYxQ6fFy{+9O$l~N3X z+t4nX7WO(kC)W)UGr&~((sxTa3+I7@kL?|yG9*X5R$vM02c^`$!F|1Y^=dgJ{WEcVN#wl4H8PK^DGxQwfY|N9 z@T8vc-qXIoo`lXci?O!ClU&$}73A_pb17B5VzI?V3Sb1CR0!(f*>!D*Zih}@bn%A? z-H3b8NDoCuC&BMlp)6WJo?F65J{ooob3%3D7EfX?xD3{!QOm$`cLg?ID z{8}b}aF?6d2_Z8S2VPER{7+Ythm2#17x28a@Ez5wuWxQ)Bl3r#dk zO|mG9&n_AFHYN?a#INYc}HD$fzq0XQa{?wd{xiG^Z_ zFu6QCYjR^J$rEk|Fa4S6e|!8q62CmMPuw4o6Z!kJ!{U81I!J0WF|Wb*KyKY7@*V2_ zJHq9lFbse$i4AgefbD_@|A1sZB*S{*6lsXLB3;vAHc6MqX8&td4~USyKQ-C{Ax+^!7IHZXVJ^YsaJHBV zt|Oe&;MvE-r ziuoX<+Hj1}4gfLq<*}A3CIc2*LWh)LgpSvYAH?&7o;;TIH<_BqGfqC=D@jU%ID~)* z2_RyU&~r{!iU9;X=@EVb7kW!hGZV<>z^kEy;vj~i1+jwQNfsRuM@?#+Ce)d+v^ZmK zJXlUr1(b|5KKx8b77Y0sZ$JN5V2j!ti!>KouYB0W;NAyo`&rGK)dii-*k{9KGssA3 zsn}sK0dP3FCTi^8GV06r|E>iH|I(BH8`d$bpJhL*nW<^gfLPpM4)c_cda6A9umod$U|ox#e00 zQW4PKPNz~Ej6z8|K*5p;8ZwxI1C=w>kiflEWk-b>6+;zDQZj4*8l0pBEdf;6xN+m0 zV-Cb0VPVCHC+@t5cdWW@7=2$?Mep=QRMNjfw`v*>#A0P2Ls*Mw8H+x`MTOH5hmo1O zQ9=izT&|ZHJ}g@@Cr3cLILlDesuHk+ox0!A`s60Bh|+!h=+Odkjs(MTLVsEv^o5k8 zT2{57AssCVTr=kAQRbZ5PM`oDlNQ zs4o*K-h?U?cpfcfx>+e%7aqG0I0c3ObfTgtW2(iX{vzyKkPGK_eas6GrMoQ2po5M< zv*@yptPo`Ev+5ICXJriKmJIu6lU{;jQ3grr9o)OGFgh|4MV|hpq_wWbHs4<#`d|>Z z(lXuMIgnQu;7GUEc~03+FA4Ka4#Bkp{jjx|pq!nuB>3`2W_H4Orn-YTyhrYUZ_ZD!w4(S~B(uR(|8K{6wDh{UXAHGZA`gm~ zsY!{2bM;cv_khf`I2=XL?7K+0N&Vzz?TKTCVmdW zlM5qrGTV}ROuA+vN*~?@J%8w<9Ob)OI%l46w|!#Sy2TG8=Oa`M&naSOhB2S2o_CyC z)@ZQ%s_0##l)H9K`8ZQkq1t@4b|`cnQo1IO4GP*joSoA+Y&g|3f@=k}Y(;H>@YIOJ zzU2vY#co{zNix;9ETl{-AiV}5G4?JC$P&IqAWE+N9f%40U_GYPDA>#&hBdv*0vXi< z_7}8`x0SN)(`r#JD`OB>+c-BHHitavc$(a^8+ zj3EizckP;hFPP$Qqj=#H2srxLYCU>6Q|*ZtUPnkys*Q~VsQUxV&MI_FMzqJg1 z5V=BhMJO&{2rrAHB2A>N6Tf*7xFn-JWw^@8vEV;+8kuot72Xrn4(M&f9@Jb$J0OyJ zDNsVo^c#Y|B-qk(*DWb86G!G!b>rptSDibUQ3b_x6kQNfn%IN<@06?2yZ7%EN_fR5 z1HTY%XPSt9Q%Weg3ht0XO~lk~sZH|QAp{XnRmxzV*e3ZOGpO=*C{b|?Tl|Gn$<&;4 z5+ZAA?tE^I`{T@S`MS@gU=Bqy9*`ld2jU`&E)#0jMVzbVj%2Z?F2yW&qfvE#)ufH zS0zxSf43Tk{b@R zoVPHH6D6gvOrzdsqd?pf`t%~2P%ywVzZ~nYY~P|G?uBgV(3J*+U%t{>YHsG6<}!{m z71&54q~v%yA$78}NMIV`S(!kUtc*dc(By6jgtxF|nkNtTO!{w`2LR19<)v=ck;rXi zT4d(yJf^jSyj~*3*Hb`GSo%Marj7o>N*Gf<$(Dtj`~VMMKF9iZuIPkl=u9#EN#n-q zaEb*udDQzBR}&(7bQP&ugv)qepGMyi*KNL1j^~qWffMP7y~DycEVe7pcvAD;5|AfQ zsNa`0=Ug9c#NK$7_lh%#Zx3wQyg7`iDKRqV?sRooN9Scmeig%Pjr=XY{u&Bgr_N8^ zXcY7k{1CM4)J4unV??U-}riNU=?R(Q7ebIgW_JG?r zpZZAtW7y*`qM&>6ZO=74t92(2OGE1dMr@I{s7YEu?;(Rv987_IMdu(&3*tk(1Q#N= zBu8On$@b$pEVr1F{qsuRUcbhwIB8dza5^BxmMH0I$_6jK(OpOk0?VxJ9s6|u(=2?5 zxjcA$R8jxX@I43emu*NhXvFmr+Hup`_n_aZHu7HSh~{8hp^G2u9y&d7I5_5XhY$a_ zRA0eO8>|$^)I(;}AKi7XnME3xs6TF0O)nEK58&;1HY&-MtW4wdwhu6j6jOCEwU+FN zKFMCV;T5w&@!?+%67Kxx)4UaAA2a$>b83?7#L|fTzP|@sz>haAm14#$OvJZ`pQw)b z?(Z+lrM(@LpChc!gxoGITconrbGQ51=kfB)EeD)%O3}hx)5Uk(ph^k1oa{!e* zJh4A@%4&$z zH86C*`MQl1F-8o*vCr(0!H;v#7kgva0g@92#v4kNu#XzOOL*=gU@6Q;D(RzoGhj?B zZ6qevi*RF#rKp;qB-aJZDB_ozQ^AQ{4w|IIF2GPe;uEhs$nom#D|g3T`5B21qpACG zAfh+RjjIVfhPA#F%#Xn??_*s*i1gxC_wXl|;me{Lm_@sVgG?x950}KRMMY!8?T!QH z-ZM269wr}&cLt42=~~n@y$OdClzSZMB)jM9jvIL=$@Y%->eXQ|w>SOqzXvCx4eNnI zv7mVAzT%Wm+@+lmoY!Daur=Q*@3jxa5q=~xe`z;;*_syax_xM94XFVuiNhx=(bj~E zLyZjf+UM4t0lIS%48k()96w;Q}TfL+6@!_)Nk^OCylxz!E~;<}F<`mwkCb&k=PEmYqg)S19y$j+TB#sSiE)1Z5TL*e#~kQVg?psGMM0FqL+Wg6`-QsS+p6X`eTZ?U9=Bny6~OpmK;zla0IpZmm=vVNTr|?5OvgQ@0LHMXq&7Q&C{0G=Ree*;}8`hlqh%m zPVLv?)1P>0!}G-BsFU4`jQ#xl_%ydhybV+?Fa7R-jzVmbuvM%v8cl6WaT($IuwQoumOCJKB9T9Tt zjiP|zMWLiYdi#M{NDx9HA~0wEq_L%XCX`w?X%%JPn83-X!e)TE2!1_yY4OcT6H7;b z5bbcgUC%D>=F@@MD3q3=Yc(T}@o6YFq|k_aPfw9@<5Nsb>6^LR?3!zhk~{s#BGHaA z5h8eZi@XfU#aiU7;J&G z%n{iet=#CpS>i)Afd^<6mw;vqEDWjaoSR4Cf4Sudl0^FlHEU^w6{{xYJbhGhf)!ls zjJv$xz?qo4Z|?mxQEBhL&C{o%zta273y>m823fFag@#sPke2A{v$Wuni81rkaH_Ll zvAd@qA3v^C&-~3f4fybxqEw(mb)sqSYklH?=wM(??~ZCi2os;4{tB6{qqrHMkm29U zrnSJmJu^x}^DZY>LsyG}RT>xMtG|auaSobkC?-|h88E)Gs_K2vl8wK(a#v*{K{Vco zXkBu5#U}<`D02u`tzCegQ_On`5>vFf1hIt0$x3NVT_SlhMb|-T_KZJr+P8x^5NAVa zGpKuqfdy=qdPZPy0IxfP6OiQozur|J4jPZy9)_toVvk*q{qtR6AjB|hmC=Ly9=-k? z)YsdSq&i;OA@ZCEAK{H{bL>lN*N%$RK(Uw4=@B}dXlKPNtY;XNo<*tNG$zs5K6`k7 zrHo`MJ9h7GR;u@t^laqGSYR6Kdc0U-`KY$gy9Fdn-Idq<=3em{`Hgs~TiT3jS6hvG zfZ5Uw(&f>P+7Vb?tt0=wcyxloo;E#*GeDG~pd(tR{2nMny29;~g`NZbxQ-a}l=gxH zFHH@2;V9ED(9(>n4(vUP}P9Jm= z7;zhczZwJT&jvmiwR#0O5Z}IR+OGBY?~V85ZCWF; zNi2s17Ft3=7Q1E3FdoORpP5dVI-i!pg-*ZdJhEyhx-|)e5(N8UM@de+MK(%A5B&p2 z!NOTyfEEyl^h%i5m(RY^X`!gJ;&`=+gAA-$N(s(_o3^ZR@J#d*2 z(A}92zbbA69wh~g{9zSp#*VcQw=LmUVxo6%7H z`}+_;#Lvy2B16RGp|sJKK9IAq#P8m8hrLmW$MTelC*BmF#JV%u-#p8_`9@I))FBJ8 z%;2o0LSg;i>DdfGH)Xn#vu<%9009cd#oM%QJ&+2~5L|Z^NkC6yT1)55D}Ezs>hjiN z#o3$D5&0vs7&(@~)80l#Mm>joYp^w;hR3&i&DnXx)1#*qCu^2vUa6bgr0H$8`=NI$ zbPIg_H+_CY{#$oll#TS9gGKegXMIjt0wnV4_Va1PaX`{1C+qP*m`ANGla$fsi<3)k zU-bLpR8YaLL8NQ`1&v5TWJN(0oWjcN&bOEWJ?c3O@Fb{8Hn{l{8J%d^LL z0dYm9&0v7Zu91G_U>H?kT(M)8`9JPxqYVW7ozRT@34SSJ=x$swPN2q$ca4oBzK)0RxC#8-0J8Cn%9H9~M){2XAv}Sc~d{oiibVOw4*ZIAnphafWNjmJeYlf3Be{3Xbt|Pr~{qbU)w5* zat{@E1v5q2v`k0o!0+ffZ>Xt3OJ?e=>Slye{WU4g`h zM2Hmb+ts_VS4C)s6ikFq($2wKKR)r1AT$%8uOmbH{Ql?SF@ka_^gMg$v8lsRKUTyCf;>pcvI8KFL)=!{SD|A zrN4+eNM-ngIOjaDZ07n6jrjV-HfV6fLPO9=vW0+zLfXSfiN;77Lt3gvl{yQ!Ph6Ab z0EzB`GZhgzWjU*;MKb#dj8V!kYO*-O^<<@^|1=1f6ifr;1>%k&4LEVY`aMNiG--kh zY^jW4C7(b@%A>1voq0?W7_G}$Hp1`o`MF#%(##T|Iyw82fb@?8cu5ZUbb-+!N;bBE z0%pm4T;{GGVrC*6Q&+BweTT%MQB3q0QxdTXNqidQKm%y3Q+=?$?M%RPxAgfZ5bMe$ z478C)=n7CvJo`7&5yv1WbP{rdv(ml)sbXKM{GvDflG$9N8C=w)CzI?veAPW1y@mf>NDI(IpWD=rwC$+9x?5SlxFu z_C6s~LewQAzrG~^zw8W={pKW00qs9C@+1?es!x`(ZCeUA7)w!jSue9CZy3=Th_@Bc z>~yd{e6POZ4)wdc7T|K5Tuc2qXQqN1rV1Sft908Y1Dk6hYxq0)oI`Q-Y*^DNe*%^0M-&Rt3J0b|%h zdR`dx;iM$p@;)1UFCtSe3>(^n$2P6@>Oy%tRB48FK^NwY1cO1&n-aniD*-9FB&$88 z3}VRecbgE{)bHL0QLpw={V?LsQHGhrYT7|`7IlFv+S2%vRblZpvj0!+S284AoFPL1 zxuQg>g2n5fR+{nhP`GxHL3!#tCJ4p0nTeFbgJx?+oufGGrl`cxrRY3MXoj7hMnzyo zrbow9-Hx$D=dpTl8|sHE^f=SXHH?^;We?B zY^`R_v>&K`^f>aab+_G^InS;p|I)Owf`YHc@R)i$xcV~s?AcIi zEi6ASJ$$IOY15{0 zq2cDOTbD?m*Gc%M78a>*yj)#(qeh6z$QV`aYdlw9U;no{Uk7JdVurwC zey$Ytj;IiGlyky@i5Z6wc z^Md-<-2rKt4 z|IVGEOLn^$b*)J)D=TBgn}$ct`9VA|R zD=hjw((Bc$BxCA|9KfI>nTjiKHILiP`JD_b;u>tke82Xy`vKn zwkIU?-QuuxlU+{Gt8GV)9(AO32?`3@9T<2S?B-fd&SU%w)L*-W*tGvX#6VoglU!~k zpE`9lJA2jLr+(?*L{!z*w(6dxdeg>D?QHxHV>+wt`O=GM2;D|PMG zEvb5jUj6=t(&guNatgSbkEUM98B%OvYWk2NnwVq90s;b5l}cq@eZ2!xU%CrdF61gV zw}~dZdby0qx87jy>RJ~xYS4!$$3=@)At<%6wZ+T1hk=1XbgM}^cU*{%5s{Ia)z>$? zlIaD4Y;(U~#CW{+!0_S2 zDbQOWly9cF=7qub9XrmtS9RbajE;N?1b@11{<-w@W*@4q)z;QJSolQsXKF(0#~=L< z9nxlG{nf5N9?c(C?ZfckITz=pOC33sBg{*?3>`XjOEvOdy}^SEAE~YAv9_)`O=ZK| zw~s3;GeKy6=-bzxf0}N*AVJ?Qy(9l}iHl3k8$YU%@0Ry7FxbOruIx}2MBlfJx$-Z4 z$BcHXRFUhJlF~_C_00n+Gye%XERxMV5=BvXpv=?GP6MxiAFWTU2SlTy%^@Q?-g$8K zswsH;(aA-{X0osOz9S`i-deuBBEp2aV z>X5s4?+#n{aTrKO=F%bGb?Wp75PI{0p=M0HHBT-vb8yh%R26AC83(88cj(Yz>(;GW zg9iua=TC2XB)2RZ^o;9uB`d3dfPzwHN!bd+P?`F%M#z4oq~hMaIY7Z%ckPPftbm7n z*SYgk*E#d&YZ2HULuW@@Y>Mn38X9^!Esd4yTdp}aW<92tYHq4fkheDQck&Ag$a%?$ z7Ne*0vfSKUHu?C|{71m~xFWqc_q_7^kbl&|K+E~IwVgb7uI7a3TdSkY26L|s2MvXFc$G7C$`*IgSsh>fj5c9zsxe*EC5@zH%@U~7) zP7i7IVlG~MQ1xR=TMDr@7&!F*_S|S*ImS4#mX$ zLQp=%Z&J*=xb>=)<@){-Z$E!thr(*>wrxE}jf$k&K1o&X^3#y@{{AZWeV%GinEy_! zeostuUbd_k8&ktVHIM5|3=klfAfT8$S%<9<&UMb$c9*t#7IMfnwZwBV8hs~c=S#V{ zJ5QfB5}OEVGPk5;gAd@}9u*YS(PeW%Fuaf2rb}aNY{0B4_MA#i2I|n#*Wby#)z;C8 zKYrY+(b#ndHDP{X;jh;m4<#nv6$)b?QShA1;0a@Q(A zwB~~^1=dEz#pxv_C5@XnF)%7>%A`sEz%Ith%Br}m^afiRwvtwu3Y=(e{w*qg^vAOw z5Z_D~@`;U(-b8OqklA_h;%M$eQMDfqqCU?KZefcbm7mFPbwMA%vFo`%flB4?q}OJJ zg@xxC4SG>_ZZ8Gb^f_~cdB2vI7uE23$5yk!Y26;jztQHa{CDu%8_-I{EE~cMHmtVR zzZ8PQpzBW0$(_r~%b&e?Q9-3%P&`OYEmXBBnQ9L;@$!1xW^`Cir=@pKZzBZf=jXR> z-TEQTtZa{1OSf52Hkg0kDx0Ibb*ot*8Gs?pNjyh%G(C-sg1AtHRU=lbsl9*M^uRQ| zmljsK7E}d%U1=$qrRi&B^M6oWHGR!l-@^T`Z>n`Z(9G_yZ~mwL)8D={3%zUhV{msb RMnD*58gDV~*w6Df{tphRb0+`* literal 0 HcmV?d00001 diff --git a/docs/versioned_docs/version-2.18/_media/benchmark_net_p2p_gcp.png b/docs/versioned_docs/version-2.18/_media/benchmark_net_p2p_gcp.png new file mode 100644 index 0000000000000000000000000000000000000000..a41557e96c15e5407beadc5011a3f3fa6aaaa71d GIT binary patch literal 36961 zcmd432UwKZwk?WnppDpOQNRGAARr)uM6;G8MRHUTNs@#j2it@JL<<3ts3J%fB}bJc zITw-zB$j|kk|N!)-20yIo%i1N?m73~v+wJ#-R+jL>aVrdoO8@E#$5N$DV<)uf_()G z3(IQCnG-53EQ|YDSQd@{xeR}ju$NT;|2b@TQq%5&)m1x(OV^E96ffCXU$e5iW_o#t zz0q}BQ!7hRL2K+Y1D(t{V$UZ%$Z?H(73dM$49kh3yjgwdjpp zlqm~~PbKBVQB}v_?`=-ON`yEP{`tbPh~xKfw(SUCOn!55@qd4l8~+>M#KxLAZrYaXCKVkt`dPwx+(bqEqy0Y~ zVeLaIgC1>C^HMv-Oie|+=gC`_Da(y~s%LC_%PE7AUsm7&=exC&O?Ge1p%vF0uXR=;&y=Z-(6fjX5=v7!~HOZCV>~-rD-@&)$ky z^>}Sl20cD0)uJEVopD==;gW3xo@s}XWe;B z%(7K8!?sWT+_}fKk&3Y|Pd<#f5T(Q%tCGu6+C1lZr1%j>_rb(x^r69q*pZowL&3xC zK8cBmwGot8XvW|P)%NNz}U{yV+Yk3XPssJf%Wpy{1a9o`}F#c|KU@<35aTkFEp z{+VUUVc$x8`3-Vi&8oxy&Yc;SI(hOW57pPVAo@bohE1Cy`$Aomwu)ZGGnYK&k>4aU z)oMG~k(Z|wEb&)grc#(}e6HKfV3To}8gqOg-mvPSQ0^P6-03|+w+A5xly^myD zy;||}RrAIKz0xPUJ+JqcN4I4;@M`AB&Hs9Z-F>i;fAYx0w~8Q*hnoacjvTq6oq8== zKqr;^+{%USRV;~os&6iG2Ub^~OElWGd$(ea^Mn`o?vhm;lJ)WBl_64!^f;|}ktugq zH@6DoFt=VR=i+6n4!FC!>qiA#S+SAt%KYqD)r@u}mOXH@zT?g!rkks4Id7QjWxQKk zWSF$mJNXO)k2x{AQ&F;|M!dFBgSgYrZ;k@;3T12O)^FKj5~&=k z^Y2S0;<##$@u@_d$&Qk9{blV{Jp0$~Q_tFSTwK~@gY$T?K5Ivuiq*W?#k{!dk_=BL zjybqzyKzY$_L$FJzG_u+KDi32V~|dy)4?C$9|RxZKGT*xcAqnr7!RC zyQ_q0<-W?Yrj~7)emki10e@Bhy`_LBJa4MqgR)txW1_)WDbk-@$ zQDb*A*%tM&r3Q&x6-jgytm*gOCVuFzzy6~4g?Y>id(2G)Y!x$mN(m4Qd2(fTcD6iJ z#-&RwkE2N-T=ts1j(eX2bGk3gp=sIfUAxK=jpg`Trps1sxv28`tP%HC4-b#`?sH7f z_R1MOs~nf9)LdgWopHDPFG+@N^bs8K3LMdLMq-|&pUYr$RQUv>k;_@fcUQO%yIARS ztIFWR6?ka{&X5s)Z)iW#Zjt+|Yo+hL3ww5#NNist>N0sPk$TwUfV{}`&mK{{E~P2U zA#phyn|MpAg{T{IT=?V1kEduQ!H3@;rVc*U;jo_js*_qOYMXO@VBPhPDMO-q@^((&Mz}s$hnEq+RIQ#j1 zl`KPS+_ELLLUM7-+e`V50*3M0DREpoR&Ev?*X%`{()IpWpd$h%SL8Du5a-vgS10k5{|C3{ z!iIM<9YzExe0rJ5S1W_}adAy0)~8yuaJLQp`AX~kRm*Oay=dkHL!Opu)iEq$ImevH zbe@Rejy~?WX2qX>{`lg*j^}K@w|M(wZnuTGsZ6^8m0O3{|sTMxf}z35|P z)tbJOvSRu2CwX~!#Ue;L_WKxiou8I67O-gB41@SI65?(yUCC$Fo-K*@5B4`iaiwv~ z$;r9>>hu)$M~RBnckEnBsTInb?Ml&In4jyxmv2e4Vhp8qs9(8qCAj(LTch%4=V^AM zT_+Qb=I5piCi-iR<13^}R^ST;7kO`sl5!YM_sdIbY|Wcz%2x!5YouOl+OT$Qc%0Vz z!3yz?dPI`pHH3T1I9K0Ya%oDg=@@L?O%>tCT`aJ{7A7K5VP{`s~Knib3inG@c8?tr-mo zdQu^>ZjwdzbK`Z&&O<4UPX%-i@yPot4Aj29ka4}|AkbOj$W!ljmm%^rwemvyxVa0= zf2C`vsy@|s84`=->^o$&83^s|ya!;8W%o#H#;fJ)_q;*2RA%(6h> zX*f?d8T*MCoqdhtUL`XXT;#*GP%RaOIK10i5yVT0(aTEx*;BUJa5|I9;PaTD1u|z3ahMRv6q)e`f^L-oU)rlhwnq(KvJF-p!jgRpT^;S8o+5 z=(dqMR2i*~ZvdoGS5a{-IPy^rpZ)o+Bn-d#JOtDqDr9c@377Td}ARaftXZCKmz`$zP)%9TSM_= zM52;KD{>_FQ>-Q+U4INp-#x|u{)HHnt zPpEen0ol}ZIODdzoQFGO`a`;Ard{+vV`3P=38+ht#H5+=c7WX1Gg8L!ep8wnD(zjI zTeq5u7*}574vbNYb>5G?zMb?y^F#w=b)fN7K7C0{aWvyp;SIQ z<<0IS;ET}lsd~|#Ni92Q+4_ZHN5d9McaN&;^!*AjaBs?7N}tYfn3l1SN6Jhsb;*(u zeo;7)s&D9}g>2oBJCe81Zq$lZi`U_oaRb&JXwS)N%;Z&k{*9`07I0;s*1L$t3HwBg zmej&uBMu|)PMtg%D5#gY#WTN?`aCMsxilEDOm{lHxx?)^!p+Mr?Lx9kMTk_R^WEk; zg4?d<-(Ahg$id-H>6je1u@8?pktr~tzwOYqx4l!yt#aq|YPiY>{xKBrm>5*6OEi!p zzusT(IU8WJd_wQcs^!$UU+85n&sq{#+HF6qD~_EP?J4yelXUB=43VjHK-06wqB)r} z3f+;gAHPQG{3G{=S?{X?Q7f_x{Lem%_~;w3U%t;YF>=R}#+*fSC9-eQxro=(edOg62H8%4m2%Pq{lKMZ(-HSwAL z)$QZ$iWxm_KqN#o{FK2Yx~Y7WgQ8hPbZ_BigXE&N7Pe107C`hV2$4-$w`s6hEy{Q7oqJkjpnpdYQ(rvoqhFV%2e&{1t zB}vvinD4GU{Js5=FZxnLKLX{Zdjbr~2kN3KNdJe&jT<>v^YUbO!{0itQ>zKarnywr zB6YmWRYtjbN3TK>C`Z7W&V5h_mChjOTPLR`Z5l=N84`B`SvM5tie!_TPexg8TNb%> z72K!Kawhwx;DBgSW%@_=?95$xpJ(TzjfTaKsLMSNUk8jUgN0otzYC+AO;bA85PhN8 zqPd@=VA+x-&-8Pg0|5le$bKTD6rj6pJma8TFod&U)ckO>kaiwFN?}F#(Oc#7b2Am> zyL1&kR7By|Oa0itXs*qnLyV@-p6%4uY&W8_&VRoa;OszD*ddw%DwvF*Pt?S8DSx6S zHFtupa~0u9AKk|+iR))fH>a4>=XsEx>CSd*9=g9f%$%=oY;3d}Zf*MhB`N>5r)Lm? zC6MG6_B^1ev`MG;4kP;JnFj9Dh2|OfY=qt(WR_DuTf4LB`fFar?_lTTa2d~di19RvK&To6Fp*2uLd1+bbPH7GBm&4S&^~ciiftOBYwLk z^5laJ!eQ>r=&h1=Z=3)Dyz@Irhkv#H&3Vo!8SAe%#Nx+}%n!yUJ_o-cUENgpi=4+JKoMh_{ofk;d&A8m4mu9IKU{ljF3!LSo8y3^+zNG`@%KN4&Nz>+DN{ zTd00N+qvwNgmT7dPp+s$DGePGWU~3*yZ5J0oy&@TAnyz@J>NZw((_Wh{^@sV9`n=1 z%u9Z|Pp=8cQhCYRifWmu=+aloVV*NRJ)J@QqbJ+hpHGd?M`nt^>(LecHHCCaDBr!j-Gfso1zaL%cnMbq85xM8AFYDAM-IC<#N7w!Uwok`pUNuRd9l;P<15{}f% zvOksSLLI~7+icw|6J8Z2*J07z;XYHrE_eOgnE)H4`jjFkXBj#QO7^mG;A!oAA5NJ; z5j_+gy-4$x)cCSr@&STcyz|3tLQX6DK_R6Kj@hlFZ|T0CvT#)LzV8))zmY@pI9BRe z-L~%zF=e?U#lM|k>j&9F88~QK>nO8G3m|EC$w8Cq4_geowpYvO{rH0Tr;5$DXDyLl zI^N$^M`^{u_OhFr@C%&3^>73MGHb;-JUjEuT zaJBqdjr79on4nZif?ifpY(j{XL#6`P+!&gMB8efSX+`W<9M_#nA2cRT$XFF1|GGGi zyqtQ@442y>v((Pe%d{gmN6ZzuMzD^1!lim(}G zin50A>VJ(uzDX;?Tt%5&DIeRPFl&_%jL*IZ;(|SzlNAu zy<`7~s`tL9I9tWRlGIWX>CUgczB%h$N1IUcO!(E4?68BvMbD59wdAfKq^_=(bDvFD zvr^Eo4mMgR87}1!%$%9YY8|i^>I>mO%-kQF=TCLZ$HA`{Zp*454BVaARa-^UlMT_k zsB?rWxl63xE>X=#%7RY*D}w>B0vQs%=vFe zW%?a<3d{5-eR`JFQj7J~P4#gpmSRk!(CQT-4BI7qL^&kwthWwJe^kwOv`MTZd>d!l zeIx@-AA`1;vj>fH2wzy+R_ytEOJB3NEbE%*tG0<73NARobVpYMFdosZ);AqFpux+ zm-)t|Aq$M^Eh+g>|jw)ha6)MC0k{y_w!_x8iJ7Qd?G z7Ou_Zy?2;%nVy-61)QOMtEDK}Ap?&}NGm=+NMATTl5By8rwvcuG)T}r>{G{_o;F3% z1%>Cwe$eD=lETG{7rn+N>dy!Jj&%&`v$Or&BETF~Pl@Xsge=hSCX&CN5hzym-yw1_>5&mH6CPCwet zXONrC-S}wRD~C<>={AOmby87^{gut?ahf{^hV!%l?Q;BW1zYgYZIXNsAA+>VjPC&6 zi9PdV7rTUYIH-bn=nK6-FtXF>zS&$=(olNdvH^%L=-J{ZWPCbjpGw5z{LXu0c1hGtecS!T zt@PF6wZ$qYijw6V>_ve21%|#P?XIL2H9#0h#;JU*5U7%vGx@w&gq$W2?mQGw!=c4# z!sFkYE})F6he%ShE6bXeU%SRZl`Z|V|A_QBm=c$%VKr2IBd_!CuU1?h5}pHdriScj zhkgXC^;tp^AsxI#0X}2fSJ{Bpn@})dxXsI-2@BKJ&~LiUPxndMe}6XrtDB8F)Z8$r zHjXr*0a7Cc>n|Z7Ki=5en(ZX2R98S+)PwG`juZzrJ3OEM%kpAhV4AYl9Qn^o-7I@W z&@dN(4mbSu*9$he*>jgJT@tK2IdVw`)SRUpUkFzpzXLukY{t@XJTx>!Cb}1dY7y5T z$}$sA`PAb~a+rNbd!6JUqpUOEYUtJS7SC_;>qlqIxfeH4yyHK7ICAIq?Y#(=L2Ppz zRd%BOLX!Vs=kYhc>6NJVLl(`BZdo_QfxE}puPkHZ+@6@3P4V9!h+h4bL%Y*yWcaL> zl8pYAui)gj8tQ@EbO_qRj7Cy<$CWu30}A%KBOXekCVC zNIB8_VaXgPe=s_R*M#qJo)|nECYuAEIL=K6vdiU=yfoj8nv)$?T)=+Jg_*Wx=JdFI z6v3QfA>H(IG!oKFLB{f02Is%d;??GkMiXrls&U!XAp3q8dA@VuH#SNxO!sj?gOe!YKPTfn zUX3EHnsoUjwZHnK#q3I<>~QqjXEJAoo6_ggotXnsVqi}>4qrckl7P^t29Ry|-RlkL z*BG=+q7y1I4V?mM#BSD{9L+sY%;iz<(BT$fGWI|b3g6kMdtYGTG)E%P^W~NC7re}C z78G39HRwO?As1tq`Fveab#?U;Q~6^!fkB~;UCRjtshwpXKkEnBMr-N?7_;pKeU@%LI8N2jgK@{7bry+!5L5$Bqg%(&L;a#Urs4xCLveiWZj?s98`8ez&ia=5UCw&Tsn^mw zMvkf6FH1T`d$j%VOXRK?bhO&JuG4PuLVfq&rJubwk|r9CE!Uly8VMNpI6CX6q5p)N z@$IJVFCe$L*n!G{?z(o*QMXb1(`9oH%B=QTLCrK4upN)>7d5V|N5w}tb1_^Rx_2`} zEZLlC!}`FQ&ktEVkNDEz)(*+aqBZ?IIEM>ZM0A6%Adw9KhO43NsmD)Go;Xopn#=ZX zeu06Mvi)RUVLVXaE$40ud|u0@L$S<3B|aoZ%MAG~A8CiF>aekSD%;Qs|=J-eUZC`(ycVq+-i6br+rC~0lvsVi{^u<*aM&gN$%^S7IH(Nwme!iJ!-$SA_zn(A9&avUnqeR zihUbeHnJLj@pA9k%WUv2ke=@K{=Lf^()bOgG9B9PBERg|vEyU&<{a-(y4A6S7S^_5 z9KTC*9%0VutM*~ax9t=4tT=%rggG~;n{w@Ow}mmF#39B=@;*e%8ImeL6tH)J-JAxMjN4p zPP-8qF`6V?6c&gqc3uu#lFA1hB|kFL;c&3|I*{6Z{?#dv1ea+Mh#GS=W|nn&*^V_U zScUcC@6UG&F&lhlr^on_>}{O)2ru@F}V>!N%jveK?hj&#UnkCDMiKvs2RQZyz>ghhmA79?2!s zQhQ!VSXuduY+S&Kkhdn7%6_;t8fEDW4J$E{V!%4EpyVa%mAm}=gBxoK{*K!5*Oo1B z(BtwU-_ytXr`qTJAt5l1a9m)utSLUZkhC4X4kQ{A>~)fU(j#}Vy$LUbnSOsmCNI#O z1mB>3`f6q6nJ$u7=plbxh*Y3FRZ{56->SsjNY#IFY$?UTD*nNcR?+S3xzZ+K-4iEn zPq=3BqQsm-8oWG|_(3o@WGkgTOvlb%`sv!>DqDL7T@i=;3HQWMOJlSB!pczBpV$ds z?5dN11H3Sd)3)P}?w0xsn9tp?mu2*q0N!#J<{f|kMKwWJtG1169_-Pmc4fvjB9qtI zrY|pS%EhrR*mC4m;!Hndis)o^Q%i2A@t3Drbtv77ED8kU*Y4EEL8%2X$<=@UC8_Kk zAy~Nd+bYVzGZX^@1M@c7v)LT{UGJhF0Gp&X{abj60p8^)$)+GFRYuBSSIh}8xg z8nKX-(^k@SzYD;7gfVS9u#hXnuO9cqxuHHmqcMcH7cke&fVXO7XuqIypLOMkrmI4T zWCJ4|nUj*a?ZK<5kqBK=Tnv6o?&~MFdh+ERd-H% ztVtxY;_%&WG}+D;#Yj*G&Fc5!?^RYVzI+X*)cDR2S{B{10HG;OLCBJ5c{HwEiEwpw z?W&Is;O#E*em~58rc@_m_wLFbo_}WDzV)w7n|dc6RHJQ}0Gr0G z$-4(t=sk03KZ$SU?qA9YnvP@8} zMAbTZ>QoHHch5p#F)KblZq3Hc`!z4lIXiI1cgDbahes^!-k=N>>9AN${WqtH5Crl*L3d33^;q~ zySKn#nOBD&r9~j?rngSEC7WJg6vU1xdAsnadfptZA(3CIg-SUAwBjh>0*!FX%+3C` ztTa5M9n^aa=&Ea70ae~ zh24}$5HW?$H0aHIKc}V|NzV$a)AX-j=@b3neJzkoOc9Gra8Es;&WCimN}YnHa2|5p zg=7KXw=k@SZP&$A1*AWiSD2Y==jh5-$+aKShPc(nZZ9{Jjb||-(qldZ11pBad5~y{ zR<@(usni+JD}z|b7_Ik_4f~SBLCn;HAb({JvuffN>d=_jr!;d6`lE>6|hMW56cyz2AenckJKOP z9iDk?-VkHt?LmAW+4Jox|GZ3$?knhvWVI3C{7mtG8w5j7$+?6xmg9B-yIz z-D@2V5Xi9;YkG*w2qi6WG3%OVL_8quEz0^fN>QivGovzpCtbGC_LJLn0{gq6bzeg# zdkJPPi+L5j@vNPPqweRzh{wYF_R~5L4HK!{5zpG^wrc?Vh!PpR z-Mr(O%X$v)Mk`b&{BGx}`^0o5Wjn zkPjh&KLmA%%P>Q1F^!>KK zeq6Fewto*x#TeN6=Wwg+F1b<_+SVAw31um81xzWs@Z0v3ZZy}0U^NZXP6g0Q1*F5@x&R0=z1|^I~69JW_o2NcI((jyS|TPQ^kD1zlYWa&<_F+ljMy4b4|^|G!$*d$=ay_JiL>%Hsr z^?=d3C}nZL5J9P?elE}aOOg)5-;;)Q(kufJlRQ;l(|5;YSzS!qnz7u^(c5#96;mMl!yWt+~#z+igT@ zMB5w%(?c(~SHZe3hr_qoPTgRvdKj7-3*ku9qbf+e%BVU0cJLSf1?Y8e2e*n_1~)pd zJA3R7jj%Amu4Bm^_XeaEkh7fiM&Kh&a(`AR9&V6nSHkm^B0{?Qed{-FG(t`^WPH09 zrHpJ+jxFyN8@aurzi5jn=&>zRWoSS|k#Q#^hCm3H^CxC^QJXg#xYkH6|9N0>rf|_U z2Qwp}y6scnZm<&{S^w1s!-6OrTm1 zQRfbs)^Zn(Ok_KawMK3QP!^L-`U6iw^s_S}07myyEUgy&0nd|~=g^C~>|Y;nV;;sA zr#Zc@zCPpJxk;TgQ^S@0!tpI=Hn&ptplj$wTGtPd%S34`OgHdr6}ob=5hUL341;@) zt=12v9<#vl0Mn2zk8-Fkwvn{pJ#;`4Pqn*Tdc9ARh z+~+1V#7t{X9KQbT9F~o6lgQPK*u>mgm}Z}R<)|+_4NF5Z#7F9ItCq6#=xt(t*>!RS z@o|H1szv$GwKRQHiH?1&ud4C(^7Z5JU+hIoeHK2_P`61fcyQDg&}z}HHHA74?i*^) z(Lsr9K#aUZ-QeG`;|LN4Pa({!4doS$DE7q)0 z50!Qr2M{y?4a~%H#~Hum+Gr!A4xi0=h;C7!xL>1g^5K1v5YK@HPqA#1M43O0g;%|^ zV&l5mzk(n`nBja4eo1r;tt^`Yk-MVQ@@6#aY+1N>kbk`jlpumS2-@ z7s;TE>oku<*-AtK5SgLrGlPIOVKv;^4lkWaPVFJt%i3v`m7VzMroKmP+r-QwU@Eu( zN=*I5u{%%Ur~-Mn_uxTQ5SKNC60~o1hNf5%CTCFFHWe>dxxGlbNGS046akx;FnLlE zb;uzK;GWN`h!4C-cc04yE&39az8MZ0pKiMK%PLz?B>#@2qV&L!}m_x@Q=}lYzfz2Z^`L^b?qdvQNS?$ zxL(ou%63V+GkE$qm}leA&&Fb#C~Xnk#R9`*P~z)JAZ0PDcIm_0*WjnhC^U+Ldt}xD zXCxp&_Jczp!SiR|0@pu2=khr?@dWgb9#QIX;Nk2J{`3TFq@&7i{VQEvmTVU6&W5KZ1UG%!-l7BpZ@~-Fo zq19~bTefjJ{8!9z{I5-vd=QG>#=;$GYTC;~UH>E9`pjA1dhZX0`T3KRxy{^^3oI;0 zK6S46KRc=NzxECPlQT0nid%tAzFAA)U){T064plu$q7vc&i`n5W*JC7_mUD&+_k8n zoeO?@#TwAT!IY+i%;gLjA_Y3vZT;;mEc5UG>}UG`{~$C!dWV2^vh|G3VwM{r(8!>| zpP?by#CL8M(pN=|NI^FR)4mIt?|^d&hGjKmsbX_C5JwXdv-oJDgSo@ogaoDy2l{#V zZ1q9t&CSn@EYCW}!ZLfB$N7i>R9hscm*{->k#+gbzq}3Z`!(=YK`1pCMqpF)4V1Q3 zkPcOFmTk69qIuniw@b~+d@N)j%NV?uM&!A&gT+2v8sMUy%DC8*l16F*P&gI*Rls$$ zPnJ|do)U>o+VL&8hq(irH?nX#t>;y$N3D2)$jn$3hEAE77{LUYeYmm68SZE(w0w8& z-X;H+lhF)k)Lk~N1hg$q!Nl=%5QM^NPH9cR5R%VGCWi3LTl#Jh%MXL@%`Q)7#I3&` zA;|~X|2&+~8^JRH9t{AJH{vgd!G2T_>=ukp;52Hu2IOepWDcY-P&gU737<9oVPf@$ zDJ(F;{242eY_V~1d8okqD9oU<{(+4y&@lU>M0ReI) z^6S^HC$yAs%=p&{gcHZEjLW1d5X?d9pep}4QuD)Hf8IwKiU4j!_SL@MaC;#e7K?t! z0hGb3>Cpyxxn&(V24pfzS4mI;2eW9K)o0K{SP+|xm|93Fe*3jlh*C+$lL7{aT)eKi z1JBq~6=r~PS_i1D21#d$-X0dm?bLzVlVq}L z&G6Sqtxm=wr410)1o~Ur`Z(Zd;%FwC21qX6g3H+TFh7&DbW{y(n1}G$k6S*bqcy?Q zm!(EEOqmh*bp8Ve&Jm#JxrW0I$vZ%#vM<-T{240biha;}@!cEYCf6;+u$vAr_IdnZ z1C||7jXKh<*O+J!zzr3(!7N~G$tNIjBSjdHorv$A00y*ngj~QL2(~jiflvSxLeQ*6 z5Hb{6JG zqA?!tdMISp`RPt3TG2Ra&dhKY?Mjx;{GzXUCOEgxC8;qaHlQ+Odgo!@02rg~ZWJ8U zwQZGOgLm!PRsULkbBbwQ5kt>_l+o$2z7*R&rGQTGs!#2v%w#e1m~~=hKhU%Ws;i8w zC*fd;Y(qf)T|#l=u?a{dathRTli6RRB*(x|IVdtmAT++k0QQMalwQEOSTN8;H&7#N z(jXjyfN8M=p94$Q!ay0{l7vRmFhJ)WuX1P{;5jAJMV<;f=|NO`1pZkPZs>GXF;-~N z^p2;J@fGkg2JS#ub6(&Bb%-F1(_R1KIIB08oIZ^>?=w=mQyTThw2hA?Mir#OJxuxO zT<8KVK|ABRQScy{Bj9FmuVnc;---<$$(>0c^8+AgocFKSF%YgPmQvo&hF;Qq8s_=Z z#zqYSmJoBv##NkdKTCKeVV&Z(agkzSIa{F93JZKZ+H^YO7c#ESf=7S#PS`;W@btBS z4;YHzr|`i6Ob|B#r)2i1^z_M-rttKZ28u>;M?(j6hIJ?fQy|!!Q?!GZJ}t@l)%B1B zEq63pCv0~lK;o+;!{R}hKCxBP17M!AT0>xdPCCu4Hec0J%Bnf7A?_eDR0 z*F12Eot4EW8Wg(;>@Q5@upIyU?E&|AD-Ely^5!C;gPLH_;;io;@5Z0xL;*L~XFJ*Y z2^r|qh!uyFCw3|OYhHDKu>43rlg!_rX4&>&tmy|CApu`JSo6x0`XL|!pqb1xV(2Nf z0RxCg+W(BI-wP4VfHjz7Z1uE8Cei4h<48QTn9zzD@7H@$%lv;ue%)s3J$ zv~5L<6-;@doCr8Wv^u4Mt}sSM)>>Ytn@^a2!446e<}WTStqTDC&|%w1Pc~I1SL4*n zv~D;dpG!F;Xs21mqau*Ti>+0V#Zi~wJCs#5EVQ2_)hu8xe#{mOG3io?+a;*o$=n6K z-iEDPqrn4epn4P2gYMwtZ}$6%nGsgaeeqiFPhkjv4m@#IT4Xs_DK+~4E)kSRaV0!6FDhn zXpX_7u$#MJt9cB)0MEM)p`(&hD*HxsbYduiieE#N+|Krdy~W&Q6~M?PaW1k>6?XQ? zo!Sivm9}A|-Kp&9zV1VDj-y>naD-2H9>2?Kww^`0vgi>*Pfg(m^fQ0`oy536;`bT{pJgCJU zsUoRrCVpAW@N;y&H8 zx#F4daU=#cbRRjnd19GZNpmR5N&XK@Krg64>oKYd)kAZsf;A$uOY3fqoIaKi)epil z62)8FgLUcB!aSR)<wz9>AWHZlUEDkjP#f3T$4=r)+Mdoyx&N7`)Cv-}^SWf`$7A zj6&LO2`4n(Usa^kBHH~hVM}T)EYtOyVLvhs5yF(YhsUANpo4!G4$s3Z63hY_ zWiAao#P4A_a*CBjI-NJv@ssnneVJ%t`{ACUCkcVeVh2BlI8Fd2=EF1r329Kl5kPq7 zX#~Xh6qiCm!fIIjOcx4+J%Ica{4yF@3zCwY8qquWyg!i@7KeZ%Uk9eZmUQHx&sz*9 zwi9X^B7_NMJw%E$dp7OY3`a(d0eLa{dJuyh~iLHJ2luKPry3-bA+bo$MIyB zbxlWh>G~;|nvQJul2lQcA0WdF)e@;3MbHfRlXUB6{r8*t3BVTPK0j^jy;bxSYECx( zFd7st@w1tIdHX`ru0Q;br7KJT&Yw%zyhK8c0X8j;<{-mNaB#l@93^vcbnx);eRIQZ zJlcQ%u{0TGG=#hY>81(5Nn@^amXTQnX^ad+k_rkMH5xuGLRGEdlzxNiuoqth5AUcV zzMh5C1^L5%8)E1Xc3+^K3OwN?eN>179^iq48w-oH;JTF4{xF0wKu0wq{K(`1SzGWq zHJBG@UGocF1gT=AL%{hmgO$n|Vi9SCkcp-B$0kNcYoP8#;7pl}b`@f?d+52R_G~R0NES(gaL{U1duz)iGeSAZc&76 z_^BsA6p`BxU+1Q-Czm?xC^@V!?(+KY)8(6)lF>o9e4=p1%(q_g!|u{8uaH&t!YyKW zI_1c*%P#rdj~t#8&f>r5c87my&rH6?f9A4^uK~CnV_jX)Ux}DwJh8@ecXZIr)4{^0 zkhU&@GWj^UjOD|t`~3gX>oEQ!3wFamMV#e~0z?hv!9CpLZg5D_PqcOWs1EZiv_U4Zi>xso%c{6Y>~5c0Izd zr>~FG0>A&Blz{(zgF4oX83BTbQC!WCF3jp8y(`1y5>a0>pDsY(1wHvE;i-{|Rq*rm zMq7Cj!g(|BM{hvbkl8)}nMl&=gA!>#GpbigjD@hr{H8nh8|3POZ+Gszvzb`hDJq~8 z;@+POm4!q$)z<4e{j*RrEx*%x<|gKBbWtqNqrjti7U}u?`B9iA*cJP!MaD4 zk70D^b#t0kB8JV0bqcnwSChkSvG76+fZ?jf0{fwf+rs#Q4?*7@j@Ox>;9w3lxd_w4 zW&l5&QSu>@6K-ilb;8g)ZNdRbl7|A~H1+QEui1`_FyQPr03O8O4f=ry5pedO!8c4H zl^#|NGMaonuow+jB#w(b4bu(@;4MgUCLT*zD7r=uZ6wFRCzLSMK={s6Z4Q3YPS?#H z0Wl^ZRhj^u!Cnz4HVeSu4EHct6F1^}hO9u1wgRslQAwAzUFqVC`3n#Q!U^B3)Uwg^)7&HAu0=r#caui z@bp5N`wGtwQgAHk7<1G8l)+6ryBJ>3^3tfnO&lPX6k*IekF8J#wq2i9GG&DIZO(B? zBPBR(bvpP!=h4E=#9RXKEK1KLY!;;!0>--6@nj#rlL=VTV(P3Vq(+&?>#WVkSlKw^ za5VP;8gMeQ@W;imU!eojxPkB#F>>X{V@kLQ-SoHE;wVHBinA{E$EmvT=RN*@$`xQ_ zS_F7C=j|QQ7kCrvAje(6&ubt@jd%OV4F(#AQf_bB;{^yLPiy3F$L86)tZ55^k`5!8 z6OlE3{4xQvgDXbD2^J&r9;mDOSEt!1Dj0%S8%Fa>hV>_)$T`OI^YQT&IUOzzlca)< zk-8U>R?-N;0q2VtsQ`*1VW*X=zTWomM(7Dl*!uyO1c-`b?(tnEU4mTC&|_ujg;j|J z!WsbRyFaQv0z;I`_f>+RCxGyp77HG2#Vn#WjS;XXlgu7W4=!NSc_`@26`mE5Gx1Bg zzacgNmjS(i-fN1#Dgn!nthi(%XqOqr=;xcXz9y?))&ORVEe)jRcog%Az)NAWeb_ zTYjLoA|nu%`8e(gI276*GfXBQ(XoXTRt2Xeu(Glin`dIOkMXS#bS(IgJtV4-m^83s zTyGS~iI~?RX&0Wje%u?=fN4_j4YDL>l8cWZqEcaaB5ETUwF88|ruW8czT?IXmftrh z`0_U53%2!kW@`?Xn^r!2K9&2T)akE@qwQWjs~5@KU&6}DziZbgBTYy*YVagcYH`!a zc$rY1V{j_wpos8HE{(#G!qKQQ%m8T2oY34$A%g?OKS@vRd?jF5e?k`1HrxG+r20;| z5pV3BaWc8SnqNOVolGaO%Ho1C=udh3fLqlK^w18~;`E^5;~~@kfW)<+J*D*{%CT%D zN0Xij?0gNr`ESbdQ7Rj!^j->`BbS)}xG|__K;XYx<@CMb90w`hC4V@tBe$fG6b;<1 z9a6ASP*)RumOpnzs7wnZnNZw_X5xH##I7zheDvs1La|s#eInKAhxHr`utc0B;|?Ii2as_DwTj3rlO!%1 zKms(IFeRfXWHy92hMDssMJ5OrQdfx4l7eZOoCq*L=5VmaAURTb$iOZw0Wbh41&SZ&VR{SoFoFvZWf;zGqOi2{oGoRg@1$nS3q4m;sO< z+UeFWz-;yXluj4NXyG{&4>D*$s3+jHcSZPA3Uq@}i8f+x`I&w4GOih@LG-ACl*M;C z3&5j}@@@Cy>rusL2aY1-iKSzG&hM-3=37X6jN;FuUxy~T&~Oh}+!`E6G3W7qO@>Kp z`si`So98z|Z=xukBp~9S4IF9KNdpHOfiPYK3Xscmka|38f6LTwMLjd7Wb{Am<`y(A zAQ3J7?7sti>07^F@qZj}vt0X63Yz3={AZf8f4h!wd(jqX!7S_K;jKP)>=^V=a-(0t zRzq@CPpY`|hHF-i&%U((IFOXnX;ZxMpZ6U8tDf$Ed|Bc@rESXA-P|X+siHqLFS)#b z=wsPO`Q5t}tkn4b$wiF+(j)cbi%!P%*O)1JL#9_yjAPEfx=RN10z^oofx;LE^D2?e zp!wFrlhigSdHvfx#9j=7n-5AGEHkxmTiL;9;xjf62c;@*6C?~Re65O4dyusjRxcT! z`D!gu|MKKY#s~(Naf1%G-YpiEDGT`GV$|cGllz!{kHrEkA;2PtZw50hFpZB9+LYYX zi2E|c?E24v9PE!zYp(?uiO+=QHI638oHTb0F@AT~aKu29i6!bPsG*i@Ibcu>e_enO zsDge2`dENx$`@R%c^CSq5c*Wu+|J{rq4dmZ=?0ifNHVT%i#>ze(U`xcr}u%4C!{^OQQ^=Wke^;D z*nSM-^23fv^g?(zgB({b`* z6zm1$Yfk1*?90p#d9SmqYqr0Eq591~xl4$O00w+HaBXYnx#s{d25ouo9YC5Q*x}#- zvZSRNqGS`bTfRRYm;!ibo6K0bD5df3k`3(aF@R3+q~c)=32{hnTTu*_IFB#nz`p>K zeJuKES_C?DvcbRgbIhnf{5uIQ!12pNmal)o%CwXyBlv2mcVP|SLtO!<`IwvB+erpk z$el!f%h#--lj%Po4y}9u+#M8Ly=EPF8i0g~qX>OK4aJ!@%;`xEH=bYfW7}b*Z0XQ- z(*JjDoIxLfvO-{Y4ceS!JP;hN{4b2>KA%BjqVLq>7h!qoCdOv&lr6tU77I+gSzBfb z;Vn=~(w_?92C)`3ChBE0U;r^dlr`|NIG%&C-(j15Z~0a@w3L2}UQRi;`cRc|AKkqP z2TVVcJHo_Fs*j)#J_l0?PD}!b2C_(mf8aL#|7_CsLiW4=HUbBFc-`!#DL`d1$N@v% zbr->`|FJ5r6Z^kQ6@Q!XDDHnk5Wk+MCJm`d1v^&_I_MQZ{A%`tdzI?QfDI8ZdMp-L zI9G#D0gV$xC<5Z)#6hVhqIt?J$nQ8DtXOn~^tZ48nqY{6fF|_4uaQQGcu9+Z)nBJ4 z*k{@c`Y`}99oUEnHb9oKFpJ)Qe*?=mxo&m^6R<%IcftA?FOWfeL=T^Y#25BWcr7{o z*jK_dP=Q|vHp5o?VFow?8Bxb54_;Uz=aXx8EL+oG;1(PrjW_3cn7h>ngIHh{J!*%SnZ z8crtZ%`nUm`k+oS-F5mMIp5$|21!E--!~D3G5&ZIaFzh{c4vkFgu%+!9Eg;O-=cYh zKe?SOR$USF3~BjYT`$XNY=EAH;U($Y^hJ)_i93&=K{QcEnRFj8o1?8ltrEAmWW8=+Fi5pNVl1y9fb4Ld+5 z`ZRU~pq`AJ3HFda2A@q{YopDIMB@vm56A`MhC1BFM;4#>|G<%`;i5ZGlj?*5tP1bo z7pD7iz`1>d$btYy)Rri5itjuA0m8-^PwOAvkJT!R?$X#55;-l zbwILtqac6q=@TdR;+sHAwKFx>I6f56k9Y=~mwh&M< zf&=8=EAjR0Tsg!2!D%N?pE{+TpF7VqCu9>$H1LSMCR!CPggK3pl9U_kimZ&;?sMp8 zbY-y=xUsjmD_KDab0-+mNg+O5LPkJyuR+Ig#p}L?j7nErR6m}j`&~9$>=d~YheE@h zq@5z!pf=TYa9>#hG7RyQ5djx++w8gKWnV|F!F7PAH3eZKm=E(188{~{L-tLG0m2{> zOEaMxA^4>?;0j6+aIu-e3VsoQb7z@(bMI}N`_t;>Yf)5q<_yk(*zyTjl2<4LCWE+> z8b@(gg$5|g6`S^(tRCACEFQ90znPc;eRj6OC?@&F~61OyQ;F&#wk>nhQ2)tgvdVh z@Phfci_4_#=SW{)6mUp1NJE>1%`9C6UZR9H0&J+EjWm~Y!Kep1&63Q;6dEC`7v@Gh zm>moAeJRQ`(BNjE3Yu|&M?>CyZqnd`UZpRu4$ya|VETs+4Vzq-$T-WyT|+#0kCi|J z`alB#{2EHAmbm>Zih!#C8yvF>WYgi|gqEoY;N!=Q-7g-B8G?B59~I|IeR+Kv2QU!y zn%q4CJ!16vNDeNdP9XP^Lg=`j@refK1cM`E^a&(sedM8sWBhJpHUX&3WqaTE@x6i? z?qCa3pv@v9mI*jEzB%9h_rhwH9fFt^Ab6O##A38lVvu8_z!ws-gy3^`*g`1;mgCMt z31WQ)xU9pG&>bv+`yA^Th2qtZI-(BtYNFj`gyeC;uoHp+-%)#}7#2KYbRyyiVL(7f zTVSVw#m>X6Hv!l!_gxL7ji{upsYhWE>9olrML|Qja3|%^y zwES>J*0J~Dg4+@LBNv`=XXmw8o;s`nGKye8C#Kc zzG}N@hx$nN*dts}P40*Vf2L0)czn&*$i$k7(zfkJge8ta+PCED^Bci?nL{ri4tQKv zl}Pwt5_d4oFebH2h)<2&k$~=k@I-T18lnndC8w=5&}_f;UXpiHKT=^UikA+`2Enp; z0Y8QC^|=f4E~NI8$r4;!bk_yYg}@E4sLnlp8g}FT=T~#d{X zeV^m^EPp)D@qK>B@pLfFG}V27KA-pddSBOho#%Pkh)o7yF*goSTj*W&)LAap=#OW+ zg*zn#9&x7Uth9PSFnB3d1k!w|k7D_vbdw~35*`WU8gbS*>r@out*R9R7PJyN0T5#z zKQI;Xr%+3h(E)I={gq;EY$m_b9&D|nfn$gq*Qt1-JJrgXRlgVN#b50Qp)s(1r|_PHZo+Cahb^60{L@Gm2hoJy2*!+@-Fqq1p3_W6w0qAP)6!6kxu1g*)XSFsx4q#Tkh=Du+X)-^lHispSIT zR3xno`S{AJbDdvZ;n&HQLsUk8`^U?(wIhG}QtC56{FMM`7HlwSR&nreK<1}J3SU0{ zP17X)tssV6*MEkz{=$0_?;N(Evg+LWC(9v?{f655P%K`8QK0bnnD$=}r1}RgtNX#F zp~tm7Qe!wZP$1S(7B%8B3;w?nU(B0TFZQ9pAv*LW2=Wp;zR|Rk zlv=E%@`jUV$8iw!H4D-aLQX*)MU8aBf5Rgja6^2kuv`8SU4XJez$q_ZW~jtRQyIo^ zL`&Nm5^5wFsTe;o=)-s8hgVw4Y+88Iz3DP?y*2nrwtIOhC-?^?iI4c8+q~Z4<8#m9 zMCxJSaIp%M2QQ2 z2qbjac;z9G6_fVh6&UYt=T`f+%qpGq#^>V2i`pO!=LpT%_VKN_{w9jTGHwi3hu;LjK+ALI|twN-FVAYgJ;1XxLr8iohcQz z7tL+j>sa4?mKl8K;YD@Zn*{I)B!=|!_VQvhp2JW^2XA;mGhnA?PU7;p!BR0VrXeF< zFnR05S75w8ii6eaUmiM~P#-nw;>U+=e(*ecwD&6b^N3^v?@hdH>+!etY2y`>S_-!q zc{XH9NP&-W)Gq~q7aEonFGAd+DdwHv3-nblVC4Jc5F<5lu$edSAUFHPO5ulUy*zns zEL~YpJK^Zk$Xf!@&F%Nl#e*R5!SE`K`&6*}VjO3bGJq~rByUr)pIp=eXBK9Dhm-r0 z`TZMs{Gvk*BYZR{YUL+4WzwDFygf|mXBt5F;|Tx33Ussz<#zN19-N7|2C(4=rLdMo z`oT-tkTGSGhmf80XDmhVAICuk0z^iU)N&J&PpQwv=Ln=@{GNrxp>799*@41MrYk6< z>bSWV=a8)@rU|W$yk8C#k<6ZOkt0Exo`MO|x#Nh-UAP_u^*#sxwV7L89RR4z-07Gc zl2e{FC_Nm`*C&=2z>}QH@ZkuOrW%NXLw@{x???6uWgpV-Wb8`|DtJz^x>?b?>Pt?N zc&F!bl5@b%+JqCTB?*Wnn`0X7DH%Q>jziqT;~f6k!`Ho9zs877rCT%1e6I!!xG_O( z09I7@kJ)qsDM1v+omgDxKCuY^+>L@|sFN1^0^+u~KgMtpD@DOvC9?&9 z$?UTh%Q~g=xuyM;LMd2XYifw7ZNZb~A56}Iv??vR=SIHde7p0Oh_@jOTrslvfYP=G z>8hr2i>|&xO9ugB%1tOQ`m99t`C?9*n&2`(7E{PDP~I#%Q7y30tPS91A|;8?$@wh#p4??GFE8s%i2fHJ zCfNQ$%~#iUW|K?exey`98UZ$o&r4cuDve7#mcCi=O_Ctd(+E<|zC7k!FOLyFk?3O3 zhYU5_aKoKtc85-!SZ>_!TMpGu$63y>1}4L3wej5WsWQFesEy|{^=y4IAF=fJ-+$-?(D>vXe^8Tl;=;Qlh z^dVMJUqS7dM-xdi_E%n!I`M#%*K`I-aZ#NHJ1EYXf9zhpcGGSubq8002r?eN71zAEx>i|fI8TdM# zU?|YSPhM6x#oXw5!Y5HooLp#DT8?SlFWKz^s@1dHH&vjyolQo#Ry~ONPY3}3bd%n# zQHl2>7Z(CWGS5%UxCn@DI>8X(Vzp`sLPDbMh=20n3!{H-5DpfwikLGq zHR&VW4{Ai2x3aIaafQ7X3~zpoD8wb`u|c-G?4{z8+De$Z#Y~WJsOz-+{2_4lmlTz2 z*O{eJpJO@`2@GVKoHA-p6h~2VqjvzgnaIfdpRX`((2usU$A|_WOsqt(3;9RjH?d?h zoK0H+e?f{$@#p%L#_(UA7^m5PoSU0QpnTn{m@b1aa$5@om&)> ztb64(YohQwOtncs9V<9Ln3CYkDL(yCPl`hz++ERiOX0<*NczV@^VapdZHJ2|YAOqK zdQwOU$jV_XN+BsMdULb{L?NEC#BAxXQ1#?aAjWtYKYt64BTj7C?=@2>c0F#X5krZY zE^gi8MIs}bmaPXlo%n835YA!n)W= z!tmhSsw0^dKm%dCi7>kPGs-G+-}AbA#ebp>H+_QDjH@y)I) z;nuh_q4kRk3&BHr>FM1S2Xyf$d4mJG?FJ;$zoSyr10fp%4N@e1ivWmv_386lbRlKa z1S+`+oV61%4rtb@)nIu11{@IU4t};UCamd03SH|kVwc+A1xk8{cfa5sw^~Xq5xa`y zQNRc6yQIO~4|_`D#j150g<-V$kFsE;&m#ORm|`;(Z|9NS; z^3gJt3i}-nbJehXh`Mj)K7qSUqIneBMVhrP2%lK@n!VV^UTf1(#i-dm+KprgS?ndD zbV%QacQqAPkU?-(SY5p*)x0asGna6EVB`kzZ9vm7Cc9|=)6{LBcoasHM>A~gKCACO zIhNF_vR1`;ff8^DjLY0p@3PR+{11vlOO|VSNX;^<1XlIZmQkK56A4M=XLFnoNs zdfq>!Vg8-&S#;^=*YnPu5`;UZ_Gh(^X`)#XZ#lxb71@D|3__Q2 zBU=2mgft+IyR^RgK$?~GKQURd&;LvlPYO)o6cP9r8ni&fB2E00fe`-VtV#KI*qb0j z{IT&omD;_#G}1(9%6zj}^1~&dJGvzgig!(hMlENISY4VjQbJ@m=$NwNIu~?q+pwXb zF-Vmomoc9n-uw^m%N(QuReep>Tn(e5Q}p+uoHQJT1D%$ho{kMnwvXC?D=q2FO9_P~ z#wl`iTb}`l81%q~1}@1tJXqw{>cgC)w7EooJ0kwF`z{P#nS#(ywS9X#QcXKfg=HX4 zPMV>l=_xm*L^8nNMtGsLLv;RU=hpVP zcX0yP!IHZLQni$0c@faO?asySCdM<+jf!cSw4&8+SkgC4k}I%75wO1g~^lKE5}dkGqtWqD2rEg#ZxjUYp`a^R`R(w6Wv*zHR*Uo4kv8KkNz>~~45l6|bR}j8;7W6R{PuMz z^_qL@=VIg1Ufc58%t-;W!fS)BM#j>Ql8I8H#Ur+8?h!p7IdTpLT%v-M`KYYlY1Bb+ z`tq(%oUhuB+#!N#oMU+CIY%ubMa133&~-8#qJ-b%9ac+pZT1Q{Oy+#833%%y7T~M;t}S2FA+M~Q?+lXcl*Vp8 zB<&_~4CIN`Kx&~=W+Md#AW6Mgn3c=>(-RUT?GB;Nz%9AnaX&e9@NR#{RikevZT9_X z`+#0)m9@nWzbRxw#WEoaiKdaqV7eXSS6}m&&aUtNMLhn-xnR+1x$N70cOWzq_Q63` zzwnM^MG5Z+r(o_|2rS3fw9I#DiX{{aB3LsVv$$xjwP%NQThwT^q2=2R)3Q?8n_Vr< zD&`WS+ogW0$`m%pg-=yx4oQCIH&aYstO>mPyyB&pa*3Pj`@OL*^9fh{dw-=HjsIiw zrMC~dBusCxj)c_im)GM$Ed@E<5f`)y049P!PiHwv>oQhC+Q0_GHMGg_>Iu@GBbF~u zt{v9vQoWfm%*Q?G9mV+uV~O0PB&X?>+FBWLIt8yH5un>jk|QHs1%<=UuS~?za=F+j zkp5dbT?IzcQKHf&$ZUQr_GOBK@0>80RVFsgC>c*UJ!ITu_w7v(yIq;xyv0wgZ*f-Khk8m6nZ4Zce1P)A-0TWikY<+}>&xOsL-huO{mr|@9GS_n)^aC)G)=IPUd*Zhc z7R9*Qsp}CsOQL|0g)Kb|jH9BEXjoqrbqsyk-XKxGg^w6g(COO=ypc1gPQ@*`;~I_@ z8l+#RkQc@sylwE!wH_J8ms)FXrj*=E>px8Xsx)j8f($%_2%*NSSK~0M=~6wgrN zb|~eSk=eg_FCMVxs7kfbTqq&QzoMU{PScF!*2mvY+KsUyy9yyvhSFot!LoE9$?g;c zB0V#F;7TvNAT^K79wVvOM{i-kqSFtU0P3Yt)p4{X-N4P97iYdK;+*oPK7gPzgoE#Q z`uYRqT!DW$h+rr-muYG|v3*ozVIYB1&`u3>%-0*pP(&iTddZ5Ru2m`qK58 z4C6XXWz~z~LdqCJh9)lps8q7mVF+pkRhS4fZBNO4cVG3$+2EzDeO`GZ+I&?@1GoJ4V@6;Rdq3)Rb@z{of z*67ns*W<9(m){JD;q(lIL1yY)$sUM5A;4RE*-A22I1F-4m;l3)i98O!8e&~+*0?@B z`?kxS|63!#zlc2@^SbA608X5GaI}h;=lMDoRvO$!hW8UnaWHn)F)DV57yCL=36>^yA%1A z(Em}VcX_eoX)gNIlA4-ZmhPa@CV9j4yw9fxB-6Cc#E*}Xw^?3qh3f=K zHoq?6{$;aePD4>7bsSH)&4nc{)R-uznfqi&3UL2a@T{kUXB#(8l=dEtP%HMoMw0HI zM!ipPbjStU|3OIve9sQ1M;w^c^6{3hmOxmP2}uTeCFsh-$anyT`Dy zlzYdijP6k-r<$Uo8>zxBl2>clMJ{Bt9WLgQthG>8R zx45ffdm_#TqUSSkLiZu!6wI%R(wM(u0wrMzIJ3BDuq$LBOm5xFQn7Wia%aAh*y&)T zn{;mo8VxZcs!uTmk(Q3RD8AtynRNoI0R~w@2@{!?tYpYO@o6%lUWhJi5@GnD59&W@*?HH>2p?A zt238o6wlTL*o5@MlB>*OQ?g5Jqm{eI1xWKiI3WUQh>fQ_LX!J>jm&;?ClU)0coGC< z;I428!7KYI@wFg`av+2Ya0TORrW~VuUOI6uQC?C%NG7{Ai!lEtOWmaztD&5UNi&Jc zla-+|o1V>nPY~yzTtvOEK#dkWB**)TtK?pHN`?_DcnK%>nMTAE(6Id^Xd24{+v5mMrkO>57 zO4ACI^5oll2yGICNg^Y4u=EO-aKTec3E#SopeSVZSPeydhlW_1Or_4>shMa_ZgGpf zcFY-Ua{$Fm{Fe)yiJ>HO{&wJ|jy?kxv5_eLAUsafC3zgL4}LiWw_5wG9z8Q|GEuIN zDidKfL+Lbhvh^9puq4S6cxMJ_YSrXhA#x-lHx2i~I0nE$-iTBBN~`JLK2=7a!F=sBkH-{aE9lVRwZ}x`)Ol z0{m8*y_cO5ThP+koMqqMPnL$-*SP^7KDcFA`*rO(rmaod)ys=cH3Nwacz?jiJ@y_2XkI+_4REXJRBb8HVJI&AC#?0{Jh2|{7CSsPT?Pmb8>ou0k;@7Y*@hXE(ca6 z!Ch^vxI(3>6C@+51IlmM4{FX3^(&7bAIwzSD6@Rr#*G_S`2PCrPL0R3bz*3MvJ-K0 z?R;pe#tRol7u-oabEcW1(e4aQZS#o}JM1xy)-yEJ@$vO-PEy?dom=X&&O5I6D0I&3 zccr2tzFX7dwTHWnFF#Y6XGpi(dQoD*HaI%nM~s-&cI&3M-CwNo@;cvY@m+7Pm!7|u zm-|&!IrA*PiH?pQ>RQq5!-o%=r?zlY)H-**#;((&Pl_S>Q{=rWdO=AyXV}>6t6Lsu z+E}q*oNL%EPtrxhcXv&m4!dx{c9ZFd;ds%QMt_@?mG!jc@(mk|zExGF>1KZL&>@ve z`HuFJC%46{t?aD1L0Bs=tnW^=Q7k>vQBioi_lVNhuNx>b_B#if4vs$d-gm&tW20Bx zQ<-O3W5}Q=T9|DY_ZHv#sa953?DWq~%r_W1w6|}hiL8diHV7qw|Bb}C61r0%{9AsSLx89 z149%0gOYf0ULQPnZbpFjqwq@ajs!cu;^H~0*Q|L;~68ydTGXe1W zN7s|btonK+d`z>*yK$pwL}cXb4=3&~Ju-DjyQ~Qd0*3bJk$mXa`%9ya95MUtne#Bx z7!NAK(Xsa<;^JBs_ofXL2QOaiO2z5au=9(B*>0&C z94QLLph1HU#>cm%!9ZyJ#?8%b1#uXxuLUKn$LcUmWI?yyVI% zLyO++ooc-se)ZX=#d&wx*3Zb3B%#}=QC-iRIrFl-yjJa5pZ3i&+)2LB0J|5CD8K#q zakrS*Sc}=S`)Rjn-uw!QZYB0|-LTiqX^#QR~6h0%~ucYnHZZeOGhv>llugQ3|X$xu~Vm&+)8Vm@BH#s-rVau#NwcuhQ`Rq zJ2x)`-Ml%Wv!QF-xVX6diw`;OFZbk(fB$W|-a#Mu?`7msDPA*e0oS z7*_A5rlyl^Y}nbY&oh?r?yJ>xFiPUdZ!*piF;snPF47lmGSAVoaGhhC-`Lfw-)(it zc$9?3kqg$9Q|>V(a2q1_Pthkk7(EK^NXQDV;N=E z_L8;d3hLPm+l#bPhCFxc((L-afz~7R$3qIW(b?hcJ!ZuUJ!fa?O9med~bvOhdvv{sLZPBZ7u?doXIi9c8*`;vQHax~~^ zVDKHFmqMY|vI&5s%A!;16DLl@67>5m2Q%y*uDM%UL!cSs<~E$CclX{s&9`0G>>pEG zQ?qT-5tGG>wKO)?%}*$tr}vn+ZB5CW{=ja>^#-96nuJgKB_^g1Zb^;2y}fl`5I^>f zSlha$rbZ)p%-sH=p`rH6m;Yk<>(K0RoVfk8x6RHI(In-LxY-n=W} z$4;L<{g_CBLU0t+$;S022}OmM{VyA7Yd5=p|NhaqxUo)7y6u~9b3Jf#P_(5tYyCW- zEkD_%@7}O5{{sg`#U(Sq$QxK!H6bCPcmMuBty(qk=AwZJ3|9d1ElI50@Ba4Z3B9hu z72Qc!F)|^c9cQE=&$RHk<%;*viXTJd9BXUalb>3;bZI=Kq8oPlH}?*1fhcGs9f>Ae zE_>|V+mR=2d?bhMG3L{g%!JJmM~^l|``^zaVP$o7waM(+U5K-s)s@)O7@x>v;7voA zGxBZ-APE@JzhMVH{H)bu?~<1FXQF|go=07s>$UWBlOs9vaWTsWeGA#uN};c>UxD0C zEDy&|oOqoevokl>ieYHm2j=W{fmVEM=9%W-?PxqMvK{BA(-!memgiP^ydB^Cg<-*4 zU(@K#_m^(-^K0WXuBS9(&x2Cxx(8NQRq1W|vOX$0+I!%>Vmn&QyE32ab=;}@(LX)& z_H9poEX#iD^#wm$#f~*G*;4T0=Mirno@r53RHUcY^5xsN<7UiICq|6?@y8#N_Ax2X z5@(#wu=MppC)~Jk!-Lm5W)=Ia-Liqppt9(N-Kt{|S7M3slolP|6M`vvO55_JlGf{y zVBNJJ8}^CUjvXd*=4fPRXWuO@_9b!1NG-cfk_{EZ zgW@gn@Zlyzo*TDrb?{rBAFo3GI)>#6o5<_U8^^7lo>!Kh+5UMG1eOFUt!K}l&j(CY zqy-h0=O;7-o%w-ZtT$*-BgN6<$J0AypA8&WrW6;;b(okypDg< z%NvK4h)(-YoG9PZ_15!NWYa#J(`q}%9i7?-YKuv&JEszR-dAxY0t7-CzGv)j*b2 w{l|Gl!_|L&u}A+)itsPO`I2 zbi=ua-`@M2U;8>g_St8D*TuJ7E?~Yf#`E0uj7OK`FKk-RxSo!VZWBdXN|BCkRUaMQ ziiyA0;%}0U&~xD*!nWtsY?UnZZ5^&z-=vefW@~9`VQXr1{cro5);2~K=6u{j+{cgo zZD?z2X(PhJWA-24z-?h|z$3OhX$yYII!kGF8#+3MYvgN1jAXPC9o@@q6sgl!976`% z90E4=E-#NZG!+aCsIbdONj;L9*mdwSRr>Un&@HS|o9;-xk=nHG(L3WaQng#Q=DSTW z-s=l}H*nNsdTH^eLyt@Ou&`!hda<)ak_op-PgtN!PZ%HHNcKo}vA!4YN_;#W9pyV` zEZ?6$(fw7qg8bq4U#oGi_@5))O4~nw5Tjcm^5+lCx9FJu{DI-rtXItoZj|L-$|$Ykqw6W|0i5RhJel4;76Tbr@!~6Kp;BuMcOa%Xe{j$*C$| z6!5lO=KXQk8O!{c&L<*nbGC{GU)XRL(pSrZ1boZ%mBPfFs3M${PD;lT{TKIDzq8`C zvfrBu1|L;T3aM3pq`bVecr&%>Mru>1_(+Ogae@=OLRiS}K%2@~C3d&P$p#sJ?oji# zoR=}Q_rYRL@6+9iy_sBCX|6BEx=W(lavkE&++Q!^vE-^~z|OeRR!n7(eW}s>szpaZ zBEF$SKlNKl$wfYcaxcH0=5!Orla{Y!ULK9K?XTuI_jrf%Kx}kvoHD0bM}c^K-hMI1 zOWL{i%8$0Oy%03hShITd5r^Sc=kAxPJGO13{>@&sX2Y(SYo8u`4;D&ZxoXu*2{-4R zTpCwcJQh;yhnlYT4aF(PGtZp45zaI4V`wN5pBH;2R&k&`Ki7M| z@V4acl~ym=6__)NUneIgzc;8zvhMzF)K~eM+3B_W{ylnWS3j<-OV-tO8vAwm>eW}( zQF8JB+}{vyN2}K;bazuU;MMWt(M|H&%NHm8{GdWBZ&kDc3vJr!$A{Z*%jMs9I+}Tl z%*@YoYG#w|u3KmLnPgLSfYZWOLueSCVPL-O>vxa04ukuoo3EDC1z@6^u~F3r*2 zH<>c>UjKZSD;f`Ppgu9!n^`>0d2*n?J>O;Bi%+Ys-zt{Ik9e{AiaMBQ8XY`%ur%1B zz=(A(MIU!uRXy00T709#uS{mU-S4R>L0yl<^cFkU*>3-$;^N|=1*+`Nf9{thY3DK< zidKXO>m9ukv!!b+KQFH|I^5kDzwJ#K%eHNuFU&tZ*p!mQ7v+{~-7RC{bl|{&(PqDZ zjE`1-{q@)JnrH=|hWFyiHBoYU;_|+H3N1^m**3+qCrh6lxEqM;qW&5`J>ByCC8u1W z`=Ttqwz27^WLy5c6RVbTJz+lMW{F=Tf5UD;tYg`MW5vOXI&TysWgZnIy*}%yG0z$0BIqzTNi!&8 zsjG^(kT^bo|JRoHsGNV3CE_~sj`IBA{ZTvyygRF0cS_WaZ`4tZDTfZXUVe{SnrBza zfbqQEcqw0n+PH3>Bd;_)w zmjy-QDRCY=c&07KuBJNjVg#2*ZOr9?w%p9&w%lmkl~H|yx`_3!hvngt$)TbS##n(e zp(5#1BOS>Db@8-c-+V{EFVBwmDrcCgCu--a=;-Je*TucWPeou)_I-VRC`ia6?5IjY z%-65dZj*JYjK{B@@+x`a<#naRkIQa)xXrQq&}#wH#!IhXzpnq?;jwIldNJ1%Z1Lj2 z*|lv2ZknhvHA{>0zWm|R1$ceEwi_QjcreiUfDind9}Kk zB#m^LRckjsoYZ=@hulPij*Fa0eZq5pe}9RYAFC2IGvy7+L#iHaXHPS2I+4FP)k1xX ze~CNyWS5Va55pU$@t&jV@825NC&c0o|11G)f|C9q0kdZQb5c^Q*Sx98c>N-wPs+o@ z<0oki@mM?5w~O=B@u%;urG#9pn3`&_KoPV)s#}oP?$jH)T6>BVzHwtkfzhRzE}xyd zc12;W#bev?M&TZFGt63c_1;tnIR5im>h1_^g@HhWu*;}}FM0LOM;kHZSfK30xl9ko zq7Hq3!BKOzx2mB*HRAkJDy!SlY;V}4gtMaL0lLmZ8H^Jj@6u~34C;6++WDuK@adPn ztCkHp$=f{9RqPX78>_UB5{11hUz4O;Xs#F~Ys4D3Ti3OUY?hl6_JfVrR<2y>#j1o2 z;%KHf)SUj5wX3U3Z`U!kA1BK4U8WOMRtg4}ksWQ66CXX{Hb3>$D*uu8-S#virA(vx zByE#OTIK7rd4400#1hxeULH>y%4~R5tP+vxGHt$n&mKe8K&&e9pi*JS%EetuT$io~ z^BYmqho2w1kR#WSYM{W`MrFImti5(C&!&BX{8U-2q{K0eJVz@<1I{MPJi%nG>}sP^^6_2` z#}C_Xa+bZ`k~u84I8k$+s-9(e?M_d$Y18}j)LFck?Y7wrcNuM2_u;W!O4i9|r9@uz zuUC*O90d&y?^f>>&=WX zX}Ms*^rfDlnH%p5^|T|-Z|cU*DoX1v@%Lw4To|v&vFbXXP?FIQ)>|5=By9c5@oR_# z<32&t%G;~xckJJvpsMR8aM~X=!-O(DeNk(wBjVI8?;F=}k;d(L*ATe_aMJ1&tP{70wHxz|iE9vOa#hO!|pBl288f@A#K3UA-(HH8_ei{GP zJu;HKaqo#3*V!>fK7Fr$K7G=WL&2t(*DZta3V;A4vw;ia1r~#7<7d%oZ(ojX;ZKDYV7AvI*1>!XilSGDJT!OX7Ajx<&|vUiCB$vW3qTw zh3*^d{fq*YEgmkT_;?4$#COi*7`!KQ-ArMpvA1X+Zx?3A$xQ~HxT%PTGdW%%nJYWe zxN00_Vgg;}sK?R*uB`IiwNLyvzwa<{mSteqb?#?tG8Lq`9{rL?-!GbK#l*C_ik>Ppy}$Vq8;)R}3W@my=jq|Z%F0UmM$Jbh?&2?6b+?bS=f|(x zemDkChAfALg$1$&a_nfvAMdQ;?zI~HZC4kkO!}$B!tb-)Wx)+|Wp(kY6>(oJ4e-mI z(ez%Tm#ta5HqP?rKcu&|Dn;8nB^Ef1N4?~6aPpWR$^=rr@(^;i_F6m%&c0k?RS#9!Urk+g>7Tyfpzwk)epGBxjSUUYJCDdteP=y$9t zKDoeHdwTt@V=>I)&L`V;i&{@AQ|a3>tCz(a-If=p+j^YPj-99591>mf$Z8?$SJXbC z#f6dLOiRrCMWe+B3t0?IcX;^lviQgi+NW3g=G>Eng|a}tVx#8%nrJ!n zi?(6D;4*#m=WhF^?dylt0PB)8mcS`7xfk2O8*qJu*e%dpVskMZ@f0M!(CLvrVOn} zy*MU!^Mri3gxQcUU{g6Gi{^MafjMtc4vIR$;-kJjfBrm5HCcz3`79oe(~rfO;~;8g ztbw?=y?S1=sG(k{=+AEyc{9=MCFau)aeqosPfeKZ95a59Yi()Tu9>VO-qqcGb5U|& z1bu{$AYJqE7i<^(43i(R`DF=OVMTQ$+9ru8h`Y_D)n&iTeGP(9)nk+AH%)7(a1P}e z*s^8IRrJhXCoBN39CFLC-U9J;PLw`TBmKKfs{7)cVMz#|fww?D3Ojd0Fo)9NL*M%M z@6%N3mt2}T)NJ=%V)fd!L116!MAz!gX^TeLh^<8tG<|>LTjz;N-Zb58>qxr}#ul175NZDNVTT86k6Ax>B|YJQQb8|L#^7`>1-tLyl4O|-9H zJYC=E)_j)+4RfuIL)PpAavz3TGUY%Bp0fHLJh$Fv=J!v-an_r+h68j}OC)Xko=t9v zI(2)cetC#67Aap3F7VF=s*6~18OiUp&z{=Q03=-ou2Tk#Ee9AK^8G{{%92J6r%Hk$ zV3s}>m&w#ni$RXVh%0t?akMl9%0?&mb9g~k0Zb?}FIK}DXo!|4| z{(bfQ>baSjfG}~FAhe&LRD+5j$>oI_4(Zvk5}pVyhw+{=70WR6kMSA>$v|Irg&+cl zt-6ZTi!*aOu3ka?1Ur`1zRHyAQbSq6NUP9@NYeOG``jw#DN^kb@F!TJaHE&9c24N{^|(4**7r z?guqWj{;zC?w*or3orIz5sFoeJVBMsvF$I-vg#@&SB?@}1}J~y&fUAAQ}^2-Zpj)N z#y}fLs&P+asj zWj4%X$?4EH5US!mdYwC7T|5EwEEKPrEQrm^hwBjtcO83V$1w5F1|BI+KGo?JR&AM= zo5nkn#*DvF+3Lr1T!sWvfwRdLN_7~~sev43(!9?i@25S})chOVevaJuk*%m0oqMEo z3S67ki$u=2tvA3*Re7fKR(k7rlRko%!O3;7vmZvwSLWw5L>GrsXYT$*gqO1mT=Ou{`)b(90-&FQWZv zbSZ?18F6JQMa!G_W=2!`=-PDne$Z&N+Uf>}r%v{P^J*UZ|3w_H&|5bN(5g80khA zHk1#NW)*4IpgEIm)0@y$Jo@utmwm2i6u6;Yo#6$y$WB1x`nykJ${x0@c>q1?{n*%S zZ+LDSi`_siFV%*|=#r>*>eQ_oi|Q%@1SfNx_XH9J&Y(`?u17vij zw_>rXwRFY>+Mij|mu}KvFIp&m^-*k7+~VzvvV}wUwl$2rioWPyepAU(ZkY1>> z2M`h(gxS+fNy{TwVxHBVIc99K*X81#dD`xzjN(xp)N9fDyL~YX9Q)DdONMy&gwrho z#am{(7T;>D`?Skpthd5~H4r*MmfUuMQ$j^*$$U{1-=gl6YaTOHkTaS)C-;guyi~28 zpV0N{XAc;2e!jQ9l7UI&Mw^Y4*%oInEtNi#fkc$dKItXi(zpi^MTDQhX-nh4`t1F>}MD{c9t$4xV z3!<9@FwyU;AaNN$kF9OwVGl~7DyrH<^+g`1R-t_QO^i1t*P@CwsEKZMd2#+J<4rf8 z>Za#G)6UJP85?QMjzDJ| zz)#7CIyMz*YIN@ zjFEUGG=R5yl-rP=)a3${(O56m7Q>{-vvFKr7ij0Lz0F_fg( zNM7(*Ud*fujLJ3fobZ@$ZAR|RLyzpHJiq_NQ_I?KLbAb^2~hX))^4u#4#$bP&>4l=8Pe1GRr zm#IPSV*1sq)ut~1JUmj>>H6L-+$uVfr{}hgH4gNQlA}8u?lu)zBkp6nEMWwRfKklx zU5gHlY1&RUbf@Ie)qRc$MB`gt823?(mgmy*0yN!b;?oaZ@)C->Ek4a{yi7 zSfng1Efb6eSKN=-CuDAj-Vz6)k2r$2Zqcn-vxWom!vIipLWwK3yq=uR!i?1)QBck; zSkSE1UHfAwFvSsk7q=(G!D18jVPXyH7P!v+xXX}6WN(Jv{XQQJ!rcUmZenvBYZhad z4|%s_KUgIg2X#n>3U_E{Z(i|zaUQF(+%B=vpAd$&9TwZ zDv&FF=Ly4nLIXcWxQPo{w7>B2@oDLph6%(b-Z;{-^sNM?Sa@=^`3PG!(1!eNdD+3< zHI(n6qM0qWAPz5JPbNU**XSB-nS&;p)h0iG_dLgxnRcdmXiLX~#q(m^gW;E<0EXK| z(7v_@&!c^(IgWO!`8xnB3m8>P746x1Ozn6*t?!fd;ArdfF5cExr&ndpyMBFkfZAzq zijCbqB;k{cG9seQ0J+2t`Y@N;yHjw4tH5QIQ?8#|g!aJQD+wm9C`8N}fIv|M8U8@VFD0>kOLsOV)J5s(;LK6eMOpJ74b37>J-6r+ZNpq91J9SERP8F4w^V2vY%% zLj}w`LN58z>pSRHhx?Zdu3mRuIRs@{k?c08&rv*u3yM%CL4GsMuUzj^i?D{EbTV=L zG*Rf{*a%&62aJ)@R5istE5n$P3poBUXWf2iay9IqJ2m;Xc4#O&40eYdIQxKJ=e(@Y zZ;BB<)p@Qzdh#24xFH}-ec7q&mSTRnKtV@#k7g0O?abM;p%2hDXm~xuB`tcouXpU@ z-L4wP;wM?0Q~ln%9gA(Gqhte_?fE*(!j`jow4G=6y?DW)6sME#JO|ti_3J?VmoKEe zTK|&fY>Sw2gXUXh+WK*IaoWd} zFXauo9!y-&|7vi&NNMTcGZEvgRPJfs44$T>6oc-=>&-FO>&u3Pc)WvmYoL@NI=;N8y&RJXx zv(|2I!U+4I((K~-{-yk1*JtkYn>DAMOrE|r<#Fb~ zsbam76k%H^tcizXp#~~<6u4=Z+tBK{64g`BE0&gR$6s>wyIZCpkl@%&ME-F1x!9cx zBQ2Rc@*NkZCMVOw#75e3h2&}EAplQALLVrOS098_knn`8GVxB)cT>?3Teoi2cz@%O zKzqAXYefZ*hGn<0TAJbIJHLvTel>5Ok~_10!-g7Ka$ypPCnui9KtpnPhDArxhTYsp zumJ%3&vPAEO;2w!P#a6?5BxYtO%aZDtgxQhHA*(jZ%I!-XNrc9`0CZ)(FeFc-qriT zsL6M3UM^P8Mz~nx*=N_89&hnwRJI+h2XmMz!Y=D0BxX^d+(LRPpSen~+F&G}fivHe1sP>0$GbrZ9g8tBne z!4CK!i9i01YGy4Cu7Lri?y>vGrBlQMbe60Og?pvuQJkI~v&d9i7A&MWl2>%&!>tu) zcB$vR_j6cSjGRn7o1;6Lyv9%+8erfh-F0tsy>zI^6K!WP$(uNlRC^ z0~rpfLktar3@xm^1*`W5OJA`2^>r)d@u>JH{j~}Yt#NMQ-i}aoLQVt;z6S}!*N9Fh zK~~mSbUzu!FjP1~R;yePf67up*Zkvqq2i5;9m`A6_3Iz27BJV|74r(_)q7AfigvCTF5$-7#;{Fdt}kMbf0tu{)$Sk770L|% zr1%|Ans4=OOn!tNmE$`5UcjBu-;Q;_3|Cq*%#`8HNmUdsHWK&5i@|8H&_Z=F8KEB? zh`B0`j#;qgX|;K6NvK<6Q&aVzthO-i91A^$15`PBY?9(N+!d}eY+-q87mR+c{F7I& zXybk8s%339Fl&?PnXImPg#LZNq&sr{_A-ER_s|g22)+Erj~_{~+_`Pr8?0oF;)cGe z2vUjt$4@eE2(#q=8@1+}^50wGF6z3^o`Wj)zWsuO=~1pWkE26fU56;V_CI<~mW}EQ zA2}l3TM^!Xx~7+yVxN%s*rc*g?a5%{#@d(UH!}q)!%vVeaj1QF?QDGH2W)@6p=U=@ zn(l7@<`k|PcZE{DxG$@*Jzn;!#zq&LICyw_I<65Y1@;!+H==&{1v+BGTua;iW*xof zTLweNCt<=tn)Lk>p{P%pKj{b~GI19>5rSH5VN9l*AI3%BG;xKEmq`B@xXxO187zt| zd*t`vY2`!>)T$(Si?tbjP zyy%cQE-`39+<~KtZy$Q`&cP^6XwIJDx9|@ssZNPhxPnfty0kExsOs=`xuqWJ*_S;( z#Nv8h0zs$DNka(sY6-eF{~NNRbdE>}U?Rd-z|6bu?J7qCg+%WbGp_jMcs zgG#-3?Xgtrk@-5>zck_sR?h9;m6hBzc1t8>>#IZR9N_LnJ}f-_?p&s|(^dKT`H2n( zq7}l2$J`pBjTkk)yG9)@+&w%aAD16pjwKU!!H3y=+zK)_p#{`oAt#5rQEyJjw3&B? zkn&TPTNCm4;loQ{+&i{zJ;1}0e9~^9`#a>~1i#gkrWc|I5B@U{Q(RI~606z{hN8}O zXl{CBWU9Xx0T*Q$aI0ypT_|{Ib8GtQ;{8kLPXL%zk&QL;`&wpxtP5lDzI-N8d#PY| z;yecDdS+YMxzcwat_T)^k`#!KeU08JE||>V=;Wl%bQFuG!`QF?>z;_sOd>~MP(!zr zFZ(O?W{G~=E%}g>RX59MpIk>jrrf2dj&Nm~G|1x{a$Kg9nlmj%-pgX4TdXkK(~8XZh+`~asI96ap_Q7^2ZDzH!$+lk`HwS7MhvnOv&xvBHmB4wrATI zXcxGugBfRPaD7oGIQQ`Aq4Qprvus|VPDTqeqXe2M$?4?U53#oKM8KKL5{uRX-+Osf z`F)b!qi@Vo^K)}?h(V=9WlEYhrkkjy*<3(fvz_R>?BwKRG&j+2<*d+@a#l>0s~vZn zjJjW(v)=*ceq#AMcNpM?`7&yU5MFrTCJkiVVhi6Xr$4$YiJz^MibpX_ga3(dQn) zv7B@Xm-Hwoc{PY;$!ouHPm7ZPZ2R%WBav91Xv$4a7gc(atnnYObdGPc3Y2$*@uX& zHJLd~kk`M@gi8|F|w=V8JDZC6?1nwyFj5!=lk6$%pG5Dgm}F{-ADbl^~L5bE`oRp{L3( z1(HPDnjyM%0+zPu>1(m*9GgF^Vn zON59{B9>kVW<0;4gAy7&dwp)nz|@FYup%Xr7=!DO*`&%Mv{DKNT1reSyv95q4jEZJolcHYx%sb#-Xz7DD;iF@=W*}s3krmtWyTjvJ{Y4 z7ELYDt!rSuQPh6$UAZX!S`c;n1PX=V1@Ha5+YiegCpC0bXwUXy3j^X25NEW?`w22q zYDVN*Q?GwnZ!_E~oNCb_0aVJ;)!S>p8hG&B;{a@yFHUXroA&d`EaHSw5FFvX)nu(m6np#K(?KIT)U?LfF^o%?d%|ZCp zZll9sV-@2vxTso7EzBgtUZ>)ZqoPG9Z|}#RA-2M2H*m#fpq2w(-f{p$=|H?ML?2t- z=*6Q<(5(FvEVSpb{0KiCY)ttSBI(g?+ELJEORF!-$&kudmEP!GT!+0DI#q`6E``lp z1|vugl>pJgp&>IOMW=Z|JrLFQ7c_0WimG6N9J7hU@`8=;iJLMe&Vc@*Jx@!fqxED` z5h^o*!t>dJ`VB zR`ieysIN9RJ9o!vA7_RMsI0-*c53s{#Ju#|SL1fdblx6L&w1)M2(#IUJbKN4-=l|` zV%(jI+@C&HXT6;zkXyaeVT81MAU$*YUn_hd88=UD{F4r7pcBX9-od3&D}4fC+8#W1 z+aP3IY@;_&YCr0y2I5C@wWfd)1RP zk_+a(cQ1^ttAq#=$}GdGa*NsjCoE=rmoY6EFLo(*0uYNXlxUt=or@ST`9$*u%}AM@ z{|d{92}A7;zj;69E%XOr7e6M4}<2if0~p&f7VD1yEb1U-h$+VkS@i4)bfBkgS*r=E(C zvIb9Bqd(czpmGQ3|A2`$6%`wt#4>TMG`RY-DSBgDbN0&HQ1za)O_ z#SPSsL2F^Fb(L_}2B#c}OjhFgS4tcG=QN9!bQ6O_A#TJ8%OI_8?;7DicBjWk z77fT`Xax1L*eLYT)5F8ke$a0w5tKTD=p#h;EATu+gANKB*Gi*(WI`W`LO$szXwCYK z8?O|&&Jx#wq^AiY$To$f`jlB*gM2Fy&|t}5Mluc5LIsk(^7|VUw}sJS648FJaqqV1 zs5h6pzxfjBw+aCQn3G%pwsKI;zlR8?%Dg!88ePQ*SBP%fuxjLxC`1-)*Q~)xwvtf5DO~04Y4rO&016dP#)VO4mgx0Jr zM;W4%5~vu7U6P>+MAQk3#*9VSD{&pk^&|PyVS*Oz2`D5-Po7kRMfe@TQ}T(BGC5dT zrHFKfgrJt-Pd7E}llMAI=zdRHMi!id0J@E^U6V)J$!Go6AsBYVYki>a*cOy-eGFMdettE1}x&+_UEhNxGH= zDGM0aR>IVX@K~BHjvbf10Ay8-=8V(=`_7|Rq%jO~2`QxYySWokzoqap9q!ng->{fE z`mKLo_o#BdvmKEgP;45YX+!|C9EI9=^zxf~NWZ-mcbSSo8o8=x9KsB0VKN*9GCrds zj6QyzCx3$afPp26JVA^0Jcf|Wtam~za=wS3D$#4FqzKs*+V)c?nLS(!{@zvx$u&_q zUL_XBtW3B>z8$x5<*VBy_%*S4`7Vh70uV)llE$FW);lA?LC7E%ypRrLXWrOS_p(5< z1XHO*n@UE=;|iF+L+)aS`+OqQN>%*oG7$!7WtX7#SE6g;Z|AUNWWZz;?+CSF*dv+@ z+#uJij2Ei}=Cgk1(YL6jhJ=SmD(`)%=V>uqEyiyW_3>>)E{zgIW^%kkjCMrM+97c26v zrustVqda94s77|__a(PWpNlca6N`Eo3x9DAiqnV_Q7VR zpxP#<8>lFlYAU>tQHIoW4Vr#;Z*MfHo+Q<-XpO+15x5_x;bO4BhLA1VLktu|wq+F! zIGSQFM?4_%4Ddm`ZlOCRlxf4i{{VRv5R?1xi-^ltQZexJBcXH}8K!|q;moe?ui-dw z`R!6cXZ^(nhp7`3)AsL%G(HJb@mIG=Q1!vkAErFr7O8fd4Wnd$D7Ibgs ze|oa)fJ6aC`mLo!G&a@um}yIf9Ns_!u=!7`kJ(cHcGqbT^I{RHql7-a@e?nK46niM z!(forqyHG>W4Ds72ekge7sKwu`{2FDnafiO+~1eJookZJJ~Gd)WX~D@n*2s$kvVT)9{qM^c%Nvwb41Qa_lKE`y|J&)r|Kqa$2h2+T z$JIEN-n)O_2&ze(TFM(V{B34)hHmX=4sEy14YOU{#{hsAi$z$!4197pxXjOXFBvI)mO!d7 z1pLbond(Rz#-vrzo@jpLbCto#(gBjlycZdM#NcJSGmQ%kuY|))O6nd7#*@rE;#NfI zsKv}iG(X%ORWc+2SV>f7guPS{hrv7wJBbxMDkxK+N-4*>=q1 zZzGYQ!d#b*qQO}-xoT)}p+$?}o8JR?BUF-gLiq!&4xZWB z3q2U!EDqL!2x7lVIoR*2eXNzp;H(cM65e$XFwIUOiG0{V(kCpo0(yCgTxgHVe@+VwNcdfhp4f<$_?ik*P6) z5@3p}ppX;4hzxc$Pe~ZLURN0VfsiXFv6=ylE`!FB$^ZZ`5aA}F!349I16-Pgb5*MM8T=tdfXeCM6NU>X{Rp1W456vN=rW!C@-Nc zhb@BFYvTF7LD`={^9*ICLGE{htk)+4swQHp6 zKP7Ua#!)<`ACCx>aD#d|Ha1ob?L#X{9nkWGLHXbgL;AIA2c8PGS3;PbMCaom^CIwE z$S*}C7vHRcfAxhh;_BuW>gSI@5Lrt2d%v0)@H-R04S;+qep$$mmN{0LG&(mF&;jsn zf{);ss;wY1E|Y-RWRYutRv1GyQB!vu1YDEHYnB@@l~O{#j$TGINgdvhjdRvj1FtGX zkl8Wm1Arh$G^Z%y>_YargoiZ=OGu<_8ZAe3%@EqE((RRNCg6PnZk&rld%a`69rykF z&k292? zbSPcouw$*7=}ASz6%b36EPryr`W0b`c)#B9FvSr{F zDbyCm5g=137lyV_Sdf(W%2Iy z7Tv5Y6RHu)OZl7!ZlezL=wA8KcCM$RSCZLp* z_;1gkN+&gT{pIpS75ynBN(fZ|0$Mc^0HG@%OjW1U|&9|5u{X`BPo7vZTEhe;ERe$hQP<$uDm4n6MJxHHclK*L?^@9#ypf4I=?>t$N)W-0GIQ zD9-(8K~+IHEu1_Q z3qAvSo>gWI$WrWw52vDgz9+3TP%Y!@RJ;oz@Ent{wG`~vT8w8zLZ~vti31Q3RMRY$ zv#Ah^Fe1oTZ_C@1Z4(W<`R#sT>lmc|$U^{ENt`ZYxpHQh{Q`cV0g0r9Wi-noNt?@! z9<`Vu$aMeU4Yf8B#&s+jkIHc#3LZ$RvlRmb5oq|Gtvi@;Z;n)uQEgIG5xhyLpmb#0 zTtE_B38zdX6og^`Se#%9>}{KY5A(=7y+FSwIy0pjJ5>NvaAXd6{Q#R0FdOw(?M7w> zc5Hrh6&e6d73$dwE=|E`BZ3{Vqw6p+Bo`{8Oe7IjBfP;XV>65d#Di=Vo3x>I){vjT z!le1q!73)!Ab~Ro7gf)FzQsunoWN^RhOXwAC=`dL#|fJWLq?u8w?o)2?$XY-W@|6G z*tfVt8GBsYeqj1I21t1*q^+0GE#762sD#qiKcQ_$A^u&OMFi;`54G|8_z^zAj6A_= zieR7ukkZJ@!P85xCRzl7=QZGruhA-EkS!;{5pTx0iPD3 z1URFxb)^qOv?7z2K__lL7AS9NX<2W4_UzfjQ8E)CF**s@Y69g+o<5niEP(gZK+G|s zpC#HgYUep3Co%Lss%ds^u4pbctTk_sv z%z=|BS|EscfJPCd+|GOLc?}OE1|G(!2Ij9{l3MMCQ74k14Rf1PXOeJLBYFv@n&Qw_ z)QqsAW1!L*LDk1w2_Y&SbZA2eOk{hLR*Lm*4Cpt90C`=+1qK-60`jwtfL8>eU{zm$ zLW2-|<^;kb7ju@)&RhT^uSEmk|F`30$l!NcH`|1}^A2Qs`4KrFraC4B|D7daKEvdn zd+P|VzzsaFZCZ`T%Pfk*Yu}PdR;U2lz(`nFgCBb0dHKHu z%rinTItTKJ^VDE0q{jZn6g^~XwbJeqCbNFsx+-i0LVqwHPwttZ>zd5`u79wk$lf3~ z3;DjEgn^O62BFX}!pF#um|y@#1ut6>q4qTNaf%|)UK*x)0Mlj3Ap$_VSTRSRvPeqE zk0iI?!sXG{{QyO=Vk6196KIhG9fgI~zrMaEIR_(p2Id45%UFQ?IjrF}ZoUK4H4%y+ zUj!(lp`!wH5j25vaS`ye5*UTKNvMf5(+|E)rFU)FH;WxUPxAyx$6tk=Vu_VgG&lf9 zpbrT#4C2f9b?7M6GXCovqAf!IrAG?=2Ti8?pK!p@e|j}n`N+{mtDmW%k?-8GgB5JM zR{i6l8(vj-Nl9*CNLHmkq zz#BjHz5(NIZ_CfTKlLxsithj88B_o1mH)p!@rro^D(@W9){xcNP=DFyxDiS9jzze_9iFXtmUOpPlQi$sJ-la-=BkCDz(&E? zlckIehywXrP+=00W}`qcy;IU13Y~*G0XOw4k~Bum!1p-&V%<6`;SqSN6LqS(M092- zIBkCE?(hnv0}aLRTScRfaz}gOR11^@l5r$3VicWR3EdrMe@GBz7wpfuH`E~w)W)-X z1k`aqtp-ar3S3xy97$GncvH#%>O@_E#z{aX;CXn>dmK`<-%J>=l3*TE{s1n;Y?ny2 z5Yr(76);*HBxaZlFG~1fWYmCxOaQeQ;X&|nkD#s+jgx>^oQEO22^ahFtzp;DCs19? za_@q+bo_QEmC@GcILbF|1SLPq?R%FDeiK5u9;AE3X=Wy|_5+nUkAB&WvoO@tjcU%5 zPJoZ*hrLV=7DE>2hC$4;i?{D2_Z5 zT~0q1>M=RpzYI2C4I6-XZ2tW%X+{x%O-4YG3jI>J$Gk3Pu~jrd{`mu zn1_c4nT7b1*G5dSEL2pe$Y~e1Rt)k}#47^klSy-^K`?@w!g%6_bQ-%X1|_PX8Q{#1 zpw(@g9e}XdDUg)BOZq|W>hV}`SjPi3e=>4}7lI?SG}i@PAS*|~Zx#LKJ|G7YP{nGF z2J7#`4zI(4N(brlAIA|F6zDkh0Qn(?vjChX@#SaR9tz{oGSYmB_27cfbnPedAGb`e~o%YgCM2iX#%^S zI4ZEd%B9}Jh@l<<8C|+bwMR+n~(~HzP7iX}0GN6z-i&R4ro?kD&SOVlB zs4ICA68pz3k+|j3$y39Wupi7O$jmg)^4;XIog`K&D+fP6e{&k}r5t1oN^P^vBRX*k zQI`IwQrLI0KuSs^XSjE7EY?(Rs0Cy;;toS)yk2+d0_3+^oH2z%w>}Y;x2hTCZIkqJ;9oZtGJ$lp#gRE3i8?ix~^O7HGo5;d|*+Q z8Rg|u0YAN}diDZ}gL@gc33H}YK5^NW4ehhe_MatT-V2b)>+vWf@^zOG%_6Uen8@Uy zFogK}feWer{__T0L>@#!1=VdgscZxA7V&+IL-`{_TEK>&+)A96oU-_f8NvXuzu*gS zYgGaZl4FLj{F@m&fTrVjJN)aoqOxvx0_1MZ9MQ^pN3!ww&H*&F%pwJ>H|iCnHKHdF zOs)c(f|UJrPgl~tQ@6sT+%cOKHBw4bPiM~9V(O?dI=O0D!$%8b^}El zzyWYdsJ@AerW7(nh@IPwK_} zAF#odA(WEiZb&%y1-G_{-C*NoVm2tbP9cs%G-zzonnSbOcCB#U)`;0b@>bwZVv3fH zgG}c@Oe3~4IoAsf-#U9g0wsjQ9o5Op!ef7nk3Nd;3&L@iajMBlXl-P)k#uPD_PkiK zOGy3}D%AF0i(^@H7$Z}DeP#``;qydjL$x3}C3$?XN{C;;tgb_@U925kJsAfg_@}(k zM!?{Wn|1SZ>|+tzzE>!SpRL>(gA|pKp`<*VEkt}`w3VG* z@5yCcDC7|3Nh9t?iepR)3Iz&<{Gc)tXSNKb)c%}Cel{XyS5@ISpx zb6t=BjimgK=Mw+bK=$2UJv^9|(#J6HL5@x<)4w>7@MG)0DBO$1?GN93SpRQNIgsj- zt@JPZ`@iq-*#A3V|C?CskBqMOT%x?Dgl=Np`!5&VJLf^~#erjRHs8ja{_i>L_W$mB z|GSRf{kN<6-Dq6(=05lb)Q=Z9Z5Gn{HymiIpK1g;Qr|KBfY@s#q~x_lL3vfHHe-d^ z_Y;KAaX-$HA!-{m13y-xHXv7ogA|PT*3y00-UI!Eocl(CAY_OM*bD{{bpkRn)cVie zu0%0~Ab$l_CHf{gcMZMG+fM==@KGxE<4Nf>Iv_NUhKE}Z5m^ILl){?zJ1(KpBP2@i z7#t-Xw*N%$nOe{7-au>#Xi~)L zA>fr*b+`zPn*99ym+&1)_z5DR5;7~HJ-X?}FHze&`O7hf1OuJu(8M`He3iXOe+3;g zig>6Z>9c^$P%X~^Ua8#T{?4_Gdth-B9`y_chc5b5Bs@WiIR#$BD;U>}bY{SbZa$DshyL9%S`P#1~m z0q~Vico7D|$bYglR_P<+5gOHHn7r^WqA@_LiR;9TMcU%7E`+!M=ZeDho;*GSbOu=a z&@K#2s1L^U91fodEeaR0`);I;vc4`%myYf_^@l(ognlv>RQr~)op4y^$2c+6#SMBX zBfsG@97^yOzlnV!&i5%fgBSoB(UjFScqq}$4C%8KaNabqG(qlz-0?O4KSiXj3Qhf@bH{qFKWIDZbUiT`eyVf zc>%!eNMqR{E{&t-Vi5c%fd+8g$-grGqWk^!;%~+Yz+|N9FW})?8(%+6LGSYe^}?KK zCqJ2CLTD}kh>?igq|X9B+so(y?BNce$Nv9!R10IX@@;}YH!Dy`mJ7}l6-^KEw;j<= z&;jF!1_}W4C`6R*Lsuu*7#x*nxIX|zazM+U6CMHN;YANvhhe1{VbNi@%O|9W_ykbs z2{OI4Vihss2-U)VR)NdF@}&pW@wY%9;v&RJcma3Uu!f9{0z@6fpk#d(1Yi?H5JRQv8Ty;03LW|-BZdz!O_H?kkDhXipcqp z%?KN=h5U$OU=0394zq?zO1A7p>X|cVt^oT{s-fo+$Vud4wD>DTgT?8N`Is>vKTh&k zCx`B09mQj0Mg&Wp9EwN|*Cb&JV0?1a1dh8U$L*5iag`*XHxJkcuFDUnY9MED1(8GI zZsGJfs{#MNQBe?Faa^6ficV}ZV0m<92!KSVt*Iu{hEx38hxQG~hKJ=4Z#ywRC?UV0FCZ4n=|hb@OP5xXp9( zcylC3L-q*xGV)-WRB|LEoKtClU~)2U!UQf42X*J;)7dD0P7AJ!i-c?)gBMJFOAd)>!;aj!myOfK?4dxJE(^ zt~wFLVWXIke6cE?G#Rra4-c8sqc|#w)I-4A&y5GwvBo>be#V&pO!f3Te81oO zzOU=LultG31DKLmlSXKVN{-6nEq{16xvlpYJ048+x^#(9_eJx)^fZ6~jTg&L3d+MQz%qyp5ip7$^5KQ5+OiqMD{1|E-aE2rcnIh5 ztAdZF-?QDuNjG=lTP|CBs+FghcC?9icwp3rMvnrJ7CHSNvccebee_nbdM;2#bW=K1 zq&_63iBBag(~u8P_0~<*wIjX)vGwZJYrF?p|4d~L@X)LNkI-U~>*G5%*F0h1))lW$ zR&UZ-JAo6gahvWD(1ils3&>Wz&1sxCuXBwJ)YQzI@iOzN(VivRtdQp6F4jf%)n*(PYT86t{3;F%!7b~(p+io zM^zz$Zd$_Qyo5=8t7qjmGb^0Kz87cbWgGk*XF6Ka+zxmR5I z3a(Ejlm*6ezaxj_8xtQ5^q-)9=0FEwL)n2Rzb`&sxZ+o}l`Y!6CU)%mO4qQc$puZ! z{ltr&X7k<8*HOJ(&7O@6jpEtJ8dDm#%x)mzIeN-11;ysvvhKxt|Hz=mxy@ejf6AYVJwJFa9mX4= z=Z?@xF$Qc?Fv-_IDW^Tto^&gb zMsQ3(%BVX<*uh0vL`xU9xbxNOHV`l;+O8=IH=ORo)l6c43JW#_-xVh$U?PejOU#R% zQ%4byu6iqLk}7r$98@kZxhBKEBLLb}?z-&sX~YZj50rcwt|p<2NTps0iv4%rvp zI>tcAfSVT=R-Adr5gUU5VjNp=vQTnSL$fdk&wVj zpSL8iszVTKf;vjQOJ>xyY;E=u;CB;JL0-=^gg*K77MaXRZ^U99N%FY$ZYo$w9H&aH zE|ANuetqgzdF9i~B9xwt#{tTbOJk;SCbMkDfv}S_y^ugsU6yM_lb$1&02pf}s&t&t z?n%CYSpIA zp;lc+%lD_!w7h=(`pEMd1-z3%epmDmv7rSQ!-&>B&ngt@-7nVjR*GqZ(8m1M5za(p zpL8>ZNCM3MG>cC1ck`5~0@#y?T?S#hd~2TzOTL_5=}g;e88<$GS0R$Wa(2)pT;4)Y&l=$IR??(R*33%!ip7wvkn3sRL%J;ybn~IQKPBW|z1KbsQo<4N5v9_*D5GkEy zp~brHYed)?_0P$*{u|Kq7qB5R73Dq=I9VHK$m`y2_5UU1T6ymarN!h_Zx39~4L}hD z)-arTp+oQK#2UKxkCR>q;wiIG68j6(PmLorzf_HAbKqtI0Z>17AJ8B~dJyEJolZKF z2NNhWc%WYL$f-WiyEvbw7}3f2`o7s@4#6w)dlH$xaQ@x(p5;YJM@bT2C&rPCiP%Em zX3)oQ+WiPqGX;zvzkhHnNm#dwKRw&*65@)!c9!1mU0V(!b2mKv7SE?X?SJ^lpvUO-1s7NwbnZ~K=1@+}lgG*=qOo>Fyp zf3|-ERnP2i;*sr>eV>pb&q8a+>O|qxonpbwrB1q$D5k>PI5U(YrSzd_`hrmAgFwb;#a5-8g75|C z%U^*hI}9m2U3|7Ol2PCTjO5VCYp66sq9pJT=W$um-5I%5xy}QorV)SiD7$ZY_>u*Z z0P0(*=K-i*p&iT+{*Dztigv75S z*4QL}drS^DMkQ50C8`IPEd6An-{LZE>^aW(DS?^TBoUJ8^WJOAT5-kNK5MIDwU@22 zAdpn#(r9vCXawFFea-EQ2Lm!rLeeWBBf!-t=Eiue20ZGjM5VXGD8s`^GPGqc$Adq1 z8=hP|TsR#3H1bFgfU=?oWw$01f$r|Q^d=Wxnc`lU5G_oLsKVLPxe!{_Or@|^F@mGF zQsx`!NeU;~2t66iq=XT<6i*OstAR3g?YGogqFV?_S{{WwR_1^dYFEcRRUZ|wzdk1r z{iI)N%^FF21m<{gZN~^EO)Yv^`0wf3g3L=3$wsBjY}R4W1hU+_q<+f*VA3CiZL%Zl zYvFNp7c6qqX4@_4 z5Y;Q=G#X#r2gS;ZV(OPKkMTDWbd#%b00-1oKH|=ve8$H^FbctjD4S*ZqcKZAz~kJX+5ZV_ipKK3uS>%pW`VV9S{zNWxJhv)FJ_?ctZGgxJ`R0ELfZQEUQ7i zg^st4VT;-di^$uK`}zvx&-zQ+7-OY4;ecAxx8$1v6c752)l6eGmOO_p%o~V_TcOyqsfp!Uq`x06&Oxq6Ds;U01tPh z<%xyDqqdWwWCh1(9v4R=nTY3|W^q^q^1Qb@goGo~)Xf?NWIvEc;2!j_xNeKyN{e?j z^#$$A6k_^q4Yk!HhO!Ov8~7l97d%-iqC7gu`O@j1oh3SjInppeqKwMTX6Q-myRFQy0-XKqF?XtpAnZf zb*ycp*N|EiL9tu-_>dOrjsu|bJt zgI}$fv2d$_pD9m6D+VU(SY>`QFRfp?{Wiy5uwE|n9+N%9lwM3XsD75a1icc62k|SR zi^?6CKbx-$Hp=jPn3{hGZ)VqU=Hfq+)gxE6x z;aLpQG&iJ1Zn$&Ca13N%V!;iYMkgN#8DVLeMPHwo#bhCrVY~?97qjTD!{*KU>tlUk zgyq;b>$IH5zIib|;Cmw(3pH9*cz#Xt{r)KO`m3@iAKinzbZ~>nV)FzuG6NWWAlPKa zuCKP=#0genzoc%A{Fp;>=t&j0ZUqK2xiQl|tN8E14i zHpUXQckHR3t^PgnUfay=%L+I(#Nq0uY)u!HS?ghQ0@0pOU#QI5%L`XolM_CFQT?fZ z2mN7I33L5ZrRsl@`S*r$MPTyP!^d>wCj(rA{;h-j|8f+pYM=Bvkn53Ag#SH*p(Vf| z_SD8rCs1!qKIS}?t;eYuTN~*)N_u3YQT$)DFZV7=5PvR6;MxIS(w>WKkp$%F#D$Hu zFL7r4HPrRD4Evf)Y}b=%5t|@1ipkhC1b*O* z88hT4a(jMlhZ{IoH=32@Sc1aQbO{2d+meZ;gAyl-&tQ<*wAhU!Ar00O%3^`AvoVOj zy7ldQ+ZU4)N&id29cSQ64^J98zjZ4$3NY@>7#ko=k4^R`*j|9(m`Bd(DHk$r@%gzp zV=ST?nrCzPb?5;AQZ0H--}ATjienEUpUj>CnieJ&i| zsX5lhz-7rfUGFByqRat?l)%)y!=PEgsOx@{*%JtW#%q)`Z6Q4x@_b}EYC#HT?k>8p z?4jvgf{e)X2CA}TGETI5lP3MZvjK@~f(W-=M*6w4hGK$gDhAi*7JEvx3JSn`_&8rCv|cWJd~8flU`U6EP=Y0Yq=P zvHG%K)LPLUCq*yyDFp9{3^g^iS3vZ+DB-$3?DLT<ef3mp*kdWS4>W(50t+@vVi&|Oob>WZkcq|o}Kv0nP zm=T5g7O-D3#*~J@crVcaiWrqXB#ou5pN@9EzLpY7pp!5rvMq3y{Y{XGf33v+E5=J*0}wHVwbR?+Ap z<#=4EsdfwAQ7&AhiR-nNhpSlS@+bM#&OJ(&{wkor)H0!{NwBW$YQ8_3+Kq=L;BJ&n z)a%g0tdHw>34^yz2ILhdS>Bcus>wMMYBFuXxtAAbG?S`^g>_e|BRb%wA|@;l7$rLD zwT?fT-OgVfvu0ac{`wv~NUukcv8lFpd`j3ivW@;AOzy?7nVt{7Dl?N``>D+84YL$o zo4w7^=?F>n9=;8!yFHCxEJpwq7kzqLV;&lSK26C`z>sP*ogO^QL`7_u!4s zAor>^y?bB1Ts#{kt+ck;TX|(By^bAjl`to0v)AgpZYrNYDHulp#Ggbj`aAs5*e&Os zD{_nXG~cgFlOC5QcBT9F95;=89jd=(;Z2HHUL#r>+;MYjG&mOd0SM;h%A*k z_?AbbaIse5n^2J#YCiXet99wp5+5JmeS^F#NsK27giYbJz;|iyHFdr9dQP-RYZIQF z{ISb*b&bn}GVyB?+5@wleI`Rs$Jo^@-M+xg=NByd%4x~IGc^81V1n&_B!+rQDP(I` zr>u6KU^I4Xayj}3d^?j-NvFNcF~qj*2*7~>=eTTvaCWt^p10|;!GrhHk5i3EM??-{ z){uLC?cXm8)JQroqJonLPT%}xTVrh<00cYIbgtikt_-m=IuUav>4E7`Z5=G`Z;Kq2 z2j7!dgVURH;!_ZVFh64!m~J>0X+@u?^v0+-nyq+$Qi}3;g~f3y7HV_lqg7VYb4~4} z=XKNHj>|g?=ckH{e&JIo7TXT8V5^>u`UY4gO6A-S&z)-Oms&eW)rj~VO9Iw$Pc#f{ zo3ZPipU%cmS0?xh5>wP%#}?|_ODly0ae7-0SJgaP1Ccm}8zS{KTpU*M&Gysh&&p@N z{W!#1KfSWiPt`+r6kqH|m0gZsRIUI|G*gS8zSEw+U%zNlMQ;L5TaZE#CE8{?9AUOpsC2etx22zZE9ePl*2VRjN zi6(~Z2##_G#JKUp_WiYbK>ntyWY*~6>MTZsazsk->b$tsvna4Lh6tZzHN5ZEGK9=Edr!XnCnL#gixfbw4ElE{0=veZ+N8#mBppp<3>;uLJw3gm6Hu~J zA5nkZ+Qq2UU8os$L4EDw=+jiXaZ(f{kRHt=$(qBk&~dQkpjy5zSl~_Wk{P6BVo)|f z!wcxMtISJ(^@B7C(YpsaD0j&Y1d){NfYfHT)RH{PAfqt9r2^TsW|j@d?Hu`c>R%Vq zCKn*T&zwf_-h592lhM0m0@Mx)whdakmL(HRyg*DCj*cV9gV(mhbtqGgtWHD+UY}mr zf{ei0m>M|d#+o!qLR?gf3tLBYDJ-NfdleY54Rr80tS(mJBA>;A3^kkPGfbkq>Opg` z(ta75Vhx##GEFL_;%xRDOOdNPPeNG$?aO-SQ#tn zwqjUhamT-!Apalei~n#rikbuFv!JD>rZmR>jt>F%SJdT(l{DLuQ>yLvhn198Rv3tO zE@pIZA>q2Z3)p)w%Jiw{3M`mbD0u7G{l%%< zJBXfKP91~?#e;2qv0a!6!dmg+$Xo|hnWD&>@yh33anB3ddfT_r0nwGe2OQefIY#kB zeK-Y%Pn=8$hQyYUG)Wk10`xn<-AqKx6Kb}=3tX>b{FIZHSlI>L^;K`1LereIb%my- z{TR__tg74i-%6KCDkdg^)+(}+;-qnoU%Q`H`w7GpBHioU-SAxi#Zhb!z2yVuJXfyr zu2!Uf@9U1ZUm4m%VLcKk3GhaHG;7R06j#2C7q?qv}pf);k0Uh+%^bD$A&R>fP0 zd;|sF`d*kaj}=;*esW!+%3%)?@}n%$c0W_~(2Ab7JXWiT@25&Nr*5u^s z4(}Q%GTUM+7T|gnMS)7TUGQEoBOZWoks^1LK|Mf7i*3-?B#2xL;TGqP0mQc)bq?)) zk>1N_94S8}*&%$Gn;c|}&Pj~M-}bjfb`_al7q^osWF#w`J`z9U$^-x=wUq8WIq{)U z5@SRpk17{kgO~_YP5l-#HfNWSi!|?xB$o{-eLoN196yp2MwFAhqdzTYA{c;;5Fm=b zQo5qu3Q0XUS3lr6XSKHm?nO$Z>!g{99ulU6|02l~6|ih5JecO#tb8C|fC=x+5jdbE z{>HD4zp2>G5Ads5fYA#%AW z=7>Bj*1iFHKe5N+E1vWho$&8sBEgSQ*hn8Wp&}`UWOgbs#g2+DjNzHm&*62wm|Uis z>c9ZNRYX4+(M3>{rKiSA(+`lcjHxDSmjf0}hFY}WBW#%2O_1t%nOu^gDb0I4)p`w^ z0_r7=1Rk$uS@pz$P<4pY|AyPCG7bmTA({jUb2G%cPv)2)ZNyZo!0Fd-nnG~AE6HwO zv9hsZe*h(U<&>>7QL)gM1L^D=>PL5Yb`GUpe&vs(l^=&sob1=(kF`tGbsg z_^GUa)RE1Rn+==vIH=lH7TM0uy7Rq}zpRV$@QB>jGO%Pz$ehldns$omHEU3)R(7Ci z_`#7I0_*Py%4zPi-(uJKTQgRSs$A9ZZpqi(XZk%__7-*AsgIOB0gTHXjU;Ohqu428MQ(BTTXFwTxWdJ)@Qt=d&!G+o)s5+ zF@eQr&6*oC5=woE!FJz<3?3YD$Gxvl<*c%lmUY3q)7juTSXS=2}+PhO{&b2Hb9e)N?jN@~qCd#=o(7 zu5dK8)X-SZBc4OQ)rsWfO{1gMZQ7(3aC+XK>|zRf^9YBdbrc5SjkSVDYsH?V%P{@w zRVD+~Eh{UNpSL{N*GHY@s5NrbDCOstt#-E=K62!TFuT}EbptNee4o!473_^ZY3WBYPw)q}iKP@eJ&5i2}qjTrl8$Yrm zet}H!5`Q(XpkU0$*x1-sijm&liD4yApHj^Xc3t@F_3K`WK=!q@2XuENVY|h`tEHvx z2Y=|VJ2t(&me!%f#Kit}hJ}TPx63XDy{Q{8;b?wmL&Nd3_XP^OVfLLGy9uTE!Tk9f zw{G1!A$C&ENw~2sHU28sdGl@*rTVp3*KJxf;_#6p)>E9Eu3w+&;NVtyKRhg~(MC&M zG)1lp($)L)3C3htawlN}(X*f;fAB0%+=NVv=84 z%?nhtpNg$hy{MVt1!;* zVRJNp3-Zp*Xc~0W{SWAVTNW5NuGyN~n*&Q@3ywPW(bLy=AiXa>D!40KOVsGb|#ZXx}X&pOutTW81)rBKR8qxTg0c9M$EGzr| z_nx>-X(;}|mon<)}ZUu@g9ZMswbjJw@ZTQy1@tnfBCzz~!sJ9qB1Yw?0t_p|Jv zh7Gl*pNNl*RnE8S2>ith8k+EHfo76ZGg`5ye#U{V-n@D9Jnx;TlIPDiAil`ViHnOn;eMwxUR2tP7A?B%-oLV@CWC+$5*D_BcUR2${0UCY zY=TUf|fAZlJGV%hy$O=+MEnjO0AL;?;4R+xy>qOj-55 zTTV_+$j+T^OSY{&akRbhqqaSI^aud zH_u8b17z{dyCVOJ!?K z>YQuqZUTjM$8#ru(Ad61dt=u|8m(LJ2nh+Getrr~x6bn5ALufTxW&RVH8nNcJzxFE zM|_}2tPXjVZ1eT>uD-J`b$QRJdkN@oM_8Eal5uG-zj;lWHm!?+LF0)NCmuO=Z1kKt zo#EkT&z(EBa_P94U#mNM4^L$4QFGQ)K)GEZuz4)0AZxlEZCpO1GHmBgt#iY^`uhzH z2|QxHB+$H7t8cGLe;GxyZPQ`*8$ZQ1N#$1~LZ9h39g`z=eQ#Wl+V&7S@jlTuzYUVL z*QiO8%e0crnm12P;X_5(>TiGBbp866?%~&)zqPls>)a$~!TkA(Yn$|0I2KE%;m&jqkjGR9Z7SF&mggGI<)FE6A*&5 zhiI{YH}2lu4!PKN!hm~{lgDbyl~B+fdiCxN)~Gwy0$Z|Q-{Ubpdf~#}M8~btoPHlj z?yE(EQlQ?eJUL!bqln)3@Y?L>>FJ5IY-97|Ha0fl74zKOE?vA>hhVqy=+T}u@N5t` z!ePe1fddDbn~$~c?|tj+_qU$CvPmU|-GBDWm(N3(^z1`gs&n@H$dM0&>zK7_H6)*f zG-1-D4Uv(ZF)?jO^crbx-RQx?hel-Pihu(Lbf{dmgoL!@Zf8>>+qKNw9e#Rw*qE-A zOMx5#x<*E=X!FbYbM`lF?`6xDb#Eid*KAY)cB%X}sYBm6>4DAHgkHXU8SO`%jh5?( zg6JQb0&W@&x|Nx!PLgu%=FK-tG(UuDv}v<}5X%a_c>@_p?1*H1|uOs8i0K?P6-$4s()5>gpHKGO$Fe?#&et zh3j6&T6ZDyXH#84WU-ZWTdQMq1m;~M;E4K!aD6-^tnoU~;PmsxjSVo7Uk6eA6c)eo z{rk&ET6pE$eH~j{+p;UaE~-C@#BMEyT8f1g1-QDqy1CK!t?1pmw@*dV-H1sBh$R|( z7A2~4L8O6yU>0!#9QNuli&hg?x&(|LInp+XiiK#aB%num;Wuq=OdF0Qc_Yhn+;t)6vm`1#bS zez=bYQ%^l1L}Wl+7_ro@8qOqq%E<;ZsB3Jj!S#0U-Fwv1r3tSK2b7Q|U(3wANL9B4 z-7{&XE@S!3E)c_HO%fNUB)F;r**<;pB!Fv){a&X|oyvFbEL~moXg+EdvGCeAh@&bH zs>_cb>ku~;0UthipM#IMcXnkT9459?G{j9yZqDo8KHZ;?>DJBcR8bR>#~tcxDxcKB zTYSr|U7B&uXWl9Qb~sm#Iu>YQ-bQeVh}2XqZgtiAu3b7u>aW|H&TrkZzxCk3xf=&c zj2nP$jP&yxGRdGVugDAGoG&R5#l_=LLoN1lo!7(lDGF9wvZq_NZvAss*0=|$%bNg! zTqKkP-;C1l9O-Y-u#}J_pKbxQ-_M_DwOjEI|5wfh`Rq`iCCf}cu5~3U)qeh2fAmv} Z{Ipv;Zm&N^7q&v795sIAG0R!&{{`ycGXVeq literal 0 HcmV?d00001 diff --git a/docs/versioned_docs/version-2.18/_media/benchmark_net_p2svc_gcp.png b/docs/versioned_docs/version-2.18/_media/benchmark_net_p2svc_gcp.png new file mode 100644 index 0000000000000000000000000000000000000000..55916a1de91094b18b3d47c50fc5f5900adfe9a3 GIT binary patch literal 38395 zcmd43XH?YLw=D|B)>iBmF`$691qdh@2$IcGfS^PriU>%SoCItWjf$ZVkt|A%N-BbY z2@nv;MJ#AVG87^?-?{zY`@Y=q-guwRIgX~=)(ZQ#!&-CAIoI|-t9E+*TJE)MY;5bP zN+&ef*p~OPv9XW;whDiewrBM|{72gPb zw6{AXDkZvq@6IdE&R3me#Kdg>pBISQJ6edzZAtqBAF}4E(gi0rwhboahdn_t-ja$VKyPh zriI2hlV`EQna%xeYnJ8iu&TJ4nwl&-<ZO5Ay ztHGYCut0h5D_0V1B*XBwz;CwqtZQGKv|^-$%+Jp|4>D4s@tgWr}oNTekb{S-3*?p1U^}H)u0k%B(29)=7GV%!JGG<|5vML zpfQe}Ca zJFBGhPoziBwyJPxO)2}1H%%p3dyR_>s=}mn-`!ZrwRLMk%7x4%=l(i;cCgRFgf6|l zDpaDfReGwgb~klQ`3kdiVV5fFONWBt{6jjOo^iSSgtgm>wFHAW|cp|DrU~zs-ePXaly}Kev^Xk=C^9u_>V#W&E=|+Z} z0;)B!D#0{^rpLQai(h=p79^y3>O#ila~Cf@U&|#NQyQ?{`s@4Kcm4exWK#=9k}!2q zQBi9*?Rl=3ZDm>UL@3{L!b*9sC+*{U`B6m$1%`N?Mzq7=%+5s+Tn4N9?MF;jT>p-hxZ>o+`RWf2IWkv zNBW>G-f7txH>)p{&zbPnEc(siVtqYopcFi<9^2@}(15 z!}LzcqN1WTiwln5Kbh#H8H8MvfBpJ3`3Qf8_UlV0oxXis6YN5nC=f2+wCC(wo6aJ6 z2_65yuCj-Md4?FdDQnaLE!^|J+d-;%?Dm1yhEmmdA?sB=Y&xeFGI&YphQg)nQhIvv1mMs}#v?6_s-)vw3=B6{39y?ezMZmr==8C91Xy>%h? zYP7WL&@*Y@#WyVlZt2@_V#^=xy6JMn3CntUpXrGcw;C11#Kh`xZZlm5b(|)LE;tP} zAINm>*YLafmEP&omiQo-o#~UYQ&?E|-AtV85ggn+|NHl|6nqyZf~DPmJP$eS@L~-I zha~O(!-o&0ul{=^V_@n;FJF$yb02*{c1u;lxtFS?_qPR5 zx&{a5-g3-#+HAE~W7^Rv6^jmOw$9NW)%PQ9Pi6&Ehgj`y3sDJ%@2Xl7idIt{l<#LKiVn4dUx zDs-&3I?S-ZHDqyNZo8tQ;_mXx6;I0NXL_R&^X}e1@E|(gcWF^=?y>jWWC%Vm^!f9h z$%f@?3?u(N%2FZwz{sPUOEcfuGPq37pSt&XTUnm0Lr5#TcYCe_!<98~OnIKOjPKfy zqqIR*W3q12s_~DLzW%BDx~{BtOP(#KPoEYnIFm*Oq8f4#hjR2=iI7I`&0}O&yuPkr z{&}l)S#7R^X|QaG$5_t=GxN{SzKSn?^yg%}Q^GOlDaF{UVpM{^C>>OnpLo(%Q(#fe z%lXG27bzieXTk)mw_$@{x!u@Z8C~oLSpKTj%edGK1k#66qz`1qnm56IzHH!i43uD!a z^d5PW_bce#tJZD37^Gk5IdRi^=f*6Y@xhV0S0=~l#g?l%cDz!%7$mG+(QQB2WbA9( zI5Ci%9xCg`%1yDxlj`KrJ3K2buW9%kx_`iYxHY@fJaZehr#skK?V8DmW_wNG+5I!$ z?uoI4oIP%2wFgsz1y_%UN!f=Q0A`jNjXm&C~_HmS{^E4O=h@V<;X}w zV&LP;vy;PNFKoBrI6uBz5hN1)Vj@m5@@ScFDfWjr_AyoC_F66yF+Dt_eOFEnwd|&n zEQS~xUbKIPGd=xj>q{j3Pqq=;4w*lp1Z+EWYHn&o zT|<^POISN8;cWCV8Y^x2&V5fr4fP^qTxb+bhKld}=xJ{Hr?J!vnWt!*kUXV2+&|dn zMIZMQ_MRQ5#oz?Y|DCno->WymjY36gstuQRYF~^C+H>yM%~k7Zl!e8)k=9oxH#I}> z9_9SD-VgV;9r`{zJe-lX#rWE}YK6HJN`Jk&Vq?H|DOTbzV1ag5X#hV}C0MjE+q#LB z82N;eWvMwcH>dJ#YN*%>6Mpxff6hMLdttmzMU4M^4w5J>=C~gRf1>Wsl6zb97mjMB zoF84>KF8Mn#-o1V_W{HL_1gS4y1f{Zl)TquyQan8mbb4zSh}@-yJUiGTh77KzQ?C| zYwvQ2Y}&Nxdqzs(ma5Mohbo(zn#@A5%F<7=3$D#%Oe|f#tCKI6({$oJfPQKl5;a|LM&f@u$X5QoVM7!CwlUwunjj4y zAD@aq!G}g(!xB95p5pIvhFdaE1J>m?UNFYK(N5Kq@CLM^>P2DmXaKKp?bwlW{W=@6 zyXx}Q91U2iz$;-=HqFlk&V=r<_!9neY)lhqNyd$pl4((`SHIUF_bldI2cfNdWF-B@ z%HNZ$o6`J?1jh?Tit0tu-@L${t?2ADe)sNOl1A)Zd`wJV-<9C{=C;k7HDkV#V_rjy<0f$=HRpl$Zr>>aOt`UQ?`W#@8QTKcs&3cj3-*>QzHB*W0yg z7dbBE`3qcay%%SCr?Tu{jd0e-tB<()3R4MW>*SIg1pI@BBu+$-e9YS*!_0s3ru zsJQs-UuPj9IXQ#29NR!jwr!gZ4h;3xd~$kG5}?uTTeq&@*m89FOn+U?Bjs^`e~13EA=Ut_=lbK1=Qb@Fi6$TJ*gf@cRNjk8^l< z0Ykwb&?2w>q?&ztbhN)Nwq8?RKDNI;zF=?E);Wb_YM_9fx@SvclD5k2-?uz3Bblm`Cfa+(;qW}fBgOA`+($- zvF}1-{)DK0j*Y*@mVn)-|X%m5YbJ`YTdFF zk^^Y`3}-Lj&_Xh-YTb^*HMYz{=AW+?>|42dbr^tDo}v9HVvFFrV&i$UfPerA`@)H* zE-J5*tGga5+F`ka``&a7FjB)L7BDoLgsnm6wXuMSp|oW6K!G#iMIsLNWdU>H1&d3m z!Mf>2**WLj=$9g;ol5lt`F!VJOUSXNeoT*csnwGZ={Z@;bhAfnRI4v3Ee-v9`D%gO z^@UR%UQ=&)19!8!j1Ynf)AMmA%^F>%e|$Yr871$xMsM6}L*uS~eJ|Q;z2t-BUfcaMS1;=8*RMLha%l=!^4E)< zKKHzksyGeO9qez@mqf)a>pmjP)DDXmdQG|Jsj>{Pyt8xFA&1IrrRV1T)^9hLkL(9Z zUtFBCr`PY0asFi06m0Bcxxf%`zBflgB}zX-(Xis;;tSbULG{-RhL>oWc3sH`m5(ng z%zWnz?$S*;|M=fUMHDSV?RoXK3zKc_PTxO$&AA^>D(Q`iCn66!ydMaV-@m^Gwbkxg znKa{KyPw^a7BL08WPL2SRG#iVfYJ#dCvPbCd%0j#mMb@EJjZRc%zZ<@og9OPlhatxeX zYScA$(NA}t%KK(tyud)X|FT2Qy(ZczMkiHIy2=gg3S%0lEd-f91ZXe>ndzC&!t6HG z2dGHqhB7(oTYSa4MCY)pZN5Y)+WP>4Xr>#`!sA=#=a z8X<2$e!|m{+dn2jz4##GO>u{@?i{npYLv1im_yp|IDd zSO0_G26_cH+J_Vz05U~GoyDDRCK&n*w*)W~eV>1=0G<@M(~eLo z*6j>cALeMGao2R&1*aWTQ6Ba^ zbotZ8(uaKZ4|wIRFx{p_^FLJrk#~2O$EZhj^xvAmC{zIn0w{s}Dw_|v3}}&{M_$=e z9cAy>`(^m7uK@vy6Z)LS^PMS}3TEQ{LPN}=Tb|r#Q*VTZ0jDZ_QB$%#RC6- z{@EWUX?qax;p#SyrI}tnYrd^+@~wU)OsNv@RdPFbzI`+HMYg9V`gl)!o|AdWU9LC) zU`7$YkYL0Rnc+sS@1OppcYj+oj_OR`Ug2tESAik2bAa>IB`y4-Ez9>-%tk%z)bn|p z)BLoHXf zkrHJO`K0)~#~)``^?ZqF8@8`c(oRm1%#$gaII+T6PV3v9PXNLfqBWH}lCL7{TihPk zh*b_D74v-_S;iY+U{bH}@$nsU_;w<=o>$uOW2g>obZqPp$QN1&2r%!7$?e$ZjUhGK zxiSCn)db{u{b94=31F;as6h5|Pekk#K0mM#VJ}ZV3{BOihe~x`tDiOT?2ipL;B9Xi zx$+75nAG<5)496mzI7b^(@j3NEw63xOQ=Nhhd1`^xh4~$#)%sIPIHsC@s?eaeSA~j z&$eG@4cO0M2c373LSQs8XqQx+YIhQCvP3PGauEM=Y%vL3xTuJv$??ISnQs=6XxEmL zS~(l##gg959KLxgOhq1R=f!O%riyqW0< zJC*OXQIf@O)ZXob+-}Gy28)sW8P!dAXoI*uqWLo7w^Dw4lvP-;!>K2L?zZCIRMaWKh(?t^539e$i^O_gQOx$JH z*WZ#EFYPk$WWvjJ`iDuT&w?kRQ3eZY;??=$Wi%X@1_$nb15{5L#ZGbAIyF0(zP+Di zec6!7bXc7CptE~_`{>Vb`@u-n=ji%Y#9%bKjZSs?(n|@?BpNK}bL63yW4m^5AW9St zw~tJ9K?mBP)FiUU2ks?MYWXQ2f;xc2N zobCy;=QdTPEzeI*{)q*3C`c7>U48D-pkx~6g}Z#>A#LCNSCKRSeToVRppx+E7@X9IXsM)t0Lm0 zytQ7Mo}CR{wVwMKfEGpeI%Q($nnv#0zS6@T4`y2|qNG&=86!ve6t3k~-kiy$JC_u$ zlt=>((6_kQRWzl*^1M2=*g;sc`9H%HeTyX8nbx;oynLD3q1Dy#lw0a~f$R@bN8qI2 zH8XH%dt+9)Ik>)PX>rbfQNDd&6R><0YQ@j^X)p3?_R&5^%e(sZ#)rdmKM)oR!Wmn8 zujB1e`m2{=&$xMH?3Tce7-`Ql{Q~w9$K2ZR0MhxwxMs4djZI4VL_E{CLW$t;FZL4FHd>S_Qx|_ z-#*sq@SZZ{0?|Vo$0-tM^>4m8j$=3QVS}PGcM+komWB%l%X$X~lQ;4!E76E#5o`w5 zqubHF{lVjJuB|!VbFNf3uXpsR4DKkfqW~t!7(+ieEY}OAh8EPxnf!r0U%o8T?~37Y zGM2W8=3N#FdjH;pr6TGF;P28Bz- z)|cdo?`;uNdv)mb^d(bMmzket!BNu@hXu@0uITtlPU6cSg7SU&bf5kJG?AY_f7T(x zHbx&`ZJpogGj|44`G}HzrS`q;!pvB&E^-h>+O>Tv-82?zQb9zAf~~UK_bVd~1wi|x z3T$(nGy`}F=h$)hQHn=H$^}g@R!xAj6YqZ)+p~ZF**d28gdd+z0%j%w5a{mRyN=Jk zEH0=8i$*}+>CIq)jna!y%AfNoXp4g^HC`c-u0+%9y?|P%0k8ptPYhTLilwwKYVK{O z6l%5nRCt>s5njMuiUS5(Kl8p|-H`A#C$P4R*X#4_(lpQO5;vq8dgppKo>BfXefz># zC@DEIRpiY3ku;|JKPzS)UE&!6Rj zjjv5ldw6*bmht&I_cc^@cr+iXmh1XiB{RCsG{w8;o>);|PN0OB7fbip1f|1CmY0a4r-D5OYU+u_S@@?UW0}K80$La*3yTJw8S+ zXXFa&rr9j`0!=v&Gzj^PA`)>QGQSUI-E`qpX>WITED$SIIoI@*I$?}$QHaYp_dPmz z`O{9*`$)qWFmZG?m6X=+srZo^WKCc3mg~U}6Uw!mQhQ8BX05-Og{#mzs?&#sDRl zPTNgQO;eW?9lqU)DTo%aOOG9uU!3krI`{I0@NN?dMY?c>hLx2C3=DRp^8fZxu zgcj5|0njsh00Ap#{P#SkSP@qu0J7a*m_dn+);01dk(nNDe*LnIE|Lo^gi7CK^7+|; z@}x>0UteEBZQ)ZH&<4IcJBqR-r@XXj`CzaVX8U%_lUj=Xqe2vBy|S#V zYLw$H&3O(C@Sa zOW371k19@b255Y%%txf5cLrdi2f;kglAs|DARC|&=J{0#+e_L%Q# zPl-#H0N+Pky<5~j2{gVk`4H|?on};+#3SpP;Luen1Ia}%$0iY^YF_xF&s4Dkozv~x zVh+WH?@7(n+eNE4x$NGMQD`h5zYL4&Gz2CQNlAvMVG6~TnXgULD)w18(YBWgfT*)m zEg@B?gjqh9OB<85^-Zp#JP*Uj#p~^IrWiLSR$~5)_ zJ%f}Sv`=3LeV0eO^<8Xuj#cyzrDLfEUn0U z&I+OwgZ-q{KLz`WQC}uH{_#i)3rmi}hhBU;&i+%>Wl4Y>`EsLwOmW=GjV|TVUA@L( zY8S|+;?5E!Nw2xUR@eT;4UX6@@r1MomzK@Jr(nZ$cx_oPaOT1$GvAy!DSf+lXK}^2|+;fAZ+$b#S$6%v^`# zrCUY*X-lsw`tkmE+M-x4pNz8-R5`d6sQHzf-gOD!>lY|d;CbzoEkWbAfz~- zneHuk>Z2rA{OqYpM)vGS0;7hGETk;0_P_qXPp7>t8X^&7tb7Ps>v?1vy2Vk8Wqs)p zaQ3ew26eRUEP?mN#L> z#B7(c`*q%&dhXx2aYNjuc|WmEC(V%@fbB+zk0Arc8%$`pLGbIJ1inoE}|Eu_&x1v}ec(-jkKgK55A z=Esg5KR$s65QfG;i-Cakp4(!{XUjf4acbuX;^X0#F>n?P+d?d%>#!bKLZYoWUVXG< z>1jDrsyR5@wCn*@kMU7$2VqHu-FClTeu*j!v1?+fd?Dgqy8Gxi8q4UY+mym^F5!se z8Q)nv6NsFSvqb_^NtX=(S{(|CXtSTxG@5NB3DsW5w571R+&6eGSqE>Ndk*4K82mnp zo>mCJt|J|(U_}!yzPll8n4d+t@bE72#}Mc|JWL`w?Sre{h}eiOToROW&zPNn-JeWS zkI%_AzeMFAdw@7#`n(!JSQ^SqjWHd~z}5ndXb^ogt)T!yd-WC6et@{Nr((uw9fe-W z_^#Qxk>ZIjvLgxLr`AMfWkp?lmF}y48fmn=(YB0JP%SI6b32kP2#GFnCRoaptB-0L zV{%u=JEZRg|8^qJ5hzfhF#=Dcw-nXTc5>K)={wsmI2h7&YaO400hmYzbb6Z0Dfz>P z&l92{rl8WIxNy(Dl0t1+)|fRSSCI46X<^tX`mYZgEz{L#j@qEw-xg5c3X;KEzDoki z7A~&d};TR+W#d4#vwre`_lGAdl?+A2L`T+tPk&q@>%sJz2?>Ba_riPA=_zu(ZH{2!X95HoJ`Wuu- zJ>Bx{D1n03tY5F)l40huFzaI5{OTys^5bz|-Oj+jFaXBrg=4l8T9en^)7|1)>`j*7 z=9$2cHQpctdc;OjpY}kWxC>lmMOiO5OfG0DzwYd?E1srlK?~6Z*?3x>>-SDuwxSI2CN9a>FU z{pd0mYa9-%9bQz^8TV1*D#U;(MeV!IB<5J;i_obuuw4=CvM|-~J zMeHDdSEVPdLtjrg8uU&sUuLTMqFOudd+M3V2VW73Q+wMC6O9V<*KQFFzv8t?8aIE9S<$m#Y@CCg#NVIy8CWAi(botnnwz_5BhQ?| z0oG#8;sRLI3^2vruB~$mcEPYa!L9^P6@iJM;dcpn(CI1)4 zpPnr?GlX~J_?3GjN0~1|B&>BLtQo3xOnn+oL%dg7GO{dVxCbXnbv*CfT#+2SVxDj+ zu{??*E0`lKH#?SEf#ynQJNUD(HT1JZCMC<(_l?T#$~0y-D!P`Jt*AOM)?3Gv{X2t{q30lPz=)M|W zeTQf@+YE*Wb08~BHOl4{2G1fm4+82`fC_9g`kPrEEEeUW0#wpvShQw0)LTG;dT6XX zX$G$SbtmhX#plW%@EEc*3A#nV(JwYlMDQ?Cj#4N@l{|rxlj2U-Jw{J!vymKp9EeSr zfOBuhXEp<_E|qr}74Efax0CKkC@son7pfs7BS2aNcs-iy%q8OPurD5{70xQn5HQGs ztp}nPl&3+hrT~a(BLKS2aS!IA0w6Q{!iZ?GZhdfdZZ3 zk?1FvS8d=O+HVJbfKg!o`=&h?iJ1O?4=N(Ku%bDZtY)^AwsmXnNP}b#Ywi(o3I!nO zmsMf2Q~|$!MoRen^@Cp(So$-Vh17%Cf#rIoQ1L_LJbrGamZGu&A}Jec&8`er^zDGT z;^Q?y{y0P;orScHnLd_$Us`kLIjf}@hF1+x{=m2>le`_|;o&#+MTk;rF7rP=Y$%1{ zL+K!_4dysAJs^d9Fa~ohb`SVRaT=(pL*R5B@^}pjD-XRs=uif{TWQn$>KzeqFl0Vr z`77=0>{L2PB;jYGi(YRH9dvtq+QQG1bqj-?VR!khJ9k3CiG^YZgdjVHU>V!-XEHV$ z3fx9q6Pgs{qNkz+vgSdTq)zbm18&#a@(2kc}8RqEblY? zX(*1d-e76t+-vAtro(Q>jvf09149+|#%Fj|KVyQ0#|aMqM4*6L`;vA>Nz4EbsS<14q6kTJ`=Q*(|F%G@(v=c zy?_5cWopgpRjWclw97QSzEb;_pIMZ&Q{0*j8>HgZqa?}Gfb_cam{p{BZE10V;p|_y zBwvI&TE8ulQV)8JZpJzLfamblx3e5vd(YSGJ^$)$xSU5F`9aD2q1CsyBB*j6ULKBm z*Fi>A5*_Q?(`H{RK~xlQ`Vw$R9E6kVAWaq2WfdlcmSr$S+_8+D5Cw0~vB@_3Fo=R- zzi$zJMg(v$b{*?@<(g-=x7tYlN@OX?05y!C_*WGi!|lJmUctNd8WMdRzJ)P&xAKWl z*SLa<=|-Ooo_crZ?D~m!tbb}RGzK!@CvcewOTk;~C&T-3v5A;Fznu5|@bAAD55aIi ze4vB`$h`P&ndYmDNBuksIOzr$w!zca_GPrsON&#*m+2BfVsaA=nx|;Q3k!+w;OY&$ z;xKa`!r9nQRGTZw$z9o?EdnvqodR@cCzpt^ipbBwzLgo%YfPH)!WOLXR zX4>LYWLf$H56aZYP4x<|n%IJo%S$K%s=%+DfkT^!gxUL`ah4FntI6!g2M0Fl(E)x1 zpff8S^qL%^+PM5WFGHLVpiRIAnv?U3JZ)AHEM{-J+F@$R0W@fZ(m|ZjL(l{LztnU7 zQ8Rj$YIUR-%&`za_2bLnEIy;=OrS#C-Z$7Y(_cIIVmHGB?GJ1~pnebfB zopbl_2!SZftpD;2ahIW1&Md>}yw5A&+C5&rrVn4hA;_;G@?5Zc49@`~|6u7e#3en& zJ!uMXkf_( zmo8OyLQ+YNB&BewU~J5ZBT_vqcDwdK`?SgJYrK1lk+0~3@<4(;5E;(YE$%Bq;YECa z(haB!w)q{zu;Pr1eK^=97UN--fe-3Xxse#cnV-iuf5D9lK4cHufVel~A!WSU#@t!r z^h_}-Y&8k}zRKD3{)h6n(_aPCJ{Fn6^&mm&nYNCanzNa3KF0SW5uQP&;WSXk0!!g{ zDnAd#-a=jaMdtOR8bK_Rc{z>WZqVP~{{YgO+SMo_raYCTgkYEEN_WR2>O-cPEvnGW z4OzcycrAsU4FTo$4D?;z!usr}A+_f{R-<{BW&Fe$0-Y0y*-Dzp)P_$t*f$*L2u4SN;2V$Yj{rt5(MD}h`s ziE@s-@;i2VL$Yo)8GHW;ooo1@L-L;E`ysR+!ge5E@np}r_v6EDP2t#IiSvak#&g}) z@l%94Uz5~`!yiK9R|&=D3<2}-4Cph2sE`H)uKV82!kc1+Rs_2R9vIxNMEcBH9>^5T>XSPloSB8htQbej zMaw)g8(AbqryMrYf5x;p6JP1c*|x-=WfukG#_n>}Q1SAK3WqMTCBeXolcmBLI)q?J zY))}NzoP1{t%mSD<+trzEIF)heyGRz=dr`2rD=LgfzLudA$34@T7vfUgh#$UpSs~A z>RPUi8~*}%4<=i*r1QW?1uDZBqe9RA+S7cEILovK-@Ag(1Al#vI~!oNh07%=g!$Ez z=6AACESv;6rUj7Ywe#yd3=X6+qF6#hSPH!=N;NpT`d3F4MOauFRY4=%W6}6ZefiAY z-DnU|hVAkkns)-nlhh$T{O7e-kSmi=$%0qQ20zFpW+ayyHeNH`A0MR!hwRE#tB4VI zDRe5T&EcLbc|5rzfXg+Y8j0IA5j$_~h7Ib20`i+Mo_G{!jJk zRZQkNu*zH$Z9UG||LA2p{uQZ;@Tr90@thclb#Y>?q34pk(N7aPO~QZWOQta+*BitID_>;UEn8Hvp=HFl?Edkp zKkHZDafInJ3=AK)GrG4Lv~+A>Ch)qniNpht8VAKV(%G;}0t+=?nv4 zQ3DQeOB($5-Azwe28fd^}lQGw%ljz`A%EK~(zz{Szh0$;9SV`G!FPY}J3 zyO+&+ziP1|rrwDW=(L~AGh+>Jvau~$0-5N5dz^r94e|1vCrCFJbli}pGIT^dq7W8} z*v-=n3mP&l)B||s^&~ON5+<2FAzOpg8}W2q15-vy%c8ZCq(Teq2p% zhuuyqR+$SVgf4NQ6TOL8{t@D9WJlhNJ=evaUb0H$tG78(^%uZZ6PwISi$FE^6e=)*Va6}YBCD3603-x~9Z zcB8we?r${-3X`yYO1h&U(j5W8rvVx$3)K&?IzvM~tE&2Wx$y=zwt4*-iqZEDGR=T9 zI>>?&AmX7NUP0&^fWwEhcBB{03QJf-QQ&LSg>2IpLk$$SEhF+aAfTVfPs}+3luMdm z)U|`d+&%9}*Wtu~_FyMU*dPk}9qYM!x+i>leMsDb@>*V5sY0Yrqsw$Y{1|oz=#15q1~Ry#wH5zVTf8)2c&n32|!E*auYsDfJ!U^ zlyanb;V$UEsB5jmDHy~V;8N21lxl))e-3;h$`xVj^FUVPrQ7Wjj^13wVVih1`Udpg z1fntk(?IM8*!Wa;N^cX@K`8M`hSyXOuFERKO)s2PlL$AsRHwZgx|n% zx~3=fp`0k)KSm%Pz*XP=_4|#81E(;HNnnGryr%5XG||M}1jt5CntjnsT+!mJwO_xH z&y1O0O$S=wxIm$Ui>(3O0>$&?CPM)>_pSH&6gw=Np>et(J0X1-(1_4_Cgk8rJdOsu zrDUJM1Z0h+195d*f{95+UumBf(f82@>cNDd0gz+Wnw1y|zCp_l6)&OvfW0DbsQkwE z_QSqLJBKKE<}uK5lqoWX!$YWnPzu#^jpH09pb?97HGuGHKv#qzz+m+Kg}f1f#l#c- z8`rK~s{u%xWz%xd&k+iSCoG#ihu97Z56kk1>8Vs zqXrhg078%!co!_$zLr6h$iEK&3Zmme2h0%d99#X!u$#4g@Gx`OS1S}NEWHI1jz`hQ0DT8%p-DF&bosSq!r!^4pS7$>h2YhmuYRPz8PHza)(;Fv$GnGSXoPr^NtT$c%g!Tp&xAMDyS*y6Rgf zr^h$^vivxDm3Y;~P}QoV3j(E`%&8e_8Ek9@ATgeD@XB3T@Io<&>O3l@!23qC`Xj$v zw}@kgJPLSU(8+PcegQ_igQ(2-e=FFVevXdTJ`vJPk?C5zqf&?Dpq1xnHrR>XL?V)= z?KXBCkXXGViZJCwdJYKDyF|1SE-oyAWFlS}1huo+W+f6Ap#A|EYvz6btEVGs%Hm|(;Dz6Cr_TV#Lf%_HG$U%_Or(7 z5t>|c<-OkDS_7ML6w$=aropt!E$f=HS=8WJjLR!%tzfbVLe-H+RM&OHp17iImj|L44 zt;{N+hb$ft8w->%eYlNCBGCeOMy*3v<-|u$^*)&C&IOAaqJvJRF;Vk0m|iWU{M4ee z2&u&4WQ`7V234~F5nKbbP6H^sRAAb35QH_6J+jcPo%Uim+oKbSuJ`7!jU&FK6+lSn z+#?`x3V9>vSiJMpkQb(fY>{}&p=eFogaH$wD%Av`p%J^=1qF(AGssdGcwfwbjo(dz znL0um^GqMg$H5thzVALHWVm|5p?XHdn9*W-BfZo}G0F91_wLew!X3M00Q(*qS<`Ua7B=K?7e2FL=NDe_Y=F>U6?7H6t@QhmM zY9d z=(pv;ArLltLrh31#Ln>j(_<)J0q9(vxwx5|?YiHQq?OL7b`f%SQ_UXkkp7G6IbM63 z=MK1b9O+hWKA2R8F)1lm4^ zr@{INqq6?$YNq>6nl+d|L~~r3jf6^k=upq1fkdrwCdi2)xgI7Iei?6M_beQM6P5gz zu@t0qLimmc1(Jk`TDxvtR-{z1u25d&wQig?|jRRSlG+1!G$m;;DNlRMlSLj}=ORA}FP!C6Q>RL@@UF`Q2fw8xlAPH2d^(8bFhhmQ5uZ818?a8z*swHF1yvB}M?1 z2f*~B9J@X-8w@c_!oI@*UU(h&GvFxQMX&d}a|f;f=OoZt89m!Oak{wR<0Qn}*XR83 zIB<-Fo=JLQq&`XjhgrPO)Ju@lv>41#{<=P5@gk&WN3tlX1l&BOWZ2%yqhb!=k=4Pc zo+J4Hc1Ch2_41t)-+%a!eYt!iRRhT+3;hM4qtDDaD=nA=Pa^C1L03m2`Yn}ARlaznVAAc64J+!nC1hV>wxAz41ig>&K#^y}KG8XH4I^CRK;S1)KXH`M?f4h9^^Hd+aoqtMB>~UC zjzC?Ko1gX!Q#5bZPr>Gj(Vo&a*!1mGk*0&|`{Wu@5ua1_ve^8V{Ku!i?e!4rmzzO00f|Dgl97GgU8J ztLU1COJB`VVg>?ek$`9cv~~t6jrySZvbV=yBK+uVb?Zg9^lPK+r;m`cfeQ5fp8^Ct z0&y7BAh3*$O-f^UZ9aue7reswYdXP=>vtSJi|)Bl8J8q%{f?$8f|ZIIoD)nt)#d{jorGpq^4u*jOW1a#UMG3%)>16#$-D*pE~VT%1B$ zZczkZL4+GXPLZ_lAe<zs( z^7Yq)24QOtjvVN74L@)ySj?ClT#u&1yjyc*<*wK`O^Z<*MgDVj&`!($;tPWQXIxfv ztuCMah?VEQpIl~N!Y@dM?Mn^2vBYM2U(~qhvm`jY>t64<{`+~Y|BE}iuC6D=rgR46 z^qD~cvg#WO(QJzAe0bOXho=0mWZnL+(fzkEfbMUQpc2uy45Xlih)hZ&;-26zBgGyp zF2poQtPqGeNvMVnH@cu%juchM^Q1+c-0g(=qB^mi!~#@LXhIg*vquTRkb&5$VY|&+ zBh{QtIGe^>AQR9coCF)ef!hG0Ujl7+!=1&(h~tkypHH%w$vEsHryuMfcHCvlmWg{! z+Q_5xOb`Abz;J%53?vU?BS)r(FH9eTzup`7*TjpAy9}}|>rc^~!K#q73lk{`BsXr} z#CXL4^3_pulHT^9ZrqH0^>QZv?3TCs%2-0c2H_^CYVdoCkLV z$%RzhNVY1pP2AkVVO2eoP|qEzZAGEE-f#h2otZuyIY&CZkYW<9&HOCKMGJuTx?q^Y zpB~z~_j6(zZhj%j1Z{2SoSnzz>Dw_WZ;R_6?K=JhXlwx{h5_`h5i*Wsa^ROb@clwm zZZxsu8W3VugLc-T0R<4x`HN~qY^M)|?l-xyI6EjtEN_G_LkUAbE6Fp&ETqlKtX3d* zUx}l2h+G>&+QC6skt;|L*Y|5b4HW6K?1N0A17U_hCNi%echLLcCyrQ4%uubbP5lsG zpIqdDd$kctR0{SCvH5`KcvVW6Fx0xD@le?7<>_81MR9di(!@xPZJRO;SF%~IANx65 z?4$_#g=DJlpq-EmM1ZnES=JL|k4y!M-$w&%*9SQwP?FR|b4K|>DmlW5Ah{4is>LS9 z%T5t9cis0P+CZ*=oFRMwktWuYD_cls0@>5}Aw?4IMv1|-7kXyIj|@qQG`28a0jpSp z6D5{ZiO+3q`XCc?pNbk92*moVC9b#9#cqn~;$-(Z>eds*StSyo^M3b4%m{K*Am; z)D&7Ic?dHEz=-1C=Z0=IYRrkD%<2IgQ@uRL*tMJYK5IQwBnW#$4PHU)_J?mdQ8DdL zQ256~wiUspP__9(#xV^;Pl!}<-J%@i5x(ovN{0gIeX{dSEUX^kr-`FT9%gbv-gNlP z*~WX4-e1BNq3~-U_iUhywi@rNWlWPE6Y{QN-{KF>u;&C*fC-I-Ub}PT-iSN}EU}A9 z`add1iD)cqi)sbhR0`~4ns5Nr0$GKu-KV+@HmYC>UH6UPnb7a!JMv`_!*IXFQ#TBg zZHWgQ1mP74!%jGeEn-Fup!)f#;8HovydV(~Z}jXGgkK&z3;G-^SB-e-U?-uO(9vVM zPynbOikq(p>wx?1_Q1r81k{M4lOj}NZy)?ypQXTGe;q>%FVo9K}_)PfWbD#oYpJ~E+1ffgYF9SjZ@hsxGga|}KWUEJnjF54)?kp-KD~Aua z1h7Om#1jnd0 z^44e2)3I6y28TROuMNN#e35hNvAAxS%M}j+sw3 zCU#mpG;B-63|z~nnIvbfdPIFUNaDNq?>ld000Jlby#>6sgik^=ez^9fAGx{(Un2~l z42t^d1yPJ9RNgD6{s+3g+RbLL2lV7KRNT@%{rvm{O)T3pjT6=FHuyohaOMVOzwOsu zINo*S3EviLMjyMKQk0K^I}xZn31FSZDl$)n=ZExp?}#IJ>>=C6;V%*N49I;hB#NaO z%Emk5B7xj4qduJImo6*iB_(yp^+K3No(_W`4Xhaj?f}yAMXs7~*{BQhCwa@;mA`M! zjhF<_sfE~(W5-NFL6HnGHOa6bM>CJ~>tTVZcAD5X*`U1!J4d~!gkKt04?k>T`@mi*iPXXWP3Vn0L1uv*-E*b-E!oqHZV|6#sa-VQ#i(8z9V!Kp$tIRi0E%M z%>o+;ETO+;7Vtfmv>o9d8l>u+fp%ye*hbp8=OuVdyz~ludoox5y)K{@{!F;?B-Vu} zEvTWg(b-Lyw(@#Xf#Cpjbac$ZZ={`La{+&T44KTu(?~uKJs^V(^|K2Z#a}L>WD{NP ziFz~}oeh3dNh;(brihLJayRI|#e*oBNRbbMHUTsA3AGoh^T+Aw=@d&;wWM| zx%*TfYILBh5L{Yj7bF7WjnrwR^5yfHj)vFp1u)1Uy8N2Z3^5|!$-aD5A2cd$P^F|` z#o6B5`1COV1_i;7EHSQ?B!MFVDU)2{gt8$8LCG4U;HbV?K-?9iCO?sohsebk`?dz*_&)0Y@R%92MMzS+HI}i*R#6N|;Ez)grm^#r4! z0X|kmL!Ky3z%}F&PJ%KKHG`e$@$PQBeBn*mKzXjBf%udS{fgAk*!kLM*1|0qsW`Nj z*s4(BdY4-gvjdy^!7%?NUa^079ki^AA%!Pu(VBZ+ze}@ts{i*rwg1(Z(Ehj9n6I{( zs_IECQ`(2FzzTT3(2}7iwQ`BQbgN;}wGdm54eQ!=)Gce{;T6x3o)7*X=}h=Hkg=Xk zqyGMm$F#rd^S4b`n}n%Y+n?H^{Hy4sY}frCsxFj@y~5PKm8BGAKJZJfzG+_twGLTNoa_rQwZu{sGucfQpiOIq({N* zKDF%*I~&amDbA|-RkZTcy`*1XNJd64>e^3#Vu1jzOGN4gYA~1$YWnvQYe2@bC$Do*;s$&ga7 z+BL!Af~`WTOpXuerHMu^g$8znY!(m$sPg#z4o>PP_g00)1ExVbSAv_P7Wc*Ns5p80 z^dPi$P4sz_yFlTrB)l$m))NZ!&N8dug%$7NSxo5{Gt7?xFcX3&nZZRv4Z`mw51!*F z5oNJL=eHuqJof|K7g;Y7Yya0k51pdGw z_5x@S9$z+KAQ=$6LaD#S$>$!fBifOi9YI-y%NKA&3=xnoAE)#YPMCr35K1JsD&;Wf zYP-`8lk0$sYz!};2kdw(frA&#NDDTdM!S_Rnk;$%6N|E!oEB+PxuwT3W*x<;c#NK1 zVDqmvHBr|6W^SA z)n~vy{=0@CHMZBpV3fbn;&+1WX0G$$AEV2#?%8AVp6_x3F|s~0BT@NcF%`%pi@$u= zG81UZ7{kK5_9rLZtoexu*$wVi;wdmm??sCiSy-dC&O)HPrt)TEjX?|c+YP6+pw>*p zzr3r3Ftn(DLaB~U@y*IGin3GaN)PsT*{mJO-!NU9LES3&pCEJCB6v=dPgXGHZBx~r zVx%cV@u+x#nShfVFE4gh=G-KB33h~Bc4`%V9d<&SbLM$_dkHZkDgg(F{UCYIysqwZ zEK5;U0|Z0TAT=2IMYZoYQPlCn#l*hLq%y_#Abhp|7eax8Nd^N3Sc`KRy%Zd4eZOIM z#LZ4fObi#r#8zqe0vuA%Ixb?RPd;Vc_b*}9`V}M)ughk^y8v>=G9f2mrutAFk&8>w z+fLu{wc&Qt<(9F*Dkj7yqrS+IWiXHO)x9OYkufq&Pgd*sB$z%!m!4nXCABtfj&fo+ zh2we8Gr_O-T(DApqGm4@&hFM9TqV7_9qv4S7kk>dpN_b^@cC6Y{Y9fk-)>OmuaAC2 zc{pb4UC&f-4nc{G+_TJ)q>~o%8n|`x{kcy(LdlHsoT2|Ba7?M|UUip&B-H^kcvT2U zQ}pNVB#ri}s>dNH#qy4B`dZRjD`noAGGr;odA>`kIG5&@oBEW1O36f;@*eJHqm|;f zIwC$qyzCSn9A-RzfqZpPXdV98%Pl#}VXFR**Hmq<3e4<~q zJ2c2s*lVq~A}Oq@`IA&SB<&Pvl&I^}pOlMU20e1g(YGDc6pH*SYAPih6d~I4cf0^e zsNbLg0iwT$!}kZTwc}U!G}e2+IT}lRgbF9<{pZteN?Ri&rf^wY-2uo2Yc1>T} z^yxoToB+&jC6A8wwhr^>Cu*5hCYq;IsoDRl9sk@XuOfF=z!KvJ!%g%a?irUs6pmyL zaOksU%(~l@?OVsRHABcYh-xgCCMtHRVRb{tbXCNC#OSHto?szgj!9+0H*+O;oOn}B zkvXu`TJz59zAy3nadJ9GO%MrWX+ytPSgc%h>L(DcA&%ak7a^Lq?%nVcDY1k*mqBDZ z64TuYJuJPRJ>lMH-UCfjCN7j=K)XY#yuL9D7KxHQ<=_`i(h7!N#8XKm7{qDDACHUt zh7Ou%a|9UmwO0)qNCZ_A;N&OftS*!@!+=c{!hB;VS5e{9SRQ^?1514;h~OJ^q$Xa8 zIT--MgQCmiT+4)2%AWm!C`2K%D|dC8-0i5R7FYedn7 zdW1}pr%_y9?zt(K+~{!`;skU|^8{Xg=j5FD(9Lb?C1;g2(aoJ12ML@N(A&AA$M^f*uI6c@53xZhqGik-9K^^@L{uc3 zfEnBBg~bE9Omof;gjsvB?3o}z6CJSqvLfGqar%{4Xh^vC$e=K8UnJ329)na}v=am( zH<%a^9*&y&%_Dg@mLnpZ7V#5=lHu&zP5f4_>a|G*xQXKkuS*$h&ylMp9G(&$1FgB% z`a(eMY*I4i*zah+ClkZeup^g{%X60qMdS~|tbzOI=1xLY=J7SIGBMAm)flokRGd`= z4B~MDfA1ESK5^%2P)J!ZBl0Eg@|6}PR5TU8<6vr_-8GT4lvop8X^eF(jd9Wc9-1urRFthnX^H=KaDD&~f?DiWUp?E}O}Iio-9N% zU;53MSh6N=n$qoALR{(+kO)KNeL6qQ+=V~ASFJikOgw~HWHzz;u3HV|h;iIw91C7Q z40%D^y~7-7ZE$X?pGrvMZx&mLy$5J%rhPMT2{6VVO{~dDI!4JI26|V{>X9Pe2EAoo zP$Z_@&3P@$2-7m)Dnp2);`ysXNCd=(*Cn7od1avTJ~yqf-$O3v5I00;)z4Q=x$kKd zK6sBV5OB2HKgY{%p=hW?lrH92=p%MvXBW+HBwCM>rt8|*;!a{&!;HP<*&QfN-!f7< z1zJhQ5a90}3Po(e0}aXqFVGtkq@#xo0eWlk7m*rAuzP`SNKsZI4ubLsMZg0Piaq`qZqV{CDoCvD_FAfB$(IGyeIW7 z8K0Wd9+9Pudw(*Pa{Gi=ozF64q6?sjhBao?kf1QYm=e?>6D!|J3mClS^HgCnQAgN< zPS{*Y(R=WpILzsJqf~8JiiJF6?}Nj>eor{2%L{Hb!h6L|`3a*dVP<5tgb1uVoBEWn zpKZ4`ufG1x1W|WV>sf)LoZBpQ4ZuMLd0gurE?zU0pFrHgU%%pLYImylqh21G5$#B> z-{3CR?Bk$xmKYl_3d#-3k#>a6wuFam6+QPv0_4_7Dq`vRdBOJ>jt9^HZA`OW*wOdG zStQ%wuH$&^E`Ht#E*o3X6MMhOfP_Wm<@$OBzH9L^P5f}LPu+UC>+9Bec=J`Psfni3 zp3i$D{GbR!Q2&{?y#y)bYxw)fbvL?q?@m?ot}?%frbE3=n}W(M4?7$eJdp2s`{Md_ zO25}$ok60OMg0m&Qt({xH0@+Qp-q zz9yP@=1#QcIm$j5f#_s%Noa96*9u#E#0k<#z;oBBr_pRD%gyD(3e+iMuOb_gDEr*I zu%*SyiOA6vVLJ6|8sMd&U)R|Z2!BX(>^E_>{9G5G<#!;UAuV?1?IZln=bj6VNk5Ur?QWbgNTHG}a}HRSiq2gm zA4zuaq`473-6mp(QC}Xcv}K}?A5mMKbTsD469*Bsis7fk14`?mY45{>W=I6ONw3<}BM0m>U|DK8O3 zr7jhP5@F%UW`1d*LF%t;zX7R?tJP}T_E=?QrFP%6AMuEgw2hCP?La*${zm=!f*7(q zDh8xA@NIeh%2~Ahqd3dx)E~=wKhX@dD*W-|2QGtUhSNcZwT(Yl7+4T5a}Wfy!=Czhj(*DGhKoV5!y& z)xG=aotRZkK{zEA>_U&qIb-~Q#_I8!I6crT?3WfP@8QEUik5MiaRpCGxi{=HjyLnk zYyvRZRPy$(jh)a>QT?TqT0kZoz|-e*+Ju=&l20ls4WPfHM9&j+1%05%rN|MBWKai3 z`$yc=P;inc$_~~jrW40CMVS6)@y_4H#i%OT_D%E?`_+d?RoL?-G zqTni#OT1bd;=seM%3CaQdUP~~C)mru{`;EQ2xZ3ePa4yb^MPmfx4m-EP!(r;IH1Y!iJ};G4a5 zW&01--em=`)9>vcIkLb`hW9E-G6>c$AJC=l6B!H>g4Jh zek$;0K+OM7Z-&Jq77WU}?tbOmKlBGJ|6X)4H6f4JyaztcA3oH4$saNScgNJV7a6{x zAyWMZmp?N0$EujBy0@pYb&vl&-Np{T2ZHgz?vT}IP$o}7a}oz@aA9G)+D1f#2oi>_ z4C5oR6D1LK!jQdWLVqbBq^HN$c@j0g%;2KcW|}$ibFPO>>ym6)65Fw^7t9x=PXI{f zFl10!7UD50R7!}Aym+|M1eq@882oQphXaK+&(u{HZuPt zsaa}Os+0_}T>yuMImwtzyG?5YBEJ zH##IeeZDJ$qR;Gp+OF{kUUnBX}OGWG-xwsVP9#n7p2j@jE^d7moh z^wI^ZZv2!@P8m>m%+|Y7nW%U;Fgh&@RowvdH7>RYj&V3QTduGeKr!bmk@6twU3kao z|LXb(xX}ZUbM}*zLkE*{mTIk&MKMwG{AO9R1q8mIn0Sy&=bMlX4^rMoMy{DlCOOjq zXnz^=&bCvhc<;k5Ad5x3`zaHKHe7yjaM%UX)gj95{j_T-Mcx;U!!D4#_e3YZ9JoQhSU0JU_#+2-X-?m-za~rpzhE7CzA1 zTDc#QMZe{pq*(HZ>iet7T@eg|DV~H?6>=tN2-g#a7-5E}k7ckMc=j!|)7I_VSLh}U z^4sf0&SRt)*~DXw;YQF^2!o7-c#C^pt{8yde7H+W7* z9R~00jQ|oPA%;52!qWSjGE59KoT!-skvfk~wOAT8aILY))#pBC`n1tfX1HnQb+VR& z@EV?+KCllMgXkB;Hw1|DZg2TypHT~!(FIM0^9Ms2A{t%c8lb1Mf$dLe=5?-IS2t^8 zDOF^W`lKto&X!7u!M{QeZCrPb7EpwLLXn4E$+KsG$|k-#&))h{5+(CErOnifkAH3^ z*GYLNIW!PElZd|-EHbwsN7~VH2sA8`Ss03JA-n~PhiGJEVpyK0wG)`Ui0%Y4;QhL| z89~A0g4^2iu`aLQ;kUJa&zpb!wdhTQe2V&=;+I2o5{0O;?TfYV3T+ZJI}b-dF4BDJ zRh`Oap*N^EAU$p3bv13RhQxK zK5ad9`N{KLO8$Re3m?25qn+VE1c#QvS0?ph)4JWMD$lbgOo*VIso!IK2Ke_QGMGjq zJS)&8uR*O!JuQ_$j$TmMIY~jk4ULO&~h$^Eu5L6*DEEm zZ(dnaIas<63swcbCRSKLI!y?nIX|1&ZH)AJB+Qi>G6ig5J$iIQ?!5>eVJ7uWSyY^J z7OJn5g*_q-{RDf>9#wV!ZJ3l>0^TfV%T+{yhz#hL5q9r0oUdN1FXXWdG4e5mr36?g z=ywf~trTaO(M$Mp=5CLqtMSTnbTPHIK31e{?0NpL)Pe%wL^VbZr;An!)uQJbO7bwM zz@i67rV;9AuNt+rx8sGAa*GH)eg&T|*13c1PJ6!y7rQpq*URz$+cQud$ zCfy7OflOU{Jds8c!tPX^6mo!f!hh*kIREe=^eY@ZMAcc;ThY$++ak9Wx`tRXttgSp3DCU<=JM#k9V9#a8aA%*B=gaFY347Y<$=_@jvomZD z&rALp=$@tfk=%KJ_|TE?@{t}bV#PbV3@Mbx980krnZMJ5H(4;<0sE+>aOS0ieZrnzr$rg{DoK^dqHQcnTfoIJkLd z*((o>Dh*TrDSvUt?|J0V`#* z@ImgrxZcSH@aD?8_dU7WTBxXw2E&=(;IvObEF9$3{%wGwd=_kn%C;@*Qe5D z;gkM;PFmsGOJ`mu1Pw~2W}N$XMWJz#MkB?~Hn3bbt~=5b%jlSRBtgGU0w`eZrM77O zq7Utxvt7d|1L83dRC~_&AnThl)+BRx%vZd>VqhUKa%utXc_tXDj>U(ns_|2f#NU0$?-YyHQw@w?;Q@Tb$ zaSWLE;50p^z`&Wj;n9D=;wv%7A*qU`fw=J)8fKNcS8{%{NXdxFL=g8Dr=KMKEILYC znrf{RfIHhV?QU@Of{3;H*b0R}GOIwoh>lSz02EB6Qn)3H+ZKXV@v7ph1>sE|hXKqU zTl6}v_xDd09E#cP{FpP<_Ii02+>Rr05Xm`eCp&OzW}VN#zg~_`ia}o^3s^X6MTRon zC&Skm`Mol%APGxFP&;$g%Fe2Hp5CqZy}51t?c@24?x=cf(@^~_TGuhXsM0KawrRVQ zV;sY}&)?c^+wJp?lY6L{v^m;L{Wl$72iM=WT4ZO8JssEEQg4R&Z_Os>`#${E_~{>0 zy|&%`HuiDxH;bN2f)D&r{710X@#}x=ICu7}@0Kl1O-xNu0JJRi&Ko3vjqP({dr4_& z0i~?_SDjwHTo7?~;Dqe;qRO;7GE}{|xERlbKG;{R2SpejH{s{Ra=(w9hz=Z&euD@5 zMMmnKm>6P^9hvy))AAuhhu+G{Qsct!5Sg=f{3I;zH~C|L)%fww3m5L7fX>R!wz$it zkH&)s561sjbMD-^4m{C;f#r5S8!baSH?b{39y$gVEh{&me?Z1hn(0R_BhMhWf zI_(tSR$pJ={mtvwugxFEZ`ja)TiLiFjJ(1-{>u0|1kT!(zoc;(8K@G*@Qty{NN zn3|dz4j$YVpQ=RS^jaod~;$IS% zlaaB0^X6Ynyek#NL^B_sp`becD3U_S%nIMDS4}9`Z=|F&)zj1C12(3`Zm6Q7vi)lc ztl54ek9Lfo_#-WGMu$|5q@$j~tO=H$E$`g9BVSHf-$V&m2=F10{WPKH#L@fm$;L1J!W0Mi*}S zZR*sHkOMpEFQOlZM?@5o*`6e>8vLrTa0wzq5>jO1oXJ!1=(kebELR|obeTu!l_F~1co z0BDg`gs$wN3$C9$*#w3Ybleo_;O5xa0dZXujvcEX6BBbXGV&&tG_5;z+C~L<3t_c> z2mts?f{OY0@tZTUypv z{8_Y=%XSM(rblbtrOQqvesku`xsj34cEACvLY@0`60OzMb&5uf4zp?4rcJtsr9n`0 zg+?Ci)E%&}@Q(~wj<&Gaa^Xc*mNqY3AB8{EL6dG9`RQ#Hx9MHOK2|(WQzLP*PcBQcd7=eBU+!dq!+jz5Dj<>#6Y1$gqz7BcGqCXl-F((cQpcLWd3= z{HY8q?vB7C!^}%*} z#H-?BK8uw7mU&3Rau;a_rEUrj51+qaLDu{vnq>?9kbV2wMXyMoGPc`BLf0wBj$KT= zyPBAojCOaA$|+NCwn@>IRGFQDEV~eo9!6E zeGLHlNf@DclABxKH>Y#aMIxeNr00bAxVWli(e7v5RkNEkwCk)0)(Zirx=GG@dvx{p z>i*U?HU(tA6*n&?Cy$NPvSVV8Csds^!_iZzREnov+y@oSA+0}u{tR2Bo{^C;$;M^_ z60w&AANQn}cGlL`vlcAq>xs+M62C8f4GeM;R)n2C-Gaw>JZP23j=mWg87UO()6k3l z@qP*Z>{k2x)%)d_U*@~Jo7vc?9zJp;{M&`>YtbRe#19Fk*VYWXmztU$J#8>5;>hUR zXU2cqq(OVR<={aL+bL6C(HERNdGZDt_^=OyjEtPAHcp;8wI{f6USLRwN@!L59}O<;Y}Q0Ea{6?w`)O%$zYOv8vsmThGaD(D!uQ>~1stU$QUJ~J z$Q3J$P)qj%BFQ)LC20A-AjA+>^WrB z=e}e;KU}VC?d@H7Rmq^+a{?=I_|7iQpXTW3GiK{y07>C&#SG(R2Rxd9(5|GgXQEf8M)iM)Z(Z&)HeB zGs!)alz^3u*7M)9J#wFC)*sWjv0qS4+Piga)zmgJxqUn|R6&_{6C!9>i@muIAFuuJ zx~aRnd)V#<4||)MYQa+6W8C^ru#@42^XARlf9Oz;zI|I@ zU$>rspqPcJqyM&TqsEMBL`663>O(1h*MCB$*kDqZ;L~T${LJe1{>(i_Ghe=by%7XJ zS8eM$C(Ty#%c~Z+xlKMbZs9@$Vws`Uv`*AU+iQC1=s1I~X@q#A2579QrIr5ZkyK4B zw1$eY6vaZur;S0Lf9~o=Dj7X@?g_^lGHCEHR>}M-uNYGyx7g(oUXIqYCZzr+#63qL ztr%-jJkoe~X8M(O)On2ftoD0+;>3xl@_DYVH}BnR#?b%zJ$qEq$W$_xdMfboojZ+q zUozBMW`BJCd1cPN;);q^p(~aoUHpo|u`vZhMf1lY{w1z1z7s}|J`
      xlH_*x9qK zS$~ntnP}6tZGC%td!(Ih6)y`5H^7E=)7EYnA0O`kBd*raG}SV%H^tUsFRx^J*%4r;nl*pU89;oQP4Qrzuyd!1<+yR_n1Q!iwI?Yl$$8c+#R03$oEm(= zJIGxAkcT-r?Oa`5vCH@NOA4JCNb$6H@7^1?Zq)~S{^=bYA8)L<@%V9jV`F1;E31vy zua7u<_;A*gh(+>^7>eD%Sw*%)7lHtBs88paN|p|3*0A1m56ZJ`-jP zB0Jy~?@TcwVVG4$XHm?yzbE#n-qn@eoTg8g&kKz<`Vy$zk%uTIH;g*R{9P#_wA za(PI=G0JWoeQ z?1KNR}c6XB2X3 z^k83Z70LZXKh+P(5(`Htc-!mf=$KEKFlE)nIAib1uCeFO_h)2(_L@9fI0tg0GA@>O&t zu~0SXK`CzmtM1B!_PA6U|(a?(bisK1*dNzb3tp^|Wc*_!T`U*}uGhahF+;b3mWbA4_P;UhJ$VU&No? ztzLFt!q1mKLw*1AZ)ZtlkUwD!I)vi=BY#R2zm)v_FaO7WX>Eh`FQ%bAe^B;t{|u77CYYKdX{#$lVa-J*|TShRFvg3WoZ@p z*)NT&-r3|r$&)9m&i_JT-+cN3zP7XCZ_;11Gg|MUeZcvNM&XpdsGOF&P`zMR**9T{ zZ(jSa$mP9rSbg^6?L_h9JE_d9ug#B7^c1(Ywl?%$H8B|&ZAt4(mL!BSY^@(j zdX>~{NiMfM*KR~cK}Ex6k<&3hKTk(T_u|EiV}aW)_r5P*S^9?m_8&O#BH;E0AJ@N_ z7;}|+dwT=7vD{}QelII4YbzC1uSH|bVcWYQA>QR<1X)2!Vas4H^+>y~@1i<8^`>8w zZQOP}AmBxZ&Gc*UmBr!Dul-}hE=xL((FRs>Z2a=&%S96t1;^|1{kS(a883Ajg-e$% z$;*>UtPIwMRaI3jEiG+f5VYxdxlc^&VdL;la{JYl-z-O56qJ>Rhlhh)9KLtH+DOfM zlWi%&$gB4KdoClR61NvmpYk6*{PQiFcXz(6k-NL391TDHw-1lib{)PVb#0!%(88xp zk+P|dhWuV==;x6Ux2ex^&BhuUcjMz(nHVtugP#|F3=0SdaH~g7RWleB6cxE&y=pJM zJ4rJ#G&C_Sje(8rq()bvqeWNV{xUzfjNYHErbtDScK*0z;Z%B?1pgUx$+I^}rS zojZ3h6gghMm!26GYs5*mwzRZ-{3y!J9T?l4ZB(upM1QN@>f*&5?^UmvSDBgL{5EWn zI(n4*WIX;VL*Z{f`r&bz=P$3>X64tfUz?koCwR=qn`74cNj^V?RyM zFZVhsN0W9kfvYcG+}@A<=JvfxQ*Kg8nl&abaJcR>gX3O&A{FD`zt`8-*XHk4zRO8D zP;+nZU{{~luVD6@hNp_pI>pih*N$n|e-Y+5&#!l%gYd6xA#3W*_^6r8# z?b+hyG^5SK@S3W*DbL`kLGBUClsoPOe9oIMQtZB!L;iNQK znjI}FDk7I-WM-b9=s9xuux|V%E78t{=`RBO{5AP(9#g(aNf#_F(--20y6Jq{5;L(d z=0h@=b*M{H6 zEiZd;b8}DUVNxrQk@*h{3_N}M)Ro2WwXw>b&@`hN;}>U7yX;%_BIMG&uSlGW7Pb0N za`gu$jC22A0fE$Psvho`>VAHHv$IY!e0xIP);BhCU#p??tEsP#IeN{-$!QiBJ0>rG z|Necdty}xj7`ejEojb?tuCJ-7dFIRy=_BM#?&4(rZS|i%x&3v0Q;vDVSVvA;U|?WX z8Wn|q{gAn-X{gctEWKB%PQItuY1E?*nk`KACnY6)YtK$=whUqr@@h1Zbe-_{y)^go z$W!)6vp$b9cY* zh-bm*DF$-2Z{18z%D})dBM{S|p|1WkBV%TI+TPBt=KXsy5fSUIJb{j#mwRr;p6gDx zZhtl)qm`x+r+(su_JTL3PxN{?#!?^dauH^sn)yxo@`K?i1Y-GbCz=`>LCsA90cWK!Sin~tG9x1+dC#Phlao`iNiY9slv(}#v#(mFp{C|+fn9%f5JUJWqzFxo z`i*Dh&en^q@Q{jjq3OB1rHt4HZn3Y@pvCA;qLB! zn)P?Y!-rx{BbqaFp&ZBFgs?RZIn2$@Qu-~-ci9F~F?}d@wY`;dcw1nOb-N&MwYY@D ziCFRJ-(HEU8PA?=qo$s0PF9W(G>pgm#$3eA`t<2j$!a`Fukwi#C)CyNEYu)iVfbsO zZ``1ejMI?*dD_=JwEQgg9gVfUj)dromi zMn{i*`xf!w!Kbb+JovB9SJs<0ZNkKR`02Jr8a1=1O5GJK-L5?(c_!7j&FUYvwzYBX z+vhy?(du2~fi3j>;z+K)CYe5aKJOUE)u*=~K71H~%wf6e)=n=kufYbt>bJE~H*VZ` z|Ni|YzTL7r0xNlWcxg2a#r}Xu$FJC_Dz2YGwQ~vVh zOa1&SN4=H{Qd7USW$7b!?@e$?V#cZ+9UbM?h#l!Iz2@#-R9t+`*!VL>I`u?M>Pu!q z^y@colx9ch3Ez`>Nt9?5@P=5WJ;Y6GX#Ch&kGh*$SXf-TRM&5JzTB(Sq7zp~m);zbB&>(F0S=NA)Tp;zU($~(; zPCWI;_V%6R2XONzV#E%KicYze;Fs5L+}J^GKmO@O%xccXx7%D@e_~>094xI75k_q9 z$gv1>o>^SRfo^VYH(7Dy7UJS`72};>9mWtW3LhMMOjd z-nem>P3C-$A_*b)(ipXH#+0qXGkGmn0bsug#oY)I4gLhOCcP0dvhO$k?ZbKyvJ{y0 z^>wM_Qy^r8$Hnzz=^ws!?V2+KDf`xtw_Q0Fjd4d@kvdp*?|vv~$T!?`#hxP72Lto# z=cJ7LtV&M+fnd2QNmCqe1Ivm<+QY3O`cSfR$O=NiIsS)IU3)49|1!_nyJrvntgWwq zZDo0J`pa9avGigd0->(heJ%qzk(dYau|m`$1bYe{)1k3% zh39Utu(3hH5s?0?-)^vkMUYfI4?t8+P3@K(H+R}!f5{)xCTC~BKzxl6wYp!m*oJ%q zoX6gnS8$ytCMxQjoSbi!@#)h$;%le~Q}F;}o*o{l>QVC2BQFvYeO?>CixN?ezidyz z6%iU5iomdmoOI^9N%FhWh5+GeOO z{IG5BZYj6t?=EjQo?&hu!31YzWgUCAfgr24TgJ-+0AV1+7eI4)AV_F%ldyrj7FDp) z8P`n<7Sr?#I`!?d=tEDU~dSU%*3Y`$!qVRK`8(QlwEhf4&zfD}?nZUt=DnaA7xM z__ww!qy%LDSFc|E{u*ODGc)7o@BjBuG$^OFgs>c$|DNBcq^NixN}Yuz?)R^s-LzMkU2*DR!Mi{QlNo83^nFbYgFB zA0Ho2e3ZnwzxF9~V3nhUa+&C6qNAHzUUWQsINz|?<*K{;*RNk)zO|j`X(cJyxl|!r z%u!+bW!g{`Q;ewsr^MC+FE2~kY0p&Z4%}q^-6CVgEa(Fq1$s=u)l#~#EFsf`4 z4xELX0pQ3fDBdT?81+0xs5rl{O1)(f9htg9&I}va$#6$4PxW496cy>sx&T1pTHJ4~FI{qScD^bV zUsYhaf=Gr}RrT`*Axsxf=(W(lac0M(B5M*tVoIUo@XVq|v;LVgXPVtSJw4Bzi;9bj z!?((a@Vb{+!Y1wkVw+@ceD{u@hX+p?DD~s`!ZzY`ot*pDj*PVVvfsajw10x!zhWCn z0OPJ*`e)DbE6g5tbJa z!LWRRuB8_~`=84(?dOmHZ?Uh1JjZq(0oT)*kdDCj4XRobMv_u zCW@#!)6#~8%9r=hZjOtMt-0nxV#!Yo(`R&i%uG#jZ3h&Y+qP{RyeZ562_*q4x6ZuF zyS8tiuH{Zpu{mvEP=cZpRRvbnt)1NOqYnkK-y}xmnR=mt7D=a(=bpb@_J#Lwa)m9T z`bJrlWmFzt!Z6TN?1~)E$i(!d?jV6SKw7xz3h<@l@Ow;vrG^nhsy!LZKpzQe!AW(I6bzSm@_lGX`}AqQIYV$LA7)5&G&PCWM5*TO?L9pW$|6?AyUe07elYqb z{-Hwt3G=j;0lWi-86~x{n_GeMUWeGXUmBuBhQ~W{1kUF;f#G=e?Ad#8A+#ZsLrJj;5!hlaQ3Wg208yKPd1U z;mE_&lkRujcG+;?D!d^~_2db8f~knGaHx3Zz2k~O;^)getS($gO8znVNLfv-9<_>t zeN|T&a#P4|35UfQvs=^Y>FMG7b#I3-GBVn97o4iI$DsC=yDFN0$BC~=Uot~TXT#X~+p$=Bc$u6N!WAA$&bCRt_~<0wf};Lmz|w($lG5ilUi1lKk}9!k55h6 zIm}(xdwRZ9lAj;YzI?Jh+sM>(5P0qD`?$T22vsW=~EA|8aKA?dZ3%(9=f0j~;D!_wJ)113~s%Kyh=u z+42Ias~bDHHEaM~k$}=qCF?vrn>6u=K*$aJI`4a`CQCox>-U`QT6CXzri*JMX-Tm* zc6Uqd-Fp$MXs}>m889n^Nkqx>6&XQOTV$z%#`u0oX=(K;IgPV^*q8c;0(;w!son|8 zZgwPN-mspS@84lAwT=Zt(rvb2h?-^_@z>99VjdF9>%>?80^kP7_XJyFWGDADRy};V zQ`9*EV3?d#{Q@djZ6XxX;}H@%Ia{?uf}?`gf6GDOQQ3K4-rP;3>IXm|YT=L>`L$%q z=+pM+1FGd6q*Suj#DT?m2~!kH6+ZG!8&jPC@CZ#bl)}}xBte#m_^SeTGD0E%=o!gb zUy=a)K6lrj?-D=!eapB{T0d!Ff*YBqu`I`*qY0Ljkijn3 z-rqNM?0i7Tm*5(5}vZgVS1j|9UX& ze0iWc2=&&!eftWFiU2(q4MmV6{|eYL*;n4!Z>OabAG<#NqI)+gB{%a62rPQ6fQRBb z8P9KKZg2mhu&{99@C9a4tO7z^VzZ|)Di;t?s|cVL37+O=W`_`j4>~B{-F;3^PnD)B zzt1ZMS6rUe!|nJquHdq={)Cz`gOWzxJ@R8&3~ZJ1u!rHw-z{ z*VVa6vC7c^Gl68jtf&~^?_UXofv2lF{BvrGM!3y4*ywi#G?s5H)MTyQR3i*5l>LLfe8;Q z%eMCX#BfF|eF((wu6>v}+3JDQNlp~XVfCz6unsyAMiTaQ%16J+%@HB&!+I66DO%F6?Z zD0kY;6N^~UzNn%d5Uos5j1u&%=Cx;fXQBfdhUy;W3dpeCrQs;+a2)iQHaQ#^D? zdM!X;VC0&wBVaJl(LH(E>55=UydgjY!HR<-BG=}|6qB20XJ_5##`fJ)5@l|XeFvaB z+z^wNnYq8y<=6ao)FynH^s-ylqPd}&ax_vY77eQA6-2x+?vt#**M=gFj*gJA=D&9- zmkmw3fsX~f4Pw-U>rWW*Cx#Kt#nneGqqpM+Nz>~=ska)E`jn`usnPW)IFsaAHa|k# zbai$0V>dA|S^oXI?~o&|kAy37=+M4CA^>Yjlmqg<6BHB{S!;UmWSr!_p+rbR0$MBO zST2iu36^C*xzyCue>fd|P^6bHX8{KaR(d(J6K zOUp14dKQ+W4udMq0lxqoW1^##6cnJVB_t%o#U1rrnr+S0&HPp;O`Or9*Kd=eu&Da* z;X_;7LyvEtKWpmg@zHL!5{+IE6^khaQwFW?rjkyUp0=*8a+%l6;Bgn1`R5lZ6?7T2 z5jrrFLqUT58v;e`jA3t#K4gvBgrD9T6lQ;azbG@byUTb+pv1J~u@hsgYq{tBrrAz87nx%b!gB|G#)}N%!>WM{4b@ zN#91sS{|=XRz2C-5j341C>$RK!C|p^74KO z34L8VfiA%PmRB>7vzJ5rr?Ept{^5jWf-3WF{D3Pe}dCTSDBj8fe4*)+Tjz!=rD_dq* z=|H+flq+@|v+N?nPn+3WzxC|5g?j+^cfo$c4b8@_Iht2vP0qBnB97@SdQigWmLM>>XVJ z5P@P9)C=MtQ=q6w669U;XXFM_Qc}?ELAP(C_HrDk+B8$22RvjCvv(@M1t4{e*Ksoy&1?W{6zwV_O?=&j<*N>FH_6j$TurUt=6-C7tR~VIYO( zPW`Ar5d@*R{MW>hZGn6B3Z_9>;Y~x$5iM2)j07?U<8zzZK|B`82dZpbjK8MT= z66TiARsGACzk}PT`l6r#5f}yTMON2D(7?%OYg#l`vK(j>HC&JvDZ?k-kzVE3kSn@OqM`4ud_Njd8W1ZeaSYarljz=YZ3@eb^FH@`$U*`EK{Xl-kpe7v`IVlcCuh?5^h`jIfMkj>P_i^L zdqwnr%-NRzR_eV0C>#XJ3F&Yjr3o|?dhdYTai$ap0OkzL2FQ zcjTsKWl2fNty{O=X3gKQj*L~1ye?i8$vmaTVuR6#1>oVshmY<(ct8u$FgI6}fdP`v zgLm)V-M)Pr%sLg*!Ru0`yNnvHMX)M3IZ6o$0;dzC^$fh5%F}*8g{Ig zDW+_nKtl}nDLf{jXJr*UU~=KY3;QohGtSvcwzg&_CNuLl#{AZofmQH3gd=7(Js+$B zh`1Tg8S(F{$G1Gk{O#)O)QA!L4y~Maa{%8{SiSTj=)G7!eR^>b1rV5ah|~jvgQAFX z&z}ohSPcJswv#~kylSPy7MUv|4A~X05}t%Ik44a}<;z16n8gMdeuvqSQ}jV|y{)Hr ztV17zAaS^8h@L7$@5iaBDF1Lqef=&hw$fok&nJ|B6y2h#(A)e*gX(s~8kq32q4_R>DCuRe5=N zx8$FhQ6^JT#0rDs@^)fLcmP1i(eVeO6IM@Kb+zL18PJSKb-;mTWo73FI_fY`bzA}! z{QUfPS&q;%GNz}cwGWcxMS=8UFGb3kOEHwk$RJ8RRB*@mo`{!jUZ2qM}alncwY?94Xc* zW?X}N#E6e%o06KU+O2TA!Q8^k?CP~^`^&{nfQcjK%6@5K%t=(g;OuevdwaoG0u+mh ziS5|GLqA04+Sn#Sq88GY`K3$lSW3W`pP&Zf=j>TPKq;@~1;}}mhJ4!VQ@_S7aVSyF z9~#_t%<{0XV>H)`i+_POA9V_srXarh%P*5_Dk?rFhe)43egNY$bDzZ+HWREfIOqoa zF|)OtUP~ic$|FuHD+ekiA5Tb4OS8CmaVHZKuV?i0Qb3#ySJsKq{Ro7ZeMOP~q*&L}qal}dd4u*1ln|4>E*SWRaSl0MDL0}oM% z^qST(I_T+#tdGTEtsS0bzqZ6VQZ_KgG_Z=>8N;}U1g!Y8#}cLo@FFN5w6v4ViPV?R z4U8i^8()7c=3nX2E3iv?@#26)jj=EmAyB}79QJdvZxW!Xi~3~Jq0N9)zb0jtr;eRJA72$+gc6q5>F|?`48B_y zk~_)!zkEqf{;|3vx1?klB8`(|Ph;cB0X{P?FKIa%H!7%cp*RJUUJaP-s%~zFe1xcF z2zeV58BVO`Cug_=w*3GTNi=EpzU&x>&8qF=$D3&%F~U%628M?t;^OcHRyMXt_(!~) zK->{sTbbEqdWe4mGJD~e;6U(WU^tA)0Qb&z@)vk=tS$@;@##1@IeB&Zn}0rOk)6j$c2-8pO_l*V*<(9(FRL{!dQ!)jOPsEojY50Ap#JPA0y4;LA@2HlG{O-fd zJ2E<2Smg3RI=HeQxp#lAg%ydpi3tRUV}i7?!WaGmtJMDVT&1xvph?&Guy6I7H#*wd z!Av4w4R<~}U%CYAT_3>NcWybvyPGwXo0<>0G6&}sHeX{E;^P~`47q>ysE`ASDbx$A z2&#`Jdl5#WQ>Gd`Hu+6WO}T;m5D|m74L-M6aM25&>mydZ9@AnfAS=9##dKsN zWVFW;5u=E9pKM%2#DJSOQ&S%n6Qd7?F{81uQRwK=Qh29`wqZcs!+jommz>~tEBJmC z@A~-TJ`vBQ(KMv{fxYL?p9gP+i1vBf4Z?6}q)^!&lr_9CO=*Xd5`0q6Sos7qA5t~B zUTeChGE?Hz6&13)U9kG`6-put-2dtUrj?NBaw66j%QjX|4W z+#+6{fa~+}<;&sc=&+8dPLQ7k)%Ccq7eu}6_bC>@GotLWu9&PdBU?Tu zTGtLml5|>9DxdrGoJxAmFYie!PsL__dBp9gdpO^qc)N4fkSdwxc5+6-KBh=U#%Lzh zgi5oqk*EWv6RM4}Axg=w46F!zeneZ>zwG`0TTiQvV2xmg+?bJ>xl6{Y1Z85F<5~VT zL~wYXjLprJXsU<_M^lr1$qCY}q-2dDJXaczN%AhWWpY$t);vL#+fb^z-LWhNBm<;dQF3%cx!SkY0rr zb=u{uzWy&S?Q%tB9#cEB_a7LVtVEduE3NvI$!N$U>JJGEvlmw6z~6Upz9}GSOSOQ`kX#QBRSCi-r<~oSC_~ z7>Ez_8vusFV!Ml3Rhr5KX#ll$7K$!S9?r%JH>vYxW<%g8FIii|;sNcf_gPO2TS()u zjK_jzo&7m}o%$7ac?w-ieL=_QfQkniX$P=J9MVZ z-g8j;@rvfYdQqLdp9gVxYeJ(CFYiO?;QFDlF}`_YZD>*U_6LHM(4R1j@&WZX^2iF> z7?ziRtX@kQ2ZX|F6S4ZhIV}gzNP^cA-tZlbGz5F6@11j?lOR)Z$h5Y%Cx}?weei{g zlQVamT0XPA{VK;7UO#d<+Ua^k=&-Oe#3;JvjzEF$dq~dpLxl918v44}V>Aj|v*s0h zw-AHr;LuR>s8dv$&hBl><~7GPPx+vc!dI4tg{21+y&pSJU27M0 zHK!XzngAeog~oqnc4^LquaYkJgCEuA}VkT+<2%~ic1 zx22UxVjT1N9i$_{b8zRjp+hK={U%HmuxUxdehrJlnN)Rq2Zz(=8VJlaZ{KoD zO6tW&p|D{UalcbqTKX;u!iM#&4+Je$XA&3io}dBXv!4+Nd3){J`?~P`ke{SimmOiE zffnUp_c8qxOc;o`p34hxp18s=0-H%)9YvEUOonLvxNl*O&I7O<#V+47mLCy5$~u$i z=;<-<-VK!Z&h1YrR8>XxA8i)WOTx%cfuQJePc*#vyRz}K{%olQ-4AYplbL1MmqtFw>h zU;$~dLsSd@26HFL(!|6>vyg3x=>RdytbXp`z^50N2OjMiZDB6hDxaj8bTo68ipWU; zCO?Nxc*Mm9R?aHddN^$0j!6)=H__9J2F`(J2fU)Ojg1Eq1V)_Lj{*)ByrVzG)*Y80 z0mq_~XDAWWn!v9!O$(B_dSp>8V;c~d@TKmT${RHw`1+D~QOlJgXd`X3)Tk_px|5YY zd!~V#5UiLV?>M8YYjNeu3S!MZwTDPvN=iz%rRg@qb`tM;6AwtoDG_*b)h>~>}I#TREce?R9;^7Z@o6J;Yfq^xY^kz!C4*`0UK zQN)LC5iJAV1n(paS4GdB3Br<&8Ur{RcL;u0^x(lIkXG6{Vg%;{j8rKM=`0cT!JQ>f zo<3Fos?Ho7dUgBsMBI@_?PH^4M0eQP0F~rsIIH3LRIsgOAaW3rPU$f*yX0ul%>_>N zh}#r9EHA78;dk%eReCAdL*UVe`}O136CZ{Fs5{WS;Xa3)o}{Ug)>7NLgRf}k#*nu# zY3()2=@=)vT%p;4Hg9jonQv0%pyA`GVe!NIA-MhL$ItEBwQJ)>7)vFkuFfbpT|i|2 zhT1XX36sy*z?UyDdVMt9kn19!6k0#@(yS1LFkX$B#uqzr1HlM`zQji&!qN#c=IzZ3R@&Qs#p%j}h=_Kq z3e2?3_3#f59EJbA`1teS8_t~hf)`^fTw@R77tjcd*?n6q;WDchu9>1h%dYfvo|#|5 zcv?^$t+c?m%o>mTe9s-e&q({2;W(DFRH+IT1(|Cf(6W6&ln@k~1c;Y04LWd^!j!Zb z^PsyhrzjHzH)a-uYuZloMzVi*`(xy9_r`3LHN?V2rI6OdRd9X52y*o^?u;v2?$*Ux zaj|ERzjTc}#<@db@*(fG#6pZ58tSIR=@QB5gR}v3nz$&1{YvKH;V|o`h!Q!nokb+z z+`+U_nj$xOc7o68{v89}ib_hG1LWhM%Y9v4`Z>wnC|VZEuzhOr^Rip`#`kUB67$lkwLd|D=*Q^cjYS4ZFX9!1>M!eJ${GH$fBf~i6@t7cZ z1j@CfME9_njNr3GB&hz~wDh-egJ_{3I<@|LvlR!Cpprd)RtX&0lS|);@0ToU{B~VaHP$K=2@qs?I)aFt;UIWVfRUM}JU6iotRv_h%VBugy@(U7{xici9}Wm`%Q@b2cJc% zr&_*;oYINx0c?Lu37Vk4zyIUiv%q&q6KITuBj8~Vx6l11OHtS?mfw)>qot(<(|#Hb zEe2x|i}ys{+uxroL;Wh4ftQG-y9`u#ioC!Y& zxHLp__}Y<=(ZjjS!_7SmQF>)GEdk7q)*0b7=iK`1qBRCl1RV!9hV60JE))C58f6%$ zg=aQewm)N$qk&MHAZoQkVgcflkB<*DvAc{1$ViBGGjN7( zmR_~Viz@ErrEl4Ar=!(WK8e_Ug(pTUM&?2SX!gYrI$GL~FRNv)%|A7BrA(Ca{yi5V zzgkL2Zw8v!wp%>0iR+T3X=<}2Zfx-MT?mZCyk)(CNG8I(10?|W@#gK@;-Vs?064p# zIAxbDWqeshPx+HFa{?c6I#O;}s-X01YHg(xh?t$8#;9;azyPd36iZ(l-^`9N>QZBb1t-`#*9?|x3-iA-n8K_^ z#KX_;u%a8{KVvE`MGQ{FCJ>^7lo)CLTLTyTWniRK|2pUn#4CfSuA7Jv{d50$1i8p@Wf(K^!%MKgG4oswRRUhPR!@fdjyw-f~}BI+0&6@jkJFaIY{ijJCb$x?zXU6 z+F;jjZNVM}!ByfC=gRNRTq64upd~9{?uro5e;6GNmS~?e_*F#WGKiE!XPX{E!Er|Y(#<8OnBQ!jma z6;IXD{F)&!krzJL>g;@UXI`B#1*&lISun;{2qobYRP*yO=$0%?U_(11rep}|~Df~WM9+A0qr zTAqjYwzrv@*ChOUgG}ws&98OyWUcs?-o`Z!2L=SdLDSyd9osluU!DXkcJ3V0)ulOz zpv0j-X*J+2#>~jblV(cToY-u6Vud?#M4Ui}HUVO@n|V&ou6radXik7j7abT?q#Ky?%`RP1_2Qdm`GmGHAiv+ge@CgC8yIv$cg!{{{tA&|AR3}fOS*;c zF*L4QiZaX5z>tAl2{iVIAR;O{-dkF1nF@6YGBt7EjVq*PT)(4Btt>Ro=EiIUXG{06(*i*D!M~w#J$F^)y z$-@qYNZ@vEBk*I}SfvU|N^pZfK64|@Ur@|qLP1AEhC6kpwTbyRyp4blKsVP=RuKC{ zYJvouBW`v7nZi=r+TLU+7TX+B%1Y4Ozy< zA@EV3U6STak>^~?=xl?5gGe;Ej7L@}+lU=`-i)@s<9D@mbkL`ElPlD9{!=|4`r)Yf!$Y~>LcxN&i5dGQAs zGjX7HW9uAHhIq3N7W{mP=<(Cs>W|N_$-)`7WvN`f3S-i>pz%xCx@C~`F}!7|j~{bX z5aS?j3NN@2MIlN}V!t@|g^O?QfKY)M=`2kB3p(&d0E_nmg)(EcxO~@hrrnlx@9|?Z z7ZHDT~pgw-_Mo-n_yPZj|oMbPmtFRKZ_VyBY*D2n`BIP!P5B&5&%O8Obo0_H&HIb~!Ybp0PF>hrQ{)`kkXpJfywW^Si(DWwEwcMPXBkr>!3`QRJVq!8=4<>2<`1uq5 zv`azbssq0a$sqeExZ&*g-Z(u-9sEkC*o9S0oIOk4uF7AOobddh? z3EdmC1e#T_jYEOK1YAsdro*EAk~F+RLXhAlJ6~lku*Wob&5qp5&bHOjd59<#7sn!j zCfn0z&Y-;<1_OMswzmHM{X0_d-28DtpVOee(1nS8W4OXbKY#u_I(l4;Uj}R;?8YGR z26GVt0GJV*5re}YKD;fK|MI1Sv$M9*ViO-;Cwe_lLSa8D_?#o7qHamMgA2^b$w81@ z@SqP0zju$LNcoN|yNbFx>YRNMpWEBp(;h#D-DVwZ{_hBJKJ*pCKQObSK#+iezl%*a zRxeI^9gALCBKR1kIj*XIie+*?)gt;j>b@iI3AQIsTCCoW1ndhJ*?VBml%lDkw-K#+ z^rglrWV+u^d!9Rb&J52TQ(p0~Hjt)Yt7T;>e&BRqBVPCl>?<&)S znD$NJSjEM~IXSPtHU@Pk=`}Vwx;Q%;)@7l^7w%r_Wmc-r^<$y7r9}ktJUa~tr>gHc zIJGWcxTN*>(a{%Y`L86<`sr*a51^EL*79u*?R>(*P-+gr)Nv&rk;?j&9!$0ay78+A zUA<9JOfy)7RwQrlRnYt3lr?{3 zC&V7L6=imoWV!taQ^suwxi3q{8nVWDaDU@2M^^ezkjtS@CRa}&u=2u-v&K=c#uhkt z@QRAk8l=Et`?U2E*g9EK+#sZI2)vhGxg)_NuqD>R$_}XmGYKW}Ylbo4z-CK@Qx8-h z?>MFhEO6>UgE>mvFLR7HM(5mfI?!aSvm7ETDkWv}N)P*X-Ab0&LgBYUMIjfehJBT` zlV3%W&B($gF_eC2vhsb@Y^i?yI07Xu0+*1+i4%un8WNB5h2IDa-1&=D!a;#^hi?M5 zhXGBX!g*Rti#Db~ke9dr$0G8xzC^M**TtNU`ZxIZXN%1NFkrqNa#)k^NWvWoyW88L z@zW@tl8p138`Gw$v=Qq98@Qj3@8&W4!fxbWs!9-B(;WizL9*;q^YcjN&|T0cW-81G z7?SAh;UUGr@fslx@Br#JK+YRw{X>kDOK0q;sr(E+c6F)kxd%AyHQWz0jYWZt9IQo| zF%IyxYHCg$VL=c#G&0K8;%mM1s@f!}WprWRL+hNb?*MpMVu>UD{qQIY-BUsD2O2{$ zK8QQuAW+b%bG0lixM8yZqy~5|;enf<>^oVatCFQdO+`gZM<)<7fUpcRx3MsGbpS0f zKku?Uulrp8#-sFF)6-A10HY9>t0wKvF;S5h61apZ9hxzz&hgU+$S)3sLHoki1h7@3 z;lwyil`njLcGglf+GxHM<`bA!vEd5O`2xEO!AzIMVsJVhS};OzR#W)*PxV(OZmI-P zYNV%k+Z8RV$k;GGALhBOfDV-su%$k`Ch^QLR?D6-G$ihjf}ym32K!*40VdeC^UfbE zb0Hjm$=CNu(LQyGBsJ*PE$rQ7Wozq7PrTU)U%Akr5vL^#`R;9Rg@k-za6%Cnbn|9~ zwd_H(qu;uHTdz3#e720sIOBQL^C*Ap=byJ;YIy&C9x?Cd&yyM&*uZInzDdQ)hC+m8 zsE;OFBkD`NeoOkX@7~7E!2!ge!541A2)4oqR$Uvx9BfINp+@z*+I_L>a{O`$>13FIE1Mo~a}kl-oQ%e&5AUfqM}aFs?u6~xnAjIY4S`xR!2@V5QOWO z44Xi`KO}v9S{Ys>aBS1#;s*|3uL_^+TufsGP5f9}hpBMxFU~ppl-Qc9tNW$g7M94~ zx-Zkn!!UfSEn6?^t{mRB#73b@jESh5@PkMJ;p9zq^(h|O;y5%|e;br~Y+(OsH* zmLGd=O)ODA(U6aSa`8pb3iJ0%f18gaR zJp%Z`Z)fMHYmGsT{t3?q`ura}5XEE=71cU>)@^ygKA)Ugj?&Lf{Mr_3xh7lYUAw-G zkHx*GwVZp({<~b7Z_d#!IF#ocbxS>pYyZ`rG zWcsM6C?LaI3VWKC;DyE(OmP~hyU-0KAu6hn+>AQlVZbydEubaD^epBSbuN_Um3=e= z(2(giZwQd@pLVM+>i}Co9i^TJbcBgr^76?Oq>Be{zxWPd4+%9j+{LfLIu*)p3#lD$WJt4L-j*`&zKsz^x69-)-IlD(hv zqq?r^zV7>ep8I(Id5+`x9mnrDR9~O*e!s?fp0D%$y`iaoU=U848 z+uvRj{dvdXp^cljzt|YDSL6Dc6NmN&oH_fVB>uJYdiK3K4~{EoDhXEWnNQ~McFTL% znj0!+iM<+b;LCCL9t~>}&G~d!yFg;6P@oDyC|V_}n&1hlE)rD4K^6)c;@(C|MuPtk zH7B9yPbU_|Ehs2x@i9EdYu33}Hzy~D{MmClO|Xx0D-Q+DgA+BeYL9li@a}d#+pF7O zpVI#&XY?{XtLhOB^IrV6=Qg8ES+5yKV`JkRBf|x=&vcXY#6v#pb)sOed{?`S(0!!3 zDaquO^W;#g)Y-=8j=fsrQ#lUZEUc`!kK5GGW0lj}w{O43#P>`u&w?%vJH$XG#7Z&{ZZC>?R{-g#W)-o1O@OYcU?d1UUtvu4j##*v>t#X9cN9b`FR zt|+4;R2Q&WW0QJ#wq;FhN5}E;shRQq19y3CEG*(=rUNwOdutPFrboN)@+q`E*>_7V zY-fW0GFsZj(a6O-=fUQY@1-qSwyCC01C1|a9J=ym`jT$3Z@YQt&V0u$(KV7*Ix}aO z6b}gzyS!$4|JGAAwDJdy+bZ1yMFkJlk?Hb?BTX^TnP|4X+g@t3qe5>wl z^eghUe;;A*=*TT;ReN>C+Tzz{-qR&DHR%rBA3OLq+MTa>xb0B{3kU5=?w)}G&zUhx zyBF@`eSKb;HZ6KyM$xYHHWLF)9Z!r!hCfFiIDY)eDxbZI{@FA%5BBgJVco1g(3EcB z?(Uv)G^0M%Ou@4HDT{>dmu$OlZ?0g?k`C}Hczbr1vyF_}7S3m$s(3gxHC0<%J1}ro zSXg*`!MZm7F_-Pfk00^W`=`GV^c#wNZ}v53SYM)9;XU>3+PXbg!)4v<5iWh-CG0Nd z=X+u6^pg!9=jh^w)Jg_9_MQF$hxMKrPmh%HHKZ81l=|^Voc^F$b-$u>|Dq*Ph6~!C z*+%PJ9Z%{r&k%uc zBoWe~t0cYWrYeF&eWp8u5E3GC4t=!=Wo2a@gPa`)j~_p7Y8v5sn{Dk{;gxNva_Ttw*-&9C=;^PDxr;@0C*!6&2mIsq5pT-RI7o~-k zN_%>GqN4bfn5%1Q@J~rY*6bEtKYqj)uJYAe%3$d$bpMvogzv^x<|sDniwMFWuS9Gt z)2vcfJ$%@xz;im!ZPcpanTflNr{^3VI>6t5&CavZ4qd8v7A0m8)4Zwq$@Zk~+nn3i zOG`H@c2ac3J%4^4OT1YUW?h%$WZP^;vYQt9_ueIF0PWQrlz)H z<;rJ<>0K`^Yw$O@&Vxb)G99Uf3%h(4Jd1oR3rr||&#AcQ=IN6FE4+}2Ko4Gt<<>(8JY3%XOKRAett7k^b0Q6 zq-@)^&TBD7St0kwaA{T+mW4^(emyN&E{Yo5;1(lW!Uj%7JjqI`&IS6^RWXJ=qwpsuFo*KgnM2L{II2uYeT zty~e@D=7r3(&&kt>l#hM3T#TQUx)F;~dS~tCO#yfBRz)dYBCpND z@d-qo^ETs@U{8AXTh$&)9=Nru-} z@@Q>YeUYDB!LP3`bws}0aKP`n%Y0X7=Qf0Q35VIsj10-6ZoXV+K0hhxPc4*p>eH!S z{;h7 zp23+Q%8%z+n}-_e)?ZiMv>~4$*j}5k{D-W)@n1LW|02D2pxl_#9XfQ#V{&Mlh=}*M zD;&t`Gkx~NTND9_kzt?3*^ZK1Z?CS<779e}Sbd6mjY6Pmvf5lRT$%dAYjosuU$R&6 z^0wh8G!XCk@dhp~uKV}zFKrGbqZnPnfOwyGWV5v{^CUwo-gfGgo}At9k=LZ>Nn<;oSjN?>y_e;l(D@WE%4{pKuNGanxx zYwLaqi;s;hEkUp9l2QwHo&FGC>kd&@(RbtA>b^RoA8^(+lZv+l-!2%vC*4?Tq`PuHK9^F*bIe7;sydbNe1dLEPK% zeOY67q>p#cr*%rqXk59#JTG7FP-4cqW&(0yL)N4)625L?Nb;g0#ofDik9RE0&jzZT zD)gQ|T^Sk}5Kxn(pE@_^DJ7M~CagzIOPdsjo^wM=fRc#1q#C0Yl1n3Z{rdIiSy?_K zB^=`!Z)qI`QEvK5b~*LMmoCoq zV{PUD-&wx*P3!4}yIct2FCuy^o6=4hejgbb2?+@SBxVa?I=E(${Xa4lV=Af-H&atn z!@|N6l8D5vvNcTsN3<XCK{Gaq+YhrG8|K&$pVJ8d37eI@=_!#QbY?6rF~Lle6dh zcL~5rP?9zAJBw~Fqo&?rSzTPKOT06`x8XVV8jy6mq@?a+%?GBluW9*ybap0ipq1&T zn#w6LKiq2Q|L~#nK;w2JqZTC6hfvA>Qa+y@d)){^BI-BfL89&7zrVSq#ro0L?(T-U z!qp7>PM_|&zG_49LLk7jtD9S0qONuE^;PI6H6Av;P0>t@5BDq{FgGWgvH^-^i94`-(_V@S4mUHs*iii{}%=F_^-rnBM z&dxv%y<@#KlAEi-q%=yOtzW->%qUEC)9B=+i=Ex);d2ywZr!<~D-?*rLSB>min1M` z5_wHx7NqLkT|P4uJ-d;+3JX)f69rQpw}7ZU(aqc1+CV16kGT=Pi62f^zV!*IM6O{=?-P37=QTl1MNO`X{JI?Tnpy0(k zed^d>uV#F<`spD%yOB$@Onvn!)<53-`t|GKHlv64?rG}i)aE+%OSQSa1*v&2NmSjI z7c*G-UGBz-`eZ`@GByQ{)vG-0l|GPrqo0PW>{7Umv2cz}+ZKR?lerI+w_7hHWa z$jm#(tk65sYr+ulM^p3D)X4Whm6-b#L#^(U|)@@q;2>7rtVQ+btp)a>Y z3mRh%b5u?%EY78;r;i42Ke7Kd=VPq|U=EAy=JH>IS?%hP^7$n7JC0sr=KAdl3L94; z3*mcC93`l4%^3gs^>5nR765NNKhEFg**$TM&--~=nu?m56ZXl@&J8{3&6VX1$%fH! zDim*b+5b4`>^$-O*jrVydUu#yFDNKrYrlMLdf^V}n!37Q7ydmnIyxGSTWB*_--Zou z$&gp{ov+Nc`;I8EuDp*L?+(%!n?y%M@lZ@if#_nhZS%+LJ1c^spFBaO|JL8%605dW zyI~oz80xlUcEL=MJZR1hI`y48-cp5x|I%O)Iq6n5w&1R#Rz6=qot{MEx5NR8FcE@>C>UP3`LyMl>fPMF#Nqr z57nj4udCNDsUAhipZ@;((hsYCiy?oDU&k8UmHa$PRJt-B=T=(OlO-~B`U)8s>gyl|+i#f6RZpQ~CP?qYF^sW7pP4nHMdi-M}amDHB>EXQ5kDx>%#@S-vq^RRB zts6cr-MC}tjKBQU*Gni|L+yp_&CTv03&_u%e|PfY#f!4Cvf+;&q0g$CEdTpRzJ}k( z?fB;|&J>x;fWrRXP9>1l+doLu*l@-OgeOXg%1%~FN=iXt5uq#au5Of;krSX=a&kZU z$-R#?&(IhgIdb1!7AR!%=F)fXV$p}Zd%F`^L4Y@K?Q%S0_#Mi^D>CM`pAZr^I~gA) zz0bJ=@n3afr|ElN{l;rm7kpZn5Jl3p^p!=6C{zlDC2W#aszr6>9$HqHB?melQbmZ zL-hduTkOYv?c296)K)A6T?D8cEz|AJMnaKxp6>$c>Ndl)rxycI2u2}6y+0{#XNTG{ zG&Hnf|LtG}AMYC>!g|Tl9usE`XAh~Xd-tbgMMU@c>j>#8D_^{H=@RcGJ*SeRqa&&_ z@ZC~s_xAP%wiZ8-vNHw+!~I@453+Ei0@VPt)Wm66=eL}M9JR}tZPlvB?ae2}LkbHO zs(?v~-@Rk!;Gm_U3C(4WvhS-)3i9{YN>Eds-sp#3gYs(PX>t-lYhYmD>M9*VL9oAX zZf>rx&(sPF9-tdQFDXQgz++`+LtESJGL-D4BKy!d`}{W)oi}gZsOqjGiq52^rBzo~ z3pvq7mQfBMC!luefM1oApul@AOn3KXAcgwDxC1t+sp|3)MZwREbL_FwD*1|yt`s|6 ze||+htqPGipxO*A$Wq?^<+OHR$(7|CE7$Be=s>Nw?Am4)9@u;tEH1bW$aMXN4Z<1p z4Sx#?s1w_t;9t^je#4RT46Dc=l%Dh~)j2Ox$3fMATswAw;-Me;Dj;J^$ORu=QgMG5 zDipS*ANGExB^BP8rMkpNRyAB{E6=~yz~^5G?JcXZbD9z9(_e zKVr5B)iEDwNh-k`H_Ez?y+=!LZOw;LBj+)}E$e#zRJ7Jna(z!!8}S*~+y4UY0PX#V z`UcR>#4FoaS-DM4PEJH*2s)#2*11PXN&Toliz9b^kdX6rW>?TNZji-%&tYGIjT>Lu zwtIgqx&U>j2Z7p4k1ST0`}r1hf|rMfhnM%yIBh09%2quU);mra-wS3j3WXy^W%)yPJcXJK4z@xY*9_#Z(j8drXk2_<1)% z=o%RbCNAsRa2?!QB}U8G7`+o}63ATUv9~lQ0%@b{kzA1B&^I+L5u%)U^_ZQXoj5w6 z!0;(}pFK6cxMv7y0kF~p4R19=2}EJg_3|sn3Eu+QJ$%8>h*u8X>L`}QRli}R2O1Hz zQX}*|tQdr=B##C|LqjYuM4FgV&_T%qpoih%;kCCwh}ZK_6g|1_WxfP0_BIIa1)jtL z(_Osh@Ba(R3nVFRxd`Z2C-wxYjDxnl%E^HO6=b>_YDCu>Pft&P=k?FZKYrwu_srfU zsTL1?55tI^PHcp^APNB#CBpla3#`Y9cefJ;^b;S+x`_)2oSORijV(mhwoR7Ddc*ql5jnTh zbih@_#59LrEo1C^e}4mrE6;A{9Zu^MJDm?g(x2)c1YDh`AX3C41NZA34tNN($ zWzd_T3APt50vvCldjk;a1920n*MF+&YSC;F+RNC4yjVVv4HIPY6jO4Fft4(&LKlVV zkOXMon*!xU;A*%f`F*&cmg9(m8kni>a00Q5Bd1fBiK3`G(sF)ZVZUgo)! z7@Zx1x&Vb`2#vUK=>=TzVBI310RAYn$>9wN2>tnm*WO1@FALxNdA;<&^3&JSytr=xosr za>bwm4*)BGCG8&0OUIZAx;0F{JBGQ8BhLjM>GM(Qk9Lv23q_^l`*$Xu zT{}Fd&X4cg8KSxqC>jvrM|bzyq@&+a^id&A4wyfC_RJ{r>=Mp%xe6&v6s-kp*1VG< zK0H1?9(W5;7LvLZMz4pn)XBV55sV@mV$@_6Okb*6t2#3yz9Jq8px7;N6S zc93oL>f+K;+GWe+tnXJVqAhU-pdn$UANc!=V{$M%Iecpa#6DyrIk=qN&r05P2`n-^ zM_3IuzWCl?<}*GvmTZ_Fo0ODvW!JU?GC&J1}5Ro zpN7!_jR8tNW(;4_Ei@qgb&D_ *KwhBmqUz1x{AC#zssK!Rl5YaVk=2-mcsqc5mdDo6J=EeSr)NQm^ z6ZgmHjE6U5jR)H=cv%IC2Cy-d)Ro`JZOq?JyJ%sHrYqoBQe@ma)4FZzR>l=8Y%nlD z$b&hE236E0#i~C#8mG<^t#fA0*oDW5_YKSXGDcGxGQ)+b%af1mUMO#l4mT(-2uf+_ zBUnF;8+ng(lwf!*b?(d5JMGY<{TNKQVICjf;kc~PH}19pBT=L*M|NF{b(DlTx4SoA zFh8A)j12lOVk7X*9W`U)aDF=czAK6QQ`HG#VSm*ymGG7=J#G235J=hB*<-zjuHLfbqo=3t2zeS3{5Qo=(0$dS(g+)tvTQ4FM!&C5M^(h^^}l8~#L%9lTHtO%;9sp+l^)5oIOM@W6gu5=n0zS_r!mPin530Zo|zu{9!O?Oa^+?_webm;gHd0v>|>TdS#Ee}9%L*=KP91$t&6 zy-GboR>r1z$9T5trsa%`XInB;n)n`p-e7miAs(ZBl=%x_juI)G6K-^XAjITN8j6q; z+cDtU08LeKUtkSwCa&i*-*1*>+b%Mqm=Ni+kn<((P)Tv|jy8W2@UluasOep36F=8Z_m6bKs^!DwB-y>5DqcH9T(LkyA zoU04g4dC?|)eHjF8Lxg7N5?VX1x#a-zb7exo+Cx9{4it`Q&1>Op2lCR9(abw?5H8`(=je1H^l17ixpLuS$V~dp|wWGtt4^tMe%fl z$sN~J-M+uOlWJCY&c-ICLHvS0XHNyf6%YC&Vm}D!vBf9LmFFl3E124W zP!;p}_UtG4lI0K_EX!WKLIwXeq2y^=K>C&KJ z(+&w~d7r-N!Zaugp|<^#zkWdo(-bA!3Q`eh#&toIk_djGqVPeV`7*dde>S%+Wil$fBy>t?m2K`j8LHs3 z@blYS#8?%yjmh4c171(kU}MU)truGZejRmF!rb@D)vHz_(BusqJ`X3bggFkkwVof> zf!IlCmdI5I?mc`jBqYHtj-H50{A^FnzIJWWESpeCN$1$XP*TDmbi*GK4t93*D_7RP zP&d~ZSuT~bUTjgD|@41zcN3i)ji`||@)15E<; zhfZt|`UVtVkWC^=_1|VmY1u73`tbUociP7ZY}y2!2vgF;FCmbrQ10rqop7VHWKxzu zSr4GsGgUs(Dq&rpa6dA@XY1^fAxptGY)Z^P8DjDk3}R3!=-zBha=MUqF4saRg|{qu z;8eX|ZrmgNq2}15Q4MP-2sYS&{))N(^uhd3M!Y8ttCXpq9*)tPFBmH_YY!T|O1(KJ zI^~YZ>2t9|mNJ$y?kOw9C@2~4F)? zd0jmkYUBn#^w!MpnOzu;7}wuO5bySo?w|k3TQAv!{^f&vmKk7B0u2xK$+-S9`WGfW zr1pAV?9TX*8!EFh#AxenHGBIgGpDJ z%(ln>xbh}Ixz!>0flv;={+87<^Hxzia*WT#ywnoZ$&E``EmX$}^q73}6ih)3SCmJ` zeSO!x@3aq8(H&|JK!;8kh*A?sZ=n1eH*TC797QE{Unv%%(itHj&DIlfDpkjwAp&|uO}9Q(v#Yy%Gg~8j zyKpz3ZlZBa-whSbhpgtAZaX6)A|{91vobU5twR(K@$&MPl$2OnGC67p!#p)$8%^K# zK0Gwk9S#@BxbR>Olm`j}sLW#m5Vq4M*L&U_-Z3C^t5z$l=B^1YsJq=ly5dPcj;59R zzXnE{>J^W1hF((=W*v2xYpOce(AR-7Fn5xjUS8;I(MtnkFhup0aQ(b;@?K}l> zG?G9jOwt2_qz^?qw^N3r1e(b4icerKj zp<*N?By{M$LK}AJtL?>5>|?{%{(cV(o>L2E%FlFC5Kl{>2}7a4_-XmYPl!g$SKxJW z1{$@6TMt???TR%gUy2h%*K6N~B5!C$G%MD`b711z(c3HN&5QXgrg5BXY`Q@9=_@n(V?4I`f2jF9<0KJQ!_bAbi&u9QT!5eXctx&8g}LUES!ieG!S_lNUPa zdfm6JAT*CW)-FN>(x#?+>kF!M|gb&ysD}AqX?U z=hf`&rqVw0@lI<|L~h=+x95$E33NE|`pWX|-v#9uIILYw?48_hfMgGMcT5D**Y9>b ze;xxc;%Xq2e`90y!~Xnq$k80&h2k5m6_0w6*FS!crGv2oZl3iuU@4vWyTL(|5jh7| z+P{5c6;$jR^cp({hoss~#aU@PYs9* zkk?RuztM;qjI)H894T%;{B5Krg?tuf=6e{ekp=^DP}qS_YHFJQ5wjuAL)&@o2-daB zeJuVT&IR;5Q&X9{--so3=#N(a=b|ou=Ze2Yex)agntVX2LjVwK+1d5t%%#Ow}MmKkV5aWR%Yf}a6db6tib zf`S^5Xkb$}FX7?(TC!5n{9zLO^mva(xb(5>&BW+_%sj6x+%3}5*2c)~IqCyknO2W9 zjg4g;dp?o;K{S8NziSFchB-JM;AuF_Ozq+_si83M2*~X&$|Pn>jxi!I?)&Y)1h1%# zKe8vLdSM|S*$B*6xEJa-Gb`&TJd!seA&v0i6^)J0+SqLKBk3Q>Q2Gy7fsFz#&CfGm ztvpb9Ct{kq(K=%6~Lu4pIl4850p4&d8kFbg>) zZ6o>R}^$PSlr0Q1IJ67`d$?{uO3$V%E2>$8ad(O;xg}@;i@OGUz#~-#$-}e)RKix@jQ`hBDAU5I=V6Z|E;j*K56mesN`I zXFqT{_3ScwV0}%EwyL3`GUhaUN$FyQSAgu^a6u|Dzw_hqfY997XrRQ5F$A1fP!BX< z*>LL&ggk#E0F}Q2lGU1&orJHYB%GnZxG<2Rftxn8QK1P|;a(oPVrH`#Q=E9=xvvtT0i79{TwxAU)Ctqtw3T zE`Z{2V?xkFZwi#VN6k-4t-1m;MYY^KJdzxBS?`nFJUoKh5;3^CDxA>a>E$IntI0|f zNqAhHykJNB$QeENX#fq8C{BWD9H~%!1sc2ez=5z_hNx;77S>3eJG5Sd2o! zkl_C!ho`~Lzh|wNI>l-Qi{U*-6ctRic>r(4G(ZQNg|6RW0pZdGmU1W+kP-y9+hF<( z9hfFjQ|hmJ%ek=#c4hff<)j~|GI)Emqc3!=jk2ywW!I5ylg{gAf@+6xQo=>cgGq!?e;bHkP~W1X5GYdSYpqX8pB|IpC0 z$zQ}M=2ZzWOG4$xl(gvU7$4~agEaB-g`h(fqAhn=6R&ONHC_jqVFxXUIR>tJ^_x(% zFc$cg{xI1DS}RJRH~a$4z*7zm4%2m4egG%zl9AE1V!afuTzlWNqxbdGr%yMjg>DHf zCt)UzwqS}H%9?q$sTw0dc&DsZUd4=R*|NZlDqN*M`sd=O(k=&uufb^W03fS4Ue1649Q5?GAtpgfey!}J>8zP^`a zn;&;%eU`Fmt_1>aZS_JXV;%~Aub0}4^8oyGr%V(eZJnHv7lTPD$M~74F&+;^9!`cs zw~*FaWV&1%p&WQMT(BFO5HL(t1gunk(%G;pH8wT^&ELF5s&vmx^LKgAxkl?Q(S8&o zxIdz*k^1xV^J=8|h$fE)=KI8^<#|{Qgae5}QHL-A{7_bgwY7x&g{#%(A4lbf`stUS zpZ_fpq5>`a2MDbl93T^x78aZ7-n@?knS-XO5-v11(PFzopUIq_9CnMfnOqO$$fZ{L zs-)(-Zpph~8ux@}X>#QEmu;*1td+xwF5jg;{~jx2zaaD~J%MbvmG%Gt7kT_6-5zlQ zwQR{7^`|UUyq5fT^8V)tiR$jZ;e4Lq$UlFk{(WNXx9Nb{e5q7Dyku?OjDkbxa{nWv ze%lfLnNeR+`2J?sU;E|1nW`F!$a;oR4kdYS=o;Vu*t3womq;fAY4G~z&wor>zr9<> za^jfT81_Ng>UxizZAsJ>wv$y*Fk`+9Nb;gMTe=40^4Z}+sUzQfMaU{^aPA*g25oI^ z$lrhf<&T&MF?zVU{;*{K&Is7ywO}rV0q!qiTQZQrCjZBG_Ae#2f;24sE5F{;x}R_D z+SxXb;S|$+_$XeDHADUpTFo%x0EKN~Jk5utj zV-W)Q7b*l)Ys`}$ngUdwhuR7$=;p1CQJO%NPRPm_sioln1F#X8XbWK!H=wC#C+&Ff#+6k>10VM-2@V_ySvS#-hR0J=J%q{tax9HmK)Rt91f{}X0jWOJXl>|+lG+OKu@0l zJ6SKowHWlUFQDF$vTnEnD>wJng2*kqb~Trk3G(wRh6g~fz*#7qu7d^$!=Y}z4Sv10 z@SE={Sdzi;H$sW8t0NC#p}+R&qTzuf24W1_HFx{=ZFmi>7AlhiV-!@ZP}g9w*<){? zHsjL{@rOKrgp9HqL8ReuR~wWMqzguwgM&EcWa|S2@Z-lx9^30QjNQP2h|r44%E9^+ z68NjC-Ucne%yOAhu-GwWMa3eReMJhqH&6*qLDjjwv<}sPNG1h6Wc9*VqLa zb3xdhfk;3QTQC}eQVfn`{K{EPB&fTq3#^Yk%z4hJT=FW}fIwrkr$Vt-ruKE4Y` zY;r0B{Eh*32vqc5dT@qCR#sLA96`X80QeH(&;pX9LufgZcd!cf8<1yatT)|x@aVXC zF9%cSj~|TO(&usZ5zokR0MxDk1C#IU%So2*2D38y{#7PE5x;mHp%B%Fj~?-GbIZb# z3)_U{$9B*w=qw|sRpfEjqb>%&sh4+VkF`0LjESB;MAq#WfRDcWVBzBYFv4P}DgA(F ztoP~Du{aOuzRkAz@*&U3Ru^dJbWBVQ+&YVH?0`K#U{bp9_%$AoPnvXuW0(ZTByL)|cbxJKwi71pbEkB>B2kAV?K<`{ zG2KNAw(^UMiFq`Y3e*z4dO00DTXgjFpK}u-6~@pa@KW63`L%=sfu-gUO7Iihi->5$ zQepdy9DSiAZ9}%=sF--j0B9@dN4|R<9)^9}(J@H&D6-?`2re9}i^Oyh7zxK41rXJH zue^N{6Bh?T!(fgZoBYcR3U0?&lpe@sF8B@9&dL=hjvtp_NNx9?tz4b)mIYec7Fcpb zU%BIWR7n>1U2YkzJi#)1s zuE|X8>H&Vre#1cVZNFJxqc+1J|D!4rX_rtoEgNm`z3 zgl&XsF=qUxs5u=>7NlHR@eG@~+55bsqt2Gq57(OGNDfXOkUq)=4V$*SrmCu8nBP}b z6=lQ!mYYi++l8$y1T)|pHmHuE!(kB-yldB5Klybm2WDnWGX=e2Oz)j~&}Fi3VPOGU zDiWsMbF>nqQ1$3me$0ALkzzuV?hWgF+z}fJJ!awFx;@SF4Tvbos`U$ti;{YJh^Qvm z5jf9=UOSHE(A%;aa5y%ehusE7YY4H>t`l~>C_daFFeJo4M>jQzc*ZHT*toc`c&)FC zVTf$>o5_JD9L+N7u^A)L+YU?ruJ?^EPLQ+Yj*iT0*Ghr(N^f)30O0w|edmMV4Z%}% z>sBPm5AZr1FlG-A3~;YrO`gotUcGXTJOwKtAb^7sDB-UV z@hB-5`8O^N#&HH)KU^C?0}?h2Zzxr*IIfOpwiQi%BgV3 zKK1)Qoow{Ac&e2E+h`Eza8OVjFZf_t;RjUtcY<5Lav-l8vq`n!Pexrau@8sGGH=lokEu#vK?kp&9*!?L)5TeEcLNEu1 z%a8Y~SmnP=11Eqx;$It)Pe^~9QpVgPs&w85lRZq+-M_4h;-Kc#ltG14QBgtmk;1oh z^+ZBimjb-ZP+73|ObiTK3KH^YvRDITM&Es?s@Re`OhodJK{UcP!x@A!a9H+i0rhYk z!sinnA5HS-&-2@h;P-F+@&!r;B=fa6T!%(1Fa82D6B*^h?Y7lVZ$RqG4uEWe3S=e! zR0Lpd+cq`X;+I)j4Rh~st_A1)QPZ+>b00q2wtf2u>NHAo{TCy{5}b|EzOE>Mus;cp z7mQ%KaX~8)t>iZb;EBkQCq4?&2*3FuV<%)FzP+HUt1EHyA`CciXZ4kkhm+vrfdv^R zL%1<*OWGrvpB@UpNdJ1|f!mytcZWyg0-E(6)AvPh7tzv7#{6I@b*2PTwS2X zJ8^Wq(gc1<7YuPb1dH)~3%4$zG@&x4=%=<}3m^mTAU|~NI81PNIJZB6_Jom9Y-*}4 z$is|hZ2fWHZUFhf^O$+!>lwi7^iTeR&&>fx1ySMNm6V)1dD3y9(GKt@)W!2bCpHzzDWT7VVr54fon|v`5X8@9Q$ey&20@RLtmA{!E>MjXcR!I_yHLVr+F{R1Ar4w zbk24LnLQLS5u$qoIUUF;Bp_hJIe`727~(*PeNntni1RV9l{~`q8^sr4^*l3Ep7b>g zV$h8-$Nk`7SEvyXI~Vo4jzWt54zr z+B^(125Bd6OeM;qD}#jCpgWvmqmteH>;gsL*Pb4DGf@R=hrb9NhMWr@R#(P$BpyaJ z#s!`^Uu+Mls;*{LPJv}(*SToA<;&AEGMpS7tXnb%0mJ}=`Tde~67l^BmDW1AGK?tI zo{}DDE+Bs7bP%oqNShdW9Fn!k#zkN-cp$Hie5_7R0kZB(Pe7x7Ur~WXZ$;#n+(#Jf zKX4$4gi(6AoL^;DnJWq)fjm zyOa3h3Ou&e&>(7vzz~(^P7EFdj`yMjh=_=E94f@AIaq$qV^!>PzLb{6;bjGOV&M1; zsdJ+lQ{3Y3iO5`ri=S}QPoF+@i?VIuXejb6Cw+9#F=SkZj4MyXR+s7mtRwM_a_nPf zXx@O1>cwcSfXl~g<0LHbHKaBwBfz&p==(B_&$y;#?qAOxf5%Emsi>9CL$TawG%=6SA`#-@Zkb@OI3v zA-NDZEeV({A!=h!U)g;pZGejl^SDN>#}*Nhh2FSG`0!v}{q6Ad0ji{D-E`d=dII@< zDli5yGmDuQ`I5aKwGA@9KzX*$;sP4)4&dkUD_hhQ7UvxD-N$!14;UPu!&xGbM7U@{ zRk(Ma4R)2+-nM?da)OTES}AoodlVHMh91wt`@7<8Vambs@rs!%;)`+8(;c9O7H1%g zny|;9jL-@|yfA?(Ic!E&0*NKc`uCg|aqsCO2SF?@`cIV!>%ZSV(y{ob{nwbp*uT6?ee^X~n}em=k7=jqYyzOVbd&f_?~(|HA|Dxcc4fo%gp5Sz}N zK5?EP$d8f!PeV=+#K^p|AwgWQK664=%{6+g+vO7D#ooCot*{=(ld>o2RnJ{9;4{C% z$|U-LYc?ow&+HJ>Srw%$^E+ow=bqfEb4Pxxq$2ApXbnd_W0CAOPS3UzAn$sbNF=Um3-nBg1FBna)E^)%4KAI$q4R1f`T~BKt@H} z=O(8mxXw_rrtJ!lvs;`VjuN+(UU?{=c-Y}bZF`l5cAoI=61TJ#R4dqMn_zbE(T@Y*JFvgyPN3oD&U+H$y{1&!;j{?mT#~ zp{eQjT(8e$TW;d&B^O{=O#6!3qQ7xiwFC2Jxxxw?JX^d zk3U9#y|%X2y7R?)e|jb+rY&1?Et;Oy)+$YT+O(vp>-($}Oq54NMCcYf4~LN!===M7 zw>wz`F1_?z_=P`<+xD<;*EZ>T0YTjc|Mnm=J$`f-&0fD4jP@v z)+@n~bKNeT1yaGac6zks7)p7} zhI}-ZSzFGNP?e0gal2e~$8DzNV&(X7Q}WI0*B!^&a`nr+4Gj%7G&J(e>R0Q1R-1~P zMt}bNd1KS|)-2tlQc@*PyzR>!D!Q7FDIG@dFpL zJiiBvH(M6W9yp(MQ;-^mFzw&BeT|1;(`C%Lb;Ql zzpkmt0jnc!({6CE2D86xDI*-+)6t=%OXp!=P_QOo~{uX94@F|>bcs!-rO-tk4>r=)o&ZU)tk*KL$uA|l7vx?&~Wo~&^U*uV0-NzQvP z%P%1f-|@?h&73_6$8WM7vUD77OzPX1Q&7M^yQjY{N__N7w*FKo(fD>7Yg!T38yA9I z6LllnJM`wWvr*5Ik}L+_+jis+_f_8Bn@V|~nVeQV=GCi(4-a<#{`KqayLXk$b~kJS zm_B1e3ZexzPDFjr!h$}9G}OA9g}a- zbmz{Uj0`?oTU%NBhYuhA`t=Jx=X1W0s`e#I*QzxmvY?=#je&*5%)(-LVnXknjO16h zzr8M-o{V^S;y-VD#Ic7oLWD1OsG=`6xm909;PIPuD^u?|<68EKi_bk$k$z?OT|Rdf z-^F`*>ixhuCgSViryA+u{5oPog6NU^okgsq?r<9H-@iZRsLSlnpR6cdW8;2mPS2l? zaVT??oL$3{lP;4zE!Jzp$#HMrzV%)l-j{fB9pNfnvbs2W$g&xQ`>rZ@J6fN#KVv4b)uo_wPZ8gzI~|H9b447{>RpuC8VLet7toGM}|uw{GF~j=Zq#e8Dd) zY>yI=7hF&L^z10K)lb*Rq@rWz=~>IW{QhoJvWk9=f#1%{!D|ws=nWzg5}I9ET6xcs zlLsS3%<}6WF;Tv$s@i+xNJnGiuO=0l7LNIm^z0kguS<@$KR@a`b}Km8t2K(5nOQkX z?Cer>mrr(1&d*OVN4r#+9`5c5Z2M_;kL;P#^8D2O`}gPPU1jMn{k903x$}h&&Qa*ELe`|8vwbc`gYyFSKZL>L&7fkpl+~cz7(K^itH)LP8kP{FawJDLC6Lmx-E> z9~-=UGm?@_^z?elWHMaMCd>kF-(H%tJ$GkWP+o>lHLHKEra6G1+9q-JD=NWf{u}kU z;CK+z0o)PVZC1-fI(odR=`-hx398L$>NP`?S*HujI(#!&>y$12(dVVSwRB{#+S4g%isQzvX?7628p~^Ycn^(o&L= zT|cLJ!$opXCUub_$+(&8)~(yIV@H&jHA80^cF)(ZU(qVfJv!RjBv;OsDD4&LGnONc znW*1YG5%Cv|0TvcA}Y%2^5qN4c^z{v3wHlgBU=mz;>@mc;(u98|JS^bH=H=?_RDy( zr{t*P(9hMSNft)NkhXn?4mnK^HQ=A3;F@s3$>!7x_jX8WWL?tQ5kN-pZu(BGdFj%n z)2C0ny3V6Uw=yv7J^OgtF%D<|!(`!e!tu>JBtMJc=44}x@6#H?4cjuV3nk`i+c?EaE_Clb-*24KH?gcOM}EhWX$1GNh|mnjJ4g zV+R=M`TI5wiJS*9(L_bnx?bevS)s+hau{@<8A%#9xO~~+SO3Rk>Z+&o6rYgeFS@nt>hqY|o@umzaGph%K<+pNj+FrhVx#BW86PLJnA)rx$YD5uz z{FMzGHeiTVi&o5&g@uIlkBwz?XKLk{T3TABCaUqaU_cg7SYNqv#oC%v(p9z0+bh?k z|HFghH)!2je*#!-OPpQX{pjQCk`fMf_B$S$@vluxO!kK=u&}UPU?C3)R!9=&=5yR8 zQ~vAsZ%jSsivr;+%*<@U3W*I7kt@9yADfz*7HvH?y-y@rflzH>U1N*5eOpmp{)V&o z?%jzPqDgn{uU^f`&27-*KfuHD;p4}H##}_arLebe$Q~=bzpZ5I<_UDAtBAc8Ti4iaV+eG^p>Kg zEmBfaPW8E%-?6c=JJ{JTX=<`EGtc&TO#Xd`olWMV&$8ao?D|uk1x<5nCFpG)9v&!7 z`-lLVKnAm&?yjz^($_t9lK*GW{Xf>H@$ykSf-rdbFr0Ssw zCl0&`-Yz~n-f3oN*pRHkDJUp-A)JB;Z69h##8nqtwxs3f=lA#b18-ndH{8EzJjG;W z=P>w5H{blhy?ZLys)MzWdBz_ZE?lG}LR(9{mOAn+M9e>PMJnx;zUu>|2n;7`%ttmW z4pgU+-g29n|JU4{4>sY&tV`RrZ{NXS??0W}+2%alIPf-L ziET?4p4rr3>U*!uTx?RuheXE2bfdzYbb_Q>^*57`*`iK@bR{zYSCp0S4)c=xR$nRi zCBvX@wbsftI;p7{vGel!oHC2v(v=6hPdVz$PWJYuUfB2N&9r`(-PtZafwr8Ro6G4v z{|(hfMaydNLDO{SYTfnqTQOt$(OM@a1oRj>0St_dpQetI`zlzWs4x+_3ar8vlH36! z$;ruS*-!hf1Q!&{07(C+iwcj9#w{Ki9bLlqVV$?;BfiE>O-)&Rj+fQqG(Y3ZH2C%F z&xOIb-zQ87*H3nv{_?N?coY8@h~uA{R746pAP^enqrGRfU)c{}HAh;~ z!B0|*IKXfg=O#(WXD>JR>*+>C!LsG&ZPFgIW7E^qm}k1LUC*VeDaRaX`PbHnIeIFX zttH_&HKsi}+K$8a+OJ-{|Ocg3%22_eV>4XwYB(Jy;KRgBJO|z1P1V__1TY&V`uyU}xsQkZY?e zWh=9t6Wzs8k&#|&D|6qzeJi>deCrnISyx_<=;6a|s2}-dMz-L+($YO>the4%@*cCX zv5}SalS>eC+Ig&biuA zQ&g-0b~qa$BIB0un*K!)q1UD;YAY)TzP-EI(TzG} zUaJ4v!~sMjKqL2eb^%|4B5m9_+Ln9S-MuIvAfVv@C80)M6<5)adLjAIK9!)(!-o%( z5O&kEy1XOiqK`rTeSLlRsl;}b`IKQTjXZ!%ZwCbdzZv}Vp;wwy&UF^r-UDP04BRGe zLmHNu+69!d5l5Ux7H3A+$$h*Y?lYFTx(TZNKYncRH?X$$!t6#DxXW?$ zMNZCD%yy%jAW7iIo3{xYV{fnpo7Trl$!BjOR4qQl#v1QD`QX8W*4Ea9goLUi1_}y6 zB_&dM^g9pN%3VJZm`4u`M$7rOOkfX+E8anjf}&jhG> z^rQXALMwm;dff(NP%~dr&Rw1zYe%~jb~<@%VOP0t^;cjFlolwC+i+6&5toVAMwLMo z6%|1BQAGmr>{|?undAUN6!y3)7Mft`fc=GaPab=<8^4SZE^+ke=nLGC@2Kf#=`=hp zl&q@T@@;!pAygFczrV|2)%hY5{j-`QkKV8PYrz-2?GjfF(1Sr<`1BZ-CW#3=4F8m%e``0NSP7!i6 z%kMwco&L}Dz0ixkOw7#E-piUQ)CJn06S~TibVSNDdR^)AuNn|(QDAh`|HqFXRa`Xl zOwVGAqDTR)0io1o>7h26tc5@#2tDP7R#HAs<_!5{-9~26-rwNa=noi#2U>Ru2-rXv z+NT_ST3LARz0uG!KF?QzG5gy($DqeqYK-Mja%SOc4}Y_`J+;@1{RLlDk`2MtC~DQJM1TFFo?B%@!_@rLcj3rd?e`ds$x4w%&~5&f*sF$n5r7&c9xisB zwY3=lV?L`3$>HJQFOGv}qh}Ws2ZI*f)E9C)|=&45=C?lr0)aY4U6K-))TrVXw(h7{=}fDRdylBFa3gEM8s~qnkMZ&I|Ni~Epmt6)o{~sT1oHba0h6Pk0fAVDI`}bzX#+usNt!e7%=;gSD*!TrGIVt5w$cXu< zhxH__fSQhdXkcKbPP|uBQ*(N})1~UpwrkXzvo2=$1a932EIon75BwP{f8pCY3W6)d zlZu&>v-gE{CrT(<(oL9)>+3Mxt5>g33roLh1R)N-zS91DL+Vz-w`~8;a%16k=od$w zMy4|kIy*Z9SaL##K~dMdk|YQP4LM)8m86Oug`~!}Z{-BSHb`3g9Q570cWBBaUaGI(3m82lGg0C(hqBH$ zvsLl<`SlHm3>aBZftBdv`T2Rg!r0U_Y~UI}q%nJunVOl+eSJeAOFz+DMv^V}UwCHT znfLtpG;Oq~#d-9$s=FMW@v_&_FJ?=3e*>|E@U~D9xV5{h>n{7@C)Q>513~xh)nhiu ztV}oY>%3ULUB8Y<>7VurXoGfx?`jTNu=9oWC{P-{Z^bOG0lZ4esu_gh9{XX2?c1$v zZOd?Hfla_M&lJ7`2PwrEApx&UojIs`xURDb3eR(LUOEgagIhxbp=V_^f4!N8NQuUB zpc$0l7tpHIQ`I^Gw?o_g^y!n$m#pqQ`EdXXOtab9S%0qU0Rb=^Rsg0ek6gcTgCxJw zU&kI0GynV*LNGKH&0Hf;(Wfj#IsM|Na!Og(HNhf&w8lmsCtd(FsB#^;oSboOZJPS} z`qqj7t3Wda#n6ZYgM*<_LzV`%l)3t~ye0i&)FCTocJ_>a+UT%b6V$VjH9nJFdO;u( z2m22CZMcutpsE_L%A=%9qbdfm2D{6I?Yx|CWo2bx?~h^5$VZRzJmw~L9>2k81rg7? zz_KO37*2ztiprPq`wt&B;`)=1a_`&c0|@Hv?G4fx=QZ0-YT*KxQpRUnb!>9{suj+jcs{jx zf;Y64jdDXDDT zVlf~SpjAahMJyy#Op+~e^ytzL{fVwu-zO$k+s)zvZr+rUdW{x5H__cR(NpYF-_oL9 zc)Y}Y2D>!7y9CQ{la7N@Hbp%>Y&J?Bh#8&s>9c1L$+pe>CMS3UAMUej&eB~PjPp@e zQd&m&JjRs9&H3=*1LTJTq1BN7(PIw?2xO6j{cmuj+DkkNU&cU@jE?5}alz0qp=}bL&@@<{)JQ?^O?8pdh$aOs7vhk#zg@RHx7e zb#SHONhRzZaH1iM+x7mR0YJeJ*H-7sKnS?GE8f1{B_wopWpM_5P7gepi)P!lZ7~46 zu+gxoFg`l6^~>-d+vlJC8{%AKgmR3{e2L;(|J6;j414q_4m7zb?$4uNBLm5SYG~d5 ze9ysyQ%jR&UzDkEFO(oERW5A76_MBs&_u8I()dMvFZD51K#pFYH7{UZ5KdTEPN{jP z2|_(`s=i#wUqt9w#Wq&%5zc78VVw`OM7e{azAwsWpub7b&$dklG zkLjUY*D0f^y=?wmcUTYhLBwGN@j%-=slJgYUrQD&hXBCI#-@#3_eIac8n;AGPp>Gu z+W0w`WPOx4IN7~HQ>b$hr35?*ZH)c&>{8xXd#Spfp4E4oWw=WSf=Q+KkP!AKSdh^$ z(1@5(1x={Jo}SsCdG*o<)^?E*Jjz(cBaTCWY?W-F&giP=`x5!ch!mkka=xQSJL~Gk zhi9=ZjE#*$%+&E+DuLtrn zQk0W>3u6odWKi8{N+RBWc%#s%Q}40oAT@Wlv=o2|0Hooo!N=-;X?J;@1`Tm+y@J+< zF1!Z3X@|6@#Lk_v^pvR9^73O24&PXC3H*A3T#asWDAU>bc_q7mx45c1BKpR@Pj?QQ)T#kbP3I=kEBAx9PbB9c{T|=<_o@y9522;eoKN(nzRIQqtOK_i|?SuezLGfk3@hTA*V-1MfJXRyFh=vt*s4PQbWxRw?awZ zcYkO#DjS_aOj7caNAD)s&u{~E%e+gT{PTfm13bLEK|w)_uum`B+6szc835|g;?>ni zyYra7FV-dt#j7GCd2%+~UI16&HN6f}d?)k_7^gPhF~?9t^v~A1zhB6+|Vj_qnp5K{Iu|m!eL(ru|RHV>4p7vWAEX_>}0c=P5B_En^ek2gTkcH7qp*5MzGAt(vH{^?&(;Ixi;J#oyg zK007%WaJ1$BFvM!+eDrj0V~HlE@t_uXX|;vX!?6!c}+Olpgl74Y2J^B&>XvQ9*#?^ zk9cZI3eS{fWL};_AP0=;2pE;m&Tb!n6vMP3U_#0t9o|u}jEsm+4{oO)y`uJd)VIOG{8<$v0kYYa-SQ_+ zoM4@yKzrWjWo7`J3q7Il1!QsP7hE(L3WWs)D|m~zLnGjj*oXkwxYK}OfFvw}dVH-r zK{eoH(_bfDi*1i5z8j%=J6w=uVqHJe9Jzob02XDEzUd^|wtIOY?JV4HHM9%m5ejXm4(GusGb(#=t z%xWVZgodhPW655lIvXpw(2#hFM4fHANy2h#N`AiR)R;p5(9k?oY$H+!{^@uV#_0kY zG3F~N5Q1<7z^BvTvAa8@v{h0ugsD8+gztYe28X1hqpOnQQ|*Dp9iotQ`}XbBjbzpG zN#~QEJqxqAg^6(WDnu+H5s|Hwh9HYri>3ZYD)3Um0O|+b41oT@0z0~+quIM959A)l z;HQ)wnq$d5$irg}WAl4e@b`v#!j~b`Uho8>1|knhA_^ow2%BqtLg+H+&6XIiCFv#i zO%14J>9L?Op`kOVyXT(F#4)DxKcW^k_nO{&GJG7?hG8w8T%oBtBz-bC)hfv!2|8 zd#F|7?u6U}w82uSlD1_ltzFALJxKtnzBH`gyMO;GwlB(cwfG(c;o8+RzQgbrazO;JXZG&hs~jzn3(3!j1mY&f$N6p6 ze!klb7F~o7L=<5Kse&qOR1j%C*gEJM*sLbx>xg5Uzf(s<7=kBOvf)dncZYp6=2&~u znE<8m8r3G=d+ty=>t$Y1Q4zi$L$6XXZ{3=>wuQGSkDnlf0vX6_-@Hix&~>kJ9BKZD z0V$b|R>HW4GNQP6359DNWQ5l-e)%tb%>ny;bZ6iz%|pUQo$8=%VNJ06exGI`Ty=QJ%L#0;N;BwnIbMq9y1hv@JQdKnS4 zyL^@O^>^;vS;UV40M;m~dy?>dxW&NdvW<-%xI`yNBV-Y!i(80zW6HK(Fr6&z0);}8 zf$C5U3-Nzm-h_FA@mU*lRQ&Ma1+Xy~g^2njtmPN5jd$9WMiUJD=WiWAjcd+A~L#G*I?H zP59bur!DTA6f848ipT&OLMReF#HGj045%1eG&MC9Z7RELwJ0hoDm&XY_3~i~3L>Hw zp2IVhxQU@5o{8##U+Bmq0K4LFk1)m~K`$ZuL&40_)k#og6%IpmEkX(9l$e<4q(jo7 z#>TFE&?JEm;ob6gH1o|H&`>Mjx*rCLTw5NLxpBvYftn~cW@l#yg^~cV29P~^v>1bb zv-Es9l;Qiil&nN~2)LBEbw@~8SlGjdeS?E$^T$Z<>JH|2kvG(Y?d>5_Qsn=eP=eS@ zB~oSZcbDN#V4nbevK=(K4xirX95As2#ZnYpIy7{AKMydbjm&)Xl!jd|?Vbs2;JJps zg8p#fBAMEC`@HhdOcOOz2i|Ps^EQ9 z6tqaSG#J+B${P=%Sv&2%Ag z$l^HQR;QKq4-TfQ@q&@xx<%vdv~xXxPkW(l92X5xBBzvlzF+btxYQV_SWR;mXf;Sc zIa2WL-~X|Hhqt_mSeT%}tl4WWnCndonyQ!}$xrUM%>gyAB8d0;d8XX!M zf+q~irsqDbh_|nl=ltiM9=&1+K7!uK=PYkB9nfg&=m<(SQWg~MM#bnEHFKGY%c2^Dj@FW`?}M}=rVWAy^FxXEU=!5G$=E(75Nrzy4sMx%`$0-;3}3}oAf>fx z!uZ#(Uyp8Ql&Fwo3E>JTjN~&;Z}3w{#Z<+hkaijY(twWf7_27s0J%bVOiT%yE1>nj z;9&BzXLKA#rW5Z;yZ`)3if;LMivTe~f(r`2yO~|Wz|^!AwJ%FApkK=8%^_p{IUZ39 z6JuihFp^FW7^aNXAQL6M(=6XYKHuqF?v`K6reB={yoSuib9lnWc` z0?dEJ;UJj8ases>+bKl5g6I@_p%;MKnZGT!5TxXM!MUl{kchH=|$4T zFd4&9snli@yCQ-913j8u##{2p5qC)M=#17R^>uNSg&`Q}p)U(Y<+>*ne@J=Wetny#v6Jn{W7S>cXg7cRrFcAo6v*s{fN-DhvSmLgAkSdup!{jfEq%Gh_c^JlN8v|9GOZ zkeP6wU)p^KgxD^2W&TH$Ey9%;y}f@tQLS6YOs)bZ0YD=XaPq{74+Fm-Z3M_6XzCO3 zkBNI9W}BLtBTzItU3v?NHx<8pX>4K=`OhmRW9nm4@txf5VFL%RTKZ)u~o+h}HCn4rG2&#Gq=)4Gs} znJ@aBqUN8?;=F!LOk}C?0@0F$P&BLyU)F`}2Ji-WA)$%RzOk`Ot$EtS3ej1f)?PFb1c3MQvh!$x zkpbFftMS&=)tLylM;~_R>h3xn-+7`z`Lw5WwJJ_(7JU{uet$c36=MuBR_cam(2hzM4st3o!7mizKnx3nA*6LUs8 z1xdGm)rI2;$o`v@9NcUmmq8)&7})`U4HDB}A!qH!&75pVe2-ltYEsRZbRLwj4s@L) zY5pl7;y^q2g|4nHD)q{U9B~aLV2R>HP6Fg13^Ny#Yfmc|% zGOGjDg`^Sw26hFhr$gT+1$dn-j=B9Q?oXct4jibdtINczFkO0jq(wxU{s}aYidP6d z8WQx#3qH*p1AGrsj$*rvOc}ywp%ye`8p5~BB8oPYtD?pooSeLHI07dZe8A5DQy)h~ zxs0~fk=jq6n}PgRBmi4E_ZVo4nAXxm^8!hp`jF8pVq^44{z?NhaF{Ks%9l$6h zI9d*jhN$^7RUUE*isN!}u@m=0LkrN&5Y7V}-n?B*Y44*zafeQ{JK0f%>mpir_ z=Frg+u@3OfXQ77Rm9ShzZF`oHXAit}i>Gy`jEszs&`-GbtE;Q9+Hu_CF&B+xK@ntR zM0=)ZW(uA^XG2gLt9wT;>KmySey`fJl^ODHJy7}qjSO=Hf=CEU?+oICEg}0aKnuy| zcwyUXV`}=sw2m!O2@011S~Xr&hWp~PJayB#=Xze=ZwMc6*?EcbJUI4Hm>ZEmv@6C+ zLMf2)TFjr=y$cpVBSfPqtK%5C80|YGu5v+*b!pW5disPRjK+r%5%U@1QZ5sh zpbiBu$s*&q5{XR( zbCaY_aC0L^CboO`cT%h2K;ebN#jRzCXKG|VJ|}aX>(f)SUAwqXWopz6*aMy)#-d?F znXnlx6Bl?Gi$>Rwp9qo?Kd*9gsEm8>UZ}xI$;r^DFLu`99K%`^+syH075Daz4&gwG zhwzM1{R=Gt{V>6qnV9~h#WDa1FqJ#Ham2yQ%xr~&P1KyrMkVHmde=Pc&3A9#BBc?m z7we};Vq;QV<)5B&gwR3#nhcm;YmGHX|l(tfod9cJL+`8;vs=1m|djVm~dB^;T7 zw324=i#3;CFEg7@)cXDMSA(0E{A05kdX z{Z-$m$OI!_+2i^>7^eA=qeo@H-2oDemY|wL)+$>ZIe?(@Wa$#Vr!zqR@bEAc;1|!I zD<~>@AS~5y?}m!px^*kq4uVmar#ooh|1Re`hv>^W9>z*?+LVy$fvD@4YB<=yFC|ri zUD#2D3(16R**A+MH}xhqM<}D92Dka~MeOYC@EH)bG4#-Y2hIWcHu7X=zvbuWcftuZ z%I^IE{#+jh?5*7`S{4-#hf)$LN-x7U5<*hw7SChLe@f;&oRSnGQcg>5t~E!+2abGB zc!w>hq`OYlbj^T+)y&{nl982F%~}c9N%-ExUxr4NvU7C^!}6R=xCp-7u1dg z(foO*)6Jx-kCreT;q?tV_HTz=@(@^i_Wp=aq9F$>p~l_nw+(HX>s$uKwG+8?v?(K` zk2d0nXh5T2s5~O1#zCq1@$b)A)94_3kj?}m@`3y@uKn+C6Y;xp>Hc1{5eF-GkdwhN zb$r5U#?kUSH=GRa^R)UUjBu4JRQ>&#suMln>E8nb6?`WM-{F7xZGtJ#$w2O=?rof4M$&YV_2Hju9vU)V=|=S+qlnyy9&%pf8OHcfA`ybz(viNX zFM6DbWl;)A3MxKde`x6Y6gDL*ucMx6HW!WdliK=s)sDB|EKz6>j!#5xdz7cT=jUy` ze|LQcw*9+T{riaa)3iey&m}f|sOuM|FzPJGQdCy9QFc~Nm1^T}}pSr)vw~4)W%MP{z`LFu8jcIr7*XJOP2K>mw7z8Yd z;R5&4h=XD4)-s5)e`i8{^x>xJYK5gna0=A1n9u6+FCL}owD$MX&jl8jQtE__O z0fmB$jow4D21>m;;VghOlN1lQmA$22!Fo)pCxMLQ6IAj3pTYA6J|TLC8bq|`Rwtkh z%C5t|snG~=Ps4jBHkKQsw+MQD z!PqTq(W5@$^7 zkE7sj$$PtejYA&qTzbp0a^Hg8Xe&SR7`Bt=OPS~=<@KNK-Y!ED+xYp{CMzl-`K79b zr5+E&d`=#00Ulpza>p4q<7L9Z&JLZcqZ@z_AbNPRd~W7gDvqW^!vC@?gzSUgJ?;*) z?E;fbK8;R@3=#?Gyx^sm^vukA|D1>Yn`F_*IIgA^;yj0=P#7m-?%R&-0U}|QrMDEf zYw4})sruCTcI0#A?!{uMmk)S%To4G~UZ51;hnWou!^F-mi5J6@{Cfz^-NWPdnh#*Z zCK?)6N!Oprao+B$%L|a5G7#^D)(Tu9FG!JMY;5}c!D!X|W*b!8k@VAv%^!3X7Mkw1 zJ2<)ZR`y-CCJV%=jYGCQlDl?2fq@NC2Vxv<6LTlRQw&gW>FHH*)B=_j5(fy@k+d7^ znW8mnQ4x{!bBQ+^pzf;)qww#(@xfvjxlrB;3Tph+J=B^RC2?_NScl5h-My-!BIJ}h z;amNbeKJ6kFWPaEMcs&+AZSlrC;ol;{&P6`f5^V^zIQ@jLlPR_31^wrdL@qF%jnv&nKw?as)w&hJ#} zBmQ5dKA(B;qLsqJ!c!{-QS!|u)Wp`5AhH)aBH7KKQ`1wU z5Or%H1?k2Z~9=|Djb=)YNH{1G*aHQd4wRSzKsh0M`b*fSGkXPdOES8>xiS2%G3!T z@!PvLzN%8P$ZG5zUv2S_&&2K|r@eniF-ov%tTe6cUgEXH&?NQ6M8}ox4e9~%{G0y# zJr$6o`S8`XH`dcG7tEL}LfBp@?)T|9=#eEbS=^Sgj+`l&v{;Eas1E6{Q1ema5DOqGH(8GMe7P_w|+M<|i!&rAKekmKIoSO-xG?XUb3;Tv>u0ISCntes~% z^ect)?&zecm4%gsVd@9XjoAUJ(CJ=9A9(4ihu9V1a0rRjJcq^+W^tHYwTDEaju%;X7pW(xzDDL|K!1yY z5fH->=dllCw1jJH?)_~f$e{TVNQ@Z?z!6@Y9W(&G;O6G;9~eNsr2~!Jgmk=QpNfK; zrHBD9x^j`j0~o#)EeiNEly@LFsD`|)S>s4%fU}jEFq2WK@uK5H76RMkX@~2Esh?jA z7lq-P0tuo*#8N4|9kU(DgDqsvpk@%c{!T}5NRrMqO3%Tu@`jodi8^?|t0aK`X-)?& z5t=K;IYfME`0l?_Hl=hSRf!{LXMx0?WBf^`!$X4o%dA5^o3XmC-tAqFNq(eG?i{s}nz%B=V{D3f(s9D_BgrvBg z#l81bM96`^XBcrt>ZSGN%il*wJV<(PAUY+VY8LE)9 zvS< zo4c?Pag3d5G~Q!zm$NEwD40YeT|V+-1qEjn6&+k$Sae8+fZBBJKHHDR&y%zBhj9*k z;p4tI)*c*o!NjPZWVrnr>##H&+|FQGYEP6GBGmV@)03DQG(A^ zVN4aKYlFF?Ex-1a_)7gddi-1`>lY`rwK~bph^%tcv9N?=xh-5ogoT4L&mPFVhJP|M zt#Kf+EdnAO0-&uYarP+f-8>nds8Eb^8n-(Yl71oI1?{_jgp1}apjqY2Tj=#t4nOX^ zAi3hs&PkH^Af1ov#^LTDp(kH9pe(-_R=f+Bwz+q zIUWR2q7xUZz)>A8Vc$bJzWxX2uxed ze2Q#O8Teg)zw!9JNzl?Lv=lVv%5M0h_y_*pA^d}brpQ#`9wLJUSl{~lx_LYj3{^Ni z#|Ki18bxcuO!$l#%Q3p@(yy-d1CY==f}3zljkRYyLJ8bxt66f4;%aEyo{f17isilRYzRM}&jn;u1`Nd0V4Q&Q43g2ql zsEmE6GzGM*Zn$P>RsgM7tmfpSo{PiDxEzu>e@Q^U*f|p_2)w+C@HE$-@6^D{J+Q}c zjd9+KXFBJn-&Ld0Vp52}@;!10S~w}#l)Z`+2m%Qp7~%6Y z&H-}Y`ud)Dsn30DI2M2xnBbyF0$69tiU%`*(#?PXr^%ibnY9I#02Z3%I;84JTluWu zxJ)dRS5yk=%azv0$Fw1FNA%Qpb&9@Odl9<5Ni9LS0=$Y5pd zKX70aQK2G1+)`_FL&Vv#A^)^7?ATEXRRSfuZ_l2{6uo1lQ;}HJy4u)<@bm_AJb>g7 zIs)k#IfXEvR{GbFpU=K;L`F)?!R8Z~O2YF|q`OHnZ1;tA541B&F%}@nVS92)d$!@B z8^{x@4-@G0@{nxcPeK_+O5=3q`WJl_JK8*u|obW;T=62DI>bVs)stxPj;*d*V~GVpJaS`_rAA`Pq)XX zSA*WeoZb#QVn>6f-B<8cMnbZB+($Dp#td0s;4A0v|LC+;)6Oop(&)_T)0&V0k)+hp zifq3kuYN_0l+YpN$22sUb#EC)oaW}`=dZNus;N=j`{=B$EAdtK_smSvdli^Qq)863 z#KA!%CJS)~QMOGd&*3JTNzXT5P&u?bdiOvnAxU#dU=Av}@-QzqH>GY)`<2_3eMRf< zJmCpda6(eqzZ0QKoH$WeXL{`SZOZkMfD70K_>%`7KEn|^GdBlExpCML%N&#Z({J?Q zM`I{ILyzBmJ8gS;f|nui1mcgD1&eTdVUR_AF(504@&HQyJtT|0)m>NIucf6W;KmJ1 z&-W`sZ>8JUaaoB4R?4xDa@i*gsVhsZk2S{dSW;Q=@VCj}8iKJ0cHGHIaI0Ba6a$eRA z{#NHz*U%sxxgq5b9&(@DwdLeFTsjtQc5ZI1o`O2-?)&dh>}}egCm}v5AaJ+RXcH|h zpWbWNkr#KN?UMRJf~x1zcp>Wzyl(HFJqf%Cs*o^`aDJl*e}rHLBEYXM2{3MeYGotD z$`ge6X2yjhE)8oRJmHHVsgEWlvJqi}>cQX0U{X<0MRZ<<0Q~m*6l@pFAoxBdB_(?p z0^{O(Jt^tR*PI+3=_zr{ZVNqqj#1?XD2uf3-~)a#$_3b0jl#h_xJ8QG3?+Ip5)!9n zYE1JcUy{-KQdgLZ;=1i{sI6uIT<>#naf3__wg@}j&GsH+;hE{_)7%V>R(b6hIpV2m zL8ffArVbY`UQ|-Lb9=84K@b~bZj;U{5}HF?fBtpcxi$^Ls8p8fR zc`~4>mz0H}pr(^3>DAC#j1I-OXKqF38)~k!#;a)szFn<+|?+ z+O%oPRZ=VpTLC5*4r=(`Ra(a6^Kf^UKXq#Nu3bC4=M9_J-~A36RC{~`3Br7Bem0}$ zntVUDpOTkfTwDb2etBu4x$P=DCmt+u_pa%zn641fB_1J1X~2vLuCA?}rp7xw=EOpE zO;#YBdfhr`%X{|jMR*opCO!>z^v|DH6B|y8ufnhe#2MS=+JjR&K7RW2Y*1v9 zm6mWITTkn&H8eJcRa7~1Ci2X8H0~FLg>!RrE-o&l+&XWl^jw!iEeB_lg|)RhQUjqI z-cMnR19!(t*csi}A|@`5Qe)FCe)XyZ$J$}jYiG_Pk=uV&LOYYBrojWo(>}bsyudfr z)zuLNd@IBUjqlmBABgD5)dLzKv-hLFUt-#4dETx-+Y42kl_l_y8yg4*wTC*8r=6ai z?UV3EZUEvqLS#6%Fzg@sO`o#d5fvk}(fq2&qXB_yZ(y~ilJQ-t3nz zUGa*^*T3nCf`fwG@oX%BT9M-JQp0yt@S8?PEY;L?bQI4qa!`nf1;}mLy7iiUqsL^) zsd~!CO3xY_8&Qk#Dg#ps%NX@7t*y!|Sa3=!1EQ8Zs;){%Df>%PZ`WgGef_u=OOvc% zY|;c(oa%S0FZ?QTSC|sdTKXl>$pgfMo$D&8hX>2yuydSi-+DEh!cG(6Z4SXB@VvrL zbJwcmA(plZlOGEW?2j1MA{fZ$`~-!h>e|}qBg(sI{I^BjySG^?s-v^hN;op;_HBgx z&Ykh`DU(mk?Hor3xp0ll;O?KrluMvb@`JWrTqw#)%X$N2^58}-zE($%uKhtzvd`|_ zS{;&)q2IN~@1RSF#Lt--r(2emr+Hcuv`#=m5f$wp9$vsPmSseA=t{IQHEvf59};u) zYi)#W2Ajo{fwT;yeMhr?eIO1uAm5CG->!3E2o##D%H3<>3ED*?$IW2K`s3R-zu8?7 z{Svi*usm8vF6-kXlUMldo8e6_-?@E!e6>6I(POVlu!|0}aB_0)*pa1?4hx2o96^aE z?{Fw=0wdMombI}lWpFy^&OuroKt03;x{j~=8f&nL*0+7(>$T0=+S(xsdmL&-oi0Ie zjE;zK?f{qob&p*b|+^23JrjB=|pX!UN^bo;~a2(3!u8WSk&-rt^Rsq(0>ank@qMzmXyfFLvJiGoAR@>C()tLJiMS%jfn|kZ5%|^ zSa_Q(J;H;KlH{7K$o;qw@&+MDNO;rKl$V;ipPzpmgndXhK<=D|#@ik53=!z-Yt)28>&D=%QDz@GS!?`*4e2ouVsOvr(3Dq9QKFw^&+PTGIIE zXlHs#%k1C3e*B9BSOQ`;0uN5B=Hc8pGM=5C2k2>lq$-RKc3*3;%uGr7Y%YpEg0Tw} zRXkY=?=z*nuumZW9A5LHMp)-wHvG;5&W)@4wbI62#itjuS7a VZqJAB#@`TUPAZ?sk~8rCe*osmgx literal 0 HcmV?d00001 diff --git a/docs/versioned_docs/version-2.18/_media/benchmark_vault/5replicas/p99_latency.png b/docs/versioned_docs/version-2.18/_media/benchmark_vault/5replicas/p99_latency.png new file mode 100644 index 0000000000000000000000000000000000000000..0190118b22f8ea7dbfc862067b06a47bd6ce0d42 GIT binary patch literal 24062 zcmce;c|4Z=zCU^!LzFUQC{sxpL#AXXLxhl!h$JL46(Ukni9(sDB17h>l7tWvLXwJ% z88gor&imH0_TIm}_CDwQab9P=)>_X~Zr6Pc-|y%1o<7%I9c?u_8a5gNfk3BzOj(aW zAXOy(kBXE)AdD<(pCb@VtJRg2^xb2}I4NFk>FdF+*JHd%UUuh~+-zSEneVW+ za&Vb_HdWu-$Uum2?RxTDp3LDvCz@cNs#we4d&>`F;h5s z^5mH_-*F!!TKAb>4I^zCbuV39UH6`d|Iy#) z>F(bD>sR=rM~qBNK^!tJEy?O4W^W(0Ow69LYKo7GjI8x3zViE9S{i?`0r{t~9n->u z#C_Wt7*6WxUH|i2YR|LvwQcjO3qM6nU(e>0txYd1F78Ow>*3P{5hx3O5UaR?0zmK zdfWmIDF+h+gD*JS`VSvWOikBk64oF7p{Aqro*QZV{rzQFSXjfyk5~pj%X|{zkH#y(1&bzZ%$?1LuZY z_c8~zy}o>@;^l|>`o7-Y#<)WZ{dHmAzJ0rt@GK=IltD~PYk)r2j zhnjmoD<(C&UA`>Cv1Q3+eQkB;p(|eVV;wVtO{OL$SH`|71rtwWy1$M^*ktH)dTY_8 z_S*W(d-m+XlH`zf>c#@VQY&=oIpX5t?*1w+uJhUPh~B=wn)|GMeSMYdXFu1}Sl5RO z-K3=RT%7E|9q9b=qxSgK0|yS&Jm4I3Dc-hiTYI+YwW(eTCHf~%o)DK_;TWs96)n4@ zpuD`ighZkJ_ZJHjKOI}vNeMK*n-rD$S+3UA)vbigjkYt8hs4F1>gp;bHD{ZZHTsOU zJUdRVbj#m=%KZ(_jE#+rX8c2SwTh|f;eGq=dM$NVkcly|?Q;9@Xy4J>v^{0_@7_Hp zy5s6Z*T9tf-Me@9@82)w@Pq58=lobyXsDi@o#2BS-m(v_SFQ;2^LIOr4h~v7Iwm9} zh`jP)4!m&gT%JRx>@@!QBtE{YIZ3T9f?UaKq4Vm%z(9XJ9lK;&db+bT$F2tvF)_#K zs|u`}7E6|~h!0&JQC@pvp4R#Cr{3_rk?1pFI!tauBH}HXQ?s$bC;rS zH!UrH`tbB=1pPt~x?eQ7!ERl+`rb}(MDSY(kQQV=cYioZdaJW*>x#`*2vGyEJC3@?o z_@bhsof0usc>~X?clJZ&e;^pP7SXFSJQhw(jr{J8r4 zdyPT{0>zC>=8EbPY`?!1UBWfcP*HtqYx~`v^D}hM@m~!wsp;wJ^i`;0em8GMh?r?7 zHG9sD6gl^)Zr!@|89Jj}1?4YrgrJ0o~4NXnW z>`l^$9j^z-w3{(S%5y{Vpu_8Oj(K6GeC4Mme8wdi8&?RD`e zON;CTMmc3Gs}%D%a-}yu>t}Q22+vX0PqFUUG1gfUvF?H*Zd!6>kB@<&;rgoh^g!PE znve2-TC!0ps^x4R>^hu%w)C5miI!FtN{?DF$2N}7ZEXYVnNObRIx+}He0SQ5sx)V? zl#!9KS)0C~Q3TH(HT*|!bs)tif8|5IJV$+%j+a{%G$kmkKfACw^+dw_)D(BbOtX!I zWQ@=pDaX#8M~@!0x3kmN*H_lYt^Ly4dTnlmX=yI0TN~>ae{E-PzeiTK*h(+WFbKgj5wMCvmwh1c})4^-=b}m&F6;BEa zXFE%-wq#Y*)C4qGq2fMD;E9TgdiLyDkhX!I-t^pDXWn_WBS%POLL(y7=&QCWtaSJG zie37WnV&D_@}{s*LR|c0e{-F(*UDmEZPaFF!B;-(Z@Z(OeqKLGsHH{wy7wl3u5zma z%CMEC<&V;95pM{p!s$b;sSjdeV*LH92kIjxx=QQIKC~5GGK^?KS;X2F$+DoOr4>H= zW(OOat(DcUkr7*KYgCSs%*;%YhOIO-BOL{U3qO4(#>U3FyA|VI_U+pjC-43G>C<=b z-aWmxFpe@Sb?~6~>`;g_#mD%=*Q)O^p@zlcUOc>r3s!I&(lIwr#6AcN4D|O`$vImZ zJEq@pYFh>ulxReE4$>!ni@4C$}ua5y`iG2 zy0+N&;M)8c9%awgUD8hG4bcZtH&Hf50Yc7}T{m^iKq~`?`Y^seIU%jMjK=*`CGg16 zqcKV5A<`U;(*yM^f=2YLtgMWT5|>9lfB2wLtWV0Nck$wIvU=G2;GNgdx*tA#h})_X z$Xr*#?`y?1r)FtoZGA{unt0rI?|9_p;}sk(UAnfu<~==#{iD@BHrHK1A5fH$56!ga8fqB1jZR`N~q7_@wMV! z&7nudvN(T!^sv5PwZ#Q1E8^AmAHRBa0ZX<0dv0Q4`G*hBo4wcOzdMePqmExyz#c8_ z9PcVUbL_yEFJEvg>_>8@6-MBFzAW>jvji59}Gyuw1p!5hk64K8$<=P0ntJv}`?eE86RoPi2mITfm#j%F1%y%Z1nHXjK6#Z|UbdbiU5n znmax1vR2tWGc)tO=#pC3p6~{%&GOtVib|+YJ5Wr&=J5&$WaQ_&025eQS)oxczVfqp zo|$O^$P0Le=W*}e2SC03{Zj>gma~e$O&S%4&SK59x3!_GR{U{w?0j96mR9@qtMuW+ z-gTjS-oAZ{o12rCMny&S%BhD`VTHVTcowHaE#pvG(=B-;IC#s_E57Nv8~q7|z#m;* zUHwf2nrG;KyLRouwr*`{vHkwyH}>IRL(J8gUs_%!N+fw5WBX2~WS%X3eKcSTP?&~> z#@gB%u#4lO^qt$5h4;I@el>DZQoDFDJv-Z>H1+rnR#q8V*^$xFt0SK;0#RXSoXa!X z%pwewCA5FPC$QA_myQDa_oJWd>FRRF3bzt5~wk?HVb*>fDUWn9lw3l9&ksHmXJIdD)z)!LkokI&ZD z7EgkQ^9Kt9!%_M4q2rIxdF9XN8J#|Tx_>UUrKJTW@>GVw?~a00Fopc|SP5W4)IwTL z`5%pq!e|)H&CXcR`GN#RFC2;uwFNf?{eAQ1%^i00nWqbO$+>f_jM5N_-2t14%}Y)8 z%Gj&xtDep;9_#vIzb-8fHEB& zUBy8*0DNn)DBLkXoZnrge{dyKe#bO4jEihf85^^8@TcVD{7lheM_H%5**xhy;U;Se zGOC;HrHU2cW}pHKL(S*0<~D8Ns9n}nr+(QVU1BXmomddi|y>ioBUwS*4|=Y7cgGmihPyNBjZo z5e7B-{oOFu{=zI1k6C5)ElbZ38;NfbEt?5d`lhDdAZtTILpY4BjZLOeUN4r^@bK_- z_U1%qob;fRv|-NKww9Lt!ot5qhUlq(?k5yVY}vBKb+8dtN>D^ZgrA=)Z0yfOS;SRS zLJ+@*NP?7OJX#TM=Iz_JL8kx_>%P0++dV2SO0aRjj@qjod+gY;AwY5mhj9SU&!0c% z-XUXbz00r{4;?h%OXlgYn3ywX&%Sl)d8ZX4xl_(vr~d_&D0TnfpbsdHmKK1XaaR$+ zOV`viE-!Bi)qN)i2VlVb@9zt1tJi>tCSDWRoUwPG91WPC_?b{`v5mZEY>b10V{BqV zq!9m`l$Mpf9S{)l_%Zs&aXjI!%Ony!e0;x9S+PgKKci7{(8^G1Kqed< z9Ys(gM>6o_7JT=E^Z{`=zfkeLdjZAJ!NCCpLjBk=Cnu*nK|yf}K5x5Q>j{jTei!H_ zsmfeeO=^x;@DYBc$*Sm#syqf>SNo8=KW@D?b)BlLm4cI0Qv%Noeed9&wHb{+n5XcO0=Wr>uUg{WkNb!y_ZV`ujh# zgDh1rQRrx*61{bwdYYa-OeDEzX^Dx6xQFXYg9#hU3FP9;3p><2lpTEb>`RBZNcLU< zL3dpFZV2di&wkN@pi0u8Cmxku9cc;WqfzQc!0u}XoWA6?ZY1och1V_l=5 z;d($5Sr1s;!V(P*4kq5WA3$k`+=g;dKk%i%V4fZxafh$HXtq}Ta+AQovXpsgTGtY- z_0=;G{!DrAWvm%WN=nEVHkU4KqNIGgsJXFf1O-37duIWjEXW+Fo%&$Mfg>s^7l2uN zz0UbwGPl5;@BtBE+rB;Dt|K2ffQ5wx!0U9E3WpXBg%{m^pA|%*Z2xQYQhu7RnEH3X~@31E8HfzkdrY z@(Xi2QSxEI6zAnRm)7hne)Wn-e6FjIcx`)7Q~&Yf{X2Jb^z`6 z{W(P|=GLuSSScAZ= zxjd>GY-wq^d(WPZj*dF44b{Snt-k<@Kx9Y2BS8s3mOg&`SarIUg6oyzq1r0BPHD>?`30c9T5_OXZY36kJN*O;*&HlZxWWrj9GriSXGs>gxF1s zmey8)2{CbTaS4gfU%p5lJeZZ9zHNrxG4{sYfp#+=u<)lbG3-lw?JX>N-+0X66nKd@ z{+zvi9Hb_6RgjiakC|Ve(@)}2RY&vcXo6P)V9-)i_xSh^jgAWZIw*>xz3*|t76170 zW04mn6kqsfb~wz0xUC`&oY&OS0{SvDGOF#H+QKQn0_1(*{QFvBM}Fh|=L%5I*|TS* z9J{bG2e1plU_rgBJD5rMjL``z%gzGo04@&bZ}Sxeutj|Wp3Zpv+Vj+@$2mC@=x}p$ za|6WYH{`Yq=?1?V*=Ooo2U>dCJ7BoaO)h@JA$YNLvfdxWAHGKzt{9XD62KGD_IAz@! z3+eVkjHEq22effYUmp;#%EyMzSFpOe8k_JK9<`z2%jD!+V^w7?12o}{eikFpRl@3M zw`}<}<&NbQ2yyAb1D3(Qdnz0j!yu|(vd*A7Vwn)-A7f+B?s5|1<9*eZVJN=iKCfCZ zxSO=Jw6dC7Q{;g@h^f4)_a9!pNSG@{`1;s25R9kz@-rjy%y%+ETiqEI&K$dOhiN2sr zsai3=y1PFWyIQ+2@dQ*xVckfR-1hNNIWHDPt`r#=IjIIQ19%7>M4%ljsK%<`^5x4E zYG}x4=mUn^%2|NSDf`wBJ$~9;RrUMuvaDy%F5&hS8iA=4@8)O zXM+qIWEwSt_mYrN+Su4=MoXv@EAzXC1|bCnALs&rRCbbo-uZ8a3PVjrMQ?qEJkkii z)6>_-z`~+NuYBdoi-d%q==aXo9Cb8NY*FlXJ05q0!WR+Io}{)FOVFbo&jdB*jIlA4 z2lvX`bSf$;*z!y>W`=@EEQTmL=zI_i@Gz|#q6fyt1Rr;j9_tJjI)h^H83ht&Xl!Kk z>h)`3qg*agQTnX}QkC~*j~^|@m@_?ng{CcO|E;R5RLb|A=TvVs^e-yEp&!NKOU`ri z^KU)pY#~X!IZpPF&&!|c)AWHIv|9prC-xJPX-OzQwMfgz9QIi=aq34eMTLzpQz0~v z5`Q3Q`dUI-dJ*WtMEE5XeQ9YUQ`4P+R!;^h4vPAQt3q%5QS6F!S>iUV2WW-sEx$oF zV9Mw_3;V*D>)^p6fCY<&Z92yQQLkTr3-M?1Z?5rG$8i1o(5E~OS zGvBY<(qs?{iuVZ#ndVyp7u|tU;^2_&@9z)26tpQRDXG@pnG%wMiz{jY#b#!7)G(1@ zH>lS!SI53`6Q4MN@Gu4o-&0Cb?BGG%ekMG$9RxycP-&^Rrsnu$V_E}$>>Z^f9jYQp{zorv1qcj4EeQz;xT(uNGD6~>=9ZRa zkdncVQAw$(5GbP_Jt{|YAEBk1P9B09Zg2P4Kyrl0!=L@KMg> znpfbA`TN8O1mj(Qy&6kv>%snhx8L7R`3ZT5!P0p0>{+#?SX~4z8N@92;SwNLJt`)9 z@S#J8e!g-(y3!ZSsc?4Mf*n0SE+L_*ZweB261twBlA^lEzyntK zHhXg2LM#f^5x|aI36kiZ-Mi_@dqze)2OD>?v&ZE8R8SPJ`|u(3Dm9@O6{Gd@=SMaS ztQ3)1S@yUJ3kwT0Why`EtK%l%f)RY2(oTths&oZCAS+;Omt93}m|Fhw!lEK9u;!PJW>Qiw z@87>4yz>wnJG+!@ScBCB+I`RYM+t!M=n~kgG+lgws!2e+G%~_*+Uv``psG=tR=}SS z56Wuq+@YF|x`9o=l7B{ZVq$`moxQ}S`6;w8EOGCPA$4&0J~lM?EcR@wsDLg2Fb5~) z`}gnl&%4%}fKt4@ylSodK}PDr_Cn%Ks3;G5MIiL6rmT~X`l!-ZK~Lt>jQlhd3kZ~L zly}6bAJvE0t-P1rAgo!Qy6CN~t?h$81_cw6q{P94V9&gb-mjtFE!7ro)l^Y|{bUQ6 zy|lChg@arPh$j>L77hXSGPx2qerj^EC9I#7EELk^g$Yg$j?A2#6WQ@ti}WTn+~N=> z@#)H$eZJd)?{K^3N7@9~f_@DQ_=j(`39(#Y>IDEq?RxuXyyVTBH-8o;!tR0=UquD$ z?X_@egh_--%kADX0=x?R484PM#s@ubZ$UIk+MPPfV0I~OH8pFrT*$`7z#ceWKe7BY zyUWGDxn!dXtU%X((~B|(H(J0Bu3mt!+?Ro}?T1?XninyZX zB%;{uTQqp8g6Hfpr+%Oiw4Kn6 zsu`zA5Nd#Oh@1Z~B4V(+`(aE>$)$E-_@gF-o8g;?RTV1_EOs1x92X2f1<$_G5G;bvQZOgsi=lJOJ2Sa zASEoOaFyAN| zF;QK?Qq$x+iMCAeDxo)jddk3nNEeO11{e*kHu+b$$iI;4u`m>cXR}CDs)v=R<^gl?8=ISw;mQ6iVFuO<>BQeiqEO77f$ZNT?)S6Sgv>SBzzUf zpS2NS7ss`=0nh2I*>>!pC(m;o)c!HLlR&ujP}f&RTAJ8ry51BgCUOZ0*`u)G(STDz zX)gCA0jfb=WoAYyVDH|&B4=I*;xjN3^3&-EgtTL-B#<<=Gc$)rN6T7NQJI;U;Zymi zis9p?rQK<;Vj!PFLxaDm9WNK9nuH4fpo}M^e`x4VeKUbju6Akm+8gG|`ugLGVk+wB zpfVXq zh=_=c^z>7PhVATwP0+Q<@UXkPh+oac3rP8=MLMwhLqkK+ix&u{XJ!gE^DWYB`D+gy{c;Kd7r+FMZl5UUuv-Ef)(AG<$BI)-w9CkZ@qP*QT2tecIxx_T+KCZ8*I z<*#4A3=9mw$-s;H7f~={AUZ-lT4Rh6pu<(G_^Tz8-)&5d_r!$fi2fzRl1?HW;? z7t3HJ5E#S9n4LdDa%z66lByl|;p0b8e;G*frPQeNrmx+&ebDy$a2Ao8R?g0O#O)Uh zeXU!@>hk3|oRU9>{z&R2P%dg}>Xy#E|B3SU3kp7RW9Xpx3X0O&+6wiS%I_6a2AIZN ziw^4Q)M0g>TUvO`AR>Xq^$!f-6tBVM179Ypw3?c7PTh*&-iv3DMA)b%N~Le!B>y>M zV{02)MoQSz-AAJzf;$ot!rjc5zd0A;(&2SMF)_jR6=qzc^Fcewq*f9*=2Jty$`K2EijS4__!ONGR%h3>eq48oF z>F7KxD^mzk1-EojhBFgtB0t zwy^__GMT6jO`k56p*s^#tRK=$xT*hav0bUC1=FdoyiqF%NBA8$vGIJ}h=Do9HO6HR z;@_G*{nSK+PY-zndkKlTsMMYdo4!H_B0ApL&z_yq)opf)<+#}SdJfd9U-zJ|8&^4j z|KpDzZ<^J5L;A4(=HfTaKU*T`!@0J}1070y`V@tScj5>^`6#||B?EFbI$hT(!W|0Y znM`I8gM0tl`qcQVNfE@wub1y^<6Z2-!UJxhtEsD-pP$D*3NiZ)_(E?&mhqs%JdIlC z)F~#8GLIRnq`uvhWIpr+f`kgga{1&|2XDy)?~5ydIFN!Et>p=XJ6r$xE~Wb0#0&eh ziBgE2R8tJxG6HmppxDh8Sp|o2z?9VY6@JLra!VeXojRX_f?3xd!kx|D=8D{a5nvD7 z?fnR0A3=WcSptEcSQmAu+;?qM!R2y7x7iTc&2Ty(Ug9+xOOi)g;&_Bau1}lzSc%t~ z`1i^iwh#|FL`Ft)@d#&Ru6QmOHk{$Z9@D#JWFR9O!L_QbO~YSdzweZ^i%dST>k=zE z`x;EZ4<(3hF1}+mf`Wnt1w{&Ce0FB09CC-{<>ffJmkyoF$W&qP6~1`URbajKK~0zk z*4!sj^+6AF5M{JYPC0icB;+zOE>%*a_@H!sgTRS81}kWti3010UTc)>((ZB?VG8Rj zt&qe;?32>dS?TFTJ*N9%8AzmS6CP5`-cYLla?H2m`j;U)zA*F|&D2(EKOM*G!HP1;7TyBgKa0ffAB=gz6ELZ;w- z@a?8$Wqp;2Utxjfeer5|E&*_L_n#|p>~c(sw=*$Sb2>(+MG4i53*;Z{gKAoO_jXeB7=ct=5iLMr$n9x3dLu%RJ6EHeUuf_scD zGA8Cb*cUEU{K5xDP;C&$&_0|g)PU_f-&a=h8kR%rLFwU-Jlp@$RX1Uvzu)N08OI;5 zLb&e02BUJ2M$5_MAR*XzB(KQjqDg^N2ue#wR$EN5IN-^qfNY|TX=R7j^r8RSqg~Ct zhY<=WP3@Q1I*hgq_h63C^1=nvQqO~2T#0o700q^%$`z;l4`er9>0sDEmxs_i3A-CZ}i-*{^SVg)A z08rz#Ixk5$=sYA7Iddw%w9L#m@DTx#k^_F^UpNl+?jbc%^qw0zRa(7_{7t}?oxNrO zy#MNE+0i=jPIi*)fzrN50P&vJ;tOkQAKHYezCDuMIt&62+_`m^oQ+!yq<2uJLozbR z#b_8?fE^(Ygl6%OnwTT@T7nRh(!IF0`Uj1m^@aTz^#}Z>*qsC&`k>ew9bdn`xwhZ{ z#~LvXeO+BRZMiRBI%2KCDtu>+UJl%%q@;wE7c%P(`wl`z@V$E)NfQXUdLj=CZU5?( zE6f}@85sc85tCs;9g3Vgbf}igeUBu6*<=N>1^m+xBW3p1E6OWY!_BP_Oz+8)9t3p| z-~wGx?9$QTL7Lz-=ssEy#ikBB$(t2i5sCMA9hQX@+(Q$BVut3rx%hC>$A5~9BDdZ+ z84^%YOC5$R^9n>30$KXT4HBQ-e0=ZQ+71c}Ynz$3cyz-V5VU$`Tf1Y9-27R#!)ZhK7ej=<3Op1dVbNo3l{tu$_Odw4rtUK=s!&;uR<8 zu*GlG2?8Pt8JU@n&K)3dX`!+f+Pxzk13bVJLP({jr$=triQA|43I9_u+RIgg*s6P+ zVAu7Gk2`>1jgB5deS$Pxn=9vk6GejlpC+UEl{GRY<=3NqCviBUHH35o_$C}%utDOj z=@Nhac4z<01p+_Gf35gDUwF2-y3RnsTf#F!Y72=QScNc)U|p{ncC|&^L%9*2*p80; z(45J_&dv^NHz1$})?0+onR)m~NMJz7g7#k$B|uK_4bP!&B4cRYWPo%KQpM;~RaI5) z?(Qpd?PhRW_D;+nxY&}6hp_zT4-``$(+*;*4V#`R2OK(xjSgO_pioAX$G&}|d3!vm znHeE5KoM&-fJP04^O zQD)UkXJKo`NL<_=Sk05L7kRJGD=Pbm_l;PTNx&mZiPZ8YA0OYjbLX_&A6=-&7bHGJ zemOZgxfcB>56N)&y&8pga|r?>A}@1uZKNHntZ;#X9v(s@#Fb7gs5}Gmxd>YTSA8kD z%NSOtsi6VG`sB&LWXXSh8N!LtadC%%^5Js0z_P5yf~cxW?z)GNoo`Mv&ioun3KHzd ziX-qG866D@iuKj;?He(>k1}Ltx*triEcwSKReEJ?8px~TKg&*>rMcqdH1z$Y$W89n z8go*`R%{bv$!6W;loUzJTKXtPG6J#h+jJ;zGP1K9+W_n--QB(!Ge|Ljm zxw~9fZ3r(sdrlO6xI`5%VK*+?Q|=&M=A<04Ey-a~`=XA{!4^YA8pTHhlIX~^vERyy z*QQOIfQY!5iR%(U&g;W3{LOgmn0g^WQ_}9}?&-NP+e?I7zJBz~=GbrP?bRSZpEz(u zzj}JMadJMmmJXKZ8s@?YZ=w@t2&#l6&ljX`a7JrqAiks2n(6K*NE{;eXFkDl1papJ z+BH5j6uB7HeFij4&6k8<`kx+%a&rVk%^}WCGOwW=08XkthDF$5!0c**aI2f5| zP{>yUle3LR6Bs#{%M&j!Fq=cf!HO1SuJ7zTEH3Vf3dg{wIXOA`6~&TPKwt206X01c zM`{SoRu_ySHa0UQ~WPnPCPt3c)U-t zv$g4!;bnKTB*Bz@+!wc_8EfnlM>G((U^ym+q%ErMIQPAuoA~L2c@eZ}sGeBH-(l6l zF^Sgs3EKc3)_70P69|1aHjB>)MA00T7-JyFLQ(le%3ihw+b+97#MFq1Ye~P>N6ISf z6xtW#X=CI40s_a0b*}{L9D5PM6mAC?78LrVr%#c$kw8WWsQkF`5A+WhKx-H}skjhC z2Lo~ix-o>nl@P@1f%c1_&A0GM1`t(K1X`!FK{9Sp8o|Z~hg&MRdskgsI~Y15kPzhE zT?*I7dV08w}sS5Lq3aPY@L|Pz)*TBc23a0#y3Jdr-QSp9U-GZBghYZl zueAuX>mEo%!l0?UiqR*C3;X+DL6F|wwr_h(!~27x4@Gu8VBzF!ve&v(@J=UIW=~=M zgS(u>ll$-wxMV={dG_paXy{X<9* zf6(rzD2`ZV;jY#lfOHoS_k z|5YT(S_OD{D_dGzD*Pz?+Q(mC9z`ij2Ptup=8%okCf-=0;g>z}@G!A&AFKNMHL`M> zx7rSLLrj@??iDgaJhvHEZ3?*&cBiz|_N+mKPSFqni1VVNP9Hl~3uV7nWd@ZCs{<4t z4%-TmnSK7OZ)msxwgbkw))T;qg$_*#gJ$rLTW>`_+YlbMKV91NF>?P%_ANU}*k~sG zN!sx$s+7Ve<(6VGJIuAt+u3ojv$OBobyi0w7Xwz)4#|y;jj+M&-Bo^fSKRE^2vWL9 z34sokHn@Hum_tTy{Az_7u>>nWdSnBp|NDEOyV0J&>izt+FLUXglScAe#MYYfH;Ycw z{sqE7fglfd(kGpaUp86laX|^VUA46k8%&2Btf3T1uti?|s$vdQ@K2d+)S?i2kQSou zNI_aOC50!xkMPeA5X|m*`EoHFk^wPStOru`{eklMQD)c@kbp1K*^0iS2ZK&NT zw@PcH41%o!#^YIJgd!G!o?e5R{l~`wYx>d|WCMq!lpFi`FMJvf=SlrN;6CFnx9=35 zLQwfZ+?{_ZYX8fiMx6tzH~c&ZA&VklgRp+SIT=Hn0>DLIM5b-@ASt46vT!qyzZXk~ zvdsufYz)(akX>wlzCFCuQdgIL&KHSXCxl)=LqX!vrTrY4SXi!kdLkZ5dm5xO`iTe+d&MWsq*^{dJ(!bn|efI9cCmRXoz&!&=Wc12#qyU$7 z)h3O2#^>K<^xcg;N>3h_2u-)QkETHxZKkI0?usvfn8s`CsQ4THw{EQB*l|oRm6vpt^=B z8VHj*pmHBS{gm_{V!AO-xH_9i^HxVJc{f+ zF&B(@2#Dd_WY5tp0pj3;P`tv<89YEr84SUnLxP9r2+k`@Rb^j;a(|(mwlnSx=9kdsFqH*!-w^)rYHkH7suKq72*)(vrqbKJec`GU;HEo<9& zO9<>309>j>+eL)o=FOWFWcTX_kcD;l@hT5}om|NdMP5y9uZYM5A~HZKmt9>!p!@r@ zzklrOIzC!keu3w_*Lu_ z&*j;DQLdnd4WYWc;t};i81*TW!^c2+YFpF6&K{oF6(x4z1Da+X^#e`?gHxx9^7HRK zcwoIo)NtUp-mJ6aDaB&M^aDU}b8|D=TvZkEZsDO1HpcN%@$BFK0pM6zxDkU5Ku}n) z&R4F0O5M4CU(RjlVd!=TMxd0SFkN3DP3T)V!50`D1Fdds4CcTx`Gccvm={o)fPPSi ziQ_M*{#Yp^zmwq>15bn#HF4OvSLrk{G(hxQwlo|7`g|GM1#uiYXH0=AK1A!K zhRysxOjrF?nE%}q`?o^bQ}>YYh|zmQMS#J+$F=a%na4jf7>hGL5AN&d4I-pbkWebB zhiu|`w1elZ(#1=ik}^W4`?HOhG)b2z7$J=(CKqpIVLcQ{lW;PkT(~LMTBb z3t6-j?YQSzSwerJ!H%12muc@eSRn)D-S<9-V@qn+85r#g2pforA>z{jNfa0z3W0_O z!nDV2ZJ!quxEdKnLJ)@ufBzD+PYTRq5KS@oYJUJd>3+&yUvYPGngr;h^857V3vtp0 zwb$b)XnlxA(f57r$R&UTE7kf|-fuQa!j>gdb72R<>bU9dwg>6U?I!y`}Y|ef-V) z+my94dh(Gg#oSHuH8+AE7v|o;g4Q`+nVv44S{In=D9l@WG>y3*>I4JBlWOPrd(dB! z^YcS731nkSlkh(60_fbv8GZGm*bE@whO%+nu1qrMy}8B}o@c;qi!w61|;l){&$AnYLTP>IZBuUQ}N~YiY*p1d8lkadA00 zum0Q+5NBqYnUaaO#5<#os7z?+P}xHx!2!^gyYqrc1cW(TfW!?mjgYDTXjMS%cT8Jb z5-~kYAUA=8#6r#knnhbfSm!n!I|Po+(^-K2&=iPc%axT!B`L`G1+fSaS#Y+(a4zu` z5)f7!%ou$+YHgT$p#}ozL8g&(8~U`3SCyXpfbHir{O!zMkXwubLLBwwqLPh!i)b*&XGZ^&yvF@?Hc36oXdgS%%*MYl{)jhY-7Q{qF z5ntgMRPdNaCu{ihDHnVQM*&)$U08_FO2_u4c6rO71{vV5C4N!j8=@?vq@>8FLyznm z9lf@;;(;>(V21EVoK;v&AkK)rv?8Kgmsbp%;z{vqL>SA>b@w zVU+_eNcCw6#~Ht{>p(DU#9kO%GOf0?HSA|F>8I&h?sDuOMxztzDJ)ncQIM@0_183C zw2>6j(^4K)r(QVZ&%Bw_!Iv39Nf^3%@EeIQ(NGMWL-qswV8c)BpJC!55WILH;gGTj zf6enQnY@VKHZ#LGz1d>n?5xDJq$aT$*qjAdVIIsF!)?HDMRU?&l}3POSeM8+rhwqKs^6iyffWKg|bFCjhQGERkGr{A^+KQI8nmdgRBDT$hLKvR0DZq z%shlB$8_h2`!a7Bg$Q1RuI2d?XMdM~tgtV_Y#278xMsNF;H7*1hB*FdVDI)T`*{)E z=yb0HmFV_s9?kaTeyQ4D$cT43xJBq)CTMMFlJw^5b1<_IJy@omh^&qJO;w_NHnjGl z#w`~VxMcmEiVS}Z$FDwGYnri97_)SC=8P`mA?*9dYS{25$!L^7ae(%T?7%nl)21(D z%k#elHl%AsU-e8VJJZ7GUR0S!$ZhJNYzeV9mhUd`S-%eA!3E774yw3l9oB1Y2|2+T zU-@5rTq3^!J0LPoMRf>PSNQQ&YSWrG&BO4=+Y}H?J?JGMA>sBh z@&E!S&=|V60voL^kLF;7;azcJ-g9d@2oB9El(NZQhHd)LPL(@Sy zZ;Cqdr=FHB7hzc!|ytfp?mGSrA!O&03DibUvOj9P8oba{6 zi%&FCTc_?)Xz>4&F)=!OwhP0C2v?{jHM6~~w-iHW0`qZo5y)U8m5kID+`$zkKQ8ER zuCA_2BADfXqj-yB79yeE>Yh8$avg9Fh(4b@(L)s`Q53`!6X@M`d!7;k$bm6ts35(- zx?0-vq`L%K6^Nd8>iQYhn-!K~xMx^ai#O3qH2K2T_0-ktnwxcNm6lQ+T8LKfhKqyT z!&g*X>|)sUI9V2EW(0rXDnl<^Vt__4>?W(Q%SaHzRzcX7(90lY`WUOL-%T##E|=O^ zS;W{yGpiA%wr5AU ziZK3UQwTTMuIo+IN|eISmKHHNx!C%F{qMYsh+=6XSHF+cvgc+Bc2mm}!qSgUsSt$7 ziDn$To|4#xw!h)btu&RVL3{ZdTfmiz5;nvi|88RVL{a_TcN~hqMSgI(oS*KmlR&bu z%drKB)#PvL0@dUnOYUzaLCqjmkd1@-`m8FAxuapxN~Es2uoXQ}hkN=bX388d(OdN};>)dMqbs zKFAuDA^la&Vn!U!1DgJvjOeQP7e=OBO#Zao+>3Z86bVcnCXrqN_dp>!A-}X+LgLXD zc*f~%BT`-NH@T>wG&3^l8yMUs#lC5sWGgkufEYQBsu0wBXd)v!+lmt80x2#pIGx1g z0bZf<=uzz9YvB%UHWGLMTVI7&m`DETr=vUynAacAVE#^jKXDXaeENex4hEP{P5}l0 z_2qWhB}umd9;>RUojBP`c<&|~hv+fy&UZZO(|H5u$KtMbAqXC-@eB@RSJ5Swz-qS6 zR46z6jPNE}w)r2~#>S=*nym3``OnXF2Z@{unA9XOlqhr5^P%!(y|ufpr{|p2tp+PB z-GI9>QBgr_Z=`&wqgoWkNpF;+*;Z8ap#4Eqg{pQvG6~~gX~<`I%{0J%=i9v-?`;Sw z-hChG?LJLbb5*=;;ryD&WSTSKq{K5`(Qh@JJ_w^1Ll0@zQsvFXt&KSAsV*E*&|w$4 z8~Kjf0T-Y3KR-`+e8Ao<&}@kuHd${+S1&UQ^Iyn9Jc^56FWadGfbQ(&)aZl?isi`@Np z$MbI#fxnyPTvlct2FYYGm|IfPy6vuVJ```+mT%woht(Z9a)ipy=HkWTs}pB&LM0{F zkX}Iwa(2%a*Wj}`cr!s-PL7n6)YYq3x6;xkef+|vHfmx zR#uRFY)#+P(#r60&R@5%vOpFv*aII1DHpu$L<$KVyt%@u*u=`G$k_Dk*|o8PCi%s} z9XEo`IXQ{)@DN{{@UeU1`a(&Q{Ga>Z4EP!G&rFSHJXF1Cw8W9?6DLIW?IUJqFH4oP)H7q8c0_6ko_xf0OrS_* zDUf`;4v`%*0BDg9kL?Bs!D~J~KYva}MuuUjBTpt{9N(Us2Oq=m0cWZ0`i^5e2GCGp z2pR*#>7^&%6e*q6v#{V%5AE#i^panP5vdR1Q(QAWn(YEI*|I@b<69{9=a)-rELYir-{->Y5MCYF|$ z5rc2Zg5^0oIY}Q_4Z^*1=GLsEw0bCRS`Y9TP8O{6#EBD9wy+!Sy?U@5Ew4n6Q^HS^by#8H$_g#cU_?uuLS9a4meCT zr`7_a{qW&c0yvBmz6aZWEPKsPa}}?hB%=Q+}Bcph|6JF*=5|q&xt$CKj6Jocm+(u)*+;L>G3uT zcJ>me^j0Rq5iDzpPjuwgG|!DA-HZ|6T?NBY*72-6O$u$cxgJx*kS10UysqtcmDBZa z-@3JX_wGdBASFR&Y{~CGet1DpM+A`QehsIfvOy1kSUoc5DNEGPH!mP!7$@UOS>Iaz zNO%8ZRQAvF)(PIsUO!=7rBMY|L;9Q;AD8qjSER4PEz@32%*?d=zz`s#{7f$k%U(}= z?#mfRT@n7(*;Iwcb(Z|*sFkK*bhzJ&ii+mu=4NJ`uJlmR_Jth#Y&!?m9I5sj6D6-+ zEh2CV@f77_+->(3*AR?d9z9A{R0@L*;2yNEb-kZQT?}Oi{1msAm-nVeH?Zv6MJ3<` zxBe}z6cP1tnYwF;PNdUq2{_t0b%f-P2s{OsD_4jE9ZP@KaM@{@BaQmtZFz7ts9#OOIRU}d|^4-78&QX zUn(+wo&NguH@v$^c6&fEKQ0QTLO@`&q7!`P3M@)UzN2oh(>3V2*Fj4Ht9#)>);POp zTCP0+hyWjl*K^<|W+KpQpgMo-hWzt(c_ag04Y4E3q*#xOUT&#B43G(uO4ytuoiAtg z;0!kU`Sa)T4!>gCw*7uwpfm_usV>N2UKj?^PrUDPq3hZMt~+SxXf=9TI5CKR3DZB$ zWq(Cn0qyx|Qc?n5=z$kZEzHebEczx=w&J3v-T3bKCW*%yZCzdC0|V8xTj=OeZ!%3w zUc7zV_3hhodTRXBUbdi={QMTos%9A&8W_wkEMPu#Gr3>$O%vZ5jhyy~@bDKeU%EG2H)nwg+<`c!I4F@*k;Dli&`a&YB40 zWfoU^-ub(Q>Ffbmt5f-=>l^sKCBW!uh+?m)$ZxOlwOPeEFmKdjEn+go=7H1)9l zFOA{_ z)9IddgM`DO5FO<)I1U3m_2PniarckCdcj za4;q%bI0)%;=v?!_*Z%ZMfg@nh_@TBQgF{A?$o%ruekgRtRp%G#|GxLZSgC4mNExzpLhQQWse}8YRPsCVbs*Zc%{VV`j{k!Ao&EKIT z@{Pk{!41YsBCtjDE&IIt<{Z(FZEWz?Szz(hn<${@?{J>ok_!q>rnWY7cI~FZ%1FZd z$bcE(Td-LLd0fY8Lua(*evIKTWQYM)^e8g(@|uBY@D2-vo%NpsN}dcr9lJi$AcY4B zA>cF1NTIR4tE>2fnu5YY%M=MYxsQEQ2$CT3c%nu<6bn|LpAk{USs!w~bbY*(3ONS0 zUmfp{Q+78$B#07s61fr<@cj;1Y3XD1#MdIFccOnlIK;bLh*b)&jUv8MfuB+Tq=m)P zfPhUiUlUfxtf9Ysp2sU>FXfbC^coH-CdMYeUCP0IC|#ZZo|F?A8rs|4ZSEGIn8;-t z(_qEI#6(R_3Q-b6X8Ym9A&)&eHiol>%t@TH3r#l2fT#hXdHak$=?yMn;o#kM@YX&V z;zfasH2%mRnjtb8QD5rR<5yHP2U#QiOL#al3LJtD*6|+iK^ZV7liDO{B}RBa(}ZV} zmYe$tqdU8I_n(s`*7W!9RnztHMo0n1d%(#^dDa%?4yIG8THQLG8!CZ=c6po1p?;0tdi~wT+*yju@69E}K&Pe-&~4 zPfgZw9AX77Y>8eV9*uCM)d3DNIM{^g8f?<+;DFO)F$JL|j83?X1&VlpIyh_97voEU4mO>HOWC+ z8=re&4~uB3Jv}k%sSUdZbVM!m4cXL&pXaIvb`^lC#DT`S$doNm18ZityW(tCmS@8I zO9tipD}_S|pwHk*J9v;du}2d-+S~iPa}?oZGN^~El)$5N6x7YJFFHG29*>bYCkDhYVIdDcGw;C@{pe^qECa?Lo-fct;yhr5F)4HP z{we&PsHE+UnsA zjvL)Jb7Op50^Ey3hie4nbZkT^qjBi6w4(g{ty{MI)D}i+%3PnLkXX{XI%wumzu=`( z&{Uv;sZ?>zcP`h79=`cok#kI=CUEN%?cR1(EX|X=s7k7;hG2!>!!H*Ki5X`6B0El2J7u>7( zaQt$-*dX`y&w-Qd2UJ?E7SUkPbcuv4l4u@mnzL0@rl)P(ga=9M| zbgh1$dJ0t(*_T8licXDjZP!=z@HZbWEQGRn5SI(9ctFP|bE+H~@^K*$%r7nNgS{>> z@$_7Cq?x@~E}k8oM-{JW#fQbd zQ)8XK$i70KUc!~bDzfsfRtOI&DkbjviqwivNQ_hRqzMQ@qR~C<6|@KoAO$gFa=EX9 zR{32jnG1gOnqy|h2}hK{;J^(>xG^oFPAWw|M7@Q20#i)w$71pHojdRE-iA)masE7D zRPQuk>?Mtc&*c9B1vgr`NJOSkzB%Ie`%{vW0nFFxPghh7u;WJHWcPYgc#oZdja9 + diff --git a/docs/versioned_docs/version-2.18/_media/concept-managed.svg b/docs/versioned_docs/version-2.18/_media/concept-managed.svg new file mode 100644 index 000000000..5645a608f --- /dev/null +++ b/docs/versioned_docs/version-2.18/_media/concept-managed.svg @@ -0,0 +1,591 @@ + + diff --git a/docs/versioned_docs/version-2.18/_media/constellation_oneline.svg b/docs/versioned_docs/version-2.18/_media/constellation_oneline.svg new file mode 100644 index 000000000..4e354958a --- /dev/null +++ b/docs/versioned_docs/version-2.18/_media/constellation_oneline.svg @@ -0,0 +1,52 @@ + + + + + + + + diff --git a/docs/versioned_docs/version-2.18/_media/example-emojivoto.jpg b/docs/versioned_docs/version-2.18/_media/example-emojivoto.jpg new file mode 100644 index 0000000000000000000000000000000000000000..4be0d5b26dc70a6fb99a5105c234e6d7ab51a213 GIT binary patch literal 141236 zcmcG12Ut_d_x2>fK1QP$00aC>f*%HW zkCbIXK0n;^E!-pJQ0Vz~Zo+%?!u^9)@C&?H=>N_A*hhpoY;vvv>;f!IOw3G+SeTia zSy@@w*m*hF7cXXC$+MJ;S6~%JP+-;S)mWj;BG|Q?)~#MGx?{tpEnB6eq%b0~iZa_2 zHcLuvLmEM`va+%-W?#XpRc)Gu!IHFqu^lI0`w9T!xGe79>BnUE`l6I zn7VMG&wRQEMzqGcscXW1j_Y9AWj*U-DPEn?jaUtXUdd&~) zPvcqw$AxBOWME`Q#)U%L!Vkj|#zkwkGV$!xVm@_o>Dp~qSa_AZ9wxqGT_<^Pi0|~J za<*kcQlHlkBSWK)?4J$n>Tiwg+rYk$s~)g3prG&=mH<3>xmSI!Zrm*I#uDEL^*7qI z{d!g%;{+lMHIyR`O+!SgyR^X&eirpaT<`8yJ^{IdK~2JQ06j>>9#5lAq|AZrhBmeiWLti^wPNZ>wIgad=9V($Ib!8c>G}M9Qa~dem0^u&!AxiS>nZL z&eYD!29(}&bHF)m4lGrrV$&0-<6pazushttkegPUM{zC)CB9x9Lo7QnPY(Z?sS4j2 zA3ZzKLf!8mz?*fQVa8x-`=p>Fq$d3YQZpygshx$r#vDd^orCmxd)HyDKCDE)lZJnz z{UjAT9Zem7zA*SGSajWwMR^ZSXEMy3K$<1OW>x;wtjM7sn&s6RKg&FkDpEWk!!@OJ z8Bggo{WhjG$H@y+sA4(c{#8%z%;+p>pIpsF{o#!$q%QWY#T&MjTI0u0&BopunYp)^ z#+{`>bEuyKE#@>{;_KzGBV{KnA>UtT)NgRs4j`WYqLAHs4YnY85b0A39O@0s(9IqK zF)kH9BuV3I)>5t7aA)QaBrCXA$dWgK|7nfV5!Z*j^=UE0Lj6fvMh@-z`FQ(F+U6ML zl~&4Iq9UUnGYH;4c(5kMVQuvwY`g7T(j2%l2f8?pDy2ECnFH(glc`*DfN*}@@VelY zw82B=G}R~N%6!#MSS@8<@Q06Xb6TsOgo-#fF{ROiV!Y&&^NBFpW%tjsr=gztd+Y1z z-a2_DkuOf-E_qOzQ*F9t-v!^*ijlrv?>3oBoPDC)tgokdU}%dFY3I6l@ryL+MI!ghRDaSl2pATGDsV!Iwy29Y-0gVDeZzxp8%(Pd zL3|ktv9Q8q4lvAt533TztX^YAr0V8C?i?6n3di%vCXxrn6)|lNzPws`uCH(KY7rKF z{h0JdCb*8Tjl3#u{7NAE&~d(9y4ubRT1OTI)E5EwdiD4z?+PJB&Wgfmow}6JxTyja3AL_cRZhDTY=uVO zPwE^1BC?;@QGGaHRh7!k2?|<~6put)16N@dZYpj|n034*d;Z8&wEEHVknFl8ukSu! zW~@;dyS7)^@I!>_^)r#<{x;4>lzDXu$$NOUl);Z5dl#sKYaCmq2j;-^l9=a~Kk`pY zpPeS`d;@>Q0rJ={Su~$F1*%cm?s*;^Ti{XLo`xY;s{1k`0!xoQ^6u%H%w%b(QUs$Q z$#X-mlzBB#-#$kw2kPIbXJ#JZtR7N$sGht2@BaIM>!5$uP`|GSMH>_DW##R&%-&E)y!q>0Gc&U+;^AYkjp3dl|d%bPJR>wuc&Qegc@0Awc zb+SD7n|?_tqb0SES5i&WxIE%jcMoJpdZ%*w>K#uWuqWSi;qD0v*c)=Hlx&uZkyz>L zS`kiDn9)f%i(6Js-NEets4mjXWh{PFtwmdbCa_UlLofYV^-_(!yKP@CarX2t2-xej zS#@Ud&B>CTreF33X9U}Q!#)15lE~U`I z?z2x-_YE7j&w99uINBM?y-lmX;5M*!#oZgNv~*0s@Y~B(@6CRcBXVzlGx|qaR+&N+ z@_gR8U<*Sc!;-z-)Wsi;i$=v2ZS4y8%Q{rf);Q$xRdlgDsnm544V1s5f&T&;Jcek{ z=p^$E2{iQxqcLXAcOyNCXnY{^P|Ss6JvgO1cltlZ`n){M?h(Kl`qr-B4U}7}uRGhO zS(tlMdnKb_{==)UORJ8U_hWB~uGxL@My}A(yAGcCHJW=(ojxtfuHUjviQVTOF}ipE z3I0U(^EIV<7@G@QR9Fgn8sH#T^dhTtk|w+o>0BQvw6@dEub9~DsGWC^r#N-(`j!TeU2_qSoY4}>Ne>6`Av~%6jpoeWq97ko z6q^!;J#|}%>%zrZJ3gCg*)OiA`19C)5MvMh5BJRO_^4_C!% zKgUxR>l15iA(puxNg$K+$`Yc7BzB&K=4-rSOlz}jZe2pKG{0e!| zT(?)(=1kg8;|s^3*=KmT(g9ZGWX!Q!fZf~iV9oO3jU8V&m{`KspAIrl@@hnR;>)7U zU8DMAHlC~RxP0DGMs`AO*|4D7-6PLUv8s&ry)-HEkoQ^Q*fQvOa(ZdoKlAFmoV}w# z32Y~xE2C&Z?D_FEj7ZcU!T}sFrpnQ$3!qY0+k;%}%Zg}~G z@~t$+9?z9W?=fr!uS9Yx=0MGUIlVh37EvqeR~Wld^R}+$XkkmvnIRlA6$Kecjh*mPQ9gyl=srltl`xbeGL(^qF>Xm6vb?+xm$ zXotGe#X^P@OWxMp5Z7-@-sY!#rswc#t|6*ecmh-Wjsq545sAG@PQwTFl-xw)iV&eI z6#s}I=buAYQFwfGA;fSRgTCQ1^bL!Zd7lTWDDol^2I_NcHq82=il{&OP+FIC0 z+hj!x`k$y_m7w8IyPLvhvy zlxZlmoZB!Q(V7En1f!m#az zVK|J(s^-8fRfD!RV~^-GO@vbGe9&X$fdN%aU^&etVGay_Ar8aP?N8m{btW#Q_TiqW zQVvMa`0m}A19+V|Fgc8$a>IW<+LbdpPK1J9ItOk&{pg0vxlOad9FCwyFaL87aS}Jv zS6^Z}XKBnZC8+$0dVf{l*@)gLa_6b>blc7r6G2*}uFO~1R7whW z69w?Y@P7OUN9=mT?t}N~l9mbdTS%R{% zZw`DSPBUnWo7?TBsW{@NFf>x-XBZ1Erw!tvA16aU9_FO>4gLQd6aMdaR7cPc#AA=d zYtWR^$m399$JQNDc4~u~V~l7Hoa$(5c|iT?5hQ81T!*pgnXkHX^!fA8c*@GS`Mw=; z&AaDhFeK6i{Zqwlz;gh^9aGrF8q%6}#HU!sGT3X%CSJZG_4TLGJTtp#9e?3iQ&Snz4*H9W(*MlV%1h5ARIx0$}L{MlG& zH8(##UhnC;S5}+SM$I?16}%`^moETIb33DD7)g>JGaPy%R+Zm~O|UCE7%k#pxid-4 zOXZ{5t0ky2XJi0pWHrN7dhW{+ku+=l_)fOk$~7}8k^{MU+=c{NYPrHLk{9@uKPTUHq z7z|fi;Zc+#c6G|?^Iijv_=@`NZ*J#quK0vGMUok$)Hv$d9nY=~@*V6nHE1)`UhVyC z=@p-&J8+U8#7)i`Rca=6UfgY>b;V~Cb@R^ zx++X#cJ*tEmAR}qs^6e$fANBlTKjI4kO=l_9@#R}^h4}%t3w`AHrrw~>WY2cZDEvp zk55HCE~nqm+uZYnzhM8nSO;&ZAg7pXBA~U)v?Tc0wF57*o|6xxU%Vi=VM+8Eo(;^t zop-M_OzVW)O*p3GE_yc2e0|IN?$@7Z<4)`uOzf_nTrB6467l5Cnx2j4-wZXp+a6O? zU1An`aP8{@dw>k%Bv!lK=5x%<@$>pQp`F{0jugEy@;dDvX>~)(+musdDdCX{8ozm+ zt2mb5CEGVDW*v@hwBb; zn#qY%M5d@S{?cvtE%HuYYvguVm3*`r<869tz{2=?UXuFAhB1NOGZ|<19K3p|WxA&0 z)N#R53z486gAu-O;Y7Ula|sGt^FlbGoq#4T#RZXbv(SFteh=p{#5EjZ$ag!{7L89} zgha`H9y3h&a8Qsys?p z)@jDbvpMq~5%Nx2pE1C9d_S&KXY)j&q@cQ}Y^>D5`|HGoo^BTr2&i;lOYjO0zjsAt zk(}E`@6^|gVw-#4q#x<8*V8x~ztMWltyxt3o{h#Uimi1w9^f3ZS#>KhY`12N9O^*0 z+qw1OSTQ;C#Roz^y`N}xG;d_!=4W2FuJ<@XK;pLU=C$GBH)gYKlZoy*Y$8hC{CZ=I=n){=wMd*-JDA5l6(%dzoG4qEepQ(s zgduzULdbre5<^~!dx|jp{=q{rY+Iiwub0tz44te#^dw$>6)}X93$0I)FQ1o!ZA@Xu6D~u+`!j-P7=dSiSn%tYaN1In^xwr0!>Qi~` z%pU#b-CEv71m+yRJ0=n5W&{nARFaA`0(Q1%M_!J?KHrNic@DoyaWVtqZLx<4Fk-jnJ#{FbHEMzB-Bbx&>lP}1XW+T`VjAxHQmY)>T> zdghH3^>~H*oiQYVp8Zyr?27UVcS|;0U)`aa|G7soN3J>hdgIYD?v>5g4QuK%+w3gr zj}7ee(%aL^_BNB`qE)zV_F>vscbUSmn``6NuQ-&RV{GN5DDzHMZBQ!yQn3za>gXC@ zVB(=ba#-zvIsWmf#;fUrb;$>=5)`hxP6iYnnTaiUq|vEoeEC!Fp67hB#5V!eSFhLa zJXTX*^(b_`eTSROmsegPxeY#7D4`q2;)+*p+}0FJ8cy$(&S#Yh5p2;KHCk*Jmm_-w z`-la5m&d+Sz%+i{veJp>4*tjMf>!didhLqcP>7x66W9FsSuMWGP}9wAi6JIeapSBo z%heH^)D&-{+fl}=*WUFx62D!oE%o+O7Pm8)Z6}AUv z$7aL^v}KJXq{gOPN-}4u<5!XCjF-CJbT8pRj^BuS^jd1dGO*7~#Vi8%(v@%-`)5!f;KitkR6=TQP%CeZYFMK z7P(Aw#Y3mnp?d`#LdVN%v{zX~trzK}JP3HcU;DgwiUYgf(NDLde5=-J`9UA9vj*?M zcbQjBiqe+6vT1Y0OV`s8&!%aFqtbH)z9ys#EWFEG^v*K^KNf^OHE8SUC^sjm>kQ7e+>1DzQ2x zl~aLZl{7|}i>YMKj|z7i=h}U|ZYY|1H4Ny_0dohVV2^B;9^+oe-ic}1E&=iNBXc6kALM{1A1pK0b3?~y5M*A{&e zBD4Sad0NE5i&a~ntlE8LiPGaP5Ur(rP+e?|1#kZC)$LyD<7>&vTUI@Oe4vU!@gjsx zVCEH>m~u(f=+sp%2eT~&mTYf$Zn&!eftWp_=oR88Q#YS-*UYduEguvFBiJ}fiulGa z-J2g(^fz12BuN>rO%Z)Uhu8D_&GL>M){J?0*cu!xSJr;Lv88(=Ju2dOvvSAlJe~}< zPQg!ZhG(a(UfLvGPi$*5m<-VEL!5V_d-U}?dj zkMZToQt{7%&6`54o)8NU4$?C4FmIZ5tdiKa0ZyLv$a6qx`|<445bqwl=3e!K8N<8z zQM~uVvv!p)OLY>1ap?N!`K)O^-}BD~l$GLiz&mnis^&?F8;x-mW(@c9YUw{2e)z+D z{d*$p$E4Wzd*+by_z_+hvOg_D=JN^KmoXGJJ*W$Cvi`wcJHh|Suw>7gp|Gg%dsP8- zb9HlH(9hI&?K03jsG*|1PZ_R+!BwmcUP<&3#{&hW_{OL^XZk3{;3CZT;{2zkI@BWNc*!mz1!u6v6PqC2M$p65dPO zT3Tc;n`D0@IDUSZ@L6K2=8l==cniI`;dDR`aK%n0^Uo95AK3v@w^d{X&+;*o`fY9D;v^;Ab^Z1?pfw z&;(d;8e9hFfElm`;_$Bpd}0L-!uLwQsE@1|u7)))!k`OJU2JG9sp(^0A@Ys=4Kww&CQ0xRm?^JaxK2sw+sV7W*k2E z{QgXc3;@@408;b5KRfLYK$(Lq ztcw=0@^UQZ;Qc>ebFbmb>7rXqb_^)EX!v#IQ~)YI?ArHrQ>d6si2N`Xsmx)&p;~wT#|Sy9hv|tPrYO z0N_SJ*`o>9xk>6<02USlPEoL)P$5AGU{PB<0r1w^B*deJS`Th{qC|lb@IDC$jJW`; zXSog-eXvk6fal7RrKbr1tU>E>N2_B`+a@#%`%@N0R5YnsNB8q8;`q5U$p@R z60GHupqQcRaI*^Cx~k4p^sZG}Uk3r?-@JImRW){2T7UW~eny~^E>H&opqjH1guGd< z6fzha4F^kzx&I~sSdDF2L^NdBg#|N$+Tk{-oDO+~fCZ0wKBG4(Dao$H-#4H1+e8*E z)~fh$SwIFVHQkJ%xjr2`5%vSG0KbID-MVACXMdXp(0neS$gEXCS}+v|7i%-h2d;lp zEKUOY5ad>d*nh#TZ$#Ff)NxS!5P)be5L$v(2Ry-IBJTgqNa#R`K=LUFZUc|LYZl-@lD@cqWhBS%g0V&Sq9mWNY_VzB+0^72hoZ_1D(Z8UIQmV8bQ&c@bf^KVmd_L%x zJF#Hr8on|qPf!zM^{^(`b=S`P?+Pkd|LilBr?t}Lu}rq5gTagZaL%myqI%0Bf)5q{O+f_$*(lTbfi1Ml5HNk>lL z(|vGh!5#o=n_1jnc1nO~uxiHfJyeg|Z_b{Xd;q z!n=dTB<|J8I$iih8*6Zv28r@9{V#9lVBriVDy3)AQ8K76?s)%m$Ck2oT8(ennGyYj zxRc<D=&=Yguu}pTt+4IuBXb>!jFc(qg`A!kUvN(qjocb1p^Z#|HWTJ~O5kp6H zGco&XrURC`fC)RJew_T+YNle1glP*Y&V%)r9ka|!FE{Do#SCjlKcT;5OK;DCwtlU1 zNA#P)o&kJV{dD7pUv!ae8Trve7<1600W7N!ff38s>}mtrc5)+djRt5VHEC@Ffuu`Q zpMKHAMGcQRu=~rimjNzi37ZSZk3KmB(R9j^xp2d8XuhtsJ*Lj&P7<6c>zd@he%YQ~ z;ACQL=U|_xnBkm_OYN{dp`rEc7fl1GZs#E!upsjUDhW;mlmKL4-;Y8inZ;$x|Ah^F zA&a_rywbUpNHxGURy0hu)=rJ-Vh-t*Qas`Ox`1k;O--vUb9dG7i1uIFkXF-L;orJ_ z+(h7mxgsw27yUxC?J?9g`g8}GpC|#Lr`Ga`FlbiC!ubP#Nl_WSH zE3oF*(D*xkAv4J>Bq1-rO;SVPi*B4KArv%DA@Gm*b#i2wuzLC1;r_SIWPQb&*7Pq9 z^#cv}6bxjKQg4RVYB;(C|p6jJmp6nxy=JzC+H=B)jOpQ## zkzlkhHZfIHAepP5UZM^zL9i#eFt7ybYvE+VlM#k~jY#w=M8X1*4sO6yRNR_+z+m-H z>%(2}8%A8asLQw{kSy5FHp+NRZ)#%_&fb{-zvJRs(>bD}ktEtrFU_&p?OYlaB*eH@ zUq`eU#W!%rb|J_B`);BG?nLP9XIXFiuz9Bt>072?KQx~If0QrL14k^Hn-vh&TRm)s z5wJHP0Wuk)f_l=W7yUkge{Z^QbZEAmn`I@VJ;*?(lkas&hmubs_dmH%yDG*i74Zjt z;5H*)sjK}DV^(+fLIz#>D|U0A!zBb(&I(^En;e1^u(4BS)D~PA?8aU{PL0Y&7h1_} zIDnsC3*`5KfCa=tF`_d*48q7CaDzY|Bp<@@*VMtOZNt``8l}B@6aKNiFyHfC;OgeD z3tKXqThE@CoPqhHpI^L+`2COvx%=iF4G$n8?r?;_iiJrQ3I*Dc4}+2MaD#~Cy`MJ# zpXwxE7;DigHO=ZEKh6E#0iNT}W+!vx(;8Okd6(KJFN&^&Wbi%g9IMAP09=f=x%W8#+T8%=?9lGdjC| zS$Pq(HfVHPzKZ~;>vh?ZzKZ}zt3YpSCG+W*ZJ^mw-!SYSS7_(D81wn$)r8NVnG+2cx+Yu_Ji>li87!Fm4u0AJUdz`LMJk&`Yz!9y|rTF)`l79(wupv6#Ad5gGq=)W@5lSBp++GwW0FBh< z^HcwT>|gW

      7WMUN)A!Dz13)FebQ&t#s<6zabm0Q8^k5Q|R8&{3(_XAh z_^!dxz4|yvA2!I{7hE5@VF?h5dc3*G{6!sgL2>4*M~LDn^w_gB#rVS@(|K4Pd|k_x zO~#4fUB3)fOm`2XDj>uj;`bOZa1$Y@D1!uebLJ{~%f?BJIJhmXN>c<{c#B?T0@Iv( zKm4R#@=r68rx75dL=mJ&AgBw8Q85z_!Wvd9?KXbo=XHvLtr1L6@unpGssJ3nG!~^o zx#`AHY{%8|s^TTWfa%7iPrJFc7KMvzIO1mn)ZM=BIBqEtfmjGMxyBb#qS6sQOpf~W zBU&j{a2)C0su)&bwudP@;=IcA*0^}92RX6enW4Y9w*DL!VFC z1yxOunYPjRJ|)(KI;snsY07ge`d~C1y358PCGfhwT*kt@CGzLUyhS!R2F%uTvD~;+ z42qUH=#6U_E5J4O--%>>!pb#))4y4&*dh>BcjR(vDQ;nF)#$3fS8|e5RSPid^7oV+ zP_QdFJIlT!AKOZUot#$LVwDu-0Of^Nd(5&}VQMj49WZe~&JcDv-gUT2t}?0|i@=Rm zjYYM27PK!W>&yxzs9jeFq4Ui!1)nsk^m_P5PF)M7EzV!yjk?mUBNh!~nUa@CE-p3Z zByW&6R(NaE%tix>n$E}b+(>&sSZdy%NP`l{>@P#aVvrRt$@d%Fsxe5Wl=Wr|)A(WE zn4?>(V!O3_A=-sa2cf|!@J2Swd5o15zemulcPgKGxQ&BD`$CB#f`-?KL6Qt!u@)E` zmTz*!c#GXG)S^{7ORi&n(@m2A^D*qt;r{^TBIc&TP(;M+L73_(3=B$}$HOrS&OKrW z-{i{XxyI&96M$2nTt?2T5cv#;-U;%h0o9dpAP~6Vf0>)W!Cv)nNEM(TlLo{CyMYCP zytNU=qm2TWhkuq>kgJ0APwP;s^%r7Y^0%)L66CddH^)A)a{@A=Iqlo#FjD)<4c&I+ z{$WWeaC{jKam1uk5bX?3-Bd9}H%fLKdPcA|Q=#7dJv_=R0w;)DmXA*)@mxtmW-R^V zp(p^#=WmT=^^Q|e3<|8*?-8I%uP(j+0B>mQz)A(Rv$C#_NCi}4J{5JUh>!vvHhegh zGLV{OrvuKC6-M)~Y@ z;$%y^Q%d#fIuujJo-ptpVh|>cx%2b5ia-bmIp3Rjg(xT(ZSeV{QAnEsYLpaL9@;i4R%Ad#RlEQg%Ibsb@VJ$mNgHU`81 zI8QOG-BzL*#&?I$qy)U}J26!EEwY_ZoLl9Hfzthh>y`z8Ag|i<;t54;T3ro#FH-%K z3LO!guN-1tHPRG})pcKaPoN=9UF37POQcZH1kF}Ka?$6$C9D8p5Dp)-TET*E&XHh#=Ed@xKYbTPkFascO&2Ihm1r^1~>Ei z5uN5#)y?B1yE7?Jf->D=Ga%Ytpy9&~PwOxKQtQ_&R{9^IGdB7@Bd?)cAYd8|%*QXG zK@Z|=IW-8zB)qSTP8kB}97nWZDw^uvC4vhAsy=9O#4_S}P1W-#5VK~p<&{>DXer3_ zVo-D)Q^&`Mfg-U*zqTWQqLgh1FZ+VlXQ8uuIrWw>5mh%TTGwhL<`6Rm)pBui#p>&_ zmHqK36_>EJ9>2`AT&~MTvBx1eu%JO_S@f5x>e=Jz`^66B6%FT?pILSb0bp7J9RNo( z*u6IDJ2uc5k4`-!hTsltto%o#T&{}nbqE5=hHOtUtMaTcs~8*Gej~0b2Ak{g3QJ%q zO!eX*LJV-Nf4?!ySSpoU$rXfY0~%}gh{-mE6uaKHlhy-`va4JBc!tSoNK|vrw=t0l zG-;bpThp5P+-)YB_3VFI|8wp8@ihwFI+I0|`S$P;b;^3+bX*eA+m^$5+%w^afI3l;(Xzz&9ZiC(_ z78YV$58fec6`=#%cL15_zF%mts`5kOaj3E5fw}gKHH8KoxBX?~XNqsl@$VAxG*e2n zXw0?JLN*VQ@5M@4+M#S3yD9ujH7x3@s_LMEwV;x`?DP183OZzI$4Q(;++*+SR8CYoL+GRr!k0n&smpb<1FP*Da+}GGyur$aw$`y@bH&W+e?*sXU zJnh)uf{Kgzy#~O^X5%9WLIf)qg%pczr-Hp>1*3pr;NXUBeSv3ndi8?J7#S_%`d&l7`MF=mbmg_|gx7;+~#ZY12G19$52CzBKVle=7Q`{v@%vt(0 zb1>9A3QQKs=4&9o!~X!vca=q=P-b;vEDjj6n7YhYpP5_`l`BMMQUM%cPy5PYuw(MBPq8~FbKa6k=|@YDrxZ+Ca7Rl+6~ zeHPyl2sP6JgBF{6s0M{;LOuTg-PA7?8yhdI=31$@aqha(kaQj1m-(0>rUOf_gXLI=*`jCq5#NJ@OobTPwP*9w-LH6U@~QQi@wobg@Ur~))3 zqQ99-0WBaCjtt6`CgR`1I98<^BNTqpw)I$&datC>7%J^}#8p79fjzn6DHN(jFN`G0 zIKs#ds%3#@2rr`l05P%v8C&67mNv8$H;*wYj;T3!S1L%alNrp5MphaB08uF$HB2nn zBjJff<|XDe)lG_)8*u{ar;ie^NUJe4Y8qFc{#2zq%4$Z?yTA*nuvbGJv`Lgy|)^^?TE`cESo&Ny1=KUxf*e3BeH6o_m zTfqgVD=U)xuJ3Tf7imW8ntPT)*r>%Nfthy|FSXN`IHOXOaR@BNarcR}X}FZSrnw`O z?aZih+x$d(PEk<#?iM$SBKx(D<^b7)ey99}N}{Y`>~kFuszM9mpIMvyN;f{gvj$cG zR}^hPm}_fnY*y5#97YBG6zXbg+F4Adij)%-Togg5{^#TW0F^34iHUCKHeyz)A;S~| zJ!2%W*_lhJO}T=ry7sY-Nt#CCOcV>JhqR6=V$+3Zo4Z^nD`Ei1a!yjlIIxwD;{Rh&EX`$AP13L86C{1W)C zia?ID&aVX!ojGwSD}FUm3T`ZS(XV(-U?UT}e=wyyMS@;8;s)NO$$LxnC1)m$deKAI z<~R}?z(w6;L$79G%+wWiXbXR6GV4K7?_B=?OO#s6MKV}F--&$_Mr@j)+8<~H)!7t0 zX7Oqs$ zrtS2EASSSmEt?;gP|Zm}z!ZS%5Pi`=6;5ui)bj)&7MGh}k?clC8HFm|y=oSEr8uXf z?@(iLDxif@;7>@jfe3InWB~-IpDJ3eBE~Yswa*o|S%Op*5oLA#_l+qa=BWcX?*}s& zscm4|*BA2|$wH{-gn7QD0R>vw?)ZX;E=JnDXA-cXO4@OI`%3_WV8_Q#tfm#LQL6mI zgdWK+h$0lrFT4V`31NHV{mPOKXebvo_lahl*})Jo{^mC3ZxcC*L*h_sc4}F~q~Em5 zy72{SRg1sJ{{SiOk1_N{6TW43Kru@bak?Tdf%%$XuP`g2+fZdusSlA$Ae)q@fYN~5 z*o+0AsLWazD8m=`K$KTdiTR1+}-Wime zrES9Aj^+geuBf^Wuf$RyGA+Yv=4%k8+Pi(V7&3cvZ2+I#!^SQ<}KBQiaF||>jP?;-G9oA3#ekN!d2BrGPeW- z*eqaPh{3NY(FEhV1bKm9VCq*H?ij3!SE`P@>O5LwAQ4lGmI?v~yr^9hoPu)zS|z%~ zI}(Yf5M6!dOXgBPP_;Xg(Hnm29s)n$L!;q59|?c(PZz>?eh};UPY1$yJ`5|@!g#(D zy!cNa!H-mUJ|95vd>^EL$e;2j{04YF49UUh!T$h-h;i{}{FnKeKV|-AZ`psD{{SWa zVy&=R{{SL3Y9Xs-{{ZTGe)Bl=PeJ%)d$Ce8i1oNA5)UM0m}b0sdW}b$R%huU)|xaA%cg z{I~gnf4YB3pVNPt{{TIo(`7sR^ZV@n`!U^rGQFS7{`)fj06hNtKeof3exL6t+5FG% zvcLDw@3Z>s{`)_^&+D`L>_`3c`fUE2{LDIGRqy(DP@9Y9UL$Ck)J)3y7;oz>W?bqf z^&Yl*Lp6(~ad5X~x5*pWMXyy0fD+2Dz!I;6Js2%ebZP@$-Ta8kK^un~6x}S03IGQ} zmFqh~Pb0Ng%rWFmc6$P*avTmm)pIieofjIdoI)jWP@dm{Te@Isj(rh8YzNS`6%F4O zj!WXNB|{chlUUnN`+`&q7Zv9Bj;2hm1OUEIS2w*-gqd?qVQI6xacr3RMTd6m$(426I8vO z0eFk$32qd3PW^A%VFCbFnbkUhCfUA2yjiCu)OH}|LtNe6ok}3E@fziR9dbl~xJH3J z_WuB=&^SYwySr?q>OA7m2M)b&Qn3M}A~+HIM1q4_6a#?Ep7$RP(~>9`*Xsl|j@5hzaz*Ol1RJ;txzvpgb2x(X3gi5^_iucFRFw`W;1E^u2yea%nFmnM=T&GEZ z{XdZCORIebp~=kBR$ze+&?uD%s2zP36A>`_MljrBzKpn)HmO%CKSL>0>M_1z+4e8T z`1p^QtCjbJ2+nKiRVs5Ip^3M0u3_RbrPQtFItfrCAEzBndO;mWI*e!8KR@GsVC9yU zcJluK5iNUNtkelm4jDj9r88)d%2$a)4rW-W(3mo@xn3nRN$8Z{Q%p=biI=aY2U8M< ziB&2j{?C8Ys`AW?bC;b=?9Z55Z)HypqnJ3Gf2gFjL_E}ebsM~DZs1&PH@Ju_NZK3b zWvJTHb_dcUjrvOI@WepV?t&`krEySCUy>jc4^5iDH3o{<(hYn<7Vk&!NnU)yU$orQ zzwHn?RXVV`2|Z(kB~8>}C~Lex;{ZB0Lg)cnCB49vP0^ejw{GcP)$$-vLFImAQAq86 zVz)fyZ@P_@)0gtD7zEwW`S+6O!~4Y4{{U1q7=k?-{7Mhp!P@+m;+kKi2H*w+f$AO` zm*|-ALYzTDnSlwE8`dD)So0p?xH*7a?16Hz^n$6!iKpqmpj67Mm6#AQDpqBD%9R5! zE+jI<;q(+vC0t^@rAn+uFqw&%l~ST+VH!$_9H-hpAK_Y@9ZQ`<82UJx^ELEyFX_k9 z=YK~})}`|}kJ9ax%-mX=Vq!AA<37v&B=13^xuK&&L@`{7c+i+%U|dh4_~Aly@qw+)i;X zIp2wO^kpuIhrgpQaPxtHbEtNHXOd+v9%filQo?lCth`GlX_L5DrIxXwar#`JJVw=B zva$59X^rkwsY@u#?3G4!+{>AIfUbI*Y7K(CLn8T>yh|}ERIi~vg2;2!d+SJU=)J?L ze3pF0T&J&inTgCulkDH&b)$*+`eqoZsrZD)(4TLjPsh^ZFEYydE?l_5r^nOMaTvGh zG)E3%#E0O1f5MlB0zy(NiSiEH^UzY7xYx5ul1Ljl?A$q+4!8V2Z);H z6ma5UBSywzqAF_<%)I{q5!@n%vlM(qC1PHwWuAUv!sWc7LSeWb+m;;r%o)#_!wGRI z<_3rkvlF~RJ&=T<4%pS$hP}_r^tZhjCPW7NmEu&aYv{m*xs^w!(UIH%^snn2K+F;1 zrX^g#)WZ`D^na+vBF+7u->@(+Et`W};NyXK|lye}gd`^Ej?1;8C~|na9wdY5PY}_WCSdE?!@! zNpj`W(K-F0oW-f@FLLXc^)6|Kq?Ve0~G?} z^a7<_=jgN`l_)rrbrUcnVX0RtB}&JhAKR$Uiadue=1! zdP>H(74a#@&{|eEjd3VKt@j&E8DpPwy~7Uvlez{|ih$ky50o*DxvB4RubAM98yOYnUuS2hLn8DT^~`Oh^1Q%m3;{2#d^)5T^K%`yu&^xow^W6-1e}FcAO%q2ba# zJ(VtIi^X|Wz5!GJ8Y|Wyj;c@`Na{bm|+a+@#b$I0tRIcVCNF=3~@53 zwXDq|RASstt{a0kUl?60RLeJCz9uQlL%B{{XNmedT8p;q>NvM$)~dQ~{NI zMB*f-;z~jy<$VO7v-|#`g)#SzV2H&JabJkB47rzBS%bUq#oRuTu*52WZZ4cXOLc5j zm{xJ-I2IL(Oykx(#hw|ZbitfmLY>Vr!Etb^W(dvCTFRyGxV*s|C2N=$m`AR1nV4X! zJDj23Wb^eFRMRUea{~5Ej8i-{67i{F>paP0nTgUxPQB%BrW}Ofk`CHlp^dN7P&4z0 zjg6irmuE#WV8UIxAOm!Q#~EG+#7fN!12^#iqEpJ_776I6iteEM%|md<5Th_mcm11w zkzjWyL%NAx^DjuA(yGW5bvn!}cQCnMGPCAWUzm{FnOK@im8g=XO}-#;snIWW<#2M$ z>&e33(N;JO%NjN`9b@-xf-c1L_nO3PquM%tbL8-VFO3ZTtaqB7? zmcJ1!l~5&kkEF)qg~X`J0x>4u-{17_K5}g0Ggyl|i&HtcGUg?7<}1?WW;QX@N74vk zs6S`bm~xfmf@Ke+r%#!aA|j`nxv;BDeXc!6(4g(aC17Y3zG_vTa9bB;_FsWuG9OjU z7-GOCBR~rEg&n>VMNAX2Eb5+N>PNm6gn=<^p}t_fyTD@* zNMTxZ5GL*rZU*Qe_D!Ao%DyKFRSc5VxkurllHyO+d`Q z5s6H-z$^-CSF{O%P@ECgCoy2;;q;hKfZO2AN{3j{>xOW?wRwqL8*(|A{{VUD<(?}j zImzi4A-dzTWrYr7eRrraS zR7&v>4NnYAd5Dv7Bg;Q)_x(p&lZn1PrsfmX6Eg!)CuB68eGSy&wH!pYIWr9RQ0@#7 zQByJBaK_?&OjWqcn&tMnpeutAZAI3$zUGgx$~~o`g`J1Y2P^fKlJMuwY48$Q zDpoZExl@VeGh|Yw{xx#`d|oSV^#Ux{7rgV}k9JF({_?f{khZw{#ief;g~Sb{{R?>ISz&=1Nq?;6%wdbY7w7yRfBZ`JpNKbIP0ld`>r%W;{{RuhSc?~*r&+Yjp165IwhZgJ zQjX$Z(LT`!>3GiNW;8!cnTN;s{XUUz)>at2O)%USIF2R~Zp7v#l8TNPn_@$PTXh2$ zWw$U(C&)J(A`gn8{nMN-rPVM%3b2jZ!qy>n0*CE>@G(rv3LM75L9;wcvIKgH{{Rz~ zJk&?Tpk@^F4fiU{#DUx~`@*A)!zMK}?s5gfh8q=8FVR_b#l8p>9Nf)WHXXqgVua}T`P zIh8*<@cxipK^~CIp$0Fkt>Y52DxE-w)K5r|*$g2wSUcc5SLA` zHKV_@=lp?vL3mm|mmH_?6$DCN21<1MIT>hSZ6U&gMkr;|TYe3nVxi8X@1J7)e}HA{ zDqbQq#p-C!((=mrmBYs2Swwdu=4EM2{{TQ*z@C!VH;m4DxDQAR3@Y3wn}yuJm>A3i z4Pl3rC)M*2+@(y|vH1Rf!T0|F#0z{zd=nkRY$2>qx6-;H9HYbNHDl*3ST)=f33Mm< zm~DM){6m66oT8zW9YZlIiOfthM4|SJT*T+8+HZL0+*6niBO&uzEJrYz`&&KT1ch61iTq?6dWd~+% z<3!%(sl|HY5J5VZY-*~Zw0`g}dg?URVAKmdz_(Qqxbn^Y0IBFo#-d_rP{(rlR1BC< zV+YZ*f`}5t*11J;Km(h;Z_dU!uL?Es*(`cvM2 zQ^WdF=fp7<=W?#1c!~seAbYdLbBpa57M!X+^3W6%t`%{85H8CV^9==B$1?9GfLr&K zfD3Q7)OFNfyL99h(9K!9VaWE#2L`>|#2m^u40a=$zOGg!kwrZNzi1vAfj98i)Tg~i zOp28zFM_c=RPq4nq)@g7<>; z_{1e7ftSQh+jV?Y0M>&9A@~B*X^0kRfJ9vyv1Fj&W0-{G1X7)dD*#gnJsh8z_r-pf z@%|0ov$=HCXo_%LtC@c>IBsemyg_!ve5j5Q2ESr|Fk_Bpe)lf$_^A6wLE@FO_=t@C<-30Js<=|1)V83tym$M35T1VUuW)%l zA($TJdx?35u6k8}Kj8bn;us;gA3$e_PT`-R+ZHrFi7+yTfaP8YIhBdkJP3LPmnQ8g zOEqiKQUh>($6>;ys^RLR?3Z@(-DHJvP)LluF2FskgX(b_~M3+8ERx#0R|5m)d2*VYo9e%q{Bzw=9KLvjW`nG{Vhy3!|Eg z5e~_Ad}vwFLSoXj&$hHrC&d=Wp$z~S0|%#5SRO=lphXcJpx$pW5s0GQ?~W!i=oVqqr&JBa<)^{UuyJXS5MDm^Aeg{$OO45eQ?LH9sTp{*l#2 zyvno0W4JIt#qYo%D+aT#1OazlfOn1umNGD+hmstZFWz(i0AQ#LEwSg)D#~B`6Iq!g%v5ojZ@0qs-1}k^2!rMMP5O z-TWQKr+91wn=mSibC=L_4R3E8Z6MmRA; z!3Ozlpq$GdW3~R3{sEV)X2})g`gs^(5F=!`@E%w}To+P$uzL}b1CYK}U(D@{)dSNm zm3#9rA3EV>tHfQ{tQ@k$$WQ}Z3o@pf!&idEo1>+06!gBTFKB&G3-bX<>ekI+N3>Oo-b0op*)S(& zX!dYE{WE#)iZX;@A(!l9*A3hhQEhy2oQB}{VG9G16K9{IVK`j4v2RhV#xCNp+-L26 z{{W|S%$SZKCg#|_&}MNy$S&csQxy`C&lLtINZ7a;htUr)*ClRe$LiW>JhJd3Gz(mA zc}q=+u5x~7375RsK|oLk?Ko0BD2VoR3`kY6c_xuv0k$|Q0tehM$-S=t?eId1+PP01JQAP)bp@G~!L)s) zsT(0o-QtqlPw4=TE&ISUE8W{i+6w`*X>pC~vyuxjT$6YL17)rAxR?pq*yHeilAYEbf^_AQqO<4^G7CexlroPy4%6NeFqNN;0rP+7_vlIS*?zB#9shw1= z4M3__1JqaxTb-uGbM}FPqcm3qKb}0WC@t`4IwChSgNdpiGS#rC)j6)J6Tas z%9Ovc6FUOaM{n^gLzle&00)Um(9BMNJplgexoj19eC^R{ukiHB!y`aiH^JMS4>EvD zO*U^y9pgnD8ev})tL17@e3@@WM-KpjTQotVcU*0U2_RUg22MlP;)d(vXq`1z;%nwB ze*XXw{sER!FK-cII-9YH!|-IY<2iYIw>y^(Q#L&+J4}O!n_t8iWnKs$4F?ufDy-SL zYfZt+s#{R6IK0X`^D(d1ksT(aN^EM(^4xv_b z6f^ErTqN38!(>76fUDrM=Ajt{s>JZaxcCrMQR+ppbsR2OF)Hl+@9=%^@eIMJe(=tI zgK^@Z_?AVKO~L~Mb$2g(7V#a_>J4EDpr8zvtGi$XKcJx^;=q~5JCsPxHsV!N%}mO^ z2~3ppF$N2|%nTYpr07tzusO&^T#W#$wz@HcpFGRP0Ik)ci?q^xjtQyRGA4{EFqfI3 zmsdA6%(yA`{{H}{7DZ2)VAT=$OAK3l&NGfF`Q%DFn!|_kAtOl!k~klIY`GFwKZe=O`Jy%y76~VJ8W8@>YR;M7$_x=5HhUR zH__n&fZ-PY7w;=+Y1sGL0!v5JPcx3A7NTcEC~6O~4{&h0E-Q+L@e-ff2$?C0yi6Vt zK=p@+>}|TJ1s)2VnYaQq4+6P+e8EtaiKk5Ej6npY=9o}u0n#{=p`PFfP1uzJ{6RwBM9&c1!lCp8An`RW z*uMV&;r%9))s`XokGfC=t@W?EN=wD4;r{?lkzsH{LSzpkm`=DEy>A`y#zD%o;J%0w} zvzJBacpy3tnW&b%>O0W#G7e{^&qLplIJ6_?% zanUXSs_ga@HuOhKvnT>(!&t4k*KjB&NUattQn79;Jj&GWdIfHeR~;IT+DxHX7fY)+ zH5>*3eGUgV&qClGjl3W9R> zK-w)|i-AxEGpL}*_?8%>xoe#8kYXj#iH%{O97}ppY7xf6ajGcuP;v&spu%45_5msd zYj1tovT6`6A6EuIKM4Tu;0BRvoTt1YWh<H=5_({G02a}wDyT$? z;g}KG$mJ3%lF%g?0Ovp$zqH?0SaID-rxhG`YuK&LCrl3UG(a<5{X53no?m!)N2{9D zck%uI08rF@7sR^ULN_issMz_A?j;hbl)S#snnv~eORWxGQp^Wcu~sicxGRB^PIlJ zxIu=B_Iv!nCpIe>iRKl`Vgtl?Q;Ue%qH;$bNq9~m;yDuNy+KGLcRxWhmQ&RqAt3+8U<}6gh@i1}t~~03roVYOfpixmidO*s0IFQIMqS+tTI2 zk`9vK0Zg|B5_hb6b5r4ihgUW3OoE_}n}zo;GoIjPApjB78pLWX%(Y)fGcSl27gD0a zYd?qdnvo?lQ9Q?N0P8S#u!Ia5SH47kB6>yO;_mPFeWQ;g1jSY}De)Awvh|Lmk%`c{ z?7zbb0B>WDnx7~RL%j9V6~V`mwcOWlm!wf9v_{(gNnsQ?+j|NMZ@wd4&PXEzOTxXN1G2Fnn66BBL-tee zEY;q0{_$vobkB)DQfXa@^*OiiJGGPc~MS*dmdv-^^% zL*Rf-VW060@ZF0J-UG{sbga6Kyu4oCXomnkAdOQ9`&Z}u8T$VK#4vX`PbhNEzVMky zqQ#Y8hyyP5G|wel;S@g<=oD)C$-4p9BVhBv8mh!sKt%2mnG{2_Eie>zLg;2^=gms7 zv8HcO8!bv36q~C8w(x~OH*Q&98<+B37TjM&Bg%QUP-7JM=&>G`+E%v6j-}AIV!RY? zT93=s8|im#nzpHjPSG+%ECDKb(8J1Bn1s=G%y7K40Bp^c3_Dl4Pm6*4BH>uWd7fBJ z*x|WM$e4WtKV$d(M;O#%%y14bm+#IZYpsD2W`WqLv^ zZxEk@Gm2MFCAgG2{fDIPSYt6dVr-;T+bAL*6CyclQBMf?0KCJ+%?f!ij+Knl)63EZ zu$2Yt?06x-FcOTrI*E6)(kf`Uol_Lz{KSraBD<>~D}d#ChrvAq)Bvm}QrH0IWlvWs zq)33++4Be5qrpMcVq_dt1P!{tY&$UmvjmSEv)+4aE&hQ^Xo2 zH5tFd`d!4Bp(kqf9FaMf5)2Q(;pPq8$N{sn*9VwDQDE7-&V85SqT2&>wDIz<+Bve} z&D8=Pw*=|~0;#QWp=L@5-h3bK3C=BajfQH@VR~sQ#`$vrk-~B-Yv3g~R!djl2PwW7 zYzoL2D4o&WrIcK?ouk=lmag{6lal+*0!{{+CgU8I7?HxoV-hrO*k84x%YBaV;q@OTsT@f)#<1YQhDXx`t89NvT`_ zoGR9^7^FazL3q;7&1r+rRCF{H7K9hBVIFnSs>y1r&IQH2%)YIc+cRV=7H9`JL=4M0 zl+kB%fYWT+V1|{f0NB$U*!0iSmiiUGl9Y>hhHv@-ue81@VYzcJ&@J>C5LYiZ4wE3#|K_q6EZUPmjmSPQnZE3S~T^{p$C>D z23X6eRKrKjVld%s#kZFAxrneDj01%R;hw^3B|TG!4M5_cj10YJaJvU`gA{G?1_|>!7c6 zcTIqyMuf>niryp8^oi(!d2Pm7R}KX>*wVD=jJk;+s_+8zj_X$uvjk~2>`|}0U@4+4 zzH!U4u3fO^90fad^R?}o#kiDK5HF}|K1966(Ct6Hf54H64g5oib258;0&U@-fq|ln z@e~#+GnAc-YMeWPZFNp_D8`&eLnS_NiFChcR>4cf64WVXDDJwBh9|jz7pzW@@lj+h zs#*$alpi%wab;)icX1XsoYUeP6C8~DsTLU|yt$=i(9?kZlQdmS>(OiNFm#}2*aB5p zo+tr`AcdklPqBV~!S^r3Dse8gF;HW$_>Q8gW35I8lRm5YCh7*F>C+VKx34fB&EN}* zLaL{8YXNTrqBEG$K3QpO%0 z-jGBdp#ZMqk%gc;6u}$t88~+hr3MD!C0ks%hk>l53kyMZ*y5CeV{Fp&%7Mu^tzd2z zbOB@#i;&hUA;m+ZJ7W(Ds-OgDyNw4ah_e|1%z{$xsEG(cTqu?ero&k7k#PdY77O5K zw05%-zoFcejQv4h(G&JRf7Eff?mCu=FEh<9mxqGmSdzf`na?P)*hLC$pfV;tx9AQ;@ z6C6+qvV{X+q5`}C5mhU=p#iATYl70mHo8jE5KNavTX}P+cDa$~lj05U5}HLK)y?lb z`)&+%MgH=L5`z8@Sy-Uc5U*=k1@AZ3#FDHQ1znNBMl+Q%gdvN2P;Z*wu`q+?P~D`l zL0TKFvk`0o2EbhoS*uRt06H3~mK6ngD7CnNuOV4b0b{qT7jCaj1CGxjH_hguo-`5x zKrkKXhq2-HzXbkWGjC29*gSO#N16tTB!P|i9F?3agrqLIrmq5i%)B9LOCo`%nr~?9yCW5CP{Qb#QdtRuXYiynv?eHSYz0mhg<)WnLSKCq3PxFaRq`t9Nv8A^ae` zj0Q5(tG42kjABIKnGuN@HpcT;Q$d5EaF-_Ya4Tf}obQT3IN68M1YfR!_h z0#;c9`f~*|z+ec(J7=JPtI2FTHqDaSl(~zT9TLdVHGT(TJ07E8wBAj<=WqB*Adi{` zm-FGt0`}-{9Ip=>Au8Y$DnWA^#phP(IAfyb{>|<3LYjU->GJ}Ih6@r}v5}EVwc5)| zv}y&&Ic3y9rG4f5O#=a<2(&QYJ;69!rTCOi$f<(Z){Oz$#F)36dU#)e;#oA*O>(^- zcZg&_%Uze-GV^fu*wjZ+mU4fO2H|EMPC>6)Wj7BLP-FFn-9AdjEDxxD)uMreexNwrG8H(*?*TbeZpryuZR5x()!Bb;nOGR3% z9ubY`Dn&GKr=u&cFsx}rXTLz3?e~~jb-%T|5rq+8BqbipL2q<{Qn406<&st24g?7U zgBwkjnax|zgaxUybY0!WP>Q$&0=|Q+RSy^;#9M9AbD&TIw{*8KE)JB83NWiSRpzMO zDee0#yB)LDLm6bvZq?1Z!S0cV{zHx6zzurAY+8Av=E~s4B3cE|?*0!W1~HZ;5LvcU zLaSx}00~&dHT{o>?LWbceQqR7%o5X38L_XWjW~8eEN=eb0hT=m_@6vpi5I_PU@aVp z6LuPnRb`dM^RF-HCwxbfFS^$e0zdw+k_GCq>QnEn2YqPMAjAc+{civ4DH6U^cj zIw?fC72UXnqg8%b?JaYds0=eysk;WH3YuGi<16T{qNAy2S%d8o**1XCPh@Aify*m) z@xV=-95KDQ zMG8iacN5^^p@qZul|junIwZBY7K)bJ-hS(pyC~IqGgg@Enc$UEyN*QyT)Dg>oN-LN z>RWP~m6$Cs)Tv6;3T1mjt|s9Nj-aDXSz%_bAZ3YPpYZ;YxVc^~SDC1o%y$?dAq;#7 zL|Ar--fxpB!b1niY5=GdIOV&^vLZ?vu!3o^mnRI+6-5*%q6*;OSkV6fRYt1GDRo=2 z^%u%mlp5J?lx!_;Q6UOyO)Tlo0S9y&oL)to4pBr=(da>NcR$53a5q>#PPvy$!ZS*vyc-0P)t^zau(F4spdP4h{;GK zqm9ZOZJHJtkEI|=c$EaEvGfj5#^r7@P7LcS9TOwWY{h0dH}rc-{(r&uugBAK1Xfqk zV&V(Aj9`mHJg%dl8_lb;=y_d<3$=o*j%vEMU)_dA*6=MYj9FZ^D+~t8jol_06mFgi zfdZ`5i;h-6Py8 zG{<_3%in`u@#p2?@Xg{*bY8-nSvZkg?3$xHlYQP<01l2}}Cw^heDa?L2-__Ke=9Q8qlA z_$bUO^%^FCH8k-Xt|5V$#JR)MaygDs?YI$V?*VRL`Y|wh#43=poys9V+Fy;?I5Rd& zuQHAEE%t`|!E`0$mK{NbFq(dzNqU>Kvhys1?|vWBJwf-4;O1_BF>S=li>UNKCSKSXzi}7zfl0v33fZTp>gj9tvzxvpz|&)h9FiwmItl#8*#2DhF{zM0}++C&JMZdAkm#3c)J0L4>Gv^jPyZX4aNUV}l(dVfPV=$R}m5Muk1*3Q~n0oi&bE zuH{=(L=98H!N%(lbx411m081c9;JlrjiK?E7NYvcR=p{(j|V8*(M z?G;Kfu&BNuJtLM5Bc!me4d3}p^!*9uL_rJjN+->f}lg}W3$wNbI`+jCb zd7l_MJi-sb$M1r`s0M_b1mCPa+dU}n_N6V(7c0rc0G=U3gAi}T_lj&_{V%38@wO2w z7-VpKcqNk|P|ch^KatR!7%&7i)Vg==HKg>Ed4Qo}^DDxFCV7q;-hN`#AWp&v{o$?N z=7TxL=k`Y2{|7_D4g#Lb3fUHONKztR07q6>X_ zg^fT++YHL~mw-85raEOeNKt*XzATBD4pE_v`fcV55(TrWQR`-0Wtn|gfo4r1=TYwk zMXM9Gg~@xXnfWjWLo+CVy32+Ksb(QpLgcWaS=$Z8n#xrk3pbTpgE0pa*aW4M3aznP zXvr?%DG~_1mTc`=t18R-AVtuDb-FFvrO7G?EMqNETgGEJcUxuonVW9_?BF|P{DRO{ zc4$?%s}}4hR4FzZD`2*{P)RFv4W|0R%sF=mY9w4xPG5(x9m7Si&L;J%0T3<9F69kE zN{B5g>1$bW7~bD!5p-O;JC^pyZHC)09t=Y~yejv9Gg~dyJ-@=>4nnt|b{gUdgqUYI z8NzQ}N-*nb4RU9A`%L7{2D#--DT6pu-Fhb)GOHdb@o~=dD*}NZoOtYnpMRMWr&Zd8VyTRt#Y$d4yVTtvIaE>s$xpW zO7Zk}iLN52)KUC@&-gz70QinEHrL`&1J32*U3&F5G>34_N45tGTk2WtOD_##_se{L}h zT^37Io8J5QmYyaZ&yIaoUH})I9zd~=5O^b;<>)H=5M&A#7PPwpvzXR^5Pzm|E0e@GcS}7aaV)jvdxD<@YEWT4;+~-pmENGI zP{~?mkyoro)A*A8v(dHUV-6fo!j^A#g$3okt zMe-b;dYIwFsFfA#6N6+9F(SBfl^rQPqlk$pYuT~(e$n0so@Ig!Hk&#s?oET zeo-3Mb%BMqwL)tMD?>xNX31pE=}O_gJveAwsLLKJ7^^c%s?6-ZVHiqMhnb#oG!5a2 z9@tevnB8!QYXP~_w$!zdt*Y?lK%jjMsDzZt;)br1_~^&EWBvO*LP7J zjd$6wr06j%?J$D~({0j<$F_EYFd^XtVM2wuble%F+$7^yyEf+zLgQ35x%gXyfXcy* zzkuBr_lTjV7vO^e6qLTqvuVyZ>asa_42G_+i)XS+AnxmY1P#Y*f3|!=0Rj~A7t6q) zhq54p0zath`~={{W&`?51+iIgA}SQFfpfHFf8=?FDS3RFxHlPjf#o zn4|?t{f}4HV8VqM9_{B^D{+%jro3@ftXD_04?^D$jMc^k)#wB)4p(yn;8@Jra_t>J zqbf6FjML00V%`JZX1HU9E!HFJ z^nhf!gPcSUCvkYhx!uAouXF@7DQbEU63a!ylyAD#K+Dqtw$w6>64Wk;>`H0`tJWn) zGhECK!Gw8LiS1B9^Do*VWZzMGJhOSAAUkU(0~)w00SFScd?UhGkP5(fcCp8gPaRA* zhB_c0NISxmUL|W4_9c#(@b`y6IHkf$kK4EzA3ir1vThJ-{X2P>@$?U8;M(OT1kQjz z_=XM%i^K{`))`^A z+X@ols2G)SDkAYbr8|Y!aB!NqVIbK8rC^3pm{T)OVTR^wef}TPam_*bm4+2}9-sxQ zDwqkYqb&22zjQ5gZECx>mhc>6JtC(8tL!=TW74=XJqr}`VGttwU<~>blY))0n%}{) z$}-r2vYgAS=!FkEkQ8+467JRt656m8XPn9zhSvqb<;agYCPG%#fUq{43RWv5w7l%5 zDpiQ>_?mrX!N!wR5TGx0zYG`@dKvAbLhjpNP4N9L3@)%vpqA5A*&Hz5XZWZ_Ef}C-(lF#TeDc{{Us)lZGe*V5)m> z=ec0dJH3-LaXb?CYL5|w*)8rb#nbN;9t-ejg|C2P?7{3aQ;_9Hi>RO@beovvVU}P@ z+qISU{?QmKVBL20FHjEz&C=JIHp@djn8}Z6rBq5o60d1U>Ubq(${$!y*!}+iPU>ae z8JoBdh#8um8Hd(8`WM@Cg1|8k8jNtiPJMAGZ1GtNU z0QHB&LEHe-5|=Ona;O&%<(01NP=-?G)$+JJLWNpzBL4u?bzlSXSCVqQsvco0so&e$ z$uT;&yc3i?$C40L7E?%@Al&i{CIK8%E}xYqHUYQF;EY>KjrrkzVDc!p9sd9{@2=qr z;i3NTZ!ixr12V*#{s@KUA=1qmf}wvfK-rNE)pG){qsdGB!7Z@@bi^RMWP$_DrX>KS zZQ>qXn=hElouI|dN`sh7h+IJK1k*&&g`7@h;x4f;pOg51Nk*avyhrs^o4^)9P((4td@!B^WxxzW6?3P2B8-X(_ znp@uU2Ow`^t~M%xP6s@o6q7LAqhZwt#{|sMQ$Z11!*@|!z!X+0C|g9R9#0+;(rCf7 zHZhkgk1!2N1uK=wS()V}k+dK|-lwQC^#|mR+H&$7vz2B6mC8Glayj8~p$rnGwaH!F zC$v`2+YC4$Xq1Bj04#h$D++)#LZGUZDehhw{ik2x3=*@{a73fhRJxi*U_*z}VRP(} z9HgcnI5456A2F70^&e3cf&x4Slyea@1-hwFVq+nq20oV-KSe4jxc%bPcNk)e7sdSl z0E6#;iB)@R37 z!{p{Id7QiIV6u^-FUbcw&R$pj%gW5Puh3`l5ua8Z#1LM!JocdmxC<|*L`Y<6C77B* zP#B3-P=vcsikV8Osrw(l>CKZgM#V&4V@X4Bs_HevnNgRRc7>aQ$PHr~mMgn=I}?=1 z&Wt-+}2FJNYST5P03bHv|%Y7zYVsW@#+;VXV5Dlz6K3=r>=!5WADPw9OCL1K^ zy7h-l4v3QZ{6~dD*wz?vw?nhuV9@!?=ugLpW%uVuu?h+6S0 z*&GHL^q3mkBpX9cNRJ+kBbl*ZfluNgU}~0E!T$hNE-L4Jvi8nuvnXB^vlO>_j0iMA z&5#VL23R)tIJO>=n)*7Q)j-Vr{{X}KP7&0&!UYnUFBsd~FMYvuP$9?9uZ-c;74&U2Y;xUyFwZnqsszB;UB8IlVuCQ!gs`Cy*Mwyu6=4&=tQO-QWxy8I z`ZgTH1#{*%0RV%gc@xX833$pCO;2xxgm9_4vqfGX0AN}#2tXTK7{+ZBTB ztB|EAw=aoc`k_c3ES6Pvtz$KRp>-APVxfcsm{=;Y%l+aA#u;^;{6i5V2?mCtQxM8{ zflNZ4AvoS;&&>YQukc<2=%tk1LHo*&Jwbk9+!Q`0WIqG*8o|)_%NGjQIfMq5Za-Fr z#!j6p!f za{3U;ZTSeO1D@Yl*C&ZVXHuGqt4T<@LjzDTuciU05aX|+$A2H+^zNo>xRaRE#$!ga zFG5p_K7+(?xPj@4VAzm_;lUWbJam5ZpoW9lMl7@tC8s6-*#-kigkZKHhJb zab&S{Es^}Los#*;XTY5Yq|ITaR>5#WX4A|Ap&G|0I!A90Uz z&=}-eTHrlk5ZfvgMak2NUu822(RVv7k=FAI_kzzi2DIjELS8S-8G;>7J?E@&Yw6$b z@cxq;VXiBy&2QWIi1*9N%^bZML8J|ZBTjX*otu&b z#!RN%hr3wuWU~1%p)8ooRf9Ryq_&tB`C^{MX@WH}hOijz@#|afwMaHlPhxYT2(#<18C! zYSt04Wvb)GYzo$_X0>FU3S)@P0j1ZC^|il-6;lK>>>%LKFAp%IAhAo?YP8$8co))> z>cLd;Ld6)lbGDr}JN~kEs<~!jaXG&@e2=8YgQ}W>1}YLOaKPde^py=xW7NNPe`(kF zD;IIg65gfCv$zz&jmkin3>9R+ddyAWyk{|pKXuCrjIK#-TsKeI##kua#~e!Z_mvPh zVEKy{E+X(ni*c_JvvT7M$%=JF{Z4|2DJvdK&8?dH1&o|T%oC# zP@z5_OTK4OX8zyb^#y335sPz|iA#%O2ds0buW)?Du4Wj4;F^@CSd1}j5k)T!;ekPQ za}3GZsE;bstAj&Ta`ZUI(NRc@v_-*2Sigd0VPagW(?kL4o?CnE<_zEhm53REFyw~k ziz}#}B6AJFTPofIYTzaeR7@FcxafPcD_EIX$3hBDqB!b2zE>P$5VMbHvyv*BW+mVm z9^=C-xl$_KcuF7y-3BOd{{V3eLy9a&wG6C)sg>~+!d84r5XN%l(`7d`18)mvJ(gg- zqELXj=AlA?j3$1y&BI61O0capGpTpa#P&<3qvBDFLWx$zMqilGAm*Xcz`fyvT2IUT zKcsaI>L3m6X;tnP>S7&soT+||HGXO^lyVleE(3Ho*<`XD@G}J!kpS78W?smsaZuRb zHQAfe4vUI~N&~{`xH9D2*z~nba57#u0$^LtKtSC(GCvadx&^ddZ5cI~D<2Ve;Mf2f zQisHD+379f=@Q(xZ-|#9 zThSUwk*tmKhbifzZs{r;_P``kELJ!`qf)La6IBlQkI}=_ShM<$zrbYr08Gy3eM0Ij zkly`M1u--fHvpAba}Kfl)?Qt10_N|ytHc~ZYE~g3+e+8F z<(8LW8VjySqiKbF%Xsu5peQ(o8A_feM^kO?5R>s05H?8!^uLh%OJYP)4;9PFmRpHT zvut_%=ZQjERceFQy=>u@d~6Z8F3-8lYv!4;IJWhyNl%zqA z%5#M;f!w7ZglQc9%%p)di_$_w8|jr$l;02+TtlKQDG7)38g^(kOP9JqfZE~)&W>e( z92VNbB(^Y8)+U(vZP^1^Eth5{w}`zNV&fZt^Do{E-=wGo%!4ewL-RG2hcB<;{UXeO zQAgoYBez3?(Sn$bR0B!b#hBYQcYq`%__tNe!9(MJSe?OxXvcZJopZ#f!P5!dfK?+gbVsKi2uyC>uW#*9t`_ba6QKnz37 z0)5p0mJB0A5>m-m5-uJmHN;tXix=FV&~^R}2xyfkp75B9in1s#>1Ism1JtkZOX{cq z0ty5W0>)5E6Q&}E`%ET)3zZm@)Y4r=xV0A%3}1-1{LCZ5Hj7bW#ms*)=W`YPEdKxp z-oFs~6PfpwcXXb9oI+GfB7Fg0NM0a0qAQKWoJ92jwgPcb8>ljdU5TwhnyQ?`P@G3M z7K}tpCf?uQ^y3pQBNKAks*6~QbI~q1H8NlCE;mx#wTg5BzTn&Vf$J8QUjfT2hxK2FM0E(#+s^It=?BY#07A?#QwenD<8x+U*U-Jx z4BugId31ef=coX>hzdVr*bb!(P*Lc|Uu+zAI9_FCgipgB&*ak^9Zu!wjt^&!rKD|# zsO|p%2s9Ub6ZU*XxoG(#vm_cNk#TboZ)ygjc2nq^ATP_!(>jdz>jjP zNK&QuPUV_br(mCni*rYz{o)dz4RZp(E*80|YFK%cxy56`zKwGR{M@l>Ez9N^Vp}q+ z#0|4hK!!6Fz})=5!}?F$jOP4Z;acSj_M9&a#{kgN$8HEE@0>4NRJDfwE-I}=q0+>< zxCQsr3l6kfuXcZO07VprADHNMoD?MUE)v*%FLkKTYRo012GvXxY<^h z-cgh!iaigE?1P=vc!_t zq#C2*8}=#+V=#~e)reKe9DGET?h%cVH_0lZ#e-|2Ezj*bKfql?Xp31V5h)pW#YD0q z9yp1IA4w_2#ZwFBH5VtG>*ay6>=MF-$-!*}YFtEB4o-6#2P|v|VoXD#Rm2)Ti*bC# z#9yAJ;x1y#jb3#Y@fN&A8;I-aEB@wx!S}z!$qm98xzsbMn#33|&RNEJjCTY@%;I%e zm?P_z>)sj7r%W}@X4sfB47!!^Drygyvh^3{FA}qhpRxP?o%Z@$Wz<`kWS4u6If#m50LG_C4>F?q2{aF14K;{K4r!G&!UD>745^SsAV(b*XQA z3xxA1QSaVZ>4bjiv98Dp`9q(f!~nyO5K)di+bSc%UQ>urn2n zZfI5!iR~{VX2ItXU|CA`5_vFZpDaWaA-)V(@*j9nA=m&zjHq>&%(X9?(B8gPsfY0b z!ibRI134S2s9GTo92s4T%NQj)lA7tl3xF-;#zVvelWiC*9qKil$h(`s`U~PWtUSIS zW6bms_1k%CGLOuKSl^@tfO<-jm+1uJ9VJ(P7ZS>qhB;b}{{R;g;xD{)<}ERPA$5Gq zXA^=bpKtIO)ZP6z12GYfvowOpX+gZjbZ1{XdF-&93en^t8fuEg)zJ(=R!dOq9Of2K zaL^i{f?|TbW+Ml3_rzgu+FD#(#unnsm+=_VD;{PEgXsht#r^*Pz$o^JH}5qJZXfCy zob@{Txw!TAhZ4E#>6EN@9FQ=Kd`ua%t6P>Fss$3OBEu}He9Vz_TbEq*04>o}e+HDXXp5|QRI^W12lt(8quWTlIur><@(c!5~E^ch7c)OL4Fj7%EW%JZExy)`_moD|h z>V8k*{U@}*n92;UI+4i2Uy2;XrLfWHDy)gvngx(xRu*#E#8gbBJ0-{{hrA^*g!LGh z23Q?Z-s!2HhzPVf)*wSR*>Me2R|u5!1~%iEbwMpqN()@r9`Vw_48#nG-3{a36gB~y zc7WkFW7ZWh`vXa=s^qIW<;$|yQ zeWsd=g!%(0+OG?$<{vL>j?0?$REE~>^x2B3fi-Oq*aj(unB2uy{jmb8VEyF`5n`p$ zh^2Z=Pta{Lip8mSEDu?FmoPwBAxT(QsnLotD%9ZMm#3dH0o{N$a0yYM;^vq+2WP;6Bw^G0HPfq#JvUe8lUy z%QILqfho`|M`CpxxdgzRp?ri%d~$$U=TIed6~P z{bkfznQkm$ZaV5L*&J{bwt6-D{{V)F>mPZjwagk|;to8_EE<-}mJB^*q)Ui+MGCfw zMaD^W@h&*@kKgIfw6B@XMu~>mej%lrmKxkydCXd44p_YP6cwtm2TBxvpGmWDW0+QA zQ(}5YIgaDJ7aXdih~`oguV$s~vE0A|vE_%8ikStPo;<|Q1<=Kj464gAfvkZ!1h=x) zcM=$)8;_)Y&`YULS(qi{i&0+qpj%bZ1{*y*a6|k3yP2gRH7-@BmoFD8;Zf@5e)`+b zUqosiQ1YI*c5mo7UZu#JD3soqlJ10~1oF8%SYQz>wP4usT(g+t99qW;Oy-w z*#ht8QF)7AV&gGY!?;V;X_e@612LOo=N+YfAqDCkMPx+;ze#7!qcJZ*Zb-OSZN?0V zP1}?dCU)~E3!)Hi6)vvh%A!+=O+v#^y+mtKyOyt^ddwhW;w`wJllXs2%^a>IXEUVk zU{=yV;a_+8jBHoRungq$X@v(=ARrpz2SE0f=z)6AObwX!semv7@ej@d?zJ6#B4fFS zDFSm{`GtzqOn(uvz0W9-{pF7n?)o~Ha|@W2xogzv3JihK&6(cT6fV`?w#QN7`3I7B7>!zQ+&++@_#pjyZ>|!B-B`5KmaJ5G#pBTPg4*x_C{836fv* zmETDl>GFfbqD~t5`v$DU5`a~mA%vNX${f_q#}S7D;Vq?8+)I_=ybNbTi*L-fs-w5e z4%Np~K9$@wE97T;H!Jzk`a^IihG}yZJtbb8$7H;>#0&I+IU>H$ZZ630mw$)!$x^NK zo(WrsJVy?*Jrf1<5d23CL_%l_1JYKSGl@&NRG7ZfoJ1g2$P4~qmW!x>s>Y@qM})0z zZ52h-Tt5-}&YSg$^kyhjW^Nt&{{W1`aO0_UF@9L-yhjX2i1?0XjOX;Ff|mt07v^9< zfz6q$@tO>D!Nj<+h0eZ()M2E0%(3#!Qz(wvi!t$G0W|}g_P@tMyf$`0&zR>L`i^15 z8kg77>1F0`m@MR%xIIq#dWL-5u#V;DQuRG!nR>m=V+=6kxq0o2j}S`Ked6=D*{~eH zXaouj0s4<5nZ{ywE1b+5CEW24_a){o8Ha$nnUkW7z);!k7L;PJk%F+K6ZdG z62=3VinS^i3P^|-pJ{eI`GH77Roo0lk!2smr*}80sKiHuiD41KO~)x*&70)^0HQFt zPfOli_t8%!utC8N{hwkn z(~7#dbS+_QUPLir2GbY$h+{Eym6eN%y=KynPf2C_YFT*vLA8P35gO(`CgDq~he%V* z2g&$s`$w^Pi@eKYxahjSF-JDV zjBzr)?mjgr4BNVkL{3Q648Wj)ME2BmX8c!tpo)%Y4Zx4veYYo z=_uWPDTqgkmlw~_U!jLd?8Y#kD7cr2kc*ZBvgP3QoXHver};%D9J@vlDK1#MW8p6hub{Mr;4_JT; zZ4<*z_+MyuFB&3Q1er}F9NOX&-3S3y2|O-3wT$7ohOR({;`vp_v}*V`fI3+)MHgf> zTwDlZ9}@ahA$-T1)W3-AsD0`R5VIBJ@9_Sljbb(H6A{gE5Z;)Y)M9#09w#xd+o^)i zDqGBTH_yDjkq26ZhVE-V#m4U}$~ni-`oz%_rN+cMjKw?7d0&6fU(sTWW!n|Sxbo%= zthui1BCu2mYKv0X;0b~%H$G8@k>m6`W;x<8?GYTK3@}hVDEW@27x&C0a^U{}Ihf~! z*(_IHw9FDGvUSw{+%s$)%~a%a4;xSpXu<){3#{{WVs@zef#f6q_&>Hh#70WufO=s)A9 z{B-{SmY?#|{#s)FwEqB>pYqfGT7Sz=_-X$D0YBg;{KWqNfSOQxAFidoE+Fm(;)_vZ z%y;4;=HgUUnM=eM%mv+x1(m&f>RVo#sKl{nG+d!nwDYa8RSpQYOJ+w=Rpwf|fh`*& z)Zje0B1B1e3&Z&jYKXfdDLh~0aooZqzz;8L%H^FfE+n(5<512Ck6BX(i1W+^H4Gtc zp!>{Ubh9#^kX>Tdsd>a)MWPLzO|U8` zKGNPG^#*@S!~X!vUStaqa-l(}x9R3t7UO8rS=hv)-Y$p(V2?JzT7%$BR2y7CUf9&y zww3^^ZY%Y(MpL+sF=cLub zl-P3pA9smPD&g(6e4BZMSj4^`#4yED@t8FY?iKS8D^(3{11PSURT>8|bu!+YnsGKf zuvPw{eC|+|A;E<@B4m~7!0|DQmm*OqzG98BJckE%o(ur$sxi;;gyIH})2Q?LPnwyA z?3$ByIDkX%0V#(!+AZ46cZR1h4_rzH$!ocgQ!?+)CGW^U=KM;mOcBPVF7p*)Rl#|K zY*7A^`0iZ(r-$^187l}=Pynjn2+dJ5kP@myX~HM|&`ePRmQf2WC|TU?WbCPR435M9 z0L047#E7Xj9a+P(>72@)aIBkxtl{6)+}t2Vs=5Q1gb=W*>7XX5PHAiZ02V4tZVz6yKz7aocvtIX`#|pl0Cb77{1h_$u3*vgM&&7sGx)T66m#MK0KhT;TDl_9 zsN4c<03}_}@95)16X7-h60Ybx{d9gPwu5Y^HB&xvr70-{u`rkP^$Skei!!!5VXyxH z3Do*+ajM31ACQEh_^EBX*ON?at@K|$md=2F~GjRR^|`OcJUC<`~LKRB3Tkn)GD@xn)pP!CRTx(cEF8g2(Ii?&bynP6Mk3`}wIBcsO2z6~ z3A@JYhTP5qS3#gx z0?Rg+YzqVdDTSJ=#IdzhS_FXW6hUsVR)Wwg#7nC5h#O!U>gg9#t&24PSTurOL-j;n zwBAd|MAophLR*;$*898X81YfzEuBGbED(Sw91f)fG+MJMO$%Do9yNO02sLm6ms7Sa zZ-w46m<5N|bV9I6U5-lJMyw6A(s4A>fu^-8xaT&DK((MYs1SfIjyMqkAdC%(e?iub za{8;KbhANf7N@3{N><=X@$~+?r~d#Pgekre-l>p;(S|OB(WBT_F=$a|)+02q5SGFN zM+mrK+<+!a(r9uyIU($!CoMn#ZDpaw&404xwkW+L?7Lnamw--={hQjz* z0h2Y1ez_w^U743$F&0KzyPIz3LvSId<`;P-fW&e_jjT(UxMbK*E@c4IXw`CY!dx4n@Pl0?H1vG^Ge*LgE9kG_t8*X!K2?XCYln&>bN| zvZM;s6~u9nB;^W^u;e+<>rWM6MA3*4X%VXWX(5BMmF2)4uDwyhfRTnVvKIhB%Ce2` zm4y^icb3aHaHBz0eMXABaQ!Jo?_w2trGf^`wqTV5;jJtHP%crz*&rK0s$D7HMt~@Y z*a0h;R*;Wp65!-%#(qM2#nCMGdTgYEi%l4o48$ImU9DB^_ZSm{cYu0r3*U?q(xaE> z3ud*d=f$Q|R4kV9he(P=1EY;Jh8!8rdVi>D~G1-ZE}|@nP?TXbzv_ct5)y;b`zVHiU6e` z88)z|*??OWGm`G|0+@_iT573YF&{BjLq8BZ0iy*`gXnf?F(Em~qJ?3ogry(0;-DyT zbXZjpQ5*@9!B=g(&+EEjp_XiGU=@*BwV$S&4ZC`+PrM*j2(YLqpleDObmL->n!q1o z+ZHr&O-~Sqqe*E(q{;9gxPgJ7?97Bs(V#fn1zOULe6xu#F0nwdyJ`C(0>q_uOCu-Y zRafpAWt+Ufa`bp^R9dnoR>~K>h*j#A2pcllf<8!1f*?RztJ=S=rQrpNLXR^BYB~6g zGqNSrb1&@#xUHH@<%nz666yo=@wPuO{qY+SmB6*o+$Kh_S5Ptx1&~1tDwF~Eg^%cb zB;oJ~E&l+xrMYH~R%1!557Bq!&s7tmSBMoTAX^(aW=3u^iQm%fxrA)p!FYl3I${my zFx+5s5}d-#$610K+%DFkshG0avI@OLPHqiqtdzzPpLn!EhlzIHpb`a6q2+L!4iYIC zRJsIw8a&i)L8}1m>z)%*5KQ@GwB zabTSkXcV;21p*X>c?RVG?Q)ibd4aBJB2#dcTLD;Ea)ZR>oyy0N=jdRZKBAFFfhi6s z8Wj&h>!B%afpAK?x?1i}yl&Nv05G!CEO>O3$OM4l3gAP;(jl)h_zi8@a!QE@-U1^V z019tFe!K5~Q5F$e9fFazJxvAG#MRIds<9W_hO&%@rC}*n7db`G)>628en%uYFJ*-^HT;P0-}@&MoUMT>18z`d! zw)PDNB9pfU08wH_-2`fsWNyYfA^-wv5qE(~{bRxREsax16}u2YCW>(7pQSb5IDBy} zfw`b^@GK><1sc~%c%&QyO@oE8mYaO@I_Q|gYP`QyAb)EG6ftT7kRa61u99F3*+?8R zQLvieneG?UP{jj+g;1qGL#Q9wBbngAq7aBJT?6A876Q#p+O?KUY>r~AKmjX@*1~5Q& z*eJB8D-h!fPF)^PMB;^6mHr^*)-u{Cr!-gsu9ow~zVh^4@e>s@$>9X=O+v~*{d%21 z>UfwDSO`SoG{g<#GL9wF87e)byS%|y)ly)5#nn}qL1PXCCjp};pC~-4;!~pLwIe|9Dzw%R-9*EBV0WFB^ zj1s_EcCGmukK2`PdWIi(Y%B`J=Id-5P?>2_s>CYT^Lj%tFIE=Q=mGN(7vq%C0O3Ku zv{Nn`gOWKRXP6~s9n6F?<~{ux=5_x7rT+l&*>(L(m!k!DnKWejST6tv{{YQ8fR(*K zRG|GBiz$9cBXamaw)@9@Jv12m#51}dHF)iD((j&=b>PwI7lxM-v=wbaq@g@Nk($x< zvdq=;(0>xHloyoSO{)hC5aUvs!!k0FbE&>%`^<`|StU$XW4vS_`lD%S=?6QwC`lflzE1}OQbYeUzy5F$@>0H5>X4wta1?q=6aVRxb+^p(f zh>i&BGh{H8UXUJViIFU+{jV?nQ%Dx39A;#4^o3C_S~AAXRl`R_zSt5{ZZJ?^0zLF)F6ljYGrylID+aJ^F0hQ%T}Nr#f-xy z;e@r^9H$Yx;x>qkB8lc~sYY+;Z*Z-}iC-}l;yB_}!>JQ7YAf8}j2FZXBV;qg%LKmm z#F>rpEOQLLT71i)0s7({=J27wrw~w^{F6Wg)TJQ3M6d(1C>3t5U@Q(L#}1%|E%7S{ z(3JwcBZy+jS(txT-=(cWBd+nt7J?U_{{S`54!&uP2Ewv){{ZH3oDurk79bl|kN*H~ z+kq%zQ@FgvuGU+{N}}Ad?7$4YZqhM8C}euPz@eJKP^et4DBM97;mkIt10Ev)o+HRg z?hbo`6>YGfjxtYJg}78HH84-86{)#ivX85{WuDM0iJd}Z%ShCgGU{0~5#ki}fM$~@ zcN6AgnT}&_V@<~l1+HSgA)9!ESgbezycfh;x+rYylx}Mf?$A`e+9wlltnM04Ap6Xu zM-*lZ7}8|a)JrEwX`j~e{Uz$h+H1^)o>LnUGiUjuisYK6uC zZ<+=%!E~!uvdBk!DstNiMz|aare)Z?Ee7pj4IgZ4k-cB zRRBQ&oscbUXc#Xjz%)3(s*!-s(LqxQ6=4Evw>w?{MZ+Unw3gG!GTK1BQEtwsEh;%> zoxk# z7)T=(aiSS^%lmj9V~O60f-;3o7dc$ZK zl>!UmTlhlTGXmumsQ79s<<~g+W-4aR<({(noMgF@%AQOK%uDSW4hdM);u&U9Pf1FO z>ew$*z2(;s8I(71SDAKSRWp$1YB*xV>KUBBZIw>yl7hCn%wb0~bt*T8n3UTXh4qsX z;{h|lH^CD!vAL)=Lkxe>+w_lX851|b_Lt}Kw6TFT_rJTtBDr?WNbkJ*lvSSjVQc*6{11LPyYZ393i>TY_?cbSfoJ* z_%MF+dstc&3Im3i0a*MoM7eX@@dawJR)5GSI+_2Ch>=MzDDUL_Z8&+AnN~JkUwKYctRDKDjTUayj20FmU*d#Y6NRlKKuSO||w%n?z0@tf0 ztHVSXKeU045NvxO#p_mZK%kxZHom|t1we;CD8I!_ZbcZjuE06 z*(vTFpa^9>)GsMkK!J4zoW`wG&YP4U5yHrkmp7@VWs2ewpegh|kR=(5q4POh%B_6` za;jZ<^p>!uC-ju}Dxzb|x2QBS%LO$OKSU6_L)HwI5O_>Xg~QS0ngjw$l`)(R!vdBH zO5A8?stCIL*%M{3aW2j!X^H0NnU^skxaxmP%k+;4etX#hgnT5)<56j|b+wqlqje=3!Z zewDNcZUSI66V-l*4JqMq%22dWEykVry#g!AZNi#Lx~T!A0-YAl0Juy!&RPJrfLi7M z0Pt^okSLv;s~1+q+5=NyX?0a$XrL{ii<{&;f~^7so2#r#A$UM-R;?RUs;a8Nny{9L zEsCo+0$~h#dAwGoATJwZ<~N!!XeU&6y+Qu~Z4|Cj738X^L@wykty1m?kkT`E4!AU@ zAYcFjisJ1a?2D;+=P|UvkN*G&2q2CT=4A&EMuwuMDl5qr0S17JU|t71Sya`6J|LaE z?~Y*ez=>Vu8!Jq!l%x{R9PNzY3?>x31bHB|+A6jqS+{*+Jwuf&1X4$P(Wyx^;2RIu zQ^@E+Z>dZDM(*HWCTp%dAgF%xXK0Us2dPh(3zMcEjSP zw^4mgV%?WGh&i!C&qQ`|3u{CNm^qiLs5h0)XZH{cW(CT*KuhWpy&1Vr5nMs8C0h)7 zPhw#k@rYBz%W{HHV8N~+r=}T1@TjhF*fPga9ZP9!97U*FUNIZHk8H*IEw3_%)+I4j zK_yvS#jlfEIp_Q4E$RTaD(tbi^iN%GRG@r_;ZvncIPP>9nG6?1x?tUEQ(Q&rVVjqA znMtNMKegrm0Loru)3=as31?YZA|r2ijkqOkh#`LKC@HQmLpmKGpzbA)FGgi-6`?aC}OxCEtmb1YdXx z>Qg-t68V+x1Y(hW<_DRhFeQAWn)}XR-Rl^d`h=4+Hx}25A=tc zET_z%N5m&6HOv-(8^fkh%TRjmVQ*5B;mart+T|Y*b(rbyIe=5YqVI|QW@pd-&;J16 K-*lqjT literal 0 HcmV?d00001 diff --git a/docs/versioned_docs/version-2.18/_media/recovery-gcp-serial-console-link.png b/docs/versioned_docs/version-2.18/_media/recovery-gcp-serial-console-link.png new file mode 100644 index 0000000000000000000000000000000000000000..eb67f0e99985804d9f258a4bc74d42dfabf0d4a0 GIT binary patch literal 46134 zcmcG0Wl)?!&?dnN1Og-kf?Eh~!QCB#Ebi{^8XSVV2G>Oci^F0GPH+eg!DaEq7P(En z@4l<6y1PGjH&xWjyR$XZ(=*f4-On={{aIP&)ywxU5fBhw$;nEpAs`?rBOtuUM@NN! zVr>vY1%JG7QpaGK=_`3`Cx(qf5&i^)p0{W!2a>~??oCTHZcN1 zV&f$XeHncjZ5b`-s}8<-9Ggz>tcJF_*ss`3PI@k- z%JDa!I8mD`xwtk;f~?b+@EKoKD~_Rjdgr{;9`ZGW@%ggzhJ^RVchfKt5V$_E=R6?< z^O@LLxoJCfT>-;RIvS>@)pGgVP^~8Ne%@W~QI3p^%rfFmm2US0Bkiwsbv(sKMMVv9 zIoi!v(+dRLgI;F;`X*5R;eBt4F@lt2M)D)|THhUKUy%mOzz?h#%-(Ol|OS z4Gv$ve7SLSRMkxluXK&m3k(d*Qk6;w{#$hoS&qyT@;f|*w;!dyW%*ruWb8!>?k9F{ zsv?Ccc+F&om(wFDE-r48-AX)}5D<|LRZ()5G8O|9WdpJNPLN)oBMgZ;H<~rkN~(Y!0Cvr(pHa zO}Hx69dJvO`ktR|L;@I`AE66X!BG|M|JhC|nlki&{P`BG*?zI88;O8PyTDN7>DG*k zkfz|hpf?-0(^_nXQJ_x#%awqeRa*)wAPcIpq@<(2{6D&Xjl$*Q zQ{8jOUGu+G3aA#hv7!H!FH+ZywA5r*Za9(4SBxsL-0U#bV4;vJ;DueT{B61%u|}^& zGc+qdpWLwn!VTALl9~M$ycbC>Ro37c_=G^cJoe`GoGdmZC6(Eo;awGF8v}&?_WobJ z&HJc?qY~HcN}RT*^>Gz{G=K zSq$a!rk^7i6`JX* zmNZO>ixUmWtNHbLq|tV)H@C>tJu>;CapGn`;Ej(ZW#CgOVUSNnf^c{g%PTxy6w2CP zU_Tn?3#n~WV@pjU%h-839=_6{Okrd*qv;DJ;U{#mT}-Svsf#K~T^8WWDyv>*Hf(Q7 ze2WRxLwtucvJt6)^2;WNw-i^G+aq4 zj7S@7`XPj|C>036b0_RoThg=1tP7z~{mC_?A~W__D63mzu^xeH7G=J!c-PWXo=)MT z9F^YxnxI4_TCz_XT81~!t|}|Ui(_H{9gb&nwoSHe0bkzG?TITew_!%1T`&?|J zz=YlR6NOu_cgiW`QIrCsbQ44SLP(gNUE8?LO$W0Ones^y^XKHyyMhQB6rdj2_-*X6 z9^vmAuP{7lUt%zsGRn{5SJP|2|bjXUN>E=-^?4g?EO8Aiz*^9JNe z=$`Q@g?u2F>`V(?c_kevHrl;YO6A*ny%?l4s^_m;!g?B-s5O4~60Lu96BstKmxUgt z@%EEy%3Og%Zpmx~zr>b$*j0vEQqgL##F}or4-PEnt2Ae9F za)XNqX)_-&B2Omts`mC5Tmsi(Gr5(I>;)=27NwGs8P$#RMyZefwwrVVnucdVRJfIk zC?DyE#4Z|>2vq@W%`8OcY7j?#l0Rfkquo%<{;|Cx5H4o2W^K4#w_gSoH7(g9de3Zh zuk%9rbZKd?KxE>fXDwFH(`7!C>wS_#rL3<(Ot!xz#q|q2v6FEB*B7Fo_c`56>X=PY z6>X-IaQh+SFV5!X_^B@f*7^qY2J&krgk(I9dZVuF_r=BBrN%4j75J>JUD55PxWv173O_SW=lAC0idO7PMu(7k z(Sd)uXBpYvk8-A)`TPif&X!u9PP#Jx7;$^pHH<|ZBga}sc@y%iRvek9vy|C{mVMUq zG;iw+mUzw2Ti?gC8cs)d!T`CChIvW15o#Yd`5*3ShmB$mt}BAjZs z2}}FeVa#Fd;rmTYQVmx&plHQbmA2;G`r8QI{H%JLA~#guA!X6cAwKTqeVS|(T|Rsdj?y!Mbu`!w zIvxr+xYYvhi=R{itSJ55lA&t_aRR_<{VSVTXe+r~)ppS0?`GnVyhi0{Oc2;hxn2d7%+vB@#q@V+oijawEBd)cGgXbO{AS?|^<5EZfkBrgwpkemd|^t9^F`YG zWU5B{GF|R^Chyqh*o1D6JD1>lZjgz)zs{i_u7&VY>%`{{hz%_2spRu|`ee&qF*B#G zArumKu5~oZFN{Nzku|||iE?yRpNbgpb@*hvfvssx(P4C{EdbAm;JJZY5Z83|nRIIY zhLx4w!A)i{8GdYDqFL`*xCske;L@{{RILUYnB>X~^{ZMeL8irYQPRgBrgE>dJGUFq z$&Y+@Y`B(Gx^PHp^7}E%sE4v`zIm#+>iF0a4IbjF5Yl79ps9R=JOx&scb-+X>>m$Dg^- z+ef*_<87w@>Ik%Xy6<7*5!gyS>74Ehz^B7Jz_g%^Y`^AE0!1$Jy!;cel0a|~&l@|p) z^4yi$#fBT=lhfSSg zV0U}58kZ#5E%azcr)wpeUDD?ynPiYVOLioTC7O|v88vI>Z)^AnQ}+4h4e+I}4}w7Y z=E^=>oTbcKn0GxPDyC2<1XW#_%~?4f4Dy^)uU<|&7-+7^SAhgccY7Im=XYGq+HQbs z=YS0f!uLa#-jJpRdqfgWtKbwqYgYnZS~@zT`qPya{eXjZRSSwuMbA#?ZuM&Qu0#Ff z^h#0@nnu4>rla$KNbJfF(AWi0K*Pt`-2-ynyNmedQRCyu=V<3a!I`)&Q@`K|CVECT zCzTEzsRN#)M3gcvATDnjry~}&qocrD11jKMuFBmwM~VHKW`M56$c^5dvER(6UlLD? zRwX$TQjV$jICd@lY0{#lkLwxF6NE3u!ig%9S`#T%z1J=drJ=f0FKr_}#F>vOO9LOD~R<3y57}eAC5h4d*XdpT87f zy`$1%N;j?IHh>o}QG!2cOJ6QW?*KP=?PE~l4J?E%OrRp|U z-+O|2qR|!!soeG+w*G8*eb$e&j8zA|2P%Cr(*$golYipF%-tQ!a_a@tdIJ@>aB}5G z(nZX=f~86qR~Fru{2x)ZzB|k){mu=Zhj=q;GbcoRyFk?Oh>XXG&9 z-#G19FmFWP~FBj)J#^KCDu#vyz(Za-Sa7BaB(P)q;M?kj*ED*>(U&-L?dgW6) ze4bYB21TS>-WWAT?)Vt9tD>GmQmZ##ch zrwdL=WdTyqOukvsl7e*;8Tw>vjI@#gc9%g%YQi&DS->>^jqnnh_4{HlCCyj?vF)sIjs*<)Ba^%m7wcpd4wO#cm z9ifp2zTSt+=a(MZE%QssR5o8Eqq`>tt7~8U zHzAb?*-g#hH*bjjeo4&>0Q{AGVbrqk3+CsziegM1XUx4Jp#irN57+Ns#cA@KViKEb zT|O@-=TtrohR`7&O(=Zd;Sn}$!jF6Z!EZ!jzI?j<6GGCKIpe#F4r)AI%h&0jjy%KH zZ$EmdD8Sf?i&jl+K5(op7)Hua{k9%6*z!xs*m^#y?M3&|_G=oGkxoDFHuyUBc6g}@ zr)U7B^2+V^TF;7f1IL`OVGyz)Ezgg;%zJahX&$}Lx@!@%2;T>UW^}Yhb|AXrp=-hx zZrsV{S!m*~w<(lXkjxTm4JNi-z=y&)8ELgkm}r88)$ve7Byn8&t{Gjmq_$uDl_6C( z>hJh&1&vnDi5Qk*vm!BxneU)C?_lH{-=;Vs>H~s_l_pDwjkL!!pqWeH0AKi3qYaRxfe8;I}9I*@EiVDs5Vw(9l z5sHZm@=rFb$+WD4*_7TwZ`Q7P-Vz~}>2eCb@_hQ>>s4v;6yM`h^_Ga+EA{g!%ozc}&a zJ$TovFgmGoF|V6(u(3&zQtEOe_C2ChW$R}e~_>A~N-Qq_N=&h|Pgd|^} zlSQ`9IL)y3?6T35B@LoR@$s804TYtt)ZS}bHh#Ny^f_4P+(WLy*IC2YvvtDxVVRLv z!%0#8>mfbwrrDkYwZNCmvVH;S*9$K1woeS-wdsfJAKhlK1#4@y_dCxm1Z*qhRb6G29;N0Z@=0y>;Pg!l zvEOlJSZbss9Sf~&LwU@n<`nAO-TX+=csxQxUyX%={!o|NUYG9FMO0*?0f58jzW3C& zz1XS8hB31!=TQOP=!pX4F1TW6P~w=@w=DkZcVQH3Pu@p&Vp~cI2t};2bvsdHl@p#t zAj$4uzus7xXx58Fgegh+ei!L0qoLw6SkAaQ7SNibZsVQ1?=)E9Tc}er?;?zzTxi(1 zab`%)_t0qg^W~hWLcW~>$NRAF(&#C*-*pt#T*wQ9Fn~-}JVfDz*(IPVc*Y{bAfh)E zZ5fMMuX%P)bDZQ85fEQcu4V5UcCs|5V-Om%wL@MIuw%Qn(2d2Ynwl2&z1NJLTZ+~6 z6jCn2S%46p79g^-r`@3hIow$iajI#gaLVeu?;BM;f0Vj7SMNqc!nZVye*CNTWS0uN znrbZy&Ti4JdEzZCw=k1kI_&8(e`Cwi?+rM4YmfFKg3C=m&cyQO$g-2+TLt#2UQ>dB z!L#&g4J{D(Ne~Am4Zt@%5z25$c;e{x?B30e%n2d|9{Q>&smKSMOmQe6U7>vPaCLIU z5g+1Qn)dbRI!>#cH>wy!JH(t_`AJgecZv`uL=tn0GMc3RIV9wY2pwc@tSKqTp+8nG zpcbe&r~rIYRo$DJ@O`{wN?SF%Of3J(j<~UgU=$U%dHa&d=a8$X@sMa4cY%G+&XbTWCANhMw_ZQX5OMUhh0EazyYGkTUH(ApZm8S0N&_5dvrg4qkIh1@!S4o(m~rQm6}|w+ z9TF5JRISkR6gm~d`csKW2AF0IEm9wD>0#}J__XPf5=5M!q`S`6ud4lcK8Ps@S%|Vu zPS)*qH1B%icG#bbfMevuX1?i{i*%{`PrM3h!gmNkj|l$$A#+vzV@ehi;MX~Xd`I#F2Plp%8rM>XK}aVo+5T-+-8i$k~M*sHX6Nil_}7T9@TRr31D@jQ)} zPi!?$9c+Pj&jxEO;+WPXt8y{Ixh23CaRGX}_r1^3I{d`Lqa=?qwpj%h!-tV{`2rwV zhDUN5K@YM>wFM?Yx#_UD9amQc48r04ckW~+TR%F8s2Q-nIG|s0$yo*%#2%8J0(tGy zfHp*)VsRbmhN@9X1+&R|J_6`kyaHt&7=$MLsNE*>NBNI=TYgN<78E)_tNSnt<9ZLZ z0N}!wn>JJghX}J~4ka|w@K$i>C4qU}XO#@e&tF1!fXmfANxt_d++Z(8h0CRfHD&`L z%p_d;`idUPzMlnhZXZeMrws#cHNp~XzC?k!x63IGdyye2_#r;06QTwE>-+w%or_0M zC_TdatAhJN@2xpM!#7r6IOcgm&_lmv1rr4aJe@_PkCEqjx)#t2?uMNR1UMR;PZwR8 zOIokD+u%r3?Mieo_*umyLMJ}{kY_*H_m)&)6Q^Je6C}X7t8sZsnaXs!G4ANZDW_7- z6Ncc&{PsI+A95GAe405C14eSNxwX$OqV$nrGj~VdVxwyi#m1u04{@xs#kjIRw`tp9 z=vZ)XS3=S*UrNu~GovtJMEScup?o8LQ==@p-}8A)*FYypUuYU}+ZrQrK}qWB%6%CP zX;f(s*UnfU*7^EjND<;@D%KaO`p#c@JJ<)q3o5g(aPd*lb}ZZAOk?%gi8(6DPqd@M zpDePq1;TGI`7~J6*C&c{TC4YHE=QHTT3-$@QUHIN5|L)|r z5x)_w-lXXK{!f_#mk=6h-RxA?aDXCjnQd_L4lRUa!DjEZs+=C={u`LW$6p7ci?>rmybj*wlcme zPeZ|ux9H|nf9$b$q+TpZwKSW5O!Dn0la$PoUxVB!MQMIJ;%(pC?II7aSh(UD4_@mq ztf_GH+J0Be?k?lVCK82Qi{$`Svk5&}_^g=H#P7z;Ex#oJs)~>Q@YM zJj6Q&m6~&;Z62}@Q|`Eu_+cDXdoHExB zBrIIloApOs@2Wlg2b5gcjYKncN1+oC$4r9bn*iZeU)Opa0ygKDybnFwz4EuU#{_d8==*zWYc;8SS_ycFYz;Fq zv}xx{k7NpX9EqU1tP7i)V?`WZ;!+OeM}GRLW9#QbD;6a;Dt6C^J<&O@;jb*dkyn?m zl9vwkrNSM>~mS+esd zGQyEp&oQfp=&tucxL-EVc5Y0_$66&=&s#+u)^Zq-V`D&190sAbzJ^{ur~{Od9|E=w zGmw_Q%FhWH*0FOY>D23Yl!w7HrYvmRn_04}i81CK1Dk-;4!r3XKmFQ<`gLJ?N9|j9z3LlD z&P3b<*-PtNos0K4+`0Wy@GhNNfEv3u4`u$-@_w*r8;dSkFSwjDa=XJe^!jcA%=%#R znD^@v>!%{5!xlovsR8A&UcX#?Hru66XK(w`h=V~I z7Njf_VtckO*eZ8bl3?_y^1ao1tt@a-Zkeusl(oA$!5|m1+_E*!vp&0Svo6seSsVbn zz89zx3q`F|rW(Ta0gJ!>QxFiGKK^+QwbGI)hI&(g9pxWZ#z9Nm@lC+1$Y~vX-w|OF zIFRB_K-snXYF}MWYsLK_v03Pa`sU+2Hd7FYyJ6A2GI7uQPP&AWsT85|2DYyrosEb& zO?D-93+oxH=3wqwpff76ZTcbC{`?nx3_2yj_Samz0Drwk#ZA|LY zA#YLrntP1JMZo=qh|)DKV0dPJ_4uKfZ^$q`);^5F6zlY@~{ae>J`?Jk@PF-(XRy}i`;&aWSQ;wKq{b&$2870_H`@JP!)mSSU zf|#%=TgJuHRX(NL%i1?cU60F|eRScF9ZpFU{mSA{nv?SSfIJlBm#kX$%!HH5UG7By7ceIDuY2sQ7r0zBip8f1oPz-HGq9N~iXcV6a@g@kZQ&2))oy2op zM78;}!&72$0?W2GO8-Ksp!HVsu6@*&XnI|FK&`vMOFY9-(Y&X;f75E(LNhPA64sNEVenn@ufj=5o2&%8{-%s=8&WjE43|L9c5<>y=XswCJBqxgst zrLSMWoD%(`NB>8Bw0JiCcs&O}66Ol-r47qV*Ob?uY}jVyrHiP1*SR(7)hJI?C@n5_Fvzkb%I|6`;g83tB72%xHuOcMH!*xAcO5a8>c~_F6M@G-m`%Ut$t;~)7 z*QRY-6@qCIG}F9Twac!16e?d&4!r)(&$<>rq%&S(WD_v!h9xKCK@AO`FY})(4*pGg zl|wE_bR*BWgn1N%iZ7KV8zh8~WCnbh18VZOtNI=zNhE99x}aGkK*QUEv%5+% z?MOSZivv>_-vLRx&LkMUxmqeO)f0*>IYcV@=a{#o`j?VDQGk}MPmW8gBs(2k$Ffz=@^u42ub$jmw0W2 z7jmaV`;n1xCIXRWy?CNl{nrg-ZcYVeSAz=Z?%Z5OL(l3U2oKkNZNa%sHIHsD^oV?WlM1dd5YU;O79~ zgho)6s1U~tc>(Qv-IM$`L>Leb7+qCAIt+}UL3k&8d%Mz_hYpcryBr7_uCSk0I&8&e zQ`pfPX(;^~J>DDmYS!vk8m_Lco)3yVeHXOm81l7i+p4OraEt#7! zys3zWao(6{eqrrI>PuQ-z?Pc;>a-*LuPRGlOogfL4`OEDGFvOGB}Sk9kqm?R_Am3ik?W91Z2m~_ zLha8sQLJ~z-Ff!^QfYtFav6UKmF=l*X>y??R7D@G52j0jhc-uW z_n96*{K@(?Ho0&tH~@C2{`Z8_SBKI5B@@C+2H}4>FaP0cR0H?2@k{s4_W168*F(aD zQJkG-5P9PE!{oefL=#vXt}1(Y>=OR8@pvAd+C%qO-n%_>AjrjFCZ3zk8Ki^Hyp2|> z9gIi>T(H%j+K@V4DsPgfz$lFq%d;KX;++Q9)P6iq;Yd6zZHnYW218V?w~{)1H@v*A zCo@1EPyR&U`$Ad0YlLf3!P0=@w!(ZTJ;8HgquBS;Vr$%bSq1=6DcLwJdd^Y{UA-;&w6M$WIy)ugW|~pZ(l@W zle)I900C8rnVA&>kX7HK8t=1Sw7L81QCZ@VsbZNet?v7`{GP{Aal|}Sl$2tmZsz7C z<1V>EegyRN^s*`{gRw-MZ1%s|0|1P{=< zAiy#@CMKhi7kmc`6;IjXekntirIsV9VPNapK|65yNwboDYt)j?xkuM-ji zR>N3U@Gauh)YQ8xe|br0!ryrsm#j*6BowMfa>TikCeLqX*uQ-|b{JZ8Q8OwENgz-h zcHI?2tZCNm@qqSR@64F{H5i;?*RWmd)?FMlfGK%SX)Zto`?Fb>+9xy{!1&ZswDW0! zj;5YtCP$)!@T0oJFOQKE#=dIcnVu6h&%;^zhnw!_pAUDJb6d!PmpSVd#*%B@=L5vN zp2wNslC+0g=LG{V_(>>^@)FLF9ki?KDnrEDY5~Oj3<-LMt>0cRJGrcSEc~OuE~oF% zWF{+u7vp%=Dw?gx9v&YZ5Q#21;KW~B0jKWAW`6KmmtU2!(_lO)ukTd_IAZR6YcL7U zc|j!8`9<*p;OW`?eqwmIH;GziwpB>$R}1$LAJHBiEah<|fu}*m%oont1+X!S><&?r zE9X|+x)c`_Ai$Zl)V1Jy+cZzf*|WdoST20LE7^nbt4Nr!;fm-Fp=q?Aw0mb0sa?Ff zOcNg}*h+!~nsR-jvVP-}E;aqAb2?BHR%)hOhO8Ddn+7dc`QI0S$!rCZaUMM(s<{h> zdM&Q~?aXw}xBEm~r>1YnL}FMq-xZ}0)YCrtAUxggTV&puivWt|$~-VTVT*xHif%Mn z5Z3MoHH)!)pIxH2ygvs9{uD-%iEC;Sz~fwj9E3vka^=>YbUlq-LwT(aDtWPRM5HP? zF@>&13QV+ZHELQB0k5TWHF--TxK?Z7*b~T>)}T!{E5qkv zn2tU0!Q10l&6IkOrne8?ZxJGTqmbWqMUQN}YC5NE0nMn_=^81Vr>ZHIL0y~c)*V&=ha8p+{fML+sRw^;?A6dY`#5>UlJ10uNR)r4U4LM^%;xi|#VS|M z*D5u@YbC0kL~MpR9+d%+Mjm#{N=lGLo*x<+YLb9X@ZeBmW(TmQ(9}Gh!&9}xKs`5C z!k=%xX7ReTbe^t+cS9gO3eE(fGP0|2s!jpMw zVSyA4bAsaOQD{k6x$3|{ucarnaFw05Aw$WdcUK(f3t8_b&oJ=JQnHD)UZ^GYz1lAX zuD*TCS3B|%a8eSGkV+v(VV3GXbWNju2PcF8sQCCAWFD#3E3FY&`RSez9Qv+^LP)HaCEG-%>bm0{AvLcl`7+1 z$ycU;=9W6VSRGq8QPWN&XL-iv;j@OqA zQ@jXE)t04?NQJXHZDypKDwFP}$%ZJzLfsW9An7I45x2MAfSQwdfs>D{Q%SZ~97ghf zWh(jcR`~&%9=a5eIFh7a(y2AmfW1&@#u+J>EyTo^1%EM!w3N598}`n=2SP{?Q}Z_+~3XWZ>&tM(riZS@gft zS%k@ZNK({J%R8+a>W)R(n~bbvm{+4w;MTg2#cf|_jclYoJ-U7rL{#8=)=}gna4g{d zzOJ(yEyZvJ2qaIoD*;I?vB=>#O)IQITGnfQ2U9%Nq|0&C(oUL}9sgy~_<0hi3%%BS zWT1j{r8L*y7=C+UQ+931MQ3F3wI+K?&obk zA}`)__GyV5C;|7$gLkWCcx z6C&!IWAW{(?&qr*f)&t>bu>FQW8Nu^#OaBHs`~>|;8>;42Y~Nbidq$IRs3)FQkG?A zK~Dm;m@1E|-J7>`fDRgpBx7l^9$O8elxez3#1Ahbkf{KG7b$oo7`!FO4 zd4kTmOL#=)%hRx&)=WikYO)+LwT&0;L^Q`u7#%EKR1UE@9P=H}_%m>es8r3>aJpGe ze!3)5#0@HXz+oVtXAZu*lf6Ek$cU=oV9sCIhhGIz`f9$rouN}aYGFl#Pn%T&40Pyz z^Nmk0q7KX&vU6qw@HiRFHGQxee&PQxj_Yo}faju`QK*7r2N0sK)cL;qQC|7m;QT7B zcH7Bc%T{K3b?G4!dHwbvpne|t&}~M)iUPw@eZ!Qryb;mmfW86l)djZgK{}ry#7~AA+;w_ zh!Fq46?c++tG7VBkBhqk`6q+84o|H|oi0aBhPtSFq{@v{w93<{2gM1(Y6k8KHj{As z6QLsVr~!~mQ6szSPU?{fp|5=U@FJ>HK9O?t32u*p4ByI{L!Xgbo(%w157yL=`lCXL=ajh`tD z!KjPrBso{RbYdxj0`g@T2No*76cEXLl+!dkQbb1y;cj}h?{dmC`+;|F+GQFny7~sX zU{v)e=j0bZJ>u`!;D8}*K_o|haKB0tCMP$4vmTVdV$fdE)7;>fUNwrV+7Hh@m=W}uV4G%_SbQS_*>$1wuuc4LsbKE+Dw;Vwx1iext8h<2oAYLGx*geAMcgrII7WV zO&90h@u^FD2vNRBY|GBms7t}7HgAVVjUSd%o5fuN@dV|1sP*~QM=}?Z{xdC(k&TI@-m_BWS& zXa5-|QUW9GRe~{hDs-B8An`H~((H&CD4)p!dY1b&$e_Qes3?7XWMDOG7u4P&)(>bVUw;H7k0aO%Gm$zBss17S8=WQjQT zTLw&r!>_+FU$(HuT;2Q)N+mVO-&@rAdabSiUd3rCT#;`ElkKUPj1!=Vtprn1tShu|}LzCi6av3pddUL%k zCzrrF)QGgl%AxCgWSymdrDN&Ok9KPB$K|d26?N_B{D9l#`SeVZqsZs+Gck>c8Epo+h8gtgQOdmocuZw|hqpNXzi`YqyFB4aa1#Y-Y{!KU-v^Mxm&m{K&s3N6V%0|5loBfA`E|4!dypZ6)V6;pbF zqI_Y`WB^vW@9c)tdGp62Q|RUGX{Uj9a$Wi0nt^wqA-ghG#$90M%@?#^58i~F1X^mR zNfk*P;Qiz72j1CLW98FqXAtS%g<-wl>#tIDKl5>!my4*2|4;g_<~gWxwLow+fdlTR z&KlvL&IIWkPWtQRSmgdK-Bh={P2@&(3nA$RCuj3?fQ*}plT5PRP%={f!U<-fbI~9Q z#`XP(qStoZh}2Fe@kw2RQ(!%wl?PETMbas?mxEuLA(LPU1<;iAGH7Af>+G}LH|-$A zHqvF23+gTq#J8`*h+MH1Osni9XrpC1|5D}Q{N>6@9sbhIMemP}r9zoudV2x$Z+fj4 z=)!{Q*y{Pmkx#22$jx;8=@fRW?I}CcGL-^JPcn|Y^L@Lc_aQg)E0Ej%^U+%7${q=U zzk||3pAzkFESwdXUDjzdnU+EPFfQcv?wCko?HVIc1EZbp(C zE3EkI!C)jbY$*Hh^@OpTk3he;56e2f5MKgK%h-dYaaiHmsX-FAV5Z?JFpQR$D!>F(@n`$%gh}^xgLU3opd5MLgDz}O#9eb-f>mTJ zdj;bu{HOO*8U#JR{Y8+USDlg{V^LYpZ9@v{5BS~aB`m97xvHU$?%2Q3U?9%v1>r49 z{c&x=(X53%kFB0yi2&@hRU?+&HR*SQkp1Y(SIN`UccCCNV04D*1DpGo@~7HD(m@`K zJMV5QuZIpT+!I&@tzk5|F){kETP{KFfci}2M)S!9R)zk9iIL31DcDVy;&X^z9$Cnw z;ruTGGDW9Qt*6qOx;k40{!reiRmy;~h2@gW!KbddT`!&u8~6TloV$H>MfrH+ODh=r zR)^ayWVVFx8gJL`yOn%b>>J@(r0(m}Snisp=tIHJf&SPDH=@E% z+%Ou%xwgE%Y@VRrbzQIC@`S6|clE`rL38*So6VR6HadnL^(%MkA6GmO$U6-ZvInqj)c5=5INlOCkY;U-Mq;X|G< z4)s9+xCE^lzO#6bPPPfX9Wm#=hZy!J$H7UulNwepJt?2=^!?kkf=;K1LQl`7KaPNS zhfc)Wtr+A}J?#aSMkc5TUS&@t?ijB_nE}sKn94H*qMhH2ATqH z{c`*7A>~aJa!c9=5{%53e^|t3Z0w&-r5`o}y41fCH~{>r{G1%4XO@*sS`?{msWR_s zgOb;hPm+5RDTWAvriRM%TOQO!17#m>xZAzq+gC;sPa>ueSe@^7EY}A*u`82^gp9{v!fn8Yw4qI^ zTGN+uf@1S0d$G;lEe6qpnYy>m1%%}OJ_s;)qW4~j!sar}T;SI2Vur`07pJR!4IQh}vu+z124Y*vEXTKdC@ zxq?1;tL+{$85C3vw({_$ECgT5aNo3|c8IlM*T|yEl*z1GLUL9cum?98b-jq?*JRCr zr7{^PfL1OZHOtDfn*|OV0c^7ijitk)-gB-MA8LgH=J4VEW)zaluL8fl`Btc|QvlG6 zJSYI2PJW`lE<*q@a#3(IEsDjY8n^)BN-La7pV>BoYf^F*pkO zKgdQDLXI)Y3QL4T6pn`qQ+@COx9nLkGbkO&(2nP@|pFPmc&V?25$WR7c;t6HFW`9p^7F-ok5*_ z1Z2$zU^MhJ-j0gDJuX{^Y0|zkqH105sS7w?V-?z*swHUkJ(81=xmDhJY}n9jR1ql~ zcQpN`T~R|L&R5#9`|%85$z2zTu}EH2fkL&2+WqE(?qkz7giOc}fO0%kY-e-xH5U+V z@cg&?lYpaAvl2l*@`LU6n*a~B&hz%m{phyPkE}UA10Hf~}D;9l&FX?3|S%m9{MEUb^GnQ+|LEtYc07hdq` z)8kUTk6$`tsYbnTuCGS-2x-K03ld&m3~Ne%Umqr~_O_eR)=? zwscuQ;QG8p3eem9t#LFtiwy+4%p7hkCZC$}0JM^gon5O#Pbcy6Ot$}QP6|RQ{dZmC z@94*ebz3~&Q|8F>yiV%=&h^pQ3??m%CbsIIewTH(9Vd~6dxUy*jZHLMfs!3$$6S!=u1XMR!W%H*gV?{CR5r4nIKhH`i6&f za&!cccIv9C@_Ks7y|{7Y{Bn*rfPDp?mVNuqy+j*4ug!^E@EEc(k+6WP9SCu#eVxK% z@-ttVs5X;&JnSLWC$AmTXG=Z8G5tmSnuJusYFYK0%HXnnj_E{4iWr}&vWki~XXi*g zSy@?f3GYw6->5=x?T}h-%Pld7$u0))SvoOyh$H-%b=Wco$)2(tnyCrcWkw`=jQczg zTlenW!>F}X#^F99Y2Y@f!tG1u*4bfpGch!bO5%iL=%75ngi;A%6@Ap>4X6rDtUg>_ zU5&0P;H1!e>&qjM(>`=ih+tz7!h50 zVOj_a!}Rmy9YD_qguoQx0FZsd9k{7aK|0SgDM=_K{e5Vt`Ik`q^%itum&m;y@;+f| zD|+VQ1j06SEv~EUWtBfZ9^f7+1+TeoF&{X#2U_rfXO$>tUHiB>P&@~g1`I(3uZ`jw zF`uDBia1Xv3ulU!rZQAr?MXy>#7Nw`>k2{@Roa)*A(TB5lR4B50LfQ+bS4nY#IVL} z$2_hs@*vX~x&h=+=xz8mQHqE*dkTI3T;lTz*q!rO=4TqgnPUF59}Syw9W$bgPM-No zI?p-&e$3ac^CQLH*JdEuF6|E~CMug@7ZaDtS4eR0@c6TVV}M1i?WAlX z-T~0DFd^n1^K@0B&_ojTG_c}T70>AA5}7+gnhjHk1H$UPzqKJwVx>jbtHEr^^^^+? zxIzw$LE;be_v?1SbVfxhni!e!wS$@Me&)*G_s1krqbyIC$(QwM60{$bup}oWt*+8 zCEj!Cx>;*P90TQ04x=xOlDx+~Esz}?0DT@{_Z)>$Q4$inn1`tNgUFFey8|lhpgX<* z5ne*rny3wfF@h*gfJI9Sm&-k6D=6tBCMZ(GSvapK9YU zPZ#q7GX#3Xho6b=O-E~3$du8R|lIndtrIpK_z?7{%Y=~Rz z1nFRH(8A1`TQf%UC*M07j(Z=S`fT909P|Wmqw;vs6hrMah0-%!)_7Dp zzZMPUeGkW_yqBCD!td{M?C@GC!8nvhw?O&q1wW8))rUxag0KL46ETyuvwjeTObKnfU=_k9EapjoL5eren*bJinRRj_IR^IvywSY zd(B@h0GeWRTa>c|@d1Lv&CZN)Dk&`$TZO^VWY5{R5H*!=P8eaI(XA2G`TlPy7z!ki zJt-Y*xu|zCVrmE^@mgkX)vXU4Lps@({RL;BYSl~S~Q znl3-e2iXa1EZ1m|YTX;UcRiv58P7G3&RKa@4p?C_%Lky2q{Aqi6?;Ro{-f7XOB8VJ zUdw>7Xa6~2Zmsca(yBFEjwb9sqEq;_SIs8jsn-_)vC}1Znv(goYV`f7#6iTm$)NLm zH$^6!WRXglp>U=6O>4bSY#cpxg4teyjgZ|bZ<;xiJV(X8Y1375|HsQH9%e%1WU_f@ zra|((Yv7)uZNkJ8KfhG*X7SE6%g7|K}86C;k8ziUv*16Si^1(#LPbg4QUih ztD!+UFcoMho$ICev4EVB4zCWgS(hXV?n~l-ilsf|IX+-LSk9#J&;E~%R9(wzE30_V z{%ojhH78{i?K}_QJr>j$#xT=wtBZ15K%0Z~|(}$DO6JV0)xp zY3wRc`V^>S>M9~*@-NeQ(v;7V%qY85cU=#DJTK)?0Yi>>dTjdykf1vpY2OE>F4R6U zIm(0FIF=eVb4Ed+J3JfElAuf9H~pxqDd_{HLaIS_q)cC`&1)lYt+pIJg;R-&H6b#< zRoz6AR{$ReG=aqEl>6~4iFNPwtU`h%N<6JtR@rWb_a)fZu8relX&E^SY_)M%J0h<5 z@y@6r?2))c0Mucv4F+}b?kuNClZ5s*_Fh|M`|()Pt<)g=Rp%Gj{F!YNwp1R|Z}l!s zL3$!vQruGLWmS^UUmpU5ZBue0d9RRg@Kbz7OS-DEYKsI1I|aHHF{xwiv@$b3G;2#{VNglNDC@)G_**8_m@3&)^Mhq5lj+Ymv z|7nfoG3{F|=))=ii$(8ha2qu+{Kdrm9c}&iARUl#L|*zA{QW!mpuM?ToVKYtJo%B6 z?Qqjwr?Fs~wEzj$3S6rCtk2tbiWa78g;?gM338vikF}|lK8hn388w{;fh?YT@6PY{ z=j+ZP7ZFb3%mN(450QI`R?FVZ2OMcqJ%Zuy-}1XiUoS3BmA4h4nb-j5rCOWC-#Ad``uu9+keltCzo6i6I= z$l#dugjImuAVEesP8CxNeW5d22{B(_Q(q=ul2~@*?qUmhtt$2rVZ%m|L$k2HI;aIa z*^i|bX2~B1#!v^XtPMMKBX01q9mBX{umrr^M4jK+K6|Dn5S^ZMLqaU{sX#Ra!^?9( z76=2~p>H==8GVMK(|%UWkFK|@0^MOr^DmLIw&V+Kp)`B1^b-Ut1)(^Zah0Zt7#Zbt z8tb*Tutn;>*Z)VnB7jEt(}U=!q5lgUAw)3xL;oK_aeD`L6plqGgp8EJLMVs;k?3x= z-gB%d?iX`KVH%#bR75fVq9i5&t1-c_GBY!ulaCewA)rZ(d_=HHv*hvE2uh~L=aX|4 z#ZHY$c87cSD(!|@HmB<~1L3tmEa#tI&We9jV*UStu5>ur{=IvA99C3RB(*$L@3uN{ zPxXzKv2o0oFLE`G)1+8USxypAGmG`xc8}-sVUuzkNjdJ@x5y_)UJ4_bz#RbEwt2iWR}r@e$QLy zn-q4OD(-)uP~x1}$X6cTqB8G(erN|<{{{fN54T=z13(%jm-AGczc@ChQ|NlXkGB+V z18CL?O|jz1Md07?#fL>tCkar9Ng={tiJ+#oOeI` zs|DLq1utqpQv=W6v;M}LEm}>VMo?16Nb#Vgmodao!;-?HIL4U30>iO%kcnG+~iG|nI4TD&wDf7F@2l@(;muT zBBgs@y@eW(m3(GYi@tkJfMu(B;w_a4wWqSF1@hOJR12^5+75H|cG&Job;6MfDD2e! zz%QKs@H^qtHB~m71H^Tn)Z7m;`R(+m#2*Fr$yP5Lgt_rtro4?m^yd^f!o1iB@Z)iF z+b_R%dlnTi?377qT9|l|4m~e2w}%8C4Gv55-8(pPOc}029a>2criDO}#D4mEuKXw3o1ar`W= zNHKu2a8?MnZAx(NWp3)ZU3MGtQ=!|;D{e`~vc86gBgqD-rCXI8ic=nGp&x>tt(gW$ zz_P;+4%rL^==gop0i(|sG`#9{g=m6C8$fHzQY@v&;h&0({4l>Hak!-99JwhLZuru| zRY4WrM1H*eJ9<$1#`qz4+m_-H^=5cU7(6 zB`kNhu`=~MHzAfsvC~Z!PyIyRPmkdN0buF3Wnt`6Q#@z*Z1ctMDJc(-Iod<9Hg)+$ zAGg>3J4LD(7hZ{!i@vFTMDQ~K;!j{|*+Hv`y9ALDX~>WdZ~?8FwN!VTpa_L6EFd{@nYn6^tjLP40orC*%zr~#}Y3 z$^FmD;^FUgr$oUA~F9ku8RRyLOLwT3p)sGL=B=VGu#t8z%NGl=Ap5=}d8k;i;3RHa(sHml) z+FKi2QMZ07xv+r89?D)i2yhNvRg#AqSTm>&G*=xsGe~kt7dj}Dg`_H5wUJ#aDKjxJ z6EBz+aCtC>$MA|N-x(YPx1~=#N0k-fW{y$0Pemu~KA+NOY<=*;)$SW(^lT7r zW2K@f^?xkY*%C^IgA?*{60s`6=3)utRB;jG;R|}DEyTZbk(m;9s}(o%&d6acp{ww^ z?=X?q@K&bjK08|-w|bR<5`ml24EZCjfe@dKWr+~}gTCbmnv!<1N5g}01ZxWd9JmaS zZ~bfR-Mzfp%l$WpGmqsZ@?FT zT%EBsvux+Xsu(WL4Us9*@D-sKi$k_JtUl!^TnIq5c-c8C?`|4fDm5_q8}j*yLz=V6 z`zy*GCPZ2(lDs0o+O4WO?%^=01n2bNa&*@_HuMS$ zLpL%4BK^ku^pWgR^qTP2U_?Z}-bcgtJ_jo$+doQPLZakWS792k+_Ou<3yQoaoZ>Lo;^ip5$Ygr+m3%Bpfya z<2T|;rgs07CCX47Ew#bb>{iomIRA<#0-R_~&qGg=cI~2H1=DP=QWH^^B^&@#f#$lwVQLwbc+}+NBnA~a^@6UWr1Zl3`fSxvB|YGzd9LLCnd*x}K%J}p5X>`d znJqh(;1OB8XDbM}&3aJVoiq=@J4i%MFtlD>F6vk1yP_OYh41wD47w-GjUMT|;;8I4 z6(UHck|&m$BHH$SCg4z_;n83Lks;r;D|BowmS0QtH3ICHW1Vj=m~6e9Jh|RuvNX>= zOkImaLDUA4|1zcD-uEjdv~)_YlP}!rmT3Jw_MJn*iN}ybaUh=Jvt&RaCX!{Nim#6( z^e2AMt^np9sj40F&I)!lSD8{oSMpk|Wx3m~mfqFkM*+JPHABF+h?IjnrnHDCMb2b()=vGarc!X1n`wkK<&HZ7FD@+ z8Qi+`_zCuEM1ompUY>+yYjT7_D7|H()}zHoUR&Ae*H-tqNF6dLZgRCgzjADRKiOTq z#JHGMg69wFY4R32jme2h+twkL1dL@WVSdgpbPI;`^QojGQ5)n@g9BckO|!+AHV3FWWUDb^)2JP#w?Y7YkL>Ak-DskL%GsAK;-FJTOc zf46YEJB>EFWci@>svjCMC=kSx@>A=8fmsFVlXOgYGUFD%u2^c(71yv3M&%5cr5FSR zsx<-`DjaU#zU_THX*230#QI~oWn*7LQbJ-kT>A2M{aipZP^8Znqr#=H)-*9w^@)NM zOUj}P#rCsJ9+(prMtfXJ#d%P>`A385d*Ys(&LY6j=8yCcX+^st_(Y!Y2hHvtKav{( zzv;i^r_fr?lDADenylOnc+2H?2dP`~emvB>EK2~FVlY-FaP9?YDNg23aGD|F6RFRN z4U_01MFd5THDiki@j~0w^__f#C?7tB8&j{Uz27!eX}i}saR5KOqW-yG7i+G$F{Sp6 zt^xV{`}r;s;$%sD`Ih{I-0ib%Ja3jeq7~;%ZmtN=>{&ct!8>ikV1!7UXOmhgKQoD< zo7}?AZ#r4GsK;r^k*6+6iPjzug))VZDme&=U?*Mn#I3$-%k&y??Cuw%7)@Ft+i5ig9A~>js=N!QdyDq|_)iNSSZs9u*iSBRs4Jvt#K3FSTIsL@Voo%*d7&f@YtR*EwHaRhnnRwZBnNb{g zl=P3n&0@o8eIc<_%$n8!eoIO8e9QVLebRcta5&%w)Cq)3YCjl#nzN@+D@*&13f-Fc zveVX|M92u4fHbpT&V5%-E@+E*AO(`K!$b0C2-w8gchPrgQ}j@)Sf2pbzEr-K!D7<* z2+)(`zxnYP5>EWgq2Xa-3W`XF^2U32@7_Hf47|=)sRH4l2#YQ4yW;8M0j>knzm3H< zgN4svX5b{`FAp!Tt_GJy-Ons*>=fVM?zF;NQ!H$U3m^WY%NNf975V6ajb#q_cQKfC zFqarvnQVuQ-2Ryx;@fWCfuoiwLJT){c`v3UdT-M7#S4TlFD#+SYo{FC4kSFRzx;4< zveRV|FIlL= zg6Idy%v&RBrX!~w4Tu3Bcd%+G0!q#g%9bM>v(%N*t2rq zMwRWXt`@~L3UM zR4hCmBr)Xe=5Q;3q?%}b`+U3Y!YOGjsoxd?iFn{D{CeU8@7*N!)lpDwopb|#JqR7@*%xMfT{wdfyL@$_1Uag1Ba6-2Dt z6SRvmTVuXe4L3Bzln0eraPb1>gOoX9X1ukz_Vx!-%c;E0n_%O>t0VpPfL1XtU~B;k z=F4sbgFVIDpr9bklmYNmu%5ik`pi`TGC5?%uyirY<|J%m$&YlNait-p0rerRIFsb0 z4_Y{i&^L?qFPKc0)B9ZGx`mK&Dj*1|CdD86i6y9^dQP{rx!jl)%DX7m;|n&Wuo>@3 z5=^!N?ItXujtZ_2iIh;vDPZ7B-(H3VT%qBGy-;=+m@LYgiWfP)IC_PV^&RW7!-Y%{G2g!f2<6J0Rl93-j1?UH+XR%4NeX zu1Af)P5^fI1Q2r+g0=S-5xCkb>-IyHp^4?Gs+2roxXRkT%v}t(vk0|cF*D;M?UK&4 z*FhIT5W7TNul@Cy%u?NWMw3pSUOrbrYq9#jzOAT2GS1Qnqnvets<_&TRH~6H@_A+I6E#iZb z%CM!;3Q`$AxWL{DD>;BMGEScYh}@`+%+w6@S(h@ckAg?{QkmgPkFk%NVz2_t258!g zId-{Kl)FGdBW_&k7V-o*y3+K3Zx+SzJ}Kc?6|7r`0SeLU%212}rXnHoo^~fpjxit<3oIBteA_??g9p8p1aRUQLTET{tt>_YDjqvBqWcU1trfQG zV#qq~ZstSrWY2-|n1&hbA^vp)goD}=oVAVxU&^ro44^c(tRduGaOcpZCCuKP7T zz>nw{J~_TfJk}YSL~JS#X%8s+wg6iWO;To0rRuYavNEpP7F>g&wJ=?aM2qD927o>P zATwlgZ_Rx^nzzlF{WQU`yAJ*QdC!b$6Lj$Xknl$g?eG4jh9zIBaZ?o+kQ;ASI>Z^Y z$}+BA$J?hOBn&lz?qGt&0e)r6vRRw^m#qNn?I@S>DjGXC3p(S8((NW-eZXi8$;Y9| zNqfDz9$A)i<><;X&Y(8x3@+9zd&pWGI#<$WytS$84GXhXoESRc#w(3ABxV}rVF_d+ z(Q?-Ys$9cKv{0ZlvK|FdhxnHWv!sHpSj%n7C`-J8C1c7G)e5sA0e~7rFI)g+2CNf4 zpe*K#(7tCu!S2{_bA170ee}g!zuf(SIiDtq1h40X$`Lb@fB!H@26Y7u)187tI&}iF zQtn-AV;F9~>rW9(cIq!!8a~{wXl%jK8X7_y(w^Soz%6Mh-alMr6vTJU; z);tW!Y=5m}^O)$7UpO zY@wejszjp`A;(OzA-G#Zd!hNC$NaL98bD>1oC3(Jc!#(f5-+>?A!`Nb5X2BjR9Q40 z*v0(nfC8=Yx=QlQPxUiTtr5EVNn;!`VC71*d3zwP9rG69$FgKNQE!2qS1Yg9l~1JO z+ALk`JxaN_h20g#XheyBeYdy&o$y4IiP@Tj4Z`a{GV!xOK3Jx)d?lNgCgB1Fh+bY3 zYb}2Hk8myzHL)lJQpTMKH)uvd&2%F=aWE!6ja@1kp_{|Dfw-qg^0E(am=1SZ#a9@F`-O?c=^kwsXsU|a_St5(U+84 zwsyO-09;qzx`TU`JVd;Z%BevXz(!LINR=7sMJQ4c5ivj#ll2efP`DW59mWJ?1+VU# zvJUv^7kg#LBQ}ESnp`udkf~L7v3GE zX7qWc>WV`&>=Bt6x5t}W{v)HSv;5axjoI1R^VBWxMV+W2k12j%pS7Kbrg+(P)P1av ze$7Q|FY#nX{e0Qx?DiiiTlz5cU}=mGjTvF11IG{t=XXO%RqiK^d*i(ml<5ba8>If+D6_#_nPWBsn;)G<h};qmvsH$u`#qZrz%K3?Pbf^Hj}w{bjW*hqqGfPsEU zXDXx*2L4v7Mb%hjKegR-AVH2zm}cY&9T4Z!MT>bkiVu|2Vn@cr5Fl27JDc>H#bIOXm!5@&Cm4YpwRd z#NvF4FYRM$8@Lo;>?Jd<6l zH7~ntQAxPcj;MP`fBuz*t=}ZLxLSbtDo@G?j=7t~@VxMgzbnUsr6~#R;Iw>3{=kg3 zcb?k``F~!B$gXUxUjM`HT?DZ+-hIvC({^|Lo4L4umq(jEHam_HFedI2C=0uQWW(}y z2N{4w5_TlXyGgrE_)zxLLMx()mGHLIxt|N$LsXOE*Nr}jZ}FwJ)k#;qcrlR3Z&RE4 z+_wJ-j#=Yi@C!WI?`NlE*DIzT`X3Jj$dB7G}*i*9uK% zVb+kf+dDtgf96klXQ$aO!9ZA^2#Jo>K^$v`QRI(?5;V9PuctGPL#JKzBuoNEAaB1>{R&89`R1{KuKjn6kj7-<( z5@mA?+6)tAsAHCf6@T1XYJC#Pz?%Z(q}8&qbB2s;b3yQjSI3^yojx2hjY}yWqN@(} zyLiei^Agr7;_c(W;D|?3O@r2SQcRLR>3Er1N&iH=SLH>+E0)V4d1684EEfp_i8`bhZR zsl$dPy<2s&eY=)aw*>DrMJvH?^TQuXMvRhM1-tGq}4xrB(`1kDm#M5+;vVF<3=nw}=r5!Ki)x*Vca(*bts^CS{$goX}Q_Th}MBMx$tK@V`5NXT1 ztMNGpj5xqZgIVu)Oiz<7xTz4gxpG^_m6VNi(cB(P9p6*>nNP8smHe{W#K;scfQ$I$ zB#Q5wI3)!K52nYH=jm>dE?VkEC^~{+_hF0zCULoi>^9ectWXo?r)^O0roMN(Bx&1i zD4Eu)C+{Y#L?Psvk*PA=zx}@^=u^k_m!%b&9xu%dCy3sKr2nLwy}bZ%%;9L8qe-!x zx5$KMFm-|3mxa=T_?=VG(->8G%wd0#3mw^;=hC#v2(rOwV_n^ zT2dJKFaZ>+*osF<=MTsv{$yuvZsF(OX6Ap&ojg^;e0CS4Qy0w4eSEa z0;*mC;S2xjBu!d>m1Z|o(|gAw~WD(O%GVhDIhRk2|N z#ciM9|Ff&={~B}qKl5cV%5(lFG&3_ZBfCJWymcMyhFpoYAYfnr4{~bl6@bpZpDel_ zeFGGxyYn5Glh%N%^93N4>I-l%h5(4|hU%1<$NE!k9UT_{$xE&{0QyzY8r8k-$avFM zQuvTg%DDA8YU?9lvH{X;6#xs#h-;PEWFU|~Bt{DqeXp>=F1FafG@*D zz1pUXjG8*;doDDUq5$k_#}5FR>7KYuO3FI?(_?byE6R>sznO%Y#At?ADvB zoxoGz2Om4>0QkB#^ZP3;W;pQCh2rR>55z+&ciOEC969jAqUD z{$edz4JfY4Oq%s#iKv7L2PF;&%K`l2@b9lXFJHd&-fmnSkzj8;Un|NP0fbvxZk^bt zB}RCv19@_Ki`W1lO@FC7!NS11)a>F&aN+ZM!gjjaIx7>LQa22N}l+h zY=3Mo{R!}pLYhmfs}{?>Nm#ei&U;)v)}#~nuY^-n&f3=gDBhgdpWU< zgN2+}vV>31&oO&|ox6A(5N(wLisb{EkE;<}Ucj_Wg7>`LtnAW#$DF0may;eG-P7}O z8hZhFf=wBWea9&q1qi_Gt3iN9#X(07Wc)ClP+Le->^+}K71}YWB}c-i>cK2}IHJE_ z?YK-?K>__Q9S9F-pQl1sYV6|T;sZtL{&w^7^0I5i5K@c0s4YT%SOXx67mistI5;B` zC2g#uH(00Qzl)4kKA-vLcl-9j>FRm)kZk!7#5 zRRPdAm=UN-KJK&_uwDF{MNiS+l$&T$hM3lbG%?*+vgaGtkJLohzER%%$+Cx}wv3B) z(1AqTN>j}Jai{OiX_xd!i1Tts{g8NeWwt?%l)o-~RSvTbJz1oB?xY(uhPAh4->n5i z!X6TUK;lIoc8{}hvU+`_s-QkHRG_-Byj;*U=J_6%ii8}(t}cHD^l|M~jW+dOxGQn7 zS#56&>Ctd?1s4K5(G<1lK9(7*w*Db^alCcJ{uuz7`7AnP_QNOBq4SFi3%OHDP$FOK zg7NuT8+a3N^w|U$Ua)Hn;C8^aojzj64&M{(Zbyl~_IIJ*eOU{ySd)E83}pwzKqEvrms4eMJ@G1;Up^jcN+lOoC2%V1&B}l0B8t- zeZUJ4$77Tw@w>^f)m$auGfn?gsQ*WIZizx2h*9K_L1KKg^G2&}H2ncnDRE;IHc?SM z(|wb^bpe_IdW($;#F{aLc!Kh43jWcK^ew|nOU8mpC5}C9BM}D^X z+=^U!H-^3efw@?mzzHvq^^V=J9RIiRhfe=-;f)#~Ww@w? z;!zf>yKTgOP)70;^T3-#@9OMekp{=KAlcMI!#a~lb#`pO+wPZbQ^GSprJYGg^i1>% zb=aoy*D83Qgq&rl9*L%pR@ba8Kqf8x9dvh8E9_~sGNYdki@w)Tm7g{6pS@eQHh-L_ zW%sFk_`4@n?yxrEy2;b@iB64V29SmQ1&G)-oAivT;=k#6vEk>zh2JfP9>k`sGFE;4 zyvA6dp7XvoXs^4QTV`N}Z%Lg%t~+)ig7eYW%cS>g-Pw`Ell*vTS-J1!nj8;^x9OsT z_jdsVqN=i!aQ6;YZhOnbdXoa4Ym|w^B@gb&8 z&6MTU{lZs6SB89fgC6~pVm=TbFnMK02qG00@ukcgw~SEvr~B|;^M`?<IQX|uDPwiT!OTpop?+yMl^BTv|EIPkz+Glz~gLXwZ=0z9d0l@*1*hiRFcJWCj z`d`T>WHeN2Dt`vd;lAvEbGswo{iU8NfZHw^2ZXl8E*1#86)URn;Hss!FGwYxD+lsE z=u4Ie0>@;)>*RA7JzJg`hb`<`IUJpc5-|1#=Rij5UN9UOIJUk;9@(W?3HZMtP0}l# zr2w1lvVVP|TGML#RuiA|PF}Azk>M))HghV%RUG9Aam zglKl<3V&QQsih$5`;C5$Wt2J=`B7|LWy)l1MSZC$2A}qi)P0!DGA1qbKeVwfG0F-B znj-0=@31HP;@y^k@7uKDp5VgkyTn(XR9K@L@g0qKhBIQXfyB#=>%4w5;o6zxoKtpY8 z0>5{RVz98NO}#p2p4dFdL`AiRi7+@v-O{S!@%!f5UAyy$sKu0*^B`_@frKKBj(@@q z!QS9+_s_phe!3beBTvcZq^_gSp_cPi3C~``pC^6T-R0zG93RnLnCGAQhdWX--7~e1 z1{laHzaD*;_}}JV=dAxLb8p=#^0ko#WVwa|QcquowARRc#(e5dw4md|?U1tT?ymds z-KL#3u5u7ofeKsSr=z^f)u-UZ$?NR{BP99eLvi1T)fkd8dyPk#9UDXENLS}jP59rT z*S2B-yrQSoQ=SD+-+173&I%J4_{ueTjRqI9T0FLf${ky82x8|AW3|!~5tD$kW$&}) zl)i8PKTXm^jjM(WS;RL+LWaO6$(OIutt4?jSz*f(CiIM^v7eEwO#BXtv{6x9-B)~% zerb}@i-3wHii-(My%a18FStS#fh%1=LfsA^OnMT6c&U?MTJ+na8Od`yB9k_#HeQi& zTi%i4Y9jA-@~`Bk|0Uyki<;}-UGMtI69jjGxBQ*QpBNrh4s)y&*}(sJe=}YJ=PXm0b7nLj;JQ{QbBEq*wR(@p~vT%JtJIjogM0eP7K! zgX93}p5Yp+mabRUPLKbrq+<>uXJ118E7#h7b)G5;{hI+|^fdYwyURYIQp@j4Z&kKr z%O48PG_1V9xk@ag?le@JEoHhB6GxAcSIM)aui_XDW+RH>HVu}`puJxrs^8>Zf{B`J zs%^aZ-upk&(PH}|zi9Ud{^1PmjQh5nzh0;Q(yH#pwgVX|6ybZNS97w$ix14BFeM$> z4&YwkB8mc1kghH^RJ8y?zE?jc3ruIQJc?JuxSb@^?*~eieUcEJ+|s1WItOH0{G0EvxYMHAMnplA|s9mQ0b2;j3hp6t>wK=^d%EJ*&ita02d*t{|apE1&G!8?d>=~BebrA z83SaCYdcf~$EZrzOH=d`9#<^JNyyzPO?#H13}&(2MTX|iXx zMFO{5F!$=`dnypu6*(hfT|_`5q-vpZyv>p^ew4kNQT6f5Z&_ErI`f~QpS=z^4nV72 zkVgN}D_L|qd3`4*$kf?kp>Rypa~?!`b0iMZyt=p1-mN_C`4J{wG7IUv@5cQ41` zB7oIeRF8KmSkKXr(PGxu{qK5ioY55Q>iMw)AOQvAUK}+JZ0TEQ$qvU75q8YAHPfB6I7@-$OSO`9!gx+n~}2XtuU~b8+|M zRNY7&MV#_nlltA)MtWOX2gl2_dR^|nB|~(ZW)7PmvxxF{+wE6IS`?}9#qQQ^#(Y8b( zFRZb;XkcNr;H*KGz&9**qsX_13S3AO7Jj;>s=GAf+ck}lX}INBIu}aNaBlHr|AdZ!+E)KtGw2iD4tCmQqE8~ zjTw53Y8(0)!a`6Md=+!GX38+D7bU4Wk1<;cgn*)+RbLL)O`1Yr-lj7hAoN*`=Mfi5A}<=Jc-nHG-+&`yH=LK_3&8Z z7~QIs;rX$4zQ{9}+73Qi6q4G)2&!SsJ8krrvC&DG# zPX+Lm{O);MtPb9Po&Cn$@(uq$rWnB>&oh(VK4F>!4Qjvp2K8DfLFa;{Gcll8ikG}+rifN5` z`)9cYW_`Ba@Mq%17Ol5?(tMuQXW~kx@=KNVfCmd|!>7=)@;3vsx%pSZ`zKV8qYH@`~8YG;XK%ifTi(i-_Vt zxcFF6`^V3d2X96_*Z!~CzA7xLw(nO-1*DYjMp8k#rCS6Ha`_!!=$ZquS`7^#H zRnrDau+Pxd!mE?*&)Kw~EqgGRESu%(2aKr^8A1e;@ti2lY~$!QYxw!693y=P0JH6y z@ZeNbg^tFnZNI&RyCj1&@otdQrSIml9dso8%4io*Ie=1Nulc%GSO|uvyKe3Dv?(R` zOI4f@MR{x|TI(_;>fYR7TM=1B1KY@AhyJOW11Xu{LUg9t{>ju9)p8UKFInIovxU#p z8h9=}BOx(gQiK08IpqmrttsOz%{p68P(NGu$SK(UZ0eit*DgYi%M#FZ_bImZ>Qs*eVdtE@aVHBtY zg%Tj}Hoa#zekyDa$|NXzEmY_THmj?WufwWo`1^z;KZrM@OF($z)eaW;?PM~Q_aO?Q zE>7VI>uPuJZkIgR5*x;^a328DM`t=rc3u8sb*bTS5y_+vMf@%S&%ZmT^PH}!+TWeF zI*C3#SP1Vh@u)OF9NVRcTJA`-6!)x&1e1P|?%5nH7c``hsgUI!&hERg5x(-+?8YRe zC?epg<-ITC3|2e?PrVR7oK_Ak9ig}aY~eDbD~#>Ut?}MYdl?6R@G8$8d4V+>Q)nw_ zFdQiq&~L?{9|>D)ftyM?@c(g@tki)0xVdpoXsT=1?#0yX+%OeFZOZ?os=(eT?*&6T zHr4VYE~rOKOOJM;7u0~g3DwpUOh@7WUJ=EFV&0Ltilln!M)|pl6UN0Cb!EdW!M((G zt#C&CqvS$G6O!4p4$|3uB#Yz9sD?Edw0gV#>%z9eds&7>;SuwEGl`%-qgPyQPaU__ zEM)ss^Jm0AN%>gG$Oj-%Se4dU$p_5F2u}F(`t$z!7)bKZ-NPu9k3; z`_@g2&^buk?%_5h+4|!4N*+CN{_QHcOR#`k4^a6a!+aayf)VHa?Iu5oZdjauF1GBk zFqho3a7}SI$=DGiYy!Dez^Rij4RP}k7OkEw)^+;CZjHz~H352!!&S53aLYC76X{dInH`@xldx!`k|U4|K(G4sZyEY-K02HBsD z-OQKfsXRKEs21MPg>8`}Cr#pS7_Y648k~h4P!hF3nap5L6}s@_W2Vhw#;Y9kkwPc| zuz4G^hFy-m01C1_Q1|f+2vF_Msy9{{n zqI1Q1X?FTZE$o7hUdEF=%#8F;`zEg*=!yt*9-v3F%@6sr+-}hR11*yu$E4p_lxt#s zMsyr$PAFzn%Z9+MzJrPzf=fg33)A%rfw%^o^kVaqE8jcwHz(Gs#hQD>8)Id*=Z~3w zc|C~Fza%C^*OGrE6f54gpaGF=zRQA|{c>Fye;;mWG^Rr@@#ZT@SW@w&?#n?{q^IZl zmeR5AgY$$t8ckh75>Tz#!>x4-;-%8VBqu&AwoqCm{eH2o7*B; zezz42Uh(~0C5u^>6#p#Ci~Hvvie)6>?L-xVQA1S(BIqIxhr|yr%N2zl*F0nv4%L*zI<6q0bZs^RLIT zV?)+nWyYa7AoA8-U$>7Lnp|eM2Ta3As+!^X1ZjMrxDPnmdpcH0w~K?9r>pnA@2xK+ zXiALH0xw!TCsQ-FD*P zP#?i7mE#U7pGu=Oom}ZC5(lVCk2~Xsn>CO9GIWb3;U}G!=jL*dqxS`SEAQKSB3g@` z^Y~Uuar@E1uS%V(?S?a51WK-F@@BhvxY>Z6_O}C(r{)ynYqeiODNa8i_s(SZinPw% zvQlWUOtW$)hv1a4=f_&hBTi>($}z?n(>|& z4y5msw z_IIg6hbd5Jc3)f2-nss>Qby`&3X=KMVKMnU5>BJF?rrYGJF<9!`G3|FeoY&!?~nH& zJ#+nCZyJyF5G*l?TQMDRQ8i-gHK>r6I}S)h2w>q{=4Vlu>x0lW6oM%y%B4-r^ao;M#?V8lDk&%e;1Y$qEBfF1ZlC7Z{HNa5@Y4G^n zCqlI&3G4ir<}>ry7{>sJOTz!gC2V)|*kgk>U|#}X_(k)Krhwg@1nnx)h$=u_G*{to z!y_vc=k>ae#Q45do#1=je1eIW_~jToA{q`+ar)jc<^BS6aFHL~a6%x{bpFoBdb0|c zh<2vIB@swdz`%@Yr#jn(R`0rxe^vvJ{|yYyY+g7PLroUg@0FJH1Uy?mbbfP4d-cnR z=N2EoEL5Xn^(^tc$fZ3A+`JUWx^;jo^D-ZvG$Wm%1id-`itJ+}lY9wB|!vI!*^D<-*mD&vWL0-&J{^WNSK6)`vDac2>Ky7QO9g z5yW6l*Y9(v2z1_V(Z}CxQo!q#*Mtd(?F?C1n1aEnG*PNOqTnap6v3hlT^${H8xZ^E zQg)@85j7_bzYm&{B@fm|hHO#4N;EzV-||2Z7Wg{aq%1BCRMhQnFIVYSFj-#u8X9es zuxqJ3nwhJ<&u8uy%sqRC&=FDNB5jMR?D42~Adfjr?u3@o%>+xxg{jAT%ukntar=Zn z1NjE5Dd6`#)6<|ll!RU$jGaM?Ue2(n`gR7r9Iz+ejX~jA*;uriN#aWk)r1RR_y#a9f=vlMc80#_cgI=G@g+C4Za~q~L zuX~BWb|Kl5t@5aFo^Q+JQA-)ZD*@#mUvSFwe-u6(QfuMuy`o}z_&u4)-JtZvSWXVL zzl-&1wN$|jPA}jE21=s)Cn_$_@=^i~0C_7E*FVOH`313svqoe=SLk;$PltP-N+gjY z0VEwLk_H=>N!iRW310t|qj2b(nEBf=$2Mnh|82UgHOP6|5GFzvH7BnTXPax+Y&={j zT?HR!Dpcu}G44# zGs5dNuZlKx`P+b(Su2?bOkn@VV>De}{MdWWMzy?Hp$7+=a*IG@{cKphIbibM#;(K8 z4|p(IC(v=o)YTlWI~cxFSh^9eP2x9eKy8jxr%fkc!?yG2Ju^Vl0tWCGT{R5pmVFo}dwBj{GX5f_i-xAA zu|WUT7AXE=2&VfO^q-Hw>eg0#WF(e|K<79U`b;%2I2dxOG!X){#mc>}=}#7+_fOF1Jpi-hK~JD~xNE3%+<=jQ zV5Qnh_mfprB)u`EevlueH!;Iwo+(-8mh}y1iJSr zRsa{XLY=ERrD8D75ClaSw?qq{L6HkX-iJnM1?p<*2DacLs zCvF(7|9hjn=P$Dxu{Q;ASUmhmRkViXE86b-%>_hs?lFo3zBi?+jG*`lOv^C zqSEjQ!MVv!I!5R0MyG5l*F3qs7kTS3z$uz?Va2Cmr6GSP8cKsn7+9S%XrFkdHE04n zDJq~T5QRZ;z%}+K+QY+}T3S{xIIzxiUq+Uw3~_Y?T=Pu}`VI~YLzd!2wDVtC2A1ok z-@ox1G5shFN}jwNAk_v2tOAg;9mW(hFP>8qFT|4lW9Fj-DIh7JYKJ~G)^|hG@ihf zABhGWT8CDjHJ@=H&Hw|hkA~~%L+sg~)*~wssDwh~odKTQcLTZ{j$p=oJ(fEPtgm!* z6^z4DQ5Ibe|3%l4A>x1)mqag76j_1+{~8UZcWi!i$kRJYSX7VXt*CWik`_@Hg`=Fh z4}`W&AH;W5U0k84N#9J&vg14_C)-@VN3y^Y8}gVT$l>Jt?^GBFaE^b-2n|7Iv+|6sZP6WU1uwr10AY9s9RdwUPlp-|3nM6rHsa0Nrt? z{y{b0))^breuw4Zv|8JOuC*HBmmlBR0_?>#)}y;kH197Q9MnYfDf}kvY#^EY>)=sj zHd-*3s##+v-Q7z;?y7FG_TCjp&kcB3$)9`30suZ5n3)5Ni6RKq*t0+BU9Y65ghKS8HXZ z=0B5XO}!A=k_spQP1uRVbU4jry(D7t?Yv+21-w+lbh@Z6-H^PY>YL2Ye;)5M1S_4!{FKhRe#^LM`9bkX8&E--Y;-PEZjwqwjMrHj&OsjBF! z`Hof>8egDOg;8+FLI%~wA-DbgGsdRSdMY!=`#KqU-TCXQw%rZ)FZ3JeOWA+|KGQv8 zqvY7~uj&@{x=cQUnt;C*6S@E5-rnwHnW_3M(#vY;kdsiBi&Os|z>sHScaAncESP$j z{de&hAi>v*nhw~1!r9|tg3P?N3fLtr&7KRj-h|`woTYX=wHTdJ#AOV+wO5GU}cZ~rJ-45?2)(vvtmHI>KQ1sP>2A5fZsQEk|_$%3I67+{z z62@JABM=3n97GVe-fjG8CLhL5Q)3XQq@82xQ-;a1!+gH9(tspxg}<1Cb9fF4q!One z%s=jtv5XPv4({lE5@^~()Uk~I`(;`5e@83>H73eM-z1}bTA#Gi}PlPJf}~nat#}x zX86z4df4l@Y;yKY1D==s&~rZ^OgCB)!^NZ@%;n(4ULYB_5Ua;#%w3EcH?ui73=Z~O zXA)a_6V&25L;q2oi}W99Ri{__U^c`;NjlDDgBtK@M&LelZf$-NkDKyioE7Wq3LeBH z=XEmjr+gi&hC55K-v;1d!jU-&*E5~PZU}2J@}^np5i+Fz`>e*)G!tOvcCd3$jMXw9 zZ#v)Oe{n!RqzF-en604Emlx=iqYe7r+Ik%+3S^@btr)Hjn2Q`|8eiAT=g0^q9OTF0 zNDi=+VA4)g!Y{O_>YaApuE{-EN~LOeIj@>^NDc_e^|Td7^)>A9Jj4Ye35g)C)b_mx zNx9{Ju%`&gpD8sx+L+e+r4V0=68PB4NhghoMwcWTomB5k=`rFh=-j3qhe7rmF zAo~84ex1)z=xB2cFTAy#N>+zDGF*BsrpgLx_-KEH6Y2j{4A-}{pcwn(E6#{096a*! zUvecy#~CmUE8d-y#9PHCjSc%K#~tRECqHcWQ6mJ`pypyg6&4Jhy?}D1KyZx!KUBWG z>{g!I>v@?O@R3z%>6;A0UdZtxSLfhe{u&|3?g4>MH7L!W{7l_}%)9kfl4MMZzdm=BcjPX)-A#xE9M2Ll`l3UBZiV8v)d?fvk)GvyK{NmI zF;oa}@nGZxVrgIFsG{>gK|%ZMz+%>T3LeuZOk15+%ZEx^Se0t4RrC)<8aU5(8}=>p zOjjRUG@f=m3~4~A1wBl{p;%KQs>l$S=r z3_HiFvET?uYk&&4Y%bhf%xH!j4NTeiU+Y7IYS*5kYU0ioMc!FoZLUzKsb2rmZ+(sC zbgh@YVbX_Pf@er%i|4}epy`b*85Umfa?%$3q!gOapjlg0?;)g?9IWrBOVm2B5;;T% zW_2rhd+bp*6MAo~!TLG#^Yj&w^r~4l_r1?Q4BEsU#}B$6@^4%uQ#PqLXXD@f`R~~{ z@tWNf^m|EG0C1qb%Qyc?_Ew|SRw-!gk`+Q~9*|kC^WbK!fS>?U0@WSM$7f!>7y{RG zD-z0=L~q3{oW1n-m7{R|KyzE4s(R9S)~4PkZShqBp&M+#E|)GQAiBXEbD4syKLYy~ zPIi+=U06E(d53HNB)j;+aI4$T#6!Gl3?coq`wf7FJ@>|N;DB~Q-#^I4Hs7Jxgh z{iyS1R1N>L_#=fL^4VWA*CVS0Rk;O&S1VO|A2tOXm%~0LLZ9H4(rD4H`D>yb)uXpS zID529Ei_9>9FI66sz*8~{)FbGr;9?}R)!nq+pI~whkSI>j--dlhI)pNr2k{e_AggZ zj{>vMF#~J^+-aC$i2Jwi0swe;Fm*W0F#6ZtuKZoL9FAM?=oKKc!%Z1KGv7VB>5I{d zfyuC%#Q`dcIB=_E1Q1ej5F(qr*xVP|5>K|KTsSb#J#`qxF57FnB(}A+otZD525^B^ zVdwU4$+5|&{0?9`$j8?ZR#%1f>L<>KE#uK4)-4OpMzgy)WNW*KD zSaj-(MdOC<)ns9w;r4uv%-xydwm4#FrzhRndU|Z)hE{(Tu6VpO0by(q!;Za%6y!cL zjusk;-``(`(PQ3+AIg!x!X7i*JD}&{!i&MRLVaf}?E6*mMyF_P;<1Jd?%Ewa*9w^@ zwsghk^H8CB%p4^C-Ics^<#9>ba^zR69QvYQmqps2PM7GNPvXJ+$sty)LQxye)T&dz zIekA>Zx6E8RxpDEN|b+HW#~tJd%f}3Qm~mxlTjQF=%_f49MAd;FJ+oo=|z>-9zJWG znK6Uf1w9O*d+qQm=_Z17#+=q>f^KwVEa}<8^Cu^MtU`y5M@@N8u7^l#r%CBS(AS1A z5M1&~)7l~8=vv{56!y~5!$i43lccADueOZ-WjyAa8b@-Fe6s5}20SoUfHJ^$z(rvn zfV)A~gzj@-^GI+xdwc8in_GFuk|@0n-SM1sQnn9wSG>GY;hq{di}2)1+*lHQlHI4+ z0ZMHyWiZIBmAN4#=<=9(CK&V1%~5emp7whS&9}aM5s{)D&sNr)Qv2vOjRElJ;zp87hXZaTdgcrrmKJ|acJIU;;dg7tC|DX=5Pc#^uT+ zpMIO&^{7hF_wlJ~KAcaMyD86{bphJ={mg7w1ZAaUl2E&BvLRtP8^?BKq{#?!CU$5` zG+IAswJvHON)zq&{*De07R|$bE9$@&rj>I#HO7hJg`EiaSL`@Exwm6Mv$3Gp>2CX> zB0kJE+m5$ZCYi}M`8bEfQzcxZil=eW3|y?mL3WvpPaevOCvp7_Ar;+CV$NrJ+W2cX zslU)Ux2Ema!+9=G|Hkt5_4_ZSu-2Q$&XvgwC9?4grNqmL_2@%<$YsoBVy`SDlZqlc z1n43mt+DopYSxab2W)~^GfS#Q^kgL0Nh}}aG~R9Xu^xyKrnyTs3uIs?5*6WZkGtg& zbP1s%cQ$5EtUo9pXKpBSuyrMUwIlTst8kO~kg0fevGkShLH;I%O!Ze9<=}X#-a!`j zqawMX%YyhgS;;~z%jClVDL^fy+aGLL))^&9Bq~MPbhT*mNt*BC>H7Ust|B|lDq!^|Su23U zcAo6Dd8B2Z^P8=G#p$_T^}ZXmrI^$x)6QGC4heh|>$Kugq_SMAwU&$-q_ynnzPqqu zwOIFs$;ZuSDbBkp`}cSUKr#dTxf>x&v1p&)SG1R3NJ0KC-M9e(o$X9&GAk+@vDo)i zWD?A0Hy%VN?G{D8lm7K2mp<>+YoZq}_q@%cqaePewMIpri3$vD#suW!vGj-W^4tj{ z5XuuVevda~VQj=``G>)J)JYwJTOmIPA(cM440EG*T2Z5_WeK<`$dxFMGFRT`4suuK-EkRXr8@~o0lwy)%wF*tB;hTX2u`=+!1m1LWp9n4YS@XyK*c0&l>OFDMxkuBGNw zw7==Y8OJ;LqvfV-tQj-o@C^y=N*IVE^8CE{BIQd(oAJHqKIf^82*`I;CeR5a@|!)I z1^-$?c1g^49;`Z-(n_rhXKF`S;g{MW*0XHlk4%a7!D0#Piu?IVY`N(oV{!6|IGHU2 zsDtCoN8Xq8HBh4fP0=_}RickQaG?cBUV5pB5ihx-_rlyi`=2|+oL>8zBGjMJXeIn! ze6S;8t25EyZigQE{lSt+6-VG#nT?&lj*UU>u1Waf9HbTGaH`J zM3ntDCI(@nj;A4X#C~dDa}01Lz?a@ju^7AWOPrL!S1{0A%N{j;Al?KKp^TIbiwQ zUBBCRzosaCBx<9i?K@rl_+lQLJv`54^nm^)zJI~aeTj~~J4c)cf5OvG?Lf6+=`)iC zDuTkQ#L*8VsGKKx=i(})4Mov5By(E>j-(#b3+rbSmR~EQi6tdmpA|3cDsQyhwL=TX z(S;JPCX04@nc*=@Qs1!8&oecjUVP(i-BRe5!0jb`{rzR09I3_lt#y2d)T;%#N9Vy< zGJcAVbr+;2keAV4j9M%FKI9yP+YKIl_!OGHDr7p)Vt4bu-^^?yd9u$nohZq!p~AJ0 z;w0-2$s+AiAdKOwaAENJz?F3LPpJ>8}V!swk&sW<9sAcEAQ#@@gCK1 zuA2o_9TtXLV!N6zt62ctpuEpkD2sA^ot*0tP`|FrFEsG#ul15^ z1w?0yG8XcuJ>w_t&M;=Lf#jcvPZv@L_XX2E`T}RkH|%XRUe8I-e^k4Y@u3U?WG3Ju4@FKE|Jv z^?XD^I$~a1{j3s?T1y~$w<$&Iq(j!WGq#iyt7s+nQOFl;PEAwuP+gKsB#U?^@e|tC zQi?^KmAtSLRZH$X?@qf%9re5kt}aATG4=A#928F9us83%U3x-iL$O8nH!*s#+~UzP<6~dfto3+FSnO-@@#saE*QdF<4y|Gle=i;KDk+vGt=e!T z=>Y77+8>Yew5{3Lgji5%NKM5Kg+gbp(iJx3j8{_39aXW7HV|F#FnM!mlQBumUFC-|GV06#YRH)#a_ fzhzeZch178eTiYWYbMif0YhC`N2%(mP2~Rqh literal 0 HcmV?d00001 diff --git a/docs/versioned_docs/version-2.18/_media/tcb.svg b/docs/versioned_docs/version-2.18/_media/tcb.svg new file mode 100644 index 000000000..e5bcb5b95 --- /dev/null +++ b/docs/versioned_docs/version-2.18/_media/tcb.svg @@ -0,0 +1,535 @@ + + diff --git a/docs/versioned_docs/version-2.18/architecture/attestation.md b/docs/versioned_docs/version-2.18/architecture/attestation.md new file mode 100644 index 000000000..9bd157460 --- /dev/null +++ b/docs/versioned_docs/version-2.18/architecture/attestation.md @@ -0,0 +1,409 @@ +# Attestation + +This page explains Constellation's attestation process and highlights the cornerstones of its trust model. + +## Terms + +The following lists terms and concepts that help to understand the attestation concept of Constellation. + +### Trusted Platform Module (TPM) + +A TPM chip is a dedicated tamper-resistant crypto-processor. +It can securely store artifacts such as passwords, certificates, encryption keys, or *runtime measurements* (more on this below). +When a TPM is implemented in software, it's typically called a *virtual* TPM (vTPM). + +### Runtime measurement + +A runtime measurement is a cryptographic hash of the memory pages of a so called *runtime component*. Runtime components of interest typically include a system's bootloader or OS kernel. + +### Platform Configuration Register (PCR) + +A Platform Configuration Register (PCR) is a memory location in the TPM that has some unique properties. +To store a new value in a PCR, the existing value is extended with a new value as follows: + +``` +PCR[N] = HASHalg( PCR[N] || ArgumentOfExtend ) +``` + +The PCRs are typically used to store runtime measurements. +The new value of a PCR is always an extension of the existing value. +Thus, storing the measurements of multiple components into the same PCR irreversibly links them together. + +### Measured boot + +Measured boot builds on the concept of chained runtime measurements. +Each component in the boot chain loads and measures the next component into the PCR before executing it. +By comparing the resulting PCR values against trusted reference values, the integrity of the entire boot chain and thereby the running system can be ensured. + +### Remote attestation (RA) + +Remote attestation is the process of verifying certain properties of an application or platform, such as integrity and confidentiality, from a remote location. +In the case of a measured boot, the goal is to obtain a signed attestation statement on the PCR values of the boot measurements. +The statement can then be verified and compared to a set of trusted reference values. +This way, the integrity of the platform can be ensured before sharing secrets with it. + +### Confidential virtual machine (CVM) + +Confidential computing (CC) is the protection of data in-use with hardware-based trusted execution environments (TEEs). +With CVMs, TEEs encapsulate entire virtual machines and isolate them against the hypervisor, other VMs, and direct memory access. +After loading the initial VM image into encrypted memory, the hypervisor calls for a secure processor to measure these initial memory pages. +The secure processor locks these pages and generates an attestation report on the initial page measurements. +CVM memory pages are encrypted with a key that resides inside the secure processor, which makes sure only the guest VM can access them. +The attestation report is signed by the secure processor and can be verified using remote attestation via the certificate authority of the hardware vendor. +Such an attestation statement guarantees the confidentiality and integrity of a CVM. + +### Attested TLS (aTLS) + +In a CC environment, attested TLS (aTLS) can be used to establish secure connections between two parties using the remote attestation features of the CC components. + +aTLS modifies the TLS handshake by embedding an attestation statement into the TLS certificate. +Instead of relying on a certificate authority, aTLS uses this attestation statement to establish trust in the certificate. + +The protocol can be used by clients to verify a server certificate, by a server to verify a client certificate, or for mutual verification (mutual aTLS). + +## Overview + +The challenge for Constellation is to lift a CVM's attestation statement to the Kubernetes software layer and make it end-to-end verifiable. +From there, Constellation needs to expand the attestation from a single CVM to the entire cluster. + +The [*JoinService*](microservices.md#joinservice) and [*VerificationService*](microservices.md#verificationservice) are where all runs together. +Internally, the *JoinService* uses remote attestation to securely join CVM nodes to the cluster. +Externally, the *VerificationService* provides an attestation statement for the cluster's CVMs and configuration. + +The following explains the details of both steps. + +## Node attestation + +The idea is that Constellation nodes should have verifiable integrity from the CVM hardware measurement up to the Kubernetes software layer. +The solution is a verifiable boot chain and an integrity-protected runtime environment. + +Constellation uses measured boot within CVMs, measuring each component in the boot process before executing it. +Outside of CC, this is usually implemented via TPMs. +CVM technologies differ in how they implement runtime measurements, but the general concepts are similar to those of a TPM. +For simplicity, TPM terminology like *PCR* is used in the following. + +When a Constellation node image boots inside a CVM, measured boot is used for all stages and components of the boot chain. +This process goes up to the root filesystem. +The root filesystem is mounted read-only with integrity protection. +For the details on the image and boot stages see the [image architecture](../architecture/images.md) documentation. +Any changes to the image will inevitably also change the corresponding PCR values. +To create a node attestation statement, the Constellation image obtains a CVM attestation statement from the hardware. +This includes the runtime measurements and thereby binds the measured boot results to the CVM hardware measurement. + +In addition to the image measurements, Constellation extends a PCR during the [initialization phase](../workflows/create.md) that irrevocably marks the node as initialized. +The measurement is created using the [*clusterID*](../architecture/keys.md#cluster-identity), tying all future attestation statements to this ID. +Thereby, an attestation statement is unique for every cluster and a node can be identified unambiguously as being initialized. + +To verify an attestation, the hardware's signature and a statement are verified first to establish trust in the contained runtime measurements. +If successful, the measurements are verified against the trusted values of the particular Constellation release version. +Finally, the measurement of the *clusterID* can be compared by calculating it with the [master secret](keys.md#master-secret). + +### Runtime measurements + +Constellation uses runtime measurements to implement the measured boot approach. +As stated above, the underlying hardware technology and guest firmware differ in their implementations of runtime measurements. +The following gives a detailed description of the available measurements in the different cloud environments. + +The runtime measurements consist of two types of values: + +* **Measurements produced by the cloud infrastructure and firmware of the CVM**: +These are measurements of closed-source firmware and other values controlled by the cloud provider. +While not being reproducible for the user, some of them can be compared against previously observed values. +Others may change frequently and aren't suitable for verification. +The [signed image measurements](#chain-of-trust) include measurements that are known, previously observed values. + +* **Measurements produced by the Constellation bootloader and boot chain**: +The Constellation Bootloader takes over from the CVM firmware and [measures the rest of the boot chain](images.md). +The Constellation [Bootstrapper](microservices.md#bootstrapper) is the first user mode component that runs in a Constellation image. +It extends PCR registers with the [IDs](keys.md#cluster-identity) of the cluster marking a node as initialized. + +Constellation allows to specify in the config which measurements should be enforced during the attestation process. +Enforcing non-reproducible measurements controlled by the cloud provider means that changes in these values require manual updates to the cluster's config. +By default, Constellation only enforces measurements that are stable values produced by the infrastructure or by Constellation directly. + + + + +Constellation uses the [vTPM](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) (NitroTPM) feature of the [AWS Nitro System](http://aws.amazon.com/ec2/nitro/) on AWS for runtime measurements. + +The vTPM adheres to the [TPM 2.0](https://trustedcomputinggroup.org/resource/tpm-library-specification/) specification. +The VMs are attested by obtaining signed PCR values over the VM's boot configuration from the TPM and comparing them to a known, good state (measured boot). + +The following table lists all PCR values of the vTPM and the measured components. +It also lists what components of the boot chain did the measurements and if the value is reproducible and verifiable. +The latter means that the value can be generated offline and compared to the one in the vTPM. + +| PCR | Components | Measured by | Reproducible and verifiable | +| ----------- | ---------------------------------------------------------------- | -------------------------------------- | --------------------------- | +| 0 | Firmware | AWS | No | +| 1 | Firmware | AWS | No | +| 2 | Firmware | AWS | No | +| 3 | Firmware | AWS | No | +| 4 | Constellation Bootloader, Kernel, initramfs, Kernel command line | AWS, Constellation Bootloader | Yes | +| 5 | Firmware | AWS | No | +| 6 | Firmware | AWS | No | +| 7 | Secure Boot Policy | AWS, Constellation Bootloader | No | +| 8 | - | - | - | +| 9 | initramfs, Kernel command line | Linux Kernel | Yes | +| 10 | User space | Linux IMA | No[^1] | +| 11 | Unified Kernel Image components | Constellation Bootloader | Yes | +| 12 | Reserved | (User space, Constellation Bootloader) | Yes | +| 13 | Reserved | (Constellation Bootloader) | Yes | +| 14 | Secure Boot State | Constellation Bootloader | No | +| 15 | ClusterID | Constellation Bootstrapper | Yes | +| 16–23 | Unused | - | - | + + + + +Constellation uses the [vTPM](https://docs.microsoft.com/en-us/azure/virtual-machines/trusted-launch#vtpm) feature of Azure CVMs for runtime measurements. +This vTPM adheres to the [TPM 2.0](https://trustedcomputinggroup.org/resource/tpm-library-specification/) specification. +It provides a [measured boot](https://docs.microsoft.com/en-us/azure/security/fundamentals/measured-boot-host-attestation#measured-boot) verification that's based on the trusted launch feature of [Trusted Launch VMs](https://docs.microsoft.com/en-us/azure/virtual-machines/trusted-launch). + +The following table lists all PCR values of the vTPM and the measured components. +It also lists what components of the boot chain did the measurements and if the value is reproducible and verifiable. +The latter means that the value can be generated offline and compared to the one in the vTPM. + +| PCR | Components | Measured by | Reproducible and verifiable | +| ----------- | ---------------------------------------------------------------- | -------------------------------------- | --------------------------- | +| 0 | Firmware | Azure | No | +| 1 | Firmware | Azure | No | +| 2 | Firmware | Azure | No | +| 3 | Firmware | Azure | No | +| 4 | Constellation Bootloader, Kernel, initramfs, Kernel command line | Azure, Constellation Bootloader | Yes | +| 5 | Reserved | Azure | No | +| 6 | VM Unique ID | Azure | No | +| 7 | Secure Boot State | Azure, Constellation Bootloader | No | +| 8 | - | - | - | +| 9 | initramfs, Kernel command line | Linux Kernel | Yes | +| 10 | User space | Linux IMA | No[^1] | +| 11 | Unified Kernel Image components | Constellation Bootloader | Yes | +| 12 | Reserved | (User space, Constellation Bootloader) | Yes | +| 13 | Reserved | (Constellation Bootloader) | Yes | +| 14 | Secure Boot State | Constellation Bootloader | No | +| 15 | ClusterID | Constellation Bootstrapper | Yes | +| 16–23 | Unused | - | - | + + + + +Constellation uses the [vTPM](https://cloud.google.com/compute/confidential-vm/docs/about-cvm) feature of CVMs on GCP for runtime measurements. +Note that this vTPM doesn't run inside the hardware-protected CVM context, but is emulated by the hypervisor. + +The vTPM adheres to the [TPM 2.0](https://trustedcomputinggroup.org/resource/tpm-library-specification/) specification. +It provides a [launch attestation report](https://cloud.google.com/compute/confidential-vm/docs/monitoring#about_launch_attestation_report_events) that's based on the measured boot feature of [Shielded VMs](https://cloud.google.com/compute/shielded-vm/docs/shielded-vm#measured-boot). + +The following table lists all PCR values of the vTPM and the measured components. +It also lists what components of the boot chain did the measurements and if the value is reproducible and verifiable. +The latter means that the value can be generated offline and compared to the one in the vTPM. + +| PCR | Components | Measured by | Reproducible and verifiable | +| ----------- | ---------------------------------------------------------------- | -------------------------------------- | --------------------------- | +| 0 | CVM version and technology | GCP | No | +| 1 | Firmware | GCP | No | +| 2 | Firmware | GCP | No | +| 3 | Firmware | GCP | No | +| 4 | Constellation Bootloader, Kernel, initramfs, Kernel command line | GCP, Constellation Bootloader | Yes | +| 5 | Disk GUID partition table | GCP | No | +| 6 | Disk GUID partition table | GCP | No | +| 7 | GCP Secure Boot Policy | GCP, Constellation Bootloader | No | +| 8 | - | - | - | +| 9 | initramfs, Kernel command line | Linux Kernel | Yes | +| 10 | User space | Linux IMA | No[^1] | +| 11 | Unified Kernel Image components | Constellation Bootloader | Yes | +| 12 | Reserved | (User space, Constellation Bootloader) | Yes | +| 13 | Reserved | (Constellation Bootloader) | Yes | +| 14 | Secure Boot State | Constellation Bootloader | No | +| 15 | ClusterID | Constellation Bootstrapper | Yes | +| 16–23 | Unused | - | - | + + + + +Constellation uses a hypervisor-based vTPM for runtime measurements. + +The vTPM adheres to the [TPM 2.0](https://trustedcomputinggroup.org/resource/tpm-library-specification/) specification. +The VMs are attested by obtaining signed PCR values over the VM's boot configuration from the TPM and comparing them to a known, good state (measured boot). + +The following table lists all PCR values of the vTPM and the measured components. +It also lists what components of the boot chain did the measurements and if the value is reproducible and verifiable. +The latter means that the value can be generated offline and compared to the one in the vTPM. + +| PCR | Components | Measured by | Reproducible and verifiable | +| ----------- | ---------------------------------------------------------------- | -------------------------------------- | --------------------------- | +| 0 | Firmware | STACKIT | No | +| 1 | Firmware | STACKIT | No | +| 2 | Firmware | STACKIT | No | +| 3 | Firmware | STACKIT | No | +| 4 | Constellation Bootloader, Kernel, initramfs, Kernel command line | STACKIT, Constellation Bootloader | Yes | +| 5 | Firmware | STACKIT | No | +| 6 | Firmware | STACKIT | No | +| 7 | Secure Boot Policy | STACKIT, Constellation Bootloader | No | +| 8 | - | - | - | +| 9 | initramfs, Kernel command line | Linux Kernel | Yes | +| 10 | User space | Linux IMA | No[^1] | +| 11 | Unified Kernel Image components | Constellation Bootloader | Yes | +| 12 | Reserved | (User space, Constellation Bootloader) | Yes | +| 13 | Reserved | (Constellation Bootloader) | Yes | +| 14 | Secure Boot State | Constellation Bootloader | No | +| 15 | ClusterID | Constellation Bootstrapper | Yes | +| 16–23 | Unused | - | - | + + + + +### CVM verification + +To verify the integrity of the received attestation statement, a chain of trust from the CVM technology to the interface providing the statement has to be established. +For verification of the CVM technology, Constellation may expose additional options in its config file. + + + + +On AWS, AMD SEV-SNP is used to provide runtime encryption to the VMs. +An SEV-SNP attestation report is used to establish trust in the VM. +You may customize certain parameters for verification of the attestation statement using the Constellation config file. + +* TCB versions + + You can set the minimum version numbers of components in the SEV-SNP TCB. + Use the latest versions to enforce that only machines with the most recent firmware updates are allowed to join the cluster. + Alternatively, you can set a lower minimum version to allow slightly out-of-date machines to still be able to join the cluster. + +* AMD Root Key Certificate + + This certificate is the root of trust for verifying the SEV-SNP certificate chain. + +* AMD Signing Key Certificate + + This is the intermediate certificate for verifying the SEV-SNP report's signature. + If it's not specified, the CLI fetches it from the AMD key distribution server. + + + + +On Azure, AMD SEV-SNP is used to provide runtime encryption to the VMs. +An SEV-SNP attestation report is used to establish trust in the vTPM running inside the VM. +You may customize certain parameters for verification of the attestation statement using the Constellation config file. + +* TCB versions + + You can set the minimum version numbers of components in the SEV-SNP TCB. + Use the latest versions to enforce that only machines with the most recent firmware updates are allowed to join the cluster. + Alternatively, you can set a lower minimum version to allow slightly out-of-date machines to still be able to join the cluster. + +* AMD Root Key Certificate + + This certificate is the root of trust for verifying the SEV-SNP certificate chain. + +* Firmware Signer + + This config option allows you to specify how the firmware signer should be verified. + More explicitly, it controls the verification of the `IDKeyDigest` value in the SEV-SNP attestation report. + You can provide a list of accepted key digests and specify a policy on how this list is compared against the reported `IDKeyDigest`. + + + + +On GCP, AMD SEV-SNP is used to provide runtime encryption to the VMs. +An SEV-SNP attestation report is used to establish trust in the VM. +You may customize certain parameters for verification of the attestation statement using the Constellation config file. + +* TCB versions + + You can set the minimum version numbers of components in the SEV-SNP TCB. + Use the latest versions to enforce that only machines with the most recent firmware updates are allowed to join the cluster. + Alternatively, you can set a lower minimum version to allow slightly out-of-date machines to still be able to join the cluster. + +* AMD Root Key Certificate + + This certificate is the root of trust for verifying the SEV-SNP certificate chain. + +* AMD Signing Key Certificate + + This is the intermediate certificate for verifying the SEV-SNP report's signature. + If it's not specified, the CLI fetches it from the AMD key distribution server. + + + + +On STACKIT, AMD SEV-ES is used to provide runtime encryption to the VMs. +The hypervisor-based vTPM is used to establish trust in the VM via [runtime measurements](#runtime-measurements). +There is no additional configuration available for STACKIT. + + + + +## Cluster attestation + +Cluster-facing, Constellation's [*JoinService*](microservices.md#joinservice) verifies each node joining the cluster given the configured ground truth runtime measurements. +User-facing, the [*VerificationService*](microservices.md#verificationservice) provides an interface to verify a node using remote attestation. +By verifying the first node during the [initialization](microservices.md#bootstrapper) and configuring the ground truth measurements that are subsequently enforced by the *JoinService*, the whole cluster is verified in a transitive way. + +### Cluster-facing attestation + +The *JoinService* is provided with the runtime measurements of the whitelisted Constellation image version as the ground truth. +During the initialization and the cluster bootstrapping, each node connects to the *JoinService* using [aTLS](#attested-tls-atls). +During the handshake, the node transmits an attestation statement including its runtime measurements. +The *JoinService* verifies that statement and compares the measurements against the ground truth. +For details of the initialization process check the [microservice descriptions](microservices.md). + +After the initialization, every node updates its runtime measurements with the *clusterID* value, marking it irreversibly as initialized. +When an initialized node tries to join another cluster, its measurements inevitably mismatch the measurements of an uninitialized node and it will be declined. + +### User-facing attestation + +The [*VerificationService*](microservices.md#verificationservice) provides an endpoint for obtaining its hardware-based remote attestation statement, which includes the runtime measurements. +A user can [verify](../workflows/verify-cluster.md) this statement and compare the measurements against the configured ground truth and, thus, verify the identity and integrity of all Constellation components and the cluster configuration. Subsequently, the user knows that the entire cluster is in the expected state and is trustworthy. + +## Putting it all together + +This section puts the aforementioned concepts together and illustrate how trust into a Constellation cluster is established and maintained. + +### CLI and node images + +It all starts with the CLI executable. The CLI is signed by Edgeless Systems. To ensure non-repudiability for CLI releases, Edgeless Systems publishes corresponding signatures to the public ledger of the [sigstore project](https://www.sigstore.dev/). There's a [step-by-step guide](../workflows/verify-cli.md) on how to verify CLI signatures based on sigstore. + +The CLI contains the latest runtime measurements of the Constellation node image for all supported cloud platforms. In case a different version of the node image is to be used, the corresponding runtime measurements can be fetched using the CLI's [fetch-measurements command](../reference/cli.md#constellation-config-fetch-measurements). This command downloads the runtime measurements and the corresponding signature from cdn.confidential.cloud. See for example the following files corresponding to node image v2.16.3: + +* [Measurements](https://cdn.confidential.cloud/constellation/v2/ref/-/stream/stable/v2.16.3/image/measurements.json) +* [Signature](https://cdn.confidential.cloud/constellation/v2/ref/-/stream/stable/v2.16.3/image/measurements.json.sig) + +The CLI contains the long-term public key of Edgeless Systems to verify the signature of downloaded runtime measurements. + +### Cluster creation + +When a cluster is [created](../workflows/create.md), the CLI automatically verifies the runtime measurements of the *first node* using remote attestation. Based on this, the CLI and the first node set up a temporary TLS connection. This [aTLS](#attested-tls-atls) connection is used for two things: + +1. The CLI sends the [master secret](../architecture/keys.md#master-secret) of the to-be-created cluster to the CLI. The master secret is generated by the first node. +2. The first node sends a [kubeconfig file](https://www.redhat.com/sysadmin/kubeconfig) with Kubernetes credentials to the CLI. + +After this, the aTLS connection is closed and the first node bootstraps the Kubernetes cluster. All subsequent interactions between the CLI and the cluster go via the [Kubernetes API](https://kubernetes.io/docs/concepts/overview/kubernetes-api/) server running inside the cluster. The CLI (and other tools like kubectl) use the credentials referenced by the kubeconfig file to authenticate themselves towards the Kubernetes API server and to establish a mTLS connection. + +The CLI connects to the Kubernetes API to write the runtime measurements for the applicable node image to etcd. The JoinService uses these runtime measurements to verify all nodes that join the cluster subsequently. + +### Chain of trust + +In summary, there's a chain of trust based on cryptographic signatures that goes from the user to the cluster via the CLI. This is illustrated in the following diagram. + +```mermaid +flowchart LR + A[User]-- "verifies" -->B[CLI] + B[CLI]-- "verifies" -->C([Runtime measurements]) + D[Edgeless Systems]-- "signs" -->B[CLI] + D[Edgeless Systems]-- "signs" -->C([Runtime measurements]) + B[CLI]-- "verifies (remote attestation)" -->E[First node] + E[First node]-- "verifies (remote attestation)" -->F[Other nodes] + C([Runtime measurements]) -.-> E[First node] + C([Runtime measurements]) -.-> F[Other nodes] +``` + +### Upgrades + +Whenever a cluster is [upgraded](../workflows/upgrade.md) to a new version of the node image, the CLI sends the corresponding runtime measurements via the Kubernetes API server. The new runtime measurements are stored in etcd within the cluster and replace any previous runtime measurements. The new runtime measurements are then used automatically by the JoinService for the verification of new nodes. + +## References + +[^1]: Linux IMA produces runtime measurements of user-space binaries. +However, these measurements aren't deterministic and thus, PCR\[10] can't be compared to a constant value. +Instead, a policy engine must be used to verify the TPM event log against a policy. diff --git a/docs/versioned_docs/version-2.18/architecture/encrypted-storage.md b/docs/versioned_docs/version-2.18/architecture/encrypted-storage.md new file mode 100644 index 000000000..f047fa4a9 --- /dev/null +++ b/docs/versioned_docs/version-2.18/architecture/encrypted-storage.md @@ -0,0 +1,62 @@ +# Encrypted persistent storage + +Confidential VMs provide runtime memory encryption to protect data in use. +In the context of Kubernetes, this is sufficient for the confidentiality and integrity of stateless services. +Consider a front-end web server, for example, that keeps all connection information cached in main memory. +No sensitive data is ever written to an insecure medium. +However, many real-world applications need some form of state or data-lake service that's connected to a persistent storage device and requires encryption at rest. +As described in [Use persistent storage](../workflows/storage.md), cloud service providers (CSPs) use the container storage interface (CSI) to make their storage solutions available to Kubernetes workloads. +These CSI storage solutions often support some sort of encryption. +For example, Google Cloud [encrypts data at rest by default](https://cloud.google.com/security/encryption/default-encryption), without any action required by the customer. + +## Cloud provider-managed encryption + +CSP-managed storage solutions encrypt the data in the cloud backend before writing it physically to disk. +In the context of confidential computing and Constellation, the CSP and its managed services aren't trusted. +Hence, cloud provider-managed encryption protects your data from offline hardware access to physical storage devices. +It doesn't protect it from anyone with infrastructure-level access to the storage backend or a malicious insider in the cloud platform. +Even with "bring your own key" or similar concepts, the CSP performs the encryption process with access to the keys and plaintext data. + +In the security model of Constellation, securing persistent storage and thereby data at rest requires that all cryptographic operations are performed inside a trusted execution environment. +Consequently, using CSP-managed encryption of persistent storage usually isn't an option. + +## Constellation-managed encryption + +Constellation provides CSI drivers for storage solutions in all major clouds with built-in encryption support. +Block storage provisioned by the CSP is [mapped](https://guix.gnu.org/manual/en/html_node/Mapped-Devices.html) using the [dm-crypt](https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/dm-crypt.html), and optionally the [dm-integrity](https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/dm-integrity.html), kernel modules, before it's formatted and accessed by the Kubernetes workloads. +All cryptographic operations happen inside the trusted environment of the confidential Constellation node. + +Note that for integrity-protected disks, [volume expansion](https://kubernetes.io/blog/2018/07/12/resizing-persistent-volumes-using-kubernetes/) isn't supported. + +By default the driver uses data encryption keys (DEKs) issued by the Constellation [*KeyService*](microservices.md#keyservice). +The DEKs are in turn derived from the Constellation's key encryption key (KEK), which is directly derived from the [master secret](keys.md#master-secret). +This is the recommended mode of operation, and also requires the least amount of setup by the cluster administrator. + +Alternatively, the driver can be configured to use a key management system to store and access KEKs and DEKs. + +Refer to [keys and cryptography](keys.md) for more details on key management in Constellation. + +Once deployed and configured, the CSI driver ensures transparent encryption and integrity of all persistent volumes provisioned via its storage class. +Data at rest is secured without any additional actions required by the developer. + +## Cryptographic algorithms + +This section gives an overview of the libraries, cryptographic algorithms, and their configurations, used in Constellation's CSI drivers. + +### dm-crypt + +To interact with the dm-crypt kernel module, Constellation uses [libcryptsetup](https://gitlab.com/cryptsetup/cryptsetup/). +New devices are formatted as [LUKS2](https://gitlab.com/cryptsetup/LUKS2-docs/-/tree/master) partitions with a sector size of 4096 bytes. +The used key derivation function is [Argon2id](https://datatracker.ietf.org/doc/html/rfc9106) with the [recommended parameters for memory-constrained environments](https://datatracker.ietf.org/doc/html/rfc9106#section-7.4) of 3 iterations and 64 MiB of memory, utilizing 4 parallel threads. +For encryption Constellation uses AES in XTS-Plain64. The key size is 512 bit. + +### dm-integrity + +To interact with the dm-integrity kernel module, Constellation uses [libcryptsetup](https://gitlab.com/cryptsetup/cryptsetup/). +When enabled, the used data integrity algorithm is [HMAC](https://datatracker.ietf.org/doc/html/rfc2104) with SHA256 as the hash function. +The tag size is 32 Bytes. + +## Encrypted S3 object storage + +Constellation comes with a service that you can use to transparently retrofit client-side encryption to existing applications that use S3 (AWS or compatible) for storage. +To learn more, check out the [s3proxy documentation](../workflows/s3proxy.md). diff --git a/docs/versioned_docs/version-2.18/architecture/images.md b/docs/versioned_docs/version-2.18/architecture/images.md new file mode 100644 index 000000000..8a9c51d36 --- /dev/null +++ b/docs/versioned_docs/version-2.18/architecture/images.md @@ -0,0 +1,49 @@ +# Constellation images + +Constellation uses a minimal version of Fedora as the operating system running inside confidential VMs. This Linux distribution is optimized for containers and designed to be stateless. +The Constellation images provide measured boot and an immutable filesystem. + +## Measured boot + +```mermaid +flowchart LR + Firmware --> Bootloader + Bootloader --> uki + subgraph uki[Unified Kernel Image] + Kernel[Kernel] + initramfs[Initramfs] + cmdline[Kernel Command Line] + end + uki --> rootfs[Root Filesystem] +``` + +Measured boot uses a Trusted Platform Module (TPM) to measure every part of the boot process. This allows for verification of the integrity of a running system at any point in time. To ensure correct measurements of every stage, each stage is responsible to measure the next stage before transitioning. + +### Firmware + +With confidential VMs, the firmware is the root of trust and is measured automatically at boot. After initialization, the firmware will load and measure the bootloader before executing it. + +### Bootloader + +The bootloader is the first modifiable part of the boot chain. The bootloader is tasked with loading the kernel, initramfs and setting the kernel command line. The Constellation bootloader measures these components before starting the kernel. + +### initramfs + +The initramfs is a small filesystem loaded to prepare the actual root filesystem. The Constellation initramfs maps the block device containing the root filesystem with [dm-verity](https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/verity.html). The initramfs then mounts the root filesystem from the mapped block device. + +dm-verity provides integrity checking using a cryptographic hash tree. When a block is read, its integrity is checked by verifying the tree against a trusted root hash. The initramfs reads this root hash from the previously measured kernel command line. Thus, if any block of the root filesystem's device is modified on disk, trying to read the modified block will result in a kernel panic at runtime. + +After mounting the root filesystem, the initramfs will switch over and start the `init` process of the integrity-protected root filesystem. + +## State disk + +In addition to the read-only root filesystem, each Constellation node has a disk for storing state data. +This disk is mounted readable and writable by the initramfs and contains data that should persist across reboots. +Such data can contain sensitive information and, therefore, must be stored securely. +To that end, the state disk is protected by authenticated encryption. +See the section on [keys and encryption](keys.md#storage-encryption) for more information on the cryptographic primitives in use. + +## Kubernetes components + +During initialization, the [*Bootstrapper*](microservices.md#bootstrapper) downloads and verifies the [Kubernetes components](https://kubernetes.io/docs/concepts/overview/components/) as configured by the user. +They're stored on the state partition and can be updated once new releases need to be installed. diff --git a/docs/versioned_docs/version-2.18/architecture/keys.md b/docs/versioned_docs/version-2.18/architecture/keys.md new file mode 100644 index 000000000..553d9d4e2 --- /dev/null +++ b/docs/versioned_docs/version-2.18/architecture/keys.md @@ -0,0 +1,131 @@ +# Key management and cryptographic primitives + +Constellation protects and isolates your cluster and workloads. +To that end, cryptography is the foundation that ensures the confidentiality and integrity of all components. +Evaluating the security and compliance of Constellation requires a precise understanding of the cryptographic primitives and keys used. +The following gives an overview of the architecture and explains the technical details. + +## Confidential VMs + +Confidential VM (CVM) technology comes with hardware and software components for memory encryption, isolation, and remote attestation. +For details on the implementations and cryptographic soundness, refer to the hardware vendors' documentation and advisories. + +## Master secret + +The master secret is the cryptographic material used for deriving the [*clusterID*](#cluster-identity) and the *key encryption key (KEK)* for [storage encryption](#storage-encryption). +It's generated during the bootstrapping of a Constellation cluster. +It can either be managed by [Constellation](#constellation-managed-key-management) or an [external key management system](#user-managed-key-management). +In case of [recovery](#recovery-and-migration), the master secret allows to decrypt the state and recover a Constellation cluster. + +## Cluster identity + +The identity of a Constellation cluster is represented by cryptographic [measurements](attestation.md#runtime-measurements): + +The **base measurements** represent the identity of a valid, uninitialized Constellation node. +They depend on the node image, but are otherwise the same for every Constellation cluster. +On node boot, they're determined using the CVM's attestation mechanism and [measured boot up to the read-only root filesystem](images.md). + +The **clusterID** represents the identity of a single initialized Constellation cluster. +It's derived from the master secret and a cryptographically random salt and unique for every Constellation cluster. +The [Bootstrapper](microservices.md#bootstrapper) measures the *clusterID* into its own PCR before executing any code not measured as part of the *base measurements*. +See [Node attestation](attestation.md#node-attestation) for details. + +The remote attestation statement of a Constellation cluster combines the *base measurements* and the *clusterID* for a verifiable, unspoofable, unique identity. + +## Network encryption + +Constellation encrypts all cluster network communication using the [container network interface (CNI)](https://github.com/containernetworking/cni). +See [network encryption](networking.md) for more details. + +The Cilium agent running on each node establishes a secure [WireGuard](https://www.wireguard.com/) tunnel between it and all other known nodes in the cluster. +Each node creates its own [Curve25519](http://cr.yp.to/ecdh.html) encryption key pair and distributes its public key via Kubernetes. +A node uses another node's public key to decrypt and encrypt traffic from and to Cilium-managed endpoints running on that node. +Connections are always encrypted peer-to-peer using [ChaCha20](http://cr.yp.to/chacha.html) with [Poly1305](http://cr.yp.to/mac.html). +WireGuard implements [forward secrecy with key rotation every 2 minutes](https://lists.zx2c4.com/pipermail/wireguard/2017-December/002141.html). +Cilium supports [key rotation](https://docs.cilium.io/en/stable/security/network/encryption-ipsec/#key-rotation) for the long-term node keys via Kubernetes secrets. + +## Storage encryption + +Constellation supports transparent encryption of persistent storage. +The Linux kernel's device mapper-based encryption features are used to encrypt the data on the block storage level. +Currently, the following primitives are used for block storage encryption: + +* [dm-crypt](https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/dm-crypt.html) +* [dm-integrity](https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/dm-integrity.html) + +Adding primitives for integrity protection in the CVM attacker model are under active development and will be available in a future version of Constellation. +See [encrypted storage](encrypted-storage.md) for more details. + +As a cluster administrator, when creating a cluster, you can use the Constellation [installation program](orchestration.md) to select one of the following methods for key management: + +* Constellation-managed key management +* User-managed key management + +### Constellation-managed key management + +#### Key material and key derivation + +During the creation of a Constellation cluster, the cluster's master secret is used to derive a KEK. +This means creating two clusters with the same master secret will yield the same KEK. +Any data encryption key (DEK) is derived from the KEK via HKDF. +Note that the master secret is recommended to be unique for every cluster and shouldn't be reused (except in case of [recovering](../workflows/recovery.md) a cluster). + +#### State and storage + +The KEK is derived from the master secret during the initialization. +Subsequently, all other key material is derived from the KEK. +Given the same KEK, any DEK can be derived deterministically from a given identifier. +Hence, there is no need to store DEKs. They can be derived on demand. +After the KEK was derived, it's stored in memory only and never leaves the CVM context. + +#### Availability + +Constellation-managed key management has the same availability as the underlying Kubernetes cluster. +Therefore, the KEK is stored in the [distributed Kubernetes etcd storage](https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/) to allow for unexpected but non-fatal (control-plane) node failure. +The etcd storage is backed by the encrypted and integrity protected [state disk](images.md#state-disk) of the nodes. + +#### Recovery + +Constellation clusters can be recovered in the event of a disaster, even when all node machines have been stopped and need to be rebooted. +For details on the process see the [recovery workflow](../workflows/recovery.md). + +### User-managed key management + +User-managed key management is under active development and will be available soon. +In scenarios where constellation-managed key management isn't an option, this mode allows you to keep full control of your keys. +For example, compliance requirements may force you to keep your KEKs in an on-prem key management system (KMS). + +During the creation of a Constellation cluster, you specify a KEK present in a remote KMS. +This follows the common scheme of "bring your own key" (BYOK). +Constellation will support several KMSs for managing the storage and access of your KEK. +Initially, it will support the following KMSs: + +* [AWS KMS](https://aws.amazon.com/kms/) +* [GCP KMS](https://cloud.google.com/security-key-management) +* [Azure Key Vault](https://azure.microsoft.com/en-us/services/key-vault/#product-overview) +* [KMIP-compatible KMS](https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=kmip) + +Storing the keys in Cloud KMS of AWS, Azure, or GCP binds the key usage to the particular cloud identity access management (IAM). +In the future, Constellation will support remote attestation-based access policies for Cloud KMS once available. +Note that using a Cloud KMS limits the isolation and protection to the guarantees of the particular offering. + +KMIP support allows you to use your KMIP-compatible on-prem KMS and keep full control over your keys. +This follows the common scheme of "hold your own key" (HYOK). + +The KEK is used to encrypt per-data "data encryption keys" (DEKs). +DEKs are generated to encrypt your data before storing it on persistent storage. +After being encrypted by the KEK, the DEKs are stored on dedicated cloud storage for persistence. +Currently, Constellation supports the following cloud storage options: + +* [AWS S3](https://aws.amazon.com/s3/) +* [GCP Cloud Storage](https://cloud.google.com/storage) +* [Azure Blob Storage](https://azure.microsoft.com/en-us/services/storage/blobs/#overview) + +The DEKs are only present in plaintext form in the encrypted main memory of the CVMs. +Similarly, the cryptographic operations for encrypting data before writing it to persistent storage are performed in the context of the CVMs. + +#### Recovery and migration + +In the case of a disaster, the KEK can be used to decrypt the DEKs locally and subsequently use them to decrypt and retrieve the data. +In case of migration, configuring the same KEK will provide seamless migration of data. +Thus, only the DEK storage needs to be transferred to the new cluster alongside the encrypted data for seamless migration. diff --git a/docs/versioned_docs/version-2.18/architecture/microservices.md b/docs/versioned_docs/version-2.18/architecture/microservices.md new file mode 100644 index 000000000..90bae783b --- /dev/null +++ b/docs/versioned_docs/version-2.18/architecture/microservices.md @@ -0,0 +1,73 @@ +# Microservices + +Constellation takes care of bootstrapping and initializing a Confidential Kubernetes cluster. +During the lifetime of the cluster, it handles day 2 operations such as key management, remote attestation, and updates. +These features are provided by several microservices: + +* The [Bootstrapper](microservices.md#bootstrapper) initializes a Constellation node and bootstraps the cluster +* The [JoinService](microservices.md#joinservice) joins new nodes to an existing cluster +* The [VerificationService](microservices.md#verificationservice) provides remote attestation functionality +* The [KeyService](microservices.md#keyservice) manages Constellation-internal keys + +The relations between microservices are shown in the following diagram: + +```mermaid +flowchart LR + subgraph admin [Admin's machine] + A[Constellation CLI] + end + subgraph img [Constellation OS image] + B[Constellation OS] + C[Bootstrapper] + end + subgraph Kubernetes + D[JoinService] + E[KeyService] + F[VerificationService] + end + A -- deploys --> + B -- starts --> C + C -- deploys --> D + C -- deploys --> E + C -- deploys --> F +``` + +## Bootstrapper + +The *Bootstrapper* is the first microservice launched after booting a Constellation node image. +It sets up that machine as a Kubernetes node and integrates that node into the Kubernetes cluster. +To this end, the *Bootstrapper* first downloads and verifies the [Kubernetes components](https://kubernetes.io/docs/concepts/overview/components/) at the configured versions. +The *Bootstrapper* tries to find an existing cluster and if successful, communicates with the [JoinService](microservices.md#joinservice) to join the node. +Otherwise, it waits for an initialization request to create a new Kubernetes cluster. + +## JoinService + +The *JoinService* runs as [DaemonSet](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) on each control-plane node. +New nodes (at cluster start, or later through autoscaling) send a request to the service over [attested TLS (aTLS)](attestation.md#attested-tls-atls). +The *JoinService* verifies the new node's certificate and attestation statement. +If attestation is successful, the new node is supplied with an encryption key from the [*KeyService*](microservices.md#keyservice) for its state disk, and a Kubernetes bootstrap token. + + +```mermaid +sequenceDiagram + participant New node + participant JoinService + New node->>JoinService: aTLS handshake (server side verification) + JoinService-->>New node: # + New node->>+JoinService: IssueJoinTicket(DiskUUID, NodeName, IsControlPlane) + JoinService->>+KeyService: GetDataKey(DiskUUID) + KeyService-->>-JoinService: DiskEncryptionKey + JoinService-->>-New node: DiskEncryptionKey, KubernetesJoinToken, ... +``` + +## VerificationService + +The *VerificationService* runs as DaemonSet on each node. +It provides user-facing functionality for remote attestation during the cluster's lifetime via an endpoint for [verifying the cluster](attestation.md#cluster-attestation). +Read more about the hardware-based [attestation feature](attestation.md) of Constellation and how to [verify](../workflows/verify-cluster.md) a cluster on the client side. + +## KeyService + +The *KeyService* runs as DaemonSet on each control-plane node. +It implements the key management for the [storage encryption keys](keys.md#storage-encryption) in Constellation. These keys are used for the [state disk](images.md#state-disk) of each node and the [transparently encrypted storage](encrypted-storage.md) for Kubernetes. +Depending on wether the [constellation-managed](keys.md#constellation-managed-key-management) or [user-managed](keys.md#user-managed-key-management) mode is used, the *KeyService* holds the key encryption key (KEK) directly or calls an external key management service (KMS) for key derivation respectively. diff --git a/docs/versioned_docs/version-2.18/architecture/networking.md b/docs/versioned_docs/version-2.18/architecture/networking.md new file mode 100644 index 000000000..e9cbdf029 --- /dev/null +++ b/docs/versioned_docs/version-2.18/architecture/networking.md @@ -0,0 +1,22 @@ +# Network encryption + +Constellation encrypts all pod communication using the [container network interface (CNI)](https://github.com/containernetworking/cni). +To that end, Constellation deploys, configures, and operates the [Cilium](https://cilium.io/) CNI plugin. +Cilium provides [transparent encryption](https://docs.cilium.io/en/stable/security/network/encryption) for all cluster traffic using either IPSec or [WireGuard](https://www.wireguard.com/). +Currently, Constellation only supports WireGuard as the encryption engine. +You can read more about the cryptographic soundness of WireGuard [in their white paper](https://www.wireguard.com/papers/wireguard.pdf). + +Cilium is actively working on implementing a feature called [`host-to-host`](https://github.com/cilium/cilium/pull/19401) encryption mode for WireGuard. +With `host-to-host`, all traffic between nodes will be tunneled via WireGuard (host-to-host, host-to-pod, pod-to-host, pod-to-pod). +Until the `host-to-host` feature is released, Constellation enables `pod-to-pod` encryption. +This mode encrypts all traffic between Kubernetes pods using WireGuard tunnels. + +When using Cilium in the default setup but with encryption enabled, there is a [known issue](https://docs.cilium.io/en/v1.12/gettingstarted/encryption/#egress-traffic-to-not-yet-discovered-remote-endpoints-may-be-unencrypted) +that can cause pod-to-pod traffic to be unencrypted. +To mitigate this issue, Constellation adds a *strict* mode to Cilium's `pod-to-pod` encryption. +This mode changes the default behavior of traffic that's destined for an unknown endpoint to not be send out in plaintext, but instead being dropped. +The strict mode distinguishes between traffic that's send to a pod from traffic that's destined for a cluster-external endpoint by considering the pod's CIDR range. + +Traffic originating from hosts isn't encrypted yet. +This mainly includes health checks from Kubernetes API server. +Also, traffic proxied over the API server via e.g. `kubectl port-forward` isn't encrypted. diff --git a/docs/versioned_docs/version-2.18/architecture/observability.md b/docs/versioned_docs/version-2.18/architecture/observability.md new file mode 100644 index 000000000..0f4daffd4 --- /dev/null +++ b/docs/versioned_docs/version-2.18/architecture/observability.md @@ -0,0 +1,74 @@ +# Observability + +In Kubernetes, observability is the ability to gain insight into the behavior and performance of applications. +It helps identify and resolve issues more effectively, ensuring stability and performance of Kubernetes workloads, reducing downtime and outages, and improving efficiency. +The "three pillars of observability" are logs, metrics, and traces. + +In the context of Confidential Computing, observability is a delicate subject and needs to be applied such that it doesn't leak any sensitive information. +The following gives an overview of where and how you can apply standard observability tools in Constellation. + +## Cloud resource monitoring + +While inaccessible, Constellation's nodes are still visible as black box VMs to the hypervisor. +Resource consumption, such as memory and CPU utilization, can be monitored from the outside and observed via the cloud platforms directly. +Similarly, other resources, such as storage and network and their respective metrics, are visible via the cloud platform. + +## Metrics + +Metrics are numeric representations of data measured over intervals of time. They're essential for understanding system health and gaining insights using telemetry signals. + +By default, Constellation exposes the [metrics for Kubernetes system components](https://kubernetes.io/docs/concepts/cluster-administration/system-metrics/) inside the cluster. +Similarly, the [etcd metrics](https://etcd.io/docs/v3.5/metrics/) endpoints are exposed inside the cluster. +These [metrics endpoints can be disabled](https://kubernetes.io/docs/concepts/cluster-administration/system-metrics/#disabling-metrics). + +You can collect these cluster-internal metrics via tools such as [Prometheus](https://prometheus.io/) or the [Elastic Stack](https://www.elastic.co/de/elastic-stack/). + +Constellation's CNI Cilium also supports [metrics via Prometheus endpoints](https://docs.cilium.io/en/latest/observability/metrics/). +However, in Constellation, they're disabled by default and must be enabled first. + +## Logs + +Logs represent discrete events that usually describe what's happening with your service. +The payload is an actual message emitted from your system along with a metadata section containing a timestamp, labels, and tracking identifiers. + +### System logs + +Detailed system-level logs are accessible via `/var/log` and [journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) on the nodes directly. +They can be collected from there, for example, via [Filebeat and Logstash](https://www.elastic.co/guide/en/beats/filebeat/current/logstash-output.html), which are tools of the [Elastic Stack](https://www.elastic.co/de/elastic-stack/). + +In case of an error during the initialization, the CLI automatically collects the [Bootstrapper](./microservices.md#bootstrapper) logs and returns these as a file for [troubleshooting](../workflows/troubleshooting.md). Here is an example of such an event: + +```shell-session +Cluster initialization failed. This error is not recoverable. +Terminate your cluster and try again. +Fetched bootstrapper logs are stored in "constellation-cluster.log" +``` + +### Kubernetes logs + +Constellation supports the [Kubernetes logging architecture](https://kubernetes.io/docs/concepts/cluster-administration/logging/). +By default, logs are written to the nodes' encrypted state disks. +These include the Pod and container logs and the [system component logs](https://kubernetes.io/docs/concepts/cluster-administration/logging/#system-component-logs). + +[Constellation services](microservices.md) run as Pods inside the `kube-system` namespace and use the standard container logging mechanism. +The same applies for the [Cilium Pods](https://docs.cilium.io/en/latest/operations/troubleshooting/#logs). + +You can collect logs from within the cluster via tools such as [Fluentd](https://github.com/fluent/fluentd), [Loki](https://github.com/grafana/loki), or the [Elastic Stack](https://www.elastic.co/de/elastic-stack/). + +## Traces + +Modern systems are implemented as interconnected complex and distributed microservices. Understanding request flows and system communications is challenging, mainly because all systems in a chain need to be modified to propagate tracing information. Distributed tracing is a new approach to increasing observability and understanding performance bottlenecks. A trace represents consecutive events that reflect an end-to-end request path in a distributed system. + +Constellation supports [traces for Kubernetes system components](https://kubernetes.io/docs/concepts/cluster-administration/system-traces/). +By default, they're disabled and need to be enabled first. + +Similarly, Cilium can be enabled to [export traces](https://cilium.io/use-cases/metrics-export/). + +You can collect these traces via tools such as [Jaeger](https://www.jaegertracing.io/) or [Zipkin](https://zipkin.io/). + +## Integrations + +Platforms and SaaS solutions such as Datadog, logz.io, Dynatrace, or New Relic facilitate the observability challenge for Kubernetes and provide all-in-one SaaS solutions. +They install agents into the cluster that collect metrics, logs, and tracing information and upload them into the data lake of the platform. +Technically, the agent-based approach is compatible with Constellation, and attaching these platforms is straightforward. +However, you need to evaluate if the exported data might violate Constellation's compliance and privacy guarantees by uploading them to a third-party platform. diff --git a/docs/versioned_docs/version-2.18/architecture/orchestration.md b/docs/versioned_docs/version-2.18/architecture/orchestration.md new file mode 100644 index 000000000..3c8d529e7 --- /dev/null +++ b/docs/versioned_docs/version-2.18/architecture/orchestration.md @@ -0,0 +1,83 @@ +# Orchestrating Constellation clusters + +You can use the CLI to create a cluster on the supported cloud platforms. +The CLI provisions the resources in your cloud environment and initiates the initialization of your cluster. +It uses a set of parameters and an optional configuration file to manage your cluster installation. +The CLI is also used for updating your cluster. + +## Workspaces + +Each Constellation cluster has an associated *workspace*. +The workspace is where data such as the Constellation state and config files are stored. +Each workspace is associated with a single cluster and configuration. +The CLI stores state in the local filesystem making the current directory the active workspace. +Multiple clusters require multiple workspaces, hence, multiple directories. +Note that every operation on a cluster always has to be performed from the directory associated with its workspace. + +You may copy files from the workspace to other locations, +but you shouldn't move or delete them while the cluster is still being used. +The Constellation CLI takes care of managing the workspace. +Only when a cluster was terminated, and you are sure the files aren't needed anymore, should you remove a workspace. + +## Cluster creation process + +To allow for fine-grained configuration of your cluster and cloud environment, Constellation supports an extensive configuration file with strong defaults. [Generating the configuration file](../workflows/config.md) is typically the first thing you do in the workspace. + +Altogether, the following files are generated during the creation of a Constellation cluster and stored in the current workspace: + +* a configuration file +* a state file +* a Base64-encoded master secret +* [Terraform artifacts](../reference/terraform.md), stored in subdirectories +* a Kubernetes `kubeconfig` file. + +After the initialization of your cluster, the CLI will provide you with a Kubernetes `kubeconfig` file. +This file grants you access to your Kubernetes cluster and configures the [kubectl](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/) tool. +In addition, the cluster's [identifier](orchestration.md#post-installation-configuration) is returned and stored in the state file. + +### Creation process details + +1. The CLI `apply` command first creates the confidential VM (CVM) resources in your cloud environment and configures the network +2. Each CVM boots the Constellation node image and measures every component in the boot chain +3. The first microservice launched in each node is the [*Bootstrapper*](microservices.md#bootstrapper) +4. The *Bootstrapper* waits until it either receives an initialization request or discovers an initialized cluster +5. The CLI then connects to the *Bootstrapper* of a selected node, sends the configuration, and initiates the initialization of the cluster +6. The *Bootstrapper* of **that** node [initializes the Kubernetes cluster](microservices.md#bootstrapper) and deploys the other Constellation [microservices](microservices.md) including the [*JoinService*](microservices.md#joinservice) +7. Subsequently, the *Bootstrappers* of the other nodes discover the initialized cluster and send join requests to the *JoinService* +8. As part of the join request each node includes an attestation statement of its boot measurements as authentication +9. The *JoinService* verifies the attestation statements and joins the nodes to the Kubernetes cluster +10. This process is repeated for every node joining the cluster later (e.g., through autoscaling) + +## Post-installation configuration + +Post-installation the CLI provides a configuration for [accessing the cluster using the Kubernetes API](https://kubernetes.io/docs/tasks/administer-cluster/access-cluster-api/). +The `kubeconfig` file provides the credentials and configuration for connecting and authenticating to the API server. +Once configured, orchestrate the Kubernetes cluster via `kubectl`. + +After the initialization, the CLI will present you with a couple of tokens: + +* The [*master secret*](keys.md#master-secret) (stored in the `constellation-mastersecret.json` file by default) +* The [*clusterID*](keys.md#cluster-identity) of your cluster in Base64 encoding + +You can read more about these values and their meaning in the guide on [cluster identity](keys.md#cluster-identity). + +The *master secret* must be kept secret and can be used to [recover your cluster](../workflows/recovery.md). +Instead of managing this secret manually, you can [use your key management solution of choice](keys.md#user-managed-key-management) with Constellation. + +The *clusterID* uniquely identifies a cluster and can be used to [verify your cluster](../workflows/verify-cluster.md). + +## Upgrades + +Constellation images and microservices may need to be upgraded to new versions during the lifetime of a cluster. +Constellation implements a rolling update mechanism ensuring no downtime of the control or data plane. +You can upgrade a Constellation cluster with a single operation by using the CLI. +For step-by-step instructions on how to do this, refer to [Upgrade your cluster](../workflows/upgrade.md). + +### Attestation of upgrades + +With every new image, corresponding measurements are released. +During an update procedure, the CLI provides new measurements to the [JoinService](microservices.md#joinservice) securely. +New measurements for an updated image are automatically pulled and verified by the CLI following the [supply chain security concept](attestation.md#chain-of-trust) of Constellation. +The [attestation section](attestation.md#cluster-facing-attestation) describes in detail how these measurements are then used by the JoinService for the attestation of nodes. + + diff --git a/docs/versioned_docs/version-2.18/architecture/overview.md b/docs/versioned_docs/version-2.18/architecture/overview.md new file mode 100644 index 000000000..386f93b2f --- /dev/null +++ b/docs/versioned_docs/version-2.18/architecture/overview.md @@ -0,0 +1,30 @@ +# Overview + +Constellation is a cloud-based confidential orchestration platform. +The foundation of Constellation is Kubernetes and therefore shares the same technology stack and architecture principles. +To learn more about Constellation and Kubernetes, see [product overview](../overview/product.md). + +## About orchestration and updates + +As a cluster administrator, you can use the [Constellation CLI](orchestration.md) to install and deploy a cluster. +Updates are provided in accordance with the [support policy](versions.md). + +## About microservices and attestation + +Constellation manages the nodes and network in your cluster. All nodes are bootstrapped by the [*Bootstrapper*](microservices.md#bootstrapper). They're verified and authenticated by the [*JoinService*](microservices.md#joinservice) before being added to the cluster and the network. Finally, the entire cluster can be verified via the [*VerificationService*](microservices.md#verificationservice) using [remote attestation](attestation.md). + +## About node images and verified boot + +Constellation comes with operating system images for Kubernetes control-plane and worker nodes. +They're highly optimized for running containerized workloads and specifically prepared for running inside confidential VMs. +You can learn more about [the images](images.md) and how verified boot ensures their integrity during boot and beyond. + +## About key management and cryptographic primitives + +Encryption of data at-rest, in-transit, and in-use is the fundamental building block for confidential computing and Constellation. Learn more about the [keys and cryptographic primitives](keys.md) used in Constellation, [encrypted persistent storage](encrypted-storage.md), and [network encryption](networking.md). + +## About observability + +Observability in Kubernetes refers to the capability to troubleshoot issues using telemetry signals such as logs, metrics, and traces. +In the realm of Confidential Computing, it's crucial that observability aligns with confidentiality, necessitating careful implementation. +Learn more about the [observability capabilities in Constellation](./observability.md). diff --git a/docs/versioned_docs/version-2.18/architecture/versions.md b/docs/versioned_docs/version-2.18/architecture/versions.md new file mode 100644 index 000000000..30d9d28e2 --- /dev/null +++ b/docs/versioned_docs/version-2.18/architecture/versions.md @@ -0,0 +1,21 @@ +# Versions and support policy + +All components of Constellation use a three-digit version number of the form `v..`. +The components are released in lock step, usually on the first Tuesday of every month. This release primarily introduces new features, but may also include security or performance improvements. The `MINOR` version will be incremented as part of this release. + +Additional `PATCH` releases may be created on demand, to fix security issues or bugs before the next `MINOR` release window. + +New releases are published on [GitHub](https://github.com/edgelesssys/constellation/releases). + +## Kubernetes support policy + +Constellation is aligned to the [version support policy of Kubernetes](https://kubernetes.io/releases/version-skew-policy/#supported-versions), and therefore usually supports the most recent three minor versions. +When a new minor version of Kubernetes is released, support is added to the next Constellation release, and that version then supports four Kubernetes versions. +Subsequent Constellation releases drop support for the oldest (and deprecated) Kubernetes version. + +The following Kubernetes versions are currently supported: + + +* v1.28.13 +* v1.29.8 +* v1.30.4 diff --git a/docs/versioned_docs/version-2.18/getting-started/examples.md b/docs/versioned_docs/version-2.18/getting-started/examples.md new file mode 100644 index 000000000..fded84980 --- /dev/null +++ b/docs/versioned_docs/version-2.18/getting-started/examples.md @@ -0,0 +1,6 @@ +# Examples + +After you [installed the CLI](install.md) and [created your first cluster](first-steps.md), you're ready to deploy applications. Why not start with one of the following examples? +* [Emojivoto](examples/emojivoto.md): a simple but fun web application +* [Online Boutique](examples/online-boutique.md): an e-commerce demo application by Google consisting of 11 separate microservices +* [Horizontal Pod Autoscaling](examples/horizontal-scaling.md): an example demonstrating Constellation's autoscaling capabilities diff --git a/docs/versioned_docs/version-2.18/getting-started/examples/emojivoto.md b/docs/versioned_docs/version-2.18/getting-started/examples/emojivoto.md new file mode 100644 index 000000000..2bbe27917 --- /dev/null +++ b/docs/versioned_docs/version-2.18/getting-started/examples/emojivoto.md @@ -0,0 +1,22 @@ +# Emojivoto +[Emojivoto](https://github.com/BuoyantIO/emojivoto) is a simple and fun application that's well suited to test the basic functionality of your cluster. + + + +emojivoto - Web UI + + + +1. Deploy the application: + ```bash + kubectl apply -k github.com/BuoyantIO/emojivoto/kustomize/deployment + ``` +2. Wait until it becomes available: + ```bash + kubectl wait --for=condition=available --timeout=60s -n emojivoto --all deployments + ``` +3. Forward the web service to your machine: + ```bash + kubectl -n emojivoto port-forward svc/web-svc 8080:80 + ``` +4. Visit [http://localhost:8080](http://localhost:8080) diff --git a/docs/versioned_docs/version-2.18/getting-started/examples/filestash-s3proxy.md b/docs/versioned_docs/version-2.18/getting-started/examples/filestash-s3proxy.md new file mode 100644 index 000000000..b9a394256 --- /dev/null +++ b/docs/versioned_docs/version-2.18/getting-started/examples/filestash-s3proxy.md @@ -0,0 +1,107 @@ + +# Deploying Filestash + +Filestash is a web frontend for different storage backends, including S3. +It's a useful application to showcase s3proxy in action. + +1. Deploy s3proxy as described in [Deployment](../../workflows/s3proxy.md#deployment). +2. Create a deployment file for Filestash with one pod: + +```sh +cat << EOF > "deployment-filestash.yaml" +apiVersion: apps/v1 +kind: Deployment +metadata: + name: filestash +spec: + replicas: 1 + selector: + matchLabels: + app: filestash + template: + metadata: + labels: + app: filestash + spec: + hostAliases: + - ip: $(kubectl get svc s3proxy-service -o=jsonpath='{.spec.clusterIP}') + hostnames: + - "s3.us-east-1.amazonaws.com" + - "s3.us-east-2.amazonaws.com" + - "s3.us-west-1.amazonaws.com" + - "s3.us-west-2.amazonaws.com" + - "s3.eu-north-1.amazonaws.com" + - "s3.eu-south-1.amazonaws.com" + - "s3.eu-south-2.amazonaws.com" + - "s3.eu-west-1.amazonaws.com" + - "s3.eu-west-2.amazonaws.com" + - "s3.eu-west-3.amazonaws.com" + - "s3.eu-central-1.amazonaws.com" + - "s3.eu-central-2.amazonaws.com" + - "s3.ap-northeast-1.amazonaws.com" + - "s3.ap-northeast-2.amazonaws.com" + - "s3.ap-northeast-3.amazonaws.com" + - "s3.ap-east-1.amazonaws.com" + - "s3.ap-southeast-1.amazonaws.com" + - "s3.ap-southeast-2.amazonaws.com" + - "s3.ap-southeast-3.amazonaws.com" + - "s3.ap-southeast-4.amazonaws.com" + - "s3.ap-south-1.amazonaws.com" + - "s3.ap-south-2.amazonaws.com" + - "s3.me-south-1.amazonaws.com" + - "s3.me-central-1.amazonaws.com" + - "s3.il-central-1.amazonaws.com" + - "s3.af-south-1.amazonaws.com" + - "s3.ca-central-1.amazonaws.com" + - "s3.sa-east-1.amazonaws.com" + containers: + - name: filestash + image: machines/filestash:latest + ports: + - containerPort: 8334 + volumeMounts: + - name: ca-cert + mountPath: /etc/ssl/certs/kube-ca.crt + subPath: kube-ca.crt + volumes: + - name: ca-cert + secret: + secretName: s3proxy-tls + items: + - key: ca.crt + path: kube-ca.crt +EOF +``` + +The pod spec includes the `hostAliases` key, which adds an entry to the pod's `/etc/hosts`. +The entry forwards all requests for any of the currently defined AWS regions to the Kubernetes service `s3proxy-service`. +If you followed the s3proxy [Deployment](../../workflows/s3proxy.md#deployment) guide, this service points to a s3proxy pod. + +The deployment specifies all regions explicitly to prevent accidental data leaks. +If one of your buckets were located in a region that's not part of the `hostAliases` key, traffic towards those buckets would not be redirected to s3proxy. +Similarly, if you want to exclude data for specific regions from going through s3proxy you can remove those regions from the deployment. + +The spec also includes a volume mount for the TLS certificate and adds it to the pod's certificate trust store. +The volume is called `ca-cert`. +The key `ca.crt` of that volume is mounted to `/etc/ssl/certs/kube-ca.crt`, which is the default certificate trust store location for that container's OpenSSL library. +Not adding the CA certificate will result in TLS authentication errors. + +3. Apply the file: `kubectl apply -f deployment-filestash.yaml` + +Afterward, you can use a port forward to access the Filestash pod: +`kubectl port-forward pod/$(kubectl get pod --selector='app=filestash' -o=jsonpath='{.items[*].metadata.name}') 8334:8334` + +4. After browsing to `localhost:8443`, Filestash will ask you to set an administrator password. +After setting it, you can directly leave the admin area by clicking the blue cloud symbol in the top left corner. +Subsequently, you can select S3 as storage backend and enter your credentials. +This will bring you to an overview of your buckets. +If you want to deploy Filestash in production, take a look at its [documentation](https://www.filestash.app/docs/). + +5. To see the logs of s3proxy intercepting requests made to S3, run: `kubectl logs -f pod/$(kubectl get pod --selector='app=s3proxy' -o=jsonpath='{.items[*].metadata.name}')` +Look out for log messages labeled `intercepting`. +There is one such log message for each message that's encrypted, decrypted, or blocked. + +6. Once you have uploaded a file with Filestash, you should be able to view the file in Filestash. +However, if you go to the AWS S3 [Web UI](https://s3.console.aws.amazon.com/s3/home) and download the file you just uploaded in Filestash, you won't be able to read it. +Another way to spot encrypted files without downloading them is to click on a file, scroll to the Metadata section, and look for the header named `x-amz-meta-constellation-encryption`. +This header holds the encrypted data encryption key of the object and is only present on objects that are encrypted by s3proxy. diff --git a/docs/versioned_docs/version-2.18/getting-started/examples/horizontal-scaling.md b/docs/versioned_docs/version-2.18/getting-started/examples/horizontal-scaling.md new file mode 100644 index 000000000..dfaf9e742 --- /dev/null +++ b/docs/versioned_docs/version-2.18/getting-started/examples/horizontal-scaling.md @@ -0,0 +1,98 @@ +# Horizontal Pod Autoscaling +This example demonstrates Constellation's autoscaling capabilities. It's based on the Kubernetes [HorizontalPodAutoscaler Walkthrough](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/). During the following steps, Constellation will spawn new VMs on demand, verify them, add them to the cluster, and delete them again when the load has settled down. + +## Requirements +The cluster needs to be initialized with Kubernetes 1.23 or later. In addition, [autoscaling must be enabled](../../workflows/scale.md) to enable Constellation to assign new nodes dynamically. + +Just for this example specifically, the cluster should have as few worker nodes in the beginning as possible. Start with a small cluster with only *one* low-powered node for the control-plane node and *one* low-powered worker node. + +:::info +We tested the example using instances of types `Standard_DC4as_v5` on Azure and `n2d-standard-4` on GCP. +::: + +## Setup + +1. Install the Kubernetes Metrics Server: + ```bash + kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml + ``` + +2. Deploy the HPA example server that's supposed to be scaled under load. + + This manifest is similar to the one from the Kubernetes HPA walkthrough, but with increased CPU limits and requests to facilitate the triggering of node scaling events. + ```bash + cat < + +Online Boutique - Web UI + + + +1. Create a namespace: + ```bash + kubectl create ns boutique + ``` +2. Deploy the application: + ```bash + kubectl apply -n boutique -f https://github.com/GoogleCloudPlatform/microservices-demo/raw/main/release/kubernetes-manifests.yaml + ``` +3. Wait for all services to become available: + ```bash + kubectl wait --for=condition=available --timeout=300s -n boutique --all deployments + ``` +4. Get the frontend's external IP address: + ```shell-session + $ kubectl get service frontend-external -n boutique | awk '{print $4}' + EXTERNAL-IP + + ``` + (`` is a placeholder for the IP assigned by your CSP.) +5. Enter the IP from the result in your browser to browse the online shop. diff --git a/docs/versioned_docs/version-2.18/getting-started/first-steps-local.md b/docs/versioned_docs/version-2.18/getting-started/first-steps-local.md new file mode 100644 index 000000000..98f0302de --- /dev/null +++ b/docs/versioned_docs/version-2.18/getting-started/first-steps-local.md @@ -0,0 +1,277 @@ +# First steps with a local cluster + +A local cluster lets you deploy and test Constellation without a cloud subscription. +You have two options: + +* Use MiniConstellation to automatically deploy a two-node cluster. +* For more fine-grained control, create the cluster using the QEMU provider. + +Both options use virtualization to create a local cluster with control-plane nodes and worker nodes. They **don't** require hardware with Confidential VM (CVM) support. For attestation, they currently use a software-based vTPM provided by KVM/QEMU. + +You need an x64 machine with a Linux OS. +You can use a VM, but it needs nested virtualization. + +## Prerequisites + +* Machine requirements: + * An x86-64 CPU with at least 4 cores (6 cores are recommended) + * At least 4 GB RAM (6 GB are recommended) + * 20 GB of free disk space + * Hardware virtualization enabled in the BIOS/UEFI (often referred to as Intel VT-x or AMD-V/SVM) / nested-virtualization support when using a VM +* Software requirements: + * Linux OS with [KVM kernel module](https://www.linux-kvm.org/page/Main_Page) + * Recommended: Ubuntu 22.04 LTS + * [Docker](https://docs.docker.com/engine/install/) + * [xsltproc](https://gitlab.gnome.org/GNOME/libxslt/-/wikis/home) + * (Optional) [virsh](https://www.libvirt.org/manpages/virsh.html) to observe and access your nodes + +### Software installation on Ubuntu + +```bash +# install Docker +curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg +echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null +sudo apt update +sudo apt install docker-ce +# install other dependencies +sudo apt install xsltproc +sudo snap install kubectl --classic +# install Constellation CLI +curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/constellation-linux-amd64 +sudo install constellation-linux-amd64 /usr/local/bin/constellation +# do not drop forwarded packages +sudo iptables -P FORWARD ACCEPT +``` + +## Create a cluster + + + + + +With the `constellation mini` command, you can deploy and test Constellation locally. This mode is called MiniConstellation. Conceptually, MiniConstellation is similar to [MicroK8s](https://microk8s.io/), [K3s](https://k3s.io/), and [minikube](https://minikube.sigs.k8s.io/docs/). + + +:::caution + +MiniConstellation has specific soft- and hardware requirements such as a Linux OS running on an x86-64 CPU. Pay attention to all [prerequisites](#prerequisites) when setting up. + +::: + +:::note + +Since MiniConstellation runs on your local system, cloud features such as load balancing, +attaching persistent storage, or autoscaling aren't available. + +::: + +The following creates your MiniConstellation cluster (may take up to 10 minutes to complete): + +```bash +constellation mini up +``` + +This will configure your current directory as the [workspace](../architecture/orchestration.md#workspaces) for this cluster. +All `constellation` commands concerning this cluster need to be issued from this directory. + + + + +With the QEMU provider, you can create a local Constellation cluster as if it were in the cloud. The provider uses [QEMU](https://www.qemu.org/) to create multiple VMs for the cluster nodes, which interact with each other. + +:::caution + +Constellation on QEMU has specific soft- and hardware requirements such as a Linux OS running on an x86-64 CPU. Pay attention to all [prerequisites](#prerequisites) when setting up. + +::: + +:::note + +Since Constellation on QEMU runs on your local system, cloud features such as load balancing, +attaching persistent storage, or autoscaling aren't available. + +::: + +1. To set up your local cluster, you need to create a configuration file for Constellation first. + + ```bash + constellation config generate qemu + ``` + + This creates a [configuration file](../workflows/config.md) for QEMU called `constellation-conf.yaml`. After that, your current folder also becomes your [workspace](../architecture/orchestration.md#workspaces). All `constellation` commands for your cluster need to be executed from this directory. + +2. Now you can create your cluster and its nodes. `constellation apply` uses the options set in `constellation-conf.yaml`. + + ```bash + constellation apply -y + ``` + + The Output should look like the following: + + ```shell-session + $ constellation apply -y + Checking for infrastructure changes + The following Constellation cluster will be created: + 3 control-plane nodes of type 2-vCPUs will be created. + 1 worker node of type 2-vCPUs will be created. + Creating + Cloud infrastructure created successfully. + Your Constellation master secret was successfully written to ./constellation-mastersecret.json + Connecting + Initializing cluster + Installing Kubernetes components + Your Constellation cluster was successfully initialized. + + Constellation cluster identifier g6iMP5wRU1b7mpOz2WEISlIYSfdAhB0oNaOg6XEwKFY= + Kubernetes configuration constellation-admin.conf + + You can now connect to your cluster by executing: + export KUBECONFIG="$PWD/constellation-admin.conf" + ``` + + The cluster's identifier will be different in your output. + Keep `constellation-mastersecret.json` somewhere safe. + This will allow you to [recover your cluster](../workflows/recovery.md) in case of a disaster. + + :::info + + Depending on your setup, `constellation apply` may take 10+ minutes to complete. + + ::: + +3. Configure kubectl + + ```bash + export KUBECONFIG="$PWD/constellation-admin.conf" + ``` + + + + +## Connect to the cluster + +Your cluster initially consists of a single control-plane node: + +```shell-session +$ kubectl get nodes +NAME STATUS ROLES AGE VERSION +control-plane-0 Ready control-plane 66s v1.24.6 +``` + +Additional nodes will request to join the cluster shortly. Before each additional node is allowed to join the cluster, its state is verified using remote attestation by the [JoinService](../architecture/microservices.md#joinservice). +If verification passes successfully, the new node receives keys and certificates to join the cluster. + +You can follow this process by viewing the logs of the JoinService: + +```shell-session +$ kubectl logs -n kube-system daemonsets/join-service -f +{"level":"INFO","ts":"2022-10-14T09:32:20Z","caller":"cmd/main.go:48","msg":"Constellation Node Join Service","version":"2.1.0","cloudProvider":"qemu"} +{"level":"INFO","ts":"2022-10-14T09:32:20Z","logger":"validator","caller":"watcher/validator.go:96","msg":"Updating expected measurements"} +... +``` + +Once all nodes have joined your cluster, it may take a couple of minutes for all resources to become available. +You can check on the state of your cluster by running the following: + +```shell-session +$ kubectl get nodes +NAME STATUS ROLES AGE VERSION +control-plane-0 Ready control-plane 2m59s v1.24.6 +worker-0 Ready 32s v1.24.6 +``` + +## Deploy a sample application + +1. Deploy the [emojivoto app](https://github.com/BuoyantIO/emojivoto) + + ```bash + kubectl apply -k github.com/BuoyantIO/emojivoto/kustomize/deployment + ``` + +2. Expose the frontend service locally + + ```bash + kubectl wait --for=condition=available --timeout=60s -n emojivoto --all deployments + kubectl -n emojivoto port-forward svc/web-svc 8080:80 & + curl http://localhost:8080 + kill %1 + ``` + +## Terminate your cluster + + + + +Once you are done, you can clean up the created resources using the following command: + +```bash +constellation mini down +``` + +This will destroy your cluster and clean up your workspace. +The VM image and cluster configuration file (`constellation-conf.yaml`) will be kept and may be reused to create new clusters. + + + + +Once you are done, you can clean up the created resources using the following command: + +```bash +constellation terminate +``` + +This should give the following output: + +```shell-session +$ constellation terminate +You are about to terminate a Constellation cluster. +All of its associated resources will be DESTROYED. +This action is irreversible and ALL DATA WILL BE LOST. +Do you want to continue? [y/n]: +``` + +Confirm with `y` to terminate the cluster: + +```shell-session +Terminating ... +Your Constellation cluster was terminated successfully. +``` + +This will destroy your cluster and clean up your workspace. +The VM image and cluster configuration file (`constellation-conf.yaml`) will be kept and may be reused to create new clusters. + + + + +## Troubleshooting + +Make sure to use the [latest release](https://github.com/edgelesssys/constellation/releases/latest) and check out the [known issues](https://github.com/edgelesssys/constellation/issues?q=is%3Aopen+is%3Aissue+label%3A%22known+issue%22). + +### VMs have no internet access / CLI remains in "Initializing cluster" state + +`iptables` rules may prevent your VMs from accessing the internet. +Make sure your rules aren't dropping forwarded packages. + +List your rules: + +```bash +sudo iptables -S +``` + +The output may look similar to the following: + +```shell-session +-P INPUT ACCEPT +-P FORWARD DROP +-P OUTPUT ACCEPT +-N DOCKER +-N DOCKER-ISOLATION-STAGE-1 +-N DOCKER-ISOLATION-STAGE-2 +-N DOCKER-USER +``` + +If your `FORWARD` chain is set to `DROP`, you need to update your rules: + +```bash +sudo iptables -P FORWARD ACCEPT +``` diff --git a/docs/versioned_docs/version-2.18/getting-started/first-steps.md b/docs/versioned_docs/version-2.18/getting-started/first-steps.md new file mode 100644 index 000000000..128ac2849 --- /dev/null +++ b/docs/versioned_docs/version-2.18/getting-started/first-steps.md @@ -0,0 +1,229 @@ +# First steps with Constellation + +The following steps guide you through the process of creating a cluster and deploying a sample app. This example assumes that you have successfully [installed and set up Constellation](install.md), +and have access to a cloud subscription. + +:::tip +If you don't have a cloud subscription, you can also set up a [local Constellation cluster using virtualization](../getting-started/first-steps-local.md) for testing. +::: + +:::note +If you encounter any problem with the following steps, make sure to use the [latest release](https://github.com/edgelesssys/constellation/releases/latest) and check out the [known issues](https://github.com/edgelesssys/constellation/issues?q=is%3Aopen+is%3Aissue+label%3A%22known+issue%22). +::: + +## Create a cluster + +1. Create the [configuration file](../workflows/config.md) and state file for your cloud provider. If you are following the steps of this guide, there is no need to edit the file. + + + + + ```bash + constellation config generate aws + ``` + + + + + ```bash + constellation config generate azure + ``` + + + + + ```bash + constellation config generate gcp + ``` + + + + + ```bash + constellation config generate stackit + ``` + + + + +2. Create your [IAM configuration](../workflows/config.md#creating-an-iam-configuration). + + + + + ```bash + constellation iam create aws --zone=us-east-2a --prefix=constellTest --update-config + ``` + + This command creates IAM configuration for the AWS zone `us-east-2a` using the prefix `constellTest` for all named resources being created. It also updates the configuration file `constellation-conf.yaml` in your current directory with the IAM values filled in. + + Depending on the attestation variant selected on config generation, different regions are available. + AMD SEV-SNP machines (requires the default attestation variant `awsSEVSNP`) are currently available in the following regions: + * `eu-west-1` + * `us-east-2` + + You can find a list of regions that support AMD SEV-SNP in [AWS's documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snp-requirements.html). + + NitroTPM machines (requires the attestation variant `awsNitroTPM`) are available in all regions. + Constellation OS images are currently replicated to the following regions: + * `eu-central-1` + * `eu-west-1` + * `eu-west-3` + * `us-east-2` + * `ap-south-1` + + If you require the OS image to be available in another region, [let us know](https://github.com/edgelesssys/constellation/issues/new?assignees=&labels=&template=feature_request.md&title=Support+new+AWS+image+region:+xx-xxxx-x). + + You can find a list of all [regions in AWS's documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions). + + + + + ```bash + constellation iam create azure --subscriptionID 00000000-0000-0000-0000-000000000000 --region=westus --resourceGroup=constellTest --servicePrincipal=spTest --update-config + ``` + + This command creates IAM configuration on the Azure region `westus` creating a new resource group `constellTest` and a new service principal `spTest`. It also updates the configuration file `constellation-conf.yaml` in your current directory with the IAM values filled in. + + CVMs are available in several Azure regions. Constellation OS images are currently replicated to the following: + + * `germanywestcentral` + * `westus` + * `eastus` + * `northeurope` + * `westeurope` + * `southeastasia` + + If you require the OS image to be available in another region, [let us know](https://github.com/edgelesssys/constellation/issues/new?assignees=&labels=&template=feature_request.md&title=Support+new+Azure+image+region:+xx-xxxx-x). + + You can find a list of all [regions in Azure's documentation](https://azure.microsoft.com/en-us/global-infrastructure/services/?products=virtual-machines®ions=all). + + + + + ```bash + constellation iam create gcp --projectID=yourproject-12345 --zone=europe-west2-a --serviceAccountID=constell-test --update-config + ``` + + This command creates IAM configuration in the GCP project `yourproject-12345` on the GCP zone `europe-west2-a` creating a new service account `constell-test`. It also updates the configuration file `constellation-conf.yaml` in your current directory with the IAM values filled in. + + Note that only regions offering CVMs of the `C2D` or `N2D` series are supported. You can find a [list of all regions in Google's documentation](https://cloud.google.com/compute/docs/regions-zones#available), which you can filter by machine type `C2D` or `N2D`. + + + + + To use Constellation on STACKIT, the cluster will use the User Access Token (UAT) that's generated [during the install step](./install.md). + After creating the accounts, fill in the STACKIT details in `constellation-conf.yaml` under `provider.openstack`: + + * `stackitProjectID`: STACKIT project id (can be found after login on the [STACKIT portal](https://portal.stackit.cloud)) + + + + + :::tip + To learn about all options you have for managing IAM resources and Constellation configuration, see the [Configuration workflow](../workflows/config.md). + ::: + + + +3. Create the cluster. `constellation apply` uses options set in `constellation-conf.yaml`. + If you want to manually manage your cloud resources, for example by using [Terraform](../reference/terraform.md), follow the corresponding instructions in the [Create workflow](../workflows/create.md). + + :::tip + + On Azure, you may need to wait 15+ minutes at this point for role assignments to propagate. + + ::: + + ```bash + constellation apply -y + ``` + + This should look similar to the following: + + ```shell-session + $ constellation apply -y + Checking for infrastructure changes + The following Constellation cluster will be created: + 3 control-plane nodes of type n2d-standard-4 will be created. + 1 worker node of type n2d-standard-4 will be created. + Creating + Cloud infrastructure created successfully + Your Constellation master secret was successfully written to ./constellation-mastersecret.json + Connecting + Initializing cluster + Installing Kubernetes components + Your Constellation cluster was successfully initialized. + + Constellation cluster identifier g6iMP5wRU1b7mpOz2WEISlIYSfdAhB0oNaOg6XEwKFY= + Kubernetes configuration constellation-admin.conf + + You can now connect to your cluster by executing: + export KUBECONFIG="$PWD/constellation-admin.conf" + ``` + + The cluster's identifier will be different in your output. + Keep `constellation-mastersecret.json` somewhere safe. + This will allow you to [recover your cluster](../workflows/recovery.md) in case of a disaster. + + :::info + + Depending on your CSP and region, `constellation apply` may take 10+ minutes to complete. + + ::: + +4. Configure kubectl. + + ```bash + export KUBECONFIG="$PWD/constellation-admin.conf" + ``` + +## Deploy a sample application + +1. Deploy the [emojivoto app](https://github.com/BuoyantIO/emojivoto) + + ```bash + kubectl apply -k github.com/BuoyantIO/emojivoto/kustomize/deployment + ``` + +2. Expose the frontend service locally + + ```bash + kubectl wait --for=condition=available --timeout=60s -n emojivoto --all deployments + kubectl -n emojivoto port-forward svc/web-svc 8080:80 & + curl http://localhost:8080 + kill %1 + ``` + +## Terminate your cluster + +Use the CLI to terminate your cluster. If you manually used [Terraform](../reference/terraform.md) to manage your cloud resources, follow the corresponding instructions in the [Terminate workflow](../workflows/terminate.md). + +```bash +constellation terminate +``` + +This should give the following output: + +```shell-session +$ constellation terminate +You are about to terminate a Constellation cluster. +All of its associated resources will be DESTROYED. +This action is irreversible and ALL DATA WILL BE LOST. +Do you want to continue? [y/n]: +``` + +Confirm with `y` to terminate the cluster: + +```shell-session +Terminating ... +Your Constellation cluster was terminated successfully. +``` + +Optionally, you can also [delete your IAM resources](../workflows/config.md#deleting-an-iam-configuration). diff --git a/docs/versioned_docs/version-2.18/getting-started/install.md b/docs/versioned_docs/version-2.18/getting-started/install.md new file mode 100644 index 000000000..d52e43476 --- /dev/null +++ b/docs/versioned_docs/version-2.18/getting-started/install.md @@ -0,0 +1,429 @@ +# Installation and setup + +Constellation runs entirely in your cloud environment and can be controlled via a dedicated [command-line interface (CLI)](../reference/cli.md) or a [Terraform provider](../workflows/terraform-provider.md). + +## Prerequisites + +Make sure the following requirements are met: + +* Your machine is running Linux, macOS, or Windows +* You have admin rights on your machine +* [kubectl](https://kubernetes.io/docs/tasks/tools/) is installed +* Your CSP is Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), or STACKIT + +## Install the Constellation CLI + +:::tip + +If you prefer to use Terraform, you can alternatively use the [Terraform provider](../workflows/terraform-provider.md) to manage the cluster's lifecycle. + +::: + +The CLI executable is available at [GitHub](https://github.com/edgelesssys/constellation/releases). +Install it with the following commands: + + + + +1. Download the CLI: + +```bash +curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/constellation-linux-amd64 +``` + +2. [Verify the signature](../workflows/verify-cli.md) (optional) + +3. Install the CLI to your PATH: + +```bash +sudo install constellation-linux-amd64 /usr/local/bin/constellation +``` + + + + +1. Download the CLI: + +```bash +curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/constellation-linux-arm64 +``` + +2. [Verify the signature](../workflows/verify-cli.md) (optional) + +3. Install the CLI to your PATH: + +```bash +sudo install constellation-linux-arm64 /usr/local/bin/constellation +``` + + + + + +1. Download the CLI: + +```bash +curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/constellation-darwin-arm64 +``` + +2. [Verify the signature](../workflows/verify-cli.md) (optional) + +3. Install the CLI to your PATH: + +```bash +sudo install constellation-darwin-arm64 /usr/local/bin/constellation +``` + + + + + +1. Download the CLI: + +```bash +curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/constellation-darwin-amd64 +``` + +2. [Verify the signature](../workflows/verify-cli.md) (optional) + +3. Install the CLI to your PATH: + +```bash +sudo install constellation-darwin-amd64 /usr/local/bin/constellation +``` + + + + + +1. Download the CLI: + +```bash +Invoke-WebRequest -OutFile ./constellation.exe -Uri 'https://github.com/edgelesssys/constellation/releases/latest/download/constellation-windows-amd64.exe' +``` + +2. [Verify the signature](../workflows/verify-cli.md) (optional) + +3. Install the CLI under `C:\Program Files\Constellation\bin\constellation.exe` + +3. Add the CLI to your PATH: + + 1. Open `Advanced system settings` by searching for the App in the Windows search + 2. Go to the `Advanced` tab + 3. Click `Environment Variables…` + 4. Click variable called `Path` and click `Edit…` + 5. Click `New` + 6. Enter the path to the folder containing the binary you want on your PATH: `C:\Program Files\Constellation\bin` + + + + +:::tip +The CLI supports autocompletion for various shells. To set it up, run `constellation completion` and follow the given steps. +::: + +## Set up cloud credentials + +Constellation makes authenticated calls to the CSP API. Therefore, you need to set up Constellation with the credentials for your CSP. + +:::tip +If you don't have a cloud subscription, you can also set up a [local Constellation cluster using virtualization](../getting-started/first-steps-local.md) for testing. +::: + +### Required permissions + + + + +To set up a Constellation cluster, you need to perform two tasks that require permissions: create the infrastructure and create roles for cluster nodes. Both of these actions can be performed by different users, e.g., an administrator to create roles and a DevOps engineer to create the infrastructure. + +To [create the IAM configuration](../workflows/config.md#creating-an-iam-configuration) for Constellation, you need the following permissions: + +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:DescribeAccountAttributes", + "iam:AddRoleToInstanceProfile", + "iam:AttachRolePolicy", + "iam:CreateInstanceProfile", + "iam:CreatePolicy", + "iam:CreateRole", + "iam:DeleteInstanceProfile", + "iam:DeletePolicy", + "iam:DeletePolicyVersion", + "iam:DeleteRole", + "iam:DetachRolePolicy", + "iam:GetInstanceProfile", + "iam:GetPolicy", + "iam:GetPolicyVersion", + "iam:GetRole", + "iam:ListAttachedRolePolicies", + "iam:ListInstanceProfilesForRole", + "iam:ListPolicyVersions", + "iam:ListRolePolicies", + "iam:PassRole", + "iam:RemoveRoleFromInstanceProfile", + "sts:GetCallerIdentity" + ], + "Resource": "*" + } + ] +} +``` + +The built-in `AdministratorAccess` policy is a superset of these permissions. + +To [create a Constellation cluster](../workflows/create.md), see the permissions of [main.tf](https://github.com/edgelesssys/constellation/blob/main/terraform/infrastructure/iam/aws/main.tf). + +The built-in `PowerUserAccess` policy is a superset of these permissions. + +Follow Amazon's guide on [understanding](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) and [managing policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html). + + + + +The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription: + +* `Microsoft.Attestation` +* `Microsoft.Compute` +* `Microsoft.Insights` +* `Microsoft.ManagedIdentity` +* `Microsoft.Network` + +By default, Constellation tries to register these automatically if they haven't been registered before. + +To [create the IAM configuration](../workflows/config.md#creating-an-iam-configuration) for Constellation, you need the following permissions: + +* `*/register/action` \[1] +* `Microsoft.Authorization/roleAssignments/*` +* `Microsoft.Authorization/roleDefinitions/*` +* `Microsoft.ManagedIdentity/userAssignedIdentities/*` +* `Microsoft.Resources/subscriptions/resourcegroups/*` + +The built-in `Owner` role is a superset of these permissions. + +To [create a Constellation cluster](../workflows/create.md), you need the following permissions: + +* `Microsoft.Attestation/attestationProviders/*` +* `Microsoft.Compute/virtualMachineScaleSets/*` +* `Microsoft.Insights/components/*` +* `Microsoft.ManagedIdentity/userAssignedIdentities/*` +* `Microsoft.Network/loadBalancers/*` +* `Microsoft.Network/loadBalancers/backendAddressPools/*` +* `Microsoft.Network/networkSecurityGroups/*` +* `Microsoft.Network/publicIPAddresses/*` +* `Microsoft.Network/virtualNetworks/*` +* `Microsoft.Network/virtualNetworks/subnets/*` +* `Microsoft.Network/natGateways/*` + +The built-in `Contributor` role is a superset of these permissions. + +Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/azure/role-based-access-control/role-definitions) and [assigning roles](https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments). + +1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration. + + + + +Create a new project for Constellation or use an existing one. +Enable the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com) on it. + +To [create the IAM configuration](../workflows/config.md#creating-an-iam-configuration) for Constellation, you need the following permissions: + +* `iam.serviceAccountKeys.create` +* `iam.serviceAccountKeys.delete` +* `iam.serviceAccountKeys.get` +* `iam.serviceAccounts.create` +* `iam.serviceAccounts.delete` +* `iam.serviceAccounts.get` +* `resourcemanager.projects.getIamPolicy` +* `resourcemanager.projects.setIamPolicy` + +Together, the built-in roles `roles/editor` and `roles/resourcemanager.projectIamAdmin` form a superset of these permissions. + +To [create a Constellation cluster](../workflows/create.md), you need the following permissions: + +* `compute.addresses.createInternal` +* `compute.addresses.deleteInternal` +* `compute.addresses.get` +* `compute.addresses.useInternal` +* `compute.backendServices.create` +* `compute.backendServices.delete` +* `compute.backendServices.get` +* `compute.backendServices.use` +* `compute.disks.create` +* `compute.firewalls.create` +* `compute.firewalls.delete` +* `compute.firewalls.get` +* `compute.firewalls.update` +* `compute.globalAddresses.create` +* `compute.globalAddresses.delete` +* `compute.globalAddresses.get` +* `compute.globalAddresses.use` +* `compute.globalForwardingRules.create` +* `compute.globalForwardingRules.delete` +* `compute.globalForwardingRules.get` +* `compute.globalForwardingRules.setLabels` +* `compute.globalOperations.get` +* `compute.healthChecks.create` +* `compute.healthChecks.delete` +* `compute.healthChecks.get` +* `compute.healthChecks.useReadOnly` +* `compute.instanceGroupManagers.create` +* `compute.instanceGroupManagers.delete` +* `compute.instanceGroupManagers.get` +* `compute.instanceGroupManagers.update` +* `compute.instanceGroups.create` +* `compute.instanceGroups.delete` +* `compute.instanceGroups.get` +* `compute.instanceGroups.update` +* `compute.instanceGroups.use` +* `compute.instances.create` +* `compute.instances.setLabels` +* `compute.instances.setMetadata` +* `compute.instances.setTags` +* `compute.instanceTemplates.create` +* `compute.instanceTemplates.delete` +* `compute.instanceTemplates.get` +* `compute.instanceTemplates.useReadOnly` +* `compute.networks.create` +* `compute.networks.delete` +* `compute.networks.get` +* `compute.networks.updatePolicy` +* `compute.routers.create` +* `compute.routers.delete` +* `compute.routers.get` +* `compute.routers.update` +* `compute.subnetworks.create` +* `compute.subnetworks.delete` +* `compute.subnetworks.get` +* `compute.subnetworks.use` +* `compute.targetTcpProxies.create` +* `compute.targetTcpProxies.delete` +* `compute.targetTcpProxies.get` +* `compute.targetTcpProxies.use` +* `iam.serviceAccounts.actAs` + +Together, the built-in roles `roles/editor`, `roles/compute.instanceAdmin` and `roles/resourcemanager.projectIamAdmin` form a superset of these permissions. + +Follow Google's guide on [understanding](https://cloud.google.com/iam/docs/understanding-roles) and [assigning roles](https://cloud.google.com/iam/docs/granting-changing-revoking-access). + + + + +Constellation on STACKIT requires a User Access Token (UAT) for the OpenStack API and a STACKIT service account. +The UAT already has all required permissions by default. +The STACKIT service account needs the `editor` role to create STACKIT LoadBalancers. +Look at the [STACKIT documentation](https://docs.stackit.cloud/stackit/en/getting-started-in-service-accounts-134415831.html) on how to create the service account and assign the role. + + + + +### Authentication + +You need to authenticate with your CSP. The following lists the required steps for *testing* and *production* environments. + +:::note +The steps for a *testing* environment are simpler. However, they may expose secrets to the CSP. If in doubt, follow the *production* steps. +::: + + + + +**Testing** + +You can use the [AWS CloudShell](https://console.aws.amazon.com/cloudshell/home). Make sure you are [authorized to use it](https://docs.aws.amazon.com/cloudshell/latest/userguide/sec-auth-with-identities.html). + +**Production** + +Use the latest version of the [AWS CLI](https://aws.amazon.com/cli/) on a trusted machine: + +```bash +aws configure +``` + +Options and first steps are described in the [AWS CLI documentation](https://docs.aws.amazon.com/cli/index.html). + + + + +**Testing** + +Simply open the [Azure Cloud Shell](https://docs.microsoft.com/en-us/azure/cloud-shell/overview). + +**Production** + +Use the latest version of the [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/) on a trusted machine: + +```bash +az login +``` + +Other options are described in Azure's [authentication guide](https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli). + + + + +**Testing** + +You can use the [Google Cloud Shell](https://cloud.google.com/shell). Make sure your [session is authorized](https://cloud.google.com/shell/docs/auth). For example, execute `gsutil` and accept the authorization prompt. + +**Production** + +Use one of the following options on a trusted machine: + +* Use the [`gcloud` CLI](https://cloud.google.com/sdk/gcloud) + + ```bash + gcloud auth application-default login + ``` + + This will ask you to log-in to your Google account and create your credentials. + The Constellation CLI will automatically load these credentials when needed. + +* Set up a service account and pass the credentials manually + + Follow [Google's guide](https://cloud.google.com/docs/authentication/production#manually) for setting up your credentials. + + + + +You need to authenticate with the infrastructure API (OpenStack) and create a service account (STACKIT API). + +1. [Follow the STACKIT documentation](https://docs.stackit.cloud/stackit/en/step-1-generating-of-user-access-token-11763726.html) for obtaining a User Access Token (UAT) to use the infrastructure API +2. Create a configuration file under `~/.config/openstack/clouds.yaml` (`%AppData%\openstack\clouds.yaml` on Windows) with the credentials from the User Access Token + + ```yaml + clouds: + stackit: + auth: + auth_url: https://keystone.api.iaas.eu01.stackit.cloud/v3 + username: REPLACE_WITH_UAT_USERNAME + password: REPLACE_WITH_UAT_PASSWORD + project_id: REPLACE_WITH_STACKIT_PROJECT_ID + project_name: REPLACE_WITH_STACKIT_PROJECT_NAME + user_domain_name: portal_mvp + project_domain_name: portal_mvp + region_name: RegionOne + identity_api_version: 3 + ``` + +3. [Follow the STACKIT documentation](https://docs.stackit.cloud/stackit/en/getting-started-in-service-accounts-134415831.html) for creating a service account and an access token +4. Assign the `editor` role to the service account by [following the documentation](https://docs.stackit.cloud/stackit/en/getting-started-in-service-accounts-134415831.html) +5. Create a configuration file under `~/.stackit/credentials.json` (`%USERPROFILE%\.stackit\credentials.json` on Windows) + + ```json + {"STACKIT_SERVICE_ACCOUNT_TOKEN":"REPLACE_WITH_TOKEN"} + ``` + + + + + +## Next steps + +You are now ready to [deploy your first confidential Kubernetes cluster and application](first-steps.md). diff --git a/docs/versioned_docs/version-2.18/getting-started/marketplaces.md b/docs/versioned_docs/version-2.18/getting-started/marketplaces.md new file mode 100644 index 000000000..a6763a42a --- /dev/null +++ b/docs/versioned_docs/version-2.18/getting-started/marketplaces.md @@ -0,0 +1,56 @@ +# Using Constellation via Cloud Marketplaces + +Constellation is available through the Marketplaces of AWS, Azure, GCP, and STACKIT. This allows you to create self-managed Constellation clusters that are billed on a pay-per-use basis (hourly, per vCPU) with your CSP account. You can still get direct support by Edgeless Systems. For more information, please [contact us](https://www.edgeless.systems/enterprise-support/). + +This document explains how to run Constellation with the dynamically billed cloud marketplace images. + + + + +To use Constellation's marketplace images, ensure that you are subscribed to the [marketplace offering](https://aws.amazon.com/marketplace/pp/prodview-2mbn65nv57oys) through the web portal. + +Then, enable the use of marketplace images in your Constellation `constellation-conf.yaml` [config file](../workflows/config.md): + +```bash +yq eval -i ".provider.aws.useMarketplaceImage = true" constellation-conf.yaml +``` + + + + +Constellation has a private marketplace plan. Please [contact us](https://www.edgeless.systems/enterprise-support/) to gain access. + +To use a marketplace image, you need to accept the marketplace image's terms once for your subscription with the [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/vm/image/terms?view=azure-cli-latest): + +```bash +az vm image terms accept --publisher edgelesssystems --offer constellation --plan constellation +``` + +Then, enable the use of marketplace images in your Constellation `constellation-conf.yaml` [config file](../workflows/config.md): + +```bash +yq eval -i ".provider.azure.useMarketplaceImage = true" constellation-conf.yaml +``` + + + + +To use a marketplace image, ensure that the account is entitled to use marketplace images by Edgeless Systems by accepting the terms through the [web portal](https://console.cloud.google.com/marketplace/vm/config/edgeless-systems-public/constellation). + +Then, enable the use of marketplace images in your Constellation `constellation-conf.yaml` [config file](../workflows/config.md): + +```bash +yq eval -i ".provider.gcp.useMarketplaceImage = true" constellation-conf.yaml +``` + + + + +On STACKIT, the selected Constellation image is always a marketplace image. You can find more information on the STACKIT portal. + + + + +Ensure that the cluster uses an official release image version (i.e., `.image=vX.Y.Z` in the `constellation-conf.yaml` file). + +From there, you can proceed with the [cluster creation](../workflows/create.md) as usual. diff --git a/docs/versioned_docs/version-2.18/intro.md b/docs/versioned_docs/version-2.18/intro.md new file mode 100644 index 000000000..0bfe86da9 --- /dev/null +++ b/docs/versioned_docs/version-2.18/intro.md @@ -0,0 +1,34 @@ +--- +slug: / +id: intro +--- +# Introduction + +Welcome to the documentation of Constellation! Constellation is a Kubernetes engine that aims to provide the best possible data security. + +![Constellation concept](/img/concept.svg) + + Constellation shields your entire Kubernetes cluster from the underlying cloud infrastructure. Everything inside is always encrypted, including at runtime in memory. For this, Constellation leverages a technology called *confidential computing* and more specifically Confidential VMs. + +:::tip +See the 📄[whitepaper](https://content.edgeless.systems/hubfs/Confidential%20Computing%20Whitepaper.pdf) for more information on confidential computing. +::: + +## Goals + +From a security perspective, Constellation is designed to keep all data always encrypted and to prevent any access from the underlying (cloud) infrastructure. This includes access from datacenter employees, privileged cloud admins, and attackers coming through the infrastructure. Such attackers could be malicious co-tenants escalating their privileges or hackers who managed to compromise a cloud server. + +From a DevOps perspective, Constellation is designed to work just like what you would expect from a modern Kubernetes engine. + +## Use cases + +Constellation provides unique security [features](overview/confidential-kubernetes.md) and [benefits](overview/security-benefits.md). The core use cases are: + +* Increasing the overall security of your clusters +* Increasing the trustworthiness of your SaaS offerings +* Moving sensitive workloads from on-prem to the cloud +* Meeting regulatory requirements + +## Next steps + +You can learn more about the concept of Confidential Kubernetes, features, security benefits, and performance of Constellation in the *Basics* section. To jump right into the action head to *Getting started*. diff --git a/docs/versioned_docs/version-2.18/overview/clouds.md b/docs/versioned_docs/version-2.18/overview/clouds.md new file mode 100644 index 000000000..34f48d3f8 --- /dev/null +++ b/docs/versioned_docs/version-2.18/overview/clouds.md @@ -0,0 +1,64 @@ +# Feature status of clouds + +What works on which cloud? Currently, Confidential VMs (CVMs) are available in varying quality on the different clouds and software stacks. + +For Constellation, the ideal environment provides the following: + +1. Ability to run arbitrary software and images inside CVMs +2. CVMs based on AMD SEV-SNP (available in EPYC CPUs since the Milan generation) or Intel TDX (available in Xeon CPUs since the Sapphire Rapids generation) +3. Ability for CVM guests to obtain raw hardware attestation statements +4. Reviewable, open-source firmware inside CVMs +5. Capability of the firmware to attest the integrity of the code it passes control to, e.g., with an embedded virtual TPM (vTPM) + +(1) is a functional must-have. (2)--(5) are required for remote attestation that fully keeps the infrastructure/cloud out. Constellation can work without them or with approximations, but won't protect against certain privileged attackers anymore. + +The following table summarizes the state of features for different infrastructures. + +| **Feature** | **AWS** | **Azure** | **GCP** | **STACKIT** | **OpenStack (Yoga)** | +|-----------------------------------|---------|-----------|---------|--------------|----------------------| +| **1. Custom images** | Yes | Yes | Yes | Yes | Yes | +| **2. SEV-SNP or TDX** | Yes | Yes | Yes | No | Depends on kernel/HV | +| **3. Raw guest attestation** | Yes | Yes | Yes | No | Depends on kernel/HV | +| **4. Reviewable firmware** | Yes | No | No | No | Depends on kernel/HV | +| **5. Confidential measured boot** | No | Yes | No | No | Depends on kernel/HV | + +## Amazon Web Services (AWS) + +Amazon EC2 [supports AMD SEV-SNP](https://aws.amazon.com/de/about-aws/whats-new/2023/04/amazon-ec2-amd-sev-snp/). +Regarding (3), AWS provides direct access to attestation statements. +However, regarding (5), attestation is partially based on the [NitroTPM](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) for [measured boot](../architecture/attestation.md#measured-boot), which is a vTPM managed by the Nitro hypervisor. +Hence, the hypervisor is currently part of Constellation's TCB. +Regarding (4), the [firmware is open source](https://github.com/aws/uefi) and can be reproducibly built. + +## Microsoft Azure + +With its [CVM offering](https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview), Azure provides the best foundations for Constellation. +Regarding (3), Azure provides direct access to attestation statements. +The firmware runs in an isolated domain inside the CVM and exposes a vTPM (5), but it's closed source (4). +On SEV-SNP, Azure uses VM Privilege Level (VMPL) isolation for the separation of firmware and the rest of the VM; on TDX, they use TD partitioning. +This firmware is signed by Azure. +The signature is reflected in the attestation statements of CVMs. +Thus, the Azure closed-source firmware becomes part of Constellation's trusted computing base (TCB). + +## Google Cloud Platform (GCP) + +The [CVMs Generally Available in GCP](https://cloud.google.com/confidential-computing/confidential-vm/docs/confidential-vm-overview#technologies) are based on AMD SEV-ES or SEV-SNP. +Regarding (3), with their SEV-SNP offering Google provides direct access to attestation statements. +However, regarding (5), attestation is partially based on the [Shielded VM vTPM](https://cloud.google.com/compute/shielded-vm/docs/shielded-vm#vtpm) for [measured boot](../architecture/attestation.md#measured-boot), which is a vTPM managed by Google's hypervisor. +Hence, the hypervisor is currently part of Constellation's TCB. +Regarding (4), the CVMs still include closed-source firmware. + +[TDX on Google](https://cloud.google.com/blog/products/identity-security/confidential-vms-on-intel-cpus-your-datas-new-intelligent-defense) is in public preview. +With it, Constellation would have a similar TCB and attestation flow as with the current SEV-SNP offering. + +## STACKIT + +[STACKIT Compute Engine](https://www.stackit.de/en/product/stackit-compute-engine/) supports AMD SEV-ES. A vTPM is used for measured boot, which is a vTPM managed by STACKIT's hypervisor. Hence, the hypervisor is currently part of Constellation's TCB. + +## OpenStack + +OpenStack is an open-source cloud and infrastructure management software. It's used by many smaller CSPs and datacenters. In the latest *Yoga* version, OpenStack has basic support for CVMs. However, much depends on the employed kernel and hypervisor. Features (2)--(4) are likely to be a *Yes* with Linux kernel version 6.2. Thus, going forward, OpenStack on corresponding AMD or Intel hardware will be a viable underpinning for Constellation. + +## Conclusion + +The different clouds and software like the Linux kernel and OpenStack are in the process of building out their support for state-of-the-art CVMs. Azure has already most features in place. For Constellation, the status quo means that the TCB has different shapes on different infrastructures. With broad SEV-SNP support coming to the Linux kernel, we soon expect a normalization of features across infrastructures. diff --git a/docs/versioned_docs/version-2.18/overview/confidential-kubernetes.md b/docs/versioned_docs/version-2.18/overview/confidential-kubernetes.md new file mode 100644 index 000000000..ca20df4de --- /dev/null +++ b/docs/versioned_docs/version-2.18/overview/confidential-kubernetes.md @@ -0,0 +1,42 @@ +# Confidential Kubernetes + +We use the term *Confidential Kubernetes* to refer to the concept of using confidential-computing technology to shield entire Kubernetes clusters from the infrastructure. The three defining properties of this concept are: + +1. **Workload shielding**: the confidentiality and integrity of all workload-related data and code are enforced. +2. **Control plane shielding**: the confidentiality and integrity of the cluster's control plane, state, and workload configuration are enforced. +3. **Attestation and verifiability**: the two properties above can be verified remotely based on hardware-rooted cryptographic certificates. + +Each of the above properties is equally important. Only with all three in conjunction, an entire cluster can be shielded without gaps. + +## Constellation security features + +Constellation implements the Confidential Kubernetes concept with the following security features. + +* **Runtime encryption**: Constellation runs all Kubernetes nodes inside Confidential VMs (CVMs). This gives runtime encryption for the entire cluster. +* **Network and storage encryption**: Constellation augments this with transparent encryption of the [network](../architecture/networking.md), [persistent storage](../architecture/encrypted-storage.md), and other managed storage like [AWS S3](../architecture/encrypted-storage.md#encrypted-s3-object-storage). Thus, workloads and control plane are truly end-to-end encrypted: at rest, in transit, and at runtime. +* **Transparent key management**: Constellation manages the corresponding [cryptographic keys](../architecture/keys.md) inside CVMs. +* **Node attestation and verification**: Constellation verifies the integrity of each new CVM-based node using [remote attestation](../architecture/attestation.md). Only "good" nodes receive the cryptographic keys required to access the network and storage of a cluster. +* **Confidential computing-optimized images**: A node is "good" if it's running a signed Constellation [node image](../architecture/images.md) inside a CVM and is in the expected state. (Node images are hardware-measured during boot. The measurements are reflected in the attestation statements that are produced by nodes and verified by Constellation.) +* **"Whole cluster" attestation**: Towards the DevOps engineer, Constellation provides a single hardware-rooted certificate from which all of the above can be verified. + +With the above, Constellation wraps an entire cluster into one coherent and verifiable *confidential context*. The concept is depicted in the following. + +![Confidential Kubernetes](../_media/concept-constellation.svg) + +## Contrast: Managed Kubernetes with CVMs + +In contrast, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. + +![Concept: Managed Kubernetes plus CVMs](../_media/concept-managed.svg) + +The following table highlights the key differences in terms of features. + +| | Managed Kubernetes with CVMs | Confidential Kubernetes (Constellation✨) | +|-------------------------------------|------------------------------|--------------------------------------------| +| Runtime encryption | Partial (data plane only)| **Yes** | +| Node image verification | No | **Yes** | +| Full cluster attestation | No | **Yes** | +| Transparent network encryption | No | **Yes** | +| Transparent storage encryption | No | **Yes** | +| Confidential key management | No | **Yes** | +| Cloud agnostic / multi-cloud | No | **Yes** | diff --git a/docs/versioned_docs/version-2.18/overview/license.md b/docs/versioned_docs/version-2.18/overview/license.md new file mode 100644 index 000000000..34122c025 --- /dev/null +++ b/docs/versioned_docs/version-2.18/overview/license.md @@ -0,0 +1,33 @@ +# License + +## Source code + +Constellation's source code is available on [GitHub](https://github.com/edgelesssys/constellation) under the [GNU Affero General Public License v3.0](https://github.com/edgelesssys/constellation/blob/main/LICENSE). + +## Binaries + +Edgeless Systems provides ready-to-use and [signed](../architecture/attestation.md#chain-of-trust) binaries of Constellation. This includes the CLI and the [node images](../architecture/images.md). + +These binaries may be used free of charge within the bounds of Constellation's [**Community License**](#community-license). An [**Enterprise License**](#enterprise-license) can be purchased from Edgeless Systems. + +The Constellation CLI displays relevant license information when you initialize your cluster. You are responsible for staying within the bounds of your respective license. Constellation doesn't enforce any limits so as not to endanger your cluster's availability. + +## Terraform provider + +Edgeless Systems provides a [Terraform provider](https://github.com/edgelesssys/terraform-provider-constellation/releases), which may be used free of charge within the bounds of Constellation's [**Community License**](#community-license). An [**Enterprise License**](#enterprise-license) can be purchased from Edgeless Systems. + +You are responsible for staying within the bounds of your respective license. Constellation doesn't enforce any limits so as not to endanger your cluster's availability. + +## Community License + +You are free to use the Constellation binaries provided by Edgeless Systems to create services for internal consumption, evaluation purposes, or non-commercial use. You must not use the Constellation binaries to provide commercial hosted services to third parties. Edgeless Systems gives no warranties and offers no support. + +## Enterprise License + +Enterprise Licenses don't have the above limitations and come with support and additional features. Find out more at the [product website](https://www.edgeless.systems/products/constellation/). + +Once you have received your Enterprise License file, place it in your [Constellation workspace](../architecture/orchestration.md#workspaces) in a file named `constellation.license`. + +## CSP Marketplaces + +Constellation is available through the Marketplaces of AWS, Azure, GCP, and STACKIT. This allows you to create self-managed Constellation clusters that are billed on a pay-per-use basis (hourly, per vCPU) with your CSP account. You can still get direct support by Edgeless Systems. For more information, please [contact us](https://www.edgeless.systems/enterprise-support/). diff --git a/docs/versioned_docs/version-2.18/overview/performance/application.md b/docs/versioned_docs/version-2.18/overview/performance/application.md new file mode 100644 index 000000000..c67d59644 --- /dev/null +++ b/docs/versioned_docs/version-2.18/overview/performance/application.md @@ -0,0 +1,102 @@ +# Application benchmarks + +## HashiCorp Vault + +[HashiCorp Vault](https://www.vaultproject.io/) is a distributed secrets management software that can be deployed to Kubernetes. +HashiCorp maintains a benchmarking tool for vault, [vault-benchmark](https://github.com/hashicorp/vault-benchmark/). +Vault-benchmark generates load on a Vault deployment and measures response times. + +This article describes the results from running vault-benchmark on Constellation, AKS, and GKE. +You can find the setup for producing the data discussed in this article in the [vault-benchmarks](https://github.com/edgelesssys/vault-benchmarks) repository. + +The Vault API used during benchmarking is the [transits secret engine](https://developer.hashicorp.com/vault/docs/secrets/transit). +This allows services to send data to Vault for encryption, decryption, signing, and verification. + +## Results + +On each run, vault-benchmark sends requests and measures the latencies. +The measured latencies are aggregated through various statistical features. +After running the benchmark n times, the arithmetic mean over a subset of the reported statistics is calculated. +The selected features are arithmetic mean, 99th percentile, minimum, and maximum. + +Arithmetic mean gives a general sense of the latency on each target. +The 99th percentile shows performance in (most likely) erroneous states. +Minimum and maximum mark the range within which latency varies each run. + +The benchmark was configured with 1300 workers and 10 seconds per run. +Those numbers were chosen empirically. +The latency was stabilizing at 10 seconds runtime, not changing with further increase. +Increasing the number of workers beyond 1300 leads to request failures, marking the limit Vault was able to handle in this setup. +All results are based on 100 runs. + +The following data was generated while running five replicas, one primary, and four standby nodes. +All numbers are in seconds if not indicated otherwise. +``` +========== Results AKS ========== +Mean: mean: 1.632200, variance: 0.002057 +P99: mean: 5.480679, variance: 2.263700 +Max: mean: 6.651001, variance: 2.808401 +Min: mean: 0.011415, variance: 0.000133 +========== Results GKE ========== +Mean: mean: 1.656435, variance: 0.003615 +P99: mean: 6.030807, variance: 3.955051 +Max: mean: 7.164843, variance: 3.300004 +Min: mean: 0.010233, variance: 0.000111 +========== Results C11n ========== +Mean: mean: 1.651549, variance: 0.001610 +P99: mean: 5.780422, variance: 3.016106 +Max: mean: 6.942997, variance: 3.075796 +Min: mean: 0.013774, variance: 0.000228 +========== AKS vs C11n ========== +Mean: +1.171577 % (AKS is faster) +P99: +5.185495 % (AKS is faster) +Max: +4.205618 % (AKS is faster) +Min: +17.128781 % (AKS is faster) +========== GKE vs C11n ========== +Mean: -0.295851 % (GKE is slower) +P99: -4.331603 % (GKE is slower) +Max: -3.195248 % (GKE is slower) +Min: +25.710886 % (GKE is faster) +``` + +**Interpretation**: Latencies are all within ~5% of each other. +AKS performs slightly better than GKE and Constellation (C11n) in all cases except minimum latency. +Minimum latency is the lowest for GKE. +Compared to GKE, Constellation had slightly lower peak latencies (99th percentile and maximum), indicating that Constellation could have handled slightly more concurrent accesses than GKE. +Overall, performance is at comparable levels across all three distributions. +Based on these numbers, you can use a similarly sized Constellation cluster to run your existing Vault deployment. + +### Visualization + +The following plots visualize the data presented above as [box plots](https://en.wikipedia.org/wiki/Box_plot). +The whiskers denote the minimum and maximum. +The box stretches from the 25th to the 75th percentile, with the dividing bar marking the 50th percentile. +The circles outside the whiskers denote outliers. + +

      +Mean Latency + +![Mean Latency](../../_media/benchmark_vault/5replicas/mean_latency.png) + +
      + +
      +99th Percentile Latency + +![99th Percentile Latency](../../_media/benchmark_vault/5replicas/p99_latency.png) + +
      + +
      +Maximum Latency + +![Maximum Latency](../../_media/benchmark_vault/5replicas/max_latency.png) + +
      + +
      +Minimum Latency + +![Minimum Latency](../../_media/benchmark_vault/5replicas/min_latency.png) + +
      diff --git a/docs/versioned_docs/version-2.18/overview/performance/compute.md b/docs/versioned_docs/version-2.18/overview/performance/compute.md new file mode 100644 index 000000000..88dd4b1b2 --- /dev/null +++ b/docs/versioned_docs/version-2.18/overview/performance/compute.md @@ -0,0 +1,11 @@ +# Impact of runtime encryption on compute performance + +All nodes in a Constellation cluster are executed inside Confidential VMs (CVMs). Consequently, the performance of Constellation is inherently linked to the performance of these CVMs. + +## AMD and Azure benchmarking + +AMD and Azure have collectively released a [performance benchmark](https://community.amd.com/t5/business/microsoft-azure-confidential-computing-powered-by-3rd-gen-epyc/ba-p/497796) for CVMs that utilize 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. This benchmark, which included a variety of mostly compute-intensive tests such as SPEC CPU 2017 and CoreMark, demonstrated that CVMs experience only minor performance degradation (ranging from 2% to 8%) when compared to standard VMs. Such results are indicative of the performance that can be expected from compute-intensive workloads running with Constellation on Azure. + +## AMD and Google benchmarking + +Similarly, AMD and Google have jointly released a [performance benchmark](https://www.amd.com/system/files/documents/3rd-gen-epyc-gcp-c2d-conf-compute-perf-brief.pdf) for CVMs employing 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. With high-performance computing workloads such as WRF, NAMD, Ansys CFS, and Ansys LS_DYNA, they observed analogous findings, with only minor performance degradation (between 2% and 4%) compared to standard VMs. These outcomes are reflective of the performance that can be expected for compute-intensive workloads running with Constellation on GCP. diff --git a/docs/versioned_docs/version-2.18/overview/performance/io.md b/docs/versioned_docs/version-2.18/overview/performance/io.md new file mode 100644 index 000000000..3ae796f8a --- /dev/null +++ b/docs/versioned_docs/version-2.18/overview/performance/io.md @@ -0,0 +1,204 @@ +# I/O performance benchmarks + +To assess the overall performance of Constellation, this benchmark evaluates Constellation v2.6.0 in terms of storage I/O using [`fio`](https://fio.readthedocs.io/en/latest/fio_doc.html) and network performance using the [Kubernetes Network Benchmark](https://github.com/InfraBuilder/k8s-bench-suite#knb--kubernetes-network-be). + +This benchmark tested Constellation on Azure and GCP and compared the results against the managed Kubernetes offerings AKS and GKE. + +## Configurations + +### Constellation + +The benchmark was conducted with Constellation v2.6.0, Kubernetes v1.25.7, and Cilium v1.12. +It ran on the following infrastructure configurations. + +Constellation on Azure: + +- Nodes: 3 (1 Control-plane, 2 Worker) +- Machines: `DC4as_v5`: 3rd Generation AMD EPYC 7763v (Milan) processor with 4 Cores, 16 GiB memory +- CVM: `true` +- Region: `West US` +- Zone: `2` + +Constellation on GCP: + +- Nodes: 3 (1 Control-plane, 2 Worker) +- Machines: `n2d-standard-4`: 2nd Generation AMD EPYC (Rome) processor with 4 Cores, 16 GiB of memory +- CVM: `true` +- Zone: `europe-west3-b` + +### AKS + +On AKS, the benchmark used Kubernetes `v1.24.9` and nodes with version `AKSUbuntu-1804gen2containerd-2023.02.15`. +AKS ran with the [`kubenet`](https://learn.microsoft.com/en-us/azure/aks/concepts-network#kubenet-basic-networking) CNI and the [default CSI driver](https://learn.microsoft.com/en-us/azure/aks/azure-disk-csi) for Azure Disk. + +The following infrastructure configurations was used: + +- Nodes: 2 (2 Worker) +- Machines: `D4as_v5`: 3rd Generation AMD EPYC 7763v (Milan) processor with 4 Cores, 16 GiB memory +- CVM: `false` +- Region: `West US` +- Zone: `2` + +### GKE + +On GKE, the benchmark used Kubernetes `v1.24.9` and nodes with version `1.24.9-gke.3200`. +GKE ran with the [`kubenet`](https://cloud.google.com/kubernetes-engine/docs/concepts/network-overview) CNI and the [default CSI driver](https://cloud.google.com/kubernetes-engine/docs/how-to/persistent-volumes/gce-pd-csi-driver) for Compute Engine persistent disk. + +The following infrastructure configurations was used: + +- Nodes: 2 (2 Worker) +- Machines: `n2d-standard-4` 2nd Generation AMD EPYC (Rome) processor with 4 Cores, 16 GiB of memory +- CVM: `false` +- Zone: `europe-west3-b` + +## Results + +### Network + +This section gives a thorough analysis of the network performance of Constellation, specifically focusing on measuring TCP and UDP bandwidth. +The benchmark measured the bandwidth of pod-to-pod and pod-to-service connections between two different nodes using [`iperf`](https://iperf.fr/). + +GKE and Constellation on GCP had a maximum network bandwidth of [10 Gbps](https://cloud.google.com/compute/docs/general-purpose-machines#n2d_machines). +AKS with `Standard_D4as_v5` machines a maximum network bandwidth of [12.5 Gbps](https://learn.microsoft.com/en-us/azure/virtual-machines/dasv5-dadsv5-series#dasv5-series). +The Confidential VM equivalent `Standard_DC4as_v5` currently has a network bandwidth of [1.25 Gbps](https://learn.microsoft.com/en-us/azure/virtual-machines/dcasv5-dcadsv5-series#dcasv5-series-products). +Therefore, to make the test comparable, both AKS and Constellation on Azure were running with `Standard_DC4as_v5` machines and 1.25 Gbps bandwidth. + +Constellation on Azure and AKS used an MTU of 1500. +Constellation on GCP used an MTU of 8896. GKE used an MTU of 1450. + +The difference in network bandwidth can largely be attributed to two factors. + +- Constellation's [network encryption](../../architecture/networking.md) via Cilium and WireGuard, which protects data in-transit. +- [AMD SEV using SWIOTLB bounce buffers](https://lore.kernel.org/all/20200204193500.GA15564@ashkalra_ubuntu_server/T/) for all DMA including network I/O. + +#### Pod-to-Pod + +In this scenario, the client Pod connects directly to the server pod via its IP address. + +```mermaid +flowchart LR + subgraph Node A + Client[Client] + end + subgraph Node B + Server[Server] + end + Client ==>|traffic| Server +``` + +The results for "Pod-to-Pod" on Azure are as follows: + +![Network Pod2Pod Azure benchmark graph](../../_media/benchmark_net_p2p_azure.png) + +The results for "Pod-to-Pod" on GCP are as follows: + +![Network Pod2Pod GCP benchmark graph](../../_media/benchmark_net_p2p_gcp.png) + +#### Pod-to-Service + +In this scenario, the client Pod connects to the server Pod via a ClusterIP service. This is more relevant to real-world use cases. + +```mermaid +flowchart LR + subgraph Node A + Client[Client] ==>|traffic| Service[Service] + end + subgraph Node B + Server[Server] + end + Service ==>|traffic| Server +``` + +The results for "Pod-to-Pod" on Azure are as follows: + +![Network Pod2SVC Azure benchmark graph](../../_media/benchmark_net_p2svc_azure.png) + +The results for "Pod-to-Pod" on GCP are as follows: + +![Network Pod2SVC GCP benchmark graph](../../_media/benchmark_net_p2svc_gcp.png) + +In our recent comparison of Constellation on GCP with GKE, Constellation has 58% less TCP bandwidth. However, UDP bandwidth was slightly better with Constellation, thanks to its higher MTU. + +Similarly, when comparing Constellation on Azure with AKS using CVMs, Constellation achieved approximately 10% less TCP and 40% less UDP bandwidth. + +### Storage I/O + +Azure and GCP offer persistent storage for their Kubernetes services AKS and GKE via the Container Storage Interface (CSI). CSI storage in Kubernetes is available via `PersistentVolumes` (PV) and consumed via `PersistentVolumeClaims` (PVC). +Upon requesting persistent storage through a PVC, GKE and AKS will provision a PV as defined by a default [storage class](https://kubernetes.io/docs/concepts/storage/storage-classes/). +Constellation provides persistent storage on Azure and GCP [that's encrypted on the CSI layer](../../architecture/encrypted-storage.md). +Similarly, upon a PVC request, Constellation will provision a PV via a default storage class. + +For Constellation on Azure and AKS, the benchmark ran with Azure Disk storage [Standard SSD](https://learn.microsoft.com/en-us/azure/virtual-machines/disks-types#standard-ssds) of 400 GiB size. +The [DC4as machine type](https://learn.microsoft.com/en-us/azure/virtual-machines/dasv5-dadsv5-series#dasv5-series) with four cores provides the following maximum performance: + +- 6400 (20000 burst) IOPS +- 144 MB/s (600 MB/s burst) throughput + +However, the performance is bound by the capabilities of the [512 GiB Standard SSD size](https://learn.microsoft.com/en-us/azure/virtual-machines/disks-types#standard-ssds) (the size class of 400 GiB volumes): + +- 500 (600 burst) IOPS +- 60 MB/s (150 MB/s burst) throughput + +For Constellation on GCP and GKE, the benchmark ran with Compute Engine Persistent Disk Storage [pd-balanced](https://cloud.google.com/compute/docs/disks) of 400 GiB size. +The N2D machine type with four cores and pd-balanced provides the following [maximum performance](https://cloud.google.com/compute/docs/disks/performance#n2d_vms): + +- 3,000 read IOPS +- 15,000 write IOPS +- 240 MB/s read throughput +- 240 MB/s write throughput + +However, the performance is bound by the capabilities of a [`Zonal balanced PD`](https://cloud.google.com/compute/docs/disks/performance#zonal-persistent-disks) with 400 GiB size: + +- 2400 read IOPS +- 2400 write IOPS +- 112 MB/s read throughput +- 112 MB/s write throughput + +The [`fio`](https://fio.readthedocs.io/en/latest/fio_doc.html) benchmark consists of several tests. +The benchmark used [`Kubestr`](https://github.com/kastenhq/kubestr) to run `fio` in Kubernetes. +The default test performs randomized access patterns that accurately depict worst-case I/O scenarios for most applications. + +The following `fio` settings were used: + +- No Cloud caching +- No OS caching +- Single CPU +- 60 seconds runtime +- 10 seconds ramp-up time +- 10 GiB file +- IOPS: 4 KB blocks and 128 iodepth +- Bandwidth: 1024 KB blocks and 128 iodepth + +For more details, see the [`fio` test configuration](https://github.com/edgelesssys/constellation/blob/main/.github/actions/e2e_benchmark/fio.ini). + +The results for IOPS on Azure are as follows: + +![I/O IOPS Azure benchmark graph](../../_media/benchmark_fio_azure_iops.png) + +The results for IOPS on GCP are as follows: + +![I/O IOPS GCP benchmark graph](../../_media/benchmark_fio_gcp_iops.png) + +The results for bandwidth on Azure are as follows: + +![I/O bandwidth Azure benchmark graph](../../_media/benchmark_fio_azure_bw.png) + +The results for bandwidth on GCP are as follows: + +![I/O bandwidth GCP benchmark graph](../../_media/benchmark_fio_gcp_bw.png) + +On GCP, the results exceed the maximum performance guarantees of the chosen disk type. There are two possible explanations for this. The first is that there may be cloud caching in place that isn't configurable. Alternatively, the underlying provisioned disk size may be larger than what was requested, resulting in higher performance boundaries. + +When comparing Constellation on GCP with GKE, Constellation has similar bandwidth but about 10% less IOPS performance. On Azure, Constellation has similar IOPS performance compared to AKS, where both likely hit the maximum storage performance. However, Constellation has approximately 15% less read and write bandwidth. + +## Conclusion + +Despite the added [security benefits](../security-benefits.md) that Constellation provides, it only incurs a slight performance overhead when compared to managed Kubernetes offerings such as AKS and GKE. In most compute benchmarks, Constellation is on par with it's alternatives. +While it may be slightly slower in certain I/O scenarios due to network and storage encryption, there is ongoing work to reduce this overhead to single digits. + +For instance, storage encryption only adds between 10% to 15% overhead in terms of bandwidth and IOPS. +Meanwhile, the biggest performance impact that Constellation currently faces is network encryption, which can incur up to 58% overhead on a 10 Gbps network. +However, the Cilium team has conducted [benchmarks with Cilium using WireGuard encryption](https://docs.cilium.io/en/latest/operations/performance/benchmark/#encryption-wireguard-ipsec) on a 100 Gbps network that yielded over 15 Gbps. +We're confident that Constellation will provide a similar level of performance with an upcoming release. + +Overall, Constellation strikes a great balance between security and performance, and we're continuously working to improve its performance capabilities while maintaining its high level of security. diff --git a/docs/versioned_docs/version-2.18/overview/performance/performance.md b/docs/versioned_docs/version-2.18/overview/performance/performance.md new file mode 100644 index 000000000..59bf86602 --- /dev/null +++ b/docs/versioned_docs/version-2.18/overview/performance/performance.md @@ -0,0 +1,17 @@ +# Performance analysis of Constellation + +This section provides a comprehensive examination of the performance characteristics of Constellation. + +## Runtime encryption + +Runtime encryption affects compute performance. [Benchmarks by Azure and Google](compute.md) show that the performance degradation of Confidential VMs (CVMs) is small, ranging from 2% to 8% for compute-intensive workloads. + +## I/O performance benchmarks + +We evaluated the [I/O performance](io.md) of Constellation, utilizing a collection of synthetic benchmarks targeting networking and storage. +We further compared this performance to native managed Kubernetes offerings from various cloud providers, to better understand how Constellation stands in relation to standard practices. + +## Application benchmarking + +To gauge Constellation's applicability to well-known applications, we performed a [benchmark of HashiCorp Vault](application.md) running on Constellation. +The results were then compared to deployments on the managed Kubernetes offerings from different cloud providers, providing a tangible perspective on Constellation's performance in actual deployment scenarios. diff --git a/docs/versioned_docs/version-2.18/overview/product.md b/docs/versioned_docs/version-2.18/overview/product.md new file mode 100644 index 000000000..4b5d90706 --- /dev/null +++ b/docs/versioned_docs/version-2.18/overview/product.md @@ -0,0 +1,12 @@ +# Product features + +Constellation is a Kubernetes engine that aims to provide the best possible data security in combination with enterprise-grade scalability and reliability features---and a smooth user experience. + +From a security perspective, Constellation implements the [Confidential Kubernetes](confidential-kubernetes.md) concept and corresponding security features, which shield your entire cluster from the underlying infrastructure. + +From an operational perspective, Constellation provides the following key features: + +* **Native support for different clouds**: Constellation works on Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), and STACKIT. Support for OpenStack-based environments is coming with a future release. Constellation securely interfaces with the cloud infrastructure to provide [cluster autoscaling](https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler), [dynamic persistent volumes](https://kubernetes.io/docs/concepts/storage/dynamic-provisioning/), and [service load balancing](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer). +* **High availability**: Constellation uses a [multi-master architecture](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/high-availability/) with a [stacked etcd topology](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/ha-topology/#stacked-etcd-topology) to ensure high availability. +* **Integrated Day-2 operations**: Constellation lets you securely [upgrade](../workflows/upgrade.md) your cluster to a new release. It also lets you securely [recover](../workflows/recovery.md) a failed cluster. Both with a single command. +* **Support for Terraform**: Constellation includes a [Terraform provider](../workflows/terraform-provider.md) that lets you manage the full lifecycle of your cluster via Terraform. diff --git a/docs/versioned_docs/version-2.18/overview/security-benefits.md b/docs/versioned_docs/version-2.18/overview/security-benefits.md new file mode 100644 index 000000000..51a8b64f5 --- /dev/null +++ b/docs/versioned_docs/version-2.18/overview/security-benefits.md @@ -0,0 +1,22 @@ +# Security benefits and threat model + +Constellation implements the [Confidential Kubernetes](confidential-kubernetes.md) concept and shields entire Kubernetes deployments from the infrastructure. More concretely, Constellation decreases the size of the trusted computing base (TCB) of a Kubernetes deployment. The TCB is the totality of elements in a computing environment that must be trusted not to be compromised. A smaller TCB results in a smaller attack surface. The following diagram shows how Constellation removes the *cloud & datacenter infrastructure* and the *physical hosts*, including the hypervisor, the host OS, and other components, from the TCB (red). Inside the confidential context (green), Kubernetes remains part of the TCB, but its integrity is attested and can be [verified](../workflows/verify-cluster.md). + +![TCB comparison](../_media/tcb.svg) + +Given this background, the following describes the concrete threat classes that Constellation addresses. + +## Insider access + +Employees and third-party contractors of cloud service providers (CSPs) have access to different layers of the cloud infrastructure. +This opens up a large attack surface where workloads and data can be read, copied, or manipulated. With Constellation, Kubernetes deployments are shielded from the infrastructure and thus such accesses are prevented. + +## Infrastructure-based attacks + +Malicious cloud users ("hackers") may break out of their tenancy and access other tenants' data. Advanced attackers may even be able to establish a permanent foothold within the infrastructure and access data over a longer period. Analogously to the *insider access* scenario, Constellation also prevents access to a deployment's data in this scenario. + +## Supply chain attacks + +Supply chain security is receiving lots of attention recently due to an [increasing number of recorded attacks](https://www.enisa.europa.eu/news/enisa-news/understanding-the-increase-in-supply-chain-security-attacks). For instance, a malicious actor could attempt to tamper Constellation node images (including Kubernetes and other software) before they're loaded in the confidential VMs of a cluster. Constellation uses [remote attestation](../architecture/attestation.md) in conjunction with public [transparency logs](../workflows/verify-cli.md) to prevent this. + +In the future, Constellation will extend this feature to customer workloads. This will enable cluster owners to create auditable policies that precisely define which containers can run in a given deployment. diff --git a/docs/versioned_docs/version-2.18/reference/cli.md b/docs/versioned_docs/version-2.18/reference/cli.md new file mode 100644 index 000000000..99acef520 --- /dev/null +++ b/docs/versioned_docs/version-2.18/reference/cli.md @@ -0,0 +1,844 @@ +# CLI reference + + + +Use the Constellation CLI to create and manage your clusters. + +Usage: + +``` +constellation [command] +``` +Commands: + +* [config](#constellation-config): Work with the Constellation configuration file + * [generate](#constellation-config-generate): Generate a default configuration and state file + * [fetch-measurements](#constellation-config-fetch-measurements): Fetch measurements for configured cloud provider and image + * [instance-types](#constellation-config-instance-types): Print the supported instance types for all cloud providers + * [kubernetes-versions](#constellation-config-kubernetes-versions): Print the Kubernetes versions supported by this CLI + * [migrate](#constellation-config-migrate): Migrate a configuration file to a new version +* [create](#constellation-create): Create instances on a cloud platform for your Constellation cluster +* [apply](#constellation-apply): Apply a configuration to a Constellation cluster +* [mini](#constellation-mini): Manage MiniConstellation clusters + * [up](#constellation-mini-up): Create and initialize a new MiniConstellation cluster + * [down](#constellation-mini-down): Destroy a MiniConstellation cluster +* [status](#constellation-status): Show status of a Constellation cluster +* [verify](#constellation-verify): Verify the confidential properties of a Constellation cluster +* [upgrade](#constellation-upgrade): Find and apply upgrades to your Constellation cluster + * [check](#constellation-upgrade-check): Check for possible upgrades + * [apply](#constellation-upgrade-apply): Apply an upgrade to a Constellation cluster +* [recover](#constellation-recover): Recover a completely stopped Constellation cluster +* [terminate](#constellation-terminate): Terminate a Constellation cluster +* [iam](#constellation-iam): Work with the IAM configuration on your cloud provider + * [create](#constellation-iam-create): Create IAM configuration on a cloud platform for your Constellation cluster + * [aws](#constellation-iam-create-aws): Create IAM configuration on AWS for your Constellation cluster + * [azure](#constellation-iam-create-azure): Create IAM configuration on Microsoft Azure for your Constellation cluster + * [gcp](#constellation-iam-create-gcp): Create IAM configuration on GCP for your Constellation cluster + * [destroy](#constellation-iam-destroy): Destroy an IAM configuration and delete local Terraform files + * [upgrade](#constellation-iam-upgrade): Find and apply upgrades to your IAM profile + * [apply](#constellation-iam-upgrade-apply): Apply an upgrade to an IAM profile +* [version](#constellation-version): Display version of this CLI +* [init](#constellation-init): Initialize the Constellation cluster + +## constellation config + +Work with the Constellation configuration file + +### Synopsis + +Work with the Constellation configuration file. + +### Options + +``` + -h, --help help for config +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation config generate + +Generate a default configuration and state file + +### Synopsis + +Generate a default configuration and state file for your selected cloud provider. + +``` +constellation config generate {aws|azure|gcp|openstack|qemu|stackit} [flags] +``` + +### Options + +``` + -a, --attestation string attestation variant to use {aws-sev-snp|aws-nitro-tpm|azure-sev-snp|azure-tdx|azure-trustedlaunch|gcp-sev-snp|gcp-sev-es|qemu-vtpm}. If not specified, the default for the cloud provider is used + -h, --help help for generate + -k, --kubernetes string Kubernetes version to use in format MAJOR.MINOR (default "v1.29") + -t, --tags strings additional tags for created resources given a list of key=value +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation config fetch-measurements + +Fetch measurements for configured cloud provider and image + +### Synopsis + +Fetch measurements for configured cloud provider and image. + +A config needs to be generated first. + +``` +constellation config fetch-measurements [flags] +``` + +### Options + +``` + -h, --help help for fetch-measurements + -s, --signature-url string alternative URL to fetch measurements' signature from + -u, --url string alternative URL to fetch measurements from +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation config instance-types + +Print the supported instance types for all cloud providers + +### Synopsis + +Print the supported instance types for all cloud providers. + +``` +constellation config instance-types [flags] +``` + +### Options + +``` + -h, --help help for instance-types +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation config kubernetes-versions + +Print the Kubernetes versions supported by this CLI + +### Synopsis + +Print the Kubernetes versions supported by this CLI. + +``` +constellation config kubernetes-versions [flags] +``` + +### Options + +``` + -h, --help help for kubernetes-versions +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation config migrate + +Migrate a configuration file to a new version + +### Synopsis + +Migrate a configuration file to a new version. + +``` +constellation config migrate [flags] +``` + +### Options + +``` + -h, --help help for migrate +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation create + +Create instances on a cloud platform for your Constellation cluster + +### Synopsis + +Create instances on a cloud platform for your Constellation cluster. + +``` +constellation create [flags] +``` + +### Options + +``` + -h, --help help for create + -y, --yes create the cluster without further confirmation +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation apply + +Apply a configuration to a Constellation cluster + +### Synopsis + +Apply a configuration to a Constellation cluster to initialize or upgrade the cluster. + +``` +constellation apply [flags] +``` + +### Options + +``` + --conformance enable conformance mode + -h, --help help for apply + --merge-kubeconfig merge Constellation kubeconfig file with default kubeconfig file in $HOME/.kube/config + --skip-helm-wait install helm charts without waiting for deployments to be ready + --skip-phases strings comma-separated list of upgrade phases to skip + one or multiple of { infrastructure | init | attestationconfig | certsans | helm | image | k8s } + -y, --yes run command without further confirmation + WARNING: the command might delete or update existing resources without additional checks. Please read the docs. + +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation mini + +Manage MiniConstellation clusters + +### Synopsis + +Manage MiniConstellation clusters. + +### Options + +``` + -h, --help help for mini +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation mini up + +Create and initialize a new MiniConstellation cluster + +### Synopsis + +Create and initialize a new MiniConstellation cluster. + +A mini cluster consists of a single control-plane and worker node, hosted using QEMU/KVM. + +``` +constellation mini up [flags] +``` + +### Options + +``` + -h, --help help for up + --merge-kubeconfig merge Constellation kubeconfig file with default kubeconfig file in $HOME/.kube/config (default true) +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation mini down + +Destroy a MiniConstellation cluster + +### Synopsis + +Destroy a MiniConstellation cluster. + +``` +constellation mini down [flags] +``` + +### Options + +``` + -h, --help help for down + -y, --yes terminate the cluster without further confirmation +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation status + +Show status of a Constellation cluster + +### Synopsis + +Show the status of a constellation cluster. + +Shows microservice, image, and Kubernetes versions installed in the cluster. Also shows status of current version upgrades. + +``` +constellation status [flags] +``` + +### Options + +``` + -h, --help help for status +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation verify + +Verify the confidential properties of a Constellation cluster + +### Synopsis + +Verify the confidential properties of a Constellation cluster. +If arguments aren't specified, values are read from `constellation-state.yaml`. + +``` +constellation verify [flags] +``` + +### Options + +``` + --cluster-id string expected cluster identifier + -h, --help help for verify + -e, --node-endpoint string endpoint of the node to verify, passed as HOST[:PORT] + -o, --output string print the attestation document in the output format {json|raw} +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation upgrade + +Find and apply upgrades to your Constellation cluster + +### Synopsis + +Find and apply upgrades to your Constellation cluster. + +### Options + +``` + -h, --help help for upgrade +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation upgrade check + +Check for possible upgrades + +### Synopsis + +Check which upgrades can be applied to your Constellation Cluster. + +``` +constellation upgrade check [flags] +``` + +### Options + +``` + -h, --help help for check + --ref string the reference to use for querying new versions (default "-") + --stream string the stream to use for querying new versions (default "stable") + -u, --update-config update the specified config file with the suggested versions +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation upgrade apply + +Apply an upgrade to a Constellation cluster + +### Synopsis + +Apply an upgrade to a Constellation cluster by applying the chosen configuration. + +``` +constellation upgrade apply [flags] +``` + +### Options + +``` + --conformance enable conformance mode + -h, --help help for apply + --skip-helm-wait install helm charts without waiting for deployments to be ready + --skip-phases strings comma-separated list of upgrade phases to skip + one or multiple of { infrastructure | helm | image | k8s } + -y, --yes run upgrades without further confirmation + WARNING: might delete your resources in case you are using cert-manager in your cluster. Please read the docs. + WARNING: might unintentionally overwrite measurements in the running cluster. +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation recover + +Recover a completely stopped Constellation cluster + +### Synopsis + +Recover a Constellation cluster by sending a recovery key to an instance in the boot stage. + +This is only required if instances restart without other instances available for bootstrapping. + +``` +constellation recover [flags] +``` + +### Options + +``` + -e, --endpoint string endpoint of the instance, passed as HOST[:PORT] + -h, --help help for recover +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation terminate + +Terminate a Constellation cluster + +### Synopsis + +Terminate a Constellation cluster. + +The cluster can't be started again, and all persistent storage will be lost. + +``` +constellation terminate [flags] +``` + +### Options + +``` + -h, --help help for terminate + -y, --yes terminate the cluster without further confirmation +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation iam + +Work with the IAM configuration on your cloud provider + +### Synopsis + +Work with the IAM configuration on your cloud provider. + +### Options + +``` + -h, --help help for iam +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation iam create + +Create IAM configuration on a cloud platform for your Constellation cluster + +### Synopsis + +Create IAM configuration on a cloud platform for your Constellation cluster. + +### Options + +``` + -h, --help help for create + --update-config update the config file with the specific IAM information + -y, --yes create the IAM configuration without further confirmation +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation iam create aws + +Create IAM configuration on AWS for your Constellation cluster + +### Synopsis + +Create IAM configuration on AWS for your Constellation cluster. + +``` +constellation iam create aws [flags] +``` + +### Options + +``` + -h, --help help for aws + --prefix string name prefix for all resources (required) + --zone string AWS availability zone the resources will be created in, e.g., us-east-2a (required) + See the Constellation docs for a list of currently supported regions. +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + --update-config update the config file with the specific IAM information + -C, --workspace string path to the Constellation workspace + -y, --yes create the IAM configuration without further confirmation +``` + +## constellation iam create azure + +Create IAM configuration on Microsoft Azure for your Constellation cluster + +### Synopsis + +Create IAM configuration on Microsoft Azure for your Constellation cluster. + +``` +constellation iam create azure [flags] +``` + +### Options + +``` + -h, --help help for azure + --region string region the resources will be created in, e.g., westus (required) + --resourceGroup string name prefix of the two resource groups your cluster / IAM resources will be created in (required) + --servicePrincipal string name of the service principal that will be created (required) + --subscriptionID string subscription ID of the Azure account. Required if the 'ARM_SUBSCRIPTION_ID' environment variable is not set +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + --update-config update the config file with the specific IAM information + -C, --workspace string path to the Constellation workspace + -y, --yes create the IAM configuration without further confirmation +``` + +## constellation iam create gcp + +Create IAM configuration on GCP for your Constellation cluster + +### Synopsis + +Create IAM configuration on GCP for your Constellation cluster. + +``` +constellation iam create gcp [flags] +``` + +### Options + +``` + -h, --help help for gcp + --projectID string ID of the GCP project the configuration will be created in (required) + Find it on the welcome screen of your project: https://console.cloud.google.com/welcome + --serviceAccountID string ID for the service account that will be created (required) + Must be 6 to 30 lowercase letters, digits, or hyphens. + --zone string GCP zone the cluster will be deployed in (required) + Find a list of available zones here: https://cloud.google.com/compute/docs/regions-zones#available +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + --update-config update the config file with the specific IAM information + -C, --workspace string path to the Constellation workspace + -y, --yes create the IAM configuration without further confirmation +``` + +## constellation iam destroy + +Destroy an IAM configuration and delete local Terraform files + +### Synopsis + +Destroy an IAM configuration and delete local Terraform files. + +``` +constellation iam destroy [flags] +``` + +### Options + +``` + -h, --help help for destroy + -y, --yes destroy the IAM configuration without asking for confirmation +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation iam upgrade + +Find and apply upgrades to your IAM profile + +### Synopsis + +Find and apply upgrades to your IAM profile. + +### Options + +``` + -h, --help help for upgrade +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation iam upgrade apply + +Apply an upgrade to an IAM profile + +### Synopsis + +Apply an upgrade to an IAM profile. + +``` +constellation iam upgrade apply [flags] +``` + +### Options + +``` + -h, --help help for apply + -y, --yes run upgrades without further confirmation +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation version + +Display version of this CLI + +### Synopsis + +Display version of this CLI. + +``` +constellation version [flags] +``` + +### Options + +``` + -h, --help help for version +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation init + +Initialize the Constellation cluster + +### Synopsis + +Initialize the Constellation cluster. + +Start your confidential Kubernetes. + +``` +constellation init [flags] +``` + +### Options + +``` + --conformance enable conformance mode + -h, --help help for init + --merge-kubeconfig merge Constellation kubeconfig file with default kubeconfig file in $HOME/.kube/config + --skip-helm-wait install helm charts without waiting for deployments to be ready +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + diff --git a/docs/versioned_docs/version-2.18/reference/migration.md b/docs/versioned_docs/version-2.18/reference/migration.md new file mode 100644 index 000000000..36680eef6 --- /dev/null +++ b/docs/versioned_docs/version-2.18/reference/migration.md @@ -0,0 +1,85 @@ +# Migrations + +This document describes breaking changes and migrations between Constellation releases. +Use [`constellation config migrate`](./cli.md#constellation-config-migrate) to automatically update an old config file to a new format. + +## Migrating from Azure's service principal authentication to managed identity authentication + +- The `provider.azure.appClientID` and `provider.azure.appClientSecret` fields are no longer supported and should be removed. +- To keep using an existing UAMI, add the `Owner` permission with the scope of your `resourceGroup`. +- Otherwise, simply [create new Constellation IAM credentials](../workflows/config.md#creating-an-iam-configuration) and use the created UAMI. +- To migrate the authentication for an existing cluster on Azure to an UAMI with the necessary permissions: + 1. Remove the `aadClientId` and `aadClientSecret` from the azureconfig secret. + 2. Set `useManagedIdentityExtension` to `true` and use the `userAssignedIdentity` from the Constellation config for the value of `userAssignedIdentityID`. + 3. Restart the CSI driver, cloud controller manager, cluster autoscaler, and Constellation operator pods. + + +## Migrating from CLI versions before 2.10 + +- AWS cluster upgrades require additional IAM permissions for the newly introduced `aws-load-balancer-controller`. Please upgrade your IAM roles using `iam upgrade apply`. This will show necessary changes and apply them, if desired. +- The global `nodeGroups` field was added. +- The fields `instanceType`, `stateDiskSizeGB`, and `stateDiskType` for each cloud provider are now part of the configuration of individual node groups. +- The `constellation create` command no longer uses the flags `--control-plane-count` and `--worker-count`. Instead, the initial node count is configured per node group in the `nodeGroups` field. + +## Migrating from CLI versions before 2.9 + +- The `provider.azure.appClientID` and `provider.azure.clientSecretValue` fields were removed to enforce migration to managed identity authentication + +## Migrating from CLI versions before 2.8 + +- The `measurements` field for each cloud service provider was replaced with a global `attestation` field. +- The `confidentialVM`, `idKeyDigest`, and `enforceIdKeyDigest` fields for the Azure cloud service provider were removed in favor of using the global `attestation` field. +- The optional global field `attestationVariant` was replaced by the now required `attestation` field. + +## Migrating from CLI versions before 2.3 + +- The `sshUsers` field was deprecated in v2.2 and has been removed from the configuration in v2.3. + As an alternative for SSH, check the workflow section [Connect to nodes](../workflows/troubleshooting.md#node-shell-access). +- The `image` field for each cloud service provider has been replaced with a global `image` field. Use the following mapping to migrate your configuration: +
      + Show all + + | CSP | old image | new image | + | ----- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------- | + | AWS | `ami-06b8cbf4837a0a57c` | `v2.2.2` | + | AWS | `ami-02e96dc04a9e438cd` | `v2.2.2` | + | AWS | `ami-028ead928a9034b2f` | `v2.2.2` | + | AWS | `ami-032ac10dd8d8266e3` | `v2.2.1` | + | AWS | `ami-032e0d57cc4395088` | `v2.2.1` | + | AWS | `ami-053c3e49e19b96bdd` | `v2.2.1` | + | AWS | `ami-0e27ebcefc38f648b` | `v2.2.0` | + | AWS | `ami-098cd37f66523b7c3` | `v2.2.0` | + | AWS | `ami-04a87d302e2509aad` | `v2.2.0` | + | Azure | `/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.Compute/galleries/Constellation/images/constellation/versions/2.2.2` | `v2.2.2` | + | Azure | `/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.Compute/galleries/Constellation_CVM/images/constellation/versions/2.2.2` | `v2.2.2` | + | Azure | `/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.Compute/galleries/Constellation/images/constellation/versions/2.2.1` | `v2.2.1` | + | Azure | `/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.Compute/galleries/Constellation_CVM/images/constellation/versions/2.2.1` | `v2.2.1` | + | Azure | `/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.Compute/galleries/Constellation/images/constellation/versions/2.2.0` | `v2.2.0` | + | Azure | `/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.Compute/galleries/Constellation_CVM/images/constellation/versions/2.2.0` | `v2.2.0` | + | Azure | `/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.Compute/galleries/Constellation/images/constellation/versions/2.1.0` | `v2.1.0` | + | Azure | `/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.Compute/galleries/Constellation_CVM/images/constellation/versions/2.1.0` | `v2.1.0` | + | Azure | `/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.Compute/galleries/Constellation/images/constellation/versions/2.0.0` | `v2.0.0` | + | Azure | `/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.Compute/galleries/Constellation_CVM/images/constellation/versions/2.0.0` | `v2.0.0` | + | GCP | `projects/constellation-images/global/images/constellation-v2-2-2` | `v2.2.2` | + | GCP | `projects/constellation-images/global/images/constellation-v2-2-1` | `v2.2.1` | + | GCP | `projects/constellation-images/global/images/constellation-v2-2-0` | `v2.2.0` | + | GCP | `projects/constellation-images/global/images/constellation-v2-1-0` | `v2.1.0` | + | GCP | `projects/constellation-images/global/images/constellation-v2-0-0` | `v2.0.0` | +
      +- The `enforcedMeasurements` field has been removed and merged with the `measurements` field. + - To migrate your config containing a new image (`v2.3` or greater), remove the old `measurements` and `enforcedMeasurements` entries from your config and run `constellation fetch-measurements` + - To migrate your config containing an image older than `v2.3`, remove the `enforcedMeasurements` entry and replace the entries in `measurements` as shown in the example below: + + ```diff + measurements: + - 0: DzXCFGCNk8em5ornNZtKi+Wg6Z7qkQfs5CfE3qTkOc8= + + 0: + + expected: DzXCFGCNk8em5ornNZtKi+Wg6Z7qkQfs5CfE3qTkOc8= + + warnOnly: true + - 8: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= + + 8: + + expected: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= + + warnOnly: false + -enforcedMeasurements: + - - 8 + ``` diff --git a/docs/versioned_docs/version-2.18/reference/slsa.md b/docs/versioned_docs/version-2.18/reference/slsa.md new file mode 100644 index 000000000..21f4e713c --- /dev/null +++ b/docs/versioned_docs/version-2.18/reference/slsa.md @@ -0,0 +1,73 @@ +# Supply chain levels for software artifacts (SLSA) adoption + +[Supply chain Levels for Software Artifacts, or SLSA (salsa)](https://slsa.dev/) is a framework for improving and grading a project's build system and engineering processes. SLSA focuses on security improvements for source code storage as well as build system definition, execution, and observation. SLSA is structured in [four levels](https://slsa.dev/spec/v0.1/levels). This page describes the adoption of SLSA for Constellation. + +:::info +SLSA is still in alpha status. The presented levels and their requirements might change in the future. We will adopt any changes into our engineering processes, as they get defined. +::: + +## Level 1 - Adopted + +**[Build - Scripted](https://slsa.dev/spec/v0.1/requirements#scripted-build)** + +All build steps are automated via [Bazel](https://github.com/edgelesssys/constellation/tree/main/bazel/ci) and [GitHub Actions](https://github.com/edgelesssys/constellation/tree/main/.github). + +**[Provenance - Available](https://slsa.dev/spec/v0.1/requirements#available)** + +Provenance for the CLI is generated using the [slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator). + +## Level 2 - Adopted + +**[Source - Version Controlled](https://slsa.dev/spec/v0.1/requirements#version-controlled)** + +Constellation is hosted on GitHub using git. + +**[Build - Build Service](https://slsa.dev/spec/v0.1/requirements#build-service)** + +All builds are carried out by [GitHub Actions](https://github.com/edgelesssys/constellation/tree/main/.github). + +**[Provenance - Authenticated](https://slsa.dev/spec/v0.1/requirements#authenticated)** + +Provenance for the CLI is signed using the [slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator). Learn [how to verify the CLI](../workflows/verify-cli.md) using the signed provenance, before using it for the first time. + +**[Provenance - Service Generated](https://slsa.dev/spec/v0.1/requirements#service-generated)** + +Provenance for the CLI is generated using the [slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) in GitHub Actions. + +## Level 3 - Adopted + +**[Source - Verified History](https://slsa.dev/spec/v0.1/requirements#verified-history)** + +The [Edgeless Systems](https://github.com/edgelesssys) GitHub organization [requires two-factor authentication](https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization) for all members. + +**[Source - Retained Indefinitely](https://slsa.dev/spec/v0.1/requirements#retained-indefinitely)** + +Since we use GitHub to host the repository, an external person can't modify or delete the history. Before a pull request can be merged, an explicit approval from an [Edgeless Systems](https://github.com/edgelesssys) team member is required. + +The same holds true for changes proposed by team members. Each change to `main` needs to be proposed via a pull request and requires at least one approval. + +The [Edgeless Systems](https://github.com/edgelesssys) GitHub organization admins control these settings and are able to make changes to the repository's history should legal requirements necessitate it. These changes require two-party approval following the obliterate policy. + +**[Build - Build as Code](https://slsa.dev/spec/v0.1/requirements#build-as-code)** + +All build files for Constellation are stored in [the same repository](https://github.com/edgelesssys/constellation/tree/main/.github). + +**[Build - Ephemeral Environment](https://slsa.dev/spec/v0.1/requirements#ephemeral-environment)** + +All GitHub Action workflows are executed on [GitHub-hosted runners](https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners). These runners are only available during workflow. + +We currently don't use [self-hosted runners](https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners). + +**[Build - Isolated](https://slsa.dev/spec/v0.1/requirements#isolated)** + +As outlined in the previous section, we use GitHub-hosted runners, which provide a new, isolated and ephemeral environment for each build. + +Additionally, the [SLSA GitHub generator](https://github.com/slsa-framework/slsa-github-generator#generation-of-provenance) itself is run in an isolated workflow with the artifact hash as defined inputs. + +**[Provenance - Non-falsifiable](https://slsa.dev/spec/v0.1/requirements#non-falsifiable)** + +As outlined by [SLSA GitHub generator](https://github.com/slsa-framework/slsa-github-generator) it already fulfills the non-falsifiable requirements for SLSA Level 3. The generated provenance is signed using [sigstore](https://sigstore.dev/) with an OIDC based proof of identity. + +## Level 4 - In Progress + +We strive to adopt certain aspect of SLSA Level 4 that support our engineering process. At the same time, SLSA is still in alpha status and the biggest changes to SLSA are expected to be around Level 4. diff --git a/docs/versioned_docs/version-2.18/reference/terraform.md b/docs/versioned_docs/version-2.18/reference/terraform.md new file mode 100644 index 000000000..9825a8bb8 --- /dev/null +++ b/docs/versioned_docs/version-2.18/reference/terraform.md @@ -0,0 +1,37 @@ +# Terraform usage + +[Terraform](https://www.terraform.io/) is an Infrastructure as Code (IaC) framework to manage cloud resources. This page explains how Constellation uses it internally and how advanced users may manually use it to have more control over the resource creation. + +:::info +Information on this page is intended for users who are familiar with Terraform. +It's not required for common usage of Constellation. +See the [Terraform documentation](https://developer.hashicorp.com/terraform/docs) if you want to learn more about it. +::: + +## Terraform state files + +Constellation keeps Terraform state files in subdirectories of the workspace together with the corresponding Terraform configuration files and metadata. +The subdirectories are created on the first Constellation CLI action that uses Terraform internally. + +Currently, these subdirectories are: + +* `constellation-terraform` - Terraform state files for the resources of the Constellation cluster +* `constellation-iam-terraform` - Terraform state files for IAM configuration + +As with all commands, commands that work with these files (e.g., `apply`, `terminate`, `iam`) have to be executed from the root of the cluster's [workspace directory](../architecture/orchestration.md#workspaces). You usually don't need and shouldn't manipulate or delete the subdirectories manually. + +## Interacting with Terraform manually + +Manual interaction with Terraform state created by Constellation (i.e., via the Terraform CLI) should only be performed by experienced users. It may lead to unrecoverable loss of cloud resources. For the majority of users and use cases, the interaction done by the [Constellation CLI](cli.md) is sufficient. + +## Terraform debugging + +To debug Terraform issues, the Constellation CLI offers the `tf-log` flag. You can set it to any of [Terraform's log levels](https://developer.hashicorp.com/terraform/internals/debugging): +* `JSON` (JSON-formatted logs at `TRACE` level) +* `TRACE` +* `DEBUG` +* `INFO` +* `WARN` +* `ERROR` + +The log output is written to the `terraform.log` file in the workspace directory. The output is appended to the file on each run. diff --git a/docs/versioned_docs/version-2.18/workflows/cert-manager.md b/docs/versioned_docs/version-2.18/workflows/cert-manager.md new file mode 100644 index 000000000..1d847e8bf --- /dev/null +++ b/docs/versioned_docs/version-2.18/workflows/cert-manager.md @@ -0,0 +1,13 @@ +# Install cert-manager + +:::caution +If you want to use cert-manager with Constellation, pay attention to the following to avoid potential pitfalls. +::: + +Constellation ships with cert-manager preinstalled. +The default installation is part of the `kube-system` namespace, as all other Constellation-managed microservices. +You are free to install more instances of cert-manager into other namespaces. +However, be aware that any new installation needs to use the same version as the one installed with Constellation or rely on the same CRD versions. +Also remember to set the `installCRDs` value to `false` when installing new cert-manager instances. +It will create problems if you have two installations of cert-manager depending on different versions of the installed CRDs. +CRDs are cluster-wide resources and cert-manager depends on specific versions of those CRDs for each release. diff --git a/docs/versioned_docs/version-2.18/workflows/config.md b/docs/versioned_docs/version-2.18/workflows/config.md new file mode 100644 index 000000000..95f791acd --- /dev/null +++ b/docs/versioned_docs/version-2.18/workflows/config.md @@ -0,0 +1,353 @@ +# Configure your cluster + +:::info +This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. +::: + + + +--- + +Before you can create your cluster, you need to configure the identity and access management (IAM) for your cloud service provider (CSP) and choose machine types for the nodes. + +## Creating the configuration file + +You can generate a configuration file for your CSP by using the following CLI command: + + + + +```bash +constellation config generate aws +``` + + + + +```bash +constellation config generate azure +``` + + + + +```bash +constellation config generate gcp +``` + + + + +```bash +constellation config generate stackit +``` + + + + +This creates the file `constellation-conf.yaml` in the current directory. + +## Choosing a VM type + +Constellation supports the following VM types: + + + +By default, Constellation uses `m6a.xlarge` VMs (4 vCPUs, 16 GB RAM) to create your cluster. +Optionally, you can switch to a different VM type by modifying `instanceType` in the configuration file. +If you are using the default attestation variant `awsSEVSNP`, you can use the instance types described in [AWS's AMD SEV-SNP docs](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snp-requirements.html). +Please mind the region restrictions mentioned in the [Getting started](../getting-started/first-steps.md#create-a-cluster) section. + +If you are using the attestation variant `awsNitroTPM`, you can choose any of the [nitroTPM-enabled instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enable-nitrotpm-prerequisites.html). + +The Constellation CLI can also print the supported instance types with: `constellation config instance-types`. + + + + +By default, Constellation uses `Standard_DC4as_v5` CVMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying `instanceType` in the configuration file. For CVMs, any VM type with a minimum of 4 vCPUs from the [DCasv5 & DCadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/dcasv5-dcadsv5-series) or [ECasv5 & ECadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/ecasv5-ecadsv5-series) families is supported. + +You can also run `constellation config instance-types` to get the list of all supported options. + + + + +By default, Constellation uses `n2d-standard-4` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying `instanceType` in the configuration file. Supported are all machines with a minimum of 4 vCPUs from the [C2D](https://cloud.google.com/compute/docs/compute-optimized-machines#c2d_machine_types) or [N2D](https://cloud.google.com/compute/docs/general-purpose-machines#n2d_machines) family. You can run `constellation config instance-types` to get the list of all supported options. + + + + +By default, Constellation uses `m1a.4cd` VMs (4 vCPUs, 30 GB RAM) to create your cluster. +Optionally, you can switch to a different VM type by modifying `instanceType` in the configuration file. + +The following instance types are known to be supported: + +| name | vCPUs | GB RAM | +|----------|-------|--------| +| m1a.4cd | 4 | 30 | +| m1a.8cd | 8 | 60 | +| m1a.16cd | 16 | 120 | +| m1a.30cd | 30 | 230 | + +You can choose any of the SEV-enabled instance types. You can find a list of all supported instance types in the [STACKIT documentation](https://docs.stackit.cloud/stackit/en/virtual-machine-flavors-75137231.html). + +The Constellation CLI can also print the supported instance types with: `constellation config instance-types`. + + + + +Fill the desired VM type into the `instanceType` fields in the `constellation-conf.yml` file. + +## Creating additional node groups + +By default, Constellation creates the node groups `control_plane_default` and `worker_default` for control-plane nodes and workers, respectively. +If you require additional control-plane or worker groups with different instance types, zone placements, or disk sizes, you can add additional node groups to the `constellation-conf.yml` file. +Each node group can be scaled individually. + +Consider the following example for AWS: + +```yaml +nodeGroups: + control_plane_default: + role: control-plane + instanceType: c6a.xlarge + stateDiskSizeGB: 30 + stateDiskType: gp3 + zone: eu-west-1c + initialCount: 3 + worker_default: + role: worker + instanceType: c6a.xlarge + stateDiskSizeGB: 30 + stateDiskType: gp3 + zone: eu-west-1c + initialCount: 2 + high_cpu: + role: worker + instanceType: c6a.24xlarge + stateDiskSizeGB: 128 + stateDiskType: gp3 + zone: eu-west-1c + initialCount: 1 +``` + +This configuration creates an additional node group `high_cpu` with a larger instance type and disk. + +You can use the field `zone` to specify what availability zone nodes of the group are placed in. +On Azure, this field is empty by default and nodes are automatically spread across availability zones. +STACKIT currently offers SEV-enabled CPUs in the `eu01-1`, `eu01-2`, and `eu01-3` zones. +Consult the documentation of your cloud provider for more information: + +* [AWS](https://aws.amazon.com/about-aws/global-infrastructure/regions_az/) +* [Azure](https://azure.microsoft.com/en-us/explore/global-infrastructure/availability-zones) +* [GCP](https://cloud.google.com/compute/docs/regions-zones) +* [STACKIT](https://docs.stackit.cloud/stackit/en/regions-and-availability-zones-75137212.html) + +## Choosing a Kubernetes version + +To learn which Kubernetes versions can be installed with your current CLI, you can run `constellation config kubernetes-versions`. +See also Constellation's [Kubernetes support policy](../architecture/versions.md#kubernetes-support-policy). + +## Creating an IAM configuration + +You can create an IAM configuration for your cluster automatically using the `constellation iam create` command. +If you already have a Constellation configuration file, you can add the `--update-config` flag to the command. This writes the needed IAM fields into your configuration. Furthermore, the flag updates the zone/region of the configuration if it hasn't been set yet. + + + + +You must be authenticated with the [AWS CLI](https://aws.amazon.com/en/cli/) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). + +```bash +constellation iam create aws --zone=us-east-2a --prefix=constellTest +``` + +This command creates IAM configuration for the AWS zone `us-east-2a` using the prefix `constellTest` for all named resources being created. + +Constellation OS images are currently replicated to the following regions: + +* `eu-central-1` +* `eu-west-1` +* `eu-west-3` +* `us-east-2` +* `ap-south-1` + +If you require the OS image to be available in another region, [let us know](https://github.com/edgelesssys/constellation/issues/new?assignees=&labels=&template=feature_request.md&title=Support+new+AWS+image+region:+xx-xxxx-x). + +You can find a list of all [regions in AWS's documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions). + +Paste the output into the corresponding fields of the `constellation-conf.yaml` file. + + + + +You must be authenticated with the [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). + +```bash +constellation iam create azure --subscriptionID 00000000-0000-0000-0000-000000000000 --region=westus --resourceGroup=constellTest --servicePrincipal=spTest +``` + +This command creates IAM configuration on the Azure region `westus` creating a new resource group `constellTest` and a new service principal `spTest`. + +CVMs are available in several Azure regions. Constellation OS images are currently replicated to the following: + +* `germanywestcentral` +* `westus` +* `eastus` +* `northeurope` +* `westeurope` +* `southeastasia` + +If you require the OS image to be available in another region, [let us know](https://github.com/edgelesssys/constellation/issues/new?assignees=&labels=&template=feature_request.md&title=Support+new+Azure+image+region:+xx-xxxx-x). + +You can find a list of all [regions in Azure's documentation](https://azure.microsoft.com/en-us/global-infrastructure/services/?products=virtual-machines®ions=all). + +Paste the output into the corresponding fields of the `constellation-conf.yaml` file. + + + + +You must be authenticated with the [GCP CLI](https://cloud.google.com/sdk/gcloud) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). + +```bash +constellation iam create gcp --projectID=yourproject-12345 --zone=europe-west2-a --serviceAccountID=constell-test +``` + +This command creates IAM configuration in the GCP project `yourproject-12345` on the GCP zone `europe-west2-a` creating a new service account `constell-test`. + +Note that only regions offering CVMs of the `C2D` or `N2D` series are supported. You can find a [list of all regions in Google's documentation](https://cloud.google.com/compute/docs/regions-zones#available), which you can filter by machine type `N2D`. + +Paste the output into the corresponding fields of the `constellation-conf.yaml` file. + + + + +STACKIT requires manual creation and configuration of service accounts. Look at the [first steps](../getting-started/first-steps.md) for more information. + + + + +
      +Alternatively, you can manually create the IAM configuration on your CSP. + +The following describes the configuration fields and how you obtain the required information or create the required resources. + + + + +* **region**: The name of your chosen AWS data center region, e.g., `us-east-2`. + + Constellation OS images are currently replicated to the following regions: + * `eu-central-1` + * `eu-west-1` + * `eu-west-3` + * `us-east-2` + * `ap-south-1` + + If you require the OS image to be available in another region, [let us know](https://github.com/edgelesssys/constellation/issues/new?assignees=&labels=&template=feature_request.md&title=Support+new+AWS+image+region:+xx-xxxx-x). + + You can find a list of all [regions in AWS's documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions). + +* **zone**: The name of your chosen AWS data center availability zone, e.g., `us-east-2a`. + + Learn more about [availability zones in AWS's documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-availability-zones). + +* **iamProfileControlPlane**: The name of an IAM instance profile attached to all control-plane nodes. + + You can create the resource with [Terraform](https://www.terraform.io/). For that, use the [provided Terraform script](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam) to generate the necessary profile. The profile name will be provided as Terraform output value: `control_plane_instance_profile_name`. + + Alternatively, you can create the AWS profile with a tool of your choice. Use the JSON policy in [main.tf](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam/main.tf) in the resource `aws_iam_policy.control_plane_policy`. + +* **iamProfileWorkerNodes**: The name of an IAM instance profile attached to all worker nodes. + + You can create the resource with [Terraform](https://www.terraform.io/). For that, use the [provided Terraform script](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam) to generate the necessary profile. The profile name will be provided as Terraform output value: `worker_nodes_instance_profile_name`. + + Alternatively, you can create the AWS profile with a tool of your choice. Use the JSON policy in [main.tf](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam/main.tf) in the resource `aws_iam_policy.worker_node_policy`. + + + + +* **subscription**: The UUID of your Azure subscription, e.g., `8b8bd01f-efd9-4113-9bd1-c82137c32da7`. + + You can view your subscription UUID via `az account show` and read the `id` field. For more information refer to [Azure's documentation](https://docs.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id#find-your-azure-subscription). + +* **tenant**: The UUID of your Azure tenant, e.g., `3400e5a2-8fe2-492a-886c-38cb66170f25`. + + You can view your tenant UUID via `az account show` and read the `tenant` field. For more information refer to [Azure's documentation](https://docs.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id#find-your-azure-ad-tenant). + +* **location**: The Azure datacenter location you want to deploy your cluster in, e.g., `westus`. + + CVMs are available in several Azure regions. Constellation OS images are currently replicated to the following: + + * `germanywestcentral` + * `westus` + * `eastus` + * `northeurope` + * `westeurope` + * `southeastasia` + + If you require the OS image to be available in another region, [let us know](https://github.com/edgelesssys/constellation/issues/new?assignees=&labels=&template=feature_request.md&title=Support+new+Azure+image+region:+xx-xxxx-x). + + You can find a list of all [regions in Azure's documentation](https://azure.microsoft.com/en-us/global-infrastructure/services/?products=virtual-machines®ions=all). + +* **resourceGroup**: [Create a new resource group in Azure](https://learn.microsoft.com/azure/azure-resource-manager/management/manage-resource-groups-portal) for your Constellation cluster. Set this configuration field to the name of the created resource group. + +* **userAssignedIdentity**: [Create a new managed identity in Azure](https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities). You should create the identity in a different resource group as all resources within the cluster resource group will be deleted on cluster termination. + + Add three role assignments to the identity: `Owner`, `Virtual Machine Contributor`, and `Application Insights Component Contributor`. The `scope` of all three should refer to the previously created cluster resource group. + + Set the configuration value to the full ID of the created identity, e.g., `/subscriptions/8b8bd01f-efd9-4113-9bd1-c82137c32da7/resourcegroups/constellation-identity/providers/Microsoft.ManagedIdentity/userAssignedIdentities/constellation-identity`. You can get it by opening the `JSON View` from the `Overview` section of the identity. + + The user-assigned identity is used by instances of the cluster to access other cloud resources. + For more information about managed identities refer to [Azure's documentation](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities). + + + + +* **project**: The ID of your GCP project, e.g., `constellation-129857`. + + You can find it on the [welcome screen of your GCP project](https://console.cloud.google.com/welcome). For more information refer to [Google's documentation](https://support.google.com/googleapi/answer/7014113). + +* **region**: The GCP region you want to deploy your cluster in, e.g., `us-west1`. + + You can find a [list of all regions in Google's documentation](https://cloud.google.com/compute/docs/regions-zones#available). + +* **zone**: The GCP zone you want to deploy your cluster in, e.g., `us-west1-a`. + + You can find a [list of all zones in Google's documentation](https://cloud.google.com/compute/docs/regions-zones#available). + +* **serviceAccountKeyPath**: To configure this, you need to create a GCP [service account](https://cloud.google.com/iam/docs/service-accounts) with the following permissions: + + * `Compute Instance Admin (v1) (roles/compute.instanceAdmin.v1)` + * `Compute Network Admin (roles/compute.networkAdmin)` + * `Compute Security Admin (roles/compute.securityAdmin)` + * `Compute Storage Admin (roles/compute.storageAdmin)` + * `Service Account User (roles/iam.serviceAccountUser)` + + Afterward, create and download a new JSON key for this service account. Place the downloaded file in your Constellation workspace, and set the config parameter to the filename, e.g., `constellation-129857-15343dba46cb.json`. + + + + +STACKIT requires manual creation and configuration of service accounts. Look at the [first steps](../getting-started/first-steps.md) for more information. + + + +
      + +Now that you've configured your CSP, you can [create your cluster](./create.md). + +## Deleting an IAM configuration + +You can keep a created IAM configuration and reuse it for new clusters. Alternatively, you can also delete it if you don't want to use it anymore. + +Delete the IAM configuration by executing the following command in the same directory where you executed `constellation iam create` (the directory that contains [`constellation-iam-terraform`](../reference/terraform.md) as a subdirectory): + +```bash +constellation iam destroy +``` + +:::caution +For Azure, deleting the IAM configuration by executing `constellation iam destroy` will delete the whole resource group created by `constellation iam create`. +This also includes any additional resources in the resource group that weren't created by Constellation. +::: diff --git a/docs/versioned_docs/version-2.18/workflows/create.md b/docs/versioned_docs/version-2.18/workflows/create.md new file mode 100644 index 000000000..6074ebb16 --- /dev/null +++ b/docs/versioned_docs/version-2.18/workflows/create.md @@ -0,0 +1,93 @@ +# Create your cluster + +:::info +This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. +::: + + + +--- + +Creating your cluster happens through multiple phases. +The most significant ones are: + +1. Creating the necessary resources in your cloud environment +2. Bootstrapping the Constellation cluster and setting up a connection +3. Installing the necessary Kubernetes components + +`constellation apply` handles all this in a single command. +You can use the `--skip-phases` flag to skip specific phases of the process. +For example, if you created the infrastructure manually, you can skip the cloud resource creation phase. + +See the [architecture](../architecture/orchestration.md) section for details on the inner workings of this process. + +:::tip +If you don't have a cloud subscription, you can also set up a [local Constellation cluster using virtualization](../getting-started/first-steps-local.md) for testing. +::: + +Before you create the cluster, make sure to have a [valid configuration file](./config.md). + + + + +```bash +constellation apply +``` + +`apply` stores the state of your cluster's cloud resources in a [`constellation-terraform`](../architecture/orchestration.md#cluster-creation-process) directory in your workspace. + + + + +Self-managed infrastructure allows for more flexibility in the setup, by separating the infrastructure setup from the Constellation cluster management. +This provides flexibility in DevOps and can meet potential regulatory requirements. +It's recommended to use Terraform for infrastructure management, but you can use any tool of your choice. + +:::info + + When using Terraform, you can use the [Constellation Terraform provider](./terraform-provider.md) to manage the entire Constellation cluster lifecycle. + +::: + +You can refer to the Terraform files for the selected CSP from the [Constellation GitHub repository](https://github.com/edgelesssys/constellation/tree/main/terraform/infrastructure) for a minimum Constellation cluster configuration. From this base, you can now add, edit, or substitute resources per your own requirements with the infrastructure +management tooling of your choice. You need to keep the essential functionality of the base configuration in order for your cluster to function correctly. + + + +:::info + + On Azure, a manual update to the MAA provider's policy is necessary. + You can apply the update with the following command after creating the infrastructure, with `` being the URL of the MAA provider (i.e., `$(terraform output attestation_url | jq -r)`, when using the minimal Terraform configuration). + + ```bash + constellation maa-patch + ``` + +::: + + + +Make sure all necessary resources are created, e.g., through checking your CSP's portal and retrieve the necessary values, aligned with the outputs (specified in `outputs.tf`) of the base configuration. + +Fill these outputs into the corresponding fields of the `Infrastructure` block inside the `constellation-state.yaml` file. For example, fill the IP or DNS name your cluster can be reached at into the `.Infrastructure.ClusterEndpoint` field. + +With the required cloud resources set up, continue with initializing your cluster. + +```bash +constellation apply --skip-phases=infrastructure +``` + + + + +Finally, configure `kubectl` for your cluster: + +```bash +export KUBECONFIG="$PWD/constellation-admin.conf" +``` + +🏁 That's it. You've successfully created a Constellation cluster. + +### Troubleshooting + +In case `apply` fails, the CLI collects logs from the bootstrapping instance and stores them inside `constellation-cluster.log`. diff --git a/docs/versioned_docs/version-2.18/workflows/lb.md b/docs/versioned_docs/version-2.18/workflows/lb.md new file mode 100644 index 000000000..868e61076 --- /dev/null +++ b/docs/versioned_docs/version-2.18/workflows/lb.md @@ -0,0 +1,28 @@ +# Expose a service + +Constellation integrates the native load balancers of each CSP. Therefore, to expose a service simply [create a service of type `LoadBalancer`](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer). + +## Internet-facing LB service on AWS + +To expose your application service externally you might want to use a Kubernetes Service of type `LoadBalancer`. On AWS, load-balancing is achieved through the [AWS Load Balancer Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller) as in the managed EKS. + +Since recent versions, the controller deploy an internal LB by default requiring to set an annotation `service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing` to have an internet-facing LB. For more details, see the [official docs](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.7/guide/service/nlb/). + +For general information on LB with AWS see [Network load balancing on Amazon EKS](https://docs.aws.amazon.com/eks/latest/userguide/network-load-balancing.html). + +:::caution +Before terminating the cluster, all LB backed services should be deleted, so that the controller can cleanup the related resources. +::: + +## Ingress on AWS + +The AWS Load Balancer Controller also provisions `Ingress` resources of class `alb`. +AWS Application Load Balancers (ALBs) can be configured with a [`target-type`](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.7/guide/ingress/annotations/#target-type). +The target type `ip` requires using the EKS container network solution, which makes it incompatible with Constellation. +If a service can be exposed on a `NodePort`, the target type `instance` can be used. + +See [Application load balancing on Amazon EKS](https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html) for more information. + +:::caution +Ingress handlers backed by AWS ALBs reside outside the Constellation cluster, so they shouldn't be handling sensitive traffic! +::: diff --git a/docs/versioned_docs/version-2.18/workflows/recovery.md b/docs/versioned_docs/version-2.18/workflows/recovery.md new file mode 100644 index 000000000..592ae247b --- /dev/null +++ b/docs/versioned_docs/version-2.18/workflows/recovery.md @@ -0,0 +1,179 @@ +# Recover your cluster + +Recovery of a Constellation cluster means getting it back into a healthy state after too many concurrent node failures in the control plane. +Reasons for an unhealthy cluster can vary from a power outage, or planned reboot, to migration of nodes and regions. +Recovery events are rare, because Constellation is built for high availability and automatically and securely replaces failed nodes. When a node is replaced, Constellation's control plane first verifies the new node before it sends the node the cryptographic keys required to decrypt its [state disk](../architecture/images.md#state-disk). + +Constellation provides a recovery mechanism for cases where the control plane has failed and is unable to replace nodes. +The `constellation recover` command securely connects to all nodes in need of recovery using [attested TLS](../architecture/attestation.md#attested-tls-atls) and provides them with the keys to decrypt their state disks and continue booting. + +## Identify unhealthy clusters + +The first step to recovery is identifying when a cluster becomes unhealthy. +Usually, this can be first observed when the Kubernetes API server becomes unresponsive. + +You can check the health status of the nodes via the cloud service provider (CSP). +Constellation provides logging information on the boot process and status via serial console output. +In the following, you'll find detailed descriptions for identifying clusters stuck in recovery for each CSP. + + + + +First, open the AWS console to view all Auto Scaling Groups (ASGs) in the region of your cluster. Select the ASG of the control plane `--control-plane` and check that enough members are in a *Running* state. + +Second, check the boot logs of these *Instances*. In the ASG's *Instance management* view, select each desired instance. In the upper right corner, select **Action > Monitor and troubleshoot > Get system log**. + +In the serial console output, search for `Waiting for decryption key`. +Similar output to the following means your node was restarted and needs to decrypt the [state disk](../architecture/images.md#state-disk): + +```json +{"level":"INFO","ts":"2022-09-08T10:21:53Z","caller":"cmd/main.go:55","msg":"Starting disk-mapper","version":"2.0.0","cloudProvider":"gcp"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"setupManager","caller":"setup/setup.go:72","msg":"Preparing existing state disk"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:65","msg":"Starting RejoinClient"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"recoveryServer","caller":"recoveryserver/server.go:59","msg":"Starting RecoveryServer"} +``` + +The node will then try to connect to the [*JoinService*](../architecture/microservices.md#joinservice) and obtain the decryption key. +If this fails due to an unhealthy control plane, you will see log messages similar to the following: + +```json +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:77","msg":"Received list with JoinService endpoints","endpoints":["192.168.178.4:30090","192.168.178.2:30090"]} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:96","msg":"Requesting rejoin ticket","endpoint":"192.168.178.4:30090"} +{"level":"WARN","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:101","msg":"Failed to rejoin on endpoint","error":"rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing dial tcp 192.168.178.4:30090: connect: connection refused\"","endpoint":"192.168.178.4:30090"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:96","msg":"Requesting rejoin ticket","endpoint":"192.168.178.2:30090"} +{"level":"WARN","ts":"2022-09-08T10:22:13Z","logger":"rejoinClient","caller":"rejoinclient/client.go:101","msg":"Failed to rejoin on endpoint","error":"rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing dial tcp 192.168.178.2:30090: i/o timeout\"","endpoint":"192.168.178.2:30090"} +{"level":"ERROR","ts":"2022-09-08T10:22:13Z","logger":"rejoinClient","caller":"rejoinclient/client.go:110","msg":"Failed to rejoin on all endpoints"} +``` + +This means that you have to recover the node manually. + + + + +In the Azure portal, find the cluster's resource group. +Inside the resource group, open the control plane *Virtual machine scale set* `constellation-scale-set-controlplanes-`. +On the left, go to **Settings** > **Instances** and check that enough members are in a *Running* state. + +Second, check the boot logs of these *Instances*. +In the scale set's *Instances* view, open the details page of the desired instance. +On the left, go to **Support + troubleshooting** > **Serial console**. + +In the serial console output, search for `Waiting for decryption key`. +Similar output to the following means your node was restarted and needs to decrypt the [state disk](../architecture/images.md#state-disk): + +```json +{"level":"INFO","ts":"2022-09-08T09:56:41Z","caller":"cmd/main.go:55","msg":"Starting disk-mapper","version":"2.0.0","cloudProvider":"azure"} +{"level":"INFO","ts":"2022-09-08T09:56:43Z","logger":"setupManager","caller":"setup/setup.go:72","msg":"Preparing existing state disk"} +{"level":"INFO","ts":"2022-09-08T09:56:43Z","logger":"recoveryServer","caller":"recoveryserver/server.go:59","msg":"Starting RecoveryServer"} +{"level":"INFO","ts":"2022-09-08T09:56:43Z","logger":"rejoinClient","caller":"rejoinclient/client.go:65","msg":"Starting RejoinClient"} +``` + +The node will then try to connect to the [*JoinService*](../architecture/microservices.md#joinservice) and obtain the decryption key. +If this fails due to an unhealthy control plane, you will see log messages similar to the following: + +```json +{"level":"INFO","ts":"2022-09-08T09:56:43Z","logger":"rejoinClient","caller":"rejoinclient/client.go:77","msg":"Received list with JoinService endpoints","endpoints":["10.9.0.5:30090","10.9.0.6:30090"]} +{"level":"INFO","ts":"2022-09-08T09:56:43Z","logger":"rejoinClient","caller":"rejoinclient/client.go:96","msg":"Requesting rejoin ticket","endpoint":"10.9.0.5:30090"} +{"level":"WARN","ts":"2022-09-08T09:57:03Z","logger":"rejoinClient","caller":"rejoinclient/client.go:101","msg":"Failed to rejoin on endpoint","error":"rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing dial tcp 10.9.0.5:30090: i/o timeout\"","endpoint":"10.9.0.5:30090"} +{"level":"INFO","ts":"2022-09-08T09:57:03Z","logger":"rejoinClient","caller":"rejoinclient/client.go:96","msg":"Requesting rejoin ticket","endpoint":"10.9.0.6:30090"} +{"level":"WARN","ts":"2022-09-08T09:57:23Z","logger":"rejoinClient","caller":"rejoinclient/client.go:101","msg":"Failed to rejoin on endpoint","error":"rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing dial tcp 10.9.0.6:30090: i/o timeout\"","endpoint":"10.9.0.6:30090"} +{"level":"ERROR","ts":"2022-09-08T09:57:23Z","logger":"rejoinClient","caller":"rejoinclient/client.go:110","msg":"Failed to rejoin on all endpoints"} +``` + +This means that you have to recover the node manually. + + + + +First, check that the control plane *Instance Group* has enough members in a *Ready* state. +In the GCP Console, go to **Instance Groups** and check the group for the cluster's control plane `-control-plane-`. + +Second, check the status of the *VM Instances*. +Go to **VM Instances** and open the details of the desired instance. +Check the serial console output of that instance by opening the **Logs** > **Serial port 1 (console)** page: + +![GCP portal serial console link](../_media/recovery-gcp-serial-console-link.png) + +In the serial console output, search for `Waiting for decryption key`. +Similar output to the following means your node was restarted and needs to decrypt the [state disk](../architecture/images.md#state-disk): + +```json +{"level":"INFO","ts":"2022-09-08T10:21:53Z","caller":"cmd/main.go:55","msg":"Starting disk-mapper","version":"2.0.0","cloudProvider":"gcp"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"setupManager","caller":"setup/setup.go:72","msg":"Preparing existing state disk"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:65","msg":"Starting RejoinClient"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"recoveryServer","caller":"recoveryserver/server.go:59","msg":"Starting RecoveryServer"} +``` + +The node will then try to connect to the [*JoinService*](../architecture/microservices.md#joinservice) and obtain the decryption key. +If this fails due to an unhealthy control plane, you will see log messages similar to the following: + +```json +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:77","msg":"Received list with JoinService endpoints","endpoints":["192.168.178.4:30090","192.168.178.2:30090"]} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:96","msg":"Requesting rejoin ticket","endpoint":"192.168.178.4:30090"} +{"level":"WARN","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:101","msg":"Failed to rejoin on endpoint","error":"rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing dial tcp 192.168.178.4:30090: connect: connection refused\"","endpoint":"192.168.178.4:30090"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:96","msg":"Requesting rejoin ticket","endpoint":"192.168.178.2:30090"} +{"level":"WARN","ts":"2022-09-08T10:22:13Z","logger":"rejoinClient","caller":"rejoinclient/client.go:101","msg":"Failed to rejoin on endpoint","error":"rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing dial tcp 192.168.178.2:30090: i/o timeout\"","endpoint":"192.168.178.2:30090"} +{"level":"ERROR","ts":"2022-09-08T10:22:13Z","logger":"rejoinClient","caller":"rejoinclient/client.go:110","msg":"Failed to rejoin on all endpoints"} +``` + +This means that you have to recover the node manually. + + + + +First, open the STACKIT portal to view all servers in your project. Select individual control plane nodes `--control-plane--` and check that enough members are in a *Running* state. + +Second, check the boot logs of these servers. Click on a server name and select **Overview**. Find the **Machine Setup** section and click on **Web console** > **Open console**. + +In the serial console output, search for `Waiting for decryption key`. +Similar output to the following means your node was restarted and needs to decrypt the [state disk](../architecture/images.md#state-disk): + +```json +{"level":"INFO","ts":"2022-09-08T10:21:53Z","caller":"cmd/main.go:55","msg":"Starting disk-mapper","version":"2.0.0","cloudProvider":"gcp"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"setupManager","caller":"setup/setup.go:72","msg":"Preparing existing state disk"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:65","msg":"Starting RejoinClient"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"recoveryServer","caller":"recoveryserver/server.go:59","msg":"Starting RecoveryServer"} +``` + +The node will then try to connect to the [*JoinService*](../architecture/microservices.md#joinservice) and obtain the decryption key. +If this fails due to an unhealthy control plane, you will see log messages similar to the following: + +```json +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:77","msg":"Received list with JoinService endpoints","endpoints":["192.168.178.4:30090","192.168.178.2:30090"]} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:96","msg":"Requesting rejoin ticket","endpoint":"192.168.178.4:30090"} +{"level":"WARN","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:101","msg":"Failed to rejoin on endpoint","error":"rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing dial tcp 192.168.178.4:30090: connect: connection refused\"","endpoint":"192.168.178.4:30090"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:96","msg":"Requesting rejoin ticket","endpoint":"192.168.178.2:30090"} +{"level":"WARN","ts":"2022-09-08T10:22:13Z","logger":"rejoinClient","caller":"rejoinclient/client.go:101","msg":"Failed to rejoin on endpoint","error":"rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing dial tcp 192.168.178.2:30090: i/o timeout\"","endpoint":"192.168.178.2:30090"} +{"level":"ERROR","ts":"2022-09-08T10:22:13Z","logger":"rejoinClient","caller":"rejoinclient/client.go:110","msg":"Failed to rejoin on all endpoints"} +``` + +This means that you have to recover the node manually. + + + + +## Recover a cluster + +Recovering a cluster requires the following parameters: + +* The `constellation-state.yaml` file in your working directory or the cluster's endpoint +* The master secret of the cluster + +A cluster can be recovered like this: + +```bash +$ constellation recover +Pushed recovery key. +Pushed recovery key. +Pushed recovery key. +Recovered 3 control-plane nodes. +``` + +In the serial console output of the node you'll see a similar output to the following: + +```json +{"level":"INFO","ts":"2022-09-08T10:26:59Z","logger":"recoveryServer","caller":"recoveryserver/server.go:93","msg":"Received recover call"} +{"level":"INFO","ts":"2022-09-08T10:26:59Z","logger":"recoveryServer","caller":"recoveryserver/server.go:125","msg":"Received state disk key and measurement secret, shutting down server"} +{"level":"INFO","ts":"2022-09-08T10:26:59Z","logger":"recoveryServer.gRPC","caller":"zap/server_interceptors.go:61","msg":"finished streaming call with code OK","grpc.start_time":"2022-09-08T10:26:59Z","system":"grpc","span.kind":"server","grpc.service":"recoverproto.API","grpc.method":"Recover","peer.address":"192.0.2.3:41752","grpc.code":"OK","grpc.time_ms":15.701} +{"level":"INFO","ts":"2022-09-08T10:27:13Z","logger":"rejoinClient","caller":"rejoinclient/client.go:87","msg":"RejoinClient stopped"} +``` diff --git a/docs/versioned_docs/version-2.18/workflows/s3proxy.md b/docs/versioned_docs/version-2.18/workflows/s3proxy.md new file mode 100644 index 000000000..121e8a461 --- /dev/null +++ b/docs/versioned_docs/version-2.18/workflows/s3proxy.md @@ -0,0 +1,58 @@ +# Install s3proxy + +Constellation includes a transparent client-side encryption proxy for [AWS S3](https://aws.amazon.com/de/s3/) and compatible stores. +s3proxy encrypts objects before sending them to S3 and automatically decrypts them on retrieval, without requiring changes to your application. +With s3proxy, you can use S3 for storage in a confidential way without having to trust the storage provider. + +## Limitations + +Currently, s3proxy has the following limitations: +- Only `PutObject` and `GetObject` requests are encrypted/decrypted by s3proxy. +By default, s3proxy will block requests that may expose unencrypted data to S3 (e.g. UploadPart). +The `allow-multipart` flag disables request blocking for evaluation purposes. +- Using the [Range](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html#API_GetObject_RequestSyntax) header on `GetObject` is currently not supported and will result in an error. + +These limitations will be removed with future iterations of s3proxy. +If you want to use s3proxy but these limitations stop you from doing so, consider [opening an issue](https://github.com/edgelesssys/constellation/issues/new?assignees=&labels=&projects=&template=feature_request.yml). + +## Deployment + +You can add the s3proxy to your Constellation cluster as follows: +1. Add the Edgeless Systems chart repository: + ```bash + helm repo add edgeless https://helm.edgeless.systems/stable + helm repo update + ``` +2. Set ACCESS_KEY and ACCESS_SECRET to valid credentials you want s3proxy to use to interact with S3. +3. Deploy s3proxy: + ```bash + helm install s3proxy edgeless/s3proxy --set awsAccessKeyID="$ACCESS_KEY" --set awsSecretAccessKey="$ACCESS_SECRET" + ``` + +If you want to run a demo application, check out the [Filestash with s3proxy](../getting-started/examples/filestash-s3proxy.md) example. + + +## Technical details + +### Encryption + +s3proxy relies on Google's [Tink Cryptographic Library](https://developers.google.com/tink) to implement cryptographic operations securely. +The used cryptographic primitives are [NIST SP 800 38f](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf) for key wrapping and [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard)-[GCM](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Galois/counter_(GCM)) with 256 bit keys for data encryption. + +s3proxy uses [envelope encryption](https://cloud.google.com/kms/docs/envelope-encryption) to encrypt objects. +This means s3proxy uses a key encryption key (KEK) issued by the [KeyService](../architecture/microservices.md#keyservice) to encrypt data encryption keys (DEKs). +Each S3 object is encrypted with its own DEK. +The encrypted DEK is then saved as metadata of the encrypted object. +This enables key rotation of the KEK without re-encrypting the data in S3. +The approach also allows access to objects from different locations, as long as each location has access to the KEK. + +### Traffic interception + +To use s3proxy, you have to redirect your outbound S3 traffic to s3proxy. +This can either be done by modifying your client application or by changing the deployment of your application. + +The necessary deployment modifications are to add DNS redirection and a trusted TLS certificate to the client's trust store. +DNS redirection can be defined for each pod, allowing you to use s3proxy for one application without changing other applications in the same cluster. +Adding a trusted TLS certificate is necessary as clients communicate with s3proxy via HTTPS. +To have your client application trust s3proxy's TLS certificate, the certificate has to be added to the client's certificate trust store. +The [Filestash with s3proxy](../getting-started/examples/filestash-s3proxy.md) example shows how to do this. diff --git a/docs/versioned_docs/version-2.18/workflows/sbom.md b/docs/versioned_docs/version-2.18/workflows/sbom.md new file mode 100644 index 000000000..6c1702dee --- /dev/null +++ b/docs/versioned_docs/version-2.18/workflows/sbom.md @@ -0,0 +1,93 @@ +# Consume software bill of materials (SBOMs) + + + +--- + +Constellation builds produce a [software bill of materials (SBOM)](https://www.ntia.gov/SBOM) for each generated [artifact](../architecture/microservices.md). +You can use SBOMs to make informed decisions about dependencies and vulnerabilities in a given application. Enterprises rely on SBOMs to maintain an inventory of used applications, which allows them to take data-driven approaches to managing risks related to vulnerabilities. + +SBOMs for Constellation are generated using [Syft](https://github.com/anchore/syft), signed using [Cosign](https://github.com/sigstore/cosign), and stored with the produced artifact. + +:::note +The public key for Edgeless Systems' long-term code-signing key is: + +``` +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEf8F1hpmwE+YCFXzjGtaQcrL6XZVT +JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== +-----END PUBLIC KEY----- +``` + +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). + +Make sure the key is available in a file named `cosign.pub` to execute the following examples. +::: + +## Verify and download SBOMs + +The following sections detail how to work with each type of artifact to verify and extract the SBOM. + +### Constellation CLI + +The SBOM for Constellation CLI is made available on the [GitHub release page](https://github.com/edgelesssys/constellation/releases). The SBOM (`constellation.spdx.sbom`) and corresponding signature (`constellation.spdx.sbom.sig`) are valid for each Constellation CLI for a given version, regardless of architecture and operating system. + +```bash +curl -LO https://github.com/edgelesssys/constellation/releases/download/v2.2.0/constellation.spdx.sbom +curl -LO https://github.com/edgelesssys/constellation/releases/download/v2.2.0/constellation.spdx.sbom.sig +cosign verify-blob --key cosign.pub --signature constellation.spdx.sbom.sig constellation.spdx.sbom +``` + +### Container Images + +SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/cosign/signing/other_types/#sboms-software-bill-of-materials) and uploaded to the same registry. + +As a consumer, use cosign to download and verify the SBOM: + +```bash +# Verify and download the attestation statement +cosign verify-attestation ghcr.io/edgelesssys/constellation/verification-service@v2.2.0 --type 'https://cyclonedx.org/bom' --key cosign.pub --output-file verification-service.att.json +# Extract SBOM from attestation statement +jq -r .payload verification-service.att.json | base64 -d > verification-service.cyclonedx.sbom +``` + +A successful verification should result in similar output: + +```shell-session +$ cosign verify-attestation ghcr.io/edgelesssys/constellation/verification-service@v2.2.0 --type 'https://cyclonedx.org/bom' --key cosign.pub --output-file verification-service.sbom + +Verification for ghcr.io/edgelesssys/constellation/verification-service@v2.2.0 -- +The following checks were performed on each of these signatures: + - The cosign claims were validated + - The signatures were verified against the specified public key +$ jq -r .payload verification-service.sbom | base64 -d > verification-service.cyclonedx.sbom +``` + +:::note + +This example considers only the `verification-service`. The same approach works for all containers in the [Constellation container registry](https://github.com/orgs/edgelesssys/packages?repo_name=constellation). + +::: + + + +## Vulnerability scanning + +You can use a plethora of tools to consume SBOMs. This section provides suggestions for tools that are popular and known to produce reliable results, but any tool that consumes [SPDX](https://spdx.dev/) or [CycloneDX](https://cyclonedx.org/) files should work. + +Syft is able to [convert between the two formats](https://github.com/anchore/syft#format-conversion-experimental) in case you require a specific type. + +### Grype + +[Grype](https://github.com/anchore/grype) is a CLI tool that lends itself well for integration into CI/CD systems or local developer machines. It's also able to consume the signed attestation statement directly and does the verification in one go. + +```bash +grype att:verification-service.sbom --key cosign.pub --add-cpes-if-none -q +``` + +### Dependency Track + +[Dependency Track](https://dependencytrack.org/) is one of the oldest and most mature solutions when it comes to managing software inventory and vulnerabilities. Once imported, it continuously scans SBOMs for new vulnerabilities. It supports the CycloneDX format and provides direct guidance on how to comply with [U.S. Executive Order 14028](https://docs.dependencytrack.org/usage/executive-order-14028/). diff --git a/docs/versioned_docs/version-2.18/workflows/scale.md b/docs/versioned_docs/version-2.18/workflows/scale.md new file mode 100644 index 000000000..28f19e3f1 --- /dev/null +++ b/docs/versioned_docs/version-2.18/workflows/scale.md @@ -0,0 +1,122 @@ +# Scale your cluster + +Constellation provides all features of a Kubernetes cluster including scaling and autoscaling. + +## Worker node scaling + +### Autoscaling + +Constellation comes with autoscaling disabled by default. To enable autoscaling, find the scaling group of +worker nodes: + +```bash +kubectl get scalinggroups -o json | yq '.items | .[] | select(.spec.role == "Worker") | [{"name": .metadata.name, "nodeGoupName": .spec.nodeGroupName}]' +``` + +This will output a list of scaling groups with the corresponding cloud provider name (`name`) and the cloud provider agnostic name of the node group (`nodeGroupName`). + +Then, patch the `autoscaling` field of the scaling group resource with the desired `name` to `true`: + +```bash +# Replace with the name of the scaling group you want to enable autoscaling for +worker_group= +kubectl patch scalinggroups $worker_group --patch '{"spec":{"autoscaling": true}}' --type='merge' +kubectl get scalinggroup $worker_group -o jsonpath='{.spec}' | yq -P +``` + +The cluster autoscaler now automatically provisions additional worker nodes so that all pods have a place to run. +You can configure the minimum and maximum number of worker nodes in the scaling group by patching the `min` or +`max` fields of the scaling group resource: + +```bash +kubectl patch scalinggroups $worker_group --patch '{"spec":{"max": 5}}' --type='merge' +kubectl get scalinggroup $worker_group -o jsonpath='{.spec}' | yq -P +``` + +The cluster autoscaler will now never provision more than 5 worker nodes. + +If you want to see the autoscaling in action, try to add a deployment with a lot of replicas, like the +following Nginx deployment. The number of replicas needed to trigger the autoscaling depends on the size of +and count of your worker nodes. Wait for the rollout of the deployment to finish and compare the number of +worker nodes before and after the deployment: + +```bash +kubectl create deployment nginx --image=nginx --replicas 150 +kubectl -n kube-system get nodes +kubectl rollout status deployment nginx +kubectl -n kube-system get nodes +``` + +### Manual scaling + +Alternatively, you can manually scale your cluster up or down: + + + + +1. Go to Auto Scaling Groups and select the worker ASG to scale up. +2. Click **Edit** +3. Set the new (increased) **Desired capacity** and **Update**. + + + + +1. Find your Constellation resource group. +2. Select the `scale-set-workers`. +3. Go to **settings** and **scaling**. +4. Set the new **instance count** and **save**. + + + + +1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). +2. **Edit** the **worker** instance group. +3. Set the new **number of instances** and **save**. + + + + +Dynamic cluster scaling isn't yet supported for STACKIT. +Support will be introduced in one of the upcoming releases. + + + + +## Control-plane node scaling + +Control-plane nodes can **only be scaled manually and only scaled up**! + +To increase the number of control-plane nodes, follow these steps: + + + + +1. Go to Auto Scaling Groups and select the control-plane ASG to scale up. +2. Click **Edit** +3. Set the new (increased) **Desired capacity** and **Update**. + + + + +1. Find your Constellation resource group. +2. Select the `scale-set-controlplanes`. +3. Go to **settings** and **scaling**. +4. Set the new (increased) **instance count** and **save**. + + + + +1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). +2. **Edit** the **control-plane** instance group. +3. Set the new (increased) **number of instances** and **save**. + + + + +Dynamic cluster scaling isn't yet supported for STACKIT. +Support will be introduced in one of the upcoming releases. + + + + +If you scale down the number of control-planes nodes, the removed nodes won't be able to exit the `etcd` cluster correctly. This will endanger the quorum that's required to run a stable Kubernetes control plane. diff --git a/docs/versioned_docs/version-2.18/workflows/storage.md b/docs/versioned_docs/version-2.18/workflows/storage.md new file mode 100644 index 000000000..a5c52be90 --- /dev/null +++ b/docs/versioned_docs/version-2.18/workflows/storage.md @@ -0,0 +1,281 @@ +# Use persistent storage + +Persistent storage in Kubernetes requires cloud-specific configuration. +For abstraction of container storage, Kubernetes offers [volumes](https://kubernetes.io/docs/concepts/storage/volumes/), +allowing users to mount storage solutions directly into containers. +The [Container Storage Interface (CSI)](https://kubernetes-csi.github.io/docs/) is the standard interface for exposing arbitrary block and file storage systems into containers in Kubernetes. +Cloud service providers (CSPs) offer their own CSI-based solutions for cloud storage. + +## Confidential storage + +Most cloud storage solutions support encryption, such as [GCE Persistent Disks (PD)](https://cloud.google.com/kubernetes-engine/docs/how-to/using-cmek). +Constellation supports the available CSI-based storage options for Kubernetes engines in AWS, Azure, GCP, and STACKIT. +However, their encryption takes place in the storage backend and is managed by the CSP. +Thus, using the default CSI drivers for these storage types means trusting the CSP with your persistent data. + +To address this, Constellation provides CSI drivers for AWS EBS, Azure Disk, GCE PD, and OpenStack Cinder, offering [encryption on the node level](../architecture/keys.md#storage-encryption). They enable transparent encryption for persistent volumes without needing to trust the cloud backend. Plaintext data never leaves the confidential VM context, offering you confidential storage. + +For more details see [encrypted persistent storage](../architecture/encrypted-storage.md). + +## CSI drivers + +Constellation supports the following drivers, which offer node-level encryption and optional integrity protection. + + + + +**Constellation CSI driver for AWS Elastic Block Store** +Mount [Elastic Block Store](https://aws.amazon.com/ebs/) storage volumes into your Constellation cluster. +Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-aws-ebs-csi-driver) for more information. + + + + +**Constellation CSI driver for Azure Disk**: +Mount Azure [Disk Storage](https://azure.microsoft.com/en-us/services/storage/disks/#overview) into your Constellation cluster. +See the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-azuredisk-csi-driver) for more information. +Since Azure Disks are mounted as `ReadWriteOnce`, they're only available to a single pod. + + + + +**Constellation CSI driver for GCP Persistent Disk**: +Mount [Persistent Disk](https://cloud.google.com/persistent-disk) block storage into your Constellation cluster. +Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-gcp-compute-persistent-disk-csi-driver) for more information. + + + + +**Constellation CSI driver for STACKIT / OpenStack Cinder** +Mount [Cinder](https://docs.openstack.org/cinder/latest/) block storage volumes into your Constellation cluster. +Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-cloud-provider-openstack) for more information. + + + + +Note that in case the options above aren't a suitable solution for you, Constellation is compatible with all other CSI-based storage options. For example, you can use [AWS EFS](https://docs.aws.amazon.com/en_en/eks/latest/userguide/efs-csi.html), [Azure Files](https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction), or [GCP Filestore](https://cloud.google.com/filestore) with Constellation out of the box. Constellation is just not providing transparent encryption on the node level for these storage types yet. + +## Installation + +The Constellation CLI automatically installs Constellation's CSI driver for the selected CSP in your cluster. +If you don't need a CSI driver or wish to deploy your own, you can disable the automatic installation by setting `deployCSIDriver` to `false` in your Constellation config file. + + + + +AWS comes with two storage classes by default. + +* `encrypted-rwo` + * Uses [SSDs of `gp3` type](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html) + * ext-4 filesystem + * Encryption of all data written to disk +* `integrity-encrypted-rwo` + * Uses [SSDs of `gp3` type](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html) + * ext-4 filesystem + * Encryption of all data written to disk + * Integrity protection of data written to disk + +For more information on encryption algorithms and key sizes, refer to [cryptographic algorithms](../architecture/encrypted-storage.md#cryptographic-algorithms). + +:::info + +The default storage class is set to `encrypted-rwo` for performance reasons. +If you want integrity-protected storage, set the `storageClassName` parameter of your persistent volume claim to `integrity-encrypted-rwo`. + +Alternatively, you can create your own storage class with integrity protection enabled by adding `csi.storage.k8s.io/fstype: ext4-integrity` to the class `parameters`. +Or use another filesystem by specifying another file system type with the suffix `-integrity`, e.g., `csi.storage.k8s.io/fstype: xfs-integrity`. + +Note that volume expansion isn't supported for integrity-protected disks. + +::: + + + + +Azure comes with two storage classes by default. + +* `encrypted-rwo` + * Uses [Standard SSDs](https://learn.microsoft.com/en-us/azure/virtual-machines/disks-types#standard-ssds) + * ext-4 filesystem + * Encryption of all data written to disk +* `integrity-encrypted-rwo` + * Uses [Premium SSDs](https://learn.microsoft.com/en-us/azure/virtual-machines/disks-types#premium-ssds) + * ext-4 filesystem + * Encryption of all data written to disk + * Integrity protection of data written to disk + +For more information on encryption algorithms and key sizes, refer to [cryptographic algorithms](../architecture/encrypted-storage.md#cryptographic-algorithms). + +:::info + +The default storage class is set to `encrypted-rwo` for performance reasons. +If you want integrity-protected storage, set the `storageClassName` parameter of your persistent volume claim to `integrity-encrypted-rwo`. + +Alternatively, you can create your own storage class with integrity protection enabled by adding `csi.storage.k8s.io/fstype: ext4-integrity` to the class `parameters`. +Or use another filesystem by specifying another file system type with the suffix `-integrity`, e.g., `csi.storage.k8s.io/fstype: xfs-integrity`. + +Note that volume expansion isn't supported for integrity-protected disks. + +::: + + + + +GCP comes with two storage classes by default. + +* `encrypted-rwo` + * Uses [standard persistent disks](https://cloud.google.com/compute/docs/disks#pdspecs) + * ext-4 filesystem + * Encryption of all data written to disk +* `integrity-encrypted-rwo` + * Uses [performance (SSD) persistent disks](https://cloud.google.com/compute/docs/disks#pdspecs) + * ext-4 filesystem + * Encryption of all data written to disk + * Integrity protection of data written to disk + +For more information on encryption algorithms and key sizes, refer to [cryptographic algorithms](../architecture/encrypted-storage.md#cryptographic-algorithms). + +:::info + +The default storage class is set to `encrypted-rwo` for performance reasons. +If you want integrity-protected storage, set the `storageClassName` parameter of your persistent volume claim to `integrity-encrypted-rwo`. + +Alternatively, you can create your own storage class with integrity protection enabled by adding `csi.storage.k8s.io/fstype: ext4-integrity` to the class `parameters`. +Or use another filesystem by specifying another file system type with the suffix `-integrity`, e.g., `csi.storage.k8s.io/fstype: xfs-integrity`. + +Note that volume expansion isn't supported for integrity-protected disks. + +::: + + + + +STACKIT comes with two storage classes by default. + +* `encrypted-rwo` + * Uses [disks of `storage_premium_perf1` type](https://docs.stackit.cloud/stackit/en/service-plans-blockstorage-75137974.html) + * ext-4 filesystem + * Encryption of all data written to disk +* `integrity-encrypted-rwo` + * Uses [disks of `storage_premium_perf1` type](https://docs.stackit.cloud/stackit/en/service-plans-blockstorage-75137974.html) + * ext-4 filesystem + * Encryption of all data written to disk + * Integrity protection of data written to disk + +For more information on encryption algorithms and key sizes, refer to [cryptographic algorithms](../architecture/encrypted-storage.md#cryptographic-algorithms). + +:::info + +The default storage class is set to `encrypted-rwo` for performance reasons. +If you want integrity-protected storage, set the `storageClassName` parameter of your persistent volume claim to `integrity-encrypted-rwo`. + +Alternatively, you can create your own storage class with integrity protection enabled by adding `csi.storage.k8s.io/fstype: ext4-integrity` to the class `parameters`. +Or use another filesystem by specifying another file system type with the suffix `-integrity`, e.g., `csi.storage.k8s.io/fstype: xfs-integrity`. + +Note that volume expansion isn't supported for integrity-protected disks. + +::: + + + + +1. Create a [persistent volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) + + A [persistent volume claim](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims) is a request for storage with certain properties. + It can refer to a storage class. + The following creates a persistent volume claim, requesting 20 GB of storage via the `encrypted-rwo` storage class: + + ```bash + cat < + +--- + +You can terminate your cluster using the CLI. For this, you need the Terraform state directory named [`constellation-terraform`](../reference/terraform.md) in the current directory. + +:::danger + +All ephemeral storage and state of your cluster will be lost. Make sure any data is safely stored in persistent storage. Constellation can recreate your cluster and the associated encryption keys, but won't backup your application data automatically. + +::: + + + +Terminate the cluster by running: + +```bash +constellation terminate +``` + +Or without confirmation (e.g., for automation purposes): + +```bash +constellation terminate --yes +``` + +This deletes all resources created by Constellation in your cloud environment. +All local files created by the `apply` command are deleted as well, except for `constellation-mastersecret.json` and the configuration file. + +:::caution + +Termination can fail if additional resources have been created that depend on the ones managed by Constellation. In this case, you need to delete these additional +resources manually. Just run the `terminate` command again afterward to continue the termination process of the cluster. + +::: + + + +Terminate the cluster by running: + +```bash +terraform destroy +``` + +Delete all files that are no longer needed: + +```bash +rm constellation-state.yaml constellation-admin.conf +``` + +Only the `constellation-mastersecret.json` and the configuration file remain. + + + diff --git a/docs/versioned_docs/version-2.18/workflows/terraform-provider.md b/docs/versioned_docs/version-2.18/workflows/terraform-provider.md new file mode 100644 index 000000000..ed8f46eda --- /dev/null +++ b/docs/versioned_docs/version-2.18/workflows/terraform-provider.md @@ -0,0 +1,129 @@ +# Use the Terraform provider + +The Constellation Terraform provider allows to manage the full lifecycle of a Constellation cluster (namely creation, upgrades, and deletion) via Terraform. +The provider is available through the [Terraform registry](https://registry.terraform.io/providers/edgelesssys/constellation/latest) and is released in lock-step with Constellation releases. + +## Prerequisites + +- a Linux / Mac operating system (ARM64/AMD64) +- a Terraform installation of version `v1.4.4` or above + +## Quick setup + +This example shows how to set up a Constellation cluster with the reference IAM and infrastructure setup. This setup is also used when creating a Constellation cluster through the Constellation CLI. You can either consume the IAM / infrastructure modules through a remote source (recommended) or local files. The latter requires downloading the infrastructure and IAM modules for the corresponding CSP from `terraform-modules.zip` on the [Constellation release page](https://github.com/edgelesssys/constellation/releases/latest) and placing them in the Terraform workspace directory. + +1. Create a directory (workspace) for your Constellation cluster. + + ```bash + mkdir constellation-workspace + cd constellation-workspace + ``` + +2. Use one of the [example configurations for using the Constellation Terraform provider](https://github.com/edgelesssys/constellation/tree/main/terraform-provider-constellation/examples/full) or create a `main.tf` file and fill it with the resources you want to create. The [Constellation Terraform provider documentation](https://registry.terraform.io/providers/edgelesssys/constellation/latest) offers thorough documentation on the resources and their attributes. +3. Initialize and apply the Terraform configuration. + + + + Initialize the providers and apply the configuration. + + ```bash + terraform init + terraform apply + ``` + + Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios. + + + When creating a cluster on Azure, you need to manually patch the policy of the MAA provider before creating the Constellation cluster, as this feature isn't available in Azure's Terraform provider yet. The Constellation CLI provides a utility for patching, but you + can also do it manually. + + ```bash + terraform init + terraform apply -target module.azure_iam # adjust resource path if not using the example configuration + terraform apply -target module.azure_infrastructure # adjust resource path if not using the example configuration + constellation maa-patch $(terraform output -raw maa_url) # adjust output path / input if not using the example configuration or manually patch the resource + terraform apply -target constellation_cluster.azure_example # adjust resource path if not using the example configuration + ``` + + Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios. + + Use the following policy if manually performing the patch. + + ``` + version= 1.0; + authorizationrules + { + [type=="x-ms-azurevm-default-securebootkeysvalidated", value==false] => deny(); + [type=="x-ms-azurevm-debuggersdisabled", value==false] => deny(); + // The line below was edited to use the MAA provider within Constellation. Do not edit manually. + //[type=="secureboot", value==false] => deny(); + [type=="x-ms-azurevm-signingdisabled", value==false] => deny(); + [type=="x-ms-azurevm-dbvalidated", value==false] => deny(); + [type=="x-ms-azurevm-dbxvalidated", value==false] => deny(); + => permit(); + }; + issuancerules + { + }; + ``` + + + + Initialize the providers and apply the configuration. + + ```bash + terraform init + terraform apply + ``` + + Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios. + + + Initialize the providers and apply the configuration. + + ```bash + terraform init + terraform apply + ``` + + Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios. + + + +4. Connect to the cluster. + + ```bash + terraform output -raw kubeconfig > constellation-admin.conf + export KUBECONFIG=$(realpath constellation-admin.conf) + ``` + +## Bringing your own infrastructure + +Instead of using the example infrastructure used in the [quick setup](#quick-setup), you can also provide your own infrastructure. +If you need a starting point for a custom infrastructure setup, you can download the infrastructure / IAM Terraform modules for the respective CSP from the Constellation [GitHub releases](https://github.com/edgelesssys/constellation/releases). You can modify and extend the modules per your requirements, while keeping the basic functionality intact. +The module contains: + +- `{csp}`: cloud resources the cluster runs on +- `iam/{csp}`: IAM resources used within the cluster + +When upgrading your cluster, make sure to check the Constellation release notes for potential breaking changes in the reference infrastructure / IAM modules that need to be considered. + +## Cluster upgrades + +:::tip +Also see the [general documentation on cluster upgrades](./upgrade.md). +::: + +The steps for applying the upgrade are as follows: + +1. Update the version constraint of the Constellation Terraform provider in the `required_providers` block in your Terraform configuration. +2. If you explicitly set any of the version attributes of the provider's resources and data sources (e.g. `image_version` or `constellation_microservice_version`), make sure to update them too. Refer to Constellation's [version support policy](https://github.com/edgelesssys/constellation/blob/main/dev-docs/workflows/versions-support.md) for more information on how each Constellation version and its dependencies are supported. +3. Update the IAM / infrastructure configuration. + - For [remote addresses as module sources](https://developer.hashicorp.com/terraform/language/modules/sources#fetching-archives-over-http), update the version number inside the address of the `source` field of the infrastructure / IAM module to the target version. + - For [local paths as module sources](https://developer.hashicorp.com/terraform/language/modules/sources#local-paths) or when [providing your own infrastructure](#bringing-your-own-infrastructure), see the changes made in the reference modules since the upgrade's origin version and adjust your infrastructure / IAM configuration accordingly. +4. Upgrade the Terraform module and provider dependencies and apply the targeted configuration. + +```bash + terraform init -upgrade + terraform apply +``` diff --git a/docs/versioned_docs/version-2.18/workflows/troubleshooting.md b/docs/versioned_docs/version-2.18/workflows/troubleshooting.md new file mode 100644 index 000000000..195bce1cc --- /dev/null +++ b/docs/versioned_docs/version-2.18/workflows/troubleshooting.md @@ -0,0 +1,151 @@ +# Troubleshooting + +This section aids you in finding problems when working with Constellation. + +## Common issues + +### Issues with creating new clusters + +When you create a new cluster, you should always use the [latest release](https://github.com/edgelesssys/constellation/releases/latest). +If something doesn't work, check out the [known issues](https://github.com/edgelesssys/constellation/issues?q=is%3Aopen+is%3Aissue+label%3A%22known+issue%22). + +### Azure: Resource Providers can't be registered + +On Azure, you may receive the following error when running `apply` or `terminate` with limited IAM permissions: + +```shell-session +Error: Error ensuring Resource Providers are registered. + +Terraform automatically attempts to register the Resource Providers it supports to +ensure it's able to provision resources. + +If you don't have permission to register Resource Providers you may wish to use the +"skip_provider_registration" flag in the Provider block to disable this functionality. + +[...] +``` + +To continue, please ensure that the [required resource providers](../getting-started/install.md#required-permissions) have been registered in your subscription by your administrator. + +Afterward, set `ARM_SKIP_PROVIDER_REGISTRATION=true` as an environment variable and either run `apply` or `terminate` again. +For example: + +```bash +ARM_SKIP_PROVIDER_REGISTRATION=true constellation apply +``` + +Or alternatively, for `terminate`: + +```bash +ARM_SKIP_PROVIDER_REGISTRATION=true constellation terminate +``` + +### Azure: Can't update attestation policy + +On Azure, you may receive the following error when running `apply` from within an Azure environment, e.g., an Azure VM: + +```shell-session +An error occurred: patching policies: updating attestation policy: unexpected status code: 403 Forbidden +``` + +The problem occurs because the Azure SDK we use internally attempts to [authenticate towards the Azure API with the managed identity of your current environment instead of the Azure CLI token](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#DefaultAzureCredential). + +We decided not to deviate from this behavior and comply with the ordering of credentials. + +A solution is to add the [required permissions](../getting-started/install.md#required-permissions) to the managed identity of your environment. For example, the managed identity of your Azure VM, instead of the account that you've authenticated with in the Azure CLI. + +If your setup requires a change in the ordering of credentials, please open an issue and explain your desired behavior. + + + +### Nodes fail to join with error `untrusted measurement value` + +This error indicates that a node's [attestation statement](../architecture/attestation.md) contains measurements that don't match the trusted values expected by the [JoinService](../architecture/microservices.md#joinservice). +This may for example happen if the cloud provider updates the VM's firmware such that it influences the [runtime measurements](../architecture/attestation.md#runtime-measurements) in an unforeseen way. +A failed upgrade due to an erroneous attestation config can also cause this error. +You can change the expected measurements to resolve the failure. + +:::caution + +Attestation and trusted measurements are crucial for the security of your cluster. +Be extra careful when manually changing these settings. +When in doubt, check if the encountered [issue is known](https://github.com/edgelesssys/constellation/issues?q=is%3Aopen+is%3Aissue+label%3A%22known+issue%22) or [contact support](https://github.com/edgelesssys/constellation#support). + +::: + +:::tip + +During an upgrade with modified attestation config, a backup of the current configuration is stored in the `join-config` config map in the `kube-system` namespace under the `attestationConfig_backup` key. To restore the old attestation config after a failed upgrade, replace the value of `attestationConfig` with the value from `attestationConfig_backup`: + +```bash +kubectl patch configmaps -n kube-system join-config -p "{\"data\":{\"attestationConfig\":\"$(kubectl get configmaps -n kube-system join-config -o "jsonpath={.data.attestationConfig_backup}")\"}}" +``` + +::: + +You can use the `apply` command to change measurements of a running cluster: + +1. Modify the `measurements` key in your local `constellation-conf.yaml` to the expected values. +2. Run `constellation apply`. + +Keep in mind that running `apply` also applies any version changes from your config to the cluster. + +You can run these commands to learn about the versions currently configured in the cluster: + +- Kubernetes API server version: `kubectl get nodeversion constellation-version -o json -n kube-system | jq .spec.kubernetesClusterVersion` +- image version: `kubectl get nodeversion constellation-version -o json -n kube-system | jq .spec.imageVersion` +- microservices versions: `helm list --filter 'constellation-services' -n kube-system` + +### Upgrading Kubernetes resources fails + +Constellation manages its Kubernetes resources using Helm. +When applying an upgrade, the charts that are about to be installed, and a values override file `overrides.yaml`, +are saved to disk in your current workspace under `constellation-upgrade/upgrade-/helm-charts/`. +If upgrading the charts using the Constellation CLI fails, you can review these charts and try to manually apply the upgrade. + +:::caution + +Changing and manually applying the charts may destroy cluster resources and can lead to broken Constellation deployments. +Proceed with caution and when in doubt, +check if the encountered [issue is known](https://github.com/edgelesssys/constellation/issues?q=is%3Aopen+is%3Aissue+label%3A%22known+issue%22) or [contact support](https://github.com/edgelesssys/constellation#support). + +::: + +## Diagnosing issues + +### Logs + +To get started on diagnosing issues with Constellation, it's often helpful to collect logs from nodes, pods, or other resources in the cluster. Most logs are available through Kubernetes' standard +[logging interfaces](https://kubernetes.io/docs/concepts/cluster-administration/logging/). + +To debug issues occurring at boot time of the nodes, you can use the serial console interface of the CSP while the machine boots to get a read-only view of the boot logs. + +Apart from that, Constellation also offers further [observability integrations](../architecture/observability.md). + +### Node shell access + +Debugging via a shell on a node is [directly supported by Kubernetes](https://kubernetes.io/docs/tasks/debug/debug-application/debug-running-pod/#node-shell-session). + +1. Figure out which node to connect to: + + ```bash + kubectl get nodes + # or to see more information, such as IPs: + kubectl get nodes -o wide + ``` + +2. Connect to the node: + + ```bash + kubectl debug node/constell-worker-xksa0-000000 -it --image=busybox + ``` + + You will be presented with a prompt. + + The nodes file system is mounted at `/host`. + +3. Once finished, clean up the debug pod: + + ```bash + kubectl delete pod node-debugger-constell-worker-xksa0-000000-bjthj + ``` diff --git a/docs/versioned_docs/version-2.18/workflows/trusted-launch.md b/docs/versioned_docs/version-2.18/workflows/trusted-launch.md new file mode 100644 index 000000000..d6d01d8eb --- /dev/null +++ b/docs/versioned_docs/version-2.18/workflows/trusted-launch.md @@ -0,0 +1,54 @@ +# Use Azure trusted launch VMs + +Constellation also supports [trusted launch VMs](https://docs.microsoft.com/en-us/azure/virtual-machines/trusted-launch) on Microsoft Azure. Trusted launch VMs don't offer the same level of security as Confidential VMs, but are available in more regions and in larger quantities. The main difference between trusted launch VMs and normal VMs is that the former offer vTPM-based remote attestation. When used with trusted launch VMs, Constellation relies on vTPM-based remote attestation to verify nodes. + +:::caution + +Trusted launch VMs don't provide runtime encryption and don't keep the cloud service provider (CSP) out of your trusted computing base. + +::: + +Constellation supports trusted launch VMs with instance types `Standard_D*_v4` and `Standard_E*_v4`. Run `constellation config instance-types` for a list of all supported instance types. + +## VM images + +Azure currently doesn't support [community galleries for trusted launch VMs](https://docs.microsoft.com/en-us/azure/virtual-machines/share-gallery-community). Thus, you need to manually import the Constellation node image into your cloud subscription. + +The latest image is available at `https://cdn.confidential.cloud/constellation/images/azure/trusted-launch/v2.2.0/constellation.img`. Simply adjust the version number to download a newer version. + +After you've downloaded the image, create a resource group `constellation-images` in your Azure subscription and import the image. +You can use a script to do this: + +```bash +wget https://raw.githubusercontent.com/edgelesssys/constellation/main/hack/importAzure.sh +chmod +x importAzure.sh +AZURE_IMAGE_VERSION=2.2.0 AZURE_RESOURCE_GROUP_NAME=constellation-images AZURE_IMAGE_FILE=./constellation.img ./importAzure.sh +``` + +The script creates the following resources: + +1. A new image gallery with the default name `constellation-import` +2. A new image definition with the default name `constellation` +3. The actual image with the provided version. In this case `2.2.0` + +Once the import is completed, use the `ID` of the image version in your `constellation-conf.yaml` for the `image` field. Set `confidentialVM` to `false`. + +Fetch the image measurements: + +```bash +IMAGE_VERSION=2.2.0 +URL=https://public-edgeless-constellation.s3.us-east-2.amazonaws.com//communitygalleries/constellationcvm-b3782fa0-0df7-4f2f-963e-fc7fc42663df/images/constellation/versions/$IMAGE_VERSION/measurements.yaml +constellation config fetch-measurements -u$URL -s$URL.sig +``` + +:::info + +The [`constellation apply`](create.md) command will issue a warning because manually imported images aren't recognized as production grade images: + +```shell-session +Configured image doesn't look like a released production image. Double check image before deploying to production. +``` + +Please ignore this warning. + +::: diff --git a/docs/versioned_docs/version-2.18/workflows/upgrade.md b/docs/versioned_docs/version-2.18/workflows/upgrade.md new file mode 100644 index 000000000..7348c0dbc --- /dev/null +++ b/docs/versioned_docs/version-2.18/workflows/upgrade.md @@ -0,0 +1,110 @@ +# Upgrade your cluster + +Constellation provides an easy way to upgrade all components of your cluster, without disrupting it's availability. +Specifically, you can upgrade the Kubernetes version, the nodes' image, and the Constellation microservices. +You configure the desired versions in your local Constellation configuration and trigger upgrades with the `apply` command. +To learn about available versions you use the `upgrade check` command. +Which versions are available depends on the CLI version you are using. + +## Update the CLI + +Each CLI comes with a set of supported microservice and Kubernetes versions. +Most importantly, a given CLI version can only upgrade a cluster of the previous minor version, but not older ones. +This means that you have to upgrade your CLI and cluster one minor version at a time. + +For example, if you are currently on CLI version v2.6 and the latest version is v2.8, you should + +* upgrade the CLI to v2.7, +* upgrade the cluster to v2.7, +* and only then continue upgrading the CLI (and the cluster) to v2.8 after. + +Also note that if your current Kubernetes version isn't supported by the next CLI version, use your current CLI to upgrade to a newer Kubernetes version first. + +To learn which Kubernetes versions are supported by a particular CLI, run [constellation config kubernetes-versions](../reference/cli.md#constellation-config-kubernetes-versions). + +## Migrate the configuration + +The Constellation configuration file is located in the file `constellation-conf.yaml` in your workspace. +Refer to the [migration reference](../reference/migration.md) to check if you need to update fields in your configuration file. +Use [`constellation config migrate`](../reference/cli.md#constellation-config-migrate) to automatically update an old config file to a new format. + +## Check for upgrades + +To learn which versions the current CLI can upgrade to and what's installed in your cluster, run: + +```bash +# Show possible upgrades +constellation upgrade check + +# Show possible upgrades and write them to config file +constellation upgrade check --update-config +``` + +You can either enter the reported target versions into your config manually or run the above command with the `--update-config` flag. +When using this flag, the `kubernetesVersion`, `image`, `microserviceVersion`, and `attestation` fields are overwritten with the smallest available upgrade. + +## Apply the upgrade + +Once you updated your config with the desired versions, you can trigger the upgrade with this command: + +```bash +constellation apply +``` + +Microservice upgrades will be finished within a few minutes, depending on the cluster size. +If you are interested, you can monitor pods restarting in the `kube-system` namespace with your tool of choice. + +Image and Kubernetes upgrades take longer. +For each node in your cluster, a new node has to be created and joined. +The process usually takes up to ten minutes per node. + +When applying an upgrade, the Helm charts for the upgrade as well as backup files of Constellation-managed Custom Resource Definitions, Custom Resources, and Terraform state are created. +You can use the Terraform state backup to restore previous resources in case an upgrade misconfigured or erroneously deleted a resource. +You can use the Custom Resource (Definition) backup files to restore Custom Resources and Definitions manually (e.g., via `kubectl apply`) if the automatic migration of those resources fails. +You can use the Helm charts to manually apply upgrades to the Kubernetes resources, should an upgrade fail. + +:::note + +For advanced users: the upgrade consists of several phases that can be individually skipped through the `--skip-phases` flag. +The phases are `infrastracture` for the cloud resource management through Terraform, `helm` for the chart management of the microservices, `image` for OS image upgrades, and `k8s` for Kubernetes version upgrades. + +::: + +## Check the status + +Upgrades are asynchronous operations. +After you run `apply`, it will take a while until the upgrade has completed. +To understand if an upgrade is finished, you can run: + +```bash +constellation status +``` + +This command displays the following information: + +* The installed services and their versions +* The image and Kubernetes version the cluster is expecting on each node +* How many nodes are up to date + +Here's an example output: + +```shell-session +Target versions: + Image: v2.6.0 + Kubernetes: v1.25.8 +Service versions: + Cilium: v1.12.1 + cert-manager: v1.10.0 + constellation-operators: v2.6.0 + constellation-services: v2.6.0 +Cluster status: Some node versions are out of date + Image: 23/25 + Kubernetes: 25/25 +``` + +This output indicates that the cluster is running Kubernetes version `1.25.8`, and all nodes have the appropriate binaries installed. +23 out of 25 nodes have already upgraded to the targeted image version of `2.6.0`, while two are still in progress. + +## Apply further upgrades + +After the upgrade is finished, you can run `constellation upgrade check` again to see if there are more upgrades available. If so, repeat the process. diff --git a/docs/versioned_docs/version-2.18/workflows/verify-cli.md b/docs/versioned_docs/version-2.18/workflows/verify-cli.md new file mode 100644 index 000000000..e33569d37 --- /dev/null +++ b/docs/versioned_docs/version-2.18/workflows/verify-cli.md @@ -0,0 +1,129 @@ +# Verify the CLI + +:::info +This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. +::: + + + +--- + +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/cosign/signing/overview/), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. + +:::note +The public key for Edgeless Systems' long-term code-signing key is: + +``` +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEf8F1hpmwE+YCFXzjGtaQcrL6XZVT +JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== +-----END PUBLIC KEY----- +``` + +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). +::: + +The Rekor transparency log is a public append-only ledger that verifies and records signatures and associated metadata. The Rekor transparency log enables everyone to observe the sequence of (software) signatures issued by Edgeless Systems and many other parties. The transparency log allows for the public identification of dubious or malicious signatures. + +You should always ensure that (1) your CLI executable was signed with the private key corresponding to the above public key and that (2) there is a corresponding entry in the Rekor transparency log. Both can be done as described in the following. + +:::info +You don't need to verify the Constellation node images. This is done automatically by your CLI and the rest of Constellation. +::: + +## Verify the signature + +:::info +This guide assumes Linux on an amd64 processor. The exact steps for other platforms differ slightly. +::: + +First, [install the Cosign CLI](https://docs.sigstore.dev/cosign/system_config/installation/). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: + +```shell-session +$ cosign verify-blob --key https://edgeless.systems/es.pub --signature constellation-linux-amd64.sig constellation-linux-amd64 + +Verified OK +``` + +The above performs an offline verification of the provided public key, signature, and executable. To also verify that a corresponding entry exists in the public Rekor transparency log, add the variable `COSIGN_EXPERIMENTAL=1`: + +```shell-session +$ COSIGN_EXPERIMENTAL=1 cosign verify-blob --key https://edgeless.systems/es.pub --signature constellation-linux-amd64.sig constellation-linux-amd64 + +tlog entry verified with uuid: afaba7f6635b3e058888692841848e5514357315be9528474b23f5dcccb82b13 index: 3477047 +Verified OK +``` + +🏁 You now know that your CLI executable was officially released and signed by Edgeless Systems. + +### Optional: Manually inspect the transparency log + +To further inspect the public Rekor transparency log, [install the Rekor CLI](https://docs.sigstore.dev/logging/installation). A search for the CLI executable should give a single UUID. (Note that this UUID contains the UUID from the previous `cosign` command.) + +```shell-session +$ rekor-cli search --artifact constellation-linux-amd64 + +Found matching entries (listed by UUID): +362f8ecba72f4326afaba7f6635b3e058888692841848e5514357315be9528474b23f5dcccb82b13 +``` + +With this UUID you can get the full entry from the transparency log: + +```shell-session +$ rekor-cli get --uuid=362f8ecba72f4326afaba7f6635b3e058888692841848e5514357315be9528474b23f5dcccb82b13 + +LogID: c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d +Index: 3477047 +IntegratedTime: 2022-09-12T22:28:16Z +UUID: afaba7f6635b3e058888692841848e5514357315be9528474b23f5dcccb82b13 +Body: { + "HashedRekordObj": { + "data": { + "hash": { + "algorithm": "sha256", + "value": "40e137b9b9b8204d672642fd1e181c6d5ccb50cfc5cc7fcbb06a8c2c78f44aff" + } + }, + "signature": { + "content": "MEUCIQCSER3mGj+j5Pr2kOXTlCIHQC3gT30I7qkLr9Awt6eUUQIgcLUKRIlY50UN8JGwVeNgkBZyYD8HMxwC/LFRWoMn180=", + "publicKey": { + "content": "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFZjhGMWhwbXdFK1lDRlh6akd0YVFjckw2WFpWVApKbUVlNWlTTHZHMVN5UVNBZXc3V2RNS0Y2bzl0OGUyVEZ1Q2t6bE9oaGx3czJPSFdiaUZabkZXQ0Z3PT0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==" + } + } + } +} +``` + +The field `publicKey` should contain Edgeless Systems' public key in Base64 encoding. + +You can get an exhaustive list of artifact signatures issued by Edgeless Systems via the following command: + +```bash +rekor-cli search --public-key https://edgeless.systems/es.pub --pki-format x509 +``` + +Edgeless Systems monitors this list to detect potential unauthorized use of its private key. + +## Verify the provenance + +Provenance attests that a software artifact was produced by a specific repository and build system invocation. For more information on provenance visit [slsa.dev](https://slsa.dev/provenance/v0.2) and learn about the [adoption of SLSA for Constellation](../reference/slsa.md). + +Just as checking its signature proves that the CLI hasn't been manipulated, checking the provenance proves that the artifact was produced by the expected build process and hasn't been tampered with. + +To verify the provenance, first install the [slsa-verifier](https://github.com/slsa-framework/slsa-verifier). Then make sure you have the provenance file (`constellation.intoto.jsonl`) and Constellation CLI downloaded. Both are available on the [GitHub release page](https://github.com/edgelesssys/constellation/releases). + +:::info +The same provenance file is valid for all Constellation CLI executables of a given version independent of the target platform. +::: + +Use the verifier to perform the check: + +```shell-session +$ slsa-verifier verify-artifact constellation-linux-amd64 \ + --provenance-path constellation.intoto.jsonl \ + --source-uri github.com/edgelesssys/constellation + +Verified signature against tlog entry index 7771317 at URL: https://rekor.sigstore.dev/api/v1/log/entries/24296fb24b8ad77af2c04c8b4ae0d5bc5... +Verified build using builder https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@refs/tags/v1.2.2 at commit 18e9924b416323c37b9cdfd6cc728de8a947424a +PASSED: Verified SLSA provenance +``` diff --git a/docs/versioned_docs/version-2.18/workflows/verify-cluster.md b/docs/versioned_docs/version-2.18/workflows/verify-cluster.md new file mode 100644 index 000000000..b6595ebf2 --- /dev/null +++ b/docs/versioned_docs/version-2.18/workflows/verify-cluster.md @@ -0,0 +1,97 @@ +# Verify your cluster + +Constellation's [attestation feature](../architecture/attestation.md) allows you, or a third party, to verify the integrity and confidentiality of your Constellation cluster. + +## Fetch measurements + +To verify the integrity of Constellation you need trusted measurements to verify against. For each node image released by Edgeless Systems, there are signed measurements, which you can download using the CLI: + +```bash +constellation config fetch-measurements +``` + +This command performs the following steps: + +1. Download the signed measurements for the configured image. By default, this will use Edgeless Systems' public measurement registry. +2. Verify the signature of the measurements. This will use Edgeless Systems' [public key](https://edgeless.systems/es.pub). +3. Write measurements into configuration file. + +The configuration file then contains a list of `measurements` similar to the following: + +```yaml +# ... +measurements: + 0: + expected: "0f35c214608d93c7a6e68ae7359b4a8be5a0e99eea9107ece427c4dea4e439cf" + warnOnly: false + 4: + expected: "02c7a67c01ec70ffaf23d73a12f749ab150a8ac6dc529bda2fe1096a98bf42ea" + warnOnly: false + 5: + expected: "e6949026b72e5045706cd1318889b3874480f7a3f7c5c590912391a2d15e6975" + warnOnly: true + 8: + expected: "0000000000000000000000000000000000000000000000000000000000000000" + warnOnly: false + 9: + expected: "f0a6e8601b00e2fdc57195686cd4ef45eb43a556ac1209b8e25d993213d68384" + warnOnly: false + 11: + expected: "0000000000000000000000000000000000000000000000000000000000000000" + warnOnly: false + 12: + expected: "da99eb6cf7c7fbb692067c87fd5ca0b7117dc293578e4fea41f95d3d3d6af5e2" + warnOnly: false + 13: + expected: "0000000000000000000000000000000000000000000000000000000000000000" + warnOnly: false + 14: + expected: "d7c4cc7ff7933022f013e03bdee875b91720b5b86cf1753cad830f95e791926f" + warnOnly: true + 15: + expected: "0000000000000000000000000000000000000000000000000000000000000000" + warnOnly: false +# ... +``` + +Each entry specifies the expected value of the Constellation node, and whether the measurement should be enforced (`warnOnly: false`), or only a warning should be logged (`warnOnly: true`). +By default, the subset of the [available measurements](../architecture/attestation.md#runtime-measurements) that can be locally reproduced and verified is enforced. + +During attestation, the validating side (CLI or [join service](../architecture/microservices.md#joinservice)) compares each measurement reported by the issuing side (first node or joining node) individually. +For mismatching measurements that have set `warnOnly` to `true` only a warning is emitted. +For mismatching measurements that have set `warnOnly` to `false` an error is emitted and attestation fails. +If attestation fails for a new node, it isn't permitted to join the cluster. + +## The *verify* command + +:::note +The steps below are purely optional. They're automatically executed by `constellation apply` when you initialize your cluster. The `constellation verify` command mostly has an illustrative purpose. +::: + +The `verify` command obtains and verifies an attestation statement from a running Constellation cluster. + +```bash +constellation verify [--cluster-id ...] +``` + +From the attestation statement, the command verifies the following properties: + +* The cluster is using the correct Confidential VM (CVM) type. +* Inside the CVMs, the correct node images are running. The node images are identified through the measurements obtained in the previous step. +* The unique ID of the cluster matches the one from your `constellation-state.yaml` file or passed in via `--cluster-id`. + +Once the above properties are verified, you know that you are talking to the right Constellation cluster and it's in a good and trustworthy shape. + +### Custom arguments + +The `verify` command also allows you to verify any Constellation deployment that you have network access to. For this you need the following: + +* The IP address of a running Constellation cluster's [VerificationService](../architecture/microservices.md#verificationservice). The `VerificationService` is exposed via a `NodePort` service using the external IP address of your cluster. Run `kubectl get nodes -o wide` and look for `EXTERNAL-IP`. +* The cluster's *clusterID*. See [cluster identity](../architecture/keys.md#cluster-identity) for more details. +* A `constellation-conf.yaml` file with the expected measurements of the cluster in your working directory. + +For example: + +```shell-session +constellation verify -e 192.0.2.1 --cluster-id Q29uc3RlbGxhdGlvbkRvY3VtZW50YXRpb25TZWNyZXQ= +``` diff --git a/docs/versioned_sidebars/version-2.18-sidebars.json b/docs/versioned_sidebars/version-2.18-sidebars.json new file mode 100644 index 000000000..09b5ec04e --- /dev/null +++ b/docs/versioned_sidebars/version-2.18-sidebars.json @@ -0,0 +1,299 @@ +{ + "docs": [ + { + "type": "doc", + "label": "Introduction", + "id": "intro" + }, + { + "type": "category", + "label": "Basics", + "link": { + "type": "generated-index" + }, + "items": [ + { + "type": "doc", + "label": "Confidential Kubernetes", + "id": "overview/confidential-kubernetes" + }, + { + "type": "doc", + "label": "Security benefits", + "id": "overview/security-benefits" + }, + { + "type": "doc", + "label": "Product features", + "id": "overview/product" + }, + { + "type": "doc", + "label": "Feature status of clouds", + "id": "overview/clouds" + }, + { + "type": "category", + "label": "Performance", + "link": { + "type": "doc", + "id": "overview/performance/performance" + }, + "items": [ + { + "type": "doc", + "label": "Compute benchmarks", + "id": "overview/performance/compute" + }, + { + "type": "doc", + "label": "I/O benchmarks", + "id": "overview/performance/io" + }, + { + "type": "doc", + "label": "Application benchmarks", + "id": "overview/performance/application" + } + ] + }, + { + "type": "doc", + "label": "License", + "id": "overview/license" + } + ] + }, + { + "type": "category", + "label": "Getting started", + "link": { + "type": "generated-index" + }, + "items": [ + { + "type": "doc", + "label": "Installation", + "id": "getting-started/install" + }, + { + "type": "doc", + "label": "First steps (cloud)", + "id": "getting-started/first-steps" + }, + { + "type": "doc", + "label": "First steps (local)", + "id": "getting-started/first-steps-local" + }, + { + "type": "doc", + "label": "Cloud Marketplaces", + "id": "getting-started/marketplaces" + }, + { + "type": "category", + "label": "Examples", + "link": { + "type": "doc", + "id": "getting-started/examples" + }, + "items": [ + { + "type": "doc", + "label": "Emojivoto", + "id": "getting-started/examples/emojivoto" + }, + { + "type": "doc", + "label": "Online Boutique", + "id": "getting-started/examples/online-boutique" + }, + { + "type": "doc", + "label": "Horizontal Pod Autoscaling", + "id": "getting-started/examples/horizontal-scaling" + }, + { + "type": "doc", + "label": "Filestash with s3proxy", + "id": "getting-started/examples/filestash-s3proxy" + } + ] + } + ] + }, + { + "type": "category", + "label": "Workflows", + "link": { + "type": "generated-index" + }, + "items": [ + { + "type": "doc", + "label": "Verify the CLI", + "id": "workflows/verify-cli" + }, + { + "type": "doc", + "label": "Configure your cluster", + "id": "workflows/config" + }, + { + "type": "doc", + "label": "Create your cluster", + "id": "workflows/create" + }, + { + "type": "doc", + "label": "Scale your cluster", + "id": "workflows/scale" + }, + { + "type": "doc", + "label": "Upgrade your cluster", + "id": "workflows/upgrade" + }, + { + "type": "doc", + "label": "Expose a service", + "id": "workflows/lb" + }, + { + "type": "doc", + "label": "Install cert-manager", + "id": "workflows/cert-manager" + }, + { + "type": "doc", + "label": "Install s3proxy", + "id": "workflows/s3proxy" + }, + { + "type": "doc", + "label": "Terminate your cluster", + "id": "workflows/terminate" + }, + { + "type": "doc", + "label": "Recover your cluster", + "id": "workflows/recovery" + }, + { + "type": "doc", + "label": "Verify your cluster", + "id": "workflows/verify-cluster" + }, + { + "type": "doc", + "label": "Use persistent storage", + "id": "workflows/storage" + }, + { + "type": "doc", + "label": "Use the Terraform provider", + "id": "workflows/terraform-provider" + }, + { + "type": "doc", + "label": "Consume SBOMs", + "id": "workflows/sbom" + }, + { + "type": "doc", + "label": "Troubleshooting", + "id": "workflows/troubleshooting" + } + ] + }, + { + "type": "category", + "label": "Architecture", + "link": { + "type": "generated-index" + }, + "items": [ + { + "type": "doc", + "label": "Overview", + "id": "architecture/overview" + }, + { + "type": "doc", + "label": "Cluster orchestration", + "id": "architecture/orchestration" + }, + { + "type": "doc", + "label": "Versions and support", + "id": "architecture/versions" + }, + { + "type": "doc", + "label": "Microservices", + "id": "architecture/microservices" + }, + { + "type": "doc", + "label": "Attestation", + "id": "architecture/attestation" + }, + { + "type": "doc", + "label": "Images", + "id": "architecture/images" + }, + { + "type": "doc", + "label": "Keys and cryptographic primitives", + "id": "architecture/keys" + }, + { + "type": "doc", + "label": "Encrypted persistent storage", + "id": "architecture/encrypted-storage" + }, + { + "type": "doc", + "label": "Networking", + "id": "architecture/networking" + }, + { + "type": "doc", + "label": "Observability", + "id": "architecture/observability" + } + ] + }, + { + "type": "category", + "label": "Reference", + "link": { + "type": "generated-index" + }, + "items": [ + { + "type": "doc", + "label": "CLI", + "id": "reference/cli" + }, + { + "type": "doc", + "label": "Configuration migrations", + "id": "reference/migration" + }, + { + "type": "doc", + "label": "Terraform usage", + "id": "reference/terraform" + }, + { + "type": "doc", + "label": "SLSA adoption", + "id": "reference/slsa" + } + ] + } + ] +} diff --git a/docs/versions.json b/docs/versions.json index 368eedb7e..67a77edae 100644 --- a/docs/versions.json +++ b/docs/versions.json @@ -1,4 +1,5 @@ [ + "2.18", "2.17", "2.16", "2.15", From 648e9370b6a91c31fe324f7b3535c4d55a1154c2 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Fri, 27 Sep 2024 09:43:47 +0200 Subject: [PATCH 275/380] treewide: v2.18.0 post-release (#3381) --- .github/workflows/e2e-test-release.yml | 2 +- .github/workflows/e2e-test-weekly.yml | 2 +- version.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/e2e-test-release.yml b/.github/workflows/e2e-test-release.yml index 732ca7ef2..1e8724147 100644 --- a/.github/workflows/e2e-test-release.yml +++ b/.github/workflows/e2e-test-release.yml @@ -404,7 +404,7 @@ jobs: fail-fast: false max-parallel: 1 matrix: - fromVersion: ["v2.17.0"] + fromVersion: ["v2.18.0"] attestationVariant: ["gcp-sev-snp", "azure-sev-snp", "azure-tdx", "aws-sev-snp"] name: Run upgrade tests secrets: inherit diff --git a/.github/workflows/e2e-test-weekly.yml b/.github/workflows/e2e-test-weekly.yml index 2c1242872..a06a8fc41 100644 --- a/.github/workflows/e2e-test-weekly.yml +++ b/.github/workflows/e2e-test-weekly.yml @@ -420,7 +420,7 @@ jobs: fail-fast: false max-parallel: 1 matrix: - fromVersion: ["v2.17.0"] + fromVersion: ["v2.18.0"] attestationVariant: ["gcp-sev-snp", "azure-sev-snp", "azure-tdx", "aws-sev-snp"] name: Run upgrade tests secrets: inherit diff --git a/version.txt b/version.txt index 4844671e4..7969ff212 100644 --- a/version.txt +++ b/version.txt @@ -1 +1 @@ -v2.18.0-pre +v2.19.0-pre From 39e60596078aef3598b030e7e68dfb36bee36a3d Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Fri, 27 Sep 2024 16:07:38 +0200 Subject: [PATCH 276/380] ci: fix matrix runner spec (#3380) --- .github/workflows/e2e-test-release.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/e2e-test-release.yml b/.github/workflows/e2e-test-release.yml index 1e8724147..598c4091a 100644 --- a/.github/workflows/e2e-test-release.yml +++ b/.github/workflows/e2e-test-release.yml @@ -272,26 +272,31 @@ jobs: attestationVariant: "gcp-sev-es" kubernetes-version: "v1.30" clusterCreation: "cli" + runner: "ubuntu-22.04" - test: "malicious join" refStream: "ref/main/stream/debug/?" attestationVariant: "gcp-sev-snp" kubernetes-version: "v1.30" clusterCreation: "cli" + runner: "ubuntu-22.04" - test: "malicious join" refStream: "ref/main/stream/debug/?" attestationVariant: "azure-sev-snp" kubernetes-version: "v1.30" clusterCreation: "cli" + runner: "ubuntu-22.04" - test: "malicious join" refStream: "ref/main/stream/debug/?" attestationVariant: "azure-tdx" kubernetes-version: "v1.30" clusterCreation: "cli" + runner: "ubuntu-22.04" - test: "malicious join" refStream: "ref/main/stream/debug/?" attestationVariant: "aws-sev-snp" kubernetes-version: "v1.30" clusterCreation: "cli" + runner: "ubuntu-22.04" # # Tests on macOS runner From 097879a9cab5d70c57d57a71607cfe17384c6d54 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Wed, 2 Oct 2024 09:32:22 +0200 Subject: [PATCH 277/380] image: update measurements and image version (#3384) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index 6f5eed8e9..3d549dd2e 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x8e, 0x5d, 0xcc, 0x78, 0xdb, 0x94, 0x6a, 0x6d, 0x23, 0x83, 0x8a, 0x97, 0x58, 0xd5, 0xc2, 0x17, 0xe3, 0xcc, 0x4a, 0x63, 0xe3, 0xea, 0xa7, 0xa4, 0x36, 0xea, 0x6d, 0xd0, 0xf4, 0xb4, 0x70, 0x96}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x54, 0x19, 0x3f, 0x42, 0x93, 0xc9, 0xfb, 0x98, 0xa6, 0x5e, 0x0b, 0x53, 0x58, 0xe0, 0xc7, 0x25, 0x8e, 0xe5, 0x33, 0x47, 0x4f, 0x66, 0x75, 0xc7, 0xad, 0x5f, 0xbb, 0x7d, 0xf3, 0x12, 0x3d, 0x30}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xfd, 0x43, 0x03, 0xc1, 0x91, 0xdc, 0xb7, 0xae, 0x2e, 0x57, 0x4a, 0x29, 0x0e, 0x9f, 0x6e, 0x15, 0xda, 0x03, 0xc7, 0xe5, 0xa7, 0x27, 0xa0, 0xf0, 0x53, 0x57, 0xee, 0x2f, 0x2c, 0x30, 0xba, 0x6b}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xb2, 0x95, 0x27, 0x16, 0xd7, 0x82, 0xd6, 0xfa, 0xfb, 0x72, 0x62, 0x8f, 0x10, 0x67, 0x54, 0x58, 0x09, 0x7d, 0x97, 0x83, 0xab, 0x85, 0x0e, 0x8c, 0xec, 0xb0, 0x66, 0x60, 0x3b, 0x86, 0x41, 0xa9}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x69, 0x65, 0x75, 0x77, 0xa7, 0x98, 0xfa, 0xf6, 0x10, 0xc6, 0x3d, 0x4b, 0x14, 0x63, 0x0b, 0x6c, 0x3c, 0x7a, 0xd8, 0x20, 0x6c, 0x1b, 0x9d, 0xa8, 0xba, 0xa7, 0x4a, 0xe4, 0xeb, 0x6f, 0x27, 0x47}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xc6, 0x67, 0x06, 0xe6, 0x5d, 0x52, 0x40, 0x16, 0xb6, 0x21, 0x8e, 0x27, 0x83, 0x05, 0xb8, 0x52, 0x2b, 0xad, 0x21, 0x52, 0xf2, 0x82, 0x3a, 0x1a, 0x58, 0xd9, 0xd7, 0x36, 0x56, 0x01, 0x52, 0x9a}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xb8, 0x09, 0x3d, 0x31, 0xc0, 0x50, 0x5b, 0x79, 0x54, 0x19, 0x0d, 0x2b, 0xfd, 0xa7, 0xa3, 0x7c, 0xc8, 0xf4, 0xea, 0x58, 0x25, 0x54, 0x8b, 0x89, 0x65, 0x01, 0x8f, 0x34, 0x57, 0xa4, 0x1e, 0xae}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x2a, 0x79, 0x61, 0xee, 0x67, 0x66, 0x8b, 0x44, 0xf1, 0x31, 0x3b, 0x93, 0x24, 0xd2, 0x1b, 0x17, 0x9f, 0x7f, 0x4f, 0x8e, 0x06, 0x36, 0x3d, 0xcf, 0xb7, 0xb3, 0xf8, 0xa5, 0x79, 0x8a, 0xef, 0xec}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xeb, 0xf7, 0x64, 0xd0, 0x77, 0xf0, 0xe0, 0xfc, 0x4b, 0x87, 0x78, 0xe9, 0x8a, 0xfb, 0x13, 0xc9, 0x1d, 0x98, 0xd0, 0x43, 0x56, 0x4e, 0x5a, 0x9d, 0x37, 0xde, 0x3c, 0x5f, 0x84, 0xa6, 0x0c, 0x64}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x20, 0x9b, 0x2e, 0x39, 0x6c, 0x37, 0x72, 0x06, 0x83, 0x17, 0xdd, 0x14, 0x2f, 0x63, 0x11, 0x5e, 0x82, 0x07, 0xab, 0xb1, 0xc5, 0x57, 0xb5, 0x93, 0x97, 0x53, 0x6b, 0xd3, 0x4e, 0x66, 0x09, 0xc6}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x57, 0xee, 0x33, 0xf8, 0x48, 0xe4, 0x4d, 0x63, 0x61, 0xac, 0x5b, 0xcb, 0x60, 0x8a, 0xc4, 0x15, 0x57, 0xf2, 0xce, 0xb6, 0x2a, 0x9a, 0xcc, 0xb4, 0x21, 0xb3, 0x41, 0x15, 0x24, 0x76, 0x6b, 0x24}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x6a, 0xa0, 0xe6, 0x4e, 0x86, 0x14, 0x2d, 0xb3, 0x62, 0xe3, 0x49, 0x9b, 0xe3, 0xb5, 0xc2, 0x08, 0x30, 0x4d, 0x3f, 0x0b, 0xc1, 0x15, 0x46, 0xb6, 0x40, 0x5b, 0xa1, 0x8d, 0xc4, 0xb9, 0x5a, 0x80}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x56, 0x40, 0x05, 0xe9, 0xdf, 0xfc, 0xa8, 0x03, 0x0e, 0xd5, 0x11, 0x1f, 0x60, 0xe2, 0x34, 0x04, 0x14, 0xda, 0xdd, 0x14, 0xc2, 0x02, 0xca, 0x53, 0x96, 0x91, 0x7f, 0x3c, 0xe7, 0x4a, 0x27, 0x42}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x66, 0xf8, 0x7b, 0x42, 0x13, 0x21, 0x48, 0x21, 0xe9, 0xac, 0x4b, 0xf9, 0xae, 0x8e, 0xeb, 0x44, 0x53, 0x10, 0xb0, 0x81, 0x56, 0x3e, 0xf6, 0xcd, 0xb4, 0xf6, 0x20, 0xc0, 0x7e, 0x8a, 0xf5, 0x98}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x06, 0xbd, 0x38, 0x92, 0x15, 0x82, 0x23, 0xf7, 0xca, 0xcd, 0xbd, 0x4c, 0x89, 0x1f, 0xeb, 0x51, 0x25, 0xc1, 0xe0, 0x0b, 0x5a, 0x73, 0x63, 0x1e, 0xd2, 0x64, 0xea, 0xc4, 0xc6, 0xc0, 0xe0, 0xe6}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xa3, 0x9c, 0xab, 0xe4, 0xcd, 0xac, 0x2d, 0xa6, 0xda, 0xc6, 0x41, 0x3a, 0x61, 0x1c, 0x66, 0x55, 0x62, 0xf8, 0x48, 0x37, 0x98, 0x51, 0xaa, 0x00, 0x60, 0x40, 0xf9, 0x42, 0x5b, 0x7b, 0xd0, 0x45}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x44, 0x78, 0x29, 0x18, 0x19, 0x5f, 0xd2, 0x3d, 0xb5, 0xd6, 0x62, 0x56, 0x21, 0xfe, 0x5e, 0x5c, 0xaf, 0x94, 0xa8, 0x26, 0x5e, 0x78, 0xa5, 0x65, 0xd7, 0xee, 0x7f, 0xef, 0x33, 0xfe, 0xbe, 0x37}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xc7, 0xfa, 0x35, 0xfe, 0xd7, 0x83, 0x48, 0xe4, 0x02, 0xbc, 0x5e, 0x3c, 0x55, 0xae, 0x4e, 0x4f, 0xdb, 0x77, 0x34, 0x5b, 0xe0, 0x9a, 0x89, 0xd3, 0xc7, 0x6f, 0x85, 0x2a, 0x46, 0xe4, 0xfb, 0x1d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xe8, 0x0e, 0xaf, 0xb3, 0x15, 0x13, 0xa3, 0x70, 0x30, 0x40, 0xfb, 0xc5, 0xe0, 0x2f, 0xde, 0x64, 0x81, 0xe0, 0x98, 0x30, 0x35, 0xe7, 0x53, 0x10, 0x7b, 0xc7, 0x0e, 0x3b, 0xef, 0x26, 0xd7, 0xec}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xe1, 0x6d, 0xaa, 0x9e, 0x00, 0x57, 0x98, 0xf0, 0xc9, 0xec, 0x7b, 0xa0, 0x23, 0x28, 0x52, 0xbe, 0x85, 0xe1, 0xac, 0x86, 0x71, 0x6b, 0x58, 0xbd, 0x75, 0x6e, 0x7e, 0xa3, 0xe0, 0xf1, 0xb3, 0x91}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xaa, 0xfd, 0x73, 0x5e, 0xbd, 0x95, 0x79, 0xca, 0xdf, 0x08, 0xb8, 0x97, 0xb9, 0x7c, 0xf2, 0x2d, 0xa8, 0x62, 0xb4, 0x1b, 0x27, 0x07, 0x7d, 0x56, 0x58, 0x0a, 0x09, 0x1b, 0x5d, 0xf7, 0x01, 0xc9}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xd0, 0xae, 0xa3, 0xc8, 0x13, 0x0e, 0xda, 0x46, 0x12, 0x3f, 0xc6, 0x30, 0xa9, 0x11, 0x05, 0xf6, 0xcc, 0x7b, 0x8c, 0xa2, 0xbd, 0x6b, 0xc8, 0x4b, 0xd6, 0xbc, 0x35, 0x2c, 0xc6, 0x6f, 0x77, 0x56}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x56, 0x0f, 0x5d, 0x11, 0x90, 0x4f, 0xaa, 0x8a, 0xb0, 0x92, 0xb5, 0x04, 0x10, 0xb5, 0x23, 0x18, 0xe5, 0x05, 0xef, 0xc9, 0xc6, 0x90, 0x99, 0x2d, 0x62, 0x59, 0x81, 0x30, 0xb9, 0x91, 0x50, 0x5b}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x28, 0x02, 0x8f, 0x57, 0x77, 0xce, 0xf6, 0x8d, 0x6c, 0x34, 0x50, 0x16, 0x43, 0x7d, 0x10, 0x04, 0xbf, 0xf2, 0x7d, 0x47, 0x0c, 0x85, 0xe9, 0x8d, 0x8f, 0xc7, 0xab, 0xd6, 0xf7, 0x03, 0xd6, 0xfd}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xcb, 0xeb, 0x9e, 0x6c, 0xa1, 0x65, 0xcd, 0xf4, 0x72, 0x56, 0x03, 0xc0, 0x58, 0x1b, 0xf5, 0x40, 0x8b, 0x82, 0x74, 0xdd, 0x2e, 0xba, 0x34, 0x63, 0x88, 0x3f, 0x1a, 0x8b, 0xf1, 0xc3, 0xa9, 0xdb}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xcd, 0x4a, 0x90, 0x46, 0x00, 0x87, 0x59, 0x0c, 0x74, 0x5f, 0x4e, 0x38, 0x3e, 0xa3, 0x38, 0x9f, 0xc7, 0x19, 0x8a, 0x4c, 0x99, 0x32, 0xb5, 0x49, 0xe3, 0xc1, 0xb4, 0xb1, 0x36, 0xb2, 0x3b, 0x43}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x42, 0x0b, 0x0b, 0x47, 0x1c, 0x3d, 0x50, 0x06, 0x4a, 0xbc, 0x88, 0x38, 0x6a, 0x0e, 0xba, 0x9c, 0xfa, 0x4d, 0x65, 0x90, 0xcf, 0xd0, 0xf5, 0xc7, 0x1d, 0x50, 0xe9, 0xab, 0x73, 0x16, 0xa6, 0x03}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xc2, 0xf7, 0xe6, 0xb8, 0xee, 0x45, 0x6d, 0x8c, 0x4d, 0x60, 0xf3, 0x9c, 0x2b, 0x3e, 0xaa, 0x6c, 0x1f, 0x00, 0x77, 0x29, 0xd0, 0x03, 0x99, 0xab, 0x36, 0x47, 0xc9, 0xa0, 0x3a, 0x72, 0xe9, 0x45}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb3, 0x95, 0xea, 0x94, 0x84, 0xe5, 0x85, 0x69, 0x9b, 0xaf, 0x94, 0x91, 0x2c, 0x2b, 0xc9, 0x27, 0x7c, 0x06, 0x18, 0xd5, 0xf1, 0xb1, 0x1d, 0xc4, 0xd5, 0xe0, 0x37, 0xfa, 0x6d, 0x57, 0xc6, 0x90}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x4d, 0xd4, 0x5a, 0xaf, 0x01, 0x38, 0xe8, 0x7f, 0x14, 0xf1, 0x11, 0x65, 0x62, 0x52, 0xd3, 0xaa, 0x1f, 0x63, 0x0f, 0xc8, 0xd1, 0xa7, 0xb7, 0xe4, 0x84, 0x41, 0x7d, 0x8e, 0x8b, 0x91, 0x7a, 0x86}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0x66, 0x6e, 0x10, 0x3d, 0x59, 0xc1, 0xd2, 0xfe, 0xd2, 0x06, 0xa5, 0x59, 0x2f, 0x45, 0x33, 0x0d, 0x20, 0xdb, 0x5a, 0x76, 0x1c, 0x94, 0x28, 0x41, 0x0c, 0x39, 0xef, 0xa1, 0x92, 0x63, 0x93, 0xff}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x25, 0x67, 0x56, 0x0d, 0x02, 0xae, 0xae, 0x4e, 0xc7, 0x1d, 0x0c, 0xe1, 0xb7, 0x86, 0xdf, 0xb2, 0x30, 0xf5, 0x4b, 0x74, 0x25, 0xa6, 0x5d, 0x64, 0xcc, 0xbc, 0x43, 0x51, 0x9d, 0xdd, 0x28, 0xb1}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x46, 0x2a, 0x8b, 0x2e, 0xec, 0x40, 0x26, 0x09, 0x3f, 0xf2, 0x98, 0xf2, 0x99, 0x43, 0x1e, 0x18, 0x5b, 0x76, 0x20, 0xc6, 0xac, 0x2c, 0x8d, 0x9e, 0x2d, 0x9b, 0x0b, 0x14, 0xf4, 0x79, 0x71, 0xb2}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xab, 0x9d, 0x6d, 0x45, 0x36, 0x1a, 0xd0, 0xbd, 0xac, 0x1f, 0xd5, 0xb2, 0x64, 0xdd, 0xf8, 0xaa, 0x8f, 0x0d, 0xc9, 0x4b, 0xb2, 0x53, 0x5d, 0x36, 0x10, 0xf9, 0xfd, 0x3e, 0x43, 0x3a, 0xd8, 0x98}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x6a, 0x97, 0xa7, 0x2f, 0xb5, 0xf9, 0xd9, 0x19, 0xa1, 0xf4, 0xcc, 0xb6, 0xba, 0xd6, 0xf7, 0x10, 0x4c, 0x15, 0x24, 0xfd, 0xab, 0x9b, 0x35, 0x7a, 0x5e, 0xd4, 0xa9, 0x6e, 0xbe, 0xda, 0x69, 0xca}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x56, 0x2e, 0xeb, 0xd4, 0x36, 0x3c, 0xbc, 0x4b, 0xd7, 0x71, 0x22, 0x33, 0x57, 0x99, 0x1a, 0xbf, 0xdf, 0xa8, 0x80, 0x29, 0x61, 0xd4, 0x88, 0x85, 0x67, 0x9d, 0xeb, 0x8b, 0xed, 0xbb, 0x7d, 0x72}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xe5, 0x4d, 0xfa, 0x64, 0x24, 0x9a, 0x6c, 0xba, 0xfc, 0x8c, 0x25, 0x39, 0xdc, 0x8a, 0x7e, 0xee, 0x7c, 0xbe, 0x61, 0xb2, 0xe5, 0x54, 0x50, 0x3c, 0x1f, 0x8f, 0x94, 0xc3, 0x50, 0x61, 0xb2, 0xd4}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x36, 0xd7, 0x09, 0x9d, 0x35, 0x1a, 0xa5, 0xaa, 0xe8, 0xaa, 0xdf, 0x6f, 0x19, 0x59, 0x45, 0xeb, 0xd2, 0xdb, 0x96, 0xd4, 0xf5, 0xd2, 0xfd, 0x9f, 0x4a, 0xac, 0xbf, 0xf1, 0x79, 0x63, 0xff, 0xe0}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x4f, 0xf4, 0x42, 0x64, 0x50, 0x73, 0x5e, 0x49, 0x66, 0xcd, 0xf5, 0x72, 0xf9, 0x07, 0xe7, 0x5c, 0x8a, 0x66, 0x6c, 0xfb, 0x6b, 0xaf, 0x07, 0xf1, 0x68, 0xcb, 0xfc, 0x91, 0xc5, 0x07, 0x0d, 0xb2}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0xc5, 0xbc, 0x35, 0x74, 0x8b, 0x3f, 0xe8, 0xdb, 0x25, 0x06, 0x90, 0x60, 0xa3, 0x39, 0xae, 0x5f, 0xb4, 0xf4, 0x49, 0x38, 0x9c, 0xf7, 0x56, 0xb2, 0x1d, 0x4a, 0x03, 0x76, 0xbe, 0x46, 0xcd, 0x0f}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xee, 0x00, 0x5a, 0x78, 0x39, 0xc9, 0x46, 0x07, 0xfd, 0x16, 0x65, 0x0d, 0x52, 0x17, 0x4c, 0x10, 0x24, 0x1b, 0x5a, 0x84, 0xb2, 0x02, 0x42, 0x80, 0x20, 0xaa, 0x82, 0x7a, 0x97, 0xd0, 0xf3, 0xe8}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x2c, 0x80, 0x65, 0xf5, 0x43, 0xb0, 0xf8, 0xc2, 0x42, 0xff, 0x6f, 0xbd, 0xc1, 0x71, 0x82, 0x85, 0xcd, 0x82, 0xe6, 0x23, 0x5d, 0x1c, 0x26, 0xf6, 0x07, 0xb1, 0x3d, 0x16, 0x51, 0x5c, 0xc9, 0x3f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0x5c, 0x71, 0x5b, 0xac, 0x0f, 0xec, 0x53, 0x0a, 0x9b, 0xfb, 0x70, 0x09, 0xdc, 0x2a, 0x28, 0x6f, 0x5e, 0xa6, 0xdf, 0xcd, 0x41, 0x33, 0x2b, 0x32, 0x40, 0x73, 0x5d, 0x7f, 0xdf, 0xb8, 0x8b, 0x97}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xcf, 0x4d, 0xb0, 0x6b, 0x38, 0x67, 0x86, 0x47, 0x0b, 0x36, 0xd2, 0xfd, 0x79, 0x46, 0x73, 0x35, 0xb5, 0xfb, 0xda, 0xd8, 0xe7, 0x11, 0x5d, 0x58, 0x7b, 0x5b, 0x54, 0x1f, 0xcc, 0x6b, 0xfb, 0x5a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xb4, 0xef, 0x47, 0x83, 0x36, 0x41, 0x1c, 0x99, 0x79, 0xb4, 0xdd, 0xe6, 0x6f, 0x13, 0xa6, 0x76, 0xd2, 0x95, 0x12, 0xbd, 0x08, 0x0f, 0xee, 0x55, 0xa0, 0x64, 0x2b, 0x27, 0x1e, 0xcc, 0xf2, 0x19}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0x31, 0xc7, 0xd5, 0x73, 0x70, 0x28, 0x77, 0xa9, 0x4d, 0x5f, 0x40, 0x31, 0xd4, 0x08, 0x27, 0x37, 0xd4, 0xd2, 0x8b, 0x9c, 0xee, 0x1c, 0x1e, 0xb7, 0x1e, 0x94, 0x94, 0x6b, 0x62, 0xbc, 0x93, 0xfd}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xc0, 0x6b, 0xd8, 0x57, 0xdb, 0x9e, 0x5a, 0x2c, 0xe9, 0x3a, 0xb9, 0x43, 0x85, 0xdc, 0xc7, 0x85, 0x78, 0x55, 0xbc, 0xb3, 0x73, 0x40, 0x11, 0x0e, 0x3e, 0x03, 0xd1, 0x04, 0x1b, 0x84, 0x15, 0x34}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa6, 0xc5, 0xbb, 0xd9, 0x3a, 0x78, 0x9d, 0x2b, 0xad, 0xe0, 0x06, 0xf5, 0xb1, 0x86, 0xf3, 0x3e, 0x6a, 0xc6, 0x65, 0x0d, 0x83, 0xf3, 0x29, 0xde, 0x64, 0x61, 0x40, 0x12, 0xf9, 0x73, 0x3f, 0x77}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index cfc43630b..c67d4fe69 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.18.0-pre.0.20240926110806-882d602524e5" + defaultImage = "ref/main/stream/nightly/v2.19.0-pre.0.20240927160738-39e60596078a" ) From 622406de2c05247e16bd129c748b37dc00254b69 Mon Sep 17 00:00:00 2001 From: Felix Schuster <1911679+flxflx@users.noreply.github.com> Date: Wed, 2 Oct 2024 10:22:27 +0200 Subject: [PATCH 278/380] Add overview of security protocols (#3376) --- dev-docs/chain-of-trust.jpg | Bin 0 -> 48810 bytes dev-docs/security-overview.md | 236 +++++++++++++++++++++++++++++++++ docs/docs/workflows/upgrade.md | 2 +- 3 files changed, 237 insertions(+), 1 deletion(-) create mode 100644 dev-docs/chain-of-trust.jpg create mode 100644 dev-docs/security-overview.md diff --git a/dev-docs/chain-of-trust.jpg b/dev-docs/chain-of-trust.jpg new file mode 100644 index 0000000000000000000000000000000000000000..713e4715eb20fc669f9baf9abc1641c5ea0a0f87 GIT binary patch literal 48810 zcmeFY2UJtv+a?+dB27d=1cWFZ5wK8HN>qMG6ObYuqS6Em5tSw(QBZnO5D*Ze6pt~DpwYn^p+&dGjvdH3@^@3YyX z>?z1mqnm~|A^Z02g9L&f2zwl&3)#PK-{0?lISz0f_GkBPpMOAL(6g|YufiiDqoNa&-X^D{ zzDrBb&dJUDl>fP)u&lfSUs?67x~8eQrM0d7M@MJ>z~IpE$mkexnmjW*H^1;_af!OI zxwTE(0e1KP+O-dI;NQ&pua^CbT>_w8`@udq$obch&8}*IzasT< z0z=9gy16Vor~mIKHlK5{oSKQo)%q-fBL3a&n2nr&KPehC?^T{&mHA!dl5IccE&A}y z^;3_Pn3X4w+;qPVhud`cVtyE#u^~7*oGFpKorjKVX zdO|y#OZW5yZ}0ox<$tXW;99I-&<#5k*a{TEn8ST6TEG$yu#9CEm|?4g_xO$9_t+50 z9hNi-8cEua!;lk}P&sS}hb}NqP8b`ZNm4yx7-9u%hzk&NtF}M8vX-uDBVpfLXn$RP z>};8MpV4yXd!HYTkoYRvIFL|+I>U@@PzWqkq04Bl!W4LKvu&pK*+axP`rHXS3&W2O{skQmXdFZpfM z<b(lPGGsr#lyW1zo;t0JUKhxuZCnN6?A<{@i&1*X)`CSX5GR%9t<}3 z6{wG>CHd^t8WMHZN-7d7a@V$_N9nawDywM}67Ag(PL&Pe1j3EGO`9fEWWF>EC~ws^ z`z-K0dOgu9n0U=>zm@e3gWYODQYgGKwHZ#-Y}xRX;G*&pw`Z*roee090dK}zzW(@n zRdxMXOS$4z_hV$I;*u&)KDZ3y2(_LKS=FEiqLfCI&}u*cxj9gD#5#RrrjZTd%N=<5 z5V5B8Qpp>Gkrg7+G&F$romtYj zf|BuQ3ckep*U`xXu_xo3v2#$32yGDxYrY$%bt3vmv2T zDEq&^O@9p7U26~lALjo1uy_zX2(V;b!&a>j!%4Nw0t&6Ke0y>eV-K5t&4x_nPeR#{ z1Q@Yv3ap3vmS}$HYDqu{D&yFL16!QaRqdq1495|MTV5c>#-Uq(npXT2cGRK1Vt75@ zX;;AUprn;k=lygIyW@|~`<$Gb>0#)B4nYx+nKpaQ5(AP$W+G=Osj+L$z0LifQiGM& zBW3lUDtNfQ&Ztei^-w?gxX-myZU!#Ye1_m5vnY6(N9%In7HTq(Kx?2_V=4V?$nAa? zWSL!H=b`w6gUSA(kq?z|v%jrSHLllYUg)n5P{Qn)kr;2>*i5U02sJf=b(|p!U??-U zDKe>1+oVG#WCXNX!`=8sDEYEaNka!MCXkz_3UlscnpoO(k%6SQE^^t(L;bqA(K z*PzY~biV%If7&3teU4-A8ioXa9F~=fG}y<9l>BCPk~JxD0BCfXj;iCKdTllhe*x$Q zzt&VT8Us>O8Wc46WV_Xgo>R6&#Sbremi+@~#$Gc}x&O83kRNxf7(GNpQn7>Q>Z-@J}tQ zl)HKG`qNS{Cm3P}1#Z?_OIs`za^8g;5F)4$OxX~xr#383bGZz;VSJFqNVHZi(e=6L+GfU3#_kLny;a!64<+0}sh5v!y3BUq%++`+i?>1|Egk_y;ppNZ9^6_dZ)^ zI3~1C7`MU8HC9We5~6JgLRwN3WTUejpztv;*pM0!&ESVcsRld51WBhaHGYcU8#*Wb z+7K!4X7x z3!LSZY)CVd*lRwt#fBUJqRE@Kzbq8+d~%lkDiux^{R#nx=Yuu>-1{bQ#hOR9JJxFI zz0Cr=nGJyeE^UM|Si6}7>KfIfg$)r5)NCUNK211gAK3eya0J`Tlf9%K<1NgPw)ZPe zO)cwoJN4zp#&1aaHkgkU=6de8&GmdSCs-;8uaZ2!vLWsrpBwV#lX=c3c%+tV zU+)QECC5t%n7-1mF0Zg&r(E%UN4#vLA`qE+PO5g>e{sI2KblGcymn!KY`?J~-)Gqn z@&h&`9GAp;6_da?V#boK!)_-ju_4%^HOy=vbh*-y4Y|&0$8FAW_u@; zVU#N{AbpSmTLsqxu87zzri956Z`nanJv)>BAA-3^xoes)+h^=8$h-}?Lzk^gs@!rW z7;%pnPH(M?L{*FA6jT!{@JPL1TTAlU^jE0T$yU~QR zvcErE?tI;De3MCNI0}T(9#Z96yI>*?-BT)u+8^z0uaEkqEZjT~agU$>*`l1Cw(npI zl?!rub@n#Cz6Lp0$*h7uJ5s3aJQ=)7^4PgF`Wg2Q-b^0!W)oNc z&6~acH*Yqc$r$NwI0-tFgk@+2a#f6e8;@(}KZ%kDCvCm*8lS{IN?~vekHP)^d+8zf zX%4keb>m27AD(vivKF^^j(exRHf)|^Lxgv%u$>oTGgb@V2b9B)8=Xk{+@5ZvSQPE# z_cl+k7*AKp%PhtzwlL3U*TKjht0YQ0%^7$y<(&WxTwk@1h*^;gk$G5QT-$Bal5tNz zk<6#wqu^sS9rnc_y6w~<$r>dw+AqKc$LdL9IN+(np`;@Smmp=e_KdF3(cCP{R>?0% zlFngkFIhtwmzQ7bu zstwu6OqT+WQugs%m6%ZRsmQdvN$67(s&tpH;z5M)Uee-tVSZNO#v_f#XW`=kv_#~X zCGGJr>W+u!kvuZjCww1DGrx1r(tHT#5kK5{==3q6{1ojL-j}?=R-KEoNr;u2%85j$ z@n5*O1+cSg15`<4pH&aH7YDi*!Q%#ieHDZsS~3<7}az&ceob`GhL`KhfA_r zFccfiJ~RkvzLKJJR012;U=iuCmw2Ze1J$=Dv2lFUE174g-oIG1g=a&QLO4CVcRuH)G{Gsjyo?}H)tpPq_Ex-59P^L7sh=Y)z6cug{SD9u6eib zR$Sv_1?DS_@+y{zkaYdS5pvCWUoTVfJ0M`Tac3%5jTfxGwMqE{t!!_?9!K|#z)w76 z_lt3<>}#{i6D`~eEMZKefet^){VP=$2xv*q z>)r{gs2s*?%Pu$DmxO<*G_GYzD)Pj*)_jXhK3l?TD)OZ$@!HwP<^+u~8??~~;kW#< zx1Yar6~5kQB{*4VLw^Na+c+LkGZxA*Z&YW2vfP3Lu|+cagP>zc(|7NXOmLE(gfjQ(dWm1#4Fvp zG{yM+Z+*7_q)|Is!Z|AIdQy{;y$-m)aL%Y&AjIlSG7`~{pr{X}ItQr{6{rwpi z#^S{^-cem2SD`_Z$Q*=NJb&obR|yHLsyrEsbwZfWO??`X=yrsAjGs@8qH|N!!NhiK zS;wQ+y2{wkJL@2k!EH>jp~0!YvrbY|<2Z1UN(k${y>`=nBtEJl!@Xxbrq6?y;PUdh zLE=o;jeS>IO}m`bs#r#OyV_OD-l}7D>G75It8;SDZe*45hi}7Ag zI64Y&wjP6fO`d!}9;#UGR$ez8Qtef}5N)WWaxdCVpS$%``&Zig<6$OkHolcbenZb_ zyD@2Yntx~^YtLGRromY&*WT?y4$qiLI0V!zY4$=Kw0)nJJita{n0zzSLOP0M{*4FH%*W@-<99aixo`Ea>lcj9eWNzbAx}!4E##e zfK~a)lT`P-y!H8i9&r<*6KlFiQ0bGO0y@{E6hM}s>RhY9X-QhhAbFAxZh`<3b;=mTMA^Q?` zCBT^Y|8VDDdPPs2tiCqTIwdQ8uJ>{a;=9ASy%!Qqzg;G;6L67{SW3k zJLp0G-8|_3g>g>ECRi+tQn98cAD_PWWHDP(*Hnf?z$&?|#ZoQXj-TkDgnjhZMeObr5)T%NjIPW(tT0Wcb56qQY zKKuFqr)776_M8n#>;OCXE*-g`6vFo}RAkBw|E@5BDmBHp33fc#CxRHuH`&pO8)3T) z`Rr)O-}0~Y%dWD@E|(`8vJLVYY)DRjLj|r6fC6eEHnZryX(Szwp{jJe5;TWDMt>GG z*Mt0zip@}7U3e?8jVCzf(4|U} zhff5%WCP^!hp|@=MUzj;T=|2-`-@+Dc$cZ62SFnM9@dfjfWtKAxb8F|feksLa}M33 zBb#WZkVDmZrL`C2gO#R!c#{fixp$}Si0{A}>^Te{(X2wuZ*H~%kTdICfsHDhB@9l$A{KtLmKa+#nGb}$}KkJ`7@iBC~dk);P{MiI9k%n+|JWlL-cr6^j3kA zgl2M<(v4%AK8DAj*q@e(=j%;^M;ONVp{Ni1|R8uaxe+E$F=3p-tQ^a(Y%&RGRAaBl$|JoOFLM2NHD}9MJ>Q zn7vhBHYB&)CX=B6G*9=&O^VkH)v0_2X%0`?)y(+>ErLgic&c?$eSJ&d8>`I3w&ibp zC9wskLqTF;+7~dJ;*3(o2?x%!*lWCGsN~f31{W?>d3t+4l;Dyw>AwOw@upAE&)v;D z@meY4lk(*~1vW$#qZ+IQe=Zu083iuPPfPpt76d1|v@(+UHwupu-z%6uIW+PnjV zQOjH6l4DFMHsKzbnT_qFZyUPG2D>?vS7x*o!EiOAg!LO<0q>w-XySu)D&BH?^_FDQ zO4V)RGfn#rnoWC|!7L3op0IRaYcHD72rUEIz;RmYLL0WiqX`pw)r54>7LWsJ1ftEO z1LLT^qEOgq&6Vu}PKFrLmkOT;`sfaAWeGn)?CRo`SCNnoaK8!zA~D3}mS>UY8Sm}Y0b zZ|VBlU&`Ml=l})BSv*5CDk8YFDcooRtzvl9l?}1f$)CQL*9r~>%te)16Lf^#9;*=WY)^GA(vs)W^x8*>+7C~jFqLl`TfI}D*qAX9Vh8Fa;M z8t)Sxgzv~i=Q&^B^T-E$=(nkyQ7~`*gNtkkkB{G| z($9M+r-v?;F*b>6KN8T`Cn1+kP4Qh->)lVd{kb6da;I^olb@5!iS$HtL9I?=Me(YO zfz{jNbEKS=0aKOP{+gxIN{@L?kaflUXVw)nM*6R;s~pI>F8>?r+WX&FSL}m$u_9zy zNcQBh>{U|NA=#Vr*YuMZy5XB-%!&g&gkcVk>_eIMqu^6KP8UsrZvr85uTW~mzlrw0 z-N~)9gFac?EtdL%kf|o{J)xTV5)k@XBbD=1)gBNbrT1Z%t-49>!ZCNI@8>4_|wwOItP|w#@2#WYR_a>Cu2gXu#rVB5zV0Mn5Yw^KC^6S zS^iZHi@QqHCl=Jym2SFcAe5ZE&}zno5~J8eHE{oNmgq-0kqHNS$tDv0nlGL? z^>|}0>0{UbGLm%lf(Z$}-d9+DEe$FsO_7X<80|s?GlnpbU z`jUwcWj9AEGVD}*=CdXhN~SUwF2uD>dIt?1-p4SN?rsC`4y8`<1>hw`mwNBsPNF~~s|1g7lqwzL`UHpN-LCJ#$o)NTI(PK9&K`B5vdOcnMv2Y^id6{z zvfrIn>pv$qj97&^pGn=dG6NLY8J4hTs>BIqLIVe|x2Zp*)*FH40{MMmZyouHft9&> zg!+%A^wkPsl1G$XmZC!%Ik~bxe%~V<3-3P(Jg7&M{8bV-9&7=_nS?NnW%4=~N{tc` ziO_N&uc~t$Nzxck|7o`v^VCXTt4sRgt-g;)6_4(UO8!Yfi+tsqSa1B&VxbRn%Vs@9 z%v;x}fsv`a>YFC{+1My(=?fP5BL$CQ(B^VOmH{78%kCLujFvO#hYIX%YE z^_|YpAI7ICA(bmW=Y@Mm=6IH@-N*?wM>T#sBeYH`vx(j2C)TpKeJS*|6oLde$G)Nt zOvkwo+#amsqg0xR{e!QnrC&Z_LwuiJG1Ie|Z75Y0uW<5Yp0dozy*G zHNIhOLu8&x$H(fgJEV*->T?TaCU=q?#ywouF=?==VvM*lxTs>s!px`~xR)pmvL0M; z@wVA#AVM$6wqHv`BToY2X|Z1~e^9I0~zpWJU!$%a51q=4)uI*Tir4rg4Ao(YJr z6QKs&rrs?7u#2S8l@u6vIF_8>ef{>G)>l^~8Cv|g<#?DAcGZ^(Vp0%PP|VE^vwmfX z0^L*aeGDlot_j$J@}sT|*NJIFGhn=n7`4{!>MXHwtFNBFzAv9Esf3^Ya3+a!`)YK$ zuWy`c))zw+*aTf}r1;@*jppRyn5Tu&tm9;>!$r{YylfqHBk(NAbeO?w?SPRo#aiHb5E?|= z>hp(l-in2+=s05g_Rgl8nZB!N{bm{1t%Oy9$&>j#%4WPyMgR|+ZC4=VT|$@>KCu+OWBl^jb#c~nlCsP^a2 zWP{L*moAc}PlnK)uv2Rd7ch+v&|+RA*b^l>7wsldDpaAogvh5z4vmPq%l$kP7i~h@ z+!K-bFLy|19HK&f%#&qap+A}1TNcO<(>8`C&AKM@f6&MMN1Wp-A}sn7&JMWkm}R1) zw)z)kd)u{z+n;G-8c*i|80JSGEpG}NGQ-N?kKD4BL8|&!15pd(yM6D4jO!bh$ zY4xuuZ;V2ZMs%aY%xwo^Lj9N0(Qy{_wcdtm!GDM&zJnF>^Yn>llQ|v?3+YV{@4NAI0C%uRONswxr6y|%<~(UrUsnwEGOP998gnK( zcffo0>U)2ZfTs(qjUO>TG+5jMrA~-N8VTa?o*Ce1sLwdh&kzg)YxEkq+B$9gy`E#e zxmy!kpuQo>yqNt0n?|5?VJKE{P!t=@uV$E@Y9 zj3=aubck#d!2I(a1}MLPcd;Sa_x}#Tsjum!_>X|Yl=wo#(-;KCu@Y#_?r{0^8y*s_ zIQFWZHcAXhmg$iXNN+hYw&r`p=ye^RG+Hsi^iXKK(_M#k3Z z_9YHu5}B0LzqDz>Ohk*4M$_b}p*lO?60e_&2ys%VTDQ)Lv#|?LcTV`WV9#P3X5=8Q zulYZt6oA&hVJ@_8Nb5g`xwf`THtAX$%q&}fCwo)cjsRKD!rxe|bc(z3BG*CDsfPUw z8(?S#F52NibCHH;c# z3vf=wlyJ75I1gZ3p%U9LNd4SoDnk0gqG3>Bqv**Y!Q;IClrN`?s$U+$q(${Eoz2rT zO)MV>YBO51o;*uZ+S@&a8S^ciTR{kkIaL>^gyv3uiK~q0__K})*xFyT^sK%#%6nnb z$ziOq-eptv_08I}(85`2Vhcnwkpp#)Zili5(&#EnXx?91hE)CbbhGF41MA9oTvWQp z^HsH&x%%U{u~p?Wp~J?(w*Q=K@1`qE+N{eSLD6YNRF5cvCv;S7dh#oOn;9Pvl>_8| z9BU@SIL7U}kcBP8p8~{gEz6c=j^Aez^1pR7tw*$`jOZtZb9MysH@h)LJT>qRElukC>GS(PrVeJ9$2j&7{VH;^ zv4}Z|s`C1h;5%BMa{GPX`o}yY_!&Nt-NIM<`6Eiw8zP3$GC;>PfsWgvDnyNDZTpGYkMf5PQlnvu3FYEwVsd zZk$TXGBP9}hqzcZoT`HGa*d6-V~}<1a~>?9-v65isz5@+1AO9s1{wYWWkOXZ(NX}9 zDJOli+J>ZN0xz;;MM81e*wfX(g^;=FudJMM{(BQOk}Pm zRIt;}ctG-5_ZF}ChW;dZAw^{KLFu-4x<$I7y@pZWP=|DSfY%@9HQX)cTiEOsGHwR} zdyAhUKpK?CP#8cQoO`Dh`zq9R&i9q5MM}E=?vthze>B_{`x4UX&d~pxEnmcZfkqOw zji+tedZRFuw{0aN0A~8_@J;NjAKi2@dt+xe$Nf^R%T~KiDxXE>Iil*4;^j@*y8Zxd ziG3y>Zkzy1~^Mf(Bh+OGUSKq^r%uzBwlysr#hEnFHzxWl!=R1C3+tvt|ko;{ZErx z){-r{tGw5PIX82>`nLQU!KD{asBl&Rc4lxdpTXO~fcDofB5-WE?HQ;K{qgY3;5q3k zUtXHcSG#Ott)k(e_2S}@HNa2R&33kO!dlmY>1Fe z3^}*(1DlTYcFJAr*Z)ltL#qe6(4GSDqQHSRdn^qWUZJXAUq@H1k}wE5p{6Nm(zGd~QF{)h@9ELXb?3qu`=bM{myw|)riRzCg zj+b2zSIuj(A`P|qNMcmNyoxO72RfeouMI{ zIT?@~8*lZ;lr5|jWdlVs!Y^5ZK+=rqix3=;Pc|joa}_qNtdMVT%By`@L3iA^6SKtzp3|1| z=ZaL`-??`0(%rCiEX5ign_l%D1IPumsvLbFY?i-V<{6diIr8A*aDebYtIMh83DK$Z zJNAkvdihOHMP8`-lU%+K1W>V9s?ee>fH__%fxipfkTq z7!%a`v_9wOWW7=;onE+l;pUoF|G2ou=dU^1lMV0ZR@^!+8 zv||mEK021*eQJZ~(fLj`HGAU@B^`c}ICKW++I%DuCY@A1<&y+$7DBKLK`=u6jvEV` zaZf1rO4n~Oi-z*CFr+KKAf@+6 z7Sx!hKf3N4ld2fsKUcoCaI*8lx_>@jzhQ^dx_4?#UUywkhSOUyi&SrAJMDGXEg~qb zTdbK&DOVcw4@jvpbGcAiZR=*oSNGx2g>Rg5cZ>5q8=DVIme|Y&tZY)*kX9_k1U`zT zH2@_cGhMx>COl!n`1<3wzEb(Jur8n43rz}Iz0|~_l*#z~?JCW6FG5%j?lSUY# ze<{#$#${%Xj=&!nWtemXALl$mNGF&`9X2EWyW%Po1eQc96#I1 zhSc9Y7RsF%8zX9e(zvm0dNHFhYmbl{(53QL4McoxL=BR>>e3iz<`T?UojlEZT zk1-Nz6T!_;jylWFfb()w4JNYqX~)9ATAj%w+MafC=gZ=%$2WP-aqYarUFLi#X~!G!T5VeFYHT{G%cYcdOaY}d{0)wO7{ z=h#pO^l5rJnyF{#vyxhznL=D29=0I`AK&q;!MSGa>N)Kq$|lDDLBDGyn_Tro<`~mu zlZ;P07xv^5k9}-^cWDEatI-{QSovBON}^*d6&$dxm6KOlmPT@{#y@hw3sP*+Ey)MD%+qFG`nUCLQN1>P^W zp;6E`LqBKcJNF~^s?pBr_Uf0_&R!RM9E57tb{TXz zrx(bktl#nel+dTG;aE28RukW|F}%3qu0Ep3TXd%CEu>8Y!YCGcyL$QZ-Qb}@1{jEi zJ_drx`i;ov7<_5{C&scG+G*8Sx?=@$A!Ph{jC?s(N^+ACRf0)x-UjmZ&1xbca>L@XQ}zoc)Am;8GSgiyL958L}&H%Z#SD;x$9~xf5cTNJUoB7v9xn| zNpswGKB`LpVuWt2tH2xho5|x;Ik20?_-P@ay-_HGUph*Gp>#(IE?$j)Wvj05X-c@} zv`gM)!WqQPMXjo%yB-%1dYT$3F53w)I&vr{W)bG0%5jDg1==D-Not1iGBk6&>?iA8 zK8|^%x8Xl~@u#vo${A*KEEjoV2l{@w12I$ zP=?D$S?CsR~Eu-}nBgIYqnE-~M)J#M(Va$?zA_5wzb(L^Z=QzWOvi@9- zDtPs(awb{Kn4YO)ke|{Q6M3t0q%g7gA@`RjVrLYq#RP9i~ zRC4|+^u-4?-A#GD;l&kcpbPcvKxph;BEC{WNI$te2Fs94ww%w>bJDb`QtVrygHFD% z&b7+eNj!FT7p^$rQ)_R^-=!~%-x`A6L1_Sa9~h3m+y}w;D1Y?!4))DAMdgPZ2WJG? zD`Y2L5poh2KY8@~)7~3ge-vleLy2_Md9bx>822gSMM2MC@pWQ3sOt`oj*PAk+ii^( zaNe8OM|fnVxymIP;)*@>?R~L+z^56N)Qg@0_Q^_TjWQjBXSMq3R||)psRoWPE{2RS`IJDL=0Jt@AFw~oYS@sEc?60hf#DRaBs7mH zy5hmugM(z|C6MT~xM;RZY1qZ2&A=%gJMb;lDi%*FxUA){M0A!};b3~F@iC|k@>>DL zJH>O@&Bc&)Ml;i(1GdmapJRE%VVdP8Fu(dqfHIt=oB+7eaeJZ;U(4V^- zD>?#~r)N5|=&XEP$}FJOa54VKsX~V(()=j68KrIt+(_JS)g{c6QYlm(~;TECHvvNIHyje6JyPx$FCV(d#DKaGUL7PRB*WMM@ zrj_R4lgW?(&7r{3ODrzjR2=_z>=$@bFoNS=u;x1N=+cwl3cMpb8t02Qe;YKfcSx76 z{S1Rbvu9Y3{a^E2xt^A+n1>PUY+rMC$amjuA3R}zhA z_Ob=j57cV0{L--uAj~^t zCLu0M7~HLM-|*nxorLDOzWL1P*DoDIY7if7!=>)^TzK<-xc_PX^=6`1zFc8|XH&X$ zS@5@tBrl@lpLVN{_OWiFRlZO9jU4;yGEBxUPn0;#5iFCzL2ilZs0}P)b=t&YwwS?i z16*S-H!6f`9W!kv1_a!sdW8Eah6mRxT2~ksY32x;siIv?xxd*--Q4#=#N64Bu7K_# zP<~>L;GGW8UFc8fW-T@Ck#%fHSx80~>lYz?vtzt|b8dHB!_{Xzv*nS3z3 z-X_klA%^ZH6g4TW&e)tPRhVv(Qi*7tE_cPm%-Ip=_yG8eH3DD5F;KnV8s`E?{r~=M_XG2=e<3#om<0rP7~mPyAV#1q z&{PyszG|5rz zH^~7R%%lW-NH%#7`DLbOSDjgf%uK?n=-5uY+VhH@$%!m5+_dx`rv$*GwQ4TcRD6`T z^tT}Se0_`AN;5>Q*H~}Bs{hA44B}4!wLIdO zc7EmorKZ={l4UF_R?mcU1eGi>j^9uKlXtLVf%dRd&itZ*Ic@6T?mrbRbJ--W$mQFP z4&7ogg09znIEoGDI1hf7{$ZPfE08Zya5+0*Xz7nHUcu$QO{uJ}PV}!YO?7z|lp^`w z>TbVbeuW=?HNd+=ab+!*ba>P&9rIFk-08_}{1E;f!XM*KO}9B}!z#6K_V!qwb6 z4m;7p;@U-UStu1SG6h}#OC*acBZPhxY^Hk)A?14YU^F~^n$DhFm6cfqxyf$vHxSgFs>>+{Ive@Bj@b zVKk>b6p94h)Zht8sKxkb!k#x7uspWG&!fqC$_12=tE;;o1*VZ1- zgi+0Q^x*+D95+J?7%L2fPPbJDJn>_`&4Na6-uczqRgu)5@5Og^_psBf>*krX9F>hP z+#f=;^FwY@u^Iw@oZ=a2y5poe7nh9lRckq10(nDGQY zZZ?T0@2zR;OlrDi(WcjY+z)@$HB?OOSr9qbl4vMf@BJU-p=l$Z(4EkYQ&byzCAQO^ z7U*nhmn+8FneEM54H-2+fwx!t@cueg8#6!aO#_Xb$pQWSkN3XUOT!{QjK z$TUY5V z83Z+8G%VxTh(0qN+#|aII@mgmPe3s17;NSJF2Uu2Ll0dgvke44YrFYA>vg`ph-nZC zAE)!s+Nt@iIKTi!0*vc~@&FiJaYYQ>K~q@&MAy%p7pJqv;xdGhshQoi2gd#s;pFUd z3kQcfSJ{y9j#lO(e)CuQqubFh{jC|I-c;i?9c@Yi<5>E_H1<1xXbtQoOV&9snC$Vr zUT5Z3AL`zTs8ho`v=L48fOkNChr%(3t}@xP<%&f&V#^eIg3UP5Ei5ep1=%742Hx$x z(7>?PES)b2W)YSYGL~-?Fp)Z#o9>p_b+P$^|GAAWX`HN(?TVQ9pCtujXZJl4b#ekX zhamaG)eC4<(|9^#eV|Ooh5}#Vm>~(G0s+hnG8TKX1TBMUD)?4iPpMByoBD%-#T2X( z2Y)+vD$9BP)|GyK?#AIRb#jE)i$zjZz{;H5DuND0-2eg*zTzo4WQ2sR>T=p4i{b4H zO2xU)q!-1|Ld#ZGL#B^r>#N3VmzU@1%27u$Zl`DBype@vi;E3e$m)%Smv#GLNWu|x z4@U6QkTj*IfP%C8Hnbgg%t1i4-CQ(eGA$tg$K?H8m4h1{Db2I3&(AkT=+br3t*p~j zTzjxtG>L~LiD~)@MAn?AtmSD>zD!?B!g($#cJl^U$DLDY5Rp#KNmR(WH~$UMc@28q z+}tHZ}>^uMvrDivNkd_l|0+i}poP5mcH;2O&}|G(|d?*bo5`DbgV-(hU)m z9ufrwrA0tMK|!TSjnqg>=tvXk5`+{4r34bd5J>s%{>~Zio%g*#Lz5(&cGlNyOSFVpf+3SK6;yf}9r4W-n573=@Fv%MT+j^!~ z*lzaItt62{?PQiW?sSVl48qPoWun7O<#AY~C|^j2#yrU0)>5-Ki|B2pt>sW4wVdv{ z{vo`{%xbQ6caDqrN{upUuB;E3ytf0M;U0v;Q3dS#wAA`}i%^kxi1eSnmYaMTup$9# zXs2t}nA!d9`^$TMj_~G5FQmx+xaYm_CfF@s2;#M#Y>TjScDx8Fr**#~7Quh_R~c-QfIP0)3E=&SnZ89v){CGWX}mbEyrbmSzfi)rf|j z7t~a!Cda{BZs(ehuj{&qun&E8&IRubiEjH8W33_T-LodJhg@zGFNbLyGF__uGP4ka zE9dU{)j*`#2z&vbU?b969@ZiZIPWS-xCGjmUmSH(_6Y$Yi^x6=eO|pFtq3Gmv@>(l zM|kw#sB1IT@JT=r*fC=P*5+hW^4o(|OP-qg7c*T=BJj0&(xhm)S+Lb}yG0|V#50O6 zN_Xf5@1G?*Nzv802SjO`U1NR0WJofoZmQF*U=a3>Z9T4f`CN?_AxwED0{mwY$j{o3 zLGIZ+UYi0P{EG(;JsMyoGw7%Q8F6xRkJ9Vfu;~p_l%`&EbT6-S>X%wzW%#2)H`vC) zc8lRLKLJXB`hysT^-kgT_--$GYSn+fcg!^M0Ub1tO=-DFu{r9mY?k<|GYuQBOBB5P zp05AaC*!(O(+^fkSGwh|J6acoN?y{o*(hn_tn>%st+2ZsS|Hv+a5RI!r*d%_~>sgRr+Q-v9_c)_e7(=?!dHe z?$Y_Kv*#)-=L!abqN1@}B|c^WO?iR&hb6`iqn)eA4+NJnLqsu4?9khaSMTh@nNH3( zmPq-Z)SRf?2){n#VGz9@0}r-x{*1%2axBUj{;IIb_tgBu5K@|x0+@#Cu{mJSwN!x+ zqeHr%&(G@jgG8=u;}oX$|1dx+f8Eq|%Bs{oWZm*YTd;G`RJ0Vt7R#sjrXnE-5Hp1? zHvf&TUr9@FY;3I^t;^rvS>T7g@9sS8uk^}nuvWAENa?0)_<7OH+a3!EqBJM2usbJ} zd)7j}C0`uW-jwmS(w7pWv|@7xbS2lzEg3cCy1NNflc{=ux5twjDTRH&0Tas(;ui2x zyFidA`y9(6!uLA!J-mRa&Pde$_+x2|dCOzg&$YbMpEvtth*rVoZ9l5iHlLp2oBXr; z_#2q*tOF4_^YgU`Tc!ow5TQf=TJph_8Qld6qWz3wpeX`wK53P6ZuYuIRJ%OyJyuN( zm4gPVKT=lnwK22{E*{ZrH+Cm)-UDCT((w6&CMBXERxNeX(91#P^5cjQ;q|-B zX4Xkm$2g~)E5fz`_HhyRsb_j0A+_MnMS$^z@@wZc+C+43wBU~$erI957J6(x+1`}u zUk5Sap_j}?LJHHTRo@?NnqB|9HnEuzPPAVjP8)QjvpqNs+_Q+FyO|H&p54QNBJNy7 zTCG^?{Yqb>8nQ6a4@@nibO`Y>g6hksP87*2N{2yHsq7ipPIc?ug;}n^Wt@fT#{W8n z4`we1$W}?kkOL6X8!#{0nVC)TqlOABe9e64{IO|LFYD{K1_o*Ec5^JXe$R5pBV#Cm z$oR>$VI7RnwxNr3V`P`|1V%#xYrT9m2SWz8&+_`7O6x!??r~U%r2?ssEUXHdKs(XsgnGMXqT$n6l7?KpwqS%SW!y6&$)id1izZy#iszPXi}!i^`d7U7o~w`IN%<(6 zl{JKWP@Sd4bn7IvPG&^U6UE#;h|H3kb$7nmoO(8SKsn68CsD<0T)$?U#~W2t46`ufAP4Xha4yMzgFq zptJk8AETL;Tf`kMzy-v0AFVL*{{F2>iV@4a0A%^8+ye?yOt<+Z0Bzmf_0Bb?E1maY z@xDNEGG8dzIXou^9hgz~cJ{Ubwy}er0PF;rByNAN${^*{29_f3(fVh8Tso_P<$ZGR z1$aO&O6D?j3dqq?Avx#r2QdZip`Ab43brrP3^#skJ`3DB%LwL_0f5;Qk_X)l5@h=WL9?u1$Su8|*AHu6 zN&otpX&8|ow{f-X$HOY3^GF5TtjOJYS+Zej(je_s3HI}I@5G17`(2z5_nY&I#z6tO zZ5@g&H%4PQ(0>v|A-*Vy2sFc+S=?NRzCn9gkz+QG=)KEO%+x<~Oyb!GFQY4e>r=$G z)DqdXQ06HqDj;s)#W#5vFdCSbj(4FG80!n@M5wT$m`d=?u`;Vuh92D(|F7s z(<73KJIKj5)l_JlAC`&;Y|k+rOS*~)ZMBp;p!TNVi_(?Mm%2}t(_*!ppWNZ+YZ;#J zWs5hH@>eHV7ntT`XtL>pk|i93Uf-p^8!OQc4(}X0<*|uOF6h0V-G0>|mH&M69jSVAJJeYgPwlEgTQs|Jr~5 zD^K5nLhci%PRi#qj+Mr9gdaoAA=}|=NGO^%Y52zanpKxup7l&dVDk(GYzkB>3a$eM z-2oJ94Olz6>pN^Luy$5fjnzSaBv8ZaY@m$X0Km8uiC%6jYQu*6ow><9l48O|0fF~= z6Xf59`RR87#|*m30xE035g5l+bVvOLicCPcn2JXK+jRy1mrt{V6CvZka)aPEpxp0} z|Al|!4{BO+L!Ii@edLnTfQ)2Z$eYyksRmomc&Co?{m)aC37f9FAv2*ts|+25JuW`_ z(%sP9EZ`>(C)vYzpz5c-f*$!lWWoQf|BC1_Cs=X_Wlo_|8uA$83{51Na3M~u_8no) z61SrA%*E#OvBVuI$~Ie0gr&%~#<7rSQY(u5wMs4u%CzZ{(oerQ`&#*R(bEF}+I$B3 z?&S^sMRy3z%!c5^c*yzHhM&o$guboBNH%GsE0pQ-Wf<>Gl{;yenwjlki6Br?KFxl3 zx?mf5jOj)LG2%z5IG;vZPu;F$iO%*g;hJqwFRhUO&3w4Tu00@Lf|sz5S_jggqTFxL zS{v$qnhkt+=sN7cGC?I`895oN(-u_-V>*2U)&9l9mds^10z9Bs?Bn!-HdtivWBIJg zXiiF`GKlO9=e^!LeF5|Fz>m|B{2wv-TnMnHPN94N5nR&Oj9$=wq{50+w#+7ce$=aW z90bPR;01PL&^wXnYJ8kSZ7PM}SEadlgFYaZU?IM7Ksi?AV`<=KDvK*r&y1#ZYyiN; zBfK>39D)a@;c0>rj;M0kYRN-I@;0VlSoLZDW%ThbCl65I6KlTD0?}G3h#z39z!b)w ze4_UzF3+p#*P;kK@2#KX~`qq@)Ww}n@`EfZp=hjb#J6(5foc;mZZXPnpv zKtL%pD2ER?$l42u)u4uZMP3 zS8PAszaYaa7Jw7cr&L@QlQK0`lq{IzwA%DBEdTWJAXvj!1GBz z$KuKww4=7<(102o2V-DH-T&Y7f+u82cRFwk?^}hy}%o@iK2`DV-OKS;;5?c z_@C%`?rmT$E}a23${WB3@jJ>yJh=cN1y~z>2Ero+I9Cb%k6~c;d_e!1kz%K@QG*c5 z2_MMjGH3^wQI+WJe@vh5FhjRh^ZYD&gcgK&C|^5+CQ+WdqbPvMvo_ zjBg_*9=_^ZPlrA#F?Ju&zd+PDaM|Wfh=cN*H?1*!o@T5Y+zAM65Uj~`5q|%U)7*(V z+~Okg1pWt&jfBw9KioS{)}(#dm>IID64m7H!u(&br)REE&4LJ4Lk;Or{ZZjmk0Y>M zl^K*uRiy8#2kk856X#9;Z`2X676Qy9lXFq&L|fcQ$%x(`&tRN$a+OF~tw^e(0(;gvX zlVH%gTEwl$2a6}=$Q~twUw$IQfTyNJ??Gdj!kYlmYi0du-hSr$Qn%k+g~^$2$=&*i zw+r8f-pE!K1|O>pjC*2#6nm&fr=Uj63=&hM(10xuIvLg1{jqYPs4Az?{zr4R&B#fE z-!C&V2nLfwXIB!{7w}I3k;7Cf*pNE`tZT45(}^r-;40FAkp!6eMGb_GIw6mkG5$MmK7b~66rIRt>fPTYYB z)03sl-6h5GS?xb++`-S8m8y}NK}GQvKf}Hxe=uLTTB3gHy612<*VE7qKt$>TSI1mE zS|#7Bn-dK2%qK&xo0&<>^Vr&a8(D z1GeSV+%!r(7H+$kolkCFOJ8QVGJMC!oq8B}nuE4%#JUr`xEd&>l7ij?M^pl!GP4dP z!-81Wblu}!)L{Snnrn9(MlNfN_9V+^-u;~DA{wr7SLfHNpPJNRl|&gwGr@f)9cBLT zzlce>7W4a5lCMvzthEW;=k3_aH`TSF_O)D_2@}2LJoKmK|6wx@jP^JRX7kk8mwKjz zEtk=Ylt(4Xz7%;N6;Ek80yUSt?4x$seFxPn*U>20AF}7@H~x=~PATlr4~Vn0B1S94 z+RKW@O(-^BoC}c69CalSiqFrg)Eq9;Ip3$8uHJ?dKu+XKfzKePk;XKw5*nmS;Q-Tv z?BTxTNd;$L8QYwncz+Cl5+$(3F$^~*)VBh0 zk&a(oD09Cgv7TC|E!@Y8l`6g}HB_@XdgV~54!h(*x$^0UUTwR|B=gl@B*-+X?LHGq zCdRQ%NO+Nsxm(pEt6ufbi99kOzx_WR=}@x_f96n6?8^l7U(A4+UVTrE#!+34Rga^w zdz5iR{MxAGcuI{FEcT}Dr?VEyI`3|(4omY0m;KL2&v`H@cv1<3c6mJ>MZ0OE5OLgz zzF1l1$KZ-uy;@8#OC$)S+^_=ho%D8_UXvJ50AhHnR-BGJjk>Mz7Moy zcLEE(j_PJpP3PUaeZx4uKy@`+Oz}HNvxEIk@Wj5<%-=VO+%e*YZ5^J)Z@^8)?Opsgu5m@tuslQF$55G$FZkfZun_ohx}WC^f{HJ$hViVO+fUp()~Gd ziX!{+B-`$#-5-CIsJ9Xu_)Zj4b+{8G#Wo!M1AXRboPfqD1vsY7E-RcKuQ$o3K4}US z9QHRhuFp|FsuIR^Eqio2ayXW`&ZuU#)0!Dt%oOsFlpR1IEGI*{SP)*wvw9)>)o^Ui z-Rvw_(1u~GjZS#tqKQA~P@7ctgVUYCo!TjuxSp5mDx=|!u6-Amhz>=nP1lEEBNXz+ z=Q}yh7Q{JQ#6UKsHD_X}#Lc9>0GD6r;M5L2%gmo&7e=+aY{{h81z?Ut*%|=e3whyWn=NBI1GM~jBB zFeg`!Lh0me(Sv68+l?<3Qs9QA0aXO6n}e%wG2^>;5^11#K>C)LLD^1dk)qp^%K(dN zQ<&feGYGKWJF^lN_2fm#Yt6zM4O{7;ERDWT>IJ93({lb2P=+<97U98iT$#$2L-d4fT4V7r??dG92D`Qi3v8fj^sFnPa=ogI z5IPo?>iRk+;=*{kdl_L)KfJYKeI21g*e%AIe;ap7j zGpVZY9f2@SG!N9(NpdN3+JFeyu-9`IWg?!j;Dp^M3Kdr=5?En+w=EaLQZ*C!p3_t+UuDSXKK` zte9~?h1bK;fFaMX?#~I^%(|Hezk$Ou0z&!#K1KT#zXduPF+f@@B14|wRGR9s*ePPy zVfSU%d*OB}j#w!|)VmF(w8G>g8U1}N@SE+uPV{|@PWt7)c;x;J?_=vQ0gdwEsunpo z9P%7qGDR7o-t&xLf3Liyc{Dz{K=SDOjgd>mOM6WHHH7Z2P9e+sCtGJ%bDEmMX2Z=; z-W2VcdJNKU<{?gg$=j*-aJW+-whso=fbHc9ZY+)iUgDMecbab;?&lD~t# zb7R?HYFl<_MYA>=uBDk+HEMFk!TI}U8+e^I&-gm2iBpQz3Vp5 zitGxNstQh;e}HFQH?VD`A{+co%6|{Xd;r`HgjkUg1M{KyID|E*eWjf?+`G}MkX^Op zc`V5h|H(o$&nQ&j1Z6MbEH+R)532c!U*Ib^w<1{D^`-ZKt;=qS5BB;DpGk^9oZGY(qk4Os(x zxj=oOu{S{0t<(Zx0w7o6JD`B^?cAgPG4c}o2M3D^LV?&yoN`3uJ7(`ZUn5H|!rsD7 zmx(I3ru_-cKNL}2Snrf>ZR3zW=N$*@i^vgApU4z-i?&ec=T>D-t|{|# znB5Hb#{J+ar{1Pt)TDVKWyWjHn|nc~7UZ|)onU=tD8=Ro^EKkM7j9H9Dffi#l2Ts( z;^ob2Ji|ulz!Rat&0&1tNM<(xiBIGJM2EO8Xnl4(_snmc0&ddu6jx)+R0K#-GE;go z-}{H4bwFB+W`VD@=O1Sd^sfhv^4T0aDX6y)u*AtN-qnt>^^DrE!VNWhDB7bT$F*nb zv-=DdiY7QWF^#)vo+y?%awt!MQwElwjj-u<@>D}#z{v$wZo$IV&7+If(3%x#{a>QQ zwd+#fO#yU$F`PCch*=Np0>-0AA;1~*A()32v)(=cm0orVjzA9Bjw`mpuDd-@EzQ$U z@tC>=4jDL7cJxvs7NZVinD1E^BYYWGn6pK$J9!Xh8VySEz{hE^Eee>ogX#q;h0Q)S z<~mxdNgmW&)z3~vJfkI#@J%Nd9j#Q~G1y2kvuIvT&vmQ!V+~)Xn$%@)qc#Ep${c5L zPBk_j5?lBQP&Jk$Uz zols7}Gu5=I_W^wf?j*DP(kIS`E$viS;oM@gkb8fI_L%C;V?^ejTUurtBf=WW?)AT% zQ9hrF*+?hHIT2o3YO1hSc2UsBXVPI+#0AtiU~iTl`yVlPTQV4{oHufeT24A5m}C-& z{C%kv(AN6eN4+}HWx;*P!~KX?Pr=4%Z~OiWu$N}(=dJp+e=S_VqM7AIX9zZpoI zfkqnS5uWr0X~HQ4w4ZpH7HxWv35cKV%PA;ooisIDa93TGl^7B2ESZUXQGLV=zQ3~U zZSn>1ZT_51P(nWKI!HWXlfvKGde(*W7GXxVVVeD+LY(O$&suEh>s<N1Lh2g;&-$W+Xl2ynM^mgl==S zHDNQ?v%n8I&%wOFc`njJB)B=#B{MnsCG7J6kz?(#0pWHol>z;}8;Z?sFz`Wdf3s}9 zdx)qO9D8tQr4956+ifkzFyXvJsE3l_+MdindZwup#R^JQ*XMp6+dqj>%#X;vo3A;} zfA`+-Cg(?d@9(D)XAm_-K%G}>LKnX#rLD<{yvbMz6b^jtV8iu1_53fMA7-lRQ728{ zquUTL-VXrJ&69z&Nl2T~{SAIB?m_|uooH%A0r5eHKfa8+k#Vhh?E694Nt-&io+y;0X=jeUk-Ke>?!=?W3W?(ia%7l!B!g zW`$98iKCHKkeF!k+g@{m8gBcxY7!k#4=MAENZ5*adQ@PHl$(d9L8~KjQcGv$AxE`o z$|``%Kthq<^FR5bxrWT`o~bNIEhwQbKSlQG>^M@KIZd*WGbj7OlpiEn4Vig;w!UaV zw$8ifY2ANyR9he`7G+~aATcs%BadtD-li5&Wk@Fbv^CM}w<1>pr z!9BK*yTv*E$UayJsj{J;b1!qNb+w`_`p>xnBD9C7pIK+!92n?9{Ki(NaE|vzN#IJ~ zFXx2S7R_q?*47BJqZ~{qYdTT^j;{;c%%dejfWHTp%E3AFAKN`USyk$Av{R%BYs>B+GHi@wg1PZY^z}Si8X_hhTf(+Z**Q< z;E7fL_@9`2|AVmqFWZKC5|&ed*cVC9=1Tlf(4`IaqQQNdtO%s0*(Q=+ivyj3+&@U45GkW{{W!&Riqx@a1)&WL8hD46L>O@74(A_EwV%JI^IbEotQWLV>2DjkYK`CO5Cps@=SYjj0DCMM2?(W>mj@gwEV{7*R#K<)N*!S zUdx2fylEuV5Kc}>imT62yHy!0EG(jz4NVQ!W+#`;{GBPz_vn>afy*6p>poD%R!6Nt z+7WUT2vvsW+r|J3jw26GBQ8(Y$@T|N|m&}uW2j3Nh*&#!1Lurr{V0| ziVM;|O+#6{5i?etC#L=%W`>HGSjto~`)1($kYD?;n%Z%A!8j}^Z<0S_?aB+ciZgYu zzIJP3kAwVd-9ZE~d&Y}IyCzuqice8hgXNNbx|P|qf~M)@!vz`JCtm(1bum5@)aV9k z`G{`)hT~2)86Zg$k4EGI)Y)S8&50IJBspJX7I8A+;^)-$8?|}S^5!f{7s5oB7?@K1 z$z<%Iuc4rg#3D!rMauI$4JaRM(2@^aF5M2TL|h+h2`1mxFPp3mJTpE0y)>ny9t9r1 z`fd2|3t0Nugnf@}W_9gLUX4F_`7YhxCDQf7M=boN3bv^sB~&Xf^jV1$po1j@OG2?AwuQ&CD|t5gvcs!RVxEc#8+!$$@S?jL4pwoMqg z)b=lKt+4=AzKGt-Kuzk(8&C=GScDh2ywaNS>;p@p)*pNSpnfwSqVJT}xFAtK_|es$ zfIHatc~8!JNC5hoox58-Iu0-w3T7YC3(ZryjZ0@N_3yZ~3}+eHZo>#sL0`}BmL+!N zow{#f&LZyU0D#^j@dvJ3FC8=*?|jHFvI)o!+(c9sVM^&xG=iVL%}8PHF9H}?{GD&L zI~rCQl1OEG4Ks0a=g$K#O7D+*_GFV)gDcJIj!N`+&)$q6^=f;Af>f-a}w9Ae9APQ~9h0Zk_{ zAd^7ZRl*c5(h+ls+=W#5wyv?&$M&boInaYj&QW{5gd#<;5$*6iq!zX8F#;lLjxK0Or)j;01mr^~IR^uP9wlYlx- zD30ism(P@JP%9|@3-=@mi2`TZev8MpS5>5AofAjD^!JyFNYVX&9%*Qec#!7qJX5w zg!H#r5)OzqJf?uM0{{(%x8pbe;`v*e*^J>Dm@}#bxG3|#c=kdUK`VR!@#TUzfad{p zhu6Qwod6$y{?G3IA?p9U_uK#b*8hL<)VuQQ@odSQVUkU^Hq!~P zpXTzh{h71#r4>r!idfp*GpB2bMlvJdk%!@?Al;yYepmNcnBK~lZk+_cj}l@-Ye!Xn zA^Z5>=~ToM8Lc%j%wNRqVz+l!}ACG?A7)pDq^VQKp;xZG>Bz*XW_nO%Twv|br9 znWIZT{(Otb?}wGms{ZJ_C;Mpi^kwF#D)EON;xp>Geq6y6h0$ zzB~PFH~f9Xq4AY)sUsNL!52x0j2_b;e@K*;u?`^Q_k9XJ8F(WQUx)3rNyMF-PMsUO!bSa zJ)In+4t2G)2Nc^%PDb088PW;T1V~UZeULB6RH>qVm z+ym2ymGAru-xw>M)*rNd)?fYV@h2@2fQQh_Vu{FbJHZ;9w_r*3L;BN=EKp0hWpm9sfCydbwn=sj{)A1^1@h4i{aBZwsQnn_CcrS4R5rx@t7 zIBFg=d&Y$2qf!P;IUQbd`qaj=AmwL12OvnCMOOD*mxRfJcqV8SyT7Fg= zMqGXJB~{eJTm6y4xfl~Our4To2i00|h+ zUpxR$K?1N@$U)Cbb;F-KqC{Ili4&uNS|+ zzdr8KH8m=3YkqdY_BRHe3*%55*fZ+o*-pDE*`#!U6u`#kDhTN@zLrSM zXWd->i$?~huATUYW4SR&IH!oVre$ zT2PMD7Al@ToHZKw2v%pz-hiou-{GfCz0L7)pc#gHqEu%YruSIJMVX|9#B$8# zW?T}Rjn?Djv-i`s8LCY0P!b3zdv-YD_-PLb$xSb7`p$K)%({R1h|!5Dwg6?Oo))N< zzOnbwevb)lO#O~by{5gxxJ=W|cF>KO!-orKdvnc@7O7vWBN`vv%*A?tfGY2-=uz(V zp3cpTN+tHc{eXl1Dz#zpjd3G@Q>>Tm$887d^FUn<$mwJo%_8SUJ*Fuv|7}#{e}0j| zsK@u{|9#27o4o&MUIGe{dq?h!6aG9L&}#{*eb)Ap!I};9OgvZE{E0EP#@)zg2$isb z$?ruo$1=$9eDI4POlk#Z9)-kHF@_-%B7&#O?gCv>Dv0I&EIYro*>&ZXubs zelLgB-7^v_`FL#O00yp3(eOMHuo02~{L<^a<9FS?&;w=aLtpcqu`#Ck=FD*ODRCze znlj~D9)wnr2Gx1%W_f%62xwzm^kp`PDvYP{RZ;M69hBS8ie$$b>5Uwr$31r4Wb*TO z>oV$?m8NN+4TIZTAOidE>s$L@{hWmS!cXIvifpMPy}XA@BURF3%T6p?nDU&n=CLq~ zwCNq5Ng_j5dueJm&*yXj3!q}Aut}OPr}m!8IBf3DV4f@I^<5v>mzAgdf`tkZ7;R1o za2OVCvh{(os{q{>C^2>9A4Pu40*Mx4W%Ux`HGf)kotRg9XJ}k%g z2wV(6B%E>#J^(Ejh!^l-9?2IpH6jmPF4|53^j}tKr7l+#q*%HNu1#wZgu6z`nRh`t zzw|2UoeaqdoIdya+#Y5z@(kh{?Q0UrS$R0NE*elHUY-oHUGzFP4r_#lSSl;~nRxN) zuz-sy3&_nXnKjleOO{(tVXNzmvf_BwER;&1~w-q_-Wb^BdFF`*g zv~%PbMdLXA3nU?au4F^S$7}`Fbp0&aeyrQ=g|$1?Vuzlnoi2)h@aE0#V6cYzlbbgz z?(pK3w<66{A#oec^g-_j$bo8bwlt7`^h3xwrT}a2Jm9M81w{0{Cjf<4aQ-l;_3u8d zU8e_urZfu>9F+Z>wB^)->eP+U<~}})BJ}{VeyZ)i8^~@(GB<*=&IY*7@xDM-bCLr{ zVt?B3e`uZm$L;>Rag4w5-RxaQ{RGhk&q8)~Y}T^@G%n(t#5#yJq#ytgFs~7rXa3HR zUjB0w+`@TC9t3!;j{#)I+pmFSs2_#E?})Yk#sFtgydOXk-RlEnJSjlNa}@CZ_`gj% z`p8dO#6-~RIKjRtywMN>g4@eou0e?r(KfH3>>*`aXiEI=B^sw zlaJ)mkt}*5G^CoP<@7X9j^9ee#8WgejIgBo?%zm>x7a{Bm+nQeVeS6`Jn-Vm<#r~p zv8eQRHL{Pmp}YcONCVHr?2>1ZryJ`y>I=F8_5BW%BOw%(iJVA7eZirb zwj84l{Kg3YaDNIAC_SsU{xv!N@86_(jWaj=qe8pK^Ovdf{%*hDWw6VCRvIq`vf%YU zNzgS_H1DDaV)3_qitm_=)Pqw7}mCt`pv^n)Rna0ADCbHM+PMH5x-{cy; z!G|j3;PVoGDx7k7OWWcOw{W9SP@N%!4NGGh;lrs+=xPmt6U2IO;`QH;|jm0~q)+a0d!?@j@u z2?UO#hrBveIDfNMWim&NTJ>CEhII=0eK$J+p-G=bo?_No)727a$DN}i*>JDoNZV!o zJ6}y2O}}Wym43#~jeJq`yefS@ME$pj93qT{=`4pI9I6P&_d@p?SK^XBfNHIe&jkHS zw78SBaH%%r@~;O}TP$zvd592G$Kyd4h;}`npv<`Yna0fs1h^jw@uBhx0`g*3Xq&h$ zhLdECoRH<*oa(_QGSbOGT1;I~sO=^u8Pp*4808NLnRPMy1DuQ(7-@9S<)+Dk_Wzgqs%&Nc;BJ#PYUWuRp}PR+4w;Jp}?7fu=>y_ToIRKxJ%|J*py(u=Le!IQNZ}s2@=H%o9zD`}i zx8`5FEpGQ(_3EvVPrNxgzK}-VH2kTy2Sh;mBc9QL-`5gMbM5K2=?0PWfUJi=-JP!Ynp4OFjBYoEg2QZq)T6v-}B1uK47GbP(j>7zATMe*O{#P z5jON^hV-Cw{il8K;yub}dwW44nTto>uB$L=u$l)PsFgDTtUux5&E=V7ab=@TBMXb) zl+5>*Zx{6{aA=8m4fSZz+9Q zJu}rR%&b%NR4Gr~w>W3~K2#8}wLt2^llT(IAc>gfn_1Hs7;LR>X2@{aarwMIRcO#Q z>EmN%o%0@7uGlEy^f)EBzs)-NpFn~{M3`3yfkPKsyveyc702ofU?`X{P`eG4e(WK* zO6&QHr%ABb{oYq+hdDWBN(}2JcND@4t3(DUNGXheX&QO{VyHu2 zqID3}?@I9Xk@^Ls8&+cCcp3B^ND`<18?+BB8<=;ReiOjJpb4f1e%re##56!F;$)_I~(ZJTJZ3!9eT3i!5LR&!GSeu}Z!!#BEL@g(Z*4_NQ1(?%&A1r-(3# zayZe;BYyGBw~t#Ay>Xp(<#J!QTk8UAWAfqoX`OLx3NVQKjVm)*4?o0=H_5dTx<0wv0d;lv4>z_dJ9yx8?2=NJ=%=;)-}V~u zK6VEVWS}4Y2~dX!+S3qATYrl17JgqAAfUc97nC3F538tf|8lQN?YUyhAtSZfpFDe` z9zfNR6L>*@AdpS5p$?I?_xA=vp6THeaFT8&SKWjn6_e~Xm2F=b3>-y5J(0HV4^g7) zc>k0@(stY`&M+dpJ1YJ$r4r;2*9n$lUU*Ql;wdc|B#$HbOrR*xLtPlbc(XpIQ>AJb z^ZJcovgxx$YdagIDnH(SSj*gEhDH4`$um!2*p&`4@J{`2PdK8Ba*`s<~41)9kt0s@krG7Y)R39kA0Oghrc8R3N`gTY4Sp2(Q~M}) zicknS3OMLln|hFlkGHd;ellngAyZ^Fp*M*g^5MXQo}sg)^5@OAo7P!l5)L<34|LFp zhqMr&Kp=ko%E_w703^p=qCmZk5aGwA;)oUVnnX9~Ax{mvc3sz;{`4!K2I}X#(x`K< zG-Z13$lQ~c9?$%9f2Qo^-L27C$*(pZH&@@HZjHFV>30em3Rqv$&#BXIngfqnV_?X+ z5quEjX%6scV*)ArF^L6m0cH>xrWfhiv24&1!)9}L_uG(3=U|0I=Lt4$kg_%bo=OKAH*-0%h z)_Ek*Fl^#&J_FQUZXyRewP{7)jz^q$n1oj7JLnRmc;@}x<{ZKaWwR`?YV4C6hhCgh zru0(dNFYK2Kz+${YBTO+=8cYZH$B4nFP5+)mm>{V<-0vL%OXJ)lr1A?umU8&QvYO50kDxRa(ooIqT%{gZPG=Bp2xuig=?mf<)CUvK;UN@grG*Y>xi754=Xa@E`svlolDHm z@2Q%7>6u2Dg;!)f|5K5{Z#?1OV`nM$Qm+}S9+>C;DPZ_R3sNSUu(Yd3cj6w}L(3*% zQbI98%!KZ<7bqZ+Ucsqd?_zY!M~_bN>Ybz$iE}bCl!LJw$4)9-*(gjN!veRT#uja* z^C#4?;Ll{e$@FVkH2WrEG7a(m65lH9zNE`{3VgwsaI!U=xC)gl z8w;IY)j^~J?H-_T(HE*`kc>%3_9!2Jw~|Pcc^C*023|*=)iIlTZ1q)ynXhgjTsrv* za71QzZwh^G-ca_qQ3FU&Wx2 zkd?Vp9H19ZLH-fb+huGAT6TxWzTO<+6v+fkL_xcKpli&aW7?Mt=b};1nO^v*uT<@q zKnK4Mq3UnrTefX!q22h^M$%imO~)3xaP~Z$5O`^ls@6n%OdG1~3YqJwu?Y0pb`oK@ z6j^vXz9@j?^xm>7Y|(eJEGvqH#I!@*qQ`85J*ib0DE}3y5?DbRxlvIoyv(KwTf8{h zqVdLcA?zi_xAq%rg{)2Oq;<}xR#z?IWa&qzaxn1#-Lek;kd>mw=-*y#p-@g7f2xvq z2w7eF@(VDW>%aTnyZtHSp7V4 z1F`<<;yX{yR-hL$h4shtCCJVYQYD0M!E8pgx05JtrYu}l9$r`zw<;jUoC0!TA+|Yf z+kun720Tfmm-BQ-LxC<(5~1oGN7SLt#XvA`9xQ4%THY?=wR2?y@l|80nct7MMIo0* zI&QpG)y;1mm@tr_svbO-9$wQh2~&SPGH`#aD5A%;KX+ud=)~8Rt1FQzn84+9>m}_* z@ILOO=N?Xx?}R2>vC2C9qaV%%KL+2LX;rtabve7xl7$U6GcKUQs_X+{hR69@WpS#U zM@YTEd{IaMC!mMet02zYAv+^9=6t1V88wdT~c5%vqRiBFVzP_-( z2T7>X2m=HP$zcJz>&>pSW|d7vMLA9WcqyHZ3Vp@VR6^8p#^kd0dScATBx3KRn;Em+ z_wez7Nlowi&{Y@yoP_1QUm&C_xM!Fg@s z_dD|yjaq9rLWXJ?>p}t7U99Y;uUka9K!!g3t>zW^_W!8n{U1>e6HkdyP2gBgHuZ2! zIS|MlA5`#}Gn$z?ni}(aZbV|X@J+yOSZ2k{-0YI? z1FhqU2ENbMuDBZ>EtS83F=R>s;f)?sk#(JILSIh=+Hg{cJ;vIdCgF{AUP4UD)UHy6 zj`c=D3S!jGKzU#`{mkT}bBl>Pfj|L>Es@j?svBN~&SO%b0toH-b-5)le^XvBOIAqn z-9&vPCH0`C+r_Th1>cK?eTwlqMu|2vm*$~BL(JoEAmTWA?lAILJ+l<`@OA?;bY9?n z!Cbd=i=Szq=k3Gp9lRucVrF%EVXOo`I&jIr;D97Bc(|+U>LI_w(v_?UPeRZUqO*A2ndoT$w z)x>k&gO9SW(cjb0^*+N%4)32!kk7)XR^|-vZv!MtN>JQ@Qrw&5RAI9yk!Ps8fK9L# z^G^xFZlYx$*~6Zqh7QVVP*7|ho6q6)>k{kCl=t31pV@H-z1lo~6!a8NDh8Y-*nzC@ zKu~Sg>yIl2ATd+O-EBfjv%mc%-+=O?cK0^loT}BimaHFScXn99is8el=Blwn0KXJv zCa4R=)8a(iY~vovS)8$;=aob^&2;OSJy_t26+0r43gGNfsWR=J^Z1cqH*>)nV{_S- zF5Tqv*q=Omj^lZRqYtG&0()^@vQM%cBJkwit^pA=_!!goT>xP<#5DrE-S)y=mmu2` z()(*LTgG0gI`Oita_Rw3Lh=N2 zmHQ>rB*obe&s`5MzfYYE>oMH79B^Xa7u*4EJMjPz*5juK%$Zi?VP1c2+V;h_RTWz> zH)OS-z3z}vwgK#<<}VXNqaBye-BClCFO6Yu92vA;IQ-C))Dz!MT`73PbM(Ko_vO)0 z|9#&iRFsIwHWj6kwUEfP*^{)8b$(@QOpLV|jG4+-Bc>9HGKE4&)+sa-W69Pe`#NSM zk;x2Vn5E~_b)DPJtxB$orO1{vG5?m^XA37{#wZ3@?J} z-~;Fnz4=m56dWRVFGbgaZMz%;=nL@z29ayKzyEzUMA!`DS{dnteMqJCm`_xl|e~YVA1LKL(N4WcP6y3c| zr`0G%(XjlQ*UY=IuMgOVApW!qnx*oYX~XaK-LK3rbgG+>{~4e586Mp-Ko$|atRkqO zvznlru-nl(SP1`U1$(iERq}-Vs)kG~nw~N+U+O=;=h2L`gjJ^|zcRI@CW2CL95DMZ_!?XRk>Y&btq9yU?L%?6TvsYtFr# z`{p$#KX6`0I3*mBtd|+`XUZhkMd!f*G|_HM^)oQQ(GjMWUh&%DC<}k7v2N_bm)mQP zk6F941ul4p7O#!FK~xrG{}SbQZ;gti$$tZQ)qo6mFygr*xHW^?9U{>j~yJ zjkg1GpSJJ(#v^~atyEjNzO9&6{-Q9={=lcrq7Tfu!Iabdi zaxv0fSXKU&njYIk=2R@kInyFVgLj&NI+7PAReM_+iXB61x?o~;H(7rRDti9J{rKB* zMAAd$8Hwv7M};0;KhD;6C5~QteDkm}kh;rNHV7|4MGub7mh{e*+E9Lc3-#*>eqAV; zSblohcEQ!tl@et;#shFWw6(p^6^#N#`!$#yxt&O!7aG+vCeQ6Peio)MMfh1zJ^FLGCC|C@zU&eDX2ugx zEOjXA^fo(54rtS@%Y{7L4KY2jfLuWn63P1o`4*!5!z6B431&wncW`%VQ24N(GB_3u zL?DnQ!_vi}Ga;U_p{Ytsw@)F0)kv~^F9YahyZY;KTur~iaW!|hu0TK>QPHL-y3K6f znsn;ZPa8eW-lv;`sJn`{h$n}N&VTwMea|apXVqS-pU;1US)c6osD{63VaBJ|kt(h^ zL{}fdc<1AblrE%=pX!tUGDhulJfUV zhi1S*ScTqJ^yr$pa#J=iGBlkdxbJG-wC8xcig?VcreHL35XHz(DaHMv7S@>b6b;pVcA2H27GZ3ar7M1y9?g=Y}B)wQqq zfMuSY?ouyotj1xl=Pq>7C_7qJD%YtcofEj5-qfx%`!>~M-l6oG{aDp_ZU}IqWq~6& zM{#UZ)H19}={;e!Ssw{ryVDMMN_-!W? z?p0^5P@DuefR2Er;K5H?LS}y4P|JC4G-u!UmTaXSNF&j^o9`<>^yFv%;OFSQ@sp{7 z?8#ii!+UMjTv73w5zq>k*}wu@o)g!)SrLQ;$JopE>{BkOB~wY{Ju}(+dVK3L#e#C0 z#e4FrQ}lFgPqZG=Z9Bj26Q7z>Vy-I48%XL z7+DqfWs<}pI0hnpDXt_^$Mou}e7*v*$q=K+QEZ&#YNP3!FdJXZ9Co~IWWc;a?w2-3 zeRgY)@DKdrH+jLyC*oRMq3%ncfs3oio0LGP91R@p)(d4h8B`U51RNq)^5X?NyI^S1 zgrs=Zow}4rs;fQ;t2p(?rg6MXWK=)+AMcIs+KTZIOT8qxMJOvCLXHR0s9!vOYbT=s;&ES`62V{wIIwr#-~R8i;(g@Om-Wx! zCNBM_x`qZD7CP#s(k#Uvvd-9!tBYuU5(lYjvxPiPgxh_#YtW7=oe+H>MSZk&FTu0! z*|Oa`HcBX^!PDWR%HF&I=|~GS@k4dKTuaf6hUFufXZXeAD{9SS+Jjhq{+=YJA3>#| zYxw(CQ-oOpWG`(jne(yv{q%?JvfYwXT*6-TtWhC9q&IRIcHqk)TH<8pAA$DVyL}ch z{j>#}l_k9U_vmC5=Pbt_oiAlQ+j(sJ9>Uz-Z*9@~AM#2+1e|-I$uROGOa)Zt+XX#2 z+3lWR^BX7E0eFZa|J$#pkDW`elOZ!Og$UVAL^9pMdN`thwW1;R(t0p&HTa$5A5r>m z+}_~vX$sdqc5GThHY}$yawfHg7h*CVwepX$AuTd;d`-~1*GOp@s)Mv@`)}Q=Jlc@1yrXXU&PNV#I7?wKABM(@}^ye~p0rifoGQC!2E} zLf9w}!?@IIhjX|^u&#|SVoQq^_lg*YrSiJA;|$g*`J6@QEt!FZ>pqU^iB4rY1915U z9CPY=BK5A!khx=yAVmkKa~OEMsI`FNo>TUSO*Zhtkr!Q%oXrANp96%YT)`8tFPzL8 zr#HjIsO%-P+r$(7i+UB`m4~QTgVvSD;^rP*AIJ?J`68WCg=8%AW0gX56ll!7GNi4hC4Lc3png9iD!lc}UEwt$WAq6Lv~zK+8`x zBzDmfv?`%#j=L9?K;DEMv5@7;M2_p>hhDs!P}-hNZ&dcXEiY6nmwR+nQE_)fxbOVw zagD1IUT>L=M79%slQrm$wXnf{;bs_KveChRiN>|HN>b!&hyp?T5(;90G&el&-Nxhl ztM-5DIU@!f`Y09?kDkd>N0aZBR;;W?ITUY z;EC(8?AabXGL)D8`D5%0tUA^AjQ<2_(Z|uK+L2uASxGM#nQ`L=mRW zDERsEt>S5+&mA!?UE!c3ab^f zZjNau7^i;^Zr|?v=t9`e$=*bz*46uXkrf1}LES7xySsrm>=?FdGvA2YVGi{V*O5t3 zp?(74u9LP(V`ZD0RB}A(5N3rkQy-M8kjnuYqP}@R%^h!U!g)vD!Vm4Oq;GMMH$c0b zVmEl8bJ{x$uXhiwFr2I(gq}=P>Fy^y-}6)^9dJj$`S2{P0tujrbIfpv1l9=sQRdd& zVHzZH(No0X)fI%%>o-y{L8`Yrj}5#(aB1E!sxOh140=!*TE3OU{zwxl0QFpm%Ke1m*q?j#lEq z1Ccr0NWU86$vHpCWqT!c#C?m4D+PQwFC3lPfFrde3Z1!1`$ngeLwsLOWx20xZE+Hal z`Y8;0Pd?|6M^jZRTpD9bwW1Ea5D=kPp|@a4Py`f$f%Xf<(CzQZvg{;J-HeGCD;CU= zvllE8?)%mS*<<{>`+DxPzf-ZsC0ZP*Z zXOf|H4%%*_ar4-8Mww*N)%zY)(+eZXdg^~{e>#!v!%@70Lj=N>L|*qS64qmOcY(c3 zDk+&1b%Zsttgcp-$O@`WKbaAUtXM~%yQ})Tej0WLEYW%x1iPOV#+)1Iet%6U#!+m5 zY~V+@vS3a9ho8S|YQD*d$-Wev{>=NnLvxs@=X=bv`N8)Ggaa@MN`M}quuImh_h-jW zD8>r6p}PUWci+3?Q`D}2^qRaEd+K?I9k#3l?2?n6zj@*M5$)-hd&H(7!+OAAy^FKJ zBvRkGFj`vL=i<%I7R%KR<#F3-uM<=@u-Kn)zIk`deR&vMsMkERufD%qiN_!Sv9F^%f(}iSrt{Q9(r|dEB2GJZfuNVlgu{iE^=<6MPcx#%F{c?l8}@(krmm;X<8aL4|uIuibVRq zpBuI+HXi-)Lhilv4MC4 z>;$qe9KFYJ5?q)1YSbxpM2wUzsXOOULa^&4%e8kNZ<#^7%()H%r~kLFe+3D;_x?-u zx2zGj!HY0&T1Nb_0LbTj!lV7Ti8jcx;>!6d1p+_vgb-jx_N7zAp{c*)U6~!+7T!9H zHuvWQyv~vd+c;uh;^qGQIqM^_m=5-^~%$I1!5wi_|G|&X#pu4vQj5K_3}po&&fLH zoe!|BQcDdS?tTq`kdJQtgXQcZ$@#wI$A+@Za;7tpDV0VXi6?nuCH$@Bo-}DWo2S=z z+l)G+KStuuaH>W3*(lBJc^NmkesBF?N#>~XxuV0NQ!j>Mx+`R5y)7@Cd6_FB`d+@$ z>8#&B3go}v(fy5c^1!xr6DMtQYL?ER+{Er@uix%DfUZW|s)DdYg_X^%2lr?gM2ZB3 zEl5r%#Qla|$#C~bHW(09gbnH0yYWzpNn9N=Xt*V`EPsf|-mc6`{rBvm=s&WHuzzG1 zP(w++YJ4PnSZGI@#qrLf#a#qGU1$U=efo!H)+{4q#Gf3|=B9;0Aq^)vWNX2%9#g2OOncW(RW`6#Db?VV z@>TqK3fzfk2lnaa2EXauS)~E#(H2Q+9~?U!L}EHEv0)UxiYV{!^j;Db7>ACIKkOH{ zUBQ}U?n)BS4K!bdfeg6@%1!~OTO#id;eeOQ@UkeUKeOsi6QDcCC9zfc!9mnG_HO(lYuss3bTGH@E##hekO zFA@_&2F7rK0a5Z%cihq+DGvHdg>7*RRNZ$u)hF)5Os&(~;+f8dO>nQ)S`@E6Umae+ zx`vH)*}<-8_S(zwjaL{u?$I$wkC7VgRM!qJon6}kFB;@q*HNrU*Ads2k0E!H zY9pPG+q_x7yU$hD%3)50TY9z&Bg(VCQoZ^$pAjS30;@{NVmNL=D93aUjtoqjq}OP= z> zaTWOn)82wZ?g!*uTY+fN_0I{OllYtF8Vs3P2arZHQG7Z3rCZ!*CGes6sYbnZ-+?A( z6;c|}a_+4?Wdo3!k9zRQ__6a*9b8n_K%@MJkHgE-qVaa0;ygxYbN51RS}lijqecTV zth$Y!Sw#di-$6adRT!E-3n#bRUtNC7+hvLM5q3c(>U?=_;M(gkAttd{6=C<*z3f`M znqHwiI#v7VdjWM&xejT+xQc5rIJtK;kE^+s7pfD#?)Pf>CEGLlF0Hb!(-w;ELE{8=n8U3Ixm^ z!qFP))OqmJbc-rfWvVO^-^%1b=>E{#rpI?ps#SGK1q&vnF^}0(tLe7 z=sJ@oT7rezybz!^iTJC5#sW;Mm3D*0Ze0C)SQ+rX)DM8EV|Jjsmb!A^_Msr&aQUZ# zF#J^AMnL-*6gFkA8TiCkDC_a_Di4VIksnQ&x$p6S|G=e&4~FthU*SiJB&M28dryg5 zJ;m`3?C?@3H!%yabTJ`VeX zB>8KJ0R?onyUbA1#HD$Q&BA(!f~G5_C&0qE2l{%uMWWBA9R1}jH(DlF{h!0PW-7#8 zt2VA)y7u~xroNR%vSfLI$OXIzpE?inQCKB(ENdy4EAID8WYpCt@c1si-EDisI9kH>bKvXW z;ldgqTlo%5D4{M#n zzb_X-8#y>&{5rR)oD0S|C z`UNWxJ{K4=11W6~*fLV*DBl7=3{%>9B}VBp5j z{ua^(NSePqo;7gXT^4L~0`WyLjx)4`-vcB$Luo5Nx$VFx*ZKn>1~mYZ|MTCn;d=k_ ze82s2|I}<%Ecw5i?0)C`)&wBj0~DS3Um`c`0hh%b_SXl5{I$^#Lwj-suIQa@Pd5qAevF6K?cQMi&@Di! z6*;qf320t8jr}=D{;&44!lvAOY7u;4XvC^~c+{%PE-|-AT9zAo&gq1U^JTb^UkHUw z%LeQ3Q*j~)T_*s0ZYmb{P1Jvd!tM9942?Mf2AIXfvflh5Xn8Pn;VXm-LJ18}B1yoo zkpdAg+f4wc8Ok7-;fv$$f&GJOfi@9d z--^ou;uw&>+}JZs{-5`fnSCt7Ur7|Mp?sJCO7MTWG=b|+lK_mpHM9jB=T#ft;u)Ab z#1LM_isaI1Ng;*`%mrXy{^wr`at6#*+8aSTKbEH@2EN`UAYfBEe~A9)YlEd?p`NlR zQo*P55#>3Af=jrm5$vS!m>~5AxFc9+-n*=*BLCD}zt^Rear&x=s}LzP8g#Pm(Wfl@ zfQAApp0M>jxZ^|IxHdn<lu*Datnc#f#qtsndbD||A4en$a z-fV!M#Fv}FyW za6U)fyY{BcTIEcy-Aq zb77?@k2mT$SaM;MK!XhY5)rQdUU-a$Kr1rOS(4&w`loF?y+lTkH6EVIRTmBW^UTTU-d(j@)E zdn+sKT8kpwzLQJeGAIgwn}?IY9=OPLK7wp8ksaY`+Yyd;RjFxt_Jqfr{n()YED$^F zZ|-7v-1tuJhqlwUYwtVeVzzL%F(89fMiU_pvymY%qgtqSC)F7{hp-&xO(Qightf1^ z4;*;AzoW5CGu6{q!Q*qk=O{fZh($5}`E$2E-gZ}xvzM*5X02xB;_p*1peFn8egEH| P{db%EAB+L9UxWVxL3iyr literal 0 HcmV?d00001 diff --git a/dev-docs/security-overview.md b/dev-docs/security-overview.md new file mode 100644 index 000000000..0c6b0e4af --- /dev/null +++ b/dev-docs/security-overview.md @@ -0,0 +1,236 @@ +# Constellation - Security Protocols Overview + +The security of Constellation is based on a set of protocols. +The protocols are outlined in the following. +The following diagram sketches the basic trust relationships between the entities in a Constellation cluster. +![chain of trust](chain-of-trust.jpg) + +## Software components + +Abstractly, the Constellation software comprises three core components: +1. The command-line interface (CLI) executable, which is run by the cluster administrator on their local machine. +2. The node images, which are run inside Confidential VMs (CVMs). +Among other, each node image contains a Linux kernel and a user mode program called Bootstrapper. +3. The Constellation service containers, which are run on Kubernetes. +There are three core services: KeyService, JoinService, and VerificationService. + +## CLI: root of trust +The CLI executable is signed by Edgeless Systems. +To ensure non-repudiability for CLI releases, Edgeless Systems publishes corresponding signatures to the public ledger of the [Sigstore project](https://www.sigstore.dev/). +There's a [step-by-step guide](https://docs.edgeless.systems/constellation/workflows/verify-cli) on how to verify CLI signatures based on Sigstore. + +The CLI contains the [measurements](https://github.com/edgelesssys/constellation/blob/edc0c7068ef4527efeaf584a2a35e0f51f58c426/internal/attestation/measurements/measurements_enterprise.go#L21) of the latest Constellation node image for all supported cloud platforms. +The CLI writes these measurements as part of the *attestation config* to a cluster's config file with the ["config generate" command](https://docs.edgeless.systems/constellation/workflows/config). +Note that Constellation currently uses 16 TPM-based runtime measurements for each cloud platform. +The purpose and source of the measurements are described in the [next section](#remote-attestation-of-nodes). +In addition to the measurements, the attestation config contains expected patch levels for the CPU microcode and the X.509 certificate of the CPU vendor's remote attestation infrastructure. +An example of an attestation config is given [below](#attestation-config). + +In case a different version of the node image is to be used, the corresponding measurements can be fetched using the CLI's ["config fetch-measurements" command](reference/cli#constellation-config-fetch-measurements). +This command downloads the measurements and the corresponding signature from Edgeless Systems from https://cdn.confidential.cloud. +See for example the following files corresponding to node image v2.16.3: +* [Measurements](https://cdn.confidential.cloud/constellation/v2/ref/-/stream/stable/v2.16.3/image/measurements.json) +* [Signature](https://cdn.confidential.cloud/constellation/v2/ref/-/stream/stable/v2.16.3/image/measurements.json.sig) + +In addition to the attestation config, the CLI contains the following data in hardcoded form: +* The [long-term public key of Edgeless Systems](https://github.com/edgelesssys/constellation/blob/edc0c7068ef4527efeaf584a2a35e0f51f58c426/internal/constants/constants.go#L264) to verify the signature of downloaded measurements. +* The [hashes of the expected Kubernetes binaries](https://github.com/edgelesssys/constellation/blob/edc0c7068ef4527efeaf584a2a35e0f51f58c426/internal/versions/versions.go#L199). +* The [Helm charts used for the installation of services](https://github.com/edgelesssys/constellation/tree/main/internal/constellation/helm/charts), which include hashes of the respective containers. +Note that the Helm charts and the hashes are [generated at build time](https://github.com/edgelesssys/constellation/blob/main/internal/constellation/helm/imageversion/imageversion.go). +A future version of the CLI will provide a command to print the Helm charts. + +## Cluster creation + +When a cluster is [created](https://docs.edgeless.systems/constellation/workflows/create), the CLI interacts with the API of the respective infrastructure provider, for example Azure, and launches CVMs with the applicable node image. +These CVMs are called *nodes*. +On each node, the Bootstrapper is launched. + +The CLI automatically selects one of the nodes as *first node*. +The CLI automatically verifies the first node's remote-attestation statement using the attestation config. +Details on remote attestation are given in the [next section](#remote-attestation-of-nodes). + +Based on the remote-attestation statement, the CLI and the Bootstrapper running on the first node set up a temporary TLS connection between them. +We refer to this type of connection as "attested TLS" (aTLS). +This connection is mainly used for three things (see the the [interface definition](https://github.com/edgelesssys/constellation/blob/main/bootstrapper/initproto/init.proto) for a comprehensive list of exchanged data): +1. The CLI sends the hashes of the expected Kubernetes binaries to the first node. +2. The CLI generates the [master secret](../architecture/keys.md#master-secret) of the to-be-created cluster and sends it to the first node. +3. The first node generates a [kubeconfig file](https://www.redhat.com/sysadmin/kubeconfig) and sends it to the CLI. +The kubeconfig file contains Kubernetes credentials for the CLI and the Kubernetes cluster's public key, among others. + +After this, the aTLS connection is closed and the Bootstrapper marks the node irrevocably as "initialized". +This mechanism prevents a node from accidentally or maliciously joining different clusters. +On all supported CVM platforms this is currently implemented by *extending* TPM register 15 with the unique ID of the cluster (`clusterID`). +More information can be found in the [Constellation documentation](https://docs.edgeless.systems/constellation/architecture/keys#cluster-identity). + +For [launch digest-based attestation](#remote-attestation-of-nodes) on future CVM platforms, an alternative would be to extend `clusterID` to the so called RTMR registers of Intel TDX. +TDX provides four RTMRs, which are automatically included in the `auxiliary data` part of a remote-attestation statement. +For AMD SEV-SNP, a different solution exists. + +## Remote attestation of nodes + +To identify themselves, nodes use the remote-attestation functionality of the underlying CVM platform. +Constellation supports Intel TDX and AMD SEV-SNP based platforms. +Abstractly, Intel TDX and AMD SEV-SNP hash the initial memory contents of the CVMs. +This hash is also called `launch digest`. +The launch digest is reflected in each remote-attestation statement that is requested by the software inside the CVM. +Abstractly, a remote-attestation statement `R` from a CVM looks as follows: + +``` +R = Sig-CPU(, , ) +``` + +The `payload` is controlled by the software running inside the CVM. +In the case of a Constellation node, the `payload` is always the public key of the respective Bootstrapper running inside the CVM. +Thus, `R` can be seen as a certificate for that public key issued by the CPU. +Based on this, nodes establish attested TLS (aTLS) connections. +aTLS is used during [cluster creation](#cluster-creation) and when [growing a cluster](#cluster-growth). + +### Measurements + +In the ideal case, the underlying CVM platform does not inject any of its own software into a CVM. +In that case, a Constellation node image can contain its own firmware/UEFI. +This allows for the creation of node images for which the launch digest covers all defining parts of a node, including the firmware, the kernel, the kernel command line, and the disk image. +In this case, the launch digest is the only measurement that's required to verify the identity and integrity of a node. + +### Measured Boot as fallback + +However, currently, all supported CVM platforms (AWS, Azure, and GCP) inject custom firmware into CVMs. +Thus, in practice, Constellation relies on conventional [measured boot](https://docs.edgeless.systems/constellation/architecture/images#measured-boot) to reflect the identity and integrity of nodes. + +In measured boot, in general, the software components involved in the boot process of a system are "measured" into the 16 registers of a Trusted Platform Module (TPM). +The values of these registers are also called "runtime measurements". +All supported CVM platforms provide TPMs to CVMs. +Constellation nodes use these to measure their boot process. +They include the 16 runtime measurements as `auxiliary data` in `R`. +On each CVM platform, runtime measurements are taken differently. +Details on this are given in the [Constellation documentation](https://docs.edgeless.systems/constellation/architecture/attestation#runtime-measurements). + +With measured boot, Constellation only checks the 16 runtime measurements during the verification of a node's remote-attestation statement. +The launch digest is not considered, because it only covers the firmware injected by the CVM platform and may change whenever the CVM platform is updated. +Currently, on AWS and GCP the TPM implementation resides outside the CVM. +On Azure, the TPM implementation is part of the injected firmware and resides inside the CVM. +More information can be found in the [Constellation documentation](https://docs.edgeless.systems/constellation/overview/clouds). + +## Kubernetes bootstrapping on the first node + +The Bootstrapper on the first node downloads and verifies the Kubernetes binaries, using the hashes it received from the CLI. +These binaries include for example [kubelet](https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/), [kube-apiserver](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/), and [etcd](https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/). +With these, the Bootstrapper creates a single-node Kubernetes cluster. +Etcd is a distributed key-value store that Kubernetes uses to store configuration data for services. +The etcd agent runs on each control-plane node of a cluster. +The agents use mTLS for communication between them. +Etcd uses the Raft protocol (over mTLS) to distribute state between nodes. +All essential configuration data of a cluster is kept in etcd. + +Initially, the Bootstrapper on the first node [writes](https://github.com/edgelesssys/constellation/blob/d65987cb15cf9ebdbbd2975f177937c1acbc90f8/bootstrapper/internal/kubernetes/kubernetes.go#L173) the hashes of the expected Kubernetes binaries to a specific key in etcd. + +Next, the CLI the connects to the Kubernetes API server (kube-apiserver) using the kubeconfig file it received from the Bootstrapper. +This results in an mTLS connection between the CLI and the Kubernetes API server. +The CLI uses this connection for two essential operations at the Kubernetes level: + +1. It writes the attestation config to a specific key in etcd. +1. It executes the [hardcoded Helm charts](#cli-root-of-trust), which, most notably, install the three core services KeyService, JoinService, and VerificationService, the [constellation-node-operator](https://github.com/edgelesssys/constellation/tree/main/operators/constellation-node-operator), and a small number of standard services like Cilium and cert-manager. + +The latter causes the first node to download, verify, and run the containers defined in the Helm charts. +The containers that are specific to Constellation are hosted at https://ghcr.io/edgelesssys. + +After this, the Constellation cluster is operational on the first node. + +## Cluster growth + +Additional nodes can now join the cluster - either as control-plane nodes or as worker nodes. +For both, the process for joining the cluster is identical. +First, the Bootstrapper running on a *new node* contacts the JoinService of the existing cluster. +The JoinService verifies the remote-attestation statement of the new node using the attestation config stored in etcd. +On success, an aTLS connection between the two is created, which is used mainly for the following (see the the [interface definition](https://github.com/edgelesssys/constellation/blob/main/joinservice/joinproto/join.proto) for a comprehensive list of exchanged data): + +1. The new node sends a certificate signing request (CSR) for its *node certificate* to the JoinService. +1. The JoinService issues a corresponding certificate with a lifetime of one year and sends it to the new node. +The JoinService uses the signing key of the Kubernetes cluster for this, which is [generated by kubeadm](https://kubernetes.io/docs/setup/best-practices/certificates/). Note that the lifetime of the node certificate is a best practice only, as Constellation relies on the untrusted infrastructure to provide time when validating certificates. +1. The JoinService sends a [kubeadm token](https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-token/) to the new node. +1. The JoinService sends the hashes of the expected Kubernetes binaries to the new node. +1. The JoinService sends encryption key for the new node's local storage. +This key is generated and managed by the cluster's KeyService. +1. The JoinService sends the certificate of the cluster's control plane to the new node. + +After this, the aTLS connection is closed and the node is marked as "initialized" in the same way as described [above](#cluster-creation). + +The Bootstrapper downloads, verifies, and runs the given Kubernetes binaries. +Further, the Bootstrapper uses the kubeadm token to download the configuration of the cluster from the Kubernetes API server. +The kubeadm token is never used after this. + +The kubelet on the new node uses its own node certificate and the certificate of the cluster's control plane (which the new node both received from the JoinService) to establish an mTLS connection with the cluster's Kubernetes API server. +Once connected, the new node registers itself as control-plane node or worker node of the cluster. +This process uses the standard Kubernetes mechanisms for adding nodes. + +In Constellation, a virtual private network (VPN) exists between all nodes of a cluster. +This VPN is created with the help of Cilium. +To join this VPN, the new node generates WireGuard credentials for itself and writes the public key to etcd via the mTLS connection with the Kubernetes API server. +It also downloads the public keys of existing nodes from etcd. +Subsequently, the Cilium agents running on other nodes fetch the new node's public key from etcd as well. + +Note that etcd communication between nodes is an exception: This traffic always goes via mTLS based on node certificates. + +## Cluster upgrade + +Whenever a cluster is [upgraded](https://docs.edgeless.systems/constellation/workflows/upgrade), the CLI connects to the Kubernetes API server and, essentially, updates the following data in etcd: + +1. The attestation config +1. The hashes of the expected Kubernetes binaries + +Further, the CLI applies updated Helm charts to update the cluster's services. +Again, these Helm charts are hardcoded in the CLI. +See the [implementation](https://github.com/edgelesssys/constellation/blob/d65987cb15cf9ebdbbd2975f177937c1acbc90f8/cli/internal/cmd/apply.go#L358) of the `apply()` function for a sequence diagram of all steps. +Subsequently, the constellation-node-operator replaces existing nodes with new ones. +New nodes go through the [usual process for joining the cluster](#cluster-growth). + +## Examples + +This section gives real life examples of key data structures and the corresponding commands to retrieve those. + +### Attestation config + +```bash +kubectl -n kube-system get cm join-config -o json +``` +```json +{ + "apiVersion": "v1", + "binaryData": { + "measurementSalt": "2A4Fzfdr/61XbJvk1PDqzh0R4rVnEujyXudsfgRZzUY=" + }, + "data": { + "attestationConfig": "{\"measurements\":{\"1\":{\"expected\":\"3695dcc55e3aa34027c27793c85c723c697d708c42d1f73bd6fa4f26608a5b24\",\"warnOnly\":true},\"11\":{\"expected\":\"f09cef0d077127fb26bc8d013fc09e13afbb70f0f734ced98f46666544998efe\",\"warnOnly\":true},\"12\":{\"expected\":\"0000000000000000000000000000000000000000000000000000000000000000\",\"warnOnly\":true},\"13\":{\"expected\":\"0000000000000000000000000000000000000000000000000000000000000000\",\"warnOnly\":true},\"14\":{\"expected\":\"0000000000000000000000000000000000000000000000000000000000000000\",\"warnOnly\":true},\"15\":{\"expected\":\"0000000000000000000000000000000000000000000000000000000000000000\",\"warnOnly\":true},\"2\":{\"expected\":\"3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969\",\"warnOnly\":true},\"3\":{\"expected\":\"3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969\",\"warnOnly\":true},\"4\":{\"expected\":\"e5020193148fbad0dbaf618fb3ef15665c72ff87a54e24b2d8f5bdf9719bb50b\",\"warnOnly\":true},\"6\":{\"expected\":\"3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969\",\"warnOnly\":true},\"8\":{\"expected\":\"0000000000000000000000000000000000000000000000000000000000000000\",\"warnOnly\":true},\"9\":{\"expected\":\"37ef16fd0ae8d2fb3b1914f0b8ff046e765b57fec6739d2ebf1fd4d182071437\",\"warnOnly\":true}},\"bootloaderVersion\":\"latest\",\"teeVersion\":\"latest\",\"snpVersion\":\"latest\",\"microcodeVersion\":\"latest\",\"amdRootKey\":\"-----BEGIN CERTIFICATE-----\\nMIIGYzCCBBKgAwIBAgIDAQAAMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAIC\\nBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBMHsxFDAS\\nBgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzEUMBIGA1UEBwwLU2FudGEg\\nQ2xhcmExCzAJBgNVBAgMAkNBMR8wHQYDVQQKDBZBZHZhbmNlZCBNaWNybyBEZXZp\\nY2VzMRIwEAYDVQQDDAlBUkstTWlsYW4wHhcNMjAxMDIyMTcyMzA1WhcNNDUxMDIy\\nMTcyMzA1WjB7MRQwEgYDVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDAS\\nBgNVBAcMC1NhbnRhIENsYXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5j\\nZWQgTWljcm8gRGV2aWNlczESMBAGA1UEAwwJQVJLLU1pbGFuMIICIjANBgkqhkiG\\n9w0BAQEFAAOCAg8AMIICCgKCAgEA0Ld52RJOdeiJlqK2JdsVmD7FktuotWwX1fNg\\nW41XY9Xz1HEhSUmhLz9Cu9DHRlvgJSNxbeYYsnJfvyjx1MfU0V5tkKiU1EesNFta\\n1kTA0szNisdYc9isqk7mXT5+KfGRbfc4V/9zRIcE8jlHN61S1ju8X93+6dxDUrG2\\nSzxqJ4BhqyYmUDruPXJSX4vUc01P7j98MpqOS95rORdGHeI52Naz5m2B+O+vjsC0\\n60d37jY9LFeuOP4Meri8qgfi2S5kKqg/aF6aPtuAZQVR7u3KFYXP59XmJgtcog05\\ngmI0T/OitLhuzVvpZcLph0odh/1IPXqx3+MnjD97A7fXpqGd/y8KxX7jksTEzAOg\\nbKAeam3lm+3yKIcTYMlsRMXPcjNbIvmsBykD//xSniusuHBkgnlENEWx1UcbQQrs\\n+gVDkuVPhsnzIRNgYvM48Y+7LGiJYnrmE8xcrexekBxrva2V9TJQqnN3Q53kt5vi\\nQi3+gCfmkwC0F0tirIZbLkXPrPwzZ0M9eNxhIySb2npJfgnqz55I0u33wh4r0ZNQ\\neTGfw03MBUtyuzGesGkcw+loqMaq1qR4tjGbPYxCvpCq7+OgpCCoMNit2uLo9M18\\nfHz10lOMT8nWAUvRZFzteXCm+7PHdYPlmQwUw3LvenJ/ILXoQPHfbkH0CyPfhl1j\\nWhJFZasCAwEAAaN+MHwwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSFrBrRQ/fI\\nrFXUxR1BSKvVeErUUzAPBgNVHRMBAf8EBTADAQH/MDoGA1UdHwQzMDEwL6AtoCuG\\nKWh0dHBzOi8va2RzaW50Zi5hbWQuY29tL3ZjZWsvdjEvTWlsYW4vY3JsMEYGCSqG\\nSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZI\\nAWUDBAICBQCiAwIBMKMDAgEBA4ICAQC6m0kDp6zv4Ojfgy+zleehsx6ol0ocgVel\\nETobpx+EuCsqVFRPK1jZ1sp/lyd9+0fQ0r66n7kagRk4Ca39g66WGTJMeJdqYriw\\nSTjjDCKVPSesWXYPVAyDhmP5n2v+BYipZWhpvqpaiO+EGK5IBP+578QeW/sSokrK\\ndHaLAxG2LhZxj9aF73fqC7OAJZ5aPonw4RE299FVarh1Tx2eT3wSgkDgutCTB1Yq\\nzT5DuwvAe+co2CIVIzMDamYuSFjPN0BCgojl7V+bTou7dMsqIu/TW/rPCX9/EUcp\\nKGKqPQ3P+N9r1hjEFY1plBg93t53OOo49GNI+V1zvXPLI6xIFVsh+mto2RtgEX/e\\npmMKTNN6psW88qg7c1hTWtN6MbRuQ0vm+O+/2tKBF2h8THb94OvvHHoFDpbCELlq\\nHnIYhxy0YKXGyaW1NjfULxrrmxVW4wcn5E8GddmvNa6yYm8scJagEi13mhGu4Jqh\\n3QU3sf8iUSUr09xQDwHtOQUVIqx4maBZPBtSMf+qUDtjXSSq8lfWcd8bLr9mdsUn\\nJZJ0+tuPMKmBnSH860llKk+VpVQsgqbzDIvOLvD6W1Umq25boxCYJ+TuBoa4s+HH\\nCViAvgT9kf/rBq1d+ivj6skkHxuzcxbk1xv6ZGxrteJxVH7KlX7YRdZ6eARKwLe4\\nAFZEAwoKCQ==\\n-----END CERTIFICATE-----\\n\",\"amdSigningKey\":\"\"}" + }, + "kind": "ConfigMap", + "metadata": { + "creationTimestamp": "2024-09-25T11:11:50Z", + "name": "join-config", + "namespace": "kube-system", + "resourceVersion": "387", + "uid": "fdd0d5eb-cf58-4608-99c9-eede08895615" + } +} +``` +### Hashes of Kubernetes binaries +```bash +kubectl -n kube-system get cm k8s-components-sha256-7b73c7675df78e5753b6e0fc86a9982127fd16141837599d5ce16df6bfe6a2a0 -o json +``` +```json +{ + "apiVersion": "v1", + "data": { + "cluster-version": "v1.29.8", + "components": "[{\"url\":\"https://github.com/containernetworking/plugins/releases/download/v1.4.0/cni-plugins-linux-amd64-v1.4.0.tgz\",\"hash\":\"sha256:c2485ddb3ffc176578ae30ae58137f0b88e50f7c7f2af7d53a569276b2949a33\",\"install_path\":\"/opt/cni/bin\",\"extract\":true},{\"url\":\"https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz\",\"hash\":\"sha256:d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb\",\"install_path\":\"/run/state/bin\",\"extract\":true},{\"url\":\"https://storage.googleapis.com/kubernetes-release/release/v1.29.8/bin/linux/amd64/kubelet\",\"hash\":\"sha256:df6e130928403af8b4f49f1197e26f2873a147cd0e23aa6597a26c982c652ae0\",\"install_path\":\"/run/state/bin/kubelet\"},{\"url\":\"https://storage.googleapis.com/kubernetes-release/release/v1.29.8/bin/linux/amd64/kubeadm\",\"hash\":\"sha256:fe054355e0ae8dc35d868a3d3bc408ccdff0969c20bf7a231ae9b71484e41be3\",\"install_path\":\"/run/state/bin/kubeadm\"},{\"url\":\"https://storage.googleapis.com/kubernetes-release/release/v1.29.8/bin/linux/amd64/kubectl\",\"hash\":\"sha256:038454e0d79748aab41668f44ca6e4ac8affd1895a94f592b9739a0ae2a5f06a\",\"install_path\":\"/run/state/bin/kubectl\"},{\"url\":\"data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjI5LjhAc2hhMjU2OjZmNzJmYTkyNmM5YjA1ZTEwNjI5ZmUxYTA5MmZkMjhkY2Q2NWI0ZmRmZDBjYzdiZDU1Zjg1YTU3YTZiYTFmYTUifV0=\",\"install_path\":\"/opt/kubernetes/patches/kube-apiserver+json.json\"},{\"url\":\"data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjI5LjhAc2hhMjU2OjZmMjdkNjNkZWQyMDYxNGM2ODU1NGI0NzdjZDdhNzhlZGE3OGE0OThhOTJiZmU4OTM1Y2Y5NjRjYTViNzRkMGIifV0=\",\"install_path\":\"/opt/kubernetes/patches/kube-controller-manager+json.json\"},{\"url\":\"data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjI5LjhAc2hhMjU2OmRhNzRhNjY2NzVkOTVlMzllYzI1ZGE1ZTcwNzI5ZGE3NDZkMGZhMGIxNWVlMGRhODcyYWM5ODA1MTliYzI4YmQifV0=\",\"install_path\":\"/opt/kubernetes/patches/kube-scheduler+json.json\"},{\"url\":\"data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2V0Y2Q6My41LjEyLTBAc2hhMjU2OjQ0YThlMjRkY2JiYTM0NzBlZTFmZWUyMWQ1ZTg4ZDEyOGM5MzZlOWI1NWQ0YmM1MWZiZWY4MDg2ZjhlZDEyM2IifV0=\",\"install_path\":\"/opt/kubernetes/patches/etcd+json.json\"}]" + }, + "immutable": true, + "kind": "ConfigMap", + "metadata": { + "creationTimestamp": "2024-09-25T11:11:50Z", + "name": "k8s-components-sha256-7b73c7675df78e5753b6e0fc86a9982127fd16141837599d5ce16df6bfe6a2a0", + "namespace": "kube-system", + "resourceVersion": "356", + "uid": "6389c186-3bc8-4470-8af5-f6fed1addd69" + } +} +``` \ No newline at end of file diff --git a/docs/docs/workflows/upgrade.md b/docs/docs/workflows/upgrade.md index 7348c0dbc..3db2ecad6 100644 --- a/docs/docs/workflows/upgrade.md +++ b/docs/docs/workflows/upgrade.md @@ -1,6 +1,6 @@ # Upgrade your cluster -Constellation provides an easy way to upgrade all components of your cluster, without disrupting it's availability. +Constellation provides an easy way to upgrade all components of your cluster, without disrupting its availability. Specifically, you can upgrade the Kubernetes version, the nodes' image, and the Constellation microservices. You configure the desired versions in your local Constellation configuration and trigger upgrades with the `apply` command. To learn about available versions you use the `upgrade check` command. From bd31361d3d0c91159fe4e28e7ec4bfc40100c60a Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Fri, 4 Oct 2024 17:01:18 +0200 Subject: [PATCH 279/380] image: retire idle=poll option for AWS (#3387) --- image/system/variants.bzl | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/image/system/variants.bzl b/image/system/variants.bzl index cfc8c5392..4b9044383 100644 --- a/image/system/variants.bzl +++ b/image/system/variants.bzl @@ -57,8 +57,7 @@ csp_settings = { "kernel_command_line_dict": { "console": "ttyS0", "constel.csp": "aws", - "idle": "poll", - "mitigations": "auto", + "mitigations": "auto,nosmt", }, }, "azure": { From cecc57f99301ec5a5fcd5352449e327fba3c13ff Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Mon, 7 Oct 2024 08:45:03 +0200 Subject: [PATCH 280/380] image: update measurements and image version (#3386) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index 3d549dd2e..c563bb6b8 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x56, 0x40, 0x05, 0xe9, 0xdf, 0xfc, 0xa8, 0x03, 0x0e, 0xd5, 0x11, 0x1f, 0x60, 0xe2, 0x34, 0x04, 0x14, 0xda, 0xdd, 0x14, 0xc2, 0x02, 0xca, 0x53, 0x96, 0x91, 0x7f, 0x3c, 0xe7, 0x4a, 0x27, 0x42}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x66, 0xf8, 0x7b, 0x42, 0x13, 0x21, 0x48, 0x21, 0xe9, 0xac, 0x4b, 0xf9, 0xae, 0x8e, 0xeb, 0x44, 0x53, 0x10, 0xb0, 0x81, 0x56, 0x3e, 0xf6, 0xcd, 0xb4, 0xf6, 0x20, 0xc0, 0x7e, 0x8a, 0xf5, 0x98}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x06, 0xbd, 0x38, 0x92, 0x15, 0x82, 0x23, 0xf7, 0xca, 0xcd, 0xbd, 0x4c, 0x89, 0x1f, 0xeb, 0x51, 0x25, 0xc1, 0xe0, 0x0b, 0x5a, 0x73, 0x63, 0x1e, 0xd2, 0x64, 0xea, 0xc4, 0xc6, 0xc0, 0xe0, 0xe6}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xa3, 0x9c, 0xab, 0xe4, 0xcd, 0xac, 0x2d, 0xa6, 0xda, 0xc6, 0x41, 0x3a, 0x61, 0x1c, 0x66, 0x55, 0x62, 0xf8, 0x48, 0x37, 0x98, 0x51, 0xaa, 0x00, 0x60, 0x40, 0xf9, 0x42, 0x5b, 0x7b, 0xd0, 0x45}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x44, 0x78, 0x29, 0x18, 0x19, 0x5f, 0xd2, 0x3d, 0xb5, 0xd6, 0x62, 0x56, 0x21, 0xfe, 0x5e, 0x5c, 0xaf, 0x94, 0xa8, 0x26, 0x5e, 0x78, 0xa5, 0x65, 0xd7, 0xee, 0x7f, 0xef, 0x33, 0xfe, 0xbe, 0x37}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xc7, 0xfa, 0x35, 0xfe, 0xd7, 0x83, 0x48, 0xe4, 0x02, 0xbc, 0x5e, 0x3c, 0x55, 0xae, 0x4e, 0x4f, 0xdb, 0x77, 0x34, 0x5b, 0xe0, 0x9a, 0x89, 0xd3, 0xc7, 0x6f, 0x85, 0x2a, 0x46, 0xe4, 0xfb, 0x1d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xe8, 0x0e, 0xaf, 0xb3, 0x15, 0x13, 0xa3, 0x70, 0x30, 0x40, 0xfb, 0xc5, 0xe0, 0x2f, 0xde, 0x64, 0x81, 0xe0, 0x98, 0x30, 0x35, 0xe7, 0x53, 0x10, 0x7b, 0xc7, 0x0e, 0x3b, 0xef, 0x26, 0xd7, 0xec}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xe1, 0x6d, 0xaa, 0x9e, 0x00, 0x57, 0x98, 0xf0, 0xc9, 0xec, 0x7b, 0xa0, 0x23, 0x28, 0x52, 0xbe, 0x85, 0xe1, 0xac, 0x86, 0x71, 0x6b, 0x58, 0xbd, 0x75, 0x6e, 0x7e, 0xa3, 0xe0, 0xf1, 0xb3, 0x91}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xaa, 0xfd, 0x73, 0x5e, 0xbd, 0x95, 0x79, 0xca, 0xdf, 0x08, 0xb8, 0x97, 0xb9, 0x7c, 0xf2, 0x2d, 0xa8, 0x62, 0xb4, 0x1b, 0x27, 0x07, 0x7d, 0x56, 0x58, 0x0a, 0x09, 0x1b, 0x5d, 0xf7, 0x01, 0xc9}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xd0, 0xae, 0xa3, 0xc8, 0x13, 0x0e, 0xda, 0x46, 0x12, 0x3f, 0xc6, 0x30, 0xa9, 0x11, 0x05, 0xf6, 0xcc, 0x7b, 0x8c, 0xa2, 0xbd, 0x6b, 0xc8, 0x4b, 0xd6, 0xbc, 0x35, 0x2c, 0xc6, 0x6f, 0x77, 0x56}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x56, 0x0f, 0x5d, 0x11, 0x90, 0x4f, 0xaa, 0x8a, 0xb0, 0x92, 0xb5, 0x04, 0x10, 0xb5, 0x23, 0x18, 0xe5, 0x05, 0xef, 0xc9, 0xc6, 0x90, 0x99, 0x2d, 0x62, 0x59, 0x81, 0x30, 0xb9, 0x91, 0x50, 0x5b}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x28, 0x02, 0x8f, 0x57, 0x77, 0xce, 0xf6, 0x8d, 0x6c, 0x34, 0x50, 0x16, 0x43, 0x7d, 0x10, 0x04, 0xbf, 0xf2, 0x7d, 0x47, 0x0c, 0x85, 0xe9, 0x8d, 0x8f, 0xc7, 0xab, 0xd6, 0xf7, 0x03, 0xd6, 0xfd}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xd3, 0x01, 0xba, 0x77, 0x44, 0xeb, 0xc4, 0x63, 0x2c, 0xec, 0x1b, 0xfa, 0x26, 0x41, 0x5f, 0x95, 0x59, 0x3a, 0xff, 0xb3, 0x35, 0x32, 0xbd, 0xc1, 0xa1, 0xe7, 0x3a, 0xd6, 0xa7, 0x3f, 0x43, 0xae}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xbc, 0x7d, 0x4f, 0x6a, 0x2c, 0x73, 0x24, 0x20, 0xd5, 0x7e, 0x62, 0x3e, 0x0b, 0x14, 0x4a, 0xb9, 0x16, 0xe5, 0xd1, 0xc0, 0x6a, 0xa4, 0xb7, 0x90, 0xc4, 0x33, 0x11, 0xdd, 0xc6, 0xd8, 0x6f, 0x18}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa5, 0x0f, 0xf3, 0xde, 0xf6, 0x77, 0x5f, 0xfc, 0xe0, 0x41, 0xf8, 0x79, 0xa9, 0xc4, 0x20, 0x92, 0x5b, 0xa3, 0x0d, 0x32, 0x64, 0x52, 0xbe, 0x04, 0xc5, 0x3f, 0x6d, 0x58, 0x58, 0x47, 0x57, 0x1d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xe5, 0xd8, 0x8e, 0xbe, 0x7f, 0x66, 0xfd, 0xb9, 0x4c, 0x1c, 0xed, 0x56, 0xf9, 0x32, 0xfa, 0x44, 0x4a, 0x65, 0x70, 0xf9, 0x56, 0xa0, 0x2d, 0xa5, 0x77, 0xdb, 0xb9, 0x9a, 0x07, 0x84, 0xf7, 0x21}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x3f, 0x1f, 0x4a, 0x96, 0xd6, 0xfa, 0x3e, 0x56, 0xf5, 0xdc, 0xbb, 0x7b, 0x48, 0x99, 0x9a, 0x10, 0x3c, 0x38, 0x32, 0x1a, 0x8c, 0x61, 0xde, 0x4b, 0xe2, 0x9d, 0x17, 0xc7, 0x9e, 0x52, 0xd7, 0xbf}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x04, 0xab, 0x6f, 0xe1, 0xd1, 0xde, 0x64, 0xfa, 0x41, 0x55, 0xa6, 0x7e, 0x2d, 0xce, 0xda, 0x69, 0x4a, 0x52, 0xab, 0xea, 0xff, 0x06, 0x30, 0xc5, 0xb7, 0xda, 0x59, 0x40, 0x4b, 0x8f, 0xb9, 0x7c}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x3f, 0x72, 0x6f, 0x69, 0xf0, 0x73, 0x24, 0xac, 0x62, 0x96, 0x8c, 0x16, 0xb7, 0x92, 0xbd, 0xdf, 0xd9, 0x5d, 0x23, 0x99, 0x0c, 0x34, 0x13, 0x57, 0x5a, 0x74, 0xa2, 0x0c, 0x7d, 0x4a, 0x29, 0x3e}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x6c, 0x32, 0xbf, 0xc3, 0xc0, 0x9e, 0x32, 0xe7, 0xbe, 0xec, 0xe2, 0xeb, 0x2b, 0xa0, 0xaf, 0xbd, 0x11, 0xd6, 0x9c, 0x46, 0xc7, 0x5a, 0xc1, 0x66, 0xed, 0xde, 0xd2, 0xba, 0x04, 0x18, 0x5e, 0xc3}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xc5, 0x30, 0xe3, 0xfb, 0xbd, 0x48, 0xaa, 0x4f, 0x9d, 0x95, 0x07, 0x3e, 0x7a, 0xe1, 0xd9, 0x9d, 0xef, 0x6b, 0x5f, 0x27, 0x9b, 0x2f, 0xe2, 0xb0, 0x18, 0x72, 0x4a, 0xb0, 0x67, 0x44, 0xb4, 0x0c}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xb9, 0x8c, 0x43, 0x3c, 0xf3, 0xc6, 0x48, 0x73, 0x11, 0x74, 0xa9, 0x8d, 0x76, 0x7b, 0x29, 0xeb, 0x9f, 0xec, 0xdb, 0xde, 0xbf, 0x54, 0x3d, 0x8f, 0xfe, 0xf7, 0x1a, 0x72, 0x61, 0x13, 0xc7, 0x3b}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x7b, 0x32, 0x1e, 0x23, 0xad, 0x5a, 0x38, 0xf6, 0x77, 0x3c, 0xd7, 0xa9, 0x3d, 0x51, 0xc9, 0x56, 0x78, 0xf4, 0x84, 0x77, 0xef, 0x4a, 0x09, 0x09, 0x08, 0xcb, 0x58, 0x06, 0xba, 0x01, 0x0e, 0x3f}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x66, 0xad, 0x71, 0x66, 0x3f, 0xdc, 0x35, 0x1c, 0x88, 0x14, 0xf7, 0x1f, 0x2e, 0x4a, 0x23, 0xdc, 0xec, 0xd0, 0x43, 0xb1, 0xed, 0x52, 0x17, 0xc4, 0x8e, 0xda, 0xa7, 0x3e, 0x14, 0x94, 0x79, 0xc3}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xab, 0x9d, 0x6d, 0x45, 0x36, 0x1a, 0xd0, 0xbd, 0xac, 0x1f, 0xd5, 0xb2, 0x64, 0xdd, 0xf8, 0xaa, 0x8f, 0x0d, 0xc9, 0x4b, 0xb2, 0x53, 0x5d, 0x36, 0x10, 0xf9, 0xfd, 0x3e, 0x43, 0x3a, 0xd8, 0x98}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x6a, 0x97, 0xa7, 0x2f, 0xb5, 0xf9, 0xd9, 0x19, 0xa1, 0xf4, 0xcc, 0xb6, 0xba, 0xd6, 0xf7, 0x10, 0x4c, 0x15, 0x24, 0xfd, 0xab, 0x9b, 0x35, 0x7a, 0x5e, 0xd4, 0xa9, 0x6e, 0xbe, 0xda, 0x69, 0xca}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x56, 0x2e, 0xeb, 0xd4, 0x36, 0x3c, 0xbc, 0x4b, 0xd7, 0x71, 0x22, 0x33, 0x57, 0x99, 0x1a, 0xbf, 0xdf, 0xa8, 0x80, 0x29, 0x61, 0xd4, 0x88, 0x85, 0x67, 0x9d, 0xeb, 0x8b, 0xed, 0xbb, 0x7d, 0x72}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xe5, 0x4d, 0xfa, 0x64, 0x24, 0x9a, 0x6c, 0xba, 0xfc, 0x8c, 0x25, 0x39, 0xdc, 0x8a, 0x7e, 0xee, 0x7c, 0xbe, 0x61, 0xb2, 0xe5, 0x54, 0x50, 0x3c, 0x1f, 0x8f, 0x94, 0xc3, 0x50, 0x61, 0xb2, 0xd4}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x36, 0xd7, 0x09, 0x9d, 0x35, 0x1a, 0xa5, 0xaa, 0xe8, 0xaa, 0xdf, 0x6f, 0x19, 0x59, 0x45, 0xeb, 0xd2, 0xdb, 0x96, 0xd4, 0xf5, 0xd2, 0xfd, 0x9f, 0x4a, 0xac, 0xbf, 0xf1, 0x79, 0x63, 0xff, 0xe0}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x4f, 0xf4, 0x42, 0x64, 0x50, 0x73, 0x5e, 0x49, 0x66, 0xcd, 0xf5, 0x72, 0xf9, 0x07, 0xe7, 0x5c, 0x8a, 0x66, 0x6c, 0xfb, 0x6b, 0xaf, 0x07, 0xf1, 0x68, 0xcb, 0xfc, 0x91, 0xc5, 0x07, 0x0d, 0xb2}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0xc5, 0xbc, 0x35, 0x74, 0x8b, 0x3f, 0xe8, 0xdb, 0x25, 0x06, 0x90, 0x60, 0xa3, 0x39, 0xae, 0x5f, 0xb4, 0xf4, 0x49, 0x38, 0x9c, 0xf7, 0x56, 0xb2, 0x1d, 0x4a, 0x03, 0x76, 0xbe, 0x46, 0xcd, 0x0f}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xee, 0x00, 0x5a, 0x78, 0x39, 0xc9, 0x46, 0x07, 0xfd, 0x16, 0x65, 0x0d, 0x52, 0x17, 0x4c, 0x10, 0x24, 0x1b, 0x5a, 0x84, 0xb2, 0x02, 0x42, 0x80, 0x20, 0xaa, 0x82, 0x7a, 0x97, 0xd0, 0xf3, 0xe8}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x2c, 0x80, 0x65, 0xf5, 0x43, 0xb0, 0xf8, 0xc2, 0x42, 0xff, 0x6f, 0xbd, 0xc1, 0x71, 0x82, 0x85, 0xcd, 0x82, 0xe6, 0x23, 0x5d, 0x1c, 0x26, 0xf6, 0x07, 0xb1, 0x3d, 0x16, 0x51, 0x5c, 0xc9, 0x3f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xc4, 0x3c, 0x72, 0x26, 0x23, 0xdc, 0x43, 0x9f, 0xfb, 0x01, 0xae, 0x5c, 0xd2, 0xa3, 0xdd, 0x91, 0x44, 0x0b, 0x51, 0x13, 0xf9, 0xef, 0x8f, 0x8d, 0xcd, 0x01, 0x15, 0x73, 0xfc, 0x59, 0x8f, 0x7d}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x85, 0x39, 0x92, 0xb3, 0x81, 0xee, 0x3c, 0x7c, 0x1c, 0x44, 0xec, 0xf0, 0xf7, 0x85, 0x81, 0x3b, 0xfd, 0xe6, 0x80, 0x28, 0x44, 0x41, 0x13, 0x44, 0x75, 0xef, 0xf4, 0x4c, 0x74, 0xa6, 0xda, 0x36}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x54, 0x9c, 0x8b, 0x8b, 0xb2, 0x98, 0xf8, 0xff, 0xfa, 0x74, 0x6e, 0xb6, 0x76, 0x3a, 0x0e, 0xb1, 0x52, 0x95, 0x4c, 0xb1, 0x5c, 0x24, 0x30, 0x73, 0xbc, 0xbb, 0xf7, 0x2e, 0x7a, 0xc6, 0x44, 0x56}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xee, 0x4e, 0x8e, 0x7e, 0x5f, 0x7a, 0xc3, 0x08, 0x6b, 0x3c, 0x3d, 0x9b, 0xd3, 0x29, 0xf3, 0xfb, 0xd2, 0xb4, 0x8a, 0x8d, 0x55, 0xf4, 0x41, 0x06, 0x7c, 0x84, 0x30, 0xae, 0xf9, 0xce, 0xe6, 0x63}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x0d, 0x25, 0x1d, 0x96, 0x33, 0xe3, 0x36, 0x1c, 0x0e, 0x15, 0x1d, 0xa5, 0xb5, 0x0c, 0xdd, 0x24, 0x3f, 0x65, 0x68, 0xbf, 0x29, 0x49, 0x01, 0x7b, 0xb3, 0x4f, 0x6c, 0x5d, 0x89, 0x25, 0x36, 0x0c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x98, 0xc2, 0x9b, 0x7d, 0x01, 0x3b, 0x69, 0x88, 0xe4, 0xd5, 0x2d, 0x0c, 0xc8, 0xd8, 0x23, 0x0f, 0x11, 0xab, 0x02, 0xa8, 0xe1, 0x6b, 0x39, 0x5f, 0x9c, 0xaa, 0x45, 0xbf, 0xe2, 0x8a, 0xf4, 0x80}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0x46, 0x58, 0xeb, 0x23, 0xf6, 0xe9, 0x24, 0xf1, 0x45, 0xc2, 0x85, 0x24, 0xc5, 0xcd, 0x67, 0x75, 0xed, 0xc2, 0x4d, 0x00, 0x51, 0xe2, 0xa0, 0x7e, 0xbd, 0xc2, 0xd8, 0x79, 0x07, 0x45, 0x64, 0xbe}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb6, 0x1c, 0x98, 0xb3, 0x1d, 0x18, 0x4c, 0xe6, 0x2e, 0x7b, 0x6e, 0xe9, 0x7d, 0x72, 0x6c, 0xc8, 0xa4, 0xe3, 0xba, 0x44, 0xfe, 0x34, 0x23, 0x91, 0x45, 0xcb, 0xc6, 0x8c, 0xa0, 0xda, 0x8a, 0x78}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf8, 0xca, 0xd9, 0xb6, 0x58, 0xfe, 0x87, 0x53, 0xa6, 0x45, 0x0a, 0xb7, 0xe1, 0x3b, 0x98, 0x42, 0x33, 0x88, 0x83, 0x0f, 0x62, 0x23, 0x6a, 0xcf, 0x90, 0xca, 0x57, 0x45, 0x98, 0x77, 0xf4, 0x79}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0x31, 0xc7, 0xd5, 0x73, 0x70, 0x28, 0x77, 0xa9, 0x4d, 0x5f, 0x40, 0x31, 0xd4, 0x08, 0x27, 0x37, 0xd4, 0xd2, 0x8b, 0x9c, 0xee, 0x1c, 0x1e, 0xb7, 0x1e, 0x94, 0x94, 0x6b, 0x62, 0xbc, 0x93, 0xfd}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xc0, 0x6b, 0xd8, 0x57, 0xdb, 0x9e, 0x5a, 0x2c, 0xe9, 0x3a, 0xb9, 0x43, 0x85, 0xdc, 0xc7, 0x85, 0x78, 0x55, 0xbc, 0xb3, 0x73, 0x40, 0x11, 0x0e, 0x3e, 0x03, 0xd1, 0x04, 0x1b, 0x84, 0x15, 0x34}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa6, 0xc5, 0xbb, 0xd9, 0x3a, 0x78, 0x9d, 0x2b, 0xad, 0xe0, 0x06, 0xf5, 0xb1, 0x86, 0xf3, 0x3e, 0x6a, 0xc6, 0x65, 0x0d, 0x83, 0xf3, 0x29, 0xde, 0x64, 0x61, 0x40, 0x12, 0xf9, 0x73, 0x3f, 0x77}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0x81, 0x0e, 0xec, 0xf2, 0xe2, 0x87, 0x17, 0xc5, 0x87, 0x28, 0x3d, 0x36, 0x7b, 0x45, 0x20, 0xf1, 0x3c, 0x55, 0x97, 0x8f, 0xbc, 0xc2, 0xe0, 0xa4, 0xbc, 0x29, 0x39, 0x1c, 0x88, 0xa1, 0x42, 0x1c}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd6, 0x25, 0xcd, 0xc3, 0x33, 0x98, 0x33, 0xf5, 0x7d, 0xcf, 0xd6, 0x3d, 0x79, 0x75, 0xb5, 0x85, 0x7d, 0x55, 0x31, 0xf2, 0x84, 0x3d, 0xfb, 0xfe, 0x56, 0x17, 0xc0, 0x0f, 0x99, 0x94, 0x0c, 0x79}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xb4, 0x48, 0x09, 0x9b, 0x7b, 0x26, 0xa0, 0x90, 0x31, 0x92, 0x4a, 0x5e, 0xcb, 0xc5, 0x8c, 0xc0, 0x98, 0xd5, 0x2a, 0xff, 0x0d, 0x6f, 0xa7, 0xcc, 0x4f, 0x97, 0x0b, 0x6f, 0x18, 0x9d, 0x01, 0xdc}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index c67d4fe69..194d172e1 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.19.0-pre.0.20240927160738-39e60596078a" + defaultImage = "ref/main/stream/nightly/v2.19.0-pre.0.20241002102227-622406de2c05" ) From da623ad3cc4ff958d8658e3b1293b27973234018 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Mon, 7 Oct 2024 09:54:36 +0200 Subject: [PATCH 281/380] image: update locked rpms (#3390) Co-authored-by: edgelessci --- image/mirror/SHA256SUMS | 70 ++++++++++++++++++++--------------------- 1 file changed, 35 insertions(+), 35 deletions(-) diff --git a/image/mirror/SHA256SUMS b/image/mirror/SHA256SUMS index 6812b0820..59dab7346 100644 --- a/image/mirror/SHA256SUMS +++ b/image/mirror/SHA256SUMS @@ -9,7 +9,7 @@ db7d946583f2a91a3301d964a5adc7afb1620e0f72c9a9033ae3a4cfc2f332ad authselect-lib 156e073308cb28a5a699d6ffafc71cbd28487628fd05471e1978e4b9a5c7a802 bash-5.2.26-3.fc40.x86_64.rpm 208ddebcd5edbff3dca54020a8a180f5410ea9b2d82c733e106992a729b4b84e bzip2-libs-1.0.8-18.fc40.i686.rpm 68a43532d10187888788625d0b6c2224ba95804280eddf2636e5ef700607e7d0 bzip2-libs-1.0.8-18.fc40.x86_64.rpm -e61d6858790314f9d9ab539c5531d2b67ce763c9e5ac6c22dd76293fec12f3f5 ca-certificates-2023.2.62_v7.0.401-6.fc40.noarch.rpm +1afcf80d5e7b22ee512ec9f24b4f2b148888ef95af3486cf48f2204c3406b12d ca-certificates-2024.2.69_v8.0.401-1.0.fc40.noarch.rpm 99d4976979c8b9d18c9d2d686de77882dc6a4e72ebfe358fb9a37a83f0ecdc90 catatonit-0.1.7-22.fc40.x86_64.rpm 75a442ef2c8b3ab75a2692657c7838e806d56b607201ee463a68e0d448312391 composefs-1.0.3-1.fc40.x86_64.rpm 26e873722d8c94ba8150cb5afc7adcda1be17a21804d9c19e54eff530e3249a5 composefs-libs-1.0.3-1.fc40.x86_64.rpm @@ -18,9 +18,9 @@ adf4b75cdd9fae9d2d37fb71d9f0bf625a6705c0f0a7784569ab21463fe22152 conntrack-tool fa073cc08e035fab231c2e9aa3116468e75f5056c169d5b095f3ee2956123d95 container-selinux-2.233.0-1.fc40.noarch.rpm bbe29e0c7b4ca076d50b4ac3954eb383459230d96b13f353ee71ebd5de33b6d1 containerd-1.6.23-5.fc40.x86_64.rpm 25fffa3b5f1b0b2349fd6f8f6ccb6e84936c50eeb8d4a292bcc2b74895fa7fcc containernetworking-plugins-1.4.0-4.fc40.x86_64.rpm -2b469c1a5d65c0378a076c4fdd86196ace5775feabdd42bba1344a57b3fecae2 containers-common-0.60.1-1.fc40.noarch.rpm -b9bbec6ff8ed2e8ffe5631cda62d948500801843824abdd02104142ec2927e3b containers-common-extra-0.60.1-1.fc40.noarch.rpm -a42b290620077529be1c269ff440a6cf78a66bc239be5fd69dc5fdd509bcd70b coreutils-single-9.4-7.fc40.x86_64.rpm +44a10b26336b2163b9ece94ee9627cccf4d638081a1f6aa469a54628706a0580 containers-common-0.60.2-2.fc40.noarch.rpm +a2771b9e7ab7736c08dea207288aca37bda211634a4d16da3bf1c1e10942eb90 containers-common-extra-0.60.2-2.fc40.noarch.rpm +e74a792e74d8467510b859d16927bc951484bee8d3a141795e7dc8cc1b34c183 coreutils-single-9.4-8.fc40.x86_64.rpm d941a78ffb6e2e0b4c24d0097d0351ced8796edde90208b4bddee459bce0a949 cpio-2.15-1.fc40.x86_64.rpm faa23cb6a7a612c0a6e874c788c5add967c5e193bd38c2e6093b82b38a162f81 cracklib-2.9.11-5.fc40.i686.rpm ea1f43ef9a4b02a9c66726ee386f090145696fb93dff80d593ac82126f8037ec cracklib-2.9.11-5.fc40.x86_64.rpm @@ -186,12 +186,12 @@ bb9ceaba0d3283777777524e8c99b8eaa2155e9000d8e3ef5d0ece336f8c1392 libpsl-0.21.5- 571fad7baa286ca36a2b2cdb171d22142ba82b99663ec0408b5db99514773956 libseccomp-2.5.5-1.fc40.i686.rpm 91668f5d08a663948c7d888d7cdef3248285c5d9fbe369ae031d7ca31c6e398c libseccomp-2.5.5-1.fc40.x86_64.rpm 280edce0c5cda3a725edaca0db10a16d1c4b24b849a8ddfeac066ddb84057e6e libsecret-0.21.4-2.fc40.x86_64.rpm -97f18f8852a7b60a2990f6cb25f39de0593599eb6ba0e455436bc783f34b931e libselinux-3.6-4.fc40.i686.rpm -b67135643467acef3417d6f961ef3dc987ca726681a25026fce29cbd15fa76f9 libselinux-3.6-4.fc40.x86_64.rpm -33dd223a3ca3ef3e7128c84016f7cc95829802fc6a0d4f0c0329632fc6a2a2fc libselinux-utils-3.6-4.fc40.x86_64.rpm -1313cb0d72005c8b469466a7ee12a7c30b7e283ed5ed0f601d2c911fa84d5137 libsemanage-3.6-3.fc40.x86_64.rpm -d5e6fc8b4595cccae415bc18b971ea4a4ed64c816e45de5d3f588b78ecf12708 libsepol-3.6-3.fc40.i686.rpm -2a84c1dcbf391374eb7f66f75a5ce62eadf11241f33d4df950a7bd94a9e0853e libsepol-3.6-3.fc40.x86_64.rpm +69161fabb22dd4c5c8aeab0b6465dafe06117ce5173aaf4dce425a10cb11c434 libselinux-3.7-5.fc40.i686.rpm +2070bdf786c926400739254f08568ccf564ce613ddacacb36b6a9a499345aa5e libselinux-3.7-5.fc40.x86_64.rpm +aca271d814ee3be14c09963985011c201315a186d3e3b634af8d59cd5eb01208 libselinux-utils-3.7-5.fc40.x86_64.rpm +e200b862d5063f6e85859c5be99c50d5636edae91bd3f603c3a22383b7e2ac88 libsemanage-3.7-2.fc40.x86_64.rpm +a4cd1c54d0f8b543ffa7cc6ce366a6a3f233e084f2e52ea07a70da6127347b8e libsepol-3.7-2.fc40.i686.rpm +85cbaeca877a166cda9637a8ea0d43dd63488fdcc250fe564696cf8beaf8913f libsepol-3.7-2.fc40.x86_64.rpm 716b91d85eb887fe10db607608294475289b9e9fc4d51fbddcf24046ea016147 libsmartcols-2.40-0.9.rc1.fc40.i686.rpm 34111597814e385c8c1cdd48ff72c4ed64e7e6ed9bd6660bb2bfda6aebdb3200 libsmartcols-2.40-0.9.rc1.fc40.x86_64.rpm 302124d98a491472ec0982b89afbf576922d6921a89dda479d354e6582566f0e libsmartcols-2.40.1-1.fc40.x86_64.rpm @@ -261,8 +261,8 @@ f796a31cad58f4ebea8787020868581d9a721297ee0ef6a7c63a7f8444f60c17 pcsc-lite-libs 5443db8875acc0c1c436dbe1ed62b776543e049b8d9c7e33198379d367814093 pigz-2.8-4.fc40.x86_64.rpm cb7c5036f1d25c696de23a6670cb64caec9945116fb0c9a93555414746ecf253 pinentry-1.3.0-2.fc40.x86_64.rpm bbb4abafa9f7664e21350b56d49af2c928288e6d4dd68c304c4ab5d45b2c8ad7 pkcs11-provider-0.3-2.fc40.x86_64.rpm -9006a2de704b633a780f331328a5e304dc32f3cf33c19ef09ac9b04bd61159bb podman-5.2.2-1.fc40.x86_64.rpm -fc0270713aefd482937adc4d6905f806760ea54c70379cb675be521251e5a177 policycoreutils-3.6-3.fc40.x86_64.rpm +b364d3b3e7e6152ce1b27d7323bc56644213bb3589e5b4fd414cea07701c3fd6 podman-5.2.3-1.fc40.x86_64.rpm +8a0ee0be826338862ecd65d04032b43122cda333ba6bb6891b2ae6aed5208832 policycoreutils-3.7-3.fc40.x86_64.rpm 30a4f9d3631aaa1280c93ce4305847a9773973aa312e1802d1cd676cb2421689 polkit-124-2.fc40.x86_64.rpm f47bc65177a8b160916c00df9c84442afa1dd353880b3c0503d5a0b052d4956c polkit-libs-124-2.fc40.x86_64.rpm b7decdd8a6fcb175fea2bb39bb1dbecad1ba820c365bab5a273a7b3982e55157 polkit-pkla-compat-0.1-28.fc40.x86_64.rpm @@ -271,30 +271,30 @@ c03ba1c46e0e2dda36e654941f307aaa0d6574ee5143d6fec6e9af2bdf3252a2 popt-1.19-6.fc af85755cda79959a19161ebc26a45e507003298bd97b472b9ab0d512afa5e46a protobuf-c-1.5.0-3.fc40.x86_64.rpm 45ff2e9814aa059f323b23710c73309d41d36306667a3004f5fbb86b0cab4484 psmisc-23.6-6.fc40.x86_64.rpm cca50802d4f75306bc37126feb92db79fed44dcdabf76c1556853334995b9d3b publicsuffix-list-dafsa-20240107-3.fc40.noarch.rpm -1cfc81c8761cd0381cc5020a3686afec8350aadea01998518e8aa2407419fe9f python-pip-wheel-23.3.2-1.fc40.noarch.rpm +7c703b431508f44c5184b5c1df052ed0f49b7439d68aa3597a9a57a5b26bd648 python-pip-wheel-23.3.2-2.fc40.noarch.rpm c1b05e20130bc9c402b865866d5f244800b04af459c2a15ef4e834f2742219be python-unversioned-command-3.12.6-1.fc40.noarch.rpm cab29f836249f65e06275625a74012319914c478e03f7acfb454bd16c382d16a python3-3.12.6-1.fc40.x86_64.rpm 8f0508c73ef2fed4dacf727ca4c89dbfbe7c28131857ef47be756bc379196201 python3-libs-3.12.6-1.fc40.x86_64.rpm -31d3560d4e4d9c6eedbc48911b38f1958b03d69d53859251ca53adc2c0db083b qemu-user-static-8.2.6-3.fc40.x86_64.rpm -0f8288155f67cdc89680d17f77f742a58e7f2076231dc824b40411903c5bfb0d qemu-user-static-aarch64-8.2.6-3.fc40.x86_64.rpm -9d6240b8b25f010e64f583112fe8c152fc9ba469b261fb33fb4834724924c0dd qemu-user-static-alpha-8.2.6-3.fc40.x86_64.rpm -f4a6f78834d4a5636319a185055789ec791488f4e7ee6b47b00e6c4e269f8e05 qemu-user-static-arm-8.2.6-3.fc40.x86_64.rpm -f7ce8500ce5e7564a01a7c0f1bc87b0257b2fe2950103302be1bc01966b0bbef qemu-user-static-cris-8.2.6-3.fc40.x86_64.rpm -62e793b810cfacbfd283e673a2d8467dcddbf087eb17537076d220147e4c9ca5 qemu-user-static-hexagon-8.2.6-3.fc40.x86_64.rpm -12d8a93f6b61c2059627bcdd115539d89024e886c189935dd5257ec8cebccbd8 qemu-user-static-hppa-8.2.6-3.fc40.x86_64.rpm -19b21a04720fdf3003d8ce67e559af6668e44ad5e95a03db59b8930cd9d7e397 qemu-user-static-loongarch64-8.2.6-3.fc40.x86_64.rpm -fab31e38fed5b4630bdfb2b2ee97edf7ffde0038fd7c2c0945dbdbb64ebbbe44 qemu-user-static-m68k-8.2.6-3.fc40.x86_64.rpm -35a7fbb8c29e6f50962a1fd656a8ba6fb855f2f0daf8bd3986ec56e3909f9465 qemu-user-static-microblaze-8.2.6-3.fc40.x86_64.rpm -88484450122f6ab5329172368dc600119faa877ead25ebfa9a0dd2c2bf2a055f qemu-user-static-mips-8.2.6-3.fc40.x86_64.rpm -e0107e099ea2fdcc949b804ae910deeaf93ca8838edd9d23ae69adf54c4a8155 qemu-user-static-nios2-8.2.6-3.fc40.x86_64.rpm -d7f6cb73067427d6ed86e46a75dc6efd088cd4b28f1d0f318a99b3ad5e0d1a90 qemu-user-static-or1k-8.2.6-3.fc40.x86_64.rpm -ad30ee5ac42f1ed503b4a4db327877838094148bb7e2c626e1e60e554c6dc5f6 qemu-user-static-ppc-8.2.6-3.fc40.x86_64.rpm -ef903179c047453d22a7caf4b28f81792ed933c5ad6d1fd99892810dda1155b1 qemu-user-static-riscv-8.2.6-3.fc40.x86_64.rpm -752de837b1cfe48320dcd4fdef809937481cffc74533da1a49bf736367db9910 qemu-user-static-s390x-8.2.6-3.fc40.x86_64.rpm -446017f2cb59e00efd05760de9f699fdf97fa82078dc9bcfeb3a375ac6575989 qemu-user-static-sh4-8.2.6-3.fc40.x86_64.rpm -007037d0f3660316252b5080e57db7d02766389200c1442fd8f18d2fd571f0c4 qemu-user-static-sparc-8.2.6-3.fc40.x86_64.rpm -f8ae6311b48fc301763a4e9d0f2e2b23714a5955a1d0c07b5f7ee34df0842f44 qemu-user-static-x86-8.2.6-3.fc40.x86_64.rpm -77f6493f5271b2af50a1c979b1544db5909fd40c7f7200ef8d0d7852aaf325ba qemu-user-static-xtensa-8.2.6-3.fc40.x86_64.rpm +4197fb5b5c5072b22b246160d176f4d45d32499b12efca8d20acee113b43565f qemu-user-static-8.2.7-1.fc40.x86_64.rpm +5cde16ada3d387c8fe8cf2badf697f35fc6284697da080bdd41ae588d4cbfb59 qemu-user-static-aarch64-8.2.7-1.fc40.x86_64.rpm +3d7d124c154265410069909741ba3de98d80d54bab749ddb2eed64a5f7efa50d qemu-user-static-alpha-8.2.7-1.fc40.x86_64.rpm +cccb61e5417bd18f398156a1987827d615114796081c7d11cc62db5e0b2eac83 qemu-user-static-arm-8.2.7-1.fc40.x86_64.rpm +5b4f9648b3bb97b83a1eeca49ccf1bdbd86899b7081f7e2a75d1a043ef414162 qemu-user-static-cris-8.2.7-1.fc40.x86_64.rpm +8d9fed13c84c5e7bce85b0ab187a35a32b37560036eea0981d1a84e98c6e0ace qemu-user-static-hexagon-8.2.7-1.fc40.x86_64.rpm +e3d0f954419049e8da75cacdb0957d50dc4c4d15231618571e740ba75bc94a42 qemu-user-static-hppa-8.2.7-1.fc40.x86_64.rpm +862e4ab69693bfcf9bf4df224eaa4ff86b545f2fc66640a51fb1ddac088eda88 qemu-user-static-loongarch64-8.2.7-1.fc40.x86_64.rpm +4bc124edbc3bf481d336d2d5be048bbbdf15001700eea72b3e239d3909e3d121 qemu-user-static-m68k-8.2.7-1.fc40.x86_64.rpm +8a614a710ae025431c6caac4ccbe70011580ff30a4f672f733dede537e9a393a qemu-user-static-microblaze-8.2.7-1.fc40.x86_64.rpm +5d722e655b8d7f7655be4189fb1859db3ce3900c4ef84a305373584a1698891c qemu-user-static-mips-8.2.7-1.fc40.x86_64.rpm +e41ce93809e5cf63c06fd7ccc44e0d3afaba555f71ddfc0cfa929ce35b587856 qemu-user-static-nios2-8.2.7-1.fc40.x86_64.rpm +27fcfa89b7aa1035d96e85698319bc7b4048c244dfe90304fa0a32e405f6964a qemu-user-static-or1k-8.2.7-1.fc40.x86_64.rpm +85212911fef356d2ffbc7eed3948f88572fade0271ea1a3f0434709b8a734926 qemu-user-static-ppc-8.2.7-1.fc40.x86_64.rpm +cd7842fa018c33d0aac9940315321d4847b1e052345fd11cb7175a538a47aad2 qemu-user-static-riscv-8.2.7-1.fc40.x86_64.rpm +b8164876c487d70df7d162a5487867af8a80445481621160b06e69101bec9e9e qemu-user-static-s390x-8.2.7-1.fc40.x86_64.rpm +2d316e5781d257f09f96fb95cebda52db6ad38db0e12958a50354958586db068 qemu-user-static-sh4-8.2.7-1.fc40.x86_64.rpm +1dc60bde4b84d9e26671dfcc6c789fd87fdea29059da2d5fa13fb1704d964ad1 qemu-user-static-sparc-8.2.7-1.fc40.x86_64.rpm +5d4edeb727f6644d81eede2ff55835198f76dd31c7cc53284dc34451184ddd71 qemu-user-static-x86-8.2.7-1.fc40.x86_64.rpm +63704659a3bab9bf58b548f98ea635ae900698e7ce1a5b50a198d134c4eed1be qemu-user-static-xtensa-8.2.7-1.fc40.x86_64.rpm 8d50fba416f81e4091b144748fff22665ee88699fdc4a372b905d999d05fd3e8 qrencode-libs-4.1.1-7.fc40.i686.rpm 93781052576cc40a2c203bbc1bf865189a11b2c82436e614da9811baedc082fc qrencode-libs-4.1.1-7.fc40.x86_64.rpm 3527582fddcb54892228658b3929ffbb89766941a9794e726216e0800ac05721 readline-8.2-8.fc40.i686.rpm @@ -329,8 +329,8 @@ a4f193cf893b65f7580feff3ff5fb3d50b8617b3292457d5e51312e57b777d19 systemd-networ c3be8a6d0ea23b1d0bf466b19857b97f7ffde811ad7adec0599161059d84cc74 tpm2-tss-4.1.3-1.fc40.x86_64.rpm 5df98756883badf7743cdd75f5689b62606bff0b74494b20241cb9d78335c251 tpm2-tss-fapi-4.1.3-1.fc40.x86_64.rpm 0bd358e7dfb2bd730b62c7375c8d8f8d9e2470f085ca8dc4ec626dc0332d5687 tzdata-2024a-5.fc40.noarch.rpm -70104fb4dffbfde9b5dd540a97ce37fa965c9d989777dd6c086de28bff10709a unbound-anchor-1.20.0-1.fc40.x86_64.rpm -76d89a1e025aed395b28f9f97d8cba85142e5ffcfecb00de7f93333b76225665 unbound-libs-1.20.0-1.fc40.x86_64.rpm +9fc3b3f602c81bdb5e1daa4a7f9a254d35481bd1186ac0b01fbb0c3243440ca8 unbound-anchor-1.21.1-3.fc40.x86_64.rpm +1432f6a67a9400d10b09b5eee96c6fbf89b8bef99cc7e1abc6d885cf69a61fb2 unbound-libs-1.21.1-3.fc40.x86_64.rpm 36ffa617a0dfe523424a28290241a81cd51f7d82e776e58131f16d092d49797b util-linux-2.40-0.9.rc1.fc40.i686.rpm 41b777c50f1ec74795551c7d930a3d6eceab278ff03608893a5dbd49f2de5363 util-linux-2.40.1-1.fc40.x86_64.rpm 7ec1b5df780c5a30f8e901179480125a6ea87f1f7bad3b69da7f4b351b88c3dd util-linux-core-2.40-0.9.rc1.fc40.x86_64.rpm From 32e00994bb0ac788c1af1e8df8ed1b7b5e283367 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 7 Oct 2024 10:39:06 +0200 Subject: [PATCH 282/380] deps: update ubuntu:22.04 Docker digest to 58b8789 (#3365) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- 3rdparty/gcp-guest-agent/Dockerfile | 2 +- docs/screencasts/docker/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/3rdparty/gcp-guest-agent/Dockerfile b/3rdparty/gcp-guest-agent/Dockerfile index 0c7fc4bf0..5b82fda28 100644 --- a/3rdparty/gcp-guest-agent/Dockerfile +++ b/3rdparty/gcp-guest-agent/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:22.04@sha256:adbb90115a21969d2fe6fa7f9af4253e16d45f8d4c1e930182610c4731962658 as build +FROM ubuntu:22.04@sha256:58b87898e82351c6cf9cf5b9f3c20257bb9e2dcf33af051e12ce532d7f94e3fe as build # Install packages RUN apt-get update && apt-get install -y \ diff --git a/docs/screencasts/docker/Dockerfile b/docs/screencasts/docker/Dockerfile index 97d23cce6..2d6d13108 100644 --- a/docs/screencasts/docker/Dockerfile +++ b/docs/screencasts/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:22.04@sha256:adbb90115a21969d2fe6fa7f9af4253e16d45f8d4c1e930182610c4731962658 +FROM ubuntu:22.04@sha256:58b87898e82351c6cf9cf5b9f3c20257bb9e2dcf33af051e12ce532d7f94e3fe # Install requirements RUN apt-get update && apt-get install -y software-properties-common &&\ From dd1763a36d90c869d5dc62754122d8dd008ec9b5 Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Mon, 7 Oct 2024 10:51:37 +0200 Subject: [PATCH 283/380] helm: manage CoreDNS addon as Helm chart (#3388) * Reapply "helm: manage CoreDNS addon as Helm chart (#3236)" This reverts commit 4a9422d288ef42f5ebf0dd878dc9aff26ed082dd. * Reapply "helm: fix kubeadm bugs caused by CoreDNS installation (#3353)" This reverts commit 9ecfc3fa19780b8b4972872b0a505d377ec70601. --- .../internal/kubernetes/k8sapi/k8sutil.go | 3 +- .../internal/kubernetes/kubernetes.go | 4 - cli/internal/cmd/apply.go | 4 + cli/internal/cmd/apply_test.go | 1 + cli/internal/cmd/applyhelm.go | 1 + cli/internal/cmd/init_test.go | 4 + cli/internal/cmd/upgradeapply_test.go | 4 + go.mod | 2 + go.sum | 196 ++++++++++++++++++ internal/constellation/helm.go | 15 ++ internal/constellation/helm/BUILD.bazel | 9 + .../helm/charts/coredns/Chart.yaml | 3 + .../charts/coredns/templates/clusterrole.yaml | 23 ++ .../coredns/templates/clusterrolebinding.yaml | 13 ++ .../charts/coredns/templates/configmap.yaml | 28 +++ .../charts/coredns/templates/deployment.yaml | 109 ++++++++++ .../charts/coredns/templates/service.yaml | 33 +++ .../coredns/templates/serviceaccount.yaml | 6 + .../helm/charts/coredns/values.yaml | 3 + .../constellation/helm/corednsgen/BUILD.bazel | 26 +++ .../helm/corednsgen/corednsgen.go | 181 ++++++++++++++++ internal/constellation/helm/helm.go | 4 +- internal/constellation/helm/helm_test.go | 1 + internal/constellation/helm/loader.go | 18 +- internal/constellation/helm/loader_test.go | 51 ++++- internal/constellation/helm/overrides.go | 13 ++ internal/kubernetes/kubectl/kubectl.go | 59 ------ .../internal/provider/cluster_resource.go | 5 + 28 files changed, 750 insertions(+), 69 deletions(-) create mode 100644 internal/constellation/helm/charts/coredns/Chart.yaml create mode 100644 internal/constellation/helm/charts/coredns/templates/clusterrole.yaml create mode 100644 internal/constellation/helm/charts/coredns/templates/clusterrolebinding.yaml create mode 100644 internal/constellation/helm/charts/coredns/templates/configmap.yaml create mode 100644 internal/constellation/helm/charts/coredns/templates/deployment.yaml create mode 100644 internal/constellation/helm/charts/coredns/templates/service.yaml create mode 100644 internal/constellation/helm/charts/coredns/templates/serviceaccount.yaml create mode 100644 internal/constellation/helm/charts/coredns/values.yaml create mode 100644 internal/constellation/helm/corednsgen/BUILD.bazel create mode 100644 internal/constellation/helm/corednsgen/corednsgen.go diff --git a/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go b/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go index 19713e00e..d2ec6e78f 100644 --- a/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go +++ b/bootstrapper/internal/kubernetes/k8sapi/k8sutil.go @@ -48,7 +48,6 @@ type Client interface { AddNodeSelectorsToDeployment(ctx context.Context, selectors map[string]string, name string, namespace string) error ListAllNamespaces(ctx context.Context) (*corev1.NamespaceList, error) AnnotateNode(ctx context.Context, nodeName, annotationKey, annotationValue string) error - EnforceCoreDNSSpread(ctx context.Context) error PatchFirstNodePodCIDR(ctx context.Context, firstNodePodCIDR string) error } @@ -150,7 +149,7 @@ func (k *KubernetesUtil) InitCluster( // initialize the cluster log.Info("Initializing the cluster using kubeadm init") - skipPhases := "--skip-phases=preflight,certs" + skipPhases := "--skip-phases=preflight,certs,addon/coredns" if !conformanceMode { skipPhases += ",addon/kube-proxy" } diff --git a/bootstrapper/internal/kubernetes/kubernetes.go b/bootstrapper/internal/kubernetes/kubernetes.go index d4e916f0f..13c387d23 100644 --- a/bootstrapper/internal/kubernetes/kubernetes.go +++ b/bootstrapper/internal/kubernetes/kubernetes.go @@ -165,10 +165,6 @@ func (k *KubeWrapper) InitCluster( return nil, fmt.Errorf("waiting for Kubernetes API to be available: %w", err) } - if err := k.client.EnforceCoreDNSSpread(ctx); err != nil { - return nil, fmt.Errorf("configuring CoreDNS deployment: %w", err) - } - // Setup the K8s components ConfigMap. k8sComponentsConfigMap, err := k.setupK8sComponentsConfigMap(ctx, kubernetesComponents, versionString) if err != nil { diff --git a/cli/internal/cmd/apply.go b/cli/internal/cmd/apply.go index f22e25a60..aba3aa378 100644 --- a/cli/internal/cmd/apply.go +++ b/cli/internal/cmd/apply.go @@ -428,6 +428,9 @@ func (a *applyCmd) apply( if err := a.runHelmApply(cmd, conf, stateFile, upgradeDir); err != nil { return err } + if err := a.applier.CleanupCoreDNSResources(cmd.Context()); err != nil { + return fmt.Errorf("cleaning up CoreDNS: %w", err) + } } // Upgrade node image @@ -847,6 +850,7 @@ type applier interface { // methods required to install/upgrade Helm charts AnnotateCoreDNSResources(context.Context) error + CleanupCoreDNSResources(context.Context) error PrepareHelmCharts( flags helm.Options, state *state.State, serviceAccURI string, masterSecret uri.MasterSecret, ) (helm.Applier, bool, error) diff --git a/cli/internal/cmd/apply_test.go b/cli/internal/cmd/apply_test.go index 33fe6ba90..17c03f33f 100644 --- a/cli/internal/cmd/apply_test.go +++ b/cli/internal/cmd/apply_test.go @@ -554,6 +554,7 @@ func (s *stubConstellApplier) Init(context.Context, atls.Validator, *state.State type helmApplier interface { AnnotateCoreDNSResources(context.Context) error + CleanupCoreDNSResources(ctx context.Context) error PrepareHelmCharts( flags helm.Options, stateFile *state.State, serviceAccURI string, masterSecret uri.MasterSecret, ) ( diff --git a/cli/internal/cmd/applyhelm.go b/cli/internal/cmd/applyhelm.go index bd629d348..9b6ba7d69 100644 --- a/cli/internal/cmd/applyhelm.go +++ b/cli/internal/cmd/applyhelm.go @@ -42,6 +42,7 @@ func (a *applyCmd) runHelmApply(cmd *cobra.Command, conf *config.Config, stateFi HelmWaitMode: a.flags.helmWaitMode, ApplyTimeout: a.flags.helmTimeout, AllowDestructive: helm.DenyDestructive, + ServiceCIDR: conf.ServiceCIDR, } if conf.Provider.OpenStack != nil { var deployYawolLoadBalancer bool diff --git a/cli/internal/cmd/init_test.go b/cli/internal/cmd/init_test.go index ccad3eb30..568c31ff8 100644 --- a/cli/internal/cmd/init_test.go +++ b/cli/internal/cmd/init_test.go @@ -282,6 +282,10 @@ func (s stubHelmApplier) AnnotateCoreDNSResources(_ context.Context) error { return nil } +func (s stubHelmApplier) CleanupCoreDNSResources(_ context.Context) error { + return nil +} + func (s stubHelmApplier) PrepareHelmCharts( _ helm.Options, _ *state.State, _ string, _ uri.MasterSecret, ) (helm.Applier, bool, error) { diff --git a/cli/internal/cmd/upgradeapply_test.go b/cli/internal/cmd/upgradeapply_test.go index 8a4341c2c..db4012596 100644 --- a/cli/internal/cmd/upgradeapply_test.go +++ b/cli/internal/cmd/upgradeapply_test.go @@ -379,6 +379,10 @@ func (m *mockApplier) AnnotateCoreDNSResources(_ context.Context) error { return nil } +func (m *mockApplier) CleanupCoreDNSResources(_ context.Context) error { + return nil +} + func (m *mockApplier) PrepareHelmCharts( helmOpts helm.Options, stateFile *state.State, str string, masterSecret uri.MasterSecret, ) (helm.Applier, bool, error) { diff --git a/go.mod b/go.mod index 769aae5c9..85ff9a9c0 100644 --- a/go.mod +++ b/go.mod @@ -192,6 +192,8 @@ require ( github.com/cloudflare/circl v1.3.7 // indirect github.com/containerd/containerd v1.7.12 // indirect github.com/containerd/log v0.1.0 // indirect + github.com/coredns/caddy v1.1.1 // indirect + github.com/coredns/corefile-migration v1.0.21 // indirect github.com/coreos/go-semver v0.3.1 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7 // indirect diff --git a/go.sum b/go.sum index db1ae1007..f8c0d3c9b 100644 --- a/go.sum +++ b/go.sum @@ -1,26 +1,38 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= +cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= +cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= +cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= +cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= cloud.google.com/go v0.115.1 h1:Jo0SM9cQnSkYfp44+v+NQXHpcHqlnRJk2qxh6yvxxxQ= cloud.google.com/go v0.115.1/go.mod h1:DuujITeaufu3gL68/lOFIirVNJwQeyf5UXyi+Wbgknc= cloud.google.com/go/auth v0.9.3 h1:VOEUIAADkkLtyfr3BLa3R8Ed/j6w1jTBmARx+wb5w5U= cloud.google.com/go/auth v0.9.3/go.mod h1:7z6VY+7h3KUdRov5F1i8NDP5ZzWKYmEPO842BgCsmTk= cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY= cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc= +cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/compute v1.28.0 h1:OPtBxMcheSS+DWfci803qvPly3d4w7Eu5ztKBcFfzwk= cloud.google.com/go/compute v1.28.0/go.mod h1:DEqZBtYrDnD5PvjsKwb3onnhX+qjdCVM7eshj1XdjV4= cloud.google.com/go/compute/metadata v0.5.0 h1:Zr0eK8JbFv6+Wi4ilXAR8FJ3wyNdpxHKJNPos6LTZOY= cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY= +cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= +cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= cloud.google.com/go/iam v1.2.0 h1:kZKMKVNk/IsSSc/udOb83K0hL/Yh/Gcqpz+oAkoIFN8= cloud.google.com/go/iam v1.2.0/go.mod h1:zITGuWgsLZxd8OwAlX+eMFgZDXzBm7icj1PVTYG766Q= cloud.google.com/go/kms v1.19.0 h1:x0OVJDl6UH1BSX4THKlMfdcFWoE4ruh90ZHuilZekrU= cloud.google.com/go/kms v1.19.0/go.mod h1:e4imokuPJUc17Trz2s6lEXFDt8bgDmvpVynH39bdrHM= cloud.google.com/go/longrunning v0.6.0 h1:mM1ZmaNsQsnb+5n1DNPeL0KwQd9jQRqSqSDEkBZr+aI= cloud.google.com/go/longrunning v0.6.0/go.mod h1:uHzSZqW89h7/pasCWNYdUpwGz3PcVWhrWupreVPYLts= +cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/secretmanager v1.14.0 h1:P2RRu2NEsQyOjplhUPvWKqzDXUKzwejHLuSUBHI8c4w= cloud.google.com/go/secretmanager v1.14.0/go.mod h1:q0hSFHzoW7eRgyYFH8trqEFavgrMeiJI4FETNN78vhM= +cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.43.0 h1:CcxnSohZwizt4LCzQHWvBf1/kvtHUn7gk9QERXPyXFs= cloud.google.com/go/storage v1.43.0/go.mod h1:ajvxEa7WmZS1PxvKRq4bq0tFT3vMd502JwstCcYv0Q0= dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= +dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU= @@ -82,6 +94,7 @@ github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0= github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= +github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU= github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU= github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ= @@ -99,6 +112,7 @@ github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migc github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/Microsoft/hcsshim v0.11.4 h1:68vKo2VN8DE9AdN4tnkWnmdhqdbpUFM8OF3Airm7fz8= github.com/Microsoft/hcsshim v0.11.4/go.mod h1:smjE4dvqPX9Zldna+t5FG3rnoHhaB7QYxPRqGcpAD9w= +github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/ProtonMail/go-crypto v1.1.0-alpha.2 h1:bkyFVUP+ROOARdgCiJzNQo2V2kiB97LyUpzH9P6Hrlg= github.com/ProtonMail/go-crypto v1.1.0-alpha.2/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs= @@ -112,6 +126,9 @@ github.com/alessio/shellescape v1.4.1/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPp github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec= github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY= github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= +github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= +github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= +github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= @@ -177,6 +194,8 @@ github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= +github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= @@ -194,6 +213,7 @@ github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3k github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk= @@ -213,10 +233,21 @@ github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= +github.com/coredns/caddy v1.1.0/go.mod h1:A6ntJQlAWuQfFlsd9hvigKbo2WS0VUs2l1e2F+BawD4= +github.com/coredns/caddy v1.1.1 h1:2eYKZT7i6yxIfGP3qLJoJ7HAsDJqYB+X68g4NYjSrE0= +github.com/coredns/caddy v1.1.1/go.mod h1:A6ntJQlAWuQfFlsd9hvigKbo2WS0VUs2l1e2F+BawD4= +github.com/coredns/corefile-migration v1.0.21 h1:W/DCETrHDiFo0Wj03EyMkaQ9fwsmSgqTCQDHpceaSsE= +github.com/coredns/corefile-migration v1.0.21/go.mod h1:XnhgULOEouimnzgn0t4WPuFDN2/PJQcTxdWKC5eXNGE= +github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= +github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= +github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4= github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= +github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= +github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= +github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4= github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= @@ -234,6 +265,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= +github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aBfCb7iqHmDEIp6fBvC/hQUddQfg+3qdYjwzaiP9Hnc= github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2/go.mod h1:WHNsWjnIn2V1LYOrME7e8KxSeKunYHsxEm4am0BUtcI= github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0= @@ -280,16 +313,19 @@ github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/foxboron/go-uefi v0.0.0-20240805124652-e2076f0e58ca h1:ErxkaWK5AIt8gQf3KpAuQQBdZI4ps72HzEe123kh+So= github.com/foxboron/go-uefi v0.0.0-20240805124652-e2076f0e58ca/go.mod h1:ffg/fkDeOYicEQLoO2yFFGt00KUTYVXI+rfnc8il6vQ= github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI= github.com/foxcpp/go-mockdns v1.0.0/go.mod h1:lgRN6+KxQBawyIghpnl5CezHFGS9VLzvtVlwxvzXTQ4= github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= +github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0= github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk= +github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/go-chi/chi v4.1.2+incompatible h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec= github.com/go-chi/chi v4.1.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= @@ -300,6 +336,7 @@ github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+ github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow= github.com/go-git/go-git/v5 v5.12.0 h1:7Md+ndsjrzZxbddRDZjF14qK+NN56sy6wkqaVrjZtys= github.com/go-git/go-git/v5 v5.12.0/go.mod h1:FTM9VKtnI2m65hNI/TenDDDnUf2Q9FHnXYjuz9i5OEY= +github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs= github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw= github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= @@ -367,6 +404,7 @@ github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5x github.com/gofrs/uuid/v5 v5.2.0 h1:qw1GMx6/y8vhVsx626ImfKMuS5CvJmhIKKtuyvfajMM= github.com/gofrs/uuid/v5 v5.2.0/go.mod h1:CDOjlDMVAtN56jqyRUZh58JT31Tiw7/oQyEXZV+9bD8= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= +github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= @@ -375,10 +413,13 @@ github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -396,6 +437,8 @@ github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/gomodule/redigo v1.8.2 h1:H5XSIre1MB5NbPYFp+i1NBbb5qN1W8Y8YAQoAYbkm8k= github.com/gomodule/redigo v1.8.2/go.mod h1:P9dn9mFrCBvWhGE1wpxx6fgq7BAeLBk+UUUzlpkBYO0= +github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= +github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU= github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= github.com/google/certificate-transparency-go v1.0.21/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg= @@ -435,10 +478,15 @@ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/logger v1.1.1 h1:+6Z2geNxc9G+4D4oDO9njjjn2d0wN5d7uOo0vOIW1NQ= github.com/google/logger v1.1.1/go.mod h1:BkeJZ+1FhQ+/d087r4dzojEg1u2ZX+ZqG1jTUrLM+zQ= +github.com/google/martian v2.1.0+incompatible h1:/CP5g8u/VJHijgedC/Legn3BAbAaWPgecwXBIDzw5no= +github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.3.3 h1:DIhPTQrbPkgs2yJYdXU/eNACCG5DVQjySNRNlflZ9Fc= github.com/google/martian/v3 v3.3.3/go.mod h1:iEPrYcgCF7jA9OtScMFQyAlZZ4YXTKEtJ1E6RWzmBA0= +github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= +github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= +github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= @@ -450,12 +498,15 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/enterprise-certificate-proxy v0.3.4 h1:XYIDZApgAnrN1c855gTgghdIA6Stxb52D5RnLI1SLyw= github.com/googleapis/enterprise-certificate-proxy v0.3.4/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA= +github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= +github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.13.0 h1:yitjD5f7jQHhyDsnhKEBU52NdvvdSeGzlAnDPT0hH1s= github.com/googleapis/gax-go/v2 v2.13.0/go.mod h1:Z/fvTZXF8/uw7Xu5GuslPw+bplx6SS338j1Is2S+B7A= github.com/gophercloud/gophercloud/v2 v2.1.0 h1:91p6c+uMckXyx39nSIYjDirDBnPVFQq0q1njLNPX+NY= github.com/gophercloud/gophercloud/v2 v2.1.0/go.mod h1:f2hMRC7Kakbv5vM7wSGHrIPZh6JZR60GVHryJlF/K44= github.com/gophercloud/utils/v2 v2.0.0-20240807081201-990d90b23c70 h1:UFRmN3w9eSxwHsOGjA3BiYGEBDUAFaHHv5alaMHbbFE= github.com/gophercloud/utils/v2 v2.0.0-20240807081201-990d90b23c70/go.mod h1:ZNbSKwPYzyQ7PKmlCvVdI2JvwVHsl/ZVVXnpJRNkLrQ= +github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4= github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q= github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= @@ -467,17 +518,23 @@ github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY= github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= +github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.1.0 h1:pRhl55Yx1eC7BZ1N+BBWwnKaMyD8uC+34TLdndZMAKk= github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.1.0/go.mod h1:XKMd7iuf/RGPSMJ/U4HP0zS2Z9Fh8Ps9a+6X26m/tmI= +github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= +github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0= github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k= +github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= +github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-checkpoint v0.5.0 h1:MFYpPZCnQqQTE18jFwSII6eUQrD/oxMFp3mlgcqk5mU= github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg= github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= +github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 h1:1/D3zfFHttUKaCaGKZ/dR2roBXv0vKbSCnssIldfQdI= @@ -485,6 +542,7 @@ github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320/go.mod h1:EiZBM github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= +github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-kms-wrapping/v2 v2.0.16 h1:WZeXfD26QMWYC35at25KgE021SF9L3u9UMHK8fJAdV0= github.com/hashicorp/go-kms-wrapping/v2 v2.0.16/go.mod h1:ZiKZctjRTLEppuRwrttWkp71VYMbTTCkazK4xT7U/NQ= github.com/hashicorp/go-kms-wrapping/wrappers/awskms/v2 v2.0.9 h1:qdxeZvDMRGZ3YSE4Oz0Pp7WUSUn5S6cWZguEOkEVL50= @@ -493,27 +551,40 @@ github.com/hashicorp/go-kms-wrapping/wrappers/azurekeyvault/v2 v2.0.11 h1:/7SKkY github.com/hashicorp/go-kms-wrapping/wrappers/azurekeyvault/v2 v2.0.11/go.mod h1:LepS5s6ESGE0qQMpYaui5lX+mQYeiYiy06VzwWRioO8= github.com/hashicorp/go-kms-wrapping/wrappers/gcpckms/v2 v2.0.12 h1:PCqWzT/Hii0KL07JsBZ3lJbv/wx02IAHYlhWQq8rxRY= github.com/hashicorp/go-kms-wrapping/wrappers/gcpckms/v2 v2.0.12/go.mod h1:HSaOaX/lv3ShCdilUYbOTPnSvmoZ9xtQhgw+8hYcZkg= +github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= +github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/go-plugin v1.6.0 h1:wgd4KxHJTVGGqWBq4QPB1i5BZNEx9BR8+OFmHDmTk8A= github.com/hashicorp/go-plugin v1.6.0/go.mod h1:lBS5MtSSBZk0SHc66KACcjjlU6WzEVP/8pwz68aMkCI= github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU= github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= +github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6 h1:W9WN8p6moV1fjKLkeqEgkAMu5rauy9QeYDAmIaPuuiA= github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6/go.mod h1:MpCPSPGLDILGb4JMm94/mMi3YysIqsXzGCzkEZjcjXg= +github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= +github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY= github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= +github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc= github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/hc-install v0.8.0 h1:LdpZeXkZYMQhoKPCecJHlKvUkQFixN/nvyR1CdfOLjI= github.com/hashicorp/hc-install v0.8.0/go.mod h1:+MwJYjDfCruSD/udvBmRB22Nlkwwkwf5sAB6uTIhSaU= +github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/hcl/v2 v2.21.0 h1:lve4q/o/2rqwYOgUg3y3V2YPyD1/zkCLGjIV74Jit14= github.com/hashicorp/hcl/v2 v2.21.0/go.mod h1:62ZYHrXgPoX8xBnzl8QzbWq4dyDsDtfCRgIq1rbJEvA= github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= +github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= +github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= +github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= github.com/hashicorp/terraform-exec v0.21.0 h1:uNkLAe95ey5Uux6KJdua6+cv8asgILFVWkd/RG0D2XQ= github.com/hashicorp/terraform-exec v0.21.0/go.mod h1:1PPeMYou+KDUSSeRE9szMZ/oHf4fYUmB923Wzbq1ICg= github.com/hashicorp/terraform-json v0.22.1 h1:xft84GZR0QzjPVWs4lRUwvTcPnegqlyS7orfb5Ltvec= @@ -546,6 +617,7 @@ github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM= github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= +github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= @@ -563,18 +635,22 @@ github.com/jmhodges/clock v1.2.0 h1:eq4kys+NI0PLngzaHEe7AmPT90XMGIEySD1JfV1PDIs= github.com/jmhodges/clock v1.2.0/go.mod h1:qKjhA7x7u/lQpPB1XAqX1b1lCI/w3/fNuYpI/ZjLynI= github.com/jmoiron/sqlx v1.3.5 h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g= github.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ= +github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= +github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/k0kubun/go-ansi v0.0.0-20180517002512-3bf9e2903213/go.mod h1:vNUNkEQ1e29fT/6vq2aBdFsgNPmy8qMdSay1npru+Sw= github.com/karrick/godirwalk v1.17.0 h1:b4kY7nqDdioR/6qnbHQyDvmA17u5G1cZ6J+CZXwSWoI= github.com/karrick/godirwalk v1.17.0/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk= github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= +github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= @@ -606,6 +682,7 @@ github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhn github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= github.com/lithammer/dedent v1.1.0 h1:VNzHMVCBNG1j0fh3OrsFRkVUwStdDArbgBWoPAffktY= github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z9BP0jIOc= +github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/markbates/errx v1.1.0 h1:QDFeR+UP95dO12JgW+tgi2UVfo0V8YBHiUIOaeBPiEI= @@ -614,12 +691,14 @@ github.com/markbates/oncer v1.0.0 h1:E83IaVAHygyndzPimgUYJjbshhDTALZyXxvk9FOlQRY github.com/markbates/oncer v1.0.0/go.mod h1:Z59JA581E9GP6w96jai+TGqafHPW+cPfRxz2aSZ0mcI= github.com/markbates/safe v1.0.1 h1:yjZkbvRM6IzKj9tlu/zMJLS0n/V351OZWRnF3QfaUxI= github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0= +github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= +github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= @@ -633,19 +712,27 @@ github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU= github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= +github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4= github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY= +github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db h1:62I3jR2EmQ4l5rM/4FEfDWcRD+abF5XlKShorW5LRoQ= github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db/go.mod h1:l0dey0ia/Uv7NcFFVbCLtqEBQbrT4OCwCSKTEv6enCw= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= +github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= +github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU= github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8= github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= +github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= +github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= +github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= +github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= @@ -693,8 +780,10 @@ github.com/opencontainers/image-spec v1.1.0-rc6 h1:XDqvyKsJEbRtATzkgItUqBA7QHk58 github.com/opencontainers/image-spec v1.1.0-rc6/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= +github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pborman/uuid v1.2.1 h1:+ZZIw58t/ozdjRaXh/3awHfmWRbzYxJoAdNJxe/3pvw= github.com/pborman/uuid v1.2.1/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= +github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI= @@ -704,13 +793,16 @@ github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFz github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/poy/onpar v1.1.2 h1:QaNrNiZx0+Nar5dLgTVp5mXkyoVFIbepjyEoGSnhbAY= github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjzg= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= +github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g= github.com/prometheus/client_golang v1.19.0 h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU= @@ -720,27 +812,35 @@ github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1: github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= +github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= +github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE= github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= +github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/regclient/regclient v0.7.1 h1:qEsJrTmZd98fZKjueAbrZCSNGU+ifnr6xjlSAs3WOPs= github.com/regclient/regclient v0.7.1/go.mod h1:+w/BFtJuw0h0nzIw/z2+1FuA2/dVXBzDq4rYmziJpMc= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= +github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= +github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/rubenv/sql-migrate v1.5.2 h1:bMDqOnrJVV/6JQgQ/MxOpU+AdO8uzYYA/TxFUBzFtS0= github.com/rubenv/sql-migrate v1.5.2/go.mod h1:H38GW8Vqf8F0Su5XignRyaRcbXbJunSWxs+kmzlg0Is= +github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/samber/lo v1.38.1 h1:j2XEAqXKb09Am4ebOg31SpvzUTTs6EN3VfgeLUhPdXM= github.com/samber/lo v1.38.1/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA= github.com/samber/slog-multi v1.2.0 h1:JIebVdmeGkCMd5/ticlmU+aDYl4tdAZBmp5uLaSzr0k= @@ -751,6 +851,7 @@ github.com/sassoftware/relic/v7 v7.6.2 h1:rS44Lbv9G9eXsukknS4mSjIAuuX+lMq/FnStgm github.com/sassoftware/relic/v7 v7.6.2/go.mod h1:kjmP0IBVkJZ6gXeAu35/KCEfca//+PKM6vTAsyDPY+k= github.com/schollz/progressbar/v3 v3.14.6 h1:GyjwcWBAf+GFDMLziwerKvpuS7ZF+mNTAXIB2aspiZs= github.com/schollz/progressbar/v3 v3.14.6/go.mod h1:Nrzpuw3Nl0srLY0VlTvC4V6RL50pcEymjy6qyJAaLa0= +github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/secure-systems-lab/go-securesystemslib v0.8.0 h1:mr5An6X45Kb2nddcFlbmfHkLguCE9laoZCUzEEpIZXA= github.com/secure-systems-lab/go-securesystemslib v0.8.0/go.mod h1:UH2VZVuJfCYR8WgMlCU1uFsOUU+KeyrTWcSS73NBOzU= github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= @@ -758,6 +859,7 @@ github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8= github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= +github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/siderolabs/talos/pkg/machinery v1.7.5 h1:M02UZSDfN0BB4bXhTYDjEmVvAIX1GsAS45cyKh6+HHU= github.com/siderolabs/talos/pkg/machinery v1.7.5/go.mod h1:OeamhNo92c3V96bddZNhcCgoRyzw2KWBtpma1lfchtg= github.com/sigstore/rekor v1.3.6 h1:QvpMMJVWAp69a3CHzdrLelqEqpTM3ByQRt5B5Kspbi8= @@ -769,15 +871,25 @@ github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/skeema/knownhosts v1.2.2 h1:Iug2P4fLmDw9f41PB6thxUkNUkJzB5i+1/exaj40L3A= github.com/skeema/knownhosts v1.2.2/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo= +github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= +github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= +github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= +github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= +github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY= +github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0= github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= +github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= +github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= +github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= @@ -795,12 +907,14 @@ github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/theupdateframework/go-tuf v0.7.0 h1:CqbQFrWo1ae3/I0UCblSbczevCCbS31Qvs5LdxRWqRI= github.com/theupdateframework/go-tuf v0.7.0/go.mod h1:uEB7WSY+7ZIugK6R1hiBMBjQftaFzn7ZCDJcp1tCUug= github.com/tink-crypto/tink-go/v2 v2.2.0 h1:L2Da0F2Udh2agtKztdr69mV/KpnY3/lGTkMgLTVIXlA= github.com/tink-crypto/tink-go/v2 v2.2.0/go.mod h1:JJ6PomeNPF3cJpfWC0lgyTES6zpJILkAX0cJNwlS3xU= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs= +github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/transparency-dev/merkle v0.0.2 h1:Q9nBoQcZcgPamMkGn7ghV8XiTZ/kRxn1yCG81+twTK4= github.com/transparency-dev/merkle v0.0.2/go.mod h1:pqSy+OXefQ1EDUVmAJ8MUhHB9TXGuzVAT58PqBoHz1A= github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc= @@ -825,6 +939,7 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHo github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74= github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= +github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ= github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -842,6 +957,7 @@ github.com/zclconf/go-cty v1.14.4 h1:uXXczd9QDGsgu0i/QFR/hzI5NYCHLf6NQw/atrbnhq8 github.com/zclconf/go-cty v1.14.4/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940 h1:4r45xpDWB6ZMSMNJFMOjqrGHynW3DIBuR2H9j0ug+Mo= github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940/go.mod h1:CmBdvvj3nqzfzJ6nTCIwDTPZ56aVGvDrmztiO5g3qrM= +go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/etcd/api/v3 v3.5.15 h1:3KpLJir1ZEBrYuV2v+Twaa/e2MdDCEZ/70H+lzEiwsk= go.etcd.io/etcd/api/v3 v3.5.15/go.mod h1:N9EhGzXq58WuMllgH9ZvnEr7SI9pS0k0+DHZezGp7jM= go.etcd.io/etcd/client/pkg/v3 v3.5.15 h1:fo0HpWz/KlHGMCC+YejpiCmyWDEuIpnTDzpJLB5fWlA= @@ -852,6 +968,8 @@ go.mongodb.org/mongo-driver v1.14.0 h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd go.mongodb.org/mongo-driver v1.14.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c= go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1 h1:A/5uWzF44DlIgdm/PQFwfMkW0JX+cIcQi/SwLAmZP5M= go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= +go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= +go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 h1:r6I7RJCN86bpD/FQwedZ0vSixDpwuWREjW9oRMsmqDc= @@ -874,14 +992,20 @@ go.opentelemetry.io/proto/otlp v1.2.0 h1:pVeZGk7nXDC9O2hncA6nHldxEjm6LByfA2aN8IO go.opentelemetry.io/proto/otlp v1.2.0/go.mod h1:gGpR8txAl5M03pDhMC79G6SdqNV26naRm/KDsgaHD8A= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= +go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= +go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= +go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= @@ -892,11 +1016,25 @@ golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDf golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A= golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= +golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= +golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= +golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= +golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= +golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= +golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= +golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= +golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= @@ -905,10 +1043,17 @@ golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0= golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -924,11 +1069,14 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo= golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= +golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -936,12 +1084,20 @@ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -980,6 +1136,7 @@ golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM= golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -991,13 +1148,28 @@ golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224= golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= @@ -1011,14 +1183,28 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= +google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= +google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= +google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= +google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= +google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.197.0 h1:x6CwqQLsFiA5JKAiGyGBjc2bNtHtLddhJCE2IKuhhcQ= google.golang.org/api v0.197.0/go.mod h1:AuOuo20GoQ331nq7DquGHlU6d+2wN2fZ8O0ta60nRNw= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= +google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= +google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 h1:BulPr26Jqjnd4eYDVe+YvyR7Yc2vJGkO5/0UxD0/jZU= google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:hL97c3SYopEHblzpxRL4lSs523++l8DYxGM1FQiYmb4= @@ -1027,6 +1213,8 @@ google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed/go. google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 h1:pPJltXNxVzT4pK9yD8vR9X75DaWYYmLGMsEvBfFQZzQ= google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= +google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= +google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= @@ -1054,10 +1242,14 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EV gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= +gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= +gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= @@ -1070,7 +1262,10 @@ gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= helm.sh/helm/v3 v3.15.3 h1:HcZDaVFe9uHa6hpsR54mJjYyRy4uz/pc6csg27nxFOc= helm.sh/helm/v3 v3.15.3/go.mod h1:FzSIP8jDQaa6WAVg9F+OkKz7J0ZmAga4MABtTbsb9WQ= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= k8s.io/api v0.30.3 h1:ImHwK9DCsPA9uoU3rVh4QHAHHK5dTSv1nxJUapx8hoQ= k8s.io/api v0.30.3/go.mod h1:GPc8jlzoe5JG3pb0KJCSLX5oAFIW3/qNJITlDj8BH04= k8s.io/apiextensions-apiserver v0.30.3 h1:oChu5li2vsZHx2IvnGP3ah8Nj3KyqG3kRSaKmijhB9U= @@ -1105,6 +1300,7 @@ libvirt.org/go/libvirt v1.10005.0 h1:KQv+SZNQvHJOG7B34TI2hyKnKW6hpXTEJFHUerYuGNI libvirt.org/go/libvirt v1.10005.0/go.mod h1:1WiFE8EjZfq+FCVog+rvr1yatKbKZ9FaFMZgEqxEJqQ= oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo= oras.land/oras-go v1.2.5/go.mod h1:PuAwRShRZCsZb7g8Ar3jKKQR/2A/qN+pkYxIOd/FAoo= +rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= sigs.k8s.io/controller-runtime v0.18.4 h1:87+guW1zhvuPLh1PHybKdYFLU0YJp4FhJRmiHvm5BZw= sigs.k8s.io/controller-runtime v0.18.4/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= diff --git a/internal/constellation/helm.go b/internal/constellation/helm.go index 4551e6ef4..ed1345459 100644 --- a/internal/constellation/helm.go +++ b/internal/constellation/helm.go @@ -60,6 +60,21 @@ func (a *Applier) AnnotateCoreDNSResources(ctx context.Context) error { return nil } +// CleanupCoreDNSResources removes CoreDNS resources that are not managed by Helm. +// +// This is only required when CoreDNS was installed by kubeadm directly. +// TODO(burgerdev): remove after v2.19 is released. +func (a *Applier) CleanupCoreDNSResources(ctx context.Context) error { + err := a.dynamicClient. + Resource(schema.GroupVersionResource{Group: "", Version: "v1", Resource: "configmaps"}). + Namespace("kube-system"). + Delete(ctx, "coredns", v1.DeleteOptions{}) + if !k8serrors.IsNotFound(err) { + return err + } + return nil +} + // PrepareHelmCharts loads Helm charts for Constellation and returns an executor to apply them. func (a *Applier) PrepareHelmCharts( flags helm.Options, state *state.State, serviceAccURI string, masterSecret uri.MasterSecret, diff --git a/internal/constellation/helm/BUILD.bazel b/internal/constellation/helm/BUILD.bazel index 8ab09ef41..928681b90 100644 --- a/internal/constellation/helm/BUILD.bazel +++ b/internal/constellation/helm/BUILD.bazel @@ -465,6 +465,14 @@ go_library( "charts/cert-manager/templates/cainjector-config.yaml", "charts/cert-manager/templates/extras-objects.yaml", "charts/cert-manager/templates/podmonitor.yaml", + "charts/coredns/Chart.yaml", + "charts/coredns/values.yaml", + "charts/coredns/templates/clusterrole.yaml", + "charts/coredns/templates/clusterrolebinding.yaml", + "charts/coredns/templates/configmap.yaml", + "charts/coredns/templates/deployment.yaml", + "charts/coredns/templates/service.yaml", + "charts/coredns/templates/serviceaccount.yaml", ], importpath = "github.com/edgelesssys/constellation/v2/internal/constellation/helm", visibility = ["//:__subpackages__"], @@ -492,6 +500,7 @@ go_library( "@io_k8s_client_go//restmapper", "@io_k8s_client_go//tools/clientcmd", "@io_k8s_client_go//util/retry", + "@io_k8s_kubernetes//cmd/kubeadm/app/constants", "@sh_helm_helm_v3//pkg/action", "@sh_helm_helm_v3//pkg/chart", "@sh_helm_helm_v3//pkg/chart/loader", diff --git a/internal/constellation/helm/charts/coredns/Chart.yaml b/internal/constellation/helm/charts/coredns/Chart.yaml new file mode 100644 index 000000000..bd531acd7 --- /dev/null +++ b/internal/constellation/helm/charts/coredns/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +name: kube-dns +version: 0.0.0 diff --git a/internal/constellation/helm/charts/coredns/templates/clusterrole.yaml b/internal/constellation/helm/charts/coredns/templates/clusterrole.yaml new file mode 100644 index 000000000..13d284c3c --- /dev/null +++ b/internal/constellation/helm/charts/coredns/templates/clusterrole.yaml @@ -0,0 +1,23 @@ + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: system:coredns +rules: +- apiGroups: + - "" + resources: + - endpoints + - services + - pods + - namespaces + verbs: + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch diff --git a/internal/constellation/helm/charts/coredns/templates/clusterrolebinding.yaml b/internal/constellation/helm/charts/coredns/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..ab35291a1 --- /dev/null +++ b/internal/constellation/helm/charts/coredns/templates/clusterrolebinding.yaml @@ -0,0 +1,13 @@ + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: system:coredns +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:coredns +subjects: +- kind: ServiceAccount + name: coredns + namespace: kube-system diff --git a/internal/constellation/helm/charts/coredns/templates/configmap.yaml b/internal/constellation/helm/charts/coredns/templates/configmap.yaml new file mode 100644 index 000000000..58a48a318 --- /dev/null +++ b/internal/constellation/helm/charts/coredns/templates/configmap.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +data: + Corefile: | + .:53 { + errors + health { + lameduck 5s + } + ready + kubernetes {{ .Values.dnsDomain }} in-addr.arpa ip6.arpa { + pods insecure + fallthrough in-addr.arpa ip6.arpa + ttl 30 + } + prometheus :9153 + forward . /etc/resolv.conf { + max_concurrent 1000 + } + cache 30 + loop + reload + loadbalance + } +kind: ConfigMap +metadata: + creationTimestamp: null + name: edg-coredns + namespace: kube-system diff --git a/internal/constellation/helm/charts/coredns/templates/deployment.yaml b/internal/constellation/helm/charts/coredns/templates/deployment.yaml new file mode 100644 index 000000000..b7fd735df --- /dev/null +++ b/internal/constellation/helm/charts/coredns/templates/deployment.yaml @@ -0,0 +1,109 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + creationTimestamp: null + labels: + k8s-app: kube-dns + name: coredns + namespace: kube-system +spec: + replicas: 2 + selector: + matchLabels: + k8s-app: kube-dns + strategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + creationTimestamp: null + labels: + k8s-app: kube-dns + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: k8s-app + operator: In + values: + - kube-dns + topologyKey: kubernetes.io/hostname + weight: 100 + containers: + - args: + - -conf + - /etc/coredns/Corefile + image: '{{ .Values.image }}' + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 5 + httpGet: + path: /health + port: 8080 + scheme: HTTP + initialDelaySeconds: 60 + successThreshold: 1 + timeoutSeconds: 5 + name: coredns + ports: + - containerPort: 53 + name: dns + protocol: UDP + - containerPort: 53 + name: dns-tcp + protocol: TCP + - containerPort: 9153 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /ready + port: 8181 + scheme: HTTP + resources: + limits: + memory: 170Mi + requests: + cpu: 100m + memory: 70Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /etc/coredns + name: config-volume + readOnly: true + dnsPolicy: Default + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-cluster-critical + serviceAccountName: coredns + tolerations: + - key: CriticalAddonsOnly + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + - effect: NoSchedule + key: node.cloudprovider.kubernetes.io/uninitialized + value: "true" + - effect: NoExecute + key: node.kubernetes.io/unreachable + operator: Exists + tolerationSeconds: 10 + volumes: + - configMap: + items: + - key: Corefile + path: Corefile + name: edg-coredns + name: config-volume +status: {} diff --git a/internal/constellation/helm/charts/coredns/templates/service.yaml b/internal/constellation/helm/charts/coredns/templates/service.yaml new file mode 100644 index 000000000..ba243aa19 --- /dev/null +++ b/internal/constellation/helm/charts/coredns/templates/service.yaml @@ -0,0 +1,33 @@ + +apiVersion: v1 +kind: Service +metadata: + labels: + k8s-app: kube-dns + kubernetes.io/cluster-service: "true" + kubernetes.io/name: "CoreDNS" + name: kube-dns + namespace: kube-system + annotations: + prometheus.io/port: "9153" + prometheus.io/scrape: "true" + # Without this resourceVersion value, an update of the Service between versions will yield: + # Service "kube-dns" is invalid: metadata.resourceVersion: Invalid value: "": must be specified for an update + resourceVersion: "0" +spec: + clusterIP: "{{ .Values.clusterIP }}" + ports: + - name: dns + port: 53 + protocol: UDP + targetPort: 53 + - name: dns-tcp + port: 53 + protocol: TCP + targetPort: 53 + - name: metrics + port: 9153 + protocol: TCP + targetPort: 9153 + selector: + k8s-app: kube-dns diff --git a/internal/constellation/helm/charts/coredns/templates/serviceaccount.yaml b/internal/constellation/helm/charts/coredns/templates/serviceaccount.yaml new file mode 100644 index 000000000..937b99fa5 --- /dev/null +++ b/internal/constellation/helm/charts/coredns/templates/serviceaccount.yaml @@ -0,0 +1,6 @@ + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: coredns + namespace: kube-system diff --git a/internal/constellation/helm/charts/coredns/values.yaml b/internal/constellation/helm/charts/coredns/values.yaml new file mode 100644 index 000000000..85986b74a --- /dev/null +++ b/internal/constellation/helm/charts/coredns/values.yaml @@ -0,0 +1,3 @@ +clusterIP: 10.96.0.10 +dnsDomain: cluster.local +image: registry.k8s.io/coredns/coredns:v1.11.1@sha256:1eeb4c7316bacb1d4c8ead65571cd92dd21e27359f0d4917f1a5822a73b75db1 diff --git a/internal/constellation/helm/corednsgen/BUILD.bazel b/internal/constellation/helm/corednsgen/BUILD.bazel new file mode 100644 index 000000000..4dbc61a61 --- /dev/null +++ b/internal/constellation/helm/corednsgen/BUILD.bazel @@ -0,0 +1,26 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library") + +go_library( + name = "corednsgen_lib", + srcs = ["corednsgen.go"], + importpath = "github.com/edgelesssys/constellation/v2/internal/constellation/helm/corednsgen", + visibility = ["//visibility:private"], + deps = [ + "//internal/versions", + "@com_github_regclient_regclient//:regclient", + "@com_github_regclient_regclient//types/ref", + "@io_k8s_api//apps/v1:apps", + "@io_k8s_api//core/v1:core", + "@io_k8s_kubernetes//cmd/kubeadm/app/apis/kubeadm", + "@io_k8s_kubernetes//cmd/kubeadm/app/images", + "@io_k8s_kubernetes//cmd/kubeadm/app/phases/addons/dns", + "@io_k8s_kubernetes//cmd/kubeadm/app/util", + "@io_k8s_sigs_yaml//:yaml", + ], +) + +go_binary( + name = "corednsgen", + embed = [":corednsgen_lib"], + visibility = ["//:__subpackages__"], +) diff --git a/internal/constellation/helm/corednsgen/corednsgen.go b/internal/constellation/helm/corednsgen/corednsgen.go new file mode 100644 index 000000000..5c7bc08f2 --- /dev/null +++ b/internal/constellation/helm/corednsgen/corednsgen.go @@ -0,0 +1,181 @@ +/* +Copyright (c) Edgeless Systems GmbH + +SPDX-License-Identifier: AGPL-3.0-only +*/ + +// corednsgen synthesizes a Helm chart from the resource templates embedded in +// kubeadm and writes it to the `charts` directory underneath the current +// working directory. This removes the existing `coredns` subdirectory! +package main + +import ( + "context" + "flag" + "fmt" + "log" + "os" + "path/filepath" + + "github.com/edgelesssys/constellation/v2/internal/versions" + "github.com/regclient/regclient" + "github.com/regclient/regclient/types/ref" + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" + "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm" + "k8s.io/kubernetes/cmd/kubeadm/app/images" + kubedns "k8s.io/kubernetes/cmd/kubeadm/app/phases/addons/dns" + kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util" + "sigs.k8s.io/yaml" +) + +const configMapName = "edg-coredns" + +var chartDir = flag.String("charts", "./charts", "target directory to create charts in") + +func main() { + flag.Parse() + + if err := os.RemoveAll(filepath.Join(*chartDir, "coredns")); err != nil { + log.Fatalf("Could not remove chart dir: %v", err) + } + + writeFileRelativeToChartDir(chartYAML(), "Chart.yaml") + writeFileRelativeToChartDir(valuesYAML(), "values.yaml") + + writeTemplate(kubedns.CoreDNSServiceAccount, "serviceaccount.yaml") + writeTemplate(kubedns.CoreDNSClusterRole, "clusterrole.yaml") + writeTemplate(kubedns.CoreDNSClusterRoleBinding, "clusterrolebinding.yaml") + writeTemplate(kubedns.CoreDNSService, "service.yaml") + + writeFileRelativeToChartDir(patchedConfigMap(), "templates", "configmap.yaml") + writeFileRelativeToChartDir(patchedDeployment(), "templates", "deployment.yaml") +} + +func chartYAML() []byte { + chart := map[string]string{ + "apiVersion": "v2", + "name": "kube-dns", + "version": "0.0.0", + } + data, err := yaml.Marshal(chart) + if err != nil { + log.Fatalf("Could not marshal Chart.yaml: %v", err) + } + return data +} + +func valuesYAML() []byte { + cfg := &kubeadm.ClusterConfiguration{ + KubernetesVersion: string(versions.Default), + ImageRepository: "registry.k8s.io", + } + img := images.GetDNSImage(cfg) + ref, err := ref.New(img) + if err != nil { + log.Fatalf("Could not parse image reference: %v", err) + } + + rc := regclient.New() + m, err := rc.ManifestGet(context.Background(), ref) + if err != nil { + log.Fatalf("Could not get image manifest: %v", err) + } + + values := map[string]string{ + "clusterIP": "10.96.0.10", + "dnsDomain": "cluster.local", + "image": fmt.Sprintf("%s/%s:%s@%s", ref.Registry, ref.Repository, ref.Tag, m.GetDescriptor().Digest.String()), + } + data, err := yaml.Marshal(values) + if err != nil { + log.Fatalf("Could not marshal values.yaml: %v", err) + } + return data +} + +// patchedConfigMap renames the CoreDNS ConfigMap such that kubeadm does not find it. +// +// See https://github.com/kubernetes/kubeadm/issues/2846#issuecomment-1899942683. +func patchedConfigMap() []byte { + var cm corev1.ConfigMap + if err := yaml.Unmarshal(parseTemplate(kubedns.CoreDNSConfigMap), &cm); err != nil { + log.Fatalf("Could not parse configmap: %v", err) + } + + cm.Name = configMapName + + out, err := yaml.Marshal(cm) + if err != nil { + log.Fatalf("Could not marshal patched deployment: %v", err) + } + return out +} + +// patchedDeployment extracts the CoreDNS Deployment from kubeadm, adds necessary tolerations and updates the ConfigMap reference. +func patchedDeployment() []byte { + var d appsv1.Deployment + if err := yaml.Unmarshal(parseTemplate(kubedns.CoreDNSDeployment), &d); err != nil { + log.Fatalf("Could not parse deployment: %v", err) + } + + tolerations := []corev1.Toleration{ + {Key: "node.cloudprovider.kubernetes.io/uninitialized", Value: "true", Effect: corev1.TaintEffectNoSchedule}, + {Key: "node.kubernetes.io/unreachable", Operator: corev1.TolerationOpExists, Effect: corev1.TaintEffectNoExecute, TolerationSeconds: toPtr(int64(10))}, + } + d.Spec.Template.Spec.Tolerations = append(d.Spec.Template.Spec.Tolerations, tolerations...) + + for i, vol := range d.Spec.Template.Spec.Volumes { + if vol.ConfigMap != nil { + vol.ConfigMap.Name = configMapName + } + d.Spec.Template.Spec.Volumes[i] = vol + } + + out, err := yaml.Marshal(d) + if err != nil { + log.Fatalf("Could not marshal patched deployment: %v", err) + } + return out +} + +func writeFileRelativeToChartDir(content []byte, pathElements ...string) { + p := filepath.Join(append([]string{*chartDir, "coredns"}, pathElements...)...) + d := filepath.Dir(p) + if err := os.MkdirAll(d, 0o755); err != nil { + log.Fatalf("Could not create dir %q: %v", d, err) + } + if err := os.WriteFile(p, content, 0o644); err != nil { + log.Fatalf("Could not write file %q: %v", p, err) + } +} + +// parseTemplate replaces the Go template placeholders in kubeadm resources +// with fixed values or Helm value placeholders. +func parseTemplate(tmpl string) []byte { + vars := struct { + DeploymentName, Image, ControlPlaneTaintKey, DNSDomain, DNSIP string + Replicas *int32 + }{ + DeploymentName: "coredns", + DNSDomain: `{{ .Values.dnsDomain }}`, + DNSIP: `"{{ .Values.clusterIP }}"`, + Image: `"{{ .Values.image }}"`, + ControlPlaneTaintKey: "node-role.kubernetes.io/control-plane", + Replicas: toPtr(int32(2)), + } + data, err := kubeadmutil.ParseTemplate(tmpl, vars) + if err != nil { + log.Fatalf("Could not interpolate template: %v", err) + } + return data +} + +func writeTemplate(tmpl string, name string) { + data := parseTemplate(tmpl) + writeFileRelativeToChartDir(data, "templates", name) +} + +func toPtr[T any](v T) *T { + return &v +} diff --git a/internal/constellation/helm/helm.go b/internal/constellation/helm/helm.go index dcc994c6c..474044138 100644 --- a/internal/constellation/helm/helm.go +++ b/internal/constellation/helm/helm.go @@ -91,6 +91,7 @@ type Options struct { HelmWaitMode WaitMode ApplyTimeout time.Duration OpenStackValues *OpenStackValues + ServiceCIDR string } // PrepareApply loads the charts and returns the executor to apply them. @@ -114,7 +115,8 @@ func (h Client) loadReleases( ) ([]release, error) { helmLoader := newLoader(flags.CSP, flags.AttestationVariant, flags.K8sVersion, stateFile, h.cliVersion) h.log.Debug("Created new Helm loader") - return helmLoader.loadReleases(flags.Conformance, flags.DeployCSIDriver, flags.HelmWaitMode, secret, serviceAccURI, flags.OpenStackValues) + // TODO(burgerdev): pass down the entire flags struct + return helmLoader.loadReleases(flags.Conformance, flags.DeployCSIDriver, flags.HelmWaitMode, secret, serviceAccURI, flags.OpenStackValues, flags.ServiceCIDR) } // Applier runs the Helm actions. diff --git a/internal/constellation/helm/helm_test.go b/internal/constellation/helm/helm_test.go index f9af7bafa..65dfb3396 100644 --- a/internal/constellation/helm/helm_test.go +++ b/internal/constellation/helm/helm_test.go @@ -199,6 +199,7 @@ func TestHelmApply(t *testing.T) { certManagerVersion = *tc.clusterCertManagerVersion } helmListVersion(lister, "cilium", "v1.15.5-edg.1") + helmListVersion(lister, "coredns", "v0.0.0") helmListVersion(lister, "cert-manager", certManagerVersion) helmListVersion(lister, "constellation-services", tc.clusterMicroServiceVersion) helmListVersion(lister, "constellation-operators", tc.clusterMicroServiceVersion) diff --git a/internal/constellation/helm/loader.go b/internal/constellation/helm/loader.go index 09b83cd68..da87308ad 100644 --- a/internal/constellation/helm/loader.go +++ b/internal/constellation/helm/loader.go @@ -31,6 +31,7 @@ import ( // Run `go generate` to download (and patch) upstream helm charts. //go:generate ./generateCilium.sh +//go:generate go run ./corednsgen/ //go:generate ./update-csi-charts.sh //go:generate ./generateCertManager.sh //go:generate ./update-aws-load-balancer-chart.sh @@ -46,6 +47,7 @@ type chartInfo struct { var ( // Charts we fetch from an upstream with real versions. + coreDNSInfo = chartInfo{releaseName: "coredns", chartName: "coredns", path: "charts/coredns"} ciliumInfo = chartInfo{releaseName: "cilium", chartName: "cilium", path: "charts/cilium"} certManagerInfo = chartInfo{releaseName: "cert-manager", chartName: "cert-manager", path: "charts/cert-manager"} awsLBControllerInfo = chartInfo{releaseName: "aws-load-balancer-controller", chartName: "aws-load-balancer-controller", path: "charts/aws-load-balancer-controller"} @@ -124,7 +126,7 @@ type OpenStackValues struct { // loadReleases loads the embedded helm charts and returns them as a HelmReleases object. func (i *chartLoader) loadReleases(conformanceMode, deployCSIDriver bool, helmWaitMode WaitMode, masterSecret uri.MasterSecret, - serviceAccURI string, openStackValues *OpenStackValues, + serviceAccURI string, openStackValues *OpenStackValues, serviceCIDR string, ) (releaseApplyOrder, error) { ciliumRelease, err := i.loadRelease(ciliumInfo, helmWaitMode) if err != nil { @@ -133,6 +135,16 @@ func (i *chartLoader) loadReleases(conformanceMode, deployCSIDriver bool, helmWa ciliumVals := extraCiliumValues(i.csp, conformanceMode, i.stateFile.Infrastructure) ciliumRelease.values = mergeMaps(ciliumRelease.values, ciliumVals) + coreDNSRelease, err := i.loadRelease(coreDNSInfo, helmWaitMode) + if err != nil { + return nil, fmt.Errorf("loading coredns: %w", err) + } + coreDNSVals, err := extraCoreDNSValues(serviceCIDR) + if err != nil { + return nil, fmt.Errorf("loading coredns values: %w", err) + } + coreDNSRelease.values = mergeMaps(coreDNSRelease.values, coreDNSVals) + certManagerRelease, err := i.loadRelease(certManagerInfo, helmWaitMode) if err != nil { return nil, fmt.Errorf("loading cert-manager: %w", err) @@ -156,7 +168,7 @@ func (i *chartLoader) loadReleases(conformanceMode, deployCSIDriver bool, helmWa } conServicesRelease.values = mergeMaps(conServicesRelease.values, svcVals) - releases := releaseApplyOrder{ciliumRelease, conServicesRelease, certManagerRelease, operatorRelease} + releases := releaseApplyOrder{ciliumRelease, coreDNSRelease, conServicesRelease, certManagerRelease, operatorRelease} if deployCSIDriver { csiRelease, err := i.loadRelease(csiInfo, WaitModeNone) if err != nil { @@ -224,6 +236,8 @@ func (i *chartLoader) loadRelease(info chartInfo, helmWaitMode WaitMode) (releas values = i.loadAWSLBControllerValues() case csiInfo.releaseName: values = i.loadCSIValues() + default: + values = map[string]any{} } // Charts we package ourselves have version 0.0.0. diff --git a/internal/constellation/helm/loader_test.go b/internal/constellation/helm/loader_test.go index 762f544b3..765bbf221 100644 --- a/internal/constellation/helm/loader_test.go +++ b/internal/constellation/helm/loader_test.go @@ -94,7 +94,7 @@ func TestLoadReleases(t *testing.T) { helmReleases, err := chartLoader.loadReleases( true, false, WaitModeAtomic, uri.MasterSecret{Key: []byte("secret"), Salt: []byte("masterSalt")}, - fakeServiceAccURI(cloudprovider.GCP), nil, + fakeServiceAccURI(cloudprovider.GCP), nil, "172.16.128.0/17", ) require.NoError(err) for _, release := range helmReleases { @@ -260,6 +260,55 @@ func TestConstellationServices(t *testing.T) { } } +func TestExtraCoreDNSValues(t *testing.T) { + testCases := map[string]struct { + cidr string + wantIP string + wantUnset bool + wantErr bool + }{ + "default": { + cidr: "10.96.0.0/12", + wantIP: "10.96.0.10", + }, + "custom": { + cidr: "172.16.128.0/17", + wantIP: "172.16.128.10", + }, + "too small": { + cidr: "172.16.0.0/30", + wantErr: true, + }, + "bad ip": { + cidr: "cluster.local", + wantErr: true, + }, + "v6": { + cidr: "fd12:3456:789a:100::/56", + wantIP: "fd12:3456:789a:100::a", + }, + "no ip": { + wantUnset: true, + }, + } + + for name, tc := range testCases { + t.Run(name, func(t *testing.T) { + values, err := extraCoreDNSValues(tc.cidr) + if tc.wantErr { + assert.Error(t, err) + return + } + ip, ok := values["clusterIP"] + if tc.wantUnset { + assert.False(t, ok) + return + } + assert.Equal(t, tc.wantIP, ip) + }) + } +} + // TestOperators checks if the rendered constellation-services chart produces the expected yaml files. func TestOperators(t *testing.T) { testCases := map[string]struct { diff --git a/internal/constellation/helm/overrides.go b/internal/constellation/helm/overrides.go index c1e1d6c92..deb515909 100644 --- a/internal/constellation/helm/overrides.go +++ b/internal/constellation/helm/overrides.go @@ -21,8 +21,21 @@ import ( "github.com/edgelesssys/constellation/v2/internal/constants" "github.com/edgelesssys/constellation/v2/internal/constellation/state" "github.com/edgelesssys/constellation/v2/internal/kms/uri" + kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants" ) +func extraCoreDNSValues(serviceCIDR string) (map[string]any, error) { + if serviceCIDR == "" { + return map[string]any{}, nil + } + ip, err := kubeadmconstants.GetDNSIP(serviceCIDR) + if err != nil { + return nil, fmt.Errorf("calculating DNS service IP: %w", err) + } + + return map[string]any{"clusterIP": ip.String()}, nil +} + // TODO(malt3): switch over to DNS name on AWS and Azure // soon as every apiserver certificate of every control-plane node // has the dns endpoint in its SAN list. diff --git a/internal/kubernetes/kubectl/kubectl.go b/internal/kubernetes/kubectl/kubectl.go index f61488082..dae2e2db6 100644 --- a/internal/kubernetes/kubectl/kubectl.go +++ b/internal/kubernetes/kubectl/kubectl.go @@ -188,65 +188,6 @@ func (k *Kubectl) PatchFirstNodePodCIDR(ctx context.Context, firstNodePodCIDR st return err } -// EnforceCoreDNSSpread adds a pod anti-affinity to the CoreDNS deployment to ensure that -// CoreDNS pods are spread across nodes. -func (k *Kubectl) EnforceCoreDNSSpread(ctx context.Context) error { - // allow CoreDNS Pods to run on uninitialized nodes, which is required by cloud-controller-manager - tolerationSeconds := int64(10) - tolerations := []corev1.Toleration{ - { - Key: "node.cloudprovider.kubernetes.io/uninitialized", - Value: "true", - Effect: corev1.TaintEffectNoSchedule, - }, - { - Key: "node.kubernetes.io/unreachable", - Operator: corev1.TolerationOpExists, - Effect: corev1.TaintEffectNoExecute, - TolerationSeconds: &tolerationSeconds, - }, - } - - deployments := k.AppsV1().Deployments("kube-system") - // retry resource update if an error occurs - return retry.RetryOnConflict(retry.DefaultRetry, func() error { - result, err := deployments.Get(ctx, "coredns", metav1.GetOptions{}) - if err != nil { - return fmt.Errorf("failed to get Deployment to add toleration: %w", err) - } - - result.Spec.Template.Spec.Tolerations = append(result.Spec.Template.Spec.Tolerations, tolerations...) - - if result.Spec.Template.Spec.Affinity == nil { - result.Spec.Template.Spec.Affinity = &corev1.Affinity{} - } - if result.Spec.Template.Spec.Affinity.PodAntiAffinity == nil { - result.Spec.Template.Spec.Affinity.PodAntiAffinity = &corev1.PodAntiAffinity{} - } - result.Spec.Template.Spec.Affinity.PodAntiAffinity.PreferredDuringSchedulingIgnoredDuringExecution = []corev1.WeightedPodAffinityTerm{} - if result.Spec.Template.Spec.Affinity.PodAntiAffinity.RequiredDuringSchedulingIgnoredDuringExecution == nil { - result.Spec.Template.Spec.Affinity.PodAntiAffinity.RequiredDuringSchedulingIgnoredDuringExecution = []corev1.PodAffinityTerm{} - } - - result.Spec.Template.Spec.Affinity.PodAntiAffinity.RequiredDuringSchedulingIgnoredDuringExecution = append(result.Spec.Template.Spec.Affinity.PodAntiAffinity.RequiredDuringSchedulingIgnoredDuringExecution, - corev1.PodAffinityTerm{ - LabelSelector: &metav1.LabelSelector{ - MatchExpressions: []metav1.LabelSelectorRequirement{ - { - Key: "k8s-app", - Operator: metav1.LabelSelectorOpIn, - Values: []string{"kube-dns"}, - }, - }, - }, - TopologyKey: "kubernetes.io/hostname", - }) - - _, err = deployments.Update(ctx, result, metav1.UpdateOptions{}) - return err - }) -} - // AddNodeSelectorsToDeployment adds [K8s selectors] to the deployment, identified // by name and namespace. // diff --git a/terraform-provider-constellation/internal/provider/cluster_resource.go b/terraform-provider-constellation/internal/provider/cluster_resource.go index 01aa6615b..978771e83 100644 --- a/terraform-provider-constellation/internal/provider/cluster_resource.go +++ b/terraform-provider-constellation/internal/provider/cluster_resource.go @@ -1311,6 +1311,11 @@ func (r *ClusterResource) applyHelmCharts(ctx context.Context, applier *constell diags.AddError("Applying Helm charts", err.Error()) return diags } + + if err := applier.CleanupCoreDNSResources(ctx); err != nil { + diags.AddError("Cleaning up CoreDNS resources", err.Error()) + return diags + } return diags } From 0f93af9aec962392f9ce53a97cfeab6c5b9f9d65 Mon Sep 17 00:00:00 2001 From: Moritz Eckert Date: Mon, 7 Oct 2024 15:16:54 +0200 Subject: [PATCH 284/380] readme: remove demo references (#3393) --- README.md | 9 --------- 1 file changed, 9 deletions(-) diff --git a/README.md b/README.md index 5e698b772..170ad1dc6 100644 --- a/README.md +++ b/README.md @@ -74,15 +74,6 @@ If you're already familiar with Kubernetes, it's easy to get started with Conste Learn more: ["Getting started with Constellation" videos series](https://www.youtube.com/playlist?list=PLEhAl3D5WVvRYxO_yI7KzmtJ7rJUyQgNu). -## Live demos - -We're running public instances of popular software on Constellation: - -* Rocket.Chat: ([blog post](https://www.edgeless.systems/resource-library/rocket-chat)) -* GitLab: ([blog post](https://www.edgeless.systems/resource-library/confidential-gitlab/)) - -These instances run on CVMs in Azure and Constellation keeps them end-to-end confidential. - ## Documentation To learn more, see the [documentation](https://docs.edgeless.systems/constellation). From 204d684686974f2a935a2598913dc0672064b88b Mon Sep 17 00:00:00 2001 From: 3u13r Date: Mon, 7 Oct 2024 19:05:21 +0200 Subject: [PATCH 285/380] dev-docs: link to docs website instead of to local files (#3394) * dev-docs: link to docs website instead of to local files * dev-docs: pin sonobuoy link to latest working docs release * dev-docs: link to new libvirt docs URL --- dev-docs/security-overview.md | 6 +++--- dev-docs/workflows/github-actions.md | 2 +- dev-docs/workflows/qemu.md | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/dev-docs/security-overview.md b/dev-docs/security-overview.md index 0c6b0e4af..a2b03ab0e 100644 --- a/dev-docs/security-overview.md +++ b/dev-docs/security-overview.md @@ -26,7 +26,7 @@ The purpose and source of the measurements are described in the [next section](# In addition to the measurements, the attestation config contains expected patch levels for the CPU microcode and the X.509 certificate of the CPU vendor's remote attestation infrastructure. An example of an attestation config is given [below](#attestation-config). -In case a different version of the node image is to be used, the corresponding measurements can be fetched using the CLI's ["config fetch-measurements" command](reference/cli#constellation-config-fetch-measurements). +In case a different version of the node image is to be used, the corresponding measurements can be fetched using the CLI's ["config fetch-measurements" command](https://docs.edgeless.systems/constellation/reference/cli#constellation-config-fetch-measurements). This command downloads the measurements and the corresponding signature from Edgeless Systems from https://cdn.confidential.cloud. See for example the following files corresponding to node image v2.16.3: * [Measurements](https://cdn.confidential.cloud/constellation/v2/ref/-/stream/stable/v2.16.3/image/measurements.json) @@ -53,7 +53,7 @@ Based on the remote-attestation statement, the CLI and the Bootstrapper running We refer to this type of connection as "attested TLS" (aTLS). This connection is mainly used for three things (see the the [interface definition](https://github.com/edgelesssys/constellation/blob/main/bootstrapper/initproto/init.proto) for a comprehensive list of exchanged data): 1. The CLI sends the hashes of the expected Kubernetes binaries to the first node. -2. The CLI generates the [master secret](../architecture/keys.md#master-secret) of the to-be-created cluster and sends it to the first node. +2. The CLI generates the [master secret](https://docs.edgeless.systems/constellation/architecture/keys#master-secret) of the to-be-created cluster and sends it to the first node. 3. The first node generates a [kubeconfig file](https://www.redhat.com/sysadmin/kubeconfig) and sends it to the CLI. The kubeconfig file contains Kubernetes credentials for the CLI and the Kubernetes cluster's public key, among others. @@ -132,7 +132,7 @@ The CLI uses this connection for two essential operations at the Kubernetes leve 1. It executes the [hardcoded Helm charts](#cli-root-of-trust), which, most notably, install the three core services KeyService, JoinService, and VerificationService, the [constellation-node-operator](https://github.com/edgelesssys/constellation/tree/main/operators/constellation-node-operator), and a small number of standard services like Cilium and cert-manager. The latter causes the first node to download, verify, and run the containers defined in the Helm charts. -The containers that are specific to Constellation are hosted at https://ghcr.io/edgelesssys. +The containers that are specific to Constellation are hosted at `ghcr.io/edgelesssys`. After this, the Constellation cluster is operational on the first node. diff --git a/dev-docs/workflows/github-actions.md b/dev-docs/workflows/github-actions.md index ef97ed332..89f9f5d3c 100644 --- a/dev-docs/workflows/github-actions.md +++ b/dev-docs/workflows/github-actions.md @@ -24,7 +24,7 @@ Here are some examples for test suites you might want to run. Values for `sonobu * `--mode certified-conformance` * For K8s conformance certification test suite -Check [Sonobuoy docs](https://sonobuoy.io/docs/latest/e2eplugin/) for more examples. +Check [Sonobuoy docs](https://sonobuoy.io/docs/v0.57.1/e2eplugin/) for more examples. When using `--mode` be aware that `--e2e-focus` and `e2e-skip` will be overwritten. [Check in the source code](https://github.com/vmware-tanzu/sonobuoy/blob/e709787426316423a4821927b1749d5bcc90cb8c/cmd/sonobuoy/app/modes.go#L130) what the different modes do. diff --git a/dev-docs/workflows/qemu.md b/dev-docs/workflows/qemu.md index 3f294cc8b..dd327d31b 100644 --- a/dev-docs/workflows/qemu.md +++ b/dev-docs/workflows/qemu.md @@ -20,7 +20,7 @@ Follow the steps in our [libvirt readme](../../nix/container/README.md) if you w ### Install required packages -[General reference](https://ubuntu.com/server/docs/virtualization-libvirt) +[General reference](https://documentation.ubuntu.com/server/how-to/virtualisation/libvirt/) ```shell-session sudo apt install qemu-kvm libvirt-daemon-system xsltproc From 02762f7956bbf407ee9fd6fcd31562d3296830ee Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 7 Oct 2024 19:07:25 +0200 Subject: [PATCH 286/380] deps: update distroless_static Docker digest to 69830f2 (#3391) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- bazel/toolchains/container_images.bzl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bazel/toolchains/container_images.bzl b/bazel/toolchains/container_images.bzl index 38e7bc04b..38511c0b6 100644 --- a/bazel/toolchains/container_images.bzl +++ b/bazel/toolchains/container_images.bzl @@ -7,7 +7,7 @@ load("@rules_oci//oci:pull.bzl", "oci_pull") def containter_image_deps(): oci_pull( name = "distroless_static", - digest = "sha256:b033683de7de51d8cce5aa4b47c1b9906786f6256017ca8b17b2551947fcf6d8", + digest = "sha256:69830f29ed7545c762777507426a412f97dad3d8d32bae3e74ad3fb6160917ea", image = "gcr.io/distroless/static", platforms = [ "linux/amd64", From 961fabbd1ac059643417236541b776611c83a0c0 Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Tue, 8 Oct 2024 10:55:29 +0200 Subject: [PATCH 287/380] helm: upgrade Cilium to v1.15.8 (#3392) * helm: upgrade to Cilium v1.15.8 * fixup! helm: upgrade to Cilium v1.15.8 use proper release tag * fixup! helm: upgrade to Cilium v1.15.8 use images build from tag --- .../helm/charts/cilium/Chart.yaml | 4 +- .../helm/charts/cilium/README.md | 31 +++++----- .../helm/charts/cilium/README.md.gotmpl | 2 +- .../hubble/dashboards/hubble-dashboard.json | 18 +++++- .../dashboards/hubble-dns-namespace.json | 2 +- .../hubble-network-overview-namespace.json | 2 +- .../helm/charts/cilium/templates/_helpers.tpl | 57 +----------------- .../templates/cilium-agent/daemonset.yaml | 20 ++----- .../cilium/templates/cilium-configmap.yaml | 3 + .../templates/cilium-envoy/daemonset.yaml | 14 ----- .../templates/cilium-ingress-service.yaml | 2 - .../templates/cilium-nodeinit/daemonset.yaml | 1 - .../templates/cilium-operator/deployment.yaml | 1 - .../cilium-operator/poddisruptionbudget.yaml | 2 +- .../templates/cilium-preflight/daemonset.yaml | 5 +- .../cilium-preflight/deployment.yaml | 1 - .../cilium-preflight/poddisruptionbudget.yaml | 2 +- .../clustermesh-apiserver/deployment.yaml | 1 - .../poddisruptionbudget.yaml | 2 +- .../clustermesh-apiserver/service.yaml | 3 + .../tls-cronjob/cronjob.yaml | 2 +- .../cilium-etcd-operator-deployment.yaml | 1 - .../etcd-operator/poddisruptionbudget.yaml | 2 +- .../templates/hubble-relay/deployment.yaml | 58 +++++++++---------- .../hubble-relay/poddisruptionbudget.yaml | 2 +- .../templates/hubble-ui/deployment.yaml | 3 - .../cilium/templates/hubble-ui/ingress.yaml | 9 ++- .../hubble-ui/poddisruptionbudget.yaml | 2 +- .../cilium/templates/hubble/peer-service.yaml | 2 - .../templates/hubble/tls-cronjob/cronjob.yaml | 2 +- .../charts/cilium/templates/validate.yaml | 14 +++++ .../helm/charts/cilium/values.yaml | 57 +++++++++++------- .../helm/charts/cilium/values.yaml.tmpl | 25 ++++++-- internal/constellation/helm/cilium.patch | 41 ------------- internal/constellation/helm/generateCilium.sh | 3 +- internal/constellation/helm/helm_test.go | 2 +- internal/constellation/helm/loader.go | 8 +-- 37 files changed, 175 insertions(+), 231 deletions(-) delete mode 100644 internal/constellation/helm/cilium.patch diff --git a/internal/constellation/helm/charts/cilium/Chart.yaml b/internal/constellation/helm/charts/cilium/Chart.yaml index 9f079933b..0aa3edc19 100644 --- a/internal/constellation/helm/charts/cilium/Chart.yaml +++ b/internal/constellation/helm/charts/cilium/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: cilium displayName: Cilium home: https://cilium.io/ -version: 1.15.5-edg.1 -appVersion: 1.15.5-edg.1 +version: 1.15.8-edg.0 +appVersion: 1.15.8-edg.0 kubeVersion: ">= 1.16.0-0" icon: https://cdn.jsdelivr.net/gh/cilium/cilium@v1.15/Documentation/images/logo-solo.svg description: eBPF-based Networking, Security, and Observability diff --git a/internal/constellation/helm/charts/cilium/README.md b/internal/constellation/helm/charts/cilium/README.md index 6c41b865c..78fcdf684 100644 --- a/internal/constellation/helm/charts/cilium/README.md +++ b/internal/constellation/helm/charts/cilium/README.md @@ -1,6 +1,6 @@ # cilium -![Version: 1.15.5](https://img.shields.io/badge/Version-1.15.5-informational?style=flat-square) ![AppVersion: 1.15.5](https://img.shields.io/badge/AppVersion-1.15.5-informational?style=flat-square) +![Version: 1.15.8](https://img.shields.io/badge/Version-1.15.8-informational?style=flat-square) ![AppVersion: 1.15.8](https://img.shields.io/badge/AppVersion-1.15.8-informational?style=flat-square) Cilium is open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as @@ -46,7 +46,7 @@ offer from the [Getting Started Guides page](https://docs.cilium.io/en/stable/ge ## Getting Help The best way to get help if you get stuck is to ask a question on the -[Cilium Slack channel](https://cilium.herokuapp.com/). With Cilium +[Cilium Slack channel](https://slack.cilium.io). With Cilium contributors across the globe, there is almost always someone available to help. ## Values @@ -83,7 +83,7 @@ contributors across the globe, there is almost always someone available to help. | authentication.mutual.spire.install.agent.tolerations | list | `[{"effect":"NoSchedule","key":"node.kubernetes.io/not-ready"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/control-plane"},{"effect":"NoSchedule","key":"node.cloudprovider.kubernetes.io/uninitialized","value":"true"},{"key":"CriticalAddonsOnly","operator":"Exists"}]` | SPIRE agent tolerations configuration By default it follows the same tolerations as the agent itself to allow the Cilium agent on this node to connect to SPIRE. ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ | | authentication.mutual.spire.install.enabled | bool | `true` | Enable SPIRE installation. This will only take effect only if authentication.mutual.spire.enabled is true | | authentication.mutual.spire.install.existingNamespace | bool | `false` | SPIRE namespace already exists. Set to true if Helm should not create, manage, and import the SPIRE namespace. | -| authentication.mutual.spire.install.initImage | object | `{"digest":"sha256:223ae047b1065bd069aac01ae3ac8088b3ca4a527827e283b85112f29385fb1b","override":null,"pullPolicy":"IfNotPresent","repository":"docker.io/library/busybox","tag":"1.36.1","useDigest":true}` | init container image of SPIRE agent and server | +| authentication.mutual.spire.install.initImage | object | `{"digest":"sha256:9ae97d36d26566ff84e8893c64a6dc4fe8ca6d1144bf5b87b2b85a32def253c7","override":null,"pullPolicy":"IfNotPresent","repository":"docker.io/library/busybox","tag":"1.36.1","useDigest":true}` | init container image of SPIRE agent and server | | authentication.mutual.spire.install.namespace | string | `"cilium-spire"` | SPIRE namespace to install into | | authentication.mutual.spire.install.server.affinity | object | `{}` | SPIRE server affinity configuration | | authentication.mutual.spire.install.server.annotations | object | `{}` | SPIRE server annotations | @@ -143,7 +143,7 @@ contributors across the globe, there is almost always someone available to help. | bpf.tproxy | bool | `false` | Configure the eBPF-based TPROXY to reduce reliance on iptables rules for implementing Layer 7 policy. | | bpf.vlanBypass | list | `[]` | Configure explicitly allowed VLAN id's for bpf logic bypass. [0] will allow all VLAN id's without any filtering. | | bpfClockProbe | bool | `false` | Enable BPF clock source probing for more efficient tick retrieval. | -| certgen | object | `{"affinity":{},"annotations":{"cronJob":{},"job":{}},"extraVolumeMounts":[],"extraVolumes":[],"image":{"digest":"sha256:bbc5e65e9dc65bc6b58967fe536b7f3b54e12332908aeb0a96a36866b4372b4e","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/certgen","tag":"v0.1.12","useDigest":true},"podLabels":{},"tolerations":[],"ttlSecondsAfterFinished":1800}` | Configure certificate generation for Hubble integration. If hubble.tls.auto.method=cronJob, these values are used for the Kubernetes CronJob which will be scheduled regularly to (re)generate any certificates not provided manually. | +| certgen | object | `{"affinity":{},"annotations":{"cronJob":{},"job":{}},"extraVolumeMounts":[],"extraVolumes":[],"image":{"digest":"sha256:40cdac65aa6ee86c16ce107f8726c4b55ce6654d07bbdf490db6bd492587bf54","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/certgen","tag":"v0.1.14","useDigest":true},"podLabels":{},"tolerations":[],"ttlSecondsAfterFinished":1800}` | Configure certificate generation for Hubble integration. If hubble.tls.auto.method=cronJob, these values are used for the Kubernetes CronJob which will be scheduled regularly to (re)generate any certificates not provided manually. | | certgen.affinity | object | `{}` | Affinity for certgen | | certgen.annotations | object | `{"cronJob":{},"job":{}}` | Annotations to be added to the hubble-certgen initial Job and CronJob | | certgen.extraVolumeMounts | list | `[]` | Additional certgen volumeMounts. | @@ -171,7 +171,7 @@ contributors across the globe, there is almost always someone available to help. | clustermesh.apiserver.extraEnv | list | `[]` | Additional clustermesh-apiserver environment variables. | | clustermesh.apiserver.extraVolumeMounts | list | `[]` | Additional clustermesh-apiserver volumeMounts. | | clustermesh.apiserver.extraVolumes | list | `[]` | Additional clustermesh-apiserver volumes. | -| clustermesh.apiserver.image | object | `{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.15.5","useDigest":false}` | Clustermesh API server image. | +| clustermesh.apiserver.image | object | `{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.15.8","useDigest":false}` | Clustermesh API server image. | | clustermesh.apiserver.kvstoremesh.enabled | bool | `false` | Enable KVStoreMesh. KVStoreMesh caches the information retrieved from the remote clusters in the local etcd instance. | | clustermesh.apiserver.kvstoremesh.extraArgs | list | `[]` | Additional KVStoreMesh arguments. | | clustermesh.apiserver.kvstoremesh.extraEnv | list | `[]` | Additional KVStoreMesh environment variables. | @@ -213,6 +213,8 @@ contributors across the globe, there is almost always someone available to help. | clustermesh.apiserver.service.annotations | object | `{}` | Annotations for the clustermesh-apiserver For GKE LoadBalancer, use annotation cloud.google.com/load-balancer-type: "Internal" For EKS LoadBalancer, use annotation service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 | | clustermesh.apiserver.service.externalTrafficPolicy | string | `nil` | The externalTrafficPolicy of service used for apiserver access. | | clustermesh.apiserver.service.internalTrafficPolicy | string | `nil` | The internalTrafficPolicy of service used for apiserver access. | +| clustermesh.apiserver.service.loadBalancerClass | string | `nil` | Configure a loadBalancerClass. Allows to configure the loadBalancerClass on the clustermesh-apiserver LB service in case the Service type is set to LoadBalancer (requires Kubernetes 1.24+). | +| clustermesh.apiserver.service.loadBalancerIP | string | `nil` | Configure a specific loadBalancerIP. Allows to configure a specific loadBalancerIP on the clustermesh-apiserver LB service in case the Service type is set to LoadBalancer. | | clustermesh.apiserver.service.nodePort | int | `32379` | Optional port to use as the node port for apiserver access. WARNING: make sure to configure a different NodePort in each cluster if kube-proxy replacement is enabled, as Cilium is currently affected by a known bug (#24692) when NodePorts are handled by the KPR implementation. If a service with the same NodePort exists both in the local and the remote cluster, all traffic originating from inside the cluster and targeting the corresponding NodePort will be redirected to a local backend, regardless of whether the destination node belongs to the local or the remote cluster. | | clustermesh.apiserver.service.type | string | `"NodePort"` | The type of service used for apiserver access. | | clustermesh.apiserver.terminationGracePeriodSeconds | int | `30` | terminationGracePeriodSeconds for the clustermesh-apiserver deployment | @@ -274,6 +276,7 @@ contributors across the globe, there is almost always someone available to help. | dnsProxy.preCache | string | `""` | DNS cache data at this path is preloaded on agent startup. | | dnsProxy.proxyPort | int | `0` | Global port on which the in-agent DNS proxy should listen. Default 0 is a OS-assigned port. | | dnsProxy.proxyResponseMaxDelay | string | `"100ms"` | The maximum time the DNS proxy holds an allowed DNS response before sending it along. Responses are sent as soon as the datapath is updated with the new IP information. | +| dnsProxy.socketLingerTimeout | int | `10` | Timeout (in seconds) when closing the connection between the DNS proxy and the upstream server. If set to 0, the connection is closed immediately (with TCP RST). If set to -1, the connection is closed asynchronously in the background. | | egressGateway.enabled | bool | `false` | Enables egress gateway to redirect and SNAT the traffic that leaves the cluster. | | egressGateway.installRoutes | bool | `false` | Deprecated without a replacement necessary. | | egressGateway.reconciliationTriggerInterval | string | `"1s"` | Time between triggers of egress gateway state reconciliations | @@ -335,7 +338,7 @@ contributors across the globe, there is almost always someone available to help. | envoy.extraVolumes | list | `[]` | Additional envoy volumes. | | envoy.healthPort | int | `9878` | TCP port for the health API. | | envoy.idleTimeoutDurationSeconds | int | `60` | Set Envoy upstream HTTP idle connection timeout seconds. Does not apply to connections with pending requests. Default 60s | -| envoy.image | object | `{"digest":"sha256:bc8dcc3bc008e3a5aab98edb73a0985e6ef9469bda49d5bb3004c001c995c380","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium-envoy","tag":"v1.28.3-31ec52ec5f2e4d28a8e19a0bfb872fa48cf7a515","useDigest":true}` | Envoy container image. | +| envoy.image | object | `{"digest":"sha256:bd5ff8c66716080028f414ec1cb4f7dc66f40d2fb5a009fff187f4a9b90b566b","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium-envoy","tag":"v1.29.7-39a2a56bbd5b3a591f69dbca51d3e30ef97e0e51","useDigest":true}` | Envoy container image. | | envoy.livenessProbe.failureThreshold | int | `10` | failure threshold of liveness probe | | envoy.livenessProbe.periodSeconds | int | `30` | interval between checks of the liveness probe | | envoy.log.format | string | `"[%Y-%m-%d %T.%e][%t][%l][%n] [%g:%#] %v"` | The format string to use for laying out the log message metadata of Envoy. | @@ -463,7 +466,7 @@ contributors across the globe, there is almost always someone available to help. | hubble.relay.extraVolumes | list | `[]` | Additional hubble-relay volumes. | | hubble.relay.gops.enabled | bool | `true` | Enable gops for hubble-relay | | hubble.relay.gops.port | int | `9893` | Configure gops listen port for hubble-relay | -| hubble.relay.image | object | `{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.15.5","useDigest":false}` | Hubble-relay container image. | +| hubble.relay.image | object | `{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.15.8","useDigest":false}` | Hubble-relay container image. | | hubble.relay.listenHost | string | `""` | Host to listen to. Specify an empty string to bind to all the interfaces. | | hubble.relay.listenPort | string | `"4245"` | Port to listen to. | | hubble.relay.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | @@ -521,7 +524,7 @@ contributors across the globe, there is almost always someone available to help. | hubble.ui.backend.extraEnv | list | `[]` | Additional hubble-ui backend environment variables. | | hubble.ui.backend.extraVolumeMounts | list | `[]` | Additional hubble-ui backend volumeMounts. | | hubble.ui.backend.extraVolumes | list | `[]` | Additional hubble-ui backend volumes. | -| hubble.ui.backend.image | object | `{"digest":"sha256:1e7657d997c5a48253bb8dc91ecee75b63018d16ff5e5797e5af367336bc8803","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-ui-backend","tag":"v0.13.0","useDigest":true}` | Hubble-ui backend image. | +| hubble.ui.backend.image | object | `{"digest":"sha256:0e0eed917653441fded4e7cdb096b7be6a3bddded5a2dd10812a27b1fc6ed95b","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-ui-backend","tag":"v0.13.1","useDigest":true}` | Hubble-ui backend image. | | hubble.ui.backend.livenessProbe.enabled | bool | `false` | Enable liveness probe for Hubble-ui backend (requires Hubble-ui 0.12+) | | hubble.ui.backend.readinessProbe.enabled | bool | `false` | Enable readiness probe for Hubble-ui backend (requires Hubble-ui 0.12+) | | hubble.ui.backend.resources | object | `{}` | Resource requests and limits for the 'backend' container of the 'hubble-ui' deployment. | @@ -531,7 +534,7 @@ contributors across the globe, there is almost always someone available to help. | hubble.ui.frontend.extraEnv | list | `[]` | Additional hubble-ui frontend environment variables. | | hubble.ui.frontend.extraVolumeMounts | list | `[]` | Additional hubble-ui frontend volumeMounts. | | hubble.ui.frontend.extraVolumes | list | `[]` | Additional hubble-ui frontend volumes. | -| hubble.ui.frontend.image | object | `{"digest":"sha256:7d663dc16538dd6e29061abd1047013a645e6e69c115e008bee9ea9fef9a6666","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-ui","tag":"v0.13.0","useDigest":true}` | Hubble-ui frontend image. | +| hubble.ui.frontend.image | object | `{"digest":"sha256:e2e9313eb7caf64b0061d9da0efbdad59c6c461f6ca1752768942bfeda0796c6","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-ui","tag":"v0.13.1","useDigest":true}` | Hubble-ui frontend image. | | hubble.ui.frontend.resources | object | `{}` | Resource requests and limits for the 'frontend' container of the 'hubble-ui' deployment. | | hubble.ui.frontend.securityContext | object | `{}` | Hubble-ui frontend security context. | | hubble.ui.frontend.server.ipv6 | object | `{"enabled":true}` | Controls server listener for ipv6 | @@ -558,7 +561,7 @@ contributors across the globe, there is almost always someone available to help. | hubble.ui.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":1},"type":"RollingUpdate"}` | hubble-ui update strategy. | | identityAllocationMode | string | `"crd"` | Method to use for identity allocation (`crd` or `kvstore`). | | identityChangeGracePeriod | string | `"5s"` | Time to wait before using new identity on endpoint identity change. | -| image | object | `{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.15.5","useDigest":false}` | Agent container image. | +| image | object | `{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.15.8","useDigest":false}` | Agent container image. | | imagePullSecrets | string | `nil` | Configure image pull secrets for pulling container images | | ingressController.default | bool | `false` | Set cilium ingress controller to be the default ingress controller This will let cilium ingress controller route entries without ingress class set | | ingressController.defaultSecretName | string | `nil` | Default secret name for ingresses without .spec.tls[].secretName set. | @@ -647,7 +650,7 @@ contributors across the globe, there is almost always someone available to help. | nodeinit.extraEnv | list | `[]` | Additional nodeinit environment variables. | | nodeinit.extraVolumeMounts | list | `[]` | Additional nodeinit volumeMounts. | | nodeinit.extraVolumes | list | `[]` | Additional nodeinit volumes. | -| nodeinit.image | object | `{"digest":"sha256:820155cb3b7f00c8d61c1cffa68c44440906cb046bdbad8ff544f5deb1103456","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/startup-script","tag":"19fb149fb3d5c7a37d3edfaf10a2be3ab7386661","useDigest":true}` | node-init image. | +| nodeinit.image | object | `{"digest":"sha256:8d7b41c4ca45860254b3c19e20210462ef89479bb6331d6760c4e609d651b29c","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/startup-script","tag":"c54c7edeab7fde4da68e59acd319ab24af242c3f","useDigest":true}` | node-init image. | | nodeinit.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for nodeinit pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | nodeinit.podAnnotations | object | `{}` | Annotations to be added to node-init pods. | | nodeinit.podLabels | object | `{}` | Labels to be added to node-init pods. | @@ -673,7 +676,7 @@ contributors across the globe, there is almost always someone available to help. | operator.extraVolumes | list | `[]` | Additional cilium-operator volumes. | | operator.identityGCInterval | string | `"15m0s"` | Interval for identity garbage collection. | | operator.identityHeartbeatTimeout | string | `"30m0s"` | Timeout for identity heartbeats. | -| operator.image | object | `{"alibabacloudDigest":"","awsDigest":"","azureDigest":"","genericDigest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.15.5","useDigest":false}` | cilium-operator image. | +| operator.image | object | `{"alibabacloudDigest":"","awsDigest":"","azureDigest":"","genericDigest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.15.8","useDigest":false}` | cilium-operator image. | | operator.nodeGCInterval | string | `"5m0s"` | Interval for cilium node garbage collection. | | operator.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for cilium-operator pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | operator.podAnnotations | object | `{}` | Annotations to be added to cilium-operator pods | @@ -724,7 +727,7 @@ contributors across the globe, there is almost always someone available to help. | preflight.extraEnv | list | `[]` | Additional preflight environment variables. | | preflight.extraVolumeMounts | list | `[]` | Additional preflight volumeMounts. | | preflight.extraVolumes | list | `[]` | Additional preflight volumes. | -| preflight.image | object | `{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.15.5","useDigest":false}` | Cilium pre-flight image. | +| preflight.image | object | `{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.15.8","useDigest":false}` | Cilium pre-flight image. | | preflight.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for preflight pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | preflight.podAnnotations | object | `{}` | Annotations to be added to preflight pods | | preflight.podDisruptionBudget.enabled | bool | `false` | enable PodDisruptionBudget ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ | @@ -784,6 +787,8 @@ contributors across the globe, there is almost always someone available to help. | startupProbe.periodSeconds | int | `2` | interval between checks of the startup probe | | svcSourceRangeCheck | bool | `true` | Enable check of service source ranges (currently, only for LoadBalancer). | | synchronizeK8sNodes | bool | `true` | Synchronize Kubernetes nodes to kvstore and perform CNP GC. | +| sysctlfix | object | `{"enabled":true}` | Configure sysctl override described in #20072. | +| sysctlfix.enabled | bool | `true` | Enable the sysctl override. When enabled, the init container will mount the /proc of the host so that the `sysctlfix` utility can execute. | | terminationGracePeriodSeconds | int | `1` | Configure termination grace period for cilium-agent DaemonSet. | | tls | object | `{"ca":{"cert":"","certValidityDuration":1095,"key":""},"caBundle":{"enabled":false,"key":"ca.crt","name":"cilium-root-ca.crt","useSecret":false},"secretsBackend":"local"}` | Configure TLS configuration in the agent. | | tls.ca | object | `{"cert":"","certValidityDuration":1095,"key":""}` | Base64 encoded PEM values for the CA certificate and private key. This can be used as common CA to generate certificates used by hubble and clustermesh components. It is neither required nor used when cert-manager is used to generate the certificates. | diff --git a/internal/constellation/helm/charts/cilium/README.md.gotmpl b/internal/constellation/helm/charts/cilium/README.md.gotmpl index db2d81b74..4aa7da8f9 100644 --- a/internal/constellation/helm/charts/cilium/README.md.gotmpl +++ b/internal/constellation/helm/charts/cilium/README.md.gotmpl @@ -48,7 +48,7 @@ offer from the [Getting Started Guides page](https://docs.cilium.io/en/stable/ge ## Getting Help The best way to get help if you get stuck is to ask a question on the -[Cilium Slack channel](https://cilium.herokuapp.com/). With Cilium +[Cilium Slack channel](https://slack.cilium.io). With Cilium contributors across the globe, there is almost always someone available to help. {{ template "chart.valuesSection" . }} diff --git a/internal/constellation/helm/charts/cilium/files/hubble/dashboards/hubble-dashboard.json b/internal/constellation/helm/charts/cilium/files/hubble/dashboards/hubble-dashboard.json index 8de5ec1d0..0ff1dcbec 100644 --- a/internal/constellation/helm/charts/cilium/files/hubble/dashboards/hubble-dashboard.json +++ b/internal/constellation/helm/charts/cilium/files/hubble/dashboards/hubble-dashboard.json @@ -3194,7 +3194,23 @@ "style": "dark", "tags": [], "templating": { - "list": [] + "list": [ + { + "current": {}, + "hide": 0, + "includeAll": false, + "label": "Prometheus", + "multi": false, + "name": "DS_PROMETHEUS", + "options": [], + "query": "prometheus", + "queryValue": "", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + } + ] }, "time": { "from": "now-6h", diff --git a/internal/constellation/helm/charts/cilium/files/hubble/dashboards/hubble-dns-namespace.json b/internal/constellation/helm/charts/cilium/files/hubble/dashboards/hubble-dns-namespace.json index d286fdb3a..57f804cf2 100644 --- a/internal/constellation/helm/charts/cilium/files/hubble/dashboards/hubble-dns-namespace.json +++ b/internal/constellation/helm/charts/cilium/files/hubble/dashboards/hubble-dns-namespace.json @@ -484,7 +484,7 @@ "includeAll": false, "label": "Data Source", "multi": false, - "name": "prometheus_datasource", + "name": "DS_PROMETHEUS", "options": [], "query": "prometheus", "queryValue": "", diff --git a/internal/constellation/helm/charts/cilium/files/hubble/dashboards/hubble-network-overview-namespace.json b/internal/constellation/helm/charts/cilium/files/hubble/dashboards/hubble-network-overview-namespace.json index d0cf9d3b4..cddb473d7 100644 --- a/internal/constellation/helm/charts/cilium/files/hubble/dashboards/hubble-network-overview-namespace.json +++ b/internal/constellation/helm/charts/cilium/files/hubble/dashboards/hubble-network-overview-namespace.json @@ -883,7 +883,7 @@ "includeAll": false, "label": "Data Source", "multi": false, - "name": "prometheus_datasource", + "name": "DS_PROMETHEUS", "options": [], "query": "prometheus", "queryValue": "", diff --git a/internal/constellation/helm/charts/cilium/templates/_helpers.tpl b/internal/constellation/helm/charts/cilium/templates/_helpers.tpl index 3e5429e2a..39b3d6955 100644 --- a/internal/constellation/helm/charts/cilium/templates/_helpers.tpl +++ b/internal/constellation/helm/charts/cilium/templates/_helpers.tpl @@ -43,62 +43,7 @@ where: {{- if $priorityClass }} {{- $priorityClass }} {{- else if and $root.Values.enableCriticalPriorityClass $criticalPriorityClass -}} - {{- if and (eq $root.Release.Namespace "kube-system") (semverCompare ">=1.10-0" $root.Capabilities.KubeVersion.Version) -}} - {{- $criticalPriorityClass }} - {{- else if semverCompare ">=1.17-0" $root.Capabilities.KubeVersion.Version -}} - {{- $criticalPriorityClass }} - {{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "ingress.apiVersion" -}} -{{- if semverCompare ">=1.16-0, <1.19-0" .Capabilities.KubeVersion.Version -}} -{{- print "networking.k8s.io/v1beta1" -}} -{{- else if semverCompare "^1.19-0" .Capabilities.KubeVersion.Version -}} -{{- print "networking.k8s.io/v1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate backend for Hubble UI ingress. -*/}} -{{- define "ingress.paths" -}} -{{ if semverCompare ">=1.4-0, <1.19-0" .Capabilities.KubeVersion.Version -}} -backend: - serviceName: hubble-ui - servicePort: http -{{- else if semverCompare "^1.19-0" .Capabilities.KubeVersion.Version -}} -pathType: Prefix -backend: - service: - name: hubble-ui - port: - name: http -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for cronjob. -*/}} -{{- define "cronjob.apiVersion" -}} -{{- if semverCompare ">=1.21-0" .Capabilities.KubeVersion.Version -}} -{{- print "batch/v1" -}} -{{- else -}} -{{- print "batch/v1beta1" -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for podDisruptionBudget. -*/}} -{{- define "podDisruptionBudget.apiVersion" -}} -{{- if semverCompare ">=1.21-0" .Capabilities.KubeVersion.Version -}} -{{- print "policy/v1" -}} -{{- else -}} -{{- print "policy/v1beta1" -}} + {{- $criticalPriorityClass }} {{- end -}} {{- end -}} diff --git a/internal/constellation/helm/charts/cilium/templates/cilium-agent/daemonset.yaml b/internal/constellation/helm/charts/cilium/templates/cilium-agent/daemonset.yaml index e2b8ccff6..3e288525f 100644 --- a/internal/constellation/helm/charts/cilium/templates/cilium-agent/daemonset.yaml +++ b/internal/constellation/helm/charts/cilium/templates/cilium-agent/daemonset.yaml @@ -122,7 +122,6 @@ spec: {{- with .Values.extraArgs }} {{- toYaml . | trim | nindent 8 }} {{- end }} - {{- if semverCompare ">=1.20-0" .Capabilities.KubeVersion.Version }} startupProbe: httpGet: host: {{ .Values.ipv4.enabled | ternary "127.0.0.1" "::1" | quote }} @@ -136,7 +135,6 @@ spec: periodSeconds: {{ .Values.startupProbe.periodSeconds }} successThreshold: 1 initialDelaySeconds: 5 - {{- end }} livenessProbe: {{- if or .Values.keepDeprecatedProbes $defaultKeepDeprecatedProbes }} exec: @@ -154,14 +152,6 @@ spec: - name: "brief" value: "true" {{- end }} - {{- if semverCompare "<1.20-0" .Capabilities.KubeVersion.Version }} - # The initial delay for the liveness probe is intentionally large to - # avoid an endless kill & restart cycle if in the event that the initial - # bootstrapping takes longer than expected. - # Starting from Kubernetes 1.20, we are using startupProbe instead - # of this field. - initialDelaySeconds: 120 - {{- end }} periodSeconds: {{ .Values.livenessProbe.periodSeconds }} successThreshold: 1 failureThreshold: {{ .Values.livenessProbe.failureThreshold }} @@ -183,9 +173,6 @@ spec: - name: "brief" value: "true" {{- end }} - {{- if semverCompare "<1.20-0" .Capabilities.KubeVersion.Version }} - initialDelaySeconds: 5 - {{- end }} periodSeconds: {{ .Values.readinessProbe.periodSeconds }} successThreshold: 1 failureThreshold: {{ .Values.readinessProbe.failureThreshold }} @@ -526,6 +513,8 @@ spec: drop: - ALL {{- end}} + {{- end }} + {{- if .Values.sysctlfix.enabled }} - name: apply-sysctl-overwrites image: {{ include "cilium.image" .Values.image | quote }} imagePullPolicy: {{ .Values.image.pullPolicy }} @@ -790,7 +779,6 @@ spec: - NET_ADMIN restartPolicy: Always priorityClassName: {{ include "cilium.priorityClass" (list $ .Values.priorityClassName "system-node-critical") }} - serviceAccount: {{ .Values.serviceAccounts.cilium.name | quote }} serviceAccountName: {{ .Values.serviceAccounts.cilium.name | quote }} automountServiceAccountToken: {{ .Values.serviceAccounts.cilium.automount }} terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} @@ -840,8 +828,8 @@ spec: path: /sys/fs/bpf type: DirectoryOrCreate {{- end }} - {{- if .Values.cgroup.autoMount.enabled }} - # To mount cgroup2 filesystem on the host + {{- if or .Values.cgroup.autoMount.enabled .Values.sysctlfix.enabled }} + # To mount cgroup2 filesystem on the host or apply sysctlfix - name: hostproc hostPath: path: /proc diff --git a/internal/constellation/helm/charts/cilium/templates/cilium-configmap.yaml b/internal/constellation/helm/charts/cilium/templates/cilium-configmap.yaml index 273673053..9d393c311 100644 --- a/internal/constellation/helm/charts/cilium/templates/cilium-configmap.yaml +++ b/internal/constellation/helm/charts/cilium/templates/cilium-configmap.yaml @@ -1173,6 +1173,9 @@ data: # default DNS proxy to transparent mode in non-chaining modes dnsproxy-enable-transparent-mode: {{ $defaultDNSProxyEnableTransparentMode | quote }} {{- end }} + {{- if (not (kindIs "invalid" .Values.dnsProxy.socketLingerTimeout)) }} + dnsproxy-socket-linger-timeout: {{ .Values.dnsProxy.socketLingerTimeout | quote }} + {{- end }} {{- if .Values.dnsProxy.dnsRejectResponseCode }} tofqdns-dns-reject-response-code: {{ .Values.dnsProxy.dnsRejectResponseCode | quote }} {{- end }} diff --git a/internal/constellation/helm/charts/cilium/templates/cilium-envoy/daemonset.yaml b/internal/constellation/helm/charts/cilium/templates/cilium-envoy/daemonset.yaml index 30b9af0f8..fd5168a84 100644 --- a/internal/constellation/helm/charts/cilium/templates/cilium-envoy/daemonset.yaml +++ b/internal/constellation/helm/charts/cilium/templates/cilium-envoy/daemonset.yaml @@ -90,7 +90,6 @@ spec: {{- with .Values.envoy.extraArgs }} {{- toYaml . | trim | nindent 8 }} {{- end }} - {{- if semverCompare ">=1.20-0" .Capabilities.KubeVersion.Version }} startupProbe: httpGet: host: {{ .Values.ipv4.enabled | ternary "127.0.0.1" "::1" | quote }} @@ -101,21 +100,12 @@ spec: periodSeconds: {{ .Values.envoy.startupProbe.periodSeconds }} successThreshold: 1 initialDelaySeconds: 5 - {{- end }} livenessProbe: httpGet: host: {{ .Values.ipv4.enabled | ternary "127.0.0.1" "::1" | quote }} path: /healthz port: {{ .Values.envoy.healthPort }} scheme: HTTP - {{- if semverCompare "<1.20-0" .Capabilities.KubeVersion.Version }} - # The initial delay for the liveness probe is intentionally large to - # avoid an endless kill & restart cycle if in the event that the initial - # bootstrapping takes longer than expected. - # Starting from Kubernetes 1.20, we are using startupProbe instead - # of this field. - initialDelaySeconds: 120 - {{- end }} periodSeconds: {{ .Values.envoy.livenessProbe.periodSeconds }} successThreshold: 1 failureThreshold: {{ .Values.envoy.livenessProbe.failureThreshold }} @@ -126,9 +116,6 @@ spec: path: /healthz port: {{ .Values.envoy.healthPort }} scheme: HTTP - {{- if semverCompare "<1.20-0" .Capabilities.KubeVersion.Version }} - initialDelaySeconds: 5 - {{- end }} periodSeconds: {{ .Values.envoy.readinessProbe.periodSeconds }} successThreshold: 1 failureThreshold: {{ .Values.envoy.readinessProbe.failureThreshold }} @@ -214,7 +201,6 @@ spec: {{- end }} restartPolicy: Always priorityClassName: {{ include "cilium.priorityClass" (list $ .Values.envoy.priorityClassName "system-node-critical") }} - serviceAccount: {{ .Values.serviceAccounts.envoy.name | quote }} serviceAccountName: {{ .Values.serviceAccounts.envoy.name | quote }} automountServiceAccountToken: {{ .Values.serviceAccounts.envoy.automount }} terminationGracePeriodSeconds: {{ .Values.envoy.terminationGracePeriodSeconds }} diff --git a/internal/constellation/helm/charts/cilium/templates/cilium-ingress-service.yaml b/internal/constellation/helm/charts/cilium/templates/cilium-ingress-service.yaml index ff6269d22..0e489bdac 100644 --- a/internal/constellation/helm/charts/cilium/templates/cilium-ingress-service.yaml +++ b/internal/constellation/helm/charts/cilium/templates/cilium-ingress-service.yaml @@ -24,14 +24,12 @@ spec: protocol: TCP nodePort: {{ .Values.ingressController.service.secureNodePort }} type: {{ .Values.ingressController.service.type }} - {{- if semverCompare ">=1.24-0" .Capabilities.KubeVersion.Version -}} {{- if .Values.ingressController.service.loadBalancerClass }} loadBalancerClass: {{ .Values.ingressController.service.loadBalancerClass }} {{- end }} {{- if (not (kindIs "invalid" .Values.ingressController.service.allocateLoadBalancerNodePorts)) }} allocateLoadBalancerNodePorts: {{ .Values.ingressController.service.allocateLoadBalancerNodePorts }} {{- end }} - {{- end -}} {{- if .Values.ingressController.service.loadBalancerIP }} loadBalancerIP: {{ .Values.ingressController.service.loadBalancerIP }} {{- end }} diff --git a/internal/constellation/helm/charts/cilium/templates/cilium-nodeinit/daemonset.yaml b/internal/constellation/helm/charts/cilium/templates/cilium-nodeinit/daemonset.yaml index 3ed09268a..c92eabfa6 100644 --- a/internal/constellation/helm/charts/cilium/templates/cilium-nodeinit/daemonset.yaml +++ b/internal/constellation/helm/charts/cilium/templates/cilium-nodeinit/daemonset.yaml @@ -114,7 +114,6 @@ spec: hostNetwork: true priorityClassName: {{ include "cilium.priorityClass" (list $ .Values.nodeinit.priorityClassName "system-node-critical") }} {{- if .Values.serviceAccounts.nodeinit.enabled }} - serviceAccount: {{ .Values.serviceAccounts.nodeinit.name | quote }} serviceAccountName: {{ .Values.serviceAccounts.nodeinit.name | quote }} automountServiceAccountToken: {{ .Values.serviceAccounts.nodeinit.automount }} {{- end }} diff --git a/internal/constellation/helm/charts/cilium/templates/cilium-operator/deployment.yaml b/internal/constellation/helm/charts/cilium/templates/cilium-operator/deployment.yaml index 4f4450e51..5c6c467cf 100644 --- a/internal/constellation/helm/charts/cilium/templates/cilium-operator/deployment.yaml +++ b/internal/constellation/helm/charts/cilium/templates/cilium-operator/deployment.yaml @@ -252,7 +252,6 @@ spec: {{- end }} restartPolicy: Always priorityClassName: {{ include "cilium.priorityClass" (list $ .Values.operator.priorityClassName "system-cluster-critical") }} - serviceAccount: {{ .Values.serviceAccounts.operator.name | quote }} serviceAccountName: {{ .Values.serviceAccounts.operator.name | quote }} automountServiceAccountToken: {{ .Values.serviceAccounts.operator.automount }} {{- with .Values.operator.affinity }} diff --git a/internal/constellation/helm/charts/cilium/templates/cilium-operator/poddisruptionbudget.yaml b/internal/constellation/helm/charts/cilium/templates/cilium-operator/poddisruptionbudget.yaml index a224b9e6c..05b251046 100644 --- a/internal/constellation/helm/charts/cilium/templates/cilium-operator/poddisruptionbudget.yaml +++ b/internal/constellation/helm/charts/cilium/templates/cilium-operator/poddisruptionbudget.yaml @@ -1,6 +1,6 @@ {{- if and .Values.operator.enabled .Values.operator.podDisruptionBudget.enabled }} {{- $component := .Values.operator.podDisruptionBudget }} -apiVersion: {{ include "podDisruptionBudget.apiVersion" . }} +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: cilium-operator diff --git a/internal/constellation/helm/charts/cilium/templates/cilium-preflight/daemonset.yaml b/internal/constellation/helm/charts/cilium/templates/cilium-preflight/daemonset.yaml index bafd27007..b5228616b 100644 --- a/internal/constellation/helm/charts/cilium/templates/cilium-preflight/daemonset.yaml +++ b/internal/constellation/helm/charts/cilium/templates/cilium-preflight/daemonset.yaml @@ -176,10 +176,13 @@ spec: dnsPolicy: ClusterFirstWithHostNet restartPolicy: Always priorityClassName: {{ include "cilium.priorityClass" (list $ .Values.preflight.priorityClassName "system-node-critical") }} - serviceAccount: {{ .Values.serviceAccounts.preflight.name | quote }} serviceAccountName: {{ .Values.serviceAccounts.preflight.name | quote }} automountServiceAccountToken: {{ .Values.serviceAccounts.preflight.automount }} terminationGracePeriodSeconds: {{ .Values.preflight.terminationGracePeriodSeconds }} + {{- with .Values.preflight.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.preflight.tolerations }} tolerations: {{- toYaml . | trim | nindent 8 }} diff --git a/internal/constellation/helm/charts/cilium/templates/cilium-preflight/deployment.yaml b/internal/constellation/helm/charts/cilium/templates/cilium-preflight/deployment.yaml index af0a31baa..1f87d2076 100644 --- a/internal/constellation/helm/charts/cilium/templates/cilium-preflight/deployment.yaml +++ b/internal/constellation/helm/charts/cilium/templates/cilium-preflight/deployment.yaml @@ -88,7 +88,6 @@ spec: hostNetwork: true restartPolicy: Always priorityClassName: {{ include "cilium.priorityClass" (list $ .Values.preflight.priorityClassName "system-cluster-critical") }} - serviceAccount: {{ .Values.serviceAccounts.preflight.name | quote }} serviceAccountName: {{ .Values.serviceAccounts.preflight.name | quote }} automountServiceAccountToken: {{ .Values.serviceAccounts.preflight.automount }} terminationGracePeriodSeconds: {{ .Values.preflight.terminationGracePeriodSeconds }} diff --git a/internal/constellation/helm/charts/cilium/templates/cilium-preflight/poddisruptionbudget.yaml b/internal/constellation/helm/charts/cilium/templates/cilium-preflight/poddisruptionbudget.yaml index 4b3c7cb0d..c00d9b896 100644 --- a/internal/constellation/helm/charts/cilium/templates/cilium-preflight/poddisruptionbudget.yaml +++ b/internal/constellation/helm/charts/cilium/templates/cilium-preflight/poddisruptionbudget.yaml @@ -1,6 +1,6 @@ {{- if and .Values.preflight.enabled .Values.preflight.validateCNPs .Values.preflight.podDisruptionBudget.enabled }} {{- $component := .Values.preflight.podDisruptionBudget }} -apiVersion: {{ include "podDisruptionBudget.apiVersion" . }} +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: cilium-pre-flight-check diff --git a/internal/constellation/helm/charts/cilium/templates/clustermesh-apiserver/deployment.yaml b/internal/constellation/helm/charts/cilium/templates/clustermesh-apiserver/deployment.yaml index 6c5e6c3ec..f0d551bb6 100644 --- a/internal/constellation/helm/charts/cilium/templates/clustermesh-apiserver/deployment.yaml +++ b/internal/constellation/helm/charts/cilium/templates/clustermesh-apiserver/deployment.yaml @@ -404,7 +404,6 @@ spec: {{- end }} restartPolicy: Always priorityClassName: {{ include "cilium.priorityClass" (list $ .Values.clustermesh.apiserver.priorityClassName "system-cluster-critical") }} - serviceAccount: {{ .Values.serviceAccounts.clustermeshApiserver.name | quote }} serviceAccountName: {{ .Values.serviceAccounts.clustermeshApiserver.name | quote }} terminationGracePeriodSeconds: {{ .Values.clustermesh.apiserver.terminationGracePeriodSeconds }} automountServiceAccountToken: {{ .Values.serviceAccounts.clustermeshApiserver.automount }} diff --git a/internal/constellation/helm/charts/cilium/templates/clustermesh-apiserver/poddisruptionbudget.yaml b/internal/constellation/helm/charts/cilium/templates/clustermesh-apiserver/poddisruptionbudget.yaml index 4a1bbf7e0..a5d30b7b1 100644 --- a/internal/constellation/helm/charts/cilium/templates/clustermesh-apiserver/poddisruptionbudget.yaml +++ b/internal/constellation/helm/charts/cilium/templates/clustermesh-apiserver/poddisruptionbudget.yaml @@ -1,6 +1,6 @@ {{- if and (or .Values.externalWorkloads.enabled .Values.clustermesh.useAPIServer) .Values.clustermesh.apiserver.podDisruptionBudget.enabled }} {{- $component := .Values.clustermesh.apiserver.podDisruptionBudget }} -apiVersion: {{ include "podDisruptionBudget.apiVersion" . }} +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: clustermesh-apiserver diff --git a/internal/constellation/helm/charts/cilium/templates/clustermesh-apiserver/service.yaml b/internal/constellation/helm/charts/cilium/templates/clustermesh-apiserver/service.yaml index 0a7028c54..14daaeb59 100644 --- a/internal/constellation/helm/charts/cilium/templates/clustermesh-apiserver/service.yaml +++ b/internal/constellation/helm/charts/cilium/templates/clustermesh-apiserver/service.yaml @@ -26,6 +26,9 @@ spec: {{- if and (eq "NodePort" .Values.clustermesh.apiserver.service.type) .Values.clustermesh.apiserver.service.nodePort }} nodePort: {{ .Values.clustermesh.apiserver.service.nodePort }} {{- end }} + {{- if and (eq "LoadBalancer" .Values.clustermesh.apiserver.service.type) .Values.clustermesh.apiserver.service.loadBalancerClass }} + loadBalancerClass: {{ .Values.clustermesh.apiserver.service.loadBalancerClass }} + {{- end }} {{- if and (eq "LoadBalancer" .Values.clustermesh.apiserver.service.type) .Values.clustermesh.apiserver.service.loadBalancerIP }} loadBalancerIP: {{ .Values.clustermesh.apiserver.service.loadBalancerIP }} {{- end }} diff --git a/internal/constellation/helm/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/cronjob.yaml b/internal/constellation/helm/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/cronjob.yaml index 946602b40..8c0e4cd5c 100644 --- a/internal/constellation/helm/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/cronjob.yaml +++ b/internal/constellation/helm/charts/cilium/templates/clustermesh-apiserver/tls-cronjob/cronjob.yaml @@ -1,5 +1,5 @@ {{- if and (or .Values.externalWorkloads.enabled .Values.clustermesh.useAPIServer) .Values.clustermesh.apiserver.tls.auto.enabled (eq .Values.clustermesh.apiserver.tls.auto.method "cronJob") .Values.clustermesh.apiserver.tls.auto.schedule }} -apiVersion: {{ include "cronjob.apiVersion" . }} +apiVersion: batch/v1 kind: CronJob metadata: name: clustermesh-apiserver-generate-certs diff --git a/internal/constellation/helm/charts/cilium/templates/etcd-operator/cilium-etcd-operator-deployment.yaml b/internal/constellation/helm/charts/cilium/templates/etcd-operator/cilium-etcd-operator-deployment.yaml index 5946219f4..7aefc0d35 100644 --- a/internal/constellation/helm/charts/cilium/templates/etcd-operator/cilium-etcd-operator-deployment.yaml +++ b/internal/constellation/helm/charts/cilium/templates/etcd-operator/cilium-etcd-operator-deployment.yaml @@ -110,7 +110,6 @@ spec: hostNetwork: true priorityClassName: {{ include "cilium.priorityClass" (list $ .Values.clustermesh.apiserver.priorityClassName "system-cluster-critical") }} restartPolicy: Always - serviceAccount: {{ .Values.serviceAccounts.etcd.name | quote }} serviceAccountName: {{ .Values.serviceAccounts.etcd.name | quote }} automountServiceAccountToken: {{ .Values.serviceAccounts.etcd.automount }} {{- with .Values.etcd.nodeSelector }} diff --git a/internal/constellation/helm/charts/cilium/templates/etcd-operator/poddisruptionbudget.yaml b/internal/constellation/helm/charts/cilium/templates/etcd-operator/poddisruptionbudget.yaml index 5939b4ae9..d604e5222 100644 --- a/internal/constellation/helm/charts/cilium/templates/etcd-operator/poddisruptionbudget.yaml +++ b/internal/constellation/helm/charts/cilium/templates/etcd-operator/poddisruptionbudget.yaml @@ -1,6 +1,6 @@ {{- if and .Values.etcd.managed .Values.etcd.podDisruptionBudget.enabled }} {{- $component := .Values.etcd.podDisruptionBudget }} -apiVersion: {{ include "podDisruptionBudget.apiVersion" . }} +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: cilium-etcd-operator diff --git a/internal/constellation/helm/charts/cilium/templates/hubble-relay/deployment.yaml b/internal/constellation/helm/charts/cilium/templates/hubble-relay/deployment.yaml index 52b9eba5c..5a5fb35a8 100644 --- a/internal/constellation/helm/charts/cilium/templates/hubble-relay/deployment.yaml +++ b/internal/constellation/helm/charts/cilium/templates/hubble-relay/deployment.yaml @@ -71,26 +71,37 @@ spec: protocol: TCP {{- end }} readinessProbe: - {{- include "hubble-relay.probe" . | nindent 12 }} - {{- if semverCompare "<1.20-0" .Capabilities.KubeVersion.Version }} - # Starting from Kubernetes 1.20, we are using startupProbe instead - # of this field. - initialDelaySeconds: 5 - {{- end }} + grpc: + port: 4222 + timeoutSeconds: 3 + # livenessProbe will kill the pod, we should be very conservative + # here on failures since killing the pod should be a last resort, and + # we should provide enough time for relay to retry before killing it. livenessProbe: - {{- include "hubble-relay.probe" . | nindent 12 }} - {{- if semverCompare "<1.20-0" .Capabilities.KubeVersion.Version }} - # Starting from Kubernetes 1.20, we are using startupProbe instead - # of this field. - initialDelaySeconds: 60 - {{- end }} - {{- if semverCompare ">=1.20-0" .Capabilities.KubeVersion.Version }} + grpc: + port: 4222 + timeoutSeconds: 10 + # Give relay time to establish connections and make a few retries + # before starting livenessProbes. + initialDelaySeconds: 10 + # 10 second * 12 failures = 2 minutes of failure. + # If relay cannot become healthy after 2 minutes, then killing it + # might resolve whatever issue is occurring. + # + # 10 seconds is a reasonable retry period so we can see if it's + # failing regularly or only sporadically. + periodSeconds: 10 + failureThreshold: 12 startupProbe: - # give the relay one minute to start up - {{- include "hubble-relay.probe" . | nindent 12 }} + grpc: + port: 4222 + # Give relay time to get it's certs and establish connections and + # make a few retries before starting startupProbes. + initialDelaySeconds: 10 + # 20 * 3 seconds = 1 minute of failure before we consider startup as failed. failureThreshold: 20 + # Retry more frequently at startup so that it can be considered started more quickly. periodSeconds: 3 - {{- end }} {{- with .Values.hubble.relay.extraEnv }} env: {{- toYaml . | trim | nindent 12 }} @@ -114,7 +125,6 @@ spec: terminationMessagePolicy: FallbackToLogsOnError restartPolicy: Always priorityClassName: {{ .Values.hubble.relay.priorityClassName }} - serviceAccount: {{ .Values.serviceAccounts.relay.name | quote }} serviceAccountName: {{ .Values.serviceAccounts.relay.name | quote }} automountServiceAccountToken: {{ .Values.serviceAccounts.relay.automount }} terminationGracePeriodSeconds: {{ .Values.hubble.relay.terminationGracePeriodSeconds }} @@ -185,17 +195,3 @@ spec: {{- toYaml . | nindent 6 }} {{- end }} {{- end }} - -{{- define "hubble-relay.probe" }} -{{- /* This distinction can be removed once we drop support for k8s 1.23 */}} -{{- if semverCompare ">=1.24-0" .Capabilities.KubeVersion.Version -}} -grpc: - port: 4222 -{{- else }} -exec: - command: - - grpc_health_probe - - -addr=localhost:4222 -{{- end }} -timeoutSeconds: 3 -{{- end }} diff --git a/internal/constellation/helm/charts/cilium/templates/hubble-relay/poddisruptionbudget.yaml b/internal/constellation/helm/charts/cilium/templates/hubble-relay/poddisruptionbudget.yaml index 4fd6da9ba..6162cb81d 100644 --- a/internal/constellation/helm/charts/cilium/templates/hubble-relay/poddisruptionbudget.yaml +++ b/internal/constellation/helm/charts/cilium/templates/hubble-relay/poddisruptionbudget.yaml @@ -1,6 +1,6 @@ {{- if and .Values.hubble.enabled .Values.hubble.relay.enabled .Values.hubble.relay.podDisruptionBudget.enabled }} {{- $component := .Values.hubble.relay.podDisruptionBudget }} -apiVersion: {{ include "podDisruptionBudget.apiVersion" . }} +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: hubble-relay diff --git a/internal/constellation/helm/charts/cilium/templates/hubble-ui/deployment.yaml b/internal/constellation/helm/charts/cilium/templates/hubble-ui/deployment.yaml index a7dd5cb8f..105907a5f 100644 --- a/internal/constellation/helm/charts/cilium/templates/hubble-ui/deployment.yaml +++ b/internal/constellation/helm/charts/cilium/templates/hubble-ui/deployment.yaml @@ -40,13 +40,10 @@ spec: {{- end }} spec: {{- with .Values.hubble.ui.securityContext }} - {{- if .enabled }} securityContext: {{- omit . "enabled" | toYaml | nindent 8 }} - {{- end}} {{- end }} priorityClassName: {{ .Values.hubble.ui.priorityClassName }} - serviceAccount: {{ .Values.serviceAccounts.ui.name | quote }} serviceAccountName: {{ .Values.serviceAccounts.ui.name | quote }} automountServiceAccountToken: {{ .Values.serviceAccounts.ui.automount }} {{- with .Values.imagePullSecrets }} diff --git a/internal/constellation/helm/charts/cilium/templates/hubble-ui/ingress.yaml b/internal/constellation/helm/charts/cilium/templates/hubble-ui/ingress.yaml index 2c0ff7d3e..348e281d7 100644 --- a/internal/constellation/helm/charts/cilium/templates/hubble-ui/ingress.yaml +++ b/internal/constellation/helm/charts/cilium/templates/hubble-ui/ingress.yaml @@ -1,6 +1,6 @@ {{- if and (or .Values.hubble.enabled .Values.hubble.ui.standalone.enabled) .Values.hubble.ui.enabled .Values.hubble.ui.ingress.enabled }} {{- $baseUrl := .Values.hubble.ui.baseUrl -}} -apiVersion: {{ template "ingress.apiVersion" . }} +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: hubble-ui @@ -35,6 +35,11 @@ spec: http: paths: - path: {{ $baseUrl | quote }} - {{- include "ingress.paths" $ | nindent 12 }} + pathType: Prefix + backend: + service: + name: hubble-ui + port: + name: http {{- end }} {{- end }} diff --git a/internal/constellation/helm/charts/cilium/templates/hubble-ui/poddisruptionbudget.yaml b/internal/constellation/helm/charts/cilium/templates/hubble-ui/poddisruptionbudget.yaml index af3b6705d..c23e3ad04 100644 --- a/internal/constellation/helm/charts/cilium/templates/hubble-ui/poddisruptionbudget.yaml +++ b/internal/constellation/helm/charts/cilium/templates/hubble-ui/poddisruptionbudget.yaml @@ -1,6 +1,6 @@ {{- if and (or .Values.hubble.enabled .Values.hubble.ui.standalone.enabled) .Values.hubble.ui.enabled .Values.hubble.ui.podDisruptionBudget.enabled }} {{- $component := .Values.hubble.ui.podDisruptionBudget }} -apiVersion: {{ include "podDisruptionBudget.apiVersion" . }} +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: hubble-ui diff --git a/internal/constellation/helm/charts/cilium/templates/hubble/peer-service.yaml b/internal/constellation/helm/charts/cilium/templates/hubble/peer-service.yaml index 7ba56456b..aec3f889a 100644 --- a/internal/constellation/helm/charts/cilium/templates/hubble/peer-service.yaml +++ b/internal/constellation/helm/charts/cilium/templates/hubble/peer-service.yaml @@ -24,7 +24,5 @@ spec: {{- end }} protocol: TCP targetPort: {{ .Values.hubble.peerService.targetPort }} -{{- if semverCompare ">=1.22-0" .Capabilities.KubeVersion.GitVersion }} internalTrafficPolicy: Local {{- end }} -{{- end }} diff --git a/internal/constellation/helm/charts/cilium/templates/hubble/tls-cronjob/cronjob.yaml b/internal/constellation/helm/charts/cilium/templates/hubble/tls-cronjob/cronjob.yaml index fa9966080..7d9f7174c 100644 --- a/internal/constellation/helm/charts/cilium/templates/hubble/tls-cronjob/cronjob.yaml +++ b/internal/constellation/helm/charts/cilium/templates/hubble/tls-cronjob/cronjob.yaml @@ -1,5 +1,5 @@ {{- if and .Values.hubble.enabled .Values.hubble.tls.enabled .Values.hubble.tls.auto.enabled (eq .Values.hubble.tls.auto.method "cronJob") .Values.hubble.tls.auto.schedule }} -apiVersion: {{ include "cronjob.apiVersion" . }} +apiVersion: batch/v1 kind: CronJob metadata: name: hubble-generate-certs diff --git a/internal/constellation/helm/charts/cilium/templates/validate.yaml b/internal/constellation/helm/charts/cilium/templates/validate.yaml index 3c89e4e38..fabd69fe9 100644 --- a/internal/constellation/helm/charts/cilium/templates/validate.yaml +++ b/internal/constellation/helm/charts/cilium/templates/validate.yaml @@ -1,3 +1,17 @@ +{{/* validate deprecated options are not being used */}} +{{- if .Values.tunnel }} + {{ fail "tunnel was deprecated in v1.14 and has been removed in v1.15. For details please refer to https://docs.cilium.io/en/v1.15/operations/upgrade/#helm-options" }} +{{- end }} +{{- if or (dig "clustermesh" "apiserver" "tls" "ca" "cert" "" .Values.AsMap) (dig "clustermesh" "apiserver" "tls" "ca" "key" "" .Values.AsMap) }} + {{ fail "clustermesh.apiserver.tls.ca.cert and clustermesh.apiserver.tls.ca.key were deprecated in v1.14 and has been removed in v1.15. For details please refer to https://docs.cilium.io/en/v1.15/operations/upgrade/#helm-options" }} +{{- end }} +{{- if .Values.enableK8sEventHandover }} + {{ fail "enableK8sEventHandover was deprecated in v1.14 and has been removed in v1.15. For details please refer to https://docs.cilium.io/en/v1.15/operations/upgrade/#helm-options" }} +{{- end }} +{{- if .Values.enableCnpStatusUpdates }} + {{ fail "enableCnpStatusUpdates was deprecated in v1.14 and has been removed in v1.15. For details please refer to https://docs.cilium.io/en/v1.15/operations/upgrade/#helm-options" }} +{{- end }} + {{/* validate hubble config */}} {{- if and .Values.hubble.ui.enabled (not .Values.hubble.ui.standalone.enabled) }} {{- if not .Values.hubble.relay.enabled }} diff --git a/internal/constellation/helm/charts/cilium/values.yaml b/internal/constellation/helm/charts/cilium/values.yaml index 9b42fc187..d276064aa 100644 --- a/internal/constellation/helm/charts/cilium/values.yaml +++ b/internal/constellation/helm/charts/cilium/values.yaml @@ -146,7 +146,7 @@ rollOutCiliumPods: false image: override: ~ repository: "quay.io/cilium/cilium" - tag: "v1.15.5" + tag: "v1.15.8" pullPolicy: "IfNotPresent" # cilium-digest digest: "" @@ -981,8 +981,8 @@ certgen: image: override: ~ repository: "quay.io/cilium/certgen" - tag: "v0.1.12" - digest: "sha256:bbc5e65e9dc65bc6b58967fe536b7f3b54e12332908aeb0a96a36866b4372b4e" + tag: "v0.1.14" + digest: "sha256:40cdac65aa6ee86c16ce107f8726c4b55ce6654d07bbdf490db6bd492587bf54" useDigest: true pullPolicy: "IfNotPresent" # -- Seconds after which the completed job pod will be deleted @@ -1240,7 +1240,7 @@ hubble: image: override: ~ repository: "quay.io/cilium/hubble-relay" - tag: "v1.15.5" + tag: "v1.15.8" # hubble-relay-digest digest: "" useDigest: false @@ -1477,8 +1477,8 @@ hubble: image: override: ~ repository: "quay.io/cilium/hubble-ui-backend" - tag: "v0.13.0" - digest: "sha256:1e7657d997c5a48253bb8dc91ecee75b63018d16ff5e5797e5af367336bc8803" + tag: "v0.13.1" + digest: "sha256:0e0eed917653441fded4e7cdb096b7be6a3bddded5a2dd10812a27b1fc6ed95b" useDigest: true pullPolicy: "IfNotPresent" @@ -1516,8 +1516,8 @@ hubble: image: override: ~ repository: "quay.io/cilium/hubble-ui" - tag: "v0.13.0" - digest: "sha256:7d663dc16538dd6e29061abd1047013a645e6e69c115e008bee9ea9fef9a6666" + tag: "v0.13.1" + digest: "sha256:e2e9313eb7caf64b0061d9da0efbdad59c6c461f6ca1752768942bfeda0796c6" useDigest: true pullPolicy: "IfNotPresent" @@ -2084,9 +2084,9 @@ envoy: image: override: ~ repository: "quay.io/cilium/cilium-envoy" - tag: "v1.28.3-31ec52ec5f2e4d28a8e19a0bfb872fa48cf7a515" + tag: "v1.29.7-39a2a56bbd5b3a591f69dbca51d3e30ef97e0e51" pullPolicy: "IfNotPresent" - digest: "sha256:bc8dcc3bc008e3a5aab98edb73a0985e6ef9469bda49d5bb3004c001c995c380" + digest: "sha256:bd5ff8c66716080028f414ec1cb4f7dc66f40d2fb5a009fff187f4a9b90b566b" useDigest: true # -- Additional containers added to the cilium Envoy DaemonSet. @@ -2507,7 +2507,7 @@ operator: image: override: ~ repository: "quay.io/cilium/operator" - tag: "v1.15.5" + tag: "v1.15.8" # operator-generic-digest genericDigest: "" # operator-azure-digest @@ -2710,8 +2710,8 @@ nodeinit: image: override: ~ repository: "quay.io/cilium/startup-script" - tag: "19fb149fb3d5c7a37d3edfaf10a2be3ab7386661" - digest: "sha256:820155cb3b7f00c8d61c1cffa68c44440906cb046bdbad8ff544f5deb1103456" + tag: "c54c7edeab7fde4da68e59acd319ab24af242c3f" + digest: "sha256:8d7b41c4ca45860254b3c19e20210462ef89479bb6331d6760c4e609d651b29c" useDigest: true pullPolicy: "IfNotPresent" @@ -2808,7 +2808,7 @@ preflight: image: override: ~ repository: "quay.io/cilium/cilium" - tag: "v1.15.5" + tag: "v1.15.8" # cilium-digest digest: "" useDigest: false @@ -2970,7 +2970,7 @@ clustermesh: image: override: ~ repository: "quay.io/cilium/clustermesh-apiserver" - tag: "v1.15.5" + tag: "v1.15.8" # clustermesh-apiserver-digest digest: "" useDigest: false @@ -3058,9 +3058,6 @@ clustermesh: # NodePort will be redirected to a local backend, regardless of whether the # destination node belongs to the local or the remote cluster. nodePort: 32379 - # -- Optional loadBalancer IP address to use with type LoadBalancer. - # loadBalancerIP: - # -- Annotations for the clustermesh-apiserver # For GKE LoadBalancer, use annotation cloud.google.com/load-balancer-type: "Internal" # For EKS LoadBalancer, use annotation service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 @@ -3072,6 +3069,21 @@ clustermesh: # -- The internalTrafficPolicy of service used for apiserver access. internalTrafficPolicy: + # @schema + # type: [null, string] + # @schema + # -- Configure a loadBalancerClass. + # Allows to configure the loadBalancerClass on the clustermesh-apiserver + # LB service in case the Service type is set to LoadBalancer + # (requires Kubernetes 1.24+). + loadBalancerClass: ~ + # @schema + # type: [null, string] + # @schema + # -- Configure a specific loadBalancerIP. + # Allows to configure a specific loadBalancerIP on the clustermesh-apiserver + # LB service in case the Service type is set to LoadBalancer. + loadBalancerIP: ~ # -- Number of replicas run for the clustermesh-apiserver deployment. replicas: 1 @@ -3329,7 +3341,10 @@ cgroup: # memory: 128Mi # -- Configure cgroup root where cgroup2 filesystem is mounted on the host (see also: `cgroup.autoMount`) hostRoot: /run/cilium/cgroupv2 - +# -- Configure sysctl override described in #20072. +sysctlfix: + # -- Enable the sysctl override. When enabled, the init container will mount the /proc of the host so that the `sysctlfix` utility can execute. + enabled: true # -- Configure whether to enable auto detect of terminating state for endpoints # in order to support graceful termination. enableK8sTerminatingEndpoint: true @@ -3342,6 +3357,8 @@ enableK8sTerminatingEndpoint: true agentNotReadyTaintKey: "node.cilium.io/agent-not-ready" dnsProxy: + # -- Timeout (in seconds) when closing the connection between the DNS proxy and the upstream server. If set to 0, the connection is closed immediately (with TCP RST). If set to -1, the connection is closed asynchronously in the background. + socketLingerTimeout: 10 # -- DNS response code for rejecting DNS requests, available options are '[nameError refused]'. dnsRejectResponseCode: refused # -- Allow the DNS proxy to compress responses to endpoints that are larger than 512 Bytes or the EDNS0 option, if present. @@ -3411,7 +3428,7 @@ authentication: override: ~ repository: "docker.io/library/busybox" tag: "1.36.1" - digest: "sha256:223ae047b1065bd069aac01ae3ac8088b3ca4a527827e283b85112f29385fb1b" + digest: "sha256:9ae97d36d26566ff84e8893c64a6dc4fe8ca6d1144bf5b87b2b85a32def253c7" useDigest: true pullPolicy: "IfNotPresent" # SPIRE agent configuration diff --git a/internal/constellation/helm/charts/cilium/values.yaml.tmpl b/internal/constellation/helm/charts/cilium/values.yaml.tmpl index 71fad1e51..dff8612a2 100644 --- a/internal/constellation/helm/charts/cilium/values.yaml.tmpl +++ b/internal/constellation/helm/charts/cilium/values.yaml.tmpl @@ -3055,9 +3055,6 @@ clustermesh: # NodePort will be redirected to a local backend, regardless of whether the # destination node belongs to the local or the remote cluster. nodePort: 32379 - # -- Optional loadBalancer IP address to use with type LoadBalancer. - # loadBalancerIP: - # -- Annotations for the clustermesh-apiserver # For GKE LoadBalancer, use annotation cloud.google.com/load-balancer-type: "Internal" # For EKS LoadBalancer, use annotation service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 @@ -3069,6 +3066,21 @@ clustermesh: # -- The internalTrafficPolicy of service used for apiserver access. internalTrafficPolicy: + # @schema + # type: [null, string] + # @schema + # -- Configure a loadBalancerClass. + # Allows to configure the loadBalancerClass on the clustermesh-apiserver + # LB service in case the Service type is set to LoadBalancer + # (requires Kubernetes 1.24+). + loadBalancerClass: ~ + # @schema + # type: [null, string] + # @schema + # -- Configure a specific loadBalancerIP. + # Allows to configure a specific loadBalancerIP on the clustermesh-apiserver + # LB service in case the Service type is set to LoadBalancer. + loadBalancerIP: ~ # -- Number of replicas run for the clustermesh-apiserver deployment. replicas: 1 @@ -3326,7 +3338,10 @@ cgroup: # memory: 128Mi # -- Configure cgroup root where cgroup2 filesystem is mounted on the host (see also: `cgroup.autoMount`) hostRoot: /run/cilium/cgroupv2 - +# -- Configure sysctl override described in #20072. +sysctlfix: + # -- Enable the sysctl override. When enabled, the init container will mount the /proc of the host so that the `sysctlfix` utility can execute. + enabled: true # -- Configure whether to enable auto detect of terminating state for endpoints # in order to support graceful termination. enableK8sTerminatingEndpoint: true @@ -3339,6 +3354,8 @@ enableK8sTerminatingEndpoint: true agentNotReadyTaintKey: "node.cilium.io/agent-not-ready" dnsProxy: + # -- Timeout (in seconds) when closing the connection between the DNS proxy and the upstream server. If set to 0, the connection is closed immediately (with TCP RST). If set to -1, the connection is closed asynchronously in the background. + socketLingerTimeout: 10 # -- DNS response code for rejecting DNS requests, available options are '[nameError refused]'. dnsRejectResponseCode: refused # -- Allow the DNS proxy to compress responses to endpoints that are larger than 512 Bytes or the EDNS0 option, if present. diff --git a/internal/constellation/helm/cilium.patch b/internal/constellation/helm/cilium.patch deleted file mode 100644 index b9c255c25..000000000 --- a/internal/constellation/helm/cilium.patch +++ /dev/null @@ -1,41 +0,0 @@ -diff --git a/install/kubernetes/cilium/Chart.yaml b/install/kubernetes/cilium/Chart.yaml -index 4df10f166b..9f079933b2 100644 ---- a/install/kubernetes/cilium/Chart.yaml -+++ b/install/kubernetes/cilium/Chart.yaml -@@ -2,8 +2,8 @@ apiVersion: v2 - name: cilium - displayName: Cilium - home: https://cilium.io/ --version: 1.15.5 --appVersion: 1.15.5 -+version: 1.15.5-edg.1 -+appVersion: 1.15.5-edg.1 - kubeVersion: ">= 1.16.0-0" - icon: https://cdn.jsdelivr.net/gh/cilium/cilium@v1.15/Documentation/images/logo-solo.svg - description: eBPF-based Networking, Security, and Observability -diff --git a/install/kubernetes/cilium/templates/cilium-agent/daemonset.yaml b/install/kubernetes/cilium/templates/cilium-agent/daemonset.yaml -index ffd5935ba1..e2b8ccff6c 100644 ---- a/install/kubernetes/cilium/templates/cilium-agent/daemonset.yaml -+++ b/install/kubernetes/cilium/templates/cilium-agent/daemonset.yaml -@@ -764,13 +764,14 @@ spec: - - -exc - - | - pref=32 -- interface=$(ip route | awk '/^default/ { print $5 }') -- tc qdisc add dev "${interface}" clsact || true -- tc filter del dev "${interface}" ingress pref "${pref}" 2>/dev/null || true -- handle=0 -- for cidr in ${POD_CIDRS}; do -- handle=$((handle + 1)) -- tc filter replace dev "${interface}" ingress pref "${pref}" handle "${handle}" protocol ip flower dst_ip "${cidr}" action drop -+ for interface in $(ip route | awk '/^default/ { print $5 }'); do -+ tc qdisc add dev "${interface}" clsact || true -+ tc filter del dev "${interface}" ingress pref "${pref}" 2>/dev/null || true -+ handle=0 -+ for cidr in ${POD_CIDRS}; do -+ handle=$((handle + 1)) -+ tc filter replace dev "${interface}" ingress pref "${pref}" handle "${handle}" protocol ip flower dst_ip "${cidr}" action drop -+ done - done - env: - - name: POD_CIDRS diff --git a/internal/constellation/helm/generateCilium.sh b/internal/constellation/helm/generateCilium.sh index 5a05fb466..0517552ba 100755 --- a/internal/constellation/helm/generateCilium.sh +++ b/internal/constellation/helm/generateCilium.sh @@ -21,14 +21,13 @@ git clone \ --no-checkout \ --sparse \ --depth 1 \ - -b v1.15.5-edg.1 \ + -b v1.15.8-edg.0 \ https://github.com/edgelesssys/cilium.git cd cilium git sparse-checkout add install/kubernetes/cilium git checkout -git apply "${calldir}/cilium.patch" cp -r install/kubernetes/cilium "${calldir}/charts" echo # final newline diff --git a/internal/constellation/helm/helm_test.go b/internal/constellation/helm/helm_test.go index 65dfb3396..e22a5fb21 100644 --- a/internal/constellation/helm/helm_test.go +++ b/internal/constellation/helm/helm_test.go @@ -198,7 +198,7 @@ func TestHelmApply(t *testing.T) { if tc.clusterCertManagerVersion != nil { certManagerVersion = *tc.clusterCertManagerVersion } - helmListVersion(lister, "cilium", "v1.15.5-edg.1") + helmListVersion(lister, "cilium", "v1.15.8-edg.0") helmListVersion(lister, "coredns", "v0.0.0") helmListVersion(lister, "cert-manager", certManagerVersion) helmListVersion(lister, "constellation-services", tc.clusterMicroServiceVersion) diff --git a/internal/constellation/helm/loader.go b/internal/constellation/helm/loader.go index da87308ad..dfbe31209 100644 --- a/internal/constellation/helm/loader.go +++ b/internal/constellation/helm/loader.go @@ -381,18 +381,18 @@ func (i *chartLoader) loadCiliumValues(cloudprovider.Provider) (map[string]any, "image": map[string]any{ "repository": "ghcr.io/edgelesssys/cilium/cilium", "suffix": "", - "tag": "v1.15.5-edg.1-experimental", - "digest": "sha256:a7e33355e6c632c826bfce37a8789b58a708c2743b7c1023bc01dbda3cccc241", + "tag": "v1.15.8-edg.0", + "digest": "sha256:67aedd821a732e9ba3e34d200c389122384b70c05ba9a5ffb6ad813a53f2d4db", "useDigest": true, }, "operator": map[string]any{ "image": map[string]any{ "repository": "ghcr.io/edgelesssys/cilium/operator", "suffix": "", - "tag": "v1.15.5-edg.1-experimental", + "tag": "v1.15.8-edg.0", // Careful: this is the digest of ghcr.io/.../operator-generic! // See magic image manipulation in ./helm/charts/cilium/templates/cilium-operator/_helpers.tpl. - "genericDigest": "sha256:f1706b15fa7fc94c3a7d082a93f249f42d4811eb5e2472805a461ba1be3938a7", + "genericDigest": "sha256:dd41e2a65c607ac929d872f10b9d0c3eff88aafa99e7c062e9c240b14943dd2e", "useDigest": true, }, "podDisruptionBudget": map[string]any{ From 2dcea4fa63e7363b603d4bf64b03484cf81e7681 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Wed, 9 Oct 2024 08:34:16 +0200 Subject: [PATCH 288/380] image: update measurements and image version (#3398) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index c563bb6b8..4af277376 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xd3, 0x01, 0xba, 0x77, 0x44, 0xeb, 0xc4, 0x63, 0x2c, 0xec, 0x1b, 0xfa, 0x26, 0x41, 0x5f, 0x95, 0x59, 0x3a, 0xff, 0xb3, 0x35, 0x32, 0xbd, 0xc1, 0xa1, 0xe7, 0x3a, 0xd6, 0xa7, 0x3f, 0x43, 0xae}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xbc, 0x7d, 0x4f, 0x6a, 0x2c, 0x73, 0x24, 0x20, 0xd5, 0x7e, 0x62, 0x3e, 0x0b, 0x14, 0x4a, 0xb9, 0x16, 0xe5, 0xd1, 0xc0, 0x6a, 0xa4, 0xb7, 0x90, 0xc4, 0x33, 0x11, 0xdd, 0xc6, 0xd8, 0x6f, 0x18}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa5, 0x0f, 0xf3, 0xde, 0xf6, 0x77, 0x5f, 0xfc, 0xe0, 0x41, 0xf8, 0x79, 0xa9, 0xc4, 0x20, 0x92, 0x5b, 0xa3, 0x0d, 0x32, 0x64, 0x52, 0xbe, 0x04, 0xc5, 0x3f, 0x6d, 0x58, 0x58, 0x47, 0x57, 0x1d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xe5, 0xd8, 0x8e, 0xbe, 0x7f, 0x66, 0xfd, 0xb9, 0x4c, 0x1c, 0xed, 0x56, 0xf9, 0x32, 0xfa, 0x44, 0x4a, 0x65, 0x70, 0xf9, 0x56, 0xa0, 0x2d, 0xa5, 0x77, 0xdb, 0xb9, 0x9a, 0x07, 0x84, 0xf7, 0x21}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x3f, 0x1f, 0x4a, 0x96, 0xd6, 0xfa, 0x3e, 0x56, 0xf5, 0xdc, 0xbb, 0x7b, 0x48, 0x99, 0x9a, 0x10, 0x3c, 0x38, 0x32, 0x1a, 0x8c, 0x61, 0xde, 0x4b, 0xe2, 0x9d, 0x17, 0xc7, 0x9e, 0x52, 0xd7, 0xbf}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x04, 0xab, 0x6f, 0xe1, 0xd1, 0xde, 0x64, 0xfa, 0x41, 0x55, 0xa6, 0x7e, 0x2d, 0xce, 0xda, 0x69, 0x4a, 0x52, 0xab, 0xea, 0xff, 0x06, 0x30, 0xc5, 0xb7, 0xda, 0x59, 0x40, 0x4b, 0x8f, 0xb9, 0x7c}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x3f, 0x72, 0x6f, 0x69, 0xf0, 0x73, 0x24, 0xac, 0x62, 0x96, 0x8c, 0x16, 0xb7, 0x92, 0xbd, 0xdf, 0xd9, 0x5d, 0x23, 0x99, 0x0c, 0x34, 0x13, 0x57, 0x5a, 0x74, 0xa2, 0x0c, 0x7d, 0x4a, 0x29, 0x3e}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x6c, 0x32, 0xbf, 0xc3, 0xc0, 0x9e, 0x32, 0xe7, 0xbe, 0xec, 0xe2, 0xeb, 0x2b, 0xa0, 0xaf, 0xbd, 0x11, 0xd6, 0x9c, 0x46, 0xc7, 0x5a, 0xc1, 0x66, 0xed, 0xde, 0xd2, 0xba, 0x04, 0x18, 0x5e, 0xc3}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xc5, 0x30, 0xe3, 0xfb, 0xbd, 0x48, 0xaa, 0x4f, 0x9d, 0x95, 0x07, 0x3e, 0x7a, 0xe1, 0xd9, 0x9d, 0xef, 0x6b, 0x5f, 0x27, 0x9b, 0x2f, 0xe2, 0xb0, 0x18, 0x72, 0x4a, 0xb0, 0x67, 0x44, 0xb4, 0x0c}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xb9, 0x8c, 0x43, 0x3c, 0xf3, 0xc6, 0x48, 0x73, 0x11, 0x74, 0xa9, 0x8d, 0x76, 0x7b, 0x29, 0xeb, 0x9f, 0xec, 0xdb, 0xde, 0xbf, 0x54, 0x3d, 0x8f, 0xfe, 0xf7, 0x1a, 0x72, 0x61, 0x13, 0xc7, 0x3b}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x7b, 0x32, 0x1e, 0x23, 0xad, 0x5a, 0x38, 0xf6, 0x77, 0x3c, 0xd7, 0xa9, 0x3d, 0x51, 0xc9, 0x56, 0x78, 0xf4, 0x84, 0x77, 0xef, 0x4a, 0x09, 0x09, 0x08, 0xcb, 0x58, 0x06, 0xba, 0x01, 0x0e, 0x3f}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x66, 0xad, 0x71, 0x66, 0x3f, 0xdc, 0x35, 0x1c, 0x88, 0x14, 0xf7, 0x1f, 0x2e, 0x4a, 0x23, 0xdc, 0xec, 0xd0, 0x43, 0xb1, 0xed, 0x52, 0x17, 0xc4, 0x8e, 0xda, 0xa7, 0x3e, 0x14, 0x94, 0x79, 0xc3}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x0b, 0x02, 0x5a, 0xaf, 0x3a, 0x99, 0xd5, 0x27, 0x63, 0x18, 0x7c, 0x35, 0x52, 0x70, 0xf2, 0xd4, 0x06, 0x1c, 0x4e, 0xf0, 0x80, 0x70, 0xbb, 0x8e, 0x9e, 0xa9, 0x37, 0x44, 0xb7, 0xec, 0x66, 0x62}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x6d, 0x18, 0x5b, 0x6b, 0x1c, 0x4c, 0x96, 0x0b, 0x94, 0x3c, 0x37, 0x18, 0x41, 0x3b, 0x48, 0x9c, 0x7f, 0x9e, 0x5d, 0x10, 0x90, 0xa3, 0xdd, 0xf3, 0xbf, 0xe3, 0x2f, 0xeb, 0xc4, 0x89, 0x80, 0x68}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa0, 0x1e, 0x46, 0xad, 0x67, 0x3f, 0x3d, 0x46, 0xb6, 0x4a, 0xaa, 0xa8, 0xd4, 0xaf, 0x29, 0x38, 0x69, 0x91, 0xf5, 0xcd, 0xb2, 0x3c, 0xa2, 0x21, 0xfd, 0xe2, 0xe4, 0x9b, 0xbe, 0x0e, 0xe0, 0xda}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x47, 0x90, 0x1f, 0xbd, 0x0a, 0xa6, 0x83, 0xc2, 0x3c, 0x8c, 0xab, 0x2b, 0xa0, 0xf5, 0x96, 0xf4, 0x92, 0x00, 0x3e, 0xa3, 0x53, 0xa4, 0x47, 0x2a, 0x39, 0xd6, 0x62, 0x59, 0x94, 0xe1, 0xbb, 0x6d}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xdc, 0x31, 0x02, 0xb2, 0x73, 0x50, 0x65, 0x71, 0x3e, 0x86, 0x08, 0x47, 0xe9, 0x34, 0x64, 0xea, 0x6b, 0xf6, 0xc5, 0x4c, 0x81, 0xe0, 0x25, 0x80, 0x2d, 0xfe, 0xf4, 0x8e, 0x35, 0xc1, 0xee, 0x6b}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x9e, 0x11, 0xf5, 0x8a, 0x7c, 0xb6, 0x97, 0x6f, 0xdf, 0x68, 0x2d, 0x91, 0x00, 0x40, 0x43, 0x58, 0x75, 0x64, 0x37, 0x6e, 0x84, 0x25, 0x0c, 0xea, 0x98, 0xe6, 0xca, 0xee, 0xbe, 0xb4, 0xad, 0xd1}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x81, 0x0a, 0x42, 0x7c, 0x0a, 0x5e, 0x7c, 0x4d, 0xef, 0x7d, 0xb7, 0x5f, 0x91, 0x8b, 0xea, 0x07, 0x2f, 0x0a, 0xa4, 0x61, 0x2a, 0x43, 0x69, 0x2c, 0xcf, 0xa1, 0x38, 0xa3, 0xa2, 0x18, 0xd6, 0x0f}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x36, 0x4e, 0xf0, 0x1b, 0x1a, 0x9b, 0x04, 0x94, 0x91, 0xf5, 0xec, 0xf1, 0xb6, 0xf0, 0x59, 0xa1, 0x9d, 0x4a, 0xe4, 0x71, 0xfd, 0x71, 0x94, 0xfd, 0x4a, 0x3b, 0x72, 0xd6, 0x3e, 0x54, 0xe5, 0xef}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe5, 0x84, 0x96, 0xb3, 0x33, 0x1f, 0x9d, 0x47, 0x8d, 0x26, 0x76, 0x29, 0x26, 0xf7, 0x3e, 0xaa, 0x5c, 0x9c, 0x77, 0x3c, 0x41, 0xc6, 0x41, 0x39, 0x60, 0xb8, 0xed, 0x57, 0x0d, 0x6e, 0x00, 0xd8}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x1a, 0x58, 0xa6, 0xf5, 0x00, 0x1d, 0xa3, 0xe5, 0xec, 0xc3, 0xa8, 0x26, 0xd9, 0x4d, 0xc5, 0x09, 0xe9, 0x88, 0x65, 0xd8, 0x9c, 0x75, 0x9e, 0xc2, 0xd3, 0x6d, 0x95, 0x34, 0x05, 0xe1, 0x00, 0xa1}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x53, 0x75, 0x48, 0x58, 0x81, 0x19, 0xaa, 0xfd, 0x3d, 0x16, 0xba, 0x4b, 0xd0, 0x70, 0xde, 0x60, 0x72, 0xe9, 0x30, 0xf1, 0xd0, 0x23, 0xe0, 0x79, 0xe1, 0x2c, 0xea, 0x51, 0x4a, 0x32, 0x77, 0x65}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x8c, 0x58, 0xef, 0xa1, 0xae, 0xf2, 0x96, 0x1f, 0x30, 0x6c, 0x4c, 0x0d, 0x9b, 0x1b, 0xbb, 0xb3, 0x97, 0xd7, 0xfa, 0xff, 0x4a, 0xb8, 0x69, 0x14, 0xe3, 0x99, 0x46, 0x5c, 0xaa, 0x0f, 0xa1, 0x04}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xc4, 0x3c, 0x72, 0x26, 0x23, 0xdc, 0x43, 0x9f, 0xfb, 0x01, 0xae, 0x5c, 0xd2, 0xa3, 0xdd, 0x91, 0x44, 0x0b, 0x51, 0x13, 0xf9, 0xef, 0x8f, 0x8d, 0xcd, 0x01, 0x15, 0x73, 0xfc, 0x59, 0x8f, 0x7d}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x85, 0x39, 0x92, 0xb3, 0x81, 0xee, 0x3c, 0x7c, 0x1c, 0x44, 0xec, 0xf0, 0xf7, 0x85, 0x81, 0x3b, 0xfd, 0xe6, 0x80, 0x28, 0x44, 0x41, 0x13, 0x44, 0x75, 0xef, 0xf4, 0x4c, 0x74, 0xa6, 0xda, 0x36}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x54, 0x9c, 0x8b, 0x8b, 0xb2, 0x98, 0xf8, 0xff, 0xfa, 0x74, 0x6e, 0xb6, 0x76, 0x3a, 0x0e, 0xb1, 0x52, 0x95, 0x4c, 0xb1, 0x5c, 0x24, 0x30, 0x73, 0xbc, 0xbb, 0xf7, 0x2e, 0x7a, 0xc6, 0x44, 0x56}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xee, 0x4e, 0x8e, 0x7e, 0x5f, 0x7a, 0xc3, 0x08, 0x6b, 0x3c, 0x3d, 0x9b, 0xd3, 0x29, 0xf3, 0xfb, 0xd2, 0xb4, 0x8a, 0x8d, 0x55, 0xf4, 0x41, 0x06, 0x7c, 0x84, 0x30, 0xae, 0xf9, 0xce, 0xe6, 0x63}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x0d, 0x25, 0x1d, 0x96, 0x33, 0xe3, 0x36, 0x1c, 0x0e, 0x15, 0x1d, 0xa5, 0xb5, 0x0c, 0xdd, 0x24, 0x3f, 0x65, 0x68, 0xbf, 0x29, 0x49, 0x01, 0x7b, 0xb3, 0x4f, 0x6c, 0x5d, 0x89, 0x25, 0x36, 0x0c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x98, 0xc2, 0x9b, 0x7d, 0x01, 0x3b, 0x69, 0x88, 0xe4, 0xd5, 0x2d, 0x0c, 0xc8, 0xd8, 0x23, 0x0f, 0x11, 0xab, 0x02, 0xa8, 0xe1, 0x6b, 0x39, 0x5f, 0x9c, 0xaa, 0x45, 0xbf, 0xe2, 0x8a, 0xf4, 0x80}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0x46, 0x58, 0xeb, 0x23, 0xf6, 0xe9, 0x24, 0xf1, 0x45, 0xc2, 0x85, 0x24, 0xc5, 0xcd, 0x67, 0x75, 0xed, 0xc2, 0x4d, 0x00, 0x51, 0xe2, 0xa0, 0x7e, 0xbd, 0xc2, 0xd8, 0x79, 0x07, 0x45, 0x64, 0xbe}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb6, 0x1c, 0x98, 0xb3, 0x1d, 0x18, 0x4c, 0xe6, 0x2e, 0x7b, 0x6e, 0xe9, 0x7d, 0x72, 0x6c, 0xc8, 0xa4, 0xe3, 0xba, 0x44, 0xfe, 0x34, 0x23, 0x91, 0x45, 0xcb, 0xc6, 0x8c, 0xa0, 0xda, 0x8a, 0x78}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf8, 0xca, 0xd9, 0xb6, 0x58, 0xfe, 0x87, 0x53, 0xa6, 0x45, 0x0a, 0xb7, 0xe1, 0x3b, 0x98, 0x42, 0x33, 0x88, 0x83, 0x0f, 0x62, 0x23, 0x6a, 0xcf, 0x90, 0xca, 0x57, 0x45, 0x98, 0x77, 0xf4, 0x79}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xe1, 0x54, 0x1d, 0xa3, 0x45, 0x64, 0x92, 0x1c, 0xcd, 0x42, 0x45, 0x81, 0x64, 0xa4, 0x03, 0x43, 0x34, 0x04, 0x6f, 0x7d, 0x7f, 0x31, 0x39, 0xc8, 0xca, 0xdd, 0x16, 0xc6, 0x17, 0x31, 0xaa, 0x57}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x7c, 0x8f, 0x0c, 0x9d, 0x69, 0x3e, 0x42, 0xaa, 0x08, 0x08, 0xbf, 0x0b, 0x2f, 0xfc, 0x1f, 0x0b, 0xd7, 0x83, 0x4e, 0x96, 0xb4, 0xcd, 0xce, 0x65, 0x57, 0x9d, 0x7e, 0x44, 0x01, 0x39, 0x50, 0xde}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x39, 0xa8, 0x14, 0x4a, 0xc1, 0xfc, 0x83, 0x8e, 0xd6, 0xa9, 0xa5, 0x64, 0xb9, 0xf5, 0xb9, 0x78, 0x8c, 0x1f, 0x98, 0x64, 0x40, 0x20, 0x8e, 0x99, 0x5a, 0x4a, 0x28, 0x6c, 0xed, 0xac, 0x6e, 0x02}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xc7, 0xb6, 0x0d, 0x48, 0x44, 0xd7, 0x2f, 0x3e, 0x9f, 0x00, 0xd1, 0x01, 0x61, 0x26, 0x95, 0x60, 0xe2, 0x73, 0xbb, 0x8d, 0x2e, 0x76, 0xa2, 0xb6, 0x9c, 0x31, 0xb6, 0xc5, 0x11, 0xd7, 0x57, 0x38}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd8, 0x24, 0x14, 0x85, 0x39, 0x16, 0x20, 0x14, 0x22, 0x50, 0x4a, 0x5f, 0x96, 0x29, 0xfd, 0x36, 0xa9, 0xd7, 0xb1, 0x81, 0xa3, 0x0c, 0x23, 0xd2, 0x7d, 0x68, 0xeb, 0xa4, 0xc9, 0xc2, 0x9c, 0x16}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x83, 0x58, 0x80, 0x54, 0xda, 0x69, 0xc2, 0xa2, 0xf9, 0x69, 0x57, 0xcb, 0xd3, 0x61, 0x1a, 0x9c, 0x93, 0x9c, 0x8d, 0xc1, 0x38, 0x6b, 0x26, 0x03, 0xc5, 0x9b, 0x33, 0xd8, 0x5d, 0xed, 0x19, 0x95}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0x0c, 0xc7, 0x30, 0xbc, 0x93, 0xf2, 0x0c, 0xd2, 0x6b, 0x71, 0xb8, 0x88, 0x5c, 0x79, 0xa7, 0xdb, 0x6e, 0x12, 0xcf, 0x97, 0xdf, 0x0c, 0x0e, 0xe3, 0x19, 0x2b, 0xb7, 0x75, 0xce, 0xea, 0xb9, 0x36}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x6d, 0xa0, 0x09, 0x7a, 0x5d, 0xdc, 0x1a, 0x94, 0xb8, 0x06, 0xa9, 0x68, 0x7b, 0xf6, 0xeb, 0xbd, 0x5e, 0x9a, 0x9d, 0xfd, 0xc6, 0x3c, 0x08, 0xe4, 0x7b, 0x0b, 0x92, 0x25, 0x46, 0xe5, 0x9e, 0x25}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xba, 0xe0, 0xb9, 0x2f, 0xb1, 0xdd, 0x7e, 0xef, 0x45, 0xe2, 0xc1, 0xca, 0x4c, 0xc3, 0x54, 0x1f, 0xd4, 0x03, 0x3d, 0xc5, 0x80, 0xc2, 0x49, 0x09, 0xa0, 0xea, 0x00, 0xc4, 0xb2, 0x01, 0x25, 0xf8}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0x81, 0x0e, 0xec, 0xf2, 0xe2, 0x87, 0x17, 0xc5, 0x87, 0x28, 0x3d, 0x36, 0x7b, 0x45, 0x20, 0xf1, 0x3c, 0x55, 0x97, 0x8f, 0xbc, 0xc2, 0xe0, 0xa4, 0xbc, 0x29, 0x39, 0x1c, 0x88, 0xa1, 0x42, 0x1c}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd6, 0x25, 0xcd, 0xc3, 0x33, 0x98, 0x33, 0xf5, 0x7d, 0xcf, 0xd6, 0x3d, 0x79, 0x75, 0xb5, 0x85, 0x7d, 0x55, 0x31, 0xf2, 0x84, 0x3d, 0xfb, 0xfe, 0x56, 0x17, 0xc0, 0x0f, 0x99, 0x94, 0x0c, 0x79}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xb4, 0x48, 0x09, 0x9b, 0x7b, 0x26, 0xa0, 0x90, 0x31, 0x92, 0x4a, 0x5e, 0xcb, 0xc5, 0x8c, 0xc0, 0x98, 0xd5, 0x2a, 0xff, 0x0d, 0x6f, 0xa7, 0xcc, 0x4f, 0x97, 0x0b, 0x6f, 0x18, 0x9d, 0x01, 0xdc}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0xc4, 0x42, 0x73, 0xe6, 0x07, 0x64, 0x77, 0x8f, 0x5c, 0x28, 0x40, 0x10, 0x05, 0x7c, 0xd8, 0xe3, 0xb3, 0x7c, 0x9e, 0xa9, 0x59, 0x96, 0x7e, 0xe7, 0xa5, 0x0c, 0xd6, 0x3d, 0xc0, 0xd9, 0xe9, 0x35}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x5e, 0xe4, 0xd7, 0x0d, 0x17, 0x5d, 0xdb, 0x58, 0x15, 0xf3, 0x4a, 0xad, 0x08, 0xb8, 0x13, 0x25, 0x1c, 0xa6, 0x77, 0x93, 0xd6, 0x93, 0xa9, 0xce, 0x5d, 0x25, 0x71, 0x33, 0xdf, 0x71, 0x25, 0xfc}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x90, 0x7f, 0x15, 0x26, 0x05, 0x18, 0xe3, 0xba, 0xd6, 0xce, 0xcd, 0x9b, 0xd3, 0xc4, 0xd0, 0x60, 0xef, 0x83, 0xe5, 0x1d, 0xff, 0x34, 0xf6, 0x53, 0xb3, 0xa8, 0x39, 0x26, 0x25, 0x3c, 0x4e, 0xf0}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index 194d172e1..b43aa47ca 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.19.0-pre.0.20241002102227-622406de2c05" + defaultImage = "ref/main/stream/nightly/v2.19.0-pre.0.20241008105529-961fabbd1ac0" ) From 28541361922d9a55b2e3b43c3408b401d2bb7c36 Mon Sep 17 00:00:00 2001 From: 3u13r Date: Wed, 9 Oct 2024 11:31:17 +0200 Subject: [PATCH 289/380] Allow upgrades on azure without Terraform changes on LBs created from within Kubernetes (#3257) * k8s: use separate lb for K8s services on azure * terraform: introduce local revision variable and data resource * terraform: azure: dont expose full nodeport range * docs: add Azure load balancer migration --- docs/docs/reference/migration.md | 14 +++++- internal/constellation/helm/overrides.go | 2 +- terraform/infrastructure/aws/main.tf | 7 +++ terraform/infrastructure/azure/main.tf | 43 ++++++++++++++----- .../azure/modules/scale_set/main.tf | 1 + terraform/infrastructure/gcp/main.tf | 7 +++ terraform/infrastructure/openstack/main.tf | 7 +++ terraform/infrastructure/qemu/main.tf | 7 +++ 8 files changed, 75 insertions(+), 13 deletions(-) diff --git a/docs/docs/reference/migration.md b/docs/docs/reference/migration.md index 36680eef6..49cbde702 100644 --- a/docs/docs/reference/migration.md +++ b/docs/docs/reference/migration.md @@ -3,7 +3,19 @@ This document describes breaking changes and migrations between Constellation releases. Use [`constellation config migrate`](./cli.md#constellation-config-migrate) to automatically update an old config file to a new format. -## Migrating from Azure's service principal authentication to managed identity authentication + +## Migrations to v2.19.0 + +### Azure + +* To allow seamless upgrades on Azure when Kubernetes services of type `LoadBalancer` are deployed, the target + load balancer in which the `cloud-controller-manager` creates load balancing rules was changed. Instead of using the load balancer + created and maintained by the CLI's Terraform code, the `cloud-controller-manager` now creates its own load balancer in Azure. + If your Constellation has services of type `LoadBalancer`, please remove them before the upgrade and re-apply them + afterward. + + +## Migrating from Azure's service principal authentication to managed identity authentication (during the upgrade to Constellation v2.8.0) - The `provider.azure.appClientID` and `provider.azure.appClientSecret` fields are no longer supported and should be removed. - To keep using an existing UAMI, add the `Owner` permission with the scope of your `resourceGroup`. diff --git a/internal/constellation/helm/overrides.go b/internal/constellation/helm/overrides.go index deb515909..fdadaac88 100644 --- a/internal/constellation/helm/overrides.go +++ b/internal/constellation/helm/overrides.go @@ -243,7 +243,7 @@ func getCCMConfig(azureState state.Azure, serviceAccURI string) ([]byte, error) ResourceGroup: azureState.ResourceGroup, LoadBalancerSku: "standard", SecurityGroupName: azureState.NetworkSecurityGroupName, - LoadBalancerName: azureState.LoadBalancerName, + LoadBalancerName: "kubernetes-lb", UseInstanceMetadata: true, VMType: "vmss", Location: creds.Location, diff --git a/terraform/infrastructure/aws/main.tf b/terraform/infrastructure/aws/main.tf index b3bb9d298..28bcd09a1 100644 --- a/terraform/infrastructure/aws/main.tf +++ b/terraform/infrastructure/aws/main.tf @@ -55,6 +55,13 @@ locals { in_cluster_endpoint = aws_lb.front_end.dns_name out_of_cluster_endpoint = var.internal_load_balancer && var.debug ? module.jump_host[0].ip : local.in_cluster_endpoint + revision = 1 +} + +# A way to force replacement of resources if the provider does not want to replace them +# see: https://developer.hashicorp.com/terraform/language/resources/terraform-data#example-usage-data-for-replace_triggered_by +resource "terraform_data" "replacement" { + input = local.revision } resource "random_id" "uid" { diff --git a/terraform/infrastructure/azure/main.tf b/terraform/infrastructure/azure/main.tf index 7f8214540..147197ab3 100644 --- a/terraform/infrastructure/azure/main.tf +++ b/terraform/infrastructure/azure/main.tf @@ -37,7 +37,6 @@ locals { { name = "kubernetes", port = "6443", health_check_protocol = "Https", path = "/readyz", priority = 100 }, { name = "bootstrapper", port = "9000", health_check_protocol = "Tcp", path = null, priority = 101 }, { name = "verify", port = "30081", health_check_protocol = "Tcp", path = null, priority = 102 }, - { name = "konnectivity", port = "8132", health_check_protocol = "Tcp", path = null, priority = 103 }, { name = "recovery", port = "9999", health_check_protocol = "Tcp", path = null, priority = 104 }, { name = "join", port = "30090", health_check_protocol = "Tcp", path = null, priority = 105 }, var.debug ? [{ name = "debugd", port = "4000", health_check_protocol = "Tcp", path = null, priority = 106 }] : [], @@ -53,6 +52,13 @@ locals { in_cluster_endpoint = var.internal_load_balancer ? azurerm_lb.loadbalancer.frontend_ip_configuration[0].private_ip_address : azurerm_public_ip.loadbalancer_ip[0].ip_address out_of_cluster_endpoint = var.debug && var.internal_load_balancer ? module.jump_host[0].ip : local.in_cluster_endpoint + revision = 1 +} + +# A way to force replacement of resources if the provider does not want to replace them +# see: https://developer.hashicorp.com/terraform/language/resources/terraform-data#example-usage-data-for-replace_triggered_by +resource "terraform_data" "replacement" { + input = local.revision } resource "random_id" "uid" { @@ -223,10 +229,13 @@ resource "azurerm_network_security_group" "security_group" { tags = local.tags dynamic "security_rule" { - for_each = concat( - local.ports, - [{ name = "nodeports", port = local.ports_node_range, priority = 200 }] - ) + # we keep this rule for one last release since the azurerm provider does not + # support moving security rules that are inlined (like this) to the external resource one. + # Even worse, just defining the azurerm_network_security_group without the + # "security_rule" block will NOT remove all the rules but do nothing. + # TODO(@3u13r): remove the "security_rule" block in the next release after this code has landed. + # So either after 2.19 or after 2.18.X if cherry-picked release. + for_each = [{ name = "konnectivity", priority = 1000, port = 8132 }] content { name = security_rule.value.name priority = security_rule.value.priority @@ -241,6 +250,24 @@ resource "azurerm_network_security_group" "security_group" { } } +resource "azurerm_network_security_rule" "nsg_rule" { + for_each = { + for o in local.ports : o.name => o + } + + name = each.value.name + priority = each.value.priority + direction = "Inbound" + access = "Allow" + protocol = "Tcp" + source_port_range = "*" + destination_port_range = each.value.port + source_address_prefix = "*" + destination_address_prefix = "*" + resource_group_name = var.resource_group + network_security_group_name = azurerm_network_security_group.security_group.name +} + module "scale_set_group" { source = "./modules/scale_set" for_each = var.node_groups @@ -268,12 +295,6 @@ module "scale_set_group" { subnet_id = azurerm_subnet.node_subnet.id backend_address_pool_ids = each.value.role == "control-plane" ? [module.loadbalancer_backend_control_plane.backendpool_id] : [] marketplace_image = var.marketplace_image - - # We still depend on the backends, since we are not sure if the VMs inside the VMSS have been - # "updated" to the new version (note: this is the update in Azure which "refreshes" the NICs and not - # our Constellation update). - # TODO(@3u13r): Remove this dependency after v2.18.0 has been released. - depends_on = [module.loadbalancer_backend_worker, azurerm_lb_backend_address_pool.all] } module "jump_host" { diff --git a/terraform/infrastructure/azure/modules/scale_set/main.tf b/terraform/infrastructure/azure/modules/scale_set/main.tf index 99073ef46..1573b6a5a 100644 --- a/terraform/infrastructure/azure/modules/scale_set/main.tf +++ b/terraform/infrastructure/azure/modules/scale_set/main.tf @@ -122,6 +122,7 @@ resource "azurerm_linux_virtual_machine_scale_set" "scale_set" { instances, # required. autoscaling modifies the instance count externally source_image_id, # required. update procedure modifies the image id externally source_image_reference, # required. update procedure modifies the image reference externally + network_interface[0].ip_configuration[0].load_balancer_backend_address_pool_ids ] } } diff --git a/terraform/infrastructure/gcp/main.tf b/terraform/infrastructure/gcp/main.tf index 83fb9c182..722421608 100644 --- a/terraform/infrastructure/gcp/main.tf +++ b/terraform/infrastructure/gcp/main.tf @@ -60,6 +60,13 @@ locals { ] in_cluster_endpoint = var.internal_load_balancer ? google_compute_address.loadbalancer_ip_internal[0].address : google_compute_global_address.loadbalancer_ip[0].address out_of_cluster_endpoint = var.debug && var.internal_load_balancer ? module.jump_host[0].ip : local.in_cluster_endpoint + revision = 1 +} + +# A way to force replacement of resources if the provider does not want to replace them +# see: https://developer.hashicorp.com/terraform/language/resources/terraform-data#example-usage-data-for-replace_triggered_by +resource "terraform_data" "replacement" { + input = local.revision } resource "random_id" "uid" { diff --git a/terraform/infrastructure/openstack/main.tf b/terraform/infrastructure/openstack/main.tf index e571977a0..3116b4f9e 100644 --- a/terraform/infrastructure/openstack/main.tf +++ b/terraform/infrastructure/openstack/main.tf @@ -59,6 +59,13 @@ locals { cloudsyaml_path = length(var.openstack_clouds_yaml_path) > 0 ? var.openstack_clouds_yaml_path : "~/.config/openstack/clouds.yaml" cloudsyaml = yamldecode(file(pathexpand(local.cloudsyaml_path))) cloudyaml = local.cloudsyaml.clouds[var.cloud] + revision = 1 +} + +# A way to force replacement of resources if the provider does not want to replace them +# see: https://developer.hashicorp.com/terraform/language/resources/terraform-data#example-usage-data-for-replace_triggered_by +resource "terraform_data" "replacement" { + input = local.revision } resource "random_id" "uid" { diff --git a/terraform/infrastructure/qemu/main.tf b/terraform/infrastructure/qemu/main.tf index 62ec2a013..52b3138dc 100644 --- a/terraform/infrastructure/qemu/main.tf +++ b/terraform/infrastructure/qemu/main.tf @@ -23,6 +23,13 @@ locals { cidr_vpc_subnet_nodes = "10.42.0.0/22" cidr_vpc_subnet_control_planes = "10.42.1.0/24" cidr_vpc_subnet_worker = "10.42.2.0/24" + revision = 1 +} + +# A way to force replacement of resources if the provider does not want to replace them +# see: https://developer.hashicorp.com/terraform/language/resources/terraform-data#example-usage-data-for-replace_triggered_by +resource "terraform_data" "replacement" { + input = local.revision } resource "random_password" "init_secret" { From b1cf9bc3fefad610af0184e8fa33505d3396ac13 Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Wed, 9 Oct 2024 11:33:21 +0200 Subject: [PATCH 290/380] e2e: upgrade: allow specifying the origin k8s version (#3397) --- .github/workflows/e2e-upgrade.yml | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/.github/workflows/e2e-upgrade.yml b/.github/workflows/e2e-upgrade.yml index 840ad3699..58a91e626 100644 --- a/.github/workflows/e2e-upgrade.yml +++ b/.github/workflows/e2e-upgrade.yml @@ -22,6 +22,10 @@ on: description: CLI version to create a new cluster with. This has to be a released version, e.g., 'v2.1.3'. type: string required: true + fromKubernetes: + description: Kubernetes version for the origin cluster, empty for origin target's default version. + type: string + required: false gitRef: description: Ref to build upgrading CLI on, empty for HEAD. type: string @@ -32,11 +36,11 @@ on: type: string required: false toKubernetes: - description: Kubernetes version to target for the upgrade, empty for target's default version. + description: Kubernetes version to target for the upgrade, empty for upgrade target's default version. type: string required: false toMicroservices: - description: Microservice version to target for the upgrade, empty for target's default version. + description: Microservice version to target for the upgrade, empty for upgrade target's default version. type: string required: false simulatedTargetVersion: @@ -60,6 +64,10 @@ on: description: CLI version to create a new cluster with. This has to be a released version, e.g., 'v2.1.3'. type: string required: true + fromKubernetes: + description: Kubernetes version for the origin cluster, empty for origin target's default version. + type: string + required: false gitRef: description: Ref to build upgrading CLI on. type: string @@ -215,6 +223,7 @@ jobs: osImage: ${{ inputs.fromVersion }} isDebugImage: "false" cliVersion: ${{ inputs.fromVersion }} + kubernetesVersion: ${{ inputs.fromKubernetes }} regionZone: ${{ inputs.regionZone }} gcpProject: constellation-e2e gcpClusterCreateServiceAccount: "infrastructure-e2e@constellation-e2e.iam.gserviceaccount.com" From ac26c80a909dfa851b15e62d7685a7d25a4cf3fd Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 9 Oct 2024 12:16:10 +0200 Subject: [PATCH 291/380] deps: update GitHub action dependencies (#3399) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/actions/publish_helmchart/action.yml | 2 +- .github/actions/setup_bazel_nix/action.yml | 2 +- .github/workflows/aws-snp-launchmeasurement.yml | 4 ++-- .github/workflows/build-ccm-gcp.yml | 4 ++-- .github/workflows/build-gcp-guest-agent.yml | 2 +- .github/workflows/build-libvirt-container.yml | 2 +- .github/workflows/build-logcollector-images.yml | 2 +- .github/workflows/build-os-image-scheduled.yml | 8 ++++---- .github/workflows/build-os-image.yml | 2 +- .github/workflows/check-links.yml | 4 ++-- .github/workflows/codeql.yml | 2 +- .github/workflows/docs-vale.yml | 2 +- .github/workflows/draft-release.yml | 16 ++++++++-------- .github/workflows/e2e-attestationconfigapi.yml | 2 +- .github/workflows/e2e-mini.yml | 2 +- .github/workflows/e2e-test-daily.yml | 6 +++--- .github/workflows/e2e-test-provider-example.yml | 2 +- .github/workflows/e2e-test-weekly.yml | 6 +++--- .github/workflows/e2e-test.yml | 4 ++-- .github/workflows/e2e-upgrade.yml | 10 +++++----- .github/workflows/e2e-windows.yml | 4 ++-- .github/workflows/on-release.yml | 8 ++++---- .github/workflows/purge-main.yml | 2 +- .github/workflows/release.yml | 12 ++++++------ .github/workflows/reproducible-builds.yml | 4 ++-- .github/workflows/scorecard.yml | 2 +- .github/workflows/sync-terraform-docs.yml | 2 +- .github/workflows/test-integration.yml | 2 +- .github/workflows/test-operator-codegen.yml | 2 +- .github/workflows/test-tfsec.yml | 2 +- .github/workflows/update-rpms.yml | 4 ++-- .github/workflows/versionsapi.yml | 2 +- 32 files changed, 65 insertions(+), 65 deletions(-) diff --git a/.github/actions/publish_helmchart/action.yml b/.github/actions/publish_helmchart/action.yml index e96365851..0ad16963b 100644 --- a/.github/actions/publish_helmchart/action.yml +++ b/.github/actions/publish_helmchart/action.yml @@ -29,7 +29,7 @@ runs: echo version=$(yq eval ".version" ${{ inputs.chartPath }}/Chart.yaml) | tee -a $GITHUB_OUTPUT - name: Create pull request - uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0 + uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 with: path: helm branch: "release/s3proxy/${{ steps.update-chart-version.outputs.version }}" diff --git a/.github/actions/setup_bazel_nix/action.yml b/.github/actions/setup_bazel_nix/action.yml index 378d36e00..434bf51d9 100644 --- a/.github/actions/setup_bazel_nix/action.yml +++ b/.github/actions/setup_bazel_nix/action.yml @@ -113,7 +113,7 @@ runs: - name: Install nix if: steps.check_inputs.outputs.nixPreinstalled == 'false' - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27 + uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30 - name: Set $USER if not set shell: bash diff --git a/.github/workflows/aws-snp-launchmeasurement.yml b/.github/workflows/aws-snp-launchmeasurement.yml index a08088896..c27c262b4 100644 --- a/.github/workflows/aws-snp-launchmeasurement.yml +++ b/.github/workflows/aws-snp-launchmeasurement.yml @@ -8,7 +8,7 @@ on: jobs: run: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Checkout repository uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 @@ -17,7 +17,7 @@ jobs: path: constellation - name: Install Nix - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27 + uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30 - name: Download Firmware release id: download-firmware diff --git a/.github/workflows/build-ccm-gcp.yml b/.github/workflows/build-ccm-gcp.yml index fdc2446a4..86b942de2 100644 --- a/.github/workflows/build-ccm-gcp.yml +++ b/.github/workflows/build-ccm-gcp.yml @@ -13,7 +13,7 @@ on: jobs: find-ccm-versions: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 outputs: versions: ${{ steps.find-versions.outputs.versions }} latest: ${{ steps.find-latest.outputs.latest }} @@ -54,7 +54,7 @@ jobs: build-ccm-gcp: # matrix cannot handle empty lists if: needs.find-ccm-versions.outputs.versions != '[]' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: contents: read packages: write diff --git a/.github/workflows/build-gcp-guest-agent.yml b/.github/workflows/build-gcp-guest-agent.yml index 9a5274aeb..493331944 100644 --- a/.github/workflows/build-gcp-guest-agent.yml +++ b/.github/workflows/build-gcp-guest-agent.yml @@ -10,7 +10,7 @@ env: jobs: build-gcp-guest-agent: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: contents: read packages: write diff --git a/.github/workflows/build-libvirt-container.yml b/.github/workflows/build-libvirt-container.yml index 186db02c1..c4fda1ffd 100644 --- a/.github/workflows/build-libvirt-container.yml +++ b/.github/workflows/build-libvirt-container.yml @@ -13,7 +13,7 @@ on: jobs: build-container: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: contents: read packages: write diff --git a/.github/workflows/build-logcollector-images.yml b/.github/workflows/build-logcollector-images.yml index 082ac4287..d5f39c8f7 100644 --- a/.github/workflows/build-logcollector-images.yml +++ b/.github/workflows/build-logcollector-images.yml @@ -13,7 +13,7 @@ on: jobs: build-logcollector-debugd-images: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: contents: read packages: write diff --git a/.github/workflows/build-os-image-scheduled.yml b/.github/workflows/build-os-image-scheduled.yml index 56e65cfdf..c21ed573a 100644 --- a/.github/workflows/build-os-image-scheduled.yml +++ b/.github/workflows/build-os-image-scheduled.yml @@ -12,7 +12,7 @@ on: jobs: stream: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 outputs: stream: ${{ steps.stream.outputs.stream }} steps: @@ -56,7 +56,7 @@ jobs: # On nightly stream only. if: needs.stream.outputs.stream == 'nightly' needs: ["build-image", "stream"] - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 @@ -97,7 +97,7 @@ jobs: run: rm -f internal/attestation/measurements/measurement-generator/generate - name: Create pull request - uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0 + uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 with: branch: "image/automated/update-measurements-${{ github.run_number }}" base: main @@ -117,7 +117,7 @@ jobs: notify-failure: if: failure() needs: [ "stream", "build-image", "update-code" ] - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 diff --git a/.github/workflows/build-os-image.yml b/.github/workflows/build-os-image.yml index 3fec878a9..56472e321 100644 --- a/.github/workflows/build-os-image.yml +++ b/.github/workflows/build-os-image.yml @@ -47,7 +47,7 @@ on: jobs: build-settings: name: "Determine build settings" - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 outputs: ref: ${{ steps.ref.outputs.ref }} stream: ${{ steps.stream.outputs.stream }} diff --git a/.github/workflows/check-links.yml b/.github/workflows/check-links.yml index 6c3d4cbbb..022631ab8 100644 --- a/.github/workflows/check-links.yml +++ b/.github/workflows/check-links.yml @@ -17,7 +17,7 @@ on: jobs: linkChecker: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 @@ -25,7 +25,7 @@ jobs: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Link Checker - uses: lycheeverse/lychee-action@2b973e86fc7b1f6b36a93795fe2c9c6ae1118621 # v1.10.0 + uses: lycheeverse/lychee-action@7da8ec1fc4e01b5a12062ac6c589c10a4ce70d67 # v2.0.0 with: args: "--config ./.lychee.toml './**/*.md' './**/*.html'" fail: true diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 7af6ca82c..8c657a071 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -17,7 +17,7 @@ on: jobs: codeql: name: CodeQL - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 env: # Force CodeQL to run the extraction on the files compiled by our custom # build command, as opposed to letting the autobuilder figure it out. diff --git a/.github/workflows/docs-vale.yml b/.github/workflows/docs-vale.yml index 095cbf9f1..505b29178 100644 --- a/.github/workflows/docs-vale.yml +++ b/.github/workflows/docs-vale.yml @@ -13,7 +13,7 @@ on: jobs: vale: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 diff --git a/.github/workflows/draft-release.yml b/.github/workflows/draft-release.yml index b037e7af0..636ddf347 100644 --- a/.github/workflows/draft-release.yml +++ b/.github/workflows/draft-release.yml @@ -50,7 +50,7 @@ on: jobs: build-cli: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 strategy: fail-fast: false matrix: @@ -110,7 +110,7 @@ jobs: build/constellation-${{ matrix.os }}-${{ matrix.arch }}.exe.sig build-terraform-provider: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 strategy: fail-fast: false matrix: @@ -165,7 +165,7 @@ jobs: build/terraform-provider-constellation-${{ matrix.os }}-${{ matrix.arch }}.exe upload-terraform-module: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Checkout id: checkout @@ -177,7 +177,7 @@ jobs: uses: ./.github/actions/upload_terraform_module push-containers: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 if: inputs.pushContainers permissions: actions: read @@ -208,7 +208,7 @@ jobs: run: bazel run //bazel/release:push provenance-subjects: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: - build-cli - signed-sbom @@ -252,7 +252,7 @@ jobs: echo provenance-subjects="${HASHESB64}" >> "$GITHUB_OUTPUT" signed-sbom: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Checkout id: checkout @@ -321,7 +321,7 @@ jobs: base64-subjects: "${{ needs.provenance-subjects.outputs.provenance-subjects }}" provenance-verify: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 env: SLSA_VERIFIER_VERSION: "2.5.1" needs: @@ -395,7 +395,7 @@ jobs: release: permissions: contents: write - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: - build-cli - provenance diff --git a/.github/workflows/e2e-attestationconfigapi.yml b/.github/workflows/e2e-attestationconfigapi.yml index 70153ec0e..6653ec1f5 100644 --- a/.github/workflows/e2e-attestationconfigapi.yml +++ b/.github/workflows/e2e-attestationconfigapi.yml @@ -18,7 +18,7 @@ jobs: max-parallel: 1 matrix: attestationVariant: ["azure-sev-snp", "azure-tdx", "aws-sev-snp", "gcp-sev-snp"] - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: id-token: write contents: read diff --git a/.github/workflows/e2e-mini.yml b/.github/workflows/e2e-mini.yml index 0b521551c..f333e1ba9 100644 --- a/.github/workflows/e2e-mini.yml +++ b/.github/workflows/e2e-mini.yml @@ -20,7 +20,7 @@ on: jobs: e2e-mini: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 environment: e2e permissions: id-token: write diff --git a/.github/workflows/e2e-test-daily.yml b/.github/workflows/e2e-test-daily.yml index ccac30e5c..a6ac4fa3f 100644 --- a/.github/workflows/e2e-test-daily.yml +++ b/.github/workflows/e2e-test-daily.yml @@ -12,7 +12,7 @@ jobs: matrix: refStream: ["ref/main/stream/debug/?", "ref/release/stream/stable/?"] name: Find latest image - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: id-token: write contents: read @@ -49,7 +49,7 @@ jobs: attestationVariant: ["gcp-sev-es", "gcp-sev-snp", "azure-sev-snp", "azure-tdx", "aws-sev-snp"] refStream: ["ref/main/stream/debug/?", "ref/release/stream/stable/?"] test: ["sonobuoy quick"] - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: id-token: write checks: write @@ -150,7 +150,7 @@ jobs: e2e-mini: name: Run miniconstellation E2E test - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 environment: e2e permissions: id-token: write diff --git a/.github/workflows/e2e-test-provider-example.yml b/.github/workflows/e2e-test-provider-example.yml index 6a66c2016..fffc7f816 100644 --- a/.github/workflows/e2e-test-provider-example.yml +++ b/.github/workflows/e2e-test-provider-example.yml @@ -63,7 +63,7 @@ on: jobs: provider-example-test: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: id-token: write contents: read diff --git a/.github/workflows/e2e-test-weekly.yml b/.github/workflows/e2e-test-weekly.yml index a06a8fc41..29f0f32be 100644 --- a/.github/workflows/e2e-test-weekly.yml +++ b/.github/workflows/e2e-test-weekly.yml @@ -12,7 +12,7 @@ jobs: matrix: refStream: ["ref/main/stream/nightly/?","ref/main/stream/debug/?", "ref/release/stream/stable/?"] name: Find latest image - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: id-token: write contents: read @@ -313,7 +313,7 @@ jobs: kubernetes-version: "v1.29" clusterCreation: "cli" - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: id-token: write checks: write @@ -439,7 +439,7 @@ jobs: e2e-mini: name: Run miniconstellation E2E test - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 environment: e2e permissions: id-token: write diff --git a/.github/workflows/e2e-test.yml b/.github/workflows/e2e-test.yml index 2973b77ff..c06c8eeff 100644 --- a/.github/workflows/e2e-test.yml +++ b/.github/workflows/e2e-test.yml @@ -129,7 +129,7 @@ on: jobs: generate-input-parameters: name: Generate input parameters - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: id-token: write contents: read @@ -165,7 +165,7 @@ jobs: find-latest-image: name: Select image - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: id-token: write contents: read diff --git a/.github/workflows/e2e-upgrade.yml b/.github/workflows/e2e-upgrade.yml index 58a91e626..986bd8726 100644 --- a/.github/workflows/e2e-upgrade.yml +++ b/.github/workflows/e2e-upgrade.yml @@ -98,7 +98,7 @@ on: jobs: generate-input-parameters: name: Generate input parameters - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: id-token: write contents: read @@ -134,7 +134,7 @@ jobs: build-target-cli: name: Build upgrade target version CLI - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: id-token: write checks: write @@ -185,7 +185,7 @@ jobs: create-cluster: name: Create upgrade origin version cluster - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: id-token: write checks: write @@ -271,7 +271,7 @@ jobs: e2e-upgrade: name: Run upgrade test - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: id-token: write checks: write @@ -436,7 +436,7 @@ jobs: clean-up: name: Clean up resources - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: id-token: write checks: write diff --git a/.github/workflows/e2e-windows.yml b/.github/workflows/e2e-windows.yml index 2a7e2b4d9..c24ebba28 100644 --- a/.github/workflows/e2e-windows.yml +++ b/.github/workflows/e2e-windows.yml @@ -13,7 +13,7 @@ on: jobs: build-cli: name: Build Windows CLI - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: id-token: write checks: write @@ -178,7 +178,7 @@ jobs: notify-failure: name: Notify about failure - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: e2e-test if: | failure() && diff --git a/.github/workflows/on-release.yml b/.github/workflows/on-release.yml index abbf75f4b..42e8eaa5a 100644 --- a/.github/workflows/on-release.yml +++ b/.github/workflows/on-release.yml @@ -15,7 +15,7 @@ on: jobs: complete-release-branch-transaction: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: id-token: write contents: write @@ -44,7 +44,7 @@ jobs: git push origin "${WORKING_BRANCH}":"${RELEASE_BRANCH}" update: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 outputs: latest: ${{ steps.input-passthrough.outputs.latest }}${{ steps.check-last-release.outputs.latest }} steps: @@ -117,7 +117,7 @@ jobs: add-image-version-to-versionsapi, add-cli-version-to-versionsapi, ] - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: id-token: write contents: write @@ -131,7 +131,7 @@ jobs: mirror-gcp-mpi: name: "Mirror GCP Marketplace Image" needs: [add-image-version-to-versionsapi] - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: id-token: write contents: read diff --git a/.github/workflows/purge-main.yml b/.github/workflows/purge-main.yml index 20e39e0bf..79d2f537e 100644 --- a/.github/workflows/purge-main.yml +++ b/.github/workflows/purge-main.yml @@ -10,7 +10,7 @@ on: jobs: find-version: name: Delete version from main ref - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 outputs: version: ${{ steps.find.outputs.version }} permissions: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0639dc623..4a4c03d11 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,7 +19,7 @@ concurrency: jobs: verify-inputs: name: Verify inputs - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 env: FULL_VERSION: ${{ inputs.version }} outputs: @@ -74,7 +74,7 @@ jobs: docs: name: Create docs release (from main) - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 if: inputs.kind == 'minor' needs: verify-inputs permissions: @@ -96,7 +96,7 @@ jobs: npm run docusaurus docs:version "${MAJOR_MINOR}" - name: Create docs pull request - uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0 + uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 with: branch: ${{ env.BRANCH }} base: main @@ -114,7 +114,7 @@ jobs: check-working-branch: name: Check temporary working branch - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: verify-inputs permissions: contents: write @@ -152,7 +152,7 @@ jobs: update-versions: name: Update container image versions needs: [verify-inputs, check-working-branch] - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: contents: write packages: read @@ -220,7 +220,7 @@ jobs: needs: [verify-inputs, os-image] permissions: contents: write - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 env: VERSION: ${{ inputs.version }} WITHOUT_V: ${{ needs.verify-inputs.outputs.WITHOUT_V }} diff --git a/.github/workflows/reproducible-builds.yml b/.github/workflows/reproducible-builds.yml index 87e400979..b615d010a 100644 --- a/.github/workflows/reproducible-builds.yml +++ b/.github/workflows/reproducible-builds.yml @@ -132,7 +132,7 @@ jobs: - "cli_enterprise_linux_amd64" - "cli_enterprise_linux_arm64" - "cli_enterprise_windows_amd64" - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: @@ -166,7 +166,7 @@ jobs: - "aws_aws-nitro-tpm_console" - "qemu_qemu-vtpm_debug" - "gcp_gcp-sev-snp_nightly" - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index ac48a3012..0e5f73b36 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -9,7 +9,7 @@ on: jobs: analysis: name: Scorecard analysis - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: # Needed to upload the results to code-scanning dashboard. security-events: write diff --git a/.github/workflows/sync-terraform-docs.yml b/.github/workflows/sync-terraform-docs.yml index 0b065dbee..69993fe2b 100644 --- a/.github/workflows/sync-terraform-docs.yml +++ b/.github/workflows/sync-terraform-docs.yml @@ -40,7 +40,7 @@ jobs: - name: Create pull request id: create-pull-request - uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0 + uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 with: path: terraform-provider-constellation branch: "feat/docs/update" diff --git a/.github/workflows/test-integration.yml b/.github/workflows/test-integration.yml index 0ddbb783e..75d9bec72 100644 --- a/.github/workflows/test-integration.yml +++ b/.github/workflows/test-integration.yml @@ -20,7 +20,7 @@ on: jobs: integration-test: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 env: CTEST_OUTPUT_ON_FAILURE: True steps: diff --git a/.github/workflows/test-operator-codegen.yml b/.github/workflows/test-operator-codegen.yml index fbb05eac8..8e1b326e1 100644 --- a/.github/workflows/test-operator-codegen.yml +++ b/.github/workflows/test-operator-codegen.yml @@ -18,7 +18,7 @@ on: jobs: govulncheck: name: check-codegen - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 diff --git a/.github/workflows/test-tfsec.yml b/.github/workflows/test-tfsec.yml index ba2f16464..3e13b4c45 100644 --- a/.github/workflows/test-tfsec.yml +++ b/.github/workflows/test-tfsec.yml @@ -17,7 +17,7 @@ on: jobs: tfsec: name: tfsec - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: contents: read pull-requests: write diff --git a/.github/workflows/update-rpms.yml b/.github/workflows/update-rpms.yml index c8f77dd89..2f1fcd0a7 100644 --- a/.github/workflows/update-rpms.yml +++ b/.github/workflows/update-rpms.yml @@ -7,7 +7,7 @@ on: jobs: update-rpms: - runs-on: "ubuntu-22.04" + runs-on: "ubuntu-24.04" permissions: id-token: write contents: read @@ -39,7 +39,7 @@ jobs: fi - name: Create pull request - uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0 + uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 with: branch: "image/automated/update-rpms-${{ github.run_number }}" base: main diff --git a/.github/workflows/versionsapi.yml b/.github/workflows/versionsapi.yml index 50a99fed8..0a6373809 100644 --- a/.github/workflows/versionsapi.yml +++ b/.github/workflows/versionsapi.yml @@ -106,7 +106,7 @@ concurrency: jobs: versionsapi: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: id-token: write contents: read From 1561d67a1224d19358c68dc2dba6402c50bb42b6 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Fri, 11 Oct 2024 09:35:11 +0200 Subject: [PATCH 292/380] image: update measurements and image version (#3402) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index 4af277376..2d14f9c18 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x0b, 0x02, 0x5a, 0xaf, 0x3a, 0x99, 0xd5, 0x27, 0x63, 0x18, 0x7c, 0x35, 0x52, 0x70, 0xf2, 0xd4, 0x06, 0x1c, 0x4e, 0xf0, 0x80, 0x70, 0xbb, 0x8e, 0x9e, 0xa9, 0x37, 0x44, 0xb7, 0xec, 0x66, 0x62}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x6d, 0x18, 0x5b, 0x6b, 0x1c, 0x4c, 0x96, 0x0b, 0x94, 0x3c, 0x37, 0x18, 0x41, 0x3b, 0x48, 0x9c, 0x7f, 0x9e, 0x5d, 0x10, 0x90, 0xa3, 0xdd, 0xf3, 0xbf, 0xe3, 0x2f, 0xeb, 0xc4, 0x89, 0x80, 0x68}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa0, 0x1e, 0x46, 0xad, 0x67, 0x3f, 0x3d, 0x46, 0xb6, 0x4a, 0xaa, 0xa8, 0xd4, 0xaf, 0x29, 0x38, 0x69, 0x91, 0xf5, 0xcd, 0xb2, 0x3c, 0xa2, 0x21, 0xfd, 0xe2, 0xe4, 0x9b, 0xbe, 0x0e, 0xe0, 0xda}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x47, 0x90, 0x1f, 0xbd, 0x0a, 0xa6, 0x83, 0xc2, 0x3c, 0x8c, 0xab, 0x2b, 0xa0, 0xf5, 0x96, 0xf4, 0x92, 0x00, 0x3e, 0xa3, 0x53, 0xa4, 0x47, 0x2a, 0x39, 0xd6, 0x62, 0x59, 0x94, 0xe1, 0xbb, 0x6d}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xdc, 0x31, 0x02, 0xb2, 0x73, 0x50, 0x65, 0x71, 0x3e, 0x86, 0x08, 0x47, 0xe9, 0x34, 0x64, 0xea, 0x6b, 0xf6, 0xc5, 0x4c, 0x81, 0xe0, 0x25, 0x80, 0x2d, 0xfe, 0xf4, 0x8e, 0x35, 0xc1, 0xee, 0x6b}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x9e, 0x11, 0xf5, 0x8a, 0x7c, 0xb6, 0x97, 0x6f, 0xdf, 0x68, 0x2d, 0x91, 0x00, 0x40, 0x43, 0x58, 0x75, 0x64, 0x37, 0x6e, 0x84, 0x25, 0x0c, 0xea, 0x98, 0xe6, 0xca, 0xee, 0xbe, 0xb4, 0xad, 0xd1}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x81, 0x0a, 0x42, 0x7c, 0x0a, 0x5e, 0x7c, 0x4d, 0xef, 0x7d, 0xb7, 0x5f, 0x91, 0x8b, 0xea, 0x07, 0x2f, 0x0a, 0xa4, 0x61, 0x2a, 0x43, 0x69, 0x2c, 0xcf, 0xa1, 0x38, 0xa3, 0xa2, 0x18, 0xd6, 0x0f}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x36, 0x4e, 0xf0, 0x1b, 0x1a, 0x9b, 0x04, 0x94, 0x91, 0xf5, 0xec, 0xf1, 0xb6, 0xf0, 0x59, 0xa1, 0x9d, 0x4a, 0xe4, 0x71, 0xfd, 0x71, 0x94, 0xfd, 0x4a, 0x3b, 0x72, 0xd6, 0x3e, 0x54, 0xe5, 0xef}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe5, 0x84, 0x96, 0xb3, 0x33, 0x1f, 0x9d, 0x47, 0x8d, 0x26, 0x76, 0x29, 0x26, 0xf7, 0x3e, 0xaa, 0x5c, 0x9c, 0x77, 0x3c, 0x41, 0xc6, 0x41, 0x39, 0x60, 0xb8, 0xed, 0x57, 0x0d, 0x6e, 0x00, 0xd8}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x1a, 0x58, 0xa6, 0xf5, 0x00, 0x1d, 0xa3, 0xe5, 0xec, 0xc3, 0xa8, 0x26, 0xd9, 0x4d, 0xc5, 0x09, 0xe9, 0x88, 0x65, 0xd8, 0x9c, 0x75, 0x9e, 0xc2, 0xd3, 0x6d, 0x95, 0x34, 0x05, 0xe1, 0x00, 0xa1}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x53, 0x75, 0x48, 0x58, 0x81, 0x19, 0xaa, 0xfd, 0x3d, 0x16, 0xba, 0x4b, 0xd0, 0x70, 0xde, 0x60, 0x72, 0xe9, 0x30, 0xf1, 0xd0, 0x23, 0xe0, 0x79, 0xe1, 0x2c, 0xea, 0x51, 0x4a, 0x32, 0x77, 0x65}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x8c, 0x58, 0xef, 0xa1, 0xae, 0xf2, 0x96, 0x1f, 0x30, 0x6c, 0x4c, 0x0d, 0x9b, 0x1b, 0xbb, 0xb3, 0x97, 0xd7, 0xfa, 0xff, 0x4a, 0xb8, 0x69, 0x14, 0xe3, 0x99, 0x46, 0x5c, 0xaa, 0x0f, 0xa1, 0x04}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xa8, 0xe8, 0xf6, 0xf2, 0x91, 0xa5, 0x18, 0xa6, 0x9f, 0xa9, 0x21, 0x24, 0xb4, 0xcf, 0x70, 0x0d, 0x1c, 0xc0, 0x93, 0xe7, 0x3f, 0xe0, 0xb2, 0x0b, 0xe3, 0xdd, 0x99, 0x1b, 0x58, 0x6b, 0xb5, 0xae}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x02, 0x27, 0x03, 0xe4, 0x76, 0xe9, 0xf8, 0x4c, 0x3b, 0xf3, 0x24, 0xae, 0xac, 0x11, 0x9f, 0xea, 0x2a, 0x14, 0x5b, 0xa3, 0xa4, 0xc3, 0xb3, 0xd7, 0xa5, 0x45, 0xeb, 0xea, 0x0c, 0x63, 0x35, 0xe7}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xc2, 0xe3, 0xc3, 0x9c, 0xdb, 0xc1, 0xc3, 0xbf, 0x03, 0x80, 0x6d, 0x2d, 0xcf, 0x38, 0x9e, 0x82, 0x19, 0x14, 0xed, 0xff, 0x0c, 0x2e, 0x1f, 0x74, 0xba, 0xa2, 0xe6, 0x4d, 0xda, 0x02, 0xc9, 0xf5}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xd7, 0x8c, 0x8a, 0x7c, 0x33, 0x1b, 0x14, 0x85, 0x61, 0xbf, 0xf2, 0x86, 0x8b, 0x4e, 0x5a, 0x9e, 0x3d, 0x4a, 0x4b, 0x0a, 0xe3, 0xe2, 0x66, 0x89, 0x8c, 0x2a, 0x10, 0xaa, 0xb2, 0xca, 0x7a, 0x2d}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x9e, 0x64, 0x16, 0x00, 0x5d, 0x65, 0x36, 0xea, 0x34, 0x98, 0xd9, 0x8f, 0xa9, 0xec, 0x28, 0xf7, 0x4e, 0x35, 0x1d, 0x38, 0x3e, 0xab, 0x13, 0xd8, 0xe7, 0xfb, 0xdd, 0x2b, 0x68, 0xa6, 0xb1, 0x76}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xb6, 0xed, 0x35, 0xba, 0x8a, 0xf8, 0xa8, 0xdb, 0x2b, 0x58, 0x05, 0x60, 0xf2, 0xb9, 0x13, 0xee, 0x3d, 0xc8, 0xe2, 0x72, 0x69, 0xfc, 0xe9, 0x60, 0x0b, 0xbd, 0x0d, 0x75, 0x19, 0x0c, 0x0d, 0xbf}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x7e, 0x4b, 0xd6, 0x61, 0x2e, 0x34, 0x94, 0x25, 0x17, 0x06, 0x12, 0x1b, 0x05, 0x9a, 0x3f, 0x43, 0xf0, 0xc3, 0xc2, 0xf3, 0x23, 0xa5, 0x32, 0xad, 0x49, 0x31, 0x87, 0x95, 0x52, 0x81, 0x9c, 0x0e}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb8, 0xca, 0xc6, 0xa2, 0xc7, 0xe7, 0x5c, 0x86, 0xf0, 0xad, 0xbb, 0x9b, 0xb4, 0x53, 0xb6, 0x54, 0x73, 0xa0, 0x76, 0xee, 0x5b, 0x84, 0xce, 0x9e, 0x96, 0x13, 0x8c, 0x8d, 0x9b, 0x78, 0xf0, 0x34}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xfa, 0xf1, 0x43, 0x98, 0xfe, 0x3d, 0xb9, 0x47, 0xae, 0x34, 0x07, 0x13, 0x0a, 0x42, 0xda, 0xd8, 0xab, 0x25, 0xf6, 0xc7, 0xe1, 0x1a, 0x7b, 0xea, 0x48, 0x2e, 0x04, 0x88, 0xe7, 0xb8, 0xb2, 0xec}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x17, 0xe4, 0xa3, 0xf6, 0x28, 0x7f, 0xed, 0x76, 0xe5, 0xd4, 0xf7, 0x8e, 0xf4, 0x58, 0x6e, 0xf9, 0x65, 0xc7, 0xd8, 0xb4, 0x2e, 0xc0, 0x6d, 0x4e, 0xd0, 0x52, 0x95, 0xe9, 0xd2, 0x3f, 0xee, 0xff}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x9f, 0x3e, 0x84, 0x51, 0x86, 0xab, 0x29, 0x4c, 0x47, 0x8d, 0x0c, 0x3c, 0x34, 0x89, 0xe5, 0x5d, 0x87, 0xb0, 0x5a, 0xd6, 0x78, 0xcc, 0x00, 0x02, 0xfb, 0x73, 0xbf, 0x6a, 0xc0, 0x60, 0xd1, 0x60}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x07, 0xc4, 0x67, 0xb5, 0x43, 0x8c, 0x21, 0x1e, 0x6a, 0xdc, 0x2a, 0xad, 0x84, 0x5c, 0xc9, 0xa3, 0xaa, 0x80, 0x7c, 0x0f, 0xc5, 0xee, 0x59, 0xaf, 0x40, 0xd0, 0x32, 0xee, 0x73, 0x71, 0xc2, 0x5b}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xe1, 0x54, 0x1d, 0xa3, 0x45, 0x64, 0x92, 0x1c, 0xcd, 0x42, 0x45, 0x81, 0x64, 0xa4, 0x03, 0x43, 0x34, 0x04, 0x6f, 0x7d, 0x7f, 0x31, 0x39, 0xc8, 0xca, 0xdd, 0x16, 0xc6, 0x17, 0x31, 0xaa, 0x57}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x7c, 0x8f, 0x0c, 0x9d, 0x69, 0x3e, 0x42, 0xaa, 0x08, 0x08, 0xbf, 0x0b, 0x2f, 0xfc, 0x1f, 0x0b, 0xd7, 0x83, 0x4e, 0x96, 0xb4, 0xcd, 0xce, 0x65, 0x57, 0x9d, 0x7e, 0x44, 0x01, 0x39, 0x50, 0xde}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x39, 0xa8, 0x14, 0x4a, 0xc1, 0xfc, 0x83, 0x8e, 0xd6, 0xa9, 0xa5, 0x64, 0xb9, 0xf5, 0xb9, 0x78, 0x8c, 0x1f, 0x98, 0x64, 0x40, 0x20, 0x8e, 0x99, 0x5a, 0x4a, 0x28, 0x6c, 0xed, 0xac, 0x6e, 0x02}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xc7, 0xb6, 0x0d, 0x48, 0x44, 0xd7, 0x2f, 0x3e, 0x9f, 0x00, 0xd1, 0x01, 0x61, 0x26, 0x95, 0x60, 0xe2, 0x73, 0xbb, 0x8d, 0x2e, 0x76, 0xa2, 0xb6, 0x9c, 0x31, 0xb6, 0xc5, 0x11, 0xd7, 0x57, 0x38}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd8, 0x24, 0x14, 0x85, 0x39, 0x16, 0x20, 0x14, 0x22, 0x50, 0x4a, 0x5f, 0x96, 0x29, 0xfd, 0x36, 0xa9, 0xd7, 0xb1, 0x81, 0xa3, 0x0c, 0x23, 0xd2, 0x7d, 0x68, 0xeb, 0xa4, 0xc9, 0xc2, 0x9c, 0x16}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x83, 0x58, 0x80, 0x54, 0xda, 0x69, 0xc2, 0xa2, 0xf9, 0x69, 0x57, 0xcb, 0xd3, 0x61, 0x1a, 0x9c, 0x93, 0x9c, 0x8d, 0xc1, 0x38, 0x6b, 0x26, 0x03, 0xc5, 0x9b, 0x33, 0xd8, 0x5d, 0xed, 0x19, 0x95}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0x0c, 0xc7, 0x30, 0xbc, 0x93, 0xf2, 0x0c, 0xd2, 0x6b, 0x71, 0xb8, 0x88, 0x5c, 0x79, 0xa7, 0xdb, 0x6e, 0x12, 0xcf, 0x97, 0xdf, 0x0c, 0x0e, 0xe3, 0x19, 0x2b, 0xb7, 0x75, 0xce, 0xea, 0xb9, 0x36}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x6d, 0xa0, 0x09, 0x7a, 0x5d, 0xdc, 0x1a, 0x94, 0xb8, 0x06, 0xa9, 0x68, 0x7b, 0xf6, 0xeb, 0xbd, 0x5e, 0x9a, 0x9d, 0xfd, 0xc6, 0x3c, 0x08, 0xe4, 0x7b, 0x0b, 0x92, 0x25, 0x46, 0xe5, 0x9e, 0x25}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xba, 0xe0, 0xb9, 0x2f, 0xb1, 0xdd, 0x7e, 0xef, 0x45, 0xe2, 0xc1, 0xca, 0x4c, 0xc3, 0x54, 0x1f, 0xd4, 0x03, 0x3d, 0xc5, 0x80, 0xc2, 0x49, 0x09, 0xa0, 0xea, 0x00, 0xc4, 0xb2, 0x01, 0x25, 0xf8}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x10, 0x80, 0x83, 0x7b, 0xfc, 0xdc, 0xc8, 0x28, 0xb6, 0xc6, 0xe4, 0xf1, 0x47, 0x82, 0xb8, 0x3b, 0xa3, 0x70, 0x03, 0x15, 0x70, 0x99, 0xf6, 0x6f, 0x2c, 0x2b, 0x3b, 0x77, 0x86, 0x82, 0x75, 0xc7}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x8c, 0x80, 0xe1, 0xf5, 0xf8, 0x09, 0x3e, 0xec, 0x18, 0x63, 0xaf, 0x26, 0xe4, 0xf8, 0x64, 0x2a, 0x70, 0x2a, 0xb8, 0xe2, 0x4c, 0xe1, 0x88, 0x12, 0x75, 0x43, 0x79, 0x84, 0x80, 0x06, 0xfa, 0xb5}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x98, 0x4d, 0xda, 0xe9, 0x89, 0xdb, 0x9d, 0x44, 0xe1, 0x96, 0xc4, 0x66, 0x75, 0x60, 0x58, 0x9a, 0xd3, 0x06, 0x75, 0x53, 0x2c, 0x3c, 0x10, 0x9e, 0xe4, 0xff, 0x06, 0xfb, 0x4c, 0x83, 0x69, 0x79}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xff, 0x25, 0x76, 0x0d, 0x7e, 0x2e, 0xdb, 0x2a, 0xd3, 0x3c, 0xa5, 0xac, 0xef, 0x48, 0x58, 0xaa, 0xd2, 0xe9, 0xa9, 0x9f, 0x7c, 0xae, 0x40, 0xc3, 0x2e, 0x47, 0x4a, 0x83, 0x42, 0xb1, 0x7a, 0x2c}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x35, 0x8c, 0x7b, 0xa9, 0xfd, 0x5e, 0xeb, 0xb2, 0xf4, 0x08, 0x10, 0xe2, 0x39, 0xf3, 0x02, 0xe8, 0x2d, 0x61, 0xf6, 0xaa, 0x35, 0x11, 0x12, 0xb6, 0x75, 0x86, 0x28, 0xc8, 0xb3, 0x3c, 0xa9, 0x71}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x14, 0xfc, 0xa5, 0xbb, 0xa4, 0x2d, 0xf1, 0xd5, 0xb5, 0x63, 0x2d, 0xe9, 0x29, 0x28, 0x4b, 0x15, 0xce, 0x88, 0x86, 0xe7, 0x94, 0x32, 0xc1, 0x0f, 0x5c, 0x4d, 0xa3, 0xae, 0x94, 0x10, 0x5e, 0xc6}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0xcb, 0xf0, 0x9b, 0x4d, 0x2c, 0xe9, 0x9d, 0xe4, 0x14, 0x27, 0x53, 0x9c, 0xd8, 0x19, 0x62, 0x5b, 0xc9, 0x9c, 0x29, 0x48, 0xf8, 0x5c, 0xe6, 0x9b, 0xd9, 0x8a, 0x7b, 0x28, 0x0c, 0x78, 0x5b, 0xfa}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x49, 0x61, 0x9d, 0x6a, 0x97, 0x12, 0x90, 0xba, 0x2a, 0x2b, 0x43, 0x27, 0x91, 0xe7, 0x45, 0x51, 0xc1, 0xf6, 0xae, 0xa5, 0xa4, 0x7b, 0x7c, 0xcf, 0xba, 0xab, 0x98, 0xea, 0xc3, 0x5a, 0x4d, 0x12}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x5d, 0xf4, 0xd7, 0x09, 0xad, 0xc1, 0x72, 0x72, 0xc7, 0x1a, 0x4b, 0xbd, 0x4d, 0x8b, 0xce, 0xb3, 0x44, 0x3f, 0x82, 0x32, 0x9a, 0xae, 0xbb, 0x9b, 0xa8, 0x06, 0x5e, 0xb6, 0x20, 0x24, 0x3a, 0xfb}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0xc4, 0x42, 0x73, 0xe6, 0x07, 0x64, 0x77, 0x8f, 0x5c, 0x28, 0x40, 0x10, 0x05, 0x7c, 0xd8, 0xe3, 0xb3, 0x7c, 0x9e, 0xa9, 0x59, 0x96, 0x7e, 0xe7, 0xa5, 0x0c, 0xd6, 0x3d, 0xc0, 0xd9, 0xe9, 0x35}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x5e, 0xe4, 0xd7, 0x0d, 0x17, 0x5d, 0xdb, 0x58, 0x15, 0xf3, 0x4a, 0xad, 0x08, 0xb8, 0x13, 0x25, 0x1c, 0xa6, 0x77, 0x93, 0xd6, 0x93, 0xa9, 0xce, 0x5d, 0x25, 0x71, 0x33, 0xdf, 0x71, 0x25, 0xfc}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x90, 0x7f, 0x15, 0x26, 0x05, 0x18, 0xe3, 0xba, 0xd6, 0xce, 0xcd, 0x9b, 0xd3, 0xc4, 0xd0, 0x60, 0xef, 0x83, 0xe5, 0x1d, 0xff, 0x34, 0xf6, 0x53, 0xb3, 0xa8, 0x39, 0x26, 0x25, 0x3c, 0x4e, 0xf0}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0xbf, 0xe7, 0xdb, 0x41, 0xdf, 0xab, 0xcc, 0xac, 0xed, 0x51, 0x12, 0x66, 0x1b, 0xb0, 0xae, 0x36, 0x8a, 0x0f, 0x91, 0xfb, 0xc5, 0x46, 0x31, 0x1e, 0xd6, 0x35, 0xde, 0x00, 0x26, 0x25, 0x0d, 0x63}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb4, 0x83, 0xb2, 0xe1, 0x4d, 0xbd, 0x9d, 0x5c, 0x27, 0x08, 0xe0, 0x53, 0xc1, 0x18, 0x57, 0x31, 0x55, 0xd8, 0xed, 0xc0, 0xa2, 0x6f, 0xe1, 0x34, 0xcd, 0x35, 0x47, 0x2c, 0xa9, 0x93, 0x6b, 0x84}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa1, 0x17, 0x4d, 0x0a, 0xcc, 0xcb, 0x7d, 0x1f, 0xdc, 0x00, 0xa4, 0xc4, 0x57, 0x21, 0x24, 0xf2, 0x29, 0x89, 0xbf, 0x15, 0x35, 0xe5, 0x6c, 0x84, 0x0e, 0xdd, 0x74, 0x06, 0x0a, 0x63, 0xd7, 0x5b}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index b43aa47ca..c560497cc 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.19.0-pre.0.20241008105529-961fabbd1ac0" + defaultImage = "ref/main/stream/nightly/v2.19.0-pre.0.20241009121610-ac26c80a909d" ) From 60dcac1f1bb28459f0c52eb0c74004780710ab2d Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Fri, 11 Oct 2024 15:39:44 +0200 Subject: [PATCH 293/380] ci: ignore GO-2024-3166 in govulncheck (#3404) * ci: ignore GO-2024-3166 in govulncheck --- MODULE.bazel | 1 + bazel/ci/BUILD.bazel | 2 ++ bazel/ci/govulncheck.sh.in | 16 +++++++++++++++- 3 files changed, 18 insertions(+), 1 deletion(-) diff --git a/MODULE.bazel b/MODULE.bazel index 6f1c055a9..8230253f4 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -4,6 +4,7 @@ bazel_dep(name = "aspect_bazel_lib", version = "2.9.0") bazel_lib = use_extension("@aspect_bazel_lib//lib:extensions.bzl", "toolchains") bazel_lib.yq() +use_repo(bazel_lib, "jq_toolchains") use_repo(bazel_lib, "yq_toolchains") bazel_dep(name = "bazel_skylib", version = "1.7.1") diff --git a/bazel/ci/BUILD.bazel b/bazel/ci/BUILD.bazel index 82bf8d187..838beacab 100644 --- a/bazel/ci/BUILD.bazel +++ b/bazel/ci/BUILD.bazel @@ -288,11 +288,13 @@ sh_template( name = "govulncheck", data = [ ":go_bin_for_host", + "@jq_toolchains//:resolved_toolchain", "@org_golang_x_vuln//cmd/govulncheck", ], substitutions = { "@@GO@@": "$(rootpath :go_bin_for_host)", "@@GOVULNCHECK@@": "$(rootpath @org_golang_x_vuln//cmd/govulncheck:govulncheck)", + "@@JQ@@": "$(rootpath @jq_toolchains//:resolved_toolchain)", }, template = "govulncheck.sh.in", ) diff --git a/bazel/ci/govulncheck.sh.in b/bazel/ci/govulncheck.sh.in index 560cc6ace..d3cda88be 100644 --- a/bazel/ci/govulncheck.sh.in +++ b/bazel/ci/govulncheck.sh.in @@ -15,6 +15,8 @@ go=$(realpath @@GO@@) stat "${go}" >> /dev/null govulncheck=$(realpath @@GOVULNCHECK@@) stat "${govulncheck}" >> /dev/null +jq=$(realpath @@JQ@@) +stat "${jq}" >> /dev/null cd "${BUILD_WORKSPACE_DIRECTORY}" @@ -24,6 +26,18 @@ submodules=$(${go} list -f '{{.Dir}}' -m) PATH=$(dirname "${go}"):${PATH} +check_module() { + # shellcheck disable=SC2016 # The $ sign in the single quoted string is correct. + CGO_ENABLED=0 ${govulncheck} -C "$1" -format json "./..." | + "${jq}" -sr ' + (map(select(.osv) | {"key": .osv.id, "value": .osv.summary}) | from_entries) as $osvs | + map(select( .finding and .finding.osv != "GO-2024-3166" ) | .finding | select( .trace[-1].module | startswith("github.com/edgelesssys/") )) | + group_by(.osv) | + map( {"osv": .[0].osv, "summary": $osvs[.[0].osv], "traces": [.[] | [.trace[] | .module]]} ) | + if length > 0 then halt_error(1) else .[] end' + +} + check() { err=0 @@ -31,7 +45,7 @@ check() { for mod in ${submodules}; do echo " ${mod}" echo -n " " - CGO_ENABLED=0 ${govulncheck} -C "${mod}" "./..." || err=$? + check_module "${mod}" done exit "${err}" From a33639a3548b9681863ee15b22f9fcf72dcb3c08 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 11 Oct 2024 16:24:01 +0200 Subject: [PATCH 294/380] deps: update aquasecurity/tfsec to v1.28.11 (#3401) * deps: update aquasecurity/tfsec to v1.28.11 * deps: tidy all modules --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci --- bazel/toolchains/ci_deps.bzl | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/bazel/toolchains/ci_deps.bzl b/bazel/toolchains/ci_deps.bzl index fdb5a1fe2..08a6a41d7 100644 --- a/bazel/toolchains/ci_deps.bzl +++ b/bazel/toolchains/ci_deps.bzl @@ -181,41 +181,41 @@ def _tfsec_deps(): name = "com_github_aquasecurity_tfsec_linux_amd64", build_file_content = """exports_files(["tfsec"], visibility = ["//visibility:public"])""", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/16601d830bf13590cf2e9537e48d1a9c33f87b2f715f46e359f93fc4457320bc", - "https://github.com/aquasecurity/tfsec/releases/download/v1.28.10/tfsec_1.28.10_linux_amd64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/9d783fa225a570f034000136973afba86a1708c919a539b72b3ea954a198289c", + "https://github.com/aquasecurity/tfsec/releases/download/v1.28.11/tfsec_1.28.11_linux_amd64.tar.gz", ], type = "tar.gz", - sha256 = "16601d830bf13590cf2e9537e48d1a9c33f87b2f715f46e359f93fc4457320bc", + sha256 = "9d783fa225a570f034000136973afba86a1708c919a539b72b3ea954a198289c", ) http_archive( name = "com_github_aquasecurity_tfsec_linux_arm64", build_file_content = """exports_files(["tfsec"], visibility = ["//visibility:public"])""", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/2b982c966d23891e5e8d1b3348865fd24b9b0fde68608512dde4a39b00e2fef8", - "https://github.com/aquasecurity/tfsec/releases/download/v1.28.10/tfsec_1.28.10_linux_arm64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/68b5c4f6b7c459dd890ecff94b0732e456ef45974894f58bbb90fbb4816f3e52", + "https://github.com/aquasecurity/tfsec/releases/download/v1.28.11/tfsec_1.28.11_linux_arm64.tar.gz", ], type = "tar.gz", - sha256 = "2b982c966d23891e5e8d1b3348865fd24b9b0fde68608512dde4a39b00e2fef8", + sha256 = "68b5c4f6b7c459dd890ecff94b0732e456ef45974894f58bbb90fbb4816f3e52", ) http_archive( name = "com_github_aquasecurity_tfsec_darwin_amd64", build_file_content = """exports_files(["tfsec"], visibility = ["//visibility:public"])""", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/e337e274e1dd4dfd66d420b508da8338cf4768828f1b24301bea7d847e937e57", - "https://github.com/aquasecurity/tfsec/releases/download/v1.28.10/tfsec_1.28.10_darwin_amd64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/d377597f2fd4e6956bb7beb711d627b0e0204c421c17e2cd062213222c2f3001", + "https://github.com/aquasecurity/tfsec/releases/download/v1.28.11/tfsec_1.28.11_darwin_amd64.tar.gz", ], type = "tar.gz", - sha256 = "e337e274e1dd4dfd66d420b508da8338cf4768828f1b24301bea7d847e937e57", + sha256 = "d377597f2fd4e6956bb7beb711d627b0e0204c421c17e2cd062213222c2f3001", ) http_archive( name = "com_github_aquasecurity_tfsec_darwin_arm64", build_file_content = """exports_files(["tfsec"], visibility = ["//visibility:public"])""", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/b7c68b6cfc618e64335579bcd4c64cf8fc9aea674e466230048160b6fadcfa1e", - "https://github.com/aquasecurity/tfsec/releases/download/v1.28.10/tfsec_1.28.10_darwin_arm64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/14db6b40049226ebc779789196f99eb4977bb93c99fa51c8b72b603e6cdf44e7", + "https://github.com/aquasecurity/tfsec/releases/download/v1.28.11/tfsec_1.28.11_darwin_arm64.tar.gz", ], type = "tar.gz", - sha256 = "b7c68b6cfc618e64335579bcd4c64cf8fc9aea674e466230048160b6fadcfa1e", + sha256 = "14db6b40049226ebc779789196f99eb4977bb93c99fa51c8b72b603e6cdf44e7", ) def _golangci_lint_deps(): From 228aa18a2cf697a3fe4b40a6faa62501843e245c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 11 Oct 2024 16:40:35 +0200 Subject: [PATCH 295/380] deps: update bazel (core) (#3368) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * deps: update bazel (core) * bazel: use non-release rules_nixpkgs * Update bazel module lock file Signed-off-by: Daniel Weiße * bazel: resolve patch conflict after upgrading gazelle The generated BUILD file has changed, so our patch needs to be adapted. * deps: tidy all modules --------- Signed-off-by: Daniel Weiße Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Daniel Weiße Co-authored-by: Markus Rudy Co-authored-by: edgelessci --- .bazelversion | 2 +- .../com_github_google_go_tpm_tools.orig | 6 ++++++ .../com_github_google_go_tpm_tools.patch | 8 ++++++- MODULE.bazel | 4 ++-- MODULE.bazel.lock | 21 ++++++++++--------- bazel/toolchains/nixpkgs_deps.bzl | 8 +++---- 6 files changed, 31 insertions(+), 18 deletions(-) diff --git a/.bazelversion b/.bazelversion index b26a34e47..eab246c06 100644 --- a/.bazelversion +++ b/.bazelversion @@ -1 +1 @@ -7.2.1 +7.3.2 diff --git a/3rdparty/bazel/com_github_google_go_tpm_tools/com_github_google_go_tpm_tools.orig b/3rdparty/bazel/com_github_google_go_tpm_tools/com_github_google_go_tpm_tools.orig index 3fc9a7d32..bb03b408a 100644 --- a/3rdparty/bazel/com_github_google_go_tpm_tools/com_github_google_go_tpm_tools.orig +++ b/3rdparty/bazel/com_github_google_go_tpm_tools/com_github_google_go_tpm_tools.orig @@ -73,9 +73,15 @@ go_library( "@io_bazel_rules_go//go/platform:openbsd": [ "-fstack-protector-all", ], + "@io_bazel_rules_go//go/platform:osx": [ + "-fstack-protector-all", + ], "@io_bazel_rules_go//go/platform:plan9": [ "-fstack-protector-all", ], + "@io_bazel_rules_go//go/platform:qnx": [ + "-fstack-protector-all", + ], "@io_bazel_rules_go//go/platform:solaris": [ "-fstack-protector-all", ], diff --git a/3rdparty/bazel/com_github_google_go_tpm_tools/com_github_google_go_tpm_tools.patch b/3rdparty/bazel/com_github_google_go_tpm_tools/com_github_google_go_tpm_tools.patch index d6d117d8e..ad04c2292 100644 --- a/3rdparty/bazel/com_github_google_go_tpm_tools/com_github_google_go_tpm_tools.patch +++ b/3rdparty/bazel/com_github_google_go_tpm_tools/com_github_google_go_tpm_tools.patch @@ -1,6 +1,6 @@ --- simulator/internal/BUILD.bazel +++ simulator/internal/BUILD.bazel -@@ -4,83 +4,14 @@ +@@ -4,89 +4,14 @@ go_library( name = "internal", srcs = [ "doc.go", @@ -74,9 +74,15 @@ - "@io_bazel_rules_go//go/platform:openbsd": [ - "-fstack-protector-all", - ], +- "@io_bazel_rules_go//go/platform:osx": [ +- "-fstack-protector-all", +- ], - "@io_bazel_rules_go//go/platform:plan9": [ - "-fstack-protector-all", - ], +- "@io_bazel_rules_go//go/platform:qnx": [ +- "-fstack-protector-all", +- ], - "@io_bazel_rules_go//go/platform:solaris": [ - "-fstack-protector-all", - ], diff --git a/MODULE.bazel b/MODULE.bazel index 8230253f4..e9cd64b33 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -8,10 +8,10 @@ use_repo(bazel_lib, "jq_toolchains") use_repo(bazel_lib, "yq_toolchains") bazel_dep(name = "bazel_skylib", version = "1.7.1") -bazel_dep(name = "gazelle", version = "0.38.0") +bazel_dep(name = "gazelle", version = "0.39.1") bazel_dep(name = "hermetic_cc_toolchain", version = "3.1.0") bazel_dep(name = "rules_cc", version = "0.0.10") -bazel_dep(name = "rules_go", version = "0.49.0", repo_name = "io_bazel_rules_go") +bazel_dep(name = "rules_go", version = "0.50.1", repo_name = "io_bazel_rules_go") bazel_dep(name = "rules_pkg", version = "0.10.1") bazel_dep(name = "rules_proto", version = "6.0.2") bazel_dep(name = "rules_python", version = "0.35.0") diff --git a/MODULE.bazel.lock b/MODULE.bazel.lock index 2f977c0fb..1cc983292 100644 --- a/MODULE.bazel.lock +++ b/MODULE.bazel.lock @@ -35,8 +35,8 @@ "https://bcr.bazel.build/modules/gazelle/0.33.0/MODULE.bazel": "a13a0f279b462b784fb8dd52a4074526c4a2afe70e114c7d09066097a46b3350", "https://bcr.bazel.build/modules/gazelle/0.34.0/MODULE.bazel": "abdd8ce4d70978933209db92e436deb3a8b737859e9354fb5fd11fb5c2004c8a", "https://bcr.bazel.build/modules/gazelle/0.36.0/MODULE.bazel": "e375d5d6e9a6ca59b0cb38b0540bc9a05b6aa926d322f2de268ad267a2ee74c0", - "https://bcr.bazel.build/modules/gazelle/0.38.0/MODULE.bazel": "51bb3ca009bc9320492894aece6ba5f50aae68a39fff2567844b77fc12e2d0a5", - "https://bcr.bazel.build/modules/gazelle/0.38.0/source.json": "7fedf9b531bcbbe90b009e4d3aef478a2defb8b8a6e31e931445231e425fc37c", + "https://bcr.bazel.build/modules/gazelle/0.39.1/MODULE.bazel": "1fa3fefad240e535066fd0e6950dfccd627d36dc699ee0034645e51dbde3980f", + "https://bcr.bazel.build/modules/gazelle/0.39.1/source.json": "f2facfa8c8c9a4d2ebf613754023054c2eb793b88675082216c6be0419eb20a1", "https://bcr.bazel.build/modules/googletest/1.11.0/MODULE.bazel": "3a83f095183f66345ca86aa13c58b59f9f94a2f81999c093d4eeaa2d262d12f4", "https://bcr.bazel.build/modules/googletest/1.14.0/MODULE.bazel": "cfbcbf3e6eac06ef9d85900f64424708cc08687d1b527f0ef65aa7517af8118f", "https://bcr.bazel.build/modules/googletest/1.14.0/source.json": "2478949479000fdd7de9a3d0107ba2c85bb5f961c3ecb1aa448f52549ce310b5", @@ -67,14 +67,14 @@ "https://bcr.bazel.build/modules/rules_go/0.41.0/MODULE.bazel": "55861d8e8bb0e62cbd2896f60ff303f62ffcb0eddb74ecb0e5c0cbe36fc292c8", "https://bcr.bazel.build/modules/rules_go/0.42.0/MODULE.bazel": "8cfa875b9aa8c6fce2b2e5925e73c1388173ea3c32a0db4d2b4804b453c14270", "https://bcr.bazel.build/modules/rules_go/0.46.0/MODULE.bazel": "3477df8bdcc49e698b9d25f734c4f3a9f5931ff34ee48a2c662be168f5f2d3fd", - "https://bcr.bazel.build/modules/rules_go/0.47.0/MODULE.bazel": "e425890d2a4d668abc0f59d8388b70bf63ad025edec76a385c35d85882519417", - "https://bcr.bazel.build/modules/rules_go/0.49.0/MODULE.bazel": "61cfc1ba17123356d1b12b6c50f6e0162b2cc7fd6f51753c12471e973a0f72a5", - "https://bcr.bazel.build/modules/rules_go/0.49.0/source.json": "ab2261ea5e29d29a41c8e5c67896f946ab7855b786d28fe25d74987b84e5e85d", + "https://bcr.bazel.build/modules/rules_go/0.50.1/MODULE.bazel": "b91a308dc5782bb0a8021ad4330c81fea5bda77f96b9e4c117b9b9c8f6665ee0", + "https://bcr.bazel.build/modules/rules_go/0.50.1/source.json": "205765fd30216c70321f84c9a967267684bdc74350af3f3c46c857d9f80a4fa2", "https://bcr.bazel.build/modules/rules_java/4.0.0/MODULE.bazel": "5a78a7ae82cd1a33cef56dc578c7d2a46ed0dca12643ee45edbb8417899e6f74", "https://bcr.bazel.build/modules/rules_java/6.3.0/MODULE.bazel": "a97c7678c19f236a956ad260d59c86e10a463badb7eb2eda787490f4c969b963", "https://bcr.bazel.build/modules/rules_java/7.1.0/MODULE.bazel": "30d9135a2b6561c761bd67bd4990da591e6bdc128790ce3e7afd6a3558b2fb64", "https://bcr.bazel.build/modules/rules_java/7.6.1/MODULE.bazel": "2f14b7e8a1aa2f67ae92bc69d1ec0fa8d9f827c4e17ff5e5f02e91caa3b2d0fe", - "https://bcr.bazel.build/modules/rules_java/7.6.1/source.json": "8f3f3076554e1558e8e468b2232991c510ecbcbed9e6f8c06ac31c93bcf38362", + "https://bcr.bazel.build/modules/rules_java/7.6.5/MODULE.bazel": "481164be5e02e4cab6e77a36927683263be56b7e36fef918b458d7a8a1ebadb1", + "https://bcr.bazel.build/modules/rules_java/7.6.5/source.json": "a805b889531d1690e3c72a7a7e47a870d00323186a9904b36af83aa3d053ee8d", "https://bcr.bazel.build/modules/rules_jvm_external/4.4.2/MODULE.bazel": "a56b85e418c83eb1839819f0b515c431010160383306d13ec21959ac412d2fe7", "https://bcr.bazel.build/modules/rules_jvm_external/5.1/MODULE.bazel": "33f6f999e03183f7d088c9be518a63467dfd0be94a11d0055fe2d210f89aa909", "https://bcr.bazel.build/modules/rules_jvm_external/5.2/MODULE.bazel": "d9351ba35217ad0de03816ef3ed63f89d411349353077348a45348b096615036", @@ -82,7 +82,8 @@ "https://bcr.bazel.build/modules/rules_license/0.0.3/MODULE.bazel": "627e9ab0247f7d1e05736b59dbb1b6871373de5ad31c3011880b4133cafd4bd0", "https://bcr.bazel.build/modules/rules_license/0.0.4/MODULE.bazel": "6a88dd22800cf1f9f79ba32cacad0d3a423ed28efa2c2ed5582eaa78dd3ac1e5", "https://bcr.bazel.build/modules/rules_license/0.0.7/MODULE.bazel": "088fbeb0b6a419005b89cf93fe62d9517c0a2b8bb56af3244af65ecfe37e7d5d", - "https://bcr.bazel.build/modules/rules_license/0.0.7/source.json": "355cc5737a0f294e560d52b1b7a6492d4fff2caf0bef1a315df5a298fca2d34a", + "https://bcr.bazel.build/modules/rules_license/1.0.0/MODULE.bazel": "a7fda60eefdf3d8c827262ba499957e4df06f659330bbe6cdbdb975b768bb65c", + "https://bcr.bazel.build/modules/rules_license/1.0.0/source.json": "a52c89e54cc311196e478f8382df91c15f7a2bfdf4c6cd0e2675cc2ff0b56efb", "https://bcr.bazel.build/modules/rules_pkg/0.10.1/MODULE.bazel": "d6e593e048db5f1028f1f05ceb64b123aa6f1c2d43cba049c036443ab2cc2044", "https://bcr.bazel.build/modules/rules_pkg/0.10.1/source.json": "a3550442d1530f00fd2a51036250db1891c8fedfd85991c65a0bd0f6daefe0a3", "https://bcr.bazel.build/modules/rules_pkg/0.7.0/MODULE.bazel": "df99f03fc7934a4737122518bb87e667e62d780b610910f0447665a7e2be62dc", @@ -108,8 +109,8 @@ "https://bcr.bazel.build/modules/upb/0.0.0-20230516-61a97ef/source.json": "b2150404947339e8b947c6b16baa39fa75657f4ddec5e37272c7b11c7ab533bc", "https://bcr.bazel.build/modules/zlib/1.2.11/MODULE.bazel": "07b389abc85fdbca459b69e2ec656ae5622873af3f845e1c9d80fe179f3effa0", "https://bcr.bazel.build/modules/zlib/1.2.12/MODULE.bazel": "3b1a8834ada2a883674be8cbd36ede1b6ec481477ada359cd2d3ddc562340b27", - "https://bcr.bazel.build/modules/zlib/1.3/MODULE.bazel": "6a9c02f19a24dcedb05572b2381446e27c272cd383aed11d41d99da9e3167a72", - "https://bcr.bazel.build/modules/zlib/1.3/source.json": "b6b43d0737af846022636e6e255fd4a96fee0d34f08f3830e6e0bac51465c37c" + "https://bcr.bazel.build/modules/zlib/1.3.1.bcr.3/MODULE.bazel": "af322bc08976524477c79d1e45e241b6efbeb918c497e8840b8ab116802dda79", + "https://bcr.bazel.build/modules/zlib/1.3.1.bcr.3/source.json": "2be409ac3c7601245958cd4fcdff4288be79ed23bd690b4b951f500d54ee6e7d" }, "selectedYankedVersions": {}, "moduleExtensions": { @@ -2090,7 +2091,7 @@ }, "@@rules_python~//python/private/pypi:pip.bzl%pip_internal": { "general": { - "bzlTransitiveDigest": "DOkXZJKMSBhWfnEJAioWcWNMz4ATErhs2R/UydF7P4M=", + "bzlTransitiveDigest": "6N7lP83kwn4rIvijlTp/rJZNsXKtoOwzv38ORMDZG7o=", "usagesDigest": "moHoYY1OP7kHaHHJ5EAvm+zksRZt5n3lvjcOhYhq7uY=", "recordedFileInputs": { "@@rules_python~//tools/publish/requirements.txt": "031e35d03dde03ae6305fe4b3d1f58ad7bdad857379752deede0f93649991b8a", diff --git a/bazel/toolchains/nixpkgs_deps.bzl b/bazel/toolchains/nixpkgs_deps.bzl index a392ef9ba..b080f8aa2 100644 --- a/bazel/toolchains/nixpkgs_deps.bzl +++ b/bazel/toolchains/nixpkgs_deps.bzl @@ -5,11 +5,11 @@ load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") def nixpkgs_deps(): http_archive( name = "io_tweag_rules_nixpkgs", - sha256 = "1adb04dc0416915fef427757f4272c4f7dacefeceeefc50f683aec7f7e9b787a", - strip_prefix = "rules_nixpkgs-0.12.0", + sha256 = "f2c927815c18c088f02ff81caf9903f9c0b2596ac6e6bd40534bc299af9dc0d7", + strip_prefix = "rules_nixpkgs-705ee3b26cf49e990cddbbe6f60510fa46d50904", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/1adb04dc0416915fef427757f4272c4f7dacefeceeefc50f683aec7f7e9b787a", - "https://github.com/tweag/rules_nixpkgs/releases/download/v0.12.0/rules_nixpkgs-0.12.0.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/f2c927815c18c088f02ff81caf9903f9c0b2596ac6e6bd40534bc299af9dc0d7", + "https://github.com/tweag/rules_nixpkgs/archive/705ee3b26cf49e990cddbbe6f60510fa46d50904.tar.gz", ], type = "tar.gz", ) From 1bdc0944ae51f4f6341f9993b85326b849debcd1 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 11 Oct 2024 17:04:08 +0200 Subject: [PATCH 296/380] deps: update K8s constrained Azure versions (#3374) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- internal/versions/versions.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/internal/versions/versions.go b/internal/versions/versions.go index 0621b5d74..8c08a99d6 100644 --- a/internal/versions/versions.go +++ b/internal/versions/versions.go @@ -252,10 +252,10 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ CloudControllerManagerImageAWS: "registry.k8s.io/provider-aws/cloud-controller-manager:v1.28.9@sha256:168905b591796fbd07cb35cd0e3f206fdb7efb30e325c9bf7fa70d1b48989f73", // renovate:container // CloudControllerManagerImageAzure is the CCM image used on Azure. // Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md. - CloudControllerManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.28.12@sha256:5ba85a312fdb6b65d4267a1e42090aaa9ebb69f44858d9f9f806a317a9260530", // renovate:container + CloudControllerManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.28.13@sha256:8b853f4f54a09c363806714189435933a8575ac6dca27e991976bd685603113e", // renovate:container // CloudNodeManagerImageAzure is the cloud-node-manager image used on Azure. // Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md. - CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.28.12@sha256:e4a4ddb678f625399b85f4becff16ef07a06da7f5f4673ca21cfb356c370930d", // renovate:container + CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.28.13@sha256:525ca9c8a44bbdfa9acc0a417776bb822a1bbdaaf27d9776b8dcf5b3519c346a", // renovate:container // CloudControllerManagerImageGCP is the CCM image used on GCP. CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v28.10.0@sha256:f3b6fa7faea27b4a303c91b3bc7ee192b050e21e27579e9f3da90ae4ba38e626", // renovate:container // CloudControllerManagerImageOpenStack is the CCM image used on OpenStack. @@ -319,10 +319,10 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ CloudControllerManagerImageAWS: "registry.k8s.io/provider-aws/cloud-controller-manager:v1.29.6@sha256:8074b8828a33fb273833e8fd374dda6a0ab10335ae8e19684fbd61eeff7d3594", // renovate:container // CloudControllerManagerImageAzure is the CCM image used on Azure. // Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md. - CloudControllerManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.29.10@sha256:2e4d2c0bb15f2987cb7abb52e86c9b62504226fdbf19d5b597ac4707adb52a56", // renovate:container + CloudControllerManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.29.11@sha256:2ecdca660c03b17110a4ee732230424ce0377c5b1756a4408666e40938ee976a", // renovate:container // CloudNodeManagerImageAzure is the cloud-node-manager image used on Azure. // Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md. - CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.29.10@sha256:ef27f4e2c104614fa44265d6e0a193bf1f9b5abda542f5b64efb868d3796ffc8", // renovate:container + CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.29.11@sha256:17888b0ebaec6735214b85d20bdcc8062f051bc27e835454e9ef89734d34aa4b", // renovate:container // CloudControllerManagerImageGCP is the CCM image used on GCP. CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v29.5.1@sha256:ebbc6f5755725b6c2c81ca1d1580e2feba83572c41608b739c50f85b2e5de936", // renovate:container // CloudControllerManagerImageOpenStack is the CCM image used on OpenStack. @@ -386,10 +386,10 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ CloudControllerManagerImageAWS: "registry.k8s.io/provider-aws/cloud-controller-manager:v1.30.3@sha256:30a1758dec30814178c787e2d50f46bb141e9f0bb2e16190ddd19df15f957874", // renovate:container // CloudControllerManagerImageAzure is the CCM image used on Azure. // Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md. - CloudControllerManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.30.6@sha256:4cbf44b038ff426dccb457b160f7c675d736a062ec9e729996c568bf3d252c67", // renovate:container + CloudControllerManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager:v1.30.7@sha256:03b2876f481507781a27b56a6e66c1928b7b93774e787e52a5239aefa41191e4", // renovate:container // CloudNodeManagerImageAzure is the cloud-node-manager image used on Azure. // Check for newer versions at https://github.com/kubernetes-sigs/cloud-provider-azure/blob/master/README.md. - CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.30.6@sha256:89ea8b66d026fe313f7f5781d1be6c44bf2c345ead89b8fe256c2bfab47304d1", // renovate:container + CloudNodeManagerImageAzure: "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.30.7@sha256:f18feb78e36eef88f0e23d98d798476d2bf6837de11892fe118ab043afdcd497", // renovate:container // CloudControllerManagerImageGCP is the CCM image used on GCP. CloudControllerManagerImageGCP: "ghcr.io/edgelesssys/cloud-provider-gcp:v30.1.0@sha256:64d2d5d4d2b5fb426c307c64ada9a61b64e797b56d9768363f145f2bd957998f", // renovate:container // CloudControllerManagerImageOpenStack is the CCM image used on OpenStack. From 96d98aa136903d99deb373f4303937149818e07a Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Fri, 11 Oct 2024 17:04:35 +0200 Subject: [PATCH 297/380] CODEOWNERS: move ownership of Helm charts to burgerdev (#3400) --- CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CODEOWNERS b/CODEOWNERS index 6b0679389..fd7e2d8a0 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -34,7 +34,7 @@ /internal/compatibility @derpsteb /internal/config @derpsteb /internal/constellation/featureset @thomasten -/internal/constellation/helm @derpsteb +/internal/constellation/helm @burgerdev /internal/constellation/kubecmd @daniel-weisse /internal/constellation/state @elchead /internal/containerimage @burgerdev From 810f86582df2acd91988cec92655627ada9a2a29 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 11 Oct 2024 19:23:31 +0200 Subject: [PATCH 298/380] deps: update Kubernetes versions (#3358) * deps: update Kubernetes versions * e2e: run vale with python venv --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Markus Rudy --- .github/workflows/docs-vale.yml | 6 +- docs/docs/architecture/versions.md | 6 +- internal/versions/versions.go | 66 +++++++++---------- .../docs/resources/cluster.md | 2 +- 4 files changed, 42 insertions(+), 38 deletions(-) diff --git a/.github/workflows/docs-vale.yml b/.github/workflows/docs-vale.yml index 505b29178..a1cfc4cbd 100644 --- a/.github/workflows/docs-vale.yml +++ b/.github/workflows/docs-vale.yml @@ -19,7 +19,11 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - + # Work around https://github.com/errata-ai/vale-action/issues/128. + - run: | + venv="$HOME/.local/share/venv" + python3 -m venv "$venv" + echo "$venv/bin" >> "$GITHUB_PATH" - name: Vale uses: errata-ai/vale-action@91ac403e8d26f5aa1b3feaa86ca63065936a85b6 # tag=reviewdog with: diff --git a/docs/docs/architecture/versions.md b/docs/docs/architecture/versions.md index 30d9d28e2..6127bfb0c 100644 --- a/docs/docs/architecture/versions.md +++ b/docs/docs/architecture/versions.md @@ -16,6 +16,6 @@ Subsequent Constellation releases drop support for the oldest (and deprecated) K The following Kubernetes versions are currently supported: -* v1.28.13 -* v1.29.8 -* v1.30.4 +* v1.28.14 +* v1.29.9 +* v1.30.5 diff --git a/internal/versions/versions.go b/internal/versions/versions.go index 8c08a99d6..149a5b0b5 100644 --- a/internal/versions/versions.go +++ b/internal/versions/versions.go @@ -181,11 +181,11 @@ const ( // currently supported versions. //nolint:revive - V1_28 ValidK8sVersion = "v1.28.13" // renovate:kubernetes-release + V1_28 ValidK8sVersion = "v1.28.14" // renovate:kubernetes-release //nolint:revive - V1_29 ValidK8sVersion = "v1.29.8" // renovate:kubernetes-release + V1_29 ValidK8sVersion = "v1.29.9" // renovate:kubernetes-release //nolint:revive - V1_30 ValidK8sVersion = "v1.30.4" // renovate:kubernetes-release + V1_30 ValidK8sVersion = "v1.30.5" // renovate:kubernetes-release // Default k8s version deployed by Constellation. Default ValidK8sVersion = V1_29 @@ -198,7 +198,7 @@ const ( // VersionConfigs holds download URLs for all required kubernetes components for every supported version. var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ V1_28: { - ClusterVersion: "v1.28.13", // renovate:kubernetes-release + ClusterVersion: "v1.28.14", // renovate:kubernetes-release KubernetesComponents: components.Components{ { Url: "https://github.com/containernetworking/plugins/releases/download/v1.4.0/cni-plugins-linux-amd64-v1.4.0.tgz", // renovate:cni-plugins-release @@ -213,33 +213,33 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ Extract: true, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.28.13/bin/linux/amd64/kubelet", // renovate:kubernetes-release - Hash: "sha256:9b9cc3a19551ade6f3d98ad3acf0a2b65a27ef575bd089f115f8bb80791f3900", + Url: "https://dl.k8s.io/v1.28.14/bin/linux/amd64/kubelet", // renovate:kubernetes-release + Hash: "sha256:783b94ac980e9813626c51b0bc92b0b25bc8a61eec447b1c48aa5eaba1016b5f", InstallPath: constants.KubeletPath, Extract: false, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.28.13/bin/linux/amd64/kubeadm", // renovate:kubernetes-release - Hash: "sha256:f23e9586811312998bc5e8847f6df52fc04809aed8c2c2fd750f2c42b3f87192", + Url: "https://dl.k8s.io/v1.28.14/bin/linux/amd64/kubeadm", // renovate:kubernetes-release + Hash: "sha256:2fd2f8269a3baa8248f598cfbea8d2234291726fd534d17211b55a1ffb6b8c9b", InstallPath: constants.KubeadmPath, Extract: false, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.28.13/bin/linux/amd64/kubectl", // renovate:kubernetes-release - Hash: "sha256:d7d363dd5a4c95444329bc5239b8718ebe84a043052958b2f15ee2feef9a28c6", + Url: "https://dl.k8s.io/v1.28.14/bin/linux/amd64/kubectl", // renovate:kubernetes-release + Hash: "sha256:e1e8c08f7fc0b47e5d89422e573c3a2e658d95f1ee0c7ea6c8cb38f37140e607", InstallPath: constants.KubectlPath, Extract: false, }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjI4LjEzQHNoYTI1Njo3ZDJjOTI1NmFkNTc2YTBiMzc0NWI3NDllZmU3ZjRmYThiMjc2ZWM3ZWY0NDhmYzBmNDU3OTRjYTc4ZWI4NjI1In1d", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjI4LjE0QHNoYTI1NjpkYWEyNTI3YjlhMzlkZjA3OGFmN2JjZGRjZjk2YTM2OTdjYWI0YjNkNTdlYmRkNGU0ZTFiODAwZmEzNzczMGZiIn1d", InstallPath: patchFilePath("kube-apiserver"), }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjI4LjEzQHNoYTI1NjplN2I0NGMxNzQxZmUxODAyZDE1OWZmZGJkMGQxZjc4ZDQ4YTQxODVkN2ZiMWNkZjhhMTEyZmJiNTA2OTZmN2UxIn1d", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjI4LjE0QHNoYTI1NjoxZWE4NjcwYmRhYTc3MTY1MmNhNjBmNzc2NzJmYmYxOWI5ZGVlMGJkZmNmY2Q0MzgxMjg2YWY2M2JlYTlmMzcwIn1d", InstallPath: patchFilePath("kube-controller-manager"), }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjI4LjEzQHNoYTI1NjplZmViNzkxNzE4ZjRiOWM2MmJkNjgzZjViNDAzZGE1MjBmMzY1MWNiMzZhZDlmODAwZTBmOThiNTk1YmVhZmE0In1d", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjI4LjE0QHNoYTI1NjpiODc3ZjgzMzJiNDY4MzQ0ZGNiOWE1NWE4YzhiMzliMGJlODkxMDQyNWMzMDUxYWExYWZlOGQ1MWY3ZWQ5OWVkIn1d", InstallPath: patchFilePath("kube-scheduler"), }, { @@ -265,7 +265,7 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.28.6@sha256:acfc7fe7543f4cf2fcf8156145925bee76eb6c602bb0b8e155456c6818fe8335", // renovate:container }, V1_29: { - ClusterVersion: "v1.29.8", // renovate:kubernetes-release + ClusterVersion: "v1.29.9", // renovate:kubernetes-release KubernetesComponents: components.Components{ { Url: "https://github.com/containernetworking/plugins/releases/download/v1.4.0/cni-plugins-linux-amd64-v1.4.0.tgz", // renovate:cni-plugins-release @@ -280,33 +280,33 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ Extract: true, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.29.8/bin/linux/amd64/kubelet", // renovate:kubernetes-release - Hash: "sha256:df6e130928403af8b4f49f1197e26f2873a147cd0e23aa6597a26c982c652ae0", + Url: "https://dl.k8s.io/v1.29.9/bin/linux/amd64/kubelet", // renovate:kubernetes-release + Hash: "sha256:1bf6e9e9a5612ea4f6e1a8f541a08be93fdf144b1430147de6916dae363c34a2", InstallPath: constants.KubeletPath, Extract: false, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.29.8/bin/linux/amd64/kubeadm", // renovate:kubernetes-release - Hash: "sha256:fe054355e0ae8dc35d868a3d3bc408ccdff0969c20bf7a231ae9b71484e41be3", + Url: "https://dl.k8s.io/v1.29.9/bin/linux/amd64/kubeadm", // renovate:kubernetes-release + Hash: "sha256:e313046d79c3f78d487804fc32248c0575af129bc8a31bca74b191efa036e0b1", InstallPath: constants.KubeadmPath, Extract: false, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.29.8/bin/linux/amd64/kubectl", // renovate:kubernetes-release - Hash: "sha256:038454e0d79748aab41668f44ca6e4ac8affd1895a94f592b9739a0ae2a5f06a", + Url: "https://dl.k8s.io/v1.29.9/bin/linux/amd64/kubectl", // renovate:kubernetes-release + Hash: "sha256:7b0de2466458cc3c12cf8742dc800c77d4fa72e831aa522df65e510d33b329e2", InstallPath: constants.KubectlPath, Extract: false, }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjI5LjhAc2hhMjU2OjZmNzJmYTkyNmM5YjA1ZTEwNjI5ZmUxYTA5MmZkMjhkY2Q2NWI0ZmRmZDBjYzdiZDU1Zjg1YTU3YTZiYTFmYTUifV0=", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjI5LjlAc2hhMjU2OmI4ODUzOGU3ZmRmNzM1ODNjODY3MDU0MGVlYzViMzYyMGFmNzVjOWVjMjAwNDM0YTU4MTVlZTdmYmE1MDIxZjMifV0=", InstallPath: patchFilePath("kube-apiserver"), }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjI5LjhAc2hhMjU2OjZmMjdkNjNkZWQyMDYxNGM2ODU1NGI0NzdjZDdhNzhlZGE3OGE0OThhOTJiZmU4OTM1Y2Y5NjRjYTViNzRkMGIifV0=", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjI5LjlAc2hhMjU2OmYyZjE4OTczY2NiNjk5NjY4N2QxMGJhNWJkMWI4ZjMwM2UzZGQyZmVkODBmODMxYTQ0ZDJhYzgxOTFlNWJiOWIifV0=", InstallPath: patchFilePath("kube-controller-manager"), }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjI5LjhAc2hhMjU2OmRhNzRhNjY2NzVkOTVlMzllYzI1ZGE1ZTcwNzI5ZGE3NDZkMGZhMGIxNWVlMGRhODcyYWM5ODA1MTliYzI4YmQifV0=", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjI5LjlAc2hhMjU2OjljMTY0MDc2ZWViYWVmZGFlYmFkNDZhNWNjZDU1MGU5ZjM4YzYzNTg4YzAyZDM1MTYzYzZhMDllMTY0YWI4YTgifV0=", InstallPath: patchFilePath("kube-scheduler"), }, { @@ -332,7 +332,7 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ ClusterAutoscalerImage: "registry.k8s.io/autoscaling/cluster-autoscaler:v1.29.4@sha256:786728c85787a58c6376b47d2e22cc04db3ecfdd73a52b5b9be20fd869abce2f", // renovate:container }, V1_30: { - ClusterVersion: "v1.30.4", // renovate:kubernetes-release + ClusterVersion: "v1.30.5", // renovate:kubernetes-release KubernetesComponents: components.Components{ { Url: "https://github.com/containernetworking/plugins/releases/download/v1.4.0/cni-plugins-linux-amd64-v1.4.0.tgz", // renovate:cni-plugins-release @@ -347,33 +347,33 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ Extract: true, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.30.4/bin/linux/amd64/kubelet", // renovate:kubernetes-release - Hash: "sha256:0c02c0f997b3e9769eae7ca051856054411fca947b3d5409d991ce1964dd0e69", + Url: "https://dl.k8s.io/v1.30.5/bin/linux/amd64/kubelet", // renovate:kubernetes-release + Hash: "sha256:9b4b8f8b33c988372cc9c67791418028ca2cef4a4b4b8d98ab67d6f21275a11a", InstallPath: constants.KubeletPath, Extract: false, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.30.4/bin/linux/amd64/kubeadm", // renovate:kubernetes-release - Hash: "sha256:6c6053fb8b31030ef7fffe146eb29489f7bf53d7a5ca10e0b10c907bf4b7e281", + Url: "https://dl.k8s.io/v1.30.5/bin/linux/amd64/kubeadm", // renovate:kubernetes-release + Hash: "sha256:b91e32e527d3941369cee016fccb6cb12cd214a120a81d8c5f84c7cbc9e120b2", InstallPath: constants.KubeadmPath, Extract: false, }, { - Url: "https://storage.googleapis.com/kubernetes-release/release/v1.30.4/bin/linux/amd64/kubectl", // renovate:kubernetes-release - Hash: "sha256:2ffd023712bbc1a9390dbd8c0c15201c165a69d394787ef03eda3eccb4b9ac06", + Url: "https://dl.k8s.io/v1.30.5/bin/linux/amd64/kubectl", // renovate:kubernetes-release + Hash: "sha256:b8aa921a580c3d8ba473236815de5ce5173d6fbfa2ccff453fa5eef46cc5ee7a", InstallPath: constants.KubectlPath, Extract: false, }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjMwLjRAc2hhMjU2OjdiMGM0YTk1OWFhZWU1NjYwZTEyMzQ0NTJkYzMxMjMzMTAyMzFiOWY5MmQyOWViZDE3NWM4NmRjOWY3OTdlZTcifV0=", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtYXBpc2VydmVyOnYxLjMwLjVAc2hhMjU2Ojc3NDZlYTU1YWQ3NGUyNGI4ZWRlYmI1M2ZiOTc5ZmZlODAyZTJiYzQ3ZTNiN2ExMmM4ZTFiMDk2MWQyNzNlZDIifV0=", InstallPath: patchFilePath("kube-apiserver"), }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjMwLjRAc2hhMjU2Ojk5MmNjY2JmNjUyZmE5NTFjMWEzZDQxYjBjMTAzM2FlMGJmNjRmMzNkYTAzZDUwMzk1MjgyYzU1MTkwMGFmOWUifV0=", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjMwLjVAc2hhMjU2OmJiZDE1ZDI2NzI5NGEyMmEyMGJmOTJhNzdiM2ZmMGUxZGI3Y2ZiMmNlNzY5OTFkYTJhYWEwM2QwOWRiM2I2NDUifV0=", InstallPath: patchFilePath("kube-controller-manager"), }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjMwLjRAc2hhMjU2OjM3ZWFlZWU1YmNhOGRhMzRhZDNkMzZlMzc1ODZkZDI5ZjVlZGIxZTI5MjdlNzY0NGRmYjExM2U3MDA2MmJkYTgifV0=", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2t1YmUtc2NoZWR1bGVyOnYxLjMwLjVAc2hhMjU2OjYyYzkxNzU2YTNjOWI1MzVlZjk3NjU1YTViY2NhMDVlNjdlNzViNTc4Zjc3ZmM5MDdkODU5OWExOTU5NDZlZTkifV0=", InstallPath: patchFilePath("kube-scheduler"), }, { diff --git a/terraform-provider-constellation/docs/resources/cluster.md b/terraform-provider-constellation/docs/resources/cluster.md index 542200750..556622f4b 100644 --- a/terraform-provider-constellation/docs/resources/cluster.md +++ b/terraform-provider-constellation/docs/resources/cluster.md @@ -69,7 +69,7 @@ resource "constellation_cluster" "azure_example" { See the [full list of CSPs](https://docs.edgeless.systems/constellation/overview/clouds) that Constellation supports. - `image` (Attributes) Constellation OS Image to use on the nodes. (see [below for nested schema](#nestedatt--image)) - `init_secret` (String) Secret used for initialization of the cluster. -- `kubernetes_version` (String) The Kubernetes version to use for the cluster. The supported versions are [v1.28.13 v1.29.8 v1.30.4]. +- `kubernetes_version` (String) The Kubernetes version to use for the cluster. The supported versions are [v1.28.14 v1.29.9 v1.30.5]. - `master_secret` (String) Hex-encoded 32-byte master secret for the cluster. - `master_secret_salt` (String) Hex-encoded 32-byte master secret salt for the cluster. - `measurement_salt` (String) Hex-encoded 32-byte measurement salt for the cluster. From 47b2f59b7d409b4aa0c86c99326bbb6550ee9875 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Mon, 14 Oct 2024 08:25:05 +0200 Subject: [PATCH 299/380] image: update locked rpms (#3410) Co-authored-by: edgelessci --- image/mirror/SHA256SUMS | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/image/mirror/SHA256SUMS b/image/mirror/SHA256SUMS index 59dab7346..b73a832f8 100644 --- a/image/mirror/SHA256SUMS +++ b/image/mirror/SHA256SUMS @@ -18,15 +18,15 @@ adf4b75cdd9fae9d2d37fb71d9f0bf625a6705c0f0a7784569ab21463fe22152 conntrack-tool fa073cc08e035fab231c2e9aa3116468e75f5056c169d5b095f3ee2956123d95 container-selinux-2.233.0-1.fc40.noarch.rpm bbe29e0c7b4ca076d50b4ac3954eb383459230d96b13f353ee71ebd5de33b6d1 containerd-1.6.23-5.fc40.x86_64.rpm 25fffa3b5f1b0b2349fd6f8f6ccb6e84936c50eeb8d4a292bcc2b74895fa7fcc containernetworking-plugins-1.4.0-4.fc40.x86_64.rpm -44a10b26336b2163b9ece94ee9627cccf4d638081a1f6aa469a54628706a0580 containers-common-0.60.2-2.fc40.noarch.rpm -a2771b9e7ab7736c08dea207288aca37bda211634a4d16da3bf1c1e10942eb90 containers-common-extra-0.60.2-2.fc40.noarch.rpm +c56018c36c0f58495546985c96e4f2ac90f22dfd37b4f448c172556f979ccfde containers-common-0.60.4-1.fc40.noarch.rpm +dfe13a75b49ed7240d4039bc8d20f07550ced58e81ebcc9e303aa553e30cb50d containers-common-extra-0.60.4-1.fc40.noarch.rpm e74a792e74d8467510b859d16927bc951484bee8d3a141795e7dc8cc1b34c183 coreutils-single-9.4-8.fc40.x86_64.rpm d941a78ffb6e2e0b4c24d0097d0351ced8796edde90208b4bddee459bce0a949 cpio-2.15-1.fc40.x86_64.rpm faa23cb6a7a612c0a6e874c788c5add967c5e193bd38c2e6093b82b38a162f81 cracklib-2.9.11-5.fc40.i686.rpm ea1f43ef9a4b02a9c66726ee386f090145696fb93dff80d593ac82126f8037ec cracklib-2.9.11-5.fc40.x86_64.rpm fe24641e69545c428890a4b094f015c03f65a6c30c3db7bb0de7672bab66bfd6 cracklib-dicts-2.9.11-5.fc40.x86_64.rpm -e4407cbfeb01494457e941a56971ec3aefbd35206792918d60fc9417acacd1a8 criu-3.19-4.fc40.x86_64.rpm -6dd4fe61a462d20fd6fc07ecf8bf47198cc24733d82fe0e46ed4d5f988dffef4 criu-libs-3.19-4.fc40.x86_64.rpm +f3f3e5f6a1c1bee67c0c6598a48143c36827f90a095897d649580a174468cdbc criu-4.0-1.fc40.x86_64.rpm +bbdb6014e2bd87db1bb2d4795a57cbb08bfdb03777c2b9730a3f45f7977fc4c9 criu-libs-4.0-1.fc40.x86_64.rpm 23cf494259d04acbfc40fb5ac0654d0dc1d79713ad2f232ffd4b81f68b693fe8 crun-1.17-1.fc40.x86_64.rpm 2469a287d9fe6ea5f4aa0686fa5f223c14505218743230afbd322fdd90b1d396 crypto-policies-20240725-1.git28d3e2d.fc40.noarch.rpm 8271834b39fd9a7efef95f9bf40337cc636d55a9c4b56ee2500811b318794ae3 crypto-policies-scripts-20240725-1.git28d3e2d.fc40.noarch.rpm @@ -57,7 +57,7 @@ de10b1728571d2976e2f0f4cc5067d4575a5e97ec3914c57af537846ccaec753 elfutils-debug c1eca14924981b987f9b17c01a97511d641f49ac6b2b0f2d8e83563343932302 elfutils-libelf-0.191-4.fc40.x86_64.rpm 393c5920c3b69834e5a75b05f48f04e696f509cb52c8055e686e63e677342547 elfutils-libs-0.191-4.fc40.i686.rpm d7d1ed3fca0696b8c38effe21bc70c84a94cb66c0b59bb1980c0f455d23b7fec elfutils-libs-0.191-4.fc40.x86_64.rpm -46faf7414373116864994d8e6877e00a799226e60bb685e073b398074ec7dc49 ethtool-6.10-1.fc40.x86_64.rpm +95cf8ee199b2e1b3471f920ebad57d3d8178f5e68d37ee35a8a94727473ec8d3 ethtool-6.11-1.fc40.x86_64.rpm 3a5ba168021a01107d6dd4dc7cffe8bb5553c64f236c436979b9fddfdc4cb59d expat-2.6.3-1.fc40.x86_64.rpm 849feb04544096f9bbe16bc78c2198708fe658bdafa08575c911e538a7d31c18 fedora-gpg-keys-40-2.noarch.rpm bd62f80ae7dc50c20b0633d86f1c4a9f205f7df13c8ee1a5d5f624872c29271e fedora-release-40-39.noarch.rpm @@ -126,8 +126,8 @@ e131ab89604dbd4fdc4f80af632099e48bf68bb328dbf0e7dcbef1d1e134dc09 libassuan-2.5. 649cceb60f2e284f8d5dadeec4af8e7035650fe0e5aa75c552354b3fa5708cfe libb2-0.98.1-11.fc40.x86_64.rpm 46e35f0fcf3c5ac842c4fd7ba63c0106b73fa2250a9ae1f8e92c53d552201d7f libblkid-2.40-0.9.rc1.fc40.i686.rpm f4278c28f2bb21b0c24a5975384a5ccfc0934504d8a7c036ca1346b7683e1b5c libblkid-2.40-0.9.rc1.fc40.x86_64.rpm -688ef20e1e1fd0e3884c9f0070a3251636a81e08d299b13609dfb4152434b5da libblkid-2.40.1-1.fc40.i686.rpm -0870933f0565a25e0cbf5246dd754722f5df9946f4f5c09cf420e85cc1a1e4fb libblkid-2.40.1-1.fc40.x86_64.rpm +c0f6262d325a8a0609935abcb922033c6e56d6b6e5096ba8fbb9c972817e27d9 libblkid-2.40.2-1.fc40.i686.rpm +b506de64d63262d9d957a75fdf2282d82b1e4978cebbdfc191ef93bba37e3b7c libblkid-2.40.2-1.fc40.x86_64.rpm d8fab37e62c441e5d35421086a20923ff15561ad28c858cfb670b7c095106dee libbpf-1.2.3-1.fc40.i686.rpm fca2d942f6264b630b33991e48dcb605543a4c837371f28f92994bf956677f24 libbpf-1.2.3-1.fc40.x86_64.rpm 97e9e5339bb0ca6ce3d0195c8ebe48384bcfc087ee6bc7a35b1d27d4de23fbfa libbrotli-1.1.0-3.fc40.x86_64.rpm @@ -147,8 +147,8 @@ b003de79beac86385d212fce137417439e8ec7cb863115d560e02834c84efd1e libedit-3.1-53 c4adcee5dd9e22ea50d6c318ac4936a8df708121741958ce5aa8f038c46c61a9 libevent-2.1.12-12.fc40.x86_64.rpm a1ba3045c99ef1b266383f0801731a68f9e0cb069a6c808267ad33b759381907 libfdisk-2.40-0.9.rc1.fc40.i686.rpm 17f02ca51b90580887d739f52b995034e0929fc6bcd92be308554a2f5337bbe4 libfdisk-2.40-0.9.rc1.fc40.x86_64.rpm -c8b9967345ed0393c17101b970bb86258380494d99edf07787bc32ee4de96a7b libfdisk-2.40.1-1.fc40.i686.rpm -2481691bd2ee6aab48b1a0306357337007b2b0af082e4fdef47dcc5a8a8357be libfdisk-2.40.1-1.fc40.x86_64.rpm +34db4e48052a47e1c6f445dec3edbdb279890ae24c5ecfa44e8a19fdee0a99a2 libfdisk-2.40.2-1.fc40.i686.rpm +aa6a51bbe265bb3d3a50c37557f6513d51298301e4957ce4484e56feb837fa32 libfdisk-2.40.2-1.fc40.x86_64.rpm 25caa7ee56f6013369c2fac26afd3035a7d580af0b919621ba8d495d13a5af86 libffi-3.4.4-7.fc40.x86_64.rpm f9c5369b6d168a2b8e46159bc41ef0755ee1a8d12f4c6766fdfe23e827cf5cdf libfido2-1.14.0-4.fc40.x86_64.rpm 460a36745833f629ac1f5d232ec0daec092b7cb654a4bf3e4fde7c693fea9fbb libgcc-14.2.1-3.fc40.i686.rpm @@ -166,8 +166,8 @@ d5d9c95e38aeb8c852cda4516057d86a5fec2485cb3413067d625059a4d97b30 libmd-1.1.0-4. 7b307e95fb7584889d35108de86ebfa34d0aea6eabb5a68d574647f83f25ed77 libmnl-1.0.5-5.fc40.x86_64.rpm 4aa44fc80c1d3e3496a406740b9ae3ada3df28b37fecc611e44183f542758f76 libmount-2.40-0.9.rc1.fc40.i686.rpm c5231753426984926daba70cc61d20e777048e91167f2e3c217e21e9205573a6 libmount-2.40-0.9.rc1.fc40.x86_64.rpm -f5946a9bd8432cba1475e4fafedc2ab3493c1c9e02a062a605c9d4add001ebbb libmount-2.40.1-1.fc40.i686.rpm -2589c1e241991dbefd89188aabd9b1f99c277bfee30c300a185633df3caa7913 libmount-2.40.1-1.fc40.x86_64.rpm +76ae4cbab05343ba545c2c3898153493f0663a2f6ff382df464cebe9d260bab4 libmount-2.40.2-1.fc40.i686.rpm +a695daa293bb78b033a2629f5af1284fe212b748227e94efa59a8292eb6b9f40 libmount-2.40.2-1.fc40.x86_64.rpm 157c1256a9529dea2215f6c77f40647baf19c6f8ac6058934c0f2a593f436c4d libnet-1.3-3.fc40.x86_64.rpm a2d50812dec895ba654fc424a458e99ceb81423046ad870ffabfef3081382ef6 libnetfilter_conntrack-1.0.9-5.fc40.x86_64.rpm 3de45cea1d877e58f1a8fadb3902e585c070bfd2813bb107145a2f28a2e6edb3 libnetfilter_cthelper-1.0.0-27.fc40.x86_64.rpm @@ -194,7 +194,7 @@ a4cd1c54d0f8b543ffa7cc6ce366a6a3f233e084f2e52ea07a70da6127347b8e libsepol-3.7-2 85cbaeca877a166cda9637a8ea0d43dd63488fdcc250fe564696cf8beaf8913f libsepol-3.7-2.fc40.x86_64.rpm 716b91d85eb887fe10db607608294475289b9e9fc4d51fbddcf24046ea016147 libsmartcols-2.40-0.9.rc1.fc40.i686.rpm 34111597814e385c8c1cdd48ff72c4ed64e7e6ed9bd6660bb2bfda6aebdb3200 libsmartcols-2.40-0.9.rc1.fc40.x86_64.rpm -302124d98a491472ec0982b89afbf576922d6921a89dda479d354e6582566f0e libsmartcols-2.40.1-1.fc40.x86_64.rpm +e9c3e9e3458af7a2f9b5cd6bc45020bb7f2c6cfbd0429b0b1853928bd3e02004 libsmartcols-2.40.2-1.fc40.x86_64.rpm 45d032fb4d59ee0f6a921dd1f0addfcdd38fc46917243fdd6248194ffddb9067 libsodium-1.0.20-1.fc40.x86_64.rpm c8bbfa2762cc601f8a97d8d5a39a658f0e91ba477ebebd798b30f7fc8ffdd457 libss-1.47.0-5.fc40.x86_64.rpm 89e7282e0a94d641871dfed423ba2ce6f8b088eaf9aabdea1805708bcafa6a01 libstdc++-14.2.1-3.fc40.x86_64.rpm @@ -209,8 +209,8 @@ e541a1c8397dccf159b3602eb6bbb381ba21c544db337a3b3bfc49ccc2ef5c21 libunistring-1 0093a8d3f490fbbbc71b01e0c8f9b083040dbf7513be31a91a0769d846198c1b libutempter-1.2.1-13.fc40.x86_64.rpm 5aaa12bba361ae29b2a6b35c4b21da935423bc2ad763eaa8267008c7a533cb3c libuuid-2.40-0.9.rc1.fc40.i686.rpm 18ae5558dd719fcc92bd4d2c7c73c6a093af82a35c67444ccc9cdf4b3dce1824 libuuid-2.40-0.9.rc1.fc40.x86_64.rpm -66f09c3f1128b27e4bef6b095f6d4de6cc85e5c83b22aa867b522069e10f82eb libuuid-2.40.1-1.fc40.i686.rpm -833153a38690923cfdfb9645061ea48249bacb33449c819dd340a0a8424cac98 libuuid-2.40.1-1.fc40.x86_64.rpm +7273be2566ee7c865ca3154715e2f7fa938e852bc6114af9cb8530fa88d833ca libuuid-2.40.2-1.fc40.i686.rpm +b6db3e72ae6575127216145c1f65414ea94acd9db26d08c5081cb5d786101c1f libuuid-2.40.2-1.fc40.x86_64.rpm bea578631618692ba5e302beadfdf6d5894e23e5bddaea4b4fca2f377dd1aaac libverto-0.3.2-8.fc40.i686.rpm fadf7dd93c5eee57ba78e0628bf041dbd2ea037ace52f0a5cbac55b363234d27 libverto-0.3.2-8.fc40.x86_64.rpm 2e2ab8784cce3e877f87977f651a046faa2121d716d06daa510981f7d946dba2 libxcrypt-4.4.36-5.fc40.i686.rpm @@ -229,7 +229,7 @@ f5f022440c4340b5e7fb1c1dbc382e6b0fd57030b3ff056940f2bb3d254408ec lz4-libs-1.9.4 03fbefea8c8d8465cf1caf66870fb935292ee18b4ca341853b5576ca9c7801eb mokutil-0.7.1-1.fc40.x86_64.rpm 0a3a3fc2471d2d64cbc85f4b23c93620df6eeee814851a2b69fc5ddf75406b56 mpdecimal-2.5.1-9.fc40.x86_64.rpm bc873693a8b8423d7f82e329abe207c9160a4c746fea9a32ef2a6ae8c912f227 mpfr-4.2.1-4.fc40.x86_64.rpm -cf424c4b9fc38fe40418f77d1b61f4c4d73a8a697aeace2ac86f6a5d34971a0e mtools-4.0.44-1.fc40.x86_64.rpm +a02bb93695bf3bf945441fc1d72d864ec537d0440d7f41ad06d24a002801d6b6 mtools-4.0.45-1.fc40.x86_64.rpm 7dfae7d898dfc40f3fe1fc66104cf31e434e866fec4d4944b55952d7f2f16657 nano-7.2-7.fc40.x86_64.rpm b404c27af03bb1e43fb0dc472d5a1fa152e0563fa2e4eefa29199c47578a829b nano-default-editor-7.2-7.fc40.noarch.rpm 8a93376ce7423bd1a649a13f4b5105f270b4603f5cf3b3e230bdbda7f25dd788 ncurses-base-6.4-12.20240127.fc40.noarch.rpm @@ -307,8 +307,8 @@ d400a4e4440bea56566fb1e9582d86d1ac2e07745d37fa6e71f43a8fea05217c rpm-plugin-sel 63af9d11e956f54577a54460afda4377d78fdb9e265b1eae3f0f7a6f94f70146 runc-1.1.12-3.fc40.x86_64.rpm 5dbd069183076ed8048c839c31f713c0f6080fb9ebfdda92ac550030688e811b sbsigntools-0.9.5-6.fc40.x86_64.rpm 6a21b2c132a54fd6d9acb846d0a96289ab739b745cdc4c2b31bdbf6b2434a1a7 sed-4.9-1.fc40.x86_64.rpm -f2edc048484f98d9c52136539ff4720e124ded9619a54e97740bf69491bfc05c selinux-policy-40.27-1.fc40.noarch.rpm -65f63b667d43d687921b77b77833500ee6a7bf9c9bf6358ba6e73b4091b80c9d selinux-policy-targeted-40.27-1.fc40.noarch.rpm +696ffbc06ad87337390176888362d7ccbc867d4ecfc6b7040da10bba53d58ba9 selinux-policy-40.28-1.fc40.noarch.rpm +50fae290496e90d47b4ca6a86e97db4ca39d5d4ba324555fc72eda1b9090db35 selinux-policy-targeted-40.28-1.fc40.noarch.rpm 89862f646cd64e81497f01a8b69ab30ac8968c47afef92a2c333608fdb90ccc1 setup-2.14.5-2.fc40.noarch.rpm 95a0cce33e56359aa09507abfed062fb47a554307b0a029e6d2f076b813ae8d2 shadow-utils-4.15.1-3.fc40.x86_64.rpm 0c1072b40e5fe451e7d2bc1a7530e743303591c3d26bce0ac2e09ff05b50ae26 shadow-utils-subid-4.15.1-3.fc40.x86_64.rpm @@ -332,9 +332,9 @@ c3be8a6d0ea23b1d0bf466b19857b97f7ffde811ad7adec0599161059d84cc74 tpm2-tss-4.1.3 9fc3b3f602c81bdb5e1daa4a7f9a254d35481bd1186ac0b01fbb0c3243440ca8 unbound-anchor-1.21.1-3.fc40.x86_64.rpm 1432f6a67a9400d10b09b5eee96c6fbf89b8bef99cc7e1abc6d885cf69a61fb2 unbound-libs-1.21.1-3.fc40.x86_64.rpm 36ffa617a0dfe523424a28290241a81cd51f7d82e776e58131f16d092d49797b util-linux-2.40-0.9.rc1.fc40.i686.rpm -41b777c50f1ec74795551c7d930a3d6eceab278ff03608893a5dbd49f2de5363 util-linux-2.40.1-1.fc40.x86_64.rpm +945aa536bc30050abc1870cef167cb944cf78d6628923476db43201a0054574b util-linux-2.40.2-1.fc40.x86_64.rpm 7ec1b5df780c5a30f8e901179480125a6ea87f1f7bad3b69da7f4b351b88c3dd util-linux-core-2.40-0.9.rc1.fc40.x86_64.rpm -a00108f45cd60afffb9c1b5db8bef9c6fd5b3c233a546dde787efa5b4485e5b6 util-linux-core-2.40.1-1.fc40.x86_64.rpm +b1aa4e816c01c08c18924865640f214f717cdfc66837e53a24b8edfb80a86f9d util-linux-core-2.40.2-1.fc40.x86_64.rpm 245d6685d2a70e2b8556a689c8b8643886dfcccaf5b1ba7de22d6e0e70733f8d vim-common-9.1.719-1.fc40.x86_64.rpm 58916eeba8db00df5544001510343dcad1b65cdbba8570af7d2265f24adea958 vim-data-9.1.719-1.fc40.noarch.rpm 7e831338b3b095a2d6056c965549f991b3f4cf52b713d96a16859ae5bb78fca9 vim-enhanced-9.1.719-1.fc40.x86_64.rpm From 2006c0eb049d2f7f221cfbcfaa75f86367f57f7e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 14 Oct 2024 08:29:24 +0200 Subject: [PATCH 300/380] deps: update rhysd/actionlint to v1.7.3 (#3406) * deps: update rhysd/actionlint to v1.7.3 * deps: tidy all modules --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci --- bazel/toolchains/ci_deps.bzl | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/bazel/toolchains/ci_deps.bzl b/bazel/toolchains/ci_deps.bzl index 08a6a41d7..c12431b05 100644 --- a/bazel/toolchains/ci_deps.bzl +++ b/bazel/toolchains/ci_deps.bzl @@ -97,41 +97,41 @@ def _actionlint_deps(): name = "com_github_rhysd_actionlint_linux_amd64", build_file_content = """exports_files(["actionlint"], visibility = ["//visibility:public"])""", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/f53c34493657dfea83b657e4b62cc68c25fbc383dff64c8d581613b037aacaa3", - "https://github.com/rhysd/actionlint/releases/download/v1.7.1/actionlint_1.7.1_linux_amd64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/37252b4d440b56374b0fc1726e05fd7452d30d6d774f6e9b52e65bb64475f9db", + "https://github.com/rhysd/actionlint/releases/download/v1.7.3/actionlint_1.7.3_linux_amd64.tar.gz", ], type = "tar.gz", - sha256 = "f53c34493657dfea83b657e4b62cc68c25fbc383dff64c8d581613b037aacaa3", + sha256 = "37252b4d440b56374b0fc1726e05fd7452d30d6d774f6e9b52e65bb64475f9db", ) http_archive( name = "com_github_rhysd_actionlint_linux_arm64", build_file_content = """exports_files(["actionlint"], visibility = ["//visibility:public"])""", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/21a20f38b19dc962d89e17fe1c6f116199e9e0d343ab33361868def14cc220fc", - "https://github.com/rhysd/actionlint/releases/download/v1.7.1/actionlint_1.7.1_linux_arm64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/5fd82142c39208bfdc51b929ff9bd84c38bcc10b4362ef2261a5d70d38e68e05", + "https://github.com/rhysd/actionlint/releases/download/v1.7.3/actionlint_1.7.3_linux_arm64.tar.gz", ], type = "tar.gz", - sha256 = "21a20f38b19dc962d89e17fe1c6f116199e9e0d343ab33361868def14cc220fc", + sha256 = "5fd82142c39208bfdc51b929ff9bd84c38bcc10b4362ef2261a5d70d38e68e05", ) http_archive( name = "com_github_rhysd_actionlint_darwin_amd64", build_file_content = """exports_files(["actionlint"], visibility = ["//visibility:public"])""", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/ee24184e2e7003c19eb739717b34b7c65d096f2ca0df8d571837b4f20112d573", - "https://github.com/rhysd/actionlint/releases/download/v1.7.1/actionlint_1.7.1_darwin_amd64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/33e960b719c87ecc0c807cf4945fd4078980cd2e626b27ded0e9551c757fa8f6", + "https://github.com/rhysd/actionlint/releases/download/v1.7.3/actionlint_1.7.3_darwin_amd64.tar.gz", ], type = "tar.gz", - sha256 = "ee24184e2e7003c19eb739717b34b7c65d096f2ca0df8d571837b4f20112d573", + sha256 = "33e960b719c87ecc0c807cf4945fd4078980cd2e626b27ded0e9551c757fa8f6", ) http_archive( name = "com_github_rhysd_actionlint_darwin_arm64", build_file_content = """exports_files(["actionlint"], visibility = ["//visibility:public"])""", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/a72f66f28a4cc294670abb7a5e3392033700e00cc6a385c32fb769971b71ec9f", - "https://github.com/rhysd/actionlint/releases/download/v1.7.1/actionlint_1.7.1_darwin_arm64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/b4e8dab8dda48eceff6afea67d0fe4a14b8d4ea7191cf233c1e1af8a62f37c24", + "https://github.com/rhysd/actionlint/releases/download/v1.7.3/actionlint_1.7.3_darwin_arm64.tar.gz", ], type = "tar.gz", - sha256 = "a72f66f28a4cc294670abb7a5e3392033700e00cc6a385c32fb769971b71ec9f", + sha256 = "b4e8dab8dda48eceff6afea67d0fe4a14b8d4ea7191cf233c1e1af8a62f37c24", ) def _gofumpt_deps(): From 898c37be2a3b8fa0dcf82d40e4e688fcb8e211d8 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 14 Oct 2024 08:29:37 +0200 Subject: [PATCH 301/380] deps: update bazel (modules) (#3405) * deps: update bazel (modules) * deps: tidy all modules --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci --- MODULE.bazel | 8 +- MODULE.bazel.lock | 138 +++--------------- bootstrapper/initproto/init.pb.go | 2 +- debugd/service/debugd.pb.go | 2 +- disk-mapper/recoverproto/recover.pb.go | 2 +- internal/versions/components/components.pb.go | 2 +- joinservice/joinproto/join.pb.go | 2 +- keyservice/keyserviceproto/keyservice.pb.go | 2 +- upgrade-agent/upgradeproto/upgrade.pb.go | 2 +- verify/verifyproto/verify.pb.go | 2 +- 10 files changed, 33 insertions(+), 129 deletions(-) diff --git a/MODULE.bazel b/MODULE.bazel index e9cd64b33..7714ff4d6 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -1,6 +1,6 @@ module(name = "constellation") -bazel_dep(name = "aspect_bazel_lib", version = "2.9.0") +bazel_dep(name = "aspect_bazel_lib", version = "2.9.1") bazel_lib = use_extension("@aspect_bazel_lib//lib:extensions.bzl", "toolchains") bazel_lib.yq() @@ -9,12 +9,12 @@ use_repo(bazel_lib, "yq_toolchains") bazel_dep(name = "bazel_skylib", version = "1.7.1") bazel_dep(name = "gazelle", version = "0.39.1") -bazel_dep(name = "hermetic_cc_toolchain", version = "3.1.0") -bazel_dep(name = "rules_cc", version = "0.0.10") +bazel_dep(name = "hermetic_cc_toolchain", version = "3.1.1") +bazel_dep(name = "rules_cc", version = "0.0.13") bazel_dep(name = "rules_go", version = "0.50.1", repo_name = "io_bazel_rules_go") bazel_dep(name = "rules_pkg", version = "0.10.1") bazel_dep(name = "rules_proto", version = "6.0.2") -bazel_dep(name = "rules_python", version = "0.35.0") +bazel_dep(name = "rules_python", version = "0.36.0") bazel_dep(name = "buildifier_prebuilt", version = "6.4.0", dev_dependency = True) diff --git a/MODULE.bazel.lock b/MODULE.bazel.lock index 1cc983292..e5c3033fc 100644 --- a/MODULE.bazel.lock +++ b/MODULE.bazel.lock @@ -9,8 +9,8 @@ "https://bcr.bazel.build/modules/abseil-cpp/20230802.0.bcr.1/source.json": "14892cc698e02ffedf4967546e6bedb7245015906888d3465fcf27c90a26da10", "https://bcr.bazel.build/modules/apple_support/1.5.0/MODULE.bazel": "50341a62efbc483e8a2a6aec30994a58749bd7b885e18dd96aa8c33031e558ef", "https://bcr.bazel.build/modules/apple_support/1.5.0/source.json": "eb98a7627c0bc486b57f598ad8da50f6625d974c8f723e9ea71bd39f709c9862", - "https://bcr.bazel.build/modules/aspect_bazel_lib/2.9.0/MODULE.bazel": "3d2ebf65f610a34f1c105c6060cf95737f5a660f8b298eb69d5ecbceb1092421", - "https://bcr.bazel.build/modules/aspect_bazel_lib/2.9.0/source.json": "ab3d44179bb682fdb921ebcb78490a32f1c8df46504816777ae5b7cf629de3d3", + "https://bcr.bazel.build/modules/aspect_bazel_lib/2.9.1/MODULE.bazel": "39517c00a97118e7924786cd9b6fde80016386dee741d40fd9497b80d93c9b54", + "https://bcr.bazel.build/modules/aspect_bazel_lib/2.9.1/source.json": "5c98d61e7ed023a391c83e22e0a1c3576b84de57e75403f47fabc3ff62d05db4", "https://bcr.bazel.build/modules/bazel_features/1.1.0/MODULE.bazel": "cfd42ff3b815a5f39554d97182657f8c4b9719568eb7fded2b9135f084bf760b", "https://bcr.bazel.build/modules/bazel_features/1.1.1/MODULE.bazel": "27b8c79ef57efe08efccbd9dd6ef70d61b4798320b8d3c134fd571f78963dbcd", "https://bcr.bazel.build/modules/bazel_features/1.11.0/MODULE.bazel": "f9382337dd5a474c3b7d334c2f83e50b6eaedc284253334cf823044a26de03e8", @@ -40,8 +40,10 @@ "https://bcr.bazel.build/modules/googletest/1.11.0/MODULE.bazel": "3a83f095183f66345ca86aa13c58b59f9f94a2f81999c093d4eeaa2d262d12f4", "https://bcr.bazel.build/modules/googletest/1.14.0/MODULE.bazel": "cfbcbf3e6eac06ef9d85900f64424708cc08687d1b527f0ef65aa7517af8118f", "https://bcr.bazel.build/modules/googletest/1.14.0/source.json": "2478949479000fdd7de9a3d0107ba2c85bb5f961c3ecb1aa448f52549ce310b5", - "https://bcr.bazel.build/modules/hermetic_cc_toolchain/3.1.0/MODULE.bazel": "ea4b3a25a9417a7db57a8a2f9ebdee91d679823c6274b482b817ed128d81c594", - "https://bcr.bazel.build/modules/hermetic_cc_toolchain/3.1.0/source.json": "9d1df0459caefdf41052d360469922a73e219f67c8ce4da0628cc604469822b9", + "https://bcr.bazel.build/modules/hermetic_cc_toolchain/3.1.1/MODULE.bazel": "164331a6e73093376a19eaa1eae45a94aad3245e9e79d8f31237f4a8eb6c1c41", + "https://bcr.bazel.build/modules/hermetic_cc_toolchain/3.1.1/source.json": "a2f67694b91ae575e2715fa2c5745c8c9879e7132852ef45c05b4e25a0d3b423", + "https://bcr.bazel.build/modules/jsoncpp/1.9.5/MODULE.bazel": "31271aedc59e815656f5736f282bb7509a97c7ecb43e927ac1a37966e0578075", + "https://bcr.bazel.build/modules/jsoncpp/1.9.5/source.json": "4108ee5085dd2885a341c7fab149429db457b3169b86eb081fa245eadf69169d", "https://bcr.bazel.build/modules/platforms/0.0.10/MODULE.bazel": "8cb8efaf200bdeb2150d93e162c40f388529a25852b332cec879373771e48ed5", "https://bcr.bazel.build/modules/platforms/0.0.10/source.json": "f22828ff4cf021a6b577f1bf6341cb9dcd7965092a439f64fc1bb3b7a5ae4bd5", "https://bcr.bazel.build/modules/platforms/0.0.4/MODULE.bazel": "9b328e31ee156f53f3c416a64f8491f7eb731742655a47c9eec4703a71644aee", @@ -53,13 +55,14 @@ "https://bcr.bazel.build/modules/protobuf/21.7/MODULE.bazel": "a5a29bb89544f9b97edce05642fac225a808b5b7be74038ea3640fae2f8e66a7", "https://bcr.bazel.build/modules/protobuf/23.1/MODULE.bazel": "88b393b3eb4101d18129e5db51847cd40a5517a53e81216144a8c32dfeeca52a", "https://bcr.bazel.build/modules/protobuf/24.4/MODULE.bazel": "7bc7ce5f2abf36b3b7b7c8218d3acdebb9426aeb35c2257c96445756f970eb12", - "https://bcr.bazel.build/modules/protobuf/24.4/source.json": "ace4b8c65d4cfe64efe544f09fc5e5df77faf3a67fbb29c5341e0d755d9b15d6", + "https://bcr.bazel.build/modules/protobuf/27.0/MODULE.bazel": "7873b60be88844a0a1d8f80b9d5d20cfbd8495a689b8763e76c6372998d3f64c", + "https://bcr.bazel.build/modules/protobuf/27.0/source.json": "1acf3d080c728d42f423fde5422fd0a1a24f44c15908124ce12363a253384193", "https://bcr.bazel.build/modules/protobuf/3.19.0/MODULE.bazel": "6b5fbb433f760a99a22b18b6850ed5784ef0e9928a72668b66e4d7ccd47db9b0", "https://bcr.bazel.build/modules/protobuf/3.19.2/MODULE.bazel": "532ffe5f2186b69fdde039efe6df13ba726ff338c6bc82275ad433013fa10573", "https://bcr.bazel.build/modules/protobuf/3.19.6/MODULE.bazel": "9233edc5e1f2ee276a60de3eaa47ac4132302ef9643238f23128fea53ea12858", "https://bcr.bazel.build/modules/rules_cc/0.0.1/MODULE.bazel": "cb2aa0747f84c6c3a78dad4e2049c154f08ab9d166b1273835a8174940365647", - "https://bcr.bazel.build/modules/rules_cc/0.0.10/MODULE.bazel": "ec1705118f7eaedd6e118508d3d26deba2a4e76476ada7e0e3965211be012002", - "https://bcr.bazel.build/modules/rules_cc/0.0.10/source.json": "90310b16e0e7df0cf40f8d1dccd7d373360f42419a6bfbbf5bb013182dd70e84", + "https://bcr.bazel.build/modules/rules_cc/0.0.13/MODULE.bazel": "0e8529ed7b323dad0775ff924d2ae5af7640b23553dfcd4d34344c7e7a867191", + "https://bcr.bazel.build/modules/rules_cc/0.0.13/source.json": "506daed7caa38451517166af246c11650b21a7244c2b79f2cd43a27fae792a06", "https://bcr.bazel.build/modules/rules_cc/0.0.2/MODULE.bazel": "6915987c90970493ab97393024c156ea8fb9f3bea953b2f3ec05c34f19b5695c", "https://bcr.bazel.build/modules/rules_cc/0.0.6/MODULE.bazel": "abf360251023dfe3efcef65ab9d56beefa8394d4176dd29529750e1c57eaa33f", "https://bcr.bazel.build/modules/rules_cc/0.0.8/MODULE.bazel": "964c85c82cfeb6f3855e6a07054fdb159aced38e99a5eecf7bce9d53990afa3e", @@ -70,9 +73,9 @@ "https://bcr.bazel.build/modules/rules_go/0.50.1/MODULE.bazel": "b91a308dc5782bb0a8021ad4330c81fea5bda77f96b9e4c117b9b9c8f6665ee0", "https://bcr.bazel.build/modules/rules_go/0.50.1/source.json": "205765fd30216c70321f84c9a967267684bdc74350af3f3c46c857d9f80a4fa2", "https://bcr.bazel.build/modules/rules_java/4.0.0/MODULE.bazel": "5a78a7ae82cd1a33cef56dc578c7d2a46ed0dca12643ee45edbb8417899e6f74", + "https://bcr.bazel.build/modules/rules_java/5.3.5/MODULE.bazel": "a4ec4f2db570171e3e5eb753276ee4b389bae16b96207e9d3230895c99644b86", "https://bcr.bazel.build/modules/rules_java/6.3.0/MODULE.bazel": "a97c7678c19f236a956ad260d59c86e10a463badb7eb2eda787490f4c969b963", "https://bcr.bazel.build/modules/rules_java/7.1.0/MODULE.bazel": "30d9135a2b6561c761bd67bd4990da591e6bdc128790ce3e7afd6a3558b2fb64", - "https://bcr.bazel.build/modules/rules_java/7.6.1/MODULE.bazel": "2f14b7e8a1aa2f67ae92bc69d1ec0fa8d9f827c4e17ff5e5f02e91caa3b2d0fe", "https://bcr.bazel.build/modules/rules_java/7.6.5/MODULE.bazel": "481164be5e02e4cab6e77a36927683263be56b7e36fef918b458d7a8a1ebadb1", "https://bcr.bazel.build/modules/rules_java/7.6.5/source.json": "a805b889531d1690e3c72a7a7e47a870d00323186a9904b36af83aa3d053ee8d", "https://bcr.bazel.build/modules/rules_jvm_external/4.4.2/MODULE.bazel": "a56b85e418c83eb1839819f0b515c431010160383306d13ec21959ac412d2fe7", @@ -96,17 +99,15 @@ "https://bcr.bazel.build/modules/rules_python/0.10.2/MODULE.bazel": "cc82bc96f2997baa545ab3ce73f196d040ffb8756fd2d66125a530031cd90e5f", "https://bcr.bazel.build/modules/rules_python/0.22.1/MODULE.bazel": "26114f0c0b5e93018c0c066d6673f1a2c3737c7e90af95eff30cfee38d0bbac7", "https://bcr.bazel.build/modules/rules_python/0.24.0/MODULE.bazel": "4bff7f583653d0762cda21303da0643cc4c545ddfd9593337f18dad8d1787801", - "https://bcr.bazel.build/modules/rules_python/0.35.0/MODULE.bazel": "c3657951764cdcdb5a7370d5e885fad5e8c1583320aad18d46f9f110d2c22755", - "https://bcr.bazel.build/modules/rules_python/0.35.0/source.json": "8fd2681b96184fa441f07f7d58462361366c216ce920f6c3e3c42c27e02c3931", + "https://bcr.bazel.build/modules/rules_python/0.36.0/MODULE.bazel": "a4ce1ccea92b9106c7d16ab9ee51c6183107e78ba4a37aa65055227b80cd480c", + "https://bcr.bazel.build/modules/rules_python/0.36.0/source.json": "b79cbb7b2ae1751949e2f6ee6692822e4ffd13ca1e959ce99abec4ac7666162a", "https://bcr.bazel.build/modules/rules_python/0.4.0/MODULE.bazel": "9208ee05fd48bf09ac60ed269791cf17fb343db56c8226a720fbb1cdf467166c", "https://bcr.bazel.build/modules/stardoc/0.5.1/MODULE.bazel": "1a05d92974d0c122f5ccf09291442580317cdd859f07a8655f1db9a60374f9f8", "https://bcr.bazel.build/modules/stardoc/0.5.3/MODULE.bazel": "c7f6948dae6999bf0db32c1858ae345f112cacf98f174c7a8bb707e41b974f1c", "https://bcr.bazel.build/modules/stardoc/0.6.2/MODULE.bazel": "7060193196395f5dd668eda046ccbeacebfd98efc77fed418dbe2b82ffaa39fd", - "https://bcr.bazel.build/modules/stardoc/0.7.0/MODULE.bazel": "05e3d6d30c099b6770e97da986c53bd31844d7f13d41412480ea265ac9e8079c", - "https://bcr.bazel.build/modules/stardoc/0.7.0/source.json": "e3c524bf2ef20992539ce2bc4a2243f4853130209ee831689983e28d05769099", + "https://bcr.bazel.build/modules/stardoc/0.6.2/source.json": "d2ff8063b63b4a85e65fe595c4290f99717434fa9f95b4748a79a7d04dfed349", "https://bcr.bazel.build/modules/upb/0.0.0-20220923-a547704/MODULE.bazel": "7298990c00040a0e2f121f6c32544bab27d4452f80d9ce51349b1a28f3005c43", "https://bcr.bazel.build/modules/upb/0.0.0-20230516-61a97ef/MODULE.bazel": "c0df5e35ad55e264160417fd0875932ee3c9dda63d9fccace35ac62f45e1b6f9", - "https://bcr.bazel.build/modules/upb/0.0.0-20230516-61a97ef/source.json": "b2150404947339e8b947c6b16baa39fa75657f4ddec5e37272c7b11c7ab533bc", "https://bcr.bazel.build/modules/zlib/1.2.11/MODULE.bazel": "07b389abc85fdbca459b69e2ec656ae5622873af3f845e1c9d80fe179f3effa0", "https://bcr.bazel.build/modules/zlib/1.2.12/MODULE.bazel": "3b1a8834ada2a883674be8cbd36ede1b6ec481477ada359cd2d3ddc562340b27", "https://bcr.bazel.build/modules/zlib/1.3.1.bcr.3/MODULE.bazel": "af322bc08976524477c79d1e45e241b6efbeb918c497e8840b8ab116802dda79", @@ -144,8 +145,8 @@ }, "@@aspect_bazel_lib~//lib:extensions.bzl%toolchains": { "general": { - "bzlTransitiveDigest": "w/CHOzFR7H7jxnYVn2nZCc5t8JsSe8erirmxjfrhtlI=", - "usagesDigest": "HQqVKxWf/TFIAHRREB4grJcVvLyM7Y55mQZT9A/mAms=", + "bzlTransitiveDigest": "yyY+Nqn2Av7FUwQTgny5DHp29J+m79HFU9SzEcD/xrU=", + "usagesDigest": "XZr2pcdE0zJUlhdsIIrP/CtOyKxqYeuN3dVk8N/a5q8=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, @@ -762,7 +763,7 @@ "@@hermetic_cc_toolchain~//toolchain:ext.bzl%toolchains": { "general": { "bzlTransitiveDigest": "L0EDVXQ1bqh5CxjodeVieW+SjWsjwxFXYEKhUNgMY50=", - "usagesDigest": "UH6NB9tDyOrI8KyqcUtzxHIXcRl+Fxgo6brqocbR4Fo=", + "usagesDigest": "dNvS5vmHnd33Wm8wEDdfCELM1fuXE9dmHYK9BLQTjPc=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, @@ -811,7 +812,7 @@ "@@platforms//host:extension.bzl%host_platform": { "general": { "bzlTransitiveDigest": "xelQcPZH8+tmuOHVjL9vDxMnnQNMlwj0SlvgoqBkm4U=", - "usagesDigest": "V1R2Y2oMxKNfx2WCWpSCaUV1WefW1o8HZGm3v1vHgY4=", + "usagesDigest": "CTnaZGZxcnBcmQnD3YRFsLnLu0IwUQcvRGTfRDzNiVw=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, @@ -825,39 +826,10 @@ "recordedRepoMappingEntries": [] } }, - "@@protobuf~//:non_module_deps.bzl%non_module_deps": { - "general": { - "bzlTransitiveDigest": "jsbfONl9OksDWiAs7KDFK5chH/tYI3DngdM30NKdk5Y=", - "usagesDigest": "eVrT3hFCIZNRuTKpfWDzSIwTi2p6U6PWbt+tNWl/Tqk=", - "recordedFileInputs": {}, - "recordedDirentsInputs": {}, - "envVariables": {}, - "generatedRepoSpecs": { - "utf8_range": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "urls": [ - "https://github.com/protocolbuffers/utf8_range/archive/de0b4a8ff9b5d4c98108bdfe723291a33c52c54f.zip" - ], - "strip_prefix": "utf8_range-de0b4a8ff9b5d4c98108bdfe723291a33c52c54f", - "sha256": "5da960e5e5d92394c809629a03af3c7709d2d3d0ca731dacb3a9fb4bf28f7702" - } - } - }, - "recordedRepoMappingEntries": [ - [ - "protobuf~", - "bazel_tools", - "bazel_tools" - ] - ] - } - }, "@@rules_jvm_external~//:extensions.bzl%maven": { "general": { "bzlTransitiveDigest": "U98JuBYMWVrcyiXT1L6KAYSAA0chnjRZZloIUmNmZ7M=", - "usagesDigest": "u38mZroTtN53UEe7YtmVA0gxhbXlyIy/hRbXGWAXN1w=", + "usagesDigest": "AtWpXm51d7cXvW2iuAfrJZ7uNbI4zX/8xGlkWoAERC4=", "recordedFileInputs": { "@@stardoc~//maven_install.json": "de0bfa778b4ed6aebb77509362dd87ab8d20fc7c7c18d2a7429cdfee03949a21", "@@rules_jvm_external~//rules_jvm_external_deps_install.json": "3ab1f67b0de4815df110bc72ccd6c77882b3b21d3d1e0a84445847b6ce3235a3" @@ -1271,45 +1243,6 @@ "downloaded_file_path": "com/google/oauth-client/google-oauth-client/1.31.1/google-oauth-client-1.31.1.jar" } }, - "maven": { - "bzlFile": "@@rules_jvm_external~//:coursier.bzl", - "ruleClassName": "coursier_fetch", - "attributes": { - "repositories": [ - "{ \"repo_url\": \"https://repo1.maven.org/maven2\" }" - ], - "artifacts": [ - "{ \"group\": \"com.google.code.findbugs\", \"artifact\": \"jsr305\", \"version\": \"3.0.2\" }", - "{ \"group\": \"com.google.code.gson\", \"artifact\": \"gson\", \"version\": \"2.8.9\" }", - "{ \"group\": \"com.google.errorprone\", \"artifact\": \"error_prone_annotations\", \"version\": \"2.3.2\" }", - "{ \"group\": \"com.google.j2objc\", \"artifact\": \"j2objc-annotations\", \"version\": \"1.3\" }", - "{ \"group\": \"com.google.guava\", \"artifact\": \"guava\", \"version\": \"31.1-jre\" }", - "{ \"group\": \"com.google.guava\", \"artifact\": \"guava-testlib\", \"version\": \"31.1-jre\" }", - "{ \"group\": \"com.google.truth\", \"artifact\": \"truth\", \"version\": \"1.1.2\" }", - "{ \"group\": \"junit\", \"artifact\": \"junit\", \"version\": \"4.13.2\" }", - "{ \"group\": \"org.mockito\", \"artifact\": \"mockito-core\", \"version\": \"4.3.1\" }" - ], - "fail_on_missing_checksum": true, - "fetch_sources": true, - "fetch_javadoc": false, - "excluded_artifacts": [], - "generate_compat_repositories": false, - "version_conflict_policy": "default", - "override_targets": {}, - "strict_visibility": false, - "strict_visibility_value": [ - "@@//visibility:private" - ], - "resolve_timeout": 600, - "jetify": false, - "jetify_include_list": [ - "*" - ], - "use_starlark_android_rules": false, - "aar_import_bzl_label": "@build_bazel_rules_android//android:rules.bzl", - "duplicate_version_warning": "warn" - } - }, "software_amazon_awssdk_aws_xml_protocol_2_17_183": { "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", "ruleClassName": "http_file", @@ -2091,8 +2024,8 @@ }, "@@rules_python~//python/private/pypi:pip.bzl%pip_internal": { "general": { - "bzlTransitiveDigest": "6N7lP83kwn4rIvijlTp/rJZNsXKtoOwzv38ORMDZG7o=", - "usagesDigest": "moHoYY1OP7kHaHHJ5EAvm+zksRZt5n3lvjcOhYhq7uY=", + "bzlTransitiveDigest": "A6NreM8jfXl/qMHo3ZoVQRrznlTyni1DBwC/tXdIRKw=", + "usagesDigest": "Uu+eQolCXDoyIgvFjLDBDgjgBSkRuuldwUQnjKYjsz8=", "recordedFileInputs": { "@@rules_python~//tools/publish/requirements.txt": "031e35d03dde03ae6305fe4b3d1f58ad7bdad857379752deede0f93649991b8a", "@@rules_python~//tools/publish/requirements_windows.txt": "15472d5a28e068d31ba9e2dc389459698afaff366e9db06e15890283a3ea252e", @@ -4335,35 +4268,6 @@ ] ] } - }, - "@@upb~//:non_module_deps.bzl%non_module_deps": { - "general": { - "bzlTransitiveDigest": "jsbfONl9OksDWiAs7KDFK5chH/tYI3DngdM30NKdk5Y=", - "usagesDigest": "IDJOf8yjMDcQ7vE4CsKItkDBrOU4C+76gC1pczv03FQ=", - "recordedFileInputs": {}, - "recordedDirentsInputs": {}, - "envVariables": {}, - "generatedRepoSpecs": { - "utf8_range": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_archive", - "attributes": { - "urls": [ - "https://github.com/protocolbuffers/utf8_range/archive/de0b4a8ff9b5d4c98108bdfe723291a33c52c54f.zip" - ], - "strip_prefix": "utf8_range-de0b4a8ff9b5d4c98108bdfe723291a33c52c54f", - "sha256": "5da960e5e5d92394c809629a03af3c7709d2d3d0ca731dacb3a9fb4bf28f7702" - } - } - }, - "recordedRepoMappingEntries": [ - [ - "upb~", - "bazel_tools", - "bazel_tools" - ] - ] - } } } } diff --git a/bootstrapper/initproto/init.pb.go b/bootstrapper/initproto/init.pb.go index 2919d6a6e..3d8ca44c4 100644 --- a/bootstrapper/initproto/init.pb.go +++ b/bootstrapper/initproto/init.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.34.2 -// protoc v4.24.4 +// protoc v5.27.0 // source: bootstrapper/initproto/init.proto package initproto diff --git a/debugd/service/debugd.pb.go b/debugd/service/debugd.pb.go index daaa5b765..ea419f367 100644 --- a/debugd/service/debugd.pb.go +++ b/debugd/service/debugd.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.34.2 -// protoc v4.24.4 +// protoc v5.27.0 // source: debugd/service/debugd.proto package service diff --git a/disk-mapper/recoverproto/recover.pb.go b/disk-mapper/recoverproto/recover.pb.go index f8d6b4fc5..0b7db18f9 100644 --- a/disk-mapper/recoverproto/recover.pb.go +++ b/disk-mapper/recoverproto/recover.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.34.2 -// protoc v4.24.4 +// protoc v5.27.0 // source: disk-mapper/recoverproto/recover.proto package recoverproto diff --git a/internal/versions/components/components.pb.go b/internal/versions/components/components.pb.go index 318364ffc..9796c8001 100644 --- a/internal/versions/components/components.pb.go +++ b/internal/versions/components/components.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.34.2 -// protoc v4.24.4 +// protoc v5.27.0 // source: internal/versions/components/components.proto package components diff --git a/joinservice/joinproto/join.pb.go b/joinservice/joinproto/join.pb.go index dbd10c5c9..07240c63f 100644 --- a/joinservice/joinproto/join.pb.go +++ b/joinservice/joinproto/join.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.34.2 -// protoc v4.24.4 +// protoc v5.27.0 // source: joinservice/joinproto/join.proto package joinproto diff --git a/keyservice/keyserviceproto/keyservice.pb.go b/keyservice/keyserviceproto/keyservice.pb.go index c770110f7..b0577c887 100644 --- a/keyservice/keyserviceproto/keyservice.pb.go +++ b/keyservice/keyserviceproto/keyservice.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.34.2 -// protoc v4.24.4 +// protoc v5.27.0 // source: keyservice/keyserviceproto/keyservice.proto package keyserviceproto diff --git a/upgrade-agent/upgradeproto/upgrade.pb.go b/upgrade-agent/upgradeproto/upgrade.pb.go index 98a8f64f6..ddb7a1e61 100644 --- a/upgrade-agent/upgradeproto/upgrade.pb.go +++ b/upgrade-agent/upgradeproto/upgrade.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.34.2 -// protoc v4.24.4 +// protoc v5.27.0 // source: upgrade-agent/upgradeproto/upgrade.proto package upgradeproto diff --git a/verify/verifyproto/verify.pb.go b/verify/verifyproto/verify.pb.go index 38475ac09..57d59de90 100644 --- a/verify/verifyproto/verify.pb.go +++ b/verify/verifyproto/verify.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.34.2 -// protoc v4.24.4 +// protoc v5.27.0 // source: verify/verifyproto/verify.proto package verifyproto From 6c94b5ae6ba93299bda63f50fe9f2d1bc7a266f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Mon, 14 Oct 2024 11:10:30 +0200 Subject: [PATCH 302/380] ci: upgrade to ubuntu-24.04 fixups (#3413) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Upgrade workflows to ubuntu-24.04 * Install missing tools for ubuntu-24.04 --------- Signed-off-by: Daniel Weiße --- .../actions/e2e_cleanup_timeframe/action.yml | 4 +- .github/workflows/e2e-test-internal-lb.yml | 4 +- .../workflows/e2e-test-marketplace-image.yml | 4 +- .github/workflows/e2e-test-release.yml | 92 +++++++++---------- .../workflows/e2e-test-terraform-provider.yml | 4 +- .github/workflows/e2e-test.yml | 4 +- 6 files changed, 57 insertions(+), 55 deletions(-) diff --git a/.github/actions/e2e_cleanup_timeframe/action.yml b/.github/actions/e2e_cleanup_timeframe/action.yml index 869148705..bfe40cbf3 100644 --- a/.github/actions/e2e_cleanup_timeframe/action.yml +++ b/.github/actions/e2e_cleanup_timeframe/action.yml @@ -31,11 +31,13 @@ runs: with: service_account: "destroy-e2e@constellation-e2e.iam.gserviceaccount.com" - - name: Install 7zip + - name: Install tools uses: ./.github/actions/setup_bazel_nix with: nixTools: | _7zz + terraform + - name: Run cleanup run: ./.github/actions/e2e_cleanup_timeframe/e2e-cleanup.sh shell: bash diff --git a/.github/workflows/e2e-test-internal-lb.yml b/.github/workflows/e2e-test-internal-lb.yml index b9a27949c..cee93f7eb 100644 --- a/.github/workflows/e2e-test-internal-lb.yml +++ b/.github/workflows/e2e-test-internal-lb.yml @@ -22,9 +22,9 @@ on: description: "Architecture of the runner that executes the CLI" type: choice options: - - "ubuntu-22.04" + - "ubuntu-24.04" - "macos-12" - default: "ubuntu-22.04" + default: "ubuntu-24.04" test: description: "The test to run." type: choice diff --git a/.github/workflows/e2e-test-marketplace-image.yml b/.github/workflows/e2e-test-marketplace-image.yml index 3338c1384..760df932b 100644 --- a/.github/workflows/e2e-test-marketplace-image.yml +++ b/.github/workflows/e2e-test-marketplace-image.yml @@ -22,9 +22,9 @@ on: description: "Architecture of the runner that executes the CLI" type: choice options: - - "ubuntu-22.04" + - "ubuntu-24.04" - "macos-12" - default: "ubuntu-22.04" + default: "ubuntu-24.04" test: description: "The test to run." type: choice diff --git a/.github/workflows/e2e-test-release.yml b/.github/workflows/e2e-test-release.yml index 598c4091a..0a7044788 100644 --- a/.github/workflows/e2e-test-release.yml +++ b/.github/workflows/e2e-test-release.yml @@ -48,214 +48,214 @@ jobs: - test: "sonobuoy full" attestationVariant: "gcp-sev-es" kubernetes-version: "v1.30" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" - test: "sonobuoy full" attestationVariant: "gcp-sev-snp" kubernetes-version: "v1.30" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" - test: "sonobuoy full" attestationVariant: "azure-sev-snp" kubernetes-version: "v1.30" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" - test: "sonobuoy full" attestationVariant: "azure-tdx" kubernetes-version: "v1.30" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" - test: "sonobuoy full" attestationVariant: "aws-sev-snp" kubernetes-version: "v1.30" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" - test: "sonobuoy full" attestationVariant: "gcp-sev-es" kubernetes-version: "v1.29" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" - test: "sonobuoy full" attestationVariant: "gcp-sev-snp" kubernetes-version: "v1.29" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" - test: "sonobuoy full" attestationVariant: "azure-sev-snp" kubernetes-version: "v1.29" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" - test: "sonobuoy full" attestationVariant: "azure-tdx" kubernetes-version: "v1.29" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" - test: "sonobuoy full" attestationVariant: "aws-sev-snp" kubernetes-version: "v1.29" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" - test: "sonobuoy full" attestationVariant: "gcp-sev-es" kubernetes-version: "v1.28" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" - test: "sonobuoy full" attestationVariant: "gcp-sev-snp" kubernetes-version: "v1.28" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" - test: "sonobuoy full" attestationVariant: "azure-sev-snp" kubernetes-version: "v1.28" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" - test: "sonobuoy full" attestationVariant: "azure-tdx" kubernetes-version: "v1.28" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" - test: "sonobuoy full" attestationVariant: "aws-sev-snp" kubernetes-version: "v1.28" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" # verify test on latest k8s version - test: "verify" attestationVariant: "gcp-sev-es" kubernetes-version: "v1.30" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" - test: "verify" attestationVariant: "gcp-sev-snp" kubernetes-version: "v1.30" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" - test: "verify" attestationVariant: "azure-sev-snp" kubernetes-version: "v1.30" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" - test: "verify" attestationVariant: "azure-tdx" kubernetes-version: "v1.30" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" - test: "verify" attestationVariant: "aws-sev-snp" kubernetes-version: "v1.30" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" # recover test on latest k8s version - test: "recover" attestationVariant: "gcp-sev-es" kubernetes-version: "v1.30" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" - test: "recover" attestationVariant: "gcp-sev-snp" kubernetes-version: "v1.30" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" - test: "recover" attestationVariant: "azure-sev-snp" kubernetes-version: "v1.30" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" - test: "recover" attestationVariant: "azure-tdx" kubernetes-version: "v1.30" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" - test: "recover" attestationVariant: "aws-sev-snp" kubernetes-version: "v1.30" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" # lb test on latest k8s version - test: "lb" attestationVariant: "gcp-sev-es" kubernetes-version: "v1.30" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" - test: "lb" attestationVariant: "gcp-sev-snp" kubernetes-version: "v1.30" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" - test: "lb" attestationVariant: "azure-sev-snp" kubernetes-version: "v1.30" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" - test: "lb" attestationVariant: "azure-tdx" kubernetes-version: "v1.30" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" - test: "lb" attestationVariant: "aws-sev-snp" kubernetes-version: "v1.30" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" # autoscaling test on latest k8s version - test: "autoscaling" attestationVariant: "gcp-sev-es" kubernetes-version: "v1.30" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" - test: "autoscaling" attestationVariant: "gcp-sev-snp" kubernetes-version: "v1.30" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" - test: "autoscaling" attestationVariant: "azure-sev-snp" kubernetes-version: "v1.30" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" - test: "autoscaling" attestationVariant: "azure-tdx" kubernetes-version: "v1.30" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" - test: "autoscaling" attestationVariant: "aws-sev-snp" kubernetes-version: "v1.30" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" # perf-bench test on latest k8s version - test: "perf-bench" attestationVariant: "gcp-sev-es" kubernetes-version: "v1.30" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" - test: "perf-bench" attestationVariant: "gcp-sev-snp" kubernetes-version: "v1.30" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" - test: "perf-bench" attestationVariant: "azure-sev-snp" kubernetes-version: "v1.30" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" - test: "perf-bench" attestationVariant: "azure-tdx" kubernetes-version: "v1.30" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" - test: "perf-bench" attestationVariant: "aws-sev-snp" kubernetes-version: "v1.30" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" # s3proxy test on latest k8s version @@ -263,7 +263,7 @@ jobs: refStream: "ref/main/stream/debug/?" attestationVariant: "gcp-sev-es" kubernetes-version: "v1.30" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" clusterCreation: "cli" # malicious join test on latest k8s version @@ -272,31 +272,31 @@ jobs: attestationVariant: "gcp-sev-es" kubernetes-version: "v1.30" clusterCreation: "cli" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" - test: "malicious join" refStream: "ref/main/stream/debug/?" attestationVariant: "gcp-sev-snp" kubernetes-version: "v1.30" clusterCreation: "cli" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" - test: "malicious join" refStream: "ref/main/stream/debug/?" attestationVariant: "azure-sev-snp" kubernetes-version: "v1.30" clusterCreation: "cli" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" - test: "malicious join" refStream: "ref/main/stream/debug/?" attestationVariant: "azure-tdx" kubernetes-version: "v1.30" clusterCreation: "cli" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" - test: "malicious join" refStream: "ref/main/stream/debug/?" attestationVariant: "aws-sev-snp" kubernetes-version: "v1.30" clusterCreation: "cli" - runner: "ubuntu-22.04" + runner: "ubuntu-24.04" # # Tests on macOS runner diff --git a/.github/workflows/e2e-test-terraform-provider.yml b/.github/workflows/e2e-test-terraform-provider.yml index 585ffe6b9..3c465ab97 100644 --- a/.github/workflows/e2e-test-terraform-provider.yml +++ b/.github/workflows/e2e-test-terraform-provider.yml @@ -22,9 +22,9 @@ on: description: "Architecture of the runner that executes the CLI" type: choice options: - - "ubuntu-22.04" + - "ubuntu-24.04" - "macos-12" - default: "ubuntu-22.04" + default: "ubuntu-24.04" test: description: "The test to run." type: choice diff --git a/.github/workflows/e2e-test.yml b/.github/workflows/e2e-test.yml index c06c8eeff..11fc81849 100644 --- a/.github/workflows/e2e-test.yml +++ b/.github/workflows/e2e-test.yml @@ -22,9 +22,9 @@ on: description: "Architecture of the runner that executes the CLI" type: choice options: - - "ubuntu-22.04" + - "ubuntu-24.04" - "macos-12" - default: "ubuntu-22.04" + default: "ubuntu-24.04" test: description: "The test to run. The conformance test is only supported for clusterCreation=cli." type: choice From c392bec892f91756d2e2a58e1733b2f49bad3bca Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 14 Oct 2024 11:36:47 +0200 Subject: [PATCH 303/380] deps: update dependency rules_oci to v2.0.1 (#3412) * deps: update dependency rules_oci to v2.0.1 * deps: tidy all modules --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci --- bazel/toolchains/oci_deps.bzl | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/bazel/toolchains/oci_deps.bzl b/bazel/toolchains/oci_deps.bzl index d07e56c14..8cfbecf3b 100644 --- a/bazel/toolchains/oci_deps.bzl +++ b/bazel/toolchains/oci_deps.bzl @@ -7,13 +7,14 @@ def oci_deps(): # Remove this override once https://github.com/bazel-contrib/rules_oci/issues/420 is fixed. http_archive( name = "rules_oci", - strip_prefix = "rules_oci-2.0.0-beta1", + strip_prefix = "rules_oci-2.0.1", type = "tar.gz", urls = [ + "https://cdn.confidential.cloud/constellation/cas/sha256/acbf8f40e062f707f8754e914dcb0013803c6e5e3679d3e05b571a9f5c7e0b43", "https://cdn.confidential.cloud/constellation/cas/sha256/f70f07f9d0d6c275d7ec7d3c7f236d9b552ba3205e8f37df9c1125031cf967cc", - "https://github.com/bazel-contrib/rules_oci/releases/download/v2.0.0-beta1/rules_oci-v2.0.0-beta1.tar.gz", + "https://github.com/bazel-contrib/rules_oci/releases/download/v2.0.1/rules_oci-v2.0.1.tar.gz", ], - sha256 = "f70f07f9d0d6c275d7ec7d3c7f236d9b552ba3205e8f37df9c1125031cf967cc", + sha256 = "acbf8f40e062f707f8754e914dcb0013803c6e5e3679d3e05b571a9f5c7e0b43", patches = ["//bazel/toolchains:0001-disable-Windows-support.patch"], patch_args = ["-p1"], ) From 70ebfea5ecc0610dcbd8eb0a0cb3e2628703c64f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 14 Oct 2024 11:37:40 +0200 Subject: [PATCH 304/380] deps: update bufbuild/buf to v1.45.0 (#3407) * deps: update bufbuild/buf to v1.45.0 * deps: tidy all modules --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci --- bazel/toolchains/ci_deps.bzl | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/bazel/toolchains/ci_deps.bzl b/bazel/toolchains/ci_deps.bzl index c12431b05..cea09fa9e 100644 --- a/bazel/toolchains/ci_deps.bzl +++ b/bazel/toolchains/ci_deps.bzl @@ -270,44 +270,44 @@ def _buf_deps(): strip_prefix = "buf/bin", build_file_content = """exports_files(["buf"], visibility = ["//visibility:public"])""", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/b0515420c9705332a0cc2161b7c515d55ed7111ef2ccc791c2282ca4eeaf5115", - "https://github.com/bufbuild/buf/releases/download/v1.36.0/buf-Linux-x86_64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/deebd48a6bf85b073d7c7800c17b330376487e86852d4905c76a205b6fd795d4", + "https://github.com/bufbuild/buf/releases/download/v1.45.0/buf-Linux-x86_64.tar.gz", ], type = "tar.gz", - sha256 = "b0515420c9705332a0cc2161b7c515d55ed7111ef2ccc791c2282ca4eeaf5115", + sha256 = "deebd48a6bf85b073d7c7800c17b330376487e86852d4905c76a205b6fd795d4", ) http_archive( name = "com_github_bufbuild_buf_linux_arm64", strip_prefix = "buf/bin", build_file_content = """exports_files(["buf"], visibility = ["//visibility:public"])""", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/b71f79c5057bdf733d39ab5cbf05eaba172e5fbfcead2629a3eaf3d24d9afab9", - "https://github.com/bufbuild/buf/releases/download/v1.36.0/buf-Linux-aarch64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/2d3ebfed036881d0615e5b24288cf788791b45848f26e915e3efe7ee9c10735d", + "https://github.com/bufbuild/buf/releases/download/v1.45.0/buf-Linux-aarch64.tar.gz", ], type = "tar.gz", - sha256 = "b71f79c5057bdf733d39ab5cbf05eaba172e5fbfcead2629a3eaf3d24d9afab9", + sha256 = "2d3ebfed036881d0615e5b24288cf788791b45848f26e915e3efe7ee9c10735d", ) http_archive( name = "com_github_bufbuild_buf_darwin_amd64", strip_prefix = "buf/bin", build_file_content = """exports_files(["buf"], visibility = ["//visibility:public"])""", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/c5880bff78014f3204b442fe538aa2a5d9653ef73869913cdb01d84ae841f95d", - "https://github.com/bufbuild/buf/releases/download/v1.36.0/buf-Darwin-x86_64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/7fef3c482ac440cc09c40864498ef1f44745fde82428ddf52edd2012d3a036a4", + "https://github.com/bufbuild/buf/releases/download/v1.45.0/buf-Darwin-x86_64.tar.gz", ], type = "tar.gz", - sha256 = "c5880bff78014f3204b442fe538aa2a5d9653ef73869913cdb01d84ae841f95d", + sha256 = "7fef3c482ac440cc09c40864498ef1f44745fde82428ddf52edd2012d3a036a4", ) http_archive( name = "com_github_bufbuild_buf_darwin_arm64", strip_prefix = "buf/bin", build_file_content = """exports_files(["buf"], visibility = ["//visibility:public"])""", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/abd9cadbd1f86ae9e8683b73e1f44455ecdd3b908f65c72795c47e94bccae2f2", - "https://github.com/bufbuild/buf/releases/download/v1.36.0/buf-Darwin-arm64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/e5309c70c7bb4a06d799ab7c7601c0d647c704085593d5cd981db29f986e469b", + "https://github.com/bufbuild/buf/releases/download/v1.45.0/buf-Darwin-arm64.tar.gz", ], type = "tar.gz", - sha256 = "abd9cadbd1f86ae9e8683b73e1f44455ecdd3b908f65c72795c47e94bccae2f2", + sha256 = "e5309c70c7bb4a06d799ab7c7601c0d647c704085593d5cd981db29f986e469b", ) def _talos_docgen_deps(): From 0b5b2ea65b032a095cd7d4a7cfaf7d02f067e95f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 14 Oct 2024 11:38:19 +0200 Subject: [PATCH 305/380] deps: update dependency containernetworking/plugins to v1.5.1 (#3408) * deps: update dependency containernetworking/plugins to v1.5.1 * deps: tidy all modules --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci --- internal/versions/versions.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/internal/versions/versions.go b/internal/versions/versions.go index 149a5b0b5..79b7118de 100644 --- a/internal/versions/versions.go +++ b/internal/versions/versions.go @@ -201,8 +201,8 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ ClusterVersion: "v1.28.14", // renovate:kubernetes-release KubernetesComponents: components.Components{ { - Url: "https://github.com/containernetworking/plugins/releases/download/v1.4.0/cni-plugins-linux-amd64-v1.4.0.tgz", // renovate:cni-plugins-release - Hash: "sha256:c2485ddb3ffc176578ae30ae58137f0b88e50f7c7f2af7d53a569276b2949a33", + Url: "https://github.com/containernetworking/plugins/releases/download/v1.5.1/cni-plugins-linux-amd64-v1.5.1.tgz", // renovate:cni-plugins-release + Hash: "sha256:77baa2f669980a82255ffa2f2717de823992480271ee778aa51a9c60ae89ff9b", InstallPath: constants.CniPluginsDir, Extract: true, }, @@ -268,8 +268,8 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ ClusterVersion: "v1.29.9", // renovate:kubernetes-release KubernetesComponents: components.Components{ { - Url: "https://github.com/containernetworking/plugins/releases/download/v1.4.0/cni-plugins-linux-amd64-v1.4.0.tgz", // renovate:cni-plugins-release - Hash: "sha256:c2485ddb3ffc176578ae30ae58137f0b88e50f7c7f2af7d53a569276b2949a33", + Url: "https://github.com/containernetworking/plugins/releases/download/v1.5.1/cni-plugins-linux-amd64-v1.5.1.tgz", // renovate:cni-plugins-release + Hash: "sha256:77baa2f669980a82255ffa2f2717de823992480271ee778aa51a9c60ae89ff9b", InstallPath: constants.CniPluginsDir, Extract: true, }, @@ -335,8 +335,8 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ ClusterVersion: "v1.30.5", // renovate:kubernetes-release KubernetesComponents: components.Components{ { - Url: "https://github.com/containernetworking/plugins/releases/download/v1.4.0/cni-plugins-linux-amd64-v1.4.0.tgz", // renovate:cni-plugins-release - Hash: "sha256:c2485ddb3ffc176578ae30ae58137f0b88e50f7c7f2af7d53a569276b2949a33", + Url: "https://github.com/containernetworking/plugins/releases/download/v1.5.1/cni-plugins-linux-amd64-v1.5.1.tgz", // renovate:cni-plugins-release + Hash: "sha256:77baa2f669980a82255ffa2f2717de823992480271ee778aa51a9c60ae89ff9b", InstallPath: constants.CniPluginsDir, Extract: true, }, From fd280ecc5fa11a55bb455b8e45fe0423fa84ef97 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 14 Oct 2024 22:11:09 +0200 Subject: [PATCH 306/380] deps: update dependency kubernetes-sigs/cri-tools to v1.31.1 (#3414) Co-authored-by: Leonard Cohnen --- internal/versions/versions.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/internal/versions/versions.go b/internal/versions/versions.go index 79b7118de..a370f03c6 100644 --- a/internal/versions/versions.go +++ b/internal/versions/versions.go @@ -207,8 +207,8 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ Extract: true, }, { - Url: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.28.0/crictl-v1.28.0-linux-amd64.tar.gz", // renovate:crictl-release - Hash: "sha256:8dc78774f7cbeaf787994d386eec663f0a3cf24de1ea4893598096cb39ef2508", + Url: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.31.1/crictl-v1.31.1-linux-amd64.tar.gz", // renovate:crictl-release + Hash: "sha256:0a03ba6b1e4c253d63627f8d210b2ea07675a8712587e697657b236d06d7d231", InstallPath: constants.BinDir, Extract: true, }, @@ -274,8 +274,8 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ Extract: true, }, { - Url: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.29.0/crictl-v1.29.0-linux-amd64.tar.gz", // renovate:crictl-release - Hash: "sha256:d16a1ffb3938f5a19d5c8f45d363bd091ef89c0bc4d44ad16b933eede32fdcbb", + Url: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.31.1/crictl-v1.31.1-linux-amd64.tar.gz", // renovate:crictl-release + Hash: "sha256:0a03ba6b1e4c253d63627f8d210b2ea07675a8712587e697657b236d06d7d231", InstallPath: constants.BinDir, Extract: true, }, @@ -341,8 +341,8 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ Extract: true, }, { - Url: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.30.0/crictl-v1.30.0-linux-amd64.tar.gz", // renovate:crictl-release - Hash: "sha256:3dd03954565808eaeb3a7ffc0e8cb7886a64a9aa94b2bfdfbdc6e2ed94842e49", + Url: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.31.1/crictl-v1.31.1-linux-amd64.tar.gz", // renovate:crictl-release + Hash: "sha256:0a03ba6b1e4c253d63627f8d210b2ea07675a8712587e697657b236d06d7d231", InstallPath: constants.BinDir, Extract: true, }, From 093fddb0013db7726951d21a3e73ebe2fd506c17 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 15 Oct 2024 13:09:31 +0200 Subject: [PATCH 307/380] deps: update golangci/golangci-lint to v1.61.0 (#3415) * deps: update golangci/golangci-lint to v1.61.0 * deps: tidy all modules --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci --- bazel/toolchains/ci_deps.bzl | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/bazel/toolchains/ci_deps.bzl b/bazel/toolchains/ci_deps.bzl index cea09fa9e..1b382be0b 100644 --- a/bazel/toolchains/ci_deps.bzl +++ b/bazel/toolchains/ci_deps.bzl @@ -223,45 +223,45 @@ def _golangci_lint_deps(): name = "com_github_golangci_golangci_lint_linux_amd64", build_file = "//bazel/toolchains:BUILD.golangci.bazel", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/c30696f1292cff8778a495400745f0f9c0406a3f38d8bb12cef48d599f6c7791", - "https://github.com/golangci/golangci-lint/releases/download/v1.59.1/golangci-lint-1.59.1-linux-amd64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/77cb0af99379d9a21d5dc8c38364d060e864a01bd2f3e30b5e8cc550c3a54111", + "https://github.com/golangci/golangci-lint/releases/download/v1.61.0/golangci-lint-1.61.0-linux-amd64.tar.gz", ], - strip_prefix = "golangci-lint-1.59.1-linux-amd64", + strip_prefix = "golangci-lint-1.61.0-linux-amd64", type = "tar.gz", - sha256 = "c30696f1292cff8778a495400745f0f9c0406a3f38d8bb12cef48d599f6c7791", + sha256 = "77cb0af99379d9a21d5dc8c38364d060e864a01bd2f3e30b5e8cc550c3a54111", ) http_archive( name = "com_github_golangci_golangci_lint_linux_arm64", build_file = "//bazel/toolchains:BUILD.golangci.bazel", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/8264507b560ae89dd080d5a0c7198ca5198e2b45f937a1f7fd873a8baa8e0b8f", - "https://github.com/golangci/golangci-lint/releases/download/v1.59.1/golangci-lint-1.59.1-linux-arm64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/af60ac05566d9351615cb31b4cc070185c25bf8cbd9b09c1873aa5ec6f3cc17e", + "https://github.com/golangci/golangci-lint/releases/download/v1.61.0/golangci-lint-1.61.0-linux-arm64.tar.gz", ], - strip_prefix = "golangci-lint-1.59.1-linux-arm64", + strip_prefix = "golangci-lint-1.61.0-linux-arm64", type = "tar.gz", - sha256 = "8264507b560ae89dd080d5a0c7198ca5198e2b45f937a1f7fd873a8baa8e0b8f", + sha256 = "af60ac05566d9351615cb31b4cc070185c25bf8cbd9b09c1873aa5ec6f3cc17e", ) http_archive( name = "com_github_golangci_golangci_lint_darwin_amd64", build_file = "//bazel/toolchains:BUILD.golangci.bazel", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/2f945063394a489c0037f0369c0ce21bc007565c08f90b924a35f4c04721cbc0", - "https://github.com/golangci/golangci-lint/releases/download/v1.59.1/golangci-lint-1.59.1-darwin-amd64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/5c280ef3284f80c54fd90d73dc39ca276953949da1db03eb9dd0fbf868cc6e55", + "https://github.com/golangci/golangci-lint/releases/download/v1.61.0/golangci-lint-1.61.0-darwin-amd64.tar.gz", ], - strip_prefix = "golangci-lint-1.59.1-darwin-amd64", + strip_prefix = "golangci-lint-1.61.0-darwin-amd64", type = "tar.gz", - sha256 = "2f945063394a489c0037f0369c0ce21bc007565c08f90b924a35f4c04721cbc0", + sha256 = "5c280ef3284f80c54fd90d73dc39ca276953949da1db03eb9dd0fbf868cc6e55", ) http_archive( name = "com_github_golangci_golangci_lint_darwin_arm64", build_file = "//bazel/toolchains:BUILD.golangci.bazel", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/16ec8a86974ddebd466a5cc071bb9f44d06d2a1f4bf93d13fbcb59e1704edb39", - "https://github.com/golangci/golangci-lint/releases/download/v1.59.1/golangci-lint-1.59.1-darwin-arm64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/544334890701e4e04a6e574bc010bea8945205c08c44cced73745a6378012d36", + "https://github.com/golangci/golangci-lint/releases/download/v1.61.0/golangci-lint-1.61.0-darwin-arm64.tar.gz", ], - strip_prefix = "golangci-lint-1.59.1-darwin-arm64", + strip_prefix = "golangci-lint-1.61.0-darwin-arm64", type = "tar.gz", - sha256 = "16ec8a86974ddebd466a5cc071bb9f44d06d2a1f4bf93d13fbcb59e1704edb39", + sha256 = "544334890701e4e04a6e574bc010bea8945205c08c44cced73745a6378012d36", ) def _buf_deps(): From 9ef5b70966376f94c16806f919e8ca28bde88d8e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 15 Oct 2024 13:10:39 +0200 Subject: [PATCH 308/380] deps: update kubernetes packages (#3416) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/go.mod b/go.mod index 85ff9a9c0..d2c20b2f7 100644 --- a/go.mod +++ b/go.mod @@ -11,18 +11,18 @@ replace github.com/martinjungblut/go-cryptsetup => github.com/daniel-weisse/go-c // See this issue: https://github.com/kubernetes/kubernetes/issues/79384 // And this README: https://github.com/kubernetes/kubernetes/blob/master/staging/README.md replace ( - k8s.io/cloud-provider => k8s.io/cloud-provider v0.30.2 - k8s.io/controller-manager => k8s.io/controller-manager v0.30.2 - k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.30.2 + k8s.io/cloud-provider => k8s.io/cloud-provider v0.31.1 + k8s.io/controller-manager => k8s.io/controller-manager v0.31.1 + k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.31.1 k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.30.2 k8s.io/endpointslice => k8s.io/endpointslice v0.30.2 - k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.30.2 - k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.30.2 - k8s.io/kube-proxy => k8s.io/kube-proxy v0.30.2 - k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.30.2 - k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.30.2 - k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.30.2 - k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.30.2 + k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.31.1 + k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.31.1 + k8s.io/kube-proxy => k8s.io/kube-proxy v0.31.1 + k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.31.1 + k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.30.5 + k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.31.1 + k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.31.1 ) require ( From 843d9bcb7c1396899e2a7c422041295ceac176cf Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Tue, 15 Oct 2024 13:52:45 +0200 Subject: [PATCH 309/380] treewide: upgrade to Go 1.23.2 (#3417) * treewide: upgrade to Go 1.23.2 * deps: update golangci/golangci-lint to v1.61.0 * deps: tidy all modules --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci --- .github/workflows/build-ccm-gcp.yml | 2 +- .github/workflows/build-os-image-scheduled.yml | 2 +- .github/workflows/codeql.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/test-operator-codegen.yml | 2 +- .../org_golang/go_tls_max_handshake_size.patch | 16 ++++++++-------- MODULE.bazel | 2 +- go.mod | 2 +- go.work | 4 ++-- hack/tools/go.mod | 2 +- renovate.json5 | 2 +- 11 files changed, 19 insertions(+), 19 deletions(-) diff --git a/.github/workflows/build-ccm-gcp.yml b/.github/workflows/build-ccm-gcp.yml index 86b942de2..3b3c21c54 100644 --- a/.github/workflows/build-ccm-gcp.yml +++ b/.github/workflows/build-ccm-gcp.yml @@ -31,7 +31,7 @@ jobs: - name: Setup Go environment uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: - go-version: "1.22.7" + go-version: "1.23.2" cache: false - name: Install Crane diff --git a/.github/workflows/build-os-image-scheduled.yml b/.github/workflows/build-os-image-scheduled.yml index c21ed573a..6709d6403 100644 --- a/.github/workflows/build-os-image-scheduled.yml +++ b/.github/workflows/build-os-image-scheduled.yml @@ -67,7 +67,7 @@ jobs: - name: Setup Go environment uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: - go-version: "1.22.7" + go-version: "1.23.2" cache: false - name: Determine version diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 8c657a071..bf61fd0a4 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -40,7 +40,7 @@ jobs: if: matrix.language == 'go' uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: - go-version: "1.22.7" + go-version: "1.23.2" cache: false - name: Initialize CodeQL diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4a4c03d11..f6b14fb94 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -233,7 +233,7 @@ jobs: - name: Setup Go environment uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: - go-version: "1.22.7" + go-version: "1.23.2" cache: true - name: Build generateMeasurements tool diff --git a/.github/workflows/test-operator-codegen.yml b/.github/workflows/test-operator-codegen.yml index 8e1b326e1..a396122f6 100644 --- a/.github/workflows/test-operator-codegen.yml +++ b/.github/workflows/test-operator-codegen.yml @@ -28,7 +28,7 @@ jobs: - name: Setup Go environment uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: - go-version: "1.22.7" + go-version: "1.23.2" cache: true - name: Run code generation diff --git a/3rdparty/bazel/org_golang/go_tls_max_handshake_size.patch b/3rdparty/bazel/org_golang/go_tls_max_handshake_size.patch index ac2da752f..5370f99e7 100644 --- a/3rdparty/bazel/org_golang/go_tls_max_handshake_size.patch +++ b/3rdparty/bazel/org_golang/go_tls_max_handshake_size.patch @@ -1,11 +1,11 @@ --- src/crypto/tls/common.go +++ src/crypto/tls/common.go -@@ -62,7 +62,7 @@ - maxCiphertext = 16384 + 2048 // maximum ciphertext payload length - maxCiphertextTLS13 = 16384 + 256 // maximum ciphertext length in TLS 1.3 - recordHeaderLen = 5 // record header length -- maxHandshake = 65536 // maximum handshake we support (protocol max is 16 MB) -+ maxHandshake = 262144 // maximum handshake we support (protocol max is 16 MB) - maxUselessRecords = 16 // maximum number of consecutive non-advancing records +@@ -64,7 +64,7 @@ const ( + maxCiphertext = 16384 + 2048 // maximum ciphertext payload length + maxCiphertextTLS13 = 16384 + 256 // maximum ciphertext length in TLS 1.3 + recordHeaderLen = 5 // record header length +- maxHandshake = 65536 // maximum handshake we support (protocol max is 16 MB) ++ maxHandshake = 262144 // maximum handshake we support (protocol max is 16 MB) + maxHandshakeCertificateMsg = 262144 // maximum certificate message size (256 KiB) + maxUselessRecords = 16 // maximum number of consecutive non-advancing records ) - diff --git a/MODULE.bazel b/MODULE.bazel index 7714ff4d6..06ec00167 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -22,7 +22,7 @@ go_sdk = use_extension("@io_bazel_rules_go//go:extensions.bzl", "go_sdk") go_sdk.download( name = "go_sdk", patches = ["//3rdparty/bazel/org_golang:go_tls_max_handshake_size.patch"], - version = "1.22.7", + version = "1.23.2", ) # the use_repo rule needs to list all top-level go dependencies diff --git a/go.mod b/go.mod index d2c20b2f7..79c159828 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/edgelesssys/constellation/v2 -go 1.22.7 +go 1.23.2 // TODO(daniel-weisse): revert after merging https://github.com/martinjungblut/go-cryptsetup/pull/16. replace github.com/martinjungblut/go-cryptsetup => github.com/daniel-weisse/go-cryptsetup v0.0.0-20230705150314-d8c07bd1723c diff --git a/go.work b/go.work index da7888adb..0cf42a018 100644 --- a/go.work +++ b/go.work @@ -1,6 +1,6 @@ -go 1.22.7 +go 1.23.2 -toolchain go1.22.7 +toolchain go1.23.2 use ( . diff --git a/hack/tools/go.mod b/hack/tools/go.mod index 0d95991c5..8a0f16440 100644 --- a/hack/tools/go.mod +++ b/hack/tools/go.mod @@ -1,6 +1,6 @@ module github.com/edgelesssys/constellation/v2/hack/tools -go 1.22 +go 1.23.2 require ( github.com/google/go-licenses v1.6.0 diff --git a/renovate.json5 b/renovate.json5 index 49cc84650..abad4f919 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -103,7 +103,7 @@ }, { "matchDatasources": ["golang-version"], - "allowedVersions": "1.22", + "allowedVersions": "1.23", }, { "matchManagers": ["pip_requirements"], From 8ca8849df686a20108e370b06bfb861be48bad6f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 15 Oct 2024 15:23:31 +0200 Subject: [PATCH 310/380] deps: update module k8s.io/dynamic-resource-allocation to v0.31.1 (#3418) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 79c159828..2b2203bf2 100644 --- a/go.mod +++ b/go.mod @@ -14,7 +14,7 @@ replace ( k8s.io/cloud-provider => k8s.io/cloud-provider v0.31.1 k8s.io/controller-manager => k8s.io/controller-manager v0.31.1 k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.31.1 - k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.30.2 + k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.31.1 k8s.io/endpointslice => k8s.io/endpointslice v0.30.2 k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.31.1 k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.31.1 From cfb3b7011348e45f96cfe8bb98288a8972a8c31a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 15 Oct 2024 16:40:07 +0200 Subject: [PATCH 311/380] deps: update mvdan/gofumpt to v0.7.0 (#3423) * deps: update mvdan/gofumpt to v0.7.0 * deps: tidy all modules --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci --- bazel/toolchains/ci_deps.bzl | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/bazel/toolchains/ci_deps.bzl b/bazel/toolchains/ci_deps.bzl index 1b382be0b..2f2536d7e 100644 --- a/bazel/toolchains/ci_deps.bzl +++ b/bazel/toolchains/ci_deps.bzl @@ -138,42 +138,42 @@ def _gofumpt_deps(): http_file( name = "com_github_mvdan_gofumpt_linux_amd64", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/bdb57c353e2bbc43d2b097bb7289a6e65ef2526787f89316b4b452a9e5086be4", - "https://github.com/mvdan/gofumpt/releases/download/v0.6.0/gofumpt_v0.6.0_linux_amd64", + "https://cdn.confidential.cloud/constellation/cas/sha256/6ff459c1dcae3b0b00844c1a5a4a5b0f547237d8a4f3624aaea8d424aeef24c6", + "https://github.com/mvdan/gofumpt/releases/download/v0.7.0/gofumpt_v0.7.0_linux_amd64", ], executable = True, downloaded_file_path = "gofumpt", - sha256 = "bdb57c353e2bbc43d2b097bb7289a6e65ef2526787f89316b4b452a9e5086be4", + sha256 = "6ff459c1dcae3b0b00844c1a5a4a5b0f547237d8a4f3624aaea8d424aeef24c6", ) http_file( name = "com_github_mvdan_gofumpt_linux_arm64", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/10ff2643b7b4b9425bda7f0ca2d4e54d85b09024fbfd9c21dbfd55017b907965", - "https://github.com/mvdan/gofumpt/releases/download/v0.6.0/gofumpt_v0.6.0_linux_arm64", + "https://cdn.confidential.cloud/constellation/cas/sha256/00c18c88ef50437629626ba20d677f4648684cb280952814cdd887677d42cbd3", + "https://github.com/mvdan/gofumpt/releases/download/v0.7.0/gofumpt_v0.7.0_linux_arm64", ], executable = True, downloaded_file_path = "gofumpt", - sha256 = "10ff2643b7b4b9425bda7f0ca2d4e54d85b09024fbfd9c21dbfd55017b907965", + sha256 = "00c18c88ef50437629626ba20d677f4648684cb280952814cdd887677d42cbd3", ) http_file( name = "com_github_mvdan_gofumpt_darwin_amd64", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/59e6047b3fa2fb65b60cf7f8be9b77cf6b31b428a9a24042ce29e85140868036", - "https://github.com/mvdan/gofumpt/releases/download/v0.6.0/gofumpt_v0.6.0_darwin_amd64", + "https://cdn.confidential.cloud/constellation/cas/sha256/b7d05e092da45c5ec96344ab635b1d6547c3e27c840ba39bc76989934efd7ce3", + "https://github.com/mvdan/gofumpt/releases/download/v0.7.0/gofumpt_v0.7.0_darwin_amd64", ], executable = True, downloaded_file_path = "gofumpt", - sha256 = "59e6047b3fa2fb65b60cf7f8be9b77cf6b31b428a9a24042ce29e85140868036", + sha256 = "b7d05e092da45c5ec96344ab635b1d6547c3e27c840ba39bc76989934efd7ce3", ) http_file( name = "com_github_mvdan_gofumpt_darwin_arm64", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/725f7a922bf3f88bed6818a4553e80554cc5cdb67a72236a01707325aa2dbb7b", - "https://github.com/mvdan/gofumpt/releases/download/v0.6.0/gofumpt_v0.6.0_darwin_arm64", + "https://cdn.confidential.cloud/constellation/cas/sha256/08f23114760a090b090706d92b8c52b9875b9eb352d76c77aa354d6aa20b045a", + "https://github.com/mvdan/gofumpt/releases/download/v0.7.0/gofumpt_v0.7.0_darwin_arm64", ], executable = True, downloaded_file_path = "gofumpt", - sha256 = "725f7a922bf3f88bed6818a4553e80554cc5cdb67a72236a01707325aa2dbb7b", + sha256 = "08f23114760a090b090706d92b8c52b9875b9eb352d76c77aa354d6aa20b045a", ) def _tfsec_deps(): From 5af5c72372504beb39ea48e358e1ccd2f79aa9ec Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 15 Oct 2024 16:40:19 +0200 Subject: [PATCH 312/380] deps: update module k8s.io/endpointslice to v0.31.1 (#3421) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 2b2203bf2..581c43964 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ replace ( k8s.io/controller-manager => k8s.io/controller-manager v0.31.1 k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.31.1 k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.31.1 - k8s.io/endpointslice => k8s.io/endpointslice v0.30.2 + k8s.io/endpointslice => k8s.io/endpointslice v0.31.1 k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.31.1 k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.31.1 k8s.io/kube-proxy => k8s.io/kube-proxy v0.31.1 From c8bf4a8a434d89192c0da6dfee5c0ee60746b92f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 15 Oct 2024 21:29:53 +0200 Subject: [PATCH 313/380] deps: update public.ecr.aws/eks/aws-load-balancer-controller Docker tag to v2.9.1 (#3424) * deps: update public.ecr.aws/eks/aws-load-balancer-controller Docker tag to v2.9.1 * deps: tidy all modules --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci From d3822f8e16262813b187e52fe88286f0fe0cfe48 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Wed, 16 Oct 2024 08:06:50 +0200 Subject: [PATCH 314/380] image: update measurements and image version (#3427) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index 2d14f9c18..bc3d714f6 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xa8, 0xe8, 0xf6, 0xf2, 0x91, 0xa5, 0x18, 0xa6, 0x9f, 0xa9, 0x21, 0x24, 0xb4, 0xcf, 0x70, 0x0d, 0x1c, 0xc0, 0x93, 0xe7, 0x3f, 0xe0, 0xb2, 0x0b, 0xe3, 0xdd, 0x99, 0x1b, 0x58, 0x6b, 0xb5, 0xae}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x02, 0x27, 0x03, 0xe4, 0x76, 0xe9, 0xf8, 0x4c, 0x3b, 0xf3, 0x24, 0xae, 0xac, 0x11, 0x9f, 0xea, 0x2a, 0x14, 0x5b, 0xa3, 0xa4, 0xc3, 0xb3, 0xd7, 0xa5, 0x45, 0xeb, 0xea, 0x0c, 0x63, 0x35, 0xe7}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xc2, 0xe3, 0xc3, 0x9c, 0xdb, 0xc1, 0xc3, 0xbf, 0x03, 0x80, 0x6d, 0x2d, 0xcf, 0x38, 0x9e, 0x82, 0x19, 0x14, 0xed, 0xff, 0x0c, 0x2e, 0x1f, 0x74, 0xba, 0xa2, 0xe6, 0x4d, 0xda, 0x02, 0xc9, 0xf5}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xd7, 0x8c, 0x8a, 0x7c, 0x33, 0x1b, 0x14, 0x85, 0x61, 0xbf, 0xf2, 0x86, 0x8b, 0x4e, 0x5a, 0x9e, 0x3d, 0x4a, 0x4b, 0x0a, 0xe3, 0xe2, 0x66, 0x89, 0x8c, 0x2a, 0x10, 0xaa, 0xb2, 0xca, 0x7a, 0x2d}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x9e, 0x64, 0x16, 0x00, 0x5d, 0x65, 0x36, 0xea, 0x34, 0x98, 0xd9, 0x8f, 0xa9, 0xec, 0x28, 0xf7, 0x4e, 0x35, 0x1d, 0x38, 0x3e, 0xab, 0x13, 0xd8, 0xe7, 0xfb, 0xdd, 0x2b, 0x68, 0xa6, 0xb1, 0x76}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xb6, 0xed, 0x35, 0xba, 0x8a, 0xf8, 0xa8, 0xdb, 0x2b, 0x58, 0x05, 0x60, 0xf2, 0xb9, 0x13, 0xee, 0x3d, 0xc8, 0xe2, 0x72, 0x69, 0xfc, 0xe9, 0x60, 0x0b, 0xbd, 0x0d, 0x75, 0x19, 0x0c, 0x0d, 0xbf}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x7e, 0x4b, 0xd6, 0x61, 0x2e, 0x34, 0x94, 0x25, 0x17, 0x06, 0x12, 0x1b, 0x05, 0x9a, 0x3f, 0x43, 0xf0, 0xc3, 0xc2, 0xf3, 0x23, 0xa5, 0x32, 0xad, 0x49, 0x31, 0x87, 0x95, 0x52, 0x81, 0x9c, 0x0e}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb8, 0xca, 0xc6, 0xa2, 0xc7, 0xe7, 0x5c, 0x86, 0xf0, 0xad, 0xbb, 0x9b, 0xb4, 0x53, 0xb6, 0x54, 0x73, 0xa0, 0x76, 0xee, 0x5b, 0x84, 0xce, 0x9e, 0x96, 0x13, 0x8c, 0x8d, 0x9b, 0x78, 0xf0, 0x34}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xfa, 0xf1, 0x43, 0x98, 0xfe, 0x3d, 0xb9, 0x47, 0xae, 0x34, 0x07, 0x13, 0x0a, 0x42, 0xda, 0xd8, 0xab, 0x25, 0xf6, 0xc7, 0xe1, 0x1a, 0x7b, 0xea, 0x48, 0x2e, 0x04, 0x88, 0xe7, 0xb8, 0xb2, 0xec}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x17, 0xe4, 0xa3, 0xf6, 0x28, 0x7f, 0xed, 0x76, 0xe5, 0xd4, 0xf7, 0x8e, 0xf4, 0x58, 0x6e, 0xf9, 0x65, 0xc7, 0xd8, 0xb4, 0x2e, 0xc0, 0x6d, 0x4e, 0xd0, 0x52, 0x95, 0xe9, 0xd2, 0x3f, 0xee, 0xff}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x9f, 0x3e, 0x84, 0x51, 0x86, 0xab, 0x29, 0x4c, 0x47, 0x8d, 0x0c, 0x3c, 0x34, 0x89, 0xe5, 0x5d, 0x87, 0xb0, 0x5a, 0xd6, 0x78, 0xcc, 0x00, 0x02, 0xfb, 0x73, 0xbf, 0x6a, 0xc0, 0x60, 0xd1, 0x60}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x07, 0xc4, 0x67, 0xb5, 0x43, 0x8c, 0x21, 0x1e, 0x6a, 0xdc, 0x2a, 0xad, 0x84, 0x5c, 0xc9, 0xa3, 0xaa, 0x80, 0x7c, 0x0f, 0xc5, 0xee, 0x59, 0xaf, 0x40, 0xd0, 0x32, 0xee, 0x73, 0x71, 0xc2, 0x5b}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x09, 0xea, 0xf0, 0xd8, 0x9d, 0x8f, 0x9c, 0x2d, 0xec, 0x09, 0xf9, 0xcb, 0xab, 0x27, 0x78, 0x10, 0x82, 0xbd, 0x99, 0x3c, 0xf0, 0x3f, 0x6a, 0x07, 0x83, 0xe7, 0x90, 0x17, 0x6d, 0x55, 0xc7, 0xb4}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x00, 0x45, 0xf0, 0x65, 0x1f, 0x50, 0xf5, 0x95, 0xe0, 0x07, 0xf8, 0x9e, 0xbd, 0xe6, 0x2c, 0x44, 0x6b, 0x1a, 0x6e, 0x08, 0xe5, 0xc7, 0xe8, 0x6b, 0xb5, 0xc3, 0x95, 0x36, 0x3c, 0x3f, 0x82, 0xea}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x1a, 0x8b, 0xe8, 0xc4, 0x4e, 0x6e, 0x89, 0x48, 0x9c, 0x6a, 0x40, 0xb6, 0xb9, 0xef, 0xea, 0x7f, 0xe0, 0xf1, 0x4e, 0x39, 0x2f, 0xd6, 0x16, 0xeb, 0xbd, 0x22, 0x85, 0xc2, 0xa5, 0xa3, 0x6b, 0xaa}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x10, 0xa5, 0x5f, 0x84, 0x4b, 0xe0, 0xbc, 0x14, 0x8f, 0xa9, 0xf7, 0x3f, 0xf1, 0x2b, 0x58, 0x28, 0x5a, 0x52, 0xd8, 0x82, 0x5f, 0x8c, 0x7c, 0xa8, 0xbb, 0x73, 0x1a, 0x51, 0xf9, 0x36, 0x6d, 0x69}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x91, 0xe5, 0x45, 0x0f, 0xb6, 0x78, 0xb2, 0xef, 0x4e, 0x64, 0xfc, 0xa5, 0xc4, 0xc8, 0x46, 0x4d, 0x53, 0xaf, 0xb6, 0x9b, 0x7c, 0xf9, 0x4b, 0x53, 0xcd, 0x7d, 0x5c, 0x04, 0x55, 0x6a, 0x23, 0x2d}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf2, 0x6a, 0x9c, 0x47, 0xfc, 0x3d, 0x95, 0x45, 0x6d, 0x3f, 0x25, 0x76, 0x16, 0xc7, 0x19, 0xb3, 0xd1, 0x6e, 0x38, 0xe0, 0x7c, 0x35, 0xcd, 0x08, 0x10, 0x45, 0x48, 0x5f, 0x7f, 0x50, 0x15, 0x19}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xae, 0xa6, 0x64, 0x81, 0x75, 0x22, 0x4d, 0xa7, 0x67, 0x8d, 0x2e, 0xc5, 0xa6, 0x8d, 0xd7, 0x80, 0x25, 0xdc, 0x84, 0x2f, 0x62, 0xdb, 0x45, 0x9c, 0x47, 0x12, 0x7a, 0xe5, 0x43, 0x44, 0x97, 0xdf}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x70, 0xeb, 0x13, 0xcc, 0xe6, 0x8f, 0x9d, 0x35, 0x7f, 0xc7, 0x4f, 0x01, 0x70, 0x5f, 0xaf, 0xe4, 0x90, 0xdf, 0x26, 0x96, 0xa0, 0x20, 0x8b, 0x7b, 0xcf, 0x26, 0xde, 0x90, 0x5f, 0x33, 0xb7, 0x79}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xad, 0xe1, 0xab, 0x61, 0xdb, 0x21, 0x18, 0x56, 0x24, 0x77, 0xcb, 0x84, 0x83, 0x2e, 0xa0, 0xf1, 0x7b, 0xb0, 0xfe, 0xe0, 0xe2, 0x02, 0x08, 0xbf, 0x18, 0x1b, 0x1f, 0x69, 0x17, 0x3f, 0x33, 0x1a}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xe1, 0x18, 0x41, 0x40, 0x75, 0x2b, 0x23, 0x80, 0xfd, 0xb8, 0x8e, 0x9e, 0xce, 0x82, 0x7d, 0xed, 0x05, 0x9f, 0x57, 0x77, 0x65, 0x3c, 0x6d, 0x5b, 0x5c, 0xfb, 0xb1, 0x1c, 0x3a, 0x2d, 0x36, 0x92}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xec, 0x1f, 0xd0, 0xe9, 0xfc, 0xd7, 0x0e, 0xdf, 0x63, 0xd1, 0x81, 0xd1, 0x3a, 0x1e, 0xcc, 0xda, 0xa3, 0x32, 0x1a, 0x72, 0x8d, 0xbb, 0x86, 0xdf, 0x34, 0xd0, 0xb2, 0xa7, 0x09, 0x29, 0x86, 0x6b}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x9d, 0xf2, 0x27, 0x9b, 0x9b, 0x9f, 0xe8, 0x07, 0x07, 0x06, 0xb7, 0x81, 0xee, 0x09, 0xb3, 0x1f, 0xc8, 0x96, 0xdd, 0x3a, 0xa1, 0x09, 0xe4, 0xf2, 0x05, 0x13, 0xe8, 0x9b, 0x00, 0x27, 0xa9, 0x31}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x10, 0x80, 0x83, 0x7b, 0xfc, 0xdc, 0xc8, 0x28, 0xb6, 0xc6, 0xe4, 0xf1, 0x47, 0x82, 0xb8, 0x3b, 0xa3, 0x70, 0x03, 0x15, 0x70, 0x99, 0xf6, 0x6f, 0x2c, 0x2b, 0x3b, 0x77, 0x86, 0x82, 0x75, 0xc7}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x8c, 0x80, 0xe1, 0xf5, 0xf8, 0x09, 0x3e, 0xec, 0x18, 0x63, 0xaf, 0x26, 0xe4, 0xf8, 0x64, 0x2a, 0x70, 0x2a, 0xb8, 0xe2, 0x4c, 0xe1, 0x88, 0x12, 0x75, 0x43, 0x79, 0x84, 0x80, 0x06, 0xfa, 0xb5}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x98, 0x4d, 0xda, 0xe9, 0x89, 0xdb, 0x9d, 0x44, 0xe1, 0x96, 0xc4, 0x66, 0x75, 0x60, 0x58, 0x9a, 0xd3, 0x06, 0x75, 0x53, 0x2c, 0x3c, 0x10, 0x9e, 0xe4, 0xff, 0x06, 0xfb, 0x4c, 0x83, 0x69, 0x79}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xff, 0x25, 0x76, 0x0d, 0x7e, 0x2e, 0xdb, 0x2a, 0xd3, 0x3c, 0xa5, 0xac, 0xef, 0x48, 0x58, 0xaa, 0xd2, 0xe9, 0xa9, 0x9f, 0x7c, 0xae, 0x40, 0xc3, 0x2e, 0x47, 0x4a, 0x83, 0x42, 0xb1, 0x7a, 0x2c}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x35, 0x8c, 0x7b, 0xa9, 0xfd, 0x5e, 0xeb, 0xb2, 0xf4, 0x08, 0x10, 0xe2, 0x39, 0xf3, 0x02, 0xe8, 0x2d, 0x61, 0xf6, 0xaa, 0x35, 0x11, 0x12, 0xb6, 0x75, 0x86, 0x28, 0xc8, 0xb3, 0x3c, 0xa9, 0x71}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x14, 0xfc, 0xa5, 0xbb, 0xa4, 0x2d, 0xf1, 0xd5, 0xb5, 0x63, 0x2d, 0xe9, 0x29, 0x28, 0x4b, 0x15, 0xce, 0x88, 0x86, 0xe7, 0x94, 0x32, 0xc1, 0x0f, 0x5c, 0x4d, 0xa3, 0xae, 0x94, 0x10, 0x5e, 0xc6}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0xcb, 0xf0, 0x9b, 0x4d, 0x2c, 0xe9, 0x9d, 0xe4, 0x14, 0x27, 0x53, 0x9c, 0xd8, 0x19, 0x62, 0x5b, 0xc9, 0x9c, 0x29, 0x48, 0xf8, 0x5c, 0xe6, 0x9b, 0xd9, 0x8a, 0x7b, 0x28, 0x0c, 0x78, 0x5b, 0xfa}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x49, 0x61, 0x9d, 0x6a, 0x97, 0x12, 0x90, 0xba, 0x2a, 0x2b, 0x43, 0x27, 0x91, 0xe7, 0x45, 0x51, 0xc1, 0xf6, 0xae, 0xa5, 0xa4, 0x7b, 0x7c, 0xcf, 0xba, 0xab, 0x98, 0xea, 0xc3, 0x5a, 0x4d, 0x12}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x5d, 0xf4, 0xd7, 0x09, 0xad, 0xc1, 0x72, 0x72, 0xc7, 0x1a, 0x4b, 0xbd, 0x4d, 0x8b, 0xce, 0xb3, 0x44, 0x3f, 0x82, 0x32, 0x9a, 0xae, 0xbb, 0x9b, 0xa8, 0x06, 0x5e, 0xb6, 0x20, 0x24, 0x3a, 0xfb}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xdb, 0x1b, 0xea, 0x96, 0xcc, 0x96, 0x8f, 0xe0, 0xcc, 0xdb, 0x71, 0xb7, 0xf7, 0xfd, 0xbf, 0xe4, 0x1f, 0xfe, 0x2c, 0x02, 0x66, 0xc2, 0x20, 0xcc, 0x4f, 0x24, 0xfc, 0x1b, 0xf6, 0x84, 0x4a, 0x7f}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x9f, 0xd2, 0x63, 0xef, 0xd2, 0x54, 0x5d, 0x6c, 0x87, 0x8d, 0xa3, 0x57, 0xe0, 0xb6, 0x4b, 0xb2, 0xb8, 0x51, 0x1d, 0xf2, 0x4d, 0x32, 0x20, 0xc2, 0xde, 0x14, 0x86, 0x84, 0x90, 0xd9, 0x25, 0xf6}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x61, 0xa0, 0x21, 0x24, 0xde, 0x47, 0xb0, 0xdb, 0xe7, 0xf3, 0xd6, 0x1e, 0xe1, 0xc8, 0xc2, 0x9f, 0xea, 0xa9, 0x35, 0xbd, 0xa9, 0x54, 0x05, 0x3b, 0xcc, 0x89, 0x7c, 0xe6, 0x98, 0x48, 0xde, 0xc3}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x1a, 0x30, 0xa0, 0x1f, 0x5e, 0x60, 0xa0, 0x8e, 0xc7, 0x15, 0x1b, 0x95, 0x8b, 0x92, 0x22, 0xc0, 0x11, 0x9d, 0xbb, 0xcf, 0xd5, 0x6d, 0x40, 0x77, 0x3f, 0x5d, 0xca, 0xf9, 0xb5, 0x69, 0xda, 0x1f}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x1d, 0x6e, 0x0c, 0xdd, 0x5f, 0x52, 0xde, 0x48, 0xe8, 0x85, 0x92, 0x85, 0xec, 0x92, 0xa2, 0x9f, 0x01, 0xfa, 0xb6, 0x0b, 0x9c, 0x3b, 0x3e, 0x93, 0xa2, 0x4a, 0x51, 0x72, 0x6a, 0x97, 0xb4, 0x43}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xed, 0xe6, 0xd1, 0xab, 0x71, 0x85, 0xcc, 0x84, 0xec, 0x9b, 0xf3, 0xcb, 0x73, 0xe8, 0x57, 0x61, 0xf1, 0x8c, 0x05, 0x16, 0x4d, 0x3e, 0x20, 0xa6, 0x92, 0xeb, 0xdf, 0xeb, 0x5a, 0xc5, 0xc4, 0x14}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0xf4, 0xad, 0x00, 0x7e, 0xf9, 0x6b, 0x97, 0x5a, 0x64, 0x23, 0x4f, 0xc8, 0x4b, 0x02, 0x51, 0x28, 0x99, 0xf0, 0x48, 0xc7, 0x0b, 0x21, 0x0e, 0xf6, 0xe3, 0x36, 0x1c, 0xa1, 0x77, 0x9a, 0x4b, 0x9b}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x1a, 0xd1, 0x08, 0xdd, 0x06, 0x0d, 0xe3, 0x2a, 0x74, 0x6e, 0x30, 0x97, 0x8e, 0xc5, 0x85, 0x2c, 0xef, 0xb5, 0x19, 0xd5, 0xb1, 0xfa, 0xe8, 0x9f, 0xa2, 0xa1, 0x89, 0x83, 0x46, 0xbc, 0xb0, 0x3f}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x29, 0x50, 0x0c, 0x7a, 0x69, 0x92, 0xc0, 0xda, 0xd0, 0x5b, 0x92, 0xe1, 0xbe, 0x9d, 0x35, 0x60, 0x78, 0x62, 0xe4, 0x3b, 0x14, 0x8e, 0x75, 0x91, 0xb7, 0x0c, 0x60, 0x2c, 0x56, 0xa4, 0x7f, 0xb0}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0xbf, 0xe7, 0xdb, 0x41, 0xdf, 0xab, 0xcc, 0xac, 0xed, 0x51, 0x12, 0x66, 0x1b, 0xb0, 0xae, 0x36, 0x8a, 0x0f, 0x91, 0xfb, 0xc5, 0x46, 0x31, 0x1e, 0xd6, 0x35, 0xde, 0x00, 0x26, 0x25, 0x0d, 0x63}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb4, 0x83, 0xb2, 0xe1, 0x4d, 0xbd, 0x9d, 0x5c, 0x27, 0x08, 0xe0, 0x53, 0xc1, 0x18, 0x57, 0x31, 0x55, 0xd8, 0xed, 0xc0, 0xa2, 0x6f, 0xe1, 0x34, 0xcd, 0x35, 0x47, 0x2c, 0xa9, 0x93, 0x6b, 0x84}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa1, 0x17, 0x4d, 0x0a, 0xcc, 0xcb, 0x7d, 0x1f, 0xdc, 0x00, 0xa4, 0xc4, 0x57, 0x21, 0x24, 0xf2, 0x29, 0x89, 0xbf, 0x15, 0x35, 0xe5, 0x6c, 0x84, 0x0e, 0xdd, 0x74, 0x06, 0x0a, 0x63, 0xd7, 0x5b}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0x16, 0xe3, 0x3e, 0xdf, 0x4c, 0x78, 0xb6, 0xe7, 0x3e, 0x69, 0x31, 0x5f, 0x90, 0xfa, 0x20, 0x56, 0x91, 0x62, 0xc4, 0xbd, 0x5d, 0x29, 0xdb, 0x26, 0x36, 0x74, 0x95, 0xa2, 0x98, 0x8f, 0x64, 0x6a}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x62, 0x18, 0x62, 0x41, 0xfd, 0x6f, 0x3b, 0x64, 0xb7, 0x15, 0x13, 0x84, 0x77, 0x97, 0xdb, 0xe1, 0x25, 0x58, 0x5c, 0x47, 0x1b, 0x37, 0xcd, 0xf1, 0xde, 0x14, 0x14, 0x21, 0xaa, 0xac, 0xaa, 0x29}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x16, 0xeb, 0x96, 0xc5, 0xfe, 0xd0, 0x51, 0x38, 0x84, 0x91, 0x03, 0x57, 0x55, 0xa5, 0x33, 0x5f, 0xf4, 0xc2, 0xe7, 0x90, 0x22, 0x26, 0xae, 0xd8, 0x88, 0x24, 0x16, 0xf6, 0x6f, 0x9f, 0x4e, 0x63}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index c560497cc..dbbc295a7 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.19.0-pre.0.20241009121610-ac26c80a909d" + defaultImage = "ref/main/stream/nightly/v2.19.0-pre.0.20241015212953-c8bf4a8a434d" ) From e27d80fa02b23ce8e2bd7643297d303519b51381 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 16 Oct 2024 10:28:37 +0200 Subject: [PATCH 315/380] deps: update dependency containernetworking/plugins to v1.6.0 (#3420) Co-authored-by: Leonard Cohnen --- internal/versions/versions.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/internal/versions/versions.go b/internal/versions/versions.go index a370f03c6..64885a0ca 100644 --- a/internal/versions/versions.go +++ b/internal/versions/versions.go @@ -201,8 +201,8 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ ClusterVersion: "v1.28.14", // renovate:kubernetes-release KubernetesComponents: components.Components{ { - Url: "https://github.com/containernetworking/plugins/releases/download/v1.5.1/cni-plugins-linux-amd64-v1.5.1.tgz", // renovate:cni-plugins-release - Hash: "sha256:77baa2f669980a82255ffa2f2717de823992480271ee778aa51a9c60ae89ff9b", + Url: "https://github.com/containernetworking/plugins/releases/download/v1.6.0/cni-plugins-linux-amd64-v1.6.0.tgz", // renovate:cni-plugins-release + Hash: "sha256:682b49ff8933a997a52107161f1745f8312364b4c7f605ccdf7a77499130d89d", InstallPath: constants.CniPluginsDir, Extract: true, }, @@ -268,8 +268,8 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ ClusterVersion: "v1.29.9", // renovate:kubernetes-release KubernetesComponents: components.Components{ { - Url: "https://github.com/containernetworking/plugins/releases/download/v1.5.1/cni-plugins-linux-amd64-v1.5.1.tgz", // renovate:cni-plugins-release - Hash: "sha256:77baa2f669980a82255ffa2f2717de823992480271ee778aa51a9c60ae89ff9b", + Url: "https://github.com/containernetworking/plugins/releases/download/v1.6.0/cni-plugins-linux-amd64-v1.6.0.tgz", // renovate:cni-plugins-release + Hash: "sha256:682b49ff8933a997a52107161f1745f8312364b4c7f605ccdf7a77499130d89d", InstallPath: constants.CniPluginsDir, Extract: true, }, @@ -335,8 +335,8 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ ClusterVersion: "v1.30.5", // renovate:kubernetes-release KubernetesComponents: components.Components{ { - Url: "https://github.com/containernetworking/plugins/releases/download/v1.5.1/cni-plugins-linux-amd64-v1.5.1.tgz", // renovate:cni-plugins-release - Hash: "sha256:77baa2f669980a82255ffa2f2717de823992480271ee778aa51a9c60ae89ff9b", + Url: "https://github.com/containernetworking/plugins/releases/download/v1.6.0/cni-plugins-linux-amd64-v1.6.0.tgz", // renovate:cni-plugins-release + Hash: "sha256:682b49ff8933a997a52107161f1745f8312364b4c7f605ccdf7a77499130d89d", InstallPath: constants.CniPluginsDir, Extract: true, }, From dd73c4ce5fa90ff11fa9dd676baca0b15fda0eec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Wed, 16 Oct 2024 10:54:53 +0200 Subject: [PATCH 316/380] ci: enable Teams mentions for burgerdev (#3422) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Enable Teams mentions for burgerdev * Add instructions on how to update notify_teams assignees --------- Signed-off-by: Daniel Weiße --- .github/actions/notify_teams/README.md | 27 +++++++++++++++++++ .github/actions/notify_teams/action.yml | 2 +- .../notify_teams}/teams_payload_template.json | 10 ++++++- 3 files changed, 37 insertions(+), 2 deletions(-) create mode 100644 .github/actions/notify_teams/README.md rename .github/{ => actions/notify_teams}/teams_payload_template.json (93%) diff --git a/.github/actions/notify_teams/README.md b/.github/actions/notify_teams/README.md new file mode 100644 index 000000000..5fb6d724b --- /dev/null +++ b/.github/actions/notify_teams/README.md @@ -0,0 +1,27 @@ +# notify Teams action + +This action is used to send a message to our Teams channel in case of a failure in the CI/CD pipeline. +The action will automatically choose an engineer to assign to the issue and tag them in the message. + +Engineers are identified by their GitHub username and bound to a Microsoft Teams ID in `.attachments[0].content.msteams.entities`. +To add a new engineer, add a new entry to the entity list in the format: + +```json +{ + "type": "mention", + "text": "${github_username}", + "mentioned": { + "id": "${msteams_id}", + "name": "${name}" + } +} +``` + +Where `${github_username}` is the GitHub username of the engineer, `${msteams_id}` is the Microsoft Teams ID of the engineer, and `${name}` is the name of the engineer. +To find the Microsoft Teams ID use the following command: + +```bash +az ad user show --id ${email} --query id +``` + +Where `${email}` is the email address of the engineer. diff --git a/.github/actions/notify_teams/action.yml b/.github/actions/notify_teams/action.yml index 956a3a889..e94a266a9 100644 --- a/.github/actions/notify_teams/action.yml +++ b/.github/actions/notify_teams/action.yml @@ -25,7 +25,7 @@ runs: continue-on-error: true shell: bash run: | - cp .github/teams_payload_template.json teams_payload.json + cp .github/actions/notify_teams/teams_payload_template.json teams_payload.json # Add workflow name to the notification yq -oj -iP '.attachments[0].content.body[0].columns[1].items[0].text = "${{ inputs.title }}"' teams_payload.json diff --git a/.github/teams_payload_template.json b/.github/actions/notify_teams/teams_payload_template.json similarity index 93% rename from .github/teams_payload_template.json rename to .github/actions/notify_teams/teams_payload_template.json index 1b29657ae..fbef4d36e 100644 --- a/.github/teams_payload_template.json +++ b/.github/actions/notify_teams/teams_payload_template.json @@ -1,5 +1,5 @@ { - "type": "message", + "type": "AdaptiveCard", "attachments": [ { "contentType": "application/vnd.microsoft.card.adaptive", @@ -58,6 +58,14 @@ "id": "a9a34611-9a38-4c00-a8a2-f87d94c2bf7d", "name": "Otto Bittner" } + }, + { + "type": "mention", + "text": "burgerdev", + "mentioned": { + "id": "c9efc581-58ca-4da6-93ce-79f69f89deeb", + "name": "Markus Rudy" + } } ] }, From 9733dc0cd5cb02394f94438ef32fb8511528d61f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 16 Oct 2024 11:51:48 +0200 Subject: [PATCH 317/380] deps: update dependency aspect_bazel_lib to v2.9.2 (#3428) * deps: update dependency aspect_bazel_lib to v2.9.2 * deps: tidy all modules --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci --- MODULE.bazel | 2 +- MODULE.bazel.lock | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/MODULE.bazel b/MODULE.bazel index 06ec00167..8c562be5c 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -1,6 +1,6 @@ module(name = "constellation") -bazel_dep(name = "aspect_bazel_lib", version = "2.9.1") +bazel_dep(name = "aspect_bazel_lib", version = "2.9.2") bazel_lib = use_extension("@aspect_bazel_lib//lib:extensions.bzl", "toolchains") bazel_lib.yq() diff --git a/MODULE.bazel.lock b/MODULE.bazel.lock index e5c3033fc..169708d77 100644 --- a/MODULE.bazel.lock +++ b/MODULE.bazel.lock @@ -9,8 +9,8 @@ "https://bcr.bazel.build/modules/abseil-cpp/20230802.0.bcr.1/source.json": "14892cc698e02ffedf4967546e6bedb7245015906888d3465fcf27c90a26da10", "https://bcr.bazel.build/modules/apple_support/1.5.0/MODULE.bazel": "50341a62efbc483e8a2a6aec30994a58749bd7b885e18dd96aa8c33031e558ef", "https://bcr.bazel.build/modules/apple_support/1.5.0/source.json": "eb98a7627c0bc486b57f598ad8da50f6625d974c8f723e9ea71bd39f709c9862", - "https://bcr.bazel.build/modules/aspect_bazel_lib/2.9.1/MODULE.bazel": "39517c00a97118e7924786cd9b6fde80016386dee741d40fd9497b80d93c9b54", - "https://bcr.bazel.build/modules/aspect_bazel_lib/2.9.1/source.json": "5c98d61e7ed023a391c83e22e0a1c3576b84de57e75403f47fabc3ff62d05db4", + "https://bcr.bazel.build/modules/aspect_bazel_lib/2.9.2/MODULE.bazel": "4fae9c767526c17460c9d6e5731b09fdcab37b1322d6454acc137ac6d311e5b6", + "https://bcr.bazel.build/modules/aspect_bazel_lib/2.9.2/source.json": "cc829976e1b827bf3ef5ab682177a93c486c979a67a6b02dd0888e56486ed8ad", "https://bcr.bazel.build/modules/bazel_features/1.1.0/MODULE.bazel": "cfd42ff3b815a5f39554d97182657f8c4b9719568eb7fded2b9135f084bf760b", "https://bcr.bazel.build/modules/bazel_features/1.1.1/MODULE.bazel": "27b8c79ef57efe08efccbd9dd6ef70d61b4798320b8d3c134fd571f78963dbcd", "https://bcr.bazel.build/modules/bazel_features/1.11.0/MODULE.bazel": "f9382337dd5a474c3b7d334c2f83e50b6eaedc284253334cf823044a26de03e8", @@ -145,8 +145,8 @@ }, "@@aspect_bazel_lib~//lib:extensions.bzl%toolchains": { "general": { - "bzlTransitiveDigest": "yyY+Nqn2Av7FUwQTgny5DHp29J+m79HFU9SzEcD/xrU=", - "usagesDigest": "XZr2pcdE0zJUlhdsIIrP/CtOyKxqYeuN3dVk8N/a5q8=", + "bzlTransitiveDigest": "r7IIh4EKfqAOVGQAdB5/k5x8zTeExJ6xqLXx7uQWmGY=", + "usagesDigest": "aoONKG8ntNqVDaeBrxx1FAyWm9wN+IrEpVk/Uz9EdMg=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, @@ -812,7 +812,7 @@ "@@platforms//host:extension.bzl%host_platform": { "general": { "bzlTransitiveDigest": "xelQcPZH8+tmuOHVjL9vDxMnnQNMlwj0SlvgoqBkm4U=", - "usagesDigest": "CTnaZGZxcnBcmQnD3YRFsLnLu0IwUQcvRGTfRDzNiVw=", + "usagesDigest": "QZFAJ0VIiJ5mGILpZn9r+TAbKxQ8T11/C+hyok0m2lU=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, From 2e2dd855b5eeff4d017249cc30648cfc74f0f452 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 16 Oct 2024 16:07:41 +0200 Subject: [PATCH 318/380] deps: update registry.k8s.io/sig-storage/snapshot-controller Docker tag to v8.1.0 (#3430) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .../charts/edgeless/csi/charts/snapshot-controller/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-controller/values.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-controller/values.yaml index 32b86216b..308ae0f6c 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-controller/values.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-controller/values.yaml @@ -3,7 +3,7 @@ snapshotController: snapshotController: image: repository: registry.k8s.io/sig-storage/snapshot-controller - tag: v8.0.1@sha256:32b8e4254751c9935c796e6e5c07fe804250bd5032ab78f7133a00f75d504596 + tag: v8.1.0@sha256:a8a6749641849a6d7e560d26647e88dbd605a75cbff1823568ab90287ea29038 imagePullPolicy: IfNotPresent snapshotWebhook: replicas: 1 From 8813a1ab04d597a7235ba5248bb6b3d87c56d56e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 16 Oct 2024 17:06:06 +0200 Subject: [PATCH 319/380] deps: update registry.k8s.io/sig-storage/snapshot-validation-webhook Docker tag to v8.1.0 (#3431) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .../charts/edgeless/csi/charts/snapshot-controller/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-controller/values.yaml b/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-controller/values.yaml index 308ae0f6c..b03a97492 100644 --- a/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-controller/values.yaml +++ b/internal/constellation/helm/charts/edgeless/csi/charts/snapshot-controller/values.yaml @@ -10,5 +10,5 @@ snapshotWebhook: webhook: image: repository: registry.k8s.io/sig-storage/snapshot-validation-webhook - tag: v8.0.1@sha256:7f058f8b3faac68d93c0abf2b97532820ec8ffff944f5919ce7039506ca24cbd + tag: v8.1.0@sha256:35fa940f062222dfa3257e0c74837a22c35976be899bab6103b433bab0e03a81 imagePullPolicy: IfNotPresent From 357e4366ffb7abbf43a9c2aeb1e25a2582e9cff6 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 16 Oct 2024 17:06:41 +0200 Subject: [PATCH 320/380] deps: update public.ecr.aws/eks/aws-load-balancer-controller Docker tag to v2.9.1 (#3426) * deps: update public.ecr.aws/eks/aws-load-balancer-controller Docker tag to v2.9.1 * deps: tidy all modules --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci From 36f8beb3dfd7ed6e81087f39ce820beafa04314e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 16 Oct 2024 17:07:37 +0200 Subject: [PATCH 321/380] deps: update quay.io/medik8s/node-maintenance-operator Docker tag to v0.17.0 (#3425) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- internal/versions/versions.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/versions/versions.go b/internal/versions/versions.go index 64885a0ca..a181b79bb 100644 --- a/internal/versions/versions.go +++ b/internal/versions/versions.go @@ -171,7 +171,7 @@ const ( // Check for new versions at https://github.com/GoogleCloudPlatform/guest-agent/releases and update in /.github/workflows/build-gcp-guest-agent.yml. GcpGuestImage = "ghcr.io/edgelesssys/gcp-guest-agent:v20240816.0.0@sha256:a6f871346da12d95a1961cb247343ccaa708039f49999ce56d00e35f3f701b97" // renovate:container // NodeMaintenanceOperatorImage is the image for the node maintenance operator. - NodeMaintenanceOperatorImage = "quay.io/medik8s/node-maintenance-operator:v0.15.0@sha256:8cb8dad93283268282c30e75c68f4bd76b28def4b68b563d2f9db9c74225d634" // renovate:container + NodeMaintenanceOperatorImage = "quay.io/medik8s/node-maintenance-operator:v0.17.0@sha256:bf1c5758b3d266dd6234422d156c67ffdd47f50f70ce17d5cef1de6065030337" // renovate:container // LogstashImage is the container image of logstash, used for log collection by debugd. LogstashImage = "ghcr.io/edgelesssys/constellation/logstash-debugd:v2.17.0-pre.0.20240627193502-8aed4bb0fe45@sha256:d6c5a06049e5c1b9d7ba4b83367fa0c06ba2d1b65e1d299f3e00f465f310642b" // renovate:container // FilebeatImage is the container image of filebeat, used for log collection by debugd. From 24af06b02f1a9cf3baa8db1144e948f15374c1c6 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 16 Oct 2024 17:35:51 +0200 Subject: [PATCH 322/380] deps: update Go dependencies (#3411) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * deps: update Go dependencies * bazel: force Gazelle generation for xDS xDS has an upstream set of build files that makes Gazelle consider their project a whole new Bazel project, which makes Gazelle not generate any build files, even though the upstream ones aren't valid. See https://github.com/cncf/xds/issues/104. * go: update cel.dev/expr for Bazel fixes cel.dev/expr had some upstream Bazel fixes in v0.16.2 without which Gazelle doesn't work. * chore: generate * e2e: remove references to kubeProxyVersion kubeProxyVersion is deprecated as of KEP-4004. It was never being set to an accurate value before, and we only used it in the e2e test, so removing the additional check should not hurt here. See https://github.com/kubernetes/enhancements/tree/master/keps/sig-network/4004-deprecate-kube-proxy-version * constellation-node-operator: use typed rate-limiter The untyped rate-limiter was deprecated in favor of a generic one that can just be instantiated to `any` to achieve the previous behaviour. * Advertise ALPN settings in NextProtos required by gRPC Signed-off-by: Daniel Weiße * atls: add nextProtos nextProtos (for ALPN) is now required by gRPC, so add it. * go: add cri-client replace * deps: tidy all modules --------- Signed-off-by: Daniel Weiße Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Daniel Weiße Co-authored-by: edgelessci --- MODULE.bazel | 7 + bootstrapper/initproto/init.pb.go | 136 +-- debugd/service/debugd.pb.go | 290 ++----- disk-mapper/recoverproto/recover.pb.go | 48 +- e2e/internal/upgrade/upgrade.go | 5 - go.mod | 266 +++--- go.sum | 792 +++++++----------- hack/tools/go.mod | 27 +- hack/tools/go.sum | 54 +- internal/atls/atls.go | 2 + .../helm/charts/coredns/values.yaml | 2 +- internal/versions/components/components.pb.go | 26 +- internal/versions/versions.go | 6 +- joinservice/joinproto/join.pb.go | 114 +-- keyservice/keyserviceproto/keyservice.pb.go | 48 +- .../internal/executor/executor.go | 2 +- upgrade-agent/upgradeproto/upgrade.pb.go | 48 +- verify/verifyproto/verify.pb.go | 48 +- 18 files changed, 646 insertions(+), 1275 deletions(-) diff --git a/MODULE.bazel b/MODULE.bazel index 8c562be5c..295161da1 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -193,3 +193,10 @@ go_deps.module_override( ], path = "github.com/google/go-tpm-tools", ) + +# TODO(msanft): +# Remove once https://github.com/cncf/xds/issues/104 is resolved +go_deps.gazelle_override( + build_file_generation = "on", + path = "github.com/cncf/xds/go", +) diff --git a/bootstrapper/initproto/init.pb.go b/bootstrapper/initproto/init.pb.go index 3d8ca44c4..b745471ce 100644 --- a/bootstrapper/initproto/init.pb.go +++ b/bootstrapper/initproto/init.pb.go @@ -1,6 +1,6 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.34.2 +// protoc-gen-go v1.35.1 // protoc v5.27.0 // source: bootstrapper/initproto/init.proto @@ -44,11 +44,9 @@ type InitRequest struct { func (x *InitRequest) Reset() { *x = InitRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_bootstrapper_initproto_init_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_bootstrapper_initproto_init_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *InitRequest) String() string { @@ -59,7 +57,7 @@ func (*InitRequest) ProtoMessage() {} func (x *InitRequest) ProtoReflect() protoreflect.Message { mi := &file_bootstrapper_initproto_init_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -159,11 +157,9 @@ type InitResponse struct { func (x *InitResponse) Reset() { *x = InitResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_bootstrapper_initproto_init_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_bootstrapper_initproto_init_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *InitResponse) String() string { @@ -174,7 +170,7 @@ func (*InitResponse) ProtoMessage() {} func (x *InitResponse) ProtoReflect() protoreflect.Message { mi := &file_bootstrapper_initproto_init_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -251,11 +247,9 @@ type InitSuccessResponse struct { func (x *InitSuccessResponse) Reset() { *x = InitSuccessResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_bootstrapper_initproto_init_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_bootstrapper_initproto_init_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *InitSuccessResponse) String() string { @@ -266,7 +260,7 @@ func (*InitSuccessResponse) ProtoMessage() {} func (x *InitSuccessResponse) ProtoReflect() protoreflect.Message { mi := &file_bootstrapper_initproto_init_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -312,11 +306,9 @@ type InitFailureResponse struct { func (x *InitFailureResponse) Reset() { *x = InitFailureResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_bootstrapper_initproto_init_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_bootstrapper_initproto_init_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *InitFailureResponse) String() string { @@ -327,7 +319,7 @@ func (*InitFailureResponse) ProtoMessage() {} func (x *InitFailureResponse) ProtoReflect() protoreflect.Message { mi := &file_bootstrapper_initproto_init_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -359,11 +351,9 @@ type LogResponseType struct { func (x *LogResponseType) Reset() { *x = LogResponseType{} - if protoimpl.UnsafeEnabled { - mi := &file_bootstrapper_initproto_init_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_bootstrapper_initproto_init_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *LogResponseType) String() string { @@ -374,7 +364,7 @@ func (*LogResponseType) ProtoMessage() {} func (x *LogResponseType) ProtoReflect() protoreflect.Message { mi := &file_bootstrapper_initproto_init_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -409,11 +399,9 @@ type KubernetesComponent struct { func (x *KubernetesComponent) Reset() { *x = KubernetesComponent{} - if protoimpl.UnsafeEnabled { - mi := &file_bootstrapper_initproto_init_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_bootstrapper_initproto_init_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *KubernetesComponent) String() string { @@ -424,7 +412,7 @@ func (*KubernetesComponent) ProtoMessage() {} func (x *KubernetesComponent) ProtoReflect() protoreflect.Message { mi := &file_bootstrapper_initproto_init_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -588,80 +576,6 @@ func file_bootstrapper_initproto_init_proto_init() { if File_bootstrapper_initproto_init_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_bootstrapper_initproto_init_proto_msgTypes[0].Exporter = func(v any, i int) any { - switch v := v.(*InitRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_bootstrapper_initproto_init_proto_msgTypes[1].Exporter = func(v any, i int) any { - switch v := v.(*InitResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_bootstrapper_initproto_init_proto_msgTypes[2].Exporter = func(v any, i int) any { - switch v := v.(*InitSuccessResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_bootstrapper_initproto_init_proto_msgTypes[3].Exporter = func(v any, i int) any { - switch v := v.(*InitFailureResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_bootstrapper_initproto_init_proto_msgTypes[4].Exporter = func(v any, i int) any { - switch v := v.(*LogResponseType); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_bootstrapper_initproto_init_proto_msgTypes[5].Exporter = func(v any, i int) any { - switch v := v.(*KubernetesComponent); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } file_bootstrapper_initproto_init_proto_msgTypes[1].OneofWrappers = []any{ (*InitResponse_InitSuccess)(nil), (*InitResponse_InitFailure)(nil), diff --git a/debugd/service/debugd.pb.go b/debugd/service/debugd.pb.go index ea419f367..13bf3606b 100644 --- a/debugd/service/debugd.pb.go +++ b/debugd/service/debugd.pb.go @@ -1,6 +1,6 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.34.2 +// protoc-gen-go v1.35.1 // protoc v5.27.0 // source: debugd/service/debugd.proto @@ -181,11 +181,9 @@ type SetInfoRequest struct { func (x *SetInfoRequest) Reset() { *x = SetInfoRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_debugd_service_debugd_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_debugd_service_debugd_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *SetInfoRequest) String() string { @@ -196,7 +194,7 @@ func (*SetInfoRequest) ProtoMessage() {} func (x *SetInfoRequest) ProtoReflect() protoreflect.Message { mi := &file_debugd_service_debugd_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -228,11 +226,9 @@ type SetInfoResponse struct { func (x *SetInfoResponse) Reset() { *x = SetInfoResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_debugd_service_debugd_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_debugd_service_debugd_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *SetInfoResponse) String() string { @@ -243,7 +239,7 @@ func (*SetInfoResponse) ProtoMessage() {} func (x *SetInfoResponse) ProtoReflect() protoreflect.Message { mi := &file_debugd_service_debugd_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -273,11 +269,9 @@ type GetInfoRequest struct { func (x *GetInfoRequest) Reset() { *x = GetInfoRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_debugd_service_debugd_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_debugd_service_debugd_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *GetInfoRequest) String() string { @@ -288,7 +282,7 @@ func (*GetInfoRequest) ProtoMessage() {} func (x *GetInfoRequest) ProtoReflect() protoreflect.Message { mi := &file_debugd_service_debugd_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -313,11 +307,9 @@ type GetInfoResponse struct { func (x *GetInfoResponse) Reset() { *x = GetInfoResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_debugd_service_debugd_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_debugd_service_debugd_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *GetInfoResponse) String() string { @@ -328,7 +320,7 @@ func (*GetInfoResponse) ProtoMessage() {} func (x *GetInfoResponse) ProtoReflect() protoreflect.Message { mi := &file_debugd_service_debugd_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -361,11 +353,9 @@ type Info struct { func (x *Info) Reset() { *x = Info{} - if protoimpl.UnsafeEnabled { - mi := &file_debugd_service_debugd_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_debugd_service_debugd_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Info) String() string { @@ -376,7 +366,7 @@ func (*Info) ProtoMessage() {} func (x *Info) ProtoReflect() protoreflect.Message { mi := &file_debugd_service_debugd_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -413,11 +403,9 @@ type DownloadFilesRequest struct { func (x *DownloadFilesRequest) Reset() { *x = DownloadFilesRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_debugd_service_debugd_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_debugd_service_debugd_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *DownloadFilesRequest) String() string { @@ -428,7 +416,7 @@ func (*DownloadFilesRequest) ProtoMessage() {} func (x *DownloadFilesRequest) ProtoReflect() protoreflect.Message { mi := &file_debugd_service_debugd_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -457,11 +445,9 @@ type FileTransferMessage struct { func (x *FileTransferMessage) Reset() { *x = FileTransferMessage{} - if protoimpl.UnsafeEnabled { - mi := &file_debugd_service_debugd_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_debugd_service_debugd_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *FileTransferMessage) String() string { @@ -472,7 +458,7 @@ func (*FileTransferMessage) ProtoMessage() {} func (x *FileTransferMessage) ProtoReflect() protoreflect.Message { mi := &file_debugd_service_debugd_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -536,11 +522,9 @@ type FileTransferHeader struct { func (x *FileTransferHeader) Reset() { *x = FileTransferHeader{} - if protoimpl.UnsafeEnabled { - mi := &file_debugd_service_debugd_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_debugd_service_debugd_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *FileTransferHeader) String() string { @@ -551,7 +535,7 @@ func (*FileTransferHeader) ProtoMessage() {} func (x *FileTransferHeader) ProtoReflect() protoreflect.Message { mi := &file_debugd_service_debugd_proto_msgTypes[7] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -598,11 +582,9 @@ type Chunk struct { func (x *Chunk) Reset() { *x = Chunk{} - if protoimpl.UnsafeEnabled { - mi := &file_debugd_service_debugd_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_debugd_service_debugd_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Chunk) String() string { @@ -613,7 +595,7 @@ func (*Chunk) ProtoMessage() {} func (x *Chunk) ProtoReflect() protoreflect.Message { mi := &file_debugd_service_debugd_proto_msgTypes[8] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -653,11 +635,9 @@ type UploadFilesResponse struct { func (x *UploadFilesResponse) Reset() { *x = UploadFilesResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_debugd_service_debugd_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_debugd_service_debugd_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *UploadFilesResponse) String() string { @@ -668,7 +648,7 @@ func (*UploadFilesResponse) ProtoMessage() {} func (x *UploadFilesResponse) ProtoReflect() protoreflect.Message { mi := &file_debugd_service_debugd_proto_msgTypes[9] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -708,11 +688,9 @@ type ServiceUnit struct { func (x *ServiceUnit) Reset() { *x = ServiceUnit{} - if protoimpl.UnsafeEnabled { - mi := &file_debugd_service_debugd_proto_msgTypes[10] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_debugd_service_debugd_proto_msgTypes[10] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *ServiceUnit) String() string { @@ -723,7 +701,7 @@ func (*ServiceUnit) ProtoMessage() {} func (x *ServiceUnit) ProtoReflect() protoreflect.Message { mi := &file_debugd_service_debugd_proto_msgTypes[10] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -762,11 +740,9 @@ type UploadSystemdServiceUnitsRequest struct { func (x *UploadSystemdServiceUnitsRequest) Reset() { *x = UploadSystemdServiceUnitsRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_debugd_service_debugd_proto_msgTypes[11] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_debugd_service_debugd_proto_msgTypes[11] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *UploadSystemdServiceUnitsRequest) String() string { @@ -777,7 +753,7 @@ func (*UploadSystemdServiceUnitsRequest) ProtoMessage() {} func (x *UploadSystemdServiceUnitsRequest) ProtoReflect() protoreflect.Message { mi := &file_debugd_service_debugd_proto_msgTypes[11] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -809,11 +785,9 @@ type UploadSystemdServiceUnitsResponse struct { func (x *UploadSystemdServiceUnitsResponse) Reset() { *x = UploadSystemdServiceUnitsResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_debugd_service_debugd_proto_msgTypes[12] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_debugd_service_debugd_proto_msgTypes[12] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *UploadSystemdServiceUnitsResponse) String() string { @@ -824,7 +798,7 @@ func (*UploadSystemdServiceUnitsResponse) ProtoMessage() {} func (x *UploadSystemdServiceUnitsResponse) ProtoReflect() protoreflect.Message { mi := &file_debugd_service_debugd_proto_msgTypes[12] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1027,164 +1001,6 @@ func file_debugd_service_debugd_proto_init() { if File_debugd_service_debugd_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_debugd_service_debugd_proto_msgTypes[0].Exporter = func(v any, i int) any { - switch v := v.(*SetInfoRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_debugd_service_debugd_proto_msgTypes[1].Exporter = func(v any, i int) any { - switch v := v.(*SetInfoResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_debugd_service_debugd_proto_msgTypes[2].Exporter = func(v any, i int) any { - switch v := v.(*GetInfoRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_debugd_service_debugd_proto_msgTypes[3].Exporter = func(v any, i int) any { - switch v := v.(*GetInfoResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_debugd_service_debugd_proto_msgTypes[4].Exporter = func(v any, i int) any { - switch v := v.(*Info); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_debugd_service_debugd_proto_msgTypes[5].Exporter = func(v any, i int) any { - switch v := v.(*DownloadFilesRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_debugd_service_debugd_proto_msgTypes[6].Exporter = func(v any, i int) any { - switch v := v.(*FileTransferMessage); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_debugd_service_debugd_proto_msgTypes[7].Exporter = func(v any, i int) any { - switch v := v.(*FileTransferHeader); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_debugd_service_debugd_proto_msgTypes[8].Exporter = func(v any, i int) any { - switch v := v.(*Chunk); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_debugd_service_debugd_proto_msgTypes[9].Exporter = func(v any, i int) any { - switch v := v.(*UploadFilesResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_debugd_service_debugd_proto_msgTypes[10].Exporter = func(v any, i int) any { - switch v := v.(*ServiceUnit); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_debugd_service_debugd_proto_msgTypes[11].Exporter = func(v any, i int) any { - switch v := v.(*UploadSystemdServiceUnitsRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_debugd_service_debugd_proto_msgTypes[12].Exporter = func(v any, i int) any { - switch v := v.(*UploadSystemdServiceUnitsResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } file_debugd_service_debugd_proto_msgTypes[6].OneofWrappers = []any{ (*FileTransferMessage_Header)(nil), (*FileTransferMessage_Chunk)(nil), diff --git a/disk-mapper/recoverproto/recover.pb.go b/disk-mapper/recoverproto/recover.pb.go index 0b7db18f9..f4ed7c5c7 100644 --- a/disk-mapper/recoverproto/recover.pb.go +++ b/disk-mapper/recoverproto/recover.pb.go @@ -1,6 +1,6 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.34.2 +// protoc-gen-go v1.35.1 // protoc v5.27.0 // source: disk-mapper/recoverproto/recover.proto @@ -35,11 +35,9 @@ type RecoverMessage struct { func (x *RecoverMessage) Reset() { *x = RecoverMessage{} - if protoimpl.UnsafeEnabled { - mi := &file_disk_mapper_recoverproto_recover_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_disk_mapper_recoverproto_recover_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *RecoverMessage) String() string { @@ -50,7 +48,7 @@ func (*RecoverMessage) ProtoMessage() {} func (x *RecoverMessage) ProtoReflect() protoreflect.Message { mi := &file_disk_mapper_recoverproto_recover_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -87,11 +85,9 @@ type RecoverResponse struct { func (x *RecoverResponse) Reset() { *x = RecoverResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_disk_mapper_recoverproto_recover_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_disk_mapper_recoverproto_recover_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *RecoverResponse) String() string { @@ -102,7 +98,7 @@ func (*RecoverResponse) ProtoMessage() {} func (x *RecoverResponse) ProtoReflect() protoreflect.Message { mi := &file_disk_mapper_recoverproto_recover_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -174,32 +170,6 @@ func file_disk_mapper_recoverproto_recover_proto_init() { if File_disk_mapper_recoverproto_recover_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_disk_mapper_recoverproto_recover_proto_msgTypes[0].Exporter = func(v any, i int) any { - switch v := v.(*RecoverMessage); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_disk_mapper_recoverproto_recover_proto_msgTypes[1].Exporter = func(v any, i int) any { - switch v := v.(*RecoverResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ diff --git a/e2e/internal/upgrade/upgrade.go b/e2e/internal/upgrade/upgrade.go index e31b7b67a..b021eb5d9 100644 --- a/e2e/internal/upgrade/upgrade.go +++ b/e2e/internal/upgrade/upgrade.go @@ -153,11 +153,6 @@ func testNodesEventuallyHaveVersion(t *testing.T, k *kubernetes.Clientset, targe log.Printf("\t%s: K8s (Kubelet) %s, want %s\n", node.Name, kubeletVersion, targetVersions.Kubernetes) allUpdated = false } - kubeProxyVersion := node.Status.NodeInfo.KubeProxyVersion - if kubeProxyVersion != string(targetVersions.Kubernetes) { - log.Printf("\t%s: K8s (Proxy) %s, want %s\n", node.Name, kubeProxyVersion, targetVersions.Kubernetes) - allUpdated = false - } } } return allUpdated diff --git a/go.mod b/go.mod index 581c43964..e8f19b641 100644 --- a/go.mod +++ b/go.mod @@ -13,6 +13,7 @@ replace github.com/martinjungblut/go-cryptsetup => github.com/daniel-weisse/go-c replace ( k8s.io/cloud-provider => k8s.io/cloud-provider v0.31.1 k8s.io/controller-manager => k8s.io/controller-manager v0.31.1 + k8s.io/cri-client => k8s.io/cri-client v0.31.1 k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.31.1 k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.31.1 k8s.io/endpointslice => k8s.io/endpointslice v0.31.1 @@ -26,45 +27,45 @@ replace ( ) require ( - cloud.google.com/go/compute v1.28.0 - cloud.google.com/go/compute/metadata v0.5.0 - cloud.google.com/go/kms v1.19.0 - cloud.google.com/go/secretmanager v1.14.0 - cloud.google.com/go/storage v1.43.0 - dario.cat/mergo v1.0.0 + cloud.google.com/go/compute v1.28.1 + cloud.google.com/go/compute/metadata v0.5.2 + cloud.google.com/go/kms v1.20.0 + cloud.google.com/go/secretmanager v1.14.1 + cloud.google.com/go/storage v1.44.0 + dario.cat/mergo v1.0.1 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 - github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6 v6.0.0 - github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6 v6.0.0 + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.15.0 + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 + github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6 v6.1.0 + github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6 v6.1.0 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0 - github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.4.0 + github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.4.1 github.com/BurntSushi/toml v1.4.0 github.com/aws/aws-sdk-go v1.55.5 - github.com/aws/aws-sdk-go-v2 v1.30.3 - github.com/aws/aws-sdk-go-v2/config v1.27.27 - github.com/aws/aws-sdk-go-v2/credentials v1.17.27 - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11 - github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.10 - github.com/aws/aws-sdk-go-v2/service/autoscaling v1.43.3 - github.com/aws/aws-sdk-go-v2/service/cloudfront v1.38.4 - github.com/aws/aws-sdk-go-v2/service/ec2 v1.173.0 - github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.34.0 - github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.23.3 - github.com/aws/aws-sdk-go-v2/service/s3 v1.58.3 - github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.32.4 - github.com/aws/smithy-go v1.20.3 - github.com/bazelbuild/buildtools v0.0.0-20240804201302-37932ddd7230 - github.com/bazelbuild/rules_go v0.49.0 + github.com/aws/aws-sdk-go-v2 v1.32.2 + github.com/aws/aws-sdk-go-v2/config v1.27.43 + github.com/aws/aws-sdk-go-v2/credentials v1.17.41 + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.17 + github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.32 + github.com/aws/aws-sdk-go-v2/service/autoscaling v1.45.2 + github.com/aws/aws-sdk-go-v2/service/cloudfront v1.40.2 + github.com/aws/aws-sdk-go-v2/service/ec2 v1.182.0 + github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.40.0 + github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.25.2 + github.com/aws/aws-sdk-go-v2/service/s3 v1.65.3 + github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.2 + github.com/aws/smithy-go v1.22.0 + github.com/bazelbuild/buildtools v0.0.0-20240918101019-be1c24cc9a44 + github.com/bazelbuild/rules_go v0.50.1 github.com/coreos/go-systemd/v22 v22.5.0 - github.com/docker/docker v27.1.1+incompatible + github.com/docker/docker v27.3.1+incompatible github.com/edgelesssys/go-azguestattestation v0.0.0-20240513062303-05f8770a633d github.com/edgelesssys/go-tdx-qpl v0.0.0-20240123150912-dcad3c41ec5f github.com/foxboron/go-uefi v0.0.0-20240805124652-e2076f0e58ca github.com/fsnotify/fsnotify v1.7.0 github.com/go-playground/locales v0.14.1 github.com/go-playground/universal-translator v0.18.1 - github.com/go-playground/validator/v10 v10.22.0 + github.com/go-playground/validator/v10 v10.22.1 github.com/golang-jwt/jwt/v5 v5.2.1 github.com/google/go-sev-guest v0.11.1 github.com/google/go-tdx-guest v0.3.1 @@ -72,80 +73,82 @@ require ( github.com/google/go-tpm-tools v0.4.4 github.com/google/uuid v1.6.0 github.com/googleapis/gax-go/v2 v2.13.0 - github.com/gophercloud/gophercloud/v2 v2.1.0 - github.com/gophercloud/utils/v2 v2.0.0-20240807081201-990d90b23c70 + github.com/gophercloud/gophercloud/v2 v2.1.1 + github.com/gophercloud/utils/v2 v2.0.0-20241008104625-7cbb8fd76bb7 github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.1.0 github.com/hashicorp/go-kms-wrapping/v2 v2.0.16 github.com/hashicorp/go-kms-wrapping/wrappers/awskms/v2 v2.0.9 github.com/hashicorp/go-kms-wrapping/wrappers/azurekeyvault/v2 v2.0.11 github.com/hashicorp/go-kms-wrapping/wrappers/gcpckms/v2 v2.0.12 github.com/hashicorp/go-version v1.7.0 - github.com/hashicorp/hc-install v0.8.0 - github.com/hashicorp/hcl/v2 v2.21.0 + github.com/hashicorp/hc-install v0.9.0 + github.com/hashicorp/hcl/v2 v2.22.0 github.com/hashicorp/terraform-exec v0.21.0 github.com/hashicorp/terraform-json v0.22.1 - github.com/hashicorp/terraform-plugin-framework v1.10.0 + github.com/hashicorp/terraform-plugin-framework v1.12.0 github.com/hashicorp/terraform-plugin-framework-validators v0.13.0 - github.com/hashicorp/terraform-plugin-go v0.23.0 + github.com/hashicorp/terraform-plugin-go v0.24.0 github.com/hashicorp/terraform-plugin-log v0.9.0 - github.com/hashicorp/terraform-plugin-testing v1.9.0 + github.com/hashicorp/terraform-plugin-testing v1.10.0 github.com/hexops/gotextdiff v1.0.3 github.com/martinjungblut/go-cryptsetup v0.0.0-20220520180014-fd0874fd07a6 github.com/mattn/go-isatty v0.0.20 github.com/mitchellh/go-homedir v1.1.0 - github.com/onsi/ginkgo/v2 v2.19.1 - github.com/onsi/gomega v1.34.1 + github.com/onsi/ginkgo/v2 v2.20.2 + github.com/onsi/gomega v1.34.2 github.com/pkg/errors v0.9.1 github.com/regclient/regclient v0.7.1 - github.com/rogpeppe/go-internal v1.12.0 - github.com/samber/slog-multi v1.2.0 - github.com/schollz/progressbar/v3 v3.14.6 + github.com/rogpeppe/go-internal v1.13.1 + github.com/samber/slog-multi v1.2.3 + github.com/schollz/progressbar/v3 v3.16.1 github.com/secure-systems-lab/go-securesystemslib v0.8.0 - github.com/siderolabs/talos/pkg/machinery v1.7.5 + github.com/siderolabs/talos/pkg/machinery v1.8.1 github.com/sigstore/rekor v1.3.6 - github.com/sigstore/sigstore v1.8.7 + github.com/sigstore/sigstore v1.8.10 github.com/spf13/afero v1.11.0 github.com/spf13/cobra v1.8.1 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.9.0 github.com/tink-crypto/tink-go/v2 v2.2.0 github.com/vincent-petithory/dataurl v1.0.0 - go.etcd.io/etcd/api/v3 v3.5.15 - go.etcd.io/etcd/client/pkg/v3 v3.5.15 - go.etcd.io/etcd/client/v3 v3.5.15 + go.etcd.io/etcd/api/v3 v3.5.16 + go.etcd.io/etcd/client/pkg/v3 v3.5.16 + go.etcd.io/etcd/client/v3 v3.5.16 go.uber.org/goleak v1.3.0 - golang.org/x/crypto v0.27.0 - golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 - golang.org/x/mod v0.20.0 - golang.org/x/sys v0.25.0 - golang.org/x/text v0.18.0 - golang.org/x/tools v0.23.0 - google.golang.org/api v0.197.0 - google.golang.org/grpc v1.66.1 - google.golang.org/protobuf v1.34.2 + golang.org/x/crypto v0.28.0 + golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c + golang.org/x/mod v0.21.0 + golang.org/x/sys v0.26.0 + golang.org/x/text v0.19.0 + golang.org/x/tools v0.26.0 + google.golang.org/api v0.200.0 + google.golang.org/grpc v1.67.1 + google.golang.org/protobuf v1.35.1 gopkg.in/yaml.v3 v3.0.1 - helm.sh/helm/v3 v3.15.3 - k8s.io/api v0.30.3 - k8s.io/apiextensions-apiserver v0.30.3 - k8s.io/apimachinery v0.30.3 - k8s.io/apiserver v0.30.3 - k8s.io/client-go v0.30.3 - k8s.io/cluster-bootstrap v0.30.3 - k8s.io/kubelet v0.30.3 - k8s.io/kubernetes v1.30.3 - k8s.io/mount-utils v0.30.3 - k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 - libvirt.org/go/libvirt v1.10005.0 - sigs.k8s.io/controller-runtime v0.18.4 + helm.sh/helm/v3 v3.16.2 + k8s.io/api v0.31.1 + k8s.io/apiextensions-apiserver v0.31.1 + k8s.io/apimachinery v0.31.1 + k8s.io/apiserver v0.31.1 + k8s.io/client-go v0.31.1 + k8s.io/cluster-bootstrap v0.31.1 + k8s.io/kubelet v0.31.1 + k8s.io/kubernetes v1.31.1 + k8s.io/mount-utils v0.31.1 + k8s.io/utils v0.0.0-20240921022957-49e7df575cb6 + libvirt.org/go/libvirt v1.10008.0 + sigs.k8s.io/controller-runtime v0.19.0 sigs.k8s.io/yaml v1.4.0 ) require ( + cel.dev/expr v0.16.2 // indirect cloud.google.com/go v0.115.1 // indirect - cloud.google.com/go/auth v0.9.3 // indirect + cloud.google.com/go/auth v0.9.8 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect - cloud.google.com/go/iam v1.2.0 // indirect - cloud.google.com/go/longrunning v0.6.0 // indirect + cloud.google.com/go/iam v1.2.1 // indirect + cloud.google.com/go/longrunning v0.6.1 // indirect + cloud.google.com/go/monitoring v1.21.1 // indirect github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0 // indirect @@ -161,46 +164,51 @@ require ( github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect + github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.24.1 // indirect + github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.48.1 // indirect + github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.48.1 // indirect github.com/MakeNowJust/heredoc v1.0.0 // indirect github.com/Masterminds/goutils v1.1.1 // indirect - github.com/Masterminds/semver/v3 v3.2.1 // indirect - github.com/Masterminds/sprig/v3 v3.2.3 // indirect + github.com/Masterminds/semver/v3 v3.3.0 // indirect + github.com/Masterminds/sprig/v3 v3.3.0 // indirect github.com/Masterminds/squirrel v1.5.4 // indirect github.com/Microsoft/go-winio v0.6.1 // indirect github.com/Microsoft/hcsshim v0.11.4 // indirect - github.com/ProtonMail/go-crypto v1.1.0-alpha.2 // indirect + github.com/ProtonMail/go-crypto v1.1.0-alpha.5.0.20240827111422-b5837fa4476e // indirect github.com/agext/levenshtein v1.2.2 // indirect github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect - github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.3 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15 // indirect - github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect - github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.15 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.17 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.15 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.22.4 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.30.3 // indirect + github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.6 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.21 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.21 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect + github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.21 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.2 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.2 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.2 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.24.2 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.2 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.32.2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver v3.5.1+incompatible // indirect github.com/blang/semver/v4 v4.0.0 // indirect + github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/chai2010/gettext-go v1.0.2 // indirect - github.com/cloudflare/circl v1.3.7 // indirect + github.com/cloudflare/circl v1.3.9 // indirect + github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 // indirect github.com/containerd/containerd v1.7.12 // indirect github.com/containerd/log v0.1.0 // indirect github.com/coredns/caddy v1.1.1 // indirect - github.com/coredns/corefile-migration v1.0.21 // indirect + github.com/coredns/corefile-migration v1.0.23 // indirect github.com/coreos/go-semver v0.3.1 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7 // indirect - github.com/cyphar/filepath-securejoin v0.2.4 // indirect + github.com/cyphar/filepath-securejoin v0.3.1 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/distribution/reference v0.5.0 // indirect - github.com/docker/cli v25.0.1+incompatible // indirect + github.com/docker/cli v27.1.1+incompatible // indirect github.com/docker/distribution v2.8.3+incompatible // indirect github.com/docker/docker-credential-helpers v0.7.0 // indirect github.com/docker/go-connections v0.5.0 // indirect @@ -208,11 +216,14 @@ require ( github.com/docker/go-units v0.5.0 // indirect github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 // indirect github.com/emicklei/go-restful/v3 v3.11.0 // indirect + github.com/envoyproxy/go-control-plane v0.13.0 // indirect + github.com/envoyproxy/protoc-gen-validate v1.1.0 // indirect github.com/evanphx/json-patch v5.9.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect - github.com/fatih/color v1.16.0 // indirect + github.com/fatih/color v1.17.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect + github.com/fxamacker/cbor/v2 v2.7.0 // indirect github.com/gabriel-vasile/mimetype v1.4.3 // indirect github.com/go-chi/chi v4.1.2+incompatible // indirect github.com/go-errors/errors v1.4.2 // indirect @@ -235,7 +246,7 @@ require ( github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/gobwas/glob v0.2.3 // indirect github.com/godbus/dbus/v5 v5.1.0 // indirect - github.com/gofrs/uuid/v5 v5.2.0 // indirect + github.com/gofrs/uuid/v5 v5.3.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v4 v4.5.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect @@ -246,11 +257,11 @@ require ( github.com/google/go-attestation v0.5.1 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-configfs-tsm v0.2.2 // indirect - github.com/google/go-containerregistry v0.20.0 // indirect + github.com/google/go-containerregistry v0.20.2 // indirect github.com/google/go-tspi v0.3.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/logger v1.1.1 // indirect - github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 // indirect + github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5 // indirect github.com/google/s2a-go v0.1.8 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect @@ -264,7 +275,7 @@ require ( github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 // indirect github.com/hashicorp/go-hclog v1.6.3 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect - github.com/hashicorp/go-plugin v1.6.0 // indirect + github.com/hashicorp/go-plugin v1.6.1 // indirect github.com/hashicorp/go-retryablehttp v0.7.7 // indirect github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6 // indirect github.com/hashicorp/go-uuid v1.0.3 // indirect @@ -273,12 +284,12 @@ require ( github.com/hashicorp/terraform-registry-address v0.2.3 // indirect github.com/hashicorp/terraform-svchost v0.1.1 // indirect github.com/hashicorp/yamux v0.1.1 // indirect - github.com/huandu/xstrings v1.4.0 // indirect - github.com/imdario/mergo v0.3.15 // indirect + github.com/huandu/xstrings v1.5.0 // indirect + github.com/imdario/mergo v0.3.16 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jedisct1/go-minisign v0.0.0-20211028175153-1c139d1cc84b // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect - github.com/jmoiron/sqlx v1.3.5 // indirect + github.com/jmoiron/sqlx v1.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/klauspost/compress v1.17.9 // indirect @@ -291,7 +302,7 @@ require ( github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/mattn/go-colorable v0.1.13 // indirect - github.com/mattn/go-runewidth v0.0.13 // indirect + github.com/mattn/go-runewidth v0.0.16 // indirect github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db // indirect github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-testing-interface v1.14.1 // indirect @@ -300,8 +311,8 @@ require ( github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/moby/docker-image-spec v1.3.1 // indirect github.com/moby/locker v1.0.1 // indirect - github.com/moby/spdystream v0.2.0 // indirect - github.com/moby/sys/mountinfo v0.6.2 // indirect + github.com/moby/spdystream v0.4.0 // indirect + github.com/moby/sys/mountinfo v0.7.1 // indirect github.com/moby/term v0.5.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect @@ -311,24 +322,27 @@ require ( github.com/oklog/run v1.0.0 // indirect github.com/oklog/ulid v1.3.1 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/opencontainers/image-spec v1.1.0-rc6 // indirect + github.com/opencontainers/image-spec v1.1.0 // indirect + github.com/opencontainers/runc v1.1.13 // indirect + github.com/opencontainers/runtime-spec v1.2.0 // indirect github.com/opentracing/opentracing-go v1.2.0 // indirect github.com/pborman/uuid v1.2.1 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect - github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/prometheus/client_golang v1.19.0 // indirect - github.com/prometheus/client_model v0.5.0 // indirect - github.com/prometheus/common v0.48.0 // indirect - github.com/prometheus/procfs v0.12.0 // indirect + github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect + github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect + github.com/prometheus/client_golang v1.19.1 // indirect + github.com/prometheus/client_model v0.6.1 // indirect + github.com/prometheus/common v0.55.0 // indirect + github.com/prometheus/procfs v0.15.1 // indirect github.com/rivo/uniseg v0.4.7 // indirect - github.com/rubenv/sql-migrate v1.5.2 // indirect + github.com/rubenv/sql-migrate v1.7.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect - github.com/samber/lo v1.38.1 // indirect + github.com/samber/lo v1.47.0 // indirect github.com/sassoftware/relic v7.2.1+incompatible // indirect - github.com/shopspring/decimal v1.3.1 // indirect + github.com/shopspring/decimal v1.4.0 // indirect github.com/sirupsen/logrus v1.9.3 // indirect - github.com/spf13/cast v1.6.0 // indirect + github.com/spf13/cast v1.7.0 // indirect github.com/stretchr/objx v0.5.2 // indirect github.com/theupdateframework/go-tuf v0.7.0 // indirect github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect @@ -338,41 +352,47 @@ require ( github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect github.com/vtolstov/go-ioctl v0.0.0-20151206205506-6be9cced4810 // indirect + github.com/x448/float16 v0.8.4 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.2.0 // indirect github.com/xlab/treeprint v1.2.0 // indirect - github.com/zclconf/go-cty v1.14.4 // indirect + github.com/zclconf/go-cty v1.15.0 // indirect go.mongodb.org/mongo-driver v1.14.0 // indirect go.opencensus.io v0.24.0 // indirect + go.opentelemetry.io/contrib/detectors/gcp v1.29.0 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect go.opentelemetry.io/otel v1.29.0 // indirect go.opentelemetry.io/otel/metric v1.29.0 // indirect + go.opentelemetry.io/otel/sdk v1.29.0 // indirect + go.opentelemetry.io/otel/sdk/metric v1.29.0 // indirect go.opentelemetry.io/otel/trace v1.29.0 // indirect go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect - golang.org/x/net v0.29.0 // indirect + golang.org/x/net v0.30.0 // indirect golang.org/x/oauth2 v0.23.0 // indirect golang.org/x/sync v0.8.0 // indirect - golang.org/x/term v0.24.0 // indirect - golang.org/x/time v0.6.0 // indirect + golang.org/x/term v0.25.0 // indirect + golang.org/x/time v0.7.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.8 // indirect - google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect + google.golang.org/genproto v0.0.0-20241007155032-5fefd90f89a9 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9 // indirect + google.golang.org/grpc/stats/opentelemetry v0.0.0-20240907200651-3ffb98b2c93a // indirect + gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - k8s.io/cli-runtime v0.30.0 // indirect - k8s.io/component-base v0.30.3 // indirect - k8s.io/klog/v2 v2.120.1 // indirect + k8s.io/cli-runtime v0.31.1 // indirect + k8s.io/component-base v0.31.1 // indirect + k8s.io/klog/v2 v2.130.1 // indirect k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect - k8s.io/kubectl v0.30.0 // indirect + k8s.io/kubectl v0.31.1 // indirect oras.land/oras-go v1.2.5 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 // indirect - sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 // indirect + sigs.k8s.io/kustomize/api v0.17.2 // indirect + sigs.k8s.io/kustomize/kyaml v0.17.1 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) diff --git a/go.sum b/go.sum index f8c0d3c9b..f187cdfa8 100644 --- a/go.sum +++ b/go.sum @@ -1,38 +1,34 @@ +cel.dev/expr v0.16.2 h1:RwRhoH17VhAu9U5CMvMhH1PDVgf0tuz9FT+24AfMLfU= +cel.dev/expr v0.16.2/go.mod h1:gXngZQMkWJoSbE8mOzehJlXQyubn/Vg0vR9/F3W7iw8= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= -cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= -cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= -cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= cloud.google.com/go v0.115.1 h1:Jo0SM9cQnSkYfp44+v+NQXHpcHqlnRJk2qxh6yvxxxQ= cloud.google.com/go v0.115.1/go.mod h1:DuujITeaufu3gL68/lOFIirVNJwQeyf5UXyi+Wbgknc= -cloud.google.com/go/auth v0.9.3 h1:VOEUIAADkkLtyfr3BLa3R8Ed/j6w1jTBmARx+wb5w5U= -cloud.google.com/go/auth v0.9.3/go.mod h1:7z6VY+7h3KUdRov5F1i8NDP5ZzWKYmEPO842BgCsmTk= +cloud.google.com/go/auth v0.9.8 h1:+CSJ0Gw9iVeSENVCKJoLHhdUykDgXSc4Qn+gu2BRtR8= +cloud.google.com/go/auth v0.9.8/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI= cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY= cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc= -cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= -cloud.google.com/go/compute v1.28.0 h1:OPtBxMcheSS+DWfci803qvPly3d4w7Eu5ztKBcFfzwk= -cloud.google.com/go/compute v1.28.0/go.mod h1:DEqZBtYrDnD5PvjsKwb3onnhX+qjdCVM7eshj1XdjV4= -cloud.google.com/go/compute/metadata v0.5.0 h1:Zr0eK8JbFv6+Wi4ilXAR8FJ3wyNdpxHKJNPos6LTZOY= -cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY= -cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= -cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= -cloud.google.com/go/iam v1.2.0 h1:kZKMKVNk/IsSSc/udOb83K0hL/Yh/Gcqpz+oAkoIFN8= -cloud.google.com/go/iam v1.2.0/go.mod h1:zITGuWgsLZxd8OwAlX+eMFgZDXzBm7icj1PVTYG766Q= -cloud.google.com/go/kms v1.19.0 h1:x0OVJDl6UH1BSX4THKlMfdcFWoE4ruh90ZHuilZekrU= -cloud.google.com/go/kms v1.19.0/go.mod h1:e4imokuPJUc17Trz2s6lEXFDt8bgDmvpVynH39bdrHM= -cloud.google.com/go/longrunning v0.6.0 h1:mM1ZmaNsQsnb+5n1DNPeL0KwQd9jQRqSqSDEkBZr+aI= -cloud.google.com/go/longrunning v0.6.0/go.mod h1:uHzSZqW89h7/pasCWNYdUpwGz3PcVWhrWupreVPYLts= -cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= -cloud.google.com/go/secretmanager v1.14.0 h1:P2RRu2NEsQyOjplhUPvWKqzDXUKzwejHLuSUBHI8c4w= -cloud.google.com/go/secretmanager v1.14.0/go.mod h1:q0hSFHzoW7eRgyYFH8trqEFavgrMeiJI4FETNN78vhM= -cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= -cloud.google.com/go/storage v1.43.0 h1:CcxnSohZwizt4LCzQHWvBf1/kvtHUn7gk9QERXPyXFs= -cloud.google.com/go/storage v1.43.0/go.mod h1:ajvxEa7WmZS1PxvKRq4bq0tFT3vMd502JwstCcYv0Q0= -dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= -dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= -dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= +cloud.google.com/go/compute v1.28.1 h1:XwPcZjgMCnU2tkwY10VleUjSAfpTj9RDn+kGrbYsi8o= +cloud.google.com/go/compute v1.28.1/go.mod h1:b72iXMY4FucVry3NR3Li4kVyyTvbMDE7x5WsqvxjsYk= +cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixAHn3fyqngqo= +cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k= +cloud.google.com/go/iam v1.2.1 h1:QFct02HRb7H12J/3utj0qf5tobFh9V4vR6h9eX5EBRU= +cloud.google.com/go/iam v1.2.1/go.mod h1:3VUIJDPpwT6p/amXRC5GY8fCCh70lxPygguVtI0Z4/g= +cloud.google.com/go/kms v1.20.0 h1:uKUvjGqbBlI96xGE669hcVnEMw1Px/Mvfa62dhM5UrY= +cloud.google.com/go/kms v1.20.0/go.mod h1:/dMbFF1tLLFnQV44AoI2GlotbjowyUfgVwezxW291fM= +cloud.google.com/go/logging v1.11.0 h1:v3ktVzXMV7CwHq1MBF65wcqLMA7i+z3YxbUsoK7mOKs= +cloud.google.com/go/logging v1.11.0/go.mod h1:5LDiJC/RxTt+fHc1LAt20R9TKiUTReDg6RuuFOZ67+A= +cloud.google.com/go/longrunning v0.6.1 h1:lOLTFxYpr8hcRtcwWir5ITh1PAKUD/sG2lKrTSYjyMc= +cloud.google.com/go/longrunning v0.6.1/go.mod h1:nHISoOZpBcmlwbJmiVk5oDRz0qG/ZxPynEGs1iZ79s0= +cloud.google.com/go/monitoring v1.21.1 h1:zWtbIoBMnU5LP9A/fz8LmWMGHpk4skdfeiaa66QdFGc= +cloud.google.com/go/monitoring v1.21.1/go.mod h1:Rj++LKrlht9uBi8+Eb530dIrzG/cU/lB8mt+lbeFK1c= +cloud.google.com/go/secretmanager v1.14.1 h1:xlWSIg8rtBn5qCr2f3XtQP19+5COyf/ll49SEvi/0vM= +cloud.google.com/go/secretmanager v1.14.1/go.mod h1:L+gO+u2JA9CCyXpSR8gDH0o8EV7i/f0jdBOrUXcIV0U= +cloud.google.com/go/storage v1.44.0 h1:abBzXf4UJKMmQ04xxJf9dYM/fNl24KHoTuBjyJDX2AI= +cloud.google.com/go/storage v1.44.0/go.mod h1:wpPblkIuMP5jCB/E48Pz9zIo2S/zD8g+ITmxKkPCITE= +cloud.google.com/go/trace v1.11.1 h1:UNqdP+HYYtnm6lb91aNA5JQ0X14GnxkABGlfz2PzPew= +cloud.google.com/go/trace v1.11.1/go.mod h1:IQKNQuBzH72EGaXEodKlNJrWykGZxet2zgjtS60OtjA= +dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s= +dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU= @@ -41,22 +37,24 @@ github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230919221257-8b5d3ce2d11d h1:zjq github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230919221257-8b5d3ce2d11d/go.mod h1:XNqJ7hv2kY++g8XEHREpi+JqZo3+0l+CH2egBVN4yqM= github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU= github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 h1:GJHeeA2N7xrG3q30L2UXDyuWRzDM900/65j70wcM4Ww= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0/go.mod h1:l38EPgmsp71HHLq9j7De57JcKOWPyhrsW1Awm1JS6K0= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH5sE0o6eCJuNDTmH09nDpbc= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.15.0 h1:eXzkOEXbSTOa7cJ7EqeCVi/OFi/ppDrUtQuttCWy74c= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.15.0/go.mod h1:YL1xnZ6QejvQHWJrX/AvhFl4WW4rqHVoKspWNVwFk0M= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 h1:B/dfvscEQtew9dVuoxqxrUKKv8Ih2f55PydknDamU+g= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0/go.mod h1:fiPSssYvltE08HJchL04dOy+RD4hgrjph0cwGGMntdI= +github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0 h1:+m0M/LFxN43KvULkDNfdXOgrjtg6UYJPFBJyuEcRCAw= +github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0/go.mod h1:PwOyop78lveYMRs6oCxjiVyBdyCgIYH6XHIVZO9/SFQ= github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY= github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY= github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0 h1:m/sWOGCREuSBqg2htVQTBY8nOZpyajYztF0vUvSZTuM= github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0/go.mod h1:Pu5Zksi2KrU7LPbZbNINx6fuVrUp/ffvpxdDj+i8LeE= github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 h1:FbH3BbSb4bvGluTesZZ+ttN/MDsnMmQP36OSnDuSXqw= github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1/go.mod h1:9V2j0jn9jDEkCkv8w/bKTNppX/d0FVA1ud77xCIP4KA= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6 v6.0.0 h1:ubTqH0Sqcc7KgjHGKstw446zi7SurSXESKgd4hJea7w= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6 v6.0.0/go.mod h1:zflC9v4VfViJrSvcvplqws/yGXVbUEMZi/iHpZdSPWA= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6 v6.1.0 h1:zDeQI/PaWztI2tcrGO/9RIMey9NvqYbnyttf/0P3QWM= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v6 v6.1.0/go.mod h1:zflC9v4VfViJrSvcvplqws/yGXVbUEMZi/iHpZdSPWA= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v3 v3.1.0 h1:2qsIIvxVT+uE6yrNldntJKlLRgxGbZ85kgtz5SNBhMw= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal/v3 v3.1.0/go.mod h1:AW8VEadnhw9xox+VaVd9sP7NjzOAnaZBLRH6Tq3cJ38= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6 v6.0.0 h1:6gbgo57khn0HUCcozxGgDodl7HPH0wr9x3QPt1uJSMM= -github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6 v6.0.0/go.mod h1:ulHyBFJOI0ONiRL4vcJTmS7rx18jQQlEPmAgo80cRdM= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6 v6.1.0 h1:Fd+iaEa+JBwzYo6OTWYSNqyvlPSLciMGsmsnYCKcXM0= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6 v6.1.0/go.mod h1:ulHyBFJOI0ONiRL4vcJTmS7rx18jQQlEPmAgo80cRdM= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0 h1:Dd+RhdJn0OTtVGaeDLZpcumkIVCtA/3/Fo42+eoYvVM= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.2.0/go.mod h1:5kakwfW5CjC9KK+Q4wjXAg+ShuIm2mBMua0ZFj2C8PE= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.6.0 h1:PiSrjRPpkQNjrM8H0WwKMnZUdu1RGMtd/LdGKUrOo+c= @@ -65,8 +63,8 @@ github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0 h1:h4Zx github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.1.0/go.mod h1:LgLGXawqSreJz135Elog0ywTJDsm0Hz2k+N+6ZK35u8= github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 h1:D3occbWoio4EBLkbkevetNMAVX197GkzbUMtqjGWn80= github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0/go.mod h1:bTSOgj05NGRuHHhQwAdPnYr9TOdNmKlZTgGLL6nyAdI= -github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.4.0 h1:Be6KInmFEKV81c0pOAEbRYehLMwmmGI1exuFj248AMk= -github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.4.0/go.mod h1:WCPBHsOXfBVnivScjs2ypRfimjEW0qPVLGgJkZlrIOA= +github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.4.1 h1:cf+OIKbkmMHBaC3u78AXomweqM0oxQSgBXRZf3WH4yM= +github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.4.1/go.mod h1:ap1dmS6vQKJxSMNiGJcq4QuUQkOynyD93gLw6MDF7ek= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= @@ -89,32 +87,39 @@ github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+Z github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= +github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM= +github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0= github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= -github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU= github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.24.1 h1:pB2F2JKCj1Znmp2rwxxt1J0Fg0wezTMgWYk5Mpbi1kg= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.24.1/go.mod h1:itPGVDKf9cC/ov4MdvJ2QZ0khw4bfoo9jzwTJlaxy2k= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.48.1 h1:UQ0AhxogsIRZDkElkblfnwjc3IaltCm2HUMvezQaL7s= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.48.1/go.mod h1:jyqM3eLpJ3IbIFDTKVz2rF9T/xWGW0rIriGwnz8l9Tk= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.48.1 h1:oTX4vsorBZo/Zdum6OKPA4o7544hm6smoRv1QjpTwGo= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.48.1/go.mod h1:0wEl7vrAD8mehJyohS9HZy+WyEOaQO2mJx86Cvh93kM= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.48.1 h1:8nn+rsCvTq9axyEh382S0PFLBeaFwNsT43IrPWzctRU= +github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.48.1/go.mod h1:viRWSEhtMZqz1rhwmOVKkWl6SwmVowfL9O2YR5gI2PE= github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ= github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= -github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= -github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= -github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= -github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA= -github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM= +github.com/Masterminds/semver/v3 v3.3.0 h1:B8LGeaivUe71a5qox1ICM/JLl0NqZSW5CHyL+hmvYS0= +github.com/Masterminds/semver/v3 v3.3.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= +github.com/Masterminds/sprig/v3 v3.3.0 h1:mQh0Yrg1XPo6vjYXgtf5OtijNAKJRNcTdOOGZe3tPhs= +github.com/Masterminds/sprig/v3 v3.3.0/go.mod h1:Zy1iXRYNqNLUolqCpL4uhk6SHUMAOSCzdgBfDb35Lz0= github.com/Masterminds/squirrel v1.5.4 h1:uUcX/aBc8O7Fg9kaISIUsHXdKuqehiXAMQTYX8afzqM= github.com/Masterminds/squirrel v1.5.4/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10= github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/Microsoft/hcsshim v0.11.4 h1:68vKo2VN8DE9AdN4tnkWnmdhqdbpUFM8OF3Airm7fz8= github.com/Microsoft/hcsshim v0.11.4/go.mod h1:smjE4dvqPX9Zldna+t5FG3rnoHhaB7QYxPRqGcpAD9w= -github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= -github.com/ProtonMail/go-crypto v1.1.0-alpha.2 h1:bkyFVUP+ROOARdgCiJzNQo2V2kiB97LyUpzH9P6Hrlg= -github.com/ProtonMail/go-crypto v1.1.0-alpha.2/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= +github.com/ProtonMail/go-crypto v1.1.0-alpha.5.0.20240827111422-b5837fa4476e h1:O1cSHAcGcbGEO66Qi2AIJeYmXO8iP4L/PNrbdN+RjJA= +github.com/ProtonMail/go-crypto v1.1.0-alpha.5.0.20240827111422-b5837fa4476e/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ= github.com/agext/levenshtein v1.2.2 h1:0S/Yg6LYmFJ5stwQeRp6EeOcCbj7xiqQSdNelsXvaqE= @@ -126,9 +131,6 @@ github.com/alessio/shellescape v1.4.1/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPp github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec= github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY= github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= -github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= -github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= -github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= @@ -136,66 +138,64 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:W github.com/aws/aws-sdk-go v1.30.27/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU= github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= -github.com/aws/aws-sdk-go-v2 v1.30.3 h1:jUeBtG0Ih+ZIFH0F4UkmL9w3cSpaMv9tYYDbzILP8dY= -github.com/aws/aws-sdk-go-v2 v1.30.3/go.mod h1:nIQjQVp5sfpQcTc9mPSr1B0PaWK5ByX9MOoDadSN4lc= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.3 h1:tW1/Rkad38LA15X4UQtjXZXNKsCgkshC3EbmcUmghTg= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.3/go.mod h1:UbnqO+zjqk3uIt9yCACHJ9IVNhyhOCnYk8yA19SAWrM= -github.com/aws/aws-sdk-go-v2/config v1.27.27 h1:HdqgGt1OAP0HkEDDShEl0oSYa9ZZBSOmKpdpsDMdO90= -github.com/aws/aws-sdk-go-v2/config v1.27.27/go.mod h1:MVYamCg76dFNINkZFu4n4RjDixhVr51HLj4ErWzrVwg= -github.com/aws/aws-sdk-go-v2/credentials v1.17.27 h1:2raNba6gr2IfA0eqqiP2XiQ0UVOpGPgDSi0I9iAP+UI= -github.com/aws/aws-sdk-go-v2/credentials v1.17.27/go.mod h1:gniiwbGahQByxan6YjQUMcW4Aov6bLC3m+evgcoN4r4= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11 h1:KreluoV8FZDEtI6Co2xuNk/UqI9iwMrOx/87PBNIKqw= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11/go.mod h1:SeSUYBLsMYFoRvHE0Tjvn7kbxaUhl75CJi1sbfhMxkU= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.10 h1:zeN9UtUlA6FTx0vFSayxSX32HDw73Yb6Hh2izDSFxXY= -github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.10/go.mod h1:3HKuexPDcwLWPaqpW2UR/9n8N/u/3CKcGAzSs8p8u8g= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15 h1:SoNJ4RlFEQEbtDcCEt+QG56MY4fm4W8rYirAmq+/DdU= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.15/go.mod h1:U9ke74k1n2bf+RIgoX1SXFed1HLs51OgUSs+Ph0KJP8= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15 h1:C6WHdGnTDIYETAm5iErQUiVNsclNx9qbJVPIt03B6bI= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.15/go.mod h1:ZQLZqhcu+JhSrA9/NXRm8SkDvsycE+JkV3WGY41e+IM= -github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU= -github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.15 h1:Z5r7SycxmSllHYmaAZPpmN8GviDrSGhMS6bldqtXZPw= -github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.15/go.mod h1:CetW7bDE00QoGEmPUoZuRog07SGVAUVW6LFpNP0YfIg= -github.com/aws/aws-sdk-go-v2/service/autoscaling v1.43.3 h1:y4kBd6IXizNoJ1QnVa1kFFmonxnv6mm6z+q7z0Jkdhg= -github.com/aws/aws-sdk-go-v2/service/autoscaling v1.43.3/go.mod h1:j2WsKJ/NQS+y8JUgpv+BBzyzddNZP2SG60fB5aQBZaA= -github.com/aws/aws-sdk-go-v2/service/cloudfront v1.38.4 h1:I/sQ9uGOs72/483obb2SPoa9ZEsYGbel6jcTTwD/0zU= -github.com/aws/aws-sdk-go-v2/service/cloudfront v1.38.4/go.mod h1:P6ByphKl2oNQZlv4WsCaLSmRncKEcOnbitYLtJPfqZI= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.173.0 h1:ta62lid9JkIpKZtZZXSj6rP2AqY5x1qYGq53ffxqD9Q= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.173.0/go.mod h1:o6QDjdVKpP5EF0dp/VlvqckzuSDATr1rLdHt3A5m0YY= -github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.34.0 h1:8rDRtPOu3ax8jEctw7G926JQlnFdhZZA4KJzQ+4ks3Q= -github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.34.0/go.mod h1:L5bVuO4PeXuDuMYZfL3IW69E6mz6PDCYpp6IKDlcLMA= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 h1:dT3MqvGhSoaIhRseqw2I0yH81l7wiR2vjs57O51EAm8= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3/go.mod h1:GlAeCkHwugxdHaueRr4nhPuY+WW+gR8UjlcqzPr1SPI= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.17 h1:YPYe6ZmvUfDDDELqEKtAd6bo8zxhkm+XEFEzQisqUIE= -github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.17/go.mod h1:oBtcnYua/CgzCWYN7NZ5j7PotFDaFSUjCYVTtfyn7vw= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17 h1:HGErhhrxZlQ044RiM+WdoZxp0p+EGM62y3L6pwA4olE= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17/go.mod h1:RkZEx4l0EHYDJpWppMJ3nD9wZJAa8/0lq9aVC+r2UII= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.15 h1:246A4lSTXWJw/rmlQI+TT2OcqeDMKBdyjEQrafMaQdA= -github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.15/go.mod h1:haVfg3761/WF7YPuJOER2MP0k4UAXyHaLclKXB6usDg= -github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.23.3 h1:ByynKMsGZGmpUpnQ99y+lS7VxZrNt3mdagCnHd011Kk= -github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.23.3/go.mod h1:ZR4h87npHPuVQ2SEeoWMe+CO/HcS9g2iYMLnT5HawW8= -github.com/aws/aws-sdk-go-v2/service/s3 v1.58.3 h1:hT8ZAZRIfqBqHbzKTII+CIiY8G2oC9OpLedkZ51DWl8= -github.com/aws/aws-sdk-go-v2/service/s3 v1.58.3/go.mod h1:Lcxzg5rojyVPU/0eFwLtcyTaek/6Mtic5B1gJo7e/zE= -github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.32.4 h1:NgRFYyFpiMD62y4VPXh4DosPFbZd4vdMVBWKk0VmWXc= -github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.32.4/go.mod h1:TKKN7IQoM7uTnyuFm9bm9cw5P//ZYTl4m3htBWQ1G/c= -github.com/aws/aws-sdk-go-v2/service/sso v1.22.4 h1:BXx0ZIxvrJdSgSvKTZ+yRBeSqqgPM89VPlulEcl37tM= -github.com/aws/aws-sdk-go-v2/service/sso v1.22.4/go.mod h1:ooyCOXjvJEsUw7x+ZDHeISPMhtwI3ZCB7ggFMcFfWLU= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4 h1:yiwVzJW2ZxZTurVbYWA7QOrAaCYQR72t0wrSBfoesUE= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4/go.mod h1:0oxfLkpz3rQ/CHlx5hB7H69YUpFiI1tql6Q6Ne+1bCw= -github.com/aws/aws-sdk-go-v2/service/sts v1.30.3 h1:ZsDKRLXGWHk8WdtyYMoGNO7bTudrvuKpDKgMVRlepGE= -github.com/aws/aws-sdk-go-v2/service/sts v1.30.3/go.mod h1:zwySh8fpFyXp9yOr/KVzxOl8SRqgf/IDw5aUt9UKFcQ= -github.com/aws/smithy-go v1.20.3 h1:ryHwveWzPV5BIof6fyDvor6V3iUL7nTfiTKXHiW05nE= -github.com/aws/smithy-go v1.20.3/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= -github.com/bazelbuild/buildtools v0.0.0-20240804201302-37932ddd7230 h1:KaVZjqijBr8cjmGm8rnM+7fuQ69d2AZN+gFQA2MBKhY= -github.com/bazelbuild/buildtools v0.0.0-20240804201302-37932ddd7230/go.mod h1:yBQGNvRAGhcBTxe4MHiW3Ul7DwoBim4XsKUaXnW1LWc= -github.com/bazelbuild/rules_go v0.49.0 h1:5vCbuvy8Q11g41lseGJDc5vxhDjJtfxr6nM/IC4VmqM= -github.com/bazelbuild/rules_go v0.49.0/go.mod h1:Dhcz716Kqg1RHNWos+N6MlXNkjNP2EwZQ0LukRKJfMs= +github.com/aws/aws-sdk-go-v2 v1.32.2 h1:AkNLZEyYMLnx/Q/mSKkcMqwNFXMAvFto9bNsHqcTduI= +github.com/aws/aws-sdk-go-v2 v1.32.2/go.mod h1:2SK5n0a2karNTv5tbP1SjsX0uhttou00v/HpXKM1ZUo= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.6 h1:pT3hpW0cOHRJx8Y0DfJUEQuqPild8jRGmSFmBgvydr0= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.6/go.mod h1:j/I2++U0xX+cr44QjHay4Cvxj6FUbnxrgmqN3H1jTZA= +github.com/aws/aws-sdk-go-v2/config v1.27.43 h1:p33fDDihFC390dhhuv8nOmX419wjOSDQRb+USt20RrU= +github.com/aws/aws-sdk-go-v2/config v1.27.43/go.mod h1:pYhbtvg1siOOg8h5an77rXle9tVG8T+BWLWAo7cOukc= +github.com/aws/aws-sdk-go-v2/credentials v1.17.41 h1:7gXo+Axmp+R4Z+AK8YFQO0ZV3L0gizGINCOWxSLY9W8= +github.com/aws/aws-sdk-go-v2/credentials v1.17.41/go.mod h1:u4Eb8d3394YLubphT4jLEwN1rLNq2wFOlT6OuxFwPzU= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.17 h1:TMH3f/SCAWdNtXXVPPu5D6wrr4G5hI1rAxbcocKfC7Q= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.17/go.mod h1:1ZRXLdTpzdJb9fwTMXiLipENRxkGMTn1sfKexGllQCw= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.32 h1:C2hE+gJ40Cb4vzhFJ+tTzjvBpPloUq7XP6PD3A2Fk7g= +github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.32/go.mod h1:0OmMtVNp+10JFBTfmA2AIeqBDm0YthDXmE+N7poaptk= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.21 h1:UAsR3xA31QGf79WzpG/ixT9FZvQlh5HY1NRqSHBNOCk= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.21/go.mod h1:JNr43NFf5L9YaG3eKTm7HQzls9J+A9YYcGI5Quh1r2Y= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.21 h1:6jZVETqmYCadGFvrYEQfC5fAQmlo80CeL5psbno6r0s= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.21/go.mod h1:1SR0GbLlnN3QUmYaflZNiH1ql+1qrSiB2vwcJ+4UM60= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.21 h1:7edmS3VOBDhK00b/MwGtGglCm7hhwNYnjJs/PgFdMQE= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.21/go.mod h1:Q9o5h4HoIWG8XfzxqiuK/CGUbepCJ8uTlaE3bAbxytQ= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.45.2 h1:NurelK9YO5OB0HlIUj1ycEZJIFNvkuG5iJjo7/r6AJ4= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.45.2/go.mod h1:YmWinWbpoVdOgnBZQFeZJ2l4kT97lvnRlTvX2zyyBfc= +github.com/aws/aws-sdk-go-v2/service/cloudfront v1.40.2 h1:d2VzVozwvcImzmlPTvIV5xHh3tsm5PSnHIlOpbZFZMY= +github.com/aws/aws-sdk-go-v2/service/cloudfront v1.40.2/go.mod h1:f3osu1mATeVxhF5MufhYckvB9WZNqv29c0wNR7egU9Q= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.182.0 h1:LaeziEhHZ/SJZYBK223QVzl3ucHvA9IP4tQMcxGrc9I= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.182.0/go.mod h1:kYXaB4FzyhEJjvrJ84oPnMElLiEAjGxxUunVW2tBSng= +github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.40.0 h1:ZQONu+vfYQ8LJ7G10RK9vXp/6G3B3PZ2KzwWWm4MRxE= +github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.40.0/go.mod h1:EF4KS26lCJdihrMJR9Rd4X4Q+rHLXa8Scx6S6tqg4WM= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0 h1:TToQNkvGguu209puTojY/ozlqy2d/SFNcoLIqTFi42g= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.0/go.mod h1:0jp+ltwkf+SwG2fm/PKo8t4y8pJSgOCO4D8Lz3k0aHQ= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.2 h1:4FMHqLfk0efmTqhXVRL5xYRqlEBNBiRI7N6w4jsEdd4= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.2/go.mod h1:LWoqeWlK9OZeJxsROW2RqrSPvQHKTpp69r/iDjwsSaw= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.2 h1:s7NA1SOw8q/5c0wr8477yOPp0z+uBaXBnLE0XYb0POA= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.2/go.mod h1:fnjjWyAW/Pj5HYOxl9LJqWtEwS7W2qgcRLWP+uWbss0= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.2 h1:t7iUP9+4wdc5lt3E41huP+GvQZJD38WLsgVp4iOtAjg= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.2/go.mod h1:/niFCtmuQNxqx9v8WAPq5qh7EH25U4BF6tjoyq9bObM= +github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.25.2 h1:GsOyDDu3svGW4UHi/wM7xHKUmMrbcy7iCGPDIfPiH2c= +github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.25.2/go.mod h1:fh2trEdv/AGvQ8Fi+5Kv+CJJ5pVlXqSKJUQJRLaSlhc= +github.com/aws/aws-sdk-go-v2/service/s3 v1.65.3 h1:xxHGZ+wUgZNACQmxtdvP5tgzfsxGS3vPpTP5Hy3iToE= +github.com/aws/aws-sdk-go-v2/service/s3 v1.65.3/go.mod h1:cB6oAuus7YXRZhWCc1wIwPywwZ1XwweNp2TVAEGYeB8= +github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.2 h1:Rrqru2wYkKQCS2IM5/JrgKUQIoNTqA6y/iuxkjzxC6M= +github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.34.2/go.mod h1:QuCURO98Sqee2AXmqDNxKXYFm2OEDAVAPApMqO0Vqnc= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.2 h1:bSYXVyUzoTHoKalBmwaZxs97HU9DWWI3ehHSAMa7xOk= +github.com/aws/aws-sdk-go-v2/service/sso v1.24.2/go.mod h1:skMqY7JElusiOUjMJMOv1jJsP7YUg7DrhgqZZWuzu1U= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.2 h1:AhmO1fHINP9vFYUE0LHzCWg/LfUWUF+zFPEcY9QXb7o= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.2/go.mod h1:o8aQygT2+MVP0NaV6kbdE1YnnIM8RRVQzoeUH45GOdI= +github.com/aws/aws-sdk-go-v2/service/sts v1.32.2 h1:CiS7i0+FUe+/YY1GvIBLLrR/XNGZ4CtM1Ll0XavNuVo= +github.com/aws/aws-sdk-go-v2/service/sts v1.32.2/go.mod h1:HtaiBI8CjYoNVde8arShXb94UbQQi9L4EMr6D+xGBwo= +github.com/aws/smithy-go v1.22.0 h1:uunKnWlcoL3zO7q+gG2Pk53joueEOsnNB28QdMsmiMM= +github.com/aws/smithy-go v1.22.0/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= +github.com/bazelbuild/buildtools v0.0.0-20240918101019-be1c24cc9a44 h1:FGzENZi+SX9I7h9xvMtRA3rel8hCEfyzSixteBgn7MU= +github.com/bazelbuild/buildtools v0.0.0-20240918101019-be1c24cc9a44/go.mod h1:PLNUetjLa77TCCziPsz0EI8a6CUxgC+1jgmWv0H25tg= +github.com/bazelbuild/rules_go v0.50.1 h1:/BUvuaB8MEiUA2oLPPCGtuw5V+doAYyiGTFyoSWlkrw= +github.com/bazelbuild/rules_go v0.50.1/go.mod h1:Dhcz716Kqg1RHNWos+N6MlXNkjNP2EwZQ0LukRKJfMs= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= -github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= @@ -213,18 +213,23 @@ github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3k github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= +github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g= +github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chai2010/gettext-go v1.0.2 h1:1Lwwip6Q2QGsAdl/ZKPCwTe9fe0CjlUbqj5bFNSjIRk= github.com/chai2010/gettext-go v1.0.2/go.mod h1:y+wnP2cHYaVj19NZhYKAwEMH2CI1gNHeQQ+5AjwawxA= +github.com/chengxilo/virtualterm v1.0.4 h1:Z6IpERbRVlfB8WkOmtbHiDbBANU7cimRIof7mk9/PwM= +github.com/chengxilo/virtualterm v1.0.4/go.mod h1:DyxxBZz/x1iqJjFxTFcr6/x+jSpqN0iwWCOK1q10rlY= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= -github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= +github.com/cloudflare/circl v1.3.9 h1:QFrlgFYf2Qpi8bSpVPK1HBvWpx16v/1TZivyo7pGuBE= +github.com/cloudflare/circl v1.3.9/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZFnBQS5QU= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= +github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 h1:QVw89YDxXxEe+l8gU8ETbOasdwEV+avkR75ZzsVV9WI= +github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8= github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM= github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw= github.com/containerd/containerd v1.7.12 h1:+KQsnv4VnzyxWcfO9mlxxELaoztsDEjOuCMPAuPqgU0= @@ -233,21 +238,15 @@ github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= -github.com/coredns/caddy v1.1.0/go.mod h1:A6ntJQlAWuQfFlsd9hvigKbo2WS0VUs2l1e2F+BawD4= github.com/coredns/caddy v1.1.1 h1:2eYKZT7i6yxIfGP3qLJoJ7HAsDJqYB+X68g4NYjSrE0= github.com/coredns/caddy v1.1.1/go.mod h1:A6ntJQlAWuQfFlsd9hvigKbo2WS0VUs2l1e2F+BawD4= -github.com/coredns/corefile-migration v1.0.21 h1:W/DCETrHDiFo0Wj03EyMkaQ9fwsmSgqTCQDHpceaSsE= -github.com/coredns/corefile-migration v1.0.21/go.mod h1:XnhgULOEouimnzgn0t4WPuFDN2/PJQcTxdWKC5eXNGE= -github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= -github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= -github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= +github.com/coredns/corefile-migration v1.0.23 h1:Fp4FETmk8sT/IRgnKX2xstC2dL7+QdcU+BL5AYIN3Jw= +github.com/coredns/corefile-migration v1.0.23/go.mod h1:8HyMhuyzx9RLZp8cRc9Uf3ECpEAafHOFxQWUPqktMQI= github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4= github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= -github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= -github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= +github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4= github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= @@ -255,8 +254,8 @@ github.com/creack/pty v1.1.21 h1:1/QdRyBaHHJP61QkWMXlOIBfsgdDeeKfK8SYVUWJKf0= github.com/creack/pty v1.1.21/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7 h1:vU+EP9ZuFUCYE0NYLwTSob+3LNEJATzNfP/DC7SWGWI= github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw= -github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= -github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= +github.com/cyphar/filepath-securejoin v0.3.1 h1:1V7cHiaW+C+39wEfpH6XlLBQo3j/PciWFrgfCLS8XrE= +github.com/cyphar/filepath-securejoin v0.3.1/go.mod h1:F7i41x/9cBF7lzCrVsYs9fuzwRZm4NQsGTBdpp6mETc= github.com/daniel-weisse/go-cryptsetup v0.0.0-20230705150314-d8c07bd1723c h1:ToajP6trZoiqlZ3Z4uoG1P02/wtqSw1AcowOXOYjATk= github.com/daniel-weisse/go-cryptsetup v0.0.0-20230705150314-d8c07bd1723c/go.mod h1:gZoZ0+POlM1ge/VUxWpMmZVNPzzMJ7l436CgkQ5+qzU= github.com/danieljoos/wincred v1.2.0 h1:ozqKHaLK0W/ii4KVbbvluM91W2H3Sh0BncbUNPS7jLE= @@ -265,18 +264,18 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= -github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= +github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78= +github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aBfCb7iqHmDEIp6fBvC/hQUddQfg+3qdYjwzaiP9Hnc= github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2/go.mod h1:WHNsWjnIn2V1LYOrME7e8KxSeKunYHsxEm4am0BUtcI= github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0= github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= -github.com/docker/cli v25.0.1+incompatible h1:mFpqnrS6Hsm3v1k7Wa/BO23oz0k121MTbTO1lpcGSkU= -github.com/docker/cli v25.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v27.1.1+incompatible h1:goaZxOqs4QKxznZjjBWKONQci/MywhtRv2oNn0GkeZE= +github.com/docker/cli v27.1.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v27.1.1+incompatible h1:hO/M4MtV36kzKldqnA37IWhebRA+LnqqcqDja6kVaKY= -github.com/docker/docker v27.1.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v27.3.1+incompatible h1:KttF0XoteNTicmUtBO0L2tP+J7FGRFTjaEF4k6WdhfI= +github.com/docker/docker v27.3.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= @@ -300,7 +299,11 @@ github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FM github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= +github.com/envoyproxy/go-control-plane v0.13.0 h1:HzkeUz1Knt+3bK+8LG1bxOO/jzWZmdxpwC51i202les= +github.com/envoyproxy/go-control-plane v0.13.0/go.mod h1:GRaKG3dwvFoTg4nj7aXdZnvMg4d7nvT/wl9WgVXn3Q8= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/envoyproxy/protoc-gen-validate v1.1.0 h1:tntQDh69XqOCOZsDz0lVJQez/2L6Uu2PdjCQwWCJ3bM= +github.com/envoyproxy/protoc-gen-validate v1.1.0/go.mod h1:sXRDRVmzEbkM7CVcM06s9shE/m23dg3wzjl0UWqJ2q4= github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= @@ -309,23 +312,23 @@ github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d h1:105gxyaGwC github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZMPRZwes7CROmyNKgQzC3XPs6L/G2EJLHddWejkmf4= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= -github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= -github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= +github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= +github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/foxboron/go-uefi v0.0.0-20240805124652-e2076f0e58ca h1:ErxkaWK5AIt8gQf3KpAuQQBdZI4ps72HzEe123kh+So= github.com/foxboron/go-uefi v0.0.0-20240805124652-e2076f0e58ca/go.mod h1:ffg/fkDeOYicEQLoO2yFFGt00KUTYVXI+rfnc8il6vQ= -github.com/foxcpp/go-mockdns v1.0.0 h1:7jBqxd3WDWwi/6WhDvacvH1XsN3rOLXyHM1uhvIx6FI= -github.com/foxcpp/go-mockdns v1.0.0/go.mod h1:lgRN6+KxQBawyIghpnl5CezHFGS9VLzvtVlwxvzXTQ4= +github.com/foxcpp/go-mockdns v1.1.0 h1:jI0rD8M0wuYAxL7r/ynTrCQQq0BVqfB99Vgk7DlmewI= +github.com/foxcpp/go-mockdns v1.1.0/go.mod h1:IhLeSFGed3mJIAXPH2aiRQB+kqz7oqu8ld2qVbOu7Wk= github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= -github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= +github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0= github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk= -github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/go-chi/chi v4.1.2+incompatible h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec= github.com/go-chi/chi v4.1.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= @@ -336,7 +339,6 @@ github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+ github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow= github.com/go-git/go-git/v5 v5.12.0 h1:7Md+ndsjrzZxbddRDZjF14qK+NN56sy6wkqaVrjZtys= github.com/go-git/go-git/v5 v5.12.0/go.mod h1:FTM9VKtnI2m65hNI/TenDDDnUf2Q9FHnXYjuz9i5OEY= -github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gorp/gorp/v3 v3.1.0 h1:ItKF/Vbuj31dmV4jxA1qblpSwkl9g1typ24xoe70IGs= github.com/go-gorp/gorp/v3 v3.1.0/go.mod h1:dLEjIyyRNiXvNZ8PSmzpt1GsWAUK8kjVhEpjH8TixEw= github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= @@ -379,10 +381,9 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= -github.com/go-playground/validator/v10 v10.22.0 h1:k6HsTZ0sTnROkhS//R0O+55JgM8C4Bx7ia+JlgcnOao= -github.com/go-playground/validator/v10 v10.22.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM= +github.com/go-playground/validator/v10 v10.22.1 h1:40JcKH+bBNGFczGuoBYgX4I6m/i27HYW8P9FDk5PbgA= +github.com/go-playground/validator/v10 v10.22.1/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM= github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= -github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y= github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= @@ -390,21 +391,14 @@ github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1v github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U= github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= -github.com/gobuffalo/logger v1.0.6 h1:nnZNpxYo0zx+Aj9RfMPBm+x9zAU2OayFh/xrAWi34HU= -github.com/gobuffalo/logger v1.0.6/go.mod h1:J31TBEHR1QLV2683OXTAItYIg8pv2JMHnF/quuAbMjs= -github.com/gobuffalo/packd v1.0.1 h1:U2wXfRr4E9DH8IdsDLlRFwTZTK7hLfq9qT/QHXGVe/0= -github.com/gobuffalo/packd v1.0.1/go.mod h1:PP2POP3p3RXGz7Jh6eYEf93S7vA2za6xM7QT85L4+VY= -github.com/gobuffalo/packr/v2 v2.8.3 h1:xE1yzvnO56cUC0sTpKR3DIbxZgB54AftTFMhB2XEWlY= -github.com/gobuffalo/packr/v2 v2.8.3/go.mod h1:0SahksCVcx4IMnigTjiFuyldmTrdTctXsOdiU5KwbKc= github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/gofrs/uuid/v5 v5.2.0 h1:qw1GMx6/y8vhVsx626ImfKMuS5CvJmhIKKtuyvfajMM= -github.com/gofrs/uuid/v5 v5.2.0/go.mod h1:CDOjlDMVAtN56jqyRUZh58JT31Tiw7/oQyEXZV+9bD8= +github.com/gofrs/uuid/v5 v5.3.0 h1:m0mUMr+oVYUdxpMLgSYCZiXe7PuVPnI94+OMeVBNedk= +github.com/gofrs/uuid/v5 v5.3.0/go.mod h1:CDOjlDMVAtN56jqyRUZh58JT31Tiw7/oQyEXZV+9bD8= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= @@ -413,13 +407,10 @@ github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -437,8 +428,6 @@ github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/gomodule/redigo v1.8.2 h1:H5XSIre1MB5NbPYFp+i1NBbb5qN1W8Y8YAQoAYbkm8k= github.com/gomodule/redigo v1.8.2/go.mod h1:P9dn9mFrCBvWhGE1wpxx6fgq7BAeLBk+UUUzlpkBYO0= -github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU= github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= github.com/google/certificate-transparency-go v1.0.21/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg= @@ -461,8 +450,8 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-configfs-tsm v0.2.2 h1:YnJ9rXIOj5BYD7/0DNnzs8AOp7UcvjfTvt215EWcs98= github.com/google/go-configfs-tsm v0.2.2/go.mod h1:EL1GTDFMb5PZQWDviGfZV9n87WeGTR/JUg13RfwkgRo= -github.com/google/go-containerregistry v0.20.0 h1:wRqHpOeVh3DnenOrPy9xDOLdnLatiGuuNRVelR2gSbg= -github.com/google/go-containerregistry v0.20.0/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= +github.com/google/go-containerregistry v0.20.2 h1:B1wPJ1SN/S7pB+ZAimcciVD+r+yV/l/DSArMxlbwseo= +github.com/google/go-containerregistry v0.20.2/go.mod h1:z38EKdKh4h7IP2gSfUUqEvalZBqs6AoLeWfUy34nQC8= github.com/google/go-sev-guest v0.11.1 h1:gnww4U8fHV5DCPz4gykr1s8SEX1fFNcxCBy+vvXN24k= github.com/google/go-sev-guest v0.11.1/go.mod h1:qBOfb+JmgsUI3aUyzQoGC13Kpp9zwLeWvuyXmA9q77w= github.com/google/go-tdx-guest v0.3.1 h1:gl0KvjdsD4RrJzyLefDOvFOUH3NAJri/3qvaL5m83Iw= @@ -478,15 +467,10 @@ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/logger v1.1.1 h1:+6Z2geNxc9G+4D4oDO9njjjn2d0wN5d7uOo0vOIW1NQ= github.com/google/logger v1.1.1/go.mod h1:BkeJZ+1FhQ+/d087r4dzojEg1u2ZX+ZqG1jTUrLM+zQ= -github.com/google/martian v2.1.0+incompatible h1:/CP5g8u/VJHijgedC/Legn3BAbAaWPgecwXBIDzw5no= -github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.3.3 h1:DIhPTQrbPkgs2yJYdXU/eNACCG5DVQjySNRNlflZ9Fc= github.com/google/martian/v3 v3.3.3/go.mod h1:iEPrYcgCF7jA9OtScMFQyAlZZ4YXTKEtJ1E6RWzmBA0= -github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= -github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= -github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= +github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5 h1:5iH8iuqE5apketRbSFBy+X1V0o+l+8NF1avt4HWl7cA= +github.com/google/pprof v0.0.0-20240827171923-fa2c70bbbfe5/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= @@ -498,43 +482,33 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/enterprise-certificate-proxy v0.3.4 h1:XYIDZApgAnrN1c855gTgghdIA6Stxb52D5RnLI1SLyw= github.com/googleapis/enterprise-certificate-proxy v0.3.4/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA= -github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= -github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.13.0 h1:yitjD5f7jQHhyDsnhKEBU52NdvvdSeGzlAnDPT0hH1s= github.com/googleapis/gax-go/v2 v2.13.0/go.mod h1:Z/fvTZXF8/uw7Xu5GuslPw+bplx6SS338j1Is2S+B7A= -github.com/gophercloud/gophercloud/v2 v2.1.0 h1:91p6c+uMckXyx39nSIYjDirDBnPVFQq0q1njLNPX+NY= -github.com/gophercloud/gophercloud/v2 v2.1.0/go.mod h1:f2hMRC7Kakbv5vM7wSGHrIPZh6JZR60GVHryJlF/K44= -github.com/gophercloud/utils/v2 v2.0.0-20240807081201-990d90b23c70 h1:UFRmN3w9eSxwHsOGjA3BiYGEBDUAFaHHv5alaMHbbFE= -github.com/gophercloud/utils/v2 v2.0.0-20240807081201-990d90b23c70/go.mod h1:ZNbSKwPYzyQ7PKmlCvVdI2JvwVHsl/ZVVXnpJRNkLrQ= -github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= +github.com/gophercloud/gophercloud/v2 v2.1.1 h1:KUeVTUoq6um/CijR+hl1JRZ35SXRY62LiYUbgp4qqKw= +github.com/gophercloud/gophercloud/v2 v2.1.1/go.mod h1:f2hMRC7Kakbv5vM7wSGHrIPZh6JZR60GVHryJlF/K44= +github.com/gophercloud/utils/v2 v2.0.0-20241008104625-7cbb8fd76bb7 h1:RDFC3+cVfeCQ8zi/PgaKrPzJyUbwzg3Mi2xCWnAW+g4= +github.com/gophercloud/utils/v2 v2.0.0-20241008104625-7cbb8fd76bb7/go.mod h1:hLzf9Ts2fhebZrZAtq6BpbwXQLEZmUqa7ABJMkg/il8= github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4= github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q= github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= -github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY= github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= -github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.1.0 h1:pRhl55Yx1eC7BZ1N+BBWwnKaMyD8uC+34TLdndZMAKk= github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.1.0/go.mod h1:XKMd7iuf/RGPSMJ/U4HP0zS2Z9Fh8Ps9a+6X26m/tmI= -github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= -github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k= -github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= -github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 h1:asbCHRVmodnJTuQ3qamDwqVOIjwqUPTYmYuemVOx+Ys= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0/go.mod h1:ggCgvZ2r7uOoQjOyu2Y1NhHmEPPzzuhWgcza5M1Ji1I= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-checkpoint v0.5.0 h1:MFYpPZCnQqQTE18jFwSII6eUQrD/oxMFp3mlgcqk5mU= github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg= github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= -github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 h1:1/D3zfFHttUKaCaGKZ/dR2roBXv0vKbSCnssIldfQdI= @@ -542,7 +516,6 @@ github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320/go.mod h1:EiZBM github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= -github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-kms-wrapping/v2 v2.0.16 h1:WZeXfD26QMWYC35at25KgE021SF9L3u9UMHK8fJAdV0= github.com/hashicorp/go-kms-wrapping/v2 v2.0.16/go.mod h1:ZiKZctjRTLEppuRwrttWkp71VYMbTTCkazK4xT7U/NQ= github.com/hashicorp/go-kms-wrapping/wrappers/awskms/v2 v2.0.9 h1:qdxeZvDMRGZ3YSE4Oz0Pp7WUSUn5S6cWZguEOkEVL50= @@ -551,56 +524,43 @@ github.com/hashicorp/go-kms-wrapping/wrappers/azurekeyvault/v2 v2.0.11 h1:/7SKkY github.com/hashicorp/go-kms-wrapping/wrappers/azurekeyvault/v2 v2.0.11/go.mod h1:LepS5s6ESGE0qQMpYaui5lX+mQYeiYiy06VzwWRioO8= github.com/hashicorp/go-kms-wrapping/wrappers/gcpckms/v2 v2.0.12 h1:PCqWzT/Hii0KL07JsBZ3lJbv/wx02IAHYlhWQq8rxRY= github.com/hashicorp/go-kms-wrapping/wrappers/gcpckms/v2 v2.0.12/go.mod h1:HSaOaX/lv3ShCdilUYbOTPnSvmoZ9xtQhgw+8hYcZkg= -github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= -github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= -github.com/hashicorp/go-plugin v1.6.0 h1:wgd4KxHJTVGGqWBq4QPB1i5BZNEx9BR8+OFmHDmTk8A= -github.com/hashicorp/go-plugin v1.6.0/go.mod h1:lBS5MtSSBZk0SHc66KACcjjlU6WzEVP/8pwz68aMkCI= +github.com/hashicorp/go-plugin v1.6.1 h1:P7MR2UP6gNKGPp+y7EZw2kOiq4IR9WiqLvp0XOsVdwI= +github.com/hashicorp/go-plugin v1.6.1/go.mod h1:XPHFku2tFo3o3QKFgSYo+cghcUhw1NA1hZyMK0PWAw0= github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU= github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= -github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6 h1:W9WN8p6moV1fjKLkeqEgkAMu5rauy9QeYDAmIaPuuiA= github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6/go.mod h1:MpCPSPGLDILGb4JMm94/mMi3YysIqsXzGCzkEZjcjXg= -github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= -github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.7.0 h1:5tqGy27NaOTB8yJKUZELlFAS/LTKJkrmONwQKeRZfjY= github.com/hashicorp/go-version v1.7.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= -github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc= github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= -github.com/hashicorp/hc-install v0.8.0 h1:LdpZeXkZYMQhoKPCecJHlKvUkQFixN/nvyR1CdfOLjI= -github.com/hashicorp/hc-install v0.8.0/go.mod h1:+MwJYjDfCruSD/udvBmRB22Nlkwwkwf5sAB6uTIhSaU= -github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hashicorp/hcl/v2 v2.21.0 h1:lve4q/o/2rqwYOgUg3y3V2YPyD1/zkCLGjIV74Jit14= -github.com/hashicorp/hcl/v2 v2.21.0/go.mod h1:62ZYHrXgPoX8xBnzl8QzbWq4dyDsDtfCRgIq1rbJEvA= +github.com/hashicorp/hc-install v0.9.0 h1:2dIk8LcvANwtv3QZLckxcjyF5w8KVtiMxu6G6eLhghE= +github.com/hashicorp/hc-install v0.9.0/go.mod h1:+6vOP+mf3tuGgMApVYtmsnDoKWMDcFXeTxCACYZ8SFg= +github.com/hashicorp/hcl/v2 v2.22.0 h1:hkZ3nCtqeJsDhPRFz5EA9iwcG1hNWGePOTw6oyul12M= +github.com/hashicorp/hcl/v2 v2.22.0/go.mod h1:62ZYHrXgPoX8xBnzl8QzbWq4dyDsDtfCRgIq1rbJEvA= github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= -github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= -github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= -github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= github.com/hashicorp/terraform-exec v0.21.0 h1:uNkLAe95ey5Uux6KJdua6+cv8asgILFVWkd/RG0D2XQ= github.com/hashicorp/terraform-exec v0.21.0/go.mod h1:1PPeMYou+KDUSSeRE9szMZ/oHf4fYUmB923Wzbq1ICg= github.com/hashicorp/terraform-json v0.22.1 h1:xft84GZR0QzjPVWs4lRUwvTcPnegqlyS7orfb5Ltvec= github.com/hashicorp/terraform-json v0.22.1/go.mod h1:JbWSQCLFSXFFhg42T7l9iJwdGXBYV8fmmD6o/ML4p3A= -github.com/hashicorp/terraform-plugin-framework v1.10.0 h1:xXhICE2Fns1RYZxEQebwkB2+kXouLC932Li9qelozrc= -github.com/hashicorp/terraform-plugin-framework v1.10.0/go.mod h1:qBXLDn69kM97NNVi/MQ9qgd1uWWsVftGSnygYG1tImM= +github.com/hashicorp/terraform-plugin-framework v1.12.0 h1:7HKaueHPaikX5/7cbC1r9d1m12iYHY+FlNZEGxQ42CQ= +github.com/hashicorp/terraform-plugin-framework v1.12.0/go.mod h1:N/IOQ2uYjW60Jp39Cp3mw7I/OpC/GfZ0385R0YibmkE= github.com/hashicorp/terraform-plugin-framework-validators v0.13.0 h1:bxZfGo9DIUoLLtHMElsu+zwqI4IsMZQBRRy4iLzZJ8E= github.com/hashicorp/terraform-plugin-framework-validators v0.13.0/go.mod h1:wGeI02gEhj9nPANU62F2jCaHjXulejm/X+af4PdZaNo= -github.com/hashicorp/terraform-plugin-go v0.23.0 h1:AALVuU1gD1kPb48aPQUjug9Ir/125t+AAurhqphJ2Co= -github.com/hashicorp/terraform-plugin-go v0.23.0/go.mod h1:1E3Cr9h2vMlahWMbsSEcNrOCxovCZhOOIXjFHbjc/lQ= +github.com/hashicorp/terraform-plugin-go v0.24.0 h1:2WpHhginCdVhFIrWHxDEg6RBn3YaWzR2o6qUeIEat2U= +github.com/hashicorp/terraform-plugin-go v0.24.0/go.mod h1:tUQ53lAsOyYSckFGEefGC5C8BAaO0ENqzFd3bQeuYQg= github.com/hashicorp/terraform-plugin-log v0.9.0 h1:i7hOA+vdAItN1/7UrfBqBwvYPQ9TFvymaRGZED3FCV0= github.com/hashicorp/terraform-plugin-log v0.9.0/go.mod h1:rKL8egZQ/eXSyDqzLUuwUYLVdlYeamldAHSxjUFADow= github.com/hashicorp/terraform-plugin-sdk/v2 v2.34.0 h1:kJiWGx2kiQVo97Y5IOGR4EMcZ8DtMswHhUuFibsCQQE= github.com/hashicorp/terraform-plugin-sdk/v2 v2.34.0/go.mod h1:sl/UoabMc37HA6ICVMmGO+/0wofkVIRxf+BMb/dnoIg= -github.com/hashicorp/terraform-plugin-testing v1.9.0 h1:xOsQRqqlHKXpFq6etTxih3ubdK3HVDtfE1IY7Rpd37o= -github.com/hashicorp/terraform-plugin-testing v1.9.0/go.mod h1:fhhVx/8+XNJZTD5o3b4stfZ6+q7z9+lIWigIYdT6/44= +github.com/hashicorp/terraform-plugin-testing v1.10.0 h1:2+tmRNhvnfE4Bs8rB6v58S/VpqzGC6RCh9Y8ujdn+aw= +github.com/hashicorp/terraform-plugin-testing v1.10.0/go.mod h1:iWRW3+loP33WMch2P/TEyCxxct/ZEcCGMquSLSCVsrc= github.com/hashicorp/terraform-registry-address v0.2.3 h1:2TAiKJ1A3MAkZlH1YI/aTVcLZRu7JseiXNRHbOAyoTI= github.com/hashicorp/terraform-registry-address v0.2.3/go.mod h1:lFHA76T8jfQteVfT7caREqguFrW3c4MFSPhZB7HHgUM= github.com/hashicorp/terraform-svchost v0.1.1 h1:EZZimZ1GxdqFRinZ1tpJwVxxt49xc/S52uzrw4x0jKQ= @@ -611,13 +571,10 @@ github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUq github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg= github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef h1:A9HsByNhogrvm9cWb28sjiS3i7tcKCkflWFEkHfuAgM= github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef/go.mod h1:lADxMC39cJJqL93Duh1xhAs4I2Zs8mKS89XWXFGp9cs= -github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= -github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU= -github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= -github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= -github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM= -github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= -github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= +github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI= +github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= +github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= +github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= @@ -633,24 +590,19 @@ github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGw github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/jmhodges/clock v1.2.0 h1:eq4kys+NI0PLngzaHEe7AmPT90XMGIEySD1JfV1PDIs= github.com/jmhodges/clock v1.2.0/go.mod h1:qKjhA7x7u/lQpPB1XAqX1b1lCI/w3/fNuYpI/ZjLynI= -github.com/jmoiron/sqlx v1.3.5 h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g= -github.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ= -github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= +github.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o= +github.com/jmoiron/sqlx v1.4.0/go.mod h1:ZrZ7UsYB/weZdl2Bxg6jCRO9c3YHl8r3ahlKmRT4JLY= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= -github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= -github.com/k0kubun/go-ansi v0.0.0-20180517002512-3bf9e2903213/go.mod h1:vNUNkEQ1e29fT/6vq2aBdFsgNPmy8qMdSay1npru+Sw= -github.com/karrick/godirwalk v1.17.0 h1:b4kY7nqDdioR/6qnbHQyDvmA17u5G1cZ6J+CZXwSWoI= -github.com/karrick/godirwalk v1.17.0/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk= github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= -github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= +github.com/keybase/go-keychain v0.0.0-20231219164618-57a3676c3af6 h1:IsMZxCuZqKuao2vNdfD82fjjgPLfyHLpR41Z88viRWs= +github.com/keybase/go-keychain v0.0.0-20231219164618-57a3676c3af6/go.mod h1:3VeWNIJaW+O5xpRQbPp0Ybqu1vJd/pm7s2F473HRrkw= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= @@ -675,30 +627,20 @@ github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ= github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI= github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec h1:2tTW6cDth2TSgRbAhD7yjZzTQmcN25sDRPEeinR51yQ= github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec/go.mod h1:TmwEoGCwIti7BCeJ9hescZgRtatxRE+A72pCoPfmcfk= -github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= github.com/lithammer/dedent v1.1.0 h1:VNzHMVCBNG1j0fh3OrsFRkVUwStdDArbgBWoPAffktY= github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z9BP0jIOc= -github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/markbates/errx v1.1.0 h1:QDFeR+UP95dO12JgW+tgi2UVfo0V8YBHiUIOaeBPiEI= -github.com/markbates/errx v1.1.0/go.mod h1:PLa46Oex9KNbVDZhKel8v1OT7hD5JZ2eI7AHhA0wswc= -github.com/markbates/oncer v1.0.0 h1:E83IaVAHygyndzPimgUYJjbshhDTALZyXxvk9FOlQRY= -github.com/markbates/oncer v1.0.0/go.mod h1:Z59JA581E9GP6w96jai+TGqafHPW+cPfRxz2aSZ0mcI= -github.com/markbates/safe v1.0.1 h1:yjZkbvRM6IzKj9tlu/zMJLS0n/V351OZWRnF3QfaUxI= -github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0= -github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= -github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= @@ -706,46 +648,35 @@ github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27k github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= -github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU= -github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= -github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= +github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc= +github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU= github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4= github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY= -github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db h1:62I3jR2EmQ4l5rM/4FEfDWcRD+abF5XlKShorW5LRoQ= github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db/go.mod h1:l0dey0ia/Uv7NcFFVbCLtqEBQbrT4OCwCSKTEv6enCw= -github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= -github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU= github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8= github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= -github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= -github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= -github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0= github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= -github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8= -github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= -github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78= -github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= +github.com/moby/spdystream v0.4.0 h1:Vy79D6mHeJJjiPdFEL2yku1kl0chZpJfZcPpb16BRl8= +github.com/moby/spdystream v0.4.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= +github.com/moby/sys/mountinfo v0.7.1 h1:/tTvQaSJRr2FshkhXiIpux6fQ2Zvc4j7tAhMTStAG2g= +github.com/moby/sys/mountinfo v0.7.1/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -770,20 +701,22 @@ github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/olareg/olareg v0.1.0 h1:1dXBOgPrig5N7zoXyIZVQqU0QBo6sD9pbL6UYjY75CA= github.com/olareg/olareg v0.1.0/go.mod h1:RBuU7JW7SoIIxZKzLRhq8sVtQeAHzCAtRrXEBx2KlM4= -github.com/onsi/ginkgo/v2 v2.19.1 h1:QXgq3Z8Crl5EL1WBAC98A5sEBHARrAJNzAmMxzLcRF0= -github.com/onsi/ginkgo/v2 v2.19.1/go.mod h1:O3DtEWQkPa/F7fBMgmZQKKsluAy8pd3rEQdrjkPb9zA= -github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= -github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= +github.com/onsi/ginkgo/v2 v2.20.2 h1:7NVCeyIWROIAheY21RLS+3j2bb52W0W82tkberYytp4= +github.com/onsi/ginkgo/v2 v2.20.2/go.mod h1:K9gyxPIlb+aIvnZ8bd9Ak+YP18w3APlR+5coaZoE2ag= +github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8= +github.com/onsi/gomega v1.34.2/go.mod h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/opencontainers/image-spec v1.1.0-rc6 h1:XDqvyKsJEbRtATzkgItUqBA7QHk58yxX1Ov9HERHNqU= -github.com/opencontainers/image-spec v1.1.0-rc6/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= +github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= +github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= +github.com/opencontainers/runc v1.1.13 h1:98S2srgG9vw0zWcDpFMn5TRrh8kLxa/5OFUstuUhmRs= +github.com/opencontainers/runc v1.1.13/go.mod h1:R016aXacfp/gwQBYw2FDGa9m+n6atbLWrYY8hNMT/sA= +github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk= +github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= -github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pborman/uuid v1.2.1 h1:+ZZIw58t/ozdjRaXh/3awHfmWRbzYxJoAdNJxe/3pvw= github.com/pborman/uuid v1.2.1/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= -github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI= @@ -793,103 +726,84 @@ github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFz github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 h1:GFCKgmp0tecUJ0sJuv4pzYCqS9+RGSn52M3FUwPs+uo= +github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10/go.mod h1:t/avpk3KcrXxUnYOhZhMXJlSEyie6gQbtLq5NM3loB8= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/poy/onpar v1.1.2 h1:QaNrNiZx0+Nar5dLgTVp5mXkyoVFIbepjyEoGSnhbAY= github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjzg= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g= -github.com/prometheus/client_golang v1.19.0 h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU= -github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdURP+DABIEIjnmDdp+k= +github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE= +github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= -github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= -github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= -github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= +github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= +github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= -github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE= -github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc= +github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= +github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= -github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= -github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= -github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= +github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= +github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= +github.com/redis/go-redis/v9 v9.6.1 h1:HHDteefn6ZkTtY5fGUE8tj8uy85AHk6zP7CpzIAM0y4= +github.com/redis/go-redis/v9 v9.6.1/go.mod h1:0C0c6ycQsdpVNQpxb1njEQIqkx5UcsM8FJCQLgE9+RA= github.com/regclient/regclient v0.7.1 h1:qEsJrTmZd98fZKjueAbrZCSNGU+ifnr6xjlSAs3WOPs= github.com/regclient/regclient v0.7.1/go.mod h1:+w/BFtJuw0h0nzIw/z2+1FuA2/dVXBzDq4rYmziJpMc= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= -github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= -github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= -github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= -github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= -github.com/rubenv/sql-migrate v1.5.2 h1:bMDqOnrJVV/6JQgQ/MxOpU+AdO8uzYYA/TxFUBzFtS0= -github.com/rubenv/sql-migrate v1.5.2/go.mod h1:H38GW8Vqf8F0Su5XignRyaRcbXbJunSWxs+kmzlg0Is= -github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= +github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= +github.com/rubenv/sql-migrate v1.7.0 h1:HtQq1xyTN2ISmQDggnh0c9U3JlP8apWh8YO2jzlXpTI= +github.com/rubenv/sql-migrate v1.7.0/go.mod h1:S4wtDEG1CKn+0ShpTtzWhFpHHI5PvCUtiGI+C+Z2THE= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= -github.com/samber/lo v1.38.1 h1:j2XEAqXKb09Am4ebOg31SpvzUTTs6EN3VfgeLUhPdXM= -github.com/samber/lo v1.38.1/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA= -github.com/samber/slog-multi v1.2.0 h1:JIebVdmeGkCMd5/ticlmU+aDYl4tdAZBmp5uLaSzr0k= -github.com/samber/slog-multi v1.2.0/go.mod h1:uLAvHpGqbYgX4FSL0p1ZwoLuveIAJvBECtE07XmYvFo= +github.com/samber/lo v1.47.0 h1:z7RynLwP5nbyRscyvcD043DWYoOcYRv3mV8lBeqOCLc= +github.com/samber/lo v1.47.0/go.mod h1:RmDH9Ct32Qy3gduHQuKJ3gW1fMHAnE/fAzQuf6He5cU= +github.com/samber/slog-multi v1.2.3 h1:np8YoAZbGP699xA92SYZxs7zzKpL1/yBYk6q8/caXpc= +github.com/samber/slog-multi v1.2.3/go.mod h1:ACuZ5B6heK57TfMVkVknN2UZHoFfjCwRxR0Q2OXKHlo= github.com/sassoftware/relic v7.2.1+incompatible h1:Pwyh1F3I0r4clFJXkSI8bOyJINGqpgjJU3DYAZeI05A= github.com/sassoftware/relic v7.2.1+incompatible/go.mod h1:CWfAxv73/iLZ17rbyhIEq3K9hs5w6FpNMdUT//qR+zk= github.com/sassoftware/relic/v7 v7.6.2 h1:rS44Lbv9G9eXsukknS4mSjIAuuX+lMq/FnStgmZlUv4= github.com/sassoftware/relic/v7 v7.6.2/go.mod h1:kjmP0IBVkJZ6gXeAu35/KCEfca//+PKM6vTAsyDPY+k= -github.com/schollz/progressbar/v3 v3.14.6 h1:GyjwcWBAf+GFDMLziwerKvpuS7ZF+mNTAXIB2aspiZs= -github.com/schollz/progressbar/v3 v3.14.6/go.mod h1:Nrzpuw3Nl0srLY0VlTvC4V6RL50pcEymjy6qyJAaLa0= -github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= +github.com/schollz/progressbar/v3 v3.16.1 h1:RnF1neWZFzLCoGx8yp1yF7SDl4AzNDI5y4I0aUJRrZQ= +github.com/schollz/progressbar/v3 v3.16.1/go.mod h1:I2ILR76gz5VXqYMIY/LdLecvMHDPVcQm3W/MSKi1TME= github.com/secure-systems-lab/go-securesystemslib v0.8.0 h1:mr5An6X45Kb2nddcFlbmfHkLguCE9laoZCUzEEpIZXA= github.com/secure-systems-lab/go-securesystemslib v0.8.0/go.mod h1:UH2VZVuJfCYR8WgMlCU1uFsOUU+KeyrTWcSS73NBOzU= github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= -github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= -github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8= -github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= -github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= -github.com/siderolabs/talos/pkg/machinery v1.7.5 h1:M02UZSDfN0BB4bXhTYDjEmVvAIX1GsAS45cyKh6+HHU= -github.com/siderolabs/talos/pkg/machinery v1.7.5/go.mod h1:OeamhNo92c3V96bddZNhcCgoRyzw2KWBtpma1lfchtg= +github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k= +github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME= +github.com/siderolabs/talos/pkg/machinery v1.8.1 h1:oeJQmkLNjEG5jxrzPiC2XMQS5dcg1qZ17p5LKcaCbRM= +github.com/siderolabs/talos/pkg/machinery v1.8.1/go.mod h1:mWTmuUk8G6CdkhUfDmsrIkgPo0G6J5hC/zGazgnyzBg= github.com/sigstore/rekor v1.3.6 h1:QvpMMJVWAp69a3CHzdrLelqEqpTM3ByQRt5B5Kspbi8= github.com/sigstore/rekor v1.3.6/go.mod h1:JDTSNNMdQ/PxdsS49DJkJ+pRJCO/83nbR5p3aZQteXc= -github.com/sigstore/sigstore v1.8.7 h1:L7/zKauHTg0d0Hukx7qlR4nifh6T6O6UIt9JBwAmTIg= -github.com/sigstore/sigstore v1.8.7/go.mod h1:MPiQ/NIV034Fc3Kk2IX9/XmBQdK60wfmpvgK9Z1UjRA= +github.com/sigstore/sigstore v1.8.10 h1:r4t+TYzJlG9JdFxMy+um9GZhZ2N1hBTyTex0AHEZxFs= +github.com/sigstore/sigstore v1.8.10/go.mod h1:BekjqxS5ZtHNJC4u3Q3Stvfx2eyisbW/lUZzmPU2u4A= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/skeema/knownhosts v1.2.2 h1:Iug2P4fLmDw9f41PB6thxUkNUkJzB5i+1/exaj40L3A= github.com/skeema/knownhosts v1.2.2/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo= -github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= -github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= -github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= -github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= -github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY= -github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0= -github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= -github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= +github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w= +github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= +github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= -github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= -github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= @@ -907,14 +821,12 @@ github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/theupdateframework/go-tuf v0.7.0 h1:CqbQFrWo1ae3/I0UCblSbczevCCbS31Qvs5LdxRWqRI= github.com/theupdateframework/go-tuf v0.7.0/go.mod h1:uEB7WSY+7ZIugK6R1hiBMBjQftaFzn7ZCDJcp1tCUug= github.com/tink-crypto/tink-go/v2 v2.2.0 h1:L2Da0F2Udh2agtKztdr69mV/KpnY3/lGTkMgLTVIXlA= github.com/tink-crypto/tink-go/v2 v2.2.0/go.mod h1:JJ6PomeNPF3cJpfWC0lgyTES6zpJILkAX0cJNwlS3xU= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0= github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs= -github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/transparency-dev/merkle v0.0.2 h1:Q9nBoQcZcgPamMkGn7ghV8XiTZ/kRxn1yCG81+twTK4= github.com/transparency-dev/merkle v0.0.2/go.mod h1:pqSy+OXefQ1EDUVmAJ8MUhHB9TXGuzVAT58PqBoHz1A= github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc= @@ -930,6 +842,8 @@ github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAh github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV6mEfg5OIWRZA9qds= github.com/vtolstov/go-ioctl v0.0.0-20151206205506-6be9cced4810 h1:X6ps8XHfpQjw8dUStzlMi2ybiKQ2Fmdw7UM+TinwvyM= github.com/vtolstov/go-ioctl v0.0.0-20151206205506-6be9cced4810/go.mod h1:dF0BBJ2YrV1+2eAIyEI+KeSidgA6HqoIP1u5XTlMq/o= +github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= +github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= @@ -939,7 +853,6 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHo github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74= github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= -github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ= github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -953,107 +866,80 @@ github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg= github.com/zalando/go-keyring v0.2.3 h1:v9CUu9phlABObO4LPWycf+zwMG7nlbb3t/B5wa97yms= github.com/zalando/go-keyring v0.2.3/go.mod h1:HL4k+OXQfJUWaMnqyuSOc0drfGPX2b51Du6K+MRgZMk= -github.com/zclconf/go-cty v1.14.4 h1:uXXczd9QDGsgu0i/QFR/hzI5NYCHLf6NQw/atrbnhq8= -github.com/zclconf/go-cty v1.14.4/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= +github.com/zclconf/go-cty v1.15.0 h1:tTCRWxsexYUmtt/wVxgDClUe+uQusuI443uL6e+5sXQ= +github.com/zclconf/go-cty v1.15.0/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940 h1:4r45xpDWB6ZMSMNJFMOjqrGHynW3DIBuR2H9j0ug+Mo= github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940/go.mod h1:CmBdvvj3nqzfzJ6nTCIwDTPZ56aVGvDrmztiO5g3qrM= -go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= -go.etcd.io/etcd/api/v3 v3.5.15 h1:3KpLJir1ZEBrYuV2v+Twaa/e2MdDCEZ/70H+lzEiwsk= -go.etcd.io/etcd/api/v3 v3.5.15/go.mod h1:N9EhGzXq58WuMllgH9ZvnEr7SI9pS0k0+DHZezGp7jM= -go.etcd.io/etcd/client/pkg/v3 v3.5.15 h1:fo0HpWz/KlHGMCC+YejpiCmyWDEuIpnTDzpJLB5fWlA= -go.etcd.io/etcd/client/pkg/v3 v3.5.15/go.mod h1:mXDI4NAOwEiszrHCb0aqfAYNCrZP4e9hRca3d1YK8EU= -go.etcd.io/etcd/client/v3 v3.5.15 h1:23M0eY4Fd/inNv1ZfU3AxrbbOdW79r9V9Rl62Nm6ip4= -go.etcd.io/etcd/client/v3 v3.5.15/go.mod h1:CLSJxrYjvLtHsrPKsy7LmZEE+DK2ktfd2bN4RhBMwlU= +go.etcd.io/etcd/api/v3 v3.5.16 h1:WvmyJVbjWqK4R1E+B12RRHz3bRGy9XVfh++MgbN+6n0= +go.etcd.io/etcd/api/v3 v3.5.16/go.mod h1:1P4SlIP/VwkDmGo3OlOD7faPeP8KDIFhqvciH5EfN28= +go.etcd.io/etcd/client/pkg/v3 v3.5.16 h1:ZgY48uH6UvB+/7R9Yf4x574uCO3jIx0TRDyetSfId3Q= +go.etcd.io/etcd/client/pkg/v3 v3.5.16/go.mod h1:V8acl8pcEK0Y2g19YlOV9m9ssUe6MgiDSobSoaBAM0E= +go.etcd.io/etcd/client/v3 v3.5.16 h1:sSmVYOAHeC9doqi0gv7v86oY/BTld0SEFGaxsU9eRhE= +go.etcd.io/etcd/client/v3 v3.5.16/go.mod h1:X+rExSGkyqxvu276cr2OwPLBaeqFu1cIl4vmRjAD/50= go.mongodb.org/mongo-driver v1.14.0 h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd80= go.mongodb.org/mongo-driver v1.14.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c= go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1 h1:A/5uWzF44DlIgdm/PQFwfMkW0JX+cIcQi/SwLAmZP5M= go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= -go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= -go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= +go.opentelemetry.io/contrib/detectors/gcp v1.29.0 h1:TiaiXB4DpGD3sdzNlYQxruQngn5Apwzi1X0DRhuGvDQ= +go.opentelemetry.io/contrib/detectors/gcp v1.29.0/go.mod h1:GW2aWZNwR2ZxDLdv8OyC2G8zkRoQBuURgV7RPQgcPoU= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 h1:r6I7RJCN86bpD/FQwedZ0vSixDpwuWREjW9oRMsmqDc= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0/go.mod h1:B9yO6b04uB80CzjedvewuqDhxJxi11s7/GtiGa8bAjI= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 h1:TT4fX+nBOA/+LUkobKGW1ydGcn+G3vRw9+g5HwCphpk= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0/go.mod h1:L7UH0GbB0p47T4Rri3uHjbpCFYrVrwc1I25QhNPiGK8= go.opentelemetry.io/otel v1.29.0 h1:PdomN/Al4q/lN6iBJEN3AwPvUiHPMlt93c8bqTG5Llw= go.opentelemetry.io/otel v1.29.0/go.mod h1:N/WtXPs1CNCUEx+Agz5uouwCba+i+bJGFicT8SR4NP8= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.0 h1:R9DE4kQ4k+YtfLI2ULwX82VtNQ2J8yZmA7ZIF/D+7Mc= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.27.0/go.mod h1:OQFyQVrDlbe+R7xrEyDr/2Wr67Ol0hRUgsfA+V5A95s= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 h1:3Q/xZUyC1BBkualc9ROb4G8qkH90LXEIICcs5zv1OYY= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0/go.mod h1:s75jGIWA9OfCMzF0xr+ZgfrB5FEbbV7UuYo32ahUiFI= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0 h1:IeMeyr1aBvBiPVYihXIaeIZba6b8E1bYp7lbdxK8CQg= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0/go.mod h1:oVdCUtjq9MK9BlS7TtucsQwUcXcymNiEDjgDD2jMtZU= go.opentelemetry.io/otel/metric v1.29.0 h1:vPf/HFWTNkPu1aYeIsc98l4ktOQaL6LeSoeV2g+8YLc= go.opentelemetry.io/otel/metric v1.29.0/go.mod h1:auu/QWieFVWx+DmQOUMgj0F8LHWdgalxXqvp7BII/W8= -go.opentelemetry.io/otel/sdk v1.28.0 h1:b9d7hIry8yZsgtbmM0DKyPWMMUMlK9NEKuIG4aBqWyE= -go.opentelemetry.io/otel/sdk v1.28.0/go.mod h1:oYj7ClPUA7Iw3m+r7GeEjz0qckQRJK2B8zjcZEfu7Pg= +go.opentelemetry.io/otel/sdk v1.29.0 h1:vkqKjk7gwhS8VaWb0POZKmIEDimRCMsopNYnriHyryo= +go.opentelemetry.io/otel/sdk v1.29.0/go.mod h1:pM8Dx5WKnvxLCb+8lG1PRNIDxu9g9b9g59Qr7hfAAok= +go.opentelemetry.io/otel/sdk/metric v1.29.0 h1:K2CfmJohnRgvZ9UAj2/FhIf/okdWcNdBwe1m8xFXiSY= +go.opentelemetry.io/otel/sdk/metric v1.29.0/go.mod h1:6zZLdCl2fkauYoZIOn/soQIDSWFmNSRcICarHfuhNJQ= go.opentelemetry.io/otel/trace v1.29.0 h1:J/8ZNK4XgR7a21DZUAsbF8pZ5Jcw1VhACmnYt39JTi4= go.opentelemetry.io/otel/trace v1.29.0/go.mod h1:eHl3w0sp3paPkYstJOmAimxhiFXPg+MMTlEh3nsQgWQ= -go.opentelemetry.io/proto/otlp v1.2.0 h1:pVeZGk7nXDC9O2hncA6nHldxEjm6LByfA2aN8IOkz94= -go.opentelemetry.io/proto/otlp v1.2.0/go.mod h1:gGpR8txAl5M03pDhMC79G6SdqNV26naRm/KDsgaHD8A= +go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= +go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= -go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= -go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= -golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= -golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A= -golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= +golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw= +golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= -golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= -golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= -golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= -golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= -golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= -golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c h1:7dEasQXItcW1xKJ2+gg5VOiBnqWrJc+rq0DPKyvvdbY= +golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c/go.mod h1:NQtJDoLvd6faHhE7m4T/1IY708gDefGGjR/iUW8yQQ8= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= -golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= -golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= -golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0= -golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0= +golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -1063,20 +949,16 @@ golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo= -golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0= +golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4= +golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1084,20 +966,12 @@ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1117,110 +991,75 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= -golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= +golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= -golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= -golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM= -golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8= +golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24= +golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= -golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224= -golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= -golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= -golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= -golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= +golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ= +golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg= -golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= +golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ= +golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= -google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.197.0 h1:x6CwqQLsFiA5JKAiGyGBjc2bNtHtLddhJCE2IKuhhcQ= -google.golang.org/api v0.197.0/go.mod h1:AuOuo20GoQ331nq7DquGHlU6d+2wN2fZ8O0ta60nRNw= +google.golang.org/api v0.200.0 h1:0ytfNWn101is6e9VBoct2wrGDjOi5vn7jw5KtaQgDrU= +google.golang.org/api v0.200.0/go.mod h1:Tc5u9kcbjO7A8SwGlYj4IiVifJU01UqXtEgDMYmBmV8= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= -google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 h1:BulPr26Jqjnd4eYDVe+YvyR7Yc2vJGkO5/0UxD0/jZU= -google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:hL97c3SYopEHblzpxRL4lSs523++l8DYxGM1FQiYmb4= -google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed h1:3RgNmBoI9MZhsj3QxC+AP/qQhNwpCLOvYDYYsFrhFt0= -google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed/go.mod h1:OCdP9MfskevB/rbYvHTsXTtKC+3bHWajPdoKgjcYkfo= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 h1:pPJltXNxVzT4pK9yD8vR9X75DaWYYmLGMsEvBfFQZzQ= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= +google.golang.org/genproto v0.0.0-20241007155032-5fefd90f89a9 h1:nFS3IivktIU5Mk6KQa+v6RKkHUpdQpphqGNLxqNnbEk= +google.golang.org/genproto v0.0.0-20241007155032-5fefd90f89a9/go.mod h1:tEzYTYZxbmVNOu0OAFH9HzdJtLn6h4Aj89zzlBCdHms= +google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f h1:jTm13A2itBi3La6yTGqn8bVSrc3ZZ1r8ENHlIXBfnRA= +google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f/go.mod h1:CLGoBuH1VHxAUXVPP8FfPwPEVJB6lz3URE5mY2SuayE= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9 h1:QCqS/PdaHTSWGvupk2F/ehwHtGc0/GYkT+3GAcR1CCc= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= -google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.66.1 h1:hO5qAXR19+/Z44hmvIM4dQFMSYX9XcWsByfoxutBpAM= -google.golang.org/grpc v1.66.1/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= +google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E= +google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= +google.golang.org/grpc/stats/opentelemetry v0.0.0-20240907200651-3ffb98b2c93a h1:UIpYSuWdWHSzjwcAFRLjKcPXFZVVLXGEM23W+NWqipw= +google.golang.org/grpc/stats/opentelemetry v0.0.0-20240907200651-3ffb98b2c93a/go.mod h1:9i1T9n4ZinTUZGgzENMi8MDDgbGC5mqTS75JAv6xN3A= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -1232,26 +1071,23 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= -google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= +google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA= +google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= +gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= +gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= -gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= -gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= @@ -1259,56 +1095,52 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o= gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= -helm.sh/helm/v3 v3.15.3 h1:HcZDaVFe9uHa6hpsR54mJjYyRy4uz/pc6csg27nxFOc= -helm.sh/helm/v3 v3.15.3/go.mod h1:FzSIP8jDQaa6WAVg9F+OkKz7J0ZmAga4MABtTbsb9WQ= +helm.sh/helm/v3 v3.16.2 h1:Y9v7ry+ubQmi+cb5zw1Llx8OKHU9Hk9NQ/+P+LGBe2o= +helm.sh/helm/v3 v3.16.2/go.mod h1:SyTXgKBjNqi2NPsHCW5dDAsHqvGIu0kdNYNH9gQaw70= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= -k8s.io/api v0.30.3 h1:ImHwK9DCsPA9uoU3rVh4QHAHHK5dTSv1nxJUapx8hoQ= -k8s.io/api v0.30.3/go.mod h1:GPc8jlzoe5JG3pb0KJCSLX5oAFIW3/qNJITlDj8BH04= -k8s.io/apiextensions-apiserver v0.30.3 h1:oChu5li2vsZHx2IvnGP3ah8Nj3KyqG3kRSaKmijhB9U= -k8s.io/apiextensions-apiserver v0.30.3/go.mod h1:uhXxYDkMAvl6CJw4lrDN4CPbONkF3+XL9cacCT44kV4= -k8s.io/apimachinery v0.30.3 h1:q1laaWCmrszyQuSQCfNB8cFgCuDAoPszKY4ucAjDwHc= -k8s.io/apimachinery v0.30.3/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= -k8s.io/apiserver v0.30.3 h1:QZJndA9k2MjFqpnyYv/PH+9PE0SHhx3hBho4X0vE65g= -k8s.io/apiserver v0.30.3/go.mod h1:6Oa88y1CZqnzetd2JdepO0UXzQX4ZnOekx2/PtEjrOg= -k8s.io/cli-runtime v0.30.0 h1:0vn6/XhOvn1RJ2KJOC6IRR2CGqrpT6QQF4+8pYpWQ48= -k8s.io/cli-runtime v0.30.0/go.mod h1:vATpDMATVTMA79sZ0YUCzlMelf6rUjoBzlp+RnoM+cg= -k8s.io/client-go v0.30.3 h1:bHrJu3xQZNXIi8/MoxYtZBBWQQXwy16zqJwloXXfD3k= -k8s.io/client-go v0.30.3/go.mod h1:8d4pf8vYu665/kUbsxWAQ/JDBNWqfFeZnvFiVdmx89U= -k8s.io/cluster-bootstrap v0.30.3 h1:MgxyxMkpaC6mu0BKWJ8985XCOnKU+eH3Iy+biwtDXRk= -k8s.io/cluster-bootstrap v0.30.3/go.mod h1:h8BoLDfdD7XEEIXy7Bx9FcMzxHwz29jsYYi34bM5DKU= -k8s.io/component-base v0.30.3 h1:Ci0UqKWf4oiwy8hr1+E3dsnliKnkMLZMVbWzeorlk7s= -k8s.io/component-base v0.30.3/go.mod h1:C1SshT3rGPCuNtBs14RmVD2xW0EhRSeLvBh7AGk1quA= -k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= -k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/api v0.31.1 h1:Xe1hX/fPW3PXYYv8BlozYqw63ytA92snr96zMW9gWTU= +k8s.io/api v0.31.1/go.mod h1:sbN1g6eY6XVLeqNsZGLnI5FwVseTrZX7Fv3O26rhAaI= +k8s.io/apiextensions-apiserver v0.31.1 h1:L+hwULvXx+nvTYX/MKM3kKMZyei+UiSXQWciX/N6E40= +k8s.io/apiextensions-apiserver v0.31.1/go.mod h1:tWMPR3sgW+jsl2xm9v7lAyRF1rYEK71i9G5dRtkknoQ= +k8s.io/apimachinery v0.31.1 h1:mhcUBbj7KUjaVhyXILglcVjuS4nYXiwC+KKFBgIVy7U= +k8s.io/apimachinery v0.31.1/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= +k8s.io/apiserver v0.31.1 h1:Sars5ejQDCRBY5f7R3QFHdqN3s61nhkpaX8/k1iEw1c= +k8s.io/apiserver v0.31.1/go.mod h1:lzDhpeToamVZJmmFlaLwdYZwd7zB+WYRYIboqA1kGxM= +k8s.io/cli-runtime v0.31.1 h1:/ZmKhmZ6hNqDM+yf9s3Y4KEYakNXUn5sod2LWGGwCuk= +k8s.io/cli-runtime v0.31.1/go.mod h1:pKv1cDIaq7ehWGuXQ+A//1OIF+7DI+xudXtExMCbe9U= +k8s.io/client-go v0.31.1 h1:f0ugtWSbWpxHR7sjVpQwuvw9a3ZKLXX0u0itkFXufb0= +k8s.io/client-go v0.31.1/go.mod h1:sKI8871MJN2OyeqRlmA4W4KM9KBdBUpDLu/43eGemCg= +k8s.io/cluster-bootstrap v0.31.1 h1:lS5aJi2r6WEKnjO5UhbYsz8e3xmEfoF4Hiob/gnB/Nk= +k8s.io/cluster-bootstrap v0.31.1/go.mod h1:dxroRr4eQ0ekxis/kzGa1qODprQXAxQZrgDLfTk8Pug= +k8s.io/component-base v0.31.1 h1:UpOepcrX3rQ3ab5NB6g5iP0tvsgJWzxTyAo20sgYSy8= +k8s.io/component-base v0.31.1/go.mod h1:WGeaw7t/kTsqpVTaCoVEtillbqAhF2/JgvO0LDOMa0w= +k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= +k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= -k8s.io/kubectl v0.30.0 h1:xbPvzagbJ6RNYVMVuiHArC1grrV5vSmmIcSZuCdzRyk= -k8s.io/kubectl v0.30.0/go.mod h1:zgolRw2MQXLPwmic2l/+iHs239L49fhSeICuMhQQXTI= -k8s.io/kubelet v0.30.3 h1:KvGWDdhzD0vEyDyGTCjsDc8D+0+lwRMw3fJbfQgF7ys= -k8s.io/kubelet v0.30.3/go.mod h1:D9or45Vkzcqg55CEiqZ8dVbwP3Ksj7DruEVRS9oq3Ys= -k8s.io/kubernetes v1.30.3 h1:A0qoXI1YQNzrQZiff33y5zWxYHFT/HeZRK98/sRDJI0= -k8s.io/kubernetes v1.30.3/go.mod h1:yPbIk3MhmhGigX62FLJm+CphNtjxqCvAIFQXup6RKS0= -k8s.io/mount-utils v0.30.3 h1:8Z3wSW5+GSvGNtlDhtoZrBCKLMIf5z/9tf8pie+G06s= -k8s.io/mount-utils v0.30.3/go.mod h1:9sCVmwGLcV1MPvbZ+rToMDnl1QcGozy+jBPd0MsQLIo= -k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= -k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -libvirt.org/go/libvirt v1.10005.0 h1:KQv+SZNQvHJOG7B34TI2hyKnKW6hpXTEJFHUerYuGNI= -libvirt.org/go/libvirt v1.10005.0/go.mod h1:1WiFE8EjZfq+FCVog+rvr1yatKbKZ9FaFMZgEqxEJqQ= +k8s.io/kubectl v0.31.1 h1:ih4JQJHxsEggFqDJEHSOdJ69ZxZftgeZvYo7M/cpp24= +k8s.io/kubectl v0.31.1/go.mod h1:aNuQoR43W6MLAtXQ/Bu4GDmoHlbhHKuyD49lmTC8eJM= +k8s.io/kubelet v0.31.1 h1:aAxwVxGzbbMKKk/FnSjvkN52K3LdHhjhzmYcyGBuE0c= +k8s.io/kubelet v0.31.1/go.mod h1:8ZbexYHqUO946gXEfFmnMZiK2UKRGhk7LlGvJ71p2Ig= +k8s.io/kubernetes v1.31.1 h1:1fcYJe8SAhtannpChbmnzHLwAV9Je99PrGaFtBvCxms= +k8s.io/kubernetes v1.31.1/go.mod h1:/YGPL//Fb9mdv5vukvAQ7Xon+Bqwry52bmjTdORAw+Q= +k8s.io/mount-utils v0.31.1 h1:f8UrH9kRynljmdNGM6BaCvFUON5ZPKDgE+ltmYqI4wA= +k8s.io/mount-utils v0.31.1/go.mod h1:HV/VYBUGqYUj4vt82YltzpWvgv8FPg0G9ItyInT3NPU= +k8s.io/utils v0.0.0-20240921022957-49e7df575cb6 h1:MDF6h2H/h4tbzmtIKTuctcwZmY0tY9mD9fNT47QO6HI= +k8s.io/utils v0.0.0-20240921022957-49e7df575cb6/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +libvirt.org/go/libvirt v1.10008.0 h1:j+hybvOmBQFC2BiivOVCPE3ozpQWtxWXp9p1cGk0x1Y= +libvirt.org/go/libvirt v1.10008.0/go.mod h1:1WiFE8EjZfq+FCVog+rvr1yatKbKZ9FaFMZgEqxEJqQ= oras.land/oras-go v1.2.5 h1:XpYuAwAb0DfQsunIyMfeET92emK8km3W4yEzZvUbsTo= oras.land/oras-go v1.2.5/go.mod h1:PuAwRShRZCsZb7g8Ar3jKKQR/2A/qN+pkYxIOd/FAoo= -rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= -sigs.k8s.io/controller-runtime v0.18.4 h1:87+guW1zhvuPLh1PHybKdYFLU0YJp4FhJRmiHvm5BZw= -sigs.k8s.io/controller-runtime v0.18.4/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg= +sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC0ji/Q= +sigs.k8s.io/controller-runtime v0.19.0/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 h1:XX3Ajgzov2RKUdc5jW3t5jwY7Bo7dcRm+tFxT+NfgY0= -sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3/go.mod h1:9n16EZKMhXBNSiUC5kSdFQJkdH3zbxS/JoO619G1VAY= -sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 h1:W6cLQc5pnqM7vh3b7HvGNfXrJ/xL6BDMS0v1V/HHg5U= -sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3/go.mod h1:JWP1Fj0VWGHyw3YUPjXSQnRnrwezrZSrApfX5S0nIag= +sigs.k8s.io/kustomize/api v0.17.2 h1:E7/Fjk7V5fboiuijoZHgs4aHuexi5Y2loXlVOAVAG5g= +sigs.k8s.io/kustomize/api v0.17.2/go.mod h1:UWTz9Ct+MvoeQsHcJ5e+vziRRkwimm3HytpZgIYqye0= +sigs.k8s.io/kustomize/kyaml v0.17.1 h1:TnxYQxFXzbmNG6gOINgGWQt09GghzgTP6mIurOgrLCQ= +sigs.k8s.io/kustomize/kyaml v0.17.1/go.mod h1:9V0mCjIEYjlXuCdYsSXvyoy2BTsLESH7TlGV81S282U= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= diff --git a/hack/tools/go.mod b/hack/tools/go.mod index 8a0f16440..210276e2b 100644 --- a/hack/tools/go.mod +++ b/hack/tools/go.mod @@ -4,9 +4,9 @@ go 1.23.2 require ( github.com/google/go-licenses v1.6.0 - github.com/google/keep-sorted v0.4.0 - github.com/katexochen/sh/v3 v3.8.0 - golang.org/x/tools v0.23.0 + github.com/google/keep-sorted v0.5.0 + github.com/katexochen/sh/v3 v3.9.0 + golang.org/x/tools v0.26.0 golang.org/x/vuln v1.1.3 ) @@ -26,7 +26,7 @@ require ( github.com/mattn/go-isatty v0.0.20 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/otiai10/copy v1.6.0 // indirect - github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e // indirect + github.com/rogpeppe/go-internal v1.12.0 // indirect github.com/rs/zerolog v1.31.0 // indirect github.com/sergi/go-diff v1.3.1 // indirect github.com/spf13/cobra v1.8.0 // indirect @@ -35,20 +35,19 @@ require ( github.com/stretchr/testify v1.8.4 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect go.opencensus.io v0.24.0 // indirect - golang.org/x/crypto v0.25.0 // indirect - golang.org/x/exp v0.0.0-20240213143201-ec583247a57a // indirect - golang.org/x/mod v0.19.0 // indirect - golang.org/x/net v0.27.0 // indirect - golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.22.0 // indirect + golang.org/x/crypto v0.28.0 // indirect + golang.org/x/mod v0.21.0 // indirect + golang.org/x/net v0.30.0 // indirect + golang.org/x/sync v0.8.0 // indirect + golang.org/x/sys v0.26.0 // indirect golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7 // indirect - golang.org/x/term v0.22.0 // indirect - golang.org/x/text v0.16.0 // indirect - google.golang.org/protobuf v1.33.0 // indirect + golang.org/x/term v0.25.0 // indirect + golang.org/x/text v0.19.0 // indirect gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect gopkg.in/src-d/go-billy.v4 v4.3.2 // indirect gopkg.in/src-d/go-git.v4 v4.13.1 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/klog/v2 v2.120.1 // indirect - mvdan.cc/editorconfig v0.2.1-0.20231228180347-1925077f8eb2 // indirect + mvdan.cc/editorconfig v0.3.0 // indirect ) diff --git a/hack/tools/go.sum b/hack/tools/go.sum index 482b42e7f..f2eb97dfd 100644 --- a/hack/tools/go.sum +++ b/hack/tools/go.sum @@ -111,8 +111,6 @@ github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go. github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= -github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= -github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/gliderlabs/ssh v0.2.2 h1:6zsha5zo/TWhRhwqCD3+EarCAgZ2yN28ipRnGPnwkI0= github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= @@ -122,6 +120,8 @@ github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2 github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-quicktest/qt v1.101.0 h1:O1K29Txy5P2OK0dGo59b7b0LR6wKfIhttaAhHUyn7eI= +github.com/go-quicktest/qt v1.101.0/go.mod h1:14Bz/f7NwaXPtdYEgzsx46kqSxVwTbzVZsDC26tQJow= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -180,8 +180,8 @@ github.com/google/go-licenses v1.6.0 h1:MM+VCXf0slYkpWO0mECvdYDVCxZXIQNal5wqUIXE github.com/google/go-licenses v1.6.0/go.mod h1:Z8jgz2isEhdenOqd/00pq7I4y4k1xVVQJv415otjclo= github.com/google/go-replayers/httpreplay v1.1.1 h1:H91sIMlt1NZzN7R+/ASswyouLJfW0WLW7fhyUFvDEkY= github.com/google/go-replayers/httpreplay v1.1.1/go.mod h1:gN9GeLIs7l6NUoVaSSnv2RiqK1NiwAmD0MrKeC9IIks= -github.com/google/keep-sorted v0.4.0 h1:UNJGKBtOg4m4rgTYCpkBh0WBI2UTLm+xNC1lZvfQpp0= -github.com/google/keep-sorted v0.4.0/go.mod h1:sWIIDzox6hizdt59dsqD2yH800NXYBwRqylmBDs/QXM= +github.com/google/keep-sorted v0.5.0 h1:e6PsQA2InvsPmRc7kl20MYrN4baGtIdN1gN46cMmRAo= +github.com/google/keep-sorted v0.5.0/go.mod h1:JYy9vljs7P8b3QdPOQkywA+4u36FUHwsNITZIpJyPkE= github.com/google/licenseclassifier v0.0.0-20210722185704-3043a050f148 h1:TJsAqW6zLRMDTyGmc9TPosfn9OyVlHs8Hrn3pY6ONSY= github.com/google/licenseclassifier v0.0.0-20210722185704-3043a050f148/go.mod h1:rq9F0RSpNKlrefnf6ZYMHKUnEJBCNzf6AcCXMYBeYvE= github.com/google/martian v2.1.0+incompatible h1:/CP5g8u/VJHijgedC/Legn3BAbAaWPgecwXBIDzw5no= @@ -235,8 +235,8 @@ github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= -github.com/katexochen/sh/v3 v3.8.0 h1:/BNMhF21b6Q4vcB6YyGtxcGGcdT3NCTiUBNBYcI3EmI= -github.com/katexochen/sh/v3 v3.8.0/go.mod h1:yDdSo3LMdcNA6H2kjFyud/4RA5oPWc9lHZVO3qyXXEA= +github.com/katexochen/sh/v3 v3.9.0 h1:SZTvmo6PfC1aKCcXOS47DGEJMb9aiP6FAKGcz7e82cg= +github.com/katexochen/sh/v3 v3.9.0/go.mod h1:XZAr1U0VzhEu6lSPYs+UFFUuINN4hXiWoAS40r4H20c= github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= @@ -268,8 +268,6 @@ github.com/otiai10/mint v1.3.2 h1:VYWnrP5fXmz1MXvjuUvcBrXSjGE6xjON+axB/UrpO3E= github.com/otiai10/mint v1.3.2/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc= github.com/pelletier/go-buffruneio v0.2.0/go.mod h1:JkE26KsDizTr40EUHkXVtNPvgGtbSNq5BcowyYOWdKo= github.com/philhofer/fwd v1.1.1/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU= -github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e h1:aoZm08cpOy4WuID//EZDgcC4zIxODThtZNPirFr42+A= -github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -343,8 +341,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= -golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= -golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= +golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw= +golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -355,8 +353,6 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20240213143201-ec583247a57a h1:HinSgX1tJRX3KsL//Gxynpw5CTOAIPhgL4W8PNiIpVE= -golang.org/x/exp v0.0.0-20240213143201-ec583247a57a/go.mod h1:CxmFvTBINI24O/j8iY7H1xHzx2i4OsyguNBmN/uPtqc= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -384,8 +380,8 @@ golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8= -golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0= +golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -432,8 +428,8 @@ golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= -golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= -golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= +golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4= +golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -470,8 +466,8 @@ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= -golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= +golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190221075227-b4e8571b14e0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -542,16 +538,16 @@ golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= -golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= +golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7 h1:FemxDzfMUcK2f3YY4H+05K9CDzbSVr2+q/JKN45pey0= golang.org/x/telemetry v0.0.0-20240522233618-39ace7a40ae7/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= -golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk= -golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= +golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24= +golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -563,8 +559,8 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= -golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= +golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= +golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -623,8 +619,8 @@ golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k= -golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg= -golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= +golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ= +golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0= golang.org/x/vuln v1.1.3 h1:NPGnvPOTgnjBc9HTaUx+nj+EaUYxl5SJOWqaDYGaFYw= golang.org/x/vuln v1.1.3/go.mod h1:7Le6Fadm5FOqE9C926BCD0g12NWyhg7cxV4BwcPFuNY= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -813,8 +809,6 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= -google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -847,8 +841,8 @@ honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9 k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -mvdan.cc/editorconfig v0.2.1-0.20231228180347-1925077f8eb2 h1:8nmqQGVnHUtHuT+yvuA49lQK0y5il5IOr2PtCBkDI2M= -mvdan.cc/editorconfig v0.2.1-0.20231228180347-1925077f8eb2/go.mod h1:r8RiQJRtzrPrZdcdEs5VCMqvRxAzYDUu9a4S9z7fKh8= +mvdan.cc/editorconfig v0.3.0 h1:D1D2wLYEYGpawWT5SpM5pRivgEgXjtEXwC9MWhEY0gQ= +mvdan.cc/editorconfig v0.3.0/go.mod h1:NcJHuDtNOTEJ6251indKiWuzK6+VcrMuLzGMLKBFupQ= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/internal/atls/atls.go b/internal/atls/atls.go index 1fff52d17..34a80bbff 100644 --- a/internal/atls/atls.go +++ b/internal/atls/atls.go @@ -70,6 +70,7 @@ func CreateAttestationClientTLSConfig(issuer Issuer, validators []Validator) (*t InsecureSkipVerify: true, // disable default verification because we use our own verify func ServerName: base64.StdEncoding.EncodeToString(clientNonce), // abuse ServerName as a channel to transmit the nonce MinVersion: tls.VersionTLS12, + NextProtos: []string{"http/1.1", "h2"}, // grpc-go requires us to advertise HTTP/2 (h2) over ALPN }, nil } @@ -114,6 +115,7 @@ func getATLSConfigForClientFunc(issuer Issuer, validators []Validator) (func(*tl VerifyPeerCertificate: serverConn.verify, GetCertificate: serverConn.getCertificate, MinVersion: tls.VersionTLS12, + NextProtos: []string{"http/1.1", "h2"}, // grpc-go requires us to advertise HTTP/2 (h2) over ALPN } // enable mutual aTLS if any validators are set diff --git a/internal/constellation/helm/charts/coredns/values.yaml b/internal/constellation/helm/charts/coredns/values.yaml index 85986b74a..9b3f72414 100644 --- a/internal/constellation/helm/charts/coredns/values.yaml +++ b/internal/constellation/helm/charts/coredns/values.yaml @@ -1,3 +1,3 @@ clusterIP: 10.96.0.10 dnsDomain: cluster.local -image: registry.k8s.io/coredns/coredns:v1.11.1@sha256:1eeb4c7316bacb1d4c8ead65571cd92dd21e27359f0d4917f1a5822a73b75db1 +image: registry.k8s.io/coredns/coredns:v1.11.3@sha256:9caabbf6238b189a65d0d6e6ac138de60d6a1c419e5a341fbbb7c78382559c6e diff --git a/internal/versions/components/components.pb.go b/internal/versions/components/components.pb.go index 9796c8001..c6ac56fe4 100644 --- a/internal/versions/components/components.pb.go +++ b/internal/versions/components/components.pb.go @@ -1,6 +1,6 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.34.2 +// protoc-gen-go v1.35.1 // protoc v5.27.0 // source: internal/versions/components/components.proto @@ -33,11 +33,9 @@ type Component struct { func (x *Component) Reset() { *x = Component{} - if protoimpl.UnsafeEnabled { - mi := &file_internal_versions_components_components_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_internal_versions_components_components_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Component) String() string { @@ -48,7 +46,7 @@ func (*Component) ProtoMessage() {} func (x *Component) ProtoReflect() protoreflect.Message { mi := &file_internal_versions_components_components_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -141,20 +139,6 @@ func file_internal_versions_components_components_proto_init() { if File_internal_versions_components_components_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_internal_versions_components_components_proto_msgTypes[0].Exporter = func(v any, i int) any { - switch v := v.(*Component); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ diff --git a/internal/versions/versions.go b/internal/versions/versions.go index a181b79bb..7bf21840b 100644 --- a/internal/versions/versions.go +++ b/internal/versions/versions.go @@ -243,7 +243,7 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ InstallPath: patchFilePath("kube-scheduler"), }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2V0Y2Q6My41LjEyLTBAc2hhMjU2OjQ0YThlMjRkY2JiYTM0NzBlZTFmZWUyMWQ1ZTg4ZDEyOGM5MzZlOWI1NWQ0YmM1MWZiZWY4MDg2ZjhlZDEyM2IifV0=", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2V0Y2Q6My41LjE1LTBAc2hhMjU2OmE2ZGM2M2U2ZThjZmEwMzA3ZDc4NTE3NjJmYTZiNjI5YWZiMThmMjhkOGFhM2ZhYjVhNmU5MWI0YWY2MDAyNmEifV0=", InstallPath: patchFilePath("etcd"), }, }, @@ -310,7 +310,7 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ InstallPath: patchFilePath("kube-scheduler"), }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2V0Y2Q6My41LjEyLTBAc2hhMjU2OjQ0YThlMjRkY2JiYTM0NzBlZTFmZWUyMWQ1ZTg4ZDEyOGM5MzZlOWI1NWQ0YmM1MWZiZWY4MDg2ZjhlZDEyM2IifV0=", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2V0Y2Q6My41LjE1LTBAc2hhMjU2OmE2ZGM2M2U2ZThjZmEwMzA3ZDc4NTE3NjJmYTZiNjI5YWZiMThmMjhkOGFhM2ZhYjVhNmU5MWI0YWY2MDAyNmEifV0=", InstallPath: patchFilePath("etcd"), }, }, @@ -377,7 +377,7 @@ var VersionConfigs = map[ValidK8sVersion]KubernetesVersion{ InstallPath: patchFilePath("kube-scheduler"), }, { - Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2V0Y2Q6My41LjEyLTBAc2hhMjU2OjQ0YThlMjRkY2JiYTM0NzBlZTFmZWUyMWQ1ZTg4ZDEyOGM5MzZlOWI1NWQ0YmM1MWZiZWY4MDg2ZjhlZDEyM2IifV0=", + Url: "data:application/json;base64,W3sib3AiOiJyZXBsYWNlIiwicGF0aCI6Ii9zcGVjL2NvbnRhaW5lcnMvMC9pbWFnZSIsInZhbHVlIjoicmVnaXN0cnkuazhzLmlvL2V0Y2Q6My41LjE1LTBAc2hhMjU2OmE2ZGM2M2U2ZThjZmEwMzA3ZDc4NTE3NjJmYTZiNjI5YWZiMThmMjhkOGFhM2ZhYjVhNmU5MWI0YWY2MDAyNmEifV0=", InstallPath: patchFilePath("etcd"), }, }, diff --git a/joinservice/joinproto/join.pb.go b/joinservice/joinproto/join.pb.go index 07240c63f..bd657f503 100644 --- a/joinservice/joinproto/join.pb.go +++ b/joinservice/joinproto/join.pb.go @@ -1,6 +1,6 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.34.2 +// protoc-gen-go v1.35.1 // protoc v5.27.0 // source: joinservice/joinproto/join.proto @@ -37,11 +37,9 @@ type IssueJoinTicketRequest struct { func (x *IssueJoinTicketRequest) Reset() { *x = IssueJoinTicketRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_joinservice_joinproto_join_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_joinservice_joinproto_join_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *IssueJoinTicketRequest) String() string { @@ -52,7 +50,7 @@ func (*IssueJoinTicketRequest) ProtoMessage() {} func (x *IssueJoinTicketRequest) ProtoReflect() protoreflect.Message { mi := &file_joinservice_joinproto_join_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -107,11 +105,9 @@ type IssueJoinTicketResponse struct { func (x *IssueJoinTicketResponse) Reset() { *x = IssueJoinTicketResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_joinservice_joinproto_join_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_joinservice_joinproto_join_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *IssueJoinTicketResponse) String() string { @@ -122,7 +118,7 @@ func (*IssueJoinTicketResponse) ProtoMessage() {} func (x *IssueJoinTicketResponse) ProtoReflect() protoreflect.Message { mi := &file_joinservice_joinproto_join_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -218,11 +214,9 @@ type ControlPlaneCertOrKey struct { func (x *ControlPlaneCertOrKey) Reset() { *x = ControlPlaneCertOrKey{} - if protoimpl.UnsafeEnabled { - mi := &file_joinservice_joinproto_join_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_joinservice_joinproto_join_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *ControlPlaneCertOrKey) String() string { @@ -233,7 +227,7 @@ func (*ControlPlaneCertOrKey) ProtoMessage() {} func (x *ControlPlaneCertOrKey) ProtoReflect() protoreflect.Message { mi := &file_joinservice_joinproto_join_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -272,11 +266,9 @@ type IssueRejoinTicketRequest struct { func (x *IssueRejoinTicketRequest) Reset() { *x = IssueRejoinTicketRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_joinservice_joinproto_join_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_joinservice_joinproto_join_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *IssueRejoinTicketRequest) String() string { @@ -287,7 +279,7 @@ func (*IssueRejoinTicketRequest) ProtoMessage() {} func (x *IssueRejoinTicketRequest) ProtoReflect() protoreflect.Message { mi := &file_joinservice_joinproto_join_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -320,11 +312,9 @@ type IssueRejoinTicketResponse struct { func (x *IssueRejoinTicketResponse) Reset() { *x = IssueRejoinTicketResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_joinservice_joinproto_join_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_joinservice_joinproto_join_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *IssueRejoinTicketResponse) String() string { @@ -335,7 +325,7 @@ func (*IssueRejoinTicketResponse) ProtoMessage() {} func (x *IssueRejoinTicketResponse) ProtoReflect() protoreflect.Message { mi := &file_joinservice_joinproto_join_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -488,68 +478,6 @@ func file_joinservice_joinproto_join_proto_init() { if File_joinservice_joinproto_join_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_joinservice_joinproto_join_proto_msgTypes[0].Exporter = func(v any, i int) any { - switch v := v.(*IssueJoinTicketRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_joinservice_joinproto_join_proto_msgTypes[1].Exporter = func(v any, i int) any { - switch v := v.(*IssueJoinTicketResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_joinservice_joinproto_join_proto_msgTypes[2].Exporter = func(v any, i int) any { - switch v := v.(*ControlPlaneCertOrKey); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_joinservice_joinproto_join_proto_msgTypes[3].Exporter = func(v any, i int) any { - switch v := v.(*IssueRejoinTicketRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_joinservice_joinproto_join_proto_msgTypes[4].Exporter = func(v any, i int) any { - switch v := v.(*IssueRejoinTicketResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ diff --git a/keyservice/keyserviceproto/keyservice.pb.go b/keyservice/keyserviceproto/keyservice.pb.go index b0577c887..fad9fe4bf 100644 --- a/keyservice/keyserviceproto/keyservice.pb.go +++ b/keyservice/keyserviceproto/keyservice.pb.go @@ -1,6 +1,6 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.34.2 +// protoc-gen-go v1.35.1 // protoc v5.27.0 // source: keyservice/keyserviceproto/keyservice.proto @@ -35,11 +35,9 @@ type GetDataKeyRequest struct { func (x *GetDataKeyRequest) Reset() { *x = GetDataKeyRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_keyservice_keyserviceproto_keyservice_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_keyservice_keyserviceproto_keyservice_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *GetDataKeyRequest) String() string { @@ -50,7 +48,7 @@ func (*GetDataKeyRequest) ProtoMessage() {} func (x *GetDataKeyRequest) ProtoReflect() protoreflect.Message { mi := &file_keyservice_keyserviceproto_keyservice_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -89,11 +87,9 @@ type GetDataKeyResponse struct { func (x *GetDataKeyResponse) Reset() { *x = GetDataKeyResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_keyservice_keyserviceproto_keyservice_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_keyservice_keyserviceproto_keyservice_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *GetDataKeyResponse) String() string { @@ -104,7 +100,7 @@ func (*GetDataKeyResponse) ProtoMessage() {} func (x *GetDataKeyResponse) ProtoReflect() protoreflect.Message { mi := &file_keyservice_keyserviceproto_keyservice_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -184,32 +180,6 @@ func file_keyservice_keyserviceproto_keyservice_proto_init() { if File_keyservice_keyserviceproto_keyservice_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_keyservice_keyserviceproto_keyservice_proto_msgTypes[0].Exporter = func(v any, i int) any { - switch v := v.(*GetDataKeyRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_keyservice_keyserviceproto_keyservice_proto_msgTypes[1].Exporter = func(v any, i int) any { - switch v := v.(*GetDataKeyResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ diff --git a/operators/constellation-node-operator/internal/executor/executor.go b/operators/constellation-node-operator/internal/executor/executor.go index 152dc3a40..10492f88c 100644 --- a/operators/constellation-node-operator/internal/executor/executor.go +++ b/operators/constellation-node-operator/internal/executor/executor.go @@ -205,7 +205,7 @@ func (c *Config) applyDefaults() { c.PollingFrequency = defaultPollingFrequency } if c.RateLimiter == nil { - c.RateLimiter = workqueue.DefaultControllerRateLimiter() + c.RateLimiter = workqueue.DefaultTypedControllerRateLimiter[any]() } } diff --git a/upgrade-agent/upgradeproto/upgrade.pb.go b/upgrade-agent/upgradeproto/upgrade.pb.go index ddb7a1e61..c9647353a 100644 --- a/upgrade-agent/upgradeproto/upgrade.pb.go +++ b/upgrade-agent/upgradeproto/upgrade.pb.go @@ -1,6 +1,6 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.34.2 +// protoc-gen-go v1.35.1 // protoc v5.27.0 // source: upgrade-agent/upgradeproto/upgrade.proto @@ -36,11 +36,9 @@ type ExecuteUpdateRequest struct { func (x *ExecuteUpdateRequest) Reset() { *x = ExecuteUpdateRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_upgrade_agent_upgradeproto_upgrade_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_upgrade_agent_upgradeproto_upgrade_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *ExecuteUpdateRequest) String() string { @@ -51,7 +49,7 @@ func (*ExecuteUpdateRequest) ProtoMessage() {} func (x *ExecuteUpdateRequest) ProtoReflect() protoreflect.Message { mi := &file_upgrade_agent_upgradeproto_upgrade_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -88,11 +86,9 @@ type ExecuteUpdateResponse struct { func (x *ExecuteUpdateResponse) Reset() { *x = ExecuteUpdateResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_upgrade_agent_upgradeproto_upgrade_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_upgrade_agent_upgradeproto_upgrade_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *ExecuteUpdateResponse) String() string { @@ -103,7 +99,7 @@ func (*ExecuteUpdateResponse) ProtoMessage() {} func (x *ExecuteUpdateResponse) ProtoReflect() protoreflect.Message { mi := &file_upgrade_agent_upgradeproto_upgrade_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -188,32 +184,6 @@ func file_upgrade_agent_upgradeproto_upgrade_proto_init() { if File_upgrade_agent_upgradeproto_upgrade_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_upgrade_agent_upgradeproto_upgrade_proto_msgTypes[0].Exporter = func(v any, i int) any { - switch v := v.(*ExecuteUpdateRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_upgrade_agent_upgradeproto_upgrade_proto_msgTypes[1].Exporter = func(v any, i int) any { - switch v := v.(*ExecuteUpdateResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ diff --git a/verify/verifyproto/verify.pb.go b/verify/verifyproto/verify.pb.go index 57d59de90..297421ce3 100644 --- a/verify/verifyproto/verify.pb.go +++ b/verify/verifyproto/verify.pb.go @@ -1,6 +1,6 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.34.2 +// protoc-gen-go v1.35.1 // protoc v5.27.0 // source: verify/verifyproto/verify.proto @@ -34,11 +34,9 @@ type GetAttestationRequest struct { func (x *GetAttestationRequest) Reset() { *x = GetAttestationRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_verify_verifyproto_verify_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_verify_verifyproto_verify_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *GetAttestationRequest) String() string { @@ -49,7 +47,7 @@ func (*GetAttestationRequest) ProtoMessage() {} func (x *GetAttestationRequest) ProtoReflect() protoreflect.Message { mi := &file_verify_verifyproto_verify_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -81,11 +79,9 @@ type GetAttestationResponse struct { func (x *GetAttestationResponse) Reset() { *x = GetAttestationResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_verify_verifyproto_verify_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_verify_verifyproto_verify_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *GetAttestationResponse) String() string { @@ -96,7 +92,7 @@ func (*GetAttestationResponse) ProtoMessage() {} func (x *GetAttestationResponse) ProtoReflect() protoreflect.Message { mi := &file_verify_verifyproto_verify_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -175,32 +171,6 @@ func file_verify_verifyproto_verify_proto_init() { if File_verify_verifyproto_verify_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_verify_verifyproto_verify_proto_msgTypes[0].Exporter = func(v any, i int) any { - switch v := v.(*GetAttestationRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_verify_verifyproto_verify_proto_msgTypes[1].Exporter = func(v any, i int) any { - switch v := v.(*GetAttestationResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ From 50df35438e1c28c05ad3eed6561a5ccbd92b55a5 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Thu, 17 Oct 2024 09:37:59 +0200 Subject: [PATCH 323/380] ci: fix artifact deletion (#3437) GitHub seemingly now adds a newline to the output of the gh CLI, so we need to cut it before using it. --- .github/actions/artifact_delete/delete_artifact.sh | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/.github/actions/artifact_delete/delete_artifact.sh b/.github/actions/artifact_delete/delete_artifact.sh index 956927116..942304831 100755 --- a/.github/actions/artifact_delete/delete_artifact.sh +++ b/.github/actions/artifact_delete/delete_artifact.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # get_artifact_id retrieves the artifact id of # an artifact that was generated by a workflow. @@ -9,7 +9,7 @@ function get_artifact_id { -H "X-GitHub-Api-Version: 2022-11-28" \ --paginate \ "/repos/edgelesssys/constellation/actions/runs/$1/artifacts" --jq ".artifacts |= map(select(.name==\"$2\")) | .artifacts[0].id" || exit 1)" - echo "$artifact_id" + echo "$artifact_id" | tr -d "\n" } # delete_artifact_by_id deletes an artifact by its artifact id. @@ -25,14 +25,7 @@ function delete_artifact_by_id { workflow_id="$1" artifact_name="$2" -if [[ -z $workflow_id ]]; then - echo "[X] No workflow id provided." - echo "Usage: delete_artifact.sh " - exit 1 -fi - -if [[ -z $artifact_name ]]; then - echo "[X] No artifact name provided." +if [[ -z $workflow_id ]] || [[ -z $artifact_name ]]; then echo "Usage: delete_artifact.sh " exit 1 fi From 0453f5b611ae7878c4475da566484a790d84bd74 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Thu, 17 Oct 2024 14:45:48 +0200 Subject: [PATCH 324/380] e2e: fix malicious join test (#3439) --- e2e/malicious-join/malicious-join.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/malicious-join/malicious-join.go b/e2e/malicious-join/malicious-join.go index 96a3076f0..7e416242a 100644 --- a/e2e/malicious-join/malicious-join.go +++ b/e2e/malicious-join/malicious-join.go @@ -172,10 +172,10 @@ func (j *maliciousJoiner) join(ctx context.Context) (*joinproto.IssueJoinTicketR IsControlPlane: false, } res, err := protoClient.IssueJoinTicket(ctx, req) - j.logger.Debug("Got join ticket response", "apiServerEndpoint", res.ApiServerEndpoint, "kubernetesVersion", res.KubernetesVersion) if err != nil { return nil, fmt.Errorf("issuing join ticket: %w", err) } + j.logger.Debug("Got join ticket response", "apiServerEndpoint", res.ApiServerEndpoint, "kubernetesVersion", res.KubernetesVersion) return res, nil } From e9203a2aee8ee69063418054ef94494adb6d6d72 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Fri, 18 Oct 2024 08:08:45 +0200 Subject: [PATCH 325/380] image: update measurements and image version (#3441) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index bc3d714f6..d2db94b41 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x09, 0xea, 0xf0, 0xd8, 0x9d, 0x8f, 0x9c, 0x2d, 0xec, 0x09, 0xf9, 0xcb, 0xab, 0x27, 0x78, 0x10, 0x82, 0xbd, 0x99, 0x3c, 0xf0, 0x3f, 0x6a, 0x07, 0x83, 0xe7, 0x90, 0x17, 0x6d, 0x55, 0xc7, 0xb4}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x00, 0x45, 0xf0, 0x65, 0x1f, 0x50, 0xf5, 0x95, 0xe0, 0x07, 0xf8, 0x9e, 0xbd, 0xe6, 0x2c, 0x44, 0x6b, 0x1a, 0x6e, 0x08, 0xe5, 0xc7, 0xe8, 0x6b, 0xb5, 0xc3, 0x95, 0x36, 0x3c, 0x3f, 0x82, 0xea}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x1a, 0x8b, 0xe8, 0xc4, 0x4e, 0x6e, 0x89, 0x48, 0x9c, 0x6a, 0x40, 0xb6, 0xb9, 0xef, 0xea, 0x7f, 0xe0, 0xf1, 0x4e, 0x39, 0x2f, 0xd6, 0x16, 0xeb, 0xbd, 0x22, 0x85, 0xc2, 0xa5, 0xa3, 0x6b, 0xaa}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x10, 0xa5, 0x5f, 0x84, 0x4b, 0xe0, 0xbc, 0x14, 0x8f, 0xa9, 0xf7, 0x3f, 0xf1, 0x2b, 0x58, 0x28, 0x5a, 0x52, 0xd8, 0x82, 0x5f, 0x8c, 0x7c, 0xa8, 0xbb, 0x73, 0x1a, 0x51, 0xf9, 0x36, 0x6d, 0x69}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x91, 0xe5, 0x45, 0x0f, 0xb6, 0x78, 0xb2, 0xef, 0x4e, 0x64, 0xfc, 0xa5, 0xc4, 0xc8, 0x46, 0x4d, 0x53, 0xaf, 0xb6, 0x9b, 0x7c, 0xf9, 0x4b, 0x53, 0xcd, 0x7d, 0x5c, 0x04, 0x55, 0x6a, 0x23, 0x2d}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf2, 0x6a, 0x9c, 0x47, 0xfc, 0x3d, 0x95, 0x45, 0x6d, 0x3f, 0x25, 0x76, 0x16, 0xc7, 0x19, 0xb3, 0xd1, 0x6e, 0x38, 0xe0, 0x7c, 0x35, 0xcd, 0x08, 0x10, 0x45, 0x48, 0x5f, 0x7f, 0x50, 0x15, 0x19}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xae, 0xa6, 0x64, 0x81, 0x75, 0x22, 0x4d, 0xa7, 0x67, 0x8d, 0x2e, 0xc5, 0xa6, 0x8d, 0xd7, 0x80, 0x25, 0xdc, 0x84, 0x2f, 0x62, 0xdb, 0x45, 0x9c, 0x47, 0x12, 0x7a, 0xe5, 0x43, 0x44, 0x97, 0xdf}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x70, 0xeb, 0x13, 0xcc, 0xe6, 0x8f, 0x9d, 0x35, 0x7f, 0xc7, 0x4f, 0x01, 0x70, 0x5f, 0xaf, 0xe4, 0x90, 0xdf, 0x26, 0x96, 0xa0, 0x20, 0x8b, 0x7b, 0xcf, 0x26, 0xde, 0x90, 0x5f, 0x33, 0xb7, 0x79}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xad, 0xe1, 0xab, 0x61, 0xdb, 0x21, 0x18, 0x56, 0x24, 0x77, 0xcb, 0x84, 0x83, 0x2e, 0xa0, 0xf1, 0x7b, 0xb0, 0xfe, 0xe0, 0xe2, 0x02, 0x08, 0xbf, 0x18, 0x1b, 0x1f, 0x69, 0x17, 0x3f, 0x33, 0x1a}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xe1, 0x18, 0x41, 0x40, 0x75, 0x2b, 0x23, 0x80, 0xfd, 0xb8, 0x8e, 0x9e, 0xce, 0x82, 0x7d, 0xed, 0x05, 0x9f, 0x57, 0x77, 0x65, 0x3c, 0x6d, 0x5b, 0x5c, 0xfb, 0xb1, 0x1c, 0x3a, 0x2d, 0x36, 0x92}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xec, 0x1f, 0xd0, 0xe9, 0xfc, 0xd7, 0x0e, 0xdf, 0x63, 0xd1, 0x81, 0xd1, 0x3a, 0x1e, 0xcc, 0xda, 0xa3, 0x32, 0x1a, 0x72, 0x8d, 0xbb, 0x86, 0xdf, 0x34, 0xd0, 0xb2, 0xa7, 0x09, 0x29, 0x86, 0x6b}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x9d, 0xf2, 0x27, 0x9b, 0x9b, 0x9f, 0xe8, 0x07, 0x07, 0x06, 0xb7, 0x81, 0xee, 0x09, 0xb3, 0x1f, 0xc8, 0x96, 0xdd, 0x3a, 0xa1, 0x09, 0xe4, 0xf2, 0x05, 0x13, 0xe8, 0x9b, 0x00, 0x27, 0xa9, 0x31}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xeb, 0x47, 0x92, 0x16, 0x88, 0xe2, 0x06, 0x87, 0xdf, 0x43, 0x9c, 0x1e, 0x39, 0x2a, 0xf2, 0xeb, 0xef, 0x31, 0x67, 0xc2, 0x8e, 0x16, 0x04, 0xd5, 0x53, 0xe4, 0xf8, 0x35, 0xed, 0xc2, 0x8e, 0xb0}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x39, 0x84, 0xd8, 0xfd, 0xff, 0xc7, 0x7f, 0x0d, 0x32, 0x38, 0xea, 0xca, 0xda, 0xac, 0x15, 0x83, 0x9e, 0x65, 0x5e, 0x0b, 0x5f, 0x84, 0xa1, 0x5d, 0x10, 0x00, 0xb3, 0x6e, 0x3a, 0x3f, 0xf5, 0xaf}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x30, 0xab, 0x29, 0x4c, 0x27, 0x98, 0xd5, 0xe8, 0xd8, 0xb1, 0x83, 0xf7, 0x5d, 0x0a, 0x5e, 0x90, 0x77, 0x39, 0x04, 0x21, 0xcf, 0x51, 0xb3, 0x57, 0x92, 0x23, 0xb6, 0xa9, 0xa3, 0xd4, 0xda, 0xce}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x02, 0x21, 0xbc, 0x0c, 0xe4, 0x6e, 0x91, 0x61, 0x0d, 0xbb, 0x4e, 0xfb, 0xce, 0x15, 0x3f, 0xab, 0xeb, 0xbe, 0x06, 0xfe, 0x2f, 0x0f, 0x36, 0xd8, 0x7c, 0xc7, 0xd9, 0x3c, 0xb5, 0xcd, 0xb7, 0x93}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd8, 0x81, 0x25, 0x4a, 0xa6, 0x89, 0xb2, 0xab, 0x6c, 0x20, 0xb1, 0x68, 0x87, 0x12, 0xc7, 0xb7, 0xec, 0xd6, 0x22, 0xe1, 0x47, 0x14, 0x8d, 0x15, 0xbf, 0x9c, 0x35, 0x3f, 0x09, 0xaa, 0x4d, 0xa3}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x29, 0x98, 0x48, 0xe8, 0x7d, 0x8b, 0x7d, 0x97, 0x27, 0x18, 0x61, 0x42, 0x2d, 0x62, 0x55, 0x5e, 0xb6, 0xc7, 0xef, 0xc3, 0xf1, 0x94, 0xf6, 0x69, 0x5d, 0x26, 0xb5, 0xbf, 0xb6, 0xde, 0x48, 0x2b}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x6c, 0xf8, 0xc9, 0xd5, 0xe3, 0x6d, 0x18, 0x12, 0xa7, 0xf0, 0x0f, 0xb4, 0x4b, 0x08, 0x57, 0x47, 0x75, 0xdd, 0x5d, 0xec, 0x0f, 0xb5, 0x02, 0x12, 0x60, 0x57, 0x1b, 0xa2, 0x4c, 0x88, 0x03, 0x6c}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x10, 0xb1, 0xa0, 0xd3, 0xf7, 0x56, 0x9e, 0x73, 0xd6, 0x60, 0xcc, 0x72, 0xc1, 0x37, 0x1e, 0xaf, 0x1d, 0x9b, 0x9a, 0xcb, 0xe4, 0xce, 0x38, 0x96, 0x67, 0xe1, 0xbb, 0xf3, 0x0c, 0x2c, 0x2c, 0x70}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa9, 0x80, 0x5f, 0x06, 0x94, 0xc7, 0x37, 0xc4, 0x91, 0x56, 0xbf, 0xb5, 0x8e, 0xeb, 0xa1, 0xd9, 0x45, 0xda, 0xcc, 0x03, 0x6c, 0xe2, 0x73, 0x15, 0xca, 0xed, 0x78, 0x15, 0x9b, 0xf8, 0x25, 0xe5}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xe8, 0x6b, 0xde, 0xe6, 0xac, 0xa1, 0x0f, 0x46, 0x6e, 0xa6, 0xdd, 0xc5, 0x17, 0x28, 0xf4, 0xf5, 0x61, 0x12, 0x17, 0x85, 0x3d, 0x12, 0xf2, 0x8d, 0x60, 0x16, 0x49, 0xcd, 0x9f, 0x67, 0x66, 0x74}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb1, 0x39, 0xd6, 0xde, 0x59, 0xfe, 0x15, 0xac, 0x87, 0xb2, 0x69, 0x60, 0xd5, 0xe9, 0x14, 0x90, 0xb0, 0xad, 0x0e, 0x1a, 0x6f, 0xb7, 0x41, 0x11, 0x6d, 0xcb, 0x86, 0x6c, 0x56, 0xbf, 0x12, 0xac}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xec, 0x6f, 0x03, 0xf1, 0xb3, 0x44, 0x9b, 0xa6, 0x71, 0x78, 0xea, 0x5e, 0x48, 0x47, 0x20, 0x41, 0x65, 0xca, 0xde, 0xd8, 0x02, 0x04, 0xbf, 0xba, 0x29, 0x55, 0x92, 0x8d, 0xc7, 0xc6, 0x98, 0x18}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xdb, 0x1b, 0xea, 0x96, 0xcc, 0x96, 0x8f, 0xe0, 0xcc, 0xdb, 0x71, 0xb7, 0xf7, 0xfd, 0xbf, 0xe4, 0x1f, 0xfe, 0x2c, 0x02, 0x66, 0xc2, 0x20, 0xcc, 0x4f, 0x24, 0xfc, 0x1b, 0xf6, 0x84, 0x4a, 0x7f}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x9f, 0xd2, 0x63, 0xef, 0xd2, 0x54, 0x5d, 0x6c, 0x87, 0x8d, 0xa3, 0x57, 0xe0, 0xb6, 0x4b, 0xb2, 0xb8, 0x51, 0x1d, 0xf2, 0x4d, 0x32, 0x20, 0xc2, 0xde, 0x14, 0x86, 0x84, 0x90, 0xd9, 0x25, 0xf6}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x61, 0xa0, 0x21, 0x24, 0xde, 0x47, 0xb0, 0xdb, 0xe7, 0xf3, 0xd6, 0x1e, 0xe1, 0xc8, 0xc2, 0x9f, 0xea, 0xa9, 0x35, 0xbd, 0xa9, 0x54, 0x05, 0x3b, 0xcc, 0x89, 0x7c, 0xe6, 0x98, 0x48, 0xde, 0xc3}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x1a, 0x30, 0xa0, 0x1f, 0x5e, 0x60, 0xa0, 0x8e, 0xc7, 0x15, 0x1b, 0x95, 0x8b, 0x92, 0x22, 0xc0, 0x11, 0x9d, 0xbb, 0xcf, 0xd5, 0x6d, 0x40, 0x77, 0x3f, 0x5d, 0xca, 0xf9, 0xb5, 0x69, 0xda, 0x1f}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x1d, 0x6e, 0x0c, 0xdd, 0x5f, 0x52, 0xde, 0x48, 0xe8, 0x85, 0x92, 0x85, 0xec, 0x92, 0xa2, 0x9f, 0x01, 0xfa, 0xb6, 0x0b, 0x9c, 0x3b, 0x3e, 0x93, 0xa2, 0x4a, 0x51, 0x72, 0x6a, 0x97, 0xb4, 0x43}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xed, 0xe6, 0xd1, 0xab, 0x71, 0x85, 0xcc, 0x84, 0xec, 0x9b, 0xf3, 0xcb, 0x73, 0xe8, 0x57, 0x61, 0xf1, 0x8c, 0x05, 0x16, 0x4d, 0x3e, 0x20, 0xa6, 0x92, 0xeb, 0xdf, 0xeb, 0x5a, 0xc5, 0xc4, 0x14}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0xf4, 0xad, 0x00, 0x7e, 0xf9, 0x6b, 0x97, 0x5a, 0x64, 0x23, 0x4f, 0xc8, 0x4b, 0x02, 0x51, 0x28, 0x99, 0xf0, 0x48, 0xc7, 0x0b, 0x21, 0x0e, 0xf6, 0xe3, 0x36, 0x1c, 0xa1, 0x77, 0x9a, 0x4b, 0x9b}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x1a, 0xd1, 0x08, 0xdd, 0x06, 0x0d, 0xe3, 0x2a, 0x74, 0x6e, 0x30, 0x97, 0x8e, 0xc5, 0x85, 0x2c, 0xef, 0xb5, 0x19, 0xd5, 0xb1, 0xfa, 0xe8, 0x9f, 0xa2, 0xa1, 0x89, 0x83, 0x46, 0xbc, 0xb0, 0x3f}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x29, 0x50, 0x0c, 0x7a, 0x69, 0x92, 0xc0, 0xda, 0xd0, 0x5b, 0x92, 0xe1, 0xbe, 0x9d, 0x35, 0x60, 0x78, 0x62, 0xe4, 0x3b, 0x14, 0x8e, 0x75, 0x91, 0xb7, 0x0c, 0x60, 0x2c, 0x56, 0xa4, 0x7f, 0xb0}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x65, 0x78, 0x11, 0x7e, 0xc4, 0xd3, 0xa3, 0x03, 0x69, 0xeb, 0xeb, 0x27, 0xcf, 0xa3, 0x4e, 0x56, 0x3a, 0xca, 0x06, 0x73, 0x9f, 0xc4, 0x98, 0x8f, 0x1c, 0xa2, 0x69, 0x77, 0xff, 0xd4, 0x47, 0xa8}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x4d, 0xef, 0xd5, 0x8d, 0x9d, 0x79, 0xc6, 0xbc, 0x71, 0x12, 0xbc, 0x45, 0x6d, 0xa2, 0x83, 0x89, 0x14, 0x65, 0xff, 0x72, 0xee, 0xca, 0x4f, 0xd5, 0x93, 0x43, 0xdd, 0xeb, 0xa7, 0x75, 0xcf, 0x9b}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x8c, 0xd4, 0x67, 0x76, 0xf1, 0x07, 0x8f, 0x10, 0xe4, 0xaa, 0xaf, 0x63, 0xf7, 0xdb, 0x36, 0x4e, 0x13, 0x10, 0x30, 0xbc, 0xf3, 0x3f, 0x8b, 0xb1, 0x87, 0x77, 0x19, 0x78, 0x58, 0xb2, 0xdc, 0xce}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xb2, 0x55, 0xed, 0xea, 0xa6, 0x55, 0x80, 0x72, 0x93, 0x9f, 0xb2, 0xc7, 0x5a, 0xd5, 0x76, 0xc1, 0xf4, 0xb6, 0x70, 0xca, 0xa2, 0xa6, 0x01, 0x55, 0x4a, 0x86, 0x25, 0x47, 0x22, 0x5a, 0xcb, 0xfd}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x11, 0x02, 0x24, 0x79, 0xe1, 0x7f, 0xe6, 0x3f, 0xcb, 0xb9, 0x35, 0xae, 0x02, 0x84, 0xc0, 0xd3, 0x9e, 0x5a, 0xf8, 0x3e, 0xc1, 0x5a, 0x38, 0xe3, 0x75, 0x90, 0x9c, 0x64, 0xba, 0x75, 0xce, 0xaf}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x91, 0x96, 0x05, 0x9a, 0x2a, 0x43, 0x84, 0x47, 0x48, 0xc1, 0x96, 0x6c, 0x2b, 0xaf, 0x02, 0x95, 0x88, 0x40, 0x28, 0x16, 0xb3, 0xdd, 0x0d, 0x3a, 0x31, 0xed, 0x7d, 0xe2, 0x5c, 0x80, 0x7e, 0x22}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0x6c, 0xe1, 0x89, 0x59, 0x44, 0x39, 0x6e, 0x92, 0x39, 0x7f, 0xeb, 0xa7, 0x4b, 0x58, 0xd2, 0x66, 0xe5, 0xb3, 0x5b, 0xf3, 0x5e, 0xc2, 0xf5, 0x97, 0x9d, 0x9d, 0xb6, 0x86, 0x83, 0xd9, 0xcb, 0x89}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xcc, 0xa9, 0x02, 0x04, 0x28, 0xc4, 0x7f, 0x38, 0x10, 0xd8, 0x84, 0x58, 0xda, 0x71, 0x60, 0xa8, 0x09, 0xa2, 0x37, 0xfc, 0x99, 0x79, 0xe1, 0x46, 0x7f, 0x96, 0xf5, 0x0c, 0xbf, 0x61, 0xe1, 0x87}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x36, 0x67, 0xcd, 0xf9, 0xdc, 0x08, 0x1e, 0x33, 0x9e, 0x6c, 0x65, 0x2b, 0xa0, 0xcf, 0xeb, 0x10, 0xf2, 0x92, 0x46, 0xed, 0x28, 0x42, 0x4a, 0xe1, 0x26, 0x66, 0x60, 0xfd, 0xff, 0x88, 0x8b, 0xbf}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0x16, 0xe3, 0x3e, 0xdf, 0x4c, 0x78, 0xb6, 0xe7, 0x3e, 0x69, 0x31, 0x5f, 0x90, 0xfa, 0x20, 0x56, 0x91, 0x62, 0xc4, 0xbd, 0x5d, 0x29, 0xdb, 0x26, 0x36, 0x74, 0x95, 0xa2, 0x98, 0x8f, 0x64, 0x6a}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x62, 0x18, 0x62, 0x41, 0xfd, 0x6f, 0x3b, 0x64, 0xb7, 0x15, 0x13, 0x84, 0x77, 0x97, 0xdb, 0xe1, 0x25, 0x58, 0x5c, 0x47, 0x1b, 0x37, 0xcd, 0xf1, 0xde, 0x14, 0x14, 0x21, 0xaa, 0xac, 0xaa, 0x29}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x16, 0xeb, 0x96, 0xc5, 0xfe, 0xd0, 0x51, 0x38, 0x84, 0x91, 0x03, 0x57, 0x55, 0xa5, 0x33, 0x5f, 0xf4, 0xc2, 0xe7, 0x90, 0x22, 0x26, 0xae, 0xd8, 0x88, 0x24, 0x16, 0xf6, 0x6f, 0x9f, 0x4e, 0x63}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0x40, 0x44, 0x26, 0x23, 0x30, 0xcd, 0x40, 0xc2, 0xf8, 0xb2, 0x2f, 0xb8, 0x4d, 0x91, 0xea, 0x6d, 0x64, 0x46, 0x04, 0xed, 0x8b, 0xa8, 0x39, 0x17, 0x1c, 0x58, 0xa3, 0xfb, 0x84, 0xd3, 0xfa, 0xf7}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x2f, 0x56, 0x38, 0x71, 0xf7, 0xc5, 0x48, 0xa9, 0xc4, 0x09, 0xd0, 0xd4, 0xc7, 0x85, 0x98, 0xf1, 0x72, 0xeb, 0xf8, 0x42, 0x09, 0xc1, 0x94, 0xc6, 0x7c, 0xa6, 0x44, 0x26, 0xa7, 0x62, 0x9a, 0xf9}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd1, 0x14, 0x96, 0x6b, 0xfe, 0xee, 0x8e, 0x79, 0xf6, 0xd6, 0x09, 0x62, 0x6e, 0x88, 0x63, 0x23, 0x60, 0x25, 0x58, 0x2c, 0x0d, 0xb2, 0xa3, 0xd6, 0x6d, 0x68, 0x54, 0x3f, 0x74, 0xb3, 0x11, 0xe8}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index dbbc295a7..ecacd032d 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.19.0-pre.0.20241015212953-c8bf4a8a434d" + defaultImage = "ref/main/stream/nightly/v2.19.0-pre.0.20241017144548-0453f5b611ae" ) From dd385bce1fa2229fc2bf087563a10b273e5c153f Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Fri, 18 Oct 2024 11:11:26 +0200 Subject: [PATCH 326/380] helm: allow namespace handling for node-maintenance-operator (#3442) --- .../node-maintenance-operator/templates/manager-rbac.yaml | 6 ++++++ .../node-maintenance-operator/templates/manager-rbac.yaml | 6 ++++++ .../node-maintenance-operator/templates/manager-rbac.yaml | 6 ++++++ .../node-maintenance-operator/templates/manager-rbac.yaml | 6 ++++++ .../node-maintenance-operator/templates/manager-rbac.yaml | 6 ++++++ .../node-maintenance-operator/templates/manager-rbac.yaml | 6 ++++++ 6 files changed, 36 insertions(+) diff --git a/internal/constellation/helm/charts/edgeless/operators/charts/node-maintenance-operator/templates/manager-rbac.yaml b/internal/constellation/helm/charts/edgeless/operators/charts/node-maintenance-operator/templates/manager-rbac.yaml index 52b9e568a..c5d5a211b 100644 --- a/internal/constellation/helm/charts/edgeless/operators/charts/node-maintenance-operator/templates/manager-rbac.yaml +++ b/internal/constellation/helm/charts/edgeless/operators/charts/node-maintenance-operator/templates/manager-rbac.yaml @@ -12,7 +12,13 @@ rules: resources: - namespaces verbs: + - create + - delete - get + - list + - patch + - update + - watch - apiGroups: - "" resources: diff --git a/internal/constellation/helm/testdata/AWS/constellation-operators/charts/node-maintenance-operator/templates/manager-rbac.yaml b/internal/constellation/helm/testdata/AWS/constellation-operators/charts/node-maintenance-operator/templates/manager-rbac.yaml index fa9f582a4..e364d1498 100644 --- a/internal/constellation/helm/testdata/AWS/constellation-operators/charts/node-maintenance-operator/templates/manager-rbac.yaml +++ b/internal/constellation/helm/testdata/AWS/constellation-operators/charts/node-maintenance-operator/templates/manager-rbac.yaml @@ -15,7 +15,13 @@ rules: resources: - namespaces verbs: + - create + - delete - get + - list + - patch + - update + - watch - apiGroups: - "" resources: diff --git a/internal/constellation/helm/testdata/Azure/constellation-operators/charts/node-maintenance-operator/templates/manager-rbac.yaml b/internal/constellation/helm/testdata/Azure/constellation-operators/charts/node-maintenance-operator/templates/manager-rbac.yaml index fa9f582a4..e364d1498 100644 --- a/internal/constellation/helm/testdata/Azure/constellation-operators/charts/node-maintenance-operator/templates/manager-rbac.yaml +++ b/internal/constellation/helm/testdata/Azure/constellation-operators/charts/node-maintenance-operator/templates/manager-rbac.yaml @@ -15,7 +15,13 @@ rules: resources: - namespaces verbs: + - create + - delete - get + - list + - patch + - update + - watch - apiGroups: - "" resources: diff --git a/internal/constellation/helm/testdata/GCP/constellation-operators/charts/node-maintenance-operator/templates/manager-rbac.yaml b/internal/constellation/helm/testdata/GCP/constellation-operators/charts/node-maintenance-operator/templates/manager-rbac.yaml index fa9f582a4..e364d1498 100644 --- a/internal/constellation/helm/testdata/GCP/constellation-operators/charts/node-maintenance-operator/templates/manager-rbac.yaml +++ b/internal/constellation/helm/testdata/GCP/constellation-operators/charts/node-maintenance-operator/templates/manager-rbac.yaml @@ -15,7 +15,13 @@ rules: resources: - namespaces verbs: + - create + - delete - get + - list + - patch + - update + - watch - apiGroups: - "" resources: diff --git a/internal/constellation/helm/testdata/OpenStack/constellation-operators/charts/node-maintenance-operator/templates/manager-rbac.yaml b/internal/constellation/helm/testdata/OpenStack/constellation-operators/charts/node-maintenance-operator/templates/manager-rbac.yaml index fa9f582a4..e364d1498 100644 --- a/internal/constellation/helm/testdata/OpenStack/constellation-operators/charts/node-maintenance-operator/templates/manager-rbac.yaml +++ b/internal/constellation/helm/testdata/OpenStack/constellation-operators/charts/node-maintenance-operator/templates/manager-rbac.yaml @@ -15,7 +15,13 @@ rules: resources: - namespaces verbs: + - create + - delete - get + - list + - patch + - update + - watch - apiGroups: - "" resources: diff --git a/internal/constellation/helm/testdata/QEMU/constellation-operators/charts/node-maintenance-operator/templates/manager-rbac.yaml b/internal/constellation/helm/testdata/QEMU/constellation-operators/charts/node-maintenance-operator/templates/manager-rbac.yaml index fa9f582a4..e364d1498 100644 --- a/internal/constellation/helm/testdata/QEMU/constellation-operators/charts/node-maintenance-operator/templates/manager-rbac.yaml +++ b/internal/constellation/helm/testdata/QEMU/constellation-operators/charts/node-maintenance-operator/templates/manager-rbac.yaml @@ -15,7 +15,13 @@ rules: resources: - namespaces verbs: + - create + - delete - get + - list + - patch + - update + - watch - apiGroups: - "" resources: From 44b2a758ddad9a866c95493ae9ac43f5cab799fc Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Mon, 21 Oct 2024 09:59:04 +0200 Subject: [PATCH 327/380] chore: v2.19.0 post-release (#3445) --- .github/workflows/e2e-test-release.yml | 2 +- .github/workflows/e2e-test-weekly.yml | 2 +- version.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/e2e-test-release.yml b/.github/workflows/e2e-test-release.yml index 0a7044788..cd83c78de 100644 --- a/.github/workflows/e2e-test-release.yml +++ b/.github/workflows/e2e-test-release.yml @@ -409,7 +409,7 @@ jobs: fail-fast: false max-parallel: 1 matrix: - fromVersion: ["v2.18.0"] + fromVersion: ["v2.19.0"] attestationVariant: ["gcp-sev-snp", "azure-sev-snp", "azure-tdx", "aws-sev-snp"] name: Run upgrade tests secrets: inherit diff --git a/.github/workflows/e2e-test-weekly.yml b/.github/workflows/e2e-test-weekly.yml index 29f0f32be..a1067726b 100644 --- a/.github/workflows/e2e-test-weekly.yml +++ b/.github/workflows/e2e-test-weekly.yml @@ -420,7 +420,7 @@ jobs: fail-fast: false max-parallel: 1 matrix: - fromVersion: ["v2.18.0"] + fromVersion: ["v2.19.0"] attestationVariant: ["gcp-sev-snp", "azure-sev-snp", "azure-tdx", "aws-sev-snp"] name: Run upgrade tests secrets: inherit diff --git a/version.txt b/version.txt index 7969ff212..62717a0a7 100644 --- a/version.txt +++ b/version.txt @@ -1 +1 @@ -v2.19.0-pre +v2.20.0-pre From 0997ce2b98245f9a543c59bd142725163e920713 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Mon, 21 Oct 2024 09:59:30 +0200 Subject: [PATCH 328/380] docs: add release v2.19.0 (#3434) Co-authored-by: msanft <58110325+msanft@users.noreply.github.com> --- .../_media/SLSA-Badge-full-level3.svg | 47 + .../_media/benchmark_fio_azure_bw.png | Bin 0 -> 30975 bytes .../_media/benchmark_fio_azure_iops.png | Bin 0 -> 29702 bytes .../_media/benchmark_fio_gcp_bw.png | Bin 0 -> 30401 bytes .../_media/benchmark_fio_gcp_iops.png | Bin 0 -> 30221 bytes .../_media/benchmark_net_p2p_azure.png | Bin 0 -> 36902 bytes .../_media/benchmark_net_p2p_gcp.png | Bin 0 -> 36961 bytes .../_media/benchmark_net_p2svc_azure.png | Bin 0 -> 38309 bytes .../_media/benchmark_net_p2svc_gcp.png | Bin 0 -> 38395 bytes .../benchmark_vault/5replicas/max_latency.png | Bin 0 -> 21327 bytes .../5replicas/mean_latency.png | Bin 0 -> 18809 bytes .../benchmark_vault/5replicas/min_latency.png | Bin 0 -> 21414 bytes .../benchmark_vault/5replicas/p99_latency.png | Bin 0 -> 24062 bytes .../_media/concept-constellation.svg | 460 ++++++++++ .../version-2.19/_media/concept-managed.svg | 591 ++++++++++++ .../_media/constellation_oneline.svg | 52 ++ .../version-2.19/_media/example-emojivoto.jpg | Bin 0 -> 141236 bytes .../_media/example-online-boutique.jpg | Bin 0 -> 263458 bytes .../recovery-gcp-serial-console-link.png | Bin 0 -> 46134 bytes .../version-2.19/_media/tcb.svg | 535 +++++++++++ .../version-2.19/architecture/attestation.md | 409 +++++++++ .../architecture/encrypted-storage.md | 62 ++ .../version-2.19/architecture/images.md | 49 + .../version-2.19/architecture/keys.md | 131 +++ .../architecture/microservices.md | 73 ++ .../version-2.19/architecture/networking.md | 22 + .../architecture/observability.md | 74 ++ .../architecture/orchestration.md | 83 ++ .../version-2.19/architecture/overview.md | 30 + .../version-2.19/architecture/versions.md | 21 + .../version-2.19/getting-started/examples.md | 6 + .../getting-started/examples/emojivoto.md | 22 + .../examples/filestash-s3proxy.md | 107 +++ .../examples/horizontal-scaling.md | 98 ++ .../examples/online-boutique.md | 29 + .../getting-started/first-steps-local.md | 277 ++++++ .../getting-started/first-steps.md | 229 +++++ .../version-2.19/getting-started/install.md | 429 +++++++++ .../getting-started/marketplaces.md | 56 ++ docs/versioned_docs/version-2.19/intro.md | 34 + .../version-2.19/overview/clouds.md | 64 ++ .../overview/confidential-kubernetes.md | 42 + .../version-2.19/overview/license.md | 33 + .../overview/performance/application.md | 102 +++ .../overview/performance/compute.md | 11 + .../version-2.19/overview/performance/io.md | 204 +++++ .../overview/performance/performance.md | 17 + .../version-2.19/overview/product.md | 12 + .../overview/security-benefits.md | 22 + .../version-2.19/reference/cli.md | 844 ++++++++++++++++++ .../version-2.19/reference/migration.md | 97 ++ .../version-2.19/reference/slsa.md | 73 ++ .../version-2.19/reference/terraform.md | 37 + .../version-2.19/workflows/cert-manager.md | 13 + .../version-2.19/workflows/config.md | 353 ++++++++ .../version-2.19/workflows/create.md | 93 ++ .../version-2.19/workflows/lb.md | 28 + .../version-2.19/workflows/recovery.md | 179 ++++ .../version-2.19/workflows/s3proxy.md | 58 ++ .../version-2.19/workflows/sbom.md | 93 ++ .../version-2.19/workflows/scale.md | 122 +++ .../version-2.19/workflows/storage.md | 281 ++++++ .../version-2.19/workflows/terminate.md | 60 ++ .../workflows/terraform-provider.md | 129 +++ .../version-2.19/workflows/troubleshooting.md | 151 ++++ .../version-2.19/workflows/trusted-launch.md | 54 ++ .../version-2.19/workflows/upgrade.md | 110 +++ .../version-2.19/workflows/verify-cli.md | 129 +++ .../version-2.19/workflows/verify-cluster.md | 97 ++ .../version-2.19-sidebars.json | 299 +++++++ docs/versions.json | 1 + 71 files changed, 7734 insertions(+) create mode 100644 docs/versioned_docs/version-2.19/_media/SLSA-Badge-full-level3.svg create mode 100644 docs/versioned_docs/version-2.19/_media/benchmark_fio_azure_bw.png create mode 100644 docs/versioned_docs/version-2.19/_media/benchmark_fio_azure_iops.png create mode 100644 docs/versioned_docs/version-2.19/_media/benchmark_fio_gcp_bw.png create mode 100644 docs/versioned_docs/version-2.19/_media/benchmark_fio_gcp_iops.png create mode 100644 docs/versioned_docs/version-2.19/_media/benchmark_net_p2p_azure.png create mode 100644 docs/versioned_docs/version-2.19/_media/benchmark_net_p2p_gcp.png create mode 100644 docs/versioned_docs/version-2.19/_media/benchmark_net_p2svc_azure.png create mode 100644 docs/versioned_docs/version-2.19/_media/benchmark_net_p2svc_gcp.png create mode 100644 docs/versioned_docs/version-2.19/_media/benchmark_vault/5replicas/max_latency.png create mode 100644 docs/versioned_docs/version-2.19/_media/benchmark_vault/5replicas/mean_latency.png create mode 100644 docs/versioned_docs/version-2.19/_media/benchmark_vault/5replicas/min_latency.png create mode 100644 docs/versioned_docs/version-2.19/_media/benchmark_vault/5replicas/p99_latency.png create mode 100644 docs/versioned_docs/version-2.19/_media/concept-constellation.svg create mode 100644 docs/versioned_docs/version-2.19/_media/concept-managed.svg create mode 100644 docs/versioned_docs/version-2.19/_media/constellation_oneline.svg create mode 100644 docs/versioned_docs/version-2.19/_media/example-emojivoto.jpg create mode 100644 docs/versioned_docs/version-2.19/_media/example-online-boutique.jpg create mode 100644 docs/versioned_docs/version-2.19/_media/recovery-gcp-serial-console-link.png create mode 100644 docs/versioned_docs/version-2.19/_media/tcb.svg create mode 100644 docs/versioned_docs/version-2.19/architecture/attestation.md create mode 100644 docs/versioned_docs/version-2.19/architecture/encrypted-storage.md create mode 100644 docs/versioned_docs/version-2.19/architecture/images.md create mode 100644 docs/versioned_docs/version-2.19/architecture/keys.md create mode 100644 docs/versioned_docs/version-2.19/architecture/microservices.md create mode 100644 docs/versioned_docs/version-2.19/architecture/networking.md create mode 100644 docs/versioned_docs/version-2.19/architecture/observability.md create mode 100644 docs/versioned_docs/version-2.19/architecture/orchestration.md create mode 100644 docs/versioned_docs/version-2.19/architecture/overview.md create mode 100644 docs/versioned_docs/version-2.19/architecture/versions.md create mode 100644 docs/versioned_docs/version-2.19/getting-started/examples.md create mode 100644 docs/versioned_docs/version-2.19/getting-started/examples/emojivoto.md create mode 100644 docs/versioned_docs/version-2.19/getting-started/examples/filestash-s3proxy.md create mode 100644 docs/versioned_docs/version-2.19/getting-started/examples/horizontal-scaling.md create mode 100644 docs/versioned_docs/version-2.19/getting-started/examples/online-boutique.md create mode 100644 docs/versioned_docs/version-2.19/getting-started/first-steps-local.md create mode 100644 docs/versioned_docs/version-2.19/getting-started/first-steps.md create mode 100644 docs/versioned_docs/version-2.19/getting-started/install.md create mode 100644 docs/versioned_docs/version-2.19/getting-started/marketplaces.md create mode 100644 docs/versioned_docs/version-2.19/intro.md create mode 100644 docs/versioned_docs/version-2.19/overview/clouds.md create mode 100644 docs/versioned_docs/version-2.19/overview/confidential-kubernetes.md create mode 100644 docs/versioned_docs/version-2.19/overview/license.md create mode 100644 docs/versioned_docs/version-2.19/overview/performance/application.md create mode 100644 docs/versioned_docs/version-2.19/overview/performance/compute.md create mode 100644 docs/versioned_docs/version-2.19/overview/performance/io.md create mode 100644 docs/versioned_docs/version-2.19/overview/performance/performance.md create mode 100644 docs/versioned_docs/version-2.19/overview/product.md create mode 100644 docs/versioned_docs/version-2.19/overview/security-benefits.md create mode 100644 docs/versioned_docs/version-2.19/reference/cli.md create mode 100644 docs/versioned_docs/version-2.19/reference/migration.md create mode 100644 docs/versioned_docs/version-2.19/reference/slsa.md create mode 100644 docs/versioned_docs/version-2.19/reference/terraform.md create mode 100644 docs/versioned_docs/version-2.19/workflows/cert-manager.md create mode 100644 docs/versioned_docs/version-2.19/workflows/config.md create mode 100644 docs/versioned_docs/version-2.19/workflows/create.md create mode 100644 docs/versioned_docs/version-2.19/workflows/lb.md create mode 100644 docs/versioned_docs/version-2.19/workflows/recovery.md create mode 100644 docs/versioned_docs/version-2.19/workflows/s3proxy.md create mode 100644 docs/versioned_docs/version-2.19/workflows/sbom.md create mode 100644 docs/versioned_docs/version-2.19/workflows/scale.md create mode 100644 docs/versioned_docs/version-2.19/workflows/storage.md create mode 100644 docs/versioned_docs/version-2.19/workflows/terminate.md create mode 100644 docs/versioned_docs/version-2.19/workflows/terraform-provider.md create mode 100644 docs/versioned_docs/version-2.19/workflows/troubleshooting.md create mode 100644 docs/versioned_docs/version-2.19/workflows/trusted-launch.md create mode 100644 docs/versioned_docs/version-2.19/workflows/upgrade.md create mode 100644 docs/versioned_docs/version-2.19/workflows/verify-cli.md create mode 100644 docs/versioned_docs/version-2.19/workflows/verify-cluster.md create mode 100644 docs/versioned_sidebars/version-2.19-sidebars.json diff --git a/docs/versioned_docs/version-2.19/_media/SLSA-Badge-full-level3.svg b/docs/versioned_docs/version-2.19/_media/SLSA-Badge-full-level3.svg new file mode 100644 index 000000000..7154d4a13 --- /dev/null +++ b/docs/versioned_docs/version-2.19/_media/SLSA-Badge-full-level3.svg @@ -0,0 +1,47 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/versioned_docs/version-2.19/_media/benchmark_fio_azure_bw.png b/docs/versioned_docs/version-2.19/_media/benchmark_fio_azure_bw.png new file mode 100644 index 0000000000000000000000000000000000000000..a82ebe2d0511dc0a54f663e23c25dc275edaa15c GIT binary patch literal 30975 zcmd?S2UL~mmMx08)KVA{5>;}RoZ-&Tb58d?_q~4Sb@%Ce`;F%qHOfL^|Nj@(nrqIvR^2}@dv?RRo$Ki6 z=r&L#Pb<*Tt>~enTQ>gNYJ4T(z?wt&mypdFH5)~9eH*(=R(f&$LgD%u)6}zP(L&X9LFf=YwNzgF%Tagy>a7)mEi7mzyB^hnzqd15uW+z)-iYa%aPBY?=kt> z;O6s@%dT^%B`ZMGDQzdead>lvHK%P~P05pe?#4AyFYa$)>+7qHEl#F4s(z*X{llHw z3~K|^ugRTH(wB+EopRr(9-4pR*6Iiw>qYAybLClCS*7*$s+}di)z_D;uo>_9;$s#w z$f!F$KUTqM+L$ui6XvCmDMZJ-0&6AmesZuWlEx|(W8Gb@kzo}f8!Q~rly2TX@byh& zw!@p*iT=owch(tA^wm;x2Tke|dcDLKEAfZQIgYjyz13{R>C4`3o;&vg&%AZ(R$r?} z4mVGqJ=iu71_gFEw`&@5XW9 zfTWZkm&~Z`3i~72*w+~c)sqkK@{Zo9&evYsoMo37qnenoV$H@+rKM8CxpN8E1{)*p z-TQ4}ac+2ay4}l{Rcc$Xn2Ux?z>zN{zML!$ETbL8TOxCcJejIro_VPB^7LA2Rb;4Z z3?rYu$mr4Q1@}BX>w<)=~UT!htSkDoBEe)Xu@Zt=sN^}-h4u8S>0}E)X_c=gW)N%a$mzQTICY#LJW@g!BgQBL|+(NH!Y`Ay!oB$o&VfQ|Iwc$AyS!3*tK}7-{D#o-aEk-*hb0d>*I99wD zKSs4KPMyWk$;`~ma&oV3p+|`ycc^iFLOfQ#cYbDUcD!0{qAxaav8iRnkJM{}8VeKk zI<)ZJLRJU<{PQG!tjev`8x-E^Es2JNgjnWI`STg5;HW6Sl4ewnRgtk9Zml&4b$Lbg z-X9^oZ)uHmh=@=`Al)~fAM0=kZgf?ICgwOzouloS3Fu%b*Db}-!`HZRvaxk0KML+s zTes=x=loyrWko&Y#Hq=jn)4gKnusleA?mNFb3<8N`LzpS+lxe2pN~4fH-hRdk(-+v zqm!45HGX`tsXRn97MCH~e&okFKd#`aNV!BTeBZ)UTm8p}+gaY4=PfN}3ETAS5f>MC zaC9uGsE}hicFjiUc-?}jnDg{&ZI=n<&Qd?QXvIjCrw7$*;?(&TaB=E*^X5k%YNQ%R z;N+B4S1aOX*FWUWjlwsJyw)<$9=W@2+rb0e+}sgzq1vqHd@7%xxMlPG!z#bh0_HC> z*g(gLT24=6{~T_50k(J2Tqpo&WtjjyS{C ztr6^sucC0&$eKAjJ1gZnJGd;)bgxZ2gwrMJG?|hXh-Xi|`c>hW-H?s?(zo}wRK&T| zUcb`|#x|CIw}`s@@c~!2+f<8Po$%zq*LEwn3mLZkPbIvV<2SRO`_$B=Nw!J-&8uyP zG&+)9+j3pv2ZIDHPtq7RZytSD5yK-f*7aEtVaAt7R|0DkeWjSTlTY7cs5PhGijmIi z9Ua}(Xo*KVC1@j4Q*J$aUQEaIDU4M8hS!&5$GCKIuQs=|Jfc*`swSR}H~(;ZZQbnT zP)lIXHOe&>ZO2~LeZ{zEjm*tG!*js1dx4FTep3x4zFQ0DL})i3cW-Yx2Q zr1faJ;g=8LRPVyhtWQIo$=%fV%>Hejj7%fin#i5otLK!EG#Ut`@M#<0-m*-dhmSt@kad@I zQ0M%@0#*};Uoq9V*4}TpJ~6a(aHui0^a{dRYuok;(W#))3j18=84t=B!cw7nH*Tzl zpP%28E7>_YpFal*w70Zf$gs+2W>GB~`|%j~#5qEr{&t!sLuU4N)KqmE@pPJAIH!?OKu>V*N_JuT}; z_zcRAeEj-&zwd9yQictc$Q`E*m6xiTv|QCQ#qm z#U)<+6}NV_;UPP>XR%7rw6*Kk;|B%t%uNjoxXewacBPuPwHgIZrDr%!^yv>argoM2 z^L15-FWE3ohdTDLzq$Nz-IhQ8xP;}tOp;4%%c^w@hp{`dP1868@p>jTQJ3lxv`qf| z^Ut#H`R3d-{)mPH~KNuF%%vy{QT1_U0+ss$f zGhYqvaX@%zKe%g)VT2P~%-xMl#v6AFUc?R3&0Sh_8bh|yWaC15>qr?uK-WcdGNt$* zF{*loGwqL%hx}Cj4B5P#fkWw2@7(q|zQw{_=4yElhte zkz@1*_@_=d%cl1-Ab=iu9M}1gv(-`Z`~2R|0jbm(2z0IN7^@IB_if3vE!A)vsCW)E z)QiJAGnn2cefsq6udgrNV%JQI<9EZ~uxwoO?fV~<%ig`BaXxpO8%(du#uIVL_csA_ zq?X-YyJd5W=QEd2G}ebgPLpv$*9M;P4>o61d$5SNUMYS0d7U?pD!=Y7QO6Y9PGATb z%dX+poTkiu-|z@_4!=|U_nq}D$TFkqPYt!mj_o{Rcrn~bH8Vdyzy07`DR-V)6BEC& zk23Qy`{}v4V+%>U_U%8Shls*{ysb@NwKNyGPSzH0xht|fNBm8*rNyG#ez<*_Y#SbI3qY&n>Su0ohNp z6GtLB;c4znS0H^(D{e=P#&FM8%nhT?9_6n+Mnv{yg{X7JZz9)YF6a-wf2os^z?uCw>%<~27P;}+gbNv$7Y5qfy`%K1Udfm&I3xF+ zHs>q^9Q6@(x+XeNqgbbuc2#|1xJ?IO98%9W0{}4`RO2r%?*NA~8@M9C zE2W!hQ6Eexp8!%wUmgD7kiHOA*s9~+#28>hig7Imbt= z&07bovb^`p&>|xZf<_T4s5CC^>>b13u3%rSG6vRjXJ1?x7#uR8l`Qy}rhBpRY0Y{8p?h-Kj)Yhhh+%q~c zAybn~W!JZO>%qvUaclFrDT$rtUy~y!$Q%yz69)%FM4jSPb!wv(&#qYgyX1#$#~u#b z%LNN715>ErXC1jV&>%P_Dk4&os3T6T!pX8hK)qtpzVMVwiv!51|JV|4cr0FmAaL96 za;6;ISB(_IC%ZSE4bl@wl#5qOIvMIR>0fGFg3ZTjmD$@+(ehT`<^XCF#h`O^>;;Po}U z#UhXEll4l+f!&K3-vbZ2)dN_vQgK(j>}HP+W0^u11e(5neRyVOMzluwa-;1M zLz|^FD+k9p03mOi;nQ+`HPOLc*b(ijoMp>Y6E65i*=nP3iq}Z3iq}jh2lsREv3k8q zX)}|$xFO-(Gx;l5uH00_QQVS4!h^av+a!HVgBxAZ1qa6+i;IiAQ_Qi+uSgY&;DmzM z2PY%~cQMAYz3_pjXWG+;E@xiZ_ScQHo;a*uwuAb>ZhYi-MqZKEkCM`N@g-YIH?@-l z#CiDe`3jM-vK95A&jt&(=`=hzG|5CaVrgr|DlDu4C{=?vok;L}e*P&&-Ybt26B89J zyu4zMFA{q?ITmOXx9Slezge^3mwvTWV_&4YeZ5N`?63NAs@7G@ zi65e_^-N>d^kNnr2L%80-Qoa+LTSD3!?0Pn6-$ef=;PeN0fq2;%Hp}hk{&Fs)9*V+ zCUH|OkQ9Wk4eaQ4a$A_SU6}1pbnNt1Wng5C7HD(kEAN@$F>A|>M~xJvo#R-7Tr{C= zOG+`5x`7)_UKz=Oj~m+Z5NkBVyG#9sZJBqAyrUtuPl zK|%FTr70oEBKV1j%kezU-s-4H;<`;t^2=q5V#*Tt{fu)(Frl=Tj(4>fTERM>0i znLYThqO!CUEcu$d4KriioD|Aw+IXF&xsa&BW>-=m2<`)VcJ<_NR2i()EW2UZ z8r~#xCOJ>>n#MF!la_0{=f0K!-KdG1H>C~Uu-jZPB{G%&VBxB(LVPtBsVNtJ=F`){ z0f-FS3m*yF_W9u9Sam%-nT|aTZ(6@`qY477o`*b0i+Ikj_ig8=M+8+bJ>sc5^qzhc zvFcdxjsqGgQ4bi{HydcYwRoXyusA<6k}&-9d%k1)BLPawuBJU*{y%&+k1_S4D14dA z!kss7b+do{@4wqPWIy5=$#tKTx9zPugQ9cOkhlYwk@bUZc{)QwLw(heUTLT$0myoQ zw0H{(914%I7c91lm#kgZ+uF_9<@svEuA@DG-?J#_I|c{i8&gfBGVQt_0`6ZMZjHx6 z8e=mv5pED+C(qlp7o<$dH?4aY@@w6wp<+2DPY-eSwr&k75Yb`gdnXT!y4kj=C!Z9q z6T5W>VkeS9RmH5k%2o_hBxAY{>5B9Itk-d4Efya9hR>}#?g*f*EGc=9@L{B?*!_5@ zjYMOtWH^pUDN;grMX0L#Mkbnz^sNTw$+WAzORIgd+7NncGi^<@GOW%Z+}Gb+wf@4! zl(3Vx((Y6G+fe>XBIFE+7EgM@JB_+s^hV{``P4F zw#g~6NnNffr^@(d9@Y2ti8_gZi?RUnF2ox(Oz z6eAQMbuPjjubuX2^w#apm8$8IDmw*4@g)6p!?!o@jE;7=%Ttw)xf_I}CjRI5mK9eJL)0 z=d)db<`=l~EZZe~*%c+$Y}_qLo9rkLZp!???>cYqm#)Vm?s@?@y!y$$v&_bibA1@* z)Rk3T%sk{#at191E0HqgPVtLV?tO%qO13TPPH%IqPSDDtWH9d@az$oMPPo@5uGWmY zBmR#fB*-{WDk2sx$PTX)HoM=slM%;f@$KE31h&0AY)xjZ+0l48b`A~>*>69wf`wyv@i^4-1u|Ukqx^b{x6z$qjGh?^1Aw_N;A}#`1U8HLALQZBcVSh7iV{yB#h!$zSwfHWWD6nqby5!{+xaSiH#YQM; zgzbicTo)!(H|#ik9ND-QCyd$Nci|GsBW(c{2qNa2;e6X&Tj^ErWm zfrO<*Y26R1oKUu4eS)s^+p%`3*xK1monF<4KhsQ1pF>Sc5Gl0^7aq`slTnvor41}% zBCV=Vv@&gqd$;xYX**J@ayXlL_T_~N+n(EX^y+z#G)GVvyQO;J+N6Hy!?NKBMpagx z4;HePIP1ks;txqHhcwd+fi^RNM)De4^WUO43DO-yxatL1SA4XSKaR7AaEd!CV^ZbFvbY)!Y;EZAM*244Zr;9%dOLDbo^8Je9&ZHZKm^J8*~QRiQ*^m9Yr zkycXjDb?Myd-wdi_Kuixs1!0dW{cIP zzV_p%j|?f|wc|pa#(Tb}T$OgKi;~apytd`d5@N}lE|jXmtrPQ_c%-z+H=uOyYY!oQ zr8Q1{7H9(rHiJ5H^MX*WTORj?w-=W$U;ZN=rBRrDUhI9L*1{c-GnlFYMOHQ`y|uVx z4He`xi@RIt}QWR zP3CzY=a?+5t@-d>uHWpO2O5%8f)QdegYjlt5)Vw2lly6tZ)UzK7|!Hl>-#qm}I2KNCQ*;(eVh+3vT zfZt^Nt3jw}O@G(sFhE#g`=8HO|GwinREH8^d7LLjlqW}wYYq&yWT}FwmaH<}pN>B@ z26@rfl%5#kI%{NdJr{h630_F!^~D=_p67t!l+xNdFk+~JwQ1q2)^F=UnJhVKDp`fo zYOb~RYJGy%OFt9fP5y?9Wn1l4(;u;^;ISugyQ9t9a@YO#+j&4oAMm>*FMx%$bKE`| zHv02t<#=y(DsEA#QMH7_XvY(*1}Tn6@&#BT(UN60Rk!#(9-lCJjp^p3a5@Cc+4;^E z;u={^ZHLaSou32iXLD+@9ju{_odLjC0x_x-Ch>^kR(cWyugV z5PH0Y;Wm7m9`f9EO=6ra2Z zFe2NrfA`4lH7B?uY&hvOi4OJ8SfT%~{g7$7x2_ABCr_SKf}ncm_U!`y zJl&#=gd;$~`!qd0on)ME-@XY>5M>MX!vRFj(aA{_&`=~@6(y~=|L{lU(ke)Gxb5mo zLp9OfAYn@Qd)97aV4(a>n^wfa{CvhFVt*dQry{86nrKBfa!m?%L<)mRJdaQ^fgoo5 z?)tKw$F9XSH#gTrNNtx16>EvHn;O!pO+?M@&;YFYn|AeawTw6zE*Pfo9j#itOD_5;DLhxa4`CTSRP#%KiHI6ydx9VtP9#=&(I1$Za=o-Qw3R{2gVcl-uG=Bzb?(b>TK+WW8_qwB}@?#CwIp^nlyq zJXilfW2zMXt|AJcI9_0UqRkRgwS;__fPes~z!DB?!QI9!nW-qMqgt};*qU7Fn2S?? zgu2dBPu=}p9^q>1=FOK|W?OQc>~hA+j}e9hWbrY=O=JZ86t95#4<$gRSHFPh{j%xP zQVIaTBoD4ywJI7CFnjf3Jf4U=sn*^J0}xuPyLNo~0}oy{YiDo&mgJ%oqiW&W^}qf0 zn8E~94L8Bu_V`sl{I052vdIKc=;`T!Avnsdzb?#9Kt`-Y0tqTX1s?&fhMh!8Urs-i zBoPm{a|_qrcNlU)y~+XhgWoV8pBmKHl3{%o$5;NzpJzHcJ6YY_+%__s zXf+wDmaV-Fx?jCiC)-{=F=sM>|L|!nP71J@yVyoNvLXodnqbNp&licf`z%MW4^;p>2j!UeL#Fb z=^=3Oj=TG@T8GM{2Y)a#Cjb_+V-0Z$y)$ikUt){d)Th>C@s>n!55HhxS zJ=r(g;VqW}?PCGd)#%7bQXlf3D&V#v_ReOkO9od_i*SD^Uwqi)n5k9oZmb}ZBB|=J z3Dsa}k2sDS0(nZW-*&JP-jA9Dtz))B&FVCU-MixeyQws@=C>~Z5c=?Oz-oT;^Yf5j zU*h3S01-KGgI;>R2m8VR+zYKP8lbl%fIoH{w{{%3Cw3@Oj^O4=Tu_eJsEuXj`=g(Mq`bG5%ujXLFe35Ewn zLfy|!4HFj57}25e^`%qE1N2zm#Xvyi+FTbW!l~k&Qc75ks65pwtoq=ln7nEnWCf9{ zN6Hh`l3q@XeF;0u4^zvfS=8QLhggrK~lhB36 z0Seg<9xRL2hGJUi$rKAEVSnF_tB9vCaA;)PC#8m60V@mLMYtdaGv2Gc#M;cBQN> zSW>q5+QT_eBEbod**fqJ%E0ffE>l{O^v;1tO$mkpsuC>c<$0kC-*9_8f|@JW$*EN4e0#337$h zuky{q!$axHmGIH7&;2!Z1?N258JZAr;}#y>yH^SRX3NzIWRG~90+Lur?BGy|ivq?p z1QA9+sWL(fzvECwHvU**I? z?4c415BLDv#d!yOm7{#DUrbC4#pk)8&dX+|c}rhy_OP>R9-kT?mmVKubf;%|N+Fd_ zbTj-6r|)mBn{Vj%Jk)hi6|1B?3GJdEpqONb5Qi?t4LgrWLIGBVT*5q^FbaN(otL+2 zT_}&DnwnZr_bZkw2-JjqMI9N5v&fDY`-R}M{djn2?SdcEEWV$NT#za28F}&I1&Gkp z!Y!Xd#q*GPbU%9uok#}%DOfaywU901<0;}05xKBz*|O1}7P&L~a=!?}?sk0#s3*sn zPQO%C19$G;jk);#re)vCl`CPM;w|4H$KzHn24%}DBHo^twdv3hh^$ITa6f|ckQs@^ z;{1z~D*mzG2Ku&n|DrkOpvRE|l?uT+UMoulT0lK2H-7t{7hR^myVG9~L;k^$dcUHd z^$Nl-xzfaTf`}Az{Kj(R&_XPi#!Qo0EeBt6Cd$sfqsj^hFq`49UVF zE2L>lS;8bmts*2mif7Ss;mbq%_Rn-Do^Lsb-Mh{Sx}*lLpK8@vVqfGNgP%y$^UwZ# zMVXv6JHpO9+y*80swLOcWmNXB%N-HBNoh^2V5pF-0_?EsqGM%zFi{1g3<(1k(V(Tc zEiDSFnobQiO;xI%<<`lK!zJQGNI>HDCH5YuHlz%Ja;t=TCcd8XmWG5sGd(SMr{XLR zPCrRpC|j+BkNF|{fKKRrQSVn%)a#00Tx%wz;z+d*dSIuR^IMIytL*Oims&1|f&f|R zWpLR`8HI6*Nj(>2ETNXJB`5_VR$17~pKStAGGrjZ;hZZX1;bi6ctjkSAx0xL2Ga3! zgl%J3(Fi%BC?^^LT7po@0fLs7gN_N^2=}>~{&or|NM2qZM9l*};(_5UR8v)lP|F2i z@raSHu=iRQ(kF57oktPOY}`a}9}+Nfz-8ZztSrqJM{$HXrcjX~PzF6kw(EwsLF|xv zazV5+61Ya5tINwKOO)0oyLie&#S^hbYGaqf5$$D<4Ph17qp?zkfRM9DZWE|ir81{} zcSc|bV)h{hzS!liPENyzFnBIPwlpDmIbi?7W_0&wg+diB}On>XQgl+XG3VLdGz zv86B2JXb#J+F%XzQtDK~@AOQh8!(Sju2~lZ5Hue=h+7%$?k{Rxlxc*^0E-jWd2VaX^x0NFb zXV9{atfY|5aH|%J+kDbpdX@y3rl2U1X8|kpltU@%xtPoB0dgBNZK44kBY}6xDZVeJ z!X#`{Nh($@txUtE#f8zav4_@wuEOfdB>-RhwTp_DtqO)LY>b?Y2U6Ia_PhP-D_J+W zsGvitAvuNN#25oM?G&+p?a3mZ04mNH?6|D$t(!LqkRZSScEWYgEO0|e-5zP@#C8|_ z9O%mk;Dlc^7@|Je|9)Rp?JvluK_T@aSOKW-u^|0SAal^dLD!ieMndNFCd?kb(+K50 z2vm)iAv#|2ggVsDR)a!8o`mp|Ac5Fn76q?ZhaHH|3_I(kg8U0VN*p3rQC4}lh-~qD zSj~VyYEUOkfGLus!Sxo0;~azJOptP`^Oy{FNCuSOYcnUgfh26CFImFX8+IDv(m2Ax z<||;XO)3HQvWhE&`6x=`g5h`Q#QtBVN9$4(tdEu|G zq#q1NU7CL*d%9#fi7DhsG6Q!}s5^>i_nnY6G1@Nw&k7Lgremg4CI#KH`4?t65_HY2>mDJTDPD=ISroks2CMy-*K|lCq zQim`EevZ9mH@OV#-{2Z0F?ZWRwdb6w36eA zVJSJ)(sEVHY9tz#VaC86!NRsyLQANM2ow+z5g|_U*m*=gqI-b=?&$3$mV^EXKkX`T z&rd0)oLp6ANMpS6O&>Y}LE5a8(G<#30ZM zBPQ70^9br#nIn22VWI;}zi*pjNCRLU{QBlBp`t*e!Wpg8+x0n+{(>2N-Xus9BnFmA z`13Io9h7Kzi)A}e&Jd})V`wM=S{qx7Yyq6-90>e!+qo`O;xps$VHU(_0JZKsj#dqP z5U6!3jK1Qq^|aWvDI*1uLvsB(9kDABy;?B`P!#7$mN2^nsc+YDmIono?&$()DEZlD zJ^l02BW6(zydC-WAMtjO>ssDgo`PMzj$}(fS1kw@ipZX%0it8@$2!M#f#~E=h?I>d zG80gH0DNR%d|m=&7i5(Ia@4#rkRzu6m&r0g0Tv+*+7aMCm!I#~$c~|^NF>TwX>LIS z{5HtbVaV6#XhasoCij3ta2)$A;LD{YOaLQxuNukD_n4g-P$i*v8gpH;wA~hLML{KC zC4C7r0)c>f_Z$uNQ#`OnKagh)>c|&__=jS=llO{b^3WE%^7SQ89I~G1$PmYiM~Qd< zPVFTKdMO$lx(VR+df>+*xV#pAXNu`|)k?)muv8PBemXHQF#lr6;r)SXuUTQ6HHsq^ z3#1M?vXUo_{PRNqIQcL@8$&1$q-u^!+rY?s z8kN%*Jo5zDglL^S*T%P&VSrJjmw`$nlmc+1Avw+=+Nqlc* zMnX+McKIM2>OFcbW>~q$cA!BX&v7kA6+aQBwpfiTtdVWA4sb#csus`p^2Ula=V-R6 zc}md=J4GFBf;w}EBLr%$3dqw=gdG@EW1#(=3p^SRtQn5lN$^nqr=R4Nn9m@5Xz7QL zULd5fUu-}Xp-V}x6F8}8L|c^>?%e5Aa#}h~bn~1|GSR4BM%}oHq8(z+_OxNbR9lh9^C%t%J@Nj6Ga1`_GLr=-YO*iU# z$dhUtcOCb%7^M(MEfoY)TTm@vVC2AzkUIjk`%l6r^flBh)XxD%XJ&#V6!??~F-t@m@x|#=DBt6MvAB?!D^VbKKr=^crOdO# zCm_@&;|%bTCPcUS5%<(b=D9NxNH{gPW~7ggm`UpHO^_G(nfHLR$NsYAD$;FgpZ)e` z$YBWf`R|AQ|>0)Qn!GuD%BHGWU}%zF&Ul&K*K{5s9c&7@XS^*j@>$M8b~&2qP~D zm=^&%nEC|4ui)5YU<<_8OWPY)L1kwBM=EpCewIc66!WI*+OaB!Tt+@_=RgiEIl{pV za1W5(l=eB=8HExp97Jd@GPmp)9)Jto#zgseZ<_~z8z5{OqsaKHQ{F2Exdvj@GYO9! zFVK3L754^|GpUqF!$JxA^B~{xqf{*6aO(0mu<0seBxEZoNG8+Ti#wmxaL&WobmYpX zO$7R(NU4i&1IDjEHk=)X_4-Bdp{nzCtX^USU^7PgIw!Etvtii+M3VFpsG52U^X*>Z z8WWcnwSXub>?!l|oJd}q)3;$&<&ptsL|>PqX1nl|1$-_N)SE>R_p=m}?T;T*@@|SD zo5D?_mVUIT4lO8f1>it@igpJ13V`54N+O`xXb>}*_9HJ9gP(QhVrLWoJoA8bnns-S zt@@9N%n-hfgGHTun$$?Kh19_5G&w*_$}nEP1Vf=YrURc59w!*Bt5D2nP`+WOrBLB# zc#7YnO7R{P6kP|H(^>3&7Q1E3LBD>zB4k{$Q)sShB~Py@Uo7Ya`piSWGg-01a1 zlx0yMItby*#|?3sRDrFobEdHe!I=_aoT&QbY~nbPD@P=7fC!;O;vfZxC_|VGvcsez z##s<{7!6l8faC!6;V~gm<-}%AgCwaz%}>Z3Y89?=kc8gvAc7%Uu(qssC4Y+ZHc`Tv zXh?h(4r8xK3p?tk{j)o;VP`-F1&F)l0_ep6c91azIgS&_s{?y*p@Xhvk5@^JB=ALh zRfmxxgn*u3<&|uRNHh_ZQP1GPo+=*q%GfG)?YJLte)q$(QU~<+&4yJ>;$+c&bavoj zstHIW-Y&?8M7!5^9yx=Cq#ruNELgpe3upp`E}26BCb4JOSd%5xY_13r3IhpWa4Zju zLtO>r@7jBR>?1~$Lt2?izp57m#V9NwX?x;_UnJJm#wG>Lkul&4&t*;>l!V)i0c8*F zKb3|?iWi84_!M~b?et#$86uU={eXB zW3W;8g;zu4dIEACBK+0(NL*}eup*2n+D?P~L{NrYuX6tUW6)sTHJ)>Pap)L~#KdclEQJg)H^J`E{#aS=|q(JN@zQ5@B`@Xx2*wfGjr#80>in@W% zWWx~40j`4wr2)j1VJISbg_scldTB!&Ho;@0?icDl{bA--K@bJqEH`RfQ3(>VsWHbX z-L!Qxj>`2VrvF7mmaj-$QM|W!MJ8N|NT4B6ng92?@#oKj+GAlaU&bXP<6S_rfGT{O z<7Ipm#FEnZ7hY%V-J6S0Kop^jlY;jMG7US3P5C(n-G56wcKSQ<*l>IrF^`xIiCr6u z4zs;5&gFTU59lBQdWlN~=K*m%S1>(YN&(25`E}9AF`J&p;ZAIOE~h&n+h>BDK=U!P zLknKnev}OG0G(5Zz(me67|d5T-al7L;f7elwY`N+w&0i>Dia943Z#>aSM|Nnex*WU z4qaoGhth{MC#b}!y?`cf49rgaWJIK)7oY!mqtxKj;}b9r*k8=KJrT45ei_YG}2w{@U0` zR;i~whyp6ai+r7Vj_bPn*0BMnfyu(I{{Fd7{j15DjYOg*<4r&rL?bnj8-H7B^g1ww zGJzVTN(W;S)DK=B zr^X299Hrw-LNX3(FKPBfun#KS9i^HW0&XRdv;%;AK}ow5V>(qDD3D0pVR%aMpS7mg zwBsk?#0!H|hY<_3Kk8^)uL{sM?LjJh>=cq*~6c7kd` zPq<*qYz~HaEPxO~x9i7KrcNlC2?>EhJ&xDT&W^K2LPA2LlbM+r(d%jTC=PZu$jI&8 zzFNd80JaGI`DmI@Yr1C%@f{3rQNZ?n2rHJ2mU(#3C6zMek#FBF;yhOLa=5|=*9l?> zU%){fxKXjdR#2Nn+RC@$T7%pZ@=XLAqvJAByU(0huH-_VW%2rfM#VA~`RkVl`F}W6 z;Jv??`-Do25>YP|5eGqD#$cep30ex;L|j0Vl6o1GGNrfG_dDtQAg(K5m)aB~MUuop zdZ{K|{urcP^mGTZQ_O{oWKvdQugM4z;&~y_8unk3TUA6E|x*)CAlS~UmqYw6L z!qAhp!yb?siXe!XXD3~;V)Ik0Ra#8Dk_0qh7|je%P=9BU}Ocn4o?Y1h9bTb{XM-d9serz4vcRcnPct5A|X=xfCHya znHlBjNPo@CVfs{?LFxTjc9l5 z{|gpikL!gK|K;Ph{=EydyKskh)gwBEoB7`*d-s!_Us_vG68?Vce}~y&|K6ARC-6ZH ztsns5!+8nv9WAw#_nF}IpX7gkod5kEA4-2+Vu6C|>`&N|Ne3=Mx?F<3ID?nZFYcC( zZiH0!BpH$34+uas;xVDTl}11Dg{Mo1NMN@CL0*!f0fbF#a~^v{@+dL_Ap)o^^X?zE zjx*Q*5!hGs74(2RD4jtkq&zCoj_==JAjfHT!W&r!v*FfFoAzK71vEn~?woO&E4u&O zT3Y|LR=>~3ox3oN!808ef(RTxR@S%V{i?Z&W9e-ya2{Ce`Gtp5kC_u((6 zRHnuEnv=V`XT-?^r<9;jz|#5Ode{$4nldDuG(Sm77r>f6s0i{PZ&|5? z|AwP8kyJ;d{{~!eZMwM*Vx8Pp4y8(hc@i5nQE&g6qYzZGG~G_$-wi+;>44(KPUEN; zsjTDF-;h`q>+#Ds^8D}XcQ&;tJRAvSM1sST7Ws$5s!3`#xGU01(3A{(tB&TeBhi72 zKYv${Mst8Ps9tG=*UwP-z9-8fm49AnIRZ6cUvV~3fIGpE^U%uh(}GKoXZ6uoY7WoS zVq&8cv_fxTTVuj?M~$;qi7`}7!+8@d4JKbeApN`)>a6ANoqy{P?C;4#iqZlzyzi<=;QP0aOPY>iAPQm#1jGtKoX%C zN~`+={4{D*&OLjMqnS~jjC}*SAwKF#^tI_WyT8|kH^(_m^eGPl&ysA8;Vy9~SPeTq zJ@JZ;SS#7fw^A+!6-xk`E&@@oyn*PxubAjJmVF<^`rm;2ZXX&lLvgE*o>IohA+$c} zQ~YrnpP_r=iqRCxa$Sl)fcFmFAuZ*p$;qQw*Dg5Yj>6RWIxPp!j-LnKsBRR^O%gPA zrKrb@K;7!Vw?PZd(CgN2+?ZBgxN6OsK&*#Gzda~-4@z~C?pZ#)5(cu<`--Ilj`Y5m zJVUifdwlm%zn2Mp4Z1~)-$jx6g20$H0@}gHS5?B>O6X1aSlzm&#p4|UD{Ns z_zvZ!G|DV#;13U;!qaEY_(KE^gltg|y=&|R=^gh#&Gh8T;^LgSUqAHo1T5_RCs#nY z84;H@Y0{&Z&S4ci#@*Pqs3dA*WDp!7UxmNC#s=zo@BjrIrIi82#dYc~cSO}xy5RA- z_RtVYT7Fs?l!V|C9K9YJt35mlvwl0a{Own@o1Wu^AM1M{TO6U40ldZ~-(Eh8Yg`71 zRtDVq*=ab(0M|$coFnZ`@BI&lhS)Dcwj<^Y+z>V@QI24dhr2*HSj3^KlNYO4hda(n zg@@8Yy$Jp1FacB}@UT+JSRB|UPK5%QX9j#I>MFiy5LA24)5nRb*tS%um8OTPmi$Qr(MC3`a?N^~zVH+`N!UbFzv^5S$l){X!@qT_`>3C|P z)(P=X*hdN#T%DEiFq%&(RFE=W*?)=HPJ|4AGuH&`Bg?oKH9U=c#;?j2V-_fY;GE^c zAm#p~3M0_Bo4j4m%$_;HR!LmsxYv@zy}sLEkuB8uC1$r2I7Ch(>nUg27-3|JD)OKz z*-YHRjEs+No)I8H2(3uKD(D|lp!YQ-g#oe-C?!IVha4+2E~W%}6vop!^iEHJtTh4d zugeCGH3CIO>UmTp-Mr5uQKEfm%G4>-S~-$hU&}+Bmp|KTu|s|{&yfX%F-VFSqmS9= zVNRB5Tdo#&_RpJ&T#XpEN#gkP<2Qhan zEmC>&7H4CtlMyLiL4&lc^KUSyM3TNr@y7+3?_YSlA*A-w<-h%!<(Bp;y`}wTTVSk5 zl6AK%MsDaKIU1ti)WwVhL&B}?D;^(i6Zh8$wqH43G~jO#!ULt&Qs~)Nusn~TDE4AG zmAm>**`kvS27Uf^4A}#*YwnB3YVH7i1J6KVv@0t3wZH#<1T7R@aGWeTvXB{H6h;6N zMVu4CF)~ff8zY~*_nun4W$V_?Bg2=LJ3@7pfruPbg4sk^En&F=T+@rrUS9euvbn)}!h^VVkK#0ZxOtizNTzAm)0-t*Q{SiWq5XBMH=gTi<5 z-F5qZw1rh-HqkSfh<51ySUOJzZ|=wZs{MdZUAXXtJ9I(CUPAYf42ga)G<-&w|BPzv zDy};g6|^Pm*IY8^Op+H3L6?FYP%C9VxdK9NlR<0#%5ku`yLwxLm*W$T6zuyxc=&&~!Q6Z&JHD2^=uYjitV^-WSt0@CKICsznovhP2L*^H9BXp=co zNSQaj4nVgPPILqh-QYnXoIwY;!K8u2WKhORL$#1WVpN9=Ov|lLgkMMEfz$ddoC+GGd}XyNjAe_pFk*hb^c+f2xe*p{_?!KD+(=)P7@CxJQm7eUVMbC^=15dKN^X- zj83ClkP2j>0v4$gN+s$f6Oh=JeP0BMN&C>cwQJ=8OHqeyHgLV{wS)j!`{L9ZGF=!3 zN0No08jJ{D`!3#n!X^3NXa(-^4xf1LdVdfOdak7Ii!9(mm zGtekx00JHXC4a>XoO1%h_sNuA5`0NJ18FkDdKeJoj~83JVFN$rCP3zI@9s7Le7@4^ z(9OhW`Qx-A2Da@hMnu_jXX;xXx3F-dQjAiuBrg((3Rwy?emw&Xy#vT*45CW_lu&=z zMm5KJy^G8NiwZIFhJousgU4>6DzFKK7*|jt$xC{G$f|UskFg8RH-0QQAI*cZW%up@ zCAOp@;`Dt5*Fj-vY3cZ2Q$65maSfP5NnXG}*D|NcJWd`L%=*ZCMo=}Xl0d-qKrn1b zKMsYGyr|CJ^nGEYvhgff<-z@{ZmS!n!_2*0IAjMzCti|dfEZQOF%=S~s9<1G>bkUn zVtGsz_C|GO-CnpMb^vLJd_F#*XoqeYSUL|10q?Qpzz~lxCxTu6Wr42wn0FU!DFPry z_k(7YT^8)>FpprZhn(;kBAi8RbIIndaQvO|k zXh;Dh)?)-jzFv>yz{nElJ)|K_WQ{#YRy|Jb3+AsD16H$ro$Aip!{ed=O~V@@#2S3- zuP)U6Kv%EOjHSZpLbKUi&7DLvM@e2ZCs{5RUKq8ve0VHm2k9zBd8mX}jXj7bCXIDy zJ-y3t^{e+@s5=0Ks^Eov_si^z6+xOKZc0>Gn1&`!a3KI|a-Y3}LoY@`RwCcp;*b@! zPO^PO7vvGR<%o|5zr7Z4Hcvzw*c=0x`j3EeM(eaT>U$MPW{OO+9V3|JNrMp!$AKgE zAZTJ@*dnGeUz`e}bp4%#?cLCx2lP!m0}v-wMB#cwQQVI)8>Pl7~v&&Rm|of{qlB z=pmpnF8ew-ImLpNty@}Rou#m|zS6neoM|gXW_aV>lp%x&j`jK#JwyzWK*LptV_&pj zC(OE;juRYihgtd1@7|K_polWrlEVul!=cDw19+%wr@To^w8+<{*>FeXTCz&NSatHY zzymsHsc?GSy^+s#%sf!(oX@4OCmc|lSyNaOr>?-5~GaUC`Nt$q{K?U*x=0apDONLfXU0Aw>|RuoD9|#+c#J z`R7tE-4|UP zuWq*kfkb*CAV1ZE|9TF$htTIpIp$CR+$b2hjT>ISc(CnI-}utfvn5AVhmd^7OLYsk z+KBL=aJGSoQ?L`7uslkP&i?+u~{=G*3S6#F)`c$Zh7{W<4`u@?VdM#qpCfQaRSU3lCKcr&!t)jy zVx?3>bv;N+3fZ?7_8V@Ae-%$rVD*hp%U&HXZm%WJ=*|5j^MZ)v+5uxMaVJlgYoBo_BY2ZElD}6G9OzZa)OM<4sly_ z@CI1Kq==nk18*t&|>w2<-kKAfuMm@f4pdL!Tl8B~pA{0>u$T1oi|{v!~$ zv@rT?8zm2N7>1?`3JR8I7ceh@k*r2TiZ||bdvC81Dem{nh0O2JSZZU?2_+4*@0XS^ z81YMtR466qb}r{sKX%A+>mNv;MVHD}w2BgzgN}~IRPoR9%ZB_0;0|}y>-~^HiAYNR z#~+01ZD{-heY)@7y*sPzinBrHp(1YjUnF?o`Sa&1`#aDYf$w#U8uY>(I#|qr64IHC zGa7JW%qH^D$Mqw=9uq7;Oc6xJ;q?8^b}}-mzs;*L5y)H-gc`F0%jSJA+K*xKDgGLg z{RLVIxGN%RAfV{JtY@*_jXSY0yesfGud2d1Y!VgZvQ(zTvUhGCXUYEyeAc<>9_(%Ie|GMCn)}8#bCqklJdQs9++#1o)E3A|hgdDJbTeu6e*k2g^5*-9*3;$Py8G zQFliaL{MO$6;RYb0hJVmMFsZv_q3n)<91G8a2RHu=YH<{y8dsMPcn_qa7p$l#3?UQ z0ng{P`K_3-0Q^&!DT_ds7m(#p?+#@HGLqvwNpE23H_ z4$Q~(aSOoPJ?=#3_(y=1jKBuYIr&t~0}OI6W9Vegm~eb>yXNLlE>qMmD zpF7@MJxJqODBKc?ndXp&B1^)2Ss4`W4TLgbrK_7i6g@+NJXSm3CYFur;$v=$gzOxk zAG2j`4Xb&=r>Q*fQ9m`O`r_<$IL;cp0`!pxhm|iwZbMp;?8Y;-5*n`LH{G~iDqj0r z3Kbzl@h%lD2jv^Af2Y%BGh*nOn(%vhvh@lgrC=)z><0XmcLe!i5p#Fo=gYZI1~;%E z2t(yakQy)qNGYmR>)Ea2)q6`(T4WVSs7Gl_^)M4z8^8ZFrB z=c`SXw6+94Or+2|sO-A@_RB$v9~kCVI7mgc^tq_ll33KfNVTd!M-Mj)Mhu6$e>kZc z<@q%~j)cf`tBN#Gp1W(7%=swUH`y{%fV^QD3p|mQKz)W>$i#cfq?tusYk^-O!FD`s z{k3eCCIqX(QHstj>zy9s$I+xEiD)IR)uE4Xtn1VUAG&FRH%FEB{SpqO8KK@xR!{$| zF7tz+7#3s;MV(ST(tlvdr{O!47V`IwzNtDLp-6DUuN)Hl{u4^`gVcb9dr*_?s1N1& zoyEQv{^Z}EUBD>=HebzZPZ&SJNF09#vbd!>lnH^?wSZoj*QS(qg$JoP8H;$7)uy+sAj$|Zy5Fc1JGe*|^YL+cJZE7Rs)R`q=;2R|BW zU#f{uVYoEYu0U*DVEa%1;%Z(*MakYV=ckOK69I_?V*r??LY(&yPK6emKLEc(QS!E_ z1YK6T3q{#v(;+w)W8rR?@WFg*{Zfok13tuPlC!d#!^Flf1`6)09ZT>)#UG2J@8f;+ zZ6!p3j`{vr82iG|qTeDw8G&)-FNgTQ!dR5xnhg`ydDAZKHb=u)%E#Ca=NEX9xx4N4 z#^Y?>mqz$-dhA%jdTI!@6}a=1Qr*Kc6QHluutr39HJU^rT8<$S`w){B=Gtw&Q!TUf zsHd0f6SfI=s+NRe(r=rO*8Rk~@s|L}ov-NFLbZ~++~>A^vfWr#wPBAc1HYI(w2}Pf z)+@p3t?Z(cO_q$^H`eqdhEak!k*p=4sPn#m9F%n%@m00&bgp|1+I$?3` z)k551P9B3n_?Pn_1pwu@gxVUr9wJxr@n<(24dP;?%vp80l-r!{!r>z}^KHPHP?v&^ zj!RvMWxIpPeXx*`WEtT@Da=Q@TN@aY(~)Bu7_zYUsT==5%yDYKKdIO`arVCb=|+)U zTKjLM+wIvPh>w7wB{c;b||z$v%D%^L_QogH8g7N z>g9^HGQ2x(7Tk9G78}d>#@*%u�awQ>N&Uf?MYaB0>911Z$XQDz2h_WnZ`HC#RNE z!^--ER8y`idG#DJ^S*`AQZ)A?B2TZ|+U9cym9>-1W^uOW7)R$)K(^14rJp}O1A@Q{ zrD^>B&i3~9ZwxdFrH58lL-w19_n8aC@{_8<#c;ask%ydW%RddczL*aLqkmYN)lE0BH1lmwgU=85$AaQkE| z$SA!pvu{qynrTubh)%=0x;k&Y^)UO=M~e#%SZ((lWO%{q7xTG2qf>|%t@mm~3CN3^ zB;*8ARS=rkK2EE0e&mQyn6ScOm$F^=^?VT&0`)6)?tZ`SpR&h}CF@FdK|>%7xxfiU zx5%czMh3VW2Z$hyW>-x#Aym}S^GjXH)v>N=xpAZIluKVZBI9qG{dRv4lav6lq#;*& zJE5OSoklEO$qBIcmXjfQ;lZ_;sps*hk_p!0mCbP>Q7K(j3Qx&-mLWjRC1eVu8h+zk zgZHp3-edegsM#yW8p;yYBy5|tp7!>c4w~&DSGKS1X}gxuCpY@tcH^hx3qCUN!^4So z?GFP~x3WJzytc*eJMau)MpDwF(lonTEnJuREW26S`p$-zQk+tF9zF6OpItsBhB{*z z?QPYRo+D@ClT1tMUhQXPzZFTzns2`zK69c;0XYg0(_9V(H_;M$4~?EsytW(_KoWp# z@t^?#7qfr*G#4*qBsS`-B}M%=gOG4FRcVtKr&Q)3PRV9QL2RtaK{s<=!FKN7Z=;9l zX->H9b`ZpGFaCGo?JMr35xAw5R&ULgGSc1Y(e68OOQCn2#utg za)wNd_o&;{JHoSw33ThbI|FvL-R)PN;W5NKg{r|22tSQPGc>+a*51m$t+;1T;iL2z zq^+9MCO}T9&0Mpbbq*8n*5=I5xXC)GO0Y8qU!hWnAK)8%KXQT!%Cf|(fs68<&3e|# z^ZAZ@*aDUsvn_?2_M<*w{91**85E)G@70ePN7BSCmMOQGabyl|9@%dJV=my!%^~JS zmRX18${kV#puUvvWjLO|^X0nv0VMXc(1Q8Z$ie@dotLr`j8no=EmIAwyLI|n|IjZ^ zzKRH*%eHNF?-Nglh{%W;-s*IpYp3x#M>B3EZ-SY=g&=9A%^!YYKQ--4?Nz(joabN9 z&n_bS400Dfz{t&$k%?V+QoJZLVDy!YPx0mnEs3o5*AYWn&FeII`v5mBz<&x38|JOx|aQ$U5bqOUiL;=5ol9X+z3G8-vhVV*gk&# z1U?59UF0}`A61SBVG4&ZJa}-I(`iL;3cKJk^a@48$xyK3+BbLW`V@eoy|u8Qw&}&- z&o7ZL5L|a+wsPvFgkAP8^8-z@)NKMC9A2t%obtcO8>`RH=M@&Z0X4?}1)X!x(tz9G|N6yzoOpFvTL73im?9OqLZVg3 z@6NqZ_ZuafRZ`(tXnC0gHwn3t(!~!uRBX)(Z}LaB0gV%|~fZl?QN@Yvb!b6~j$m8;wv(vZV&0mlS7;Zx- zm*TA1E_9!Yej>Wc=K4A%5K2Ib@qEkVN`#-F(U1IsFuS0dScV zKA@LX(bFloizcx~b@r&M1GP|A4;{4vRy|JyT5VV|@xK~ooxJ+*|3@YNZ$h`er&n&p Wd&#xuzHQJ)b^FlcgN%ubHvR|v6RGR~ literal 0 HcmV?d00001 diff --git a/docs/versioned_docs/version-2.19/_media/benchmark_fio_azure_iops.png b/docs/versioned_docs/version-2.19/_media/benchmark_fio_azure_iops.png new file mode 100644 index 0000000000000000000000000000000000000000..1723257a812a773fea286d512d38ed9186a9a46e GIT binary patch literal 29702 zcmd?S2T+yiwk?WnciU>4Gb*SoR8T+^M6v;eg$POx0xAds0+J+ySy2>Oph#ANWKjgk zU<47#Nr@_w1tcr+j!E}E;nsWi)O~NCdrsB0cJH=qSp5GN<{Wd3F{d7f6=mnmVV}ds z#x{>BC!@^9HnW|LZN}gqzvE9HZJx!4e~H@e*R)l!G_tinZheyN&~e){r!8$yo19p8 z_N29qiKWF3ei8m{Ti2bkwLN1aCLmz`FJHiKX>BYZvEtD}e8}uGa#}WQYzvOlKQp4G zqfFS?Y;2e^dsH2Qx*HsW6kD37`bH$jj@^6WWqvQ-JJL7!iSH$4UKuTwyH6rFxELLl zsa~i&&qMB+>RZKYEZ3%y2F;{-J8F6t7oFH@#_QIjJ4ChS-tN5O#02S znZMdj|H0{V=jPLI&dpm`I)i@mc*fr!vh$zzA?xl0?6L}5Gyf|7H-D{|Z+Vg9*YeSy zGub$#@f6P`fBWq>tv#CrxrKx(Ylll8?6czcD(tRH6}I{!QuZZfdvm8)Eo-(LzP%r||3>V|!n@ijrd2aJXQt^pkMyKWt{rYK6Dpj zXe$Yw3bCt6)K5IyT^l3kz2V*M^%u9Fd>8TM&5gK&e*Cr1%yll*@$2VEyeN4+*ijL8 z?8ODAiJ_XIffDI0yu7?GCe}*39bLbEJ+FRF*7*4N*Uz6HNI3RK<0rC9IwkY#WjSza z%y`~>3G4XyvU%OJ7{daV>Bpo8uLguGZs%U+UzCG8vme? zs8`j~kV&tpmY}T`EN-vZZ@^~dkF^>a_*&qzY}G1%>zmB*4I4I8X4skC5zyCb&bwI= zBI#^9)TySMxg$b6Li#4Ox3#U(^VQ98#}Aw{3a(x^n=Ch(1+cWvR?Y4+zqh`0H!}t4cqaB+hhbmQA5dyj6%1bsXID9f-^H{WOStP!) zadhIf$C85n-hjzb3eQe|^kk@n$#{&_=B~Yb`Lb5c=871VO>ugfnws%qg?IT5o^e&kb{=`w zd5c4`wqw`Nfi@AA!sPhRLkG^r*XO2xdu1+Hj_IIS+-5i~qc+INgorbD3Qrsq-%mQ)rb#Af?vvPBDB_t$# zxn$=HpZ;)oYJ8wXvaafpuJ|(kqnfxu@9qhPhd6ce47Hc-Yby@EVH4P1kbB|61>50o zTG?YgneY5}L}g`XryyuK>&@*b4*#>P?MJbAFQYIw>c`P6ha)(8-V9;0Y6Z)jpAYeq zY;h_N1&awccAqF#a8Fc@Q|B|w%pBVx)pw}fA-Bf4yEetNKJCf)#6(L+M+`+Urq9OF zuEgA)E-~(?7?r5bcXzh1Y)kU3kLv0Uy_m%*$GWvfGz{lU`ny#_eZA_F6Z@Iv2tM&G zf}7k5gG6mEj72L)UcbJSCk%n59d~#^{c^UQzUBLVu(6FDe56w^pr3OZA9j2qa4yZoLk9wc0Z4IAfKPl9J8XaJOccQqZpBA#S54ar5l`)`(iaHr04< zR+{Z>-`v~F+4hW|pWmoDUd!s4S>Km88&w`E^l^yT_tdwBx=&iwZfxai40Rigv9h=K zvZ;ITzawzwtog6&T5I&(8yp-R-=rsGW@c)ooq4cI)H=dy*BYzpzVF|+-B`|deIV<~ z0#1wi`uZ=DiSb%b0}vAOYxy&z58mNDDLJ}O_b#8#@~-jToHwrhUklWo5l74{8Zwp{ zkFg3rJTXYfWNT4itWN493fw2(-#fx}z_S!_&91$4{h<&E zErg-Uj*6(N`+F{G`bh6zz1{FySXkI#kw{ZJa*UYu*K2vV*2W=2A}h-4W}dw%tTKr7 zrG}89n_+S(D{BVB1;A)7_M-ukZFV5*KCJqD2peyX*4VAK>+xs#44}8gg89s$$hDkmv2_ zYwJ>#F3wtT*U!%nD-)I4=(MHrnR#QDR+M6JIWmkL9z0mmS-s`mog1k+j0s!~%Hp1a zv6@f9jNac{FCvoqYbw*UEH$+zMnzUD$C5Pj6<90+y&H>Pg~tdLP`H`AN|Cr9NON z$IJrZ3sPp)Tg@60b0-6$C(Ii%s%njXeE;lWAv-8)SQJndB;{JWM#7<#clFNG+YqaF ze0*w*)bU{N<@h5-_oSxAZOkH^-&|kzq}sAJxgdk<6VBeP0d~3VVm}RovxOh$5ALb`qezy2kyGi3U zqU@N$7eY#h@Q~N&qO%lmZw(T1?Yi#r0K?$|smD7swT-M>Jo=5ou-#R;6Ose(cT@-e zD%eo+$EcU|ImLZyz>8NR*!V)SQ!OQDC9da_MhF^}x6HN1!KpHmBQY+Ys7RecDl z_Xw7MI$Nmjcu0tdHHgy|2XOnO+K*RFULfoH1%_71il*+5#-VD*jvb3{DXU|a1J)&k zdf`I-Hg~xkE5o)U4A&s976>DWpb~?*MdOj@Kw9{Lo2;u>W#d~?%xdo18ZVX1DH{n8 zHp@#lzxeyS_|TcZ{1Oz>lcT&B{`jNx<>k38ZEb$h=03`U?dge$iNZV&7>*7Onu(uBKVRjv zMJSi)wLzvF{r+kJcZ2`;Z{c22@-LT*-{^JnS}U#&Fx=nYUk(UlkYI0PqXM|f&BTtE zA-b^=Zek&S`g|zi=$Mjn?-_a8R-0l*+wC;e8EN0>C|e%9XyDdbaj~kx0O7dmN4jx{ zvjxb`M~)oPMtHAHHsNx2cSkv4(pecZGGsaPdGlq!a)`mSpEUYvfm zn-~YKhKwCaGGzYz`ST4gcI)7v)bg#G_kA`g$&co4<4{5H8+yG&Nly8~(}euW2m5Aq zH)iVq*!pZdq>R;G+z>K$r*!DnitcIJ~mk()6+w7#c8np z!MBf3;}BZ3pPlwcrg{LF&$M>?P5DH9mg5d)?ec-S9uZ>tnQ3P}U(j=GSvK*rEp$Pa z*XvtLL&fagjp9sI1xUN+;K~d<&v!j+kmvcttr+V zxnf~?aZ*Px~WumPK%^s_cXX_sd+^L3@vjgO%JgvTaq`yC@696vHgt1NZjf>Py z0OBLzAH8naH@Vi#Y3t1zxP^K>a_{9iJh-*}-@k)pxT<=8_j!gm3afiKLE#4Zw_<={ zYJsMJk(XpoOuSEA=r_<-BAzWhhKJ2++llu+f;DJ9nrhi3h3KkS9-KZ;YV6z7tENq_ zD6FCOtpc6UrO3Jz0czpJ(4IYe3P$A)`fop(j5Rd>n6w|EY9y#YQbOV=^1_p6H@y-Q zEm>~ft9;_(;u>8?bOB!6JF61{sVqaBZy&1BSGwCg!(lM(4NAEa+l}5w8;3X^U=0=u z|7KOJ$ z4)<6fdQ%PY=xBPF=c*m1h__aX$t(DbekeS$!L?w1Ym&7d9GHkc5`HB@+-B}p-HgGI zA@_+PjjpzPiBAu{8~*yALSa#|#N1?2SqxLB|?^ z1~d>p{TQHic(pdZ%y9XcG<5p(``JMNLS{FA9P;1J{lb-Tl8wNbU5KEpe(!LZEN2Y3 z8!M@r)3USXuX!Be=p}HwzU1kPk;Rgt`aptJxJ=A)MC2vH<$CSYE}pUX z$XVuwoK>4A6VQLu*rx*7%YwV#)m4$!|Lf6EY>= z3G827o@}DhB|6w{pPIi3z!=HG&$i8Gy(ov*TNd{X;u#QIJ8|@9SKs`Z`l7pgcjsO@ z+R;Fug#jN?SQcAdS=3Q{>TJcsL(4#kpnlOwG?O<4Sbe5<9HGyUZ)9*#6&Qw_`P8VW z9RIz!-VF$YSLLDS*`9iTMmKP!*U-_v$H!mA&(1qRTuI)|)lm~;BTY37S00|$@tIab z>4JG3)jbh^+PRJnK6z<~oRW-EhEZql0ss+43$9%6^Qs}?Nce&3Yd;!%-b_r6^|A|| zxD+A2*ZFzI@Im8|m2|lS$q9VWxG@5;kyg8C0cXr|4K& zHRnlIK4I<6^ITPxX>Z9a#|kWCXJ@x;@RAyRJ8I9qc<~02)ChO^WL#!eL|08>SN2Hb zjS)3d+z@uu9z)JW0m436d~C||!Cl@C!;KyUV&+BNo8izG#;X<^(U|RQhB`ycrqvU% zDiTjl+#4{1A1b=R?$jn;V66qVS!sF=wxfe433}PueA>y6Lz?mb(d;4?-;&Kwor+#| zZncO-Ji@OTHh?~Br$v1<9#W2A7~qdf$&ukP!P6hMIXXIaVDV#BV^|NBLLY_8dUc|1 z812dIRgF>R)=jtGj}i*my@B;Dt)RnWQ^;eZpk4&`16~{n$g1t&+D7qE*wL@Hb$zdH z_2hm1@+FK%<>BUoceiG^jy=Pbv~KE6$xPbM>DZ8OEMg`%Wk68{v zqcZvk*D3?z6^447q#HH7b+a7GOpGQ)8XfilAN92RHxWhz0_dpH(672QdkIJ9nowZR zuIxsv-I2qGZ?~3&CL-x|A|q22c<0L#t`?_m(q8%?!);=8-&z44+up{8jACL#4hm#P zpyKMn!;67rbHioM{{C_C+C zv+=S1NDk$(t2KyE^9SD97rgI;yvJhh_lVqI>PtXGD0pw!zqmdJX%yA-_F}Vz%a@-m z=~}803^4o35O39JfH!SILV9Bo`1tWQvk6qY%@P(acC4_Xk=UmIfj)dX&m2l(=**X_ z6|+54yE8*NPAzVEo7EDVN!-koY7vY2U5yhG@z<{X(IwGU8ROI5?Kb(-IL>v4aj{U| z%8Eq&T$w5HoUyEuU~%JLX3lIzrE1aOFr~i4Ci|vfE7*>Qc$wMHVosHXwPL|Na^^4K z5)9SF8wr`$CJWBL%GJ12e9iod99L%>-0@u_Pw>FblYEQ=s;a&}2P>3r`uWvJBHN`l z?Zh{^d@`8vc+&y!v(FA^IapBvOKd5UH$h(@@y$BVPSX+neI9!Rc*4dS@u($#Gg#HM znV^df;J|y11UFxvv#cDP008A?wHW37fZ%sQlpy;J)tV)ml!fi5ee4nC8k}&N{Mm+t z$L~5=ChOE+u<4GJtJBXPKcW@2#LT)VRt#^SUiA2H?y9f3htZ~(qd8=8rXD6?=fX1J_WMez3W#zhO=0IrcBMl+ps{i19{xeoqZW&-H_tjU6j6I&6EL<*ps&qHq!qn7M z3d%U2uWM@%?<(W9cAP8;(FKbQ?&2O@ZSd2ZbjBK3<|QWQa5#ZpNJnBSgVhu=DQB!Q zP=0pYA`&hR~RlJr8 z;I1+tHOW%0U}dgfzb@aiZ<9P8ruDr)4sYqTMO^XsIlDoHspHb5oOpBH*F^Ofu-`#B zH?8gL)P}!(q)Hlcltg48DVgi$iJkp+PyP;X7O@kAbbzSM!{7g0c^@=E2Uy55Xe=>M!@2-i3d$!9=e46KJB%n}J27f^ z`O>9!$OF)DE?1`87z-ori!KO0h4)P{-<^mQmNV8PE(x&DQxWY<(C+2SmrEh4VUsrR z+NB9q;s^i>7}qRc3l2Q;IiXhMOsdcrpk@zV_w=;YcJKSLp9ym2YRdaJZ}ww1t22Id zGHI>s#)i!i?}R&6CmLqGaYbd`*^rsq=r(2!8KfYiEf>!*in2-Q%%|N{^2967fF4X-Oox9wmNaHpaovp1*W z&5ac;&CTJ@%!6yXj<{`CLTHpB%~P%Kp_2?lteMR&S>M35E4h1 zLAwD*i3G-kpcZ>HJqgj7wYBZ`X|8tSpYUnF&tKC%xI2eo*IlcI8d`c{(5Ir`GIv5f zQvMDLB&>DIyU0(Uj_IbIc@c99CzuZI$#+YaZBbXidXbPMWZ!c%$_d%D9F(+byr!U| zv-1`RL!i+s5rw&#C=QZpmreZkGR>+vzFPo1@<^kz5}sED3u7+V$8agsl~|mPyPRjU`1I5D^eU9gm=#6tV(q&*m)d zKADAIU(f6kI`R4s6fgUcL8?)MCKwl*)jUerXKlY;jp-Ml}AN}j3!>$c*xX1c)f$Sqv$8%Xef3&bjCz|X)spS zkBTtzEQ50HyTe$~>?62)%K7-oho;7wrk0{$BHWKKTAN`PhxNZ5ZN|;S?N9@)VfXEW zAW^Q9lam2EjBi2Bxx2NE{12b{7Oq?w{r&qHCLKja3?4LAJt2Su4k_2scHr6S-B!DI zpCbhhIe-6w1E_ng)Nkinw_L}@b2Fip`H_hLbVWNL6hP3iq(h7SPS2Qt5bV^G-u6XT z|Ity=t~UCD3MFZxc7(uGr)OlyPXlg%9@DqC*Uy(B8 zf1X{!;V}x8kZ7~VsG`%;(oUfmt9GkRwM+!#w`J>A1wt*j4$;?_ZQ&IXQU%WUvMY2@ zD6k6V$U{XKr4psc%vkc?i$gLN_rwfIhF!`fO)U|~*m~C*+SVlF68?_jwSSgKjs&4} zk4GKG-KotiN9coAI%8V!js>++okADk_SyZj22PdPFHh7?kq6kVzy-7Y*?$uCm>e!M zi$SIaybv^{34&lat9qcyE4;a6X&F*XDh{xgLg>M6n}Ed@nHo5+sdp#v zQOF_zP!ocVIb(A+N=r+V9z*I7NL$;McgsNR9sn^QS1HOYCnSyS&^o^ZOb+Nz+B+4U zC0j%vsVKl}l3F~1noZ1k`1FNtQCxmfU3+^I!L`KT9|FR_p${Q{Y1$#7MX(E-Zsz5E zS8I>UhoEerTk={j4!f}h1sf_T|LJr=TJPfoTE=oBZI~H8f~YQ{kUX_MAI%uJXMqK^ z!(&2yIanSnS_N4%>J8d5Do88I>*ixmsk z&c8}}w3+LB*Zi+vtlNZ66qk;Ged@wx;8l&jP1-DlNO(>jhcM;dB5^F`;IOz{(w=nY z^GnT=LrsPFN=n-(3^wDz`$tAoy#Xf*r-FJ=bALbdq@L4MGr2`Sh|hiRFY&QT5bV$#wXn@kqTC{$#<#_bGgU zDhk(@0v}m$DMtVp@Oj;XeD5#Hz3W<9foz(HSJcUMc6Q#RDUE~$#w%=S46FYLkclp# zX=SuGL(6?lVpjk4MqD(_v1>VjpWPl+W#=5DLgDuC*P=iTl10GR4Ymea%4ZCG=mq6U z4-RrQ4x1jZ?f8ZHoKoLxZ;TRu&wX(DmQZyVA+Yjg*ocJmcMOx_AW>@@n}g3Zj&IW0 zjnkJzMjV)QUS>qDtA+eGgz_>D*=7_}&ouMRf-1YHOD5I4?rc+dxSxQ2H5dn90evaT z4sbOn8yZG{G6^3R)9!P`?2w#16!~Vik}DejMFuO&PKF4Xd<0Lo3C#_58ldt zE#KK?n~LYm7md+Bfv|jp96VE#6GM2pcc0H_rhaHcWP8!&|G|u06%(-i5MmnLX*SZ+ zu%O<8_TDR(xP0z|cVWy)fXKbkY;Q+ZoW>RgLk5VmoRSjp4@lTfQxhXCU0reDb335s zm6BHP-A7Odnx^{1=uj2NeF(h=k&Y^HQHMZgi66Qi?91w2J_3@SEJhC=Ja|$K%fivT zm1e#}DK&aN5Z{5kzuJlq;6+lLM=Y`@N4rMszCr($g%nVM{fR&M=+Ptf=$j!Ql~~}Q z$deJ(tq;x}vEmTK#IxE`z&L!m8A4^#a&r?8DRmdO-c4ef$r8HYGU4vQL02xCd zG)W&AMUv-kaQr>TwxgWrnu_jkc`L#FG-==cU`FfLiN{e~GK8R)=d_G$e&>?kKolcv zjLH_mjS$RXx=6V-gu9QjFI;$^>S)9eVsWH?e40tRHxyd?jAjv>aqVoU6n3Fg_kon- z5b22#$C(Ys)!0}k%BcIp3B18l$U^{_Yj>U5J&#@JHUm)oC~%4@3U|`CnDz&*jDb{# z&=w1!#|c#c>Fe`W?^FQptbxGgpr1c~&KzZ|TNThYEf1+n5T1mM-mfID7~vYVRD>3& z0^UTS0sY5-Zy;O@HYpBim0<;EdOkgEfX-H47ky*Id2}tSVFic`^ekmileM(w{PFRWvDfp z^S$DbljqExtAb#k0(Csf-g(m%989`!K+{wjfNQ=%6cuGl5Q|n$dd`FGW#oFq%`_@{ z?T1j2pqr_Vq+1HZ25eaI1oMG!Je=GlwE@qC4D$X2P>IFS938H+tO}Q1aQVs=UZoI; zYQx{kgWFPP&YVeMaRS$-uV)8OqKdVgAAhjaqUN| zc1VY$P}$WvpGdp|`i2a9fV-z)QXoGe;#w3U<%T!KtLV0~F1(U>Yx`w4?>0a{+a+|Y zg(9EUN|m0?TM5eZNKQ^pj8l2L;aX_%^vh%4e=E-`p6Gu?j{H-|g!u-Z%#H(WJnMl$ zupEG7JPk`Fewkh$Zz&~%_7UP)h;H!!>ryTsy5qusy4UxA_r231ZD*eI?SHjEI^yq5 zUcYPCuE@aen#bT>q+kCfmgWE5*Z60er@c~81QmQf^I9v66hp+X<4}JG88v%~PrmkP>5Ee)fBPl~}na^*r)e z-sssj3j~mBHWT2x2Vrh3EGjw#681*QIPP(0MU)qTH*l=5^0nU-X)Hxy!ip#=>-K9k3j}GC*9qchJXDU9j{!h`a^2Q=cP~mT?I$NL@7=q%5^gSfBlvg8 z?i@TU3>Ks)NK^$*VlpHk&?GUKnxf?2M!C#k$M~LEQcqs*ab1n7tEdO118P3_5G>|ASEI` zgq;RYkztN`YnsrVE$TL&rsveb&9v`73;_DIv(q#o7xEMXwv<=etzW)u5D*YB3uZv1 zIHd2=cR4`B@)4?isxVRU`oW;dCA#21srj)luRVBmp2eepJ@#AU>mNk*phidHZs7S7 zdX66Wr83C;!iH}bQdvkD0wsj6h@~F!@&&aV6A7wt2NRM3#+g(GhXT2c7mnGr)A8|( zbw~NMMm2Z&*4r@VfjcJ_1F}~aY;&v#WXOXoB+mzXF8*!;jmh-G;|JKYhZ=g0Z)$76 z1=*oaJ6RNQKBs#nxP_kd2Aojh ztq4Pci9D;F3N4(e4ChJE-6(MGs65x5XT{wn;RHx`FV zV@m`;_}pA6NNV>H06}5f_QPEt`>`u=kRwqchmx%Vw4n+3Nmh?x+$orYSd4kAw##6- z@n=toP=ehS#{CreVVlp(N0#mcCkZ!jCr z+Vyb|OL}lxq=Donn$Qc$pMdk$w#DZ8x7NZ;z=FAo@ejQbM!7+x(6{;dviKCWJG^Si zc3tXJfxsCNtDl=gW+*rZ^pzy~E)f<0Hp8;-1N-31*uQ^&3_uv5K`s^5l0U!t&>43c z=?RW+`;{VH2retU-TX}YxeQ^Gav3sC0yUFlPDhv6yJ=H)V`F1&rhOu$ULr`hybXop zpEZbU#S1LPs=U8vCK(t2P%6OKs3xB(GZbHOpj4$4c12;kPSxze@`L?DL&VM8fj{9_ zOB?hfWb3(4*b&8oa;1N8&{Hi68%!@nmV`U}y4s}MK)Um3S%V!pc?X38;Zj_skVfZT z$vAV!T+@D0m!H-Xz3x+FDoerd!KbPb8Ob0}f-rC=@w|3Y{5}d=H zcDhfEg%Zp~gUTuJ&sKWV*T&=`_@QOR+z7|fh)nQum13I)bEhVhs5*ju(-zTyx*}Ha zAD!loLAlZoo~FZ?%Gk@`;VFQq!j<$>Hg-8K#A-k#dPJ-qN-tKAf^sP=1jNR{kABl8 z5N0=?4I8kkFcrPl%7^;}FI$Dc&P{$B4IC{B$#|GIbs}Eo617=>iMhoHjxE?%wU4;AlE)Pqle&Ow7Pa6j}XR2yvF_UV`$ApMLQB& zk%NXE9;U}Txdj)`gz+`!}oqlxv6z=p;E&O;bT`o-etU4GqIgtjgyoV1P2@y%y; zRl<=s9Z+_fEB7{LlLKj5cHVhfGpLS?K0If}#>Sck){vHs2k!zi>cap*+~uPr^~6X) z!oDX6MXj`XeVSl(jy*s*!ieS=F}bLrHh|nApBQ*S#l%}aJrac>0L3SZgFc!#f`a)6 z*H8kkAzs$h;5x_Pdl(KSBqi^x-*-i`ZuG|wxzXH@4KRglW!9$KM5$!AizbF$bh2K5 zKk7CtLuR->tO#mN+I{{Pk^qpTHZdVh7zRDPKZOlJQItV+8B%F1f+#5@-!*}}l~EE? zJYTj|^RT4TU@6|rplXX&QpB>f@WSk@A75@bq0Sfr{bT|J0JS~?N7f+0Ym$oxWlX$l z33d)i5$-`PFKm!$0gIc;0WyW*qvAlEJh|mxI`)NDu(xG1P9z-+kX0y5|%O5P|aDNzF2 zDaEoU!}|?Z`Gtuq?&lB$WU23>)X&t}l$%S18x`r`9H@7PwgtlYuOpIR{wTL&TPo)Y zWF6z<6tM_`f#dW<2q*>O7*`1BC2xG-L+4NOOeQUYM2?>8kQxzv2;}8N4S}YEjpGy| z6pFGVXq|!N%}E}^SnZTpkTtGoU?DY|nz*PyGy7E%oFP$>Rk`l&P+atJZ?hXux5XiE6FNnRWur$V zA{TV56WnLXxa(A>6LKcy2lek>4i1h0h_DxyluB;B`sx8Pc`!_S>@ED@v8&O>i2P&v z{+=LMpQq@mN      YLB3@5WM!TKPx>xcJazBBeZnq3&QL=FIXG0|6M>VpPAm_2stSSi zP|&U;oNhlJSTyCB7imr(1FtOyO1+H)r|UxrcF+5p=Ko(O$v;2tDah0C$2#sy@K^vl z!kH5pctQ60%5e0fl((7uIT12k+GeuAHDqU5uZfa&hs{69)iGU3{FB>mKiw^#$EN%) z_2Vn<%TcyFzP~MNGgShnfv ztK$h<;5LL=;7h#)(gu~Od5h4{oTw6mO6|(5qECW3|2xv%MsQAgQOQU@5 z8_sPfOBAU^L^H#9tWE}nShX!gqVx0fNT1<^l^j1R4$+mT_7<`(6+XyzkMB;PE+;CS znt{o5)xvJ?M+&*V`$P(`b~ub?T7@vMJwh#4P*I@*uiKegBeXb@(;yk$jAVD{>&XOv zNuVG4@(I2hUA6S0ayoz4>m3QHjZ~_r?Dkt~thX)i6uzCXJ1PopCep(lEb-*{fKp3w zuntQ#$Hg%lPAx32FEXmnw>E2m0+#PASTuloJE+G5MCb~A7rf&f;#)~|wO-SoGt^zD z0bzsLVRQ=Z-_>$1$%y}*urVCmR{HQ#yCr$Anv-2n$+03(gJSh{6uYPnu1;LN0YttT1muFU@v*yKXSkx4hXzyu64s!> zsT52KDqmtV6btEX=%)eAQGP@ZxZUTMzeR}w`s4TzH%z7ra>W6eQjpY zoOnZ0)VXtPL*G8CK=AZq0P+@^){sU8mjh};voYYXc6fSKaBh70b;ZbH2;nB9x9bcD zl@!Y+JyGkgw;|L~B>{3qr>hSAJIHv@vCRM+L1&U7f?)#SRDEeyfn6|%3?%vf)*>Q& z#QF5m@dFcYJd#=$M4rcYd(q(s$~xtOtL+$$$3w!1Ah$-_!@U?xuwm7yCuZxe?kMIP z;&dJKhChK1JODL*1z^Yag>urlb|$st76WJne!u8bfjsFM8jB4poWry)}`BBEA+ zQ;-}NSbEJupfpI?Erya;$GpGJm;hi?g(?+fvHBWd#7-jIDdnbYh0YG^$q_6Hc|oYH zh5!jxk2=(&x=|IAv5M3+x`npb5#miy8m4r*jQ8c!l2H8zNjw&JW)xSP2tOvtUtfhh zcB7ktqDqJ2_c+uT)cH;3lJB2hP&YgTib!ZMj8S%oKl`yH)B}!UE&)$_6iqW^F+q`x zzAcaMJ!i9kw?Xg6BvxD`-eTwJ5633Lr69S&bRL6CdIUhmb`B;jbPLYRV34Z?E^ZBA z*}->P5?_lQ*juv^hIq2Y5avY)0~K?es6R9^Mx*wS9Q;YC@3GhO=eyx+>_X^MN2|?X zwT@*6u9XVTCIReVX?LmWokX5le|`G^;A$72Wm8Tzv3JxH2D@t+0tZn}OcwfOrsRs- z^jI#eG;%nnw}srWcLjWn4_&Zk*L@}F2~`053aF}J>Uf!?F+q%vMOC+%!FV0Z2{#ET ziuyS&ENVE?#x7Jr-lV1uW;v|XgD>X_wAWeY-eC|4hpM9z0frPSDo$Au*y&ijnBtN- ze?mBf>Q2< zM=7gWOfnkZVG4jx83RiEeW>PdK}P^UlWClITNqi;(_{i74M^F(bKn#r60E$=LHTm+ zwF*G>R1#rh6Kouj4yJv1=&MDTp4=Dw*Rk&d@gtZQa9eEj(PzXx6I^uaDU8p6JE8`~ zIT1l1x5T=m@Ly|l-E&dG7@o|82p0n*P%RjkaPbGfGJgKygjTPx(BKeZv%3hX#LRB7 zl~=~Ls-kBK(UGfqXW0Xlj2)3Vwr&3BPoe#x8a95a@6A3gkRHDeu+D=>Kl_<63S6}8 ztDuA>&>W0O6UdQAaHo3Aew~03s~p^I{28F-M|gcGSS2wD9(UH%@I1sR)M<03?~!!g z+4!t}V$CSFVd(vilFeXIi8iO6Hp7C&O#6-3oPol>jE^kT-<9jvE*$|7j*%5;0zgEJ zLOsO8%iDQ=crK3Vr#|m38vIQABy|Nq0w1uHU^`ZrtzNNW#k@7U4&#DWAq!K_GL=yv zhjQ8?s=ee{vuqbESO5-sOPAfP$m!gO)pZR<;5~fa>Tw-*_j4 zmH;%4c(CQ(r}-;jr$dEP1_A=(L}E~hX*OvRZ%8sM2#P@zjV7puo>*A=k)^Al*|Rwn zjwhyl&bezJTdBgQ`6bwanZ2vA3g@y>v&rCQT02=BWexqXK;lg}i5V+3q&%R11|~bM zMpp>5I@o&+2Z7g*RNT_${e*vBd$I=zl z)zvx8pWMUUVt2g*%6Sd0Z$eXZz{hPytHJ8WBW983yBzPY1}fRi6_-XBKAi;pTs?59 zR=*G4v!79)*e?D4UiVE9620d~=Hb1c>rvjpH=hDhaA#$-#noXY*d!YNg)-4eCAOao8%4q58U%x2#)U}5U{bar zHWe8s1_-6Erx$%!0b+Ks!@W(3IGtM{S(0A>8ZbxMD(E@iLz`?e+j zv-5(ldP^o{LO_{~8Eb*ml5Q=c^(SXT3V#3sW&GKCKIFMq*EyC!^ijc?2tLpUu)+&E z3?8-^^t6n)^hmF_(hY;;kV2$v}m0qyYL zzKfvkZJ!5E2r3B7V0BmZKw%?iH^FAG@71_b7&EdBZGiP1cBefSpPCr>&@7HaELI&jKpmKK2pPE(p6N2YVmw}$5xW)v z;USqZka4Nwlo-e%r<6>65B0P&$Kh*HC9dA4L~=zN-)9(EIMflZ2`M71ix%D6+~9xw z3GORS=ANK7Yw0f;JMklOXm1us{n$-2SMa@2w7+1s%JGj=Q|btz^~WNx8CDTad>Nt8ig#1miJA7nVUiS|wWA%)RgJRI+5{;VXAcLTBu?CXY;-PV;WWae7+ygSTQvd_S9gAn0GjE<6 znt+2EWzkm?x@Ft8!$6?6PFH_4u=>R$x1x&~9y+-Un}cHwVSZ|lj{babYe`K?-{4>+ z`e7>*bVSH`(OLT7BKbUET;J6oI!z*Yt-k7b+vLr8)nnJj&ih(W5%K*)m)n*}#~jvm z!2_T_J?(#$Op&{b!6EePjQf9!`CxdG|8%d!KMWVo`65@dMfg@5kK+_=x%$ex{Ll-o zW1eNW$sGeiSN=_RihYE-=YPSlwEti+{_3hRL>7t+#Fw%~Y&KAk7nvcr?Z2P3Tn(|L$hX_9!!r!ofDlx2pz2`(NHWl8FZH^UH-)qKv<&BtKyI|Np{2*iK|bcylO z?zPC`-iBaxIn8uk+61AHautlDIG^2NTL-#sX7VqYKO~@?^iACUBc=V9vt4h zbk60y4eB^P zjllk^m_}e=6btRUYflE}L#_+1MzG9JAGd&UL>S=IRvY}9@REfKzaKVNl#_Q~sr=W& z9^TBO%L)Ws?Ep0<*s7?Pj^d?a6!~J6hK9xxc6L)w!B(JdYMFd8JOEruV~;Ar_RqzD zCFuOZz@Y{8qq1Jc5KsX&)j-6be0zHj`cFI>d+@4daNbv;T?zJ#7ur(jXut>;SqN;^ zkdsK=Af^KL?ZY79&=!$-)wCD0#kOF^1}OAAlb;uUn;Rdxf=~NvvIUL{nZ}`C`hUuS zUm_Z^)#nGbBnUs3`UfWi4hQ9l52!EDGSntT^M+Vt9tJ|g+(7x?<}AHU=p6DWLjR^Jvb24+A&gqEX%}<5D7r!P>hO#6VJrFJ=%~2HgXlXz;DtTY~LsdZ&xc4?vu_2 z$qQ1bh`9=cOe^1F^o3{@a$thDAwF}lnKYJC7);G}e3Vo4S&bOwH&~H;6D?#p1@I{V z(kB%loy505AK!uL5f92|QxUbI2*{*|Kubm-ZH!>qc!(f1bI_U!05~bu#YFaBj^^oo^I8AAU*?{*&T1Xacj3^ zZMp-q%4@mp@O|&hTWJGxr4Lq{j+)f?_kBL-C+YeCm+UsydyI)NHs@Tp@EF4%zVLf6 z8w8@t#yY@jK&``F3$|_D`hKf^PJOK`v?)(U1!NQm-zx{;zh!3{0ho{2@$*a^m;0By zY0I<#FJ{kv&GY*8?GR@LQK`0qL{mQ&3gbe>S+F|WAXM#uZ(v*A$^mFYtC>b1niYot zkWPY?{s>=eQfOiL?%hf=fLXW0ubsN_;5AQA7=ykFg0XRl&nSCg2SAtyuaVq#6k%RA zxnPKQLh!?2Clt;_IQsA5+hrwp;}~x%pK|s84lK8_qj<+)nZA&WlH3UJ2YxOj_UhrX z8R!d;C?4?Sd1PFQ8;7w==&}~$a|aO+l(R<8(|2-P#6R|1IV0i{y1A<5wi7>%xk@fU z-PbrC>)?b7=G_CdT**XNc6m%A+KxQGN^JhIt9jMn((g3R5riEzH86;T2e7IFra>Go z+m#xlkr*=cXCC73663W93RF}q*`(;pApbH*bp+oN@y4$V$c2HPj39XzVE@hdLd;)4 z@Zv>vPaZ1J>tUc}h!lhn{&N6qPb>yQJQ;2VZtN9YydC{B(^JucYjq$I60-o1?tXuQ z@REZNx{tV-n8c<5Sn7-Du4xz6_V{}7M(iIe0wb>kUO0J)|Kc=fC7i+xstjn}0wGMa zNTQ2F9@p@ueI{xRdLE~-?o>O>j@#9>Yt4K#2Ob5~uZGNAiJ1u0m_Fz(yjX4rc7wQ;(*^%~xNoM`=NGQuTk2N98~5Stf-)FLTQIBe;1+477d4 z?s>Ckdo$3C_Vur-bzR3ls`Y?xhgia!{b^DN<`3e`l|udq>XccKwSU%kupJR@}-Na)us}x6)ua|It%8mSiQ0uM_`b17=bMIKH{3#{xFO z6=oACLyJ&t2g~mjv+tq7e?|E7n~VYEVePJ*@&1D}%IleBlLf;cJbSrGT|4tj&)p9? z^>}p?#v4;hTaVu1skHhy&VOVK-%34J1)Tn#j2+lBGc6=yyeF$~cz7ozEFgRg&V-r# zR23x?`cDOz=aud>6pJ&6ld}>8uNkZ36l`caVN_@ZH&Nik?=@$}#G!z zt;Fx3OkKrPToU$X+0pP#rgPDhbr+0eAjJY)G>PJ7D6I{0G@8t@-R2&;O1%xS>&Nhp z2_CCG1&sg|s(&)4M&9gAzB;cRUPU3+m+`RAZjpmm*CSC+Um8|9w`fC_V}T<4iWK2125hmDQ7thqmS2Tg)wg4+c(u zaH3*WUI-!Je)HbEc@wnD>dS+Y&-nHOEG8`6bc*7Kkh!*jo)kjDxGwz8U3x|~Qu;=? z925(Y5)Bys2iy6uUgy79Vz`M&omx6yxG^6zkm->8eB-#(#?mTVN zfExaiuw)`A4u(#z8ua z*vKTxzH24>l zMisQg6A4Z5;u7CTmMFMiq3~9~{&%8E93!=}n z{#@k0Xlj-N4Jo=CUy$o{S=<0PhcVWJD0bZm4-mVTz`=L0)1I6FU z&Q2JNsA5O!XDRqYE3z=uH!nXwUv4`~0i2UcFkB@8z=MH+L(})(bEV)*-z^%&a@$d| zJ|(HO5XC{QgR^rWYL0t=;{H$^Rx?{cNV&f@zVhRJuy{>cTG~Cl=RNR$f!N6aR59%E z9KaQ6iTNNZ; zUX%=ezv*0=wP^9;6DVShk;G17i1R|@-JEDU^EQMh|1@7FV)1MY4povI@=ZC7>~esG z)-B8UlQ_uKEk+65!@6o00*@Jj z%Ts`}%TsXB*>o6u@oMmDKA4*nb&lSVDqCoirdeGb1C>!=Yx7DS{sAN8@IbGL+=0gS3=xhr7LX|#U4w6z2Wb#|}t zyCnT`ai57Fk z{0xPj_Jf;lO2JfeVS*NqkdRQd*rI8tM_$ULq$J{t*GwL91C(^?UhI)CjecJ zpp%ljtS#mvHFNiWWzxh3WJ(QOdLmSrI3qMSo?;KpLPe*+iG-*U6&e6oSXg)vo(POf zz75sS?Z@X?^VW)~qR^^_VW)jS)d)LD;|l@X9!$Z2{w`EHmxd5w*PzOxNpV-vu;`4n zCRYSEz8JD^QooqrlszisI}<=dV=o#R=j?4#Eij^3^Nuf;rlF=p(qYB$mTUgqE+9m{z%=qqw`HL}I{` z5rYl`qWy(1Xcx8%DLhST8dp);*w9vcXeO>Qd@sVS6Lmg?k4ZckI>w1Bqm1CA2G<~X zC5>upgiSK>0=YlJW74by>Zw3=v;l2p=A`XI{>^i0P*xap>}+mnX%U*!2?sZr8;~BS z@KJ+~yiZ9}OnRBlNYBiS1CXL|E_g_m(OA$T+lW2B$1Q~&(Co44;TE!?QF^dFszJ1(QIfH6l#&aZ+BQ*ImG{QrILlJ_Njd#d z86cJ#_!$k3uh(ZFm{zoz$bc_lH281!MU;OqMQ+HC~#)|il4YN$h#IOb2hkg=nNs9p*BV({H8a$(hupB5R zm%-&sM(pVpd!p+Ojql5i;(#-y3?-g0h^n7sV>%~s^63!K^euEXV1wV|s{Ol8_Xu(Q zQrdVZGqjDAAWR$wb+m}5!aCADCczWYG6htK*++xGM;1kq24<~s*i|gL`gbo_rhRWUa4p2XNlm-iWDO?{72p=5-ss#IKVgywXd;~oHwVl19 zErv!kQ-{%^d)r=UpT#5*l6}!e|lz88bP%)r~ws3gR^DwC=tm}IEl zz}*st>KTcXa?9HgH@WYW((ip_oneG`^0VtnWp6tT!{#?23 zxdhtA@;;wIVc5FT;D?UVTm)^SUw-)|z6rUd1xx)9({VP!Q1}pcx)qZB z^lA=2f&v)Un_#j!pz5qbeuS3fiSms(5Ze8#Z3GX71Pjr$0Gy*6@M>&_-$4Wc9fr8i z>))&>#iTh%imgQG;u(a%l|97KF@h-kq>~C+!@i34fzUqf-|j zfk6y0|gpQirGQPqCSs~u(8$I9HhU1=UfB{ zrsT>ZNt&_&kSdr3wb38VUNr6-Q}#c`xFPIe@}E%G2ndQ(I7K8WAd-cX-w3u5b!h$6 zI0@>FIH%YH6z|@y7qjGxrvAEtV>Pw6s%4H`4off zPaWcff*)D2v27yhOW7Z{GY$<(WWC4!V0aP~4*Vz@-%o!*1v2^LPG|gO3GBKSrT57< z5Rdjr1?bgeaYEqR0}HthShi=KG~#Rj^`%FEVuAZO-*nKdO9w{2<4Ui6t7otczvAnG zF0}z%dnqwpXcXTPBnv1ULfuJ7$HO6G#5E92w^sbD9LsKXCMYkJY``ef=jUc1eY%$i z?cVSevl~q+M{s*cj)qad7yc>I!{I8uIq>W!az-3lH|4x%6H-uHF zu>%Qa>8e#7s%>OR!>OjfJp-IMjRe6Af809qDPr{_#J%PS!P$>nLqUtdL=g1FAwlOG zHxt?g>Cogk1oEbFNiY{A-J+3guw%M{BqV?5oaI{`O7M3{F*q>s^qi_8_L~)fjFO+8 z1I#`OLSjiuB6gSuK#UcEv0qyBTTB5-LA%>gPIq-02J%(97!T*x8@-h8-ZKBEg0 zd2)(gNKJ7QArc=LPtMCzpmLFdL=^1?_Ik7ai2TW4kgwm*`JT`Fob!IakNf7svh+eU zNVn(^B1uPo^`_IPdydiP5QjuzidJM^nnR((bw%&)zy++%G;B}#=YD$2hK_N$gM};3 zED?lmEVkp43-vA0DmLW+ARn-eU#G*vFa~0S!6~^5NCO)XDUq$sd3n*2}eeYEGsmO(+}!* zF+BIPNfLOEByV#!yf+?Aaob5O%vY@%>imWC4zgxgES6Jd9PczPc$kEh5ntoRYT#rM zDa)-Eq8i;GmbyeV6Xg3i;b~Rs)b;;qZ-mqRW=je49eZ3EC+U(MFyC{SF37-u$})k$ z6-AtST2Ngs#~rG%i|D#<=k2-{x`$1sH|V#XI35VptS0-!*3$$3o|xS6 zS&nbTC)Imu^1f47Q*JR&@X~K@G81k=R*X2)YWwi2zp5rz6Hme9XD`?5eo~fSz4}}C zA3T_)#(zcm(418k-(f3Nip*t&F+lL<$d}yQRss^@RHgY=e3O=TIe(A!yOpJEotjhRRtsHDBAm&ww>M^v=EUN^TaT=-Er23gP?)L%8@!)4g8a z?Q}+Ksa71_a+GpML=+O!3#T9%O>eOyOD*pjpjoc6NA^IBQgaB}u3bx`PTrzPJq`pJ z3N;68c{ADeIWWn31iEgd6DOH4US-U|r_}F>(avWL9?xZ!8x1=$xt0U1TDdbLwc<;5 zxgc<^kJ}5%XIqy~*R^%OL5dYKtI(bugETelKMod@)F|LrEv;u&Jz7H$3L~VbfTS8( z7To%}`=Q4PR~G#$+$k)T7-=4`^bzuziSBowUQaONM$F{nYFv$C|ld`(trSM7b@L1^4do>5;%*82C>{4QSVmOCergDsf zcXck-J7pPA0wa&D>3gR3^~5&v6((Iz7GsZL%HODoV~V!U?Hif`>oFG!X90;osGjVQ z3l@u3YC`|i-rU2@6IvFWz6Oq>J*Drt74RQ08ORu^AaY%b{N$|l%ko3_iT1?f_d{O`FiHAY$e0B^*iAY>;l8{ z6N~VrSq$Am8n@g>?}GHiHe{;n-Ssq~ayt^%M=vxM6SyH(*)g3i8}ZDTV@!oyHxC(7 z%VRLHNDaG7b2glgl&(BtMfqDMJ7Se%+dS>s&WA~I`VBwx#cC!yA=u$**9P3I*|?sm zVj@_o)_M)d>0QKQqJ9^XSYXD6>zxf9vp7yk7>R$87WCjUf{}NNjmvVhxpX5{5RB)1 zva7fbvgU#WnGd>i5G0G%+6k#B^Z^zca63Z7< zp`laHqYqyEeYVeLRI=hniGnC6A9$5An7n;=eM-mk>T=LELV!M5A{vb#Dc|6lwx`eY zr<4$ljbr$L?s`Ada7jVM^^7tMKuPry^C&6i8Y6CC6B&YVHf(SabynuEubj5VY>hp|`NNk)vX(s&Bx z179k<39$qmY(g4r>N;vPtc}(N8^d-ReJF1P31Uf*rotJCVAuKZE3Zo<4O2X|1du-` jj9wYTjo|-v>;7>{_G;tOAmfVDdghS8&;`fmf4t>iK&%pw literal 0 HcmV?d00001 diff --git a/docs/versioned_docs/version-2.19/_media/benchmark_fio_gcp_bw.png b/docs/versioned_docs/version-2.19/_media/benchmark_fio_gcp_bw.png new file mode 100644 index 0000000000000000000000000000000000000000..4f0ecc94bb43d5f9534300605a74aca374da4c3c GIT binary patch literal 30401 zcmd?S2UL}3w=IksV>F0K?22H)1_&xm5X7z<6qG7R5$PT29gPueh$2O#sdP|KddEl< z5s(hjRqCcHRr;L^^ZloeasNBcIrp3~u45Po!rt%uyw9`NTyxH~xN%12#L^|}mawp} zEM=TLD#yaIpo@iN-tbR9;w$kx7VW|ZQR`#ptmV!1tnIWcby-epSzDNxTbmeO+-R$7 zX=P|`Ccr1cx0`pPfwi@Tl^8$2>Hqf)eCC$={Nk(Qf5D3^wm7L`#lo^oi~i1wmW(oF zVX@_796h99AJo_6V1K&y^X%7B#@!ot@BVUVv!W4)s+#tb$e&`9h168#&p&(Y-te2^ z%IYV}Ri#!gFyZ%s{w_ZcY$0)`9(NEla3VeE7ICJar*gLs?Kbq>87t$$yx+bKi zS*5e8^Jz+L>RNZLpKui{EN$HWjq!7zv21*_fIhjf_y_B`FYsQz%toJFUieGdJo@B0 z%X~5V$g=9-!A11(<@}$pI{0&rW!{FlPk#Q#i_H5^dy)Rf0RsB(^pXnol6D?Aa3C$t zs#Kz@bD8liFE5dX&f)+8t1Pj!73}Q1fhCb(mE>-LV0$jg^ms^itqYrnZ&{%l;ev>wKcQt&pM6uS7UvupKBc% z8EBDg@R}E1m+g?m;n4Q$2($78kJ8h!7up5ZBi)Kyw{7dL)pV;a;BxCt8T_of-4+RkOPPJam-TMag8)eG$t&opwx zDl?m=a!;N*Rn?s1v~t6SXNkH+-4i1{>qITXo84xodvkdMK1&2jXt<0h(&9}|jL6^H zd@ONpNvhu7+p@Up<@6gCmPY@>M~*CI96xiW%+%cJ%f~}Uyf+oD*>mxa{6Re9HF(y- zTx)Z4bKkrV-XGlG`R!}#oBU;xCMWk!O-uQj}}kwso$quI^l6auHH#DQ-MB z@7xhin8xDZ(2NCDzn2sht=l0VdAqL0uCKn`ItR~o-LJp?s@LT9?b9L;oA*JY+CDqZ zzPhWkf?uQYLz;PLrAzPum-?UB*zn$0u3ULj9jDyqho7w$m(hD4B4Ml$edf=*I_X(i z>v5-ct4b%{Pgk}iF(ucBg@w%>)D(7mxbYuf6Pai^H1b z^3?|q*7V__d(-k`ufJwGzP`Cq{?w`4Cc=R-!D7B!B!mzIjG8i2!q*?^=U314=_`17 zwI^?OI$^Z0VLM};h*=O$WSezPw!=_&rL3f4bGF0QrmhXSby1H2SpCCSE-&a;JP`G$PXA z=%~`n)Hv>DD{Wu~gTdC*B7WYg-jt>No$vjutSo0|=M@|r@hQf&da7y5x6ACl}T8u9wQEe=vE!#}s}-J}+v8wwZ&2j7 zD=m9fh3CgW+dHKaV`_I~gM^$$O&H#xp`n@9OmAi;4x$21>&g`?+J*-Nu;vW9DcooX zGdIL}kdcv*!Km2fk)gj$P_Sxh+)HvMy>(hA?P<3DvJGP4wHi*RvBhcS+S}VBEZg73 zn78Dveg7p?_=*PZkIS$wQP-&a$+ep+c5W6C5uvNUckf<+jD|z|yOo|B_ABA1{i33x zu((yxXTwV41Oqlf}Zr(&+kRhE*r4va<3K@A3rAJl;O@sc&C9 zX7;Yz+NGxvqN?M~$fFIHsI^e&J76uk~xz7??C=R+|M5AIWZUoiyEI-kdFyHZn3I#Kykw zu2yiU>x5x`Q&ST&)nTYZNa^W0E$89#6YeE?R+%!n&f~XnqoNWC$W!YbaPeQVvAP$h zu;thqBBmwcl%5$iPuv|<&9Z%#Ki(q#*Yqv^+}%A5iMrCQ^(n?OJ^t$0_j>mB_G`Rv zyUk9v*rg#vhiQkIU*EQy>FfHwR0+w}|T$HXf=Q}s)Y zQB8>*A40N8OgWG@JsNmXTYD>G!+u+zxVX3`3dzyBMSk_Erh&*3LRznW*dT6y=Iht5 z6Q6JK)1e98cj>U~f$?x4gx=vboX%ga$jQqKxlCAZIN*HFV;N_S&rbO^?DVQCg{AEK z${s753^eCZphH-V^WG}Wy=~iZ54H^zkB@i^VdN)&hwbk zu~Png>T>u}@aS*S6`%4wMt}(7FRfq<%lM6K9UdupBq z0)TB}beD&D;FCzi^fy{rEna1zGUokh=kKHj<69TqnK64?Iz(}=Til@_Ze44dUC~F z`15zYy0*gm!5qe2Wsh%OzfQo;2iOGL?7_g-1&i1W8q+VS#0p$Cx!cf!I->uS%*Z3R zp%RgfM1)%%L$@s3zP)K{C0(8UdhXe>9lN<=k4(@$Ep~DHGUw^3q0%?$ms(lf+}x5n z-_>!Q(=NCpAkkSAGFe*BKGLXj$z$4 zq)xZY&ggU46+hUc=P<$1_UO^Zs2t~#KoOC#;D-+%Y6SK&KIHAaJ$rTE`DE4CHfC6rxI8=e;&c3{Z#Bm-&Pvh-slC8qV_9NmN;(Bj z!q1dH)YjG-miA7K50zMDIt)uq7zL$kuaMUK~ z+}w;W;U8pLdhi35^#ZPOE>Vn@tNkWFFr=hziZ0f|E(z*iaBwti(FT@&E9L-yahGrT zbkO@CNw?;yx}qW;>4vt_(3Yuj+?2`zrH9D2=dsd?IAA5U0HLvmuKvixW^n9|i5doy ziLvJv3Gf7`ZgdLJg6(=Ta9H5|YK zb(8|<*pAI_$#yIJn%j=|+bJxpr0F^yA-YM`k#?<{OrTmxfS66UPC9Q+@P4~ko1Pje z85yNBXYL}gY~th$`=o;#=&pbZNR+Lo#rea&YbZJqM z^hkI0eVy45-iHeMsg$Paa0Iddk73NVzJ$;b^n=H})&5r=`s(^9-p zz=#I>@W_UU+iJ2m-RNsbi^B$4%U8;@ zraK(s+cs?LffI!?tvowt+i5*h-Z1{d74>5!%U?&FR`?KocFW3Ls#VO?_qn@IE(cx( z>aAO7oxeL-r|>t1NG?}hhE)`jVv7COi_@Kwv-h}Ma4w}7jI#h1!#H93>2CTqBZGq# z$XWLyO#6=?uiX-6ym(`0*;O`{v5d{fZax@Wtv8$*>?Hs5iX9hbf~wtoB4$rmAJ-BT zz+T+Tn%{4OJhWk-#X;ojvw#bfKCyk?@!gIXsAhh6q3yoqrwYgVy$@Zo5lYjZYEQIs zh*`gl?_cZC_1I&@s#THegp3+3XH`Va9N!}Sr4my5UwWXZ1aOf@C5J(bxo(d1h9 z@zW=*nV@o)%DUIp)ru%wDg{c#!_0HXkGHst1vh;aXzf*{S4AXAQ}o#HQW}|NQn%Np z_rqD-o~4bAZ(3TKN@%ae(4}RZ2Y49)?;nH&Bu|zB4(qs%hBwV>M4npf%de?n+K}q2 z4qRNn|D)nb$4s_-xD#{@a0oi1#Cv;q6~zTV%w*>>)i8$8^o;d`dl)ZT)Cd&B~Y4MUJ8U zESJ?3k^GYiw#5k~MsbRT_;S=VRA*S}4+WGP<}eOex8ghY8y0b$uUg)LExI_94blZj_w{N`gI9kneux!z?;*h1uLyjewWRZX zysy@phoV*;8wM%^ZZ{`Ycsj6EymCMwPj()+Bq&%|Sg7Y>dANRZR3`7>i#n4Ii8jOh zMsv0hx*&oV@2z6SWZ@kU9= z#hkpiS;h6Qsy+)VD*=z3$bo0FZh3>i_Zwc_PExi#=~ncz#7iwRG+5lBBIu+!5F_{> zKM)U!+4f)A1HSe4rL`!fnKi9gzI+SHmS8a(DO7un66(Rp;XBZ_ax-KtF2W=5hPN}kSun=F3SXGC*{ZMa6Z)2&_=?t?WB9! zPb}Z`H-off&jvf?ZPvJG9Luhg*$-S%-29G1!coV;eyDGsU4M|ntUZuf$zTD8Q*qE` zAn9$DE;{;MaloDqApzIo@UY`f1?+VMmy^`@L6rIO$^yMLZ==)r_iw)?6&RF&_ z2pj8-k&h~_D-vOgsyADhb%cBICP2I*UI?Wugvl$f;VLdWEIhHmlk;Te+K<)A4 z#~r1pBD7Qc_6vBf7ZJ{{1Y8*b}?@eO~GKfC?ukr$DjZaK>JvsvSd}y(Zd7g7>YphYzc!=hl7v^Qu6T2X4x! zI(91q+}%Si(c(mo6)VEKtK)hAo+dtCUB=baJl*MC6?uBS)eo<5if#Jpg*ysI{%F6u%*;|-zTylZXlN*G&x!dkmsv!nF=ZKtV*A^O*4tjTW4&p%h<%odL%4b3i8uV^4eIxhsxMw2^|>yq?)9(!)X<#3r9?*tL; zC#w3F%E!Tx5u%NK5xelDG-E+PfTVpyi?LlcqzVO$pzgaB)d&-RjP@Wyg-L)HDhEFON1A-qpEHb@7Pp zK(i^)mTI+iMWv;s*F8OR;;i1jiv#y?9LJz?dJ0wIabVKDO*5djh2`Yrf;6snb#b8L`}apR5cjH9YLwV2;ne$KPb(htJBuuWeBUb+JZRg7 zNcF(t17my7clOpL9S6NCAa09|Xg)qO4kDqqyStb_Z|Y+F{kq9dN}WT4Mg02bYOzt) zw-@<~aIFQqX!AiBN$<<>a5Bn|K;e$TU$-1@Obpi5-M~^uwCzE6Zl$Nur~tZg(3Js@ zSN!tJBRsys(o$L4%UJ`tabVX4q)UTx)dAJzFI;%EdGlsLpf}T&T#5V>JQ7o1^6LQ~ zx1k{Uap}6Z2>t+MiU$u~24N5dQpyl)RNah0EZ)C+ti`PsK>^&{LI($jn1fg5$7;8(XXllVxU-gn z>4*oV^H?lW;F4rxRn0*!w&|N zqkWWDxD}!|Lf&w2a-y>Cp@dT^y|urFV_|mtrv3ObDNv38(~23Ex}aF%Pzr&ZtOmuV zSrQ;{0*^YNzx71{hk#qIgT2$k;epA9oLTXl!u#8MkV=&d45F8;*s)PoR+i)=RE0HI z#^Epd%kS zpFdM*;_Ymi_1m`-VV;|!zF+gQ+cS=P(&8*y9-+XeKmP^d=fAk3|5h3H-@B5r6r9YR zyu7Ct{=7!uGXdzHQSBhHlFtw zaX2_QD2LLKv_T#rA)%;c!CUd(s_7P5X39sFZ#z|n6xjEUUT@`2xuZR`38leOx|?}< zi>KZ|i7rHahav@t#24zJe?v7%=U*YPTMXAnKME3=RVDR~`8|x%pvnNLTC@aU<_SHLnhixP568`KLHy%`sRUnnRuO<&=5NLuhTu%(+{x-JB zTeoiA$6rccP&|aGY6TNt56$yV@GY+P!k7)SsPT!R9qvskHA4RFC^FY<_N{BM zy@;(HB)%B(Hk3DQ?@fFE_H7@ok|0re;lL8D zxAwLgQN0}y0kMyaP@&tlXW0!X9X(W}dKnH0n-E(MM!#XPg=^{v%?j-M;-ot&h- z`Jk%`telY)t+_gb4HpNDDpN2rIX-R(YHM(KSg;6KP7p;1qy}9hs;v~97}D$jnyQe6 zh3vmvpkquD0oSn;CjwjIxwdbQI~#VqKF=)=v`5s-mj{6=rB6Q;Ebk}@9O(-4(qpaz zv#Oz`r6uM#9F48JMN(3d$P9X<0NC_Is8R!jPm4PNg;StW-&QlKS8t6w>G&&ol!|#L zQSB-uXh?uAVU~!r5bH*W1Ud&n2|)7FiWG0NY%Q=z;Up#FfXe}+tm0FPhIrfYcAOSE zJY2&d4L+Yz(;o8dit3ardU4rx>f0qGUY`7R{Isy! z0gI29o1xj^lt`iGBVCD$%7bnYB?rEJTmTv8m71iGkRsGZxfrWV~g)14M*tKML0Tn{kLwC)yxJ;WKZXDA;|NN8f z$eYTd8$H${d}`^BAQ>@4ejmTL<%A$8&OV4Ttp#2pwLN(LQ16A!n|Xnq7$V1aR{?Bj zI)A+e)w!Klorm#I%qAA{JlReT>@tvg#zTu1({wG zVw-}RS`d`0z)z!md;!b$mNFafX&-4!07qJTBqV@1x1Bq8t`jzS(6rdDyNUt%pd4~O zdn)7SVDDkXnUk4cvoi$|iD^HkpioINK{ZIqwX=(hz_U{9!gic5Xzx3~wL;<&bDPPI zRZfTxb(;~D?&M;?CQ+Z`l(u%?eQ$3cAD?iP3w6~(ah9LOAT9@)gqXvnLXHJP7n#rl z&tL*t_`?s;pdn(_vr;?W2ghA%ePal^r9%wCy#kRr9@MK<3yJ0+%8Gjes*O|dSiy6} zO8fKa1t9d2x4}@I!s1jCTo|gKK79gS%kzWQ*-?(YY5ei!6_ER9t}R*FyVr{gmDhtb zRwoAsCgK6xq|Ewy*P$F{-L8W9jv!Tb`*v6(N^YN#HIGQ{=cNVgS8YbZA>}wQp;W?jbauzqE@aW(? zTsAkdNkf`BB)+s1&Yk-4@{U6tB}w~Ro)&ZD;l>~!6bH#Z0_#HYAw#_HXK#p+HJ=b0v98MbNDrg!%XT)&(M*sE)%qD;GD_7sVEcpvMTDTimMzSuK(n!2JTY?_4NG0Gns-~I*jAwaxoQUjMv~b~0aq-3} zm);LA5ap||ABziq3tzeu-{z^|$lU7T67H#&9&BtA$A6A)ReT?6O>z~HaIs$4gnS)M zgV(SBlofP85{QXBNT`J)4_{lt$h>#s0H~Of5Qzr%l_qQ4J4!?OaojxKSM>U6&&zS0 zo_HwfmP=MC5Qh!B_SCj@{CqM$qi zP1WNgi^w{H6NU79|F{>&Gt}GesZUijk`2xV zgXl~h^KYtU>fxlxY#%9#Mc(NKej!UnRj!K@kc8EB7f^u$IUy=JN(d>WpyRfC-Ny%- zvc~T8EX6{6oT*MT*95fe23=bQ#Fb*xql8#9LW(ayXOs$;xVRb#cjs%K9Qzqz@g&t} zU`Z4q!(ywQ0(+4I7USb?Z;`C_55J7zGPohF0P?XFz47AY&);3FQ3I?~`16WInrod<7lE5|=Y#t7`e79|7=7r=c=u0%PSXMc5HwM#V|@Fg0^lr{`$>~IDe zzrDN35sXWcf)^M$WBd?#ARI?~W7^tuP6vxAR(KX%i%?EAQF*44bez-m+hc(62xQiM zz5H1T@-kgu9OshdIw2_{nUHy)W-ce7g1ky76HNRevIqd0#Hu7kBL4Zd8;>+vl`;W! zl)X44h!I=($&Vl5{-K^NnZ`gBPlVJ5T!ft14N1(0v>&9}SOP~Mh zjni4xer{PN7n1a0kUc4cc;3D}xpae=0md7Z>$Pr;-)fYthYUBP7xAzCguzy?h?PO@X?Mi&&wVlyp@?{fPpPISAAT5F-c0 z^$ftPWo*6oPhHeW$*xWr3R{Rt#Np3e;u zj#Xwk-@e%+594J;d$my*5pTIp(BM&#Kfkm$>|iD4SAueW`|Y>>*k)8$wv$#+s`K*l zC?|ltX{yepBmPl_l|!8HT0Jc0KeDcQbiif809(M)&W^Zy_8Ltr2JkvnZXUYu)m8nm zcsa57rj6-eH54=*`U}r~tb$xZnf}@ze;5GFLY1yX^&teKCaG5SiMqGIuIz0BEZIMd zN}Gp^>nPbVprm9JH#MotN1nQrsSbEHkU4Yh=hZcfIGr~#-#qsMh0+bD;u%!pDHfj& zrwn%AFm0M%3jtZ-o#x4_3yL(T_eNtn9IcQSp-7Dw5T_W%pBnN zwMN+n>qm2v)y7Ai-tgQKj*o>qFn4waaN8lED8y~Xfv8qMW}q%t_sM;*wSoI>`}FBC zNS;DCl*}AZQX+Gv1&J+ehYd(;mQpBn97IR&nCr8+?DVFfpn&~skOs<7HV$zrL$e0q z*zbl`h;&d1#JM4LXms@bi%h*gHuY!dAi~30{SY6tSHIsH1MY%iut1-LEQlT~l=Wz@ z3OVn9n%*08fMuij&S@44|kj{COG@!-E-2#OC2oCv%XI7BJVEiLvl5b#OAht#V zxDHYFR=hcBI$&J*H8nMrk# z8IF34FaT0m$uoIs?zwO_Z))%sbkk^9SnG8YuzjOZG~gVZ=~sNec)lYat8DgNg2RdCrxAG5l_=kFX5VdDs0vmjch4Vsnyn58fquDHVDfI6L$X~YdDJe2b0iF zPuyWIhfO~PdKb8lX0-&j*%>fCbYiBar?)b|W}JneWEh2e7nG(NP?hbUKR*Gx8jYgf zJN%z2alM0~|5P(u*}I^U1L$+C?Ia%ZW9XIx2Q*NcD8Pb34J%2`AlXziEF(UD{_F!2 zgxb@`TW~`er~>C0GhxszfL7JB)iWJy3-%bL#wFvFSnc!mS6P}oOB zeYS7k-mr9~9il*JsHS_T#l)~-)Fda0Q_=Y!q3=?k2(eIzYyxF4;>s;tvZ4&KCNG1E zQ&3kKUdVImI9w4@z7;o?Z!aE9cIwNrW?uBmNKcPOU5w3L^n9)>iGv*$5+!V1a>hcu zv3ipBFALpbXYZLj;Bu=6Ej=2W9(Dc(@B)pY&X>@YBUq2E48n*?2^xLY4ayo0$Doxs zg62UxPz2z$sCsEjON-XF!wg5*po8Nj!IjtyG&fC2Kq&MpU8#xcEqwjb92|0zfF{NU z%=ubCL2)sG^Q&PY?s@JqFSo89v+Q@T@QzKO@d~^Z(F54?DD#P{dtkNArL5eWes4@hpts75&MkxnjsvZ zfS55@omgDGN^?In_q!!}_d#;yP7O+9T~34IuR&yI?^n)KN4dC!l{LGy4-#42GRdhk z@QusibEpamu?jn3H@o|`x9E3TKhUzOxy~8y{B{}pt=^@o0F&V!w`FL_!Nz5GAN^-l zWawj*NH;w_tI1V}&})S5A7V52k3*H{5cL1U!^0T7bz1eG0n6=+Rr#28Nz^{D0<928 zA!59C!Wn^FS!YzU?JuFuJ`Xiq0bGO+jIY`wB}-5TFGUI@KOlj222peh&s2rx^2WX_ ztuKrFKgsOc%?({zKoNPd0ch~N0Jo&r~+3gqy0voucF3#T~M&U zG0c@&u@$-bZA**hoHO3s9FKL$D&A;PBOt1v{CtcUGYrWEOotlrlvrY-^`ns;;0>)o z7l}>V+h14mo-6A;mWO0TRU#5_&O~<{9(WawR2=pK!HVqjMv+Cn+joH?30RgYARFSmp|ip(8jM~r z7b>FbTo2&hSS%9CuHIR+Y7Q;G%sIBqu_OKeIbHDsYyNJitOw0VnL_Ig1Vqa$?r)2L z%W$e6du}Qy`>T^WWT}iYxdB=>MlHxh$TcK5t`M@fTUp!wuChB{}|C5f|n; zEuZbUi;LuA@`ux(|5xPWbpEHRDN?8;xX(R*M18I#CkPAIm<1yck_I~X_3K%%AJn%> zju$OW5GdUh5x0Pm+99Pv4eUXHsfLgP)9=2Gk6Pw^Z~YC(v+JorRkdr3`v+RkS&Lh% z`IVpw!;2jSRigV@S~EGG2yE`s%vJMF)-GU!EF?=In_5{(41@iW`Yy;()VI^6QbeAoM$$58w`%t73NJNu(8Ut|IZ3%3P zQ91R03)AouZDkOznJ)&vVGRgo1=9Ygd4~A45H#Ll$I23C2#~V^vOG3G9LjM~yS)K# zM>&R(cDdo(?kk9h5Q-I4hIaw^NV5izWK_T=0Zf(*3X(lb z#%?o2aY$G=VS&Bxl%Jk^j9VoqF9bWmqOrb)C|Eb@7TV&6Q9lu3jc(H#c)7MR5D(Bb zncJRn&x|#O6F!Rh3l`96C(;p(jD6~%oV4hZMKEI)_xfr;q(^hoV;tW&z}!rfGR@9I zr>z{Qom3d&Uw2An4;nSeeNo@H?&1;}lwE)gar| zBBoTO7%St7>UOOM4^3hb5%Lfy)(Pm{24L3XlSCy0eS8OlTO&Ii)Br#B3qz!%{M|0$ z{N1;E8y|x)fY+zBOuD}qr&R%@eTqT(;eTk`OzPSev+I9~lMUMZ^YLS|3AK}G;{pBR z!(|A|Gl{>EGQqK{HJ#5^cuxKd@!43!(-q7YiP~h7WRJa&R7V$@jpd^L-K`Y`Jfc5#8`WhvY+?fD;i70-zQZ9Ai_>u$-HMfvR|Fl04M=gQ@Dwd1 zhXyW=v;%K59iMHd9~!_$F9wgn@4x@vUpF3Jh?s+Ze=)V7+smZ zKw^mtgQ_&w_=$Ky6aX42HZ$Ke8iJnKeL_`QWZUhY$|x^1vH8!#&5V8tSm+ZA5^`2B02-(6n2GY92hU9h=cQUTJ5 z2GN-asy=A`NKfB)4Dz-&sW>3V5cw4|Ek6AY8*|_8Y;|u)_LjE<-hY5kVJGv=>R*^W z;_%s0p^sIz%QmM)sCYUyVU7}G&m@5pb*!r%4q@W4yx`-%Si-th5W%9Krm-)L$Fj{FL6 zMhMY72x?@>b7$KS3!bFYuVFRsxi9hC7b41eAaN=_Il7p@7YhC7=r-=n4bE6z=MY?h zsU0+=MQ^76)2Dle8$jnJz(3c6q+CYxHX!v{VU!^T6x)ZDDb0gc++G^ zZY~quR*hfh_~~=X_($+8(V$bP?(g8LWFicAAqiszeb*)~%`XFpQG|dB@{r+8J{K&y z5e!eU@=(sm&&J(J+3@7^E5zH^|CnX}y3=^xU!fPyS)I=c4ZAPxE`h ztl~UnJkt*S-%0A+TwJY_n-P0xvOa47weaOKnZA(@{WeJjGuuQlAJ#vSk zV|4=NZADCdz?LXdtI2k-Lg_C95bTF7o8vgrA8RJUgV>6u%W6c6^9M3XTz@Hf0`wvE zd{fH~bZ(n9?r3WhqMrpxqJ$r;LK~HOy2T-)ng~&XsSOOiM)LB3$zB2Q>8iw&qs4}V z%;~Yb*=khL)H2by?{zQd=VlbX5#iwwo8M{GfdJKA;|>_Hkvb-WF$QNC5W0TpGzNq3!8|eG4U45tDz;H;;v` z)vv{!31jNbUVXJwNsc2%E(qXu&b)Ky#ZUMqH8pfM=Vav@g9N4$0dGcY?a3jbO5OZ8 zFyX*@WVGzaB~ApdHs?~s&Zy3Fb0a?#WN}9P`_CbL>UV9rtIDtcx`lWHbV+r=&g#R3 z)s`Xcm^Kl%y;NqofH*ifPj*o`(8AO<35tOYRNAH3b1$AWwSGv1A@vkx1<2YdG#w~b zfk8t5_E6_1IFsbt>&Qe!h5ZmG2)iK_JNR3Re%Qx!t#~z}$U&XOp{LLgrnz-{b*^)` zO?~C94g=@;P|(mDY!taYxG^clIlI2Z>nMCaPmx8#h?PSOu@vJH$5w124?ax_Kx7%3 z84^SxLKbzv(BP1wJ_}n@GPuxzlbjv*qUk-jCTXxz)g<|VscYb9UWTRqICFRAhHQZ0 zhv$z0ymow7K!Nt(GW%Y^aQpCpi=%MuV84#je?)3W0n$`+NnK5iv@-(bs07LZc!pua zV8TMH3~!mb>;R6457ZlKuw-9%7JimBkV>o}fQ>J@GW#9cK$a?^IU51cXpHr1AlyNj=h0fUXS*yKJu>nKlN0fZE!CG$ z-T_3te*N08?9m~j?8$>m72}rUx1X<{V_#Xu0!`f5#4PeYijooJ;An<_>7i1zlRY|r z_RjG4AzqgozH`q1cSdyKD*i41@qc|-n1f~3{DWpphl&%Zv7nw7^~HYVd^=~`a2IxG zKLYLiyLq4G#NVrQ;XiLm*?)KmzF+-UV5z>jri*1OhzeWccYN7@!_2k+@ZJ0;On;l% z185Wh>X{r7WQ#-|0-V6imI5zMe<%kuvql{H2bn?POR55v4T??Wn$u2MK6275jwQ>M z)necd1z8lUfa_AAa?2?u{oOVI4;NA4$hg(WmSinOaw#nAUS4J;jUa%M`Z4l;QAx>Z zIMWExlW`|&F zfF6apGG`D(Nwpy_I9bHVvw8C5$;e4UV#HC9^iH!cK7IHXf_i#0!eE(xs7oXO7**VQ ztT3@leU%*#*}HLU88vq+~yEY!~&5NUCi$9$jXJb}Bley0UScH18>fZMvf=m@|t z){xR75OUFOjE4Ho_Ixf|>j*m?ji*D+MJ?lkFx+LeqjoMs#oEqfI+VV@a@o}jOqDEI ztdT`VVB0FfAGJ}^J+O@Atwix5&{%+Ux#HJf$>m8NK+H7t-oX zi2lSwq*)K7F?rJ{1GqdOgGE38*PM(MCpgS?|As*^WeX9d#h;|)Wc^*%Z{S6#ANmHO zAS#kLC>0s!_B;JB>|_Ge>uvUfoIV*j;5ZOdx5ZOQF|0feXy8HaWpIfd3PJ)^j}9%M zxiXokZMm43T{i(JPP5Dar5hFwW3L1@gs=WrBm}689b#hjQxalgs-@yXx5L-BxYC?5 zxW#K}h!zxJI3$#zW+_Ap2vAjL{{MnB@x%nV)?$}Oek~R##YigB=kupw!(EI0WbvT|JIWI#mlm68j7XC| z;{5_$2>H8NTa!u;2!N7>t#7e5-pU=WJd8guSmUmh4Vm;fnh87ssvkB;@8wzxPkKs& zIX1?xm~&>qhkj05-93BuxN~WPw$W2T(Qy_{dtr!WX*PU@HlNUD!LNbddTiqTkb$~8<8FO@}=lU;8V!GF1YEI)-S1)yNMyPDlc-G?q zgNray)|+bi<4410$DUn7ooGnZfPe_%*T(TS5Z%s=8(%&aN54Jbqva07pBmIAB`xae z>L9r~ty`D_M`+t)TFYbN*{GulXaptjO1Oo9!&MO;%2ADXTgzP=US8OA2f>Enji{(4 zvc&}llqSA`>3;Y6+LcXsOfRqYLjNZlAi7f!tBv)%|CL&Q>fYaKeJ82)E!rSPfVdNR zoZ5YrhcO#K%KO07mm?S|RnJVt+^?G$r8NTU2M=tjG&n3X1iqtu)<3+5!Lx~}yWvR? zBp-KzxQ(M49Dg2k=t@4db5I^D0O(fWHc0gMRzQJ?c50$~<-n0qt!(}FB*fdG{{1{N zQ$w$^M7VF-=&^O3)C@3dmskPY4$QD|5~$m^&+bm0b4xj z62@m};E$H9tj!8_=MJX;{^tpXd1X*H41d)=*2Re;V^CVNrYRq;UQO&OWc{=9K>* zDm_(qS+Uf~iyAa3+Z81>xV_C(G|@~>)YQ6s#<)rZf+(y+kzNu>DRzo!fsiqzK%W{_ zgct7OY@&<&_-6$w#D8w@Mi~iK8&h8y-XzT@3kZDocV|Ak^FHWhN#@u&xMqnTMOr5h zo0h}GWNf8$OOM*Wr_I}Jd!{UoV1sa!merXBju4iHGuGD0Xe_Z;9y4o$f0c?#9-6|1 z@uM_+GHVcpQV+!A>{e~kp3`R|M()T43ZEtk9-+A!iaeYm>R@?m0THayeos5Nx=lg} zWdc<>q}Nbx`nOViebcg#duV7Ri!FJhFhC#-(KoQjb?WO0^nFz_ZDqy3{-rK!ew)fy@Yj$-buu#)I@^V4hg6o5j0b-@L|g^o zKoKyczxx61hNWMV*;(;jRy_-$wU}f0c5#rXKt8LltD7j_iO%aM+@YguqndmD(@#I` zMq<=PC*B&k-}aJSBWt9BBT4w;Uq5-csAbufM8lf(sk__gDH`{7-(K&vO@5n~&$RFX}PO2g&aL+v^PJw7v(y;-_ENimhW>auBXm(YQBGqO8qOE_#d>RGhKkLe+@97 zAiXcmSXl$gIX|qyY->`_U;h+9S10tkHA&NSKd1rs9zJxG^>Pw1algc$`yklthO6U(F{gR=X`croFDS>_zt*RJw6vPRl zdEgYH`B^mO47}bM5F1umH`7bmMJY&eN0dqRDr>^h*-)`BX>zk*Kq!N3CvJw1I5^p`9Zzq@xYKq!7`fZO7$VI7M*!Qt?i0fsKR7r|b41XvFY zUs5kZE9NWT1w?CiI(w{fJKWP+bMXd^gL|N!9P$2j!v@nd8Ks6wgj3U#dn08-&HQjF z>!@QBP~8*tMEke#myWm)m{;J?_M9t!`0LjM?Zmvpvl!X61=JZYnDPf`*wdo9rMp>i z>2~xJtuwRi+Sm7UtU>#PWABRsg?Kg5q^BsrNUXp#u6nhnYx|WUY$?)crKYYXj1PWs zo@4du?WB*GHGbe7`tpUkcVYk+nSg(}Q6txE$goSDwD2fC!{Eey>f7V`cJlGbprzAx ziy)9K@!%Mu)%W4WmJ_85YkYi#w=u{WJDy<+e>q;NL~BF+8Z*D|=4jli4Cp*PhkvHX zf5ztGi!(iyIV)N4Q4uSV|>^N6&m;h5*UMie&D^xL+{iinWP^P2(bDaoJjIz?of=z>(C#h>6!-=6J z*?fAn(2B0G11|{#PkxXT9@*2UtKo_OqkD|ueCN}9-4sv8*lg#Tu}7^}F2VnsW!_j} zkM`!wJ(t+-D#BRmhf*A?LDOw8E!qhEpA!ICHkg=n`oZo)Gigf5vOzyYdTx>?;fNRlY)2@S_y6i#ljxr$JSzL``}SgTy0qVp zi|e7c-3j`jFV`gnRV8MeVya*)G{>)g`3ys=^bL3j$@?2U(JTL8Hv05^;f6^7INX$l zF&Q)d?#0Eu1-9eHvUIB6gip>|-M)Nhk-NXY|F}WGaE1HxM(1TqEVe@y;bXqh*_JG- z6E$}uiRULug>DGD7yrxN)y;71TCEM$e#;h+^5S-*?Dut|DGG?09)obj2QGJ>r!qnl z<$)ln(p0A&W3DFq_j=$)U=-}yeaZ+7xObcN6ZVZ;a0`ZMnizeqm&sv~gk_?!xMHqT z>FN&OFW@$2#WILcM&$j=pH50-q0_i$B{3>5O492{jsiQessZLmz1ak zd7+oiNeG|DIc{Hn&#WjVQ&hDh?RphL51@@8wUZ}n&u zas?6_3bDW*e8e>r!A=QKoLQ?_;PM2%%?VJ@Bk+KK@WrsoPH&y&R>u0P0@Qp7dVmy? zl{`v2_U-$iwE5uH=X~mgrBTvmq4WC%u((iO$&D)r z*Tc}g<6sIZ$tzA~WLb`x+GU+kb)FHv#jJCRDfH_Gz?Coq&2!IELp&lJBYDrh+JA-k zA@^jpBhf?6X6pK(2YhaZz@ZnRh ze+#AdEM8k1lXh%-rZ9Bk4a#`q6=>_H(RWCpMkucN{f%x<{)q>Rx%$BW`H4?cqwu`K z;6ynNW&JkFu(hbZgrJsNFEjF*JfvqzIpPhbj_CSenlHT+xGYbQTb1e9iA|2ldm4Fn z?09?E=acbY*MD`_`XcJS-@jVeHqY%&9c$~V(vUe-nnm=^-~Da>@n*7Re*j)!21x)v zbuXj05~Wuq(s93v1e%S21Z)c$_%Zi@JZ3m2d(}(vn={a_Uup9<3)dhv1J?(Y#4zEv zr>08tW4hDS{<)dIBaXven-E<j2Mfa|M(3p4Grf3Ug{G0F?|hhA&tY~4O@FtB8nS1FbI|(wt=91 z+-o}<4}eEgXDmm=nt9>%Ler3unerC-u_GJieRM7O#g66W0+e^o-r>N#NhVk(YI>n8 zGk@Wd9h)~F#;Cr)3~^KYLF6lHd`8?sBshnJ^Sohchb>Iy?RC4j>hD4>4_PnWFyctWV%>vs8v z!=DEKgB+z`&?snv`pTN141c5gbcH)_X^^Nq4vsHGRdNb}Zq-Tm5+sEf4zP}7e<$#0 zMlg$m@$7w<+DIktfvlN7f zjzNeU*WBId*T2j$-B`HuAq!aAen2Ji@d{=zJOO^{fx(Ujno#Q;m{@obWB{k`aS@?S z=omdT)GtJ1gh&nt0PTB~!bQ`0sQYVbAQ!WsQ$&5fVZqQdqr!dXMd=z~AFy<@v(7Z)3g*NCM!j*pY zo0kTti_>&7fAx>lc1*vkf(DwXh`B1w#2XS@Mh>?YjJ;Gz#du+=jYx2zMIloc1}ebi zXs{~b;2Rn}3Iw_@8#RkSQ$J`{jGKxo8e*#6Gjx=LtBEF|8xtQP z|LgJ545MmLJ2a4*qxov}b^OQh*rZ3x*h80wLJ1 z;8;EkrQ^Nz^>N%Sjku%WM(!wl501O;Sj0hqyOd)veJgsE-{EviW8ckST&-Ns0aij zm1qTNK}04|kx>PtAVEv$Z{Mu^1zr8(2baG0z4v*Z^PIEK-uuXXU;a$;PTIF=4m3(K zx#{Iw*zw7>Pa^M}SsQPP?6EjIYMW)m4zQ9sKvIqhL0^@npGfxb7 z2jS!}&xvvP)E9s}mam@ph_ca^9pD_D4QFx+1T|_QE?;o((SY)C{&_e^tej+T&lr~- zwli;%vEqn0-C-y{>a-HJEdwf4`%vt_^jWWh3uhS6>0Iib{%~+dGep4#PVrisn6ucb z@bo`i?US(%O6Na$)(-{IKd!r&o<0;ZQf(ly!RY3!qH8Y)VVJ=4l4N{HV;rhUT#Tje zld}BD*xw7c`z`+_xx4PIGP5Tp?Kc2ZH@Z1P8>kH#`4h~~OXSk9*KCby)KImp;J#N| zut_Ar-Czymud1eH?$^)5Jd3_sF;h&+vliHS2f1149@s|}O&1%u5U;v2Ju@pD-KAb?7D_u>0$ajPR#l*k3>8TV~GeObY&NZtI_){{5AA z=@i%q$3la$M&`7kkFbZmd3-W%tslGiLoPlDIi!H4Df?R9wTu8g|nBpASHji z$z$bSKM1CINktLEi;M$S;|xLIExu&l7;HBr!M3}+3w@%4K`90*U9x1J6#ux%Y0~nv`c3&8l0rQTJC;;M zPH-+d>OO?QFixPgg|Q>*pcoz}g9zQ7vwqCDXkUZg6=BW2$(dP%Y{B6o<|83iYFR{< zw&(uidfsC<_fTgU0)iMbiTfd#&Gjw#%tRlnvv6i<`JKzr&Hur_J$d)>{qa*B+XIbVi z=rkG=Ss1CP3DSmm`QaN>J}s-_a?*9nRw~(4yf|KV4+PO0Sc+7v=FJ_iuZ<39UTk%3 zg2&6f$w92Gt?Se44xJlEq3=zbn~$1rnc~3=78J#j9#}?Dp`GF}=jK+F{*Zkni*u^k zWJS>}DI@Pzz>|~1YkV>aO6B?#8->y`@zvE5AOk|B9Tt&ECOoh8+Gwu?I^~Uf+p%iD zR5K^h$@}m}Ik*z<7@wEC3h#_>KCJSCT$nBzy+ABgz6k2#YUcRYG`~?9{hpA=n*Ty(+B0aK&-RZZ0eVn1>R)*lSJtF;#*AS4U#7E{bCE$iFD z-^Bh4?L_yvlfe-6>~3dlxfye67LGZJ9XH#O{K^uR#OK|AY8AI1^}$EImlGi!4YcFD zDGjHgnuWQukcc_`y}{YL>ylsKXf$QY;+VCwJf81${XlmmSCU1q2G3lw6}3I+g|vf3 z$jVL1;bY%-LN-4*@!vSVrtRdcg|&M;d)$gEp$tUioK3oQdQt4K%Eg1+n`^UAI%u6V z-f6gTM}p};b|N6~4x%(SmS50_s}%bCvrg?_HmYDEf5~R(dKglgzo4u%;gnZQE|ajv!3nayoWGREalyIUdP_NsOtds-@`k1`P6Zl z&5r!eJod8=?Kh>3V{$W=ZnGM7Ve-!2RxNM3+xqMu93gWP*0S`Ii!A5eXHftMfsSLx zZbb8GEahN0UN_wdVl#_PDI-M4Zc}n@3#LLm&J;gCYRGGCvw$7X^lhLywcCIG$`XpY zy>HzOc4zaEW;$x4a(CsoKHQv`-r4+|zy|i`IbiBxcVVozP#_YNPsw&-M>6iO$ z$+3Z5ZptbP?p>Bt4I)MI=|rYvl^mC>i-TIY03nG41_0 zzK(^g%VwJ^6Dnv{fZJ`>xyz?O*5g?LkTU1Aoz|e zZAp%4@y67wW1!O;=)(ME`}V*HyXHOe8Nxwp1D-tOx<|=^oL+nF!TFBr=H^t`ZVE+> zsAlEuBZQdLDRgRS)pq`E033A@KGUnnjZe@34_#1}NXQb6cArbwY3{&@hT3hNoIZIK zNb#!7N%#U1A1R~DG@34tX`IpQYTmlZtfssL5L5U zTW?a?B5)RI4tnET`)Rs!+<= zWcgdCs35dqdx92v94r?Rmb8Sx2FAs3GU2}ap2F$GfUT~@eJL5^dRpWY+r zk6f!FMnP?-HuRHH2QJ33%a<=xP$n2#?tLe(p(w`pDNggL@;GA4g!!5yg(=gcg`9t! z<<-uk97}^F+ON(d&NSCAmAhY^fkRuHW((!S%lP*Q@$$_|QUxmWzm}4pi%KfNE<~GY zC2%P|hs3M>9Q@!a8QmMSYWZA&`3?p;2|7d~cuT)5iML#nIf!y3zjSh=l~rlJ(SLof zA)=<-f(dc!^ePv-`B4?7+=!Fza0B++b+g;iar}$44r9oBK;l-TQY>wo@wJG9VP9oR zbWUqjz#c?NZ|Ftxg znmc>xY%VUYxlCn6O)jqKEnHmF`hS^;S7O$2Z^VBjZTB3q)v`KmYk%D46qnj@+q33Y zw&tcMR-8X&bI#Pta_gq;n>KG)VPb20_MDWcsKwvDVUv}Ov8c@AnBVXwv(73XKF7ty zdz}867A_xV%Ee{p#8lj+?eM6x*8b?hriRI$p}Bwlx_FgHU|?gN$zgTzp?B|Xf}6sR zGH<=V^YDJ?VV->jPrX%z3sejC6>#F8{IG6*b$6?E(5j)GM? zS*jwn(5`Ssc97P?&PLFy!h!C+%>)qaZTf& z`oo+RkEhcgj!pa7cIt%<7cNZw?1dS>eV9hCJo~3NS@fUwCZEN=4^$ZDpN`Kv9WT6P z%a)+@z8A7xxx8EsJLp60Lk>pk4LhtLJx-lm2yoJp^JpQA%F>kf5u5MGI-;ssu50>6usbKs4^UHL}xm*I=Gr2CL|F&Sk zNk)hhpM?2+mudxfo;8PE(>tq^ec5YNLO)q%IuE}u4pAu?UsC7P9?hz9FS~U4a;0bM zhbIbrwSL@%k-1sNvuA2OJN9yc+e`}y-&s6765Flna0zzpU6=wDh?~TrnYvQ!}ntrm2rE7H2g~o{iL^@?>N--?yd?xB=+I9GoglV;{*PlPj>$C z)3p&+%ZHUNljB1oN0Od0T1zzK%X|!79g9Y}*nL>jCJurB(hYM8eOA36qZ*%@})@7_G z*VIL?tMcug)dS^6tXkX3qC|8ey-&Zt|71EhPfNYqWEt+IL*tjR!D_3>!||b;j;7o` z!Lq1MQnMAn#tq4u7*Ux%^Vi!^QBhcmz_n@*P3kjUc&Y{DoDU7Om6d$ScE7vvh{VmM z+xAr_S(HR*g(bL6x)%7$PHh<4%Ji`}L^G9(w5ESP&i<(T3qq04kMtreian>(uj{d4 zmTRr|#v|p*TO`kY6UV!##QDt^QokR#=f+ZIPHt}QBRLnT0?#kl2J|;&oEGoYsKMyB zk@mL*7ew*9+1e%uYX)B(H+I41W|pU0H(W8TNqNrc&YGNH1xhs+1#HI|O_o0#=QcUP zs2;)V9rmBb$Hv~@T(*6AxlqPMfA*Zko9<&FD!aJ?WLXk-m0Y^JY`I;=M+S28^753o z;2R|>VhuIo{BVt*+U>C3c~U*2OiP!Hde_l{Pv#P<^D=&Xy}{FN;4+}II&X)xv@agr z`n*o7nv~;azIt4bIr@!3dmtMuM)kV~Tf=fZ_*OHeT*p!}v5i@6 ztTF!Mt>x0)=b8&SVdsmB)4MaHQc`vd|M;;^M&>A@1GD^0S>#=({+5-@k#D|M{YCPV zHGOjJWl>?@3Vc=Ai#8m3tm3n&vSOotns#yY@Fv<^jf0yuZCWa66U?CP_E45JC_6Oc zMbJe=@@F2{Ap6*39r63r4-9?JY+u@??3I&7U76 ztQ8t=Ru=j0-bUZJlX-!-Qxk-r>({UE)0Y3D=!g@TIKJ(|*Ecuv3kuW>3=GUZJ$r&+ zefLB?ZQVbnb4RK^*z)e-wy3yM`JpyV?@WJu{~~4IRm1OT(Ol@~G*G77)Z8qD05?25 z9D(@4RM)d(1q^l9$8N84P`EsMp(e%k^}3r9O+M~+8|!g*@s*z((~3Tld@nXO_Nc!8 zT_FvDMDt2bgn|nG(J~Ip9$`|otE-DH8UIA#8rnK4%s3g<#TimUAF1F`p=^W&7in$hLd*PZq9;rj~8v!ds|;GpV#vM ztI3E!*ut$IziuHrIo9{?kz_ohwnuEp`{x-mDzh>JZu>48?5GUF+1tlXvuh7sj-@y> z>1SVer{J`g*tblkHSfm7b>UFXK3GVEq@#mWtSbo`C^1nj*!JDl6}4$nDHU%>S%y(TDWw`}^v>_n$r6?A}`{_tnxv z3^_fiLanpAeO$Tq_n|y5q3Vk9@uB(%vsir8UUr0bgl3>!k40_k@AgI>55!G1*`u4Z zLOt%B%*e=ik8js16XM!@MX6>Q*P`bZ)e>)Va`v%Bw8L*lS|G_=O-ij=wMuO?o;75- zQ7=K6T^g#kOj24}`e~Nyc-lj8)4+{KlGYtbGM_znZW)$s0Uuw)gRRCQR&^Otc5UAN zZWE6B>E}1*xp?qPAGEf%9%+k;wQYR+JHMojqE@Ktov^U5uV25GhG_`CdGkinJl?+B zfTGIcO-J|t@zab20s=AF?!4{azhsY$^%XTWHH9?fdbX!F`>XWwWHRRRZBf*a8xFp= zNk0;C*`y*yzpXYsnbC@Xyi~&cP+W79yP)fS|4*1NGQJ@?*PF1&d0;y15f zhwr*L6M?{I_Ck^1JvSD$Hs*Oro&9_PxmYVTJ-t2W=CZbrK}vzrr3jc&BmJ#GzT2%t z)~!>{_YtkYgG)p{aq0i4WOMFZ3DV_2Z@#Edbuuy(y%8P_n@3RY=~m;yme#NU^`uP3 zIBub>G{Vb6EK)Bq@>`)_6oNoVO2N34^N(k!zt%8A_T5d3O*-FMb!sxrwzW8-D)dZ6 z%+f6%`A~-pP-YT%BxXpYq#BEc6~FrS-U!s%OV9 z&R($Ym|;cY8C{)7ZDx^7pU1@bkfEBN)V93C{o~`~iB1D%qpUQ?zHeohX3bBaEr@8I zHP(B>LoBY+oH^)-OW>)-kv#PAt+9B`8Ap zUzPsoX;{O2b7OG@qHag`(dIlarS6QrTZ{-~->M`FU)*Hmix)2#qe-@{nsjSL>h6l;X8{_8fUGPwp;&kFGpaG@acYYm*iC?hQ@jT$;bZ(a9;)%y+}#xKCM` z4m~F#hZc4tcD?fw@|?YRler)aTGs%`8T4=r9zNcRi|dZ^IqNKv!+`%161Z-aMhQ6l)`9 zT$T?j{n~t?wR|U+ikqxxJ$M0mh2IhGlI3s(ABHI%w4`?{~DEh zh?61xJ-LE?b&?kpQ!eswIhfQI1w}+WKl^33qoZRhBK#e9cXy66GW5t$z1te5XvX*5 zan(NSb=7el<)|CjN9$ws(;4~mXTCvEYY{haT-5-_M4kOjX9bch;pYk#X8%-6RDzCztE;PhSq^see2(jiTBr9?$A6?R#-1wE(vZE|G15Pg>f_x}GJn=K%bG)m zDE}g>R5o2rOG}d)vy@#IA?d#L^!pDUd|Nf2BA11J_^{vohDMLMgfFV9C&>9a@uv%l zpB|1+FfCb&=xjRFRohmdm9^JXAlg%IL^&2wQC4uy1*JK_$Y(VWNJ3ENh8z+~y>QM!C043m-{30hFN3F>D3E(aUsBee}pu*5Tgw znDf387RWKa3x>RE8io*7vy24iUwMHnAl)x3sUg#&7$=x`SC4sFqqQ(zQ{|Qh7egrG z!h*$%!>}#ds;#oh1l`7-;91qB2F+p&FcdWP5=@R;rK2(#vgJ;}e|Q>x7ex?{(v4NO zuD&GSKE!&y^2_RB6wz6+NnNiiD-WZ>i98T=1tB2{^-Zu-b)&y}%ZDcyfvej`+jPf< zRXgkFwoXi(Pf1UY0_LIWF3r9>2Dl*fkUS1eTY0oE6*#yIvoEhMKNK^%B4JS#93H-o zN-QbcmfP89rgI4xf=hTI+tc5l5jG^@<@MdAS1U|C#LV|ncXU|UXfjF*k)tWkX7Vf# zM?z~)tS~5v)QJ+e?>d@jS*xenYd_t~>)=b_3WW{gd}^-ZaGsgk5S88+Dj);{PlmZ4O-u=WSpn{zoU*zpy#aB6BPRhR~ z`1nu|s)NBIj|l{h&Zb%Q%jm=e1_pMe1Yf@Naz%7i!gUn9*#d>Md!r3Fdbys06$9-R zr#!5Gc(f+`wrEl4*l=I|k{}*_sg~E*=G!N_oIDxqA$IMabgit9Wx*i-B;%Ez+~NuK zdFm2L*m~L)ThDz{y?o`08TMdadETAX?%8YrfzjE`OuzL;?_KI;eI~l?$0u{6pg zdfcRm>*%=bM`fWD@6h~0E8Y0hYVO0rrwboFIBhZA!Qpq1G52ocOi~(S_XA~zwDEuZ z;khdxC3>X%i8jlVg^wyHOe|le56r69m9ze;80hv|C=vH4*nm}dE^b;fTRlL|f>#7c zxf~~Q!GZIUmN3LYUkeKUnn53$=KMK@K8O`qOr|9yU@)b!6id%%Ys+B;^0S9&OtlHE6ZhdTUWoAjq z%ZuEd-5J}>KW)yFvhQ>4@q4XNNDp)_zmzsR0d?9L50+` z4=hDm!}?{Yum^im>hoqylUYg>U%ta|laEf!QAws|tN|wh><*)y9&u+?qSn!)k8HlZ zkC1a23085F8);cxo8hR%?y#2$IbvVlFnN3uh`|iIpJ|zeI%USpnPv!(ro{nx#MQ<( z1ms)#E0V83N?qQSa^&!pMw}fA=?9IMY=`)jE@1aDo zi>*z5bRcMN9wL}=k-rZ33LMHrM*GG?&vqgb-D4zLR3Ai%xvwu1Aw5SRi8a&}T@t1t zbi^J=e=xH=LQAM%^rz2X6lm42fLO^K?UHVK|3C{lSU1tEO#I~A-z;j=biy7Q6od$vDmU_aMku1`L5eRAc$_?z8$5h9%XOvgtq-H2XN!s zxMI2(6k}`fak|JkYVqTtVM6{6yMb}N861>jRDBaGL}&qo*8u?B1e>OPtnmcr$vSY8 zpg4L52g^Z55!_E7IodJWQ?R|h<(iQHZLz(GNjf(cZA?H-MRX>L)sIN);w~e$*eaD1 z3CfyYmGoE$=7ZOuII8pX&;jrwRq@82ILOg>2U9@5$V1Nq2?U_dH!Xj9nCV(KmK_P+ zV2Xn<1#F~mKp2U*$j#dZ&_FdY{_&Z8?6k6&!0?KlclT94@Z2i~s!dPY*^zceh(bwSbiETjee6 z_s@=Jv!j#2-DpK>3$tp27YPaq#+!T$9F@9Kx&b_v*qu9fm`T{WllOtW!%|$Zxz)_g z&DqT>Hf-p))hrw#l{G%-n}>Z6H@X3EaTo!m`I*|GL-$?A0R-7KRyKCUfkpO_@#mV= zfj7K5#E`bCCI)=1GFzWnj5*AlF=I_?ed+SaSC{8>wpS;ZdYMa`cD{eGH59PSeoQi< z(mYhjQ{Y=w;+edpL{#M1!~P4Z^ZcZfacB+MQ^f0_)4{FgpPorij4d^Kk7woK?yhvb zdBwVQZy!n7iBw8_B}VK^=ExX=GM}Mgz4R>$oPhU$b=_wSxdix$Z9SxpmB87MPz#XL z2Wn#fg+gg+Xb8eunZCa-R+VfOKy=l&(erk8cLM?fmTtFviZHwnwU*l8)?93sNEEX~ zm{H+?ut5lOcx0sQ@?wJzKpXv_)3{a|Rre|;?=wQ?#AA6hf%W$d}3TrC*`}-3iW7Aw1jVi+I#f53KS=Va#n@?*0 z5scGlNZ=SWTo7=>+v@5gAlcpp$Y-H+c!JUpkwgVtqw9*?d%xE?_o;Q(rt4zY9z1sJ zu}$OKCs?+qV=w=7Y7Oy8IQH@O-00K=bs*q3V8-C?=|fWNq#3bx{-zfSxh! zs!1I|814|0)3e=V>>%g?~szx}eHeJ8eafbHldnLFpIzPkS}q{pj~% z`pZM|0!x~6r#Fl_I9$z1^+`KvyZHN(FFb$It^VI%_J6+k^?!SSFQ%7+POCIeV)!`V z2HnO7pf) z&x6KCK}1W9?f&v|)~s2n4T3A_GevF*$VP&}xP1BY8a;+E6b{NiB(p#vxhWv4hf`+; z68~V#(Ff+~pcP#s2Pc8cg7d6bScI^4P9ipGBa5FZ^4G_iBRo%p5&%@lP>dF&I>kAQ zHoR@ITn9Oh5{N=2ul(3!;1c3q_(~!clt$|0e-R0YkDofLfI>DiNNG&Di1IZ8MIo-- zC~yyZug8*=Ch20N+5z>{WW%xa|PvU;-+!HRzH+;N%MDVi|}YI<#%AQ zs$+Xy5PqQum4k5(0?CJ@v4^i#mY!YQEkXGhgmV=()SAbiJ{@u&_~Va1X3v^s{mVxH zeNZYPB-1gfJL)*;D63;h97^d1Vi88P0-Nx`MPNp;UTD9W14;-=aR!b}3k&XxWlyx& zdkV<*ccpim^|yQ^7N!g}On=)eg`)g?l_J@pqkHXFA3hv+(%Rv*Asb5_GH=bkb$Hl# zsQLGAkwUxZ{FhfV^wVsa6c|x;*iDQ%(&NHQA3+m_Q<6q0d@U*ceCNYKQ0>@2LVDYc za(<0A%reNDoJe=Yjh`IipxPt;09RN7=v~sEa(1$~lV=3*qsh(~Z5DJvdd%u6*Kiu1t2&%!|2}SDCt*1Ru z(+YzI268_0;qfjaNf>3(M=I)Kf6V!XL==}%5Oxv3T)jO#L`+biMgdzp;JCwOB;l|1 z;yQ5FB8TIGA&;FjoE&M7g__(7I#nS3u0a2a*}8PK+`pA`BP>SO?xgk#UVgOp5FG8VEO3*YK=6i<4m-Z0KZ zF5@P#BuJW%P~tW39|D}ce)Z}Hh_U@O=Zad9;hnlUL(AI~_v~qf9B{yA zlfI_&h{W2pdjSIWXJ45+@M?}|aQ^cz6T#K|{lI_gH*emYH?-8**_p@*M+b*b`Oucd zAuJ-@DWOE7g1bLYD8K}Vw<^OiUPe~7(+-7P1WH6ww9~N0l#ok8xI6}s~M`vSuy|WhBg@@AiG1vu7U%v*Tu#ChyMjCL^6y!;q zG50lf@h^TTwwLMzz>CgP>Gs_Rakd*#j||nZG{B-i++iJvnl1qa17hA9o#uUPVvO({ z+Yubvs*_`#U0f0=59=k0=-(nwgYuba)22}#WTd91GTFp!Jbt`F?ZK8kkeBWzCnqx^ zP-{Gd7U5FO^jaGMk(;OUP5tL(+sw4DkD?5I3Ys-Mz;#48nrDXThT5M-Kmlr}+BBW4 zkcW0X7|VXC&nQ9n1LOh)xlRo(hA$bD>VYyoHjdd{fkh|z+EVDzONzCV8T>QzT`ByiW@ISMv1zka>wnDImCSVi=aFu;r`>xLY*rR)P4 zlMgEh#2|LYI}LV3fH_)8>(*t2{V6P@_5yr>%sMZe8~*1 zUfs3bvgT}xfg zm3Pf>8tSr$jR##z*!*e((%Zg2~TSvp;BGJnDo zJP2J&ju}_4?-PuYmx5%ZVOA!k(rs3CM~M{yPkO@0h_p>q%?GiuY=0zYFx=frxVgF4 zgJ{LdXt4*rX6?<{mn_|aauzpl7TMNSpJm9_4prrIw?TM9ao$#8=%!YBez&@Ma?Do7 zqv7u`1?-PH7_FUPazH11|1QKEUE~B!XJ?r@6bvUl?!?Ag1=@k0i;xO+0F*7}7Ic0L zS)>K!_MnZM+hn?#(!PK`?+>`M4$rFGp&s>s^~BIKlLeZsAY0RFVP{oV zttcSCWb{(^ldx|`Ng2aYednFmqm-~ zBilPHv*JCu*Vq2!gm_~IDf(oElA_{U_;Qfnl6`9B9z5!Id$Q%p55dRYrB4rQaq|k4 zg6kx*2BEz@$WyNP@ve*gFS!M4tVgj}wD$H-ec0gE$#>)ia0Z^^`l5{@$Y<`qIg1we z%B<0jHIQX}zQ?e)A6n2pIyxE!=h0xd{MdH|;^Pq#b=u3L5klCz*$=l{#aPy+tub3Y zVR|K9QkTgukH_)-**ZjR(wk;$e@nbKzkU!Rc zoGT~e(7NaYDB~C$4g>6VtH3Bpq>}@H=w+EMESJ85?S#`9Ol*{W;_aWYPr63Q zkikGCst;Z94aS_WlhfchowEaOv#Y-+<8;Br=V*k!xHk~{hFd0RFOMt-7 z!P$ZzYaSJt2>THT=y#>6VrlUXhe*ASvg5W;*Uc4w<|sq#%* z7B>g+@cPZ0I?Bq*fp&kV2gHwminh4pK1Cxqx>=b|sO zc(IS-c#6JWKv=@J*4BuL@zFD+*?e&qgaw5=6RC|D`Rs;{oFzAxh`lnnS9Ok-*-w^L zempSq)2C00f_o@u9=Zz-3_&w!lYW{B_H-Kz1C+&4(y&~oFhI0k2rBp1i@b6luKvE- zcA!mX;D) z2M-A#!k^V8Ns1}TcwG<^1BKGvHD#G_yM&;Mh(zsD_1wrES7jp3I*=I<(p^)oaqGB_PFHD=>-w|IF8Yzex0YBk| zgT0jl&J-0*IRfXJ+L4rJm*^+3UvRJ1kw;VGP-5N*=OoB!v_1hdLwOx2n_6|fN%f6kbbaN^BuS(s_y<~tTyRECd^B)EYMSdNt3*xc;XnBIwJ zec^7?+dB%l=L)b{UeQ`$gv*{D?u)7BnKg^qySKFy68QbEVai`#svwxN#lasVt!hB> zFM)!z4QX}H-o0jcEM!ty-gf2ErFC$ekz8=ZiW3661l^ln`uXT=V^-J|Y`=RO4hMez zd~8aThiSm|#}{r6^c{rT%h{tQ|7wRHx456?lp# z+y(-r@R<=AbT1?v+d3=Y?o5Hz0WCK?x+slqh?(LF1k7@l_{qB&fW|)-*Q~8vA^jJF z>k7O75l&ZJ=s(1k{3Eo(i_;!re6_PytOnW;R=TwuP6EE#g~9WUJPHHki+0G*T+%+p zvmARQ$m`M9aPfJjG_i#LotOCU@D^`5Wy^iRV++{BzpV3jUAd@um9Jjm6^tQwFEn1h+9@NrX$Oef*}weq0ajtJqmzL5 zQLyWv?k&R$R6vuo2oOz@20r;t<9T9;*iA4nYlDig>uqEbPQ-^2ghxV&MM)At4nRAT z^EJDQj;%lVbbrv^n~gAE6Q_z#ZUa|>i|yJkx@C(d;_S+mE3Z}k=uEC}Y-@{Ly3MQw zu#X*#q_&1-2dqNoqoJ~HByq`v=8lf1z}iuS$v|7UB+jLsk&Fa-pV$`^DQoo@p zu_;D=-3GIc%lDVuutp|o?pgcKUo8aG_kL9RBEq? z^+BSXId`e|rrfvu{l6019f8!3=d?dS&cz$fNurBOLe)wT`@^v~!Yfv+cq0L4S^w7? zq9Q9+?1anJ+t=6E#Si}?rMdAuN&npwEEekws$O<5+z|Y5q!98#k|B;61$Rg0(3JPS zI6Ajr*>=kfOxSGxgduYkh_TTTda@`+c#fxodlJ!02q*rA(VYRDs}DDbE*>-0Pwx1> zXfF^bWL9H60Qpbg7>|rhq9A6JONmVCx>C*7_h3pEz<&YhL;BJ=CXqsNummmW_E*}oCju#jo}KH&u<^o8 zM|W`2ABn(QrG+gEx8^4IUgW)SK-k{?es3QiA3d0&OyaIUiHkxVK!zjq0z3tsV}?rN z+MqRTH)Ko&9d`gSdl|S|{gksS^*!fc_wCFfa;W3DB=}Fra727S7YG9f$YfImPDd9n z40gg7Xp3j4*tzGQS)qQol-8scL6O2)KSye?!Z19?>zPulL32HRe}4N9Ti=4hM4jg& zEetVT{d_gHXB5)wNOORjI11^LZjZP8`5$0c_7E9`8p(F-hc##Tn=jb5kNE6`%a?Be zuS~WFwk@1yWik3kAk%9BY&W&HM*)%$^~7iQmQGyp;hj4#z}CRXo6xg@!nqLgKD>J- zFqObz=w9d0FqZ>oq!Ub1c*AYvS!d6yT>xj@V@73#PzXrA5nyV3hBS3UKn;X9{vL$J zjZD)ChjhiAMVpDh0E?3?-GES2iVBmzZOyM~#nD`25Z+BdNYR^XIeUzOjbf_LY=)H* z@uj}`cV+UACR=%Y#KzbL&I3A@8cOwN74TB~fFdM-h5J=u!_*Q5C+iv1`4p1CoB^*3 z75GW(0wDV^23kHU0G-U9Gbf(AA7<({IKSvG@&@(s#v1PS8uTD!oaUVtVj|-b{f>8- zqDFxAh@T+o2_AN3Hg;Du@ygwGoWV}o;6yl6O$8E?U2BLvvCX(}Idr{U2m#&xDGu*L209_X$&ge$;q-PW8P&H>+7bK&U5qQF0y-HM#h*xv3N z?hN{xc$dK5mKGCtr8ji@pMR%r75t1Ls#-R(24@Tjl^qNe zRhbW}u48K|84tX zpo47$V`$gemn-TzpQ_$>{QCEtg#SrF4>7`!C^SOQRwO>xvupCV4_lS7O8qdrnSxv}0}hHz zUIxJgCl*M3pw_;gC|tbmhb%jf6YH8h&%iWo@xS5?)DWq>ZQB=%gxr{cq^_x|>Osip z#GC7t`F)LfK`?<;XNf}JhxLcu@^Ru)w>KSRhlB(Kc;r4UAnS#{|9(7RgA;gqy39D^ zqD@R{1Ih%_A#*TD+ykHw;b;{Ciee`FZ&4TV8AJOJ5%c(oa9pV5(^23yg2*6~HK=+5 zVrFOTdbsGv{ls5;tIovcLFd69FNGU^ezb;}&2}cw6LC0?2=CdB^qay!Yk(DQEw3;A z-rui1IWe9H0eT!6lpT!cANj9P|DyTxS2KA$V*=p!K}?R1^$I5H0^4PfDHwdD`_5AX zj+87fl}tNl+Su7qKN9iMQ(C~tKnX5n;nJm%0C_A9q`6j9WaZ#8pi5~XhIYpIi>SY& z!hjm1;L6fVwFv<|ay~%GOU5_VWziOy&0vQPqE>AB^5qFt5__&M_=t9(0az8NEsw0? zp&9|3nAC6u!5jvF&F+FbnUKkD%Yh~%p9}G7!AI;LYM`qG35Ai`4L3mHgu^fggxEcl zaPv7quBdru{QUDew3kfrBZGqoPV1m9V8{Dlv0^A!fyWvF0bPn9Lxc|kt2T<1emr+! zDJeaK&@x1+yRxkFqx${#?=K<36;(75A~>`Z2EZ$*vTc#j6m>J$TTwW&Yy5ti>U5VurlQ3<%w=2iw}~V9V|w4Wa~yuf`~y2ZiV8a-2xSC-Z6(pZ-9|2ybqp0mX3qaW9n-8kUDJ1cz)?tRqX zB_)>A0w&d?&*;MQzu7Ea?2wmR(w?5p|KHa@i-q|Q(F!N2A(-!!Ue`M20lwO~GQUmX z|G(YAZLx+L(X}fS2Ithw`cLwvOu?7`g4W^x=$-#tP0Y7vlK&E`+c>Wq#&1pVV}Pg| zarmGZp|^9xfg?D@YH=2D{zx4dhicpgzcN_7g5tj4?i3PRA+Q(Vm0!yC17h7qCKZ5a z_FQSCnsfeFT; zs{jOUDq4`Mk!}0+^(+qLUc#FslKnJewoHq{-lZx&7v#)J*O90JBMRkPpg1F{83|aD z7-i&RZvjYuZ*B`x2pJu~zG|FO4Pyi2&4mILz%+qk&9>BkdE?qO>qE&Tpih;Mo8KhW zv$|!W3BP&bLEY^a-1Cs+bW+Y9XBMODfaHW{u1HwafDOvxlxQDp3kcu@joj0Ke&Unu zhI>yzxRw1l0R`F)_dwYa1(vthe5=j!9mUQ+gTa5gQsGL=U0s8Z$cMzR5_CXJE`x|f zEGkj5rkrY}>v$qWhC|*zX{)=OvG{|}hQlW&srSPE&=9pRgIovW+mtL!YzCr!$N>!; zs0-X=MS!TxMkTWf8YeN!Xu_myWm%UY%#?yZ0`jMyNi_PT}H9Ac4}ok|%_a zE6jGbaImucfRomPCxo}b;aRcFV~s~U4m{X$Do(!Y5wRO5<171t{iVG%AY5ZLeZXKq z2MhzZ43fL>$*qFZT7U6x#{eL|%g$E7H&x&Q`P)e6fxD2PI9e{7P;bNeNconnoouPk z%A)fDiIQ4dGsmIsmcnO`4%knzr;!x9Vv4d`OTx;6lz5w<>p|f<2m%3Z|BTTQswQyQ z+<67dQMBL+sSAr)jFjpb*@nN2ZJaTv`3w9*nVv#VV(qbVaM9<&cjbe%d#vt zH>xX9X|owHghgP(u`Oq0k@Q&Ckf|A!&8JC(goi}@)Vl@bKL@A4Q;qseF*c+3I$%RIIx2QNt%gMu;#V-*4Vi2M zhc7e8)h6it{SVji0o{q((X0FVF1X^9!xt@CIRJ2yFy0PVs2P|~lCsc+y#iDmQxjMg z&n)b@Q7*Ly500QvpX&cxv|$~SJkXHA0--fWf%9Sqi)M{!VznzkSTUI7&ca^^@e}ni zMKvI)j!v|m4!BfmbybkJ^nnw^0E&|qy5^&)Fojud51e8!acO}lBq15}?w$h&4#1#M zjOw%zxnuLU9trbLw@oD8ISBjtlK&Qh-9st6$nisDI5`;-^p-uP^2dqK||jk@gfRa5!s~_1w%nFx?9lE?k3V5cgA9 zBFwx{j=UvYhh;1UT%(8&=E)n>FIqsIGy?AW3p5Kq!Am=qTkVU_McUEC`Jf$3qBs=I z(Yr5D-$o&I=p~sy*kqVVkBs4zq0dIRbaP*=UWaBsMr|6`oo7X8UAjv}3-r;tbJe)% z7aUSf0Y^f?4eapFb@O)|d*6v?=LDXMeCQhuG7bTdsg#!EoBA8QG}fju9au*k`h&3# zKxLMJW%kks|F9DE#6nSn8iRYKl$fa`uV7AB@}5RXwH{mGdC;19>}IueJWRw$nz z1^&!Kv5CBx5j9?Ci30HYwQC=dxtGUWr96vU&uSkmM!+sCDiY0OjBL71U5}T7cb(Tq(e?W7F zH?TH3q4uIleyS1yrS5`!$z!nqUVa>BT^Ij!~oh6VtdTS3@fjQg6c z&o|GMp^i!|xK3chWhPj@x-@G`PB`wKZCRk$0`^hNC})Sv2nRWWG#a!9f7S0Cr4pa2 z3Akxk58yyZlfull8gUpq5Dm%MsDPM|PYhOVUnU;Zh0!lahhQYa5p77BLY*H5qriG` z@lyYrUju%EuANDItI06>B04%TNr8!J0JMRq`Hc<}3>kVUXTR_p*1pMJUtqQCAYwb% zDlL!ztrw00bY18I-Qe(Um9cHv4;N4Aq+i-;=tb#-9Wpd}A*8GL{qS?dbV zAv&w3Yf$Twa}SzdK;sDBEG%s!lK2325!gf30SOR45ixVl?Cbk4_hI-%=H}lFLKkuiOf%BwIc>WbFWsIt@`fQV3JaFlUW$}xL~{_A zUs&Aq*KUmz>Ho$VVz{3F5C!sY5dr_$NVMC+LDF0&y(`pN|EA+&>uqrwcYv?|)>&)+ z#&deGC2ji7y?H=cd+mv{aR}!#+LAWMbHV?>YyEH8T`$;wBZRB~#heB!jho=L1A+)g z=%WHFFbNPM7`YZ>+m1p<|9}As5#PUmM+XJG@sx4VXmB`f`4P=6vd?6vh_JJZ|Jr;5 zL?WIyfRZ#BP-G)ABS91rVrdkKd1WB*uL!~vJD7-fj8{1bFEBFSYUm696vH88z%sUu zNg0b=!_?e|8v70dmQ>lR3Y<496gC)U*1$;iq4E8Ll9aTxrI39nMxH}Ir@Ip%;9uG# z=OsQz^I^l+uO|RtEl~pB6wCQBI=YORw@FC-QA)F%eQWU>~&#yx#aO9nn5W^pt z_=0ZXV}3(rr2M>dv4O)&K)v!O=E%Qm(Lm`x$`TUx6I%4QuY1y>_VduEgurYJWYN`H z-?3(&_huTna^3|cyhnO^y27my+^Ywp51_9)e`K)p4Ah=VXeFEuh%2Foo}UOsMLHM< zIf@Uxvn6nx#yj+!(1PK5{(=Rz8ZKFjVKL#NfKSvm3~2+cB}ynu%3%=&qa;3#5h0L5 zy+Ffhny*Id6HN-iUkHqY@T#o9zo@U3Y3YMh!0NIG`9p)>s8s^3(5W2fzc5P{sG08E zxN*a!mVgqr1*WPjsCGq6solF;h?x&?86J6jcksw$$t2g7UInS*^8WakU*#K=PohNEwA!73+MU^91p%7VE?3kZ7t zk|p=e{rU?T$wurHZgZ>z)t=Btak5&U#lSx@f(6pbUtg zkNNy`%tLG~`goP&vbMSk&FX$^n0~$hQzf!@V1ga>q2!IUx?FCCXe9xb=^Ki|oFzth z*e4hdP`y@V^cSnpWVOLGXxp3F@9`m>r$#1qtI*3PycIr&c-L_!qxaE$U%R`lJj70; z9K^YNZ?GNz8UrtdHv`sFLnW^YKawikvkzn(<06hE$2_kz&-3?cTz4~8Anw^eeaTqn z`_*(yx1dhrsT77ofUXoV0{p-#gwT$b8 zY2FuX&swu?d<(Tn57kZ*SE#%N&sjWYNgqz;65oQ;5V}v1Z>yoP@g#*853x{)XBcVr z1}wmvOqVgySKyqMSE()eFkc|QGwWAyOMBT5P;PQINJx}Z-1_o$r`gGV!L9!suH0Qx zy+-G@Flp}Fos)1@EuOz@*%@GN6T~Er2Hh-Z8Zm%Fjf76rs_!wDssM{n!0P50<9w?j znzL&wF7mXf&KtS_oUTUAd+XXkF`_T4ZU1RZ_`o!%`eZi_779bjq*QO+{(zePUz;}I zEqXb@0ZPHKWSdJ*SP$TKB0<$rdk_sl0s#~SW)P@`}?3BTNPzqnT(uU{83=gB{K{+)sC3kGO<)X zocG|7a4iSnZLkB!PyHnLYf@|gP#PlpJrhBo3vUM8>N{k4zQkB_k55~Vo{Yh++9)Lb zPeRw$W9lLnVht0x?R;GIl`B_7KvUA37?_xeBBg$x102BXNVI=MbZJ4vps@?1L$Ffh zl_yr3lL++hpdC`BCnJ8J%zyAKYZmCO+9{re>uJ#cPCIOyR`Y)|U<~#ex(@Fl5e15l zC>}0r7;D%B7bT7MnVc5#)3otvQIL^bM?1F@SVuNc891+Sssiq zz(^IAp$l4Y&;6)*A&psAp^G*h4aezKN8_9(+!LMcQ1c%{WNC*{lR@BCP5&dF-~9PG?o~Bj^?S%btPHN_Apv zxBztRyl5+kJ=rJcFkN`k#Bw%(55h=M_yPFoxQn{|=CuTqTm|>CVK~~1yFPblF+aZr z)C@IbHgs*AnrE>-4~pK(1CE+ruQ7+Q2Wv6syUl&LU`4y^a^@Ue7rSI$w5 ze2GT7zkKy>7PYs@@_G&X-vhK`-p5H=hKZP384lL-mo9DFZ;aiXQ&3PK)AM>h&B;3r z>m4(RyeLFeH?+5(ffMuunrKYmqUgFEW|_;d_S}I*1qO~Htq#f>jm)6o2uRlzV6TG# z$zfenw>J;Nb|f@Tc#)V`GFrIQqRJXTZV*bXB{~2dLUk2lKhK;=6O7T9k(lKsP=tA( zyLRo;i#y3=dnVW4gpbA)>rAb$h!0PZ-@*}lXY=w_fY6VIKop4_Rh4cZD>vG)l{}NM zj&NdK$UgK8$;`$Cd;`F^bDSN@uAr8d7U?8(*f}D9bjJ(|^6@$94s=&fPhY^rO(hMu zi|r_Z)`F{mWnC)+?z%XBaA!ufOl_LcAFBhB>mJk0X0^hoXO%eatxso->e%O>0)7jL5U8|FVd zL%O@QKO2?P|M;&Mrj2*~9{_~^&$GebdVl2S+VTz&pGFyAwt+|2?BZ)v41)0^!Rh~U zWCfq{(*Ni7gB4nP?YZ9mlCy-*2*cNe$oEmZOA5m^1pnog4)@&oXk-yzDG(VT<|~$S z(pKmK_eNv@l-uxE&`P(`&}bVQCkKJ$LXR7sFK}DKODh$0>;MM=q7{?t?s|H9qJGfEaU_H4wKje95d#+Cg<9JE zfg&6&eor1*yZ%7*uarwl7VTNmtfYiCT++KBzfGBfQK4o#1#A38=hy1UHW^fq9=etYk;b2vf!9-ej!K!w_`IQb{=XdiwgdB7KM>Q^m}h zJ9iridv{JkGPj6bJb%6sB(q}_;$hG&K!cDYgPHRiIy%hB(!3Q~H0rEn ztMhEz%R6^1A2c$Bjg7`uBW6B?>Utk)@B_3rQ;`afgSp4?r-CzR)~dCQ4b9RP3vlke z#s{rL80D3S zl*WQltqBpd0Ns-B;T!2_=W9<;+L>##ddH4WJ0v9^V8uS=(>H?vGy~mw?+@ARP7r*j zp%j>)#mYPr<0To>NAU9=3{3B}VO3(w+yvGVM&ljF96bD9_7wAc3dQ0#0CWj@bcnUc zrX(b;&ij>b%j@Ivgf%HvO4_w)ODz|M*WD6*z$ZvkJ4MO_-5^r*)|}1do`0fFB|739 zW>l~aW27BD5t5R{u2{R4I`_O;OfepgXBnPpe%7wy-s=v$f}F6ba=@c6CG2tbmIEimEc%f&s4CPvi03WDG_P z|J(;`eLG-g1t6o{V8>yWEPUTI%gLbVbbJIzRxm-2;4U+z=D95WOI zrjA!{LwXB&`&OCr{nZ?d^^Er!9T`D4p^cR5SPCO&ar-zvU30s0&d)U z(&b*>;RV(0D?1%9`4crD4dhU8#7H>ev|yoEIf1Q89h$K3E`Nsy9zuSJ>B}3&S{$1F z?CJd9zI|JJ-B`vR<`kQoFZH(6nAKv2F9O_O25K#9Y?7}^%&ln0j7%-c5I+h zAZn}F>_cH38VK}x7YfGf+4^Y?aDsc;p4q)cMg|ifR#{nfD>fy28k^;gqhM!yhi{S> zDahFVq=Dm=Erp&C4u65mM;}!j4er1+g_SgB6&TtJo*gtt^0nLU z#2L$8;`Mc;TCnnu#9GsguN7f-vca)HhLPx_X~R5CY`!(up1XR>U^GA#V$t|0;Np6~ zDK=u;E)aM$RFmcwei19bgePhE*Di{2!>fPqUhuYdReW7vU;qpRyvJaISbP9tBZ|h9 zVuHxArzO+q2w0EiX4Di`Rt`@a_}TP}y61~rPh-6bg^_D8*h2ErPO~+I_+mV0lQZ)1 z`T0)0&YDy$)ZCgt?PYPNR8TjnoOmQSgDeM-cjvkMthF2K_YyVe7oM=c*nI37a^_lK zWFIc5qdHlG-SOop8&wlc&4xm(3eNI4E@m3P=UlkZ;B62-;5ZhvB{^&U^fM}*4s~j> z%xi7EeLcsh`GESXX}UZ*#SQ~i4%&GP1g!>_id*zXJ47TV@&j0_uioo%8%L!B8$1v{ zMdJ=NQN^LvEKe~Xdk@d@&=hig$c5)5zChIADD1GR+Wz>pAk1WgBPS3ba6vag2X@wH z$sZUd*TDQopTGS6+i#CSC9ZKQr6H~C2`igBKa_d^OYC!<*z?9cY7BTyyCF1^(}PSR z03K>6U(O#YIwW61FTff-`aYuvgaFX+@qq8{)~+d}jo}_XqQw|}GG`14E23v2zoJ4H zB*3Xhg400h0;ZJN;z_#q(u{*NyOp=-!g0}~L*2UA7YdGJVNV+ie0`p)^YV>LTD`c~ z3vz84(g;w;2~la*;L|)%1=jHY4xHz;D^|Qf7OKie4nE0v zfS~ayAGE6~0Dou3V8ypxm|;5x);(f_yRb1zWFb2{RODnD?`? zpav4}R`z=g|2_`bHg6-)&8eq?(~zCS*zeTcCWd z3NaOl@vD`+)GE}DaTpL@lHqu+p|jJXrl#io)*=}rWQ02(Yj@9P&uPh7Ld1R_+M({l zDE<(xKJw{FAN}aLc;UiRAjC~cB*gDdP(!MuS%UM*fT?3gvByt`7P8*_|;5?wt3X}-c2SG3#jf%XOxmEJS)nCRD zRw?t*Au5@$x5B|&PdV@40Kquga5UEJ#i$o*k|19T;uj5YqzTjX9+;NY^vCjgtUo~3 zE$+Bj)~OIV%nC4pVRlQ-r+m}^WB~=2AAvB$S0Tyuf}cQ#!&PEUh~-169E7c-!Y1N| zJ`8(O3-#pyOsm!H>2L+7rH|pyQBY%OB0YQ!GO(j5k)seQ3+9B1u{dxmgk$y59;bEo z?Dva1WMsi%@Sc<(YB=7qn(OnI7puF#$pusOh!LqIRu7&Ph(${(O_Kxhc0Tt!ArJU@ ziGX5vcs@7AK%FNBq>I4K0&QiT1<#6wpz|BgR?sgXBBvsha~vy@?fK;;mpZy0a)#|_ zJVSWJbN*8Mp9uE;0flI_`h%LethxC9zMq}hFtza^^O)7Vh|_2=R3NJ6qUEVynZayI z*W(r3Mv6J{%$X0sdF+pIR4Vrf#CMSe`ZrzZa^Yx}eo@e?ZdRI@5VqTnS=tITA*# zQGz41bmja&$uDI#Ch>|~U!_Cc@EuhI=|dH=utr%~h%=yx{l48i))GXjzYxHd9#Mk=uB>WAM4+V%JAuMP<8~ zg&mRH@0wQ7lA~EoNGybeG_J5MIthoA(F2$;o38dG6h^LCkz>BaWw#<#?98lhmI`b2 zNyZfD$ktjC{}mTJdXV>b9#7gm0IZTG2QjmQqbe`5cTvRX&$XB9#7TN6R&IR_KnKT5 zv%SmtF-sCZu;p%gQ|r6@8lG^>ftK?W6?N5xY*@mn>qdAr$pK`RGSzW$!m{c?hl09A zj3e*&c)F5q=`so?AF{A9cNV|JmN{U+_DRpNk4xq_DKsUn-jRY;87^@MgK=Mqaz*sB z$!CIllO$-IU9E7RifZ{c&Bb%;J?5moa82mwl;q0W8B)Ck{6BE>LrPC8>==s(&lf7~ zx2!p#06TW=FlJS%ZMd-#@ypLcu1|E~o;REX5ci5WI`5FWVn)1{nIXrhHc)x@E(>#V z6#q45o+48Soq=O6Sz(JY4EmZS8#^8b=A*cqVoOTp3KUR!a__obyPVFwW2xrLxpX5h znVpJFo<5QeNH>@lMiJ|NatX3gwNwN@J1@gzI!nxzzO1k3`IKu{KL*B-)$27`x4k(N|f3OYa*)&APbLK?0@oic*i;3?&q4Z^1OcG^bUX>*{`+msH%)iKq73JTiag;F z@-Su%`v9`2Aw6fb(TQ1W&#=&8@19lnQo2}M?FW)1L`8x8d-y$~B+vaK?mtOp)&2yh z%@$QWDZYT&f4}=zze!xz>rqq8H6|G){y7LlGYL_4Z5_+@y1n~JEKu7%LcjuEJsI3U zWQyW!<3T^P1Zr!gm#631+s~RiInb2T?T)t4T)7s_ROC?1#grE}w>RLWzS-V>t@Z65 zFB<{|2i$Q*J_TCJBQ0y7y!Ous1!Q_bZjC*G;^TFXfa@Nw*<>%nq++A9A?O{6ISI{; z*vSmp<~=j-L8eupyePupGc`DB{p<}hFFz~cIW+Y&S(71YObwlFCJ3?1s@DDOx}C(g z(@(@Zr-+^ga~Su6kz%Zp`rMy}!Z?#$Ry}NkImuRBRCL2?O3xtRTT;mY{@K$>zT3UR zp6*HNX;^BOlgX*!!odYj%imH00nEF^#Fc3Pv9)iBe{IYF=q5z@FcIuPYX50%m6A_W zxn+@&Ww?3m=`d>9d|@u2jssB@%>8rMC)&DUi>)nb;dTmE(FItmHieTnQW7oVV=IU} zf##f5{E&>1gjI=$!h~I@yWBpQ1bG)NE@-*eU5ZH2R>7Xr`NH=xMLSjy--$AYhgwdV za(klw1x(&AYCmt8SZAnY`oM7;A3`eW;^vk{kSd|$<`>+7vH%I_0n$C5(jz5(k|`-R z`yotEDX}K=O#us+O=KZtUa%}`{_fS4OAybeFyyGg)JVo@97YZwPic_q4_%-Okj1)Y zKN4aKaS)wfXeIymc+crYGn(NTG$N{Xdi)P>`OLFxWm6=ON9#vwsHvAQ@e9!YCZPy%aX4`J zqL7gH9Tko4p?s>LhgKvNFkn(AEIK!Z@rX-DMmaH^I06Jx`{R!AOB~N=5-CrPr}7<; z<+l8+7_e}P2QMC_FFfOOx==W8%9lgPybCoCs+M!J`Cjkyf&E^JeZ_F9)%HdVyxfZ` zsVS7jbfV9mP?>Ml$lP8g9n?9;FQ1$NsHod5s; literal 0 HcmV?d00001 diff --git a/docs/versioned_docs/version-2.19/_media/benchmark_net_p2p_azure.png b/docs/versioned_docs/version-2.19/_media/benchmark_net_p2p_azure.png new file mode 100644 index 0000000000000000000000000000000000000000..9130349c764286e66108a54ffa77a2079807a57b GIT binary patch literal 36902 zcmd?RXHb>fwk?WzsY@`6NKl!IAc6rwi3S8G3W(&aAShWRNj5G}Q3MH+m7I~B!9Y-g z<4>*LuqDe*0v7&g(+&}^Yz z7QIeGv!;)RX4T|h>+vV?M>ZV8f6kg;QZkn{(KWZac~6H%@}~J+LlbjDJ+1wgI`_=< zOpH%)@o^pJ+<(X1{H_^4H@DG$d;^!sz1!S^d*Zj^LpI*MtZYU@LwA#Wt%?+h(4(Po zeM1#JFL&R6sMYHJPWhFYv5N55VjFX34p(pMSl=)CT7TWzb!*SRJ{&A(a&FbC{!4Nn zuZ2C6yA(R3YO}+$ZR6=l-(P}`zlRo+nj{}T;p|w-iqG7Cs@MPQsoPeTd8clFZ*(~! zh96BsvtP!VV!7_mFKJfs|M{=+LmH+(zu-IffR_B?!M^?HHjrO@+_LrE8uE*u>;I}; zMSgL2%~~u9{+F?8wfUc4{P>TLdGKHQF`eJOy*JEsOj@%nq;&$MWv7RlES49o<>S?qR~9FvwG?}!_Ma;@i<9u=NSrs#vKkHK zkc-^!SALj|j;`G2R55$`%YA%2cYmJqn~3H)mU!c+4GKK5jYk=&gvk_WpuIkZ^8&yt-dw9d&E|(zKuO!qBNONk0YrR2eT$!mD*;SKg(Y?I1a2O9ScHMvcQiN0hznHro z&T5WF@Ar(yv<2_XdcUh=+eyPPU+T)yngrJfav@WV+vFX3}CjD(C;o3*$fpNZ7a zKv8p+#UKxU5WVZVjYglJY?NA#1Vt&(yXi+Lqy)1jMgA}{uEsa4_)YIAL^tgWs4u@w4^AKs6&=Oa5=sGioZy%wjE zI$3>%yZg*Dt$^xzKmKo~e&h9cW2UphR8uIoX_JolKUb`+I=u-jlbkjdd2*MM$$4HGVjs zmzS4ye=N9W-J`cDdNpEfQvR>Ky}frIQwgQMIUI%9DDgj=e6RO=+&^3P>6iPSuBR(e z)U*#DrwFfyU?%|pZMN!OS$CQ(9ZTkD~lyH2?z|%b%*KlZ4?o=J5UcYlEGH+?R zMKq4hor{~B8ykD$#=GjUD-rncD67%7<`lg*i;IhszdJ5k3^$)f_A48knXzilZ%WdU zP1Ua>$9J$1X;(_p=j0(bgN4Z^7CQVWkA#E-Y*Io~@@+QbF!#u>L4|+sJ=quLtx?U_ zZWrRPG*5MZ#Uc`qlXd8xWUJypZB#0b{%~XB#V`p^iJ^gln4dpyNc!?nt3%ES@oMce z4-#<{{v@JkF;H8D@H=fgZHV(wc*RF#c{YSnI9T|0ac&~Uw5#Z35oP}DoeQkzHUu9x zsOKC!`#wphbRZ(g!QIJeLQ!{Sq}83Gsi~Pe(`GAGYWC~vd%m{&7v25ig^in2sOcu{ zUKIQYDsrNkviJ5w5`C>!?VgllN+0&uS7a~E^#;{HT&j^4kw=Y_e zwK`fpCip5J%Dc6#?O?|jC;ir})X$$kYsq^@9J~0>-|jnyZyZ#NSCa`6wx8^L!L9PR zM?Uh}`5kOhayXf?^It>0E+ZG|BONE{mPgOhX~tr*ujTlTh*F-4d=SLxYvMMaKd}*;iGN|_*=1~X9s6Urv;sII zReJH_#nXD#6!|z6`Tpv#Hwcz{-6dfPaVmw;o7<6*ChJvA*tLsX#;2y_0|l*tP}q>h zilYLN{}ZQg7Q_!vTgykwnfi=Yh^)xrV0fImEj2ek&tX458Lg3<<*+zbyjFzwzO{9f z-Q2jl+Nf%O)iW)e{V6Om$Nv52Pz|o*YqCyJv+zviwfpxo@)kw}JlSQ%*sq6PEAe2T z3R+ndM+&hIrjts)*DWz<_0D>tr@pWQ$5MQOukIwL*?DMRTll#mvHo+bp=Y?pKfPhA86mF?b7o-AjW2DK)JXL`5+R<(O1|$ z%jJZWwUqyvj^l6jQCDoHhoZ1yB|v%rgbIikZN|ID;)|U}^A^6Vn8@i3m8ws1c!Z9$ zW|!(FvjhCpTOAso&e)FJjPQg8n!h;yqIB{^;*46Nh|P|G!;-#7bV@u<7AaY^hG@A| z{rdLi5EXD$0ZB4;U?P8IN!lcDF8ri!*%1_VMB)`DeskyXABm1D%k{#^wmGu^$~JdVqY^wR~W zII993HvD)H^RR4sq}AYh_*FfM4^XPlMJL)zszoROv7c%lJ$|en9;Ke0=5~uiKKj>j z$KqE^^&c4}{dny=ho5oclf>Mu0baE{9e|p8fSFICHt@WE|Gs|F`EhcrdUpNfa7)9y z?dqPP$m;BGN3rYO{Q06Mx0n0}S-)qzTGJ`O?BnNUYgJ zPkBh0A70h0vtVNl-s4Ekt#aQwe?*_2AG6^78@{|o48!{+xbqj2G7+yH!^-K#>Rr9P zy|3BEr?cld?Poij6y^b_vVZiBl?z{1!_sMA%{FX08RM{dH|Jd?%jqFy*pA(vxxjteWjIe) z0bzn;WygPgLk%}zHi;;dF%)^>xHRSMX^cZERci7h<0dlc?%}+6fXFW<@h6HHMI3&p zwBaS*U@5(=g#-oFXeD&Zx|moINH@cLP8)d1`rwqOcwskMyKSy`a~V;JCw!e-y7V1K zno~;&geWm`$)Fn!`qWwYLOffO)j?r+LU{J)8rgT}9v+!MdMxVZy`%#qqtLcxAFrqn zS7(~zWR&1Ck%?~X4=CSsKmKbNFqlLm7*vd(wn;dghNo;`lN5^dBMJt5Rcvw7hn zop!OE%*@8<>I^78=pZt#P9Ud?3mm`q-T!Pk`jwC$+z9P>w_C_NJ9K<+Gp*teG;n+T z^$nY}N=V|u+?-FGYI>1U5mJw2nqgBcOUTy^El)S^VL&6Io!nG5n!hsQu>vTcMk_Iz zI}=z+(`PDp|My3ZbfcCuX*q>oG)q`1(#nXr6ZB%eU$TrwNXuT`({c9q&B23LvE${) zIAy>wW%(=126^)XM+cp{Q2JjcsZqlbc0K9s4ySr6g7_R)meTv{=&*At;On~-!N^CuMl1+>qt)1 zE~Yi>_`ELpb_KH&O&0c6CM|;UhFeoO8IAA`Mn=Q$fkJ~ROKu`pglwl%#sPopqK2Mq z_olJOc~W3vef7$=_dC-BiU9+)sI;_na;T|>@yy+i{vwWTC><>IGve-hdG5TH&1^|C zN|wq=)+yC>nD1vZo1fG(8~;T;1ukH4f~n5xcv5BMwH@2HYhAc-;VSY(Y|gYbpGlkf zWsw^nX^u*Ia>$qA;Fgia0c!gbX!cIecOTP7q1@LsKip|!_|=;`$nDmqJzPU_ua*{& zWw;Dh7zHfL>=uU8>-#>hTD6KmSql!n&f9rF+PX-ee-;eU7Y_JH8`KiP^v>zY6ME!e z)^9G1XRCcpOws|YFIiWkXETbCWR)&dC&mUi8!TPhFA2d;ms$ zu&oXLXU&Q@)iNqKMPHAQGQw{Co)tLmrL~}(!V)AXBvcOg65xd?MQpApL25kBfQEtKukcfZ|SBkKZyIsAVT#WTAF!-Fm~mm^J@lH}%!F>2?DC1&pK% zZhUWPX;I6zEWbH7HP{e0CFRFk-aRea7SxcSnf^V*&fdPfLDSKQmPOd`dyt3;T5R1- zyE*$#p2;!o`e)g8YEiALQj7O2vi#dP#2qTfXb=^Txk+2zUSdV zO@G(#052w~qv+RyukJBzVXfzjesQ#jexk?Egn=5al&DoizaxgG)j=>N$d8fV{OjKg zJYV^Be|>fP@*~f_;lD&*;cLK0R$k)FGQa9_XJa7tI-ZeaI zMDcMybVV#v^YGQTH|&>#TY4)_t~M8JIJn*osVLRKgW`kZP@Ls&zc8&V!i6~IU0E7+ zEdOxxOPQZZo*pXo*!cKK?c!G!J~N=26f_o|eItK?SL&YpvS-hyPoETgs#>4Ec=>fz z)`=pLi}_c@E5!NA20o#!+;>|47Fhsv7sh|Sn1%GweceD7HfH+SZZ{#hgPD0m?w_Ua zNa{`ZN|=>O{0gyuKHB_pE3Q+zJj=5il7lXsK{opjY-I+mj4qW8A>Zk zhnkY(PO7!ayGW?L+On--+nDXP-Me+yjbz^IKDmcm!@OhxxKU}9#4inAghu)+Be#5M z%WW;AdK>!M9TwttZ517Qzco?39-Uy9TD%bbZ)}JkuhBiF-9f8tY>|o614s-&EUZYLP#W$PYFtQHq@dJZ0>`~#+&?;OWDAaOu4k$@KR9xu6!D$W` zu5&BnrQC5k@fugG2kVbHS%@wFU1V<6Mqgae)&yn2hy{N_DeO1&pR3-J{d2%pP0>wP6_eM-0NgO|84%gd3sEPnR;+?Ik@ z_GsF5+{;}0oP{Rq-HjOgRizmX~PfSf%2ncn^{`UavmZ$Kv{(pq$)XNzkR`WN{fEhzdpu_iqeE z?9prUTMpeR4-&Lax)@mCKsWzj)f%<+v@6RC37$RZA}lgrZJ=XTVtcf$-Im2vgi|%G zOsCC_Ra`|6)QeX6N`FL9?3|3nW1zYBb%oqoGu6)6EGyQ1Ja=w{id%8AK3D2RrpYeb zH@4wK^t7{nHj=P`7niy|`H~70>_3^Xq@PZSxbaO`1k1)X!O+F{Ze_O1RbfwFbE-jc zzkSl!fh-y!9-dkP*UJ3Q)?lZLoAc05ev&{~8C!_I8VG)N!c}Ty*eVz}Uawrlem+Is z7)36mjHT|I)m5!cmBT`Zu>?#b55#mwo7~7zV#(Ly=OuY&5x6oOv_t(jgZasRrh%Ju zTPY2DM26PWF&l<0ptQ!$ZL<{`0({YFa~ARlw0ywa`Yd2&@V!Xdw@Mv0dp1m#Wx18C|7m3aBY}>qN-ihz3RL`}k;}_P*GXJK-urTwj zy}kXWLqYp*Z%v0Loi_DsOJ%)-!WSk&i=91>DyozoTt72?50s&v&1BzAN^hVpjzOl| z^61!R#g-j&*+%*A6mss59T}WoUKkah+v{TRV59_RB(9rP%*8p0*{v>8=F8=H6S)kP z{9Fg%8s6%Vk%f4!ca7Y6vkMEVd#A(V-J9MMthCPCP2asiZ$h=<*_3C$v*Bw_PR?X8i{l-1c!Wk*3m==B zdTE(kwIyE5B<3r^;pz6} z`bS@b8J=(^q3MqX>N{D~N8Wiir_$E$pDyv}!N~V=MP%e%u>~xZT4MmRf^Z4?Z8@2! znM97TA1mBb|25g&{O8A2>N)pi+=H1qc+s#$%SE|UiXZM<0d`YfF#)CEF*j`8W&0rw zJAB2aRu>(`vy%b#Ehy6ok2la2Sqp93KuMAYav>TF&Tgy|9SaA3m`cw5#EU{hQxh{Y z>0*4Y@eb}?%g6*Vq2ldNQ8Tm3_IX$M?{o~x#;53mZgywhLc7Puz72&Ie59w6r!^kU ze*7DoJM)r5Q@e)y*5LWT_6*aDKxuDwPMIpZKi_rqFm)b*qGi`RONu>uB%!bEXmG+o zlzq{20MQoLrCrc9gujgK3bCgtN0k#*c91K67U^ITI7u%9-UiynW%v46W$p6x{OoL? z$9nL^-rQF7a&^MzZUpdK1gn{d0_{~J`%r`!&K=_bdGu1=`h*_nozgj(;nKH_8x~#; ze+;*r{?z&T%a^!^KZmY{e(FGLv}^EQDPVqg5-6C#KUHdD=Fp2ptf=QK>t@1%o-=W*5vDZW>G zvdwn1@Ql_xDo<^!@~PH5dsRS*IslbgXcnN&)X{;~;J3eqhvN`mdW*ATRbKMovWPqb zs9ilh+)@`JPG_)o76&QHuqg>AM=>_7u%e=3-tj8iN!O!DjwH|z3C+9BBR%f8B@_=j z^+Jyf_kIKN9+snRabVz&P$;574)ama(neo%cm6d967BiDwb~1V_YSVyFSt~|@)4;( z!e*!WB}VqsN!}VZRFFD}8arkvgLaG%2VR|cd7?i7prSfl^@aMNEnRg^Cewl&D`RAi<3Bwl8j9OWHp3$LumIHL) zx&QkHli>Zz{#3DPi(Q;b$D7abqs6a}{2D)PV!pr|-#KV@+wr9e8riA&!32S0Ca8FT zbLi^dDJSa|Dz$-QtIaUg2I(&i-m3=6j(VOHPoC(MkcesLlU)?>_NPj^?&0Vk65{{< z^vM&^?Dzv0{}IisV0CcPVujY!KXVwX8l#w?0P4*g?OX12vw=+Bs&1r=v#e&MXF*Nn=Bt5ckdm)V5GW@l%WRwc&J$73cmN!R zGk4!@+Ii&0x&Rz;g_>~55TP3&e#ODgL|+ek&TldBDI zx!^pjyo?9YS}OVU|aPWNFE|;%c=WYR!>|C4*6)M4i&zQv-FSIzP9!%wM|NrN45xDDR~dDBoRW zyEx=7lPDBfS?oFvdAGr4m}pkooXKc&6-NKTu@-A#J$OJ!>cdve;-2DN^z@M^YzXX0xH)J5`UV--Y25O21z&ka` zCbDtOOt~N5QAlnNA3i*hM<*ye==)a7OnCP$+u!!kjv-E!`Ik8l>fhf3M?mcz5 zUMN5C)=KuN)#g7}Ufkc64MJJLyB37dzzgoYyFR@jIGaD*d`wXmQHrmPQIxI@`Kbkl z&otT_nAB!w#Aw|L0HI6Wf?IBGt|y;~2Gup|cu^73)oH+#Gfa$O;tSuGzcgdX=tm6& zw@e?+fXt|pXP0@pz3q}9%9a${N_@Dph_Cc#2a8swX-PYhy%=~6Bk|xR?d_Tq`6D%z1SEOI0w+cc}i4et~oaC4gdp2>^1p_kn*U=?Wz zrKRmz!4)3wF@58dmUo`BmHzhePF1;~DOaP`unemek6$S!Ymm%1m6PtrXcq8iHRq3I znsjxU%|LHd%@qf45|6$r(;w~lernd;jtd^HeV1LC%ag1^5Unu-^>GWg_RXz5D4aC` z>7j6-k+F_dz!JT=>%E}j-T)OyJu&;{&?pU8?(0IYVlz?BX8}}2M0WIE4d`Sopm;uY zaw?@KvQ(j}`cP*V{Y|>cia?4y``TKgX=*HZ|@ly9t0OIr2A^R?(*YMbxZ&fj@(^5F~%JJ%uRfQjqUT5Xw znq6>SfM33YxX&{0cke0pi$L8u3eKM&;&_(ja5U1nK*{1ZZmxo`g_YzdG)%7tjf+vr zQUk5_oxJ6&5UbSTF*-jrsBm{{Ypbs_n&Pb8y{E*gLxvFys<9J?J)G53xz)37Es4N@;La@6 z&H|19CUAGm$$B8zkUGF9~tP9i&ZRZ+m`1>mGom=8U!IHM1<_z{H1K1QrFFJ!n*Pq%+ zj5|10dwNfHzF8``c<)CqQjgbUA7ui1=<_s}*&%)%7J4oUrNAby)e|h{Q8-#oyi)wh zHB|A9DkEZcCqHI8%h2PAsi7uWfL(8jJscDDw`Y{EVJTyZzhR?7u3EwGGx(%IIK!3V z$*tMOpBW@zWekX1@wCX|T=HAF7zN4dkT;eKttyH`EndJ9M>fb`{cCz2N%&|p^YLvn z_617@ECqeY@-oxHNpwR~Dexo}HhbZS@stRBnf~T5gWg$L%EBIoyfAH8=}({CKuxW(#;&T*6}g;f(E! z<-%gd^MS>Ks1cCd+$a0CmCWXROoj45tQn}buPk3@;mAe9>_keq!(8{Ch;B&9$y|9? zT$zK+4t3@^`0jBGI=tF^Kf}7syKAl5?b-UP7Mui48S04mk}zi zxQSKxO>?;9KC0`ZE@mMcQDs*cGW5W&yE9u@rw5%Y3MI7D2Xtz8y+g_*TvyK$35=8T zDl;>4B13Jd=d&GbDnc8#Cm*$ftYabm^~;xwIO!=~x#J~A6)Kz&!h_)Qxk~AI4d0?W z+-kDsb}dr`3% zSw9k@r+X+4MaGcl7{$cSxlyR9&MXg9KfcAAAV=u08HP3B!UsWzdQ$AcPj9qIKb{1D zq{LO*htS{BZMx*Ny=E@XIzlpC`dXs)x@F zCgjV-DxHW(kEetK!6^&vf~YZg{4bxS+57#~hrD|?5UCwVKzoTva}P`BApOn!9m}QM z`F)5j8?=`Js}C;Rc&ceX<;g5;7YT4znAso|qYy_C(zjLIQ#bM>bI0&3?+K>l?e0sT zOJVS1iP=Lf_|!>ScIa!DtGldBz>`Ikj!f4?NT(a0yu_#Ca4WGXJ#jCilud07MDY-n ze23h+Fp(tZ*54sn0>&aH6XWCe=v{cI&)U<|R#kZQwbe1nfXs`v;+pQS0p*4o@)B$9 zb_?9@&2ULST|%3}=yKZunNAkT=BP=5mHxhoKKri#ZOLBwu-oXO3)XGVv+u#)_Tc>J zBHx9JKHIL~ivv}xw+}6u5lnenl)cDcHF2tZ$^RxSGNP>#M(gmIGmY>J6rmrjY39>( zm!J^Ms#ESRu$uhY59{&Jvo@2FK71yD>>4>4Uxc3x z2=!GB6APISn%i$3jZ66}OBHGvcR!J3(S;Uu7-<~tIVA1anbxl7v&xKo#{OUOGLg^8 z_WFPe{T3*c?Fn;^9<2__O)FcUTueCU>ZM22>h;Sm`(R0&yuG;YdamQoMz|)eK_=s z!*e@9m}pXk_W?SbA`I+V(ASyv3u&H*d4oO`&q;~f?O8&sXmPg4tAa*txw#N*!(wOH z_L%FN2W(@U>RGk^Lbmmc!gh^+q?E(G<$eu6vaKo(IGT^1chzeTgwzIq#$FQ>6Eiq* z`mDT8=%UutXCVpSfd5nvzCs=H1;>QJzqC^r$ld}`W^i_Wp%dY8zlwH4ORb%7AQh>Q z4$y|4fYI-?y9@Sz4!S#|7mT7c9UC~tZy_+)g6ukzhR`s)#Ub7&EnRVBqNQO0jwZj~ zzki=G=^g7Tmc%CpA8Us$^*6I%qt0^1+CE}C-E(L=$2r$>VoLFWttp%HHag?Oa7M`V zOpT41MyuMb&4%G7b=R2;-)M!n0duXP??jm?L(1jfWTkEu(()G3%R+@$Vi93=H0CvF8`>IsDe$0%oQ*%> z<>9lC1pg5nr-*L2%e<=B^b)O2upe0La*!)(UZ?PJM=(=1xkO@gTK{g!6g+`s=8VJW&GK>Vr#-7UGc>8XM^V2ut^ ztfc`0>29|mMaR&WzKTAEw4rmfoMg$9l7_1%(Upl=t4Vot1vKH~WHYPQ^%aTcn+yky zqDl&t7`ev6P+R2?1oK`Ql0u*kUz;s!Uyj|egf9GKYKK<2Kau* zaH_gHiOzoXxpj#1;5{1m&o3`8O9TpLB5Q|3WViso@xA+thYn)nj=^I4=CEWnfJrPU ztuS=!2inkPTZNirgk~CO!&i)xEjtaOi z8Tfot5%)(}WEWt*PepA5UDG}vh_WRM1lR!kDvwsdUxfGsW_K9seH*f!rP$edP2Q!c z5^h^QD{7*{TJ9v+bq8RI9{7=&OgKHV_IL`?>8HY*VvmGh)w2Sjn-D{T$v&_|+~4=> z^kJkFFG_ik$Vy`A2P-|gzy7+0lh2&(59c*$%ZXvw6TCC*!dFp?J~Zdx=}oy#W!W2u z2p8(y&48&3e76PJV<3h@U>Xo6{e^opYsnU%HH-$Iz%>CDr(vLzx%KjB1;5`3<1@`< zUWO(k6H_O|ZAtVC5*gqx*(^N+pX22Ac`9niU=1vwft|@+>NO>lKZB4>3gM~@{NIE+ z3;Y=}`ArXDKzAww0^hYxg&y`S$CW&Qxd_0L>8Q260J&*mnWHV~CXW)hPnd4_GsMDN z1D7~x$ph+ncFLe{%K@3Q^ z9elc*Tf_g?V>9Zw#1NS#qWPE{5C1-qqw*b=0{h}N&WeCLATC7GTkYc3z+}aQ98wnf z=FV^MVZd6wTo5njes^j>ey_F%a#BHjiR{IHAJ6%@*PNmUGkYgP?L;yC#TJo>I}5#g zj8+zdhl4azmL}Mv(gpr~xaYriDu?EOa7O6k(Zr)Pl+gaDUN*~Jujvilud`VmdVSHf$T1|>0)q9VETTIj(MqUbV5CS$ zHuDfQ{i~To9Mlly3ZQjB(ksx_NkoBD7YWx<#m$Gb( zDhI)}Q~oa;w+AgiNRG8>Myg1WRQ!D{1{ZW(OfQ>(M3j%ZerX@CVI@S&SmY{DP5l7W zwLtE1=I8`vQ1{`J=74iv9y;(fSnGZHOyUWHt&E79J@B5FZtTdXHIt|*@`w*bywT3B zTi?NUeg_>sin4T{e6a*<1gS_p1@ZqtY8{?@I*%v9v=o1wX1=f~$F8Sv_$n*52m3-! zWgJKLQUTis8KmhK{N6y!g8+-QkaL-;r$*b`qc|NM9f@%qQd$)V(4e01)p$*5Log2@ zmY!l_Bo|@dFoI{DahM%xKl{rM*l}uwXj(mlCNS(O-HNdMB#Jt@MELMZvjm=k0)jvet zv}sdPkM;e<_S7I4i=t3_#()35hCY`#%9y}5iY)$qjLZ{@)nSK4n09a$nau<1NUcUQ zmI}Ox?)D1VPDtDm(qslu@D$L?yA_!B@LA4DwsQa~q$I#0-s%fSY6RS0dS!1ZLfENN`CyM&8Ce`3oex?|rPJ_wG6d-nAO)Bct&|wd zYy5-0cj+#K3X8tV^MIKi&`7{BgrcocEp18BV+G+3wN)RI1|DtzBuc3G!-SagjGbm8 zhf?r?Aa|Cp1J?Ox)$T-mAaJVzQOyy3^rcBGEj^W@&%z?D>n7s2K z(-~+q44~o;C?*?Vz$qvO2ETuPqSYfL57|@5aZ-FuKLfW9(az(b%O%~SdRLqc#nXdo z@KrTRZg=W0e9URet>aZ8s+z7Z{HE{gv zNjVgonBuQ)62?f%T1%}E+H=w3(CYm| z#}W?;L=V7tOi_jsxps491^g6fEJQPNkkRW`TrtRoEE|n3K_%sm8!VZJr~qejKy5sr zKVfaEkYHhEjz>>(6tc8?DBK27*c&2v0eT;$lBNPuVHh^t`xg+D*k zUo}yK#B;YVPzdXYfFUi%-OJuk&EbD8yScNl&k$lUm{ng9$2@r{Kx&WE1`6xet%C>O zl0!2uhd^WyU;;vqnUyaLMLe-YLq)xg)T+)^fp)GmUN9a+keEA0XFknFF=9o29zOW0 zb5Y2wv@AI|V0aWe@`$p`ww3JPZ0b9K`@?`~8 zv>V0WJrq8MGiB*bhGd|F2viYCtVxKGw?peZ5x9JVA@<0O&>gWOj`#O$H@UXD4 z6rxvyX{b2bxVMZ@Vf z+4pg~_x{%9jPs%-iMfg_M?x4CkqN*n(pcf`nTff8P$*V4!+eaxxl+Y1_pzY>ry935 zA8@k-{5j@4kQ+GVsE8-Q(a85 zn#GiJIa4iZ0Z~uLycSsWFbJ`PwkFN=7u&TV?i}(Qn6PFmGOt4QcSX&OMHux%TE2!l z(2Wnn@X><{T}b+O8_u=k`dPftv|udK@A)w~9IdGeJW%L^wQ^U_BLGNzq6q1|ES^MK)d$Lg;^>BP zQiJYxXbA{iG8~EEE$hf>Ge!dP6|jmYJOX?fXId*Sc3$~FlZ)~IxD*JsDgr{m8P06z zq=Z?3R!ZD~C4PJflzxatQlpE)m@xAX^2vZRntVIs*?W-~1=RnMkx2Xi=^`~M&`8h=X`2rvI0PjM8}izEoaAcuomR_P~3 zFjS;Spae1o2R}}VX_pvA3(ujXCO@)NOe8EU8IZ!G#o$e)4QjS-*f{;S4MhK4yLX3^ z%yJB-V-J@T(A*Vj$y>pfXR}$x-cver(=nLIFYB%nKx5Yb1m1# zA{X{aQj&dmcfRchG~et^ax0F;$ZBxNJn;PP8T~c zcBqlboC-T;5dQof8O;XVBmobC|2>pGe*51rnHvZ3Qe*a&e#;}O~O`|8x zb_o<{I0SW)o3>|j+<)$J0^7`Bw8Hpr?8l2VM~ABEiips*kss&(x8Gy(-+QC`hb-4U zc)|l&z961-r>}p3Kx9vhc}=+_mBSfUB&Xh@M$WZ5b^`OcC=b%5^{Ub$#OLD zsW(2Yu8UJuL`paJ(M4@Uhr<;C5J|o6Q93LOfw|LuA*VA}l!O#bCsC+FVBOURFeUau z3W4!=FPmX*lB81aQt)yqRT~Gq_3WDxqc< zw>)2MRoVIx|1LJ>xC}bXu+nanRXOxT#3+VRuQY)%#`lDZ23;=$ao7X1QpAVejH&w_ z4e4k-PH0Ht$%z5Vvlr=zT>AoS$cn)(LcRbW*MUG_DhY(GMfR+)urOr%d`uZcp^FkS zT_P9o2&xh+iwqoz3`Z!_QXY_;wU}j`M8?7#`K2l^tDdsG$YUyCVBRAM_8%u7?(W~y z67gaWHwTzweUM9nCWr7opMjZUS5O{=N@4`#Q;b_xu$I**Uv=-!uc20><&Y1*x;H?? zQG;+U4_B`v*G5PN39A!69bjG#5U)6X6n%I+P>ZT#OSYwG-e(WY%u-#27cm`&7Tdcv z%ff(ES8`bgk+=v=1#W`_R?mxVC_qYz@x%v#Y_4D6ylo!BUW)aEF1ThP%YS?4e`hJM zcqFTr@_>^kWH#y2;1m^AZG&ge1FjruH9!#l^cV|E5dEMjMhMH_p16qK)kS_jQm(K_&6_4ZV1^e5Eg`~0R2G*1Be1s^7e$b#~esHHmW`h z3b75l_L!SW-$Jdd1FnJ2qnbNbw9i+_HVsYm9_>7^CsIVyA;q6uiNh&?{wP#@m60fz z1$;s-z^Vlt39~KEcYrHJ0hAS?Cow%Tqbl&tU{eUCbHZy1e(<9htcNv8I&y#{t^2g# z0mVV*$fJoO5lWob1ZEHxAMM&DpWCQ=xOaq_a(?m6{&Ui|u=t)}E!rFwjB%rIqc|ViuGXbt*trDXL80PgT4m;- zA#Bbt4FT@nr>zWvX47APRiaz#N_|E0Kp;16XmTaUL0WiD)Ffx@AFNsg771lleSSE- zU9D#h_1XfI4Y~W{)4-(%fzB5$UYvr_vOl#!Ll%4{#Hwg)*rl^7? zgX|G^bA=T?@j%4ReyUW3Q47qP`cT?^kv%BNArWY#HIN%zl7#7)1+M{lf0+!$l_hAl zXXZ1Um7HL(8HC(g14A!6_#QHLF0IB*7S8zyW;xtLfu|#M$dv)Wt6uM{Dh{ol6g>?h zf_fd78d+ev9TeRK;wr@L3b^)Vn@%3M&?7)YHsI)D1!~=z40%E9ULZ#k?OkoUi6(~l za8XoUHL)A@5Y_nP?e9a!h1eIEmXY@h*fqfu#_?k+^CFUa9m)Kd_l0A+?_X{8&$$%K zVHI+d7QWm3tw}!B7Z@`_5Z|Z>1QyG8`_N7?Q)vq5&%`XLMoqTeRfrZs8b$P$V$h3@ z^v6j5*I=zhQ+NuBxCAq^jHUsxbKo`+f(pr%HH1Awm(wx%!wPQb6f`vV8?#ol9i4tc zL?TyA@E^;^z#GCh4ExAIZ10OCk%eTiK}VbZN0^~M zlS;Jxe7G|QXG#wfg;hoBV-IPB+!o>DbZ5?;=Num_Ak7307fF?*7=AgqFhNUtdvqUU zP=PoVNi#v|2bQ0&a9j>Sj~oT)O>2!fizCb}ZaqNed<}0_?*~D2YteX;MWfJLxhD36 zA(f4IRWptnczws=tCg5=Vp?skn4nDVdwakJoPQWyyA-l(EfOCT%Cko8d4K3>5)$YJ z_(NIXEWzCYH-$n1U;kCP;~N+jLezO%eM1gOKxN^;JOleV*FK__A@m3}OHOsPN@_IV zTQ`z7lspA6QXfWcT)B=@WI5D$0M2rFQjWgoEkBPoUOwB>h}0Y8Axrw7$Iz+6N~C}c z?g`o;;yMdiWqLq*j914J!Vqk}ETA@=sBEYaUk?Z`fL|h9v&G1dxu~3tFKC3e4YlWM zV(6zDRcmCY|CQ_H_Ocj-V@r@|8UEEBj3hBiOG{%kQx!7>q|l^b5MAf%>+__1ApGQW z?wi8Ps)itM!0Jrl1@9nd5>~Radv3gu4A02JSO(-Eg`*}54$cDLV+pe~Hn4c&W+tZy zg+1iiEB@S{BPjSohf~L!Sj-ir#L1m)2sx4wtKwrYAO@ktaVV>3*W-dik3eEl-A~(O zAI00|fvSyz@kdNm;a@$KIk^i8{Uo_#=L&ajC>VHg()yqWB-*e&6k{T<_f!P24AYoz zJOCDv$ewMO=^!)#2A`_Y<;vqKH$3$fU>dvVsXy2LS=~BSrLI5|2-4x@l_3uD|C zy>qX&IZ8|O@>$Uqk^KKh<&>u8wr2jTpZh=Jvc>@w<@3Ly@F60c)1 zFf-&06Iv!zNw2)6^U7gT(<@`RtXJ}N4YL3;Zeu~D*Zq&Bx90PMg~8@UWH=@ zEe2HvE}J`Ah72@6_j=q|H4l0#8W7?rC>da;Yd~8(mP1NUot)TeIl4lj)u8&xXenNV zI9ZRh&eTIb5!d+y)F)^Lo$-7w_UpxtZIS`}^8b>U-%tn?;Popf8m$NJD+Ca@3NMdo zNxpF_ztbeX3v6478>LYUP-lUA-X5AN>hkt3I3og#!N@jQ_t1sF>-g1~#jt7xcoXo!e-jBAD@ zNTX@|BcsEd^(Lsj65N_YZjmaVn3#a)^<|3ViUZs#O%k}X<2~x6YCixWo-P>ZE-UBw z7MgRnG{)3_g2##?5^vyE{ z+h7DgZTv%tbc6)vK!86JngC2%qdt$zs-p14fRP)3IJe)P>uD&~WUdEDoeZVm{2WEu zg>#aKhm-9q%Zl#iU@LH)UkkelP!~mL;1~w%`B6P2$R%ayXhW_lLj79Xb`az_SKH{j z|E!+|mM)`A!mtTBT+nF_TP*|7N-i-YZg~_~GV5@W!M0(5FpHS7uK#%yC&u#f3<%sU zO#E_?xmh&9v5Qy-M8RW*hpxIMb;u}7kfND~p#i0C2ob&* zYW(Tdy1a^}A{?D%A9_O4h?AR53D=ENNKP8LHH}&gaDX=(^x#9k>>m0D;=<%p^=yX5 z9!M9rvxP#K97y2=9g6!TW5{P1Xh4yzLq|i@NMa5E{Fp=ri9!F61%vLzW#TaeElQe5 zk{@tNqEVOmaS?%MIPf0_i3o;gjOIZfrxh0`Ja#J{0GJ` z{3EWcYd0EE;DvEqqP0L(be_ssi(FX$bT|4iWRM7)l0Xdl@{#70^zgXqB@#c8os*NZ zsQt*ocw_h)n*ID^ZG}s)Kyu(zc$6X|8Z51#`y`X3$W{>$X}*Dnbtn2V$uI==W2s{& zp+Gg`mPu$f2dIRI#?)L4XmXPG+{ryqL_YGxY%(PZe?nYjgo)j_ga*j#E>{8DVfHPEr&I{sjdP#rf`^Q911_@0NGNI#fg-Tt%qa(qs zB@Y|6>x*PQhSUO2%OxnBGGuWjZ9$yiG)RN!vzAC*LqoB^%)A#R7qbTSf^Zt*x;)V} z>;JCAQvK@Kwv_w#g2_F@npHGg1McTPUWQ8@e#v5vVPulv4@TeOFqDH~ZymDRQ&5i5cR{H9zLn=QfXPNH|j6QvM55kHOoeVwY0OT>; zA^37ky_-1dzzhFrDC2N%*TDKcs^HD!!Pp@{&i6$M0JFR1u1IVN5U z)#Rn=65+`bwTn|Q3PL(k#9KA$7||1)W<13XVF~|Cg7pWZ_hBYxQ6fFy{+9O$l~N3X z+t4nX7WO(kC)W)UGr&~((sxTa3+I7@kL?|yG9*X5R$vM02c^`$!F|1Y^=dgJ{WEcVN#wl4H8PK^DGxQwfY|N9 z@T8vc-qXIoo`lXci?O!ClU&$}73A_pb17B5VzI?V3Sb1CR0!(f*>!D*Zih}@bn%A? z-H3b8NDoCuC&BMlp)6WJo?F65J{ooob3%3D7EfX?xD3{!QOm$`cLg?ID z{8}b}aF?6d2_Z8S2VPER{7+Ythm2#17x28a@Ez5wuWxQ)Bl3r#dk zO|mG9&n_AFHYN?a#INYc}HD$fzq0XQa{?wd{xiG^Z_ zFu6QCYjR^J$rEk|Fa4S6e|!8q62CmMPuw4o6Z!kJ!{U81I!J0WF|Wb*KyKY7@*V2_ zJHq9lFbse$i4AgefbD_@|A1sZB*S{*6lsXLB3;vAHc6MqX8&td4~USyKQ-C{Ax+^!7IHZXVJ^YsaJHBV zt|Oe&;MvE-r ziuoX<+Hj1}4gfLq<*}A3CIc2*LWh)LgpSvYAH?&7o;;TIH<_BqGfqC=D@jU%ID~)* z2_RyU&~r{!iU9;X=@EVb7kW!hGZV<>z^kEy;vj~i1+jwQNfsRuM@?#+Ce)d+v^ZmK zJXlUr1(b|5KKx8b77Y0sZ$JN5V2j!ti!>KouYB0W;NAyo`&rGK)dii-*k{9KGssA3 zsn}sK0dP3FCTi^8GV06r|E>iH|I(BH8`d$bpJhL*nW<^gfLPpM4)c_cda6A9umod$U|ox#e00 zQW4PKPNz~Ej6z8|K*5p;8ZwxI1C=w>kiflEWk-b>6+;zDQZj4*8l0pBEdf;6xN+m0 zV-Cb0VPVCHC+@t5cdWW@7=2$?Mep=QRMNjfw`v*>#A0P2Ls*Mw8H+x`MTOH5hmo1O zQ9=izT&|ZHJ}g@@Cr3cLILlDesuHk+ox0!A`s60Bh|+!h=+Odkjs(MTLVsEv^o5k8 zT2{57AssCVTr=kAQRbZ5PM`oDlNQ zs4o*K-h?U?cpfcfx>+e%7aqG0I0c3ObfTgtW2(iX{vzyKkPGK_eas6GrMoQ2po5M< zv*@yptPo`Ev+5ICXJriKmJIu6lU{;jQ3grr9o)OGFgh|4MV|hpq_wWbHs4<#`d|>Z z(lXuMIgnQu;7GUEc~03+FA4Ka4#Bkp{jjx|pq!nuB>3`2W_H4Orn-YTyhrYUZ_ZD!w4(S~B(uR(|8K{6wDh{UXAHGZA`gm~ zsY!{2bM;cv_khf`I2=XL?7K+0N&Vzz?TKTCVmdW zlM5qrGTV}ROuA+vN*~?@J%8w<9Ob)OI%l46w|!#Sy2TG8=Oa`M&naSOhB2S2o_CyC z)@ZQ%s_0##l)H9K`8ZQkq1t@4b|`cnQo1IO4GP*joSoA+Y&g|3f@=k}Y(;H>@YIOJ zzU2vY#co{zNix;9ETl{-AiV}5G4?JC$P&IqAWE+N9f%40U_GYPDA>#&hBdv*0vXi< z_7}8`x0SN)(`r#JD`OB>+c-BHHitavc$(a^8+ zj3EizckP;hFPP$Qqj=#H2srxLYCU>6Q|*ZtUPnkys*Q~VsQUxV&MI_FMzqJg1 z5V=BhMJO&{2rrAHB2A>N6Tf*7xFn-JWw^@8vEV;+8kuot72Xrn4(M&f9@Jb$J0OyJ zDNsVo^c#Y|B-qk(*DWb86G!G!b>rptSDibUQ3b_x6kQNfn%IN<@06?2yZ7%EN_fR5 z1HTY%XPSt9Q%Weg3ht0XO~lk~sZH|QAp{XnRmxzV*e3ZOGpO=*C{b|?Tl|Gn$<&;4 z5+ZAA?tE^I`{T@S`MS@gU=Bqy9*`ld2jU`&E)#0jMVzbVj%2Z?F2yW&qfvE#)ufH zS0zxSf43Tk{b@R zoVPHH6D6gvOrzdsqd?pf`t%~2P%ywVzZ~nYY~P|G?uBgV(3J*+U%t{>YHsG6<}!{m z71&54q~v%yA$78}NMIV`S(!kUtc*dc(By6jgtxF|nkNtTO!{w`2LR19<)v=ck;rXi zT4d(yJf^jSyj~*3*Hb`GSo%Marj7o>N*Gf<$(Dtj`~VMMKF9iZuIPkl=u9#EN#n-q zaEb*udDQzBR}&(7bQP&ugv)qepGMyi*KNL1j^~qWffMP7y~DycEVe7pcvAD;5|AfQ zsNa`0=Ug9c#NK$7_lh%#Zx3wQyg7`iDKRqV?sRooN9Scmeig%Pjr=XY{u&Bgr_N8^ zXcY7k{1CM4)J4unV??U-}riNU=?R(Q7ebIgW_JG?r zpZZAtW7y*`qM&>6ZO=74t92(2OGE1dMr@I{s7YEu?;(Rv987_IMdu(&3*tk(1Q#N= zBu8On$@b$pEVr1F{qsuRUcbhwIB8dza5^BxmMH0I$_6jK(OpOk0?VxJ9s6|u(=2?5 zxjcA$R8jxX@I43emu*NhXvFmr+Hup`_n_aZHu7HSh~{8hp^G2u9y&d7I5_5XhY$a_ zRA0eO8>|$^)I(;}AKi7XnME3xs6TF0O)nEK58&;1HY&-MtW4wdwhu6j6jOCEwU+FN zKFMCV;T5w&@!?+%67Kxx)4UaAA2a$>b83?7#L|fTzP|@sz>haAm14#$OvJZ`pQw)b z?(Z+lrM(@LpChc!gxoGITconrbGQ51=kfB)EeD)%O3}hx)5Uk(ph^k1oa{!e* zJh4A@%4&$z zH86C*`MQl1F-8o*vCr(0!H;v#7kgva0g@92#v4kNu#XzOOL*=gU@6Q;D(RzoGhj?B zZ6qevi*RF#rKp;qB-aJZDB_ozQ^AQ{4w|IIF2GPe;uEhs$nom#D|g3T`5B21qpACG zAfh+RjjIVfhPA#F%#Xn??_*s*i1gxC_wXl|;me{Lm_@sVgG?x950}KRMMY!8?T!QH z-ZM269wr}&cLt42=~~n@y$OdClzSZMB)jM9jvIL=$@Y%->eXQ|w>SOqzXvCx4eNnI zv7mVAzT%Wm+@+lmoY!Daur=Q*@3jxa5q=~xe`z;;*_syax_xM94XFVuiNhx=(bj~E zLyZjf+UM4t0lIS%48k()96w;Q}TfL+6@!_)Nk^OCylxz!E~;<}F<`mwkCb&k=PEmYqg)S19y$j+TB#sSiE)1Z5TL*e#~kQVg?psGMM0FqL+Wg6`-QsS+p6X`eTZ?U9=Bny6~OpmK;zla0IpZmm=vVNTr|?5OvgQ@0LHMXq&7Q&C{0G=Ree*;}8`hlqh%m zPVLv?)1P>0!}G-BsFU4`jQ#xl_%ydhybV+?Fa7R-jzVmbuvM%v8cl6WaT($IuwQoumOCJKB9T9Tt zjiP|zMWLiYdi#M{NDx9HA~0wEq_L%XCX`w?X%%JPn83-X!e)TE2!1_yY4OcT6H7;b z5bbcgUC%D>=F@@MD3q3=Yc(T}@o6YFq|k_aPfw9@<5Nsb>6^LR?3!zhk~{s#BGHaA z5h8eZi@XfU#aiU7;J&G z%n{iet=#CpS>i)Afd^<6mw;vqEDWjaoSR4Cf4Sudl0^FlHEU^w6{{xYJbhGhf)!ls zjJv$xz?qo4Z|?mxQEBhL&C{o%zta273y>m823fFag@#sPke2A{v$Wuni81rkaH_Ll zvAd@qA3v^C&-~3f4fybxqEw(mb)sqSYklH?=wM(??~ZCi2os;4{tB6{qqrHMkm29U zrnSJmJu^x}^DZY>LsyG}RT>xMtG|auaSobkC?-|h88E)Gs_K2vl8wK(a#v*{K{Vco zXkBu5#U}<`D02u`tzCegQ_On`5>vFf1hIt0$x3NVT_SlhMb|-T_KZJr+P8x^5NAVa zGpKuqfdy=qdPZPy0IxfP6OiQozur|J4jPZy9)_toVvk*q{qtR6AjB|hmC=Ly9=-k? z)YsdSq&i;OA@ZCEAK{H{bL>lN*N%$RK(Uw4=@B}dXlKPNtY;XNo<*tNG$zs5K6`k7 zrHo`MJ9h7GR;u@t^laqGSYR6Kdc0U-`KY$gy9Fdn-Idq<=3em{`Hgs~TiT3jS6hvG zfZ5Uw(&f>P+7Vb?tt0=wcyxloo;E#*GeDG~pd(tR{2nMny29;~g`NZbxQ-a}l=gxH zFHH@2;V9ED(9(>n4(vUP}P9Jm= z7;zhczZwJT&jvmiwR#0O5Z}IR+OGBY?~V85ZCWF; zNi2s17Ft3=7Q1E3FdoORpP5dVI-i!pg-*ZdJhEyhx-|)e5(N8UM@de+MK(%A5B&p2 z!NOTyfEEyl^h%i5m(RY^X`!gJ;&`=+gAA-$N(s(_o3^ZR@J#d*2 z(A}92zbbA69wh~g{9zSp#*VcQw=LmUVxo6%7H z`}+_;#Lvy2B16RGp|sJKK9IAq#P8m8hrLmW$MTelC*BmF#JV%u-#p8_`9@I))FBJ8 z%;2o0LSg;i>DdfGH)Xn#vu<%9009cd#oM%QJ&+2~5L|Z^NkC6yT1)55D}Ezs>hjiN z#o3$D5&0vs7&(@~)80l#Mm>joYp^w;hR3&i&DnXx)1#*qCu^2vUa6bgr0H$8`=NI$ zbPIg_H+_CY{#$oll#TS9gGKegXMIjt0wnV4_Va1PaX`{1C+qP*m`ANGla$fsi<3)k zU-bLpR8YaLL8NQ`1&v5TWJN(0oWjcN&bOEWJ?c3O@Fb{8Hn{l{8J%d^LL z0dYm9&0v7Zu91G_U>H?kT(M)8`9JPxqYVW7ozRT@34SSJ=x$swPN2q$ca4oBzK)0RxC#8-0J8Cn%9H9~M){2XAv}Sc~d{oiibVOw4*ZIAnphafWNjmJeYlf3Be{3Xbt|Pr~{qbU)w5* zat{@E1v5q2v`k0o!0+ffZ>Xt3OJ?e=>Slye{WU4g`h zM2Hmb+ts_VS4C)s6ikFq($2wKKR)r1AT$%8uOmbH{Ql?SF@ka_^gMg$v8lsRKUTyCf;>pcvI8KFL)=!{SD|A zrN4+eNM-ngIOjaDZ07n6jrjV-HfV6fLPO9=vW0+zLfXSfiN;77Lt3gvl{yQ!Ph6Ab z0EzB`GZhgzWjU*;MKb#dj8V!kYO*-O^<<@^|1=1f6ifr;1>%k&4LEVY`aMNiG--kh zY^jW4C7(b@%A>1voq0?W7_G}$Hp1`o`MF#%(##T|Iyw82fb@?8cu5ZUbb-+!N;bBE z0%pm4T;{GGVrC*6Q&+BweTT%MQB3q0QxdTXNqidQKm%y3Q+=?$?M%RPxAgfZ5bMe$ z478C)=n7CvJo`7&5yv1WbP{rdv(ml)sbXKM{GvDflG$9N8C=w)CzI?veAPW1y@mf>NDI(IpWD=rwC$+9x?5SlxFu z_C6s~LewQAzrG~^zw8W={pKW00qs9C@+1?es!x`(ZCeUA7)w!jSue9CZy3=Th_@Bc z>~yd{e6POZ4)wdc7T|K5Tuc2qXQqN1rV1Sft908Y1Dk6hYxq0)oI`Q-Y*^DNe*%^0M-&Rt3J0b|%h zdR`dx;iM$p@;)1UFCtSe3>(^n$2P6@>Oy%tRB48FK^NwY1cO1&n-aniD*-9FB&$88 z3}VRecbgE{)bHL0QLpw={V?LsQHGhrYT7|`7IlFv+S2%vRblZpvj0!+S284AoFPL1 zxuQg>g2n5fR+{nhP`GxHL3!#tCJ4p0nTeFbgJx?+oufGGrl`cxrRY3MXoj7hMnzyo zrbow9-Hx$D=dpTl8|sHE^f=SXHH?^;We?B zY^`R_v>&K`^f>aab+_G^InS;p|I)Owf`YHc@R)i$xcV~s?AcIi zEi6ASJ$$IOY15{0 zq2cDOTbD?m*Gc%M78a>*yj)#(qeh6z$QV`aYdlw9U;no{Uk7JdVurwC zey$Ytj;IiGlyky@i5Z6wc z^Md-<-2rKt4 z|IVGEOLn^$b*)J)D=TBgn}$ct`9VA|R zD=hjw((Bc$BxCA|9KfI>nTjiKHILiP`JD_b;u>tke82Xy`vKn zwkIU?-QuuxlU+{Gt8GV)9(AO32?`3@9T<2S?B-fd&SU%w)L*-W*tGvX#6VoglU!~k zpE`9lJA2jLr+(?*L{!z*w(6dxdeg>D?QHxHV>+wt`O=GM2;D|PMG zEvb5jUj6=t(&guNatgSbkEUM98B%OvYWk2NnwVq90s;b5l}cq@eZ2!xU%CrdF61gV zw}~dZdby0qx87jy>RJ~xYS4!$$3=@)At<%6wZ+T1hk=1XbgM}^cU*{%5s{Ia)z>$? zlIaD4Y;(U~#CW{+!0_S2 zDbQOWly9cF=7qub9XrmtS9RbajE;N?1b@11{<-w@W*@4q)z;QJSolQsXKF(0#~=L< z9nxlG{nf5N9?c(C?ZfckITz=pOC33sBg{*?3>`XjOEvOdy}^SEAE~YAv9_)`O=ZK| zw~s3;GeKy6=-bzxf0}N*AVJ?Qy(9l}iHl3k8$YU%@0Ry7FxbOruIx}2MBlfJx$-Z4 z$BcHXRFUhJlF~_C_00n+Gye%XERxMV5=BvXpv=?GP6MxiAFWTU2SlTy%^@Q?-g$8K zswsH;(aA-{X0osOz9S`i-deuBBEp2aV z>X5s4?+#n{aTrKO=F%bGb?Wp75PI{0p=M0HHBT-vb8yh%R26AC83(88cj(Yz>(;GW zg9iua=TC2XB)2RZ^o;9uB`d3dfPzwHN!bd+P?`F%M#z4oq~hMaIY7Z%ckPPftbm7n z*SYgk*E#d&YZ2HULuW@@Y>Mn38X9^!Esd4yTdp}aW<92tYHq4fkheDQck&Ag$a%?$ z7Ne*0vfSKUHu?C|{71m~xFWqc_q_7^kbl&|K+E~IwVgb7uI7a3TdSkY26L|s2MvXFc$G7C$`*IgSsh>fj5c9zsxe*EC5@zH%@U~7) zP7i7IVlG~MQ1xR=TMDr@7&!F*_S|S*ImS4#mX$ zLQp=%Z&J*=xb>=)<@){-Z$E!thr(*>wrxE}jf$k&K1o&X^3#y@{{AZWeV%GinEy_! zeostuUbd_k8&ktVHIM5|3=klfAfT8$S%<9<&UMb$c9*t#7IMfnwZwBV8hs~c=S#V{ zJ5QfB5}OEVGPk5;gAd@}9u*YS(PeW%Fuaf2rb}aNY{0B4_MA#i2I|n#*Wby#)z;C8 zKYrY+(b#ndHDP{X;jh;m4<#nv6$)b?QShA1;0a@Q(A zwB~~^1=dEz#pxv_C5@XnF)%7>%A`sEz%Ith%Br}m^afiRwvtwu3Y=(e{w*qg^vAOw z5Z_D~@`;U(-b8OqklA_h;%M$eQMDfqqCU?KZefcbm7mFPbwMA%vFo`%flB4?q}OJJ zg@xxC4SG>_ZZ8Gb^f_~cdB2vI7uE23$5yk!Y26;jztQHa{CDu%8_-I{EE~cMHmtVR zzZ8PQpzBW0$(_r~%b&e?Q9-3%P&`OYEmXBBnQ9L;@$!1xW^`Cir=@pKZzBZf=jXR> z-TEQTtZa{1OSf52Hkg0kDx0Ibb*ot*8Gs?pNjyh%G(C-sg1AtHRU=lbsl9*M^uRQ| zmljsK7E}d%U1=$qrRi&B^M6oWHGR!l-@^T`Z>n`Z(9G_yZ~mwL)8D={3%zUhV{msb RMnD*58gDV~*w6Df{tphRb0+`* literal 0 HcmV?d00001 diff --git a/docs/versioned_docs/version-2.19/_media/benchmark_net_p2p_gcp.png b/docs/versioned_docs/version-2.19/_media/benchmark_net_p2p_gcp.png new file mode 100644 index 0000000000000000000000000000000000000000..a41557e96c15e5407beadc5011a3f3fa6aaaa71d GIT binary patch literal 36961 zcmd432UwKZwk?WnppDpOQNRGAARr)uM6;G8MRHUTNs@#j2it@JL<<3ts3J%fB}bJc zITw-zB$j|kk|N!)-20yIo%i1N?m73~v+wJ#-R+jL>aVrdoO8@E#$5N$DV<)uf_()G z3(IQCnG-53EQ|YDSQd@{xeR}ju$NT;|2b@TQq%5&)m1x(OV^E96ffCXU$e5iW_o#t zz0q}BQ!7hRL2K+Y1D(t{V$UZ%$Z?H(73dM$49kh3yjgwdjpp zlqm~~PbKBVQB}v_?`=-ON`yEP{`tbPh~xKfw(SUCOn!55@qd4l8~+>M#KxLAZrYaXCKVkt`dPwx+(bqEqy0Y~ zVeLaIgC1>C^HMv-Oie|+=gC`_Da(y~s%LC_%PE7AUsm7&=exC&O?Ge1p%vF0uXR=;&y=Z-(6fjX5=v7!~HOZCV>~-rD-@&)$ky z^>}Sl20cD0)uJEVopD==;gW3xo@s}XWe;B z%(7K8!?sWT+_}fKk&3Y|Pd<#f5T(Q%tCGu6+C1lZr1%j>_rb(x^r69q*pZowL&3xC zK8cBmwGot8XvW|P)%NNz}U{yV+Yk3XPssJf%Wpy{1a9o`}F#c|KU@<35aTkFEp z{+VUUVc$x8`3-Vi&8oxy&Yc;SI(hOW57pPVAo@bohE1Cy`$Aomwu)ZGGnYK&k>4aU z)oMG~k(Z|wEb&)grc#(}e6HKfV3To}8gqOg-mvPSQ0^P6-03|+w+A5xly^myD zy;||}RrAIKz0xPUJ+JqcN4I4;@M`AB&Hs9Z-F>i;fAYx0w~8Q*hnoacjvTq6oq8== zKqr;^+{%USRV;~os&6iG2Ub^~OElWGd$(ea^Mn`o?vhm;lJ)WBl_64!^f;|}ktugq zH@6DoFt=VR=i+6n4!FC!>qiA#S+SAt%KYqD)r@u}mOXH@zT?g!rkks4Id7QjWxQKk zWSF$mJNXO)k2x{AQ&F;|M!dFBgSgYrZ;k@;3T12O)^FKj5~&=k z^Y2S0;<##$@u@_d$&Qk9{blV{Jp0$~Q_tFSTwK~@gY$T?K5Ivuiq*W?#k{!dk_=BL zjybqzyKzY$_L$FJzG_u+KDi32V~|dy)4?C$9|RxZKGT*xcAqnr7!RC zyQ_q0<-W?Yrj~7)emki10e@Bhy`_LBJa4MqgR)txW1_)WDbk-@$ zQDb*A*%tM&r3Q&x6-jgytm*gOCVuFzzy6~4g?Y>id(2G)Y!x$mN(m4Qd2(fTcD6iJ z#-&RwkE2N-T=ts1j(eX2bGk3gp=sIfUAxK=jpg`Trps1sxv28`tP%HC4-b#`?sH7f z_R1MOs~nf9)LdgWopHDPFG+@N^bs8K3LMdLMq-|&pUYr$RQUv>k;_@fcUQO%yIARS ztIFWR6?ka{&X5s)Z)iW#Zjt+|Yo+hL3ww5#NNist>N0sPk$TwUfV{}`&mK{{E~P2U zA#phyn|MpAg{T{IT=?V1kEduQ!H3@;rVc*U;jo_js*_qOYMXO@VBPhPDMO-q@^((&Mz}s$hnEq+RIQ#j1 zl`KPS+_ELLLUM7-+e`V50*3M0DREpoR&Ev?*X%`{()IpWpd$h%SL8Du5a-vgS10k5{|C3{ z!iIM<9YzExe0rJ5S1W_}adAy0)~8yuaJLQp`AX~kRm*Oay=dkHL!Opu)iEq$ImevH zbe@Rejy~?WX2qX>{`lg*j^}K@w|M(wZnuTGsZ6^8m0O3{|sTMxf}z35|P z)tbJOvSRu2CwX~!#Ue;L_WKxiou8I67O-gB41@SI65?(yUCC$Fo-K*@5B4`iaiwv~ z$;r9>>hu)$M~RBnckEnBsTInb?Ml&In4jyxmv2e4Vhp8qs9(8qCAj(LTch%4=V^AM zT_+Qb=I5piCi-iR<13^}R^ST;7kO`sl5!YM_sdIbY|Wcz%2x!5YouOl+OT$Qc%0Vz z!3yz?dPI`pHH3T1I9K0Ya%oDg=@@L?O%>tCT`aJ{7A7K5VP{`s~Knib3inG@c8?tr-mo zdQu^>ZjwdzbK`Z&&O<4UPX%-i@yPot4Aj29ka4}|AkbOj$W!ljmm%^rwemvyxVa0= zf2C`vsy@|s84`=->^o$&83^s|ya!;8W%o#H#;fJ)_q;*2RA%(6h> zX*f?d8T*MCoqdhtUL`XXT;#*GP%RaOIK10i5yVT0(aTEx*;BUJa5|I9;PaTD1u|z3ahMRv6q)e`f^L-oU)rlhwnq(KvJF-p!jgRpT^;S8o+5 z=(dqMR2i*~ZvdoGS5a{-IPy^rpZ)o+Bn-d#JOtDqDr9c@377Td}ARaftXZCKmz`$zP)%9TSM_= zM52;KD{>_FQ>-Q+U4INp-#x|u{)HHnt zPpEen0ol}ZIODdzoQFGO`a`;Ard{+vV`3P=38+ht#H5+=c7WX1Gg8L!ep8wnD(zjI zTeq5u7*}574vbNYb>5G?zMb?y^F#w=b)fN7K7C0{aWvyp;SIQ z<<0IS;ET}lsd~|#Ni92Q+4_ZHN5d9McaN&;^!*AjaBs?7N}tYfn3l1SN6Jhsb;*(u zeo;7)s&D9}g>2oBJCe81Zq$lZi`U_oaRb&JXwS)N%;Z&k{*9`07I0;s*1L$t3HwBg zmej&uBMu|)PMtg%D5#gY#WTN?`aCMsxilEDOm{lHxx?)^!p+Mr?Lx9kMTk_R^WEk; zg4?d<-(Ahg$id-H>6je1u@8?pktr~tzwOYqx4l!yt#aq|YPiY>{xKBrm>5*6OEi!p zzusT(IU8WJd_wQcs^!$UU+85n&sq{#+HF6qD~_EP?J4yelXUB=43VjHK-06wqB)r} z3f+;gAHPQG{3G{=S?{X?Q7f_x{Lem%_~;w3U%t;YF>=R}#+*fSC9-eQxro=(edOg62H8%4m2%Pq{lKMZ(-HSwAL z)$QZ$iWxm_KqN#o{FK2Yx~Y7WgQ8hPbZ_BigXE&N7Pe107C`hV2$4-$w`s6hEy{Q7oqJkjpnpdYQ(rvoqhFV%2e&{1t zB}vvinD4GU{Js5=FZxnLKLX{Zdjbr~2kN3KNdJe&jT<>v^YUbO!{0itQ>zKarnywr zB6YmWRYtjbN3TK>C`Z7W&V5h_mChjOTPLR`Z5l=N84`B`SvM5tie!_TPexg8TNb%> z72K!Kawhwx;DBgSW%@_=?95$xpJ(TzjfTaKsLMSNUk8jUgN0otzYC+AO;bA85PhN8 zqPd@=VA+x-&-8Pg0|5le$bKTD6rj6pJma8TFod&U)ckO>kaiwFN?}F#(Oc#7b2Am> zyL1&kR7By|Oa0itXs*qnLyV@-p6%4uY&W8_&VRoa;OszD*ddw%DwvF*Pt?S8DSx6S zHFtupa~0u9AKk|+iR))fH>a4>=XsEx>CSd*9=g9f%$%=oY;3d}Zf*MhB`N>5r)Lm? zC6MG6_B^1ev`MG;4kP;JnFj9Dh2|OfY=qt(WR_DuTf4LB`fFar?_lTTa2d~di19RvK&To6Fp*2uLd1+bbPH7GBm&4S&^~ciiftOBYwLk z^5laJ!eQ>r=&h1=Z=3)Dyz@Irhkv#H&3Vo!8SAe%#Nx+}%n!yUJ_o-cUENgpi=4+JKoMh_{ofk;d&A8m4mu9IKU{ljF3!LSo8y3^+zNG`@%KN4&Nz>+DN{ zTd00N+qvwNgmT7dPp+s$DGePGWU~3*yZ5J0oy&@TAnyz@J>NZw((_Wh{^@sV9`n=1 z%u9Z|Pp=8cQhCYRifWmu=+aloVV*NRJ)J@QqbJ+hpHGd?M`nt^>(LecHHCCaDBr!j-Gfso1zaL%cnMbq85xM8AFYDAM-IC<#N7w!Uwok`pUNuRd9l;P<15{}f% zvOksSLLI~7+icw|6J8Z2*J07z;XYHrE_eOgnE)H4`jjFkXBj#QO7^mG;A!oAA5NJ; z5j_+gy-4$x)cCSr@&STcyz|3tLQX6DK_R6Kj@hlFZ|T0CvT#)LzV8))zmY@pI9BRe z-L~%zF=e?U#lM|k>j&9F88~QK>nO8G3m|EC$w8Cq4_geowpYvO{rH0Tr;5$DXDyLl zI^N$^M`^{u_OhFr@C%&3^>73MGHb;-JUjEuT zaJBqdjr79on4nZif?ifpY(j{XL#6`P+!&gMB8efSX+`W<9M_#nA2cRT$XFF1|GGGi zyqtQ@442y>v((Pe%d{gmN6ZzuMzD^1!lim(}G zin50A>VJ(uzDX;?Tt%5&DIeRPFl&_%jL*IZ;(|SzlNAu zy<`7~s`tL9I9tWRlGIWX>CUgczB%h$N1IUcO!(E4?68BvMbD59wdAfKq^_=(bDvFD zvr^Eo4mMgR87}1!%$%9YY8|i^>I>mO%-kQF=TCLZ$HA`{Zp*454BVaARa-^UlMT_k zsB?rWxl63xE>X=#%7RY*D}w>B0vQs%=vFe zW%?a<3d{5-eR`JFQj7J~P4#gpmSRk!(CQT-4BI7qL^&kwthWwJe^kwOv`MTZd>d!l zeIx@-AA`1;vj>fH2wzy+R_ytEOJB3NEbE%*tG0<73NARobVpYMFdosZ);AqFpux+ zm-)t|Aq$M^Eh+g>|jw)ha6)MC0k{y_w!_x8iJ7Qd?G z7Ou_Zy?2;%nVy-61)QOMtEDK}Ap?&}NGm=+NMATTl5By8rwvcuG)T}r>{G{_o;F3% z1%>Cwe$eD=lETG{7rn+N>dy!Jj&%&`v$Or&BETF~Pl@Xsge=hSCX&CN5hzym-yw1_>5&mH6CPCwet zXONrC-S}wRD~C<>={AOmby87^{gut?ahf{^hV!%l?Q;BW1zYgYZIXNsAA+>VjPC&6 zi9PdV7rTUYIH-bn=nK6-FtXF>zS&$=(olNdvH^%L=-J{ZWPCbjpGw5z{LXu0c1hGtecS!T zt@PF6wZ$qYijw6V>_ve21%|#P?XIL2H9#0h#;JU*5U7%vGx@w&gq$W2?mQGw!=c4# z!sFkYE})F6he%ShE6bXeU%SRZl`Z|V|A_QBm=c$%VKr2IBd_!CuU1?h5}pHdriScj zhkgXC^;tp^AsxI#0X}2fSJ{Bpn@})dxXsI-2@BKJ&~LiUPxndMe}6XrtDB8F)Z8$r zHjXr*0a7Cc>n|Z7Ki=5en(ZX2R98S+)PwG`juZzrJ3OEM%kpAhV4AYl9Qn^o-7I@W z&@dN(4mbSu*9$he*>jgJT@tK2IdVw`)SRUpUkFzpzXLukY{t@XJTx>!Cb}1dY7y5T z$}$sA`PAb~a+rNbd!6JUqpUOEYUtJS7SC_;>qlqIxfeH4yyHK7ICAIq?Y#(=L2Ppz zRd%BOLX!Vs=kYhc>6NJVLl(`BZdo_QfxE}puPkHZ+@6@3P4V9!h+h4bL%Y*yWcaL> zl8pYAui)gj8tQ@EbO_qRj7Cy<$CWu30}A%KBOXekCVC zNIB8_VaXgPe=s_R*M#qJo)|nECYuAEIL=K6vdiU=yfoj8nv)$?T)=+Jg_*Wx=JdFI z6v3QfA>H(IG!oKFLB{f02Is%d;??GkMiXrls&U!XAp3q8dA@VuH#SNxO!sj?gOe!YKPTfn zUX3EHnsoUjwZHnK#q3I<>~QqjXEJAoo6_ggotXnsVqi}>4qrckl7P^t29Ry|-RlkL z*BG=+q7y1I4V?mM#BSD{9L+sY%;iz<(BT$fGWI|b3g6kMdtYGTG)E%P^W~NC7re}C z78G39HRwO?As1tq`Fveab#?U;Q~6^!fkB~;UCRjtshwpXKkEnBMr-N?7_;pKeU@%LI8N2jgK@{7bry+!5L5$Bqg%(&L;a#Urs4xCLveiWZj?s98`8ez&ia=5UCw&Tsn^mw zMvkf6FH1T`d$j%VOXRK?bhO&JuG4PuLVfq&rJubwk|r9CE!Uly8VMNpI6CX6q5p)N z@$IJVFCe$L*n!G{?z(o*QMXb1(`9oH%B=QTLCrK4upN)>7d5V|N5w}tb1_^Rx_2`} zEZLlC!}`FQ&ktEVkNDEz)(*+aqBZ?IIEM>ZM0A6%Adw9KhO43NsmD)Go;Xopn#=ZX zeu06Mvi)RUVLVXaE$40ud|u0@L$S<3B|aoZ%MAG~A8CiF>aekSD%;Qs|=J-eUZC`(ycVq+-i6br+rC~0lvsVi{^u<*aM&gN$%^S7IH(Nwme!iJ!-$SA_zn(A9&avUnqeR zihUbeHnJLj@pA9k%WUv2ke=@K{=Lf^()bOgG9B9PBERg|vEyU&<{a-(y4A6S7S^_5 z9KTC*9%0VutM*~ax9t=4tT=%rggG~;n{w@Ow}mmF#39B=@;*e%8ImeL6tH)J-JAxMjN4p zPP-8qF`6V?6c&gqc3uu#lFA1hB|kFL;c&3|I*{6Z{?#dv1ea+Mh#GS=W|nn&*^V_U zScUcC@6UG&F&lhlr^on_>}{O)2ru@F}V>!N%jveK?hj&#UnkCDMiKvs2RQZyz>ghhmA79?2!s zQhQ!VSXuduY+S&Kkhdn7%6_;t8fEDW4J$E{V!%4EpyVa%mAm}=gBxoK{*K!5*Oo1B z(BtwU-_ytXr`qTJAt5l1a9m)utSLUZkhC4X4kQ{A>~)fU(j#}Vy$LUbnSOsmCNI#O z1mB>3`f6q6nJ$u7=plbxh*Y3FRZ{56->SsjNY#IFY$?UTD*nNcR?+S3xzZ+K-4iEn zPq=3BqQsm-8oWG|_(3o@WGkgTOvlb%`sv!>DqDL7T@i=;3HQWMOJlSB!pczBpV$ds z?5dN11H3Sd)3)P}?w0xsn9tp?mu2*q0N!#J<{f|kMKwWJtG1169_-Pmc4fvjB9qtI zrY|pS%EhrR*mC4m;!Hndis)o^Q%i2A@t3Drbtv77ED8kU*Y4EEL8%2X$<=@UC8_Kk zAy~Nd+bYVzGZX^@1M@c7v)LT{UGJhF0Gp&X{abj60p8^)$)+GFRYuBSSIh}8xg z8nKX-(^k@SzYD;7gfVS9u#hXnuO9cqxuHHmqcMcH7cke&fVXO7XuqIypLOMkrmI4T zWCJ4|nUj*a?ZK<5kqBK=Tnv6o?&~MFdh+ERd-H% ztVtxY;_%&WG}+D;#Yj*G&Fc5!?^RYVzI+X*)cDR2S{B{10HG;OLCBJ5c{HwEiEwpw z?W&Is;O#E*em~58rc@_m_wLFbo_}WDzV)w7n|dc6RHJQ}0Gr0G z$-4(t=sk03KZ$SU?qA9YnvP@8} zMAbTZ>QoHHch5p#F)KblZq3Hc`!z4lIXiI1cgDbahes^!-k=N>>9AN${WqtH5Crl*L3d33^;q~ zySKn#nOBD&r9~j?rngSEC7WJg6vU1xdAsnadfptZA(3CIg-SUAwBjh>0*!FX%+3C` ztTa5M9n^aa=&Ea70ae~ zh24}$5HW?$H0aHIKc}V|NzV$a)AX-j=@b3neJzkoOc9Gra8Es;&WCimN}YnHa2|5p zg=7KXw=k@SZP&$A1*AWiSD2Y==jh5-$+aKShPc(nZZ9{Jjb||-(qldZ11pBad5~y{ zR<@(usni+JD}z|b7_Ik_4f~SBLCn;HAb({JvuffN>d=_jr!;d6`lE>6|hMW56cyz2AenckJKOP z9iDk?-VkHt?LmAW+4Jox|GZ3$?knhvWVI3C{7mtG8w5j7$+?6xmg9B-yIz z-D@2V5Xi9;YkG*w2qi6WG3%OVL_8quEz0^fN>QivGovzpCtbGC_LJLn0{gq6bzeg# zdkJPPi+L5j@vNPPqweRzh{wYF_R~5L4HK!{5zpG^wrc?Vh!PpR z-Mr(O%X$v)Mk`b&{BGx}`^0o5Wjn zkPjh&KLmA%%P>Q1F^!>KK zeq6Fewto*x#TeN6=Wwg+F1b<_+SVAw31um81xzWs@Z0v3ZZy}0U^NZXP6g0Q1*F5@x&R0=z1|^I~69JW_o2NcI((jyS|TPQ^kD1zlYWa&<_F+ljMy4b4|^|G!$*d$=ay_JiL>%Hsr z^?=d3C}nZL5J9P?elE}aOOg)5-;;)Q(kufJlRQ;l(|5;YSzS!qnz7u^(c5#96;mMl!yWt+~#z+igT@ zMB5w%(?c(~SHZe3hr_qoPTgRvdKj7-3*ku9qbf+e%BVU0cJLSf1?Y8e2e*n_1~)pd zJA3R7jj%Amu4Bm^_XeaEkh7fiM&Kh&a(`AR9&V6nSHkm^B0{?Qed{-FG(t`^WPH09 zrHpJ+jxFyN8@aurzi5jn=&>zRWoSS|k#Q#^hCm3H^CxC^QJXg#xYkH6|9N0>rf|_U z2Qwp}y6scnZm<&{S^w1s!-6OrTm1 zQRfbs)^Zn(Ok_KawMK3QP!^L-`U6iw^s_S}07myyEUgy&0nd|~=g^C~>|Y;nV;;sA zr#Zc@zCPpJxk;TgQ^S@0!tpI=Hn&ptplj$wTGtPd%S34`OgHdr6}ob=5hUL341;@) zt=12v9<#vl0Mn2zk8-Fkwvn{pJ#;`4Pqn*Tdc9ARh z+~+1V#7t{X9KQbT9F~o6lgQPK*u>mgm}Z}R<)|+_4NF5Z#7F9ItCq6#=xt(t*>!RS z@o|H1szv$GwKRQHiH?1&ud4C(^7Z5JU+hIoeHK2_P`61fcyQDg&}z}HHHA74?i*^) z(Lsr9K#aUZ-QeG`;|LN4Pa({!4doS$DE7q)0 z50!Qr2M{y?4a~%H#~Hum+Gr!A4xi0=h;C7!xL>1g^5K1v5YK@HPqA#1M43O0g;%|^ zV&l5mzk(n`nBja4eo1r;tt^`Yk-MVQ@@6#aY+1N>kbk`jlpumS2-@ z7s;TE>oku<*-AtK5SgLrGlPIOVKv;^4lkWaPVFJt%i3v`m7VzMroKmP+r-QwU@Eu( zN=*I5u{%%Ur~-Mn_uxTQ5SKNC60~o1hNf5%CTCFFHWe>dxxGlbNGS046akx;FnLlE zb;uzK;GWN`h!4C-cc04yE&39az8MZ0pKiMK%PLz?B>#@2qV&L!}m_x@Q=}lYzfz2Z^`L^b?qdvQNS?$ zxL(ou%63V+GkE$qm}leA&&Fb#C~Xnk#R9`*P~z)JAZ0PDcIm_0*WjnhC^U+Ldt}xD zXCxp&_Jczp!SiR|0@pu2=khr?@dWgb9#QIX;Nk2J{`3TFq@&7i{VQEvmTVU6&W5KZ1UG%!-l7BpZ@~-Fo zq19~bTefjJ{8!9z{I5-vd=QG>#=;$GYTC;~UH>E9`pjA1dhZX0`T3KRxy{^^3oI;0 zK6S46KRc=NzxECPlQT0nid%tAzFAA)U){T064plu$q7vc&i`n5W*JC7_mUD&+_k8n zoeO?@#TwAT!IY+i%;gLjA_Y3vZT;;mEc5UG>}UG`{~$C!dWV2^vh|G3VwM{r(8!>| zpP?by#CL8M(pN=|NI^FR)4mIt?|^d&hGjKmsbX_C5JwXdv-oJDgSo@ogaoDy2l{#V zZ1q9t&CSn@EYCW}!ZLfB$N7i>R9hscm*{->k#+gbzq}3Z`!(=YK`1pCMqpF)4V1Q3 zkPcOFmTk69qIuniw@b~+d@N)j%NV?uM&!A&gT+2v8sMUy%DC8*l16F*P&gI*Rls$$ zPnJ|do)U>o+VL&8hq(irH?nX#t>;y$N3D2)$jn$3hEAE77{LUYeYmm68SZE(w0w8& z-X;H+lhF)k)Lk~N1hg$q!Nl=%5QM^NPH9cR5R%VGCWi3LTl#Jh%MXL@%`Q)7#I3&` zA;|~X|2&+~8^JRH9t{AJH{vgd!G2T_>=ukp;52Hu2IOepWDcY-P&gU737<9oVPf@$ zDJ(F;{242eY_V~1d8okqD9oU<{(+4y&@lU>M0ReI) z^6S^HC$yAs%=p&{gcHZEjLW1d5X?d9pep}4QuD)Hf8IwKiU4j!_SL@MaC;#e7K?t! z0hGb3>Cpyxxn&(V24pfzS4mI;2eW9K)o0K{SP+|xm|93Fe*3jlh*C+$lL7{aT)eKi z1JBq~6=r~PS_i1D21#d$-X0dm?bLzVlVq}L z&G6Sqtxm=wr410)1o~Ur`Z(Zd;%FwC21qX6g3H+TFh7&DbW{y(n1}G$k6S*bqcy?Q zm!(EEOqmh*bp8Ve&Jm#JxrW0I$vZ%#vM<-T{240biha;}@!cEYCf6;+u$vAr_IdnZ z1C||7jXKh<*O+J!zzr3(!7N~G$tNIjBSjdHorv$A00y*ngj~QL2(~jiflvSxLeQ*6 z5Hb{6JG zqA?!tdMISp`RPt3TG2Ra&dhKY?Mjx;{GzXUCOEgxC8;qaHlQ+Odgo!@02rg~ZWJ8U zwQZGOgLm!PRsULkbBbwQ5kt>_l+o$2z7*R&rGQTGs!#2v%w#e1m~~=hKhU%Ws;i8w zC*fd;Y(qf)T|#l=u?a{dathRTli6RRB*(x|IVdtmAT++k0QQMalwQEOSTN8;H&7#N z(jXjyfN8M=p94$Q!ay0{l7vRmFhJ)WuX1P{;5jAJMV<;f=|NO`1pZkPZs>GXF;-~N z^p2;J@fGkg2JS#ub6(&Bb%-F1(_R1KIIB08oIZ^>?=w=mQyTThw2hA?Mir#OJxuxO zT<8KVK|ABRQScy{Bj9FmuVnc;---<$$(>0c^8+AgocFKSF%YgPmQvo&hF;Qq8s_=Z z#zqYSmJoBv##NkdKTCKeVV&Z(agkzSIa{F93JZKZ+H^YO7c#ESf=7S#PS`;W@btBS z4;YHzr|`i6Ob|B#r)2i1^z_M-rttKZ28u>;M?(j6hIJ?fQy|!!Q?!GZJ}t@l)%B1B zEq63pCv0~lK;o+;!{R}hKCxBP17M!AT0>xdPCCu4Hec0J%Bnf7A?_eDR0 z*F12Eot4EW8Wg(;>@Q5@upIyU?E&|AD-Ely^5!C;gPLH_;;io;@5Z0xL;*L~XFJ*Y z2^r|qh!uyFCw3|OYhHDKu>43rlg!_rX4&>&tmy|CApu`JSo6x0`XL|!pqb1xV(2Nf z0RxCg+W(BI-wP4VfHjz7Z1uE8Cei4h<48QTn9zzD@7H@$%lv;ue%)s3J$ zv~5L<6-;@doCr8Wv^u4Mt}sSM)>>Ytn@^a2!446e<}WTStqTDC&|%w1Pc~I1SL4*n zv~D;dpG!F;Xs21mqau*Ti>+0V#Zi~wJCs#5EVQ2_)hu8xe#{mOG3io?+a;*o$=n6K z-iEDPqrn4epn4P2gYMwtZ}$6%nGsgaeeqiFPhkjv4m@#IT4Xs_DK+~4E)kSRaV0!6FDhn zXpX_7u$#MJt9cB)0MEM)p`(&hD*HxsbYduiieE#N+|Krdy~W&Q6~M?PaW1k>6?XQ? zo!Sivm9}A|-Kp&9zV1VDj-y>naD-2H9>2?Kww^`0vgi>*Pfg(m^fQ0`oy536;`bT{pJgCJU zsUoRrCVpAW@N;y&H8 zx#F4daU=#cbRRjnd19GZNpmR5N&XK@Krg64>oKYd)kAZsf;A$uOY3fqoIaKi)epil z62)8FgLUcB!aSR)<wz9>AWHZlUEDkjP#f3T$4=r)+Mdoyx&N7`)Cv-}^SWf`$7A zj6&LO2`4n(Usa^kBHH~hVM}T)EYtOyVLvhs5yF(YhsUANpo4!G4$s3Z63hY_ zWiAao#P4A_a*CBjI-NJv@ssnneVJ%t`{ACUCkcVeVh2BlI8Fd2=EF1r329Kl5kPq7 zX#~Xh6qiCm!fIIjOcx4+J%Ica{4yF@3zCwY8qquWyg!i@7KeZ%Uk9eZmUQHx&sz*9 zwi9X^B7_NMJw%E$dp7OY3`a(d0eLa{dJuyh~iLHJ2luKPry3-bA+bo$MIyB zbxlWh>G~;|nvQJul2lQcA0WdF)e@;3MbHfRlXUB6{r8*t3BVTPK0j^jy;bxSYECx( zFd7st@w1tIdHX`ru0Q;br7KJT&Yw%zyhK8c0X8j;<{-mNaB#l@93^vcbnx);eRIQZ zJlcQ%u{0TGG=#hY>81(5Nn@^amXTQnX^ad+k_rkMH5xuGLRGEdlzxNiuoqth5AUcV zzMh5C1^L5%8)E1Xc3+^K3OwN?eN>179^iq48w-oH;JTF4{xF0wKu0wq{K(`1SzGWq zHJBG@UGocF1gT=AL%{hmgO$n|Vi9SCkcp-B$0kNcYoP8#;7pl}b`@f?d+52R_G~R0NES(gaL{U1duz)iGeSAZc&76 z_^BsA6p`BxU+1Q-Czm?xC^@V!?(+KY)8(6)lF>o9e4=p1%(q_g!|u{8uaH&t!YyKW zI_1c*%P#rdj~t#8&f>r5c87my&rH6?f9A4^uK~CnV_jX)Ux}DwJh8@ecXZIr)4{^0 zkhU&@GWj^UjOD|t`~3gX>oEQ!3wFamMV#e~0z?hv!9CpLZg5D_PqcOWs1EZiv_U4Zi>xso%c{6Y>~5c0Izd zr>~FG0>A&Blz{(zgF4oX83BTbQC!WCF3jp8y(`1y5>a0>pDsY(1wHvE;i-{|Rq*rm zMq7Cj!g(|BM{hvbkl8)}nMl&=gA!>#GpbigjD@hr{H8nh8|3POZ+Gszvzb`hDJq~8 z;@+POm4!q$)z<4e{j*RrEx*%x<|gKBbWtqNqrjti7U}u?`B9iA*cJP!MaD4 zk70D^b#t0kB8JV0bqcnwSChkSvG76+fZ?jf0{fwf+rs#Q4?*7@j@Ox>;9w3lxd_w4 zW&l5&QSu>@6K-ilb;8g)ZNdRbl7|A~H1+QEui1`_FyQPr03O8O4f=ry5pedO!8c4H zl^#|NGMaonuow+jB#w(b4bu(@;4MgUCLT*zD7r=uZ6wFRCzLSMK={s6Z4Q3YPS?#H z0Wl^ZRhj^u!Cnz4HVeSu4EHct6F1^}hO9u1wgRslQAwAzUFqVC`3n#Q!U^B3)Uwg^)7&HAu0=r#caui z@bp5N`wGtwQgAHk7<1G8l)+6ryBJ>3^3tfnO&lPX6k*IekF8J#wq2i9GG&DIZO(B? zBPBR(bvpP!=h4E=#9RXKEK1KLY!;;!0>--6@nj#rlL=VTV(P3Vq(+&?>#WVkSlKw^ za5VP;8gMeQ@W;imU!eojxPkB#F>>X{V@kLQ-SoHE;wVHBinA{E$EmvT=RN*@$`xQ_ zS_F7C=j|QQ7kCrvAje(6&ubt@jd%OV4F(#AQf_bB;{^yLPiy3F$L86)tZ55^k`5!8 z6OlE3{4xQvgDXbD2^J&r9;mDOSEt!1Dj0%S8%Fa>hV>_)$T`OI^YQT&IUOzzlca)< zk-8U>R?-N;0q2VtsQ`*1VW*X=zTWomM(7Dl*!uyO1c-`b?(tnEU4mTC&|_ujg;j|J z!WsbRyFaQv0z;I`_f>+RCxGyp77HG2#Vn#WjS;XXlgu7W4=!NSc_`@26`mE5Gx1Bg zzacgNmjS(i-fN1#Dgn!nthi(%XqOqr=;xcXz9y?))&ORVEe)jRcog%Az)NAWeb_ zTYjLoA|nu%`8e(gI276*GfXBQ(XoXTRt2Xeu(Glin`dIOkMXS#bS(IgJtV4-m^83s zTyGS~iI~?RX&0Wje%u?=fN4_j4YDL>l8cWZqEcaaB5ETUwF88|ruW8czT?IXmftrh z`0_U53%2!kW@`?Xn^r!2K9&2T)akE@qwQWjs~5@KU&6}DziZbgBTYy*YVagcYH`!a zc$rY1V{j_wpos8HE{(#G!qKQQ%m8T2oY34$A%g?OKS@vRd?jF5e?k`1HrxG+r20;| z5pV3BaWc8SnqNOVolGaO%Ho1C=udh3fLqlK^w18~;`E^5;~~@kfW)<+J*D*{%CT%D zN0Xij?0gNr`ESbdQ7Rj!^j->`BbS)}xG|__K;XYx<@CMb90w`hC4V@tBe$fG6b;<1 z9a6ASP*)RumOpnzs7wnZnNZw_X5xH##I7zheDvs1La|s#eInKAhxHr`utc0B;|?Ii2as_DwTj3rlO!%1 zKms(IFeRfXWHy92hMDssMJ5OrQdfx4l7eZOoCq*L=5VmaAURTb$iOZw0Wbh41&SZ&VR{SoFoFvZWf;zGqOi2{oGoRg@1$nS3q4m;sO< z+UeFWz-;yXluj4NXyG{&4>D*$s3+jHcSZPA3Uq@}i8f+x`I&w4GOih@LG-ACl*M;C z3&5j}@@@Cy>rusL2aY1-iKSzG&hM-3=37X6jN;FuUxy~T&~Oh}+!`E6G3W7qO@>Kp z`si`So98z|Z=xukBp~9S4IF9KNdpHOfiPYK3Xscmka|38f6LTwMLjd7Wb{Am<`y(A zAQ3J7?7sti>07^F@qZj}vt0X63Yz3={AZf8f4h!wd(jqX!7S_K;jKP)>=^V=a-(0t zRzq@CPpY`|hHF-i&%U((IFOXnX;ZxMpZ6U8tDf$Ed|Bc@rESXA-P|X+siHqLFS)#b z=wsPO`Q5t}tkn4b$wiF+(j)cbi%!P%*O)1JL#9_yjAPEfx=RN10z^oofx;LE^D2?e zp!wFrlhigSdHvfx#9j=7n-5AGEHkxmTiL;9;xjf62c;@*6C?~Re65O4dyusjRxcT! z`D!gu|MKKY#s~(Naf1%G-YpiEDGT`GV$|cGllz!{kHrEkA;2PtZw50hFpZB9+LYYX zi2E|c?E24v9PE!zYp(?uiO+=QHI638oHTb0F@AT~aKu29i6!bPsG*i@Ibcu>e_enO zsDge2`dENx$`@R%c^CSq5c*Wu+|J{rq4dmZ=?0ifNHVT%i#>ze(U`xcr}u%4C!{^OQQ^=Wke^;D z*nSM-^23fv^g?(zgB({b`* z6zm1$Yfk1*?90p#d9SmqYqr0Eq591~xl4$O00w+HaBXYnx#s{d25ouo9YC5Q*x}#- zvZSRNqGS`bTfRRYm;!ibo6K0bD5df3k`3(aF@R3+q~c)=32{hnTTu*_IFB#nz`p>K zeJuKES_C?DvcbRgbIhnf{5uIQ!12pNmal)o%CwXyBlv2mcVP|SLtO!<`IwvB+erpk z$el!f%h#--lj%Po4y}9u+#M8Ly=EPF8i0g~qX>OK4aJ!@%;`xEH=bYfW7}b*Z0XQ- z(*JjDoIxLfvO-{Y4ceS!JP;hN{4b2>KA%BjqVLq>7h!qoCdOv&lr6tU77I+gSzBfb z;Vn=~(w_?92C)`3ChBE0U;r^dlr`|NIG%&C-(j15Z~0a@w3L2}UQRi;`cRc|AKkqP z2TVVcJHo_Fs*j)#J_l0?PD}!b2C_(mf8aL#|7_CsLiW4=HUbBFc-`!#DL`d1$N@v% zbr->`|FJ5r6Z^kQ6@Q!XDDHnk5Wk+MCJm`d1v^&_I_MQZ{A%`tdzI?QfDI8ZdMp-L zI9G#D0gV$xC<5Z)#6hVhqIt?J$nQ8DtXOn~^tZ48nqY{6fF|_4uaQQGcu9+Z)nBJ4 z*k{@c`Y`}99oUEnHb9oKFpJ)Qe*?=mxo&m^6R<%IcftA?FOWfeL=T^Y#25BWcr7{o z*jK_dP=Q|vHp5o?VFow?8Bxb54_;Uz=aXx8EL+oG;1(PrjW_3cn7h>ngIHh{J!*%SnZ z8crtZ%`nUm`k+oS-F5mMIp5$|21!E--!~D3G5&ZIaFzh{c4vkFgu%+!9Eg;O-=cYh zKe?SOR$USF3~BjYT`$XNY=EAH;U($Y^hJ)_i93&=K{QcEnRFj8o1?8ltrEAmWW8=+Fi5pNVl1y9fb4Ld+5 z`ZRU~pq`AJ3HFda2A@q{YopDIMB@vm56A`MhC1BFM;4#>|G<%`;i5ZGlj?*5tP1bo z7pD7iz`1>d$btYy)Rri5itjuA0m8-^PwOAvkJT!R?$X#55;-l zbwILtqac6q=@TdR;+sHAwKFx>I6f56k9Y=~mwh&M< zf&=8=EAjR0Tsg!2!D%N?pE{+TpF7VqCu9>$H1LSMCR!CPggK3pl9U_kimZ&;?sMp8 zbY-y=xUsjmD_KDab0-+mNg+O5LPkJyuR+Ig#p}L?j7nErR6m}j`&~9$>=d~YheE@h zq@5z!pf=TYa9>#hG7RyQ5djx++w8gKWnV|F!F7PAH3eZKm=E(188{~{L-tLG0m2{> zOEaMxA^4>?;0j6+aIu-e3VsoQb7z@(bMI}N`_t;>Yf)5q<_yk(*zyTjl2<4LCWE+> z8b@(gg$5|g6`S^(tRCACEFQ90znPc;eRj6OC?@&F~61OyQ;F&#wk>nhQ2)tgvdVh z@Phfci_4_#=SW{)6mUp1NJE>1%`9C6UZR9H0&J+EjWm~Y!Kep1&63Q;6dEC`7v@Gh zm>moAeJRQ`(BNjE3Yu|&M?>CyZqnd`UZpRu4$ya|VETs+4Vzq-$T-WyT|+#0kCi|J z`alB#{2EHAmbm>Zih!#C8yvF>WYgi|gqEoY;N!=Q-7g-B8G?B59~I|IeR+Kv2QU!y zn%q4CJ!16vNDeNdP9XP^Lg=`j@refK1cM`E^a&(sedM8sWBhJpHUX&3WqaTE@x6i? z?qCa3pv@v9mI*jEzB%9h_rhwH9fFt^Ab6O##A38lVvu8_z!ws-gy3^`*g`1;mgCMt z31WQ)xU9pG&>bv+`yA^Th2qtZI-(BtYNFj`gyeC;uoHp+-%)#}7#2KYbRyyiVL(7f zTVSVw#m>X6Hv!l!_gxL7ji{upsYhWE>9olrML|Qja3|%^y zwES>J*0J~Dg4+@LBNv`=XXmw8o;s`nGKye8C#Kc zzG}N@hx$nN*dts}P40*Vf2L0)czn&*$i$k7(zfkJge8ta+PCED^Bci?nL{ri4tQKv zl}Pwt5_d4oFebH2h)<2&k$~=k@I-T18lnndC8w=5&}_f;UXpiHKT=^UikA+`2Enp; z0Y8QC^|=f4E~NI8$r4;!bk_yYg}@E4sLnlp8g}FT=T~#d{X zeV^m^EPp)D@qK>B@pLfFG}V27KA-pddSBOho#%Pkh)o7yF*goSTj*W&)LAap=#OW+ zg*zn#9&x7Uth9PSFnB3d1k!w|k7D_vbdw~35*`WU8gbS*>r@out*R9R7PJyN0T5#z zKQI;Xr%+3h(E)I={gq;EY$m_b9&D|nfn$gq*Qt1-JJrgXRlgVN#b50Qp)s(1r|_PHZo+Cahb^60{L@Gm2hoJy2*!+@-Fqq1p3_W6w0qAP)6!6kxu1g*)XSFsx4q#Tkh=Du+X)-^lHispSIT zR3xno`S{AJbDdvZ;n&HQLsUk8`^U?(wIhG}QtC56{FMM`7HlwSR&nreK<1}J3SU0{ zP17X)tssV6*MEkz{=$0_?;N(Evg+LWC(9v?{f655P%K`8QK0bnnD$=}r1}RgtNX#F zp~tm7Qe!wZP$1S(7B%8B3;w?nU(B0TFZQ9pAv*LW2=Wp;zR|Rk zlv=E%@`jUV$8iw!H4D-aLQX*)MU8aBf5Rgja6^2kuv`8SU4XJez$q_ZW~jtRQyIo^ zL`&Nm5^5wFsTe;o=)-s8hgVw4Y+88Iz3DP?y*2nrwtIOhC-?^?iI4c8+q~Z4<8#m9 zMCxJSaIp%M2QQ2 z2qbjac;z9G6_fVh6&UYt=T`f+%qpGq#^>V2i`pO!=LpT%_VKN_{w9jTGHwi3hu;LjK+ALI|twN-FVAYgJ;1XxLr8iohcQz z7tL+j>sa4?mKl8K;YD@Zn*{I)B!=|!_VQvhp2JW^2XA;mGhnA?PU7;p!BR0VrXeF< zFnR05S75w8ii6eaUmiM~P#-nw;>U+=e(*ecwD&6b^N3^v?@hdH>+!etY2y`>S_-!q zc{XH9NP&-W)Gq~q7aEonFGAd+DdwHv3-nblVC4Jc5F<5lu$edSAUFHPO5ulUy*zns zEL~YpJK^Zk$Xf!@&F%Nl#e*R5!SE`K`&6*}VjO3bGJq~rByUr)pIp=eXBK9Dhm-r0 z`TZMs{Gvk*BYZR{YUL+4WzwDFygf|mXBt5F;|Tx33Ussz<#zN19-N7|2C(4=rLdMo z`oT-tkTGSGhmf80XDmhVAICuk0z^iU)N&J&PpQwv=Ln=@{GNrxp>799*@41MrYk6< z>bSWV=a8)@rU|W$yk8C#k<6ZOkt0Exo`MO|x#Nh-UAP_u^*#sxwV7L89RR4z-07Gc zl2e{FC_Nm`*C&=2z>}QH@ZkuOrW%NXLw@{x???6uWgpV-Wb8`|DtJz^x>?b?>Pt?N zc&F!bl5@b%+JqCTB?*Wnn`0X7DH%Q>jziqT;~f6k!`Ho9zs877rCT%1e6I!!xG_O( z09I7@kJ)qsDM1v+omgDxKCuY^+>L@|sFN1^0^+u~KgMtpD@DOvC9?&9 z$?UTh%Q~g=xuyM;LMd2XYifw7ZNZb~A56}Iv??vR=SIHde7p0Oh_@jOTrslvfYP=G z>8hr2i>|&xO9ugB%1tOQ`m99t`C?9*n&2`(7E{PDP~I#%Q7y30tPS91A|;8?$@wh#p4??GFE8s%i2fHJ zCfNQ$%~#iUW|K?exey`98UZ$o&r4cuDve7#mcCi=O_Ctd(+E<|zC7k!FOLyFk?3O3 zhYU5_aKoKtc85-!SZ>_!TMpGu$63y>1}4L3wej5WsWQFesEy|{^=y4IAF=fJ-+$-?(D>vXe^8Tl;=;Qlh z^dVMJUqS7dM-xdi_E%n!I`M#%*K`I-aZ#NHJ1EYXf9zhpcGGSubq8002r?eN71zAEx>i|fI8TdM# zU?|YSPhM6x#oXw5!Y5HooLp#DT8?SlFWKz^s@1dHH&vjyolQo#Ry~ONPY3}3bd%n# zQHl2>7Z(CWGS5%UxCn@DI>8X(Vzp`sLPDbMh=20n3!{H-5DpfwikLGq zHR&VW4{Ai2x3aIaafQ7X3~zpoD8wb`u|c-G?4{z8+De$Z#Y~WJsOz-+{2_4lmlTz2 z*O{eJpJO@`2@GVKoHA-p6h~2VqjvzgnaIfdpRX`((2usU$A|_WOsqt(3;9RjH?d?h zoK0H+e?f{$@#p%L#_(UA7^m5PoSU0QpnTn{m@b1aa$5@om&)> ztb64(YohQwOtncs9V<9Ln3CYkDL(yCPl`hz++ERiOX0<*NczV@^VapdZHJ2|YAOqK zdQwOU$jV_XN+BsMdULb{L?NEC#BAxXQ1#?aAjWtYKYt64BTj7C?=@2>c0F#X5krZY zE^gi8MIs}bmaPXlo%n835YA!n)W= z!tmhSsw0^dKm%dCi7>kPGs-G+-}AbA#ebp>H+_QDjH@y)I) z;nuh_q4kRk3&BHr>FM1S2Xyf$d4mJG?FJ;$zoSyr10fp%4N@e1ivWmv_386lbRlKa z1S+`+oV61%4rtb@)nIu11{@IU4t};UCamd03SH|kVwc+A1xk8{cfa5sw^~Xq5xa`y zQNRc6yQIO~4|_`D#j150g<-V$kFsE;&m#ORm|`;(Z|9NS; z^3gJt3i}-nbJehXh`Mj)K7qSUqIneBMVhrP2%lK@n!VV^UTf1(#i-dm+KprgS?ndD zbV%QacQqAPkU?-(SY5p*)x0asGna6EVB`kzZ9vm7Cc9|=)6{LBcoasHM>A~gKCACO zIhNF_vR1`;ff8^DjLY0p@3PR+{11vlOO|VSNX;^<1XlIZmQkK56A4M=XLFnoNs zdfq>!Vg8-&S#;^=*YnPu5`;UZ_Gh(^X`)#XZ#lxb71@D|3__Q2 zBU=2mgft+IyR^RgK$?~GKQURd&;LvlPYO)o6cP9r8ni&fB2E00fe`-VtV#KI*qb0j z{IT&omD;_#G}1(9%6zj}^1~&dJGvzgig!(hMlENISY4VjQbJ@m=$NwNIu~?q+pwXb zF-Vmomoc9n-uw^m%N(QuReep>Tn(e5Q}p+uoHQJT1D%$ho{kMnwvXC?D=q2FO9_P~ z#wl`iTb}`l81%q~1}@1tJXqw{>cgC)w7EooJ0kwF`z{P#nS#(ywS9X#QcXKfg=HX4 zPMV>l=_xm*L^8nNMtGsLLv;RU=hpVP zcX0yP!IHZLQni$0c@faO?asySCdM<+jf!cSw4&8+SkgC4k}I%75wO1g~^lKE5}dkGqtWqD2rEg#ZxjUYp`a^R`R(w6Wv*zHR*Uo4kv8KkNz>~~45l6|bR}j8;7W6R{PuMz z^_qL@=VIg1Ufc58%t-;W!fS)BM#j>Ql8I8H#Ur+8?h!p7IdTpLT%v-M`KYYlY1Bb+ z`tq(%oUhuB+#!N#oMU+CIY%ubMa133&~-8#qJ-b%9ac+pZT1Q{Oy+#833%%y7T~M;t}S2FA+M~Q?+lXcl*Vp8 zB<&_~4CIN`Kx&~=W+Md#AW6Mgn3c=>(-RUT?GB;Nz%9AnaX&e9@NR#{RikevZT9_X z`+#0)m9@nWzbRxw#WEoaiKdaqV7eXSS6}m&&aUtNMLhn-xnR+1x$N70cOWzq_Q63` zzwnM^MG5Z+r(o_|2rS3fw9I#DiX{{aB3LsVv$$xjwP%NQThwT^q2=2R)3Q?8n_Vr< zD&`WS+ogW0$`m%pg-=yx4oQCIH&aYstO>mPyyB&pa*3Pj`@OL*^9fh{dw-=HjsIiw zrMC~dBusCxj)c_im)GM$Ed@E<5f`)y049P!PiHwv>oQhC+Q0_GHMGg_>Iu@GBbF~u zt{v9vQoWfm%*Q?G9mV+uV~O0PB&X?>+FBWLIt8yH5un>jk|QHs1%<=UuS~?za=F+j zkp5dbT?IzcQKHf&$ZUQr_GOBK@0>80RVFsgC>c*UJ!ITu_w7v(yIq;xyv0wgZ*f-Khk8m6nZ4Zce1P)A-0TWikY<+}>&xOsL-huO{mr|@9GS_n)^aC)G)=IPUd*Zhc z7R9*Qsp}CsOQL|0g)Kb|jH9BEXjoqrbqsyk-XKxGg^w6g(COO=ypc1gPQ@*`;~I_@ z8l+#RkQc@sylwE!wH_J8ms)FXrj*=E>px8Xsx)j8f($%_2%*NSSK~0M=~6wgrN zb|~eSk=eg_FCMVxs7kfbTqq&QzoMU{PScF!*2mvY+KsUyy9yyvhSFot!LoE9$?g;c zB0V#F;7TvNAT^K79wVvOM{i-kqSFtU0P3Yt)p4{X-N4P97iYdK;+*oPK7gPzgoE#Q z`uYRqT!DW$h+rr-muYG|v3*ozVIYB1&`u3>%-0*pP(&iTddZ5Ru2m`qK58 z4C6XXWz~z~LdqCJh9)lps8q7mVF+pkRhS4fZBNO4cVG3$+2EzDeO`GZ+I&?@1GoJ4V@6;Rdq3)Rb@z{of z*67ns*W<9(m){JD;q(lIL1yY)$sUM5A;4RE*-A22I1F-4m;l3)i98O!8e&~+*0?@B z`?kxS|63!#zlc2@^SbA608X5GaI}h;=lMDoRvO$!hW8UnaWHn)F)DV57yCL=36>^yA%1A z(Em}VcX_eoX)gNIlA4-ZmhPa@CV9j4yw9fxB-6Cc#E*}Xw^?3qh3f=K zHoq?6{$;aePD4>7bsSH)&4nc{)R-uznfqi&3UL2a@T{kUXB#(8l=dEtP%HMoMw0HI zM!ipPbjStU|3OIve9sQ1M;w^c^6{3hmOxmP2}uTeCFsh-$anyT`Dy zlzYdijP6k-r<$Uo8>zxBl2>clMJ{Bt9WLgQthG>8R zx45ffdm_#TqUSSkLiZu!6wI%R(wM(u0wrMzIJ3BDuq$LBOm5xFQn7Wia%aAh*y&)T zn{;mo8VxZcs!uTmk(Q3RD8AtynRNoI0R~w@2@{!?tYpYO@o6%lUWhJi5@GnD59&W@*?HH>2p?A zt238o6wlTL*o5@MlB>*OQ?g5Jqm{eI1xWKiI3WUQh>fQ_LX!J>jm&;?ClU)0coGC< z;I428!7KYI@wFg`av+2Ya0TORrW~VuUOI6uQC?C%NG7{Ai!lEtOWmaztD&5UNi&Jc zla-+|o1V>nPY~yzTtvOEK#dkWB**)TtK?pHN`?_DcnK%>nMTAE(6Id^Xd24{+v5mMrkO>57 zO4ACI^5oll2yGICNg^Y4u=EO-aKTec3E#SopeSVZSPeydhlW_1Or_4>shMa_ZgGpf zcFY-Ua{$Fm{Fe)yiJ>HO{&wJ|jy?kxv5_eLAUsafC3zgL4}LiWw_5wG9z8Q|GEuIN zDidKfL+Lbhvh^9puq4S6cxMJ_YSrXhA#x-lHx2i~I0nE$-iTBBN~`JLK2=7a!F=sBkH-{aE9lVRwZ}x`)Ol z0{m8*y_cO5ThP+koMqqMPnL$-*SP^7KDcFA`*rO(rmaod)ys=cH3Nwacz?jiJ@y_2XkI+_4REXJRBb8HVJI&AC#?0{Jh2|{7CSsPT?Pmb8>ou0k;@7Y*@hXE(ca6 z!Ch^vxI(3>6C@+51IlmM4{FX3^(&7bAIwzSD6@Rr#*G_S`2PCrPL0R3bz*3MvJ-K0 z?R;pe#tRol7u-oabEcW1(e4aQZS#o}JM1xy)-yEJ@$vO-PEy?dom=X&&O5I6D0I&3 zccr2tzFX7dwTHWnFF#Y6XGpi(dQoD*HaI%nM~s-&cI&3M-CwNo@;cvY@m+7Pm!7|u zm-|&!IrA*PiH?pQ>RQq5!-o%=r?zlY)H-**#;((&Pl_S>Q{=rWdO=AyXV}>6t6Lsu z+E}q*oNL%EPtrxhcXv&m4!dx{c9ZFd;ds%QMt_@?mG!jc@(mk|zExGF>1KZL&>@ve z`HuFJC%46{t?aD1L0Bs=tnW^=Q7k>vQBioi_lVNhuNx>b_B#if4vs$d-gm&tW20Bx zQ<-O3W5}Q=T9|DY_ZHv#sa953?DWq~%r_W1w6|}hiL8diHV7qw|Bb}C61r0%{9AsSLx89 z149%0gOYf0ULQPnZbpFjqwq@ajs!cu;^H~0*Q|L;~68ydTGXe1W zN7s|btonK+d`z>*yK$pwL}cXb4=3&~Ju-DjyQ~Qd0*3bJk$mXa`%9ya95MUtne#Bx z7!NAK(Xsa<;^JBs_ofXL2QOaiO2z5au=9(B*>0&C z94QLLph1HU#>cm%!9ZyJ#?8%b1#uXxuLUKn$LcUmWI?yyVI% zLyO++ooc-se)ZX=#d&wx*3Zb3B%#}=QC-iRIrFl-yjJa5pZ3i&+)2LB0J|5CD8K#q zakrS*Sc}=S`)Rjn-uw!QZYB0|-LTiqX^#QR~6h0%~ucYnHZZeOGhv>llugQ3|X$xu~Vm&+)8Vm@BH#s-rVau#NwcuhQ`Rq zJ2x)`-Ml%Wv!QF-xVX6diw`;OFZbk(fB$W|-a#Mu?`7msDPA*e0oS z7*_A5rlyl^Y}nbY&oh?r?yJ>xFiPUdZ!*piF;snPF47lmGSAVoaGhhC-`Lfw-)(it zc$9?3kqg$9Q|>V(a2q1_Pthkk7(EK^NXQDV;N=E z_L8;d3hLPm+l#bPhCFxc((L-afz~7R$3qIW(b?hcJ!ZuUJ!fa?O9med~bvOhdvv{sLZPBZ7u?doXIi9c8*`;vQHax~~^ zVDKHFmqMY|vI&5s%A!;16DLl@67>5m2Q%y*uDM%UL!cSs<~E$CclX{s&9`0G>>pEG zQ?qT-5tGG>wKO)?%}*$tr}vn+ZB5CW{=ja>^#-96nuJgKB_^g1Zb^;2y}fl`5I^>f zSlha$rbZ)p%-sH=p`rH6m;Yk<>(K0RoVfk8x6RHI(In-LxY-n=W} z$4;L<{g_CBLU0t+$;S022}OmM{VyA7Yd5=p|NhaqxUo)7y6u~9b3Jf#P_(5tYyCW- zEkD_%@7}O5{{sg`#U(Sq$QxK!H6bCPcmMuBty(qk=AwZJ3|9d1ElI50@Ba4Z3B9hu z72Qc!F)|^c9cQE=&$RHk<%;*viXTJd9BXUalb>3;bZI=Kq8oPlH}?*1fhcGs9f>Ae zE_>|V+mR=2d?bhMG3L{g%!JJmM~^l|``^zaVP$o7waM(+U5K-s)s@)O7@x>v;7voA zGxBZ-APE@JzhMVH{H)bu?~<1FXQF|go=07s>$UWBlOs9vaWTsWeGA#uN};c>UxD0C zEDy&|oOqoevokl>ieYHm2j=W{fmVEM=9%W-?PxqMvK{BA(-!memgiP^ydB^Cg<-*4 zU(@K#_m^(-^K0WXuBS9(&x2Cxx(8NQRq1W|vOX$0+I!%>Vmn&QyE32ab=;}@(LX)& z_H9poEX#iD^#wm$#f~*G*;4T0=Mirno@r53RHUcY^5xsN<7UiICq|6?@y8#N_Ax2X z5@(#wu=MppC)~Jk!-Lm5W)=Ia-Liqppt9(N-Kt{|S7M3slolP|6M`vvO55_JlGf{y zVBNJJ8}^CUjvXd*=4fPRXWuO@_9b!1NG-cfk_{EZ zgW@gn@Zlyzo*TDrb?{rBAFo3GI)>#6o5<_U8^^7lo>!Kh+5UMG1eOFUt!K}l&j(CY zqy-h0=O;7-o%w-ZtT$*-BgN6<$J0AypA8&WrW6;;b(okypDg< z%NvK4h)(-YoG9PZ_15!NWYa#J(`q}%9i7?-YKuv&JEszR-dAxY0t7-CzGv)j*b2 w{l|Gl!_|L&u}A+)itsPO`I2 zbi=ua-`@M2U;8>g_St8D*TuJ7E?~Yf#`E0uj7OK`FKk-RxSo!VZWBdXN|BCkRUaMQ ziiyA0;%}0U&~xD*!nWtsY?UnZZ5^&z-=vefW@~9`VQXr1{cro5);2~K=6u{j+{cgo zZD?z2X(PhJWA-24z-?h|z$3OhX$yYII!kGF8#+3MYvgN1jAXPC9o@@q6sgl!976`% z90E4=E-#NZG!+aCsIbdONj;L9*mdwSRr>Un&@HS|o9;-xk=nHG(L3WaQng#Q=DSTW z-s=l}H*nNsdTH^eLyt@Ou&`!hda<)ak_op-PgtN!PZ%HHNcKo}vA!4YN_;#W9pyV` zEZ?6$(fw7qg8bq4U#oGi_@5))O4~nw5Tjcm^5+lCx9FJu{DI-rtXItoZj|L-$|$Ykqw6W|0i5RhJel4;76Tbr@!~6Kp;BuMcOa%Xe{j$*C$| z6!5lO=KXQk8O!{c&L<*nbGC{GU)XRL(pSrZ1boZ%mBPfFs3M${PD;lT{TKIDzq8`C zvfrBu1|L;T3aM3pq`bVecr&%>Mru>1_(+Ogae@=OLRiS}K%2@~C3d&P$p#sJ?oji# zoR=}Q_rYRL@6+9iy_sBCX|6BEx=W(lavkE&++Q!^vE-^~z|OeRR!n7(eW}s>szpaZ zBEF$SKlNKl$wfYcaxcH0=5!Orla{Y!ULK9K?XTuI_jrf%Kx}kvoHD0bM}c^K-hMI1 zOWL{i%8$0Oy%03hShITd5r^Sc=kAxPJGO13{>@&sX2Y(SYo8u`4;D&ZxoXu*2{-4R zTpCwcJQh;yhnlYT4aF(PGtZp45zaI4V`wN5pBH;2R&k&`Ki7M| z@V4acl~ym=6__)NUneIgzc;8zvhMzF)K~eM+3B_W{ylnWS3j<-OV-tO8vAwm>eW}( zQF8JB+}{vyN2}K;bazuU;MMWt(M|H&%NHm8{GdWBZ&kDc3vJr!$A{Z*%jMs9I+}Tl z%*@YoYG#w|u3KmLnPgLSfYZWOLueSCVPL-O>vxa04ukuoo3EDC1z@6^u~F3r*2 zH<>c>UjKZSD;f`Ppgu9!n^`>0d2*n?J>O;Bi%+Ys-zt{Ik9e{AiaMBQ8XY`%ur%1B zz=(A(MIU!uRXy00T709#uS{mU-S4R>L0yl<^cFkU*>3-$;^N|=1*+`Nf9{thY3DK< zidKXO>m9ukv!!b+KQFH|I^5kDzwJ#K%eHNuFU&tZ*p!mQ7v+{~-7RC{bl|{&(PqDZ zjE`1-{q@)JnrH=|hWFyiHBoYU;_|+H3N1^m**3+qCrh6lxEqM;qW&5`J>ByCC8u1W z`=Ttqwz27^WLy5c6RVbTJz+lMW{F=Tf5UD;tYg`MW5vOXI&TysWgZnIy*}%yG0z$0BIqzTNi!&8 zsjG^(kT^bo|JRoHsGNV3CE_~sj`IBA{ZTvyygRF0cS_WaZ`4tZDTfZXUVe{SnrBza zfbqQEcqw0n+PH3>Bd;_)w zmjy-QDRCY=c&07KuBJNjVg#2*ZOr9?w%p9&w%lmkl~H|yx`_3!hvngt$)TbS##n(e zp(5#1BOS>Db@8-c-+V{EFVBwmDrcCgCu--a=;-Je*TucWPeou)_I-VRC`ia6?5IjY z%-65dZj*JYjK{B@@+x`a<#naRkIQa)xXrQq&}#wH#!IhXzpnq?;jwIldNJ1%Z1Lj2 z*|lv2ZknhvHA{>0zWm|R1$ceEwi_QjcreiUfDind9}Kk zB#m^LRckjsoYZ=@hulPij*Fa0eZq5pe}9RYAFC2IGvy7+L#iHaXHPS2I+4FP)k1xX ze~CNyWS5Va55pU$@t&jV@825NC&c0o|11G)f|C9q0kdZQb5c^Q*Sx98c>N-wPs+o@ z<0oki@mM?5w~O=B@u%;urG#9pn3`&_KoPV)s#}oP?$jH)T6>BVzHwtkfzhRzE}xyd zc12;W#bev?M&TZFGt63c_1;tnIR5im>h1_^g@HhWu*;}}FM0LOM;kHZSfK30xl9ko zq7Hq3!BKOzx2mB*HRAkJDy!SlY;V}4gtMaL0lLmZ8H^Jj@6u~34C;6++WDuK@adPn ztCkHp$=f{9RqPX78>_UB5{11hUz4O;Xs#F~Ys4D3Ti3OUY?hl6_JfVrR<2y>#j1o2 z;%KHf)SUj5wX3U3Z`U!kA1BK4U8WOMRtg4}ksWQ66CXX{Hb3>$D*uu8-S#virA(vx zByE#OTIK7rd4400#1hxeULH>y%4~R5tP+vxGHt$n&mKe8K&&e9pi*JS%EetuT$io~ z^BYmqho2w1kR#WSYM{W`MrFImti5(C&!&BX{8U-2q{K0eJVz@<1I{MPJi%nG>}sP^^6_2` z#}C_Xa+bZ`k~u84I8k$+s-9(e?M_d$Y18}j)LFck?Y7wrcNuM2_u;W!O4i9|r9@uz zuUC*O90d&y?^f>>&=WX zX}Ms*^rfDlnH%p5^|T|-Z|cU*DoX1v@%Lw4To|v&vFbXXP?FIQ)>|5=By9c5@oR_# z<32&t%G;~xckJJvpsMR8aM~X=!-O(DeNk(wBjVI8?;F=}k;d(L*ATe_aMJ1&tP{70wHxz|iE9vOa#hO!|pBl288f@A#K3UA-(HH8_ei{GP zJu;HKaqo#3*V!>fK7Fr$K7G=WL&2t(*DZta3V;A4vw;ia1r~#7<7d%oZ(ojX;ZKDYV7AvI*1>!XilSGDJT!OX7Ajx<&|vUiCB$vW3qTw zh3*^d{fq*YEgmkT_;?4$#COi*7`!KQ-ArMpvA1X+Zx?3A$xQ~HxT%PTGdW%%nJYWe zxN00_Vgg;}sK?R*uB`IiwNLyvzwa<{mSteqb?#?tG8Lq`9{rL?-!GbK#l*C_ik>Ppy}$Vq8;)R}3W@my=jq|Z%F0UmM$Jbh?&2?6b+?bS=f|(x zemDkChAfALg$1$&a_nfvAMdQ;?zI~HZC4kkO!}$B!tb-)Wx)+|Wp(kY6>(oJ4e-mI z(ez%Tm#ta5HqP?rKcu&|Dn;8nB^Ef1N4?~6aPpWR$^=rr@(^;i_F6m%&c0k?RS#9!Urk+g>7Tyfpzwk)epGBxjSUUYJCDdteP=y$9t zKDoeHdwTt@V=>I)&L`V;i&{@AQ|a3>tCz(a-If=p+j^YPj-99591>mf$Z8?$SJXbC z#f6dLOiRrCMWe+B3t0?IcX;^lviQgi+NW3g=G>Eng|a}tVx#8%nrJ!n zi?(6D;4*#m=WhF^?dylt0PB)8mcS`7xfk2O8*qJu*e%dpVskMZ@f0M!(CLvrVOn} zy*MU!^Mri3gxQcUU{g6Gi{^MafjMtc4vIR$;-kJjfBrm5HCcz3`79oe(~rfO;~;8g ztbw?=y?S1=sG(k{=+AEyc{9=MCFau)aeqosPfeKZ95a59Yi()Tu9>VO-qqcGb5U|& z1bu{$AYJqE7i<^(43i(R`DF=OVMTQ$+9ru8h`Y_D)n&iTeGP(9)nk+AH%)7(a1P}e z*s^8IRrJhXCoBN39CFLC-U9J;PLw`TBmKKfs{7)cVMz#|fww?D3Ojd0Fo)9NL*M%M z@6%N3mt2}T)NJ=%V)fd!L116!MAz!gX^TeLh^<8tG<|>LTjz;N-Zb58>qxr}#ul175NZDNVTT86k6Ax>B|YJQQb8|L#^7`>1-tLyl4O|-9H zJYC=E)_j)+4RfuIL)PpAavz3TGUY%Bp0fHLJh$Fv=J!v-an_r+h68j}OC)Xko=t9v zI(2)cetC#67Aap3F7VF=s*6~18OiUp&z{=Q03=-ou2Tk#Ee9AK^8G{{%92J6r%Hk$ zV3s}>m&w#ni$RXVh%0t?akMl9%0?&mb9g~k0Zb?}FIK}DXo!|4| z{(bfQ>baSjfG}~FAhe&LRD+5j$>oI_4(Zvk5}pVyhw+{=70WR6kMSA>$v|Irg&+cl zt-6ZTi!*aOu3ka?1Ur`1zRHyAQbSq6NUP9@NYeOG``jw#DN^kb@F!TJaHE&9c24N{^|(4**7r z?guqWj{;zC?w*or3orIz5sFoeJVBMsvF$I-vg#@&SB?@}1}J~y&fUAAQ}^2-Zpj)N z#y}fLs&P+asj zWj4%X$?4EH5US!mdYwC7T|5EwEEKPrEQrm^hwBjtcO83V$1w5F1|BI+KGo?JR&AM= zo5nkn#*DvF+3Lr1T!sWvfwRdLN_7~~sev43(!9?i@25S})chOVevaJuk*%m0oqMEo z3S67ki$u=2tvA3*Re7fKR(k7rlRko%!O3;7vmZvwSLWw5L>GrsXYT$*gqO1mT=Ou{`)b(90-&FQWZv zbSZ?18F6JQMa!G_W=2!`=-PDne$Z&N+Uf>}r%v{P^J*UZ|3w_H&|5bN(5g80khA zHk1#NW)*4IpgEIm)0@y$Jo@utmwm2i6u6;Yo#6$y$WB1x`nykJ${x0@c>q1?{n*%S zZ+LDSi`_siFV%*|=#r>*>eQ_oi|Q%@1SfNx_XH9J&Y(`?u17vij zw_>rXwRFY>+Mij|mu}KvFIp&m^-*k7+~VzvvV}wUwl$2rioWPyepAU(ZkY1>> z2M`h(gxS+fNy{TwVxHBVIc99K*X81#dD`xzjN(xp)N9fDyL~YX9Q)DdONMy&gwrho z#am{(7T;>D`?Skpthd5~H4r*MmfUuMQ$j^*$$U{1-=gl6YaTOHkTaS)C-;guyi~28 zpV0N{XAc;2e!jQ9l7UI&Mw^Y4*%oInEtNi#fkc$dKItXi(zpi^MTDQhX-nh4`t1F>}MD{c9t$4xV z3!<9@FwyU;AaNN$kF9OwVGl~7DyrH<^+g`1R-t_QO^i1t*P@CwsEKZMd2#+J<4rf8 z>Za#G)6UJP85?QMjzDJ| zz)#7CIyMz*YIN@ zjFEUGG=R5yl-rP=)a3${(O56m7Q>{-vvFKr7ij0Lz0F_fg( zNM7(*Ud*fujLJ3fobZ@$ZAR|RLyzpHJiq_NQ_I?KLbAb^2~hX))^4u#4#$bP&>4l=8Pe1GRr zm#IPSV*1sq)ut~1JUmj>>H6L-+$uVfr{}hgH4gNQlA}8u?lu)zBkp6nEMWwRfKklx zU5gHlY1&RUbf@Ie)qRc$MB`gt823?(mgmy*0yN!b;?oaZ@)C->Ek4a{yi7 zSfng1Efb6eSKN=-CuDAj-Vz6)k2r$2Zqcn-vxWom!vIipLWwK3yq=uR!i?1)QBck; zSkSE1UHfAwFvSsk7q=(G!D18jVPXyH7P!v+xXX}6WN(Jv{XQQJ!rcUmZenvBYZhad z4|%s_KUgIg2X#n>3U_E{Z(i|zaUQF(+%B=vpAd$&9TwZ zDv&FF=Ly4nLIXcWxQPo{w7>B2@oDLph6%(b-Z;{-^sNM?Sa@=^`3PG!(1!eNdD+3< zHI(n6qM0qWAPz5JPbNU**XSB-nS&;p)h0iG_dLgxnRcdmXiLX~#q(m^gW;E<0EXK| z(7v_@&!c^(IgWO!`8xnB3m8>P746x1Ozn6*t?!fd;ArdfF5cExr&ndpyMBFkfZAzq zijCbqB;k{cG9seQ0J+2t`Y@N;yHjw4tH5QIQ?8#|g!aJQD+wm9C`8N}fIv|M8U8@VFD0>kOLsOV)J5s(;LK6eMOpJ74b37>J-6r+ZNpq91J9SERP8F4w^V2vY%% zLj}w`LN58z>pSRHhx?Zdu3mRuIRs@{k?c08&rv*u3yM%CL4GsMuUzj^i?D{EbTV=L zG*Rf{*a%&62aJ)@R5istE5n$P3poBUXWf2iay9IqJ2m;Xc4#O&40eYdIQxKJ=e(@Y zZ;BB<)p@Qzdh#24xFH}-ec7q&mSTRnKtV@#k7g0O?abM;p%2hDXm~xuB`tcouXpU@ z-L4wP;wM?0Q~ln%9gA(Gqhte_?fE*(!j`jow4G=6y?DW)6sME#JO|ti_3J?VmoKEe zTK|&fY>Sw2gXUXh+WK*IaoWd} zFXauo9!y-&|7vi&NNMTcGZEvgRPJfs44$T>6oc-=>&-FO>&u3Pc)WvmYoL@NI=;N8y&RJXx zv(|2I!U+4I((K~-{-yk1*JtkYn>DAMOrE|r<#Fb~ zsbam76k%H^tcizXp#~~<6u4=Z+tBK{64g`BE0&gR$6s>wyIZCpkl@%&ME-F1x!9cx zBQ2Rc@*NkZCMVOw#75e3h2&}EAplQALLVrOS098_knn`8GVxB)cT>?3Teoi2cz@%O zKzqAXYefZ*hGn<0TAJbIJHLvTel>5Ok~_10!-g7Ka$ypPCnui9KtpnPhDArxhTYsp zumJ%3&vPAEO;2w!P#a6?5BxYtO%aZDtgxQhHA*(jZ%I!-XNrc9`0CZ)(FeFc-qriT zsL6M3UM^P8Mz~nx*=N_89&hnwRJI+h2XmMz!Y=D0BxX^d+(LRPpSen~+F&G}fivHe1sP>0$GbrZ9g8tBne z!4CK!i9i01YGy4Cu7Lri?y>vGrBlQMbe60Og?pvuQJkI~v&d9i7A&MWl2>%&!>tu) zcB$vR_j6cSjGRn7o1;6Lyv9%+8erfh-F0tsy>zI^6K!WP$(uNlRC^ z0~rpfLktar3@xm^1*`W5OJA`2^>r)d@u>JH{j~}Yt#NMQ-i}aoLQVt;z6S}!*N9Fh zK~~mSbUzu!FjP1~R;yePf67up*Zkvqq2i5;9m`A6_3Iz27BJV|74r(_)q7AfigvCTF5$-7#;{Fdt}kMbf0tu{)$Sk770L|% zr1%|Ans4=OOn!tNmE$`5UcjBu-;Q;_3|Cq*%#`8HNmUdsHWK&5i@|8H&_Z=F8KEB? zh`B0`j#;qgX|;K6NvK<6Q&aVzthO-i91A^$15`PBY?9(N+!d}eY+-q87mR+c{F7I& zXybk8s%339Fl&?PnXImPg#LZNq&sr{_A-ER_s|g22)+Erj~_{~+_`Pr8?0oF;)cGe z2vUjt$4@eE2(#q=8@1+}^50wGF6z3^o`Wj)zWsuO=~1pWkE26fU56;V_CI<~mW}EQ zA2}l3TM^!Xx~7+yVxN%s*rc*g?a5%{#@d(UH!}q)!%vVeaj1QF?QDGH2W)@6p=U=@ zn(l7@<`k|PcZE{DxG$@*Jzn;!#zq&LICyw_I<65Y1@;!+H==&{1v+BGTua;iW*xof zTLweNCt<=tn)Lk>p{P%pKj{b~GI19>5rSH5VN9l*AI3%BG;xKEmq`B@xXxO187zt| zd*t`vY2`!>)T$(Si?tbjP zyy%cQE-`39+<~KtZy$Q`&cP^6XwIJDx9|@ssZNPhxPnfty0kExsOs=`xuqWJ*_S;( z#Nv8h0zs$DNka(sY6-eF{~NNRbdE>}U?Rd-z|6bu?J7qCg+%WbGp_jMcs zgG#-3?Xgtrk@-5>zck_sR?h9;m6hBzc1t8>>#IZR9N_LnJ}f-_?p&s|(^dKT`H2n( zq7}l2$J`pBjTkk)yG9)@+&w%aAD16pjwKU!!H3y=+zK)_p#{`oAt#5rQEyJjw3&B? zkn&TPTNCm4;loQ{+&i{zJ;1}0e9~^9`#a>~1i#gkrWc|I5B@U{Q(RI~606z{hN8}O zXl{CBWU9Xx0T*Q$aI0ypT_|{Ib8GtQ;{8kLPXL%zk&QL;`&wpxtP5lDzI-N8d#PY| z;yecDdS+YMxzcwat_T)^k`#!KeU08JE||>V=;Wl%bQFuG!`QF?>z;_sOd>~MP(!zr zFZ(O?W{G~=E%}g>RX59MpIk>jrrf2dj&Nm~G|1x{a$Kg9nlmj%-pgX4TdXkK(~8XZh+`~asI96ap_Q7^2ZDzH!$+lk`HwS7MhvnOv&xvBHmB4wrATI zXcxGugBfRPaD7oGIQQ`Aq4Qprvus|VPDTqeqXe2M$?4?U53#oKM8KKL5{uRX-+Osf z`F)b!qi@Vo^K)}?h(V=9WlEYhrkkjy*<3(fvz_R>?BwKRG&j+2<*d+@a#l>0s~vZn zjJjW(v)=*ceq#AMcNpM?`7&yU5MFrTCJkiVVhi6Xr$4$YiJz^MibpX_ga3(dQn) zv7B@Xm-Hwoc{PY;$!ouHPm7ZPZ2R%WBav91Xv$4a7gc(atnnYObdGPc3Y2$*@uX& zHJLd~kk`M@gi8|F|w=V8JDZC6?1nwyFj5!=lk6$%pG5Dgm}F{-ADbl^~L5bE`oRp{L3( z1(HPDnjyM%0+zPu>1(m*9GgF^Vn zON59{B9>kVW<0;4gAy7&dwp)nz|@FYup%Xr7=!DO*`&%Mv{DKNT1reSyv95q4jEZJolcHYx%sb#-Xz7DD;iF@=W*}s3krmtWyTjvJ{Y4 z7ELYDt!rSuQPh6$UAZX!S`c;n1PX=V1@Ha5+YiegCpC0bXwUXy3j^X25NEW?`w22q zYDVN*Q?GwnZ!_E~oNCb_0aVJ;)!S>p8hG&B;{a@yFHUXroA&d`EaHSw5FFvX)nu(m6np#K(?KIT)U?LfF^o%?d%|ZCp zZll9sV-@2vxTso7EzBgtUZ>)ZqoPG9Z|}#RA-2M2H*m#fpq2w(-f{p$=|H?ML?2t- z=*6Q<(5(FvEVSpb{0KiCY)ttSBI(g?+ELJEORF!-$&kudmEP!GT!+0DI#q`6E``lp z1|vugl>pJgp&>IOMW=Z|JrLFQ7c_0WimG6N9J7hU@`8=;iJLMe&Vc@*Jx@!fqxED` z5h^o*!t>dJ`VB zR`ieysIN9RJ9o!vA7_RMsI0-*c53s{#Ju#|SL1fdblx6L&w1)M2(#IUJbKN4-=l|` zV%(jI+@C&HXT6;zkXyaeVT81MAU$*YUn_hd88=UD{F4r7pcBX9-od3&D}4fC+8#W1 z+aP3IY@;_&YCr0y2I5C@wWfd)1RP zk_+a(cQ1^ttAq#=$}GdGa*NsjCoE=rmoY6EFLo(*0uYNXlxUt=or@ST`9$*u%}AM@ z{|d{92}A7;zj;69E%XOr7e6M4}<2if0~p&f7VD1yEb1U-h$+VkS@i4)bfBkgS*r=E(C zvIb9Bqd(czpmGQ3|A2`$6%`wt#4>TMG`RY-DSBgDbN0&HQ1za)O_ z#SPSsL2F^Fb(L_}2B#c}OjhFgS4tcG=QN9!bQ6O_A#TJ8%OI_8?;7DicBjWk z77fT`Xax1L*eLYT)5F8ke$a0w5tKTD=p#h;EATu+gANKB*Gi*(WI`W`LO$szXwCYK z8?O|&&Jx#wq^AiY$To$f`jlB*gM2Fy&|t}5Mluc5LIsk(^7|VUw}sJS648FJaqqV1 zs5h6pzxfjBw+aCQn3G%pwsKI;zlR8?%Dg!88ePQ*SBP%fuxjLxC`1-)*Q~)xwvtf5DO~04Y4rO&016dP#)VO4mgx0Jr zM;W4%5~vu7U6P>+MAQk3#*9VSD{&pk^&|PyVS*Oz2`D5-Po7kRMfe@TQ}T(BGC5dT zrHFKfgrJt-Pd7E}llMAI=zdRHMi!id0J@E^U6V)J$!Go6AsBYVYki>a*cOy-eGFMdettE1}x&+_UEhNxGH= zDGM0aR>IVX@K~BHjvbf10Ay8-=8V(=`_7|Rq%jO~2`QxYySWokzoqap9q!ng->{fE z`mKLo_o#BdvmKEgP;45YX+!|C9EI9=^zxf~NWZ-mcbSSo8o8=x9KsB0VKN*9GCrds zj6QyzCx3$afPp26JVA^0Jcf|Wtam~za=wS3D$#4FqzKs*+V)c?nLS(!{@zvx$u&_q zUL_XBtW3B>z8$x5<*VBy_%*S4`7Vh70uV)llE$FW);lA?LC7E%ypRrLXWrOS_p(5< z1XHO*n@UE=;|iF+L+)aS`+OqQN>%*oG7$!7WtX7#SE6g;Z|AUNWWZz;?+CSF*dv+@ z+#uJij2Ei}=Cgk1(YL6jhJ=SmD(`)%=V>uqEyiyW_3>>)E{zgIW^%kkjCMrM+97c26v zrustVqda94s77|__a(PWpNlca6N`Eo3x9DAiqnV_Q7VR zpxP#<8>lFlYAU>tQHIoW4Vr#;Z*MfHo+Q<-XpO+15x5_x;bO4BhLA1VLktu|wq+F! zIGSQFM?4_%4Ddm`ZlOCRlxf4i{{VRv5R?1xi-^ltQZexJBcXH}8K!|q;moe?ui-dw z`R!6cXZ^(nhp7`3)AsL%G(HJb@mIG=Q1!vkAErFr7O8fd4Wnd$D7Ibgs ze|oa)fJ6aC`mLo!G&a@um}yIf9Ns_!u=!7`kJ(cHcGqbT^I{RHql7-a@e?nK46niM z!(forqyHG>W4Ds72ekge7sKwu`{2FDnafiO+~1eJookZJJ~Gd)WX~D@n*2s$kvVT)9{qM^c%Nvwb41Qa_lKE`y|J&)r|Kqa$2h2+T z$JIEN-n)O_2&ze(TFM(V{B34)hHmX=4sEy14YOU{#{hsAi$z$!4197pxXjOXFBvI)mO!d7 z1pLbond(Rz#-vrzo@jpLbCto#(gBjlycZdM#NcJSGmQ%kuY|))O6nd7#*@rE;#NfI zsKv}iG(X%ORWc+2SV>f7guPS{hrv7wJBbxMDkxK+N-4*>=q1 zZzGYQ!d#b*qQO}-xoT)}p+$?}o8JR?BUF-gLiq!&4xZWB z3q2U!EDqL!2x7lVIoR*2eXNzp;H(cM65e$XFwIUOiG0{V(kCpo0(yCgTxgHVe@+VwNcdfhp4f<$_?ik*P6) z5@3p}ppX;4hzxc$Pe~ZLURN0VfsiXFv6=ylE`!FB$^ZZ`5aA}F!349I16-Pgb5*MM8T=tdfXeCM6NU>X{Rp1W456vN=rW!C@-Nc zhb@BFYvTF7LD`={^9*ICLGE{htk)+4swQHp6 zKP7Ua#!)<`ACCx>aD#d|Ha1ob?L#X{9nkWGLHXbgL;AIA2c8PGS3;PbMCaom^CIwE z$S*}C7vHRcfAxhh;_BuW>gSI@5Lrt2d%v0)@H-R04S;+qep$$mmN{0LG&(mF&;jsn zf{);ss;wY1E|Y-RWRYutRv1GyQB!vu1YDEHYnB@@l~O{#j$TGINgdvhjdRvj1FtGX zkl8Wm1Arh$G^Z%y>_YargoiZ=OGu<_8ZAe3%@EqE((RRNCg6PnZk&rld%a`69rykF z&k292? zbSPcouw$*7=}ASz6%b36EPryr`W0b`c)#B9FvSr{F zDbyCm5g=137lyV_Sdf(W%2Iy z7Tv5Y6RHu)OZl7!ZlezL=wA8KcCM$RSCZLp* z_;1gkN+&gT{pIpS75ynBN(fZ|0$Mc^0HG@%OjW1U|&9|5u{X`BPo7vZTEhe;ERe$hQP<$uDm4n6MJxHHclK*L?^@9#ypf4I=?>t$N)W-0GIQ zD9-(8K~+IHEu1_Q z3qAvSo>gWI$WrWw52vDgz9+3TP%Y!@RJ;oz@Ent{wG`~vT8w8zLZ~vti31Q3RMRY$ zv#Ah^Fe1oTZ_C@1Z4(W<`R#sT>lmc|$U^{ENt`ZYxpHQh{Q`cV0g0r9Wi-noNt?@! z9<`Vu$aMeU4Yf8B#&s+jkIHc#3LZ$RvlRmb5oq|Gtvi@;Z;n)uQEgIG5xhyLpmb#0 zTtE_B38zdX6og^`Se#%9>}{KY5A(=7y+FSwIy0pjJ5>NvaAXd6{Q#R0FdOw(?M7w> zc5Hrh6&e6d73$dwE=|E`BZ3{Vqw6p+Bo`{8Oe7IjBfP;XV>65d#Di=Vo3x>I){vjT z!le1q!73)!Ab~Ro7gf)FzQsunoWN^RhOXwAC=`dL#|fJWLq?u8w?o)2?$XY-W@|6G z*tfVt8GBsYeqj1I21t1*q^+0GE#762sD#qiKcQ_$A^u&OMFi;`54G|8_z^zAj6A_= zieR7ukkZJ@!P85xCRzl7=QZGruhA-EkS!;{5pTx0iPD3 z1URFxb)^qOv?7z2K__lL7AS9NX<2W4_UzfjQ8E)CF**s@Y69g+o<5niEP(gZK+G|s zpC#HgYUep3Co%Lss%ds^u4pbctTk_sv z%z=|BS|EscfJPCd+|GOLc?}OE1|G(!2Ij9{l3MMCQ74k14Rf1PXOeJLBYFv@n&Qw_ z)QqsAW1!L*LDk1w2_Y&SbZA2eOk{hLR*Lm*4Cpt90C`=+1qK-60`jwtfL8>eU{zm$ zLW2-|<^;kb7ju@)&RhT^uSEmk|F`30$l!NcH`|1}^A2Qs`4KrFraC4B|D7daKEvdn zd+P|VzzsaFZCZ`T%Pfk*Yu}PdR;U2lz(`nFgCBb0dHKHu z%rinTItTKJ^VDE0q{jZn6g^~XwbJeqCbNFsx+-i0LVqwHPwttZ>zd5`u79wk$lf3~ z3;DjEgn^O62BFX}!pF#um|y@#1ut6>q4qTNaf%|)UK*x)0Mlj3Ap$_VSTRSRvPeqE zk0iI?!sXG{{QyO=Vk6196KIhG9fgI~zrMaEIR_(p2Id45%UFQ?IjrF}ZoUK4H4%y+ zUj!(lp`!wH5j25vaS`ye5*UTKNvMf5(+|E)rFU)FH;WxUPxAyx$6tk=Vu_VgG&lf9 zpbrT#4C2f9b?7M6GXCovqAf!IrAG?=2Ti8?pK!p@e|j}n`N+{mtDmW%k?-8GgB5JM zR{i6l8(vj-Nl9*CNLHmkq zz#BjHz5(NIZ_CfTKlLxsithj88B_o1mH)p!@rro^D(@W9){xcNP=DFyxDiS9jzze_9iFXtmUOpPlQi$sJ-la-=BkCDz(&E? zlckIehywXrP+=00W}`qcy;IU13Y~*G0XOw4k~Bum!1p-&V%<6`;SqSN6LqS(M092- zIBkCE?(hnv0}aLRTScRfaz}gOR11^@l5r$3VicWR3EdrMe@GBz7wpfuH`E~w)W)-X z1k`aqtp-ar3S3xy97$GncvH#%>O@_E#z{aX;CXn>dmK`<-%J>=l3*TE{s1n;Y?ny2 z5Yr(76);*HBxaZlFG~1fWYmCxOaQeQ;X&|nkD#s+jgx>^oQEO22^ahFtzp;DCs19? za_@q+bo_QEmC@GcILbF|1SLPq?R%FDeiK5u9;AE3X=Wy|_5+nUkAB&WvoO@tjcU%5 zPJoZ*hrLV=7DE>2hC$4;i?{D2_Z5 zT~0q1>M=RpzYI2C4I6-XZ2tW%X+{x%O-4YG3jI>J$Gk3Pu~jrd{`mu zn1_c4nT7b1*G5dSEL2pe$Y~e1Rt)k}#47^klSy-^K`?@w!g%6_bQ-%X1|_PX8Q{#1 zpw(@g9e}XdDUg)BOZq|W>hV}`SjPi3e=>4}7lI?SG}i@PAS*|~Zx#LKJ|G7YP{nGF z2J7#`4zI(4N(brlAIA|F6zDkh0Qn(?vjChX@#SaR9tz{oGSYmB_27cfbnPedAGb`e~o%YgCM2iX#%^S zI4ZEd%B9}Jh@l<<8C|+bwMR+n~(~HzP7iX}0GN6z-i&R4ro?kD&SOVlB zs4ICA68pz3k+|j3$y39Wupi7O$jmg)^4;XIog`K&D+fP6e{&k}r5t1oN^P^vBRX*k zQI`IwQrLI0KuSs^XSjE7EY?(Rs0Cy;;toS)yk2+d0_3+^oH2z%w>}Y;x2hTCZIkqJ;9oZtGJ$lp#gRE3i8?ix~^O7HGo5;d|*+Q z8Rg|u0YAN}diDZ}gL@gc33H}YK5^NW4ehhe_MatT-V2b)>+vWf@^zOG%_6Uen8@Uy zFogK}feWer{__T0L>@#!1=VdgscZxA7V&+IL-`{_TEK>&+)A96oU-_f8NvXuzu*gS zYgGaZl4FLj{F@m&fTrVjJN)aoqOxvx0_1MZ9MQ^pN3!ww&H*&F%pwJ>H|iCnHKHdF zOs)c(f|UJrPgl~tQ@6sT+%cOKHBw4bPiM~9V(O?dI=O0D!$%8b^}El zzyWYdsJ@AerW7(nh@IPwK_} zAF#odA(WEiZb&%y1-G_{-C*NoVm2tbP9cs%G-zzonnSbOcCB#U)`;0b@>bwZVv3fH zgG}c@Oe3~4IoAsf-#U9g0wsjQ9o5Op!ef7nk3Nd;3&L@iajMBlXl-P)k#uPD_PkiK zOGy3}D%AF0i(^@H7$Z}DeP#``;qydjL$x3}C3$?XN{C;;tgb_@U925kJsAfg_@}(k zM!?{Wn|1SZ>|+tzzE>!SpRL>(gA|pKp`<*VEkt}`w3VG* z@5yCcDC7|3Nh9t?iepR)3Iz&<{Gc)tXSNKb)c%}Cel{XyS5@ISpx zb6t=BjimgK=Mw+bK=$2UJv^9|(#J6HL5@x<)4w>7@MG)0DBO$1?GN93SpRQNIgsj- zt@JPZ`@iq-*#A3V|C?CskBqMOT%x?Dgl=Np`!5&VJLf^~#erjRHs8ja{_i>L_W$mB z|GSRf{kN<6-Dq6(=05lb)Q=Z9Z5Gn{HymiIpK1g;Qr|KBfY@s#q~x_lL3vfHHe-d^ z_Y;KAaX-$HA!-{m13y-xHXv7ogA|PT*3y00-UI!Eocl(CAY_OM*bD{{bpkRn)cVie zu0%0~Ab$l_CHf{gcMZMG+fM==@KGxE<4Nf>Iv_NUhKE}Z5m^ILl){?zJ1(KpBP2@i z7#t-Xw*N%$nOe{7-au>#Xi~)L zA>fr*b+`zPn*99ym+&1)_z5DR5;7~HJ-X?}FHze&`O7hf1OuJu(8M`He3iXOe+3;g zig>6Z>9c^$P%X~^Ua8#T{?4_Gdth-B9`y_chc5b5Bs@WiIR#$BD;U>}bY{SbZa$DshyL9%S`P#1~m z0q~Vico7D|$bYglR_P<+5gOHHn7r^WqA@_LiR;9TMcU%7E`+!M=ZeDho;*GSbOu=a z&@K#2s1L^U91fodEeaR0`);I;vc4`%myYf_^@l(ognlv>RQr~)op4y^$2c+6#SMBX zBfsG@97^yOzlnV!&i5%fgBSoB(UjFScqq}$4C%8KaNabqG(qlz-0?O4KSiXj3Qhf@bH{qFKWIDZbUiT`eyVf zc>%!eNMqR{E{&t-Vi5c%fd+8g$-grGqWk^!;%~+Yz+|N9FW})?8(%+6LGSYe^}?KK zCqJ2CLTD}kh>?igq|X9B+so(y?BNce$Nv9!R10IX@@;}YH!Dy`mJ7}l6-^KEw;j<= z&;jF!1_}W4C`6R*Lsuu*7#x*nxIX|zazM+U6CMHN;YANvhhe1{VbNi@%O|9W_ykbs z2{OI4Vihss2-U)VR)NdF@}&pW@wY%9;v&RJcma3Uu!f9{0z@6fpk#d(1Yi?H5JRQv8Ty;03LW|-BZdz!O_H?kkDhXipcqp z%?KN=h5U$OU=0394zq?zO1A7p>X|cVt^oT{s-fo+$Vud4wD>DTgT?8N`Is>vKTh&k zCx`B09mQj0Mg&Wp9EwN|*Cb&JV0?1a1dh8U$L*5iag`*XHxJkcuFDUnY9MED1(8GI zZsGJfs{#MNQBe?Faa^6ficV}ZV0m<92!KSVt*Iu{hEx38hxQG~hKJ=4Z#ywRC?UV0FCZ4n=|hb@OP5xXp9( zcylC3L-q*xGV)-WRB|LEoKtClU~)2U!UQf42X*J;)7dD0P7AJ!i-c?)gBMJFOAd)>!;aj!myOfK?4dxJE(^ zt~wFLVWXIke6cE?G#Rra4-c8sqc|#w)I-4A&y5GwvBo>be#V&pO!f3Te81oO zzOU=LultG31DKLmlSXKVN{-6nEq{16xvlpYJ048+x^#(9_eJx)^fZ6~jTg&L3d+MQz%qyp5ip7$^5KQ5+OiqMD{1|E-aE2rcnIh5 ztAdZF-?QDuNjG=lTP|CBs+FghcC?9icwp3rMvnrJ7CHSNvccebee_nbdM;2#bW=K1 zq&_63iBBag(~u8P_0~<*wIjX)vGwZJYrF?p|4d~L@X)LNkI-U~>*G5%*F0h1))lW$ zR&UZ-JAo6gahvWD(1ils3&>Wz&1sxCuXBwJ)YQzI@iOzN(VivRtdQp6F4jf%)n*(PYT86t{3;F%!7b~(p+io zM^zz$Zd$_Qyo5=8t7qjmGb^0Kz87cbWgGk*XF6Ka+zxmR5I z3a(Ejlm*6ezaxj_8xtQ5^q-)9=0FEwL)n2Rzb`&sxZ+o}l`Y!6CU)%mO4qQc$puZ! z{ltr&X7k<8*HOJ(&7O@6jpEtJ8dDm#%x)mzIeN-11;ysvvhKxt|Hz=mxy@ejf6AYVJwJFa9mX4= z=Z?@xF$Qc?Fv-_IDW^Tto^&gb zMsQ3(%BVX<*uh0vL`xU9xbxNOHV`l;+O8=IH=ORo)l6c43JW#_-xVh$U?PejOU#R% zQ%4byu6iqLk}7r$98@kZxhBKEBLLb}?z-&sX~YZj50rcwt|p<2NTps0iv4%rvp zI>tcAfSVT=R-Adr5gUU5VjNp=vQTnSL$fdk&wVj zpSL8iszVTKf;vjQOJ>xyY;E=u;CB;JL0-=^gg*K77MaXRZ^U99N%FY$ZYo$w9H&aH zE|ANuetqgzdF9i~B9xwt#{tTbOJk;SCbMkDfv}S_y^ugsU6yM_lb$1&02pf}s&t&t z?n%CYSpIA zp;lc+%lD_!w7h=(`pEMd1-z3%epmDmv7rSQ!-&>B&ngt@-7nVjR*GqZ(8m1M5za(p zpL8>ZNCM3MG>cC1ck`5~0@#y?T?S#hd~2TzOTL_5=}g;e88<$GS0R$Wa(2)pT;4)Y&l=$IR??(R*33%!ip7wvkn3sRL%J;ybn~IQKPBW|z1KbsQo<4N5v9_*D5GkEy zp~brHYed)?_0P$*{u|Kq7qB5R73Dq=I9VHK$m`y2_5UU1T6ymarN!h_Zx39~4L}hD z)-arTp+oQK#2UKxkCR>q;wiIG68j6(PmLorzf_HAbKqtI0Z>17AJ8B~dJyEJolZKF z2NNhWc%WYL$f-WiyEvbw7}3f2`o7s@4#6w)dlH$xaQ@x(p5;YJM@bT2C&rPCiP%Em zX3)oQ+WiPqGX;zvzkhHnNm#dwKRw&*65@)!c9!1mU0V(!b2mKv7SE?X?SJ^lpvUO-1s7NwbnZ~K=1@+}lgG*=qOo>Fyp zf3|-ERnP2i;*sr>eV>pb&q8a+>O|qxonpbwrB1q$D5k>PI5U(YrSzd_`hrmAgFwb;#a5-8g75|C z%U^*hI}9m2U3|7Ol2PCTjO5VCYp66sq9pJT=W$um-5I%5xy}QorV)SiD7$ZY_>u*Z z0P0(*=K-i*p&iT+{*Dztigv75S z*4QL}drS^DMkQ50C8`IPEd6An-{LZE>^aW(DS?^TBoUJ8^WJOAT5-kNK5MIDwU@22 zAdpn#(r9vCXawFFea-EQ2Lm!rLeeWBBf!-t=Eiue20ZGjM5VXGD8s`^GPGqc$Adq1 z8=hP|TsR#3H1bFgfU=?oWw$01f$r|Q^d=Wxnc`lU5G_oLsKVLPxe!{_Or@|^F@mGF zQsx`!NeU;~2t66iq=XT<6i*OstAR3g?YGogqFV?_S{{WwR_1^dYFEcRRUZ|wzdk1r z{iI)N%^FF21m<{gZN~^EO)Yv^`0wf3g3L=3$wsBjY}R4W1hU+_q<+f*VA3CiZL%Zl zYvFNp7c6qqX4@_4 z5Y;Q=G#X#r2gS;ZV(OPKkMTDWbd#%b00-1oKH|=ve8$H^FbctjD4S*ZqcKZAz~kJX+5ZV_ipKK3uS>%pW`VV9S{zNWxJhv)FJ_?ctZGgxJ`R0ELfZQEUQ7i zg^st4VT;-di^$uK`}zvx&-zQ+7-OY4;ecAxx8$1v6c752)l6eGmOO_p%o~V_TcOyqsfp!Uq`x06&Oxq6Ds;U01tPh z<%xyDqqdWwWCh1(9v4R=nTY3|W^q^q^1Qb@goGo~)Xf?NWIvEc;2!j_xNeKyN{e?j z^#$$A6k_^q4Yk!HhO!Ov8~7l97d%-iqC7gu`O@j1oh3SjInppeqKwMTX6Q-myRFQy0-XKqF?XtpAnZf zb*ycp*N|EiL9tu-_>dOrjsu|bJt zgI}$fv2d$_pD9m6D+VU(SY>`QFRfp?{Wiy5uwE|n9+N%9lwM3XsD75a1icc62k|SR zi^?6CKbx-$Hp=jPn3{hGZ)VqU=Hfq+)gxE6x z;aLpQG&iJ1Zn$&Ca13N%V!;iYMkgN#8DVLeMPHwo#bhCrVY~?97qjTD!{*KU>tlUk zgyq;b>$IH5zIib|;Cmw(3pH9*cz#Xt{r)KO`m3@iAKinzbZ~>nV)FzuG6NWWAlPKa zuCKP=#0genzoc%A{Fp;>=t&j0ZUqK2xiQl|tN8E14i zHpUXQckHR3t^PgnUfay=%L+I(#Nq0uY)u!HS?ghQ0@0pOU#QI5%L`XolM_CFQT?fZ z2mN7I33L5ZrRsl@`S*r$MPTyP!^d>wCj(rA{;h-j|8f+pYM=Bvkn53Ag#SH*p(Vf| z_SD8rCs1!qKIS}?t;eYuTN~*)N_u3YQT$)DFZV7=5PvR6;MxIS(w>WKkp$%F#D$Hu zFL7r4HPrRD4Evf)Y}b=%5t|@1ipkhC1b*O* z88hT4a(jMlhZ{IoH=32@Sc1aQbO{2d+meZ;gAyl-&tQ<*wAhU!Ar00O%3^`AvoVOj zy7ldQ+ZU4)N&id29cSQ64^J98zjZ4$3NY@>7#ko=k4^R`*j|9(m`Bd(DHk$r@%gzp zV=ST?nrCzPb?5;AQZ0H--}ATjienEUpUj>CnieJ&i| zsX5lhz-7rfUGFByqRat?l)%)y!=PEgsOx@{*%JtW#%q)`Z6Q4x@_b}EYC#HT?k>8p z?4jvgf{e)X2CA}TGETI5lP3MZvjK@~f(W-=M*6w4hGK$gDhAi*7JEvx3JSn`_&8rCv|cWJd~8flU`U6EP=Y0Yq=P zvHG%K)LPLUCq*yyDFp9{3^g^iS3vZ+DB-$3?DLT<ef3mp*kdWS4>W(50t+@vVi&|Oob>WZkcq|o}Kv0nP zm=T5g7O-D3#*~J@crVcaiWrqXB#ou5pN@9EzLpY7pp!5rvMq3y{Y{XGf33v+E5=J*0}wHVwbR?+Ap z<#=4EsdfwAQ7&AhiR-nNhpSlS@+bM#&OJ(&{wkor)H0!{NwBW$YQ8_3+Kq=L;BJ&n z)a%g0tdHw>34^yz2ILhdS>Bcus>wMMYBFuXxtAAbG?S`^g>_e|BRb%wA|@;l7$rLD zwT?fT-OgVfvu0ac{`wv~NUukcv8lFpd`j3ivW@;AOzy?7nVt{7Dl?N``>D+84YL$o zo4w7^=?F>n9=;8!yFHCxEJpwq7kzqLV;&lSK26C`z>sP*ogO^QL`7_u!4s zAor>^y?bB1Ts#{kt+ck;TX|(By^bAjl`to0v)AgpZYrNYDHulp#Ggbj`aAs5*e&Os zD{_nXG~cgFlOC5QcBT9F95;=89jd=(;Z2HHUL#r>+;MYjG&mOd0SM;h%A*k z_?AbbaIse5n^2J#YCiXet99wp5+5JmeS^F#NsK27giYbJz;|iyHFdr9dQP-RYZIQF z{ISb*b&bn}GVyB?+5@wleI`Rs$Jo^@-M+xg=NByd%4x~IGc^81V1n&_B!+rQDP(I` zr>u6KU^I4Xayj}3d^?j-NvFNcF~qj*2*7~>=eTTvaCWt^p10|;!GrhHk5i3EM??-{ z){uLC?cXm8)JQroqJonLPT%}xTVrh<00cYIbgtikt_-m=IuUav>4E7`Z5=G`Z;Kq2 z2j7!dgVURH;!_ZVFh64!m~J>0X+@u?^v0+-nyq+$Qi}3;g~f3y7HV_lqg7VYb4~4} z=XKNHj>|g?=ckH{e&JIo7TXT8V5^>u`UY4gO6A-S&z)-Oms&eW)rj~VO9Iw$Pc#f{ zo3ZPipU%cmS0?xh5>wP%#}?|_ODly0ae7-0SJgaP1Ccm}8zS{KTpU*M&Gysh&&p@N z{W!#1KfSWiPt`+r6kqH|m0gZsRIUI|G*gS8zSEw+U%zNlMQ;L5TaZE#CE8{?9AUOpsC2etx22zZE9ePl*2VRjN zi6(~Z2##_G#JKUp_WiYbK>ntyWY*~6>MTZsazsk->b$tsvna4Lh6tZzHN5ZEGK9=Edr!XnCnL#gixfbw4ElE{0=veZ+N8#mBppp<3>;uLJw3gm6Hu~J zA5nkZ+Qq2UU8os$L4EDw=+jiXaZ(f{kRHt=$(qBk&~dQkpjy5zSl~_Wk{P6BVo)|f z!wcxMtISJ(^@B7C(YpsaD0j&Y1d){NfYfHT)RH{PAfqt9r2^TsW|j@d?Hu`c>R%Vq zCKn*T&zwf_-h592lhM0m0@Mx)whdakmL(HRyg*DCj*cV9gV(mhbtqGgtWHD+UY}mr zf{ei0m>M|d#+o!qLR?gf3tLBYDJ-NfdleY54Rr80tS(mJBA>;A3^kkPGfbkq>Opg` z(ta75Vhx##GEFL_;%xRDOOdNPPeNG$?aO-SQ#tn zwqjUhamT-!Apalei~n#rikbuFv!JD>rZmR>jt>F%SJdT(l{DLuQ>yLvhn198Rv3tO zE@pIZA>q2Z3)p)w%Jiw{3M`mbD0u7G{l%%< zJBXfKP91~?#e;2qv0a!6!dmg+$Xo|hnWD&>@yh33anB3ddfT_r0nwGe2OQefIY#kB zeK-Y%Pn=8$hQyYUG)Wk10`xn<-AqKx6Kb}=3tX>b{FIZHSlI>L^;K`1LereIb%my- z{TR__tg74i-%6KCDkdg^)+(}+;-qnoU%Q`H`w7GpBHioU-SAxi#Zhb!z2yVuJXfyr zu2!Uf@9U1ZUm4m%VLcKk3GhaHG;7R06j#2C7q?qv}pf);k0Uh+%^bD$A&R>fP0 zd;|sF`d*kaj}=;*esW!+%3%)?@}n%$c0W_~(2Ab7JXWiT@25&Nr*5u^s z4(}Q%GTUM+7T|gnMS)7TUGQEoBOZWoks^1LK|Mf7i*3-?B#2xL;TGqP0mQc)bq?)) zk>1N_94S8}*&%$Gn;c|}&Pj~M-}bjfb`_al7q^osWF#w`J`z9U$^-x=wUq8WIq{)U z5@SRpk17{kgO~_YP5l-#HfNWSi!|?xB$o{-eLoN196yp2MwFAhqdzTYA{c;;5Fm=b zQo5qu3Q0XUS3lr6XSKHm?nO$Z>!g{99ulU6|02l~6|ih5JecO#tb8C|fC=x+5jdbE z{>HD4zp2>G5Ads5fYA#%AW z=7>Bj*1iFHKe5N+E1vWho$&8sBEgSQ*hn8Wp&}`UWOgbs#g2+DjNzHm&*62wm|Uis z>c9ZNRYX4+(M3>{rKiSA(+`lcjHxDSmjf0}hFY}WBW#%2O_1t%nOu^gDb0I4)p`w^ z0_r7=1Rk$uS@pz$P<4pY|AyPCG7bmTA({jUb2G%cPv)2)ZNyZo!0Fd-nnG~AE6HwO zv9hsZe*h(U<&>>7QL)gM1L^D=>PL5Yb`GUpe&vs(l^=&sob1=(kF`tGbsg z_^GUa)RE1Rn+==vIH=lH7TM0uy7Rq}zpRV$@QB>jGO%Pz$ehldns$omHEU3)R(7Ci z_`#7I0_*Py%4zPi-(uJKTQgRSs$A9ZZpqi(XZk%__7-*AsgIOB0gTHXjU;Ohqu428MQ(BTTXFwTxWdJ)@Qt=d&!G+o)s5+ zF@eQr&6*oC5=woE!FJz<3?3YD$Gxvl<*c%lmUY3q)7juTSXS=2}+PhO{&b2Hb9e)N?jN@~qCd#=o(7 zu5dK8)X-SZBc4OQ)rsWfO{1gMZQ7(3aC+XK>|zRf^9YBdbrc5SjkSVDYsH?V%P{@w zRVD+~Eh{UNpSL{N*GHY@s5NrbDCOstt#-E=K62!TFuT}EbptNee4o!473_^ZY3WBYPw)q}iKP@eJ&5i2}qjTrl8$Yrm zet}H!5`Q(XpkU0$*x1-sijm&liD4yApHj^Xc3t@F_3K`WK=!q@2XuENVY|h`tEHvx z2Y=|VJ2t(&me!%f#Kit}hJ}TPx63XDy{Q{8;b?wmL&Nd3_XP^OVfLLGy9uTE!Tk9f zw{G1!A$C&ENw~2sHU28sdGl@*rTVp3*KJxf;_#6p)>E9Eu3w+&;NVtyKRhg~(MC&M zG)1lp($)L)3C3htawlN}(X*f;fAB0%+=NVv=84 z%?nhtpNg$hy{MVt1!;* zVRJNp3-Zp*Xc~0W{SWAVTNW5NuGyN~n*&Q@3ywPW(bLy=AiXa>D!40KOVsGb|#ZXx}X&pOutTW81)rBKR8qxTg0c9M$EGzr| z_nx>-X(;}|mon<)}ZUu@g9ZMswbjJw@ZTQy1@tnfBCzz~!sJ9qB1Yw?0t_p|Jv zh7Gl*pNNl*RnE8S2>ith8k+EHfo76ZGg`5ye#U{V-n@D9Jnx;TlIPDiAil`ViHnOn;eMwxUR2tP7A?B%-oLV@CWC+$5*D_BcUR2${0UCY zY=TUf|fAZlJGV%hy$O=+MEnjO0AL;?;4R+xy>qOj-55 zTTV_+$j+T^OSY{&akRbhqqaSI^aud zH_u8b17z{dyCVOJ!?K z>YQuqZUTjM$8#ru(Ad61dt=u|8m(LJ2nh+Getrr~x6bn5ALufTxW&RVH8nNcJzxFE zM|_}2tPXjVZ1eT>uD-J`b$QRJdkN@oM_8Eal5uG-zj;lWHm!?+LF0)NCmuO=Z1kKt zo#EkT&z(EBa_P94U#mNM4^L$4QFGQ)K)GEZuz4)0AZxlEZCpO1GHmBgt#iY^`uhzH z2|QxHB+$H7t8cGLe;GxyZPQ`*8$ZQ1N#$1~LZ9h39g`z=eQ#Wl+V&7S@jlTuzYUVL z*QiO8%e0crnm12P;X_5(>TiGBbp866?%~&)zqPls>)a$~!TkA(Yn$|0I2KE%;m&jqkjGR9Z7SF&mggGI<)FE6A*&5 zhiI{YH}2lu4!PKN!hm~{lgDbyl~B+fdiCxN)~Gwy0$Z|Q-{Ubpdf~#}M8~btoPHlj z?yE(EQlQ?eJUL!bqln)3@Y?L>>FJ5IY-97|Ha0fl74zKOE?vA>hhVqy=+T}u@N5t` z!ePe1fddDbn~$~c?|tj+_qU$CvPmU|-GBDWm(N3(^z1`gs&n@H$dM0&>zK7_H6)*f zG-1-D4Uv(ZF)?jO^crbx-RQx?hel-Pihu(Lbf{dmgoL!@Zf8>>+qKNw9e#Rw*qE-A zOMx5#x<*E=X!FbYbM`lF?`6xDb#Eid*KAY)cB%X}sYBm6>4DAHgkHXU8SO`%jh5?( zg6JQb0&W@&x|Nx!PLgu%=FK-tG(UuDv}v<}5X%a_c>@_p?1*H1|uOs8i0K?P6-$4s()5>gpHKGO$Fe?#&et zh3j6&T6ZDyXH#84WU-ZWTdQMq1m;~M;E4K!aD6-^tnoU~;PmsxjSVo7Uk6eA6c)eo z{rk&ET6pE$eH~j{+p;UaE~-C@#BMEyT8f1g1-QDqy1CK!t?1pmw@*dV-H1sBh$R|( z7A2~4L8O6yU>0!#9QNuli&hg?x&(|LInp+XiiK#aB%num;Wuq=OdF0Qc_Yhn+;t)6vm`1#bS zez=bYQ%^l1L}Wl+7_ro@8qOqq%E<;ZsB3Jj!S#0U-Fwv1r3tSK2b7Q|U(3wANL9B4 z-7{&XE@S!3E)c_HO%fNUB)F;r**<;pB!Fv){a&X|oyvFbEL~moXg+EdvGCeAh@&bH zs>_cb>ku~;0UthipM#IMcXnkT9459?G{j9yZqDo8KHZ;?>DJBcR8bR>#~tcxDxcKB zTYSr|U7B&uXWl9Qb~sm#Iu>YQ-bQeVh}2XqZgtiAu3b7u>aW|H&TrkZzxCk3xf=&c zj2nP$jP&yxGRdGVugDAGoG&R5#l_=LLoN1lo!7(lDGF9wvZq_NZvAss*0=|$%bNg! zTqKkP-;C1l9O-Y-u#}J_pKbxQ-_M_DwOjEI|5wfh`Rq`iCCf}cu5~3U)qeh2fAmv} Z{Ipv;Zm&N^7q&v795sIAG0R!&{{`ycGXVeq literal 0 HcmV?d00001 diff --git a/docs/versioned_docs/version-2.19/_media/benchmark_net_p2svc_gcp.png b/docs/versioned_docs/version-2.19/_media/benchmark_net_p2svc_gcp.png new file mode 100644 index 0000000000000000000000000000000000000000..55916a1de91094b18b3d47c50fc5f5900adfe9a3 GIT binary patch literal 38395 zcmd43XH?YLw=D|B)>iBmF`$691qdh@2$IcGfS^PriU>%SoCItWjf$ZVkt|A%N-BbY z2@nv;MJ#AVG87^?-?{zY`@Y=q-guwRIgX~=)(ZQ#!&-CAIoI|-t9E+*TJE)MY;5bP zN+&ef*p~OPv9XW;whDiewrBM|{72gPb zw6{AXDkZvq@6IdE&R3me#Kdg>pBISQJ6edzZAtqBAF}4E(gi0rwhboahdn_t-ja$VKyPh zriI2hlV`EQna%xeYnJ8iu&TJ4nwl&-<ZO5Ay ztHGYCut0h5D_0V1B*XBwz;CwqtZQGKv|^-$%+Jp|4>D4s@tgWr}oNTekb{S-3*?p1U^}H)u0k%B(29)=7GV%!JGG<|5vML zpfQe}Ca zJFBGhPoziBwyJPxO)2}1H%%p3dyR_>s=}mn-`!ZrwRLMk%7x4%=l(i;cCgRFgf6|l zDpaDfReGwgb~klQ`3kdiVV5fFONWBt{6jjOo^iSSgtgm>wFHAW|cp|DrU~zs-ePXaly}Kev^Xk=C^9u_>V#W&E=|+Z} z0;)B!D#0{^rpLQai(h=p79^y3>O#ila~Cf@U&|#NQyQ?{`s@4Kcm4exWK#=9k}!2q zQBi9*?Rl=3ZDm>UL@3{L!b*9sC+*{U`B6m$1%`N?Mzq7=%+5s+Tn4N9?MF;jT>p-hxZ>o+`RWf2IWkv zNBW>G-f7txH>)p{&zbPnEc(siVtqYopcFi<9^2@}(15 z!}LzcqN1WTiwln5Kbh#H8H8MvfBpJ3`3Qf8_UlV0oxXis6YN5nC=f2+wCC(wo6aJ6 z2_65yuCj-Md4?FdDQnaLE!^|J+d-;%?Dm1yhEmmdA?sB=Y&xeFGI&YphQg)nQhIvv1mMs}#v?6_s-)vw3=B6{39y?ezMZmr==8C91Xy>%h? zYP7WL&@*Y@#WyVlZt2@_V#^=xy6JMn3CntUpXrGcw;C11#Kh`xZZlm5b(|)LE;tP} zAINm>*YLafmEP&omiQo-o#~UYQ&?E|-AtV85ggn+|NHl|6nqyZf~DPmJP$eS@L~-I zha~O(!-o&0ul{=^V_@n;FJF$yb02*{c1u;lxtFS?_qPR5 zx&{a5-g3-#+HAE~W7^Rv6^jmOw$9NW)%PQ9Pi6&Ehgj`y3sDJ%@2Xl7idIt{l<#LKiVn4dUx zDs-&3I?S-ZHDqyNZo8tQ;_mXx6;I0NXL_R&^X}e1@E|(gcWF^=?y>jWWC%Vm^!f9h z$%f@?3?u(N%2FZwz{sPUOEcfuGPq37pSt&XTUnm0Lr5#TcYCe_!<98~OnIKOjPKfy zqqIR*W3q12s_~DLzW%BDx~{BtOP(#KPoEYnIFm*Oq8f4#hjR2=iI7I`&0}O&yuPkr z{&}l)S#7R^X|QaG$5_t=GxN{SzKSn?^yg%}Q^GOlDaF{UVpM{^C>>OnpLo(%Q(#fe z%lXG27bzieXTk)mw_$@{x!u@Z8C~oLSpKTj%edGK1k#66qz`1qnm56IzHH!i43uD!a z^d5PW_bce#tJZD37^Gk5IdRi^=f*6Y@xhV0S0=~l#g?l%cDz!%7$mG+(QQB2WbA9( zI5Ci%9xCg`%1yDxlj`KrJ3K2buW9%kx_`iYxHY@fJaZehr#skK?V8DmW_wNG+5I!$ z?uoI4oIP%2wFgsz1y_%UN!f=Q0A`jNjXm&C~_HmS{^E4O=h@V<;X}w zV&LP;vy;PNFKoBrI6uBz5hN1)Vj@m5@@ScFDfWjr_AyoC_F66yF+Dt_eOFEnwd|&n zEQS~xUbKIPGd=xj>q{j3Pqq=;4w*lp1Z+EWYHn&o zT|<^POISN8;cWCV8Y^x2&V5fr4fP^qTxb+bhKld}=xJ{Hr?J!vnWt!*kUXV2+&|dn zMIZMQ_MRQ5#oz?Y|DCno->WymjY36gstuQRYF~^C+H>yM%~k7Zl!e8)k=9oxH#I}> z9_9SD-VgV;9r`{zJe-lX#rWE}YK6HJN`Jk&Vq?H|DOTbzV1ag5X#hV}C0MjE+q#LB z82N;eWvMwcH>dJ#YN*%>6Mpxff6hMLdttmzMU4M^4w5J>=C~gRf1>Wsl6zb97mjMB zoF84>KF8Mn#-o1V_W{HL_1gS4y1f{Zl)TquyQan8mbb4zSh}@-yJUiGTh77KzQ?C| zYwvQ2Y}&Nxdqzs(ma5Mohbo(zn#@A5%F<7=3$D#%Oe|f#tCKI6({$oJfPQKl5;a|LM&f@u$X5QoVM7!CwlUwunjj4y zAD@aq!G}g(!xB95p5pIvhFdaE1J>m?UNFYK(N5Kq@CLM^>P2DmXaKKp?bwlW{W=@6 zyXx}Q91U2iz$;-=HqFlk&V=r<_!9neY)lhqNyd$pl4((`SHIUF_bldI2cfNdWF-B@ z%HNZ$o6`J?1jh?Tit0tu-@L${t?2ADe)sNOl1A)Zd`wJV-<9C{=C;k7HDkV#V_rjy<0f$=HRpl$Zr>>aOt`UQ?`W#@8QTKcs&3cj3-*>QzHB*W0yg z7dbBE`3qcay%%SCr?Tu{jd0e-tB<()3R4MW>*SIg1pI@BBu+$-e9YS*!_0s3ru zsJQs-UuPj9IXQ#29NR!jwr!gZ4h;3xd~$kG5}?uTTeq&@*m89FOn+U?Bjs^`e~13EA=Ut_=lbK1=Qb@Fi6$TJ*gf@cRNjk8^l< z0Ykwb&?2w>q?&ztbhN)Nwq8?RKDNI;zF=?E);Wb_YM_9fx@SvclD5k2-?uz3Bblm`Cfa+(;qW}fBgOA`+($- zvF}1-{)DK0j*Y*@mVn)-|X%m5YbJ`YTdFF zk^^Y`3}-Lj&_Xh-YTb^*HMYz{=AW+?>|42dbr^tDo}v9HVvFFrV&i$UfPerA`@)H* zE-J5*tGga5+F`ka``&a7FjB)L7BDoLgsnm6wXuMSp|oW6K!G#iMIsLNWdU>H1&d3m z!Mf>2**WLj=$9g;ol5lt`F!VJOUSXNeoT*csnwGZ={Z@;bhAfnRI4v3Ee-v9`D%gO z^@UR%UQ=&)19!8!j1Ynf)AMmA%^F>%e|$Yr871$xMsM6}L*uS~eJ|Q;z2t-BUfcaMS1;=8*RMLha%l=!^4E)< zKKHzksyGeO9qez@mqf)a>pmjP)DDXmdQG|Jsj>{Pyt8xFA&1IrrRV1T)^9hLkL(9Z zUtFBCr`PY0asFi06m0Bcxxf%`zBflgB}zX-(Xis;;tSbULG{-RhL>oWc3sH`m5(ng z%zWnz?$S*;|M=fUMHDSV?RoXK3zKc_PTxO$&AA^>D(Q`iCn66!ydMaV-@m^Gwbkxg znKa{KyPw^a7BL08WPL2SRG#iVfYJ#dCvPbCd%0j#mMb@EJjZRc%zZ<@og9OPlhatxeX zYScA$(NA}t%KK(tyud)X|FT2Qy(ZczMkiHIy2=gg3S%0lEd-f91ZXe>ndzC&!t6HG z2dGHqhB7(oTYSa4MCY)pZN5Y)+WP>4Xr>#`!sA=#=a z8X<2$e!|m{+dn2jz4##GO>u{@?i{npYLv1im_yp|IDd zSO0_G26_cH+J_Vz05U~GoyDDRCK&n*w*)W~eV>1=0G<@M(~eLo z*6j>cALeMGao2R&1*aWTQ6Ba^ zbotZ8(uaKZ4|wIRFx{p_^FLJrk#~2O$EZhj^xvAmC{zIn0w{s}Dw_|v3}}&{M_$=e z9cAy>`(^m7uK@vy6Z)LS^PMS}3TEQ{LPN}=Tb|r#Q*VTZ0jDZ_QB$%#RC6- z{@EWUX?qax;p#SyrI}tnYrd^+@~wU)OsNv@RdPFbzI`+HMYg9V`gl)!o|AdWU9LC) zU`7$YkYL0Rnc+sS@1OppcYj+oj_OR`Ug2tESAik2bAa>IB`y4-Ez9>-%tk%z)bn|p z)BLoHXf zkrHJO`K0)~#~)``^?ZqF8@8`c(oRm1%#$gaII+T6PV3v9PXNLfqBWH}lCL7{TihPk zh*b_D74v-_S;iY+U{bH}@$nsU_;w<=o>$uOW2g>obZqPp$QN1&2r%!7$?e$ZjUhGK zxiSCn)db{u{b94=31F;as6h5|Pekk#K0mM#VJ}ZV3{BOihe~x`tDiOT?2ipL;B9Xi zx$+75nAG<5)496mzI7b^(@j3NEw63xOQ=Nhhd1`^xh4~$#)%sIPIHsC@s?eaeSA~j z&$eG@4cO0M2c373LSQs8XqQx+YIhQCvP3PGauEM=Y%vL3xTuJv$??ISnQs=6XxEmL zS~(l##gg959KLxgOhq1R=f!O%riyqW0< zJC*OXQIf@O)ZXob+-}Gy28)sW8P!dAXoI*uqWLo7w^Dw4lvP-;!>K2L?zZCIRMaWKh(?t^539e$i^O_gQOx$JH z*WZ#EFYPk$WWvjJ`iDuT&w?kRQ3eZY;??=$Wi%X@1_$nb15{5L#ZGbAIyF0(zP+Di zec6!7bXc7CptE~_`{>Vb`@u-n=ji%Y#9%bKjZSs?(n|@?BpNK}bL63yW4m^5AW9St zw~tJ9K?mBP)FiUU2ks?MYWXQ2f;xc2N zobCy;=QdTPEzeI*{)q*3C`c7>U48D-pkx~6g}Z#>A#LCNSCKRSeToVRppx+E7@X9IXsM)t0Lm0 zytQ7Mo}CR{wVwMKfEGpeI%Q($nnv#0zS6@T4`y2|qNG&=86!ve6t3k~-kiy$JC_u$ zlt=>((6_kQRWzl*^1M2=*g;sc`9H%HeTyX8nbx;oynLD3q1Dy#lw0a~f$R@bN8qI2 zH8XH%dt+9)Ik>)PX>rbfQNDd&6R><0YQ@j^X)p3?_R&5^%e(sZ#)rdmKM)oR!Wmn8 zujB1e`m2{=&$xMH?3Tce7-`Ql{Q~w9$K2ZR0MhxwxMs4djZI4VL_E{CLW$t;FZL4FHd>S_Qx|_ z-#*sq@SZZ{0?|Vo$0-tM^>4m8j$=3QVS}PGcM+komWB%l%X$X~lQ;4!E76E#5o`w5 zqubHF{lVjJuB|!VbFNf3uXpsR4DKkfqW~t!7(+ieEY}OAh8EPxnf!r0U%o8T?~37Y zGM2W8=3N#FdjH;pr6TGF;P28Bz- z)|cdo?`;uNdv)mb^d(bMmzket!BNu@hXu@0uITtlPU6cSg7SU&bf5kJG?AY_f7T(x zHbx&`ZJpogGj|44`G}HzrS`q;!pvB&E^-h>+O>Tv-82?zQb9zAf~~UK_bVd~1wi|x z3T$(nGy`}F=h$)hQHn=H$^}g@R!xAj6YqZ)+p~ZF**d28gdd+z0%j%w5a{mRyN=Jk zEH0=8i$*}+>CIq)jna!y%AfNoXp4g^HC`c-u0+%9y?|P%0k8ptPYhTLilwwKYVK{O z6l%5nRCt>s5njMuiUS5(Kl8p|-H`A#C$P4R*X#4_(lpQO5;vq8dgppKo>BfXefz># zC@DEIRpiY3ku;|JKPzS)UE&!6Rj zjjv5ldw6*bmht&I_cc^@cr+iXmh1XiB{RCsG{w8;o>);|PN0OB7fbip1f|1CmY0a4r-D5OYU+u_S@@?UW0}K80$La*3yTJw8S+ zXXFa&rr9j`0!=v&Gzj^PA`)>QGQSUI-E`qpX>WITED$SIIoI@*I$?}$QHaYp_dPmz z`O{9*`$)qWFmZG?m6X=+srZo^WKCc3mg~U}6Uw!mQhQ8BX05-Og{#mzs?&#sDRl zPTNgQO;eW?9lqU)DTo%aOOG9uU!3krI`{I0@NN?dMY?c>hLx2C3=DRp^8fZxu zgcj5|0njsh00Ap#{P#SkSP@qu0J7a*m_dn+);01dk(nNDe*LnIE|Lo^gi7CK^7+|; z@}x>0UteEBZQ)ZH&<4IcJBqR-r@XXj`CzaVX8U%_lUj=Xqe2vBy|S#V zYLw$H&3O(C@Sa zOW371k19@b255Y%%txf5cLrdi2f;kglAs|DARC|&=J{0#+e_L%Q# zPl-#H0N+Pky<5~j2{gVk`4H|?on};+#3SpP;Luen1Ia}%$0iY^YF_xF&s4Dkozv~x zVh+WH?@7(n+eNE4x$NGMQD`h5zYL4&Gz2CQNlAvMVG6~TnXgULD)w18(YBWgfT*)m zEg@B?gjqh9OB<85^-Zp#JP*Uj#p~^IrWiLSR$~5)_ zJ%f}Sv`=3LeV0eO^<8Xuj#cyzrDLfEUn0U z&I+OwgZ-q{KLz`WQC}uH{_#i)3rmi}hhBU;&i+%>Wl4Y>`EsLwOmW=GjV|TVUA@L( zY8S|+;?5E!Nw2xUR@eT;4UX6@@r1MomzK@Jr(nZ$cx_oPaOT1$GvAy!DSf+lXK}^2|+;fAZ+$b#S$6%v^`# zrCUY*X-lsw`tkmE+M-x4pNz8-R5`d6sQHzf-gOD!>lY|d;CbzoEkWbAfz~- zneHuk>Z2rA{OqYpM)vGS0;7hGETk;0_P_qXPp7>t8X^&7tb7Ps>v?1vy2Vk8Wqs)p zaQ3ew26eRUEP?mN#L> z#B7(c`*q%&dhXx2aYNjuc|WmEC(V%@fbB+zk0Arc8%$`pLGbIJ1inoE}|Eu_&x1v}ec(-jkKgK55A z=Esg5KR$s65QfG;i-Cakp4(!{XUjf4acbuX;^X0#F>n?P+d?d%>#!bKLZYoWUVXG< z>1jDrsyR5@wCn*@kMU7$2VqHu-FClTeu*j!v1?+fd?Dgqy8Gxi8q4UY+mym^F5!se z8Q)nv6NsFSvqb_^NtX=(S{(|CXtSTxG@5NB3DsW5w571R+&6eGSqE>Ndk*4K82mnp zo>mCJt|J|(U_}!yzPll8n4d+t@bE72#}Mc|JWL`w?Sre{h}eiOToROW&zPNn-JeWS zkI%_AzeMFAdw@7#`n(!JSQ^SqjWHd~z}5ndXb^ogt)T!yd-WC6et@{Nr((uw9fe-W z_^#Qxk>ZIjvLgxLr`AMfWkp?lmF}y48fmn=(YB0JP%SI6b32kP2#GFnCRoaptB-0L zV{%u=JEZRg|8^qJ5hzfhF#=Dcw-nXTc5>K)={wsmI2h7&YaO400hmYzbb6Z0Dfz>P z&l92{rl8WIxNy(Dl0t1+)|fRSSCI46X<^tX`mYZgEz{L#j@qEw-xg5c3X;KEzDoki z7A~&d};TR+W#d4#vwre`_lGAdl?+A2L`T+tPk&q@>%sJz2?>Ba_riPA=_zu(ZH{2!X95HoJ`Wuu- zJ>Bx{D1n03tY5F)l40huFzaI5{OTys^5bz|-Oj+jFaXBrg=4l8T9en^)7|1)>`j*7 z=9$2cHQpctdc;OjpY}kWxC>lmMOiO5OfG0DzwYd?E1srlK?~6Z*?3x>>-SDuwxSI2CN9a>FU z{pd0mYa9-%9bQz^8TV1*D#U;(MeV!IB<5J;i_obuuw4=CvM|-~J zMeHDdSEVPdLtjrg8uU&sUuLTMqFOudd+M3V2VW73Q+wMC6O9V<*KQFFzv8t?8aIE9S<$m#Y@CCg#NVIy8CWAi(botnnwz_5BhQ?| z0oG#8;sRLI3^2vruB~$mcEPYa!L9^P6@iJM;dcpn(CI1)4 zpPnr?GlX~J_?3GjN0~1|B&>BLtQo3xOnn+oL%dg7GO{dVxCbXnbv*CfT#+2SVxDj+ zu{??*E0`lKH#?SEf#ynQJNUD(HT1JZCMC<(_l?T#$~0y-D!P`Jt*AOM)?3Gv{X2t{q30lPz=)M|W zeTQf@+YE*Wb08~BHOl4{2G1fm4+82`fC_9g`kPrEEEeUW0#wpvShQw0)LTG;dT6XX zX$G$SbtmhX#plW%@EEc*3A#nV(JwYlMDQ?Cj#4N@l{|rxlj2U-Jw{J!vymKp9EeSr zfOBuhXEp<_E|qr}74Efax0CKkC@son7pfs7BS2aNcs-iy%q8OPurD5{70xQn5HQGs ztp}nPl&3+hrT~a(BLKS2aS!IA0w6Q{!iZ?GZhdfdZZ3 zk?1FvS8d=O+HVJbfKg!o`=&h?iJ1O?4=N(Ku%bDZtY)^AwsmXnNP}b#Ywi(o3I!nO zmsMf2Q~|$!MoRen^@Cp(So$-Vh17%Cf#rIoQ1L_LJbrGamZGu&A}Jec&8`er^zDGT z;^Q?y{y0P;orScHnLd_$Us`kLIjf}@hF1+x{=m2>le`_|;o&#+MTk;rF7rP=Y$%1{ zL+K!_4dysAJs^d9Fa~ohb`SVRaT=(pL*R5B@^}pjD-XRs=uif{TWQn$>KzeqFl0Vr z`77=0>{L2PB;jYGi(YRH9dvtq+QQG1bqj-?VR!khJ9k3CiG^YZgdjVHU>V!-XEHV$ z3fx9q6Pgs{qNkz+vgSdTq)zbm18&#a@(2kc}8RqEblY? zX(*1d-e76t+-vAtro(Q>jvf09149+|#%Fj|KVyQ0#|aMqM4*6L`;vA>Nz4EbsS<14q6kTJ`=Q*(|F%G@(v=c zy?_5cWopgpRjWclw97QSzEb;_pIMZ&Q{0*j8>HgZqa?}Gfb_cam{p{BZE10V;p|_y zBwvI&TE8ulQV)8JZpJzLfamblx3e5vd(YSGJ^$)$xSU5F`9aD2q1CsyBB*j6ULKBm z*Fi>A5*_Q?(`H{RK~xlQ`Vw$R9E6kVAWaq2WfdlcmSr$S+_8+D5Cw0~vB@_3Fo=R- zzi$zJMg(v$b{*?@<(g-=x7tYlN@OX?05y!C_*WGi!|lJmUctNd8WMdRzJ)P&xAKWl z*SLa<=|-Ooo_crZ?D~m!tbb}RGzK!@CvcewOTk;~C&T-3v5A;Fznu5|@bAAD55aIi ze4vB`$h`P&ndYmDNBuksIOzr$w!zca_GPrsON&#*m+2BfVsaA=nx|;Q3k!+w;OY&$ z;xKa`!r9nQRGTZw$z9o?EdnvqodR@cCzpt^ipbBwzLgo%YfPH)!WOLXR zX4>LYWLf$H56aZYP4x<|n%IJo%S$K%s=%+DfkT^!gxUL`ah4FntI6!g2M0Fl(E)x1 zpff8S^qL%^+PM5WFGHLVpiRIAnv?U3JZ)AHEM{-J+F@$R0W@fZ(m|ZjL(l{LztnU7 zQ8Rj$YIUR-%&`za_2bLnEIy;=OrS#C-Z$7Y(_cIIVmHGB?GJ1~pnebfB zopbl_2!SZftpD;2ahIW1&Md>}yw5A&+C5&rrVn4hA;_;G@?5Zc49@`~|6u7e#3en& zJ!uMXkf_( zmo8OyLQ+YNB&BewU~J5ZBT_vqcDwdK`?SgJYrK1lk+0~3@<4(;5E;(YE$%Bq;YECa z(haB!w)q{zu;Pr1eK^=97UN--fe-3Xxse#cnV-iuf5D9lK4cHufVel~A!WSU#@t!r z^h_}-Y&8k}zRKD3{)h6n(_aPCJ{Fn6^&mm&nYNCanzNa3KF0SW5uQP&;WSXk0!!g{ zDnAd#-a=jaMdtOR8bK_Rc{z>WZqVP~{{YgO+SMo_raYCTgkYEEN_WR2>O-cPEvnGW z4OzcycrAsU4FTo$4D?;z!usr}A+_f{R-<{BW&Fe$0-Y0y*-Dzp)P_$t*f$*L2u4SN;2V$Yj{rt5(MD}h`s ziE@s-@;i2VL$Yo)8GHW;ooo1@L-L;E`ysR+!ge5E@np}r_v6EDP2t#IiSvak#&g}) z@l%94Uz5~`!yiK9R|&=D3<2}-4Cph2sE`H)uKV82!kc1+Rs_2R9vIxNMEcBH9>^5T>XSPloSB8htQbej zMaw)g8(AbqryMrYf5x;p6JP1c*|x-=WfukG#_n>}Q1SAK3WqMTCBeXolcmBLI)q?J zY))}NzoP1{t%mSD<+trzEIF)heyGRz=dr`2rD=LgfzLudA$34@T7vfUgh#$UpSs~A z>RPUi8~*}%4<=i*r1QW?1uDZBqe9RA+S7cEILovK-@Ag(1Al#vI~!oNh07%=g!$Ez z=6AACESv;6rUj7Ywe#yd3=X6+qF6#hSPH!=N;NpT`d3F4MOauFRY4=%W6}6ZefiAY z-DnU|hVAkkns)-nlhh$T{O7e-kSmi=$%0qQ20zFpW+ayyHeNH`A0MR!hwRE#tB4VI zDRe5T&EcLbc|5rzfXg+Y8j0IA5j$_~h7Ib20`i+Mo_G{!jJk zRZQkNu*zH$Z9UG||LA2p{uQZ;@Tr90@thclb#Y>?q34pk(N7aPO~QZWOQta+*BitID_>;UEn8Hvp=HFl?Edkp zKkHZDafInJ3=AK)GrG4Lv~+A>Ch)qniNpht8VAKV(%G;}0t+=?nv4 zQ3DQeOB($5-Azwe28fd^}lQGw%ljz`A%EK~(zz{Szh0$;9SV`G!FPY}J3 zyO+&+ziP1|rrwDW=(L~AGh+>Jvau~$0-5N5dz^r94e|1vCrCFJbli}pGIT^dq7W8} z*v-=n3mP&l)B||s^&~ON5+<2FAzOpg8}W2q15-vy%c8ZCq(Teq2p% zhuuyqR+$SVgf4NQ6TOL8{t@D9WJlhNJ=evaUb0H$tG78(^%uZZ6PwISi$FE^6e=)*Va6}YBCD3603-x~9Z zcB8we?r${-3X`yYO1h&U(j5W8rvVx$3)K&?IzvM~tE&2Wx$y=zwt4*-iqZEDGR=T9 zI>>?&AmX7NUP0&^fWwEhcBB{03QJf-QQ&LSg>2IpLk$$SEhF+aAfTVfPs}+3luMdm z)U|`d+&%9}*Wtu~_FyMU*dPk}9qYM!x+i>leMsDb@>*V5sY0Yrqsw$Y{1|oz=#15q1~Ry#wH5zVTf8)2c&n32|!E*auYsDfJ!U^ zlyanb;V$UEsB5jmDHy~V;8N21lxl))e-3;h$`xVj^FUVPrQ7Wjj^13wVVih1`Udpg z1fntk(?IM8*!Wa;N^cX@K`8M`hSyXOuFERKO)s2PlL$AsRHwZgx|n% zx~3=fp`0k)KSm%Pz*XP=_4|#81E(;HNnnGryr%5XG||M}1jt5CntjnsT+!mJwO_xH z&y1O0O$S=wxIm$Ui>(3O0>$&?CPM)>_pSH&6gw=Np>et(J0X1-(1_4_Cgk8rJdOsu zrDUJM1Z0h+195d*f{95+UumBf(f82@>cNDd0gz+Wnw1y|zCp_l6)&OvfW0DbsQkwE z_QSqLJBKKE<}uK5lqoWX!$YWnPzu#^jpH09pb?97HGuGHKv#qzz+m+Kg}f1f#l#c- z8`rK~s{u%xWz%xd&k+iSCoG#ihu97Z56kk1>8Vs zqXrhg078%!co!_$zLr6h$iEK&3Zmme2h0%d99#X!u$#4g@Gx`OS1S}NEWHI1jz`hQ0DT8%p-DF&bosSq!r!^4pS7$>h2YhmuYRPz8PHza)(;Fv$GnGSXoPr^NtT$c%g!Tp&xAMDyS*y6Rgf zr^h$^vivxDm3Y;~P}QoV3j(E`%&8e_8Ek9@ATgeD@XB3T@Io<&>O3l@!23qC`Xj$v zw}@kgJPLSU(8+PcegQ_igQ(2-e=FFVevXdTJ`vJPk?C5zqf&?Dpq1xnHrR>XL?V)= z?KXBCkXXGViZJCwdJYKDyF|1SE-oyAWFlS}1huo+W+f6Ap#A|EYvz6btEVGs%Hm|(;Dz6Cr_TV#Lf%_HG$U%_Or(7 z5t>|c<-OkDS_7ML6w$=aropt!E$f=HS=8WJjLR!%tzfbVLe-H+RM&OHp17iImj|L44 zt;{N+hb$ft8w->%eYlNCBGCeOMy*3v<-|u$^*)&C&IOAaqJvJRF;Vk0m|iWU{M4ee z2&u&4WQ`7V234~F5nKbbP6H^sRAAb35QH_6J+jcPo%Uim+oKbSuJ`7!jU&FK6+lSn z+#?`x3V9>vSiJMpkQb(fY>{}&p=eFogaH$wD%Av`p%J^=1qF(AGssdGcwfwbjo(dz znL0um^GqMg$H5thzVALHWVm|5p?XHdn9*W-BfZo}G0F91_wLew!X3M00Q(*qS<`Ua7B=K?7e2FL=NDe_Y=F>U6?7H6t@QhmM zY9d z=(pv;ArLltLrh31#Ln>j(_<)J0q9(vxwx5|?YiHQq?OL7b`f%SQ_UXkkp7G6IbM63 z=MK1b9O+hWKA2R8F)1lm4^ zr@{INqq6?$YNq>6nl+d|L~~r3jf6^k=upq1fkdrwCdi2)xgI7Iei?6M_beQM6P5gz zu@t0qLimmc1(Jk`TDxvtR-{z1u25d&wQig?|jRRSlG+1!G$m;;DNlRMlSLj}=ORA}FP!C6Q>RL@@UF`Q2fw8xlAPH2d^(8bFhhmQ5uZ818?a8z*swHF1yvB}M?1 z2f*~B9J@X-8w@c_!oI@*UU(h&GvFxQMX&d}a|f;f=OoZt89m!Oak{wR<0Qn}*XR83 zIB<-Fo=JLQq&`XjhgrPO)Ju@lv>41#{<=P5@gk&WN3tlX1l&BOWZ2%yqhb!=k=4Pc zo+J4Hc1Ch2_41t)-+%a!eYt!iRRhT+3;hM4qtDDaD=nA=Pa^C1L03m2`Yn}ARlaznVAAc64J+!nC1hV>wxAz41ig>&K#^y}KG8XH4I^CRK;S1)KXH`M?f4h9^^Hd+aoqtMB>~UC zjzC?Ko1gX!Q#5bZPr>Gj(Vo&a*!1mGk*0&|`{Wu@5ua1_ve^8V{Ku!i?e!4rmzzO00f|Dgl97GgU8J ztLU1COJB`VVg>?ek$`9cv~~t6jrySZvbV=yBK+uVb?Zg9^lPK+r;m`cfeQ5fp8^Ct z0&y7BAh3*$O-f^UZ9aue7reswYdXP=>vtSJi|)Bl8J8q%{f?$8f|ZIIoD)nt)#d{jorGpq^4u*jOW1a#UMG3%)>16#$-D*pE~VT%1B$ zZczkZL4+GXPLZ_lAe<zs( z^7Yq)24QOtjvVN74L@)ySj?ClT#u&1yjyc*<*wK`O^Z<*MgDVj&`!($;tPWQXIxfv ztuCMah?VEQpIl~N!Y@dM?Mn^2vBYM2U(~qhvm`jY>t64<{`+~Y|BE}iuC6D=rgR46 z^qD~cvg#WO(QJzAe0bOXho=0mWZnL+(fzkEfbMUQpc2uy45Xlih)hZ&;-26zBgGyp zF2poQtPqGeNvMVnH@cu%juchM^Q1+c-0g(=qB^mi!~#@LXhIg*vquTRkb&5$VY|&+ zBh{QtIGe^>AQR9coCF)ef!hG0Ujl7+!=1&(h~tkypHH%w$vEsHryuMfcHCvlmWg{! z+Q_5xOb`Abz;J%53?vU?BS)r(FH9eTzup`7*TjpAy9}}|>rc^~!K#q73lk{`BsXr} z#CXL4^3_pulHT^9ZrqH0^>QZv?3TCs%2-0c2H_^CYVdoCkLV z$%RzhNVY1pP2AkVVO2eoP|qEzZAGEE-f#h2otZuyIY&CZkYW<9&HOCKMGJuTx?q^Y zpB~z~_j6(zZhj%j1Z{2SoSnzz>Dw_WZ;R_6?K=JhXlwx{h5_`h5i*Wsa^ROb@clwm zZZxsu8W3VugLc-T0R<4x`HN~qY^M)|?l-xyI6EjtEN_G_LkUAbE6Fp&ETqlKtX3d* zUx}l2h+G>&+QC6skt;|L*Y|5b4HW6K?1N0A17U_hCNi%echLLcCyrQ4%uubbP5lsG zpIqdDd$kctR0{SCvH5`KcvVW6Fx0xD@le?7<>_81MR9di(!@xPZJRO;SF%~IANx65 z?4$_#g=DJlpq-EmM1ZnES=JL|k4y!M-$w&%*9SQwP?FR|b4K|>DmlW5Ah{4is>LS9 z%T5t9cis0P+CZ*=oFRMwktWuYD_cls0@>5}Aw?4IMv1|-7kXyIj|@qQG`28a0jpSp z6D5{ZiO+3q`XCc?pNbk92*moVC9b#9#cqn~;$-(Z>eds*StSyo^M3b4%m{K*Am; z)D&7Ic?dHEz=-1C=Z0=IYRrkD%<2IgQ@uRL*tMJYK5IQwBnW#$4PHU)_J?mdQ8DdL zQ256~wiUspP__9(#xV^;Pl!}<-J%@i5x(ovN{0gIeX{dSEUX^kr-`FT9%gbv-gNlP z*~WX4-e1BNq3~-U_iUhywi@rNWlWPE6Y{QN-{KF>u;&C*fC-I-Ub}PT-iSN}EU}A9 z`add1iD)cqi)sbhR0`~4ns5Nr0$GKu-KV+@HmYC>UH6UPnb7a!JMv`_!*IXFQ#TBg zZHWgQ1mP74!%jGeEn-Fup!)f#;8HovydV(~Z}jXGgkK&z3;G-^SB-e-U?-uO(9vVM zPynbOikq(p>wx?1_Q1r81k{M4lOj}NZy)?ypQXTGe;q>%FVo9K}_)PfWbD#oYpJ~E+1ffgYF9SjZ@hsxGga|}KWUEJnjF54)?kp-KD~Aua z1h7Om#1jnd0 z^44e2)3I6y28TROuMNN#e35hNvAAxS%M}j+sw3 zCU#mpG;B-63|z~nnIvbfdPIFUNaDNq?>ld000Jlby#>6sgik^=ez^9fAGx{(Un2~l z42t^d1yPJ9RNgD6{s+3g+RbLL2lV7KRNT@%{rvm{O)T3pjT6=FHuyohaOMVOzwOsu zINo*S3EviLMjyMKQk0K^I}xZn31FSZDl$)n=ZExp?}#IJ>>=C6;V%*N49I;hB#NaO z%Emk5B7xj4qduJImo6*iB_(yp^+K3No(_W`4Xhaj?f}yAMXs7~*{BQhCwa@;mA`M! zjhF<_sfE~(W5-NFL6HnGHOa6bM>CJ~>tTVZcAD5X*`U1!J4d~!gkKt04?k>T`@mi*iPXXWP3Vn0L1uv*-E*b-E!oqHZV|6#sa-VQ#i(8z9V!Kp$tIRi0E%M z%>o+;ETO+;7Vtfmv>o9d8l>u+fp%ye*hbp8=OuVdyz~ludoox5y)K{@{!F;?B-Vu} zEvTWg(b-Lyw(@#Xf#Cpjbac$ZZ={`La{+&T44KTu(?~uKJs^V(^|K2Z#a}L>WD{NP ziFz~}oeh3dNh;(brihLJayRI|#e*oBNRbbMHUTsA3AGoh^T+Aw=@d&;wWM| zx%*TfYILBh5L{Yj7bF7WjnrwR^5yfHj)vFp1u)1Uy8N2Z3^5|!$-aD5A2cd$P^F|` z#o6B5`1COV1_i;7EHSQ?B!MFVDU)2{gt8$8LCG4U;HbV?K-?9iCO?sohsebk`?dz*_&)0Y@R%92MMzS+HI}i*R#6N|;Ez)grm^#r4! z0X|kmL!Ky3z%}F&PJ%KKHG`e$@$PQBeBn*mKzXjBf%udS{fgAk*!kLM*1|0qsW`Nj z*s4(BdY4-gvjdy^!7%?NUa^079ki^AA%!Pu(VBZ+ze}@ts{i*rwg1(Z(Ehj9n6I{( zs_IECQ`(2FzzTT3(2}7iwQ`BQbgN;}wGdm54eQ!=)Gce{;T6x3o)7*X=}h=Hkg=Xk zqyGMm$F#rd^S4b`n}n%Y+n?H^{Hy4sY}frCsxFj@y~5PKm8BGAKJZJfzG+_twGLTNoa_rQwZu{sGucfQpiOIq({N* zKDF%*I~&amDbA|-RkZTcy`*1XNJd64>e^3#Vu1jzOGN4gYA~1$YWnvQYe2@bC$Do*;s$&ga7 z+BL!Af~`WTOpXuerHMu^g$8znY!(m$sPg#z4o>PP_g00)1ExVbSAv_P7Wc*Ns5p80 z^dPi$P4sz_yFlTrB)l$m))NZ!&N8dug%$7NSxo5{Gt7?xFcX3&nZZRv4Z`mw51!*F z5oNJL=eHuqJof|K7g;Y7Yya0k51pdGw z_5x@S9$z+KAQ=$6LaD#S$>$!fBifOi9YI-y%NKA&3=xnoAE)#YPMCr35K1JsD&;Wf zYP-`8lk0$sYz!};2kdw(frA&#NDDTdM!S_Rnk;$%6N|E!oEB+PxuwT3W*x<;c#NK1 zVDqmvHBr|6W^SA z)n~vy{=0@CHMZBpV3fbn;&+1WX0G$$AEV2#?%8AVp6_x3F|s~0BT@NcF%`%pi@$u= zG81UZ7{kK5_9rLZtoexu*$wVi;wdmm??sCiSy-dC&O)HPrt)TEjX?|c+YP6+pw>*p zzr3r3Ftn(DLaB~U@y*IGin3GaN)PsT*{mJO-!NU9LES3&pCEJCB6v=dPgXGHZBx~r zVx%cV@u+x#nShfVFE4gh=G-KB33h~Bc4`%V9d<&SbLM$_dkHZkDgg(F{UCYIysqwZ zEK5;U0|Z0TAT=2IMYZoYQPlCn#l*hLq%y_#Abhp|7eax8Nd^N3Sc`KRy%Zd4eZOIM z#LZ4fObi#r#8zqe0vuA%Ixb?RPd;Vc_b*}9`V}M)ughk^y8v>=G9f2mrutAFk&8>w z+fLu{wc&Qt<(9F*Dkj7yqrS+IWiXHO)x9OYkufq&Pgd*sB$z%!m!4nXCABtfj&fo+ zh2we8Gr_O-T(DApqGm4@&hFM9TqV7_9qv4S7kk>dpN_b^@cC6Y{Y9fk-)>OmuaAC2 zc{pb4UC&f-4nc{G+_TJ)q>~o%8n|`x{kcy(LdlHsoT2|Ba7?M|UUip&B-H^kcvT2U zQ}pNVB#ri}s>dNH#qy4B`dZRjD`noAGGr;odA>`kIG5&@oBEW1O36f;@*eJHqm|;f zIwC$qyzCSn9A-RzfqZpPXdV98%Pl#}VXFR**Hmq<3e4<~q zJ2c2s*lVq~A}Oq@`IA&SB<&Pvl&I^}pOlMU20e1g(YGDc6pH*SYAPih6d~I4cf0^e zsNbLg0iwT$!}kZTwc}U!G}e2+IT}lRgbF9<{pZteN?Ri&rf^wY-2uo2Yc1>T} z^yxoToB+&jC6A8wwhr^>Cu*5hCYq;IsoDRl9sk@XuOfF=z!KvJ!%g%a?irUs6pmyL zaOksU%(~l@?OVsRHABcYh-xgCCMtHRVRb{tbXCNC#OSHto?szgj!9+0H*+O;oOn}B zkvXu`TJz59zAy3nadJ9GO%MrWX+ytPSgc%h>L(DcA&%ak7a^Lq?%nVcDY1k*mqBDZ z64TuYJuJPRJ>lMH-UCfjCN7j=K)XY#yuL9D7KxHQ<=_`i(h7!N#8XKm7{qDDACHUt zh7Ou%a|9UmwO0)qNCZ_A;N&OftS*!@!+=c{!hB;VS5e{9SRQ^?1514;h~OJ^q$Xa8 zIT--MgQCmiT+4)2%AWm!C`2K%D|dC8-0i5R7FYedn7 zdW1}pr%_y9?zt(K+~{!`;skU|^8{Xg=j5FD(9Lb?C1;g2(aoJ12ML@N(A&AA$M^f*uI6c@53xZhqGik-9K^^@L{uc3 zfEnBBg~bE9Omof;gjsvB?3o}z6CJSqvLfGqar%{4Xh^vC$e=K8UnJ329)na}v=am( zH<%a^9*&y&%_Dg@mLnpZ7V#5=lHu&zP5f4_>a|G*xQXKkuS*$h&ylMp9G(&$1FgB% z`a(eMY*I4i*zah+ClkZeup^g{%X60qMdS~|tbzOI=1xLY=J7SIGBMAm)flokRGd`= z4B~MDfA1ESK5^%2P)J!ZBl0Eg@|6}PR5TU8<6vr_-8GT4lvop8X^eF(jd9Wc9-1urRFthnX^H=KaDD&~f?DiWUp?E}O}Iio-9N% zU;53MSh6N=n$qoALR{(+kO)KNeL6qQ+=V~ASFJikOgw~HWHzz;u3HV|h;iIw91C7Q z40%D^y~7-7ZE$X?pGrvMZx&mLy$5J%rhPMT2{6VVO{~dDI!4JI26|V{>X9Pe2EAoo zP$Z_@&3P@$2-7m)Dnp2);`ysXNCd=(*Cn7od1avTJ~yqf-$O3v5I00;)z4Q=x$kKd zK6sBV5OB2HKgY{%p=hW?lrH92=p%MvXBW+HBwCM>rt8|*;!a{&!;HP<*&QfN-!f7< z1zJhQ5a90}3Po(e0}aXqFVGtkq@#xo0eWlk7m*rAuzP`SNKsZI4ubLsMZg0Piaq`qZqV{CDoCvD_FAfB$(IGyeIW7 z8K0Wd9+9Pudw(*Pa{Gi=ozF64q6?sjhBao?kf1QYm=e?>6D!|J3mClS^HgCnQAgN< zPS{*Y(R=WpILzsJqf~8JiiJF6?}Nj>eor{2%L{Hb!h6L|`3a*dVP<5tgb1uVoBEWn zpKZ4`ufG1x1W|WV>sf)LoZBpQ4ZuMLd0gurE?zU0pFrHgU%%pLYImylqh21G5$#B> z-{3CR?Bk$xmKYl_3d#-3k#>a6wuFam6+QPv0_4_7Dq`vRdBOJ>jt9^HZA`OW*wOdG zStQ%wuH$&^E`Ht#E*o3X6MMhOfP_Wm<@$OBzH9L^P5f}LPu+UC>+9Bec=J`Psfni3 zp3i$D{GbR!Q2&{?y#y)bYxw)fbvL?q?@m?ot}?%frbE3=n}W(M4?7$eJdp2s`{Md_ zO25}$ok60OMg0m&Qt({xH0@+Qp-q zz9yP@=1#QcIm$j5f#_s%Noa96*9u#E#0k<#z;oBBr_pRD%gyD(3e+iMuOb_gDEr*I zu%*SyiOA6vVLJ6|8sMd&U)R|Z2!BX(>^E_>{9G5G<#!;UAuV?1?IZln=bj6VNk5Ur?QWbgNTHG}a}HRSiq2gm zA4zuaq`473-6mp(QC}Xcv}K}?A5mMKbTsD469*Bsis7fk14`?mY45{>W=I6ONw3<}BM0m>U|DK8O3 zr7jhP5@F%UW`1d*LF%t;zX7R?tJP}T_E=?QrFP%6AMuEgw2hCP?La*${zm=!f*7(q zDh8xA@NIeh%2~Ahqd3dx)E~=wKhX@dD*W-|2QGtUhSNcZwT(Yl7+4T5a}Wfy!=Czhj(*DGhKoV5!y& z)xG=aotRZkK{zEA>_U&qIb-~Q#_I8!I6crT?3WfP@8QEUik5MiaRpCGxi{=HjyLnk zYyvRZRPy$(jh)a>QT?TqT0kZoz|-e*+Ju=&l20ls4WPfHM9&j+1%05%rN|MBWKai3 z`$yc=P;inc$_~~jrW40CMVS6)@y_4H#i%OT_D%E?`_+d?RoL?-G zqTni#OT1bd;=seM%3CaQdUP~~C)mru{`;EQ2xZ3ePa4yb^MPmfx4m-EP!(r;IH1Y!iJ};G4a5 zW&01--em=`)9>vcIkLb`hW9E-G6>c$AJC=l6B!H>g4Jh zek$;0K+OM7Z-&Jq77WU}?tbOmKlBGJ|6X)4H6f4JyaztcA3oH4$saNScgNJV7a6{x zAyWMZmp?N0$EujBy0@pYb&vl&-Np{T2ZHgz?vT}IP$o}7a}oz@aA9G)+D1f#2oi>_ z4C5oR6D1LK!jQdWLVqbBq^HN$c@j0g%;2KcW|}$ibFPO>>ym6)65Fw^7t9x=PXI{f zFl10!7UD50R7!}Aym+|M1eq@882oQphXaK+&(u{HZuPt zsaa}Os+0_}T>yuMImwtzyG?5YBEJ zH##IeeZDJ$qR;Gp+OF{kUUnBX}OGWG-xwsVP9#n7p2j@jE^d7moh z^wI^ZZv2!@P8m>m%+|Y7nW%U;Fgh&@RowvdH7>RYj&V3QTduGeKr!bmk@6twU3kao z|LXb(xX}ZUbM}*zLkE*{mTIk&MKMwG{AO9R1q8mIn0Sy&=bMlX4^rMoMy{DlCOOjq zXnz^=&bCvhc<;k5Ad5x3`zaHKHe7yjaM%UX)gj95{j_T-Mcx;U!!D4#_e3YZ9JoQhSU0JU_#+2-X-?m-za~rpzhE7CzA1 zTDc#QMZe{pq*(HZ>iet7T@eg|DV~H?6>=tN2-g#a7-5E}k7ckMc=j!|)7I_VSLh}U z^4sf0&SRt)*~DXw;YQF^2!o7-c#C^pt{8yde7H+W7* z9R~00jQ|oPA%;52!qWSjGE59KoT!-skvfk~wOAT8aILY))#pBC`n1tfX1HnQb+VR& z@EV?+KCllMgXkB;Hw1|DZg2TypHT~!(FIM0^9Ms2A{t%c8lb1Mf$dLe=5?-IS2t^8 zDOF^W`lKto&X!7u!M{QeZCrPb7EpwLLXn4E$+KsG$|k-#&))h{5+(CErOnifkAH3^ z*GYLNIW!PElZd|-EHbwsN7~VH2sA8`Ss03JA-n~PhiGJEVpyK0wG)`Ui0%Y4;QhL| z89~A0g4^2iu`aLQ;kUJa&zpb!wdhTQe2V&=;+I2o5{0O;?TfYV3T+ZJI}b-dF4BDJ zRh`Oap*N^EAU$p3bv13RhQxK zK5ad9`N{KLO8$Re3m?25qn+VE1c#QvS0?ph)4JWMD$lbgOo*VIso!IK2Ke_QGMGjq zJS)&8uR*O!JuQ_$j$TmMIY~jk4ULO&~h$^Eu5L6*DEEm zZ(dnaIas<63swcbCRSKLI!y?nIX|1&ZH)AJB+Qi>G6ig5J$iIQ?!5>eVJ7uWSyY^J z7OJn5g*_q-{RDf>9#wV!ZJ3l>0^TfV%T+{yhz#hL5q9r0oUdN1FXXWdG4e5mr36?g z=ywf~trTaO(M$Mp=5CLqtMSTnbTPHIK31e{?0NpL)Pe%wL^VbZr;An!)uQJbO7bwM zz@i67rV;9AuNt+rx8sGAa*GH)eg&T|*13c1PJ6!y7rQpq*URz$+cQud$ zCfy7OflOU{Jds8c!tPX^6mo!f!hh*kIREe=^eY@ZMAcc;ThY$++ak9Wx`tRXttgSp3DCU<=JM#k9V9#a8aA%*B=gaFY347Y<$=_@jvomZD z&rALp=$@tfk=%KJ_|TE?@{t}bV#PbV3@Mbx980krnZMJ5H(4;<0sE+>aOS0ieZrnzr$rg{DoK^dqHQcnTfoIJkLd z*((o>Dh*TrDSvUt?|J0V`#* z@ImgrxZcSH@aD?8_dU7WTBxXw2E&=(;IvObEF9$3{%wGwd=_kn%C;@*Qe5D z;gkM;PFmsGOJ`mu1Pw~2W}N$XMWJz#MkB?~Hn3bbt~=5b%jlSRBtgGU0w`eZrM77O zq7Utxvt7d|1L83dRC~_&AnThl)+BRx%vZd>VqhUKa%utXc_tXDj>U(ns_|2f#NU0$?-YyHQw@w?;Q@Tb$ zaSWLE;50p^z`&Wj;n9D=;wv%7A*qU`fw=J)8fKNcS8{%{NXdxFL=g8Dr=KMKEILYC znrf{RfIHhV?QU@Of{3;H*b0R}GOIwoh>lSz02EB6Qn)3H+ZKXV@v7ph1>sE|hXKqU zTl6}v_xDd09E#cP{FpP<_Ii02+>Rr05Xm`eCp&OzW}VN#zg~_`ia}o^3s^X6MTRon zC&Skm`Mol%APGxFP&;$g%Fe2Hp5CqZy}51t?c@24?x=cf(@^~_TGuhXsM0KawrRVQ zV;sY}&)?c^+wJp?lY6L{v^m;L{Wl$72iM=WT4ZO8JssEEQg4R&Z_Os>`#${E_~{>0 zy|&%`HuiDxH;bN2f)D&r{710X@#}x=ICu7}@0Kl1O-xNu0JJRi&Ko3vjqP({dr4_& z0i~?_SDjwHTo7?~;Dqe;qRO;7GE}{|xERlbKG;{R2SpejH{s{Ra=(w9hz=Z&euD@5 zMMmnKm>6P^9hvy))AAuhhu+G{Qsct!5Sg=f{3I;zH~C|L)%fww3m5L7fX>R!wz$it zkH&)s561sjbMD-^4m{C;f#r5S8!baSH?b{39y$gVEh{&me?Z1hn(0R_BhMhWf zI_(tSR$pJ={mtvwugxFEZ`ja)TiLiFjJ(1-{>u0|1kT!(zoc;(8K@G*@Qty{NN zn3|dz4j$YVpQ=RS^jaod~;$IS% zlaaB0^X6Ynyek#NL^B_sp`becD3U_S%nIMDS4}9`Z=|F&)zj1C12(3`Zm6Q7vi)lc ztl54ek9Lfo_#-WGMu$|5q@$j~tO=H$E$`g9BVSHf-$V&m2=F10{WPKH#L@fm$;L1J!W0Mi*}S zZR*sHkOMpEFQOlZM?@5o*`6e>8vLrTa0wzq5>jO1oXJ!1=(kebELR|obeTu!l_F~1co z0BDg`gs$wN3$C9$*#w3Ybleo_;O5xa0dZXujvcEX6BBbXGV&&tG_5;z+C~L<3t_c> z2mts?f{OY0@tZTUypv z{8_Y=%XSM(rblbtrOQqvesku`xsj34cEACvLY@0`60OzMb&5uf4zp?4rcJtsr9n`0 zg+?Ci)E%&}@Q(~wj<&Gaa^Xc*mNqY3AB8{EL6dG9`RQ#Hx9MHOK2|(WQzLP*PcBQcd7=eBU+!dq!+jz5Dj<>#6Y1$gqz7BcGqCXl-F((cQpcLWd3= z{HY8q?vB7C!^}%*} z#H-?BK8uw7mU&3Rau;a_rEUrj51+qaLDu{vnq>?9kbV2wMXyMoGPc`BLf0wBj$KT= zyPBAojCOaA$|+NCwn@>IRGFQDEV~eo9!6E zeGLHlNf@DclABxKH>Y#aMIxeNr00bAxVWli(e7v5RkNEkwCk)0)(Zirx=GG@dvx{p z>i*U?HU(tA6*n&?Cy$NPvSVV8Csds^!_iZzREnov+y@oSA+0}u{tR2Bo{^C;$;M^_ z60w&AANQn}cGlL`vlcAq>xs+M62C8f4GeM;R)n2C-Gaw>JZP23j=mWg87UO()6k3l z@qP*Z>{k2x)%)d_U*@~Jo7vc?9zJp;{M&`>YtbRe#19Fk*VYWXmztU$J#8>5;>hUR zXU2cqq(OVR<={aL+bL6C(HERNdGZDt_^=OyjEtPAHcp;8wI{f6USLRwN@!L59}O<;Y}Q0Ea{6?w`)O%$zYOv8vsmThGaD(D!uQ>~1stU$QUJ~J z$Q3J$P)qj%BFQ)LC20A-AjA+>^WrB z=e}e;KU}VC?d@H7Rmq^+a{?=I_|7iQpXTW3GiK{y07>C&#SG(R2Rxd9(5|GgXQEf8M)iM)Z(Z&)HeB zGs!)alz^3u*7M)9J#wFC)*sWjv0qS4+Piga)zmgJxqUn|R6&_{6C!9>i@muIAFuuJ zx~aRnd)V#<4||)MYQa+6W8C^ru#@42^XARlf9Oz;zI|I@ zU$>rspqPcJqyM&TqsEMBL`663>O(1h*MCB$*kDqZ;L~T${LJe1{>(i_Ghe=by%7XJ zS8eM$C(Ty#%c~Z+xlKMbZs9@$Vws`Uv`*AU+iQC1=s1I~X@q#A2579QrIr5ZkyK4B zw1$eY6vaZur;S0Lf9~o=Dj7X@?g_^lGHCEHR>}M-uNYGyx7g(oUXIqYCZzr+#63qL ztr%-jJkoe~X8M(O)On2ftoD0+;>3xl@_DYVH}BnR#?b%zJ$qEq$W$_xdMfboojZ+q zUozBMW`BJCd1cPN;);q^p(~aoUHpo|u`vZhMf1lY{w1z1z7s}|J`
        xlH_*x9qK zS$~ntnP}6tZGC%td!(Ih6)y`5H^7E=)7EYnA0O`kBd*raG}SV%H^tUsFRx^J*%4r;nl*pU89;oQP4Qrzuyd!1<+yR_n1Q!iwI?Yl$$8c+#R03$oEm(= zJIGxAkcT-r?Oa`5vCH@NOA4JCNb$6H@7^1?Zq)~S{^=bYA8)L<@%V9jV`F1;E31vy zua7u<_;A*gh(+>^7>eD%Sw*%)7lHtBs88paN|p|3*0A1m56ZJ`-jP zB0Jy~?@TcwVVG4$XHm?yzbE#n-qn@eoTg8g&kKz<`Vy$zk%uTIH;g*R{9P#_wA za(PI=G0JWoeQ z?1KNR}c6XB2X3 z^k83Z70LZXKh+P(5(`Htc-!mf=$KEKFlE)nIAib1uCeFO_h)2(_L@9fI0tg0GA@>O&t zu~0SXK`CzmtM1B!_PA6U|(a?(bisK1*dNzb3tp^|Wc*_!T`U*}uGhahF+;b3mWbA4_P;UhJ$VU&No? ztzLFt!q1mKLw*1AZ)ZtlkUwD!I)vi=BY#R2zm)v_FaO7WX>Eh`FQ%bAe^B;t{|u77CYYKdX{#$lVa-J*|TShRFvg3WoZ@p z*)NT&-r3|r$&)9m&i_JT-+cN3zP7XCZ_;11Gg|MUeZcvNM&XpdsGOF&P`zMR**9T{ zZ(jSa$mP9rSbg^6?L_h9JE_d9ug#B7^c1(Ywl?%$H8B|&ZAt4(mL!BSY^@(j zdX>~{NiMfM*KR~cK}Ex6k<&3hKTk(T_u|EiV}aW)_r5P*S^9?m_8&O#BH;E0AJ@N_ z7;}|+dwT=7vD{}QelII4YbzC1uSH|bVcWYQA>QR<1X)2!Vas4H^+>y~@1i<8^`>8w zZQOP}AmBxZ&Gc*UmBr!Dul-}hE=xL((FRs>Z2a=&%S96t1;^|1{kS(a883Ajg-e$% z$;*>UtPIwMRaI3jEiG+f5VYxdxlc^&VdL;la{JYl-z-O56qJ>Rhlhh)9KLtH+DOfM zlWi%&$gB4KdoClR61NvmpYk6*{PQiFcXz(6k-NL391TDHw-1lib{)PVb#0!%(88xp zk+P|dhWuV==;x6Ux2ex^&BhuUcjMz(nHVtugP#|F3=0SdaH~g7RWleB6cxE&y=pJM zJ4rJ#G&C_Sje(8rq()bvqeWNV{xUzfjNYHErbtDScK*0z;Z%B?1pgUx$+I^}rS zojZ3h6gghMm!26GYs5*mwzRZ-{3y!J9T?l4ZB(upM1QN@>f*&5?^UmvSDBgL{5EWn zI(n4*WIX;VL*Z{f`r&bz=P$3>X64tfUz?koCwR=qn`74cNj^V?RyM zFZVhsN0W9kfvYcG+}@A<=JvfxQ*Kg8nl&abaJcR>gX3O&A{FD`zt`8-*XHk4zRO8D zP;+nZU{{~luVD6@hNp_pI>pih*N$n|e-Y+5&#!l%gYd6xA#3W*_^6r8# z?b+hyG^5SK@S3W*DbL`kLGBUClsoPOe9oIMQtZB!L;iNQK znjI}FDk7I-WM-b9=s9xuux|V%E78t{=`RBO{5AP(9#g(aNf#_F(--20y6Jq{5;L(d z=0h@=b*M{H6 zEiZd;b8}DUVNxrQk@*h{3_N}M)Ro2WwXw>b&@`hN;}>U7yX;%_BIMG&uSlGW7Pb0N za`gu$jC22A0fE$Psvho`>VAHHv$IY!e0xIP);BhCU#p??tEsP#IeN{-$!QiBJ0>rG z|Necdty}xj7`ejEojb?tuCJ-7dFIRy=_BM#?&4(rZS|i%x&3v0Q;vDVSVvA;U|?WX z8Wn|q{gAn-X{gctEWKB%PQItuY1E?*nk`KACnY6)YtK$=whUqr@@h1Zbe-_{y)^go z$W!)6vp$b9cY* zh-bm*DF$-2Z{18z%D})dBM{S|p|1WkBV%TI+TPBt=KXsy5fSUIJb{j#mwRr;p6gDx zZhtl)qm`x+r+(su_JTL3PxN{?#!?^dauH^sn)yxo@`K?i1Y-GbCz=`>LCsA90cWK!Sin~tG9x1+dC#Phlao`iNiY9slv(}#v#(mFp{C|+fn9%f5JUJWqzFxo z`i*Dh&en^q@Q{jjq3OB1rHt4HZn3Y@pvCA;qLB! zn)P?Y!-rx{BbqaFp&ZBFgs?RZIn2$@Qu-~-ci9F~F?}d@wY`;dcw1nOb-N&MwYY@D ziCFRJ-(HEU8PA?=qo$s0PF9W(G>pgm#$3eA`t<2j$!a`Fukwi#C)CyNEYu)iVfbsO zZ``1ejMI?*dD_=JwEQgg9gVfUj)dromi zMn{i*`xf!w!Kbb+JovB9SJs<0ZNkKR`02Jr8a1=1O5GJK-L5?(c_!7j&FUYvwzYBX z+vhy?(du2~fi3j>;z+K)CYe5aKJOUE)u*=~K71H~%wf6e)=n=kufYbt>bJE~H*VZ` z|Ni|YzTL7r0xNlWcxg2a#r}Xu$FJC_Dz2YGwQ~vVh zOa1&SN4=H{Qd7USW$7b!?@e$?V#cZ+9UbM?h#l!Iz2@#-R9t+`*!VL>I`u?M>Pu!q z^y@colx9ch3Ez`>Nt9?5@P=5WJ;Y6GX#Ch&kGh*$SXf-TRM&5JzTB(Sq7zp~m);zbB&>(F0S=NA)Tp;zU($~(; zPCWI;_V%6R2XONzV#E%KicYze;Fs5L+}J^GKmO@O%xccXx7%D@e_~>094xI75k_q9 z$gv1>o>^SRfo^VYH(7Dy7UJS`72};>9mWtW3LhMMOjd z-nem>P3C-$A_*b)(ipXH#+0qXGkGmn0bsug#oY)I4gLhOCcP0dvhO$k?ZbKyvJ{y0 z^>wM_Qy^r8$Hnzz=^ws!?V2+KDf`xtw_Q0Fjd4d@kvdp*?|vv~$T!?`#hxP72Lto# z=cJ7LtV&M+fnd2QNmCqe1Ivm<+QY3O`cSfR$O=NiIsS)IU3)49|1!_nyJrvntgWwq zZDo0J`pa9avGigd0->(heJ%qzk(dYau|m`$1bYe{)1k3% zh39Utu(3hH5s?0?-)^vkMUYfI4?t8+P3@K(H+R}!f5{)xCTC~BKzxl6wYp!m*oJ%q zoX6gnS8$ytCMxQjoSbi!@#)h$;%le~Q}F;}o*o{l>QVC2BQFvYeO?>CixN?ezidyz z6%iU5iomdmoOI^9N%FhWh5+GeOO z{IG5BZYj6t?=EjQo?&hu!31YzWgUCAfgr24TgJ-+0AV1+7eI4)AV_F%ldyrj7FDp) z8P`n<7Sr?#I`!?d=tEDU~dSU%*3Y`$!qVRK`8(QlwEhf4&zfD}?nZUt=DnaA7xM z__ww!qy%LDSFc|E{u*ODGc)7o@BjBuG$^OFgs>c$|DNBcq^NixN}Yuz?)R^s-LzMkU2*DR!Mi{QlNo83^nFbYgFB zA0Ho2e3ZnwzxF9~V3nhUa+&C6qNAHzUUWQsINz|?<*K{;*RNk)zO|j`X(cJyxl|!r z%u!+bW!g{`Q;ewsr^MC+FE2~kY0p&Z4%}q^-6CVgEa(Fq1$s=u)l#~#EFsf`4 z4xELX0pQ3fDBdT?81+0xs5rl{O1)(f9htg9&I}va$#6$4PxW496cy>sx&T1pTHJ4~FI{qScD^bV zUsYhaf=Gr}RrT`*Axsxf=(W(lac0M(B5M*tVoIUo@XVq|v;LVgXPVtSJw4Bzi;9bj z!?((a@Vb{+!Y1wkVw+@ceD{u@hX+p?DD~s`!ZzY`ot*pDj*PVVvfsajw10x!zhWCn z0OPJ*`e)DbE6g5tbJa z!LWRRuB8_~`=84(?dOmHZ?Uh1JjZq(0oT)*kdDCj4XRobMv_u zCW@#!)6#~8%9r=hZjOtMt-0nxV#!Yo(`R&i%uG#jZ3h&Y+qP{RyeZ562_*q4x6ZuF zyS8tiuH{Zpu{mvEP=cZpRRvbnt)1NOqYnkK-y}xmnR=mt7D=a(=bpb@_J#Lwa)m9T z`bJrlWmFzt!Z6TN?1~)E$i(!d?jV6SKw7xz3h<@l@Ow;vrG^nhsy!LZKpzQe!AW(I6bzSm@_lGX`}AqQIYV$LA7)5&G&PCWM5*TO?L9pW$|6?AyUe07elYqb z{-Hwt3G=j;0lWi-86~x{n_GeMUWeGXUmBuBhQ~W{1kUF;f#G=e?Ad#8A+#ZsLrJj;5!hlaQ3Wg208yKPd1U z;mE_&lkRujcG+;?D!d^~_2db8f~knGaHx3Zz2k~O;^)getS($gO8znVNLfv-9<_>t zeN|T&a#P4|35UfQvs=^Y>FMG7b#I3-GBVn97o4iI$DsC=yDFN0$BC~=Uot~TXT#X~+p$=Bc$u6N!WAA$&bCRt_~<0wf};Lmz|w($lG5ilUi1lKk}9!k55h6 zIm}(xdwRZ9lAj;YzI?Jh+sM>(5P0qD`?$T22vsW=~EA|8aKA?dZ3%(9=f0j~;D!_wJ)113~s%Kyh=u z+42Ias~bDHHEaM~k$}=qCF?vrn>6u=K*$aJI`4a`CQCox>-U`QT6CXzri*JMX-Tm* zc6Uqd-Fp$MXs}>m889n^Nkqx>6&XQOTV$z%#`u0oX=(K;IgPV^*q8c;0(;w!son|8 zZgwPN-mspS@84lAwT=Zt(rvb2h?-^_@z>99VjdF9>%>?80^kP7_XJyFWGDADRy};V zQ`9*EV3?d#{Q@djZ6XxX;}H@%Ia{?uf}?`gf6GDOQQ3K4-rP;3>IXm|YT=L>`L$%q z=+pM+1FGd6q*Suj#DT?m2~!kH6+ZG!8&jPC@CZ#bl)}}xBte#m_^SeTGD0E%=o!gb zUy=a)K6lrj?-D=!eapB{T0d!Ff*YBqu`I`*qY0Ljkijn3 z-rqNM?0i7Tm*5(5}vZgVS1j|9UX& ze0iWc2=&&!eftWFiU2(q4MmV6{|eYL*;n4!Z>OabAG<#NqI)+gB{%a62rPQ6fQRBb z8P9KKZg2mhu&{99@C9a4tO7z^VzZ|)Di;t?s|cVL37+O=W`_`j4>~B{-F;3^PnD)B zzt1ZMS6rUe!|nJquHdq={)Cz`gOWzxJ@R8&3~ZJ1u!rHw-z{ z*VVa6vC7c^Gl68jtf&~^?_UXofv2lF{BvrGM!3y4*ywi#G?s5H)MTyQR3i*5l>LLfe8;Q z%eMCX#BfF|eF((wu6>v}+3JDQNlp~XVfCz6unsyAMiTaQ%16J+%@HB&!+I66DO%F6?Z zD0kY;6N^~UzNn%d5Uos5j1u&%=Cx;fXQBfdhUy;W3dpeCrQs;+a2)iQHaQ#^D? zdM!X;VC0&wBVaJl(LH(E>55=UydgjY!HR<-BG=}|6qB20XJ_5##`fJ)5@l|XeFvaB z+z^wNnYq8y<=6ao)FynH^s-ylqPd}&ax_vY77eQA6-2x+?vt#**M=gFj*gJA=D&9- zmkmw3fsX~f4Pw-U>rWW*Cx#Kt#nneGqqpM+Nz>~=ska)E`jn`usnPW)IFsaAHa|k# zbai$0V>dA|S^oXI?~o&|kAy37=+M4CA^>Yjlmqg<6BHB{S!;UmWSr!_p+rbR0$MBO zST2iu36^C*xzyCue>fd|P^6bHX8{KaR(d(J6K zOUp14dKQ+W4udMq0lxqoW1^##6cnJVB_t%o#U1rrnr+S0&HPp;O`Or9*Kd=eu&Da* z;X_;7LyvEtKWpmg@zHL!5{+IE6^khaQwFW?rjkyUp0=*8a+%l6;Bgn1`R5lZ6?7T2 z5jrrFLqUT58v;e`jA3t#K4gvBgrD9T6lQ;azbG@byUTb+pv1J~u@hsgYq{tBrrAz87nx%b!gB|G#)}N%!>WM{4b@ zN#91sS{|=XRz2C-5j341C>$RK!C|p^74KO z34L8VfiA%PmRB>7vzJ5rr?Ept{^5jWf-3WF{D3Pe}dCTSDBj8fe4*)+Tjz!=rD_dq* z=|H+flq+@|v+N?nPn+3WzxC|5g?j+^cfo$c4b8@_Iht2vP0qBnB97@SdQigWmLM>>XVJ z5P@P9)C=MtQ=q6w669U;XXFM_Qc}?ELAP(C_HrDk+B8$22RvjCvv(@M1t4{e*Ksoy&1?W{6zwV_O?=&j<*N>FH_6j$TurUt=6-C7tR~VIYO( zPW`Ar5d@*R{MW>hZGn6B3Z_9>;Y~x$5iM2)j07?U<8zzZK|B`82dZpbjK8MT= z66TiARsGACzk}PT`l6r#5f}yTMON2D(7?%OYg#l`vK(j>HC&JvDZ?k-kzVE3kSn@OqM`4ud_Njd8W1ZeaSYarljz=YZ3@eb^FH@`$U*`EK{Xl-kpe7v`IVlcCuh?5^h`jIfMkj>P_i^L zdqwnr%-NRzR_eV0C>#XJ3F&Yjr3o|?dhdYTai$ap0OkzL2FQ zcjTsKWl2fNty{O=X3gKQj*L~1ye?i8$vmaTVuR6#1>oVshmY<(ct8u$FgI6}fdP`v zgLm)V-M)Pr%sLg*!Ru0`yNnvHMX)M3IZ6o$0;dzC^$fh5%F}*8g{Ig zDW+_nKtl}nDLf{jXJr*UU~=KY3;QohGtSvcwzg&_CNuLl#{AZofmQH3gd=7(Js+$B zh`1Tg8S(F{$G1Gk{O#)O)QA!L4y~Maa{%8{SiSTj=)G7!eR^>b1rV5ah|~jvgQAFX z&z}ohSPcJswv#~kylSPy7MUv|4A~X05}t%Ik44a}<;z16n8gMdeuvqSQ}jV|y{)Hr ztV17zAaS^8h@L7$@5iaBDF1Lqef=&hw$fok&nJ|B6y2h#(A)e*gX(s~8kq32q4_R>DCuRe5=N zx8$FhQ6^JT#0rDs@^)fLcmP1i(eVeO6IM@Kb+zL18PJSKb-;mTWo73FI_fY`bzA}! z{QUfPS&q;%GNz}cwGWcxMS=8UFGb3kOEHwk$RJ8RRB*@mo`{!jUZ2qM}alncwY?94Xc* zW?X}N#E6e%o06KU+O2TA!Q8^k?CP~^`^&{nfQcjK%6@5K%t=(g;OuevdwaoG0u+mh ziS5|GLqA04+Sn#Sq88GY`K3$lSW3W`pP&Zf=j>TPKq;@~1;}}mhJ4!VQ@_S7aVSyF z9~#_t%<{0XV>H)`i+_POA9V_srXarh%P*5_Dk?rFhe)43egNY$bDzZ+HWREfIOqoa zF|)OtUP~ic$|FuHD+ekiA5Tb4OS8CmaVHZKuV?i0Qb3#ySJsKq{Ro7ZeMOP~q*&L}qal}dd4u*1ln|4>E*SWRaSl0MDL0}oM% z^qST(I_T+#tdGTEtsS0bzqZ6VQZ_KgG_Z=>8N;}U1g!Y8#}cLo@FFN5w6v4ViPV?R z4U8i^8()7c=3nX2E3iv?@#26)jj=EmAyB}79QJdvZxW!Xi~3~Jq0N9)zb0jtr;eRJA72$+gc6q5>F|?`48B_y zk~_)!zkEqf{;|3vx1?klB8`(|Ph;cB0X{P?FKIa%H!7%cp*RJUUJaP-s%~zFe1xcF z2zeV58BVO`Cug_=w*3GTNi=EpzU&x>&8qF=$D3&%F~U%628M?t;^OcHRyMXt_(!~) zK->{sTbbEqdWe4mGJD~e;6U(WU^tA)0Qb&z@)vk=tS$@;@##1@IeB&Zn}0rOk)6j$c2-8pO_l*V*<(9(FRL{!dQ!)jOPsEojY50Ap#JPA0y4;LA@2HlG{O-fd zJ2E<2Smg3RI=HeQxp#lAg%ydpi3tRUV}i7?!WaGmtJMDVT&1xvph?&Guy6I7H#*wd z!Av4w4R<~}U%CYAT_3>NcWybvyPGwXo0<>0G6&}sHeX{E;^P~`47q>ysE`ASDbx$A z2&#`Jdl5#WQ>Gd`Hu+6WO}T;m5D|m74L-M6aM25&>mydZ9@AnfAS=9##dKsN zWVFW;5u=E9pKM%2#DJSOQ&S%n6Qd7?F{81uQRwK=Qh29`wqZcs!+jommz>~tEBJmC z@A~-TJ`vBQ(KMv{fxYL?p9gP+i1vBf4Z?6}q)^!&lr_9CO=*Xd5`0q6Sos7qA5t~B zUTeChGE?Hz6&13)U9kG`6-put-2dtUrj?NBaw66j%QjX|4W z+#+6{fa~+}<;&sc=&+8dPLQ7k)%Ccq7eu}6_bC>@GotLWu9&PdBU?Tu zTGtLml5|>9DxdrGoJxAmFYie!PsL__dBp9gdpO^qc)N4fkSdwxc5+6-KBh=U#%Lzh zgi5oqk*EWv6RM4}Axg=w46F!zeneZ>zwG`0TTiQvV2xmg+?bJ>xl6{Y1Z85F<5~VT zL~wYXjLprJXsU<_M^lr1$qCY}q-2dDJXaczN%AhWWpY$t);vL#+fb^z-LWhNBm<;dQF3%cx!SkY0rr zb=u{uzWy&S?Q%tB9#cEB_a7LVtVEduE3NvI$!N$U>JJGEvlmw6z~6Upz9}GSOSOQ`kX#QBRSCi-r<~oSC_~ z7>Ez_8vusFV!Ml3Rhr5KX#ll$7K$!S9?r%JH>vYxW<%g8FIii|;sNcf_gPO2TS()u zjK_jzo&7m}o%$7ac?w-ieL=_QfQkniX$P=J9MVZ z-g8j;@rvfYdQqLdp9gVxYeJ(CFYiO?;QFDlF}`_YZD>*U_6LHM(4R1j@&WZX^2iF> z7?ziRtX@kQ2ZX|F6S4ZhIV}gzNP^cA-tZlbGz5F6@11j?lOR)Z$h5Y%Cx}?weei{g zlQVamT0XPA{VK;7UO#d<+Ua^k=&-Oe#3;JvjzEF$dq~dpLxl918v44}V>Aj|v*s0h zw-AHr;LuR>s8dv$&hBl><~7GPPx+vc!dI4tg{21+y&pSJU27M0 zHK!XzngAeog~oqnc4^LquaYkJgCEuA}VkT+<2%~ic1 zx22UxVjT1N9i$_{b8zRjp+hK={U%HmuxUxdehrJlnN)Rq2Zz(=8VJlaZ{KoD zO6tW&p|D{UalcbqTKX;u!iM#&4+Je$XA&3io}dBXv!4+Nd3){J`?~P`ke{SimmOiE zffnUp_c8qxOc;o`p34hxp18s=0-H%)9YvEUOonLvxNl*O&I7O<#V+47mLCy5$~u$i z=;<-<-VK!Z&h1YrR8>XxA8i)WOTx%cfuQJePc*#vyRz}K{%olQ-4AYplbL1MmqtFw>h zU;$~dLsSd@26HFL(!|6>vyg3x=>RdytbXp`z^50N2OjMiZDB6hDxaj8bTo68ipWU; zCO?Nxc*Mm9R?aHddN^$0j!6)=H__9J2F`(J2fU)Ojg1Eq1V)_Lj{*)ByrVzG)*Y80 z0mq_~XDAWWn!v9!O$(B_dSp>8V;c~d@TKmT${RHw`1+D~QOlJgXd`X3)Tk_px|5YY zd!~V#5UiLV?>M8YYjNeu3S!MZwTDPvN=iz%rRg@qb`tM;6AwtoDG_*b)h>~>}I#TREce?R9;^7Z@o6J;Yfq^xY^kz!C4*`0UK zQN)LC5iJAV1n(paS4GdB3Br<&8Ur{RcL;u0^x(lIkXG6{Vg%;{j8rKM=`0cT!JQ>f zo<3Fos?Ho7dUgBsMBI@_?PH^4M0eQP0F~rsIIH3LRIsgOAaW3rPU$f*yX0ul%>_>N zh}#r9EHA78;dk%eReCAdL*UVe`}O136CZ{Fs5{WS;Xa3)o}{Ug)>7NLgRf}k#*nu# zY3()2=@=)vT%p;4Hg9jonQv0%pyA`GVe!NIA-MhL$ItEBwQJ)>7)vFkuFfbpT|i|2 zhT1XX36sy*z?UyDdVMt9kn19!6k0#@(yS1LFkX$B#uqzr1HlM`zQji&!qN#c=IzZ3R@&Qs#p%j}h=_Kq z3e2?3_3#f59EJbA`1teS8_t~hf)`^fTw@R77tjcd*?n6q;WDchu9>1h%dYfvo|#|5 zcv?^$t+c?m%o>mTe9s-e&q({2;W(DFRH+IT1(|Cf(6W6&ln@k~1c;Y04LWd^!j!Zb z^PsyhrzjHzH)a-uYuZloMzVi*`(xy9_r`3LHN?V2rI6OdRd9X52y*o^?u;v2?$*Ux zaj|ERzjTc}#<@db@*(fG#6pZ58tSIR=@QB5gR}v3nz$&1{YvKH;V|o`h!Q!nokb+z z+`+U_nj$xOc7o68{v89}ib_hG1LWhM%Y9v4`Z>wnC|VZEuzhOr^Rip`#`kUB67$lkwLd|D=*Q^cjYS4ZFX9!1>M!eJ${GH$fBf~i6@t7cZ z1j@CfME9_njNr3GB&hz~wDh-egJ_{3I<@|LvlR!Cpprd)RtX&0lS|);@0ToU{B~VaHP$K=2@qs?I)aFt;UIWVfRUM}JU6iotRv_h%VBugy@(U7{xici9}Wm`%Q@b2cJc% zr&_*;oYINx0c?Lu37Vk4zyIUiv%q&q6KITuBj8~Vx6l11OHtS?mfw)>qot(<(|#Hb zEe2x|i}ys{+uxroL;Wh4ftQG-y9`u#ioC!Y& zxHLp__}Y<=(ZjjS!_7SmQF>)GEdk7q)*0b7=iK`1qBRCl1RV!9hV60JE))C58f6%$ zg=aQewm)N$qk&MHAZoQkVgcflkB<*DvAc{1$ViBGGjN7( zmR_~Viz@ErrEl4Ar=!(WK8e_Ug(pTUM&?2SX!gYrI$GL~FRNv)%|A7BrA(Ca{yi5V zzgkL2Zw8v!wp%>0iR+T3X=<}2Zfx-MT?mZCyk)(CNG8I(10?|W@#gK@;-Vs?064p# zIAxbDWqeshPx+HFa{?c6I#O;}s-X01YHg(xh?t$8#;9;azyPd36iZ(l-^`9N>QZBb1t-`#*9?|x3-iA-n8K_^ z#KX_;u%a8{KVvE`MGQ{FCJ>^7lo)CLTLTyTWniRK|2pUn#4CfSuA7Jv{d50$1i8p@Wf(K^!%MKgG4oswRRUhPR!@fdjyw-f~}BI+0&6@jkJFaIY{ijJCb$x?zXU6 z+F;jjZNVM}!ByfC=gRNRTq64upd~9{?uro5e;6GNmS~?e_*F#WGKiE!XPX{E!Er|Y(#<8OnBQ!jma z6;IXD{F)&!krzJL>g;@UXI`B#1*&lISun;{2qobYRP*yO=$0%?U_(11rep}|~Df~WM9+A0qr zTAqjYwzrv@*ChOUgG}ws&98OyWUcs?-o`Z!2L=SdLDSyd9osluU!DXkcJ3V0)ulOz zpv0j-X*J+2#>~jblV(cToY-u6Vud?#M4Ui}HUVO@n|V&ou6radXik7j7abT?q#Ky?%`RP1_2Qdm`GmGHAiv+ge@CgC8yIv$cg!{{{tA&|AR3}fOS*;c zF*L4QiZaX5z>tAl2{iVIAR;O{-dkF1nF@6YGBt7EjVq*PT)(4Btt>Ro=EiIUXG{06(*i*D!M~w#J$F^)y z$-@qYNZ@vEBk*I}SfvU|N^pZfK64|@Ur@|qLP1AEhC6kpwTbyRyp4blKsVP=RuKC{ zYJvouBW`v7nZi=r+TLU+7TX+B%1Y4Ozy< zA@EV3U6STak>^~?=xl?5gGe;Ej7L@}+lU=`-i)@s<9D@mbkL`ElPlD9{!=|4`r)Yf!$Y~>LcxN&i5dGQAs zGjX7HW9uAHhIq3N7W{mP=<(Cs>W|N_$-)`7WvN`f3S-i>pz%xCx@C~`F}!7|j~{bX z5aS?j3NN@2MIlN}V!t@|g^O?QfKY)M=`2kB3p(&d0E_nmg)(EcxO~@hrrnlx@9|?Z z7ZHDT~pgw-_Mo-n_yPZj|oMbPmtFRKZ_VyBY*D2n`BIP!P5B&5&%O8Obo0_H&HIb~!Ybp0PF>hrQ{)`kkXpJfywW^Si(DWwEwcMPXBkr>!3`QRJVq!8=4<>2<`1uq5 zv`azbssq0a$sqeExZ&*g-Z(u-9sEkC*o9S0oIOk4uF7AOobddh? z3EdmC1e#T_jYEOK1YAsdro*EAk~F+RLXhAlJ6~lku*Wob&5qp5&bHOjd59<#7sn!j zCfn0z&Y-;<1_OMswzmHM{X0_d-28DtpVOee(1nS8W4OXbKY#u_I(l4;Uj}R;?8YGR z26GVt0GJV*5re}YKD;fK|MI1Sv$M9*ViO-;Cwe_lLSa8D_?#o7qHamMgA2^b$w81@ z@SqP0zju$LNcoN|yNbFx>YRNMpWEBp(;h#D-DVwZ{_hBJKJ*pCKQObSK#+iezl%*a zRxeI^9gALCBKR1kIj*XIie+*?)gt;j>b@iI3AQIsTCCoW1ndhJ*?VBml%lDkw-K#+ z^rglrWV+u^d!9Rb&J52TQ(p0~Hjt)Yt7T;>e&BRqBVPCl>?<&)S znD$NJSjEM~IXSPtHU@Pk=`}Vwx;Q%;)@7l^7w%r_Wmc-r^<$y7r9}ktJUa~tr>gHc zIJGWcxTN*>(a{%Y`L86<`sr*a51^EL*79u*?R>(*P-+gr)Nv&rk;?j&9!$0ay78+A zUA<9JOfy)7RwQrlRnYt3lr?{3 zC&V7L6=imoWV!taQ^suwxi3q{8nVWDaDU@2M^^ezkjtS@CRa}&u=2u-v&K=c#uhkt z@QRAk8l=Et`?U2E*g9EK+#sZI2)vhGxg)_NuqD>R$_}XmGYKW}Ylbo4z-CK@Qx8-h z?>MFhEO6>UgE>mvFLR7HM(5mfI?!aSvm7ETDkWv}N)P*X-Ab0&LgBYUMIjfehJBT` zlV3%W&B($gF_eC2vhsb@Y^i?yI07Xu0+*1+i4%un8WNB5h2IDa-1&=D!a;#^hi?M5 zhXGBX!g*Rti#Db~ke9dr$0G8xzC^M**TtNU`ZxIZXN%1NFkrqNa#)k^NWvWoyW88L z@zW@tl8p138`Gw$v=Qq98@Qj3@8&W4!fxbWs!9-B(;WizL9*;q^YcjN&|T0cW-81G z7?SAh;UUGr@fslx@Br#JK+YRw{X>kDOK0q;sr(E+c6F)kxd%AyHQWz0jYWZt9IQo| zF%IyxYHCg$VL=c#G&0K8;%mM1s@f!}WprWRL+hNb?*MpMVu>UD{qQIY-BUsD2O2{$ zK8QQuAW+b%bG0lixM8yZqy~5|;enf<>^oVatCFQdO+`gZM<)<7fUpcRx3MsGbpS0f zKku?Uulrp8#-sFF)6-A10HY9>t0wKvF;S5h61apZ9hxzz&hgU+$S)3sLHoki1h7@3 z;lwyil`njLcGglf+GxHM<`bA!vEd5O`2xEO!AzIMVsJVhS};OzR#W)*PxV(OZmI-P zYNV%k+Z8RV$k;GGALhBOfDV-su%$k`Ch^QLR?D6-G$ihjf}ym32K!*40VdeC^UfbE zb0Hjm$=CNu(LQyGBsJ*PE$rQ7Wozq7PrTU)U%Akr5vL^#`R;9Rg@k-za6%Cnbn|9~ zwd_H(qu;uHTdz3#e720sIOBQL^C*Ap=byJ;YIy&C9x?Cd&yyM&*uZInzDdQ)hC+m8 zsE;OFBkD`NeoOkX@7~7E!2!ge!541A2)4oqR$Uvx9BfINp+@z*+I_L>a{O`$>13FIE1Mo~a}kl-oQ%e&5AUfqM}aFs?u6~xnAjIY4S`xR!2@V5QOWO z44Xi`KO}v9S{Ys>aBS1#;s*|3uL_^+TufsGP5f9}hpBMxFU~ppl-Qc9tNW$g7M94~ zx-Zkn!!UfSEn6?^t{mRB#73b@jESh5@PkMJ;p9zq^(h|O;y5%|e;br~Y+(OsH* zmLGd=O)ODA(U6aSa`8pb3iJ0%f18gaR zJp%Z`Z)fMHYmGsT{t3?q`ura}5XEE=71cU>)@^ygKA)Ugj?&Lf{Mr_3xh7lYUAw-G zkHx*GwVZp({<~b7Z_d#!IF#ocbxS>pYyZ`rG zWcsM6C?LaI3VWKC;DyE(OmP~hyU-0KAu6hn+>AQlVZbydEubaD^epBSbuN_Um3=e= z(2(giZwQd@pLVM+>i}Co9i^TJbcBgr^76?Oq>Be{zxWPd4+%9j+{LfLIu*)p3#lD$WJt4L-j*`&zKsz^x69-)-IlD(hv zqq?r^zV7>ep8I(Id5+`x9mnrDR9~O*e!s?fp0D%$y`iaoU=U848 z+uvRj{dvdXp^cljzt|YDSL6Dc6NmN&oH_fVB>uJYdiK3K4~{EoDhXEWnNQ~McFTL% znj0!+iM<+b;LCCL9t~>}&G~d!yFg;6P@oDyC|V_}n&1hlE)rD4K^6)c;@(C|MuPtk zH7B9yPbU_|Ehs2x@i9EdYu33}Hzy~D{MmClO|Xx0D-Q+DgA+BeYL9li@a}d#+pF7O zpVI#&XY?{XtLhOB^IrV6=Qg8ES+5yKV`JkRBf|x=&vcXY#6v#pb)sOed{?`S(0!!3 zDaquO^W;#g)Y-=8j=fsrQ#lUZEUc`!kK5GGW0lj}w{O43#P>`u&w?%vJH$XG#7Z&{ZZC>?R{-g#W)-o1O@OYcU?d1UUtvu4j##*v>t#X9cN9b`FR zt|+4;R2Q&WW0QJ#wq;FhN5}E;shRQq19y3CEG*(=rUNwOdutPFrboN)@+q`E*>_7V zY-fW0GFsZj(a6O-=fUQY@1-qSwyCC01C1|a9J=ym`jT$3Z@YQt&V0u$(KV7*Ix}aO z6b}gzyS!$4|JGAAwDJdy+bZ1yMFkJlk?Hb?BTX^TnP|4X+g@t3qe5>wl z^eghUe;;A*=*TT;ReN>C+Tzz{-qR&DHR%rBA3OLq+MTa>xb0B{3kU5=?w)}G&zUhx zyBF@`eSKb;HZ6KyM$xYHHWLF)9Z!r!hCfFiIDY)eDxbZI{@FA%5BBgJVco1g(3EcB z?(Uv)G^0M%Ou@4HDT{>dmu$OlZ?0g?k`C}Hczbr1vyF_}7S3m$s(3gxHC0<%J1}ro zSXg*`!MZm7F_-Pfk00^W`=`GV^c#wNZ}v53SYM)9;XU>3+PXbg!)4v<5iWh-CG0Nd z=X+u6^pg!9=jh^w)Jg_9_MQF$hxMKrPmh%HHKZ81l=|^Voc^F$b-$u>|Dq*Ph6~!C z*+%PJ9Z%{r&k%uc zBoWe~t0cYWrYeF&eWp8u5E3GC4t=!=Wo2a@gPa`)j~_p7Y8v5sn{Dk{;gxNva_Ttw*-&9C=;^PDxr;@0C*!6&2mIsq5pT-RI7o~-k zN_%>GqN4bfn5%1Q@J~rY*6bEtKYqj)uJYAe%3$d$bpMvogzv^x<|sDniwMFWuS9Gt z)2vcfJ$%@xz;im!ZPcpanTflNr{^3VI>6t5&CavZ4qd8v7A0m8)4Zwq$@Zk~+nn3i zOG`H@c2ac3J%4^4OT1YUW?h%$WZP^;vYQt9_ueIF0PWQrlz)H z<;rJ<>0K`^Yw$O@&Vxb)G99Uf3%h(4Jd1oR3rr||&#AcQ=IN6FE4+}2Ko4Gt<<>(8JY3%XOKRAett7k^b0Q6 zq-@)^&TBD7St0kwaA{T+mW4^(emyN&E{Yo5;1(lW!Uj%7JjqI`&IS6^RWXJ=qwpsuFo*KgnM2L{II2uYeT zty~e@D=7r3(&&kt>l#hM3T#TQUx)F;~dS~tCO#yfBRz)dYBCpND z@d-qo^ETs@U{8AXTh$&)9=Nru-} z@@Q>YeUYDB!LP3`bws}0aKP`n%Y0X7=Qf0Q35VIsj10-6ZoXV+K0hhxPc4*p>eH!S z{;h7 zp23+Q%8%z+n}-_e)?ZiMv>~4$*j}5k{D-W)@n1LW|02D2pxl_#9XfQ#V{&Mlh=}*M zD;&t`Gkx~NTND9_kzt?3*^ZK1Z?CS<779e}Sbd6mjY6Pmvf5lRT$%dAYjosuU$R&6 z^0wh8G!XCk@dhp~uKV}zFKrGbqZnPnfOwyGWV5v{^CUwo-gfGgo}At9k=LZ>Nn<;oSjN?>y_e;l(D@WE%4{pKuNGanxx zYwLaqi;s;hEkUp9l2QwHo&FGC>kd&@(RbtA>b^RoA8^(+lZv+l-!2%vC*4?Tq`PuHK9^F*bIe7;sydbNe1dLEPK% zeOY67q>p#cr*%rqXk59#JTG7FP-4cqW&(0yL)N4)625L?Nb;g0#ofDik9RE0&jzZT zD)gQ|T^Sk}5Kxn(pE@_^DJ7M~CagzIOPdsjo^wM=fRc#1q#C0Yl1n3Z{rdIiSy?_K zB^=`!Z)qI`QEvK5b~*LMmoCoq zV{PUD-&wx*P3!4}yIct2FCuy^o6=4hejgbb2?+@SBxVa?I=E(${Xa4lV=Af-H&atn z!@|N6l8D5vvNcTsN3<XCK{Gaq+YhrG8|K&$pVJ8d37eI@=_!#QbY?6rF~Lle6dh zcL~5rP?9zAJBw~Fqo&?rSzTPKOT06`x8XVV8jy6mq@?a+%?GBluW9*ybap0ipq1&T zn#w6LKiq2Q|L~#nK;w2JqZTC6hfvA>Qa+y@d)){^BI-BfL89&7zrVSq#ro0L?(T-U z!qp7>PM_|&zG_49LLk7jtD9S0qONuE^;PI6H6Av;P0>t@5BDq{FgGWgvH^-^i94`-(_V@S4mUHs*iii{}%=F_^-rnBM z&dxv%y<@#KlAEi-q%=yOtzW->%qUEC)9B=+i=Ex);d2ywZr!<~D-?*rLSB>min1M` z5_wHx7NqLkT|P4uJ-d;+3JX)f69rQpw}7ZU(aqc1+CV16kGT=Pi62f^zV!*IM6O{=?-P37=QTl1MNO`X{JI?Tnpy0(k zed^d>uV#F<`spD%yOB$@Onvn!)<53-`t|GKHlv64?rG}i)aE+%OSQSa1*v&2NmSjI z7c*G-UGBz-`eZ`@GByQ{)vG-0l|GPrqo0PW>{7Umv2cz}+ZKR?lerI+w_7hHWa z$jm#(tk65sYr+ulM^p3D)X4Whm6-b#L#^(U|)@@q;2>7rtVQ+btp)a>Y z3mRh%b5u?%EY78;r;i42Ke7Kd=VPq|U=EAy=JH>IS?%hP^7$n7JC0sr=KAdl3L94; z3*mcC93`l4%^3gs^>5nR765NNKhEFg**$TM&--~=nu?m56ZXl@&J8{3&6VX1$%fH! zDim*b+5b4`>^$-O*jrVydUu#yFDNKrYrlMLdf^V}n!37Q7ydmnIyxGSTWB*_--Zou z$&gp{ov+Nc`;I8EuDp*L?+(%!n?y%M@lZ@if#_nhZS%+LJ1c^spFBaO|JL8%605dW zyI~oz80xlUcEL=MJZR1hI`y48-cp5x|I%O)Iq6n5w&1R#Rz6=qot{MEx5NR8FcE@>C>UP3`LyMl>fPMF#Nqr z57nj4udCNDsUAhipZ@;((hsYCiy?oDU&k8UmHa$PRJt-B=T=(OlO-~B`U)8s>gyl|+i#f6RZpQ~CP?qYF^sW7pP4nHMdi-M}amDHB>EXQ5kDx>%#@S-vq^RRB zts6cr-MC}tjKBQU*Gni|L+yp_&CTv03&_u%e|PfY#f!4Cvf+;&q0g$CEdTpRzJ}k( z?fB;|&J>x;fWrRXP9>1l+doLu*l@-OgeOXg%1%~FN=iXt5uq#au5Of;krSX=a&kZU z$-R#?&(IhgIdb1!7AR!%=F)fXV$p}Zd%F`^L4Y@K?Q%S0_#Mi^D>CM`pAZr^I~gA) zz0bJ=@n3afr|ElN{l;rm7kpZn5Jl3p^p!=6C{zlDC2W#aszr6>9$HqHB?melQbmZ zL-hduTkOYv?c296)K)A6T?D8cEz|AJMnaKxp6>$c>Ndl)rxycI2u2}6y+0{#XNTG{ zG&Hnf|LtG}AMYC>!g|Tl9usE`XAh~Xd-tbgMMU@c>j>#8D_^{H=@RcGJ*SeRqa&&_ z@ZC~s_xAP%wiZ8-vNHw+!~I@453+Ei0@VPt)Wm66=eL}M9JR}tZPlvB?ae2}LkbHO zs(?v~-@Rk!;Gm_U3C(4WvhS-)3i9{YN>Eds-sp#3gYs(PX>t-lYhYmD>M9*VL9oAX zZf>rx&(sPF9-tdQFDXQgz++`+LtESJGL-D4BKy!d`}{W)oi}gZsOqjGiq52^rBzo~ z3pvq7mQfBMC!luefM1oApul@AOn3KXAcgwDxC1t+sp|3)MZwREbL_FwD*1|yt`s|6 ze||+htqPGipxO*A$Wq?^<+OHR$(7|CE7$Be=s>Nw?Am4)9@u;tEH1bW$aMXN4Z<1p z4Sx#?s1w_t;9t^je#4RT46Dc=l%Dh~)j2Ox$3fMATswAw;-Me;Dj;J^$ORu=QgMG5 zDipS*ANGExB^BP8rMkpNRyAB{E6=~yz~^5G?JcXZbD9z9(_e zKVr5B)iEDwNh-k`H_Ez?y+=!LZOw;LBj+)}E$e#zRJ7Jna(z!!8}S*~+y4UY0PX#V z`UcR>#4FoaS-DM4PEJH*2s)#2*11PXN&Toliz9b^kdX6rW>?TNZji-%&tYGIjT>Lu zwtIgqx&U>j2Z7p4k1ST0`}r1hf|rMfhnM%yIBh09%2quU);mra-wS3j3WXy^W%)yPJcXJK4z@xY*9_#Z(j8drXk2_<1)% z=o%RbCNAsRa2?!QB}U8G7`+o}63ATUv9~lQ0%@b{kzA1B&^I+L5u%)U^_ZQXoj5w6 z!0;(}pFK6cxMv7y0kF~p4R19=2}EJg_3|sn3Eu+QJ$%8>h*u8X>L`}QRli}R2O1Hz zQX}*|tQdr=B##C|LqjYuM4FgV&_T%qpoih%;kCCwh}ZK_6g|1_WxfP0_BIIa1)jtL z(_Osh@Ba(R3nVFRxd`Z2C-wxYjDxnl%E^HO6=b>_YDCu>Pft&P=k?FZKYrwu_srfU zsTL1?55tI^PHcp^APNB#CBpla3#`Y9cefJ;^b;S+x`_)2oSORijV(mhwoR7Ddc*ql5jnTh zbih@_#59LrEo1C^e}4mrE6;A{9Zu^MJDm?g(x2)c1YDh`AX3C41NZA34tNN($ zWzd_T3APt50vvCldjk;a1920n*MF+&YSC;F+RNC4yjVVv4HIPY6jO4Fft4(&LKlVV zkOXMon*!xU;A*%f`F*&cmg9(m8kni>a00Q5Bd1fBiK3`G(sF)ZVZUgo)! z7@Zx1x&Vb`2#vUK=>=TzVBI310RAYn$>9wN2>tnm*WO1@FALxNdA;<&^3&JSytr=xosr za>bwm4*)BGCG8&0OUIZAx;0F{JBGQ8BhLjM>GM(Qk9Lv23q_^l`*$Xu zT{}Fd&X4cg8KSxqC>jvrM|bzyq@&+a^id&A4wyfC_RJ{r>=Mp%xe6&v6s-kp*1VG< zK0H1?9(W5;7LvLZMz4pn)XBV55sV@mV$@_6Okb*6t2#3yz9Jq8px7;N6S zc93oL>f+K;+GWe+tnXJVqAhU-pdn$UANc!=V{$M%Iecpa#6DyrIk=qN&r05P2`n-^ zM_3IuzWCl?<}*GvmTZ_Fo0ODvW!JU?GC&J1}5Ro zpN7!_jR8tNW(;4_Ei@qgb&D_ *KwhBmqUz1x{AC#zssK!Rl5YaVk=2-mcsqc5mdDo6J=EeSr)NQm^ z6ZgmHjE6U5jR)H=cv%IC2Cy-d)Ro`JZOq?JyJ%sHrYqoBQe@ma)4FZzR>l=8Y%nlD z$b&hE236E0#i~C#8mG<^t#fA0*oDW5_YKSXGDcGxGQ)+b%af1mUMO#l4mT(-2uf+_ zBUnF;8+ng(lwf!*b?(d5JMGY<{TNKQVICjf;kc~PH}19pBT=L*M|NF{b(DlTx4SoA zFh8A)j12lOVk7X*9W`U)aDF=czAK6QQ`HG#VSm*ymGG7=J#G235J=hB*<-zjuHLfbqo=3t2zeS3{5Qo=(0$dS(g+)tvTQ4FM!&C5M^(h^^}l8~#L%9lTHtO%;9sp+l^)5oIOM@W6gu5=n0zS_r!mPin530Zo|zu{9!O?Oa^+?_webm;gHd0v>|>TdS#Ee}9%L*=KP91$t&6 zy-GboR>r1z$9T5trsa%`XInB;n)n`p-e7miAs(ZBl=%x_juI)G6K-^XAjITN8j6q; z+cDtU08LeKUtkSwCa&i*-*1*>+b%Mqm=Ni+kn<((P)Tv|jy8W2@UluasOep36F=8Z_m6bKs^!DwB-y>5DqcH9T(LkyA zoU04g4dC?|)eHjF8Lxg7N5?VX1x#a-zb7exo+Cx9{4it`Q&1>Op2lCR9(abw?5H8`(=je1H^l17ixpLuS$V~dp|wWGtt4^tMe%fl z$sN~J-M+uOlWJCY&c-ICLHvS0XHNyf6%YC&Vm}D!vBf9LmFFl3E124W zP!;p}_UtG4lI0K_EX!WKLIwXeq2y^=K>C&KJ z(+&w~d7r-N!Zaugp|<^#zkWdo(-bA!3Q`eh#&toIk_djGqVPeV`7*dde>S%+Wil$fBy>t?m2K`j8LHs3 z@blYS#8?%yjmh4c171(kU}MU)truGZejRmF!rb@D)vHz_(BusqJ`X3bggFkkwVof> zf!IlCmdI5I?mc`jBqYHtj-H50{A^FnzIJWWESpeCN$1$XP*TDmbi*GK4t93*D_7RP zP&d~ZSuT~bUTjgD|@41zcN3i)ji`||@)15E<; zhfZt|`UVtVkWC^=_1|VmY1u73`tbUociP7ZY}y2!2vgF;FCmbrQ10rqop7VHWKxzu zSr4GsGgUs(Dq&rpa6dA@XY1^fAxptGY)Z^P8DjDk3}R3!=-zBha=MUqF4saRg|{qu z;8eX|ZrmgNq2}15Q4MP-2sYS&{))N(^uhd3M!Y8ttCXpq9*)tPFBmH_YY!T|O1(KJ zI^~YZ>2t9|mNJ$y?kOw9C@2~4F)? zd0jmkYUBn#^w!MpnOzu;7}wuO5bySo?w|k3TQAv!{^f&vmKk7B0u2xK$+-S9`WGfW zr1pAV?9TX*8!EFh#AxenHGBIgGpDJ z%(ln>xbh}Ixz!>0flv;={+87<^Hxzia*WT#ywnoZ$&E``EmX$}^q73}6ih)3SCmJ` zeSO!x@3aq8(H&|JK!;8kh*A?sZ=n1eH*TC797QE{Unv%%(itHj&DIlfDpkjwAp&|uO}9Q(v#Yy%Gg~8j zyKpz3ZlZBa-whSbhpgtAZaX6)A|{91vobU5twR(K@$&MPl$2OnGC67p!#p)$8%^K# zK0Gwk9S#@BxbR>Olm`j}sLW#m5Vq4M*L&U_-Z3C^t5z$l=B^1YsJq=ly5dPcj;59R zzXnE{>J^W1hF((=W*v2xYpOce(AR-7Fn5xjUS8;I(MtnkFhup0aQ(b;@?K}l> zG?G9jOwt2_qz^?qw^N3r1e(b4icerKj zp<*N?By{M$LK}AJtL?>5>|?{%{(cV(o>L2E%FlFC5Kl{>2}7a4_-XmYPl!g$SKxJW z1{$@6TMt???TR%gUy2h%*K6N~B5!C$G%MD`b711z(c3HN&5QXgrg5BXY`Q@9=_@n(V?4I`f2jF9<0KJQ!_bAbi&u9QT!5eXctx&8g}LUES!ieG!S_lNUPa zdfm6JAT*CW)-FN>(x#?+>kF!M|gb&ysD}AqX?U z=hf`&rqVw0@lI<|L~h=+x95$E33NE|`pWX|-v#9uIILYw?48_hfMgGMcT5D**Y9>b ze;xxc;%Xq2e`90y!~Xnq$k80&h2k5m6_0w6*FS!crGv2oZl3iuU@4vWyTL(|5jh7| z+P{5c6;$jR^cp({hoss~#aU@PYs9* zkk?RuztM;qjI)H894T%;{B5Krg?tuf=6e{ekp=^DP}qS_YHFJQ5wjuAL)&@o2-daB zeJuVT&IR;5Q&X9{--so3=#N(a=b|ou=Ze2Yex)agntVX2LjVwK+1d5t%%#Ow}MmKkV5aWR%Yf}a6db6tib zf`S^5Xkb$}FX7?(TC!5n{9zLO^mva(xb(5>&BW+_%sj6x+%3}5*2c)~IqCyknO2W9 zjg4g;dp?o;K{S8NziSFchB-JM;AuF_Ozq+_si83M2*~X&$|Pn>jxi!I?)&Y)1h1%# zKe8vLdSM|S*$B*6xEJa-Gb`&TJd!seA&v0i6^)J0+SqLKBk3Q>Q2Gy7fsFz#&CfGm ztvpb9Ct{kq(K=%6~Lu4pIl4850p4&d8kFbg>) zZ6o>R}^$PSlr0Q1IJ67`d$?{uO3$V%E2>$8ad(O;xg}@;i@OGUz#~-#$-}e)RKix@jQ`hBDAU5I=V6Z|E;j*K56mesN`I zXFqT{_3ScwV0}%EwyL3`GUhaUN$FyQSAgu^a6u|Dzw_hqfY997XrRQ5F$A1fP!BX< z*>LL&ggk#E0F}Q2lGU1&orJHYB%GnZxG<2Rftxn8QK1P|;a(oPVrH`#Q=E9=xvvtT0i79{TwxAU)Ctqtw3T zE`Z{2V?xkFZwi#VN6k-4t-1m;MYY^KJdzxBS?`nFJUoKh5;3^CDxA>a>E$IntI0|f zNqAhHykJNB$QeENX#fq8C{BWD9H~%!1sc2ez=5z_hNx;77S>3eJG5Sd2o! zkl_C!ho`~Lzh|wNI>l-Qi{U*-6ctRic>r(4G(ZQNg|6RW0pZdGmU1W+kP-y9+hF<( z9hfFjQ|hmJ%ek=#c4hff<)j~|GI)Emqc3!=jk2ywW!I5ylg{gAf@+6xQo=>cgGq!?e;bHkP~W1X5GYdSYpqX8pB|IpC0 z$zQ}M=2ZzWOG4$xl(gvU7$4~agEaB-g`h(fqAhn=6R&ONHC_jqVFxXUIR>tJ^_x(% zFc$cg{xI1DS}RJRH~a$4z*7zm4%2m4egG%zl9AE1V!afuTzlWNqxbdGr%yMjg>DHf zCt)UzwqS}H%9?q$sTw0dc&DsZUd4=R*|NZlDqN*M`sd=O(k=&uufb^W03fS4Ue1649Q5?GAtpgfey!}J>8zP^`a zn;&;%eU`Fmt_1>aZS_JXV;%~Aub0}4^8oyGr%V(eZJnHv7lTPD$M~74F&+;^9!`cs zw~*FaWV&1%p&WQMT(BFO5HL(t1gunk(%G;pH8wT^&ELF5s&vmx^LKgAxkl?Q(S8&o zxIdz*k^1xV^J=8|h$fE)=KI8^<#|{Qgae5}QHL-A{7_bgwY7x&g{#%(A4lbf`stUS zpZ_fpq5>`a2MDbl93T^x78aZ7-n@?knS-XO5-v11(PFzopUIq_9CnMfnOqO$$fZ{L zs-)(-Zpph~8ux@}X>#QEmu;*1td+xwF5jg;{~jx2zaaD~J%MbvmG%Gt7kT_6-5zlQ zwQR{7^`|UUyq5fT^8V)tiR$jZ;e4Lq$UlFk{(WNXx9Nb{e5q7Dyku?OjDkbxa{nWv ze%lfLnNeR+`2J?sU;E|1nW`F!$a;oR4kdYS=o;Vu*t3womq;fAY4G~z&wor>zr9<> za^jfT81_Ng>UxizZAsJ>wv$y*Fk`+9Nb;gMTe=40^4Z}+sUzQfMaU{^aPA*g25oI^ z$lrhf<&T&MF?zVU{;*{K&Is7ywO}rV0q!qiTQZQrCjZBG_Ae#2f;24sE5F{;x}R_D z+SxXb;S|$+_$XeDHADUpTFo%x0EKN~Jk5utj zV-W)Q7b*l)Ys`}$ngUdwhuR7$=;p1CQJO%NPRPm_sioln1F#X8XbWK!H=wC#C+&Ff#+6k>10VM-2@V_ySvS#-hR0J=J%q{tax9HmK)Rt91f{}X0jWOJXl>|+lG+OKu@0l zJ6SKowHWlUFQDF$vTnEnD>wJng2*kqb~Trk3G(wRh6g~fz*#7qu7d^$!=Y}z4Sv10 z@SE={Sdzi;H$sW8t0NC#p}+R&qTzuf24W1_HFx{=ZFmi>7AlhiV-!@ZP}g9w*<){? zHsjL{@rOKrgp9HqL8ReuR~wWMqzguwgM&EcWa|S2@Z-lx9^30QjNQP2h|r44%E9^+ z68NjC-Ucne%yOAhu-GwWMa3eReMJhqH&6*qLDjjwv<}sPNG1h6Wc9*VqLa zb3xdhfk;3QTQC}eQVfn`{K{EPB&fTq3#^Yk%z4hJT=FW}fIwrkr$Vt-ruKE4Y` zY;r0B{Eh*32vqc5dT@qCR#sLA96`X80QeH(&;pX9LufgZcd!cf8<1yatT)|x@aVXC zF9%cSj~|TO(&usZ5zokR0MxDk1C#IU%So2*2D38y{#7PE5x;mHp%B%Fj~?-GbIZb# z3)_U{$9B*w=qw|sRpfEjqb>%&sh4+VkF`0LjESB;MAq#WfRDcWVBzBYFv4P}DgA(F ztoP~Du{aOuzRkAz@*&U3Ru^dJbWBVQ+&YVH?0`K#U{bp9_%$AoPnvXuW0(ZTByL)|cbxJKwi71pbEkB>B2kAV?K<`{ zG2KNAw(^UMiFq`Y3e*z4dO00DTXgjFpK}u-6~@pa@KW63`L%=sfu-gUO7Iihi->5$ zQepdy9DSiAZ9}%=sF--j0B9@dN4|R<9)^9}(J@H&D6-?`2re9}i^Oyh7zxK41rXJH zue^N{6Bh?T!(fgZoBYcR3U0?&lpe@sF8B@9&dL=hjvtp_NNx9?tz4b)mIYec7Fcpb zU%BIWR7n>1U2YkzJi#)1s zuE|X8>H&Vre#1cVZNFJxqc+1J|D!4rX_rtoEgNm`z3 zgl&XsF=qUxs5u=>7NlHR@eG@~+55bsqt2Gq57(OGNDfXOkUq)=4V$*SrmCu8nBP}b z6=lQ!mYYi++l8$y1T)|pHmHuE!(kB-yldB5Klybm2WDnWGX=e2Oz)j~&}Fi3VPOGU zDiWsMbF>nqQ1$3me$0ALkzzuV?hWgF+z}fJJ!awFx;@SF4Tvbos`U$ti;{YJh^Qvm z5jf9=UOSHE(A%;aa5y%ehusE7YY4H>t`l~>C_daFFeJo4M>jQzc*ZHT*toc`c&)FC zVTf$>o5_JD9L+N7u^A)L+YU?ruJ?^EPLQ+Yj*iT0*Ghr(N^f)30O0w|edmMV4Z%}% z>sBPm5AZr1FlG-A3~;YrO`gotUcGXTJOwKtAb^7sDB-UV z@hB-5`8O^N#&HH)KU^C?0}?h2Zzxr*IIfOpwiQi%BgV3 zKK1)Qoow{Ac&e2E+h`Eza8OVjFZf_t;RjUtcY<5Lav-l8vq`n!Pexrau@8sGGH=lokEu#vK?kp&9*!?L)5TeEcLNEu1 z%a8Y~SmnP=11Eqx;$It)Pe^~9QpVgPs&w85lRZq+-M_4h;-Kc#ltG14QBgtmk;1oh z^+ZBimjb-ZP+73|ObiTK3KH^YvRDITM&Es?s@Re`OhodJK{UcP!x@A!a9H+i0rhYk z!sinnA5HS-&-2@h;P-F+@&!r;B=fa6T!%(1Fa82D6B*^h?Y7lVZ$RqG4uEWe3S=e! zR0Lpd+cq`X;+I)j4Rh~st_A1)QPZ+>b00q2wtf2u>NHAo{TCy{5}b|EzOE>Mus;cp z7mQ%KaX~8)t>iZb;EBkQCq4?&2*3FuV<%)FzP+HUt1EHyA`CciXZ4kkhm+vrfdv^R zL%1<*OWGrvpB@UpNdJ1|f!mytcZWyg0-E(6)AvPh7tzv7#{6I@b*2PTwS2X zJ8^Wq(gc1<7YuPb1dH)~3%4$zG@&x4=%=<}3m^mTAU|~NI81PNIJZB6_Jom9Y-*}4 z$is|hZ2fWHZUFhf^O$+!>lwi7^iTeR&&>fx1ySMNm6V)1dD3y9(GKt@)W!2bCpHzzDWT7VVr54fon|v`5X8@9Q$ey&20@RLtmA{!E>MjXcR!I_yHLVr+F{R1Ar4w zbk24LnLQLS5u$qoIUUF;Bp_hJIe`727~(*PeNntni1RV9l{~`q8^sr4^*l3Ep7b>g zV$h8-$Nk`7SEvyXI~Vo4jzWt54zr z+B^(125Bd6OeM;qD}#jCpgWvmqmteH>;gsL*Pb4DGf@R=hrb9NhMWr@R#(P$BpyaJ z#s!`^Uu+Mls;*{LPJv}(*SToA<;&AEGMpS7tXnb%0mJ}=`Tde~67l^BmDW1AGK?tI zo{}DDE+Bs7bP%oqNShdW9Fn!k#zkN-cp$Hie5_7R0kZB(Pe7x7Ur~WXZ$;#n+(#Jf zKX4$4gi(6AoL^;DnJWq)fjm zyOa3h3Ou&e&>(7vzz~(^P7EFdj`yMjh=_=E94f@AIaq$qV^!>PzLb{6;bjGOV&M1; zsdJ+lQ{3Y3iO5`ri=S}QPoF+@i?VIuXejb6Cw+9#F=SkZj4MyXR+s7mtRwM_a_nPf zXx@O1>cwcSfXl~g<0LHbHKaBwBfz&p==(B_&$y;#?qAOxf5%Emsi>9CL$TawG%=6SA`#-@Zkb@OI3v zA-NDZEeV({A!=h!U)g;pZGejl^SDN>#}*Nhh2FSG`0!v}{q6Ad0ji{D-E`d=dII@< zDli5yGmDuQ`I5aKwGA@9KzX*$;sP4)4&dkUD_hhQ7UvxD-N$!14;UPu!&xGbM7U@{ zRk(Ma4R)2+-nM?da)OTES}AoodlVHMh91wt`@7<8Vambs@rs!%;)`+8(;c9O7H1%g zny|;9jL-@|yfA?(Ic!E&0*NKc`uCg|aqsCO2SF?@`cIV!>%ZSV(y{ob{nwbp*uT6?ee^X~n}em=k7=jqYyzOVbd&f_?~(|HA|Dxcc4fo%gp5Sz}N zK5?EP$d8f!PeV=+#K^p|AwgWQK664=%{6+g+vO7D#ooCot*{=(ld>o2RnJ{9;4{C% z$|U-LYc?ow&+HJ>Srw%$^E+ow=bqfEb4Pxxq$2ApXbnd_W0CAOPS3UzAn$sbNF=Um3-nBg1FBna)E^)%4KAI$q4R1f`T~BKt@H} z=O(8mxXw_rrtJ!lvs;`VjuN+(UU?{=c-Y}bZF`l5cAoI=61TJ#R4dqMn_zbE(T@Y*JFvgyPN3oD&U+H$y{1&!;j{?mT#~ zp{eQjT(8e$TW;d&B^O{=O#6!3qQ7xiwFC2Jxxxw?JX^d zk3U9#y|%X2y7R?)e|jb+rY&1?Et;Oy)+$YT+O(vp>-($}Oq54NMCcYf4~LN!===M7 zw>wz`F1_?z_=P`<+xD<;*EZ>T0YTjc|Mnm=J$`f-&0fD4jP@v z)+@n~bKNeT1yaGac6zks7)p7} zhI}-ZSzFGNP?e0gal2e~$8DzNV&(X7Q}WI0*B!^&a`nr+4Gj%7G&J(e>R0Q1R-1~P zMt}bNd1KS|)-2tlQc@*PyzR>!D!Q7FDIG@dFpL zJiiBvH(M6W9yp(MQ;-^mFzw&BeT|1;(`C%Lb;Ql zzpkmt0jnc!({6CE2D86xDI*-+)6t=%OXp!=P_QOo~{uX94@F|>bcs!-rO-tk4>r=)o&ZU)tk*KL$uA|l7vx?&~Wo~&^U*uV0-NzQvP z%P%1f-|@?h&73_6$8WM7vUD77OzPX1Q&7M^yQjY{N__N7w*FKo(fD>7Yg!T38yA9I z6LllnJM`wWvr*5Ik}L+_+jis+_f_8Bn@V|~nVeQV=GCi(4-a<#{`KqayLXk$b~kJS zm_B1e3ZexzPDFjr!h$}9G}OA9g}a- zbmz{Uj0`?oTU%NBhYuhA`t=Jx=X1W0s`e#I*QzxmvY?=#je&*5%)(-LVnXknjO16h zzr8M-o{V^S;y-VD#Ic7oLWD1OsG=`6xm909;PIPuD^u?|<68EKi_bk$k$z?OT|Rdf z-^F`*>ixhuCgSViryA+u{5oPog6NU^okgsq?r<9H-@iZRsLSlnpR6cdW8;2mPS2l? zaVT??oL$3{lP;4zE!Jzp$#HMrzV%)l-j{fB9pNfnvbs2W$g&xQ`>rZ@J6fN#KVv4b)uo_wPZ8gzI~|H9b447{>RpuC8VLet7toGM}|uw{GF~j=Zq#e8Dd) zY>yI=7hF&L^z10K)lb*Rq@rWz=~>IW{QhoJvWk9=f#1%{!D|ws=nWzg5}I9ET6xcs zlLsS3%<}6WF;Tv$s@i+xNJnGiuO=0l7LNIm^z0kguS<@$KR@a`b}Km8t2K(5nOQkX z?Cer>mrr(1&d*OVN4r#+9`5c5Z2M_;kL;P#^8D2O`}gPPU1jMn{k903x$}h&&Qa*ELe`|8vwbc`gYyFSKZL>L&7fkpl+~cz7(K^itH)LP8kP{FawJDLC6Lmx-E> z9~-=UGm?@_^z?elWHMaMCd>kF-(H%tJ$GkWP+o>lHLHKEra6G1+9q-JD=NWf{u}kU z;CK+z0o)PVZC1-fI(odR=`-hx398L$>NP`?S*HujI(#!&>y$12(dVVSwRB{#+S4g%isQzvX?7628p~^Ycn^(o&L= zT|cLJ!$opXCUub_$+(&8)~(yIV@H&jHA80^cF)(ZU(qVfJv!RjBv;OsDD4&LGnONc znW*1YG5%Cv|0TvcA}Y%2^5qN4c^z{v3wHlgBU=mz;>@mc;(u98|JS^bH=H=?_RDy( zr{t*P(9hMSNft)NkhXn?4mnK^HQ=A3;F@s3$>!7x_jX8WWL?tQ5kN-pZu(BGdFj%n z)2C0ny3V6Uw=yv7J^OgtF%D<|!(`!e!tu>JBtMJc=44}x@6#H?4cjuV3nk`i+c?EaE_Clb-*24KH?gcOM}EhWX$1GNh|mnjJ4g zV+R=M`TI5wiJS*9(L_bnx?bevS)s+hau{@<8A%#9xO~~+SO3Rk>Z+&o6rYgeFS@nt>hqY|o@umzaGph%K<+pNj+FrhVx#BW86PLJnA)rx$YD5uz z{FMzGHeiTVi&o5&g@uIlkBwz?XKLk{T3TABCaUqaU_cg7SYNqv#oC%v(p9z0+bh?k z|HFghH)!2je*#!-OPpQX{pjQCk`fMf_B$S$@vluxO!kK=u&}UPU?C3)R!9=&=5yR8 zQ~vAsZ%jSsivr;+%*<@U3W*I7kt@9yADfz*7HvH?y-y@rflzH>U1N*5eOpmp{)V&o z?%jzPqDgn{uU^f`&27-*KfuHD;p4}H##}_arLebe$Q~=bzpZ5I<_UDAtBAc8Ti4iaV+eG^p>Kg zEmBfaPW8E%-?6c=JJ{JTX=<`EGtc&TO#Xd`olWMV&$8ao?D|uk1x<5nCFpG)9v&!7 z`-lLVKnAm&?yjz^($_t9lK*GW{Xf>H@$ykSf-rdbFr0Ssw zCl0&`-Yz~n-f3oN*pRHkDJUp-A)JB;Z69h##8nqtwxs3f=lA#b18-ndH{8EzJjG;W z=P>w5H{blhy?ZLys)MzWdBz_ZE?lG}LR(9{mOAn+M9e>PMJnx;zUu>|2n;7`%ttmW z4pgU+-g29n|JU4{4>sY&tV`RrZ{NXS??0W}+2%alIPf-L ziET?4p4rr3>U*!uTx?RuheXE2bfdzYbb_Q>^*57`*`iK@bR{zYSCp0S4)c=xR$nRi zCBvX@wbsftI;p7{vGel!oHC2v(v=6hPdVz$PWJYuUfB2N&9r`(-PtZafwr8Ro6G4v z{|(hfMaydNLDO{SYTfnqTQOt$(OM@a1oRj>0St_dpQetI`zlzWs4x+_3ar8vlH36! z$;ruS*-!hf1Q!&{07(C+iwcj9#w{Ki9bLlqVV$?;BfiE>O-)&Rj+fQqG(Y3ZH2C%F z&xOIb-zQ87*H3nv{_?N?coY8@h~uA{R746pAP^enqrGRfU)c{}HAh;~ z!B0|*IKXfg=O#(WXD>JR>*+>C!LsG&ZPFgIW7E^qm}k1LUC*VeDaRaX`PbHnIeIFX zttH_&HKsi}+K$8a+OJ-{|Ocg3%22_eV>4XwYB(Jy;KRgBJO|z1P1V__1TY&V`uyU}xsQkZY?e zWh=9t6Wzs8k&#|&D|6qzeJi>deCrnISyx_<=;6a|s2}-dMz-L+($YO>the4%@*cCX zv5}SalS>eC+Ig&biuA zQ&g-0b~qa$BIB0un*K!)q1UD;YAY)TzP-EI(TzG} zUaJ4v!~sMjKqL2eb^%|4B5m9_+Ln9S-MuIvAfVv@C80)M6<5)adLjAIK9!)(!-o%( z5O&kEy1XOiqK`rTeSLlRsl;}b`IKQTjXZ!%ZwCbdzZv}Vp;wwy&UF^r-UDP04BRGe zLmHNu+69!d5l5Ux7H3A+$$h*Y?lYFTx(TZNKYncRH?X$$!t6#DxXW?$ zMNZCD%yy%jAW7iIo3{xYV{fnpo7Trl$!BjOR4qQl#v1QD`QX8W*4Ea9goLUi1_}y6 zB_&dM^g9pN%3VJZm`4u`M$7rOOkfX+E8anjf}&jhG> z^rQXALMwm;dff(NP%~dr&Rw1zYe%~jb~<@%VOP0t^;cjFlolwC+i+6&5toVAMwLMo z6%|1BQAGmr>{|?undAUN6!y3)7Mft`fc=GaPab=<8^4SZE^+ke=nLGC@2Kf#=`=hp zl&q@T@@;!pAygFczrV|2)%hY5{j-`QkKV8PYrz-2?GjfF(1Sr<`1BZ-CW#3=4F8m%e``0NSP7!i6 z%kMwco&L}Dz0ixkOw7#E-piUQ)CJn06S~TibVSNDdR^)AuNn|(QDAh`|HqFXRa`Xl zOwVGAqDTR)0io1o>7h26tc5@#2tDP7R#HAs<_!5{-9~26-rwNa=noi#2U>Ru2-rXv z+NT_ST3LARz0uG!KF?QzG5gy($DqeqYK-Mja%SOc4}Y_`J+;@1{RLlDk`2MtC~DQJM1TFFo?B%@!_@rLcj3rd?e`ds$x4w%&~5&f*sF$n5r7&c9xisB zwY3=lV?L`3$>HJQFOGv}qh}Ws2ZI*f)E9C)|=&45=C?lr0)aY4U6K-))TrVXw(h7{=}fDRdylBFa3gEM8s~qnkMZ&I|Ni~Epmt6)o{~sT1oHba0h6Pk0fAVDI`}bzX#+usNt!e7%=;gSD*!TrGIVt5w$cXu< zhxH__fSQhdXkcKbPP|uBQ*(N})1~UpwrkXzvo2=$1a932EIon75BwP{f8pCY3W6)d zlZu&>v-gE{CrT(<(oL9)>+3Mxt5>g33roLh1R)N-zS91DL+Vz-w`~8;a%16k=od$w zMy4|kIy*Z9SaL##K~dMdk|YQP4LM)8m86Oug`~!}Z{-BSHb`3g9Q570cWBBaUaGI(3m82lGg0C(hqBH$ zvsLl<`SlHm3>aBZftBdv`T2Rg!r0U_Y~UI}q%nJunVOl+eSJeAOFz+DMv^V}UwCHT znfLtpG;Oq~#d-9$s=FMW@v_&_FJ?=3e*>|E@U~D9xV5{h>n{7@C)Q>513~xh)nhiu ztV}oY>%3ULUB8Y<>7VurXoGfx?`jTNu=9oWC{P-{Z^bOG0lZ4esu_gh9{XX2?c1$v zZOd?Hfla_M&lJ7`2PwrEApx&UojIs`xURDb3eR(LUOEgagIhxbp=V_^f4!N8NQuUB zpc$0l7tpHIQ`I^Gw?o_g^y!n$m#pqQ`EdXXOtab9S%0qU0Rb=^Rsg0ek6gcTgCxJw zU&kI0GynV*LNGKH&0Hf;(Wfj#IsM|Na!Og(HNhf&w8lmsCtd(FsB#^;oSboOZJPS} z`qqj7t3Wda#n6ZYgM*<_LzV`%l)3t~ye0i&)FCTocJ_>a+UT%b6V$VjH9nJFdO;u( z2m22CZMcutpsE_L%A=%9qbdfm2D{6I?Yx|CWo2bx?~h^5$VZRzJmw~L9>2k81rg7? zz_KO37*2ztiprPq`wt&B;`)=1a_`&c0|@Hv?G4fx=QZ0-YT*KxQpRUnb!>9{suj+jcs{jx zf;Y64jdDXDDT zVlf~SpjAahMJyy#Op+~e^ytzL{fVwu-zO$k+s)zvZr+rUdW{x5H__cR(NpYF-_oL9 zc)Y}Y2D>!7y9CQ{la7N@Hbp%>Y&J?Bh#8&s>9c1L$+pe>CMS3UAMUej&eB~PjPp@e zQd&m&JjRs9&H3=*1LTJTq1BN7(PIw?2xO6j{cmuj+DkkNU&cU@jE?5}alz0qp=}bL&@@<{)JQ?^O?8pdh$aOs7vhk#zg@RHx7e zb#SHONhRzZaH1iM+x7mR0YJeJ*H-7sKnS?GE8f1{B_wopWpM_5P7gepi)P!lZ7~46 zu+gxoFg`l6^~>-d+vlJC8{%AKgmR3{e2L;(|J6;j414q_4m7zb?$4uNBLm5SYG~d5 ze9ysyQ%jR&UzDkEFO(oERW5A76_MBs&_u8I()dMvFZD51K#pFYH7{UZ5KdTEPN{jP z2|_(`s=i#wUqt9w#Wq&%5zc78VVw`OM7e{azAwsWpub7b&$dklG zkLjUY*D0f^y=?wmcUTYhLBwGN@j%-=slJgYUrQD&hXBCI#-@#3_eIac8n;AGPp>Gu z+W0w`WPOx4IN7~HQ>b$hr35?*ZH)c&>{8xXd#Spfp4E4oWw=WSf=Q+KkP!AKSdh^$ z(1@5(1x={Jo}SsCdG*o<)^?E*Jjz(cBaTCWY?W-F&giP=`x5!ch!mkka=xQSJL~Gk zhi9=ZjE#*$%+&E+DuLtrn zQk0W>3u6odWKi8{N+RBWc%#s%Q}40oAT@Wlv=o2|0Hooo!N=-;X?J;@1`Tm+y@J+< zF1!Z3X@|6@#Lk_v^pvR9^73O24&PXC3H*A3T#asWDAU>bc_q7mx45c1BKpR@Pj?QQ)T#kbP3I=kEBAx9PbB9c{T|=<_o@y9522;eoKN(nzRIQqtOK_i|?SuezLGfk3@hTA*V-1MfJXRyFh=vt*s4PQbWxRw?awZ zcYkO#DjS_aOj7caNAD)s&u{~E%e+gT{PTfm13bLEK|w)_uum`B+6szc835|g;?>ni zyYra7FV-dt#j7GCd2%+~UI16&HN6f}d?)k_7^gPhF~?9t^v~A1zhB6+|Vj_qnp5K{Iu|m!eL(ru|RHV>4p7vWAEX_>}0c=P5B_En^ek2gTkcH7qp*5MzGAt(vH{^?&(;Ixi;J#oyg zK007%WaJ1$BFvM!+eDrj0V~HlE@t_uXX|;vX!?6!c}+Olpgl74Y2J^B&>XvQ9*#?^ zk9cZI3eS{fWL};_AP0=;2pE;m&Tb!n6vMP3U_#0t9o|u}jEsm+4{oO)y`uJd)VIOG{8<$v0kYYa-SQ_+ zoM4@yKzrWjWo7`J3q7Il1!QsP7hE(L3WWs)D|m~zLnGjj*oXkwxYK}OfFvw}dVH-r zK{eoH(_bfDi*1i5z8j%=J6w=uVqHJe9Jzob02XDEzUd^|wtIOY?JV4HHM9%m5ejXm4(GusGb(#=t z%xWVZgodhPW655lIvXpw(2#hFM4fHANy2h#N`AiR)R;p5(9k?oY$H+!{^@uV#_0kY zG3F~N5Q1<7z^BvTvAa8@v{h0ugsD8+gztYe28X1hqpOnQQ|*Dp9iotQ`}XbBjbzpG zN#~QEJqxqAg^6(WDnu+H5s|Hwh9HYri>3ZYD)3Um0O|+b41oT@0z0~+quIM959A)l z;HQ)wnq$d5$irg}WAl4e@b`v#!j~b`Uho8>1|knhA_^ow2%BqtLg+H+&6XIiCFv#i zO%14J>9L?Op`kOVyXT(F#4)DxKcW^k_nO{&GJG7?hG8w8T%oBtBz-bC)hfv!2|8 zd#F|7?u6U}w82uSlD1_ltzFALJxKtnzBH`gyMO;GwlB(cwfG(c;o8+RzQgbrazO;JXZG&hs~jzn3(3!j1mY&f$N6p6 ze!klb7F~o7L=<5Kse&qOR1j%C*gEJM*sLbx>xg5Uzf(s<7=kBOvf)dncZYp6=2&~u znE<8m8r3G=d+ty=>t$Y1Q4zi$L$6XXZ{3=>wuQGSkDnlf0vX6_-@Hix&~>kJ9BKZD z0V$b|R>HW4GNQP6359DNWQ5l-e)%tb%>ny;bZ6iz%|pUQo$8=%VNJ06exGI`Ty=QJ%L#0;N;BwnIbMq9y1hv@JQdKnS4 zyL^@O^>^;vS;UV40M;m~dy?>dxW&NdvW<-%xI`yNBV-Y!i(80zW6HK(Fr6&z0);}8 zf$C5U3-Nzm-h_FA@mU*lRQ&Ma1+Xy~g^2njtmPN5jd$9WMiUJD=WiWAjcd+A~L#G*I?H zP59bur!DTA6f848ipT&OLMReF#HGj045%1eG&MC9Z7RELwJ0hoDm&XY_3~i~3L>Hw zp2IVhxQU@5o{8##U+Bmq0K4LFk1)m~K`$ZuL&40_)k#og6%IpmEkX(9l$e<4q(jo7 z#>TFE&?JEm;ob6gH1o|H&`>Mjx*rCLTw5NLxpBvYftn~cW@l#yg^~cV29P~^v>1bb zv-Es9l;Qiil&nN~2)LBEbw@~8SlGjdeS?E$^T$Z<>JH|2kvG(Y?d>5_Qsn=eP=eS@ zB~oSZcbDN#V4nbevK=(K4xirX95As2#ZnYpIy7{AKMydbjm&)Xl!jd|?Vbs2;JJps zg8p#fBAMEC`@HhdOcOOz2i|Ps^EQ9 z6tqaSG#J+B${P=%Sv&2%Ag z$l^HQR;QKq4-TfQ@q&@xx<%vdv~xXxPkW(l92X5xBBzvlzF+btxYQV_SWR;mXf;Sc zIa2WL-~X|Hhqt_mSeT%}tl4WWnCndonyQ!}$xrUM%>gyAB8d0;d8XX!M zf+q~irsqDbh_|nl=ltiM9=&1+K7!uK=PYkB9nfg&=m<(SQWg~MM#bnEHFKGY%c2^Dj@FW`?}M}=rVWAy^FxXEU=!5G$=E(75Nrzy4sMx%`$0-;3}3}oAf>fx z!uZ#(Uyp8Ql&Fwo3E>JTjN~&;Z}3w{#Z<+hkaijY(twWf7_27s0J%bVOiT%yE1>nj z;9&BzXLKA#rW5Z;yZ`)3if;LMivTe~f(r`2yO~|Wz|^!AwJ%FApkK=8%^_p{IUZ39 z6JuihFp^FW7^aNXAQL6M(=6XYKHuqF?v`K6reB={yoSuib9lnWc` z0?dEJ;UJj8ases>+bKl5g6I@_p%;MKnZGT!5TxXM!MUl{kchH=|$4T zFd4&9snli@yCQ-913j8u##{2p5qC)M=#17R^>uNSg&`Q}p)U(Y<+>*ne@J=Wetny#v6Jn{W7S>cXg7cRrFcAo6v*s{fN-DhvSmLgAkSdup!{jfEq%Gh_c^JlN8v|9GOZ zkeP6wU)p^KgxD^2W&TH$Ey9%;y}f@tQLS6YOs)bZ0YD=XaPq{74+Fm-Z3M_6XzCO3 zkBNI9W}BLtBTzItU3v?NHx<8pX>4K=`OhmRW9nm4@txf5VFL%RTKZ)u~o+h}HCn4rG2&#Gq=)4Gs} znJ@aBqUN8?;=F!LOk}C?0@0F$P&BLyU)F`}2Ji-WA)$%RzOk`Ot$EtS3ej1f)?PFb1c3MQvh!$x zkpbFftMS&=)tLylM;~_R>h3xn-+7`z`Lw5WwJJ_(7JU{uet$c36=MuBR_cam(2hzM4st3o!7mizKnx3nA*6LUs8 z1xdGm)rI2;$o`v@9NcUmmq8)&7})`U4HDB}A!qH!&75pVe2-ltYEsRZbRLwj4s@L) zY5pl7;y^q2g|4nHD)q{U9B~aLV2R>HP6Fg13^Ny#Yfmc|% zGOGjDg`^Sw26hFhr$gT+1$dn-j=B9Q?oXct4jibdtINczFkO0jq(wxU{s}aYidP6d z8WQx#3qH*p1AGrsj$*rvOc}ywp%ye`8p5~BB8oPYtD?pooSeLHI07dZe8A5DQy)h~ zxs0~fk=jq6n}PgRBmi4E_ZVo4nAXxm^8!hp`jF8pVq^44{z?NhaF{Ks%9l$6h zI9d*jhN$^7RUUE*isN!}u@m=0LkrN&5Y7V}-n?B*Y44*zafeQ{JK0f%>mpir_ z=Frg+u@3OfXQ77Rm9ShzZF`oHXAit}i>Gy`jEszs&`-GbtE;Q9+Hu_CF&B+xK@ntR zM0=)ZW(uA^XG2gLt9wT;>KmySey`fJl^ODHJy7}qjSO=Hf=CEU?+oICEg}0aKnuy| zcwyUXV`}=sw2m!O2@011S~Xr&hWp~PJayB#=Xze=ZwMc6*?EcbJUI4Hm>ZEmv@6C+ zLMf2)TFjr=y$cpVBSfPqtK%5C80|YGu5v+*b!pW5disPRjK+r%5%U@1QZ5sh zpbiBu$s*&q5{XR( zbCaY_aC0L^CboO`cT%h2K;ebN#jRzCXKG|VJ|}aX>(f)SUAwqXWopz6*aMy)#-d?F znXnlx6Bl?Gi$>Rwp9qo?Kd*9gsEm8>UZ}xI$;r^DFLu`99K%`^+syH075Daz4&gwG zhwzM1{R=Gt{V>6qnV9~h#WDa1FqJ#Ham2yQ%xr~&P1KyrMkVHmde=Pc&3A9#BBc?m z7we};Vq;QV<)5B&gwR3#nhcm;YmGHX|l(tfod9cJL+`8;vs=1m|djVm~dB^;T7 zw324=i#3;CFEg7@)cXDMSA(0E{A05kdX z{Z-$m$OI!_+2i^>7^eA=qeo@H-2oDemY|wL)+$>ZIe?(@Wa$#Vr!zqR@bEAc;1|!I zD<~>@AS~5y?}m!px^*kq4uVmar#ooh|1Re`hv>^W9>z*?+LVy$fvD@4YB<=yFC|ri zUD#2D3(16R**A+MH}xhqM<}D92Dka~MeOYC@EH)bG4#-Y2hIWcHu7X=zvbuWcftuZ z%I^IE{#+jh?5*7`S{4-#hf)$LN-x7U5<*hw7SChLe@f;&oRSnGQcg>5t~E!+2abGB zc!w>hq`OYlbj^T+)y&{nl982F%~}c9N%-ExUxr4NvU7C^!}6R=xCp-7u1dg z(foO*)6Jx-kCreT;q?tV_HTz=@(@^i_Wp=aq9F$>p~l_nw+(HX>s$uKwG+8?v?(K` zk2d0nXh5T2s5~O1#zCq1@$b)A)94_3kj?}m@`3y@uKn+C6Y;xp>Hc1{5eF-GkdwhN zb$r5U#?kUSH=GRa^R)UUjBu4JRQ>&#suMln>E8nb6?`WM-{F7xZGtJ#$w2O=?rof4M$&YV_2Hju9vU)V=|=S+qlnyy9&%pf8OHcfA`ybz(viNX zFM6DbWl;)A3MxKde`x6Y6gDL*ucMx6HW!WdliK=s)sDB|EKz6>j!#5xdz7cT=jUy` ze|LQcw*9+T{riaa)3iey&m}f|sOuM|FzPJGQdCy9QFc~Nm1^T}}pSr)vw~4)W%MP{z`LFu8jcIr7*XJOP2K>mw7z8Yd z;R5&4h=XD4)-s5)e`i8{^x>xJYK5gna0=A1n9u6+FCL}owD$MX&jl8jQtE__O z0fmB$jow4D21>m;;VghOlN1lQmA$22!Fo)pCxMLQ6IAj3pTYA6J|TLC8bq|`Rwtkh z%C5t|snG~=Ps4jBHkKQsw+MQD z!PqTq(W5@$^7 zkE7sj$$PtejYA&qTzbp0a^Hg8Xe&SR7`Bt=OPS~=<@KNK-Y!ED+xYp{CMzl-`K79b zr5+E&d`=#00Ulpza>p4q<7L9Z&JLZcqZ@z_AbNPRd~W7gDvqW^!vC@?gzSUgJ?;*) z?E;fbK8;R@3=#?Gyx^sm^vukA|D1>Yn`F_*IIgA^;yj0=P#7m-?%R&-0U}|QrMDEf zYw4})sruCTcI0#A?!{uMmk)S%To4G~UZ51;hnWou!^F-mi5J6@{Cfz^-NWPdnh#*Z zCK?)6N!Oprao+B$%L|a5G7#^D)(Tu9FG!JMY;5}c!D!X|W*b!8k@VAv%^!3X7Mkw1 zJ2<)ZR`y-CCJV%=jYGCQlDl?2fq@NC2Vxv<6LTlRQw&gW>FHH*)B=_j5(fy@k+d7^ znW8mnQ4x{!bBQ+^pzf;)qww#(@xfvjxlrB;3Tph+J=B^RC2?_NScl5h-My-!BIJ}h z;amNbeKJ6kFWPaEMcs&+AZSlrC;ol;{&P6`f5^V^zIQ@jLlPR_31^wrdL@qF%jnv&nKw?as)w&hJ#} zBmQ5dKA(B;qLsqJ!c!{-QS!|u)Wp`5AhH)aBH7KKQ`1wU z5Or%H1?k2Z~9=|Djb=)YNH{1G*aHQd4wRSzKsh0M`b*fSGkXPdOES8>xiS2%G3!T z@!PvLzN%8P$ZG5zUv2S_&&2K|r@eniF-ov%tTe6cUgEXH&?NQ6M8}ox4e9~%{G0y# zJr$6o`S8`XH`dcG7tEL}LfBp@?)T|9=#eEbS=^Sgj+`l&v{;Eas1E6{Q1ema5DOqGH(8GMe7P_w|+M<|i!&rAKekmKIoSO-xG?XUb3;Tv>u0ISCntes~% z^ect)?&zecm4%gsVd@9XjoAUJ(CJ=9A9(4ihu9V1a0rRjJcq^+W^tHYwTDEaju%;X7pW(xzDDL|K!1yY z5fH->=dllCw1jJH?)_~f$e{TVNQ@Z?z!6@Y9W(&G;O6G;9~eNsr2~!Jgmk=QpNfK; zrHBD9x^j`j0~o#)EeiNEly@LFsD`|)S>s4%fU}jEFq2WK@uK5H76RMkX@~2Esh?jA z7lq-P0tuo*#8N4|9kU(DgDqsvpk@%c{!T}5NRrMqO3%Tu@`jodi8^?|t0aK`X-)?& z5t=K;IYfME`0l?_Hl=hSRf!{LXMx0?WBf^`!$X4o%dA5^o3XmC-tAqFNq(eG?i{s}nz%B=V{D3f(s9D_BgrvBg z#l81bM96`^XBcrt>ZSGN%il*wJV<(PAUY+VY8LE)9 zvS< zo4c?Pag3d5G~Q!zm$NEwD40YeT|V+-1qEjn6&+k$Sae8+fZBBJKHHDR&y%zBhj9*k z;p4tI)*c*o!NjPZWVrnr>##H&+|FQGYEP6GBGmV@)03DQG(A^ zVN4aKYlFF?Ex-1a_)7gddi-1`>lY`rwK~bph^%tcv9N?=xh-5ogoT4L&mPFVhJP|M zt#Kf+EdnAO0-&uYarP+f-8>nds8Eb^8n-(Yl71oI1?{_jgp1}apjqY2Tj=#t4nOX^ zAi3hs&PkH^Af1ov#^LTDp(kH9pe(-_R=f+Bwz+q zIUWR2q7xUZz)>A8Vc$bJzWxX2uxed ze2Q#O8Teg)zw!9JNzl?Lv=lVv%5M0h_y_*pA^d}brpQ#`9wLJUSl{~lx_LYj3{^Ni z#|Ki18bxcuO!$l#%Q3p@(yy-d1CY==f}3zljkRYyLJ8bxt66f4;%aEyo{f17isilRYzRM}&jn;u1`Nd0V4Q&Q43g2ql zsEmE6GzGM*Zn$P>RsgM7tmfpSo{PiDxEzu>e@Q^U*f|p_2)w+C@HE$-@6^D{J+Q}c zjd9+KXFBJn-&Ld0Vp52}@;!10S~w}#l)Z`+2m%Qp7~%6Y z&H-}Y`ud)Dsn30DI2M2xnBbyF0$69tiU%`*(#?PXr^%ibnY9I#02Z3%I;84JTluWu zxJ)dRS5yk=%azv0$Fw1FNA%Qpb&9@Odl9<5Ni9LS0=$Y5pd zKX70aQK2G1+)`_FL&Vv#A^)^7?ATEXRRSfuZ_l2{6uo1lQ;}HJy4u)<@bm_AJb>g7 zIs)k#IfXEvR{GbFpU=K;L`F)?!R8Z~O2YF|q`OHnZ1;tA541B&F%}@nVS92)d$!@B z8^{x@4-@G0@{nxcPeK_+O5=3q`WJl_JK8*u|obW;T=62DI>bVs)stxPj;*d*V~GVpJaS`_rAA`Pq)XX zSA*WeoZb#QVn>6f-B<8cMnbZB+($Dp#td0s;4A0v|LC+;)6Oop(&)_T)0&V0k)+hp zifq3kuYN_0l+YpN$22sUb#EC)oaW}`=dZNus;N=j`{=B$EAdtK_smSvdli^Qq)863 z#KA!%CJS)~QMOGd&*3JTNzXT5P&u?bdiOvnAxU#dU=Av}@-QzqH>GY)`<2_3eMRf< zJmCpda6(eqzZ0QKoH$WeXL{`SZOZkMfD70K_>%`7KEn|^GdBlExpCML%N&#Z({J?Q zM`I{ILyzBmJ8gS;f|nui1mcgD1&eTdVUR_AF(504@&HQyJtT|0)m>NIucf6W;KmJ1 z&-W`sZ>8JUaaoB4R?4xDa@i*gsVhsZk2S{dSW;Q=@VCj}8iKJ0cHGHIaI0Ba6a$eRA z{#NHz*U%sxxgq5b9&(@DwdLeFTsjtQc5ZI1o`O2-?)&dh>}}egCm}v5AaJ+RXcH|h zpWbWNkr#KN?UMRJf~x1zcp>Wzyl(HFJqf%Cs*o^`aDJl*e}rHLBEYXM2{3MeYGotD z$`ge6X2yjhE)8oRJmHHVsgEWlvJqi}>cQX0U{X<0MRZ<<0Q~m*6l@pFAoxBdB_(?p z0^{O(Jt^tR*PI+3=_zr{ZVNqqj#1?XD2uf3-~)a#$_3b0jl#h_xJ8QG3?+Ip5)!9n zYE1JcUy{-KQdgLZ;=1i{sI6uIT<>#naf3__wg@}j&GsH+;hE{_)7%V>R(b6hIpV2m zL8ffArVbY`UQ|-Lb9=84K@b~bZj;U{5}HF?fBtpcxi$^Ls8p8fR zc`~4>mz0H}pr(^3>DAC#j1I-OXKqF38)~k!#;a)szFn<+|?+ z+O%oPRZ=VpTLC5*4r=(`Ra(a6^Kf^UKXq#Nu3bC4=M9_J-~A36RC{~`3Br7Bem0}$ zntVUDpOTkfTwDb2etBu4x$P=DCmt+u_pa%zn641fB_1J1X~2vLuCA?}rp7xw=EOpE zO;#YBdfhr`%X{|jMR*opCO!>z^v|DH6B|y8ufnhe#2MS=+JjR&K7RW2Y*1v9 zm6mWITTkn&H8eJcRa7~1Ci2X8H0~FLg>!RrE-o&l+&XWl^jw!iEeB_lg|)RhQUjqI z-cMnR19!(t*csi}A|@`5Qe)FCe)XyZ$J$}jYiG_Pk=uV&LOYYBrojWo(>}bsyudfr z)zuLNd@IBUjqlmBABgD5)dLzKv-hLFUt-#4dETx-+Y42kl_l_y8yg4*wTC*8r=6ai z?UV3EZUEvqLS#6%Fzg@sO`o#d5fvk}(fq2&qXB_yZ(y~ilJQ-t3nz zUGa*^*T3nCf`fwG@oX%BT9M-JQp0yt@S8?PEY;L?bQI4qa!`nf1;}mLy7iiUqsL^) zsd~!CO3xY_8&Qk#Dg#ps%NX@7t*y!|Sa3=!1EQ8Zs;){%Df>%PZ`WgGef_u=OOvc% zY|;c(oa%S0FZ?QTSC|sdTKXl>$pgfMo$D&8hX>2yuydSi-+DEh!cG(6Z4SXB@VvrL zbJwcmA(plZlOGEW?2j1MA{fZ$`~-!h>e|}qBg(sI{I^BjySG^?s-v^hN;op;_HBgx z&Ykh`DU(mk?Hor3xp0ll;O?KrluMvb@`JWrTqw#)%X$N2^58}-zE($%uKhtzvd`|_ zS{;&)q2IN~@1RSF#Lt--r(2emr+Hcuv`#=m5f$wp9$vsPmSseA=t{IQHEvf59};u) zYi)#W2Ajo{fwT;yeMhr?eIO1uAm5CG->!3E2o##D%H3<>3ED*?$IW2K`s3R-zu8?7 z{Svi*usm8vF6-kXlUMldo8e6_-?@E!e6>6I(POVlu!|0}aB_0)*pa1?4hx2o96^aE z?{Fw=0wdMombI}lWpFy^&OuroKt03;x{j~=8f&nL*0+7(>$T0=+S(xsdmL&-oi0Ie zjE;zK?f{qob&p*b|+^23JrjB=|pX!UN^bo;~a2(3!u8WSk&-rt^Rsq(0>ank@qMzmXyfFLvJiGoAR@>C()tLJiMS%jfn|kZ5%|^ zSa_Q(J;H;KlH{7K$o;qw@&+MDNO;rKl$V;ipPzpmgndXhK<=D|#@ik53=!z-Yt)28>&D=%QDz@GS!?`*4e2ouVsOvr(3Dq9QKFw^&+PTGIIE zXlHs#%k1C3e*B9BSOQ`;0uN5B=Hc8pGM=5C2k2>lq$-RKc3*3;%uGr7Y%YpEg0Tw} zRXkY=?=z*nuumZW9A5LHMp)-wHvG;5&W)@4wbI62#itjuS7a VZqJAB#@`TUPAZ?sk~8rCe*osmgx literal 0 HcmV?d00001 diff --git a/docs/versioned_docs/version-2.19/_media/benchmark_vault/5replicas/p99_latency.png b/docs/versioned_docs/version-2.19/_media/benchmark_vault/5replicas/p99_latency.png new file mode 100644 index 0000000000000000000000000000000000000000..0190118b22f8ea7dbfc862067b06a47bd6ce0d42 GIT binary patch literal 24062 zcmce;c|4Z=zCU^!LzFUQC{sxpL#AXXLxhl!h$JL46(Ukni9(sDB17h>l7tWvLXwJ% z88gor&imH0_TIm}_CDwQab9P=)>_X~Zr6Pc-|y%1o<7%I9c?u_8a5gNfk3BzOj(aW zAXOy(kBXE)AdD<(pCb@VtJRg2^xb2}I4NFk>FdF+*JHd%UUuh~+-zSEneVW+ za&Vb_HdWu-$Uum2?RxTDp3LDvCz@cNs#we4d&>`F;h5s z^5mH_-*F!!TKAb>4I^zCbuV39UH6`d|Iy#) z>F(bD>sR=rM~qBNK^!tJEy?O4W^W(0Ow69LYKo7GjI8x3zViE9S{i?`0r{t~9n->u z#C_Wt7*6WxUH|i2YR|LvwQcjO3qM6nU(e>0txYd1F78Ow>*3P{5hx3O5UaR?0zmK zdfWmIDF+h+gD*JS`VSvWOikBk64oF7p{Aqro*QZV{rzQFSXjfyk5~pj%X|{zkH#y(1&bzZ%$?1LuZY z_c8~zy}o>@;^l|>`o7-Y#<)WZ{dHmAzJ0rt@GK=IltD~PYk)r2j zhnjmoD<(C&UA`>Cv1Q3+eQkB;p(|eVV;wVtO{OL$SH`|71rtwWy1$M^*ktH)dTY_8 z_S*W(d-m+XlH`zf>c#@VQY&=oIpX5t?*1w+uJhUPh~B=wn)|GMeSMYdXFu1}Sl5RO z-K3=RT%7E|9q9b=qxSgK0|yS&Jm4I3Dc-hiTYI+YwW(eTCHf~%o)DK_;TWs96)n4@ zpuD`ighZkJ_ZJHjKOI}vNeMK*n-rD$S+3UA)vbigjkYt8hs4F1>gp;bHD{ZZHTsOU zJUdRVbj#m=%KZ(_jE#+rX8c2SwTh|f;eGq=dM$NVkcly|?Q;9@Xy4J>v^{0_@7_Hp zy5s6Z*T9tf-Me@9@82)w@Pq58=lobyXsDi@o#2BS-m(v_SFQ;2^LIOr4h~v7Iwm9} zh`jP)4!m&gT%JRx>@@!QBtE{YIZ3T9f?UaKq4Vm%z(9XJ9lK;&db+bT$F2tvF)_#K zs|u`}7E6|~h!0&JQC@pvp4R#Cr{3_rk?1pFI!tauBH}HXQ?s$bC;rS zH!UrH`tbB=1pPt~x?eQ7!ERl+`rb}(MDSY(kQQV=cYioZdaJW*>x#`*2vGyEJC3@?o z_@bhsof0usc>~X?clJZ&e;^pP7SXFSJQhw(jr{J8r4 zdyPT{0>zC>=8EbPY`?!1UBWfcP*HtqYx~`v^D}hM@m~!wsp;wJ^i`;0em8GMh?r?7 zHG9sD6gl^)Zr!@|89Jj}1?4YrgrJ0o~4NXnW z>`l^$9j^z-w3{(S%5y{Vpu_8Oj(K6GeC4Mme8wdi8&?RD`e zON;CTMmc3Gs}%D%a-}yu>t}Q22+vX0PqFUUG1gfUvF?H*Zd!6>kB@<&;rgoh^g!PE znve2-TC!0ps^x4R>^hu%w)C5miI!FtN{?DF$2N}7ZEXYVnNObRIx+}He0SQ5sx)V? zl#!9KS)0C~Q3TH(HT*|!bs)tif8|5IJV$+%j+a{%G$kmkKfACw^+dw_)D(BbOtX!I zWQ@=pDaX#8M~@!0x3kmN*H_lYt^Ly4dTnlmX=yI0TN~>ae{E-PzeiTK*h(+WFbKgj5wMCvmwh1c})4^-=b}m&F6;BEa zXFE%-wq#Y*)C4qGq2fMD;E9TgdiLyDkhX!I-t^pDXWn_WBS%POLL(y7=&QCWtaSJG zie37WnV&D_@}{s*LR|c0e{-F(*UDmEZPaFF!B;-(Z@Z(OeqKLGsHH{wy7wl3u5zma z%CMEC<&V;95pM{p!s$b;sSjdeV*LH92kIjxx=QQIKC~5GGK^?KS;X2F$+DoOr4>H= zW(OOat(DcUkr7*KYgCSs%*;%YhOIO-BOL{U3qO4(#>U3FyA|VI_U+pjC-43G>C<=b z-aWmxFpe@Sb?~6~>`;g_#mD%=*Q)O^p@zlcUOc>r3s!I&(lIwr#6AcN4D|O`$vImZ zJEq@pYFh>ulxReE4$>!ni@4C$}ua5y`iG2 zy0+N&;M)8c9%awgUD8hG4bcZtH&Hf50Yc7}T{m^iKq~`?`Y^seIU%jMjK=*`CGg16 zqcKV5A<`U;(*yM^f=2YLtgMWT5|>9lfB2wLtWV0Nck$wIvU=G2;GNgdx*tA#h})_X z$Xr*#?`y?1r)FtoZGA{unt0rI?|9_p;}sk(UAnfu<~==#{iD@BHrHK1A5fH$56!ga8fqB1jZR`N~q7_@wMV! z&7nudvN(T!^sv5PwZ#Q1E8^AmAHRBa0ZX<0dv0Q4`G*hBo4wcOzdMePqmExyz#c8_ z9PcVUbL_yEFJEvg>_>8@6-MBFzAW>jvji59}Gyuw1p!5hk64K8$<=P0ntJv}`?eE86RoPi2mITfm#j%F1%y%Z1nHXjK6#Z|UbdbiU5n znmax1vR2tWGc)tO=#pC3p6~{%&GOtVib|+YJ5Wr&=J5&$WaQ_&025eQS)oxczVfqp zo|$O^$P0Le=W*}e2SC03{Zj>gma~e$O&S%4&SK59x3!_GR{U{w?0j96mR9@qtMuW+ z-gTjS-oAZ{o12rCMny&S%BhD`VTHVTcowHaE#pvG(=B-;IC#s_E57Nv8~q7|z#m;* zUHwf2nrG;KyLRouwr*`{vHkwyH}>IRL(J8gUs_%!N+fw5WBX2~WS%X3eKcSTP?&~> z#@gB%u#4lO^qt$5h4;I@el>DZQoDFDJv-Z>H1+rnR#q8V*^$xFt0SK;0#RXSoXa!X z%pwewCA5FPC$QA_myQDa_oJWd>FRRF3bzt5~wk?HVb*>fDUWn9lw3l9&ksHmXJIdD)z)!LkokI&ZD z7EgkQ^9Kt9!%_M4q2rIxdF9XN8J#|Tx_>UUrKJTW@>GVw?~a00Fopc|SP5W4)IwTL z`5%pq!e|)H&CXcR`GN#RFC2;uwFNf?{eAQ1%^i00nWqbO$+>f_jM5N_-2t14%}Y)8 z%Gj&xtDep;9_#vIzb-8fHEB& zUBy8*0DNn)DBLkXoZnrge{dyKe#bO4jEihf85^^8@TcVD{7lheM_H%5**xhy;U;Se zGOC;HrHU2cW}pHKL(S*0<~D8Ns9n}nr+(QVU1BXmomddi|y>ioBUwS*4|=Y7cgGmihPyNBjZo z5e7B-{oOFu{=zI1k6C5)ElbZ38;NfbEt?5d`lhDdAZtTILpY4BjZLOeUN4r^@bK_- z_U1%qob;fRv|-NKww9Lt!ot5qhUlq(?k5yVY}vBKb+8dtN>D^ZgrA=)Z0yfOS;SRS zLJ+@*NP?7OJX#TM=Iz_JL8kx_>%P0++dV2SO0aRjj@qjod+gY;AwY5mhj9SU&!0c% z-XUXbz00r{4;?h%OXlgYn3ywX&%Sl)d8ZX4xl_(vr~d_&D0TnfpbsdHmKK1XaaR$+ zOV`viE-!Bi)qN)i2VlVb@9zt1tJi>tCSDWRoUwPG91WPC_?b{`v5mZEY>b10V{BqV zq!9m`l$Mpf9S{)l_%Zs&aXjI!%Ony!e0;x9S+PgKKci7{(8^G1Kqed< z9Ys(gM>6o_7JT=E^Z{`=zfkeLdjZAJ!NCCpLjBk=Cnu*nK|yf}K5x5Q>j{jTei!H_ zsmfeeO=^x;@DYBc$*Sm#syqf>SNo8=KW@D?b)BlLm4cI0Qv%Noeed9&wHb{+n5XcO0=Wr>uUg{WkNb!y_ZV`ujh# zgDh1rQRrx*61{bwdYYa-OeDEzX^Dx6xQFXYg9#hU3FP9;3p><2lpTEb>`RBZNcLU< zL3dpFZV2di&wkN@pi0u8Cmxku9cc;WqfzQc!0u}XoWA6?ZY1och1V_l=5 z;d($5Sr1s;!V(P*4kq5WA3$k`+=g;dKk%i%V4fZxafh$HXtq}Ta+AQovXpsgTGtY- z_0=;G{!DrAWvm%WN=nEVHkU4KqNIGgsJXFf1O-37duIWjEXW+Fo%&$Mfg>s^7l2uN zz0UbwGPl5;@BtBE+rB;Dt|K2ffQ5wx!0U9E3WpXBg%{m^pA|%*Z2xQYQhu7RnEH3X~@31E8HfzkdrY z@(Xi2QSxEI6zAnRm)7hne)Wn-e6FjIcx`)7Q~&Yf{X2Jb^z`6 z{W(P|=GLuSSScAZ= zxjd>GY-wq^d(WPZj*dF44b{Snt-k<@Kx9Y2BS8s3mOg&`SarIUg6oyzq1r0BPHD>?`30c9T5_OXZY36kJN*O;*&HlZxWWrj9GriSXGs>gxF1s zmey8)2{CbTaS4gfU%p5lJeZZ9zHNrxG4{sYfp#+=u<)lbG3-lw?JX>N-+0X66nKd@ z{+zvi9Hb_6RgjiakC|Ve(@)}2RY&vcXo6P)V9-)i_xSh^jgAWZIw*>xz3*|t76170 zW04mn6kqsfb~wz0xUC`&oY&OS0{SvDGOF#H+QKQn0_1(*{QFvBM}Fh|=L%5I*|TS* z9J{bG2e1plU_rgBJD5rMjL``z%gzGo04@&bZ}Sxeutj|Wp3Zpv+Vj+@$2mC@=x}p$ za|6WYH{`Yq=?1?V*=Ooo2U>dCJ7BoaO)h@JA$YNLvfdxWAHGKzt{9XD62KGD_IAz@! z3+eVkjHEq22effYUmp;#%EyMzSFpOe8k_JK9<`z2%jD!+V^w7?12o}{eikFpRl@3M zw`}<}<&NbQ2yyAb1D3(Qdnz0j!yu|(vd*A7Vwn)-A7f+B?s5|1<9*eZVJN=iKCfCZ zxSO=Jw6dC7Q{;g@h^f4)_a9!pNSG@{`1;s25R9kz@-rjy%y%+ETiqEI&K$dOhiN2sr zsai3=y1PFWyIQ+2@dQ*xVckfR-1hNNIWHDPt`r#=IjIIQ19%7>M4%ljsK%<`^5x4E zYG}x4=mUn^%2|NSDf`wBJ$~9;RrUMuvaDy%F5&hS8iA=4@8)O zXM+qIWEwSt_mYrN+Su4=MoXv@EAzXC1|bCnALs&rRCbbo-uZ8a3PVjrMQ?qEJkkii z)6>_-z`~+NuYBdoi-d%q==aXo9Cb8NY*FlXJ05q0!WR+Io}{)FOVFbo&jdB*jIlA4 z2lvX`bSf$;*z!y>W`=@EEQTmL=zI_i@Gz|#q6fyt1Rr;j9_tJjI)h^H83ht&Xl!Kk z>h)`3qg*agQTnX}QkC~*j~^|@m@_?ng{CcO|E;R5RLb|A=TvVs^e-yEp&!NKOU`ri z^KU)pY#~X!IZpPF&&!|c)AWHIv|9prC-xJPX-OzQwMfgz9QIi=aq34eMTLzpQz0~v z5`Q3Q`dUI-dJ*WtMEE5XeQ9YUQ`4P+R!;^h4vPAQt3q%5QS6F!S>iUV2WW-sEx$oF zV9Mw_3;V*D>)^p6fCY<&Z92yQQLkTr3-M?1Z?5rG$8i1o(5E~OS zGvBY<(qs?{iuVZ#ndVyp7u|tU;^2_&@9z)26tpQRDXG@pnG%wMiz{jY#b#!7)G(1@ zH>lS!SI53`6Q4MN@Gu4o-&0Cb?BGG%ekMG$9RxycP-&^Rrsnu$V_E}$>>Z^f9jYQp{zorv1qcj4EeQz;xT(uNGD6~>=9ZRa zkdncVQAw$(5GbP_Jt{|YAEBk1P9B09Zg2P4Kyrl0!=L@KMg> znpfbA`TN8O1mj(Qy&6kv>%snhx8L7R`3ZT5!P0p0>{+#?SX~4z8N@92;SwNLJt`)9 z@S#J8e!g-(y3!ZSsc?4Mf*n0SE+L_*ZweB261twBlA^lEzyntK zHhXg2LM#f^5x|aI36kiZ-Mi_@dqze)2OD>?v&ZE8R8SPJ`|u(3Dm9@O6{Gd@=SMaS ztQ3)1S@yUJ3kwT0Why`EtK%l%f)RY2(oTths&oZCAS+;Omt93}m|Fhw!lEK9u;!PJW>Qiw z@87>4yz>wnJG+!@ScBCB+I`RYM+t!M=n~kgG+lgws!2e+G%~_*+Uv``psG=tR=}SS z56Wuq+@YF|x`9o=l7B{ZVq$`moxQ}S`6;w8EOGCPA$4&0J~lM?EcR@wsDLg2Fb5~) z`}gnl&%4%}fKt4@ylSodK}PDr_Cn%Ks3;G5MIiL6rmT~X`l!-ZK~Lt>jQlhd3kZ~L zly}6bAJvE0t-P1rAgo!Qy6CN~t?h$81_cw6q{P94V9&gb-mjtFE!7ro)l^Y|{bUQ6 zy|lChg@arPh$j>L77hXSGPx2qerj^EC9I#7EELk^g$Yg$j?A2#6WQ@ti}WTn+~N=> z@#)H$eZJd)?{K^3N7@9~f_@DQ_=j(`39(#Y>IDEq?RxuXyyVTBH-8o;!tR0=UquD$ z?X_@egh_--%kADX0=x?R484PM#s@ubZ$UIk+MPPfV0I~OH8pFrT*$`7z#ceWKe7BY zyUWGDxn!dXtU%X((~B|(H(J0Bu3mt!+?Ro}?T1?XninyZX zB%;{uTQqp8g6Hfpr+%Oiw4Kn6 zsu`zA5Nd#Oh@1Z~B4V(+`(aE>$)$E-_@gF-o8g;?RTV1_EOs1x92X2f1<$_G5G;bvQZOgsi=lJOJ2Sa zASEoOaFyAN| zF;QK?Qq$x+iMCAeDxo)jddk3nNEeO11{e*kHu+b$$iI;4u`m>cXR}CDs)v=R<^gl?8=ISw;mQ6iVFuO<>BQeiqEO77f$ZNT?)S6Sgv>SBzzUf zpS2NS7ss`=0nh2I*>>!pC(m;o)c!HLlR&ujP}f&RTAJ8ry51BgCUOZ0*`u)G(STDz zX)gCA0jfb=WoAYyVDH|&B4=I*;xjN3^3&-EgtTL-B#<<=Gc$)rN6T7NQJI;U;Zymi zis9p?rQK<;Vj!PFLxaDm9WNK9nuH4fpo}M^e`x4VeKUbju6Akm+8gG|`ugLGVk+wB zpfVXq zh=_=c^z>7PhVATwP0+Q<@UXkPh+oac3rP8=MLMwhLqkK+ix&u{XJ!gE^DWYB`D+gy{c;Kd7r+FMZl5UUuv-Ef)(AG<$BI)-w9CkZ@qP*QT2tecIxx_T+KCZ8*I z<*#4A3=9mw$-s;H7f~={AUZ-lT4Rh6pu<(G_^Tz8-)&5d_r!$fi2fzRl1?HW;? z7t3HJ5E#S9n4LdDa%z66lByl|;p0b8e;G*frPQeNrmx+&ebDy$a2Ao8R?g0O#O)Uh zeXU!@>hk3|oRU9>{z&R2P%dg}>Xy#E|B3SU3kp7RW9Xpx3X0O&+6wiS%I_6a2AIZN ziw^4Q)M0g>TUvO`AR>Xq^$!f-6tBVM179Ypw3?c7PTh*&-iv3DMA)b%N~Le!B>y>M zV{02)MoQSz-AAJzf;$ot!rjc5zd0A;(&2SMF)_jR6=qzc^Fcewq*f9*=2Jty$`K2EijS4__!ONGR%h3>eq48oF z>F7KxD^mzk1-EojhBFgtB0t zwy^__GMT6jO`k56p*s^#tRK=$xT*hav0bUC1=FdoyiqF%NBA8$vGIJ}h=Do9HO6HR z;@_G*{nSK+PY-zndkKlTsMMYdo4!H_B0ApL&z_yq)opf)<+#}SdJfd9U-zJ|8&^4j z|KpDzZ<^J5L;A4(=HfTaKU*T`!@0J}1070y`V@tScj5>^`6#||B?EFbI$hT(!W|0Y znM`I8gM0tl`qcQVNfE@wub1y^<6Z2-!UJxhtEsD-pP$D*3NiZ)_(E?&mhqs%JdIlC z)F~#8GLIRnq`uvhWIpr+f`kgga{1&|2XDy)?~5ydIFN!Et>p=XJ6r$xE~Wb0#0&eh ziBgE2R8tJxG6HmppxDh8Sp|o2z?9VY6@JLra!VeXojRX_f?3xd!kx|D=8D{a5nvD7 z?fnR0A3=WcSptEcSQmAu+;?qM!R2y7x7iTc&2Ty(Ug9+xOOi)g;&_Bau1}lzSc%t~ z`1i^iwh#|FL`Ft)@d#&Ru6QmOHk{$Z9@D#JWFR9O!L_QbO~YSdzweZ^i%dST>k=zE z`x;EZ4<(3hF1}+mf`Wnt1w{&Ce0FB09CC-{<>ffJmkyoF$W&qP6~1`URbajKK~0zk z*4!sj^+6AF5M{JYPC0icB;+zOE>%*a_@H!sgTRS81}kWti3010UTc)>((ZB?VG8Rj zt&qe;?32>dS?TFTJ*N9%8AzmS6CP5`-cYLla?H2m`j;U)zA*F|&D2(EKOM*G!HP1;7TyBgKa0ffAB=gz6ELZ;w- z@a?8$Wqp;2Utxjfeer5|E&*_L_n#|p>~c(sw=*$Sb2>(+MG4i53*;Z{gKAoO_jXeB7=ct=5iLMr$n9x3dLu%RJ6EHeUuf_scD zGA8Cb*cUEU{K5xDP;C&$&_0|g)PU_f-&a=h8kR%rLFwU-Jlp@$RX1Uvzu)N08OI;5 zLb&e02BUJ2M$5_MAR*XzB(KQjqDg^N2ue#wR$EN5IN-^qfNY|TX=R7j^r8RSqg~Ct zhY<=WP3@Q1I*hgq_h63C^1=nvQqO~2T#0o700q^%$`z;l4`er9>0sDEmxs_i3A-CZ}i-*{^SVg)A z08rz#Ixk5$=sYA7Iddw%w9L#m@DTx#k^_F^UpNl+?jbc%^qw0zRa(7_{7t}?oxNrO zy#MNE+0i=jPIi*)fzrN50P&vJ;tOkQAKHYezCDuMIt&62+_`m^oQ+!yq<2uJLozbR z#b_8?fE^(Ygl6%OnwTT@T7nRh(!IF0`Uj1m^@aTz^#}Z>*qsC&`k>ew9bdn`xwhZ{ z#~LvXeO+BRZMiRBI%2KCDtu>+UJl%%q@;wE7c%P(`wl`z@V$E)NfQXUdLj=CZU5?( zE6f}@85sc85tCs;9g3Vgbf}igeUBu6*<=N>1^m+xBW3p1E6OWY!_BP_Oz+8)9t3p| z-~wGx?9$QTL7Lz-=ssEy#ikBB$(t2i5sCMA9hQX@+(Q$BVut3rx%hC>$A5~9BDdZ+ z84^%YOC5$R^9n>30$KXT4HBQ-e0=ZQ+71c}Ynz$3cyz-V5VU$`Tf1Y9-27R#!)ZhK7ej=<3Op1dVbNo3l{tu$_Odw4rtUK=s!&;uR<8 zu*GlG2?8Pt8JU@n&K)3dX`!+f+Pxzk13bVJLP({jr$=triQA|43I9_u+RIgg*s6P+ zVAu7Gk2`>1jgB5deS$Pxn=9vk6GejlpC+UEl{GRY<=3NqCviBUHH35o_$C}%utDOj z=@Nhac4z<01p+_Gf35gDUwF2-y3RnsTf#F!Y72=QScNc)U|p{ncC|&^L%9*2*p80; z(45J_&dv^NHz1$})?0+onR)m~NMJz7g7#k$B|uK_4bP!&B4cRYWPo%KQpM;~RaI5) z?(Qpd?PhRW_D;+nxY&}6hp_zT4-``$(+*;*4V#`R2OK(xjSgO_pioAX$G&}|d3!vm znHeE5KoM&-fJP04^O zQD)UkXJKo`NL<_=Sk05L7kRJGD=Pbm_l;PTNx&mZiPZ8YA0OYjbLX_&A6=-&7bHGJ zemOZgxfcB>56N)&y&8pga|r?>A}@1uZKNHntZ;#X9v(s@#Fb7gs5}Gmxd>YTSA8kD z%NSOtsi6VG`sB&LWXXSh8N!LtadC%%^5Js0z_P5yf~cxW?z)GNoo`Mv&ioun3KHzd ziX-qG866D@iuKj;?He(>k1}Ltx*triEcwSKReEJ?8px~TKg&*>rMcqdH1z$Y$W89n z8go*`R%{bv$!6W;loUzJTKXtPG6J#h+jJ;zGP1K9+W_n--QB(!Ge|Ljm zxw~9fZ3r(sdrlO6xI`5%VK*+?Q|=&M=A<04Ey-a~`=XA{!4^YA8pTHhlIX~^vERyy z*QQOIfQY!5iR%(U&g;W3{LOgmn0g^WQ_}9}?&-NP+e?I7zJBz~=GbrP?bRSZpEz(u zzj}JMadJMmmJXKZ8s@?YZ=w@t2&#l6&ljX`a7JrqAiks2n(6K*NE{;eXFkDl1papJ z+BH5j6uB7HeFij4&6k8<`kx+%a&rVk%^}WCGOwW=08XkthDF$5!0c**aI2f5| zP{>yUle3LR6Bs#{%M&j!Fq=cf!HO1SuJ7zTEH3Vf3dg{wIXOA`6~&TPKwt206X01c zM`{SoRu_ySHa0UQ~WPnPCPt3c)U-t zv$g4!;bnKTB*Bz@+!wc_8EfnlM>G((U^ym+q%ErMIQPAuoA~L2c@eZ}sGeBH-(l6l zF^Sgs3EKc3)_70P69|1aHjB>)MA00T7-JyFLQ(le%3ihw+b+97#MFq1Ye~P>N6ISf z6xtW#X=CI40s_a0b*}{L9D5PM6mAC?78LrVr%#c$kw8WWsQkF`5A+WhKx-H}skjhC z2Lo~ix-o>nl@P@1f%c1_&A0GM1`t(K1X`!FK{9Sp8o|Z~hg&MRdskgsI~Y15kPzhE zT?*I7dV08w}sS5Lq3aPY@L|Pz)*TBc23a0#y3Jdr-QSp9U-GZBghYZl zueAuX>mEo%!l0?UiqR*C3;X+DL6F|wwr_h(!~27x4@Gu8VBzF!ve&v(@J=UIW=~=M zgS(u>ll$-wxMV={dG_paXy{X<9* zf6(rzD2`ZV;jY#lfOHoS_k z|5YT(S_OD{D_dGzD*Pz?+Q(mC9z`ij2Ptup=8%okCf-=0;g>z}@G!A&AFKNMHL`M> zx7rSLLrj@??iDgaJhvHEZ3?*&cBiz|_N+mKPSFqni1VVNP9Hl~3uV7nWd@ZCs{<4t z4%-TmnSK7OZ)msxwgbkw))T;qg$_*#gJ$rLTW>`_+YlbMKV91NF>?P%_ANU}*k~sG zN!sx$s+7Ve<(6VGJIuAt+u3ojv$OBobyi0w7Xwz)4#|y;jj+M&-Bo^fSKRE^2vWL9 z34sokHn@Hum_tTy{Az_7u>>nWdSnBp|NDEOyV0J&>izt+FLUXglScAe#MYYfH;Ycw z{sqE7fglfd(kGpaUp86laX|^VUA46k8%&2Btf3T1uti?|s$vdQ@K2d+)S?i2kQSou zNI_aOC50!xkMPeA5X|m*`EoHFk^wPStOru`{eklMQD)c@kbp1K*^0iS2ZK&NT zw@PcH41%o!#^YIJgd!G!o?e5R{l~`wYx>d|WCMq!lpFi`FMJvf=SlrN;6CFnx9=35 zLQwfZ+?{_ZYX8fiMx6tzH~c&ZA&VklgRp+SIT=Hn0>DLIM5b-@ASt46vT!qyzZXk~ zvdsufYz)(akX>wlzCFCuQdgIL&KHSXCxl)=LqX!vrTrY4SXi!kdLkZ5dm5xO`iTe+d&MWsq*^{dJ(!bn|efI9cCmRXoz&!&=Wc12#qyU$7 z)h3O2#^>K<^xcg;N>3h_2u-)QkETHxZKkI0?usvfn8s`CsQ4THw{EQB*l|oRm6vpt^=B z8VHj*pmHBS{gm_{V!AO-xH_9i^HxVJc{f+ zF&B(@2#Dd_WY5tp0pj3;P`tv<89YEr84SUnLxP9r2+k`@Rb^j;a(|(mwlnSx=9kdsFqH*!-w^)rYHkH7suKq72*)(vrqbKJec`GU;HEo<9& zO9<>309>j>+eL)o=FOWFWcTX_kcD;l@hT5}om|NdMP5y9uZYM5A~HZKmt9>!p!@r@ zzklrOIzC!keu3w_*Lu_ z&*j;DQLdnd4WYWc;t};i81*TW!^c2+YFpF6&K{oF6(x4z1Da+X^#e`?gHxx9^7HRK zcwoIo)NtUp-mJ6aDaB&M^aDU}b8|D=TvZkEZsDO1HpcN%@$BFK0pM6zxDkU5Ku}n) z&R4F0O5M4CU(RjlVd!=TMxd0SFkN3DP3T)V!50`D1Fdds4CcTx`Gccvm={o)fPPSi ziQ_M*{#Yp^zmwq>15bn#HF4OvSLrk{G(hxQwlo|7`g|GM1#uiYXH0=AK1A!K zhRysxOjrF?nE%}q`?o^bQ}>YYh|zmQMS#J+$F=a%na4jf7>hGL5AN&d4I-pbkWebB zhiu|`w1elZ(#1=ik}^W4`?HOhG)b2z7$J=(CKqpIVLcQ{lW;PkT(~LMTBb z3t6-j?YQSzSwerJ!H%12muc@eSRn)D-S<9-V@qn+85r#g2pforA>z{jNfa0z3W0_O z!nDV2ZJ!quxEdKnLJ)@ufBzD+PYTRq5KS@oYJUJd>3+&yUvYPGngr;h^857V3vtp0 zwb$b)XnlxA(f57r$R&UTE7kf|-fuQa!j>gdb72R<>bU9dwg>6U?I!y`}Y|ef-V) z+my94dh(Gg#oSHuH8+AE7v|o;g4Q`+nVv44S{In=D9l@WG>y3*>I4JBlWOPrd(dB! z^YcS731nkSlkh(60_fbv8GZGm*bE@whO%+nu1qrMy}8B}o@c;qi!w61|;l){&$AnYLTP>IZBuUQ}N~YiY*p1d8lkadA00 zum0Q+5NBqYnUaaO#5<#os7z?+P}xHx!2!^gyYqrc1cW(TfW!?mjgYDTXjMS%cT8Jb z5-~kYAUA=8#6r#knnhbfSm!n!I|Po+(^-K2&=iPc%axT!B`L`G1+fSaS#Y+(a4zu` z5)f7!%ou$+YHgT$p#}ozL8g&(8~U`3SCyXpfbHir{O!zMkXwubLLBwwqLPh!i)b*&XGZ^&yvF@?Hc36oXdgS%%*MYl{)jhY-7Q{qF z5ntgMRPdNaCu{ihDHnVQM*&)$U08_FO2_u4c6rO71{vV5C4N!j8=@?vq@>8FLyznm z9lf@;;(;>(V21EVoK;v&AkK)rv?8Kgmsbp%;z{vqL>SA>b@w zVU+_eNcCw6#~Ht{>p(DU#9kO%GOf0?HSA|F>8I&h?sDuOMxztzDJ)ncQIM@0_183C zw2>6j(^4K)r(QVZ&%Bw_!Iv39Nf^3%@EeIQ(NGMWL-qswV8c)BpJC!55WILH;gGTj zf6enQnY@VKHZ#LGz1d>n?5xDJq$aT$*qjAdVIIsF!)?HDMRU?&l}3POSeM8+rhwqKs^6iyffWKg|bFCjhQGERkGr{A^+KQI8nmdgRBDT$hLKvR0DZq z%shlB$8_h2`!a7Bg$Q1RuI2d?XMdM~tgtV_Y#278xMsNF;H7*1hB*FdVDI)T`*{)E z=yb0HmFV_s9?kaTeyQ4D$cT43xJBq)CTMMFlJw^5b1<_IJy@omh^&qJO;w_NHnjGl z#w`~VxMcmEiVS}Z$FDwGYnri97_)SC=8P`mA?*9dYS{25$!L^7ae(%T?7%nl)21(D z%k#elHl%AsU-e8VJJZ7GUR0S!$ZhJNYzeV9mhUd`S-%eA!3E774yw3l9oB1Y2|2+T zU-@5rTq3^!J0LPoMRf>PSNQQ&YSWrG&BO4=+Y}H?J?JGMA>sBh z@&E!S&=|V60voL^kLF;7;azcJ-g9d@2oB9El(NZQhHd)LPL(@Sy zZ;Cqdr=FHB7hzc!|ytfp?mGSrA!O&03DibUvOj9P8oba{6 zi%&FCTc_?)Xz>4&F)=!OwhP0C2v?{jHM6~~w-iHW0`qZo5y)U8m5kID+`$zkKQ8ER zuCA_2BADfXqj-yB79yeE>Yh8$avg9Fh(4b@(L)s`Q53`!6X@M`d!7;k$bm6ts35(- zx?0-vq`L%K6^Nd8>iQYhn-!K~xMx^ai#O3qH2K2T_0-ktnwxcNm6lQ+T8LKfhKqyT z!&g*X>|)sUI9V2EW(0rXDnl<^Vt__4>?W(Q%SaHzRzcX7(90lY`WUOL-%T##E|=O^ zS;W{yGpiA%wr5AU ziZK3UQwTTMuIo+IN|eISmKHHNx!C%F{qMYsh+=6XSHF+cvgc+Bc2mm}!qSgUsSt$7 ziDn$To|4#xw!h)btu&RVL3{ZdTfmiz5;nvi|88RVL{a_TcN~hqMSgI(oS*KmlR&bu z%drKB)#PvL0@dUnOYUzaLCqjmkd1@-`m8FAxuapxN~Es2uoXQ}hkN=bX388d(OdN};>)dMqbs zKFAuDA^la&Vn!U!1DgJvjOeQP7e=OBO#Zao+>3Z86bVcnCXrqN_dp>!A-}X+LgLXD zc*f~%BT`-NH@T>wG&3^l8yMUs#lC5sWGgkufEYQBsu0wBXd)v!+lmt80x2#pIGx1g z0bZf<=uzz9YvB%UHWGLMTVI7&m`DETr=vUynAacAVE#^jKXDXaeENex4hEP{P5}l0 z_2qWhB}umd9;>RUojBP`c<&|~hv+fy&UZZO(|H5u$KtMbAqXC-@eB@RSJ5Swz-qS6 zR46z6jPNE}w)r2~#>S=*nym3``OnXF2Z@{unA9XOlqhr5^P%!(y|ufpr{|p2tp+PB z-GI9>QBgr_Z=`&wqgoWkNpF;+*;Z8ap#4Eqg{pQvG6~~gX~<`I%{0J%=i9v-?`;Sw z-hChG?LJLbb5*=;;ryD&WSTSKq{K5`(Qh@JJ_w^1Ll0@zQsvFXt&KSAsV*E*&|w$4 z8~Kjf0T-Y3KR-`+e8Ao<&}@kuHd${+S1&UQ^Iyn9Jc^56FWadGfbQ(&)aZl?isi`@Np z$MbI#fxnyPTvlct2FYYGm|IfPy6vuVJ```+mT%woht(Z9a)ipy=HkWTs}pB&LM0{F zkX}Iwa(2%a*Wj}`cr!s-PL7n6)YYq3x6;xkef+|vHfmx zR#uRFY)#+P(#r60&R@5%vOpFv*aII1DHpu$L<$KVyt%@u*u=`G$k_Dk*|o8PCi%s} z9XEo`IXQ{)@DN{{@UeU1`a(&Q{Ga>Z4EP!G&rFSHJXF1Cw8W9?6DLIW?IUJqFH4oP)H7q8c0_6ko_xf0OrS_* zDUf`;4v`%*0BDg9kL?Bs!D~J~KYva}MuuUjBTpt{9N(Us2Oq=m0cWZ0`i^5e2GCGp z2pR*#>7^&%6e*q6v#{V%5AE#i^panP5vdR1Q(QAWn(YEI*|I@b<69{9=a)-rELYir-{->Y5MCYF|$ z5rc2Zg5^0oIY}Q_4Z^*1=GLsEw0bCRS`Y9TP8O{6#EBD9wy+!Sy?U@5Ew4n6Q^HS^by#8H$_g#cU_?uuLS9a4meCT zr`7_a{qW&c0yvBmz6aZWEPKsPa}}?hB%=Q+}Bcph|6JF*=5|q&xt$CKj6Jocm+(u)*+;L>G3uT zcJ>me^j0Rq5iDzpPjuwgG|!DA-HZ|6T?NBY*72-6O$u$cxgJx*kS10UysqtcmDBZa z-@3JX_wGdBASFR&Y{~CGet1DpM+A`QehsIfvOy1kSUoc5DNEGPH!mP!7$@UOS>Iaz zNO%8ZRQAvF)(PIsUO!=7rBMY|L;9Q;AD8qjSER4PEz@32%*?d=zz`s#{7f$k%U(}= z?#mfRT@n7(*;Iwcb(Z|*sFkK*bhzJ&ii+mu=4NJ`uJlmR_Jth#Y&!?m9I5sj6D6-+ zEh2CV@f77_+->(3*AR?d9z9A{R0@L*;2yNEb-kZQT?}Oi{1msAm-nVeH?Zv6MJ3<` zxBe}z6cP1tnYwF;PNdUq2{_t0b%f-P2s{OsD_4jE9ZP@KaM@{@BaQmtZFz7ts9#OOIRU}d|^4-78&QX zUn(+wo&NguH@v$^c6&fEKQ0QTLO@`&q7!`P3M@)UzN2oh(>3V2*Fj4Ht9#)>);POp zTCP0+hyWjl*K^<|W+KpQpgMo-hWzt(c_ag04Y4E3q*#xOUT&#B43G(uO4ytuoiAtg z;0!kU`Sa)T4!>gCw*7uwpfm_usV>N2UKj?^PrUDPq3hZMt~+SxXf=9TI5CKR3DZB$ zWq(Cn0qyx|Qc?n5=z$kZEzHebEczx=w&J3v-T3bKCW*%yZCzdC0|V8xTj=OeZ!%3w zUc7zV_3hhodTRXBUbdi={QMTos%9A&8W_wkEMPu#Gr3>$O%vZ5jhyy~@bDKeU%EG2H)nwg+<`c!I4F@*k;Dli&`a&YB40 zWfoU^-ub(Q>Ffbmt5f-=>l^sKCBW!uh+?m)$ZxOlwOPeEFmKdjEn+go=7H1)9l zFOA{_ z)9IddgM`DO5FO<)I1U3m_2PniarckCdcj za4;q%bI0)%;=v?!_*Z%ZMfg@nh_@TBQgF{A?$o%ruekgRtRp%G#|GxLZSgC4mNExzpLhQQWse}8YRPsCVbs*Zc%{VV`j{k!Ao&EKIT z@{Pk{!41YsBCtjDE&IIt<{Z(FZEWz?Szz(hn<${@?{J>ok_!q>rnWY7cI~FZ%1FZd z$bcE(Td-LLd0fY8Lua(*evIKTWQYM)^e8g(@|uBY@D2-vo%NpsN}dcr9lJi$AcY4B zA>cF1NTIR4tE>2fnu5YY%M=MYxsQEQ2$CT3c%nu<6bn|LpAk{USs!w~bbY*(3ONS0 zUmfp{Q+78$B#07s61fr<@cj;1Y3XD1#MdIFccOnlIK;bLh*b)&jUv8MfuB+Tq=m)P zfPhUiUlUfxtf9Ysp2sU>FXfbC^coH-CdMYeUCP0IC|#ZZo|F?A8rs|4ZSEGIn8;-t z(_qEI#6(R_3Q-b6X8Ym9A&)&eHiol>%t@TH3r#l2fT#hXdHak$=?yMn;o#kM@YX&V z;zfasH2%mRnjtb8QD5rR<5yHP2U#QiOL#al3LJtD*6|+iK^ZV7liDO{B}RBa(}ZV} zmYe$tqdU8I_n(s`*7W!9RnztHMo0n1d%(#^dDa%?4yIG8THQLG8!CZ=c6po1p?;0tdi~wT+*yju@69E}K&Pe-&~4 zPfgZw9AX77Y>8eV9*uCM)d3DNIM{^g8f?<+;DFO)F$JL|j83?X1&VlpIyh_97voEU4mO>HOWC+ z8=re&4~uB3Jv}k%sSUdZbVM!m4cXL&pXaIvb`^lC#DT`S$doNm18ZityW(tCmS@8I zO9tipD}_S|pwHk*J9v;du}2d-+S~iPa}?oZGN^~El)$5N6x7YJFFHG29*>bYCkDhYVIdDcGw;C@{pe^qECa?Lo-fct;yhr5F)4HP z{we&PsHE+UnsA zjvL)Jb7Op50^Ey3hie4nbZkT^qjBi6w4(g{ty{MI)D}i+%3PnLkXX{XI%wumzu=`( z&{Uv;sZ?>zcP`h79=`cok#kI=CUEN%?cR1(EX|X=s7k7;hG2!>!!H*Ki5X`6B0El2J7u>7( zaQt$-*dX`y&w-Qd2UJ?E7SUkPbcuv4l4u@mnzL0@rl)P(ga=9M| zbgh1$dJ0t(*_T8licXDjZP!=z@HZbWEQGRn5SI(9ctFP|bE+H~@^K*$%r7nNgS{>> z@$_7Cq?x@~E}k8oM-{JW#fQbd zQ)8XK$i70KUc!~bDzfsfRtOI&DkbjviqwivNQ_hRqzMQ@qR~C<6|@KoAO$gFa=EX9 zR{32jnG1gOnqy|h2}hK{;J^(>xG^oFPAWw|M7@Q20#i)w$71pHojdRE-iA)masE7D zRPQuk>?Mtc&*c9B1vgr`NJOSkzB%Ie`%{vW0nFFxPghh7u;WJHWcPYgc#oZdja9 + diff --git a/docs/versioned_docs/version-2.19/_media/concept-managed.svg b/docs/versioned_docs/version-2.19/_media/concept-managed.svg new file mode 100644 index 000000000..5645a608f --- /dev/null +++ b/docs/versioned_docs/version-2.19/_media/concept-managed.svg @@ -0,0 +1,591 @@ + + diff --git a/docs/versioned_docs/version-2.19/_media/constellation_oneline.svg b/docs/versioned_docs/version-2.19/_media/constellation_oneline.svg new file mode 100644 index 000000000..4e354958a --- /dev/null +++ b/docs/versioned_docs/version-2.19/_media/constellation_oneline.svg @@ -0,0 +1,52 @@ + + + + + + + + diff --git a/docs/versioned_docs/version-2.19/_media/example-emojivoto.jpg b/docs/versioned_docs/version-2.19/_media/example-emojivoto.jpg new file mode 100644 index 0000000000000000000000000000000000000000..4be0d5b26dc70a6fb99a5105c234e6d7ab51a213 GIT binary patch literal 141236 zcmcG12Ut_d_x2>fK1QP$00aC>f*%HW zkCbIXK0n;^E!-pJQ0Vz~Zo+%?!u^9)@C&?H=>N_A*hhpoY;vvv>;f!IOw3G+SeTia zSy@@w*m*hF7cXXC$+MJ;S6~%JP+-;S)mWj;BG|Q?)~#MGx?{tpEnB6eq%b0~iZa_2 zHcLuvLmEM`va+%-W?#XpRc)Gu!IHFqu^lI0`w9T!xGe79>BnUE`l6I zn7VMG&wRQEMzqGcscXW1j_Y9AWj*U-DPEn?jaUtXUdd&~) zPvcqw$AxBOWME`Q#)U%L!Vkj|#zkwkGV$!xVm@_o>Dp~qSa_AZ9wxqGT_<^Pi0|~J za<*kcQlHlkBSWK)?4J$n>Tiwg+rYk$s~)g3prG&=mH<3>xmSI!Zrm*I#uDEL^*7qI z{d!g%;{+lMHIyR`O+!SgyR^X&eirpaT<`8yJ^{IdK~2JQ06j>>9#5lAq|AZrhBmeiWLti^wPNZ>wIgad=9V($Ib!8c>G}M9Qa~dem0^u&!AxiS>nZL z&eYD!29(}&bHF)m4lGrrV$&0-<6pazushttkegPUM{zC)CB9x9Lo7QnPY(Z?sS4j2 zA3ZzKLf!8mz?*fQVa8x-`=p>Fq$d3YQZpygshx$r#vDd^orCmxd)HyDKCDE)lZJnz z{UjAT9Zem7zA*SGSajWwMR^ZSXEMy3K$<1OW>x;wtjM7sn&s6RKg&FkDpEWk!!@OJ z8Bggo{WhjG$H@y+sA4(c{#8%z%;+p>pIpsF{o#!$q%QWY#T&MjTI0u0&BopunYp)^ z#+{`>bEuyKE#@>{;_KzGBV{KnA>UtT)NgRs4j`WYqLAHs4YnY85b0A39O@0s(9IqK zF)kH9BuV3I)>5t7aA)QaBrCXA$dWgK|7nfV5!Z*j^=UE0Lj6fvMh@-z`FQ(F+U6ML zl~&4Iq9UUnGYH;4c(5kMVQuvwY`g7T(j2%l2f8?pDy2ECnFH(glc`*DfN*}@@VelY zw82B=G}R~N%6!#MSS@8<@Q06Xb6TsOgo-#fF{ROiV!Y&&^NBFpW%tjsr=gztd+Y1z z-a2_DkuOf-E_qOzQ*F9t-v!^*ijlrv?>3oBoPDC)tgokdU}%dFY3I6l@ryL+MI!ghRDaSl2pATGDsV!Iwy29Y-0gVDeZzxp8%(Pd zL3|ktv9Q8q4lvAt533TztX^YAr0V8C?i?6n3di%vCXxrn6)|lNzPws`uCH(KY7rKF z{h0JdCb*8Tjl3#u{7NAE&~d(9y4ubRT1OTI)E5EwdiD4z?+PJB&Wgfmow}6JxTyja3AL_cRZhDTY=uVO zPwE^1BC?;@QGGaHRh7!k2?|<~6put)16N@dZYpj|n034*d;Z8&wEEHVknFl8ukSu! zW~@;dyS7)^@I!>_^)r#<{x;4>lzDXu$$NOUl);Z5dl#sKYaCmq2j;-^l9=a~Kk`pY zpPeS`d;@>Q0rJ={Su~$F1*%cm?s*;^Ti{XLo`xY;s{1k`0!xoQ^6u%H%w%b(QUs$Q z$#X-mlzBB#-#$kw2kPIbXJ#JZtR7N$sGht2@BaIM>!5$uP`|GSMH>_DW##R&%-&E)y!q>0Gc&U+;^AYkjp3dl|d%bPJR>wuc&Qegc@0Awc zb+SD7n|?_tqb0SES5i&WxIE%jcMoJpdZ%*w>K#uWuqWSi;qD0v*c)=Hlx&uZkyz>L zS`kiDn9)f%i(6Js-NEets4mjXWh{PFtwmdbCa_UlLofYV^-_(!yKP@CarX2t2-xej zS#@Ud&B>CTreF33X9U}Q!#)15lE~U`I z?z2x-_YE7j&w99uINBM?y-lmX;5M*!#oZgNv~*0s@Y~B(@6CRcBXVzlGx|qaR+&N+ z@_gR8U<*Sc!;-z-)Wsi;i$=v2ZS4y8%Q{rf);Q$xRdlgDsnm544V1s5f&T&;Jcek{ z=p^$E2{iQxqcLXAcOyNCXnY{^P|Ss6JvgO1cltlZ`n){M?h(Kl`qr-B4U}7}uRGhO zS(tlMdnKb_{==)UORJ8U_hWB~uGxL@My}A(yAGcCHJW=(ojxtfuHUjviQVTOF}ipE z3I0U(^EIV<7@G@QR9Fgn8sH#T^dhTtk|w+o>0BQvw6@dEub9~DsGWC^r#N-(`j!TeU2_qSoY4}>Ne>6`Av~%6jpoeWq97ko z6q^!;J#|}%>%zrZJ3gCg*)OiA`19C)5MvMh5BJRO_^4_C!% zKgUxR>l15iA(puxNg$K+$`Yc7BzB&K=4-rSOlz}jZe2pKG{0e!| zT(?)(=1kg8;|s^3*=KmT(g9ZGWX!Q!fZf~iV9oO3jU8V&m{`KspAIrl@@hnR;>)7U zU8DMAHlC~RxP0DGMs`AO*|4D7-6PLUv8s&ry)-HEkoQ^Q*fQvOa(ZdoKlAFmoV}w# z32Y~xE2C&Z?D_FEj7ZcU!T}sFrpnQ$3!qY0+k;%}%Zg}~G z@~t$+9?z9W?=fr!uS9Yx=0MGUIlVh37EvqeR~Wld^R}+$XkkmvnIRlA6$Kecjh*mPQ9gyl=srltl`xbeGL(^qF>Xm6vb?+xm$ zXotGe#X^P@OWxMp5Z7-@-sY!#rswc#t|6*ecmh-Wjsq545sAG@PQwTFl-xw)iV&eI z6#s}I=buAYQFwfGA;fSRgTCQ1^bL!Zd7lTWDDol^2I_NcHq82=il{&OP+FIC0 z+hj!x`k$y_m7w8IyPLvhvy zlxZlmoZB!Q(V7En1f!m#az zVK|J(s^-8fRfD!RV~^-GO@vbGe9&X$fdN%aU^&etVGay_Ar8aP?N8m{btW#Q_TiqW zQVvMa`0m}A19+V|Fgc8$a>IW<+LbdpPK1J9ItOk&{pg0vxlOad9FCwyFaL87aS}Jv zS6^Z}XKBnZC8+$0dVf{l*@)gLa_6b>blc7r6G2*}uFO~1R7whW z69w?Y@P7OUN9=mT?t}N~l9mbdTS%R{% zZw`DSPBUnWo7?TBsW{@NFf>x-XBZ1Erw!tvA16aU9_FO>4gLQd6aMdaR7cPc#AA=d zYtWR^$m399$JQNDc4~u~V~l7Hoa$(5c|iT?5hQ81T!*pgnXkHX^!fA8c*@GS`Mw=; z&AaDhFeK6i{Zqwlz;gh^9aGrF8q%6}#HU!sGT3X%CSJZG_4TLGJTtp#9e?3iQ&Snz4*H9W(*MlV%1h5ARIx0$}L{MlG& zH8(##UhnC;S5}+SM$I?16}%`^moETIb33DD7)g>JGaPy%R+Zm~O|UCE7%k#pxid-4 zOXZ{5t0ky2XJi0pWHrN7dhW{+ku+=l_)fOk$~7}8k^{MU+=c{NYPrHLk{9@uKPTUHq z7z|fi;Zc+#c6G|?^Iijv_=@`NZ*J#quK0vGMUok$)Hv$d9nY=~@*V6nHE1)`UhVyC z=@p-&J8+U8#7)i`Rca=6UfgY>b;V~Cb@R^ zx++X#cJ*tEmAR}qs^6e$fANBlTKjI4kO=l_9@#R}^h4}%t3w`AHrrw~>WY2cZDEvp zk55HCE~nqm+uZYnzhM8nSO;&ZAg7pXBA~U)v?Tc0wF57*o|6xxU%Vi=VM+8Eo(;^t zop-M_OzVW)O*p3GE_yc2e0|IN?$@7Z<4)`uOzf_nTrB6467l5Cnx2j4-wZXp+a6O? zU1An`aP8{@dw>k%Bv!lK=5x%<@$>pQp`F{0jugEy@;dDvX>~)(+musdDdCX{8ozm+ zt2mb5CEGVDW*v@hwBb; zn#qY%M5d@S{?cvtE%HuYYvguVm3*`r<869tz{2=?UXuFAhB1NOGZ|<19K3p|WxA&0 z)N#R53z486gAu-O;Y7Ula|sGt^FlbGoq#4T#RZXbv(SFteh=p{#5EjZ$ag!{7L89} zgha`H9y3h&a8Qsys?p z)@jDbvpMq~5%Nx2pE1C9d_S&KXY)j&q@cQ}Y^>D5`|HGoo^BTr2&i;lOYjO0zjsAt zk(}E`@6^|gVw-#4q#x<8*V8x~ztMWltyxt3o{h#Uimi1w9^f3ZS#>KhY`12N9O^*0 z+qw1OSTQ;C#Roz^y`N}xG;d_!=4W2FuJ<@XK;pLU=C$GBH)gYKlZoy*Y$8hC{CZ=I=n){=wMd*-JDA5l6(%dzoG4qEepQ(s zgduzULdbre5<^~!dx|jp{=q{rY+Iiwub0tz44te#^dw$>6)}X93$0I)FQ1o!ZA@Xu6D~u+`!j-P7=dSiSn%tYaN1In^xwr0!>Qi~` z%pU#b-CEv71m+yRJ0=n5W&{nARFaA`0(Q1%M_!J?KHrNic@DoyaWVtqZLx<4Fk-jnJ#{FbHEMzB-Bbx&>lP}1XW+T`VjAxHQmY)>T> zdghH3^>~H*oiQYVp8Zyr?27UVcS|;0U)`aa|G7soN3J>hdgIYD?v>5g4QuK%+w3gr zj}7ee(%aL^_BNB`qE)zV_F>vscbUSmn``6NuQ-&RV{GN5DDzHMZBQ!yQn3za>gXC@ zVB(=ba#-zvIsWmf#;fUrb;$>=5)`hxP6iYnnTaiUq|vEoeEC!Fp67hB#5V!eSFhLa zJXTX*^(b_`eTSROmsegPxeY#7D4`q2;)+*p+}0FJ8cy$(&S#Yh5p2;KHCk*Jmm_-w z`-la5m&d+Sz%+i{veJp>4*tjMf>!didhLqcP>7x66W9FsSuMWGP}9wAi6JIeapSBo z%heH^)D&-{+fl}=*WUFx62D!oE%o+O7Pm8)Z6}AUv z$7aL^v}KJXq{gOPN-}4u<5!XCjF-CJbT8pRj^BuS^jd1dGO*7~#Vi8%(v@%-`)5!f;KitkR6=TQP%CeZYFMK z7P(Aw#Y3mnp?d`#LdVN%v{zX~trzK}JP3HcU;DgwiUYgf(NDLde5=-J`9UA9vj*?M zcbQjBiqe+6vT1Y0OV`s8&!%aFqtbH)z9ys#EWFEG^v*K^KNf^OHE8SUC^sjm>kQ7e+>1DzQ2x zl~aLZl{7|}i>YMKj|z7i=h}U|ZYY|1H4Ny_0dohVV2^B;9^+oe-ic}1E&=iNBXc6kALM{1A1pK0b3?~y5M*A{&e zBD4Sad0NE5i&a~ntlE8LiPGaP5Ur(rP+e?|1#kZC)$LyD<7>&vTUI@Oe4vU!@gjsx zVCEH>m~u(f=+sp%2eT~&mTYf$Zn&!eftWp_=oR88Q#YS-*UYduEguvFBiJ}fiulGa z-J2g(^fz12BuN>rO%Z)Uhu8D_&GL>M){J?0*cu!xSJr;Lv88(=Ju2dOvvSAlJe~}< zPQg!ZhG(a(UfLvGPi$*5m<-VEL!5V_d-U}?dj zkMZToQt{7%&6`54o)8NU4$?C4FmIZ5tdiKa0ZyLv$a6qx`|<445bqwl=3e!K8N<8z zQM~uVvv!p)OLY>1ap?N!`K)O^-}BD~l$GLiz&mnis^&?F8;x-mW(@c9YUw{2e)z+D z{d*$p$E4Wzd*+by_z_+hvOg_D=JN^KmoXGJJ*W$Cvi`wcJHh|Suw>7gp|Gg%dsP8- zb9HlH(9hI&?K03jsG*|1PZ_R+!BwmcUP<&3#{&hW_{OL^XZk3{;3CZT;{2zkI@BWNc*!mz1!u6v6PqC2M$p65dPO zT3Tc;n`D0@IDUSZ@L6K2=8l==cniI`;dDR`aK%n0^Uo95AK3v@w^d{X&+;*o`fY9D;v^;Ab^Z1?pfw z&;(d;8e9hFfElm`;_$Bpd}0L-!uLwQsE@1|u7)))!k`OJU2JG9sp(^0A@Ys=4Kww&CQ0xRm?^JaxK2sw+sV7W*k2E z{QgXc3;@@408;b5KRfLYK$(Lq ztcw=0@^UQZ;Qc>ebFbmb>7rXqb_^)EX!v#IQ~)YI?ArHrQ>d6si2N`Xsmx)&p;~wT#|Sy9hv|tPrYO z0N_SJ*`o>9xk>6<02USlPEoL)P$5AGU{PB<0r1w^B*deJS`Th{qC|lb@IDC$jJW`; zXSog-eXvk6fal7RrKbr1tU>E>N2_B`+a@#%`%@N0R5YnsNB8q8;`q5U$p@R z60GHupqQcRaI*^Cx~k4p^sZG}Uk3r?-@JImRW){2T7UW~eny~^E>H&opqjH1guGd< z6fzha4F^kzx&I~sSdDF2L^NdBg#|N$+Tk{-oDO+~fCZ0wKBG4(Dao$H-#4H1+e8*E z)~fh$SwIFVHQkJ%xjr2`5%vSG0KbID-MVACXMdXp(0neS$gEXCS}+v|7i%-h2d;lp zEKUOY5ad>d*nh#TZ$#Ff)NxS!5P)be5L$v(2Ry-IBJTgqNa#R`K=LUFZUc|LYZl-@lD@cqWhBS%g0V&Sq9mWNY_VzB+0^72hoZ_1D(Z8UIQmV8bQ&c@bf^KVmd_L%x zJF#Hr8on|qPf!zM^{^(`b=S`P?+Pkd|LilBr?t}Lu}rq5gTagZaL%myqI%0Bf)5q{O+f_$*(lTbfi1Ml5HNk>lL z(|vGh!5#o=n_1jnc1nO~uxiHfJyeg|Z_b{Xd;q z!n=dTB<|J8I$iih8*6Zv28r@9{V#9lVBriVDy3)AQ8K76?s)%m$Ck2oT8(ennGyYj zxRc<D=&=Yguu}pTt+4IuBXb>!jFc(qg`A!kUvN(qjocb1p^Z#|HWTJ~O5kp6H zGco&XrURC`fC)RJew_T+YNle1glP*Y&V%)r9ka|!FE{Do#SCjlKcT;5OK;DCwtlU1 zNA#P)o&kJV{dD7pUv!ae8Trve7<1600W7N!ff38s>}mtrc5)+djRt5VHEC@Ffuu`Q zpMKHAMGcQRu=~rimjNzi37ZSZk3KmB(R9j^xp2d8XuhtsJ*Lj&P7<6c>zd@he%YQ~ z;ACQL=U|_xnBkm_OYN{dp`rEc7fl1GZs#E!upsjUDhW;mlmKL4-;Y8inZ;$x|Ah^F zA&a_rywbUpNHxGURy0hu)=rJ-Vh-t*Qas`Ox`1k;O--vUb9dG7i1uIFkXF-L;orJ_ z+(h7mxgsw27yUxC?J?9g`g8}GpC|#Lr`Ga`FlbiC!ubP#Nl_WSH zE3oF*(D*xkAv4J>Bq1-rO;SVPi*B4KArv%DA@Gm*b#i2wuzLC1;r_SIWPQb&*7Pq9 z^#cv}6bxjKQg4RVYB;(C|p6jJmp6nxy=JzC+H=B)jOpQ## zkzlkhHZfIHAepP5UZM^zL9i#eFt7ybYvE+VlM#k~jY#w=M8X1*4sO6yRNR_+z+m-H z>%(2}8%A8asLQw{kSy5FHp+NRZ)#%_&fb{-zvJRs(>bD}ktEtrFU_&p?OYlaB*eH@ zUq`eU#W!%rb|J_B`);BG?nLP9XIXFiuz9Bt>072?KQx~If0QrL14k^Hn-vh&TRm)s z5wJHP0Wuk)f_l=W7yUkge{Z^QbZEAmn`I@VJ;*?(lkas&hmubs_dmH%yDG*i74Zjt z;5H*)sjK}DV^(+fLIz#>D|U0A!zBb(&I(^En;e1^u(4BS)D~PA?8aU{PL0Y&7h1_} zIDnsC3*`5KfCa=tF`_d*48q7CaDzY|Bp<@@*VMtOZNt``8l}B@6aKNiFyHfC;OgeD z3tKXqThE@CoPqhHpI^L+`2COvx%=iF4G$n8?r?;_iiJrQ3I*Dc4}+2MaD#~Cy`MJ# zpXwxE7;DigHO=ZEKh6E#0iNT}W+!vx(;8Okd6(KJFN&^&Wbi%g9IMAP09=f=x%W8#+T8%=?9lGdjC| zS$Pq(HfVHPzKZ~;>vh?ZzKZ}zt3YpSCG+W*ZJ^mw-!SYSS7_(D81wn$)r8NVnG+2cx+Yu_Ji>li87!Fm4u0AJUdz`LMJk&`Yz!9y|rTF)`l79(wupv6#Ad5gGq=)W@5lSBp++GwW0FBh< z^HcwT>|gW

        7WMUN)A!Dz13)FebQ&t#s<6zabm0Q8^k5Q|R8&{3(_XAh z_^!dxz4|yvA2!I{7hE5@VF?h5dc3*G{6!sgL2>4*M~LDn^w_gB#rVS@(|K4Pd|k_x zO~#4fUB3)fOm`2XDj>uj;`bOZa1$Y@D1!uebLJ{~%f?BJIJhmXN>c<{c#B?T0@Iv( zKm4R#@=r68rx75dL=mJ&AgBw8Q85z_!Wvd9?KXbo=XHvLtr1L6@unpGssJ3nG!~^o zx#`AHY{%8|s^TTWfa%7iPrJFc7KMvzIO1mn)ZM=BIBqEtfmjGMxyBb#qS6sQOpf~W zBU&j{a2)C0su)&bwudP@;=IcA*0^}92RX6enW4Y9w*DL!VFC z1yxOunYPjRJ|)(KI;snsY07ge`d~C1y358PCGfhwT*kt@CGzLUyhS!R2F%uTvD~;+ z42qUH=#6U_E5J4O--%>>!pb#))4y4&*dh>BcjR(vDQ;nF)#$3fS8|e5RSPid^7oV+ zP_QdFJIlT!AKOZUot#$LVwDu-0Of^Nd(5&}VQMj49WZe~&JcDv-gUT2t}?0|i@=Rm zjYYM27PK!W>&yxzs9jeFq4Ui!1)nsk^m_P5PF)M7EzV!yjk?mUBNh!~nUa@CE-p3Z zByW&6R(NaE%tix>n$E}b+(>&sSZdy%NP`l{>@P#aVvrRt$@d%Fsxe5Wl=Wr|)A(WE zn4?>(V!O3_A=-sa2cf|!@J2Swd5o15zemulcPgKGxQ&BD`$CB#f`-?KL6Qt!u@)E` zmTz*!c#GXG)S^{7ORi&n(@m2A^D*qt;r{^TBIc&TP(;M+L73_(3=B$}$HOrS&OKrW z-{i{XxyI&96M$2nTt?2T5cv#;-U;%h0o9dpAP~6Vf0>)W!Cv)nNEM(TlLo{CyMYCP zytNU=qm2TWhkuq>kgJ0APwP;s^%r7Y^0%)L66CddH^)A)a{@A=Iqlo#FjD)<4c&I+ z{$WWeaC{jKam1uk5bX?3-Bd9}H%fLKdPcA|Q=#7dJv_=R0w;)DmXA*)@mxtmW-R^V zp(p^#=WmT=^^Q|e3<|8*?-8I%uP(j+0B>mQz)A(Rv$C#_NCi}4J{5JUh>!vvHhegh zGLV{OrvuKC6-M)~Y@ z;$%y^Q%d#fIuujJo-ptpVh|>cx%2b5ia-bmIp3Rjg(xT(ZSeV{QAnEsYLpaL9@;i4R%Ad#RlEQg%Ibsb@VJ$mNgHU`81 zI8QOG-BzL*#&?I$qy)U}J26!EEwY_ZoLl9Hfzthh>y`z8Ag|i<;t54;T3ro#FH-%K z3LO!guN-1tHPRG})pcKaPoN=9UF37POQcZH1kF}Ka?$6$C9D8p5Dp)-TET*E&XHh#=Ed@xKYbTPkFascO&2Ihm1r^1~>Ei z5uN5#)y?B1yE7?Jf->D=Ga%Ytpy9&~PwOxKQtQ_&R{9^IGdB7@Bd?)cAYd8|%*QXG zK@Z|=IW-8zB)qSTP8kB}97nWZDw^uvC4vhAsy=9O#4_S}P1W-#5VK~p<&{>DXer3_ zVo-D)Q^&`Mfg-U*zqTWQqLgh1FZ+VlXQ8uuIrWw>5mh%TTGwhL<`6Rm)pBui#p>&_ zmHqK36_>EJ9>2`AT&~MTvBx1eu%JO_S@f5x>e=Jz`^66B6%FT?pILSb0bp7J9RNo( z*u6IDJ2uc5k4`-!hTsltto%o#T&{}nbqE5=hHOtUtMaTcs~8*Gej~0b2Ak{g3QJ%q zO!eX*LJV-Nf4?!ySSpoU$rXfY0~%}gh{-mE6uaKHlhy-`va4JBc!tSoNK|vrw=t0l zG-;bpThp5P+-)YB_3VFI|8wp8@ihwFI+I0|`S$P;b;^3+bX*eA+m^$5+%w^afI3l;(Xzz&9ZiC(_ z78YV$58fec6`=#%cL15_zF%mts`5kOaj3E5fw}gKHH8KoxBX?~XNqsl@$VAxG*e2n zXw0?JLN*VQ@5M@4+M#S3yD9ujH7x3@s_LMEwV;x`?DP183OZzI$4Q(;++*+SR8CYoL+GRr!k0n&smpb<1FP*Da+}GGyur$aw$`y@bH&W+e?*sXU zJnh)uf{Kgzy#~O^X5%9WLIf)qg%pczr-Hp>1*3pr;NXUBeSv3ndi8?J7#S_%`d&l7`MF=mbmg_|gx7;+~#ZY12G19$52CzBKVle=7Q`{v@%vt(0 zb1>9A3QQKs=4&9o!~X!vca=q=P-b;vEDjj6n7YhYpP5_`l`BMMQUM%cPy5PYuw(MBPq8~FbKa6k=|@YDrxZ+Ca7Rl+6~ zeHPyl2sP6JgBF{6s0M{;LOuTg-PA7?8yhdI=31$@aqha(kaQj1m-(0>rUOf_gXLI=*`jCq5#NJ@OobTPwP*9w-LH6U@~QQi@wobg@Ur~))3 zqQ99-0WBaCjtt6`CgR`1I98<^BNTqpw)I$&datC>7%J^}#8p79fjzn6DHN(jFN`G0 zIKs#ds%3#@2rr`l05P%v8C&67mNv8$H;*wYj;T3!S1L%alNrp5MphaB08uF$HB2nn zBjJff<|XDe)lG_)8*u{ar;ie^NUJe4Y8qFc{#2zq%4$Z?yTA*nuvbGJv`Lgy|)^^?TE`cESo&Ny1=KUxf*e3BeH6o_m zTfqgVD=U)xuJ3Tf7imW8ntPT)*r>%Nfthy|FSXN`IHOXOaR@BNarcR}X}FZSrnw`O z?aZih+x$d(PEk<#?iM$SBKx(D<^b7)ey99}N}{Y`>~kFuszM9mpIMvyN;f{gvj$cG zR}^hPm}_fnY*y5#97YBG6zXbg+F4Adij)%-Togg5{^#TW0F^34iHUCKHeyz)A;S~| zJ!2%W*_lhJO}T=ry7sY-Nt#CCOcV>JhqR6=V$+3Zo4Z^nD`Ei1a!yjlIIxwD;{Rh&EX`$AP13L86C{1W)C zia?ID&aVX!ojGwSD}FUm3T`ZS(XV(-U?UT}e=wyyMS@;8;s)NO$$LxnC1)m$deKAI z<~R}?z(w6;L$79G%+wWiXbXR6GV4K7?_B=?OO#s6MKV}F--&$_Mr@j)+8<~H)!7t0 zX7Oqs$ zrtS2EASSSmEt?;gP|Zm}z!ZS%5Pi`=6;5ui)bj)&7MGh}k?clC8HFm|y=oSEr8uXf z?@(iLDxif@;7>@jfe3InWB~-IpDJ3eBE~Yswa*o|S%Op*5oLA#_l+qa=BWcX?*}s& zscm4|*BA2|$wH{-gn7QD0R>vw?)ZX;E=JnDXA-cXO4@OI`%3_WV8_Q#tfm#LQL6mI zgdWK+h$0lrFT4V`31NHV{mPOKXebvo_lahl*})Jo{^mC3ZxcC*L*h_sc4}F~q~Em5 zy72{SRg1sJ{{SiOk1_N{6TW43Kru@bak?Tdf%%$XuP`g2+fZdusSlA$Ae)q@fYN~5 z*o+0AsLWazD8m=`K$KTdiTR1+}-Wime zrES9Aj^+geuBf^Wuf$RyGA+Yv=4%k8+Pi(V7&3cvZ2+I#!^SQ<}KBQiaF||>jP?;-G9oA3#ekN!d2BrGPeW- z*eqaPh{3NY(FEhV1bKm9VCq*H?ij3!SE`P@>O5LwAQ4lGmI?v~yr^9hoPu)zS|z%~ zI}(Yf5M6!dOXgBPP_;Xg(Hnm29s)n$L!;q59|?c(PZz>?eh};UPY1$yJ`5|@!g#(D zy!cNa!H-mUJ|95vd>^EL$e;2j{04YF49UUh!T$h-h;i{}{FnKeKV|-AZ`psD{{SWa zVy&=R{{SL3Y9Xs-{{ZTGe)Bl=PeJ%)d$Ce8i1oNA5)UM0m}b0sdW}b$R%huU)|xaA%cg z{I~gnf4YB3pVNPt{{TIo(`7sR^ZV@n`!U^rGQFS7{`)fj06hNtKeof3exL6t+5FG% zvcLDw@3Z>s{`)_^&+D`L>_`3c`fUE2{LDIGRqy(DP@9Y9UL$Ck)J)3y7;oz>W?bqf z^&Yl*Lp6(~ad5X~x5*pWMXyy0fD+2Dz!I;6Js2%ebZP@$-Ta8kK^un~6x}S03IGQ} zmFqh~Pb0Ng%rWFmc6$P*avTmm)pIieofjIdoI)jWP@dm{Te@Isj(rh8YzNS`6%F4O zj!WXNB|{chlUUnN`+`&q7Zv9Bj;2hm1OUEIS2w*-gqd?qVQI6xacr3RMTd6m$(426I8vO z0eFk$32qd3PW^A%VFCbFnbkUhCfUA2yjiCu)OH}|LtNe6ok}3E@fziR9dbl~xJH3J z_WuB=&^SYwySr?q>OA7m2M)b&Qn3M}A~+HIM1q4_6a#?Ep7$RP(~>9`*Xsl|j@5hzaz*Ol1RJ;txzvpgb2x(X3gi5^_iucFRFw`W;1E^u2yea%nFmnM=T&GEZ z{XdZCORIebp~=kBR$ze+&?uD%s2zP36A>`_MljrBzKpn)HmO%CKSL>0>M_1z+4e8T z`1p^QtCjbJ2+nKiRVs5Ip^3M0u3_RbrPQtFItfrCAEzBndO;mWI*e!8KR@GsVC9yU zcJluK5iNUNtkelm4jDj9r88)d%2$a)4rW-W(3mo@xn3nRN$8Z{Q%p=biI=aY2U8M< ziB&2j{?C8Ys`AW?bC;b=?9Z55Z)HypqnJ3Gf2gFjL_E}ebsM~DZs1&PH@Ju_NZK3b zWvJTHb_dcUjrvOI@WepV?t&`krEySCUy>jc4^5iDH3o{<(hYn<7Vk&!NnU)yU$orQ zzwHn?RXVV`2|Z(kB~8>}C~Lex;{ZB0Lg)cnCB49vP0^ejw{GcP)$$-vLFImAQAq86 zVz)fyZ@P_@)0gtD7zEwW`S+6O!~4Y4{{U1q7=k?-{7Mhp!P@+m;+kKi2H*w+f$AO` zm*|-ALYzTDnSlwE8`dD)So0p?xH*7a?16Hz^n$6!iKpqmpj67Mm6#AQDpqBD%9R5! zE+jI<;q(+vC0t^@rAn+uFqw&%l~ST+VH!$_9H-hpAK_Y@9ZQ`<82UJx^ELEyFX_k9 z=YK~})}`|}kJ9ax%-mX=Vq!AA<37v&B=13^xuK&&L@`{7c+i+%U|dh4_~Aly@qw+)i;X zIp2wO^kpuIhrgpQaPxtHbEtNHXOd+v9%filQo?lCth`GlX_L5DrIxXwar#`JJVw=B zva$59X^rkwsY@u#?3G4!+{>AIfUbI*Y7K(CLn8T>yh|}ERIi~vg2;2!d+SJU=)J?L ze3pF0T&J&inTgCulkDH&b)$*+`eqoZsrZD)(4TLjPsh^ZFEYydE?l_5r^nOMaTvGh zG)E3%#E0O1f5MlB0zy(NiSiEH^UzY7xYx5ul1Ljl?A$q+4!8V2Z);H z6ma5UBSywzqAF_<%)I{q5!@n%vlM(qC1PHwWuAUv!sWc7LSeWb+m;;r%o)#_!wGRI z<_3rkvlF~RJ&=T<4%pS$hP}_r^tZhjCPW7NmEu&aYv{m*xs^w!(UIH%^snn2K+F;1 zrX^g#)WZ`D^na+vBF+7u->@(+Et`W};NyXK|lye}gd`^Ej?1;8C~|na9wdY5PY}_WCSdE?!@! zNpj`W(K-F0oW-f@FLLXc^)6|Kq?Ve0~G?} z^a7<_=jgN`l_)rrbrUcnVX0RtB}&JhAKR$Uiadue=1! zdP>H(74a#@&{|eEjd3VKt@j&E8DpPwy~7Uvlez{|ih$ky50o*DxvB4RubAM98yOYnUuS2hLn8DT^~`Oh^1Q%m3;{2#d^)5T^K%`yu&^xow^W6-1e}FcAO%q2ba# zJ(VtIi^X|Wz5!GJ8Y|Wyj;c@`Na{bm|+a+@#b$I0tRIcVCNF=3~@53 zwXDq|RASstt{a0kUl?60RLeJCz9uQlL%B{{XNmedT8p;q>NvM$)~dQ~{NI zMB*f-;z~jy<$VO7v-|#`g)#SzV2H&JabJkB47rzBS%bUq#oRuTu*52WZZ4cXOLc5j zm{xJ-I2IL(Oykx(#hw|ZbitfmLY>Vr!Etb^W(dvCTFRyGxV*s|C2N=$m`AR1nV4X! zJDj23Wb^eFRMRUea{~5Ej8i-{67i{F>paP0nTgUxPQB%BrW}Ofk`CHlp^dN7P&4z0 zjg6irmuE#WV8UIxAOm!Q#~EG+#7fN!12^#iqEpJ_776I6iteEM%|md<5Th_mcm11w zkzjWyL%NAx^DjuA(yGW5bvn!}cQCnMGPCAWUzm{FnOK@im8g=XO}-#;snIWW<#2M$ z>&e33(N;JO%NjN`9b@-xf-c1L_nO3PquM%tbL8-VFO3ZTtaqB7? zmcJ1!l~5&kkEF)qg~X`J0x>4u-{17_K5}g0Ggyl|i&HtcGUg?7<}1?WW;QX@N74vk zs6S`bm~xfmf@Ke+r%#!aA|j`nxv;BDeXc!6(4g(aC17Y3zG_vTa9bB;_FsWuG9OjU z7-GOCBR~rEg&n>VMNAX2Eb5+N>PNm6gn=<^p}t_fyTD@* zNMTxZ5GL*rZU*Qe_D!Ao%DyKFRSc5VxkurllHyO+d`Q z5s6H-z$^-CSF{O%P@ECgCoy2;;q;hKfZO2AN{3j{>xOW?wRwqL8*(|A{{VUD<(?}j zImzi4A-dzTWrYr7eRrraS zR7&v>4NnYAd5Dv7Bg;Q)_x(p&lZn1PrsfmX6Eg!)CuB68eGSy&wH!pYIWr9RQ0@#7 zQByJBaK_?&OjWqcn&tMnpeutAZAI3$zUGgx$~~o`g`J1Y2P^fKlJMuwY48$Q zDpoZExl@VeGh|Yw{xx#`d|oSV^#Ux{7rgV}k9JF({_?f{khZw{#ief;g~Sb{{R?>ISz&=1Nq?;6%wdbY7w7yRfBZ`JpNKbIP0ld`>r%W;{{RuhSc?~*r&+Yjp165IwhZgJ zQjX$Z(LT`!>3GiNW;8!cnTN;s{XUUz)>at2O)%USIF2R~Zp7v#l8TNPn_@$PTXh2$ zWw$U(C&)J(A`gn8{nMN-rPVM%3b2jZ!qy>n0*CE>@G(rv3LM75L9;wcvIKgH{{Rz~ zJk&?Tpk@^F4fiU{#DUx~`@*A)!zMK}?s5gfh8q=8FVR_b#l8p>9Nf)WHXXqgVua}T`P zIh8*<@cxipK^~CIp$0Fkt>Y52DxE-w)K5r|*$g2wSUcc5SLA` zHKV_@=lp?vL3mm|mmH_?6$DCN21<1MIT>hSZ6U&gMkr;|TYe3nVxi8X@1J7)e}HA{ zDqbQq#p-C!((=mrmBYs2Swwdu=4EM2{{TQ*z@C!VH;m4DxDQAR3@Y3wn}yuJm>A3i z4Pl3rC)M*2+@(y|vH1Rf!T0|F#0z{zd=nkRY$2>qx6-;H9HYbNHDl*3ST)=f33Mm< zm~DM){6m66oT8zW9YZlIiOfthM4|SJT*T+8+HZL0+*6niBO&uzEJrYz`&&KT1ch61iTq?6dWd~+% z<3!%(sl|HY5J5VZY-*~Zw0`g}dg?URVAKmdz_(Qqxbn^Y0IBFo#-d_rP{(rlR1BC< zV+YZ*f`}5t*11J;Km(h;Z_dU!uL?Es*(`cvM2 zQ^WdF=fp7<=W?#1c!~seAbYdLbBpa57M!X+^3W6%t`%{85H8CV^9==B$1?9GfLr&K zfD3Q7)OFNfyL99h(9K!9VaWE#2L`>|#2m^u40a=$zOGg!kwrZNzi1vAfj98i)Tg~i zOp28zFM_c=RPq4nq)@g7<>; z_{1e7ftSQh+jV?Y0M>&9A@~B*X^0kRfJ9vyv1Fj&W0-{G1X7)dD*#gnJsh8z_r-pf z@%|0ov$=HCXo_%LtC@c>IBsemyg_!ve5j5Q2ESr|Fk_Bpe)lf$_^A6wLE@FO_=t@C<-30Js<=|1)V83tym$M35T1VUuW)%l zA($TJdx?35u6k8}Kj8bn;us;gA3$e_PT`-R+ZHrFi7+yTfaP8YIhBdkJP3LPmnQ8g zOEqiKQUh>($6>;ys^RLR?3Z@(-DHJvP)LluF2FskgX(b_~M3+8ERx#0R|5m)d2*VYo9e%q{Bzw=9KLvjW`nG{Vhy3!|Eg z5e~_Ad}vwFLSoXj&$hHrC&d=Wp$z~S0|%#5SRO=lphXcJpx$pW5s0GQ?~W!i=oVqqr&JBa<)^{UuyJXS5MDm^Aeg{$OO45eQ?LH9sTp{*l#2 zyvno0W4JIt#qYo%D+aT#1OazlfOn1umNGD+hmstZFWz(i0AQ#LEwSg)D#~B`6Iq!g%v5ojZ@0qs-1}k^2!rMMP5O z-TWQKr+91wn=mSibC=L_4R3E8Z6MmRA; z!3Ozlpq$GdW3~R3{sEV)X2})g`gs^(5F=!`@E%w}To+P$uzL}b1CYK}U(D@{)dSNm zm3#9rA3EV>tHfQ{tQ@k$$WQ}Z3o@pf!&idEo1>+06!gBTFKB&G3-bX<>ekI+N3>Oo-b0op*)S(& zX!dYE{WE#)iZX;@A(!l9*A3hhQEhy2oQB}{VG9G16K9{IVK`j4v2RhV#xCNp+-L26 z{{W|S%$SZKCg#|_&}MNy$S&csQxy`C&lLtINZ7a;htUr)*ClRe$LiW>JhJd3Gz(mA zc}q=+u5x~7375RsK|oLk?Ko0BD2VoR3`kY6c_xuv0k$|Q0tehM$-S=t?eId1+PP01JQAP)bp@G~!L)s) zsT(0o-QtqlPw4=TE&ISUE8W{i+6w`*X>pC~vyuxjT$6YL17)rAxR?pq*yHeilAYEbf^_AQqO<4^G7CexlroPy4%6NeFqNN;0rP+7_vlIS*?zB#9shw1= z4M3__1JqaxTb-uGbM}FPqcm3qKb}0WC@t`4IwChSgNdpiGS#rC)j6)J6Tas z%9Ovc6FUOaM{n^gLzle&00)Um(9BMNJplgexoj19eC^R{ukiHB!y`aiH^JMS4>EvD zO*U^y9pgnD8ev})tL17@e3@@WM-KpjTQotVcU*0U2_RUg22MlP;)d(vXq`1z;%nwB ze*XXw{sER!FK-cII-9YH!|-IY<2iYIw>y^(Q#L&+J4}O!n_t8iWnKs$4F?ufDy-SL zYfZt+s#{R6IK0X`^D(d1ksT(aN^EM(^4xv_b z6f^ErTqN38!(>76fUDrM=Ajt{s>JZaxcCrMQR+ppbsR2OF)Hl+@9=%^@eIMJe(=tI zgK^@Z_?AVKO~L~Mb$2g(7V#a_>J4EDpr8zvtGi$XKcJx^;=q~5JCsPxHsV!N%}mO^ z2~3ppF$N2|%nTYpr07tzusO&^T#W#$wz@HcpFGRP0Ik)ci?q^xjtQyRGA4{EFqfI3 zmsdA6%(yA`{{H}{7DZ2)VAT=$OAK3l&NGfF`Q%DFn!|_kAtOl!k~klIY`GFwKZe=O`Jy%y76~VJ8W8@>YR;M7$_x=5HhUR zH__n&fZ-PY7w;=+Y1sGL0!v5JPcx3A7NTcEC~6O~4{&h0E-Q+L@e-ff2$?C0yi6Vt zK=p@+>}|TJ1s)2VnYaQq4+6P+e8EtaiKk5Ej6npY=9o}u0n#{=p`PFfP1uzJ{6RwBM9&c1!lCp8An`RW z*uMV&;r%9))s`XokGfC=t@W?EN=wD4;r{?lkzsH{LSzpkm`=DEy>A`y#zD%o;J%0w} zvzJBacpy3tnW&b%>O0W#G7e{^&qLplIJ6_?% zanUXSs_ga@HuOhKvnT>(!&t4k*KjB&NUattQn79;Jj&GWdIfHeR~;IT+DxHX7fY)+ zH5>*3eGUgV&qClGjl3W9R> zK-w)|i-AxEGpL}*_?8%>xoe#8kYXj#iH%{O97}ppY7xf6ajGcuP;v&spu%45_5msd zYj1tovT6`6A6EuIKM4Tu;0BRvoTt1YWh<H=5_({G02a}wDyT$? z;g}KG$mJ3%lF%g?0Ovp$zqH?0SaID-rxhG`YuK&LCrl3UG(a<5{X53no?m!)N2{9D zck%uI08rF@7sR^ULN_issMz_A?j;hbl)S#snnv~eORWxGQp^Wcu~sicxGRB^PIlJ zxIu=B_Iv!nCpIe>iRKl`Vgtl?Q;Ue%qH;$bNq9~m;yDuNy+KGLcRxWhmQ&RqAt3+8U<}6gh@i1}t~~03roVYOfpixmidO*s0IFQIMqS+tTI2 zk`9vK0Zg|B5_hb6b5r4ihgUW3OoE_}n}zo;GoIjPApjB78pLWX%(Y)fGcSl27gD0a zYd?qdnvo?lQ9Q?N0P8S#u!Ia5SH47kB6>yO;_mPFeWQ;g1jSY}De)Awvh|Lmk%`c{ z?7zbb0B>WDnx7~RL%j9V6~V`mwcOWlm!wf9v_{(gNnsQ?+j|NMZ@wd4&PXEzOTxXN1G2Fnn66BBL-tee zEY;q0{_$vobkB)DQfXa@^*OiiJGGPc~MS*dmdv-^^% zL*Rf-VW060@ZF0J-UG{sbga6Kyu4oCXomnkAdOQ9`&Z}u8T$VK#4vX`PbhNEzVMky zqQ#Y8hyyP5G|wel;S@g<=oD)C$-4p9BVhBv8mh!sKt%2mnG{2_Eie>zLg;2^=gms7 zv8HcO8!bv36q~C8w(x~OH*Q&98<+B37TjM&Bg%QUP-7JM=&>G`+E%v6j-}AIV!RY? zT93=s8|im#nzpHjPSG+%ECDKb(8J1Bn1s=G%y7K40Bp^c3_Dl4Pm6*4BH>uWd7fBJ z*x|WM$e4WtKV$d(M;O#%%y14bm+#IZYpsD2W`WqLv^ zZxEk@Gm2MFCAgG2{fDIPSYt6dVr-;T+bAL*6CyclQBMf?0KCJ+%?f!ij+Knl)63EZ zu$2Yt?06x-FcOTrI*E6)(kf`Uol_Lz{KSraBD<>~D}d#ChrvAq)Bvm}QrH0IWlvWs zq)33++4Be5qrpMcVq_dt1P!{tY&$UmvjmSEv)+4aE&hQ^Xo2 zH5tFd`d!4Bp(kqf9FaMf5)2Q(;pPq8$N{sn*9VwDQDE7-&V85SqT2&>wDIz<+Bve} z&D8=Pw*=|~0;#QWp=L@5-h3bK3C=BajfQH@VR~sQ#`$vrk-~B-Yv3g~R!djl2PwW7 zYzoL2D4o&WrIcK?ouk=lmag{6lal+*0!{{+CgU8I7?HxoV-hrO*k84x%YBaV;q@OTsT@f)#<1YQhDXx`t89NvT`_ zoGR9^7^FazL3q;7&1r+rRCF{H7K9hBVIFnSs>y1r&IQH2%)YIc+cRV=7H9`JL=4M0 zl+kB%fYWT+V1|{f0NB$U*!0iSmiiUGl9Y>hhHv@-ue81@VYzcJ&@J>C5LYiZ4wE3#|K_q6EZUPmjmSPQnZE3S~T^{p$C>D z23X6eRKrKjVld%s#kZFAxrneDj01%R;hw^3B|TG!4M5_cj10YJaJvU`gA{G?1_|>!7c6 zcTIqyMuf>niryp8^oi(!d2Pm7R}KX>*wVD=jJk;+s_+8zj_X$uvjk~2>`|}0U@4+4 zzH!U4u3fO^90fad^R?}o#kiDK5HF}|K1966(Ct6Hf54H64g5oib258;0&U@-fq|ln z@e~#+GnAc-YMeWPZFNp_D8`&eLnS_NiFChcR>4cf64WVXDDJwBh9|jz7pzW@@lj+h zs#*$alpi%wab;)icX1XsoYUeP6C8~DsTLU|yt$=i(9?kZlQdmS>(OiNFm#}2*aB5p zo+tr`AcdklPqBV~!S^r3Dse8gF;HW$_>Q8gW35I8lRm5YCh7*F>C+VKx34fB&EN}* zLaL{8YXNTrqBEG$K3QpO%0 z-jGBdp#ZMqk%gc;6u}$t88~+hr3MD!C0ks%hk>l53kyMZ*y5CeV{Fp&%7Mu^tzd2z zbOB@#i;&hUA;m+ZJ7W(Ds-OgDyNw4ah_e|1%z{$xsEG(cTqu?ero&k7k#PdY77O5K zw05%-zoFcejQv4h(G&JRf7Eff?mCu=FEh<9mxqGmSdzf`na?P)*hLC$pfV;tx9AQ;@ z6C6+qvV{X+q5`}C5mhU=p#iATYl70mHo8jE5KNavTX}P+cDa$~lj05U5}HLK)y?lb z`)&+%MgH=L5`z8@Sy-Uc5U*=k1@AZ3#FDHQ1znNBMl+Q%gdvN2P;Z*wu`q+?P~D`l zL0TKFvk`0o2EbhoS*uRt06H3~mK6ngD7CnNuOV4b0b{qT7jCaj1CGxjH_hguo-`5x zKrkKXhq2-HzXbkWGjC29*gSO#N16tTB!P|i9F?3agrqLIrmq5i%)B9LOCo`%nr~?9yCW5CP{Qb#QdtRuXYiynv?eHSYz0mhg<)WnLSKCq3PxFaRq`t9Nv8A^ae` zj0Q5(tG42kjABIKnGuN@HpcT;Q$d5EaF-_Ya4Tf}obQT3IN68M1YfR!_h z0#;c9`f~*|z+ec(J7=JPtI2FTHqDaSl(~zT9TLdVHGT(TJ07E8wBAj<=WqB*Adi{` zm-FGt0`}-{9Ip=>Au8Y$DnWA^#phP(IAfyb{>|<3LYjU->GJ}Ih6@r}v5}EVwc5)| zv}y&&Ic3y9rG4f5O#=a<2(&QYJ;69!rTCOi$f<(Z){Oz$#F)36dU#)e;#oA*O>(^- zcZg&_%Uze-GV^fu*wjZ+mU4fO2H|EMPC>6)Wj7BLP-FFn-9AdjEDxxD)uMreexNwrG8H(*?*TbeZpryuZR5x()!Bb;nOGR3% z9ubY`Dn&GKr=u&cFsx}rXTLz3?e~~jb-%T|5rq+8BqbipL2q<{Qn406<&st24g?7U zgBwkjnax|zgaxUybY0!WP>Q$&0=|Q+RSy^;#9M9AbD&TIw{*8KE)JB83NWiSRpzMO zDee0#yB)LDLm6bvZq?1Z!S0cV{zHx6zzurAY+8Av=E~s4B3cE|?*0!W1~HZ;5LvcU zLaSx}00~&dHT{o>?LWbceQqR7%o5X38L_XWjW~8eEN=eb0hT=m_@6vpi5I_PU@aVp z6LuPnRb`dM^RF-HCwxbfFS^$e0zdw+k_GCq>QnEn2YqPMAjAc+{civ4DH6U^cj zIw?fC72UXnqg8%b?JaYds0=eysk;WH3YuGi<16T{qNAy2S%d8o**1XCPh@Aify*m) z@xV=-95KDQ zMG8iacN5^^p@qZul|junIwZBY7K)bJ-hS(pyC~IqGgg@Enc$UEyN*QyT)Dg>oN-LN z>RWP~m6$Cs)Tv6;3T1mjt|s9Nj-aDXSz%_bAZ3YPpYZ;YxVc^~SDC1o%y$?dAq;#7 zL|Ar--fxpB!b1niY5=GdIOV&^vLZ?vu!3o^mnRI+6-5*%q6*;OSkV6fRYt1GDRo=2 z^%u%mlp5J?lx!_;Q6UOyO)Tlo0S9y&oL)to4pBr=(da>NcR$53a5q>#PPvy$!ZS*vyc-0P)t^zau(F4spdP4h{;GK zqm9ZOZJHJtkEI|=c$EaEvGfj5#^r7@P7LcS9TOwWY{h0dH}rc-{(r&uugBAK1Xfqk zV&V(Aj9`mHJg%dl8_lb;=y_d<3$=o*j%vEMU)_dA*6=MYj9FZ^D+~t8jol_06mFgi zfdZ`5i;h-6Py8 zG{<_3%in`u@#p2?@Xg{*bY8-nSvZkg?3$xHlYQP<01l2}}Cw^heDa?L2-__Ke=9Q8qlA z_$bUO^%^FCH8k-Xt|5V$#JR)MaygDs?YI$V?*VRL`Y|wh#43=poys9V+Fy;?I5Rd& zuQHAEE%t`|!E`0$mK{NbFq(dzNqU>Kvhys1?|vWBJwf-4;O1_BF>S=li>UNKCSKSXzi}7zfl0v33fZTp>gj9tvzxvpz|&)h9FiwmItl#8*#2DhF{zM0}++C&JMZdAkm#3c)J0L4>Gv^jPyZX4aNUV}l(dVfPV=$R}m5Muk1*3Q~n0oi&bE zuH{=(L=98H!N%(lbx411m081c9;JlrjiK?E7NYvcR=p{(j|V8*(M z?G;Kfu&BNuJtLM5Bc!me4d3}p^!*9uL_rJjN+->f}lg}W3$wNbI`+jCb zd7l_MJi-sb$M1r`s0M_b1mCPa+dU}n_N6V(7c0rc0G=U3gAi}T_lj&_{V%38@wO2w z7-VpKcqNk|P|ch^KatR!7%&7i)Vg==HKg>Ed4Qo}^DDxFCV7q;-hN`#AWp&v{o$?N z=7TxL=k`Y2{|7_D4g#Lb3fUHONKztR07q6>X_ zg^fT++YHL~mw-85raEOeNKt*XzATBD4pE_v`fcV55(TrWQR`-0Wtn|gfo4r1=TYwk zMXM9Gg~@xXnfWjWLo+CVy32+Ksb(QpLgcWaS=$Z8n#xrk3pbTpgE0pa*aW4M3aznP zXvr?%DG~_1mTc`=t18R-AVtuDb-FFvrO7G?EMqNETgGEJcUxuonVW9_?BF|P{DRO{ zc4$?%s}}4hR4FzZD`2*{P)RFv4W|0R%sF=mY9w4xPG5(x9m7Si&L;J%0T3<9F69kE zN{B5g>1$bW7~bD!5p-O;JC^pyZHC)09t=Y~yejv9Gg~dyJ-@=>4nnt|b{gUdgqUYI z8NzQ}N-*nb4RU9A`%L7{2D#--DT6pu-Fhb)GOHdb@o~=dD*}NZoOtYnpMRMWr&Zd8VyTRt#Y$d4yVTtvIaE>s$xpW zO7Zk}iLN52)KUC@&-gz70QinEHrL`&1J32*U3&F5G>34_N45tGTk2WtOD_##_se{L}h zT^37Io8J5QmYyaZ&yIaoUH})I9zd~=5O^b;<>)H=5M&A#7PPwpvzXR^5Pzm|E0e@GcS}7aaV)jvdxD<@YEWT4;+~-pmENGI zP{~?mkyoro)A*A8v(dHUV-6fo!j^A#g$3okt zMe-b;dYIwFsFfA#6N6+9F(SBfl^rQPqlk$pYuT~(e$n0so@Ig!Hk&#s?oET zeo-3Mb%BMqwL)tMD?>xNX31pE=}O_gJveAwsLLKJ7^^c%s?6-ZVHiqMhnb#oG!5a2 z9@tevnB8!QYXP~_w$!zdt*Y?lK%jjMsDzZt;)br1_~^&EWBvO*LP7J zjd$6wr06j%?J$D~({0j<$F_EYFd^XtVM2wuble%F+$7^yyEf+zLgQ35x%gXyfXcy* zzkuBr_lTjV7vO^e6qLTqvuVyZ>asa_42G_+i)XS+AnxmY1P#Y*f3|!=0Rj~A7t6q) zhq54p0zath`~={{W&`?51+iIgA}SQFfpfHFf8=?FDS3RFxHlPjf#o zn4|?t{f}4HV8VqM9_{B^D{+%jro3@ftXD_04?^D$jMc^k)#wB)4p(yn;8@Jra_t>J zqbf6FjML00V%`JZX1HU9E!HFJ z^nhf!gPcSUCvkYhx!uAouXF@7DQbEU63a!ylyAD#K+Dqtw$w6>64Wk;>`H0`tJWn) zGhECK!Gw8LiS1B9^Do*VWZzMGJhOSAAUkU(0~)w00SFScd?UhGkP5(fcCp8gPaRA* zhB_c0NISxmUL|W4_9c#(@b`y6IHkf$kK4EzA3ir1vThJ-{X2P>@$?U8;M(OT1kQjz z_=XM%i^K{`))`^A z+X@ols2G)SDkAYbr8|Y!aB!NqVIbK8rC^3pm{T)OVTR^wef}TPam_*bm4+2}9-sxQ zDwqkYqb&22zjQ5gZECx>mhc>6JtC(8tL!=TW74=XJqr}`VGttwU<~>blY))0n%}{) z$}-r2vYgAS=!FkEkQ8+467JRt656m8XPn9zhSvqb<;agYCPG%#fUq{43RWv5w7l%5 zDpiQ>_?mrX!N!wR5TGx0zYG`@dKvAbLhjpNP4N9L3@)%vpqA5A*&Hz5XZWZ_Ef}C-(lF#TeDc{{Us)lZGe*V5)m> z=ec0dJH3-LaXb?CYL5|w*)8rb#nbN;9t-ejg|C2P?7{3aQ;_9Hi>RO@beovvVU}P@ z+qISU{?QmKVBL20FHjEz&C=JIHp@djn8}Z6rBq5o60d1U>Ubq(${$!y*!}+iPU>ae z8JoBdh#8um8Hd(8`WM@Cg1|8k8jNtiPJMAGZ1GtNU z0QHB&LEHe-5|=Ona;O&%<(01NP=-?G)$+JJLWNpzBL4u?bzlSXSCVqQsvco0so&e$ z$uT;&yc3i?$C40L7E?%@Al&i{CIK8%E}xYqHUYQF;EY>KjrrkzVDc!p9sd9{@2=qr z;i3NTZ!ixr12V*#{s@KUA=1qmf}wvfK-rNE)pG){qsdGB!7Z@@bi^RMWP$_DrX>KS zZQ>qXn=hElouI|dN`sh7h+IJK1k*&&g`7@h;x4f;pOg51Nk*avyhrs^o4^)9P((4td@!B^WxxzW6?3P2B8-X(_ znp@uU2Ow`^t~M%xP6s@o6q7LAqhZwt#{|sMQ$Z11!*@|!z!X+0C|g9R9#0+;(rCf7 zHZhkgk1!2N1uK=wS()V}k+dK|-lwQC^#|mR+H&$7vz2B6mC8Glayj8~p$rnGwaH!F zC$v`2+YC4$Xq1Bj04#h$D++)#LZGUZDehhw{ik2x3=*@{a73fhRJxi*U_*z}VRP(} z9HgcnI5456A2F70^&e3cf&x4Slyea@1-hwFVq+nq20oV-KSe4jxc%bPcNk)e7sdSl z0E6#;iB)@R37 z!{p{Id7QiIV6u^-FUbcw&R$pj%gW5Puh3`l5ua8Z#1LM!JocdmxC<|*L`Y<6C77B* zP#B3-P=vcsikV8Osrw(l>CKZgM#V&4V@X4Bs_HevnNgRRc7>aQ$PHr~mMgn=I}?=1 z&Wt-+}2FJNYST5P03bHv|%Y7zYVsW@#+;VXV5Dlz6K3=r>=!5WADPw9OCL1K^ zy7h-l4v3QZ{6~dD*wz?vw?nhuV9@!?=ugLpW%uVuu?h+6S0 z*&GHL^q3mkBpX9cNRJ+kBbl*ZfluNgU}~0E!T$hNE-L4Jvi8nuvnXB^vlO>_j0iMA z&5#VL23R)tIJO>=n)*7Q)j-Vr{{X}KP7&0&!UYnUFBsd~FMYvuP$9?9uZ-c;74&U2Y;xUyFwZnqsszB;UB8IlVuCQ!gs`Cy*Mwyu6=4&=tQO-QWxy8I z`ZgTH1#{*%0RV%gc@xX833$pCO;2xxgm9_4vqfGX0AN}#2tXTK7{+ZBTB ztB|EAw=aoc`k_c3ES6Pvtz$KRp>-APVxfcsm{=;Y%l+aA#u;^;{6i5V2?mCtQxM8{ zflNZ4AvoS;&&>YQukc<2=%tk1LHo*&Jwbk9+!Q`0WIqG*8o|)_%NGjQIfMq5Za-Fr z#!j6p!f za{3U;ZTSeO1D@Yl*C&ZVXHuGqt4T<@LjzDTuciU05aX|+$A2H+^zNo>xRaRE#$!ga zFG5p_K7+(?xPj@4VAzm_;lUWbJam5ZpoW9lMl7@tC8s6-*#-kigkZKHhJb zab&S{Es^}Los#*;XTY5Yq|ITaR>5#WX4A|Ap&G|0I!A90Uz z&=}-eTHrlk5ZfvgMak2NUu822(RVv7k=FAI_kzzi2DIjELS8S-8G;>7J?E@&Yw6$b z@cxq;VXiBy&2QWIi1*9N%^bZML8J|ZBTjX*otu&b z#!RN%hr3wuWU~1%p)8ooRf9Ryq_&tB`C^{MX@WH}hOijz@#|afwMaHlPhxYT2(#<18C! zYSt04Wvb)GYzo$_X0>FU3S)@P0j1ZC^|il-6;lK>>>%LKFAp%IAhAo?YP8$8co))> z>cLd;Ld6)lbGDr}JN~kEs<~!jaXG&@e2=8YgQ}W>1}YLOaKPde^py=xW7NNPe`(kF zD;IIg65gfCv$zz&jmkin3>9R+ddyAWyk{|pKXuCrjIK#-TsKeI##kua#~e!Z_mvPh zVEKy{E+X(ni*c_JvvT7M$%=JF{Z4|2DJvdK&8?dH1&o|T%oC# zP@z5_OTK4OX8zyb^#y335sPz|iA#%O2ds0buW)?Du4Wj4;F^@CSd1}j5k)T!;ekPQ za}3GZsE;bstAj&Ta`ZUI(NRc@v_-*2Sigd0VPagW(?kL4o?CnE<_zEhm53REFyw~k ziz}#}B6AJFTPofIYTzaeR7@FcxafPcD_EIX$3hBDqB!b2zE>P$5VMbHvyv*BW+mVm z9^=C-xl$_KcuF7y-3BOd{{V3eLy9a&wG6C)sg>~+!d84r5XN%l(`7d`18)mvJ(gg- zqELXj=AlA?j3$1y&BI61O0capGpTpa#P&<3qvBDFLWx$zMqilGAm*Xcz`fyvT2IUT zKcsaI>L3m6X;tnP>S7&soT+||HGXO^lyVleE(3Ho*<`XD@G}J!kpS78W?smsaZuRb zHQAfe4vUI~N&~{`xH9D2*z~nba57#u0$^LtKtSC(GCvadx&^ddZ5cI~D<2Ve;Mf2f zQisHD+379f=@Q(xZ-|#9 zThSUwk*tmKhbifzZs{r;_P``kELJ!`qf)La6IBlQkI}=_ShM<$zrbYr08Gy3eM0Ij zkly`M1u--fHvpAba}Kfl)?Qt10_N|ytHc~ZYE~g3+e+8F z<(8LW8VjySqiKbF%Xsu5peQ(o8A_feM^kO?5R>s05H?8!^uLh%OJYP)4;9PFmRpHT zvut_%=ZQjERceFQy=>u@d~6Z8F3-8lYv!4;IJWhyNl%zqA z%5#M;f!w7ZglQc9%%p)di_$_w8|jr$l;02+TtlKQDG7)38g^(kOP9JqfZE~)&W>e( z92VNbB(^Y8)+U(vZP^1^Eth5{w}`zNV&fZt^Do{E-=wGo%!4ewL-RG2hcB<;{UXeO zQAgoYBez3?(Sn$bR0B!b#hBYQcYq`%__tNe!9(MJSe?OxXvcZJopZ#f!P5!dfK?+gbVsKi2uyC>uW#*9t`_ba6QKnz37 z0)5p0mJB0A5>m-m5-uJmHN;tXix=FV&~^R}2xyfkp75B9in1s#>1Ism1JtkZOX{cq z0ty5W0>)5E6Q&}E`%ET)3zZm@)Y4r=xV0A%3}1-1{LCZ5Hj7bW#ms*)=W`YPEdKxp z-oFs~6PfpwcXXb9oI+GfB7Fg0NM0a0qAQKWoJ92jwgPcb8>ljdU5TwhnyQ?`P@G3M z7K}tpCf?uQ^y3pQBNKAks*6~QbI~q1H8NlCE;mx#wTg5BzTn&Vf$J8QUjfT2hxK2FM0E(#+s^It=?BY#07A?#QwenD<8x+U*U-Jx z4BugId31ef=coX>hzdVr*bb!(P*Lc|Uu+zAI9_FCgipgB&*ak^9Zu!wjt^&!rKD|# zsO|p%2s9Ub6ZU*XxoG(#vm_cNk#TboZ)ygjc2nq^ATP_!(>jdz>jjP zNK&QuPUV_br(mCni*rYz{o)dz4RZp(E*80|YFK%cxy56`zKwGR{M@l>Ez9N^Vp}q+ z#0|4hK!!6Fz})=5!}?F$jOP4Z;acSj_M9&a#{kgN$8HEE@0>4NRJDfwE-I}=q0+>< zxCQsr3l6kfuXcZO07VprADHNMoD?MUE)v*%FLkKTYRo012GvXxY<^h z-cgh!iaigE?1P=vc!_t zq#C2*8}=#+V=#~e)reKe9DGET?h%cVH_0lZ#e-|2Ezj*bKfql?Xp31V5h)pW#YD0q z9yp1IA4w_2#ZwFBH5VtG>*ay6>=MF-$-!*}YFtEB4o-6#2P|v|VoXD#Rm2)Ti*bC# z#9yAJ;x1y#jb3#Y@fN&A8;I-aEB@wx!S}z!$qm98xzsbMn#33|&RNEJjCTY@%;I%e zm?P_z>)sj7r%W}@X4sfB47!!^Drygyvh^3{FA}qhpRxP?o%Z@$Wz<`kWS4u6If#m50LG_C4>F?q2{aF14K;{K4r!G&!UD>745^SsAV(b*XQA z3xxA1QSaVZ>4bjiv98Dp`9q(f!~nyO5K)di+bSc%UQ>urn2n zZfI5!iR~{VX2ItXU|CA`5_vFZpDaWaA-)V(@*j9nA=m&zjHq>&%(X9?(B8gPsfY0b z!ibRI134S2s9GTo92s4T%NQj)lA7tl3xF-;#zVvelWiC*9qKil$h(`s`U~PWtUSIS zW6bms_1k%CGLOuKSl^@tfO<-jm+1uJ9VJ(P7ZS>qhB;b}{{R;g;xD{)<}ERPA$5Gq zXA^=bpKtIO)ZP6z12GYfvowOpX+gZjbZ1{XdF-&93en^t8fuEg)zJ(=R!dOq9Of2K zaL^i{f?|TbW+Ml3_rzgu+FD#(#unnsm+=_VD;{PEgXsht#r^*Pz$o^JH}5qJZXfCy zob@{Txw!TAhZ4E#>6EN@9FQ=Kd`ua%t6P>Fss$3OBEu}He9Vz_TbEq*04>o}e+HDXXp5|QRI^W12lt(8quWTlIur><@(c!5~E^ch7c)OL4Fj7%EW%JZExy)`_moD|h z>V8k*{U@}*n92;UI+4i2Uy2;XrLfWHDy)gvngx(xRu*#E#8gbBJ0-{{hrA^*g!LGh z23Q?Z-s!2HhzPVf)*wSR*>Me2R|u5!1~%iEbwMpqN()@r9`Vw_48#nG-3{a36gB~y zc7WkFW7ZWh`vXa=s^qIW<;$|yQ zeWsd=g!%(0+OG?$<{vL>j?0?$REE~>^x2B3fi-Oq*aj(unB2uy{jmb8VEyF`5n`p$ zh^2Z=Pta{Lip8mSEDu?FmoPwBAxT(QsnLotD%9ZMm#3dH0o{N$a0yYM;^vq+2WP;6Bw^G0HPfq#JvUe8lUy z%QILqfho`|M`CpxxdgzRp?ri%d~$$U=TIed6~P z{bkfznQkm$ZaV5L*&J{bwt6-D{{V)F>mPZjwagk|;to8_EE<-}mJB^*q)Ui+MGCfw zMaD^W@h&*@kKgIfw6B@XMu~>mej%lrmKxkydCXd44p_YP6cwtm2TBxvpGmWDW0+QA zQ(}5YIgaDJ7aXdih~`oguV$s~vE0A|vE_%8ikStPo;<|Q1<=Kj464gAfvkZ!1h=x) zcM=$)8;_)Y&`YULS(qi{i&0+qpj%bZ1{*y*a6|k3yP2gRH7-@BmoFD8;Zf@5e)`+b zUqosiQ1YI*c5mo7UZu#JD3soqlJ10~1oF8%SYQz>wP4usT(g+t99qW;Oy-w z*#ht8QF)7AV&gGY!?;V;X_e@612LOo=N+YfAqDCkMPx+;ze#7!qcJZ*Zb-OSZN?0V zP1}?dCU)~E3!)Hi6)vvh%A!+=O+v#^y+mtKyOyt^ddwhW;w`wJllXs2%^a>IXEUVk zU{=yV;a_+8jBHoRungq$X@v(=ARrpz2SE0f=z)6AObwX!semv7@ej@d?zJ6#B4fFS zDFSm{`GtzqOn(uvz0W9-{pF7n?)o~Ha|@W2xogzv3JihK&6(cT6fV`?w#QN7`3I7B7>!zQ+&++@_#pjyZ>|!B-B`5KmaJ5G#pBTPg4*x_C{836fv* zmETDl>GFfbqD~t5`v$DU5`a~mA%vNX${f_q#}S7D;Vq?8+)I_=ybNbTi*L-fs-w5e z4%Np~K9$@wE97T;H!Jzk`a^IihG}yZJtbb8$7H;>#0&I+IU>H$ZZ630mw$)!$x^NK zo(WrsJVy?*Jrf1<5d23CL_%l_1JYKSGl@&NRG7ZfoJ1g2$P4~qmW!x>s>Y@qM})0z zZ52h-Tt5-}&YSg$^kyhjW^Nt&{{W1`aO0_UF@9L-yhjX2i1?0XjOX;Ff|mt07v^9< zfz6q$@tO>D!Nj<+h0eZ()M2E0%(3#!Qz(wvi!t$G0W|}g_P@tMyf$`0&zR>L`i^15 z8kg77>1F0`m@MR%xIIq#dWL-5u#V;DQuRG!nR>m=V+=6kxq0o2j}S`Ked6=D*{~eH zXaouj0s4<5nZ{ywE1b+5CEW24_a){o8Ha$nnUkW7z);!k7L;PJk%F+K6ZdG z62=3VinS^i3P^|-pJ{eI`GH77Roo0lk!2smr*}80sKiHuiD41KO~)x*&70)^0HQFt zPfOli_t8%!utC8N{hwkn z(~7#dbS+_QUPLir2GbY$h+{Eym6eN%y=KynPf2C_YFT*vLA8P35gO(`CgDq~he%V* z2g&$s`$w^Pi@eKYxahjSF-JDV zjBzr)?mjgr4BNVkL{3Q648Wj)ME2BmX8c!tpo)%Y4Zx4veYYo z=_uWPDTqgkmlw~_U!jLd?8Y#kD7cr2kc*ZBvgP3QoXHver};%D9J@vlDK1#MW8p6hub{Mr;4_JT; zZ4<*z_+MyuFB&3Q1er}F9NOX&-3S3y2|O-3wT$7ohOR({;`vp_v}*V`fI3+)MHgf> zTwDlZ9}@ahA$-T1)W3-AsD0`R5VIBJ@9_Sljbb(H6A{gE5Z;)Y)M9#09w#xd+o^)i zDqGBTH_yDjkq26ZhVE-V#m4U}$~ni-`oz%_rN+cMjKw?7d0&6fU(sTWW!n|Sxbo%= zthui1BCu2mYKv0X;0b~%H$G8@k>m6`W;x<8?GYTK3@}hVDEW@27x&C0a^U{}Ihf~! z*(_IHw9FDGvUSw{+%s$)%~a%a4;xSpXu<){3#{{WVs@zef#f6q_&>Hh#70WufO=s)A9 z{B-{SmY?#|{#s)FwEqB>pYqfGT7Sz=_-X$D0YBg;{KWqNfSOQxAFidoE+Fm(;)_vZ z%y;4;=HgUUnM=eM%mv+x1(m&f>RVo#sKl{nG+d!nwDYa8RSpQYOJ+w=Rpwf|fh`*& z)Zje0B1B1e3&Z&jYKXfdDLh~0aooZqzz;8L%H^FfE+n(5<512Ck6BX(i1W+^H4Gtc zp!>{Ubh9#^kX>Tdsd>a)MWPLzO|U8` zKGNPG^#*@S!~X!vUStaqa-l(}x9R3t7UO8rS=hv)-Y$p(V2?JzT7%$BR2y7CUf9&y zww3^^ZY%Y(MpL+sF=cLub zl-P3pA9smPD&g(6e4BZMSj4^`#4yED@t8FY?iKS8D^(3{11PSURT>8|bu!+YnsGKf zuvPw{eC|+|A;E<@B4m~7!0|DQmm*OqzG98BJckE%o(ur$sxi;;gyIH})2Q?LPnwyA z?3$ByIDkX%0V#(!+AZ46cZR1h4_rzH$!ocgQ!?+)CGW^U=KM;mOcBPVF7p*)Rl#|K zY*7A^`0iZ(r-$^187l}=Pynjn2+dJ5kP@myX~HM|&`ePRmQf2WC|TU?WbCPR435M9 z0L047#E7Xj9a+P(>72@)aIBkxtl{6)+}t2Vs=5Q1gb=W*>7XX5PHAiZ02V4tZVz6yKz7aocvtIX`#|pl0Cb77{1h_$u3*vgM&&7sGx)T66m#MK0KhT;TDl_9 zsN4c<03}_}@95)16X7-h60Ybx{d9gPwu5Y^HB&xvr70-{u`rkP^$Skei!!!5VXyxH z3Do*+ajM31ACQEh_^EBX*ON?at@K|$md=2F~GjRR^|`OcJUC<`~LKRB3Tkn)GD@xn)pP!CRTx(cEF8g2(Ii?&bynP6Mk3`}wIBcsO2z6~ z3A@JYhTP5qS3#gx z0?Rg+YzqVdDTSJ=#IdzhS_FXW6hUsVR)Wwg#7nC5h#O!U>gg9#t&24PSTurOL-j;n zwBAd|MAophLR*;$*898X81YfzEuBGbED(Sw91f)fG+MJMO$%Do9yNO02sLm6ms7Sa zZ-w46m<5N|bV9I6U5-lJMyw6A(s4A>fu^-8xaT&DK((MYs1SfIjyMqkAdC%(e?iub za{8;KbhANf7N@3{N><=X@$~+?r~d#Pgekre-l>p;(S|OB(WBT_F=$a|)+02q5SGFN zM+mrK+<+!a(r9uyIU($!CoMn#ZDpaw&404xwkW+L?7Lnamw--={hQjz* z0h2Y1ez_w^U743$F&0KzyPIz3LvSId<`;P-fW&e_jjT(UxMbK*E@c4IXw`CY!dx4n@Pl0?H1vG^Ge*LgE9kG_t8*X!K2?XCYln&>bN| zvZM;s6~u9nB;^W^u;e+<>rWM6MA3*4X%VXWX(5BMmF2)4uDwyhfRTnVvKIhB%Ce2` zm4y^icb3aHaHBz0eMXABaQ!Jo?_w2trGf^`wqTV5;jJtHP%crz*&rK0s$D7HMt~@Y z*a0h;R*;Wp65!-%#(qM2#nCMGdTgYEi%l4o48$ImU9DB^_ZSm{cYu0r3*U?q(xaE> z3ud*d=f$Q|R4kV9he(P=1EY;Jh8!8rdVi>D~G1-ZE}|@nP?TXbzv_ct5)y;b`zVHiU6e` z88)z|*??OWGm`G|0+@_iT573YF&{BjLq8BZ0iy*`gXnf?F(Em~qJ?3ogry(0;-DyT zbXZjpQ5*@9!B=g(&+EEjp_XiGU=@*BwV$S&4ZC`+PrM*j2(YLqpleDObmL->n!q1o z+ZHr&O-~Sqqe*E(q{;9gxPgJ7?97Bs(V#fn1zOULe6xu#F0nwdyJ`C(0>q_uOCu-Y zRafpAWt+Ufa`bp^R9dnoR>~K>h*j#A2pcllf<8!1f*?RztJ=S=rQrpNLXR^BYB~6g zGqNSrb1&@#xUHH@<%nz666yo=@wPuO{qY+SmB6*o+$Kh_S5Ptx1&~1tDwF~Eg^%cb zB;oJ~E&l+xrMYH~R%1!557Bq!&s7tmSBMoTAX^(aW=3u^iQm%fxrA)p!FYl3I${my zFx+5s5}d-#$610K+%DFkshG0avI@OLPHqiqtdzzPpLn!EhlzIHpb`a6q2+L!4iYIC zRJsIw8a&i)L8}1m>z)%*5KQ@GwB zabTSkXcV;21p*X>c?RVG?Q)ibd4aBJB2#dcTLD;Ea)ZR>oyy0N=jdRZKBAFFfhi6s z8Wj&h>!B%afpAK?x?1i}yl&Nv05G!CEO>O3$OM4l3gAP;(jl)h_zi8@a!QE@-U1^V z019tFe!K5~Q5F$e9fFazJxvAG#MRIds<9W_hO&%@rC}*n7db`G)>628en%uYFJ*-^HT;P0-}@&MoUMT>18z`d! zw)PDNB9pfU08wH_-2`fsWNyYfA^-wv5qE(~{bRxREsax16}u2YCW>(7pQSb5IDBy} zfw`b^@GK><1sc~%c%&QyO@oE8mYaO@I_Q|gYP`QyAb)EG6ftT7kRa61u99F3*+?8R zQLvieneG?UP{jj+g;1qGL#Q9wBbngAq7aBJT?6A876Q#p+O?KUY>r~AKmjX@*1~5Q& z*eJB8D-h!fPF)^PMB;^6mHr^*)-u{Cr!-gsu9ow~zVh^4@e>s@$>9X=O+v~*{d%21 z>UfwDSO`SoG{g<#GL9wF87e)byS%|y)ly)5#nn}qL1PXCCjp};pC~-4;!~pLwIe|9Dzw%R-9*EBV0WFB^ zj1s_EcCGmukK2`PdWIi(Y%B`J=Id-5P?>2_s>CYT^Lj%tFIE=Q=mGN(7vq%C0O3Ku zv{Nn`gOWKRXP6~s9n6F?<~{ux=5_x7rT+l&*>(L(m!k!DnKWejST6tv{{YQ8fR(*K zRG|GBiz$9cBXamaw)@9@Jv12m#51}dHF)iD((j&=b>PwI7lxM-v=wbaq@g@Nk($x< zvdq=;(0>xHloyoSO{)hC5aUvs!!k0FbE&>%`^<`|StU$XW4vS_`lD%S=?6QwC`lflzE1}OQbYeUzy5F$@>0H5>X4wta1?q=6aVRxb+^p(f zh>i&BGh{H8UXUJViIFU+{jV?nQ%Dx39A;#4^o3C_S~AAXRl`R_zSt5{ZZJ?^0zLF)F6ljYGrylID+aJ^F0hQ%T}Nr#f-xy z;e@r^9H$Yx;x>qkB8lc~sYY+;Z*Z-}iC-}l;yB_}!>JQ7YAf8}j2FZXBV;qg%LKmm z#F>rpEOQLLT71i)0s7({=J27wrw~w^{F6Wg)TJQ3M6d(1C>3t5U@Q(L#}1%|E%7S{ z(3JwcBZy+jS(txT-=(cWBd+nt7J?U_{{S`54!&uP2Ewv){{ZH3oDurk79bl|kN*H~ z+kq%zQ@FgvuGU+{N}}Ad?7$4YZqhM8C}euPz@eJKP^et4DBM97;mkIt10Ev)o+HRg z?hbo`6>YGfjxtYJg}78HH84-86{)#ivX85{WuDM0iJd}Z%ShCgGU{0~5#ki}fM$~@ zcN6AgnT}&_V@<~l1+HSgA)9!ESgbezycfh;x+rYylx}Mf?$A`e+9wlltnM04Ap6Xu zM-*lZ7}8|a)JrEwX`j~e{Uz$h+H1^)o>LnUGiUjuisYK6uC zZ<+=%!E~!uvdBk!DstNiMz|aare)Z?Ee7pj4IgZ4k-cB zRRBQ&oscbUXc#Xjz%)3(s*!-s(LqxQ6=4Evw>w?{MZ+Unw3gG!GTK1BQEtwsEh;%> zoxk# z7)T=(aiSS^%lmj9V~O60f-;3o7dc$ZK zl>!UmTlhlTGXmumsQ79s<<~g+W-4aR<({(noMgF@%AQOK%uDSW4hdM);u&U9Pf1FO z>ew$*z2(;s8I(71SDAKSRWp$1YB*xV>KUBBZIw>yl7hCn%wb0~bt*T8n3UTXh4qsX z;{h|lH^CD!vAL)=Lkxe>+w_lX851|b_Lt}Kw6TFT_rJTtBDr?WNbkJ*lvSSjVQc*6{11LPyYZ393i>TY_?cbSfoJ* z_%MF+dstc&3Im3i0a*MoM7eX@@dawJR)5GSI+_2Ch>=MzDDUL_Z8&+AnN~JkUwKYctRDKDjTUayj20FmU*d#Y6NRlKKuSO||w%n?z0@tf0 ztHVSXKeU045NvxO#p_mZK%kxZHom|t1we;CD8I!_ZbcZjuE06 z*(vTFpa^9>)GsMkK!J4zoW`wG&YP4U5yHrkmp7@VWs2ewpegh|kR=(5q4POh%B_6` za;jZ<^p>!uC-ju}Dxzb|x2QBS%LO$OKSU6_L)HwI5O_>Xg~QS0ngjw$l`)(R!vdBH zO5A8?stCIL*%M{3aW2j!X^H0NnU^skxaxmP%k+;4etX#hgnT5)<56j|b+wqlqje=3!Z zewDNcZUSI66V-l*4JqMq%22dWEykVry#g!AZNi#Lx~T!A0-YAl0Juy!&RPJrfLi7M z0Pt^okSLv;s~1+q+5=NyX?0a$XrL{ii<{&;f~^7so2#r#A$UM-R;?RUs;a8Nny{9L zEsCo+0$~h#dAwGoATJwZ<~N!!XeU&6y+Qu~Z4|Cj738X^L@wykty1m?kkT`E4!AU@ zAYcFjisJ1a?2D;+=P|UvkN*G&2q2CT=4A&EMuwuMDl5qr0S17JU|t71Sya`6J|LaE z?~Y*ez=>Vu8!Jq!l%x{R9PNzY3?>x31bHB|+A6jqS+{*+Jwuf&1X4$P(Wyx^;2RIu zQ^@E+Z>dZDM(*HWCTp%dAgF%xXK0Us2dPh(3zMcEjSP zw^4mgV%?WGh&i!C&qQ`|3u{CNm^qiLs5h0)XZH{cW(CT*KuhWpy&1Vr5nMs8C0h)7 zPhw#k@rYBz%W{HHV8N~+r=}T1@TjhF*fPga9ZP9!97U*FUNIZHk8H*IEw3_%)+I4j zK_yvS#jlfEIp_Q4E$RTaD(tbi^iN%GRG@r_;ZvncIPP>9nG6?1x?tUEQ(Q&rVVjqA znMtNMKegrm0Loru)3=as31?YZA|r2ijkqOkh#`LKC@HQmLpmKGpzbA)FGgi-6`?aC}OxCEtmb1YdXx z>Qg-t68V+x1Y(hW<_DRhFeQAWn)}XR-Rl^d`h=4+Hx}25A=tc zET_z%N5m&6HOv-(8^fkh%TRjmVQ*5B;mart+T|Y*b(rbyIe=5YqVI|QW@pd-&;J16 K-*lqjT literal 0 HcmV?d00001 diff --git a/docs/versioned_docs/version-2.19/_media/recovery-gcp-serial-console-link.png b/docs/versioned_docs/version-2.19/_media/recovery-gcp-serial-console-link.png new file mode 100644 index 0000000000000000000000000000000000000000..eb67f0e99985804d9f258a4bc74d42dfabf0d4a0 GIT binary patch literal 46134 zcmcG0Wl)?!&?dnN1Og-kf?Eh~!QCB#Ebi{^8XSVV2G>Oci^F0GPH+eg!DaEq7P(En z@4l<6y1PGjH&xWjyR$XZ(=*f4-On={{aIP&)ywxU5fBhw$;nEpAs`?rBOtuUM@NN! zVr>vY1%JG7QpaGK=_`3`Cx(qf5&i^)p0{W!2a>~??oCTHZcN1 zV&f$XeHncjZ5b`-s}8<-9Ggz>tcJF_*ss`3PI@k- z%JDa!I8mD`xwtk;f~?b+@EKoKD~_Rjdgr{;9`ZGW@%ggzhJ^RVchfKt5V$_E=R6?< z^O@LLxoJCfT>-;RIvS>@)pGgVP^~8Ne%@W~QI3p^%rfFmm2US0Bkiwsbv(sKMMVv9 zIoi!v(+dRLgI;F;`X*5R;eBt4F@lt2M)D)|THhUKUy%mOzz?h#%-(Ol|OS z4Gv$ve7SLSRMkxluXK&m3k(d*Qk6;w{#$hoS&qyT@;f|*w;!dyW%*ruWb8!>?k9F{ zsv?Ccc+F&om(wFDE-r48-AX)}5D<|LRZ()5G8O|9WdpJNPLN)oBMgZ;H<~rkN~(Y!0Cvr(pHa zO}Hx69dJvO`ktR|L;@I`AE66X!BG|M|JhC|nlki&{P`BG*?zI88;O8PyTDN7>DG*k zkfz|hpf?-0(^_nXQJ_x#%awqeRa*)wAPcIpq@<(2{6D&Xjl$*Q zQ{8jOUGu+G3aA#hv7!H!FH+ZywA5r*Za9(4SBxsL-0U#bV4;vJ;DueT{B61%u|}^& zGc+qdpWLwn!VTALl9~M$ycbC>Ro37c_=G^cJoe`GoGdmZC6(Eo;awGF8v}&?_WobJ z&HJc?qY~HcN}RT*^>Gz{G=K zSq$a!rk^7i6`JX* zmNZO>ixUmWtNHbLq|tV)H@C>tJu>;CapGn`;Ej(ZW#CgOVUSNnf^c{g%PTxy6w2CP zU_Tn?3#n~WV@pjU%h-839=_6{Okrd*qv;DJ;U{#mT}-Svsf#K~T^8WWDyv>*Hf(Q7 ze2WRxLwtucvJt6)^2;WNw-i^G+aq4 zj7S@7`XPj|C>036b0_RoThg=1tP7z~{mC_?A~W__D63mzu^xeH7G=J!c-PWXo=)MT z9F^YxnxI4_TCz_XT81~!t|}|Ui(_H{9gb&nwoSHe0bkzG?TITew_!%1T`&?|J zz=YlR6NOu_cgiW`QIrCsbQ44SLP(gNUE8?LO$W0Ones^y^XKHyyMhQB6rdj2_-*X6 z9^vmAuP{7lUt%zsGRn{5SJP|2|bjXUN>E=-^?4g?EO8Aiz*^9JNe z=$`Q@g?u2F>`V(?c_kevHrl;YO6A*ny%?l4s^_m;!g?B-s5O4~60Lu96BstKmxUgt z@%EEy%3Og%Zpmx~zr>b$*j0vEQqgL##F}or4-PEnt2Ae9F za)XNqX)_-&B2Omts`mC5Tmsi(Gr5(I>;)=27NwGs8P$#RMyZefwwrVVnucdVRJfIk zC?DyE#4Z|>2vq@W%`8OcY7j?#l0Rfkquo%<{;|Cx5H4o2W^K4#w_gSoH7(g9de3Zh zuk%9rbZKd?KxE>fXDwFH(`7!C>wS_#rL3<(Ot!xz#q|q2v6FEB*B7Fo_c`56>X=PY z6>X-IaQh+SFV5!X_^B@f*7^qY2J&krgk(I9dZVuF_r=BBrN%4j75J>JUD55PxWv173O_SW=lAC0idO7PMu(7k z(Sd)uXBpYvk8-A)`TPif&X!u9PP#Jx7;$^pHH<|ZBga}sc@y%iRvek9vy|C{mVMUq zG;iw+mUzw2Ti?gC8cs)d!T`CChIvW15o#Yd`5*3ShmB$mt}BAjZs z2}}FeVa#Fd;rmTYQVmx&plHQbmA2;G`r8QI{H%JLA~#guA!X6cAwKTqeVS|(T|Rsdj?y!Mbu`!w zIvxr+xYYvhi=R{itSJ55lA&t_aRR_<{VSVTXe+r~)ppS0?`GnVyhi0{Oc2;hxn2d7%+vB@#q@V+oijawEBd)cGgXbO{AS?|^<5EZfkBrgwpkemd|^t9^F`YG zWU5B{GF|R^Chyqh*o1D6JD1>lZjgz)zs{i_u7&VY>%`{{hz%_2spRu|`ee&qF*B#G zArumKu5~oZFN{Nzku|||iE?yRpNbgpb@*hvfvssx(P4C{EdbAm;JJZY5Z83|nRIIY zhLx4w!A)i{8GdYDqFL`*xCske;L@{{RILUYnB>X~^{ZMeL8irYQPRgBrgE>dJGUFq z$&Y+@Y`B(Gx^PHp^7}E%sE4v`zIm#+>iF0a4IbjF5Yl79ps9R=JOx&scb-+X>>m$Dg^- z+ef*_<87w@>Ik%Xy6<7*5!gyS>74Ehz^B7Jz_g%^Y`^AE0!1$Jy!;cel0a|~&l@|p) z^4yi$#fBT=lhfSSg zV0U}58kZ#5E%azcr)wpeUDD?ynPiYVOLioTC7O|v88vI>Z)^AnQ}+4h4e+I}4}w7Y z=E^=>oTbcKn0GxPDyC2<1XW#_%~?4f4Dy^)uU<|&7-+7^SAhgccY7Im=XYGq+HQbs z=YS0f!uLa#-jJpRdqfgWtKbwqYgYnZS~@zT`qPya{eXjZRSSwuMbA#?ZuM&Qu0#Ff z^h#0@nnu4>rla$KNbJfF(AWi0K*Pt`-2-ynyNmedQRCyu=V<3a!I`)&Q@`K|CVECT zCzTEzsRN#)M3gcvATDnjry~}&qocrD11jKMuFBmwM~VHKW`M56$c^5dvER(6UlLD? zRwX$TQjV$jICd@lY0{#lkLwxF6NE3u!ig%9S`#T%z1J=drJ=f0FKr_}#F>vOO9LOD~R<3y57}eAC5h4d*XdpT87f zy`$1%N;j?IHh>o}QG!2cOJ6QW?*KP=?PE~l4J?E%OrRp|U z-+O|2qR|!!soeG+w*G8*eb$e&j8zA|2P%Cr(*$golYipF%-tQ!a_a@tdIJ@>aB}5G z(nZX=f~86qR~Fru{2x)ZzB|k){mu=Zhj=q;GbcoRyFk?Oh>XXG&9 z-#G19FmFWP~FBj)J#^KCDu#vyz(Za-Sa7BaB(P)q;M?kj*ED*>(U&-L?dgW6) ze4bYB21TS>-WWAT?)Vt9tD>GmQmZ##ch zrwdL=WdTyqOukvsl7e*;8Tw>vjI@#gc9%g%YQi&DS->>^jqnnh_4{HlCCyj?vF)sIjs*<)Ba^%m7wcpd4wO#cm z9ifp2zTSt+=a(MZE%QssR5o8Eqq`>tt7~8U zHzAb?*-g#hH*bjjeo4&>0Q{AGVbrqk3+CsziegM1XUx4Jp#irN57+Ns#cA@KViKEb zT|O@-=TtrohR`7&O(=Zd;Sn}$!jF6Z!EZ!jzI?j<6GGCKIpe#F4r)AI%h&0jjy%KH zZ$EmdD8Sf?i&jl+K5(op7)Hua{k9%6*z!xs*m^#y?M3&|_G=oGkxoDFHuyUBc6g}@ zr)U7B^2+V^TF;7f1IL`OVGyz)Ezgg;%zJahX&$}Lx@!@%2;T>UW^}Yhb|AXrp=-hx zZrsV{S!m*~w<(lXkjxTm4JNi-z=y&)8ELgkm}r88)$ve7Byn8&t{Gjmq_$uDl_6C( z>hJh&1&vnDi5Qk*vm!BxneU)C?_lH{-=;Vs>H~s_l_pDwjkL!!pqWeH0AKi3qYaRxfe8;I}9I*@EiVDs5Vw(9l z5sHZm@=rFb$+WD4*_7TwZ`Q7P-Vz~}>2eCb@_hQ>>s4v;6yM`h^_Ga+EA{g!%ozc}&a zJ$TovFgmGoF|V6(u(3&zQtEOe_C2ChW$R}e~_>A~N-Qq_N=&h|Pgd|^} zlSQ`9IL)y3?6T35B@LoR@$s804TYtt)ZS}bHh#Ny^f_4P+(WLy*IC2YvvtDxVVRLv z!%0#8>mfbwrrDkYwZNCmvVH;S*9$K1woeS-wdsfJAKhlK1#4@y_dCxm1Z*qhRb6G29;N0Z@=0y>;Pg!l zvEOlJSZbss9Sf~&LwU@n<`nAO-TX+=csxQxUyX%={!o|NUYG9FMO0*?0f58jzW3C& zz1XS8hB31!=TQOP=!pX4F1TW6P~w=@w=DkZcVQH3Pu@p&Vp~cI2t};2bvsdHl@p#t zAj$4uzus7xXx58Fgegh+ei!L0qoLw6SkAaQ7SNibZsVQ1?=)E9Tc}er?;?zzTxi(1 zab`%)_t0qg^W~hWLcW~>$NRAF(&#C*-*pt#T*wQ9Fn~-}JVfDz*(IPVc*Y{bAfh)E zZ5fMMuX%P)bDZQ85fEQcu4V5UcCs|5V-Om%wL@MIuw%Qn(2d2Ynwl2&z1NJLTZ+~6 z6jCn2S%46p79g^-r`@3hIow$iajI#gaLVeu?;BM;f0Vj7SMNqc!nZVye*CNTWS0uN znrbZy&Ti4JdEzZCw=k1kI_&8(e`Cwi?+rM4YmfFKg3C=m&cyQO$g-2+TLt#2UQ>dB z!L#&g4J{D(Ne~Am4Zt@%5z25$c;e{x?B30e%n2d|9{Q>&smKSMOmQe6U7>vPaCLIU z5g+1Qn)dbRI!>#cH>wy!JH(t_`AJgecZv`uL=tn0GMc3RIV9wY2pwc@tSKqTp+8nG zpcbe&r~rIYRo$DJ@O`{wN?SF%Of3J(j<~UgU=$U%dHa&d=a8$X@sMa4cY%G+&XbTWCANhMw_ZQX5OMUhh0EazyYGkTUH(ApZm8S0N&_5dvrg4qkIh1@!S4o(m~rQm6}|w+ z9TF5JRISkR6gm~d`csKW2AF0IEm9wD>0#}J__XPf5=5M!q`S`6ud4lcK8Ps@S%|Vu zPS)*qH1B%icG#bbfMevuX1?i{i*%{`PrM3h!gmNkj|l$$A#+vzV@ehi;MX~Xd`I#F2Plp%8rM>XK}aVo+5T-+-8i$k~M*sHX6Nil_}7T9@TRr31D@jQ)} zPi!?$9c+Pj&jxEO;+WPXt8y{Ixh23CaRGX}_r1^3I{d`Lqa=?qwpj%h!-tV{`2rwV zhDUN5K@YM>wFM?Yx#_UD9amQc48r04ckW~+TR%F8s2Q-nIG|s0$yo*%#2%8J0(tGy zfHp*)VsRbmhN@9X1+&R|J_6`kyaHt&7=$MLsNE*>NBNI=TYgN<78E)_tNSnt<9ZLZ z0N}!wn>JJghX}J~4ka|w@K$i>C4qU}XO#@e&tF1!fXmfANxt_d++Z(8h0CRfHD&`L z%p_d;`idUPzMlnhZXZeMrws#cHNp~XzC?k!x63IGdyye2_#r;06QTwE>-+w%or_0M zC_TdatAhJN@2xpM!#7r6IOcgm&_lmv1rr4aJe@_PkCEqjx)#t2?uMNR1UMR;PZwR8 zOIokD+u%r3?Mieo_*umyLMJ}{kY_*H_m)&)6Q^Je6C}X7t8sZsnaXs!G4ANZDW_7- z6Ncc&{PsI+A95GAe405C14eSNxwX$OqV$nrGj~VdVxwyi#m1u04{@xs#kjIRw`tp9 z=vZ)XS3=S*UrNu~GovtJMEScup?o8LQ==@p-}8A)*FYypUuYU}+ZrQrK}qWB%6%CP zX;f(s*UnfU*7^EjND<;@D%KaO`p#c@JJ<)q3o5g(aPd*lb}ZZAOk?%gi8(6DPqd@M zpDePq1;TGI`7~J6*C&c{TC4YHE=QHTT3-$@QUHIN5|L)|r z5x)_w-lXXK{!f_#mk=6h-RxA?aDXCjnQd_L4lRUa!DjEZs+=C={u`LW$6p7ci?>rmybj*wlcme zPeZ|ux9H|nf9$b$q+TpZwKSW5O!Dn0la$PoUxVB!MQMIJ;%(pC?II7aSh(UD4_@mq ztf_GH+J0Be?k?lVCK82Qi{$`Svk5&}_^g=H#P7z;Ex#oJs)~>Q@YM zJj6Q&m6~&;Z62}@Q|`Eu_+cDXdoHExB zBrIIloApOs@2Wlg2b5gcjYKncN1+oC$4r9bn*iZeU)Opa0ygKDybnFwz4EuU#{_d8==*zWYc;8SS_ycFYz;Fq zv}xx{k7NpX9EqU1tP7i)V?`WZ;!+OeM}GRLW9#QbD;6a;Dt6C^J<&O@;jb*dkyn?m zl9vwkrNSM>~mS+esd zGQyEp&oQfp=&tucxL-EVc5Y0_$66&=&s#+u)^Zq-V`D&190sAbzJ^{ur~{Od9|E=w zGmw_Q%FhWH*0FOY>D23Yl!w7HrYvmRn_04}i81CK1Dk-;4!r3XKmFQ<`gLJ?N9|j9z3LlD z&P3b<*-PtNos0K4+`0Wy@GhNNfEv3u4`u$-@_w*r8;dSkFSwjDa=XJe^!jcA%=%#R znD^@v>!%{5!xlovsR8A&UcX#?Hru66XK(w`h=V~I z7Njf_VtckO*eZ8bl3?_y^1ao1tt@a-Zkeusl(oA$!5|m1+_E*!vp&0Svo6seSsVbn zz89zx3q`F|rW(Ta0gJ!>QxFiGKK^+QwbGI)hI&(g9pxWZ#z9Nm@lC+1$Y~vX-w|OF zIFRB_K-snXYF}MWYsLK_v03Pa`sU+2Hd7FYyJ6A2GI7uQPP&AWsT85|2DYyrosEb& zO?D-93+oxH=3wqwpff76ZTcbC{`?nx3_2yj_Samz0Drwk#ZA|LY zA#YLrntP1JMZo=qh|)DKV0dPJ_4uKfZ^$q`);^5F6zlY@~{ae>J`?Jk@PF-(XRy}i`;&aWSQ;wKq{b&$2870_H`@JP!)mSSU zf|#%=TgJuHRX(NL%i1?cU60F|eRScF9ZpFU{mSA{nv?SSfIJlBm#kX$%!HH5UG7By7ceIDuY2sQ7r0zBip8f1oPz-HGq9N~iXcV6a@g@kZQ&2))oy2op zM78;}!&72$0?W2GO8-Ksp!HVsu6@*&XnI|FK&`vMOFY9-(Y&X;f75E(LNhPA64sNEVenn@ufj=5o2&%8{-%s=8&WjE43|L9c5<>y=XswCJBqxgst zrLSMWoD%(`NB>8Bw0JiCcs&O}66Ol-r47qV*Ob?uY}jVyrHiP1*SR(7)hJI?C@n5_Fvzkb%I|6`;g83tB72%xHuOcMH!*xAcO5a8>c~_F6M@G-m`%Ut$t;~)7 z*QRY-6@qCIG}F9Twac!16e?d&4!r)(&$<>rq%&S(WD_v!h9xKCK@AO`FY})(4*pGg zl|wE_bR*BWgn1N%iZ7KV8zh8~WCnbh18VZOtNI=zNhE99x}aGkK*QUEv%5+% z?MOSZivv>_-vLRx&LkMUxmqeO)f0*>IYcV@=a{#o`j?VDQGk}MPmW8gBs(2k$Ffz=@^u42ub$jmw0W2 z7jmaV`;n1xCIXRWy?CNl{nrg-ZcYVeSAz=Z?%Z5OL(l3U2oKkNZNa%sHIHsD^oV?WlM1dd5YU;O79~ zgho)6s1U~tc>(Qv-IM$`L>Leb7+qCAIt+}UL3k&8d%Mz_hYpcryBr7_uCSk0I&8&e zQ`pfPX(;^~J>DDmYS!vk8m_Lco)3yVeHXOm81l7i+p4OraEt#7! zys3zWao(6{eqrrI>PuQ-z?Pc;>a-*LuPRGlOogfL4`OEDGFvOGB}Sk9kqm?R_Am3ik?W91Z2m~_ zLha8sQLJ~z-Ff!^QfYtFav6UKmF=l*X>y??R7D@G52j0jhc-uW z_n96*{K@(?Ho0&tH~@C2{`Z8_SBKI5B@@C+2H}4>FaP0cR0H?2@k{s4_W168*F(aD zQJkG-5P9PE!{oefL=#vXt}1(Y>=OR8@pvAd+C%qO-n%_>AjrjFCZ3zk8Ki^Hyp2|> z9gIi>T(H%j+K@V4DsPgfz$lFq%d;KX;++Q9)P6iq;Yd6zZHnYW218V?w~{)1H@v*A zCo@1EPyR&U`$Ad0YlLf3!P0=@w!(ZTJ;8HgquBS;Vr$%bSq1=6DcLwJdd^Y{UA-;&w6M$WIy)ugW|~pZ(l@W zle)I900C8rnVA&>kX7HK8t=1Sw7L81QCZ@VsbZNet?v7`{GP{Aal|}Sl$2tmZsz7C z<1V>EegyRN^s*`{gRw-MZ1%s|0|1P{=< zAiy#@CMKhi7kmc`6;IjXekntirIsV9VPNapK|65yNwboDYt)j?xkuM-ji zR>N3U@Gauh)YQ8xe|br0!ryrsm#j*6BowMfa>TikCeLqX*uQ-|b{JZ8Q8OwENgz-h zcHI?2tZCNm@qqSR@64F{H5i;?*RWmd)?FMlfGK%SX)Zto`?Fb>+9xy{!1&ZswDW0! zj;5YtCP$)!@T0oJFOQKE#=dIcnVu6h&%;^zhnw!_pAUDJb6d!PmpSVd#*%B@=L5vN zp2wNslC+0g=LG{V_(>>^@)FLF9ki?KDnrEDY5~Oj3<-LMt>0cRJGrcSEc~OuE~oF% zWF{+u7vp%=Dw?gx9v&YZ5Q#21;KW~B0jKWAW`6KmmtU2!(_lO)ukTd_IAZR6YcL7U zc|j!8`9<*p;OW`?eqwmIH;GziwpB>$R}1$LAJHBiEah<|fu}*m%oont1+X!S><&?r zE9X|+x)c`_Ai$Zl)V1Jy+cZzf*|WdoST20LE7^nbt4Nr!;fm-Fp=q?Aw0mb0sa?Ff zOcNg}*h+!~nsR-jvVP-}E;aqAb2?BHR%)hOhO8Ddn+7dc`QI0S$!rCZaUMM(s<{h> zdM&Q~?aXw}xBEm~r>1YnL}FMq-xZ}0)YCrtAUxggTV&puivWt|$~-VTVT*xHif%Mn z5Z3MoHH)!)pIxH2ygvs9{uD-%iEC;Sz~fwj9E3vka^=>YbUlq-LwT(aDtWPRM5HP? zF@>&13QV+ZHELQB0k5TWHF--TxK?Z7*b~T>)}T!{E5qkv zn2tU0!Q10l&6IkOrne8?ZxJGTqmbWqMUQN}YC5NE0nMn_=^81Vr>ZHIL0y~c)*V&=ha8p+{fML+sRw^;?A6dY`#5>UlJ10uNR)r4U4LM^%;xi|#VS|M z*D5u@YbC0kL~MpR9+d%+Mjm#{N=lGLo*x<+YLb9X@ZeBmW(TmQ(9}Gh!&9}xKs`5C z!k=%xX7ReTbe^t+cS9gO3eE(fGP0|2s!jpMw zVSyA4bAsaOQD{k6x$3|{ucarnaFw05Aw$WdcUK(f3t8_b&oJ=JQnHD)UZ^GYz1lAX zuD*TCS3B|%a8eSGkV+v(VV3GXbWNju2PcF8sQCCAWFD#3E3FY&`RSez9Qv+^LP)HaCEG-%>bm0{AvLcl`7+1 z$ycU;=9W6VSRGq8QPWN&XL-iv;j@OqA zQ@jXE)t04?NQJXHZDypKDwFP}$%ZJzLfsW9An7I45x2MAfSQwdfs>D{Q%SZ~97ghf zWh(jcR`~&%9=a5eIFh7a(y2AmfW1&@#u+J>EyTo^1%EM!w3N598}`n=2SP{?Q}Z_+~3XWZ>&tM(riZS@gft zS%k@ZNK({J%R8+a>W)R(n~bbvm{+4w;MTg2#cf|_jclYoJ-U7rL{#8=)=}gna4g{d zzOJ(yEyZvJ2qaIoD*;I?vB=>#O)IQITGnfQ2U9%Nq|0&C(oUL}9sgy~_<0hi3%%BS zWT1j{r8L*y7=C+UQ+931MQ3F3wI+K?&obk zA}`)__GyV5C;|7$gLkWCcx z6C&!IWAW{(?&qr*f)&t>bu>FQW8Nu^#OaBHs`~>|;8>;42Y~Nbidq$IRs3)FQkG?A zK~Dm;m@1E|-J7>`fDRgpBx7l^9$O8elxez3#1Ahbkf{KG7b$oo7`!FO4 zd4kTmOL#=)%hRx&)=WikYO)+LwT&0;L^Q`u7#%EKR1UE@9P=H}_%m>es8r3>aJpGe ze!3)5#0@HXz+oVtXAZu*lf6Ek$cU=oV9sCIhhGIz`f9$rouN}aYGFl#Pn%T&40Pyz z^Nmk0q7KX&vU6qw@HiRFHGQxee&PQxj_Yo}faju`QK*7r2N0sK)cL;qQC|7m;QT7B zcH7Bc%T{K3b?G4!dHwbvpne|t&}~M)iUPw@eZ!Qryb;mmfW86l)djZgK{}ry#7~AA+;w_ zh!Fq46?c++tG7VBkBhqk`6q+84o|H|oi0aBhPtSFq{@v{w93<{2gM1(Y6k8KHj{As z6QLsVr~!~mQ6szSPU?{fp|5=U@FJ>HK9O?t32u*p4ByI{L!Xgbo(%w157yL=`lCXL=ajh`tD z!KjPrBso{RbYdxj0`g@T2No*76cEXLl+!dkQbb1y;cj}h?{dmC`+;|F+GQFny7~sX zU{v)e=j0bZJ>u`!;D8}*K_o|haKB0tCMP$4vmTVdV$fdE)7;>fUNwrV+7Hh@m=W}uV4G%_SbQS_*>$1wuuc4LsbKE+Dw;Vwx1iext8h<2oAYLGx*geAMcgrII7WV zO&90h@u^FD2vNRBY|GBms7t}7HgAVVjUSd%o5fuN@dV|1sP*~QM=}?Z{xdC(k&TI@-m_BWS& zXa5-|QUW9GRe~{hDs-B8An`H~((H&CD4)p!dY1b&$e_Qes3?7XWMDOG7u4P&)(>bVUw;H7k0aO%Gm$zBss17S8=WQjQT zTLw&r!>_+FU$(HuT;2Q)N+mVO-&@rAdabSiUd3rCT#;`ElkKUPj1!=Vtprn1tShu|}LzCi6av3pddUL%k zCzrrF)QGgl%AxCgWSymdrDN&Ok9KPB$K|d26?N_B{D9l#`SeVZqsZs+Gck>c8Epo+h8gtgQOdmocuZw|hqpNXzi`YqyFB4aa1#Y-Y{!KU-v^Mxm&m{K&s3N6V%0|5loBfA`E|4!dypZ6)V6;pbF zqI_Y`WB^vW@9c)tdGp62Q|RUGX{Uj9a$Wi0nt^wqA-ghG#$90M%@?#^58i~F1X^mR zNfk*P;Qiz72j1CLW98FqXAtS%g<-wl>#tIDKl5>!my4*2|4;g_<~gWxwLow+fdlTR z&KlvL&IIWkPWtQRSmgdK-Bh={P2@&(3nA$RCuj3?fQ*}plT5PRP%={f!U<-fbI~9Q z#`XP(qStoZh}2Fe@kw2RQ(!%wl?PETMbas?mxEuLA(LPU1<;iAGH7Af>+G}LH|-$A zHqvF23+gTq#J8`*h+MH1Osni9XrpC1|5D}Q{N>6@9sbhIMemP}r9zoudV2x$Z+fj4 z=)!{Q*y{Pmkx#22$jx;8=@fRW?I}CcGL-^JPcn|Y^L@Lc_aQg)E0Ej%^U+%7${q=U zzk||3pAzkFESwdXUDjzdnU+EPFfQcv?wCko?HVIc1EZbp(C zE3EkI!C)jbY$*Hh^@OpTk3he;56e2f5MKgK%h-dYaaiHmsX-FAV5Z?JFpQR$D!>F(@n`$%gh}^xgLU3opd5MLgDz}O#9eb-f>mTJ zdj;bu{HOO*8U#JR{Y8+USDlg{V^LYpZ9@v{5BS~aB`m97xvHU$?%2Q3U?9%v1>r49 z{c&x=(X53%kFB0yi2&@hRU?+&HR*SQkp1Y(SIN`UccCCNV04D*1DpGo@~7HD(m@`K zJMV5QuZIpT+!I&@tzk5|F){kETP{KFfci}2M)S!9R)zk9iIL31DcDVy;&X^z9$Cnw z;ruTGGDW9Qt*6qOx;k40{!reiRmy;~h2@gW!KbddT`!&u8~6TloV$H>MfrH+ODh=r zR)^ayWVVFx8gJL`yOn%b>>J@(r0(m}Snisp=tIHJf&SPDH=@E% z+%Ou%xwgE%Y@VRrbzQIC@`S6|clE`rL38*So6VR6HadnL^(%MkA6GmO$U6-ZvInqj)c5=5INlOCkY;U-Mq;X|G< z4)s9+xCE^lzO#6bPPPfX9Wm#=hZy!J$H7UulNwepJt?2=^!?kkf=;K1LQl`7KaPNS zhfc)Wtr+A}J?#aSMkc5TUS&@t?ijB_nE}sKn94H*qMhH2ATqH z{c`*7A>~aJa!c9=5{%53e^|t3Z0w&-r5`o}y41fCH~{>r{G1%4XO@*sS`?{msWR_s zgOb;hPm+5RDTWAvriRM%TOQO!17#m>xZAzq+gC;sPa>ueSe@^7EY}A*u`82^gp9{v!fn8Yw4qI^ zTGN+uf@1S0d$G;lEe6qpnYy>m1%%}OJ_s;)qW4~j!sar}T;SI2Vur`07pJR!4IQh}vu+z124Y*vEXTKdC@ zxq?1;tL+{$85C3vw({_$ECgT5aNo3|c8IlM*T|yEl*z1GLUL9cum?98b-jq?*JRCr zr7{^PfL1OZHOtDfn*|OV0c^7ijitk)-gB-MA8LgH=J4VEW)zaluL8fl`Btc|QvlG6 zJSYI2PJW`lE<*q@a#3(IEsDjY8n^)BN-La7pV>BoYf^F*pkO zKgdQDLXI)Y3QL4T6pn`qQ+@COx9nLkGbkO&(2nP@|pFPmc&V?25$WR7c;t6HFW`9p^7F-ok5*_ z1Z2$zU^MhJ-j0gDJuX{^Y0|zkqH105sS7w?V-?z*swHUkJ(81=xmDhJY}n9jR1ql~ zcQpN`T~R|L&R5#9`|%85$z2zTu}EH2fkL&2+WqE(?qkz7giOc}fO0%kY-e-xH5U+V z@cg&?lYpaAvl2l*@`LU6n*a~B&hz%m{phyPkE}UA10Hf~}D;9l&FX?3|S%m9{MEUb^GnQ+|LEtYc07hdq` z)8kUTk6$`tsYbnTuCGS-2x-K03ld&m3~Ne%Umqr~_O_eR)=? zwscuQ;QG8p3eem9t#LFtiwy+4%p7hkCZC$}0JM^gon5O#Pbcy6Ot$}QP6|RQ{dZmC z@94*ebz3~&Q|8F>yiV%=&h^pQ3??m%CbsIIewTH(9Vd~6dxUy*jZHLMfs!3$$6S!=u1XMR!W%H*gV?{CR5r4nIKhH`i6&f za&!cccIv9C@_Ks7y|{7Y{Bn*rfPDp?mVNuqy+j*4ug!^E@EEc(k+6WP9SCu#eVxK% z@-ttVs5X;&JnSLWC$AmTXG=Z8G5tmSnuJusYFYK0%HXnnj_E{4iWr}&vWki~XXi*g zSy@?f3GYw6->5=x?T}h-%Pld7$u0))SvoOyh$H-%b=Wco$)2(tnyCrcWkw`=jQczg zTlenW!>F}X#^F99Y2Y@f!tG1u*4bfpGch!bO5%iL=%75ngi;A%6@Ap>4X6rDtUg>_ zU5&0P;H1!e>&qjM(>`=ih+tz7!h50 zVOj_a!}Rmy9YD_qguoQx0FZsd9k{7aK|0SgDM=_K{e5Vt`Ik`q^%itum&m;y@;+f| zD|+VQ1j06SEv~EUWtBfZ9^f7+1+TeoF&{X#2U_rfXO$>tUHiB>P&@~g1`I(3uZ`jw zF`uDBia1Xv3ulU!rZQAr?MXy>#7Nw`>k2{@Roa)*A(TB5lR4B50LfQ+bS4nY#IVL} z$2_hs@*vX~x&h=+=xz8mQHqE*dkTI3T;lTz*q!rO=4TqgnPUF59}Syw9W$bgPM-No zI?p-&e$3ac^CQLH*JdEuF6|E~CMug@7ZaDtS4eR0@c6TVV}M1i?WAlX z-T~0DFd^n1^K@0B&_ojTG_c}T70>AA5}7+gnhjHk1H$UPzqKJwVx>jbtHEr^^^^+? zxIzw$LE;be_v?1SbVfxhni!e!wS$@Me&)*G_s1krqbyIC$(QwM60{$bup}oWt*+8 zCEj!Cx>;*P90TQ04x=xOlDx+~Esz}?0DT@{_Z)>$Q4$inn1`tNgUFFey8|lhpgX<* z5ne*rny3wfF@h*gfJI9Sm&-k6D=6tBCMZ(GSvapK9YU zPZ#q7GX#3Xho6b=O-E~3$du8R|lIndtrIpK_z?7{%Y=~Rz z1nFRH(8A1`TQf%UC*M07j(Z=S`fT909P|Wmqw;vs6hrMah0-%!)_7Dp zzZMPUeGkW_yqBCD!td{M?C@GC!8nvhw?O&q1wW8))rUxag0KL46ETyuvwjeTObKnfU=_k9EapjoL5eren*bJinRRj_IR^IvywSY zd(B@h0GeWRTa>c|@d1Lv&CZN)Dk&`$TZO^VWY5{R5H*!=P8eaI(XA2G`TlPy7z!ki zJt-Y*xu|zCVrmE^@mgkX)vXU4Lps@({RL;BYSl~S~Q znl3-e2iXa1EZ1m|YTX;UcRiv58P7G3&RKa@4p?C_%Lky2q{Aqi6?;Ro{-f7XOB8VJ zUdw>7Xa6~2Zmsca(yBFEjwb9sqEq;_SIs8jsn-_)vC}1Znv(goYV`f7#6iTm$)NLm zH$^6!WRXglp>U=6O>4bSY#cpxg4teyjgZ|bZ<;xiJV(X8Y1375|HsQH9%e%1WU_f@ zra|((Yv7)uZNkJ8KfhG*X7SE6%g7|K}86C;k8ziUv*16Si^1(#LPbg4QUih ztD!+UFcoMho$ICev4EVB4zCWgS(hXV?n~l-ilsf|IX+-LSk9#J&;E~%R9(wzE30_V z{%ojhH78{i?K}_QJr>j$#xT=wtBZ15K%0Z~|(}$DO6JV0)xp zY3wRc`V^>S>M9~*@-NeQ(v;7V%qY85cU=#DJTK)?0Yi>>dTjdykf1vpY2OE>F4R6U zIm(0FIF=eVb4Ed+J3JfElAuf9H~pxqDd_{HLaIS_q)cC`&1)lYt+pIJg;R-&H6b#< zRoz6AR{$ReG=aqEl>6~4iFNPwtU`h%N<6JtR@rWb_a)fZu8relX&E^SY_)M%J0h<5 z@y@6r?2))c0Mucv4F+}b?kuNClZ5s*_Fh|M`|()Pt<)g=Rp%Gj{F!YNwp1R|Z}l!s zL3$!vQruGLWmS^UUmpU5ZBue0d9RRg@Kbz7OS-DEYKsI1I|aHHF{xwiv@$b3G;2#{VNglNDC@)G_**8_m@3&)^Mhq5lj+Ymv z|7nfoG3{F|=))=ii$(8ha2qu+{Kdrm9c}&iARUl#L|*zA{QW!mpuM?ToVKYtJo%B6 z?Qqjwr?Fs~wEzj$3S6rCtk2tbiWa78g;?gM338vikF}|lK8hn388w{;fh?YT@6PY{ z=j+ZP7ZFb3%mN(450QI`R?FVZ2OMcqJ%Zuy-}1XiUoS3BmA4h4nb-j5rCOWC-#Ad``uu9+keltCzo6i6I= z$l#dugjImuAVEesP8CxNeW5d22{B(_Q(q=ul2~@*?qUmhtt$2rVZ%m|L$k2HI;aIa z*^i|bX2~B1#!v^XtPMMKBX01q9mBX{umrr^M4jK+K6|Dn5S^ZMLqaU{sX#Ra!^?9( z76=2~p>H==8GVMK(|%UWkFK|@0^MOr^DmLIw&V+Kp)`B1^b-Ut1)(^Zah0Zt7#Zbt z8tb*Tutn;>*Z)VnB7jEt(}U=!q5lgUAw)3xL;oK_aeD`L6plqGgp8EJLMVs;k?3x= z-gB%d?iX`KVH%#bR75fVq9i5&t1-c_GBY!ulaCewA)rZ(d_=HHv*hvE2uh~L=aX|4 z#ZHY$c87cSD(!|@HmB<~1L3tmEa#tI&We9jV*UStu5>ur{=IvA99C3RB(*$L@3uN{ zPxXzKv2o0oFLE`G)1+8USxypAGmG`xc8}-sVUuzkNjdJ@x5y_)UJ4_bz#RbEwt2iWR}r@e$QLy zn-q4OD(-)uP~x1}$X6cTqB8G(erN|<{{{fN54T=z13(%jm-AGczc@ChQ|NlXkGB+V z18CL?O|jz1Md07?#fL>tCkar9Ng={tiJ+#oOeI` zs|DLq1utqpQv=W6v;M}LEm}>VMo?16Nb#Vgmodao!;-?HIL4U30>iO%kcnG+~iG|nI4TD&wDf7F@2l@(;muT zBBgs@y@eW(m3(GYi@tkJfMu(B;w_a4wWqSF1@hOJR12^5+75H|cG&Job;6MfDD2e! zz%QKs@H^qtHB~m71H^Tn)Z7m;`R(+m#2*Fr$yP5Lgt_rtro4?m^yd^f!o1iB@Z)iF z+b_R%dlnTi?377qT9|l|4m~e2w}%8C4Gv55-8(pPOc}029a>2criDO}#D4mEuKXw3o1ar`W= zNHKu2a8?MnZAx(NWp3)ZU3MGtQ=!|;D{e`~vc86gBgqD-rCXI8ic=nGp&x>tt(gW$ zz_P;+4%rL^==gop0i(|sG`#9{g=m6C8$fHzQY@v&;h&0({4l>Hak!-99JwhLZuru| zRY4WrM1H*eJ9<$1#`qz4+m_-H^=5cU7(6 zB`kNhu`=~MHzAfsvC~Z!PyIyRPmkdN0buF3Wnt`6Q#@z*Z1ctMDJc(-Iod<9Hg)+$ zAGg>3J4LD(7hZ{!i@vFTMDQ~K;!j{|*+Hv`y9ALDX~>WdZ~?8FwN!VTpa_L6EFd{@nYn6^tjLP40orC*%zr~#}Y3 z$^FmD;^FUgr$oUA~F9ku8RRyLOLwT3p)sGL=B=VGu#t8z%NGl=Ap5=}d8k;i;3RHa(sHml) z+FKi2QMZ07xv+r89?D)i2yhNvRg#AqSTm>&G*=xsGe~kt7dj}Dg`_H5wUJ#aDKjxJ z6EBz+aCtC>$MA|N-x(YPx1~=#N0k-fW{y$0Pemu~KA+NOY<=*;)$SW(^lT7r zW2K@f^?xkY*%C^IgA?*{60s`6=3)utRB;jG;R|}DEyTZbk(m;9s}(o%&d6acp{ww^ z?=X?q@K&bjK08|-w|bR<5`ml24EZCjfe@dKWr+~}gTCbmnv!<1N5g}01ZxWd9JmaS zZ~bfR-Mzfp%l$WpGmqsZ@?FT zT%EBsvux+Xsu(WL4Us9*@D-sKi$k_JtUl!^TnIq5c-c8C?`|4fDm5_q8}j*yLz=V6 z`zy*GCPZ2(lDs0o+O4WO?%^=01n2bNa&*@_HuMS$ zLpL%4BK^ku^pWgR^qTP2U_?Z}-bcgtJ_jo$+doQPLZakWS792k+_Ou<3yQoaoZ>Lo;^ip5$Ygr+m3%Bpfya z<2T|;rgs07CCX47Ew#bb>{iomIRA<#0-R_~&qGg=cI~2H1=DP=QWH^^B^&@#f#$lwVQLwbc+}+NBnA~a^@6UWr1Zl3`fSxvB|YGzd9LLCnd*x}K%J}p5X>`d znJqh(;1OB8XDbM}&3aJVoiq=@J4i%MFtlD>F6vk1yP_OYh41wD47w-GjUMT|;;8I4 z6(UHck|&m$BHH$SCg4z_;n83Lks;r;D|BowmS0QtH3ICHW1Vj=m~6e9Jh|RuvNX>= zOkImaLDUA4|1zcD-uEjdv~)_YlP}!rmT3Jw_MJn*iN}ybaUh=Jvt&RaCX!{Nim#6( z^e2AMt^np9sj40F&I)!lSD8{oSMpk|Wx3m~mfqFkM*+JPHABF+h?IjnrnHDCMb2b()=vGarc!X1n`wkK<&HZ7FD@+ z8Qi+`_zCuEM1ompUY>+yYjT7_D7|H()}zHoUR&Ae*H-tqNF6dLZgRCgzjADRKiOTq z#JHGMg69wFY4R32jme2h+twkL1dL@WVSdgpbPI;`^QojGQ5)n@g9BckO|!+AHV3FWWUDb^)2JP#w?Y7YkL>Ak-DskL%GsAK;-FJTOc zf46YEJB>EFWci@>svjCMC=kSx@>A=8fmsFVlXOgYGUFD%u2^c(71yv3M&%5cr5FSR zsx<-`DjaU#zU_THX*230#QI~oWn*7LQbJ-kT>A2M{aipZP^8Znqr#=H)-*9w^@)NM zOUj}P#rCsJ9+(prMtfXJ#d%P>`A385d*Ys(&LY6j=8yCcX+^st_(Y!Y2hHvtKav{( zzv;i^r_fr?lDADenylOnc+2H?2dP`~emvB>EK2~FVlY-FaP9?YDNg23aGD|F6RFRN z4U_01MFd5THDiki@j~0w^__f#C?7tB8&j{Uz27!eX}i}saR5KOqW-yG7i+G$F{Sp6 zt^xV{`}r;s;$%sD`Ih{I-0ib%Ja3jeq7~;%ZmtN=>{&ct!8>ikV1!7UXOmhgKQoD< zo7}?AZ#r4GsK;r^k*6+6iPjzug))VZDme&=U?*Mn#I3$-%k&y??Cuw%7)@Ft+i5ig9A~>js=N!QdyDq|_)iNSSZs9u*iSBRs4Jvt#K3FSTIsL@Voo%*d7&f@YtR*EwHaRhnnRwZBnNb{g zl=P3n&0@o8eIc<_%$n8!eoIO8e9QVLebRcta5&%w)Cq)3YCjl#nzN@+D@*&13f-Fc zveVX|M92u4fHbpT&V5%-E@+E*AO(`K!$b0C2-w8gchPrgQ}j@)Sf2pbzEr-K!D7<* z2+)(`zxnYP5>EWgq2Xa-3W`XF^2U32@7_Hf47|=)sRH4l2#YQ4yW;8M0j>knzm3H< zgN4svX5b{`FAp!Tt_GJy-Ons*>=fVM?zF;NQ!H$U3m^WY%NNf975V6ajb#q_cQKfC zFqarvnQVuQ-2Ryx;@fWCfuoiwLJT){c`v3UdT-M7#S4TlFD#+SYo{FC4kSFRzx;4< zveRV|FIlL= zg6Idy%v&RBrX!~w4Tu3Bcd%+G0!q#g%9bM>v(%N*t2rq zMwRWXt`@~L3UM zR4hCmBr)Xe=5Q;3q?%}b`+U3Y!YOGjsoxd?iFn{D{CeU8@7*N!)lpDwopb|#JqR7@*%xMfT{wdfyL@$_1Uag1Ba6-2Dt z6SRvmTVuXe4L3Bzln0eraPb1>gOoX9X1ukz_Vx!-%c;E0n_%O>t0VpPfL1XtU~B;k z=F4sbgFVIDpr9bklmYNmu%5ik`pi`TGC5?%uyirY<|J%m$&YlNait-p0rerRIFsb0 z4_Y{i&^L?qFPKc0)B9ZGx`mK&Dj*1|CdD86i6y9^dQP{rx!jl)%DX7m;|n&Wuo>@3 z5=^!N?ItXujtZ_2iIh;vDPZ7B-(H3VT%qBGy-;=+m@LYgiWfP)IC_PV^&RW7!-Y%{G2g!f2<6J0Rl93-j1?UH+XR%4NeX zu1Af)P5^fI1Q2r+g0=S-5xCkb>-IyHp^4?Gs+2roxXRkT%v}t(vk0|cF*D;M?UK&4 z*FhIT5W7TNul@Cy%u?NWMw3pSUOrbrYq9#jzOAT2GS1Qnqnvets<_&TRH~6H@_A+I6E#iZb z%CM!;3Q`$AxWL{DD>;BMGEScYh}@`+%+w6@S(h@ckAg?{QkmgPkFk%NVz2_t258!g zId-{Kl)FGdBW_&k7V-o*y3+K3Zx+SzJ}Kc?6|7r`0SeLU%212}rXnHoo^~fpjxit<3oIBteA_??g9p8p1aRUQLTET{tt>_YDjqvBqWcU1trfQG zV#qq~ZstSrWY2-|n1&hbA^vp)goD}=oVAVxU&^ro44^c(tRduGaOcpZCCuKP7T zz>nw{J~_TfJk}YSL~JS#X%8s+wg6iWO;To0rRuYavNEpP7F>g&wJ=?aM2qD927o>P zATwlgZ_Rx^nzzlF{WQU`yAJ*QdC!b$6Lj$Xknl$g?eG4jh9zIBaZ?o+kQ;ASI>Z^Y z$}+BA$J?hOBn&lz?qGt&0e)r6vRRw^m#qNn?I@S>DjGXC3p(S8((NW-eZXi8$;Y9| zNqfDz9$A)i<><;X&Y(8x3@+9zd&pWGI#<$WytS$84GXhXoESRc#w(3ABxV}rVF_d+ z(Q?-Ys$9cKv{0ZlvK|FdhxnHWv!sHpSj%n7C`-J8C1c7G)e5sA0e~7rFI)g+2CNf4 zpe*K#(7tCu!S2{_bA170ee}g!zuf(SIiDtq1h40X$`Lb@fB!H@26Y7u)187tI&}iF zQtn-AV;F9~>rW9(cIq!!8a~{wXl%jK8X7_y(w^Soz%6Mh-alMr6vTJU; z);tW!Y=5m}^O)$7UpO zY@wejszjp`A;(OzA-G#Zd!hNC$NaL98bD>1oC3(Jc!#(f5-+>?A!`Nb5X2BjR9Q40 z*v0(nfC8=Yx=QlQPxUiTtr5EVNn;!`VC71*d3zwP9rG69$FgKNQE!2qS1Yg9l~1JO z+ALk`JxaN_h20g#XheyBeYdy&o$y4IiP@Tj4Z`a{GV!xOK3Jx)d?lNgCgB1Fh+bY3 zYb}2Hk8myzHL)lJQpTMKH)uvd&2%F=aWE!6ja@1kp_{|Dfw-qg^0E(am=1SZ#a9@F`-O?c=^kwsXsU|a_St5(U+84 zwsyO-09;qzx`TU`JVd;Z%BevXz(!LINR=7sMJQ4c5ivj#ll2efP`DW59mWJ?1+VU# zvJUv^7kg#LBQ}ESnp`udkf~L7v3GE zX7qWc>WV`&>=Bt6x5t}W{v)HSv;5axjoI1R^VBWxMV+W2k12j%pS7Kbrg+(P)P1av ze$7Q|FY#nX{e0Qx?DiiiTlz5cU}=mGjTvF11IG{t=XXO%RqiK^d*i(ml<5ba8>If+D6_#_nPWBsn;)G<h};qmvsH$u`#qZrz%K3?Pbf^Hj}w{bjW*hqqGfPsEU zXDXx*2L4v7Mb%hjKegR-AVH2zm}cY&9T4Z!MT>bkiVu|2Vn@cr5Fl27JDc>H#bIOXm!5@&Cm4YpwRd z#NvF4FYRM$8@Lo;>?Jd<6l zH7~ntQAxPcj;MP`fBuz*t=}ZLxLSbtDo@G?j=7t~@VxMgzbnUsr6~#R;Iw>3{=kg3 zcb?k``F~!B$gXUxUjM`HT?DZ+-hIvC({^|Lo4L4umq(jEHam_HFedI2C=0uQWW(}y z2N{4w5_TlXyGgrE_)zxLLMx()mGHLIxt|N$LsXOE*Nr}jZ}FwJ)k#;qcrlR3Z&RE4 z+_wJ-j#=Yi@C!WI?`NlE*DIzT`X3Jj$dB7G}*i*9uK% zVb+kf+dDtgf96klXQ$aO!9ZA^2#Jo>K^$v`QRI(?5;V9PuctGPL#JKzBuoNEAaB1>{R&89`R1{KuKjn6kj7-<( z5@mA?+6)tAsAHCf6@T1XYJC#Pz?%Z(q}8&qbB2s;b3yQjSI3^yojx2hjY}yWqN@(} zyLiei^Agr7;_c(W;D|?3O@r2SQcRLR>3Er1N&iH=SLH>+E0)V4d1684EEfp_i8`bhZR zsl$dPy<2s&eY=)aw*>DrMJvH?^TQuXMvRhM1-tGq}4xrB(`1kDm#M5+;vVF<3=nw}=r5!Ki)x*Vca(*bts^CS{$goX}Q_Th}MBMx$tK@V`5NXT1 ztMNGpj5xqZgIVu)Oiz<7xTz4gxpG^_m6VNi(cB(P9p6*>nNP8smHe{W#K;scfQ$I$ zB#Q5wI3)!K52nYH=jm>dE?VkEC^~{+_hF0zCULoi>^9ectWXo?r)^O0roMN(Bx&1i zD4Eu)C+{Y#L?Psvk*PA=zx}@^=u^k_m!%b&9xu%dCy3sKr2nLwy}bZ%%;9L8qe-!x zx5$KMFm-|3mxa=T_?=VG(->8G%wd0#3mw^;=hC#v2(rOwV_n^ zT2dJKFaZ>+*osF<=MTsv{$yuvZsF(OX6Ap&ojg^;e0CS4Qy0w4eSEa z0;*mC;S2xjBu!d>m1Z|o(|gAw~WD(O%GVhDIhRk2|N z#ciM9|Ff&={~B}qKl5cV%5(lFG&3_ZBfCJWymcMyhFpoYAYfnr4{~bl6@bpZpDel_ zeFGGxyYn5Glh%N%^93N4>I-l%h5(4|hU%1<$NE!k9UT_{$xE&{0QyzY8r8k-$avFM zQuvTg%DDA8YU?9lvH{X;6#xs#h-;PEWFU|~Bt{DqeXp>=F1FafG@*D zz1pUXjG8*;doDDUq5$k_#}5FR>7KYuO3FI?(_?byE6R>sznO%Y#At?ADvB zoxoGz2Om4>0QkB#^ZP3;W;pQCh2rR>55z+&ciOEC969jAqUD z{$edz4JfY4Oq%s#iKv7L2PF;&%K`l2@b9lXFJHd&-fmnSkzj8;Un|NP0fbvxZk^bt zB}RCv19@_Ki`W1lO@FC7!NS11)a>F&aN+ZM!gjjaIx7>LQa22N}l+h zY=3Mo{R!}pLYhmfs}{?>Nm#ei&U;)v)}#~nuY^-n&f3=gDBhgdpWU< zgN2+}vV>31&oO&|ox6A(5N(wLisb{EkE;<}Ucj_Wg7>`LtnAW#$DF0may;eG-P7}O z8hZhFf=wBWea9&q1qi_Gt3iN9#X(07Wc)ClP+Le->^+}K71}YWB}c-i>cK2}IHJE_ z?YK-?K>__Q9S9F-pQl1sYV6|T;sZtL{&w^7^0I5i5K@c0s4YT%SOXx67mistI5;B` zC2g#uH(00Qzl)4kKA-vLcl-9j>FRm)kZk!7#5 zRRPdAm=UN-KJK&_uwDF{MNiS+l$&T$hM3lbG%?*+vgaGtkJLohzER%%$+Cx}wv3B) z(1AqTN>j}Jai{OiX_xd!i1Tts{g8NeWwt?%l)o-~RSvTbJz1oB?xY(uhPAh4->n5i z!X6TUK;lIoc8{}hvU+`_s-QkHRG_-Byj;*U=J_6%ii8}(t}cHD^l|M~jW+dOxGQn7 zS#56&>Ctd?1s4K5(G<1lK9(7*w*Db^alCcJ{uuz7`7AnP_QNOBq4SFi3%OHDP$FOK zg7NuT8+a3N^w|U$Ua)Hn;C8^aojzj64&M{(Zbyl~_IIJ*eOU{ySd)E83}pwzKqEvrms4eMJ@G1;Up^jcN+lOoC2%V1&B}l0B8t- zeZUJ4$77Tw@w>^f)m$auGfn?gsQ*WIZizx2h*9K_L1KKg^G2&}H2ncnDRE;IHc?SM z(|wb^bpe_IdW($;#F{aLc!Kh43jWcK^ew|nOU8mpC5}C9BM}D^X z+=^U!H-^3efw@?mzzHvq^^V=J9RIiRhfe=-;f)#~Ww@w? z;!zf>yKTgOP)70;^T3-#@9OMekp{=KAlcMI!#a~lb#`pO+wPZbQ^GSprJYGg^i1>% zb=aoy*D83Qgq&rl9*L%pR@ba8Kqf8x9dvh8E9_~sGNYdki@w)Tm7g{6pS@eQHh-L_ zW%sFk_`4@n?yxrEy2;b@iB64V29SmQ1&G)-oAivT;=k#6vEk>zh2JfP9>k`sGFE;4 zyvA6dp7XvoXs^4QTV`N}Z%Lg%t~+)ig7eYW%cS>g-Pw`Ell*vTS-J1!nj8;^x9OsT z_jdsVqN=i!aQ6;YZhOnbdXoa4Ym|w^B@gb&8 z&6MTU{lZs6SB89fgC6~pVm=TbFnMK02qG00@ukcgw~SEvr~B|;^M`?<IQX|uDPwiT!OTpop?+yMl^BTv|EIPkz+Glz~gLXwZ=0z9d0l@*1*hiRFcJWCj z`d`T>WHeN2Dt`vd;lAvEbGswo{iU8NfZHw^2ZXl8E*1#86)URn;Hss!FGwYxD+lsE z=u4Ie0>@;)>*RA7JzJg`hb`<`IUJpc5-|1#=Rij5UN9UOIJUk;9@(W?3HZMtP0}l# zr2w1lvVVP|TGML#RuiA|PF}Azk>M))HghV%RUG9Aam zglKl<3V&QQsih$5`;C5$Wt2J=`B7|LWy)l1MSZC$2A}qi)P0!DGA1qbKeVwfG0F-B znj-0=@31HP;@y^k@7uKDp5VgkyTn(XR9K@L@g0qKhBIQXfyB#=>%4w5;o6zxoKtpY8 z0>5{RVz98NO}#p2p4dFdL`AiRi7+@v-O{S!@%!f5UAyy$sKu0*^B`_@frKKBj(@@q z!QS9+_s_phe!3beBTvcZq^_gSp_cPi3C~``pC^6T-R0zG93RnLnCGAQhdWX--7~e1 z1{laHzaD*;_}}JV=dAxLb8p=#^0ko#WVwa|QcquowARRc#(e5dw4md|?U1tT?ymds z-KL#3u5u7ofeKsSr=z^f)u-UZ$?NR{BP99eLvi1T)fkd8dyPk#9UDXENLS}jP59rT z*S2B-yrQSoQ=SD+-+173&I%J4_{ueTjRqI9T0FLf${ky82x8|AW3|!~5tD$kW$&}) zl)i8PKTXm^jjM(WS;RL+LWaO6$(OIutt4?jSz*f(CiIM^v7eEwO#BXtv{6x9-B)~% zerb}@i-3wHii-(My%a18FStS#fh%1=LfsA^OnMT6c&U?MTJ+na8Od`yB9k_#HeQi& zTi%i4Y9jA-@~`Bk|0Uyki<;}-UGMtI69jjGxBQ*QpBNrh4s)y&*}(sJe=}YJ=PXm0b7nLj;JQ{QbBEq*wR(@p~vT%JtJIjogM0eP7K! zgX93}p5Yp+mabRUPLKbrq+<>uXJ118E7#h7b)G5;{hI+|^fdYwyURYIQp@j4Z&kKr z%O48PG_1V9xk@ag?le@JEoHhB6GxAcSIM)aui_XDW+RH>HVu}`puJxrs^8>Zf{B`J zs%^aZ-upk&(PH}|zi9Ud{^1PmjQh5nzh0;Q(yH#pwgVX|6ybZNS97w$ix14BFeM$> z4&YwkB8mc1kghH^RJ8y?zE?jc3ruIQJc?JuxSb@^?*~eieUcEJ+|s1WItOH0{G0EvxYMHAMnplA|s9mQ0b2;j3hp6t>wK=^d%EJ*&ita02d*t{|apE1&G!8?d>=~BebrA z83SaCYdcf~$EZrzOH=d`9#<^JNyyzPO?#H13}&(2MTX|iXx zMFO{5F!$=`dnypu6*(hfT|_`5q-vpZyv>p^ew4kNQT6f5Z&_ErI`f~QpS=z^4nV72 zkVgN}D_L|qd3`4*$kf?kp>Rypa~?!`b0iMZyt=p1-mN_C`4J{wG7IUv@5cQ41` zB7oIeRF8KmSkKXr(PGxu{qK5ioY55Q>iMw)AOQvAUK}+JZ0TEQ$qvU75q8YAHPfB6I7@-$OSO`9!gx+n~}2XtuU~b8+|M zRNY7&MV#_nlltA)MtWOX2gl2_dR^|nB|~(ZW)7PmvxxF{+wE6IS`?}9#qQQ^#(Y8b( zFRZb;XkcNr;H*KGz&9**qsX_13S3AO7Jj;>s=GAf+ck}lX}INBIu}aNaBlHr|AdZ!+E)KtGw2iD4tCmQqE8~ zjTw53Y8(0)!a`6Md=+!GX38+D7bU4Wk1<;cgn*)+RbLL)O`1Yr-lj7hAoN*`=Mfi5A}<=Jc-nHG-+&`yH=LK_3&8Z z7~QIs;rX$4zQ{9}+73Qi6q4G)2&!SsJ8krrvC&DG# zPX+Lm{O);MtPb9Po&Cn$@(uq$rWnB>&oh(VK4F>!4Qjvp2K8DfLFa;{Gcll8ikG}+rifN5` z`)9cYW_`Ba@Mq%17Ol5?(tMuQXW~kx@=KNVfCmd|!>7=)@;3vsx%pSZ`zKV8qYH@`~8YG;XK%ifTi(i-_Vt zxcFF6`^V3d2X96_*Z!~CzA7xLw(nO-1*DYjMp8k#rCS6Ha`_!!=$ZquS`7^#H zRnrDau+Pxd!mE?*&)Kw~EqgGRESu%(2aKr^8A1e;@ti2lY~$!QYxw!693y=P0JH6y z@ZeNbg^tFnZNI&RyCj1&@otdQrSIml9dso8%4io*Ie=1Nulc%GSO|uvyKe3Dv?(R` zOI4f@MR{x|TI(_;>fYR7TM=1B1KY@AhyJOW11Xu{LUg9t{>ju9)p8UKFInIovxU#p z8h9=}BOx(gQiK08IpqmrttsOz%{p68P(NGu$SK(UZ0eit*DgYi%M#FZ_bImZ>Qs*eVdtE@aVHBtY zg%Tj}Hoa#zekyDa$|NXzEmY_THmj?WufwWo`1^z;KZrM@OF($z)eaW;?PM~Q_aO?Q zE>7VI>uPuJZkIgR5*x;^a328DM`t=rc3u8sb*bTS5y_+vMf@%S&%ZmT^PH}!+TWeF zI*C3#SP1Vh@u)OF9NVRcTJA`-6!)x&1e1P|?%5nH7c``hsgUI!&hERg5x(-+?8YRe zC?epg<-ITC3|2e?PrVR7oK_Ak9ig}aY~eDbD~#>Ut?}MYdl?6R@G8$8d4V+>Q)nw_ zFdQiq&~L?{9|>D)ftyM?@c(g@tki)0xVdpoXsT=1?#0yX+%OeFZOZ?os=(eT?*&6T zHr4VYE~rOKOOJM;7u0~g3DwpUOh@7WUJ=EFV&0Ltilln!M)|pl6UN0Cb!EdW!M((G zt#C&CqvS$G6O!4p4$|3uB#Yz9sD?Edw0gV#>%z9eds&7>;SuwEGl`%-qgPyQPaU__ zEM)ss^Jm0AN%>gG$Oj-%Se4dU$p_5F2u}F(`t$z!7)bKZ-NPu9k3; z`_@g2&^buk?%_5h+4|!4N*+CN{_QHcOR#`k4^a6a!+aayf)VHa?Iu5oZdjauF1GBk zFqho3a7}SI$=DGiYy!Dez^Rij4RP}k7OkEw)^+;CZjHz~H352!!&S53aLYC76X{dInH`@xldx!`k|U4|K(G4sZyEY-K02HBsD z-OQKfsXRKEs21MPg>8`}Cr#pS7_Y648k~h4P!hF3nap5L6}s@_W2Vhw#;Y9kkwPc| zuz4G^hFy-m01C1_Q1|f+2vF_Msy9{{n zqI1Q1X?FTZE$o7hUdEF=%#8F;`zEg*=!yt*9-v3F%@6sr+-}hR11*yu$E4p_lxt#s zMsyr$PAFzn%Z9+MzJrPzf=fg33)A%rfw%^o^kVaqE8jcwHz(Gs#hQD>8)Id*=Z~3w zc|C~Fza%C^*OGrE6f54gpaGF=zRQA|{c>Fye;;mWG^Rr@@#ZT@SW@w&?#n?{q^IZl zmeR5AgY$$t8ckh75>Tz#!>x4-;-%8VBqu&AwoqCm{eH2o7*B; zezz42Uh(~0C5u^>6#p#Ci~Hvvie)6>?L-xVQA1S(BIqIxhr|yr%N2zl*F0nv4%L*zI<6q0bZs^RLIT zV?)+nWyYa7AoA8-U$>7Lnp|eM2Ta3As+!^X1ZjMrxDPnmdpcH0w~K?9r>pnA@2xK+ zXiALH0xw!TCsQ-FD*P zP#?i7mE#U7pGu=Oom}ZC5(lVCk2~Xsn>CO9GIWb3;U}G!=jL*dqxS`SEAQKSB3g@` z^Y~Uuar@E1uS%V(?S?a51WK-F@@BhvxY>Z6_O}C(r{)ynYqeiODNa8i_s(SZinPw% zvQlWUOtW$)hv1a4=f_&hBTi>($}z?n(>|& z4y5msw z_IIg6hbd5Jc3)f2-nss>Qby`&3X=KMVKMnU5>BJF?rrYGJF<9!`G3|FeoY&!?~nH& zJ#+nCZyJyF5G*l?TQMDRQ8i-gHK>r6I}S)h2w>q{=4Vlu>x0lW6oM%y%B4-r^ao;M#?V8lDk&%e;1Y$qEBfF1ZlC7Z{HNa5@Y4G^n zCqlI&3G4ir<}>ry7{>sJOTz!gC2V)|*kgk>U|#}X_(k)Krhwg@1nnx)h$=u_G*{to z!y_vc=k>ae#Q45do#1=je1eIW_~jToA{q`+ar)jc<^BS6aFHL~a6%x{bpFoBdb0|c zh<2vIB@swdz`%@Yr#jn(R`0rxe^vvJ{|yYyY+g7PLroUg@0FJH1Uy?mbbfP4d-cnR z=N2EoEL5Xn^(^tc$fZ3A+`JUWx^;jo^D-ZvG$Wm%1id-`itJ+}lY9wB|!vI!*^D<-*mD&vWL0-&J{^WNSK6)`vDac2>Ky7QO9g z5yW6l*Y9(v2z1_V(Z}CxQo!q#*Mtd(?F?C1n1aEnG*PNOqTnap6v3hlT^${H8xZ^E zQg)@85j7_bzYm&{B@fm|hHO#4N;EzV-||2Z7Wg{aq%1BCRMhQnFIVYSFj-#u8X9es zuxqJ3nwhJ<&u8uy%sqRC&=FDNB5jMR?D42~Adfjr?u3@o%>+xxg{jAT%ukntar=Zn z1NjE5Dd6`#)6<|ll!RU$jGaM?Ue2(n`gR7r9Iz+ejX~jA*;uriN#aWk)r1RR_y#a9f=vlMc80#_cgI=G@g+C4Za~q~L zuX~BWb|Kl5t@5aFo^Q+JQA-)ZD*@#mUvSFwe-u6(QfuMuy`o}z_&u4)-JtZvSWXVL zzl-&1wN$|jPA}jE21=s)Cn_$_@=^i~0C_7E*FVOH`313svqoe=SLk;$PltP-N+gjY z0VEwLk_H=>N!iRW310t|qj2b(nEBf=$2Mnh|82UgHOP6|5GFzvH7BnTXPax+Y&={j zT?HR!Dpcu}G44# zGs5dNuZlKx`P+b(Su2?bOkn@VV>De}{MdWWMzy?Hp$7+=a*IG@{cKphIbibM#;(K8 z4|p(IC(v=o)YTlWI~cxFSh^9eP2x9eKy8jxr%fkc!?yG2Ju^Vl0tWCGT{R5pmVFo}dwBj{GX5f_i-xAA zu|WUT7AXE=2&VfO^q-Hw>eg0#WF(e|K<79U`b;%2I2dxOG!X){#mc>}=}#7+_fOF1Jpi-hK~JD~xNE3%+<=jQ zV5Qnh_mfprB)u`EevlueH!;Iwo+(-8mh}y1iJSr zRsa{XLY=ERrD8D75ClaSw?qq{L6HkX-iJnM1?p<*2DacLs zCvF(7|9hjn=P$Dxu{Q;ASUmhmRkViXE86b-%>_hs?lFo3zBi?+jG*`lOv^C zqSEjQ!MVv!I!5R0MyG5l*F3qs7kTS3z$uz?Va2Cmr6GSP8cKsn7+9S%XrFkdHE04n zDJq~T5QRZ;z%}+K+QY+}T3S{xIIzxiUq+Uw3~_Y?T=Pu}`VI~YLzd!2wDVtC2A1ok z-@ox1G5shFN}jwNAk_v2tOAg;9mW(hFP>8qFT|4lW9Fj-DIh7JYKJ~G)^|hG@ihf zABhGWT8CDjHJ@=H&Hw|hkA~~%L+sg~)*~wssDwh~odKTQcLTZ{j$p=oJ(fEPtgm!* z6^z4DQ5Ibe|3%l4A>x1)mqag76j_1+{~8UZcWi!i$kRJYSX7VXt*CWik`_@Hg`=Fh z4}`W&AH;W5U0k84N#9J&vg14_C)-@VN3y^Y8}gVT$l>Jt?^GBFaE^b-2n|7Iv+|6sZP6WU1uwr10AY9s9RdwUPlp-|3nM6rHsa0Nrt? z{y{b0))^breuw4Zv|8JOuC*HBmmlBR0_?>#)}y;kH197Q9MnYfDf}kvY#^EY>)=sj zHd-*3s##+v-Q7z;?y7FG_TCjp&kcB3$)9`30suZ5n3)5Ni6RKq*t0+BU9Y65ghKS8HXZ z=0B5XO}!A=k_spQP1uRVbU4jry(D7t?Yv+21-w+lbh@Z6-H^PY>YL2Ye;)5M1S_4!{FKhRe#^LM`9bkX8&E--Y;-PEZjwqwjMrHj&OsjBF! z`Hof>8egDOg;8+FLI%~wA-DbgGsdRSdMY!=`#KqU-TCXQw%rZ)FZ3JeOWA+|KGQv8 zqvY7~uj&@{x=cQUnt;C*6S@E5-rnwHnW_3M(#vY;kdsiBi&Os|z>sHScaAncESP$j z{de&hAi>v*nhw~1!r9|tg3P?N3fLtr&7KRj-h|`woTYX=wHTdJ#AOV+wO5GU}cZ~rJ-45?2)(vvtmHI>KQ1sP>2A5fZsQEk|_$%3I67+{z z62@JABM=3n97GVe-fjG8CLhL5Q)3XQq@82xQ-;a1!+gH9(tspxg}<1Cb9fF4q!One z%s=jtv5XPv4({lE5@^~()Uk~I`(;`5e@83>H73eM-z1}bTA#Gi}PlPJf}~nat#}x zX86z4df4l@Y;yKY1D==s&~rZ^OgCB)!^NZ@%;n(4ULYB_5Ua;#%w3EcH?ui73=Z~O zXA)a_6V&25L;q2oi}W99Ri{__U^c`;NjlDDgBtK@M&LelZf$-NkDKyioE7Wq3LeBH z=XEmjr+gi&hC55K-v;1d!jU-&*E5~PZU}2J@}^np5i+Fz`>e*)G!tOvcCd3$jMXw9 zZ#v)Oe{n!RqzF-en604Emlx=iqYe7r+Ik%+3S^@btr)Hjn2Q`|8eiAT=g0^q9OTF0 zNDi=+VA4)g!Y{O_>YaApuE{-EN~LOeIj@>^NDc_e^|Td7^)>A9Jj4Ye35g)C)b_mx zNx9{Ju%`&gpD8sx+L+e+r4V0=68PB4NhghoMwcWTomB5k=`rFh=-j3qhe7rmF zAo~84ex1)z=xB2cFTAy#N>+zDGF*BsrpgLx_-KEH6Y2j{4A-}{pcwn(E6#{096a*! zUvecy#~CmUE8d-y#9PHCjSc%K#~tRECqHcWQ6mJ`pypyg6&4Jhy?}D1KyZx!KUBWG z>{g!I>v@?O@R3z%>6;A0UdZtxSLfhe{u&|3?g4>MH7L!W{7l_}%)9kfl4MMZzdm=BcjPX)-A#xE9M2Ll`l3UBZiV8v)d?fvk)GvyK{NmI zF;oa}@nGZxVrgIFsG{>gK|%ZMz+%>T3LeuZOk15+%ZEx^Se0t4RrC)<8aU5(8}=>p zOjjRUG@f=m3~4~A1wBl{p;%KQs>l$S=r z3_HiFvET?uYk&&4Y%bhf%xH!j4NTeiU+Y7IYS*5kYU0ioMc!FoZLUzKsb2rmZ+(sC zbgh@YVbX_Pf@er%i|4}epy`b*85Umfa?%$3q!gOapjlg0?;)g?9IWrBOVm2B5;;T% zW_2rhd+bp*6MAo~!TLG#^Yj&w^r~4l_r1?Q4BEsU#}B$6@^4%uQ#PqLXXD@f`R~~{ z@tWNf^m|EG0C1qb%Qyc?_Ew|SRw-!gk`+Q~9*|kC^WbK!fS>?U0@WSM$7f!>7y{RG zD-z0=L~q3{oW1n-m7{R|KyzE4s(R9S)~4PkZShqBp&M+#E|)GQAiBXEbD4syKLYy~ zPIi+=U06E(d53HNB)j;+aI4$T#6!Gl3?coq`wf7FJ@>|N;DB~Q-#^I4Hs7Jxgh z{iyS1R1N>L_#=fL^4VWA*CVS0Rk;O&S1VO|A2tOXm%~0LLZ9H4(rD4H`D>yb)uXpS zID529Ei_9>9FI66sz*8~{)FbGr;9?}R)!nq+pI~whkSI>j--dlhI)pNr2k{e_AggZ zj{>vMF#~J^+-aC$i2Jwi0swe;Fm*W0F#6ZtuKZoL9FAM?=oKKc!%Z1KGv7VB>5I{d zfyuC%#Q`dcIB=_E1Q1ej5F(qr*xVP|5>K|KTsSb#J#`qxF57FnB(}A+otZD525^B^ zVdwU4$+5|&{0?9`$j8?ZR#%1f>L<>KE#uK4)-4OpMzgy)WNW*KD zSaj-(MdOC<)ns9w;r4uv%-xydwm4#FrzhRndU|Z)hE{(Tu6VpO0by(q!;Za%6y!cL zjusk;-``(`(PQ3+AIg!x!X7i*JD}&{!i&MRLVaf}?E6*mMyF_P;<1Jd?%Ewa*9w^@ zwsghk^H8CB%p4^C-Ics^<#9>ba^zR69QvYQmqps2PM7GNPvXJ+$sty)LQxye)T&dz zIekA>Zx6E8RxpDEN|b+HW#~tJd%f}3Qm~mxlTjQF=%_f49MAd;FJ+oo=|z>-9zJWG znK6Uf1w9O*d+qQm=_Z17#+=q>f^KwVEa}<8^Cu^MtU`y5M@@N8u7^l#r%CBS(AS1A z5M1&~)7l~8=vv{56!y~5!$i43lccADueOZ-WjyAa8b@-Fe6s5}20SoUfHJ^$z(rvn zfV)A~gzj@-^GI+xdwc8in_GFuk|@0n-SM1sQnn9wSG>GY;hq{di}2)1+*lHQlHI4+ z0ZMHyWiZIBmAN4#=<=9(CK&V1%~5emp7whS&9}aM5s{)D&sNr)Qv2vOjRElJ;zp87hXZaTdgcrrmKJ|acJIU;;dg7tC|DX=5Pc#^uT+ zpMIO&^{7hF_wlJ~KAcaMyD86{bphJ={mg7w1ZAaUl2E&BvLRtP8^?BKq{#?!CU$5` zG+IAswJvHON)zq&{*De07R|$bE9$@&rj>I#HO7hJg`EiaSL`@Exwm6Mv$3Gp>2CX> zB0kJE+m5$ZCYi}M`8bEfQzcxZil=eW3|y?mL3WvpPaevOCvp7_Ar;+CV$NrJ+W2cX zslU)Ux2Ema!+9=G|Hkt5_4_ZSu-2Q$&XvgwC9?4grNqmL_2@%<$YsoBVy`SDlZqlc z1n43mt+DopYSxab2W)~^GfS#Q^kgL0Nh}}aG~R9Xu^xyKrnyTs3uIs?5*6WZkGtg& zbP1s%cQ$5EtUo9pXKpBSuyrMUwIlTst8kO~kg0fevGkShLH;I%O!Ze9<=}X#-a!`j zqawMX%YyhgS;;~z%jClVDL^fy+aGLL))^&9Bq~MPbhT*mNt*BC>H7Ust|B|lDq!^|Su23U zcAo6Dd8B2Z^P8=G#p$_T^}ZXmrI^$x)6QGC4heh|>$Kugq_SMAwU&$-q_ynnzPqqu zwOIFs$;ZuSDbBkp`}cSUKr#dTxf>x&v1p&)SG1R3NJ0KC-M9e(o$X9&GAk+@vDo)i zWD?A0Hy%VN?G{D8lm7K2mp<>+YoZq}_q@%cqaePewMIpri3$vD#suW!vGj-W^4tj{ z5XuuVevda~VQj=``G>)J)JYwJTOmIPA(cM440EG*T2Z5_WeK<`$dxFMGFRT`4suuK-EkRXr8@~o0lwy)%wF*tB;hTX2u`=+!1m1LWp9n4YS@XyK*c0&l>OFDMxkuBGNw zw7==Y8OJ;LqvfV-tQj-o@C^y=N*IVE^8CE{BIQd(oAJHqKIf^82*`I;CeR5a@|!)I z1^-$?c1g^49;`Z-(n_rhXKF`S;g{MW*0XHlk4%a7!D0#Piu?IVY`N(oV{!6|IGHU2 zsDtCoN8Xq8HBh4fP0=_}RickQaG?cBUV5pB5ihx-_rlyi`=2|+oL>8zBGjMJXeIn! ze6S;8t25EyZigQE{lSt+6-VG#nT?&lj*UU>u1Waf9HbTGaH`J zM3ntDCI(@nj;A4X#C~dDa}01Lz?a@ju^7AWOPrL!S1{0A%N{j;Al?KKp^TIbiwQ zUBBCRzosaCBx<9i?K@rl_+lQLJv`54^nm^)zJI~aeTj~~J4c)cf5OvG?Lf6+=`)iC zDuTkQ#L*8VsGKKx=i(})4Mov5By(E>j-(#b3+rbSmR~EQi6tdmpA|3cDsQyhwL=TX z(S;JPCX04@nc*=@Qs1!8&oecjUVP(i-BRe5!0jb`{rzR09I3_lt#y2d)T;%#N9Vy< zGJcAVbr+;2keAV4j9M%FKI9yP+YKIl_!OGHDr7p)Vt4bu-^^?yd9u$nohZq!p~AJ0 z;w0-2$s+AiAdKOwaAENJz?F3LPpJ>8}V!swk&sW<9sAcEAQ#@@gCK1 zuA2o_9TtXLV!N6zt62ctpuEpkD2sA^ot*0tP`|FrFEsG#ul15^ z1w?0yG8XcuJ>w_t&M;=Lf#jcvPZv@L_XX2E`T}RkH|%XRUe8I-e^k4Y@u3U?WG3Ju4@FKE|Jv z^?XD^I$~a1{j3s?T1y~$w<$&Iq(j!WGq#iyt7s+nQOFl;PEAwuP+gKsB#U?^@e|tC zQi?^KmAtSLRZH$X?@qf%9re5kt}aATG4=A#928F9us83%U3x-iL$O8nH!*s#+~UzP<6~dfto3+FSnO-@@#saE*QdF<4y|Gle=i;KDk+vGt=e!T z=>Y77+8>Yew5{3Lgji5%NKM5Kg+gbp(iJx3j8{_39aXW7HV|F#FnM!mlQBumUFC-|GV06#YRH)#a_ fzhzeZch178eTiYWYbMif0YhC`N2%(mP2~Rqh literal 0 HcmV?d00001 diff --git a/docs/versioned_docs/version-2.19/_media/tcb.svg b/docs/versioned_docs/version-2.19/_media/tcb.svg new file mode 100644 index 000000000..e5bcb5b95 --- /dev/null +++ b/docs/versioned_docs/version-2.19/_media/tcb.svg @@ -0,0 +1,535 @@ + + diff --git a/docs/versioned_docs/version-2.19/architecture/attestation.md b/docs/versioned_docs/version-2.19/architecture/attestation.md new file mode 100644 index 000000000..9bd157460 --- /dev/null +++ b/docs/versioned_docs/version-2.19/architecture/attestation.md @@ -0,0 +1,409 @@ +# Attestation + +This page explains Constellation's attestation process and highlights the cornerstones of its trust model. + +## Terms + +The following lists terms and concepts that help to understand the attestation concept of Constellation. + +### Trusted Platform Module (TPM) + +A TPM chip is a dedicated tamper-resistant crypto-processor. +It can securely store artifacts such as passwords, certificates, encryption keys, or *runtime measurements* (more on this below). +When a TPM is implemented in software, it's typically called a *virtual* TPM (vTPM). + +### Runtime measurement + +A runtime measurement is a cryptographic hash of the memory pages of a so called *runtime component*. Runtime components of interest typically include a system's bootloader or OS kernel. + +### Platform Configuration Register (PCR) + +A Platform Configuration Register (PCR) is a memory location in the TPM that has some unique properties. +To store a new value in a PCR, the existing value is extended with a new value as follows: + +``` +PCR[N] = HASHalg( PCR[N] || ArgumentOfExtend ) +``` + +The PCRs are typically used to store runtime measurements. +The new value of a PCR is always an extension of the existing value. +Thus, storing the measurements of multiple components into the same PCR irreversibly links them together. + +### Measured boot + +Measured boot builds on the concept of chained runtime measurements. +Each component in the boot chain loads and measures the next component into the PCR before executing it. +By comparing the resulting PCR values against trusted reference values, the integrity of the entire boot chain and thereby the running system can be ensured. + +### Remote attestation (RA) + +Remote attestation is the process of verifying certain properties of an application or platform, such as integrity and confidentiality, from a remote location. +In the case of a measured boot, the goal is to obtain a signed attestation statement on the PCR values of the boot measurements. +The statement can then be verified and compared to a set of trusted reference values. +This way, the integrity of the platform can be ensured before sharing secrets with it. + +### Confidential virtual machine (CVM) + +Confidential computing (CC) is the protection of data in-use with hardware-based trusted execution environments (TEEs). +With CVMs, TEEs encapsulate entire virtual machines and isolate them against the hypervisor, other VMs, and direct memory access. +After loading the initial VM image into encrypted memory, the hypervisor calls for a secure processor to measure these initial memory pages. +The secure processor locks these pages and generates an attestation report on the initial page measurements. +CVM memory pages are encrypted with a key that resides inside the secure processor, which makes sure only the guest VM can access them. +The attestation report is signed by the secure processor and can be verified using remote attestation via the certificate authority of the hardware vendor. +Such an attestation statement guarantees the confidentiality and integrity of a CVM. + +### Attested TLS (aTLS) + +In a CC environment, attested TLS (aTLS) can be used to establish secure connections between two parties using the remote attestation features of the CC components. + +aTLS modifies the TLS handshake by embedding an attestation statement into the TLS certificate. +Instead of relying on a certificate authority, aTLS uses this attestation statement to establish trust in the certificate. + +The protocol can be used by clients to verify a server certificate, by a server to verify a client certificate, or for mutual verification (mutual aTLS). + +## Overview + +The challenge for Constellation is to lift a CVM's attestation statement to the Kubernetes software layer and make it end-to-end verifiable. +From there, Constellation needs to expand the attestation from a single CVM to the entire cluster. + +The [*JoinService*](microservices.md#joinservice) and [*VerificationService*](microservices.md#verificationservice) are where all runs together. +Internally, the *JoinService* uses remote attestation to securely join CVM nodes to the cluster. +Externally, the *VerificationService* provides an attestation statement for the cluster's CVMs and configuration. + +The following explains the details of both steps. + +## Node attestation + +The idea is that Constellation nodes should have verifiable integrity from the CVM hardware measurement up to the Kubernetes software layer. +The solution is a verifiable boot chain and an integrity-protected runtime environment. + +Constellation uses measured boot within CVMs, measuring each component in the boot process before executing it. +Outside of CC, this is usually implemented via TPMs. +CVM technologies differ in how they implement runtime measurements, but the general concepts are similar to those of a TPM. +For simplicity, TPM terminology like *PCR* is used in the following. + +When a Constellation node image boots inside a CVM, measured boot is used for all stages and components of the boot chain. +This process goes up to the root filesystem. +The root filesystem is mounted read-only with integrity protection. +For the details on the image and boot stages see the [image architecture](../architecture/images.md) documentation. +Any changes to the image will inevitably also change the corresponding PCR values. +To create a node attestation statement, the Constellation image obtains a CVM attestation statement from the hardware. +This includes the runtime measurements and thereby binds the measured boot results to the CVM hardware measurement. + +In addition to the image measurements, Constellation extends a PCR during the [initialization phase](../workflows/create.md) that irrevocably marks the node as initialized. +The measurement is created using the [*clusterID*](../architecture/keys.md#cluster-identity), tying all future attestation statements to this ID. +Thereby, an attestation statement is unique for every cluster and a node can be identified unambiguously as being initialized. + +To verify an attestation, the hardware's signature and a statement are verified first to establish trust in the contained runtime measurements. +If successful, the measurements are verified against the trusted values of the particular Constellation release version. +Finally, the measurement of the *clusterID* can be compared by calculating it with the [master secret](keys.md#master-secret). + +### Runtime measurements + +Constellation uses runtime measurements to implement the measured boot approach. +As stated above, the underlying hardware technology and guest firmware differ in their implementations of runtime measurements. +The following gives a detailed description of the available measurements in the different cloud environments. + +The runtime measurements consist of two types of values: + +* **Measurements produced by the cloud infrastructure and firmware of the CVM**: +These are measurements of closed-source firmware and other values controlled by the cloud provider. +While not being reproducible for the user, some of them can be compared against previously observed values. +Others may change frequently and aren't suitable for verification. +The [signed image measurements](#chain-of-trust) include measurements that are known, previously observed values. + +* **Measurements produced by the Constellation bootloader and boot chain**: +The Constellation Bootloader takes over from the CVM firmware and [measures the rest of the boot chain](images.md). +The Constellation [Bootstrapper](microservices.md#bootstrapper) is the first user mode component that runs in a Constellation image. +It extends PCR registers with the [IDs](keys.md#cluster-identity) of the cluster marking a node as initialized. + +Constellation allows to specify in the config which measurements should be enforced during the attestation process. +Enforcing non-reproducible measurements controlled by the cloud provider means that changes in these values require manual updates to the cluster's config. +By default, Constellation only enforces measurements that are stable values produced by the infrastructure or by Constellation directly. + + + + +Constellation uses the [vTPM](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) (NitroTPM) feature of the [AWS Nitro System](http://aws.amazon.com/ec2/nitro/) on AWS for runtime measurements. + +The vTPM adheres to the [TPM 2.0](https://trustedcomputinggroup.org/resource/tpm-library-specification/) specification. +The VMs are attested by obtaining signed PCR values over the VM's boot configuration from the TPM and comparing them to a known, good state (measured boot). + +The following table lists all PCR values of the vTPM and the measured components. +It also lists what components of the boot chain did the measurements and if the value is reproducible and verifiable. +The latter means that the value can be generated offline and compared to the one in the vTPM. + +| PCR | Components | Measured by | Reproducible and verifiable | +| ----------- | ---------------------------------------------------------------- | -------------------------------------- | --------------------------- | +| 0 | Firmware | AWS | No | +| 1 | Firmware | AWS | No | +| 2 | Firmware | AWS | No | +| 3 | Firmware | AWS | No | +| 4 | Constellation Bootloader, Kernel, initramfs, Kernel command line | AWS, Constellation Bootloader | Yes | +| 5 | Firmware | AWS | No | +| 6 | Firmware | AWS | No | +| 7 | Secure Boot Policy | AWS, Constellation Bootloader | No | +| 8 | - | - | - | +| 9 | initramfs, Kernel command line | Linux Kernel | Yes | +| 10 | User space | Linux IMA | No[^1] | +| 11 | Unified Kernel Image components | Constellation Bootloader | Yes | +| 12 | Reserved | (User space, Constellation Bootloader) | Yes | +| 13 | Reserved | (Constellation Bootloader) | Yes | +| 14 | Secure Boot State | Constellation Bootloader | No | +| 15 | ClusterID | Constellation Bootstrapper | Yes | +| 16–23 | Unused | - | - | + + + + +Constellation uses the [vTPM](https://docs.microsoft.com/en-us/azure/virtual-machines/trusted-launch#vtpm) feature of Azure CVMs for runtime measurements. +This vTPM adheres to the [TPM 2.0](https://trustedcomputinggroup.org/resource/tpm-library-specification/) specification. +It provides a [measured boot](https://docs.microsoft.com/en-us/azure/security/fundamentals/measured-boot-host-attestation#measured-boot) verification that's based on the trusted launch feature of [Trusted Launch VMs](https://docs.microsoft.com/en-us/azure/virtual-machines/trusted-launch). + +The following table lists all PCR values of the vTPM and the measured components. +It also lists what components of the boot chain did the measurements and if the value is reproducible and verifiable. +The latter means that the value can be generated offline and compared to the one in the vTPM. + +| PCR | Components | Measured by | Reproducible and verifiable | +| ----------- | ---------------------------------------------------------------- | -------------------------------------- | --------------------------- | +| 0 | Firmware | Azure | No | +| 1 | Firmware | Azure | No | +| 2 | Firmware | Azure | No | +| 3 | Firmware | Azure | No | +| 4 | Constellation Bootloader, Kernel, initramfs, Kernel command line | Azure, Constellation Bootloader | Yes | +| 5 | Reserved | Azure | No | +| 6 | VM Unique ID | Azure | No | +| 7 | Secure Boot State | Azure, Constellation Bootloader | No | +| 8 | - | - | - | +| 9 | initramfs, Kernel command line | Linux Kernel | Yes | +| 10 | User space | Linux IMA | No[^1] | +| 11 | Unified Kernel Image components | Constellation Bootloader | Yes | +| 12 | Reserved | (User space, Constellation Bootloader) | Yes | +| 13 | Reserved | (Constellation Bootloader) | Yes | +| 14 | Secure Boot State | Constellation Bootloader | No | +| 15 | ClusterID | Constellation Bootstrapper | Yes | +| 16–23 | Unused | - | - | + + + + +Constellation uses the [vTPM](https://cloud.google.com/compute/confidential-vm/docs/about-cvm) feature of CVMs on GCP for runtime measurements. +Note that this vTPM doesn't run inside the hardware-protected CVM context, but is emulated by the hypervisor. + +The vTPM adheres to the [TPM 2.0](https://trustedcomputinggroup.org/resource/tpm-library-specification/) specification. +It provides a [launch attestation report](https://cloud.google.com/compute/confidential-vm/docs/monitoring#about_launch_attestation_report_events) that's based on the measured boot feature of [Shielded VMs](https://cloud.google.com/compute/shielded-vm/docs/shielded-vm#measured-boot). + +The following table lists all PCR values of the vTPM and the measured components. +It also lists what components of the boot chain did the measurements and if the value is reproducible and verifiable. +The latter means that the value can be generated offline and compared to the one in the vTPM. + +| PCR | Components | Measured by | Reproducible and verifiable | +| ----------- | ---------------------------------------------------------------- | -------------------------------------- | --------------------------- | +| 0 | CVM version and technology | GCP | No | +| 1 | Firmware | GCP | No | +| 2 | Firmware | GCP | No | +| 3 | Firmware | GCP | No | +| 4 | Constellation Bootloader, Kernel, initramfs, Kernel command line | GCP, Constellation Bootloader | Yes | +| 5 | Disk GUID partition table | GCP | No | +| 6 | Disk GUID partition table | GCP | No | +| 7 | GCP Secure Boot Policy | GCP, Constellation Bootloader | No | +| 8 | - | - | - | +| 9 | initramfs, Kernel command line | Linux Kernel | Yes | +| 10 | User space | Linux IMA | No[^1] | +| 11 | Unified Kernel Image components | Constellation Bootloader | Yes | +| 12 | Reserved | (User space, Constellation Bootloader) | Yes | +| 13 | Reserved | (Constellation Bootloader) | Yes | +| 14 | Secure Boot State | Constellation Bootloader | No | +| 15 | ClusterID | Constellation Bootstrapper | Yes | +| 16–23 | Unused | - | - | + + + + +Constellation uses a hypervisor-based vTPM for runtime measurements. + +The vTPM adheres to the [TPM 2.0](https://trustedcomputinggroup.org/resource/tpm-library-specification/) specification. +The VMs are attested by obtaining signed PCR values over the VM's boot configuration from the TPM and comparing them to a known, good state (measured boot). + +The following table lists all PCR values of the vTPM and the measured components. +It also lists what components of the boot chain did the measurements and if the value is reproducible and verifiable. +The latter means that the value can be generated offline and compared to the one in the vTPM. + +| PCR | Components | Measured by | Reproducible and verifiable | +| ----------- | ---------------------------------------------------------------- | -------------------------------------- | --------------------------- | +| 0 | Firmware | STACKIT | No | +| 1 | Firmware | STACKIT | No | +| 2 | Firmware | STACKIT | No | +| 3 | Firmware | STACKIT | No | +| 4 | Constellation Bootloader, Kernel, initramfs, Kernel command line | STACKIT, Constellation Bootloader | Yes | +| 5 | Firmware | STACKIT | No | +| 6 | Firmware | STACKIT | No | +| 7 | Secure Boot Policy | STACKIT, Constellation Bootloader | No | +| 8 | - | - | - | +| 9 | initramfs, Kernel command line | Linux Kernel | Yes | +| 10 | User space | Linux IMA | No[^1] | +| 11 | Unified Kernel Image components | Constellation Bootloader | Yes | +| 12 | Reserved | (User space, Constellation Bootloader) | Yes | +| 13 | Reserved | (Constellation Bootloader) | Yes | +| 14 | Secure Boot State | Constellation Bootloader | No | +| 15 | ClusterID | Constellation Bootstrapper | Yes | +| 16–23 | Unused | - | - | + + + + +### CVM verification + +To verify the integrity of the received attestation statement, a chain of trust from the CVM technology to the interface providing the statement has to be established. +For verification of the CVM technology, Constellation may expose additional options in its config file. + + + + +On AWS, AMD SEV-SNP is used to provide runtime encryption to the VMs. +An SEV-SNP attestation report is used to establish trust in the VM. +You may customize certain parameters for verification of the attestation statement using the Constellation config file. + +* TCB versions + + You can set the minimum version numbers of components in the SEV-SNP TCB. + Use the latest versions to enforce that only machines with the most recent firmware updates are allowed to join the cluster. + Alternatively, you can set a lower minimum version to allow slightly out-of-date machines to still be able to join the cluster. + +* AMD Root Key Certificate + + This certificate is the root of trust for verifying the SEV-SNP certificate chain. + +* AMD Signing Key Certificate + + This is the intermediate certificate for verifying the SEV-SNP report's signature. + If it's not specified, the CLI fetches it from the AMD key distribution server. + + + + +On Azure, AMD SEV-SNP is used to provide runtime encryption to the VMs. +An SEV-SNP attestation report is used to establish trust in the vTPM running inside the VM. +You may customize certain parameters for verification of the attestation statement using the Constellation config file. + +* TCB versions + + You can set the minimum version numbers of components in the SEV-SNP TCB. + Use the latest versions to enforce that only machines with the most recent firmware updates are allowed to join the cluster. + Alternatively, you can set a lower minimum version to allow slightly out-of-date machines to still be able to join the cluster. + +* AMD Root Key Certificate + + This certificate is the root of trust for verifying the SEV-SNP certificate chain. + +* Firmware Signer + + This config option allows you to specify how the firmware signer should be verified. + More explicitly, it controls the verification of the `IDKeyDigest` value in the SEV-SNP attestation report. + You can provide a list of accepted key digests and specify a policy on how this list is compared against the reported `IDKeyDigest`. + + + + +On GCP, AMD SEV-SNP is used to provide runtime encryption to the VMs. +An SEV-SNP attestation report is used to establish trust in the VM. +You may customize certain parameters for verification of the attestation statement using the Constellation config file. + +* TCB versions + + You can set the minimum version numbers of components in the SEV-SNP TCB. + Use the latest versions to enforce that only machines with the most recent firmware updates are allowed to join the cluster. + Alternatively, you can set a lower minimum version to allow slightly out-of-date machines to still be able to join the cluster. + +* AMD Root Key Certificate + + This certificate is the root of trust for verifying the SEV-SNP certificate chain. + +* AMD Signing Key Certificate + + This is the intermediate certificate for verifying the SEV-SNP report's signature. + If it's not specified, the CLI fetches it from the AMD key distribution server. + + + + +On STACKIT, AMD SEV-ES is used to provide runtime encryption to the VMs. +The hypervisor-based vTPM is used to establish trust in the VM via [runtime measurements](#runtime-measurements). +There is no additional configuration available for STACKIT. + + + + +## Cluster attestation + +Cluster-facing, Constellation's [*JoinService*](microservices.md#joinservice) verifies each node joining the cluster given the configured ground truth runtime measurements. +User-facing, the [*VerificationService*](microservices.md#verificationservice) provides an interface to verify a node using remote attestation. +By verifying the first node during the [initialization](microservices.md#bootstrapper) and configuring the ground truth measurements that are subsequently enforced by the *JoinService*, the whole cluster is verified in a transitive way. + +### Cluster-facing attestation + +The *JoinService* is provided with the runtime measurements of the whitelisted Constellation image version as the ground truth. +During the initialization and the cluster bootstrapping, each node connects to the *JoinService* using [aTLS](#attested-tls-atls). +During the handshake, the node transmits an attestation statement including its runtime measurements. +The *JoinService* verifies that statement and compares the measurements against the ground truth. +For details of the initialization process check the [microservice descriptions](microservices.md). + +After the initialization, every node updates its runtime measurements with the *clusterID* value, marking it irreversibly as initialized. +When an initialized node tries to join another cluster, its measurements inevitably mismatch the measurements of an uninitialized node and it will be declined. + +### User-facing attestation + +The [*VerificationService*](microservices.md#verificationservice) provides an endpoint for obtaining its hardware-based remote attestation statement, which includes the runtime measurements. +A user can [verify](../workflows/verify-cluster.md) this statement and compare the measurements against the configured ground truth and, thus, verify the identity and integrity of all Constellation components and the cluster configuration. Subsequently, the user knows that the entire cluster is in the expected state and is trustworthy. + +## Putting it all together + +This section puts the aforementioned concepts together and illustrate how trust into a Constellation cluster is established and maintained. + +### CLI and node images + +It all starts with the CLI executable. The CLI is signed by Edgeless Systems. To ensure non-repudiability for CLI releases, Edgeless Systems publishes corresponding signatures to the public ledger of the [sigstore project](https://www.sigstore.dev/). There's a [step-by-step guide](../workflows/verify-cli.md) on how to verify CLI signatures based on sigstore. + +The CLI contains the latest runtime measurements of the Constellation node image for all supported cloud platforms. In case a different version of the node image is to be used, the corresponding runtime measurements can be fetched using the CLI's [fetch-measurements command](../reference/cli.md#constellation-config-fetch-measurements). This command downloads the runtime measurements and the corresponding signature from cdn.confidential.cloud. See for example the following files corresponding to node image v2.16.3: + +* [Measurements](https://cdn.confidential.cloud/constellation/v2/ref/-/stream/stable/v2.16.3/image/measurements.json) +* [Signature](https://cdn.confidential.cloud/constellation/v2/ref/-/stream/stable/v2.16.3/image/measurements.json.sig) + +The CLI contains the long-term public key of Edgeless Systems to verify the signature of downloaded runtime measurements. + +### Cluster creation + +When a cluster is [created](../workflows/create.md), the CLI automatically verifies the runtime measurements of the *first node* using remote attestation. Based on this, the CLI and the first node set up a temporary TLS connection. This [aTLS](#attested-tls-atls) connection is used for two things: + +1. The CLI sends the [master secret](../architecture/keys.md#master-secret) of the to-be-created cluster to the CLI. The master secret is generated by the first node. +2. The first node sends a [kubeconfig file](https://www.redhat.com/sysadmin/kubeconfig) with Kubernetes credentials to the CLI. + +After this, the aTLS connection is closed and the first node bootstraps the Kubernetes cluster. All subsequent interactions between the CLI and the cluster go via the [Kubernetes API](https://kubernetes.io/docs/concepts/overview/kubernetes-api/) server running inside the cluster. The CLI (and other tools like kubectl) use the credentials referenced by the kubeconfig file to authenticate themselves towards the Kubernetes API server and to establish a mTLS connection. + +The CLI connects to the Kubernetes API to write the runtime measurements for the applicable node image to etcd. The JoinService uses these runtime measurements to verify all nodes that join the cluster subsequently. + +### Chain of trust + +In summary, there's a chain of trust based on cryptographic signatures that goes from the user to the cluster via the CLI. This is illustrated in the following diagram. + +```mermaid +flowchart LR + A[User]-- "verifies" -->B[CLI] + B[CLI]-- "verifies" -->C([Runtime measurements]) + D[Edgeless Systems]-- "signs" -->B[CLI] + D[Edgeless Systems]-- "signs" -->C([Runtime measurements]) + B[CLI]-- "verifies (remote attestation)" -->E[First node] + E[First node]-- "verifies (remote attestation)" -->F[Other nodes] + C([Runtime measurements]) -.-> E[First node] + C([Runtime measurements]) -.-> F[Other nodes] +``` + +### Upgrades + +Whenever a cluster is [upgraded](../workflows/upgrade.md) to a new version of the node image, the CLI sends the corresponding runtime measurements via the Kubernetes API server. The new runtime measurements are stored in etcd within the cluster and replace any previous runtime measurements. The new runtime measurements are then used automatically by the JoinService for the verification of new nodes. + +## References + +[^1]: Linux IMA produces runtime measurements of user-space binaries. +However, these measurements aren't deterministic and thus, PCR\[10] can't be compared to a constant value. +Instead, a policy engine must be used to verify the TPM event log against a policy. diff --git a/docs/versioned_docs/version-2.19/architecture/encrypted-storage.md b/docs/versioned_docs/version-2.19/architecture/encrypted-storage.md new file mode 100644 index 000000000..f047fa4a9 --- /dev/null +++ b/docs/versioned_docs/version-2.19/architecture/encrypted-storage.md @@ -0,0 +1,62 @@ +# Encrypted persistent storage + +Confidential VMs provide runtime memory encryption to protect data in use. +In the context of Kubernetes, this is sufficient for the confidentiality and integrity of stateless services. +Consider a front-end web server, for example, that keeps all connection information cached in main memory. +No sensitive data is ever written to an insecure medium. +However, many real-world applications need some form of state or data-lake service that's connected to a persistent storage device and requires encryption at rest. +As described in [Use persistent storage](../workflows/storage.md), cloud service providers (CSPs) use the container storage interface (CSI) to make their storage solutions available to Kubernetes workloads. +These CSI storage solutions often support some sort of encryption. +For example, Google Cloud [encrypts data at rest by default](https://cloud.google.com/security/encryption/default-encryption), without any action required by the customer. + +## Cloud provider-managed encryption + +CSP-managed storage solutions encrypt the data in the cloud backend before writing it physically to disk. +In the context of confidential computing and Constellation, the CSP and its managed services aren't trusted. +Hence, cloud provider-managed encryption protects your data from offline hardware access to physical storage devices. +It doesn't protect it from anyone with infrastructure-level access to the storage backend or a malicious insider in the cloud platform. +Even with "bring your own key" or similar concepts, the CSP performs the encryption process with access to the keys and plaintext data. + +In the security model of Constellation, securing persistent storage and thereby data at rest requires that all cryptographic operations are performed inside a trusted execution environment. +Consequently, using CSP-managed encryption of persistent storage usually isn't an option. + +## Constellation-managed encryption + +Constellation provides CSI drivers for storage solutions in all major clouds with built-in encryption support. +Block storage provisioned by the CSP is [mapped](https://guix.gnu.org/manual/en/html_node/Mapped-Devices.html) using the [dm-crypt](https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/dm-crypt.html), and optionally the [dm-integrity](https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/dm-integrity.html), kernel modules, before it's formatted and accessed by the Kubernetes workloads. +All cryptographic operations happen inside the trusted environment of the confidential Constellation node. + +Note that for integrity-protected disks, [volume expansion](https://kubernetes.io/blog/2018/07/12/resizing-persistent-volumes-using-kubernetes/) isn't supported. + +By default the driver uses data encryption keys (DEKs) issued by the Constellation [*KeyService*](microservices.md#keyservice). +The DEKs are in turn derived from the Constellation's key encryption key (KEK), which is directly derived from the [master secret](keys.md#master-secret). +This is the recommended mode of operation, and also requires the least amount of setup by the cluster administrator. + +Alternatively, the driver can be configured to use a key management system to store and access KEKs and DEKs. + +Refer to [keys and cryptography](keys.md) for more details on key management in Constellation. + +Once deployed and configured, the CSI driver ensures transparent encryption and integrity of all persistent volumes provisioned via its storage class. +Data at rest is secured without any additional actions required by the developer. + +## Cryptographic algorithms + +This section gives an overview of the libraries, cryptographic algorithms, and their configurations, used in Constellation's CSI drivers. + +### dm-crypt + +To interact with the dm-crypt kernel module, Constellation uses [libcryptsetup](https://gitlab.com/cryptsetup/cryptsetup/). +New devices are formatted as [LUKS2](https://gitlab.com/cryptsetup/LUKS2-docs/-/tree/master) partitions with a sector size of 4096 bytes. +The used key derivation function is [Argon2id](https://datatracker.ietf.org/doc/html/rfc9106) with the [recommended parameters for memory-constrained environments](https://datatracker.ietf.org/doc/html/rfc9106#section-7.4) of 3 iterations and 64 MiB of memory, utilizing 4 parallel threads. +For encryption Constellation uses AES in XTS-Plain64. The key size is 512 bit. + +### dm-integrity + +To interact with the dm-integrity kernel module, Constellation uses [libcryptsetup](https://gitlab.com/cryptsetup/cryptsetup/). +When enabled, the used data integrity algorithm is [HMAC](https://datatracker.ietf.org/doc/html/rfc2104) with SHA256 as the hash function. +The tag size is 32 Bytes. + +## Encrypted S3 object storage + +Constellation comes with a service that you can use to transparently retrofit client-side encryption to existing applications that use S3 (AWS or compatible) for storage. +To learn more, check out the [s3proxy documentation](../workflows/s3proxy.md). diff --git a/docs/versioned_docs/version-2.19/architecture/images.md b/docs/versioned_docs/version-2.19/architecture/images.md new file mode 100644 index 000000000..8a9c51d36 --- /dev/null +++ b/docs/versioned_docs/version-2.19/architecture/images.md @@ -0,0 +1,49 @@ +# Constellation images + +Constellation uses a minimal version of Fedora as the operating system running inside confidential VMs. This Linux distribution is optimized for containers and designed to be stateless. +The Constellation images provide measured boot and an immutable filesystem. + +## Measured boot + +```mermaid +flowchart LR + Firmware --> Bootloader + Bootloader --> uki + subgraph uki[Unified Kernel Image] + Kernel[Kernel] + initramfs[Initramfs] + cmdline[Kernel Command Line] + end + uki --> rootfs[Root Filesystem] +``` + +Measured boot uses a Trusted Platform Module (TPM) to measure every part of the boot process. This allows for verification of the integrity of a running system at any point in time. To ensure correct measurements of every stage, each stage is responsible to measure the next stage before transitioning. + +### Firmware + +With confidential VMs, the firmware is the root of trust and is measured automatically at boot. After initialization, the firmware will load and measure the bootloader before executing it. + +### Bootloader + +The bootloader is the first modifiable part of the boot chain. The bootloader is tasked with loading the kernel, initramfs and setting the kernel command line. The Constellation bootloader measures these components before starting the kernel. + +### initramfs + +The initramfs is a small filesystem loaded to prepare the actual root filesystem. The Constellation initramfs maps the block device containing the root filesystem with [dm-verity](https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/verity.html). The initramfs then mounts the root filesystem from the mapped block device. + +dm-verity provides integrity checking using a cryptographic hash tree. When a block is read, its integrity is checked by verifying the tree against a trusted root hash. The initramfs reads this root hash from the previously measured kernel command line. Thus, if any block of the root filesystem's device is modified on disk, trying to read the modified block will result in a kernel panic at runtime. + +After mounting the root filesystem, the initramfs will switch over and start the `init` process of the integrity-protected root filesystem. + +## State disk + +In addition to the read-only root filesystem, each Constellation node has a disk for storing state data. +This disk is mounted readable and writable by the initramfs and contains data that should persist across reboots. +Such data can contain sensitive information and, therefore, must be stored securely. +To that end, the state disk is protected by authenticated encryption. +See the section on [keys and encryption](keys.md#storage-encryption) for more information on the cryptographic primitives in use. + +## Kubernetes components + +During initialization, the [*Bootstrapper*](microservices.md#bootstrapper) downloads and verifies the [Kubernetes components](https://kubernetes.io/docs/concepts/overview/components/) as configured by the user. +They're stored on the state partition and can be updated once new releases need to be installed. diff --git a/docs/versioned_docs/version-2.19/architecture/keys.md b/docs/versioned_docs/version-2.19/architecture/keys.md new file mode 100644 index 000000000..553d9d4e2 --- /dev/null +++ b/docs/versioned_docs/version-2.19/architecture/keys.md @@ -0,0 +1,131 @@ +# Key management and cryptographic primitives + +Constellation protects and isolates your cluster and workloads. +To that end, cryptography is the foundation that ensures the confidentiality and integrity of all components. +Evaluating the security and compliance of Constellation requires a precise understanding of the cryptographic primitives and keys used. +The following gives an overview of the architecture and explains the technical details. + +## Confidential VMs + +Confidential VM (CVM) technology comes with hardware and software components for memory encryption, isolation, and remote attestation. +For details on the implementations and cryptographic soundness, refer to the hardware vendors' documentation and advisories. + +## Master secret + +The master secret is the cryptographic material used for deriving the [*clusterID*](#cluster-identity) and the *key encryption key (KEK)* for [storage encryption](#storage-encryption). +It's generated during the bootstrapping of a Constellation cluster. +It can either be managed by [Constellation](#constellation-managed-key-management) or an [external key management system](#user-managed-key-management). +In case of [recovery](#recovery-and-migration), the master secret allows to decrypt the state and recover a Constellation cluster. + +## Cluster identity + +The identity of a Constellation cluster is represented by cryptographic [measurements](attestation.md#runtime-measurements): + +The **base measurements** represent the identity of a valid, uninitialized Constellation node. +They depend on the node image, but are otherwise the same for every Constellation cluster. +On node boot, they're determined using the CVM's attestation mechanism and [measured boot up to the read-only root filesystem](images.md). + +The **clusterID** represents the identity of a single initialized Constellation cluster. +It's derived from the master secret and a cryptographically random salt and unique for every Constellation cluster. +The [Bootstrapper](microservices.md#bootstrapper) measures the *clusterID* into its own PCR before executing any code not measured as part of the *base measurements*. +See [Node attestation](attestation.md#node-attestation) for details. + +The remote attestation statement of a Constellation cluster combines the *base measurements* and the *clusterID* for a verifiable, unspoofable, unique identity. + +## Network encryption + +Constellation encrypts all cluster network communication using the [container network interface (CNI)](https://github.com/containernetworking/cni). +See [network encryption](networking.md) for more details. + +The Cilium agent running on each node establishes a secure [WireGuard](https://www.wireguard.com/) tunnel between it and all other known nodes in the cluster. +Each node creates its own [Curve25519](http://cr.yp.to/ecdh.html) encryption key pair and distributes its public key via Kubernetes. +A node uses another node's public key to decrypt and encrypt traffic from and to Cilium-managed endpoints running on that node. +Connections are always encrypted peer-to-peer using [ChaCha20](http://cr.yp.to/chacha.html) with [Poly1305](http://cr.yp.to/mac.html). +WireGuard implements [forward secrecy with key rotation every 2 minutes](https://lists.zx2c4.com/pipermail/wireguard/2017-December/002141.html). +Cilium supports [key rotation](https://docs.cilium.io/en/stable/security/network/encryption-ipsec/#key-rotation) for the long-term node keys via Kubernetes secrets. + +## Storage encryption + +Constellation supports transparent encryption of persistent storage. +The Linux kernel's device mapper-based encryption features are used to encrypt the data on the block storage level. +Currently, the following primitives are used for block storage encryption: + +* [dm-crypt](https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/dm-crypt.html) +* [dm-integrity](https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/dm-integrity.html) + +Adding primitives for integrity protection in the CVM attacker model are under active development and will be available in a future version of Constellation. +See [encrypted storage](encrypted-storage.md) for more details. + +As a cluster administrator, when creating a cluster, you can use the Constellation [installation program](orchestration.md) to select one of the following methods for key management: + +* Constellation-managed key management +* User-managed key management + +### Constellation-managed key management + +#### Key material and key derivation + +During the creation of a Constellation cluster, the cluster's master secret is used to derive a KEK. +This means creating two clusters with the same master secret will yield the same KEK. +Any data encryption key (DEK) is derived from the KEK via HKDF. +Note that the master secret is recommended to be unique for every cluster and shouldn't be reused (except in case of [recovering](../workflows/recovery.md) a cluster). + +#### State and storage + +The KEK is derived from the master secret during the initialization. +Subsequently, all other key material is derived from the KEK. +Given the same KEK, any DEK can be derived deterministically from a given identifier. +Hence, there is no need to store DEKs. They can be derived on demand. +After the KEK was derived, it's stored in memory only and never leaves the CVM context. + +#### Availability + +Constellation-managed key management has the same availability as the underlying Kubernetes cluster. +Therefore, the KEK is stored in the [distributed Kubernetes etcd storage](https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/) to allow for unexpected but non-fatal (control-plane) node failure. +The etcd storage is backed by the encrypted and integrity protected [state disk](images.md#state-disk) of the nodes. + +#### Recovery + +Constellation clusters can be recovered in the event of a disaster, even when all node machines have been stopped and need to be rebooted. +For details on the process see the [recovery workflow](../workflows/recovery.md). + +### User-managed key management + +User-managed key management is under active development and will be available soon. +In scenarios where constellation-managed key management isn't an option, this mode allows you to keep full control of your keys. +For example, compliance requirements may force you to keep your KEKs in an on-prem key management system (KMS). + +During the creation of a Constellation cluster, you specify a KEK present in a remote KMS. +This follows the common scheme of "bring your own key" (BYOK). +Constellation will support several KMSs for managing the storage and access of your KEK. +Initially, it will support the following KMSs: + +* [AWS KMS](https://aws.amazon.com/kms/) +* [GCP KMS](https://cloud.google.com/security-key-management) +* [Azure Key Vault](https://azure.microsoft.com/en-us/services/key-vault/#product-overview) +* [KMIP-compatible KMS](https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=kmip) + +Storing the keys in Cloud KMS of AWS, Azure, or GCP binds the key usage to the particular cloud identity access management (IAM). +In the future, Constellation will support remote attestation-based access policies for Cloud KMS once available. +Note that using a Cloud KMS limits the isolation and protection to the guarantees of the particular offering. + +KMIP support allows you to use your KMIP-compatible on-prem KMS and keep full control over your keys. +This follows the common scheme of "hold your own key" (HYOK). + +The KEK is used to encrypt per-data "data encryption keys" (DEKs). +DEKs are generated to encrypt your data before storing it on persistent storage. +After being encrypted by the KEK, the DEKs are stored on dedicated cloud storage for persistence. +Currently, Constellation supports the following cloud storage options: + +* [AWS S3](https://aws.amazon.com/s3/) +* [GCP Cloud Storage](https://cloud.google.com/storage) +* [Azure Blob Storage](https://azure.microsoft.com/en-us/services/storage/blobs/#overview) + +The DEKs are only present in plaintext form in the encrypted main memory of the CVMs. +Similarly, the cryptographic operations for encrypting data before writing it to persistent storage are performed in the context of the CVMs. + +#### Recovery and migration + +In the case of a disaster, the KEK can be used to decrypt the DEKs locally and subsequently use them to decrypt and retrieve the data. +In case of migration, configuring the same KEK will provide seamless migration of data. +Thus, only the DEK storage needs to be transferred to the new cluster alongside the encrypted data for seamless migration. diff --git a/docs/versioned_docs/version-2.19/architecture/microservices.md b/docs/versioned_docs/version-2.19/architecture/microservices.md new file mode 100644 index 000000000..90bae783b --- /dev/null +++ b/docs/versioned_docs/version-2.19/architecture/microservices.md @@ -0,0 +1,73 @@ +# Microservices + +Constellation takes care of bootstrapping and initializing a Confidential Kubernetes cluster. +During the lifetime of the cluster, it handles day 2 operations such as key management, remote attestation, and updates. +These features are provided by several microservices: + +* The [Bootstrapper](microservices.md#bootstrapper) initializes a Constellation node and bootstraps the cluster +* The [JoinService](microservices.md#joinservice) joins new nodes to an existing cluster +* The [VerificationService](microservices.md#verificationservice) provides remote attestation functionality +* The [KeyService](microservices.md#keyservice) manages Constellation-internal keys + +The relations between microservices are shown in the following diagram: + +```mermaid +flowchart LR + subgraph admin [Admin's machine] + A[Constellation CLI] + end + subgraph img [Constellation OS image] + B[Constellation OS] + C[Bootstrapper] + end + subgraph Kubernetes + D[JoinService] + E[KeyService] + F[VerificationService] + end + A -- deploys --> + B -- starts --> C + C -- deploys --> D + C -- deploys --> E + C -- deploys --> F +``` + +## Bootstrapper + +The *Bootstrapper* is the first microservice launched after booting a Constellation node image. +It sets up that machine as a Kubernetes node and integrates that node into the Kubernetes cluster. +To this end, the *Bootstrapper* first downloads and verifies the [Kubernetes components](https://kubernetes.io/docs/concepts/overview/components/) at the configured versions. +The *Bootstrapper* tries to find an existing cluster and if successful, communicates with the [JoinService](microservices.md#joinservice) to join the node. +Otherwise, it waits for an initialization request to create a new Kubernetes cluster. + +## JoinService + +The *JoinService* runs as [DaemonSet](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) on each control-plane node. +New nodes (at cluster start, or later through autoscaling) send a request to the service over [attested TLS (aTLS)](attestation.md#attested-tls-atls). +The *JoinService* verifies the new node's certificate and attestation statement. +If attestation is successful, the new node is supplied with an encryption key from the [*KeyService*](microservices.md#keyservice) for its state disk, and a Kubernetes bootstrap token. + + +```mermaid +sequenceDiagram + participant New node + participant JoinService + New node->>JoinService: aTLS handshake (server side verification) + JoinService-->>New node: # + New node->>+JoinService: IssueJoinTicket(DiskUUID, NodeName, IsControlPlane) + JoinService->>+KeyService: GetDataKey(DiskUUID) + KeyService-->>-JoinService: DiskEncryptionKey + JoinService-->>-New node: DiskEncryptionKey, KubernetesJoinToken, ... +``` + +## VerificationService + +The *VerificationService* runs as DaemonSet on each node. +It provides user-facing functionality for remote attestation during the cluster's lifetime via an endpoint for [verifying the cluster](attestation.md#cluster-attestation). +Read more about the hardware-based [attestation feature](attestation.md) of Constellation and how to [verify](../workflows/verify-cluster.md) a cluster on the client side. + +## KeyService + +The *KeyService* runs as DaemonSet on each control-plane node. +It implements the key management for the [storage encryption keys](keys.md#storage-encryption) in Constellation. These keys are used for the [state disk](images.md#state-disk) of each node and the [transparently encrypted storage](encrypted-storage.md) for Kubernetes. +Depending on wether the [constellation-managed](keys.md#constellation-managed-key-management) or [user-managed](keys.md#user-managed-key-management) mode is used, the *KeyService* holds the key encryption key (KEK) directly or calls an external key management service (KMS) for key derivation respectively. diff --git a/docs/versioned_docs/version-2.19/architecture/networking.md b/docs/versioned_docs/version-2.19/architecture/networking.md new file mode 100644 index 000000000..e9cbdf029 --- /dev/null +++ b/docs/versioned_docs/version-2.19/architecture/networking.md @@ -0,0 +1,22 @@ +# Network encryption + +Constellation encrypts all pod communication using the [container network interface (CNI)](https://github.com/containernetworking/cni). +To that end, Constellation deploys, configures, and operates the [Cilium](https://cilium.io/) CNI plugin. +Cilium provides [transparent encryption](https://docs.cilium.io/en/stable/security/network/encryption) for all cluster traffic using either IPSec or [WireGuard](https://www.wireguard.com/). +Currently, Constellation only supports WireGuard as the encryption engine. +You can read more about the cryptographic soundness of WireGuard [in their white paper](https://www.wireguard.com/papers/wireguard.pdf). + +Cilium is actively working on implementing a feature called [`host-to-host`](https://github.com/cilium/cilium/pull/19401) encryption mode for WireGuard. +With `host-to-host`, all traffic between nodes will be tunneled via WireGuard (host-to-host, host-to-pod, pod-to-host, pod-to-pod). +Until the `host-to-host` feature is released, Constellation enables `pod-to-pod` encryption. +This mode encrypts all traffic between Kubernetes pods using WireGuard tunnels. + +When using Cilium in the default setup but with encryption enabled, there is a [known issue](https://docs.cilium.io/en/v1.12/gettingstarted/encryption/#egress-traffic-to-not-yet-discovered-remote-endpoints-may-be-unencrypted) +that can cause pod-to-pod traffic to be unencrypted. +To mitigate this issue, Constellation adds a *strict* mode to Cilium's `pod-to-pod` encryption. +This mode changes the default behavior of traffic that's destined for an unknown endpoint to not be send out in plaintext, but instead being dropped. +The strict mode distinguishes between traffic that's send to a pod from traffic that's destined for a cluster-external endpoint by considering the pod's CIDR range. + +Traffic originating from hosts isn't encrypted yet. +This mainly includes health checks from Kubernetes API server. +Also, traffic proxied over the API server via e.g. `kubectl port-forward` isn't encrypted. diff --git a/docs/versioned_docs/version-2.19/architecture/observability.md b/docs/versioned_docs/version-2.19/architecture/observability.md new file mode 100644 index 000000000..0f4daffd4 --- /dev/null +++ b/docs/versioned_docs/version-2.19/architecture/observability.md @@ -0,0 +1,74 @@ +# Observability + +In Kubernetes, observability is the ability to gain insight into the behavior and performance of applications. +It helps identify and resolve issues more effectively, ensuring stability and performance of Kubernetes workloads, reducing downtime and outages, and improving efficiency. +The "three pillars of observability" are logs, metrics, and traces. + +In the context of Confidential Computing, observability is a delicate subject and needs to be applied such that it doesn't leak any sensitive information. +The following gives an overview of where and how you can apply standard observability tools in Constellation. + +## Cloud resource monitoring + +While inaccessible, Constellation's nodes are still visible as black box VMs to the hypervisor. +Resource consumption, such as memory and CPU utilization, can be monitored from the outside and observed via the cloud platforms directly. +Similarly, other resources, such as storage and network and their respective metrics, are visible via the cloud platform. + +## Metrics + +Metrics are numeric representations of data measured over intervals of time. They're essential for understanding system health and gaining insights using telemetry signals. + +By default, Constellation exposes the [metrics for Kubernetes system components](https://kubernetes.io/docs/concepts/cluster-administration/system-metrics/) inside the cluster. +Similarly, the [etcd metrics](https://etcd.io/docs/v3.5/metrics/) endpoints are exposed inside the cluster. +These [metrics endpoints can be disabled](https://kubernetes.io/docs/concepts/cluster-administration/system-metrics/#disabling-metrics). + +You can collect these cluster-internal metrics via tools such as [Prometheus](https://prometheus.io/) or the [Elastic Stack](https://www.elastic.co/de/elastic-stack/). + +Constellation's CNI Cilium also supports [metrics via Prometheus endpoints](https://docs.cilium.io/en/latest/observability/metrics/). +However, in Constellation, they're disabled by default and must be enabled first. + +## Logs + +Logs represent discrete events that usually describe what's happening with your service. +The payload is an actual message emitted from your system along with a metadata section containing a timestamp, labels, and tracking identifiers. + +### System logs + +Detailed system-level logs are accessible via `/var/log` and [journald](https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html) on the nodes directly. +They can be collected from there, for example, via [Filebeat and Logstash](https://www.elastic.co/guide/en/beats/filebeat/current/logstash-output.html), which are tools of the [Elastic Stack](https://www.elastic.co/de/elastic-stack/). + +In case of an error during the initialization, the CLI automatically collects the [Bootstrapper](./microservices.md#bootstrapper) logs and returns these as a file for [troubleshooting](../workflows/troubleshooting.md). Here is an example of such an event: + +```shell-session +Cluster initialization failed. This error is not recoverable. +Terminate your cluster and try again. +Fetched bootstrapper logs are stored in "constellation-cluster.log" +``` + +### Kubernetes logs + +Constellation supports the [Kubernetes logging architecture](https://kubernetes.io/docs/concepts/cluster-administration/logging/). +By default, logs are written to the nodes' encrypted state disks. +These include the Pod and container logs and the [system component logs](https://kubernetes.io/docs/concepts/cluster-administration/logging/#system-component-logs). + +[Constellation services](microservices.md) run as Pods inside the `kube-system` namespace and use the standard container logging mechanism. +The same applies for the [Cilium Pods](https://docs.cilium.io/en/latest/operations/troubleshooting/#logs). + +You can collect logs from within the cluster via tools such as [Fluentd](https://github.com/fluent/fluentd), [Loki](https://github.com/grafana/loki), or the [Elastic Stack](https://www.elastic.co/de/elastic-stack/). + +## Traces + +Modern systems are implemented as interconnected complex and distributed microservices. Understanding request flows and system communications is challenging, mainly because all systems in a chain need to be modified to propagate tracing information. Distributed tracing is a new approach to increasing observability and understanding performance bottlenecks. A trace represents consecutive events that reflect an end-to-end request path in a distributed system. + +Constellation supports [traces for Kubernetes system components](https://kubernetes.io/docs/concepts/cluster-administration/system-traces/). +By default, they're disabled and need to be enabled first. + +Similarly, Cilium can be enabled to [export traces](https://cilium.io/use-cases/metrics-export/). + +You can collect these traces via tools such as [Jaeger](https://www.jaegertracing.io/) or [Zipkin](https://zipkin.io/). + +## Integrations + +Platforms and SaaS solutions such as Datadog, logz.io, Dynatrace, or New Relic facilitate the observability challenge for Kubernetes and provide all-in-one SaaS solutions. +They install agents into the cluster that collect metrics, logs, and tracing information and upload them into the data lake of the platform. +Technically, the agent-based approach is compatible with Constellation, and attaching these platforms is straightforward. +However, you need to evaluate if the exported data might violate Constellation's compliance and privacy guarantees by uploading them to a third-party platform. diff --git a/docs/versioned_docs/version-2.19/architecture/orchestration.md b/docs/versioned_docs/version-2.19/architecture/orchestration.md new file mode 100644 index 000000000..3c8d529e7 --- /dev/null +++ b/docs/versioned_docs/version-2.19/architecture/orchestration.md @@ -0,0 +1,83 @@ +# Orchestrating Constellation clusters + +You can use the CLI to create a cluster on the supported cloud platforms. +The CLI provisions the resources in your cloud environment and initiates the initialization of your cluster. +It uses a set of parameters and an optional configuration file to manage your cluster installation. +The CLI is also used for updating your cluster. + +## Workspaces + +Each Constellation cluster has an associated *workspace*. +The workspace is where data such as the Constellation state and config files are stored. +Each workspace is associated with a single cluster and configuration. +The CLI stores state in the local filesystem making the current directory the active workspace. +Multiple clusters require multiple workspaces, hence, multiple directories. +Note that every operation on a cluster always has to be performed from the directory associated with its workspace. + +You may copy files from the workspace to other locations, +but you shouldn't move or delete them while the cluster is still being used. +The Constellation CLI takes care of managing the workspace. +Only when a cluster was terminated, and you are sure the files aren't needed anymore, should you remove a workspace. + +## Cluster creation process + +To allow for fine-grained configuration of your cluster and cloud environment, Constellation supports an extensive configuration file with strong defaults. [Generating the configuration file](../workflows/config.md) is typically the first thing you do in the workspace. + +Altogether, the following files are generated during the creation of a Constellation cluster and stored in the current workspace: + +* a configuration file +* a state file +* a Base64-encoded master secret +* [Terraform artifacts](../reference/terraform.md), stored in subdirectories +* a Kubernetes `kubeconfig` file. + +After the initialization of your cluster, the CLI will provide you with a Kubernetes `kubeconfig` file. +This file grants you access to your Kubernetes cluster and configures the [kubectl](https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/) tool. +In addition, the cluster's [identifier](orchestration.md#post-installation-configuration) is returned and stored in the state file. + +### Creation process details + +1. The CLI `apply` command first creates the confidential VM (CVM) resources in your cloud environment and configures the network +2. Each CVM boots the Constellation node image and measures every component in the boot chain +3. The first microservice launched in each node is the [*Bootstrapper*](microservices.md#bootstrapper) +4. The *Bootstrapper* waits until it either receives an initialization request or discovers an initialized cluster +5. The CLI then connects to the *Bootstrapper* of a selected node, sends the configuration, and initiates the initialization of the cluster +6. The *Bootstrapper* of **that** node [initializes the Kubernetes cluster](microservices.md#bootstrapper) and deploys the other Constellation [microservices](microservices.md) including the [*JoinService*](microservices.md#joinservice) +7. Subsequently, the *Bootstrappers* of the other nodes discover the initialized cluster and send join requests to the *JoinService* +8. As part of the join request each node includes an attestation statement of its boot measurements as authentication +9. The *JoinService* verifies the attestation statements and joins the nodes to the Kubernetes cluster +10. This process is repeated for every node joining the cluster later (e.g., through autoscaling) + +## Post-installation configuration + +Post-installation the CLI provides a configuration for [accessing the cluster using the Kubernetes API](https://kubernetes.io/docs/tasks/administer-cluster/access-cluster-api/). +The `kubeconfig` file provides the credentials and configuration for connecting and authenticating to the API server. +Once configured, orchestrate the Kubernetes cluster via `kubectl`. + +After the initialization, the CLI will present you with a couple of tokens: + +* The [*master secret*](keys.md#master-secret) (stored in the `constellation-mastersecret.json` file by default) +* The [*clusterID*](keys.md#cluster-identity) of your cluster in Base64 encoding + +You can read more about these values and their meaning in the guide on [cluster identity](keys.md#cluster-identity). + +The *master secret* must be kept secret and can be used to [recover your cluster](../workflows/recovery.md). +Instead of managing this secret manually, you can [use your key management solution of choice](keys.md#user-managed-key-management) with Constellation. + +The *clusterID* uniquely identifies a cluster and can be used to [verify your cluster](../workflows/verify-cluster.md). + +## Upgrades + +Constellation images and microservices may need to be upgraded to new versions during the lifetime of a cluster. +Constellation implements a rolling update mechanism ensuring no downtime of the control or data plane. +You can upgrade a Constellation cluster with a single operation by using the CLI. +For step-by-step instructions on how to do this, refer to [Upgrade your cluster](../workflows/upgrade.md). + +### Attestation of upgrades + +With every new image, corresponding measurements are released. +During an update procedure, the CLI provides new measurements to the [JoinService](microservices.md#joinservice) securely. +New measurements for an updated image are automatically pulled and verified by the CLI following the [supply chain security concept](attestation.md#chain-of-trust) of Constellation. +The [attestation section](attestation.md#cluster-facing-attestation) describes in detail how these measurements are then used by the JoinService for the attestation of nodes. + + diff --git a/docs/versioned_docs/version-2.19/architecture/overview.md b/docs/versioned_docs/version-2.19/architecture/overview.md new file mode 100644 index 000000000..386f93b2f --- /dev/null +++ b/docs/versioned_docs/version-2.19/architecture/overview.md @@ -0,0 +1,30 @@ +# Overview + +Constellation is a cloud-based confidential orchestration platform. +The foundation of Constellation is Kubernetes and therefore shares the same technology stack and architecture principles. +To learn more about Constellation and Kubernetes, see [product overview](../overview/product.md). + +## About orchestration and updates + +As a cluster administrator, you can use the [Constellation CLI](orchestration.md) to install and deploy a cluster. +Updates are provided in accordance with the [support policy](versions.md). + +## About microservices and attestation + +Constellation manages the nodes and network in your cluster. All nodes are bootstrapped by the [*Bootstrapper*](microservices.md#bootstrapper). They're verified and authenticated by the [*JoinService*](microservices.md#joinservice) before being added to the cluster and the network. Finally, the entire cluster can be verified via the [*VerificationService*](microservices.md#verificationservice) using [remote attestation](attestation.md). + +## About node images and verified boot + +Constellation comes with operating system images for Kubernetes control-plane and worker nodes. +They're highly optimized for running containerized workloads and specifically prepared for running inside confidential VMs. +You can learn more about [the images](images.md) and how verified boot ensures their integrity during boot and beyond. + +## About key management and cryptographic primitives + +Encryption of data at-rest, in-transit, and in-use is the fundamental building block for confidential computing and Constellation. Learn more about the [keys and cryptographic primitives](keys.md) used in Constellation, [encrypted persistent storage](encrypted-storage.md), and [network encryption](networking.md). + +## About observability + +Observability in Kubernetes refers to the capability to troubleshoot issues using telemetry signals such as logs, metrics, and traces. +In the realm of Confidential Computing, it's crucial that observability aligns with confidentiality, necessitating careful implementation. +Learn more about the [observability capabilities in Constellation](./observability.md). diff --git a/docs/versioned_docs/version-2.19/architecture/versions.md b/docs/versioned_docs/version-2.19/architecture/versions.md new file mode 100644 index 000000000..6127bfb0c --- /dev/null +++ b/docs/versioned_docs/version-2.19/architecture/versions.md @@ -0,0 +1,21 @@ +# Versions and support policy + +All components of Constellation use a three-digit version number of the form `v..`. +The components are released in lock step, usually on the first Tuesday of every month. This release primarily introduces new features, but may also include security or performance improvements. The `MINOR` version will be incremented as part of this release. + +Additional `PATCH` releases may be created on demand, to fix security issues or bugs before the next `MINOR` release window. + +New releases are published on [GitHub](https://github.com/edgelesssys/constellation/releases). + +## Kubernetes support policy + +Constellation is aligned to the [version support policy of Kubernetes](https://kubernetes.io/releases/version-skew-policy/#supported-versions), and therefore usually supports the most recent three minor versions. +When a new minor version of Kubernetes is released, support is added to the next Constellation release, and that version then supports four Kubernetes versions. +Subsequent Constellation releases drop support for the oldest (and deprecated) Kubernetes version. + +The following Kubernetes versions are currently supported: + + +* v1.28.14 +* v1.29.9 +* v1.30.5 diff --git a/docs/versioned_docs/version-2.19/getting-started/examples.md b/docs/versioned_docs/version-2.19/getting-started/examples.md new file mode 100644 index 000000000..fded84980 --- /dev/null +++ b/docs/versioned_docs/version-2.19/getting-started/examples.md @@ -0,0 +1,6 @@ +# Examples + +After you [installed the CLI](install.md) and [created your first cluster](first-steps.md), you're ready to deploy applications. Why not start with one of the following examples? +* [Emojivoto](examples/emojivoto.md): a simple but fun web application +* [Online Boutique](examples/online-boutique.md): an e-commerce demo application by Google consisting of 11 separate microservices +* [Horizontal Pod Autoscaling](examples/horizontal-scaling.md): an example demonstrating Constellation's autoscaling capabilities diff --git a/docs/versioned_docs/version-2.19/getting-started/examples/emojivoto.md b/docs/versioned_docs/version-2.19/getting-started/examples/emojivoto.md new file mode 100644 index 000000000..2bbe27917 --- /dev/null +++ b/docs/versioned_docs/version-2.19/getting-started/examples/emojivoto.md @@ -0,0 +1,22 @@ +# Emojivoto +[Emojivoto](https://github.com/BuoyantIO/emojivoto) is a simple and fun application that's well suited to test the basic functionality of your cluster. + + + +emojivoto - Web UI + + + +1. Deploy the application: + ```bash + kubectl apply -k github.com/BuoyantIO/emojivoto/kustomize/deployment + ``` +2. Wait until it becomes available: + ```bash + kubectl wait --for=condition=available --timeout=60s -n emojivoto --all deployments + ``` +3. Forward the web service to your machine: + ```bash + kubectl -n emojivoto port-forward svc/web-svc 8080:80 + ``` +4. Visit [http://localhost:8080](http://localhost:8080) diff --git a/docs/versioned_docs/version-2.19/getting-started/examples/filestash-s3proxy.md b/docs/versioned_docs/version-2.19/getting-started/examples/filestash-s3proxy.md new file mode 100644 index 000000000..b9a394256 --- /dev/null +++ b/docs/versioned_docs/version-2.19/getting-started/examples/filestash-s3proxy.md @@ -0,0 +1,107 @@ + +# Deploying Filestash + +Filestash is a web frontend for different storage backends, including S3. +It's a useful application to showcase s3proxy in action. + +1. Deploy s3proxy as described in [Deployment](../../workflows/s3proxy.md#deployment). +2. Create a deployment file for Filestash with one pod: + +```sh +cat << EOF > "deployment-filestash.yaml" +apiVersion: apps/v1 +kind: Deployment +metadata: + name: filestash +spec: + replicas: 1 + selector: + matchLabels: + app: filestash + template: + metadata: + labels: + app: filestash + spec: + hostAliases: + - ip: $(kubectl get svc s3proxy-service -o=jsonpath='{.spec.clusterIP}') + hostnames: + - "s3.us-east-1.amazonaws.com" + - "s3.us-east-2.amazonaws.com" + - "s3.us-west-1.amazonaws.com" + - "s3.us-west-2.amazonaws.com" + - "s3.eu-north-1.amazonaws.com" + - "s3.eu-south-1.amazonaws.com" + - "s3.eu-south-2.amazonaws.com" + - "s3.eu-west-1.amazonaws.com" + - "s3.eu-west-2.amazonaws.com" + - "s3.eu-west-3.amazonaws.com" + - "s3.eu-central-1.amazonaws.com" + - "s3.eu-central-2.amazonaws.com" + - "s3.ap-northeast-1.amazonaws.com" + - "s3.ap-northeast-2.amazonaws.com" + - "s3.ap-northeast-3.amazonaws.com" + - "s3.ap-east-1.amazonaws.com" + - "s3.ap-southeast-1.amazonaws.com" + - "s3.ap-southeast-2.amazonaws.com" + - "s3.ap-southeast-3.amazonaws.com" + - "s3.ap-southeast-4.amazonaws.com" + - "s3.ap-south-1.amazonaws.com" + - "s3.ap-south-2.amazonaws.com" + - "s3.me-south-1.amazonaws.com" + - "s3.me-central-1.amazonaws.com" + - "s3.il-central-1.amazonaws.com" + - "s3.af-south-1.amazonaws.com" + - "s3.ca-central-1.amazonaws.com" + - "s3.sa-east-1.amazonaws.com" + containers: + - name: filestash + image: machines/filestash:latest + ports: + - containerPort: 8334 + volumeMounts: + - name: ca-cert + mountPath: /etc/ssl/certs/kube-ca.crt + subPath: kube-ca.crt + volumes: + - name: ca-cert + secret: + secretName: s3proxy-tls + items: + - key: ca.crt + path: kube-ca.crt +EOF +``` + +The pod spec includes the `hostAliases` key, which adds an entry to the pod's `/etc/hosts`. +The entry forwards all requests for any of the currently defined AWS regions to the Kubernetes service `s3proxy-service`. +If you followed the s3proxy [Deployment](../../workflows/s3proxy.md#deployment) guide, this service points to a s3proxy pod. + +The deployment specifies all regions explicitly to prevent accidental data leaks. +If one of your buckets were located in a region that's not part of the `hostAliases` key, traffic towards those buckets would not be redirected to s3proxy. +Similarly, if you want to exclude data for specific regions from going through s3proxy you can remove those regions from the deployment. + +The spec also includes a volume mount for the TLS certificate and adds it to the pod's certificate trust store. +The volume is called `ca-cert`. +The key `ca.crt` of that volume is mounted to `/etc/ssl/certs/kube-ca.crt`, which is the default certificate trust store location for that container's OpenSSL library. +Not adding the CA certificate will result in TLS authentication errors. + +3. Apply the file: `kubectl apply -f deployment-filestash.yaml` + +Afterward, you can use a port forward to access the Filestash pod: +`kubectl port-forward pod/$(kubectl get pod --selector='app=filestash' -o=jsonpath='{.items[*].metadata.name}') 8334:8334` + +4. After browsing to `localhost:8443`, Filestash will ask you to set an administrator password. +After setting it, you can directly leave the admin area by clicking the blue cloud symbol in the top left corner. +Subsequently, you can select S3 as storage backend and enter your credentials. +This will bring you to an overview of your buckets. +If you want to deploy Filestash in production, take a look at its [documentation](https://www.filestash.app/docs/). + +5. To see the logs of s3proxy intercepting requests made to S3, run: `kubectl logs -f pod/$(kubectl get pod --selector='app=s3proxy' -o=jsonpath='{.items[*].metadata.name}')` +Look out for log messages labeled `intercepting`. +There is one such log message for each message that's encrypted, decrypted, or blocked. + +6. Once you have uploaded a file with Filestash, you should be able to view the file in Filestash. +However, if you go to the AWS S3 [Web UI](https://s3.console.aws.amazon.com/s3/home) and download the file you just uploaded in Filestash, you won't be able to read it. +Another way to spot encrypted files without downloading them is to click on a file, scroll to the Metadata section, and look for the header named `x-amz-meta-constellation-encryption`. +This header holds the encrypted data encryption key of the object and is only present on objects that are encrypted by s3proxy. diff --git a/docs/versioned_docs/version-2.19/getting-started/examples/horizontal-scaling.md b/docs/versioned_docs/version-2.19/getting-started/examples/horizontal-scaling.md new file mode 100644 index 000000000..dfaf9e742 --- /dev/null +++ b/docs/versioned_docs/version-2.19/getting-started/examples/horizontal-scaling.md @@ -0,0 +1,98 @@ +# Horizontal Pod Autoscaling +This example demonstrates Constellation's autoscaling capabilities. It's based on the Kubernetes [HorizontalPodAutoscaler Walkthrough](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/). During the following steps, Constellation will spawn new VMs on demand, verify them, add them to the cluster, and delete them again when the load has settled down. + +## Requirements +The cluster needs to be initialized with Kubernetes 1.23 or later. In addition, [autoscaling must be enabled](../../workflows/scale.md) to enable Constellation to assign new nodes dynamically. + +Just for this example specifically, the cluster should have as few worker nodes in the beginning as possible. Start with a small cluster with only *one* low-powered node for the control-plane node and *one* low-powered worker node. + +:::info +We tested the example using instances of types `Standard_DC4as_v5` on Azure and `n2d-standard-4` on GCP. +::: + +## Setup + +1. Install the Kubernetes Metrics Server: + ```bash + kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml + ``` + +2. Deploy the HPA example server that's supposed to be scaled under load. + + This manifest is similar to the one from the Kubernetes HPA walkthrough, but with increased CPU limits and requests to facilitate the triggering of node scaling events. + ```bash + cat < + +Online Boutique - Web UI + + + +1. Create a namespace: + ```bash + kubectl create ns boutique + ``` +2. Deploy the application: + ```bash + kubectl apply -n boutique -f https://github.com/GoogleCloudPlatform/microservices-demo/raw/main/release/kubernetes-manifests.yaml + ``` +3. Wait for all services to become available: + ```bash + kubectl wait --for=condition=available --timeout=300s -n boutique --all deployments + ``` +4. Get the frontend's external IP address: + ```shell-session + $ kubectl get service frontend-external -n boutique | awk '{print $4}' + EXTERNAL-IP + + ``` + (`` is a placeholder for the IP assigned by your CSP.) +5. Enter the IP from the result in your browser to browse the online shop. diff --git a/docs/versioned_docs/version-2.19/getting-started/first-steps-local.md b/docs/versioned_docs/version-2.19/getting-started/first-steps-local.md new file mode 100644 index 000000000..98f0302de --- /dev/null +++ b/docs/versioned_docs/version-2.19/getting-started/first-steps-local.md @@ -0,0 +1,277 @@ +# First steps with a local cluster + +A local cluster lets you deploy and test Constellation without a cloud subscription. +You have two options: + +* Use MiniConstellation to automatically deploy a two-node cluster. +* For more fine-grained control, create the cluster using the QEMU provider. + +Both options use virtualization to create a local cluster with control-plane nodes and worker nodes. They **don't** require hardware with Confidential VM (CVM) support. For attestation, they currently use a software-based vTPM provided by KVM/QEMU. + +You need an x64 machine with a Linux OS. +You can use a VM, but it needs nested virtualization. + +## Prerequisites + +* Machine requirements: + * An x86-64 CPU with at least 4 cores (6 cores are recommended) + * At least 4 GB RAM (6 GB are recommended) + * 20 GB of free disk space + * Hardware virtualization enabled in the BIOS/UEFI (often referred to as Intel VT-x or AMD-V/SVM) / nested-virtualization support when using a VM +* Software requirements: + * Linux OS with [KVM kernel module](https://www.linux-kvm.org/page/Main_Page) + * Recommended: Ubuntu 22.04 LTS + * [Docker](https://docs.docker.com/engine/install/) + * [xsltproc](https://gitlab.gnome.org/GNOME/libxslt/-/wikis/home) + * (Optional) [virsh](https://www.libvirt.org/manpages/virsh.html) to observe and access your nodes + +### Software installation on Ubuntu + +```bash +# install Docker +curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg +echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null +sudo apt update +sudo apt install docker-ce +# install other dependencies +sudo apt install xsltproc +sudo snap install kubectl --classic +# install Constellation CLI +curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/constellation-linux-amd64 +sudo install constellation-linux-amd64 /usr/local/bin/constellation +# do not drop forwarded packages +sudo iptables -P FORWARD ACCEPT +``` + +## Create a cluster + + + + + +With the `constellation mini` command, you can deploy and test Constellation locally. This mode is called MiniConstellation. Conceptually, MiniConstellation is similar to [MicroK8s](https://microk8s.io/), [K3s](https://k3s.io/), and [minikube](https://minikube.sigs.k8s.io/docs/). + + +:::caution + +MiniConstellation has specific soft- and hardware requirements such as a Linux OS running on an x86-64 CPU. Pay attention to all [prerequisites](#prerequisites) when setting up. + +::: + +:::note + +Since MiniConstellation runs on your local system, cloud features such as load balancing, +attaching persistent storage, or autoscaling aren't available. + +::: + +The following creates your MiniConstellation cluster (may take up to 10 minutes to complete): + +```bash +constellation mini up +``` + +This will configure your current directory as the [workspace](../architecture/orchestration.md#workspaces) for this cluster. +All `constellation` commands concerning this cluster need to be issued from this directory. + + + + +With the QEMU provider, you can create a local Constellation cluster as if it were in the cloud. The provider uses [QEMU](https://www.qemu.org/) to create multiple VMs for the cluster nodes, which interact with each other. + +:::caution + +Constellation on QEMU has specific soft- and hardware requirements such as a Linux OS running on an x86-64 CPU. Pay attention to all [prerequisites](#prerequisites) when setting up. + +::: + +:::note + +Since Constellation on QEMU runs on your local system, cloud features such as load balancing, +attaching persistent storage, or autoscaling aren't available. + +::: + +1. To set up your local cluster, you need to create a configuration file for Constellation first. + + ```bash + constellation config generate qemu + ``` + + This creates a [configuration file](../workflows/config.md) for QEMU called `constellation-conf.yaml`. After that, your current folder also becomes your [workspace](../architecture/orchestration.md#workspaces). All `constellation` commands for your cluster need to be executed from this directory. + +2. Now you can create your cluster and its nodes. `constellation apply` uses the options set in `constellation-conf.yaml`. + + ```bash + constellation apply -y + ``` + + The Output should look like the following: + + ```shell-session + $ constellation apply -y + Checking for infrastructure changes + The following Constellation cluster will be created: + 3 control-plane nodes of type 2-vCPUs will be created. + 1 worker node of type 2-vCPUs will be created. + Creating + Cloud infrastructure created successfully. + Your Constellation master secret was successfully written to ./constellation-mastersecret.json + Connecting + Initializing cluster + Installing Kubernetes components + Your Constellation cluster was successfully initialized. + + Constellation cluster identifier g6iMP5wRU1b7mpOz2WEISlIYSfdAhB0oNaOg6XEwKFY= + Kubernetes configuration constellation-admin.conf + + You can now connect to your cluster by executing: + export KUBECONFIG="$PWD/constellation-admin.conf" + ``` + + The cluster's identifier will be different in your output. + Keep `constellation-mastersecret.json` somewhere safe. + This will allow you to [recover your cluster](../workflows/recovery.md) in case of a disaster. + + :::info + + Depending on your setup, `constellation apply` may take 10+ minutes to complete. + + ::: + +3. Configure kubectl + + ```bash + export KUBECONFIG="$PWD/constellation-admin.conf" + ``` + + + + +## Connect to the cluster + +Your cluster initially consists of a single control-plane node: + +```shell-session +$ kubectl get nodes +NAME STATUS ROLES AGE VERSION +control-plane-0 Ready control-plane 66s v1.24.6 +``` + +Additional nodes will request to join the cluster shortly. Before each additional node is allowed to join the cluster, its state is verified using remote attestation by the [JoinService](../architecture/microservices.md#joinservice). +If verification passes successfully, the new node receives keys and certificates to join the cluster. + +You can follow this process by viewing the logs of the JoinService: + +```shell-session +$ kubectl logs -n kube-system daemonsets/join-service -f +{"level":"INFO","ts":"2022-10-14T09:32:20Z","caller":"cmd/main.go:48","msg":"Constellation Node Join Service","version":"2.1.0","cloudProvider":"qemu"} +{"level":"INFO","ts":"2022-10-14T09:32:20Z","logger":"validator","caller":"watcher/validator.go:96","msg":"Updating expected measurements"} +... +``` + +Once all nodes have joined your cluster, it may take a couple of minutes for all resources to become available. +You can check on the state of your cluster by running the following: + +```shell-session +$ kubectl get nodes +NAME STATUS ROLES AGE VERSION +control-plane-0 Ready control-plane 2m59s v1.24.6 +worker-0 Ready 32s v1.24.6 +``` + +## Deploy a sample application + +1. Deploy the [emojivoto app](https://github.com/BuoyantIO/emojivoto) + + ```bash + kubectl apply -k github.com/BuoyantIO/emojivoto/kustomize/deployment + ``` + +2. Expose the frontend service locally + + ```bash + kubectl wait --for=condition=available --timeout=60s -n emojivoto --all deployments + kubectl -n emojivoto port-forward svc/web-svc 8080:80 & + curl http://localhost:8080 + kill %1 + ``` + +## Terminate your cluster + + + + +Once you are done, you can clean up the created resources using the following command: + +```bash +constellation mini down +``` + +This will destroy your cluster and clean up your workspace. +The VM image and cluster configuration file (`constellation-conf.yaml`) will be kept and may be reused to create new clusters. + + + + +Once you are done, you can clean up the created resources using the following command: + +```bash +constellation terminate +``` + +This should give the following output: + +```shell-session +$ constellation terminate +You are about to terminate a Constellation cluster. +All of its associated resources will be DESTROYED. +This action is irreversible and ALL DATA WILL BE LOST. +Do you want to continue? [y/n]: +``` + +Confirm with `y` to terminate the cluster: + +```shell-session +Terminating ... +Your Constellation cluster was terminated successfully. +``` + +This will destroy your cluster and clean up your workspace. +The VM image and cluster configuration file (`constellation-conf.yaml`) will be kept and may be reused to create new clusters. + + + + +## Troubleshooting + +Make sure to use the [latest release](https://github.com/edgelesssys/constellation/releases/latest) and check out the [known issues](https://github.com/edgelesssys/constellation/issues?q=is%3Aopen+is%3Aissue+label%3A%22known+issue%22). + +### VMs have no internet access / CLI remains in "Initializing cluster" state + +`iptables` rules may prevent your VMs from accessing the internet. +Make sure your rules aren't dropping forwarded packages. + +List your rules: + +```bash +sudo iptables -S +``` + +The output may look similar to the following: + +```shell-session +-P INPUT ACCEPT +-P FORWARD DROP +-P OUTPUT ACCEPT +-N DOCKER +-N DOCKER-ISOLATION-STAGE-1 +-N DOCKER-ISOLATION-STAGE-2 +-N DOCKER-USER +``` + +If your `FORWARD` chain is set to `DROP`, you need to update your rules: + +```bash +sudo iptables -P FORWARD ACCEPT +``` diff --git a/docs/versioned_docs/version-2.19/getting-started/first-steps.md b/docs/versioned_docs/version-2.19/getting-started/first-steps.md new file mode 100644 index 000000000..128ac2849 --- /dev/null +++ b/docs/versioned_docs/version-2.19/getting-started/first-steps.md @@ -0,0 +1,229 @@ +# First steps with Constellation + +The following steps guide you through the process of creating a cluster and deploying a sample app. This example assumes that you have successfully [installed and set up Constellation](install.md), +and have access to a cloud subscription. + +:::tip +If you don't have a cloud subscription, you can also set up a [local Constellation cluster using virtualization](../getting-started/first-steps-local.md) for testing. +::: + +:::note +If you encounter any problem with the following steps, make sure to use the [latest release](https://github.com/edgelesssys/constellation/releases/latest) and check out the [known issues](https://github.com/edgelesssys/constellation/issues?q=is%3Aopen+is%3Aissue+label%3A%22known+issue%22). +::: + +## Create a cluster + +1. Create the [configuration file](../workflows/config.md) and state file for your cloud provider. If you are following the steps of this guide, there is no need to edit the file. + + + + + ```bash + constellation config generate aws + ``` + + + + + ```bash + constellation config generate azure + ``` + + + + + ```bash + constellation config generate gcp + ``` + + + + + ```bash + constellation config generate stackit + ``` + + + + +2. Create your [IAM configuration](../workflows/config.md#creating-an-iam-configuration). + + + + + ```bash + constellation iam create aws --zone=us-east-2a --prefix=constellTest --update-config + ``` + + This command creates IAM configuration for the AWS zone `us-east-2a` using the prefix `constellTest` for all named resources being created. It also updates the configuration file `constellation-conf.yaml` in your current directory with the IAM values filled in. + + Depending on the attestation variant selected on config generation, different regions are available. + AMD SEV-SNP machines (requires the default attestation variant `awsSEVSNP`) are currently available in the following regions: + * `eu-west-1` + * `us-east-2` + + You can find a list of regions that support AMD SEV-SNP in [AWS's documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snp-requirements.html). + + NitroTPM machines (requires the attestation variant `awsNitroTPM`) are available in all regions. + Constellation OS images are currently replicated to the following regions: + * `eu-central-1` + * `eu-west-1` + * `eu-west-3` + * `us-east-2` + * `ap-south-1` + + If you require the OS image to be available in another region, [let us know](https://github.com/edgelesssys/constellation/issues/new?assignees=&labels=&template=feature_request.md&title=Support+new+AWS+image+region:+xx-xxxx-x). + + You can find a list of all [regions in AWS's documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions). + + + + + ```bash + constellation iam create azure --subscriptionID 00000000-0000-0000-0000-000000000000 --region=westus --resourceGroup=constellTest --servicePrincipal=spTest --update-config + ``` + + This command creates IAM configuration on the Azure region `westus` creating a new resource group `constellTest` and a new service principal `spTest`. It also updates the configuration file `constellation-conf.yaml` in your current directory with the IAM values filled in. + + CVMs are available in several Azure regions. Constellation OS images are currently replicated to the following: + + * `germanywestcentral` + * `westus` + * `eastus` + * `northeurope` + * `westeurope` + * `southeastasia` + + If you require the OS image to be available in another region, [let us know](https://github.com/edgelesssys/constellation/issues/new?assignees=&labels=&template=feature_request.md&title=Support+new+Azure+image+region:+xx-xxxx-x). + + You can find a list of all [regions in Azure's documentation](https://azure.microsoft.com/en-us/global-infrastructure/services/?products=virtual-machines®ions=all). + + + + + ```bash + constellation iam create gcp --projectID=yourproject-12345 --zone=europe-west2-a --serviceAccountID=constell-test --update-config + ``` + + This command creates IAM configuration in the GCP project `yourproject-12345` on the GCP zone `europe-west2-a` creating a new service account `constell-test`. It also updates the configuration file `constellation-conf.yaml` in your current directory with the IAM values filled in. + + Note that only regions offering CVMs of the `C2D` or `N2D` series are supported. You can find a [list of all regions in Google's documentation](https://cloud.google.com/compute/docs/regions-zones#available), which you can filter by machine type `C2D` or `N2D`. + + + + + To use Constellation on STACKIT, the cluster will use the User Access Token (UAT) that's generated [during the install step](./install.md). + After creating the accounts, fill in the STACKIT details in `constellation-conf.yaml` under `provider.openstack`: + + * `stackitProjectID`: STACKIT project id (can be found after login on the [STACKIT portal](https://portal.stackit.cloud)) + + + + + :::tip + To learn about all options you have for managing IAM resources and Constellation configuration, see the [Configuration workflow](../workflows/config.md). + ::: + + + +3. Create the cluster. `constellation apply` uses options set in `constellation-conf.yaml`. + If you want to manually manage your cloud resources, for example by using [Terraform](../reference/terraform.md), follow the corresponding instructions in the [Create workflow](../workflows/create.md). + + :::tip + + On Azure, you may need to wait 15+ minutes at this point for role assignments to propagate. + + ::: + + ```bash + constellation apply -y + ``` + + This should look similar to the following: + + ```shell-session + $ constellation apply -y + Checking for infrastructure changes + The following Constellation cluster will be created: + 3 control-plane nodes of type n2d-standard-4 will be created. + 1 worker node of type n2d-standard-4 will be created. + Creating + Cloud infrastructure created successfully + Your Constellation master secret was successfully written to ./constellation-mastersecret.json + Connecting + Initializing cluster + Installing Kubernetes components + Your Constellation cluster was successfully initialized. + + Constellation cluster identifier g6iMP5wRU1b7mpOz2WEISlIYSfdAhB0oNaOg6XEwKFY= + Kubernetes configuration constellation-admin.conf + + You can now connect to your cluster by executing: + export KUBECONFIG="$PWD/constellation-admin.conf" + ``` + + The cluster's identifier will be different in your output. + Keep `constellation-mastersecret.json` somewhere safe. + This will allow you to [recover your cluster](../workflows/recovery.md) in case of a disaster. + + :::info + + Depending on your CSP and region, `constellation apply` may take 10+ minutes to complete. + + ::: + +4. Configure kubectl. + + ```bash + export KUBECONFIG="$PWD/constellation-admin.conf" + ``` + +## Deploy a sample application + +1. Deploy the [emojivoto app](https://github.com/BuoyantIO/emojivoto) + + ```bash + kubectl apply -k github.com/BuoyantIO/emojivoto/kustomize/deployment + ``` + +2. Expose the frontend service locally + + ```bash + kubectl wait --for=condition=available --timeout=60s -n emojivoto --all deployments + kubectl -n emojivoto port-forward svc/web-svc 8080:80 & + curl http://localhost:8080 + kill %1 + ``` + +## Terminate your cluster + +Use the CLI to terminate your cluster. If you manually used [Terraform](../reference/terraform.md) to manage your cloud resources, follow the corresponding instructions in the [Terminate workflow](../workflows/terminate.md). + +```bash +constellation terminate +``` + +This should give the following output: + +```shell-session +$ constellation terminate +You are about to terminate a Constellation cluster. +All of its associated resources will be DESTROYED. +This action is irreversible and ALL DATA WILL BE LOST. +Do you want to continue? [y/n]: +``` + +Confirm with `y` to terminate the cluster: + +```shell-session +Terminating ... +Your Constellation cluster was terminated successfully. +``` + +Optionally, you can also [delete your IAM resources](../workflows/config.md#deleting-an-iam-configuration). diff --git a/docs/versioned_docs/version-2.19/getting-started/install.md b/docs/versioned_docs/version-2.19/getting-started/install.md new file mode 100644 index 000000000..d52e43476 --- /dev/null +++ b/docs/versioned_docs/version-2.19/getting-started/install.md @@ -0,0 +1,429 @@ +# Installation and setup + +Constellation runs entirely in your cloud environment and can be controlled via a dedicated [command-line interface (CLI)](../reference/cli.md) or a [Terraform provider](../workflows/terraform-provider.md). + +## Prerequisites + +Make sure the following requirements are met: + +* Your machine is running Linux, macOS, or Windows +* You have admin rights on your machine +* [kubectl](https://kubernetes.io/docs/tasks/tools/) is installed +* Your CSP is Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), or STACKIT + +## Install the Constellation CLI + +:::tip + +If you prefer to use Terraform, you can alternatively use the [Terraform provider](../workflows/terraform-provider.md) to manage the cluster's lifecycle. + +::: + +The CLI executable is available at [GitHub](https://github.com/edgelesssys/constellation/releases). +Install it with the following commands: + + + + +1. Download the CLI: + +```bash +curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/constellation-linux-amd64 +``` + +2. [Verify the signature](../workflows/verify-cli.md) (optional) + +3. Install the CLI to your PATH: + +```bash +sudo install constellation-linux-amd64 /usr/local/bin/constellation +``` + + + + +1. Download the CLI: + +```bash +curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/constellation-linux-arm64 +``` + +2. [Verify the signature](../workflows/verify-cli.md) (optional) + +3. Install the CLI to your PATH: + +```bash +sudo install constellation-linux-arm64 /usr/local/bin/constellation +``` + + + + + +1. Download the CLI: + +```bash +curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/constellation-darwin-arm64 +``` + +2. [Verify the signature](../workflows/verify-cli.md) (optional) + +3. Install the CLI to your PATH: + +```bash +sudo install constellation-darwin-arm64 /usr/local/bin/constellation +``` + + + + + +1. Download the CLI: + +```bash +curl -LO https://github.com/edgelesssys/constellation/releases/latest/download/constellation-darwin-amd64 +``` + +2. [Verify the signature](../workflows/verify-cli.md) (optional) + +3. Install the CLI to your PATH: + +```bash +sudo install constellation-darwin-amd64 /usr/local/bin/constellation +``` + + + + + +1. Download the CLI: + +```bash +Invoke-WebRequest -OutFile ./constellation.exe -Uri 'https://github.com/edgelesssys/constellation/releases/latest/download/constellation-windows-amd64.exe' +``` + +2. [Verify the signature](../workflows/verify-cli.md) (optional) + +3. Install the CLI under `C:\Program Files\Constellation\bin\constellation.exe` + +3. Add the CLI to your PATH: + + 1. Open `Advanced system settings` by searching for the App in the Windows search + 2. Go to the `Advanced` tab + 3. Click `Environment Variables…` + 4. Click variable called `Path` and click `Edit…` + 5. Click `New` + 6. Enter the path to the folder containing the binary you want on your PATH: `C:\Program Files\Constellation\bin` + + + + +:::tip +The CLI supports autocompletion for various shells. To set it up, run `constellation completion` and follow the given steps. +::: + +## Set up cloud credentials + +Constellation makes authenticated calls to the CSP API. Therefore, you need to set up Constellation with the credentials for your CSP. + +:::tip +If you don't have a cloud subscription, you can also set up a [local Constellation cluster using virtualization](../getting-started/first-steps-local.md) for testing. +::: + +### Required permissions + + + + +To set up a Constellation cluster, you need to perform two tasks that require permissions: create the infrastructure and create roles for cluster nodes. Both of these actions can be performed by different users, e.g., an administrator to create roles and a DevOps engineer to create the infrastructure. + +To [create the IAM configuration](../workflows/config.md#creating-an-iam-configuration) for Constellation, you need the following permissions: + +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:DescribeAccountAttributes", + "iam:AddRoleToInstanceProfile", + "iam:AttachRolePolicy", + "iam:CreateInstanceProfile", + "iam:CreatePolicy", + "iam:CreateRole", + "iam:DeleteInstanceProfile", + "iam:DeletePolicy", + "iam:DeletePolicyVersion", + "iam:DeleteRole", + "iam:DetachRolePolicy", + "iam:GetInstanceProfile", + "iam:GetPolicy", + "iam:GetPolicyVersion", + "iam:GetRole", + "iam:ListAttachedRolePolicies", + "iam:ListInstanceProfilesForRole", + "iam:ListPolicyVersions", + "iam:ListRolePolicies", + "iam:PassRole", + "iam:RemoveRoleFromInstanceProfile", + "sts:GetCallerIdentity" + ], + "Resource": "*" + } + ] +} +``` + +The built-in `AdministratorAccess` policy is a superset of these permissions. + +To [create a Constellation cluster](../workflows/create.md), see the permissions of [main.tf](https://github.com/edgelesssys/constellation/blob/main/terraform/infrastructure/iam/aws/main.tf). + +The built-in `PowerUserAccess` policy is a superset of these permissions. + +Follow Amazon's guide on [understanding](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) and [managing policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html). + + + + +The following [resource providers need to be registered](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in your subscription: + +* `Microsoft.Attestation` +* `Microsoft.Compute` +* `Microsoft.Insights` +* `Microsoft.ManagedIdentity` +* `Microsoft.Network` + +By default, Constellation tries to register these automatically if they haven't been registered before. + +To [create the IAM configuration](../workflows/config.md#creating-an-iam-configuration) for Constellation, you need the following permissions: + +* `*/register/action` \[1] +* `Microsoft.Authorization/roleAssignments/*` +* `Microsoft.Authorization/roleDefinitions/*` +* `Microsoft.ManagedIdentity/userAssignedIdentities/*` +* `Microsoft.Resources/subscriptions/resourcegroups/*` + +The built-in `Owner` role is a superset of these permissions. + +To [create a Constellation cluster](../workflows/create.md), you need the following permissions: + +* `Microsoft.Attestation/attestationProviders/*` +* `Microsoft.Compute/virtualMachineScaleSets/*` +* `Microsoft.Insights/components/*` +* `Microsoft.ManagedIdentity/userAssignedIdentities/*` +* `Microsoft.Network/loadBalancers/*` +* `Microsoft.Network/loadBalancers/backendAddressPools/*` +* `Microsoft.Network/networkSecurityGroups/*` +* `Microsoft.Network/publicIPAddresses/*` +* `Microsoft.Network/virtualNetworks/*` +* `Microsoft.Network/virtualNetworks/subnets/*` +* `Microsoft.Network/natGateways/*` + +The built-in `Contributor` role is a superset of these permissions. + +Follow Microsoft's guide on [understanding](https://learn.microsoft.com/en-us/azure/role-based-access-control/role-definitions) and [assigning roles](https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments). + +1: You can omit `*/register/Action` if the resource providers mentioned above are already registered and the `ARM_SKIP_PROVIDER_REGISTRATION` environment variable is set to `true` when creating the IAM configuration. + + + + +Create a new project for Constellation or use an existing one. +Enable the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com) on it. + +To [create the IAM configuration](../workflows/config.md#creating-an-iam-configuration) for Constellation, you need the following permissions: + +* `iam.serviceAccountKeys.create` +* `iam.serviceAccountKeys.delete` +* `iam.serviceAccountKeys.get` +* `iam.serviceAccounts.create` +* `iam.serviceAccounts.delete` +* `iam.serviceAccounts.get` +* `resourcemanager.projects.getIamPolicy` +* `resourcemanager.projects.setIamPolicy` + +Together, the built-in roles `roles/editor` and `roles/resourcemanager.projectIamAdmin` form a superset of these permissions. + +To [create a Constellation cluster](../workflows/create.md), you need the following permissions: + +* `compute.addresses.createInternal` +* `compute.addresses.deleteInternal` +* `compute.addresses.get` +* `compute.addresses.useInternal` +* `compute.backendServices.create` +* `compute.backendServices.delete` +* `compute.backendServices.get` +* `compute.backendServices.use` +* `compute.disks.create` +* `compute.firewalls.create` +* `compute.firewalls.delete` +* `compute.firewalls.get` +* `compute.firewalls.update` +* `compute.globalAddresses.create` +* `compute.globalAddresses.delete` +* `compute.globalAddresses.get` +* `compute.globalAddresses.use` +* `compute.globalForwardingRules.create` +* `compute.globalForwardingRules.delete` +* `compute.globalForwardingRules.get` +* `compute.globalForwardingRules.setLabels` +* `compute.globalOperations.get` +* `compute.healthChecks.create` +* `compute.healthChecks.delete` +* `compute.healthChecks.get` +* `compute.healthChecks.useReadOnly` +* `compute.instanceGroupManagers.create` +* `compute.instanceGroupManagers.delete` +* `compute.instanceGroupManagers.get` +* `compute.instanceGroupManagers.update` +* `compute.instanceGroups.create` +* `compute.instanceGroups.delete` +* `compute.instanceGroups.get` +* `compute.instanceGroups.update` +* `compute.instanceGroups.use` +* `compute.instances.create` +* `compute.instances.setLabels` +* `compute.instances.setMetadata` +* `compute.instances.setTags` +* `compute.instanceTemplates.create` +* `compute.instanceTemplates.delete` +* `compute.instanceTemplates.get` +* `compute.instanceTemplates.useReadOnly` +* `compute.networks.create` +* `compute.networks.delete` +* `compute.networks.get` +* `compute.networks.updatePolicy` +* `compute.routers.create` +* `compute.routers.delete` +* `compute.routers.get` +* `compute.routers.update` +* `compute.subnetworks.create` +* `compute.subnetworks.delete` +* `compute.subnetworks.get` +* `compute.subnetworks.use` +* `compute.targetTcpProxies.create` +* `compute.targetTcpProxies.delete` +* `compute.targetTcpProxies.get` +* `compute.targetTcpProxies.use` +* `iam.serviceAccounts.actAs` + +Together, the built-in roles `roles/editor`, `roles/compute.instanceAdmin` and `roles/resourcemanager.projectIamAdmin` form a superset of these permissions. + +Follow Google's guide on [understanding](https://cloud.google.com/iam/docs/understanding-roles) and [assigning roles](https://cloud.google.com/iam/docs/granting-changing-revoking-access). + + + + +Constellation on STACKIT requires a User Access Token (UAT) for the OpenStack API and a STACKIT service account. +The UAT already has all required permissions by default. +The STACKIT service account needs the `editor` role to create STACKIT LoadBalancers. +Look at the [STACKIT documentation](https://docs.stackit.cloud/stackit/en/getting-started-in-service-accounts-134415831.html) on how to create the service account and assign the role. + + + + +### Authentication + +You need to authenticate with your CSP. The following lists the required steps for *testing* and *production* environments. + +:::note +The steps for a *testing* environment are simpler. However, they may expose secrets to the CSP. If in doubt, follow the *production* steps. +::: + + + + +**Testing** + +You can use the [AWS CloudShell](https://console.aws.amazon.com/cloudshell/home). Make sure you are [authorized to use it](https://docs.aws.amazon.com/cloudshell/latest/userguide/sec-auth-with-identities.html). + +**Production** + +Use the latest version of the [AWS CLI](https://aws.amazon.com/cli/) on a trusted machine: + +```bash +aws configure +``` + +Options and first steps are described in the [AWS CLI documentation](https://docs.aws.amazon.com/cli/index.html). + + + + +**Testing** + +Simply open the [Azure Cloud Shell](https://docs.microsoft.com/en-us/azure/cloud-shell/overview). + +**Production** + +Use the latest version of the [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/) on a trusted machine: + +```bash +az login +``` + +Other options are described in Azure's [authentication guide](https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli). + + + + +**Testing** + +You can use the [Google Cloud Shell](https://cloud.google.com/shell). Make sure your [session is authorized](https://cloud.google.com/shell/docs/auth). For example, execute `gsutil` and accept the authorization prompt. + +**Production** + +Use one of the following options on a trusted machine: + +* Use the [`gcloud` CLI](https://cloud.google.com/sdk/gcloud) + + ```bash + gcloud auth application-default login + ``` + + This will ask you to log-in to your Google account and create your credentials. + The Constellation CLI will automatically load these credentials when needed. + +* Set up a service account and pass the credentials manually + + Follow [Google's guide](https://cloud.google.com/docs/authentication/production#manually) for setting up your credentials. + + + + +You need to authenticate with the infrastructure API (OpenStack) and create a service account (STACKIT API). + +1. [Follow the STACKIT documentation](https://docs.stackit.cloud/stackit/en/step-1-generating-of-user-access-token-11763726.html) for obtaining a User Access Token (UAT) to use the infrastructure API +2. Create a configuration file under `~/.config/openstack/clouds.yaml` (`%AppData%\openstack\clouds.yaml` on Windows) with the credentials from the User Access Token + + ```yaml + clouds: + stackit: + auth: + auth_url: https://keystone.api.iaas.eu01.stackit.cloud/v3 + username: REPLACE_WITH_UAT_USERNAME + password: REPLACE_WITH_UAT_PASSWORD + project_id: REPLACE_WITH_STACKIT_PROJECT_ID + project_name: REPLACE_WITH_STACKIT_PROJECT_NAME + user_domain_name: portal_mvp + project_domain_name: portal_mvp + region_name: RegionOne + identity_api_version: 3 + ``` + +3. [Follow the STACKIT documentation](https://docs.stackit.cloud/stackit/en/getting-started-in-service-accounts-134415831.html) for creating a service account and an access token +4. Assign the `editor` role to the service account by [following the documentation](https://docs.stackit.cloud/stackit/en/getting-started-in-service-accounts-134415831.html) +5. Create a configuration file under `~/.stackit/credentials.json` (`%USERPROFILE%\.stackit\credentials.json` on Windows) + + ```json + {"STACKIT_SERVICE_ACCOUNT_TOKEN":"REPLACE_WITH_TOKEN"} + ``` + + + + + +## Next steps + +You are now ready to [deploy your first confidential Kubernetes cluster and application](first-steps.md). diff --git a/docs/versioned_docs/version-2.19/getting-started/marketplaces.md b/docs/versioned_docs/version-2.19/getting-started/marketplaces.md new file mode 100644 index 000000000..a6763a42a --- /dev/null +++ b/docs/versioned_docs/version-2.19/getting-started/marketplaces.md @@ -0,0 +1,56 @@ +# Using Constellation via Cloud Marketplaces + +Constellation is available through the Marketplaces of AWS, Azure, GCP, and STACKIT. This allows you to create self-managed Constellation clusters that are billed on a pay-per-use basis (hourly, per vCPU) with your CSP account. You can still get direct support by Edgeless Systems. For more information, please [contact us](https://www.edgeless.systems/enterprise-support/). + +This document explains how to run Constellation with the dynamically billed cloud marketplace images. + + + + +To use Constellation's marketplace images, ensure that you are subscribed to the [marketplace offering](https://aws.amazon.com/marketplace/pp/prodview-2mbn65nv57oys) through the web portal. + +Then, enable the use of marketplace images in your Constellation `constellation-conf.yaml` [config file](../workflows/config.md): + +```bash +yq eval -i ".provider.aws.useMarketplaceImage = true" constellation-conf.yaml +``` + + + + +Constellation has a private marketplace plan. Please [contact us](https://www.edgeless.systems/enterprise-support/) to gain access. + +To use a marketplace image, you need to accept the marketplace image's terms once for your subscription with the [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/vm/image/terms?view=azure-cli-latest): + +```bash +az vm image terms accept --publisher edgelesssystems --offer constellation --plan constellation +``` + +Then, enable the use of marketplace images in your Constellation `constellation-conf.yaml` [config file](../workflows/config.md): + +```bash +yq eval -i ".provider.azure.useMarketplaceImage = true" constellation-conf.yaml +``` + + + + +To use a marketplace image, ensure that the account is entitled to use marketplace images by Edgeless Systems by accepting the terms through the [web portal](https://console.cloud.google.com/marketplace/vm/config/edgeless-systems-public/constellation). + +Then, enable the use of marketplace images in your Constellation `constellation-conf.yaml` [config file](../workflows/config.md): + +```bash +yq eval -i ".provider.gcp.useMarketplaceImage = true" constellation-conf.yaml +``` + + + + +On STACKIT, the selected Constellation image is always a marketplace image. You can find more information on the STACKIT portal. + + + + +Ensure that the cluster uses an official release image version (i.e., `.image=vX.Y.Z` in the `constellation-conf.yaml` file). + +From there, you can proceed with the [cluster creation](../workflows/create.md) as usual. diff --git a/docs/versioned_docs/version-2.19/intro.md b/docs/versioned_docs/version-2.19/intro.md new file mode 100644 index 000000000..0bfe86da9 --- /dev/null +++ b/docs/versioned_docs/version-2.19/intro.md @@ -0,0 +1,34 @@ +--- +slug: / +id: intro +--- +# Introduction + +Welcome to the documentation of Constellation! Constellation is a Kubernetes engine that aims to provide the best possible data security. + +![Constellation concept](/img/concept.svg) + + Constellation shields your entire Kubernetes cluster from the underlying cloud infrastructure. Everything inside is always encrypted, including at runtime in memory. For this, Constellation leverages a technology called *confidential computing* and more specifically Confidential VMs. + +:::tip +See the 📄[whitepaper](https://content.edgeless.systems/hubfs/Confidential%20Computing%20Whitepaper.pdf) for more information on confidential computing. +::: + +## Goals + +From a security perspective, Constellation is designed to keep all data always encrypted and to prevent any access from the underlying (cloud) infrastructure. This includes access from datacenter employees, privileged cloud admins, and attackers coming through the infrastructure. Such attackers could be malicious co-tenants escalating their privileges or hackers who managed to compromise a cloud server. + +From a DevOps perspective, Constellation is designed to work just like what you would expect from a modern Kubernetes engine. + +## Use cases + +Constellation provides unique security [features](overview/confidential-kubernetes.md) and [benefits](overview/security-benefits.md). The core use cases are: + +* Increasing the overall security of your clusters +* Increasing the trustworthiness of your SaaS offerings +* Moving sensitive workloads from on-prem to the cloud +* Meeting regulatory requirements + +## Next steps + +You can learn more about the concept of Confidential Kubernetes, features, security benefits, and performance of Constellation in the *Basics* section. To jump right into the action head to *Getting started*. diff --git a/docs/versioned_docs/version-2.19/overview/clouds.md b/docs/versioned_docs/version-2.19/overview/clouds.md new file mode 100644 index 000000000..34f48d3f8 --- /dev/null +++ b/docs/versioned_docs/version-2.19/overview/clouds.md @@ -0,0 +1,64 @@ +# Feature status of clouds + +What works on which cloud? Currently, Confidential VMs (CVMs) are available in varying quality on the different clouds and software stacks. + +For Constellation, the ideal environment provides the following: + +1. Ability to run arbitrary software and images inside CVMs +2. CVMs based on AMD SEV-SNP (available in EPYC CPUs since the Milan generation) or Intel TDX (available in Xeon CPUs since the Sapphire Rapids generation) +3. Ability for CVM guests to obtain raw hardware attestation statements +4. Reviewable, open-source firmware inside CVMs +5. Capability of the firmware to attest the integrity of the code it passes control to, e.g., with an embedded virtual TPM (vTPM) + +(1) is a functional must-have. (2)--(5) are required for remote attestation that fully keeps the infrastructure/cloud out. Constellation can work without them or with approximations, but won't protect against certain privileged attackers anymore. + +The following table summarizes the state of features for different infrastructures. + +| **Feature** | **AWS** | **Azure** | **GCP** | **STACKIT** | **OpenStack (Yoga)** | +|-----------------------------------|---------|-----------|---------|--------------|----------------------| +| **1. Custom images** | Yes | Yes | Yes | Yes | Yes | +| **2. SEV-SNP or TDX** | Yes | Yes | Yes | No | Depends on kernel/HV | +| **3. Raw guest attestation** | Yes | Yes | Yes | No | Depends on kernel/HV | +| **4. Reviewable firmware** | Yes | No | No | No | Depends on kernel/HV | +| **5. Confidential measured boot** | No | Yes | No | No | Depends on kernel/HV | + +## Amazon Web Services (AWS) + +Amazon EC2 [supports AMD SEV-SNP](https://aws.amazon.com/de/about-aws/whats-new/2023/04/amazon-ec2-amd-sev-snp/). +Regarding (3), AWS provides direct access to attestation statements. +However, regarding (5), attestation is partially based on the [NitroTPM](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm.html) for [measured boot](../architecture/attestation.md#measured-boot), which is a vTPM managed by the Nitro hypervisor. +Hence, the hypervisor is currently part of Constellation's TCB. +Regarding (4), the [firmware is open source](https://github.com/aws/uefi) and can be reproducibly built. + +## Microsoft Azure + +With its [CVM offering](https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview), Azure provides the best foundations for Constellation. +Regarding (3), Azure provides direct access to attestation statements. +The firmware runs in an isolated domain inside the CVM and exposes a vTPM (5), but it's closed source (4). +On SEV-SNP, Azure uses VM Privilege Level (VMPL) isolation for the separation of firmware and the rest of the VM; on TDX, they use TD partitioning. +This firmware is signed by Azure. +The signature is reflected in the attestation statements of CVMs. +Thus, the Azure closed-source firmware becomes part of Constellation's trusted computing base (TCB). + +## Google Cloud Platform (GCP) + +The [CVMs Generally Available in GCP](https://cloud.google.com/confidential-computing/confidential-vm/docs/confidential-vm-overview#technologies) are based on AMD SEV-ES or SEV-SNP. +Regarding (3), with their SEV-SNP offering Google provides direct access to attestation statements. +However, regarding (5), attestation is partially based on the [Shielded VM vTPM](https://cloud.google.com/compute/shielded-vm/docs/shielded-vm#vtpm) for [measured boot](../architecture/attestation.md#measured-boot), which is a vTPM managed by Google's hypervisor. +Hence, the hypervisor is currently part of Constellation's TCB. +Regarding (4), the CVMs still include closed-source firmware. + +[TDX on Google](https://cloud.google.com/blog/products/identity-security/confidential-vms-on-intel-cpus-your-datas-new-intelligent-defense) is in public preview. +With it, Constellation would have a similar TCB and attestation flow as with the current SEV-SNP offering. + +## STACKIT + +[STACKIT Compute Engine](https://www.stackit.de/en/product/stackit-compute-engine/) supports AMD SEV-ES. A vTPM is used for measured boot, which is a vTPM managed by STACKIT's hypervisor. Hence, the hypervisor is currently part of Constellation's TCB. + +## OpenStack + +OpenStack is an open-source cloud and infrastructure management software. It's used by many smaller CSPs and datacenters. In the latest *Yoga* version, OpenStack has basic support for CVMs. However, much depends on the employed kernel and hypervisor. Features (2)--(4) are likely to be a *Yes* with Linux kernel version 6.2. Thus, going forward, OpenStack on corresponding AMD or Intel hardware will be a viable underpinning for Constellation. + +## Conclusion + +The different clouds and software like the Linux kernel and OpenStack are in the process of building out their support for state-of-the-art CVMs. Azure has already most features in place. For Constellation, the status quo means that the TCB has different shapes on different infrastructures. With broad SEV-SNP support coming to the Linux kernel, we soon expect a normalization of features across infrastructures. diff --git a/docs/versioned_docs/version-2.19/overview/confidential-kubernetes.md b/docs/versioned_docs/version-2.19/overview/confidential-kubernetes.md new file mode 100644 index 000000000..ca20df4de --- /dev/null +++ b/docs/versioned_docs/version-2.19/overview/confidential-kubernetes.md @@ -0,0 +1,42 @@ +# Confidential Kubernetes + +We use the term *Confidential Kubernetes* to refer to the concept of using confidential-computing technology to shield entire Kubernetes clusters from the infrastructure. The three defining properties of this concept are: + +1. **Workload shielding**: the confidentiality and integrity of all workload-related data and code are enforced. +2. **Control plane shielding**: the confidentiality and integrity of the cluster's control plane, state, and workload configuration are enforced. +3. **Attestation and verifiability**: the two properties above can be verified remotely based on hardware-rooted cryptographic certificates. + +Each of the above properties is equally important. Only with all three in conjunction, an entire cluster can be shielded without gaps. + +## Constellation security features + +Constellation implements the Confidential Kubernetes concept with the following security features. + +* **Runtime encryption**: Constellation runs all Kubernetes nodes inside Confidential VMs (CVMs). This gives runtime encryption for the entire cluster. +* **Network and storage encryption**: Constellation augments this with transparent encryption of the [network](../architecture/networking.md), [persistent storage](../architecture/encrypted-storage.md), and other managed storage like [AWS S3](../architecture/encrypted-storage.md#encrypted-s3-object-storage). Thus, workloads and control plane are truly end-to-end encrypted: at rest, in transit, and at runtime. +* **Transparent key management**: Constellation manages the corresponding [cryptographic keys](../architecture/keys.md) inside CVMs. +* **Node attestation and verification**: Constellation verifies the integrity of each new CVM-based node using [remote attestation](../architecture/attestation.md). Only "good" nodes receive the cryptographic keys required to access the network and storage of a cluster. +* **Confidential computing-optimized images**: A node is "good" if it's running a signed Constellation [node image](../architecture/images.md) inside a CVM and is in the expected state. (Node images are hardware-measured during boot. The measurements are reflected in the attestation statements that are produced by nodes and verified by Constellation.) +* **"Whole cluster" attestation**: Towards the DevOps engineer, Constellation provides a single hardware-rooted certificate from which all of the above can be verified. + +With the above, Constellation wraps an entire cluster into one coherent and verifiable *confidential context*. The concept is depicted in the following. + +![Confidential Kubernetes](../_media/concept-constellation.svg) + +## Contrast: Managed Kubernetes with CVMs + +In contrast, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. + +![Concept: Managed Kubernetes plus CVMs](../_media/concept-managed.svg) + +The following table highlights the key differences in terms of features. + +| | Managed Kubernetes with CVMs | Confidential Kubernetes (Constellation✨) | +|-------------------------------------|------------------------------|--------------------------------------------| +| Runtime encryption | Partial (data plane only)| **Yes** | +| Node image verification | No | **Yes** | +| Full cluster attestation | No | **Yes** | +| Transparent network encryption | No | **Yes** | +| Transparent storage encryption | No | **Yes** | +| Confidential key management | No | **Yes** | +| Cloud agnostic / multi-cloud | No | **Yes** | diff --git a/docs/versioned_docs/version-2.19/overview/license.md b/docs/versioned_docs/version-2.19/overview/license.md new file mode 100644 index 000000000..34122c025 --- /dev/null +++ b/docs/versioned_docs/version-2.19/overview/license.md @@ -0,0 +1,33 @@ +# License + +## Source code + +Constellation's source code is available on [GitHub](https://github.com/edgelesssys/constellation) under the [GNU Affero General Public License v3.0](https://github.com/edgelesssys/constellation/blob/main/LICENSE). + +## Binaries + +Edgeless Systems provides ready-to-use and [signed](../architecture/attestation.md#chain-of-trust) binaries of Constellation. This includes the CLI and the [node images](../architecture/images.md). + +These binaries may be used free of charge within the bounds of Constellation's [**Community License**](#community-license). An [**Enterprise License**](#enterprise-license) can be purchased from Edgeless Systems. + +The Constellation CLI displays relevant license information when you initialize your cluster. You are responsible for staying within the bounds of your respective license. Constellation doesn't enforce any limits so as not to endanger your cluster's availability. + +## Terraform provider + +Edgeless Systems provides a [Terraform provider](https://github.com/edgelesssys/terraform-provider-constellation/releases), which may be used free of charge within the bounds of Constellation's [**Community License**](#community-license). An [**Enterprise License**](#enterprise-license) can be purchased from Edgeless Systems. + +You are responsible for staying within the bounds of your respective license. Constellation doesn't enforce any limits so as not to endanger your cluster's availability. + +## Community License + +You are free to use the Constellation binaries provided by Edgeless Systems to create services for internal consumption, evaluation purposes, or non-commercial use. You must not use the Constellation binaries to provide commercial hosted services to third parties. Edgeless Systems gives no warranties and offers no support. + +## Enterprise License + +Enterprise Licenses don't have the above limitations and come with support and additional features. Find out more at the [product website](https://www.edgeless.systems/products/constellation/). + +Once you have received your Enterprise License file, place it in your [Constellation workspace](../architecture/orchestration.md#workspaces) in a file named `constellation.license`. + +## CSP Marketplaces + +Constellation is available through the Marketplaces of AWS, Azure, GCP, and STACKIT. This allows you to create self-managed Constellation clusters that are billed on a pay-per-use basis (hourly, per vCPU) with your CSP account. You can still get direct support by Edgeless Systems. For more information, please [contact us](https://www.edgeless.systems/enterprise-support/). diff --git a/docs/versioned_docs/version-2.19/overview/performance/application.md b/docs/versioned_docs/version-2.19/overview/performance/application.md new file mode 100644 index 000000000..c67d59644 --- /dev/null +++ b/docs/versioned_docs/version-2.19/overview/performance/application.md @@ -0,0 +1,102 @@ +# Application benchmarks + +## HashiCorp Vault + +[HashiCorp Vault](https://www.vaultproject.io/) is a distributed secrets management software that can be deployed to Kubernetes. +HashiCorp maintains a benchmarking tool for vault, [vault-benchmark](https://github.com/hashicorp/vault-benchmark/). +Vault-benchmark generates load on a Vault deployment and measures response times. + +This article describes the results from running vault-benchmark on Constellation, AKS, and GKE. +You can find the setup for producing the data discussed in this article in the [vault-benchmarks](https://github.com/edgelesssys/vault-benchmarks) repository. + +The Vault API used during benchmarking is the [transits secret engine](https://developer.hashicorp.com/vault/docs/secrets/transit). +This allows services to send data to Vault for encryption, decryption, signing, and verification. + +## Results + +On each run, vault-benchmark sends requests and measures the latencies. +The measured latencies are aggregated through various statistical features. +After running the benchmark n times, the arithmetic mean over a subset of the reported statistics is calculated. +The selected features are arithmetic mean, 99th percentile, minimum, and maximum. + +Arithmetic mean gives a general sense of the latency on each target. +The 99th percentile shows performance in (most likely) erroneous states. +Minimum and maximum mark the range within which latency varies each run. + +The benchmark was configured with 1300 workers and 10 seconds per run. +Those numbers were chosen empirically. +The latency was stabilizing at 10 seconds runtime, not changing with further increase. +Increasing the number of workers beyond 1300 leads to request failures, marking the limit Vault was able to handle in this setup. +All results are based on 100 runs. + +The following data was generated while running five replicas, one primary, and four standby nodes. +All numbers are in seconds if not indicated otherwise. +``` +========== Results AKS ========== +Mean: mean: 1.632200, variance: 0.002057 +P99: mean: 5.480679, variance: 2.263700 +Max: mean: 6.651001, variance: 2.808401 +Min: mean: 0.011415, variance: 0.000133 +========== Results GKE ========== +Mean: mean: 1.656435, variance: 0.003615 +P99: mean: 6.030807, variance: 3.955051 +Max: mean: 7.164843, variance: 3.300004 +Min: mean: 0.010233, variance: 0.000111 +========== Results C11n ========== +Mean: mean: 1.651549, variance: 0.001610 +P99: mean: 5.780422, variance: 3.016106 +Max: mean: 6.942997, variance: 3.075796 +Min: mean: 0.013774, variance: 0.000228 +========== AKS vs C11n ========== +Mean: +1.171577 % (AKS is faster) +P99: +5.185495 % (AKS is faster) +Max: +4.205618 % (AKS is faster) +Min: +17.128781 % (AKS is faster) +========== GKE vs C11n ========== +Mean: -0.295851 % (GKE is slower) +P99: -4.331603 % (GKE is slower) +Max: -3.195248 % (GKE is slower) +Min: +25.710886 % (GKE is faster) +``` + +**Interpretation**: Latencies are all within ~5% of each other. +AKS performs slightly better than GKE and Constellation (C11n) in all cases except minimum latency. +Minimum latency is the lowest for GKE. +Compared to GKE, Constellation had slightly lower peak latencies (99th percentile and maximum), indicating that Constellation could have handled slightly more concurrent accesses than GKE. +Overall, performance is at comparable levels across all three distributions. +Based on these numbers, you can use a similarly sized Constellation cluster to run your existing Vault deployment. + +### Visualization + +The following plots visualize the data presented above as [box plots](https://en.wikipedia.org/wiki/Box_plot). +The whiskers denote the minimum and maximum. +The box stretches from the 25th to the 75th percentile, with the dividing bar marking the 50th percentile. +The circles outside the whiskers denote outliers. + +

        +Mean Latency + +![Mean Latency](../../_media/benchmark_vault/5replicas/mean_latency.png) + +
        + +
        +99th Percentile Latency + +![99th Percentile Latency](../../_media/benchmark_vault/5replicas/p99_latency.png) + +
        + +
        +Maximum Latency + +![Maximum Latency](../../_media/benchmark_vault/5replicas/max_latency.png) + +
        + +
        +Minimum Latency + +![Minimum Latency](../../_media/benchmark_vault/5replicas/min_latency.png) + +
        diff --git a/docs/versioned_docs/version-2.19/overview/performance/compute.md b/docs/versioned_docs/version-2.19/overview/performance/compute.md new file mode 100644 index 000000000..88dd4b1b2 --- /dev/null +++ b/docs/versioned_docs/version-2.19/overview/performance/compute.md @@ -0,0 +1,11 @@ +# Impact of runtime encryption on compute performance + +All nodes in a Constellation cluster are executed inside Confidential VMs (CVMs). Consequently, the performance of Constellation is inherently linked to the performance of these CVMs. + +## AMD and Azure benchmarking + +AMD and Azure have collectively released a [performance benchmark](https://community.amd.com/t5/business/microsoft-azure-confidential-computing-powered-by-3rd-gen-epyc/ba-p/497796) for CVMs that utilize 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. This benchmark, which included a variety of mostly compute-intensive tests such as SPEC CPU 2017 and CoreMark, demonstrated that CVMs experience only minor performance degradation (ranging from 2% to 8%) when compared to standard VMs. Such results are indicative of the performance that can be expected from compute-intensive workloads running with Constellation on Azure. + +## AMD and Google benchmarking + +Similarly, AMD and Google have jointly released a [performance benchmark](https://www.amd.com/system/files/documents/3rd-gen-epyc-gcp-c2d-conf-compute-perf-brief.pdf) for CVMs employing 3rd Gen AMD EPYC processors (Milan) with SEV-SNP. With high-performance computing workloads such as WRF, NAMD, Ansys CFS, and Ansys LS_DYNA, they observed analogous findings, with only minor performance degradation (between 2% and 4%) compared to standard VMs. These outcomes are reflective of the performance that can be expected for compute-intensive workloads running with Constellation on GCP. diff --git a/docs/versioned_docs/version-2.19/overview/performance/io.md b/docs/versioned_docs/version-2.19/overview/performance/io.md new file mode 100644 index 000000000..3ae796f8a --- /dev/null +++ b/docs/versioned_docs/version-2.19/overview/performance/io.md @@ -0,0 +1,204 @@ +# I/O performance benchmarks + +To assess the overall performance of Constellation, this benchmark evaluates Constellation v2.6.0 in terms of storage I/O using [`fio`](https://fio.readthedocs.io/en/latest/fio_doc.html) and network performance using the [Kubernetes Network Benchmark](https://github.com/InfraBuilder/k8s-bench-suite#knb--kubernetes-network-be). + +This benchmark tested Constellation on Azure and GCP and compared the results against the managed Kubernetes offerings AKS and GKE. + +## Configurations + +### Constellation + +The benchmark was conducted with Constellation v2.6.0, Kubernetes v1.25.7, and Cilium v1.12. +It ran on the following infrastructure configurations. + +Constellation on Azure: + +- Nodes: 3 (1 Control-plane, 2 Worker) +- Machines: `DC4as_v5`: 3rd Generation AMD EPYC 7763v (Milan) processor with 4 Cores, 16 GiB memory +- CVM: `true` +- Region: `West US` +- Zone: `2` + +Constellation on GCP: + +- Nodes: 3 (1 Control-plane, 2 Worker) +- Machines: `n2d-standard-4`: 2nd Generation AMD EPYC (Rome) processor with 4 Cores, 16 GiB of memory +- CVM: `true` +- Zone: `europe-west3-b` + +### AKS + +On AKS, the benchmark used Kubernetes `v1.24.9` and nodes with version `AKSUbuntu-1804gen2containerd-2023.02.15`. +AKS ran with the [`kubenet`](https://learn.microsoft.com/en-us/azure/aks/concepts-network#kubenet-basic-networking) CNI and the [default CSI driver](https://learn.microsoft.com/en-us/azure/aks/azure-disk-csi) for Azure Disk. + +The following infrastructure configurations was used: + +- Nodes: 2 (2 Worker) +- Machines: `D4as_v5`: 3rd Generation AMD EPYC 7763v (Milan) processor with 4 Cores, 16 GiB memory +- CVM: `false` +- Region: `West US` +- Zone: `2` + +### GKE + +On GKE, the benchmark used Kubernetes `v1.24.9` and nodes with version `1.24.9-gke.3200`. +GKE ran with the [`kubenet`](https://cloud.google.com/kubernetes-engine/docs/concepts/network-overview) CNI and the [default CSI driver](https://cloud.google.com/kubernetes-engine/docs/how-to/persistent-volumes/gce-pd-csi-driver) for Compute Engine persistent disk. + +The following infrastructure configurations was used: + +- Nodes: 2 (2 Worker) +- Machines: `n2d-standard-4` 2nd Generation AMD EPYC (Rome) processor with 4 Cores, 16 GiB of memory +- CVM: `false` +- Zone: `europe-west3-b` + +## Results + +### Network + +This section gives a thorough analysis of the network performance of Constellation, specifically focusing on measuring TCP and UDP bandwidth. +The benchmark measured the bandwidth of pod-to-pod and pod-to-service connections between two different nodes using [`iperf`](https://iperf.fr/). + +GKE and Constellation on GCP had a maximum network bandwidth of [10 Gbps](https://cloud.google.com/compute/docs/general-purpose-machines#n2d_machines). +AKS with `Standard_D4as_v5` machines a maximum network bandwidth of [12.5 Gbps](https://learn.microsoft.com/en-us/azure/virtual-machines/dasv5-dadsv5-series#dasv5-series). +The Confidential VM equivalent `Standard_DC4as_v5` currently has a network bandwidth of [1.25 Gbps](https://learn.microsoft.com/en-us/azure/virtual-machines/dcasv5-dcadsv5-series#dcasv5-series-products). +Therefore, to make the test comparable, both AKS and Constellation on Azure were running with `Standard_DC4as_v5` machines and 1.25 Gbps bandwidth. + +Constellation on Azure and AKS used an MTU of 1500. +Constellation on GCP used an MTU of 8896. GKE used an MTU of 1450. + +The difference in network bandwidth can largely be attributed to two factors. + +- Constellation's [network encryption](../../architecture/networking.md) via Cilium and WireGuard, which protects data in-transit. +- [AMD SEV using SWIOTLB bounce buffers](https://lore.kernel.org/all/20200204193500.GA15564@ashkalra_ubuntu_server/T/) for all DMA including network I/O. + +#### Pod-to-Pod + +In this scenario, the client Pod connects directly to the server pod via its IP address. + +```mermaid +flowchart LR + subgraph Node A + Client[Client] + end + subgraph Node B + Server[Server] + end + Client ==>|traffic| Server +``` + +The results for "Pod-to-Pod" on Azure are as follows: + +![Network Pod2Pod Azure benchmark graph](../../_media/benchmark_net_p2p_azure.png) + +The results for "Pod-to-Pod" on GCP are as follows: + +![Network Pod2Pod GCP benchmark graph](../../_media/benchmark_net_p2p_gcp.png) + +#### Pod-to-Service + +In this scenario, the client Pod connects to the server Pod via a ClusterIP service. This is more relevant to real-world use cases. + +```mermaid +flowchart LR + subgraph Node A + Client[Client] ==>|traffic| Service[Service] + end + subgraph Node B + Server[Server] + end + Service ==>|traffic| Server +``` + +The results for "Pod-to-Pod" on Azure are as follows: + +![Network Pod2SVC Azure benchmark graph](../../_media/benchmark_net_p2svc_azure.png) + +The results for "Pod-to-Pod" on GCP are as follows: + +![Network Pod2SVC GCP benchmark graph](../../_media/benchmark_net_p2svc_gcp.png) + +In our recent comparison of Constellation on GCP with GKE, Constellation has 58% less TCP bandwidth. However, UDP bandwidth was slightly better with Constellation, thanks to its higher MTU. + +Similarly, when comparing Constellation on Azure with AKS using CVMs, Constellation achieved approximately 10% less TCP and 40% less UDP bandwidth. + +### Storage I/O + +Azure and GCP offer persistent storage for their Kubernetes services AKS and GKE via the Container Storage Interface (CSI). CSI storage in Kubernetes is available via `PersistentVolumes` (PV) and consumed via `PersistentVolumeClaims` (PVC). +Upon requesting persistent storage through a PVC, GKE and AKS will provision a PV as defined by a default [storage class](https://kubernetes.io/docs/concepts/storage/storage-classes/). +Constellation provides persistent storage on Azure and GCP [that's encrypted on the CSI layer](../../architecture/encrypted-storage.md). +Similarly, upon a PVC request, Constellation will provision a PV via a default storage class. + +For Constellation on Azure and AKS, the benchmark ran with Azure Disk storage [Standard SSD](https://learn.microsoft.com/en-us/azure/virtual-machines/disks-types#standard-ssds) of 400 GiB size. +The [DC4as machine type](https://learn.microsoft.com/en-us/azure/virtual-machines/dasv5-dadsv5-series#dasv5-series) with four cores provides the following maximum performance: + +- 6400 (20000 burst) IOPS +- 144 MB/s (600 MB/s burst) throughput + +However, the performance is bound by the capabilities of the [512 GiB Standard SSD size](https://learn.microsoft.com/en-us/azure/virtual-machines/disks-types#standard-ssds) (the size class of 400 GiB volumes): + +- 500 (600 burst) IOPS +- 60 MB/s (150 MB/s burst) throughput + +For Constellation on GCP and GKE, the benchmark ran with Compute Engine Persistent Disk Storage [pd-balanced](https://cloud.google.com/compute/docs/disks) of 400 GiB size. +The N2D machine type with four cores and pd-balanced provides the following [maximum performance](https://cloud.google.com/compute/docs/disks/performance#n2d_vms): + +- 3,000 read IOPS +- 15,000 write IOPS +- 240 MB/s read throughput +- 240 MB/s write throughput + +However, the performance is bound by the capabilities of a [`Zonal balanced PD`](https://cloud.google.com/compute/docs/disks/performance#zonal-persistent-disks) with 400 GiB size: + +- 2400 read IOPS +- 2400 write IOPS +- 112 MB/s read throughput +- 112 MB/s write throughput + +The [`fio`](https://fio.readthedocs.io/en/latest/fio_doc.html) benchmark consists of several tests. +The benchmark used [`Kubestr`](https://github.com/kastenhq/kubestr) to run `fio` in Kubernetes. +The default test performs randomized access patterns that accurately depict worst-case I/O scenarios for most applications. + +The following `fio` settings were used: + +- No Cloud caching +- No OS caching +- Single CPU +- 60 seconds runtime +- 10 seconds ramp-up time +- 10 GiB file +- IOPS: 4 KB blocks and 128 iodepth +- Bandwidth: 1024 KB blocks and 128 iodepth + +For more details, see the [`fio` test configuration](https://github.com/edgelesssys/constellation/blob/main/.github/actions/e2e_benchmark/fio.ini). + +The results for IOPS on Azure are as follows: + +![I/O IOPS Azure benchmark graph](../../_media/benchmark_fio_azure_iops.png) + +The results for IOPS on GCP are as follows: + +![I/O IOPS GCP benchmark graph](../../_media/benchmark_fio_gcp_iops.png) + +The results for bandwidth on Azure are as follows: + +![I/O bandwidth Azure benchmark graph](../../_media/benchmark_fio_azure_bw.png) + +The results for bandwidth on GCP are as follows: + +![I/O bandwidth GCP benchmark graph](../../_media/benchmark_fio_gcp_bw.png) + +On GCP, the results exceed the maximum performance guarantees of the chosen disk type. There are two possible explanations for this. The first is that there may be cloud caching in place that isn't configurable. Alternatively, the underlying provisioned disk size may be larger than what was requested, resulting in higher performance boundaries. + +When comparing Constellation on GCP with GKE, Constellation has similar bandwidth but about 10% less IOPS performance. On Azure, Constellation has similar IOPS performance compared to AKS, where both likely hit the maximum storage performance. However, Constellation has approximately 15% less read and write bandwidth. + +## Conclusion + +Despite the added [security benefits](../security-benefits.md) that Constellation provides, it only incurs a slight performance overhead when compared to managed Kubernetes offerings such as AKS and GKE. In most compute benchmarks, Constellation is on par with it's alternatives. +While it may be slightly slower in certain I/O scenarios due to network and storage encryption, there is ongoing work to reduce this overhead to single digits. + +For instance, storage encryption only adds between 10% to 15% overhead in terms of bandwidth and IOPS. +Meanwhile, the biggest performance impact that Constellation currently faces is network encryption, which can incur up to 58% overhead on a 10 Gbps network. +However, the Cilium team has conducted [benchmarks with Cilium using WireGuard encryption](https://docs.cilium.io/en/latest/operations/performance/benchmark/#encryption-wireguard-ipsec) on a 100 Gbps network that yielded over 15 Gbps. +We're confident that Constellation will provide a similar level of performance with an upcoming release. + +Overall, Constellation strikes a great balance between security and performance, and we're continuously working to improve its performance capabilities while maintaining its high level of security. diff --git a/docs/versioned_docs/version-2.19/overview/performance/performance.md b/docs/versioned_docs/version-2.19/overview/performance/performance.md new file mode 100644 index 000000000..59bf86602 --- /dev/null +++ b/docs/versioned_docs/version-2.19/overview/performance/performance.md @@ -0,0 +1,17 @@ +# Performance analysis of Constellation + +This section provides a comprehensive examination of the performance characteristics of Constellation. + +## Runtime encryption + +Runtime encryption affects compute performance. [Benchmarks by Azure and Google](compute.md) show that the performance degradation of Confidential VMs (CVMs) is small, ranging from 2% to 8% for compute-intensive workloads. + +## I/O performance benchmarks + +We evaluated the [I/O performance](io.md) of Constellation, utilizing a collection of synthetic benchmarks targeting networking and storage. +We further compared this performance to native managed Kubernetes offerings from various cloud providers, to better understand how Constellation stands in relation to standard practices. + +## Application benchmarking + +To gauge Constellation's applicability to well-known applications, we performed a [benchmark of HashiCorp Vault](application.md) running on Constellation. +The results were then compared to deployments on the managed Kubernetes offerings from different cloud providers, providing a tangible perspective on Constellation's performance in actual deployment scenarios. diff --git a/docs/versioned_docs/version-2.19/overview/product.md b/docs/versioned_docs/version-2.19/overview/product.md new file mode 100644 index 000000000..4b5d90706 --- /dev/null +++ b/docs/versioned_docs/version-2.19/overview/product.md @@ -0,0 +1,12 @@ +# Product features + +Constellation is a Kubernetes engine that aims to provide the best possible data security in combination with enterprise-grade scalability and reliability features---and a smooth user experience. + +From a security perspective, Constellation implements the [Confidential Kubernetes](confidential-kubernetes.md) concept and corresponding security features, which shield your entire cluster from the underlying infrastructure. + +From an operational perspective, Constellation provides the following key features: + +* **Native support for different clouds**: Constellation works on Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), and STACKIT. Support for OpenStack-based environments is coming with a future release. Constellation securely interfaces with the cloud infrastructure to provide [cluster autoscaling](https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler), [dynamic persistent volumes](https://kubernetes.io/docs/concepts/storage/dynamic-provisioning/), and [service load balancing](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer). +* **High availability**: Constellation uses a [multi-master architecture](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/high-availability/) with a [stacked etcd topology](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/ha-topology/#stacked-etcd-topology) to ensure high availability. +* **Integrated Day-2 operations**: Constellation lets you securely [upgrade](../workflows/upgrade.md) your cluster to a new release. It also lets you securely [recover](../workflows/recovery.md) a failed cluster. Both with a single command. +* **Support for Terraform**: Constellation includes a [Terraform provider](../workflows/terraform-provider.md) that lets you manage the full lifecycle of your cluster via Terraform. diff --git a/docs/versioned_docs/version-2.19/overview/security-benefits.md b/docs/versioned_docs/version-2.19/overview/security-benefits.md new file mode 100644 index 000000000..51a8b64f5 --- /dev/null +++ b/docs/versioned_docs/version-2.19/overview/security-benefits.md @@ -0,0 +1,22 @@ +# Security benefits and threat model + +Constellation implements the [Confidential Kubernetes](confidential-kubernetes.md) concept and shields entire Kubernetes deployments from the infrastructure. More concretely, Constellation decreases the size of the trusted computing base (TCB) of a Kubernetes deployment. The TCB is the totality of elements in a computing environment that must be trusted not to be compromised. A smaller TCB results in a smaller attack surface. The following diagram shows how Constellation removes the *cloud & datacenter infrastructure* and the *physical hosts*, including the hypervisor, the host OS, and other components, from the TCB (red). Inside the confidential context (green), Kubernetes remains part of the TCB, but its integrity is attested and can be [verified](../workflows/verify-cluster.md). + +![TCB comparison](../_media/tcb.svg) + +Given this background, the following describes the concrete threat classes that Constellation addresses. + +## Insider access + +Employees and third-party contractors of cloud service providers (CSPs) have access to different layers of the cloud infrastructure. +This opens up a large attack surface where workloads and data can be read, copied, or manipulated. With Constellation, Kubernetes deployments are shielded from the infrastructure and thus such accesses are prevented. + +## Infrastructure-based attacks + +Malicious cloud users ("hackers") may break out of their tenancy and access other tenants' data. Advanced attackers may even be able to establish a permanent foothold within the infrastructure and access data over a longer period. Analogously to the *insider access* scenario, Constellation also prevents access to a deployment's data in this scenario. + +## Supply chain attacks + +Supply chain security is receiving lots of attention recently due to an [increasing number of recorded attacks](https://www.enisa.europa.eu/news/enisa-news/understanding-the-increase-in-supply-chain-security-attacks). For instance, a malicious actor could attempt to tamper Constellation node images (including Kubernetes and other software) before they're loaded in the confidential VMs of a cluster. Constellation uses [remote attestation](../architecture/attestation.md) in conjunction with public [transparency logs](../workflows/verify-cli.md) to prevent this. + +In the future, Constellation will extend this feature to customer workloads. This will enable cluster owners to create auditable policies that precisely define which containers can run in a given deployment. diff --git a/docs/versioned_docs/version-2.19/reference/cli.md b/docs/versioned_docs/version-2.19/reference/cli.md new file mode 100644 index 000000000..99acef520 --- /dev/null +++ b/docs/versioned_docs/version-2.19/reference/cli.md @@ -0,0 +1,844 @@ +# CLI reference + + + +Use the Constellation CLI to create and manage your clusters. + +Usage: + +``` +constellation [command] +``` +Commands: + +* [config](#constellation-config): Work with the Constellation configuration file + * [generate](#constellation-config-generate): Generate a default configuration and state file + * [fetch-measurements](#constellation-config-fetch-measurements): Fetch measurements for configured cloud provider and image + * [instance-types](#constellation-config-instance-types): Print the supported instance types for all cloud providers + * [kubernetes-versions](#constellation-config-kubernetes-versions): Print the Kubernetes versions supported by this CLI + * [migrate](#constellation-config-migrate): Migrate a configuration file to a new version +* [create](#constellation-create): Create instances on a cloud platform for your Constellation cluster +* [apply](#constellation-apply): Apply a configuration to a Constellation cluster +* [mini](#constellation-mini): Manage MiniConstellation clusters + * [up](#constellation-mini-up): Create and initialize a new MiniConstellation cluster + * [down](#constellation-mini-down): Destroy a MiniConstellation cluster +* [status](#constellation-status): Show status of a Constellation cluster +* [verify](#constellation-verify): Verify the confidential properties of a Constellation cluster +* [upgrade](#constellation-upgrade): Find and apply upgrades to your Constellation cluster + * [check](#constellation-upgrade-check): Check for possible upgrades + * [apply](#constellation-upgrade-apply): Apply an upgrade to a Constellation cluster +* [recover](#constellation-recover): Recover a completely stopped Constellation cluster +* [terminate](#constellation-terminate): Terminate a Constellation cluster +* [iam](#constellation-iam): Work with the IAM configuration on your cloud provider + * [create](#constellation-iam-create): Create IAM configuration on a cloud platform for your Constellation cluster + * [aws](#constellation-iam-create-aws): Create IAM configuration on AWS for your Constellation cluster + * [azure](#constellation-iam-create-azure): Create IAM configuration on Microsoft Azure for your Constellation cluster + * [gcp](#constellation-iam-create-gcp): Create IAM configuration on GCP for your Constellation cluster + * [destroy](#constellation-iam-destroy): Destroy an IAM configuration and delete local Terraform files + * [upgrade](#constellation-iam-upgrade): Find and apply upgrades to your IAM profile + * [apply](#constellation-iam-upgrade-apply): Apply an upgrade to an IAM profile +* [version](#constellation-version): Display version of this CLI +* [init](#constellation-init): Initialize the Constellation cluster + +## constellation config + +Work with the Constellation configuration file + +### Synopsis + +Work with the Constellation configuration file. + +### Options + +``` + -h, --help help for config +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation config generate + +Generate a default configuration and state file + +### Synopsis + +Generate a default configuration and state file for your selected cloud provider. + +``` +constellation config generate {aws|azure|gcp|openstack|qemu|stackit} [flags] +``` + +### Options + +``` + -a, --attestation string attestation variant to use {aws-sev-snp|aws-nitro-tpm|azure-sev-snp|azure-tdx|azure-trustedlaunch|gcp-sev-snp|gcp-sev-es|qemu-vtpm}. If not specified, the default for the cloud provider is used + -h, --help help for generate + -k, --kubernetes string Kubernetes version to use in format MAJOR.MINOR (default "v1.29") + -t, --tags strings additional tags for created resources given a list of key=value +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation config fetch-measurements + +Fetch measurements for configured cloud provider and image + +### Synopsis + +Fetch measurements for configured cloud provider and image. + +A config needs to be generated first. + +``` +constellation config fetch-measurements [flags] +``` + +### Options + +``` + -h, --help help for fetch-measurements + -s, --signature-url string alternative URL to fetch measurements' signature from + -u, --url string alternative URL to fetch measurements from +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation config instance-types + +Print the supported instance types for all cloud providers + +### Synopsis + +Print the supported instance types for all cloud providers. + +``` +constellation config instance-types [flags] +``` + +### Options + +``` + -h, --help help for instance-types +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation config kubernetes-versions + +Print the Kubernetes versions supported by this CLI + +### Synopsis + +Print the Kubernetes versions supported by this CLI. + +``` +constellation config kubernetes-versions [flags] +``` + +### Options + +``` + -h, --help help for kubernetes-versions +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation config migrate + +Migrate a configuration file to a new version + +### Synopsis + +Migrate a configuration file to a new version. + +``` +constellation config migrate [flags] +``` + +### Options + +``` + -h, --help help for migrate +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation create + +Create instances on a cloud platform for your Constellation cluster + +### Synopsis + +Create instances on a cloud platform for your Constellation cluster. + +``` +constellation create [flags] +``` + +### Options + +``` + -h, --help help for create + -y, --yes create the cluster without further confirmation +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation apply + +Apply a configuration to a Constellation cluster + +### Synopsis + +Apply a configuration to a Constellation cluster to initialize or upgrade the cluster. + +``` +constellation apply [flags] +``` + +### Options + +``` + --conformance enable conformance mode + -h, --help help for apply + --merge-kubeconfig merge Constellation kubeconfig file with default kubeconfig file in $HOME/.kube/config + --skip-helm-wait install helm charts without waiting for deployments to be ready + --skip-phases strings comma-separated list of upgrade phases to skip + one or multiple of { infrastructure | init | attestationconfig | certsans | helm | image | k8s } + -y, --yes run command without further confirmation + WARNING: the command might delete or update existing resources without additional checks. Please read the docs. + +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation mini + +Manage MiniConstellation clusters + +### Synopsis + +Manage MiniConstellation clusters. + +### Options + +``` + -h, --help help for mini +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation mini up + +Create and initialize a new MiniConstellation cluster + +### Synopsis + +Create and initialize a new MiniConstellation cluster. + +A mini cluster consists of a single control-plane and worker node, hosted using QEMU/KVM. + +``` +constellation mini up [flags] +``` + +### Options + +``` + -h, --help help for up + --merge-kubeconfig merge Constellation kubeconfig file with default kubeconfig file in $HOME/.kube/config (default true) +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation mini down + +Destroy a MiniConstellation cluster + +### Synopsis + +Destroy a MiniConstellation cluster. + +``` +constellation mini down [flags] +``` + +### Options + +``` + -h, --help help for down + -y, --yes terminate the cluster without further confirmation +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation status + +Show status of a Constellation cluster + +### Synopsis + +Show the status of a constellation cluster. + +Shows microservice, image, and Kubernetes versions installed in the cluster. Also shows status of current version upgrades. + +``` +constellation status [flags] +``` + +### Options + +``` + -h, --help help for status +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation verify + +Verify the confidential properties of a Constellation cluster + +### Synopsis + +Verify the confidential properties of a Constellation cluster. +If arguments aren't specified, values are read from `constellation-state.yaml`. + +``` +constellation verify [flags] +``` + +### Options + +``` + --cluster-id string expected cluster identifier + -h, --help help for verify + -e, --node-endpoint string endpoint of the node to verify, passed as HOST[:PORT] + -o, --output string print the attestation document in the output format {json|raw} +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation upgrade + +Find and apply upgrades to your Constellation cluster + +### Synopsis + +Find and apply upgrades to your Constellation cluster. + +### Options + +``` + -h, --help help for upgrade +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation upgrade check + +Check for possible upgrades + +### Synopsis + +Check which upgrades can be applied to your Constellation Cluster. + +``` +constellation upgrade check [flags] +``` + +### Options + +``` + -h, --help help for check + --ref string the reference to use for querying new versions (default "-") + --stream string the stream to use for querying new versions (default "stable") + -u, --update-config update the specified config file with the suggested versions +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation upgrade apply + +Apply an upgrade to a Constellation cluster + +### Synopsis + +Apply an upgrade to a Constellation cluster by applying the chosen configuration. + +``` +constellation upgrade apply [flags] +``` + +### Options + +``` + --conformance enable conformance mode + -h, --help help for apply + --skip-helm-wait install helm charts without waiting for deployments to be ready + --skip-phases strings comma-separated list of upgrade phases to skip + one or multiple of { infrastructure | helm | image | k8s } + -y, --yes run upgrades without further confirmation + WARNING: might delete your resources in case you are using cert-manager in your cluster. Please read the docs. + WARNING: might unintentionally overwrite measurements in the running cluster. +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation recover + +Recover a completely stopped Constellation cluster + +### Synopsis + +Recover a Constellation cluster by sending a recovery key to an instance in the boot stage. + +This is only required if instances restart without other instances available for bootstrapping. + +``` +constellation recover [flags] +``` + +### Options + +``` + -e, --endpoint string endpoint of the instance, passed as HOST[:PORT] + -h, --help help for recover +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation terminate + +Terminate a Constellation cluster + +### Synopsis + +Terminate a Constellation cluster. + +The cluster can't be started again, and all persistent storage will be lost. + +``` +constellation terminate [flags] +``` + +### Options + +``` + -h, --help help for terminate + -y, --yes terminate the cluster without further confirmation +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation iam + +Work with the IAM configuration on your cloud provider + +### Synopsis + +Work with the IAM configuration on your cloud provider. + +### Options + +``` + -h, --help help for iam +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation iam create + +Create IAM configuration on a cloud platform for your Constellation cluster + +### Synopsis + +Create IAM configuration on a cloud platform for your Constellation cluster. + +### Options + +``` + -h, --help help for create + --update-config update the config file with the specific IAM information + -y, --yes create the IAM configuration without further confirmation +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation iam create aws + +Create IAM configuration on AWS for your Constellation cluster + +### Synopsis + +Create IAM configuration on AWS for your Constellation cluster. + +``` +constellation iam create aws [flags] +``` + +### Options + +``` + -h, --help help for aws + --prefix string name prefix for all resources (required) + --zone string AWS availability zone the resources will be created in, e.g., us-east-2a (required) + See the Constellation docs for a list of currently supported regions. +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + --update-config update the config file with the specific IAM information + -C, --workspace string path to the Constellation workspace + -y, --yes create the IAM configuration without further confirmation +``` + +## constellation iam create azure + +Create IAM configuration on Microsoft Azure for your Constellation cluster + +### Synopsis + +Create IAM configuration on Microsoft Azure for your Constellation cluster. + +``` +constellation iam create azure [flags] +``` + +### Options + +``` + -h, --help help for azure + --region string region the resources will be created in, e.g., westus (required) + --resourceGroup string name prefix of the two resource groups your cluster / IAM resources will be created in (required) + --servicePrincipal string name of the service principal that will be created (required) + --subscriptionID string subscription ID of the Azure account. Required if the 'ARM_SUBSCRIPTION_ID' environment variable is not set +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + --update-config update the config file with the specific IAM information + -C, --workspace string path to the Constellation workspace + -y, --yes create the IAM configuration without further confirmation +``` + +## constellation iam create gcp + +Create IAM configuration on GCP for your Constellation cluster + +### Synopsis + +Create IAM configuration on GCP for your Constellation cluster. + +``` +constellation iam create gcp [flags] +``` + +### Options + +``` + -h, --help help for gcp + --projectID string ID of the GCP project the configuration will be created in (required) + Find it on the welcome screen of your project: https://console.cloud.google.com/welcome + --serviceAccountID string ID for the service account that will be created (required) + Must be 6 to 30 lowercase letters, digits, or hyphens. + --zone string GCP zone the cluster will be deployed in (required) + Find a list of available zones here: https://cloud.google.com/compute/docs/regions-zones#available +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + --update-config update the config file with the specific IAM information + -C, --workspace string path to the Constellation workspace + -y, --yes create the IAM configuration without further confirmation +``` + +## constellation iam destroy + +Destroy an IAM configuration and delete local Terraform files + +### Synopsis + +Destroy an IAM configuration and delete local Terraform files. + +``` +constellation iam destroy [flags] +``` + +### Options + +``` + -h, --help help for destroy + -y, --yes destroy the IAM configuration without asking for confirmation +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation iam upgrade + +Find and apply upgrades to your IAM profile + +### Synopsis + +Find and apply upgrades to your IAM profile. + +### Options + +``` + -h, --help help for upgrade +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation iam upgrade apply + +Apply an upgrade to an IAM profile + +### Synopsis + +Apply an upgrade to an IAM profile. + +``` +constellation iam upgrade apply [flags] +``` + +### Options + +``` + -h, --help help for apply + -y, --yes run upgrades without further confirmation +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation version + +Display version of this CLI + +### Synopsis + +Display version of this CLI. + +``` +constellation version [flags] +``` + +### Options + +``` + -h, --help help for version +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + +## constellation init + +Initialize the Constellation cluster + +### Synopsis + +Initialize the Constellation cluster. + +Start your confidential Kubernetes. + +``` +constellation init [flags] +``` + +### Options + +``` + --conformance enable conformance mode + -h, --help help for init + --merge-kubeconfig merge Constellation kubeconfig file with default kubeconfig file in $HOME/.kube/config + --skip-helm-wait install helm charts without waiting for deployments to be ready +``` + +### Options inherited from parent commands + +``` + --debug enable debug logging + --force disable version compatibility checks - might result in corrupted clusters + --tf-log string Terraform log level (default "NONE") + -C, --workspace string path to the Constellation workspace +``` + diff --git a/docs/versioned_docs/version-2.19/reference/migration.md b/docs/versioned_docs/version-2.19/reference/migration.md new file mode 100644 index 000000000..49cbde702 --- /dev/null +++ b/docs/versioned_docs/version-2.19/reference/migration.md @@ -0,0 +1,97 @@ +# Migrations + +This document describes breaking changes and migrations between Constellation releases. +Use [`constellation config migrate`](./cli.md#constellation-config-migrate) to automatically update an old config file to a new format. + + +## Migrations to v2.19.0 + +### Azure + +* To allow seamless upgrades on Azure when Kubernetes services of type `LoadBalancer` are deployed, the target + load balancer in which the `cloud-controller-manager` creates load balancing rules was changed. Instead of using the load balancer + created and maintained by the CLI's Terraform code, the `cloud-controller-manager` now creates its own load balancer in Azure. + If your Constellation has services of type `LoadBalancer`, please remove them before the upgrade and re-apply them + afterward. + + +## Migrating from Azure's service principal authentication to managed identity authentication (during the upgrade to Constellation v2.8.0) + +- The `provider.azure.appClientID` and `provider.azure.appClientSecret` fields are no longer supported and should be removed. +- To keep using an existing UAMI, add the `Owner` permission with the scope of your `resourceGroup`. +- Otherwise, simply [create new Constellation IAM credentials](../workflows/config.md#creating-an-iam-configuration) and use the created UAMI. +- To migrate the authentication for an existing cluster on Azure to an UAMI with the necessary permissions: + 1. Remove the `aadClientId` and `aadClientSecret` from the azureconfig secret. + 2. Set `useManagedIdentityExtension` to `true` and use the `userAssignedIdentity` from the Constellation config for the value of `userAssignedIdentityID`. + 3. Restart the CSI driver, cloud controller manager, cluster autoscaler, and Constellation operator pods. + + +## Migrating from CLI versions before 2.10 + +- AWS cluster upgrades require additional IAM permissions for the newly introduced `aws-load-balancer-controller`. Please upgrade your IAM roles using `iam upgrade apply`. This will show necessary changes and apply them, if desired. +- The global `nodeGroups` field was added. +- The fields `instanceType`, `stateDiskSizeGB`, and `stateDiskType` for each cloud provider are now part of the configuration of individual node groups. +- The `constellation create` command no longer uses the flags `--control-plane-count` and `--worker-count`. Instead, the initial node count is configured per node group in the `nodeGroups` field. + +## Migrating from CLI versions before 2.9 + +- The `provider.azure.appClientID` and `provider.azure.clientSecretValue` fields were removed to enforce migration to managed identity authentication + +## Migrating from CLI versions before 2.8 + +- The `measurements` field for each cloud service provider was replaced with a global `attestation` field. +- The `confidentialVM`, `idKeyDigest`, and `enforceIdKeyDigest` fields for the Azure cloud service provider were removed in favor of using the global `attestation` field. +- The optional global field `attestationVariant` was replaced by the now required `attestation` field. + +## Migrating from CLI versions before 2.3 + +- The `sshUsers` field was deprecated in v2.2 and has been removed from the configuration in v2.3. + As an alternative for SSH, check the workflow section [Connect to nodes](../workflows/troubleshooting.md#node-shell-access). +- The `image` field for each cloud service provider has been replaced with a global `image` field. Use the following mapping to migrate your configuration: +
        + Show all + + | CSP | old image | new image | + | ----- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------- | + | AWS | `ami-06b8cbf4837a0a57c` | `v2.2.2` | + | AWS | `ami-02e96dc04a9e438cd` | `v2.2.2` | + | AWS | `ami-028ead928a9034b2f` | `v2.2.2` | + | AWS | `ami-032ac10dd8d8266e3` | `v2.2.1` | + | AWS | `ami-032e0d57cc4395088` | `v2.2.1` | + | AWS | `ami-053c3e49e19b96bdd` | `v2.2.1` | + | AWS | `ami-0e27ebcefc38f648b` | `v2.2.0` | + | AWS | `ami-098cd37f66523b7c3` | `v2.2.0` | + | AWS | `ami-04a87d302e2509aad` | `v2.2.0` | + | Azure | `/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.Compute/galleries/Constellation/images/constellation/versions/2.2.2` | `v2.2.2` | + | Azure | `/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.Compute/galleries/Constellation_CVM/images/constellation/versions/2.2.2` | `v2.2.2` | + | Azure | `/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.Compute/galleries/Constellation/images/constellation/versions/2.2.1` | `v2.2.1` | + | Azure | `/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.Compute/galleries/Constellation_CVM/images/constellation/versions/2.2.1` | `v2.2.1` | + | Azure | `/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.Compute/galleries/Constellation/images/constellation/versions/2.2.0` | `v2.2.0` | + | Azure | `/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.Compute/galleries/Constellation_CVM/images/constellation/versions/2.2.0` | `v2.2.0` | + | Azure | `/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.Compute/galleries/Constellation/images/constellation/versions/2.1.0` | `v2.1.0` | + | Azure | `/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.Compute/galleries/Constellation_CVM/images/constellation/versions/2.1.0` | `v2.1.0` | + | Azure | `/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.Compute/galleries/Constellation/images/constellation/versions/2.0.0` | `v2.0.0` | + | Azure | `/subscriptions/0d202bbb-4fa7-4af8-8125-58c269a05435/resourceGroups/constellation-images/providers/Microsoft.Compute/galleries/Constellation_CVM/images/constellation/versions/2.0.0` | `v2.0.0` | + | GCP | `projects/constellation-images/global/images/constellation-v2-2-2` | `v2.2.2` | + | GCP | `projects/constellation-images/global/images/constellation-v2-2-1` | `v2.2.1` | + | GCP | `projects/constellation-images/global/images/constellation-v2-2-0` | `v2.2.0` | + | GCP | `projects/constellation-images/global/images/constellation-v2-1-0` | `v2.1.0` | + | GCP | `projects/constellation-images/global/images/constellation-v2-0-0` | `v2.0.0` | +
        +- The `enforcedMeasurements` field has been removed and merged with the `measurements` field. + - To migrate your config containing a new image (`v2.3` or greater), remove the old `measurements` and `enforcedMeasurements` entries from your config and run `constellation fetch-measurements` + - To migrate your config containing an image older than `v2.3`, remove the `enforcedMeasurements` entry and replace the entries in `measurements` as shown in the example below: + + ```diff + measurements: + - 0: DzXCFGCNk8em5ornNZtKi+Wg6Z7qkQfs5CfE3qTkOc8= + + 0: + + expected: DzXCFGCNk8em5ornNZtKi+Wg6Z7qkQfs5CfE3qTkOc8= + + warnOnly: true + - 8: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= + + 8: + + expected: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= + + warnOnly: false + -enforcedMeasurements: + - - 8 + ``` diff --git a/docs/versioned_docs/version-2.19/reference/slsa.md b/docs/versioned_docs/version-2.19/reference/slsa.md new file mode 100644 index 000000000..21f4e713c --- /dev/null +++ b/docs/versioned_docs/version-2.19/reference/slsa.md @@ -0,0 +1,73 @@ +# Supply chain levels for software artifacts (SLSA) adoption + +[Supply chain Levels for Software Artifacts, or SLSA (salsa)](https://slsa.dev/) is a framework for improving and grading a project's build system and engineering processes. SLSA focuses on security improvements for source code storage as well as build system definition, execution, and observation. SLSA is structured in [four levels](https://slsa.dev/spec/v0.1/levels). This page describes the adoption of SLSA for Constellation. + +:::info +SLSA is still in alpha status. The presented levels and their requirements might change in the future. We will adopt any changes into our engineering processes, as they get defined. +::: + +## Level 1 - Adopted + +**[Build - Scripted](https://slsa.dev/spec/v0.1/requirements#scripted-build)** + +All build steps are automated via [Bazel](https://github.com/edgelesssys/constellation/tree/main/bazel/ci) and [GitHub Actions](https://github.com/edgelesssys/constellation/tree/main/.github). + +**[Provenance - Available](https://slsa.dev/spec/v0.1/requirements#available)** + +Provenance for the CLI is generated using the [slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator). + +## Level 2 - Adopted + +**[Source - Version Controlled](https://slsa.dev/spec/v0.1/requirements#version-controlled)** + +Constellation is hosted on GitHub using git. + +**[Build - Build Service](https://slsa.dev/spec/v0.1/requirements#build-service)** + +All builds are carried out by [GitHub Actions](https://github.com/edgelesssys/constellation/tree/main/.github). + +**[Provenance - Authenticated](https://slsa.dev/spec/v0.1/requirements#authenticated)** + +Provenance for the CLI is signed using the [slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator). Learn [how to verify the CLI](../workflows/verify-cli.md) using the signed provenance, before using it for the first time. + +**[Provenance - Service Generated](https://slsa.dev/spec/v0.1/requirements#service-generated)** + +Provenance for the CLI is generated using the [slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) in GitHub Actions. + +## Level 3 - Adopted + +**[Source - Verified History](https://slsa.dev/spec/v0.1/requirements#verified-history)** + +The [Edgeless Systems](https://github.com/edgelesssys) GitHub organization [requires two-factor authentication](https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-two-factor-authentication-for-your-organization/requiring-two-factor-authentication-in-your-organization) for all members. + +**[Source - Retained Indefinitely](https://slsa.dev/spec/v0.1/requirements#retained-indefinitely)** + +Since we use GitHub to host the repository, an external person can't modify or delete the history. Before a pull request can be merged, an explicit approval from an [Edgeless Systems](https://github.com/edgelesssys) team member is required. + +The same holds true for changes proposed by team members. Each change to `main` needs to be proposed via a pull request and requires at least one approval. + +The [Edgeless Systems](https://github.com/edgelesssys) GitHub organization admins control these settings and are able to make changes to the repository's history should legal requirements necessitate it. These changes require two-party approval following the obliterate policy. + +**[Build - Build as Code](https://slsa.dev/spec/v0.1/requirements#build-as-code)** + +All build files for Constellation are stored in [the same repository](https://github.com/edgelesssys/constellation/tree/main/.github). + +**[Build - Ephemeral Environment](https://slsa.dev/spec/v0.1/requirements#ephemeral-environment)** + +All GitHub Action workflows are executed on [GitHub-hosted runners](https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners). These runners are only available during workflow. + +We currently don't use [self-hosted runners](https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners). + +**[Build - Isolated](https://slsa.dev/spec/v0.1/requirements#isolated)** + +As outlined in the previous section, we use GitHub-hosted runners, which provide a new, isolated and ephemeral environment for each build. + +Additionally, the [SLSA GitHub generator](https://github.com/slsa-framework/slsa-github-generator#generation-of-provenance) itself is run in an isolated workflow with the artifact hash as defined inputs. + +**[Provenance - Non-falsifiable](https://slsa.dev/spec/v0.1/requirements#non-falsifiable)** + +As outlined by [SLSA GitHub generator](https://github.com/slsa-framework/slsa-github-generator) it already fulfills the non-falsifiable requirements for SLSA Level 3. The generated provenance is signed using [sigstore](https://sigstore.dev/) with an OIDC based proof of identity. + +## Level 4 - In Progress + +We strive to adopt certain aspect of SLSA Level 4 that support our engineering process. At the same time, SLSA is still in alpha status and the biggest changes to SLSA are expected to be around Level 4. diff --git a/docs/versioned_docs/version-2.19/reference/terraform.md b/docs/versioned_docs/version-2.19/reference/terraform.md new file mode 100644 index 000000000..9825a8bb8 --- /dev/null +++ b/docs/versioned_docs/version-2.19/reference/terraform.md @@ -0,0 +1,37 @@ +# Terraform usage + +[Terraform](https://www.terraform.io/) is an Infrastructure as Code (IaC) framework to manage cloud resources. This page explains how Constellation uses it internally and how advanced users may manually use it to have more control over the resource creation. + +:::info +Information on this page is intended for users who are familiar with Terraform. +It's not required for common usage of Constellation. +See the [Terraform documentation](https://developer.hashicorp.com/terraform/docs) if you want to learn more about it. +::: + +## Terraform state files + +Constellation keeps Terraform state files in subdirectories of the workspace together with the corresponding Terraform configuration files and metadata. +The subdirectories are created on the first Constellation CLI action that uses Terraform internally. + +Currently, these subdirectories are: + +* `constellation-terraform` - Terraform state files for the resources of the Constellation cluster +* `constellation-iam-terraform` - Terraform state files for IAM configuration + +As with all commands, commands that work with these files (e.g., `apply`, `terminate`, `iam`) have to be executed from the root of the cluster's [workspace directory](../architecture/orchestration.md#workspaces). You usually don't need and shouldn't manipulate or delete the subdirectories manually. + +## Interacting with Terraform manually + +Manual interaction with Terraform state created by Constellation (i.e., via the Terraform CLI) should only be performed by experienced users. It may lead to unrecoverable loss of cloud resources. For the majority of users and use cases, the interaction done by the [Constellation CLI](cli.md) is sufficient. + +## Terraform debugging + +To debug Terraform issues, the Constellation CLI offers the `tf-log` flag. You can set it to any of [Terraform's log levels](https://developer.hashicorp.com/terraform/internals/debugging): +* `JSON` (JSON-formatted logs at `TRACE` level) +* `TRACE` +* `DEBUG` +* `INFO` +* `WARN` +* `ERROR` + +The log output is written to the `terraform.log` file in the workspace directory. The output is appended to the file on each run. diff --git a/docs/versioned_docs/version-2.19/workflows/cert-manager.md b/docs/versioned_docs/version-2.19/workflows/cert-manager.md new file mode 100644 index 000000000..1d847e8bf --- /dev/null +++ b/docs/versioned_docs/version-2.19/workflows/cert-manager.md @@ -0,0 +1,13 @@ +# Install cert-manager + +:::caution +If you want to use cert-manager with Constellation, pay attention to the following to avoid potential pitfalls. +::: + +Constellation ships with cert-manager preinstalled. +The default installation is part of the `kube-system` namespace, as all other Constellation-managed microservices. +You are free to install more instances of cert-manager into other namespaces. +However, be aware that any new installation needs to use the same version as the one installed with Constellation or rely on the same CRD versions. +Also remember to set the `installCRDs` value to `false` when installing new cert-manager instances. +It will create problems if you have two installations of cert-manager depending on different versions of the installed CRDs. +CRDs are cluster-wide resources and cert-manager depends on specific versions of those CRDs for each release. diff --git a/docs/versioned_docs/version-2.19/workflows/config.md b/docs/versioned_docs/version-2.19/workflows/config.md new file mode 100644 index 000000000..95f791acd --- /dev/null +++ b/docs/versioned_docs/version-2.19/workflows/config.md @@ -0,0 +1,353 @@ +# Configure your cluster + +:::info +This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. +::: + + + +--- + +Before you can create your cluster, you need to configure the identity and access management (IAM) for your cloud service provider (CSP) and choose machine types for the nodes. + +## Creating the configuration file + +You can generate a configuration file for your CSP by using the following CLI command: + + + + +```bash +constellation config generate aws +``` + + + + +```bash +constellation config generate azure +``` + + + + +```bash +constellation config generate gcp +``` + + + + +```bash +constellation config generate stackit +``` + + + + +This creates the file `constellation-conf.yaml` in the current directory. + +## Choosing a VM type + +Constellation supports the following VM types: + + + +By default, Constellation uses `m6a.xlarge` VMs (4 vCPUs, 16 GB RAM) to create your cluster. +Optionally, you can switch to a different VM type by modifying `instanceType` in the configuration file. +If you are using the default attestation variant `awsSEVSNP`, you can use the instance types described in [AWS's AMD SEV-SNP docs](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snp-requirements.html). +Please mind the region restrictions mentioned in the [Getting started](../getting-started/first-steps.md#create-a-cluster) section. + +If you are using the attestation variant `awsNitroTPM`, you can choose any of the [nitroTPM-enabled instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enable-nitrotpm-prerequisites.html). + +The Constellation CLI can also print the supported instance types with: `constellation config instance-types`. + + + + +By default, Constellation uses `Standard_DC4as_v5` CVMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying `instanceType` in the configuration file. For CVMs, any VM type with a minimum of 4 vCPUs from the [DCasv5 & DCadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/dcasv5-dcadsv5-series) or [ECasv5 & ECadsv5](https://docs.microsoft.com/en-us/azure/virtual-machines/ecasv5-ecadsv5-series) families is supported. + +You can also run `constellation config instance-types` to get the list of all supported options. + + + + +By default, Constellation uses `n2d-standard-4` VMs (4 vCPUs, 16 GB RAM) to create your cluster. Optionally, you can switch to a different VM type by modifying `instanceType` in the configuration file. Supported are all machines with a minimum of 4 vCPUs from the [C2D](https://cloud.google.com/compute/docs/compute-optimized-machines#c2d_machine_types) or [N2D](https://cloud.google.com/compute/docs/general-purpose-machines#n2d_machines) family. You can run `constellation config instance-types` to get the list of all supported options. + + + + +By default, Constellation uses `m1a.4cd` VMs (4 vCPUs, 30 GB RAM) to create your cluster. +Optionally, you can switch to a different VM type by modifying `instanceType` in the configuration file. + +The following instance types are known to be supported: + +| name | vCPUs | GB RAM | +|----------|-------|--------| +| m1a.4cd | 4 | 30 | +| m1a.8cd | 8 | 60 | +| m1a.16cd | 16 | 120 | +| m1a.30cd | 30 | 230 | + +You can choose any of the SEV-enabled instance types. You can find a list of all supported instance types in the [STACKIT documentation](https://docs.stackit.cloud/stackit/en/virtual-machine-flavors-75137231.html). + +The Constellation CLI can also print the supported instance types with: `constellation config instance-types`. + + + + +Fill the desired VM type into the `instanceType` fields in the `constellation-conf.yml` file. + +## Creating additional node groups + +By default, Constellation creates the node groups `control_plane_default` and `worker_default` for control-plane nodes and workers, respectively. +If you require additional control-plane or worker groups with different instance types, zone placements, or disk sizes, you can add additional node groups to the `constellation-conf.yml` file. +Each node group can be scaled individually. + +Consider the following example for AWS: + +```yaml +nodeGroups: + control_plane_default: + role: control-plane + instanceType: c6a.xlarge + stateDiskSizeGB: 30 + stateDiskType: gp3 + zone: eu-west-1c + initialCount: 3 + worker_default: + role: worker + instanceType: c6a.xlarge + stateDiskSizeGB: 30 + stateDiskType: gp3 + zone: eu-west-1c + initialCount: 2 + high_cpu: + role: worker + instanceType: c6a.24xlarge + stateDiskSizeGB: 128 + stateDiskType: gp3 + zone: eu-west-1c + initialCount: 1 +``` + +This configuration creates an additional node group `high_cpu` with a larger instance type and disk. + +You can use the field `zone` to specify what availability zone nodes of the group are placed in. +On Azure, this field is empty by default and nodes are automatically spread across availability zones. +STACKIT currently offers SEV-enabled CPUs in the `eu01-1`, `eu01-2`, and `eu01-3` zones. +Consult the documentation of your cloud provider for more information: + +* [AWS](https://aws.amazon.com/about-aws/global-infrastructure/regions_az/) +* [Azure](https://azure.microsoft.com/en-us/explore/global-infrastructure/availability-zones) +* [GCP](https://cloud.google.com/compute/docs/regions-zones) +* [STACKIT](https://docs.stackit.cloud/stackit/en/regions-and-availability-zones-75137212.html) + +## Choosing a Kubernetes version + +To learn which Kubernetes versions can be installed with your current CLI, you can run `constellation config kubernetes-versions`. +See also Constellation's [Kubernetes support policy](../architecture/versions.md#kubernetes-support-policy). + +## Creating an IAM configuration + +You can create an IAM configuration for your cluster automatically using the `constellation iam create` command. +If you already have a Constellation configuration file, you can add the `--update-config` flag to the command. This writes the needed IAM fields into your configuration. Furthermore, the flag updates the zone/region of the configuration if it hasn't been set yet. + + + + +You must be authenticated with the [AWS CLI](https://aws.amazon.com/en/cli/) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). + +```bash +constellation iam create aws --zone=us-east-2a --prefix=constellTest +``` + +This command creates IAM configuration for the AWS zone `us-east-2a` using the prefix `constellTest` for all named resources being created. + +Constellation OS images are currently replicated to the following regions: + +* `eu-central-1` +* `eu-west-1` +* `eu-west-3` +* `us-east-2` +* `ap-south-1` + +If you require the OS image to be available in another region, [let us know](https://github.com/edgelesssys/constellation/issues/new?assignees=&labels=&template=feature_request.md&title=Support+new+AWS+image+region:+xx-xxxx-x). + +You can find a list of all [regions in AWS's documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions). + +Paste the output into the corresponding fields of the `constellation-conf.yaml` file. + + + + +You must be authenticated with the [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). + +```bash +constellation iam create azure --subscriptionID 00000000-0000-0000-0000-000000000000 --region=westus --resourceGroup=constellTest --servicePrincipal=spTest +``` + +This command creates IAM configuration on the Azure region `westus` creating a new resource group `constellTest` and a new service principal `spTest`. + +CVMs are available in several Azure regions. Constellation OS images are currently replicated to the following: + +* `germanywestcentral` +* `westus` +* `eastus` +* `northeurope` +* `westeurope` +* `southeastasia` + +If you require the OS image to be available in another region, [let us know](https://github.com/edgelesssys/constellation/issues/new?assignees=&labels=&template=feature_request.md&title=Support+new+Azure+image+region:+xx-xxxx-x). + +You can find a list of all [regions in Azure's documentation](https://azure.microsoft.com/en-us/global-infrastructure/services/?products=virtual-machines®ions=all). + +Paste the output into the corresponding fields of the `constellation-conf.yaml` file. + + + + +You must be authenticated with the [GCP CLI](https://cloud.google.com/sdk/gcloud) in the shell session with a user that has the [required permissions for IAM creation](../getting-started/install.md#set-up-cloud-credentials). + +```bash +constellation iam create gcp --projectID=yourproject-12345 --zone=europe-west2-a --serviceAccountID=constell-test +``` + +This command creates IAM configuration in the GCP project `yourproject-12345` on the GCP zone `europe-west2-a` creating a new service account `constell-test`. + +Note that only regions offering CVMs of the `C2D` or `N2D` series are supported. You can find a [list of all regions in Google's documentation](https://cloud.google.com/compute/docs/regions-zones#available), which you can filter by machine type `N2D`. + +Paste the output into the corresponding fields of the `constellation-conf.yaml` file. + + + + +STACKIT requires manual creation and configuration of service accounts. Look at the [first steps](../getting-started/first-steps.md) for more information. + + + + +
        +Alternatively, you can manually create the IAM configuration on your CSP. + +The following describes the configuration fields and how you obtain the required information or create the required resources. + + + + +* **region**: The name of your chosen AWS data center region, e.g., `us-east-2`. + + Constellation OS images are currently replicated to the following regions: + * `eu-central-1` + * `eu-west-1` + * `eu-west-3` + * `us-east-2` + * `ap-south-1` + + If you require the OS image to be available in another region, [let us know](https://github.com/edgelesssys/constellation/issues/new?assignees=&labels=&template=feature_request.md&title=Support+new+AWS+image+region:+xx-xxxx-x). + + You can find a list of all [regions in AWS's documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions). + +* **zone**: The name of your chosen AWS data center availability zone, e.g., `us-east-2a`. + + Learn more about [availability zones in AWS's documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-availability-zones). + +* **iamProfileControlPlane**: The name of an IAM instance profile attached to all control-plane nodes. + + You can create the resource with [Terraform](https://www.terraform.io/). For that, use the [provided Terraform script](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam) to generate the necessary profile. The profile name will be provided as Terraform output value: `control_plane_instance_profile_name`. + + Alternatively, you can create the AWS profile with a tool of your choice. Use the JSON policy in [main.tf](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam/main.tf) in the resource `aws_iam_policy.control_plane_policy`. + +* **iamProfileWorkerNodes**: The name of an IAM instance profile attached to all worker nodes. + + You can create the resource with [Terraform](https://www.terraform.io/). For that, use the [provided Terraform script](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam) to generate the necessary profile. The profile name will be provided as Terraform output value: `worker_nodes_instance_profile_name`. + + Alternatively, you can create the AWS profile with a tool of your choice. Use the JSON policy in [main.tf](https://github.com/edgelesssys/constellation/tree/release/v2.2/hack/terraform/aws/iam/main.tf) in the resource `aws_iam_policy.worker_node_policy`. + + + + +* **subscription**: The UUID of your Azure subscription, e.g., `8b8bd01f-efd9-4113-9bd1-c82137c32da7`. + + You can view your subscription UUID via `az account show` and read the `id` field. For more information refer to [Azure's documentation](https://docs.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id#find-your-azure-subscription). + +* **tenant**: The UUID of your Azure tenant, e.g., `3400e5a2-8fe2-492a-886c-38cb66170f25`. + + You can view your tenant UUID via `az account show` and read the `tenant` field. For more information refer to [Azure's documentation](https://docs.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id#find-your-azure-ad-tenant). + +* **location**: The Azure datacenter location you want to deploy your cluster in, e.g., `westus`. + + CVMs are available in several Azure regions. Constellation OS images are currently replicated to the following: + + * `germanywestcentral` + * `westus` + * `eastus` + * `northeurope` + * `westeurope` + * `southeastasia` + + If you require the OS image to be available in another region, [let us know](https://github.com/edgelesssys/constellation/issues/new?assignees=&labels=&template=feature_request.md&title=Support+new+Azure+image+region:+xx-xxxx-x). + + You can find a list of all [regions in Azure's documentation](https://azure.microsoft.com/en-us/global-infrastructure/services/?products=virtual-machines®ions=all). + +* **resourceGroup**: [Create a new resource group in Azure](https://learn.microsoft.com/azure/azure-resource-manager/management/manage-resource-groups-portal) for your Constellation cluster. Set this configuration field to the name of the created resource group. + +* **userAssignedIdentity**: [Create a new managed identity in Azure](https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities). You should create the identity in a different resource group as all resources within the cluster resource group will be deleted on cluster termination. + + Add three role assignments to the identity: `Owner`, `Virtual Machine Contributor`, and `Application Insights Component Contributor`. The `scope` of all three should refer to the previously created cluster resource group. + + Set the configuration value to the full ID of the created identity, e.g., `/subscriptions/8b8bd01f-efd9-4113-9bd1-c82137c32da7/resourcegroups/constellation-identity/providers/Microsoft.ManagedIdentity/userAssignedIdentities/constellation-identity`. You can get it by opening the `JSON View` from the `Overview` section of the identity. + + The user-assigned identity is used by instances of the cluster to access other cloud resources. + For more information about managed identities refer to [Azure's documentation](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities). + + + + +* **project**: The ID of your GCP project, e.g., `constellation-129857`. + + You can find it on the [welcome screen of your GCP project](https://console.cloud.google.com/welcome). For more information refer to [Google's documentation](https://support.google.com/googleapi/answer/7014113). + +* **region**: The GCP region you want to deploy your cluster in, e.g., `us-west1`. + + You can find a [list of all regions in Google's documentation](https://cloud.google.com/compute/docs/regions-zones#available). + +* **zone**: The GCP zone you want to deploy your cluster in, e.g., `us-west1-a`. + + You can find a [list of all zones in Google's documentation](https://cloud.google.com/compute/docs/regions-zones#available). + +* **serviceAccountKeyPath**: To configure this, you need to create a GCP [service account](https://cloud.google.com/iam/docs/service-accounts) with the following permissions: + + * `Compute Instance Admin (v1) (roles/compute.instanceAdmin.v1)` + * `Compute Network Admin (roles/compute.networkAdmin)` + * `Compute Security Admin (roles/compute.securityAdmin)` + * `Compute Storage Admin (roles/compute.storageAdmin)` + * `Service Account User (roles/iam.serviceAccountUser)` + + Afterward, create and download a new JSON key for this service account. Place the downloaded file in your Constellation workspace, and set the config parameter to the filename, e.g., `constellation-129857-15343dba46cb.json`. + + + + +STACKIT requires manual creation and configuration of service accounts. Look at the [first steps](../getting-started/first-steps.md) for more information. + + + +
        + +Now that you've configured your CSP, you can [create your cluster](./create.md). + +## Deleting an IAM configuration + +You can keep a created IAM configuration and reuse it for new clusters. Alternatively, you can also delete it if you don't want to use it anymore. + +Delete the IAM configuration by executing the following command in the same directory where you executed `constellation iam create` (the directory that contains [`constellation-iam-terraform`](../reference/terraform.md) as a subdirectory): + +```bash +constellation iam destroy +``` + +:::caution +For Azure, deleting the IAM configuration by executing `constellation iam destroy` will delete the whole resource group created by `constellation iam create`. +This also includes any additional resources in the resource group that weren't created by Constellation. +::: diff --git a/docs/versioned_docs/version-2.19/workflows/create.md b/docs/versioned_docs/version-2.19/workflows/create.md new file mode 100644 index 000000000..6074ebb16 --- /dev/null +++ b/docs/versioned_docs/version-2.19/workflows/create.md @@ -0,0 +1,93 @@ +# Create your cluster + +:::info +This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. +::: + + + +--- + +Creating your cluster happens through multiple phases. +The most significant ones are: + +1. Creating the necessary resources in your cloud environment +2. Bootstrapping the Constellation cluster and setting up a connection +3. Installing the necessary Kubernetes components + +`constellation apply` handles all this in a single command. +You can use the `--skip-phases` flag to skip specific phases of the process. +For example, if you created the infrastructure manually, you can skip the cloud resource creation phase. + +See the [architecture](../architecture/orchestration.md) section for details on the inner workings of this process. + +:::tip +If you don't have a cloud subscription, you can also set up a [local Constellation cluster using virtualization](../getting-started/first-steps-local.md) for testing. +::: + +Before you create the cluster, make sure to have a [valid configuration file](./config.md). + + + + +```bash +constellation apply +``` + +`apply` stores the state of your cluster's cloud resources in a [`constellation-terraform`](../architecture/orchestration.md#cluster-creation-process) directory in your workspace. + + + + +Self-managed infrastructure allows for more flexibility in the setup, by separating the infrastructure setup from the Constellation cluster management. +This provides flexibility in DevOps and can meet potential regulatory requirements. +It's recommended to use Terraform for infrastructure management, but you can use any tool of your choice. + +:::info + + When using Terraform, you can use the [Constellation Terraform provider](./terraform-provider.md) to manage the entire Constellation cluster lifecycle. + +::: + +You can refer to the Terraform files for the selected CSP from the [Constellation GitHub repository](https://github.com/edgelesssys/constellation/tree/main/terraform/infrastructure) for a minimum Constellation cluster configuration. From this base, you can now add, edit, or substitute resources per your own requirements with the infrastructure +management tooling of your choice. You need to keep the essential functionality of the base configuration in order for your cluster to function correctly. + + + +:::info + + On Azure, a manual update to the MAA provider's policy is necessary. + You can apply the update with the following command after creating the infrastructure, with `` being the URL of the MAA provider (i.e., `$(terraform output attestation_url | jq -r)`, when using the minimal Terraform configuration). + + ```bash + constellation maa-patch + ``` + +::: + + + +Make sure all necessary resources are created, e.g., through checking your CSP's portal and retrieve the necessary values, aligned with the outputs (specified in `outputs.tf`) of the base configuration. + +Fill these outputs into the corresponding fields of the `Infrastructure` block inside the `constellation-state.yaml` file. For example, fill the IP or DNS name your cluster can be reached at into the `.Infrastructure.ClusterEndpoint` field. + +With the required cloud resources set up, continue with initializing your cluster. + +```bash +constellation apply --skip-phases=infrastructure +``` + + + + +Finally, configure `kubectl` for your cluster: + +```bash +export KUBECONFIG="$PWD/constellation-admin.conf" +``` + +🏁 That's it. You've successfully created a Constellation cluster. + +### Troubleshooting + +In case `apply` fails, the CLI collects logs from the bootstrapping instance and stores them inside `constellation-cluster.log`. diff --git a/docs/versioned_docs/version-2.19/workflows/lb.md b/docs/versioned_docs/version-2.19/workflows/lb.md new file mode 100644 index 000000000..868e61076 --- /dev/null +++ b/docs/versioned_docs/version-2.19/workflows/lb.md @@ -0,0 +1,28 @@ +# Expose a service + +Constellation integrates the native load balancers of each CSP. Therefore, to expose a service simply [create a service of type `LoadBalancer`](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer). + +## Internet-facing LB service on AWS + +To expose your application service externally you might want to use a Kubernetes Service of type `LoadBalancer`. On AWS, load-balancing is achieved through the [AWS Load Balancer Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller) as in the managed EKS. + +Since recent versions, the controller deploy an internal LB by default requiring to set an annotation `service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing` to have an internet-facing LB. For more details, see the [official docs](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.7/guide/service/nlb/). + +For general information on LB with AWS see [Network load balancing on Amazon EKS](https://docs.aws.amazon.com/eks/latest/userguide/network-load-balancing.html). + +:::caution +Before terminating the cluster, all LB backed services should be deleted, so that the controller can cleanup the related resources. +::: + +## Ingress on AWS + +The AWS Load Balancer Controller also provisions `Ingress` resources of class `alb`. +AWS Application Load Balancers (ALBs) can be configured with a [`target-type`](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.7/guide/ingress/annotations/#target-type). +The target type `ip` requires using the EKS container network solution, which makes it incompatible with Constellation. +If a service can be exposed on a `NodePort`, the target type `instance` can be used. + +See [Application load balancing on Amazon EKS](https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html) for more information. + +:::caution +Ingress handlers backed by AWS ALBs reside outside the Constellation cluster, so they shouldn't be handling sensitive traffic! +::: diff --git a/docs/versioned_docs/version-2.19/workflows/recovery.md b/docs/versioned_docs/version-2.19/workflows/recovery.md new file mode 100644 index 000000000..592ae247b --- /dev/null +++ b/docs/versioned_docs/version-2.19/workflows/recovery.md @@ -0,0 +1,179 @@ +# Recover your cluster + +Recovery of a Constellation cluster means getting it back into a healthy state after too many concurrent node failures in the control plane. +Reasons for an unhealthy cluster can vary from a power outage, or planned reboot, to migration of nodes and regions. +Recovery events are rare, because Constellation is built for high availability and automatically and securely replaces failed nodes. When a node is replaced, Constellation's control plane first verifies the new node before it sends the node the cryptographic keys required to decrypt its [state disk](../architecture/images.md#state-disk). + +Constellation provides a recovery mechanism for cases where the control plane has failed and is unable to replace nodes. +The `constellation recover` command securely connects to all nodes in need of recovery using [attested TLS](../architecture/attestation.md#attested-tls-atls) and provides them with the keys to decrypt their state disks and continue booting. + +## Identify unhealthy clusters + +The first step to recovery is identifying when a cluster becomes unhealthy. +Usually, this can be first observed when the Kubernetes API server becomes unresponsive. + +You can check the health status of the nodes via the cloud service provider (CSP). +Constellation provides logging information on the boot process and status via serial console output. +In the following, you'll find detailed descriptions for identifying clusters stuck in recovery for each CSP. + + + + +First, open the AWS console to view all Auto Scaling Groups (ASGs) in the region of your cluster. Select the ASG of the control plane `--control-plane` and check that enough members are in a *Running* state. + +Second, check the boot logs of these *Instances*. In the ASG's *Instance management* view, select each desired instance. In the upper right corner, select **Action > Monitor and troubleshoot > Get system log**. + +In the serial console output, search for `Waiting for decryption key`. +Similar output to the following means your node was restarted and needs to decrypt the [state disk](../architecture/images.md#state-disk): + +```json +{"level":"INFO","ts":"2022-09-08T10:21:53Z","caller":"cmd/main.go:55","msg":"Starting disk-mapper","version":"2.0.0","cloudProvider":"gcp"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"setupManager","caller":"setup/setup.go:72","msg":"Preparing existing state disk"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:65","msg":"Starting RejoinClient"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"recoveryServer","caller":"recoveryserver/server.go:59","msg":"Starting RecoveryServer"} +``` + +The node will then try to connect to the [*JoinService*](../architecture/microservices.md#joinservice) and obtain the decryption key. +If this fails due to an unhealthy control plane, you will see log messages similar to the following: + +```json +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:77","msg":"Received list with JoinService endpoints","endpoints":["192.168.178.4:30090","192.168.178.2:30090"]} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:96","msg":"Requesting rejoin ticket","endpoint":"192.168.178.4:30090"} +{"level":"WARN","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:101","msg":"Failed to rejoin on endpoint","error":"rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing dial tcp 192.168.178.4:30090: connect: connection refused\"","endpoint":"192.168.178.4:30090"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:96","msg":"Requesting rejoin ticket","endpoint":"192.168.178.2:30090"} +{"level":"WARN","ts":"2022-09-08T10:22:13Z","logger":"rejoinClient","caller":"rejoinclient/client.go:101","msg":"Failed to rejoin on endpoint","error":"rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing dial tcp 192.168.178.2:30090: i/o timeout\"","endpoint":"192.168.178.2:30090"} +{"level":"ERROR","ts":"2022-09-08T10:22:13Z","logger":"rejoinClient","caller":"rejoinclient/client.go:110","msg":"Failed to rejoin on all endpoints"} +``` + +This means that you have to recover the node manually. + + + + +In the Azure portal, find the cluster's resource group. +Inside the resource group, open the control plane *Virtual machine scale set* `constellation-scale-set-controlplanes-`. +On the left, go to **Settings** > **Instances** and check that enough members are in a *Running* state. + +Second, check the boot logs of these *Instances*. +In the scale set's *Instances* view, open the details page of the desired instance. +On the left, go to **Support + troubleshooting** > **Serial console**. + +In the serial console output, search for `Waiting for decryption key`. +Similar output to the following means your node was restarted and needs to decrypt the [state disk](../architecture/images.md#state-disk): + +```json +{"level":"INFO","ts":"2022-09-08T09:56:41Z","caller":"cmd/main.go:55","msg":"Starting disk-mapper","version":"2.0.0","cloudProvider":"azure"} +{"level":"INFO","ts":"2022-09-08T09:56:43Z","logger":"setupManager","caller":"setup/setup.go:72","msg":"Preparing existing state disk"} +{"level":"INFO","ts":"2022-09-08T09:56:43Z","logger":"recoveryServer","caller":"recoveryserver/server.go:59","msg":"Starting RecoveryServer"} +{"level":"INFO","ts":"2022-09-08T09:56:43Z","logger":"rejoinClient","caller":"rejoinclient/client.go:65","msg":"Starting RejoinClient"} +``` + +The node will then try to connect to the [*JoinService*](../architecture/microservices.md#joinservice) and obtain the decryption key. +If this fails due to an unhealthy control plane, you will see log messages similar to the following: + +```json +{"level":"INFO","ts":"2022-09-08T09:56:43Z","logger":"rejoinClient","caller":"rejoinclient/client.go:77","msg":"Received list with JoinService endpoints","endpoints":["10.9.0.5:30090","10.9.0.6:30090"]} +{"level":"INFO","ts":"2022-09-08T09:56:43Z","logger":"rejoinClient","caller":"rejoinclient/client.go:96","msg":"Requesting rejoin ticket","endpoint":"10.9.0.5:30090"} +{"level":"WARN","ts":"2022-09-08T09:57:03Z","logger":"rejoinClient","caller":"rejoinclient/client.go:101","msg":"Failed to rejoin on endpoint","error":"rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing dial tcp 10.9.0.5:30090: i/o timeout\"","endpoint":"10.9.0.5:30090"} +{"level":"INFO","ts":"2022-09-08T09:57:03Z","logger":"rejoinClient","caller":"rejoinclient/client.go:96","msg":"Requesting rejoin ticket","endpoint":"10.9.0.6:30090"} +{"level":"WARN","ts":"2022-09-08T09:57:23Z","logger":"rejoinClient","caller":"rejoinclient/client.go:101","msg":"Failed to rejoin on endpoint","error":"rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing dial tcp 10.9.0.6:30090: i/o timeout\"","endpoint":"10.9.0.6:30090"} +{"level":"ERROR","ts":"2022-09-08T09:57:23Z","logger":"rejoinClient","caller":"rejoinclient/client.go:110","msg":"Failed to rejoin on all endpoints"} +``` + +This means that you have to recover the node manually. + + + + +First, check that the control plane *Instance Group* has enough members in a *Ready* state. +In the GCP Console, go to **Instance Groups** and check the group for the cluster's control plane `-control-plane-`. + +Second, check the status of the *VM Instances*. +Go to **VM Instances** and open the details of the desired instance. +Check the serial console output of that instance by opening the **Logs** > **Serial port 1 (console)** page: + +![GCP portal serial console link](../_media/recovery-gcp-serial-console-link.png) + +In the serial console output, search for `Waiting for decryption key`. +Similar output to the following means your node was restarted and needs to decrypt the [state disk](../architecture/images.md#state-disk): + +```json +{"level":"INFO","ts":"2022-09-08T10:21:53Z","caller":"cmd/main.go:55","msg":"Starting disk-mapper","version":"2.0.0","cloudProvider":"gcp"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"setupManager","caller":"setup/setup.go:72","msg":"Preparing existing state disk"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:65","msg":"Starting RejoinClient"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"recoveryServer","caller":"recoveryserver/server.go:59","msg":"Starting RecoveryServer"} +``` + +The node will then try to connect to the [*JoinService*](../architecture/microservices.md#joinservice) and obtain the decryption key. +If this fails due to an unhealthy control plane, you will see log messages similar to the following: + +```json +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:77","msg":"Received list with JoinService endpoints","endpoints":["192.168.178.4:30090","192.168.178.2:30090"]} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:96","msg":"Requesting rejoin ticket","endpoint":"192.168.178.4:30090"} +{"level":"WARN","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:101","msg":"Failed to rejoin on endpoint","error":"rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing dial tcp 192.168.178.4:30090: connect: connection refused\"","endpoint":"192.168.178.4:30090"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:96","msg":"Requesting rejoin ticket","endpoint":"192.168.178.2:30090"} +{"level":"WARN","ts":"2022-09-08T10:22:13Z","logger":"rejoinClient","caller":"rejoinclient/client.go:101","msg":"Failed to rejoin on endpoint","error":"rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing dial tcp 192.168.178.2:30090: i/o timeout\"","endpoint":"192.168.178.2:30090"} +{"level":"ERROR","ts":"2022-09-08T10:22:13Z","logger":"rejoinClient","caller":"rejoinclient/client.go:110","msg":"Failed to rejoin on all endpoints"} +``` + +This means that you have to recover the node manually. + + + + +First, open the STACKIT portal to view all servers in your project. Select individual control plane nodes `--control-plane--` and check that enough members are in a *Running* state. + +Second, check the boot logs of these servers. Click on a server name and select **Overview**. Find the **Machine Setup** section and click on **Web console** > **Open console**. + +In the serial console output, search for `Waiting for decryption key`. +Similar output to the following means your node was restarted and needs to decrypt the [state disk](../architecture/images.md#state-disk): + +```json +{"level":"INFO","ts":"2022-09-08T10:21:53Z","caller":"cmd/main.go:55","msg":"Starting disk-mapper","version":"2.0.0","cloudProvider":"gcp"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"setupManager","caller":"setup/setup.go:72","msg":"Preparing existing state disk"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:65","msg":"Starting RejoinClient"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"recoveryServer","caller":"recoveryserver/server.go:59","msg":"Starting RecoveryServer"} +``` + +The node will then try to connect to the [*JoinService*](../architecture/microservices.md#joinservice) and obtain the decryption key. +If this fails due to an unhealthy control plane, you will see log messages similar to the following: + +```json +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:77","msg":"Received list with JoinService endpoints","endpoints":["192.168.178.4:30090","192.168.178.2:30090"]} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:96","msg":"Requesting rejoin ticket","endpoint":"192.168.178.4:30090"} +{"level":"WARN","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:101","msg":"Failed to rejoin on endpoint","error":"rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing dial tcp 192.168.178.4:30090: connect: connection refused\"","endpoint":"192.168.178.4:30090"} +{"level":"INFO","ts":"2022-09-08T10:21:53Z","logger":"rejoinClient","caller":"rejoinclient/client.go:96","msg":"Requesting rejoin ticket","endpoint":"192.168.178.2:30090"} +{"level":"WARN","ts":"2022-09-08T10:22:13Z","logger":"rejoinClient","caller":"rejoinclient/client.go:101","msg":"Failed to rejoin on endpoint","error":"rpc error: code = Unavailable desc = connection error: desc = \"transport: Error while dialing dial tcp 192.168.178.2:30090: i/o timeout\"","endpoint":"192.168.178.2:30090"} +{"level":"ERROR","ts":"2022-09-08T10:22:13Z","logger":"rejoinClient","caller":"rejoinclient/client.go:110","msg":"Failed to rejoin on all endpoints"} +``` + +This means that you have to recover the node manually. + + + + +## Recover a cluster + +Recovering a cluster requires the following parameters: + +* The `constellation-state.yaml` file in your working directory or the cluster's endpoint +* The master secret of the cluster + +A cluster can be recovered like this: + +```bash +$ constellation recover +Pushed recovery key. +Pushed recovery key. +Pushed recovery key. +Recovered 3 control-plane nodes. +``` + +In the serial console output of the node you'll see a similar output to the following: + +```json +{"level":"INFO","ts":"2022-09-08T10:26:59Z","logger":"recoveryServer","caller":"recoveryserver/server.go:93","msg":"Received recover call"} +{"level":"INFO","ts":"2022-09-08T10:26:59Z","logger":"recoveryServer","caller":"recoveryserver/server.go:125","msg":"Received state disk key and measurement secret, shutting down server"} +{"level":"INFO","ts":"2022-09-08T10:26:59Z","logger":"recoveryServer.gRPC","caller":"zap/server_interceptors.go:61","msg":"finished streaming call with code OK","grpc.start_time":"2022-09-08T10:26:59Z","system":"grpc","span.kind":"server","grpc.service":"recoverproto.API","grpc.method":"Recover","peer.address":"192.0.2.3:41752","grpc.code":"OK","grpc.time_ms":15.701} +{"level":"INFO","ts":"2022-09-08T10:27:13Z","logger":"rejoinClient","caller":"rejoinclient/client.go:87","msg":"RejoinClient stopped"} +``` diff --git a/docs/versioned_docs/version-2.19/workflows/s3proxy.md b/docs/versioned_docs/version-2.19/workflows/s3proxy.md new file mode 100644 index 000000000..121e8a461 --- /dev/null +++ b/docs/versioned_docs/version-2.19/workflows/s3proxy.md @@ -0,0 +1,58 @@ +# Install s3proxy + +Constellation includes a transparent client-side encryption proxy for [AWS S3](https://aws.amazon.com/de/s3/) and compatible stores. +s3proxy encrypts objects before sending them to S3 and automatically decrypts them on retrieval, without requiring changes to your application. +With s3proxy, you can use S3 for storage in a confidential way without having to trust the storage provider. + +## Limitations + +Currently, s3proxy has the following limitations: +- Only `PutObject` and `GetObject` requests are encrypted/decrypted by s3proxy. +By default, s3proxy will block requests that may expose unencrypted data to S3 (e.g. UploadPart). +The `allow-multipart` flag disables request blocking for evaluation purposes. +- Using the [Range](https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html#API_GetObject_RequestSyntax) header on `GetObject` is currently not supported and will result in an error. + +These limitations will be removed with future iterations of s3proxy. +If you want to use s3proxy but these limitations stop you from doing so, consider [opening an issue](https://github.com/edgelesssys/constellation/issues/new?assignees=&labels=&projects=&template=feature_request.yml). + +## Deployment + +You can add the s3proxy to your Constellation cluster as follows: +1. Add the Edgeless Systems chart repository: + ```bash + helm repo add edgeless https://helm.edgeless.systems/stable + helm repo update + ``` +2. Set ACCESS_KEY and ACCESS_SECRET to valid credentials you want s3proxy to use to interact with S3. +3. Deploy s3proxy: + ```bash + helm install s3proxy edgeless/s3proxy --set awsAccessKeyID="$ACCESS_KEY" --set awsSecretAccessKey="$ACCESS_SECRET" + ``` + +If you want to run a demo application, check out the [Filestash with s3proxy](../getting-started/examples/filestash-s3proxy.md) example. + + +## Technical details + +### Encryption + +s3proxy relies on Google's [Tink Cryptographic Library](https://developers.google.com/tink) to implement cryptographic operations securely. +The used cryptographic primitives are [NIST SP 800 38f](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf) for key wrapping and [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard)-[GCM](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Galois/counter_(GCM)) with 256 bit keys for data encryption. + +s3proxy uses [envelope encryption](https://cloud.google.com/kms/docs/envelope-encryption) to encrypt objects. +This means s3proxy uses a key encryption key (KEK) issued by the [KeyService](../architecture/microservices.md#keyservice) to encrypt data encryption keys (DEKs). +Each S3 object is encrypted with its own DEK. +The encrypted DEK is then saved as metadata of the encrypted object. +This enables key rotation of the KEK without re-encrypting the data in S3. +The approach also allows access to objects from different locations, as long as each location has access to the KEK. + +### Traffic interception + +To use s3proxy, you have to redirect your outbound S3 traffic to s3proxy. +This can either be done by modifying your client application or by changing the deployment of your application. + +The necessary deployment modifications are to add DNS redirection and a trusted TLS certificate to the client's trust store. +DNS redirection can be defined for each pod, allowing you to use s3proxy for one application without changing other applications in the same cluster. +Adding a trusted TLS certificate is necessary as clients communicate with s3proxy via HTTPS. +To have your client application trust s3proxy's TLS certificate, the certificate has to be added to the client's certificate trust store. +The [Filestash with s3proxy](../getting-started/examples/filestash-s3proxy.md) example shows how to do this. diff --git a/docs/versioned_docs/version-2.19/workflows/sbom.md b/docs/versioned_docs/version-2.19/workflows/sbom.md new file mode 100644 index 000000000..6c1702dee --- /dev/null +++ b/docs/versioned_docs/version-2.19/workflows/sbom.md @@ -0,0 +1,93 @@ +# Consume software bill of materials (SBOMs) + + + +--- + +Constellation builds produce a [software bill of materials (SBOM)](https://www.ntia.gov/SBOM) for each generated [artifact](../architecture/microservices.md). +You can use SBOMs to make informed decisions about dependencies and vulnerabilities in a given application. Enterprises rely on SBOMs to maintain an inventory of used applications, which allows them to take data-driven approaches to managing risks related to vulnerabilities. + +SBOMs for Constellation are generated using [Syft](https://github.com/anchore/syft), signed using [Cosign](https://github.com/sigstore/cosign), and stored with the produced artifact. + +:::note +The public key for Edgeless Systems' long-term code-signing key is: + +``` +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEf8F1hpmwE+YCFXzjGtaQcrL6XZVT +JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== +-----END PUBLIC KEY----- +``` + +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). + +Make sure the key is available in a file named `cosign.pub` to execute the following examples. +::: + +## Verify and download SBOMs + +The following sections detail how to work with each type of artifact to verify and extract the SBOM. + +### Constellation CLI + +The SBOM for Constellation CLI is made available on the [GitHub release page](https://github.com/edgelesssys/constellation/releases). The SBOM (`constellation.spdx.sbom`) and corresponding signature (`constellation.spdx.sbom.sig`) are valid for each Constellation CLI for a given version, regardless of architecture and operating system. + +```bash +curl -LO https://github.com/edgelesssys/constellation/releases/download/v2.2.0/constellation.spdx.sbom +curl -LO https://github.com/edgelesssys/constellation/releases/download/v2.2.0/constellation.spdx.sbom.sig +cosign verify-blob --key cosign.pub --signature constellation.spdx.sbom.sig constellation.spdx.sbom +``` + +### Container Images + +SBOMs for container images are [attached to the image using Cosign](https://docs.sigstore.dev/cosign/signing/other_types/#sboms-software-bill-of-materials) and uploaded to the same registry. + +As a consumer, use cosign to download and verify the SBOM: + +```bash +# Verify and download the attestation statement +cosign verify-attestation ghcr.io/edgelesssys/constellation/verification-service@v2.2.0 --type 'https://cyclonedx.org/bom' --key cosign.pub --output-file verification-service.att.json +# Extract SBOM from attestation statement +jq -r .payload verification-service.att.json | base64 -d > verification-service.cyclonedx.sbom +``` + +A successful verification should result in similar output: + +```shell-session +$ cosign verify-attestation ghcr.io/edgelesssys/constellation/verification-service@v2.2.0 --type 'https://cyclonedx.org/bom' --key cosign.pub --output-file verification-service.sbom + +Verification for ghcr.io/edgelesssys/constellation/verification-service@v2.2.0 -- +The following checks were performed on each of these signatures: + - The cosign claims were validated + - The signatures were verified against the specified public key +$ jq -r .payload verification-service.sbom | base64 -d > verification-service.cyclonedx.sbom +``` + +:::note + +This example considers only the `verification-service`. The same approach works for all containers in the [Constellation container registry](https://github.com/orgs/edgelesssys/packages?repo_name=constellation). + +::: + + + +## Vulnerability scanning + +You can use a plethora of tools to consume SBOMs. This section provides suggestions for tools that are popular and known to produce reliable results, but any tool that consumes [SPDX](https://spdx.dev/) or [CycloneDX](https://cyclonedx.org/) files should work. + +Syft is able to [convert between the two formats](https://github.com/anchore/syft#format-conversion-experimental) in case you require a specific type. + +### Grype + +[Grype](https://github.com/anchore/grype) is a CLI tool that lends itself well for integration into CI/CD systems or local developer machines. It's also able to consume the signed attestation statement directly and does the verification in one go. + +```bash +grype att:verification-service.sbom --key cosign.pub --add-cpes-if-none -q +``` + +### Dependency Track + +[Dependency Track](https://dependencytrack.org/) is one of the oldest and most mature solutions when it comes to managing software inventory and vulnerabilities. Once imported, it continuously scans SBOMs for new vulnerabilities. It supports the CycloneDX format and provides direct guidance on how to comply with [U.S. Executive Order 14028](https://docs.dependencytrack.org/usage/executive-order-14028/). diff --git a/docs/versioned_docs/version-2.19/workflows/scale.md b/docs/versioned_docs/version-2.19/workflows/scale.md new file mode 100644 index 000000000..28f19e3f1 --- /dev/null +++ b/docs/versioned_docs/version-2.19/workflows/scale.md @@ -0,0 +1,122 @@ +# Scale your cluster + +Constellation provides all features of a Kubernetes cluster including scaling and autoscaling. + +## Worker node scaling + +### Autoscaling + +Constellation comes with autoscaling disabled by default. To enable autoscaling, find the scaling group of +worker nodes: + +```bash +kubectl get scalinggroups -o json | yq '.items | .[] | select(.spec.role == "Worker") | [{"name": .metadata.name, "nodeGoupName": .spec.nodeGroupName}]' +``` + +This will output a list of scaling groups with the corresponding cloud provider name (`name`) and the cloud provider agnostic name of the node group (`nodeGroupName`). + +Then, patch the `autoscaling` field of the scaling group resource with the desired `name` to `true`: + +```bash +# Replace with the name of the scaling group you want to enable autoscaling for +worker_group= +kubectl patch scalinggroups $worker_group --patch '{"spec":{"autoscaling": true}}' --type='merge' +kubectl get scalinggroup $worker_group -o jsonpath='{.spec}' | yq -P +``` + +The cluster autoscaler now automatically provisions additional worker nodes so that all pods have a place to run. +You can configure the minimum and maximum number of worker nodes in the scaling group by patching the `min` or +`max` fields of the scaling group resource: + +```bash +kubectl patch scalinggroups $worker_group --patch '{"spec":{"max": 5}}' --type='merge' +kubectl get scalinggroup $worker_group -o jsonpath='{.spec}' | yq -P +``` + +The cluster autoscaler will now never provision more than 5 worker nodes. + +If you want to see the autoscaling in action, try to add a deployment with a lot of replicas, like the +following Nginx deployment. The number of replicas needed to trigger the autoscaling depends on the size of +and count of your worker nodes. Wait for the rollout of the deployment to finish and compare the number of +worker nodes before and after the deployment: + +```bash +kubectl create deployment nginx --image=nginx --replicas 150 +kubectl -n kube-system get nodes +kubectl rollout status deployment nginx +kubectl -n kube-system get nodes +``` + +### Manual scaling + +Alternatively, you can manually scale your cluster up or down: + + + + +1. Go to Auto Scaling Groups and select the worker ASG to scale up. +2. Click **Edit** +3. Set the new (increased) **Desired capacity** and **Update**. + + + + +1. Find your Constellation resource group. +2. Select the `scale-set-workers`. +3. Go to **settings** and **scaling**. +4. Set the new **instance count** and **save**. + + + + +1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). +2. **Edit** the **worker** instance group. +3. Set the new **number of instances** and **save**. + + + + +Dynamic cluster scaling isn't yet supported for STACKIT. +Support will be introduced in one of the upcoming releases. + + + + +## Control-plane node scaling + +Control-plane nodes can **only be scaled manually and only scaled up**! + +To increase the number of control-plane nodes, follow these steps: + + + + +1. Go to Auto Scaling Groups and select the control-plane ASG to scale up. +2. Click **Edit** +3. Set the new (increased) **Desired capacity** and **Update**. + + + + +1. Find your Constellation resource group. +2. Select the `scale-set-controlplanes`. +3. Go to **settings** and **scaling**. +4. Set the new (increased) **instance count** and **save**. + + + + +1. In Compute Engine go to [Instance Groups](https://console.cloud.google.com/compute/instanceGroups/). +2. **Edit** the **control-plane** instance group. +3. Set the new (increased) **number of instances** and **save**. + + + + +Dynamic cluster scaling isn't yet supported for STACKIT. +Support will be introduced in one of the upcoming releases. + + + + +If you scale down the number of control-planes nodes, the removed nodes won't be able to exit the `etcd` cluster correctly. This will endanger the quorum that's required to run a stable Kubernetes control plane. diff --git a/docs/versioned_docs/version-2.19/workflows/storage.md b/docs/versioned_docs/version-2.19/workflows/storage.md new file mode 100644 index 000000000..a5c52be90 --- /dev/null +++ b/docs/versioned_docs/version-2.19/workflows/storage.md @@ -0,0 +1,281 @@ +# Use persistent storage + +Persistent storage in Kubernetes requires cloud-specific configuration. +For abstraction of container storage, Kubernetes offers [volumes](https://kubernetes.io/docs/concepts/storage/volumes/), +allowing users to mount storage solutions directly into containers. +The [Container Storage Interface (CSI)](https://kubernetes-csi.github.io/docs/) is the standard interface for exposing arbitrary block and file storage systems into containers in Kubernetes. +Cloud service providers (CSPs) offer their own CSI-based solutions for cloud storage. + +## Confidential storage + +Most cloud storage solutions support encryption, such as [GCE Persistent Disks (PD)](https://cloud.google.com/kubernetes-engine/docs/how-to/using-cmek). +Constellation supports the available CSI-based storage options for Kubernetes engines in AWS, Azure, GCP, and STACKIT. +However, their encryption takes place in the storage backend and is managed by the CSP. +Thus, using the default CSI drivers for these storage types means trusting the CSP with your persistent data. + +To address this, Constellation provides CSI drivers for AWS EBS, Azure Disk, GCE PD, and OpenStack Cinder, offering [encryption on the node level](../architecture/keys.md#storage-encryption). They enable transparent encryption for persistent volumes without needing to trust the cloud backend. Plaintext data never leaves the confidential VM context, offering you confidential storage. + +For more details see [encrypted persistent storage](../architecture/encrypted-storage.md). + +## CSI drivers + +Constellation supports the following drivers, which offer node-level encryption and optional integrity protection. + + + + +**Constellation CSI driver for AWS Elastic Block Store** +Mount [Elastic Block Store](https://aws.amazon.com/ebs/) storage volumes into your Constellation cluster. +Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-aws-ebs-csi-driver) for more information. + + + + +**Constellation CSI driver for Azure Disk**: +Mount Azure [Disk Storage](https://azure.microsoft.com/en-us/services/storage/disks/#overview) into your Constellation cluster. +See the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-azuredisk-csi-driver) for more information. +Since Azure Disks are mounted as `ReadWriteOnce`, they're only available to a single pod. + + + + +**Constellation CSI driver for GCP Persistent Disk**: +Mount [Persistent Disk](https://cloud.google.com/persistent-disk) block storage into your Constellation cluster. +Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-gcp-compute-persistent-disk-csi-driver) for more information. + + + + +**Constellation CSI driver for STACKIT / OpenStack Cinder** +Mount [Cinder](https://docs.openstack.org/cinder/latest/) block storage volumes into your Constellation cluster. +Follow the instructions on how to [install the Constellation CSI driver](#installation) or check out the [repository](https://github.com/edgelesssys/constellation-cloud-provider-openstack) for more information. + + + + +Note that in case the options above aren't a suitable solution for you, Constellation is compatible with all other CSI-based storage options. For example, you can use [AWS EFS](https://docs.aws.amazon.com/en_en/eks/latest/userguide/efs-csi.html), [Azure Files](https://docs.microsoft.com/en-us/azure/storage/files/storage-files-introduction), or [GCP Filestore](https://cloud.google.com/filestore) with Constellation out of the box. Constellation is just not providing transparent encryption on the node level for these storage types yet. + +## Installation + +The Constellation CLI automatically installs Constellation's CSI driver for the selected CSP in your cluster. +If you don't need a CSI driver or wish to deploy your own, you can disable the automatic installation by setting `deployCSIDriver` to `false` in your Constellation config file. + + + + +AWS comes with two storage classes by default. + +* `encrypted-rwo` + * Uses [SSDs of `gp3` type](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html) + * ext-4 filesystem + * Encryption of all data written to disk +* `integrity-encrypted-rwo` + * Uses [SSDs of `gp3` type](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html) + * ext-4 filesystem + * Encryption of all data written to disk + * Integrity protection of data written to disk + +For more information on encryption algorithms and key sizes, refer to [cryptographic algorithms](../architecture/encrypted-storage.md#cryptographic-algorithms). + +:::info + +The default storage class is set to `encrypted-rwo` for performance reasons. +If you want integrity-protected storage, set the `storageClassName` parameter of your persistent volume claim to `integrity-encrypted-rwo`. + +Alternatively, you can create your own storage class with integrity protection enabled by adding `csi.storage.k8s.io/fstype: ext4-integrity` to the class `parameters`. +Or use another filesystem by specifying another file system type with the suffix `-integrity`, e.g., `csi.storage.k8s.io/fstype: xfs-integrity`. + +Note that volume expansion isn't supported for integrity-protected disks. + +::: + + + + +Azure comes with two storage classes by default. + +* `encrypted-rwo` + * Uses [Standard SSDs](https://learn.microsoft.com/en-us/azure/virtual-machines/disks-types#standard-ssds) + * ext-4 filesystem + * Encryption of all data written to disk +* `integrity-encrypted-rwo` + * Uses [Premium SSDs](https://learn.microsoft.com/en-us/azure/virtual-machines/disks-types#premium-ssds) + * ext-4 filesystem + * Encryption of all data written to disk + * Integrity protection of data written to disk + +For more information on encryption algorithms and key sizes, refer to [cryptographic algorithms](../architecture/encrypted-storage.md#cryptographic-algorithms). + +:::info + +The default storage class is set to `encrypted-rwo` for performance reasons. +If you want integrity-protected storage, set the `storageClassName` parameter of your persistent volume claim to `integrity-encrypted-rwo`. + +Alternatively, you can create your own storage class with integrity protection enabled by adding `csi.storage.k8s.io/fstype: ext4-integrity` to the class `parameters`. +Or use another filesystem by specifying another file system type with the suffix `-integrity`, e.g., `csi.storage.k8s.io/fstype: xfs-integrity`. + +Note that volume expansion isn't supported for integrity-protected disks. + +::: + + + + +GCP comes with two storage classes by default. + +* `encrypted-rwo` + * Uses [standard persistent disks](https://cloud.google.com/compute/docs/disks#pdspecs) + * ext-4 filesystem + * Encryption of all data written to disk +* `integrity-encrypted-rwo` + * Uses [performance (SSD) persistent disks](https://cloud.google.com/compute/docs/disks#pdspecs) + * ext-4 filesystem + * Encryption of all data written to disk + * Integrity protection of data written to disk + +For more information on encryption algorithms and key sizes, refer to [cryptographic algorithms](../architecture/encrypted-storage.md#cryptographic-algorithms). + +:::info + +The default storage class is set to `encrypted-rwo` for performance reasons. +If you want integrity-protected storage, set the `storageClassName` parameter of your persistent volume claim to `integrity-encrypted-rwo`. + +Alternatively, you can create your own storage class with integrity protection enabled by adding `csi.storage.k8s.io/fstype: ext4-integrity` to the class `parameters`. +Or use another filesystem by specifying another file system type with the suffix `-integrity`, e.g., `csi.storage.k8s.io/fstype: xfs-integrity`. + +Note that volume expansion isn't supported for integrity-protected disks. + +::: + + + + +STACKIT comes with two storage classes by default. + +* `encrypted-rwo` + * Uses [disks of `storage_premium_perf1` type](https://docs.stackit.cloud/stackit/en/service-plans-blockstorage-75137974.html) + * ext-4 filesystem + * Encryption of all data written to disk +* `integrity-encrypted-rwo` + * Uses [disks of `storage_premium_perf1` type](https://docs.stackit.cloud/stackit/en/service-plans-blockstorage-75137974.html) + * ext-4 filesystem + * Encryption of all data written to disk + * Integrity protection of data written to disk + +For more information on encryption algorithms and key sizes, refer to [cryptographic algorithms](../architecture/encrypted-storage.md#cryptographic-algorithms). + +:::info + +The default storage class is set to `encrypted-rwo` for performance reasons. +If you want integrity-protected storage, set the `storageClassName` parameter of your persistent volume claim to `integrity-encrypted-rwo`. + +Alternatively, you can create your own storage class with integrity protection enabled by adding `csi.storage.k8s.io/fstype: ext4-integrity` to the class `parameters`. +Or use another filesystem by specifying another file system type with the suffix `-integrity`, e.g., `csi.storage.k8s.io/fstype: xfs-integrity`. + +Note that volume expansion isn't supported for integrity-protected disks. + +::: + + + + +1. Create a [persistent volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) + + A [persistent volume claim](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims) is a request for storage with certain properties. + It can refer to a storage class. + The following creates a persistent volume claim, requesting 20 GB of storage via the `encrypted-rwo` storage class: + + ```bash + cat < + +--- + +You can terminate your cluster using the CLI. For this, you need the Terraform state directory named [`constellation-terraform`](../reference/terraform.md) in the current directory. + +:::danger + +All ephemeral storage and state of your cluster will be lost. Make sure any data is safely stored in persistent storage. Constellation can recreate your cluster and the associated encryption keys, but won't backup your application data automatically. + +::: + + + +Terminate the cluster by running: + +```bash +constellation terminate +``` + +Or without confirmation (e.g., for automation purposes): + +```bash +constellation terminate --yes +``` + +This deletes all resources created by Constellation in your cloud environment. +All local files created by the `apply` command are deleted as well, except for `constellation-mastersecret.json` and the configuration file. + +:::caution + +Termination can fail if additional resources have been created that depend on the ones managed by Constellation. In this case, you need to delete these additional +resources manually. Just run the `terminate` command again afterward to continue the termination process of the cluster. + +::: + + + +Terminate the cluster by running: + +```bash +terraform destroy +``` + +Delete all files that are no longer needed: + +```bash +rm constellation-state.yaml constellation-admin.conf +``` + +Only the `constellation-mastersecret.json` and the configuration file remain. + + + diff --git a/docs/versioned_docs/version-2.19/workflows/terraform-provider.md b/docs/versioned_docs/version-2.19/workflows/terraform-provider.md new file mode 100644 index 000000000..ed8f46eda --- /dev/null +++ b/docs/versioned_docs/version-2.19/workflows/terraform-provider.md @@ -0,0 +1,129 @@ +# Use the Terraform provider + +The Constellation Terraform provider allows to manage the full lifecycle of a Constellation cluster (namely creation, upgrades, and deletion) via Terraform. +The provider is available through the [Terraform registry](https://registry.terraform.io/providers/edgelesssys/constellation/latest) and is released in lock-step with Constellation releases. + +## Prerequisites + +- a Linux / Mac operating system (ARM64/AMD64) +- a Terraform installation of version `v1.4.4` or above + +## Quick setup + +This example shows how to set up a Constellation cluster with the reference IAM and infrastructure setup. This setup is also used when creating a Constellation cluster through the Constellation CLI. You can either consume the IAM / infrastructure modules through a remote source (recommended) or local files. The latter requires downloading the infrastructure and IAM modules for the corresponding CSP from `terraform-modules.zip` on the [Constellation release page](https://github.com/edgelesssys/constellation/releases/latest) and placing them in the Terraform workspace directory. + +1. Create a directory (workspace) for your Constellation cluster. + + ```bash + mkdir constellation-workspace + cd constellation-workspace + ``` + +2. Use one of the [example configurations for using the Constellation Terraform provider](https://github.com/edgelesssys/constellation/tree/main/terraform-provider-constellation/examples/full) or create a `main.tf` file and fill it with the resources you want to create. The [Constellation Terraform provider documentation](https://registry.terraform.io/providers/edgelesssys/constellation/latest) offers thorough documentation on the resources and their attributes. +3. Initialize and apply the Terraform configuration. + + + + Initialize the providers and apply the configuration. + + ```bash + terraform init + terraform apply + ``` + + Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios. + + + When creating a cluster on Azure, you need to manually patch the policy of the MAA provider before creating the Constellation cluster, as this feature isn't available in Azure's Terraform provider yet. The Constellation CLI provides a utility for patching, but you + can also do it manually. + + ```bash + terraform init + terraform apply -target module.azure_iam # adjust resource path if not using the example configuration + terraform apply -target module.azure_infrastructure # adjust resource path if not using the example configuration + constellation maa-patch $(terraform output -raw maa_url) # adjust output path / input if not using the example configuration or manually patch the resource + terraform apply -target constellation_cluster.azure_example # adjust resource path if not using the example configuration + ``` + + Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios. + + Use the following policy if manually performing the patch. + + ``` + version= 1.0; + authorizationrules + { + [type=="x-ms-azurevm-default-securebootkeysvalidated", value==false] => deny(); + [type=="x-ms-azurevm-debuggersdisabled", value==false] => deny(); + // The line below was edited to use the MAA provider within Constellation. Do not edit manually. + //[type=="secureboot", value==false] => deny(); + [type=="x-ms-azurevm-signingdisabled", value==false] => deny(); + [type=="x-ms-azurevm-dbvalidated", value==false] => deny(); + [type=="x-ms-azurevm-dbxvalidated", value==false] => deny(); + => permit(); + }; + issuancerules + { + }; + ``` + + + + Initialize the providers and apply the configuration. + + ```bash + terraform init + terraform apply + ``` + + Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios. + + + Initialize the providers and apply the configuration. + + ```bash + terraform init + terraform apply + ``` + + Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios. + + + +4. Connect to the cluster. + + ```bash + terraform output -raw kubeconfig > constellation-admin.conf + export KUBECONFIG=$(realpath constellation-admin.conf) + ``` + +## Bringing your own infrastructure + +Instead of using the example infrastructure used in the [quick setup](#quick-setup), you can also provide your own infrastructure. +If you need a starting point for a custom infrastructure setup, you can download the infrastructure / IAM Terraform modules for the respective CSP from the Constellation [GitHub releases](https://github.com/edgelesssys/constellation/releases). You can modify and extend the modules per your requirements, while keeping the basic functionality intact. +The module contains: + +- `{csp}`: cloud resources the cluster runs on +- `iam/{csp}`: IAM resources used within the cluster + +When upgrading your cluster, make sure to check the Constellation release notes for potential breaking changes in the reference infrastructure / IAM modules that need to be considered. + +## Cluster upgrades + +:::tip +Also see the [general documentation on cluster upgrades](./upgrade.md). +::: + +The steps for applying the upgrade are as follows: + +1. Update the version constraint of the Constellation Terraform provider in the `required_providers` block in your Terraform configuration. +2. If you explicitly set any of the version attributes of the provider's resources and data sources (e.g. `image_version` or `constellation_microservice_version`), make sure to update them too. Refer to Constellation's [version support policy](https://github.com/edgelesssys/constellation/blob/main/dev-docs/workflows/versions-support.md) for more information on how each Constellation version and its dependencies are supported. +3. Update the IAM / infrastructure configuration. + - For [remote addresses as module sources](https://developer.hashicorp.com/terraform/language/modules/sources#fetching-archives-over-http), update the version number inside the address of the `source` field of the infrastructure / IAM module to the target version. + - For [local paths as module sources](https://developer.hashicorp.com/terraform/language/modules/sources#local-paths) or when [providing your own infrastructure](#bringing-your-own-infrastructure), see the changes made in the reference modules since the upgrade's origin version and adjust your infrastructure / IAM configuration accordingly. +4. Upgrade the Terraform module and provider dependencies and apply the targeted configuration. + +```bash + terraform init -upgrade + terraform apply +``` diff --git a/docs/versioned_docs/version-2.19/workflows/troubleshooting.md b/docs/versioned_docs/version-2.19/workflows/troubleshooting.md new file mode 100644 index 000000000..195bce1cc --- /dev/null +++ b/docs/versioned_docs/version-2.19/workflows/troubleshooting.md @@ -0,0 +1,151 @@ +# Troubleshooting + +This section aids you in finding problems when working with Constellation. + +## Common issues + +### Issues with creating new clusters + +When you create a new cluster, you should always use the [latest release](https://github.com/edgelesssys/constellation/releases/latest). +If something doesn't work, check out the [known issues](https://github.com/edgelesssys/constellation/issues?q=is%3Aopen+is%3Aissue+label%3A%22known+issue%22). + +### Azure: Resource Providers can't be registered + +On Azure, you may receive the following error when running `apply` or `terminate` with limited IAM permissions: + +```shell-session +Error: Error ensuring Resource Providers are registered. + +Terraform automatically attempts to register the Resource Providers it supports to +ensure it's able to provision resources. + +If you don't have permission to register Resource Providers you may wish to use the +"skip_provider_registration" flag in the Provider block to disable this functionality. + +[...] +``` + +To continue, please ensure that the [required resource providers](../getting-started/install.md#required-permissions) have been registered in your subscription by your administrator. + +Afterward, set `ARM_SKIP_PROVIDER_REGISTRATION=true` as an environment variable and either run `apply` or `terminate` again. +For example: + +```bash +ARM_SKIP_PROVIDER_REGISTRATION=true constellation apply +``` + +Or alternatively, for `terminate`: + +```bash +ARM_SKIP_PROVIDER_REGISTRATION=true constellation terminate +``` + +### Azure: Can't update attestation policy + +On Azure, you may receive the following error when running `apply` from within an Azure environment, e.g., an Azure VM: + +```shell-session +An error occurred: patching policies: updating attestation policy: unexpected status code: 403 Forbidden +``` + +The problem occurs because the Azure SDK we use internally attempts to [authenticate towards the Azure API with the managed identity of your current environment instead of the Azure CLI token](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#DefaultAzureCredential). + +We decided not to deviate from this behavior and comply with the ordering of credentials. + +A solution is to add the [required permissions](../getting-started/install.md#required-permissions) to the managed identity of your environment. For example, the managed identity of your Azure VM, instead of the account that you've authenticated with in the Azure CLI. + +If your setup requires a change in the ordering of credentials, please open an issue and explain your desired behavior. + + + +### Nodes fail to join with error `untrusted measurement value` + +This error indicates that a node's [attestation statement](../architecture/attestation.md) contains measurements that don't match the trusted values expected by the [JoinService](../architecture/microservices.md#joinservice). +This may for example happen if the cloud provider updates the VM's firmware such that it influences the [runtime measurements](../architecture/attestation.md#runtime-measurements) in an unforeseen way. +A failed upgrade due to an erroneous attestation config can also cause this error. +You can change the expected measurements to resolve the failure. + +:::caution + +Attestation and trusted measurements are crucial for the security of your cluster. +Be extra careful when manually changing these settings. +When in doubt, check if the encountered [issue is known](https://github.com/edgelesssys/constellation/issues?q=is%3Aopen+is%3Aissue+label%3A%22known+issue%22) or [contact support](https://github.com/edgelesssys/constellation#support). + +::: + +:::tip + +During an upgrade with modified attestation config, a backup of the current configuration is stored in the `join-config` config map in the `kube-system` namespace under the `attestationConfig_backup` key. To restore the old attestation config after a failed upgrade, replace the value of `attestationConfig` with the value from `attestationConfig_backup`: + +```bash +kubectl patch configmaps -n kube-system join-config -p "{\"data\":{\"attestationConfig\":\"$(kubectl get configmaps -n kube-system join-config -o "jsonpath={.data.attestationConfig_backup}")\"}}" +``` + +::: + +You can use the `apply` command to change measurements of a running cluster: + +1. Modify the `measurements` key in your local `constellation-conf.yaml` to the expected values. +2. Run `constellation apply`. + +Keep in mind that running `apply` also applies any version changes from your config to the cluster. + +You can run these commands to learn about the versions currently configured in the cluster: + +- Kubernetes API server version: `kubectl get nodeversion constellation-version -o json -n kube-system | jq .spec.kubernetesClusterVersion` +- image version: `kubectl get nodeversion constellation-version -o json -n kube-system | jq .spec.imageVersion` +- microservices versions: `helm list --filter 'constellation-services' -n kube-system` + +### Upgrading Kubernetes resources fails + +Constellation manages its Kubernetes resources using Helm. +When applying an upgrade, the charts that are about to be installed, and a values override file `overrides.yaml`, +are saved to disk in your current workspace under `constellation-upgrade/upgrade-/helm-charts/`. +If upgrading the charts using the Constellation CLI fails, you can review these charts and try to manually apply the upgrade. + +:::caution + +Changing and manually applying the charts may destroy cluster resources and can lead to broken Constellation deployments. +Proceed with caution and when in doubt, +check if the encountered [issue is known](https://github.com/edgelesssys/constellation/issues?q=is%3Aopen+is%3Aissue+label%3A%22known+issue%22) or [contact support](https://github.com/edgelesssys/constellation#support). + +::: + +## Diagnosing issues + +### Logs + +To get started on diagnosing issues with Constellation, it's often helpful to collect logs from nodes, pods, or other resources in the cluster. Most logs are available through Kubernetes' standard +[logging interfaces](https://kubernetes.io/docs/concepts/cluster-administration/logging/). + +To debug issues occurring at boot time of the nodes, you can use the serial console interface of the CSP while the machine boots to get a read-only view of the boot logs. + +Apart from that, Constellation also offers further [observability integrations](../architecture/observability.md). + +### Node shell access + +Debugging via a shell on a node is [directly supported by Kubernetes](https://kubernetes.io/docs/tasks/debug/debug-application/debug-running-pod/#node-shell-session). + +1. Figure out which node to connect to: + + ```bash + kubectl get nodes + # or to see more information, such as IPs: + kubectl get nodes -o wide + ``` + +2. Connect to the node: + + ```bash + kubectl debug node/constell-worker-xksa0-000000 -it --image=busybox + ``` + + You will be presented with a prompt. + + The nodes file system is mounted at `/host`. + +3. Once finished, clean up the debug pod: + + ```bash + kubectl delete pod node-debugger-constell-worker-xksa0-000000-bjthj + ``` diff --git a/docs/versioned_docs/version-2.19/workflows/trusted-launch.md b/docs/versioned_docs/version-2.19/workflows/trusted-launch.md new file mode 100644 index 000000000..d6d01d8eb --- /dev/null +++ b/docs/versioned_docs/version-2.19/workflows/trusted-launch.md @@ -0,0 +1,54 @@ +# Use Azure trusted launch VMs + +Constellation also supports [trusted launch VMs](https://docs.microsoft.com/en-us/azure/virtual-machines/trusted-launch) on Microsoft Azure. Trusted launch VMs don't offer the same level of security as Confidential VMs, but are available in more regions and in larger quantities. The main difference between trusted launch VMs and normal VMs is that the former offer vTPM-based remote attestation. When used with trusted launch VMs, Constellation relies on vTPM-based remote attestation to verify nodes. + +:::caution + +Trusted launch VMs don't provide runtime encryption and don't keep the cloud service provider (CSP) out of your trusted computing base. + +::: + +Constellation supports trusted launch VMs with instance types `Standard_D*_v4` and `Standard_E*_v4`. Run `constellation config instance-types` for a list of all supported instance types. + +## VM images + +Azure currently doesn't support [community galleries for trusted launch VMs](https://docs.microsoft.com/en-us/azure/virtual-machines/share-gallery-community). Thus, you need to manually import the Constellation node image into your cloud subscription. + +The latest image is available at `https://cdn.confidential.cloud/constellation/images/azure/trusted-launch/v2.2.0/constellation.img`. Simply adjust the version number to download a newer version. + +After you've downloaded the image, create a resource group `constellation-images` in your Azure subscription and import the image. +You can use a script to do this: + +```bash +wget https://raw.githubusercontent.com/edgelesssys/constellation/main/hack/importAzure.sh +chmod +x importAzure.sh +AZURE_IMAGE_VERSION=2.2.0 AZURE_RESOURCE_GROUP_NAME=constellation-images AZURE_IMAGE_FILE=./constellation.img ./importAzure.sh +``` + +The script creates the following resources: + +1. A new image gallery with the default name `constellation-import` +2. A new image definition with the default name `constellation` +3. The actual image with the provided version. In this case `2.2.0` + +Once the import is completed, use the `ID` of the image version in your `constellation-conf.yaml` for the `image` field. Set `confidentialVM` to `false`. + +Fetch the image measurements: + +```bash +IMAGE_VERSION=2.2.0 +URL=https://public-edgeless-constellation.s3.us-east-2.amazonaws.com//communitygalleries/constellationcvm-b3782fa0-0df7-4f2f-963e-fc7fc42663df/images/constellation/versions/$IMAGE_VERSION/measurements.yaml +constellation config fetch-measurements -u$URL -s$URL.sig +``` + +:::info + +The [`constellation apply`](create.md) command will issue a warning because manually imported images aren't recognized as production grade images: + +```shell-session +Configured image doesn't look like a released production image. Double check image before deploying to production. +``` + +Please ignore this warning. + +::: diff --git a/docs/versioned_docs/version-2.19/workflows/upgrade.md b/docs/versioned_docs/version-2.19/workflows/upgrade.md new file mode 100644 index 000000000..3db2ecad6 --- /dev/null +++ b/docs/versioned_docs/version-2.19/workflows/upgrade.md @@ -0,0 +1,110 @@ +# Upgrade your cluster + +Constellation provides an easy way to upgrade all components of your cluster, without disrupting its availability. +Specifically, you can upgrade the Kubernetes version, the nodes' image, and the Constellation microservices. +You configure the desired versions in your local Constellation configuration and trigger upgrades with the `apply` command. +To learn about available versions you use the `upgrade check` command. +Which versions are available depends on the CLI version you are using. + +## Update the CLI + +Each CLI comes with a set of supported microservice and Kubernetes versions. +Most importantly, a given CLI version can only upgrade a cluster of the previous minor version, but not older ones. +This means that you have to upgrade your CLI and cluster one minor version at a time. + +For example, if you are currently on CLI version v2.6 and the latest version is v2.8, you should + +* upgrade the CLI to v2.7, +* upgrade the cluster to v2.7, +* and only then continue upgrading the CLI (and the cluster) to v2.8 after. + +Also note that if your current Kubernetes version isn't supported by the next CLI version, use your current CLI to upgrade to a newer Kubernetes version first. + +To learn which Kubernetes versions are supported by a particular CLI, run [constellation config kubernetes-versions](../reference/cli.md#constellation-config-kubernetes-versions). + +## Migrate the configuration + +The Constellation configuration file is located in the file `constellation-conf.yaml` in your workspace. +Refer to the [migration reference](../reference/migration.md) to check if you need to update fields in your configuration file. +Use [`constellation config migrate`](../reference/cli.md#constellation-config-migrate) to automatically update an old config file to a new format. + +## Check for upgrades + +To learn which versions the current CLI can upgrade to and what's installed in your cluster, run: + +```bash +# Show possible upgrades +constellation upgrade check + +# Show possible upgrades and write them to config file +constellation upgrade check --update-config +``` + +You can either enter the reported target versions into your config manually or run the above command with the `--update-config` flag. +When using this flag, the `kubernetesVersion`, `image`, `microserviceVersion`, and `attestation` fields are overwritten with the smallest available upgrade. + +## Apply the upgrade + +Once you updated your config with the desired versions, you can trigger the upgrade with this command: + +```bash +constellation apply +``` + +Microservice upgrades will be finished within a few minutes, depending on the cluster size. +If you are interested, you can monitor pods restarting in the `kube-system` namespace with your tool of choice. + +Image and Kubernetes upgrades take longer. +For each node in your cluster, a new node has to be created and joined. +The process usually takes up to ten minutes per node. + +When applying an upgrade, the Helm charts for the upgrade as well as backup files of Constellation-managed Custom Resource Definitions, Custom Resources, and Terraform state are created. +You can use the Terraform state backup to restore previous resources in case an upgrade misconfigured or erroneously deleted a resource. +You can use the Custom Resource (Definition) backup files to restore Custom Resources and Definitions manually (e.g., via `kubectl apply`) if the automatic migration of those resources fails. +You can use the Helm charts to manually apply upgrades to the Kubernetes resources, should an upgrade fail. + +:::note + +For advanced users: the upgrade consists of several phases that can be individually skipped through the `--skip-phases` flag. +The phases are `infrastracture` for the cloud resource management through Terraform, `helm` for the chart management of the microservices, `image` for OS image upgrades, and `k8s` for Kubernetes version upgrades. + +::: + +## Check the status + +Upgrades are asynchronous operations. +After you run `apply`, it will take a while until the upgrade has completed. +To understand if an upgrade is finished, you can run: + +```bash +constellation status +``` + +This command displays the following information: + +* The installed services and their versions +* The image and Kubernetes version the cluster is expecting on each node +* How many nodes are up to date + +Here's an example output: + +```shell-session +Target versions: + Image: v2.6.0 + Kubernetes: v1.25.8 +Service versions: + Cilium: v1.12.1 + cert-manager: v1.10.0 + constellation-operators: v2.6.0 + constellation-services: v2.6.0 +Cluster status: Some node versions are out of date + Image: 23/25 + Kubernetes: 25/25 +``` + +This output indicates that the cluster is running Kubernetes version `1.25.8`, and all nodes have the appropriate binaries installed. +23 out of 25 nodes have already upgraded to the targeted image version of `2.6.0`, while two are still in progress. + +## Apply further upgrades + +After the upgrade is finished, you can run `constellation upgrade check` again to see if there are more upgrades available. If so, repeat the process. diff --git a/docs/versioned_docs/version-2.19/workflows/verify-cli.md b/docs/versioned_docs/version-2.19/workflows/verify-cli.md new file mode 100644 index 000000000..e33569d37 --- /dev/null +++ b/docs/versioned_docs/version-2.19/workflows/verify-cli.md @@ -0,0 +1,129 @@ +# Verify the CLI + +:::info +This recording presents the essence of this page. It's recommended to read it in full for the motivation and all details. +::: + + + +--- + +Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/cosign/signing/overview/), [Rekor](https://docs.sigstore.dev/logging/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at `https://rekor.sigstore.dev`. + +:::note +The public key for Edgeless Systems' long-term code-signing key is: + +``` +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEf8F1hpmwE+YCFXzjGtaQcrL6XZVT +JmEe5iSLvG1SyQSAew7WdMKF6o9t8e2TFuCkzlOhhlws2OHWbiFZnFWCFw== +-----END PUBLIC KEY----- +``` + +The public key is also available for download at [https://edgeless.systems/es.pub](https://edgeless.systems/es.pub) and in the Twitter profile [@EdgelessSystems](https://twitter.com/EdgelessSystems). +::: + +The Rekor transparency log is a public append-only ledger that verifies and records signatures and associated metadata. The Rekor transparency log enables everyone to observe the sequence of (software) signatures issued by Edgeless Systems and many other parties. The transparency log allows for the public identification of dubious or malicious signatures. + +You should always ensure that (1) your CLI executable was signed with the private key corresponding to the above public key and that (2) there is a corresponding entry in the Rekor transparency log. Both can be done as described in the following. + +:::info +You don't need to verify the Constellation node images. This is done automatically by your CLI and the rest of Constellation. +::: + +## Verify the signature + +:::info +This guide assumes Linux on an amd64 processor. The exact steps for other platforms differ slightly. +::: + +First, [install the Cosign CLI](https://docs.sigstore.dev/cosign/system_config/installation/). Next, [download](https://github.com/edgelesssys/constellation/releases) and verify the signature that accompanies your CLI executable, for example: + +```shell-session +$ cosign verify-blob --key https://edgeless.systems/es.pub --signature constellation-linux-amd64.sig constellation-linux-amd64 + +Verified OK +``` + +The above performs an offline verification of the provided public key, signature, and executable. To also verify that a corresponding entry exists in the public Rekor transparency log, add the variable `COSIGN_EXPERIMENTAL=1`: + +```shell-session +$ COSIGN_EXPERIMENTAL=1 cosign verify-blob --key https://edgeless.systems/es.pub --signature constellation-linux-amd64.sig constellation-linux-amd64 + +tlog entry verified with uuid: afaba7f6635b3e058888692841848e5514357315be9528474b23f5dcccb82b13 index: 3477047 +Verified OK +``` + +🏁 You now know that your CLI executable was officially released and signed by Edgeless Systems. + +### Optional: Manually inspect the transparency log + +To further inspect the public Rekor transparency log, [install the Rekor CLI](https://docs.sigstore.dev/logging/installation). A search for the CLI executable should give a single UUID. (Note that this UUID contains the UUID from the previous `cosign` command.) + +```shell-session +$ rekor-cli search --artifact constellation-linux-amd64 + +Found matching entries (listed by UUID): +362f8ecba72f4326afaba7f6635b3e058888692841848e5514357315be9528474b23f5dcccb82b13 +``` + +With this UUID you can get the full entry from the transparency log: + +```shell-session +$ rekor-cli get --uuid=362f8ecba72f4326afaba7f6635b3e058888692841848e5514357315be9528474b23f5dcccb82b13 + +LogID: c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d +Index: 3477047 +IntegratedTime: 2022-09-12T22:28:16Z +UUID: afaba7f6635b3e058888692841848e5514357315be9528474b23f5dcccb82b13 +Body: { + "HashedRekordObj": { + "data": { + "hash": { + "algorithm": "sha256", + "value": "40e137b9b9b8204d672642fd1e181c6d5ccb50cfc5cc7fcbb06a8c2c78f44aff" + } + }, + "signature": { + "content": "MEUCIQCSER3mGj+j5Pr2kOXTlCIHQC3gT30I7qkLr9Awt6eUUQIgcLUKRIlY50UN8JGwVeNgkBZyYD8HMxwC/LFRWoMn180=", + "publicKey": { + "content": "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFZjhGMWhwbXdFK1lDRlh6akd0YVFjckw2WFpWVApKbUVlNWlTTHZHMVN5UVNBZXc3V2RNS0Y2bzl0OGUyVEZ1Q2t6bE9oaGx3czJPSFdiaUZabkZXQ0Z3PT0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==" + } + } + } +} +``` + +The field `publicKey` should contain Edgeless Systems' public key in Base64 encoding. + +You can get an exhaustive list of artifact signatures issued by Edgeless Systems via the following command: + +```bash +rekor-cli search --public-key https://edgeless.systems/es.pub --pki-format x509 +``` + +Edgeless Systems monitors this list to detect potential unauthorized use of its private key. + +## Verify the provenance + +Provenance attests that a software artifact was produced by a specific repository and build system invocation. For more information on provenance visit [slsa.dev](https://slsa.dev/provenance/v0.2) and learn about the [adoption of SLSA for Constellation](../reference/slsa.md). + +Just as checking its signature proves that the CLI hasn't been manipulated, checking the provenance proves that the artifact was produced by the expected build process and hasn't been tampered with. + +To verify the provenance, first install the [slsa-verifier](https://github.com/slsa-framework/slsa-verifier). Then make sure you have the provenance file (`constellation.intoto.jsonl`) and Constellation CLI downloaded. Both are available on the [GitHub release page](https://github.com/edgelesssys/constellation/releases). + +:::info +The same provenance file is valid for all Constellation CLI executables of a given version independent of the target platform. +::: + +Use the verifier to perform the check: + +```shell-session +$ slsa-verifier verify-artifact constellation-linux-amd64 \ + --provenance-path constellation.intoto.jsonl \ + --source-uri github.com/edgelesssys/constellation + +Verified signature against tlog entry index 7771317 at URL: https://rekor.sigstore.dev/api/v1/log/entries/24296fb24b8ad77af2c04c8b4ae0d5bc5... +Verified build using builder https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@refs/tags/v1.2.2 at commit 18e9924b416323c37b9cdfd6cc728de8a947424a +PASSED: Verified SLSA provenance +``` diff --git a/docs/versioned_docs/version-2.19/workflows/verify-cluster.md b/docs/versioned_docs/version-2.19/workflows/verify-cluster.md new file mode 100644 index 000000000..b6595ebf2 --- /dev/null +++ b/docs/versioned_docs/version-2.19/workflows/verify-cluster.md @@ -0,0 +1,97 @@ +# Verify your cluster + +Constellation's [attestation feature](../architecture/attestation.md) allows you, or a third party, to verify the integrity and confidentiality of your Constellation cluster. + +## Fetch measurements + +To verify the integrity of Constellation you need trusted measurements to verify against. For each node image released by Edgeless Systems, there are signed measurements, which you can download using the CLI: + +```bash +constellation config fetch-measurements +``` + +This command performs the following steps: + +1. Download the signed measurements for the configured image. By default, this will use Edgeless Systems' public measurement registry. +2. Verify the signature of the measurements. This will use Edgeless Systems' [public key](https://edgeless.systems/es.pub). +3. Write measurements into configuration file. + +The configuration file then contains a list of `measurements` similar to the following: + +```yaml +# ... +measurements: + 0: + expected: "0f35c214608d93c7a6e68ae7359b4a8be5a0e99eea9107ece427c4dea4e439cf" + warnOnly: false + 4: + expected: "02c7a67c01ec70ffaf23d73a12f749ab150a8ac6dc529bda2fe1096a98bf42ea" + warnOnly: false + 5: + expected: "e6949026b72e5045706cd1318889b3874480f7a3f7c5c590912391a2d15e6975" + warnOnly: true + 8: + expected: "0000000000000000000000000000000000000000000000000000000000000000" + warnOnly: false + 9: + expected: "f0a6e8601b00e2fdc57195686cd4ef45eb43a556ac1209b8e25d993213d68384" + warnOnly: false + 11: + expected: "0000000000000000000000000000000000000000000000000000000000000000" + warnOnly: false + 12: + expected: "da99eb6cf7c7fbb692067c87fd5ca0b7117dc293578e4fea41f95d3d3d6af5e2" + warnOnly: false + 13: + expected: "0000000000000000000000000000000000000000000000000000000000000000" + warnOnly: false + 14: + expected: "d7c4cc7ff7933022f013e03bdee875b91720b5b86cf1753cad830f95e791926f" + warnOnly: true + 15: + expected: "0000000000000000000000000000000000000000000000000000000000000000" + warnOnly: false +# ... +``` + +Each entry specifies the expected value of the Constellation node, and whether the measurement should be enforced (`warnOnly: false`), or only a warning should be logged (`warnOnly: true`). +By default, the subset of the [available measurements](../architecture/attestation.md#runtime-measurements) that can be locally reproduced and verified is enforced. + +During attestation, the validating side (CLI or [join service](../architecture/microservices.md#joinservice)) compares each measurement reported by the issuing side (first node or joining node) individually. +For mismatching measurements that have set `warnOnly` to `true` only a warning is emitted. +For mismatching measurements that have set `warnOnly` to `false` an error is emitted and attestation fails. +If attestation fails for a new node, it isn't permitted to join the cluster. + +## The *verify* command + +:::note +The steps below are purely optional. They're automatically executed by `constellation apply` when you initialize your cluster. The `constellation verify` command mostly has an illustrative purpose. +::: + +The `verify` command obtains and verifies an attestation statement from a running Constellation cluster. + +```bash +constellation verify [--cluster-id ...] +``` + +From the attestation statement, the command verifies the following properties: + +* The cluster is using the correct Confidential VM (CVM) type. +* Inside the CVMs, the correct node images are running. The node images are identified through the measurements obtained in the previous step. +* The unique ID of the cluster matches the one from your `constellation-state.yaml` file or passed in via `--cluster-id`. + +Once the above properties are verified, you know that you are talking to the right Constellation cluster and it's in a good and trustworthy shape. + +### Custom arguments + +The `verify` command also allows you to verify any Constellation deployment that you have network access to. For this you need the following: + +* The IP address of a running Constellation cluster's [VerificationService](../architecture/microservices.md#verificationservice). The `VerificationService` is exposed via a `NodePort` service using the external IP address of your cluster. Run `kubectl get nodes -o wide` and look for `EXTERNAL-IP`. +* The cluster's *clusterID*. See [cluster identity](../architecture/keys.md#cluster-identity) for more details. +* A `constellation-conf.yaml` file with the expected measurements of the cluster in your working directory. + +For example: + +```shell-session +constellation verify -e 192.0.2.1 --cluster-id Q29uc3RlbGxhdGlvbkRvY3VtZW50YXRpb25TZWNyZXQ= +``` diff --git a/docs/versioned_sidebars/version-2.19-sidebars.json b/docs/versioned_sidebars/version-2.19-sidebars.json new file mode 100644 index 000000000..09b5ec04e --- /dev/null +++ b/docs/versioned_sidebars/version-2.19-sidebars.json @@ -0,0 +1,299 @@ +{ + "docs": [ + { + "type": "doc", + "label": "Introduction", + "id": "intro" + }, + { + "type": "category", + "label": "Basics", + "link": { + "type": "generated-index" + }, + "items": [ + { + "type": "doc", + "label": "Confidential Kubernetes", + "id": "overview/confidential-kubernetes" + }, + { + "type": "doc", + "label": "Security benefits", + "id": "overview/security-benefits" + }, + { + "type": "doc", + "label": "Product features", + "id": "overview/product" + }, + { + "type": "doc", + "label": "Feature status of clouds", + "id": "overview/clouds" + }, + { + "type": "category", + "label": "Performance", + "link": { + "type": "doc", + "id": "overview/performance/performance" + }, + "items": [ + { + "type": "doc", + "label": "Compute benchmarks", + "id": "overview/performance/compute" + }, + { + "type": "doc", + "label": "I/O benchmarks", + "id": "overview/performance/io" + }, + { + "type": "doc", + "label": "Application benchmarks", + "id": "overview/performance/application" + } + ] + }, + { + "type": "doc", + "label": "License", + "id": "overview/license" + } + ] + }, + { + "type": "category", + "label": "Getting started", + "link": { + "type": "generated-index" + }, + "items": [ + { + "type": "doc", + "label": "Installation", + "id": "getting-started/install" + }, + { + "type": "doc", + "label": "First steps (cloud)", + "id": "getting-started/first-steps" + }, + { + "type": "doc", + "label": "First steps (local)", + "id": "getting-started/first-steps-local" + }, + { + "type": "doc", + "label": "Cloud Marketplaces", + "id": "getting-started/marketplaces" + }, + { + "type": "category", + "label": "Examples", + "link": { + "type": "doc", + "id": "getting-started/examples" + }, + "items": [ + { + "type": "doc", + "label": "Emojivoto", + "id": "getting-started/examples/emojivoto" + }, + { + "type": "doc", + "label": "Online Boutique", + "id": "getting-started/examples/online-boutique" + }, + { + "type": "doc", + "label": "Horizontal Pod Autoscaling", + "id": "getting-started/examples/horizontal-scaling" + }, + { + "type": "doc", + "label": "Filestash with s3proxy", + "id": "getting-started/examples/filestash-s3proxy" + } + ] + } + ] + }, + { + "type": "category", + "label": "Workflows", + "link": { + "type": "generated-index" + }, + "items": [ + { + "type": "doc", + "label": "Verify the CLI", + "id": "workflows/verify-cli" + }, + { + "type": "doc", + "label": "Configure your cluster", + "id": "workflows/config" + }, + { + "type": "doc", + "label": "Create your cluster", + "id": "workflows/create" + }, + { + "type": "doc", + "label": "Scale your cluster", + "id": "workflows/scale" + }, + { + "type": "doc", + "label": "Upgrade your cluster", + "id": "workflows/upgrade" + }, + { + "type": "doc", + "label": "Expose a service", + "id": "workflows/lb" + }, + { + "type": "doc", + "label": "Install cert-manager", + "id": "workflows/cert-manager" + }, + { + "type": "doc", + "label": "Install s3proxy", + "id": "workflows/s3proxy" + }, + { + "type": "doc", + "label": "Terminate your cluster", + "id": "workflows/terminate" + }, + { + "type": "doc", + "label": "Recover your cluster", + "id": "workflows/recovery" + }, + { + "type": "doc", + "label": "Verify your cluster", + "id": "workflows/verify-cluster" + }, + { + "type": "doc", + "label": "Use persistent storage", + "id": "workflows/storage" + }, + { + "type": "doc", + "label": "Use the Terraform provider", + "id": "workflows/terraform-provider" + }, + { + "type": "doc", + "label": "Consume SBOMs", + "id": "workflows/sbom" + }, + { + "type": "doc", + "label": "Troubleshooting", + "id": "workflows/troubleshooting" + } + ] + }, + { + "type": "category", + "label": "Architecture", + "link": { + "type": "generated-index" + }, + "items": [ + { + "type": "doc", + "label": "Overview", + "id": "architecture/overview" + }, + { + "type": "doc", + "label": "Cluster orchestration", + "id": "architecture/orchestration" + }, + { + "type": "doc", + "label": "Versions and support", + "id": "architecture/versions" + }, + { + "type": "doc", + "label": "Microservices", + "id": "architecture/microservices" + }, + { + "type": "doc", + "label": "Attestation", + "id": "architecture/attestation" + }, + { + "type": "doc", + "label": "Images", + "id": "architecture/images" + }, + { + "type": "doc", + "label": "Keys and cryptographic primitives", + "id": "architecture/keys" + }, + { + "type": "doc", + "label": "Encrypted persistent storage", + "id": "architecture/encrypted-storage" + }, + { + "type": "doc", + "label": "Networking", + "id": "architecture/networking" + }, + { + "type": "doc", + "label": "Observability", + "id": "architecture/observability" + } + ] + }, + { + "type": "category", + "label": "Reference", + "link": { + "type": "generated-index" + }, + "items": [ + { + "type": "doc", + "label": "CLI", + "id": "reference/cli" + }, + { + "type": "doc", + "label": "Configuration migrations", + "id": "reference/migration" + }, + { + "type": "doc", + "label": "Terraform usage", + "id": "reference/terraform" + }, + { + "type": "doc", + "label": "SLSA adoption", + "id": "reference/slsa" + } + ] + } + ] +} diff --git a/docs/versions.json b/docs/versions.json index 67a77edae..89f88399a 100644 --- a/docs/versions.json +++ b/docs/versions.json @@ -1,4 +1,5 @@ [ + "2.19", "2.18", "2.17", "2.16", From 96ac7124e3c9912f30a45bc0c061b570ff2d54d9 Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Mon, 21 Oct 2024 10:41:33 +0200 Subject: [PATCH 329/380] terraform: upgrade hashicorp/google to 6.7.0 (#3440) --- .../infrastructure/gcp/.terraform.lock.hcl | 72 +++++------------- terraform/infrastructure/gcp/main.tf | 23 ++---- .../gcp/modules/instance_group/main.tf | 11 +-- .../modules/internal_load_balancer/main.tf | 2 +- .../gcp/modules/jump_host/main.tf | 2 +- .../gcp/modules/loadbalancer/main.tf | 2 +- .../iam/gcp/.terraform.lock.hcl | 76 +++++++++---------- terraform/infrastructure/iam/gcp/main.tf | 2 +- 8 files changed, 63 insertions(+), 127 deletions(-) diff --git a/terraform/infrastructure/gcp/.terraform.lock.hcl b/terraform/infrastructure/gcp/.terraform.lock.hcl index 8906d5141..a99d47a7f 100644 --- a/terraform/infrastructure/gcp/.terraform.lock.hcl +++ b/terraform/infrastructure/gcp/.terraform.lock.hcl @@ -2,61 +2,25 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/google" { - version = "5.37.0" - constraints = "5.37.0" + version = "6.7.0" + constraints = "6.7.0" hashes = [ - "h1:+0FfxQm8+OxXM6tDF8UCA2ir59Gel4oSnLoJoKkGCpc=", - "h1:+WQTQ1s/MhzXNDaCp4OvTY46DB4/e2GyvpCH41kA5pY=", - "h1:/4KB6HjJ0ByYamKdb/3BjQlVrqtqkWygh8XINuwHwLg=", - "h1:0mhHpFpgMtiw0vhuKlMtst7bhiaO4aa0/qb0SS5e3ns=", - "h1:ECJCeUsjARe6GHI1yLQKdsx1GW1CFqgww/dzooBe/xk=", - "h1:MXuNmywxH/QrtJqzQBEo5fPlcYGIvy0OxlE5ZPA37wE=", - "h1:RefrtlcP4AXprPTHHmUNuHZEOgTld4JeDOTeo4zWiJA=", - "h1:UuDnLkrIGy1u1gmwyQ7JIaI7Hax8Rvn/gxSBbg9oRWI=", - "h1:lP9wJfnhHJj1FcpKRKEweqSnVWwvMtts6+Yypyfpfpw=", - "h1:lfzk7MUYSJG4nwsdX6DLZth3BePTuhWW9W6xM9buOMU=", - "h1:wUeVrQ1ss9vQbb6HP+hSgtQ7efSliSdHRef1/TRef6k=", - "zh:00754c426ec8c2416d54904b25ebf3d831b5af4f02a20336d0a60d91897497d7", - "zh:0b4128affc12ace78d9cbd8aac308b992cc1829effba0ac761b4c3e9e37a36e2", - "zh:46afda4cdadc242b0a27acb181967b7a37768aa084c84593506490483fbdefd6", - "zh:4ad56e9d5ed5e05184bd0a23e17b6eb985c28e7ce23ce29fdf50daa5594ead69", - "zh:557b021f77bd97462b20519148f454158e6cf89eba5461ae6016568b317e1c87", - "zh:6552bb5e901e9fbcd95dc95b4e017dfd7c1eca465dd749f9c8afdc4ae2bf3213", - "zh:687347e31e69f2c4518abc057ad157ed4fd2b78e399b3a172bcab4277f7a235b", - "zh:a66bfc55856693fe82a81554abf7fd72b8ca2d56a08cb59c4769c15b1a1acea5", - "zh:a8b242c5aab000f2a27e934930a75656efb4a96fdb06a419b22ae0daffa6fba3", - "zh:da9e9b40d632f218a3e0bb88b8cf95b91485cee1eb2fd2a384d45c2619c36da4", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:fda7bd1578e4b40e9e2d0298c77b0ad9f4486abee8ad38755299dd4b06be54c7", - ] -} - -provider "registry.terraform.io/hashicorp/google-beta" { - version = "5.37.0" - constraints = "5.37.0" - hashes = [ - "h1:7KgxMd/i1rO/cSlbM2t0D6nB4Ib2ZEtWVtjeShp2D2c=", - "h1:965SYhz47hz+CmD4RVrGdy4XM9cDxUaAjqcNyEpWriw=", - "h1:Ey+JiF+0gvMdsPraA5D4Ia7f10gBIkMYRTvsfruHxw4=", - "h1:FBXp+od4ba3e9xDRSC8EDqjaFgGFGOQN2/7jf2tt6BA=", - "h1:HBlMZCUjS8wwrckbw3otzFLoyn1DooTP+fT6sJCaIoM=", - "h1:P/LLB5QFyBr99ex16Ba2Lkw327sBpcgcwblwGnNmiAg=", - "h1:PbPuajB/eQ9ta/l2AlKRfcfdmCs16cbVkiqKgRv+lOo=", - "h1:WZX+8D3Uj2Zulgtju8JpPZUNtNMS0VY4lBrE2iW606c=", - "h1:pr0HowX8labbBVVd4b0ljpXINgPGQo+2Z/zqDjcPL3E=", - "h1:yIknB3Xwv+hXDQP1PBRYxAOMn9BluPI2+uOd26iPqGo=", - "h1:zkVNOR/I98jO9a9G/OiFnnxETw8ScDQRlgbXNkw2LMo=", - "zh:01467c4b9c7169ed6326697064c1f7d449cde88f03a328af4bc475b258c21148", - "zh:0486a06cd78e816e38af10cd1c3b8cc09ef4f9d200a04814828f11ad38d41854", - "zh:0b59125a577f87f704429bb16779d1df032b271c5a7ea9b128cb14f190fb6747", - "zh:2f3a11b564184f245bb78e2914dde40091cd9e6e856da4477344b2e4c7a13eed", - "zh:7527aba218a0cdc865dbd8b5ca9a19a424c63bba7cbf036f7a8aac4b2b1dc491", - "zh:7821cfb469a8bd11461e8b7d45f026da6867d7caf9c511512f2677cd7c0a588c", - "zh:9aeed6e46cc632bd0dd8c8de63fe12e9e306437e68de7e556a05732ef8389a15", - "zh:9d6b7609b3832c8ee96c52a8c23741f7df0f79370f37ba684c11b1fc2f5a42bd", - "zh:d8c58b6bca74141ca8409af9959f0d54e4e941bfa637261dc1e2fc5fe523102a", - "zh:daa69120aff4356594c9fc811c9fe1297a321a4445f8d0ec1b95871bc618d410", - "zh:e3c56d0cbccb02fa17162eda3d85c74fe1e78d075db43f7d66f9878c80b8aa83", + "h1:2R/lqkaJ6+JzXLvMjV9RpS800/D+JBVJdUr5cMTCtqA=", + "h1:LEFMDSgj/Om4bqo2mgrcgXPBvhFyKkq/Z01//4SsWgw=", + "h1:LsOV33issuNApAMJrT8el7CKBtN0gqox0jehtBT3yjs=", + "h1:N0Jt+y4xXGLJvkrq0ocp+tEMgYpmtDCFu21CwPc9lyA=", + "h1:sMGHFZFZKvUr8FB1Ocm5612HsMeO4umUu6UW1UAgTds=", + "zh:16ac63e56986916015637bdc26a93e375aa84f22381d37dea51b227bc8fd58e3", + "zh:3d27c11cfd55394e247b01dc5d8bf4b892940ac0b66785cf565fbbabe8b8363b", + "zh:40011688dd3d5294f92bc0d85f30f26c427adc9a0e5c5053ca71a66f322e6edd", + "zh:84f2b94480c0979fbef001bc040dcaa5ac7b7d3cb47edc24ef612f6ede8ecb84", + "zh:9350b88bfeedf91176ed8447e368a980b0f5c9ad5f6bc0eff62e8889888a60df", + "zh:a0aba100e12c1a4e45ed9c66a95edb6c1f51d4f88ac4a38e0f64ee057128b23d", + "zh:cc5b520ea5806b967559f6f7fa07e7f0e9fe380bfb68d2f8b5afc1c94e99cd70", + "zh:d1eaea3ed952dff0337930938ae031841175725a6da1a512d8dfd649b1e2a83f", + "zh:d9deed8a673ce1d1f9ebcb6186ee4068933720d0d97ef7b627d7d0f819b67eed", + "zh:df342d4ab9cd3d1e26bd338bc4a2f0fd136c96f8861ce0ab63a7e6e41f62254b", + "zh:f0438dbdacdcfc2727b09752f682c96f5f575fdb3282b6fb1721756d83b390c7", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } diff --git a/terraform/infrastructure/gcp/main.tf b/terraform/infrastructure/gcp/main.tf index 722421608..53c20aa42 100644 --- a/terraform/infrastructure/gcp/main.tf +++ b/terraform/infrastructure/gcp/main.tf @@ -2,12 +2,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = "5.37.0" - } - - google-beta = { - source = "hashicorp/google-beta" - version = "5.37.0" + version = "6.7.0" } random = { @@ -23,12 +18,6 @@ provider "google" { zone = var.zone } -provider "google-beta" { - project = var.project - region = var.region - zone = var.zone -} - locals { uid = random_id.uid.hex name = "${var.name}-${local.uid}" @@ -91,12 +80,10 @@ resource "google_compute_subnetwork" "vpc_subnetwork" { description = "Constellation VPC subnetwork" network = google_compute_network.vpc_network.id ip_cidr_range = local.cidr_vpc_subnet_nodes - secondary_ip_range = [ - { - range_name = local.name, - ip_cidr_range = local.cidr_vpc_subnet_pods, - } - ] + secondary_ip_range { + range_name = local.name + ip_cidr_range = local.cidr_vpc_subnet_pods + } } resource "google_compute_subnetwork" "proxy_subnet" { diff --git a/terraform/infrastructure/gcp/modules/instance_group/main.tf b/terraform/infrastructure/gcp/modules/instance_group/main.tf index b13289b89..26312ae29 100644 --- a/terraform/infrastructure/gcp/modules/instance_group/main.tf +++ b/terraform/infrastructure/gcp/modules/instance_group/main.tf @@ -2,12 +2,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = "5.37.0" - } - - google-beta = { - source = "hashicorp/google-beta" - version = "5.37.0" + version = "6.7.0" } random = { @@ -28,10 +23,6 @@ resource "random_id" "uid" { } resource "google_compute_instance_template" "template" { - # Beta provider is necessary to set confidential instance types. - # TODO(msanft): Remove beta provider once confidential instance type setting is in GA. - provider = google-beta - name = local.name machine_type = var.instance_type tags = ["constellation-${var.uid}"] // Note that this is also applied as a label diff --git a/terraform/infrastructure/gcp/modules/internal_load_balancer/main.tf b/terraform/infrastructure/gcp/modules/internal_load_balancer/main.tf index c4f987808..270a8cbec 100644 --- a/terraform/infrastructure/gcp/modules/internal_load_balancer/main.tf +++ b/terraform/infrastructure/gcp/modules/internal_load_balancer/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = "5.37.0" + version = "6.7.0" } } } diff --git a/terraform/infrastructure/gcp/modules/jump_host/main.tf b/terraform/infrastructure/gcp/modules/jump_host/main.tf index 1e2d9f65e..3445171c8 100644 --- a/terraform/infrastructure/gcp/modules/jump_host/main.tf +++ b/terraform/infrastructure/gcp/modules/jump_host/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = "5.37.0" + version = "6.7.0" } } } diff --git a/terraform/infrastructure/gcp/modules/loadbalancer/main.tf b/terraform/infrastructure/gcp/modules/loadbalancer/main.tf index 5f33c1509..1f4953b9a 100644 --- a/terraform/infrastructure/gcp/modules/loadbalancer/main.tf +++ b/terraform/infrastructure/gcp/modules/loadbalancer/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = "5.37.0" + version = "6.7.0" } } } diff --git a/terraform/infrastructure/iam/gcp/.terraform.lock.hcl b/terraform/infrastructure/iam/gcp/.terraform.lock.hcl index 0a75e503c..d4f4ab36e 100644 --- a/terraform/infrastructure/iam/gcp/.terraform.lock.hcl +++ b/terraform/infrastructure/iam/gcp/.terraform.lock.hcl @@ -2,54 +2,48 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/google" { - version = "5.37.0" - constraints = "5.37.0" + version = "6.7.0" + constraints = "6.7.0" hashes = [ - "h1:+0FfxQm8+OxXM6tDF8UCA2ir59Gel4oSnLoJoKkGCpc=", - "h1:+WQTQ1s/MhzXNDaCp4OvTY46DB4/e2GyvpCH41kA5pY=", - "h1:/4KB6HjJ0ByYamKdb/3BjQlVrqtqkWygh8XINuwHwLg=", - "h1:0mhHpFpgMtiw0vhuKlMtst7bhiaO4aa0/qb0SS5e3ns=", - "h1:ECJCeUsjARe6GHI1yLQKdsx1GW1CFqgww/dzooBe/xk=", - "h1:MXuNmywxH/QrtJqzQBEo5fPlcYGIvy0OxlE5ZPA37wE=", - "h1:RefrtlcP4AXprPTHHmUNuHZEOgTld4JeDOTeo4zWiJA=", - "h1:UuDnLkrIGy1u1gmwyQ7JIaI7Hax8Rvn/gxSBbg9oRWI=", - "h1:lP9wJfnhHJj1FcpKRKEweqSnVWwvMtts6+Yypyfpfpw=", - "h1:lfzk7MUYSJG4nwsdX6DLZth3BePTuhWW9W6xM9buOMU=", - "h1:wUeVrQ1ss9vQbb6HP+hSgtQ7efSliSdHRef1/TRef6k=", - "zh:00754c426ec8c2416d54904b25ebf3d831b5af4f02a20336d0a60d91897497d7", - "zh:0b4128affc12ace78d9cbd8aac308b992cc1829effba0ac761b4c3e9e37a36e2", - "zh:46afda4cdadc242b0a27acb181967b7a37768aa084c84593506490483fbdefd6", - "zh:4ad56e9d5ed5e05184bd0a23e17b6eb985c28e7ce23ce29fdf50daa5594ead69", - "zh:557b021f77bd97462b20519148f454158e6cf89eba5461ae6016568b317e1c87", - "zh:6552bb5e901e9fbcd95dc95b4e017dfd7c1eca465dd749f9c8afdc4ae2bf3213", - "zh:687347e31e69f2c4518abc057ad157ed4fd2b78e399b3a172bcab4277f7a235b", - "zh:a66bfc55856693fe82a81554abf7fd72b8ca2d56a08cb59c4769c15b1a1acea5", - "zh:a8b242c5aab000f2a27e934930a75656efb4a96fdb06a419b22ae0daffa6fba3", - "zh:da9e9b40d632f218a3e0bb88b8cf95b91485cee1eb2fd2a384d45c2619c36da4", + "h1:2R/lqkaJ6+JzXLvMjV9RpS800/D+JBVJdUr5cMTCtqA=", + "h1:LEFMDSgj/Om4bqo2mgrcgXPBvhFyKkq/Z01//4SsWgw=", + "h1:LsOV33issuNApAMJrT8el7CKBtN0gqox0jehtBT3yjs=", + "h1:N0Jt+y4xXGLJvkrq0ocp+tEMgYpmtDCFu21CwPc9lyA=", + "h1:sMGHFZFZKvUr8FB1Ocm5612HsMeO4umUu6UW1UAgTds=", + "zh:16ac63e56986916015637bdc26a93e375aa84f22381d37dea51b227bc8fd58e3", + "zh:3d27c11cfd55394e247b01dc5d8bf4b892940ac0b66785cf565fbbabe8b8363b", + "zh:40011688dd3d5294f92bc0d85f30f26c427adc9a0e5c5053ca71a66f322e6edd", + "zh:84f2b94480c0979fbef001bc040dcaa5ac7b7d3cb47edc24ef612f6ede8ecb84", + "zh:9350b88bfeedf91176ed8447e368a980b0f5c9ad5f6bc0eff62e8889888a60df", + "zh:a0aba100e12c1a4e45ed9c66a95edb6c1f51d4f88ac4a38e0f64ee057128b23d", + "zh:cc5b520ea5806b967559f6f7fa07e7f0e9fe380bfb68d2f8b5afc1c94e99cd70", + "zh:d1eaea3ed952dff0337930938ae031841175725a6da1a512d8dfd649b1e2a83f", + "zh:d9deed8a673ce1d1f9ebcb6186ee4068933720d0d97ef7b627d7d0f819b67eed", + "zh:df342d4ab9cd3d1e26bd338bc4a2f0fd136c96f8861ce0ab63a7e6e41f62254b", + "zh:f0438dbdacdcfc2727b09752f682c96f5f575fdb3282b6fb1721756d83b390c7", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:fda7bd1578e4b40e9e2d0298c77b0ad9f4486abee8ad38755299dd4b06be54c7", ] } provider "registry.terraform.io/hashicorp/null" { - version = "3.2.2" + version = "3.2.3" hashes = [ - "h1:Gef5VGfobY5uokA5nV/zFvWeMNR2Pmq79DH94QnNZPM=", - "h1:IMVAUHKoydFrlPrl9OzasDnw/8ntZFerCC9iXw1rXQY=", - "h1:m467k2tZ9cdFFgHW7LPBK2GLPH43LC6wc3ppxr8yvoE=", - "h1:vWAsYRd7MjYr3adj8BVKRohVfHpWQdvkIwUQ2Jf5FVM=", - "h1:zT1ZbegaAYHwQa+QwIFugArWikRJI9dqohj8xb0GY88=", - "zh:3248aae6a2198f3ec8394218d05bd5e42be59f43a3a7c0b71c66ec0df08b69e7", - "zh:32b1aaa1c3013d33c245493f4a65465eab9436b454d250102729321a44c8ab9a", - "zh:38eff7e470acb48f66380a73a5c7cdd76cc9b9c9ba9a7249c7991488abe22fe3", - "zh:4c2f1faee67af104f5f9e711c4574ff4d298afaa8a420680b0cb55d7bbc65606", - "zh:544b33b757c0b954dbb87db83a5ad921edd61f02f1dc86c6186a5ea86465b546", - "zh:696cf785090e1e8cf1587499516b0494f47413b43cb99877ad97f5d0de3dc539", - "zh:6e301f34757b5d265ae44467d95306d61bef5e41930be1365f5a8dcf80f59452", + "h1:+AnORRgFbRO6qqcfaQyeX80W0eX3VmjadjnUFUJTiXo=", + "h1:I0Um8UkrMUb81Fxq/dxbr3HLP2cecTH2WMJiwKSrwQY=", + "h1:nKUqWEza6Lcv3xRlzeiRQrHtqvzX1BhIzjaOVXRYQXQ=", + "h1:obXguGZUWtNAO09f1f9Cb7hsPCOGXuGdN8bn/ohKRBQ=", + "h1:zxoDtu918XPWJ/Y6s4aFrZydn6SfqkRc5Ax1ZLnC6Ew=", + "zh:22d062e5278d872fe7aed834f5577ba0a5afe34a3bdac2b81f828d8d3e6706d2", + "zh:23dead00493ad863729495dc212fd6c29b8293e707b055ce5ba21ee453ce552d", + "zh:28299accf21763ca1ca144d8f660688d7c2ad0b105b7202554ca60b02a3856d3", + "zh:55c9e8a9ac25a7652df8c51a8a9a422bd67d784061b1de2dc9fe6c3cb4e77f2f", + "zh:756586535d11698a216291c06b9ed8a5cc6a4ec43eee1ee09ecd5c6a9e297ac1", "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", - "zh:913a929070c819e59e94bb37a2a253c228f83921136ff4a7aa1a178c7cce5422", - "zh:aa9015926cd152425dbf86d1abdbc74bfe0e1ba3d26b3db35051d7b9ca9f72ae", - "zh:bb04798b016e1e1d49bcc76d62c53b56c88c63d6f2dfe38821afef17c416a0e1", - "zh:c23084e1b23577de22603cff752e59128d83cfecc2e6819edadd8cf7a10af11e", + "zh:9d5eea62fdb587eeb96a8c4d782459f4e6b73baeece4d04b4a40e44faaee9301", + "zh:a6355f596a3fb8fc85c2fb054ab14e722991533f87f928e7169a486462c74670", + "zh:b5a65a789cff4ada58a5baffc76cb9767dc26ec6b45c00d2ec8b1b027f6db4ed", + "zh:db5ab669cf11d0e9f81dc380a6fdfcac437aea3d69109c7aef1a5426639d2d65", + "zh:de655d251c470197bcbb5ac45d289595295acb8f829f6c781d4a75c8c8b7c7dd", + "zh:f5c68199f2e6076bce92a12230434782bf768103a427e9bb9abee99b116af7b5", ] } diff --git a/terraform/infrastructure/iam/gcp/main.tf b/terraform/infrastructure/iam/gcp/main.tf index 5faa9b531..d014e5140 100644 --- a/terraform/infrastructure/iam/gcp/main.tf +++ b/terraform/infrastructure/iam/gcp/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = "5.37.0" + version = "6.7.0" } } } From 7977746785788e02b0bf3cb6941d8e9919a9eb17 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Wed, 23 Oct 2024 09:38:20 +0200 Subject: [PATCH 330/380] image: update measurements and image version (#3455) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index d2db94b41..d09162a4e 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xeb, 0x47, 0x92, 0x16, 0x88, 0xe2, 0x06, 0x87, 0xdf, 0x43, 0x9c, 0x1e, 0x39, 0x2a, 0xf2, 0xeb, 0xef, 0x31, 0x67, 0xc2, 0x8e, 0x16, 0x04, 0xd5, 0x53, 0xe4, 0xf8, 0x35, 0xed, 0xc2, 0x8e, 0xb0}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x39, 0x84, 0xd8, 0xfd, 0xff, 0xc7, 0x7f, 0x0d, 0x32, 0x38, 0xea, 0xca, 0xda, 0xac, 0x15, 0x83, 0x9e, 0x65, 0x5e, 0x0b, 0x5f, 0x84, 0xa1, 0x5d, 0x10, 0x00, 0xb3, 0x6e, 0x3a, 0x3f, 0xf5, 0xaf}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x30, 0xab, 0x29, 0x4c, 0x27, 0x98, 0xd5, 0xe8, 0xd8, 0xb1, 0x83, 0xf7, 0x5d, 0x0a, 0x5e, 0x90, 0x77, 0x39, 0x04, 0x21, 0xcf, 0x51, 0xb3, 0x57, 0x92, 0x23, 0xb6, 0xa9, 0xa3, 0xd4, 0xda, 0xce}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x02, 0x21, 0xbc, 0x0c, 0xe4, 0x6e, 0x91, 0x61, 0x0d, 0xbb, 0x4e, 0xfb, 0xce, 0x15, 0x3f, 0xab, 0xeb, 0xbe, 0x06, 0xfe, 0x2f, 0x0f, 0x36, 0xd8, 0x7c, 0xc7, 0xd9, 0x3c, 0xb5, 0xcd, 0xb7, 0x93}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd8, 0x81, 0x25, 0x4a, 0xa6, 0x89, 0xb2, 0xab, 0x6c, 0x20, 0xb1, 0x68, 0x87, 0x12, 0xc7, 0xb7, 0xec, 0xd6, 0x22, 0xe1, 0x47, 0x14, 0x8d, 0x15, 0xbf, 0x9c, 0x35, 0x3f, 0x09, 0xaa, 0x4d, 0xa3}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x29, 0x98, 0x48, 0xe8, 0x7d, 0x8b, 0x7d, 0x97, 0x27, 0x18, 0x61, 0x42, 0x2d, 0x62, 0x55, 0x5e, 0xb6, 0xc7, 0xef, 0xc3, 0xf1, 0x94, 0xf6, 0x69, 0x5d, 0x26, 0xb5, 0xbf, 0xb6, 0xde, 0x48, 0x2b}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x6c, 0xf8, 0xc9, 0xd5, 0xe3, 0x6d, 0x18, 0x12, 0xa7, 0xf0, 0x0f, 0xb4, 0x4b, 0x08, 0x57, 0x47, 0x75, 0xdd, 0x5d, 0xec, 0x0f, 0xb5, 0x02, 0x12, 0x60, 0x57, 0x1b, 0xa2, 0x4c, 0x88, 0x03, 0x6c}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x10, 0xb1, 0xa0, 0xd3, 0xf7, 0x56, 0x9e, 0x73, 0xd6, 0x60, 0xcc, 0x72, 0xc1, 0x37, 0x1e, 0xaf, 0x1d, 0x9b, 0x9a, 0xcb, 0xe4, 0xce, 0x38, 0x96, 0x67, 0xe1, 0xbb, 0xf3, 0x0c, 0x2c, 0x2c, 0x70}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa9, 0x80, 0x5f, 0x06, 0x94, 0xc7, 0x37, 0xc4, 0x91, 0x56, 0xbf, 0xb5, 0x8e, 0xeb, 0xa1, 0xd9, 0x45, 0xda, 0xcc, 0x03, 0x6c, 0xe2, 0x73, 0x15, 0xca, 0xed, 0x78, 0x15, 0x9b, 0xf8, 0x25, 0xe5}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xe8, 0x6b, 0xde, 0xe6, 0xac, 0xa1, 0x0f, 0x46, 0x6e, 0xa6, 0xdd, 0xc5, 0x17, 0x28, 0xf4, 0xf5, 0x61, 0x12, 0x17, 0x85, 0x3d, 0x12, 0xf2, 0x8d, 0x60, 0x16, 0x49, 0xcd, 0x9f, 0x67, 0x66, 0x74}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb1, 0x39, 0xd6, 0xde, 0x59, 0xfe, 0x15, 0xac, 0x87, 0xb2, 0x69, 0x60, 0xd5, 0xe9, 0x14, 0x90, 0xb0, 0xad, 0x0e, 0x1a, 0x6f, 0xb7, 0x41, 0x11, 0x6d, 0xcb, 0x86, 0x6c, 0x56, 0xbf, 0x12, 0xac}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xec, 0x6f, 0x03, 0xf1, 0xb3, 0x44, 0x9b, 0xa6, 0x71, 0x78, 0xea, 0x5e, 0x48, 0x47, 0x20, 0x41, 0x65, 0xca, 0xde, 0xd8, 0x02, 0x04, 0xbf, 0xba, 0x29, 0x55, 0x92, 0x8d, 0xc7, 0xc6, 0x98, 0x18}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x1a, 0x36, 0x48, 0x23, 0x4f, 0xda, 0x2d, 0xea, 0xea, 0x84, 0x77, 0x9d, 0xcc, 0x7c, 0x70, 0x8e, 0xf4, 0xbd, 0x9f, 0x04, 0x98, 0xfe, 0x62, 0x0d, 0x12, 0x24, 0xe0, 0x2c, 0x5f, 0x76, 0x6c, 0xbf}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x2a, 0x84, 0x4a, 0x7e, 0x2f, 0x2a, 0x27, 0x39, 0xd0, 0xda, 0xeb, 0x99, 0xfe, 0x59, 0x89, 0xf4, 0xb1, 0x06, 0x83, 0xb7, 0x9d, 0x26, 0x5c, 0x15, 0xb9, 0xe1, 0x6b, 0x35, 0x39, 0x41, 0x06, 0x6e}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd7, 0x06, 0x3d, 0x0d, 0xae, 0xa0, 0xb4, 0x77, 0x8e, 0x61, 0xaf, 0x5a, 0xf3, 0xdd, 0x05, 0x7f, 0xd2, 0xa5, 0xf9, 0x8b, 0xaf, 0x97, 0x96, 0x98, 0xe3, 0x3c, 0x7a, 0xbc, 0x03, 0xf4, 0x27, 0xc2}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x24, 0x13, 0x1a, 0xf9, 0x7e, 0xc7, 0xb8, 0xc9, 0x4d, 0xc8, 0x1f, 0x60, 0x42, 0xaa, 0x61, 0x9b, 0xcb, 0xfa, 0xc1, 0x56, 0xd9, 0x6c, 0x81, 0xd9, 0xb0, 0x7d, 0x68, 0xb9, 0xfc, 0x56, 0xaf, 0xc0}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x86, 0x10, 0x58, 0xc8, 0x72, 0x8a, 0xf7, 0x5a, 0x77, 0xa1, 0x90, 0x7e, 0x53, 0xda, 0x81, 0x8b, 0xd9, 0xd1, 0xd0, 0x68, 0x33, 0xa3, 0xae, 0x46, 0xbd, 0x6d, 0x82, 0xae, 0x23, 0x85, 0xa7, 0x6b}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xdc, 0xaf, 0x99, 0x28, 0xcf, 0x7a, 0xd1, 0x5d, 0xa1, 0xbe, 0x46, 0xa5, 0x36, 0xb6, 0x88, 0x92, 0x80, 0x7d, 0x95, 0xa0, 0xc9, 0xe9, 0x74, 0xf2, 0xf1, 0xfc, 0xd7, 0x9a, 0x8e, 0x80, 0xe7, 0x44}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x36, 0x3b, 0xb0, 0x01, 0xac, 0x9e, 0xcb, 0xe8, 0x4b, 0x99, 0xd5, 0xe1, 0xb9, 0xaa, 0x24, 0x76, 0xa9, 0x35, 0x52, 0x20, 0xd7, 0xfb, 0x77, 0x63, 0x13, 0x97, 0xe5, 0x89, 0xe7, 0xd1, 0xe2, 0xea}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x61, 0xf8, 0x52, 0x44, 0x32, 0xab, 0x68, 0x18, 0xd9, 0x5f, 0xd5, 0x39, 0x20, 0x2f, 0x56, 0x4e, 0xcd, 0x13, 0xa3, 0x10, 0x55, 0xdf, 0x27, 0x24, 0xb4, 0x09, 0x27, 0x4e, 0x72, 0x21, 0xe6, 0x1a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xcd, 0x63, 0x03, 0xd6, 0x04, 0x7d, 0xd9, 0x41, 0xc9, 0x66, 0x29, 0x4d, 0x46, 0xbf, 0x7d, 0xf6, 0x73, 0xe5, 0x6b, 0xb2, 0x35, 0x88, 0x69, 0x1c, 0xe8, 0x6d, 0xa9, 0x48, 0x44, 0x38, 0xbf, 0x0d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xc7, 0x15, 0x3f, 0xc1, 0xed, 0x76, 0xef, 0xe2, 0x0f, 0x13, 0xa1, 0xaf, 0x92, 0x4b, 0xc6, 0xef, 0xce, 0xb9, 0x7d, 0x8a, 0x43, 0x25, 0x8f, 0x8d, 0x14, 0xdc, 0x55, 0xe4, 0x93, 0xc4, 0xf9, 0xcd}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd4, 0xd4, 0x64, 0xd0, 0xa0, 0x15, 0x4b, 0x7e, 0x85, 0xc0, 0xd7, 0x2d, 0xeb, 0xaf, 0x80, 0x67, 0x72, 0x8c, 0x65, 0x99, 0x8b, 0x4a, 0xec, 0xbb, 0x53, 0x4e, 0x68, 0xd6, 0xdd, 0x3f, 0x03, 0xca}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf2, 0x0c, 0x1b, 0x8f, 0x61, 0x4e, 0x55, 0x8d, 0xb7, 0x3c, 0x90, 0x45, 0x61, 0xb2, 0x3e, 0x5d, 0x07, 0xb4, 0xbc, 0x7c, 0xa1, 0x6c, 0x06, 0x3e, 0xbe, 0x28, 0x9c, 0x14, 0x03, 0x9b, 0x0e, 0x2a}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x65, 0x78, 0x11, 0x7e, 0xc4, 0xd3, 0xa3, 0x03, 0x69, 0xeb, 0xeb, 0x27, 0xcf, 0xa3, 0x4e, 0x56, 0x3a, 0xca, 0x06, 0x73, 0x9f, 0xc4, 0x98, 0x8f, 0x1c, 0xa2, 0x69, 0x77, 0xff, 0xd4, 0x47, 0xa8}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x4d, 0xef, 0xd5, 0x8d, 0x9d, 0x79, 0xc6, 0xbc, 0x71, 0x12, 0xbc, 0x45, 0x6d, 0xa2, 0x83, 0x89, 0x14, 0x65, 0xff, 0x72, 0xee, 0xca, 0x4f, 0xd5, 0x93, 0x43, 0xdd, 0xeb, 0xa7, 0x75, 0xcf, 0x9b}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x8c, 0xd4, 0x67, 0x76, 0xf1, 0x07, 0x8f, 0x10, 0xe4, 0xaa, 0xaf, 0x63, 0xf7, 0xdb, 0x36, 0x4e, 0x13, 0x10, 0x30, 0xbc, 0xf3, 0x3f, 0x8b, 0xb1, 0x87, 0x77, 0x19, 0x78, 0x58, 0xb2, 0xdc, 0xce}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xb2, 0x55, 0xed, 0xea, 0xa6, 0x55, 0x80, 0x72, 0x93, 0x9f, 0xb2, 0xc7, 0x5a, 0xd5, 0x76, 0xc1, 0xf4, 0xb6, 0x70, 0xca, 0xa2, 0xa6, 0x01, 0x55, 0x4a, 0x86, 0x25, 0x47, 0x22, 0x5a, 0xcb, 0xfd}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x11, 0x02, 0x24, 0x79, 0xe1, 0x7f, 0xe6, 0x3f, 0xcb, 0xb9, 0x35, 0xae, 0x02, 0x84, 0xc0, 0xd3, 0x9e, 0x5a, 0xf8, 0x3e, 0xc1, 0x5a, 0x38, 0xe3, 0x75, 0x90, 0x9c, 0x64, 0xba, 0x75, 0xce, 0xaf}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x91, 0x96, 0x05, 0x9a, 0x2a, 0x43, 0x84, 0x47, 0x48, 0xc1, 0x96, 0x6c, 0x2b, 0xaf, 0x02, 0x95, 0x88, 0x40, 0x28, 0x16, 0xb3, 0xdd, 0x0d, 0x3a, 0x31, 0xed, 0x7d, 0xe2, 0x5c, 0x80, 0x7e, 0x22}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0x6c, 0xe1, 0x89, 0x59, 0x44, 0x39, 0x6e, 0x92, 0x39, 0x7f, 0xeb, 0xa7, 0x4b, 0x58, 0xd2, 0x66, 0xe5, 0xb3, 0x5b, 0xf3, 0x5e, 0xc2, 0xf5, 0x97, 0x9d, 0x9d, 0xb6, 0x86, 0x83, 0xd9, 0xcb, 0x89}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xcc, 0xa9, 0x02, 0x04, 0x28, 0xc4, 0x7f, 0x38, 0x10, 0xd8, 0x84, 0x58, 0xda, 0x71, 0x60, 0xa8, 0x09, 0xa2, 0x37, 0xfc, 0x99, 0x79, 0xe1, 0x46, 0x7f, 0x96, 0xf5, 0x0c, 0xbf, 0x61, 0xe1, 0x87}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x36, 0x67, 0xcd, 0xf9, 0xdc, 0x08, 0x1e, 0x33, 0x9e, 0x6c, 0x65, 0x2b, 0xa0, 0xcf, 0xeb, 0x10, 0xf2, 0x92, 0x46, 0xed, 0x28, 0x42, 0x4a, 0xe1, 0x26, 0x66, 0x60, 0xfd, 0xff, 0x88, 0x8b, 0xbf}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xd7, 0x0f, 0xe5, 0x95, 0x22, 0x50, 0x2f, 0xc6, 0x5a, 0x9d, 0x11, 0x5e, 0xd5, 0x2b, 0x1c, 0x92, 0xb2, 0x96, 0xd2, 0x59, 0x5e, 0x13, 0x95, 0x8c, 0x5f, 0xcb, 0xe2, 0xcd, 0xe8, 0x4d, 0x3c, 0x78}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x68, 0x4b, 0x8a, 0x7c, 0x10, 0x89, 0x49, 0x88, 0x82, 0x93, 0xec, 0x9a, 0x8c, 0x61, 0x42, 0xff, 0x41, 0xa5, 0x68, 0xdb, 0x25, 0x08, 0xff, 0xb3, 0x42, 0x08, 0xd2, 0xcf, 0x1f, 0xde, 0x4d, 0xd5}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd3, 0xbc, 0x9e, 0xae, 0x29, 0x9b, 0xc0, 0x75, 0x1b, 0xe9, 0x71, 0xb9, 0xf8, 0x66, 0xac, 0xeb, 0x6c, 0x89, 0x0c, 0xf4, 0xd5, 0x98, 0xf8, 0x17, 0x36, 0x1a, 0x72, 0x71, 0x29, 0x0e, 0x34, 0x8b}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xe6, 0x21, 0x86, 0xab, 0xb4, 0x6b, 0xfc, 0x9d, 0x00, 0x1b, 0x0a, 0xef, 0x4a, 0x1d, 0xb7, 0x75, 0xed, 0xf5, 0x40, 0x4b, 0x1e, 0xf5, 0x85, 0x59, 0x24, 0x6a, 0x52, 0x6a, 0x18, 0x90, 0xe5, 0x1e}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xfa, 0x0d, 0x77, 0x67, 0x59, 0xf5, 0xfa, 0xa9, 0xca, 0xca, 0x4c, 0xab, 0x60, 0xa4, 0xe5, 0x3e, 0x8e, 0xb8, 0x70, 0x19, 0x88, 0xa8, 0x93, 0x1c, 0xf3, 0xe1, 0xa0, 0x47, 0x3a, 0x97, 0xf5, 0x9a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x4c, 0x3e, 0x3c, 0x3e, 0x45, 0x01, 0x47, 0xc0, 0x14, 0x65, 0x48, 0x1a, 0x98, 0x0a, 0xbd, 0xcb, 0xc8, 0x87, 0x6b, 0x27, 0x09, 0x6d, 0x4d, 0x37, 0xa2, 0x08, 0x1a, 0x90, 0x9a, 0x48, 0x06, 0xad}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0xd7, 0x43, 0x0c, 0x2a, 0xea, 0x8d, 0xa6, 0x55, 0xc7, 0x77, 0xe2, 0xce, 0x68, 0x9f, 0x44, 0x46, 0x92, 0xa4, 0xa7, 0x16, 0x82, 0x72, 0x37, 0x6a, 0x56, 0xed, 0x29, 0x39, 0xe4, 0x52, 0x7a, 0x2e}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x9f, 0x93, 0xa8, 0xd9, 0xd7, 0x03, 0x25, 0xda, 0x7c, 0x0c, 0x64, 0xe7, 0x82, 0xaa, 0xa8, 0xc9, 0x3f, 0x51, 0x8f, 0xb7, 0x9c, 0xdb, 0x0c, 0x63, 0xfb, 0x43, 0xc0, 0x6a, 0x0a, 0x81, 0xc1, 0x37}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xb4, 0x96, 0x37, 0x0f, 0xbf, 0x92, 0xdb, 0xbd, 0x09, 0xd8, 0xb0, 0xd3, 0xdb, 0x7c, 0xa0, 0xf0, 0x8d, 0xa2, 0x11, 0x8c, 0x59, 0x44, 0xb9, 0x60, 0x8d, 0x00, 0x26, 0x1a, 0xd7, 0x9b, 0xe5, 0xcd}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0x40, 0x44, 0x26, 0x23, 0x30, 0xcd, 0x40, 0xc2, 0xf8, 0xb2, 0x2f, 0xb8, 0x4d, 0x91, 0xea, 0x6d, 0x64, 0x46, 0x04, 0xed, 0x8b, 0xa8, 0x39, 0x17, 0x1c, 0x58, 0xa3, 0xfb, 0x84, 0xd3, 0xfa, 0xf7}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x2f, 0x56, 0x38, 0x71, 0xf7, 0xc5, 0x48, 0xa9, 0xc4, 0x09, 0xd0, 0xd4, 0xc7, 0x85, 0x98, 0xf1, 0x72, 0xeb, 0xf8, 0x42, 0x09, 0xc1, 0x94, 0xc6, 0x7c, 0xa6, 0x44, 0x26, 0xa7, 0x62, 0x9a, 0xf9}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd1, 0x14, 0x96, 0x6b, 0xfe, 0xee, 0x8e, 0x79, 0xf6, 0xd6, 0x09, 0x62, 0x6e, 0x88, 0x63, 0x23, 0x60, 0x25, 0x58, 0x2c, 0x0d, 0xb2, 0xa3, 0xd6, 0x6d, 0x68, 0x54, 0x3f, 0x74, 0xb3, 0x11, 0xe8}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0xc5, 0xa2, 0x0e, 0xa0, 0x33, 0x82, 0x94, 0x14, 0xce, 0x59, 0x79, 0x22, 0x72, 0x59, 0xe4, 0x48, 0x41, 0xd3, 0x9b, 0x41, 0x71, 0xcd, 0x97, 0x38, 0x49, 0x76, 0x16, 0xeb, 0xb7, 0xc3, 0xcb, 0x08}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xce, 0x79, 0x15, 0xc1, 0xf3, 0x77, 0x4f, 0x74, 0x18, 0xaa, 0x76, 0x64, 0x70, 0x70, 0x90, 0x9e, 0x66, 0xaf, 0xe7, 0x08, 0xda, 0x81, 0x42, 0xe6, 0xaf, 0x29, 0x40, 0xd1, 0x50, 0x3c, 0x0d, 0x62}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe8, 0x3a, 0x5f, 0xc3, 0x12, 0x2b, 0xf4, 0xa6, 0x6f, 0x06, 0x07, 0xdf, 0x2e, 0x9a, 0x3a, 0x94, 0x1b, 0x2d, 0xf9, 0x98, 0xbd, 0x76, 0x3c, 0xb0, 0xf9, 0x74, 0xe3, 0x4a, 0x49, 0xcf, 0xf6, 0x3d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index ecacd032d..4e548d67b 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.19.0-pre.0.20241017144548-0453f5b611ae" + defaultImage = "ref/main/stream/nightly/v2.20.0-pre.0.20241021104133-96ac7124e3c9" ) From cbd8cc69760502e5f3a2b1ba02e769638467736e Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Wed, 23 Oct 2024 16:45:22 +0200 Subject: [PATCH 331/380] ci: use GOPROXY fallbacks (#3456) --- bazel/bazelrc/ci.bazelrc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/bazel/bazelrc/ci.bazelrc b/bazel/bazelrc/ci.bazelrc index 4bc188e3d..dbae2df5e 100644 --- a/bazel/bazelrc/ci.bazelrc +++ b/bazel/bazelrc/ci.bazelrc @@ -62,6 +62,10 @@ build --remote_local_fallback # Docs: https://bazel.build/reference/command-line-reference#flag--grpc_keepalive_time build --grpc_keepalive_time=30s +# Use fallbacks in case proxy.golang.org is not reachable. +# Docs: https://go.dev/ref/mod#goproxy-protocol +common '--repo_env=GOPROXY=https://proxy.golang.org|https://goproxy.io|direct' + ###################################### # Edgeless specific # From 2cd5b05b51b108a35181facb861746dec8b5c0cb Mon Sep 17 00:00:00 2001 From: 3u13r Date: Thu, 24 Oct 2024 15:00:51 +0200 Subject: [PATCH 332/380] cli: also log applier debug messages to debug log file (#3457) * cli: also log applier debug messages to debug log file * cli: use debug logger instead of cliLogger --- cli/internal/cmd/apply.go | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/cli/internal/cmd/apply.go b/cli/internal/cmd/apply.go index aba3aa378..d4390db21 100644 --- a/cli/internal/cmd/apply.go +++ b/cli/internal/cmd/apply.go @@ -211,10 +211,6 @@ func (f *applyFlags) parse(flags *pflag.FlagSet) error { // runApply sets up the apply command and runs it. func runApply(cmd *cobra.Command, _ []string) error { - log, err := newCLILogger(cmd) - if err != nil { - return fmt.Errorf("creating logger: %w", err) - } spinner, err := newSpinnerOrStderr(cmd) if err != nil { return err @@ -227,7 +223,7 @@ func runApply(cmd *cobra.Command, _ []string) error { } fileHandler := file.NewHandler(afero.NewOsFs()) - logger, err := newDebugFileLogger(cmd, fileHandler) + debugLogger, err := newDebugFileLogger(cmd, fileHandler) if err != nil { return err } @@ -250,15 +246,15 @@ func runApply(cmd *cobra.Command, _ []string) error { ) } - applier := constellation.NewApplier(log, spinner, constellation.ApplyContextCLI, newDialer) + applier := constellation.NewApplier(debugLogger, spinner, constellation.ApplyContextCLI, newDialer) apply := &applyCmd{ fileHandler: fileHandler, flags: flags, - log: logger, - wLog: &warnLogger{cmd: cmd, log: log}, + log: debugLogger, + wLog: &warnLogger{cmd: cmd, log: debugLogger}, spinner: spinner, - merger: &kubeconfigMerger{log: log}, + merger: &kubeconfigMerger{log: debugLogger}, newInfraApplier: newInfraApplier, imageFetcher: imagefetcher.New(), applier: applier, @@ -826,6 +822,7 @@ func (wl warnLogger) Info(msg string, args ...any) { // Warn prints a formatted warning from the validator. func (wl warnLogger) Warn(msg string, args ...any) { wl.cmd.PrintErrf("Warning: %s %s\n", msg, fmt.Sprint(args...)) + wl.log.Debug(msg, args...) } type warnLog interface { From 1ed1a627b3c60e1e79364db4add0d4db55b36856 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Fri, 25 Oct 2024 11:08:47 +0200 Subject: [PATCH 333/380] image: update measurements and image version (#3458) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index d09162a4e..53283b6f2 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x1a, 0x36, 0x48, 0x23, 0x4f, 0xda, 0x2d, 0xea, 0xea, 0x84, 0x77, 0x9d, 0xcc, 0x7c, 0x70, 0x8e, 0xf4, 0xbd, 0x9f, 0x04, 0x98, 0xfe, 0x62, 0x0d, 0x12, 0x24, 0xe0, 0x2c, 0x5f, 0x76, 0x6c, 0xbf}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x2a, 0x84, 0x4a, 0x7e, 0x2f, 0x2a, 0x27, 0x39, 0xd0, 0xda, 0xeb, 0x99, 0xfe, 0x59, 0x89, 0xf4, 0xb1, 0x06, 0x83, 0xb7, 0x9d, 0x26, 0x5c, 0x15, 0xb9, 0xe1, 0x6b, 0x35, 0x39, 0x41, 0x06, 0x6e}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd7, 0x06, 0x3d, 0x0d, 0xae, 0xa0, 0xb4, 0x77, 0x8e, 0x61, 0xaf, 0x5a, 0xf3, 0xdd, 0x05, 0x7f, 0xd2, 0xa5, 0xf9, 0x8b, 0xaf, 0x97, 0x96, 0x98, 0xe3, 0x3c, 0x7a, 0xbc, 0x03, 0xf4, 0x27, 0xc2}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x24, 0x13, 0x1a, 0xf9, 0x7e, 0xc7, 0xb8, 0xc9, 0x4d, 0xc8, 0x1f, 0x60, 0x42, 0xaa, 0x61, 0x9b, 0xcb, 0xfa, 0xc1, 0x56, 0xd9, 0x6c, 0x81, 0xd9, 0xb0, 0x7d, 0x68, 0xb9, 0xfc, 0x56, 0xaf, 0xc0}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x86, 0x10, 0x58, 0xc8, 0x72, 0x8a, 0xf7, 0x5a, 0x77, 0xa1, 0x90, 0x7e, 0x53, 0xda, 0x81, 0x8b, 0xd9, 0xd1, 0xd0, 0x68, 0x33, 0xa3, 0xae, 0x46, 0xbd, 0x6d, 0x82, 0xae, 0x23, 0x85, 0xa7, 0x6b}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xdc, 0xaf, 0x99, 0x28, 0xcf, 0x7a, 0xd1, 0x5d, 0xa1, 0xbe, 0x46, 0xa5, 0x36, 0xb6, 0x88, 0x92, 0x80, 0x7d, 0x95, 0xa0, 0xc9, 0xe9, 0x74, 0xf2, 0xf1, 0xfc, 0xd7, 0x9a, 0x8e, 0x80, 0xe7, 0x44}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x36, 0x3b, 0xb0, 0x01, 0xac, 0x9e, 0xcb, 0xe8, 0x4b, 0x99, 0xd5, 0xe1, 0xb9, 0xaa, 0x24, 0x76, 0xa9, 0x35, 0x52, 0x20, 0xd7, 0xfb, 0x77, 0x63, 0x13, 0x97, 0xe5, 0x89, 0xe7, 0xd1, 0xe2, 0xea}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x61, 0xf8, 0x52, 0x44, 0x32, 0xab, 0x68, 0x18, 0xd9, 0x5f, 0xd5, 0x39, 0x20, 0x2f, 0x56, 0x4e, 0xcd, 0x13, 0xa3, 0x10, 0x55, 0xdf, 0x27, 0x24, 0xb4, 0x09, 0x27, 0x4e, 0x72, 0x21, 0xe6, 0x1a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xcd, 0x63, 0x03, 0xd6, 0x04, 0x7d, 0xd9, 0x41, 0xc9, 0x66, 0x29, 0x4d, 0x46, 0xbf, 0x7d, 0xf6, 0x73, 0xe5, 0x6b, 0xb2, 0x35, 0x88, 0x69, 0x1c, 0xe8, 0x6d, 0xa9, 0x48, 0x44, 0x38, 0xbf, 0x0d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xc7, 0x15, 0x3f, 0xc1, 0xed, 0x76, 0xef, 0xe2, 0x0f, 0x13, 0xa1, 0xaf, 0x92, 0x4b, 0xc6, 0xef, 0xce, 0xb9, 0x7d, 0x8a, 0x43, 0x25, 0x8f, 0x8d, 0x14, 0xdc, 0x55, 0xe4, 0x93, 0xc4, 0xf9, 0xcd}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd4, 0xd4, 0x64, 0xd0, 0xa0, 0x15, 0x4b, 0x7e, 0x85, 0xc0, 0xd7, 0x2d, 0xeb, 0xaf, 0x80, 0x67, 0x72, 0x8c, 0x65, 0x99, 0x8b, 0x4a, 0xec, 0xbb, 0x53, 0x4e, 0x68, 0xd6, 0xdd, 0x3f, 0x03, 0xca}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf2, 0x0c, 0x1b, 0x8f, 0x61, 0x4e, 0x55, 0x8d, 0xb7, 0x3c, 0x90, 0x45, 0x61, 0xb2, 0x3e, 0x5d, 0x07, 0xb4, 0xbc, 0x7c, 0xa1, 0x6c, 0x06, 0x3e, 0xbe, 0x28, 0x9c, 0x14, 0x03, 0x9b, 0x0e, 0x2a}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x16, 0x62, 0x87, 0x60, 0xad, 0xfe, 0xb0, 0x87, 0x65, 0xd9, 0x86, 0x17, 0xe7, 0xa1, 0x9c, 0xe3, 0x37, 0xda, 0xce, 0xb3, 0x71, 0xac, 0x33, 0x2e, 0x3c, 0x68, 0xea, 0x95, 0x43, 0xf0, 0x74, 0xce}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x5a, 0x23, 0x95, 0xf8, 0x85, 0xd7, 0xe1, 0x63, 0x20, 0x2e, 0x9a, 0xc3, 0x3f, 0x80, 0x64, 0x73, 0x8b, 0x58, 0x99, 0x78, 0xa8, 0x83, 0x44, 0xe4, 0x92, 0x87, 0xf4, 0xfd, 0xf2, 0x49, 0x1a, 0x5c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x4a, 0x7c, 0x49, 0xba, 0xce, 0xf4, 0x8b, 0xf7, 0x69, 0x11, 0xd8, 0x23, 0x73, 0xdb, 0x96, 0x2f, 0x2a, 0xa6, 0xb8, 0x7e, 0xfd, 0x18, 0x11, 0xe4, 0x15, 0x6d, 0xb4, 0x15, 0x85, 0x2e, 0x91, 0xbf}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x29, 0xbc, 0x7f, 0xc0, 0x75, 0x3a, 0x9f, 0xe9, 0xbb, 0x43, 0xd6, 0x76, 0xfc, 0x62, 0xf8, 0x14, 0x2f, 0x34, 0x13, 0x14, 0xb3, 0x74, 0x1b, 0xb9, 0xc6, 0x4f, 0x9a, 0x64, 0x7e, 0xed, 0xd2, 0x4f}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xbb, 0x96, 0xc0, 0xd8, 0x39, 0x53, 0x21, 0xe6, 0x3f, 0x30, 0x62, 0x42, 0xfc, 0x52, 0x2c, 0x8e, 0x33, 0x04, 0xf5, 0x0f, 0x4d, 0xf6, 0x76, 0x17, 0xed, 0xdf, 0x92, 0x98, 0x2f, 0x3f, 0x75, 0xe0}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe3, 0x23, 0x4d, 0x84, 0x30, 0x9b, 0x1a, 0x86, 0x75, 0x3b, 0x44, 0x71, 0x5b, 0x14, 0x66, 0x77, 0x55, 0xed, 0x88, 0x2c, 0xe7, 0xb3, 0x31, 0x58, 0x96, 0x7c, 0x14, 0xdd, 0xa1, 0x9e, 0x02, 0x81}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x7d, 0x69, 0x66, 0x05, 0x38, 0x85, 0xa6, 0xba, 0xfc, 0x4c, 0x51, 0xa8, 0x1f, 0x1d, 0x50, 0x7f, 0x96, 0x76, 0x6e, 0x82, 0xc0, 0xc1, 0x85, 0x19, 0x34, 0x9f, 0xaf, 0x7c, 0x73, 0x6f, 0x37, 0xe5}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xa5, 0x4e, 0xe2, 0xb6, 0xee, 0x2f, 0xcc, 0xd4, 0xe5, 0x88, 0xd4, 0x31, 0xcc, 0x8f, 0x53, 0x6d, 0x09, 0x98, 0x20, 0x18, 0x49, 0xe2, 0x73, 0x87, 0xb5, 0x43, 0x12, 0x9a, 0x92, 0xc9, 0xde, 0x6c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf9, 0xc5, 0x9c, 0x72, 0x9c, 0x5d, 0xa5, 0xeb, 0x4e, 0x1d, 0x16, 0xfe, 0xfd, 0x08, 0x79, 0x8a, 0x31, 0x35, 0xb3, 0x2e, 0xe1, 0x36, 0x62, 0xfc, 0x8c, 0xca, 0x33, 0xb7, 0xcd, 0x35, 0x80, 0xef}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x0f, 0xf1, 0x3a, 0x72, 0x05, 0xbf, 0x23, 0x52, 0xea, 0x97, 0x86, 0xad, 0xb9, 0x6d, 0x52, 0x69, 0x26, 0xfe, 0xa2, 0x6a, 0x3b, 0xdc, 0x02, 0x26, 0x32, 0xc0, 0x52, 0xa3, 0x7b, 0xe5, 0xb3, 0x5c}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x35, 0x2f, 0xbe, 0x7b, 0x89, 0xd6, 0xc8, 0xf1, 0x1a, 0xc1, 0xf3, 0x70, 0x9e, 0xeb, 0x8b, 0xec, 0xac, 0x44, 0x25, 0x41, 0x2f, 0x6a, 0xa9, 0x30, 0xe4, 0xd8, 0x3a, 0x55, 0x40, 0x45, 0x14, 0x2f}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x41, 0xd3, 0x3d, 0x7f, 0xb2, 0xd0, 0x6f, 0x4c, 0xac, 0xf1, 0x70, 0x27, 0x0c, 0xc5, 0x0e, 0x94, 0x52, 0xb7, 0xb5, 0x57, 0xd5, 0xd0, 0xb5, 0x8f, 0xec, 0xda, 0x3d, 0x59, 0xfe, 0x60, 0x5a, 0x0e}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xd7, 0x0f, 0xe5, 0x95, 0x22, 0x50, 0x2f, 0xc6, 0x5a, 0x9d, 0x11, 0x5e, 0xd5, 0x2b, 0x1c, 0x92, 0xb2, 0x96, 0xd2, 0x59, 0x5e, 0x13, 0x95, 0x8c, 0x5f, 0xcb, 0xe2, 0xcd, 0xe8, 0x4d, 0x3c, 0x78}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x68, 0x4b, 0x8a, 0x7c, 0x10, 0x89, 0x49, 0x88, 0x82, 0x93, 0xec, 0x9a, 0x8c, 0x61, 0x42, 0xff, 0x41, 0xa5, 0x68, 0xdb, 0x25, 0x08, 0xff, 0xb3, 0x42, 0x08, 0xd2, 0xcf, 0x1f, 0xde, 0x4d, 0xd5}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd3, 0xbc, 0x9e, 0xae, 0x29, 0x9b, 0xc0, 0x75, 0x1b, 0xe9, 0x71, 0xb9, 0xf8, 0x66, 0xac, 0xeb, 0x6c, 0x89, 0x0c, 0xf4, 0xd5, 0x98, 0xf8, 0x17, 0x36, 0x1a, 0x72, 0x71, 0x29, 0x0e, 0x34, 0x8b}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xe6, 0x21, 0x86, 0xab, 0xb4, 0x6b, 0xfc, 0x9d, 0x00, 0x1b, 0x0a, 0xef, 0x4a, 0x1d, 0xb7, 0x75, 0xed, 0xf5, 0x40, 0x4b, 0x1e, 0xf5, 0x85, 0x59, 0x24, 0x6a, 0x52, 0x6a, 0x18, 0x90, 0xe5, 0x1e}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xfa, 0x0d, 0x77, 0x67, 0x59, 0xf5, 0xfa, 0xa9, 0xca, 0xca, 0x4c, 0xab, 0x60, 0xa4, 0xe5, 0x3e, 0x8e, 0xb8, 0x70, 0x19, 0x88, 0xa8, 0x93, 0x1c, 0xf3, 0xe1, 0xa0, 0x47, 0x3a, 0x97, 0xf5, 0x9a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x4c, 0x3e, 0x3c, 0x3e, 0x45, 0x01, 0x47, 0xc0, 0x14, 0x65, 0x48, 0x1a, 0x98, 0x0a, 0xbd, 0xcb, 0xc8, 0x87, 0x6b, 0x27, 0x09, 0x6d, 0x4d, 0x37, 0xa2, 0x08, 0x1a, 0x90, 0x9a, 0x48, 0x06, 0xad}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0xd7, 0x43, 0x0c, 0x2a, 0xea, 0x8d, 0xa6, 0x55, 0xc7, 0x77, 0xe2, 0xce, 0x68, 0x9f, 0x44, 0x46, 0x92, 0xa4, 0xa7, 0x16, 0x82, 0x72, 0x37, 0x6a, 0x56, 0xed, 0x29, 0x39, 0xe4, 0x52, 0x7a, 0x2e}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x9f, 0x93, 0xa8, 0xd9, 0xd7, 0x03, 0x25, 0xda, 0x7c, 0x0c, 0x64, 0xe7, 0x82, 0xaa, 0xa8, 0xc9, 0x3f, 0x51, 0x8f, 0xb7, 0x9c, 0xdb, 0x0c, 0x63, 0xfb, 0x43, 0xc0, 0x6a, 0x0a, 0x81, 0xc1, 0x37}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xb4, 0x96, 0x37, 0x0f, 0xbf, 0x92, 0xdb, 0xbd, 0x09, 0xd8, 0xb0, 0xd3, 0xdb, 0x7c, 0xa0, 0xf0, 0x8d, 0xa2, 0x11, 0x8c, 0x59, 0x44, 0xb9, 0x60, 0x8d, 0x00, 0x26, 0x1a, 0xd7, 0x9b, 0xe5, 0xcd}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x46, 0x33, 0x67, 0x71, 0x55, 0x4d, 0x3f, 0x5f, 0x12, 0xfc, 0x94, 0xd0, 0xc2, 0xe3, 0xca, 0x37, 0xe7, 0x9c, 0xa2, 0x56, 0x1c, 0x21, 0x13, 0x40, 0xdd, 0x04, 0x17, 0x2a, 0x24, 0x51, 0x18, 0x75}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x7f, 0x65, 0xc6, 0xe2, 0x22, 0xd9, 0xbb, 0x11, 0x99, 0xc6, 0xe3, 0xd0, 0xb7, 0x64, 0xb3, 0x43, 0x25, 0xa5, 0x75, 0xaa, 0xd8, 0xb6, 0x09, 0xd5, 0xb0, 0x44, 0x2b, 0x23, 0x34, 0xa6, 0x74, 0x5a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x54, 0xc3, 0x0b, 0xc2, 0xc2, 0x9e, 0xde, 0x5b, 0x4f, 0xd0, 0x91, 0x0c, 0x67, 0xfd, 0x9e, 0x9d, 0x16, 0x3e, 0x0e, 0x8d, 0x27, 0xce, 0xd2, 0x05, 0xba, 0x51, 0xa3, 0x9e, 0xf9, 0x79, 0xaa, 0x9a}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xff, 0xf8, 0x52, 0xb4, 0x5d, 0x3f, 0x95, 0x26, 0xce, 0x3f, 0x4b, 0x30, 0x5a, 0x7b, 0xcd, 0x99, 0x20, 0xe6, 0x08, 0xa3, 0xca, 0xcf, 0x68, 0x69, 0xba, 0xb6, 0x06, 0xc2, 0x25, 0xaf, 0xe3, 0xe5}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xef, 0x4d, 0x73, 0x50, 0xb2, 0x28, 0x5c, 0x3d, 0x02, 0x2f, 0xd4, 0xa8, 0x1a, 0xb7, 0xf3, 0x55, 0x50, 0x14, 0xb5, 0x49, 0xbc, 0x63, 0x0c, 0xc6, 0x4a, 0xb8, 0x7e, 0xb0, 0xa7, 0x2b, 0x9a, 0x84}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x16, 0x06, 0xa5, 0xe6, 0x14, 0x95, 0x0d, 0xf6, 0x3b, 0x89, 0xaa, 0xe4, 0xc2, 0x6e, 0xd9, 0xba, 0x7b, 0xf2, 0xcc, 0x5a, 0x31, 0xf4, 0x9a, 0x15, 0x86, 0x38, 0x27, 0x82, 0xda, 0x58, 0x22, 0x05}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0x67, 0xf7, 0x1d, 0x0c, 0x08, 0x15, 0xf3, 0x3b, 0xb1, 0x99, 0xe5, 0x69, 0x6a, 0x47, 0xb9, 0x06, 0x58, 0x1d, 0x6a, 0xfc, 0x62, 0x5e, 0x2b, 0xd3, 0xe9, 0xe5, 0xde, 0x79, 0xc7, 0x59, 0xda, 0x85}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x02, 0xe1, 0x5a, 0xe2, 0xe4, 0xf8, 0x06, 0xfe, 0x5f, 0x1d, 0x95, 0xa5, 0xd4, 0xf7, 0x22, 0xba, 0x0d, 0xea, 0x50, 0xbb, 0x1c, 0x48, 0x3c, 0xde, 0x71, 0x59, 0x9b, 0x64, 0xa6, 0x5c, 0x8f, 0xb2}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x4a, 0x5a, 0x9a, 0x97, 0x6a, 0x7f, 0xf0, 0x40, 0x0f, 0x0f, 0x07, 0xd8, 0xf6, 0x3b, 0xd5, 0x02, 0x55, 0xbf, 0xb8, 0xcc, 0xaa, 0x72, 0xec, 0xbd, 0x7e, 0x31, 0x45, 0x03, 0xb7, 0x5d, 0x86, 0x1c}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0xc5, 0xa2, 0x0e, 0xa0, 0x33, 0x82, 0x94, 0x14, 0xce, 0x59, 0x79, 0x22, 0x72, 0x59, 0xe4, 0x48, 0x41, 0xd3, 0x9b, 0x41, 0x71, 0xcd, 0x97, 0x38, 0x49, 0x76, 0x16, 0xeb, 0xb7, 0xc3, 0xcb, 0x08}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xce, 0x79, 0x15, 0xc1, 0xf3, 0x77, 0x4f, 0x74, 0x18, 0xaa, 0x76, 0x64, 0x70, 0x70, 0x90, 0x9e, 0x66, 0xaf, 0xe7, 0x08, 0xda, 0x81, 0x42, 0xe6, 0xaf, 0x29, 0x40, 0xd1, 0x50, 0x3c, 0x0d, 0x62}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe8, 0x3a, 0x5f, 0xc3, 0x12, 0x2b, 0xf4, 0xa6, 0x6f, 0x06, 0x07, 0xdf, 0x2e, 0x9a, 0x3a, 0x94, 0x1b, 0x2d, 0xf9, 0x98, 0xbd, 0x76, 0x3c, 0xb0, 0xf9, 0x74, 0xe3, 0x4a, 0x49, 0xcf, 0xf6, 0x3d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0xf4, 0x69, 0xcb, 0x4e, 0xdf, 0x53, 0x09, 0x83, 0x66, 0x8a, 0xea, 0xf8, 0x29, 0xaa, 0x6d, 0x67, 0x31, 0x2b, 0x2d, 0x64, 0x1b, 0xd6, 0x4e, 0xd1, 0x67, 0x9c, 0x73, 0x1c, 0x73, 0xb3, 0xa6, 0xa2}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x59, 0x2b, 0xca, 0xfb, 0xcb, 0x66, 0xcc, 0xbf, 0x5b, 0xd2, 0xd1, 0x8e, 0x6d, 0x87, 0xfd, 0xc5, 0xac, 0xe1, 0xaa, 0xdf, 0x09, 0xb0, 0x5f, 0x79, 0x19, 0xb1, 0x09, 0x52, 0xca, 0x55, 0xa3, 0xa3}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xfc, 0xdc, 0x3c, 0x81, 0x3a, 0xa7, 0x98, 0x8d, 0xd6, 0xed, 0x8b, 0x6a, 0x88, 0xca, 0x5b, 0x7b, 0xbb, 0x7c, 0x81, 0x0a, 0x20, 0x2c, 0x8a, 0x7f, 0xf3, 0xdd, 0x99, 0x51, 0x72, 0xa9, 0x23, 0xe3}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index 4e548d67b..c463c662d 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.20.0-pre.0.20241021104133-96ac7124e3c9" + defaultImage = "ref/main/stream/nightly/v2.20.0-pre.0.20241024150051-2cd5b05b51b1" ) From 53caa86cb8c28c03d9d4789832504998c7ad2081 Mon Sep 17 00:00:00 2001 From: Adrian Stobbe Date: Fri, 25 Oct 2024 14:00:44 +0200 Subject: [PATCH 334/380] docs: clarify for Azure TDX with Terraform provider (#3449) --- docs/docs/workflows/terraform-provider.md | 21 ++++++++++++++----- .../workflows/terraform-provider.md | 21 ++++++++++++++----- .../examples/full/azure/main.tf | 2 +- 3 files changed, 33 insertions(+), 11 deletions(-) diff --git a/docs/docs/workflows/terraform-provider.md b/docs/docs/workflows/terraform-provider.md index ed8f46eda..c7a795d3f 100644 --- a/docs/docs/workflows/terraform-provider.md +++ b/docs/docs/workflows/terraform-provider.md @@ -34,8 +34,9 @@ This example shows how to set up a Constellation cluster with the reference IAM Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios. - When creating a cluster on Azure, you need to manually patch the policy of the MAA provider before creating the Constellation cluster, as this feature isn't available in Azure's Terraform provider yet. The Constellation CLI provides a utility for patching, but you - can also do it manually. + +:::info +On SEV-SNP, you need to manually patch the policy of the MAA provider before creating the Constellation cluster, as this feature isn't available in Azure's Terraform provider yet. The Constellation CLI provides a utility for patching, but you can also do it manually. ```bash terraform init @@ -45,9 +46,7 @@ This example shows how to set up a Constellation cluster with the reference IAM terraform apply -target constellation_cluster.azure_example # adjust resource path if not using the example configuration ``` - Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios. - - Use the following policy if manually performing the patch. + Use the following policy if manually performing the patch. ``` version= 1.0; @@ -67,7 +66,19 @@ This example shows how to set up a Constellation cluster with the reference IAM }; ``` +::: + + Initialize the providers and apply the configuration. + + ```bash + terraform init + terraform apply + ``` + + Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios. + + Initialize the providers and apply the configuration. diff --git a/docs/versioned_docs/version-2.19/workflows/terraform-provider.md b/docs/versioned_docs/version-2.19/workflows/terraform-provider.md index ed8f46eda..c7a795d3f 100644 --- a/docs/versioned_docs/version-2.19/workflows/terraform-provider.md +++ b/docs/versioned_docs/version-2.19/workflows/terraform-provider.md @@ -34,8 +34,9 @@ This example shows how to set up a Constellation cluster with the reference IAM Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios. - When creating a cluster on Azure, you need to manually patch the policy of the MAA provider before creating the Constellation cluster, as this feature isn't available in Azure's Terraform provider yet. The Constellation CLI provides a utility for patching, but you - can also do it manually. + +:::info +On SEV-SNP, you need to manually patch the policy of the MAA provider before creating the Constellation cluster, as this feature isn't available in Azure's Terraform provider yet. The Constellation CLI provides a utility for patching, but you can also do it manually. ```bash terraform init @@ -45,9 +46,7 @@ This example shows how to set up a Constellation cluster with the reference IAM terraform apply -target constellation_cluster.azure_example # adjust resource path if not using the example configuration ``` - Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios. - - Use the following policy if manually performing the patch. + Use the following policy if manually performing the patch. ``` version= 1.0; @@ -67,7 +66,19 @@ This example shows how to set up a Constellation cluster with the reference IAM }; ``` +::: + + Initialize the providers and apply the configuration. + + ```bash + terraform init + terraform apply + ``` + + Optionally, you can prefix the `terraform apply` command with `TF_LOG=INFO` to collect [Terraform logs](https://developer.hashicorp.com/terraform/internals/debugging) while applying the configuration. This may provide helpful output in debugging scenarios. + + Initialize the providers and apply the configuration. diff --git a/terraform-provider-constellation/examples/full/azure/main.tf b/terraform-provider-constellation/examples/full/azure/main.tf index f1f567940..d473b72a4 100644 --- a/terraform-provider-constellation/examples/full/azure/main.tf +++ b/terraform-provider-constellation/examples/full/azure/main.tf @@ -21,7 +21,7 @@ locals { location = "northeurope" control_plane_count = 3 worker_count = 2 - instance_type = "Standard_DC4as_v5" + instance_type = "Standard_DC4as_v5" // Adjust if using TDX subscription_id = "00000000-0000-0000-0000-000000000000" master_secret = random_bytes.master_secret.hex From 46fcbb5ee8568a77fa63c64302006ef301a225e8 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Mon, 28 Oct 2024 09:55:07 +0100 Subject: [PATCH 335/380] image: update locked rpms (#3459) Co-authored-by: edgelessci --- image/mirror/SHA256SUMS | 82 +++++++++++++++++++++-------------------- 1 file changed, 43 insertions(+), 39 deletions(-) diff --git a/image/mirror/SHA256SUMS b/image/mirror/SHA256SUMS index b73a832f8..b590a3005 100644 --- a/image/mirror/SHA256SUMS +++ b/image/mirror/SHA256SUMS @@ -3,8 +3,8 @@ eeca1e4f380330d602278b8069c03e0a712f9d7c1c9533c5869c66e5f5fce4a0 aardvark-dns-1 ac860c52abbc65af5835d1bd97400c531a5635d39bc1d68e36a1fe54863385ea alternatives-1.27-1.fc40.x86_64.rpm 6d0cfcd0e97421b42af58a824c7e99a6cbcdd0e81980b4ea9e0d4051ef723db3 audit-libs-4.0.2-1.fc40.i686.rpm f4ed40457780c13bebf84c1cf8981550da7e0e728e80250aed179eda8915bc7f audit-libs-4.0.2-1.fc40.x86_64.rpm -0fe4ed8770711ede2fcec43c4545b62461a24f03b3aa836d0e7071f4436e26f1 authselect-1.5.0-5.fc40.x86_64.rpm -db7d946583f2a91a3301d964a5adc7afb1620e0f72c9a9033ae3a4cfc2f332ad authselect-libs-1.5.0-5.fc40.x86_64.rpm +e9fd8dd4c9068501c169edb684de7f6e38657548e9d4d1b838a4d6316e9f17cc authselect-1.5.0-6.fc40.x86_64.rpm +db18a583ebde21d8b0b67f0306e25908b273bef9c532469ac0b7ab92578438f4 authselect-libs-1.5.0-6.fc40.x86_64.rpm 6404b1028262aeaf3e083f08959969abea1301f7f5e8610492cf900b3d13d5db basesystem-11-20.fc40.noarch.rpm 156e073308cb28a5a699d6ffafc71cbd28487628fd05471e1978e4b9a5c7a802 bash-5.2.26-3.fc40.x86_64.rpm 208ddebcd5edbff3dca54020a8a180f5410ea9b2d82c733e106992a729b4b84e bzip2-libs-1.0.8-18.fc40.i686.rpm @@ -17,9 +17,9 @@ db246f6445469b5a71e965a081685471768393cf04181e7250ce0ddcb8a9c3d4 conmon-2.1.12- adf4b75cdd9fae9d2d37fb71d9f0bf625a6705c0f0a7784569ab21463fe22152 conntrack-tools-1.4.7-7.fc40.x86_64.rpm fa073cc08e035fab231c2e9aa3116468e75f5056c169d5b095f3ee2956123d95 container-selinux-2.233.0-1.fc40.noarch.rpm bbe29e0c7b4ca076d50b4ac3954eb383459230d96b13f353ee71ebd5de33b6d1 containerd-1.6.23-5.fc40.x86_64.rpm -25fffa3b5f1b0b2349fd6f8f6ccb6e84936c50eeb8d4a292bcc2b74895fa7fcc containernetworking-plugins-1.4.0-4.fc40.x86_64.rpm -c56018c36c0f58495546985c96e4f2ac90f22dfd37b4f448c172556f979ccfde containers-common-0.60.4-1.fc40.noarch.rpm -dfe13a75b49ed7240d4039bc8d20f07550ced58e81ebcc9e303aa553e30cb50d containers-common-extra-0.60.4-1.fc40.noarch.rpm +0705251ea64b1558098016b2120f202c5aba77470093cb8f89ce6adb2a0b46b6 containernetworking-plugins-1.5.1-1.fc40.x86_64.rpm +4f4b244673489993df4aa801becf9b82df588ab6cdf99a9e6f04be3d84dae011 containers-common-0.60.4-2.fc40.noarch.rpm +55605ee7a4602eff0774b18e31211827097b547aa3f46926cccdf30dec21c117 containers-common-extra-0.60.4-2.fc40.noarch.rpm e74a792e74d8467510b859d16927bc951484bee8d3a141795e7dc8cc1b34c183 coreutils-single-9.4-8.fc40.x86_64.rpm d941a78ffb6e2e0b4c24d0097d0351ced8796edde90208b4bddee459bce0a949 cpio-2.15-1.fc40.x86_64.rpm faa23cb6a7a612c0a6e874c788c5add967c5e193bd38c2e6093b82b38a162f81 cracklib-2.9.11-5.fc40.i686.rpm @@ -28,8 +28,8 @@ fe24641e69545c428890a4b094f015c03f65a6c30c3db7bb0de7672bab66bfd6 cracklib-dicts f3f3e5f6a1c1bee67c0c6598a48143c36827f90a095897d649580a174468cdbc criu-4.0-1.fc40.x86_64.rpm bbdb6014e2bd87db1bb2d4795a57cbb08bfdb03777c2b9730a3f45f7977fc4c9 criu-libs-4.0-1.fc40.x86_64.rpm 23cf494259d04acbfc40fb5ac0654d0dc1d79713ad2f232ffd4b81f68b693fe8 crun-1.17-1.fc40.x86_64.rpm -2469a287d9fe6ea5f4aa0686fa5f223c14505218743230afbd322fdd90b1d396 crypto-policies-20240725-1.git28d3e2d.fc40.noarch.rpm -8271834b39fd9a7efef95f9bf40337cc636d55a9c4b56ee2500811b318794ae3 crypto-policies-scripts-20240725-1.git28d3e2d.fc40.noarch.rpm +d7a62ff0193375607d28d8fe7eedf3ff5b6ddac154e1474d79787b9f32ae298d crypto-policies-20241011-1.git5930b9a.fc40.noarch.rpm +0f1d436f879fa30f18adca576a1f91bb1a8d1ac42cff5f35c1d15e6dffc506fa crypto-policies-scripts-20241011-1.git5930b9a.fc40.noarch.rpm 26aadc06a9f98c58ca6250d811e749ee5fa76059b37445ec28b50ee73d548174 cryptsetup-2.7.5-1.fc40.x86_64.rpm 765d5162ad7b1eef16a3d3e4285743a3a358552112e7946dcd974e355dc9fa28 cryptsetup-libs-2.7.5-1.fc40.i686.rpm 6559b4d59d898317972e8d728253ba4315578c15fe23553958d6fb8033698794 cryptsetup-libs-2.7.5-1.fc40.x86_64.rpm @@ -39,9 +39,9 @@ bbdb6014e2bd87db1bb2d4795a57cbb08bfdb03777c2b9730a3f45f7977fc4c9 criu-libs-4.0- 84ca6055aa354df549fdc78d6d9df692ed4d12c14a489a6d2ce844b5f225a502 dbus-broker-36-2.fc40.x86_64.rpm 81bade4072aca4f5d22be29a916d9d0cfc9262a6c5d92ddfe750f7b8bf03f7c9 dbus-common-1.14.10-3.fc40.noarch.rpm 51bcbc8f98a8abea9a24f3f3988958b965dfe8d6b4201ee046255416fe3ce75c dbus-libs-1.14.10-3.fc40.x86_64.rpm -d4fb93847a0e94d3bdbea203c1df0895e254089d825dfaf040b1aae3ae9547ff device-mapper-1.02.197-1.fc40.x86_64.rpm -89cd53411d71097aeb5af16cf6d7fcb2c11103a5606a78e628fb1a138b0f0780 device-mapper-libs-1.02.197-1.fc40.i686.rpm -c736bdca85feb3982cc8772058e95c7794d37503d5a26a2f84d4092bd5300d18 device-mapper-libs-1.02.197-1.fc40.x86_64.rpm +6a2046c5a6c959cdf30519ec67385faf9b6156ffb3b449c54a0694d4d35985fd device-mapper-1.02.199-1.fc40.x86_64.rpm +33d2dfe3cf355511e6d7bbd1969675b9b73f58bac2a998e9d950ab99d762a299 device-mapper-libs-1.02.199-1.fc40.i686.rpm +f80de90bd6ab88c9071b200c0f0323f80145ca3ab9ac565e8f569390890137cc device-mapper-libs-1.02.199-1.fc40.x86_64.rpm 6913a547250df04ec388b96b7512977a25ab2fca62ed4345c3a9fc8782ce659f diffutils-3.10-5.fc40.x86_64.rpm cb0736689bd171b6c6ac7a60737fd6b9534c950958ad8e03138068bf9498e0b1 dracut-102-2.fc40.x86_64.rpm fa40cda554dc644d5a8354b18be748f21996dadd6193ee4ac32c02581266d313 duktape-2.7.0-7.fc40.x86_64.rpm @@ -50,13 +50,13 @@ ac4f1b2eaf5d452512e7b6172c93880c2b501946b71a228adc02d50bb3fb56e0 e2fsprogs-1.47 3e0ec4d7b4b95d10f58c5269688e03da7abb4d73169c76761f4fc7e7f7797a47 ec2-utils-1.2-47.amzn2.noarch.rpm e6231ec4268b3efa928250eb4106311e0f33396422245b938bfed4ba2d79c573 efitools-1.9.2-9.fc38.x86_64.rpm 6ac676d78c2df896f9794a8dffb75ea69c58d202c68f4bcf084f0d264154a666 efivar-libs-39-2.fc40.x86_64.rpm -de10b1728571d2976e2f0f4cc5067d4575a5e97ec3914c57af537846ccaec753 elfutils-debuginfod-client-0.191-4.fc40.i686.rpm -877c66844c68044b2a29b5d7465eb97f429e9f38b56ebaa16d766c0979e93a80 elfutils-debuginfod-client-0.191-4.fc40.x86_64.rpm -3fbe1afd014386a436a25205d6727475a8f1107be734dd92fc40c3d5e0e5971d elfutils-default-yama-scope-0.191-4.fc40.noarch.rpm -36c4d77aa7cd45fb070273ac33ca3007ce0286c87be80072ef4f8fb4947405a2 elfutils-libelf-0.191-4.fc40.i686.rpm -c1eca14924981b987f9b17c01a97511d641f49ac6b2b0f2d8e83563343932302 elfutils-libelf-0.191-4.fc40.x86_64.rpm -393c5920c3b69834e5a75b05f48f04e696f509cb52c8055e686e63e677342547 elfutils-libs-0.191-4.fc40.i686.rpm -d7d1ed3fca0696b8c38effe21bc70c84a94cb66c0b59bb1980c0f455d23b7fec elfutils-libs-0.191-4.fc40.x86_64.rpm +9ad9cb26333304bd94c0be94573c813d24c4dbbc93d64c6942013a206c149fbc elfutils-debuginfod-client-0.192-3.fc40.i686.rpm +bca2080220c5e011a214fc94b5407c5109477e380aa5d3691c670ee0471a5bbf elfutils-debuginfod-client-0.192-3.fc40.x86_64.rpm +e45b008c8cb5165f2aa16fd206056196aa892ecd9d1e9197301be390f995a1f1 elfutils-default-yama-scope-0.192-3.fc40.noarch.rpm +84336ba7d4a01a50487b17fd6018239d23409d86e30d14818b15a830bab95ee7 elfutils-libelf-0.192-3.fc40.i686.rpm +7057f106d5e5e42ebf3f78f9258ab018091ec93c944f02b924c339d4075190b7 elfutils-libelf-0.192-3.fc40.x86_64.rpm +3ceecff60fa73cbc4b9e51577af5d2413bdad1910fb21642008182f5e9fc264b elfutils-libs-0.192-3.fc40.i686.rpm +0e891e291545e1d193ee7b609bd5d43a52cf2345c95ef4b5345b3adc1a4fffcc elfutils-libs-0.192-3.fc40.x86_64.rpm 95cf8ee199b2e1b3471f920ebad57d3d8178f5e68d37ee35a8a94727473ec8d3 ethtool-6.11-1.fc40.x86_64.rpm 3a5ba168021a01107d6dd4dc7cffe8bb5553c64f236c436979b9fddfdc4cb59d expat-2.6.3-1.fc40.x86_64.rpm 849feb04544096f9bbe16bc78c2198708fe658bdafa08575c911e538a7d31c18 fedora-gpg-keys-40-2.noarch.rpm @@ -68,7 +68,11 @@ a6f2098fc2ed16df92c9325bd7459cc41479e17306a4f9cddfd5df8a1b80d0f8 file-5.45-4.fc f76684ee78408660db83ab9932978a1346b280f4210cd744524b00b2e5891fe1 file-libs-5.45-4.fc40.x86_64.rpm 063af3db3808bea0d5c07dbb2d8369b275e1d05ad0850c80a8fec0413f47cd64 filesystem-3.18-8.fc40.x86_64.rpm 21725de2a93e1ea19f8d298e32a2428a3a08b9c98f22561cc778a807ed43639f findutils-4.9.0-9.fc40.x86_64.rpm +f4c2d51c7b4577f7b7ef498f8e2afb1b007da2de00cca28e220f50129c40a48c fuse-common-3.16.2-3.fc40.x86_64.rpm f94315e447afb7442033b7b82e43a4ed62754f603afda53930280300855e46c7 fuse-libs-2.9.9-21.fc40.x86_64.rpm +8fe84b7e0319afcc9c9eb28130b74e0cd7c675667a6ce075eb7ee2ec1b0014c2 fuse-overlayfs-1.13-1.fc40.x86_64.rpm +2d6631d65e3b5c91afdb100a51ee8e50294f0e074a944c1662008d878d47456e fuse3-3.16.2-3.fc40.x86_64.rpm +a9c6502a5b190aaf169e93afd337c009e0b2e235e31f3da23d29c7d063ad2ff9 fuse3-libs-3.16.2-3.fc40.x86_64.rpm 6c80dfdaf7b27ea92c1276856b8b2ae5fde1ae5c391b773805be725515fdc1ac gawk-5.3.0-3.fc40.x86_64.rpm c4cc69bf3a2655b9ee9ac23492d377bac57811c5b4f81fbf43537520ee33c7af gawk-all-langpacks-5.3.0-3.fc40.x86_64.rpm 21470eb4ec55006c9efeee84c97772462008fceda1ab332e58d2caddfdaa0d1e gdbm-1.23-6.fc40.x86_64.rpm @@ -119,7 +123,7 @@ a983bdcb68e5de1c648791c96bb88a87846fd52faded3f9e00e31277c3ebae50 krb5-libs-1.21 2c32d410b49c6d3d4f66b361169ad76dfd9f75ee01d9866c62b14d1e5dfc5124 krb5-libs-1.21.3-1.fc40.x86_64.rpm 6f2f0a522f2f10f273a77a60fdb7e066c14059d0a3676c9f723162daa7110b42 libacl-2.3.2-1.fc40.i686.rpm b753174804f57c3c6bae7afeb6145005498f18ae5d1aa0d340f9df5b8d71312f libacl-2.3.2-1.fc40.x86_64.rpm -779fe018a49d05d6f8230cc780960fbbd8990790e0ebe5b0d9e043f998db121e libarchive-3.7.2-4.fc40.x86_64.rpm +74d72760c1982830358d676794ee3972ab05550fe7235ae9756a40de8266091f libarchive-3.7.2-7.fc40.x86_64.rpm e131ab89604dbd4fdc4f80af632099e48bf68bb328dbf0e7dcbef1d1e134dc09 libassuan-2.5.7-1.fc40.x86_64.rpm 67facd893f5082be270d0887a43ba22492c47e652e06e5d53ecd681a1aec8ac7 libattr-2.5.2-3.fc40.i686.rpm 504cff39c51a04c1d302096899c47dc34ac0eba47524c2fc94c27904149e72cf libattr-2.5.2-3.fc40.x86_64.rpm @@ -200,7 +204,7 @@ c8bbfa2762cc601f8a97d8d5a39a658f0e91ba477ebebd798b30f7fc8ffdd457 libss-1.47.0-5 89e7282e0a94d641871dfed423ba2ce6f8b088eaf9aabdea1805708bcafa6a01 libstdc++-14.2.1-3.fc40.x86_64.rpm d92173d6fbfb7e2af3b35a8554229e247666e15dc5b36cba43b7bbfc4144b781 libtasn1-4.19.0-6.fc40.x86_64.rpm 9ca680998686ee852fa8e1667cd6e7c436bfd5fe7da898bd314d808303d447f8 libtextstyle-0.22.5-4.fc40.x86_64.rpm -c52aa65956ce5076c7036d486ec29d06832461450c77838c7b9e360c701b6ad2 libtirpc-1.3.5-0.fc40.x86_64.rpm +80467fae6550f0285b1afbeabc82512cd89a46a12b614b7514d1e393ed2509a2 libtirpc-1.3.6-0.fc40.x86_64.rpm e5d150d23f95e4a23288b84145af442607a88bf457c0e04b325b1d1e8e708c2b libtool-ltdl-2.4.7-10.fc40.x86_64.rpm e541a1c8397dccf159b3602eb6bbb381ba21c544db337a3b3bfc49ccc2ef5c21 libunistring-1.1-7.fc40.i686.rpm 58719c2f205b23598e31b72144ab55215947ad8fca96af46a641288692c159d2 libunistring-1.1-7.fc40.x86_64.rpm @@ -272,9 +276,9 @@ af85755cda79959a19161ebc26a45e507003298bd97b472b9ab0d512afa5e46a protobuf-c-1.5 45ff2e9814aa059f323b23710c73309d41d36306667a3004f5fbb86b0cab4484 psmisc-23.6-6.fc40.x86_64.rpm cca50802d4f75306bc37126feb92db79fed44dcdabf76c1556853334995b9d3b publicsuffix-list-dafsa-20240107-3.fc40.noarch.rpm 7c703b431508f44c5184b5c1df052ed0f49b7439d68aa3597a9a57a5b26bd648 python-pip-wheel-23.3.2-2.fc40.noarch.rpm -c1b05e20130bc9c402b865866d5f244800b04af459c2a15ef4e834f2742219be python-unversioned-command-3.12.6-1.fc40.noarch.rpm -cab29f836249f65e06275625a74012319914c478e03f7acfb454bd16c382d16a python3-3.12.6-1.fc40.x86_64.rpm -8f0508c73ef2fed4dacf727ca4c89dbfbe7c28131857ef47be756bc379196201 python3-libs-3.12.6-1.fc40.x86_64.rpm +bcac955e69958e064669ed6e0a394bd9dd2c76e63f558a205ced18a9755012ab python-unversioned-command-3.12.7-1.fc40.noarch.rpm +6d8342314daafde5c5ec4ec2935e74edb9bea107dc8cd72642e322444f264c7d python3-3.12.7-1.fc40.x86_64.rpm +839d6dd1d8ac9b55f14b504eca5ac5e66b8330341608f7c9132cb29816116ecb python3-libs-3.12.7-1.fc40.x86_64.rpm 4197fb5b5c5072b22b246160d176f4d45d32499b12efca8d20acee113b43565f qemu-user-static-8.2.7-1.fc40.x86_64.rpm 5cde16ada3d387c8fe8cf2badf697f35fc6284697da080bdd41ae588d4cbfb59 qemu-user-static-aarch64-8.2.7-1.fc40.x86_64.rpm 3d7d124c154265410069909741ba3de98d80d54bab749ddb2eed64a5f7efa50d qemu-user-static-alpha-8.2.7-1.fc40.x86_64.rpm @@ -310,20 +314,20 @@ d400a4e4440bea56566fb1e9582d86d1ac2e07745d37fa6e71f43a8fea05217c rpm-plugin-sel 696ffbc06ad87337390176888362d7ccbc867d4ecfc6b7040da10bba53d58ba9 selinux-policy-40.28-1.fc40.noarch.rpm 50fae290496e90d47b4ca6a86e97db4ca39d5d4ba324555fc72eda1b9090db35 selinux-policy-targeted-40.28-1.fc40.noarch.rpm 89862f646cd64e81497f01a8b69ab30ac8968c47afef92a2c333608fdb90ccc1 setup-2.14.5-2.fc40.noarch.rpm -95a0cce33e56359aa09507abfed062fb47a554307b0a029e6d2f076b813ae8d2 shadow-utils-4.15.1-3.fc40.x86_64.rpm -0c1072b40e5fe451e7d2bc1a7530e743303591c3d26bce0ac2e09ff05b50ae26 shadow-utils-subid-4.15.1-3.fc40.x86_64.rpm +cfde0d25ecac7e689ee083b330b78df51d346c2b7557c83a189d5df95c4e2c8d shadow-utils-4.15.1-4.fc40.x86_64.rpm +6e9b6b6196f1782419e447ac806c762d002c6930fe39b18999d9b32c24a0ecfc shadow-utils-subid-4.15.1-4.fc40.x86_64.rpm 67eede27af5b4773eb2f7ac794df694be030310d40bce462864c05b8f65c87c3 socat-1.8.0.0-2.fc40.x86_64.rpm a1e23ae521e93ab19d3df77889a6a418c3432025e4880cfd893e40f7165876a7 sqlite-libs-3.45.1-2.fc40.x86_64.rpm -396c39638da6e98946f64e7c0fe54b147f9d8bf62bf5b0bed63d135902257cd0 systemd-255.12-1.fc40.i686.rpm -d3be67e8aa74e6ffb4ddff6ac42a3b8361c1450e31a8a4da5a886cd4f73a7cfb systemd-255.12-1.fc40.x86_64.rpm -8ccfeb100aba2f3d60c330c116e6abe908ea847cf4ec7519bdee590082cdff52 systemd-boot-unsigned-255.12-1.fc40.x86_64.rpm -5ecb10563e1641a3a370abf1645a7e4161cbd5e47563ca90f63028c8289be4b7 systemd-libs-255.12-1.fc40.i686.rpm -06b1e927bd8c386772eefbce7eb45015f20aff79bb2260660898069ef28dc9c3 systemd-libs-255.12-1.fc40.x86_64.rpm -a4f193cf893b65f7580feff3ff5fb3d50b8617b3292457d5e51312e57b777d19 systemd-networkd-255.12-1.fc40.x86_64.rpm -76eabba4c8a98aaccac8ecef7186fead475f44b2d03e53f2bdba2b557973cf64 systemd-pam-255.12-1.fc40.i686.rpm -44ef28bb78a75d182afe507537e88c8cff12da2dfd1766dc169f174346f1bd18 systemd-pam-255.12-1.fc40.x86_64.rpm -11b352e471b1025e706557b45758224a27e57fdee0b7df4300d5875e9c796f0d systemd-resolved-255.12-1.fc40.x86_64.rpm -42de89b7514f4864c1cf4a45078321e19e2d34739f612e89cc2164f24bef8b96 systemd-udev-255.12-1.fc40.x86_64.rpm +7bb24752408b7c4731098b3a10b4ca0d37f4feb9cdf1e00e48e4af5577844190 systemd-255.13-1.fc40.i686.rpm +058089be3d6a5e1ecf0728a82d4c266c0f5bd429625bf1e07dc767fb2b7f5231 systemd-255.13-1.fc40.x86_64.rpm +8b65cb535c11ee5b3454638a640ce97de0f6f262a26c72071a3a8ec95ec3aa8b systemd-boot-unsigned-255.13-1.fc40.x86_64.rpm +810779d358b778025372cda98ba3d14a54cc9bcd94ce79de1a452767e3fdc8c9 systemd-libs-255.13-1.fc40.i686.rpm +b23ceced9ce2456a4d7cb10327421f5dfc9c6e18e2046e68f70cb4a7320b4d76 systemd-libs-255.13-1.fc40.x86_64.rpm +63f9d9a565c534e8e73e465fd20503efe6cf8d8c1b795ad8d8805f1b52c5871a systemd-networkd-255.13-1.fc40.x86_64.rpm +4019398465442edf20ad590452fea91781b5e6a4cc71fa420afb5462568dadb3 systemd-pam-255.13-1.fc40.i686.rpm +680a7a2975b1fbe755774ebf855a7cd777404b81a491c8749d0e8b1d67cfcb73 systemd-pam-255.13-1.fc40.x86_64.rpm +22ca276e9a6531c91d3f02482002e6a192e054283911acea18f729e3a91dc549 systemd-resolved-255.13-1.fc40.x86_64.rpm +01c21677cd5ad4157436594cea9f66361cc3f0d0c5ffa2f7b54621c212ff741e systemd-udev-255.13-1.fc40.x86_64.rpm 65819c502727dc293a71a74b9a5f6b0ba781f12a99c5d5535085f168e5eac56e tar-1.35-3.fc40.x86_64.rpm 0478e12152cc3432a31dfca5ddbc80966800af437c6d7c0b26be307d5e1272e7 tpm2-tools-5.7-1.fc40.x86_64.rpm c3be8a6d0ea23b1d0bf466b19857b97f7ffde811ad7adec0599161059d84cc74 tpm2-tss-4.1.3-1.fc40.x86_64.rpm @@ -335,17 +339,17 @@ c3be8a6d0ea23b1d0bf466b19857b97f7ffde811ad7adec0599161059d84cc74 tpm2-tss-4.1.3 945aa536bc30050abc1870cef167cb944cf78d6628923476db43201a0054574b util-linux-2.40.2-1.fc40.x86_64.rpm 7ec1b5df780c5a30f8e901179480125a6ea87f1f7bad3b69da7f4b351b88c3dd util-linux-core-2.40-0.9.rc1.fc40.x86_64.rpm b1aa4e816c01c08c18924865640f214f717cdfc66837e53a24b8edfb80a86f9d util-linux-core-2.40.2-1.fc40.x86_64.rpm -245d6685d2a70e2b8556a689c8b8643886dfcccaf5b1ba7de22d6e0e70733f8d vim-common-9.1.719-1.fc40.x86_64.rpm -58916eeba8db00df5544001510343dcad1b65cdbba8570af7d2265f24adea958 vim-data-9.1.719-1.fc40.noarch.rpm -7e831338b3b095a2d6056c965549f991b3f4cf52b713d96a16859ae5bb78fca9 vim-enhanced-9.1.719-1.fc40.x86_64.rpm -eba02aafc793580784b306572b818af70fc9012072cf2a14d1195d6aff25608d vim-filesystem-9.1.719-1.fc40.noarch.rpm +70cc18570686ca882bf632750175cf592ad3b0a0d3f9447361688c1b9a8dc853 vim-common-9.1.785-1.fc40.x86_64.rpm +22b66cd1bd67c96c9ab26fda512cac7f4bbc5e9104cf042c0d998ca73f07b1d9 vim-data-9.1.785-1.fc40.noarch.rpm +1f592638eccd00f39f8df223820ee8a0ab26de7ca143ba3110437efeeb3415d3 vim-enhanced-9.1.785-1.fc40.x86_64.rpm +7f362a996ce7f33e95487db54cb5678f32e94ac49de5300bbd527e649eabbd23 vim-filesystem-9.1.785-1.fc40.noarch.rpm c5682a1b02bb02578e9997ae221a7f6c6db711084129824e207fe1febdc55b9d wget2-2.1.0-11.fc40.x86_64.rpm 38aaee4829df7e1a4719991c4fc6d65a1265b6a556b182ecac3145c287c320f4 wget2-libs-2.1.0-11.fc40.x86_64.rpm a12b44ee7cc5a0e916bcf72e80c4d618abb7406254578e947f3ba9dd0d445d25 wget2-wget-2.1.0-11.fc40.x86_64.rpm cf0306ceed1c6b3be39060d85f16b1953b464d3a625488b170d3b7aadf600645 which-2.21-41.fc40.x86_64.rpm 4ede95a2fa3bc0ae617c8bf3a375b800163d58733b4829b15d9f038505d79fee whois-nls-5.5.20-3.fc40.noarch.rpm e2195010e857f56b19246f8b821f9391922880b7691b3728a413f540edc890a6 xkeyboard-config-2.41-1.fc40.noarch.rpm -cb9deebe9f55b4b936271b68bf11f4f09771f479936d6526186a85b28a513ce0 xxd-9.1.719-1.fc40.x86_64.rpm +bcb44d5fcdb08413e55b7433a7ad9626575e0d2c7c190da7316e9e6f0317858b xxd-9.1.785-1.fc40.x86_64.rpm ee599a1c4d7ee635e54ec137af4dded83f433b9c8a5976f75ecdcd000b5246e3 xz-5.4.6-3.fc40.x86_64.rpm b92ef78d8ab424c22130e457d0ef691d8197bff61c3b8852205d1b02baba3819 xz-libs-5.4.6-3.fc40.i686.rpm b6ee44b3d7e494b0364f26b7d0b169a8092180af787423cd5e8a47dc0f738a66 xz-libs-5.4.6-3.fc40.x86_64.rpm From 132218ac1e67a584e6eee2741dd71da7e6225c03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Mon, 28 Oct 2024 10:46:24 +0100 Subject: [PATCH 336/380] ci: report failure in scheduled Terraform provider tests on cancel (#3460) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- .github/workflows/e2e-test-provider-example.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e-test-provider-example.yml b/.github/workflows/e2e-test-provider-example.yml index fffc7f816..db409633f 100644 --- a/.github/workflows/e2e-test-provider-example.yml +++ b/.github/workflows/e2e-test-provider-example.yml @@ -479,7 +479,7 @@ jobs: - name: Notify about failure if: | - failure() && + (failure() || cancelled()) && github.ref == 'refs/heads/main' && github.event_name == 'schedule' continue-on-error: true From 4b7cd84eafb09bf4b6bcd4731261935200e0e4a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Mon, 28 Oct 2024 11:34:11 +0100 Subject: [PATCH 337/380] e2e-upgrade: guard function return values behind `sync.WaitGroup` (#3461) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- e2e/internal/upgrade/upgrade.go | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/e2e/internal/upgrade/upgrade.go b/e2e/internal/upgrade/upgrade.go index b021eb5d9..2dd283ef8 100644 --- a/e2e/internal/upgrade/upgrade.go +++ b/e2e/internal/upgrade/upgrade.go @@ -182,7 +182,8 @@ func runCommandWithSeparateOutputs(cmd *exec.Cmd) (stdout, stderr []byte, err er return } - continuouslyPrintOutput := func(r io.Reader, prefix string) { + continuouslyPrintOutput := func(r io.Reader, prefix string, wg *sync.WaitGroup) { + defer wg.Done() scanner := bufio.NewScanner(r) for scanner.Scan() { output := scanner.Text() @@ -196,12 +197,15 @@ func runCommandWithSeparateOutputs(cmd *exec.Cmd) (stdout, stderr []byte, err er } } - go continuouslyPrintOutput(stdoutIn, "stdout") - go continuouslyPrintOutput(stderrIn, "stderr") + wg := &sync.WaitGroup{} + wg.Add(2) + go continuouslyPrintOutput(stdoutIn, "stdout", wg) + go continuouslyPrintOutput(stderrIn, "stderr", wg) if err = cmd.Wait(); err != nil { err = fmt.Errorf("wait for command to finish: %w", err) } + wg.Wait() return stdout, stderr, err } From 7dc38d9ff073bc2e454c4fa92f69ac46715c396f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 29 Oct 2024 09:30:43 +0100 Subject: [PATCH 338/380] deps: update bazel (modules) (#3448) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * deps: update bazel (modules) * Dont upgrade rules_python due to incompatibility with rules_pkg * deps: tidy all modules --------- Signed-off-by: Daniel Weiße Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Daniel Weiße Co-authored-by: edgelessci --- MODULE.bazel | 2 +- MODULE.bazel.lock | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/MODULE.bazel b/MODULE.bazel index 295161da1..e908ecbfd 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -1,6 +1,6 @@ module(name = "constellation") -bazel_dep(name = "aspect_bazel_lib", version = "2.9.2") +bazel_dep(name = "aspect_bazel_lib", version = "2.9.3") bazel_lib = use_extension("@aspect_bazel_lib//lib:extensions.bzl", "toolchains") bazel_lib.yq() diff --git a/MODULE.bazel.lock b/MODULE.bazel.lock index 169708d77..835cc284f 100644 --- a/MODULE.bazel.lock +++ b/MODULE.bazel.lock @@ -9,8 +9,8 @@ "https://bcr.bazel.build/modules/abseil-cpp/20230802.0.bcr.1/source.json": "14892cc698e02ffedf4967546e6bedb7245015906888d3465fcf27c90a26da10", "https://bcr.bazel.build/modules/apple_support/1.5.0/MODULE.bazel": "50341a62efbc483e8a2a6aec30994a58749bd7b885e18dd96aa8c33031e558ef", "https://bcr.bazel.build/modules/apple_support/1.5.0/source.json": "eb98a7627c0bc486b57f598ad8da50f6625d974c8f723e9ea71bd39f709c9862", - "https://bcr.bazel.build/modules/aspect_bazel_lib/2.9.2/MODULE.bazel": "4fae9c767526c17460c9d6e5731b09fdcab37b1322d6454acc137ac6d311e5b6", - "https://bcr.bazel.build/modules/aspect_bazel_lib/2.9.2/source.json": "cc829976e1b827bf3ef5ab682177a93c486c979a67a6b02dd0888e56486ed8ad", + "https://bcr.bazel.build/modules/aspect_bazel_lib/2.9.3/MODULE.bazel": "66baf724dbae7aff4787bf2245cc188d50cb08e07789769730151c0943587c14", + "https://bcr.bazel.build/modules/aspect_bazel_lib/2.9.3/source.json": "b290debdc0ab191a2a866b5a4e26f042c983026ff58b2e003ea634d838e3b6ae", "https://bcr.bazel.build/modules/bazel_features/1.1.0/MODULE.bazel": "cfd42ff3b815a5f39554d97182657f8c4b9719568eb7fded2b9135f084bf760b", "https://bcr.bazel.build/modules/bazel_features/1.1.1/MODULE.bazel": "27b8c79ef57efe08efccbd9dd6ef70d61b4798320b8d3c134fd571f78963dbcd", "https://bcr.bazel.build/modules/bazel_features/1.11.0/MODULE.bazel": "f9382337dd5a474c3b7d334c2f83e50b6eaedc284253334cf823044a26de03e8", @@ -145,8 +145,8 @@ }, "@@aspect_bazel_lib~//lib:extensions.bzl%toolchains": { "general": { - "bzlTransitiveDigest": "r7IIh4EKfqAOVGQAdB5/k5x8zTeExJ6xqLXx7uQWmGY=", - "usagesDigest": "aoONKG8ntNqVDaeBrxx1FAyWm9wN+IrEpVk/Uz9EdMg=", + "bzlTransitiveDigest": "RDy5XYaNwkIyk1DrM5ylA69W9bs5KbJgL3YINTvNEqw=", + "usagesDigest": "3pgyyEFXXevadO8ODuvRxYyr9DCa8jVUBgMS6f73zT8=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, @@ -812,7 +812,7 @@ "@@platforms//host:extension.bzl%host_platform": { "general": { "bzlTransitiveDigest": "xelQcPZH8+tmuOHVjL9vDxMnnQNMlwj0SlvgoqBkm4U=", - "usagesDigest": "QZFAJ0VIiJ5mGILpZn9r+TAbKxQ8T11/C+hyok0m2lU=", + "usagesDigest": "gJ5BpdWtcbLGOk01ZKU6pLob6Z7PoMIKs82Cm9GMT7g=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, From 9124691743a991452e44eeafb86545bab92b0263 Mon Sep 17 00:00:00 2001 From: Mauritz Uphoff <39736813+h3adex@users.noreply.github.com> Date: Tue, 29 Oct 2024 12:35:01 +0100 Subject: [PATCH 339/380] config: only allow confidential instances on stackit (#3463) * cli: only allow confidential instances on stackit * review changes --- internal/config/config_test.go | 63 +++++++++++++++++++++++++++++++++- internal/config/validation.go | 15 ++++++-- 2 files changed, 75 insertions(+), 3 deletions(-) diff --git a/internal/config/config_test.go b/internal/config/config_test.go index c18e5d835..5c60b26dc 100644 --- a/internal/config/config_test.go +++ b/internal/config/config_test.go @@ -688,67 +688,80 @@ func TestValidInstanceTypeForProvider(t *testing.T) { testCases := map[string]struct { variant variant.Variant instanceTypes []string + providerConfig ProviderConfig expectedResult bool }{ "empty all": { variant: variant.Dummy{}, instanceTypes: []string{}, expectedResult: false, + providerConfig: ProviderConfig{}, }, "empty aws": { variant: variant.AWSSEVSNP{}, instanceTypes: []string{}, expectedResult: false, + providerConfig: ProviderConfig{}, }, "empty azure only CVMs": { variant: variant.AzureSEVSNP{}, instanceTypes: []string{}, expectedResult: false, + providerConfig: ProviderConfig{}, }, "empty azure with non-CVMs": { variant: variant.AzureTrustedLaunch{}, instanceTypes: []string{}, expectedResult: false, + providerConfig: ProviderConfig{}, }, "empty gcp": { variant: variant.GCPSEVES{}, instanceTypes: []string{}, expectedResult: false, + providerConfig: ProviderConfig{}, }, "azure only CVMs (SNP)": { variant: variant.AzureSEVSNP{}, instanceTypes: instancetypes.AzureSNPInstanceTypes, expectedResult: true, + providerConfig: ProviderConfig{}, }, "azure only CVMs (TDX)": { variant: variant.AzureTDX{}, instanceTypes: instancetypes.AzureTDXInstanceTypes, expectedResult: true, + providerConfig: ProviderConfig{}, }, "azure trusted launch VMs": { variant: variant.AzureTrustedLaunch{}, instanceTypes: instancetypes.AzureTrustedLaunchInstanceTypes, expectedResult: true, + providerConfig: ProviderConfig{}, }, "gcp": { variant: variant.GCPSEVES{}, instanceTypes: instancetypes.GCPInstanceTypes, expectedResult: true, + providerConfig: ProviderConfig{}, }, "gcp sev-snp": { variant: variant.GCPSEVSNP{}, instanceTypes: instancetypes.GCPInstanceTypes, expectedResult: true, + providerConfig: ProviderConfig{}, }, "put gcp when azure is set": { variant: variant.AzureSEVSNP{}, instanceTypes: instancetypes.GCPInstanceTypes, expectedResult: false, + providerConfig: ProviderConfig{}, }, "put azure when gcp is set": { variant: variant.GCPSEVES{}, instanceTypes: instancetypes.AzureSNPInstanceTypes, expectedResult: false, + providerConfig: ProviderConfig{}, }, // Testing every possible instance type for AWS is not feasible, so we just test a few based on known supported / unsupported families // Also serves as a test for checkIfInstanceInValidAWSFamilys @@ -756,31 +769,79 @@ func TestValidInstanceTypeForProvider(t *testing.T) { variant: variant.AWSSEVSNP{}, instanceTypes: []string{"c5.xlarge", "c5a.2xlarge", "c5a.16xlarge", "u-12tb1.112xlarge"}, expectedResult: false, // False because 2 two of the instances are not valid + providerConfig: ProviderConfig{}, }, "aws one valid instance one with too little vCPUs": { variant: variant.AWSSEVSNP{}, instanceTypes: []string{"c5.medium"}, expectedResult: false, + providerConfig: ProviderConfig{}, }, "aws graviton sub-family unsupported": { variant: variant.AWSSEVSNP{}, instanceTypes: []string{"m6g.xlarge", "r6g.2xlarge", "x2gd.xlarge", "g5g.8xlarge"}, expectedResult: false, + providerConfig: ProviderConfig{}, }, "aws combined two valid instances as one string": { variant: variant.AWSSEVSNP{}, instanceTypes: []string{"c5.xlarge, c5a.2xlarge"}, expectedResult: false, + providerConfig: ProviderConfig{}, }, "aws only CVMs": { variant: variant.AWSSEVSNP{}, instanceTypes: []string{"c6a.xlarge", "m6a.xlarge", "r6a.xlarge"}, expectedResult: true, + providerConfig: ProviderConfig{}, }, "aws nitroTPM VMs": { variant: variant.AWSNitroTPM{}, instanceTypes: []string{"c5.xlarge", "c5a.2xlarge", "c5a.16xlarge", "u-12tb1.112xlarge"}, expectedResult: true, + providerConfig: ProviderConfig{}, + }, + "stackit valid flavors": { + variant: variant.QEMUVTPM{}, + instanceTypes: []string{ + "m1a.2cd", + "m1a.4cd", + "m1a.8cd", + "m1a.16cd", + "m1a.30cd", + }, + expectedResult: true, + providerConfig: ProviderConfig{OpenStack: &OpenStackConfig{Cloud: "stackit"}}, + }, + "stackit not valid flavors": { + variant: variant.QEMUVTPM{}, + instanceTypes: []string{ + // removed the c which indicates a confidential flavor + "m1a.2d", + "m1a.4d", + "m1a.8d", + "m1a.16d", + "m1a.30d", + }, + expectedResult: false, + providerConfig: ProviderConfig{OpenStack: &OpenStackConfig{Cloud: "stackit"}}, + }, + "openstack cloud named test": { + variant: variant.QEMUVTPM{}, + instanceTypes: []string{ + "foo.bar", + "foo.bar1", + }, + expectedResult: true, + providerConfig: ProviderConfig{OpenStack: &OpenStackConfig{Cloud: "test"}}, + }, + "Qemutdx valid instance type": { + variant: variant.QEMUTDX{}, + instanceTypes: []string{ + "foo.bar", + }, + expectedResult: true, + providerConfig: ProviderConfig{QEMU: &QEMUConfig{}}, }, } for name, tc := range testCases { @@ -788,7 +849,7 @@ func TestValidInstanceTypeForProvider(t *testing.T) { assert := assert.New(t) for _, instanceType := range tc.instanceTypes { assert.Equal( - tc.expectedResult, validInstanceTypeForProvider(instanceType, tc.variant), + tc.expectedResult, validInstanceTypeForProvider(instanceType, tc.variant, tc.providerConfig), instanceType, ) } diff --git a/internal/config/validation.go b/internal/config/validation.go index 4ea1576b2..ebd39512f 100644 --- a/internal/config/validation.go +++ b/internal/config/validation.go @@ -520,7 +520,7 @@ func (c *Config) translateMoreThanOneProviderError(ut ut.Translator, fe validato return t } -func validInstanceTypeForProvider(insType string, attestation variant.Variant) bool { +func validInstanceTypeForProvider(insType string, attestation variant.Variant, provider ProviderConfig) bool { switch attestation { case variant.AWSSEVSNP{}, variant.AWSNitroTPM{}: return isSupportedAWSInstanceType(insType, attestation.Equal(variant.AWSNitroTPM{})) @@ -549,6 +549,17 @@ func validInstanceTypeForProvider(insType string, attestation variant.Variant) b } } case variant.QEMUVTPM{}, variant.QEMUTDX{}: + // only allow confidential instances on stackit cloud using QEMU vTPM + if provider.OpenStack != nil { + if cloud := provider.OpenStack.Cloud; strings.ToLower(cloud) == "stackit" { + for _, instanceType := range instancetypes.STACKITInstanceTypes { + if insType == instanceType { + return true + } + } + return false + } + } return true } return false @@ -789,7 +800,7 @@ func (c *Config) validateNodeGroupZoneField(fl validator.FieldLevel) bool { } func (c *Config) validateInstanceType(fl validator.FieldLevel) bool { - return validInstanceTypeForProvider(fl.Field().String(), c.GetAttestationConfig().GetVariant()) + return validInstanceTypeForProvider(fl.Field().String(), c.GetAttestationConfig().GetVariant(), c.Provider) } func (c *Config) validateStateDiskTypeField(fl validator.FieldLevel) bool { From bff8bce88f0e3a485fcfc41905316ea79c72a18f Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Tue, 29 Oct 2024 14:04:59 +0100 Subject: [PATCH 340/380] docs: how to reproduce released artifacts (#3451) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * ci: test reproducability with different dependency installation methods * nix: mitigate nix store optimisiation * docs: reproducible builds Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * ci: upgrade ubuntu runners for reproducible builds --------- Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> --- .github/workflows/reproducible-builds.yml | 50 +++++++++++++---- docs/docs/workflows/reproducible-builds.md | 63 ++++++++++++++++++++++ docs/sidebars.js | 5 ++ nix/cc/cryptsetup.nix | 2 +- nix/cc/libvirt.nix | 2 +- renovate.json5 | 4 +- 6 files changed, 113 insertions(+), 13 deletions(-) create mode 100644 docs/docs/workflows/reproducible-builds.md diff --git a/.github/workflows/reproducible-builds.yml b/.github/workflows/reproducible-builds.yml index b615d010a..ffc3fa15f 100644 --- a/.github/workflows/reproducible-builds.yml +++ b/.github/workflows/reproducible-builds.yml @@ -1,8 +1,9 @@ # Verify that Constellation builds are reproducible. # -# The build-* jobs' matrix has two dimensions: a list of targets to build and -# a list of runners to build on. The produced binaries and OS images are -# expected to be bit-for-bit identical, regardless of the chosen build runner. +# The build-* jobs' matrix has three dimensions: a list of targets to build, a +# list of runners to build on and a method of installing dependencies. The +# produced binaries and OS images are expected to be bit-for-bit identical, +# without any dependencies on the runtime setup details. # # The compare-* jobs only have the target dimension. They obtain the built # targets from all runners and check that there are no diffs between them. @@ -24,10 +25,15 @@ jobs: - "cli_enterprise_linux_amd64" - "cli_enterprise_linux_arm64" - "cli_enterprise_windows_amd64" - runner: ["ubuntu-22.04", "ubuntu-20.04"] + runner: + - "ubuntu-24.04" + - "ubuntu-22.04" + deps: + - conventional + - eccentric env: bazel_target: "//cli:${{ matrix.target }}" - binary: "${{ matrix.target }}-${{ matrix.runner }}" + binary: "${{ matrix.target }}-${{ matrix.runner }}-${{ matrix.deps }}" runs-on: ${{ matrix.runner }} steps: - name: Checkout @@ -35,8 +41,22 @@ jobs: with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - - name: Setup bazel + - name: Setup dependencies uses: ./.github/actions/setup_bazel_nix + if: matrix.deps == 'conventional' + + - name: Setup dependencies (eccentric) + if: matrix.deps == 'eccentric' + run: | + version=$(cat .bazelversion) + mkdir -p "$HOME/.local/bin" + curl -fsSL -o "$HOME/.local/bin/bazel" "https://github.com/bazelbuild/bazel/releases/download/$version/bazel-$version-linux-x86_64" + chmod a+x "$HOME/.local/bin/bazel" + echo "$HOME/.local/bin" >> "$GITHUB_PATH" + + curl -fsSL -o "$HOME/.local/bin/nix-installer" https://github.com/DeterminateSystems/nix-installer/releases/download/v0.26.3/nix-installer-x86_64-linux # renovate:github-release + chmod a+x "$HOME/.local/bin/nix-installer" + "$HOME/.local/bin/nix-installer" install --no-confirm - name: Build shell: bash @@ -59,13 +79,13 @@ jobs: - name: Upload binary artifact uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: - name: "binaries-${{ matrix.target }}-${{ matrix.runner }}" + name: "binaries-${{ matrix.target }}-${{ matrix.runner }}-${{ matrix.deps }}" path: "${{ env.binary }}" - name: Upload hash artifact uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 with: - name: "sha256sums-${{ matrix.target }}-${{ matrix.runner }}" + name: "sha256sums-${{ matrix.target }}-${{ matrix.runner }}-${{ matrix.deps }}" path: "${{ env.binary }}.sha256" build-osimages: @@ -77,12 +97,24 @@ jobs: - "aws_aws-nitro-tpm_console" - "qemu_qemu-vtpm_debug" - "gcp_gcp-sev-snp_nightly" - runner: ["ubuntu-22.04", "ubuntu-20.04"] + runner: ["ubuntu-24.04", "ubuntu-22.04"] env: bazel_target: "//image/system:${{ matrix.target }}" binary: "osimage-${{ matrix.target }}-${{ matrix.runner }}" runs-on: ${{ matrix.runner }} steps: + - name: Remove security hardening features + if: matrix.runner == 'ubuntu-24.04' + shell: bash + run: | + # Taken from https://github.com/systemd/mkosi/blob/fcacc94b9f72d9b6b1f03779b0c6e07209ceb54b/action.yaml#L42-L57. + sudo sysctl --ignore --write kernel.apparmor_restrict_unprivileged_unconfined=0 + sudo sysctl --ignore --write kernel.apparmor_restrict_unprivileged_userns=0 + # This command fails with a non-zero error code even though it unloads the apparmor profiles. + # https://gitlab.com/apparmor/apparmor/-/issues/403 + sudo aa-teardown || true + sudo apt-get remove -y apparmor + - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: diff --git a/docs/docs/workflows/reproducible-builds.md b/docs/docs/workflows/reproducible-builds.md new file mode 100644 index 000000000..e3bc46095 --- /dev/null +++ b/docs/docs/workflows/reproducible-builds.md @@ -0,0 +1,63 @@ +# Reproduce released artifacts + +Constellation has first-class support for [reproducible builds](https://reproducible-builds.org). +Reproducing the released artifacts is an alternative to [signature verification](verify-cli.md) that doesn't require trusting Edgeless Systems' release process. +The following sections describe how to rebuild an artifact and how Constellation ensures that the rebuild reproduces the artifacts bit-by-bit. + +## Build environment prerequisites + +The build systems used by Constellation - [Bazel](https://bazel.build/) and [Nix](https://nixos.org) - are designed for deterministic, reproducible builds. +These two dependencies should be the only prerequisites for a successful build. +However, it can't be ruled out completely that peculiarities of the host affect the build result. +Thus, we recommend the following host setup for best results: + +1. A Linux operating system not older than v5.4. +2. The GNU C library not older than v2.31 (avoid `musl`). +3. GNU `coreutils` not older than v8.30 (avoid `busybox`). +4. An `ext4` filesystem for building. +5. AppArmor turned off. + +This is given, for example, on an Ubuntu 22.04 system, which is also used for reproducibility tests. + +:::note + +To avoid any backwards-compatibility issues, the host software versions should also not be much newer than the Constellation release. + +::: + +## Run the build + +The following instructions outline qualitatively how to reproduce a build. +Constellation implements these instructions in the [Reproducible Builds workflow](https://github.com/edgelesssys/constellation/actions/workflows/reproducible-builds.yml), which continuously tests for reproducibility. +The workflow is a good place to look up specific version numbers and build steps. + +1. Check out the Constellation repository at the tag corresponding to the release. + + ```bash + git clone https://github.com/edgelesssys/constellation.git + cd constellation + git checkout v2.20.0 + ``` + +2. [Install the Bazel release](https://bazel.build/install) specified in `.bazelversion`. +3. [Install Nix](https://nixos.org/download/) (any recent version should do). +4. Run the build with `bazel build $target` for one of the following targets of interest: + + ```data + //cli:cli_enterprise_darwin_amd64 + //cli:cli_enterprise_darwin_arm64 + //cli:cli_enterprise_linux_amd64 + //cli:cli_enterprise_linux_arm64 + //cli:cli_enterprise_windows_amd64 + ``` + +5. Compare the build result with the downloaded release artifact. + + + +## Feedback + +Reproduction failures often indicate a bug in the build system or in the build definitions. +Therefore, we're interested in any reproducibility issues you might encounter. +[Start a bug report](https://github.com/edgelesssys/constellation/issues/new/choose) and describe the details of your build environment. +Make sure to include your result binary or a [`diffoscope`](https://diffoscope.org/) report, if possible. diff --git a/docs/sidebars.js b/docs/sidebars.js index 45e56c66e..21d4ef42e 100644 --- a/docs/sidebars.js +++ b/docs/sidebars.js @@ -220,6 +220,11 @@ const sidebars = { label: 'Consume SBOMs', id: 'workflows/sbom', }, + { + type: 'doc', + label: 'Reproduce release artifacts', + id: 'workflows/reproducible-builds', + }, { type: 'doc', label: 'Troubleshooting', diff --git a/nix/cc/cryptsetup.nix b/nix/cc/cryptsetup.nix index 9687e1019..1aa8c8c37 100644 --- a/nix/cc/cryptsetup.nix +++ b/nix/cc/cryptsetup.nix @@ -11,7 +11,7 @@ pkgs.symlinkJoin { paths = packages; buildInputs = packages; postBuild = '' - tar -cf $out/closure.tar --mtime="@$SOURCE_DATE_EPOCH" --sort=name ${closure} + tar -cf $out/closure.tar --mtime="@$SOURCE_DATE_EPOCH" --sort=name --hard-dereference ${closure} echo "${rpath}" > $out/rpath cp ${cc}/nix-support/dynamic-linker $out/dynamic-linker ''; diff --git a/nix/cc/libvirt.nix b/nix/cc/libvirt.nix index 47660a97f..afb739aaf 100644 --- a/nix/cc/libvirt.nix +++ b/nix/cc/libvirt.nix @@ -11,7 +11,7 @@ pkgs.symlinkJoin { paths = packages; buildInputs = packages; postBuild = '' - tar -cf $out/closure.tar --mtime="@$SOURCE_DATE_EPOCH" --sort=name ${closure} + tar -cf $out/closure.tar --mtime="@$SOURCE_DATE_EPOCH" --sort=name --hard-dereference ${closure} tar --transform 's+^./+bin/+' -cf $out/bin-linktree.tar --mtime="@$SOURCE_DATE_EPOCH" --sort=name -C $out/bin . echo "${rpath}" > $out/rpath cp ${cc}/nix-support/dynamic-linker $out/dynamic-linker diff --git a/renovate.json5 b/renovate.json5 index abad4f919..8424d5473 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -246,12 +246,12 @@ "datasourceTemplate": "github-releases", }, { - "fileMatch": ["(^|\\/)versions.go$"], + "fileMatch": ["(^|\\/)versions.go$", "[.]github\\/(actions|workflows)\\/.*[.]ya?ml"], "matchStrings": [ // Match github releases. // example match:' "https://github.com/foo/bar/releases/download/v1.2.3/foo.bin" // renovate:github-release' // (foo/bar -> depName, v1.2.3 -> currentValue) - " \"https:\\/\\/github\\.com\\/(?[^\\/\\s\"]+\\/[^\\/\\s\"]+)\\/releases\\/download\\/(?[^\\/\\s\"]+)\\/[^\"]+\"[^\\n]+\\/\\/ renovate:github-release", + "https:\\/\\/github\\.com\\/(?[^\\/\\s\"]+\\/[^\\/\\s\"]+)\\/releases\\/download\\/(?[^\\/\\s\"]+).*renovate:github-release", ], "datasourceTemplate": "github-releases", }, From 7458d0e8921a2257670de4d915903317cc5218f6 Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Tue, 29 Oct 2024 19:03:19 +0100 Subject: [PATCH 341/380] deps: update terraform-provider-stackit (#3462) --- .../openstack/.terraform.lock.hcl | 42 +++++++++---------- terraform/infrastructure/openstack/main.tf | 2 +- .../modules/stackit_loadbalancer/main.tf | 2 +- 3 files changed, 23 insertions(+), 23 deletions(-) diff --git a/terraform/infrastructure/openstack/.terraform.lock.hcl b/terraform/infrastructure/openstack/.terraform.lock.hcl index 3b40b4ac6..f3032e569 100644 --- a/terraform/infrastructure/openstack/.terraform.lock.hcl +++ b/terraform/infrastructure/openstack/.terraform.lock.hcl @@ -26,29 +26,29 @@ provider "registry.terraform.io/hashicorp/random" { } provider "registry.terraform.io/stackitcloud/stackit" { - version = "0.23.0" - constraints = "0.23.0" + version = "0.33.2" + constraints = "0.33.2" hashes = [ - "h1:UT46iz4WQNfa7W8ye2QHkxPIsKxpZRlu9TnD2QmdAPk=", - "h1:asaFg0pI1yEkHlN5lk1jUq76BL6nOPzxg6LDi8dN8uE=", - "h1:rbo4uB/dsvbE9sRsGFazjiAMrCD4pSG4RCFdj2qUGLo=", - "h1:snPQsPQGcGrR3qKis6HVa/RewQO3dsloq7wMm8X7Mgs=", - "h1:vPFC/qsmLrY7u97UyATVPOh+UJWE5J0vqeTaGRRVAig=", + "h1:2FyG4IGFQpDZhc2HNKQjLWg6V2AfGL4NFtPInWu9xAc=", + "h1:6o2a+Hv7ak8RNvaf8sVKoJMzx2L24zYqn+JPVnL31fE=", + "h1:TxIBi3hdCrud2ZYNuwEJm+NfghFXiaOZYi3Cc1vRPxs=", + "h1:eC9TC3tlEPQpW3C7DaXxmIbE65+TxX2g9/shcQnkNV8=", + "h1:k3vOq789D5QAzowazpbMxRbbpqibHJGzF6jBcSMiYkA=", + "zh:08be6e983c55229da9a2e27ede4046d3ab0de989b561358d34ab5e02c4d98a62", "zh:0dde99e7b343fa01f8eefc378171fb8621bedb20f59157d6cc8e3d46c738105f", - "zh:1d0241090e49ee8155ca35045aa5abb9b019a58c8a5e8ea438589f57b24c2349", - "zh:29add5ff5d36be1904fe304039a2e874e697425fc56cbac7f1163abe9b5a9bbb", - "zh:4126f0934f32ecf5b7a057a95b1fd31ffbca9f8400896f69dec625d292d214da", - "zh:63c524554acb611ba002227942fb8e7bcd7d39f9575ad1799958bbba37e1a8b1", - "zh:67f1716cca733c62a63a4eaf9f19ded01502e71f6495e92c59c57f0918eb921e", - "zh:6f0ec187c469aaeafc94b24bfcbdf7a8d12f9671b26711f5bf9283f44334bdc8", - "zh:7c78c551516cdc4743c83098c11343eaf85dbf860e3922345124c95cb5c727ac", - "zh:80fcfb25dabf2186657d332ce7274acb8859d85402fc524c39eb83956bf83230", - "zh:84c3e00028537e791eff81dc0e15d5feb7b6a5b69fa31e489799049f83fd0855", - "zh:9e695958afb97411237cd3260b494b5b51a53b18ff5be30d9b64110cc4bd3c7b", - "zh:afe7875b50a762e2d8417fcc636b37cfbab73ff0b30f7f01a5bc92be2ff3a73e", - "zh:d89d4436ad33069a56ed8c7c3e5cfd6446c5bed3322f757eec5a6f060ec3cb5c", - "zh:dfdfa1817fcfee99060a56276c3d190bc763cf9d033f8c4904788b84332e4956", - "zh:f9740a30e1f7a44140b97e18e906ed221fe78b10b9d661afecd41530058ac596", + "zh:1b1753b2069eb53af3e3407c8cf14774dbf898c38a1e3f42bf8021834efd849b", + "zh:25f091e5f2aaeb93c00ce42e59542e4d17b4b2d1881c08074df696d85985140d", + "zh:323f836b42c3b5a76044f57cfca2e751c7650b321ac2fe896a17546d7ee247e6", + "zh:5508dda96ed90c31c29b43a8eb1394b9b5d634014366bf44ab9f501b3e2004c5", + "zh:657952ad59ccda1113493b50972284ff8373b41cb099c2e342a1cafe429f447a", + "zh:68ce3fa3648e1ed2cae2063ebc3ecd8784c03a69ab912175c7925761630adc5a", + "zh:7244efa9c8145b45e841e70cd618b0949affd7690ab7ed1b544cb79fb8771d47", + "zh:854001edf62cb0396641edd9fd56361d1048d0802ac081090ad09fa24e5950fc", + "zh:946276beb320a1a2109ccd62cb8b3e18138a6946f24abc9e01f690d99388dc2c", + "zh:9d3694c0f64e06c31e6bff6b9ba880dd3764b03766b1fe57cb7b0ff0e4cd64cf", + "zh:a4ad4eca396911c7eae07984a0f5d9866e73a4cbe91125f0a7b08f94dbdbf7fd", + "zh:b1f720a21cc975b6d42767c31f4b0efda517cc5469262ddff048326102fa434d", + "zh:f37ae26d08bbd467bc4e52288cd7b4164d73320ad8340e85cf0af3478a00b05c", ] } diff --git a/terraform/infrastructure/openstack/main.tf b/terraform/infrastructure/openstack/main.tf index 3116b4f9e..9571b5139 100644 --- a/terraform/infrastructure/openstack/main.tf +++ b/terraform/infrastructure/openstack/main.tf @@ -7,7 +7,7 @@ terraform { stackit = { source = "stackitcloud/stackit" - version = "0.23.0" + version = "0.33.2" } random = { diff --git a/terraform/infrastructure/openstack/modules/stackit_loadbalancer/main.tf b/terraform/infrastructure/openstack/modules/stackit_loadbalancer/main.tf index 4a7dfea1b..d4ada1605 100644 --- a/terraform/infrastructure/openstack/modules/stackit_loadbalancer/main.tf +++ b/terraform/infrastructure/openstack/modules/stackit_loadbalancer/main.tf @@ -2,7 +2,7 @@ terraform { required_providers { stackit = { source = "stackitcloud/stackit" - version = "0.23.0" + version = "0.33.2" } } } From aa7d47ed5f9826f00429453d8aa5ae88b3f87978 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Wed, 30 Oct 2024 08:07:48 +0100 Subject: [PATCH 342/380] image: update measurements and image version (#3464) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index 53283b6f2..15d994a04 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x16, 0x62, 0x87, 0x60, 0xad, 0xfe, 0xb0, 0x87, 0x65, 0xd9, 0x86, 0x17, 0xe7, 0xa1, 0x9c, 0xe3, 0x37, 0xda, 0xce, 0xb3, 0x71, 0xac, 0x33, 0x2e, 0x3c, 0x68, 0xea, 0x95, 0x43, 0xf0, 0x74, 0xce}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x5a, 0x23, 0x95, 0xf8, 0x85, 0xd7, 0xe1, 0x63, 0x20, 0x2e, 0x9a, 0xc3, 0x3f, 0x80, 0x64, 0x73, 0x8b, 0x58, 0x99, 0x78, 0xa8, 0x83, 0x44, 0xe4, 0x92, 0x87, 0xf4, 0xfd, 0xf2, 0x49, 0x1a, 0x5c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x4a, 0x7c, 0x49, 0xba, 0xce, 0xf4, 0x8b, 0xf7, 0x69, 0x11, 0xd8, 0x23, 0x73, 0xdb, 0x96, 0x2f, 0x2a, 0xa6, 0xb8, 0x7e, 0xfd, 0x18, 0x11, 0xe4, 0x15, 0x6d, 0xb4, 0x15, 0x85, 0x2e, 0x91, 0xbf}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x29, 0xbc, 0x7f, 0xc0, 0x75, 0x3a, 0x9f, 0xe9, 0xbb, 0x43, 0xd6, 0x76, 0xfc, 0x62, 0xf8, 0x14, 0x2f, 0x34, 0x13, 0x14, 0xb3, 0x74, 0x1b, 0xb9, 0xc6, 0x4f, 0x9a, 0x64, 0x7e, 0xed, 0xd2, 0x4f}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xbb, 0x96, 0xc0, 0xd8, 0x39, 0x53, 0x21, 0xe6, 0x3f, 0x30, 0x62, 0x42, 0xfc, 0x52, 0x2c, 0x8e, 0x33, 0x04, 0xf5, 0x0f, 0x4d, 0xf6, 0x76, 0x17, 0xed, 0xdf, 0x92, 0x98, 0x2f, 0x3f, 0x75, 0xe0}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe3, 0x23, 0x4d, 0x84, 0x30, 0x9b, 0x1a, 0x86, 0x75, 0x3b, 0x44, 0x71, 0x5b, 0x14, 0x66, 0x77, 0x55, 0xed, 0x88, 0x2c, 0xe7, 0xb3, 0x31, 0x58, 0x96, 0x7c, 0x14, 0xdd, 0xa1, 0x9e, 0x02, 0x81}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x7d, 0x69, 0x66, 0x05, 0x38, 0x85, 0xa6, 0xba, 0xfc, 0x4c, 0x51, 0xa8, 0x1f, 0x1d, 0x50, 0x7f, 0x96, 0x76, 0x6e, 0x82, 0xc0, 0xc1, 0x85, 0x19, 0x34, 0x9f, 0xaf, 0x7c, 0x73, 0x6f, 0x37, 0xe5}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xa5, 0x4e, 0xe2, 0xb6, 0xee, 0x2f, 0xcc, 0xd4, 0xe5, 0x88, 0xd4, 0x31, 0xcc, 0x8f, 0x53, 0x6d, 0x09, 0x98, 0x20, 0x18, 0x49, 0xe2, 0x73, 0x87, 0xb5, 0x43, 0x12, 0x9a, 0x92, 0xc9, 0xde, 0x6c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf9, 0xc5, 0x9c, 0x72, 0x9c, 0x5d, 0xa5, 0xeb, 0x4e, 0x1d, 0x16, 0xfe, 0xfd, 0x08, 0x79, 0x8a, 0x31, 0x35, 0xb3, 0x2e, 0xe1, 0x36, 0x62, 0xfc, 0x8c, 0xca, 0x33, 0xb7, 0xcd, 0x35, 0x80, 0xef}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x0f, 0xf1, 0x3a, 0x72, 0x05, 0xbf, 0x23, 0x52, 0xea, 0x97, 0x86, 0xad, 0xb9, 0x6d, 0x52, 0x69, 0x26, 0xfe, 0xa2, 0x6a, 0x3b, 0xdc, 0x02, 0x26, 0x32, 0xc0, 0x52, 0xa3, 0x7b, 0xe5, 0xb3, 0x5c}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x35, 0x2f, 0xbe, 0x7b, 0x89, 0xd6, 0xc8, 0xf1, 0x1a, 0xc1, 0xf3, 0x70, 0x9e, 0xeb, 0x8b, 0xec, 0xac, 0x44, 0x25, 0x41, 0x2f, 0x6a, 0xa9, 0x30, 0xe4, 0xd8, 0x3a, 0x55, 0x40, 0x45, 0x14, 0x2f}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x41, 0xd3, 0x3d, 0x7f, 0xb2, 0xd0, 0x6f, 0x4c, 0xac, 0xf1, 0x70, 0x27, 0x0c, 0xc5, 0x0e, 0x94, 0x52, 0xb7, 0xb5, 0x57, 0xd5, 0xd0, 0xb5, 0x8f, 0xec, 0xda, 0x3d, 0x59, 0xfe, 0x60, 0x5a, 0x0e}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xf4, 0x3f, 0x9a, 0x55, 0x36, 0x4d, 0x09, 0xa4, 0x54, 0x1c, 0x11, 0x30, 0x4f, 0xba, 0xb4, 0xae, 0x8a, 0xcf, 0xd6, 0xb5, 0x02, 0x63, 0x42, 0x36, 0xd2, 0xb6, 0x29, 0x87, 0xd8, 0x72, 0x84, 0x3e}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xcb, 0x0e, 0x94, 0x56, 0x27, 0x06, 0xcd, 0x48, 0xf5, 0x5d, 0x36, 0x8c, 0x21, 0xbe, 0xdc, 0xa5, 0x67, 0x6a, 0xe9, 0x60, 0x97, 0x8e, 0x50, 0x68, 0xaa, 0x8e, 0xda, 0x9b, 0x05, 0xed, 0xc3, 0xad}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xde, 0x54, 0x00, 0x6d, 0x04, 0x85, 0x10, 0xff, 0x09, 0x6f, 0x1a, 0x4c, 0x76, 0x02, 0xfc, 0x1c, 0x75, 0x06, 0x2e, 0xbd, 0x52, 0x11, 0xd7, 0x59, 0xb0, 0x0d, 0x1a, 0x30, 0x49, 0xf9, 0x3d, 0x2d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x0f, 0x03, 0x6a, 0x00, 0xae, 0xae, 0xbe, 0x8f, 0x21, 0xa2, 0x24, 0xbe, 0xaa, 0x83, 0x0e, 0x54, 0xc1, 0xb1, 0xd1, 0x14, 0x46, 0x7a, 0x40, 0x07, 0x3c, 0x3c, 0x67, 0xb1, 0x37, 0x6d, 0xcf, 0x7a}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb7, 0x70, 0x9a, 0x78, 0x80, 0xcf, 0xc3, 0x80, 0xa9, 0x68, 0x61, 0x6a, 0xed, 0x09, 0xc2, 0xe3, 0xb0, 0x07, 0x90, 0x90, 0xc7, 0x28, 0x1f, 0xf3, 0x54, 0x8b, 0x36, 0xf3, 0xf4, 0x71, 0x21, 0xb2}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x28, 0x62, 0xc1, 0xd5, 0xc7, 0xc5, 0x67, 0x58, 0x20, 0x0f, 0x68, 0x2d, 0x94, 0xd3, 0x5e, 0xd1, 0xbc, 0x49, 0x7d, 0xf3, 0x9e, 0x94, 0x0f, 0x57, 0xf4, 0xa6, 0x9a, 0xce, 0x99, 0x89, 0xf3, 0xae}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x85, 0xbd, 0x81, 0xd1, 0x99, 0x0d, 0x68, 0x06, 0x6e, 0x3a, 0x42, 0xd9, 0xc7, 0x84, 0x6e, 0x35, 0x19, 0x24, 0x70, 0x42, 0x79, 0x85, 0xc6, 0x49, 0x86, 0x16, 0xc8, 0xea, 0x1a, 0x75, 0x0a, 0xdb}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x67, 0x3d, 0xb2, 0x43, 0x5e, 0x37, 0xf0, 0x81, 0xa2, 0xf4, 0xab, 0x7a, 0x21, 0x02, 0x95, 0x23, 0x02, 0x26, 0x5b, 0xf2, 0x7a, 0x9a, 0x7e, 0x23, 0xf3, 0xc0, 0x40, 0xc2, 0xc9, 0x26, 0xbf, 0x6a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x62, 0x17, 0xc5, 0xfb, 0xb7, 0x71, 0x3b, 0xed, 0xf9, 0x1d, 0x6b, 0x37, 0x52, 0x17, 0x1b, 0xf8, 0xee, 0x37, 0x75, 0x06, 0x8a, 0x97, 0x8d, 0x01, 0xf0, 0x75, 0x4a, 0x96, 0xc8, 0x21, 0xe3, 0x92}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x89, 0xfe, 0x85, 0x6b, 0x4f, 0xce, 0xd6, 0xc7, 0x21, 0xed, 0x3b, 0x25, 0xf1, 0x09, 0xad, 0xe6, 0xa5, 0xc8, 0x31, 0x2b, 0xb4, 0xf9, 0x1a, 0x3a, 0x40, 0x1d, 0xee, 0xed, 0x64, 0x84, 0x28, 0x02}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x68, 0xd6, 0x49, 0x3d, 0x26, 0xa3, 0xcf, 0x41, 0xa8, 0x78, 0x4c, 0xc0, 0x7a, 0xa9, 0x1a, 0x31, 0x18, 0x70, 0xb8, 0x35, 0xdc, 0x62, 0x7f, 0xd2, 0x4d, 0xf6, 0x68, 0xd8, 0x9b, 0x7d, 0x0f, 0xbf}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x32, 0x0f, 0x05, 0xca, 0xe0, 0xbb, 0x50, 0xc5, 0x81, 0x19, 0x72, 0x92, 0x8e, 0x45, 0x4a, 0xc5, 0x33, 0x74, 0xd5, 0x31, 0xa5, 0xe3, 0x42, 0x67, 0x1d, 0x92, 0x96, 0x52, 0xdc, 0x73, 0xc6, 0x7c}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x46, 0x33, 0x67, 0x71, 0x55, 0x4d, 0x3f, 0x5f, 0x12, 0xfc, 0x94, 0xd0, 0xc2, 0xe3, 0xca, 0x37, 0xe7, 0x9c, 0xa2, 0x56, 0x1c, 0x21, 0x13, 0x40, 0xdd, 0x04, 0x17, 0x2a, 0x24, 0x51, 0x18, 0x75}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x7f, 0x65, 0xc6, 0xe2, 0x22, 0xd9, 0xbb, 0x11, 0x99, 0xc6, 0xe3, 0xd0, 0xb7, 0x64, 0xb3, 0x43, 0x25, 0xa5, 0x75, 0xaa, 0xd8, 0xb6, 0x09, 0xd5, 0xb0, 0x44, 0x2b, 0x23, 0x34, 0xa6, 0x74, 0x5a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x54, 0xc3, 0x0b, 0xc2, 0xc2, 0x9e, 0xde, 0x5b, 0x4f, 0xd0, 0x91, 0x0c, 0x67, 0xfd, 0x9e, 0x9d, 0x16, 0x3e, 0x0e, 0x8d, 0x27, 0xce, 0xd2, 0x05, 0xba, 0x51, 0xa3, 0x9e, 0xf9, 0x79, 0xaa, 0x9a}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xff, 0xf8, 0x52, 0xb4, 0x5d, 0x3f, 0x95, 0x26, 0xce, 0x3f, 0x4b, 0x30, 0x5a, 0x7b, 0xcd, 0x99, 0x20, 0xe6, 0x08, 0xa3, 0xca, 0xcf, 0x68, 0x69, 0xba, 0xb6, 0x06, 0xc2, 0x25, 0xaf, 0xe3, 0xe5}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xef, 0x4d, 0x73, 0x50, 0xb2, 0x28, 0x5c, 0x3d, 0x02, 0x2f, 0xd4, 0xa8, 0x1a, 0xb7, 0xf3, 0x55, 0x50, 0x14, 0xb5, 0x49, 0xbc, 0x63, 0x0c, 0xc6, 0x4a, 0xb8, 0x7e, 0xb0, 0xa7, 0x2b, 0x9a, 0x84}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x16, 0x06, 0xa5, 0xe6, 0x14, 0x95, 0x0d, 0xf6, 0x3b, 0x89, 0xaa, 0xe4, 0xc2, 0x6e, 0xd9, 0xba, 0x7b, 0xf2, 0xcc, 0x5a, 0x31, 0xf4, 0x9a, 0x15, 0x86, 0x38, 0x27, 0x82, 0xda, 0x58, 0x22, 0x05}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0x67, 0xf7, 0x1d, 0x0c, 0x08, 0x15, 0xf3, 0x3b, 0xb1, 0x99, 0xe5, 0x69, 0x6a, 0x47, 0xb9, 0x06, 0x58, 0x1d, 0x6a, 0xfc, 0x62, 0x5e, 0x2b, 0xd3, 0xe9, 0xe5, 0xde, 0x79, 0xc7, 0x59, 0xda, 0x85}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x02, 0xe1, 0x5a, 0xe2, 0xe4, 0xf8, 0x06, 0xfe, 0x5f, 0x1d, 0x95, 0xa5, 0xd4, 0xf7, 0x22, 0xba, 0x0d, 0xea, 0x50, 0xbb, 0x1c, 0x48, 0x3c, 0xde, 0x71, 0x59, 0x9b, 0x64, 0xa6, 0x5c, 0x8f, 0xb2}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x4a, 0x5a, 0x9a, 0x97, 0x6a, 0x7f, 0xf0, 0x40, 0x0f, 0x0f, 0x07, 0xd8, 0xf6, 0x3b, 0xd5, 0x02, 0x55, 0xbf, 0xb8, 0xcc, 0xaa, 0x72, 0xec, 0xbd, 0x7e, 0x31, 0x45, 0x03, 0xb7, 0x5d, 0x86, 0x1c}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x90, 0x0c, 0x8d, 0xba, 0x67, 0x87, 0xbb, 0xe9, 0x72, 0xef, 0x5b, 0x6b, 0x22, 0x72, 0x85, 0x07, 0x5e, 0x78, 0x90, 0x3b, 0x55, 0x44, 0x7f, 0x71, 0x21, 0x4b, 0x92, 0xb4, 0x78, 0x8f, 0xe9, 0x4c}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x68, 0x18, 0x57, 0x7f, 0x6c, 0x84, 0x29, 0x82, 0x43, 0x54, 0x14, 0x3b, 0x58, 0x03, 0xaa, 0x0b, 0x7e, 0xd6, 0x8c, 0x3d, 0x37, 0x2f, 0x1c, 0x9f, 0x13, 0x2f, 0xea, 0x5b, 0x82, 0x5e, 0xe5, 0x77}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x74, 0x9d, 0x9b, 0x09, 0x67, 0x69, 0x65, 0x52, 0x68, 0x49, 0x6f, 0x31, 0x30, 0xec, 0x22, 0xf6, 0x93, 0x9f, 0x90, 0xb0, 0x97, 0xbe, 0x7b, 0x7f, 0x6e, 0x2a, 0x18, 0x82, 0xb1, 0xf6, 0xdb, 0x20}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x8f, 0xce, 0x1a, 0x7e, 0xa2, 0xba, 0xab, 0x38, 0x84, 0xb9, 0xd3, 0x99, 0x03, 0x41, 0x5d, 0x22, 0x18, 0x3b, 0x20, 0xd3, 0x67, 0xd4, 0xff, 0x52, 0x15, 0xd0, 0x5e, 0x41, 0xf6, 0x3b, 0xc2, 0xad}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x53, 0xc7, 0x77, 0x67, 0xb5, 0x1b, 0x90, 0x93, 0x78, 0x5b, 0x2c, 0xa0, 0x31, 0xbb, 0xeb, 0x47, 0xec, 0xaa, 0x1d, 0x96, 0xbe, 0xa6, 0x19, 0x06, 0xd8, 0xf2, 0x1d, 0xb7, 0xb3, 0x85, 0x29, 0xb5}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x3c, 0x36, 0xce, 0xf6, 0xc0, 0x1e, 0x9c, 0x1c, 0x99, 0x9f, 0xde, 0x67, 0xcf, 0x78, 0x3c, 0x08, 0x92, 0x03, 0x5c, 0xbe, 0xca, 0xf2, 0x35, 0x71, 0xa7, 0x38, 0x21, 0x72, 0xd6, 0x64, 0x8e, 0x2b}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0xa9, 0x50, 0x4b, 0xd1, 0x0e, 0x45, 0x55, 0xa6, 0xc4, 0x1a, 0x5a, 0x9b, 0x78, 0x16, 0x74, 0x11, 0x63, 0x9b, 0x36, 0x56, 0xbc, 0xd9, 0xf6, 0x38, 0xba, 0xc2, 0x6c, 0xcf, 0x9a, 0x18, 0xa1, 0x30}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x35, 0xa8, 0xa7, 0x89, 0xb8, 0x57, 0x9f, 0x22, 0xec, 0xfe, 0x57, 0x34, 0x32, 0x00, 0xc7, 0x68, 0xe9, 0x09, 0x2b, 0x4b, 0x80, 0xf0, 0xdc, 0xcc, 0x4f, 0x3e, 0x86, 0xef, 0x6f, 0x5b, 0xbf, 0x36}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x9a, 0x4a, 0x18, 0x7c, 0x2e, 0x25, 0xd7, 0xb8, 0x63, 0xdb, 0x5c, 0x5b, 0x99, 0xb0, 0xdf, 0x37, 0x9f, 0xd8, 0x29, 0x9d, 0xd4, 0xfd, 0xaa, 0x94, 0x1b, 0xd2, 0xe4, 0x83, 0x68, 0x39, 0x02, 0xb3}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0xf4, 0x69, 0xcb, 0x4e, 0xdf, 0x53, 0x09, 0x83, 0x66, 0x8a, 0xea, 0xf8, 0x29, 0xaa, 0x6d, 0x67, 0x31, 0x2b, 0x2d, 0x64, 0x1b, 0xd6, 0x4e, 0xd1, 0x67, 0x9c, 0x73, 0x1c, 0x73, 0xb3, 0xa6, 0xa2}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x59, 0x2b, 0xca, 0xfb, 0xcb, 0x66, 0xcc, 0xbf, 0x5b, 0xd2, 0xd1, 0x8e, 0x6d, 0x87, 0xfd, 0xc5, 0xac, 0xe1, 0xaa, 0xdf, 0x09, 0xb0, 0x5f, 0x79, 0x19, 0xb1, 0x09, 0x52, 0xca, 0x55, 0xa3, 0xa3}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xfc, 0xdc, 0x3c, 0x81, 0x3a, 0xa7, 0x98, 0x8d, 0xd6, 0xed, 0x8b, 0x6a, 0x88, 0xca, 0x5b, 0x7b, 0xbb, 0x7c, 0x81, 0x0a, 0x20, 0x2c, 0x8a, 0x7f, 0xf3, 0xdd, 0x99, 0x51, 0x72, 0xa9, 0x23, 0xe3}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0x10, 0x20, 0x04, 0xf2, 0x1a, 0x75, 0x29, 0xc6, 0x69, 0x4b, 0x91, 0xc6, 0x81, 0xc2, 0xee, 0x9f, 0x16, 0x27, 0xf4, 0x8d, 0x6d, 0x35, 0xfc, 0x20, 0x13, 0x16, 0x0e, 0x7f, 0x83, 0x0b, 0x87, 0x03}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x8a, 0xe1, 0xbc, 0x4d, 0x77, 0xe9, 0x2f, 0xa4, 0xc5, 0x18, 0x56, 0xe4, 0x9a, 0x65, 0x5a, 0x47, 0x6e, 0x14, 0x9e, 0x9f, 0x85, 0xe2, 0x52, 0xaa, 0x97, 0x16, 0xe7, 0x50, 0x89, 0xf2, 0xd2, 0x98}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x9c, 0x3d, 0x11, 0x40, 0x70, 0x94, 0xbd, 0x8e, 0x97, 0xd5, 0x33, 0xb9, 0x34, 0x9e, 0x1c, 0xbf, 0x87, 0xb9, 0x7d, 0x72, 0x3d, 0x40, 0x3b, 0xfb, 0x89, 0x8b, 0x29, 0xd8, 0x2f, 0xed, 0xd2, 0xd8}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index c463c662d..94ce9f29d 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.20.0-pre.0.20241024150051-2cd5b05b51b1" + defaultImage = "ref/main/stream/nightly/v2.20.0-pre.0.20241029190319-7458d0e8921a" ) From 54058eed2a6895de2708d90485cf4e9daea3414a Mon Sep 17 00:00:00 2001 From: Adrian Stobbe Date: Mon, 4 Nov 2024 08:59:16 +0100 Subject: [PATCH 343/380] terraform: fix security rule reconciliation on Azure (#3454) * fix security rule reconciliation on azure * fix simulated patch version upgrade --- .github/workflows/e2e-upgrade.yml | 93 ++++++++------------------ docs/docs/reference/migration.md | 73 ++++++++++++++------ e2e/internal/upgrade/BUILD.bazel | 1 + e2e/internal/upgrade/upgrade.go | 4 +- e2e/internal/upgrade/upgrade_test.go | 20 +++--- terraform/infrastructure/azure/main.tf | 27 +------- 6 files changed, 97 insertions(+), 121 deletions(-) diff --git a/.github/workflows/e2e-upgrade.yml b/.github/workflows/e2e-upgrade.yml index 986bd8726..ff5082848 100644 --- a/.github/workflows/e2e-upgrade.yml +++ b/.github/workflows/e2e-upgrade.yml @@ -132,57 +132,6 @@ jobs: echo "cloudProvider=${cloudProvider}" | tee -a "$GITHUB_OUTPUT" - build-target-cli: - name: Build upgrade target version CLI - runs-on: ubuntu-24.04 - permissions: - id-token: write - checks: write - contents: read - packages: write - steps: - - name: Checkout - if: inputs.gitRef == 'head' - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - fetch-depth: 0 - ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - - - name: Checkout ref - if: inputs.gitRef != 'head' - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - with: - fetch-depth: 0 - ref: ${{ inputs.gitRef }} - - - name: Setup Bazel & Nix - uses: ./.github/actions/setup_bazel_nix - - - name: Log in to the Container registry - uses: ./.github/actions/container_registry_login - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Simulate patch upgrade - if: inputs.simulatedTargetVersion != '' - run: | - echo ${{ inputs.simulatedTargetVersion }} > version.txt - - - name: Build CLI - uses: ./.github/actions/build_cli - with: - enterpriseCLI: true - outputPath: "build/constellation" - push: true - - - name: Upload CLI binary - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 - with: - name: constellation-upgrade-${{ inputs.attestationVariant }} - path: build/constellation - create-cluster: name: Create upgrade origin version cluster runs-on: ubuntu-24.04 @@ -279,7 +228,6 @@ jobs: packages: write needs: - generate-input-parameters - - build-target-cli - create-cluster steps: - name: Checkout @@ -299,6 +247,32 @@ jobs: - name: Setup Bazel & Nix uses: ./.github/actions/setup_bazel_nix + - name: Log in to the Container registry + uses: ./.github/actions/container_registry_login + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + # applying the version manipulation here so that the upgrade test tool is also on the simulated target version + - name: Simulate patch upgrade + if: inputs.simulatedTargetVersion != '' + run: | + echo ${{ inputs.simulatedTargetVersion }} > version.txt + + - name: Build CLI + uses: ./.github/actions/build_cli + with: + enterpriseCLI: true + outputPath: "build/constellation" + push: true + + - name: Upload CLI binary # is needed for the cleanup step + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + with: + name: constellation-upgrade-${{ inputs.attestationVariant }} + path: build/constellation + - name: Login to AWS uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 with: @@ -335,11 +309,6 @@ jobs: with: azure_credentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }} - - name: Download CLI - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - with: - name: constellation-upgrade-${{ inputs.attestationVariant }} - path: build - name: Download Working Directory (Pre-test) uses: ./.github/actions/artifact_download @@ -404,15 +373,9 @@ jobs: echo "K8s target: $KUBERNETES" echo "Microservice target: $MICROSERVICES" - if [[ -n ${MICROSERVICES} ]]; then - MICROSERVICES_FLAG="--target-microservices=$MICROSERVICES" - fi - if [[ -n ${KUBERNETES} ]]; then - KUBERNETES_FLAG="--target-kubernetes=$KUBERNETES" - fi - sudo sh -c 'echo "127.0.0.1 license.confidential.cloud" >> /etc/hosts' - bazel run --test_timeout=14400 //e2e/internal/upgrade:upgrade_test -- --want-worker "$WORKERNODES" --want-control "$CONTROLNODES" --target-image "$IMAGE" "$KUBERNETES_FLAG" "$MICROSERVICES_FLAG" + CLI=$(realpath ./build/constellation) + bazel run --test_timeout=14400 //e2e/internal/upgrade:upgrade_test -- --want-worker "$WORKERNODES" --want-control "$CONTROLNODES" --target-image "$IMAGE" --target-kubernetes "$KUBERNETES" --target-microservices "$MICROSERVICES" --cli "$CLI" - name: Remove Terraform plugin cache if: always() diff --git a/docs/docs/reference/migration.md b/docs/docs/reference/migration.md index 49cbde702..0252c409f 100644 --- a/docs/docs/reference/migration.md +++ b/docs/docs/reference/migration.md @@ -3,51 +3,81 @@ This document describes breaking changes and migrations between Constellation releases. Use [`constellation config migrate`](./cli.md#constellation-config-migrate) to automatically update an old config file to a new format. +## Migrations to v2.19.1 + +### Azure + +* During the upgrade, security rules are migrated and the old ones need to be cleaned up manually by the user. The below script shows how to delete them through the Azure CLI: + +```bash +#!/usr/bin/env bash +name="" # the name provided in the config +uid="" # the cluster id can be retrieved via `yq '.infrastructure.uid' constellation-state.yaml` +resource_group="" # the RG can be retrieved via `yq '.provider.azure.resourceGroup' constellation-conf.yaml` + +rules=( + "kubernetes" + "bootstrapper" + "verify" + "recovery" + "join" + "debugd" + "konnectivity" +) + +for rule in "${rules[@]}"; do + echo "Deleting rule: ${rule}" + az network nsg rule delete \ + --resource-group "${resource_group}" \ + --nsg-name "${name}-${uid}" \ + --name "${rule}" +done + +echo "All specified rules have been deleted." +``` ## Migrations to v2.19.0 ### Azure -* To allow seamless upgrades on Azure when Kubernetes services of type `LoadBalancer` are deployed, the target +* To allow seamless upgrades on Azure when Kubernetes services of type `LoadBalancer` are deployed, the target load balancer in which the `cloud-controller-manager` creates load balancing rules was changed. Instead of using the load balancer created and maintained by the CLI's Terraform code, the `cloud-controller-manager` now creates its own load balancer in Azure. If your Constellation has services of type `LoadBalancer`, please remove them before the upgrade and re-apply them - afterward. - + afterward. ## Migrating from Azure's service principal authentication to managed identity authentication (during the upgrade to Constellation v2.8.0) -- The `provider.azure.appClientID` and `provider.azure.appClientSecret` fields are no longer supported and should be removed. -- To keep using an existing UAMI, add the `Owner` permission with the scope of your `resourceGroup`. -- Otherwise, simply [create new Constellation IAM credentials](../workflows/config.md#creating-an-iam-configuration) and use the created UAMI. -- To migrate the authentication for an existing cluster on Azure to an UAMI with the necessary permissions: +* The `provider.azure.appClientID` and `provider.azure.appClientSecret` fields are no longer supported and should be removed. +* To keep using an existing UAMI, add the `Owner` permission with the scope of your `resourceGroup`. +* Otherwise, simply [create new Constellation IAM credentials](../workflows/config.md#creating-an-iam-configuration) and use the created UAMI. +* To migrate the authentication for an existing cluster on Azure to an UAMI with the necessary permissions: 1. Remove the `aadClientId` and `aadClientSecret` from the azureconfig secret. 2. Set `useManagedIdentityExtension` to `true` and use the `userAssignedIdentity` from the Constellation config for the value of `userAssignedIdentityID`. 3. Restart the CSI driver, cloud controller manager, cluster autoscaler, and Constellation operator pods. - ## Migrating from CLI versions before 2.10 -- AWS cluster upgrades require additional IAM permissions for the newly introduced `aws-load-balancer-controller`. Please upgrade your IAM roles using `iam upgrade apply`. This will show necessary changes and apply them, if desired. -- The global `nodeGroups` field was added. -- The fields `instanceType`, `stateDiskSizeGB`, and `stateDiskType` for each cloud provider are now part of the configuration of individual node groups. -- The `constellation create` command no longer uses the flags `--control-plane-count` and `--worker-count`. Instead, the initial node count is configured per node group in the `nodeGroups` field. +* AWS cluster upgrades require additional IAM permissions for the newly introduced `aws-load-balancer-controller`. Please upgrade your IAM roles using `iam upgrade apply`. This will show necessary changes and apply them, if desired. +* The global `nodeGroups` field was added. +* The fields `instanceType`, `stateDiskSizeGB`, and `stateDiskType` for each cloud provider are now part of the configuration of individual node groups. +* The `constellation create` command no longer uses the flags `--control-plane-count` and `--worker-count`. Instead, the initial node count is configured per node group in the `nodeGroups` field. ## Migrating from CLI versions before 2.9 -- The `provider.azure.appClientID` and `provider.azure.clientSecretValue` fields were removed to enforce migration to managed identity authentication +* The `provider.azure.appClientID` and `provider.azure.clientSecretValue` fields were removed to enforce migration to managed identity authentication ## Migrating from CLI versions before 2.8 -- The `measurements` field for each cloud service provider was replaced with a global `attestation` field. -- The `confidentialVM`, `idKeyDigest`, and `enforceIdKeyDigest` fields for the Azure cloud service provider were removed in favor of using the global `attestation` field. -- The optional global field `attestationVariant` was replaced by the now required `attestation` field. +* The `measurements` field for each cloud service provider was replaced with a global `attestation` field. +* The `confidentialVM`, `idKeyDigest`, and `enforceIdKeyDigest` fields for the Azure cloud service provider were removed in favor of using the global `attestation` field. +* The optional global field `attestationVariant` was replaced by the now required `attestation` field. ## Migrating from CLI versions before 2.3 -- The `sshUsers` field was deprecated in v2.2 and has been removed from the configuration in v2.3. +* The `sshUsers` field was deprecated in v2.2 and has been removed from the configuration in v2.3. As an alternative for SSH, check the workflow section [Connect to nodes](../workflows/troubleshooting.md#node-shell-access). -- The `image` field for each cloud service provider has been replaced with a global `image` field. Use the following mapping to migrate your configuration: +* The `image` field for each cloud service provider has been replaced with a global `image` field. Use the following mapping to migrate your configuration:
        Show all @@ -77,10 +107,11 @@ Use [`constellation config migrate`](./cli.md#constellation-config-migrate) to a | GCP | `projects/constellation-images/global/images/constellation-v2-2-0` | `v2.2.0` | | GCP | `projects/constellation-images/global/images/constellation-v2-1-0` | `v2.1.0` | | GCP | `projects/constellation-images/global/images/constellation-v2-0-0` | `v2.0.0` | +
        -- The `enforcedMeasurements` field has been removed and merged with the `measurements` field. - - To migrate your config containing a new image (`v2.3` or greater), remove the old `measurements` and `enforcedMeasurements` entries from your config and run `constellation fetch-measurements` - - To migrate your config containing an image older than `v2.3`, remove the `enforcedMeasurements` entry and replace the entries in `measurements` as shown in the example below: +* The `enforcedMeasurements` field has been removed and merged with the `measurements` field. + * To migrate your config containing a new image (`v2.3` or greater), remove the old `measurements` and `enforcedMeasurements` entries from your config and run `constellation fetch-measurements` + * To migrate your config containing an image older than `v2.3`, remove the `enforcedMeasurements` entry and replace the entries in `measurements` as shown in the example below: ```diff measurements: diff --git a/e2e/internal/upgrade/BUILD.bazel b/e2e/internal/upgrade/BUILD.bazel index 6e368e94f..8acfc7e94 100644 --- a/e2e/internal/upgrade/BUILD.bazel +++ b/e2e/internal/upgrade/BUILD.bazel @@ -47,6 +47,7 @@ go_test( "//e2e/internal/kubectl", "//internal/constants", "//internal/versions", + "@com_github_stretchr_testify//assert", "@com_github_stretchr_testify//require", "@io_k8s_api//core/v1:core", "@io_k8s_apimachinery//pkg/apis/meta/v1:meta", diff --git a/e2e/internal/upgrade/upgrade.go b/e2e/internal/upgrade/upgrade.go index 2dd283ef8..fd2483259 100644 --- a/e2e/internal/upgrade/upgrade.go +++ b/e2e/internal/upgrade/upgrade.go @@ -301,10 +301,10 @@ func getCLIPath(cliPathFlag string) (string, error) { pathCLI := os.Getenv("PATH_CLI") var relCLIPath string switch { - case pathCLI != "": - relCLIPath = pathCLI case cliPathFlag != "": relCLIPath = cliPathFlag + case pathCLI != "": + relCLIPath = pathCLI default: return "", errors.New("neither 'PATH_CLI' nor 'cli' flag set") } diff --git a/e2e/internal/upgrade/upgrade_test.go b/e2e/internal/upgrade/upgrade_test.go index 4206348f2..be47bb197 100644 --- a/e2e/internal/upgrade/upgrade_test.go +++ b/e2e/internal/upgrade/upgrade_test.go @@ -23,6 +23,7 @@ import ( "github.com/edgelesssys/constellation/v2/e2e/internal/kubectl" "github.com/edgelesssys/constellation/v2/internal/constants" "github.com/edgelesssys/constellation/v2/internal/versions" + "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" coreV1 "k8s.io/api/core/v1" metaV1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -81,7 +82,8 @@ func TestUpgrade(t *testing.T) { log.Println(string(data)) log.Println("Checking upgrade.") - runUpgradeCheck(require, cli, *targetKubernetes) + assert := assert.New(t) // use assert because this part is more brittle and should not fail the entire test + runUpgradeCheck(assert, cli, *targetKubernetes) log.Println("Triggering upgrade.") runUpgradeApply(require, cli) @@ -170,25 +172,25 @@ func testNodesEventuallyAvailable(t *testing.T, k *kubernetes.Clientset, wantCon // runUpgradeCheck executes 'upgrade check' and does basic checks on the output. // We can not check images upgrades because we might use unpublished images. CLI uses public CDN to check for available images. -func runUpgradeCheck(require *require.Assertions, cli, targetKubernetes string) { +func runUpgradeCheck(assert *assert.Assertions, cli, targetKubernetes string) { cmd := exec.CommandContext(context.Background(), cli, "upgrade", "check", "--debug") stdout, stderr, err := runCommandWithSeparateOutputs(cmd) - require.NoError(err, "Stdout: %s\nStderr: %s", string(stdout), string(stderr)) + assert.NoError(err, "Stdout: %s\nStderr: %s", string(stdout), string(stderr)) - require.Contains(string(stdout), "The following updates are available with this CLI:") - require.Contains(string(stdout), "Kubernetes:") + assert.Contains(string(stdout), "The following updates are available with this CLI:") + assert.Contains(string(stdout), "Kubernetes:") log.Printf("targetKubernetes: %s\n", targetKubernetes) if targetKubernetes == "" { log.Printf("true\n") - require.True(containsAny(string(stdout), versions.SupportedK8sVersions())) + assert.True(containsAny(string(stdout), versions.SupportedK8sVersions())) } else { log.Printf("false. targetKubernetes: %s\n", targetKubernetes) - require.Contains(string(stdout), targetKubernetes, fmt.Sprintf("Expected Kubernetes version %s in output.", targetKubernetes)) + assert.Contains(string(stdout), targetKubernetes, fmt.Sprintf("Expected Kubernetes version %s in output.", targetKubernetes)) } - require.Contains(string(stdout), "Services:") - require.Contains(string(stdout), fmt.Sprintf("--> %s", constants.BinaryVersion().String())) + assert.Contains(string(stdout), "Services:") + assert.Contains(string(stdout), fmt.Sprintf("--> %s", constants.BinaryVersion().String())) log.Println(string(stdout)) } diff --git a/terraform/infrastructure/azure/main.tf b/terraform/infrastructure/azure/main.tf index 147197ab3..b670b2989 100644 --- a/terraform/infrastructure/azure/main.tf +++ b/terraform/infrastructure/azure/main.tf @@ -227,36 +227,15 @@ resource "azurerm_network_security_group" "security_group" { location = var.location resource_group_name = var.resource_group tags = local.tags - - dynamic "security_rule" { - # we keep this rule for one last release since the azurerm provider does not - # support moving security rules that are inlined (like this) to the external resource one. - # Even worse, just defining the azurerm_network_security_group without the - # "security_rule" block will NOT remove all the rules but do nothing. - # TODO(@3u13r): remove the "security_rule" block in the next release after this code has landed. - # So either after 2.19 or after 2.18.X if cherry-picked release. - for_each = [{ name = "konnectivity", priority = 1000, port = 8132 }] - content { - name = security_rule.value.name - priority = security_rule.value.priority - direction = "Inbound" - access = "Allow" - protocol = "Tcp" - source_port_range = "*" - destination_port_range = security_rule.value.port - source_address_prefix = "*" - destination_address_prefix = "*" - } - } } resource "azurerm_network_security_rule" "nsg_rule" { for_each = { for o in local.ports : o.name => o } - - name = each.value.name - priority = each.value.priority + # TODO(elchead): v2.20.0: remove name suffix and priority offset. Might need to add create_before_destroy to the NSG rule. + name = "${each.value.name}-new" + priority = each.value.priority + 10 # offset to not overlap with old rules direction = "Inbound" access = "Allow" protocol = "Tcp" From 960499a9371ebbe6b47758980827871af8a04319 Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Mon, 4 Nov 2024 14:53:35 +0100 Subject: [PATCH 344/380] image: unset password reset date to ensure reprodicibility (#3466) * image: unset password reset date --- image/base/BUILD.bazel | 1 + image/base/mkosi.finalize | 14 ++++++++++++++ 2 files changed, 15 insertions(+) create mode 100755 image/base/mkosi.finalize diff --git a/image/base/BUILD.bazel b/image/base/BUILD.bazel index 9028b8376..2928787f1 100644 --- a/image/base/BUILD.bazel +++ b/image/base/BUILD.bazel @@ -30,6 +30,7 @@ copy_to_directory( mkosi_image( name = "base_" + kernel_variant, srcs = [ + "mkosi.finalize", "mkosi.postinst", "mkosi.prepare", ] + glob([ diff --git a/image/base/mkosi.finalize b/image/base/mkosi.finalize new file mode 100755 index 000000000..561db202f --- /dev/null +++ b/image/base/mkosi.finalize @@ -0,0 +1,14 @@ +#!/usr/bin/env bash +set -euxo pipefail + +# For some reason yet unknown, SourceDateEpoch is not applied correctly to the +# users added by systemd-sysusers. This has only been observed in our mkosi +# flake so far, not in an upstream mkosi configuration. +# TODO(burgerdev): wait for a couple of Nix package upgrades and try again? + +# Strategy: unset the "last password change" date without leaving a trace in +# /etc/shadow-. +tmp=$(mktemp) +cp -a "${BUILDROOT}/etc/shadow-" "${tmp}" +mkosi-chroot chage -d "" etcd +cp -a "${tmp}" "${BUILDROOT}/etc/shadow-" From e39d90ac1e9cfb4f124ca98fdddb8234422d5ea4 Mon Sep 17 00:00:00 2001 From: Adrian Stobbe Date: Tue, 5 Nov 2024 09:56:29 +0100 Subject: [PATCH 345/380] add migrate instructions to v2.19 docs (#3469) --- .../version-2.19/reference/migration.md | 73 +++++++++++++------ 1 file changed, 52 insertions(+), 21 deletions(-) diff --git a/docs/versioned_docs/version-2.19/reference/migration.md b/docs/versioned_docs/version-2.19/reference/migration.md index 49cbde702..0252c409f 100644 --- a/docs/versioned_docs/version-2.19/reference/migration.md +++ b/docs/versioned_docs/version-2.19/reference/migration.md @@ -3,51 +3,81 @@ This document describes breaking changes and migrations between Constellation releases. Use [`constellation config migrate`](./cli.md#constellation-config-migrate) to automatically update an old config file to a new format. +## Migrations to v2.19.1 + +### Azure + +* During the upgrade, security rules are migrated and the old ones need to be cleaned up manually by the user. The below script shows how to delete them through the Azure CLI: + +```bash +#!/usr/bin/env bash +name="" # the name provided in the config +uid="" # the cluster id can be retrieved via `yq '.infrastructure.uid' constellation-state.yaml` +resource_group="" # the RG can be retrieved via `yq '.provider.azure.resourceGroup' constellation-conf.yaml` + +rules=( + "kubernetes" + "bootstrapper" + "verify" + "recovery" + "join" + "debugd" + "konnectivity" +) + +for rule in "${rules[@]}"; do + echo "Deleting rule: ${rule}" + az network nsg rule delete \ + --resource-group "${resource_group}" \ + --nsg-name "${name}-${uid}" \ + --name "${rule}" +done + +echo "All specified rules have been deleted." +``` ## Migrations to v2.19.0 ### Azure -* To allow seamless upgrades on Azure when Kubernetes services of type `LoadBalancer` are deployed, the target +* To allow seamless upgrades on Azure when Kubernetes services of type `LoadBalancer` are deployed, the target load balancer in which the `cloud-controller-manager` creates load balancing rules was changed. Instead of using the load balancer created and maintained by the CLI's Terraform code, the `cloud-controller-manager` now creates its own load balancer in Azure. If your Constellation has services of type `LoadBalancer`, please remove them before the upgrade and re-apply them - afterward. - + afterward. ## Migrating from Azure's service principal authentication to managed identity authentication (during the upgrade to Constellation v2.8.0) -- The `provider.azure.appClientID` and `provider.azure.appClientSecret` fields are no longer supported and should be removed. -- To keep using an existing UAMI, add the `Owner` permission with the scope of your `resourceGroup`. -- Otherwise, simply [create new Constellation IAM credentials](../workflows/config.md#creating-an-iam-configuration) and use the created UAMI. -- To migrate the authentication for an existing cluster on Azure to an UAMI with the necessary permissions: +* The `provider.azure.appClientID` and `provider.azure.appClientSecret` fields are no longer supported and should be removed. +* To keep using an existing UAMI, add the `Owner` permission with the scope of your `resourceGroup`. +* Otherwise, simply [create new Constellation IAM credentials](../workflows/config.md#creating-an-iam-configuration) and use the created UAMI. +* To migrate the authentication for an existing cluster on Azure to an UAMI with the necessary permissions: 1. Remove the `aadClientId` and `aadClientSecret` from the azureconfig secret. 2. Set `useManagedIdentityExtension` to `true` and use the `userAssignedIdentity` from the Constellation config for the value of `userAssignedIdentityID`. 3. Restart the CSI driver, cloud controller manager, cluster autoscaler, and Constellation operator pods. - ## Migrating from CLI versions before 2.10 -- AWS cluster upgrades require additional IAM permissions for the newly introduced `aws-load-balancer-controller`. Please upgrade your IAM roles using `iam upgrade apply`. This will show necessary changes and apply them, if desired. -- The global `nodeGroups` field was added. -- The fields `instanceType`, `stateDiskSizeGB`, and `stateDiskType` for each cloud provider are now part of the configuration of individual node groups. -- The `constellation create` command no longer uses the flags `--control-plane-count` and `--worker-count`. Instead, the initial node count is configured per node group in the `nodeGroups` field. +* AWS cluster upgrades require additional IAM permissions for the newly introduced `aws-load-balancer-controller`. Please upgrade your IAM roles using `iam upgrade apply`. This will show necessary changes and apply them, if desired. +* The global `nodeGroups` field was added. +* The fields `instanceType`, `stateDiskSizeGB`, and `stateDiskType` for each cloud provider are now part of the configuration of individual node groups. +* The `constellation create` command no longer uses the flags `--control-plane-count` and `--worker-count`. Instead, the initial node count is configured per node group in the `nodeGroups` field. ## Migrating from CLI versions before 2.9 -- The `provider.azure.appClientID` and `provider.azure.clientSecretValue` fields were removed to enforce migration to managed identity authentication +* The `provider.azure.appClientID` and `provider.azure.clientSecretValue` fields were removed to enforce migration to managed identity authentication ## Migrating from CLI versions before 2.8 -- The `measurements` field for each cloud service provider was replaced with a global `attestation` field. -- The `confidentialVM`, `idKeyDigest`, and `enforceIdKeyDigest` fields for the Azure cloud service provider were removed in favor of using the global `attestation` field. -- The optional global field `attestationVariant` was replaced by the now required `attestation` field. +* The `measurements` field for each cloud service provider was replaced with a global `attestation` field. +* The `confidentialVM`, `idKeyDigest`, and `enforceIdKeyDigest` fields for the Azure cloud service provider were removed in favor of using the global `attestation` field. +* The optional global field `attestationVariant` was replaced by the now required `attestation` field. ## Migrating from CLI versions before 2.3 -- The `sshUsers` field was deprecated in v2.2 and has been removed from the configuration in v2.3. +* The `sshUsers` field was deprecated in v2.2 and has been removed from the configuration in v2.3. As an alternative for SSH, check the workflow section [Connect to nodes](../workflows/troubleshooting.md#node-shell-access). -- The `image` field for each cloud service provider has been replaced with a global `image` field. Use the following mapping to migrate your configuration: +* The `image` field for each cloud service provider has been replaced with a global `image` field. Use the following mapping to migrate your configuration:
        Show all @@ -77,10 +107,11 @@ Use [`constellation config migrate`](./cli.md#constellation-config-migrate) to a | GCP | `projects/constellation-images/global/images/constellation-v2-2-0` | `v2.2.0` | | GCP | `projects/constellation-images/global/images/constellation-v2-1-0` | `v2.1.0` | | GCP | `projects/constellation-images/global/images/constellation-v2-0-0` | `v2.0.0` | +
        -- The `enforcedMeasurements` field has been removed and merged with the `measurements` field. - - To migrate your config containing a new image (`v2.3` or greater), remove the old `measurements` and `enforcedMeasurements` entries from your config and run `constellation fetch-measurements` - - To migrate your config containing an image older than `v2.3`, remove the `enforcedMeasurements` entry and replace the entries in `measurements` as shown in the example below: +* The `enforcedMeasurements` field has been removed and merged with the `measurements` field. + * To migrate your config containing a new image (`v2.3` or greater), remove the old `measurements` and `enforcedMeasurements` entries from your config and run `constellation fetch-measurements` + * To migrate your config containing an image older than `v2.3`, remove the `enforcedMeasurements` entry and replace the entries in `measurements` as shown in the example below: ```diff measurements: From f2b919a563ba86af2de6824557be8e317b686b80 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Tue, 5 Nov 2024 17:09:26 +0100 Subject: [PATCH 346/380] image: update locked rpms (#3468) Co-authored-by: edgelessci --- image/mirror/SHA256SUMS | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/image/mirror/SHA256SUMS b/image/mirror/SHA256SUMS index b590a3005..e81da40ce 100644 --- a/image/mirror/SHA256SUMS +++ b/image/mirror/SHA256SUMS @@ -50,13 +50,13 @@ ac4f1b2eaf5d452512e7b6172c93880c2b501946b71a228adc02d50bb3fb56e0 e2fsprogs-1.47 3e0ec4d7b4b95d10f58c5269688e03da7abb4d73169c76761f4fc7e7f7797a47 ec2-utils-1.2-47.amzn2.noarch.rpm e6231ec4268b3efa928250eb4106311e0f33396422245b938bfed4ba2d79c573 efitools-1.9.2-9.fc38.x86_64.rpm 6ac676d78c2df896f9794a8dffb75ea69c58d202c68f4bcf084f0d264154a666 efivar-libs-39-2.fc40.x86_64.rpm -9ad9cb26333304bd94c0be94573c813d24c4dbbc93d64c6942013a206c149fbc elfutils-debuginfod-client-0.192-3.fc40.i686.rpm -bca2080220c5e011a214fc94b5407c5109477e380aa5d3691c670ee0471a5bbf elfutils-debuginfod-client-0.192-3.fc40.x86_64.rpm -e45b008c8cb5165f2aa16fd206056196aa892ecd9d1e9197301be390f995a1f1 elfutils-default-yama-scope-0.192-3.fc40.noarch.rpm -84336ba7d4a01a50487b17fd6018239d23409d86e30d14818b15a830bab95ee7 elfutils-libelf-0.192-3.fc40.i686.rpm -7057f106d5e5e42ebf3f78f9258ab018091ec93c944f02b924c339d4075190b7 elfutils-libelf-0.192-3.fc40.x86_64.rpm -3ceecff60fa73cbc4b9e51577af5d2413bdad1910fb21642008182f5e9fc264b elfutils-libs-0.192-3.fc40.i686.rpm -0e891e291545e1d193ee7b609bd5d43a52cf2345c95ef4b5345b3adc1a4fffcc elfutils-libs-0.192-3.fc40.x86_64.rpm +357561054d8964bebed6e8f79bc6213a6df810a66d6d36d6eeeb881530667d0e elfutils-debuginfod-client-0.192-4.fc40.i686.rpm +7ec661eef51c766496b5414d852f90b35b4c93247e4fb736840f6b24bd9dfe1a elfutils-debuginfod-client-0.192-4.fc40.x86_64.rpm +04c41c3743991edc45f3a41baa726d4bae184da26990432c318a6f82d626ac78 elfutils-default-yama-scope-0.192-4.fc40.noarch.rpm +ffa8a54d1c29e1fd2276704f18fe860d120333adc464530891d105ec81b47b89 elfutils-libelf-0.192-4.fc40.i686.rpm +ba72f1e8f6a9a328a310a2397cf1ad4c47d310bec0b375aee8984d4d37936b7c elfutils-libelf-0.192-4.fc40.x86_64.rpm +27b95fd6a8075dd861e9cfb351cd3587e1d190c8094457ded784ccbce97e57b8 elfutils-libs-0.192-4.fc40.i686.rpm +9040db997101fdfab569cbc4211910caec7c92a5e58ae0e69fd7902cd1fa3b10 elfutils-libs-0.192-4.fc40.x86_64.rpm 95cf8ee199b2e1b3471f920ebad57d3d8178f5e68d37ee35a8a94727473ec8d3 ethtool-6.11-1.fc40.x86_64.rpm 3a5ba168021a01107d6dd4dc7cffe8bb5553c64f236c436979b9fddfdc4cb59d expat-2.6.3-1.fc40.x86_64.rpm 849feb04544096f9bbe16bc78c2198708fe658bdafa08575c911e538a7d31c18 fedora-gpg-keys-40-2.noarch.rpm From 273ec733fb2311ed9593f5eab170b46abab79845 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Wed, 6 Nov 2024 08:28:21 +0100 Subject: [PATCH 347/380] image: update measurements and image version (#3471) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index 15d994a04..d8c442936 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xf4, 0x3f, 0x9a, 0x55, 0x36, 0x4d, 0x09, 0xa4, 0x54, 0x1c, 0x11, 0x30, 0x4f, 0xba, 0xb4, 0xae, 0x8a, 0xcf, 0xd6, 0xb5, 0x02, 0x63, 0x42, 0x36, 0xd2, 0xb6, 0x29, 0x87, 0xd8, 0x72, 0x84, 0x3e}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xcb, 0x0e, 0x94, 0x56, 0x27, 0x06, 0xcd, 0x48, 0xf5, 0x5d, 0x36, 0x8c, 0x21, 0xbe, 0xdc, 0xa5, 0x67, 0x6a, 0xe9, 0x60, 0x97, 0x8e, 0x50, 0x68, 0xaa, 0x8e, 0xda, 0x9b, 0x05, 0xed, 0xc3, 0xad}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xde, 0x54, 0x00, 0x6d, 0x04, 0x85, 0x10, 0xff, 0x09, 0x6f, 0x1a, 0x4c, 0x76, 0x02, 0xfc, 0x1c, 0x75, 0x06, 0x2e, 0xbd, 0x52, 0x11, 0xd7, 0x59, 0xb0, 0x0d, 0x1a, 0x30, 0x49, 0xf9, 0x3d, 0x2d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x0f, 0x03, 0x6a, 0x00, 0xae, 0xae, 0xbe, 0x8f, 0x21, 0xa2, 0x24, 0xbe, 0xaa, 0x83, 0x0e, 0x54, 0xc1, 0xb1, 0xd1, 0x14, 0x46, 0x7a, 0x40, 0x07, 0x3c, 0x3c, 0x67, 0xb1, 0x37, 0x6d, 0xcf, 0x7a}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb7, 0x70, 0x9a, 0x78, 0x80, 0xcf, 0xc3, 0x80, 0xa9, 0x68, 0x61, 0x6a, 0xed, 0x09, 0xc2, 0xe3, 0xb0, 0x07, 0x90, 0x90, 0xc7, 0x28, 0x1f, 0xf3, 0x54, 0x8b, 0x36, 0xf3, 0xf4, 0x71, 0x21, 0xb2}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x28, 0x62, 0xc1, 0xd5, 0xc7, 0xc5, 0x67, 0x58, 0x20, 0x0f, 0x68, 0x2d, 0x94, 0xd3, 0x5e, 0xd1, 0xbc, 0x49, 0x7d, 0xf3, 0x9e, 0x94, 0x0f, 0x57, 0xf4, 0xa6, 0x9a, 0xce, 0x99, 0x89, 0xf3, 0xae}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x85, 0xbd, 0x81, 0xd1, 0x99, 0x0d, 0x68, 0x06, 0x6e, 0x3a, 0x42, 0xd9, 0xc7, 0x84, 0x6e, 0x35, 0x19, 0x24, 0x70, 0x42, 0x79, 0x85, 0xc6, 0x49, 0x86, 0x16, 0xc8, 0xea, 0x1a, 0x75, 0x0a, 0xdb}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x67, 0x3d, 0xb2, 0x43, 0x5e, 0x37, 0xf0, 0x81, 0xa2, 0xf4, 0xab, 0x7a, 0x21, 0x02, 0x95, 0x23, 0x02, 0x26, 0x5b, 0xf2, 0x7a, 0x9a, 0x7e, 0x23, 0xf3, 0xc0, 0x40, 0xc2, 0xc9, 0x26, 0xbf, 0x6a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x62, 0x17, 0xc5, 0xfb, 0xb7, 0x71, 0x3b, 0xed, 0xf9, 0x1d, 0x6b, 0x37, 0x52, 0x17, 0x1b, 0xf8, 0xee, 0x37, 0x75, 0x06, 0x8a, 0x97, 0x8d, 0x01, 0xf0, 0x75, 0x4a, 0x96, 0xc8, 0x21, 0xe3, 0x92}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x89, 0xfe, 0x85, 0x6b, 0x4f, 0xce, 0xd6, 0xc7, 0x21, 0xed, 0x3b, 0x25, 0xf1, 0x09, 0xad, 0xe6, 0xa5, 0xc8, 0x31, 0x2b, 0xb4, 0xf9, 0x1a, 0x3a, 0x40, 0x1d, 0xee, 0xed, 0x64, 0x84, 0x28, 0x02}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x68, 0xd6, 0x49, 0x3d, 0x26, 0xa3, 0xcf, 0x41, 0xa8, 0x78, 0x4c, 0xc0, 0x7a, 0xa9, 0x1a, 0x31, 0x18, 0x70, 0xb8, 0x35, 0xdc, 0x62, 0x7f, 0xd2, 0x4d, 0xf6, 0x68, 0xd8, 0x9b, 0x7d, 0x0f, 0xbf}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x32, 0x0f, 0x05, 0xca, 0xe0, 0xbb, 0x50, 0xc5, 0x81, 0x19, 0x72, 0x92, 0x8e, 0x45, 0x4a, 0xc5, 0x33, 0x74, 0xd5, 0x31, 0xa5, 0xe3, 0x42, 0x67, 0x1d, 0x92, 0x96, 0x52, 0xdc, 0x73, 0xc6, 0x7c}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x84, 0x2a, 0x1c, 0x72, 0x79, 0xf3, 0x91, 0x0b, 0x67, 0xc5, 0x17, 0x57, 0xf0, 0x06, 0x6f, 0x30, 0x00, 0x75, 0x21, 0x76, 0x01, 0x14, 0x82, 0xa1, 0x69, 0x2e, 0xb7, 0x05, 0x06, 0xe7, 0x97, 0x52}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb6, 0x05, 0x1d, 0x27, 0x25, 0xfd, 0xa5, 0x1d, 0x71, 0x97, 0xf6, 0xb1, 0x4a, 0x71, 0xf4, 0xb9, 0x22, 0xfd, 0xde, 0x9b, 0xde, 0x35, 0xca, 0xf5, 0x79, 0x40, 0x2d, 0x46, 0x93, 0x8c, 0x00, 0x6d}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd7, 0xe0, 0x13, 0x3c, 0xc5, 0xc5, 0x66, 0x4b, 0xcb, 0x4e, 0x7e, 0x50, 0x32, 0xda, 0xb8, 0x31, 0x8d, 0xab, 0x38, 0x44, 0x35, 0xa1, 0x2b, 0x4f, 0xd9, 0xee, 0x59, 0xa4, 0x5d, 0x40, 0x41, 0x0e}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xe0, 0xd1, 0xd9, 0x0b, 0x9c, 0xe7, 0x55, 0x25, 0x25, 0x81, 0x9c, 0x58, 0x85, 0x76, 0x6c, 0x64, 0x5d, 0x48, 0x6a, 0x4f, 0x26, 0xeb, 0x41, 0xa5, 0x22, 0xd8, 0xe5, 0xc7, 0x30, 0x22, 0x57, 0x62}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x8b, 0x24, 0x8a, 0xe8, 0x11, 0xfb, 0x5a, 0x36, 0xd1, 0x59, 0xed, 0xf2, 0xbf, 0xb1, 0x2a, 0x3f, 0xc6, 0x30, 0x22, 0x7a, 0xbd, 0x8f, 0x1f, 0xa8, 0xf0, 0xdf, 0xe6, 0x54, 0xf8, 0x5e, 0x0b, 0x30}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x45, 0xfa, 0x1f, 0xb2, 0x91, 0xd8, 0xd0, 0x47, 0x7f, 0x4e, 0x4a, 0xfd, 0xff, 0x7c, 0xc1, 0x04, 0xea, 0xc2, 0x22, 0x02, 0x69, 0x08, 0x52, 0x0f, 0xd9, 0xab, 0xe2, 0x04, 0x68, 0x29, 0x3b, 0x43}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x0d, 0x94, 0x36, 0x1d, 0x09, 0x0d, 0xe7, 0xdf, 0xcf, 0xd4, 0x15, 0x08, 0xdc, 0xcd, 0x10, 0xe9, 0xd5, 0xb5, 0x35, 0xfa, 0x6d, 0xe9, 0x7e, 0x59, 0xcf, 0x8b, 0xcc, 0xf7, 0x17, 0x23, 0x89, 0x20}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x23, 0x7a, 0xa3, 0x0c, 0x89, 0x07, 0xf7, 0xc8, 0xba, 0x0a, 0xf4, 0x63, 0x1f, 0x7e, 0xeb, 0xde, 0x6e, 0x85, 0xce, 0x0c, 0xc1, 0xe2, 0xc6, 0x10, 0x33, 0x06, 0x6a, 0x8c, 0xf2, 0xb0, 0xd1, 0x7c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x6c, 0xbf, 0x11, 0x48, 0x9f, 0x11, 0xab, 0xac, 0xc5, 0xd8, 0x5c, 0x0d, 0x18, 0x98, 0x70, 0x64, 0x58, 0x69, 0xc9, 0x93, 0x8b, 0xff, 0x53, 0x56, 0x20, 0x20, 0x0b, 0x7a, 0xdc, 0xf6, 0x9e, 0x1e}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x22, 0x69, 0xad, 0xfb, 0x7b, 0xd0, 0x47, 0x7f, 0x4c, 0x2b, 0x5e, 0x4e, 0x3d, 0xca, 0x8e, 0x37, 0x4d, 0xaa, 0xbe, 0x67, 0xf9, 0x60, 0xb9, 0x55, 0x31, 0x6d, 0x58, 0x98, 0xf7, 0x79, 0x2d, 0x40}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x41, 0xd9, 0x1d, 0xc9, 0xb0, 0x1e, 0x92, 0x53, 0x13, 0x75, 0xa8, 0xe6, 0x54, 0xa3, 0x04, 0x62, 0x4b, 0x5d, 0x25, 0xcd, 0xa1, 0xa1, 0x74, 0x93, 0xc2, 0x54, 0x04, 0x17, 0x98, 0xb5, 0x3e, 0xb8}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x47, 0xf8, 0x62, 0x72, 0x1e, 0x6f, 0xf3, 0x3f, 0x2d, 0x8e, 0x77, 0x27, 0xa3, 0xe3, 0x0a, 0x1a, 0xb7, 0x56, 0x69, 0x0d, 0x5f, 0x51, 0x09, 0x79, 0x11, 0xd3, 0xc5, 0x4e, 0xc4, 0xc9, 0x5c, 0x8c}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x90, 0x0c, 0x8d, 0xba, 0x67, 0x87, 0xbb, 0xe9, 0x72, 0xef, 0x5b, 0x6b, 0x22, 0x72, 0x85, 0x07, 0x5e, 0x78, 0x90, 0x3b, 0x55, 0x44, 0x7f, 0x71, 0x21, 0x4b, 0x92, 0xb4, 0x78, 0x8f, 0xe9, 0x4c}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x68, 0x18, 0x57, 0x7f, 0x6c, 0x84, 0x29, 0x82, 0x43, 0x54, 0x14, 0x3b, 0x58, 0x03, 0xaa, 0x0b, 0x7e, 0xd6, 0x8c, 0x3d, 0x37, 0x2f, 0x1c, 0x9f, 0x13, 0x2f, 0xea, 0x5b, 0x82, 0x5e, 0xe5, 0x77}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x74, 0x9d, 0x9b, 0x09, 0x67, 0x69, 0x65, 0x52, 0x68, 0x49, 0x6f, 0x31, 0x30, 0xec, 0x22, 0xf6, 0x93, 0x9f, 0x90, 0xb0, 0x97, 0xbe, 0x7b, 0x7f, 0x6e, 0x2a, 0x18, 0x82, 0xb1, 0xf6, 0xdb, 0x20}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x8f, 0xce, 0x1a, 0x7e, 0xa2, 0xba, 0xab, 0x38, 0x84, 0xb9, 0xd3, 0x99, 0x03, 0x41, 0x5d, 0x22, 0x18, 0x3b, 0x20, 0xd3, 0x67, 0xd4, 0xff, 0x52, 0x15, 0xd0, 0x5e, 0x41, 0xf6, 0x3b, 0xc2, 0xad}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x53, 0xc7, 0x77, 0x67, 0xb5, 0x1b, 0x90, 0x93, 0x78, 0x5b, 0x2c, 0xa0, 0x31, 0xbb, 0xeb, 0x47, 0xec, 0xaa, 0x1d, 0x96, 0xbe, 0xa6, 0x19, 0x06, 0xd8, 0xf2, 0x1d, 0xb7, 0xb3, 0x85, 0x29, 0xb5}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x3c, 0x36, 0xce, 0xf6, 0xc0, 0x1e, 0x9c, 0x1c, 0x99, 0x9f, 0xde, 0x67, 0xcf, 0x78, 0x3c, 0x08, 0x92, 0x03, 0x5c, 0xbe, 0xca, 0xf2, 0x35, 0x71, 0xa7, 0x38, 0x21, 0x72, 0xd6, 0x64, 0x8e, 0x2b}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0xa9, 0x50, 0x4b, 0xd1, 0x0e, 0x45, 0x55, 0xa6, 0xc4, 0x1a, 0x5a, 0x9b, 0x78, 0x16, 0x74, 0x11, 0x63, 0x9b, 0x36, 0x56, 0xbc, 0xd9, 0xf6, 0x38, 0xba, 0xc2, 0x6c, 0xcf, 0x9a, 0x18, 0xa1, 0x30}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x35, 0xa8, 0xa7, 0x89, 0xb8, 0x57, 0x9f, 0x22, 0xec, 0xfe, 0x57, 0x34, 0x32, 0x00, 0xc7, 0x68, 0xe9, 0x09, 0x2b, 0x4b, 0x80, 0xf0, 0xdc, 0xcc, 0x4f, 0x3e, 0x86, 0xef, 0x6f, 0x5b, 0xbf, 0x36}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x9a, 0x4a, 0x18, 0x7c, 0x2e, 0x25, 0xd7, 0xb8, 0x63, 0xdb, 0x5c, 0x5b, 0x99, 0xb0, 0xdf, 0x37, 0x9f, 0xd8, 0x29, 0x9d, 0xd4, 0xfd, 0xaa, 0x94, 0x1b, 0xd2, 0xe4, 0x83, 0x68, 0x39, 0x02, 0xb3}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xdf, 0x60, 0xb1, 0x2e, 0x84, 0x5a, 0x60, 0xca, 0xcf, 0x4e, 0xb0, 0xb3, 0x51, 0x86, 0x3c, 0x44, 0x5f, 0x33, 0x7b, 0x51, 0x12, 0x69, 0xda, 0xc2, 0x52, 0x49, 0x53, 0x9a, 0xfe, 0x75, 0x9a, 0x9a}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x1e, 0x7d, 0x18, 0x83, 0x02, 0x71, 0x33, 0x80, 0x6b, 0x65, 0x92, 0x81, 0x4f, 0xb1, 0xbb, 0xd4, 0xf7, 0x8d, 0xcd, 0x9c, 0xe1, 0x1a, 0x89, 0xe3, 0xdd, 0x2f, 0x52, 0x0c, 0x01, 0x66, 0xc7, 0x38}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x92, 0x60, 0x87, 0xae, 0xb0, 0x8c, 0xf8, 0x8a, 0x45, 0xad, 0x8f, 0x02, 0xee, 0x92, 0xed, 0xf1, 0x03, 0x43, 0x18, 0x27, 0xfd, 0x29, 0xbc, 0x3a, 0x70, 0x69, 0xc5, 0xf2, 0x24, 0x81, 0x04, 0x28}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x62, 0xee, 0x97, 0x2f, 0x2e, 0x7e, 0xbc, 0xf2, 0x28, 0x85, 0x89, 0x7a, 0x63, 0xab, 0x32, 0x84, 0xf4, 0xa9, 0x65, 0x6d, 0xa8, 0x63, 0x08, 0xb0, 0x00, 0x4f, 0xec, 0x46, 0x74, 0x6e, 0x10, 0x89}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x3e, 0x47, 0xb9, 0x5e, 0x38, 0x7c, 0xe5, 0xae, 0xb5, 0x44, 0x03, 0x6a, 0x1f, 0x87, 0x5b, 0x8c, 0x35, 0x4e, 0x69, 0xb2, 0x7e, 0xfe, 0x07, 0xf1, 0x5a, 0xc5, 0x5c, 0x87, 0x7f, 0x98, 0xf3, 0x89}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xc7, 0x3a, 0x85, 0xd4, 0x4c, 0x2f, 0x8d, 0xd8, 0xe5, 0x90, 0xfc, 0x59, 0x63, 0xf5, 0x23, 0xbb, 0x79, 0x24, 0x57, 0xe8, 0x33, 0x06, 0x6b, 0xd3, 0x8f, 0xa7, 0x88, 0xed, 0x47, 0x02, 0x5c, 0x79}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0xcc, 0xaf, 0xa7, 0x84, 0x59, 0x53, 0x35, 0xae, 0xa1, 0xbd, 0xd0, 0x25, 0xc9, 0x0d, 0x69, 0x62, 0x31, 0x5f, 0xe4, 0x2f, 0x25, 0xd6, 0xd2, 0x33, 0xcb, 0xbc, 0x47, 0x0f, 0xae, 0xd7, 0xde, 0xb8}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x8b, 0xc9, 0xad, 0x0e, 0x51, 0xcf, 0x2a, 0x19, 0xe8, 0x03, 0x72, 0x96, 0x26, 0x8c, 0x5b, 0xc6, 0xb1, 0x64, 0x8e, 0x6d, 0x4b, 0x25, 0x5a, 0x5c, 0x7b, 0x40, 0x27, 0xe7, 0x53, 0xc4, 0x6c, 0xb4}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x3a, 0xb3, 0xe4, 0x21, 0x8e, 0x2b, 0xef, 0x51, 0xd7, 0xae, 0xe2, 0xcc, 0x3b, 0xb0, 0x68, 0x80, 0xa1, 0xef, 0x86, 0xfc, 0xff, 0xdb, 0xe3, 0xd3, 0xd6, 0xba, 0x92, 0xd0, 0x14, 0x17, 0x8e, 0xd1}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0x10, 0x20, 0x04, 0xf2, 0x1a, 0x75, 0x29, 0xc6, 0x69, 0x4b, 0x91, 0xc6, 0x81, 0xc2, 0xee, 0x9f, 0x16, 0x27, 0xf4, 0x8d, 0x6d, 0x35, 0xfc, 0x20, 0x13, 0x16, 0x0e, 0x7f, 0x83, 0x0b, 0x87, 0x03}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x8a, 0xe1, 0xbc, 0x4d, 0x77, 0xe9, 0x2f, 0xa4, 0xc5, 0x18, 0x56, 0xe4, 0x9a, 0x65, 0x5a, 0x47, 0x6e, 0x14, 0x9e, 0x9f, 0x85, 0xe2, 0x52, 0xaa, 0x97, 0x16, 0xe7, 0x50, 0x89, 0xf2, 0xd2, 0x98}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x9c, 0x3d, 0x11, 0x40, 0x70, 0x94, 0xbd, 0x8e, 0x97, 0xd5, 0x33, 0xb9, 0x34, 0x9e, 0x1c, 0xbf, 0x87, 0xb9, 0x7d, 0x72, 0x3d, 0x40, 0x3b, 0xfb, 0x89, 0x8b, 0x29, 0xd8, 0x2f, 0xed, 0xd2, 0xd8}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0x8d, 0x90, 0x28, 0x41, 0x6b, 0x4a, 0x11, 0x5a, 0x65, 0x47, 0x2a, 0x0c, 0x2a, 0x55, 0x48, 0x0b, 0xd6, 0x01, 0x7e, 0xef, 0xab, 0x4e, 0xde, 0xaa, 0x62, 0x81, 0x57, 0x1c, 0x6e, 0x9b, 0xd0, 0x35}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x93, 0xee, 0xd3, 0xe3, 0x23, 0x71, 0xa0, 0xef, 0x18, 0x5c, 0x1b, 0x2f, 0x8f, 0xfb, 0xce, 0x49, 0x07, 0x62, 0xf6, 0xef, 0x21, 0x85, 0x11, 0x82, 0xa1, 0x3e, 0x9e, 0xb0, 0xe7, 0x24, 0xc9, 0xb1}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x47, 0xa4, 0x81, 0x44, 0x42, 0x67, 0xd7, 0x49, 0xdf, 0xdd, 0xc4, 0x15, 0xae, 0xe4, 0xe1, 0x0e, 0x81, 0x66, 0x61, 0x3b, 0x87, 0x18, 0xe7, 0x6e, 0x09, 0x6f, 0x32, 0x9d, 0x54, 0x78, 0x49, 0xd0}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index 94ce9f29d..c100d24e1 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.20.0-pre.0.20241029190319-7458d0e8921a" + defaultImage = "ref/main/stream/nightly/v2.20.0-pre.0.20241105170926-f2b919a563ba" ) From 887b9c5faef597cbde32f59acf441e70b8b7b757 Mon Sep 17 00:00:00 2001 From: Moritz Eckert Date: Thu, 7 Nov 2024 09:30:41 +0100 Subject: [PATCH 348/380] docs: stackit improve clouds.yaml description (#3470) --- docs/docs/getting-started/install.md | 12 +++++++++++- .../version-2.19/getting-started/install.md | 12 +++++++++++- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/docs/docs/getting-started/install.md b/docs/docs/getting-started/install.md index d52e43476..fa481d9b8 100644 --- a/docs/docs/getting-started/install.md +++ b/docs/docs/getting-started/install.md @@ -395,7 +395,11 @@ Use one of the following options on a trusted machine: You need to authenticate with the infrastructure API (OpenStack) and create a service account (STACKIT API). 1. [Follow the STACKIT documentation](https://docs.stackit.cloud/stackit/en/step-1-generating-of-user-access-token-11763726.html) for obtaining a User Access Token (UAT) to use the infrastructure API -2. Create a configuration file under `~/.config/openstack/clouds.yaml` (`%AppData%\openstack\clouds.yaml` on Windows) with the credentials from the User Access Token +2. Create a configuration file with the credentials from the User Access Token under: + * Linux: `~/.config/openstack/clouds.yaml` + * macOS: `/Users//Library/Application Support/openstack/clouds.yaml` or `/etc/openstack/clouds.yaml` + * Windows: `%AppData%\openstack\clouds.yaml` + ```yaml clouds: @@ -412,6 +416,12 @@ You need to authenticate with the infrastructure API (OpenStack) and create a se identity_api_version: 3 ``` +:::caution + +`project_id` refers to the ID of your STACKIT project. The STACKIT portal also shows the OpenStack ID that's associated with your project in some places. Make sure you insert the STACKIT project ID in the `clouds.yaml` file. It's of the format XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX. + +::: + 3. [Follow the STACKIT documentation](https://docs.stackit.cloud/stackit/en/getting-started-in-service-accounts-134415831.html) for creating a service account and an access token 4. Assign the `editor` role to the service account by [following the documentation](https://docs.stackit.cloud/stackit/en/getting-started-in-service-accounts-134415831.html) 5. Create a configuration file under `~/.stackit/credentials.json` (`%USERPROFILE%\.stackit\credentials.json` on Windows) diff --git a/docs/versioned_docs/version-2.19/getting-started/install.md b/docs/versioned_docs/version-2.19/getting-started/install.md index d52e43476..bc0a8c959 100644 --- a/docs/versioned_docs/version-2.19/getting-started/install.md +++ b/docs/versioned_docs/version-2.19/getting-started/install.md @@ -395,7 +395,11 @@ Use one of the following options on a trusted machine: You need to authenticate with the infrastructure API (OpenStack) and create a service account (STACKIT API). 1. [Follow the STACKIT documentation](https://docs.stackit.cloud/stackit/en/step-1-generating-of-user-access-token-11763726.html) for obtaining a User Access Token (UAT) to use the infrastructure API -2. Create a configuration file under `~/.config/openstack/clouds.yaml` (`%AppData%\openstack\clouds.yaml` on Windows) with the credentials from the User Access Token +2. Create a configuration file with the credentials from the User Access Token under: + * Linux: `~/.config/openstack/clouds.yaml` + * macOS: `/Users//Library/Application Support/openstack/clouds.yaml` or `/etc/openstack/clouds.yaml` + * Windows: `%AppData%\openstack\clouds.yaml` + ```yaml clouds: @@ -412,6 +416,12 @@ You need to authenticate with the infrastructure API (OpenStack) and create a se identity_api_version: 3 ``` +:::caution + +`project_id` refers to the ID of your STACKIT project. The STACKIT portal also shows the OpenStack ID that's associated with your project in some places. Make sure you insert the STACKIT project ID in the `clouds.yaml` file. It's of the format "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX". + +::: + 3. [Follow the STACKIT documentation](https://docs.stackit.cloud/stackit/en/getting-started-in-service-accounts-134415831.html) for creating a service account and an access token 4. Assign the `editor` role to the service account by [following the documentation](https://docs.stackit.cloud/stackit/en/getting-started-in-service-accounts-134415831.html) 5. Create a configuration file under `~/.stackit/credentials.json` (`%USERPROFILE%\.stackit\credentials.json` on Windows) From 000a7627fca591380fe13893611ef7b11d424fb9 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Fri, 8 Nov 2024 08:27:27 +0100 Subject: [PATCH 349/380] image: update measurements and image version (#3474) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index d8c442936..fdcabc0cf 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x84, 0x2a, 0x1c, 0x72, 0x79, 0xf3, 0x91, 0x0b, 0x67, 0xc5, 0x17, 0x57, 0xf0, 0x06, 0x6f, 0x30, 0x00, 0x75, 0x21, 0x76, 0x01, 0x14, 0x82, 0xa1, 0x69, 0x2e, 0xb7, 0x05, 0x06, 0xe7, 0x97, 0x52}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb6, 0x05, 0x1d, 0x27, 0x25, 0xfd, 0xa5, 0x1d, 0x71, 0x97, 0xf6, 0xb1, 0x4a, 0x71, 0xf4, 0xb9, 0x22, 0xfd, 0xde, 0x9b, 0xde, 0x35, 0xca, 0xf5, 0x79, 0x40, 0x2d, 0x46, 0x93, 0x8c, 0x00, 0x6d}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd7, 0xe0, 0x13, 0x3c, 0xc5, 0xc5, 0x66, 0x4b, 0xcb, 0x4e, 0x7e, 0x50, 0x32, 0xda, 0xb8, 0x31, 0x8d, 0xab, 0x38, 0x44, 0x35, 0xa1, 0x2b, 0x4f, 0xd9, 0xee, 0x59, 0xa4, 0x5d, 0x40, 0x41, 0x0e}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xe0, 0xd1, 0xd9, 0x0b, 0x9c, 0xe7, 0x55, 0x25, 0x25, 0x81, 0x9c, 0x58, 0x85, 0x76, 0x6c, 0x64, 0x5d, 0x48, 0x6a, 0x4f, 0x26, 0xeb, 0x41, 0xa5, 0x22, 0xd8, 0xe5, 0xc7, 0x30, 0x22, 0x57, 0x62}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x8b, 0x24, 0x8a, 0xe8, 0x11, 0xfb, 0x5a, 0x36, 0xd1, 0x59, 0xed, 0xf2, 0xbf, 0xb1, 0x2a, 0x3f, 0xc6, 0x30, 0x22, 0x7a, 0xbd, 0x8f, 0x1f, 0xa8, 0xf0, 0xdf, 0xe6, 0x54, 0xf8, 0x5e, 0x0b, 0x30}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x45, 0xfa, 0x1f, 0xb2, 0x91, 0xd8, 0xd0, 0x47, 0x7f, 0x4e, 0x4a, 0xfd, 0xff, 0x7c, 0xc1, 0x04, 0xea, 0xc2, 0x22, 0x02, 0x69, 0x08, 0x52, 0x0f, 0xd9, 0xab, 0xe2, 0x04, 0x68, 0x29, 0x3b, 0x43}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x0d, 0x94, 0x36, 0x1d, 0x09, 0x0d, 0xe7, 0xdf, 0xcf, 0xd4, 0x15, 0x08, 0xdc, 0xcd, 0x10, 0xe9, 0xd5, 0xb5, 0x35, 0xfa, 0x6d, 0xe9, 0x7e, 0x59, 0xcf, 0x8b, 0xcc, 0xf7, 0x17, 0x23, 0x89, 0x20}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x23, 0x7a, 0xa3, 0x0c, 0x89, 0x07, 0xf7, 0xc8, 0xba, 0x0a, 0xf4, 0x63, 0x1f, 0x7e, 0xeb, 0xde, 0x6e, 0x85, 0xce, 0x0c, 0xc1, 0xe2, 0xc6, 0x10, 0x33, 0x06, 0x6a, 0x8c, 0xf2, 0xb0, 0xd1, 0x7c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x6c, 0xbf, 0x11, 0x48, 0x9f, 0x11, 0xab, 0xac, 0xc5, 0xd8, 0x5c, 0x0d, 0x18, 0x98, 0x70, 0x64, 0x58, 0x69, 0xc9, 0x93, 0x8b, 0xff, 0x53, 0x56, 0x20, 0x20, 0x0b, 0x7a, 0xdc, 0xf6, 0x9e, 0x1e}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x22, 0x69, 0xad, 0xfb, 0x7b, 0xd0, 0x47, 0x7f, 0x4c, 0x2b, 0x5e, 0x4e, 0x3d, 0xca, 0x8e, 0x37, 0x4d, 0xaa, 0xbe, 0x67, 0xf9, 0x60, 0xb9, 0x55, 0x31, 0x6d, 0x58, 0x98, 0xf7, 0x79, 0x2d, 0x40}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x41, 0xd9, 0x1d, 0xc9, 0xb0, 0x1e, 0x92, 0x53, 0x13, 0x75, 0xa8, 0xe6, 0x54, 0xa3, 0x04, 0x62, 0x4b, 0x5d, 0x25, 0xcd, 0xa1, 0xa1, 0x74, 0x93, 0xc2, 0x54, 0x04, 0x17, 0x98, 0xb5, 0x3e, 0xb8}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x47, 0xf8, 0x62, 0x72, 0x1e, 0x6f, 0xf3, 0x3f, 0x2d, 0x8e, 0x77, 0x27, 0xa3, 0xe3, 0x0a, 0x1a, 0xb7, 0x56, 0x69, 0x0d, 0x5f, 0x51, 0x09, 0x79, 0x11, 0xd3, 0xc5, 0x4e, 0xc4, 0xc9, 0x5c, 0x8c}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x0c, 0xa2, 0xa2, 0x61, 0x68, 0x2e, 0xbf, 0x9e, 0xb9, 0x88, 0xf1, 0xee, 0x25, 0x5b, 0x71, 0x5a, 0x90, 0x34, 0x2f, 0x83, 0xb8, 0x76, 0xff, 0x4b, 0x85, 0x8f, 0x11, 0xc6, 0xfd, 0x8a, 0x14, 0x7f}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x98, 0x4a, 0x48, 0xd7, 0x22, 0xf5, 0x32, 0x7f, 0xdc, 0x5c, 0x49, 0xd1, 0xd0, 0xa7, 0x4d, 0x77, 0xa5, 0x4b, 0x1e, 0x94, 0xb4, 0xc1, 0x55, 0xf7, 0x79, 0x26, 0x5e, 0xa2, 0x01, 0x12, 0x0e, 0x51}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x34, 0xec, 0xd8, 0xb6, 0x33, 0x50, 0x99, 0x41, 0x4a, 0xff, 0xe2, 0xe7, 0xa3, 0xe3, 0x6a, 0x72, 0xf9, 0x58, 0x2f, 0x96, 0x9c, 0xbd, 0xef, 0x5d, 0x75, 0xbd, 0x14, 0x56, 0x99, 0x82, 0x9f, 0xbd}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x02, 0x8c, 0x59, 0xe8, 0xad, 0x56, 0x1e, 0x13, 0x1a, 0xc5, 0x18, 0x8e, 0x98, 0xa2, 0x20, 0x54, 0xa0, 0x24, 0x7b, 0x46, 0xf1, 0x16, 0x2f, 0xbf, 0x61, 0x50, 0x37, 0xf5, 0x6f, 0x61, 0x12, 0x9c}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd5, 0x63, 0xda, 0x62, 0x4e, 0x4a, 0x56, 0xe8, 0xec, 0xe8, 0xea, 0xf8, 0x56, 0xbd, 0xcd, 0x78, 0x1b, 0xc5, 0xd8, 0x1f, 0x1c, 0x47, 0xa0, 0xa1, 0x88, 0x26, 0x9d, 0x8d, 0x93, 0x60, 0x6e, 0x0f}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa2, 0x36, 0x13, 0x26, 0xeb, 0x3c, 0x93, 0x8f, 0xf6, 0xed, 0x4a, 0x84, 0x63, 0x0c, 0x61, 0x97, 0xfb, 0x63, 0x4a, 0xa4, 0xb0, 0x5f, 0x2e, 0x67, 0x5b, 0xc2, 0xf0, 0x56, 0x6e, 0xe7, 0xc2, 0xad}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xa5, 0xa1, 0x67, 0x87, 0xa4, 0x69, 0xd2, 0x52, 0xee, 0x85, 0x34, 0x1d, 0xcf, 0xfe, 0xe5, 0x4b, 0xb8, 0xe5, 0xd6, 0x49, 0x63, 0xdd, 0xed, 0x7d, 0x7e, 0x03, 0x89, 0x92, 0xcc, 0x43, 0x12, 0xfb}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xc0, 0x67, 0x79, 0x8a, 0xe7, 0x71, 0x3c, 0xb7, 0xa1, 0xc9, 0xbf, 0x46, 0xce, 0x85, 0x14, 0x07, 0x49, 0xe2, 0x0b, 0xcf, 0x59, 0x79, 0x29, 0x11, 0x7b, 0x68, 0x6d, 0xad, 0x8a, 0x5a, 0x2c, 0x15}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xb7, 0xea, 0x80, 0xbf, 0x98, 0x6c, 0x9f, 0x37, 0xb7, 0x1e, 0xab, 0x1f, 0x5a, 0xee, 0xc8, 0x9b, 0x46, 0x5b, 0xcd, 0x74, 0x8d, 0xdd, 0xf6, 0xc7, 0x09, 0xa1, 0x72, 0x3e, 0xb2, 0x7a, 0xde, 0x56}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x9d, 0xc1, 0xc8, 0x56, 0xc7, 0x21, 0xc5, 0x0f, 0xbd, 0xe0, 0xa2, 0x04, 0x2a, 0xc1, 0xac, 0xc5, 0x30, 0x52, 0x4c, 0x6c, 0x08, 0x37, 0xe3, 0x97, 0xe0, 0x22, 0x74, 0x14, 0x4c, 0x4e, 0xe7, 0xbf}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xdc, 0xff, 0xc9, 0xdb, 0x0e, 0x7a, 0x7e, 0x4a, 0x62, 0x1b, 0x86, 0xf3, 0xce, 0xa0, 0xd8, 0xc8, 0x11, 0x34, 0x7c, 0x2e, 0x8f, 0xae, 0xc3, 0xcd, 0x24, 0x65, 0x77, 0x66, 0x70, 0x3e, 0x93, 0x78}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xfa, 0x90, 0x67, 0x87, 0xf2, 0xae, 0x46, 0xf2, 0x34, 0xdd, 0xca, 0x5b, 0x25, 0xdf, 0x03, 0x3c, 0x1f, 0xaa, 0xd2, 0x9d, 0x0a, 0xe3, 0x6f, 0x62, 0xa0, 0x42, 0x59, 0xa5, 0xc6, 0x03, 0x98, 0xcd}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xdf, 0x60, 0xb1, 0x2e, 0x84, 0x5a, 0x60, 0xca, 0xcf, 0x4e, 0xb0, 0xb3, 0x51, 0x86, 0x3c, 0x44, 0x5f, 0x33, 0x7b, 0x51, 0x12, 0x69, 0xda, 0xc2, 0x52, 0x49, 0x53, 0x9a, 0xfe, 0x75, 0x9a, 0x9a}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x1e, 0x7d, 0x18, 0x83, 0x02, 0x71, 0x33, 0x80, 0x6b, 0x65, 0x92, 0x81, 0x4f, 0xb1, 0xbb, 0xd4, 0xf7, 0x8d, 0xcd, 0x9c, 0xe1, 0x1a, 0x89, 0xe3, 0xdd, 0x2f, 0x52, 0x0c, 0x01, 0x66, 0xc7, 0x38}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x92, 0x60, 0x87, 0xae, 0xb0, 0x8c, 0xf8, 0x8a, 0x45, 0xad, 0x8f, 0x02, 0xee, 0x92, 0xed, 0xf1, 0x03, 0x43, 0x18, 0x27, 0xfd, 0x29, 0xbc, 0x3a, 0x70, 0x69, 0xc5, 0xf2, 0x24, 0x81, 0x04, 0x28}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x62, 0xee, 0x97, 0x2f, 0x2e, 0x7e, 0xbc, 0xf2, 0x28, 0x85, 0x89, 0x7a, 0x63, 0xab, 0x32, 0x84, 0xf4, 0xa9, 0x65, 0x6d, 0xa8, 0x63, 0x08, 0xb0, 0x00, 0x4f, 0xec, 0x46, 0x74, 0x6e, 0x10, 0x89}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x3e, 0x47, 0xb9, 0x5e, 0x38, 0x7c, 0xe5, 0xae, 0xb5, 0x44, 0x03, 0x6a, 0x1f, 0x87, 0x5b, 0x8c, 0x35, 0x4e, 0x69, 0xb2, 0x7e, 0xfe, 0x07, 0xf1, 0x5a, 0xc5, 0x5c, 0x87, 0x7f, 0x98, 0xf3, 0x89}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xc7, 0x3a, 0x85, 0xd4, 0x4c, 0x2f, 0x8d, 0xd8, 0xe5, 0x90, 0xfc, 0x59, 0x63, 0xf5, 0x23, 0xbb, 0x79, 0x24, 0x57, 0xe8, 0x33, 0x06, 0x6b, 0xd3, 0x8f, 0xa7, 0x88, 0xed, 0x47, 0x02, 0x5c, 0x79}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0xcc, 0xaf, 0xa7, 0x84, 0x59, 0x53, 0x35, 0xae, 0xa1, 0xbd, 0xd0, 0x25, 0xc9, 0x0d, 0x69, 0x62, 0x31, 0x5f, 0xe4, 0x2f, 0x25, 0xd6, 0xd2, 0x33, 0xcb, 0xbc, 0x47, 0x0f, 0xae, 0xd7, 0xde, 0xb8}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x8b, 0xc9, 0xad, 0x0e, 0x51, 0xcf, 0x2a, 0x19, 0xe8, 0x03, 0x72, 0x96, 0x26, 0x8c, 0x5b, 0xc6, 0xb1, 0x64, 0x8e, 0x6d, 0x4b, 0x25, 0x5a, 0x5c, 0x7b, 0x40, 0x27, 0xe7, 0x53, 0xc4, 0x6c, 0xb4}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x3a, 0xb3, 0xe4, 0x21, 0x8e, 0x2b, 0xef, 0x51, 0xd7, 0xae, 0xe2, 0xcc, 0x3b, 0xb0, 0x68, 0x80, 0xa1, 0xef, 0x86, 0xfc, 0xff, 0xdb, 0xe3, 0xd3, 0xd6, 0xba, 0x92, 0xd0, 0x14, 0x17, 0x8e, 0xd1}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xa0, 0xb0, 0xc9, 0x9a, 0x21, 0x4f, 0x3a, 0x6f, 0x15, 0xd5, 0x90, 0xf5, 0x88, 0x61, 0x5e, 0x35, 0x8a, 0x3e, 0xfd, 0x29, 0x6b, 0xc1, 0xca, 0x99, 0x91, 0x8a, 0x32, 0x73, 0x3b, 0xf8, 0x02, 0xd4}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xf6, 0x94, 0xd8, 0x8e, 0xe9, 0xed, 0x97, 0x76, 0x46, 0x20, 0x61, 0xc6, 0x6c, 0x06, 0xa6, 0xed, 0x30, 0x1f, 0x92, 0xbc, 0xc0, 0x0c, 0x41, 0xfb, 0x43, 0xcd, 0x60, 0xf4, 0x98, 0x7b, 0xa8, 0x7e}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x3b, 0x1a, 0xe6, 0x17, 0xc7, 0xbd, 0x70, 0x8c, 0x84, 0x14, 0xb1, 0xf6, 0x2f, 0x28, 0x53, 0xa2, 0x69, 0x7f, 0x9d, 0x3a, 0x8f, 0x91, 0xae, 0x7b, 0x44, 0x2e, 0x80, 0x20, 0x99, 0x17, 0x2d, 0x89}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x81, 0xbe, 0x04, 0x41, 0x0a, 0x6e, 0xc3, 0x04, 0x34, 0x32, 0x5c, 0xc7, 0xf5, 0xd0, 0x75, 0x41, 0x8f, 0x43, 0x5e, 0x00, 0xd5, 0xbd, 0xb2, 0x1f, 0x1c, 0xa8, 0xa0, 0xe4, 0x79, 0x33, 0x31, 0x49}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x32, 0xf7, 0x67, 0x93, 0xec, 0xf6, 0x0e, 0x95, 0x32, 0xb8, 0x92, 0x32, 0xe3, 0xc8, 0x78, 0x50, 0xc8, 0x7a, 0x2e, 0xe4, 0x3d, 0x0b, 0xe2, 0x0f, 0xa8, 0xa5, 0x31, 0x8d, 0x9d, 0x2b, 0x3b, 0x63}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x34, 0x04, 0x6f, 0xac, 0x29, 0x01, 0x34, 0x99, 0xcf, 0x15, 0x70, 0x8e, 0x42, 0x72, 0x7b, 0x7c, 0x90, 0xef, 0x14, 0x58, 0x35, 0x41, 0x92, 0x73, 0x94, 0x90, 0x2f, 0xb0, 0x64, 0x1f, 0xcc, 0xab}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0x96, 0xa5, 0x2a, 0xab, 0xc6, 0x67, 0x64, 0x7e, 0xca, 0xdc, 0x8a, 0xca, 0x33, 0x39, 0xf4, 0xf8, 0xd4, 0xf2, 0x1c, 0x22, 0x00, 0xf0, 0x71, 0x05, 0x9b, 0xe4, 0xc3, 0x5e, 0x1b, 0xbb, 0xfe, 0x55}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xbe, 0x3b, 0xd9, 0x84, 0x4b, 0xb4, 0xea, 0xc4, 0x76, 0xb0, 0x25, 0x06, 0x51, 0xe6, 0x0e, 0xad, 0x49, 0xeb, 0x4c, 0xea, 0xfc, 0x73, 0xb7, 0x68, 0xcc, 0xb0, 0x79, 0xa0, 0xb9, 0xc1, 0xd5, 0x7a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x68, 0x5b, 0x38, 0x35, 0xd3, 0xc7, 0xc1, 0xa5, 0xf3, 0x41, 0x99, 0x3b, 0x63, 0xfa, 0x1b, 0xf9, 0xcf, 0xf9, 0xe0, 0x03, 0x9b, 0x6e, 0xd1, 0x3c, 0x05, 0xcf, 0xec, 0xa7, 0xa4, 0xb4, 0xba, 0xd1}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0x8d, 0x90, 0x28, 0x41, 0x6b, 0x4a, 0x11, 0x5a, 0x65, 0x47, 0x2a, 0x0c, 0x2a, 0x55, 0x48, 0x0b, 0xd6, 0x01, 0x7e, 0xef, 0xab, 0x4e, 0xde, 0xaa, 0x62, 0x81, 0x57, 0x1c, 0x6e, 0x9b, 0xd0, 0x35}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x93, 0xee, 0xd3, 0xe3, 0x23, 0x71, 0xa0, 0xef, 0x18, 0x5c, 0x1b, 0x2f, 0x8f, 0xfb, 0xce, 0x49, 0x07, 0x62, 0xf6, 0xef, 0x21, 0x85, 0x11, 0x82, 0xa1, 0x3e, 0x9e, 0xb0, 0xe7, 0x24, 0xc9, 0xb1}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x47, 0xa4, 0x81, 0x44, 0x42, 0x67, 0xd7, 0x49, 0xdf, 0xdd, 0xc4, 0x15, 0xae, 0xe4, 0xe1, 0x0e, 0x81, 0x66, 0x61, 0x3b, 0x87, 0x18, 0xe7, 0x6e, 0x09, 0x6f, 0x32, 0x9d, 0x54, 0x78, 0x49, 0xd0}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0x30, 0x64, 0x6b, 0x38, 0xe4, 0x79, 0xfd, 0x9c, 0xc3, 0x60, 0x5d, 0x3b, 0x89, 0x62, 0x6e, 0x16, 0xc9, 0x3d, 0x6d, 0xed, 0x67, 0x94, 0x63, 0x47, 0xc8, 0x6f, 0xb4, 0x94, 0x21, 0x6b, 0xf4, 0xb3}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb5, 0xb0, 0x00, 0x85, 0x18, 0x3e, 0xbb, 0x39, 0x3e, 0xec, 0x57, 0x20, 0x1c, 0x24, 0x1e, 0x49, 0x4b, 0x4e, 0xf3, 0x5b, 0x03, 0x73, 0x5d, 0xff, 0x18, 0x68, 0xff, 0x34, 0xad, 0x28, 0xfc, 0xfe}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x07, 0x08, 0xab, 0xc9, 0xf6, 0xba, 0x11, 0x21, 0x9e, 0x8c, 0xa7, 0x47, 0x6a, 0xd7, 0x96, 0x3c, 0xbd, 0xe4, 0x77, 0x89, 0x8a, 0xcf, 0x4c, 0xbd, 0x61, 0x29, 0xe7, 0x02, 0x34, 0x13, 0xb2, 0x79}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index c100d24e1..c3a81b63d 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.20.0-pre.0.20241105170926-f2b919a563ba" + defaultImage = "ref/main/stream/nightly/v2.20.0-pre.0.20241107093041-887b9c5faef5" ) From d95a1de17f153387900b4cc00970fd1f5c185885 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 11 Nov 2024 10:11:51 +0100 Subject: [PATCH 350/380] deps: update ubuntu:22.04 Docker digest to 0e5e4a5 (#3447) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- 3rdparty/gcp-guest-agent/Dockerfile | 2 +- docs/screencasts/docker/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/3rdparty/gcp-guest-agent/Dockerfile b/3rdparty/gcp-guest-agent/Dockerfile index 5b82fda28..0276f8259 100644 --- a/3rdparty/gcp-guest-agent/Dockerfile +++ b/3rdparty/gcp-guest-agent/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:22.04@sha256:58b87898e82351c6cf9cf5b9f3c20257bb9e2dcf33af051e12ce532d7f94e3fe as build +FROM ubuntu:22.04@sha256:0e5e4a57c2499249aafc3b40fcd541e9a456aab7296681a3994d631587203f97 as build # Install packages RUN apt-get update && apt-get install -y \ diff --git a/docs/screencasts/docker/Dockerfile b/docs/screencasts/docker/Dockerfile index 2d6d13108..0b965f876 100644 --- a/docs/screencasts/docker/Dockerfile +++ b/docs/screencasts/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:22.04@sha256:58b87898e82351c6cf9cf5b9f3c20257bb9e2dcf33af051e12ce532d7f94e3fe +FROM ubuntu:22.04@sha256:0e5e4a57c2499249aafc3b40fcd541e9a456aab7296681a3994d631587203f97 # Install requirements RUN apt-get update && apt-get install -y software-properties-common &&\ From a8434a2415b6ed74a693bbeb52562b39518d986e Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Mon, 11 Nov 2024 11:17:09 +0100 Subject: [PATCH 351/380] image: update locked rpms (#3475) Co-authored-by: edgelessci --- image/mirror/SHA256SUMS | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/image/mirror/SHA256SUMS b/image/mirror/SHA256SUMS index e81da40ce..0abc865c1 100644 --- a/image/mirror/SHA256SUMS +++ b/image/mirror/SHA256SUMS @@ -217,8 +217,8 @@ e541a1c8397dccf159b3602eb6bbb381ba21c544db337a3b3bfc49ccc2ef5c21 libunistring-1 b6db3e72ae6575127216145c1f65414ea94acd9db26d08c5081cb5d786101c1f libuuid-2.40.2-1.fc40.x86_64.rpm bea578631618692ba5e302beadfdf6d5894e23e5bddaea4b4fca2f377dd1aaac libverto-0.3.2-8.fc40.i686.rpm fadf7dd93c5eee57ba78e0628bf041dbd2ea037ace52f0a5cbac55b363234d27 libverto-0.3.2-8.fc40.x86_64.rpm -2e2ab8784cce3e877f87977f651a046faa2121d716d06daa510981f7d946dba2 libxcrypt-4.4.36-5.fc40.i686.rpm -26c27a101cf40f84f313d81a28cbca9450e8d901e6fcd315ac6036895a369b92 libxcrypt-4.4.36-5.fc40.x86_64.rpm +a0036606133ba74df47cba7f5349a024bcb6367150a5450ac414508c67d852a9 libxcrypt-4.4.36-10.fc40.i686.rpm +0d93dd9ea48dcfe8f9ecdfc3ec8ac736635334e23fc1cf8ba04e562e0637de17 libxcrypt-4.4.36-10.fc40.x86_64.rpm a17f9a8894a00ee97a42219b3b21d64bfb850d74059d89ae299210bc477e8967 libxkbcommon-1.6.0-2.fc40.i686.rpm 1f1d0c1e1132016735acc6fc3390102b35f9eb257244547c7b61c32a9c2314cc libxkbcommon-1.6.0-2.fc40.x86_64.rpm 302104acbc7b094958be4f764c14f738462fdb381fc38aac63e0e7eaedaa82a7 libxml2-2.12.8-1.fc40.i686.rpm @@ -311,8 +311,8 @@ d400a4e4440bea56566fb1e9582d86d1ac2e07745d37fa6e71f43a8fea05217c rpm-plugin-sel 63af9d11e956f54577a54460afda4377d78fdb9e265b1eae3f0f7a6f94f70146 runc-1.1.12-3.fc40.x86_64.rpm 5dbd069183076ed8048c839c31f713c0f6080fb9ebfdda92ac550030688e811b sbsigntools-0.9.5-6.fc40.x86_64.rpm 6a21b2c132a54fd6d9acb846d0a96289ab739b745cdc4c2b31bdbf6b2434a1a7 sed-4.9-1.fc40.x86_64.rpm -696ffbc06ad87337390176888362d7ccbc867d4ecfc6b7040da10bba53d58ba9 selinux-policy-40.28-1.fc40.noarch.rpm -50fae290496e90d47b4ca6a86e97db4ca39d5d4ba324555fc72eda1b9090db35 selinux-policy-targeted-40.28-1.fc40.noarch.rpm +b4e188db51c7ec2d5f0cba79783eb2df7c14a92c2c6e55a9eb490d28d17d123d selinux-policy-40.29-2.fc40.noarch.rpm +05fb13cf2c4d20425e8aa8d2035a8e10e33ca1a28db2ce209db44d755d380eaf selinux-policy-targeted-40.29-2.fc40.noarch.rpm 89862f646cd64e81497f01a8b69ab30ac8968c47afef92a2c333608fdb90ccc1 setup-2.14.5-2.fc40.noarch.rpm cfde0d25ecac7e689ee083b330b78df51d346c2b7557c83a189d5df95c4e2c8d shadow-utils-4.15.1-4.fc40.x86_64.rpm 6e9b6b6196f1782419e447ac806c762d002c6930fe39b18999d9b32c24a0ecfc shadow-utils-subid-4.15.1-4.fc40.x86_64.rpm @@ -339,17 +339,17 @@ c3be8a6d0ea23b1d0bf466b19857b97f7ffde811ad7adec0599161059d84cc74 tpm2-tss-4.1.3 945aa536bc30050abc1870cef167cb944cf78d6628923476db43201a0054574b util-linux-2.40.2-1.fc40.x86_64.rpm 7ec1b5df780c5a30f8e901179480125a6ea87f1f7bad3b69da7f4b351b88c3dd util-linux-core-2.40-0.9.rc1.fc40.x86_64.rpm b1aa4e816c01c08c18924865640f214f717cdfc66837e53a24b8edfb80a86f9d util-linux-core-2.40.2-1.fc40.x86_64.rpm -70cc18570686ca882bf632750175cf592ad3b0a0d3f9447361688c1b9a8dc853 vim-common-9.1.785-1.fc40.x86_64.rpm -22b66cd1bd67c96c9ab26fda512cac7f4bbc5e9104cf042c0d998ca73f07b1d9 vim-data-9.1.785-1.fc40.noarch.rpm -1f592638eccd00f39f8df223820ee8a0ab26de7ca143ba3110437efeeb3415d3 vim-enhanced-9.1.785-1.fc40.x86_64.rpm -7f362a996ce7f33e95487db54cb5678f32e94ac49de5300bbd527e649eabbd23 vim-filesystem-9.1.785-1.fc40.noarch.rpm +8648cb20d03bda156b44552baeb67f542951ad7570c571ec57248c947c71e983 vim-common-9.1.825-1.fc40.x86_64.rpm +7074d61847bb2c41740b13b38dd14104aa8055f24d9b8f94f4a8e15ad3af664f vim-data-9.1.825-1.fc40.noarch.rpm +c5faa56e79e55a0d8c33d4d891d2c69ad59c105a4e442d032ac8a0d6f01c2f13 vim-enhanced-9.1.825-1.fc40.x86_64.rpm +02d9bb92758ec2c92ae366445a24d1d2c63dbe54ec9467a03cbd46f086f734da vim-filesystem-9.1.825-1.fc40.noarch.rpm c5682a1b02bb02578e9997ae221a7f6c6db711084129824e207fe1febdc55b9d wget2-2.1.0-11.fc40.x86_64.rpm 38aaee4829df7e1a4719991c4fc6d65a1265b6a556b182ecac3145c287c320f4 wget2-libs-2.1.0-11.fc40.x86_64.rpm a12b44ee7cc5a0e916bcf72e80c4d618abb7406254578e947f3ba9dd0d445d25 wget2-wget-2.1.0-11.fc40.x86_64.rpm cf0306ceed1c6b3be39060d85f16b1953b464d3a625488b170d3b7aadf600645 which-2.21-41.fc40.x86_64.rpm 4ede95a2fa3bc0ae617c8bf3a375b800163d58733b4829b15d9f038505d79fee whois-nls-5.5.20-3.fc40.noarch.rpm e2195010e857f56b19246f8b821f9391922880b7691b3728a413f540edc890a6 xkeyboard-config-2.41-1.fc40.noarch.rpm -bcb44d5fcdb08413e55b7433a7ad9626575e0d2c7c190da7316e9e6f0317858b xxd-9.1.785-1.fc40.x86_64.rpm +ed98896d222765799017b10c4499391b0a26e314b90be0bd2eaddadcd6f879f2 xxd-9.1.825-1.fc40.x86_64.rpm ee599a1c4d7ee635e54ec137af4dded83f433b9c8a5976f75ecdcd000b5246e3 xz-5.4.6-3.fc40.x86_64.rpm b92ef78d8ab424c22130e457d0ef691d8197bff61c3b8852205d1b02baba3819 xz-libs-5.4.6-3.fc40.i686.rpm b6ee44b3d7e494b0364f26b7d0b169a8092180af787423cd5e8a47dc0f738a66 xz-libs-5.4.6-3.fc40.x86_64.rpm From 36024f20aecee5bab1ae2d5295c04c89158820fb Mon Sep 17 00:00:00 2001 From: Moritz Eckert Date: Mon, 11 Nov 2024 12:45:30 +0100 Subject: [PATCH 352/380] docs: change wording contrast with comparison (#3476) --- docs/docs/overview/confidential-kubernetes.md | 4 ++-- .../version-2.0/overview/confidential-kubernetes.md | 4 ++-- .../version-2.1/overview/confidential-kubernetes.md | 4 ++-- .../version-2.10/overview/confidential-kubernetes.md | 4 ++-- .../version-2.11/overview/confidential-kubernetes.md | 4 ++-- .../version-2.12/overview/confidential-kubernetes.md | 4 ++-- .../version-2.13/overview/confidential-kubernetes.md | 4 ++-- .../version-2.14/overview/confidential-kubernetes.md | 4 ++-- .../version-2.15/overview/confidential-kubernetes.md | 4 ++-- .../version-2.16/overview/confidential-kubernetes.md | 4 ++-- .../version-2.17/overview/confidential-kubernetes.md | 4 ++-- .../version-2.18/overview/confidential-kubernetes.md | 4 ++-- .../version-2.19/overview/confidential-kubernetes.md | 4 ++-- .../version-2.2/overview/confidential-kubernetes.md | 4 ++-- .../version-2.3/overview/confidential-kubernetes.md | 4 ++-- .../version-2.4/overview/confidential-kubernetes.md | 4 ++-- .../version-2.5/overview/confidential-kubernetes.md | 4 ++-- .../version-2.6/overview/confidential-kubernetes.md | 4 ++-- .../version-2.7/overview/confidential-kubernetes.md | 4 ++-- .../version-2.8/overview/confidential-kubernetes.md | 4 ++-- .../version-2.9/overview/confidential-kubernetes.md | 4 ++-- 21 files changed, 42 insertions(+), 42 deletions(-) diff --git a/docs/docs/overview/confidential-kubernetes.md b/docs/docs/overview/confidential-kubernetes.md index ca20df4de..bff8c3322 100644 --- a/docs/docs/overview/confidential-kubernetes.md +++ b/docs/docs/overview/confidential-kubernetes.md @@ -23,9 +23,9 @@ With the above, Constellation wraps an entire cluster into one coherent and veri ![Confidential Kubernetes](../_media/concept-constellation.svg) -## Contrast: Managed Kubernetes with CVMs +## Comparison: Managed Kubernetes with CVMs -In contrast, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. +In comparison, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. ![Concept: Managed Kubernetes plus CVMs](../_media/concept-managed.svg) diff --git a/docs/versioned_docs/version-2.0/overview/confidential-kubernetes.md b/docs/versioned_docs/version-2.0/overview/confidential-kubernetes.md index 2b6c6ed17..1441c833a 100644 --- a/docs/versioned_docs/version-2.0/overview/confidential-kubernetes.md +++ b/docs/versioned_docs/version-2.0/overview/confidential-kubernetes.md @@ -23,9 +23,9 @@ With the above, Constellation wraps an entire cluster into one coherent and veri ![Confidential Kubernetes](../_media/concept-constellation.svg) -## Contrast: Managed Kubernetes with CVMs +## Comparison: Managed Kubernetes with CVMs -In contrast, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. +In comparison, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. ![Concept: Managed Kubernetes plus CVMs](../_media/concept-managed.svg) diff --git a/docs/versioned_docs/version-2.1/overview/confidential-kubernetes.md b/docs/versioned_docs/version-2.1/overview/confidential-kubernetes.md index 2b6c6ed17..1441c833a 100644 --- a/docs/versioned_docs/version-2.1/overview/confidential-kubernetes.md +++ b/docs/versioned_docs/version-2.1/overview/confidential-kubernetes.md @@ -23,9 +23,9 @@ With the above, Constellation wraps an entire cluster into one coherent and veri ![Confidential Kubernetes](../_media/concept-constellation.svg) -## Contrast: Managed Kubernetes with CVMs +## Comparison: Managed Kubernetes with CVMs -In contrast, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. +In comparison, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. ![Concept: Managed Kubernetes plus CVMs](../_media/concept-managed.svg) diff --git a/docs/versioned_docs/version-2.10/overview/confidential-kubernetes.md b/docs/versioned_docs/version-2.10/overview/confidential-kubernetes.md index 2b6c6ed17..1441c833a 100644 --- a/docs/versioned_docs/version-2.10/overview/confidential-kubernetes.md +++ b/docs/versioned_docs/version-2.10/overview/confidential-kubernetes.md @@ -23,9 +23,9 @@ With the above, Constellation wraps an entire cluster into one coherent and veri ![Confidential Kubernetes](../_media/concept-constellation.svg) -## Contrast: Managed Kubernetes with CVMs +## Comparison: Managed Kubernetes with CVMs -In contrast, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. +In comparison, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. ![Concept: Managed Kubernetes plus CVMs](../_media/concept-managed.svg) diff --git a/docs/versioned_docs/version-2.11/overview/confidential-kubernetes.md b/docs/versioned_docs/version-2.11/overview/confidential-kubernetes.md index 2b6c6ed17..1441c833a 100644 --- a/docs/versioned_docs/version-2.11/overview/confidential-kubernetes.md +++ b/docs/versioned_docs/version-2.11/overview/confidential-kubernetes.md @@ -23,9 +23,9 @@ With the above, Constellation wraps an entire cluster into one coherent and veri ![Confidential Kubernetes](../_media/concept-constellation.svg) -## Contrast: Managed Kubernetes with CVMs +## Comparison: Managed Kubernetes with CVMs -In contrast, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. +In comparison, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. ![Concept: Managed Kubernetes plus CVMs](../_media/concept-managed.svg) diff --git a/docs/versioned_docs/version-2.12/overview/confidential-kubernetes.md b/docs/versioned_docs/version-2.12/overview/confidential-kubernetes.md index ca20df4de..bff8c3322 100644 --- a/docs/versioned_docs/version-2.12/overview/confidential-kubernetes.md +++ b/docs/versioned_docs/version-2.12/overview/confidential-kubernetes.md @@ -23,9 +23,9 @@ With the above, Constellation wraps an entire cluster into one coherent and veri ![Confidential Kubernetes](../_media/concept-constellation.svg) -## Contrast: Managed Kubernetes with CVMs +## Comparison: Managed Kubernetes with CVMs -In contrast, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. +In comparison, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. ![Concept: Managed Kubernetes plus CVMs](../_media/concept-managed.svg) diff --git a/docs/versioned_docs/version-2.13/overview/confidential-kubernetes.md b/docs/versioned_docs/version-2.13/overview/confidential-kubernetes.md index ca20df4de..bff8c3322 100644 --- a/docs/versioned_docs/version-2.13/overview/confidential-kubernetes.md +++ b/docs/versioned_docs/version-2.13/overview/confidential-kubernetes.md @@ -23,9 +23,9 @@ With the above, Constellation wraps an entire cluster into one coherent and veri ![Confidential Kubernetes](../_media/concept-constellation.svg) -## Contrast: Managed Kubernetes with CVMs +## Comparison: Managed Kubernetes with CVMs -In contrast, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. +In comparison, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. ![Concept: Managed Kubernetes plus CVMs](../_media/concept-managed.svg) diff --git a/docs/versioned_docs/version-2.14/overview/confidential-kubernetes.md b/docs/versioned_docs/version-2.14/overview/confidential-kubernetes.md index ca20df4de..bff8c3322 100644 --- a/docs/versioned_docs/version-2.14/overview/confidential-kubernetes.md +++ b/docs/versioned_docs/version-2.14/overview/confidential-kubernetes.md @@ -23,9 +23,9 @@ With the above, Constellation wraps an entire cluster into one coherent and veri ![Confidential Kubernetes](../_media/concept-constellation.svg) -## Contrast: Managed Kubernetes with CVMs +## Comparison: Managed Kubernetes with CVMs -In contrast, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. +In comparison, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. ![Concept: Managed Kubernetes plus CVMs](../_media/concept-managed.svg) diff --git a/docs/versioned_docs/version-2.15/overview/confidential-kubernetes.md b/docs/versioned_docs/version-2.15/overview/confidential-kubernetes.md index ca20df4de..bff8c3322 100644 --- a/docs/versioned_docs/version-2.15/overview/confidential-kubernetes.md +++ b/docs/versioned_docs/version-2.15/overview/confidential-kubernetes.md @@ -23,9 +23,9 @@ With the above, Constellation wraps an entire cluster into one coherent and veri ![Confidential Kubernetes](../_media/concept-constellation.svg) -## Contrast: Managed Kubernetes with CVMs +## Comparison: Managed Kubernetes with CVMs -In contrast, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. +In comparison, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. ![Concept: Managed Kubernetes plus CVMs](../_media/concept-managed.svg) diff --git a/docs/versioned_docs/version-2.16/overview/confidential-kubernetes.md b/docs/versioned_docs/version-2.16/overview/confidential-kubernetes.md index ca20df4de..bff8c3322 100644 --- a/docs/versioned_docs/version-2.16/overview/confidential-kubernetes.md +++ b/docs/versioned_docs/version-2.16/overview/confidential-kubernetes.md @@ -23,9 +23,9 @@ With the above, Constellation wraps an entire cluster into one coherent and veri ![Confidential Kubernetes](../_media/concept-constellation.svg) -## Contrast: Managed Kubernetes with CVMs +## Comparison: Managed Kubernetes with CVMs -In contrast, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. +In comparison, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. ![Concept: Managed Kubernetes plus CVMs](../_media/concept-managed.svg) diff --git a/docs/versioned_docs/version-2.17/overview/confidential-kubernetes.md b/docs/versioned_docs/version-2.17/overview/confidential-kubernetes.md index ca20df4de..bff8c3322 100644 --- a/docs/versioned_docs/version-2.17/overview/confidential-kubernetes.md +++ b/docs/versioned_docs/version-2.17/overview/confidential-kubernetes.md @@ -23,9 +23,9 @@ With the above, Constellation wraps an entire cluster into one coherent and veri ![Confidential Kubernetes](../_media/concept-constellation.svg) -## Contrast: Managed Kubernetes with CVMs +## Comparison: Managed Kubernetes with CVMs -In contrast, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. +In comparison, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. ![Concept: Managed Kubernetes plus CVMs](../_media/concept-managed.svg) diff --git a/docs/versioned_docs/version-2.18/overview/confidential-kubernetes.md b/docs/versioned_docs/version-2.18/overview/confidential-kubernetes.md index ca20df4de..bff8c3322 100644 --- a/docs/versioned_docs/version-2.18/overview/confidential-kubernetes.md +++ b/docs/versioned_docs/version-2.18/overview/confidential-kubernetes.md @@ -23,9 +23,9 @@ With the above, Constellation wraps an entire cluster into one coherent and veri ![Confidential Kubernetes](../_media/concept-constellation.svg) -## Contrast: Managed Kubernetes with CVMs +## Comparison: Managed Kubernetes with CVMs -In contrast, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. +In comparison, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. ![Concept: Managed Kubernetes plus CVMs](../_media/concept-managed.svg) diff --git a/docs/versioned_docs/version-2.19/overview/confidential-kubernetes.md b/docs/versioned_docs/version-2.19/overview/confidential-kubernetes.md index ca20df4de..bff8c3322 100644 --- a/docs/versioned_docs/version-2.19/overview/confidential-kubernetes.md +++ b/docs/versioned_docs/version-2.19/overview/confidential-kubernetes.md @@ -23,9 +23,9 @@ With the above, Constellation wraps an entire cluster into one coherent and veri ![Confidential Kubernetes](../_media/concept-constellation.svg) -## Contrast: Managed Kubernetes with CVMs +## Comparison: Managed Kubernetes with CVMs -In contrast, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. +In comparison, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. ![Concept: Managed Kubernetes plus CVMs](../_media/concept-managed.svg) diff --git a/docs/versioned_docs/version-2.2/overview/confidential-kubernetes.md b/docs/versioned_docs/version-2.2/overview/confidential-kubernetes.md index 2b6c6ed17..1441c833a 100644 --- a/docs/versioned_docs/version-2.2/overview/confidential-kubernetes.md +++ b/docs/versioned_docs/version-2.2/overview/confidential-kubernetes.md @@ -23,9 +23,9 @@ With the above, Constellation wraps an entire cluster into one coherent and veri ![Confidential Kubernetes](../_media/concept-constellation.svg) -## Contrast: Managed Kubernetes with CVMs +## Comparison: Managed Kubernetes with CVMs -In contrast, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. +In comparison, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. ![Concept: Managed Kubernetes plus CVMs](../_media/concept-managed.svg) diff --git a/docs/versioned_docs/version-2.3/overview/confidential-kubernetes.md b/docs/versioned_docs/version-2.3/overview/confidential-kubernetes.md index 2b6c6ed17..1441c833a 100644 --- a/docs/versioned_docs/version-2.3/overview/confidential-kubernetes.md +++ b/docs/versioned_docs/version-2.3/overview/confidential-kubernetes.md @@ -23,9 +23,9 @@ With the above, Constellation wraps an entire cluster into one coherent and veri ![Confidential Kubernetes](../_media/concept-constellation.svg) -## Contrast: Managed Kubernetes with CVMs +## Comparison: Managed Kubernetes with CVMs -In contrast, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. +In comparison, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. ![Concept: Managed Kubernetes plus CVMs](../_media/concept-managed.svg) diff --git a/docs/versioned_docs/version-2.4/overview/confidential-kubernetes.md b/docs/versioned_docs/version-2.4/overview/confidential-kubernetes.md index 2b6c6ed17..1441c833a 100644 --- a/docs/versioned_docs/version-2.4/overview/confidential-kubernetes.md +++ b/docs/versioned_docs/version-2.4/overview/confidential-kubernetes.md @@ -23,9 +23,9 @@ With the above, Constellation wraps an entire cluster into one coherent and veri ![Confidential Kubernetes](../_media/concept-constellation.svg) -## Contrast: Managed Kubernetes with CVMs +## Comparison: Managed Kubernetes with CVMs -In contrast, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. +In comparison, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. ![Concept: Managed Kubernetes plus CVMs](../_media/concept-managed.svg) diff --git a/docs/versioned_docs/version-2.5/overview/confidential-kubernetes.md b/docs/versioned_docs/version-2.5/overview/confidential-kubernetes.md index 2b6c6ed17..1441c833a 100644 --- a/docs/versioned_docs/version-2.5/overview/confidential-kubernetes.md +++ b/docs/versioned_docs/version-2.5/overview/confidential-kubernetes.md @@ -23,9 +23,9 @@ With the above, Constellation wraps an entire cluster into one coherent and veri ![Confidential Kubernetes](../_media/concept-constellation.svg) -## Contrast: Managed Kubernetes with CVMs +## Comparison: Managed Kubernetes with CVMs -In contrast, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. +In comparison, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. ![Concept: Managed Kubernetes plus CVMs](../_media/concept-managed.svg) diff --git a/docs/versioned_docs/version-2.6/overview/confidential-kubernetes.md b/docs/versioned_docs/version-2.6/overview/confidential-kubernetes.md index 2b6c6ed17..1441c833a 100644 --- a/docs/versioned_docs/version-2.6/overview/confidential-kubernetes.md +++ b/docs/versioned_docs/version-2.6/overview/confidential-kubernetes.md @@ -23,9 +23,9 @@ With the above, Constellation wraps an entire cluster into one coherent and veri ![Confidential Kubernetes](../_media/concept-constellation.svg) -## Contrast: Managed Kubernetes with CVMs +## Comparison: Managed Kubernetes with CVMs -In contrast, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. +In comparison, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. ![Concept: Managed Kubernetes plus CVMs](../_media/concept-managed.svg) diff --git a/docs/versioned_docs/version-2.7/overview/confidential-kubernetes.md b/docs/versioned_docs/version-2.7/overview/confidential-kubernetes.md index 2b6c6ed17..1441c833a 100644 --- a/docs/versioned_docs/version-2.7/overview/confidential-kubernetes.md +++ b/docs/versioned_docs/version-2.7/overview/confidential-kubernetes.md @@ -23,9 +23,9 @@ With the above, Constellation wraps an entire cluster into one coherent and veri ![Confidential Kubernetes](../_media/concept-constellation.svg) -## Contrast: Managed Kubernetes with CVMs +## Comparison: Managed Kubernetes with CVMs -In contrast, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. +In comparison, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. ![Concept: Managed Kubernetes plus CVMs](../_media/concept-managed.svg) diff --git a/docs/versioned_docs/version-2.8/overview/confidential-kubernetes.md b/docs/versioned_docs/version-2.8/overview/confidential-kubernetes.md index 2b6c6ed17..1441c833a 100644 --- a/docs/versioned_docs/version-2.8/overview/confidential-kubernetes.md +++ b/docs/versioned_docs/version-2.8/overview/confidential-kubernetes.md @@ -23,9 +23,9 @@ With the above, Constellation wraps an entire cluster into one coherent and veri ![Confidential Kubernetes](../_media/concept-constellation.svg) -## Contrast: Managed Kubernetes with CVMs +## Comparison: Managed Kubernetes with CVMs -In contrast, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. +In comparison, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. ![Concept: Managed Kubernetes plus CVMs](../_media/concept-managed.svg) diff --git a/docs/versioned_docs/version-2.9/overview/confidential-kubernetes.md b/docs/versioned_docs/version-2.9/overview/confidential-kubernetes.md index 2b6c6ed17..1441c833a 100644 --- a/docs/versioned_docs/version-2.9/overview/confidential-kubernetes.md +++ b/docs/versioned_docs/version-2.9/overview/confidential-kubernetes.md @@ -23,9 +23,9 @@ With the above, Constellation wraps an entire cluster into one coherent and veri ![Confidential Kubernetes](../_media/concept-constellation.svg) -## Contrast: Managed Kubernetes with CVMs +## Comparison: Managed Kubernetes with CVMs -In contrast, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. +In comparison, managed Kubernetes with CVMs, as it's for example offered in [AKS](https://azure.microsoft.com/en-us/services/kubernetes-service/) and [GKE](https://cloud.google.com/kubernetes-engine), only provides runtime encryption for certain worker nodes. Here, each worker node is a separate (and typically unverified) confidential context. This only provides limited security benefits as it only prevents direct access to a worker node's memory. The large majority of potential attacks through the infrastructure remain unaffected. This includes attacks through the control plane, access to external key management, and the corruption of worker node images. This leaves many problems unsolved. For instance, *Node A* has no means to verify if *Node B* is "good" and if it's OK to share data with it. Consequently, this approach leaves a large attack surface, as is depicted in the following. ![Concept: Managed Kubernetes plus CVMs](../_media/concept-managed.svg) From 1c5fe3fe247fe66c169d5e6fabf0662b0ebdf322 Mon Sep 17 00:00:00 2001 From: Moritz Eckert Date: Mon, 11 Nov 2024 12:50:18 +0100 Subject: [PATCH 353/380] docs: update azure firmware with openhcl (#3473) Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> --- docs/docs/overview/clouds.md | 4 +++- docs/styles/config/vocabularies/edgeless/accept.txt | 1 + docs/versioned_docs/version-2.0/overview/clouds.md | 2 +- docs/versioned_docs/version-2.1/overview/clouds.md | 2 +- docs/versioned_docs/version-2.10/overview/clouds.md | 2 +- docs/versioned_docs/version-2.11/overview/clouds.md | 2 +- docs/versioned_docs/version-2.12/overview/clouds.md | 2 +- docs/versioned_docs/version-2.13/overview/clouds.md | 2 +- docs/versioned_docs/version-2.14/overview/clouds.md | 2 +- docs/versioned_docs/version-2.15/overview/clouds.md | 4 +++- docs/versioned_docs/version-2.16/overview/clouds.md | 4 +++- docs/versioned_docs/version-2.17/overview/clouds.md | 4 +++- docs/versioned_docs/version-2.18/overview/clouds.md | 4 +++- docs/versioned_docs/version-2.19/overview/clouds.md | 4 +++- docs/versioned_docs/version-2.2/overview/clouds.md | 2 +- docs/versioned_docs/version-2.3/overview/clouds.md | 2 +- docs/versioned_docs/version-2.4/overview/clouds.md | 2 +- docs/versioned_docs/version-2.5/overview/clouds.md | 2 +- docs/versioned_docs/version-2.6/overview/clouds.md | 2 +- docs/versioned_docs/version-2.7/overview/clouds.md | 2 +- docs/versioned_docs/version-2.8/overview/clouds.md | 2 +- docs/versioned_docs/version-2.9/overview/clouds.md | 2 +- 22 files changed, 34 insertions(+), 21 deletions(-) diff --git a/docs/docs/overview/clouds.md b/docs/docs/overview/clouds.md index 34f48d3f8..b2695d28e 100644 --- a/docs/docs/overview/clouds.md +++ b/docs/docs/overview/clouds.md @@ -19,7 +19,7 @@ The following table summarizes the state of features for different infrastructur | **1. Custom images** | Yes | Yes | Yes | Yes | Yes | | **2. SEV-SNP or TDX** | Yes | Yes | Yes | No | Depends on kernel/HV | | **3. Raw guest attestation** | Yes | Yes | Yes | No | Depends on kernel/HV | -| **4. Reviewable firmware** | Yes | No | No | No | Depends on kernel/HV | +| **4. Reviewable firmware** | Yes | No* | No | No | Depends on kernel/HV | | **5. Confidential measured boot** | No | Yes | No | No | Depends on kernel/HV | ## Amazon Web Services (AWS) @@ -40,6 +40,8 @@ This firmware is signed by Azure. The signature is reflected in the attestation statements of CVMs. Thus, the Azure closed-source firmware becomes part of Constellation's trusted computing base (TCB). +\* Recently, [Azure announced the open source paravisor OpenHCL](https://techcommunity.microsoft.com/blog/windowsosplatform/openhcl-the-new-open-source-paravisor/4273172). It's the foundation for fully open source and verifiable CVM firmware. Once Azure provides their CVM firmware with reproducible builds based on OpenHCL, (4) switches from *No* to *Yes*. Constellation will support OpenHCL based firmware on Azure in the future. + ## Google Cloud Platform (GCP) The [CVMs Generally Available in GCP](https://cloud.google.com/confidential-computing/confidential-vm/docs/confidential-vm-overview#technologies) are based on AMD SEV-ES or SEV-SNP. diff --git a/docs/styles/config/vocabularies/edgeless/accept.txt b/docs/styles/config/vocabularies/edgeless/accept.txt index 0e179c486..1676e071f 100644 --- a/docs/styles/config/vocabularies/edgeless/accept.txt +++ b/docs/styles/config/vocabularies/edgeless/accept.txt @@ -53,6 +53,7 @@ Mbps MicroK8s namespace Nginx +paravisor PCR plaintext proxied diff --git a/docs/versioned_docs/version-2.0/overview/clouds.md b/docs/versioned_docs/version-2.0/overview/clouds.md index 2fd864945..0fa4b79f7 100644 --- a/docs/versioned_docs/version-2.0/overview/clouds.md +++ b/docs/versioned_docs/version-2.0/overview/clouds.md @@ -24,7 +24,7 @@ The following table summarizes the state of features for different infrastructur With its [CVM offering](https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview), Azure provides the best foundations for Constellation. Regarding (3), Azure provides direct access to remote-attestation statements. However, regarding (4), the standard CVMs still include closed-source firmware running in VM Privilege Level (VMPL) 0. This firmware is signed by Azure. The signature is reflected in the remote-attestation statements of CVMs. Thus, the Azure closed-source firmware becomes part of Constellation's trusted computing base (TCB). -Recently, Azure [announced](https://techcommunity.microsoft.com/t5/azure-confidential-computing/azure-confidential-vms-using-sev-snp-dcasv5-ecasv5-are-now/ba-p/3573747) the *limited preview* of CVMs with customizable firmware. With this CVM type, (4) switches from *No* to *Yes*. Constellation will support customizable firmware on Azure in the future. +\* Recently, [Azure announced the open source paravisor OpenHCL](https://techcommunity.microsoft.com/blog/windowsosplatform/openhcl-the-new-open-source-paravisor/4273172). It's the foundation for fully open source and verifiable CVM firmware. Once Azure provides their CVM firmware with reproducible builds based on OpenHCL, (4) switches from *No* to *Yes*. Constellation will support OpenHCL based firmware on Azure in the future. ## Google Cloud Platform (GCP) diff --git a/docs/versioned_docs/version-2.1/overview/clouds.md b/docs/versioned_docs/version-2.1/overview/clouds.md index 2fd864945..0fa4b79f7 100644 --- a/docs/versioned_docs/version-2.1/overview/clouds.md +++ b/docs/versioned_docs/version-2.1/overview/clouds.md @@ -24,7 +24,7 @@ The following table summarizes the state of features for different infrastructur With its [CVM offering](https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview), Azure provides the best foundations for Constellation. Regarding (3), Azure provides direct access to remote-attestation statements. However, regarding (4), the standard CVMs still include closed-source firmware running in VM Privilege Level (VMPL) 0. This firmware is signed by Azure. The signature is reflected in the remote-attestation statements of CVMs. Thus, the Azure closed-source firmware becomes part of Constellation's trusted computing base (TCB). -Recently, Azure [announced](https://techcommunity.microsoft.com/t5/azure-confidential-computing/azure-confidential-vms-using-sev-snp-dcasv5-ecasv5-are-now/ba-p/3573747) the *limited preview* of CVMs with customizable firmware. With this CVM type, (4) switches from *No* to *Yes*. Constellation will support customizable firmware on Azure in the future. +\* Recently, [Azure announced the open source paravisor OpenHCL](https://techcommunity.microsoft.com/blog/windowsosplatform/openhcl-the-new-open-source-paravisor/4273172). It's the foundation for fully open source and verifiable CVM firmware. Once Azure provides their CVM firmware with reproducible builds based on OpenHCL, (4) switches from *No* to *Yes*. Constellation will support OpenHCL based firmware on Azure in the future. ## Google Cloud Platform (GCP) diff --git a/docs/versioned_docs/version-2.10/overview/clouds.md b/docs/versioned_docs/version-2.10/overview/clouds.md index c56a623b1..dfc3d5307 100644 --- a/docs/versioned_docs/version-2.10/overview/clouds.md +++ b/docs/versioned_docs/version-2.10/overview/clouds.md @@ -31,7 +31,7 @@ This firmware is signed by Azure. The signature is reflected in the remote-attestation statements of CVMs. Thus, the Azure closed-source firmware becomes part of Constellation's trusted computing base (TCB). -\* Recently, Azure [announced](https://techcommunity.microsoft.com/t5/azure-confidential-computing/azure-confidential-vms-using-sev-snp-dcasv5-ecasv5-are-now/ba-p/3573747) the *limited preview* of CVMs with customizable firmware. With this CVM type, (4) switches from *No* to *Yes*. Constellation will support customizable firmware on Azure in the future. +\* Recently, [Azure announced the open source paravisor OpenHCL](https://techcommunity.microsoft.com/blog/windowsosplatform/openhcl-the-new-open-source-paravisor/4273172). It's the foundation for fully open source and verifiable CVM firmware. Once Azure provides their CVM firmware with reproducible builds based on OpenHCL, (4) switches from *No* to *Yes*. Constellation will support OpenHCL based firmware on Azure in the future. ## Google Cloud Platform (GCP) diff --git a/docs/versioned_docs/version-2.11/overview/clouds.md b/docs/versioned_docs/version-2.11/overview/clouds.md index c56a623b1..dfc3d5307 100644 --- a/docs/versioned_docs/version-2.11/overview/clouds.md +++ b/docs/versioned_docs/version-2.11/overview/clouds.md @@ -31,7 +31,7 @@ This firmware is signed by Azure. The signature is reflected in the remote-attestation statements of CVMs. Thus, the Azure closed-source firmware becomes part of Constellation's trusted computing base (TCB). -\* Recently, Azure [announced](https://techcommunity.microsoft.com/t5/azure-confidential-computing/azure-confidential-vms-using-sev-snp-dcasv5-ecasv5-are-now/ba-p/3573747) the *limited preview* of CVMs with customizable firmware. With this CVM type, (4) switches from *No* to *Yes*. Constellation will support customizable firmware on Azure in the future. +\* Recently, [Azure announced the open source paravisor OpenHCL](https://techcommunity.microsoft.com/blog/windowsosplatform/openhcl-the-new-open-source-paravisor/4273172). It's the foundation for fully open source and verifiable CVM firmware. Once Azure provides their CVM firmware with reproducible builds based on OpenHCL, (4) switches from *No* to *Yes*. Constellation will support OpenHCL based firmware on Azure in the future. ## Google Cloud Platform (GCP) diff --git a/docs/versioned_docs/version-2.12/overview/clouds.md b/docs/versioned_docs/version-2.12/overview/clouds.md index c56a623b1..dfc3d5307 100644 --- a/docs/versioned_docs/version-2.12/overview/clouds.md +++ b/docs/versioned_docs/version-2.12/overview/clouds.md @@ -31,7 +31,7 @@ This firmware is signed by Azure. The signature is reflected in the remote-attestation statements of CVMs. Thus, the Azure closed-source firmware becomes part of Constellation's trusted computing base (TCB). -\* Recently, Azure [announced](https://techcommunity.microsoft.com/t5/azure-confidential-computing/azure-confidential-vms-using-sev-snp-dcasv5-ecasv5-are-now/ba-p/3573747) the *limited preview* of CVMs with customizable firmware. With this CVM type, (4) switches from *No* to *Yes*. Constellation will support customizable firmware on Azure in the future. +\* Recently, [Azure announced the open source paravisor OpenHCL](https://techcommunity.microsoft.com/blog/windowsosplatform/openhcl-the-new-open-source-paravisor/4273172). It's the foundation for fully open source and verifiable CVM firmware. Once Azure provides their CVM firmware with reproducible builds based on OpenHCL, (4) switches from *No* to *Yes*. Constellation will support OpenHCL based firmware on Azure in the future. ## Google Cloud Platform (GCP) diff --git a/docs/versioned_docs/version-2.13/overview/clouds.md b/docs/versioned_docs/version-2.13/overview/clouds.md index c56a623b1..dfc3d5307 100644 --- a/docs/versioned_docs/version-2.13/overview/clouds.md +++ b/docs/versioned_docs/version-2.13/overview/clouds.md @@ -31,7 +31,7 @@ This firmware is signed by Azure. The signature is reflected in the remote-attestation statements of CVMs. Thus, the Azure closed-source firmware becomes part of Constellation's trusted computing base (TCB). -\* Recently, Azure [announced](https://techcommunity.microsoft.com/t5/azure-confidential-computing/azure-confidential-vms-using-sev-snp-dcasv5-ecasv5-are-now/ba-p/3573747) the *limited preview* of CVMs with customizable firmware. With this CVM type, (4) switches from *No* to *Yes*. Constellation will support customizable firmware on Azure in the future. +\* Recently, [Azure announced the open source paravisor OpenHCL](https://techcommunity.microsoft.com/blog/windowsosplatform/openhcl-the-new-open-source-paravisor/4273172). It's the foundation for fully open source and verifiable CVM firmware. Once Azure provides their CVM firmware with reproducible builds based on OpenHCL, (4) switches from *No* to *Yes*. Constellation will support OpenHCL based firmware on Azure in the future. ## Google Cloud Platform (GCP) diff --git a/docs/versioned_docs/version-2.14/overview/clouds.md b/docs/versioned_docs/version-2.14/overview/clouds.md index c56a623b1..dfc3d5307 100644 --- a/docs/versioned_docs/version-2.14/overview/clouds.md +++ b/docs/versioned_docs/version-2.14/overview/clouds.md @@ -31,7 +31,7 @@ This firmware is signed by Azure. The signature is reflected in the remote-attestation statements of CVMs. Thus, the Azure closed-source firmware becomes part of Constellation's trusted computing base (TCB). -\* Recently, Azure [announced](https://techcommunity.microsoft.com/t5/azure-confidential-computing/azure-confidential-vms-using-sev-snp-dcasv5-ecasv5-are-now/ba-p/3573747) the *limited preview* of CVMs with customizable firmware. With this CVM type, (4) switches from *No* to *Yes*. Constellation will support customizable firmware on Azure in the future. +\* Recently, [Azure announced the open source paravisor OpenHCL](https://techcommunity.microsoft.com/blog/windowsosplatform/openhcl-the-new-open-source-paravisor/4273172). It's the foundation for fully open source and verifiable CVM firmware. Once Azure provides their CVM firmware with reproducible builds based on OpenHCL, (4) switches from *No* to *Yes*. Constellation will support OpenHCL based firmware on Azure in the future. ## Google Cloud Platform (GCP) diff --git a/docs/versioned_docs/version-2.15/overview/clouds.md b/docs/versioned_docs/version-2.15/overview/clouds.md index 75acd17cd..934f6c710 100644 --- a/docs/versioned_docs/version-2.15/overview/clouds.md +++ b/docs/versioned_docs/version-2.15/overview/clouds.md @@ -19,7 +19,7 @@ The following table summarizes the state of features for different infrastructur | **1. Custom images** | Yes | Yes | Yes | Yes | | **2. SEV-SNP or TDX** | Yes | Yes | Yes | Depends on kernel/HV | | **3. Raw guest attestation** | Yes | Yes | Yes | Depends on kernel/HV | -| **4. Reviewable firmware** | No | No | Yes | Depends on kernel/HV | +| **4. Reviewable firmware** | No* | No | Yes | Depends on kernel/HV | | **5. Confidential measured boot** | Yes | No | No | Depends on kernel/HV | ## Microsoft Azure @@ -32,6 +32,8 @@ This firmware is signed by Azure. The signature is reflected in the remote-attestation statements of CVMs. Thus, the Azure closed-source firmware becomes part of Constellation's trusted computing base (TCB). +\* Recently, [Azure announced the open source paravisor OpenHCL](https://techcommunity.microsoft.com/blog/windowsosplatform/openhcl-the-new-open-source-paravisor/4273172). It's the foundation for fully open source and verifiable CVM firmware. Once Azure provides their CVM firmware with reproducible builds based on OpenHCL, (4) switches from *No* to *Yes*. Constellation will support OpenHCL based firmware on Azure in the future. + ## Google Cloud Platform (GCP) The [CVMs Generally Available in GCP](https://cloud.google.com/confidential-computing/confidential-vm/docs/confidential-vm-overview#amd_sev) are based on AMD SEV but don't have SNP features enabled. diff --git a/docs/versioned_docs/version-2.16/overview/clouds.md b/docs/versioned_docs/version-2.16/overview/clouds.md index a7b1361e8..5f19d8877 100644 --- a/docs/versioned_docs/version-2.16/overview/clouds.md +++ b/docs/versioned_docs/version-2.16/overview/clouds.md @@ -19,7 +19,7 @@ The following table summarizes the state of features for different infrastructur | **1. Custom images** | Yes | Yes | Yes | Yes | Yes | | **2. SEV-SNP or TDX** | Yes | Yes | Yes | No | Depends on kernel/HV | | **3. Raw guest attestation** | Yes | Yes | Yes | No | Depends on kernel/HV | -| **4. Reviewable firmware** | No | No | Yes | No | Depends on kernel/HV | +| **4. Reviewable firmware** | No* | No | Yes | No | Depends on kernel/HV | | **5. Confidential measured boot** | Yes | No | No | No | Depends on kernel/HV | ## Microsoft Azure @@ -32,6 +32,8 @@ This firmware is signed by Azure. The signature is reflected in the remote-attestation statements of CVMs. Thus, the Azure closed-source firmware becomes part of Constellation's trusted computing base (TCB). +\* Recently, [Azure announced the open source paravisor OpenHCL](https://techcommunity.microsoft.com/blog/windowsosplatform/openhcl-the-new-open-source-paravisor/4273172). It's the foundation for fully open source and verifiable CVM firmware. Once Azure provides their CVM firmware with reproducible builds based on OpenHCL, (4) switches from *No* to *Yes*. Constellation will support OpenHCL based firmware on Azure in the future. + ## Google Cloud Platform (GCP) The [CVMs Generally Available in GCP](https://cloud.google.com/confidential-computing/confidential-vm/docs/confidential-vm-overview#amd_sev) are based on AMD SEV but don't have SNP features enabled. diff --git a/docs/versioned_docs/version-2.17/overview/clouds.md b/docs/versioned_docs/version-2.17/overview/clouds.md index 34f48d3f8..b2695d28e 100644 --- a/docs/versioned_docs/version-2.17/overview/clouds.md +++ b/docs/versioned_docs/version-2.17/overview/clouds.md @@ -19,7 +19,7 @@ The following table summarizes the state of features for different infrastructur | **1. Custom images** | Yes | Yes | Yes | Yes | Yes | | **2. SEV-SNP or TDX** | Yes | Yes | Yes | No | Depends on kernel/HV | | **3. Raw guest attestation** | Yes | Yes | Yes | No | Depends on kernel/HV | -| **4. Reviewable firmware** | Yes | No | No | No | Depends on kernel/HV | +| **4. Reviewable firmware** | Yes | No* | No | No | Depends on kernel/HV | | **5. Confidential measured boot** | No | Yes | No | No | Depends on kernel/HV | ## Amazon Web Services (AWS) @@ -40,6 +40,8 @@ This firmware is signed by Azure. The signature is reflected in the attestation statements of CVMs. Thus, the Azure closed-source firmware becomes part of Constellation's trusted computing base (TCB). +\* Recently, [Azure announced the open source paravisor OpenHCL](https://techcommunity.microsoft.com/blog/windowsosplatform/openhcl-the-new-open-source-paravisor/4273172). It's the foundation for fully open source and verifiable CVM firmware. Once Azure provides their CVM firmware with reproducible builds based on OpenHCL, (4) switches from *No* to *Yes*. Constellation will support OpenHCL based firmware on Azure in the future. + ## Google Cloud Platform (GCP) The [CVMs Generally Available in GCP](https://cloud.google.com/confidential-computing/confidential-vm/docs/confidential-vm-overview#technologies) are based on AMD SEV-ES or SEV-SNP. diff --git a/docs/versioned_docs/version-2.18/overview/clouds.md b/docs/versioned_docs/version-2.18/overview/clouds.md index 34f48d3f8..b2695d28e 100644 --- a/docs/versioned_docs/version-2.18/overview/clouds.md +++ b/docs/versioned_docs/version-2.18/overview/clouds.md @@ -19,7 +19,7 @@ The following table summarizes the state of features for different infrastructur | **1. Custom images** | Yes | Yes | Yes | Yes | Yes | | **2. SEV-SNP or TDX** | Yes | Yes | Yes | No | Depends on kernel/HV | | **3. Raw guest attestation** | Yes | Yes | Yes | No | Depends on kernel/HV | -| **4. Reviewable firmware** | Yes | No | No | No | Depends on kernel/HV | +| **4. Reviewable firmware** | Yes | No* | No | No | Depends on kernel/HV | | **5. Confidential measured boot** | No | Yes | No | No | Depends on kernel/HV | ## Amazon Web Services (AWS) @@ -40,6 +40,8 @@ This firmware is signed by Azure. The signature is reflected in the attestation statements of CVMs. Thus, the Azure closed-source firmware becomes part of Constellation's trusted computing base (TCB). +\* Recently, [Azure announced the open source paravisor OpenHCL](https://techcommunity.microsoft.com/blog/windowsosplatform/openhcl-the-new-open-source-paravisor/4273172). It's the foundation for fully open source and verifiable CVM firmware. Once Azure provides their CVM firmware with reproducible builds based on OpenHCL, (4) switches from *No* to *Yes*. Constellation will support OpenHCL based firmware on Azure in the future. + ## Google Cloud Platform (GCP) The [CVMs Generally Available in GCP](https://cloud.google.com/confidential-computing/confidential-vm/docs/confidential-vm-overview#technologies) are based on AMD SEV-ES or SEV-SNP. diff --git a/docs/versioned_docs/version-2.19/overview/clouds.md b/docs/versioned_docs/version-2.19/overview/clouds.md index 34f48d3f8..b2695d28e 100644 --- a/docs/versioned_docs/version-2.19/overview/clouds.md +++ b/docs/versioned_docs/version-2.19/overview/clouds.md @@ -19,7 +19,7 @@ The following table summarizes the state of features for different infrastructur | **1. Custom images** | Yes | Yes | Yes | Yes | Yes | | **2. SEV-SNP or TDX** | Yes | Yes | Yes | No | Depends on kernel/HV | | **3. Raw guest attestation** | Yes | Yes | Yes | No | Depends on kernel/HV | -| **4. Reviewable firmware** | Yes | No | No | No | Depends on kernel/HV | +| **4. Reviewable firmware** | Yes | No* | No | No | Depends on kernel/HV | | **5. Confidential measured boot** | No | Yes | No | No | Depends on kernel/HV | ## Amazon Web Services (AWS) @@ -40,6 +40,8 @@ This firmware is signed by Azure. The signature is reflected in the attestation statements of CVMs. Thus, the Azure closed-source firmware becomes part of Constellation's trusted computing base (TCB). +\* Recently, [Azure announced the open source paravisor OpenHCL](https://techcommunity.microsoft.com/blog/windowsosplatform/openhcl-the-new-open-source-paravisor/4273172). It's the foundation for fully open source and verifiable CVM firmware. Once Azure provides their CVM firmware with reproducible builds based on OpenHCL, (4) switches from *No* to *Yes*. Constellation will support OpenHCL based firmware on Azure in the future. + ## Google Cloud Platform (GCP) The [CVMs Generally Available in GCP](https://cloud.google.com/confidential-computing/confidential-vm/docs/confidential-vm-overview#technologies) are based on AMD SEV-ES or SEV-SNP. diff --git a/docs/versioned_docs/version-2.2/overview/clouds.md b/docs/versioned_docs/version-2.2/overview/clouds.md index 745507c52..c48f23cf0 100644 --- a/docs/versioned_docs/version-2.2/overview/clouds.md +++ b/docs/versioned_docs/version-2.2/overview/clouds.md @@ -24,7 +24,7 @@ The following table summarizes the state of features for different infrastructur With its [CVM offering](https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview), Azure provides the best foundations for Constellation. Regarding (3), Azure provides direct access to remote-attestation statements. However, regarding (4), the standard CVMs still include closed-source firmware running in VM Privilege Level (VMPL) 0. This firmware is signed by Azure. The signature is reflected in the remote-attestation statements of CVMs. Thus, the Azure closed-source firmware becomes part of Constellation's trusted computing base (TCB). -Recently, Azure [announced](https://techcommunity.microsoft.com/t5/azure-confidential-computing/azure-confidential-vms-using-sev-snp-dcasv5-ecasv5-are-now/ba-p/3573747) the *limited preview* of CVMs with customizable firmware. With this CVM type, (4) switches from *No* to *Yes*. Constellation will support customizable firmware on Azure in the future. +\* Recently, [Azure announced the open source paravisor OpenHCL](https://techcommunity.microsoft.com/blog/windowsosplatform/openhcl-the-new-open-source-paravisor/4273172). It's the foundation for fully open source and verifiable CVM firmware. Once Azure provides their CVM firmware with reproducible builds based on OpenHCL, (4) switches from *No* to *Yes*. Constellation will support OpenHCL based firmware on Azure in the future. ## Google Cloud Platform (GCP) diff --git a/docs/versioned_docs/version-2.3/overview/clouds.md b/docs/versioned_docs/version-2.3/overview/clouds.md index 745507c52..c48f23cf0 100644 --- a/docs/versioned_docs/version-2.3/overview/clouds.md +++ b/docs/versioned_docs/version-2.3/overview/clouds.md @@ -24,7 +24,7 @@ The following table summarizes the state of features for different infrastructur With its [CVM offering](https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview), Azure provides the best foundations for Constellation. Regarding (3), Azure provides direct access to remote-attestation statements. However, regarding (4), the standard CVMs still include closed-source firmware running in VM Privilege Level (VMPL) 0. This firmware is signed by Azure. The signature is reflected in the remote-attestation statements of CVMs. Thus, the Azure closed-source firmware becomes part of Constellation's trusted computing base (TCB). -Recently, Azure [announced](https://techcommunity.microsoft.com/t5/azure-confidential-computing/azure-confidential-vms-using-sev-snp-dcasv5-ecasv5-are-now/ba-p/3573747) the *limited preview* of CVMs with customizable firmware. With this CVM type, (4) switches from *No* to *Yes*. Constellation will support customizable firmware on Azure in the future. +\* Recently, [Azure announced the open source paravisor OpenHCL](https://techcommunity.microsoft.com/blog/windowsosplatform/openhcl-the-new-open-source-paravisor/4273172). It's the foundation for fully open source and verifiable CVM firmware. Once Azure provides their CVM firmware with reproducible builds based on OpenHCL, (4) switches from *No* to *Yes*. Constellation will support OpenHCL based firmware on Azure in the future. ## Google Cloud Platform (GCP) diff --git a/docs/versioned_docs/version-2.4/overview/clouds.md b/docs/versioned_docs/version-2.4/overview/clouds.md index 745507c52..c48f23cf0 100644 --- a/docs/versioned_docs/version-2.4/overview/clouds.md +++ b/docs/versioned_docs/version-2.4/overview/clouds.md @@ -24,7 +24,7 @@ The following table summarizes the state of features for different infrastructur With its [CVM offering](https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview), Azure provides the best foundations for Constellation. Regarding (3), Azure provides direct access to remote-attestation statements. However, regarding (4), the standard CVMs still include closed-source firmware running in VM Privilege Level (VMPL) 0. This firmware is signed by Azure. The signature is reflected in the remote-attestation statements of CVMs. Thus, the Azure closed-source firmware becomes part of Constellation's trusted computing base (TCB). -Recently, Azure [announced](https://techcommunity.microsoft.com/t5/azure-confidential-computing/azure-confidential-vms-using-sev-snp-dcasv5-ecasv5-are-now/ba-p/3573747) the *limited preview* of CVMs with customizable firmware. With this CVM type, (4) switches from *No* to *Yes*. Constellation will support customizable firmware on Azure in the future. +\* Recently, [Azure announced the open source paravisor OpenHCL](https://techcommunity.microsoft.com/blog/windowsosplatform/openhcl-the-new-open-source-paravisor/4273172). It's the foundation for fully open source and verifiable CVM firmware. Once Azure provides their CVM firmware with reproducible builds based on OpenHCL, (4) switches from *No* to *Yes*. Constellation will support OpenHCL based firmware on Azure in the future. ## Google Cloud Platform (GCP) diff --git a/docs/versioned_docs/version-2.5/overview/clouds.md b/docs/versioned_docs/version-2.5/overview/clouds.md index 3e4a50d27..c48f23cf0 100644 --- a/docs/versioned_docs/version-2.5/overview/clouds.md +++ b/docs/versioned_docs/version-2.5/overview/clouds.md @@ -24,7 +24,7 @@ The following table summarizes the state of features for different infrastructur With its [CVM offering](https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview), Azure provides the best foundations for Constellation. Regarding (3), Azure provides direct access to remote-attestation statements. However, regarding (4), the standard CVMs still include closed-source firmware running in VM Privilege Level (VMPL) 0. This firmware is signed by Azure. The signature is reflected in the remote-attestation statements of CVMs. Thus, the Azure closed-source firmware becomes part of Constellation's trusted computing base (TCB). -\* Recently, Azure [announced](https://techcommunity.microsoft.com/t5/azure-confidential-computing/azure-confidential-vms-using-sev-snp-dcasv5-ecasv5-are-now/ba-p/3573747) the *limited preview* of CVMs with customizable firmware. With this CVM type, (4) switches from *No* to *Yes*. Constellation will support customizable firmware on Azure in the future. +\* Recently, [Azure announced the open source paravisor OpenHCL](https://techcommunity.microsoft.com/blog/windowsosplatform/openhcl-the-new-open-source-paravisor/4273172). It's the foundation for fully open source and verifiable CVM firmware. Once Azure provides their CVM firmware with reproducible builds based on OpenHCL, (4) switches from *No* to *Yes*. Constellation will support OpenHCL based firmware on Azure in the future. ## Google Cloud Platform (GCP) diff --git a/docs/versioned_docs/version-2.6/overview/clouds.md b/docs/versioned_docs/version-2.6/overview/clouds.md index 3e4a50d27..c48f23cf0 100644 --- a/docs/versioned_docs/version-2.6/overview/clouds.md +++ b/docs/versioned_docs/version-2.6/overview/clouds.md @@ -24,7 +24,7 @@ The following table summarizes the state of features for different infrastructur With its [CVM offering](https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview), Azure provides the best foundations for Constellation. Regarding (3), Azure provides direct access to remote-attestation statements. However, regarding (4), the standard CVMs still include closed-source firmware running in VM Privilege Level (VMPL) 0. This firmware is signed by Azure. The signature is reflected in the remote-attestation statements of CVMs. Thus, the Azure closed-source firmware becomes part of Constellation's trusted computing base (TCB). -\* Recently, Azure [announced](https://techcommunity.microsoft.com/t5/azure-confidential-computing/azure-confidential-vms-using-sev-snp-dcasv5-ecasv5-are-now/ba-p/3573747) the *limited preview* of CVMs with customizable firmware. With this CVM type, (4) switches from *No* to *Yes*. Constellation will support customizable firmware on Azure in the future. +\* Recently, [Azure announced the open source paravisor OpenHCL](https://techcommunity.microsoft.com/blog/windowsosplatform/openhcl-the-new-open-source-paravisor/4273172). It's the foundation for fully open source and verifiable CVM firmware. Once Azure provides their CVM firmware with reproducible builds based on OpenHCL, (4) switches from *No* to *Yes*. Constellation will support OpenHCL based firmware on Azure in the future. ## Google Cloud Platform (GCP) diff --git a/docs/versioned_docs/version-2.7/overview/clouds.md b/docs/versioned_docs/version-2.7/overview/clouds.md index 847c888df..30995a012 100644 --- a/docs/versioned_docs/version-2.7/overview/clouds.md +++ b/docs/versioned_docs/version-2.7/overview/clouds.md @@ -24,7 +24,7 @@ The following table summarizes the state of features for different infrastructur With its [CVM offering](https://docs.microsoft.com/en-us/azure/confidential-computing/confidential-vm-overview), Azure provides the best foundations for Constellation. Regarding (3), Azure provides direct access to remote-attestation statements. However, regarding (4), the standard CVMs still include closed-source firmware running in VM Privilege Level (VMPL) 0. This firmware is signed by Azure. The signature is reflected in the remote-attestation statements of CVMs. Thus, the Azure closed-source firmware becomes part of Constellation's trusted computing base (TCB). -\* Recently, Azure [announced](https://techcommunity.microsoft.com/t5/azure-confidential-computing/azure-confidential-vms-using-sev-snp-dcasv5-ecasv5-are-now/ba-p/3573747) the *limited preview* of CVMs with customizable firmware. With this CVM type, (4) switches from *No* to *Yes*. Constellation will support customizable firmware on Azure in the future. +\* Recently, [Azure announced the open source paravisor OpenHCL](https://techcommunity.microsoft.com/blog/windowsosplatform/openhcl-the-new-open-source-paravisor/4273172). It's the foundation for fully open source and verifiable CVM firmware. Once Azure provides their CVM firmware with reproducible builds based on OpenHCL, (4) switches from *No* to *Yes*. Constellation will support OpenHCL based firmware on Azure in the future. ## Google Cloud Platform (GCP) diff --git a/docs/versioned_docs/version-2.8/overview/clouds.md b/docs/versioned_docs/version-2.8/overview/clouds.md index c56a623b1..dfc3d5307 100644 --- a/docs/versioned_docs/version-2.8/overview/clouds.md +++ b/docs/versioned_docs/version-2.8/overview/clouds.md @@ -31,7 +31,7 @@ This firmware is signed by Azure. The signature is reflected in the remote-attestation statements of CVMs. Thus, the Azure closed-source firmware becomes part of Constellation's trusted computing base (TCB). -\* Recently, Azure [announced](https://techcommunity.microsoft.com/t5/azure-confidential-computing/azure-confidential-vms-using-sev-snp-dcasv5-ecasv5-are-now/ba-p/3573747) the *limited preview* of CVMs with customizable firmware. With this CVM type, (4) switches from *No* to *Yes*. Constellation will support customizable firmware on Azure in the future. +\* Recently, [Azure announced the open source paravisor OpenHCL](https://techcommunity.microsoft.com/blog/windowsosplatform/openhcl-the-new-open-source-paravisor/4273172). It's the foundation for fully open source and verifiable CVM firmware. Once Azure provides their CVM firmware with reproducible builds based on OpenHCL, (4) switches from *No* to *Yes*. Constellation will support OpenHCL based firmware on Azure in the future. ## Google Cloud Platform (GCP) diff --git a/docs/versioned_docs/version-2.9/overview/clouds.md b/docs/versioned_docs/version-2.9/overview/clouds.md index c56a623b1..dfc3d5307 100644 --- a/docs/versioned_docs/version-2.9/overview/clouds.md +++ b/docs/versioned_docs/version-2.9/overview/clouds.md @@ -31,7 +31,7 @@ This firmware is signed by Azure. The signature is reflected in the remote-attestation statements of CVMs. Thus, the Azure closed-source firmware becomes part of Constellation's trusted computing base (TCB). -\* Recently, Azure [announced](https://techcommunity.microsoft.com/t5/azure-confidential-computing/azure-confidential-vms-using-sev-snp-dcasv5-ecasv5-are-now/ba-p/3573747) the *limited preview* of CVMs with customizable firmware. With this CVM type, (4) switches from *No* to *Yes*. Constellation will support customizable firmware on Azure in the future. +\* Recently, [Azure announced the open source paravisor OpenHCL](https://techcommunity.microsoft.com/blog/windowsosplatform/openhcl-the-new-open-source-paravisor/4273172). It's the foundation for fully open source and verifiable CVM firmware. Once Azure provides their CVM firmware with reproducible builds based on OpenHCL, (4) switches from *No* to *Yes*. Constellation will support OpenHCL based firmware on Azure in the future. ## Google Cloud Platform (GCP) From 26da32ed95783b8e7f6fba74eddc29de064b1f1e Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Thu, 14 Nov 2024 08:50:09 +0100 Subject: [PATCH 354/380] image: update measurements and image version (#3478) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index fdcabc0cf..6091c176c 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x0c, 0xa2, 0xa2, 0x61, 0x68, 0x2e, 0xbf, 0x9e, 0xb9, 0x88, 0xf1, 0xee, 0x25, 0x5b, 0x71, 0x5a, 0x90, 0x34, 0x2f, 0x83, 0xb8, 0x76, 0xff, 0x4b, 0x85, 0x8f, 0x11, 0xc6, 0xfd, 0x8a, 0x14, 0x7f}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x98, 0x4a, 0x48, 0xd7, 0x22, 0xf5, 0x32, 0x7f, 0xdc, 0x5c, 0x49, 0xd1, 0xd0, 0xa7, 0x4d, 0x77, 0xa5, 0x4b, 0x1e, 0x94, 0xb4, 0xc1, 0x55, 0xf7, 0x79, 0x26, 0x5e, 0xa2, 0x01, 0x12, 0x0e, 0x51}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x34, 0xec, 0xd8, 0xb6, 0x33, 0x50, 0x99, 0x41, 0x4a, 0xff, 0xe2, 0xe7, 0xa3, 0xe3, 0x6a, 0x72, 0xf9, 0x58, 0x2f, 0x96, 0x9c, 0xbd, 0xef, 0x5d, 0x75, 0xbd, 0x14, 0x56, 0x99, 0x82, 0x9f, 0xbd}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x02, 0x8c, 0x59, 0xe8, 0xad, 0x56, 0x1e, 0x13, 0x1a, 0xc5, 0x18, 0x8e, 0x98, 0xa2, 0x20, 0x54, 0xa0, 0x24, 0x7b, 0x46, 0xf1, 0x16, 0x2f, 0xbf, 0x61, 0x50, 0x37, 0xf5, 0x6f, 0x61, 0x12, 0x9c}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd5, 0x63, 0xda, 0x62, 0x4e, 0x4a, 0x56, 0xe8, 0xec, 0xe8, 0xea, 0xf8, 0x56, 0xbd, 0xcd, 0x78, 0x1b, 0xc5, 0xd8, 0x1f, 0x1c, 0x47, 0xa0, 0xa1, 0x88, 0x26, 0x9d, 0x8d, 0x93, 0x60, 0x6e, 0x0f}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa2, 0x36, 0x13, 0x26, 0xeb, 0x3c, 0x93, 0x8f, 0xf6, 0xed, 0x4a, 0x84, 0x63, 0x0c, 0x61, 0x97, 0xfb, 0x63, 0x4a, 0xa4, 0xb0, 0x5f, 0x2e, 0x67, 0x5b, 0xc2, 0xf0, 0x56, 0x6e, 0xe7, 0xc2, 0xad}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xa5, 0xa1, 0x67, 0x87, 0xa4, 0x69, 0xd2, 0x52, 0xee, 0x85, 0x34, 0x1d, 0xcf, 0xfe, 0xe5, 0x4b, 0xb8, 0xe5, 0xd6, 0x49, 0x63, 0xdd, 0xed, 0x7d, 0x7e, 0x03, 0x89, 0x92, 0xcc, 0x43, 0x12, 0xfb}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xc0, 0x67, 0x79, 0x8a, 0xe7, 0x71, 0x3c, 0xb7, 0xa1, 0xc9, 0xbf, 0x46, 0xce, 0x85, 0x14, 0x07, 0x49, 0xe2, 0x0b, 0xcf, 0x59, 0x79, 0x29, 0x11, 0x7b, 0x68, 0x6d, 0xad, 0x8a, 0x5a, 0x2c, 0x15}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xb7, 0xea, 0x80, 0xbf, 0x98, 0x6c, 0x9f, 0x37, 0xb7, 0x1e, 0xab, 0x1f, 0x5a, 0xee, 0xc8, 0x9b, 0x46, 0x5b, 0xcd, 0x74, 0x8d, 0xdd, 0xf6, 0xc7, 0x09, 0xa1, 0x72, 0x3e, 0xb2, 0x7a, 0xde, 0x56}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x9d, 0xc1, 0xc8, 0x56, 0xc7, 0x21, 0xc5, 0x0f, 0xbd, 0xe0, 0xa2, 0x04, 0x2a, 0xc1, 0xac, 0xc5, 0x30, 0x52, 0x4c, 0x6c, 0x08, 0x37, 0xe3, 0x97, 0xe0, 0x22, 0x74, 0x14, 0x4c, 0x4e, 0xe7, 0xbf}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xdc, 0xff, 0xc9, 0xdb, 0x0e, 0x7a, 0x7e, 0x4a, 0x62, 0x1b, 0x86, 0xf3, 0xce, 0xa0, 0xd8, 0xc8, 0x11, 0x34, 0x7c, 0x2e, 0x8f, 0xae, 0xc3, 0xcd, 0x24, 0x65, 0x77, 0x66, 0x70, 0x3e, 0x93, 0x78}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xfa, 0x90, 0x67, 0x87, 0xf2, 0xae, 0x46, 0xf2, 0x34, 0xdd, 0xca, 0x5b, 0x25, 0xdf, 0x03, 0x3c, 0x1f, 0xaa, 0xd2, 0x9d, 0x0a, 0xe3, 0x6f, 0x62, 0xa0, 0x42, 0x59, 0xa5, 0xc6, 0x03, 0x98, 0xcd}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x1f, 0x20, 0xa8, 0x6c, 0x29, 0xeb, 0x98, 0xb6, 0x92, 0x72, 0xc5, 0x49, 0x1e, 0xd6, 0x89, 0x48, 0x7d, 0x1b, 0x9a, 0x34, 0xef, 0xcc, 0xfd, 0xf1, 0xaa, 0x63, 0xdf, 0x9a, 0x69, 0x08, 0x6d, 0x76}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xfa, 0x0e, 0x75, 0xab, 0xfd, 0xa3, 0x94, 0x5a, 0xbc, 0x1a, 0x3a, 0xb0, 0x70, 0xc5, 0xda, 0xe9, 0xdd, 0x47, 0x09, 0xc2, 0x8c, 0xb4, 0x75, 0x0e, 0x18, 0x61, 0xff, 0x2f, 0x04, 0x09, 0xfa, 0xa9}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x03, 0xb8, 0x1c, 0x98, 0x58, 0xb8, 0x2d, 0x80, 0x04, 0xfb, 0x43, 0x09, 0xf6, 0xba, 0x81, 0x77, 0xbd, 0x93, 0xb6, 0x30, 0x2b, 0x24, 0xb9, 0xcf, 0x69, 0xcf, 0x82, 0xfe, 0x3c, 0xe5, 0xd9, 0x63}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x94, 0x84, 0x17, 0x01, 0xbc, 0xc4, 0x60, 0x76, 0x85, 0x78, 0xf1, 0x9e, 0xb4, 0x7c, 0xf4, 0xde, 0x37, 0x4c, 0xa5, 0xc0, 0x12, 0x00, 0x79, 0xce, 0x56, 0x4d, 0x2b, 0xcb, 0x75, 0x6d, 0x91, 0x75}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xce, 0x1d, 0xda, 0xa9, 0x4a, 0xc4, 0x18, 0x78, 0x99, 0xd6, 0x9f, 0xf8, 0xf8, 0xcd, 0x08, 0x98, 0x42, 0x7c, 0xad, 0x05, 0x50, 0xd9, 0x48, 0x63, 0x70, 0x0c, 0x6d, 0x6b, 0x1d, 0x21, 0x1b, 0xc4}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x4f, 0x0a, 0x9f, 0xc5, 0x7f, 0x3e, 0xff, 0xfc, 0x9d, 0xeb, 0x65, 0x1f, 0xdb, 0xa3, 0x56, 0x45, 0xa1, 0xce, 0xd9, 0x4e, 0x26, 0x03, 0x1e, 0x7e, 0xee, 0xbb, 0xff, 0x10, 0x7f, 0xd8, 0xcb, 0xd0}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x87, 0xe6, 0x62, 0x6e, 0xcb, 0x63, 0x6c, 0x03, 0xb4, 0x63, 0x42, 0x23, 0x05, 0x56, 0x9b, 0x0e, 0xe1, 0xe5, 0x05, 0x03, 0x72, 0x3a, 0xf7, 0x0f, 0x80, 0xd1, 0x4d, 0xa5, 0xbc, 0x19, 0xb5, 0x6c}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x66, 0x77, 0x43, 0x18, 0xc2, 0xb6, 0x1d, 0xe9, 0x92, 0x92, 0xb6, 0x2c, 0x63, 0x7c, 0x9b, 0xd8, 0x94, 0x97, 0x66, 0x5d, 0x22, 0xb4, 0x2d, 0xbe, 0xc1, 0x9d, 0x68, 0xba, 0xc0, 0x0e, 0x4a, 0xb8}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x0e, 0x09, 0x9f, 0x39, 0xbd, 0xd1, 0x6b, 0xe9, 0x7b, 0x8d, 0x20, 0x95, 0xbd, 0xdf, 0xad, 0x98, 0x4d, 0x65, 0x46, 0x7a, 0x40, 0x98, 0x12, 0x85, 0xc5, 0xff, 0x32, 0x24, 0xa6, 0x09, 0x6e, 0xfb}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xa1, 0x55, 0x99, 0xb9, 0x70, 0xc6, 0x43, 0x23, 0xef, 0xf8, 0xb3, 0xe9, 0xcb, 0x3f, 0x4f, 0xc9, 0x5d, 0x11, 0x25, 0x1b, 0x23, 0x21, 0xb5, 0xc2, 0x43, 0xd9, 0x9b, 0x22, 0x17, 0x1b, 0x33, 0xfc}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x67, 0x51, 0x5f, 0xe5, 0xd0, 0x94, 0xf7, 0x56, 0xfc, 0xf9, 0x4c, 0xef, 0x72, 0xbc, 0xd1, 0x58, 0x84, 0x11, 0x5e, 0xb9, 0x1a, 0xca, 0xad, 0x6f, 0x18, 0x4c, 0xdc, 0x1e, 0xa8, 0xba, 0x6d, 0xb2}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe5, 0x60, 0xef, 0x73, 0x25, 0xef, 0x2f, 0x72, 0x7f, 0x31, 0xaa, 0xa0, 0xc3, 0xd7, 0x16, 0x6f, 0x21, 0x0f, 0xd3, 0xe4, 0x1b, 0x71, 0x16, 0xc8, 0x13, 0x58, 0x26, 0x80, 0x7c, 0xef, 0xf7, 0x7d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xa0, 0xb0, 0xc9, 0x9a, 0x21, 0x4f, 0x3a, 0x6f, 0x15, 0xd5, 0x90, 0xf5, 0x88, 0x61, 0x5e, 0x35, 0x8a, 0x3e, 0xfd, 0x29, 0x6b, 0xc1, 0xca, 0x99, 0x91, 0x8a, 0x32, 0x73, 0x3b, 0xf8, 0x02, 0xd4}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xf6, 0x94, 0xd8, 0x8e, 0xe9, 0xed, 0x97, 0x76, 0x46, 0x20, 0x61, 0xc6, 0x6c, 0x06, 0xa6, 0xed, 0x30, 0x1f, 0x92, 0xbc, 0xc0, 0x0c, 0x41, 0xfb, 0x43, 0xcd, 0x60, 0xf4, 0x98, 0x7b, 0xa8, 0x7e}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x3b, 0x1a, 0xe6, 0x17, 0xc7, 0xbd, 0x70, 0x8c, 0x84, 0x14, 0xb1, 0xf6, 0x2f, 0x28, 0x53, 0xa2, 0x69, 0x7f, 0x9d, 0x3a, 0x8f, 0x91, 0xae, 0x7b, 0x44, 0x2e, 0x80, 0x20, 0x99, 0x17, 0x2d, 0x89}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x81, 0xbe, 0x04, 0x41, 0x0a, 0x6e, 0xc3, 0x04, 0x34, 0x32, 0x5c, 0xc7, 0xf5, 0xd0, 0x75, 0x41, 0x8f, 0x43, 0x5e, 0x00, 0xd5, 0xbd, 0xb2, 0x1f, 0x1c, 0xa8, 0xa0, 0xe4, 0x79, 0x33, 0x31, 0x49}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x32, 0xf7, 0x67, 0x93, 0xec, 0xf6, 0x0e, 0x95, 0x32, 0xb8, 0x92, 0x32, 0xe3, 0xc8, 0x78, 0x50, 0xc8, 0x7a, 0x2e, 0xe4, 0x3d, 0x0b, 0xe2, 0x0f, 0xa8, 0xa5, 0x31, 0x8d, 0x9d, 0x2b, 0x3b, 0x63}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x34, 0x04, 0x6f, 0xac, 0x29, 0x01, 0x34, 0x99, 0xcf, 0x15, 0x70, 0x8e, 0x42, 0x72, 0x7b, 0x7c, 0x90, 0xef, 0x14, 0x58, 0x35, 0x41, 0x92, 0x73, 0x94, 0x90, 0x2f, 0xb0, 0x64, 0x1f, 0xcc, 0xab}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0x96, 0xa5, 0x2a, 0xab, 0xc6, 0x67, 0x64, 0x7e, 0xca, 0xdc, 0x8a, 0xca, 0x33, 0x39, 0xf4, 0xf8, 0xd4, 0xf2, 0x1c, 0x22, 0x00, 0xf0, 0x71, 0x05, 0x9b, 0xe4, 0xc3, 0x5e, 0x1b, 0xbb, 0xfe, 0x55}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xbe, 0x3b, 0xd9, 0x84, 0x4b, 0xb4, 0xea, 0xc4, 0x76, 0xb0, 0x25, 0x06, 0x51, 0xe6, 0x0e, 0xad, 0x49, 0xeb, 0x4c, 0xea, 0xfc, 0x73, 0xb7, 0x68, 0xcc, 0xb0, 0x79, 0xa0, 0xb9, 0xc1, 0xd5, 0x7a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x68, 0x5b, 0x38, 0x35, 0xd3, 0xc7, 0xc1, 0xa5, 0xf3, 0x41, 0x99, 0x3b, 0x63, 0xfa, 0x1b, 0xf9, 0xcf, 0xf9, 0xe0, 0x03, 0x9b, 0x6e, 0xd1, 0x3c, 0x05, 0xcf, 0xec, 0xa7, 0xa4, 0xb4, 0xba, 0xd1}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x7a, 0x9d, 0x23, 0x86, 0x69, 0x82, 0x76, 0x2b, 0x47, 0xd2, 0x45, 0xf3, 0x02, 0xe2, 0xc4, 0x9d, 0x4b, 0x10, 0x50, 0xfe, 0x2e, 0x57, 0x53, 0x3a, 0x36, 0xa1, 0xa1, 0x77, 0x90, 0x57, 0x8b, 0xae}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xe8, 0xe9, 0x36, 0x71, 0xb6, 0xd9, 0x39, 0x66, 0x24, 0xc4, 0x1b, 0x0f, 0x12, 0x7a, 0x58, 0x73, 0x65, 0x4a, 0xca, 0x72, 0x0a, 0x3f, 0x70, 0x95, 0xb5, 0x27, 0xd6, 0xe6, 0xc6, 0x55, 0xf0, 0x0a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x13, 0x4d, 0x9e, 0x59, 0x13, 0x6f, 0xfb, 0x09, 0xf8, 0xd8, 0x5d, 0x56, 0x31, 0x3b, 0x0a, 0x24, 0x91, 0x80, 0x8a, 0x72, 0x5f, 0x5c, 0x4a, 0x19, 0x78, 0xd4, 0x5a, 0xf3, 0xe4, 0xdf, 0x3b, 0xaa}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xa9, 0xd6, 0xcc, 0x6e, 0xe8, 0xe6, 0x60, 0xa9, 0xaf, 0x35, 0x26, 0x13, 0x17, 0xda, 0x30, 0xaf, 0x9f, 0x31, 0xcf, 0x03, 0x6a, 0x66, 0x9e, 0xf5, 0x67, 0x8c, 0x20, 0xac, 0xd0, 0xa0, 0x60, 0xd2}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd5, 0x79, 0x76, 0x5c, 0xf2, 0x14, 0x9d, 0xbf, 0x8a, 0xb3, 0x6e, 0x80, 0x20, 0xb6, 0xba, 0xb3, 0x42, 0xf8, 0xce, 0xe3, 0xbd, 0x61, 0xbc, 0xe2, 0x1d, 0xe0, 0x3f, 0x07, 0x00, 0x49, 0x94, 0x29}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd5, 0xc6, 0x30, 0xea, 0xff, 0x41, 0xa9, 0xdc, 0xd1, 0x4a, 0xaf, 0x99, 0xa3, 0x84, 0x9e, 0x44, 0x59, 0xab, 0x6b, 0xd1, 0x4b, 0x42, 0xae, 0x3d, 0xe6, 0x86, 0xbc, 0x0a, 0xd0, 0x71, 0x4f, 0x01}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0x73, 0xe1, 0x07, 0xc4, 0xfd, 0xa4, 0xd0, 0x44, 0xe7, 0x60, 0x4f, 0x7c, 0x64, 0xcf, 0x01, 0x58, 0x07, 0xb9, 0xe2, 0x3e, 0x56, 0xa7, 0xfc, 0x79, 0xec, 0x46, 0x3c, 0x6d, 0xd9, 0x4f, 0x9e, 0x84}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xff, 0x53, 0x4d, 0xd1, 0x82, 0xbe, 0x16, 0x51, 0x73, 0x10, 0x8a, 0x29, 0xff, 0x3f, 0x87, 0x66, 0x59, 0x3b, 0xa4, 0xe2, 0x9a, 0xbc, 0xc7, 0xb9, 0x29, 0x8b, 0x7e, 0xeb, 0x79, 0x29, 0xd0, 0x37}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xfd, 0xdf, 0x3c, 0xb4, 0xfd, 0x2e, 0x70, 0x55, 0x83, 0x17, 0x51, 0x4f, 0x32, 0x07, 0xab, 0xd5, 0x20, 0xcb, 0x94, 0x0a, 0x8c, 0x4a, 0x13, 0xf4, 0xe1, 0x22, 0xc3, 0x4a, 0x53, 0x6b, 0x3d, 0x3c}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0x30, 0x64, 0x6b, 0x38, 0xe4, 0x79, 0xfd, 0x9c, 0xc3, 0x60, 0x5d, 0x3b, 0x89, 0x62, 0x6e, 0x16, 0xc9, 0x3d, 0x6d, 0xed, 0x67, 0x94, 0x63, 0x47, 0xc8, 0x6f, 0xb4, 0x94, 0x21, 0x6b, 0xf4, 0xb3}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb5, 0xb0, 0x00, 0x85, 0x18, 0x3e, 0xbb, 0x39, 0x3e, 0xec, 0x57, 0x20, 0x1c, 0x24, 0x1e, 0x49, 0x4b, 0x4e, 0xf3, 0x5b, 0x03, 0x73, 0x5d, 0xff, 0x18, 0x68, 0xff, 0x34, 0xad, 0x28, 0xfc, 0xfe}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x07, 0x08, 0xab, 0xc9, 0xf6, 0xba, 0x11, 0x21, 0x9e, 0x8c, 0xa7, 0x47, 0x6a, 0xd7, 0x96, 0x3c, 0xbd, 0xe4, 0x77, 0x89, 0x8a, 0xcf, 0x4c, 0xbd, 0x61, 0x29, 0xe7, 0x02, 0x34, 0x13, 0xb2, 0x79}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0x00, 0x47, 0x75, 0x16, 0x30, 0xe9, 0xbc, 0xb3, 0x1a, 0x06, 0xd2, 0xf4, 0xe8, 0xdb, 0xb3, 0xdc, 0x61, 0x67, 0x42, 0x98, 0x2f, 0xdc, 0xa9, 0x32, 0x9c, 0x8a, 0xec, 0xce, 0x77, 0x9d, 0x7e, 0xa1}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb6, 0x09, 0xb7, 0x05, 0x8f, 0x6d, 0xc1, 0xec, 0x92, 0x02, 0x09, 0xe8, 0x88, 0x38, 0x47, 0xb4, 0x98, 0x55, 0x72, 0xf0, 0x4a, 0x8e, 0x9b, 0xe1, 0xa2, 0xcf, 0x1f, 0x64, 0xa1, 0xab, 0x3d, 0x4c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x08, 0x8a, 0xc4, 0xe6, 0x0d, 0x9a, 0x37, 0xba, 0x47, 0xd9, 0x6d, 0x16, 0x74, 0x5a, 0xd6, 0xd1, 0x28, 0x4a, 0x5b, 0x7b, 0xed, 0x6c, 0xb9, 0x2a, 0x33, 0xd6, 0x9f, 0x52, 0xc5, 0xeb, 0xad, 0x7f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index c3a81b63d..814007879 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.20.0-pre.0.20241107093041-887b9c5faef5" + defaultImage = "ref/main/stream/nightly/v2.20.0-pre.0.20241111125018-1c5fe3fe247f" ) From 98cabeebd566c6c97c0880c34cdce169987a285d Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Fri, 15 Nov 2024 09:02:24 +0100 Subject: [PATCH 355/380] image: update measurements and image version (#3479) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index 6091c176c..82eb2b438 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x1f, 0x20, 0xa8, 0x6c, 0x29, 0xeb, 0x98, 0xb6, 0x92, 0x72, 0xc5, 0x49, 0x1e, 0xd6, 0x89, 0x48, 0x7d, 0x1b, 0x9a, 0x34, 0xef, 0xcc, 0xfd, 0xf1, 0xaa, 0x63, 0xdf, 0x9a, 0x69, 0x08, 0x6d, 0x76}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xfa, 0x0e, 0x75, 0xab, 0xfd, 0xa3, 0x94, 0x5a, 0xbc, 0x1a, 0x3a, 0xb0, 0x70, 0xc5, 0xda, 0xe9, 0xdd, 0x47, 0x09, 0xc2, 0x8c, 0xb4, 0x75, 0x0e, 0x18, 0x61, 0xff, 0x2f, 0x04, 0x09, 0xfa, 0xa9}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x03, 0xb8, 0x1c, 0x98, 0x58, 0xb8, 0x2d, 0x80, 0x04, 0xfb, 0x43, 0x09, 0xf6, 0xba, 0x81, 0x77, 0xbd, 0x93, 0xb6, 0x30, 0x2b, 0x24, 0xb9, 0xcf, 0x69, 0xcf, 0x82, 0xfe, 0x3c, 0xe5, 0xd9, 0x63}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x94, 0x84, 0x17, 0x01, 0xbc, 0xc4, 0x60, 0x76, 0x85, 0x78, 0xf1, 0x9e, 0xb4, 0x7c, 0xf4, 0xde, 0x37, 0x4c, 0xa5, 0xc0, 0x12, 0x00, 0x79, 0xce, 0x56, 0x4d, 0x2b, 0xcb, 0x75, 0x6d, 0x91, 0x75}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xce, 0x1d, 0xda, 0xa9, 0x4a, 0xc4, 0x18, 0x78, 0x99, 0xd6, 0x9f, 0xf8, 0xf8, 0xcd, 0x08, 0x98, 0x42, 0x7c, 0xad, 0x05, 0x50, 0xd9, 0x48, 0x63, 0x70, 0x0c, 0x6d, 0x6b, 0x1d, 0x21, 0x1b, 0xc4}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x4f, 0x0a, 0x9f, 0xc5, 0x7f, 0x3e, 0xff, 0xfc, 0x9d, 0xeb, 0x65, 0x1f, 0xdb, 0xa3, 0x56, 0x45, 0xa1, 0xce, 0xd9, 0x4e, 0x26, 0x03, 0x1e, 0x7e, 0xee, 0xbb, 0xff, 0x10, 0x7f, 0xd8, 0xcb, 0xd0}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x87, 0xe6, 0x62, 0x6e, 0xcb, 0x63, 0x6c, 0x03, 0xb4, 0x63, 0x42, 0x23, 0x05, 0x56, 0x9b, 0x0e, 0xe1, 0xe5, 0x05, 0x03, 0x72, 0x3a, 0xf7, 0x0f, 0x80, 0xd1, 0x4d, 0xa5, 0xbc, 0x19, 0xb5, 0x6c}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x66, 0x77, 0x43, 0x18, 0xc2, 0xb6, 0x1d, 0xe9, 0x92, 0x92, 0xb6, 0x2c, 0x63, 0x7c, 0x9b, 0xd8, 0x94, 0x97, 0x66, 0x5d, 0x22, 0xb4, 0x2d, 0xbe, 0xc1, 0x9d, 0x68, 0xba, 0xc0, 0x0e, 0x4a, 0xb8}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x0e, 0x09, 0x9f, 0x39, 0xbd, 0xd1, 0x6b, 0xe9, 0x7b, 0x8d, 0x20, 0x95, 0xbd, 0xdf, 0xad, 0x98, 0x4d, 0x65, 0x46, 0x7a, 0x40, 0x98, 0x12, 0x85, 0xc5, 0xff, 0x32, 0x24, 0xa6, 0x09, 0x6e, 0xfb}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xa1, 0x55, 0x99, 0xb9, 0x70, 0xc6, 0x43, 0x23, 0xef, 0xf8, 0xb3, 0xe9, 0xcb, 0x3f, 0x4f, 0xc9, 0x5d, 0x11, 0x25, 0x1b, 0x23, 0x21, 0xb5, 0xc2, 0x43, 0xd9, 0x9b, 0x22, 0x17, 0x1b, 0x33, 0xfc}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x67, 0x51, 0x5f, 0xe5, 0xd0, 0x94, 0xf7, 0x56, 0xfc, 0xf9, 0x4c, 0xef, 0x72, 0xbc, 0xd1, 0x58, 0x84, 0x11, 0x5e, 0xb9, 0x1a, 0xca, 0xad, 0x6f, 0x18, 0x4c, 0xdc, 0x1e, 0xa8, 0xba, 0x6d, 0xb2}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe5, 0x60, 0xef, 0x73, 0x25, 0xef, 0x2f, 0x72, 0x7f, 0x31, 0xaa, 0xa0, 0xc3, 0xd7, 0x16, 0x6f, 0x21, 0x0f, 0xd3, 0xe4, 0x1b, 0x71, 0x16, 0xc8, 0x13, 0x58, 0x26, 0x80, 0x7c, 0xef, 0xf7, 0x7d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x61, 0x89, 0x67, 0x25, 0xc1, 0xf7, 0x18, 0x5a, 0xbd, 0xda, 0x5a, 0x26, 0xc7, 0xa3, 0xbc, 0x81, 0xaa, 0x68, 0xa8, 0xec, 0xea, 0xfa, 0xd9, 0x02, 0x6a, 0xd1, 0x37, 0x2b, 0x98, 0xbe, 0x51, 0x47}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xc8, 0x6c, 0xee, 0x77, 0x63, 0x8a, 0x67, 0xd1, 0xb0, 0x82, 0xfc, 0x85, 0xe1, 0x1f, 0x8d, 0xca, 0x00, 0x2f, 0x3b, 0x38, 0x6c, 0xfa, 0xdd, 0x21, 0x47, 0x10, 0x03, 0x77, 0xb5, 0x8f, 0x9d, 0x61}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x0a, 0x95, 0x0d, 0x6d, 0xac, 0x94, 0x25, 0xa8, 0x78, 0x5e, 0xb3, 0xe2, 0x51, 0x3e, 0xaf, 0xdf, 0x98, 0xcc, 0xde, 0x4c, 0xf9, 0xe2, 0xc8, 0x75, 0x71, 0x2a, 0xc2, 0x32, 0x45, 0x44, 0xb4, 0xfe}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x9f, 0x29, 0xbf, 0xf9, 0x7f, 0xf9, 0xed, 0x4e, 0x11, 0x87, 0x95, 0x23, 0x35, 0x8a, 0x85, 0xd9, 0xd4, 0x10, 0x37, 0x1b, 0x5c, 0x12, 0x35, 0xd0, 0x0b, 0xb3, 0x82, 0x13, 0x1b, 0xc9, 0xbc, 0x43}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xc9, 0x0e, 0xbd, 0x3b, 0x44, 0x71, 0xd3, 0x10, 0x29, 0x6d, 0x97, 0xec, 0x04, 0x88, 0xac, 0x2c, 0x1d, 0x1e, 0x44, 0x64, 0xd6, 0x4e, 0x3c, 0xb0, 0xc4, 0xd0, 0xb1, 0xf0, 0x96, 0x99, 0xf0, 0xb7}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x18, 0xa5, 0x18, 0x53, 0x50, 0x63, 0xe0, 0x8f, 0xa5, 0xb9, 0xd1, 0x48, 0xc7, 0x4e, 0x84, 0xf3, 0x90, 0x28, 0x52, 0xdc, 0xa8, 0x86, 0xc5, 0x21, 0x89, 0x0b, 0xcd, 0x6f, 0xe5, 0x2c, 0xad, 0x4f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x8b, 0x12, 0xe5, 0xf9, 0x26, 0x1e, 0xd8, 0x7c, 0x0a, 0x8e, 0x4d, 0x17, 0x10, 0xa5, 0xf1, 0x40, 0xad, 0x52, 0xf3, 0xcd, 0x99, 0x18, 0x95, 0x85, 0x1e, 0x64, 0xad, 0x2d, 0x2b, 0x1f, 0xad, 0x30}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x5c, 0x99, 0xe8, 0x38, 0x68, 0x1b, 0x27, 0xee, 0x0b, 0xb9, 0xe7, 0x8f, 0xbb, 0xe2, 0xbc, 0x1d, 0x32, 0xa6, 0x72, 0x69, 0x3b, 0x56, 0x5c, 0x48, 0x7b, 0x4c, 0xe8, 0xbf, 0xda, 0xfd, 0xdd, 0xbe}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x72, 0x17, 0x57, 0x1f, 0x80, 0x4d, 0x93, 0xab, 0x93, 0xad, 0x8e, 0x7a, 0x19, 0xfe, 0x40, 0x9c, 0xf6, 0xcc, 0xfc, 0xd7, 0xaa, 0x26, 0x22, 0x55, 0x1e, 0x8a, 0xf0, 0x46, 0x68, 0x8a, 0xba, 0x83}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x40, 0x82, 0x12, 0x01, 0x53, 0xfb, 0xf5, 0xdb, 0xf2, 0x96, 0xca, 0xe4, 0xcf, 0xa8, 0x51, 0xa8, 0xd2, 0x1c, 0x19, 0x38, 0x46, 0x76, 0x94, 0x97, 0x60, 0xeb, 0x06, 0xbd, 0x92, 0xa5, 0x3f, 0x90}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x7e, 0x97, 0xea, 0x92, 0x92, 0x2f, 0x59, 0x2c, 0xed, 0xb0, 0x20, 0x68, 0x13, 0xe8, 0x3f, 0x93, 0xba, 0x2d, 0x4c, 0x35, 0xef, 0xb7, 0xcb, 0x19, 0xff, 0x08, 0xfe, 0x34, 0x5b, 0x2f, 0xae, 0xef}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x11, 0xed, 0xc5, 0xf0, 0x85, 0xed, 0xb1, 0xbd, 0xf6, 0xea, 0x24, 0x72, 0xe6, 0x52, 0x15, 0xf7, 0x42, 0x64, 0x65, 0xa4, 0x7a, 0x60, 0x62, 0xa3, 0x92, 0xd2, 0xd4, 0xcf, 0x24, 0x02, 0x67, 0x40}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x7a, 0x9d, 0x23, 0x86, 0x69, 0x82, 0x76, 0x2b, 0x47, 0xd2, 0x45, 0xf3, 0x02, 0xe2, 0xc4, 0x9d, 0x4b, 0x10, 0x50, 0xfe, 0x2e, 0x57, 0x53, 0x3a, 0x36, 0xa1, 0xa1, 0x77, 0x90, 0x57, 0x8b, 0xae}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xe8, 0xe9, 0x36, 0x71, 0xb6, 0xd9, 0x39, 0x66, 0x24, 0xc4, 0x1b, 0x0f, 0x12, 0x7a, 0x58, 0x73, 0x65, 0x4a, 0xca, 0x72, 0x0a, 0x3f, 0x70, 0x95, 0xb5, 0x27, 0xd6, 0xe6, 0xc6, 0x55, 0xf0, 0x0a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x13, 0x4d, 0x9e, 0x59, 0x13, 0x6f, 0xfb, 0x09, 0xf8, 0xd8, 0x5d, 0x56, 0x31, 0x3b, 0x0a, 0x24, 0x91, 0x80, 0x8a, 0x72, 0x5f, 0x5c, 0x4a, 0x19, 0x78, 0xd4, 0x5a, 0xf3, 0xe4, 0xdf, 0x3b, 0xaa}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xa9, 0xd6, 0xcc, 0x6e, 0xe8, 0xe6, 0x60, 0xa9, 0xaf, 0x35, 0x26, 0x13, 0x17, 0xda, 0x30, 0xaf, 0x9f, 0x31, 0xcf, 0x03, 0x6a, 0x66, 0x9e, 0xf5, 0x67, 0x8c, 0x20, 0xac, 0xd0, 0xa0, 0x60, 0xd2}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd5, 0x79, 0x76, 0x5c, 0xf2, 0x14, 0x9d, 0xbf, 0x8a, 0xb3, 0x6e, 0x80, 0x20, 0xb6, 0xba, 0xb3, 0x42, 0xf8, 0xce, 0xe3, 0xbd, 0x61, 0xbc, 0xe2, 0x1d, 0xe0, 0x3f, 0x07, 0x00, 0x49, 0x94, 0x29}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd5, 0xc6, 0x30, 0xea, 0xff, 0x41, 0xa9, 0xdc, 0xd1, 0x4a, 0xaf, 0x99, 0xa3, 0x84, 0x9e, 0x44, 0x59, 0xab, 0x6b, 0xd1, 0x4b, 0x42, 0xae, 0x3d, 0xe6, 0x86, 0xbc, 0x0a, 0xd0, 0x71, 0x4f, 0x01}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0x73, 0xe1, 0x07, 0xc4, 0xfd, 0xa4, 0xd0, 0x44, 0xe7, 0x60, 0x4f, 0x7c, 0x64, 0xcf, 0x01, 0x58, 0x07, 0xb9, 0xe2, 0x3e, 0x56, 0xa7, 0xfc, 0x79, 0xec, 0x46, 0x3c, 0x6d, 0xd9, 0x4f, 0x9e, 0x84}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xff, 0x53, 0x4d, 0xd1, 0x82, 0xbe, 0x16, 0x51, 0x73, 0x10, 0x8a, 0x29, 0xff, 0x3f, 0x87, 0x66, 0x59, 0x3b, 0xa4, 0xe2, 0x9a, 0xbc, 0xc7, 0xb9, 0x29, 0x8b, 0x7e, 0xeb, 0x79, 0x29, 0xd0, 0x37}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xfd, 0xdf, 0x3c, 0xb4, 0xfd, 0x2e, 0x70, 0x55, 0x83, 0x17, 0x51, 0x4f, 0x32, 0x07, 0xab, 0xd5, 0x20, 0xcb, 0x94, 0x0a, 0x8c, 0x4a, 0x13, 0xf4, 0xe1, 0x22, 0xc3, 0x4a, 0x53, 0x6b, 0x3d, 0x3c}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x41, 0x80, 0x03, 0x10, 0x1f, 0x1b, 0x90, 0x5d, 0xd9, 0x9e, 0x71, 0x00, 0xb8, 0xa8, 0x95, 0x0e, 0x96, 0x98, 0x14, 0xfe, 0x70, 0xe3, 0x64, 0x7d, 0x00, 0x8c, 0xa4, 0x67, 0x72, 0x1b, 0x6a, 0xe8}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xcf, 0xba, 0x6c, 0x57, 0x88, 0x9d, 0x51, 0xf3, 0x3c, 0x10, 0x58, 0x54, 0x44, 0xe3, 0x3e, 0x6c, 0x52, 0x05, 0x62, 0xfd, 0xf8, 0xe2, 0x4f, 0x95, 0x54, 0x64, 0x81, 0xc3, 0x34, 0xe7, 0x60, 0x72}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xee, 0xc0, 0xa7, 0x7c, 0x67, 0xa7, 0x71, 0x43, 0xa4, 0x70, 0x5b, 0x9f, 0x61, 0x08, 0x4d, 0x05, 0xe1, 0xcc, 0x40, 0x14, 0xdb, 0x07, 0x9f, 0x0d, 0x80, 0x4d, 0x44, 0x8e, 0x4b, 0x7b, 0x3a, 0xf7}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x7b, 0xfa, 0x08, 0x31, 0xa4, 0xa6, 0xd4, 0x4f, 0x18, 0x58, 0x9a, 0xd8, 0x80, 0x93, 0x2c, 0x6d, 0x71, 0x0a, 0xe0, 0xfe, 0xed, 0x64, 0xc4, 0x7d, 0xe8, 0x7f, 0x0d, 0x40, 0xd9, 0x5c, 0xc1, 0x82}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd1, 0x5b, 0x71, 0xcd, 0x1a, 0x7c, 0x4b, 0x4c, 0x9c, 0x28, 0xb2, 0x74, 0xc4, 0x61, 0x5a, 0x50, 0x3e, 0x00, 0x24, 0x22, 0x36, 0xe6, 0x6a, 0xc6, 0x8b, 0x98, 0xa2, 0xd4, 0x26, 0x9a, 0x21, 0x19}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf3, 0x28, 0x17, 0x0e, 0xce, 0x57, 0x37, 0xb2, 0x11, 0xc7, 0x9d, 0xa9, 0x07, 0x8d, 0xca, 0xd0, 0x70, 0x28, 0xab, 0xca, 0x01, 0xab, 0xc4, 0x22, 0xb1, 0xe1, 0xf2, 0x5a, 0x8b, 0xee, 0xe3, 0x1a}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0x7e, 0xa0, 0x52, 0x81, 0x76, 0x8d, 0xa3, 0xa3, 0xcd, 0xfa, 0xcc, 0x56, 0x9c, 0x03, 0xad, 0x3a, 0x35, 0x5a, 0x3b, 0xab, 0xe0, 0xf8, 0x83, 0xbf, 0xc4, 0xa1, 0x96, 0xec, 0xf7, 0xd2, 0xf9, 0x61}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x38, 0xc9, 0xf9, 0x7f, 0x17, 0xf8, 0x8b, 0x58, 0x48, 0x5a, 0x17, 0xef, 0x18, 0x4c, 0x93, 0x4e, 0x36, 0x13, 0x5a, 0xf6, 0xb3, 0xd3, 0xfa, 0x01, 0x40, 0x4f, 0xe1, 0xbd, 0x28, 0x03, 0xc5, 0x2b}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xca, 0xb7, 0xaa, 0x36, 0x7b, 0x1f, 0x5f, 0xa4, 0x96, 0x94, 0x1b, 0x80, 0xa7, 0x8d, 0xc7, 0x4e, 0xd2, 0x27, 0xce, 0x7b, 0x4e, 0x01, 0x24, 0xa5, 0x26, 0x36, 0x7e, 0x7b, 0x4e, 0xd7, 0x6b, 0x8a}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0x00, 0x47, 0x75, 0x16, 0x30, 0xe9, 0xbc, 0xb3, 0x1a, 0x06, 0xd2, 0xf4, 0xe8, 0xdb, 0xb3, 0xdc, 0x61, 0x67, 0x42, 0x98, 0x2f, 0xdc, 0xa9, 0x32, 0x9c, 0x8a, 0xec, 0xce, 0x77, 0x9d, 0x7e, 0xa1}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb6, 0x09, 0xb7, 0x05, 0x8f, 0x6d, 0xc1, 0xec, 0x92, 0x02, 0x09, 0xe8, 0x88, 0x38, 0x47, 0xb4, 0x98, 0x55, 0x72, 0xf0, 0x4a, 0x8e, 0x9b, 0xe1, 0xa2, 0xcf, 0x1f, 0x64, 0xa1, 0xab, 0x3d, 0x4c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x08, 0x8a, 0xc4, 0xe6, 0x0d, 0x9a, 0x37, 0xba, 0x47, 0xd9, 0x6d, 0x16, 0x74, 0x5a, 0xd6, 0xd1, 0x28, 0x4a, 0x5b, 0x7b, 0xed, 0x6c, 0xb9, 0x2a, 0x33, 0xd6, 0x9f, 0x52, 0xc5, 0xeb, 0xad, 0x7f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0x2a, 0x55, 0x40, 0x35, 0x8f, 0xf9, 0xc9, 0x23, 0xdf, 0x98, 0x31, 0x61, 0x36, 0xd2, 0xce, 0x27, 0xd4, 0x96, 0xd1, 0x92, 0x40, 0x48, 0x55, 0x06, 0xfb, 0x35, 0x02, 0x8c, 0x5a, 0xba, 0x80, 0x50}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x86, 0xa1, 0xb7, 0xb3, 0x08, 0x3c, 0xc5, 0x34, 0x9e, 0x75, 0x5d, 0xf5, 0xe1, 0x05, 0x34, 0x7d, 0xb3, 0x68, 0x7b, 0x30, 0x0c, 0xe2, 0x2d, 0x4f, 0x79, 0xb4, 0x1d, 0x6a, 0x94, 0xdd, 0xf5, 0x2a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x37, 0xb2, 0x75, 0xc8, 0xfa, 0x32, 0xd4, 0xd4, 0xb8, 0x16, 0xb1, 0x3a, 0xbf, 0xc6, 0x74, 0x97, 0x4e, 0xd2, 0x86, 0xfe, 0x7f, 0x64, 0xe4, 0xd9, 0xde, 0x36, 0x68, 0x4c, 0x26, 0xd8, 0x54, 0xd9}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index 814007879..2bc8f9367 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.20.0-pre.0.20241111125018-1c5fe3fe247f" + defaultImage = "ref/main/stream/nightly/v2.20.0-pre.0.20241114085009-26da32ed9578" ) From 7cde5220c5bf4bda1fa9fffe274be70d50617a07 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Mon, 18 Nov 2024 08:16:45 +0100 Subject: [PATCH 356/380] image: update locked rpms (#3481) Co-authored-by: edgelessci --- image/mirror/SHA256SUMS | 44 ++++++++++++++++++++--------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/image/mirror/SHA256SUMS b/image/mirror/SHA256SUMS index 0abc865c1..a291ca91a 100644 --- a/image/mirror/SHA256SUMS +++ b/image/mirror/SHA256SUMS @@ -11,8 +11,8 @@ db18a583ebde21d8b0b67f0306e25908b273bef9c532469ac0b7ab92578438f4 authselect-lib 68a43532d10187888788625d0b6c2224ba95804280eddf2636e5ef700607e7d0 bzip2-libs-1.0.8-18.fc40.x86_64.rpm 1afcf80d5e7b22ee512ec9f24b4f2b148888ef95af3486cf48f2204c3406b12d ca-certificates-2024.2.69_v8.0.401-1.0.fc40.noarch.rpm 99d4976979c8b9d18c9d2d686de77882dc6a4e72ebfe358fb9a37a83f0ecdc90 catatonit-0.1.7-22.fc40.x86_64.rpm -75a442ef2c8b3ab75a2692657c7838e806d56b607201ee463a68e0d448312391 composefs-1.0.3-1.fc40.x86_64.rpm -26e873722d8c94ba8150cb5afc7adcda1be17a21804d9c19e54eff530e3249a5 composefs-libs-1.0.3-1.fc40.x86_64.rpm +588a2ab4dd93d58ca8b8d2c2d0b5e2c52007548c3fdd06f5ca1ab415ee236d86 composefs-1.0.6-1.fc40.x86_64.rpm +5935816e8d377d0385e5287ca12e4d3b43e3c3cdc9cc4deafa653a6dba78611a composefs-libs-1.0.6-1.fc40.x86_64.rpm db246f6445469b5a71e965a081685471768393cf04181e7250ce0ddcb8a9c3d4 conmon-2.1.12-2.fc40.x86_64.rpm adf4b75cdd9fae9d2d37fb71d9f0bf625a6705c0f0a7784569ab21463fe22152 conntrack-tools-1.4.7-7.fc40.x86_64.rpm fa073cc08e035fab231c2e9aa3116468e75f5056c169d5b095f3ee2956123d95 container-selinux-2.233.0-1.fc40.noarch.rpm @@ -47,16 +47,16 @@ cb0736689bd171b6c6ac7a60737fd6b9534c950958ad8e03138068bf9498e0b1 dracut-102-2.f fa40cda554dc644d5a8354b18be748f21996dadd6193ee4ac32c02581266d313 duktape-2.7.0-7.fc40.x86_64.rpm ac4f1b2eaf5d452512e7b6172c93880c2b501946b71a228adc02d50bb3fb56e0 e2fsprogs-1.47.0-5.fc40.x86_64.rpm 8476fda117e3cb808129ddc2f975069685a8c7875ee04c3dafa6ceed948a2628 e2fsprogs-libs-1.47.0-5.fc40.x86_64.rpm -3e0ec4d7b4b95d10f58c5269688e03da7abb4d73169c76761f4fc7e7f7797a47 ec2-utils-1.2-47.amzn2.noarch.rpm +2e2bf662f060ddd75195e9d3d5f08cdd5d9cc857df3a9bcc45608337ba314a25 ec2-utils-1.2-48.amzn2.noarch.rpm e6231ec4268b3efa928250eb4106311e0f33396422245b938bfed4ba2d79c573 efitools-1.9.2-9.fc38.x86_64.rpm 6ac676d78c2df896f9794a8dffb75ea69c58d202c68f4bcf084f0d264154a666 efivar-libs-39-2.fc40.x86_64.rpm -357561054d8964bebed6e8f79bc6213a6df810a66d6d36d6eeeb881530667d0e elfutils-debuginfod-client-0.192-4.fc40.i686.rpm -7ec661eef51c766496b5414d852f90b35b4c93247e4fb736840f6b24bd9dfe1a elfutils-debuginfod-client-0.192-4.fc40.x86_64.rpm -04c41c3743991edc45f3a41baa726d4bae184da26990432c318a6f82d626ac78 elfutils-default-yama-scope-0.192-4.fc40.noarch.rpm -ffa8a54d1c29e1fd2276704f18fe860d120333adc464530891d105ec81b47b89 elfutils-libelf-0.192-4.fc40.i686.rpm -ba72f1e8f6a9a328a310a2397cf1ad4c47d310bec0b375aee8984d4d37936b7c elfutils-libelf-0.192-4.fc40.x86_64.rpm -27b95fd6a8075dd861e9cfb351cd3587e1d190c8094457ded784ccbce97e57b8 elfutils-libs-0.192-4.fc40.i686.rpm -9040db997101fdfab569cbc4211910caec7c92a5e58ae0e69fd7902cd1fa3b10 elfutils-libs-0.192-4.fc40.x86_64.rpm +d4b391ee444de66794804962e441ccdba74e75630a2abbcc9a14b7fd2f7cb535 elfutils-debuginfod-client-0.192-6.fc40.i686.rpm +60befd76c16ce28b1f065fac31e88cdb74d5219421587fcdde2b46abace803c0 elfutils-debuginfod-client-0.192-6.fc40.x86_64.rpm +467cc1d14f1e6ca0a3b893c087ba5ecee2ec44c33b7455b6ad9cc9b2aa1f2f54 elfutils-default-yama-scope-0.192-6.fc40.noarch.rpm +5c4abd06417a9bed0a93adf00ef7a9195101069445fe7f2873408b3d4010a760 elfutils-libelf-0.192-6.fc40.i686.rpm +98d770d563c5898abd6847e728dd793f6ee985904020084c62c7568463614428 elfutils-libelf-0.192-6.fc40.x86_64.rpm +61f3912d147750749d3b4b5031d0f2ca95fa21615a36bd55ea4b4b9be0493e02 elfutils-libs-0.192-6.fc40.i686.rpm +f215ebf2e586330f93c52b228c98912a0b42db9ceeff830b611817401a84252a elfutils-libs-0.192-6.fc40.x86_64.rpm 95cf8ee199b2e1b3471f920ebad57d3d8178f5e68d37ee35a8a94727473ec8d3 ethtool-6.11-1.fc40.x86_64.rpm 3a5ba168021a01107d6dd4dc7cffe8bb5553c64f236c436979b9fddfdc4cb59d expat-2.6.3-1.fc40.x86_64.rpm 849feb04544096f9bbe16bc78c2198708fe658bdafa08575c911e538a7d31c18 fedora-gpg-keys-40-2.noarch.rpm @@ -119,8 +119,8 @@ c8e382e9de90e6946dd9bc2f706d6c307ea4ebba3eca91a283f1bb72b5b3ac9c kbd-2.6.4-3.fc 42994ac67877595861b55adafd75ab3ce02d397e2ccddac8fb40ec0fecb4436b kmod-libs-31-5.fc40.i686.rpm 53dd95341767a2ea40b68e4621a231883bd5b69426f0920ce1f1ca94e18765cb kmod-libs-31-5.fc40.x86_64.rpm 9a03b21936528f6d08700757cb460c48e9557a71efaaa5e93b01b3f7614320f3 kpartx-0.9.7-7.fc40.x86_64.rpm -a983bdcb68e5de1c648791c96bb88a87846fd52faded3f9e00e31277c3ebae50 krb5-libs-1.21.3-1.fc40.i686.rpm -2c32d410b49c6d3d4f66b361169ad76dfd9f75ee01d9866c62b14d1e5dfc5124 krb5-libs-1.21.3-1.fc40.x86_64.rpm +821a2a47fa5ff1f9450f82118c812bc105f8afd5eb6a8e00523665c2a14a651d krb5-libs-1.21.3-2.fc40.i686.rpm +2db3a289d5a710b5f8ebbd603228d67ee59281622f086e3530efe8f2545057d6 krb5-libs-1.21.3-2.fc40.x86_64.rpm 6f2f0a522f2f10f273a77a60fdb7e066c14059d0a3676c9f723162daa7110b42 libacl-2.3.2-1.fc40.i686.rpm b753174804f57c3c6bae7afeb6145005498f18ae5d1aa0d340f9df5b8d71312f libacl-2.3.2-1.fc40.x86_64.rpm 74d72760c1982830358d676794ee3972ab05550fe7235ae9756a40de8266091f libarchive-3.7.2-7.fc40.x86_64.rpm @@ -181,7 +181,7 @@ ad8d041ab07f62567f80e9a751529091f591a542dd91b6473b7cba5749b56d69 libnetfilter_q db4841a294c5ec3759d77f356a05d0c7f852270aa75c900daac4992f12147dd3 libnftnl-1.2.6-5.fc40.x86_64.rpm 0e9b7c72112f58e83d66422eb2d77d346dc0810cdb652906f0d0fcbd9799fc7d libnghttp2-1.59.0-3.fc40.i686.rpm 550160732fc268914a422cfddc3c745febf8da161f8eacbce8649c67117b1476 libnghttp2-1.59.0-3.fc40.x86_64.rpm -13c21b26297876c42723a5557d97ecfada4ab2a79a4e4e771a6a3df29ffd5e47 libnl3-3.10.0-1.fc40.x86_64.rpm +d7062104274c9b8eae85b7c199a69c2f8692c17f31d3fdf4364b53f6a3553e9c libnl3-3.11.0-1.fc40.x86_64.rpm fa6dccd7aee4a74a5cfa12c7927c7326485704ebe57c54774b0f157fda639360 libnsl2-2.0.1-1.fc40.x86_64.rpm 9e27ce1072ef67dd8877175f9a7daa1bcddbbcec3fd6f161e6bc2f2b453c360b libnvme-1.8-1.fc40.x86_64.rpm bb9ceaba0d3283777777524e8c99b8eaa2155e9000d8e3ef5d0ece336f8c1392 libpsl-0.21.5-3.fc40.x86_64.rpm @@ -204,11 +204,11 @@ c8bbfa2762cc601f8a97d8d5a39a658f0e91ba477ebebd798b30f7fc8ffdd457 libss-1.47.0-5 89e7282e0a94d641871dfed423ba2ce6f8b088eaf9aabdea1805708bcafa6a01 libstdc++-14.2.1-3.fc40.x86_64.rpm d92173d6fbfb7e2af3b35a8554229e247666e15dc5b36cba43b7bbfc4144b781 libtasn1-4.19.0-6.fc40.x86_64.rpm 9ca680998686ee852fa8e1667cd6e7c436bfd5fe7da898bd314d808303d447f8 libtextstyle-0.22.5-4.fc40.x86_64.rpm -80467fae6550f0285b1afbeabc82512cd89a46a12b614b7514d1e393ed2509a2 libtirpc-1.3.6-0.fc40.x86_64.rpm +a660c40fc2af9578a7cf283bd18df6ae00d68f25b7d102f4e4f49a3805f6c575 libtirpc-1.3.6-1.fc40.x86_64.rpm e5d150d23f95e4a23288b84145af442607a88bf457c0e04b325b1d1e8e708c2b libtool-ltdl-2.4.7-10.fc40.x86_64.rpm e541a1c8397dccf159b3602eb6bbb381ba21c544db337a3b3bfc49ccc2ef5c21 libunistring-1.1-7.fc40.i686.rpm 58719c2f205b23598e31b72144ab55215947ad8fca96af46a641288692c159d2 libunistring-1.1-7.fc40.x86_64.rpm -813c8cb7828e15c0de655b215d456b8049ed7e8454f4e56026762359b4870a62 libusb1-1.0.27-2.fc40.x86_64.rpm +bc60959e98e5f690bc3df03bfa8afee2d0cf28e794c4e3c52f19769885771321 libusb1-1.0.27-4.fc40.x86_64.rpm 896d671852ed3f28e8c778dca361c5b5c57a89855df11755e6be1d088f64d43a libutempter-1.2.1-13.fc40.i686.rpm 0093a8d3f490fbbbc71b01e0c8f9b083040dbf7513be31a91a0769d846198c1b libutempter-1.2.1-13.fc40.x86_64.rpm 5aaa12bba361ae29b2a6b35c4b21da935423bc2ad763eaa8267008c7a533cb3c libuuid-2.40-0.9.rc1.fc40.i686.rpm @@ -250,12 +250,12 @@ e9fca52d76eb6277b9fec3238226faafc0938806318fad1143a527fdd28a16cf openssl-libs-3 9f0336deb6f1b1524ec48d837622e7e2291995369b0356d7ad1e1d427f3b659a os-prober-1.81-6.fc40.x86_64.rpm 70fba929aab38a9d69a457cef1b01962161a1df2b78dc5a4e86ff4b994b51079 p11-kit-0.25.5-1.fc40.x86_64.rpm c728dbd90872b7597a8ace70a70555bff576231bb6dbde14b75626d601706af8 p11-kit-trust-0.25.5-1.fc40.x86_64.rpm -33d36e10f465b7b15de75ae1856b403ed37c23f026e3abb80497e496f43718c9 pam-1.6.1-3.fc40.x86_64.rpm -5981cdaf35f2ea96236eaccf1ce476379e51e5883ce57343a7727626e9fd9da3 pam-libs-1.6.1-3.fc40.i686.rpm -fb85b93438336461a0b2b878158e552d30b6fb663404475eb0a050b35fd5d35f pam-libs-1.6.1-3.fc40.x86_64.rpm +374bd91b0fb10dd09d543a1aab6328d3801bd9a0bdfbfbf0b594ce79ab3423ce pam-1.6.1-4.fc40.x86_64.rpm +b6251990de342b9f4de8ab7360de435751c0b3e524ea6e1ad78a294d7d541483 pam-libs-1.6.1-4.fc40.i686.rpm +227f1d93b7125b5a71def58146ddaa0853bd489da6707f0564482e290e77930c pam-libs-1.6.1-4.fc40.x86_64.rpm 9bbce784622e02af0371ced8e9a7d26adba7eabd66ecfcb8bbe2d24cf616e3c1 parted-3.6-4.fc40.x86_64.rpm -f28384f2d445fdb3d4a6e1ca19d87eb0da82a61e10c878fd316429307e6fa4a8 passt-0^20240906.g6b38f07-1.fc40.x86_64.rpm -6d49aff6c1d0c15e7e1f42f464bb8524c72f1a9594057b877d66f44718b20cf7 passt-selinux-0^20240906.g6b38f07-1.fc40.noarch.rpm +02c01edaee6fe2af5174562387d530b73ee40e39dbe108ab4553de82228f6621 passt-0^20241030.gee7d0b6-1.fc40.x86_64.rpm +7909af3b8d248c344693b4f7893172d465fde6d1fb8d719f1179f8c971cb786b passt-selinux-0^20241030.gee7d0b6-1.fc40.noarch.rpm a0fb808d6b7ff8cd9cfdc1a60f213851cecdcace334d6e5aa1e0e54b81d79a25 pcre2-10.44-1.fc40.i686.rpm 73e50df09266fcffda9c24a3738f579dd365c2c187c294da054ef9915edc3851 pcre2-10.44-1.fc40.x86_64.rpm dbec699e88d42fc6fb1df0a8c0b9023941ed1b1b7625694253a612eaf9f2691d pcre2-syntax-10.44-1.fc40.noarch.rpm @@ -265,7 +265,7 @@ f796a31cad58f4ebea8787020868581d9a721297ee0ef6a7c63a7f8444f60c17 pcsc-lite-libs 5443db8875acc0c1c436dbe1ed62b776543e049b8d9c7e33198379d367814093 pigz-2.8-4.fc40.x86_64.rpm cb7c5036f1d25c696de23a6670cb64caec9945116fb0c9a93555414746ecf253 pinentry-1.3.0-2.fc40.x86_64.rpm bbb4abafa9f7664e21350b56d49af2c928288e6d4dd68c304c4ab5d45b2c8ad7 pkcs11-provider-0.3-2.fc40.x86_64.rpm -b364d3b3e7e6152ce1b27d7323bc56644213bb3589e5b4fd414cea07701c3fd6 podman-5.2.3-1.fc40.x86_64.rpm +9ef6d8fde8808edc9b099f924c194e2f63509d1ee537c424116b76ce2f5058e7 podman-5.2.5-2.fc40.x86_64.rpm 8a0ee0be826338862ecd65d04032b43122cda333ba6bb6891b2ae6aed5208832 policycoreutils-3.7-3.fc40.x86_64.rpm 30a4f9d3631aaa1280c93ce4305847a9773973aa312e1802d1cd676cb2421689 polkit-124-2.fc40.x86_64.rpm f47bc65177a8b160916c00df9c84442afa1dd353880b3c0503d5a0b052d4956c polkit-libs-124-2.fc40.x86_64.rpm @@ -308,7 +308,7 @@ c48c149f4aebfe44d649eea6f7a8eaa229dc8db71ff70b66c7403aa9bd072820 rpm-libs-4.19. 7bebda41ea91faf8cf8911a403c051eb59d444e60f8091d14d10987b713f39ff rpm-plugin-audit-4.19.1.1-1.fc40.x86_64.rpm d400a4e4440bea56566fb1e9582d86d1ac2e07745d37fa6e71f43a8fea05217c rpm-plugin-selinux-4.19.1.1-1.fc40.x86_64.rpm 9015e31297a54b708071d347b7877d885a2a97c3b18a89fa31f1481b6406eb06 rpm-sequoia-1.7.0-1.fc40.x86_64.rpm -63af9d11e956f54577a54460afda4377d78fdb9e265b1eae3f0f7a6f94f70146 runc-1.1.12-3.fc40.x86_64.rpm +bcea58cd71bc4a7a2ff993b7d9140b9c05125d726f611f5fc257e1f23440ec99 runc-1.2.1-1.fc40.x86_64.rpm 5dbd069183076ed8048c839c31f713c0f6080fb9ebfdda92ac550030688e811b sbsigntools-0.9.5-6.fc40.x86_64.rpm 6a21b2c132a54fd6d9acb846d0a96289ab739b745cdc4c2b31bdbf6b2434a1a7 sed-4.9-1.fc40.x86_64.rpm b4e188db51c7ec2d5f0cba79783eb2df7c14a92c2c6e55a9eb490d28d17d123d selinux-policy-40.29-2.fc40.noarch.rpm From e0c95a34bb2e804bd7083c9fe7185a5531b5c20a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Mon, 18 Nov 2024 16:36:32 +0100 Subject: [PATCH 357/380] ci: update workload identity provider url (#3483) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- .github/actions/login_gcp/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/login_gcp/action.yml b/.github/actions/login_gcp/action.yml index daf0e6685..640b25033 100644 --- a/.github/actions/login_gcp/action.yml +++ b/.github/actions/login_gcp/action.yml @@ -22,7 +22,7 @@ runs: - name: Authorize GCP access uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 with: - workload_identity_provider: projects/796962942582/locations/global/workloadIdentityPools/constellation-ci-pool/providers/constellation-ci-provider + workload_identity_provider: projects/1052692473304/locations/global/workloadIdentityPools/constellation-ci-pool/providers/constellation-ci-provider service_account: ${{ inputs.service_account }} # Even if preinstalled in Github Actions runner image, this setup does some magic authentication required for gsutil. From 3b23d080d775c8e561a91075777c355e3dca436f Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Wed, 20 Nov 2024 08:09:59 +0100 Subject: [PATCH 358/380] image: update measurements and image version (#3485) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index 82eb2b438..f5791c4ee 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x61, 0x89, 0x67, 0x25, 0xc1, 0xf7, 0x18, 0x5a, 0xbd, 0xda, 0x5a, 0x26, 0xc7, 0xa3, 0xbc, 0x81, 0xaa, 0x68, 0xa8, 0xec, 0xea, 0xfa, 0xd9, 0x02, 0x6a, 0xd1, 0x37, 0x2b, 0x98, 0xbe, 0x51, 0x47}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xc8, 0x6c, 0xee, 0x77, 0x63, 0x8a, 0x67, 0xd1, 0xb0, 0x82, 0xfc, 0x85, 0xe1, 0x1f, 0x8d, 0xca, 0x00, 0x2f, 0x3b, 0x38, 0x6c, 0xfa, 0xdd, 0x21, 0x47, 0x10, 0x03, 0x77, 0xb5, 0x8f, 0x9d, 0x61}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x0a, 0x95, 0x0d, 0x6d, 0xac, 0x94, 0x25, 0xa8, 0x78, 0x5e, 0xb3, 0xe2, 0x51, 0x3e, 0xaf, 0xdf, 0x98, 0xcc, 0xde, 0x4c, 0xf9, 0xe2, 0xc8, 0x75, 0x71, 0x2a, 0xc2, 0x32, 0x45, 0x44, 0xb4, 0xfe}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x9f, 0x29, 0xbf, 0xf9, 0x7f, 0xf9, 0xed, 0x4e, 0x11, 0x87, 0x95, 0x23, 0x35, 0x8a, 0x85, 0xd9, 0xd4, 0x10, 0x37, 0x1b, 0x5c, 0x12, 0x35, 0xd0, 0x0b, 0xb3, 0x82, 0x13, 0x1b, 0xc9, 0xbc, 0x43}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xc9, 0x0e, 0xbd, 0x3b, 0x44, 0x71, 0xd3, 0x10, 0x29, 0x6d, 0x97, 0xec, 0x04, 0x88, 0xac, 0x2c, 0x1d, 0x1e, 0x44, 0x64, 0xd6, 0x4e, 0x3c, 0xb0, 0xc4, 0xd0, 0xb1, 0xf0, 0x96, 0x99, 0xf0, 0xb7}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x18, 0xa5, 0x18, 0x53, 0x50, 0x63, 0xe0, 0x8f, 0xa5, 0xb9, 0xd1, 0x48, 0xc7, 0x4e, 0x84, 0xf3, 0x90, 0x28, 0x52, 0xdc, 0xa8, 0x86, 0xc5, 0x21, 0x89, 0x0b, 0xcd, 0x6f, 0xe5, 0x2c, 0xad, 0x4f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x8b, 0x12, 0xe5, 0xf9, 0x26, 0x1e, 0xd8, 0x7c, 0x0a, 0x8e, 0x4d, 0x17, 0x10, 0xa5, 0xf1, 0x40, 0xad, 0x52, 0xf3, 0xcd, 0x99, 0x18, 0x95, 0x85, 0x1e, 0x64, 0xad, 0x2d, 0x2b, 0x1f, 0xad, 0x30}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x5c, 0x99, 0xe8, 0x38, 0x68, 0x1b, 0x27, 0xee, 0x0b, 0xb9, 0xe7, 0x8f, 0xbb, 0xe2, 0xbc, 0x1d, 0x32, 0xa6, 0x72, 0x69, 0x3b, 0x56, 0x5c, 0x48, 0x7b, 0x4c, 0xe8, 0xbf, 0xda, 0xfd, 0xdd, 0xbe}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x72, 0x17, 0x57, 0x1f, 0x80, 0x4d, 0x93, 0xab, 0x93, 0xad, 0x8e, 0x7a, 0x19, 0xfe, 0x40, 0x9c, 0xf6, 0xcc, 0xfc, 0xd7, 0xaa, 0x26, 0x22, 0x55, 0x1e, 0x8a, 0xf0, 0x46, 0x68, 0x8a, 0xba, 0x83}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x40, 0x82, 0x12, 0x01, 0x53, 0xfb, 0xf5, 0xdb, 0xf2, 0x96, 0xca, 0xe4, 0xcf, 0xa8, 0x51, 0xa8, 0xd2, 0x1c, 0x19, 0x38, 0x46, 0x76, 0x94, 0x97, 0x60, 0xeb, 0x06, 0xbd, 0x92, 0xa5, 0x3f, 0x90}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x7e, 0x97, 0xea, 0x92, 0x92, 0x2f, 0x59, 0x2c, 0xed, 0xb0, 0x20, 0x68, 0x13, 0xe8, 0x3f, 0x93, 0xba, 0x2d, 0x4c, 0x35, 0xef, 0xb7, 0xcb, 0x19, 0xff, 0x08, 0xfe, 0x34, 0x5b, 0x2f, 0xae, 0xef}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x11, 0xed, 0xc5, 0xf0, 0x85, 0xed, 0xb1, 0xbd, 0xf6, 0xea, 0x24, 0x72, 0xe6, 0x52, 0x15, 0xf7, 0x42, 0x64, 0x65, 0xa4, 0x7a, 0x60, 0x62, 0xa3, 0x92, 0xd2, 0xd4, 0xcf, 0x24, 0x02, 0x67, 0x40}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x8a, 0x93, 0x3f, 0x00, 0x90, 0x4e, 0xd1, 0x37, 0x28, 0xf0, 0x55, 0x6f, 0xb8, 0x59, 0xab, 0x8a, 0xeb, 0x31, 0x9a, 0x1a, 0x06, 0xa0, 0xd7, 0x22, 0xe9, 0xbe, 0xcd, 0x51, 0x62, 0x81, 0x5b, 0xea}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x2f, 0xe9, 0xc4, 0x70, 0x0d, 0x9f, 0x92, 0xb2, 0x67, 0x00, 0x81, 0xd9, 0xb4, 0x79, 0x14, 0x03, 0x91, 0x00, 0xc3, 0x85, 0x48, 0x9c, 0xfe, 0xbe, 0x56, 0x40, 0xf9, 0x2f, 0x07, 0x98, 0x9a, 0x53}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x6c, 0x30, 0x4e, 0xca, 0x55, 0xb1, 0xb8, 0xb4, 0xcf, 0xd1, 0x87, 0x42, 0xe0, 0x12, 0x60, 0xba, 0x0c, 0x10, 0xd6, 0x20, 0xf9, 0x74, 0x69, 0x57, 0x20, 0xb1, 0xfc, 0xec, 0xd0, 0x4e, 0xae, 0x7d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xf5, 0xc0, 0x47, 0xf4, 0x55, 0x08, 0x76, 0x5b, 0x9a, 0x6f, 0x59, 0x18, 0x8d, 0x1f, 0x1d, 0xb7, 0x18, 0x62, 0x6e, 0x7c, 0xe4, 0x75, 0x96, 0x78, 0x5b, 0x0e, 0x5a, 0x8b, 0x85, 0xdf, 0xc4, 0xab}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb2, 0x25, 0xa7, 0xc0, 0xd0, 0x3e, 0x95, 0x1a, 0x11, 0x70, 0x61, 0x51, 0xbf, 0xde, 0x60, 0x3c, 0x90, 0xe4, 0x85, 0xde, 0x89, 0x28, 0xd1, 0xcd, 0x8a, 0x84, 0xf6, 0xe1, 0x5e, 0x60, 0x66, 0x75}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe2, 0x00, 0xd4, 0x41, 0x19, 0x6a, 0x71, 0x3f, 0x6f, 0x5e, 0x0e, 0x8e, 0x9e, 0x3a, 0xe3, 0x53, 0x0e, 0xf1, 0xeb, 0xce, 0xea, 0x2c, 0xe1, 0x31, 0xfe, 0x79, 0x55, 0x5a, 0x25, 0x06, 0xb5, 0xe1}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x02, 0xc5, 0xf4, 0xf5, 0xfb, 0xce, 0x1f, 0x19, 0xae, 0xff, 0x8d, 0x97, 0xdb, 0xf8, 0x34, 0xda, 0x12, 0x90, 0x09, 0xa6, 0x36, 0x11, 0x95, 0xd5, 0x67, 0xc9, 0xa4, 0xdf, 0x7a, 0x0d, 0x59, 0x1d}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xdc, 0x9b, 0x23, 0x82, 0x22, 0xaa, 0x01, 0x8e, 0x01, 0xa0, 0x11, 0xc8, 0x0c, 0x3c, 0x1c, 0x14, 0x42, 0x0e, 0x3e, 0xcf, 0xf4, 0x01, 0xdf, 0xc6, 0x0f, 0xd4, 0x40, 0x3c, 0xc0, 0xae, 0xb7, 0xb4}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x0e, 0xad, 0xf7, 0xbc, 0xc6, 0x82, 0xff, 0xa6, 0xb1, 0x02, 0x03, 0xe2, 0xf5, 0x99, 0x3b, 0xe1, 0xc7, 0x3f, 0xc1, 0x3f, 0x5e, 0x02, 0x9e, 0xab, 0xab, 0x2e, 0x00, 0x5f, 0x3f, 0xb0, 0xfd, 0x2f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xf0, 0x92, 0x33, 0xc9, 0xce, 0x47, 0xd0, 0xcf, 0xf8, 0x53, 0x4d, 0x6b, 0xa9, 0xc6, 0x6a, 0xcb, 0xf1, 0xd4, 0x42, 0x7b, 0x12, 0xb0, 0x2e, 0xd4, 0x9d, 0x40, 0xd9, 0xeb, 0xb1, 0x27, 0xb3, 0x3e}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x81, 0xe8, 0x95, 0x6e, 0x59, 0xb8, 0x68, 0x71, 0x86, 0x80, 0x6c, 0x30, 0x10, 0xfb, 0x2e, 0x5d, 0x4a, 0xab, 0x10, 0xe9, 0x8e, 0x89, 0x05, 0x59, 0x6b, 0xe5, 0x11, 0x06, 0xb6, 0xae, 0xb3, 0xe2}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd6, 0x73, 0xf9, 0x34, 0xdc, 0xfe, 0x77, 0x5a, 0xfd, 0x2a, 0x13, 0x9d, 0xd1, 0xff, 0x32, 0x45, 0xcc, 0xc7, 0x63, 0x6c, 0x7e, 0x93, 0x11, 0x6b, 0xed, 0xae, 0xa4, 0x2b, 0xf3, 0x17, 0xf1, 0xf1}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x41, 0x80, 0x03, 0x10, 0x1f, 0x1b, 0x90, 0x5d, 0xd9, 0x9e, 0x71, 0x00, 0xb8, 0xa8, 0x95, 0x0e, 0x96, 0x98, 0x14, 0xfe, 0x70, 0xe3, 0x64, 0x7d, 0x00, 0x8c, 0xa4, 0x67, 0x72, 0x1b, 0x6a, 0xe8}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xcf, 0xba, 0x6c, 0x57, 0x88, 0x9d, 0x51, 0xf3, 0x3c, 0x10, 0x58, 0x54, 0x44, 0xe3, 0x3e, 0x6c, 0x52, 0x05, 0x62, 0xfd, 0xf8, 0xe2, 0x4f, 0x95, 0x54, 0x64, 0x81, 0xc3, 0x34, 0xe7, 0x60, 0x72}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xee, 0xc0, 0xa7, 0x7c, 0x67, 0xa7, 0x71, 0x43, 0xa4, 0x70, 0x5b, 0x9f, 0x61, 0x08, 0x4d, 0x05, 0xe1, 0xcc, 0x40, 0x14, 0xdb, 0x07, 0x9f, 0x0d, 0x80, 0x4d, 0x44, 0x8e, 0x4b, 0x7b, 0x3a, 0xf7}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x7b, 0xfa, 0x08, 0x31, 0xa4, 0xa6, 0xd4, 0x4f, 0x18, 0x58, 0x9a, 0xd8, 0x80, 0x93, 0x2c, 0x6d, 0x71, 0x0a, 0xe0, 0xfe, 0xed, 0x64, 0xc4, 0x7d, 0xe8, 0x7f, 0x0d, 0x40, 0xd9, 0x5c, 0xc1, 0x82}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd1, 0x5b, 0x71, 0xcd, 0x1a, 0x7c, 0x4b, 0x4c, 0x9c, 0x28, 0xb2, 0x74, 0xc4, 0x61, 0x5a, 0x50, 0x3e, 0x00, 0x24, 0x22, 0x36, 0xe6, 0x6a, 0xc6, 0x8b, 0x98, 0xa2, 0xd4, 0x26, 0x9a, 0x21, 0x19}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xf3, 0x28, 0x17, 0x0e, 0xce, 0x57, 0x37, 0xb2, 0x11, 0xc7, 0x9d, 0xa9, 0x07, 0x8d, 0xca, 0xd0, 0x70, 0x28, 0xab, 0xca, 0x01, 0xab, 0xc4, 0x22, 0xb1, 0xe1, 0xf2, 0x5a, 0x8b, 0xee, 0xe3, 0x1a}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0x7e, 0xa0, 0x52, 0x81, 0x76, 0x8d, 0xa3, 0xa3, 0xcd, 0xfa, 0xcc, 0x56, 0x9c, 0x03, 0xad, 0x3a, 0x35, 0x5a, 0x3b, 0xab, 0xe0, 0xf8, 0x83, 0xbf, 0xc4, 0xa1, 0x96, 0xec, 0xf7, 0xd2, 0xf9, 0x61}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x38, 0xc9, 0xf9, 0x7f, 0x17, 0xf8, 0x8b, 0x58, 0x48, 0x5a, 0x17, 0xef, 0x18, 0x4c, 0x93, 0x4e, 0x36, 0x13, 0x5a, 0xf6, 0xb3, 0xd3, 0xfa, 0x01, 0x40, 0x4f, 0xe1, 0xbd, 0x28, 0x03, 0xc5, 0x2b}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xca, 0xb7, 0xaa, 0x36, 0x7b, 0x1f, 0x5f, 0xa4, 0x96, 0x94, 0x1b, 0x80, 0xa7, 0x8d, 0xc7, 0x4e, 0xd2, 0x27, 0xce, 0x7b, 0x4e, 0x01, 0x24, 0xa5, 0x26, 0x36, 0x7e, 0x7b, 0x4e, 0xd7, 0x6b, 0x8a}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x3b, 0xc5, 0x7c, 0x34, 0x53, 0x0a, 0x6c, 0x52, 0x00, 0x60, 0xc7, 0xea, 0x73, 0x16, 0x82, 0xfb, 0x45, 0x59, 0xfe, 0x72, 0x1f, 0xcd, 0x88, 0x37, 0xd0, 0xba, 0x2d, 0x4a, 0x45, 0x07, 0x9b, 0x45}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xcc, 0x1b, 0xcf, 0x16, 0x13, 0x9f, 0x97, 0xe1, 0x41, 0xc5, 0xa7, 0xc8, 0xb6, 0xea, 0x66, 0x61, 0x9e, 0x7d, 0x27, 0xb3, 0xea, 0x36, 0x96, 0x60, 0x75, 0x15, 0x88, 0x7d, 0xe6, 0xb1, 0xe3, 0x21}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x21, 0x1e, 0x5e, 0x91, 0x36, 0x24, 0x68, 0x36, 0x74, 0xa9, 0x27, 0xe7, 0x47, 0x1d, 0x1c, 0x10, 0xb2, 0xbe, 0x12, 0xb9, 0xe3, 0x11, 0x7e, 0xf8, 0x43, 0xcd, 0x73, 0xfd, 0x10, 0x61, 0x02, 0x3e}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x38, 0x88, 0x4f, 0xb9, 0x70, 0x16, 0x43, 0x3d, 0x8d, 0xc4, 0xe8, 0xf8, 0x7f, 0xdc, 0x13, 0x69, 0xf4, 0xed, 0x2c, 0x0b, 0x5c, 0xa7, 0x6f, 0xaa, 0x49, 0xae, 0xc5, 0x91, 0x41, 0x22, 0xd5, 0xd4}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xbc, 0x73, 0xb2, 0xea, 0xba, 0xc9, 0x5d, 0xf9, 0x4c, 0x92, 0x71, 0x70, 0x7f, 0x36, 0x82, 0x57, 0xd4, 0x36, 0x49, 0x5d, 0xdc, 0x42, 0x4a, 0xe2, 0x19, 0x2b, 0xbe, 0xf7, 0x23, 0xb8, 0x63, 0xcb}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x55, 0xe7, 0x64, 0x71, 0xb6, 0x18, 0x36, 0x42, 0x6c, 0x37, 0x95, 0xa2, 0xf1, 0x03, 0x1b, 0xa0, 0x65, 0x08, 0xca, 0xb1, 0x1e, 0x4c, 0x44, 0xe7, 0xa8, 0xe9, 0x7d, 0x52, 0x09, 0xac, 0x78, 0x87}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0xa2, 0xc8, 0x60, 0x6a, 0x6e, 0x4a, 0x9b, 0xd1, 0xd6, 0x88, 0x65, 0x3b, 0xb5, 0x40, 0x37, 0x8c, 0xb7, 0xdb, 0xf2, 0x86, 0x68, 0x4b, 0xf7, 0x6d, 0xf7, 0xab, 0x1b, 0xd7, 0xa5, 0xb6, 0xfe, 0xd8}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x36, 0x95, 0x4d, 0xe1, 0x55, 0x7c, 0x94, 0x4a, 0x6c, 0xd8, 0xca, 0xad, 0x73, 0x35, 0xf1, 0x5d, 0x4e, 0x18, 0x22, 0x62, 0xd0, 0xdf, 0x2c, 0x5b, 0x4f, 0x39, 0x06, 0x4a, 0xe0, 0x99, 0xca, 0x19}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x8b, 0x44, 0xc5, 0x81, 0x1b, 0xa5, 0x3e, 0x60, 0x3f, 0xe9, 0x82, 0x93, 0x1a, 0x17, 0x6c, 0x14, 0xc8, 0x28, 0x9c, 0x73, 0xbe, 0x15, 0xe6, 0x15, 0xa3, 0xe5, 0xd9, 0x02, 0x66, 0x9e, 0x9e, 0x5b}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0x2a, 0x55, 0x40, 0x35, 0x8f, 0xf9, 0xc9, 0x23, 0xdf, 0x98, 0x31, 0x61, 0x36, 0xd2, 0xce, 0x27, 0xd4, 0x96, 0xd1, 0x92, 0x40, 0x48, 0x55, 0x06, 0xfb, 0x35, 0x02, 0x8c, 0x5a, 0xba, 0x80, 0x50}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x86, 0xa1, 0xb7, 0xb3, 0x08, 0x3c, 0xc5, 0x34, 0x9e, 0x75, 0x5d, 0xf5, 0xe1, 0x05, 0x34, 0x7d, 0xb3, 0x68, 0x7b, 0x30, 0x0c, 0xe2, 0x2d, 0x4f, 0x79, 0xb4, 0x1d, 0x6a, 0x94, 0xdd, 0xf5, 0x2a}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x37, 0xb2, 0x75, 0xc8, 0xfa, 0x32, 0xd4, 0xd4, 0xb8, 0x16, 0xb1, 0x3a, 0xbf, 0xc6, 0x74, 0x97, 0x4e, 0xd2, 0x86, 0xfe, 0x7f, 0x64, 0xe4, 0xd9, 0xde, 0x36, 0x68, 0x4c, 0x26, 0xd8, 0x54, 0xd9}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0x5c, 0x9d, 0xdc, 0x8c, 0x48, 0x5e, 0xe5, 0x67, 0xb0, 0x37, 0xdb, 0x47, 0xa5, 0x69, 0xa6, 0x16, 0x2c, 0xc2, 0xc2, 0xb6, 0x1e, 0x85, 0xd7, 0x62, 0x8c, 0xf5, 0x41, 0x48, 0x88, 0x57, 0x7e, 0xbf}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd5, 0xd4, 0xdd, 0x66, 0x1b, 0x1a, 0x03, 0xdd, 0xad, 0x86, 0xcb, 0x35, 0x9d, 0xae, 0x6a, 0xd9, 0xad, 0x58, 0x02, 0xef, 0x19, 0xa6, 0xae, 0xdf, 0x28, 0xa0, 0x07, 0xbf, 0xd8, 0x10, 0xfc, 0xb0}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x72, 0x1a, 0xac, 0x58, 0x65, 0x2f, 0x9f, 0xd3, 0x2b, 0x0c, 0x05, 0x45, 0x59, 0xa4, 0x01, 0x82, 0x98, 0x5b, 0x78, 0x18, 0x6e, 0x80, 0x70, 0xba, 0xd9, 0x4f, 0xc4, 0x02, 0xad, 0xf9, 0xb2, 0x62}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index 2bc8f9367..7be35ad68 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.20.0-pre.0.20241114085009-26da32ed9578" + defaultImage = "ref/main/stream/nightly/v2.20.0-pre.0.20241118163632-e0c95a34bb2e" ) From 173ef26f70f4b6b1449d0e11211346b467e9c8d7 Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Wed, 20 Nov 2024 09:09:20 +0100 Subject: [PATCH 359/380] ci: pin nix version to 2.25.2 (#3484) * ci: pin nix version to 2.25.2 * bazel: update stale lock file --- .github/actions/setup_bazel_nix/action.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/actions/setup_bazel_nix/action.yml b/.github/actions/setup_bazel_nix/action.yml index 434bf51d9..87a2d1802 100644 --- a/.github/actions/setup_bazel_nix/action.yml +++ b/.github/actions/setup_bazel_nix/action.yml @@ -114,6 +114,8 @@ runs: - name: Install nix if: steps.check_inputs.outputs.nixPreinstalled == 'false' uses: cachix/install-nix-action@08dcb3a5e62fa31e2da3d490afc4176ef55ecd72 # v30 + with: + install_url: "https://releases.nixos.org/nix/nix-2.25.2/install" - name: Set $USER if not set shell: bash From d874b5b5f4aae30fc228e5ef6117fad71a4f742a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Wed, 20 Nov 2024 09:39:51 +0100 Subject: [PATCH 360/380] deps: use forked google/go-sev-guest to support v3 AMD SEV-SNP attestation reports (#3487) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- go.mod | 4 +++- go.sum | 7 ++----- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index e8f19b641..def6ff077 100644 --- a/go.mod +++ b/go.mod @@ -5,6 +5,9 @@ go 1.23.2 // TODO(daniel-weisse): revert after merging https://github.com/martinjungblut/go-cryptsetup/pull/16. replace github.com/martinjungblut/go-cryptsetup => github.com/daniel-weisse/go-cryptsetup v0.0.0-20230705150314-d8c07bd1723c +// TODO(daniel-weisse): revert after merging https://github.com/google/go-sev-guest/pull/141 +replace github.com/google/go-sev-guest => github.com/daniel-weisse/go-sev-guest v0.0.0-20241119094629-5e3e5f5cbfed + // Kubernetes replace directives are required because we depend on k8s.io/kubernetes/cmd/kubeadm // k8s discourages usage of k8s.io/kubernetes as a dependency, but no external staging repositories for kubeadm exist. // Our code does not actually depend on these packages, but `go mod download` breaks without this replace directive. @@ -326,7 +329,6 @@ require ( github.com/opencontainers/runc v1.1.13 // indirect github.com/opencontainers/runtime-spec v1.2.0 // indirect github.com/opentracing/opentracing-go v1.2.0 // indirect - github.com/pborman/uuid v1.2.1 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect diff --git a/go.sum b/go.sum index f187cdfa8..26266e840 100644 --- a/go.sum +++ b/go.sum @@ -258,6 +258,8 @@ github.com/cyphar/filepath-securejoin v0.3.1 h1:1V7cHiaW+C+39wEfpH6XlLBQo3j/PciW github.com/cyphar/filepath-securejoin v0.3.1/go.mod h1:F7i41x/9cBF7lzCrVsYs9fuzwRZm4NQsGTBdpp6mETc= github.com/daniel-weisse/go-cryptsetup v0.0.0-20230705150314-d8c07bd1723c h1:ToajP6trZoiqlZ3Z4uoG1P02/wtqSw1AcowOXOYjATk= github.com/daniel-weisse/go-cryptsetup v0.0.0-20230705150314-d8c07bd1723c/go.mod h1:gZoZ0+POlM1ge/VUxWpMmZVNPzzMJ7l436CgkQ5+qzU= +github.com/daniel-weisse/go-sev-guest v0.0.0-20241119094629-5e3e5f5cbfed h1:GU69wqX8D/EvBYvL+cubkdCrilWioZIrNzINP0t2gaY= +github.com/daniel-weisse/go-sev-guest v0.0.0-20241119094629-5e3e5f5cbfed/go.mod h1:8+UOtSaqVIZjJJ9DDmgRko3J/kNc6jI5KLHxoeao7cA= github.com/danieljoos/wincred v1.2.0 h1:ozqKHaLK0W/ii4KVbbvluM91W2H3Sh0BncbUNPS7jLE= github.com/danieljoos/wincred v1.2.0/go.mod h1:FzQLLMKBFdvu+osBrnFODiv32YGwCfx0SkRa/eYHgec= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -452,8 +454,6 @@ github.com/google/go-configfs-tsm v0.2.2 h1:YnJ9rXIOj5BYD7/0DNnzs8AOp7UcvjfTvt21 github.com/google/go-configfs-tsm v0.2.2/go.mod h1:EL1GTDFMb5PZQWDviGfZV9n87WeGTR/JUg13RfwkgRo= github.com/google/go-containerregistry v0.20.2 h1:B1wPJ1SN/S7pB+ZAimcciVD+r+yV/l/DSArMxlbwseo= github.com/google/go-containerregistry v0.20.2/go.mod h1:z38EKdKh4h7IP2gSfUUqEvalZBqs6AoLeWfUy34nQC8= -github.com/google/go-sev-guest v0.11.1 h1:gnww4U8fHV5DCPz4gykr1s8SEX1fFNcxCBy+vvXN24k= -github.com/google/go-sev-guest v0.11.1/go.mod h1:qBOfb+JmgsUI3aUyzQoGC13Kpp9zwLeWvuyXmA9q77w= github.com/google/go-tdx-guest v0.3.1 h1:gl0KvjdsD4RrJzyLefDOvFOUH3NAJri/3qvaL5m83Iw= github.com/google/go-tdx-guest v0.3.1/go.mod h1:/rc3d7rnPykOPuY8U9saMyEps0PZDThLk/RygXm04nE= github.com/google/go-tpm v0.9.1 h1:0pGc4X//bAlmZzMKf8iz6IsDo1nYTbYJ6FZN/rg4zdM= @@ -475,7 +475,6 @@ github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= -github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= @@ -715,8 +714,6 @@ github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs= github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= -github.com/pborman/uuid v1.2.1 h1:+ZZIw58t/ozdjRaXh/3awHfmWRbzYxJoAdNJxe/3pvw= -github.com/pborman/uuid v1.2.1/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI= From 521ff0d14c6fd003c7df8cc77511718cac4fb0f2 Mon Sep 17 00:00:00 2001 From: 3u13r Date: Wed, 20 Nov 2024 18:34:25 +0100 Subject: [PATCH 361/380] Pin crane and npm dependencies (#3477) * ci: pin crane dependency * docs: pin npm dependencies * deps: bump docusaurus --------- Co-authored-by: Thomas Tendyck --- .github/workflows/build-ccm-gcp.yml | 2 +- .github/workflows/release.yml | 2 +- docs/.gitignore | 1 - docs/README.md | 2 +- docs/package-lock.json | 19660 ++++++++++++++++ docs/package.json | 28 +- .../version-2.6/overview/performance.md | 2 +- .../version-2.7/overview/performance.md | 2 +- .../version-2.8/overview/performance.md | 2 +- 9 files changed, 19680 insertions(+), 21 deletions(-) create mode 100644 docs/package-lock.json diff --git a/.github/workflows/build-ccm-gcp.yml b/.github/workflows/build-ccm-gcp.yml index 3b3c21c54..6446f9fdc 100644 --- a/.github/workflows/build-ccm-gcp.yml +++ b/.github/workflows/build-ccm-gcp.yml @@ -36,7 +36,7 @@ jobs: - name: Install Crane run: | - go install github.com/google/go-containerregistry/cmd/crane@latest + go install github.com/google/go-containerregistry/cmd/crane@c195f151efe3369874c72662cd69ad43ee485128 # v0.20.2 - name: Find versions id: find-versions diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f6b14fb94..63c29d933 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -92,7 +92,7 @@ jobs: - name: Create docs release working-directory: docs run: | - npm install + npm ci npm run docusaurus docs:version "${MAJOR_MINOR}" - name: Create docs pull request diff --git a/docs/.gitignore b/docs/.gitignore index b2db0247a..ef904e99f 100644 --- a/docs/.gitignore +++ b/docs/.gitignore @@ -1,4 +1,3 @@ node_modules -package-lock.json .docusaurus build/ \ No newline at end of file diff --git a/docs/README.md b/docs/README.md index dea229064..4814729e9 100644 --- a/docs/README.md +++ b/docs/README.md @@ -8,7 +8,7 @@ During edits you can preview your changes using the [`docusaurus`](https://docus ```sh # requires node >=16.14 -npm install +npm ci # Install pinned dependencies npm run build npm run serve ``` diff --git a/docs/package-lock.json b/docs/package-lock.json new file mode 100644 index 000000000..300d928d7 --- /dev/null +++ b/docs/package-lock.json @@ -0,0 +1,19660 @@ +{ + "name": "constellation-docs", + "version": "2.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "constellation-docs", + "version": "2.0.0", + "dependencies": { + "@cmfcmf/docusaurus-search-local": "1.2.0", + "@docusaurus/core": "3.6.2", + "@docusaurus/plugin-google-gtag": "3.6.2", + "@docusaurus/preset-classic": "3.6.2", + "@docusaurus/theme-mermaid": "3.6.2", + "@mdx-js/react": "3.1.0", + "asciinema-player": "3.8.1", + "clsx": "2.1.1", + "prism-react-renderer": "2.4.0", + "react": "18.3.1", + "react-dom": "18.3.1" + }, + "devDependencies": { + "@docusaurus/module-type-aliases": "3.6.2", + "@docusaurus/types": "3.6.2" + }, + "engines": { + "node": ">=16.14" + } + }, + "node_modules/@algolia/autocomplete-core": { + "version": "1.17.7", + "resolved": "https://registry.npmjs.org/@algolia/autocomplete-core/-/autocomplete-core-1.17.7.tgz", + "integrity": "sha512-BjiPOW6ks90UKl7TwMv7oNQMnzU+t/wk9mgIDi6b1tXpUek7MW0lbNOUHpvam9pe3lVCf4xPFT+lK7s+e+fs7Q==", + "license": "MIT", + "dependencies": { + "@algolia/autocomplete-plugin-algolia-insights": "1.17.7", + "@algolia/autocomplete-shared": "1.17.7" + } + }, + "node_modules/@algolia/autocomplete-js": { + "version": "1.17.7", + "resolved": "https://registry.npmjs.org/@algolia/autocomplete-js/-/autocomplete-js-1.17.7.tgz", + "integrity": "sha512-4rCCg2B5x6GYzLfDZ3QipWydznbaMjoIwNSEbjpJ9cd/0+4nDpRWuBPxgOSsGmE4BFEor2iwQw4uCY6RrBdpjA==", + "license": "MIT", + "dependencies": { + "@algolia/autocomplete-core": "1.17.7", + "@algolia/autocomplete-preset-algolia": "1.17.7", + "@algolia/autocomplete-shared": "1.17.7", + "htm": "^3.1.1", + "preact": "^10.13.2" + }, + "peerDependencies": { + "@algolia/client-search": ">= 4.5.1 < 6", + "algoliasearch": ">= 4.9.1 < 6" + } + }, + "node_modules/@algolia/autocomplete-plugin-algolia-insights": { + "version": "1.17.7", + "resolved": "https://registry.npmjs.org/@algolia/autocomplete-plugin-algolia-insights/-/autocomplete-plugin-algolia-insights-1.17.7.tgz", + "integrity": "sha512-Jca5Ude6yUOuyzjnz57og7Et3aXjbwCSDf/8onLHSQgw1qW3ALl9mrMWaXb5FmPVkV3EtkD2F/+NkT6VHyPu9A==", + "license": "MIT", + "dependencies": { + "@algolia/autocomplete-shared": "1.17.7" + }, + "peerDependencies": { + "search-insights": ">= 1 < 3" + } + }, + "node_modules/@algolia/autocomplete-preset-algolia": { + "version": "1.17.7", + "resolved": "https://registry.npmjs.org/@algolia/autocomplete-preset-algolia/-/autocomplete-preset-algolia-1.17.7.tgz", + "integrity": "sha512-ggOQ950+nwbWROq2MOCIL71RE0DdQZsceqrg32UqnhDz8FlO9rL8ONHNsI2R1MH0tkgVIDKI/D0sMiUchsFdWA==", + "license": "MIT", + "dependencies": { + "@algolia/autocomplete-shared": "1.17.7" + }, + "peerDependencies": { + "@algolia/client-search": ">= 4.9.1 < 6", + "algoliasearch": ">= 4.9.1 < 6" + } + }, + "node_modules/@algolia/autocomplete-shared": { + "version": "1.17.7", + "resolved": "https://registry.npmjs.org/@algolia/autocomplete-shared/-/autocomplete-shared-1.17.7.tgz", + "integrity": "sha512-o/1Vurr42U/qskRSuhBH+VKxMvkkUVTLU6WZQr+L5lGZZLYWyhdzWjW0iGXY7EkwRTjBqvN2EsR81yCTGV/kmg==", + "license": "MIT", + "peerDependencies": { + "@algolia/client-search": ">= 4.9.1 < 6", + "algoliasearch": ">= 4.9.1 < 6" + } + }, + "node_modules/@algolia/autocomplete-theme-classic": { + "version": "1.17.7", + "resolved": "https://registry.npmjs.org/@algolia/autocomplete-theme-classic/-/autocomplete-theme-classic-1.17.7.tgz", + "integrity": "sha512-8sxnzRCPxyKZJxbG7EUpV/3AssQOjn+Zq/nvzks+BwbkAcpiLRBsXjvlIIsV4l36bZ+/Ri++ttAflGDPrRfn1A==", + "license": "MIT" + }, + "node_modules/@algolia/cache-browser-local-storage": { + "version": "4.24.0", + "resolved": "https://registry.npmjs.org/@algolia/cache-browser-local-storage/-/cache-browser-local-storage-4.24.0.tgz", + "integrity": "sha512-t63W9BnoXVrGy9iYHBgObNXqYXM3tYXCjDSHeNwnsc324r4o5UiVKUiAB4THQ5z9U5hTj6qUvwg/Ez43ZD85ww==", + "license": "MIT", + "dependencies": { + "@algolia/cache-common": "4.24.0" + } + }, + "node_modules/@algolia/cache-common": { + "version": "4.24.0", + "resolved": "https://registry.npmjs.org/@algolia/cache-common/-/cache-common-4.24.0.tgz", + "integrity": "sha512-emi+v+DmVLpMGhp0V9q9h5CdkURsNmFC+cOS6uK9ndeJm9J4TiqSvPYVu+THUP8P/S08rxf5x2P+p3CfID0Y4g==", + "license": "MIT" + }, + "node_modules/@algolia/cache-in-memory": { + "version": "4.24.0", + "resolved": "https://registry.npmjs.org/@algolia/cache-in-memory/-/cache-in-memory-4.24.0.tgz", + "integrity": "sha512-gDrt2so19jW26jY3/MkFg5mEypFIPbPoXsQGQWAi6TrCPsNOSEYepBMPlucqWigsmEy/prp5ug2jy/N3PVG/8w==", + "license": "MIT", + "dependencies": { + "@algolia/cache-common": "4.24.0" + } + }, + "node_modules/@algolia/client-abtesting": { + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@algolia/client-abtesting/-/client-abtesting-5.15.0.tgz", + "integrity": "sha512-FaEM40iuiv1mAipYyiptP4EyxkJ8qHfowCpEeusdHUC4C7spATJYArD2rX3AxkVeREkDIgYEOuXcwKUbDCr7Nw==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.15.0", + "@algolia/requester-browser-xhr": "5.15.0", + "@algolia/requester-fetch": "5.15.0", + "@algolia/requester-node-http": "5.15.0" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-abtesting/node_modules/@algolia/client-common": { + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@algolia/client-common/-/client-common-5.15.0.tgz", + "integrity": "sha512-IofrVh213VLsDkPoSKMeM9Dshrv28jhDlBDLRcVJQvlL8pzue7PEB1EZ4UoJFYS3NSn7JOcJ/V+olRQzXlJj1w==", + "license": "MIT", + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-abtesting/node_modules/@algolia/requester-browser-xhr": { + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@algolia/requester-browser-xhr/-/requester-browser-xhr-5.15.0.tgz", + "integrity": "sha512-Po/GNib6QKruC3XE+WKP1HwVSfCDaZcXu48kD+gwmtDlqHWKc7Bq9lrS0sNZ456rfCKhXksOmMfUs4wRM/Y96w==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.15.0" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-abtesting/node_modules/@algolia/requester-node-http": { + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@algolia/requester-node-http/-/requester-node-http-5.15.0.tgz", + "integrity": "sha512-b1jTpbFf9LnQHEJP5ddDJKE2sAlhYd7EVSOWgzo/27n/SfCoHfqD0VWntnWYD83PnOKvfe8auZ2+xCb0TXotrQ==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.15.0" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-account": { + "version": "4.24.0", + "resolved": "https://registry.npmjs.org/@algolia/client-account/-/client-account-4.24.0.tgz", + "integrity": "sha512-adcvyJ3KjPZFDybxlqnf+5KgxJtBjwTPTeyG2aOyoJvx0Y8dUQAEOEVOJ/GBxX0WWNbmaSrhDURMhc+QeevDsA==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "4.24.0", + "@algolia/client-search": "4.24.0", + "@algolia/transporter": "4.24.0" + } + }, + "node_modules/@algolia/client-analytics": { + "version": "4.24.0", + "resolved": "https://registry.npmjs.org/@algolia/client-analytics/-/client-analytics-4.24.0.tgz", + "integrity": "sha512-y8jOZt1OjwWU4N2qr8G4AxXAzaa8DBvyHTWlHzX/7Me1LX8OayfgHexqrsL4vSBcoMmVw2XnVW9MhL+Y2ZDJXg==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "4.24.0", + "@algolia/client-search": "4.24.0", + "@algolia/requester-common": "4.24.0", + "@algolia/transporter": "4.24.0" + } + }, + "node_modules/@algolia/client-common": { + "version": "4.24.0", + "resolved": "https://registry.npmjs.org/@algolia/client-common/-/client-common-4.24.0.tgz", + "integrity": "sha512-bc2ROsNL6w6rqpl5jj/UywlIYC21TwSSoFHKl01lYirGMW+9Eek6r02Tocg4gZ8HAw3iBvu6XQiM3BEbmEMoiA==", + "license": "MIT", + "dependencies": { + "@algolia/requester-common": "4.24.0", + "@algolia/transporter": "4.24.0" + } + }, + "node_modules/@algolia/client-insights": { + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@algolia/client-insights/-/client-insights-5.15.0.tgz", + "integrity": "sha512-bDDEQGfFidDi0UQUCbxXOCdphbVAgbVmxvaV75cypBTQkJ+ABx/Npw7LkFGw1FsoVrttlrrQbwjvUB6mLVKs/w==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.15.0", + "@algolia/requester-browser-xhr": "5.15.0", + "@algolia/requester-fetch": "5.15.0", + "@algolia/requester-node-http": "5.15.0" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-insights/node_modules/@algolia/client-common": { + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@algolia/client-common/-/client-common-5.15.0.tgz", + "integrity": "sha512-IofrVh213VLsDkPoSKMeM9Dshrv28jhDlBDLRcVJQvlL8pzue7PEB1EZ4UoJFYS3NSn7JOcJ/V+olRQzXlJj1w==", + "license": "MIT", + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-insights/node_modules/@algolia/requester-browser-xhr": { + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@algolia/requester-browser-xhr/-/requester-browser-xhr-5.15.0.tgz", + "integrity": "sha512-Po/GNib6QKruC3XE+WKP1HwVSfCDaZcXu48kD+gwmtDlqHWKc7Bq9lrS0sNZ456rfCKhXksOmMfUs4wRM/Y96w==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.15.0" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-insights/node_modules/@algolia/requester-node-http": { + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@algolia/requester-node-http/-/requester-node-http-5.15.0.tgz", + "integrity": "sha512-b1jTpbFf9LnQHEJP5ddDJKE2sAlhYd7EVSOWgzo/27n/SfCoHfqD0VWntnWYD83PnOKvfe8auZ2+xCb0TXotrQ==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.15.0" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-personalization": { + "version": "4.24.0", + "resolved": "https://registry.npmjs.org/@algolia/client-personalization/-/client-personalization-4.24.0.tgz", + "integrity": "sha512-l5FRFm/yngztweU0HdUzz1rC4yoWCFo3IF+dVIVTfEPg906eZg5BOd1k0K6rZx5JzyyoP4LdmOikfkfGsKVE9w==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "4.24.0", + "@algolia/requester-common": "4.24.0", + "@algolia/transporter": "4.24.0" + } + }, + "node_modules/@algolia/client-query-suggestions": { + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@algolia/client-query-suggestions/-/client-query-suggestions-5.15.0.tgz", + "integrity": "sha512-wu8GVluiZ5+il8WIRsGKu8VxMK9dAlr225h878GGtpTL6VBvwyJvAyLdZsfFIpY0iN++jiNb31q2C1PlPL+n/A==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.15.0", + "@algolia/requester-browser-xhr": "5.15.0", + "@algolia/requester-fetch": "5.15.0", + "@algolia/requester-node-http": "5.15.0" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-query-suggestions/node_modules/@algolia/client-common": { + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@algolia/client-common/-/client-common-5.15.0.tgz", + "integrity": "sha512-IofrVh213VLsDkPoSKMeM9Dshrv28jhDlBDLRcVJQvlL8pzue7PEB1EZ4UoJFYS3NSn7JOcJ/V+olRQzXlJj1w==", + "license": "MIT", + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-query-suggestions/node_modules/@algolia/requester-browser-xhr": { + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@algolia/requester-browser-xhr/-/requester-browser-xhr-5.15.0.tgz", + "integrity": "sha512-Po/GNib6QKruC3XE+WKP1HwVSfCDaZcXu48kD+gwmtDlqHWKc7Bq9lrS0sNZ456rfCKhXksOmMfUs4wRM/Y96w==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.15.0" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-query-suggestions/node_modules/@algolia/requester-node-http": { + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@algolia/requester-node-http/-/requester-node-http-5.15.0.tgz", + "integrity": "sha512-b1jTpbFf9LnQHEJP5ddDJKE2sAlhYd7EVSOWgzo/27n/SfCoHfqD0VWntnWYD83PnOKvfe8auZ2+xCb0TXotrQ==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.15.0" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/client-search": { + "version": "4.24.0", + "resolved": "https://registry.npmjs.org/@algolia/client-search/-/client-search-4.24.0.tgz", + "integrity": "sha512-uRW6EpNapmLAD0mW47OXqTP8eiIx5F6qN9/x/7HHO6owL3N1IXqydGwW5nhDFBrV+ldouro2W1VX3XlcUXEFCA==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "4.24.0", + "@algolia/requester-common": "4.24.0", + "@algolia/transporter": "4.24.0" + } + }, + "node_modules/@algolia/events": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/@algolia/events/-/events-4.0.1.tgz", + "integrity": "sha512-FQzvOCgoFXAbf5Y6mYozw2aj5KCJoA3m4heImceldzPSMbdyS4atVjJzXKMsfX3wnZTFYwkkt8/z8UesLHlSBQ==", + "license": "MIT" + }, + "node_modules/@algolia/ingestion": { + "version": "1.15.0", + "resolved": "https://registry.npmjs.org/@algolia/ingestion/-/ingestion-1.15.0.tgz", + "integrity": "sha512-MkqkAxBQxtQ5if/EX2IPqFA7LothghVyvPoRNA/meS2AW2qkHwcxjuiBxv4H6mnAVEPfJlhu9rkdVz9LgCBgJg==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.15.0", + "@algolia/requester-browser-xhr": "5.15.0", + "@algolia/requester-fetch": "5.15.0", + "@algolia/requester-node-http": "5.15.0" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/ingestion/node_modules/@algolia/client-common": { + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@algolia/client-common/-/client-common-5.15.0.tgz", + "integrity": "sha512-IofrVh213VLsDkPoSKMeM9Dshrv28jhDlBDLRcVJQvlL8pzue7PEB1EZ4UoJFYS3NSn7JOcJ/V+olRQzXlJj1w==", + "license": "MIT", + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/ingestion/node_modules/@algolia/requester-browser-xhr": { + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@algolia/requester-browser-xhr/-/requester-browser-xhr-5.15.0.tgz", + "integrity": "sha512-Po/GNib6QKruC3XE+WKP1HwVSfCDaZcXu48kD+gwmtDlqHWKc7Bq9lrS0sNZ456rfCKhXksOmMfUs4wRM/Y96w==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.15.0" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/ingestion/node_modules/@algolia/requester-node-http": { + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@algolia/requester-node-http/-/requester-node-http-5.15.0.tgz", + "integrity": "sha512-b1jTpbFf9LnQHEJP5ddDJKE2sAlhYd7EVSOWgzo/27n/SfCoHfqD0VWntnWYD83PnOKvfe8auZ2+xCb0TXotrQ==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.15.0" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/logger-common": { + "version": "4.24.0", + "resolved": "https://registry.npmjs.org/@algolia/logger-common/-/logger-common-4.24.0.tgz", + "integrity": "sha512-LLUNjkahj9KtKYrQhFKCzMx0BY3RnNP4FEtO+sBybCjJ73E8jNdaKJ/Dd8A/VA4imVHP5tADZ8pn5B8Ga/wTMA==", + "license": "MIT" + }, + "node_modules/@algolia/logger-console": { + "version": "4.24.0", + "resolved": "https://registry.npmjs.org/@algolia/logger-console/-/logger-console-4.24.0.tgz", + "integrity": "sha512-X4C8IoHgHfiUROfoRCV+lzSy+LHMgkoEEU1BbKcsfnV0i0S20zyy0NLww9dwVHUWNfPPxdMU+/wKmLGYf96yTg==", + "license": "MIT", + "dependencies": { + "@algolia/logger-common": "4.24.0" + } + }, + "node_modules/@algolia/monitoring": { + "version": "1.15.0", + "resolved": "https://registry.npmjs.org/@algolia/monitoring/-/monitoring-1.15.0.tgz", + "integrity": "sha512-QPrFnnGLMMdRa8t/4bs7XilPYnoUXDY8PMQJ1sf9ZFwhUysYYhQNX34/enoO0LBjpoOY6rLpha39YQEFbzgKyQ==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.15.0", + "@algolia/requester-browser-xhr": "5.15.0", + "@algolia/requester-fetch": "5.15.0", + "@algolia/requester-node-http": "5.15.0" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/monitoring/node_modules/@algolia/client-common": { + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@algolia/client-common/-/client-common-5.15.0.tgz", + "integrity": "sha512-IofrVh213VLsDkPoSKMeM9Dshrv28jhDlBDLRcVJQvlL8pzue7PEB1EZ4UoJFYS3NSn7JOcJ/V+olRQzXlJj1w==", + "license": "MIT", + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/monitoring/node_modules/@algolia/requester-browser-xhr": { + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@algolia/requester-browser-xhr/-/requester-browser-xhr-5.15.0.tgz", + "integrity": "sha512-Po/GNib6QKruC3XE+WKP1HwVSfCDaZcXu48kD+gwmtDlqHWKc7Bq9lrS0sNZ456rfCKhXksOmMfUs4wRM/Y96w==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.15.0" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/monitoring/node_modules/@algolia/requester-node-http": { + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@algolia/requester-node-http/-/requester-node-http-5.15.0.tgz", + "integrity": "sha512-b1jTpbFf9LnQHEJP5ddDJKE2sAlhYd7EVSOWgzo/27n/SfCoHfqD0VWntnWYD83PnOKvfe8auZ2+xCb0TXotrQ==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.15.0" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/recommend": { + "version": "4.24.0", + "resolved": "https://registry.npmjs.org/@algolia/recommend/-/recommend-4.24.0.tgz", + "integrity": "sha512-P9kcgerfVBpfYHDfVZDvvdJv0lEoCvzNlOy2nykyt5bK8TyieYyiD0lguIJdRZZYGre03WIAFf14pgE+V+IBlw==", + "license": "MIT", + "dependencies": { + "@algolia/cache-browser-local-storage": "4.24.0", + "@algolia/cache-common": "4.24.0", + "@algolia/cache-in-memory": "4.24.0", + "@algolia/client-common": "4.24.0", + "@algolia/client-search": "4.24.0", + "@algolia/logger-common": "4.24.0", + "@algolia/logger-console": "4.24.0", + "@algolia/requester-browser-xhr": "4.24.0", + "@algolia/requester-common": "4.24.0", + "@algolia/requester-node-http": "4.24.0", + "@algolia/transporter": "4.24.0" + } + }, + "node_modules/@algolia/requester-browser-xhr": { + "version": "4.24.0", + "resolved": "https://registry.npmjs.org/@algolia/requester-browser-xhr/-/requester-browser-xhr-4.24.0.tgz", + "integrity": "sha512-Z2NxZMb6+nVXSjF13YpjYTdvV3032YTBSGm2vnYvYPA6mMxzM3v5rsCiSspndn9rzIW4Qp1lPHBvuoKJV6jnAA==", + "license": "MIT", + "dependencies": { + "@algolia/requester-common": "4.24.0" + } + }, + "node_modules/@algolia/requester-common": { + "version": "4.24.0", + "resolved": "https://registry.npmjs.org/@algolia/requester-common/-/requester-common-4.24.0.tgz", + "integrity": "sha512-k3CXJ2OVnvgE3HMwcojpvY6d9kgKMPRxs/kVohrwF5WMr2fnqojnycZkxPoEg+bXm8fi5BBfFmOqgYztRtHsQA==", + "license": "MIT" + }, + "node_modules/@algolia/requester-fetch": { + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@algolia/requester-fetch/-/requester-fetch-5.15.0.tgz", + "integrity": "sha512-rOZ+c0P7ajmccAvpeeNrUmEKoliYFL8aOR5qGW5pFq3oj3Iept7Y5mEtEsOBYsRt6qLnaXn4zUKf+N8nvJpcIw==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.15.0" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/requester-fetch/node_modules/@algolia/client-common": { + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@algolia/client-common/-/client-common-5.15.0.tgz", + "integrity": "sha512-IofrVh213VLsDkPoSKMeM9Dshrv28jhDlBDLRcVJQvlL8pzue7PEB1EZ4UoJFYS3NSn7JOcJ/V+olRQzXlJj1w==", + "license": "MIT", + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@algolia/requester-node-http": { + "version": "4.24.0", + "resolved": "https://registry.npmjs.org/@algolia/requester-node-http/-/requester-node-http-4.24.0.tgz", + "integrity": "sha512-JF18yTjNOVYvU/L3UosRcvbPMGT9B+/GQWNWnenIImglzNVGpyzChkXLnrSf6uxwVNO6ESGu6oN8MqcGQcjQJw==", + "license": "MIT", + "dependencies": { + "@algolia/requester-common": "4.24.0" + } + }, + "node_modules/@algolia/transporter": { + "version": "4.24.0", + "resolved": "https://registry.npmjs.org/@algolia/transporter/-/transporter-4.24.0.tgz", + "integrity": "sha512-86nI7w6NzWxd1Zp9q3413dRshDqAzSbsQjhcDhPIatEFiZrL1/TjnHL8S7jVKFePlIMzDsZWXAXwXzcok9c5oA==", + "license": "MIT", + "dependencies": { + "@algolia/cache-common": "4.24.0", + "@algolia/logger-common": "4.24.0", + "@algolia/requester-common": "4.24.0" + } + }, + "node_modules/@ampproject/remapping": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.3.0.tgz", + "integrity": "sha512-30iZtAPgz+LTIYoeivqYo853f02jBYSd5uGnGpkFV0M3xOt9aN73erkgYAmZU43x4VfqcnLxW9Kpg3R5LC4YYw==", + "license": "Apache-2.0", + "dependencies": { + "@jridgewell/gen-mapping": "^0.3.5", + "@jridgewell/trace-mapping": "^0.3.24" + }, + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/@antfu/install-pkg": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/@antfu/install-pkg/-/install-pkg-0.4.1.tgz", + "integrity": "sha512-T7yB5QNG29afhWVkVq7XeIMBa5U/vs9mX69YqayXypPRmYzUmzwnYltplHmPtZ4HPCn+sQKeXW8I47wCbuBOjw==", + "license": "MIT", + "dependencies": { + "package-manager-detector": "^0.2.0", + "tinyexec": "^0.3.0" + }, + "funding": { + "url": "https://github.com/sponsors/antfu" + } + }, + "node_modules/@antfu/utils": { + "version": "0.7.10", + "resolved": "https://registry.npmjs.org/@antfu/utils/-/utils-0.7.10.tgz", + "integrity": "sha512-+562v9k4aI80m1+VuMHehNJWLOFjBnXn3tdOitzD0il5b7smkSBal4+a3oKiQTbrwMmN/TBUMDvbdoWDehgOww==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/antfu" + } + }, + "node_modules/@babel/code-frame": { + "version": "7.26.2", + "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.26.2.tgz", + "integrity": "sha512-RJlIHRueQgwWitWgF8OdFYGZX328Ax5BCemNGlqHfplnRT9ESi8JkFlvaVYbS+UubVY6dpv87Fs2u5M29iNFVQ==", + "license": "MIT", + "dependencies": { + "@babel/helper-validator-identifier": "^7.25.9", + "js-tokens": "^4.0.0", + "picocolors": "^1.0.0" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/compat-data": { + "version": "7.26.2", + "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.26.2.tgz", + "integrity": "sha512-Z0WgzSEa+aUcdiJuCIqgujCshpMWgUpgOxXotrYPSA53hA3qopNaqcJpyr0hVb1FeWdnqFA35/fUtXgBK8srQg==", + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/core": { + "version": "7.26.0", + "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.26.0.tgz", + "integrity": "sha512-i1SLeK+DzNnQ3LL/CswPCa/E5u4lh1k6IAEphON8F+cXt0t9euTshDru0q7/IqMa1PMPz5RnHuHscF8/ZJsStg==", + "license": "MIT", + "dependencies": { + "@ampproject/remapping": "^2.2.0", + "@babel/code-frame": "^7.26.0", + "@babel/generator": "^7.26.0", + "@babel/helper-compilation-targets": "^7.25.9", + "@babel/helper-module-transforms": "^7.26.0", + "@babel/helpers": "^7.26.0", + "@babel/parser": "^7.26.0", + "@babel/template": "^7.25.9", + "@babel/traverse": "^7.25.9", + "@babel/types": "^7.26.0", + "convert-source-map": "^2.0.0", + "debug": "^4.1.0", + "gensync": "^1.0.0-beta.2", + "json5": "^2.2.3", + "semver": "^6.3.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/babel" + } + }, + "node_modules/@babel/core/node_modules/semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + } + }, + "node_modules/@babel/generator": { + "version": "7.26.2", + "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.26.2.tgz", + "integrity": "sha512-zevQbhbau95nkoxSq3f/DC/SC+EEOUZd3DYqfSkMhY2/wfSeaHV1Ew4vk8e+x8lja31IbyuUa2uQ3JONqKbysw==", + "license": "MIT", + "dependencies": { + "@babel/parser": "^7.26.2", + "@babel/types": "^7.26.0", + "@jridgewell/gen-mapping": "^0.3.5", + "@jridgewell/trace-mapping": "^0.3.25", + "jsesc": "^3.0.2" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-annotate-as-pure": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/helper-annotate-as-pure/-/helper-annotate-as-pure-7.25.9.tgz", + "integrity": "sha512-gv7320KBUFJz1RnylIg5WWYPRXKZ884AGkYpgpWW02TH66Dl+HaC1t1CKd0z3R4b6hdYEcmrNZHUmfCP+1u3/g==", + "license": "MIT", + "dependencies": { + "@babel/types": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-builder-binary-assignment-operator-visitor": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/helper-builder-binary-assignment-operator-visitor/-/helper-builder-binary-assignment-operator-visitor-7.25.9.tgz", + "integrity": "sha512-C47lC7LIDCnz0h4vai/tpNOI95tCd5ZT3iBt/DBH5lXKHZsyNQv18yf1wIIg2ntiQNgmAvA+DgZ82iW8Qdym8g==", + "license": "MIT", + "dependencies": { + "@babel/traverse": "^7.25.9", + "@babel/types": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-compilation-targets": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.25.9.tgz", + "integrity": "sha512-j9Db8Suy6yV/VHa4qzrj9yZfZxhLWQdVnRlXxmKLYlhWUVB1sB2G5sxuWYXk/whHD9iW76PmNzxZ4UCnTQTVEQ==", + "license": "MIT", + "dependencies": { + "@babel/compat-data": "^7.25.9", + "@babel/helper-validator-option": "^7.25.9", + "browserslist": "^4.24.0", + "lru-cache": "^5.1.1", + "semver": "^6.3.1" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-compilation-targets/node_modules/semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + } + }, + "node_modules/@babel/helper-create-class-features-plugin": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.25.9.tgz", + "integrity": "sha512-UTZQMvt0d/rSz6KI+qdu7GQze5TIajwTS++GUozlw8VBJDEOAqSXwm1WvmYEZwqdqSGQshRocPDqrt4HBZB3fQ==", + "license": "MIT", + "dependencies": { + "@babel/helper-annotate-as-pure": "^7.25.9", + "@babel/helper-member-expression-to-functions": "^7.25.9", + "@babel/helper-optimise-call-expression": "^7.25.9", + "@babel/helper-replace-supers": "^7.25.9", + "@babel/helper-skip-transparent-expression-wrappers": "^7.25.9", + "@babel/traverse": "^7.25.9", + "semver": "^6.3.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/@babel/helper-create-class-features-plugin/node_modules/semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + } + }, + "node_modules/@babel/helper-create-regexp-features-plugin": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/helper-create-regexp-features-plugin/-/helper-create-regexp-features-plugin-7.25.9.tgz", + "integrity": "sha512-ORPNZ3h6ZRkOyAa/SaHU+XsLZr0UQzRwuDQ0cczIA17nAzZ+85G5cVkOJIj7QavLZGSe8QXUmNFxSZzjcZF9bw==", + "license": "MIT", + "dependencies": { + "@babel/helper-annotate-as-pure": "^7.25.9", + "regexpu-core": "^6.1.1", + "semver": "^6.3.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/@babel/helper-create-regexp-features-plugin/node_modules/semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + } + }, + "node_modules/@babel/helper-define-polyfill-provider": { + "version": "0.6.3", + "resolved": "https://registry.npmjs.org/@babel/helper-define-polyfill-provider/-/helper-define-polyfill-provider-0.6.3.tgz", + "integrity": "sha512-HK7Bi+Hj6H+VTHA3ZvBis7V/6hu9QuTrnMXNybfUf2iiuU/N97I8VjB+KbhFF8Rld/Lx5MzoCwPCpPjfK+n8Cg==", + "license": "MIT", + "dependencies": { + "@babel/helper-compilation-targets": "^7.22.6", + "@babel/helper-plugin-utils": "^7.22.5", + "debug": "^4.1.1", + "lodash.debounce": "^4.0.8", + "resolve": "^1.14.2" + }, + "peerDependencies": { + "@babel/core": "^7.4.0 || ^8.0.0-0 <8.0.0" + } + }, + "node_modules/@babel/helper-member-expression-to-functions": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.25.9.tgz", + "integrity": "sha512-wbfdZ9w5vk0C0oyHqAJbc62+vet5prjj01jjJ8sKn3j9h3MQQlflEdXYvuqRWjHnM12coDEqiC1IRCi0U/EKwQ==", + "license": "MIT", + "dependencies": { + "@babel/traverse": "^7.25.9", + "@babel/types": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-module-imports": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.25.9.tgz", + "integrity": "sha512-tnUA4RsrmflIM6W6RFTLFSXITtl0wKjgpnLgXyowocVPrbYrLUXSBXDgTs8BlbmIzIdlBySRQjINYs2BAkiLtw==", + "license": "MIT", + "dependencies": { + "@babel/traverse": "^7.25.9", + "@babel/types": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-module-transforms": { + "version": "7.26.0", + "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.26.0.tgz", + "integrity": "sha512-xO+xu6B5K2czEnQye6BHA7DolFFmS3LB7stHZFaOLb1pAwO1HWLS8fXA+eh0A2yIvltPVmx3eNNDBJA2SLHXFw==", + "license": "MIT", + "dependencies": { + "@babel/helper-module-imports": "^7.25.9", + "@babel/helper-validator-identifier": "^7.25.9", + "@babel/traverse": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/@babel/helper-optimise-call-expression": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/helper-optimise-call-expression/-/helper-optimise-call-expression-7.25.9.tgz", + "integrity": "sha512-FIpuNaz5ow8VyrYcnXQTDRGvV6tTjkNtCK/RYNDXGSLlUD6cBuQTSw43CShGxjvfBTfcUA/r6UhUCbtYqkhcuQ==", + "license": "MIT", + "dependencies": { + "@babel/types": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-plugin-utils": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.25.9.tgz", + "integrity": "sha512-kSMlyUVdWe25rEsRGviIgOWnoT/nfABVWlqt9N19/dIPWViAOW2s9wznP5tURbs/IDuNk4gPy3YdYRgH3uxhBw==", + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-remap-async-to-generator": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/helper-remap-async-to-generator/-/helper-remap-async-to-generator-7.25.9.tgz", + "integrity": "sha512-IZtukuUeBbhgOcaW2s06OXTzVNJR0ybm4W5xC1opWFFJMZbwRj5LCk+ByYH7WdZPZTt8KnFwA8pvjN2yqcPlgw==", + "license": "MIT", + "dependencies": { + "@babel/helper-annotate-as-pure": "^7.25.9", + "@babel/helper-wrap-function": "^7.25.9", + "@babel/traverse": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/@babel/helper-replace-supers": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/helper-replace-supers/-/helper-replace-supers-7.25.9.tgz", + "integrity": "sha512-IiDqTOTBQy0sWyeXyGSC5TBJpGFXBkRynjBeXsvbhQFKj2viwJC76Epz35YLU1fpe/Am6Vppb7W7zM4fPQzLsQ==", + "license": "MIT", + "dependencies": { + "@babel/helper-member-expression-to-functions": "^7.25.9", + "@babel/helper-optimise-call-expression": "^7.25.9", + "@babel/traverse": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/@babel/helper-simple-access": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/helper-simple-access/-/helper-simple-access-7.25.9.tgz", + "integrity": "sha512-c6WHXuiaRsJTyHYLJV75t9IqsmTbItYfdj99PnzYGQZkYKvan5/2jKJ7gu31J3/BJ/A18grImSPModuyG/Eo0Q==", + "license": "MIT", + "dependencies": { + "@babel/traverse": "^7.25.9", + "@babel/types": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-skip-transparent-expression-wrappers": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/helper-skip-transparent-expression-wrappers/-/helper-skip-transparent-expression-wrappers-7.25.9.tgz", + "integrity": "sha512-K4Du3BFa3gvyhzgPcntrkDgZzQaq6uozzcpGbOO1OEJaI+EJdqWIMTLgFgQf6lrfiDFo5FU+BxKepI9RmZqahA==", + "license": "MIT", + "dependencies": { + "@babel/traverse": "^7.25.9", + "@babel/types": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-string-parser": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.25.9.tgz", + "integrity": "sha512-4A/SCr/2KLd5jrtOMFzaKjVtAei3+2r/NChoBNoZ3EyP/+GlhoaEGoWOZUmFmoITP7zOJyHIMm+DYRd8o3PvHA==", + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-validator-identifier": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.25.9.tgz", + "integrity": "sha512-Ed61U6XJc3CVRfkERJWDz4dJwKe7iLmmJsbOGu9wSloNSFttHV0I8g6UAgb7qnK5ly5bGLPd4oXZlxCdANBOWQ==", + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-validator-option": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.25.9.tgz", + "integrity": "sha512-e/zv1co8pp55dNdEcCynfj9X7nyUKUXoUEwfXqaZt0omVOmDe9oOTdKStH4GmAw6zxMFs50ZayuMfHDKlO7Tfw==", + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helper-wrap-function": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/helper-wrap-function/-/helper-wrap-function-7.25.9.tgz", + "integrity": "sha512-ETzz9UTjQSTmw39GboatdymDq4XIQbR8ySgVrylRhPOFpsd+JrKHIuF0de7GCWmem+T4uC5z7EZguod7Wj4A4g==", + "license": "MIT", + "dependencies": { + "@babel/template": "^7.25.9", + "@babel/traverse": "^7.25.9", + "@babel/types": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/helpers": { + "version": "7.26.0", + "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.26.0.tgz", + "integrity": "sha512-tbhNuIxNcVb21pInl3ZSjksLCvgdZy9KwJ8brv993QtIVKJBBkYXz4q4ZbAv31GdnC+R90np23L5FbEBlthAEw==", + "license": "MIT", + "dependencies": { + "@babel/template": "^7.25.9", + "@babel/types": "^7.26.0" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/parser": { + "version": "7.26.2", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.26.2.tgz", + "integrity": "sha512-DWMCZH9WA4Maitz2q21SRKHo9QXZxkDsbNZoVD62gusNtNBBqDg9i7uOhASfTfIGNzW+O+r7+jAlM8dwphcJKQ==", + "license": "MIT", + "dependencies": { + "@babel/types": "^7.26.0" + }, + "bin": { + "parser": "bin/babel-parser.js" + }, + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/@babel/plugin-bugfix-firefox-class-in-computed-class-key": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-firefox-class-in-computed-class-key/-/plugin-bugfix-firefox-class-in-computed-class-key-7.25.9.tgz", + "integrity": "sha512-ZkRyVkThtxQ/J6nv3JFYv1RYY+JT5BvU0y3k5bWrmuG4woXypRa4PXmm9RhOwodRkYFWqC0C0cqcJ4OqR7kW+g==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9", + "@babel/traverse": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/@babel/plugin-bugfix-safari-class-field-initializer-scope": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-safari-class-field-initializer-scope/-/plugin-bugfix-safari-class-field-initializer-scope-7.25.9.tgz", + "integrity": "sha512-MrGRLZxLD/Zjj0gdU15dfs+HH/OXvnw/U4jJD8vpcP2CJQapPEv1IWwjc/qMg7ItBlPwSv1hRBbb7LeuANdcnw==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression/-/plugin-bugfix-safari-id-destructuring-collision-in-function-expression-7.25.9.tgz", + "integrity": "sha512-2qUwwfAFpJLZqxd02YW9btUCZHl+RFvdDkNfZwaIJrvB8Tesjsk8pEQkTvGwZXLqXUx/2oyY3ySRhm6HOXuCug==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining/-/plugin-bugfix-v8-spread-parameters-in-optional-chaining-7.25.9.tgz", + "integrity": "sha512-6xWgLZTJXwilVjlnV7ospI3xi+sl8lN8rXXbBD6vYn3UYDlGsag8wrZkKcSI8G6KgqKP7vNFaDgeDnfAABq61g==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9", + "@babel/helper-skip-transparent-expression-wrappers": "^7.25.9", + "@babel/plugin-transform-optional-chaining": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.13.0" + } + }, + "node_modules/@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly/-/plugin-bugfix-v8-static-class-fields-redefine-readonly-7.25.9.tgz", + "integrity": "sha512-aLnMXYPnzwwqhYSCyXfKkIkYgJ8zv9RK+roo9DkTXz38ynIhd9XCbN08s3MGvqL2MYGVUGdRQLL/JqBIeJhJBg==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9", + "@babel/traverse": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/@babel/plugin-proposal-private-property-in-object": { + "version": "7.21.0-placeholder-for-preset-env.2", + "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-private-property-in-object/-/plugin-proposal-private-property-in-object-7.21.0-placeholder-for-preset-env.2.tgz", + "integrity": "sha512-SOSkfJDddaM7mak6cPEpswyTRnuRltl429hMraQEglW+OkovnCzsiszTmsrlY//qLFjCpQDFRvjdm2wA5pPm9w==", + "license": "MIT", + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-dynamic-import": { + "version": "7.8.3", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-dynamic-import/-/plugin-syntax-dynamic-import-7.8.3.tgz", + "integrity": "sha512-5gdGbFon+PszYzqs83S3E5mpi7/y/8M9eC90MRTZfduQOYW76ig6SOSPNe41IG5LoP3FGBn2N0RjVDSQiS94kQ==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.8.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-import-assertions": { + "version": "7.26.0", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-import-assertions/-/plugin-syntax-import-assertions-7.26.0.tgz", + "integrity": "sha512-QCWT5Hh830hK5EQa7XzuqIkQU9tT/whqbDz7kuaZMHFl1inRRg7JnuAEOQ0Ur0QUl0NufCk1msK2BeY79Aj/eg==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-import-attributes": { + "version": "7.26.0", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-import-attributes/-/plugin-syntax-import-attributes-7.26.0.tgz", + "integrity": "sha512-e2dttdsJ1ZTpi3B9UYGLw41hifAubg19AtCu/2I/F1QNVclOBr1dYpTdmdyZ84Xiz43BS/tCUkMAZNLv12Pi+A==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-jsx": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.25.9.tgz", + "integrity": "sha512-ld6oezHQMZsZfp6pWtbjaNDF2tiiCYYDqQszHt5VV437lewP9aSi2Of99CK0D0XB21k7FLgnLcmQKyKzynfeAA==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-typescript": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-typescript/-/plugin-syntax-typescript-7.25.9.tgz", + "integrity": "sha512-hjMgRy5hb8uJJjUcdWunWVcoi9bGpJp8p5Ol1229PoN6aytsLwNMgmdftO23wnCLMfVmTwZDWMPNq/D1SY60JQ==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-syntax-unicode-sets-regex": { + "version": "7.18.6", + "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-unicode-sets-regex/-/plugin-syntax-unicode-sets-regex-7.18.6.tgz", + "integrity": "sha512-727YkEAPwSIQTv5im8QHz3upqp92JTWhidIC81Tdx4VJYIte/VndKf1qKrfnnhPLiPghStWfvC/iFaMCQu7Nqg==", + "license": "MIT", + "dependencies": { + "@babel/helper-create-regexp-features-plugin": "^7.18.6", + "@babel/helper-plugin-utils": "^7.18.6" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/@babel/plugin-transform-arrow-functions": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-arrow-functions/-/plugin-transform-arrow-functions-7.25.9.tgz", + "integrity": "sha512-6jmooXYIwn9ca5/RylZADJ+EnSxVUS5sjeJ9UPk6RWRzXCmOJCy6dqItPJFpw2cuCangPK4OYr5uhGKcmrm5Qg==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-async-generator-functions": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-async-generator-functions/-/plugin-transform-async-generator-functions-7.25.9.tgz", + "integrity": "sha512-RXV6QAzTBbhDMO9fWwOmwwTuYaiPbggWQ9INdZqAYeSHyG7FzQ+nOZaUUjNwKv9pV3aE4WFqFm1Hnbci5tBCAw==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9", + "@babel/helper-remap-async-to-generator": "^7.25.9", + "@babel/traverse": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-async-to-generator": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-async-to-generator/-/plugin-transform-async-to-generator-7.25.9.tgz", + "integrity": "sha512-NT7Ejn7Z/LjUH0Gv5KsBCxh7BH3fbLTV0ptHvpeMvrt3cPThHfJfst9Wrb7S8EvJ7vRTFI7z+VAvFVEQn/m5zQ==", + "license": "MIT", + "dependencies": { + "@babel/helper-module-imports": "^7.25.9", + "@babel/helper-plugin-utils": "^7.25.9", + "@babel/helper-remap-async-to-generator": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-block-scoped-functions": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-block-scoped-functions/-/plugin-transform-block-scoped-functions-7.25.9.tgz", + "integrity": "sha512-toHc9fzab0ZfenFpsyYinOX0J/5dgJVA2fm64xPewu7CoYHWEivIWKxkK2rMi4r3yQqLnVmheMXRdG+k239CgA==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-block-scoping": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-block-scoping/-/plugin-transform-block-scoping-7.25.9.tgz", + "integrity": "sha512-1F05O7AYjymAtqbsFETboN1NvBdcnzMerO+zlMyJBEz6WkMdejvGWw9p05iTSjC85RLlBseHHQpYaM4gzJkBGg==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-class-properties": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-class-properties/-/plugin-transform-class-properties-7.25.9.tgz", + "integrity": "sha512-bbMAII8GRSkcd0h0b4X+36GksxuheLFjP65ul9w6C3KgAamI3JqErNgSrosX6ZPj+Mpim5VvEbawXxJCyEUV3Q==", + "license": "MIT", + "dependencies": { + "@babel/helper-create-class-features-plugin": "^7.25.9", + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-class-static-block": { + "version": "7.26.0", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-class-static-block/-/plugin-transform-class-static-block-7.26.0.tgz", + "integrity": "sha512-6J2APTs7BDDm+UMqP1useWqhcRAXo0WIoVj26N7kPFB6S73Lgvyka4KTZYIxtgYXiN5HTyRObA72N2iu628iTQ==", + "license": "MIT", + "dependencies": { + "@babel/helper-create-class-features-plugin": "^7.25.9", + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.12.0" + } + }, + "node_modules/@babel/plugin-transform-classes": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-classes/-/plugin-transform-classes-7.25.9.tgz", + "integrity": "sha512-mD8APIXmseE7oZvZgGABDyM34GUmK45Um2TXiBUt7PnuAxrgoSVf123qUzPxEr/+/BHrRn5NMZCdE2m/1F8DGg==", + "license": "MIT", + "dependencies": { + "@babel/helper-annotate-as-pure": "^7.25.9", + "@babel/helper-compilation-targets": "^7.25.9", + "@babel/helper-plugin-utils": "^7.25.9", + "@babel/helper-replace-supers": "^7.25.9", + "@babel/traverse": "^7.25.9", + "globals": "^11.1.0" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-computed-properties": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-computed-properties/-/plugin-transform-computed-properties-7.25.9.tgz", + "integrity": "sha512-HnBegGqXZR12xbcTHlJ9HGxw1OniltT26J5YpfruGqtUHlz/xKf/G2ak9e+t0rVqrjXa9WOhvYPz1ERfMj23AA==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9", + "@babel/template": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-destructuring": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-destructuring/-/plugin-transform-destructuring-7.25.9.tgz", + "integrity": "sha512-WkCGb/3ZxXepmMiX101nnGiU+1CAdut8oHyEOHxkKuS1qKpU2SMXE2uSvfz8PBuLd49V6LEsbtyPhWC7fnkgvQ==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-dotall-regex": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-dotall-regex/-/plugin-transform-dotall-regex-7.25.9.tgz", + "integrity": "sha512-t7ZQ7g5trIgSRYhI9pIJtRl64KHotutUJsh4Eze5l7olJv+mRSg4/MmbZ0tv1eeqRbdvo/+trvJD/Oc5DmW2cA==", + "license": "MIT", + "dependencies": { + "@babel/helper-create-regexp-features-plugin": "^7.25.9", + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-duplicate-keys": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-duplicate-keys/-/plugin-transform-duplicate-keys-7.25.9.tgz", + "integrity": "sha512-LZxhJ6dvBb/f3x8xwWIuyiAHy56nrRG3PeYTpBkkzkYRRQ6tJLu68lEF5VIqMUZiAV7a8+Tb78nEoMCMcqjXBw==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-duplicate-named-capturing-groups-regex": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-duplicate-named-capturing-groups-regex/-/plugin-transform-duplicate-named-capturing-groups-regex-7.25.9.tgz", + "integrity": "sha512-0UfuJS0EsXbRvKnwcLjFtJy/Sxc5J5jhLHnFhy7u4zih97Hz6tJkLU+O+FMMrNZrosUPxDi6sYxJ/EA8jDiAog==", + "license": "MIT", + "dependencies": { + "@babel/helper-create-regexp-features-plugin": "^7.25.9", + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/@babel/plugin-transform-dynamic-import": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-dynamic-import/-/plugin-transform-dynamic-import-7.25.9.tgz", + "integrity": "sha512-GCggjexbmSLaFhqsojeugBpeaRIgWNTcgKVq/0qIteFEqY2A+b9QidYadrWlnbWQUrW5fn+mCvf3tr7OeBFTyg==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-exponentiation-operator": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-exponentiation-operator/-/plugin-transform-exponentiation-operator-7.25.9.tgz", + "integrity": "sha512-KRhdhlVk2nObA5AYa7QMgTMTVJdfHprfpAk4DjZVtllqRg9qarilstTKEhpVjyt+Npi8ThRyiV8176Am3CodPA==", + "license": "MIT", + "dependencies": { + "@babel/helper-builder-binary-assignment-operator-visitor": "^7.25.9", + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-export-namespace-from": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-export-namespace-from/-/plugin-transform-export-namespace-from-7.25.9.tgz", + "integrity": "sha512-2NsEz+CxzJIVOPx2o9UsW1rXLqtChtLoVnwYHHiB04wS5sgn7mrV45fWMBX0Kk+ub9uXytVYfNP2HjbVbCB3Ww==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-for-of": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-for-of/-/plugin-transform-for-of-7.25.9.tgz", + "integrity": "sha512-LqHxduHoaGELJl2uhImHwRQudhCM50pT46rIBNvtT/Oql3nqiS3wOwP+5ten7NpYSXrrVLgtZU3DZmPtWZo16A==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9", + "@babel/helper-skip-transparent-expression-wrappers": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-function-name": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-function-name/-/plugin-transform-function-name-7.25.9.tgz", + "integrity": "sha512-8lP+Yxjv14Vc5MuWBpJsoUCd3hD6V9DgBon2FVYL4jJgbnVQ9fTgYmonchzZJOVNgzEgbxp4OwAf6xz6M/14XA==", + "license": "MIT", + "dependencies": { + "@babel/helper-compilation-targets": "^7.25.9", + "@babel/helper-plugin-utils": "^7.25.9", + "@babel/traverse": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-json-strings": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-json-strings/-/plugin-transform-json-strings-7.25.9.tgz", + "integrity": "sha512-xoTMk0WXceiiIvsaquQQUaLLXSW1KJ159KP87VilruQm0LNNGxWzahxSS6T6i4Zg3ezp4vA4zuwiNUR53qmQAw==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-literals": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-literals/-/plugin-transform-literals-7.25.9.tgz", + "integrity": "sha512-9N7+2lFziW8W9pBl2TzaNht3+pgMIRP74zizeCSrtnSKVdUl8mAjjOP2OOVQAfZ881P2cNjDj1uAMEdeD50nuQ==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-logical-assignment-operators": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-logical-assignment-operators/-/plugin-transform-logical-assignment-operators-7.25.9.tgz", + "integrity": "sha512-wI4wRAzGko551Y8eVf6iOY9EouIDTtPb0ByZx+ktDGHwv6bHFimrgJM/2T021txPZ2s4c7bqvHbd+vXG6K948Q==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-member-expression-literals": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-member-expression-literals/-/plugin-transform-member-expression-literals-7.25.9.tgz", + "integrity": "sha512-PYazBVfofCQkkMzh2P6IdIUaCEWni3iYEerAsRWuVd8+jlM1S9S9cz1dF9hIzyoZ8IA3+OwVYIp9v9e+GbgZhA==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-modules-amd": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-amd/-/plugin-transform-modules-amd-7.25.9.tgz", + "integrity": "sha512-g5T11tnI36jVClQlMlt4qKDLlWnG5pP9CSM4GhdRciTNMRgkfpo5cR6b4rGIOYPgRRuFAvwjPQ/Yk+ql4dyhbw==", + "license": "MIT", + "dependencies": { + "@babel/helper-module-transforms": "^7.25.9", + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-modules-commonjs": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-commonjs/-/plugin-transform-modules-commonjs-7.25.9.tgz", + "integrity": "sha512-dwh2Ol1jWwL2MgkCzUSOvfmKElqQcuswAZypBSUsScMXvgdT8Ekq5YA6TtqpTVWH+4903NmboMuH1o9i8Rxlyg==", + "license": "MIT", + "dependencies": { + "@babel/helper-module-transforms": "^7.25.9", + "@babel/helper-plugin-utils": "^7.25.9", + "@babel/helper-simple-access": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-modules-systemjs": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.25.9.tgz", + "integrity": "sha512-hyss7iIlH/zLHaehT+xwiymtPOpsiwIIRlCAOwBB04ta5Tt+lNItADdlXw3jAWZ96VJ2jlhl/c+PNIQPKNfvcA==", + "license": "MIT", + "dependencies": { + "@babel/helper-module-transforms": "^7.25.9", + "@babel/helper-plugin-utils": "^7.25.9", + "@babel/helper-validator-identifier": "^7.25.9", + "@babel/traverse": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-modules-umd": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-umd/-/plugin-transform-modules-umd-7.25.9.tgz", + "integrity": "sha512-bS9MVObUgE7ww36HEfwe6g9WakQ0KF07mQF74uuXdkoziUPfKyu/nIm663kz//e5O1nPInPFx36z7WJmJ4yNEw==", + "license": "MIT", + "dependencies": { + "@babel/helper-module-transforms": "^7.25.9", + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-named-capturing-groups-regex": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-named-capturing-groups-regex/-/plugin-transform-named-capturing-groups-regex-7.25.9.tgz", + "integrity": "sha512-oqB6WHdKTGl3q/ItQhpLSnWWOpjUJLsOCLVyeFgeTktkBSCiurvPOsyt93gibI9CmuKvTUEtWmG5VhZD+5T/KA==", + "license": "MIT", + "dependencies": { + "@babel/helper-create-regexp-features-plugin": "^7.25.9", + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/@babel/plugin-transform-new-target": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-new-target/-/plugin-transform-new-target-7.25.9.tgz", + "integrity": "sha512-U/3p8X1yCSoKyUj2eOBIx3FOn6pElFOKvAAGf8HTtItuPyB+ZeOqfn+mvTtg9ZlOAjsPdK3ayQEjqHjU/yLeVQ==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-nullish-coalescing-operator": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-nullish-coalescing-operator/-/plugin-transform-nullish-coalescing-operator-7.25.9.tgz", + "integrity": "sha512-ENfftpLZw5EItALAD4WsY/KUWvhUlZndm5GC7G3evUsVeSJB6p0pBeLQUnRnBCBx7zV0RKQjR9kCuwrsIrjWog==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-numeric-separator": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-numeric-separator/-/plugin-transform-numeric-separator-7.25.9.tgz", + "integrity": "sha512-TlprrJ1GBZ3r6s96Yq8gEQv82s8/5HnCVHtEJScUj90thHQbwe+E5MLhi2bbNHBEJuzrvltXSru+BUxHDoog7Q==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-object-rest-spread": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-object-rest-spread/-/plugin-transform-object-rest-spread-7.25.9.tgz", + "integrity": "sha512-fSaXafEE9CVHPweLYw4J0emp1t8zYTXyzN3UuG+lylqkvYd7RMrsOQ8TYx5RF231be0vqtFC6jnx3UmpJmKBYg==", + "license": "MIT", + "dependencies": { + "@babel/helper-compilation-targets": "^7.25.9", + "@babel/helper-plugin-utils": "^7.25.9", + "@babel/plugin-transform-parameters": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-object-super": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-object-super/-/plugin-transform-object-super-7.25.9.tgz", + "integrity": "sha512-Kj/Gh+Rw2RNLbCK1VAWj2U48yxxqL2x0k10nPtSdRa0O2xnHXalD0s+o1A6a0W43gJ00ANo38jxkQreckOzv5A==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9", + "@babel/helper-replace-supers": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-optional-catch-binding": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-optional-catch-binding/-/plugin-transform-optional-catch-binding-7.25.9.tgz", + "integrity": "sha512-qM/6m6hQZzDcZF3onzIhZeDHDO43bkNNlOX0i8n3lR6zLbu0GN2d8qfM/IERJZYauhAHSLHy39NF0Ctdvcid7g==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-optional-chaining": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-optional-chaining/-/plugin-transform-optional-chaining-7.25.9.tgz", + "integrity": "sha512-6AvV0FsLULbpnXeBjrY4dmWF8F7gf8QnvTEoO/wX/5xm/xE1Xo8oPuD3MPS+KS9f9XBEAWN7X1aWr4z9HdOr7A==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9", + "@babel/helper-skip-transparent-expression-wrappers": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-parameters": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-parameters/-/plugin-transform-parameters-7.25.9.tgz", + "integrity": "sha512-wzz6MKwpnshBAiRmn4jR8LYz/g8Ksg0o80XmwZDlordjwEk9SxBzTWC7F5ef1jhbrbOW2DJ5J6ayRukrJmnr0g==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-private-methods": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-private-methods/-/plugin-transform-private-methods-7.25.9.tgz", + "integrity": "sha512-D/JUozNpQLAPUVusvqMxyvjzllRaF8/nSrP1s2YGQT/W4LHK4xxsMcHjhOGTS01mp9Hda8nswb+FblLdJornQw==", + "license": "MIT", + "dependencies": { + "@babel/helper-create-class-features-plugin": "^7.25.9", + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-private-property-in-object": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-private-property-in-object/-/plugin-transform-private-property-in-object-7.25.9.tgz", + "integrity": "sha512-Evf3kcMqzXA3xfYJmZ9Pg1OvKdtqsDMSWBDzZOPLvHiTt36E75jLDQo5w1gtRU95Q4E5PDttrTf25Fw8d/uWLw==", + "license": "MIT", + "dependencies": { + "@babel/helper-annotate-as-pure": "^7.25.9", + "@babel/helper-create-class-features-plugin": "^7.25.9", + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-property-literals": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-property-literals/-/plugin-transform-property-literals-7.25.9.tgz", + "integrity": "sha512-IvIUeV5KrS/VPavfSM/Iu+RE6llrHrYIKY1yfCzyO/lMXHQ+p7uGhonmGVisv6tSBSVgWzMBohTcvkC9vQcQFA==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-react-constant-elements": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-constant-elements/-/plugin-transform-react-constant-elements-7.25.9.tgz", + "integrity": "sha512-Ncw2JFsJVuvfRsa2lSHiC55kETQVLSnsYGQ1JDDwkUeWGTL/8Tom8aLTnlqgoeuopWrbbGndrc9AlLYrIosrow==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-react-display-name": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-display-name/-/plugin-transform-react-display-name-7.25.9.tgz", + "integrity": "sha512-KJfMlYIUxQB1CJfO3e0+h0ZHWOTLCPP115Awhaz8U0Zpq36Gl/cXlpoyMRnUWlhNUBAzldnCiAZNvCDj7CrKxQ==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-react-jsx": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-jsx/-/plugin-transform-react-jsx-7.25.9.tgz", + "integrity": "sha512-s5XwpQYCqGerXl+Pu6VDL3x0j2d82eiV77UJ8a2mDHAW7j9SWRqQ2y1fNo1Z74CdcYipl5Z41zvjj4Nfzq36rw==", + "license": "MIT", + "dependencies": { + "@babel/helper-annotate-as-pure": "^7.25.9", + "@babel/helper-module-imports": "^7.25.9", + "@babel/helper-plugin-utils": "^7.25.9", + "@babel/plugin-syntax-jsx": "^7.25.9", + "@babel/types": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-react-jsx-development": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-jsx-development/-/plugin-transform-react-jsx-development-7.25.9.tgz", + "integrity": "sha512-9mj6rm7XVYs4mdLIpbZnHOYdpW42uoiBCTVowg7sP1thUOiANgMb4UtpRivR0pp5iL+ocvUv7X4mZgFRpJEzGw==", + "license": "MIT", + "dependencies": { + "@babel/plugin-transform-react-jsx": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-react-pure-annotations": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-react-pure-annotations/-/plugin-transform-react-pure-annotations-7.25.9.tgz", + "integrity": "sha512-KQ/Takk3T8Qzj5TppkS1be588lkbTp5uj7w6a0LeQaTMSckU/wK0oJ/pih+T690tkgI5jfmg2TqDJvd41Sj1Cg==", + "license": "MIT", + "dependencies": { + "@babel/helper-annotate-as-pure": "^7.25.9", + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-regenerator": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-regenerator/-/plugin-transform-regenerator-7.25.9.tgz", + "integrity": "sha512-vwDcDNsgMPDGP0nMqzahDWE5/MLcX8sv96+wfX7as7LoF/kr97Bo/7fI00lXY4wUXYfVmwIIyG80fGZ1uvt2qg==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9", + "regenerator-transform": "^0.15.2" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-regexp-modifiers": { + "version": "7.26.0", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-regexp-modifiers/-/plugin-transform-regexp-modifiers-7.26.0.tgz", + "integrity": "sha512-vN6saax7lrA2yA/Pak3sCxuD6F5InBjn9IcrIKQPjpsLvuHYLVroTxjdlVRHjjBWxKOqIwpTXDkOssYT4BFdRw==", + "license": "MIT", + "dependencies": { + "@babel/helper-create-regexp-features-plugin": "^7.25.9", + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/@babel/plugin-transform-reserved-words": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-reserved-words/-/plugin-transform-reserved-words-7.25.9.tgz", + "integrity": "sha512-7DL7DKYjn5Su++4RXu8puKZm2XBPHyjWLUidaPEkCUBbE7IPcsrkRHggAOOKydH1dASWdcUBxrkOGNxUv5P3Jg==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-runtime": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-runtime/-/plugin-transform-runtime-7.25.9.tgz", + "integrity": "sha512-nZp7GlEl+yULJrClz0SwHPqir3lc0zsPrDHQUcxGspSL7AKrexNSEfTbfqnDNJUO13bgKyfuOLMF8Xqtu8j3YQ==", + "license": "MIT", + "dependencies": { + "@babel/helper-module-imports": "^7.25.9", + "@babel/helper-plugin-utils": "^7.25.9", + "babel-plugin-polyfill-corejs2": "^0.4.10", + "babel-plugin-polyfill-corejs3": "^0.10.6", + "babel-plugin-polyfill-regenerator": "^0.6.1", + "semver": "^6.3.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-runtime/node_modules/semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + } + }, + "node_modules/@babel/plugin-transform-shorthand-properties": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-shorthand-properties/-/plugin-transform-shorthand-properties-7.25.9.tgz", + "integrity": "sha512-MUv6t0FhO5qHnS/W8XCbHmiRWOphNufpE1IVxhK5kuN3Td9FT1x4rx4K42s3RYdMXCXpfWkGSbCSd0Z64xA7Ng==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-spread": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-spread/-/plugin-transform-spread-7.25.9.tgz", + "integrity": "sha512-oNknIB0TbURU5pqJFVbOOFspVlrpVwo2H1+HUIsVDvp5VauGGDP1ZEvO8Nn5xyMEs3dakajOxlmkNW7kNgSm6A==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9", + "@babel/helper-skip-transparent-expression-wrappers": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-sticky-regex": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-sticky-regex/-/plugin-transform-sticky-regex-7.25.9.tgz", + "integrity": "sha512-WqBUSgeVwucYDP9U/xNRQam7xV8W5Zf+6Eo7T2SRVUFlhRiMNFdFz58u0KZmCVVqs2i7SHgpRnAhzRNmKfi2uA==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-template-literals": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-template-literals/-/plugin-transform-template-literals-7.25.9.tgz", + "integrity": "sha512-o97AE4syN71M/lxrCtQByzphAdlYluKPDBzDVzMmfCobUjjhAryZV0AIpRPrxN0eAkxXO6ZLEScmt+PNhj2OTw==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-typeof-symbol": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-typeof-symbol/-/plugin-transform-typeof-symbol-7.25.9.tgz", + "integrity": "sha512-v61XqUMiueJROUv66BVIOi0Fv/CUuZuZMl5NkRoCVxLAnMexZ0A3kMe7vvZ0nulxMuMp0Mk6S5hNh48yki08ZA==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-typescript": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-typescript/-/plugin-transform-typescript-7.25.9.tgz", + "integrity": "sha512-7PbZQZP50tzv2KGGnhh82GSyMB01yKY9scIjf1a+GfZCtInOWqUH5+1EBU4t9fyR5Oykkkc9vFTs4OHrhHXljQ==", + "license": "MIT", + "dependencies": { + "@babel/helper-annotate-as-pure": "^7.25.9", + "@babel/helper-create-class-features-plugin": "^7.25.9", + "@babel/helper-plugin-utils": "^7.25.9", + "@babel/helper-skip-transparent-expression-wrappers": "^7.25.9", + "@babel/plugin-syntax-typescript": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-unicode-escapes": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-escapes/-/plugin-transform-unicode-escapes-7.25.9.tgz", + "integrity": "sha512-s5EDrE6bW97LtxOcGj1Khcx5AaXwiMmi4toFWRDP9/y0Woo6pXC+iyPu/KuhKtfSrNFd7jJB+/fkOtZy6aIC6Q==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-unicode-property-regex": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-property-regex/-/plugin-transform-unicode-property-regex-7.25.9.tgz", + "integrity": "sha512-Jt2d8Ga+QwRluxRQ307Vlxa6dMrYEMZCgGxoPR8V52rxPyldHu3hdlHspxaqYmE7oID5+kB+UKUB/eWS+DkkWg==", + "license": "MIT", + "dependencies": { + "@babel/helper-create-regexp-features-plugin": "^7.25.9", + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-unicode-regex": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-regex/-/plugin-transform-unicode-regex-7.25.9.tgz", + "integrity": "sha512-yoxstj7Rg9dlNn9UQxzk4fcNivwv4nUYz7fYXBaKxvw/lnmPuOm/ikoELygbYq68Bls3D/D+NBPHiLwZdZZ4HA==", + "license": "MIT", + "dependencies": { + "@babel/helper-create-regexp-features-plugin": "^7.25.9", + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/plugin-transform-unicode-sets-regex": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-sets-regex/-/plugin-transform-unicode-sets-regex-7.25.9.tgz", + "integrity": "sha512-8BYqO3GeVNHtx69fdPshN3fnzUNLrWdHhk/icSwigksJGczKSizZ+Z6SBCxTs723Fr5VSNorTIK7a+R2tISvwQ==", + "license": "MIT", + "dependencies": { + "@babel/helper-create-regexp-features-plugin": "^7.25.9", + "@babel/helper-plugin-utils": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0" + } + }, + "node_modules/@babel/preset-env": { + "version": "7.26.0", + "resolved": "https://registry.npmjs.org/@babel/preset-env/-/preset-env-7.26.0.tgz", + "integrity": "sha512-H84Fxq0CQJNdPFT2DrfnylZ3cf5K43rGfWK4LJGPpjKHiZlk0/RzwEus3PDDZZg+/Er7lCA03MVacueUuXdzfw==", + "license": "MIT", + "dependencies": { + "@babel/compat-data": "^7.26.0", + "@babel/helper-compilation-targets": "^7.25.9", + "@babel/helper-plugin-utils": "^7.25.9", + "@babel/helper-validator-option": "^7.25.9", + "@babel/plugin-bugfix-firefox-class-in-computed-class-key": "^7.25.9", + "@babel/plugin-bugfix-safari-class-field-initializer-scope": "^7.25.9", + "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression": "^7.25.9", + "@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining": "^7.25.9", + "@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly": "^7.25.9", + "@babel/plugin-proposal-private-property-in-object": "7.21.0-placeholder-for-preset-env.2", + "@babel/plugin-syntax-import-assertions": "^7.26.0", + "@babel/plugin-syntax-import-attributes": "^7.26.0", + "@babel/plugin-syntax-unicode-sets-regex": "^7.18.6", + "@babel/plugin-transform-arrow-functions": "^7.25.9", + "@babel/plugin-transform-async-generator-functions": "^7.25.9", + "@babel/plugin-transform-async-to-generator": "^7.25.9", + "@babel/plugin-transform-block-scoped-functions": "^7.25.9", + "@babel/plugin-transform-block-scoping": "^7.25.9", + "@babel/plugin-transform-class-properties": "^7.25.9", + "@babel/plugin-transform-class-static-block": "^7.26.0", + "@babel/plugin-transform-classes": "^7.25.9", + "@babel/plugin-transform-computed-properties": "^7.25.9", + "@babel/plugin-transform-destructuring": "^7.25.9", + "@babel/plugin-transform-dotall-regex": "^7.25.9", + "@babel/plugin-transform-duplicate-keys": "^7.25.9", + "@babel/plugin-transform-duplicate-named-capturing-groups-regex": "^7.25.9", + "@babel/plugin-transform-dynamic-import": "^7.25.9", + "@babel/plugin-transform-exponentiation-operator": "^7.25.9", + "@babel/plugin-transform-export-namespace-from": "^7.25.9", + "@babel/plugin-transform-for-of": "^7.25.9", + "@babel/plugin-transform-function-name": "^7.25.9", + "@babel/plugin-transform-json-strings": "^7.25.9", + "@babel/plugin-transform-literals": "^7.25.9", + "@babel/plugin-transform-logical-assignment-operators": "^7.25.9", + "@babel/plugin-transform-member-expression-literals": "^7.25.9", + "@babel/plugin-transform-modules-amd": "^7.25.9", + "@babel/plugin-transform-modules-commonjs": "^7.25.9", + "@babel/plugin-transform-modules-systemjs": "^7.25.9", + "@babel/plugin-transform-modules-umd": "^7.25.9", + "@babel/plugin-transform-named-capturing-groups-regex": "^7.25.9", + "@babel/plugin-transform-new-target": "^7.25.9", + "@babel/plugin-transform-nullish-coalescing-operator": "^7.25.9", + "@babel/plugin-transform-numeric-separator": "^7.25.9", + "@babel/plugin-transform-object-rest-spread": "^7.25.9", + "@babel/plugin-transform-object-super": "^7.25.9", + "@babel/plugin-transform-optional-catch-binding": "^7.25.9", + "@babel/plugin-transform-optional-chaining": "^7.25.9", + "@babel/plugin-transform-parameters": "^7.25.9", + "@babel/plugin-transform-private-methods": "^7.25.9", + "@babel/plugin-transform-private-property-in-object": "^7.25.9", + "@babel/plugin-transform-property-literals": "^7.25.9", + "@babel/plugin-transform-regenerator": "^7.25.9", + "@babel/plugin-transform-regexp-modifiers": "^7.26.0", + "@babel/plugin-transform-reserved-words": "^7.25.9", + "@babel/plugin-transform-shorthand-properties": "^7.25.9", + "@babel/plugin-transform-spread": "^7.25.9", + "@babel/plugin-transform-sticky-regex": "^7.25.9", + "@babel/plugin-transform-template-literals": "^7.25.9", + "@babel/plugin-transform-typeof-symbol": "^7.25.9", + "@babel/plugin-transform-unicode-escapes": "^7.25.9", + "@babel/plugin-transform-unicode-property-regex": "^7.25.9", + "@babel/plugin-transform-unicode-regex": "^7.25.9", + "@babel/plugin-transform-unicode-sets-regex": "^7.25.9", + "@babel/preset-modules": "0.1.6-no-external-plugins", + "babel-plugin-polyfill-corejs2": "^0.4.10", + "babel-plugin-polyfill-corejs3": "^0.10.6", + "babel-plugin-polyfill-regenerator": "^0.6.1", + "core-js-compat": "^3.38.1", + "semver": "^6.3.1" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/preset-env/node_modules/semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + } + }, + "node_modules/@babel/preset-modules": { + "version": "0.1.6-no-external-plugins", + "resolved": "https://registry.npmjs.org/@babel/preset-modules/-/preset-modules-0.1.6-no-external-plugins.tgz", + "integrity": "sha512-HrcgcIESLm9aIR842yhJ5RWan/gebQUJ6E/E5+rf0y9o6oj7w0Br+sWuL6kEQ/o/AdfvR1Je9jG18/gnpwjEyA==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.0.0", + "@babel/types": "^7.4.4", + "esutils": "^2.0.2" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0 || ^8.0.0-0 <8.0.0" + } + }, + "node_modules/@babel/preset-react": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/preset-react/-/preset-react-7.25.9.tgz", + "integrity": "sha512-D3to0uSPiWE7rBrdIICCd0tJSIGpLaaGptna2+w7Pft5xMqLpA1sz99DK5TZ1TjGbdQ/VI1eCSZ06dv3lT4JOw==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9", + "@babel/helper-validator-option": "^7.25.9", + "@babel/plugin-transform-react-display-name": "^7.25.9", + "@babel/plugin-transform-react-jsx": "^7.25.9", + "@babel/plugin-transform-react-jsx-development": "^7.25.9", + "@babel/plugin-transform-react-pure-annotations": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/preset-typescript": { + "version": "7.26.0", + "resolved": "https://registry.npmjs.org/@babel/preset-typescript/-/preset-typescript-7.26.0.tgz", + "integrity": "sha512-NMk1IGZ5I/oHhoXEElcm+xUnL/szL6xflkFZmoEU9xj1qSJXpiS7rsspYo92B4DRCDvZn2erT5LdsCeXAKNCkg==", + "license": "MIT", + "dependencies": { + "@babel/helper-plugin-utils": "^7.25.9", + "@babel/helper-validator-option": "^7.25.9", + "@babel/plugin-syntax-jsx": "^7.25.9", + "@babel/plugin-transform-modules-commonjs": "^7.25.9", + "@babel/plugin-transform-typescript": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@babel/runtime": { + "version": "7.26.0", + "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.26.0.tgz", + "integrity": "sha512-FDSOghenHTiToteC/QRlv2q3DhPZ/oOXTBoirfWNx1Cx3TMVcGWQtMMmQcSvb/JjpNeGzx8Pq/b4fKEJuWm1sw==", + "license": "MIT", + "dependencies": { + "regenerator-runtime": "^0.14.0" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/runtime-corejs3": { + "version": "7.26.0", + "resolved": "https://registry.npmjs.org/@babel/runtime-corejs3/-/runtime-corejs3-7.26.0.tgz", + "integrity": "sha512-YXHu5lN8kJCb1LOb9PgV6pvak43X2h4HvRApcN5SdWeaItQOzfn1hgP6jasD6KWQyJDBxrVmA9o9OivlnNJK/w==", + "license": "MIT", + "dependencies": { + "core-js-pure": "^3.30.2", + "regenerator-runtime": "^0.14.0" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/template": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.25.9.tgz", + "integrity": "sha512-9DGttpmPvIxBb/2uwpVo3dqJ+O6RooAFOS+lB+xDqoE2PVCE8nfoHMdZLpfCQRLwvohzXISPZcgxt80xLfsuwg==", + "license": "MIT", + "dependencies": { + "@babel/code-frame": "^7.25.9", + "@babel/parser": "^7.25.9", + "@babel/types": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/traverse": { + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.25.9.tgz", + "integrity": "sha512-ZCuvfwOwlz/bawvAuvcj8rrithP2/N55Tzz342AkTvq4qaWbGfmCk/tKhNaV2cthijKrPAA8SRJV5WWe7IBMJw==", + "license": "MIT", + "dependencies": { + "@babel/code-frame": "^7.25.9", + "@babel/generator": "^7.25.9", + "@babel/parser": "^7.25.9", + "@babel/template": "^7.25.9", + "@babel/types": "^7.25.9", + "debug": "^4.3.1", + "globals": "^11.1.0" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/types": { + "version": "7.26.0", + "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.26.0.tgz", + "integrity": "sha512-Z/yiTPj+lDVnF7lWeKCIJzaIkI0vYO87dMpZ4bg4TDrFe4XXLFWL1TbXU27gBP3QccxV9mZICCrnjnYlJjXHOA==", + "license": "MIT", + "dependencies": { + "@babel/helper-string-parser": "^7.25.9", + "@babel/helper-validator-identifier": "^7.25.9" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@braintree/sanitize-url": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/@braintree/sanitize-url/-/sanitize-url-7.1.0.tgz", + "integrity": "sha512-o+UlMLt49RvtCASlOMW0AkHnabN9wR9rwCCherxO0yG4Npy34GkvrAqdXQvrhNs+jh+gkK8gB8Lf05qL/O7KWg==", + "license": "MIT" + }, + "node_modules/@chevrotain/cst-dts-gen": { + "version": "11.0.3", + "resolved": "https://registry.npmjs.org/@chevrotain/cst-dts-gen/-/cst-dts-gen-11.0.3.tgz", + "integrity": "sha512-BvIKpRLeS/8UbfxXxgC33xOumsacaeCKAjAeLyOn7Pcp95HiRbrpl14S+9vaZLolnbssPIUuiUd8IvgkRyt6NQ==", + "license": "Apache-2.0", + "dependencies": { + "@chevrotain/gast": "11.0.3", + "@chevrotain/types": "11.0.3", + "lodash-es": "4.17.21" + } + }, + "node_modules/@chevrotain/gast": { + "version": "11.0.3", + "resolved": "https://registry.npmjs.org/@chevrotain/gast/-/gast-11.0.3.tgz", + "integrity": "sha512-+qNfcoNk70PyS/uxmj3li5NiECO+2YKZZQMbmjTqRI3Qchu8Hig/Q9vgkHpI3alNjr7M+a2St5pw5w5F6NL5/Q==", + "license": "Apache-2.0", + "dependencies": { + "@chevrotain/types": "11.0.3", + "lodash-es": "4.17.21" + } + }, + "node_modules/@chevrotain/regexp-to-ast": { + "version": "11.0.3", + "resolved": "https://registry.npmjs.org/@chevrotain/regexp-to-ast/-/regexp-to-ast-11.0.3.tgz", + "integrity": "sha512-1fMHaBZxLFvWI067AVbGJav1eRY7N8DDvYCTwGBiE/ytKBgP8azTdgyrKyWZ9Mfh09eHWb5PgTSO8wi7U824RA==", + "license": "Apache-2.0" + }, + "node_modules/@chevrotain/types": { + "version": "11.0.3", + "resolved": "https://registry.npmjs.org/@chevrotain/types/-/types-11.0.3.tgz", + "integrity": "sha512-gsiM3G8b58kZC2HaWR50gu6Y1440cHiJ+i3JUvcp/35JchYejb2+5MVeJK0iKThYpAa/P2PYFV4hoi44HD+aHQ==", + "license": "Apache-2.0" + }, + "node_modules/@chevrotain/utils": { + "version": "11.0.3", + "resolved": "https://registry.npmjs.org/@chevrotain/utils/-/utils-11.0.3.tgz", + "integrity": "sha512-YslZMgtJUyuMbZ+aKvfF3x1f5liK4mWNxghFRv7jqRR9C3R3fAOGTTKvxXDa2Y1s9zSbcpuO0cAxDYsc9SrXoQ==", + "license": "Apache-2.0" + }, + "node_modules/@cmfcmf/docusaurus-search-local": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/@cmfcmf/docusaurus-search-local/-/docusaurus-search-local-1.2.0.tgz", + "integrity": "sha512-Tc0GhRBsfZAiB+f6BoPB8YCQap6JzzcDyJ0dLSCSzWQ6wdWvDlTBrHc1YqR8q8AZ+STRszL5eZpZFi5dbTCdYg==", + "license": "MIT", + "dependencies": { + "@algolia/autocomplete-js": "^1.8.2", + "@algolia/autocomplete-theme-classic": "^1.8.2", + "@algolia/client-search": "^4.12.0", + "algoliasearch": "^4.12.0", + "cheerio": "^1.0.0-rc.9", + "clsx": "^1.1.1", + "lunr-languages": "^1.4.0", + "mark.js": "^8.11.1", + "tslib": "^2.6.3" + }, + "peerDependencies": { + "@docusaurus/core": "^2.0.0", + "nodejieba": "^2.5.0" + }, + "peerDependenciesMeta": { + "nodejieba": { + "optional": true + } + } + }, + "node_modules/@cmfcmf/docusaurus-search-local/node_modules/clsx": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/clsx/-/clsx-1.2.1.tgz", + "integrity": "sha512-EcR6r5a8bj6pu3ycsa/E/cKVGuTgZJZdsyUYHOksG/UHIiKfjxzRxYJpyVBwYaQeOvghal9fcc4PidlgzugAQg==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/@colors/colors": { + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/@colors/colors/-/colors-1.5.0.tgz", + "integrity": "sha512-ooWCrlZP11i8GImSjTHYHLkvFDP48nS4+204nGb1RiX/WXYHmJA2III9/e2DWVabCESdW7hBAEzHRqUn9OUVvQ==", + "license": "MIT", + "optional": true, + "engines": { + "node": ">=0.1.90" + } + }, + "node_modules/@csstools/cascade-layer-name-parser": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/@csstools/cascade-layer-name-parser/-/cascade-layer-name-parser-2.0.4.tgz", + "integrity": "sha512-7DFHlPuIxviKYZrOiwVU/PiHLm3lLUR23OMuEEtfEOQTOp9hzQ2JjdY6X5H18RVuUPJqSCI+qNnD5iOLMVE0bA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "@csstools/css-parser-algorithms": "^3.0.4", + "@csstools/css-tokenizer": "^3.0.3" + } + }, + "node_modules/@csstools/color-helpers": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/@csstools/color-helpers/-/color-helpers-5.0.1.tgz", + "integrity": "sha512-MKtmkA0BX87PKaO1NFRTFH+UnkgnmySQOvNxJubsadusqPEC2aJ9MOQiMceZJJ6oitUl/i0L6u0M1IrmAOmgBA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "engines": { + "node": ">=18" + } + }, + "node_modules/@csstools/css-calc": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/@csstools/css-calc/-/css-calc-2.1.0.tgz", + "integrity": "sha512-X69PmFOrjTZfN5ijxtI8hZ9kRADFSLrmmQ6hgDJ272Il049WGKpDY64KhrFm/7rbWve0z81QepawzjkKlqkNGw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "@csstools/css-parser-algorithms": "^3.0.4", + "@csstools/css-tokenizer": "^3.0.3" + } + }, + "node_modules/@csstools/css-color-parser": { + "version": "3.0.6", + "resolved": "https://registry.npmjs.org/@csstools/css-color-parser/-/css-color-parser-3.0.6.tgz", + "integrity": "sha512-S/IjXqTHdpI4EtzGoNCHfqraXF37x12ZZHA1Lk7zoT5pm2lMjFuqhX/89L7dqX4CcMacKK+6ZCs5TmEGb/+wKw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT", + "dependencies": { + "@csstools/color-helpers": "^5.0.1", + "@csstools/css-calc": "^2.1.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "@csstools/css-parser-algorithms": "^3.0.4", + "@csstools/css-tokenizer": "^3.0.3" + } + }, + "node_modules/@csstools/css-parser-algorithms": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/@csstools/css-parser-algorithms/-/css-parser-algorithms-3.0.4.tgz", + "integrity": "sha512-Up7rBoV77rv29d3uKHUIVubz1BTcgyUK72IvCQAbfbMv584xHcGKCKbWh7i8hPrRJ7qU4Y8IO3IY9m+iTB7P3A==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "@csstools/css-tokenizer": "^3.0.3" + } + }, + "node_modules/@csstools/css-tokenizer": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@csstools/css-tokenizer/-/css-tokenizer-3.0.3.tgz", + "integrity": "sha512-UJnjoFsmxfKUdNYdWgOB0mWUypuLvAfQPH1+pyvRJs6euowbFkFC6P13w1l8mJyi3vxYMxc9kld5jZEGRQs6bw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT", + "engines": { + "node": ">=18" + } + }, + "node_modules/@csstools/media-query-list-parser": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/@csstools/media-query-list-parser/-/media-query-list-parser-4.0.2.tgz", + "integrity": "sha512-EUos465uvVvMJehckATTlNqGj4UJWkTmdWuDMjqvSUkjGpmOyFZBVwb4knxCm/k2GMTXY+c/5RkdndzFYWeX5A==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "@csstools/css-parser-algorithms": "^3.0.4", + "@csstools/css-tokenizer": "^3.0.3" + } + }, + "node_modules/@csstools/postcss-cascade-layers": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/@csstools/postcss-cascade-layers/-/postcss-cascade-layers-5.0.1.tgz", + "integrity": "sha512-XOfhI7GShVcKiKwmPAnWSqd2tBR0uxt+runAxttbSp/LY2U16yAVPmAf7e9q4JJ0d+xMNmpwNDLBXnmRCl3HMQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/selector-specificity": "^5.0.0", + "postcss-selector-parser": "^7.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-cascade-layers/node_modules/@csstools/selector-specificity": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/@csstools/selector-specificity/-/selector-specificity-5.0.0.tgz", + "integrity": "sha512-PCqQV3c4CoVm3kdPhyeZ07VmBRdH2EpMFA/pd9OASpOEC3aXNGoqPDAZ80D0cLpMBxnmk0+yNhGsEx31hq7Gtw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss-selector-parser": "^7.0.0" + } + }, + "node_modules/@csstools/postcss-cascade-layers/node_modules/postcss-selector-parser": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.0.0.tgz", + "integrity": "sha512-9RbEr1Y7FFfptd/1eEdntyjMwLeghW1bHX9GWjXo19vx4ytPQhANltvVxDggzJl7mnWM+dX28kb6cyS/4iQjlQ==", + "license": "MIT", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/@csstools/postcss-color-function": { + "version": "4.0.6", + "resolved": "https://registry.npmjs.org/@csstools/postcss-color-function/-/postcss-color-function-4.0.6.tgz", + "integrity": "sha512-EcvXfC60cTIumzpsxWuvVjb7rsJEHPvqn3jeMEBUaE3JSc4FRuP7mEQ+1eicxWmIrs3FtzMH9gR3sgA5TH+ebQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-color-parser": "^3.0.6", + "@csstools/css-parser-algorithms": "^3.0.4", + "@csstools/css-tokenizer": "^3.0.3", + "@csstools/postcss-progressive-custom-properties": "^4.0.0", + "@csstools/utilities": "^2.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-color-mix-function": { + "version": "3.0.6", + "resolved": "https://registry.npmjs.org/@csstools/postcss-color-mix-function/-/postcss-color-mix-function-3.0.6.tgz", + "integrity": "sha512-jVKdJn4+JkASYGhyPO+Wa5WXSx1+oUgaXb3JsjJn/BlrtFh5zjocCY7pwWi0nuP24V1fY7glQsxEYcYNy0dMFg==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-color-parser": "^3.0.6", + "@csstools/css-parser-algorithms": "^3.0.4", + "@csstools/css-tokenizer": "^3.0.3", + "@csstools/postcss-progressive-custom-properties": "^4.0.0", + "@csstools/utilities": "^2.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-content-alt-text": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/@csstools/postcss-content-alt-text/-/postcss-content-alt-text-2.0.4.tgz", + "integrity": "sha512-YItlZUOuZJCBlRaCf8Aucc1lgN41qYGALMly0qQllrxYJhiyzlI6RxOTMUvtWk+KhS8GphMDsDhKQ7KTPfEMSw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-parser-algorithms": "^3.0.4", + "@csstools/css-tokenizer": "^3.0.3", + "@csstools/postcss-progressive-custom-properties": "^4.0.0", + "@csstools/utilities": "^2.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-exponential-functions": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/@csstools/postcss-exponential-functions/-/postcss-exponential-functions-2.0.5.tgz", + "integrity": "sha512-mi8R6dVfA2nDoKM3wcEi64I8vOYEgQVtVKCfmLHXupeLpACfGAided5ddMt5f+CnEodNu4DifuVwb0I6fQDGGQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-calc": "^2.1.0", + "@csstools/css-parser-algorithms": "^3.0.4", + "@csstools/css-tokenizer": "^3.0.3" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-font-format-keywords": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@csstools/postcss-font-format-keywords/-/postcss-font-format-keywords-4.0.0.tgz", + "integrity": "sha512-usBzw9aCRDvchpok6C+4TXC57btc4bJtmKQWOHQxOVKen1ZfVqBUuCZ/wuqdX5GHsD0NRSr9XTP+5ID1ZZQBXw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/utilities": "^2.0.0", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-gamut-mapping": { + "version": "2.0.6", + "resolved": "https://registry.npmjs.org/@csstools/postcss-gamut-mapping/-/postcss-gamut-mapping-2.0.6.tgz", + "integrity": "sha512-0ke7fmXfc8H+kysZz246yjirAH6JFhyX9GTlyRnM0exHO80XcA9zeJpy5pOp5zo/AZiC/q5Pf+Hw7Pd6/uAoYA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-color-parser": "^3.0.6", + "@csstools/css-parser-algorithms": "^3.0.4", + "@csstools/css-tokenizer": "^3.0.3" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-gradients-interpolation-method": { + "version": "5.0.6", + "resolved": "https://registry.npmjs.org/@csstools/postcss-gradients-interpolation-method/-/postcss-gradients-interpolation-method-5.0.6.tgz", + "integrity": "sha512-Itrbx6SLUzsZ6Mz3VuOlxhbfuyLTogG5DwEF1V8dAi24iMuvQPIHd7Ti+pNDp7j6WixndJGZaoNR0f9VSzwuTg==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-color-parser": "^3.0.6", + "@csstools/css-parser-algorithms": "^3.0.4", + "@csstools/css-tokenizer": "^3.0.3", + "@csstools/postcss-progressive-custom-properties": "^4.0.0", + "@csstools/utilities": "^2.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-hwb-function": { + "version": "4.0.6", + "resolved": "https://registry.npmjs.org/@csstools/postcss-hwb-function/-/postcss-hwb-function-4.0.6.tgz", + "integrity": "sha512-927Pqy3a1uBP7U8sTfaNdZVB0mNXzIrJO/GZ8us9219q9n06gOqCdfZ0E6d1P66Fm0fYHvxfDbfcUuwAn5UwhQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-color-parser": "^3.0.6", + "@csstools/css-parser-algorithms": "^3.0.4", + "@csstools/css-tokenizer": "^3.0.3", + "@csstools/postcss-progressive-custom-properties": "^4.0.0", + "@csstools/utilities": "^2.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-ic-unit": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@csstools/postcss-ic-unit/-/postcss-ic-unit-4.0.0.tgz", + "integrity": "sha512-9QT5TDGgx7wD3EEMN3BSUG6ckb6Eh5gSPT5kZoVtUuAonfPmLDJyPhqR4ntPpMYhUKAMVKAg3I/AgzqHMSeLhA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/postcss-progressive-custom-properties": "^4.0.0", + "@csstools/utilities": "^2.0.0", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-initial": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/@csstools/postcss-initial/-/postcss-initial-2.0.0.tgz", + "integrity": "sha512-dv2lNUKR+JV+OOhZm9paWzYBXOCi+rJPqJ2cJuhh9xd8USVrd0cBEPczla81HNOyThMQWeCcdln3gZkQV2kYxA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-is-pseudo-class": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/@csstools/postcss-is-pseudo-class/-/postcss-is-pseudo-class-5.0.1.tgz", + "integrity": "sha512-JLp3POui4S1auhDR0n8wHd/zTOWmMsmK3nQd3hhL6FhWPaox5W7j1se6zXOG/aP07wV2ww0lxbKYGwbBszOtfQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/selector-specificity": "^5.0.0", + "postcss-selector-parser": "^7.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-is-pseudo-class/node_modules/@csstools/selector-specificity": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/@csstools/selector-specificity/-/selector-specificity-5.0.0.tgz", + "integrity": "sha512-PCqQV3c4CoVm3kdPhyeZ07VmBRdH2EpMFA/pd9OASpOEC3aXNGoqPDAZ80D0cLpMBxnmk0+yNhGsEx31hq7Gtw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss-selector-parser": "^7.0.0" + } + }, + "node_modules/@csstools/postcss-is-pseudo-class/node_modules/postcss-selector-parser": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.0.0.tgz", + "integrity": "sha512-9RbEr1Y7FFfptd/1eEdntyjMwLeghW1bHX9GWjXo19vx4ytPQhANltvVxDggzJl7mnWM+dX28kb6cyS/4iQjlQ==", + "license": "MIT", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/@csstools/postcss-light-dark-function": { + "version": "2.0.7", + "resolved": "https://registry.npmjs.org/@csstools/postcss-light-dark-function/-/postcss-light-dark-function-2.0.7.tgz", + "integrity": "sha512-ZZ0rwlanYKOHekyIPaU+sVm3BEHCe+Ha0/px+bmHe62n0Uc1lL34vbwrLYn6ote8PHlsqzKeTQdIejQCJ05tfw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-parser-algorithms": "^3.0.4", + "@csstools/css-tokenizer": "^3.0.3", + "@csstools/postcss-progressive-custom-properties": "^4.0.0", + "@csstools/utilities": "^2.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-logical-float-and-clear": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@csstools/postcss-logical-float-and-clear/-/postcss-logical-float-and-clear-3.0.0.tgz", + "integrity": "sha512-SEmaHMszwakI2rqKRJgE+8rpotFfne1ZS6bZqBoQIicFyV+xT1UF42eORPxJkVJVrH9C0ctUgwMSn3BLOIZldQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-logical-overflow": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/@csstools/postcss-logical-overflow/-/postcss-logical-overflow-2.0.0.tgz", + "integrity": "sha512-spzR1MInxPuXKEX2csMamshR4LRaSZ3UXVaRGjeQxl70ySxOhMpP2252RAFsg8QyyBXBzuVOOdx1+bVO5bPIzA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-logical-overscroll-behavior": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/@csstools/postcss-logical-overscroll-behavior/-/postcss-logical-overscroll-behavior-2.0.0.tgz", + "integrity": "sha512-e/webMjoGOSYfqLunyzByZj5KKe5oyVg/YSbie99VEaSDE2kimFm0q1f6t/6Jo+VVCQ/jbe2Xy+uX+C4xzWs4w==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-logical-resize": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@csstools/postcss-logical-resize/-/postcss-logical-resize-3.0.0.tgz", + "integrity": "sha512-DFbHQOFW/+I+MY4Ycd/QN6Dg4Hcbb50elIJCfnwkRTCX05G11SwViI5BbBlg9iHRl4ytB7pmY5ieAFk3ws7yyg==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-logical-viewport-units": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@csstools/postcss-logical-viewport-units/-/postcss-logical-viewport-units-3.0.3.tgz", + "integrity": "sha512-OC1IlG/yoGJdi0Y+7duz/kU/beCwO+Gua01sD6GtOtLi7ByQUpcIqs7UE/xuRPay4cHgOMatWdnDdsIDjnWpPw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-tokenizer": "^3.0.3", + "@csstools/utilities": "^2.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-media-minmax": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/@csstools/postcss-media-minmax/-/postcss-media-minmax-2.0.5.tgz", + "integrity": "sha512-sdh5i5GToZOIAiwhdntRWv77QDtsxP2r2gXW/WbLSCoLr00KTq/yiF1qlQ5XX2+lmiFa8rATKMcbwl3oXDMNew==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT", + "dependencies": { + "@csstools/css-calc": "^2.1.0", + "@csstools/css-parser-algorithms": "^3.0.4", + "@csstools/css-tokenizer": "^3.0.3", + "@csstools/media-query-list-parser": "^4.0.2" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-media-queries-aspect-ratio-number-values": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/@csstools/postcss-media-queries-aspect-ratio-number-values/-/postcss-media-queries-aspect-ratio-number-values-3.0.4.tgz", + "integrity": "sha512-AnGjVslHMm5xw9keusQYvjVWvuS7KWK+OJagaG0+m9QnIjZsrysD2kJP/tr/UJIyYtMCtu8OkUd+Rajb4DqtIQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-parser-algorithms": "^3.0.4", + "@csstools/css-tokenizer": "^3.0.3", + "@csstools/media-query-list-parser": "^4.0.2" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-nested-calc": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@csstools/postcss-nested-calc/-/postcss-nested-calc-4.0.0.tgz", + "integrity": "sha512-jMYDdqrQQxE7k9+KjstC3NbsmC063n1FTPLCgCRS2/qHUbHM0mNy9pIn4QIiQGs9I/Bg98vMqw7mJXBxa0N88A==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/utilities": "^2.0.0", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-normalize-display-values": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@csstools/postcss-normalize-display-values/-/postcss-normalize-display-values-4.0.0.tgz", + "integrity": "sha512-HlEoG0IDRoHXzXnkV4in47dzsxdsjdz6+j7MLjaACABX2NfvjFS6XVAnpaDyGesz9gK2SC7MbNwdCHusObKJ9Q==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-oklab-function": { + "version": "4.0.6", + "resolved": "https://registry.npmjs.org/@csstools/postcss-oklab-function/-/postcss-oklab-function-4.0.6.tgz", + "integrity": "sha512-Hptoa0uX+XsNacFBCIQKTUBrFKDiplHan42X73EklG6XmQLG7/aIvxoNhvZ7PvOWMt67Pw3bIlUY2nD6p5vL8A==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-color-parser": "^3.0.6", + "@csstools/css-parser-algorithms": "^3.0.4", + "@csstools/css-tokenizer": "^3.0.3", + "@csstools/postcss-progressive-custom-properties": "^4.0.0", + "@csstools/utilities": "^2.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-progressive-custom-properties": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@csstools/postcss-progressive-custom-properties/-/postcss-progressive-custom-properties-4.0.0.tgz", + "integrity": "sha512-XQPtROaQjomnvLUSy/bALTR5VCtTVUFwYs1SblvYgLSeTo2a/bMNwUwo2piXw5rTv/FEYiy5yPSXBqg9OKUx7Q==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-random-function": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/@csstools/postcss-random-function/-/postcss-random-function-1.0.1.tgz", + "integrity": "sha512-Ab/tF8/RXktQlFwVhiC70UNfpFQRhtE5fQQoP2pO+KCPGLsLdWFiOuHgSRtBOqEshCVAzR4H6o38nhvRZq8deA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-calc": "^2.1.0", + "@csstools/css-parser-algorithms": "^3.0.4", + "@csstools/css-tokenizer": "^3.0.3" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-relative-color-syntax": { + "version": "3.0.6", + "resolved": "https://registry.npmjs.org/@csstools/postcss-relative-color-syntax/-/postcss-relative-color-syntax-3.0.6.tgz", + "integrity": "sha512-yxP618Xb+ji1I624jILaYM62uEmZcmbdmFoZHoaThw896sq0vU39kqTTF+ZNic9XyPtPMvq0vyvbgmHaszq8xg==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-color-parser": "^3.0.6", + "@csstools/css-parser-algorithms": "^3.0.4", + "@csstools/css-tokenizer": "^3.0.3", + "@csstools/postcss-progressive-custom-properties": "^4.0.0", + "@csstools/utilities": "^2.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-scope-pseudo-class": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/@csstools/postcss-scope-pseudo-class/-/postcss-scope-pseudo-class-4.0.1.tgz", + "integrity": "sha512-IMi9FwtH6LMNuLea1bjVMQAsUhFxJnyLSgOp/cpv5hrzWmrUYU5fm0EguNDIIOHUqzXode8F/1qkC/tEo/qN8Q==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "postcss-selector-parser": "^7.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-scope-pseudo-class/node_modules/postcss-selector-parser": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.0.0.tgz", + "integrity": "sha512-9RbEr1Y7FFfptd/1eEdntyjMwLeghW1bHX9GWjXo19vx4ytPQhANltvVxDggzJl7mnWM+dX28kb6cyS/4iQjlQ==", + "license": "MIT", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/@csstools/postcss-sign-functions": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/@csstools/postcss-sign-functions/-/postcss-sign-functions-1.1.0.tgz", + "integrity": "sha512-SLcc20Nujx/kqbSwDmj6oaXgpy3UjFhBy1sfcqPgDkHfOIfUtUVH7OXO+j7BU4v/At5s61N5ZX6shvgPwluhsA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-calc": "^2.1.0", + "@csstools/css-parser-algorithms": "^3.0.4", + "@csstools/css-tokenizer": "^3.0.3" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-stepped-value-functions": { + "version": "4.0.5", + "resolved": "https://registry.npmjs.org/@csstools/postcss-stepped-value-functions/-/postcss-stepped-value-functions-4.0.5.tgz", + "integrity": "sha512-G6SJ6hZJkhxo6UZojVlLo14MohH4J5J7z8CRBrxxUYy9JuZiIqUo5TBYyDGcE0PLdzpg63a7mHSJz3VD+gMwqw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-calc": "^2.1.0", + "@csstools/css-parser-algorithms": "^3.0.4", + "@csstools/css-tokenizer": "^3.0.3" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-text-decoration-shorthand": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/@csstools/postcss-text-decoration-shorthand/-/postcss-text-decoration-shorthand-4.0.1.tgz", + "integrity": "sha512-xPZIikbx6jyzWvhms27uugIc0I4ykH4keRvoa3rxX5K7lEhkbd54rjj/dv60qOCTisoS+3bmwJTeyV1VNBrXaw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/color-helpers": "^5.0.1", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-trigonometric-functions": { + "version": "4.0.5", + "resolved": "https://registry.npmjs.org/@csstools/postcss-trigonometric-functions/-/postcss-trigonometric-functions-4.0.5.tgz", + "integrity": "sha512-/YQThYkt5MLvAmVu7zxjhceCYlKrYddK6LEmK5I4ojlS6BmO9u2yO4+xjXzu2+NPYmHSTtP4NFSamBCMmJ1NJA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-calc": "^2.1.0", + "@csstools/css-parser-algorithms": "^3.0.4", + "@csstools/css-tokenizer": "^3.0.3" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/postcss-unset-value": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/@csstools/postcss-unset-value/-/postcss-unset-value-4.0.0.tgz", + "integrity": "sha512-cBz3tOCI5Fw6NIFEwU3RiwK6mn3nKegjpJuzCndoGq3BZPkUjnsq7uQmIeMNeMbMk7YD2MfKcgCpZwX5jyXqCA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@csstools/utilities": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/@csstools/utilities/-/utilities-2.0.0.tgz", + "integrity": "sha512-5VdOr0Z71u+Yp3ozOx8T11N703wIFGVRgOWbOZMKgglPJsWA54MRIoMNVMa7shUToIhx5J8vX4sOZgD2XiihiQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/@discoveryjs/json-ext": { + "version": "0.5.7", + "resolved": "https://registry.npmjs.org/@discoveryjs/json-ext/-/json-ext-0.5.7.tgz", + "integrity": "sha512-dBVuXR082gk3jsFp7Rd/JI4kytwGHecnCoTtXFb7DB6CNHp4rg5k1bhg0nWdLGLnOV71lmDzGQaLMy8iPLY0pw==", + "license": "MIT", + "engines": { + "node": ">=10.0.0" + } + }, + "node_modules/@docsearch/css": { + "version": "3.8.0", + "resolved": "https://registry.npmjs.org/@docsearch/css/-/css-3.8.0.tgz", + "integrity": "sha512-pieeipSOW4sQ0+bE5UFC51AOZp9NGxg89wAlZ1BAQFaiRAGK1IKUaPQ0UGZeNctJXyqZ1UvBtOQh2HH+U5GtmA==", + "license": "MIT" + }, + "node_modules/@docsearch/react": { + "version": "3.8.0", + "resolved": "https://registry.npmjs.org/@docsearch/react/-/react-3.8.0.tgz", + "integrity": "sha512-WnFK720+iwTVt94CxY3u+FgX6exb3BfN5kE9xUY6uuAH/9W/UFboBZFLlrw/zxFRHoHZCOXRtOylsXF+6LHI+Q==", + "license": "MIT", + "dependencies": { + "@algolia/autocomplete-core": "1.17.7", + "@algolia/autocomplete-preset-algolia": "1.17.7", + "@docsearch/css": "3.8.0", + "algoliasearch": "^5.12.0" + }, + "peerDependencies": { + "@types/react": ">= 16.8.0 < 19.0.0", + "react": ">= 16.8.0 < 19.0.0", + "react-dom": ">= 16.8.0 < 19.0.0", + "search-insights": ">= 1 < 3" + }, + "peerDependenciesMeta": { + "@types/react": { + "optional": true + }, + "react": { + "optional": true + }, + "react-dom": { + "optional": true + }, + "search-insights": { + "optional": true + } + } + }, + "node_modules/@docsearch/react/node_modules/@algolia/client-analytics": { + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@algolia/client-analytics/-/client-analytics-5.15.0.tgz", + "integrity": "sha512-lho0gTFsQDIdCwyUKTtMuf9nCLwq9jOGlLGIeQGKDxXF7HbiAysFIu5QW/iQr1LzMgDyM9NH7K98KY+BiIFriQ==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.15.0", + "@algolia/requester-browser-xhr": "5.15.0", + "@algolia/requester-fetch": "5.15.0", + "@algolia/requester-node-http": "5.15.0" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@docsearch/react/node_modules/@algolia/client-common": { + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@algolia/client-common/-/client-common-5.15.0.tgz", + "integrity": "sha512-IofrVh213VLsDkPoSKMeM9Dshrv28jhDlBDLRcVJQvlL8pzue7PEB1EZ4UoJFYS3NSn7JOcJ/V+olRQzXlJj1w==", + "license": "MIT", + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@docsearch/react/node_modules/@algolia/client-personalization": { + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@algolia/client-personalization/-/client-personalization-5.15.0.tgz", + "integrity": "sha512-LfaZqLUWxdYFq44QrasCDED5bSYOswpQjSiIL7Q5fYlefAAUO95PzBPKCfUhSwhb4rKxigHfDkd81AvEicIEoA==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.15.0", + "@algolia/requester-browser-xhr": "5.15.0", + "@algolia/requester-fetch": "5.15.0", + "@algolia/requester-node-http": "5.15.0" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@docsearch/react/node_modules/@algolia/client-search": { + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@algolia/client-search/-/client-search-5.15.0.tgz", + "integrity": "sha512-Z32gEMrRRpEta5UqVQA612sLdoqY3AovvUPClDfMxYrbdDAebmGDVPtSogUba1FZ4pP5dx20D3OV3reogLKsRA==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.15.0", + "@algolia/requester-browser-xhr": "5.15.0", + "@algolia/requester-fetch": "5.15.0", + "@algolia/requester-node-http": "5.15.0" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@docsearch/react/node_modules/@algolia/recommend": { + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@algolia/recommend/-/recommend-5.15.0.tgz", + "integrity": "sha512-5eupMwSqMLDObgSMF0XG958zR6GJP3f7jHDQ3/WlzCM9/YIJiWIUoJFGsko9GYsA5xbLDHE/PhWtq4chcCdaGQ==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.15.0", + "@algolia/requester-browser-xhr": "5.15.0", + "@algolia/requester-fetch": "5.15.0", + "@algolia/requester-node-http": "5.15.0" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@docsearch/react/node_modules/@algolia/requester-browser-xhr": { + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@algolia/requester-browser-xhr/-/requester-browser-xhr-5.15.0.tgz", + "integrity": "sha512-Po/GNib6QKruC3XE+WKP1HwVSfCDaZcXu48kD+gwmtDlqHWKc7Bq9lrS0sNZ456rfCKhXksOmMfUs4wRM/Y96w==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.15.0" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@docsearch/react/node_modules/@algolia/requester-node-http": { + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/@algolia/requester-node-http/-/requester-node-http-5.15.0.tgz", + "integrity": "sha512-b1jTpbFf9LnQHEJP5ddDJKE2sAlhYd7EVSOWgzo/27n/SfCoHfqD0VWntnWYD83PnOKvfe8auZ2+xCb0TXotrQ==", + "license": "MIT", + "dependencies": { + "@algolia/client-common": "5.15.0" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@docsearch/react/node_modules/algoliasearch": { + "version": "5.15.0", + "resolved": "https://registry.npmjs.org/algoliasearch/-/algoliasearch-5.15.0.tgz", + "integrity": "sha512-Yf3Swz1s63hjvBVZ/9f2P1Uu48GjmjCN+Esxb6MAONMGtZB1fRX8/S1AhUTtsuTlcGovbYLxpHgc7wEzstDZBw==", + "license": "MIT", + "dependencies": { + "@algolia/client-abtesting": "5.15.0", + "@algolia/client-analytics": "5.15.0", + "@algolia/client-common": "5.15.0", + "@algolia/client-insights": "5.15.0", + "@algolia/client-personalization": "5.15.0", + "@algolia/client-query-suggestions": "5.15.0", + "@algolia/client-search": "5.15.0", + "@algolia/ingestion": "1.15.0", + "@algolia/monitoring": "1.15.0", + "@algolia/recommend": "5.15.0", + "@algolia/requester-browser-xhr": "5.15.0", + "@algolia/requester-fetch": "5.15.0", + "@algolia/requester-node-http": "5.15.0" + }, + "engines": { + "node": ">= 14.0.0" + } + }, + "node_modules/@docusaurus/babel": { + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/@docusaurus/babel/-/babel-3.6.2.tgz", + "integrity": "sha512-v8N8TWGXDsb5sxQC3Rcqb1CZr0LlU1OgqqVBUchN6cpIUr7EJuVJs5eHcIu5Ag8mwO/hWN3f7FE9uaHTMapAbg==", + "license": "MIT", + "dependencies": { + "@babel/core": "^7.25.9", + "@babel/generator": "^7.25.9", + "@babel/plugin-syntax-dynamic-import": "^7.8.3", + "@babel/plugin-transform-runtime": "^7.25.9", + "@babel/preset-env": "^7.25.9", + "@babel/preset-react": "^7.25.9", + "@babel/preset-typescript": "^7.25.9", + "@babel/runtime": "^7.25.9", + "@babel/runtime-corejs3": "^7.25.9", + "@babel/traverse": "^7.25.9", + "@docusaurus/logger": "3.6.2", + "@docusaurus/utils": "3.6.2", + "babel-plugin-dynamic-import-node": "^2.3.3", + "fs-extra": "^11.1.1", + "tslib": "^2.6.0" + }, + "engines": { + "node": ">=18.0" + } + }, + "node_modules/@docusaurus/bundler": { + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/@docusaurus/bundler/-/bundler-3.6.2.tgz", + "integrity": "sha512-YkEifEVs4lV931SrHBB4n6WqRowMw+aM/QPH3z8aU+5t1dWa+1p2OPqARS+tSbh3la9ns+L1zIfSbd8RHi2/PQ==", + "license": "MIT", + "dependencies": { + "@babel/core": "^7.25.9", + "@docusaurus/babel": "3.6.2", + "@docusaurus/cssnano-preset": "3.6.2", + "@docusaurus/logger": "3.6.2", + "@docusaurus/types": "3.6.2", + "@docusaurus/utils": "3.6.2", + "babel-loader": "^9.2.1", + "clean-css": "^5.3.2", + "copy-webpack-plugin": "^11.0.0", + "css-loader": "^6.8.1", + "css-minimizer-webpack-plugin": "^5.0.1", + "cssnano": "^6.1.2", + "file-loader": "^6.2.0", + "html-minifier-terser": "^7.2.0", + "mini-css-extract-plugin": "^2.9.1", + "null-loader": "^4.0.1", + "postcss": "^8.4.26", + "postcss-loader": "^7.3.3", + "postcss-preset-env": "^10.1.0", + "react-dev-utils": "^12.0.1", + "terser-webpack-plugin": "^5.3.9", + "tslib": "^2.6.0", + "url-loader": "^4.1.1", + "webpack": "^5.95.0", + "webpackbar": "^6.0.1" + }, + "engines": { + "node": ">=18.0" + }, + "peerDependencies": { + "@docusaurus/faster": "*" + }, + "peerDependenciesMeta": { + "@docusaurus/faster": { + "optional": true + } + } + }, + "node_modules/@docusaurus/core": { + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/@docusaurus/core/-/core-3.6.2.tgz", + "integrity": "sha512-irMts/mGLZv8dWcy0WUtbY/U6b5qIfHgQd1/kXMyAxUJo99fL0wFSqhMI+tcxjk0HYy427MXerLMqFJj+Arg1w==", + "license": "MIT", + "dependencies": { + "@docusaurus/babel": "3.6.2", + "@docusaurus/bundler": "3.6.2", + "@docusaurus/logger": "3.6.2", + "@docusaurus/mdx-loader": "3.6.2", + "@docusaurus/utils": "3.6.2", + "@docusaurus/utils-common": "3.6.2", + "@docusaurus/utils-validation": "3.6.2", + "boxen": "^6.2.1", + "chalk": "^4.1.2", + "chokidar": "^3.5.3", + "cli-table3": "^0.6.3", + "combine-promises": "^1.1.0", + "commander": "^5.1.0", + "core-js": "^3.31.1", + "del": "^6.1.1", + "detect-port": "^1.5.1", + "escape-html": "^1.0.3", + "eta": "^2.2.0", + "eval": "^0.1.8", + "fs-extra": "^11.1.1", + "html-tags": "^3.3.1", + "html-webpack-plugin": "^5.6.0", + "leven": "^3.1.0", + "lodash": "^4.17.21", + "p-map": "^4.0.0", + "prompts": "^2.4.2", + "react-dev-utils": "^12.0.1", + "react-helmet-async": "^1.3.0", + "react-loadable": "npm:@docusaurus/react-loadable@6.0.0", + "react-loadable-ssr-addon-v5-slorber": "^1.0.1", + "react-router": "^5.3.4", + "react-router-config": "^5.1.1", + "react-router-dom": "^5.3.4", + "rtl-detect": "^1.0.4", + "semver": "^7.5.4", + "serve-handler": "^6.1.6", + "shelljs": "^0.8.5", + "tslib": "^2.6.0", + "update-notifier": "^6.0.2", + "webpack": "^5.95.0", + "webpack-bundle-analyzer": "^4.10.2", + "webpack-dev-server": "^4.15.2", + "webpack-merge": "^6.0.1" + }, + "bin": { + "docusaurus": "bin/docusaurus.mjs" + }, + "engines": { + "node": ">=18.0" + }, + "peerDependencies": { + "@mdx-js/react": "^3.0.0", + "react": "^18.0.0", + "react-dom": "^18.0.0" + } + }, + "node_modules/@docusaurus/cssnano-preset": { + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/@docusaurus/cssnano-preset/-/cssnano-preset-3.6.2.tgz", + "integrity": "sha512-mBkVa4QMHRwCFCVLYdBlOZuAT1iVVsS7GGSgliSVAeTOagP/AbtlBsCVrBs+keEuDuRF1w/6QEcqDoZe9fa5pw==", + "license": "MIT", + "dependencies": { + "cssnano-preset-advanced": "^6.1.2", + "postcss": "^8.4.38", + "postcss-sort-media-queries": "^5.2.0", + "tslib": "^2.6.0" + }, + "engines": { + "node": ">=18.0" + } + }, + "node_modules/@docusaurus/logger": { + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/@docusaurus/logger/-/logger-3.6.2.tgz", + "integrity": "sha512-1p4IQhhgLyIfsey4UAdAIW69aUE1Ei6O91Nsw30ryZeDWSG5dh4o3zaRGOLxfAX69Ac/yDm6YCwJOafUxL6Vxg==", + "license": "MIT", + "dependencies": { + "chalk": "^4.1.2", + "tslib": "^2.6.0" + }, + "engines": { + "node": ">=18.0" + } + }, + "node_modules/@docusaurus/mdx-loader": { + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/@docusaurus/mdx-loader/-/mdx-loader-3.6.2.tgz", + "integrity": "sha512-7fbRmNgF3CR96Ja82Ya0/Cdu1OL9UJ/22llNMY8lr5gAbw718Y5ryXMVRIYn0JNLTiSxzgtvW4DIsUWEB8NMpw==", + "license": "MIT", + "dependencies": { + "@docusaurus/logger": "3.6.2", + "@docusaurus/utils": "3.6.2", + "@docusaurus/utils-validation": "3.6.2", + "@mdx-js/mdx": "^3.0.0", + "@slorber/remark-comment": "^1.0.0", + "escape-html": "^1.0.3", + "estree-util-value-to-estree": "^3.0.1", + "file-loader": "^6.2.0", + "fs-extra": "^11.1.1", + "image-size": "^1.0.2", + "mdast-util-mdx": "^3.0.0", + "mdast-util-to-string": "^4.0.0", + "rehype-raw": "^7.0.0", + "remark-directive": "^3.0.0", + "remark-emoji": "^4.0.0", + "remark-frontmatter": "^5.0.0", + "remark-gfm": "^4.0.0", + "stringify-object": "^3.3.0", + "tslib": "^2.6.0", + "unified": "^11.0.3", + "unist-util-visit": "^5.0.0", + "url-loader": "^4.1.1", + "vfile": "^6.0.1", + "webpack": "^5.88.1" + }, + "engines": { + "node": ">=18.0" + }, + "peerDependencies": { + "react": "^18.0.0", + "react-dom": "^18.0.0" + } + }, + "node_modules/@docusaurus/module-type-aliases": { + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/@docusaurus/module-type-aliases/-/module-type-aliases-3.6.2.tgz", + "integrity": "sha512-NrJkL2rLTCjHtWOqUvWzwqvJrsKLj0gVJeV6q5yeKdKKgItietcTf2fTRkM9LHKSUN8CBDXxwHABeQvTahvmXQ==", + "license": "MIT", + "dependencies": { + "@docusaurus/types": "3.6.2", + "@types/history": "^4.7.11", + "@types/react": "*", + "@types/react-router-config": "*", + "@types/react-router-dom": "*", + "react-helmet-async": "*", + "react-loadable": "npm:@docusaurus/react-loadable@6.0.0" + }, + "peerDependencies": { + "react": "*", + "react-dom": "*" + } + }, + "node_modules/@docusaurus/plugin-content-blog": { + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/@docusaurus/plugin-content-blog/-/plugin-content-blog-3.6.2.tgz", + "integrity": "sha512-6bJxr6Or4NslEVH3BJuPH30kUWiqUjDRdGPhvxpHmt9W/RY2/6u72WICG3bW3dLFxJ/2uDLBU92lHnatpvo7Ew==", + "license": "MIT", + "dependencies": { + "@docusaurus/core": "3.6.2", + "@docusaurus/logger": "3.6.2", + "@docusaurus/mdx-loader": "3.6.2", + "@docusaurus/theme-common": "3.6.2", + "@docusaurus/types": "3.6.2", + "@docusaurus/utils": "3.6.2", + "@docusaurus/utils-common": "3.6.2", + "@docusaurus/utils-validation": "3.6.2", + "cheerio": "1.0.0-rc.12", + "feed": "^4.2.2", + "fs-extra": "^11.1.1", + "lodash": "^4.17.21", + "reading-time": "^1.5.0", + "srcset": "^4.0.0", + "tslib": "^2.6.0", + "unist-util-visit": "^5.0.0", + "utility-types": "^3.10.0", + "webpack": "^5.88.1" + }, + "engines": { + "node": ">=18.0" + }, + "peerDependencies": { + "@docusaurus/plugin-content-docs": "*", + "react": "^18.0.0", + "react-dom": "^18.0.0" + } + }, + "node_modules/@docusaurus/plugin-content-docs": { + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/@docusaurus/plugin-content-docs/-/plugin-content-docs-3.6.2.tgz", + "integrity": "sha512-e6WW1g10RIXXLN/rrtqTi/FyJ1Hj3X9Mmgz4V11/0pDCxIGGI8m4ocbAglUlLtgvbLD5viNLefl/NwbOW3JXiQ==", + "license": "MIT", + "dependencies": { + "@docusaurus/core": "3.6.2", + "@docusaurus/logger": "3.6.2", + "@docusaurus/mdx-loader": "3.6.2", + "@docusaurus/module-type-aliases": "3.6.2", + "@docusaurus/theme-common": "3.6.2", + "@docusaurus/types": "3.6.2", + "@docusaurus/utils": "3.6.2", + "@docusaurus/utils-common": "3.6.2", + "@docusaurus/utils-validation": "3.6.2", + "@types/react-router-config": "^5.0.7", + "combine-promises": "^1.1.0", + "fs-extra": "^11.1.1", + "js-yaml": "^4.1.0", + "lodash": "^4.17.21", + "tslib": "^2.6.0", + "utility-types": "^3.10.0", + "webpack": "^5.88.1" + }, + "engines": { + "node": ">=18.0" + }, + "peerDependencies": { + "react": "^18.0.0", + "react-dom": "^18.0.0" + } + }, + "node_modules/@docusaurus/plugin-content-pages": { + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/@docusaurus/plugin-content-pages/-/plugin-content-pages-3.6.2.tgz", + "integrity": "sha512-fo4NyGkw10lYHyHaTxE6TZLYnxNtCfRHeZkNK1N9pBYqe7TT2dBUNAEeVW2U3ed9m6YuB7JKSQsa++GGmcP+6g==", + "license": "MIT", + "dependencies": { + "@docusaurus/core": "3.6.2", + "@docusaurus/mdx-loader": "3.6.2", + "@docusaurus/types": "3.6.2", + "@docusaurus/utils": "3.6.2", + "@docusaurus/utils-validation": "3.6.2", + "fs-extra": "^11.1.1", + "tslib": "^2.6.0", + "webpack": "^5.88.1" + }, + "engines": { + "node": ">=18.0" + }, + "peerDependencies": { + "react": "^18.0.0", + "react-dom": "^18.0.0" + } + }, + "node_modules/@docusaurus/plugin-debug": { + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/@docusaurus/plugin-debug/-/plugin-debug-3.6.2.tgz", + "integrity": "sha512-T/eS3VvHElpeV5S8uwp7Si4ujEynmgFtJLvA2CSa5pzQuOF1EEghF9nekAIj0cWtDHsqNUDZNr8hK1brivFXSg==", + "license": "MIT", + "dependencies": { + "@docusaurus/core": "3.6.2", + "@docusaurus/types": "3.6.2", + "@docusaurus/utils": "3.6.2", + "fs-extra": "^11.1.1", + "react-json-view-lite": "^1.2.0", + "tslib": "^2.6.0" + }, + "engines": { + "node": ">=18.0" + }, + "peerDependencies": { + "react": "^18.0.0", + "react-dom": "^18.0.0" + } + }, + "node_modules/@docusaurus/plugin-google-analytics": { + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/@docusaurus/plugin-google-analytics/-/plugin-google-analytics-3.6.2.tgz", + "integrity": "sha512-B7ihrr3wz8e4XqW+dIAtq844u3Z83u5CeiL1xrCqzFH+vDCjUZHTamS3zKXNcgi6YVVe6hUQXPG15ltaqQaVPQ==", + "license": "MIT", + "dependencies": { + "@docusaurus/core": "3.6.2", + "@docusaurus/types": "3.6.2", + "@docusaurus/utils-validation": "3.6.2", + "tslib": "^2.6.0" + }, + "engines": { + "node": ">=18.0" + }, + "peerDependencies": { + "react": "^18.0.0", + "react-dom": "^18.0.0" + } + }, + "node_modules/@docusaurus/plugin-google-gtag": { + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/@docusaurus/plugin-google-gtag/-/plugin-google-gtag-3.6.2.tgz", + "integrity": "sha512-V8ijI6qddAAkJ0vd8sjZ7S/apRTLJn9dAwvj/rSMd93witGdKINemL+9TyfLkhcXKTxyqRT8zKdu8ewjPXqKHg==", + "license": "MIT", + "dependencies": { + "@docusaurus/core": "3.6.2", + "@docusaurus/types": "3.6.2", + "@docusaurus/utils-validation": "3.6.2", + "@types/gtag.js": "^0.0.12", + "tslib": "^2.6.0" + }, + "engines": { + "node": ">=18.0" + }, + "peerDependencies": { + "react": "^18.0.0", + "react-dom": "^18.0.0" + } + }, + "node_modules/@docusaurus/plugin-google-tag-manager": { + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/@docusaurus/plugin-google-tag-manager/-/plugin-google-tag-manager-3.6.2.tgz", + "integrity": "sha512-fnWQ5FdN9f8c8VTgjaQ98208Y+d/JjHhD506rWIIL9rt1cJOf29XElxvOeKpMJadfkgY5KLZSAiHkGt+4qgN4g==", + "license": "MIT", + "dependencies": { + "@docusaurus/core": "3.6.2", + "@docusaurus/types": "3.6.2", + "@docusaurus/utils-validation": "3.6.2", + "tslib": "^2.6.0" + }, + "engines": { + "node": ">=18.0" + }, + "peerDependencies": { + "react": "^18.0.0", + "react-dom": "^18.0.0" + } + }, + "node_modules/@docusaurus/plugin-sitemap": { + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/@docusaurus/plugin-sitemap/-/plugin-sitemap-3.6.2.tgz", + "integrity": "sha512-qcAQAP1Ot0dZpeRoJ0L/Zck5FVDkll2IleVZQLzxeRVDZIw1P9/TK7/Aw1w2pmH7dmw/Cwk/cLSVRvLAmp9k7A==", + "license": "MIT", + "dependencies": { + "@docusaurus/core": "3.6.2", + "@docusaurus/logger": "3.6.2", + "@docusaurus/types": "3.6.2", + "@docusaurus/utils": "3.6.2", + "@docusaurus/utils-common": "3.6.2", + "@docusaurus/utils-validation": "3.6.2", + "fs-extra": "^11.1.1", + "sitemap": "^7.1.1", + "tslib": "^2.6.0" + }, + "engines": { + "node": ">=18.0" + }, + "peerDependencies": { + "react": "^18.0.0", + "react-dom": "^18.0.0" + } + }, + "node_modules/@docusaurus/preset-classic": { + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/@docusaurus/preset-classic/-/preset-classic-3.6.2.tgz", + "integrity": "sha512-r2n5eHdhiNSrJGsrrYcw+WsyStmXxe0ZG3RdA9LVyK5+jBHM8blrUWJEDugnzCNbyhUzhdtcmgCC9fhdAvKuQw==", + "license": "MIT", + "dependencies": { + "@docusaurus/core": "3.6.2", + "@docusaurus/plugin-content-blog": "3.6.2", + "@docusaurus/plugin-content-docs": "3.6.2", + "@docusaurus/plugin-content-pages": "3.6.2", + "@docusaurus/plugin-debug": "3.6.2", + "@docusaurus/plugin-google-analytics": "3.6.2", + "@docusaurus/plugin-google-gtag": "3.6.2", + "@docusaurus/plugin-google-tag-manager": "3.6.2", + "@docusaurus/plugin-sitemap": "3.6.2", + "@docusaurus/theme-classic": "3.6.2", + "@docusaurus/theme-common": "3.6.2", + "@docusaurus/theme-search-algolia": "3.6.2", + "@docusaurus/types": "3.6.2" + }, + "engines": { + "node": ">=18.0" + }, + "peerDependencies": { + "react": "^18.0.0", + "react-dom": "^18.0.0" + } + }, + "node_modules/@docusaurus/theme-classic": { + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/@docusaurus/theme-classic/-/theme-classic-3.6.2.tgz", + "integrity": "sha512-bCdOPqPNezhLx+hgNVO2Cf+8/1AHa9uHDOqTx/CKAx2I0J/jV9G+6JiMtpSRKGNfBoLT1O+56/7+WtkOf54xTw==", + "license": "MIT", + "dependencies": { + "@docusaurus/core": "3.6.2", + "@docusaurus/logger": "3.6.2", + "@docusaurus/mdx-loader": "3.6.2", + "@docusaurus/module-type-aliases": "3.6.2", + "@docusaurus/plugin-content-blog": "3.6.2", + "@docusaurus/plugin-content-docs": "3.6.2", + "@docusaurus/plugin-content-pages": "3.6.2", + "@docusaurus/theme-common": "3.6.2", + "@docusaurus/theme-translations": "3.6.2", + "@docusaurus/types": "3.6.2", + "@docusaurus/utils": "3.6.2", + "@docusaurus/utils-common": "3.6.2", + "@docusaurus/utils-validation": "3.6.2", + "@mdx-js/react": "^3.0.0", + "clsx": "^2.0.0", + "copy-text-to-clipboard": "^3.2.0", + "infima": "0.2.0-alpha.45", + "lodash": "^4.17.21", + "nprogress": "^0.2.0", + "postcss": "^8.4.26", + "prism-react-renderer": "^2.3.0", + "prismjs": "^1.29.0", + "react-router-dom": "^5.3.4", + "rtlcss": "^4.1.0", + "tslib": "^2.6.0", + "utility-types": "^3.10.0" + }, + "engines": { + "node": ">=18.0" + }, + "peerDependencies": { + "react": "^18.0.0", + "react-dom": "^18.0.0" + } + }, + "node_modules/@docusaurus/theme-common": { + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/@docusaurus/theme-common/-/theme-common-3.6.2.tgz", + "integrity": "sha512-lfgsL064KEHpCkgGUc0OYoUPCpYfzggp6Hof8sz59UuKiLvb/Z7raewE9/NfocrJ2HZI17rLgMX3SQlRDh/5gg==", + "license": "MIT", + "dependencies": { + "@docusaurus/mdx-loader": "3.6.2", + "@docusaurus/module-type-aliases": "3.6.2", + "@docusaurus/utils": "3.6.2", + "@docusaurus/utils-common": "3.6.2", + "@types/history": "^4.7.11", + "@types/react": "*", + "@types/react-router-config": "*", + "clsx": "^2.0.0", + "parse-numeric-range": "^1.3.0", + "prism-react-renderer": "^2.3.0", + "tslib": "^2.6.0", + "utility-types": "^3.10.0" + }, + "engines": { + "node": ">=18.0" + }, + "peerDependencies": { + "@docusaurus/plugin-content-docs": "*", + "react": "^18.0.0", + "react-dom": "^18.0.0" + } + }, + "node_modules/@docusaurus/theme-mermaid": { + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/@docusaurus/theme-mermaid/-/theme-mermaid-3.6.2.tgz", + "integrity": "sha512-Ui+rBtqMPKj3RCOxNlY04i1tEjNg+fZg4URTvkHmYR07hcKaJw+vkw+wlaYjd0HFZk+3Er9vUAcwsCWuea4cVQ==", + "license": "MIT", + "dependencies": { + "@docusaurus/core": "3.6.2", + "@docusaurus/module-type-aliases": "3.6.2", + "@docusaurus/theme-common": "3.6.2", + "@docusaurus/types": "3.6.2", + "@docusaurus/utils-validation": "3.6.2", + "mermaid": ">=10.4", + "tslib": "^2.6.0" + }, + "engines": { + "node": ">=18.0" + }, + "peerDependencies": { + "react": "^18.0.0", + "react-dom": "^18.0.0" + } + }, + "node_modules/@docusaurus/theme-search-algolia": { + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/@docusaurus/theme-search-algolia/-/theme-search-algolia-3.6.2.tgz", + "integrity": "sha512-SFLS+Rq8Cg2yepnHucA9sRpIR97yHvZWlCgMzBLunV3KHbB6hD2h5HPhFV39wYHYCjJUAOH1lX9poJ1qKYuSvg==", + "license": "MIT", + "dependencies": { + "@docsearch/react": "^3.5.2", + "@docusaurus/core": "3.6.2", + "@docusaurus/logger": "3.6.2", + "@docusaurus/plugin-content-docs": "3.6.2", + "@docusaurus/theme-common": "3.6.2", + "@docusaurus/theme-translations": "3.6.2", + "@docusaurus/utils": "3.6.2", + "@docusaurus/utils-validation": "3.6.2", + "algoliasearch": "^4.18.0", + "algoliasearch-helper": "^3.13.3", + "clsx": "^2.0.0", + "eta": "^2.2.0", + "fs-extra": "^11.1.1", + "lodash": "^4.17.21", + "tslib": "^2.6.0", + "utility-types": "^3.10.0" + }, + "engines": { + "node": ">=18.0" + }, + "peerDependencies": { + "react": "^18.0.0", + "react-dom": "^18.0.0" + } + }, + "node_modules/@docusaurus/theme-translations": { + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/@docusaurus/theme-translations/-/theme-translations-3.6.2.tgz", + "integrity": "sha512-LIWrYoDUsOTKmb0c7IQzawiPUTAaczBs5IOx6srxOWoTHVUMLzJCkl5Y6whfuRrnul8G05qv2vk238bN5Ko62g==", + "license": "MIT", + "dependencies": { + "fs-extra": "^11.1.1", + "tslib": "^2.6.0" + }, + "engines": { + "node": ">=18.0" + } + }, + "node_modules/@docusaurus/types": { + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/@docusaurus/types/-/types-3.6.2.tgz", + "integrity": "sha512-117Wsk6xXrWEAsCYCXS3TGJv5tkdIZDcd7T/V0UJvKYmY0gyVPPcEQChy8yTdjbIkbB2q4fa7Jpox72Qv86mqQ==", + "license": "MIT", + "dependencies": { + "@mdx-js/mdx": "^3.0.0", + "@types/history": "^4.7.11", + "@types/react": "*", + "commander": "^5.1.0", + "joi": "^17.9.2", + "react-helmet-async": "^1.3.0", + "utility-types": "^3.10.0", + "webpack": "^5.95.0", + "webpack-merge": "^5.9.0" + }, + "peerDependencies": { + "react": "^18.0.0", + "react-dom": "^18.0.0" + } + }, + "node_modules/@docusaurus/types/node_modules/webpack-merge": { + "version": "5.10.0", + "resolved": "https://registry.npmjs.org/webpack-merge/-/webpack-merge-5.10.0.tgz", + "integrity": "sha512-+4zXKdx7UnO+1jaN4l2lHVD+mFvnlZQP/6ljaJVb4SZiwIKeUnrT5l0gkT8z+n4hKpC+jpOv6O9R+gLtag7pSA==", + "license": "MIT", + "dependencies": { + "clone-deep": "^4.0.1", + "flat": "^5.0.2", + "wildcard": "^2.0.0" + }, + "engines": { + "node": ">=10.0.0" + } + }, + "node_modules/@docusaurus/utils": { + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/@docusaurus/utils/-/utils-3.6.2.tgz", + "integrity": "sha512-oxnpUcFZGE3uPCDoXr8GJriB3VWM9sFjPedFidX3Fsz87l1NZNc1wtbKPfQ7GYFDMYo2IGlAv5+47Me9RkM6lg==", + "license": "MIT", + "dependencies": { + "@docusaurus/logger": "3.6.2", + "@docusaurus/types": "3.6.2", + "@docusaurus/utils-common": "3.6.2", + "@svgr/webpack": "^8.1.0", + "escape-string-regexp": "^4.0.0", + "file-loader": "^6.2.0", + "fs-extra": "^11.1.1", + "github-slugger": "^1.5.0", + "globby": "^11.1.0", + "gray-matter": "^4.0.3", + "jiti": "^1.20.0", + "js-yaml": "^4.1.0", + "lodash": "^4.17.21", + "micromatch": "^4.0.5", + "prompts": "^2.4.2", + "resolve-pathname": "^3.0.0", + "shelljs": "^0.8.5", + "tslib": "^2.6.0", + "url-loader": "^4.1.1", + "utility-types": "^3.10.0", + "webpack": "^5.88.1" + }, + "engines": { + "node": ">=18.0" + } + }, + "node_modules/@docusaurus/utils-common": { + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/@docusaurus/utils-common/-/utils-common-3.6.2.tgz", + "integrity": "sha512-dr5wK+OyU2QAWxG7S5siD2bPgS7+ZeqWHfgLNHZ5yalaZf8TbeNNLqydfngukAY56BGZN0NbMkX6jGIr7ZF0sA==", + "license": "MIT", + "dependencies": { + "@docusaurus/types": "3.6.2", + "tslib": "^2.6.0" + }, + "engines": { + "node": ">=18.0" + } + }, + "node_modules/@docusaurus/utils-validation": { + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/@docusaurus/utils-validation/-/utils-validation-3.6.2.tgz", + "integrity": "sha512-Y3EwblDz72KOcobb5t2zlhHSmrfE8EaHusPJ96Kx2JYtNXL2omqCoOb6FpaXWhES75wvjUpkFLYfiNqAqEov8g==", + "license": "MIT", + "dependencies": { + "@docusaurus/logger": "3.6.2", + "@docusaurus/utils": "3.6.2", + "@docusaurus/utils-common": "3.6.2", + "fs-extra": "^11.2.0", + "joi": "^17.9.2", + "js-yaml": "^4.1.0", + "lodash": "^4.17.21", + "tslib": "^2.6.0" + }, + "engines": { + "node": ">=18.0" + } + }, + "node_modules/@hapi/hoek": { + "version": "9.3.0", + "resolved": "https://registry.npmjs.org/@hapi/hoek/-/hoek-9.3.0.tgz", + "integrity": "sha512-/c6rf4UJlmHlC9b5BaNvzAcFv7HZ2QHaV0D4/HNlBdvFnvQq8RI4kYdhyPCl7Xj+oWvTWQ8ujhqS53LIgAe6KQ==", + "license": "BSD-3-Clause" + }, + "node_modules/@hapi/topo": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/@hapi/topo/-/topo-5.1.0.tgz", + "integrity": "sha512-foQZKJig7Ob0BMAYBfcJk8d77QtOe7Wo4ox7ff1lQYoNNAb6jwcY1ncdoy2e9wQZzvNy7ODZCYJkK8kzmcAnAg==", + "license": "BSD-3-Clause", + "dependencies": { + "@hapi/hoek": "^9.0.0" + } + }, + "node_modules/@iconify/types": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/@iconify/types/-/types-2.0.0.tgz", + "integrity": "sha512-+wluvCrRhXrhyOmRDJ3q8mux9JkKy5SJ/v8ol2tu4FVjyYvtEzkc/3pK15ET6RKg4b4w4BmTk1+gsCUhf21Ykg==", + "license": "MIT" + }, + "node_modules/@iconify/utils": { + "version": "2.1.33", + "resolved": "https://registry.npmjs.org/@iconify/utils/-/utils-2.1.33.tgz", + "integrity": "sha512-jP9h6v/g0BIZx0p7XGJJVtkVnydtbgTgt9mVNcGDYwaa7UhdHdI9dvoq+gKj9sijMSJKxUPEG2JyjsgXjxL7Kw==", + "license": "MIT", + "dependencies": { + "@antfu/install-pkg": "^0.4.0", + "@antfu/utils": "^0.7.10", + "@iconify/types": "^2.0.0", + "debug": "^4.3.6", + "kolorist": "^1.8.0", + "local-pkg": "^0.5.0", + "mlly": "^1.7.1" + } + }, + "node_modules/@jest/schemas": { + "version": "29.6.3", + "resolved": "https://registry.npmjs.org/@jest/schemas/-/schemas-29.6.3.tgz", + "integrity": "sha512-mo5j5X+jIZmJQveBKeS/clAueipV7KgiX1vMgCxam1RNYiqE1w62n0/tJJnHtjW8ZHcQco5gY85jA3mi0L+nSA==", + "license": "MIT", + "dependencies": { + "@sinclair/typebox": "^0.27.8" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/@jest/types": { + "version": "29.6.3", + "resolved": "https://registry.npmjs.org/@jest/types/-/types-29.6.3.tgz", + "integrity": "sha512-u3UPsIilWKOM3F9CXtrG8LEJmNxwoCQC/XVj4IKYXvvpx7QIi/Kg1LI5uDmDpKlac62NUtX7eLjRh+jVZcLOzw==", + "license": "MIT", + "dependencies": { + "@jest/schemas": "^29.6.3", + "@types/istanbul-lib-coverage": "^2.0.0", + "@types/istanbul-reports": "^3.0.0", + "@types/node": "*", + "@types/yargs": "^17.0.8", + "chalk": "^4.0.0" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/@jridgewell/gen-mapping": { + "version": "0.3.5", + "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.5.tgz", + "integrity": "sha512-IzL8ZoEDIBRWEzlCcRhOaCupYyN5gdIK+Q6fbFdPDg6HqX6jpkItn7DFIpW9LQzXG6Df9sA7+OKnq0qlz/GaQg==", + "license": "MIT", + "dependencies": { + "@jridgewell/set-array": "^1.2.1", + "@jridgewell/sourcemap-codec": "^1.4.10", + "@jridgewell/trace-mapping": "^0.3.24" + }, + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/@jridgewell/resolve-uri": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz", + "integrity": "sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==", + "license": "MIT", + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/@jridgewell/set-array": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.2.1.tgz", + "integrity": "sha512-R8gLRTZeyp03ymzP/6Lil/28tGeGEzhx1q2k703KGWRAI1VdvPIXdG70VJc2pAMw3NA6JKL5hhFu1sJX0Mnn/A==", + "license": "MIT", + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/@jridgewell/source-map": { + "version": "0.3.6", + "resolved": "https://registry.npmjs.org/@jridgewell/source-map/-/source-map-0.3.6.tgz", + "integrity": "sha512-1ZJTZebgqllO79ue2bm3rIGud/bOe0pP5BjSRCRxxYkEZS8STV7zN84UBbiYu7jy+eCKSnVIUgoWWE/tt+shMQ==", + "license": "MIT", + "dependencies": { + "@jridgewell/gen-mapping": "^0.3.5", + "@jridgewell/trace-mapping": "^0.3.25" + } + }, + "node_modules/@jridgewell/sourcemap-codec": { + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.0.tgz", + "integrity": "sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ==", + "license": "MIT" + }, + "node_modules/@jridgewell/trace-mapping": { + "version": "0.3.25", + "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.25.tgz", + "integrity": "sha512-vNk6aEwybGtawWmy/PzwnGDOjCkLWSD2wqvjGGAgOAwCGWySYXfYoxt00IJkTF+8Lb57DwOb3Aa0o9CApepiYQ==", + "license": "MIT", + "dependencies": { + "@jridgewell/resolve-uri": "^3.1.0", + "@jridgewell/sourcemap-codec": "^1.4.14" + } + }, + "node_modules/@leichtgewicht/ip-codec": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/@leichtgewicht/ip-codec/-/ip-codec-2.0.5.tgz", + "integrity": "sha512-Vo+PSpZG2/fmgmiNzYK9qWRh8h/CHrwD0mo1h1DzL4yzHNSfWYujGTYsWGreD000gcgmZ7K4Ys6Tx9TxtsKdDw==", + "license": "MIT" + }, + "node_modules/@mdx-js/mdx": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/@mdx-js/mdx/-/mdx-3.1.0.tgz", + "integrity": "sha512-/QxEhPAvGwbQmy1Px8F899L5Uc2KZ6JtXwlCgJmjSTBedwOZkByYcBG4GceIGPXRDsmfxhHazuS+hlOShRLeDw==", + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0", + "@types/estree-jsx": "^1.0.0", + "@types/hast": "^3.0.0", + "@types/mdx": "^2.0.0", + "collapse-white-space": "^2.0.0", + "devlop": "^1.0.0", + "estree-util-is-identifier-name": "^3.0.0", + "estree-util-scope": "^1.0.0", + "estree-walker": "^3.0.0", + "hast-util-to-jsx-runtime": "^2.0.0", + "markdown-extensions": "^2.0.0", + "recma-build-jsx": "^1.0.0", + "recma-jsx": "^1.0.0", + "recma-stringify": "^1.0.0", + "rehype-recma": "^1.0.0", + "remark-mdx": "^3.0.0", + "remark-parse": "^11.0.0", + "remark-rehype": "^11.0.0", + "source-map": "^0.7.0", + "unified": "^11.0.0", + "unist-util-position-from-estree": "^2.0.0", + "unist-util-stringify-position": "^4.0.0", + "unist-util-visit": "^5.0.0", + "vfile": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/@mdx-js/react": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/@mdx-js/react/-/react-3.1.0.tgz", + "integrity": "sha512-QjHtSaoameoalGnKDT3FoIl4+9RwyTmo9ZJGBdLOks/YOiWHoRDI3PUwEzOE7kEmGcV3AFcp9K6dYu9rEuKLAQ==", + "license": "MIT", + "dependencies": { + "@types/mdx": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + }, + "peerDependencies": { + "@types/react": ">=16", + "react": ">=16" + } + }, + "node_modules/@mermaid-js/parser": { + "version": "0.3.0", + "resolved": "https://registry.npmjs.org/@mermaid-js/parser/-/parser-0.3.0.tgz", + "integrity": "sha512-HsvL6zgE5sUPGgkIDlmAWR1HTNHz2Iy11BAWPTa4Jjabkpguy4Ze2gzfLrg6pdRuBvFwgUYyxiaNqZwrEEXepA==", + "license": "MIT", + "dependencies": { + "langium": "3.0.0" + } + }, + "node_modules/@nodelib/fs.scandir": { + "version": "2.1.5", + "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", + "integrity": "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==", + "license": "MIT", + "dependencies": { + "@nodelib/fs.stat": "2.0.5", + "run-parallel": "^1.1.9" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/@nodelib/fs.stat": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz", + "integrity": "sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==", + "license": "MIT", + "engines": { + "node": ">= 8" + } + }, + "node_modules/@nodelib/fs.walk": { + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz", + "integrity": "sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==", + "license": "MIT", + "dependencies": { + "@nodelib/fs.scandir": "2.1.5", + "fastq": "^1.6.0" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/@pnpm/config.env-replace": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/@pnpm/config.env-replace/-/config.env-replace-1.1.0.tgz", + "integrity": "sha512-htyl8TWnKL7K/ESFa1oW2UB5lVDxuF5DpM7tBi6Hu2LNL3mWkIzNLG6N4zoCUP1lCKNxWy/3iu8mS8MvToGd6w==", + "license": "MIT", + "engines": { + "node": ">=12.22.0" + } + }, + "node_modules/@pnpm/network.ca-file": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/@pnpm/network.ca-file/-/network.ca-file-1.0.2.tgz", + "integrity": "sha512-YcPQ8a0jwYU9bTdJDpXjMi7Brhkr1mXsXrUJvjqM2mQDgkRiz8jFaQGOdaLxgjtUfQgZhKy/O3cG/YwmgKaxLA==", + "license": "MIT", + "dependencies": { + "graceful-fs": "4.2.10" + }, + "engines": { + "node": ">=12.22.0" + } + }, + "node_modules/@pnpm/network.ca-file/node_modules/graceful-fs": { + "version": "4.2.10", + "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.10.tgz", + "integrity": "sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA==", + "license": "ISC" + }, + "node_modules/@pnpm/npm-conf": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/@pnpm/npm-conf/-/npm-conf-2.3.1.tgz", + "integrity": "sha512-c83qWb22rNRuB0UaVCI0uRPNRr8Z0FWnEIvT47jiHAmOIUHbBOg5XvV7pM5x+rKn9HRpjxquDbXYSXr3fAKFcw==", + "license": "MIT", + "dependencies": { + "@pnpm/config.env-replace": "^1.1.0", + "@pnpm/network.ca-file": "^1.0.1", + "config-chain": "^1.1.11" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/@polka/url": { + "version": "1.0.0-next.28", + "resolved": "https://registry.npmjs.org/@polka/url/-/url-1.0.0-next.28.tgz", + "integrity": "sha512-8LduaNlMZGwdZ6qWrKlfa+2M4gahzFkprZiAt2TF8uS0qQgBizKXpXURqvTJ4WtmupWxaLqjRb2UCTe72mu+Aw==", + "license": "MIT" + }, + "node_modules/@sideway/address": { + "version": "4.1.5", + "resolved": "https://registry.npmjs.org/@sideway/address/-/address-4.1.5.tgz", + "integrity": "sha512-IqO/DUQHUkPeixNQ8n0JA6102hT9CmaljNTPmQ1u8MEhBo/R4Q8eKLN/vGZxuebwOroDB4cbpjheD4+/sKFK4Q==", + "license": "BSD-3-Clause", + "dependencies": { + "@hapi/hoek": "^9.0.0" + } + }, + "node_modules/@sideway/formula": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@sideway/formula/-/formula-3.0.1.tgz", + "integrity": "sha512-/poHZJJVjx3L+zVD6g9KgHfYnb443oi7wLu/XKojDviHy6HOEOA6z1Trk5aR1dGcmPenJEgb2sK2I80LeS3MIg==", + "license": "BSD-3-Clause" + }, + "node_modules/@sideway/pinpoint": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/@sideway/pinpoint/-/pinpoint-2.0.0.tgz", + "integrity": "sha512-RNiOoTPkptFtSVzQevY/yWtZwf/RxyVnPy/OcA9HBM3MlGDnBEYL5B41H0MTn0Uec8Hi+2qUtTfG2WWZBmMejQ==", + "license": "BSD-3-Clause" + }, + "node_modules/@sinclair/typebox": { + "version": "0.27.8", + "resolved": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.27.8.tgz", + "integrity": "sha512-+Fj43pSMwJs4KRrH/938Uf+uAELIgVBmQzg/q1YG10djyfA3TnrU8N8XzqCh/okZdszqBQTZf96idMfE5lnwTA==", + "license": "MIT" + }, + "node_modules/@sindresorhus/is": { + "version": "4.6.0", + "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-4.6.0.tgz", + "integrity": "sha512-t09vSN3MdfsyCHoFcTRCH/iUtG7OJ0CsjzB8cjAmKc/va/kIgeDI/TxsigdncE/4be734m0cvIYwNaV4i2XqAw==", + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sindresorhus/is?sponsor=1" + } + }, + "node_modules/@slorber/remark-comment": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@slorber/remark-comment/-/remark-comment-1.0.0.tgz", + "integrity": "sha512-RCE24n7jsOj1M0UPvIQCHTe7fI0sFL4S2nwKVWwHyVr/wI/H8GosgsJGyhnsZoGFnD/P2hLf1mSbrrgSLN93NA==", + "license": "MIT", + "dependencies": { + "micromark-factory-space": "^1.0.0", + "micromark-util-character": "^1.1.0", + "micromark-util-symbol": "^1.0.1" + } + }, + "node_modules/@svgr/babel-plugin-add-jsx-attribute": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/@svgr/babel-plugin-add-jsx-attribute/-/babel-plugin-add-jsx-attribute-8.0.0.tgz", + "integrity": "sha512-b9MIk7yhdS1pMCZM8VeNfUlSKVRhsHZNMl5O9SfaX0l0t5wjdgu4IDzGB8bpnGBBOjGST3rRFVsaaEtI4W6f7g==", + "license": "MIT", + "engines": { + "node": ">=14" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@svgr/babel-plugin-remove-jsx-attribute": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/@svgr/babel-plugin-remove-jsx-attribute/-/babel-plugin-remove-jsx-attribute-8.0.0.tgz", + "integrity": "sha512-BcCkm/STipKvbCl6b7QFrMh/vx00vIP63k2eM66MfHJzPr6O2U0jYEViXkHJWqXqQYjdeA9cuCl5KWmlwjDvbA==", + "license": "MIT", + "engines": { + "node": ">=14" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@svgr/babel-plugin-remove-jsx-empty-expression": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/@svgr/babel-plugin-remove-jsx-empty-expression/-/babel-plugin-remove-jsx-empty-expression-8.0.0.tgz", + "integrity": "sha512-5BcGCBfBxB5+XSDSWnhTThfI9jcO5f0Ai2V24gZpG+wXF14BzwxxdDb4g6trdOux0rhibGs385BeFMSmxtS3uA==", + "license": "MIT", + "engines": { + "node": ">=14" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@svgr/babel-plugin-replace-jsx-attribute-value": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/@svgr/babel-plugin-replace-jsx-attribute-value/-/babel-plugin-replace-jsx-attribute-value-8.0.0.tgz", + "integrity": "sha512-KVQ+PtIjb1BuYT3ht8M5KbzWBhdAjjUPdlMtpuw/VjT8coTrItWX6Qafl9+ji831JaJcu6PJNKCV0bp01lBNzQ==", + "license": "MIT", + "engines": { + "node": ">=14" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@svgr/babel-plugin-svg-dynamic-title": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/@svgr/babel-plugin-svg-dynamic-title/-/babel-plugin-svg-dynamic-title-8.0.0.tgz", + "integrity": "sha512-omNiKqwjNmOQJ2v6ge4SErBbkooV2aAWwaPFs2vUY7p7GhVkzRkJ00kILXQvRhA6miHnNpXv7MRnnSjdRjK8og==", + "license": "MIT", + "engines": { + "node": ">=14" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@svgr/babel-plugin-svg-em-dimensions": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/@svgr/babel-plugin-svg-em-dimensions/-/babel-plugin-svg-em-dimensions-8.0.0.tgz", + "integrity": "sha512-mURHYnu6Iw3UBTbhGwE/vsngtCIbHE43xCRK7kCw4t01xyGqb2Pd+WXekRRoFOBIY29ZoOhUCTEweDMdrjfi9g==", + "license": "MIT", + "engines": { + "node": ">=14" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@svgr/babel-plugin-transform-react-native-svg": { + "version": "8.1.0", + "resolved": "https://registry.npmjs.org/@svgr/babel-plugin-transform-react-native-svg/-/babel-plugin-transform-react-native-svg-8.1.0.tgz", + "integrity": "sha512-Tx8T58CHo+7nwJ+EhUwx3LfdNSG9R2OKfaIXXs5soiy5HtgoAEkDay9LIimLOcG8dJQH1wPZp/cnAv6S9CrR1Q==", + "license": "MIT", + "engines": { + "node": ">=14" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@svgr/babel-plugin-transform-svg-component": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/@svgr/babel-plugin-transform-svg-component/-/babel-plugin-transform-svg-component-8.0.0.tgz", + "integrity": "sha512-DFx8xa3cZXTdb/k3kfPeaixecQLgKh5NVBMwD0AQxOzcZawK4oo1Jh9LbrcACUivsCA7TLG8eeWgrDXjTMhRmw==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@svgr/babel-preset": { + "version": "8.1.0", + "resolved": "https://registry.npmjs.org/@svgr/babel-preset/-/babel-preset-8.1.0.tgz", + "integrity": "sha512-7EYDbHE7MxHpv4sxvnVPngw5fuR6pw79SkcrILHJ/iMpuKySNCl5W1qcwPEpU+LgyRXOaAFgH0KhwD18wwg6ug==", + "license": "MIT", + "dependencies": { + "@svgr/babel-plugin-add-jsx-attribute": "8.0.0", + "@svgr/babel-plugin-remove-jsx-attribute": "8.0.0", + "@svgr/babel-plugin-remove-jsx-empty-expression": "8.0.0", + "@svgr/babel-plugin-replace-jsx-attribute-value": "8.0.0", + "@svgr/babel-plugin-svg-dynamic-title": "8.0.0", + "@svgr/babel-plugin-svg-em-dimensions": "8.0.0", + "@svgr/babel-plugin-transform-react-native-svg": "8.1.0", + "@svgr/babel-plugin-transform-svg-component": "8.0.0" + }, + "engines": { + "node": ">=14" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + }, + "peerDependencies": { + "@babel/core": "^7.0.0-0" + } + }, + "node_modules/@svgr/core": { + "version": "8.1.0", + "resolved": "https://registry.npmjs.org/@svgr/core/-/core-8.1.0.tgz", + "integrity": "sha512-8QqtOQT5ACVlmsvKOJNEaWmRPmcojMOzCz4Hs2BGG/toAp/K38LcsMRyLp349glq5AzJbCEeimEoxaX6v/fLrA==", + "license": "MIT", + "dependencies": { + "@babel/core": "^7.21.3", + "@svgr/babel-preset": "8.1.0", + "camelcase": "^6.2.0", + "cosmiconfig": "^8.1.3", + "snake-case": "^3.0.4" + }, + "engines": { + "node": ">=14" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + } + }, + "node_modules/@svgr/hast-util-to-babel-ast": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/@svgr/hast-util-to-babel-ast/-/hast-util-to-babel-ast-8.0.0.tgz", + "integrity": "sha512-EbDKwO9GpfWP4jN9sGdYwPBU0kdomaPIL2Eu4YwmgP+sJeXT+L7bMwJUBnhzfH8Q2qMBqZ4fJwpCyYsAN3mt2Q==", + "license": "MIT", + "dependencies": { + "@babel/types": "^7.21.3", + "entities": "^4.4.0" + }, + "engines": { + "node": ">=14" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + } + }, + "node_modules/@svgr/plugin-jsx": { + "version": "8.1.0", + "resolved": "https://registry.npmjs.org/@svgr/plugin-jsx/-/plugin-jsx-8.1.0.tgz", + "integrity": "sha512-0xiIyBsLlr8quN+WyuxooNW9RJ0Dpr8uOnH/xrCVO8GLUcwHISwj1AG0k+LFzteTkAA0GbX0kj9q6Dk70PTiPA==", + "license": "MIT", + "dependencies": { + "@babel/core": "^7.21.3", + "@svgr/babel-preset": "8.1.0", + "@svgr/hast-util-to-babel-ast": "8.0.0", + "svg-parser": "^2.0.4" + }, + "engines": { + "node": ">=14" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + }, + "peerDependencies": { + "@svgr/core": "*" + } + }, + "node_modules/@svgr/plugin-svgo": { + "version": "8.1.0", + "resolved": "https://registry.npmjs.org/@svgr/plugin-svgo/-/plugin-svgo-8.1.0.tgz", + "integrity": "sha512-Ywtl837OGO9pTLIN/onoWLmDQ4zFUycI1g76vuKGEz6evR/ZTJlJuz3G/fIkb6OVBJ2g0o6CGJzaEjfmEo3AHA==", + "license": "MIT", + "dependencies": { + "cosmiconfig": "^8.1.3", + "deepmerge": "^4.3.1", + "svgo": "^3.0.2" + }, + "engines": { + "node": ">=14" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + }, + "peerDependencies": { + "@svgr/core": "*" + } + }, + "node_modules/@svgr/webpack": { + "version": "8.1.0", + "resolved": "https://registry.npmjs.org/@svgr/webpack/-/webpack-8.1.0.tgz", + "integrity": "sha512-LnhVjMWyMQV9ZmeEy26maJk+8HTIbd59cH4F2MJ439k9DqejRisfFNGAPvRYlKETuh9LrImlS8aKsBgKjMA8WA==", + "license": "MIT", + "dependencies": { + "@babel/core": "^7.21.3", + "@babel/plugin-transform-react-constant-elements": "^7.21.3", + "@babel/preset-env": "^7.20.2", + "@babel/preset-react": "^7.18.6", + "@babel/preset-typescript": "^7.21.0", + "@svgr/core": "8.1.0", + "@svgr/plugin-jsx": "8.1.0", + "@svgr/plugin-svgo": "8.1.0" + }, + "engines": { + "node": ">=14" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/gregberge" + } + }, + "node_modules/@szmarczak/http-timer": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/@szmarczak/http-timer/-/http-timer-5.0.1.tgz", + "integrity": "sha512-+PmQX0PiAYPMeVYe237LJAYvOMYW1j2rH5YROyS3b4CTVJum34HfRvKvAzozHAQG0TnHNdUfY9nCeUyRAs//cw==", + "license": "MIT", + "dependencies": { + "defer-to-connect": "^2.0.1" + }, + "engines": { + "node": ">=14.16" + } + }, + "node_modules/@trysound/sax": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/@trysound/sax/-/sax-0.2.0.tgz", + "integrity": "sha512-L7z9BgrNEcYyUYtF+HaEfiS5ebkh9jXqbszz7pC0hRBPaatV0XjSD3+eHrpqFemQfgwiFF0QPIarnIihIDn7OA==", + "license": "ISC", + "engines": { + "node": ">=10.13.0" + } + }, + "node_modules/@types/acorn": { + "version": "4.0.6", + "resolved": "https://registry.npmjs.org/@types/acorn/-/acorn-4.0.6.tgz", + "integrity": "sha512-veQTnWP+1D/xbxVrPC3zHnCZRjSrKfhbMUlEA43iMZLu7EsnTtkJklIuwrCPbOi8YkvDQAiW05VQQFvvz9oieQ==", + "license": "MIT", + "dependencies": { + "@types/estree": "*" + } + }, + "node_modules/@types/body-parser": { + "version": "1.19.5", + "resolved": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.5.tgz", + "integrity": "sha512-fB3Zu92ucau0iQ0JMCFQE7b/dv8Ot07NI3KaZIkIUNXq82k4eBAqUaneXfleGY9JWskeS9y+u0nXMyspcuQrCg==", + "license": "MIT", + "dependencies": { + "@types/connect": "*", + "@types/node": "*" + } + }, + "node_modules/@types/bonjour": { + "version": "3.5.13", + "resolved": "https://registry.npmjs.org/@types/bonjour/-/bonjour-3.5.13.tgz", + "integrity": "sha512-z9fJ5Im06zvUL548KvYNecEVlA7cVDkGUi6kZusb04mpyEFKCIZJvloCcmpmLaIahDpOQGHaHmG6imtPMmPXGQ==", + "license": "MIT", + "dependencies": { + "@types/node": "*" + } + }, + "node_modules/@types/connect": { + "version": "3.4.38", + "resolved": "https://registry.npmjs.org/@types/connect/-/connect-3.4.38.tgz", + "integrity": "sha512-K6uROf1LD88uDQqJCktA4yzL1YYAK6NgfsI0v/mTgyPKWsX1CnJ0XPSDhViejru1GcRkLWb8RlzFYJRqGUbaug==", + "license": "MIT", + "dependencies": { + "@types/node": "*" + } + }, + "node_modules/@types/connect-history-api-fallback": { + "version": "1.5.4", + "resolved": "https://registry.npmjs.org/@types/connect-history-api-fallback/-/connect-history-api-fallback-1.5.4.tgz", + "integrity": "sha512-n6Cr2xS1h4uAulPRdlw6Jl6s1oG8KrVilPN2yUITEs+K48EzMJJ3W1xy8K5eWuFvjp3R74AOIGSmp2UfBJ8HFw==", + "license": "MIT", + "dependencies": { + "@types/express-serve-static-core": "*", + "@types/node": "*" + } + }, + "node_modules/@types/d3": { + "version": "7.4.3", + "resolved": "https://registry.npmjs.org/@types/d3/-/d3-7.4.3.tgz", + "integrity": "sha512-lZXZ9ckh5R8uiFVt8ogUNf+pIrK4EsWrx2Np75WvF/eTpJ0FMHNhjXk8CKEx/+gpHbNQyJWehbFaTvqmHWB3ww==", + "license": "MIT", + "dependencies": { + "@types/d3-array": "*", + "@types/d3-axis": "*", + "@types/d3-brush": "*", + "@types/d3-chord": "*", + "@types/d3-color": "*", + "@types/d3-contour": "*", + "@types/d3-delaunay": "*", + "@types/d3-dispatch": "*", + "@types/d3-drag": "*", + "@types/d3-dsv": "*", + "@types/d3-ease": "*", + "@types/d3-fetch": "*", + "@types/d3-force": "*", + "@types/d3-format": "*", + "@types/d3-geo": "*", + "@types/d3-hierarchy": "*", + "@types/d3-interpolate": "*", + "@types/d3-path": "*", + "@types/d3-polygon": "*", + "@types/d3-quadtree": "*", + "@types/d3-random": "*", + "@types/d3-scale": "*", + "@types/d3-scale-chromatic": "*", + "@types/d3-selection": "*", + "@types/d3-shape": "*", + "@types/d3-time": "*", + "@types/d3-time-format": "*", + "@types/d3-timer": "*", + "@types/d3-transition": "*", + "@types/d3-zoom": "*" + } + }, + "node_modules/@types/d3-array": { + "version": "3.2.1", + "resolved": "https://registry.npmjs.org/@types/d3-array/-/d3-array-3.2.1.tgz", + "integrity": "sha512-Y2Jn2idRrLzUfAKV2LyRImR+y4oa2AntrgID95SHJxuMUrkNXmanDSed71sRNZysveJVt1hLLemQZIady0FpEg==", + "license": "MIT" + }, + "node_modules/@types/d3-axis": { + "version": "3.0.6", + "resolved": "https://registry.npmjs.org/@types/d3-axis/-/d3-axis-3.0.6.tgz", + "integrity": "sha512-pYeijfZuBd87T0hGn0FO1vQ/cgLk6E1ALJjfkC0oJ8cbwkZl3TpgS8bVBLZN+2jjGgg38epgxb2zmoGtSfvgMw==", + "license": "MIT", + "dependencies": { + "@types/d3-selection": "*" + } + }, + "node_modules/@types/d3-brush": { + "version": "3.0.6", + "resolved": "https://registry.npmjs.org/@types/d3-brush/-/d3-brush-3.0.6.tgz", + "integrity": "sha512-nH60IZNNxEcrh6L1ZSMNA28rj27ut/2ZmI3r96Zd+1jrZD++zD3LsMIjWlvg4AYrHn/Pqz4CF3veCxGjtbqt7A==", + "license": "MIT", + "dependencies": { + "@types/d3-selection": "*" + } + }, + "node_modules/@types/d3-chord": { + "version": "3.0.6", + "resolved": "https://registry.npmjs.org/@types/d3-chord/-/d3-chord-3.0.6.tgz", + "integrity": "sha512-LFYWWd8nwfwEmTZG9PfQxd17HbNPksHBiJHaKuY1XeqscXacsS2tyoo6OdRsjf+NQYeB6XrNL3a25E3gH69lcg==", + "license": "MIT" + }, + "node_modules/@types/d3-color": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/@types/d3-color/-/d3-color-3.1.3.tgz", + "integrity": "sha512-iO90scth9WAbmgv7ogoq57O9YpKmFBbmoEoCHDB2xMBY0+/KVrqAaCDyCE16dUspeOvIxFFRI+0sEtqDqy2b4A==", + "license": "MIT" + }, + "node_modules/@types/d3-contour": { + "version": "3.0.6", + "resolved": "https://registry.npmjs.org/@types/d3-contour/-/d3-contour-3.0.6.tgz", + "integrity": "sha512-BjzLgXGnCWjUSYGfH1cpdo41/hgdWETu4YxpezoztawmqsvCeep+8QGfiY6YbDvfgHz/DkjeIkkZVJavB4a3rg==", + "license": "MIT", + "dependencies": { + "@types/d3-array": "*", + "@types/geojson": "*" + } + }, + "node_modules/@types/d3-delaunay": { + "version": "6.0.4", + "resolved": "https://registry.npmjs.org/@types/d3-delaunay/-/d3-delaunay-6.0.4.tgz", + "integrity": "sha512-ZMaSKu4THYCU6sV64Lhg6qjf1orxBthaC161plr5KuPHo3CNm8DTHiLw/5Eq2b6TsNP0W0iJrUOFscY6Q450Hw==", + "license": "MIT" + }, + "node_modules/@types/d3-dispatch": { + "version": "3.0.6", + "resolved": "https://registry.npmjs.org/@types/d3-dispatch/-/d3-dispatch-3.0.6.tgz", + "integrity": "sha512-4fvZhzMeeuBJYZXRXrRIQnvUYfyXwYmLsdiN7XXmVNQKKw1cM8a5WdID0g1hVFZDqT9ZqZEY5pD44p24VS7iZQ==", + "license": "MIT" + }, + "node_modules/@types/d3-drag": { + "version": "3.0.7", + "resolved": "https://registry.npmjs.org/@types/d3-drag/-/d3-drag-3.0.7.tgz", + "integrity": "sha512-HE3jVKlzU9AaMazNufooRJ5ZpWmLIoc90A37WU2JMmeq28w1FQqCZswHZ3xR+SuxYftzHq6WU6KJHvqxKzTxxQ==", + "license": "MIT", + "dependencies": { + "@types/d3-selection": "*" + } + }, + "node_modules/@types/d3-dsv": { + "version": "3.0.7", + "resolved": "https://registry.npmjs.org/@types/d3-dsv/-/d3-dsv-3.0.7.tgz", + "integrity": "sha512-n6QBF9/+XASqcKK6waudgL0pf/S5XHPPI8APyMLLUHd8NqouBGLsU8MgtO7NINGtPBtk9Kko/W4ea0oAspwh9g==", + "license": "MIT" + }, + "node_modules/@types/d3-ease": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/@types/d3-ease/-/d3-ease-3.0.2.tgz", + "integrity": "sha512-NcV1JjO5oDzoK26oMzbILE6HW7uVXOHLQvHshBUW4UMdZGfiY6v5BeQwh9a9tCzv+CeefZQHJt5SRgK154RtiA==", + "license": "MIT" + }, + "node_modules/@types/d3-fetch": { + "version": "3.0.7", + "resolved": "https://registry.npmjs.org/@types/d3-fetch/-/d3-fetch-3.0.7.tgz", + "integrity": "sha512-fTAfNmxSb9SOWNB9IoG5c8Hg6R+AzUHDRlsXsDZsNp6sxAEOP0tkP3gKkNSO/qmHPoBFTxNrjDprVHDQDvo5aA==", + "license": "MIT", + "dependencies": { + "@types/d3-dsv": "*" + } + }, + "node_modules/@types/d3-force": { + "version": "3.0.10", + "resolved": "https://registry.npmjs.org/@types/d3-force/-/d3-force-3.0.10.tgz", + "integrity": "sha512-ZYeSaCF3p73RdOKcjj+swRlZfnYpK1EbaDiYICEEp5Q6sUiqFaFQ9qgoshp5CzIyyb/yD09kD9o2zEltCexlgw==", + "license": "MIT" + }, + "node_modules/@types/d3-format": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/@types/d3-format/-/d3-format-3.0.4.tgz", + "integrity": "sha512-fALi2aI6shfg7vM5KiR1wNJnZ7r6UuggVqtDA+xiEdPZQwy/trcQaHnwShLuLdta2rTymCNpxYTiMZX/e09F4g==", + "license": "MIT" + }, + "node_modules/@types/d3-geo": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/@types/d3-geo/-/d3-geo-3.1.0.tgz", + "integrity": "sha512-856sckF0oP/diXtS4jNsiQw/UuK5fQG8l/a9VVLeSouf1/PPbBE1i1W852zVwKwYCBkFJJB7nCFTbk6UMEXBOQ==", + "license": "MIT", + "dependencies": { + "@types/geojson": "*" + } + }, + "node_modules/@types/d3-hierarchy": { + "version": "3.1.7", + "resolved": "https://registry.npmjs.org/@types/d3-hierarchy/-/d3-hierarchy-3.1.7.tgz", + "integrity": "sha512-tJFtNoYBtRtkNysX1Xq4sxtjK8YgoWUNpIiUee0/jHGRwqvzYxkq0hGVbbOGSz+JgFxxRu4K8nb3YpG3CMARtg==", + "license": "MIT" + }, + "node_modules/@types/d3-interpolate": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/@types/d3-interpolate/-/d3-interpolate-3.0.4.tgz", + "integrity": "sha512-mgLPETlrpVV1YRJIglr4Ez47g7Yxjl1lj7YKsiMCb27VJH9W8NVM6Bb9d8kkpG/uAQS5AmbA48q2IAolKKo1MA==", + "license": "MIT", + "dependencies": { + "@types/d3-color": "*" + } + }, + "node_modules/@types/d3-path": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/@types/d3-path/-/d3-path-3.1.0.tgz", + "integrity": "sha512-P2dlU/q51fkOc/Gfl3Ul9kicV7l+ra934qBFXCFhrZMOL6du1TM0pm1ThYvENukyOn5h9v+yMJ9Fn5JK4QozrQ==", + "license": "MIT" + }, + "node_modules/@types/d3-polygon": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/@types/d3-polygon/-/d3-polygon-3.0.2.tgz", + "integrity": "sha512-ZuWOtMaHCkN9xoeEMr1ubW2nGWsp4nIql+OPQRstu4ypeZ+zk3YKqQT0CXVe/PYqrKpZAi+J9mTs05TKwjXSRA==", + "license": "MIT" + }, + "node_modules/@types/d3-quadtree": { + "version": "3.0.6", + "resolved": "https://registry.npmjs.org/@types/d3-quadtree/-/d3-quadtree-3.0.6.tgz", + "integrity": "sha512-oUzyO1/Zm6rsxKRHA1vH0NEDG58HrT5icx/azi9MF1TWdtttWl0UIUsjEQBBh+SIkrpd21ZjEv7ptxWys1ncsg==", + "license": "MIT" + }, + "node_modules/@types/d3-random": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@types/d3-random/-/d3-random-3.0.3.tgz", + "integrity": "sha512-Imagg1vJ3y76Y2ea0871wpabqp613+8/r0mCLEBfdtqC7xMSfj9idOnmBYyMoULfHePJyxMAw3nWhJxzc+LFwQ==", + "license": "MIT" + }, + "node_modules/@types/d3-scale": { + "version": "4.0.8", + "resolved": "https://registry.npmjs.org/@types/d3-scale/-/d3-scale-4.0.8.tgz", + "integrity": "sha512-gkK1VVTr5iNiYJ7vWDI+yUFFlszhNMtVeneJ6lUTKPjprsvLLI9/tgEGiXJOnlINJA8FyA88gfnQsHbybVZrYQ==", + "license": "MIT", + "dependencies": { + "@types/d3-time": "*" + } + }, + "node_modules/@types/d3-scale-chromatic": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@types/d3-scale-chromatic/-/d3-scale-chromatic-3.0.3.tgz", + "integrity": "sha512-laXM4+1o5ImZv3RpFAsTRn3TEkzqkytiOY0Dz0sq5cnd1dtNlk6sHLon4OvqaiJb28T0S/TdsBI3Sjsy+keJrw==", + "license": "MIT" + }, + "node_modules/@types/d3-selection": { + "version": "3.0.11", + "resolved": "https://registry.npmjs.org/@types/d3-selection/-/d3-selection-3.0.11.tgz", + "integrity": "sha512-bhAXu23DJWsrI45xafYpkQ4NtcKMwWnAC/vKrd2l+nxMFuvOT3XMYTIj2opv8vq8AO5Yh7Qac/nSeP/3zjTK0w==", + "license": "MIT" + }, + "node_modules/@types/d3-shape": { + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/@types/d3-shape/-/d3-shape-3.1.6.tgz", + "integrity": "sha512-5KKk5aKGu2I+O6SONMYSNflgiP0WfZIQvVUMan50wHsLG1G94JlxEVnCpQARfTtzytuY0p/9PXXZb3I7giofIA==", + "license": "MIT", + "dependencies": { + "@types/d3-path": "*" + } + }, + "node_modules/@types/d3-time": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@types/d3-time/-/d3-time-3.0.3.tgz", + "integrity": "sha512-2p6olUZ4w3s+07q3Tm2dbiMZy5pCDfYwtLXXHUnVzXgQlZ/OyPtUz6OL382BkOuGlLXqfT+wqv8Fw2v8/0geBw==", + "license": "MIT" + }, + "node_modules/@types/d3-time-format": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/@types/d3-time-format/-/d3-time-format-4.0.3.tgz", + "integrity": "sha512-5xg9rC+wWL8kdDj153qZcsJ0FWiFt0J5RB6LYUNZjwSnesfblqrI/bJ1wBdJ8OQfncgbJG5+2F+qfqnqyzYxyg==", + "license": "MIT" + }, + "node_modules/@types/d3-timer": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/@types/d3-timer/-/d3-timer-3.0.2.tgz", + "integrity": "sha512-Ps3T8E8dZDam6fUyNiMkekK3XUsaUEik+idO9/YjPtfj2qruF8tFBXS7XhtE4iIXBLxhmLjP3SXpLhVf21I9Lw==", + "license": "MIT" + }, + "node_modules/@types/d3-transition": { + "version": "3.0.9", + "resolved": "https://registry.npmjs.org/@types/d3-transition/-/d3-transition-3.0.9.tgz", + "integrity": "sha512-uZS5shfxzO3rGlu0cC3bjmMFKsXv+SmZZcgp0KD22ts4uGXp5EVYGzu/0YdwZeKmddhcAccYtREJKkPfXkZuCg==", + "license": "MIT", + "dependencies": { + "@types/d3-selection": "*" + } + }, + "node_modules/@types/d3-zoom": { + "version": "3.0.8", + "resolved": "https://registry.npmjs.org/@types/d3-zoom/-/d3-zoom-3.0.8.tgz", + "integrity": "sha512-iqMC4/YlFCSlO8+2Ii1GGGliCAY4XdeG748w5vQUbevlbDu0zSjH/+jojorQVBK/se0j6DUFNPBGSqD3YWYnDw==", + "license": "MIT", + "dependencies": { + "@types/d3-interpolate": "*", + "@types/d3-selection": "*" + } + }, + "node_modules/@types/debug": { + "version": "4.1.12", + "resolved": "https://registry.npmjs.org/@types/debug/-/debug-4.1.12.tgz", + "integrity": "sha512-vIChWdVG3LG1SMxEvI/AK+FWJthlrqlTu7fbrlywTkkaONwk/UAGaULXRlf8vkzFBLVm0zkMdCquhL5aOjhXPQ==", + "license": "MIT", + "dependencies": { + "@types/ms": "*" + } + }, + "node_modules/@types/dompurify": { + "version": "3.0.5", + "resolved": "https://registry.npmjs.org/@types/dompurify/-/dompurify-3.0.5.tgz", + "integrity": "sha512-1Wg0g3BtQF7sSb27fJQAKck1HECM6zV1EB66j8JH9i3LCjYabJa0FSdiSgsD5K/RbrsR0SiraKacLB+T8ZVYAg==", + "license": "MIT", + "dependencies": { + "@types/trusted-types": "*" + } + }, + "node_modules/@types/eslint": { + "version": "9.6.1", + "resolved": "https://registry.npmjs.org/@types/eslint/-/eslint-9.6.1.tgz", + "integrity": "sha512-FXx2pKgId/WyYo2jXw63kk7/+TY7u7AziEJxJAnSFzHlqTAS3Ync6SvgYAN/k4/PQpnnVuzoMuVnByKK2qp0ag==", + "license": "MIT", + "dependencies": { + "@types/estree": "*", + "@types/json-schema": "*" + } + }, + "node_modules/@types/eslint-scope": { + "version": "3.7.7", + "resolved": "https://registry.npmjs.org/@types/eslint-scope/-/eslint-scope-3.7.7.tgz", + "integrity": "sha512-MzMFlSLBqNF2gcHWO0G1vP/YQyfvrxZ0bF+u7mzUdZ1/xK4A4sru+nraZz5i3iEIk1l1uyicaDVTB4QbbEkAYg==", + "license": "MIT", + "dependencies": { + "@types/eslint": "*", + "@types/estree": "*" + } + }, + "node_modules/@types/estree": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.6.tgz", + "integrity": "sha512-AYnb1nQyY49te+VRAVgmzfcgjYS91mY5P0TKUDCLEM+gNnA+3T6rWITXRLYCpahpqSQbN5cE+gHpnPyXjHWxcw==", + "license": "MIT" + }, + "node_modules/@types/estree-jsx": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/@types/estree-jsx/-/estree-jsx-1.0.5.tgz", + "integrity": "sha512-52CcUVNFyfb1A2ALocQw/Dd1BQFNmSdkuC3BkZ6iqhdMfQz7JWOFRuJFloOzjk+6WijU56m9oKXFAXc7o3Towg==", + "license": "MIT", + "dependencies": { + "@types/estree": "*" + } + }, + "node_modules/@types/express": { + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.21.tgz", + "integrity": "sha512-ejlPM315qwLpaQlQDTjPdsUFSc6ZsP4AN6AlWnogPjQ7CVi7PYF3YVz+CY3jE2pwYf7E/7HlDAN0rV2GxTG0HQ==", + "license": "MIT", + "dependencies": { + "@types/body-parser": "*", + "@types/express-serve-static-core": "^4.17.33", + "@types/qs": "*", + "@types/serve-static": "*" + } + }, + "node_modules/@types/express-serve-static-core": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-5.0.1.tgz", + "integrity": "sha512-CRICJIl0N5cXDONAdlTv5ShATZ4HEwk6kDDIW2/w9qOWKg+NU/5F8wYRWCrONad0/UKkloNSmmyN/wX4rtpbVA==", + "license": "MIT", + "dependencies": { + "@types/node": "*", + "@types/qs": "*", + "@types/range-parser": "*", + "@types/send": "*" + } + }, + "node_modules/@types/express/node_modules/@types/express-serve-static-core": { + "version": "4.19.6", + "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.19.6.tgz", + "integrity": "sha512-N4LZ2xG7DatVqhCZzOGb1Yi5lMbXSZcmdLDe9EzSndPV2HpWYWzRbaerl2n27irrm94EPpprqa8KpskPT085+A==", + "license": "MIT", + "dependencies": { + "@types/node": "*", + "@types/qs": "*", + "@types/range-parser": "*", + "@types/send": "*" + } + }, + "node_modules/@types/geojson": { + "version": "7946.0.14", + "resolved": "https://registry.npmjs.org/@types/geojson/-/geojson-7946.0.14.tgz", + "integrity": "sha512-WCfD5Ht3ZesJUsONdhvm84dmzWOiOzOAqOncN0++w0lBw1o8OuDNJF2McvvCef/yBqb/HYRahp1BYtODFQ8bRg==", + "license": "MIT" + }, + "node_modules/@types/gtag.js": { + "version": "0.0.12", + "resolved": "https://registry.npmjs.org/@types/gtag.js/-/gtag.js-0.0.12.tgz", + "integrity": "sha512-YQV9bUsemkzG81Ea295/nF/5GijnD2Af7QhEofh7xu+kvCN6RdodgNwwGWXB5GMI3NoyvQo0odNctoH/qLMIpg==", + "license": "MIT" + }, + "node_modules/@types/hast": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/@types/hast/-/hast-3.0.4.tgz", + "integrity": "sha512-WPs+bbQw5aCj+x6laNGWLH3wviHtoCv/P3+otBhbOhJgG8qtpdAMlTCxLtsTWA7LH1Oh/bFCHsBn0TPS5m30EQ==", + "license": "MIT", + "dependencies": { + "@types/unist": "*" + } + }, + "node_modules/@types/history": { + "version": "4.7.11", + "resolved": "https://registry.npmjs.org/@types/history/-/history-4.7.11.tgz", + "integrity": "sha512-qjDJRrmvBMiTx+jyLxvLfJU7UznFuokDv4f3WRuriHKERccVpFU+8XMQUAbDzoiJCsmexxRExQeMwwCdamSKDA==", + "license": "MIT" + }, + "node_modules/@types/html-minifier-terser": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/@types/html-minifier-terser/-/html-minifier-terser-6.1.0.tgz", + "integrity": "sha512-oh/6byDPnL1zeNXFrDXFLyZjkr1MsBG667IM792caf1L2UPOOMf65NFzjUH/ltyfwjAGfs1rsX1eftK0jC/KIg==", + "license": "MIT" + }, + "node_modules/@types/http-cache-semantics": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/@types/http-cache-semantics/-/http-cache-semantics-4.0.4.tgz", + "integrity": "sha512-1m0bIFVc7eJWyve9S0RnuRgcQqF/Xd5QsUZAZeQFr1Q3/p9JWoQQEqmVy+DPTNpGXwhgIetAoYF8JSc33q29QA==", + "license": "MIT" + }, + "node_modules/@types/http-errors": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/@types/http-errors/-/http-errors-2.0.4.tgz", + "integrity": "sha512-D0CFMMtydbJAegzOyHjtiKPLlvnm3iTZyZRSZoLq2mRhDdmLfIWOCYPfQJ4cu2erKghU++QvjcUjp/5h7hESpA==", + "license": "MIT" + }, + "node_modules/@types/http-proxy": { + "version": "1.17.15", + "resolved": "https://registry.npmjs.org/@types/http-proxy/-/http-proxy-1.17.15.tgz", + "integrity": "sha512-25g5atgiVNTIv0LBDTg1H74Hvayx0ajtJPLLcYE3whFv75J0pWNtOBzaXJQgDTmrX1bx5U9YC2w/n65BN1HwRQ==", + "license": "MIT", + "dependencies": { + "@types/node": "*" + } + }, + "node_modules/@types/istanbul-lib-coverage": { + "version": "2.0.6", + "resolved": "https://registry.npmjs.org/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.6.tgz", + "integrity": "sha512-2QF/t/auWm0lsy8XtKVPG19v3sSOQlJe/YHZgfjb/KBBHOGSV+J2q/S671rcq9uTBrLAXmZpqJiaQbMT+zNU1w==", + "license": "MIT" + }, + "node_modules/@types/istanbul-lib-report": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@types/istanbul-lib-report/-/istanbul-lib-report-3.0.3.tgz", + "integrity": "sha512-NQn7AHQnk/RSLOxrBbGyJM/aVQ+pjj5HCgasFxc0K/KhoATfQ/47AyUl15I2yBUpihjmas+a+VJBOqecrFH+uA==", + "license": "MIT", + "dependencies": { + "@types/istanbul-lib-coverage": "*" + } + }, + "node_modules/@types/istanbul-reports": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/@types/istanbul-reports/-/istanbul-reports-3.0.4.tgz", + "integrity": "sha512-pk2B1NWalF9toCRu6gjBzR69syFjP4Od8WRAX+0mmf9lAjCRicLOWc+ZrxZHx/0XRjotgkF9t6iaMJ+aXcOdZQ==", + "license": "MIT", + "dependencies": { + "@types/istanbul-lib-report": "*" + } + }, + "node_modules/@types/json-schema": { + "version": "7.0.15", + "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz", + "integrity": "sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA==", + "license": "MIT" + }, + "node_modules/@types/mdast": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/@types/mdast/-/mdast-4.0.4.tgz", + "integrity": "sha512-kGaNbPh1k7AFzgpud/gMdvIm5xuECykRR+JnWKQno9TAXVa6WIVCGTPvYGekIDL4uwCZQSYbUxNBSb1aUo79oA==", + "license": "MIT", + "dependencies": { + "@types/unist": "*" + } + }, + "node_modules/@types/mdx": { + "version": "2.0.13", + "resolved": "https://registry.npmjs.org/@types/mdx/-/mdx-2.0.13.tgz", + "integrity": "sha512-+OWZQfAYyio6YkJb3HLxDrvnx6SWWDbC0zVPfBRzUk0/nqoDyf6dNxQi3eArPe8rJ473nobTMQ/8Zk+LxJ+Yuw==", + "license": "MIT" + }, + "node_modules/@types/mime": { + "version": "1.3.5", + "resolved": "https://registry.npmjs.org/@types/mime/-/mime-1.3.5.tgz", + "integrity": "sha512-/pyBZWSLD2n0dcHE3hq8s8ZvcETHtEuF+3E7XVt0Ig2nvsVQXdghHVcEkIWjy9A0wKfTn97a/PSDYohKIlnP/w==", + "license": "MIT" + }, + "node_modules/@types/ms": { + "version": "0.7.34", + "resolved": "https://registry.npmjs.org/@types/ms/-/ms-0.7.34.tgz", + "integrity": "sha512-nG96G3Wp6acyAgJqGasjODb+acrI7KltPiRxzHPXnP3NgI28bpQDRv53olbqGXbfcgF5aiiHmO3xpwEpS5Ld9g==", + "license": "MIT" + }, + "node_modules/@types/node": { + "version": "22.9.1", + "resolved": "https://registry.npmjs.org/@types/node/-/node-22.9.1.tgz", + "integrity": "sha512-p8Yy/8sw1caA8CdRIQBG5tiLHmxtQKObCijiAa9Ez+d4+PRffM4054xbju0msf+cvhJpnFEeNjxmVT/0ipktrg==", + "license": "MIT", + "dependencies": { + "undici-types": "~6.19.8" + } + }, + "node_modules/@types/node-forge": { + "version": "1.3.11", + "resolved": "https://registry.npmjs.org/@types/node-forge/-/node-forge-1.3.11.tgz", + "integrity": "sha512-FQx220y22OKNTqaByeBGqHWYz4cl94tpcxeFdvBo3wjG6XPBuZ0BNgNZRV5J5TFmmcsJ4IzsLkmGRiQbnYsBEQ==", + "license": "MIT", + "dependencies": { + "@types/node": "*" + } + }, + "node_modules/@types/parse-json": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/@types/parse-json/-/parse-json-4.0.2.tgz", + "integrity": "sha512-dISoDXWWQwUquiKsyZ4Ng+HX2KsPL7LyHKHQwgGFEA3IaKac4Obd+h2a/a6waisAoepJlBcx9paWqjA8/HVjCw==", + "license": "MIT" + }, + "node_modules/@types/prismjs": { + "version": "1.26.5", + "resolved": "https://registry.npmjs.org/@types/prismjs/-/prismjs-1.26.5.tgz", + "integrity": "sha512-AUZTa7hQ2KY5L7AmtSiqxlhWxb4ina0yd8hNbl4TWuqnv/pFP0nDMb3YrfSBf4hJVGLh2YEIBfKaBW/9UEl6IQ==", + "license": "MIT" + }, + "node_modules/@types/prop-types": { + "version": "15.7.13", + "resolved": "https://registry.npmjs.org/@types/prop-types/-/prop-types-15.7.13.tgz", + "integrity": "sha512-hCZTSvwbzWGvhqxp/RqVqwU999pBf2vp7hzIjiYOsl8wqOmUxkQ6ddw1cV3l8811+kdUFus/q4d1Y3E3SyEifA==", + "license": "MIT" + }, + "node_modules/@types/qs": { + "version": "6.9.17", + "resolved": "https://registry.npmjs.org/@types/qs/-/qs-6.9.17.tgz", + "integrity": "sha512-rX4/bPcfmvxHDv0XjfJELTTr+iB+tn032nPILqHm5wbthUUUuVtNGGqzhya9XUxjTP8Fpr0qYgSZZKxGY++svQ==", + "license": "MIT" + }, + "node_modules/@types/range-parser": { + "version": "1.2.7", + "resolved": "https://registry.npmjs.org/@types/range-parser/-/range-parser-1.2.7.tgz", + "integrity": "sha512-hKormJbkJqzQGhziax5PItDUTMAM9uE2XXQmM37dyd4hVM+5aVl7oVxMVUiVQn2oCQFN/LKCZdvSM0pFRqbSmQ==", + "license": "MIT" + }, + "node_modules/@types/react": { + "version": "18.3.12", + "resolved": "https://registry.npmjs.org/@types/react/-/react-18.3.12.tgz", + "integrity": "sha512-D2wOSq/d6Agt28q7rSI3jhU7G6aiuzljDGZ2hTZHIkrTLUI+AF3WMeKkEZ9nN2fkBAlcktT6vcZjDFiIhMYEQw==", + "license": "MIT", + "dependencies": { + "@types/prop-types": "*", + "csstype": "^3.0.2" + } + }, + "node_modules/@types/react-router": { + "version": "5.1.20", + "resolved": "https://registry.npmjs.org/@types/react-router/-/react-router-5.1.20.tgz", + "integrity": "sha512-jGjmu/ZqS7FjSH6owMcD5qpq19+1RS9DeVRqfl1FeBMxTDQAGwlMWOcs52NDoXaNKyG3d1cYQFMs9rCrb88o9Q==", + "license": "MIT", + "dependencies": { + "@types/history": "^4.7.11", + "@types/react": "*" + } + }, + "node_modules/@types/react-router-config": { + "version": "5.0.11", + "resolved": "https://registry.npmjs.org/@types/react-router-config/-/react-router-config-5.0.11.tgz", + "integrity": "sha512-WmSAg7WgqW7m4x8Mt4N6ZyKz0BubSj/2tVUMsAHp+Yd2AMwcSbeFq9WympT19p5heCFmF97R9eD5uUR/t4HEqw==", + "license": "MIT", + "dependencies": { + "@types/history": "^4.7.11", + "@types/react": "*", + "@types/react-router": "^5.1.0" + } + }, + "node_modules/@types/react-router-dom": { + "version": "5.3.3", + "resolved": "https://registry.npmjs.org/@types/react-router-dom/-/react-router-dom-5.3.3.tgz", + "integrity": "sha512-kpqnYK4wcdm5UaWI3fLcELopqLrHgLqNsdpHauzlQktfkHL3npOSwtj1Uz9oKBAzs7lFtVkV8j83voAz2D8fhw==", + "license": "MIT", + "dependencies": { + "@types/history": "^4.7.11", + "@types/react": "*", + "@types/react-router": "*" + } + }, + "node_modules/@types/retry": { + "version": "0.12.0", + "resolved": "https://registry.npmjs.org/@types/retry/-/retry-0.12.0.tgz", + "integrity": "sha512-wWKOClTTiizcZhXnPY4wikVAwmdYHp8q6DmC+EJUzAMsycb7HB32Kh9RN4+0gExjmPmZSAQjgURXIGATPegAvA==", + "license": "MIT" + }, + "node_modules/@types/sax": { + "version": "1.2.7", + "resolved": "https://registry.npmjs.org/@types/sax/-/sax-1.2.7.tgz", + "integrity": "sha512-rO73L89PJxeYM3s3pPPjiPgVVcymqU490g0YO5n5By0k2Erzj6tay/4lr1CHAAU4JyOWd1rpQ8bCf6cZfHU96A==", + "license": "MIT", + "dependencies": { + "@types/node": "*" + } + }, + "node_modules/@types/send": { + "version": "0.17.4", + "resolved": "https://registry.npmjs.org/@types/send/-/send-0.17.4.tgz", + "integrity": "sha512-x2EM6TJOybec7c52BX0ZspPodMsQUd5L6PRwOunVyVUhXiBSKf3AezDL8Dgvgt5o0UfKNfuA0eMLr2wLT4AiBA==", + "license": "MIT", + "dependencies": { + "@types/mime": "^1", + "@types/node": "*" + } + }, + "node_modules/@types/serve-index": { + "version": "1.9.4", + "resolved": "https://registry.npmjs.org/@types/serve-index/-/serve-index-1.9.4.tgz", + "integrity": "sha512-qLpGZ/c2fhSs5gnYsQxtDEq3Oy8SXPClIXkW5ghvAvsNuVSA8k+gCONcUCS/UjLEYvYps+e8uBtfgXgvhwfNug==", + "license": "MIT", + "dependencies": { + "@types/express": "*" + } + }, + "node_modules/@types/serve-static": { + "version": "1.15.7", + "resolved": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.7.tgz", + "integrity": "sha512-W8Ym+h8nhuRwaKPaDw34QUkwsGi6Rc4yYqvKFo5rm2FUEhCFbzVWrxXUxuKK8TASjWsysJY0nsmNCGhCOIsrOw==", + "license": "MIT", + "dependencies": { + "@types/http-errors": "*", + "@types/node": "*", + "@types/send": "*" + } + }, + "node_modules/@types/sockjs": { + "version": "0.3.36", + "resolved": "https://registry.npmjs.org/@types/sockjs/-/sockjs-0.3.36.tgz", + "integrity": "sha512-MK9V6NzAS1+Ud7JV9lJLFqW85VbC9dq3LmwZCuBe4wBDgKC0Kj/jd8Xl+nSviU+Qc3+m7umHHyHg//2KSa0a0Q==", + "license": "MIT", + "dependencies": { + "@types/node": "*" + } + }, + "node_modules/@types/trusted-types": { + "version": "2.0.7", + "resolved": "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.7.tgz", + "integrity": "sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==", + "license": "MIT" + }, + "node_modules/@types/unist": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/@types/unist/-/unist-3.0.3.tgz", + "integrity": "sha512-ko/gIFJRv177XgZsZcBwnqJN5x/Gien8qNOn0D5bQU/zAzVf9Zt3BlcUiLqhV9y4ARk0GbT3tnUiPNgnTXzc/Q==", + "license": "MIT" + }, + "node_modules/@types/ws": { + "version": "8.5.13", + "resolved": "https://registry.npmjs.org/@types/ws/-/ws-8.5.13.tgz", + "integrity": "sha512-osM/gWBTPKgHV8XkTunnegTRIsvF6owmf5w+JtAfOw472dptdm0dlGv4xCt6GwQRcC2XVOvvRE/0bAoQcL2QkA==", + "license": "MIT", + "dependencies": { + "@types/node": "*" + } + }, + "node_modules/@types/yargs": { + "version": "17.0.33", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-17.0.33.tgz", + "integrity": "sha512-WpxBCKWPLr4xSsHgz511rFJAM+wS28w2zEO1QDNY5zM/S8ok70NNfztH0xwhqKyaK0OHCbN98LDAZuy1ctxDkA==", + "license": "MIT", + "dependencies": { + "@types/yargs-parser": "*" + } + }, + "node_modules/@types/yargs-parser": { + "version": "21.0.3", + "resolved": "https://registry.npmjs.org/@types/yargs-parser/-/yargs-parser-21.0.3.tgz", + "integrity": "sha512-I4q9QU9MQv4oEOz4tAHJtNz1cwuLxn2F3xcc2iV5WdqLPpUnj30aUuxt1mAxYTG+oe8CZMV/+6rU4S4gRDzqtQ==", + "license": "MIT" + }, + "node_modules/@ungap/structured-clone": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/@ungap/structured-clone/-/structured-clone-1.2.0.tgz", + "integrity": "sha512-zuVdFrMJiuCDQUMCzQaD6KL28MjnqqN8XnAqiEq9PNm/hCPTSGfrXCOfwj1ow4LFb/tNymJPwsNbVePc1xFqrQ==", + "license": "ISC" + }, + "node_modules/@webassemblyjs/ast": { + "version": "1.14.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/ast/-/ast-1.14.1.tgz", + "integrity": "sha512-nuBEDgQfm1ccRp/8bCQrx1frohyufl4JlbMMZ4P1wpeOfDhF6FQkxZJ1b/e+PLwr6X1Nhw6OLme5usuBWYBvuQ==", + "license": "MIT", + "dependencies": { + "@webassemblyjs/helper-numbers": "1.13.2", + "@webassemblyjs/helper-wasm-bytecode": "1.13.2" + } + }, + "node_modules/@webassemblyjs/floating-point-hex-parser": { + "version": "1.13.2", + "resolved": "https://registry.npmjs.org/@webassemblyjs/floating-point-hex-parser/-/floating-point-hex-parser-1.13.2.tgz", + "integrity": "sha512-6oXyTOzbKxGH4steLbLNOu71Oj+C8Lg34n6CqRvqfS2O71BxY6ByfMDRhBytzknj9yGUPVJ1qIKhRlAwO1AovA==", + "license": "MIT" + }, + "node_modules/@webassemblyjs/helper-api-error": { + "version": "1.13.2", + "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-api-error/-/helper-api-error-1.13.2.tgz", + "integrity": "sha512-U56GMYxy4ZQCbDZd6JuvvNV/WFildOjsaWD3Tzzvmw/mas3cXzRJPMjP83JqEsgSbyrmaGjBfDtV7KDXV9UzFQ==", + "license": "MIT" + }, + "node_modules/@webassemblyjs/helper-buffer": { + "version": "1.14.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-buffer/-/helper-buffer-1.14.1.tgz", + "integrity": "sha512-jyH7wtcHiKssDtFPRB+iQdxlDf96m0E39yb0k5uJVhFGleZFoNw1c4aeIcVUPPbXUVJ94wwnMOAqUHyzoEPVMA==", + "license": "MIT" + }, + "node_modules/@webassemblyjs/helper-numbers": { + "version": "1.13.2", + "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-numbers/-/helper-numbers-1.13.2.tgz", + "integrity": "sha512-FE8aCmS5Q6eQYcV3gI35O4J789wlQA+7JrqTTpJqn5emA4U2hvwJmvFRC0HODS+3Ye6WioDklgd6scJ3+PLnEA==", + "license": "MIT", + "dependencies": { + "@webassemblyjs/floating-point-hex-parser": "1.13.2", + "@webassemblyjs/helper-api-error": "1.13.2", + "@xtuc/long": "4.2.2" + } + }, + "node_modules/@webassemblyjs/helper-wasm-bytecode": { + "version": "1.13.2", + "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-wasm-bytecode/-/helper-wasm-bytecode-1.13.2.tgz", + "integrity": "sha512-3QbLKy93F0EAIXLh0ogEVR6rOubA9AoZ+WRYhNbFyuB70j3dRdwH9g+qXhLAO0kiYGlg3TxDV+I4rQTr/YNXkA==", + "license": "MIT" + }, + "node_modules/@webassemblyjs/helper-wasm-section": { + "version": "1.14.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/helper-wasm-section/-/helper-wasm-section-1.14.1.tgz", + "integrity": "sha512-ds5mXEqTJ6oxRoqjhWDU83OgzAYjwsCV8Lo/N+oRsNDmx/ZDpqalmrtgOMkHwxsG0iI//3BwWAErYRHtgn0dZw==", + "license": "MIT", + "dependencies": { + "@webassemblyjs/ast": "1.14.1", + "@webassemblyjs/helper-buffer": "1.14.1", + "@webassemblyjs/helper-wasm-bytecode": "1.13.2", + "@webassemblyjs/wasm-gen": "1.14.1" + } + }, + "node_modules/@webassemblyjs/ieee754": { + "version": "1.13.2", + "resolved": "https://registry.npmjs.org/@webassemblyjs/ieee754/-/ieee754-1.13.2.tgz", + "integrity": "sha512-4LtOzh58S/5lX4ITKxnAK2USuNEvpdVV9AlgGQb8rJDHaLeHciwG4zlGr0j/SNWlr7x3vO1lDEsuePvtcDNCkw==", + "license": "MIT", + "dependencies": { + "@xtuc/ieee754": "^1.2.0" + } + }, + "node_modules/@webassemblyjs/leb128": { + "version": "1.13.2", + "resolved": "https://registry.npmjs.org/@webassemblyjs/leb128/-/leb128-1.13.2.tgz", + "integrity": "sha512-Lde1oNoIdzVzdkNEAWZ1dZ5orIbff80YPdHx20mrHwHrVNNTjNr8E3xz9BdpcGqRQbAEa+fkrCb+fRFTl/6sQw==", + "license": "Apache-2.0", + "dependencies": { + "@xtuc/long": "4.2.2" + } + }, + "node_modules/@webassemblyjs/utf8": { + "version": "1.13.2", + "resolved": "https://registry.npmjs.org/@webassemblyjs/utf8/-/utf8-1.13.2.tgz", + "integrity": "sha512-3NQWGjKTASY1xV5m7Hr0iPeXD9+RDobLll3T9d2AO+g3my8xy5peVyjSag4I50mR1bBSN/Ct12lo+R9tJk0NZQ==", + "license": "MIT" + }, + "node_modules/@webassemblyjs/wasm-edit": { + "version": "1.14.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-edit/-/wasm-edit-1.14.1.tgz", + "integrity": "sha512-RNJUIQH/J8iA/1NzlE4N7KtyZNHi3w7at7hDjvRNm5rcUXa00z1vRz3glZoULfJ5mpvYhLybmVcwcjGrC1pRrQ==", + "license": "MIT", + "dependencies": { + "@webassemblyjs/ast": "1.14.1", + "@webassemblyjs/helper-buffer": "1.14.1", + "@webassemblyjs/helper-wasm-bytecode": "1.13.2", + "@webassemblyjs/helper-wasm-section": "1.14.1", + "@webassemblyjs/wasm-gen": "1.14.1", + "@webassemblyjs/wasm-opt": "1.14.1", + "@webassemblyjs/wasm-parser": "1.14.1", + "@webassemblyjs/wast-printer": "1.14.1" + } + }, + "node_modules/@webassemblyjs/wasm-gen": { + "version": "1.14.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-gen/-/wasm-gen-1.14.1.tgz", + "integrity": "sha512-AmomSIjP8ZbfGQhumkNvgC33AY7qtMCXnN6bL2u2Js4gVCg8fp735aEiMSBbDR7UQIj90n4wKAFUSEd0QN2Ukg==", + "license": "MIT", + "dependencies": { + "@webassemblyjs/ast": "1.14.1", + "@webassemblyjs/helper-wasm-bytecode": "1.13.2", + "@webassemblyjs/ieee754": "1.13.2", + "@webassemblyjs/leb128": "1.13.2", + "@webassemblyjs/utf8": "1.13.2" + } + }, + "node_modules/@webassemblyjs/wasm-opt": { + "version": "1.14.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-opt/-/wasm-opt-1.14.1.tgz", + "integrity": "sha512-PTcKLUNvBqnY2U6E5bdOQcSM+oVP/PmrDY9NzowJjislEjwP/C4an2303MCVS2Mg9d3AJpIGdUFIQQWbPds0Sw==", + "license": "MIT", + "dependencies": { + "@webassemblyjs/ast": "1.14.1", + "@webassemblyjs/helper-buffer": "1.14.1", + "@webassemblyjs/wasm-gen": "1.14.1", + "@webassemblyjs/wasm-parser": "1.14.1" + } + }, + "node_modules/@webassemblyjs/wasm-parser": { + "version": "1.14.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/wasm-parser/-/wasm-parser-1.14.1.tgz", + "integrity": "sha512-JLBl+KZ0R5qB7mCnud/yyX08jWFw5MsoalJ1pQ4EdFlgj9VdXKGuENGsiCIjegI1W7p91rUlcB/LB5yRJKNTcQ==", + "license": "MIT", + "dependencies": { + "@webassemblyjs/ast": "1.14.1", + "@webassemblyjs/helper-api-error": "1.13.2", + "@webassemblyjs/helper-wasm-bytecode": "1.13.2", + "@webassemblyjs/ieee754": "1.13.2", + "@webassemblyjs/leb128": "1.13.2", + "@webassemblyjs/utf8": "1.13.2" + } + }, + "node_modules/@webassemblyjs/wast-printer": { + "version": "1.14.1", + "resolved": "https://registry.npmjs.org/@webassemblyjs/wast-printer/-/wast-printer-1.14.1.tgz", + "integrity": "sha512-kPSSXE6De1XOR820C90RIo2ogvZG+c3KiHzqUoO/F34Y2shGzesfqv7o57xrxovZJH/MetF5UjroJ/R/3isoiw==", + "license": "MIT", + "dependencies": { + "@webassemblyjs/ast": "1.14.1", + "@xtuc/long": "4.2.2" + } + }, + "node_modules/@xtuc/ieee754": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/@xtuc/ieee754/-/ieee754-1.2.0.tgz", + "integrity": "sha512-DX8nKgqcGwsc0eJSqYt5lwP4DH5FlHnmuWWBRy7X0NcaGR0ZtuyeESgMwTYVEtxmsNGY+qit4QYT/MIYTOTPeA==", + "license": "BSD-3-Clause" + }, + "node_modules/@xtuc/long": { + "version": "4.2.2", + "resolved": "https://registry.npmjs.org/@xtuc/long/-/long-4.2.2.tgz", + "integrity": "sha512-NuHqBY1PB/D8xU6s/thBgOAiAP7HOYDQ32+BFZILJ8ivkUkAHQnWfn6WhL79Owj1qmUnoN/YPhktdIoucipkAQ==", + "license": "Apache-2.0" + }, + "node_modules/accepts": { + "version": "1.3.8", + "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz", + "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==", + "license": "MIT", + "dependencies": { + "mime-types": "~2.1.34", + "negotiator": "0.6.3" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/accepts/node_modules/mime-db": { + "version": "1.52.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/accepts/node_modules/mime-types": { + "version": "2.1.35", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", + "license": "MIT", + "dependencies": { + "mime-db": "1.52.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/accepts/node_modules/negotiator": { + "version": "0.6.3", + "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz", + "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/acorn": { + "version": "8.14.0", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.14.0.tgz", + "integrity": "sha512-cl669nCJTZBsL97OF4kUQm5g5hC2uihk0NxY3WENAC0TYdILVkAyHymAntgxGkl7K+t0cXIrH5siy5S4XkFycA==", + "license": "MIT", + "bin": { + "acorn": "bin/acorn" + }, + "engines": { + "node": ">=0.4.0" + } + }, + "node_modules/acorn-jsx": { + "version": "5.3.2", + "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz", + "integrity": "sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==", + "license": "MIT", + "peerDependencies": { + "acorn": "^6.0.0 || ^7.0.0 || ^8.0.0" + } + }, + "node_modules/acorn-walk": { + "version": "8.3.4", + "resolved": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.3.4.tgz", + "integrity": "sha512-ueEepnujpqee2o5aIYnvHU6C0A42MNdsIDeqy5BydrkuC5R1ZuUFnm27EeFJGoEHJQgn3uleRvmTXaJgfXbt4g==", + "license": "MIT", + "dependencies": { + "acorn": "^8.11.0" + }, + "engines": { + "node": ">=0.4.0" + } + }, + "node_modules/address": { + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/address/-/address-1.2.2.tgz", + "integrity": "sha512-4B/qKCfeE/ODUaAUpSwfzazo5x29WD4r3vXiWsB7I2mSDAihwEqKO+g8GELZUQSSAo5e1XTYh3ZVfLyxBc12nA==", + "license": "MIT", + "engines": { + "node": ">= 10.0.0" + } + }, + "node_modules/aggregate-error": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/aggregate-error/-/aggregate-error-3.1.0.tgz", + "integrity": "sha512-4I7Td01quW/RpocfNayFdFVk1qSuoh0E7JrbRJ16nH01HhKFQ88INq9Sd+nd72zqRySlr9BmDA8xlEJ6vJMrYA==", + "license": "MIT", + "dependencies": { + "clean-stack": "^2.0.0", + "indent-string": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/ajv": { + "version": "8.17.1", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz", + "integrity": "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==", + "license": "MIT", + "dependencies": { + "fast-deep-equal": "^3.1.3", + "fast-uri": "^3.0.1", + "json-schema-traverse": "^1.0.0", + "require-from-string": "^2.0.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/ajv-formats": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/ajv-formats/-/ajv-formats-2.1.1.tgz", + "integrity": "sha512-Wx0Kx52hxE7C18hkMEggYlEifqWZtYaRgouJor+WMdPnQyEK13vgEWyVNup7SoeeoLMsr4kf5h6dOW11I15MUA==", + "license": "MIT", + "dependencies": { + "ajv": "^8.0.0" + }, + "peerDependencies": { + "ajv": "^8.0.0" + }, + "peerDependenciesMeta": { + "ajv": { + "optional": true + } + } + }, + "node_modules/ajv-keywords": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-5.1.0.tgz", + "integrity": "sha512-YCS/JNFAUyr5vAuhk1DWm1CBxRHW9LbJ2ozWeemrIqpbsqKjHVxYPyi5GC0rjZIT5JxJ3virVTS8wk4i/Z+krw==", + "license": "MIT", + "dependencies": { + "fast-deep-equal": "^3.1.3" + }, + "peerDependencies": { + "ajv": "^8.8.2" + } + }, + "node_modules/algoliasearch": { + "version": "4.24.0", + "resolved": "https://registry.npmjs.org/algoliasearch/-/algoliasearch-4.24.0.tgz", + "integrity": "sha512-bf0QV/9jVejssFBmz2HQLxUadxk574t4iwjCKp5E7NBzwKkrDEhKPISIIjAU/p6K5qDx3qoeh4+26zWN1jmw3g==", + "license": "MIT", + "dependencies": { + "@algolia/cache-browser-local-storage": "4.24.0", + "@algolia/cache-common": "4.24.0", + "@algolia/cache-in-memory": "4.24.0", + "@algolia/client-account": "4.24.0", + "@algolia/client-analytics": "4.24.0", + "@algolia/client-common": "4.24.0", + "@algolia/client-personalization": "4.24.0", + "@algolia/client-search": "4.24.0", + "@algolia/logger-common": "4.24.0", + "@algolia/logger-console": "4.24.0", + "@algolia/recommend": "4.24.0", + "@algolia/requester-browser-xhr": "4.24.0", + "@algolia/requester-common": "4.24.0", + "@algolia/requester-node-http": "4.24.0", + "@algolia/transporter": "4.24.0" + } + }, + "node_modules/algoliasearch-helper": { + "version": "3.22.5", + "resolved": "https://registry.npmjs.org/algoliasearch-helper/-/algoliasearch-helper-3.22.5.tgz", + "integrity": "sha512-lWvhdnc+aKOKx8jyA3bsdEgHzm/sglC4cYdMG4xSQyRiPLJVJtH/IVYZG3Hp6PkTEhQqhyVYkeP9z2IlcHJsWw==", + "license": "MIT", + "dependencies": { + "@algolia/events": "^4.0.1" + }, + "peerDependencies": { + "algoliasearch": ">= 3.1 < 6" + } + }, + "node_modules/ansi-align": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/ansi-align/-/ansi-align-3.0.1.tgz", + "integrity": "sha512-IOfwwBF5iczOjp/WeY4YxyjqAFMQoZufdQWDd19SEExbVLNXqvpzSJ/M7Za4/sCPmQ0+GRquoA7bGcINcxew6w==", + "license": "ISC", + "dependencies": { + "string-width": "^4.1.0" + } + }, + "node_modules/ansi-align/node_modules/emoji-regex": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", + "license": "MIT" + }, + "node_modules/ansi-align/node_modules/string-width": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "license": "MIT", + "dependencies": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/ansi-escapes": { + "version": "4.3.2", + "resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-4.3.2.tgz", + "integrity": "sha512-gKXj5ALrKWQLsYG9jlTRmR/xKluxHV+Z9QEwNIgCfM1/uwPMCuzVVnh5mwTd+OuBZcwSIMbqssNWRm1lE51QaQ==", + "license": "MIT", + "dependencies": { + "type-fest": "^0.21.3" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/ansi-escapes/node_modules/type-fest": { + "version": "0.21.3", + "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.21.3.tgz", + "integrity": "sha512-t0rzBq87m3fVcduHDUFhKmyyX+9eo6WQjZvf51Ea/M0Q7+T374Jp1aUiyUl0GKxp8M/OETVHSDvmkyPgvX+X2w==", + "license": "(MIT OR CC0-1.0)", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/ansi-html-community": { + "version": "0.0.8", + "resolved": "https://registry.npmjs.org/ansi-html-community/-/ansi-html-community-0.0.8.tgz", + "integrity": "sha512-1APHAyr3+PCamwNw3bXCPp4HFLONZt/yIH0sZp0/469KWNTEy+qN5jQ3GVX6DMZ1UXAi34yVwtTeaG/HpBuuzw==", + "engines": [ + "node >= 0.8.0" + ], + "license": "Apache-2.0", + "bin": { + "ansi-html": "bin/ansi-html" + } + }, + "node_modules/ansi-regex": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/ansi-styles": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", + "license": "MIT", + "dependencies": { + "color-convert": "^2.0.1" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/anymatch": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz", + "integrity": "sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==", + "license": "ISC", + "dependencies": { + "normalize-path": "^3.0.0", + "picomatch": "^2.0.4" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/arg": { + "version": "5.0.2", + "resolved": "https://registry.npmjs.org/arg/-/arg-5.0.2.tgz", + "integrity": "sha512-PYjyFOLKQ9y57JvQ6QLo8dAgNqswh8M1RMJYdQduT6xbWSgK36P/Z/v+p888pM69jMMfS8Xd8F6I1kQ/I9HUGg==", + "license": "MIT" + }, + "node_modules/argparse": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==", + "license": "Python-2.0" + }, + "node_modules/array-flatten": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", + "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg==", + "license": "MIT" + }, + "node_modules/array-union": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz", + "integrity": "sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/asciinema-player": { + "version": "3.8.1", + "resolved": "https://registry.npmjs.org/asciinema-player/-/asciinema-player-3.8.1.tgz", + "integrity": "sha512-NkpbFg81Y6iJFpDRndakLCQ0G26XSpvuT3vJTFjMRgHb26lqHgRNY9gun54e5MehZ4fEDNYkMZv+z6MfZ8c2aA==", + "license": "Apache-2.0", + "dependencies": { + "@babel/runtime": "^7.21.0", + "solid-js": "^1.3.0" + } + }, + "node_modules/astring": { + "version": "1.9.0", + "resolved": "https://registry.npmjs.org/astring/-/astring-1.9.0.tgz", + "integrity": "sha512-LElXdjswlqjWrPpJFg1Fx4wpkOCxj1TDHlSV4PlaRxHGWko024xICaa97ZkMfs6DRKlCguiAI+rbXv5GWwXIkg==", + "license": "MIT", + "bin": { + "astring": "bin/astring" + } + }, + "node_modules/at-least-node": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/at-least-node/-/at-least-node-1.0.0.tgz", + "integrity": "sha512-+q/t7Ekv1EDY2l6Gda6LLiX14rU9TV20Wa3ofeQmwPFZbOMo9DXrLbOjFaaclkXKWidIaopwAObQDqwWtGUjqg==", + "license": "ISC", + "engines": { + "node": ">= 4.0.0" + } + }, + "node_modules/autoprefixer": { + "version": "10.4.20", + "resolved": "https://registry.npmjs.org/autoprefixer/-/autoprefixer-10.4.20.tgz", + "integrity": "sha512-XY25y5xSv/wEoqzDyXXME4AFfkZI0P23z6Fs3YgymDnKJkCGOnkL0iTxCa85UTqaSgfcqyf3UA6+c7wUvx/16g==", + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/postcss/" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/autoprefixer" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "dependencies": { + "browserslist": "^4.23.3", + "caniuse-lite": "^1.0.30001646", + "fraction.js": "^4.3.7", + "normalize-range": "^0.1.2", + "picocolors": "^1.0.1", + "postcss-value-parser": "^4.2.0" + }, + "bin": { + "autoprefixer": "bin/autoprefixer" + }, + "engines": { + "node": "^10 || ^12 || >=14" + }, + "peerDependencies": { + "postcss": "^8.1.0" + } + }, + "node_modules/babel-loader": { + "version": "9.2.1", + "resolved": "https://registry.npmjs.org/babel-loader/-/babel-loader-9.2.1.tgz", + "integrity": "sha512-fqe8naHt46e0yIdkjUZYqddSXfej3AHajX+CSO5X7oy0EmPc6o5Xh+RClNoHjnieWz9AW4kZxW9yyFMhVB1QLA==", + "license": "MIT", + "dependencies": { + "find-cache-dir": "^4.0.0", + "schema-utils": "^4.0.0" + }, + "engines": { + "node": ">= 14.15.0" + }, + "peerDependencies": { + "@babel/core": "^7.12.0", + "webpack": ">=5" + } + }, + "node_modules/babel-plugin-dynamic-import-node": { + "version": "2.3.3", + "resolved": "https://registry.npmjs.org/babel-plugin-dynamic-import-node/-/babel-plugin-dynamic-import-node-2.3.3.tgz", + "integrity": "sha512-jZVI+s9Zg3IqA/kdi0i6UDCybUI3aSBLnglhYbSSjKlV7yF1F/5LWv8MakQmvYpnbJDS6fcBL2KzHSxNCMtWSQ==", + "license": "MIT", + "dependencies": { + "object.assign": "^4.1.0" + } + }, + "node_modules/babel-plugin-polyfill-corejs2": { + "version": "0.4.12", + "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-corejs2/-/babel-plugin-polyfill-corejs2-0.4.12.tgz", + "integrity": "sha512-CPWT6BwvhrTO2d8QVorhTCQw9Y43zOu7G9HigcfxvepOU6b8o3tcWad6oVgZIsZCTt42FFv97aA7ZJsbM4+8og==", + "license": "MIT", + "dependencies": { + "@babel/compat-data": "^7.22.6", + "@babel/helper-define-polyfill-provider": "^0.6.3", + "semver": "^6.3.1" + }, + "peerDependencies": { + "@babel/core": "^7.4.0 || ^8.0.0-0 <8.0.0" + } + }, + "node_modules/babel-plugin-polyfill-corejs2/node_modules/semver": { + "version": "6.3.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", + "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + } + }, + "node_modules/babel-plugin-polyfill-corejs3": { + "version": "0.10.6", + "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-corejs3/-/babel-plugin-polyfill-corejs3-0.10.6.tgz", + "integrity": "sha512-b37+KR2i/khY5sKmWNVQAnitvquQbNdWy6lJdsr0kmquCKEEUgMKK4SboVM3HtfnZilfjr4MMQ7vY58FVWDtIA==", + "license": "MIT", + "dependencies": { + "@babel/helper-define-polyfill-provider": "^0.6.2", + "core-js-compat": "^3.38.0" + }, + "peerDependencies": { + "@babel/core": "^7.4.0 || ^8.0.0-0 <8.0.0" + } + }, + "node_modules/babel-plugin-polyfill-regenerator": { + "version": "0.6.3", + "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-regenerator/-/babel-plugin-polyfill-regenerator-0.6.3.tgz", + "integrity": "sha512-LiWSbl4CRSIa5x/JAU6jZiG9eit9w6mz+yVMFwDE83LAWvt0AfGBoZ7HS/mkhrKuh2ZlzfVZYKoLjXdqw6Yt7Q==", + "license": "MIT", + "dependencies": { + "@babel/helper-define-polyfill-provider": "^0.6.3" + }, + "peerDependencies": { + "@babel/core": "^7.4.0 || ^8.0.0-0 <8.0.0" + } + }, + "node_modules/bail": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/bail/-/bail-2.0.2.tgz", + "integrity": "sha512-0xO6mYd7JB2YesxDKplafRpsiOzPt9V02ddPCLbY1xYGPOX24NTyN50qnUxgCPcSoYMhKpAuBTjQoRZCAkUDRw==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/balanced-match": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", + "license": "MIT" + }, + "node_modules/batch": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/batch/-/batch-0.6.1.tgz", + "integrity": "sha512-x+VAiMRL6UPkx+kudNvxTl6hB2XNNCG2r+7wixVfIYwu/2HKRXimwQyaumLjMveWvT2Hkd/cAJw+QBMfJ/EKVw==", + "license": "MIT" + }, + "node_modules/big.js": { + "version": "5.2.2", + "resolved": "https://registry.npmjs.org/big.js/-/big.js-5.2.2.tgz", + "integrity": "sha512-vyL2OymJxmarO8gxMr0mhChsO9QGwhynfuu4+MHTAW6czfq9humCB7rKpUjDd9YUiDPU4mzpyupFSvOClAwbmQ==", + "license": "MIT", + "engines": { + "node": "*" + } + }, + "node_modules/binary-extensions": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz", + "integrity": "sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw==", + "license": "MIT", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/body-parser": { + "version": "1.20.3", + "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.3.tgz", + "integrity": "sha512-7rAxByjUMqQ3/bHJy7D6OGXvx/MMc4IqBn/X0fcM1QUcAItpZrBEYhWGem+tzXH90c+G01ypMcYJBO9Y30203g==", + "license": "MIT", + "dependencies": { + "bytes": "3.1.2", + "content-type": "~1.0.5", + "debug": "2.6.9", + "depd": "2.0.0", + "destroy": "1.2.0", + "http-errors": "2.0.0", + "iconv-lite": "0.4.24", + "on-finished": "2.4.1", + "qs": "6.13.0", + "raw-body": "2.5.2", + "type-is": "~1.6.18", + "unpipe": "1.0.0" + }, + "engines": { + "node": ">= 0.8", + "npm": "1.2.8000 || >= 1.4.16" + } + }, + "node_modules/body-parser/node_modules/bytes": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", + "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/body-parser/node_modules/debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "license": "MIT", + "dependencies": { + "ms": "2.0.0" + } + }, + "node_modules/body-parser/node_modules/iconv-lite": { + "version": "0.4.24", + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", + "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==", + "license": "MIT", + "dependencies": { + "safer-buffer": ">= 2.1.2 < 3" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/body-parser/node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", + "license": "MIT" + }, + "node_modules/bonjour-service": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/bonjour-service/-/bonjour-service-1.3.0.tgz", + "integrity": "sha512-3YuAUiSkWykd+2Azjgyxei8OWf8thdn8AITIog2M4UICzoqfjlqr64WIjEXZllf/W6vK1goqleSR6brGomxQqA==", + "license": "MIT", + "dependencies": { + "fast-deep-equal": "^3.1.3", + "multicast-dns": "^7.2.5" + } + }, + "node_modules/boolbase": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/boolbase/-/boolbase-1.0.0.tgz", + "integrity": "sha512-JZOSA7Mo9sNGB8+UjSgzdLtokWAky1zbztM3WRLCbZ70/3cTANmQmOdR7y2g+J0e2WXywy1yS468tY+IruqEww==", + "license": "ISC" + }, + "node_modules/boxen": { + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/boxen/-/boxen-6.2.1.tgz", + "integrity": "sha512-H4PEsJXfFI/Pt8sjDWbHlQPx4zL/bvSQjcilJmaulGt5mLDorHOHpmdXAJcBcmru7PhYSp/cDMWRko4ZUMFkSw==", + "license": "MIT", + "dependencies": { + "ansi-align": "^3.0.1", + "camelcase": "^6.2.0", + "chalk": "^4.1.2", + "cli-boxes": "^3.0.0", + "string-width": "^5.0.1", + "type-fest": "^2.5.0", + "widest-line": "^4.0.1", + "wrap-ansi": "^8.0.1" + }, + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/brace-expansion": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "license": "MIT", + "dependencies": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, + "node_modules/braces": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", + "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", + "license": "MIT", + "dependencies": { + "fill-range": "^7.1.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/browserslist": { + "version": "4.24.2", + "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.24.2.tgz", + "integrity": "sha512-ZIc+Q62revdMcqC6aChtW4jz3My3klmCO1fEmINZY/8J3EpBg5/A/D0AKmBveUh6pgoeycoMkVMko84tuYS+Gg==", + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/browserslist" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/browserslist" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "dependencies": { + "caniuse-lite": "^1.0.30001669", + "electron-to-chromium": "^1.5.41", + "node-releases": "^2.0.18", + "update-browserslist-db": "^1.1.1" + }, + "bin": { + "browserslist": "cli.js" + }, + "engines": { + "node": "^6 || ^7 || ^8 || ^9 || ^10 || ^11 || ^12 || >=13.7" + } + }, + "node_modules/buffer-from": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz", + "integrity": "sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ==", + "license": "MIT" + }, + "node_modules/bytes": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.0.0.tgz", + "integrity": "sha512-pMhOfFDPiv9t5jjIXkHosWmkSyQbvsgEVNkz0ERHbuLh2T/7j4Mqqpz523Fe8MVY89KC6Sh/QfS2sM+SjgFDcw==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/cacheable-lookup": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/cacheable-lookup/-/cacheable-lookup-7.0.0.tgz", + "integrity": "sha512-+qJyx4xiKra8mZrcwhjMRMUhD5NR1R8esPkzIYxX96JiecFoxAXFuz/GpR3+ev4PE1WamHip78wV0vcmPQtp8w==", + "license": "MIT", + "engines": { + "node": ">=14.16" + } + }, + "node_modules/cacheable-request": { + "version": "10.2.14", + "resolved": "https://registry.npmjs.org/cacheable-request/-/cacheable-request-10.2.14.tgz", + "integrity": "sha512-zkDT5WAF4hSSoUgyfg5tFIxz8XQK+25W/TLVojJTMKBaxevLBBtLxgqguAuVQB8PVW79FVjHcU+GJ9tVbDZ9mQ==", + "license": "MIT", + "dependencies": { + "@types/http-cache-semantics": "^4.0.2", + "get-stream": "^6.0.1", + "http-cache-semantics": "^4.1.1", + "keyv": "^4.5.3", + "mimic-response": "^4.0.0", + "normalize-url": "^8.0.0", + "responselike": "^3.0.0" + }, + "engines": { + "node": ">=14.16" + } + }, + "node_modules/call-bind": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.7.tgz", + "integrity": "sha512-GHTSNSYICQ7scH7sZ+M2rFopRoLh8t2bLSW6BbgrtLsahOIB5iyAVJf9GjWK3cYTDaMj4XdBpM1cA6pIS0Kv2w==", + "license": "MIT", + "dependencies": { + "es-define-property": "^1.0.0", + "es-errors": "^1.3.0", + "function-bind": "^1.1.2", + "get-intrinsic": "^1.2.4", + "set-function-length": "^1.2.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/callsites": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz", + "integrity": "sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/camel-case": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/camel-case/-/camel-case-4.1.2.tgz", + "integrity": "sha512-gxGWBrTT1JuMx6R+o5PTXMmUnhnVzLQ9SNutD4YqKtI6ap897t3tKECYla6gCWEkplXnlNybEkZg9GEGxKFCgw==", + "license": "MIT", + "dependencies": { + "pascal-case": "^3.1.2", + "tslib": "^2.0.3" + } + }, + "node_modules/camelcase": { + "version": "6.3.0", + "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz", + "integrity": "sha512-Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA==", + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/caniuse-api": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/caniuse-api/-/caniuse-api-3.0.0.tgz", + "integrity": "sha512-bsTwuIg/BZZK/vreVTYYbSWoe2F+71P7K5QGEX+pT250DZbfU1MQ5prOKpPR+LL6uWKK3KMwMCAS74QB3Um1uw==", + "license": "MIT", + "dependencies": { + "browserslist": "^4.0.0", + "caniuse-lite": "^1.0.0", + "lodash.memoize": "^4.1.2", + "lodash.uniq": "^4.5.0" + } + }, + "node_modules/caniuse-lite": { + "version": "1.0.30001680", + "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001680.tgz", + "integrity": "sha512-rPQy70G6AGUMnbwS1z6Xg+RkHYPAi18ihs47GH0jcxIG7wArmPgY3XbS2sRdBbxJljp3thdT8BIqv9ccCypiPA==", + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/browserslist" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/caniuse-lite" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "CC-BY-4.0" + }, + "node_modules/ccount": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/ccount/-/ccount-2.0.1.tgz", + "integrity": "sha512-eyrF0jiFpY+3drT6383f1qhkbGsLSifNAjA61IUjZjmLCWjItY6LB9ft9YhoDgwfmclB2zhu51Lc7+95b8NRAg==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "license": "MIT", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/char-regex": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/char-regex/-/char-regex-1.0.2.tgz", + "integrity": "sha512-kWWXztvZ5SBQV+eRgKFeh8q5sLuZY2+8WUIzlxWVTg+oGwY14qylx1KbKzHd8P6ZYkAg0xyIDU9JMHhyJMZ1jw==", + "license": "MIT", + "engines": { + "node": ">=10" + } + }, + "node_modules/character-entities": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/character-entities/-/character-entities-2.0.2.tgz", + "integrity": "sha512-shx7oQ0Awen/BRIdkjkvz54PnEEI/EjwXDSIZp86/KKdbafHh1Df/RYGBhn4hbe2+uKC9FnT5UCEdyPz3ai9hQ==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/character-entities-html4": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/character-entities-html4/-/character-entities-html4-2.1.0.tgz", + "integrity": "sha512-1v7fgQRj6hnSwFpq1Eu0ynr/CDEw0rXo2B61qXrLNdHZmPKgb7fqS1a2JwF0rISo9q77jDI8VMEHoApn8qDoZA==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/character-entities-legacy": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/character-entities-legacy/-/character-entities-legacy-3.0.0.tgz", + "integrity": "sha512-RpPp0asT/6ufRm//AJVwpViZbGM/MkjQFxJccQRHmISF/22NBtsHqAWmL+/pmkPWoIUJdWyeVleTl1wydHATVQ==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/character-reference-invalid": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/character-reference-invalid/-/character-reference-invalid-2.0.1.tgz", + "integrity": "sha512-iBZ4F4wRbyORVsu0jPV7gXkOsGYjGHPmAyv+HiHG8gi5PtC9KI2j1+v8/tlibRvjoWX027ypmG/n0HtO5t7unw==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/cheerio": { + "version": "1.0.0-rc.12", + "resolved": "https://registry.npmjs.org/cheerio/-/cheerio-1.0.0-rc.12.tgz", + "integrity": "sha512-VqR8m68vM46BNnuZ5NtnGBKIE/DfN0cRIzg9n40EIq9NOv90ayxLBXA8fXC5gquFRGJSTRqBq25Jt2ECLR431Q==", + "license": "MIT", + "dependencies": { + "cheerio-select": "^2.1.0", + "dom-serializer": "^2.0.0", + "domhandler": "^5.0.3", + "domutils": "^3.0.1", + "htmlparser2": "^8.0.1", + "parse5": "^7.0.0", + "parse5-htmlparser2-tree-adapter": "^7.0.0" + }, + "engines": { + "node": ">= 6" + }, + "funding": { + "url": "https://github.com/cheeriojs/cheerio?sponsor=1" + } + }, + "node_modules/cheerio-select": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/cheerio-select/-/cheerio-select-2.1.0.tgz", + "integrity": "sha512-9v9kG0LvzrlcungtnJtpGNxY+fzECQKhK4EGJX2vByejiMX84MFNQw4UxPJl3bFbTMw+Dfs37XaIkCwTZfLh4g==", + "license": "BSD-2-Clause", + "dependencies": { + "boolbase": "^1.0.0", + "css-select": "^5.1.0", + "css-what": "^6.1.0", + "domelementtype": "^2.3.0", + "domhandler": "^5.0.3", + "domutils": "^3.0.1" + }, + "funding": { + "url": "https://github.com/sponsors/fb55" + } + }, + "node_modules/chevrotain": { + "version": "11.0.3", + "resolved": "https://registry.npmjs.org/chevrotain/-/chevrotain-11.0.3.tgz", + "integrity": "sha512-ci2iJH6LeIkvP9eJW6gpueU8cnZhv85ELY8w8WiFtNjMHA5ad6pQLaJo9mEly/9qUyCpvqX8/POVUTf18/HFdw==", + "license": "Apache-2.0", + "dependencies": { + "@chevrotain/cst-dts-gen": "11.0.3", + "@chevrotain/gast": "11.0.3", + "@chevrotain/regexp-to-ast": "11.0.3", + "@chevrotain/types": "11.0.3", + "@chevrotain/utils": "11.0.3", + "lodash-es": "4.17.21" + } + }, + "node_modules/chevrotain-allstar": { + "version": "0.3.1", + "resolved": "https://registry.npmjs.org/chevrotain-allstar/-/chevrotain-allstar-0.3.1.tgz", + "integrity": "sha512-b7g+y9A0v4mxCW1qUhf3BSVPg+/NvGErk/dOkrDaHA0nQIQGAtrOjlX//9OQtRlSCy+x9rfB5N8yC71lH1nvMw==", + "license": "MIT", + "dependencies": { + "lodash-es": "^4.17.21" + }, + "peerDependencies": { + "chevrotain": "^11.0.0" + } + }, + "node_modules/chokidar": { + "version": "3.6.0", + "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz", + "integrity": "sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==", + "license": "MIT", + "dependencies": { + "anymatch": "~3.1.2", + "braces": "~3.0.2", + "glob-parent": "~5.1.2", + "is-binary-path": "~2.1.0", + "is-glob": "~4.0.1", + "normalize-path": "~3.0.0", + "readdirp": "~3.6.0" + }, + "engines": { + "node": ">= 8.10.0" + }, + "funding": { + "url": "https://paulmillr.com/funding/" + }, + "optionalDependencies": { + "fsevents": "~2.3.2" + } + }, + "node_modules/chrome-trace-event": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/chrome-trace-event/-/chrome-trace-event-1.0.4.tgz", + "integrity": "sha512-rNjApaLzuwaOTjCiT8lSDdGN1APCiqkChLMJxJPWLunPAt5fy8xgU9/jNOchV84wfIxrA0lRQB7oCT8jrn/wrQ==", + "license": "MIT", + "engines": { + "node": ">=6.0" + } + }, + "node_modules/ci-info": { + "version": "3.9.0", + "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", + "integrity": "sha512-NIxF55hv4nSqQswkAeiOi1r83xy8JldOFDTWiug55KBu9Jnblncd2U6ViHmYgHf01TPZS77NJBhBMKdWj9HQMQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/sibiraj-s" + } + ], + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/clean-css": { + "version": "5.3.3", + "resolved": "https://registry.npmjs.org/clean-css/-/clean-css-5.3.3.tgz", + "integrity": "sha512-D5J+kHaVb/wKSFcyyV75uCn8fiY4sV38XJoe4CUyGQ+mOU/fMVYUdH1hJC+CJQ5uY3EnW27SbJYS4X8BiLrAFg==", + "license": "MIT", + "dependencies": { + "source-map": "~0.6.0" + }, + "engines": { + "node": ">= 10.0" + } + }, + "node_modules/clean-css/node_modules/source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "license": "BSD-3-Clause", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/clean-stack": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/clean-stack/-/clean-stack-2.2.0.tgz", + "integrity": "sha512-4diC9HaTE+KRAMWhDhrGOECgWZxoevMc5TlkObMqNSsVU62PYzXZ/SMTjzyGAFF1YusgxGcSWTEXBhp0CPwQ1A==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/cli-boxes": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/cli-boxes/-/cli-boxes-3.0.0.tgz", + "integrity": "sha512-/lzGpEWL/8PfI0BmBOPRwp0c/wFNX1RdUML3jK/RcSBA9T8mZDdQpqYBKtCFTOfQbwPqWEOpjqW+Fnayc0969g==", + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/cli-table3": { + "version": "0.6.5", + "resolved": "https://registry.npmjs.org/cli-table3/-/cli-table3-0.6.5.tgz", + "integrity": "sha512-+W/5efTR7y5HRD7gACw9yQjqMVvEMLBHmboM/kPWam+H+Hmyrgjh6YncVKK122YZkXrLudzTuAukUw9FnMf7IQ==", + "license": "MIT", + "dependencies": { + "string-width": "^4.2.0" + }, + "engines": { + "node": "10.* || >= 12.*" + }, + "optionalDependencies": { + "@colors/colors": "1.5.0" + } + }, + "node_modules/cli-table3/node_modules/emoji-regex": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", + "license": "MIT" + }, + "node_modules/cli-table3/node_modules/string-width": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "license": "MIT", + "dependencies": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/clone-deep": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/clone-deep/-/clone-deep-4.0.1.tgz", + "integrity": "sha512-neHB9xuzh/wk0dIHweyAXv2aPGZIVk3pLMe+/RNzINf17fe0OG96QroktYAUm7SM1PBnzTabaLboqqxDyMU+SQ==", + "license": "MIT", + "dependencies": { + "is-plain-object": "^2.0.4", + "kind-of": "^6.0.2", + "shallow-clone": "^3.0.0" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/clsx": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/clsx/-/clsx-2.1.1.tgz", + "integrity": "sha512-eYm0QWBtUrBWZWG0d386OGAw16Z995PiOVo2B7bjWSbHedGl5e0ZWaq65kOGgUSNesEIDkB9ISbTg/JK9dhCZA==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/collapse-white-space": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/collapse-white-space/-/collapse-white-space-2.1.0.tgz", + "integrity": "sha512-loKTxY1zCOuG4j9f6EPnuyyYkf58RnhhWTvRoZEokgB+WbdXehfjFviyOVYkqzEWz1Q5kRiZdBYS5SwxbQYwzw==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/color-convert": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", + "license": "MIT", + "dependencies": { + "color-name": "~1.1.4" + }, + "engines": { + "node": ">=7.0.0" + } + }, + "node_modules/color-name": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", + "license": "MIT" + }, + "node_modules/colord": { + "version": "2.9.3", + "resolved": "https://registry.npmjs.org/colord/-/colord-2.9.3.tgz", + "integrity": "sha512-jeC1axXpnb0/2nn/Y1LPuLdgXBLH7aDcHu4KEKfqw3CUhX7ZpfBSlPKyqXE6btIgEzfWtrX3/tyBCaCvXvMkOw==", + "license": "MIT" + }, + "node_modules/colorette": { + "version": "2.0.20", + "resolved": "https://registry.npmjs.org/colorette/-/colorette-2.0.20.tgz", + "integrity": "sha512-IfEDxwoWIjkeXL1eXcDiow4UbKjhLdq6/EuSVR9GMN7KVH3r9gQ83e73hsz1Nd1T3ijd5xv1wcWRYO+D6kCI2w==", + "license": "MIT" + }, + "node_modules/combine-promises": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/combine-promises/-/combine-promises-1.2.0.tgz", + "integrity": "sha512-VcQB1ziGD0NXrhKxiwyNbCDmRzs/OShMs2GqW2DlU2A/Sd0nQxE1oWDAE5O0ygSx5mgQOn9eIFh7yKPgFRVkPQ==", + "license": "MIT", + "engines": { + "node": ">=10" + } + }, + "node_modules/comma-separated-tokens": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/comma-separated-tokens/-/comma-separated-tokens-2.0.3.tgz", + "integrity": "sha512-Fu4hJdvzeylCfQPp9SGWidpzrMs7tTrlu6Vb8XGaRGck8QSNZJJp538Wrb60Lax4fPwR64ViY468OIUTbRlGZg==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/commander": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-5.1.0.tgz", + "integrity": "sha512-P0CysNDQ7rtVw4QIQtm+MRxV66vKFSvlsQvGYXZWR3qFU0jlMKHZZZgw8e+8DSah4UDKMqnknRDQz+xuQXQ/Zg==", + "license": "MIT", + "engines": { + "node": ">= 6" + } + }, + "node_modules/common-path-prefix": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/common-path-prefix/-/common-path-prefix-3.0.0.tgz", + "integrity": "sha512-QE33hToZseCH3jS0qN96O/bSh3kaw/h+Tq7ngyY9eWDUnTlTNUyqfqvCXioLe5Na5jFsL78ra/wuBU4iuEgd4w==", + "license": "ISC" + }, + "node_modules/compressible": { + "version": "2.0.18", + "resolved": "https://registry.npmjs.org/compressible/-/compressible-2.0.18.tgz", + "integrity": "sha512-AF3r7P5dWxL8MxyITRMlORQNaOA2IkAFaTr4k7BUumjPtRpGDTZpl0Pb1XCO6JeDCBdp126Cgs9sMxqSjgYyRg==", + "license": "MIT", + "dependencies": { + "mime-db": ">= 1.43.0 < 2" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/compressible/node_modules/mime-db": { + "version": "1.53.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.53.0.tgz", + "integrity": "sha512-oHlN/w+3MQ3rba9rqFr6V/ypF10LSkdwUysQL7GkXoTgIWeV+tcXGA852TBxH+gsh8UWoyhR1hKcoMJTuWflpg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/compression": { + "version": "1.7.5", + "resolved": "https://registry.npmjs.org/compression/-/compression-1.7.5.tgz", + "integrity": "sha512-bQJ0YRck5ak3LgtnpKkiabX5pNF7tMUh1BSy2ZBOTh0Dim0BUu6aPPwByIns6/A5Prh8PufSPerMDUklpzes2Q==", + "license": "MIT", + "dependencies": { + "bytes": "3.1.2", + "compressible": "~2.0.18", + "debug": "2.6.9", + "negotiator": "~0.6.4", + "on-headers": "~1.0.2", + "safe-buffer": "5.2.1", + "vary": "~1.1.2" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/compression/node_modules/bytes": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", + "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/compression/node_modules/debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "license": "MIT", + "dependencies": { + "ms": "2.0.0" + } + }, + "node_modules/compression/node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", + "license": "MIT" + }, + "node_modules/concat-map": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==", + "license": "MIT" + }, + "node_modules/confbox": { + "version": "0.1.8", + "resolved": "https://registry.npmjs.org/confbox/-/confbox-0.1.8.tgz", + "integrity": "sha512-RMtmw0iFkeR4YV+fUOSucriAQNb9g8zFR52MWCtl+cCZOFRNL6zeB395vPzFhEjjn4fMxXudmELnl/KF/WrK6w==", + "license": "MIT" + }, + "node_modules/config-chain": { + "version": "1.1.13", + "resolved": "https://registry.npmjs.org/config-chain/-/config-chain-1.1.13.tgz", + "integrity": "sha512-qj+f8APARXHrM0hraqXYb2/bOVSV4PvJQlNZ/DVj0QrmNM2q2euizkeuVckQ57J+W0mRH6Hvi+k50M4Jul2VRQ==", + "license": "MIT", + "dependencies": { + "ini": "^1.3.4", + "proto-list": "~1.2.1" + } + }, + "node_modules/configstore": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/configstore/-/configstore-6.0.0.tgz", + "integrity": "sha512-cD31W1v3GqUlQvbBCGcXmd2Nj9SvLDOP1oQ0YFuLETufzSPaKp11rYBsSOm7rCsW3OnIRAFM3OxRhceaXNYHkA==", + "license": "BSD-2-Clause", + "dependencies": { + "dot-prop": "^6.0.1", + "graceful-fs": "^4.2.6", + "unique-string": "^3.0.0", + "write-file-atomic": "^3.0.3", + "xdg-basedir": "^5.0.1" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/yeoman/configstore?sponsor=1" + } + }, + "node_modules/connect-history-api-fallback": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/connect-history-api-fallback/-/connect-history-api-fallback-2.0.0.tgz", + "integrity": "sha512-U73+6lQFmfiNPrYbXqr6kZ1i1wiRqXnp2nhMsINseWXO8lDau0LGEffJ8kQi4EjLZympVgRdvqjAgiZ1tgzDDA==", + "license": "MIT", + "engines": { + "node": ">=0.8" + } + }, + "node_modules/consola": { + "version": "3.2.3", + "resolved": "https://registry.npmjs.org/consola/-/consola-3.2.3.tgz", + "integrity": "sha512-I5qxpzLv+sJhTVEoLYNcTW+bThDCPsit0vLNKShZx6rLtpilNpmmeTPaeqJb9ZE9dV3DGaeby6Vuhrw38WjeyQ==", + "license": "MIT", + "engines": { + "node": "^14.18.0 || >=16.10.0" + } + }, + "node_modules/content-disposition": { + "version": "0.5.2", + "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.2.tgz", + "integrity": "sha512-kRGRZw3bLlFISDBgwTSA1TMBFN6J6GWDeubmDE3AF+3+yXL8hTWv8r5rkLbqYXY4RjPk/EzHnClI3zQf1cFmHA==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/content-type": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", + "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/convert-source-map": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-2.0.0.tgz", + "integrity": "sha512-Kvp459HrV2FEJ1CAsi1Ku+MY3kasH19TFykTz2xWmMeq6bk2NU3XXvfJ+Q61m0xktWwt+1HSYf3JZsTms3aRJg==", + "license": "MIT" + }, + "node_modules/cookie": { + "version": "0.7.1", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.1.tgz", + "integrity": "sha512-6DnInpx7SJ2AK3+CTUE/ZM0vWTUboZCegxhC2xiIydHR9jNuTAASBrfEpHhiGOZw/nX51bHt6YQl8jsGo4y/0w==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/cookie-signature": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", + "integrity": "sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ==", + "license": "MIT" + }, + "node_modules/copy-text-to-clipboard": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/copy-text-to-clipboard/-/copy-text-to-clipboard-3.2.0.tgz", + "integrity": "sha512-RnJFp1XR/LOBDckxTib5Qjr/PMfkatD0MUCQgdpqS8MdKiNUzBjAQBEN6oUy+jW7LI93BBG3DtMB2KOOKpGs2Q==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/copy-webpack-plugin": { + "version": "11.0.0", + "resolved": "https://registry.npmjs.org/copy-webpack-plugin/-/copy-webpack-plugin-11.0.0.tgz", + "integrity": "sha512-fX2MWpamkW0hZxMEg0+mYnA40LTosOSa5TqZ9GYIBzyJa9C3QUaMPSE2xAi/buNr8u89SfD9wHSQVBzrRa/SOQ==", + "license": "MIT", + "dependencies": { + "fast-glob": "^3.2.11", + "glob-parent": "^6.0.1", + "globby": "^13.1.1", + "normalize-path": "^3.0.0", + "schema-utils": "^4.0.0", + "serialize-javascript": "^6.0.0" + }, + "engines": { + "node": ">= 14.15.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "webpack": "^5.1.0" + } + }, + "node_modules/copy-webpack-plugin/node_modules/glob-parent": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz", + "integrity": "sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==", + "license": "ISC", + "dependencies": { + "is-glob": "^4.0.3" + }, + "engines": { + "node": ">=10.13.0" + } + }, + "node_modules/copy-webpack-plugin/node_modules/globby": { + "version": "13.2.2", + "resolved": "https://registry.npmjs.org/globby/-/globby-13.2.2.tgz", + "integrity": "sha512-Y1zNGV+pzQdh7H39l9zgB4PJqjRNqydvdYCDG4HFXM4XuvSaQQlEc91IU1yALL8gUTDomgBAfz3XJdmUS+oo0w==", + "license": "MIT", + "dependencies": { + "dir-glob": "^3.0.1", + "fast-glob": "^3.3.0", + "ignore": "^5.2.4", + "merge2": "^1.4.1", + "slash": "^4.0.0" + }, + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/copy-webpack-plugin/node_modules/slash": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/slash/-/slash-4.0.0.tgz", + "integrity": "sha512-3dOsAHXXUkQTpOYcoAxLIorMTp4gIQr5IW3iVb7A7lFIp0VHhnynm9izx6TssdrIcVIESAlVjtnO2K8bg+Coew==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/core-js": { + "version": "3.39.0", + "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.39.0.tgz", + "integrity": "sha512-raM0ew0/jJUqkJ0E6e8UDtl+y/7ktFivgWvqw8dNSQeNWoSDLvQ1H/RN3aPXB9tBd4/FhyR4RDPGhsNIMsAn7g==", + "hasInstallScript": true, + "license": "MIT", + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/core-js" + } + }, + "node_modules/core-js-compat": { + "version": "3.39.0", + "resolved": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.39.0.tgz", + "integrity": "sha512-VgEUx3VwlExr5no0tXlBt+silBvhTryPwCXRI2Id1PN8WTKu7MreethvddqOubrYxkFdv/RnYrqlv1sFNAUelw==", + "license": "MIT", + "dependencies": { + "browserslist": "^4.24.2" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/core-js" + } + }, + "node_modules/core-js-pure": { + "version": "3.39.0", + "resolved": "https://registry.npmjs.org/core-js-pure/-/core-js-pure-3.39.0.tgz", + "integrity": "sha512-7fEcWwKI4rJinnK+wLTezeg2smbFFdSBP6E2kQZNbnzM2s1rpKQ6aaRteZSSg7FLU3P0HGGVo/gbpfanU36urg==", + "hasInstallScript": true, + "license": "MIT", + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/core-js" + } + }, + "node_modules/core-util-is": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz", + "integrity": "sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ==", + "license": "MIT" + }, + "node_modules/cose-base": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/cose-base/-/cose-base-1.0.3.tgz", + "integrity": "sha512-s9whTXInMSgAp/NVXVNuVxVKzGH2qck3aQlVHxDCdAEPgtMKwc4Wq6/QKhgdEdgbLSi9rBTAcPoRa6JpiG4ksg==", + "license": "MIT", + "dependencies": { + "layout-base": "^1.0.0" + } + }, + "node_modules/cosmiconfig": { + "version": "8.3.6", + "resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-8.3.6.tgz", + "integrity": "sha512-kcZ6+W5QzcJ3P1Mt+83OUv/oHFqZHIx8DuxG6eZ5RGMERoLqp4BuGjhHLYGK+Kf5XVkQvqBSmAy/nGWN3qDgEA==", + "license": "MIT", + "dependencies": { + "import-fresh": "^3.3.0", + "js-yaml": "^4.1.0", + "parse-json": "^5.2.0", + "path-type": "^4.0.0" + }, + "engines": { + "node": ">=14" + }, + "funding": { + "url": "https://github.com/sponsors/d-fischer" + }, + "peerDependencies": { + "typescript": ">=4.9.5" + }, + "peerDependenciesMeta": { + "typescript": { + "optional": true + } + } + }, + "node_modules/cross-spawn": { + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", + "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", + "license": "MIT", + "dependencies": { + "path-key": "^3.1.0", + "shebang-command": "^2.0.0", + "which": "^2.0.1" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/crypto-random-string": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/crypto-random-string/-/crypto-random-string-4.0.0.tgz", + "integrity": "sha512-x8dy3RnvYdlUcPOjkEHqozhiwzKNSq7GcPuXFbnyMOCHxX8V3OgIg/pYuabl2sbUPfIJaeAQB7PMOK8DFIdoRA==", + "license": "MIT", + "dependencies": { + "type-fest": "^1.0.1" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/crypto-random-string/node_modules/type-fest": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-1.4.0.tgz", + "integrity": "sha512-yGSza74xk0UG8k+pLh5oeoYirvIiWo5t0/o3zHHAO2tRDiZcxWP7fywNlXhqb6/r6sWvwi+RsyQMWhVLe4BVuA==", + "license": "(MIT OR CC0-1.0)", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/css-blank-pseudo": { + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/css-blank-pseudo/-/css-blank-pseudo-7.0.1.tgz", + "integrity": "sha512-jf+twWGDf6LDoXDUode+nc7ZlrqfaNphrBIBrcmeP3D8yw1uPaix1gCC8LUQUGQ6CycuK2opkbFFWFuq/a94ag==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "postcss-selector-parser": "^7.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/css-blank-pseudo/node_modules/postcss-selector-parser": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.0.0.tgz", + "integrity": "sha512-9RbEr1Y7FFfptd/1eEdntyjMwLeghW1bHX9GWjXo19vx4ytPQhANltvVxDggzJl7mnWM+dX28kb6cyS/4iQjlQ==", + "license": "MIT", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/css-declaration-sorter": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/css-declaration-sorter/-/css-declaration-sorter-7.2.0.tgz", + "integrity": "sha512-h70rUM+3PNFuaBDTLe8wF/cdWu+dOZmb7pJt8Z2sedYbAcQVQV/tEchueg3GWxwqS0cxtbxmaHEdkNACqcvsow==", + "license": "ISC", + "engines": { + "node": "^14 || ^16 || >=18" + }, + "peerDependencies": { + "postcss": "^8.0.9" + } + }, + "node_modules/css-has-pseudo": { + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/css-has-pseudo/-/css-has-pseudo-7.0.1.tgz", + "integrity": "sha512-EOcoyJt+OsuKfCADgLT7gADZI5jMzIe/AeI6MeAYKiFBDmNmM7kk46DtSfMj5AohUJisqVzopBpnQTlvbyaBWg==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/selector-specificity": "^5.0.0", + "postcss-selector-parser": "^7.0.0", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/css-has-pseudo/node_modules/@csstools/selector-specificity": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/@csstools/selector-specificity/-/selector-specificity-5.0.0.tgz", + "integrity": "sha512-PCqQV3c4CoVm3kdPhyeZ07VmBRdH2EpMFA/pd9OASpOEC3aXNGoqPDAZ80D0cLpMBxnmk0+yNhGsEx31hq7Gtw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss-selector-parser": "^7.0.0" + } + }, + "node_modules/css-has-pseudo/node_modules/postcss-selector-parser": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.0.0.tgz", + "integrity": "sha512-9RbEr1Y7FFfptd/1eEdntyjMwLeghW1bHX9GWjXo19vx4ytPQhANltvVxDggzJl7mnWM+dX28kb6cyS/4iQjlQ==", + "license": "MIT", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/css-loader": { + "version": "6.11.0", + "resolved": "https://registry.npmjs.org/css-loader/-/css-loader-6.11.0.tgz", + "integrity": "sha512-CTJ+AEQJjq5NzLga5pE39qdiSV56F8ywCIsqNIRF0r7BDgWsN25aazToqAFg7ZrtA/U016xudB3ffgweORxX7g==", + "license": "MIT", + "dependencies": { + "icss-utils": "^5.1.0", + "postcss": "^8.4.33", + "postcss-modules-extract-imports": "^3.1.0", + "postcss-modules-local-by-default": "^4.0.5", + "postcss-modules-scope": "^3.2.0", + "postcss-modules-values": "^4.0.0", + "postcss-value-parser": "^4.2.0", + "semver": "^7.5.4" + }, + "engines": { + "node": ">= 12.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "@rspack/core": "0.x || 1.x", + "webpack": "^5.0.0" + }, + "peerDependenciesMeta": { + "@rspack/core": { + "optional": true + }, + "webpack": { + "optional": true + } + } + }, + "node_modules/css-minimizer-webpack-plugin": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/css-minimizer-webpack-plugin/-/css-minimizer-webpack-plugin-5.0.1.tgz", + "integrity": "sha512-3caImjKFQkS+ws1TGcFn0V1HyDJFq1Euy589JlD6/3rV2kj+w7r5G9WDMgSHvpvXHNZ2calVypZWuEDQd9wfLg==", + "license": "MIT", + "dependencies": { + "@jridgewell/trace-mapping": "^0.3.18", + "cssnano": "^6.0.1", + "jest-worker": "^29.4.3", + "postcss": "^8.4.24", + "schema-utils": "^4.0.1", + "serialize-javascript": "^6.0.1" + }, + "engines": { + "node": ">= 14.15.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "webpack": "^5.0.0" + }, + "peerDependenciesMeta": { + "@parcel/css": { + "optional": true + }, + "@swc/css": { + "optional": true + }, + "clean-css": { + "optional": true + }, + "csso": { + "optional": true + }, + "esbuild": { + "optional": true + }, + "lightningcss": { + "optional": true + } + } + }, + "node_modules/css-prefers-color-scheme": { + "version": "10.0.0", + "resolved": "https://registry.npmjs.org/css-prefers-color-scheme/-/css-prefers-color-scheme-10.0.0.tgz", + "integrity": "sha512-VCtXZAWivRglTZditUfB4StnsWr6YVZ2PRtuxQLKTNRdtAf8tpzaVPE9zXIF3VaSc7O70iK/j1+NXxyQCqdPjQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/css-select": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/css-select/-/css-select-5.1.0.tgz", + "integrity": "sha512-nwoRF1rvRRnnCqqY7updORDsuqKzqYJ28+oSMaJMMgOauh3fvwHqMS7EZpIPqK8GL+g9mKxF1vP/ZjSeNjEVHg==", + "license": "BSD-2-Clause", + "dependencies": { + "boolbase": "^1.0.0", + "css-what": "^6.1.0", + "domhandler": "^5.0.2", + "domutils": "^3.0.1", + "nth-check": "^2.0.1" + }, + "funding": { + "url": "https://github.com/sponsors/fb55" + } + }, + "node_modules/css-tree": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/css-tree/-/css-tree-2.3.1.tgz", + "integrity": "sha512-6Fv1DV/TYw//QF5IzQdqsNDjx/wc8TrMBZsqjL9eW01tWb7R7k/mq+/VXfJCl7SoD5emsJop9cOByJZfs8hYIw==", + "license": "MIT", + "dependencies": { + "mdn-data": "2.0.30", + "source-map-js": "^1.0.1" + }, + "engines": { + "node": "^10 || ^12.20.0 || ^14.13.0 || >=15.0.0" + } + }, + "node_modules/css-what": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/css-what/-/css-what-6.1.0.tgz", + "integrity": "sha512-HTUrgRJ7r4dsZKU6GjmpfRK1O76h97Z8MfS1G0FozR+oF2kG6Vfe8JE6zwrkbxigziPHinCJ+gCPjA9EaBDtRw==", + "license": "BSD-2-Clause", + "engines": { + "node": ">= 6" + }, + "funding": { + "url": "https://github.com/sponsors/fb55" + } + }, + "node_modules/cssdb": { + "version": "8.2.1", + "resolved": "https://registry.npmjs.org/cssdb/-/cssdb-8.2.1.tgz", + "integrity": "sha512-KwEPys7lNsC8OjASI8RrmwOYYDcm0JOW9zQhcV83ejYcQkirTEyeAGui8aO2F5PiS6SLpxuTzl6qlMElIdsgIg==", + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + }, + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + } + ], + "license": "MIT-0" + }, + "node_modules/cssesc": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/cssesc/-/cssesc-3.0.0.tgz", + "integrity": "sha512-/Tb/JcjK111nNScGob5MNtsntNM1aCNUDipB/TkwZFhyDrrE47SOx/18wF2bbjgc3ZzCSKW1T5nt5EbFoAz/Vg==", + "license": "MIT", + "bin": { + "cssesc": "bin/cssesc" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/cssnano": { + "version": "6.1.2", + "resolved": "https://registry.npmjs.org/cssnano/-/cssnano-6.1.2.tgz", + "integrity": "sha512-rYk5UeX7VAM/u0lNqewCdasdtPK81CgX8wJFLEIXHbV2oldWRgJAsZrdhRXkV1NJzA2g850KiFm9mMU2HxNxMA==", + "license": "MIT", + "dependencies": { + "cssnano-preset-default": "^6.1.2", + "lilconfig": "^3.1.1" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/cssnano" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/cssnano-preset-advanced": { + "version": "6.1.2", + "resolved": "https://registry.npmjs.org/cssnano-preset-advanced/-/cssnano-preset-advanced-6.1.2.tgz", + "integrity": "sha512-Nhao7eD8ph2DoHolEzQs5CfRpiEP0xa1HBdnFZ82kvqdmbwVBUr2r1QuQ4t1pi+D1ZpqpcO4T+wy/7RxzJ/WPQ==", + "license": "MIT", + "dependencies": { + "autoprefixer": "^10.4.19", + "browserslist": "^4.23.0", + "cssnano-preset-default": "^6.1.2", + "postcss-discard-unused": "^6.0.5", + "postcss-merge-idents": "^6.0.3", + "postcss-reduce-idents": "^6.0.3", + "postcss-zindex": "^6.0.2" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/cssnano-preset-default": { + "version": "6.1.2", + "resolved": "https://registry.npmjs.org/cssnano-preset-default/-/cssnano-preset-default-6.1.2.tgz", + "integrity": "sha512-1C0C+eNaeN8OcHQa193aRgYexyJtU8XwbdieEjClw+J9d94E41LwT6ivKH0WT+fYwYWB0Zp3I3IZ7tI/BbUbrg==", + "license": "MIT", + "dependencies": { + "browserslist": "^4.23.0", + "css-declaration-sorter": "^7.2.0", + "cssnano-utils": "^4.0.2", + "postcss-calc": "^9.0.1", + "postcss-colormin": "^6.1.0", + "postcss-convert-values": "^6.1.0", + "postcss-discard-comments": "^6.0.2", + "postcss-discard-duplicates": "^6.0.3", + "postcss-discard-empty": "^6.0.3", + "postcss-discard-overridden": "^6.0.2", + "postcss-merge-longhand": "^6.0.5", + "postcss-merge-rules": "^6.1.1", + "postcss-minify-font-values": "^6.1.0", + "postcss-minify-gradients": "^6.0.3", + "postcss-minify-params": "^6.1.0", + "postcss-minify-selectors": "^6.0.4", + "postcss-normalize-charset": "^6.0.2", + "postcss-normalize-display-values": "^6.0.2", + "postcss-normalize-positions": "^6.0.2", + "postcss-normalize-repeat-style": "^6.0.2", + "postcss-normalize-string": "^6.0.2", + "postcss-normalize-timing-functions": "^6.0.2", + "postcss-normalize-unicode": "^6.1.0", + "postcss-normalize-url": "^6.0.2", + "postcss-normalize-whitespace": "^6.0.2", + "postcss-ordered-values": "^6.0.2", + "postcss-reduce-initial": "^6.1.0", + "postcss-reduce-transforms": "^6.0.2", + "postcss-svgo": "^6.0.3", + "postcss-unique-selectors": "^6.0.4" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/cssnano-utils": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/cssnano-utils/-/cssnano-utils-4.0.2.tgz", + "integrity": "sha512-ZR1jHg+wZ8o4c3zqf1SIUSTIvm/9mU343FMR6Obe/unskbvpGhZOo1J6d/r8D1pzkRQYuwbcH3hToOuoA2G7oQ==", + "license": "MIT", + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/csso": { + "version": "5.0.5", + "resolved": "https://registry.npmjs.org/csso/-/csso-5.0.5.tgz", + "integrity": "sha512-0LrrStPOdJj+SPCCrGhzryycLjwcgUSHBtxNA8aIDxf0GLsRh1cKYhB00Gd1lDOS4yGH69+SNn13+TWbVHETFQ==", + "license": "MIT", + "dependencies": { + "css-tree": "~2.2.0" + }, + "engines": { + "node": "^10 || ^12.20.0 || ^14.13.0 || >=15.0.0", + "npm": ">=7.0.0" + } + }, + "node_modules/csso/node_modules/css-tree": { + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/css-tree/-/css-tree-2.2.1.tgz", + "integrity": "sha512-OA0mILzGc1kCOCSJerOeqDxDQ4HOh+G8NbOJFOTgOCzpw7fCBubk0fEyxp8AgOL/jvLgYA/uV0cMbe43ElF1JA==", + "license": "MIT", + "dependencies": { + "mdn-data": "2.0.28", + "source-map-js": "^1.0.1" + }, + "engines": { + "node": "^10 || ^12.20.0 || ^14.13.0 || >=15.0.0", + "npm": ">=7.0.0" + } + }, + "node_modules/csso/node_modules/mdn-data": { + "version": "2.0.28", + "resolved": "https://registry.npmjs.org/mdn-data/-/mdn-data-2.0.28.tgz", + "integrity": "sha512-aylIc7Z9y4yzHYAJNuESG3hfhC+0Ibp/MAMiaOZgNv4pmEdFyfZhhhny4MNiAfWdBQ1RQ2mfDWmM1x8SvGyp8g==", + "license": "CC0-1.0" + }, + "node_modules/csstype": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.1.3.tgz", + "integrity": "sha512-M1uQkMl8rQK/szD0LNhtqxIPLpimGm8sOBwU7lLnCpSbTyY3yeU1Vc7l4KT5zT4s/yOxHH5O7tIuuLOCnLADRw==", + "license": "MIT" + }, + "node_modules/cytoscape": { + "version": "3.30.3", + "resolved": "https://registry.npmjs.org/cytoscape/-/cytoscape-3.30.3.tgz", + "integrity": "sha512-HncJ9gGJbVtw7YXtIs3+6YAFSSiKsom0amWc33Z7QbylbY2JGMrA0yz4EwrdTScZxnwclXeEZHzO5pxoy0ZE4g==", + "license": "MIT", + "engines": { + "node": ">=0.10" + } + }, + "node_modules/cytoscape-cose-bilkent": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/cytoscape-cose-bilkent/-/cytoscape-cose-bilkent-4.1.0.tgz", + "integrity": "sha512-wgQlVIUJF13Quxiv5e1gstZ08rnZj2XaLHGoFMYXz7SkNfCDOOteKBE6SYRfA9WxxI/iBc3ajfDoc6hb/MRAHQ==", + "license": "MIT", + "dependencies": { + "cose-base": "^1.0.0" + }, + "peerDependencies": { + "cytoscape": "^3.2.0" + } + }, + "node_modules/cytoscape-fcose": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/cytoscape-fcose/-/cytoscape-fcose-2.2.0.tgz", + "integrity": "sha512-ki1/VuRIHFCzxWNrsshHYPs6L7TvLu3DL+TyIGEsRcvVERmxokbf5Gdk7mFxZnTdiGtnA4cfSmjZJMviqSuZrQ==", + "license": "MIT", + "dependencies": { + "cose-base": "^2.2.0" + }, + "peerDependencies": { + "cytoscape": "^3.2.0" + } + }, + "node_modules/cytoscape-fcose/node_modules/cose-base": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/cose-base/-/cose-base-2.2.0.tgz", + "integrity": "sha512-AzlgcsCbUMymkADOJtQm3wO9S3ltPfYOFD5033keQn9NJzIbtnZj+UdBJe7DYml/8TdbtHJW3j58SOnKhWY/5g==", + "license": "MIT", + "dependencies": { + "layout-base": "^2.0.0" + } + }, + "node_modules/cytoscape-fcose/node_modules/layout-base": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/layout-base/-/layout-base-2.0.1.tgz", + "integrity": "sha512-dp3s92+uNI1hWIpPGH3jK2kxE2lMjdXdr+DH8ynZHpd6PUlH6x6cbuXnoMmiNumznqaNO31xu9e79F0uuZ0JFg==", + "license": "MIT" + }, + "node_modules/d3": { + "version": "7.9.0", + "resolved": "https://registry.npmjs.org/d3/-/d3-7.9.0.tgz", + "integrity": "sha512-e1U46jVP+w7Iut8Jt8ri1YsPOvFpg46k+K8TpCb0P+zjCkjkPnV7WzfDJzMHy1LnA+wj5pLT1wjO901gLXeEhA==", + "license": "ISC", + "dependencies": { + "d3-array": "3", + "d3-axis": "3", + "d3-brush": "3", + "d3-chord": "3", + "d3-color": "3", + "d3-contour": "4", + "d3-delaunay": "6", + "d3-dispatch": "3", + "d3-drag": "3", + "d3-dsv": "3", + "d3-ease": "3", + "d3-fetch": "3", + "d3-force": "3", + "d3-format": "3", + "d3-geo": "3", + "d3-hierarchy": "3", + "d3-interpolate": "3", + "d3-path": "3", + "d3-polygon": "3", + "d3-quadtree": "3", + "d3-random": "3", + "d3-scale": "4", + "d3-scale-chromatic": "3", + "d3-selection": "3", + "d3-shape": "3", + "d3-time": "3", + "d3-time-format": "4", + "d3-timer": "3", + "d3-transition": "3", + "d3-zoom": "3" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-array": { + "version": "3.2.4", + "resolved": "https://registry.npmjs.org/d3-array/-/d3-array-3.2.4.tgz", + "integrity": "sha512-tdQAmyA18i4J7wprpYq8ClcxZy3SC31QMeByyCFyRt7BVHdREQZ5lpzoe5mFEYZUWe+oq8HBvk9JjpibyEV4Jg==", + "license": "ISC", + "dependencies": { + "internmap": "1 - 2" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-axis": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/d3-axis/-/d3-axis-3.0.0.tgz", + "integrity": "sha512-IH5tgjV4jE/GhHkRV0HiVYPDtvfjHQlQfJHs0usq7M30XcSBvOotpmH1IgkcXsO/5gEQZD43B//fc7SRT5S+xw==", + "license": "ISC", + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-brush": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/d3-brush/-/d3-brush-3.0.0.tgz", + "integrity": "sha512-ALnjWlVYkXsVIGlOsuWH1+3udkYFI48Ljihfnh8FZPF2QS9o+PzGLBslO0PjzVoHLZ2KCVgAM8NVkXPJB2aNnQ==", + "license": "ISC", + "dependencies": { + "d3-dispatch": "1 - 3", + "d3-drag": "2 - 3", + "d3-interpolate": "1 - 3", + "d3-selection": "3", + "d3-transition": "3" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-chord": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/d3-chord/-/d3-chord-3.0.1.tgz", + "integrity": "sha512-VE5S6TNa+j8msksl7HwjxMHDM2yNK3XCkusIlpX5kwauBfXuyLAtNg9jCp/iHH61tgI4sb6R/EIMWCqEIdjT/g==", + "license": "ISC", + "dependencies": { + "d3-path": "1 - 3" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-color": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/d3-color/-/d3-color-3.1.0.tgz", + "integrity": "sha512-zg/chbXyeBtMQ1LbD/WSoW2DpC3I0mpmPdW+ynRTj/x2DAWYrIY7qeZIHidozwV24m4iavr15lNwIwLxRmOxhA==", + "license": "ISC", + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-contour": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/d3-contour/-/d3-contour-4.0.2.tgz", + "integrity": "sha512-4EzFTRIikzs47RGmdxbeUvLWtGedDUNkTcmzoeyg4sP/dvCexO47AaQL7VKy/gul85TOxw+IBgA8US2xwbToNA==", + "license": "ISC", + "dependencies": { + "d3-array": "^3.2.0" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-delaunay": { + "version": "6.0.4", + "resolved": "https://registry.npmjs.org/d3-delaunay/-/d3-delaunay-6.0.4.tgz", + "integrity": "sha512-mdjtIZ1XLAM8bm/hx3WwjfHt6Sggek7qH043O8KEjDXN40xi3vx/6pYSVTwLjEgiXQTbvaouWKynLBiUZ6SK6A==", + "license": "ISC", + "dependencies": { + "delaunator": "5" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-dispatch": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/d3-dispatch/-/d3-dispatch-3.0.1.tgz", + "integrity": "sha512-rzUyPU/S7rwUflMyLc1ETDeBj0NRuHKKAcvukozwhshr6g6c5d8zh4c2gQjY2bZ0dXeGLWc1PF174P2tVvKhfg==", + "license": "ISC", + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-drag": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/d3-drag/-/d3-drag-3.0.0.tgz", + "integrity": "sha512-pWbUJLdETVA8lQNJecMxoXfH6x+mO2UQo8rSmZ+QqxcbyA3hfeprFgIT//HW2nlHChWeIIMwS2Fq+gEARkhTkg==", + "license": "ISC", + "dependencies": { + "d3-dispatch": "1 - 3", + "d3-selection": "3" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-dsv": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/d3-dsv/-/d3-dsv-3.0.1.tgz", + "integrity": "sha512-UG6OvdI5afDIFP9w4G0mNq50dSOsXHJaRE8arAS5o9ApWnIElp8GZw1Dun8vP8OyHOZ/QJUKUJwxiiCCnUwm+Q==", + "license": "ISC", + "dependencies": { + "commander": "7", + "iconv-lite": "0.6", + "rw": "1" + }, + "bin": { + "csv2json": "bin/dsv2json.js", + "csv2tsv": "bin/dsv2dsv.js", + "dsv2dsv": "bin/dsv2dsv.js", + "dsv2json": "bin/dsv2json.js", + "json2csv": "bin/json2dsv.js", + "json2dsv": "bin/json2dsv.js", + "json2tsv": "bin/json2dsv.js", + "tsv2csv": "bin/dsv2dsv.js", + "tsv2json": "bin/dsv2json.js" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-dsv/node_modules/commander": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-7.2.0.tgz", + "integrity": "sha512-QrWXB+ZQSVPmIWIhtEO9H+gwHaMGYiF5ChvoJ+K9ZGHG/sVsa6yiesAD1GC/x46sET00Xlwo1u49RVVVzvcSkw==", + "license": "MIT", + "engines": { + "node": ">= 10" + } + }, + "node_modules/d3-ease": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/d3-ease/-/d3-ease-3.0.1.tgz", + "integrity": "sha512-wR/XK3D3XcLIZwpbvQwQ5fK+8Ykds1ip7A2Txe0yxncXSdq1L9skcG7blcedkOX+ZcgxGAmLX1FrRGbADwzi0w==", + "license": "BSD-3-Clause", + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-fetch": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/d3-fetch/-/d3-fetch-3.0.1.tgz", + "integrity": "sha512-kpkQIM20n3oLVBKGg6oHrUchHM3xODkTzjMoj7aWQFq5QEM+R6E4WkzT5+tojDY7yjez8KgCBRoj4aEr99Fdqw==", + "license": "ISC", + "dependencies": { + "d3-dsv": "1 - 3" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-force": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/d3-force/-/d3-force-3.0.0.tgz", + "integrity": "sha512-zxV/SsA+U4yte8051P4ECydjD/S+qeYtnaIyAs9tgHCqfguma/aAQDjo85A9Z6EKhBirHRJHXIgJUlffT4wdLg==", + "license": "ISC", + "dependencies": { + "d3-dispatch": "1 - 3", + "d3-quadtree": "1 - 3", + "d3-timer": "1 - 3" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-format": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/d3-format/-/d3-format-3.1.0.tgz", + "integrity": "sha512-YyUI6AEuY/Wpt8KWLgZHsIU86atmikuoOmCfommt0LYHiQSPjvX2AcFc38PX0CBpr2RCyZhjex+NS/LPOv6YqA==", + "license": "ISC", + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-geo": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/d3-geo/-/d3-geo-3.1.1.tgz", + "integrity": "sha512-637ln3gXKXOwhalDzinUgY83KzNWZRKbYubaG+fGVuc/dxO64RRljtCTnf5ecMyE1RIdtqpkVcq0IbtU2S8j2Q==", + "license": "ISC", + "dependencies": { + "d3-array": "2.5.0 - 3" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-hierarchy": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/d3-hierarchy/-/d3-hierarchy-3.1.2.tgz", + "integrity": "sha512-FX/9frcub54beBdugHjDCdikxThEqjnR93Qt7PvQTOHxyiNCAlvMrHhclk3cD5VeAaq9fxmfRp+CnWw9rEMBuA==", + "license": "ISC", + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-interpolate": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/d3-interpolate/-/d3-interpolate-3.0.1.tgz", + "integrity": "sha512-3bYs1rOD33uo8aqJfKP3JWPAibgw8Zm2+L9vBKEHJ2Rg+viTR7o5Mmv5mZcieN+FRYaAOWX5SJATX6k1PWz72g==", + "license": "ISC", + "dependencies": { + "d3-color": "1 - 3" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-path": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/d3-path/-/d3-path-3.1.0.tgz", + "integrity": "sha512-p3KP5HCf/bvjBSSKuXid6Zqijx7wIfNW+J/maPs+iwR35at5JCbLUT0LzF1cnjbCHWhqzQTIN2Jpe8pRebIEFQ==", + "license": "ISC", + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-polygon": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/d3-polygon/-/d3-polygon-3.0.1.tgz", + "integrity": "sha512-3vbA7vXYwfe1SYhED++fPUQlWSYTTGmFmQiany/gdbiWgU/iEyQzyymwL9SkJjFFuCS4902BSzewVGsHHmHtXg==", + "license": "ISC", + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-quadtree": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/d3-quadtree/-/d3-quadtree-3.0.1.tgz", + "integrity": "sha512-04xDrxQTDTCFwP5H6hRhsRcb9xxv2RzkcsygFzmkSIOJy3PeRJP7sNk3VRIbKXcog561P9oU0/rVH6vDROAgUw==", + "license": "ISC", + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-random": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/d3-random/-/d3-random-3.0.1.tgz", + "integrity": "sha512-FXMe9GfxTxqd5D6jFsQ+DJ8BJS4E/fT5mqqdjovykEB2oFbTMDVdg1MGFxfQW+FBOGoB++k8swBrgwSHT1cUXQ==", + "license": "ISC", + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-sankey": { + "version": "0.12.3", + "resolved": "https://registry.npmjs.org/d3-sankey/-/d3-sankey-0.12.3.tgz", + "integrity": "sha512-nQhsBRmM19Ax5xEIPLMY9ZmJ/cDvd1BG3UVvt5h3WRxKg5zGRbvnteTyWAbzeSvlh3tW7ZEmq4VwR5mB3tutmQ==", + "license": "BSD-3-Clause", + "dependencies": { + "d3-array": "1 - 2", + "d3-shape": "^1.2.0" + } + }, + "node_modules/d3-sankey/node_modules/d3-array": { + "version": "2.12.1", + "resolved": "https://registry.npmjs.org/d3-array/-/d3-array-2.12.1.tgz", + "integrity": "sha512-B0ErZK/66mHtEsR1TkPEEkwdy+WDesimkM5gpZr5Dsg54BiTA5RXtYW5qTLIAcekaS9xfZrzBLF/OAkB3Qn1YQ==", + "license": "BSD-3-Clause", + "dependencies": { + "internmap": "^1.0.0" + } + }, + "node_modules/d3-sankey/node_modules/d3-path": { + "version": "1.0.9", + "resolved": "https://registry.npmjs.org/d3-path/-/d3-path-1.0.9.tgz", + "integrity": "sha512-VLaYcn81dtHVTjEHd8B+pbe9yHWpXKZUC87PzoFmsFrJqgFwDe/qxfp5MlfsfM1V5E/iVt0MmEbWQ7FVIXh/bg==", + "license": "BSD-3-Clause" + }, + "node_modules/d3-sankey/node_modules/d3-shape": { + "version": "1.3.7", + "resolved": "https://registry.npmjs.org/d3-shape/-/d3-shape-1.3.7.tgz", + "integrity": "sha512-EUkvKjqPFUAZyOlhY5gzCxCeI0Aep04LwIRpsZ/mLFelJiUfnK56jo5JMDSE7yyP2kLSb6LtF+S5chMk7uqPqw==", + "license": "BSD-3-Clause", + "dependencies": { + "d3-path": "1" + } + }, + "node_modules/d3-sankey/node_modules/internmap": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/internmap/-/internmap-1.0.1.tgz", + "integrity": "sha512-lDB5YccMydFBtasVtxnZ3MRBHuaoE8GKsppq+EchKL2U4nK/DmEpPHNH8MZe5HkMtpSiTSOZwfN0tzYjO/lJEw==", + "license": "ISC" + }, + "node_modules/d3-scale": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/d3-scale/-/d3-scale-4.0.2.tgz", + "integrity": "sha512-GZW464g1SH7ag3Y7hXjf8RoUuAFIqklOAq3MRl4OaWabTFJY9PN/E1YklhXLh+OQ3fM9yS2nOkCoS+WLZ6kvxQ==", + "license": "ISC", + "dependencies": { + "d3-array": "2.10.0 - 3", + "d3-format": "1 - 3", + "d3-interpolate": "1.2.0 - 3", + "d3-time": "2.1.1 - 3", + "d3-time-format": "2 - 4" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-scale-chromatic": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/d3-scale-chromatic/-/d3-scale-chromatic-3.1.0.tgz", + "integrity": "sha512-A3s5PWiZ9YCXFye1o246KoscMWqf8BsD9eRiJ3He7C9OBaxKhAd5TFCdEx/7VbKtxxTsu//1mMJFrEt572cEyQ==", + "license": "ISC", + "dependencies": { + "d3-color": "1 - 3", + "d3-interpolate": "1 - 3" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-selection": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/d3-selection/-/d3-selection-3.0.0.tgz", + "integrity": "sha512-fmTRWbNMmsmWq6xJV8D19U/gw/bwrHfNXxrIN+HfZgnzqTHp9jOmKMhsTUjXOJnZOdZY9Q28y4yebKzqDKlxlQ==", + "license": "ISC", + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-shape": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/d3-shape/-/d3-shape-3.2.0.tgz", + "integrity": "sha512-SaLBuwGm3MOViRq2ABk3eLoxwZELpH6zhl3FbAoJ7Vm1gofKx6El1Ib5z23NUEhF9AsGl7y+dzLe5Cw2AArGTA==", + "license": "ISC", + "dependencies": { + "d3-path": "^3.1.0" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-time": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/d3-time/-/d3-time-3.1.0.tgz", + "integrity": "sha512-VqKjzBLejbSMT4IgbmVgDjpkYrNWUYJnbCGo874u7MMKIWsILRX+OpX/gTk8MqjpT1A/c6HY2dCA77ZN0lkQ2Q==", + "license": "ISC", + "dependencies": { + "d3-array": "2 - 3" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-time-format": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/d3-time-format/-/d3-time-format-4.1.0.tgz", + "integrity": "sha512-dJxPBlzC7NugB2PDLwo9Q8JiTR3M3e4/XANkreKSUxF8vvXKqm1Yfq4Q5dl8budlunRVlUUaDUgFt7eA8D6NLg==", + "license": "ISC", + "dependencies": { + "d3-time": "1 - 3" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-timer": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/d3-timer/-/d3-timer-3.0.1.tgz", + "integrity": "sha512-ndfJ/JxxMd3nw31uyKoY2naivF+r29V+Lc0svZxe1JvvIRmi8hUsrMvdOwgS1o6uBHmiz91geQ0ylPP0aj1VUA==", + "license": "ISC", + "engines": { + "node": ">=12" + } + }, + "node_modules/d3-transition": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/d3-transition/-/d3-transition-3.0.1.tgz", + "integrity": "sha512-ApKvfjsSR6tg06xrL434C0WydLr7JewBB3V+/39RMHsaXTOG0zmt/OAXeng5M5LBm0ojmxJrpomQVZ1aPvBL4w==", + "license": "ISC", + "dependencies": { + "d3-color": "1 - 3", + "d3-dispatch": "1 - 3", + "d3-ease": "1 - 3", + "d3-interpolate": "1 - 3", + "d3-timer": "1 - 3" + }, + "engines": { + "node": ">=12" + }, + "peerDependencies": { + "d3-selection": "2 - 3" + } + }, + "node_modules/d3-zoom": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/d3-zoom/-/d3-zoom-3.0.0.tgz", + "integrity": "sha512-b8AmV3kfQaqWAuacbPuNbL6vahnOJflOhexLzMMNLga62+/nh0JzvJ0aO/5a5MVgUFGS7Hu1P9P03o3fJkDCyw==", + "license": "ISC", + "dependencies": { + "d3-dispatch": "1 - 3", + "d3-drag": "2 - 3", + "d3-interpolate": "1 - 3", + "d3-selection": "2 - 3", + "d3-transition": "2 - 3" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/dagre-d3-es": { + "version": "7.0.11", + "resolved": "https://registry.npmjs.org/dagre-d3-es/-/dagre-d3-es-7.0.11.tgz", + "integrity": "sha512-tvlJLyQf834SylNKax8Wkzco/1ias1OPw8DcUMDE7oUIoSEW25riQVuiu/0OWEFqT0cxHT3Pa9/D82Jr47IONw==", + "license": "MIT", + "dependencies": { + "d3": "^7.9.0", + "lodash-es": "^4.17.21" + } + }, + "node_modules/dayjs": { + "version": "1.11.13", + "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.13.tgz", + "integrity": "sha512-oaMBel6gjolK862uaPQOVTA7q3TZhuSvuMQAAglQDOWYO9A91IrAOUJEyKVlqJlHE0vq5p5UXxzdPfMH/x6xNg==", + "license": "MIT" + }, + "node_modules/debounce": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/debounce/-/debounce-1.2.1.tgz", + "integrity": "sha512-XRRe6Glud4rd/ZGQfiV1ruXSfbvfJedlV9Y6zOlP+2K04vBYiJEte6stfFkCP03aMnY5tsipamumUjL14fofug==", + "license": "MIT" + }, + "node_modules/debug": { + "version": "4.3.7", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.7.tgz", + "integrity": "sha512-Er2nc/H7RrMXZBFCEim6TCmMk02Z8vLC2Rbi1KEBggpo0fS6l0S1nnapwmIi3yW/+GOJap1Krg4w0Hg80oCqgQ==", + "license": "MIT", + "dependencies": { + "ms": "^2.1.3" + }, + "engines": { + "node": ">=6.0" + }, + "peerDependenciesMeta": { + "supports-color": { + "optional": true + } + } + }, + "node_modules/decode-named-character-reference": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/decode-named-character-reference/-/decode-named-character-reference-1.0.2.tgz", + "integrity": "sha512-O8x12RzrUF8xyVcY0KJowWsmaJxQbmy0/EtnNtHRpsOcT7dFk5W598coHqBVpmWo1oQQfsCqfCmkZN5DJrZVdg==", + "license": "MIT", + "dependencies": { + "character-entities": "^2.0.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/decompress-response": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/decompress-response/-/decompress-response-6.0.0.tgz", + "integrity": "sha512-aW35yZM6Bb/4oJlZncMH2LCoZtJXTRxES17vE3hoRiowU2kWHaJKFkSBDnDR+cm9J+9QhXmREyIfv0pji9ejCQ==", + "license": "MIT", + "dependencies": { + "mimic-response": "^3.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/decompress-response/node_modules/mimic-response": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/mimic-response/-/mimic-response-3.1.0.tgz", + "integrity": "sha512-z0yWI+4FDrrweS8Zmt4Ej5HdJmky15+L2e6Wgn3+iK5fWzb6T3fhNFq2+MeTRb064c6Wr4N/wv0DzQTjNzHNGQ==", + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/deep-extend": { + "version": "0.6.0", + "resolved": "https://registry.npmjs.org/deep-extend/-/deep-extend-0.6.0.tgz", + "integrity": "sha512-LOHxIOaPYdHlJRtCQfDIVZtfw/ufM8+rVj649RIHzcm/vGwQRXFt6OPqIFWsm2XEMrNIEtWR64sY1LEKD2vAOA==", + "license": "MIT", + "engines": { + "node": ">=4.0.0" + } + }, + "node_modules/deepmerge": { + "version": "4.3.1", + "resolved": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.3.1.tgz", + "integrity": "sha512-3sUqbMEc77XqpdNO7FRyRog+eW3ph+GYCbj+rK+uYyRMuwsVy0rMiVtPn+QJlKFvWP/1PYpapqYn0Me2knFn+A==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/default-gateway": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/default-gateway/-/default-gateway-6.0.3.tgz", + "integrity": "sha512-fwSOJsbbNzZ/CUFpqFBqYfYNLj1NbMPm8MMCIzHjC83iSJRBEGmDUxU+WP661BaBQImeC2yHwXtz+P/O9o+XEg==", + "license": "BSD-2-Clause", + "dependencies": { + "execa": "^5.0.0" + }, + "engines": { + "node": ">= 10" + } + }, + "node_modules/defer-to-connect": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/defer-to-connect/-/defer-to-connect-2.0.1.tgz", + "integrity": "sha512-4tvttepXG1VaYGrRibk5EwJd1t4udunSOVMdLSAL6mId1ix438oPwPZMALY41FCijukO1L0twNcGsdzS7dHgDg==", + "license": "MIT", + "engines": { + "node": ">=10" + } + }, + "node_modules/define-data-property": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.4.tgz", + "integrity": "sha512-rBMvIzlpA8v6E+SJZoo++HAYqsLrkg7MSfIinMPFhmkorw7X+dOXVJQs+QT69zGkzMyfDnIMN2Wid1+NbL3T+A==", + "license": "MIT", + "dependencies": { + "es-define-property": "^1.0.0", + "es-errors": "^1.3.0", + "gopd": "^1.0.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/define-lazy-prop": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/define-lazy-prop/-/define-lazy-prop-2.0.0.tgz", + "integrity": "sha512-Ds09qNh8yw3khSjiJjiUInaGX9xlqZDY7JVryGxdxV7NPeuqQfplOpQ66yJFZut3jLa5zOwkXw1g9EI2uKh4Og==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/define-properties": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/define-properties/-/define-properties-1.2.1.tgz", + "integrity": "sha512-8QmQKqEASLd5nx0U1B1okLElbUuuttJ/AnYmRXbbbGDWh6uS208EjD4Xqq/I9wK7u0v6O08XhTWnt5XtEbR6Dg==", + "license": "MIT", + "dependencies": { + "define-data-property": "^1.0.1", + "has-property-descriptors": "^1.0.0", + "object-keys": "^1.1.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/del": { + "version": "6.1.1", + "resolved": "https://registry.npmjs.org/del/-/del-6.1.1.tgz", + "integrity": "sha512-ua8BhapfP0JUJKC/zV9yHHDW/rDoDxP4Zhn3AkA6/xT6gY7jYXJiaeyBZznYVujhZZET+UgcbZiQ7sN3WqcImg==", + "license": "MIT", + "dependencies": { + "globby": "^11.0.1", + "graceful-fs": "^4.2.4", + "is-glob": "^4.0.1", + "is-path-cwd": "^2.2.0", + "is-path-inside": "^3.0.2", + "p-map": "^4.0.0", + "rimraf": "^3.0.2", + "slash": "^3.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/delaunator": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/delaunator/-/delaunator-5.0.1.tgz", + "integrity": "sha512-8nvh+XBe96aCESrGOqMp/84b13H9cdKbG5P2ejQCh4d4sK9RL4371qou9drQjMhvnPmhWl5hnmqbEE0fXr9Xnw==", + "license": "ISC", + "dependencies": { + "robust-predicates": "^3.0.2" + } + }, + "node_modules/depd": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", + "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/dequal": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/dequal/-/dequal-2.0.3.tgz", + "integrity": "sha512-0je+qPKHEMohvfRTCEo3CrPG6cAzAYgmzKyxRiYSSDkS6eGJdyVJm7WaYA5ECaAD9wLB2T4EEeymA5aFVcYXCA==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/destroy": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz", + "integrity": "sha512-2sJGJTaXIIaR1w4iJSNoN0hnMY7Gpc/n8D4qSCJw8QqFWXf7cuAgnEHxBpweaVcPevC2l3KpjYCx3NypQQgaJg==", + "license": "MIT", + "engines": { + "node": ">= 0.8", + "npm": "1.2.8000 || >= 1.4.16" + } + }, + "node_modules/detect-node": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/detect-node/-/detect-node-2.1.0.tgz", + "integrity": "sha512-T0NIuQpnTvFDATNuHN5roPwSBG83rFsuO+MXXH9/3N1eFbn4wcPjttvjMLEPWJ0RGUYgQE7cGgS3tNxbqCGM7g==", + "license": "MIT" + }, + "node_modules/detect-port": { + "version": "1.6.1", + "resolved": "https://registry.npmjs.org/detect-port/-/detect-port-1.6.1.tgz", + "integrity": "sha512-CmnVc+Hek2egPx1PeTFVta2W78xy2K/9Rkf6cC4T59S50tVnzKj+tnx5mmx5lwvCkujZ4uRrpRSuV+IVs3f90Q==", + "license": "MIT", + "dependencies": { + "address": "^1.0.1", + "debug": "4" + }, + "bin": { + "detect": "bin/detect-port.js", + "detect-port": "bin/detect-port.js" + }, + "engines": { + "node": ">= 4.0.0" + } + }, + "node_modules/detect-port-alt": { + "version": "1.1.6", + "resolved": "https://registry.npmjs.org/detect-port-alt/-/detect-port-alt-1.1.6.tgz", + "integrity": "sha512-5tQykt+LqfJFBEYaDITx7S7cR7mJ/zQmLXZ2qt5w04ainYZw6tBf9dBunMjVeVOdYVRUzUOE4HkY5J7+uttb5Q==", + "license": "MIT", + "dependencies": { + "address": "^1.0.1", + "debug": "^2.6.0" + }, + "bin": { + "detect": "bin/detect-port", + "detect-port": "bin/detect-port" + }, + "engines": { + "node": ">= 4.2.1" + } + }, + "node_modules/detect-port-alt/node_modules/debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "license": "MIT", + "dependencies": { + "ms": "2.0.0" + } + }, + "node_modules/detect-port-alt/node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", + "license": "MIT" + }, + "node_modules/devlop": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/devlop/-/devlop-1.1.0.tgz", + "integrity": "sha512-RWmIqhcFf1lRYBvNmr7qTNuyCt/7/ns2jbpp1+PalgE/rDQcBT0fioSMUpJ93irlUhC5hrg4cYqe6U+0ImW0rA==", + "license": "MIT", + "dependencies": { + "dequal": "^2.0.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/dir-glob": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz", + "integrity": "sha512-WkrWp9GR4KXfKGYzOLmTuGVi1UWFfws377n9cc55/tb6DuqyF6pcQ5AbiHEshaDpY9v6oaSr2XCDidGmMwdzIA==", + "license": "MIT", + "dependencies": { + "path-type": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/dns-packet": { + "version": "5.6.1", + "resolved": "https://registry.npmjs.org/dns-packet/-/dns-packet-5.6.1.tgz", + "integrity": "sha512-l4gcSouhcgIKRvyy99RNVOgxXiicE+2jZoNmaNmZ6JXiGajBOJAesk1OBlJuM5k2c+eudGdLxDqXuPCKIj6kpw==", + "license": "MIT", + "dependencies": { + "@leichtgewicht/ip-codec": "^2.0.1" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/dom-converter": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/dom-converter/-/dom-converter-0.2.0.tgz", + "integrity": "sha512-gd3ypIPfOMr9h5jIKq8E3sHOTCjeirnl0WK5ZdS1AW0Odt0b1PaWaHdJ4Qk4klv+YB9aJBS7mESXjFoDQPu6DA==", + "license": "MIT", + "dependencies": { + "utila": "~0.4" + } + }, + "node_modules/dom-serializer": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-2.0.0.tgz", + "integrity": "sha512-wIkAryiqt/nV5EQKqQpo3SToSOV9J0DnbJqwK7Wv/Trc92zIAYZ4FlMu+JPFW1DfGFt81ZTCGgDEabffXeLyJg==", + "license": "MIT", + "dependencies": { + "domelementtype": "^2.3.0", + "domhandler": "^5.0.2", + "entities": "^4.2.0" + }, + "funding": { + "url": "https://github.com/cheeriojs/dom-serializer?sponsor=1" + } + }, + "node_modules/domelementtype": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz", + "integrity": "sha512-OLETBj6w0OsagBwdXnPdN0cnMfF9opN69co+7ZrbfPGrdpPVNBUj02spi6B1N7wChLQiPn4CSH/zJvXw56gmHw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/fb55" + } + ], + "license": "BSD-2-Clause" + }, + "node_modules/domhandler": { + "version": "5.0.3", + "resolved": "https://registry.npmjs.org/domhandler/-/domhandler-5.0.3.tgz", + "integrity": "sha512-cgwlv/1iFQiFnU96XXgROh8xTeetsnJiDsTc7TYCLFd9+/WNkIqPTxiM/8pSd8VIrhXGTf1Ny1q1hquVqDJB5w==", + "license": "BSD-2-Clause", + "dependencies": { + "domelementtype": "^2.3.0" + }, + "engines": { + "node": ">= 4" + }, + "funding": { + "url": "https://github.com/fb55/domhandler?sponsor=1" + } + }, + "node_modules/dompurify": { + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.1.6.tgz", + "integrity": "sha512-cTOAhc36AalkjtBpfG6O8JimdTMWNXjiePT2xQH/ppBGi/4uIpmj8eKyIkMJErXWARyINV/sB38yf8JCLF5pbQ==", + "license": "(MPL-2.0 OR Apache-2.0)" + }, + "node_modules/domutils": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/domutils/-/domutils-3.1.0.tgz", + "integrity": "sha512-H78uMmQtI2AhgDJjWeQmHwJJ2bLPD3GMmO7Zja/ZZh84wkm+4ut+IUnUdRa8uCGX88DiVx1j6FRe1XfxEgjEZA==", + "license": "BSD-2-Clause", + "dependencies": { + "dom-serializer": "^2.0.0", + "domelementtype": "^2.3.0", + "domhandler": "^5.0.3" + }, + "funding": { + "url": "https://github.com/fb55/domutils?sponsor=1" + } + }, + "node_modules/dot-case": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/dot-case/-/dot-case-3.0.4.tgz", + "integrity": "sha512-Kv5nKlh6yRrdrGvxeJ2e5y2eRUpkUosIW4A2AS38zwSz27zu7ufDwQPi5Jhs3XAlGNetl3bmnGhQsMtkKJnj3w==", + "license": "MIT", + "dependencies": { + "no-case": "^3.0.4", + "tslib": "^2.0.3" + } + }, + "node_modules/dot-prop": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/dot-prop/-/dot-prop-6.0.1.tgz", + "integrity": "sha512-tE7ztYzXHIeyvc7N+hR3oi7FIbf/NIjVP9hmAt3yMXzrQ072/fpjGLx2GxNxGxUl5V73MEqYzioOMoVhGMJ5cA==", + "license": "MIT", + "dependencies": { + "is-obj": "^2.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/dot-prop/node_modules/is-obj": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/is-obj/-/is-obj-2.0.0.tgz", + "integrity": "sha512-drqDG3cbczxxEJRoOXcOjtdp1J/lyp1mNn0xaznRs8+muBhgQcrnbspox5X5fOw0HnMnbfDzvnEMEtqDEJEo8w==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/duplexer": { + "version": "0.1.2", + "resolved": "https://registry.npmjs.org/duplexer/-/duplexer-0.1.2.tgz", + "integrity": "sha512-jtD6YG370ZCIi/9GTaJKQxWTZD045+4R4hTk/x1UyoqadyJ9x9CgSi1RlVDQF8U2sxLLSnFkCaMihqljHIWgMg==", + "license": "MIT" + }, + "node_modules/eastasianwidth": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz", + "integrity": "sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==", + "license": "MIT" + }, + "node_modules/ee-first": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", + "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==", + "license": "MIT" + }, + "node_modules/electron-to-chromium": { + "version": "1.5.63", + "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.63.tgz", + "integrity": "sha512-ddeXKuY9BHo/mw145axlyWjlJ1UBt4WK3AlvkT7W2AbqfRQoacVoRUCF6wL3uIx/8wT9oLKXzI+rFqHHscByaA==", + "license": "ISC" + }, + "node_modules/emoji-regex": { + "version": "9.2.2", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz", + "integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==", + "license": "MIT" + }, + "node_modules/emojilib": { + "version": "2.4.0", + "resolved": "https://registry.npmjs.org/emojilib/-/emojilib-2.4.0.tgz", + "integrity": "sha512-5U0rVMU5Y2n2+ykNLQqMoqklN9ICBT/KsvC1Gz6vqHbz2AXXGkG+Pm5rMWk/8Vjrr/mY9985Hi8DYzn1F09Nyw==", + "license": "MIT" + }, + "node_modules/emojis-list": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/emojis-list/-/emojis-list-3.0.0.tgz", + "integrity": "sha512-/kyM18EfinwXZbno9FyUGeFh87KC8HRQBQGildHZbEuRyWFOmv1U10o9BBp8XVZDVNNuQKyIGIu5ZYAAXJ0V2Q==", + "license": "MIT", + "engines": { + "node": ">= 4" + } + }, + "node_modules/emoticon": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/emoticon/-/emoticon-4.1.0.tgz", + "integrity": "sha512-VWZfnxqwNcc51hIy/sbOdEem6D+cVtpPzEEtVAFdaas30+1dgkyaOQ4sQ6Bp0tOMqWO1v+HQfYaoodOkdhK6SQ==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/encodeurl": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz", + "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/enhanced-resolve": { + "version": "5.17.1", + "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.17.1.tgz", + "integrity": "sha512-LMHl3dXhTcfv8gM4kEzIUeTQ+7fpdA0l2tUf34BddXPkz2A5xJ5L/Pchd5BL6rdccM9QGvu0sWZzK1Z1t4wwyg==", + "license": "MIT", + "dependencies": { + "graceful-fs": "^4.2.4", + "tapable": "^2.2.0" + }, + "engines": { + "node": ">=10.13.0" + } + }, + "node_modules/entities": { + "version": "4.5.0", + "resolved": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz", + "integrity": "sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==", + "license": "BSD-2-Clause", + "engines": { + "node": ">=0.12" + }, + "funding": { + "url": "https://github.com/fb55/entities?sponsor=1" + } + }, + "node_modules/error-ex": { + "version": "1.3.2", + "resolved": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.2.tgz", + "integrity": "sha512-7dFHNmqeFSEt2ZBsCriorKnn3Z2pj+fd9kmI6QoWw4//DL+icEBfc0U7qJCisqrTsKTjw4fNFy2pW9OqStD84g==", + "license": "MIT", + "dependencies": { + "is-arrayish": "^0.2.1" + } + }, + "node_modules/es-define-property": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.0.tgz", + "integrity": "sha512-jxayLKShrEqqzJ0eumQbVhTYQM27CfT1T35+gCgDFoL82JLsXqTJ76zv6A0YLOgEnLUMvLzsDsGIrl8NFpT2gQ==", + "license": "MIT", + "dependencies": { + "get-intrinsic": "^1.2.4" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-errors": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz", + "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-module-lexer": { + "version": "1.5.4", + "resolved": "https://registry.npmjs.org/es-module-lexer/-/es-module-lexer-1.5.4.tgz", + "integrity": "sha512-MVNK56NiMrOwitFB7cqDwq0CQutbw+0BvLshJSse0MUNU+y1FC3bUS/AQg7oUng+/wKrrki7JfmwtVHkVfPLlw==", + "license": "MIT" + }, + "node_modules/esast-util-from-estree": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/esast-util-from-estree/-/esast-util-from-estree-2.0.0.tgz", + "integrity": "sha512-4CyanoAudUSBAn5K13H4JhsMH6L9ZP7XbLVe/dKybkxMO7eDyLsT8UHl9TRNrU2Gr9nz+FovfSIjuXWJ81uVwQ==", + "license": "MIT", + "dependencies": { + "@types/estree-jsx": "^1.0.0", + "devlop": "^1.0.0", + "estree-util-visit": "^2.0.0", + "unist-util-position-from-estree": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/esast-util-from-js": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/esast-util-from-js/-/esast-util-from-js-2.0.1.tgz", + "integrity": "sha512-8Ja+rNJ0Lt56Pcf3TAmpBZjmx8ZcK5Ts4cAzIOjsjevg9oSXJnl6SUQ2EevU8tv3h6ZLWmoKL5H4fgWvdvfETw==", + "license": "MIT", + "dependencies": { + "@types/estree-jsx": "^1.0.0", + "acorn": "^8.0.0", + "esast-util-from-estree": "^2.0.0", + "vfile-message": "^4.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/escalade": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.2.0.tgz", + "integrity": "sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/escape-goat": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/escape-goat/-/escape-goat-4.0.0.tgz", + "integrity": "sha512-2Sd4ShcWxbx6OY1IHyla/CVNwvg7XwZVoXZHcSu9w9SReNP1EzzD5T8NWKIR38fIqEns9kDWKUQTXXAmlDrdPg==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/escape-html": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", + "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==", + "license": "MIT" + }, + "node_modules/escape-string-regexp": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", + "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==", + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/eslint-scope": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", + "integrity": "sha512-2NxwbF/hZ0KpepYN0cNbo+FN6XoK7GaHlQhgx/hIZl6Va0bF45RQOOwhLIy8lQDbuCiadSLCBnH2CFYquit5bw==", + "license": "BSD-2-Clause", + "dependencies": { + "esrecurse": "^4.3.0", + "estraverse": "^4.1.1" + }, + "engines": { + "node": ">=8.0.0" + } + }, + "node_modules/esprima": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", + "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==", + "license": "BSD-2-Clause", + "bin": { + "esparse": "bin/esparse.js", + "esvalidate": "bin/esvalidate.js" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/esrecurse": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.3.0.tgz", + "integrity": "sha512-KmfKL3b6G+RXvP8N1vr3Tq1kL/oCFgn2NYXEtqP8/L3pKapUA4G8cFVaoF3SU323CD4XypR/ffioHmkti6/Tag==", + "license": "BSD-2-Clause", + "dependencies": { + "estraverse": "^5.2.0" + }, + "engines": { + "node": ">=4.0" + } + }, + "node_modules/esrecurse/node_modules/estraverse": { + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", + "integrity": "sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==", + "license": "BSD-2-Clause", + "engines": { + "node": ">=4.0" + } + }, + "node_modules/estraverse": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", + "integrity": "sha512-39nnKffWz8xN1BU/2c79n9nB9HDzo0niYUqx6xyqUnyoAnQyyWpOTdZEeiCch8BBu515t4wp9ZmgVfVhn9EBpw==", + "license": "BSD-2-Clause", + "engines": { + "node": ">=4.0" + } + }, + "node_modules/estree-util-attach-comments": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/estree-util-attach-comments/-/estree-util-attach-comments-3.0.0.tgz", + "integrity": "sha512-cKUwm/HUcTDsYh/9FgnuFqpfquUbwIqwKM26BVCGDPVgvaCl/nDCCjUfiLlx6lsEZ3Z4RFxNbOQ60pkaEwFxGw==", + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/estree-util-build-jsx": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/estree-util-build-jsx/-/estree-util-build-jsx-3.0.1.tgz", + "integrity": "sha512-8U5eiL6BTrPxp/CHbs2yMgP8ftMhR5ww1eIKoWRMlqvltHF8fZn5LRDvTKuxD3DUn+shRbLGqXemcP51oFCsGQ==", + "license": "MIT", + "dependencies": { + "@types/estree-jsx": "^1.0.0", + "devlop": "^1.0.0", + "estree-util-is-identifier-name": "^3.0.0", + "estree-walker": "^3.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/estree-util-is-identifier-name": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/estree-util-is-identifier-name/-/estree-util-is-identifier-name-3.0.0.tgz", + "integrity": "sha512-hFtqIDZTIUZ9BXLb8y4pYGyk6+wekIivNVTcmvk8NoOh+VeRn5y6cEHzbURrWbfp1fIqdVipilzj+lfaadNZmg==", + "license": "MIT", + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/estree-util-scope": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/estree-util-scope/-/estree-util-scope-1.0.0.tgz", + "integrity": "sha512-2CAASclonf+JFWBNJPndcOpA8EMJwa0Q8LUFJEKqXLW6+qBvbFZuF5gItbQOs/umBUkjviCSDCbBwU2cXbmrhQ==", + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0", + "devlop": "^1.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/estree-util-to-js": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/estree-util-to-js/-/estree-util-to-js-2.0.0.tgz", + "integrity": "sha512-WDF+xj5rRWmD5tj6bIqRi6CkLIXbbNQUcxQHzGysQzvHmdYG2G7p/Tf0J0gpxGgkeMZNTIjT/AoSvC9Xehcgdg==", + "license": "MIT", + "dependencies": { + "@types/estree-jsx": "^1.0.0", + "astring": "^1.8.0", + "source-map": "^0.7.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/estree-util-value-to-estree": { + "version": "3.2.1", + "resolved": "https://registry.npmjs.org/estree-util-value-to-estree/-/estree-util-value-to-estree-3.2.1.tgz", + "integrity": "sha512-Vt2UOjyPbNQQgT5eJh+K5aATti0OjCIAGc9SgMdOFYbohuifsWclR74l0iZTJwePMgWYdX1hlVS+dedH9XV8kw==", + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/remcohaszing" + } + }, + "node_modules/estree-util-visit": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/estree-util-visit/-/estree-util-visit-2.0.0.tgz", + "integrity": "sha512-m5KgiH85xAhhW8Wta0vShLcUvOsh3LLPI2YVwcbio1l7E09NTLL1EyMZFM1OyWowoH0skScNbhOPl4kcBgzTww==", + "license": "MIT", + "dependencies": { + "@types/estree-jsx": "^1.0.0", + "@types/unist": "^3.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/estree-walker": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/estree-walker/-/estree-walker-3.0.3.tgz", + "integrity": "sha512-7RUKfXgSMMkzt6ZuXmqapOurLGPPfgj6l9uRZ7lRGolvk0y2yocc35LdcxKC5PQZdn2DMqioAQ2NoWcrTKmm6g==", + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0" + } + }, + "node_modules/esutils": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz", + "integrity": "sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==", + "license": "BSD-2-Clause", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/eta": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/eta/-/eta-2.2.0.tgz", + "integrity": "sha512-UVQ72Rqjy/ZKQalzV5dCCJP80GrmPrMxh6NlNf+erV6ObL0ZFkhCstWRawS85z3smdr3d2wXPsZEY7rDPfGd2g==", + "license": "MIT", + "engines": { + "node": ">=6.0.0" + }, + "funding": { + "url": "https://github.com/eta-dev/eta?sponsor=1" + } + }, + "node_modules/etag": { + "version": "1.8.1", + "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", + "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/eval": { + "version": "0.1.8", + "resolved": "https://registry.npmjs.org/eval/-/eval-0.1.8.tgz", + "integrity": "sha512-EzV94NYKoO09GLXGjXj9JIlXijVck4ONSr5wiCWDvhsvj5jxSrzTmRU/9C1DyB6uToszLs8aifA6NQ7lEQdvFw==", + "dependencies": { + "@types/node": "*", + "require-like": ">= 0.1.1" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/eventemitter3": { + "version": "4.0.7", + "resolved": "https://registry.npmjs.org/eventemitter3/-/eventemitter3-4.0.7.tgz", + "integrity": "sha512-8guHBZCwKnFhYdHr2ysuRWErTwhoN2X8XELRlrRwpmfeY2jjuUN4taQMsULKUVo1K4DvZl+0pgfyoysHxvmvEw==", + "license": "MIT" + }, + "node_modules/events": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/events/-/events-3.3.0.tgz", + "integrity": "sha512-mQw+2fkQbALzQ7V0MY0IqdnXNOeTtP4r0lN9z7AAawCXgqea7bDii20AYrIBrFd/Hx0M2Ocz6S111CaFkUcb0Q==", + "license": "MIT", + "engines": { + "node": ">=0.8.x" + } + }, + "node_modules/execa": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/execa/-/execa-5.1.1.tgz", + "integrity": "sha512-8uSpZZocAZRBAPIEINJj3Lo9HyGitllczc27Eh5YYojjMFMn8yHMDMaUHE2Jqfq05D/wucwI4JGURyXt1vchyg==", + "license": "MIT", + "dependencies": { + "cross-spawn": "^7.0.3", + "get-stream": "^6.0.0", + "human-signals": "^2.1.0", + "is-stream": "^2.0.0", + "merge-stream": "^2.0.0", + "npm-run-path": "^4.0.1", + "onetime": "^5.1.2", + "signal-exit": "^3.0.3", + "strip-final-newline": "^2.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sindresorhus/execa?sponsor=1" + } + }, + "node_modules/express": { + "version": "4.21.1", + "resolved": "https://registry.npmjs.org/express/-/express-4.21.1.tgz", + "integrity": "sha512-YSFlK1Ee0/GC8QaO91tHcDxJiE/X4FbpAyQWkxAvG6AXCuR65YzK8ua6D9hvi/TzUfZMpc+BwuM1IPw8fmQBiQ==", + "license": "MIT", + "dependencies": { + "accepts": "~1.3.8", + "array-flatten": "1.1.1", + "body-parser": "1.20.3", + "content-disposition": "0.5.4", + "content-type": "~1.0.4", + "cookie": "0.7.1", + "cookie-signature": "1.0.6", + "debug": "2.6.9", + "depd": "2.0.0", + "encodeurl": "~2.0.0", + "escape-html": "~1.0.3", + "etag": "~1.8.1", + "finalhandler": "1.3.1", + "fresh": "0.5.2", + "http-errors": "2.0.0", + "merge-descriptors": "1.0.3", + "methods": "~1.1.2", + "on-finished": "2.4.1", + "parseurl": "~1.3.3", + "path-to-regexp": "0.1.10", + "proxy-addr": "~2.0.7", + "qs": "6.13.0", + "range-parser": "~1.2.1", + "safe-buffer": "5.2.1", + "send": "0.19.0", + "serve-static": "1.16.2", + "setprototypeof": "1.2.0", + "statuses": "2.0.1", + "type-is": "~1.6.18", + "utils-merge": "1.0.1", + "vary": "~1.1.2" + }, + "engines": { + "node": ">= 0.10.0" + } + }, + "node_modules/express/node_modules/content-disposition": { + "version": "0.5.4", + "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz", + "integrity": "sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==", + "license": "MIT", + "dependencies": { + "safe-buffer": "5.2.1" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/express/node_modules/debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "license": "MIT", + "dependencies": { + "ms": "2.0.0" + } + }, + "node_modules/express/node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", + "license": "MIT" + }, + "node_modules/express/node_modules/path-to-regexp": { + "version": "0.1.10", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.10.tgz", + "integrity": "sha512-7lf7qcQidTku0Gu3YDPc8DJ1q7OOucfa/BSsIwjuh56VU7katFvuM8hULfkwB3Fns/rsVF7PwPKVw1sl5KQS9w==", + "license": "MIT" + }, + "node_modules/express/node_modules/range-parser": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", + "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/extend": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz", + "integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==", + "license": "MIT" + }, + "node_modules/extend-shallow": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/extend-shallow/-/extend-shallow-2.0.1.tgz", + "integrity": "sha512-zCnTtlxNoAiDc3gqY2aYAWFx7XWWiasuF2K8Me5WbN8otHKTUKBwjPtNpRs/rbUZm7KxWAaNj7P1a/p52GbVug==", + "license": "MIT", + "dependencies": { + "is-extendable": "^0.1.0" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/fast-deep-equal": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", + "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==", + "license": "MIT" + }, + "node_modules/fast-glob": { + "version": "3.3.2", + "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.2.tgz", + "integrity": "sha512-oX2ruAFQwf/Orj8m737Y5adxDQO0LAB7/S5MnxCdTNDd4p6BsyIVsv9JQsATbTSq8KHRpLwIHbVlUNatxd+1Ow==", + "license": "MIT", + "dependencies": { + "@nodelib/fs.stat": "^2.0.2", + "@nodelib/fs.walk": "^1.2.3", + "glob-parent": "^5.1.2", + "merge2": "^1.3.0", + "micromatch": "^4.0.4" + }, + "engines": { + "node": ">=8.6.0" + } + }, + "node_modules/fast-json-stable-stringify": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz", + "integrity": "sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==", + "license": "MIT" + }, + "node_modules/fast-uri": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.0.3.tgz", + "integrity": "sha512-aLrHthzCjH5He4Z2H9YZ+v6Ujb9ocRuW6ZzkJQOrTxleEijANq4v1TsaPaVG1PZcuurEzrLcWRyYBYXD5cEiaw==", + "license": "BSD-3-Clause" + }, + "node_modules/fastq": { + "version": "1.17.1", + "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.17.1.tgz", + "integrity": "sha512-sRVD3lWVIXWg6By68ZN7vho9a1pQcN/WBFaAAsDDFzlJjvoGx0P8z7V1t72grFJfJhu3YPZBuu25f7Kaw2jN1w==", + "license": "ISC", + "dependencies": { + "reusify": "^1.0.4" + } + }, + "node_modules/fault": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/fault/-/fault-2.0.1.tgz", + "integrity": "sha512-WtySTkS4OKev5JtpHXnib4Gxiurzh5NCGvWrFaZ34m6JehfTUhKZvn9njTfw48t6JumVQOmrKqpmGcdwxnhqBQ==", + "license": "MIT", + "dependencies": { + "format": "^0.2.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/faye-websocket": { + "version": "0.11.4", + "resolved": "https://registry.npmjs.org/faye-websocket/-/faye-websocket-0.11.4.tgz", + "integrity": "sha512-CzbClwlXAuiRQAlUyfqPgvPoNKTckTPGfwZV4ZdAhVcP2lh9KUxJg2b5GkE7XbjKQ3YJnQ9z6D9ntLAlB+tP8g==", + "license": "Apache-2.0", + "dependencies": { + "websocket-driver": ">=0.5.1" + }, + "engines": { + "node": ">=0.8.0" + } + }, + "node_modules/feed": { + "version": "4.2.2", + "resolved": "https://registry.npmjs.org/feed/-/feed-4.2.2.tgz", + "integrity": "sha512-u5/sxGfiMfZNtJ3OvQpXcvotFpYkL0n9u9mM2vkui2nGo8b4wvDkJ8gAkYqbA8QpGyFCv3RK0Z+Iv+9veCS9bQ==", + "license": "MIT", + "dependencies": { + "xml-js": "^1.6.11" + }, + "engines": { + "node": ">=0.4.0" + } + }, + "node_modules/figures": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/figures/-/figures-3.2.0.tgz", + "integrity": "sha512-yaduQFRKLXYOGgEn6AZau90j3ggSOyiqXU0F9JZfeXYhNa+Jk4X+s45A2zg5jns87GAFa34BBm2kXw4XpNcbdg==", + "license": "MIT", + "dependencies": { + "escape-string-regexp": "^1.0.5" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/figures/node_modules/escape-string-regexp": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==", + "license": "MIT", + "engines": { + "node": ">=0.8.0" + } + }, + "node_modules/file-loader": { + "version": "6.2.0", + "resolved": "https://registry.npmjs.org/file-loader/-/file-loader-6.2.0.tgz", + "integrity": "sha512-qo3glqyTa61Ytg4u73GultjHGjdRyig3tG6lPtyX/jOEJvHif9uB0/OCI2Kif6ctF3caQTW2G5gym21oAsI4pw==", + "license": "MIT", + "dependencies": { + "loader-utils": "^2.0.0", + "schema-utils": "^3.0.0" + }, + "engines": { + "node": ">= 10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "webpack": "^4.0.0 || ^5.0.0" + } + }, + "node_modules/file-loader/node_modules/ajv": { + "version": "6.12.6", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", + "license": "MIT", + "dependencies": { + "fast-deep-equal": "^3.1.1", + "fast-json-stable-stringify": "^2.0.0", + "json-schema-traverse": "^0.4.1", + "uri-js": "^4.2.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/file-loader/node_modules/ajv-keywords": { + "version": "3.5.2", + "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-3.5.2.tgz", + "integrity": "sha512-5p6WTN0DdTGVQk6VjcEju19IgaHudalcfabD7yhDGeA6bcQnmL+CpveLJq/3hvfwd1aof6L386Ougkx6RfyMIQ==", + "license": "MIT", + "peerDependencies": { + "ajv": "^6.9.1" + } + }, + "node_modules/file-loader/node_modules/json-schema-traverse": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==", + "license": "MIT" + }, + "node_modules/file-loader/node_modules/schema-utils": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-3.3.0.tgz", + "integrity": "sha512-pN/yOAvcC+5rQ5nERGuwrjLlYvLTbCibnZ1I7B1LaiAz9BRBlE9GMgE/eqV30P7aJQUf7Ddimy/RsbYO/GrVGg==", + "license": "MIT", + "dependencies": { + "@types/json-schema": "^7.0.8", + "ajv": "^6.12.5", + "ajv-keywords": "^3.5.2" + }, + "engines": { + "node": ">= 10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + } + }, + "node_modules/filesize": { + "version": "8.0.7", + "resolved": "https://registry.npmjs.org/filesize/-/filesize-8.0.7.tgz", + "integrity": "sha512-pjmC+bkIF8XI7fWaH8KxHcZL3DPybs1roSKP4rKDvy20tAWwIObE4+JIseG2byfGKhud5ZnM4YSGKBz7Sh0ndQ==", + "license": "BSD-3-Clause", + "engines": { + "node": ">= 0.4.0" + } + }, + "node_modules/fill-range": { + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", + "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", + "license": "MIT", + "dependencies": { + "to-regex-range": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/finalhandler": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.3.1.tgz", + "integrity": "sha512-6BN9trH7bp3qvnrRyzsBz+g3lZxTNZTbVO2EV1CS0WIcDbawYVdYvGflME/9QP0h0pYlCDBCTjYa9nZzMDpyxQ==", + "license": "MIT", + "dependencies": { + "debug": "2.6.9", + "encodeurl": "~2.0.0", + "escape-html": "~1.0.3", + "on-finished": "2.4.1", + "parseurl": "~1.3.3", + "statuses": "2.0.1", + "unpipe": "~1.0.0" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/finalhandler/node_modules/debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "license": "MIT", + "dependencies": { + "ms": "2.0.0" + } + }, + "node_modules/finalhandler/node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", + "license": "MIT" + }, + "node_modules/find-cache-dir": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/find-cache-dir/-/find-cache-dir-4.0.0.tgz", + "integrity": "sha512-9ZonPT4ZAK4a+1pUPVPZJapbi7O5qbbJPdYw/NOQWZZbVLdDTYM3A4R9z/DpAM08IDaFGsvPgiGZ82WEwUDWjg==", + "license": "MIT", + "dependencies": { + "common-path-prefix": "^3.0.0", + "pkg-dir": "^7.0.0" + }, + "engines": { + "node": ">=14.16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/find-up": { + "version": "6.3.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-6.3.0.tgz", + "integrity": "sha512-v2ZsoEuVHYy8ZIlYqwPe/39Cy+cFDzp4dXPaxNvkEuouymu+2Jbz0PxpKarJHYJTmv2HWT3O382qY8l4jMWthw==", + "license": "MIT", + "dependencies": { + "locate-path": "^7.1.0", + "path-exists": "^5.0.0" + }, + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/flat": { + "version": "5.0.2", + "resolved": "https://registry.npmjs.org/flat/-/flat-5.0.2.tgz", + "integrity": "sha512-b6suED+5/3rTpUBdG1gupIl8MPFCAMA0QXwmljLhvCUKcUvdE4gWky9zpuGCcXHOsz4J9wPGNWq6OKpmIzz3hQ==", + "license": "BSD-3-Clause", + "bin": { + "flat": "cli.js" + } + }, + "node_modules/follow-redirects": { + "version": "1.15.9", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.9.tgz", + "integrity": "sha512-gew4GsXizNgdoRyqmyfMHyAmXsZDk6mHkSxZFCzW9gwlbtOW44CDtYavM+y+72qD/Vq2l550kMF52DT8fOLJqQ==", + "funding": [ + { + "type": "individual", + "url": "https://github.com/sponsors/RubenVerborgh" + } + ], + "license": "MIT", + "engines": { + "node": ">=4.0" + }, + "peerDependenciesMeta": { + "debug": { + "optional": true + } + } + }, + "node_modules/fork-ts-checker-webpack-plugin": { + "version": "6.5.3", + "resolved": "https://registry.npmjs.org/fork-ts-checker-webpack-plugin/-/fork-ts-checker-webpack-plugin-6.5.3.tgz", + "integrity": "sha512-SbH/l9ikmMWycd5puHJKTkZJKddF4iRLyW3DeZ08HTI7NGyLS38MXd/KGgeWumQO7YNQbW2u/NtPT2YowbPaGQ==", + "license": "MIT", + "dependencies": { + "@babel/code-frame": "^7.8.3", + "@types/json-schema": "^7.0.5", + "chalk": "^4.1.0", + "chokidar": "^3.4.2", + "cosmiconfig": "^6.0.0", + "deepmerge": "^4.2.2", + "fs-extra": "^9.0.0", + "glob": "^7.1.6", + "memfs": "^3.1.2", + "minimatch": "^3.0.4", + "schema-utils": "2.7.0", + "semver": "^7.3.2", + "tapable": "^1.0.0" + }, + "engines": { + "node": ">=10", + "yarn": ">=1.0.0" + }, + "peerDependencies": { + "eslint": ">= 6", + "typescript": ">= 2.7", + "vue-template-compiler": "*", + "webpack": ">= 4" + }, + "peerDependenciesMeta": { + "eslint": { + "optional": true + }, + "vue-template-compiler": { + "optional": true + } + } + }, + "node_modules/fork-ts-checker-webpack-plugin/node_modules/ajv": { + "version": "6.12.6", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", + "license": "MIT", + "dependencies": { + "fast-deep-equal": "^3.1.1", + "fast-json-stable-stringify": "^2.0.0", + "json-schema-traverse": "^0.4.1", + "uri-js": "^4.2.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/fork-ts-checker-webpack-plugin/node_modules/ajv-keywords": { + "version": "3.5.2", + "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-3.5.2.tgz", + "integrity": "sha512-5p6WTN0DdTGVQk6VjcEju19IgaHudalcfabD7yhDGeA6bcQnmL+CpveLJq/3hvfwd1aof6L386Ougkx6RfyMIQ==", + "license": "MIT", + "peerDependencies": { + "ajv": "^6.9.1" + } + }, + "node_modules/fork-ts-checker-webpack-plugin/node_modules/cosmiconfig": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-6.0.0.tgz", + "integrity": "sha512-xb3ZL6+L8b9JLLCx3ZdoZy4+2ECphCMo2PwqgP1tlfVq6M6YReyzBJtvWWtbDSpNr9hn96pkCiZqUcFEc+54Qg==", + "license": "MIT", + "dependencies": { + "@types/parse-json": "^4.0.0", + "import-fresh": "^3.1.0", + "parse-json": "^5.0.0", + "path-type": "^4.0.0", + "yaml": "^1.7.2" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/fork-ts-checker-webpack-plugin/node_modules/fs-extra": { + "version": "9.1.0", + "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-9.1.0.tgz", + "integrity": "sha512-hcg3ZmepS30/7BSFqRvoo3DOMQu7IjqxO5nCDt+zM9XWjb33Wg7ziNT+Qvqbuc3+gWpzO02JubVyk2G4Zvo1OQ==", + "license": "MIT", + "dependencies": { + "at-least-node": "^1.0.0", + "graceful-fs": "^4.2.0", + "jsonfile": "^6.0.1", + "universalify": "^2.0.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/fork-ts-checker-webpack-plugin/node_modules/json-schema-traverse": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==", + "license": "MIT" + }, + "node_modules/fork-ts-checker-webpack-plugin/node_modules/schema-utils": { + "version": "2.7.0", + "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-2.7.0.tgz", + "integrity": "sha512-0ilKFI6QQF5nxDZLFn2dMjvc4hjg/Wkg7rHd3jK6/A4a1Hl9VFdQWvgB1UMGoU94pad1P/8N7fMcEnLnSiju8A==", + "license": "MIT", + "dependencies": { + "@types/json-schema": "^7.0.4", + "ajv": "^6.12.2", + "ajv-keywords": "^3.4.1" + }, + "engines": { + "node": ">= 8.9.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + } + }, + "node_modules/fork-ts-checker-webpack-plugin/node_modules/tapable": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/tapable/-/tapable-1.1.3.tgz", + "integrity": "sha512-4WK/bYZmj8xLr+HUCODHGF1ZFzsYffasLUgEiMBY4fgtltdO6B4WJtlSbPaDTLpYTcGVwM2qLnFTICEcNxs3kA==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/form-data-encoder": { + "version": "2.1.4", + "resolved": "https://registry.npmjs.org/form-data-encoder/-/form-data-encoder-2.1.4.tgz", + "integrity": "sha512-yDYSgNMraqvnxiEXO4hi88+YZxaHC6QKzb5N84iRCTDeRO7ZALpir/lVmf/uXUhnwUr2O4HU8s/n6x+yNjQkHw==", + "license": "MIT", + "engines": { + "node": ">= 14.17" + } + }, + "node_modules/format": { + "version": "0.2.2", + "resolved": "https://registry.npmjs.org/format/-/format-0.2.2.tgz", + "integrity": "sha512-wzsgA6WOq+09wrU1tsJ09udeR/YZRaeArL9e1wPbFg3GG2yDnC2ldKpxs4xunpFF9DgqCqOIra3bc1HWrJ37Ww==", + "engines": { + "node": ">=0.4.x" + } + }, + "node_modules/forwarded": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", + "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/fraction.js": { + "version": "4.3.7", + "resolved": "https://registry.npmjs.org/fraction.js/-/fraction.js-4.3.7.tgz", + "integrity": "sha512-ZsDfxO51wGAXREY55a7la9LScWpwv9RxIrYABrlvOFBlH/ShPnrtsXeuUIfXKKOVicNxQ+o8JTbJvjS4M89yew==", + "license": "MIT", + "engines": { + "node": "*" + }, + "funding": { + "type": "patreon", + "url": "https://github.com/sponsors/rawify" + } + }, + "node_modules/fresh": { + "version": "0.5.2", + "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", + "integrity": "sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/fs-extra": { + "version": "11.2.0", + "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.2.0.tgz", + "integrity": "sha512-PmDi3uwK5nFuXh7XDTlVnS17xJS7vW36is2+w3xcv8SVxiB4NyATf4ctkVY5bkSjX0Y4nbvZCq1/EjtEyr9ktw==", + "license": "MIT", + "dependencies": { + "graceful-fs": "^4.2.0", + "jsonfile": "^6.0.1", + "universalify": "^2.0.0" + }, + "engines": { + "node": ">=14.14" + } + }, + "node_modules/fs-monkey": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/fs-monkey/-/fs-monkey-1.0.6.tgz", + "integrity": "sha512-b1FMfwetIKymC0eioW7mTywihSQE4oLzQn1dB6rZB5fx/3NpNEdAWeCSMB+60/AeT0TCXsxzAlcYVEFCTAksWg==", + "license": "Unlicense" + }, + "node_modules/fs.realpath": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", + "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==", + "license": "ISC" + }, + "node_modules/fsevents": { + "version": "2.3.3", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==", + "hasInstallScript": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^8.16.0 || ^10.6.0 || >=11.0.0" + } + }, + "node_modules/function-bind": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", + "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/gensync": { + "version": "1.0.0-beta.2", + "resolved": "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.2.tgz", + "integrity": "sha512-3hN7NaskYvMDLQY55gnW3NQ+mesEAepTqlg+VEbj7zzqEMBVNhzcGYYeqFo/TlYz6eQiFcp1HcsCZO+nGgS8zg==", + "license": "MIT", + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/get-intrinsic": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.4.tgz", + "integrity": "sha512-5uYhsJH8VJBTv7oslg4BznJYhDoRI6waYCxMmCdnTrcCrHA/fCFKoTFz2JKKE0HdDFUF7/oQuhzumXJK7paBRQ==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "function-bind": "^1.1.2", + "has-proto": "^1.0.1", + "has-symbols": "^1.0.3", + "hasown": "^2.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/get-own-enumerable-property-symbols": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/get-own-enumerable-property-symbols/-/get-own-enumerable-property-symbols-3.0.2.tgz", + "integrity": "sha512-I0UBV/XOz1XkIJHEUDMZAbzCThU/H8DxmSfmdGcKPnVhu2VfFqr34jr9777IyaTYvxjedWhqVIilEDsCdP5G6g==", + "license": "ISC" + }, + "node_modules/get-stream": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-6.0.1.tgz", + "integrity": "sha512-ts6Wi+2j3jQjqi70w5AlN8DFnkSwC+MqmxEzdEALB2qXZYV3X/b1CTfgPLGJNMeAWxdPfU8FO1ms3NUfaHCPYg==", + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/github-slugger": { + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/github-slugger/-/github-slugger-1.5.0.tgz", + "integrity": "sha512-wIh+gKBI9Nshz2o46B0B3f5k/W+WI9ZAv6y5Dn5WJ5SK1t0TnDimB4WE5rmTD05ZAIn8HALCZVmCsvj0w0v0lw==", + "license": "ISC" + }, + "node_modules/glob": { + "version": "7.2.3", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", + "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==", + "deprecated": "Glob versions prior to v9 are no longer supported", + "license": "ISC", + "dependencies": { + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^3.1.1", + "once": "^1.3.0", + "path-is-absolute": "^1.0.0" + }, + "engines": { + "node": "*" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/glob-parent": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", + "license": "ISC", + "dependencies": { + "is-glob": "^4.0.1" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/glob-to-regexp": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/glob-to-regexp/-/glob-to-regexp-0.4.1.tgz", + "integrity": "sha512-lkX1HJXwyMcprw/5YUZc2s7DrpAiHB21/V+E1rHUrVNokkvB6bqMzT0VfV6/86ZNabt1k14YOIaT7nDvOX3Iiw==", + "license": "BSD-2-Clause" + }, + "node_modules/global-dirs": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/global-dirs/-/global-dirs-3.0.1.tgz", + "integrity": "sha512-NBcGGFbBA9s1VzD41QXDG+3++t9Mn5t1FpLdhESY6oKY4gYTFpX4wO3sqGUa0Srjtbfj3szX0RnemmrVRUdULA==", + "license": "MIT", + "dependencies": { + "ini": "2.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/global-dirs/node_modules/ini": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ini/-/ini-2.0.0.tgz", + "integrity": "sha512-7PnF4oN3CvZF23ADhA5wRaYEQpJ8qygSkbtTXWBeXWXmEVRXK+1ITciHWwHhsjv1TmW0MgacIv6hEi5pX5NQdA==", + "license": "ISC", + "engines": { + "node": ">=10" + } + }, + "node_modules/global-modules": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/global-modules/-/global-modules-2.0.0.tgz", + "integrity": "sha512-NGbfmJBp9x8IxyJSd1P+otYK8vonoJactOogrVfFRIAEY1ukil8RSKDz2Yo7wh1oihl51l/r6W4epkeKJHqL8A==", + "license": "MIT", + "dependencies": { + "global-prefix": "^3.0.0" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/global-prefix": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/global-prefix/-/global-prefix-3.0.0.tgz", + "integrity": "sha512-awConJSVCHVGND6x3tmMaKcQvwXLhjdkmomy2W+Goaui8YPgYgXJZewhg3fWC+DlfqqQuWg8AwqjGTD2nAPVWg==", + "license": "MIT", + "dependencies": { + "ini": "^1.3.5", + "kind-of": "^6.0.2", + "which": "^1.3.1" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/global-prefix/node_modules/which": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/which/-/which-1.3.1.tgz", + "integrity": "sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ==", + "license": "ISC", + "dependencies": { + "isexe": "^2.0.0" + }, + "bin": { + "which": "bin/which" + } + }, + "node_modules/globals": { + "version": "11.12.0", + "resolved": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz", + "integrity": "sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA==", + "license": "MIT", + "engines": { + "node": ">=4" + } + }, + "node_modules/globby": { + "version": "11.1.0", + "resolved": "https://registry.npmjs.org/globby/-/globby-11.1.0.tgz", + "integrity": "sha512-jhIXaOzy1sb8IyocaruWSn1TjmnBVs8Ayhcy83rmxNJ8q2uWKCAj3CnJY+KpGSXCueAPc0i05kVvVKtP1t9S3g==", + "license": "MIT", + "dependencies": { + "array-union": "^2.1.0", + "dir-glob": "^3.0.1", + "fast-glob": "^3.2.9", + "ignore": "^5.2.0", + "merge2": "^1.4.1", + "slash": "^3.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/gopd": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.0.1.tgz", + "integrity": "sha512-d65bNlIadxvpb/A2abVdlqKqV563juRnZ1Wtk6s1sIR8uNsXR70xqIzVqxVf1eTqDunwT2MkczEeaezCKTZhwA==", + "license": "MIT", + "dependencies": { + "get-intrinsic": "^1.1.3" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/got": { + "version": "12.6.1", + "resolved": "https://registry.npmjs.org/got/-/got-12.6.1.tgz", + "integrity": "sha512-mThBblvlAF1d4O5oqyvN+ZxLAYwIJK7bpMxgYqPD9okW0C3qm5FFn7k811QrcuEBwaogR3ngOFoCfs6mRv7teQ==", + "license": "MIT", + "dependencies": { + "@sindresorhus/is": "^5.2.0", + "@szmarczak/http-timer": "^5.0.1", + "cacheable-lookup": "^7.0.0", + "cacheable-request": "^10.2.8", + "decompress-response": "^6.0.0", + "form-data-encoder": "^2.1.2", + "get-stream": "^6.0.1", + "http2-wrapper": "^2.1.10", + "lowercase-keys": "^3.0.0", + "p-cancelable": "^3.0.0", + "responselike": "^3.0.0" + }, + "engines": { + "node": ">=14.16" + }, + "funding": { + "url": "https://github.com/sindresorhus/got?sponsor=1" + } + }, + "node_modules/got/node_modules/@sindresorhus/is": { + "version": "5.6.0", + "resolved": "https://registry.npmjs.org/@sindresorhus/is/-/is-5.6.0.tgz", + "integrity": "sha512-TV7t8GKYaJWsn00tFDqBw8+Uqmr8A0fRU1tvTQhyZzGv0sJCGRQL3JGMI3ucuKo3XIZdUP+Lx7/gh2t3lewy7g==", + "license": "MIT", + "engines": { + "node": ">=14.16" + }, + "funding": { + "url": "https://github.com/sindresorhus/is?sponsor=1" + } + }, + "node_modules/graceful-fs": { + "version": "4.2.11", + "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", + "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==", + "license": "ISC" + }, + "node_modules/gray-matter": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/gray-matter/-/gray-matter-4.0.3.tgz", + "integrity": "sha512-5v6yZd4JK3eMI3FqqCouswVqwugaA9r4dNZB1wwcmrD02QkV5H0y7XBQW8QwQqEaZY1pM9aqORSORhJRdNK44Q==", + "license": "MIT", + "dependencies": { + "js-yaml": "^3.13.1", + "kind-of": "^6.0.2", + "section-matter": "^1.0.0", + "strip-bom-string": "^1.0.0" + }, + "engines": { + "node": ">=6.0" + } + }, + "node_modules/gray-matter/node_modules/argparse": { + "version": "1.0.10", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", + "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==", + "license": "MIT", + "dependencies": { + "sprintf-js": "~1.0.2" + } + }, + "node_modules/gray-matter/node_modules/js-yaml": { + "version": "3.14.1", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", + "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==", + "license": "MIT", + "dependencies": { + "argparse": "^1.0.7", + "esprima": "^4.0.0" + }, + "bin": { + "js-yaml": "bin/js-yaml.js" + } + }, + "node_modules/gzip-size": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/gzip-size/-/gzip-size-6.0.0.tgz", + "integrity": "sha512-ax7ZYomf6jqPTQ4+XCpUGyXKHk5WweS+e05MBO4/y3WJ5RkmPXNKvX+bx1behVILVwr6JSQvZAku021CHPXG3Q==", + "license": "MIT", + "dependencies": { + "duplexer": "^0.1.2" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/hachure-fill": { + "version": "0.5.2", + "resolved": "https://registry.npmjs.org/hachure-fill/-/hachure-fill-0.5.2.tgz", + "integrity": "sha512-3GKBOn+m2LX9iq+JC1064cSFprJY4jL1jCXTcpnfER5HYE2l/4EfWSGzkPa/ZDBmYI0ZOEj5VHV/eKnPGkHuOg==", + "license": "MIT" + }, + "node_modules/handle-thing": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/handle-thing/-/handle-thing-2.0.1.tgz", + "integrity": "sha512-9Qn4yBxelxoh2Ow62nP+Ka/kMnOXRi8BXnRaUwezLNhqelnN49xKz4F/dPP8OYLxLxq6JDtZb2i9XznUQbNPTg==", + "license": "MIT" + }, + "node_modules/has-flag": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/has-property-descriptors": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz", + "integrity": "sha512-55JNKuIW+vq4Ke1BjOTjM2YctQIvCT7GFzHwmfZPGo5wnrgkid0YQtnAleFSqumZm4az3n2BS+erby5ipJdgrg==", + "license": "MIT", + "dependencies": { + "es-define-property": "^1.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has-proto": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.3.tgz", + "integrity": "sha512-SJ1amZAJUiZS+PhsVLf5tGydlaVB8EdFpaSO4gmiUKUOxk8qzn5AIy4ZeJUmh22znIdk/uMAUT2pl3FxzVUH+Q==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has-symbols": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz", + "integrity": "sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has-yarn": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/has-yarn/-/has-yarn-3.0.0.tgz", + "integrity": "sha512-IrsVwUHhEULx3R8f/aA8AHuEzAorplsab/v8HBzEiIukwq5i/EC+xmOW+HfP1OaDP+2JkgT1yILHN2O3UFIbcA==", + "license": "MIT", + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/hasown": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz", + "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==", + "license": "MIT", + "dependencies": { + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/hast-util-from-parse5": { + "version": "8.0.2", + "resolved": "https://registry.npmjs.org/hast-util-from-parse5/-/hast-util-from-parse5-8.0.2.tgz", + "integrity": "sha512-SfMzfdAi/zAoZ1KkFEyyeXBn7u/ShQrfd675ZEE9M3qj+PMFX05xubzRyF76CCSJu8au9jgVxDV1+okFvgZU4A==", + "license": "MIT", + "dependencies": { + "@types/hast": "^3.0.0", + "@types/unist": "^3.0.0", + "devlop": "^1.0.0", + "hastscript": "^9.0.0", + "property-information": "^6.0.0", + "vfile": "^6.0.0", + "vfile-location": "^5.0.0", + "web-namespaces": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/hast-util-parse-selector": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/hast-util-parse-selector/-/hast-util-parse-selector-4.0.0.tgz", + "integrity": "sha512-wkQCkSYoOGCRKERFWcxMVMOcYE2K1AaNLU8DXS9arxnLOUEWbOXKXiJUNzEpqZ3JOKpnha3jkFrumEjVliDe7A==", + "license": "MIT", + "dependencies": { + "@types/hast": "^3.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/hast-util-raw": { + "version": "9.1.0", + "resolved": "https://registry.npmjs.org/hast-util-raw/-/hast-util-raw-9.1.0.tgz", + "integrity": "sha512-Y8/SBAHkZGoNkpzqqfCldijcuUKh7/su31kEBp67cFY09Wy0mTRgtsLYsiIxMJxlu0f6AA5SUTbDR8K0rxnbUw==", + "license": "MIT", + "dependencies": { + "@types/hast": "^3.0.0", + "@types/unist": "^3.0.0", + "@ungap/structured-clone": "^1.0.0", + "hast-util-from-parse5": "^8.0.0", + "hast-util-to-parse5": "^8.0.0", + "html-void-elements": "^3.0.0", + "mdast-util-to-hast": "^13.0.0", + "parse5": "^7.0.0", + "unist-util-position": "^5.0.0", + "unist-util-visit": "^5.0.0", + "vfile": "^6.0.0", + "web-namespaces": "^2.0.0", + "zwitch": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/hast-util-to-estree": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/hast-util-to-estree/-/hast-util-to-estree-3.1.0.tgz", + "integrity": "sha512-lfX5g6hqVh9kjS/B9E2gSkvHH4SZNiQFiqWS0x9fENzEl+8W12RqdRxX6d/Cwxi30tPQs3bIO+aolQJNp1bIyw==", + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0", + "@types/estree-jsx": "^1.0.0", + "@types/hast": "^3.0.0", + "comma-separated-tokens": "^2.0.0", + "devlop": "^1.0.0", + "estree-util-attach-comments": "^3.0.0", + "estree-util-is-identifier-name": "^3.0.0", + "hast-util-whitespace": "^3.0.0", + "mdast-util-mdx-expression": "^2.0.0", + "mdast-util-mdx-jsx": "^3.0.0", + "mdast-util-mdxjs-esm": "^2.0.0", + "property-information": "^6.0.0", + "space-separated-tokens": "^2.0.0", + "style-to-object": "^0.4.0", + "unist-util-position": "^5.0.0", + "zwitch": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/hast-util-to-estree/node_modules/inline-style-parser": { + "version": "0.1.1", + "resolved": "https://registry.npmjs.org/inline-style-parser/-/inline-style-parser-0.1.1.tgz", + "integrity": "sha512-7NXolsK4CAS5+xvdj5OMMbI962hU/wvwoxk+LWR9Ek9bVtyuuYScDN6eS0rUm6TxApFpw7CX1o4uJzcd4AyD3Q==", + "license": "MIT" + }, + "node_modules/hast-util-to-estree/node_modules/style-to-object": { + "version": "0.4.4", + "resolved": "https://registry.npmjs.org/style-to-object/-/style-to-object-0.4.4.tgz", + "integrity": "sha512-HYNoHZa2GorYNyqiCaBgsxvcJIn7OHq6inEga+E6Ke3m5JkoqpQbnFssk4jwe+K7AhGa2fcha4wSOf1Kn01dMg==", + "license": "MIT", + "dependencies": { + "inline-style-parser": "0.1.1" + } + }, + "node_modules/hast-util-to-jsx-runtime": { + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/hast-util-to-jsx-runtime/-/hast-util-to-jsx-runtime-2.3.2.tgz", + "integrity": "sha512-1ngXYb+V9UT5h+PxNRa1O1FYguZK/XL+gkeqvp7EdHlB9oHUG0eYRo/vY5inBdcqo3RkPMC58/H94HvkbfGdyg==", + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0", + "@types/hast": "^3.0.0", + "@types/unist": "^3.0.0", + "comma-separated-tokens": "^2.0.0", + "devlop": "^1.0.0", + "estree-util-is-identifier-name": "^3.0.0", + "hast-util-whitespace": "^3.0.0", + "mdast-util-mdx-expression": "^2.0.0", + "mdast-util-mdx-jsx": "^3.0.0", + "mdast-util-mdxjs-esm": "^2.0.0", + "property-information": "^6.0.0", + "space-separated-tokens": "^2.0.0", + "style-to-object": "^1.0.0", + "unist-util-position": "^5.0.0", + "vfile-message": "^4.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/hast-util-to-parse5": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/hast-util-to-parse5/-/hast-util-to-parse5-8.0.0.tgz", + "integrity": "sha512-3KKrV5ZVI8if87DVSi1vDeByYrkGzg4mEfeu4alwgmmIeARiBLKCZS2uw5Gb6nU9x9Yufyj3iudm6i7nl52PFw==", + "license": "MIT", + "dependencies": { + "@types/hast": "^3.0.0", + "comma-separated-tokens": "^2.0.0", + "devlop": "^1.0.0", + "property-information": "^6.0.0", + "space-separated-tokens": "^2.0.0", + "web-namespaces": "^2.0.0", + "zwitch": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/hast-util-whitespace": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/hast-util-whitespace/-/hast-util-whitespace-3.0.0.tgz", + "integrity": "sha512-88JUN06ipLwsnv+dVn+OIYOvAuvBMy/Qoi6O7mQHxdPXpjy+Cd6xRkWwux7DKO+4sYILtLBRIKgsdpS2gQc7qw==", + "license": "MIT", + "dependencies": { + "@types/hast": "^3.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/hastscript": { + "version": "9.0.0", + "resolved": "https://registry.npmjs.org/hastscript/-/hastscript-9.0.0.tgz", + "integrity": "sha512-jzaLBGavEDKHrc5EfFImKN7nZKKBdSLIdGvCwDZ9TfzbF2ffXiov8CKE445L2Z1Ek2t/m4SKQ2j6Ipv7NyUolw==", + "license": "MIT", + "dependencies": { + "@types/hast": "^3.0.0", + "comma-separated-tokens": "^2.0.0", + "hast-util-parse-selector": "^4.0.0", + "property-information": "^6.0.0", + "space-separated-tokens": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/he": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/he/-/he-1.2.0.tgz", + "integrity": "sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw==", + "license": "MIT", + "bin": { + "he": "bin/he" + } + }, + "node_modules/history": { + "version": "4.10.1", + "resolved": "https://registry.npmjs.org/history/-/history-4.10.1.tgz", + "integrity": "sha512-36nwAD620w12kuzPAsyINPWJqlNbij+hpK1k9XRloDtym8mxzGYl2c17LnV6IAGB2Dmg4tEa7G7DlawS0+qjew==", + "license": "MIT", + "dependencies": { + "@babel/runtime": "^7.1.2", + "loose-envify": "^1.2.0", + "resolve-pathname": "^3.0.0", + "tiny-invariant": "^1.0.2", + "tiny-warning": "^1.0.0", + "value-equal": "^1.0.1" + } + }, + "node_modules/hoist-non-react-statics": { + "version": "3.3.2", + "resolved": "https://registry.npmjs.org/hoist-non-react-statics/-/hoist-non-react-statics-3.3.2.tgz", + "integrity": "sha512-/gGivxi8JPKWNm/W0jSmzcMPpfpPLc3dY/6GxhX2hQ9iGj3aDfklV4ET7NjKpSinLpJ5vafa9iiGIEZg10SfBw==", + "license": "BSD-3-Clause", + "dependencies": { + "react-is": "^16.7.0" + } + }, + "node_modules/hpack.js": { + "version": "2.1.6", + "resolved": "https://registry.npmjs.org/hpack.js/-/hpack.js-2.1.6.tgz", + "integrity": "sha512-zJxVehUdMGIKsRaNt7apO2Gqp0BdqW5yaiGHXXmbpvxgBYVZnAql+BJb4RO5ad2MgpbZKn5G6nMnegrH1FcNYQ==", + "license": "MIT", + "dependencies": { + "inherits": "^2.0.1", + "obuf": "^1.0.0", + "readable-stream": "^2.0.1", + "wbuf": "^1.1.0" + } + }, + "node_modules/hpack.js/node_modules/isarray": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", + "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==", + "license": "MIT" + }, + "node_modules/hpack.js/node_modules/readable-stream": { + "version": "2.3.8", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", + "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==", + "license": "MIT", + "dependencies": { + "core-util-is": "~1.0.0", + "inherits": "~2.0.3", + "isarray": "~1.0.0", + "process-nextick-args": "~2.0.0", + "safe-buffer": "~5.1.1", + "string_decoder": "~1.1.1", + "util-deprecate": "~1.0.1" + } + }, + "node_modules/hpack.js/node_modules/safe-buffer": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", + "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==", + "license": "MIT" + }, + "node_modules/hpack.js/node_modules/string_decoder": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", + "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", + "license": "MIT", + "dependencies": { + "safe-buffer": "~5.1.0" + } + }, + "node_modules/htm": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/htm/-/htm-3.1.1.tgz", + "integrity": "sha512-983Vyg8NwUE7JkZ6NmOqpCZ+sh1bKv2iYTlUkzlWmA5JD2acKoxd4KVxbMmxX/85mtfdnDmTFoNKcg5DGAvxNQ==", + "license": "Apache-2.0" + }, + "node_modules/html-entities": { + "version": "2.5.2", + "resolved": "https://registry.npmjs.org/html-entities/-/html-entities-2.5.2.tgz", + "integrity": "sha512-K//PSRMQk4FZ78Kyau+mZurHn3FH0Vwr+H36eE0rPbeYkRRi9YxceYPhuN60UwWorxyKHhqoAJl2OFKa4BVtaA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/mdevils" + }, + { + "type": "patreon", + "url": "https://patreon.com/mdevils" + } + ], + "license": "MIT" + }, + "node_modules/html-escaper": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz", + "integrity": "sha512-H2iMtd0I4Mt5eYiapRdIDjp+XzelXQ0tFE4JS7YFwFevXXMmOp9myNrUvCg0D6ws8iqkRPBfKHgbwig1SmlLfg==", + "license": "MIT" + }, + "node_modules/html-minifier-terser": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/html-minifier-terser/-/html-minifier-terser-7.2.0.tgz", + "integrity": "sha512-tXgn3QfqPIpGl9o+K5tpcj3/MN4SfLtsx2GWwBC3SSd0tXQGyF3gsSqad8loJgKZGM3ZxbYDd5yhiBIdWpmvLA==", + "license": "MIT", + "dependencies": { + "camel-case": "^4.1.2", + "clean-css": "~5.3.2", + "commander": "^10.0.0", + "entities": "^4.4.0", + "param-case": "^3.0.4", + "relateurl": "^0.2.7", + "terser": "^5.15.1" + }, + "bin": { + "html-minifier-terser": "cli.js" + }, + "engines": { + "node": "^14.13.1 || >=16.0.0" + } + }, + "node_modules/html-minifier-terser/node_modules/commander": { + "version": "10.0.1", + "resolved": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz", + "integrity": "sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug==", + "license": "MIT", + "engines": { + "node": ">=14" + } + }, + "node_modules/html-tags": { + "version": "3.3.1", + "resolved": "https://registry.npmjs.org/html-tags/-/html-tags-3.3.1.tgz", + "integrity": "sha512-ztqyC3kLto0e9WbNp0aeP+M3kTt+nbaIveGmUxAtZa+8iFgKLUOD4YKM5j+f3QD89bra7UeumolZHKuOXnTmeQ==", + "license": "MIT", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/html-void-elements": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/html-void-elements/-/html-void-elements-3.0.0.tgz", + "integrity": "sha512-bEqo66MRXsUGxWHV5IP0PUiAWwoEjba4VCzg0LjFJBpchPaTfyfCKTG6bc5F8ucKec3q5y6qOdGyYTSBEvhCrg==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/html-webpack-plugin": { + "version": "5.6.3", + "resolved": "https://registry.npmjs.org/html-webpack-plugin/-/html-webpack-plugin-5.6.3.tgz", + "integrity": "sha512-QSf1yjtSAsmf7rYBV7XX86uua4W/vkhIt0xNXKbsi2foEeW7vjJQz4bhnpL3xH+l1ryl1680uNv968Z+X6jSYg==", + "license": "MIT", + "dependencies": { + "@types/html-minifier-terser": "^6.0.0", + "html-minifier-terser": "^6.0.2", + "lodash": "^4.17.21", + "pretty-error": "^4.0.0", + "tapable": "^2.0.0" + }, + "engines": { + "node": ">=10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/html-webpack-plugin" + }, + "peerDependencies": { + "@rspack/core": "0.x || 1.x", + "webpack": "^5.20.0" + }, + "peerDependenciesMeta": { + "@rspack/core": { + "optional": true + }, + "webpack": { + "optional": true + } + } + }, + "node_modules/html-webpack-plugin/node_modules/commander": { + "version": "8.3.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-8.3.0.tgz", + "integrity": "sha512-OkTL9umf+He2DZkUq8f8J9of7yL6RJKI24dVITBmNfZBmri9zYZQrKkuXiKhyfPSu8tUhnVBB1iKXevvnlR4Ww==", + "license": "MIT", + "engines": { + "node": ">= 12" + } + }, + "node_modules/html-webpack-plugin/node_modules/html-minifier-terser": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/html-minifier-terser/-/html-minifier-terser-6.1.0.tgz", + "integrity": "sha512-YXxSlJBZTP7RS3tWnQw74ooKa6L9b9i9QYXY21eUEvhZ3u9XLfv6OnFsQq6RxkhHygsaUMvYsZRV5rU/OVNZxw==", + "license": "MIT", + "dependencies": { + "camel-case": "^4.1.2", + "clean-css": "^5.2.2", + "commander": "^8.3.0", + "he": "^1.2.0", + "param-case": "^3.0.4", + "relateurl": "^0.2.7", + "terser": "^5.10.0" + }, + "bin": { + "html-minifier-terser": "cli.js" + }, + "engines": { + "node": ">=12" + } + }, + "node_modules/htmlparser2": { + "version": "8.0.2", + "resolved": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-8.0.2.tgz", + "integrity": "sha512-GYdjWKDkbRLkZ5geuHs5NY1puJ+PXwP7+fHPRz06Eirsb9ugf6d8kkXav6ADhcODhFFPMIXyxkxSuMf3D6NCFA==", + "funding": [ + "https://github.com/fb55/htmlparser2?sponsor=1", + { + "type": "github", + "url": "https://github.com/sponsors/fb55" + } + ], + "license": "MIT", + "dependencies": { + "domelementtype": "^2.3.0", + "domhandler": "^5.0.3", + "domutils": "^3.0.1", + "entities": "^4.4.0" + } + }, + "node_modules/http-cache-semantics": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/http-cache-semantics/-/http-cache-semantics-4.1.1.tgz", + "integrity": "sha512-er295DKPVsV82j5kw1Gjt+ADA/XYHsajl82cGNQG2eyoPkvgUhX+nDIyelzhIWbbsXP39EHcI6l5tYs2FYqYXQ==", + "license": "BSD-2-Clause" + }, + "node_modules/http-deceiver": { + "version": "1.2.7", + "resolved": "https://registry.npmjs.org/http-deceiver/-/http-deceiver-1.2.7.tgz", + "integrity": "sha512-LmpOGxTfbpgtGVxJrj5k7asXHCgNZp5nLfp+hWc8QQRqtb7fUy6kRY3BO1h9ddF6yIPYUARgxGOwB42DnxIaNw==", + "license": "MIT" + }, + "node_modules/http-errors": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", + "integrity": "sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ==", + "license": "MIT", + "dependencies": { + "depd": "2.0.0", + "inherits": "2.0.4", + "setprototypeof": "1.2.0", + "statuses": "2.0.1", + "toidentifier": "1.0.1" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/http-parser-js": { + "version": "0.5.8", + "resolved": "https://registry.npmjs.org/http-parser-js/-/http-parser-js-0.5.8.tgz", + "integrity": "sha512-SGeBX54F94Wgu5RH3X5jsDtf4eHyRogWX1XGT3b4HuW3tQPM4AaBzoUji/4AAJNXCEOWZ5O0DgZmJw1947gD5Q==", + "license": "MIT" + }, + "node_modules/http-proxy": { + "version": "1.18.1", + "resolved": "https://registry.npmjs.org/http-proxy/-/http-proxy-1.18.1.tgz", + "integrity": "sha512-7mz/721AbnJwIVbnaSv1Cz3Am0ZLT/UBwkC92VlxhXv/k/BBQfM2fXElQNC27BVGr0uwUpplYPQM9LnaBMR5NQ==", + "license": "MIT", + "dependencies": { + "eventemitter3": "^4.0.0", + "follow-redirects": "^1.0.0", + "requires-port": "^1.0.0" + }, + "engines": { + "node": ">=8.0.0" + } + }, + "node_modules/http-proxy-middleware": { + "version": "2.0.7", + "resolved": "https://registry.npmjs.org/http-proxy-middleware/-/http-proxy-middleware-2.0.7.tgz", + "integrity": "sha512-fgVY8AV7qU7z/MmXJ/rxwbrtQH4jBQ9m7kp3llF0liB7glmFeVZFBepQb32T3y8n8k2+AEYuMPCpinYW+/CuRA==", + "license": "MIT", + "dependencies": { + "@types/http-proxy": "^1.17.8", + "http-proxy": "^1.18.1", + "is-glob": "^4.0.1", + "is-plain-obj": "^3.0.0", + "micromatch": "^4.0.2" + }, + "engines": { + "node": ">=12.0.0" + }, + "peerDependencies": { + "@types/express": "^4.17.13" + }, + "peerDependenciesMeta": { + "@types/express": { + "optional": true + } + } + }, + "node_modules/http-proxy-middleware/node_modules/is-plain-obj": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-3.0.0.tgz", + "integrity": "sha512-gwsOE28k+23GP1B6vFl1oVh/WOzmawBrKwo5Ev6wMKzPkaXaCDIQKzLnvsA42DRlbVTWorkgTKIviAKCWkfUwA==", + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/http2-wrapper": { + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/http2-wrapper/-/http2-wrapper-2.2.1.tgz", + "integrity": "sha512-V5nVw1PAOgfI3Lmeaj2Exmeg7fenjhRUgz1lPSezy1CuhPYbgQtbQj4jZfEAEMlaL+vupsvhjqCyjzob0yxsmQ==", + "license": "MIT", + "dependencies": { + "quick-lru": "^5.1.1", + "resolve-alpn": "^1.2.0" + }, + "engines": { + "node": ">=10.19.0" + } + }, + "node_modules/human-signals": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/human-signals/-/human-signals-2.1.0.tgz", + "integrity": "sha512-B4FFZ6q/T2jhhksgkbEW3HBvWIfDW85snkQgawt07S7J5QXTk6BkNV+0yAeZrM5QpMAdYlocGoljn0sJ/WQkFw==", + "license": "Apache-2.0", + "engines": { + "node": ">=10.17.0" + } + }, + "node_modules/iconv-lite": { + "version": "0.6.3", + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz", + "integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==", + "license": "MIT", + "dependencies": { + "safer-buffer": ">= 2.1.2 < 3.0.0" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/icss-utils": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/icss-utils/-/icss-utils-5.1.0.tgz", + "integrity": "sha512-soFhflCVWLfRNOPU3iv5Z9VUdT44xFRbzjLsEzSr5AQmgqPMTHdU3PMT1Cf1ssx8fLNJDA1juftYl+PUcv3MqA==", + "license": "ISC", + "engines": { + "node": "^10 || ^12 || >= 14" + }, + "peerDependencies": { + "postcss": "^8.1.0" + } + }, + "node_modules/ignore": { + "version": "5.3.2", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz", + "integrity": "sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g==", + "license": "MIT", + "engines": { + "node": ">= 4" + } + }, + "node_modules/image-size": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/image-size/-/image-size-1.1.1.tgz", + "integrity": "sha512-541xKlUw6jr/6gGuk92F+mYM5zaFAc5ahphvkqvNe2bQ6gVBkd6bfrmVJ2t4KDAfikAYZyIqTnktX3i6/aQDrQ==", + "license": "MIT", + "dependencies": { + "queue": "6.0.2" + }, + "bin": { + "image-size": "bin/image-size.js" + }, + "engines": { + "node": ">=16.x" + } + }, + "node_modules/immer": { + "version": "9.0.21", + "resolved": "https://registry.npmjs.org/immer/-/immer-9.0.21.tgz", + "integrity": "sha512-bc4NBHqOqSfRW7POMkHd51LvClaeMXpm8dx0e8oE2GORbq5aRK7Bxl4FyzVLdGtLmvLKL7BTDBG5ACQm4HWjTA==", + "license": "MIT", + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/immer" + } + }, + "node_modules/import-fresh": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.0.tgz", + "integrity": "sha512-veYYhQa+D1QBKznvhUHxb8faxlrwUnxseDAbAp457E0wLNio2bOSKnjYDhMj+YiAq61xrMGhQk9iXVk5FzgQMw==", + "license": "MIT", + "dependencies": { + "parent-module": "^1.0.0", + "resolve-from": "^4.0.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/import-lazy": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/import-lazy/-/import-lazy-4.0.0.tgz", + "integrity": "sha512-rKtvo6a868b5Hu3heneU+L4yEQ4jYKLtjpnPeUdK7h0yzXGmyBTypknlkCvHFBqfX9YlorEiMM6Dnq/5atfHkw==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/imurmurhash": { + "version": "0.1.4", + "resolved": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz", + "integrity": "sha512-JmXMZ6wuvDmLiHEml9ykzqO6lwFbof0GG4IkcGaENdCRDDmMVnny7s5HsIgHCbaq0w2MyPhDqkhTUgS2LU2PHA==", + "license": "MIT", + "engines": { + "node": ">=0.8.19" + } + }, + "node_modules/indent-string": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz", + "integrity": "sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/infima": { + "version": "0.2.0-alpha.45", + "resolved": "https://registry.npmjs.org/infima/-/infima-0.2.0-alpha.45.tgz", + "integrity": "sha512-uyH0zfr1erU1OohLk0fT4Rrb94AOhguWNOcD9uGrSpRvNB+6gZXUoJX5J0NtvzBO10YZ9PgvA4NFgt+fYg8ojw==", + "license": "MIT", + "engines": { + "node": ">=12" + } + }, + "node_modules/inflight": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", + "integrity": "sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==", + "deprecated": "This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.", + "license": "ISC", + "dependencies": { + "once": "^1.3.0", + "wrappy": "1" + } + }, + "node_modules/inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "license": "ISC" + }, + "node_modules/ini": { + "version": "1.3.8", + "resolved": "https://registry.npmjs.org/ini/-/ini-1.3.8.tgz", + "integrity": "sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew==", + "license": "ISC" + }, + "node_modules/inline-style-parser": { + "version": "0.2.4", + "resolved": "https://registry.npmjs.org/inline-style-parser/-/inline-style-parser-0.2.4.tgz", + "integrity": "sha512-0aO8FkhNZlj/ZIbNi7Lxxr12obT7cL1moPfE4tg1LkX7LlLfC6DeX4l2ZEud1ukP9jNQyNnfzQVqwbwmAATY4Q==", + "license": "MIT" + }, + "node_modules/internmap": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/internmap/-/internmap-2.0.3.tgz", + "integrity": "sha512-5Hh7Y1wQbvY5ooGgPbDaL5iYLAPzMTUrjMulskHLH6wnv/A+1q5rgEaiuqEjB+oxGXIVZs1FF+R/KPN3ZSQYYg==", + "license": "ISC", + "engines": { + "node": ">=12" + } + }, + "node_modules/interpret": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/interpret/-/interpret-1.4.0.tgz", + "integrity": "sha512-agE4QfB2Lkp9uICn7BAqoscw4SZP9kTE2hxiFI3jBPmXJfdqiahTbUuKGsMoN2GtqL9AxhYioAcVvgsb1HvRbA==", + "license": "MIT", + "engines": { + "node": ">= 0.10" + } + }, + "node_modules/invariant": { + "version": "2.2.4", + "resolved": "https://registry.npmjs.org/invariant/-/invariant-2.2.4.tgz", + "integrity": "sha512-phJfQVBuaJM5raOpJjSfkiD6BpbCE4Ns//LaXl6wGYtUBY83nWS6Rf9tXm2e8VaK60JEjYldbPif/A2B1C2gNA==", + "license": "MIT", + "dependencies": { + "loose-envify": "^1.0.0" + } + }, + "node_modules/ipaddr.js": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-2.2.0.tgz", + "integrity": "sha512-Ag3wB2o37wslZS19hZqorUnrnzSkpOVy+IiiDEiTqNubEYpYuHWIf6K4psgN2ZWKExS4xhVCrRVfb/wfW8fWJA==", + "license": "MIT", + "engines": { + "node": ">= 10" + } + }, + "node_modules/is-alphabetical": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/is-alphabetical/-/is-alphabetical-2.0.1.tgz", + "integrity": "sha512-FWyyY60MeTNyeSRpkM2Iry0G9hpr7/9kD40mD/cGQEuilcZYS4okz8SN2Q6rLCJ8gbCt6fN+rC+6tMGS99LaxQ==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/is-alphanumerical": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/is-alphanumerical/-/is-alphanumerical-2.0.1.tgz", + "integrity": "sha512-hmbYhX/9MUMF5uh7tOXyK/n0ZvWpad5caBA17GsC6vyuCqaWliRG5K1qS9inmUhEMaOBIW7/whAnSwveW/LtZw==", + "license": "MIT", + "dependencies": { + "is-alphabetical": "^2.0.0", + "is-decimal": "^2.0.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/is-arrayish": { + "version": "0.2.1", + "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz", + "integrity": "sha512-zz06S8t0ozoDXMG+ube26zeCTNXcKIPJZJi8hBrF4idCLms4CG9QtK7qBl1boi5ODzFpjswb5JPmHCbMpjaYzg==", + "license": "MIT" + }, + "node_modules/is-binary-path": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", + "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==", + "license": "MIT", + "dependencies": { + "binary-extensions": "^2.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/is-ci": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/is-ci/-/is-ci-3.0.1.tgz", + "integrity": "sha512-ZYvCgrefwqoQ6yTyYUbQu64HsITZ3NfKX1lzaEYdkTDcfKzzCI/wthRRYKkdjHKFVgNiXKAKm65Zo1pk2as/QQ==", + "license": "MIT", + "dependencies": { + "ci-info": "^3.2.0" + }, + "bin": { + "is-ci": "bin.js" + } + }, + "node_modules/is-core-module": { + "version": "2.15.1", + "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.15.1.tgz", + "integrity": "sha512-z0vtXSwucUJtANQWldhbtbt7BnL0vxiFjIdDLAatwhDYty2bad6s+rijD6Ri4YuYJubLzIJLUidCh09e1djEVQ==", + "license": "MIT", + "dependencies": { + "hasown": "^2.0.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-decimal": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/is-decimal/-/is-decimal-2.0.1.tgz", + "integrity": "sha512-AAB9hiomQs5DXWcRB1rqsxGUstbRroFOPPVAomNk/3XHR5JyEZChOyTWe2oayKnsSsr/kcGqF+z6yuH6HHpN0A==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/is-docker": { + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/is-docker/-/is-docker-2.2.1.tgz", + "integrity": "sha512-F+i2BKsFrH66iaUFc0woD8sLy8getkwTwtOBjvs56Cx4CgJDeKQeqfz8wAYiSb8JOprWhHH5p77PbmYCvvUuXQ==", + "license": "MIT", + "bin": { + "is-docker": "cli.js" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/is-extendable": { + "version": "0.1.1", + "resolved": "https://registry.npmjs.org/is-extendable/-/is-extendable-0.1.1.tgz", + "integrity": "sha512-5BMULNob1vgFX6EjQw5izWDxrecWK9AM72rugNr0TFldMOi0fj6Jk+zeKIt0xGj4cEfQIJth4w3OKWOJ4f+AFw==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-extglob": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", + "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-fullwidth-code-point": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", + "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/is-glob": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", + "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==", + "license": "MIT", + "dependencies": { + "is-extglob": "^2.1.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-hexadecimal": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/is-hexadecimal/-/is-hexadecimal-2.0.1.tgz", + "integrity": "sha512-DgZQp241c8oO6cA1SbTEWiXeoxV42vlcJxgH+B3hi1AiqqKruZR3ZGF8In3fj4+/y/7rHvlOZLZtgJ/4ttYGZg==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/is-installed-globally": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/is-installed-globally/-/is-installed-globally-0.4.0.tgz", + "integrity": "sha512-iwGqO3J21aaSkC7jWnHP/difazwS7SFeIqxv6wEtLU8Y5KlzFTjyqcSIT0d8s4+dDhKytsk9PJZ2BkS5eZwQRQ==", + "license": "MIT", + "dependencies": { + "global-dirs": "^3.0.0", + "is-path-inside": "^3.0.2" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/is-npm": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/is-npm/-/is-npm-6.0.0.tgz", + "integrity": "sha512-JEjxbSmtPSt1c8XTkVrlujcXdKV1/tvuQ7GwKcAlyiVLeYFQ2VHat8xfrDJsIkhCdF/tZ7CiIR3sy141c6+gPQ==", + "license": "MIT", + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/is-number": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", + "license": "MIT", + "engines": { + "node": ">=0.12.0" + } + }, + "node_modules/is-obj": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/is-obj/-/is-obj-1.0.1.tgz", + "integrity": "sha512-l4RyHgRqGN4Y3+9JHVrNqO+tN0rV5My76uW5/nuO4K1b6vw5G8d/cmFjP9tRfEsdhZNt0IFdZuK/c2Vr4Nb+Qg==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-path-cwd": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/is-path-cwd/-/is-path-cwd-2.2.0.tgz", + "integrity": "sha512-w942bTcih8fdJPJmQHFzkS76NEP8Kzzvmw92cXsazb8intwLqPibPPdXf4ANdKV3rYMuuQYGIWtvz9JilB3NFQ==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/is-path-inside": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-3.0.3.tgz", + "integrity": "sha512-Fd4gABb+ycGAmKou8eMftCupSir5lRxqf4aD/vd0cD2qc4HL07OjCeuHMr8Ro4CoMaeCKDB0/ECBOVWjTwUvPQ==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/is-plain-obj": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-4.1.0.tgz", + "integrity": "sha512-+Pgi+vMuUNkJyExiMBt5IlFoMyKnr5zhJ4Uspz58WOhBF5QoIZkFyNHIbBAtHwzVAgk5RtndVNsDRN61/mmDqg==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/is-plain-object": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", + "integrity": "sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==", + "license": "MIT", + "dependencies": { + "isobject": "^3.0.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-regexp": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/is-regexp/-/is-regexp-1.0.0.tgz", + "integrity": "sha512-7zjFAPO4/gwyQAAgRRmqeEeyIICSdmCqa3tsVHMdBzaXXRiqopZL4Cyghg/XulGWrtABTpbnYYzzIRffLkP4oA==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-root": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-root/-/is-root-2.1.0.tgz", + "integrity": "sha512-AGOriNp96vNBd3HtU+RzFEc75FfR5ymiYv8E553I71SCeXBiMsVDUtdio1OEFvrPyLIQ9tVR5RxXIFe5PUFjMg==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/is-stream": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz", + "integrity": "sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg==", + "license": "MIT", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/is-typedarray": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/is-typedarray/-/is-typedarray-1.0.0.tgz", + "integrity": "sha512-cyA56iCMHAh5CdzjJIa4aohJyeO1YbwLi3Jc35MmRU6poroFjIGZzUzupGiRPOjgHg9TLu43xbpwXk523fMxKA==", + "license": "MIT" + }, + "node_modules/is-wsl": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/is-wsl/-/is-wsl-2.2.0.tgz", + "integrity": "sha512-fKzAra0rGJUUBwGBgNkHZuToZcn+TtXHpeCgmkMJMMYx1sQDYaCSyjJBSCa2nH1DGm7s3n1oBnohoVTBaN7Lww==", + "license": "MIT", + "dependencies": { + "is-docker": "^2.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/is-yarn-global": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/is-yarn-global/-/is-yarn-global-0.4.1.tgz", + "integrity": "sha512-/kppl+R+LO5VmhYSEWARUFjodS25D68gvj8W7z0I7OWhUla5xWu8KL6CtB2V0R6yqhnRgbcaREMr4EEM6htLPQ==", + "license": "MIT", + "engines": { + "node": ">=12" + } + }, + "node_modules/isarray": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz", + "integrity": "sha512-D2S+3GLxWH+uhrNEcoh/fnmYeP8E8/zHl644d/jdA0g2uyXvy3sb0qxotE+ne0LtccHknQzWwZEzhak7oJ0COQ==", + "license": "MIT" + }, + "node_modules/isexe": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", + "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==", + "license": "ISC" + }, + "node_modules/isobject": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/isobject/-/isobject-3.0.1.tgz", + "integrity": "sha512-WhB9zCku7EGTj/HQQRz5aUQEUeoQZH2bWcltRErOpymJ4boYE6wL9Tbr23krRPSZ+C5zqNSrSw+Cc7sZZ4b7vg==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/jest-util": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/jest-util/-/jest-util-29.7.0.tgz", + "integrity": "sha512-z6EbKajIpqGKU56y5KBUgy1dt1ihhQJgWzUlZHArA/+X2ad7Cb5iF+AK1EWVL/Bo7Rz9uurpqw6SiBCefUbCGA==", + "license": "MIT", + "dependencies": { + "@jest/types": "^29.6.3", + "@types/node": "*", + "chalk": "^4.0.0", + "ci-info": "^3.2.0", + "graceful-fs": "^4.2.9", + "picomatch": "^2.2.3" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/jest-worker": { + "version": "29.7.0", + "resolved": "https://registry.npmjs.org/jest-worker/-/jest-worker-29.7.0.tgz", + "integrity": "sha512-eIz2msL/EzL9UFTFFx7jBTkeZfku0yUAyZZZmJ93H2TYEiroIx2PQjEXcwYtYl8zXCxb+PAmA2hLIt/6ZEkPHw==", + "license": "MIT", + "dependencies": { + "@types/node": "*", + "jest-util": "^29.7.0", + "merge-stream": "^2.0.0", + "supports-color": "^8.0.0" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/jest-worker/node_modules/supports-color": { + "version": "8.1.1", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", + "integrity": "sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==", + "license": "MIT", + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/supports-color?sponsor=1" + } + }, + "node_modules/jiti": { + "version": "1.21.6", + "resolved": "https://registry.npmjs.org/jiti/-/jiti-1.21.6.tgz", + "integrity": "sha512-2yTgeWTWzMWkHu6Jp9NKgePDaYHbntiwvYuuJLbbN9vl7DC9DvXKOB2BC3ZZ92D3cvV/aflH0osDfwpHepQ53w==", + "license": "MIT", + "bin": { + "jiti": "bin/jiti.js" + } + }, + "node_modules/joi": { + "version": "17.13.3", + "resolved": "https://registry.npmjs.org/joi/-/joi-17.13.3.tgz", + "integrity": "sha512-otDA4ldcIx+ZXsKHWmp0YizCweVRZG96J10b0FevjfuncLO1oX59THoAmHkNubYJ+9gWsYsp5k8v4ib6oDv1fA==", + "license": "BSD-3-Clause", + "dependencies": { + "@hapi/hoek": "^9.3.0", + "@hapi/topo": "^5.1.0", + "@sideway/address": "^4.1.5", + "@sideway/formula": "^3.0.1", + "@sideway/pinpoint": "^2.0.0" + } + }, + "node_modules/js-tokens": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", + "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==", + "license": "MIT" + }, + "node_modules/js-yaml": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", + "license": "MIT", + "dependencies": { + "argparse": "^2.0.1" + }, + "bin": { + "js-yaml": "bin/js-yaml.js" + } + }, + "node_modules/jsesc": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-3.0.2.tgz", + "integrity": "sha512-xKqzzWXDttJuOcawBt4KnKHHIf5oQ/Cxax+0PWFG+DFDgHNAdi+TXECADI+RYiFUMmx8792xsMbbgXj4CwnP4g==", + "license": "MIT", + "bin": { + "jsesc": "bin/jsesc" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/json-buffer": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.1.tgz", + "integrity": "sha512-4bV5BfR2mqfQTJm+V5tPPdf+ZpuhiIvTuAB5g8kcrXOZpTT/QwwVRWBywX1ozr6lEuPdbHxwaJlm9G6mI2sfSQ==", + "license": "MIT" + }, + "node_modules/json-parse-even-better-errors": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz", + "integrity": "sha512-xyFwyhro/JEof6Ghe2iz2NcXoj2sloNsWr/XsERDK/oiPCfaNhl5ONfp+jQdAZRQQ0IJWNzH9zIZF7li91kh2w==", + "license": "MIT" + }, + "node_modules/json-schema-traverse": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-1.0.0.tgz", + "integrity": "sha512-NM8/P9n3XjXhIZn1lLhkFaACTOURQXjWhV4BA/RnOv8xvgqtqpAX9IO4mRQxSx1Rlo4tqzeqb0sOlruaOy3dug==", + "license": "MIT" + }, + "node_modules/json5": { + "version": "2.2.3", + "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz", + "integrity": "sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==", + "license": "MIT", + "bin": { + "json5": "lib/cli.js" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/jsonfile": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", + "integrity": "sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==", + "license": "MIT", + "dependencies": { + "universalify": "^2.0.0" + }, + "optionalDependencies": { + "graceful-fs": "^4.1.6" + } + }, + "node_modules/katex": { + "version": "0.16.11", + "resolved": "https://registry.npmjs.org/katex/-/katex-0.16.11.tgz", + "integrity": "sha512-RQrI8rlHY92OLf3rho/Ts8i/XvjgguEjOkO1BEXcU3N8BqPpSzBNwV/G0Ukr+P/l3ivvJUE/Fa/CwbS6HesGNQ==", + "funding": [ + "https://opencollective.com/katex", + "https://github.com/sponsors/katex" + ], + "license": "MIT", + "dependencies": { + "commander": "^8.3.0" + }, + "bin": { + "katex": "cli.js" + } + }, + "node_modules/katex/node_modules/commander": { + "version": "8.3.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-8.3.0.tgz", + "integrity": "sha512-OkTL9umf+He2DZkUq8f8J9of7yL6RJKI24dVITBmNfZBmri9zYZQrKkuXiKhyfPSu8tUhnVBB1iKXevvnlR4Ww==", + "license": "MIT", + "engines": { + "node": ">= 12" + } + }, + "node_modules/keyv": { + "version": "4.5.4", + "resolved": "https://registry.npmjs.org/keyv/-/keyv-4.5.4.tgz", + "integrity": "sha512-oxVHkHR/EJf2CNXnWxRLW6mg7JyCCUcG0DtEGmL2ctUo1PNTin1PUil+r/+4r5MpVgC/fn1kjsx7mjSujKqIpw==", + "license": "MIT", + "dependencies": { + "json-buffer": "3.0.1" + } + }, + "node_modules/khroma": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/khroma/-/khroma-2.1.0.tgz", + "integrity": "sha512-Ls993zuzfayK269Svk9hzpeGUKob/sIgZzyHYdjQoAdQetRKpOLj+k/QQQ/6Qi0Yz65mlROrfd+Ev+1+7dz9Kw==" + }, + "node_modules/kind-of": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.3.tgz", + "integrity": "sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/kleur": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/kleur/-/kleur-3.0.3.tgz", + "integrity": "sha512-eTIzlVOSUR+JxdDFepEYcBMtZ9Qqdef+rnzWdRZuMbOywu5tO2w2N7rqjoANZ5k9vywhL6Br1VRjUIgTQx4E8w==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/kolorist": { + "version": "1.8.0", + "resolved": "https://registry.npmjs.org/kolorist/-/kolorist-1.8.0.tgz", + "integrity": "sha512-Y+60/zizpJ3HRH8DCss+q95yr6145JXZo46OTpFvDZWLfRCE4qChOyk1b26nMaNpfHHgxagk9dXT5OP0Tfe+dQ==", + "license": "MIT" + }, + "node_modules/langium": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/langium/-/langium-3.0.0.tgz", + "integrity": "sha512-+Ez9EoiByeoTu/2BXmEaZ06iPNXM6thWJp02KfBO/raSMyCJ4jw7AkWWa+zBCTm0+Tw1Fj9FOxdqSskyN5nAwg==", + "license": "MIT", + "dependencies": { + "chevrotain": "~11.0.3", + "chevrotain-allstar": "~0.3.0", + "vscode-languageserver": "~9.0.1", + "vscode-languageserver-textdocument": "~1.0.11", + "vscode-uri": "~3.0.8" + }, + "engines": { + "node": ">=16.0.0" + } + }, + "node_modules/latest-version": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/latest-version/-/latest-version-7.0.0.tgz", + "integrity": "sha512-KvNT4XqAMzdcL6ka6Tl3i2lYeFDgXNCuIX+xNx6ZMVR1dFq+idXd9FLKNMOIx0t9mJ9/HudyX4oZWXZQ0UJHeg==", + "license": "MIT", + "dependencies": { + "package-json": "^8.1.0" + }, + "engines": { + "node": ">=14.16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/launch-editor": { + "version": "2.9.1", + "resolved": "https://registry.npmjs.org/launch-editor/-/launch-editor-2.9.1.tgz", + "integrity": "sha512-Gcnl4Bd+hRO9P9icCP/RVVT2o8SFlPXofuCxvA2SaZuH45whSvf5p8x5oih5ftLiVhEI4sp5xDY+R+b3zJBh5w==", + "license": "MIT", + "dependencies": { + "picocolors": "^1.0.0", + "shell-quote": "^1.8.1" + } + }, + "node_modules/layout-base": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/layout-base/-/layout-base-1.0.2.tgz", + "integrity": "sha512-8h2oVEZNktL4BH2JCOI90iD1yXwL6iNW7KcCKT2QZgQJR2vbqDsldCTPRU9NifTCqHZci57XvQQ15YTu+sTYPg==", + "license": "MIT" + }, + "node_modules/leven": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/leven/-/leven-3.1.0.tgz", + "integrity": "sha512-qsda+H8jTaUaN/x5vzW2rzc+8Rw4TAQ/4KjB46IwK5VH+IlVeeeje/EoZRpiXvIqjFgK84QffqPztGI3VBLG1A==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/lilconfig": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/lilconfig/-/lilconfig-3.1.2.tgz", + "integrity": "sha512-eop+wDAvpItUys0FWkHIKeC9ybYrTGbU41U5K7+bttZZeohvnY7M9dZ5kB21GNWiFT2q1OoPTvncPCgSOVO5ow==", + "license": "MIT", + "engines": { + "node": ">=14" + }, + "funding": { + "url": "https://github.com/sponsors/antonk52" + } + }, + "node_modules/lines-and-columns": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz", + "integrity": "sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg==", + "license": "MIT" + }, + "node_modules/loader-runner": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/loader-runner/-/loader-runner-4.3.0.tgz", + "integrity": "sha512-3R/1M+yS3j5ou80Me59j7F9IMs4PXs3VqRrm0TU3AbKPxlmpoY1TNscJV/oGJXo8qCatFGTfDbY6W6ipGOYXfg==", + "license": "MIT", + "engines": { + "node": ">=6.11.5" + } + }, + "node_modules/loader-utils": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/loader-utils/-/loader-utils-2.0.4.tgz", + "integrity": "sha512-xXqpXoINfFhgua9xiqD8fPFHgkoq1mmmpE92WlDbm9rNRd/EbRb+Gqf908T2DMfuHjjJlksiK2RbHVOdD/MqSw==", + "license": "MIT", + "dependencies": { + "big.js": "^5.2.2", + "emojis-list": "^3.0.0", + "json5": "^2.1.2" + }, + "engines": { + "node": ">=8.9.0" + } + }, + "node_modules/local-pkg": { + "version": "0.5.1", + "resolved": "https://registry.npmjs.org/local-pkg/-/local-pkg-0.5.1.tgz", + "integrity": "sha512-9rrA30MRRP3gBD3HTGnC6cDFpaE1kVDWxWgqWJUN0RvDNAo+Nz/9GxB+nHOH0ifbVFy0hSA1V6vFDvnx54lTEQ==", + "license": "MIT", + "dependencies": { + "mlly": "^1.7.3", + "pkg-types": "^1.2.1" + }, + "engines": { + "node": ">=14" + }, + "funding": { + "url": "https://github.com/sponsors/antfu" + } + }, + "node_modules/locate-path": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-7.2.0.tgz", + "integrity": "sha512-gvVijfZvn7R+2qyPX8mAuKcFGDf6Nc61GdvGafQsHL0sBIxfKzA+usWn4GFC/bk+QdwPUD4kWFJLhElipq+0VA==", + "license": "MIT", + "dependencies": { + "p-locate": "^6.0.0" + }, + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/lodash": { + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", + "license": "MIT" + }, + "node_modules/lodash-es": { + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash-es/-/lodash-es-4.17.21.tgz", + "integrity": "sha512-mKnC+QJ9pWVzv+C4/U3rRsHapFfHvQFoFB92e52xeyGMcX6/OlIl78je1u8vePzYZSkkogMPJ2yjxxsb89cxyw==", + "license": "MIT" + }, + "node_modules/lodash.debounce": { + "version": "4.0.8", + "resolved": "https://registry.npmjs.org/lodash.debounce/-/lodash.debounce-4.0.8.tgz", + "integrity": "sha512-FT1yDzDYEoYWhnSGnpE/4Kj1fLZkDFyqRb7fNt6FdYOSxlUWAtp42Eh6Wb0rGIv/m9Bgo7x4GhQbm5Ys4SG5ow==", + "license": "MIT" + }, + "node_modules/lodash.memoize": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/lodash.memoize/-/lodash.memoize-4.1.2.tgz", + "integrity": "sha512-t7j+NzmgnQzTAYXcsHYLgimltOV1MXHtlOWf6GjL9Kj8GK5FInw5JotxvbOs+IvV1/Dzo04/fCGfLVs7aXb4Ag==", + "license": "MIT" + }, + "node_modules/lodash.uniq": { + "version": "4.5.0", + "resolved": "https://registry.npmjs.org/lodash.uniq/-/lodash.uniq-4.5.0.tgz", + "integrity": "sha512-xfBaXQd9ryd9dlSDvnvI0lvxfLJlYAZzXomUYzLKtUeOQvOP5piqAWuGtrhWeqaXK9hhoM/iyJc5AV+XfsX3HQ==", + "license": "MIT" + }, + "node_modules/longest-streak": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/longest-streak/-/longest-streak-3.1.0.tgz", + "integrity": "sha512-9Ri+o0JYgehTaVBBDoMqIl8GXtbWg711O3srftcHhZ0dqnETqLaoIK0x17fUw9rFSlK/0NlsKe0Ahhyl5pXE2g==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/loose-envify": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz", + "integrity": "sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==", + "license": "MIT", + "dependencies": { + "js-tokens": "^3.0.0 || ^4.0.0" + }, + "bin": { + "loose-envify": "cli.js" + } + }, + "node_modules/lower-case": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/lower-case/-/lower-case-2.0.2.tgz", + "integrity": "sha512-7fm3l3NAF9WfN6W3JOmf5drwpVqX78JtoGJ3A6W0a6ZnldM41w2fV5D490psKFTpMds8TJse/eHLFFsNHHjHgg==", + "license": "MIT", + "dependencies": { + "tslib": "^2.0.3" + } + }, + "node_modules/lowercase-keys": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/lowercase-keys/-/lowercase-keys-3.0.0.tgz", + "integrity": "sha512-ozCC6gdQ+glXOQsveKD0YsDy8DSQFjDTz4zyzEHNV5+JP5D62LmfDZ6o1cycFx9ouG940M5dE8C8CTewdj2YWQ==", + "license": "MIT", + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/lru-cache": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz", + "integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==", + "license": "ISC", + "dependencies": { + "yallist": "^3.0.2" + } + }, + "node_modules/lunr-languages": { + "version": "1.14.0", + "resolved": "https://registry.npmjs.org/lunr-languages/-/lunr-languages-1.14.0.tgz", + "integrity": "sha512-hWUAb2KqM3L7J5bcrngszzISY4BxrXn/Xhbb9TTCJYEGqlR1nG67/M14sp09+PTIRklobrn57IAxcdcO/ZFyNA==", + "license": "MPL-1.1" + }, + "node_modules/mark.js": { + "version": "8.11.1", + "resolved": "https://registry.npmjs.org/mark.js/-/mark.js-8.11.1.tgz", + "integrity": "sha512-1I+1qpDt4idfgLQG+BNWmrqku+7/2bi5nLf4YwF8y8zXvmfiTBY3PV3ZibfrjBueCByROpuBjLLFCajqkgYoLQ==", + "license": "MIT" + }, + "node_modules/markdown-extensions": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/markdown-extensions/-/markdown-extensions-2.0.0.tgz", + "integrity": "sha512-o5vL7aDWatOTX8LzaS1WMoaoxIiLRQJuIKKe2wAw6IeULDHaqbiqiggmx+pKvZDb1Sj+pE46Sn1T7lCqfFtg1Q==", + "license": "MIT", + "engines": { + "node": ">=16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/markdown-table": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/markdown-table/-/markdown-table-3.0.4.tgz", + "integrity": "sha512-wiYz4+JrLyb/DqW2hkFJxP7Vd7JuTDm77fvbM8VfEQdmSMqcImWeeRbHwZjBjIFki/VaMK2BhFi7oUUZeM5bqw==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/marked": { + "version": "13.0.3", + "resolved": "https://registry.npmjs.org/marked/-/marked-13.0.3.tgz", + "integrity": "sha512-rqRix3/TWzE9rIoFGIn8JmsVfhiuC8VIQ8IdX5TfzmeBucdY05/0UlzKaw0eVtpcN/OdVFpBk7CjKGo9iHJ/zA==", + "license": "MIT", + "bin": { + "marked": "bin/marked.js" + }, + "engines": { + "node": ">= 18" + } + }, + "node_modules/mdast-util-directive": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/mdast-util-directive/-/mdast-util-directive-3.0.0.tgz", + "integrity": "sha512-JUpYOqKI4mM3sZcNxmF/ox04XYFFkNwr0CFlrQIkCwbvH0xzMCqkMqAde9wRd80VAhaUrwFwKm2nxretdT1h7Q==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "@types/unist": "^3.0.0", + "devlop": "^1.0.0", + "mdast-util-from-markdown": "^2.0.0", + "mdast-util-to-markdown": "^2.0.0", + "parse-entities": "^4.0.0", + "stringify-entities": "^4.0.0", + "unist-util-visit-parents": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-find-and-replace": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/mdast-util-find-and-replace/-/mdast-util-find-and-replace-3.0.1.tgz", + "integrity": "sha512-SG21kZHGC3XRTSUhtofZkBzZTJNM5ecCi0SK2IMKmSXR8vO3peL+kb1O0z7Zl83jKtutG4k5Wv/W7V3/YHvzPA==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "escape-string-regexp": "^5.0.0", + "unist-util-is": "^6.0.0", + "unist-util-visit-parents": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-find-and-replace/node_modules/escape-string-regexp": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-5.0.0.tgz", + "integrity": "sha512-/veY75JbMK4j1yjvuUxuVsiS/hr/4iHs9FTT6cgTexxdE0Ly/glccBAkloH/DofkjRbZU3bnoj38mOmhkZ0lHw==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/mdast-util-from-markdown": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/mdast-util-from-markdown/-/mdast-util-from-markdown-2.0.2.tgz", + "integrity": "sha512-uZhTV/8NBuw0WHkPTrCqDOl0zVe1BIng5ZtHoDk49ME1qqcjYmmLmOf0gELgcRMxN4w2iuIeVso5/6QymSrgmA==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "@types/unist": "^3.0.0", + "decode-named-character-reference": "^1.0.0", + "devlop": "^1.0.0", + "mdast-util-to-string": "^4.0.0", + "micromark": "^4.0.0", + "micromark-util-decode-numeric-character-reference": "^2.0.0", + "micromark-util-decode-string": "^2.0.0", + "micromark-util-normalize-identifier": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0", + "unist-util-stringify-position": "^4.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-from-markdown/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/mdast-util-frontmatter": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/mdast-util-frontmatter/-/mdast-util-frontmatter-2.0.1.tgz", + "integrity": "sha512-LRqI9+wdgC25P0URIJY9vwocIzCcksduHQ9OF2joxQoyTNVduwLAFUzjoopuRJbJAReaKrNQKAZKL3uCMugWJA==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "devlop": "^1.0.0", + "escape-string-regexp": "^5.0.0", + "mdast-util-from-markdown": "^2.0.0", + "mdast-util-to-markdown": "^2.0.0", + "micromark-extension-frontmatter": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-frontmatter/node_modules/escape-string-regexp": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-5.0.0.tgz", + "integrity": "sha512-/veY75JbMK4j1yjvuUxuVsiS/hr/4iHs9FTT6cgTexxdE0Ly/glccBAkloH/DofkjRbZU3bnoj38mOmhkZ0lHw==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/mdast-util-gfm": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/mdast-util-gfm/-/mdast-util-gfm-3.0.0.tgz", + "integrity": "sha512-dgQEX5Amaq+DuUqf26jJqSK9qgixgd6rYDHAv4aTBuA92cTknZlKpPfa86Z/s8Dj8xsAQpFfBmPUHWJBWqS4Bw==", + "license": "MIT", + "dependencies": { + "mdast-util-from-markdown": "^2.0.0", + "mdast-util-gfm-autolink-literal": "^2.0.0", + "mdast-util-gfm-footnote": "^2.0.0", + "mdast-util-gfm-strikethrough": "^2.0.0", + "mdast-util-gfm-table": "^2.0.0", + "mdast-util-gfm-task-list-item": "^2.0.0", + "mdast-util-to-markdown": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-gfm-autolink-literal": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/mdast-util-gfm-autolink-literal/-/mdast-util-gfm-autolink-literal-2.0.1.tgz", + "integrity": "sha512-5HVP2MKaP6L+G6YaxPNjuL0BPrq9orG3TsrZ9YXbA3vDw/ACI4MEsnoDpn6ZNm7GnZgtAcONJyPhOP8tNJQavQ==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "ccount": "^2.0.0", + "devlop": "^1.0.0", + "mdast-util-find-and-replace": "^3.0.0", + "micromark-util-character": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-gfm-autolink-literal/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/mdast-util-gfm-autolink-literal/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/mdast-util-gfm-footnote": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/mdast-util-gfm-footnote/-/mdast-util-gfm-footnote-2.0.0.tgz", + "integrity": "sha512-5jOT2boTSVkMnQ7LTrd6n/18kqwjmuYqo7JUPe+tRCY6O7dAuTFMtTPauYYrMPpox9hlN0uOx/FL8XvEfG9/mQ==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "devlop": "^1.1.0", + "mdast-util-from-markdown": "^2.0.0", + "mdast-util-to-markdown": "^2.0.0", + "micromark-util-normalize-identifier": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-gfm-strikethrough": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/mdast-util-gfm-strikethrough/-/mdast-util-gfm-strikethrough-2.0.0.tgz", + "integrity": "sha512-mKKb915TF+OC5ptj5bJ7WFRPdYtuHv0yTRxK2tJvi+BDqbkiG7h7u/9SI89nRAYcmap2xHQL9D+QG/6wSrTtXg==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "mdast-util-from-markdown": "^2.0.0", + "mdast-util-to-markdown": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-gfm-table": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/mdast-util-gfm-table/-/mdast-util-gfm-table-2.0.0.tgz", + "integrity": "sha512-78UEvebzz/rJIxLvE7ZtDd/vIQ0RHv+3Mh5DR96p7cS7HsBhYIICDBCu8csTNWNO6tBWfqXPWekRuj2FNOGOZg==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "devlop": "^1.0.0", + "markdown-table": "^3.0.0", + "mdast-util-from-markdown": "^2.0.0", + "mdast-util-to-markdown": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-gfm-task-list-item": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/mdast-util-gfm-task-list-item/-/mdast-util-gfm-task-list-item-2.0.0.tgz", + "integrity": "sha512-IrtvNvjxC1o06taBAVJznEnkiHxLFTzgonUdy8hzFVeDun0uTjxxrRGVaNFqkU1wJR3RBPEfsxmU6jDWPofrTQ==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "devlop": "^1.0.0", + "mdast-util-from-markdown": "^2.0.0", + "mdast-util-to-markdown": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-mdx": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/mdast-util-mdx/-/mdast-util-mdx-3.0.0.tgz", + "integrity": "sha512-JfbYLAW7XnYTTbUsmpu0kdBUVe+yKVJZBItEjwyYJiDJuZ9w4eeaqks4HQO+R7objWgS2ymV60GYpI14Ug554w==", + "license": "MIT", + "dependencies": { + "mdast-util-from-markdown": "^2.0.0", + "mdast-util-mdx-expression": "^2.0.0", + "mdast-util-mdx-jsx": "^3.0.0", + "mdast-util-mdxjs-esm": "^2.0.0", + "mdast-util-to-markdown": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-mdx-expression": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/mdast-util-mdx-expression/-/mdast-util-mdx-expression-2.0.1.tgz", + "integrity": "sha512-J6f+9hUp+ldTZqKRSg7Vw5V6MqjATc+3E4gf3CFNcuZNWD8XdyI6zQ8GqH7f8169MM6P7hMBRDVGnn7oHB9kXQ==", + "license": "MIT", + "dependencies": { + "@types/estree-jsx": "^1.0.0", + "@types/hast": "^3.0.0", + "@types/mdast": "^4.0.0", + "devlop": "^1.0.0", + "mdast-util-from-markdown": "^2.0.0", + "mdast-util-to-markdown": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-mdx-jsx": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/mdast-util-mdx-jsx/-/mdast-util-mdx-jsx-3.1.3.tgz", + "integrity": "sha512-bfOjvNt+1AcbPLTFMFWY149nJz0OjmewJs3LQQ5pIyVGxP4CdOqNVJL6kTaM5c68p8q82Xv3nCyFfUnuEcH3UQ==", + "license": "MIT", + "dependencies": { + "@types/estree-jsx": "^1.0.0", + "@types/hast": "^3.0.0", + "@types/mdast": "^4.0.0", + "@types/unist": "^3.0.0", + "ccount": "^2.0.0", + "devlop": "^1.1.0", + "mdast-util-from-markdown": "^2.0.0", + "mdast-util-to-markdown": "^2.0.0", + "parse-entities": "^4.0.0", + "stringify-entities": "^4.0.0", + "unist-util-stringify-position": "^4.0.0", + "vfile-message": "^4.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-mdxjs-esm": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/mdast-util-mdxjs-esm/-/mdast-util-mdxjs-esm-2.0.1.tgz", + "integrity": "sha512-EcmOpxsZ96CvlP03NghtH1EsLtr0n9Tm4lPUJUBccV9RwUOneqSycg19n5HGzCf+10LozMRSObtVr3ee1WoHtg==", + "license": "MIT", + "dependencies": { + "@types/estree-jsx": "^1.0.0", + "@types/hast": "^3.0.0", + "@types/mdast": "^4.0.0", + "devlop": "^1.0.0", + "mdast-util-from-markdown": "^2.0.0", + "mdast-util-to-markdown": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-phrasing": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/mdast-util-phrasing/-/mdast-util-phrasing-4.1.0.tgz", + "integrity": "sha512-TqICwyvJJpBwvGAMZjj4J2n0X8QWp21b9l0o7eXyVJ25YNWYbJDVIyD1bZXE6WtV6RmKJVYmQAKWa0zWOABz2w==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "unist-util-is": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-to-hast": { + "version": "13.2.0", + "resolved": "https://registry.npmjs.org/mdast-util-to-hast/-/mdast-util-to-hast-13.2.0.tgz", + "integrity": "sha512-QGYKEuUsYT9ykKBCMOEDLsU5JRObWQusAolFMeko/tYPufNkRffBAQjIE+99jbA87xv6FgmjLtwjh9wBWajwAA==", + "license": "MIT", + "dependencies": { + "@types/hast": "^3.0.0", + "@types/mdast": "^4.0.0", + "@ungap/structured-clone": "^1.0.0", + "devlop": "^1.0.0", + "micromark-util-sanitize-uri": "^2.0.0", + "trim-lines": "^3.0.0", + "unist-util-position": "^5.0.0", + "unist-util-visit": "^5.0.0", + "vfile": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-to-markdown": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/mdast-util-to-markdown/-/mdast-util-to-markdown-2.1.2.tgz", + "integrity": "sha512-xj68wMTvGXVOKonmog6LwyJKrYXZPvlwabaryTjLh9LuvovB/KAH+kvi8Gjj+7rJjsFi23nkUxRQv1KqSroMqA==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "@types/unist": "^3.0.0", + "longest-streak": "^3.0.0", + "mdast-util-phrasing": "^4.0.0", + "mdast-util-to-string": "^4.0.0", + "micromark-util-classify-character": "^2.0.0", + "micromark-util-decode-string": "^2.0.0", + "unist-util-visit": "^5.0.0", + "zwitch": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdast-util-to-string": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/mdast-util-to-string/-/mdast-util-to-string-4.0.0.tgz", + "integrity": "sha512-0H44vDimn51F0YwvxSJSm0eCDOJTRlmN0R1yBh4HLj9wiV1Dn0QoXGbvFAWj2hSItVTlCmBF1hqKlIyUBVFLPg==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/mdn-data": { + "version": "2.0.30", + "resolved": "https://registry.npmjs.org/mdn-data/-/mdn-data-2.0.30.tgz", + "integrity": "sha512-GaqWWShW4kv/G9IEucWScBx9G1/vsFZZJUO+tD26M8J8z3Kw5RDQjaoZe03YAClgeS/SWPOcb4nkFBTEi5DUEA==", + "license": "CC0-1.0" + }, + "node_modules/media-typer": { + "version": "0.3.0", + "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", + "integrity": "sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/memfs": { + "version": "3.5.3", + "resolved": "https://registry.npmjs.org/memfs/-/memfs-3.5.3.tgz", + "integrity": "sha512-UERzLsxzllchadvbPs5aolHh65ISpKpM+ccLbOJ8/vvpBKmAWf+la7dXFy7Mr0ySHbdHrFv5kGFCUHHe6GFEmw==", + "license": "Unlicense", + "dependencies": { + "fs-monkey": "^1.0.4" + }, + "engines": { + "node": ">= 4.0.0" + } + }, + "node_modules/merge-descriptors": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.3.tgz", + "integrity": "sha512-gaNvAS7TZ897/rVaZ0nMtAyxNyi/pdbjbAwUpFQpN70GqnVfOiXpeUUMKRBmzXaSQ8DdTX4/0ms62r2K+hE6mQ==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/merge-stream": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz", + "integrity": "sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w==", + "license": "MIT" + }, + "node_modules/merge2": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz", + "integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==", + "license": "MIT", + "engines": { + "node": ">= 8" + } + }, + "node_modules/mermaid": { + "version": "11.4.0", + "resolved": "https://registry.npmjs.org/mermaid/-/mermaid-11.4.0.tgz", + "integrity": "sha512-mxCfEYvADJqOiHfGpJXLs4/fAjHz448rH0pfY5fAoxiz70rQiDSzUUy4dNET2T08i46IVpjohPd6WWbzmRHiPA==", + "license": "MIT", + "dependencies": { + "@braintree/sanitize-url": "^7.0.1", + "@iconify/utils": "^2.1.32", + "@mermaid-js/parser": "^0.3.0", + "@types/d3": "^7.4.3", + "@types/dompurify": "^3.0.5", + "cytoscape": "^3.29.2", + "cytoscape-cose-bilkent": "^4.1.0", + "cytoscape-fcose": "^2.2.0", + "d3": "^7.9.0", + "d3-sankey": "^0.12.3", + "dagre-d3-es": "7.0.11", + "dayjs": "^1.11.10", + "dompurify": "^3.0.11 <3.1.7", + "katex": "^0.16.9", + "khroma": "^2.1.0", + "lodash-es": "^4.17.21", + "marked": "^13.0.2", + "roughjs": "^4.6.6", + "stylis": "^4.3.1", + "ts-dedent": "^2.2.0", + "uuid": "^9.0.1" + } + }, + "node_modules/methods": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", + "integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/micromark": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/micromark/-/micromark-4.0.1.tgz", + "integrity": "sha512-eBPdkcoCNvYcxQOAKAlceo5SNdzZWfF+FcSupREAzdAh9rRmE239CEQAiTwIgblwnoM8zzj35sZ5ZwvSEOF6Kw==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "@types/debug": "^4.0.0", + "debug": "^4.0.0", + "decode-named-character-reference": "^1.0.0", + "devlop": "^1.0.0", + "micromark-core-commonmark": "^2.0.0", + "micromark-factory-space": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-chunked": "^2.0.0", + "micromark-util-combine-extensions": "^2.0.0", + "micromark-util-decode-numeric-character-reference": "^2.0.0", + "micromark-util-encode": "^2.0.0", + "micromark-util-normalize-identifier": "^2.0.0", + "micromark-util-resolve-all": "^2.0.0", + "micromark-util-sanitize-uri": "^2.0.0", + "micromark-util-subtokenize": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-core-commonmark": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/micromark-core-commonmark/-/micromark-core-commonmark-2.0.2.tgz", + "integrity": "sha512-FKjQKbxd1cibWMM1P9N+H8TwlgGgSkWZMmfuVucLCHaYqeSvJ0hFeHsIa65pA2nYbes0f8LDHPMrd9X7Ujxg9w==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "decode-named-character-reference": "^1.0.0", + "devlop": "^1.0.0", + "micromark-factory-destination": "^2.0.0", + "micromark-factory-label": "^2.0.0", + "micromark-factory-space": "^2.0.0", + "micromark-factory-title": "^2.0.0", + "micromark-factory-whitespace": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-chunked": "^2.0.0", + "micromark-util-classify-character": "^2.0.0", + "micromark-util-html-tag-name": "^2.0.0", + "micromark-util-normalize-identifier": "^2.0.0", + "micromark-util-resolve-all": "^2.0.0", + "micromark-util-subtokenize": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-core-commonmark/node_modules/micromark-factory-space": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-space/-/micromark-factory-space-2.0.1.tgz", + "integrity": "sha512-zRkxjtBxxLd2Sc0d+fbnEunsTj46SWXgXciZmHq0kDYGnck/ZSGj9/wULTV95uoeYiK5hRXP2mJ98Uo4cq/LQg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-core-commonmark/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-core-commonmark/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-extension-directive": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/micromark-extension-directive/-/micromark-extension-directive-3.0.2.tgz", + "integrity": "sha512-wjcXHgk+PPdmvR58Le9d7zQYWy+vKEU9Se44p2CrCDPiLr2FMyiT4Fyb5UFKFC66wGB3kPlgD7q3TnoqPS7SZA==", + "license": "MIT", + "dependencies": { + "devlop": "^1.0.0", + "micromark-factory-space": "^2.0.0", + "micromark-factory-whitespace": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0", + "parse-entities": "^4.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-directive/node_modules/micromark-factory-space": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-space/-/micromark-factory-space-2.0.1.tgz", + "integrity": "sha512-zRkxjtBxxLd2Sc0d+fbnEunsTj46SWXgXciZmHq0kDYGnck/ZSGj9/wULTV95uoeYiK5hRXP2mJ98Uo4cq/LQg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-extension-directive/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-extension-directive/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-extension-frontmatter": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/micromark-extension-frontmatter/-/micromark-extension-frontmatter-2.0.0.tgz", + "integrity": "sha512-C4AkuM3dA58cgZha7zVnuVxBhDsbttIMiytjgsM2XbHAB2faRVaHRle40558FBN+DJcrLNCoqG5mlrpdU4cRtg==", + "license": "MIT", + "dependencies": { + "fault": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-frontmatter/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-extension-frontmatter/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-extension-gfm": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/micromark-extension-gfm/-/micromark-extension-gfm-3.0.0.tgz", + "integrity": "sha512-vsKArQsicm7t0z2GugkCKtZehqUm31oeGBV/KVSorWSy8ZlNAv7ytjFhvaryUiCUJYqs+NoE6AFhpQvBTM6Q4w==", + "license": "MIT", + "dependencies": { + "micromark-extension-gfm-autolink-literal": "^2.0.0", + "micromark-extension-gfm-footnote": "^2.0.0", + "micromark-extension-gfm-strikethrough": "^2.0.0", + "micromark-extension-gfm-table": "^2.0.0", + "micromark-extension-gfm-tagfilter": "^2.0.0", + "micromark-extension-gfm-task-list-item": "^2.0.0", + "micromark-util-combine-extensions": "^2.0.0", + "micromark-util-types": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-gfm-autolink-literal": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/micromark-extension-gfm-autolink-literal/-/micromark-extension-gfm-autolink-literal-2.1.0.tgz", + "integrity": "sha512-oOg7knzhicgQ3t4QCjCWgTmfNhvQbDDnJeVu9v81r7NltNCVmhPy1fJRX27pISafdjL+SVc4d3l48Gb6pbRypw==", + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-sanitize-uri": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-gfm-autolink-literal/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-extension-gfm-autolink-literal/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-extension-gfm-footnote": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/micromark-extension-gfm-footnote/-/micromark-extension-gfm-footnote-2.1.0.tgz", + "integrity": "sha512-/yPhxI1ntnDNsiHtzLKYnE3vf9JZ6cAisqVDauhp4CEHxlb4uoOTxOCJ+9s51bIB8U1N1FJ1RXOKTIlD5B/gqw==", + "license": "MIT", + "dependencies": { + "devlop": "^1.0.0", + "micromark-core-commonmark": "^2.0.0", + "micromark-factory-space": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-normalize-identifier": "^2.0.0", + "micromark-util-sanitize-uri": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-gfm-footnote/node_modules/micromark-factory-space": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-space/-/micromark-factory-space-2.0.1.tgz", + "integrity": "sha512-zRkxjtBxxLd2Sc0d+fbnEunsTj46SWXgXciZmHq0kDYGnck/ZSGj9/wULTV95uoeYiK5hRXP2mJ98Uo4cq/LQg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-extension-gfm-footnote/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-extension-gfm-footnote/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-extension-gfm-strikethrough": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/micromark-extension-gfm-strikethrough/-/micromark-extension-gfm-strikethrough-2.1.0.tgz", + "integrity": "sha512-ADVjpOOkjz1hhkZLlBiYA9cR2Anf8F4HqZUO6e5eDcPQd0Txw5fxLzzxnEkSkfnD0wziSGiv7sYhk/ktvbf1uw==", + "license": "MIT", + "dependencies": { + "devlop": "^1.0.0", + "micromark-util-chunked": "^2.0.0", + "micromark-util-classify-character": "^2.0.0", + "micromark-util-resolve-all": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-gfm-strikethrough/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-extension-gfm-table": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/micromark-extension-gfm-table/-/micromark-extension-gfm-table-2.1.0.tgz", + "integrity": "sha512-Ub2ncQv+fwD70/l4ou27b4YzfNaCJOvyX4HxXU15m7mpYY+rjuWzsLIPZHJL253Z643RpbcP1oeIJlQ/SKW67g==", + "license": "MIT", + "dependencies": { + "devlop": "^1.0.0", + "micromark-factory-space": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-gfm-table/node_modules/micromark-factory-space": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-space/-/micromark-factory-space-2.0.1.tgz", + "integrity": "sha512-zRkxjtBxxLd2Sc0d+fbnEunsTj46SWXgXciZmHq0kDYGnck/ZSGj9/wULTV95uoeYiK5hRXP2mJ98Uo4cq/LQg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-extension-gfm-table/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-extension-gfm-table/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-extension-gfm-tagfilter": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/micromark-extension-gfm-tagfilter/-/micromark-extension-gfm-tagfilter-2.0.0.tgz", + "integrity": "sha512-xHlTOmuCSotIA8TW1mDIM6X2O1SiX5P9IuDtqGonFhEK0qgRI4yeC6vMxEV2dgyr2TiD+2PQ10o+cOhdVAcwfg==", + "license": "MIT", + "dependencies": { + "micromark-util-types": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-gfm-task-list-item": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/micromark-extension-gfm-task-list-item/-/micromark-extension-gfm-task-list-item-2.1.0.tgz", + "integrity": "sha512-qIBZhqxqI6fjLDYFTBIa4eivDMnP+OZqsNwmQ3xNLE4Cxwc+zfQEfbs6tzAo2Hjq+bh6q5F+Z8/cksrLFYWQQw==", + "license": "MIT", + "dependencies": { + "devlop": "^1.0.0", + "micromark-factory-space": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-gfm-task-list-item/node_modules/micromark-factory-space": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-space/-/micromark-factory-space-2.0.1.tgz", + "integrity": "sha512-zRkxjtBxxLd2Sc0d+fbnEunsTj46SWXgXciZmHq0kDYGnck/ZSGj9/wULTV95uoeYiK5hRXP2mJ98Uo4cq/LQg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-extension-gfm-task-list-item/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-extension-gfm-task-list-item/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-extension-mdx-expression": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/micromark-extension-mdx-expression/-/micromark-extension-mdx-expression-3.0.0.tgz", + "integrity": "sha512-sI0nwhUDz97xyzqJAbHQhp5TfaxEvZZZ2JDqUo+7NvyIYG6BZ5CPPqj2ogUoPJlmXHBnyZUzISg9+oUmU6tUjQ==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0", + "devlop": "^1.0.0", + "micromark-factory-mdx-expression": "^2.0.0", + "micromark-factory-space": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-events-to-acorn": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-extension-mdx-expression/node_modules/micromark-factory-space": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-space/-/micromark-factory-space-2.0.1.tgz", + "integrity": "sha512-zRkxjtBxxLd2Sc0d+fbnEunsTj46SWXgXciZmHq0kDYGnck/ZSGj9/wULTV95uoeYiK5hRXP2mJ98Uo4cq/LQg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-extension-mdx-expression/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-extension-mdx-expression/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-extension-mdx-jsx": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/micromark-extension-mdx-jsx/-/micromark-extension-mdx-jsx-3.0.1.tgz", + "integrity": "sha512-vNuFb9czP8QCtAQcEJn0UJQJZA8Dk6DXKBqx+bg/w0WGuSxDxNr7hErW89tHUY31dUW4NqEOWwmEUNhjTFmHkg==", + "license": "MIT", + "dependencies": { + "@types/acorn": "^4.0.0", + "@types/estree": "^1.0.0", + "devlop": "^1.0.0", + "estree-util-is-identifier-name": "^3.0.0", + "micromark-factory-mdx-expression": "^2.0.0", + "micromark-factory-space": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-events-to-acorn": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0", + "vfile-message": "^4.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-mdx-jsx/node_modules/micromark-factory-space": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-space/-/micromark-factory-space-2.0.1.tgz", + "integrity": "sha512-zRkxjtBxxLd2Sc0d+fbnEunsTj46SWXgXciZmHq0kDYGnck/ZSGj9/wULTV95uoeYiK5hRXP2mJ98Uo4cq/LQg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-extension-mdx-jsx/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-extension-mdx-jsx/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-extension-mdx-md": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/micromark-extension-mdx-md/-/micromark-extension-mdx-md-2.0.0.tgz", + "integrity": "sha512-EpAiszsB3blw4Rpba7xTOUptcFeBFi+6PY8VnJ2hhimH+vCQDirWgsMpz7w1XcZE7LVrSAUGb9VJpG9ghlYvYQ==", + "license": "MIT", + "dependencies": { + "micromark-util-types": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-mdxjs": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/micromark-extension-mdxjs/-/micromark-extension-mdxjs-3.0.0.tgz", + "integrity": "sha512-A873fJfhnJ2siZyUrJ31l34Uqwy4xIFmvPY1oj+Ean5PHcPBYzEsvqvWGaWcfEIr11O5Dlw3p2y0tZWpKHDejQ==", + "license": "MIT", + "dependencies": { + "acorn": "^8.0.0", + "acorn-jsx": "^5.0.0", + "micromark-extension-mdx-expression": "^3.0.0", + "micromark-extension-mdx-jsx": "^3.0.0", + "micromark-extension-mdx-md": "^2.0.0", + "micromark-extension-mdxjs-esm": "^3.0.0", + "micromark-util-combine-extensions": "^2.0.0", + "micromark-util-types": "^2.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-mdxjs-esm": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/micromark-extension-mdxjs-esm/-/micromark-extension-mdxjs-esm-3.0.0.tgz", + "integrity": "sha512-DJFl4ZqkErRpq/dAPyeWp15tGrcrrJho1hKK5uBS70BCtfrIFg81sqcTVu3Ta+KD1Tk5vAtBNElWxtAa+m8K9A==", + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0", + "devlop": "^1.0.0", + "micromark-core-commonmark": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-events-to-acorn": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0", + "unist-util-position-from-estree": "^2.0.0", + "vfile-message": "^4.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/micromark-extension-mdxjs-esm/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-extension-mdxjs-esm/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-factory-destination": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-destination/-/micromark-factory-destination-2.0.1.tgz", + "integrity": "sha512-Xe6rDdJlkmbFRExpTOmRj9N3MaWmbAgdpSrBQvCFqhezUn4AHqJHbaEnfbVYYiexVSs//tqOdY/DxhjdCiJnIA==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-factory-destination/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-factory-destination/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-factory-label": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-label/-/micromark-factory-label-2.0.1.tgz", + "integrity": "sha512-VFMekyQExqIW7xIChcXn4ok29YE3rnuyveW3wZQWWqF4Nv9Wk5rgJ99KzPvHjkmPXF93FXIbBp6YdW3t71/7Vg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "devlop": "^1.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-factory-label/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-factory-label/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-factory-mdx-expression": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/micromark-factory-mdx-expression/-/micromark-factory-mdx-expression-2.0.2.tgz", + "integrity": "sha512-5E5I2pFzJyg2CtemqAbcyCktpHXuJbABnsb32wX2U8IQKhhVFBqkcZR5LRm1WVoFqa4kTueZK4abep7wdo9nrw==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0", + "devlop": "^1.0.0", + "micromark-factory-space": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-events-to-acorn": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0", + "unist-util-position-from-estree": "^2.0.0", + "vfile-message": "^4.0.0" + } + }, + "node_modules/micromark-factory-mdx-expression/node_modules/micromark-factory-space": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-space/-/micromark-factory-space-2.0.1.tgz", + "integrity": "sha512-zRkxjtBxxLd2Sc0d+fbnEunsTj46SWXgXciZmHq0kDYGnck/ZSGj9/wULTV95uoeYiK5hRXP2mJ98Uo4cq/LQg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-factory-mdx-expression/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-factory-mdx-expression/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-factory-space": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/micromark-factory-space/-/micromark-factory-space-1.1.0.tgz", + "integrity": "sha512-cRzEj7c0OL4Mw2v6nwzttyOZe8XY/Z8G0rzmWQZTBi/jjwyw/U4uqKtUORXQrR5bAZZnbTI/feRV/R7hc4jQYQ==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^1.0.0", + "micromark-util-types": "^1.0.0" + } + }, + "node_modules/micromark-factory-space/node_modules/micromark-util-types": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/micromark-util-types/-/micromark-util-types-1.1.0.tgz", + "integrity": "sha512-ukRBgie8TIAcacscVHSiddHjO4k/q3pnedmzMQ4iwDcK0FtFCohKOlFbaOL/mPgfnPsL3C1ZyxJa4sbWrBl3jg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-factory-title": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-title/-/micromark-factory-title-2.0.1.tgz", + "integrity": "sha512-5bZ+3CjhAd9eChYTHsjy6TGxpOFSKgKKJPJxr293jTbfry2KDoWkhBb6TcPVB4NmzaPhMs1Frm9AZH7OD4Cjzw==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-factory-space": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-factory-title/node_modules/micromark-factory-space": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-space/-/micromark-factory-space-2.0.1.tgz", + "integrity": "sha512-zRkxjtBxxLd2Sc0d+fbnEunsTj46SWXgXciZmHq0kDYGnck/ZSGj9/wULTV95uoeYiK5hRXP2mJ98Uo4cq/LQg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-factory-title/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-factory-title/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-factory-whitespace": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-whitespace/-/micromark-factory-whitespace-2.0.1.tgz", + "integrity": "sha512-Ob0nuZ3PKt/n0hORHyvoD9uZhr+Za8sFoP+OnMcnWK5lngSzALgQYKMr9RJVOWLqQYuyn6ulqGWSXdwf6F80lQ==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-factory-space": "^2.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-factory-whitespace/node_modules/micromark-factory-space": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-space/-/micromark-factory-space-2.0.1.tgz", + "integrity": "sha512-zRkxjtBxxLd2Sc0d+fbnEunsTj46SWXgXciZmHq0kDYGnck/ZSGj9/wULTV95uoeYiK5hRXP2mJ98Uo4cq/LQg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-factory-whitespace/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-factory-whitespace/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-util-character": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-1.2.0.tgz", + "integrity": "sha512-lXraTwcX3yH/vMDaFWCQJP1uIszLVebzUa3ZHdrgxr7KEU/9mL4mVgCpGbyhvNLNlauROiNUq7WN5u7ndbY6xg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^1.0.0", + "micromark-util-types": "^1.0.0" + } + }, + "node_modules/micromark-util-character/node_modules/micromark-util-types": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/micromark-util-types/-/micromark-util-types-1.1.0.tgz", + "integrity": "sha512-ukRBgie8TIAcacscVHSiddHjO4k/q3pnedmzMQ4iwDcK0FtFCohKOlFbaOL/mPgfnPsL3C1ZyxJa4sbWrBl3jg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-util-chunked": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-chunked/-/micromark-util-chunked-2.0.1.tgz", + "integrity": "sha512-QUNFEOPELfmvv+4xiNg2sRYeS/P84pTW0TCgP5zc9FpXetHY0ab7SxKyAQCNCc1eK0459uoLI1y5oO5Vc1dbhA==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0" + } + }, + "node_modules/micromark-util-chunked/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-util-classify-character": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-classify-character/-/micromark-util-classify-character-2.0.1.tgz", + "integrity": "sha512-K0kHzM6afW/MbeWYWLjoHQv1sgg2Q9EccHEDzSkxiP/EaagNzCm7T/WMKZ3rjMbvIpvBiZgwR3dKMygtA4mG1Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-util-classify-character/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-util-classify-character/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-util-combine-extensions": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-combine-extensions/-/micromark-util-combine-extensions-2.0.1.tgz", + "integrity": "sha512-OnAnH8Ujmy59JcyZw8JSbK9cGpdVY44NKgSM7E9Eh7DiLS2E9RNQf0dONaGDzEG9yjEl5hcqeIsj4hfRkLH/Bg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-chunked": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-util-decode-numeric-character-reference": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/micromark-util-decode-numeric-character-reference/-/micromark-util-decode-numeric-character-reference-2.0.2.tgz", + "integrity": "sha512-ccUbYk6CwVdkmCQMyr64dXz42EfHGkPQlBj5p7YVGzq8I7CtjXZJrubAYezf7Rp+bjPseiROqe7G6foFd+lEuw==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0" + } + }, + "node_modules/micromark-util-decode-numeric-character-reference/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-util-decode-string": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-decode-string/-/micromark-util-decode-string-2.0.1.tgz", + "integrity": "sha512-nDV/77Fj6eH1ynwscYTOsbK7rR//Uj0bZXBwJZRfaLEJ1iGBR6kIfNmlNqaqJf649EP0F3NWNdeJi03elllNUQ==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "decode-named-character-reference": "^1.0.0", + "micromark-util-character": "^2.0.0", + "micromark-util-decode-numeric-character-reference": "^2.0.0", + "micromark-util-symbol": "^2.0.0" + } + }, + "node_modules/micromark-util-decode-string/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-util-decode-string/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-util-encode": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-encode/-/micromark-util-encode-2.0.1.tgz", + "integrity": "sha512-c3cVx2y4KqUnwopcO9b/SCdo2O67LwJJ/UyqGfbigahfegL9myoEFoDYZgkT7f36T0bLrM9hZTAaAyH+PCAXjw==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-util-events-to-acorn": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/micromark-util-events-to-acorn/-/micromark-util-events-to-acorn-2.0.2.tgz", + "integrity": "sha512-Fk+xmBrOv9QZnEDguL9OI9/NQQp6Hz4FuQ4YmCb/5V7+9eAh1s6AYSvL20kHkD67YIg7EpE54TiSlcsf3vyZgA==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "@types/acorn": "^4.0.0", + "@types/estree": "^1.0.0", + "@types/unist": "^3.0.0", + "devlop": "^1.0.0", + "estree-util-visit": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0", + "vfile-message": "^4.0.0" + } + }, + "node_modules/micromark-util-events-to-acorn/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-util-html-tag-name": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-html-tag-name/-/micromark-util-html-tag-name-2.0.1.tgz", + "integrity": "sha512-2cNEiYDhCWKI+Gs9T0Tiysk136SnR13hhO8yW6BGNyhOC4qYFnwF1nKfD3HFAIXA5c45RrIG1ub11GiXeYd1xA==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-util-normalize-identifier": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-normalize-identifier/-/micromark-util-normalize-identifier-2.0.1.tgz", + "integrity": "sha512-sxPqmo70LyARJs0w2UclACPUUEqltCkJ6PhKdMIDuJ3gSf/Q+/GIe3WKl0Ijb/GyH9lOpUkRAO2wp0GVkLvS9Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0" + } + }, + "node_modules/micromark-util-normalize-identifier/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-util-resolve-all": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-resolve-all/-/micromark-util-resolve-all-2.0.1.tgz", + "integrity": "sha512-VdQyxFWFT2/FGJgwQnJYbe1jjQoNTS4RjglmSjTUlpUMa95Htx9NHeYW4rGDJzbjvCsl9eLjMQwGeElsqmzcHg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-util-sanitize-uri": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-sanitize-uri/-/micromark-util-sanitize-uri-2.0.1.tgz", + "integrity": "sha512-9N9IomZ/YuGGZZmQec1MbgxtlgougxTodVwDzzEouPKo3qFWvymFHWcnDi2vzV1ff6kas9ucW+o3yzJK9YB1AQ==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-encode": "^2.0.0", + "micromark-util-symbol": "^2.0.0" + } + }, + "node_modules/micromark-util-sanitize-uri/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-util-sanitize-uri/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-util-subtokenize": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/micromark-util-subtokenize/-/micromark-util-subtokenize-2.0.3.tgz", + "integrity": "sha512-VXJJuNxYWSoYL6AJ6OQECCFGhIU2GGHMw8tahogePBrjkG8aCCas3ibkp7RnVOSTClg2is05/R7maAhF1XyQMg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "devlop": "^1.0.0", + "micromark-util-chunked": "^2.0.0", + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark-util-subtokenize/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-util-symbol": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-1.1.0.tgz", + "integrity": "sha512-uEjpEYY6KMs1g7QfJ2eX1SQEV+ZT4rUD3UcF6l57acZvLNK7PBZL+ty82Z1qhK1/yXIY4bdx04FKMgR0g4IAag==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark-util-types": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-types/-/micromark-util-types-2.0.1.tgz", + "integrity": "sha512-534m2WhVTddrcKVepwmVEVnUAmtrx9bfIjNoQHRqfnvdaHQiFytEhJoTgpWJvDEXCO5gLTQh3wYC1PgOJA4NSQ==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromark/node_modules/micromark-factory-space": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-factory-space/-/micromark-factory-space-2.0.1.tgz", + "integrity": "sha512-zRkxjtBxxLd2Sc0d+fbnEunsTj46SWXgXciZmHq0kDYGnck/ZSGj9/wULTV95uoeYiK5hRXP2mJ98Uo4cq/LQg==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-character": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark/node_modules/micromark-util-character": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/micromark-util-character/-/micromark-util-character-2.1.1.tgz", + "integrity": "sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT", + "dependencies": { + "micromark-util-symbol": "^2.0.0", + "micromark-util-types": "^2.0.0" + } + }, + "node_modules/micromark/node_modules/micromark-util-symbol": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/micromark-util-symbol/-/micromark-util-symbol-2.0.1.tgz", + "integrity": "sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==", + "funding": [ + { + "type": "GitHub Sponsors", + "url": "https://github.com/sponsors/unifiedjs" + }, + { + "type": "OpenCollective", + "url": "https://opencollective.com/unified" + } + ], + "license": "MIT" + }, + "node_modules/micromatch": { + "version": "4.0.8", + "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz", + "integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==", + "license": "MIT", + "dependencies": { + "braces": "^3.0.3", + "picomatch": "^2.3.1" + }, + "engines": { + "node": ">=8.6" + } + }, + "node_modules/mime": { + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", + "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==", + "license": "MIT", + "bin": { + "mime": "cli.js" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/mime-db": { + "version": "1.33.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.33.0.tgz", + "integrity": "sha512-BHJ/EKruNIqJf/QahvxwQZXKygOQ256myeN/Ew+THcAa5q+PjyTTMMeNQC4DZw5AwfvelsUrA6B67NKMqXDbzQ==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/mime-types": { + "version": "2.1.18", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.18.tgz", + "integrity": "sha512-lc/aahn+t4/SWV/qcmumYjymLsWfN3ELhpmVuUFjgsORruuZPVSwAQryq+HHGvO/SI2KVX26bx+En+zhM8g8hQ==", + "license": "MIT", + "dependencies": { + "mime-db": "~1.33.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/mimic-fn": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz", + "integrity": "sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/mimic-response": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/mimic-response/-/mimic-response-4.0.0.tgz", + "integrity": "sha512-e5ISH9xMYU0DzrT+jl8q2ze9D6eWBto+I8CNpe+VI+K2J/F/k3PdkdTdz4wvGVH4NTpo+NRYTVIuMQEMMcsLqg==", + "license": "MIT", + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/mini-css-extract-plugin": { + "version": "2.9.2", + "resolved": "https://registry.npmjs.org/mini-css-extract-plugin/-/mini-css-extract-plugin-2.9.2.tgz", + "integrity": "sha512-GJuACcS//jtq4kCtd5ii/M0SZf7OZRH+BxdqXZHaJfb8TJiVl+NgQRPwiYt2EuqeSkNydn/7vP+bcE27C5mb9w==", + "license": "MIT", + "dependencies": { + "schema-utils": "^4.0.0", + "tapable": "^2.2.1" + }, + "engines": { + "node": ">= 12.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "webpack": "^5.0.0" + } + }, + "node_modules/minimalistic-assert": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz", + "integrity": "sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A==", + "license": "ISC" + }, + "node_modules/minimatch": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", + "license": "ISC", + "dependencies": { + "brace-expansion": "^1.1.7" + }, + "engines": { + "node": "*" + } + }, + "node_modules/minimist": { + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz", + "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/mlly": { + "version": "1.7.3", + "resolved": "https://registry.npmjs.org/mlly/-/mlly-1.7.3.tgz", + "integrity": "sha512-xUsx5n/mN0uQf4V548PKQ+YShA4/IW0KI1dZhrNrPCLG+xizETbHTkOa1f8/xut9JRPp8kQuMnz0oqwkTiLo/A==", + "license": "MIT", + "dependencies": { + "acorn": "^8.14.0", + "pathe": "^1.1.2", + "pkg-types": "^1.2.1", + "ufo": "^1.5.4" + } + }, + "node_modules/mrmime": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/mrmime/-/mrmime-2.0.0.tgz", + "integrity": "sha512-eu38+hdgojoyq63s+yTpN4XMBdt5l8HhMhc4VKLO9KM5caLIBvUm4thi7fFaxyTmCKeNnXZ5pAlBwCUnhA09uw==", + "license": "MIT", + "engines": { + "node": ">=10" + } + }, + "node_modules/ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", + "license": "MIT" + }, + "node_modules/multicast-dns": { + "version": "7.2.5", + "resolved": "https://registry.npmjs.org/multicast-dns/-/multicast-dns-7.2.5.tgz", + "integrity": "sha512-2eznPJP8z2BFLX50tf0LuODrpINqP1RVIm/CObbTcBRITQgmC/TjcREF1NeTBzIcR5XO/ukWo+YHOjBbFwIupg==", + "license": "MIT", + "dependencies": { + "dns-packet": "^5.2.2", + "thunky": "^1.0.2" + }, + "bin": { + "multicast-dns": "cli.js" + } + }, + "node_modules/nanoid": { + "version": "3.3.7", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz", + "integrity": "sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "bin": { + "nanoid": "bin/nanoid.cjs" + }, + "engines": { + "node": "^10 || ^12 || ^13.7 || ^14 || >=15.0.1" + } + }, + "node_modules/negotiator": { + "version": "0.6.4", + "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.4.tgz", + "integrity": "sha512-myRT3DiWPHqho5PrJaIRyaMv2kgYf0mUVgBNOYMuCH5Ki1yEiQaf/ZJuQ62nvpc44wL5WDbTX7yGJi1Neevw8w==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/neo-async": { + "version": "2.6.2", + "resolved": "https://registry.npmjs.org/neo-async/-/neo-async-2.6.2.tgz", + "integrity": "sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==", + "license": "MIT" + }, + "node_modules/no-case": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/no-case/-/no-case-3.0.4.tgz", + "integrity": "sha512-fgAN3jGAh+RoxUGZHTSOLJIqUc2wmoBwGR4tbpNAKmmovFoWq0OdRkb0VkldReO2a2iBT/OEulG9XSUc10r3zg==", + "license": "MIT", + "dependencies": { + "lower-case": "^2.0.2", + "tslib": "^2.0.3" + } + }, + "node_modules/node-emoji": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/node-emoji/-/node-emoji-2.1.3.tgz", + "integrity": "sha512-E2WEOVsgs7O16zsURJ/eH8BqhF029wGpEOnv7Urwdo2wmQanOACwJQh0devF9D9RhoZru0+9JXIS0dBXIAz+lA==", + "license": "MIT", + "dependencies": { + "@sindresorhus/is": "^4.6.0", + "char-regex": "^1.0.2", + "emojilib": "^2.4.0", + "skin-tone": "^2.0.0" + }, + "engines": { + "node": ">=18" + } + }, + "node_modules/node-forge": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-1.3.1.tgz", + "integrity": "sha512-dPEtOeMvF9VMcYV/1Wb8CPoVAXtp6MKMlcbAt4ddqmGqUJ6fQZFXkNZNkNlfevtNkGtaSoXf/vNNNSvgrdXwtA==", + "license": "(BSD-3-Clause OR GPL-2.0)", + "engines": { + "node": ">= 6.13.0" + } + }, + "node_modules/node-releases": { + "version": "2.0.18", + "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.18.tgz", + "integrity": "sha512-d9VeXT4SJ7ZeOqGX6R5EM022wpL+eWPooLI+5UpWn2jCT1aosUQEhQP214x33Wkwx3JQMvIm+tIoVOdodFS40g==", + "license": "MIT" + }, + "node_modules/normalize-path": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", + "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/normalize-range": { + "version": "0.1.2", + "resolved": "https://registry.npmjs.org/normalize-range/-/normalize-range-0.1.2.tgz", + "integrity": "sha512-bdok/XvKII3nUpklnV6P2hxtMNrCboOjAcyBuQnWEhO665FwrSNRxU+AqpsyvO6LgGYPspN+lu5CLtw4jPRKNA==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/normalize-url": { + "version": "8.0.1", + "resolved": "https://registry.npmjs.org/normalize-url/-/normalize-url-8.0.1.tgz", + "integrity": "sha512-IO9QvjUMWxPQQhs60oOu10CRkWCiZzSUkzbXGGV9pviYl1fXYcvkzQ5jV9z8Y6un8ARoVRl4EtC6v6jNqbaJ/w==", + "license": "MIT", + "engines": { + "node": ">=14.16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/npm-run-path": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz", + "integrity": "sha512-S48WzZW777zhNIrn7gxOlISNAqi9ZC/uQFnRdbeIHhZhCA6UqpkOT8T1G7BvfdgP4Er8gF4sUbaS0i7QvIfCWw==", + "license": "MIT", + "dependencies": { + "path-key": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/nprogress": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/nprogress/-/nprogress-0.2.0.tgz", + "integrity": "sha512-I19aIingLgR1fmhftnbWWO3dXc0hSxqHQHQb3H8m+K3TnEn/iSeTZZOyvKXWqQESMwuUVnatlCnZdLBZZt2VSA==", + "license": "MIT" + }, + "node_modules/nth-check": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/nth-check/-/nth-check-2.1.1.tgz", + "integrity": "sha512-lqjrjmaOoAnWfMmBPL+XNnynZh2+swxiX3WUE0s4yEHI6m+AwrK2UZOimIRl3X/4QctVqS8AiZjFqyOGrMXb/w==", + "license": "BSD-2-Clause", + "dependencies": { + "boolbase": "^1.0.0" + }, + "funding": { + "url": "https://github.com/fb55/nth-check?sponsor=1" + } + }, + "node_modules/null-loader": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/null-loader/-/null-loader-4.0.1.tgz", + "integrity": "sha512-pxqVbi4U6N26lq+LmgIbB5XATP0VdZKOG25DhHi8btMmJJefGArFyDg1yc4U3hWCJbMqSrw0qyrz1UQX+qYXqg==", + "license": "MIT", + "dependencies": { + "loader-utils": "^2.0.0", + "schema-utils": "^3.0.0" + }, + "engines": { + "node": ">= 10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "webpack": "^4.0.0 || ^5.0.0" + } + }, + "node_modules/null-loader/node_modules/ajv": { + "version": "6.12.6", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", + "license": "MIT", + "dependencies": { + "fast-deep-equal": "^3.1.1", + "fast-json-stable-stringify": "^2.0.0", + "json-schema-traverse": "^0.4.1", + "uri-js": "^4.2.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/null-loader/node_modules/ajv-keywords": { + "version": "3.5.2", + "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-3.5.2.tgz", + "integrity": "sha512-5p6WTN0DdTGVQk6VjcEju19IgaHudalcfabD7yhDGeA6bcQnmL+CpveLJq/3hvfwd1aof6L386Ougkx6RfyMIQ==", + "license": "MIT", + "peerDependencies": { + "ajv": "^6.9.1" + } + }, + "node_modules/null-loader/node_modules/json-schema-traverse": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==", + "license": "MIT" + }, + "node_modules/null-loader/node_modules/schema-utils": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-3.3.0.tgz", + "integrity": "sha512-pN/yOAvcC+5rQ5nERGuwrjLlYvLTbCibnZ1I7B1LaiAz9BRBlE9GMgE/eqV30P7aJQUf7Ddimy/RsbYO/GrVGg==", + "license": "MIT", + "dependencies": { + "@types/json-schema": "^7.0.8", + "ajv": "^6.12.5", + "ajv-keywords": "^3.5.2" + }, + "engines": { + "node": ">= 10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + } + }, + "node_modules/object-assign": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", + "integrity": "sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/object-inspect": { + "version": "1.13.3", + "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.3.tgz", + "integrity": "sha512-kDCGIbxkDSXE3euJZZXzc6to7fCrKHNI/hSRQnRuQ+BWjFNzZwiFF8fj/6o2t2G9/jTj8PSIYTfCLelLZEeRpA==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/object-keys": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/object-keys/-/object-keys-1.1.1.tgz", + "integrity": "sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/object.assign": { + "version": "4.1.5", + "resolved": "https://registry.npmjs.org/object.assign/-/object.assign-4.1.5.tgz", + "integrity": "sha512-byy+U7gp+FVwmyzKPYhW2h5l3crpmGsxl7X2s8y43IgxvG4g3QZ6CffDtsNQy1WsmZpQbO+ybo0AlW7TY6DcBQ==", + "license": "MIT", + "dependencies": { + "call-bind": "^1.0.5", + "define-properties": "^1.2.1", + "has-symbols": "^1.0.3", + "object-keys": "^1.1.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/obuf": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/obuf/-/obuf-1.1.2.tgz", + "integrity": "sha512-PX1wu0AmAdPqOL1mWhqmlOd8kOIZQwGZw6rh7uby9fTc5lhaOWFLX3I6R1hrF9k3zUY40e6igsLGkDXK92LJNg==", + "license": "MIT" + }, + "node_modules/on-finished": { + "version": "2.4.1", + "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", + "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==", + "license": "MIT", + "dependencies": { + "ee-first": "1.1.1" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/on-headers": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.0.2.tgz", + "integrity": "sha512-pZAE+FJLoyITytdqK0U5s+FIpjN0JP3OzFi/u8Rx+EV5/W+JTWGXG8xFzevE7AjBfDqHv/8vL8qQsIhHnqRkrA==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/once": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==", + "license": "ISC", + "dependencies": { + "wrappy": "1" + } + }, + "node_modules/onetime": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/onetime/-/onetime-5.1.2.tgz", + "integrity": "sha512-kbpaSSGJTWdAY5KPVeMOKXSrPtr8C8C7wodJbcsd51jRnmD+GZu8Y0VoU6Dm5Z4vWr0Ig/1NKuWRKf7j5aaYSg==", + "license": "MIT", + "dependencies": { + "mimic-fn": "^2.1.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/open": { + "version": "8.4.2", + "resolved": "https://registry.npmjs.org/open/-/open-8.4.2.tgz", + "integrity": "sha512-7x81NCL719oNbsq/3mh+hVrAWmFuEYUqrq/Iw3kUzH8ReypT9QQ0BLoJS7/G9k6N81XjW4qHWtjWwe/9eLy1EQ==", + "license": "MIT", + "dependencies": { + "define-lazy-prop": "^2.0.0", + "is-docker": "^2.1.1", + "is-wsl": "^2.2.0" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/opener": { + "version": "1.5.2", + "resolved": "https://registry.npmjs.org/opener/-/opener-1.5.2.tgz", + "integrity": "sha512-ur5UIdyw5Y7yEj9wLzhqXiy6GZ3Mwx0yGI+5sMn2r0N0v3cKJvUmFH5yPP+WXh9e0xfyzyJX95D8l088DNFj7A==", + "license": "(WTFPL OR MIT)", + "bin": { + "opener": "bin/opener-bin.js" + } + }, + "node_modules/p-cancelable": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/p-cancelable/-/p-cancelable-3.0.0.tgz", + "integrity": "sha512-mlVgR3PGuzlo0MmTdk4cXqXWlwQDLnONTAg6sm62XkMJEiRxN3GL3SffkYvqwonbkJBcrI7Uvv5Zh9yjvn2iUw==", + "license": "MIT", + "engines": { + "node": ">=12.20" + } + }, + "node_modules/p-limit": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-4.0.0.tgz", + "integrity": "sha512-5b0R4txpzjPWVw/cXXUResoD4hb6U/x9BH08L7nw+GN1sezDzPdxeRvpc9c433fZhBan/wusjbCsqwqm4EIBIQ==", + "license": "MIT", + "dependencies": { + "yocto-queue": "^1.0.0" + }, + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/p-locate": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-6.0.0.tgz", + "integrity": "sha512-wPrq66Llhl7/4AGC6I+cqxT07LhXvWL08LNXz1fENOw0Ap4sRZZ/gZpTTJ5jpurzzzfS2W/Ge9BY3LgLjCShcw==", + "license": "MIT", + "dependencies": { + "p-limit": "^4.0.0" + }, + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/p-map": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/p-map/-/p-map-4.0.0.tgz", + "integrity": "sha512-/bjOqmgETBYB5BoEeGVea8dmvHb2m9GLy1E9W43yeyfP6QQCZGFNa+XRceJEuDB6zqr+gKpIAmlLebMpykw/MQ==", + "license": "MIT", + "dependencies": { + "aggregate-error": "^3.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/p-retry": { + "version": "4.6.2", + "resolved": "https://registry.npmjs.org/p-retry/-/p-retry-4.6.2.tgz", + "integrity": "sha512-312Id396EbJdvRONlngUx0NydfrIQ5lsYu0znKVUzVvArzEIt08V1qhtyESbGVd1FGX7UKtiFp5uwKZdM8wIuQ==", + "license": "MIT", + "dependencies": { + "@types/retry": "0.12.0", + "retry": "^0.13.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/p-try": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", + "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/package-json": { + "version": "8.1.1", + "resolved": "https://registry.npmjs.org/package-json/-/package-json-8.1.1.tgz", + "integrity": "sha512-cbH9IAIJHNj9uXi196JVsRlt7cHKak6u/e6AkL/bkRelZ7rlL3X1YKxsZwa36xipOEKAsdtmaG6aAJoM1fx2zA==", + "license": "MIT", + "dependencies": { + "got": "^12.1.0", + "registry-auth-token": "^5.0.1", + "registry-url": "^6.0.0", + "semver": "^7.3.7" + }, + "engines": { + "node": ">=14.16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/package-manager-detector": { + "version": "0.2.4", + "resolved": "https://registry.npmjs.org/package-manager-detector/-/package-manager-detector-0.2.4.tgz", + "integrity": "sha512-H/OUu9/zUfP89z1APcBf2X8Us0tt8dUK4lUmKqz12QNXif3DxAs1/YqjGtcutZi1zQqeNQRWr9C+EbQnnvSSFA==", + "license": "MIT" + }, + "node_modules/param-case": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/param-case/-/param-case-3.0.4.tgz", + "integrity": "sha512-RXlj7zCYokReqWpOPH9oYivUzLYZ5vAPIfEmCTNViosC78F8F0H9y7T7gG2M39ymgutxF5gcFEsyZQSph9Bp3A==", + "license": "MIT", + "dependencies": { + "dot-case": "^3.0.4", + "tslib": "^2.0.3" + } + }, + "node_modules/parent-module": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz", + "integrity": "sha512-GQ2EWRpQV8/o+Aw8YqtfZZPfNRWZYkbidE9k5rpl/hC3vtHHBfGm2Ifi6qWV+coDGkrUKZAxE3Lot5kcsRlh+g==", + "license": "MIT", + "dependencies": { + "callsites": "^3.0.0" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/parse-entities": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/parse-entities/-/parse-entities-4.0.1.tgz", + "integrity": "sha512-SWzvYcSJh4d/SGLIOQfZ/CoNv6BTlI6YEQ7Nj82oDVnRpwe/Z/F1EMx42x3JAOwGBlCjeCH0BRJQbQ/opHL17w==", + "license": "MIT", + "dependencies": { + "@types/unist": "^2.0.0", + "character-entities": "^2.0.0", + "character-entities-legacy": "^3.0.0", + "character-reference-invalid": "^2.0.0", + "decode-named-character-reference": "^1.0.0", + "is-alphanumerical": "^2.0.0", + "is-decimal": "^2.0.0", + "is-hexadecimal": "^2.0.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/parse-entities/node_modules/@types/unist": { + "version": "2.0.11", + "resolved": "https://registry.npmjs.org/@types/unist/-/unist-2.0.11.tgz", + "integrity": "sha512-CmBKiL6NNo/OqgmMn95Fk9Whlp2mtvIv+KNpQKN2F4SjvrEesubTRWGYSg+BnWZOnlCaSTU1sMpsBOzgbYhnsA==", + "license": "MIT" + }, + "node_modules/parse-json": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-5.2.0.tgz", + "integrity": "sha512-ayCKvm/phCGxOkYRSCM82iDwct8/EonSEgCSxWxD7ve6jHggsFl4fZVQBPRNgQoKiuV/odhFrGzQXZwbifC8Rg==", + "license": "MIT", + "dependencies": { + "@babel/code-frame": "^7.0.0", + "error-ex": "^1.3.1", + "json-parse-even-better-errors": "^2.3.0", + "lines-and-columns": "^1.1.6" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/parse-numeric-range": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/parse-numeric-range/-/parse-numeric-range-1.3.0.tgz", + "integrity": "sha512-twN+njEipszzlMJd4ONUYgSfZPDxgHhT9Ahed5uTigpQn90FggW4SA/AIPq/6a149fTbE9qBEcSwE3FAEp6wQQ==", + "license": "ISC" + }, + "node_modules/parse5": { + "version": "7.2.1", + "resolved": "https://registry.npmjs.org/parse5/-/parse5-7.2.1.tgz", + "integrity": "sha512-BuBYQYlv1ckiPdQi/ohiivi9Sagc9JG+Ozs0r7b/0iK3sKmrb0b9FdWdBbOdx6hBCM/F9Ir82ofnBhtZOjCRPQ==", + "license": "MIT", + "dependencies": { + "entities": "^4.5.0" + }, + "funding": { + "url": "https://github.com/inikulin/parse5?sponsor=1" + } + }, + "node_modules/parse5-htmlparser2-tree-adapter": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/parse5-htmlparser2-tree-adapter/-/parse5-htmlparser2-tree-adapter-7.1.0.tgz", + "integrity": "sha512-ruw5xyKs6lrpo9x9rCZqZZnIUntICjQAd0Wsmp396Ul9lN/h+ifgVV1x1gZHi8euej6wTfpqX8j+BFQxF0NS/g==", + "license": "MIT", + "dependencies": { + "domhandler": "^5.0.3", + "parse5": "^7.0.0" + }, + "funding": { + "url": "https://github.com/inikulin/parse5?sponsor=1" + } + }, + "node_modules/parseurl": { + "version": "1.3.3", + "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", + "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/pascal-case": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/pascal-case/-/pascal-case-3.1.2.tgz", + "integrity": "sha512-uWlGT3YSnK9x3BQJaOdcZwrnV6hPpd8jFH1/ucpiLRPh/2zCVJKS19E4GvYHvaCcACn3foXZ0cLB9Wrx1KGe5g==", + "license": "MIT", + "dependencies": { + "no-case": "^3.0.4", + "tslib": "^2.0.3" + } + }, + "node_modules/path-data-parser": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/path-data-parser/-/path-data-parser-0.1.0.tgz", + "integrity": "sha512-NOnmBpt5Y2RWbuv0LMzsayp3lVylAHLPUTut412ZA3l+C4uw4ZVkQbjShYCQ8TCpUMdPapr4YjUqLYD6v68j+w==", + "license": "MIT" + }, + "node_modules/path-exists": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-5.0.0.tgz", + "integrity": "sha512-RjhtfwJOxzcFmNOi6ltcbcu4Iu+FL3zEj83dk4kAS+fVpTxXLO1b38RvJgT/0QwvV/L3aY9TAnyv0EOqW4GoMQ==", + "license": "MIT", + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + } + }, + "node_modules/path-is-absolute": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", + "integrity": "sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/path-is-inside": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/path-is-inside/-/path-is-inside-1.0.2.tgz", + "integrity": "sha512-DUWJr3+ULp4zXmol/SZkFf3JGsS9/SIv+Y3Rt93/UjPpDpklB5f1er4O3POIbUuUJ3FXgqte2Q7SrU6zAqwk8w==", + "license": "(WTFPL OR MIT)" + }, + "node_modules/path-key": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", + "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/path-parse": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz", + "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==", + "license": "MIT" + }, + "node_modules/path-to-regexp": { + "version": "1.9.0", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-1.9.0.tgz", + "integrity": "sha512-xIp7/apCFJuUHdDLWe8O1HIkb0kQrOMb/0u6FXQjemHn/ii5LrIzU6bdECnsiTF/GjZkMEKg1xdiZwNqDYlZ6g==", + "license": "MIT", + "dependencies": { + "isarray": "0.0.1" + } + }, + "node_modules/path-type": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz", + "integrity": "sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/pathe": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/pathe/-/pathe-1.1.2.tgz", + "integrity": "sha512-whLdWMYL2TwI08hn8/ZqAbrVemu0LNaNNJZX73O6qaIdCTfXutsLhMkjdENX0qhsQ9uIimo4/aQOmXkoon2nDQ==", + "license": "MIT" + }, + "node_modules/picocolors": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz", + "integrity": "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==", + "license": "ISC" + }, + "node_modules/picomatch": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", + "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==", + "license": "MIT", + "engines": { + "node": ">=8.6" + }, + "funding": { + "url": "https://github.com/sponsors/jonschlinkert" + } + }, + "node_modules/pkg-dir": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-7.0.0.tgz", + "integrity": "sha512-Ie9z/WINcxxLp27BKOCHGde4ITq9UklYKDzVo1nhk5sqGEXU3FpkwP5GM2voTGJkGd9B3Otl+Q4uwSOeSUtOBA==", + "license": "MIT", + "dependencies": { + "find-up": "^6.3.0" + }, + "engines": { + "node": ">=14.16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/pkg-types": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/pkg-types/-/pkg-types-1.2.1.tgz", + "integrity": "sha512-sQoqa8alT3nHjGuTjuKgOnvjo4cljkufdtLMnO2LBP/wRwuDlo1tkaEdMxCRhyGRPacv/ztlZgDPm2b7FAmEvw==", + "license": "MIT", + "dependencies": { + "confbox": "^0.1.8", + "mlly": "^1.7.2", + "pathe": "^1.1.2" + } + }, + "node_modules/pkg-up": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/pkg-up/-/pkg-up-3.1.0.tgz", + "integrity": "sha512-nDywThFk1i4BQK4twPQ6TA4RT8bDY96yeuCVBWL3ePARCiEKDRSrNGbFIgUJpLp+XeIR65v8ra7WuJOFUBtkMA==", + "license": "MIT", + "dependencies": { + "find-up": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/pkg-up/node_modules/find-up": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-3.0.0.tgz", + "integrity": "sha512-1yD6RmLI1XBfxugvORwlck6f75tYL+iR0jqwsOrOxMZyGYqUuDhJ0l4AXdO1iX/FTs9cBAMEk1gWSEx1kSbylg==", + "license": "MIT", + "dependencies": { + "locate-path": "^3.0.0" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/pkg-up/node_modules/locate-path": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-3.0.0.tgz", + "integrity": "sha512-7AO748wWnIhNqAuaty2ZWHkQHRSNfPVIsPIfwEOWO22AmaoVrWavlOcMR5nzTLNYvp36X220/maaRsrec1G65A==", + "license": "MIT", + "dependencies": { + "p-locate": "^3.0.0", + "path-exists": "^3.0.0" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/pkg-up/node_modules/p-limit": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", + "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", + "license": "MIT", + "dependencies": { + "p-try": "^2.0.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/pkg-up/node_modules/p-locate": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-3.0.0.tgz", + "integrity": "sha512-x+12w/To+4GFfgJhBEpiDcLozRJGegY+Ei7/z0tSLkMmxGZNybVMSfWj9aJn8Z5Fc7dBUNJOOVgPv2H7IwulSQ==", + "license": "MIT", + "dependencies": { + "p-limit": "^2.0.0" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/pkg-up/node_modules/path-exists": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-3.0.0.tgz", + "integrity": "sha512-bpC7GYwiDYQ4wYLe+FA8lhRjhQCMcQGuSgGGqDkg/QerRWw9CmGRT0iSOVRSZJ29NMLZgIzqaljJ63oaL4NIJQ==", + "license": "MIT", + "engines": { + "node": ">=4" + } + }, + "node_modules/points-on-curve": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/points-on-curve/-/points-on-curve-0.2.0.tgz", + "integrity": "sha512-0mYKnYYe9ZcqMCWhUjItv/oHjvgEsfKvnUTg8sAtnHr3GVy7rGkXCb6d5cSyqrWqL4k81b9CPg3urd+T7aop3A==", + "license": "MIT" + }, + "node_modules/points-on-path": { + "version": "0.2.1", + "resolved": "https://registry.npmjs.org/points-on-path/-/points-on-path-0.2.1.tgz", + "integrity": "sha512-25ClnWWuw7JbWZcgqY/gJ4FQWadKxGWk+3kR/7kD0tCaDtPPMj7oHu2ToLaVhfpnHrZzYby2w6tUA0eOIuUg8g==", + "license": "MIT", + "dependencies": { + "path-data-parser": "0.1.0", + "points-on-curve": "0.2.0" + } + }, + "node_modules/postcss": { + "version": "8.4.49", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.49.tgz", + "integrity": "sha512-OCVPnIObs4N29kxTjzLfUryOkvZEq+pf8jTF0lg8E7uETuWHA+v7j3c/xJmiqpX450191LlmZfUKkXxkTry7nA==", + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/postcss/" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/postcss" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "dependencies": { + "nanoid": "^3.3.7", + "picocolors": "^1.1.1", + "source-map-js": "^1.2.1" + }, + "engines": { + "node": "^10 || ^12 || >=14" + } + }, + "node_modules/postcss-attribute-case-insensitive": { + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/postcss-attribute-case-insensitive/-/postcss-attribute-case-insensitive-7.0.1.tgz", + "integrity": "sha512-Uai+SupNSqzlschRyNx3kbCTWgY/2hcwtHEI/ej2LJWc9JJ77qKgGptd8DHwY1mXtZ7Aoh4z4yxfwMBue9eNgw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT", + "dependencies": { + "postcss-selector-parser": "^7.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-attribute-case-insensitive/node_modules/postcss-selector-parser": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.0.0.tgz", + "integrity": "sha512-9RbEr1Y7FFfptd/1eEdntyjMwLeghW1bHX9GWjXo19vx4ytPQhANltvVxDggzJl7mnWM+dX28kb6cyS/4iQjlQ==", + "license": "MIT", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/postcss-calc": { + "version": "9.0.1", + "resolved": "https://registry.npmjs.org/postcss-calc/-/postcss-calc-9.0.1.tgz", + "integrity": "sha512-TipgjGyzP5QzEhsOZUaIkeO5mKeMFpebWzRogWG/ysonUlnHcq5aJe0jOjpfzUU8PeSaBQnrE8ehR0QA5vs8PQ==", + "license": "MIT", + "dependencies": { + "postcss-selector-parser": "^6.0.11", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.2.2" + } + }, + "node_modules/postcss-clamp": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/postcss-clamp/-/postcss-clamp-4.1.0.tgz", + "integrity": "sha512-ry4b1Llo/9zz+PKC+030KUnPITTJAHeOwjfAyyB60eT0AorGLdzp52s31OsPRHRf8NchkgFoG2y6fCfn1IV1Ow==", + "license": "MIT", + "dependencies": { + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": ">=7.6.0" + }, + "peerDependencies": { + "postcss": "^8.4.6" + } + }, + "node_modules/postcss-color-functional-notation": { + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/postcss-color-functional-notation/-/postcss-color-functional-notation-7.0.6.tgz", + "integrity": "sha512-wLXvm8RmLs14Z2nVpB4CWlnvaWPRcOZFltJSlcbYwSJ1EDZKsKDhPKIMecCnuU054KSmlmubkqczmm6qBPCBhA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-color-parser": "^3.0.6", + "@csstools/css-parser-algorithms": "^3.0.4", + "@csstools/css-tokenizer": "^3.0.3", + "@csstools/postcss-progressive-custom-properties": "^4.0.0", + "@csstools/utilities": "^2.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-color-hex-alpha": { + "version": "10.0.0", + "resolved": "https://registry.npmjs.org/postcss-color-hex-alpha/-/postcss-color-hex-alpha-10.0.0.tgz", + "integrity": "sha512-1kervM2cnlgPs2a8Vt/Qbe5cQ++N7rkYo/2rz2BkqJZIHQwaVuJgQH38REHrAi4uM0b1fqxMkWYmese94iMp3w==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT", + "dependencies": { + "@csstools/utilities": "^2.0.0", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-color-rebeccapurple": { + "version": "10.0.0", + "resolved": "https://registry.npmjs.org/postcss-color-rebeccapurple/-/postcss-color-rebeccapurple-10.0.0.tgz", + "integrity": "sha512-JFta737jSP+hdAIEhk1Vs0q0YF5P8fFcj+09pweS8ktuGuZ8pPlykHsk6mPxZ8awDl4TrcxUqJo9l1IhVr/OjQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/utilities": "^2.0.0", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-colormin": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/postcss-colormin/-/postcss-colormin-6.1.0.tgz", + "integrity": "sha512-x9yX7DOxeMAR+BgGVnNSAxmAj98NX/YxEMNFP+SDCEeNLb2r3i6Hh1ksMsnW8Ub5SLCpbescQqn9YEbE9554Sw==", + "license": "MIT", + "dependencies": { + "browserslist": "^4.23.0", + "caniuse-api": "^3.0.0", + "colord": "^2.9.3", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-convert-values": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/postcss-convert-values/-/postcss-convert-values-6.1.0.tgz", + "integrity": "sha512-zx8IwP/ts9WvUM6NkVSkiU902QZL1bwPhaVaLynPtCsOTqp+ZKbNi+s6XJg3rfqpKGA/oc7Oxk5t8pOQJcwl/w==", + "license": "MIT", + "dependencies": { + "browserslist": "^4.23.0", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-custom-media": { + "version": "11.0.5", + "resolved": "https://registry.npmjs.org/postcss-custom-media/-/postcss-custom-media-11.0.5.tgz", + "integrity": "sha512-SQHhayVNgDvSAdX9NQ/ygcDQGEY+aSF4b/96z7QUX6mqL5yl/JgG/DywcF6fW9XbnCRE+aVYk+9/nqGuzOPWeQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT", + "dependencies": { + "@csstools/cascade-layer-name-parser": "^2.0.4", + "@csstools/css-parser-algorithms": "^3.0.4", + "@csstools/css-tokenizer": "^3.0.3", + "@csstools/media-query-list-parser": "^4.0.2" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-custom-properties": { + "version": "14.0.4", + "resolved": "https://registry.npmjs.org/postcss-custom-properties/-/postcss-custom-properties-14.0.4.tgz", + "integrity": "sha512-QnW8FCCK6q+4ierwjnmXF9Y9KF8q0JkbgVfvQEMa93x1GT8FvOiUevWCN2YLaOWyByeDX8S6VFbZEeWoAoXs2A==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT", + "dependencies": { + "@csstools/cascade-layer-name-parser": "^2.0.4", + "@csstools/css-parser-algorithms": "^3.0.4", + "@csstools/css-tokenizer": "^3.0.3", + "@csstools/utilities": "^2.0.0", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-custom-selectors": { + "version": "8.0.4", + "resolved": "https://registry.npmjs.org/postcss-custom-selectors/-/postcss-custom-selectors-8.0.4.tgz", + "integrity": "sha512-ASOXqNvDCE0dAJ/5qixxPeL1aOVGHGW2JwSy7HyjWNbnWTQCl+fDc968HY1jCmZI0+BaYT5CxsOiUhavpG/7eg==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT", + "dependencies": { + "@csstools/cascade-layer-name-parser": "^2.0.4", + "@csstools/css-parser-algorithms": "^3.0.4", + "@csstools/css-tokenizer": "^3.0.3", + "postcss-selector-parser": "^7.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-custom-selectors/node_modules/postcss-selector-parser": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.0.0.tgz", + "integrity": "sha512-9RbEr1Y7FFfptd/1eEdntyjMwLeghW1bHX9GWjXo19vx4ytPQhANltvVxDggzJl7mnWM+dX28kb6cyS/4iQjlQ==", + "license": "MIT", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/postcss-dir-pseudo-class": { + "version": "9.0.1", + "resolved": "https://registry.npmjs.org/postcss-dir-pseudo-class/-/postcss-dir-pseudo-class-9.0.1.tgz", + "integrity": "sha512-tRBEK0MHYvcMUrAuYMEOa0zg9APqirBcgzi6P21OhxtJyJADo/SWBwY1CAwEohQ/6HDaa9jCjLRG7K3PVQYHEA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "postcss-selector-parser": "^7.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-dir-pseudo-class/node_modules/postcss-selector-parser": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.0.0.tgz", + "integrity": "sha512-9RbEr1Y7FFfptd/1eEdntyjMwLeghW1bHX9GWjXo19vx4ytPQhANltvVxDggzJl7mnWM+dX28kb6cyS/4iQjlQ==", + "license": "MIT", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/postcss-discard-comments": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/postcss-discard-comments/-/postcss-discard-comments-6.0.2.tgz", + "integrity": "sha512-65w/uIqhSBBfQmYnG92FO1mWZjJ4GL5b8atm5Yw2UgrwD7HiNiSSNwJor1eCFGzUgYnN/iIknhNRVqjrrpuglw==", + "license": "MIT", + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-discard-duplicates": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/postcss-discard-duplicates/-/postcss-discard-duplicates-6.0.3.tgz", + "integrity": "sha512-+JA0DCvc5XvFAxwx6f/e68gQu/7Z9ud584VLmcgto28eB8FqSFZwtrLwB5Kcp70eIoWP/HXqz4wpo8rD8gpsTw==", + "license": "MIT", + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-discard-empty": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/postcss-discard-empty/-/postcss-discard-empty-6.0.3.tgz", + "integrity": "sha512-znyno9cHKQsK6PtxL5D19Fj9uwSzC2mB74cpT66fhgOadEUPyXFkbgwm5tvc3bt3NAy8ltE5MrghxovZRVnOjQ==", + "license": "MIT", + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-discard-overridden": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/postcss-discard-overridden/-/postcss-discard-overridden-6.0.2.tgz", + "integrity": "sha512-j87xzI4LUggC5zND7KdjsI25APtyMuynXZSujByMaav2roV6OZX+8AaCUcZSWqckZpjAjRyFDdpqybgjFO0HJQ==", + "license": "MIT", + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-discard-unused": { + "version": "6.0.5", + "resolved": "https://registry.npmjs.org/postcss-discard-unused/-/postcss-discard-unused-6.0.5.tgz", + "integrity": "sha512-wHalBlRHkaNnNwfC8z+ppX57VhvS+HWgjW508esjdaEYr3Mx7Gnn2xA4R/CKf5+Z9S5qsqC+Uzh4ueENWwCVUA==", + "license": "MIT", + "dependencies": { + "postcss-selector-parser": "^6.0.16" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-double-position-gradients": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/postcss-double-position-gradients/-/postcss-double-position-gradients-6.0.0.tgz", + "integrity": "sha512-JkIGah3RVbdSEIrcobqj4Gzq0h53GG4uqDPsho88SgY84WnpkTpI0k50MFK/sX7XqVisZ6OqUfFnoUO6m1WWdg==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/postcss-progressive-custom-properties": "^4.0.0", + "@csstools/utilities": "^2.0.0", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-focus-visible": { + "version": "10.0.1", + "resolved": "https://registry.npmjs.org/postcss-focus-visible/-/postcss-focus-visible-10.0.1.tgz", + "integrity": "sha512-U58wyjS/I1GZgjRok33aE8juW9qQgQUNwTSdxQGuShHzwuYdcklnvK/+qOWX1Q9kr7ysbraQ6ht6r+udansalA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "postcss-selector-parser": "^7.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-focus-visible/node_modules/postcss-selector-parser": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.0.0.tgz", + "integrity": "sha512-9RbEr1Y7FFfptd/1eEdntyjMwLeghW1bHX9GWjXo19vx4ytPQhANltvVxDggzJl7mnWM+dX28kb6cyS/4iQjlQ==", + "license": "MIT", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/postcss-focus-within": { + "version": "9.0.1", + "resolved": "https://registry.npmjs.org/postcss-focus-within/-/postcss-focus-within-9.0.1.tgz", + "integrity": "sha512-fzNUyS1yOYa7mOjpci/bR+u+ESvdar6hk8XNK/TRR0fiGTp2QT5N+ducP0n3rfH/m9I7H/EQU6lsa2BrgxkEjw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "postcss-selector-parser": "^7.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-focus-within/node_modules/postcss-selector-parser": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.0.0.tgz", + "integrity": "sha512-9RbEr1Y7FFfptd/1eEdntyjMwLeghW1bHX9GWjXo19vx4ytPQhANltvVxDggzJl7mnWM+dX28kb6cyS/4iQjlQ==", + "license": "MIT", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/postcss-font-variant": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/postcss-font-variant/-/postcss-font-variant-5.0.0.tgz", + "integrity": "sha512-1fmkBaCALD72CK2a9i468mA/+tr9/1cBxRRMXOUaZqO43oWPR5imcyPjXwuv7PXbCid4ndlP5zWhidQVVa3hmA==", + "license": "MIT", + "peerDependencies": { + "postcss": "^8.1.0" + } + }, + "node_modules/postcss-gap-properties": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/postcss-gap-properties/-/postcss-gap-properties-6.0.0.tgz", + "integrity": "sha512-Om0WPjEwiM9Ru+VhfEDPZJAKWUd0mV1HmNXqp2C29z80aQ2uP9UVhLc7e3aYMIor/S5cVhoPgYQ7RtfeZpYTRw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-image-set-function": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/postcss-image-set-function/-/postcss-image-set-function-7.0.0.tgz", + "integrity": "sha512-QL7W7QNlZuzOwBTeXEmbVckNt1FSmhQtbMRvGGqqU4Nf4xk6KUEQhAoWuMzwbSv5jxiRiSZ5Tv7eiDB9U87znA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/utilities": "^2.0.0", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-lab-function": { + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/postcss-lab-function/-/postcss-lab-function-7.0.6.tgz", + "integrity": "sha512-HPwvsoK7C949vBZ+eMyvH2cQeMr3UREoHvbtra76/UhDuiViZH6pir+z71UaJQohd7VDSVUdR6TkWYKExEc9aQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/css-color-parser": "^3.0.6", + "@csstools/css-parser-algorithms": "^3.0.4", + "@csstools/css-tokenizer": "^3.0.3", + "@csstools/postcss-progressive-custom-properties": "^4.0.0", + "@csstools/utilities": "^2.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-loader": { + "version": "7.3.4", + "resolved": "https://registry.npmjs.org/postcss-loader/-/postcss-loader-7.3.4.tgz", + "integrity": "sha512-iW5WTTBSC5BfsBJ9daFMPVrLT36MrNiC6fqOZTTaHjBNX6Pfd5p+hSBqe/fEeNd7pc13QiAyGt7VdGMw4eRC4A==", + "license": "MIT", + "dependencies": { + "cosmiconfig": "^8.3.5", + "jiti": "^1.20.0", + "semver": "^7.5.4" + }, + "engines": { + "node": ">= 14.15.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "postcss": "^7.0.0 || ^8.0.1", + "webpack": "^5.0.0" + } + }, + "node_modules/postcss-logical": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/postcss-logical/-/postcss-logical-8.0.0.tgz", + "integrity": "sha512-HpIdsdieClTjXLOyYdUPAX/XQASNIwdKt5hoZW08ZOAiI+tbV0ta1oclkpVkW5ANU+xJvk3KkA0FejkjGLXUkg==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-merge-idents": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/postcss-merge-idents/-/postcss-merge-idents-6.0.3.tgz", + "integrity": "sha512-1oIoAsODUs6IHQZkLQGO15uGEbK3EAl5wi9SS8hs45VgsxQfMnxvt+L+zIr7ifZFIH14cfAeVe2uCTa+SPRa3g==", + "license": "MIT", + "dependencies": { + "cssnano-utils": "^4.0.2", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-merge-longhand": { + "version": "6.0.5", + "resolved": "https://registry.npmjs.org/postcss-merge-longhand/-/postcss-merge-longhand-6.0.5.tgz", + "integrity": "sha512-5LOiordeTfi64QhICp07nzzuTDjNSO8g5Ksdibt44d+uvIIAE1oZdRn8y/W5ZtYgRH/lnLDlvi9F8btZcVzu3w==", + "license": "MIT", + "dependencies": { + "postcss-value-parser": "^4.2.0", + "stylehacks": "^6.1.1" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-merge-rules": { + "version": "6.1.1", + "resolved": "https://registry.npmjs.org/postcss-merge-rules/-/postcss-merge-rules-6.1.1.tgz", + "integrity": "sha512-KOdWF0gju31AQPZiD+2Ar9Qjowz1LTChSjFFbS+e2sFgc4uHOp3ZvVX4sNeTlk0w2O31ecFGgrFzhO0RSWbWwQ==", + "license": "MIT", + "dependencies": { + "browserslist": "^4.23.0", + "caniuse-api": "^3.0.0", + "cssnano-utils": "^4.0.2", + "postcss-selector-parser": "^6.0.16" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-minify-font-values": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/postcss-minify-font-values/-/postcss-minify-font-values-6.1.0.tgz", + "integrity": "sha512-gklfI/n+9rTh8nYaSJXlCo3nOKqMNkxuGpTn/Qm0gstL3ywTr9/WRKznE+oy6fvfolH6dF+QM4nCo8yPLdvGJg==", + "license": "MIT", + "dependencies": { + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-minify-gradients": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/postcss-minify-gradients/-/postcss-minify-gradients-6.0.3.tgz", + "integrity": "sha512-4KXAHrYlzF0Rr7uc4VrfwDJ2ajrtNEpNEuLxFgwkhFZ56/7gaE4Nr49nLsQDZyUe+ds+kEhf+YAUolJiYXF8+Q==", + "license": "MIT", + "dependencies": { + "colord": "^2.9.3", + "cssnano-utils": "^4.0.2", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-minify-params": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/postcss-minify-params/-/postcss-minify-params-6.1.0.tgz", + "integrity": "sha512-bmSKnDtyyE8ujHQK0RQJDIKhQ20Jq1LYiez54WiaOoBtcSuflfK3Nm596LvbtlFcpipMjgClQGyGr7GAs+H1uA==", + "license": "MIT", + "dependencies": { + "browserslist": "^4.23.0", + "cssnano-utils": "^4.0.2", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-minify-selectors": { + "version": "6.0.4", + "resolved": "https://registry.npmjs.org/postcss-minify-selectors/-/postcss-minify-selectors-6.0.4.tgz", + "integrity": "sha512-L8dZSwNLgK7pjTto9PzWRoMbnLq5vsZSTu8+j1P/2GB8qdtGQfn+K1uSvFgYvgh83cbyxT5m43ZZhUMTJDSClQ==", + "license": "MIT", + "dependencies": { + "postcss-selector-parser": "^6.0.16" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-modules-extract-imports": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/postcss-modules-extract-imports/-/postcss-modules-extract-imports-3.1.0.tgz", + "integrity": "sha512-k3kNe0aNFQDAZGbin48pL2VNidTF0w4/eASDsxlyspobzU3wZQLOGj7L9gfRe0Jo9/4uud09DsjFNH7winGv8Q==", + "license": "ISC", + "engines": { + "node": "^10 || ^12 || >= 14" + }, + "peerDependencies": { + "postcss": "^8.1.0" + } + }, + "node_modules/postcss-modules-local-by-default": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/postcss-modules-local-by-default/-/postcss-modules-local-by-default-4.1.0.tgz", + "integrity": "sha512-rm0bdSv4jC3BDma3s9H19ZddW0aHX6EoqwDYU2IfZhRN+53QrufTRo2IdkAbRqLx4R2IYbZnbjKKxg4VN5oU9Q==", + "license": "MIT", + "dependencies": { + "icss-utils": "^5.0.0", + "postcss-selector-parser": "^7.0.0", + "postcss-value-parser": "^4.1.0" + }, + "engines": { + "node": "^10 || ^12 || >= 14" + }, + "peerDependencies": { + "postcss": "^8.1.0" + } + }, + "node_modules/postcss-modules-local-by-default/node_modules/postcss-selector-parser": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.0.0.tgz", + "integrity": "sha512-9RbEr1Y7FFfptd/1eEdntyjMwLeghW1bHX9GWjXo19vx4ytPQhANltvVxDggzJl7mnWM+dX28kb6cyS/4iQjlQ==", + "license": "MIT", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/postcss-modules-scope": { + "version": "3.2.1", + "resolved": "https://registry.npmjs.org/postcss-modules-scope/-/postcss-modules-scope-3.2.1.tgz", + "integrity": "sha512-m9jZstCVaqGjTAuny8MdgE88scJnCiQSlSrOWcTQgM2t32UBe+MUmFSO5t7VMSfAf/FJKImAxBav8ooCHJXCJA==", + "license": "ISC", + "dependencies": { + "postcss-selector-parser": "^7.0.0" + }, + "engines": { + "node": "^10 || ^12 || >= 14" + }, + "peerDependencies": { + "postcss": "^8.1.0" + } + }, + "node_modules/postcss-modules-scope/node_modules/postcss-selector-parser": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.0.0.tgz", + "integrity": "sha512-9RbEr1Y7FFfptd/1eEdntyjMwLeghW1bHX9GWjXo19vx4ytPQhANltvVxDggzJl7mnWM+dX28kb6cyS/4iQjlQ==", + "license": "MIT", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/postcss-modules-values": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/postcss-modules-values/-/postcss-modules-values-4.0.0.tgz", + "integrity": "sha512-RDxHkAiEGI78gS2ofyvCsu7iycRv7oqw5xMWn9iMoR0N/7mf9D50ecQqUo5BZ9Zh2vH4bCUR/ktCqbB9m8vJjQ==", + "license": "ISC", + "dependencies": { + "icss-utils": "^5.0.0" + }, + "engines": { + "node": "^10 || ^12 || >= 14" + }, + "peerDependencies": { + "postcss": "^8.1.0" + } + }, + "node_modules/postcss-nesting": { + "version": "13.0.1", + "resolved": "https://registry.npmjs.org/postcss-nesting/-/postcss-nesting-13.0.1.tgz", + "integrity": "sha512-VbqqHkOBOt4Uu3G8Dm8n6lU5+9cJFxiuty9+4rcoyRPO9zZS1JIs6td49VIoix3qYqELHlJIn46Oih9SAKo+yQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/selector-resolve-nested": "^3.0.0", + "@csstools/selector-specificity": "^5.0.0", + "postcss-selector-parser": "^7.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-nesting/node_modules/@csstools/selector-resolve-nested": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@csstools/selector-resolve-nested/-/selector-resolve-nested-3.0.0.tgz", + "integrity": "sha512-ZoK24Yku6VJU1gS79a5PFmC8yn3wIapiKmPgun0hZgEI5AOqgH2kiPRsPz1qkGv4HL+wuDLH83yQyk6inMYrJQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss-selector-parser": "^7.0.0" + } + }, + "node_modules/postcss-nesting/node_modules/@csstools/selector-specificity": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/@csstools/selector-specificity/-/selector-specificity-5.0.0.tgz", + "integrity": "sha512-PCqQV3c4CoVm3kdPhyeZ07VmBRdH2EpMFA/pd9OASpOEC3aXNGoqPDAZ80D0cLpMBxnmk0+yNhGsEx31hq7Gtw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss-selector-parser": "^7.0.0" + } + }, + "node_modules/postcss-nesting/node_modules/postcss-selector-parser": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.0.0.tgz", + "integrity": "sha512-9RbEr1Y7FFfptd/1eEdntyjMwLeghW1bHX9GWjXo19vx4ytPQhANltvVxDggzJl7mnWM+dX28kb6cyS/4iQjlQ==", + "license": "MIT", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/postcss-normalize-charset": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/postcss-normalize-charset/-/postcss-normalize-charset-6.0.2.tgz", + "integrity": "sha512-a8N9czmdnrjPHa3DeFlwqst5eaL5W8jYu3EBbTTkI5FHkfMhFZh1EGbku6jhHhIzTA6tquI2P42NtZ59M/H/kQ==", + "license": "MIT", + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-normalize-display-values": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/postcss-normalize-display-values/-/postcss-normalize-display-values-6.0.2.tgz", + "integrity": "sha512-8H04Mxsb82ON/aAkPeq8kcBbAtI5Q2a64X/mnRRfPXBq7XeogoQvReqxEfc0B4WPq1KimjezNC8flUtC3Qz6jg==", + "license": "MIT", + "dependencies": { + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-normalize-positions": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/postcss-normalize-positions/-/postcss-normalize-positions-6.0.2.tgz", + "integrity": "sha512-/JFzI441OAB9O7VnLA+RtSNZvQ0NCFZDOtp6QPFo1iIyawyXg0YI3CYM9HBy1WvwCRHnPep/BvI1+dGPKoXx/Q==", + "license": "MIT", + "dependencies": { + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-normalize-repeat-style": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/postcss-normalize-repeat-style/-/postcss-normalize-repeat-style-6.0.2.tgz", + "integrity": "sha512-YdCgsfHkJ2jEXwR4RR3Tm/iOxSfdRt7jplS6XRh9Js9PyCR/aka/FCb6TuHT2U8gQubbm/mPmF6L7FY9d79VwQ==", + "license": "MIT", + "dependencies": { + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-normalize-string": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/postcss-normalize-string/-/postcss-normalize-string-6.0.2.tgz", + "integrity": "sha512-vQZIivlxlfqqMp4L9PZsFE4YUkWniziKjQWUtsxUiVsSSPelQydwS8Wwcuw0+83ZjPWNTl02oxlIvXsmmG+CiQ==", + "license": "MIT", + "dependencies": { + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-normalize-timing-functions": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/postcss-normalize-timing-functions/-/postcss-normalize-timing-functions-6.0.2.tgz", + "integrity": "sha512-a+YrtMox4TBtId/AEwbA03VcJgtyW4dGBizPl7e88cTFULYsprgHWTbfyjSLyHeBcK/Q9JhXkt2ZXiwaVHoMzA==", + "license": "MIT", + "dependencies": { + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-normalize-unicode": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/postcss-normalize-unicode/-/postcss-normalize-unicode-6.1.0.tgz", + "integrity": "sha512-QVC5TQHsVj33otj8/JD869Ndr5Xcc/+fwRh4HAsFsAeygQQXm+0PySrKbr/8tkDKzW+EVT3QkqZMfFrGiossDg==", + "license": "MIT", + "dependencies": { + "browserslist": "^4.23.0", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-normalize-url": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/postcss-normalize-url/-/postcss-normalize-url-6.0.2.tgz", + "integrity": "sha512-kVNcWhCeKAzZ8B4pv/DnrU1wNh458zBNp8dh4y5hhxih5RZQ12QWMuQrDgPRw3LRl8mN9vOVfHl7uhvHYMoXsQ==", + "license": "MIT", + "dependencies": { + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-normalize-whitespace": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/postcss-normalize-whitespace/-/postcss-normalize-whitespace-6.0.2.tgz", + "integrity": "sha512-sXZ2Nj1icbJOKmdjXVT9pnyHQKiSAyuNQHSgRCUgThn2388Y9cGVDR+E9J9iAYbSbLHI+UUwLVl1Wzco/zgv0Q==", + "license": "MIT", + "dependencies": { + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-opacity-percentage": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/postcss-opacity-percentage/-/postcss-opacity-percentage-3.0.0.tgz", + "integrity": "sha512-K6HGVzyxUxd/VgZdX04DCtdwWJ4NGLG212US4/LA1TLAbHgmAsTWVR86o+gGIbFtnTkfOpb9sCRBx8K7HO66qQ==", + "funding": [ + { + "type": "kofi", + "url": "https://ko-fi.com/mrcgrtz" + }, + { + "type": "liberapay", + "url": "https://liberapay.com/mrcgrtz" + } + ], + "license": "MIT", + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-ordered-values": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/postcss-ordered-values/-/postcss-ordered-values-6.0.2.tgz", + "integrity": "sha512-VRZSOB+JU32RsEAQrO94QPkClGPKJEL/Z9PCBImXMhIeK5KAYo6slP/hBYlLgrCjFxyqvn5VC81tycFEDBLG1Q==", + "license": "MIT", + "dependencies": { + "cssnano-utils": "^4.0.2", + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-overflow-shorthand": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/postcss-overflow-shorthand/-/postcss-overflow-shorthand-6.0.0.tgz", + "integrity": "sha512-BdDl/AbVkDjoTofzDQnwDdm/Ym6oS9KgmO7Gr+LHYjNWJ6ExORe4+3pcLQsLA9gIROMkiGVjjwZNoL/mpXHd5Q==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-page-break": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/postcss-page-break/-/postcss-page-break-3.0.4.tgz", + "integrity": "sha512-1JGu8oCjVXLa9q9rFTo4MbeeA5FMe00/9C7lN4va606Rdb+HkxXtXsmEDrIraQ11fGz/WvKWa8gMuCKkrXpTsQ==", + "license": "MIT", + "peerDependencies": { + "postcss": "^8" + } + }, + "node_modules/postcss-place": { + "version": "10.0.0", + "resolved": "https://registry.npmjs.org/postcss-place/-/postcss-place-10.0.0.tgz", + "integrity": "sha512-5EBrMzat2pPAxQNWYavwAfoKfYcTADJ8AXGVPcUZ2UkNloUTWzJQExgrzrDkh3EKzmAx1evfTAzF9I8NGcc+qw==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-preset-env": { + "version": "10.1.1", + "resolved": "https://registry.npmjs.org/postcss-preset-env/-/postcss-preset-env-10.1.1.tgz", + "integrity": "sha512-wqqsnBFD6VIwcHHRbhjTOcOi4qRVlB26RwSr0ordPj7OubRRxdWebv/aLjKLRR8zkZrbxZyuus03nOIgC5elMQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "@csstools/postcss-cascade-layers": "^5.0.1", + "@csstools/postcss-color-function": "^4.0.6", + "@csstools/postcss-color-mix-function": "^3.0.6", + "@csstools/postcss-content-alt-text": "^2.0.4", + "@csstools/postcss-exponential-functions": "^2.0.5", + "@csstools/postcss-font-format-keywords": "^4.0.0", + "@csstools/postcss-gamut-mapping": "^2.0.6", + "@csstools/postcss-gradients-interpolation-method": "^5.0.6", + "@csstools/postcss-hwb-function": "^4.0.6", + "@csstools/postcss-ic-unit": "^4.0.0", + "@csstools/postcss-initial": "^2.0.0", + "@csstools/postcss-is-pseudo-class": "^5.0.1", + "@csstools/postcss-light-dark-function": "^2.0.7", + "@csstools/postcss-logical-float-and-clear": "^3.0.0", + "@csstools/postcss-logical-overflow": "^2.0.0", + "@csstools/postcss-logical-overscroll-behavior": "^2.0.0", + "@csstools/postcss-logical-resize": "^3.0.0", + "@csstools/postcss-logical-viewport-units": "^3.0.3", + "@csstools/postcss-media-minmax": "^2.0.5", + "@csstools/postcss-media-queries-aspect-ratio-number-values": "^3.0.4", + "@csstools/postcss-nested-calc": "^4.0.0", + "@csstools/postcss-normalize-display-values": "^4.0.0", + "@csstools/postcss-oklab-function": "^4.0.6", + "@csstools/postcss-progressive-custom-properties": "^4.0.0", + "@csstools/postcss-random-function": "^1.0.1", + "@csstools/postcss-relative-color-syntax": "^3.0.6", + "@csstools/postcss-scope-pseudo-class": "^4.0.1", + "@csstools/postcss-sign-functions": "^1.1.0", + "@csstools/postcss-stepped-value-functions": "^4.0.5", + "@csstools/postcss-text-decoration-shorthand": "^4.0.1", + "@csstools/postcss-trigonometric-functions": "^4.0.5", + "@csstools/postcss-unset-value": "^4.0.0", + "autoprefixer": "^10.4.19", + "browserslist": "^4.23.1", + "css-blank-pseudo": "^7.0.1", + "css-has-pseudo": "^7.0.1", + "css-prefers-color-scheme": "^10.0.0", + "cssdb": "^8.2.1", + "postcss-attribute-case-insensitive": "^7.0.1", + "postcss-clamp": "^4.1.0", + "postcss-color-functional-notation": "^7.0.6", + "postcss-color-hex-alpha": "^10.0.0", + "postcss-color-rebeccapurple": "^10.0.0", + "postcss-custom-media": "^11.0.5", + "postcss-custom-properties": "^14.0.4", + "postcss-custom-selectors": "^8.0.4", + "postcss-dir-pseudo-class": "^9.0.1", + "postcss-double-position-gradients": "^6.0.0", + "postcss-focus-visible": "^10.0.1", + "postcss-focus-within": "^9.0.1", + "postcss-font-variant": "^5.0.0", + "postcss-gap-properties": "^6.0.0", + "postcss-image-set-function": "^7.0.0", + "postcss-lab-function": "^7.0.6", + "postcss-logical": "^8.0.0", + "postcss-nesting": "^13.0.1", + "postcss-opacity-percentage": "^3.0.0", + "postcss-overflow-shorthand": "^6.0.0", + "postcss-page-break": "^3.0.4", + "postcss-place": "^10.0.0", + "postcss-pseudo-class-any-link": "^10.0.1", + "postcss-replace-overflow-wrap": "^4.0.0", + "postcss-selector-not": "^8.0.1" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-pseudo-class-any-link": { + "version": "10.0.1", + "resolved": "https://registry.npmjs.org/postcss-pseudo-class-any-link/-/postcss-pseudo-class-any-link-10.0.1.tgz", + "integrity": "sha512-3el9rXlBOqTFaMFkWDOkHUTQekFIYnaQY55Rsp8As8QQkpiSgIYEcF/6Ond93oHiDsGb4kad8zjt+NPlOC1H0Q==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT-0", + "dependencies": { + "postcss-selector-parser": "^7.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-pseudo-class-any-link/node_modules/postcss-selector-parser": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.0.0.tgz", + "integrity": "sha512-9RbEr1Y7FFfptd/1eEdntyjMwLeghW1bHX9GWjXo19vx4ytPQhANltvVxDggzJl7mnWM+dX28kb6cyS/4iQjlQ==", + "license": "MIT", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/postcss-reduce-idents": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/postcss-reduce-idents/-/postcss-reduce-idents-6.0.3.tgz", + "integrity": "sha512-G3yCqZDpsNPoQgbDUy3T0E6hqOQ5xigUtBQyrmq3tn2GxlyiL0yyl7H+T8ulQR6kOcHJ9t7/9H4/R2tv8tJbMA==", + "license": "MIT", + "dependencies": { + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-reduce-initial": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/postcss-reduce-initial/-/postcss-reduce-initial-6.1.0.tgz", + "integrity": "sha512-RarLgBK/CrL1qZags04oKbVbrrVK2wcxhvta3GCxrZO4zveibqbRPmm2VI8sSgCXwoUHEliRSbOfpR0b/VIoiw==", + "license": "MIT", + "dependencies": { + "browserslist": "^4.23.0", + "caniuse-api": "^3.0.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-reduce-transforms": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/postcss-reduce-transforms/-/postcss-reduce-transforms-6.0.2.tgz", + "integrity": "sha512-sB+Ya++3Xj1WaT9+5LOOdirAxP7dJZms3GRcYheSPi1PiTMigsxHAdkrbItHxwYHr4kt1zL7mmcHstgMYT+aiA==", + "license": "MIT", + "dependencies": { + "postcss-value-parser": "^4.2.0" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-replace-overflow-wrap": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/postcss-replace-overflow-wrap/-/postcss-replace-overflow-wrap-4.0.0.tgz", + "integrity": "sha512-KmF7SBPphT4gPPcKZc7aDkweHiKEEO8cla/GjcBK+ckKxiZslIu3C4GCRW3DNfL0o7yW7kMQu9xlZ1kXRXLXtw==", + "license": "MIT", + "peerDependencies": { + "postcss": "^8.0.3" + } + }, + "node_modules/postcss-selector-not": { + "version": "8.0.1", + "resolved": "https://registry.npmjs.org/postcss-selector-not/-/postcss-selector-not-8.0.1.tgz", + "integrity": "sha512-kmVy/5PYVb2UOhy0+LqUYAhKj7DUGDpSWa5LZqlkWJaaAV+dxxsOG3+St0yNLu6vsKD7Dmqx+nWQt0iil89+WA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/csstools" + }, + { + "type": "opencollective", + "url": "https://opencollective.com/csstools" + } + ], + "license": "MIT", + "dependencies": { + "postcss-selector-parser": "^7.0.0" + }, + "engines": { + "node": ">=18" + }, + "peerDependencies": { + "postcss": "^8.4" + } + }, + "node_modules/postcss-selector-not/node_modules/postcss-selector-parser": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.0.0.tgz", + "integrity": "sha512-9RbEr1Y7FFfptd/1eEdntyjMwLeghW1bHX9GWjXo19vx4ytPQhANltvVxDggzJl7mnWM+dX28kb6cyS/4iQjlQ==", + "license": "MIT", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/postcss-selector-parser": { + "version": "6.1.2", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.1.2.tgz", + "integrity": "sha512-Q8qQfPiZ+THO/3ZrOrO0cJJKfpYCagtMUkXbnEfmgUjwXg6z/WBeOyS9APBBPCTSiDV+s4SwQGu8yFsiMRIudg==", + "license": "MIT", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/postcss-sort-media-queries": { + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/postcss-sort-media-queries/-/postcss-sort-media-queries-5.2.0.tgz", + "integrity": "sha512-AZ5fDMLD8SldlAYlvi8NIqo0+Z8xnXU2ia0jxmuhxAU+Lqt9K+AlmLNJ/zWEnE9x+Zx3qL3+1K20ATgNOr3fAA==", + "license": "MIT", + "dependencies": { + "sort-css-media-queries": "2.2.0" + }, + "engines": { + "node": ">=14.0.0" + }, + "peerDependencies": { + "postcss": "^8.4.23" + } + }, + "node_modules/postcss-svgo": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/postcss-svgo/-/postcss-svgo-6.0.3.tgz", + "integrity": "sha512-dlrahRmxP22bX6iKEjOM+c8/1p+81asjKT+V5lrgOH944ryx/OHpclnIbGsKVd3uWOXFLYJwCVf0eEkJGvO96g==", + "license": "MIT", + "dependencies": { + "postcss-value-parser": "^4.2.0", + "svgo": "^3.2.0" + }, + "engines": { + "node": "^14 || ^16 || >= 18" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-unique-selectors": { + "version": "6.0.4", + "resolved": "https://registry.npmjs.org/postcss-unique-selectors/-/postcss-unique-selectors-6.0.4.tgz", + "integrity": "sha512-K38OCaIrO8+PzpArzkLKB42dSARtC2tmG6PvD4b1o1Q2E9Os8jzfWFfSy/rixsHwohtsDdFtAWGjFVFUdwYaMg==", + "license": "MIT", + "dependencies": { + "postcss-selector-parser": "^6.0.16" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-value-parser": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz", + "integrity": "sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ==", + "license": "MIT" + }, + "node_modules/postcss-zindex": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/postcss-zindex/-/postcss-zindex-6.0.2.tgz", + "integrity": "sha512-5BxW9l1evPB/4ZIc+2GobEBoKC+h8gPGCMi+jxsYvd2x0mjq7wazk6DrP71pStqxE9Foxh5TVnonbWpFZzXaYg==", + "license": "MIT", + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/preact": { + "version": "10.24.3", + "resolved": "https://registry.npmjs.org/preact/-/preact-10.24.3.tgz", + "integrity": "sha512-Z2dPnBnMUfyQfSQ+GBdsGa16hz35YmLmtTLhM169uW944hYL6xzTYkJjC07j+Wosz733pMWx0fgON3JNw1jJQA==", + "license": "MIT", + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/preact" + } + }, + "node_modules/pretty-error": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/pretty-error/-/pretty-error-4.0.0.tgz", + "integrity": "sha512-AoJ5YMAcXKYxKhuJGdcvse+Voc6v1RgnsR3nWcYU7q4t6z0Q6T86sv5Zq8VIRbOWWFpvdGE83LtdSMNd+6Y0xw==", + "license": "MIT", + "dependencies": { + "lodash": "^4.17.20", + "renderkid": "^3.0.0" + } + }, + "node_modules/pretty-time": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/pretty-time/-/pretty-time-1.1.0.tgz", + "integrity": "sha512-28iF6xPQrP8Oa6uxE6a1biz+lWeTOAPKggvjB8HAs6nVMKZwf5bG++632Dx614hIWgUPkgivRfG+a8uAXGTIbA==", + "license": "MIT", + "engines": { + "node": ">=4" + } + }, + "node_modules/prism-react-renderer": { + "version": "2.4.0", + "resolved": "https://registry.npmjs.org/prism-react-renderer/-/prism-react-renderer-2.4.0.tgz", + "integrity": "sha512-327BsVCD/unU4CNLZTWVHyUHKnsqcvj2qbPlQ8MiBE2eq2rgctjigPA1Gp9HLF83kZ20zNN6jgizHJeEsyFYOw==", + "license": "MIT", + "dependencies": { + "@types/prismjs": "^1.26.0", + "clsx": "^2.0.0" + }, + "peerDependencies": { + "react": ">=16.0.0" + } + }, + "node_modules/prismjs": { + "version": "1.29.0", + "resolved": "https://registry.npmjs.org/prismjs/-/prismjs-1.29.0.tgz", + "integrity": "sha512-Kx/1w86q/epKcmte75LNrEoT+lX8pBpavuAbvJWRXar7Hz8jrtF+e3vY751p0R8H9HdArwaCTNDDzHg/ScJK1Q==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/process-nextick-args": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz", + "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==", + "license": "MIT" + }, + "node_modules/prompts": { + "version": "2.4.2", + "resolved": "https://registry.npmjs.org/prompts/-/prompts-2.4.2.tgz", + "integrity": "sha512-NxNv/kLguCA7p3jE8oL2aEBsrJWgAakBpgmgK6lpPWV+WuOmY6r2/zbAVnP+T8bQlA0nzHXSJSJW0Hq7ylaD2Q==", + "license": "MIT", + "dependencies": { + "kleur": "^3.0.3", + "sisteransi": "^1.0.5" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/prop-types": { + "version": "15.8.1", + "resolved": "https://registry.npmjs.org/prop-types/-/prop-types-15.8.1.tgz", + "integrity": "sha512-oj87CgZICdulUohogVAR7AjlC0327U4el4L6eAvOqCeudMDVU0NThNaV+b9Df4dXgSP1gXMTnPdhfe/2qDH5cg==", + "license": "MIT", + "dependencies": { + "loose-envify": "^1.4.0", + "object-assign": "^4.1.1", + "react-is": "^16.13.1" + } + }, + "node_modules/property-information": { + "version": "6.5.0", + "resolved": "https://registry.npmjs.org/property-information/-/property-information-6.5.0.tgz", + "integrity": "sha512-PgTgs/BlvHxOu8QuEN7wi5A0OmXaBcHpmCSTehcs6Uuu9IkDIEo13Hy7n898RHfrQ49vKCoGeWZSaAK01nwVig==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/proto-list": { + "version": "1.2.4", + "resolved": "https://registry.npmjs.org/proto-list/-/proto-list-1.2.4.tgz", + "integrity": "sha512-vtK/94akxsTMhe0/cbfpR+syPuszcuwhqVjJq26CuNDgFGj682oRBXOP5MJpv2r7JtE8MsiepGIqvvOTBwn2vA==", + "license": "ISC" + }, + "node_modules/proxy-addr": { + "version": "2.0.7", + "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", + "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==", + "license": "MIT", + "dependencies": { + "forwarded": "0.2.0", + "ipaddr.js": "1.9.1" + }, + "engines": { + "node": ">= 0.10" + } + }, + "node_modules/proxy-addr/node_modules/ipaddr.js": { + "version": "1.9.1", + "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", + "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==", + "license": "MIT", + "engines": { + "node": ">= 0.10" + } + }, + "node_modules/punycode": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz", + "integrity": "sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/pupa": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/pupa/-/pupa-3.1.0.tgz", + "integrity": "sha512-FLpr4flz5xZTSJxSeaheeMKN/EDzMdK7b8PTOC6a5PYFKTucWbdqjgqaEyH0shFiSJrVB1+Qqi4Tk19ccU6Aug==", + "license": "MIT", + "dependencies": { + "escape-goat": "^4.0.0" + }, + "engines": { + "node": ">=12.20" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/qs": { + "version": "6.13.0", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.13.0.tgz", + "integrity": "sha512-+38qI9SOr8tfZ4QmJNplMUxqjbe7LKvvZgWdExBOmd+egZTtjLB67Gu0HRX3u/XOq7UU2Nx6nsjvS16Z9uwfpg==", + "license": "BSD-3-Clause", + "dependencies": { + "side-channel": "^1.0.6" + }, + "engines": { + "node": ">=0.6" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/queue": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/queue/-/queue-6.0.2.tgz", + "integrity": "sha512-iHZWu+q3IdFZFX36ro/lKBkSvfkztY5Y7HMiPlOUjhupPcG2JMfst2KKEpu5XndviX/3UhFbRngUPNKtgvtZiA==", + "license": "MIT", + "dependencies": { + "inherits": "~2.0.3" + } + }, + "node_modules/queue-microtask": { + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", + "integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "license": "MIT" + }, + "node_modules/quick-lru": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/quick-lru/-/quick-lru-5.1.1.tgz", + "integrity": "sha512-WuyALRjWPDGtt/wzJiadO5AXY+8hZ80hVpe6MyivgraREW751X3SbhRvG3eLKOYN+8VEvqLcf3wdnt44Z4S4SA==", + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/randombytes": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", + "integrity": "sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==", + "license": "MIT", + "dependencies": { + "safe-buffer": "^5.1.0" + } + }, + "node_modules/range-parser": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.0.tgz", + "integrity": "sha512-kA5WQoNVo4t9lNx2kQNFCxKeBl5IbbSNBl1M/tLkw9WCn+hxNBAW5Qh8gdhs63CJnhjJ2zQWFoqPJP2sK1AV5A==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/raw-body": { + "version": "2.5.2", + "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz", + "integrity": "sha512-8zGqypfENjCIqGhgXToC8aB2r7YrBX+AQAfIPs/Mlk+BtPTztOvTS01NRW/3Eh60J+a48lt8qsCzirQ6loCVfA==", + "license": "MIT", + "dependencies": { + "bytes": "3.1.2", + "http-errors": "2.0.0", + "iconv-lite": "0.4.24", + "unpipe": "1.0.0" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/raw-body/node_modules/bytes": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", + "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/raw-body/node_modules/iconv-lite": { + "version": "0.4.24", + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", + "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==", + "license": "MIT", + "dependencies": { + "safer-buffer": ">= 2.1.2 < 3" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/rc": { + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/rc/-/rc-1.2.8.tgz", + "integrity": "sha512-y3bGgqKj3QBdxLbLkomlohkvsA8gdAiUQlSBJnBhfn+BPxg4bc62d8TcBW15wavDfgexCgccckhcZvywyQYPOw==", + "license": "(BSD-2-Clause OR MIT OR Apache-2.0)", + "dependencies": { + "deep-extend": "^0.6.0", + "ini": "~1.3.0", + "minimist": "^1.2.0", + "strip-json-comments": "~2.0.1" + }, + "bin": { + "rc": "cli.js" + } + }, + "node_modules/rc/node_modules/strip-json-comments": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-2.0.1.tgz", + "integrity": "sha512-4gB8na07fecVVkOI6Rs4e7T6NOTki5EmL7TUduTs6bu3EdnSycntVJ4re8kgZA+wx9IueI2Y11bfbgwtzuE0KQ==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/react": { + "version": "18.3.1", + "resolved": "https://registry.npmjs.org/react/-/react-18.3.1.tgz", + "integrity": "sha512-wS+hAgJShR0KhEvPJArfuPVN1+Hz1t0Y6n5jLrGQbkb4urgPE/0Rve+1kMB1v/oWgHgm4WIcV+i7F2pTVj+2iQ==", + "license": "MIT", + "dependencies": { + "loose-envify": "^1.1.0" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/react-dev-utils": { + "version": "12.0.1", + "resolved": "https://registry.npmjs.org/react-dev-utils/-/react-dev-utils-12.0.1.tgz", + "integrity": "sha512-84Ivxmr17KjUupyqzFode6xKhjwuEJDROWKJy/BthkL7Wn6NJ8h4WE6k/exAv6ImS+0oZLRRW5j/aINMHyeGeQ==", + "license": "MIT", + "dependencies": { + "@babel/code-frame": "^7.16.0", + "address": "^1.1.2", + "browserslist": "^4.18.1", + "chalk": "^4.1.2", + "cross-spawn": "^7.0.3", + "detect-port-alt": "^1.1.6", + "escape-string-regexp": "^4.0.0", + "filesize": "^8.0.6", + "find-up": "^5.0.0", + "fork-ts-checker-webpack-plugin": "^6.5.0", + "global-modules": "^2.0.0", + "globby": "^11.0.4", + "gzip-size": "^6.0.0", + "immer": "^9.0.7", + "is-root": "^2.1.0", + "loader-utils": "^3.2.0", + "open": "^8.4.0", + "pkg-up": "^3.1.0", + "prompts": "^2.4.2", + "react-error-overlay": "^6.0.11", + "recursive-readdir": "^2.2.2", + "shell-quote": "^1.7.3", + "strip-ansi": "^6.0.1", + "text-table": "^0.2.0" + }, + "engines": { + "node": ">=14" + } + }, + "node_modules/react-dev-utils/node_modules/find-up": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", + "integrity": "sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==", + "license": "MIT", + "dependencies": { + "locate-path": "^6.0.0", + "path-exists": "^4.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/react-dev-utils/node_modules/loader-utils": { + "version": "3.3.1", + "resolved": "https://registry.npmjs.org/loader-utils/-/loader-utils-3.3.1.tgz", + "integrity": "sha512-FMJTLMXfCLMLfJxcX9PFqX5qD88Z5MRGaZCVzfuqeZSPsyiBzs+pahDQjbIWz2QIzPZz0NX9Zy4FX3lmK6YHIg==", + "license": "MIT", + "engines": { + "node": ">= 12.13.0" + } + }, + "node_modules/react-dev-utils/node_modules/locate-path": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", + "integrity": "sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==", + "license": "MIT", + "dependencies": { + "p-locate": "^5.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/react-dev-utils/node_modules/p-limit": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", + "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==", + "license": "MIT", + "dependencies": { + "yocto-queue": "^0.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/react-dev-utils/node_modules/p-locate": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", + "integrity": "sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==", + "license": "MIT", + "dependencies": { + "p-limit": "^3.0.2" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/react-dev-utils/node_modules/path-exists": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", + "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/react-dev-utils/node_modules/yocto-queue": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", + "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==", + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/react-dom": { + "version": "18.3.1", + "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-18.3.1.tgz", + "integrity": "sha512-5m4nQKp+rZRb09LNH59GM4BxTh9251/ylbKIbpe7TpGxfJ+9kv6BLkLBXIjjspbgbnIBNqlI23tRnTWT0snUIw==", + "license": "MIT", + "dependencies": { + "loose-envify": "^1.1.0", + "scheduler": "^0.23.2" + }, + "peerDependencies": { + "react": "^18.3.1" + } + }, + "node_modules/react-error-overlay": { + "version": "6.0.11", + "resolved": "https://registry.npmjs.org/react-error-overlay/-/react-error-overlay-6.0.11.tgz", + "integrity": "sha512-/6UZ2qgEyH2aqzYZgQPxEnz33NJ2gNsnHA2o5+o4wW9bLM/JYQitNP9xPhsXwC08hMMovfGe/8retsdDsczPRg==", + "license": "MIT" + }, + "node_modules/react-fast-compare": { + "version": "3.2.2", + "resolved": "https://registry.npmjs.org/react-fast-compare/-/react-fast-compare-3.2.2.tgz", + "integrity": "sha512-nsO+KSNgo1SbJqJEYRE9ERzo7YtYbou/OqjSQKxV7jcKox7+usiUVZOAC+XnDOABXggQTno0Y1CpVnuWEc1boQ==", + "license": "MIT" + }, + "node_modules/react-helmet-async": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/react-helmet-async/-/react-helmet-async-1.3.0.tgz", + "integrity": "sha512-9jZ57/dAn9t3q6hneQS0wukqC2ENOBgMNVEhb/ZG9ZSxUetzVIw4iAmEU38IaVg3QGYauQPhSeUTuIUtFglWpg==", + "license": "Apache-2.0", + "dependencies": { + "@babel/runtime": "^7.12.5", + "invariant": "^2.2.4", + "prop-types": "^15.7.2", + "react-fast-compare": "^3.2.0", + "shallowequal": "^1.1.0" + }, + "peerDependencies": { + "react": "^16.6.0 || ^17.0.0 || ^18.0.0", + "react-dom": "^16.6.0 || ^17.0.0 || ^18.0.0" + } + }, + "node_modules/react-is": { + "version": "16.13.1", + "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz", + "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==", + "license": "MIT" + }, + "node_modules/react-json-view-lite": { + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/react-json-view-lite/-/react-json-view-lite-1.5.0.tgz", + "integrity": "sha512-nWqA1E4jKPklL2jvHWs6s+7Na0qNgw9HCP6xehdQJeg6nPBTFZgGwyko9Q0oj+jQWKTTVRS30u0toM5wiuL3iw==", + "license": "MIT", + "engines": { + "node": ">=14" + }, + "peerDependencies": { + "react": "^16.13.1 || ^17.0.0 || ^18.0.0" + } + }, + "node_modules/react-loadable": { + "name": "@docusaurus/react-loadable", + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/@docusaurus/react-loadable/-/react-loadable-6.0.0.tgz", + "integrity": "sha512-YMMxTUQV/QFSnbgrP3tjDzLHRg7vsbMn8e9HAa8o/1iXoiomo48b7sk/kkmWEuWNDPJVlKSJRB6Y2fHqdJk+SQ==", + "license": "MIT", + "dependencies": { + "@types/react": "*" + }, + "peerDependencies": { + "react": "*" + } + }, + "node_modules/react-loadable-ssr-addon-v5-slorber": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/react-loadable-ssr-addon-v5-slorber/-/react-loadable-ssr-addon-v5-slorber-1.0.1.tgz", + "integrity": "sha512-lq3Lyw1lGku8zUEJPDxsNm1AfYHBrO9Y1+olAYwpUJ2IGFBskM0DMKok97A6LWUpHm+o7IvQBOWu9MLenp9Z+A==", + "license": "MIT", + "dependencies": { + "@babel/runtime": "^7.10.3" + }, + "engines": { + "node": ">=10.13.0" + }, + "peerDependencies": { + "react-loadable": "*", + "webpack": ">=4.41.1 || 5.x" + } + }, + "node_modules/react-router": { + "version": "5.3.4", + "resolved": "https://registry.npmjs.org/react-router/-/react-router-5.3.4.tgz", + "integrity": "sha512-Ys9K+ppnJah3QuaRiLxk+jDWOR1MekYQrlytiXxC1RyfbdsZkS5pvKAzCCr031xHixZwpnsYNT5xysdFHQaYsA==", + "license": "MIT", + "dependencies": { + "@babel/runtime": "^7.12.13", + "history": "^4.9.0", + "hoist-non-react-statics": "^3.1.0", + "loose-envify": "^1.3.1", + "path-to-regexp": "^1.7.0", + "prop-types": "^15.6.2", + "react-is": "^16.6.0", + "tiny-invariant": "^1.0.2", + "tiny-warning": "^1.0.0" + }, + "peerDependencies": { + "react": ">=15" + } + }, + "node_modules/react-router-config": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/react-router-config/-/react-router-config-5.1.1.tgz", + "integrity": "sha512-DuanZjaD8mQp1ppHjgnnUnyOlqYXZVjnov/JzFhjLEwd3Z4dYjMSnqrEzzGThH47vpCOqPPwJM2FtthLeJ8Pbg==", + "license": "MIT", + "dependencies": { + "@babel/runtime": "^7.1.2" + }, + "peerDependencies": { + "react": ">=15", + "react-router": ">=5" + } + }, + "node_modules/react-router-dom": { + "version": "5.3.4", + "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-5.3.4.tgz", + "integrity": "sha512-m4EqFMHv/Ih4kpcBCONHbkT68KoAeHN4p3lAGoNryfHi0dMy0kCzEZakiKRsvg5wHZ/JLrLW8o8KomWiz/qbYQ==", + "license": "MIT", + "dependencies": { + "@babel/runtime": "^7.12.13", + "history": "^4.9.0", + "loose-envify": "^1.3.1", + "prop-types": "^15.6.2", + "react-router": "5.3.4", + "tiny-invariant": "^1.0.2", + "tiny-warning": "^1.0.0" + }, + "peerDependencies": { + "react": ">=15" + } + }, + "node_modules/readable-stream": { + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz", + "integrity": "sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==", + "license": "MIT", + "dependencies": { + "inherits": "^2.0.3", + "string_decoder": "^1.1.1", + "util-deprecate": "^1.0.1" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/readdirp": { + "version": "3.6.0", + "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", + "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==", + "license": "MIT", + "dependencies": { + "picomatch": "^2.2.1" + }, + "engines": { + "node": ">=8.10.0" + } + }, + "node_modules/reading-time": { + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/reading-time/-/reading-time-1.5.0.tgz", + "integrity": "sha512-onYyVhBNr4CmAxFsKS7bz+uTLRakypIe4R+5A824vBSkQy/hB3fZepoVEf8OVAxzLvK+H/jm9TzpI3ETSm64Kg==", + "license": "MIT" + }, + "node_modules/rechoir": { + "version": "0.6.2", + "resolved": "https://registry.npmjs.org/rechoir/-/rechoir-0.6.2.tgz", + "integrity": "sha512-HFM8rkZ+i3zrV+4LQjwQ0W+ez98pApMGM3HUrN04j3CqzPOzl9nmP15Y8YXNm8QHGv/eacOVEjqhmWpkRV0NAw==", + "dependencies": { + "resolve": "^1.1.6" + }, + "engines": { + "node": ">= 0.10" + } + }, + "node_modules/recma-build-jsx": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/recma-build-jsx/-/recma-build-jsx-1.0.0.tgz", + "integrity": "sha512-8GtdyqaBcDfva+GUKDr3nev3VpKAhup1+RvkMvUxURHpW7QyIvk9F5wz7Vzo06CEMSilw6uArgRqhpiUcWp8ew==", + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0", + "estree-util-build-jsx": "^3.0.0", + "vfile": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/recma-jsx": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/recma-jsx/-/recma-jsx-1.0.0.tgz", + "integrity": "sha512-5vwkv65qWwYxg+Atz95acp8DMu1JDSqdGkA2Of1j6rCreyFUE/gp15fC8MnGEuG1W68UKjM6x6+YTWIh7hZM/Q==", + "license": "MIT", + "dependencies": { + "acorn-jsx": "^5.0.0", + "estree-util-to-js": "^2.0.0", + "recma-parse": "^1.0.0", + "recma-stringify": "^1.0.0", + "unified": "^11.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/recma-parse": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/recma-parse/-/recma-parse-1.0.0.tgz", + "integrity": "sha512-OYLsIGBB5Y5wjnSnQW6t3Xg7q3fQ7FWbw/vcXtORTnyaSFscOtABg+7Pnz6YZ6c27fG1/aN8CjfwoUEUIdwqWQ==", + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0", + "esast-util-from-js": "^2.0.0", + "unified": "^11.0.0", + "vfile": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/recma-stringify": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/recma-stringify/-/recma-stringify-1.0.0.tgz", + "integrity": "sha512-cjwII1MdIIVloKvC9ErQ+OgAtwHBmcZ0Bg4ciz78FtbT8In39aAYbaA7zvxQ61xVMSPE8WxhLwLbhif4Js2C+g==", + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0", + "estree-util-to-js": "^2.0.0", + "unified": "^11.0.0", + "vfile": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/recursive-readdir": { + "version": "2.2.3", + "resolved": "https://registry.npmjs.org/recursive-readdir/-/recursive-readdir-2.2.3.tgz", + "integrity": "sha512-8HrF5ZsXk5FAH9dgsx3BlUer73nIhuj+9OrQwEbLTPOBzGkL1lsFCR01am+v+0m2Cmbs1nP12hLDl5FA7EszKA==", + "license": "MIT", + "dependencies": { + "minimatch": "^3.0.5" + }, + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/regenerate": { + "version": "1.4.2", + "resolved": "https://registry.npmjs.org/regenerate/-/regenerate-1.4.2.tgz", + "integrity": "sha512-zrceR/XhGYU/d/opr2EKO7aRHUeiBI8qjtfHqADTwZd6Szfy16la6kqD0MIUs5z5hx6AaKa+PixpPrR289+I0A==", + "license": "MIT" + }, + "node_modules/regenerate-unicode-properties": { + "version": "10.2.0", + "resolved": "https://registry.npmjs.org/regenerate-unicode-properties/-/regenerate-unicode-properties-10.2.0.tgz", + "integrity": "sha512-DqHn3DwbmmPVzeKj9woBadqmXxLvQoQIwu7nopMc72ztvxVmVk2SBhSnx67zuye5TP+lJsb/TBQsjLKhnDf3MA==", + "license": "MIT", + "dependencies": { + "regenerate": "^1.4.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/regenerator-runtime": { + "version": "0.14.1", + "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.14.1.tgz", + "integrity": "sha512-dYnhHh0nJoMfnkZs6GmmhFknAGRrLznOu5nc9ML+EJxGvrx6H7teuevqVqCuPcPK//3eDrrjQhehXVx9cnkGdw==", + "license": "MIT" + }, + "node_modules/regenerator-transform": { + "version": "0.15.2", + "resolved": "https://registry.npmjs.org/regenerator-transform/-/regenerator-transform-0.15.2.tgz", + "integrity": "sha512-hfMp2BoF0qOk3uc5V20ALGDS2ddjQaLrdl7xrGXvAIow7qeWRM2VA2HuCHkUKk9slq3VwEwLNK3DFBqDfPGYtg==", + "license": "MIT", + "dependencies": { + "@babel/runtime": "^7.8.4" + } + }, + "node_modules/regexpu-core": { + "version": "6.1.1", + "resolved": "https://registry.npmjs.org/regexpu-core/-/regexpu-core-6.1.1.tgz", + "integrity": "sha512-k67Nb9jvwJcJmVpw0jPttR1/zVfnKf8Km0IPatrU/zJ5XeG3+Slx0xLXs9HByJSzXzrlz5EDvN6yLNMDc2qdnw==", + "license": "MIT", + "dependencies": { + "regenerate": "^1.4.2", + "regenerate-unicode-properties": "^10.2.0", + "regjsgen": "^0.8.0", + "regjsparser": "^0.11.0", + "unicode-match-property-ecmascript": "^2.0.0", + "unicode-match-property-value-ecmascript": "^2.1.0" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/registry-auth-token": { + "version": "5.0.2", + "resolved": "https://registry.npmjs.org/registry-auth-token/-/registry-auth-token-5.0.2.tgz", + "integrity": "sha512-o/3ikDxtXaA59BmZuZrJZDJv8NMDGSj+6j6XaeBmHw8eY1i1qd9+6H+LjVvQXx3HN6aRCGa1cUdJ9RaJZUugnQ==", + "license": "MIT", + "dependencies": { + "@pnpm/npm-conf": "^2.1.0" + }, + "engines": { + "node": ">=14" + } + }, + "node_modules/registry-url": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/registry-url/-/registry-url-6.0.1.tgz", + "integrity": "sha512-+crtS5QjFRqFCoQmvGduwYWEBng99ZvmFvF+cUJkGYF1L1BfU8C6Zp9T7f5vPAwyLkUExpvK+ANVZmGU49qi4Q==", + "license": "MIT", + "dependencies": { + "rc": "1.2.8" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/regjsgen": { + "version": "0.8.0", + "resolved": "https://registry.npmjs.org/regjsgen/-/regjsgen-0.8.0.tgz", + "integrity": "sha512-RvwtGe3d7LvWiDQXeQw8p5asZUmfU1G/l6WbUXeHta7Y2PEIvBTwH6E2EfmYUK8pxcxEdEmaomqyp0vZZ7C+3Q==", + "license": "MIT" + }, + "node_modules/regjsparser": { + "version": "0.11.2", + "resolved": "https://registry.npmjs.org/regjsparser/-/regjsparser-0.11.2.tgz", + "integrity": "sha512-3OGZZ4HoLJkkAZx/48mTXJNlmqTGOzc0o9OWQPuWpkOlXXPbyN6OafCcoXUnBqE2D3f/T5L+pWc1kdEmnfnRsA==", + "license": "BSD-2-Clause", + "dependencies": { + "jsesc": "~3.0.2" + }, + "bin": { + "regjsparser": "bin/parser" + } + }, + "node_modules/rehype-raw": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/rehype-raw/-/rehype-raw-7.0.0.tgz", + "integrity": "sha512-/aE8hCfKlQeA8LmyeyQvQF3eBiLRGNlfBJEvWH7ivp9sBqs7TNqBL5X3v157rM4IFETqDnIOO+z5M/biZbo9Ww==", + "license": "MIT", + "dependencies": { + "@types/hast": "^3.0.0", + "hast-util-raw": "^9.0.0", + "vfile": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/rehype-recma": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/rehype-recma/-/rehype-recma-1.0.0.tgz", + "integrity": "sha512-lqA4rGUf1JmacCNWWZx0Wv1dHqMwxzsDWYMTowuplHF3xH0N/MmrZ/G3BDZnzAkRmxDadujCjaKM2hqYdCBOGw==", + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0", + "@types/hast": "^3.0.0", + "hast-util-to-estree": "^3.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/relateurl": { + "version": "0.2.7", + "resolved": "https://registry.npmjs.org/relateurl/-/relateurl-0.2.7.tgz", + "integrity": "sha512-G08Dxvm4iDN3MLM0EsP62EDV9IuhXPR6blNz6Utcp7zyV3tr4HVNINt6MpaRWbxoOHT3Q7YN2P+jaHX8vUbgog==", + "license": "MIT", + "engines": { + "node": ">= 0.10" + } + }, + "node_modules/remark-directive": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/remark-directive/-/remark-directive-3.0.0.tgz", + "integrity": "sha512-l1UyWJ6Eg1VPU7Hm/9tt0zKtReJQNOA4+iDMAxTyZNWnJnFlbS/7zhiel/rogTLQ2vMYwDzSJa4BiVNqGlqIMA==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "mdast-util-directive": "^3.0.0", + "micromark-extension-directive": "^3.0.0", + "unified": "^11.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/remark-emoji": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/remark-emoji/-/remark-emoji-4.0.1.tgz", + "integrity": "sha512-fHdvsTR1dHkWKev9eNyhTo4EFwbUvJ8ka9SgeWkMPYFX4WoI7ViVBms3PjlQYgw5TLvNQso3GUB/b/8t3yo+dg==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.2", + "emoticon": "^4.0.1", + "mdast-util-find-and-replace": "^3.0.1", + "node-emoji": "^2.1.0", + "unified": "^11.0.4" + }, + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + } + }, + "node_modules/remark-frontmatter": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/remark-frontmatter/-/remark-frontmatter-5.0.0.tgz", + "integrity": "sha512-XTFYvNASMe5iPN0719nPrdItC9aU0ssC4v14mH1BCi1u0n1gAocqcujWUrByftZTbLhRtiKRyjYTSIOcr69UVQ==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "mdast-util-frontmatter": "^2.0.0", + "micromark-extension-frontmatter": "^2.0.0", + "unified": "^11.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/remark-gfm": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/remark-gfm/-/remark-gfm-4.0.0.tgz", + "integrity": "sha512-U92vJgBPkbw4Zfu/IiW2oTZLSL3Zpv+uI7My2eq8JxKgqraFdU8YUGicEJCEgSbeaG+QDFqIcwwfMTOEelPxuA==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "mdast-util-gfm": "^3.0.0", + "micromark-extension-gfm": "^3.0.0", + "remark-parse": "^11.0.0", + "remark-stringify": "^11.0.0", + "unified": "^11.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/remark-mdx": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/remark-mdx/-/remark-mdx-3.1.0.tgz", + "integrity": "sha512-Ngl/H3YXyBV9RcRNdlYsZujAmhsxwzxpDzpDEhFBVAGthS4GDgnctpDjgFl/ULx5UEDzqtW1cyBSNKqYYrqLBA==", + "license": "MIT", + "dependencies": { + "mdast-util-mdx": "^3.0.0", + "micromark-extension-mdxjs": "^3.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/remark-parse": { + "version": "11.0.0", + "resolved": "https://registry.npmjs.org/remark-parse/-/remark-parse-11.0.0.tgz", + "integrity": "sha512-FCxlKLNGknS5ba/1lmpYijMUzX2esxW5xQqjWxw2eHFfS2MSdaHVINFmhjo+qN1WhZhNimq0dZATN9pH0IDrpA==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "mdast-util-from-markdown": "^2.0.0", + "micromark-util-types": "^2.0.0", + "unified": "^11.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/remark-rehype": { + "version": "11.1.1", + "resolved": "https://registry.npmjs.org/remark-rehype/-/remark-rehype-11.1.1.tgz", + "integrity": "sha512-g/osARvjkBXb6Wo0XvAeXQohVta8i84ACbenPpoSsxTOQH/Ae0/RGP4WZgnMH5pMLpsj4FG7OHmcIcXxpza8eQ==", + "license": "MIT", + "dependencies": { + "@types/hast": "^3.0.0", + "@types/mdast": "^4.0.0", + "mdast-util-to-hast": "^13.0.0", + "unified": "^11.0.0", + "vfile": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/remark-stringify": { + "version": "11.0.0", + "resolved": "https://registry.npmjs.org/remark-stringify/-/remark-stringify-11.0.0.tgz", + "integrity": "sha512-1OSmLd3awB/t8qdoEOMazZkNsfVTeY4fTsgzcQFdXNq8ToTN4ZGwrMnlda4K6smTFKD+GRV6O48i6Z4iKgPPpw==", + "license": "MIT", + "dependencies": { + "@types/mdast": "^4.0.0", + "mdast-util-to-markdown": "^2.0.0", + "unified": "^11.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/renderkid": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/renderkid/-/renderkid-3.0.0.tgz", + "integrity": "sha512-q/7VIQA8lmM1hF+jn+sFSPWGlMkSAeNYcPLmDQx2zzuiDfaLrOmumR8iaUKlenFgh0XRPIUeSPlH3A+AW3Z5pg==", + "license": "MIT", + "dependencies": { + "css-select": "^4.1.3", + "dom-converter": "^0.2.0", + "htmlparser2": "^6.1.0", + "lodash": "^4.17.21", + "strip-ansi": "^6.0.1" + } + }, + "node_modules/renderkid/node_modules/css-select": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/css-select/-/css-select-4.3.0.tgz", + "integrity": "sha512-wPpOYtnsVontu2mODhA19JrqWxNsfdatRKd64kmpRbQgh1KtItko5sTnEpPdpSaJszTOhEMlF/RPz28qj4HqhQ==", + "license": "BSD-2-Clause", + "dependencies": { + "boolbase": "^1.0.0", + "css-what": "^6.0.1", + "domhandler": "^4.3.1", + "domutils": "^2.8.0", + "nth-check": "^2.0.1" + }, + "funding": { + "url": "https://github.com/sponsors/fb55" + } + }, + "node_modules/renderkid/node_modules/dom-serializer": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-1.4.1.tgz", + "integrity": "sha512-VHwB3KfrcOOkelEG2ZOfxqLZdfkil8PtJi4P8N2MMXucZq2yLp75ClViUlOVwyoHEDjYU433Aq+5zWP61+RGag==", + "license": "MIT", + "dependencies": { + "domelementtype": "^2.0.1", + "domhandler": "^4.2.0", + "entities": "^2.0.0" + }, + "funding": { + "url": "https://github.com/cheeriojs/dom-serializer?sponsor=1" + } + }, + "node_modules/renderkid/node_modules/domhandler": { + "version": "4.3.1", + "resolved": "https://registry.npmjs.org/domhandler/-/domhandler-4.3.1.tgz", + "integrity": "sha512-GrwoxYN+uWlzO8uhUXRl0P+kHE4GtVPfYzVLcUxPL7KNdHKj66vvlhiweIHqYYXWlw+T8iLMp42Lm67ghw4WMQ==", + "license": "BSD-2-Clause", + "dependencies": { + "domelementtype": "^2.2.0" + }, + "engines": { + "node": ">= 4" + }, + "funding": { + "url": "https://github.com/fb55/domhandler?sponsor=1" + } + }, + "node_modules/renderkid/node_modules/domutils": { + "version": "2.8.0", + "resolved": "https://registry.npmjs.org/domutils/-/domutils-2.8.0.tgz", + "integrity": "sha512-w96Cjofp72M5IIhpjgobBimYEfoPjx1Vx0BSX9P30WBdZW2WIKU0T1Bd0kz2eNZ9ikjKgHbEyKx8BB6H1L3h3A==", + "license": "BSD-2-Clause", + "dependencies": { + "dom-serializer": "^1.0.1", + "domelementtype": "^2.2.0", + "domhandler": "^4.2.0" + }, + "funding": { + "url": "https://github.com/fb55/domutils?sponsor=1" + } + }, + "node_modules/renderkid/node_modules/entities": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/entities/-/entities-2.2.0.tgz", + "integrity": "sha512-p92if5Nz619I0w+akJrLZH0MX0Pb5DX39XOwQTtXSdQQOaYH03S1uIQp4mhOZtAXrxq4ViO67YTiLBo2638o9A==", + "license": "BSD-2-Clause", + "funding": { + "url": "https://github.com/fb55/entities?sponsor=1" + } + }, + "node_modules/renderkid/node_modules/htmlparser2": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-6.1.0.tgz", + "integrity": "sha512-gyyPk6rgonLFEDGoeRgQNaEUvdJ4ktTmmUh/h2t7s+M8oPpIPxgNACWa+6ESR57kXstwqPiCut0V8NRpcwgU7A==", + "funding": [ + "https://github.com/fb55/htmlparser2?sponsor=1", + { + "type": "github", + "url": "https://github.com/sponsors/fb55" + } + ], + "license": "MIT", + "dependencies": { + "domelementtype": "^2.0.1", + "domhandler": "^4.0.0", + "domutils": "^2.5.2", + "entities": "^2.0.0" + } + }, + "node_modules/repeat-string": { + "version": "1.6.1", + "resolved": "https://registry.npmjs.org/repeat-string/-/repeat-string-1.6.1.tgz", + "integrity": "sha512-PV0dzCYDNfRi1jCDbJzpW7jNNDRuCOG/jI5ctQcGKt/clZD+YcPS3yIlWuTJMmESC8aevCFmWJy5wjAFgNqN6w==", + "license": "MIT", + "engines": { + "node": ">=0.10" + } + }, + "node_modules/require-from-string": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/require-from-string/-/require-from-string-2.0.2.tgz", + "integrity": "sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/require-like": { + "version": "0.1.2", + "resolved": "https://registry.npmjs.org/require-like/-/require-like-0.1.2.tgz", + "integrity": "sha512-oyrU88skkMtDdauHDuKVrgR+zuItqr6/c//FXzvmxRGMexSDc6hNvJInGW3LL46n+8b50RykrvwSUIIQH2LQ5A==", + "engines": { + "node": "*" + } + }, + "node_modules/requires-port": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/requires-port/-/requires-port-1.0.0.tgz", + "integrity": "sha512-KigOCHcocU3XODJxsu8i/j8T9tzT4adHiecwORRQ0ZZFcp7ahwXuRU1m+yuO90C5ZUyGeGfocHDI14M3L3yDAQ==", + "license": "MIT" + }, + "node_modules/resolve": { + "version": "1.22.8", + "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.8.tgz", + "integrity": "sha512-oKWePCxqpd6FlLvGV1VU0x7bkPmmCNolxzjMf4NczoDnQcIWrAF+cPtZn5i6n+RfD2d9i0tzpKnG6Yk168yIyw==", + "license": "MIT", + "dependencies": { + "is-core-module": "^2.13.0", + "path-parse": "^1.0.7", + "supports-preserve-symlinks-flag": "^1.0.0" + }, + "bin": { + "resolve": "bin/resolve" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/resolve-alpn": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/resolve-alpn/-/resolve-alpn-1.2.1.tgz", + "integrity": "sha512-0a1F4l73/ZFZOakJnQ3FvkJ2+gSTQWz/r2KE5OdDY0TxPm5h4GkqkWWfM47T7HsbnOtcJVEF4epCVy6u7Q3K+g==", + "license": "MIT" + }, + "node_modules/resolve-from": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz", + "integrity": "sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g==", + "license": "MIT", + "engines": { + "node": ">=4" + } + }, + "node_modules/resolve-pathname": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/resolve-pathname/-/resolve-pathname-3.0.0.tgz", + "integrity": "sha512-C7rARubxI8bXFNB/hqcp/4iUeIXJhJZvFPFPiSPRnhU5UPxzMFIl+2E6yY6c4k9giDJAhtV+enfA+G89N6Csng==", + "license": "MIT" + }, + "node_modules/responselike": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/responselike/-/responselike-3.0.0.tgz", + "integrity": "sha512-40yHxbNcl2+rzXvZuVkrYohathsSJlMTXKryG5y8uciHv1+xDLHQpgjG64JUO9nrEq2jGLH6IZ8BcZyw3wrweg==", + "license": "MIT", + "dependencies": { + "lowercase-keys": "^3.0.0" + }, + "engines": { + "node": ">=14.16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/retry": { + "version": "0.13.1", + "resolved": "https://registry.npmjs.org/retry/-/retry-0.13.1.tgz", + "integrity": "sha512-XQBQ3I8W1Cge0Seh+6gjj03LbmRFWuoszgK9ooCpwYIrhhoO80pfq4cUkU5DkknwfOfFteRwlZ56PYOGYyFWdg==", + "license": "MIT", + "engines": { + "node": ">= 4" + } + }, + "node_modules/reusify": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz", + "integrity": "sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw==", + "license": "MIT", + "engines": { + "iojs": ">=1.0.0", + "node": ">=0.10.0" + } + }, + "node_modules/rimraf": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz", + "integrity": "sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==", + "deprecated": "Rimraf versions prior to v4 are no longer supported", + "license": "ISC", + "dependencies": { + "glob": "^7.1.3" + }, + "bin": { + "rimraf": "bin.js" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/robust-predicates": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/robust-predicates/-/robust-predicates-3.0.2.tgz", + "integrity": "sha512-IXgzBWvWQwE6PrDI05OvmXUIruQTcoMDzRsOd5CDvHCVLcLHMTSYvOK5Cm46kWqlV3yAbuSpBZdJ5oP5OUoStg==", + "license": "Unlicense" + }, + "node_modules/roughjs": { + "version": "4.6.6", + "resolved": "https://registry.npmjs.org/roughjs/-/roughjs-4.6.6.tgz", + "integrity": "sha512-ZUz/69+SYpFN/g/lUlo2FXcIjRkSu3nDarreVdGGndHEBJ6cXPdKguS8JGxwj5HA5xIbVKSmLgr5b3AWxtRfvQ==", + "license": "MIT", + "dependencies": { + "hachure-fill": "^0.5.2", + "path-data-parser": "^0.1.0", + "points-on-curve": "^0.2.0", + "points-on-path": "^0.2.1" + } + }, + "node_modules/rtl-detect": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/rtl-detect/-/rtl-detect-1.1.2.tgz", + "integrity": "sha512-PGMBq03+TTG/p/cRB7HCLKJ1MgDIi07+QU1faSjiYRfmY5UsAttV9Hs08jDAHVwcOwmVLcSJkpwyfXszVjWfIQ==", + "license": "BSD-3-Clause" + }, + "node_modules/rtlcss": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/rtlcss/-/rtlcss-4.3.0.tgz", + "integrity": "sha512-FI+pHEn7Wc4NqKXMXFM+VAYKEj/mRIcW4h24YVwVtyjI+EqGrLc2Hx/Ny0lrZ21cBWU2goLy36eqMcNj3AQJig==", + "license": "MIT", + "dependencies": { + "escalade": "^3.1.1", + "picocolors": "^1.0.0", + "postcss": "^8.4.21", + "strip-json-comments": "^3.1.1" + }, + "bin": { + "rtlcss": "bin/rtlcss.js" + }, + "engines": { + "node": ">=12.0.0" + } + }, + "node_modules/run-parallel": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", + "integrity": "sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "license": "MIT", + "dependencies": { + "queue-microtask": "^1.2.2" + } + }, + "node_modules/rw": { + "version": "1.3.3", + "resolved": "https://registry.npmjs.org/rw/-/rw-1.3.3.tgz", + "integrity": "sha512-PdhdWy89SiZogBLaw42zdeqtRJ//zFd2PgQavcICDUgJT5oW10QCRKbJ6bg4r0/UY2M6BWd5tkxuGFRvCkgfHQ==", + "license": "BSD-3-Clause" + }, + "node_modules/safe-buffer": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "license": "MIT" + }, + "node_modules/safer-buffer": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", + "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==", + "license": "MIT" + }, + "node_modules/sax": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/sax/-/sax-1.4.1.tgz", + "integrity": "sha512-+aWOz7yVScEGoKNd4PA10LZ8sk0A/z5+nXQG5giUO5rprX9jgYsTdov9qCchZiPIZezbZH+jRut8nPodFAX4Jg==", + "license": "ISC" + }, + "node_modules/scheduler": { + "version": "0.23.2", + "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.23.2.tgz", + "integrity": "sha512-UOShsPwz7NrMUqhR6t0hWjFduvOzbtv7toDH1/hIrfRNIDBnnBWd0CwJTGvTpngVlmwGCdP9/Zl/tVrDqcuYzQ==", + "license": "MIT", + "dependencies": { + "loose-envify": "^1.1.0" + } + }, + "node_modules/schema-utils": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.2.0.tgz", + "integrity": "sha512-L0jRsrPpjdckP3oPug3/VxNKt2trR8TcabrM6FOAAlvC/9Phcmm+cuAgTlxBqdBR1WJx7Naj9WHw+aOmheSVbw==", + "license": "MIT", + "dependencies": { + "@types/json-schema": "^7.0.9", + "ajv": "^8.9.0", + "ajv-formats": "^2.1.1", + "ajv-keywords": "^5.1.0" + }, + "engines": { + "node": ">= 12.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + } + }, + "node_modules/search-insights": { + "version": "2.17.3", + "resolved": "https://registry.npmjs.org/search-insights/-/search-insights-2.17.3.tgz", + "integrity": "sha512-RQPdCYTa8A68uM2jwxoY842xDhvx3E5LFL1LxvxCNMev4o5mLuokczhzjAgGwUZBAmOKZknArSxLKmXtIi2AxQ==", + "license": "MIT", + "peer": true + }, + "node_modules/section-matter": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/section-matter/-/section-matter-1.0.0.tgz", + "integrity": "sha512-vfD3pmTzGpufjScBh50YHKzEu2lxBWhVEHsNGoEXmCmn2hKGfeNLYMzCJpe8cD7gqX7TJluOVpBkAequ6dgMmA==", + "license": "MIT", + "dependencies": { + "extend-shallow": "^2.0.1", + "kind-of": "^6.0.0" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/select-hose": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/select-hose/-/select-hose-2.0.0.tgz", + "integrity": "sha512-mEugaLK+YfkijB4fx0e6kImuJdCIt2LxCRcbEYPqRGCs4F2ogyfZU5IAZRdjCP8JPq2AtdNoC/Dux63d9Kiryg==", + "license": "MIT" + }, + "node_modules/selfsigned": { + "version": "2.4.1", + "resolved": "https://registry.npmjs.org/selfsigned/-/selfsigned-2.4.1.tgz", + "integrity": "sha512-th5B4L2U+eGLq1TVh7zNRGBapioSORUeymIydxgFpwww9d2qyKvtuPU2jJuHvYAwwqi2Y596QBL3eEqcPEYL8Q==", + "license": "MIT", + "dependencies": { + "@types/node-forge": "^1.3.0", + "node-forge": "^1" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/semver": { + "version": "7.6.3", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.3.tgz", + "integrity": "sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==", + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/semver-diff": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/semver-diff/-/semver-diff-4.0.0.tgz", + "integrity": "sha512-0Ju4+6A8iOnpL/Thra7dZsSlOHYAHIeMxfhWQRI1/VLcT3WDBZKKtQt/QkBOsiIN9ZpuvHE6cGZ0x4glCMmfiA==", + "license": "MIT", + "dependencies": { + "semver": "^7.3.5" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/send": { + "version": "0.19.0", + "resolved": "https://registry.npmjs.org/send/-/send-0.19.0.tgz", + "integrity": "sha512-dW41u5VfLXu8SJh5bwRmyYUbAoSB3c9uQh6L8h/KtsFREPWpbX1lrljJo186Jc4nmci/sGUZ9a0a0J2zgfq2hw==", + "license": "MIT", + "dependencies": { + "debug": "2.6.9", + "depd": "2.0.0", + "destroy": "1.2.0", + "encodeurl": "~1.0.2", + "escape-html": "~1.0.3", + "etag": "~1.8.1", + "fresh": "0.5.2", + "http-errors": "2.0.0", + "mime": "1.6.0", + "ms": "2.1.3", + "on-finished": "2.4.1", + "range-parser": "~1.2.1", + "statuses": "2.0.1" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/send/node_modules/debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "license": "MIT", + "dependencies": { + "ms": "2.0.0" + } + }, + "node_modules/send/node_modules/debug/node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", + "license": "MIT" + }, + "node_modules/send/node_modules/encodeurl": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", + "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/send/node_modules/range-parser": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", + "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/serialize-javascript": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.2.tgz", + "integrity": "sha512-Saa1xPByTTq2gdeFZYLLo+RFE35NHZkAbqZeWNd3BpzppeVisAqpDjcp8dyf6uIvEqJRd46jemmyA4iFIeVk8g==", + "license": "BSD-3-Clause", + "dependencies": { + "randombytes": "^2.1.0" + } + }, + "node_modules/seroval": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/seroval/-/seroval-1.1.1.tgz", + "integrity": "sha512-rqEO6FZk8mv7Hyv4UCj3FD3b6Waqft605TLfsCe/BiaylRpyyMC0b+uA5TJKawX3KzMrdi3wsLbCaLplrQmBvQ==", + "license": "MIT", + "engines": { + "node": ">=10" + } + }, + "node_modules/seroval-plugins": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/seroval-plugins/-/seroval-plugins-1.1.1.tgz", + "integrity": "sha512-qNSy1+nUj7hsCOon7AO4wdAIo9P0jrzAMp18XhiOzA6/uO5TKtP7ScozVJ8T293oRIvi5wyCHSM4TrJo/c/GJA==", + "license": "MIT", + "engines": { + "node": ">=10" + }, + "peerDependencies": { + "seroval": "^1.0" + } + }, + "node_modules/serve-handler": { + "version": "6.1.6", + "resolved": "https://registry.npmjs.org/serve-handler/-/serve-handler-6.1.6.tgz", + "integrity": "sha512-x5RL9Y2p5+Sh3D38Fh9i/iQ5ZK+e4xuXRd/pGbM4D13tgo/MGwbttUk8emytcr1YYzBYs+apnUngBDFYfpjPuQ==", + "license": "MIT", + "dependencies": { + "bytes": "3.0.0", + "content-disposition": "0.5.2", + "mime-types": "2.1.18", + "minimatch": "3.1.2", + "path-is-inside": "1.0.2", + "path-to-regexp": "3.3.0", + "range-parser": "1.2.0" + } + }, + "node_modules/serve-handler/node_modules/path-to-regexp": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-3.3.0.tgz", + "integrity": "sha512-qyCH421YQPS2WFDxDjftfc1ZR5WKQzVzqsp4n9M2kQhVOo/ByahFoUNJfl58kOcEGfQ//7weFTDhm+ss8Ecxgw==", + "license": "MIT" + }, + "node_modules/serve-index": { + "version": "1.9.1", + "resolved": "https://registry.npmjs.org/serve-index/-/serve-index-1.9.1.tgz", + "integrity": "sha512-pXHfKNP4qujrtteMrSBb0rc8HJ9Ms/GrXwcUtUtD5s4ewDJI8bT3Cz2zTVRMKtri49pLx2e0Ya8ziP5Ya2pZZw==", + "license": "MIT", + "dependencies": { + "accepts": "~1.3.4", + "batch": "0.6.1", + "debug": "2.6.9", + "escape-html": "~1.0.3", + "http-errors": "~1.6.2", + "mime-types": "~2.1.17", + "parseurl": "~1.3.2" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/serve-index/node_modules/debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "license": "MIT", + "dependencies": { + "ms": "2.0.0" + } + }, + "node_modules/serve-index/node_modules/depd": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz", + "integrity": "sha512-7emPTl6Dpo6JRXOXjLRxck+FlLRX5847cLKEn00PLAgc3g2hTZZgr+e4c2v6QpSmLeFP3n5yUo7ft6avBK/5jQ==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/serve-index/node_modules/http-errors": { + "version": "1.6.3", + "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.6.3.tgz", + "integrity": "sha512-lks+lVC8dgGyh97jxvxeYTWQFvh4uw4yC12gVl63Cg30sjPX4wuGcdkICVXDAESr6OJGjqGA8Iz5mkeN6zlD7A==", + "license": "MIT", + "dependencies": { + "depd": "~1.1.2", + "inherits": "2.0.3", + "setprototypeof": "1.1.0", + "statuses": ">= 1.4.0 < 2" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/serve-index/node_modules/inherits": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz", + "integrity": "sha512-x00IRNXNy63jwGkJmzPigoySHbaqpNuzKbBOmzK+g2OdZpQ9w+sxCN+VSB3ja7IAge2OP2qpfxTjeNcyjmW1uw==", + "license": "ISC" + }, + "node_modules/serve-index/node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", + "license": "MIT" + }, + "node_modules/serve-index/node_modules/setprototypeof": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.1.0.tgz", + "integrity": "sha512-BvE/TwpZX4FXExxOxZyRGQQv651MSwmWKZGqvmPcRIjDqWub67kTKuIMx43cZZrS/cBBzwBcNDWoFxt2XEFIpQ==", + "license": "ISC" + }, + "node_modules/serve-index/node_modules/statuses": { + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz", + "integrity": "sha512-OpZ3zP+jT1PI7I8nemJX4AKmAX070ZkYPVWV/AaKTJl+tXCTGyVdC1a4SL8RUQYEwk/f34ZX8UTykN68FwrqAA==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/serve-static": { + "version": "1.16.2", + "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.16.2.tgz", + "integrity": "sha512-VqpjJZKadQB/PEbEwvFdO43Ax5dFBZ2UECszz8bQ7pi7wt//PWe1P6MN7eCnjsatYtBT6EuiClbjSWP2WrIoTw==", + "license": "MIT", + "dependencies": { + "encodeurl": "~2.0.0", + "escape-html": "~1.0.3", + "parseurl": "~1.3.3", + "send": "0.19.0" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/set-function-length": { + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.2.tgz", + "integrity": "sha512-pgRc4hJ4/sNjWCSS9AmnS40x3bNMDTknHgL5UaMBTMyJnU90EgWh1Rz+MC9eFu4BuN/UwZjKQuY/1v3rM7HMfg==", + "license": "MIT", + "dependencies": { + "define-data-property": "^1.1.4", + "es-errors": "^1.3.0", + "function-bind": "^1.1.2", + "get-intrinsic": "^1.2.4", + "gopd": "^1.0.1", + "has-property-descriptors": "^1.0.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/setprototypeof": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", + "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==", + "license": "ISC" + }, + "node_modules/shallow-clone": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/shallow-clone/-/shallow-clone-3.0.1.tgz", + "integrity": "sha512-/6KqX+GVUdqPuPPd2LxDDxzX6CAbjJehAAOKlNpqqUpAqPM6HeL8f+o3a+JsyGjn2lv0WY8UsTgUJjU9Ok55NA==", + "license": "MIT", + "dependencies": { + "kind-of": "^6.0.2" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/shallowequal": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/shallowequal/-/shallowequal-1.1.0.tgz", + "integrity": "sha512-y0m1JoUZSlPAjXVtPPW70aZWfIL/dSP7AFkRnniLCrK/8MDKog3TySTBmckD+RObVxH0v4Tox67+F14PdED2oQ==", + "license": "MIT" + }, + "node_modules/shebang-command": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", + "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==", + "license": "MIT", + "dependencies": { + "shebang-regex": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/shebang-regex": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", + "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/shell-quote": { + "version": "1.8.1", + "resolved": "https://registry.npmjs.org/shell-quote/-/shell-quote-1.8.1.tgz", + "integrity": "sha512-6j1W9l1iAs/4xYBI1SYOVZyFcCis9b4KCLQ8fgAGG07QvzaRLVVRQvAy85yNmmZSjYjg4MWh4gNvlPujU/5LpA==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/shelljs": { + "version": "0.8.5", + "resolved": "https://registry.npmjs.org/shelljs/-/shelljs-0.8.5.tgz", + "integrity": "sha512-TiwcRcrkhHvbrZbnRcFYMLl30Dfov3HKqzp5tO5b4pt6G/SezKcYhmDg15zXVBswHmctSAQKznqNW2LO5tTDow==", + "license": "BSD-3-Clause", + "dependencies": { + "glob": "^7.0.0", + "interpret": "^1.0.0", + "rechoir": "^0.6.2" + }, + "bin": { + "shjs": "bin/shjs" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/side-channel": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.6.tgz", + "integrity": "sha512-fDW/EZ6Q9RiO8eFG8Hj+7u/oW+XrPTIChwCOM2+th2A6OblDtYYIpve9m+KvI9Z4C9qSEXlaGR6bTEYHReuglA==", + "license": "MIT", + "dependencies": { + "call-bind": "^1.0.7", + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.4", + "object-inspect": "^1.13.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/signal-exit": { + "version": "3.0.7", + "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", + "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==", + "license": "ISC" + }, + "node_modules/sirv": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/sirv/-/sirv-2.0.4.tgz", + "integrity": "sha512-94Bdh3cC2PKrbgSOUqTiGPWVZeSiXfKOVZNJniWoqrWrRkB1CJzBU3NEbiTsPcYy1lDsANA/THzS+9WBiy5nfQ==", + "license": "MIT", + "dependencies": { + "@polka/url": "^1.0.0-next.24", + "mrmime": "^2.0.0", + "totalist": "^3.0.0" + }, + "engines": { + "node": ">= 10" + } + }, + "node_modules/sisteransi": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/sisteransi/-/sisteransi-1.0.5.tgz", + "integrity": "sha512-bLGGlR1QxBcynn2d5YmDX4MGjlZvy2MRBDRNHLJ8VI6l6+9FUiyTFNJ0IveOSP0bcXgVDPRcfGqA0pjaqUpfVg==", + "license": "MIT" + }, + "node_modules/sitemap": { + "version": "7.1.2", + "resolved": "https://registry.npmjs.org/sitemap/-/sitemap-7.1.2.tgz", + "integrity": "sha512-ARCqzHJ0p4gWt+j7NlU5eDlIO9+Rkr/JhPFZKKQ1l5GCus7rJH4UdrlVAh0xC/gDS/Qir2UMxqYNHtsKr2rpCw==", + "license": "MIT", + "dependencies": { + "@types/node": "^17.0.5", + "@types/sax": "^1.2.1", + "arg": "^5.0.0", + "sax": "^1.2.4" + }, + "bin": { + "sitemap": "dist/cli.js" + }, + "engines": { + "node": ">=12.0.0", + "npm": ">=5.6.0" + } + }, + "node_modules/sitemap/node_modules/@types/node": { + "version": "17.0.45", + "resolved": "https://registry.npmjs.org/@types/node/-/node-17.0.45.tgz", + "integrity": "sha512-w+tIMs3rq2afQdsPJlODhoUEKzFP1ayaoyl1CcnwtIlsVe7K7bA1NGm4s3PraqTLlXnbIN84zuBlxBWo1u9BLw==", + "license": "MIT" + }, + "node_modules/skin-tone": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/skin-tone/-/skin-tone-2.0.0.tgz", + "integrity": "sha512-kUMbT1oBJCpgrnKoSr0o6wPtvRWT9W9UKvGLwfJYO2WuahZRHOpEyL1ckyMGgMWh0UdpmaoFqKKD29WTomNEGA==", + "license": "MIT", + "dependencies": { + "unicode-emoji-modifier-base": "^1.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/slash": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz", + "integrity": "sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==", + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/snake-case": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/snake-case/-/snake-case-3.0.4.tgz", + "integrity": "sha512-LAOh4z89bGQvl9pFfNF8V146i7o7/CqFPbqzYgP+yYzDIDeS9HaNFtXABamRW+AQzEVODcvE79ljJ+8a9YSdMg==", + "license": "MIT", + "dependencies": { + "dot-case": "^3.0.4", + "tslib": "^2.0.3" + } + }, + "node_modules/sockjs": { + "version": "0.3.24", + "resolved": "https://registry.npmjs.org/sockjs/-/sockjs-0.3.24.tgz", + "integrity": "sha512-GJgLTZ7vYb/JtPSSZ10hsOYIvEYsjbNU+zPdIHcUaWVNUEPivzxku31865sSSud0Da0W4lEeOPlmw93zLQchuQ==", + "license": "MIT", + "dependencies": { + "faye-websocket": "^0.11.3", + "uuid": "^8.3.2", + "websocket-driver": "^0.7.4" + } + }, + "node_modules/sockjs/node_modules/uuid": { + "version": "8.3.2", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.3.2.tgz", + "integrity": "sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==", + "license": "MIT", + "bin": { + "uuid": "dist/bin/uuid" + } + }, + "node_modules/solid-js": { + "version": "1.9.3", + "resolved": "https://registry.npmjs.org/solid-js/-/solid-js-1.9.3.tgz", + "integrity": "sha512-5ba3taPoZGt9GY3YlsCB24kCg0Lv/rie/HTD4kG6h4daZZz7+yK02xn8Vx8dLYBc9i6Ps5JwAbEiqjmKaLB3Ag==", + "license": "MIT", + "dependencies": { + "csstype": "^3.1.0", + "seroval": "^1.1.0", + "seroval-plugins": "^1.1.0" + } + }, + "node_modules/sort-css-media-queries": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/sort-css-media-queries/-/sort-css-media-queries-2.2.0.tgz", + "integrity": "sha512-0xtkGhWCC9MGt/EzgnvbbbKhqWjl1+/rncmhTh5qCpbYguXh6S/qwePfv/JQ8jePXXmqingylxoC49pCkSPIbA==", + "license": "MIT", + "engines": { + "node": ">= 6.3.0" + } + }, + "node_modules/source-map": { + "version": "0.7.4", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.4.tgz", + "integrity": "sha512-l3BikUxvPOcn5E74dZiq5BGsTb5yEwhaTSzccU6t4sDOH8NWJCstKO5QT2CvtFoK6F0saL7p9xHAqHOlCPJygA==", + "license": "BSD-3-Clause", + "engines": { + "node": ">= 8" + } + }, + "node_modules/source-map-js": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz", + "integrity": "sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==", + "license": "BSD-3-Clause", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/source-map-support": { + "version": "0.5.21", + "resolved": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.21.tgz", + "integrity": "sha512-uBHU3L3czsIyYXKX88fdrGovxdSCoTGDRZ6SYXtSRxLZUzHg5P/66Ht6uoUlHu9EZod+inXhKo3qQgwXUT/y1w==", + "license": "MIT", + "dependencies": { + "buffer-from": "^1.0.0", + "source-map": "^0.6.0" + } + }, + "node_modules/source-map-support/node_modules/source-map": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", + "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", + "license": "BSD-3-Clause", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/space-separated-tokens": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/space-separated-tokens/-/space-separated-tokens-2.0.2.tgz", + "integrity": "sha512-PEGlAwrG8yXGXRjW32fGbg66JAlOAwbObuqVoJpv/mRgoWDQfgH1wDPvtzWyUSNAXBGSk8h755YDbbcEy3SH2Q==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/spdy": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/spdy/-/spdy-4.0.2.tgz", + "integrity": "sha512-r46gZQZQV+Kl9oItvl1JZZqJKGr+oEkB08A6BzkiR7593/7IbtuncXHd2YoYeTsG4157ZssMu9KYvUHLcjcDoA==", + "license": "MIT", + "dependencies": { + "debug": "^4.1.0", + "handle-thing": "^2.0.0", + "http-deceiver": "^1.2.7", + "select-hose": "^2.0.0", + "spdy-transport": "^3.0.0" + }, + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/spdy-transport": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/spdy-transport/-/spdy-transport-3.0.0.tgz", + "integrity": "sha512-hsLVFE5SjA6TCisWeJXFKniGGOpBgMLmerfO2aCyCU5s7nJ/rpAepqmFifv/GCbSbueEeAJJnmSQ2rKC/g8Fcw==", + "license": "MIT", + "dependencies": { + "debug": "^4.1.0", + "detect-node": "^2.0.4", + "hpack.js": "^2.1.6", + "obuf": "^1.1.2", + "readable-stream": "^3.0.6", + "wbuf": "^1.7.3" + } + }, + "node_modules/sprintf-js": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "integrity": "sha512-D9cPgkvLlV3t3IzL0D0YLvGA9Ahk4PcvVwUbN0dSGr1aP0Nrt4AEnTUbuGvquEC0mA64Gqt1fzirlRs5ibXx8g==", + "license": "BSD-3-Clause" + }, + "node_modules/srcset": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/srcset/-/srcset-4.0.0.tgz", + "integrity": "sha512-wvLeHgcVHKO8Sc/H/5lkGreJQVeYMm9rlmt8PuR1xE31rIuXhuzznUUqAt8MqLhB3MqJdFzlNAfpcWnxiFUcPw==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/statuses": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", + "integrity": "sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/std-env": { + "version": "3.8.0", + "resolved": "https://registry.npmjs.org/std-env/-/std-env-3.8.0.tgz", + "integrity": "sha512-Bc3YwwCB+OzldMxOXJIIvC6cPRWr/LxOp48CdQTOkPyk/t4JWWJbrilwBd7RJzKV8QW7tJkcgAmeuLLJugl5/w==", + "license": "MIT" + }, + "node_modules/string_decoder": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz", + "integrity": "sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA==", + "license": "MIT", + "dependencies": { + "safe-buffer": "~5.2.0" + } + }, + "node_modules/string-width": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz", + "integrity": "sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==", + "license": "MIT", + "dependencies": { + "eastasianwidth": "^0.2.0", + "emoji-regex": "^9.2.2", + "strip-ansi": "^7.0.1" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/string-width/node_modules/ansi-regex": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.1.0.tgz", + "integrity": "sha512-7HSX4QQb4CspciLpVFwyRe79O3xsIZDDLER21kERQ71oaPodF8jL725AgJMFAYbooIqolJoRLuM81SpeUkpkvA==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/ansi-regex?sponsor=1" + } + }, + "node_modules/string-width/node_modules/strip-ansi": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz", + "integrity": "sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ==", + "license": "MIT", + "dependencies": { + "ansi-regex": "^6.0.1" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/strip-ansi?sponsor=1" + } + }, + "node_modules/stringify-entities": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/stringify-entities/-/stringify-entities-4.0.4.tgz", + "integrity": "sha512-IwfBptatlO+QCJUo19AqvrPNqlVMpW9YEL2LIVY+Rpv2qsjCGxaDLNRgeGsQWJhfItebuJhsGSLjaBbNSQ+ieg==", + "license": "MIT", + "dependencies": { + "character-entities-html4": "^2.0.0", + "character-entities-legacy": "^3.0.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/stringify-object": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/stringify-object/-/stringify-object-3.3.0.tgz", + "integrity": "sha512-rHqiFh1elqCQ9WPLIC8I0Q/g/wj5J1eMkyoiD6eoQApWHP0FtlK7rqnhmabL5VUY9JQCcqwwvlOaSuutekgyrw==", + "license": "BSD-2-Clause", + "dependencies": { + "get-own-enumerable-property-symbols": "^3.0.0", + "is-obj": "^1.0.1", + "is-regexp": "^1.0.0" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/strip-ansi": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "license": "MIT", + "dependencies": { + "ansi-regex": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/strip-bom-string": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/strip-bom-string/-/strip-bom-string-1.0.0.tgz", + "integrity": "sha512-uCC2VHvQRYu+lMh4My/sFNmF2klFymLX1wHJeXnbEJERpV/ZsVuonzerjfrGpIGF7LBVa1O7i9kjiWvJiFck8g==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/strip-final-newline": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-2.0.0.tgz", + "integrity": "sha512-BrpvfNAE3dcvq7ll3xVumzjKjZQ5tI1sEUIKr3Uoks0XUl45St3FlatVqef9prk4jRDzhW6WZg+3bk93y6pLjA==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/strip-json-comments": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", + "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==", + "license": "MIT", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/style-to-object": { + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/style-to-object/-/style-to-object-1.0.8.tgz", + "integrity": "sha512-xT47I/Eo0rwJmaXC4oilDGDWLohVhR6o/xAQcPQN8q6QBuZVL8qMYL85kLmST5cPjAorwvqIA4qXTRQoYHaL6g==", + "license": "MIT", + "dependencies": { + "inline-style-parser": "0.2.4" + } + }, + "node_modules/stylehacks": { + "version": "6.1.1", + "resolved": "https://registry.npmjs.org/stylehacks/-/stylehacks-6.1.1.tgz", + "integrity": "sha512-gSTTEQ670cJNoaeIp9KX6lZmm8LJ3jPB5yJmX8Zq/wQxOsAFXV3qjWzHas3YYk1qesuVIyYWWUpZ0vSE/dTSGg==", + "license": "MIT", + "dependencies": { + "browserslist": "^4.23.0", + "postcss-selector-parser": "^6.0.16" + }, + "engines": { + "node": "^14 || ^16 || >=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/stylis": { + "version": "4.3.4", + "resolved": "https://registry.npmjs.org/stylis/-/stylis-4.3.4.tgz", + "integrity": "sha512-osIBl6BGUmSfDkyH2mB7EFvCJntXDrLhKjHTRj/rK6xLH0yuPrHULDRQzKokSOD4VoorhtKpfcfW1GAntu8now==", + "license": "MIT" + }, + "node_modules/supports-color": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", + "license": "MIT", + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/supports-preserve-symlinks-flag": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz", + "integrity": "sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/svg-parser": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/svg-parser/-/svg-parser-2.0.4.tgz", + "integrity": "sha512-e4hG1hRwoOdRb37cIMSgzNsxyzKfayW6VOflrwvR+/bzrkyxY/31WkbgnQpgtrNp1SdpJvpUAGTa/ZoiPNDuRQ==", + "license": "MIT" + }, + "node_modules/svgo": { + "version": "3.3.2", + "resolved": "https://registry.npmjs.org/svgo/-/svgo-3.3.2.tgz", + "integrity": "sha512-OoohrmuUlBs8B8o6MB2Aevn+pRIH9zDALSR+6hhqVfa6fRwG/Qw9VUMSMW9VNg2CFc/MTIfabtdOVl9ODIJjpw==", + "license": "MIT", + "dependencies": { + "@trysound/sax": "0.2.0", + "commander": "^7.2.0", + "css-select": "^5.1.0", + "css-tree": "^2.3.1", + "css-what": "^6.1.0", + "csso": "^5.0.5", + "picocolors": "^1.0.0" + }, + "bin": { + "svgo": "bin/svgo" + }, + "engines": { + "node": ">=14.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/svgo" + } + }, + "node_modules/svgo/node_modules/commander": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-7.2.0.tgz", + "integrity": "sha512-QrWXB+ZQSVPmIWIhtEO9H+gwHaMGYiF5ChvoJ+K9ZGHG/sVsa6yiesAD1GC/x46sET00Xlwo1u49RVVVzvcSkw==", + "license": "MIT", + "engines": { + "node": ">= 10" + } + }, + "node_modules/tapable": { + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/tapable/-/tapable-2.2.1.tgz", + "integrity": "sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/terser": { + "version": "5.36.0", + "resolved": "https://registry.npmjs.org/terser/-/terser-5.36.0.tgz", + "integrity": "sha512-IYV9eNMuFAV4THUspIRXkLakHnV6XO7FEdtKjf/mDyrnqUg9LnlOn6/RwRvM9SZjR4GUq8Nk8zj67FzVARr74w==", + "license": "BSD-2-Clause", + "dependencies": { + "@jridgewell/source-map": "^0.3.3", + "acorn": "^8.8.2", + "commander": "^2.20.0", + "source-map-support": "~0.5.20" + }, + "bin": { + "terser": "bin/terser" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/terser-webpack-plugin": { + "version": "5.3.10", + "resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-5.3.10.tgz", + "integrity": "sha512-BKFPWlPDndPs+NGGCr1U59t0XScL5317Y0UReNrHaw9/FwhPENlq6bfgs+4yPfyP51vqC1bQ4rp1EfXW5ZSH9w==", + "license": "MIT", + "dependencies": { + "@jridgewell/trace-mapping": "^0.3.20", + "jest-worker": "^27.4.5", + "schema-utils": "^3.1.1", + "serialize-javascript": "^6.0.1", + "terser": "^5.26.0" + }, + "engines": { + "node": ">= 10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "webpack": "^5.1.0" + }, + "peerDependenciesMeta": { + "@swc/core": { + "optional": true + }, + "esbuild": { + "optional": true + }, + "uglify-js": { + "optional": true + } + } + }, + "node_modules/terser-webpack-plugin/node_modules/ajv": { + "version": "6.12.6", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", + "license": "MIT", + "dependencies": { + "fast-deep-equal": "^3.1.1", + "fast-json-stable-stringify": "^2.0.0", + "json-schema-traverse": "^0.4.1", + "uri-js": "^4.2.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/terser-webpack-plugin/node_modules/ajv-keywords": { + "version": "3.5.2", + "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-3.5.2.tgz", + "integrity": "sha512-5p6WTN0DdTGVQk6VjcEju19IgaHudalcfabD7yhDGeA6bcQnmL+CpveLJq/3hvfwd1aof6L386Ougkx6RfyMIQ==", + "license": "MIT", + "peerDependencies": { + "ajv": "^6.9.1" + } + }, + "node_modules/terser-webpack-plugin/node_modules/jest-worker": { + "version": "27.5.1", + "resolved": "https://registry.npmjs.org/jest-worker/-/jest-worker-27.5.1.tgz", + "integrity": "sha512-7vuh85V5cdDofPyxn58nrPjBktZo0u9x1g8WtjQol+jZDaE+fhN+cIvTj11GndBnMnyfrUOG1sZQxCdjKh+DKg==", + "license": "MIT", + "dependencies": { + "@types/node": "*", + "merge-stream": "^2.0.0", + "supports-color": "^8.0.0" + }, + "engines": { + "node": ">= 10.13.0" + } + }, + "node_modules/terser-webpack-plugin/node_modules/json-schema-traverse": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==", + "license": "MIT" + }, + "node_modules/terser-webpack-plugin/node_modules/schema-utils": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-3.3.0.tgz", + "integrity": "sha512-pN/yOAvcC+5rQ5nERGuwrjLlYvLTbCibnZ1I7B1LaiAz9BRBlE9GMgE/eqV30P7aJQUf7Ddimy/RsbYO/GrVGg==", + "license": "MIT", + "dependencies": { + "@types/json-schema": "^7.0.8", + "ajv": "^6.12.5", + "ajv-keywords": "^3.5.2" + }, + "engines": { + "node": ">= 10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + } + }, + "node_modules/terser-webpack-plugin/node_modules/supports-color": { + "version": "8.1.1", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", + "integrity": "sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==", + "license": "MIT", + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/supports-color?sponsor=1" + } + }, + "node_modules/terser/node_modules/commander": { + "version": "2.20.3", + "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz", + "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==", + "license": "MIT" + }, + "node_modules/text-table": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz", + "integrity": "sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw==", + "license": "MIT" + }, + "node_modules/thunky": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/thunky/-/thunky-1.1.0.tgz", + "integrity": "sha512-eHY7nBftgThBqOyHGVN+l8gF0BucP09fMo0oO/Lb0w1OF80dJv+lDVpXG60WMQvkcxAkNybKsrEIE3ZtKGmPrA==", + "license": "MIT" + }, + "node_modules/tiny-invariant": { + "version": "1.3.3", + "resolved": "https://registry.npmjs.org/tiny-invariant/-/tiny-invariant-1.3.3.tgz", + "integrity": "sha512-+FbBPE1o9QAYvviau/qC5SE3caw21q3xkvWKBtja5vgqOWIHHJ3ioaq1VPfn/Szqctz2bU/oYeKd9/z5BL+PVg==", + "license": "MIT" + }, + "node_modules/tiny-warning": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/tiny-warning/-/tiny-warning-1.0.3.tgz", + "integrity": "sha512-lBN9zLN/oAf68o3zNXYrdCt1kP8WsiGW8Oo2ka41b2IM5JL/S1CTyX1rW0mb/zSuJun0ZUrDxx4sqvYS2FWzPA==", + "license": "MIT" + }, + "node_modules/tinyexec": { + "version": "0.3.1", + "resolved": "https://registry.npmjs.org/tinyexec/-/tinyexec-0.3.1.tgz", + "integrity": "sha512-WiCJLEECkO18gwqIp6+hJg0//p23HXp4S+gGtAKu3mI2F2/sXC4FvHvXvB0zJVVaTPhx1/tOwdbRsa1sOBIKqQ==", + "license": "MIT" + }, + "node_modules/to-regex-range": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", + "license": "MIT", + "dependencies": { + "is-number": "^7.0.0" + }, + "engines": { + "node": ">=8.0" + } + }, + "node_modules/toidentifier": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz", + "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==", + "license": "MIT", + "engines": { + "node": ">=0.6" + } + }, + "node_modules/totalist": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/totalist/-/totalist-3.0.1.tgz", + "integrity": "sha512-sf4i37nQ2LBx4m3wB74y+ubopq6W/dIzXg0FDGjsYnZHVa1Da8FH853wlL2gtUhg+xJXjfk3kUZS3BRoQeoQBQ==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/trim-lines": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/trim-lines/-/trim-lines-3.0.1.tgz", + "integrity": "sha512-kRj8B+YHZCc9kQYdWfJB2/oUl9rA99qbowYYBtr4ui4mZyAQ2JpvVBd/6U2YloATfqBhBTSMhTpgBHtU0Mf3Rg==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/trough": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/trough/-/trough-2.2.0.tgz", + "integrity": "sha512-tmMpK00BjZiUyVyvrBK7knerNgmgvcV/KLVyuma/SC+TQN167GrMRciANTz09+k3zW8L8t60jWO1GpfkZdjTaw==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/ts-dedent": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/ts-dedent/-/ts-dedent-2.2.0.tgz", + "integrity": "sha512-q5W7tVM71e2xjHZTlgfTDoPF/SmqKG5hddq9SzR49CH2hayqRKJtQ4mtRlSxKaJlR/+9rEM+mnBHf7I2/BQcpQ==", + "license": "MIT", + "engines": { + "node": ">=6.10" + } + }, + "node_modules/tslib": { + "version": "2.8.1", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz", + "integrity": "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==", + "license": "0BSD" + }, + "node_modules/type-fest": { + "version": "2.19.0", + "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-2.19.0.tgz", + "integrity": "sha512-RAH822pAdBgcNMAfWnCBU3CFZcfZ/i1eZjwFU/dsLKumyuuP3niueg2UAukXYF0E2AAoc82ZSSf9J0WQBinzHA==", + "license": "(MIT OR CC0-1.0)", + "engines": { + "node": ">=12.20" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/type-is": { + "version": "1.6.18", + "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", + "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==", + "license": "MIT", + "dependencies": { + "media-typer": "0.3.0", + "mime-types": "~2.1.24" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/type-is/node_modules/mime-db": { + "version": "1.52.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/type-is/node_modules/mime-types": { + "version": "2.1.35", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", + "license": "MIT", + "dependencies": { + "mime-db": "1.52.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/typedarray-to-buffer": { + "version": "3.1.5", + "resolved": "https://registry.npmjs.org/typedarray-to-buffer/-/typedarray-to-buffer-3.1.5.tgz", + "integrity": "sha512-zdu8XMNEDepKKR+XYOXAVPtWui0ly0NtohUscw+UmaHiAWT8hrV1rr//H6V+0DvJ3OQ19S979M0laLfX8rm82Q==", + "license": "MIT", + "dependencies": { + "is-typedarray": "^1.0.0" + } + }, + "node_modules/typescript": { + "version": "5.6.3", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.6.3.tgz", + "integrity": "sha512-hjcS1mhfuyi4WW8IWtjP7brDrG2cuDZukyrYrSauoXGNgx0S7zceP07adYkJycEr56BOUTNPzbInooiN3fn1qw==", + "license": "Apache-2.0", + "peer": true, + "bin": { + "tsc": "bin/tsc", + "tsserver": "bin/tsserver" + }, + "engines": { + "node": ">=14.17" + } + }, + "node_modules/ufo": { + "version": "1.5.4", + "resolved": "https://registry.npmjs.org/ufo/-/ufo-1.5.4.tgz", + "integrity": "sha512-UsUk3byDzKd04EyoZ7U4DOlxQaD14JUKQl6/P7wiX4FNvUfm3XL246n9W5AmqwW5RSFJ27NAuM0iLscAOYUiGQ==", + "license": "MIT" + }, + "node_modules/undici-types": { + "version": "6.19.8", + "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.19.8.tgz", + "integrity": "sha512-ve2KP6f/JnbPBFyobGHuerC9g1FYGn/F8n1LWTwNxCEzd6IfqTwUQcNXgEtmmQ6DlRrC1hrSrBnCZPokRrDHjw==", + "license": "MIT" + }, + "node_modules/unicode-canonical-property-names-ecmascript": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/unicode-canonical-property-names-ecmascript/-/unicode-canonical-property-names-ecmascript-2.0.1.tgz", + "integrity": "sha512-dA8WbNeb2a6oQzAQ55YlT5vQAWGV9WXOsi3SskE3bcCdM0P4SDd+24zS/OCacdRq5BkdsRj9q3Pg6YyQoxIGqg==", + "license": "MIT", + "engines": { + "node": ">=4" + } + }, + "node_modules/unicode-emoji-modifier-base": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/unicode-emoji-modifier-base/-/unicode-emoji-modifier-base-1.0.0.tgz", + "integrity": "sha512-yLSH4py7oFH3oG/9K+XWrz1pSi3dfUrWEnInbxMfArOfc1+33BlGPQtLsOYwvdMy11AwUBetYuaRxSPqgkq+8g==", + "license": "MIT", + "engines": { + "node": ">=4" + } + }, + "node_modules/unicode-match-property-ecmascript": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/unicode-match-property-ecmascript/-/unicode-match-property-ecmascript-2.0.0.tgz", + "integrity": "sha512-5kaZCrbp5mmbz5ulBkDkbY0SsPOjKqVS35VpL9ulMPfSl0J0Xsm+9Evphv9CoIZFwre7aJoa94AY6seMKGVN5Q==", + "license": "MIT", + "dependencies": { + "unicode-canonical-property-names-ecmascript": "^2.0.0", + "unicode-property-aliases-ecmascript": "^2.0.0" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/unicode-match-property-value-ecmascript": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/unicode-match-property-value-ecmascript/-/unicode-match-property-value-ecmascript-2.2.0.tgz", + "integrity": "sha512-4IehN3V/+kkr5YeSSDDQG8QLqO26XpL2XP3GQtqwlT/QYSECAwFztxVHjlbh0+gjJ3XmNLS0zDsbgs9jWKExLg==", + "license": "MIT", + "engines": { + "node": ">=4" + } + }, + "node_modules/unicode-property-aliases-ecmascript": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/unicode-property-aliases-ecmascript/-/unicode-property-aliases-ecmascript-2.1.0.tgz", + "integrity": "sha512-6t3foTQI9qne+OZoVQB/8x8rk2k1eVy1gRXhV3oFQ5T6R1dqQ1xtin3XqSlx3+ATBkliTaR/hHyJBm+LVPNM8w==", + "license": "MIT", + "engines": { + "node": ">=4" + } + }, + "node_modules/unified": { + "version": "11.0.5", + "resolved": "https://registry.npmjs.org/unified/-/unified-11.0.5.tgz", + "integrity": "sha512-xKvGhPWw3k84Qjh8bI3ZeJjqnyadK+GEFtazSfZv/rKeTkTjOJho6mFqh2SM96iIcZokxiOpg78GazTSg8+KHA==", + "license": "MIT", + "dependencies": { + "@types/unist": "^3.0.0", + "bail": "^2.0.0", + "devlop": "^1.0.0", + "extend": "^3.0.0", + "is-plain-obj": "^4.0.0", + "trough": "^2.0.0", + "vfile": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/unique-string": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/unique-string/-/unique-string-3.0.0.tgz", + "integrity": "sha512-VGXBUVwxKMBUznyffQweQABPRRW1vHZAbadFZud4pLFAqRGvv/96vafgjWFqzourzr8YonlQiPgH0YCJfawoGQ==", + "license": "MIT", + "dependencies": { + "crypto-random-string": "^4.0.0" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/unist-util-is": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/unist-util-is/-/unist-util-is-6.0.0.tgz", + "integrity": "sha512-2qCTHimwdxLfz+YzdGfkqNlH0tLi9xjTnHddPmJwtIG9MGsdbutfTc4P+haPD7l7Cjxf/WZj+we5qfVPvvxfYw==", + "license": "MIT", + "dependencies": { + "@types/unist": "^3.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/unist-util-position": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/unist-util-position/-/unist-util-position-5.0.0.tgz", + "integrity": "sha512-fucsC7HjXvkB5R3kTCO7kUjRdrS0BJt3M/FPxmHMBOm8JQi2BsHAHFsy27E0EolP8rp0NzXsJ+jNPyDWvOJZPA==", + "license": "MIT", + "dependencies": { + "@types/unist": "^3.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/unist-util-position-from-estree": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/unist-util-position-from-estree/-/unist-util-position-from-estree-2.0.0.tgz", + "integrity": "sha512-KaFVRjoqLyF6YXCbVLNad/eS4+OfPQQn2yOd7zF/h5T/CSL2v8NpN6a5TPvtbXthAGw5nG+PuTtq+DdIZr+cRQ==", + "license": "MIT", + "dependencies": { + "@types/unist": "^3.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/unist-util-stringify-position": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/unist-util-stringify-position/-/unist-util-stringify-position-4.0.0.tgz", + "integrity": "sha512-0ASV06AAoKCDkS2+xw5RXJywruurpbC4JZSm7nr7MOt1ojAzvyyaO+UxZf18j8FCF6kmzCZKcAgN/yu2gm2XgQ==", + "license": "MIT", + "dependencies": { + "@types/unist": "^3.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/unist-util-visit": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/unist-util-visit/-/unist-util-visit-5.0.0.tgz", + "integrity": "sha512-MR04uvD+07cwl/yhVuVWAtw+3GOR/knlL55Nd/wAdblk27GCVt3lqpTivy/tkJcZoNPzTwS1Y+KMojlLDhoTzg==", + "license": "MIT", + "dependencies": { + "@types/unist": "^3.0.0", + "unist-util-is": "^6.0.0", + "unist-util-visit-parents": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/unist-util-visit-parents": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/unist-util-visit-parents/-/unist-util-visit-parents-6.0.1.tgz", + "integrity": "sha512-L/PqWzfTP9lzzEa6CKs0k2nARxTdZduw3zyh8d2NVBnsyvHjSX4TWse388YrrQKbvI8w20fGjGlhgT96WwKykw==", + "license": "MIT", + "dependencies": { + "@types/unist": "^3.0.0", + "unist-util-is": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/universalify": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.1.tgz", + "integrity": "sha512-gptHNQghINnc/vTGIk0SOFGFNXw7JVrlRUtConJRlvaw6DuX0wO5Jeko9sWrMBhh+PsYAZ7oXAiOnf/UKogyiw==", + "license": "MIT", + "engines": { + "node": ">= 10.0.0" + } + }, + "node_modules/unpipe": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", + "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/update-browserslist-db": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.1.1.tgz", + "integrity": "sha512-R8UzCaa9Az+38REPiJ1tXlImTJXlVfgHZsglwBD/k6nj76ctsH1E3q4doGrukiLQd3sGQYu56r5+lo5r94l29A==", + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/browserslist" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/browserslist" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "dependencies": { + "escalade": "^3.2.0", + "picocolors": "^1.1.0" + }, + "bin": { + "update-browserslist-db": "cli.js" + }, + "peerDependencies": { + "browserslist": ">= 4.21.0" + } + }, + "node_modules/update-notifier": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/update-notifier/-/update-notifier-6.0.2.tgz", + "integrity": "sha512-EDxhTEVPZZRLWYcJ4ZXjGFN0oP7qYvbXWzEgRm/Yql4dHX5wDbvh89YHP6PK1lzZJYrMtXUuZZz8XGK+U6U1og==", + "license": "BSD-2-Clause", + "dependencies": { + "boxen": "^7.0.0", + "chalk": "^5.0.1", + "configstore": "^6.0.0", + "has-yarn": "^3.0.0", + "import-lazy": "^4.0.0", + "is-ci": "^3.0.1", + "is-installed-globally": "^0.4.0", + "is-npm": "^6.0.0", + "is-yarn-global": "^0.4.0", + "latest-version": "^7.0.0", + "pupa": "^3.1.0", + "semver": "^7.3.7", + "semver-diff": "^4.0.0", + "xdg-basedir": "^5.1.0" + }, + "engines": { + "node": ">=14.16" + }, + "funding": { + "url": "https://github.com/yeoman/update-notifier?sponsor=1" + } + }, + "node_modules/update-notifier/node_modules/boxen": { + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/boxen/-/boxen-7.1.1.tgz", + "integrity": "sha512-2hCgjEmP8YLWQ130n2FerGv7rYpfBmnmp9Uy2Le1vge6X3gZIfSmEzP5QTDElFxcvVcXlEn8Aq6MU/PZygIOog==", + "license": "MIT", + "dependencies": { + "ansi-align": "^3.0.1", + "camelcase": "^7.0.1", + "chalk": "^5.2.0", + "cli-boxes": "^3.0.0", + "string-width": "^5.1.2", + "type-fest": "^2.13.0", + "widest-line": "^4.0.1", + "wrap-ansi": "^8.1.0" + }, + "engines": { + "node": ">=14.16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/update-notifier/node_modules/camelcase": { + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-7.0.1.tgz", + "integrity": "sha512-xlx1yCK2Oc1APsPXDL2LdlNP6+uu8OCDdhOBSVT279M/S+y75O30C2VuD8T2ogdePBBl7PfPF4504tnLgX3zfw==", + "license": "MIT", + "engines": { + "node": ">=14.16" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/update-notifier/node_modules/chalk": { + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-5.3.0.tgz", + "integrity": "sha512-dLitG79d+GV1Nb/VYcCDFivJeK1hiukt9QjRNVOsUtTy1rR1YJsmpGGTZ3qJos+uw7WmWF4wUwBd9jxjocFC2w==", + "license": "MIT", + "engines": { + "node": "^12.17.0 || ^14.13 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/uri-js": { + "version": "4.4.1", + "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz", + "integrity": "sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==", + "license": "BSD-2-Clause", + "dependencies": { + "punycode": "^2.1.0" + } + }, + "node_modules/url-loader": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/url-loader/-/url-loader-4.1.1.tgz", + "integrity": "sha512-3BTV812+AVHHOJQO8O5MkWgZ5aosP7GnROJwvzLS9hWDj00lZ6Z0wNak423Lp9PBZN05N+Jk/N5Si8jRAlGyWA==", + "license": "MIT", + "dependencies": { + "loader-utils": "^2.0.0", + "mime-types": "^2.1.27", + "schema-utils": "^3.0.0" + }, + "engines": { + "node": ">= 10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "file-loader": "*", + "webpack": "^4.0.0 || ^5.0.0" + }, + "peerDependenciesMeta": { + "file-loader": { + "optional": true + } + } + }, + "node_modules/url-loader/node_modules/ajv": { + "version": "6.12.6", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", + "license": "MIT", + "dependencies": { + "fast-deep-equal": "^3.1.1", + "fast-json-stable-stringify": "^2.0.0", + "json-schema-traverse": "^0.4.1", + "uri-js": "^4.2.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/url-loader/node_modules/ajv-keywords": { + "version": "3.5.2", + "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-3.5.2.tgz", + "integrity": "sha512-5p6WTN0DdTGVQk6VjcEju19IgaHudalcfabD7yhDGeA6bcQnmL+CpveLJq/3hvfwd1aof6L386Ougkx6RfyMIQ==", + "license": "MIT", + "peerDependencies": { + "ajv": "^6.9.1" + } + }, + "node_modules/url-loader/node_modules/json-schema-traverse": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==", + "license": "MIT" + }, + "node_modules/url-loader/node_modules/mime-db": { + "version": "1.52.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/url-loader/node_modules/mime-types": { + "version": "2.1.35", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", + "license": "MIT", + "dependencies": { + "mime-db": "1.52.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/url-loader/node_modules/schema-utils": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-3.3.0.tgz", + "integrity": "sha512-pN/yOAvcC+5rQ5nERGuwrjLlYvLTbCibnZ1I7B1LaiAz9BRBlE9GMgE/eqV30P7aJQUf7Ddimy/RsbYO/GrVGg==", + "license": "MIT", + "dependencies": { + "@types/json-schema": "^7.0.8", + "ajv": "^6.12.5", + "ajv-keywords": "^3.5.2" + }, + "engines": { + "node": ">= 10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + } + }, + "node_modules/util-deprecate": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz", + "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==", + "license": "MIT" + }, + "node_modules/utila": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/utila/-/utila-0.4.0.tgz", + "integrity": "sha512-Z0DbgELS9/L/75wZbro8xAnT50pBVFQZ+hUEueGDU5FN51YSCYM+jdxsfCiHjwNP/4LCDD0i/graKpeBnOXKRA==", + "license": "MIT" + }, + "node_modules/utility-types": { + "version": "3.11.0", + "resolved": "https://registry.npmjs.org/utility-types/-/utility-types-3.11.0.tgz", + "integrity": "sha512-6Z7Ma2aVEWisaL6TvBCy7P8rm2LQoPv6dJ7ecIaIixHcwfbJ0x7mWdbcwlIM5IGQxPZSFYeqRCqlOOeKoJYMkw==", + "license": "MIT", + "engines": { + "node": ">= 4" + } + }, + "node_modules/utils-merge": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", + "integrity": "sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==", + "license": "MIT", + "engines": { + "node": ">= 0.4.0" + } + }, + "node_modules/uuid": { + "version": "9.0.1", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", + "integrity": "sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==", + "funding": [ + "https://github.com/sponsors/broofa", + "https://github.com/sponsors/ctavan" + ], + "license": "MIT", + "bin": { + "uuid": "dist/bin/uuid" + } + }, + "node_modules/value-equal": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/value-equal/-/value-equal-1.0.1.tgz", + "integrity": "sha512-NOJ6JZCAWr0zlxZt+xqCHNTEKOsrks2HQd4MqhP1qy4z1SkbEP467eNx6TgDKXMvUOb+OENfJCZwM+16n7fRfw==", + "license": "MIT" + }, + "node_modules/vary": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", + "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/vfile": { + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/vfile/-/vfile-6.0.3.tgz", + "integrity": "sha512-KzIbH/9tXat2u30jf+smMwFCsno4wHVdNmzFyL+T/L3UGqqk6JKfVqOFOZEpZSHADH1k40ab6NUIXZq422ov3Q==", + "license": "MIT", + "dependencies": { + "@types/unist": "^3.0.0", + "vfile-message": "^4.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/vfile-location": { + "version": "5.0.3", + "resolved": "https://registry.npmjs.org/vfile-location/-/vfile-location-5.0.3.tgz", + "integrity": "sha512-5yXvWDEgqeiYiBe1lbxYF7UMAIm/IcopxMHrMQDq3nvKcjPKIhZklUKL+AE7J7uApI4kwe2snsK+eI6UTj9EHg==", + "license": "MIT", + "dependencies": { + "@types/unist": "^3.0.0", + "vfile": "^6.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/vfile-message": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/vfile-message/-/vfile-message-4.0.2.tgz", + "integrity": "sha512-jRDZ1IMLttGj41KcZvlrYAaI3CfqpLpfpf+Mfig13viT6NKvRzWZ+lXz0Y5D60w6uJIBAOGq9mSHf0gktF0duw==", + "license": "MIT", + "dependencies": { + "@types/unist": "^3.0.0", + "unist-util-stringify-position": "^4.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/unified" + } + }, + "node_modules/vscode-jsonrpc": { + "version": "8.2.0", + "resolved": "https://registry.npmjs.org/vscode-jsonrpc/-/vscode-jsonrpc-8.2.0.tgz", + "integrity": "sha512-C+r0eKJUIfiDIfwJhria30+TYWPtuHJXHtI7J0YlOmKAo7ogxP20T0zxB7HZQIFhIyvoBPwWskjxrvAtfjyZfA==", + "license": "MIT", + "engines": { + "node": ">=14.0.0" + } + }, + "node_modules/vscode-languageserver": { + "version": "9.0.1", + "resolved": "https://registry.npmjs.org/vscode-languageserver/-/vscode-languageserver-9.0.1.tgz", + "integrity": "sha512-woByF3PDpkHFUreUa7Hos7+pUWdeWMXRd26+ZX2A8cFx6v/JPTtd4/uN0/jB6XQHYaOlHbio03NTHCqrgG5n7g==", + "license": "MIT", + "dependencies": { + "vscode-languageserver-protocol": "3.17.5" + }, + "bin": { + "installServerIntoExtension": "bin/installServerIntoExtension" + } + }, + "node_modules/vscode-languageserver-protocol": { + "version": "3.17.5", + "resolved": "https://registry.npmjs.org/vscode-languageserver-protocol/-/vscode-languageserver-protocol-3.17.5.tgz", + "integrity": "sha512-mb1bvRJN8SVznADSGWM9u/b07H7Ecg0I3OgXDuLdn307rl/J3A9YD6/eYOssqhecL27hK1IPZAsaqh00i/Jljg==", + "license": "MIT", + "dependencies": { + "vscode-jsonrpc": "8.2.0", + "vscode-languageserver-types": "3.17.5" + } + }, + "node_modules/vscode-languageserver-textdocument": { + "version": "1.0.12", + "resolved": "https://registry.npmjs.org/vscode-languageserver-textdocument/-/vscode-languageserver-textdocument-1.0.12.tgz", + "integrity": "sha512-cxWNPesCnQCcMPeenjKKsOCKQZ/L6Tv19DTRIGuLWe32lyzWhihGVJ/rcckZXJxfdKCFvRLS3fpBIsV/ZGX4zA==", + "license": "MIT" + }, + "node_modules/vscode-languageserver-types": { + "version": "3.17.5", + "resolved": "https://registry.npmjs.org/vscode-languageserver-types/-/vscode-languageserver-types-3.17.5.tgz", + "integrity": "sha512-Ld1VelNuX9pdF39h2Hgaeb5hEZM2Z3jUrrMgWQAu82jMtZp7p3vJT3BzToKtZI7NgQssZje5o0zryOrhQvzQAg==", + "license": "MIT" + }, + "node_modules/vscode-uri": { + "version": "3.0.8", + "resolved": "https://registry.npmjs.org/vscode-uri/-/vscode-uri-3.0.8.tgz", + "integrity": "sha512-AyFQ0EVmsOZOlAnxoFOGOq1SQDWAB7C6aqMGS23svWAllfOaxbuFvcT8D1i8z3Gyn8fraVeZNNmN6e9bxxXkKw==", + "license": "MIT" + }, + "node_modules/watchpack": { + "version": "2.4.2", + "resolved": "https://registry.npmjs.org/watchpack/-/watchpack-2.4.2.tgz", + "integrity": "sha512-TnbFSbcOCcDgjZ4piURLCbJ3nJhznVh9kw6F6iokjiFPl8ONxe9A6nMDVXDiNbrSfLILs6vB07F7wLBrwPYzJw==", + "license": "MIT", + "dependencies": { + "glob-to-regexp": "^0.4.1", + "graceful-fs": "^4.1.2" + }, + "engines": { + "node": ">=10.13.0" + } + }, + "node_modules/wbuf": { + "version": "1.7.3", + "resolved": "https://registry.npmjs.org/wbuf/-/wbuf-1.7.3.tgz", + "integrity": "sha512-O84QOnr0icsbFGLS0O3bI5FswxzRr8/gHwWkDlQFskhSPryQXvrTMxjxGP4+iWYoauLoBvfDpkrOauZ+0iZpDA==", + "license": "MIT", + "dependencies": { + "minimalistic-assert": "^1.0.0" + } + }, + "node_modules/web-namespaces": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/web-namespaces/-/web-namespaces-2.0.1.tgz", + "integrity": "sha512-bKr1DkiNa2krS7qxNtdrtHAmzuYGFQLiQ13TsorsdT6ULTkPLKuu5+GsFpDlg6JFjUTwX2DyhMPG2be8uPrqsQ==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/webpack": { + "version": "5.96.1", + "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.96.1.tgz", + "integrity": "sha512-l2LlBSvVZGhL4ZrPwyr8+37AunkcYj5qh8o6u2/2rzoPc8gxFJkLj1WxNgooi9pnoc06jh0BjuXnamM4qlujZA==", + "license": "MIT", + "dependencies": { + "@types/eslint-scope": "^3.7.7", + "@types/estree": "^1.0.6", + "@webassemblyjs/ast": "^1.12.1", + "@webassemblyjs/wasm-edit": "^1.12.1", + "@webassemblyjs/wasm-parser": "^1.12.1", + "acorn": "^8.14.0", + "browserslist": "^4.24.0", + "chrome-trace-event": "^1.0.2", + "enhanced-resolve": "^5.17.1", + "es-module-lexer": "^1.2.1", + "eslint-scope": "5.1.1", + "events": "^3.2.0", + "glob-to-regexp": "^0.4.1", + "graceful-fs": "^4.2.11", + "json-parse-even-better-errors": "^2.3.1", + "loader-runner": "^4.2.0", + "mime-types": "^2.1.27", + "neo-async": "^2.6.2", + "schema-utils": "^3.2.0", + "tapable": "^2.1.1", + "terser-webpack-plugin": "^5.3.10", + "watchpack": "^2.4.1", + "webpack-sources": "^3.2.3" + }, + "bin": { + "webpack": "bin/webpack.js" + }, + "engines": { + "node": ">=10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependenciesMeta": { + "webpack-cli": { + "optional": true + } + } + }, + "node_modules/webpack-bundle-analyzer": { + "version": "4.10.2", + "resolved": "https://registry.npmjs.org/webpack-bundle-analyzer/-/webpack-bundle-analyzer-4.10.2.tgz", + "integrity": "sha512-vJptkMm9pk5si4Bv922ZbKLV8UTT4zib4FPgXMhgzUny0bfDDkLXAVQs3ly3fS4/TN9ROFtb0NFrm04UXFE/Vw==", + "license": "MIT", + "dependencies": { + "@discoveryjs/json-ext": "0.5.7", + "acorn": "^8.0.4", + "acorn-walk": "^8.0.0", + "commander": "^7.2.0", + "debounce": "^1.2.1", + "escape-string-regexp": "^4.0.0", + "gzip-size": "^6.0.0", + "html-escaper": "^2.0.2", + "opener": "^1.5.2", + "picocolors": "^1.0.0", + "sirv": "^2.0.3", + "ws": "^7.3.1" + }, + "bin": { + "webpack-bundle-analyzer": "lib/bin/analyzer.js" + }, + "engines": { + "node": ">= 10.13.0" + } + }, + "node_modules/webpack-bundle-analyzer/node_modules/commander": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-7.2.0.tgz", + "integrity": "sha512-QrWXB+ZQSVPmIWIhtEO9H+gwHaMGYiF5ChvoJ+K9ZGHG/sVsa6yiesAD1GC/x46sET00Xlwo1u49RVVVzvcSkw==", + "license": "MIT", + "engines": { + "node": ">= 10" + } + }, + "node_modules/webpack-dev-middleware": { + "version": "5.3.4", + "resolved": "https://registry.npmjs.org/webpack-dev-middleware/-/webpack-dev-middleware-5.3.4.tgz", + "integrity": "sha512-BVdTqhhs+0IfoeAf7EoH5WE+exCmqGerHfDM0IL096Px60Tq2Mn9MAbnaGUe6HiMa41KMCYF19gyzZmBcq/o4Q==", + "license": "MIT", + "dependencies": { + "colorette": "^2.0.10", + "memfs": "^3.4.3", + "mime-types": "^2.1.31", + "range-parser": "^1.2.1", + "schema-utils": "^4.0.0" + }, + "engines": { + "node": ">= 12.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "webpack": "^4.0.0 || ^5.0.0" + } + }, + "node_modules/webpack-dev-middleware/node_modules/mime-db": { + "version": "1.52.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/webpack-dev-middleware/node_modules/mime-types": { + "version": "2.1.35", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", + "license": "MIT", + "dependencies": { + "mime-db": "1.52.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/webpack-dev-middleware/node_modules/range-parser": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", + "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/webpack-dev-server": { + "version": "4.15.2", + "resolved": "https://registry.npmjs.org/webpack-dev-server/-/webpack-dev-server-4.15.2.tgz", + "integrity": "sha512-0XavAZbNJ5sDrCbkpWL8mia0o5WPOd2YGtxrEiZkBK9FjLppIUK2TgxK6qGD2P3hUXTJNNPVibrerKcx5WkR1g==", + "license": "MIT", + "dependencies": { + "@types/bonjour": "^3.5.9", + "@types/connect-history-api-fallback": "^1.3.5", + "@types/express": "^4.17.13", + "@types/serve-index": "^1.9.1", + "@types/serve-static": "^1.13.10", + "@types/sockjs": "^0.3.33", + "@types/ws": "^8.5.5", + "ansi-html-community": "^0.0.8", + "bonjour-service": "^1.0.11", + "chokidar": "^3.5.3", + "colorette": "^2.0.10", + "compression": "^1.7.4", + "connect-history-api-fallback": "^2.0.0", + "default-gateway": "^6.0.3", + "express": "^4.17.3", + "graceful-fs": "^4.2.6", + "html-entities": "^2.3.2", + "http-proxy-middleware": "^2.0.3", + "ipaddr.js": "^2.0.1", + "launch-editor": "^2.6.0", + "open": "^8.0.9", + "p-retry": "^4.5.0", + "rimraf": "^3.0.2", + "schema-utils": "^4.0.0", + "selfsigned": "^2.1.1", + "serve-index": "^1.9.1", + "sockjs": "^0.3.24", + "spdy": "^4.0.2", + "webpack-dev-middleware": "^5.3.4", + "ws": "^8.13.0" + }, + "bin": { + "webpack-dev-server": "bin/webpack-dev-server.js" + }, + "engines": { + "node": ">= 12.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + }, + "peerDependencies": { + "webpack": "^4.37.0 || ^5.0.0" + }, + "peerDependenciesMeta": { + "webpack": { + "optional": true + }, + "webpack-cli": { + "optional": true + } + } + }, + "node_modules/webpack-dev-server/node_modules/ws": { + "version": "8.18.0", + "resolved": "https://registry.npmjs.org/ws/-/ws-8.18.0.tgz", + "integrity": "sha512-8VbfWfHLbbwu3+N6OKsOMpBdT4kXPDDB9cJk2bJ6mh9ucxdlnNvH1e+roYkKmN9Nxw2yjz7VzeO9oOz2zJ04Pw==", + "license": "MIT", + "engines": { + "node": ">=10.0.0" + }, + "peerDependencies": { + "bufferutil": "^4.0.1", + "utf-8-validate": ">=5.0.2" + }, + "peerDependenciesMeta": { + "bufferutil": { + "optional": true + }, + "utf-8-validate": { + "optional": true + } + } + }, + "node_modules/webpack-merge": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/webpack-merge/-/webpack-merge-6.0.1.tgz", + "integrity": "sha512-hXXvrjtx2PLYx4qruKl+kyRSLc52V+cCvMxRjmKwoA+CBbbF5GfIBtR6kCvl0fYGqTUPKB+1ktVmTHqMOzgCBg==", + "license": "MIT", + "dependencies": { + "clone-deep": "^4.0.1", + "flat": "^5.0.2", + "wildcard": "^2.0.1" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/webpack-sources": { + "version": "3.2.3", + "resolved": "https://registry.npmjs.org/webpack-sources/-/webpack-sources-3.2.3.tgz", + "integrity": "sha512-/DyMEOrDgLKKIG0fmvtz+4dUX/3Ghozwgm6iPp8KRhvn+eQf9+Q7GWxVNMk3+uCPWfdXYC4ExGBckIXdFEfH1w==", + "license": "MIT", + "engines": { + "node": ">=10.13.0" + } + }, + "node_modules/webpack/node_modules/ajv": { + "version": "6.12.6", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", + "license": "MIT", + "dependencies": { + "fast-deep-equal": "^3.1.1", + "fast-json-stable-stringify": "^2.0.0", + "json-schema-traverse": "^0.4.1", + "uri-js": "^4.2.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/webpack/node_modules/ajv-keywords": { + "version": "3.5.2", + "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-3.5.2.tgz", + "integrity": "sha512-5p6WTN0DdTGVQk6VjcEju19IgaHudalcfabD7yhDGeA6bcQnmL+CpveLJq/3hvfwd1aof6L386Ougkx6RfyMIQ==", + "license": "MIT", + "peerDependencies": { + "ajv": "^6.9.1" + } + }, + "node_modules/webpack/node_modules/json-schema-traverse": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==", + "license": "MIT" + }, + "node_modules/webpack/node_modules/mime-db": { + "version": "1.52.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/webpack/node_modules/mime-types": { + "version": "2.1.35", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", + "license": "MIT", + "dependencies": { + "mime-db": "1.52.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/webpack/node_modules/schema-utils": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-3.3.0.tgz", + "integrity": "sha512-pN/yOAvcC+5rQ5nERGuwrjLlYvLTbCibnZ1I7B1LaiAz9BRBlE9GMgE/eqV30P7aJQUf7Ddimy/RsbYO/GrVGg==", + "license": "MIT", + "dependencies": { + "@types/json-schema": "^7.0.8", + "ajv": "^6.12.5", + "ajv-keywords": "^3.5.2" + }, + "engines": { + "node": ">= 10.13.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + } + }, + "node_modules/webpackbar": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/webpackbar/-/webpackbar-6.0.1.tgz", + "integrity": "sha512-TnErZpmuKdwWBdMoexjio3KKX6ZtoKHRVvLIU0A47R0VVBDtx3ZyOJDktgYixhoJokZTYTt1Z37OkO9pnGJa9Q==", + "license": "MIT", + "dependencies": { + "ansi-escapes": "^4.3.2", + "chalk": "^4.1.2", + "consola": "^3.2.3", + "figures": "^3.2.0", + "markdown-table": "^2.0.0", + "pretty-time": "^1.1.0", + "std-env": "^3.7.0", + "wrap-ansi": "^7.0.0" + }, + "engines": { + "node": ">=14.21.3" + }, + "peerDependencies": { + "webpack": "3 || 4 || 5" + } + }, + "node_modules/webpackbar/node_modules/emoji-regex": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", + "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", + "license": "MIT" + }, + "node_modules/webpackbar/node_modules/markdown-table": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/markdown-table/-/markdown-table-2.0.0.tgz", + "integrity": "sha512-Ezda85ToJUBhM6WGaG6veasyym+Tbs3cMAw/ZhOPqXiYsr0jgocBV3j3nx+4lk47plLlIqjwuTm/ywVI+zjJ/A==", + "license": "MIT", + "dependencies": { + "repeat-string": "^1.0.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + }, + "node_modules/webpackbar/node_modules/string-width": { + "version": "4.2.3", + "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", + "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", + "license": "MIT", + "dependencies": { + "emoji-regex": "^8.0.0", + "is-fullwidth-code-point": "^3.0.0", + "strip-ansi": "^6.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/webpackbar/node_modules/wrap-ansi": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", + "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", + "license": "MIT", + "dependencies": { + "ansi-styles": "^4.0.0", + "string-width": "^4.1.0", + "strip-ansi": "^6.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/wrap-ansi?sponsor=1" + } + }, + "node_modules/websocket-driver": { + "version": "0.7.4", + "resolved": "https://registry.npmjs.org/websocket-driver/-/websocket-driver-0.7.4.tgz", + "integrity": "sha512-b17KeDIQVjvb0ssuSDF2cYXSg2iztliJ4B9WdsuB6J952qCPKmnVq4DyW5motImXHDC1cBT/1UezrJVsKw5zjg==", + "license": "Apache-2.0", + "dependencies": { + "http-parser-js": ">=0.5.1", + "safe-buffer": ">=5.1.0", + "websocket-extensions": ">=0.1.1" + }, + "engines": { + "node": ">=0.8.0" + } + }, + "node_modules/websocket-extensions": { + "version": "0.1.4", + "resolved": "https://registry.npmjs.org/websocket-extensions/-/websocket-extensions-0.1.4.tgz", + "integrity": "sha512-OqedPIGOfsDlo31UNwYbCFMSaO9m9G/0faIHj5/dZFDMFqPTcx6UwqyOy3COEaEOg/9VsGIpdqn62W5KhoKSpg==", + "license": "Apache-2.0", + "engines": { + "node": ">=0.8.0" + } + }, + "node_modules/which": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", + "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", + "license": "ISC", + "dependencies": { + "isexe": "^2.0.0" + }, + "bin": { + "node-which": "bin/node-which" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/widest-line": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/widest-line/-/widest-line-4.0.1.tgz", + "integrity": "sha512-o0cyEG0e8GPzT4iGHphIOh0cJOV8fivsXxddQasHPHfoZf1ZexrfeA21w2NaEN1RHE+fXlfISmOE8R9N3u3Qig==", + "license": "MIT", + "dependencies": { + "string-width": "^5.0.1" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/wildcard": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/wildcard/-/wildcard-2.0.1.tgz", + "integrity": "sha512-CC1bOL87PIWSBhDcTrdeLo6eGT7mCFtrg0uIJtqJUFyK+eJnzl8A1niH56uu7KMa5XFrtiV+AQuHO3n7DsHnLQ==", + "license": "MIT" + }, + "node_modules/wrap-ansi": { + "version": "8.1.0", + "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz", + "integrity": "sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==", + "license": "MIT", + "dependencies": { + "ansi-styles": "^6.1.0", + "string-width": "^5.0.1", + "strip-ansi": "^7.0.1" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/wrap-ansi?sponsor=1" + } + }, + "node_modules/wrap-ansi/node_modules/ansi-regex": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.1.0.tgz", + "integrity": "sha512-7HSX4QQb4CspciLpVFwyRe79O3xsIZDDLER21kERQ71oaPodF8jL725AgJMFAYbooIqolJoRLuM81SpeUkpkvA==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/ansi-regex?sponsor=1" + } + }, + "node_modules/wrap-ansi/node_modules/ansi-styles": { + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz", + "integrity": "sha512-bN798gFfQX+viw3R7yrGWRqnrN2oRkEkUjjl4JNn4E8GxxbjtG3FbrEIIY3l8/hrwUwIeCZvi4QuOTP4MErVug==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/wrap-ansi/node_modules/strip-ansi": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz", + "integrity": "sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ==", + "license": "MIT", + "dependencies": { + "ansi-regex": "^6.0.1" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/chalk/strip-ansi?sponsor=1" + } + }, + "node_modules/wrappy": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==", + "license": "ISC" + }, + "node_modules/write-file-atomic": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/write-file-atomic/-/write-file-atomic-3.0.3.tgz", + "integrity": "sha512-AvHcyZ5JnSfq3ioSyjrBkH9yW4m7Ayk8/9My/DD9onKeu/94fwrMocemO2QAJFAlnnDN+ZDS+ZjAR5ua1/PV/Q==", + "license": "ISC", + "dependencies": { + "imurmurhash": "^0.1.4", + "is-typedarray": "^1.0.0", + "signal-exit": "^3.0.2", + "typedarray-to-buffer": "^3.1.5" + } + }, + "node_modules/ws": { + "version": "7.5.10", + "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.10.tgz", + "integrity": "sha512-+dbF1tHwZpXcbOJdVOkzLDxZP1ailvSxM6ZweXTegylPny803bFhA+vqBYw4s31NSAk4S2Qz+AKXK9a4wkdjcQ==", + "license": "MIT", + "engines": { + "node": ">=8.3.0" + }, + "peerDependencies": { + "bufferutil": "^4.0.1", + "utf-8-validate": "^5.0.2" + }, + "peerDependenciesMeta": { + "bufferutil": { + "optional": true + }, + "utf-8-validate": { + "optional": true + } + } + }, + "node_modules/xdg-basedir": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/xdg-basedir/-/xdg-basedir-5.1.0.tgz", + "integrity": "sha512-GCPAHLvrIH13+c0SuacwvRYj2SxJXQ4kaVTT5xgL3kPrz56XxkF21IGhjSE1+W0aw7gpBWRGXLCPnPby6lSpmQ==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/xml-js": { + "version": "1.6.11", + "resolved": "https://registry.npmjs.org/xml-js/-/xml-js-1.6.11.tgz", + "integrity": "sha512-7rVi2KMfwfWFl+GpPg6m80IVMWXLRjO+PxTq7V2CDhoGak0wzYzFgUY2m4XJ47OGdXd8eLE8EmwfAmdjw7lC1g==", + "license": "MIT", + "dependencies": { + "sax": "^1.2.4" + }, + "bin": { + "xml-js": "bin/cli.js" + } + }, + "node_modules/yallist": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz", + "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==", + "license": "ISC" + }, + "node_modules/yaml": { + "version": "1.10.2", + "resolved": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz", + "integrity": "sha512-r3vXyErRCYJ7wg28yvBY5VSoAF8ZvlcW9/BwUzEtUsjvX/DKs24dIkuwjtuprwJJHsbyUbLApepYTR1BN4uHrg==", + "license": "ISC", + "engines": { + "node": ">= 6" + } + }, + "node_modules/yocto-queue": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-1.1.1.tgz", + "integrity": "sha512-b4JR1PFR10y1mKjhHY9LaGo6tmrgjit7hxVIeAmyMw3jegXR4dhYqLaQF5zMXZxY7tLpMyJeLjr1C4rLmkVe8g==", + "license": "MIT", + "engines": { + "node": ">=12.20" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/zwitch": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/zwitch/-/zwitch-2.0.4.tgz", + "integrity": "sha512-bXE4cR/kVZhKZX/RjPEflHaKVhUVl85noU3v6b8apfQEc1x4A+zBxjZ4lN8LqGd6WZ3dl98pY4o717VFmoPp+A==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/wooorm" + } + } + } +} diff --git a/docs/package.json b/docs/package.json index 3a3709df8..db98430e3 100644 --- a/docs/package.json +++ b/docs/package.json @@ -14,25 +14,25 @@ "write-heading-ids": "docusaurus write-heading-ids" }, "dependencies": { - "@cmfcmf/docusaurus-search-local": "^1.2.0", - "@docusaurus/core": "^3.5.2", - "@docusaurus/plugin-google-gtag": "^3.5.2", - "@docusaurus/preset-classic": "^3.5.2", - "@docusaurus/theme-mermaid": "^3.5.2", - "@mdx-js/react": "^3.0.0", - "asciinema-player": "^3.8.0", - "clsx": "^2.0.0", - "prism-react-renderer": "^2.3.0", - "react": "^18.0.0", - "react-dom": "^18.0.0" + "@cmfcmf/docusaurus-search-local": "1.2.0", + "@docusaurus/core": "3.6.2", + "@docusaurus/plugin-google-gtag": "3.6.2", + "@docusaurus/preset-classic": "3.6.2", + "@docusaurus/theme-mermaid": "3.6.2", + "@mdx-js/react": "3.1.0", + "asciinema-player": "3.8.1", + "clsx": "2.1.1", + "prism-react-renderer": "2.4.0", + "react": "18.3.1", + "react-dom": "18.3.1" }, "devDependencies": { - "@docusaurus/module-type-aliases": "^3.5.2", - "@docusaurus/types": "^3.5.2" + "@docusaurus/module-type-aliases": "3.6.2", + "@docusaurus/types": "3.6.2" }, "overrides": { "@cmfcmf/docusaurus-search-local": { - "@docusaurus/core": "3.5.2", + "@docusaurus/core": "3.6.2", "cheerio": "1.0.0-rc.12" } }, diff --git a/docs/versioned_docs/version-2.6/overview/performance.md b/docs/versioned_docs/version-2.6/overview/performance.md index 8be5b7952..aef594c46 100644 --- a/docs/versioned_docs/version-2.6/overview/performance.md +++ b/docs/versioned_docs/version-2.6/overview/performance.md @@ -181,7 +181,7 @@ The following `fio` settings were used: - IOPS: 4 KB blocks and 128 iodepth - Bandwidth: 1024 KB blocks and 128 iodepth -For more details, see the [`fio` test configuration](../../../../.github/actions/e2e_benchmark/fio.ini). +For more details, see the [`fio` test configuration](https://github.com/edgelesssys/constellation/blob/main/.github/actions/e2e_benchmark/fio.ini). The results for IOPS on Azure are as follows: diff --git a/docs/versioned_docs/version-2.7/overview/performance.md b/docs/versioned_docs/version-2.7/overview/performance.md index 8be5b7952..aef594c46 100644 --- a/docs/versioned_docs/version-2.7/overview/performance.md +++ b/docs/versioned_docs/version-2.7/overview/performance.md @@ -181,7 +181,7 @@ The following `fio` settings were used: - IOPS: 4 KB blocks and 128 iodepth - Bandwidth: 1024 KB blocks and 128 iodepth -For more details, see the [`fio` test configuration](../../../../.github/actions/e2e_benchmark/fio.ini). +For more details, see the [`fio` test configuration](https://github.com/edgelesssys/constellation/blob/main/.github/actions/e2e_benchmark/fio.ini). The results for IOPS on Azure are as follows: diff --git a/docs/versioned_docs/version-2.8/overview/performance.md b/docs/versioned_docs/version-2.8/overview/performance.md index 8be5b7952..aef594c46 100644 --- a/docs/versioned_docs/version-2.8/overview/performance.md +++ b/docs/versioned_docs/version-2.8/overview/performance.md @@ -181,7 +181,7 @@ The following `fio` settings were used: - IOPS: 4 KB blocks and 128 iodepth - Bandwidth: 1024 KB blocks and 128 iodepth -For more details, see the [`fio` test configuration](../../../../.github/actions/e2e_benchmark/fio.ini). +For more details, see the [`fio` test configuration](https://github.com/edgelesssys/constellation/blob/main/.github/actions/e2e_benchmark/fio.ini). The results for IOPS on Azure are as follows: From 775ba22ab2a37f80d767b510302b2a10005e0b69 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Thu, 21 Nov 2024 08:32:22 +0100 Subject: [PATCH 362/380] ci: run `terraform apply` in provider example test with timeout (#3482) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Run terraform apply with timeouts * Ignore lock file when running terraform destroy --------- Signed-off-by: Daniel Weiße --- .github/workflows/e2e-test-provider-example.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/e2e-test-provider-example.yml b/.github/workflows/e2e-test-provider-example.yml index db409633f..c56e092e2 100644 --- a/.github/workflows/e2e-test-provider-example.yml +++ b/.github/workflows/e2e-test-provider-example.yml @@ -337,12 +337,12 @@ jobs: sudo sh -c 'echo "127.0.0.1 license.confidential.cloud" >> /etc/hosts' terraform init if [[ "${{ inputs.attestationVariant }}" == "azure-sev-snp" ]]; then - terraform apply -target module.azure_iam -auto-approve - terraform apply -target module.azure_infrastructure -auto-approve + timeout 1h terraform apply -target module.azure_iam -auto-approve + timeout 1h terraform apply -target module.azure_infrastructure -auto-approve ${{ github.workspace }}/build/constellation maa-patch "$(terraform output -raw maa_url)" - terraform apply -target constellation_cluster.azure_example -auto-approve + timeout 1h terraform apply -target constellation_cluster.azure_example -auto-approve else - terraform apply -auto-approve + timeout 1h terraform apply -auto-approve fi - name: Cleanup Terraform Cluster on failure @@ -353,7 +353,7 @@ jobs: shell: bash run: | terraform init - terraform destroy -auto-approve + terraform destroy -auto-approve -lock=false - name: Add Provider to local Terraform registry # needed if release version was used before if: inputs.providerVersion != '' @@ -407,7 +407,7 @@ jobs: shell: bash run: | terraform init --upgrade - terraform apply -auto-approve + timeout 1h terraform apply -auto-approve - name: Assert upgrade successful working-directory: ${{ github.workspace }}/cluster @@ -475,7 +475,7 @@ jobs: shell: bash run: | terraform init - terraform destroy -auto-approve + terraform destroy -auto-approve -lock=false - name: Notify about failure if: | From 4026752e896ef6094aa34e83eead12681114dead Mon Sep 17 00:00:00 2001 From: 3u13r Date: Thu, 21 Nov 2024 09:03:05 +0100 Subject: [PATCH 363/380] docs: remove mentioning of Cilium's key rotation for IPSec since it does not apply to WireGuard (#3489) --- docs/docs/architecture/keys.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/docs/architecture/keys.md b/docs/docs/architecture/keys.md index 553d9d4e2..49821cd0b 100644 --- a/docs/docs/architecture/keys.md +++ b/docs/docs/architecture/keys.md @@ -42,7 +42,6 @@ Each node creates its own [Curve25519](http://cr.yp.to/ecdh.html) encryption key A node uses another node's public key to decrypt and encrypt traffic from and to Cilium-managed endpoints running on that node. Connections are always encrypted peer-to-peer using [ChaCha20](http://cr.yp.to/chacha.html) with [Poly1305](http://cr.yp.to/mac.html). WireGuard implements [forward secrecy with key rotation every 2 minutes](https://lists.zx2c4.com/pipermail/wireguard/2017-December/002141.html). -Cilium supports [key rotation](https://docs.cilium.io/en/stable/security/network/encryption-ipsec/#key-rotation) for the long-term node keys via Kubernetes secrets. ## Storage encryption From 4d65c7811bcb37dbcbc0b46a6cd41290c1981363 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Fri, 22 Nov 2024 09:18:26 +0100 Subject: [PATCH 364/380] image: update measurements and image version (#3491) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index f5791c4ee..d82518cb2 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x8a, 0x93, 0x3f, 0x00, 0x90, 0x4e, 0xd1, 0x37, 0x28, 0xf0, 0x55, 0x6f, 0xb8, 0x59, 0xab, 0x8a, 0xeb, 0x31, 0x9a, 0x1a, 0x06, 0xa0, 0xd7, 0x22, 0xe9, 0xbe, 0xcd, 0x51, 0x62, 0x81, 0x5b, 0xea}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x2f, 0xe9, 0xc4, 0x70, 0x0d, 0x9f, 0x92, 0xb2, 0x67, 0x00, 0x81, 0xd9, 0xb4, 0x79, 0x14, 0x03, 0x91, 0x00, 0xc3, 0x85, 0x48, 0x9c, 0xfe, 0xbe, 0x56, 0x40, 0xf9, 0x2f, 0x07, 0x98, 0x9a, 0x53}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x6c, 0x30, 0x4e, 0xca, 0x55, 0xb1, 0xb8, 0xb4, 0xcf, 0xd1, 0x87, 0x42, 0xe0, 0x12, 0x60, 0xba, 0x0c, 0x10, 0xd6, 0x20, 0xf9, 0x74, 0x69, 0x57, 0x20, 0xb1, 0xfc, 0xec, 0xd0, 0x4e, 0xae, 0x7d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xf5, 0xc0, 0x47, 0xf4, 0x55, 0x08, 0x76, 0x5b, 0x9a, 0x6f, 0x59, 0x18, 0x8d, 0x1f, 0x1d, 0xb7, 0x18, 0x62, 0x6e, 0x7c, 0xe4, 0x75, 0x96, 0x78, 0x5b, 0x0e, 0x5a, 0x8b, 0x85, 0xdf, 0xc4, 0xab}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xb2, 0x25, 0xa7, 0xc0, 0xd0, 0x3e, 0x95, 0x1a, 0x11, 0x70, 0x61, 0x51, 0xbf, 0xde, 0x60, 0x3c, 0x90, 0xe4, 0x85, 0xde, 0x89, 0x28, 0xd1, 0xcd, 0x8a, 0x84, 0xf6, 0xe1, 0x5e, 0x60, 0x66, 0x75}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe2, 0x00, 0xd4, 0x41, 0x19, 0x6a, 0x71, 0x3f, 0x6f, 0x5e, 0x0e, 0x8e, 0x9e, 0x3a, 0xe3, 0x53, 0x0e, 0xf1, 0xeb, 0xce, 0xea, 0x2c, 0xe1, 0x31, 0xfe, 0x79, 0x55, 0x5a, 0x25, 0x06, 0xb5, 0xe1}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x02, 0xc5, 0xf4, 0xf5, 0xfb, 0xce, 0x1f, 0x19, 0xae, 0xff, 0x8d, 0x97, 0xdb, 0xf8, 0x34, 0xda, 0x12, 0x90, 0x09, 0xa6, 0x36, 0x11, 0x95, 0xd5, 0x67, 0xc9, 0xa4, 0xdf, 0x7a, 0x0d, 0x59, 0x1d}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xdc, 0x9b, 0x23, 0x82, 0x22, 0xaa, 0x01, 0x8e, 0x01, 0xa0, 0x11, 0xc8, 0x0c, 0x3c, 0x1c, 0x14, 0x42, 0x0e, 0x3e, 0xcf, 0xf4, 0x01, 0xdf, 0xc6, 0x0f, 0xd4, 0x40, 0x3c, 0xc0, 0xae, 0xb7, 0xb4}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x0e, 0xad, 0xf7, 0xbc, 0xc6, 0x82, 0xff, 0xa6, 0xb1, 0x02, 0x03, 0xe2, 0xf5, 0x99, 0x3b, 0xe1, 0xc7, 0x3f, 0xc1, 0x3f, 0x5e, 0x02, 0x9e, 0xab, 0xab, 0x2e, 0x00, 0x5f, 0x3f, 0xb0, 0xfd, 0x2f}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xf0, 0x92, 0x33, 0xc9, 0xce, 0x47, 0xd0, 0xcf, 0xf8, 0x53, 0x4d, 0x6b, 0xa9, 0xc6, 0x6a, 0xcb, 0xf1, 0xd4, 0x42, 0x7b, 0x12, 0xb0, 0x2e, 0xd4, 0x9d, 0x40, 0xd9, 0xeb, 0xb1, 0x27, 0xb3, 0x3e}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x81, 0xe8, 0x95, 0x6e, 0x59, 0xb8, 0x68, 0x71, 0x86, 0x80, 0x6c, 0x30, 0x10, 0xfb, 0x2e, 0x5d, 0x4a, 0xab, 0x10, 0xe9, 0x8e, 0x89, 0x05, 0x59, 0x6b, 0xe5, 0x11, 0x06, 0xb6, 0xae, 0xb3, 0xe2}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd6, 0x73, 0xf9, 0x34, 0xdc, 0xfe, 0x77, 0x5a, 0xfd, 0x2a, 0x13, 0x9d, 0xd1, 0xff, 0x32, 0x45, 0xcc, 0xc7, 0x63, 0x6c, 0x7e, 0x93, 0x11, 0x6b, 0xed, 0xae, 0xa4, 0x2b, 0xf3, 0x17, 0xf1, 0xf1}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x7d, 0x0b, 0x8b, 0x80, 0xc0, 0x63, 0xbb, 0xe8, 0x0f, 0xd0, 0x23, 0x25, 0xa4, 0x39, 0x2d, 0x88, 0xc8, 0xf7, 0x60, 0x5b, 0xac, 0x30, 0xfd, 0xe2, 0x62, 0x39, 0x15, 0x6c, 0xd3, 0xe1, 0x6b, 0xf0}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xda, 0xe4, 0x09, 0x76, 0x61, 0x7e, 0xb5, 0x7b, 0x9f, 0x96, 0xfb, 0x74, 0x75, 0xbc, 0x2f, 0x83, 0xf5, 0xe3, 0xba, 0xa4, 0xb2, 0x1a, 0x3b, 0x1a, 0xdf, 0x01, 0xe6, 0x3c, 0xbd, 0x6f, 0xd9, 0x12}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xbd, 0x37, 0x6c, 0xe0, 0xea, 0x58, 0xa0, 0x81, 0x47, 0x53, 0xc2, 0x47, 0xe4, 0x9c, 0x91, 0xc3, 0xda, 0x94, 0xab, 0x0b, 0x95, 0x8f, 0x60, 0x86, 0x4e, 0xcc, 0x13, 0xe9, 0x51, 0x3f, 0x50, 0xb5}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xac, 0xe9, 0xb8, 0xd0, 0x07, 0xc0, 0x81, 0xd2, 0xac, 0x96, 0xa3, 0xb3, 0xe5, 0x8a, 0xfa, 0xe3, 0xc7, 0x50, 0x86, 0xd8, 0xd8, 0x35, 0xce, 0x24, 0x44, 0x77, 0xf1, 0xde, 0x3f, 0x0d, 0x4f, 0xa9}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x38, 0xa9, 0xb7, 0xf0, 0xed, 0xa7, 0x02, 0x53, 0x4d, 0x0c, 0x22, 0x58, 0xe4, 0x93, 0x71, 0x0b, 0xcc, 0xe1, 0x67, 0x6e, 0x5f, 0x59, 0x44, 0x7d, 0x85, 0x4a, 0x2d, 0xad, 0xe3, 0x9c, 0xcd, 0xac}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x8e, 0xb6, 0x24, 0x9a, 0x73, 0x14, 0x67, 0xd1, 0xcc, 0x8c, 0xb3, 0x98, 0xbd, 0xb5, 0xa7, 0xbd, 0x33, 0x98, 0x98, 0xc5, 0xbb, 0xf9, 0x93, 0xe7, 0x74, 0xa0, 0x73, 0x13, 0x50, 0x6b, 0x8f, 0x89}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x42, 0xed, 0x80, 0x5b, 0x73, 0xb0, 0xf8, 0x0d, 0x88, 0x48, 0x26, 0xfb, 0x18, 0x27, 0x8c, 0xb8, 0xd6, 0xc5, 0xfe, 0x2c, 0xf5, 0x3f, 0xa2, 0xd5, 0x06, 0x4c, 0x5d, 0x60, 0x1a, 0xae, 0x88, 0xc6}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xdb, 0xf1, 0x83, 0x30, 0x28, 0x9a, 0x9f, 0xd5, 0x1b, 0xa3, 0x5b, 0xa4, 0x79, 0x4b, 0xf8, 0x15, 0x09, 0x75, 0xa4, 0x49, 0x21, 0x77, 0x36, 0x14, 0xb7, 0x4a, 0x3d, 0xf4, 0xad, 0xe6, 0xda, 0x23}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x48, 0x51, 0x4b, 0x77, 0x6c, 0x8b, 0xc6, 0xf5, 0xbf, 0xe0, 0xe9, 0x0a, 0xc4, 0x6f, 0xcd, 0xe4, 0xb1, 0x22, 0xdd, 0x1c, 0x3c, 0xdf, 0xc8, 0x98, 0xcb, 0xd5, 0xb9, 0x1f, 0x9a, 0x0b, 0x25, 0x8d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x69, 0x46, 0x32, 0x3d, 0xbb, 0xce, 0x2f, 0x48, 0xa0, 0xc0, 0x00, 0x76, 0xdb, 0x2f, 0x2e, 0xcf, 0x16, 0x5d, 0x50, 0x1c, 0xa1, 0x2a, 0x47, 0x44, 0xcb, 0x02, 0x75, 0xd0, 0xdb, 0xc4, 0xcb, 0x81}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x57, 0xa0, 0x69, 0xf5, 0xe9, 0xbb, 0xcf, 0x07, 0xb3, 0x21, 0x2e, 0xf6, 0x63, 0xfa, 0x86, 0x11, 0x08, 0x50, 0x72, 0xdc, 0x1e, 0x4f, 0x3a, 0xed, 0x4b, 0xc6, 0xdc, 0x12, 0xcd, 0xb1, 0xa5, 0x48}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x0a, 0x92, 0xb0, 0x78, 0xe6, 0xe6, 0x03, 0x85, 0x79, 0x00, 0x40, 0x81, 0xf9, 0x24, 0x3a, 0x1c, 0x2b, 0x72, 0xee, 0x2d, 0xc4, 0x9d, 0xf3, 0x7e, 0xff, 0xec, 0x33, 0x91, 0xcb, 0x69, 0xf2, 0xa8}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x3b, 0xc5, 0x7c, 0x34, 0x53, 0x0a, 0x6c, 0x52, 0x00, 0x60, 0xc7, 0xea, 0x73, 0x16, 0x82, 0xfb, 0x45, 0x59, 0xfe, 0x72, 0x1f, 0xcd, 0x88, 0x37, 0xd0, 0xba, 0x2d, 0x4a, 0x45, 0x07, 0x9b, 0x45}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xcc, 0x1b, 0xcf, 0x16, 0x13, 0x9f, 0x97, 0xe1, 0x41, 0xc5, 0xa7, 0xc8, 0xb6, 0xea, 0x66, 0x61, 0x9e, 0x7d, 0x27, 0xb3, 0xea, 0x36, 0x96, 0x60, 0x75, 0x15, 0x88, 0x7d, 0xe6, 0xb1, 0xe3, 0x21}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x21, 0x1e, 0x5e, 0x91, 0x36, 0x24, 0x68, 0x36, 0x74, 0xa9, 0x27, 0xe7, 0x47, 0x1d, 0x1c, 0x10, 0xb2, 0xbe, 0x12, 0xb9, 0xe3, 0x11, 0x7e, 0xf8, 0x43, 0xcd, 0x73, 0xfd, 0x10, 0x61, 0x02, 0x3e}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x38, 0x88, 0x4f, 0xb9, 0x70, 0x16, 0x43, 0x3d, 0x8d, 0xc4, 0xe8, 0xf8, 0x7f, 0xdc, 0x13, 0x69, 0xf4, 0xed, 0x2c, 0x0b, 0x5c, 0xa7, 0x6f, 0xaa, 0x49, 0xae, 0xc5, 0x91, 0x41, 0x22, 0xd5, 0xd4}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xbc, 0x73, 0xb2, 0xea, 0xba, 0xc9, 0x5d, 0xf9, 0x4c, 0x92, 0x71, 0x70, 0x7f, 0x36, 0x82, 0x57, 0xd4, 0x36, 0x49, 0x5d, 0xdc, 0x42, 0x4a, 0xe2, 0x19, 0x2b, 0xbe, 0xf7, 0x23, 0xb8, 0x63, 0xcb}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x55, 0xe7, 0x64, 0x71, 0xb6, 0x18, 0x36, 0x42, 0x6c, 0x37, 0x95, 0xa2, 0xf1, 0x03, 0x1b, 0xa0, 0x65, 0x08, 0xca, 0xb1, 0x1e, 0x4c, 0x44, 0xe7, 0xa8, 0xe9, 0x7d, 0x52, 0x09, 0xac, 0x78, 0x87}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0xa2, 0xc8, 0x60, 0x6a, 0x6e, 0x4a, 0x9b, 0xd1, 0xd6, 0x88, 0x65, 0x3b, 0xb5, 0x40, 0x37, 0x8c, 0xb7, 0xdb, 0xf2, 0x86, 0x68, 0x4b, 0xf7, 0x6d, 0xf7, 0xab, 0x1b, 0xd7, 0xa5, 0xb6, 0xfe, 0xd8}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x36, 0x95, 0x4d, 0xe1, 0x55, 0x7c, 0x94, 0x4a, 0x6c, 0xd8, 0xca, 0xad, 0x73, 0x35, 0xf1, 0x5d, 0x4e, 0x18, 0x22, 0x62, 0xd0, 0xdf, 0x2c, 0x5b, 0x4f, 0x39, 0x06, 0x4a, 0xe0, 0x99, 0xca, 0x19}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x8b, 0x44, 0xc5, 0x81, 0x1b, 0xa5, 0x3e, 0x60, 0x3f, 0xe9, 0x82, 0x93, 0x1a, 0x17, 0x6c, 0x14, 0xc8, 0x28, 0x9c, 0x73, 0xbe, 0x15, 0xe6, 0x15, 0xa3, 0xe5, 0xd9, 0x02, 0x66, 0x9e, 0x9e, 0x5b}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xfc, 0xa2, 0x2b, 0x78, 0x42, 0xf3, 0xc1, 0x67, 0x1e, 0xb5, 0xab, 0x83, 0x30, 0x78, 0x90, 0xc9, 0x35, 0x39, 0x72, 0x9e, 0x6a, 0x5e, 0x90, 0x6c, 0x28, 0xf6, 0x4e, 0x67, 0x17, 0x76, 0x11, 0x42}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xef, 0x9d, 0x9e, 0x46, 0x0e, 0x74, 0xd0, 0x4c, 0x70, 0xf1, 0x4a, 0x50, 0x51, 0xed, 0x01, 0x98, 0xc9, 0xbc, 0x7b, 0xba, 0x23, 0x52, 0xb9, 0x78, 0x9b, 0x4d, 0xe3, 0x40, 0x98, 0x08, 0xf8, 0x17}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xcf, 0x9a, 0x53, 0xe9, 0x55, 0x12, 0x1a, 0xc7, 0xae, 0x3f, 0xe4, 0x49, 0xbd, 0x27, 0x62, 0x3d, 0xd5, 0x64, 0xbe, 0x2d, 0x52, 0x88, 0xaa, 0x5b, 0xc6, 0xa1, 0xc6, 0xbd, 0xcb, 0x11, 0x6b, 0x29}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x7f, 0x23, 0xfb, 0xdc, 0xdd, 0x33, 0x04, 0xa3, 0x72, 0xdc, 0x98, 0xfb, 0x2f, 0x16, 0xc2, 0xa8, 0x93, 0xdd, 0x49, 0xda, 0x8b, 0x8e, 0xdf, 0x76, 0xd5, 0x81, 0x9d, 0x80, 0x5f, 0x25, 0x2e, 0x1f}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xdc, 0x18, 0xd0, 0xd8, 0x34, 0xd7, 0x65, 0xb9, 0x08, 0xc3, 0x6b, 0x7c, 0xdc, 0xf1, 0xde, 0x71, 0xc9, 0x1b, 0xb1, 0xbf, 0x4a, 0x72, 0x35, 0x45, 0x26, 0xee, 0x4f, 0xa5, 0x22, 0xf5, 0x52, 0x95}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x91, 0xee, 0xf7, 0x69, 0x64, 0x2e, 0x29, 0x2c, 0x69, 0x96, 0xde, 0x18, 0x98, 0x74, 0x76, 0x80, 0x69, 0x89, 0xc2, 0xaf, 0x79, 0x7b, 0xaf, 0xdf, 0x5d, 0x47, 0x0b, 0x29, 0xba, 0x11, 0x2e, 0xd8}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0xc4, 0x66, 0x90, 0xb2, 0x52, 0x69, 0xb9, 0xc9, 0x7c, 0x4c, 0x39, 0x5a, 0xe3, 0xca, 0x75, 0xc1, 0x7a, 0x68, 0xa9, 0x59, 0xea, 0x89, 0xe9, 0xdb, 0xd3, 0x2b, 0x6e, 0xc7, 0x17, 0x96, 0x11, 0xb2}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x1e, 0x17, 0xf2, 0x8b, 0x15, 0xc6, 0xf5, 0x98, 0xcf, 0x1d, 0x5e, 0xb4, 0x38, 0xfe, 0x0e, 0xba, 0x82, 0x02, 0xc8, 0x9e, 0x31, 0x0b, 0x01, 0x0d, 0x31, 0x8d, 0x47, 0x63, 0x8d, 0xf9, 0x0e, 0xef}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x31, 0x68, 0x30, 0x81, 0xc0, 0x3b, 0xdb, 0xd7, 0xef, 0x8f, 0x5d, 0x3c, 0x34, 0xc7, 0x6d, 0x98, 0x99, 0x97, 0xdb, 0x52, 0xbb, 0xed, 0x73, 0x66, 0xc3, 0xf0, 0x89, 0x84, 0x35, 0xd4, 0x07, 0x40}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0x5c, 0x9d, 0xdc, 0x8c, 0x48, 0x5e, 0xe5, 0x67, 0xb0, 0x37, 0xdb, 0x47, 0xa5, 0x69, 0xa6, 0x16, 0x2c, 0xc2, 0xc2, 0xb6, 0x1e, 0x85, 0xd7, 0x62, 0x8c, 0xf5, 0x41, 0x48, 0x88, 0x57, 0x7e, 0xbf}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd5, 0xd4, 0xdd, 0x66, 0x1b, 0x1a, 0x03, 0xdd, 0xad, 0x86, 0xcb, 0x35, 0x9d, 0xae, 0x6a, 0xd9, 0xad, 0x58, 0x02, 0xef, 0x19, 0xa6, 0xae, 0xdf, 0x28, 0xa0, 0x07, 0xbf, 0xd8, 0x10, 0xfc, 0xb0}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x72, 0x1a, 0xac, 0x58, 0x65, 0x2f, 0x9f, 0xd3, 0x2b, 0x0c, 0x05, 0x45, 0x59, 0xa4, 0x01, 0x82, 0x98, 0x5b, 0x78, 0x18, 0x6e, 0x80, 0x70, 0xba, 0xd9, 0x4f, 0xc4, 0x02, 0xad, 0xf9, 0xb2, 0x62}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0x14, 0xa1, 0x03, 0x2f, 0x67, 0x6a, 0xa3, 0x7f, 0xc5, 0x0d, 0xc9, 0x3f, 0xc7, 0x80, 0x1a, 0x0b, 0x61, 0x51, 0x6e, 0xc7, 0xe6, 0x43, 0x69, 0x4f, 0x6a, 0xe6, 0x5a, 0x86, 0xa9, 0x5e, 0xb2, 0x08}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xaf, 0x7f, 0xf0, 0x58, 0xc1, 0x7c, 0xc7, 0x92, 0xec, 0xb4, 0x5d, 0x27, 0xc0, 0xe7, 0x0b, 0x0b, 0xb0, 0xb9, 0x8c, 0xa2, 0xf1, 0x54, 0x82, 0x31, 0xc2, 0xee, 0xf6, 0x36, 0xe4, 0x36, 0xd8, 0x12}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe1, 0xd2, 0xf6, 0xce, 0xac, 0x14, 0x65, 0xbe, 0x74, 0x13, 0xac, 0x00, 0x68, 0xae, 0x0a, 0xef, 0x98, 0xe8, 0x55, 0x0b, 0x69, 0xe9, 0x31, 0x25, 0xce, 0xc5, 0x5e, 0xc9, 0x32, 0x88, 0x09, 0xbc}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index 7be35ad68..3ddaccce6 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.20.0-pre.0.20241118163632-e0c95a34bb2e" + defaultImage = "ref/main/stream/nightly/v2.20.0-pre.0.20241121090305-4026752e896e" ) From f06830ec1aaa3443875ffd205ebd126c1d332eb7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Fri, 22 Nov 2024 11:01:09 +0100 Subject: [PATCH 365/380] deps: update google/go-sev-guest to v0.11.2-0.20241122022416-97a55186df28 (#3490) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- go.mod | 5 +---- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index def6ff077..d9a8d61a2 100644 --- a/go.mod +++ b/go.mod @@ -5,9 +5,6 @@ go 1.23.2 // TODO(daniel-weisse): revert after merging https://github.com/martinjungblut/go-cryptsetup/pull/16. replace github.com/martinjungblut/go-cryptsetup => github.com/daniel-weisse/go-cryptsetup v0.0.0-20230705150314-d8c07bd1723c -// TODO(daniel-weisse): revert after merging https://github.com/google/go-sev-guest/pull/141 -replace github.com/google/go-sev-guest => github.com/daniel-weisse/go-sev-guest v0.0.0-20241119094629-5e3e5f5cbfed - // Kubernetes replace directives are required because we depend on k8s.io/kubernetes/cmd/kubeadm // k8s discourages usage of k8s.io/kubernetes as a dependency, but no external staging repositories for kubeadm exist. // Our code does not actually depend on these packages, but `go mod download` breaks without this replace directive. @@ -70,7 +67,7 @@ require ( github.com/go-playground/universal-translator v0.18.1 github.com/go-playground/validator/v10 v10.22.1 github.com/golang-jwt/jwt/v5 v5.2.1 - github.com/google/go-sev-guest v0.11.1 + github.com/google/go-sev-guest v0.11.2-0.20241122022416-97a55186df28 github.com/google/go-tdx-guest v0.3.1 github.com/google/go-tpm v0.9.1 github.com/google/go-tpm-tools v0.4.4 diff --git a/go.sum b/go.sum index 26266e840..366de64dc 100644 --- a/go.sum +++ b/go.sum @@ -258,8 +258,6 @@ github.com/cyphar/filepath-securejoin v0.3.1 h1:1V7cHiaW+C+39wEfpH6XlLBQo3j/PciW github.com/cyphar/filepath-securejoin v0.3.1/go.mod h1:F7i41x/9cBF7lzCrVsYs9fuzwRZm4NQsGTBdpp6mETc= github.com/daniel-weisse/go-cryptsetup v0.0.0-20230705150314-d8c07bd1723c h1:ToajP6trZoiqlZ3Z4uoG1P02/wtqSw1AcowOXOYjATk= github.com/daniel-weisse/go-cryptsetup v0.0.0-20230705150314-d8c07bd1723c/go.mod h1:gZoZ0+POlM1ge/VUxWpMmZVNPzzMJ7l436CgkQ5+qzU= -github.com/daniel-weisse/go-sev-guest v0.0.0-20241119094629-5e3e5f5cbfed h1:GU69wqX8D/EvBYvL+cubkdCrilWioZIrNzINP0t2gaY= -github.com/daniel-weisse/go-sev-guest v0.0.0-20241119094629-5e3e5f5cbfed/go.mod h1:8+UOtSaqVIZjJJ9DDmgRko3J/kNc6jI5KLHxoeao7cA= github.com/danieljoos/wincred v1.2.0 h1:ozqKHaLK0W/ii4KVbbvluM91W2H3Sh0BncbUNPS7jLE= github.com/danieljoos/wincred v1.2.0/go.mod h1:FzQLLMKBFdvu+osBrnFODiv32YGwCfx0SkRa/eYHgec= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -454,6 +452,8 @@ github.com/google/go-configfs-tsm v0.2.2 h1:YnJ9rXIOj5BYD7/0DNnzs8AOp7UcvjfTvt21 github.com/google/go-configfs-tsm v0.2.2/go.mod h1:EL1GTDFMb5PZQWDviGfZV9n87WeGTR/JUg13RfwkgRo= github.com/google/go-containerregistry v0.20.2 h1:B1wPJ1SN/S7pB+ZAimcciVD+r+yV/l/DSArMxlbwseo= github.com/google/go-containerregistry v0.20.2/go.mod h1:z38EKdKh4h7IP2gSfUUqEvalZBqs6AoLeWfUy34nQC8= +github.com/google/go-sev-guest v0.11.2-0.20241122022416-97a55186df28 h1:dFOaRoS7lz9+t6aJeWjyBsuIMSZFQEmxGEoTW54sxP0= +github.com/google/go-sev-guest v0.11.2-0.20241122022416-97a55186df28/go.mod h1:SK9vW+uyfuzYdVN0m8BShL3OQCtXZe/JPF7ZkpD3760= github.com/google/go-tdx-guest v0.3.1 h1:gl0KvjdsD4RrJzyLefDOvFOUH3NAJri/3qvaL5m83Iw= github.com/google/go-tdx-guest v0.3.1/go.mod h1:/rc3d7rnPykOPuY8U9saMyEps0PZDThLk/RygXm04nE= github.com/google/go-tpm v0.9.1 h1:0pGc4X//bAlmZzMKf8iz6IsDo1nYTbYJ6FZN/rg4zdM= From b2e99af86cebd4bb1e2f4771acc0ec4fd1c5d910 Mon Sep 17 00:00:00 2001 From: Thomas Tendyck Date: Fri, 22 Nov 2024 16:03:04 +0100 Subject: [PATCH 366/380] docs: refactor gtag --- docs/docusaurus.config.js | 12 +++++------- docs/package-lock.json | 1 - docs/package.json | 1 - docs/static/gtagman.js | 5 +++++ 4 files changed, 10 insertions(+), 9 deletions(-) create mode 100644 docs/static/gtagman.js diff --git a/docs/docusaurus.config.js b/docs/docusaurus.config.js index a4b1f30f7..d5d220fdf 100644 --- a/docs/docusaurus.config.js +++ b/docs/docusaurus.config.js @@ -23,9 +23,11 @@ async function createConfig() { // scripts scripts: [ - { src: 'https://plausible.io/js/plausible.js', async: true, defer: true, 'data-domain': 'docs.edgeless.systems' }, - { id: "Cookiebot", src: "https://consent.cookiebot.com/uc.js", "data-cbid": "a0cc864f-0b67-49be-8d65-9ed354de2ee6", "data-blockingmode": "auto" }, - { id: "CookieDeclaration", src: "https://consent.cookiebot.com/a0cc864f-0b67-49be-8d65-9ed354de2ee6/cd.js" } + { + src: '/constellation/gtagman.js', + async: true, + "data-cookieconsent": "ignore", + }, ], // Even if you don't use internalization, you can use this field to set useful @@ -59,10 +61,6 @@ async function createConfig() { theme: { customCss: require.resolve('./src/css/custom.css'), }, - gtag: { - trackingID: 'G-3DVYB2CHLG', - anonymizeIP: true, - } }), ], ], diff --git a/docs/package-lock.json b/docs/package-lock.json index 300d928d7..41c393918 100644 --- a/docs/package-lock.json +++ b/docs/package-lock.json @@ -10,7 +10,6 @@ "dependencies": { "@cmfcmf/docusaurus-search-local": "1.2.0", "@docusaurus/core": "3.6.2", - "@docusaurus/plugin-google-gtag": "3.6.2", "@docusaurus/preset-classic": "3.6.2", "@docusaurus/theme-mermaid": "3.6.2", "@mdx-js/react": "3.1.0", diff --git a/docs/package.json b/docs/package.json index db98430e3..5ee770b61 100644 --- a/docs/package.json +++ b/docs/package.json @@ -16,7 +16,6 @@ "dependencies": { "@cmfcmf/docusaurus-search-local": "1.2.0", "@docusaurus/core": "3.6.2", - "@docusaurus/plugin-google-gtag": "3.6.2", "@docusaurus/preset-classic": "3.6.2", "@docusaurus/theme-mermaid": "3.6.2", "@mdx-js/react": "3.1.0", diff --git a/docs/static/gtagman.js b/docs/static/gtagman.js new file mode 100644 index 000000000..57bf6717a --- /dev/null +++ b/docs/static/gtagman.js @@ -0,0 +1,5 @@ +(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': +new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], +j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= +'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); +})(window,document,'script','dataLayer','GTM-NF9NM7V'); From 871be808777e79d5d1239a526a5c6f5c6a93d175 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Tue, 26 Nov 2024 08:55:33 +0100 Subject: [PATCH 367/380] ci: update workflows to initialize upgrade tests with v2.19.3 (#3494) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- .github/workflows/e2e-test-release.yml | 2 +- .github/workflows/e2e-test-weekly.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/e2e-test-release.yml b/.github/workflows/e2e-test-release.yml index cd83c78de..95cc6042d 100644 --- a/.github/workflows/e2e-test-release.yml +++ b/.github/workflows/e2e-test-release.yml @@ -409,7 +409,7 @@ jobs: fail-fast: false max-parallel: 1 matrix: - fromVersion: ["v2.19.0"] + fromVersion: ["v2.19.3"] attestationVariant: ["gcp-sev-snp", "azure-sev-snp", "azure-tdx", "aws-sev-snp"] name: Run upgrade tests secrets: inherit diff --git a/.github/workflows/e2e-test-weekly.yml b/.github/workflows/e2e-test-weekly.yml index a1067726b..2cdbe36fe 100644 --- a/.github/workflows/e2e-test-weekly.yml +++ b/.github/workflows/e2e-test-weekly.yml @@ -420,7 +420,7 @@ jobs: fail-fast: false max-parallel: 1 matrix: - fromVersion: ["v2.19.0"] + fromVersion: ["v2.19.3"] attestationVariant: ["gcp-sev-snp", "azure-sev-snp", "azure-tdx", "aws-sev-snp"] name: Run upgrade tests secrets: inherit From fbdf1db053a8f6cc702823a39b29e969e547fcd3 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 26 Nov 2024 09:27:43 +0100 Subject: [PATCH 368/380] deps: update bazel (plugins) (#3486) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- bazel/toolchains/container_images.bzl | 2 +- bazel/toolchains/nixpkgs_deps.bzl | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/bazel/toolchains/container_images.bzl b/bazel/toolchains/container_images.bzl index 38511c0b6..cd82c6fae 100644 --- a/bazel/toolchains/container_images.bzl +++ b/bazel/toolchains/container_images.bzl @@ -7,7 +7,7 @@ load("@rules_oci//oci:pull.bzl", "oci_pull") def containter_image_deps(): oci_pull( name = "distroless_static", - digest = "sha256:69830f29ed7545c762777507426a412f97dad3d8d32bae3e74ad3fb6160917ea", + digest = "sha256:f4a57e8ffd7ba407bdd0eb315bb54ef1f21a2100a7f032e9102e4da34fe7c196", image = "gcr.io/distroless/static", platforms = [ "linux/amd64", diff --git a/bazel/toolchains/nixpkgs_deps.bzl b/bazel/toolchains/nixpkgs_deps.bzl index b080f8aa2..c28c10cef 100644 --- a/bazel/toolchains/nixpkgs_deps.bzl +++ b/bazel/toolchains/nixpkgs_deps.bzl @@ -5,11 +5,11 @@ load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") def nixpkgs_deps(): http_archive( name = "io_tweag_rules_nixpkgs", - sha256 = "f2c927815c18c088f02ff81caf9903f9c0b2596ac6e6bd40534bc299af9dc0d7", - strip_prefix = "rules_nixpkgs-705ee3b26cf49e990cddbbe6f60510fa46d50904", + sha256 = "1ce13c13a2f354fd37016d9fb333efeddcb308e89db9b3a8f45eafce57746f49", + strip_prefix = "rules_nixpkgs-668609f0b3627751651cb325166d0e95062be3f7", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/f2c927815c18c088f02ff81caf9903f9c0b2596ac6e6bd40534bc299af9dc0d7", - "https://github.com/tweag/rules_nixpkgs/archive/705ee3b26cf49e990cddbbe6f60510fa46d50904.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/1ce13c13a2f354fd37016d9fb333efeddcb308e89db9b3a8f45eafce57746f49", + "https://github.com/tweag/rules_nixpkgs/archive/668609f0b3627751651cb325166d0e95062be3f7.tar.gz", ], type = "tar.gz", ) From 52372ae80800eb9210784e95e99a9e302e95ef4d Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Tue, 26 Nov 2024 10:38:18 +0100 Subject: [PATCH 369/380] bootstrapper: only err if no control plane IPs available (#3496) Previously we errored out of the entire join if retrieval of either LB IP or control plane public IP failed. This resulted in the entire "use either IP" logic not working as intended. This now makes it log a warning only if the IP retrievals fail, and only errors out of the join if no IP can be found at all. --- bootstrapper/internal/joinclient/joinclient.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bootstrapper/internal/joinclient/joinclient.go b/bootstrapper/internal/joinclient/joinclient.go index 5963ad7f8..37c9e9b8f 100644 --- a/bootstrapper/internal/joinclient/joinclient.go +++ b/bootstrapper/internal/joinclient/joinclient.go @@ -173,13 +173,13 @@ func (c *JoinClient) tryJoinWithAvailableServices() (ticket *joinproto.IssueJoin endpoint, _, err := c.metadataAPI.GetLoadBalancerEndpoint(ctx) if err != nil { - return nil, nil, fmt.Errorf("failed to get load balancer endpoint: %w", err) + c.log.Warn("Failed to get load balancer endpoint", "err", err) } endpoints = append(endpoints, endpoint) ips, err := c.getControlPlaneIPs(ctx) if err != nil { - return nil, nil, fmt.Errorf("failed to get control plane IPs: %w", err) + c.log.Warn("Failed to get control plane IPs", "err", err) } endpoints = append(endpoints, ips...) From 143f68385217a5d6d71eb55ab98ceb53451a72a7 Mon Sep 17 00:00:00 2001 From: Adrian Stobbe Date: Tue, 26 Nov 2024 16:50:41 +0100 Subject: [PATCH 370/380] make post release more promiment (#3497) --- dev-docs/workflows/release.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/dev-docs/workflows/release.md b/dev-docs/workflows/release.md index 3460edb15..f250b340a 100644 --- a/dev-docs/workflows/release.md +++ b/dev-docs/workflows/release.md @@ -46,6 +46,8 @@ Releases should be performed using [the automated release pipeline](https://gith 6. look over the autogenerated draft release. When fixing the changelog, prioritize updating the PR title/labels/description and regenerating the changelog over fixing things in the final changelog. The changelog should be primarily aimed at users. Rule of thumb: first part of the sentence should describe what changed for the user, second part can describe what has been changed to achieve this. 7. in the GitHub release UI, make sure the tag to create on release is set to `$ver`, and the target commit is set to the temporary release branch. 8. publish. +9. follow [post release steps](#post-release-steps). + ### Minor release @@ -78,6 +80,7 @@ Releases should be performed using [the automated release pipeline](https://gith 8. set the Target to `tmp/${ver}` 9. in the GitHub release UI, make sure the tag to create on release is set to `$ver`, and the target commit is set to the temporary release branch. 10. publish. +11. follow [post release steps](#post-release-steps). ## Post release steps From 247df63d68d0bce2cc85c1b5e1f1e5a2679aa2ec Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Wed, 27 Nov 2024 08:31:00 +0100 Subject: [PATCH 371/380] image: update measurements and image version (#3500) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index d82518cb2..57a7f1c0c 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x7d, 0x0b, 0x8b, 0x80, 0xc0, 0x63, 0xbb, 0xe8, 0x0f, 0xd0, 0x23, 0x25, 0xa4, 0x39, 0x2d, 0x88, 0xc8, 0xf7, 0x60, 0x5b, 0xac, 0x30, 0xfd, 0xe2, 0x62, 0x39, 0x15, 0x6c, 0xd3, 0xe1, 0x6b, 0xf0}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xda, 0xe4, 0x09, 0x76, 0x61, 0x7e, 0xb5, 0x7b, 0x9f, 0x96, 0xfb, 0x74, 0x75, 0xbc, 0x2f, 0x83, 0xf5, 0xe3, 0xba, 0xa4, 0xb2, 0x1a, 0x3b, 0x1a, 0xdf, 0x01, 0xe6, 0x3c, 0xbd, 0x6f, 0xd9, 0x12}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xbd, 0x37, 0x6c, 0xe0, 0xea, 0x58, 0xa0, 0x81, 0x47, 0x53, 0xc2, 0x47, 0xe4, 0x9c, 0x91, 0xc3, 0xda, 0x94, 0xab, 0x0b, 0x95, 0x8f, 0x60, 0x86, 0x4e, 0xcc, 0x13, 0xe9, 0x51, 0x3f, 0x50, 0xb5}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xac, 0xe9, 0xb8, 0xd0, 0x07, 0xc0, 0x81, 0xd2, 0xac, 0x96, 0xa3, 0xb3, 0xe5, 0x8a, 0xfa, 0xe3, 0xc7, 0x50, 0x86, 0xd8, 0xd8, 0x35, 0xce, 0x24, 0x44, 0x77, 0xf1, 0xde, 0x3f, 0x0d, 0x4f, 0xa9}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x38, 0xa9, 0xb7, 0xf0, 0xed, 0xa7, 0x02, 0x53, 0x4d, 0x0c, 0x22, 0x58, 0xe4, 0x93, 0x71, 0x0b, 0xcc, 0xe1, 0x67, 0x6e, 0x5f, 0x59, 0x44, 0x7d, 0x85, 0x4a, 0x2d, 0xad, 0xe3, 0x9c, 0xcd, 0xac}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x8e, 0xb6, 0x24, 0x9a, 0x73, 0x14, 0x67, 0xd1, 0xcc, 0x8c, 0xb3, 0x98, 0xbd, 0xb5, 0xa7, 0xbd, 0x33, 0x98, 0x98, 0xc5, 0xbb, 0xf9, 0x93, 0xe7, 0x74, 0xa0, 0x73, 0x13, 0x50, 0x6b, 0x8f, 0x89}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x42, 0xed, 0x80, 0x5b, 0x73, 0xb0, 0xf8, 0x0d, 0x88, 0x48, 0x26, 0xfb, 0x18, 0x27, 0x8c, 0xb8, 0xd6, 0xc5, 0xfe, 0x2c, 0xf5, 0x3f, 0xa2, 0xd5, 0x06, 0x4c, 0x5d, 0x60, 0x1a, 0xae, 0x88, 0xc6}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xdb, 0xf1, 0x83, 0x30, 0x28, 0x9a, 0x9f, 0xd5, 0x1b, 0xa3, 0x5b, 0xa4, 0x79, 0x4b, 0xf8, 0x15, 0x09, 0x75, 0xa4, 0x49, 0x21, 0x77, 0x36, 0x14, 0xb7, 0x4a, 0x3d, 0xf4, 0xad, 0xe6, 0xda, 0x23}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x48, 0x51, 0x4b, 0x77, 0x6c, 0x8b, 0xc6, 0xf5, 0xbf, 0xe0, 0xe9, 0x0a, 0xc4, 0x6f, 0xcd, 0xe4, 0xb1, 0x22, 0xdd, 0x1c, 0x3c, 0xdf, 0xc8, 0x98, 0xcb, 0xd5, 0xb9, 0x1f, 0x9a, 0x0b, 0x25, 0x8d}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x69, 0x46, 0x32, 0x3d, 0xbb, 0xce, 0x2f, 0x48, 0xa0, 0xc0, 0x00, 0x76, 0xdb, 0x2f, 0x2e, 0xcf, 0x16, 0x5d, 0x50, 0x1c, 0xa1, 0x2a, 0x47, 0x44, 0xcb, 0x02, 0x75, 0xd0, 0xdb, 0xc4, 0xcb, 0x81}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x57, 0xa0, 0x69, 0xf5, 0xe9, 0xbb, 0xcf, 0x07, 0xb3, 0x21, 0x2e, 0xf6, 0x63, 0xfa, 0x86, 0x11, 0x08, 0x50, 0x72, 0xdc, 0x1e, 0x4f, 0x3a, 0xed, 0x4b, 0xc6, 0xdc, 0x12, 0xcd, 0xb1, 0xa5, 0x48}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x0a, 0x92, 0xb0, 0x78, 0xe6, 0xe6, 0x03, 0x85, 0x79, 0x00, 0x40, 0x81, 0xf9, 0x24, 0x3a, 0x1c, 0x2b, 0x72, 0xee, 0x2d, 0xc4, 0x9d, 0xf3, 0x7e, 0xff, 0xec, 0x33, 0x91, 0xcb, 0x69, 0xf2, 0xa8}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x93, 0xca, 0x1a, 0xed, 0x66, 0x24, 0xd4, 0xd3, 0x2d, 0x67, 0x5a, 0x42, 0xe5, 0x21, 0x93, 0x77, 0x09, 0x19, 0xe9, 0xf8, 0x1f, 0x4d, 0x57, 0x2d, 0x79, 0xfd, 0xe3, 0xcb, 0x6f, 0xf8, 0xcc, 0xde}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x3f, 0x1f, 0x00, 0x51, 0xbe, 0x65, 0x95, 0xb6, 0x35, 0x25, 0xf6, 0x3c, 0x23, 0x34, 0xb3, 0x52, 0x05, 0x7b, 0x7b, 0x05, 0xfb, 0x23, 0x07, 0xe1, 0x69, 0xa9, 0x61, 0x59, 0x3f, 0x43, 0xfb, 0x71}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x07, 0x80, 0x36, 0xb7, 0x4e, 0xc8, 0xe4, 0xdb, 0xec, 0xf3, 0x13, 0x94, 0x87, 0x02, 0x7c, 0x2e, 0x76, 0x1c, 0x0b, 0x3f, 0x17, 0x4b, 0xae, 0xb1, 0x5f, 0x5f, 0xed, 0x43, 0xae, 0x00, 0x78, 0xc7}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xf1, 0x27, 0xd4, 0xda, 0x84, 0xb7, 0x4b, 0xb1, 0x25, 0x4e, 0x0a, 0xe0, 0x67, 0x91, 0xcc, 0xde, 0xd9, 0x6a, 0xd5, 0xf0, 0xdf, 0xe2, 0x05, 0x48, 0x79, 0x47, 0x3e, 0x7a, 0xfa, 0xa0, 0xdc, 0xcf}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xed, 0x82, 0x06, 0x6b, 0x9b, 0x4c, 0x0a, 0xf3, 0x48, 0x87, 0x2c, 0x48, 0xf1, 0x00, 0xa4, 0x22, 0xa4, 0x54, 0x1b, 0x8a, 0xc8, 0x1b, 0xac, 0x55, 0xec, 0xff, 0xf9, 0x12, 0x01, 0x5d, 0x28, 0xf6}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x63, 0x0e, 0x7a, 0x55, 0xdd, 0x68, 0x99, 0xdb, 0x41, 0xb4, 0x1f, 0xef, 0xf8, 0x9e, 0x4d, 0xf8, 0x1f, 0x57, 0xa8, 0x2a, 0x4a, 0x0c, 0x23, 0x0d, 0x17, 0x1c, 0x6c, 0x34, 0x66, 0xd1, 0xab, 0x07}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x29, 0x72, 0xed, 0x03, 0x75, 0xb0, 0x95, 0xd5, 0xce, 0x32, 0x12, 0x68, 0xc8, 0x62, 0x78, 0x88, 0x44, 0xe6, 0x2c, 0x48, 0xa7, 0xc2, 0x72, 0x6a, 0x24, 0xd0, 0x76, 0x26, 0x7a, 0x80, 0x01, 0xa3}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xa3, 0xaf, 0xc3, 0x5d, 0xe9, 0x4b, 0x27, 0xf9, 0x75, 0x81, 0x7a, 0x7e, 0x6f, 0xf0, 0xcf, 0x61, 0x86, 0x02, 0x55, 0x04, 0x8b, 0x82, 0x2d, 0x45, 0x4c, 0x86, 0xa2, 0xc5, 0xfc, 0xc2, 0xfd, 0x3c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x0d, 0x49, 0x67, 0xd5, 0xc9, 0x9c, 0xbe, 0x08, 0x4a, 0x7b, 0x67, 0x2e, 0x22, 0x9c, 0x8e, 0xfe, 0x24, 0x66, 0xae, 0x06, 0x56, 0x3a, 0x07, 0x1b, 0xa1, 0xe1, 0x66, 0x1e, 0xe8, 0xae, 0x1c, 0x73}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x7e, 0xc0, 0x87, 0x55, 0x01, 0x7d, 0x9c, 0xd2, 0xc7, 0x43, 0x94, 0x35, 0xcb, 0x2b, 0xa4, 0xb4, 0xb7, 0x9a, 0x83, 0x6c, 0x10, 0x41, 0x43, 0xfd, 0xb9, 0x74, 0x96, 0xca, 0xb5, 0x82, 0x1e, 0x05}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xc9, 0x1d, 0x7b, 0x21, 0x67, 0x0c, 0xc3, 0xfa, 0x6c, 0xf1, 0xe8, 0xed, 0x57, 0xae, 0x71, 0x66, 0xb0, 0x44, 0xee, 0x90, 0xd8, 0x9e, 0x8c, 0x27, 0xd2, 0xf6, 0x07, 0xbd, 0x55, 0xaa, 0xb8, 0x85}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x3a, 0x12, 0xaa, 0x60, 0xee, 0x19, 0x45, 0xfb, 0x6c, 0x4f, 0x34, 0xa6, 0x57, 0x80, 0x39, 0x46, 0x11, 0x64, 0x14, 0xec, 0x91, 0x4a, 0x4a, 0x95, 0x1e, 0x64, 0x12, 0xb1, 0xc9, 0x87, 0xa1, 0x86}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xfc, 0xa2, 0x2b, 0x78, 0x42, 0xf3, 0xc1, 0x67, 0x1e, 0xb5, 0xab, 0x83, 0x30, 0x78, 0x90, 0xc9, 0x35, 0x39, 0x72, 0x9e, 0x6a, 0x5e, 0x90, 0x6c, 0x28, 0xf6, 0x4e, 0x67, 0x17, 0x76, 0x11, 0x42}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xef, 0x9d, 0x9e, 0x46, 0x0e, 0x74, 0xd0, 0x4c, 0x70, 0xf1, 0x4a, 0x50, 0x51, 0xed, 0x01, 0x98, 0xc9, 0xbc, 0x7b, 0xba, 0x23, 0x52, 0xb9, 0x78, 0x9b, 0x4d, 0xe3, 0x40, 0x98, 0x08, 0xf8, 0x17}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xcf, 0x9a, 0x53, 0xe9, 0x55, 0x12, 0x1a, 0xc7, 0xae, 0x3f, 0xe4, 0x49, 0xbd, 0x27, 0x62, 0x3d, 0xd5, 0x64, 0xbe, 0x2d, 0x52, 0x88, 0xaa, 0x5b, 0xc6, 0xa1, 0xc6, 0xbd, 0xcb, 0x11, 0x6b, 0x29}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x7f, 0x23, 0xfb, 0xdc, 0xdd, 0x33, 0x04, 0xa3, 0x72, 0xdc, 0x98, 0xfb, 0x2f, 0x16, 0xc2, 0xa8, 0x93, 0xdd, 0x49, 0xda, 0x8b, 0x8e, 0xdf, 0x76, 0xd5, 0x81, 0x9d, 0x80, 0x5f, 0x25, 0x2e, 0x1f}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xdc, 0x18, 0xd0, 0xd8, 0x34, 0xd7, 0x65, 0xb9, 0x08, 0xc3, 0x6b, 0x7c, 0xdc, 0xf1, 0xde, 0x71, 0xc9, 0x1b, 0xb1, 0xbf, 0x4a, 0x72, 0x35, 0x45, 0x26, 0xee, 0x4f, 0xa5, 0x22, 0xf5, 0x52, 0x95}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x91, 0xee, 0xf7, 0x69, 0x64, 0x2e, 0x29, 0x2c, 0x69, 0x96, 0xde, 0x18, 0x98, 0x74, 0x76, 0x80, 0x69, 0x89, 0xc2, 0xaf, 0x79, 0x7b, 0xaf, 0xdf, 0x5d, 0x47, 0x0b, 0x29, 0xba, 0x11, 0x2e, 0xd8}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0xc4, 0x66, 0x90, 0xb2, 0x52, 0x69, 0xb9, 0xc9, 0x7c, 0x4c, 0x39, 0x5a, 0xe3, 0xca, 0x75, 0xc1, 0x7a, 0x68, 0xa9, 0x59, 0xea, 0x89, 0xe9, 0xdb, 0xd3, 0x2b, 0x6e, 0xc7, 0x17, 0x96, 0x11, 0xb2}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x1e, 0x17, 0xf2, 0x8b, 0x15, 0xc6, 0xf5, 0x98, 0xcf, 0x1d, 0x5e, 0xb4, 0x38, 0xfe, 0x0e, 0xba, 0x82, 0x02, 0xc8, 0x9e, 0x31, 0x0b, 0x01, 0x0d, 0x31, 0x8d, 0x47, 0x63, 0x8d, 0xf9, 0x0e, 0xef}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x31, 0x68, 0x30, 0x81, 0xc0, 0x3b, 0xdb, 0xd7, 0xef, 0x8f, 0x5d, 0x3c, 0x34, 0xc7, 0x6d, 0x98, 0x99, 0x97, 0xdb, 0x52, 0xbb, 0xed, 0x73, 0x66, 0xc3, 0xf0, 0x89, 0x84, 0x35, 0xd4, 0x07, 0x40}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x53, 0xa4, 0x59, 0xa0, 0x35, 0x71, 0xb4, 0x23, 0x43, 0xd8, 0x9d, 0xf3, 0x02, 0x46, 0x32, 0xe6, 0xdc, 0xb1, 0x00, 0x0a, 0xc8, 0x48, 0x96, 0xbd, 0x71, 0xc0, 0x58, 0xd3, 0xbc, 0xe6, 0x59, 0xd2}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xaa, 0x00, 0x26, 0x40, 0xef, 0xab, 0x25, 0x92, 0x81, 0xdd, 0x80, 0x98, 0x27, 0x43, 0x0b, 0xa2, 0xe9, 0x56, 0x3f, 0xb7, 0x94, 0x81, 0xd0, 0x95, 0x76, 0xe4, 0xe9, 0x48, 0x63, 0x51, 0xd5, 0xfc}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x4d, 0xf0, 0x6c, 0x0c, 0x3e, 0x65, 0xb9, 0xdd, 0x16, 0x38, 0xa7, 0x94, 0x8a, 0x5c, 0xc7, 0x33, 0x57, 0x2e, 0xe9, 0x35, 0x10, 0x95, 0xa3, 0xd2, 0x12, 0xa4, 0x3f, 0x3d, 0xf1, 0xa3, 0x50, 0x5c}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xe1, 0xde, 0x76, 0x44, 0x39, 0x0e, 0x66, 0x76, 0x3b, 0x57, 0x23, 0x21, 0xad, 0xb9, 0xc3, 0x2d, 0xc9, 0xcd, 0x66, 0xbb, 0x7d, 0x8e, 0x9c, 0x7a, 0xb3, 0xec, 0x65, 0xb9, 0xdd, 0x1c, 0x05, 0xdc}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xdf, 0xdd, 0xb0, 0x31, 0xff, 0x4d, 0x11, 0xa8, 0x2d, 0xed, 0xe1, 0x11, 0x18, 0xc4, 0x24, 0x87, 0xbe, 0x47, 0x8d, 0x8e, 0xc9, 0x1b, 0x7c, 0x31, 0x6d, 0x45, 0x7d, 0xdc, 0x40, 0xf4, 0x61, 0x26}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x51, 0x34, 0x22, 0x97, 0x63, 0xad, 0xea, 0x19, 0x0c, 0xe0, 0x2d, 0x1d, 0x66, 0x99, 0xdb, 0x0c, 0x6b, 0x40, 0x57, 0x2b, 0xac, 0x5a, 0xd6, 0xba, 0x1e, 0x71, 0x61, 0x07, 0xf6, 0xe0, 0xfa, 0x9c}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0xe8, 0x34, 0x02, 0x9d, 0xea, 0x7e, 0xf1, 0x52, 0xdf, 0x5a, 0x60, 0xdd, 0xec, 0xa2, 0x82, 0x36, 0x13, 0xb5, 0x3d, 0xae, 0xef, 0x97, 0x95, 0x1a, 0x69, 0x6a, 0xd3, 0x6e, 0x9e, 0xae, 0x15, 0x1f}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xed, 0x8d, 0xc1, 0x7c, 0x1f, 0xb0, 0x08, 0x98, 0x11, 0xdc, 0x1e, 0xb2, 0x73, 0xf1, 0xf8, 0x09, 0x6e, 0xb5, 0x19, 0x77, 0xa7, 0x8d, 0xfb, 0x17, 0xd4, 0x1d, 0x6e, 0xa1, 0x15, 0xef, 0x2b, 0x39}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x0a, 0x8b, 0x8d, 0x3f, 0xfc, 0x2b, 0x5d, 0x7f, 0x41, 0x5b, 0x48, 0x95, 0xf6, 0x34, 0x8e, 0x42, 0xbb, 0xb7, 0x9b, 0x18, 0xf3, 0xad, 0x40, 0xc9, 0x39, 0x00, 0x5f, 0xfc, 0x51, 0xcb, 0x14, 0xc1}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0x14, 0xa1, 0x03, 0x2f, 0x67, 0x6a, 0xa3, 0x7f, 0xc5, 0x0d, 0xc9, 0x3f, 0xc7, 0x80, 0x1a, 0x0b, 0x61, 0x51, 0x6e, 0xc7, 0xe6, 0x43, 0x69, 0x4f, 0x6a, 0xe6, 0x5a, 0x86, 0xa9, 0x5e, 0xb2, 0x08}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xaf, 0x7f, 0xf0, 0x58, 0xc1, 0x7c, 0xc7, 0x92, 0xec, 0xb4, 0x5d, 0x27, 0xc0, 0xe7, 0x0b, 0x0b, 0xb0, 0xb9, 0x8c, 0xa2, 0xf1, 0x54, 0x82, 0x31, 0xc2, 0xee, 0xf6, 0x36, 0xe4, 0x36, 0xd8, 0x12}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe1, 0xd2, 0xf6, 0xce, 0xac, 0x14, 0x65, 0xbe, 0x74, 0x13, 0xac, 0x00, 0x68, 0xae, 0x0a, 0xef, 0x98, 0xe8, 0x55, 0x0b, 0x69, 0xe9, 0x31, 0x25, 0xce, 0xc5, 0x5e, 0xc9, 0x32, 0x88, 0x09, 0xbc}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0xef, 0x93, 0xd9, 0xb2, 0x9a, 0xfe, 0x2d, 0x2e, 0x8e, 0x14, 0x82, 0x24, 0x36, 0xdb, 0x99, 0xab, 0x82, 0xbf, 0x1d, 0xd6, 0xbb, 0x27, 0x9d, 0x4d, 0x5f, 0xd8, 0x6e, 0xd6, 0xfa, 0xa8, 0xfb, 0x81}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xa3, 0x7f, 0x76, 0x4c, 0xf4, 0xaf, 0x2c, 0xc1, 0x48, 0xdd, 0xb7, 0xd8, 0x2a, 0x20, 0x19, 0x34, 0x08, 0x4f, 0xef, 0xef, 0x63, 0x8a, 0xbc, 0x03, 0x2e, 0x2d, 0x0b, 0x31, 0xf6, 0x67, 0x64, 0x00}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x89, 0x92, 0xc6, 0xa8, 0x75, 0x9f, 0x65, 0x3c, 0x09, 0xd8, 0x52, 0x36, 0x06, 0xcc, 0x6c, 0xe6, 0xec, 0x47, 0x53, 0x4b, 0x5e, 0x49, 0xfb, 0x05, 0xb6, 0x91, 0x75, 0xdb, 0xd8, 0x7d, 0x37, 0xb1}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index 3ddaccce6..37e9946f3 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.20.0-pre.0.20241121090305-4026752e896e" + defaultImage = "ref/main/stream/nightly/v2.20.0-pre.0.20241126165041-143f68385217" ) From 900fb3f88bba8c46baec938d4a9342b95635cbda Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <66256922+daniel-weisse@users.noreply.github.com> Date: Wed, 27 Nov 2024 08:52:54 +0100 Subject: [PATCH 372/380] ci: automate manual post-release steps (#3498) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Daniel Weiße --- .github/workflows/release-publish.yml | 79 +++++++++++++++++++++++++++ .github/workflows/release.yml | 36 ++++++++++-- dev-docs/workflows/release.md | 18 +++--- 3 files changed, 116 insertions(+), 17 deletions(-) create mode 100644 .github/workflows/release-publish.yml diff --git a/.github/workflows/release-publish.yml b/.github/workflows/release-publish.yml new file mode 100644 index 000000000..2699b0895 --- /dev/null +++ b/.github/workflows/release-publish.yml @@ -0,0 +1,79 @@ +name: 'Release: on-publish' + +on: + release: + types: + - published + workflow_dispatch: + inputs: + tag: + description: 'Semantic version tag of the release (vX.Y.Z).' + required: true + +jobs: + post-release-actions: + runs-on: ubuntu-24.04 + permissions: + issues: write + env: + FULL_VERSION: ${{ github.event.release.tag_name }}${{ github.event.inputs.tag }} + GH_TOKEN: ${{ github.token }} + steps: + - name: Mark milestone as complete + run: | + milestones=$(gh api \ + -H "Accept: application/vnd.github+json" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + /repos/edgelesssys/constellation/milestones) + + current_milestone=$(echo "${milestones}" | jq -r ".[] | select(.title == \"${FULL_VERSION}\")") + echo "current milestone: ${current_milestone}" + if [[ -z "${current_milestone}" ]]; then + echo "milestone ${FULL_VERSION} does not exist, nothing to do..." + exit 0 + fi + + current_milestone_state=$(echo "${current_milestone}" | jq -r '.state') + echo "current milestone state: ${current_milestone_state}" + if [[ "${current_milestone_state}" != "open" ]]; then + echo "milestone ${FULL_VERSION} is already closed, nothing to do..." + exit 0 + fi + + milestone_number=$(echo "${current_milestone}" | jq -r '.number') + echo "milestone number: ${milestone_number}" + if [[ -z "${milestone_number}" ]]; then + echo "failed parsing milestone number" + exit 1 + fi + + gh api \ + --method PATCH \ + -H "Accept: application/vnd.github+json" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + "/repos/edgelesssys/constellation/milestones/${milestone_number}" \ + -f state=closed + + - name: Create next milestone + run: | + WITHOUT_V=${FULL_VERSION#v} + PART_MAJOR=${WITHOUT_V%%.*} + PART_MINOR=${WITHOUT_V#*.} + PART_MINOR=${PART_MINOR%%.*} + NEXT_MINOR=v${PART_MAJOR}.$((PART_MINOR + 1)).0 + + gh api \ + -H "Accept: application/vnd.github+json" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + /repos/edgelesssys/constellation/milestones | + jq -r '.[].title' | \ + grep -xqF "${NEXT_MINOR}" && exit 0 + + gh api \ + --method POST \ + -H "Accept: application/vnd.github+json" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + /repos/edgelesssys/constellation/milestones \ + -f title="${NEXT_MINOR}" \ + -f state='open' \ + -f "due_on=$(date -d '2 months' +'%Y-%m-%dT00:00:00Z')" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 63c29d933..6b1f3acc1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -72,10 +72,9 @@ jobs: echo "WORKING_BRANCH=${WORKING_BRANCH}" } | tee -a "$GITHUB_OUTPUT" - docs: - name: Create docs release (from main) + update-main-branch: + name: Update main branch with release changes runs-on: ubuntu-24.04 - if: inputs.kind == 'minor' needs: verify-inputs permissions: contents: write @@ -89,26 +88,51 @@ jobs: with: ref: main + - name: Configure git + run: | + git config --global user.name "edgelessci" + git config --global user.email "edgelessci@users.noreply.github.com" + - name: Create docs release + if: inputs.kind == 'minor' working-directory: docs run: | npm ci npm run docusaurus docs:version "${MAJOR_MINOR}" + git add . + git commit -am "docs: release ${MAJOR_MINOR}" + # Clean up auxiliary files, so next steps run on a clean tree + git clean -fdx :/ + + - name: Update version.txt + if: inputs.kind == 'minor' + run: | + pre_release_version="v${{ needs.verify-inputs.outputs.PART_MAJOR }}.$((${{ needs.verify-inputs.outputs.PART_MINOR }} + 1)).0-pre" + echo "${pre_release_version}" > version.txt + git add version.txt + git commit -m "chore: update version.txt to ${pre_release_version}" + + - name: Update CI for new version + run: | + sed -i 's/fromVersion: \["[^"]*"\]/fromVersion: ["${{ inputs.version }}"]/g' .github/workflows/e2e-test-release.yml + sed -i 's/fromVersion: \["[^"]*"\]/fromVersion: ["${{ inputs.version }}"]/g' .github/workflows/e2e-test-weekly.yml - name: Create docs pull request uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 with: branch: ${{ env.BRANCH }} base: main - title: "docs: add release ${{ env.VERSION }}" + title: "Post ${{ env.VERSION }} release updates to main" body: | :robot: *This is an automated PR.* :robot: The PR is triggered as part of the automated release process of version ${{ env.VERSION }}. - It releases a new version of the documentation. - commit-message: "docs: add release ${{ env.VERSION }}" + commit-message: "chore: update CI for ${{ env.VERSION }}" committer: edgelessci + author: edgelessci labels: no changelog + assignees: ${{ github.actor }} + reviewers: ${{ github.actor }} # We need to push changes using a token, otherwise triggers like on:push and on:pull_request won't work. token: ${{ !github.event.pull_request.head.repo.fork && secrets.CI_COMMIT_PUSH_PR || '' }} diff --git a/dev-docs/workflows/release.md b/dev-docs/workflows/release.md index f250b340a..be873d563 100644 --- a/dev-docs/workflows/release.md +++ b/dev-docs/workflows/release.md @@ -85,17 +85,9 @@ Releases should be performed using [the automated release pipeline](https://gith ## Post release steps 1. Publish the [provider release](https://github.com/edgelesssys/terraform-provider-constellation/releases) -2. Merge the versioned docs PR -3. Close fixed "known issues" -4. Milestones management - 1. Create a new milestone for the next release - 2. Add the next release manager and an approximate release date to the milestone description - 3. Close the milestone for the release - 4. Move open issues and PRs from closed milestone to next milestone -5. If the release is a minor version release, bump the pre-release version in the `version.txt` file. -6. Update the `fromVersion` in `e2e-test-release.yml` and `e2e-test-weekly.yaml` to the newly released version. To check the current values, run: `grep "fromVersion: \[.*\]" -R .github`. -7. Reset `UpgradeRequiresIAMMigration` in [`iamupgrade.go`](https://github.com/edgelesssys/constellation/blob/a88a731576184e3c5ee8527741c4a0cdaa4e9b24/cli/internal/cloudcmd/iamupgrade.go#L23). -8. Write an email to STACKIT to inform them of the new relase. For this, you require the name and UUID of the release image. You can find the email address in our internal [wiki](https://github.com/edgelesssys/wiki/blob/master/documentation/constellation/stackit.md): +2. Merge the automated post release PR +3. Write an email to STACKIT to inform them of the new release. For this, you require the name and UUID of the release image. You can find the email address in our internal [wiki](https://github.com/edgelesssys/wiki/blob/master/documentation/constellation/stackit.md): + ```shell-session export OS_CLOUD=stackit openstack image list | grep constellation @@ -103,6 +95,10 @@ Releases should be performed using [the automated release pipeline](https://gith # | 25edf48d-161f-452b-b420-963c3a80abd8 | constellation-stable-v2.16.4-qemu-vtpm | active | ``` +4. Close fixed "known issues" +5. Move open issues and PRs from this release's closed milestone to next milestone +6. Reset `UpgradeRequiresIAMMigration` in [`iamupgrade.go`](https://github.com/edgelesssys/constellation/blob/a88a731576184e3c5ee8527741c4a0cdaa4e9b24/cli/internal/cloudcmd/iamupgrade.go#L23). + ## Troubleshooting: Pipeline cleanup No manual steps should be necessary anymore but in case you encounter issues, create a ticket to fix it. These are instructions to do some cleanup steps manually: From 6d7f687609b69d9bf74747e7bcac2ca8f34fe89f Mon Sep 17 00:00:00 2001 From: Markus Rudy Date: Wed, 27 Nov 2024 14:21:43 +0100 Subject: [PATCH 373/380] image: allow autologin on TTY1 for STACKIT cloud (#3499) --- .../system/export_constellation_debug.service | 2 +- .../system-preset/20-constellation-base.preset | 1 - .../system/getty@tty1.service.d/autologin.conf | 11 +++++++++++ .../serial-getty@ttyS0.service.d/autologin.conf | 4 ++-- image/system/variants.bzl | 12 ++++-------- 5 files changed, 18 insertions(+), 12 deletions(-) create mode 100644 image/sysroot-tree/usr/lib/systemd/system/getty@tty1.service.d/autologin.conf diff --git a/image/base/mkosi.skeleton/usr/lib/systemd/system/export_constellation_debug.service b/image/base/mkosi.skeleton/usr/lib/systemd/system/export_constellation_debug.service index 6858dab9b..9b0fccabe 100644 --- a/image/base/mkosi.skeleton/usr/lib/systemd/system/export_constellation_debug.service +++ b/image/base/mkosi.skeleton/usr/lib/systemd/system/export_constellation_debug.service @@ -3,7 +3,7 @@ Description=Export Constellation Debug Level to Environment [Service] Type=oneshot -ExecStart=/bin/bash -c "tr ' ' '\n' < /proc/cmdline | grep -q 'constellation.debug' && echo CONSTELLATION_DEBUG_FLAGS=--debug >> /run/constellation.env" +ExecStart=/bin/bash -c "tr ' ' '\n' < /proc/cmdline | grep -q 'constel.debug' && echo CONSTELLATION_DEBUG_FLAGS=--debug >> /run/constellation.env" RemainAfterExit=yes [Install] diff --git a/image/sysroot-tree/usr/lib/systemd/system-preset/20-constellation-base.preset b/image/sysroot-tree/usr/lib/systemd/system-preset/20-constellation-base.preset index f74d34ec8..b213385af 100644 --- a/image/sysroot-tree/usr/lib/systemd/system-preset/20-constellation-base.preset +++ b/image/sysroot-tree/usr/lib/systemd/system-preset/20-constellation-base.preset @@ -2,7 +2,6 @@ enable systemd-timesyncd.service enable systemd-networkd.service enable systemd-networkd-wait-online.service enable configure-constel-csp.service -enable serial-getty@tty0.service enable dbus.service enable dbus-broker.service enable dbus-daemon.service diff --git a/image/sysroot-tree/usr/lib/systemd/system/getty@tty1.service.d/autologin.conf b/image/sysroot-tree/usr/lib/systemd/system/getty@tty1.service.d/autologin.conf new file mode 100644 index 000000000..ec52d1369 --- /dev/null +++ b/image/sysroot-tree/usr/lib/systemd/system/getty@tty1.service.d/autologin.conf @@ -0,0 +1,11 @@ +[Unit] +Description=autologin +ConditionPathExists=/proc/cmdline +ConditionKernelCommandLine=|constel.console +ConditionKernelCommandLine=|constel.debug + +[Service] +ExecStart= +ExecStart=-/sbin/agetty -o '-p -f -- \\u' --noclear --autologin root %I $TERM +[Install] +WantedBy=multi-user.target diff --git a/image/sysroot-tree/usr/lib/systemd/system/serial-getty@ttyS0.service.d/autologin.conf b/image/sysroot-tree/usr/lib/systemd/system/serial-getty@ttyS0.service.d/autologin.conf index 77db15a0a..24fe28a99 100644 --- a/image/sysroot-tree/usr/lib/systemd/system/serial-getty@ttyS0.service.d/autologin.conf +++ b/image/sysroot-tree/usr/lib/systemd/system/serial-getty@ttyS0.service.d/autologin.conf @@ -1,8 +1,8 @@ [Unit] Description=autologin ConditionPathExists=/proc/cmdline -ConditionKernelCommandLine=|constellation.console -ConditionKernelCommandLine=|constellation.debug +ConditionKernelCommandLine=|constel.console +ConditionKernelCommandLine=|constel.debug [Service] ExecStart= diff --git a/image/system/variants.bzl b/image/system/variants.bzl index 4b9044383..b9b1c6bd8 100644 --- a/image/system/variants.bzl +++ b/image/system/variants.bzl @@ -50,7 +50,7 @@ CSPS = [ "qemu", ] -base_cmdline = "selinux=1 enforcing=0 audit=0" +base_cmdline = "selinux=1 enforcing=0 audit=0 console=tty1 console=ttyS0" csp_settings = { "aws": { @@ -62,20 +62,17 @@ csp_settings = { }, "azure": { "kernel_command_line_dict": { - "console": "ttyS0", "constel.csp": "azure", "mitigations": "auto,nosmt", }, }, "gcp": { "kernel_command_line_dict": { - "console": "ttyS0", "constel.csp": "gcp", "mitigations": "auto,nosmt", }, }, "openstack": { - "kernel_command_line": "console=tty0 console=ttyS0 console=ttyS1", "kernel_command_line_dict": { "constel.csp": "openstack", "kvm_amd.sev": "1", @@ -85,9 +82,8 @@ csp_settings = { }, }, "qemu": { - "kernel_command_line": "constellation.console", # All qemu images have console enabled independent of stream + "kernel_command_line": "constel.console", # All qemu images have console enabled independent of stream "kernel_command_line_dict": { - "console": "ttyS0", "constel.csp": "qemu", "mitigations": "auto,nosmt", }, @@ -135,10 +131,10 @@ attestation_variant_settings = { stream_settings = { "console": { - "kernel_command_line": "constellation.console", + "kernel_command_line": "constel.console", }, "debug": { - "kernel_command_line": "constellation.debug", + "kernel_command_line": "constel.debug", }, "nightly": {}, "stable": {}, From b99413a7cc20465545b07c647427ddb2e91b162e Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Thu, 28 Nov 2024 15:46:22 +0100 Subject: [PATCH 374/380] image: update locked rpms (#3493) Co-authored-by: edgelessci --- image/mirror/SHA256SUMS | 46 ++++++++++++++++++++--------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/image/mirror/SHA256SUMS b/image/mirror/SHA256SUMS index a291ca91a..e8a5f795d 100644 --- a/image/mirror/SHA256SUMS +++ b/image/mirror/SHA256SUMS @@ -18,16 +18,16 @@ adf4b75cdd9fae9d2d37fb71d9f0bf625a6705c0f0a7784569ab21463fe22152 conntrack-tool fa073cc08e035fab231c2e9aa3116468e75f5056c169d5b095f3ee2956123d95 container-selinux-2.233.0-1.fc40.noarch.rpm bbe29e0c7b4ca076d50b4ac3954eb383459230d96b13f353ee71ebd5de33b6d1 containerd-1.6.23-5.fc40.x86_64.rpm 0705251ea64b1558098016b2120f202c5aba77470093cb8f89ce6adb2a0b46b6 containernetworking-plugins-1.5.1-1.fc40.x86_64.rpm -4f4b244673489993df4aa801becf9b82df588ab6cdf99a9e6f04be3d84dae011 containers-common-0.60.4-2.fc40.noarch.rpm -55605ee7a4602eff0774b18e31211827097b547aa3f46926cccdf30dec21c117 containers-common-extra-0.60.4-2.fc40.noarch.rpm -e74a792e74d8467510b859d16927bc951484bee8d3a141795e7dc8cc1b34c183 coreutils-single-9.4-8.fc40.x86_64.rpm +3e35525e9224d3427f10343c98036b251fac34bf67c9007335561d846736d0d5 containers-common-0.61.0-1.fc40.noarch.rpm +b0740195d12d356e5637b83ece8650fc3f764f37e734678a07cb637fb14faf7d containers-common-extra-0.61.0-1.fc40.noarch.rpm +299d3e7e1cbc110d9ae8a47f6ca95142c3e3783cb1464bfbd6bc550c414b97ec coreutils-single-9.4-9.fc40.x86_64.rpm d941a78ffb6e2e0b4c24d0097d0351ced8796edde90208b4bddee459bce0a949 cpio-2.15-1.fc40.x86_64.rpm faa23cb6a7a612c0a6e874c788c5add967c5e193bd38c2e6093b82b38a162f81 cracklib-2.9.11-5.fc40.i686.rpm ea1f43ef9a4b02a9c66726ee386f090145696fb93dff80d593ac82126f8037ec cracklib-2.9.11-5.fc40.x86_64.rpm fe24641e69545c428890a4b094f015c03f65a6c30c3db7bb0de7672bab66bfd6 cracklib-dicts-2.9.11-5.fc40.x86_64.rpm f3f3e5f6a1c1bee67c0c6598a48143c36827f90a095897d649580a174468cdbc criu-4.0-1.fc40.x86_64.rpm bbdb6014e2bd87db1bb2d4795a57cbb08bfdb03777c2b9730a3f45f7977fc4c9 criu-libs-4.0-1.fc40.x86_64.rpm -23cf494259d04acbfc40fb5ac0654d0dc1d79713ad2f232ffd4b81f68b693fe8 crun-1.17-1.fc40.x86_64.rpm +d388aa1a184a3ed04c68a39f81a9dcc39088b1f279d49d3631db608da6611937 crun-1.18.2-1.fc40.x86_64.rpm d7a62ff0193375607d28d8fe7eedf3ff5b6ddac154e1474d79787b9f32ae298d crypto-policies-20241011-1.git5930b9a.fc40.noarch.rpm 0f1d436f879fa30f18adca576a1f91bb1a8d1ac42cff5f35c1d15e6dffc506fa crypto-policies-scripts-20241011-1.git5930b9a.fc40.noarch.rpm 26aadc06a9f98c58ca6250d811e749ee5fa76059b37445ec28b50ee73d548174 cryptsetup-2.7.5-1.fc40.x86_64.rpm @@ -60,9 +60,9 @@ f215ebf2e586330f93c52b228c98912a0b42db9ceeff830b611817401a84252a elfutils-libs- 95cf8ee199b2e1b3471f920ebad57d3d8178f5e68d37ee35a8a94727473ec8d3 ethtool-6.11-1.fc40.x86_64.rpm 3a5ba168021a01107d6dd4dc7cffe8bb5553c64f236c436979b9fddfdc4cb59d expat-2.6.3-1.fc40.x86_64.rpm 849feb04544096f9bbe16bc78c2198708fe658bdafa08575c911e538a7d31c18 fedora-gpg-keys-40-2.noarch.rpm -bd62f80ae7dc50c20b0633d86f1c4a9f205f7df13c8ee1a5d5f624872c29271e fedora-release-40-39.noarch.rpm -590c9439a81fb9e35a8b4d19dc159ce09b756f8f7f66a6290d8785f424d97003 fedora-release-common-40-39.noarch.rpm -057acf25df0f6b028657790b2addca123faac0b80639ac6da13632dc7811d6f3 fedora-release-identity-basic-40-39.noarch.rpm +8f0a56982aa10b607bd3b8009e91bac1a7d9b7ba40eb4435ff9bd9efe7e5e76e fedora-release-40-40.noarch.rpm +dde6f4b5d4415ce20df40cf1cb9ff3015aa5b1896c5b5625e49aa686cdce1d1d fedora-release-common-40-40.noarch.rpm +f133aabe97d4aff7e6c83b8d364fb9805f655b32150e2f6e876958966293e467 fedora-release-identity-basic-40-40.noarch.rpm e85d69eeea62f4f5a7c6584bc8bae3cb559c1c381838ca89f7d63b28d2368c4b fedora-repos-40-2.noarch.rpm a6f2098fc2ed16df92c9325bd7459cc41479e17306a4f9cddfd5df8a1b80d0f8 file-5.45-4.fc40.x86_64.rpm f76684ee78408660db83ab9932978a1346b280f4210cd744524b00b2e5891fe1 file-libs-5.45-4.fc40.x86_64.rpm @@ -265,7 +265,7 @@ f796a31cad58f4ebea8787020868581d9a721297ee0ef6a7c63a7f8444f60c17 pcsc-lite-libs 5443db8875acc0c1c436dbe1ed62b776543e049b8d9c7e33198379d367814093 pigz-2.8-4.fc40.x86_64.rpm cb7c5036f1d25c696de23a6670cb64caec9945116fb0c9a93555414746ecf253 pinentry-1.3.0-2.fc40.x86_64.rpm bbb4abafa9f7664e21350b56d49af2c928288e6d4dd68c304c4ab5d45b2c8ad7 pkcs11-provider-0.3-2.fc40.x86_64.rpm -9ef6d8fde8808edc9b099f924c194e2f63509d1ee537c424116b76ce2f5058e7 podman-5.2.5-2.fc40.x86_64.rpm +ad5ac0506bf19875bd3e1860c1bea3ec1034605d6ff3374794f7343370c2d03a podman-5.3.0-1.fc40.x86_64.rpm 8a0ee0be826338862ecd65d04032b43122cda333ba6bb6891b2ae6aed5208832 policycoreutils-3.7-3.fc40.x86_64.rpm 30a4f9d3631aaa1280c93ce4305847a9773973aa312e1802d1cd676cb2421689 polkit-124-2.fc40.x86_64.rpm f47bc65177a8b160916c00df9c84442afa1dd353880b3c0503d5a0b052d4956c polkit-libs-124-2.fc40.x86_64.rpm @@ -318,16 +318,16 @@ cfde0d25ecac7e689ee083b330b78df51d346c2b7557c83a189d5df95c4e2c8d shadow-utils-4 6e9b6b6196f1782419e447ac806c762d002c6930fe39b18999d9b32c24a0ecfc shadow-utils-subid-4.15.1-4.fc40.x86_64.rpm 67eede27af5b4773eb2f7ac794df694be030310d40bce462864c05b8f65c87c3 socat-1.8.0.0-2.fc40.x86_64.rpm a1e23ae521e93ab19d3df77889a6a418c3432025e4880cfd893e40f7165876a7 sqlite-libs-3.45.1-2.fc40.x86_64.rpm -7bb24752408b7c4731098b3a10b4ca0d37f4feb9cdf1e00e48e4af5577844190 systemd-255.13-1.fc40.i686.rpm -058089be3d6a5e1ecf0728a82d4c266c0f5bd429625bf1e07dc767fb2b7f5231 systemd-255.13-1.fc40.x86_64.rpm -8b65cb535c11ee5b3454638a640ce97de0f6f262a26c72071a3a8ec95ec3aa8b systemd-boot-unsigned-255.13-1.fc40.x86_64.rpm -810779d358b778025372cda98ba3d14a54cc9bcd94ce79de1a452767e3fdc8c9 systemd-libs-255.13-1.fc40.i686.rpm -b23ceced9ce2456a4d7cb10327421f5dfc9c6e18e2046e68f70cb4a7320b4d76 systemd-libs-255.13-1.fc40.x86_64.rpm -63f9d9a565c534e8e73e465fd20503efe6cf8d8c1b795ad8d8805f1b52c5871a systemd-networkd-255.13-1.fc40.x86_64.rpm -4019398465442edf20ad590452fea91781b5e6a4cc71fa420afb5462568dadb3 systemd-pam-255.13-1.fc40.i686.rpm -680a7a2975b1fbe755774ebf855a7cd777404b81a491c8749d0e8b1d67cfcb73 systemd-pam-255.13-1.fc40.x86_64.rpm -22ca276e9a6531c91d3f02482002e6a192e054283911acea18f729e3a91dc549 systemd-resolved-255.13-1.fc40.x86_64.rpm -01c21677cd5ad4157436594cea9f66361cc3f0d0c5ffa2f7b54621c212ff741e systemd-udev-255.13-1.fc40.x86_64.rpm +cf80eb17778b4be0c8d31d2ed6478aaf1135da4e283c034573b4e79c3c5c350f systemd-255.14-1.fc40.i686.rpm +bb602e98503df8b961e7ae391805eed444baf44162b8408f6b86b9447e936e3c systemd-255.14-1.fc40.x86_64.rpm +5e5055ac6c18707f58c07dc25033dfc16a3bc0dfb50820165d169a93a6d89e15 systemd-boot-unsigned-255.14-1.fc40.x86_64.rpm +c5e5f2e6789aeb6945e56a31c010e62242dda7a0e8394ac8b4c20c8e5cbdba9f systemd-libs-255.14-1.fc40.i686.rpm +38aca012b5b875240bda5b67e60d698cdd826c4afa0e2fc584452d2c2b68a951 systemd-libs-255.14-1.fc40.x86_64.rpm +191f7622473d6899998c024c7630ff55daa3a04b0b12a0ce82204d8279095fce systemd-networkd-255.14-1.fc40.x86_64.rpm +c651dfc9bc27fc10814bb8d6f06f08df67641fe9a979e10635f968f3e7c07b5d systemd-pam-255.14-1.fc40.i686.rpm +225af60cab0699bac889f02b26e4be38b080266e79f7c9ac89ce4dc93a8545d2 systemd-pam-255.14-1.fc40.x86_64.rpm +59c9c90d52653cab601677b6e867bc73804a5121bd22dc5b8a0c350f23a097e5 systemd-resolved-255.14-1.fc40.x86_64.rpm +62f74c06c1a2fb04dcfa6722b5b91e4eeb31f12da5e529eedaeae881a77c8ce2 systemd-udev-255.14-1.fc40.x86_64.rpm 65819c502727dc293a71a74b9a5f6b0ba781f12a99c5d5535085f168e5eac56e tar-1.35-3.fc40.x86_64.rpm 0478e12152cc3432a31dfca5ddbc80966800af437c6d7c0b26be307d5e1272e7 tpm2-tools-5.7-1.fc40.x86_64.rpm c3be8a6d0ea23b1d0bf466b19857b97f7ffde811ad7adec0599161059d84cc74 tpm2-tss-4.1.3-1.fc40.x86_64.rpm @@ -339,17 +339,17 @@ c3be8a6d0ea23b1d0bf466b19857b97f7ffde811ad7adec0599161059d84cc74 tpm2-tss-4.1.3 945aa536bc30050abc1870cef167cb944cf78d6628923476db43201a0054574b util-linux-2.40.2-1.fc40.x86_64.rpm 7ec1b5df780c5a30f8e901179480125a6ea87f1f7bad3b69da7f4b351b88c3dd util-linux-core-2.40-0.9.rc1.fc40.x86_64.rpm b1aa4e816c01c08c18924865640f214f717cdfc66837e53a24b8edfb80a86f9d util-linux-core-2.40.2-1.fc40.x86_64.rpm -8648cb20d03bda156b44552baeb67f542951ad7570c571ec57248c947c71e983 vim-common-9.1.825-1.fc40.x86_64.rpm -7074d61847bb2c41740b13b38dd14104aa8055f24d9b8f94f4a8e15ad3af664f vim-data-9.1.825-1.fc40.noarch.rpm -c5faa56e79e55a0d8c33d4d891d2c69ad59c105a4e442d032ac8a0d6f01c2f13 vim-enhanced-9.1.825-1.fc40.x86_64.rpm -02d9bb92758ec2c92ae366445a24d1d2c63dbe54ec9467a03cbd46f086f734da vim-filesystem-9.1.825-1.fc40.noarch.rpm +50879411e244c6531e09376ef87c9f081d1988a88e462404a24835d515211a9a vim-common-9.1.866-1.fc40.x86_64.rpm +3f39232a1cd7fffbdfbb1cd0b64f5107f33c83f3ed335180655f30763c292988 vim-data-9.1.866-1.fc40.noarch.rpm +c99d7857daa246ccd36db2ddedd6a723097d9e3d090464d6fcd3476f572ffee7 vim-enhanced-9.1.866-1.fc40.x86_64.rpm +ec8ea126510e9ba2950bd1f72d78dee97dbbc440d15bf1e5542a9029443d53d6 vim-filesystem-9.1.866-1.fc40.noarch.rpm c5682a1b02bb02578e9997ae221a7f6c6db711084129824e207fe1febdc55b9d wget2-2.1.0-11.fc40.x86_64.rpm 38aaee4829df7e1a4719991c4fc6d65a1265b6a556b182ecac3145c287c320f4 wget2-libs-2.1.0-11.fc40.x86_64.rpm a12b44ee7cc5a0e916bcf72e80c4d618abb7406254578e947f3ba9dd0d445d25 wget2-wget-2.1.0-11.fc40.x86_64.rpm cf0306ceed1c6b3be39060d85f16b1953b464d3a625488b170d3b7aadf600645 which-2.21-41.fc40.x86_64.rpm 4ede95a2fa3bc0ae617c8bf3a375b800163d58733b4829b15d9f038505d79fee whois-nls-5.5.20-3.fc40.noarch.rpm e2195010e857f56b19246f8b821f9391922880b7691b3728a413f540edc890a6 xkeyboard-config-2.41-1.fc40.noarch.rpm -ed98896d222765799017b10c4499391b0a26e314b90be0bd2eaddadcd6f879f2 xxd-9.1.825-1.fc40.x86_64.rpm +627c89d516a12ab0686eabecfab5f8e952f431a1aedc445aa43a2721c3740f8b xxd-9.1.866-1.fc40.x86_64.rpm ee599a1c4d7ee635e54ec137af4dded83f433b9c8a5976f75ecdcd000b5246e3 xz-5.4.6-3.fc40.x86_64.rpm b92ef78d8ab424c22130e457d0ef691d8197bff61c3b8852205d1b02baba3819 xz-libs-5.4.6-3.fc40.i686.rpm b6ee44b3d7e494b0364f26b7d0b169a8092180af787423cd5e8a47dc0f738a66 xz-libs-5.4.6-3.fc40.x86_64.rpm From 6dbb8ac56a50625a01b4a3adf781b44882421dd3 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 28 Nov 2024 15:48:29 +0100 Subject: [PATCH 375/380] deps: update Terraform azuread to v3 (#3432) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .../iam/azure/.terraform.lock.hcl | 48 +++++++++---------- terraform/infrastructure/iam/azure/main.tf | 2 +- 2 files changed, 25 insertions(+), 25 deletions(-) diff --git a/terraform/infrastructure/iam/azure/.terraform.lock.hcl b/terraform/infrastructure/iam/azure/.terraform.lock.hcl index db90d94e1..4cc702adc 100644 --- a/terraform/infrastructure/iam/azure/.terraform.lock.hcl +++ b/terraform/infrastructure/iam/azure/.terraform.lock.hcl @@ -2,32 +2,32 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/azuread" { - version = "2.53.1" - constraints = "2.53.1" + version = "3.0.2" + constraints = "3.0.2" hashes = [ - "h1:/8F5vc1FReT/eVgZqS90PcaDnrKa4LZ1b9YWNkbTDsI=", - "h1:/aBrKb5AE9eaRHMEpIp4x+/6/Z1tw4ik+OiTARqlCw8=", - "h1:0z/718jtR2TJHQQMMqi4nvd6XFPV/iA1jb/5fyAcn5o=", - "h1:2rk36pu4YyhBVz/Mf4swYCQxaB31iPaXOiWNlqZMXbM=", - "h1:7ZNdNGnUB6N6Z6St3COzRXFaghMEyYkZt7WyOCRKOqo=", - "h1:EZNO8sEtUABuRxujQrDrW1z1QsG0dq6iLbzWtnG7Om4=", - "h1:GS/WN8VS6Wp9hvs46lgDsR4ERV8o3Sr+zatF/z2XohU=", - "h1:NG9JvYCwaRabKtbi12uMbSvrvW29oAtzGwdfWA/4HGI=", - "h1:Pnaig5p8+RZLoGUIRcQ2toFgsp2u2OaqlXDQgi5X+RY=", - "h1:kAkPZLFPUEYqWjk5F2T3zC5huRq35o8HD4DJEmpEjyQ=", - "h1:nUxVPReSTQuIux+SRC1bH2QQ0HsJywR7IGqHhVNoXfA=", - "zh:162916b037e5133f49298b0ffa3e7dcef7d76530a8ca738e7293373980f73c68", + "h1:4HpBtur7h9Naz0BUhoJLVMQmmNABvpVDE/v/WC4LuHU=", + "h1:4ONsd+zmaW77NHdwY6tZ9f5Vk4uk5j4c6phuIAYd9c8=", + "h1:Ac2hOMzVtFxZL6U0znQB++O+AHsi47F4nZt0dGMAEJ4=", + "h1:HNrx7UJEDY5Kbx/r1LRQDWnziqvB6x3IU+pEA8Vq7dw=", + "h1:P807RV/+/XY1fylsKngmj2B5l2XOVTzqpd4ylZAwA+M=", + "h1:SDn/pi6q3CZyt9T8Bgobb91WziY2iE1teqr9Y8TlfJw=", + "h1:Sbb9HgPsFPsY3Jv8Kn+eoyYXoWHLWcODr7Okh/V001k=", + "h1:XUrQ/352oXVMh1ya8E7uMAmaC69zNICCIKqZ3kA4nXw=", + "h1:k0kPplqH7FWmnYeCXXrFIeCshgF1tC4LLhfk66bos3w=", + "h1:sYCyzbPpSYu2XDah8XqBUITQAfB0x4j4Twh6lw2C4CA=", + "h1:yQqvUtgtrYKGpIygdM8P6N+pvMWJJWIsVdPow29VE20=", + "zh:16e724b80a9004c7978c30f69a73c98ff63eb8a03937dd44c2a8f0ea0438b7a3", "zh:1c3e89cf19118fc07d7b04257251fc9897e722c16e0a0df7b07fcd261f8c12e7", - "zh:492931cea4f30887ab5bca36a8556dfcb897288eddd44619c0217fc5da2d57e7", - "zh:4c895e450e18335ad8714cc6d3488fc1a78816ad2851a91b06cb2ef775dd7c66", - "zh:60d92fdaf7235574201f2d8f68f733ee00a822993b3fc95e6952e09e6ec76999", - "zh:67a169119efa41c1fb867ef1a8e79bf03472a2324384c36eb55370c817dcce42", - "zh:9dd4d5ed9233cf9329262200bc5a1aa60942b80dbc611e2ef4b09f47531b39b1", - "zh:a3c160e35b9e40fc1497b83c2f37a8e24565b05a1783c7733609f3695735c2a9", - "zh:a4a221da42b1f46e7c436c7145e5beaadfd9d03f3be6fd526d132c03f18a5979", - "zh:af0d3476a9702d2287e168e3baa670e64daab9c9b01c01e17025a5248f3e28e9", - "zh:e3579bff7894f3d36066b74ec324be6d28f56a42a387a2b8a0eabf33cbff86df", - "zh:f1749ee8ad972ae6424665aa9d2c0ece8c40c51d41ec2f38b863148cb437e865", + "zh:2bbbf13713ca4767267b889471c9fc14a56a8fdf5d1013da3ca78667e3caec64", + "zh:409ccb05431d643a079da082d89db2d95d6afed4769997ac537c8b7de3bff867", + "zh:53e4bca0f5d015380f7f524f36344afe6211ccaf614bfc69af73ca64a9f47d6c", + "zh:5780be2c1981d090604d7fa4cef675462f17f40e7f3dc501a031488e87a35b8f", + "zh:850e61a1b3e64c752c418526ccf48653514c861b36f5feb631619f906f7e99a0", + "zh:8c3565bfcea006a734149cc080452a9daf7d2a9d5362eb7e0a088b6c0d7f0f03", + "zh:908b9e6ad49d5d21173ecefc7924902047611be93bbf8e7d021aa9563358396f", + "zh:a2a79765c029bc58966eff61cb6e9b0ee14d2ac52b0a22fc7dfa35c9a49af669", + "zh:c7f56cbe8743e9ba81fce871bc97d9c07abe86770d9ee7ffefbf3882a61ba89a", + "zh:d4dba80e33421b30d81c62611fb7fc62ad39afecc6484436e635913cd8553e67", ] } diff --git a/terraform/infrastructure/iam/azure/main.tf b/terraform/infrastructure/iam/azure/main.tf index d8e6dac2d..ba6b3a0fd 100644 --- a/terraform/infrastructure/iam/azure/main.tf +++ b/terraform/infrastructure/iam/azure/main.tf @@ -6,7 +6,7 @@ terraform { } azuread = { source = "hashicorp/azuread" - version = "2.53.1" + version = "3.0.2" } } } From 8f3d6c42f286b1c8113083b2723cf2650ebfc3bd Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 28 Nov 2024 16:15:26 +0100 Subject: [PATCH 376/380] deps: update GitHub action dependencies (#3507) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/actions/artifact_upload/action.yml | 2 +- .github/actions/build_cli/action.yml | 2 +- .../actions/build_micro_service/action.yml | 4 +-- .github/actions/container_sbom/action.yml | 2 +- .github/actions/e2e_benchmark/action.yml | 4 +-- .github/actions/e2e_mini/action.yml | 2 +- .github/actions/find_latest_image/action.yml | 4 +-- .github/actions/login_azure/action.yml | 2 +- .github/actions/login_gcp/action.yml | 4 +-- .github/actions/publish_helmchart/action.yml | 2 +- .../upload_terraform_module/action.yml | 2 +- .github/workflows/assign_reviewer.yml | 2 +- .../workflows/aws-snp-launchmeasurement.yml | 4 +-- .github/workflows/build-binaries.yml | 2 +- .github/workflows/build-ccm-gcp.yml | 14 ++++---- .github/workflows/build-gcp-guest-agent.yml | 8 ++--- .github/workflows/build-libvirt-container.yml | 2 +- .../workflows/build-logcollector-images.yml | 2 +- .../workflows/build-os-image-scheduled.yml | 6 ++-- .github/workflows/build-os-image.yml | 4 +-- .github/workflows/check-links.yml | 4 +-- .github/workflows/codeql.yml | 8 ++--- .github/workflows/docs-vale.yml | 4 +-- .github/workflows/draft-release.yml | 34 +++++++++---------- .../workflows/e2e-attestationconfigapi.yml | 2 +- .github/workflows/e2e-cleanup-weekly.yml | 2 +- .github/workflows/e2e-mini.yml | 4 +-- .github/workflows/e2e-test-daily.yml | 8 ++--- .../workflows/e2e-test-provider-example.yml | 2 +- .github/workflows/e2e-test-release.yml | 4 +-- .github/workflows/e2e-test-weekly.yml | 8 ++--- .github/workflows/e2e-test.yml | 10 +++--- .github/workflows/e2e-upgrade.yml | 14 ++++---- .github/workflows/e2e-windows.yml | 8 ++--- .github/workflows/on-release.yml | 8 ++--- .github/workflows/purge-main.yml | 2 +- .github/workflows/release.yml | 12 +++---- .github/workflows/reproducible-builds.yml | 16 ++++----- .github/workflows/scorecard.yml | 6 ++-- .github/workflows/sync-terraform-docs.yml | 4 +-- .github/workflows/test-integration.yml | 2 +- .github/workflows/test-operator-codegen.yml | 4 +-- .github/workflows/test-tfsec.yml | 2 +- .github/workflows/test-tidy.yml | 2 +- .github/workflows/test-unittest.yml | 2 +- .github/workflows/update-rpms.yml | 2 +- .github/workflows/versionsapi.yml | 2 +- 47 files changed, 125 insertions(+), 125 deletions(-) diff --git a/.github/actions/artifact_upload/action.yml b/.github/actions/artifact_upload/action.yml index e44c7a05c..50974a9fd 100644 --- a/.github/actions/artifact_upload/action.yml +++ b/.github/actions/artifact_upload/action.yml @@ -69,7 +69,7 @@ runs: done - name: Upload archive as artifact - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: ${{ inputs.name }} path: ${{ steps.tempdir.outputs.directory }}/archive.7z diff --git a/.github/actions/build_cli/action.yml b/.github/actions/build_cli/action.yml index 5102a6e18..87fd1d055 100644 --- a/.github/actions/build_cli/action.yml +++ b/.github/actions/build_cli/action.yml @@ -79,7 +79,7 @@ runs: # once it has the functionality - name: Install Cosign if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != '' - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0 + uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 - name: Install Rekor if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != '' diff --git a/.github/actions/build_micro_service/action.yml b/.github/actions/build_micro_service/action.yml index 6e484ac28..e7da91e77 100644 --- a/.github/actions/build_micro_service/action.yml +++ b/.github/actions/build_micro_service/action.yml @@ -42,7 +42,7 @@ runs: - name: Docker metadata id: meta - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 with: images: | ghcr.io/${{ github.repository }}/${{ inputs.name }} @@ -62,7 +62,7 @@ runs: - name: Build and push container image id: build-micro-service - uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 # v6.5.0 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 with: context: . file: ${{ inputs.dockerfile }} diff --git a/.github/actions/container_sbom/action.yml b/.github/actions/container_sbom/action.yml index ae1402090..a100f3f6e 100644 --- a/.github/actions/container_sbom/action.yml +++ b/.github/actions/container_sbom/action.yml @@ -19,7 +19,7 @@ runs: steps: - name: Install Cosign if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != '' - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0 + uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 - name: Download Syft & Grype uses: ./.github/actions/install_syft_grype diff --git a/.github/actions/e2e_benchmark/action.yml b/.github/actions/e2e_benchmark/action.yml index 3000304a9..d55a4c214 100644 --- a/.github/actions/e2e_benchmark/action.yml +++ b/.github/actions/e2e_benchmark/action.yml @@ -32,7 +32,7 @@ runs: steps: - name: Setup python - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: "3.10" @@ -48,7 +48,7 @@ runs: install kubestr /usr/local/bin - name: Checkout k8s-bench-suite - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 repository: "edgelesssys/k8s-bench-suite" diff --git a/.github/actions/e2e_mini/action.yml b/.github/actions/e2e_mini/action.yml index 6783f0ef7..45352203e 100644 --- a/.github/actions/e2e_mini/action.yml +++ b/.github/actions/e2e_mini/action.yml @@ -25,7 +25,7 @@ runs: using: "composite" steps: - name: Install terraform - uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # v3.1.1 + uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 with: terraform_wrapper: false diff --git a/.github/actions/find_latest_image/action.yml b/.github/actions/find_latest_image/action.yml index 8c07ff307..2c15f2327 100644 --- a/.github/actions/find_latest_image/action.yml +++ b/.github/actions/find_latest_image/action.yml @@ -26,13 +26,13 @@ runs: steps: - name: Checkout head if: inputs.imageVersion == '' && inputs.git-ref == 'head' - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Checkout ref if: inputs.imageVersion == '' && inputs.git-ref != 'head' - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.git-ref }} diff --git a/.github/actions/login_azure/action.yml b/.github/actions/login_azure/action.yml index e271fd3d3..c7934d19f 100644 --- a/.github/actions/login_azure/action.yml +++ b/.github/actions/login_azure/action.yml @@ -10,6 +10,6 @@ runs: # As described at: # https://github.com/Azure/login#configure-deployment-credentials - name: Login to Azure - uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1 + uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0 with: creds: ${{ inputs.azure_credentials }} diff --git a/.github/actions/login_gcp/action.yml b/.github/actions/login_gcp/action.yml index 640b25033..f6c19524f 100644 --- a/.github/actions/login_gcp/action.yml +++ b/.github/actions/login_gcp/action.yml @@ -20,11 +20,11 @@ runs: echo "GOOGLE_CLOUD_PROJECT=" >> "$GITHUB_ENV" - name: Authorize GCP access - uses: google-github-actions/auth@71fee32a0bb7e97b4d33d548e7d957010649d8fa # v2.1.3 + uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7 with: workload_identity_provider: projects/1052692473304/locations/global/workloadIdentityPools/constellation-ci-pool/providers/constellation-ci-provider service_account: ${{ inputs.service_account }} # Even if preinstalled in Github Actions runner image, this setup does some magic authentication required for gsutil. - name: Set up Cloud SDK - uses: google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200 # v2.1.0 + uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a # v2.1.2 diff --git a/.github/actions/publish_helmchart/action.yml b/.github/actions/publish_helmchart/action.yml index 0ad16963b..6e8a9f762 100644 --- a/.github/actions/publish_helmchart/action.yml +++ b/.github/actions/publish_helmchart/action.yml @@ -13,7 +13,7 @@ runs: using: "composite" steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: edgelesssys/helm ref: main diff --git a/.github/actions/upload_terraform_module/action.yml b/.github/actions/upload_terraform_module/action.yml index 0199fc2bd..18dd61280 100644 --- a/.github/actions/upload_terraform_module/action.yml +++ b/.github/actions/upload_terraform_module/action.yml @@ -15,7 +15,7 @@ runs: zip -r terraform-module.zip terraform-module - name: Upload artifact - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: terraform-module path: terraform-module.zip diff --git a/.github/workflows/assign_reviewer.yml b/.github/workflows/assign_reviewer.yml index b38330fdb..ed87296d8 100644 --- a/.github/workflows/assign_reviewer.yml +++ b/.github/workflows/assign_reviewer.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest if: contains(github.event.pull_request.labels.*.name, 'dependencies') && toJson(github.event.pull_request.requested_reviewers) == '[]' && github.event.pull_request.user.login == 'renovate[bot]' steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Pick assignee id: pick-assignee uses: ./.github/actions/pick_assignee diff --git a/.github/workflows/aws-snp-launchmeasurement.yml b/.github/workflows/aws-snp-launchmeasurement.yml index c27c262b4..1c2c981a2 100644 --- a/.github/workflows/aws-snp-launchmeasurement.yml +++ b/.github/workflows/aws-snp-launchmeasurement.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ github.head_ref }} path: constellation @@ -44,7 +44,7 @@ jobs: echo "ovmfPath=${ovmfPath}" | tee -a "$GITHUB_OUTPUT" popd || exit 1 - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: virtee/sev-snp-measure-go.git ref: e42b6f8991ed5a671d5d1e02a6b61f6373f9f8d8 diff --git a/.github/workflows/build-binaries.yml b/.github/workflows/build-binaries.yml index ca28f2030..a9ed3b89b 100644 --- a/.github/workflows/build-binaries.yml +++ b/.github/workflows/build-binaries.yml @@ -22,7 +22,7 @@ jobs: runs-on: [arc-runner-set] steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/build-ccm-gcp.yml b/.github/workflows/build-ccm-gcp.yml index 6446f9fdc..75e8ce0a7 100644 --- a/.github/workflows/build-ccm-gcp.yml +++ b/.github/workflows/build-ccm-gcp.yml @@ -19,17 +19,17 @@ jobs: latest: ${{ steps.find-latest.outputs.latest }} steps: - name: Checkout Constellation - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Checkout kubernetes/cloud-provider-gcp - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: "kubernetes/cloud-provider-gcp" path: "cloud-provider-gcp" fetch-depth: 0 - name: Setup Go environment - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: "1.23.2" cache: false @@ -65,10 +65,10 @@ jobs: version: ${{ fromJson(needs.find-ccm-versions.outputs.versions) }} steps: - name: Checkout Constellation - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Checkout kubernetes/cloud-provider-gcp - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: "kubernetes/cloud-provider-gcp" path: "cloud-provider-gcp" @@ -76,7 +76,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 with: images: | ghcr.io/edgelesssys/cloud-provider-gcp @@ -113,7 +113,7 @@ jobs: - name: Build and push container image id: build - uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 # v6.5.0 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 with: context: ./cloud-provider-gcp push: ${{ github.ref_name == 'main' }} diff --git a/.github/workflows/build-gcp-guest-agent.yml b/.github/workflows/build-gcp-guest-agent.yml index 493331944..f5b734f00 100644 --- a/.github/workflows/build-gcp-guest-agent.yml +++ b/.github/workflows/build-gcp-guest-agent.yml @@ -69,7 +69,7 @@ jobs: - name: Checkout GoogleCloudPlatform/guest-agent if: steps.needs-build.outputs.out == 'true' - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: "GoogleCloudPlatform/guest-agent" ref: refs/tags/${{ steps.latest-release.outputs.latest }} @@ -77,7 +77,7 @@ jobs: - name: Checkout Constellation if: steps.needs-build.outputs.out == 'true' - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: path: "constellation" ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -85,7 +85,7 @@ jobs: - name: Docker meta id: meta if: steps.needs-build.outputs.out == 'true' - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 with: images: | ${{ env.REGISTRY }}/edgelesssys/gcp-guest-agent @@ -114,7 +114,7 @@ jobs: - name: Build and push container image if: steps.needs-build.outputs.out == 'true' id: build - uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 # v6.5.0 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 with: context: ./guest-agent file: ./constellation/3rdparty/gcp-guest-agent/Dockerfile diff --git a/.github/workflows/build-libvirt-container.yml b/.github/workflows/build-libvirt-container.yml index c4fda1ffd..625d6939d 100644 --- a/.github/workflows/build-libvirt-container.yml +++ b/.github/workflows/build-libvirt-container.yml @@ -19,7 +19,7 @@ jobs: packages: write steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup bazel uses: ./.github/actions/setup_bazel_nix diff --git a/.github/workflows/build-logcollector-images.yml b/.github/workflows/build-logcollector-images.yml index d5f39c8f7..15517975f 100644 --- a/.github/workflows/build-logcollector-images.yml +++ b/.github/workflows/build-logcollector-images.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Check out repository id: checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/build-os-image-scheduled.yml b/.github/workflows/build-os-image-scheduled.yml index 6709d6403..b4376d67b 100644 --- a/.github/workflows/build-os-image-scheduled.yml +++ b/.github/workflows/build-os-image-scheduled.yml @@ -59,13 +59,13 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ github.head_ref }} token: ${{ secrets.CI_COMMIT_PUSH_PR }} - name: Setup Go environment - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: "1.23.2" cache: false @@ -120,7 +120,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ github.head_ref }} diff --git a/.github/workflows/build-os-image.yml b/.github/workflows/build-os-image.yml index 56472e321..f19419ead 100644 --- a/.github/workflows/build-os-image.yml +++ b/.github/workflows/build-os-image.yml @@ -59,7 +59,7 @@ jobs: cliApiBasePath: ${{ steps.image-version.outputs.cliApiBasePath }} steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.ref || github.head_ref }} @@ -138,7 +138,7 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.ref || github.head_ref }} diff --git a/.github/workflows/check-links.yml b/.github/workflows/check-links.yml index 022631ab8..d9f97cfaa 100644 --- a/.github/workflows/check-links.yml +++ b/.github/workflows/check-links.yml @@ -20,12 +20,12 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Link Checker - uses: lycheeverse/lychee-action@7da8ec1fc4e01b5a12062ac6c589c10a4ce70d67 # v2.0.0 + uses: lycheeverse/lychee-action@f81112d0d2814ded911bd23e3beaa9dda9093915 # v2.1.0 with: args: "--config ./.lychee.toml './**/*.md' './**/*.html'" fail: true diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index bf61fd0a4..5ffd4cd78 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -34,17 +34,17 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Go environment if: matrix.language == 'go' - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: "1.23.2" cache: false - name: Initialize CodeQL - uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/init@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 with: languages: ${{ matrix.language }} @@ -63,6 +63,6 @@ jobs: echo "::endgroup::" - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/analyze@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 with: category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/docs-vale.yml b/.github/workflows/docs-vale.yml index a1cfc4cbd..a9f58cc04 100644 --- a/.github/workflows/docs-vale.yml +++ b/.github/workflows/docs-vale.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} # Work around https://github.com/errata-ai/vale-action/issues/128. @@ -25,7 +25,7 @@ jobs: python3 -m venv "$venv" echo "$venv/bin" >> "$GITHUB_PATH" - name: Vale - uses: errata-ai/vale-action@91ac403e8d26f5aa1b3feaa86ca63065936a85b6 # tag=reviewdog + uses: errata-ai/vale-action@2690bc95f0ed3cb5220492575af09c51b04fbea9 # tag=reviewdog with: files: docs/docs fail_on_error: true diff --git a/.github/workflows/draft-release.yml b/.github/workflows/draft-release.yml index 636ddf347..c77719367 100644 --- a/.github/workflows/draft-release.yml +++ b/.github/workflows/draft-release.yml @@ -72,7 +72,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.ref || github.head_ref }} @@ -92,7 +92,7 @@ jobs: cosignPassword: ${{ inputs.key == 'release' && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }} - name: Upload CLI as artifact (unix) - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 if : ${{ matrix.os != 'windows' }} with: name: constellation-${{ matrix.os }}-${{ matrix.arch }} @@ -101,7 +101,7 @@ jobs: build/constellation-${{ matrix.os }}-${{ matrix.arch }}.sig - name: Upload CLI as artifact (windows) - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 if : ${{ matrix.os == 'windows' }} with: name: constellation-${{ matrix.os }}-${{ matrix.arch }} @@ -133,7 +133,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.ref || github.head_ref }} @@ -149,7 +149,7 @@ jobs: targetArch: ${{ matrix.arch }} - name: Upload Terraform Provider Binary as artifact (unix) - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 if : ${{ matrix.os != 'windows' }} with: name: terraform-provider-constellation-${{ matrix.os }}-${{ matrix.arch }} @@ -157,7 +157,7 @@ jobs: build/terraform-provider-constellation-${{ matrix.os }}-${{ matrix.arch }} - name: Upload Terraform Provider Binary as artifact (windows) - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 if : ${{ matrix.os == 'windows' }} with: name: terraform-provider-constellation-${{ matrix.os }}-${{ matrix.arch }} @@ -169,7 +169,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.ref || github.head_ref }} @@ -187,7 +187,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.ref || github.head_ref }} @@ -219,7 +219,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.ref || github.head_ref }} @@ -256,12 +256,12 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.ref || github.head_ref }} - name: Install Cosign - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0 + uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 - name: Download Syft & Grype uses: ./.github/actions/install_syft_grype @@ -296,13 +296,13 @@ jobs: COSIGN_PASSWORD: ${{ inputs.key == 'release' && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }} - name: Upload Constellation CLI SBOM - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: constellation.spdx.sbom path: constellation.spdx.sbom - name: Upload Constellation CLI SBOM's signature - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: constellation.spdx.sbom.sig path: constellation.spdx.sbom.sig @@ -332,7 +332,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.ref || github.head_ref }} @@ -405,7 +405,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.ref || github.head_ref }} @@ -472,7 +472,7 @@ jobs: - name: Create release with artifacts id: create-release # GitHub endorsed release project. See: https://github.com/actions/create-release - uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8 + uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0 with: draft: true generate_release_notes: true @@ -487,7 +487,7 @@ jobs: terraform-module.zip - name: Create Terraform provider release with artifcats - uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8 + uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0 with: draft: true generate_release_notes: false diff --git a/.github/workflows/e2e-attestationconfigapi.yml b/.github/workflows/e2e-attestationconfigapi.yml index 6653ec1f5..3c3d233c1 100644 --- a/.github/workflows/e2e-attestationconfigapi.yml +++ b/.github/workflows/e2e-attestationconfigapi.yml @@ -26,7 +26,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: # Don't trigger in forks, use head on pull requests, use default otherwise. ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || github.event.pull_request.head.sha || '' }} diff --git a/.github/workflows/e2e-cleanup-weekly.yml b/.github/workflows/e2e-cleanup-weekly.yml index 5bdb193a7..e8e5ffa92 100644 --- a/.github/workflows/e2e-cleanup-weekly.yml +++ b/.github/workflows/e2e-cleanup-weekly.yml @@ -14,7 +14,7 @@ jobs: id-token: write steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Cleanup uses: ./.github/actions/e2e_cleanup_timeframe diff --git a/.github/workflows/e2e-mini.yml b/.github/workflows/e2e-mini.yml index f333e1ba9..7e03ffd53 100644 --- a/.github/workflows/e2e-mini.yml +++ b/.github/workflows/e2e-mini.yml @@ -29,12 +29,12 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.ref || github.event.workflow_run.head_branch || github.head_ref }} - name: Azure login OIDC - uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1 + uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0 with: client-id: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} diff --git a/.github/workflows/e2e-test-daily.yml b/.github/workflows/e2e-test-daily.yml index a6ac4fa3f..5e36add52 100644 --- a/.github/workflows/e2e-test-daily.yml +++ b/.github/workflows/e2e-test-daily.yml @@ -21,7 +21,7 @@ jobs: image-release-stable: ${{ steps.relabel-output.outputs.image-release-stable }} steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -59,7 +59,7 @@ jobs: needs: [find-latest-image] steps: - name: Check out repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -159,12 +159,12 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Azure login OIDC - uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1 + uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0 with: client-id: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} diff --git a/.github/workflows/e2e-test-provider-example.yml b/.github/workflows/e2e-test-provider-example.yml index c56e092e2..df52b2341 100644 --- a/.github/workflows/e2e-test-provider-example.yml +++ b/.github/workflows/e2e-test-provider-example.yml @@ -71,7 +71,7 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.ref || github.head_ref }} diff --git a/.github/workflows/e2e-test-release.yml b/.github/workflows/e2e-test-release.yml index 95cc6042d..dce7c9913 100644 --- a/.github/workflows/e2e-test-release.yml +++ b/.github/workflows/e2e-test-release.yml @@ -326,7 +326,7 @@ jobs: run: brew install coreutils kubectl bash - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 ref: ${{ inputs.ref || github.head_ref }} @@ -342,7 +342,7 @@ jobs: - name: Set up gcloud CLI (macOS) if: steps.split-attestationVariant.outputs.provider == 'gcp' && runner.os == 'macOS' - uses: google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200 # v2.1.0 + uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a # v2.1.2 - name: Run E2E test id: e2e_test diff --git a/.github/workflows/e2e-test-weekly.yml b/.github/workflows/e2e-test-weekly.yml index 2cdbe36fe..587abd129 100644 --- a/.github/workflows/e2e-test-weekly.yml +++ b/.github/workflows/e2e-test-weekly.yml @@ -22,7 +22,7 @@ jobs: image-main-nightly: ${{ steps.relabel-output.outputs.image-main-nightly }} steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -323,7 +323,7 @@ jobs: needs: [find-latest-image] steps: - name: Check out repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -448,12 +448,12 @@ jobs: steps: - name: Checkout id: checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Azure login OIDC - uses: azure/login@6c251865b4e6290e7b78be643ea2d005bc51f69a # v2.1.1 + uses: azure/login@a65d910e8af852a8061c627c456678983e180302 # v2.2.0 with: client-id: ${{ secrets.AZURE_E2E_MINI_CLIENT_ID }} tenant-id: ${{ secrets.AZURE_TENANT_ID }} diff --git a/.github/workflows/e2e-test.yml b/.github/workflows/e2e-test.yml index 11fc81849..6efdd03b5 100644 --- a/.github/workflows/e2e-test.yml +++ b/.github/workflows/e2e-test.yml @@ -175,13 +175,13 @@ jobs: steps: - name: Checkout head if: inputs.git-ref == 'head' - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Checkout ref if: inputs.git-ref != 'head' - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.git-ref }} @@ -212,19 +212,19 @@ jobs: - name: Checkout head if: inputs.git-ref == 'head' - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Checkout ref if: inputs.git-ref != 'head' - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.git-ref }} - name: Set up gcloud CLI (macOS) if: needs.generate-input-parameters.outputs.cloudProvider == 'gcp' && runner.os == 'macOS' - uses: google-github-actions/setup-gcloud@98ddc00a17442e89a24bbf282954a3b65ce6d200 # v2.1.0 + uses: google-github-actions/setup-gcloud@6189d56e4096ee891640bb02ac264be376592d6a # v2.1.2 - name: Run manual E2E test id: e2e_test diff --git a/.github/workflows/e2e-upgrade.yml b/.github/workflows/e2e-upgrade.yml index ff5082848..5e50ec87e 100644 --- a/.github/workflows/e2e-upgrade.yml +++ b/.github/workflows/e2e-upgrade.yml @@ -147,14 +147,14 @@ jobs: steps: - name: Checkout if: inputs.gitRef == 'head' - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Checkout ref if: inputs.gitRef != 'head' - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 ref: ${{ inputs.gitRef }} @@ -232,14 +232,14 @@ jobs: steps: - name: Checkout if: inputs.gitRef == 'head' - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Checkout ref if: inputs.gitRef != 'head' - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 ref: ${{ inputs.gitRef }} @@ -268,7 +268,7 @@ jobs: push: true - name: Upload CLI binary # is needed for the cleanup step - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: constellation-upgrade-${{ inputs.attestationVariant }} path: build/constellation @@ -411,14 +411,14 @@ jobs: steps: - name: Checkout if: inputs.gitRef == 'head' - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Checkout ref if: inputs.gitRef != 'head' - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 ref: ${{ inputs.gitRef }} diff --git a/.github/workflows/e2e-windows.yml b/.github/workflows/e2e-windows.yml index c24ebba28..26ee8833b 100644 --- a/.github/workflows/e2e-windows.yml +++ b/.github/workflows/e2e-windows.yml @@ -21,7 +21,7 @@ jobs: packages: write steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -45,7 +45,7 @@ jobs: push: true - name: Upload CLI artifact - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: path: build/constellation.exe name: "constell-exe" @@ -56,7 +56,7 @@ jobs: needs: build-cli steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -186,7 +186,7 @@ jobs: inputs.scheduled steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/on-release.yml b/.github/workflows/on-release.yml index 42e8eaa5a..1d46df5c9 100644 --- a/.github/workflows/on-release.yml +++ b/.github/workflows/on-release.yml @@ -26,7 +26,7 @@ jobs: WORKING_BRANCH: ${{ env.WORKING_BRANCH }} steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 # fetch all history @@ -49,7 +49,7 @@ jobs: latest: ${{ steps.input-passthrough.outputs.latest }}${{ steps.check-last-release.outputs.latest }} steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Override latest if: github.event.inputs.latest == 'true' @@ -123,7 +123,7 @@ jobs: contents: write steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Remove temporary branch run: git push origin --delete "${{needs.complete-release-branch-transaction.outputs.WORKING_BRANCH}}" @@ -137,7 +137,7 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: ./.github/actions/setup_bazel_nix diff --git a/.github/workflows/purge-main.yml b/.github/workflows/purge-main.yml index 79d2f537e..b2d9403c9 100644 --- a/.github/workflows/purge-main.yml +++ b/.github/workflows/purge-main.yml @@ -18,7 +18,7 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ github.head_ref }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6b1f3acc1..2db0f9eee 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -33,7 +33,7 @@ jobs: RELEASE_BRANCH: ${{ steps.version-info.outputs.RELEASE_BRANCH }} WORKING_BRANCH: ${{ steps.version-info.outputs.WORKING_BRANCH }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Working branch run: echo "WORKING_BRANCH=$(git branch --show-current)" | tee -a "$GITHUB_ENV" @@ -84,7 +84,7 @@ jobs: MAJOR_MINOR: ${{ needs.verify-inputs.outputs.MAJOR_MINOR }} BRANCH: docs/${{ needs.verify-inputs.outputs.MAJOR_MINOR }} steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: main @@ -147,7 +147,7 @@ jobs: WORKING_BRANCH: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }} steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }} @@ -185,7 +185,7 @@ jobs: WITHOUT_V: ${{ needs.verify-inputs.outputs.WITHOUT_V }} steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }} @@ -250,12 +250,12 @@ jobs: WITHOUT_V: ${{ needs.verify-inputs.outputs.WITHOUT_V }} steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }} - name: Setup Go environment - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: "1.23.2" cache: true diff --git a/.github/workflows/reproducible-builds.yml b/.github/workflows/reproducible-builds.yml index ffc3fa15f..d0faa32b7 100644 --- a/.github/workflows/reproducible-builds.yml +++ b/.github/workflows/reproducible-builds.yml @@ -37,7 +37,7 @@ jobs: runs-on: ${{ matrix.runner }} steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -77,13 +77,13 @@ jobs: run: shasum -a 256 "${binary}" | tee "${binary}.sha256" - name: Upload binary artifact - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: "binaries-${{ matrix.target }}-${{ matrix.runner }}-${{ matrix.deps }}" path: "${{ env.binary }}" - name: Upload hash artifact - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: "sha256sums-${{ matrix.target }}-${{ matrix.runner }}-${{ matrix.deps }}" path: "${{ env.binary }}.sha256" @@ -116,7 +116,7 @@ jobs: sudo apt-get remove -y apparmor - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -142,13 +142,13 @@ jobs: run: shasum -a 256 "${binary}" | tee "${binary}.sha256" - name: Upload binary artifact - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: "osimages-${{ matrix.target }}-${{ matrix.runner }}" path: "${{ env.binary }}" - name: Upload hash artifact - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: "sha256sums-${{ matrix.target }}-${{ matrix.runner }}" path: "${{ env.binary }}.sha256" @@ -166,7 +166,7 @@ jobs: - "cli_enterprise_windows_amd64" runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} @@ -200,7 +200,7 @@ jobs: - "gcp_gcp-sev-snp_nightly" runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 0e5f73b36..f5c996507 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -18,7 +18,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false @@ -30,13 +30,13 @@ jobs: publish_results: true - name: Upload artifact - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: SARIF file path: results.sarif retention-days: 5 - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 with: sarif_file: results.sarif diff --git a/.github/workflows/sync-terraform-docs.yml b/.github/workflows/sync-terraform-docs.yml index 69993fe2b..6b9be623d 100644 --- a/.github/workflows/sync-terraform-docs.yml +++ b/.github/workflows/sync-terraform-docs.yml @@ -18,14 +18,14 @@ jobs: pull-requests: write steps: - name: Checkout constellation repo - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} fetch-depth: 0 path: constellation - name: Checkout terraform-provider-constellation repo - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: edgelesssys/terraform-provider-constellation ref: main diff --git a/.github/workflows/test-integration.yml b/.github/workflows/test-integration.yml index 75d9bec72..c6908ff3d 100644 --- a/.github/workflows/test-integration.yml +++ b/.github/workflows/test-integration.yml @@ -25,7 +25,7 @@ jobs: CTEST_OUTPUT_ON_FAILURE: True steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/test-operator-codegen.yml b/.github/workflows/test-operator-codegen.yml index a396122f6..06a7129d9 100644 --- a/.github/workflows/test-operator-codegen.yml +++ b/.github/workflows/test-operator-codegen.yml @@ -21,12 +21,12 @@ jobs: runs-on: ubuntu-24.04 steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} - name: Setup Go environment - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: "1.23.2" cache: true diff --git a/.github/workflows/test-tfsec.yml b/.github/workflows/test-tfsec.yml index 3e13b4c45..5517ac887 100644 --- a/.github/workflows/test-tfsec.yml +++ b/.github/workflows/test-tfsec.yml @@ -23,7 +23,7 @@ jobs: pull-requests: write steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} diff --git a/.github/workflows/test-tidy.yml b/.github/workflows/test-tidy.yml index b9092113b..99585ddaf 100644 --- a/.github/workflows/test-tidy.yml +++ b/.github/workflows/test-tidy.yml @@ -17,7 +17,7 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} # No token available for forks, so we can't push changes diff --git a/.github/workflows/test-unittest.yml b/.github/workflows/test-unittest.yml index 9401c0776..b676e7dca 100644 --- a/.github/workflows/test-unittest.yml +++ b/.github/workflows/test-unittest.yml @@ -30,7 +30,7 @@ jobs: pull-requests: write steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} fetch-depth: 0 diff --git a/.github/workflows/update-rpms.yml b/.github/workflows/update-rpms.yml index 2f1fcd0a7..bd30519ef 100644 --- a/.github/workflows/update-rpms.yml +++ b/.github/workflows/update-rpms.yml @@ -13,7 +13,7 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: token: ${{ secrets.CI_COMMIT_PUSH_PR }} diff --git a/.github/workflows/versionsapi.yml b/.github/workflows/versionsapi.yml index 0a6373809..c4e62d412 100644 --- a/.github/workflows/versionsapi.yml +++ b/.github/workflows/versionsapi.yml @@ -115,7 +115,7 @@ jobs: steps: - name: Check out repository id: checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} From b99bd53066cf2d4fb45161736f79f74fa924daed Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 28 Nov 2024 16:15:39 +0100 Subject: [PATCH 377/380] deps: update fedora:40 Docker digest to 7cdd2b4 (#3503) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- debugd/filebeat/Dockerfile | 2 +- debugd/logstash/Dockerfile | 4 ++-- debugd/metricbeat/Dockerfile | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/debugd/filebeat/Dockerfile b/debugd/filebeat/Dockerfile index dc52305c9..2aa6f6b4c 100644 --- a/debugd/filebeat/Dockerfile +++ b/debugd/filebeat/Dockerfile @@ -1,4 +1,4 @@ -FROM fedora:40@sha256:d0207dbb078ee261852590b9a8f1ab1f8320547be79a2f39af9f3d23db33735e AS release +FROM fedora:40@sha256:7cdd2b48396929bb8723ea2fa60e03bee39cc22e2a853cbd891587fab4eb1bc9 AS release RUN dnf install -y https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-8.6.2-x86_64.rpm diff --git a/debugd/logstash/Dockerfile b/debugd/logstash/Dockerfile index cdc603187..e0db1695a 100644 --- a/debugd/logstash/Dockerfile +++ b/debugd/logstash/Dockerfile @@ -1,11 +1,11 @@ -FROM fedora:40@sha256:d0207dbb078ee261852590b9a8f1ab1f8320547be79a2f39af9f3d23db33735e AS build +FROM fedora:40@sha256:7cdd2b48396929bb8723ea2fa60e03bee39cc22e2a853cbd891587fab4eb1bc9 AS build ARG LOGSTASH_VER=8.6.1 RUN curl -fsSLO https://artifacts.opensearch.org/logstash/logstash-oss-with-opensearch-output-plugin-$LOGSTASH_VER-linux-x64.tar.gz RUN tar -zxvf logstash-oss-with-opensearch-output-plugin-$LOGSTASH_VER-linux-x64.tar.gz -FROM fedora:40@sha256:d0207dbb078ee261852590b9a8f1ab1f8320547be79a2f39af9f3d23db33735e AS release +FROM fedora:40@sha256:7cdd2b48396929bb8723ea2fa60e03bee39cc22e2a853cbd891587fab4eb1bc9 AS release COPY --from=build logstash-* /usr/share/logstash diff --git a/debugd/metricbeat/Dockerfile b/debugd/metricbeat/Dockerfile index c6aca1f5f..108882355 100644 --- a/debugd/metricbeat/Dockerfile +++ b/debugd/metricbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM fedora:40@sha256:d0207dbb078ee261852590b9a8f1ab1f8320547be79a2f39af9f3d23db33735e AS release +FROM fedora:40@sha256:7cdd2b48396929bb8723ea2fa60e03bee39cc22e2a853cbd891587fab4eb1bc9 AS release RUN dnf install -y https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-8.9.2-x86_64.rpm From 5977f0f5b1d3bd9878e5fd8ec2308307cceb93bf Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 28 Nov 2024 19:49:37 +0100 Subject: [PATCH 378/380] deps: update rhysd/actionlint to v1.7.4 (#3506) * deps: update rhysd/actionlint to v1.7.4 * deps: tidy all modules --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci --- bazel/toolchains/ci_deps.bzl | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/bazel/toolchains/ci_deps.bzl b/bazel/toolchains/ci_deps.bzl index 2f2536d7e..9267154eb 100644 --- a/bazel/toolchains/ci_deps.bzl +++ b/bazel/toolchains/ci_deps.bzl @@ -97,41 +97,41 @@ def _actionlint_deps(): name = "com_github_rhysd_actionlint_linux_amd64", build_file_content = """exports_files(["actionlint"], visibility = ["//visibility:public"])""", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/37252b4d440b56374b0fc1726e05fd7452d30d6d774f6e9b52e65bb64475f9db", - "https://github.com/rhysd/actionlint/releases/download/v1.7.3/actionlint_1.7.3_linux_amd64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/fc0a6886bbb9a23a39eeec4b176193cadb54ddbe77cdbb19b637933919545395", + "https://github.com/rhysd/actionlint/releases/download/v1.7.4/actionlint_1.7.4_linux_amd64.tar.gz", ], type = "tar.gz", - sha256 = "37252b4d440b56374b0fc1726e05fd7452d30d6d774f6e9b52e65bb64475f9db", + sha256 = "fc0a6886bbb9a23a39eeec4b176193cadb54ddbe77cdbb19b637933919545395", ) http_archive( name = "com_github_rhysd_actionlint_linux_arm64", build_file_content = """exports_files(["actionlint"], visibility = ["//visibility:public"])""", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/5fd82142c39208bfdc51b929ff9bd84c38bcc10b4362ef2261a5d70d38e68e05", - "https://github.com/rhysd/actionlint/releases/download/v1.7.3/actionlint_1.7.3_linux_arm64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/ede03682dc955381d057dde95bb85ce9ca418122209a8a313b617d4adec56416", + "https://github.com/rhysd/actionlint/releases/download/v1.7.4/actionlint_1.7.4_linux_arm64.tar.gz", ], type = "tar.gz", - sha256 = "5fd82142c39208bfdc51b929ff9bd84c38bcc10b4362ef2261a5d70d38e68e05", + sha256 = "ede03682dc955381d057dde95bb85ce9ca418122209a8a313b617d4adec56416", ) http_archive( name = "com_github_rhysd_actionlint_darwin_amd64", build_file_content = """exports_files(["actionlint"], visibility = ["//visibility:public"])""", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/33e960b719c87ecc0c807cf4945fd4078980cd2e626b27ded0e9551c757fa8f6", - "https://github.com/rhysd/actionlint/releases/download/v1.7.3/actionlint_1.7.3_darwin_amd64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/63a3ba90ee2325afad3ff2e64a4d80688c261e6c68be8e6ab91214637bf936b8", + "https://github.com/rhysd/actionlint/releases/download/v1.7.4/actionlint_1.7.4_darwin_amd64.tar.gz", ], type = "tar.gz", - sha256 = "33e960b719c87ecc0c807cf4945fd4078980cd2e626b27ded0e9551c757fa8f6", + sha256 = "63a3ba90ee2325afad3ff2e64a4d80688c261e6c68be8e6ab91214637bf936b8", ) http_archive( name = "com_github_rhysd_actionlint_darwin_arm64", build_file_content = """exports_files(["actionlint"], visibility = ["//visibility:public"])""", urls = [ - "https://cdn.confidential.cloud/constellation/cas/sha256/b4e8dab8dda48eceff6afea67d0fe4a14b8d4ea7191cf233c1e1af8a62f37c24", - "https://github.com/rhysd/actionlint/releases/download/v1.7.3/actionlint_1.7.3_darwin_arm64.tar.gz", + "https://cdn.confidential.cloud/constellation/cas/sha256/cbd193bb490f598d77e179261d7b76dfebd049dddede5803ba21cbf6a469aeee", + "https://github.com/rhysd/actionlint/releases/download/v1.7.4/actionlint_1.7.4_darwin_arm64.tar.gz", ], type = "tar.gz", - sha256 = "b4e8dab8dda48eceff6afea67d0fe4a14b8d4ea7191cf233c1e1af8a62f37c24", + sha256 = "cbd193bb490f598d77e179261d7b76dfebd049dddede5803ba21cbf6a469aeee", ) def _gofumpt_deps(): From 17bfce7c11b53f73e5562b6e65f7e9504ecbc9a2 Mon Sep 17 00:00:00 2001 From: edgelessci <71088502+edgelessci@users.noreply.github.com> Date: Fri, 29 Nov 2024 08:49:05 +0100 Subject: [PATCH 379/380] image: update measurements and image version (#3508) Co-authored-by: edgelessci --- .../measurements/measurements_enterprise.go | 16 ++++++++-------- internal/config/image_enterprise.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/internal/attestation/measurements/measurements_enterprise.go b/internal/attestation/measurements/measurements_enterprise.go index 57a7f1c0c..ba732512d 100644 --- a/internal/attestation/measurements/measurements_enterprise.go +++ b/internal/attestation/measurements/measurements_enterprise.go @@ -19,14 +19,14 @@ package measurements // revive:disable:var-naming var ( - aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x93, 0xca, 0x1a, 0xed, 0x66, 0x24, 0xd4, 0xd3, 0x2d, 0x67, 0x5a, 0x42, 0xe5, 0x21, 0x93, 0x77, 0x09, 0x19, 0xe9, 0xf8, 0x1f, 0x4d, 0x57, 0x2d, 0x79, 0xfd, 0xe3, 0xcb, 0x6f, 0xf8, 0xcc, 0xde}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x3f, 0x1f, 0x00, 0x51, 0xbe, 0x65, 0x95, 0xb6, 0x35, 0x25, 0xf6, 0x3c, 0x23, 0x34, 0xb3, 0x52, 0x05, 0x7b, 0x7b, 0x05, 0xfb, 0x23, 0x07, 0xe1, 0x69, 0xa9, 0x61, 0x59, 0x3f, 0x43, 0xfb, 0x71}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x07, 0x80, 0x36, 0xb7, 0x4e, 0xc8, 0xe4, 0xdb, 0xec, 0xf3, 0x13, 0x94, 0x87, 0x02, 0x7c, 0x2e, 0x76, 0x1c, 0x0b, 0x3f, 0x17, 0x4b, 0xae, 0xb1, 0x5f, 0x5f, 0xed, 0x43, 0xae, 0x00, 0x78, 0xc7}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xf1, 0x27, 0xd4, 0xda, 0x84, 0xb7, 0x4b, 0xb1, 0x25, 0x4e, 0x0a, 0xe0, 0x67, 0x91, 0xcc, 0xde, 0xd9, 0x6a, 0xd5, 0xf0, 0xdf, 0xe2, 0x05, 0x48, 0x79, 0x47, 0x3e, 0x7a, 0xfa, 0xa0, 0xdc, 0xcf}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xed, 0x82, 0x06, 0x6b, 0x9b, 0x4c, 0x0a, 0xf3, 0x48, 0x87, 0x2c, 0x48, 0xf1, 0x00, 0xa4, 0x22, 0xa4, 0x54, 0x1b, 0x8a, 0xc8, 0x1b, 0xac, 0x55, 0xec, 0xff, 0xf9, 0x12, 0x01, 0x5d, 0x28, 0xf6}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x63, 0x0e, 0x7a, 0x55, 0xdd, 0x68, 0x99, 0xdb, 0x41, 0xb4, 0x1f, 0xef, 0xf8, 0x9e, 0x4d, 0xf8, 0x1f, 0x57, 0xa8, 0x2a, 0x4a, 0x0c, 0x23, 0x0d, 0x17, 0x1c, 0x6c, 0x34, 0x66, 0xd1, 0xab, 0x07}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x29, 0x72, 0xed, 0x03, 0x75, 0xb0, 0x95, 0xd5, 0xce, 0x32, 0x12, 0x68, 0xc8, 0x62, 0x78, 0x88, 0x44, 0xe6, 0x2c, 0x48, 0xa7, 0xc2, 0x72, 0x6a, 0x24, 0xd0, 0x76, 0x26, 0x7a, 0x80, 0x01, 0xa3}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xa3, 0xaf, 0xc3, 0x5d, 0xe9, 0x4b, 0x27, 0xf9, 0x75, 0x81, 0x7a, 0x7e, 0x6f, 0xf0, 0xcf, 0x61, 0x86, 0x02, 0x55, 0x04, 0x8b, 0x82, 0x2d, 0x45, 0x4c, 0x86, 0xa2, 0xc5, 0xfc, 0xc2, 0xfd, 0x3c}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x0d, 0x49, 0x67, 0xd5, 0xc9, 0x9c, 0xbe, 0x08, 0x4a, 0x7b, 0x67, 0x2e, 0x22, 0x9c, 0x8e, 0xfe, 0x24, 0x66, 0xae, 0x06, 0x56, 0x3a, 0x07, 0x1b, 0xa1, 0xe1, 0x66, 0x1e, 0xe8, 0xae, 0x1c, 0x73}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x7e, 0xc0, 0x87, 0x55, 0x01, 0x7d, 0x9c, 0xd2, 0xc7, 0x43, 0x94, 0x35, 0xcb, 0x2b, 0xa4, 0xb4, 0xb7, 0x9a, 0x83, 0x6c, 0x10, 0x41, 0x43, 0xfd, 0xb9, 0x74, 0x96, 0xca, 0xb5, 0x82, 0x1e, 0x05}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xc9, 0x1d, 0x7b, 0x21, 0x67, 0x0c, 0xc3, 0xfa, 0x6c, 0xf1, 0xe8, 0xed, 0x57, 0xae, 0x71, 0x66, 0xb0, 0x44, 0xee, 0x90, 0xd8, 0x9e, 0x8c, 0x27, 0xd2, 0xf6, 0x07, 0xbd, 0x55, 0xaa, 0xb8, 0x85}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x3a, 0x12, 0xaa, 0x60, 0xee, 0x19, 0x45, 0xfb, 0x6c, 0x4f, 0x34, 0xa6, 0x57, 0x80, 0x39, 0x46, 0x11, 0x64, 0x14, 0xec, 0x91, 0x4a, 0x4a, 0x95, 0x1e, 0x64, 0x12, 0xb1, 0xc9, 0x87, 0xa1, 0x86}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSNitroTPM = M{0: {Expected: []byte{0x73, 0x7f, 0x76, 0x7a, 0x12, 0xf5, 0x4e, 0x70, 0xee, 0xcb, 0xc8, 0x68, 0x40, 0x11, 0x32, 0x3a, 0xe2, 0xfe, 0x2d, 0xd9, 0xf9, 0x07, 0x85, 0x57, 0x79, 0x69, 0xd7, 0xa2, 0x01, 0x3e, 0x8c, 0x12}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x52, 0x4e, 0xb1, 0x3d, 0x5e, 0x3e, 0x0f, 0x7c, 0x80, 0xa3, 0x25, 0x33, 0x8d, 0xec, 0x99, 0xc5, 0x02, 0x71, 0xb0, 0x8b, 0xd7, 0x10, 0x38, 0x6f, 0xce, 0x65, 0x19, 0x9f, 0xef, 0x92, 0x14, 0x61}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x87, 0xac, 0x51, 0xf1, 0xb5, 0x4e, 0x67, 0xfb, 0x58, 0xb1, 0x48, 0xe0, 0xa5, 0x93, 0x52, 0x06, 0x21, 0x1b, 0xf6, 0x79, 0x5e, 0xb5, 0x03, 0x49, 0x9d, 0x47, 0x2b, 0x4c, 0x79, 0x4d, 0x9d, 0x74}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xa2, 0xe0, 0x94, 0xad, 0x2f, 0x1f, 0xc8, 0xb5, 0x14, 0x65, 0xfd, 0x68, 0xec, 0x9c, 0xe3, 0xb5, 0xf8, 0x46, 0x7a, 0xa0, 0x31, 0xae, 0x20, 0x56, 0x8a, 0x82, 0xdd, 0xdd, 0x12, 0x9a, 0x10, 0xe7}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + aws_AWSSEVSNP = M{0: {Expected: []byte{0x7b, 0x06, 0x8c, 0x0c, 0x3a, 0xc2, 0x9a, 0xfe, 0x26, 0x41, 0x34, 0x53, 0x6b, 0x9b, 0xe2, 0x6f, 0x1d, 0x4c, 0xcd, 0x57, 0x5b, 0x88, 0xd3, 0xc3, 0xce, 0xab, 0xf3, 0x6a, 0xc9, 0x9c, 0x02, 0x78}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x1f, 0xb0, 0xd4, 0x6b, 0x77, 0x91, 0xe8, 0x51, 0xf9, 0x22, 0xe7, 0xb7, 0x93, 0x99, 0x0a, 0x92, 0x1c, 0xcc, 0x8e, 0xe1, 0xc6, 0x17, 0x20, 0x9e, 0x25, 0xf0, 0x53, 0x8d, 0x38, 0xb7, 0xf8, 0x3f}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd3, 0xbc, 0xd3, 0xcc, 0x12, 0x2a, 0xc5, 0x1b, 0xb0, 0x71, 0x4a, 0xac, 0x95, 0x4d, 0x8c, 0x95, 0x9e, 0xf1, 0x96, 0x8f, 0x4c, 0x67, 0xce, 0xce, 0x05, 0xdb, 0xfb, 0xb1, 0xda, 0xdc, 0xb9, 0xaf}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x1c, 0xcd, 0x6c, 0x28, 0x4b, 0x3c, 0x7a, 0x0d, 0x59, 0x31, 0x63, 0x7f, 0x60, 0x7c, 0x06, 0x00, 0xec, 0x64, 0x46, 0x26, 0x1d, 0x3e, 0xe5, 0x78, 0xb5, 0x93, 0x25, 0x78, 0xdb, 0xb8, 0x8a, 0xf8}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureSEVSNP = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x85, 0xb8, 0x95, 0x18, 0x35, 0x3a, 0x65, 0x29, 0xe9, 0xb3, 0x55, 0xb2, 0xc4, 0x2a, 0x3b, 0xd9, 0x02, 0x54, 0x59, 0x1a, 0x51, 0xc5, 0x12, 0x8b, 0x90, 0xc3, 0x9a, 0xcb, 0x46, 0x93, 0x91, 0xd1}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x5e, 0x05, 0xc8, 0xe4, 0xea, 0x69, 0x9a, 0x0d, 0xff, 0xe0, 0x5a, 0xe1, 0x0b, 0x0c, 0xe3, 0x92, 0x4c, 0xbe, 0xe5, 0xdd, 0xfe, 0xe5, 0x05, 0x54, 0x18, 0x35, 0x0b, 0x3e, 0x5f, 0x37, 0x21, 0xd9}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xba, 0x3f, 0x88, 0x34, 0xeb, 0xbc, 0x5e, 0xe1, 0xb7, 0x5b, 0x82, 0xa6, 0x77, 0x8f, 0x81, 0xe3, 0x58, 0xa0, 0x0e, 0x04, 0xca, 0xcd, 0xfb, 0xbe, 0x28, 0x7e, 0x95, 0x15, 0x79, 0x2e, 0xc2, 0x76}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + azure_AzureTDX = M{1: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xd7, 0xa4, 0x27, 0x21, 0x96, 0x85, 0xf9, 0xa9, 0x4d, 0x9f, 0x5b, 0xcb, 0xb1, 0x97, 0xf1, 0x5b, 0x90, 0x49, 0xe3, 0xea, 0xaa, 0xf7, 0xa6, 0x98, 0xf6, 0x9e, 0x5c, 0x84, 0x20, 0x3e, 0xc8, 0xa6}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x8f, 0x94, 0x38, 0x33, 0x1d, 0xf2, 0x1a, 0x0b, 0x4e, 0x54, 0xf9, 0xd2, 0xea, 0x85, 0x09, 0x86, 0x7a, 0x7e, 0x92, 0x79, 0x6f, 0x7d, 0x29, 0xa6, 0x59, 0x23, 0xd0, 0x81, 0x94, 0xaa, 0xff, 0x0b}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xfb, 0x6e, 0xc9, 0x39, 0xca, 0xa8, 0x0d, 0xa7, 0xd7, 0x3b, 0x12, 0xf0, 0x88, 0x32, 0x8e, 0x2e, 0x56, 0xa6, 0x0a, 0xcc, 0x77, 0xa3, 0x15, 0xb6, 0x28, 0x2d, 0x7a, 0x85, 0xa2, 0xe3, 0x00, 0xd5}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} azure_AzureTrustedLaunch M - gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x53, 0xa4, 0x59, 0xa0, 0x35, 0x71, 0xb4, 0x23, 0x43, 0xd8, 0x9d, 0xf3, 0x02, 0x46, 0x32, 0xe6, 0xdc, 0xb1, 0x00, 0x0a, 0xc8, 0x48, 0x96, 0xbd, 0x71, 0xc0, 0x58, 0xd3, 0xbc, 0xe6, 0x59, 0xd2}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xaa, 0x00, 0x26, 0x40, 0xef, 0xab, 0x25, 0x92, 0x81, 0xdd, 0x80, 0x98, 0x27, 0x43, 0x0b, 0xa2, 0xe9, 0x56, 0x3f, 0xb7, 0x94, 0x81, 0xd0, 0x95, 0x76, 0xe4, 0xe9, 0x48, 0x63, 0x51, 0xd5, 0xfc}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x4d, 0xf0, 0x6c, 0x0c, 0x3e, 0x65, 0xb9, 0xdd, 0x16, 0x38, 0xa7, 0x94, 0x8a, 0x5c, 0xc7, 0x33, 0x57, 0x2e, 0xe9, 0x35, 0x10, 0x95, 0xa3, 0xd2, 0x12, 0xa4, 0x3f, 0x3d, 0xf1, 0xa3, 0x50, 0x5c}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0xe1, 0xde, 0x76, 0x44, 0x39, 0x0e, 0x66, 0x76, 0x3b, 0x57, 0x23, 0x21, 0xad, 0xb9, 0xc3, 0x2d, 0xc9, 0xcd, 0x66, 0xbb, 0x7d, 0x8e, 0x9c, 0x7a, 0xb3, 0xec, 0x65, 0xb9, 0xdd, 0x1c, 0x05, 0xdc}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xdf, 0xdd, 0xb0, 0x31, 0xff, 0x4d, 0x11, 0xa8, 0x2d, 0xed, 0xe1, 0x11, 0x18, 0xc4, 0x24, 0x87, 0xbe, 0x47, 0x8d, 0x8e, 0xc9, 0x1b, 0x7c, 0x31, 0x6d, 0x45, 0x7d, 0xdc, 0x40, 0xf4, 0x61, 0x26}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x51, 0x34, 0x22, 0x97, 0x63, 0xad, 0xea, 0x19, 0x0c, 0xe0, 0x2d, 0x1d, 0x66, 0x99, 0xdb, 0x0c, 0x6b, 0x40, 0x57, 0x2b, 0xac, 0x5a, 0xd6, 0xba, 0x1e, 0x71, 0x61, 0x07, 0xf6, 0xe0, 0xfa, 0x9c}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} - openstack_QEMUVTPM = M{4: {Expected: []byte{0xe8, 0x34, 0x02, 0x9d, 0xea, 0x7e, 0xf1, 0x52, 0xdf, 0x5a, 0x60, 0xdd, 0xec, 0xa2, 0x82, 0x36, 0x13, 0xb5, 0x3d, 0xae, 0xef, 0x97, 0x95, 0x1a, 0x69, 0x6a, 0xd3, 0x6e, 0x9e, 0xae, 0x15, 0x1f}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xed, 0x8d, 0xc1, 0x7c, 0x1f, 0xb0, 0x08, 0x98, 0x11, 0xdc, 0x1e, 0xb2, 0x73, 0xf1, 0xf8, 0x09, 0x6e, 0xb5, 0x19, 0x77, 0xa7, 0x8d, 0xfb, 0x17, 0xd4, 0x1d, 0x6e, 0xa1, 0x15, 0xef, 0x2b, 0x39}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x0a, 0x8b, 0x8d, 0x3f, 0xfc, 0x2b, 0x5d, 0x7f, 0x41, 0x5b, 0x48, 0x95, 0xf6, 0x34, 0x8e, 0x42, 0xbb, 0xb7, 0x9b, 0x18, 0xf3, 0xad, 0x40, 0xc9, 0x39, 0x00, 0x5f, 0xfc, 0x51, 0xcb, 0x14, 0xc1}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVES = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x78, 0x2f, 0xa5, 0xdf, 0x53, 0x65, 0x67, 0x4f, 0x56, 0x16, 0x87, 0x36, 0xff, 0x01, 0x04, 0xe6, 0x04, 0xc3, 0x8c, 0xb6, 0x97, 0xde, 0x62, 0x25, 0xc8, 0xab, 0x6a, 0xe2, 0xab, 0xe8, 0x2b, 0x84}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xd5, 0x2b, 0x7a, 0xce, 0xf7, 0x34, 0xf3, 0x3e, 0x15, 0x88, 0x51, 0x36, 0x3d, 0xd9, 0xfc, 0xcf, 0x25, 0xb0, 0x95, 0x0f, 0x7a, 0x49, 0x78, 0xfb, 0x5c, 0x74, 0x93, 0x9b, 0x95, 0x9f, 0x2d, 0x37}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd3, 0x46, 0x24, 0x85, 0xb0, 0xac, 0x6e, 0x84, 0x13, 0x53, 0xb3, 0x77, 0x8c, 0x51, 0x50, 0x0c, 0x8f, 0xb3, 0x37, 0x70, 0xe7, 0x0c, 0x83, 0xc5, 0x42, 0x47, 0x3f, 0x99, 0x56, 0x58, 0x95, 0x83}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + gcp_GCPSEVSNP = M{1: {Expected: []byte{0x36, 0x95, 0xdc, 0xc5, 0x5e, 0x3a, 0xa3, 0x40, 0x27, 0xc2, 0x77, 0x93, 0xc8, 0x5c, 0x72, 0x3c, 0x69, 0x7d, 0x70, 0x8c, 0x42, 0xd1, 0xf7, 0x3b, 0xd6, 0xfa, 0x4f, 0x26, 0x60, 0x8a, 0x5b, 0x24}, ValidationOpt: WarnOnly}, 2: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 3: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 4: {Expected: []byte{0x40, 0xab, 0xeb, 0xaf, 0x92, 0x65, 0x20, 0x4d, 0x1e, 0x4c, 0x43, 0x78, 0x76, 0xe4, 0xfc, 0xff, 0x22, 0x66, 0x1b, 0x15, 0x29, 0x1c, 0x64, 0xe8, 0xd1, 0x3e, 0x1b, 0x60, 0xa5, 0x7e, 0x9f, 0x8c}, ValidationOpt: Enforce}, 6: {Expected: []byte{0x3d, 0x45, 0x8c, 0xfe, 0x55, 0xcc, 0x03, 0xea, 0x1f, 0x44, 0x3f, 0x15, 0x62, 0xbe, 0xec, 0x8d, 0xf5, 0x1c, 0x75, 0xe1, 0x4a, 0x9f, 0xcf, 0x9a, 0x72, 0x34, 0xa1, 0x3f, 0x19, 0x8e, 0x79, 0x69}, ValidationOpt: WarnOnly}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0x4a, 0x0b, 0xc5, 0xe6, 0x15, 0x3b, 0xf4, 0x81, 0x01, 0x07, 0xbe, 0x65, 0xf7, 0x3b, 0x25, 0x1b, 0x85, 0x90, 0x45, 0xd6, 0x88, 0xce, 0xc4, 0x22, 0x08, 0x56, 0x91, 0x3d, 0x06, 0x00, 0xfd, 0x9e}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x12, 0x6e, 0x0b, 0xc8, 0x0c, 0x69, 0x29, 0x18, 0x8e, 0xd1, 0x29, 0x72, 0x4b, 0x6c, 0xba, 0x8c, 0xf4, 0xb5, 0x06, 0x5e, 0xa8, 0x0c, 0x49, 0xa1, 0xce, 0xb9, 0xd5, 0xdc, 0x67, 0xf0, 0x1f, 0xb6}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + openstack_QEMUVTPM = M{4: {Expected: []byte{0x9f, 0x95, 0x8f, 0x98, 0xa5, 0xe6, 0x30, 0x94, 0xcb, 0x32, 0xff, 0x52, 0x52, 0x81, 0xcd, 0x3f, 0x70, 0x3e, 0xa2, 0x66, 0xff, 0x0c, 0x8d, 0xea, 0x66, 0xfa, 0x78, 0xa0, 0x5e, 0x26, 0x62, 0x06}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xce, 0x63, 0xd7, 0x7b, 0x6d, 0xe0, 0xc2, 0xc8, 0xcb, 0xbb, 0xe0, 0xa3, 0x31, 0xab, 0xff, 0xfa, 0x42, 0x65, 0xdf, 0x36, 0x7b, 0xbc, 0xb1, 0x54, 0x11, 0xeb, 0xc5, 0xa2, 0x44, 0xc9, 0x18, 0x67}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xe8, 0xad, 0xba, 0x5a, 0x0a, 0xa4, 0x5e, 0xfb, 0x60, 0xa1, 0x31, 0x96, 0x55, 0xf8, 0xd6, 0xd3, 0x5e, 0x81, 0xc8, 0xf7, 0xf9, 0x20, 0xb2, 0x90, 0x2a, 0xd0, 0x3f, 0x4d, 0xf6, 0x3d, 0x02, 0xaa}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 14: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: WarnOnly}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} qemu_QEMUTDX M - qemu_QEMUVTPM = M{4: {Expected: []byte{0xef, 0x93, 0xd9, 0xb2, 0x9a, 0xfe, 0x2d, 0x2e, 0x8e, 0x14, 0x82, 0x24, 0x36, 0xdb, 0x99, 0xab, 0x82, 0xbf, 0x1d, 0xd6, 0xbb, 0x27, 0x9d, 0x4d, 0x5f, 0xd8, 0x6e, 0xd6, 0xfa, 0xa8, 0xfb, 0x81}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xa3, 0x7f, 0x76, 0x4c, 0xf4, 0xaf, 0x2c, 0xc1, 0x48, 0xdd, 0xb7, 0xd8, 0x2a, 0x20, 0x19, 0x34, 0x08, 0x4f, 0xef, 0xef, 0x63, 0x8a, 0xbc, 0x03, 0x2e, 0x2d, 0x0b, 0x31, 0xf6, 0x67, 0x64, 0x00}, ValidationOpt: Enforce}, 11: {Expected: []byte{0x89, 0x92, 0xc6, 0xa8, 0x75, 0x9f, 0x65, 0x3c, 0x09, 0xd8, 0x52, 0x36, 0x06, 0xcc, 0x6c, 0xe6, 0xec, 0x47, 0x53, 0x4b, 0x5e, 0x49, 0xfb, 0x05, 0xb6, 0x91, 0x75, 0xdb, 0xd8, 0x7d, 0x37, 0xb1}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} + qemu_QEMUVTPM = M{4: {Expected: []byte{0x74, 0x41, 0x6d, 0x97, 0x76, 0x56, 0x22, 0xdc, 0xdb, 0x71, 0xab, 0x99, 0x11, 0xe1, 0x99, 0x98, 0x5b, 0x9d, 0x75, 0xc0, 0x9e, 0x56, 0xdb, 0xdb, 0x10, 0x7e, 0x1e, 0xbf, 0x89, 0x33, 0x0f, 0x17}, ValidationOpt: Enforce}, 8: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 9: {Expected: []byte{0xf4, 0xa0, 0x26, 0xb1, 0x77, 0xf5, 0xa9, 0x93, 0x13, 0xbf, 0x68, 0x72, 0xa7, 0x45, 0xf3, 0xd8, 0x4a, 0xbb, 0x44, 0x29, 0xd7, 0x5d, 0xf6, 0x7d, 0x42, 0x3e, 0x3b, 0x36, 0xfa, 0x7e, 0x75, 0x63}, ValidationOpt: Enforce}, 11: {Expected: []byte{0xd1, 0x5e, 0xb9, 0xb4, 0xd5, 0xff, 0x6f, 0x60, 0xaa, 0x1c, 0x93, 0xe4, 0x45, 0x8b, 0x76, 0xd6, 0xe3, 0x8f, 0x90, 0x06, 0xb4, 0x1b, 0xe5, 0xed, 0x8e, 0x0a, 0x37, 0xec, 0xde, 0x84, 0xd8, 0xc8}, ValidationOpt: Enforce}, 12: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 13: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}, 15: {Expected: []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, ValidationOpt: Enforce}} ) diff --git a/internal/config/image_enterprise.go b/internal/config/image_enterprise.go index 37e9946f3..9bd6dd0fd 100644 --- a/internal/config/image_enterprise.go +++ b/internal/config/image_enterprise.go @@ -10,5 +10,5 @@ package config const ( // defaultImage is the default image to use. - defaultImage = "ref/main/stream/nightly/v2.20.0-pre.0.20241126165041-143f68385217" + defaultImage = "ref/main/stream/nightly/v2.20.0-pre.0.20241128194937-5977f0f5b1d3" ) From 2c318905a6ca936848e81b069f2995a9523514ee Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 29 Nov 2024 11:14:21 +0100 Subject: [PATCH 380/380] deps: update bazel (modules) (#3505) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * deps: update bazel (modules) * deps: tidy all modules * Ignore rules_python root warning Signed-off-by: Daniel Weiße * deps: tidy all modules --------- Signed-off-by: Daniel Weiße Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: edgelessci Co-authored-by: Daniel Weiße --- MODULE.bazel | 12 +- MODULE.bazel.lock | 3923 +++++++---------- bootstrapper/initproto/init.pb.go | 2 +- debugd/service/debugd.pb.go | 2 +- disk-mapper/recoverproto/recover.pb.go | 2 +- internal/versions/components/components.pb.go | 2 +- joinservice/joinproto/join.pb.go | 2 +- keyservice/keyserviceproto/keyservice.pb.go | 2 +- upgrade-agent/upgradeproto/upgrade.pb.go | 2 +- verify/verifyproto/verify.pb.go | 2 +- 10 files changed, 1673 insertions(+), 2278 deletions(-) diff --git a/MODULE.bazel b/MODULE.bazel index e908ecbfd..111a0f6ad 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -1,6 +1,6 @@ module(name = "constellation") -bazel_dep(name = "aspect_bazel_lib", version = "2.9.3") +bazel_dep(name = "aspect_bazel_lib", version = "2.9.4") bazel_lib = use_extension("@aspect_bazel_lib//lib:extensions.bzl", "toolchains") bazel_lib.yq() @@ -10,11 +10,11 @@ use_repo(bazel_lib, "yq_toolchains") bazel_dep(name = "bazel_skylib", version = "1.7.1") bazel_dep(name = "gazelle", version = "0.39.1") bazel_dep(name = "hermetic_cc_toolchain", version = "3.1.1") -bazel_dep(name = "rules_cc", version = "0.0.13") +bazel_dep(name = "rules_cc", version = "0.1.0") bazel_dep(name = "rules_go", version = "0.50.1", repo_name = "io_bazel_rules_go") bazel_dep(name = "rules_pkg", version = "0.10.1") bazel_dep(name = "rules_proto", version = "6.0.2") -bazel_dep(name = "rules_python", version = "0.36.0") +bazel_dep(name = "rules_python", version = "0.40.0") bazel_dep(name = "buildifier_prebuilt", version = "6.4.0", dev_dependency = True) @@ -25,6 +25,12 @@ go_sdk.download( version = "1.23.2", ) +python = use_extension("@rules_python//python/extensions:python.bzl", "python") +python.toolchain( + ignore_root_user_error = True, + python_version = "3.11", +) + # the use_repo rule needs to list all top-level go dependencies # update automatically using `bazel mod tidy`. go_deps = use_extension("@gazelle//:extensions.bzl", "go_deps") diff --git a/MODULE.bazel.lock b/MODULE.bazel.lock index 835cc284f..4782a3045 100644 --- a/MODULE.bazel.lock +++ b/MODULE.bazel.lock @@ -6,18 +6,26 @@ "https://bcr.bazel.build/modules/abseil-cpp/20211102.0/MODULE.bazel": "70390338f7a5106231d20620712f7cccb659cd0e9d073d1991c038eb9fc57589", "https://bcr.bazel.build/modules/abseil-cpp/20230125.1/MODULE.bazel": "89047429cb0207707b2dface14ba7f8df85273d484c2572755be4bab7ce9c3a0", "https://bcr.bazel.build/modules/abseil-cpp/20230802.0.bcr.1/MODULE.bazel": "1c8cec495288dccd14fdae6e3f95f772c1c91857047a098fad772034264cc8cb", - "https://bcr.bazel.build/modules/abseil-cpp/20230802.0.bcr.1/source.json": "14892cc698e02ffedf4967546e6bedb7245015906888d3465fcf27c90a26da10", + "https://bcr.bazel.build/modules/abseil-cpp/20230802.0/MODULE.bazel": "d253ae36a8bd9ee3c5955384096ccb6baf16a1b1e93e858370da0a3b94f77c16", + "https://bcr.bazel.build/modules/abseil-cpp/20230802.1/MODULE.bazel": "fa92e2eb41a04df73cdabeec37107316f7e5272650f81d6cc096418fe647b915", + "https://bcr.bazel.build/modules/abseil-cpp/20240116.1/MODULE.bazel": "37bcdb4440fbb61df6a1c296ae01b327f19e9bb521f9b8e26ec854b6f97309ed", + "https://bcr.bazel.build/modules/abseil-cpp/20240116.1/source.json": "9be551b8d4e3ef76875c0d744b5d6a504a27e3ae67bc6b28f46415fd2d2957da", "https://bcr.bazel.build/modules/apple_support/1.5.0/MODULE.bazel": "50341a62efbc483e8a2a6aec30994a58749bd7b885e18dd96aa8c33031e558ef", "https://bcr.bazel.build/modules/apple_support/1.5.0/source.json": "eb98a7627c0bc486b57f598ad8da50f6625d974c8f723e9ea71bd39f709c9862", - "https://bcr.bazel.build/modules/aspect_bazel_lib/2.9.3/MODULE.bazel": "66baf724dbae7aff4787bf2245cc188d50cb08e07789769730151c0943587c14", - "https://bcr.bazel.build/modules/aspect_bazel_lib/2.9.3/source.json": "b290debdc0ab191a2a866b5a4e26f042c983026ff58b2e003ea634d838e3b6ae", + "https://bcr.bazel.build/modules/aspect_bazel_lib/2.9.4/MODULE.bazel": "ccc41028429f894b02fde7ef67d416cba3ba5084ed9ddb9bb6107aa82d118776", + "https://bcr.bazel.build/modules/aspect_bazel_lib/2.9.4/source.json": "9e20ebe57de2e7657a188af6e132a9562fa26c201b2d999bc0a8981e8f3b6c36", "https://bcr.bazel.build/modules/bazel_features/1.1.0/MODULE.bazel": "cfd42ff3b815a5f39554d97182657f8c4b9719568eb7fded2b9135f084bf760b", "https://bcr.bazel.build/modules/bazel_features/1.1.1/MODULE.bazel": "27b8c79ef57efe08efccbd9dd6ef70d61b4798320b8d3c134fd571f78963dbcd", "https://bcr.bazel.build/modules/bazel_features/1.11.0/MODULE.bazel": "f9382337dd5a474c3b7d334c2f83e50b6eaedc284253334cf823044a26de03e8", - "https://bcr.bazel.build/modules/bazel_features/1.11.0/source.json": "c9320aa53cd1c441d24bd6b716da087ad7e4ff0d9742a9884587596edfe53015", + "https://bcr.bazel.build/modules/bazel_features/1.15.0/MODULE.bazel": "d38ff6e517149dc509406aca0db3ad1efdd890a85e049585b7234d04238e2a4d", + "https://bcr.bazel.build/modules/bazel_features/1.17.0/MODULE.bazel": "039de32d21b816b47bd42c778e0454217e9c9caac4a3cf8e15c7231ee3ddee4d", + "https://bcr.bazel.build/modules/bazel_features/1.18.0/MODULE.bazel": "1be0ae2557ab3a72a57aeb31b29be347bcdc5d2b1eb1e70f39e3851a7e97041a", + "https://bcr.bazel.build/modules/bazel_features/1.19.0/MODULE.bazel": "59adcdf28230d220f0067b1f435b8537dd033bfff8db21335ef9217919c7fb58", + "https://bcr.bazel.build/modules/bazel_features/1.19.0/source.json": "d7bf14517c1b25b9d9c580b0f8795fceeae08a7590f507b76aace528e941375d", "https://bcr.bazel.build/modules/bazel_features/1.4.1/MODULE.bazel": "e45b6bb2350aff3e442ae1111c555e27eac1d915e77775f6fdc4b351b758b5d7", "https://bcr.bazel.build/modules/bazel_features/1.9.1/MODULE.bazel": "8f679097876a9b609ad1f60249c49d68bfab783dd9be012faf9d82547b14815a", "https://bcr.bazel.build/modules/bazel_skylib/1.0.3/MODULE.bazel": "bcb0fd896384802d1ad283b4e4eb4d718eebd8cb820b0a2c3a347fb971afd9d8", + "https://bcr.bazel.build/modules/bazel_skylib/1.1.1/MODULE.bazel": "1add3e7d93ff2e6998f9e118022c84d163917d912f5afafb3058e3d2f1545b5e", "https://bcr.bazel.build/modules/bazel_skylib/1.2.0/MODULE.bazel": "44fe84260e454ed94ad326352a698422dbe372b21a1ac9f3eab76eb531223686", "https://bcr.bazel.build/modules/bazel_skylib/1.2.1/MODULE.bazel": "f35baf9da0efe45fa3da1696ae906eea3d615ad41e2e3def4aeb4e8bc0ef9a7a", "https://bcr.bazel.build/modules/bazel_skylib/1.3.0/MODULE.bazel": "20228b92868bf5cfc41bda7afc8a8ba2a543201851de39d990ec957b513579c5", @@ -25,6 +33,7 @@ "https://bcr.bazel.build/modules/bazel_skylib/1.4.2/MODULE.bazel": "3bd40978e7a1fac911d5989e6b09d8f64921865a45822d8b09e815eaa726a651", "https://bcr.bazel.build/modules/bazel_skylib/1.5.0/MODULE.bazel": "32880f5e2945ce6a03d1fbd588e9198c0a959bb42297b2cfaf1685b7bc32e138", "https://bcr.bazel.build/modules/bazel_skylib/1.6.1/MODULE.bazel": "8fdee2dbaace6c252131c00e1de4b165dc65af02ea278476187765e1a617b917", + "https://bcr.bazel.build/modules/bazel_skylib/1.7.0/MODULE.bazel": "0db596f4563de7938de764cc8deeabec291f55e8ec15299718b93c4423e9796d", "https://bcr.bazel.build/modules/bazel_skylib/1.7.1/MODULE.bazel": "3120d80c5861aa616222ec015332e5f8d3171e062e3e804a2a0253e1be26e59b", "https://bcr.bazel.build/modules/bazel_skylib/1.7.1/source.json": "f121b43eeefc7c29efbd51b83d08631e2347297c95aac9764a701f2a6a2bb953", "https://bcr.bazel.build/modules/buildifier_prebuilt/6.4.0/MODULE.bazel": "37389c6b5a40c59410b4226d3bb54b08637f393d66e2fa57925c6fcf68e64bf4", @@ -37,13 +46,16 @@ "https://bcr.bazel.build/modules/gazelle/0.36.0/MODULE.bazel": "e375d5d6e9a6ca59b0cb38b0540bc9a05b6aa926d322f2de268ad267a2ee74c0", "https://bcr.bazel.build/modules/gazelle/0.39.1/MODULE.bazel": "1fa3fefad240e535066fd0e6950dfccd627d36dc699ee0034645e51dbde3980f", "https://bcr.bazel.build/modules/gazelle/0.39.1/source.json": "f2facfa8c8c9a4d2ebf613754023054c2eb793b88675082216c6be0419eb20a1", + "https://bcr.bazel.build/modules/google_benchmark/1.8.2/MODULE.bazel": "a70cf1bba851000ba93b58ae2f6d76490a9feb74192e57ab8e8ff13c34ec50cb", "https://bcr.bazel.build/modules/googletest/1.11.0/MODULE.bazel": "3a83f095183f66345ca86aa13c58b59f9f94a2f81999c093d4eeaa2d262d12f4", + "https://bcr.bazel.build/modules/googletest/1.14.0.bcr.1/MODULE.bazel": "22c31a561553727960057361aa33bf20fb2e98584bc4fec007906e27053f80c6", + "https://bcr.bazel.build/modules/googletest/1.14.0.bcr.1/source.json": "41e9e129f80d8c8bf103a7acc337b76e54fad1214ac0a7084bf24f4cd924b8b4", "https://bcr.bazel.build/modules/googletest/1.14.0/MODULE.bazel": "cfbcbf3e6eac06ef9d85900f64424708cc08687d1b527f0ef65aa7517af8118f", - "https://bcr.bazel.build/modules/googletest/1.14.0/source.json": "2478949479000fdd7de9a3d0107ba2c85bb5f961c3ecb1aa448f52549ce310b5", "https://bcr.bazel.build/modules/hermetic_cc_toolchain/3.1.1/MODULE.bazel": "164331a6e73093376a19eaa1eae45a94aad3245e9e79d8f31237f4a8eb6c1c41", "https://bcr.bazel.build/modules/hermetic_cc_toolchain/3.1.1/source.json": "a2f67694b91ae575e2715fa2c5745c8c9879e7132852ef45c05b4e25a0d3b423", "https://bcr.bazel.build/modules/jsoncpp/1.9.5/MODULE.bazel": "31271aedc59e815656f5736f282bb7509a97c7ecb43e927ac1a37966e0578075", "https://bcr.bazel.build/modules/jsoncpp/1.9.5/source.json": "4108ee5085dd2885a341c7fab149429db457b3169b86eb081fa245eadf69169d", + "https://bcr.bazel.build/modules/libpfm/4.11.0/MODULE.bazel": "45061ff025b301940f1e30d2c16bea596c25b176c8b6b3087e92615adbd52902", "https://bcr.bazel.build/modules/platforms/0.0.10/MODULE.bazel": "8cb8efaf200bdeb2150d93e162c40f388529a25852b332cec879373771e48ed5", "https://bcr.bazel.build/modules/platforms/0.0.10/source.json": "f22828ff4cf021a6b577f1bf6341cb9dcd7965092a439f64fc1bb3b7a5ae4bd5", "https://bcr.bazel.build/modules/platforms/0.0.4/MODULE.bazel": "9b328e31ee156f53f3c416a64f8491f7eb731742655a47c9eec4703a71644aee", @@ -53,20 +65,33 @@ "https://bcr.bazel.build/modules/platforms/0.0.8/MODULE.bazel": "9f142c03e348f6d263719f5074b21ef3adf0b139ee4c5133e2aa35664da9eb2d", "https://bcr.bazel.build/modules/platforms/0.0.9/MODULE.bazel": "4a87a60c927b56ddd67db50c89acaa62f4ce2a1d2149ccb63ffd871d5ce29ebc", "https://bcr.bazel.build/modules/protobuf/21.7/MODULE.bazel": "a5a29bb89544f9b97edce05642fac225a808b5b7be74038ea3640fae2f8e66a7", - "https://bcr.bazel.build/modules/protobuf/23.1/MODULE.bazel": "88b393b3eb4101d18129e5db51847cd40a5517a53e81216144a8c32dfeeca52a", - "https://bcr.bazel.build/modules/protobuf/24.4/MODULE.bazel": "7bc7ce5f2abf36b3b7b7c8218d3acdebb9426aeb35c2257c96445756f970eb12", "https://bcr.bazel.build/modules/protobuf/27.0/MODULE.bazel": "7873b60be88844a0a1d8f80b9d5d20cfbd8495a689b8763e76c6372998d3f64c", - "https://bcr.bazel.build/modules/protobuf/27.0/source.json": "1acf3d080c728d42f423fde5422fd0a1a24f44c15908124ce12363a253384193", + "https://bcr.bazel.build/modules/protobuf/27.1/MODULE.bazel": "703a7b614728bb06647f965264967a8ef1c39e09e8f167b3ca0bb1fd80449c0d", + "https://bcr.bazel.build/modules/protobuf/29.0-rc2/MODULE.bazel": "6241d35983510143049943fc0d57937937122baf1b287862f9dc8590fc4c37df", + "https://bcr.bazel.build/modules/protobuf/29.0-rc2/source.json": "52101bfd37e38f0d159dee47b71ccbd1f22f7a32192cef5ef2533bb6212f410f", "https://bcr.bazel.build/modules/protobuf/3.19.0/MODULE.bazel": "6b5fbb433f760a99a22b18b6850ed5784ef0e9928a72668b66e4d7ccd47db9b0", "https://bcr.bazel.build/modules/protobuf/3.19.2/MODULE.bazel": "532ffe5f2186b69fdde039efe6df13ba726ff338c6bc82275ad433013fa10573", "https://bcr.bazel.build/modules/protobuf/3.19.6/MODULE.bazel": "9233edc5e1f2ee276a60de3eaa47ac4132302ef9643238f23128fea53ea12858", + "https://bcr.bazel.build/modules/pybind11_bazel/2.11.1/MODULE.bazel": "88af1c246226d87e65be78ed49ecd1e6f5e98648558c14ce99176da041dc378e", + "https://bcr.bazel.build/modules/pybind11_bazel/2.11.1/source.json": "be4789e951dd5301282729fe3d4938995dc4c1a81c2ff150afc9f1b0504c6022", + "https://bcr.bazel.build/modules/re2/2023-09-01/MODULE.bazel": "cb3d511531b16cfc78a225a9e2136007a48cf8a677e4264baeab57fe78a80206", + "https://bcr.bazel.build/modules/re2/2023-09-01/source.json": "e044ce89c2883cd957a2969a43e79f7752f9656f6b20050b62f90ede21ec6eb4", + "https://bcr.bazel.build/modules/rules_android/0.1.1/MODULE.bazel": "48809ab0091b07ad0182defb787c4c5328bd3a278938415c00a7b69b50c4d3a8", + "https://bcr.bazel.build/modules/rules_android/0.1.1/source.json": "e6986b41626ee10bdc864937ffb6d6bf275bb5b9c65120e6137d56e6331f089e", "https://bcr.bazel.build/modules/rules_cc/0.0.1/MODULE.bazel": "cb2aa0747f84c6c3a78dad4e2049c154f08ab9d166b1273835a8174940365647", + "https://bcr.bazel.build/modules/rules_cc/0.0.10/MODULE.bazel": "ec1705118f7eaedd6e118508d3d26deba2a4e76476ada7e0e3965211be012002", "https://bcr.bazel.build/modules/rules_cc/0.0.13/MODULE.bazel": "0e8529ed7b323dad0775ff924d2ae5af7640b23553dfcd4d34344c7e7a867191", - "https://bcr.bazel.build/modules/rules_cc/0.0.13/source.json": "506daed7caa38451517166af246c11650b21a7244c2b79f2cd43a27fae792a06", + "https://bcr.bazel.build/modules/rules_cc/0.0.14/MODULE.bazel": "5e343a3aac88b8d7af3b1b6d2093b55c347b8eefc2e7d1442f7a02dc8fea48ac", + "https://bcr.bazel.build/modules/rules_cc/0.0.15/MODULE.bazel": "6704c35f7b4a72502ee81f61bf88706b54f06b3cbe5558ac17e2e14666cd5dcc", "https://bcr.bazel.build/modules/rules_cc/0.0.2/MODULE.bazel": "6915987c90970493ab97393024c156ea8fb9f3bea953b2f3ec05c34f19b5695c", "https://bcr.bazel.build/modules/rules_cc/0.0.6/MODULE.bazel": "abf360251023dfe3efcef65ab9d56beefa8394d4176dd29529750e1c57eaa33f", "https://bcr.bazel.build/modules/rules_cc/0.0.8/MODULE.bazel": "964c85c82cfeb6f3855e6a07054fdb159aced38e99a5eecf7bce9d53990afa3e", "https://bcr.bazel.build/modules/rules_cc/0.0.9/MODULE.bazel": "836e76439f354b89afe6a911a7adf59a6b2518fafb174483ad78a2a2fde7b1c5", + "https://bcr.bazel.build/modules/rules_cc/0.1.0/MODULE.bazel": "2fef03775b9ba995ec543868840041cc69e8bc705eb0cb6604a36eee18c87d8b", + "https://bcr.bazel.build/modules/rules_cc/0.1.0/source.json": "8a4e832d75e073ab56c74dd77008cf7a81e107dec4544019eb1eefc1320d55be", + "https://bcr.bazel.build/modules/rules_foreign_cc/0.9.0/MODULE.bazel": "c9e8c682bf75b0e7c704166d79b599f93b72cfca5ad7477df596947891feeef6", + "https://bcr.bazel.build/modules/rules_fuzzing/0.5.2/MODULE.bazel": "40c97d1144356f52905566c55811f13b299453a14ac7769dfba2ac38192337a8", + "https://bcr.bazel.build/modules/rules_fuzzing/0.5.2/source.json": "c8b1e2c717646f1702290959a3302a178fb639d987ab61d548105019f11e527e", "https://bcr.bazel.build/modules/rules_go/0.41.0/MODULE.bazel": "55861d8e8bb0e62cbd2896f60ff303f62ffcb0eddb74ecb0e5c0cbe36fc292c8", "https://bcr.bazel.build/modules/rules_go/0.42.0/MODULE.bazel": "8cfa875b9aa8c6fce2b2e5925e73c1388173ea3c32a0db4d2b4804b453c14270", "https://bcr.bazel.build/modules/rules_go/0.46.0/MODULE.bazel": "3477df8bdcc49e698b9d25f734c4f3a9f5931ff34ee48a2c662be168f5f2d3fd", @@ -74,44 +99,67 @@ "https://bcr.bazel.build/modules/rules_go/0.50.1/source.json": "205765fd30216c70321f84c9a967267684bdc74350af3f3c46c857d9f80a4fa2", "https://bcr.bazel.build/modules/rules_java/4.0.0/MODULE.bazel": "5a78a7ae82cd1a33cef56dc578c7d2a46ed0dca12643ee45edbb8417899e6f74", "https://bcr.bazel.build/modules/rules_java/5.3.5/MODULE.bazel": "a4ec4f2db570171e3e5eb753276ee4b389bae16b96207e9d3230895c99644b86", + "https://bcr.bazel.build/modules/rules_java/6.0.0/MODULE.bazel": "8a43b7df601a7ec1af61d79345c17b31ea1fedc6711fd4abfd013ea612978e39", "https://bcr.bazel.build/modules/rules_java/6.3.0/MODULE.bazel": "a97c7678c19f236a956ad260d59c86e10a463badb7eb2eda787490f4c969b963", - "https://bcr.bazel.build/modules/rules_java/7.1.0/MODULE.bazel": "30d9135a2b6561c761bd67bd4990da591e6bdc128790ce3e7afd6a3558b2fb64", + "https://bcr.bazel.build/modules/rules_java/6.4.0/MODULE.bazel": "e986a9fe25aeaa84ac17ca093ef13a4637f6107375f64667a15999f77db6c8f6", + "https://bcr.bazel.build/modules/rules_java/6.5.2/MODULE.bazel": "1d440d262d0e08453fa0c4d8f699ba81609ed0e9a9a0f02cd10b3e7942e61e31", + "https://bcr.bazel.build/modules/rules_java/7.10.0/MODULE.bazel": "530c3beb3067e870561739f1144329a21c851ff771cd752a49e06e3dc9c2e71a", + "https://bcr.bazel.build/modules/rules_java/7.12.2/MODULE.bazel": "579c505165ee757a4280ef83cda0150eea193eed3bef50b1004ba88b99da6de6", + "https://bcr.bazel.build/modules/rules_java/7.12.2/source.json": "b0890f9cda8ff1b8e691a3ac6037b5c14b7fd4134765a3946b89f31ea02e5884", + "https://bcr.bazel.build/modules/rules_java/7.2.0/MODULE.bazel": "06c0334c9be61e6cef2c8c84a7800cef502063269a5af25ceb100b192453d4ab", + "https://bcr.bazel.build/modules/rules_java/7.3.2/MODULE.bazel": "50dece891cfdf1741ea230d001aa9c14398062f2b7c066470accace78e412bc2", + "https://bcr.bazel.build/modules/rules_java/7.6.1/MODULE.bazel": "2f14b7e8a1aa2f67ae92bc69d1ec0fa8d9f827c4e17ff5e5f02e91caa3b2d0fe", "https://bcr.bazel.build/modules/rules_java/7.6.5/MODULE.bazel": "481164be5e02e4cab6e77a36927683263be56b7e36fef918b458d7a8a1ebadb1", - "https://bcr.bazel.build/modules/rules_java/7.6.5/source.json": "a805b889531d1690e3c72a7a7e47a870d00323186a9904b36af83aa3d053ee8d", "https://bcr.bazel.build/modules/rules_jvm_external/4.4.2/MODULE.bazel": "a56b85e418c83eb1839819f0b515c431010160383306d13ec21959ac412d2fe7", "https://bcr.bazel.build/modules/rules_jvm_external/5.1/MODULE.bazel": "33f6f999e03183f7d088c9be518a63467dfd0be94a11d0055fe2d210f89aa909", "https://bcr.bazel.build/modules/rules_jvm_external/5.2/MODULE.bazel": "d9351ba35217ad0de03816ef3ed63f89d411349353077348a45348b096615036", - "https://bcr.bazel.build/modules/rules_jvm_external/5.2/source.json": "10572111995bc349ce31c78f74b3c147f6b3233975c7fa5eff9211f6db0d34d9", + "https://bcr.bazel.build/modules/rules_jvm_external/5.3/MODULE.bazel": "bf93870767689637164657731849fb887ad086739bd5d360d90007a581d5527d", + "https://bcr.bazel.build/modules/rules_jvm_external/6.1/MODULE.bazel": "75b5fec090dbd46cf9b7d8ea08cf84a0472d92ba3585b476f44c326eda8059c4", + "https://bcr.bazel.build/modules/rules_jvm_external/6.3/MODULE.bazel": "c998e060b85f71e00de5ec552019347c8bca255062c990ac02d051bb80a38df0", + "https://bcr.bazel.build/modules/rules_jvm_external/6.3/source.json": "6f5f5a5a4419ae4e37c35a5bb0a6ae657ed40b7abc5a5189111b47fcebe43197", + "https://bcr.bazel.build/modules/rules_kotlin/1.9.0/MODULE.bazel": "ef85697305025e5a61f395d4eaede272a5393cee479ace6686dba707de804d59", + "https://bcr.bazel.build/modules/rules_kotlin/1.9.6/MODULE.bazel": "d269a01a18ee74d0335450b10f62c9ed81f2321d7958a2934e44272fe82dcef3", + "https://bcr.bazel.build/modules/rules_kotlin/1.9.6/source.json": "2faa4794364282db7c06600b7e5e34867a564ae91bda7cae7c29c64e9466b7d5", "https://bcr.bazel.build/modules/rules_license/0.0.3/MODULE.bazel": "627e9ab0247f7d1e05736b59dbb1b6871373de5ad31c3011880b4133cafd4bd0", "https://bcr.bazel.build/modules/rules_license/0.0.4/MODULE.bazel": "6a88dd22800cf1f9f79ba32cacad0d3a423ed28efa2c2ed5582eaa78dd3ac1e5", "https://bcr.bazel.build/modules/rules_license/0.0.7/MODULE.bazel": "088fbeb0b6a419005b89cf93fe62d9517c0a2b8bb56af3244af65ecfe37e7d5d", "https://bcr.bazel.build/modules/rules_license/1.0.0/MODULE.bazel": "a7fda60eefdf3d8c827262ba499957e4df06f659330bbe6cdbdb975b768bb65c", "https://bcr.bazel.build/modules/rules_license/1.0.0/source.json": "a52c89e54cc311196e478f8382df91c15f7a2bfdf4c6cd0e2675cc2ff0b56efb", "https://bcr.bazel.build/modules/rules_pkg/0.10.1/MODULE.bazel": "d6e593e048db5f1028f1f05ceb64b123aa6f1c2d43cba049c036443ab2cc2044", - "https://bcr.bazel.build/modules/rules_pkg/0.10.1/source.json": "a3550442d1530f00fd2a51036250db1891c8fedfd85991c65a0bd0f6daefe0a3", "https://bcr.bazel.build/modules/rules_pkg/0.7.0/MODULE.bazel": "df99f03fc7934a4737122518bb87e667e62d780b610910f0447665a7e2be62dc", + "https://bcr.bazel.build/modules/rules_pkg/1.0.1/MODULE.bazel": "5b1df97dbc29623bccdf2b0dcd0f5cb08e2f2c9050aab1092fd39a41e82686ff", + "https://bcr.bazel.build/modules/rules_pkg/1.0.1/source.json": "bd82e5d7b9ce2d31e380dd9f50c111d678c3bdaca190cb76b0e1c71b05e1ba8a", "https://bcr.bazel.build/modules/rules_proto/4.0.0/MODULE.bazel": "a7a7b6ce9bee418c1a760b3d84f83a299ad6952f9903c67f19e4edd964894e06", "https://bcr.bazel.build/modules/rules_proto/5.3.0-21.7/MODULE.bazel": "e8dff86b0971688790ae75528fe1813f71809b5afd57facb44dad9e8eca631b7", - "https://bcr.bazel.build/modules/rules_proto/6.0.0-rc1/MODULE.bazel": "1e5b502e2e1a9e825eef74476a5a1ee524a92297085015a052510b09a1a09483", "https://bcr.bazel.build/modules/rules_proto/6.0.0/MODULE.bazel": "b531d7f09f58dce456cd61b4579ce8c86b38544da75184eadaf0a7cb7966453f", "https://bcr.bazel.build/modules/rules_proto/6.0.2/MODULE.bazel": "ce916b775a62b90b61888052a416ccdda405212b6aaeb39522f7dc53431a5e73", - "https://bcr.bazel.build/modules/rules_proto/6.0.2/source.json": "17a2e195f56cb28d6bbf763e49973d13890487c6945311ed141e196fb660426d", + "https://bcr.bazel.build/modules/rules_proto/7.0.2/MODULE.bazel": "bf81793bd6d2ad89a37a40693e56c61b0ee30f7a7fdbaf3eabbf5f39de47dea2", + "https://bcr.bazel.build/modules/rules_proto/7.0.2/source.json": "1e5e7260ae32ef4f2b52fd1d0de8d03b606a44c91b694d2f1afb1d3b28a48ce1", "https://bcr.bazel.build/modules/rules_python/0.10.2/MODULE.bazel": "cc82bc96f2997baa545ab3ce73f196d040ffb8756fd2d66125a530031cd90e5f", "https://bcr.bazel.build/modules/rules_python/0.22.1/MODULE.bazel": "26114f0c0b5e93018c0c066d6673f1a2c3737c7e90af95eff30cfee38d0bbac7", + "https://bcr.bazel.build/modules/rules_python/0.23.1/MODULE.bazel": "49ffccf0511cb8414de28321f5fcf2a31312b47c40cc21577144b7447f2bf300", "https://bcr.bazel.build/modules/rules_python/0.24.0/MODULE.bazel": "4bff7f583653d0762cda21303da0643cc4c545ddfd9593337f18dad8d1787801", - "https://bcr.bazel.build/modules/rules_python/0.36.0/MODULE.bazel": "a4ce1ccea92b9106c7d16ab9ee51c6183107e78ba4a37aa65055227b80cd480c", - "https://bcr.bazel.build/modules/rules_python/0.36.0/source.json": "b79cbb7b2ae1751949e2f6ee6692822e4ffd13ca1e959ce99abec4ac7666162a", + "https://bcr.bazel.build/modules/rules_python/0.25.0/MODULE.bazel": "72f1506841c920a1afec76975b35312410eea3aa7b63267436bfb1dd91d2d382", + "https://bcr.bazel.build/modules/rules_python/0.28.0/MODULE.bazel": "cba2573d870babc976664a912539b320cbaa7114cd3e8f053c720171cde331ed", + "https://bcr.bazel.build/modules/rules_python/0.31.0/MODULE.bazel": "93a43dc47ee570e6ec9f5779b2e64c1476a6ce921c48cc9a1678a91dd5f8fd58", "https://bcr.bazel.build/modules/rules_python/0.4.0/MODULE.bazel": "9208ee05fd48bf09ac60ed269791cf17fb343db56c8226a720fbb1cdf467166c", + "https://bcr.bazel.build/modules/rules_python/0.40.0/MODULE.bazel": "9d1a3cd88ed7d8e39583d9ffe56ae8a244f67783ae89b60caafc9f5cf318ada7", + "https://bcr.bazel.build/modules/rules_python/0.40.0/source.json": "939d4bd2e3110f27bfb360292986bb79fd8dcefb874358ccd6cdaa7bda029320", + "https://bcr.bazel.build/modules/rules_shell/0.2.0/MODULE.bazel": "fda8a652ab3c7d8fee214de05e7a9916d8b28082234e8d2c0094505c5268ed3c", + "https://bcr.bazel.build/modules/rules_shell/0.2.0/source.json": "7f27af3c28037d9701487c4744b5448d26537cc66cdef0d8df7ae85411f8de95", "https://bcr.bazel.build/modules/stardoc/0.5.1/MODULE.bazel": "1a05d92974d0c122f5ccf09291442580317cdd859f07a8655f1db9a60374f9f8", "https://bcr.bazel.build/modules/stardoc/0.5.3/MODULE.bazel": "c7f6948dae6999bf0db32c1858ae345f112cacf98f174c7a8bb707e41b974f1c", + "https://bcr.bazel.build/modules/stardoc/0.5.6/MODULE.bazel": "c43dabc564990eeab55e25ed61c07a1aadafe9ece96a4efabb3f8bf9063b71ef", "https://bcr.bazel.build/modules/stardoc/0.6.2/MODULE.bazel": "7060193196395f5dd668eda046ccbeacebfd98efc77fed418dbe2b82ffaa39fd", - "https://bcr.bazel.build/modules/stardoc/0.6.2/source.json": "d2ff8063b63b4a85e65fe595c4290f99717434fa9f95b4748a79a7d04dfed349", + "https://bcr.bazel.build/modules/stardoc/0.7.0/MODULE.bazel": "05e3d6d30c099b6770e97da986c53bd31844d7f13d41412480ea265ac9e8079c", + "https://bcr.bazel.build/modules/stardoc/0.7.1/MODULE.bazel": "3548faea4ee5dda5580f9af150e79d0f6aea934fc60c1cc50f4efdd9420759e7", + "https://bcr.bazel.build/modules/stardoc/0.7.1/source.json": "b6500ffcd7b48cd72c29bb67bcac781e12701cc0d6d55d266a652583cfcdab01", "https://bcr.bazel.build/modules/upb/0.0.0-20220923-a547704/MODULE.bazel": "7298990c00040a0e2f121f6c32544bab27d4452f80d9ce51349b1a28f3005c43", - "https://bcr.bazel.build/modules/upb/0.0.0-20230516-61a97ef/MODULE.bazel": "c0df5e35ad55e264160417fd0875932ee3c9dda63d9fccace35ac62f45e1b6f9", "https://bcr.bazel.build/modules/zlib/1.2.11/MODULE.bazel": "07b389abc85fdbca459b69e2ec656ae5622873af3f845e1c9d80fe179f3effa0", "https://bcr.bazel.build/modules/zlib/1.2.12/MODULE.bazel": "3b1a8834ada2a883674be8cbd36ede1b6ec481477ada359cd2d3ddc562340b27", "https://bcr.bazel.build/modules/zlib/1.3.1.bcr.3/MODULE.bazel": "af322bc08976524477c79d1e45e241b6efbeb918c497e8840b8ab116802dda79", - "https://bcr.bazel.build/modules/zlib/1.3.1.bcr.3/source.json": "2be409ac3c7601245958cd4fcdff4288be79ed23bd690b4b951f500d54ee6e7d" + "https://bcr.bazel.build/modules/zlib/1.3.1.bcr.3/source.json": "2be409ac3c7601245958cd4fcdff4288be79ed23bd690b4b951f500d54ee6e7d", + "https://bcr.bazel.build/modules/zlib/1.3.1/MODULE.bazel": "751c9940dcfe869f5f7274e1295422a34623555916eb98c174c1e945594bf198" }, "selectedYankedVersions": {}, "moduleExtensions": { @@ -145,8 +193,8 @@ }, "@@aspect_bazel_lib~//lib:extensions.bzl%toolchains": { "general": { - "bzlTransitiveDigest": "RDy5XYaNwkIyk1DrM5ylA69W9bs5KbJgL3YINTvNEqw=", - "usagesDigest": "3pgyyEFXXevadO8ODuvRxYyr9DCa8jVUBgMS6f73zT8=", + "bzlTransitiveDigest": "NQSsfq2SQcHqmSrdUz3fctBGq66C56eokoZzu0MOhBU=", + "usagesDigest": "E1/WNi/RvQIo2JMDoqkXAe3ImUnQhegOYDC/dY2DVAk=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, @@ -812,7 +860,7 @@ "@@platforms//host:extension.bzl%host_platform": { "general": { "bzlTransitiveDigest": "xelQcPZH8+tmuOHVjL9vDxMnnQNMlwj0SlvgoqBkm4U=", - "usagesDigest": "gJ5BpdWtcbLGOk01ZKU6pLob6Z7PoMIKs82Cm9GMT7g=", + "usagesDigest": "oS5QVdWCSAWner9adrekJ2fs1FPUng+yVuoJb9mq6e4=", "recordedFileInputs": {}, "recordedDirentsInputs": {}, "envVariables": {}, @@ -826,1196 +874,196 @@ "recordedRepoMappingEntries": [] } }, - "@@rules_jvm_external~//:extensions.bzl%maven": { + "@@pybind11_bazel~//:python_configure.bzl%extension": { "general": { - "bzlTransitiveDigest": "U98JuBYMWVrcyiXT1L6KAYSAA0chnjRZZloIUmNmZ7M=", - "usagesDigest": "AtWpXm51d7cXvW2iuAfrJZ7uNbI4zX/8xGlkWoAERC4=", + "bzlTransitiveDigest": "3LPSHhLo7VQLO+x5c48KQmJdPDwEMqMdeng5XVAZm4Y=", + "usagesDigest": "e/EIZlWEpIWcNL1dkob+QepsV4rx7UmnvodvXa76ycY=", "recordedFileInputs": { - "@@stardoc~//maven_install.json": "de0bfa778b4ed6aebb77509362dd87ab8d20fc7c7c18d2a7429cdfee03949a21", - "@@rules_jvm_external~//rules_jvm_external_deps_install.json": "3ab1f67b0de4815df110bc72ccd6c77882b3b21d3d1e0a84445847b6ce3235a3" + "@@pybind11_bazel~//MODULE.bazel": "88af1c246226d87e65be78ed49ecd1e6f5e98648558c14ce99176da041dc378e" }, "recordedDirentsInputs": {}, "envVariables": {}, "generatedRepoSpecs": { - "org_slf4j_slf4j_api_1_7_30": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "cdba07964d1bb40a0761485c6b1e8c2f8fd9eb1d19c53928ac0d7f9510105c57", - "urls": [ - "https://repo1.maven.org/maven2/org/slf4j/slf4j-api/1.7.30/slf4j-api-1.7.30.jar", - "https://maven.google.com/org/slf4j/slf4j-api/1.7.30/slf4j-api-1.7.30.jar" - ], - "downloaded_file_path": "org/slf4j/slf4j-api/1.7.30/slf4j-api-1.7.30.jar" - } + "local_config_python": { + "bzlFile": "@@pybind11_bazel~//:python_configure.bzl", + "ruleClassName": "python_configure", + "attributes": {} }, - "com_google_api_grpc_proto_google_common_protos_2_0_1": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "5ce71656118618731e34a5d4c61aa3a031be23446dc7de8b5a5e77b66ebcd6ef", - "urls": [ - "https://repo1.maven.org/maven2/com/google/api/grpc/proto-google-common-protos/2.0.1/proto-google-common-protos-2.0.1.jar", - "https://maven.google.com/com/google/api/grpc/proto-google-common-protos/2.0.1/proto-google-common-protos-2.0.1.jar" - ], - "downloaded_file_path": "com/google/api/grpc/proto-google-common-protos/2.0.1/proto-google-common-protos-2.0.1.jar" - } - }, - "com_google_api_gax_1_60_0": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "02f37d4ff1a7b8d71dff8064cf9568aa4f4b61bcc4485085d16130f32afa5a79", - "urls": [ - "https://repo1.maven.org/maven2/com/google/api/gax/1.60.0/gax-1.60.0.jar", - "https://maven.google.com/com/google/api/gax/1.60.0/gax-1.60.0.jar" - ], - "downloaded_file_path": "com/google/api/gax/1.60.0/gax-1.60.0.jar" - } - }, - "com_google_guava_failureaccess_1_0_1": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "a171ee4c734dd2da837e4b16be9df4661afab72a41adaf31eb84dfdaf936ca26", - "urls": [ - "https://repo1.maven.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar" - ], - "downloaded_file_path": "com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar" - } - }, - "commons_logging_commons_logging_1_2": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636", - "urls": [ - "https://repo1.maven.org/maven2/commons-logging/commons-logging/1.2/commons-logging-1.2.jar", - "https://maven.google.com/commons-logging/commons-logging/1.2/commons-logging-1.2.jar" - ], - "downloaded_file_path": "commons-logging/commons-logging/1.2/commons-logging-1.2.jar" - } - }, - "com_google_http_client_google_http_client_appengine_1_38_0": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "f97b495fd97ac3a3d59099eb2b55025f4948230da15a076f189b9cff37c6b4d2", - "urls": [ - "https://repo1.maven.org/maven2/com/google/http-client/google-http-client-appengine/1.38.0/google-http-client-appengine-1.38.0.jar", - "https://maven.google.com/com/google/http-client/google-http-client-appengine/1.38.0/google-http-client-appengine-1.38.0.jar" - ], - "downloaded_file_path": "com/google/http-client/google-http-client-appengine/1.38.0/google-http-client-appengine-1.38.0.jar" - } - }, - "com_google_cloud_google_cloud_storage_1_113_4": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "796833e9bdab80c40bbc820e65087eb8f28c6bfbca194d2e3e00d98cb5bc55d6", - "urls": [ - "https://repo1.maven.org/maven2/com/google/cloud/google-cloud-storage/1.113.4/google-cloud-storage-1.113.4.jar", - "https://maven.google.com/com/google/cloud/google-cloud-storage/1.113.4/google-cloud-storage-1.113.4.jar" - ], - "downloaded_file_path": "com/google/cloud/google-cloud-storage/1.113.4/google-cloud-storage-1.113.4.jar" - } - }, - "unpinned_stardoc_maven": { - "bzlFile": "@@rules_jvm_external~//:coursier.bzl", - "ruleClassName": "coursier_fetch", - "attributes": { - "repositories": [ - "{ \"repo_url\": \"https://repo1.maven.org/maven2\" }" - ], - "artifacts": [ - "{ \"group\": \"com.beust\", \"artifact\": \"jcommander\", \"version\": \"1.82\" }", - "{ \"group\": \"com.google.escapevelocity\", \"artifact\": \"escapevelocity\", \"version\": \"1.1\" }", - "{ \"group\": \"com.google.guava\", \"artifact\": \"guava\", \"version\": \"31.1-jre\" }", - "{ \"group\": \"com.google.truth\", \"artifact\": \"truth\", \"version\": \"1.1.3\" }", - "{ \"group\": \"junit\", \"artifact\": \"junit\", \"version\": \"4.13.2\" }" - ], - "fail_on_missing_checksum": true, - "fetch_sources": true, - "fetch_javadoc": false, - "excluded_artifacts": [], - "generate_compat_repositories": false, - "version_conflict_policy": "default", - "override_targets": {}, - "strict_visibility": true, - "strict_visibility_value": [ - "@@//visibility:private" - ], - "maven_install_json": "@@stardoc~//:maven_install.json", - "resolve_timeout": 600, - "jetify": false, - "jetify_include_list": [ - "*" - ], - "use_starlark_android_rules": false, - "aar_import_bzl_label": "@build_bazel_rules_android//android:rules.bzl", - "duplicate_version_warning": "warn" - } - }, - "io_grpc_grpc_context_1_33_1": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "99b8aea2b614fe0e61c3676e681259dc43c2de7f64620998e1a8435eb2976496", - "urls": [ - "https://repo1.maven.org/maven2/io/grpc/grpc-context/1.33.1/grpc-context-1.33.1.jar", - "https://maven.google.com/io/grpc/grpc-context/1.33.1/grpc-context-1.33.1.jar" - ], - "downloaded_file_path": "io/grpc/grpc-context/1.33.1/grpc-context-1.33.1.jar" - } - }, - "com_google_api_grpc_proto_google_iam_v1_1_0_3": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "64cee7383a97e846da8d8e160e6c8fe30561e507260552c59e6ccfc81301fdc8", - "urls": [ - "https://repo1.maven.org/maven2/com/google/api/grpc/proto-google-iam-v1/1.0.3/proto-google-iam-v1-1.0.3.jar", - "https://maven.google.com/com/google/api/grpc/proto-google-iam-v1/1.0.3/proto-google-iam-v1-1.0.3.jar" - ], - "downloaded_file_path": "com/google/api/grpc/proto-google-iam-v1/1.0.3/proto-google-iam-v1-1.0.3.jar" - } - }, - "com_google_api_api_common_1_10_1": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "2a033f24bb620383eda440ad307cb8077cfec1c7eadc684d65216123a1b9613a", - "urls": [ - "https://repo1.maven.org/maven2/com/google/api/api-common/1.10.1/api-common-1.10.1.jar", - "https://maven.google.com/com/google/api/api-common/1.10.1/api-common-1.10.1.jar" - ], - "downloaded_file_path": "com/google/api/api-common/1.10.1/api-common-1.10.1.jar" - } - }, - "com_google_auth_google_auth_library_oauth2_http_0_22_0": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "1722d895c42dc42ea1d1f392ddbec1fbb28f7a979022c3a6c29acc39cc777ad1", - "urls": [ - "https://repo1.maven.org/maven2/com/google/auth/google-auth-library-oauth2-http/0.22.0/google-auth-library-oauth2-http-0.22.0.jar", - "https://maven.google.com/com/google/auth/google-auth-library-oauth2-http/0.22.0/google-auth-library-oauth2-http-0.22.0.jar" - ], - "downloaded_file_path": "com/google/auth/google-auth-library-oauth2-http/0.22.0/google-auth-library-oauth2-http-0.22.0.jar" - } - }, - "com_typesafe_netty_netty_reactive_streams_2_0_5": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "f949849fc8ee75fde468ba3a35df2e04577fa31a2940b83b2a7dc9d14dac13d6", - "urls": [ - "https://repo1.maven.org/maven2/com/typesafe/netty/netty-reactive-streams/2.0.5/netty-reactive-streams-2.0.5.jar", - "https://maven.google.com/com/typesafe/netty/netty-reactive-streams/2.0.5/netty-reactive-streams-2.0.5.jar" - ], - "downloaded_file_path": "com/typesafe/netty/netty-reactive-streams/2.0.5/netty-reactive-streams-2.0.5.jar" - } - }, - "com_typesafe_netty_netty_reactive_streams_http_2_0_5": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "b39224751ad936758176e9d994230380ade5e9079e7c8ad778e3995779bcf303", - "urls": [ - "https://repo1.maven.org/maven2/com/typesafe/netty/netty-reactive-streams-http/2.0.5/netty-reactive-streams-http-2.0.5.jar", - "https://maven.google.com/com/typesafe/netty/netty-reactive-streams-http/2.0.5/netty-reactive-streams-http-2.0.5.jar" - ], - "downloaded_file_path": "com/typesafe/netty/netty-reactive-streams-http/2.0.5/netty-reactive-streams-http-2.0.5.jar" - } - }, - "javax_annotation_javax_annotation_api_1_3_2": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "e04ba5195bcd555dc95650f7cc614d151e4bcd52d29a10b8aa2197f3ab89ab9b", - "urls": [ - "https://repo1.maven.org/maven2/javax/annotation/javax.annotation-api/1.3.2/javax.annotation-api-1.3.2.jar", - "https://maven.google.com/javax/annotation/javax.annotation-api/1.3.2/javax.annotation-api-1.3.2.jar" - ], - "downloaded_file_path": "javax/annotation/javax.annotation-api/1.3.2/javax.annotation-api-1.3.2.jar" - } - }, - "com_google_j2objc_j2objc_annotations_1_3": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "21af30c92267bd6122c0e0b4d20cccb6641a37eaf956c6540ec471d584e64a7b", - "urls": [ - "https://repo1.maven.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar" - ], - "downloaded_file_path": "com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar" - } - }, - "software_amazon_awssdk_metrics_spi_2_17_183": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "08a11dc8c4ba464beafbcc7ac05b8c724c1ccb93da99482e82a68540ac704e4a", - "urls": [ - "https://repo1.maven.org/maven2/software/amazon/awssdk/metrics-spi/2.17.183/metrics-spi-2.17.183.jar", - "https://maven.google.com/software/amazon/awssdk/metrics-spi/2.17.183/metrics-spi-2.17.183.jar" - ], - "downloaded_file_path": "software/amazon/awssdk/metrics-spi/2.17.183/metrics-spi-2.17.183.jar" - } - }, - "com_google_escapevelocity_escapevelocity_1_1": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "37e76e4466836dedb864fb82355cd01c3bd21325ab642d89a0f759291b171231", - "urls": [ - "https://repo1.maven.org/maven2/com/google/escapevelocity/escapevelocity/1.1/escapevelocity-1.1.jar" - ], - "downloaded_file_path": "com/google/escapevelocity/escapevelocity/1.1/escapevelocity-1.1.jar" - } - }, - "org_reactivestreams_reactive_streams_1_0_3": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "1dee0481072d19c929b623e155e14d2f6085dc011529a0a0dbefc84cf571d865", - "urls": [ - "https://repo1.maven.org/maven2/org/reactivestreams/reactive-streams/1.0.3/reactive-streams-1.0.3.jar", - "https://maven.google.com/org/reactivestreams/reactive-streams/1.0.3/reactive-streams-1.0.3.jar" - ], - "downloaded_file_path": "org/reactivestreams/reactive-streams/1.0.3/reactive-streams-1.0.3.jar" - } - }, - "com_google_http_client_google_http_client_jackson2_1_38_0": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "e6504a82425fcc2168a4ca4175138ddcc085168daed8cdedb86d8f6fdc296e1e", - "urls": [ - "https://repo1.maven.org/maven2/com/google/http-client/google-http-client-jackson2/1.38.0/google-http-client-jackson2-1.38.0.jar", - "https://maven.google.com/com/google/http-client/google-http-client-jackson2/1.38.0/google-http-client-jackson2-1.38.0.jar" - ], - "downloaded_file_path": "com/google/http-client/google-http-client-jackson2/1.38.0/google-http-client-jackson2-1.38.0.jar" - } - }, - "io_netty_netty_transport_4_1_72_Final": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "c5fb68e9a65b6e8a516adfcb9fa323479ee7b4d9449d8a529d2ecab3d3711d5a", - "urls": [ - "https://repo1.maven.org/maven2/io/netty/netty-transport/4.1.72.Final/netty-transport-4.1.72.Final.jar", - "https://maven.google.com/io/netty/netty-transport/4.1.72.Final/netty-transport-4.1.72.Final.jar" - ], - "downloaded_file_path": "io/netty/netty-transport/4.1.72.Final/netty-transport-4.1.72.Final.jar" - } - }, - "com_beust_jcommander_1_82": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "deeac157c8de6822878d85d0c7bc8467a19cc8484d37788f7804f039dde280b1", - "urls": [ - "https://repo1.maven.org/maven2/com/beust/jcommander/1.82/jcommander-1.82.jar" - ], - "downloaded_file_path": "com/beust/jcommander/1.82/jcommander-1.82.jar" - } - }, - "io_netty_netty_codec_http2_4_1_72_Final": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "c89a70500f59e8563e720aaa808263a514bd9e2bd91ba84eab8c2ccb45f234b2", - "urls": [ - "https://repo1.maven.org/maven2/io/netty/netty-codec-http2/4.1.72.Final/netty-codec-http2-4.1.72.Final.jar", - "https://maven.google.com/io/netty/netty-codec-http2/4.1.72.Final/netty-codec-http2-4.1.72.Final.jar" - ], - "downloaded_file_path": "io/netty/netty-codec-http2/4.1.72.Final/netty-codec-http2-4.1.72.Final.jar" - } - }, - "io_opencensus_opencensus_api_0_24_0": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "f561b1cc2673844288e596ddf5bb6596868a8472fd2cb8993953fc5c034b2352", - "urls": [ - "https://repo1.maven.org/maven2/io/opencensus/opencensus-api/0.24.0/opencensus-api-0.24.0.jar", - "https://maven.google.com/io/opencensus/opencensus-api/0.24.0/opencensus-api-0.24.0.jar" - ], - "downloaded_file_path": "io/opencensus/opencensus-api/0.24.0/opencensus-api-0.24.0.jar" - } - }, - "rules_jvm_external_deps": { - "bzlFile": "@@rules_jvm_external~//:coursier.bzl", - "ruleClassName": "pinned_coursier_fetch", - "attributes": { - "repositories": [ - "{ \"repo_url\": \"https://repo1.maven.org/maven2\" }" - ], - "artifacts": [ - "{ \"group\": \"com.google.auth\", \"artifact\": \"google-auth-library-credentials\", \"version\": \"0.22.0\" }", - "{ \"group\": \"com.google.auth\", \"artifact\": \"google-auth-library-oauth2-http\", \"version\": \"0.22.0\" }", - "{ \"group\": \"com.google.cloud\", \"artifact\": \"google-cloud-core\", \"version\": \"1.93.10\" }", - "{ \"group\": \"com.google.cloud\", \"artifact\": \"google-cloud-storage\", \"version\": \"1.113.4\" }", - "{ \"group\": \"com.google.code.gson\", \"artifact\": \"gson\", \"version\": \"2.9.0\" }", - "{ \"group\": \"com.google.googlejavaformat\", \"artifact\": \"google-java-format\", \"version\": \"1.15.0\" }", - "{ \"group\": \"com.google.guava\", \"artifact\": \"guava\", \"version\": \"31.1-jre\" }", - "{ \"group\": \"org.apache.maven\", \"artifact\": \"maven-artifact\", \"version\": \"3.8.6\" }", - "{ \"group\": \"software.amazon.awssdk\", \"artifact\": \"s3\", \"version\": \"2.17.183\" }" - ], - "fetch_sources": true, - "fetch_javadoc": false, - "generate_compat_repositories": false, - "maven_install_json": "@@rules_jvm_external~//:rules_jvm_external_deps_install.json", - "override_targets": {}, - "strict_visibility": false, - "strict_visibility_value": [ - "@@//visibility:private" - ], - "jetify": false, - "jetify_include_list": [ - "*" - ], - "additional_netrc_lines": [], - "fail_if_repin_required": false, - "use_starlark_android_rules": false, - "aar_import_bzl_label": "@build_bazel_rules_android//android:rules.bzl", - "duplicate_version_warning": "warn" - } - }, - "org_threeten_threetenbp_1_5_0": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "dcf9c0f940739f2a825cd8626ff27113459a2f6eb18797c7152f93fff69c264f", - "urls": [ - "https://repo1.maven.org/maven2/org/threeten/threetenbp/1.5.0/threetenbp-1.5.0.jar", - "https://maven.google.com/org/threeten/threetenbp/1.5.0/threetenbp-1.5.0.jar" - ], - "downloaded_file_path": "org/threeten/threetenbp/1.5.0/threetenbp-1.5.0.jar" - } - }, - "software_amazon_awssdk_http_client_spi_2_17_183": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "fe7120f175df9e47ebcc5d946d7f40110faf2ba0a30364f3b935d5b8a5a6c3c6", - "urls": [ - "https://repo1.maven.org/maven2/software/amazon/awssdk/http-client-spi/2.17.183/http-client-spi-2.17.183.jar", - "https://maven.google.com/software/amazon/awssdk/http-client-spi/2.17.183/http-client-spi-2.17.183.jar" - ], - "downloaded_file_path": "software/amazon/awssdk/http-client-spi/2.17.183/http-client-spi-2.17.183.jar" - } - }, - "software_amazon_awssdk_third_party_jackson_core_2_17_183": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "1bc27c9960993c20e1ab058012dd1ae04c875eec9f0f08f2b2ca41e578dee9a4", - "urls": [ - "https://repo1.maven.org/maven2/software/amazon/awssdk/third-party-jackson-core/2.17.183/third-party-jackson-core-2.17.183.jar", - "https://maven.google.com/software/amazon/awssdk/third-party-jackson-core/2.17.183/third-party-jackson-core-2.17.183.jar" - ], - "downloaded_file_path": "software/amazon/awssdk/third-party-jackson-core/2.17.183/third-party-jackson-core-2.17.183.jar" - } - }, - "software_amazon_eventstream_eventstream_1_0_1": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "0c37d8e696117f02c302191b8110b0d0eb20fa412fce34c3a269ec73c16ce822", - "urls": [ - "https://repo1.maven.org/maven2/software/amazon/eventstream/eventstream/1.0.1/eventstream-1.0.1.jar", - "https://maven.google.com/software/amazon/eventstream/eventstream/1.0.1/eventstream-1.0.1.jar" - ], - "downloaded_file_path": "software/amazon/eventstream/eventstream/1.0.1/eventstream-1.0.1.jar" - } - }, - "com_google_oauth_client_google_oauth_client_1_31_1": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "4ed4e2948251dbda66ce251bd7f3b32cd8570055e5cdb165a3c7aea8f43da0ff", - "urls": [ - "https://repo1.maven.org/maven2/com/google/oauth-client/google-oauth-client/1.31.1/google-oauth-client-1.31.1.jar", - "https://maven.google.com/com/google/oauth-client/google-oauth-client/1.31.1/google-oauth-client-1.31.1.jar" - ], - "downloaded_file_path": "com/google/oauth-client/google-oauth-client/1.31.1/google-oauth-client-1.31.1.jar" - } - }, - "software_amazon_awssdk_aws_xml_protocol_2_17_183": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "566bba05d49256fa6994efd68fa625ae05a62ea45ee74bb9130d20ea20988363", - "urls": [ - "https://repo1.maven.org/maven2/software/amazon/awssdk/aws-xml-protocol/2.17.183/aws-xml-protocol-2.17.183.jar", - "https://maven.google.com/software/amazon/awssdk/aws-xml-protocol/2.17.183/aws-xml-protocol-2.17.183.jar" - ], - "downloaded_file_path": "software/amazon/awssdk/aws-xml-protocol/2.17.183/aws-xml-protocol-2.17.183.jar" - } - }, - "software_amazon_awssdk_annotations_2_17_183": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "8e4d72361ca805a0bd8bbd9017cd7ff77c8d170f2dd469c7d52d5653330bb3fd", - "urls": [ - "https://repo1.maven.org/maven2/software/amazon/awssdk/annotations/2.17.183/annotations-2.17.183.jar", - "https://maven.google.com/software/amazon/awssdk/annotations/2.17.183/annotations-2.17.183.jar" - ], - "downloaded_file_path": "software/amazon/awssdk/annotations/2.17.183/annotations-2.17.183.jar" - } - }, - "software_amazon_awssdk_netty_nio_client_2_17_183": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "a6d356f364c56d7b90006b0b7e503b8630010993a5587ce42e74b10b8dca2238", - "urls": [ - "https://repo1.maven.org/maven2/software/amazon/awssdk/netty-nio-client/2.17.183/netty-nio-client-2.17.183.jar", - "https://maven.google.com/software/amazon/awssdk/netty-nio-client/2.17.183/netty-nio-client-2.17.183.jar" - ], - "downloaded_file_path": "software/amazon/awssdk/netty-nio-client/2.17.183/netty-nio-client-2.17.183.jar" - } - }, - "com_google_guava_guava_31_1_jre": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "a42edc9cab792e39fe39bb94f3fca655ed157ff87a8af78e1d6ba5b07c4a00ab", - "urls": [ - "https://repo1.maven.org/maven2/com/google/guava/guava/31.1-jre/guava-31.1-jre.jar" - ], - "downloaded_file_path": "com/google/guava/guava/31.1-jre/guava-31.1-jre.jar" - } - }, - "com_google_auto_value_auto_value_annotations_1_7_4": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "fedd59b0b4986c342f6ab2d182f2a4ee9fceb2c7e2d5bdc4dc764c92394a23d3", - "urls": [ - "https://repo1.maven.org/maven2/com/google/auto/value/auto-value-annotations/1.7.4/auto-value-annotations-1.7.4.jar", - "https://maven.google.com/com/google/auto/value/auto-value-annotations/1.7.4/auto-value-annotations-1.7.4.jar" - ], - "downloaded_file_path": "com/google/auto/value/auto-value-annotations/1.7.4/auto-value-annotations-1.7.4.jar" - } - }, - "io_netty_netty_transport_native_unix_common_4_1_72_Final": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "6f8f1cc29b5a234eeee9439a63eb3f03a5994aa540ff555cb0b2c88cefaf6877", - "urls": [ - "https://repo1.maven.org/maven2/io/netty/netty-transport-native-unix-common/4.1.72.Final/netty-transport-native-unix-common-4.1.72.Final.jar", - "https://maven.google.com/io/netty/netty-transport-native-unix-common/4.1.72.Final/netty-transport-native-unix-common-4.1.72.Final.jar" - ], - "downloaded_file_path": "io/netty/netty-transport-native-unix-common/4.1.72.Final/netty-transport-native-unix-common-4.1.72.Final.jar" - } - }, - "junit_junit_4_13_2": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "8e495b634469d64fb8acfa3495a065cbacc8a0fff55ce1e31007be4c16dc57d3", - "urls": [ - "https://repo1.maven.org/maven2/junit/junit/4.13.2/junit-4.13.2.jar" - ], - "downloaded_file_path": "junit/junit/4.13.2/junit-4.13.2.jar" - } - }, - "io_opencensus_opencensus_contrib_http_util_0_24_0": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "7155273bbb1ed3d477ea33cf19d7bbc0b285ff395f43b29ae576722cf247000f", - "urls": [ - "https://repo1.maven.org/maven2/io/opencensus/opencensus-contrib-http-util/0.24.0/opencensus-contrib-http-util-0.24.0.jar", - "https://maven.google.com/io/opencensus/opencensus-contrib-http-util/0.24.0/opencensus-contrib-http-util-0.24.0.jar" - ], - "downloaded_file_path": "io/opencensus/opencensus-contrib-http-util/0.24.0/opencensus-contrib-http-util-0.24.0.jar" - } - }, - "com_fasterxml_jackson_core_jackson_core_2_11_3": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "78cd0a6b936232e06dd3e38da8a0345348a09cd1ff9c4d844c6ee72c75cfc402", - "urls": [ - "https://repo1.maven.org/maven2/com/fasterxml/jackson/core/jackson-core/2.11.3/jackson-core-2.11.3.jar", - "https://maven.google.com/com/fasterxml/jackson/core/jackson-core/2.11.3/jackson-core-2.11.3.jar" - ], - "downloaded_file_path": "com/fasterxml/jackson/core/jackson-core/2.11.3/jackson-core-2.11.3.jar" - } - }, - "com_google_cloud_google_cloud_core_1_93_10": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "832d74eca66f4601e162a8460d6f59f50d1d23f93c18b02654423b6b0d67c6ea", - "urls": [ - "https://repo1.maven.org/maven2/com/google/cloud/google-cloud-core/1.93.10/google-cloud-core-1.93.10.jar", - "https://maven.google.com/com/google/cloud/google-cloud-core/1.93.10/google-cloud-core-1.93.10.jar" - ], - "downloaded_file_path": "com/google/cloud/google-cloud-core/1.93.10/google-cloud-core-1.93.10.jar" - } - }, - "com_google_auth_google_auth_library_credentials_0_22_0": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "42c76031276de5b520909e9faf88c5b3c9a722d69ee9cfdafedb1c52c355dfc5", - "urls": [ - "https://repo1.maven.org/maven2/com/google/auth/google-auth-library-credentials/0.22.0/google-auth-library-credentials-0.22.0.jar", - "https://maven.google.com/com/google/auth/google-auth-library-credentials/0.22.0/google-auth-library-credentials-0.22.0.jar" - ], - "downloaded_file_path": "com/google/auth/google-auth-library-credentials/0.22.0/google-auth-library-credentials-0.22.0.jar" - } - }, - "software_amazon_awssdk_profiles_2_17_183": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "78833b32fde3f1c5320373b9ea955c1bbc28f2c904010791c4784e610193ee56", - "urls": [ - "https://repo1.maven.org/maven2/software/amazon/awssdk/profiles/2.17.183/profiles-2.17.183.jar", - "https://maven.google.com/software/amazon/awssdk/profiles/2.17.183/profiles-2.17.183.jar" - ], - "downloaded_file_path": "software/amazon/awssdk/profiles/2.17.183/profiles-2.17.183.jar" - } - }, - "org_apache_httpcomponents_httpcore_4_4_13": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "e06e89d40943245fcfa39ec537cdbfce3762aecde8f9c597780d2b00c2b43424", - "urls": [ - "https://repo1.maven.org/maven2/org/apache/httpcomponents/httpcore/4.4.13/httpcore-4.4.13.jar", - "https://maven.google.com/org/apache/httpcomponents/httpcore/4.4.13/httpcore-4.4.13.jar" - ], - "downloaded_file_path": "org/apache/httpcomponents/httpcore/4.4.13/httpcore-4.4.13.jar" - } - }, - "io_netty_netty_common_4_1_72_Final": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "8adb4c291260ceb2859a68c49f0adeed36bf49587608e2b81ecff6aaf06025e9", - "urls": [ - "https://repo1.maven.org/maven2/io/netty/netty-common/4.1.72.Final/netty-common-4.1.72.Final.jar", - "https://maven.google.com/io/netty/netty-common/4.1.72.Final/netty-common-4.1.72.Final.jar" - ], - "downloaded_file_path": "io/netty/netty-common/4.1.72.Final/netty-common-4.1.72.Final.jar" - } - }, - "io_netty_netty_transport_classes_epoll_4_1_72_Final": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "e1528a9751c1285aa7beaf3a1eb0597151716426ce38598ac9bc0891209b9e68", - "urls": [ - "https://repo1.maven.org/maven2/io/netty/netty-transport-classes-epoll/4.1.72.Final/netty-transport-classes-epoll-4.1.72.Final.jar", - "https://maven.google.com/io/netty/netty-transport-classes-epoll/4.1.72.Final/netty-transport-classes-epoll-4.1.72.Final.jar" - ], - "downloaded_file_path": "io/netty/netty-transport-classes-epoll/4.1.72.Final/netty-transport-classes-epoll-4.1.72.Final.jar" - } - }, - "org_checkerframework_checker_qual_3_12_0": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "ff10785ac2a357ec5de9c293cb982a2cbb605c0309ea4cc1cb9b9bc6dbe7f3cb", - "urls": [ - "https://repo1.maven.org/maven2/org/checkerframework/checker-qual/3.12.0/checker-qual-3.12.0.jar", - "https://maven.google.com/org/checkerframework/checker-qual/3.12.0/checker-qual-3.12.0.jar" - ], - "downloaded_file_path": "org/checkerframework/checker-qual/3.12.0/checker-qual-3.12.0.jar" - } - }, - "org_hamcrest_hamcrest_core_1_3": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9", - "urls": [ - "https://repo1.maven.org/maven2/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar" - ], - "downloaded_file_path": "org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar" - } - }, - "com_google_cloud_google_cloud_core_http_1_93_10": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "81ac67c14c7c4244d2b7db2607ad352416aca8d3bb2adf338964e8fea25b1b3c", - "urls": [ - "https://repo1.maven.org/maven2/com/google/cloud/google-cloud-core-http/1.93.10/google-cloud-core-http-1.93.10.jar", - "https://maven.google.com/com/google/cloud/google-cloud-core-http/1.93.10/google-cloud-core-http-1.93.10.jar" - ], - "downloaded_file_path": "com/google/cloud/google-cloud-core-http/1.93.10/google-cloud-core-http-1.93.10.jar" - } - }, - "software_amazon_awssdk_utils_2_17_183": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "7bd849bb5aa71bfdf6b849643736ecab3a7b3f204795804eefe5754104231ec6", - "urls": [ - "https://repo1.maven.org/maven2/software/amazon/awssdk/utils/2.17.183/utils-2.17.183.jar", - "https://maven.google.com/software/amazon/awssdk/utils/2.17.183/utils-2.17.183.jar" - ], - "downloaded_file_path": "software/amazon/awssdk/utils/2.17.183/utils-2.17.183.jar" - } - }, - "org_apache_commons_commons_lang3_3_8_1": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "dac807f65b07698ff39b1b07bfef3d87ae3fd46d91bbf8a2bc02b2a831616f68", - "urls": [ - "https://repo1.maven.org/maven2/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.jar", - "https://maven.google.com/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.jar" - ], - "downloaded_file_path": "org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.jar" - } - }, - "software_amazon_awssdk_aws_core_2_17_183": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "bccbdbea689a665a702ff19828662d87fb7fe81529df13f02ef1e4c474ea9f93", - "urls": [ - "https://repo1.maven.org/maven2/software/amazon/awssdk/aws-core/2.17.183/aws-core-2.17.183.jar", - "https://maven.google.com/software/amazon/awssdk/aws-core/2.17.183/aws-core-2.17.183.jar" - ], - "downloaded_file_path": "software/amazon/awssdk/aws-core/2.17.183/aws-core-2.17.183.jar" - } - }, - "com_google_api_gax_httpjson_0_77_0": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "fd4dae47fa016d3b26e8d90b67ddc6c23c4c06e8bcdf085c70310ab7ef324bd6", - "urls": [ - "https://repo1.maven.org/maven2/com/google/api/gax-httpjson/0.77.0/gax-httpjson-0.77.0.jar", - "https://maven.google.com/com/google/api/gax-httpjson/0.77.0/gax-httpjson-0.77.0.jar" - ], - "downloaded_file_path": "com/google/api/gax-httpjson/0.77.0/gax-httpjson-0.77.0.jar" - } - }, - "unpinned_rules_jvm_external_deps": { - "bzlFile": "@@rules_jvm_external~//:coursier.bzl", - "ruleClassName": "coursier_fetch", - "attributes": { - "repositories": [ - "{ \"repo_url\": \"https://repo1.maven.org/maven2\" }" - ], - "artifacts": [ - "{ \"group\": \"com.google.auth\", \"artifact\": \"google-auth-library-credentials\", \"version\": \"0.22.0\" }", - "{ \"group\": \"com.google.auth\", \"artifact\": \"google-auth-library-oauth2-http\", \"version\": \"0.22.0\" }", - "{ \"group\": \"com.google.cloud\", \"artifact\": \"google-cloud-core\", \"version\": \"1.93.10\" }", - "{ \"group\": \"com.google.cloud\", \"artifact\": \"google-cloud-storage\", \"version\": \"1.113.4\" }", - "{ \"group\": \"com.google.code.gson\", \"artifact\": \"gson\", \"version\": \"2.9.0\" }", - "{ \"group\": \"com.google.googlejavaformat\", \"artifact\": \"google-java-format\", \"version\": \"1.15.0\" }", - "{ \"group\": \"com.google.guava\", \"artifact\": \"guava\", \"version\": \"31.1-jre\" }", - "{ \"group\": \"org.apache.maven\", \"artifact\": \"maven-artifact\", \"version\": \"3.8.6\" }", - "{ \"group\": \"software.amazon.awssdk\", \"artifact\": \"s3\", \"version\": \"2.17.183\" }" - ], - "fail_on_missing_checksum": true, - "fetch_sources": true, - "fetch_javadoc": false, - "excluded_artifacts": [], - "generate_compat_repositories": false, - "version_conflict_policy": "default", - "override_targets": {}, - "strict_visibility": false, - "strict_visibility_value": [ - "@@//visibility:private" - ], - "maven_install_json": "@@rules_jvm_external~//:rules_jvm_external_deps_install.json", - "resolve_timeout": 600, - "jetify": false, - "jetify_include_list": [ - "*" - ], - "use_starlark_android_rules": false, - "aar_import_bzl_label": "@build_bazel_rules_android//android:rules.bzl", - "duplicate_version_warning": "warn" - } - }, - "com_google_errorprone_error_prone_annotations_2_11_0": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "721cb91842b46fa056847d104d5225c8b8e1e8b62263b993051e1e5a0137b7ec", - "urls": [ - "https://repo1.maven.org/maven2/com/google/errorprone/error_prone_annotations/2.11.0/error_prone_annotations-2.11.0.jar" - ], - "downloaded_file_path": "com/google/errorprone/error_prone_annotations/2.11.0/error_prone_annotations-2.11.0.jar" - } - }, - "software_amazon_awssdk_regions_2_17_183": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "d3079395f3ffc07d04ffcce16fca29fb5968197f6e9ea3dbff6be297102b40a5", - "urls": [ - "https://repo1.maven.org/maven2/software/amazon/awssdk/regions/2.17.183/regions-2.17.183.jar", - "https://maven.google.com/software/amazon/awssdk/regions/2.17.183/regions-2.17.183.jar" - ], - "downloaded_file_path": "software/amazon/awssdk/regions/2.17.183/regions-2.17.183.jar" - } - }, - "io_netty_netty_handler_4_1_72_Final": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "9cb6012af7e06361d738ac4e3bdc49a158f8cf87d9dee0f2744056b7d99c28d5", - "urls": [ - "https://repo1.maven.org/maven2/io/netty/netty-handler/4.1.72.Final/netty-handler-4.1.72.Final.jar", - "https://maven.google.com/io/netty/netty-handler/4.1.72.Final/netty-handler-4.1.72.Final.jar" - ], - "downloaded_file_path": "io/netty/netty-handler/4.1.72.Final/netty-handler-4.1.72.Final.jar" - } - }, - "software_amazon_awssdk_aws_query_protocol_2_17_183": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "4dace03c76f80f3dec920cb3dedb2a95984c4366ef4fda728660cb90bed74848", - "urls": [ - "https://repo1.maven.org/maven2/software/amazon/awssdk/aws-query-protocol/2.17.183/aws-query-protocol-2.17.183.jar", - "https://maven.google.com/software/amazon/awssdk/aws-query-protocol/2.17.183/aws-query-protocol-2.17.183.jar" - ], - "downloaded_file_path": "software/amazon/awssdk/aws-query-protocol/2.17.183/aws-query-protocol-2.17.183.jar" - } - }, - "io_netty_netty_codec_http_4_1_72_Final": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "fa6fec88010bfaf6a7415b5364671b6b18ffb6b35a986ab97b423fd8c3a0174b", - "urls": [ - "https://repo1.maven.org/maven2/io/netty/netty-codec-http/4.1.72.Final/netty-codec-http-4.1.72.Final.jar", - "https://maven.google.com/io/netty/netty-codec-http/4.1.72.Final/netty-codec-http-4.1.72.Final.jar" - ], - "downloaded_file_path": "io/netty/netty-codec-http/4.1.72.Final/netty-codec-http-4.1.72.Final.jar" - } - }, - "io_netty_netty_resolver_4_1_72_Final": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "6474598aab7cc9d8d6cfa06c05bd1b19adbf7f8451dbdd73070b33a6c60b1b90", - "urls": [ - "https://repo1.maven.org/maven2/io/netty/netty-resolver/4.1.72.Final/netty-resolver-4.1.72.Final.jar", - "https://maven.google.com/io/netty/netty-resolver/4.1.72.Final/netty-resolver-4.1.72.Final.jar" - ], - "downloaded_file_path": "io/netty/netty-resolver/4.1.72.Final/netty-resolver-4.1.72.Final.jar" - } - }, - "software_amazon_awssdk_protocol_core_2_17_183": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "10e7c4faa1f05e2d73055d0390dbd0bb6450e2e6cb85beda051b1e4693c826ce", - "urls": [ - "https://repo1.maven.org/maven2/software/amazon/awssdk/protocol-core/2.17.183/protocol-core-2.17.183.jar", - "https://maven.google.com/software/amazon/awssdk/protocol-core/2.17.183/protocol-core-2.17.183.jar" - ], - "downloaded_file_path": "software/amazon/awssdk/protocol-core/2.17.183/protocol-core-2.17.183.jar" - } - }, - "stardoc_maven": { - "bzlFile": "@@rules_jvm_external~//:coursier.bzl", - "ruleClassName": "pinned_coursier_fetch", - "attributes": { - "repositories": [ - "{ \"repo_url\": \"https://repo1.maven.org/maven2\" }" - ], - "artifacts": [ - "{ \"group\": \"com.beust\", \"artifact\": \"jcommander\", \"version\": \"1.82\" }", - "{ \"group\": \"com.google.escapevelocity\", \"artifact\": \"escapevelocity\", \"version\": \"1.1\" }", - "{ \"group\": \"com.google.guava\", \"artifact\": \"guava\", \"version\": \"31.1-jre\" }", - "{ \"group\": \"com.google.truth\", \"artifact\": \"truth\", \"version\": \"1.1.3\" }", - "{ \"group\": \"junit\", \"artifact\": \"junit\", \"version\": \"4.13.2\" }" - ], - "fetch_sources": true, - "fetch_javadoc": false, - "generate_compat_repositories": false, - "maven_install_json": "@@stardoc~//:maven_install.json", - "override_targets": {}, - "strict_visibility": true, - "strict_visibility_value": [ - "@@//visibility:private" - ], - "jetify": false, - "jetify_include_list": [ - "*" - ], - "additional_netrc_lines": [], - "fail_if_repin_required": true, - "use_starlark_android_rules": false, - "aar_import_bzl_label": "@build_bazel_rules_android//android:rules.bzl", - "duplicate_version_warning": "warn" - } - }, - "com_google_truth_truth_1_1_3": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "fc0b67782289a2aabfddfdf99eff1dcd5edc890d49143fcd489214b107b8f4f3", - "urls": [ - "https://repo1.maven.org/maven2/com/google/truth/truth/1.1.3/truth-1.1.3.jar" - ], - "downloaded_file_path": "com/google/truth/truth/1.1.3/truth-1.1.3.jar" - } - }, - "org_checkerframework_checker_compat_qual_2_5_5": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "11d134b245e9cacc474514d2d66b5b8618f8039a1465cdc55bbc0b34e0008b7a", - "urls": [ - "https://repo1.maven.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar", - "https://maven.google.com/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar" - ], - "downloaded_file_path": "org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar" - } - }, - "com_google_apis_google_api_services_storage_v1_rev20200927_1_30_10": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "52d26a9d105f8d8a0850807285f307a76cea8f3e0cdb2be4d3b15b1adfa77351", - "urls": [ - "https://repo1.maven.org/maven2/com/google/apis/google-api-services-storage/v1-rev20200927-1.30.10/google-api-services-storage-v1-rev20200927-1.30.10.jar", - "https://maven.google.com/com/google/apis/google-api-services-storage/v1-rev20200927-1.30.10/google-api-services-storage-v1-rev20200927-1.30.10.jar" - ], - "downloaded_file_path": "com/google/apis/google-api-services-storage/v1-rev20200927-1.30.10/google-api-services-storage-v1-rev20200927-1.30.10.jar" - } - }, - "org_ow2_asm_asm_9_1": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "cda4de455fab48ff0bcb7c48b4639447d4de859a7afc30a094a986f0936beba2", - "urls": [ - "https://repo1.maven.org/maven2/org/ow2/asm/asm/9.1/asm-9.1.jar" - ], - "downloaded_file_path": "org/ow2/asm/asm/9.1/asm-9.1.jar" - } - }, - "com_google_api_client_google_api_client_1_30_11": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "ee6f97865cc7de6c7c80955c3f37372cf3887bd75e4fc06f1058a6b4cd9bf4da", - "urls": [ - "https://repo1.maven.org/maven2/com/google/api-client/google-api-client/1.30.11/google-api-client-1.30.11.jar", - "https://maven.google.com/com/google/api-client/google-api-client/1.30.11/google-api-client-1.30.11.jar" - ], - "downloaded_file_path": "com/google/api-client/google-api-client/1.30.11/google-api-client-1.30.11.jar" - } - }, - "software_amazon_awssdk_s3_2_17_183": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "ab073b91107a9e4ed9f030314077d137fe627e055ad895fabb036980a050e360", - "urls": [ - "https://repo1.maven.org/maven2/software/amazon/awssdk/s3/2.17.183/s3-2.17.183.jar", - "https://maven.google.com/software/amazon/awssdk/s3/2.17.183/s3-2.17.183.jar" - ], - "downloaded_file_path": "software/amazon/awssdk/s3/2.17.183/s3-2.17.183.jar" - } - }, - "org_apache_maven_maven_artifact_3_8_6": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "de22a4c6f54fe31276a823b1bbd3adfd6823529e732f431b5eff0852c2b9252b", - "urls": [ - "https://repo1.maven.org/maven2/org/apache/maven/maven-artifact/3.8.6/maven-artifact-3.8.6.jar", - "https://maven.google.com/org/apache/maven/maven-artifact/3.8.6/maven-artifact-3.8.6.jar" - ], - "downloaded_file_path": "org/apache/maven/maven-artifact/3.8.6/maven-artifact-3.8.6.jar" - } - }, - "com_google_googlejavaformat_google_java_format_1_15_0": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "4f546cfe159547ac3b9547daa9649e728f6abc254979c975f1cb9971793692c3", - "urls": [ - "https://repo1.maven.org/maven2/com/google/googlejavaformat/google-java-format/1.15.0/google-java-format-1.15.0.jar", - "https://maven.google.com/com/google/googlejavaformat/google-java-format/1.15.0/google-java-format-1.15.0.jar" - ], - "downloaded_file_path": "com/google/googlejavaformat/google-java-format/1.15.0/google-java-format-1.15.0.jar" - } - }, - "org_apache_httpcomponents_httpclient_4_5_13": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "6fe9026a566c6a5001608cf3fc32196641f6c1e5e1986d1037ccdbd5f31ef743", - "urls": [ - "https://repo1.maven.org/maven2/org/apache/httpcomponents/httpclient/4.5.13/httpclient-4.5.13.jar", - "https://maven.google.com/org/apache/httpcomponents/httpclient/4.5.13/httpclient-4.5.13.jar" - ], - "downloaded_file_path": "org/apache/httpcomponents/httpclient/4.5.13/httpclient-4.5.13.jar" - } - }, - "com_google_guava_listenablefuture_9999_0_empty_to_avoid_conflict_with_guava": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "b372a037d4230aa57fbeffdef30fd6123f9c0c2db85d0aced00c91b974f33f99", - "urls": [ - "https://repo1.maven.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar" - ], - "downloaded_file_path": "com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar" - } - }, - "com_google_http_client_google_http_client_1_38_0": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "411f4a42519b6b78bdc0fcfdf74c9edcef0ee97afa4a667abe04045a508d6302", - "urls": [ - "https://repo1.maven.org/maven2/com/google/http-client/google-http-client/1.38.0/google-http-client-1.38.0.jar", - "https://maven.google.com/com/google/http-client/google-http-client/1.38.0/google-http-client-1.38.0.jar" - ], - "downloaded_file_path": "com/google/http-client/google-http-client/1.38.0/google-http-client-1.38.0.jar" - } - }, - "software_amazon_awssdk_apache_client_2_17_183": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "78ceae502fce6a97bbe5ff8f6a010a52ab7ea3ae66cb1a4122e18185fce45022", - "urls": [ - "https://repo1.maven.org/maven2/software/amazon/awssdk/apache-client/2.17.183/apache-client-2.17.183.jar", - "https://maven.google.com/software/amazon/awssdk/apache-client/2.17.183/apache-client-2.17.183.jar" - ], - "downloaded_file_path": "software/amazon/awssdk/apache-client/2.17.183/apache-client-2.17.183.jar" - } - }, - "software_amazon_awssdk_arns_2_17_183": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "659a185e191d66c71de81209490e66abeaccae208ea7b2831a738670823447aa", - "urls": [ - "https://repo1.maven.org/maven2/software/amazon/awssdk/arns/2.17.183/arns-2.17.183.jar", - "https://maven.google.com/software/amazon/awssdk/arns/2.17.183/arns-2.17.183.jar" - ], - "downloaded_file_path": "software/amazon/awssdk/arns/2.17.183/arns-2.17.183.jar" - } - }, - "com_google_auto_value_auto_value_annotations_1_8_1": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "37ec09b47d7ed35a99d13927db5c86fc9071f620f943ead5d757144698310852", - "urls": [ - "https://repo1.maven.org/maven2/com/google/auto/value/auto-value-annotations/1.8.1/auto-value-annotations-1.8.1.jar" - ], - "downloaded_file_path": "com/google/auto/value/auto-value-annotations/1.8.1/auto-value-annotations-1.8.1.jar" - } - }, - "com_google_code_gson_gson_2_9_0": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "c96d60551331a196dac54b745aa642cd078ef89b6f267146b705f2c2cbef052d", - "urls": [ - "https://repo1.maven.org/maven2/com/google/code/gson/gson/2.9.0/gson-2.9.0.jar", - "https://maven.google.com/com/google/code/gson/gson/2.9.0/gson-2.9.0.jar" - ], - "downloaded_file_path": "com/google/code/gson/gson/2.9.0/gson-2.9.0.jar" - } - }, - "io_netty_netty_buffer_4_1_72_Final": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "568ff7cd9d8e2284ec980730c88924f686642929f8f219a74518b4e64755f3a1", - "urls": [ - "https://repo1.maven.org/maven2/io/netty/netty-buffer/4.1.72.Final/netty-buffer-4.1.72.Final.jar", - "https://maven.google.com/io/netty/netty-buffer/4.1.72.Final/netty-buffer-4.1.72.Final.jar" - ], - "downloaded_file_path": "io/netty/netty-buffer/4.1.72.Final/netty-buffer-4.1.72.Final.jar" - } - }, - "com_google_code_findbugs_jsr305_3_0_2": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7", - "urls": [ - "https://repo1.maven.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar" - ], - "downloaded_file_path": "com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar" - } - }, - "commons_codec_commons_codec_1_11": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "e599d5318e97aa48f42136a2927e6dfa4e8881dff0e6c8e3109ddbbff51d7b7d", - "urls": [ - "https://repo1.maven.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.jar", - "https://maven.google.com/commons-codec/commons-codec/1.11/commons-codec-1.11.jar" - ], - "downloaded_file_path": "commons-codec/commons-codec/1.11/commons-codec-1.11.jar" - } - }, - "software_amazon_awssdk_auth_2_17_183": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "8820c6636e5c14efc29399fb5565ce50212b0c1f4ed720a025a2c402d54e0978", - "urls": [ - "https://repo1.maven.org/maven2/software/amazon/awssdk/auth/2.17.183/auth-2.17.183.jar", - "https://maven.google.com/software/amazon/awssdk/auth/2.17.183/auth-2.17.183.jar" - ], - "downloaded_file_path": "software/amazon/awssdk/auth/2.17.183/auth-2.17.183.jar" - } - }, - "software_amazon_awssdk_json_utils_2_17_183": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "51ab7f550adc06afcb49f5270cdf690f1bfaaee243abaa5d978095e2a1e4e1a5", - "urls": [ - "https://repo1.maven.org/maven2/software/amazon/awssdk/json-utils/2.17.183/json-utils-2.17.183.jar", - "https://maven.google.com/software/amazon/awssdk/json-utils/2.17.183/json-utils-2.17.183.jar" - ], - "downloaded_file_path": "software/amazon/awssdk/json-utils/2.17.183/json-utils-2.17.183.jar" - } - }, - "org_codehaus_plexus_plexus_utils_3_3_1": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "4b570fcdbe5a894f249d2eb9b929358a9c88c3e548d227a80010461930222f2a", - "urls": [ - "https://repo1.maven.org/maven2/org/codehaus/plexus/plexus-utils/3.3.1/plexus-utils-3.3.1.jar", - "https://maven.google.com/org/codehaus/plexus/plexus-utils/3.3.1/plexus-utils-3.3.1.jar" - ], - "downloaded_file_path": "org/codehaus/plexus/plexus-utils/3.3.1/plexus-utils-3.3.1.jar" - } - }, - "org_checkerframework_checker_qual_3_13_0": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "3ea0dcd73b4d6cb2fb34bd7ed4dad6db327a01ebad7db05eb7894076b3d64491", - "urls": [ - "https://repo1.maven.org/maven2/org/checkerframework/checker-qual/3.13.0/checker-qual-3.13.0.jar" - ], - "downloaded_file_path": "org/checkerframework/checker-qual/3.13.0/checker-qual-3.13.0.jar" - } - }, - "com_google_protobuf_protobuf_java_util_3_13_0": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "d9de66b8c9445905dfa7064f6d5213d47ce88a20d34e21d83c4a94a229e14e62", - "urls": [ - "https://repo1.maven.org/maven2/com/google/protobuf/protobuf-java-util/3.13.0/protobuf-java-util-3.13.0.jar", - "https://maven.google.com/com/google/protobuf/protobuf-java-util/3.13.0/protobuf-java-util-3.13.0.jar" - ], - "downloaded_file_path": "com/google/protobuf/protobuf-java-util/3.13.0/protobuf-java-util-3.13.0.jar" - } - }, - "io_netty_netty_codec_4_1_72_Final": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "5d8591ca271a1e9c224e8de3873aa9936acb581ee0db514e7dc18523df36d16c", - "urls": [ - "https://repo1.maven.org/maven2/io/netty/netty-codec/4.1.72.Final/netty-codec-4.1.72.Final.jar", - "https://maven.google.com/io/netty/netty-codec/4.1.72.Final/netty-codec-4.1.72.Final.jar" - ], - "downloaded_file_path": "io/netty/netty-codec/4.1.72.Final/netty-codec-4.1.72.Final.jar" - } - }, - "com_google_protobuf_protobuf_java_3_13_0": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "97d5b2758408690c0dc276238707492a0b6a4d71206311b6c442cdc26c5973ff", - "urls": [ - "https://repo1.maven.org/maven2/com/google/protobuf/protobuf-java/3.13.0/protobuf-java-3.13.0.jar", - "https://maven.google.com/com/google/protobuf/protobuf-java/3.13.0/protobuf-java-3.13.0.jar" - ], - "downloaded_file_path": "com/google/protobuf/protobuf-java/3.13.0/protobuf-java-3.13.0.jar" - } - }, - "io_netty_netty_tcnative_classes_2_0_46_Final": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "d3ec888dcc4ac7915bf88b417c5e04fd354f4311032a748a6882df09347eed9a", - "urls": [ - "https://repo1.maven.org/maven2/io/netty/netty-tcnative-classes/2.0.46.Final/netty-tcnative-classes-2.0.46.Final.jar", - "https://maven.google.com/io/netty/netty-tcnative-classes/2.0.46.Final/netty-tcnative-classes-2.0.46.Final.jar" - ], - "downloaded_file_path": "io/netty/netty-tcnative-classes/2.0.46.Final/netty-tcnative-classes-2.0.46.Final.jar" - } - }, - "software_amazon_awssdk_sdk_core_2_17_183": { - "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", - "ruleClassName": "http_file", - "attributes": { - "sha256": "677e9cc90fdd82c1f40f97b99cb115b13ad6c3f58beeeab1c061af6954d64c77", - "urls": [ - "https://repo1.maven.org/maven2/software/amazon/awssdk/sdk-core/2.17.183/sdk-core-2.17.183.jar", - "https://maven.google.com/software/amazon/awssdk/sdk-core/2.17.183/sdk-core-2.17.183.jar" - ], - "downloaded_file_path": "software/amazon/awssdk/sdk-core/2.17.183/sdk-core-2.17.183.jar" - } - } - }, - "recordedRepoMappingEntries": [ - [ - "rules_jvm_external~", - "bazel_tools", - "bazel_tools" - ], - [ - "rules_jvm_external~", - "rules_jvm_external", - "rules_jvm_external~" - ] - ] - } - }, - "@@rules_jvm_external~//:non-module-deps.bzl%non_module_deps": { - "general": { - "bzlTransitiveDigest": "l6SlNloqPvd60dcuPdWiJNi3g3jfK76fcZc0i/Yr0dQ=", - "usagesDigest": "hiuzyio8ny4T3UoEFpHaxXzNFc6OGUFvx5DDVLBBUmU=", - "recordedFileInputs": {}, - "recordedDirentsInputs": {}, - "envVariables": {}, - "generatedRepoSpecs": { - "io_bazel_rules_kotlin": { + "pybind11": { "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", "ruleClassName": "http_archive", "attributes": { - "sha256": "946747acdbeae799b085d12b240ec346f775ac65236dfcf18aa0cd7300f6de78", + "build_file": "@@pybind11_bazel~//:pybind11.BUILD", + "strip_prefix": "pybind11-2.11.1", "urls": [ - "https://github.com/bazelbuild/rules_kotlin/releases/download/v1.7.0-RC-2/rules_kotlin_release.tgz" + "https://github.com/pybind/pybind11/archive/v2.11.1.zip" ] } } }, "recordedRepoMappingEntries": [ [ - "rules_jvm_external~", + "pybind11_bazel~", + "bazel_tools", + "bazel_tools" + ] + ] + } + }, + "@@rules_fuzzing~//fuzzing/private:extensions.bzl%non_module_dependencies": { + "general": { + "bzlTransitiveDigest": "aN6cDs7sOfBWTyYmCu+aV9nr3VKpDIZprzN+yGEsNO0=", + "usagesDigest": "X26dvBYyk1211bNrYvtOxec7AmnYf6DQEYUw1L0Oo74=", + "recordedFileInputs": {}, + "recordedDirentsInputs": {}, + "envVariables": {}, + "generatedRepoSpecs": { + "bazel_skylib": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "sha256": "cd55a062e763b9349921f0f5db8c3933288dc8ba4f76dd9416aac68acee3cb94", + "urls": [ + "https://mirror.bazel.build/github.com/bazelbuild/bazel-skylib/releases/download/1.5.0/bazel-skylib-1.5.0.tar.gz", + "https://github.com/bazelbuild/bazel-skylib/releases/download/1.5.0/bazel-skylib-1.5.0.tar.gz" + ] + } + }, + "rules_fuzzing_jazzer": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_jar", + "attributes": { + "sha256": "ee6feb569d88962d59cb59e8a31eb9d007c82683f3ebc64955fd5b96f277eec2", + "url": "https://repo1.maven.org/maven2/com/code-intelligence/jazzer/0.20.1/jazzer-0.20.1.jar" + } + }, + "rules_python": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "sha256": "d70cd72a7a4880f0000a6346253414825c19cdd40a28289bdf67b8e6480edff8", + "strip_prefix": "rules_python-0.28.0", + "url": "https://github.com/bazelbuild/rules_python/releases/download/0.28.0/rules_python-0.28.0.tar.gz" + } + }, + "rules_fuzzing_oss_fuzz": { + "bzlFile": "@@rules_fuzzing~//fuzzing/private/oss_fuzz:repository.bzl", + "ruleClassName": "oss_fuzz_repository", + "attributes": {} + }, + "com_google_absl": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "urls": [ + "https://github.com/abseil/abseil-cpp/archive/refs/tags/20240116.1.zip" + ], + "strip_prefix": "abseil-cpp-20240116.1", + "integrity": "sha256-7capMWOvWyoYbUaHF/b+I2U6XLMaHmky8KugWvfXYuk=" + } + }, + "honggfuzz": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "build_file": "@@rules_fuzzing~//:honggfuzz.BUILD", + "sha256": "6b18ba13bc1f36b7b950c72d80f19ea67fbadc0ac0bb297ec89ad91f2eaa423e", + "url": "https://github.com/google/honggfuzz/archive/2.5.zip", + "strip_prefix": "honggfuzz-2.5" + } + }, + "platforms": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "urls": [ + "https://mirror.bazel.build/github.com/bazelbuild/platforms/releases/download/0.0.8/platforms-0.0.8.tar.gz", + "https://github.com/bazelbuild/platforms/releases/download/0.0.8/platforms-0.0.8.tar.gz" + ], + "sha256": "8150406605389ececb6da07cbcb509d5637a3ab9a24bc69b1101531367d89d74" + } + }, + "rules_fuzzing_jazzer_api": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_jar", + "attributes": { + "sha256": "f5a60242bc408f7fa20fccf10d6c5c5ea1fcb3c6f44642fec5af88373ae7aa1b", + "url": "https://repo1.maven.org/maven2/com/code-intelligence/jazzer-api/0.20.1/jazzer-api-0.20.1.jar" + } + } + }, + "recordedRepoMappingEntries": [ + [ + "rules_fuzzing~", + "bazel_tools", + "bazel_tools" + ] + ] + } + }, + "@@rules_kotlin~//src/main/starlark/core/repositories:bzlmod_setup.bzl%rules_kotlin_extensions": { + "general": { + "bzlTransitiveDigest": "l//eFZVgEUHSUfuQ1zQw9uxmcJku8ikraA2fv/2Pyh0=", + "usagesDigest": "NXmdQOmIAdsAdtLv3dhkX8UQ+0st9iQ0EkR28lUNdHc=", + "recordedFileInputs": {}, + "recordedDirentsInputs": {}, + "envVariables": {}, + "generatedRepoSpecs": { + "rules_android": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_archive", + "attributes": { + "sha256": "cd06d15dd8bb59926e4d65f9003bfc20f9da4b2519985c27e190cddc8b7a7806", + "strip_prefix": "rules_android-0.1.1", + "urls": [ + "https://github.com/bazelbuild/rules_android/archive/v0.1.1.zip" + ] + } + }, + "com_github_pinterest_ktlint": { + "bzlFile": "@@bazel_tools//tools/build_defs/repo:http.bzl", + "ruleClassName": "http_file", + "attributes": { + "sha256": "01b2e0ef893383a50dbeb13970fe7fa3be36ca3e83259e01649945b09d736985", + "urls": [ + "https://github.com/pinterest/ktlint/releases/download/1.3.0/ktlint" + ], + "executable": true + } + }, + "com_github_jetbrains_kotlin": { + "bzlFile": "@@rules_kotlin~//src/main/starlark/core/repositories:compiler.bzl", + "ruleClassName": "kotlin_capabilities_repository", + "attributes": { + "git_repository_name": "com_github_jetbrains_kotlin_git", + "compiler_version": "1.9.23" + } + }, + "com_github_jetbrains_kotlin_git": { + "bzlFile": "@@rules_kotlin~//src/main/starlark/core/repositories:compiler.bzl", + "ruleClassName": "kotlin_compiler_git_repository", + "attributes": { + "urls": [ + "https://github.com/JetBrains/kotlin/releases/download/v1.9.23/kotlin-compiler-1.9.23.zip" + ], + "sha256": "93137d3aab9afa9b27cb06a824c2324195c6b6f6179d8a8653f440f5bd58be88" + } + }, + "com_github_google_ksp": { + "bzlFile": "@@rules_kotlin~//src/main/starlark/core/repositories:ksp.bzl", + "ruleClassName": "ksp_compiler_plugin_repository", + "attributes": { + "urls": [ + "https://github.com/google/ksp/releases/download/1.9.23-1.0.20/artifacts.zip" + ], + "sha256": "ee0618755913ef7fd6511288a232e8fad24838b9af6ea73972a76e81053c8c2d", + "strip_version": "1.9.23-1.0.20" + } + } + }, + "recordedRepoMappingEntries": [ + [ + "rules_kotlin~", "bazel_tools", "bazel_tools" ] @@ -2024,12 +1072,12 @@ }, "@@rules_python~//python/private/pypi:pip.bzl%pip_internal": { "general": { - "bzlTransitiveDigest": "A6NreM8jfXl/qMHo3ZoVQRrznlTyni1DBwC/tXdIRKw=", - "usagesDigest": "Uu+eQolCXDoyIgvFjLDBDgjgBSkRuuldwUQnjKYjsz8=", + "bzlTransitiveDigest": "NuFWsw0F1ZHsRw6pAHHojBht90U7WPJQr64a2sg5Ib0=", + "usagesDigest": "/5Os1MEbCgZJ42ZFY1UZAhnLguIdryegbkM9Wq+We6Y=", "recordedFileInputs": { - "@@rules_python~//tools/publish/requirements.txt": "031e35d03dde03ae6305fe4b3d1f58ad7bdad857379752deede0f93649991b8a", - "@@rules_python~//tools/publish/requirements_windows.txt": "15472d5a28e068d31ba9e2dc389459698afaff366e9db06e15890283a3ea252e", - "@@rules_python~//tools/publish/requirements_darwin.txt": "61cf602ff33b58c5f42a6cee30112985e9b502209605314e313157f8aad679f9" + "@@rules_python~//tools/publish/requirements_linux.txt": "8175b4c8df50ae2f22d1706961884beeb54e7da27bd2447018314a175981997d", + "@@rules_python~//tools/publish/requirements_windows.txt": "7673adc71dc1a81d3661b90924d7a7c0fc998cd508b3cb4174337cef3f2de556", + "@@rules_python~//tools/publish/requirements_darwin.txt": "2994136eab7e57b083c3de76faf46f70fad130bc8e7360a7fed2b288b69e79dc" }, "recordedDirentsInputs": {}, "envVariables": { @@ -2037,95 +1085,7 @@ "RULES_PYTHON_REPO_DEBUG_VERBOSITY": null }, "generatedRepoSpecs": { - "rules_python_publish_deps_311_cffi_cp311_cp311_manylinux_2_17_aarch64_3548db28": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_linux_aarch64", - "cp311_linux_arm", - "cp311_linux_ppc", - "cp311_linux_s390x", - "cp311_linux_x86_64" - ], - "filename": "cffi-1.15.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "cffi==1.15.1", - "sha256": "3548db281cd7d2561c9ad9984681c95f7b0e38881201e157833a2342c30d5e8c", - "urls": [ - "https://files.pythonhosted.org/packages/91/bc/b7723c2fe7a22eee71d7edf2102cd43423d5f95ff3932ebaa2f82c7ec8d0/cffi-1.15.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl" - ] - } - }, - "rules_python_publish_deps_311_zipp_sdist_a7a22e05": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_linux_aarch64", - "cp311_linux_arm", - "cp311_linux_ppc", - "cp311_linux_s390x", - "cp311_linux_x86_64" - ], - "filename": "zipp-3.11.0.tar.gz", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "zipp==3.11.0", - "sha256": "a7a22e05929290a67401440b39690ae6563279bced5f314609d9d03798f56766", - "urls": [ - "https://files.pythonhosted.org/packages/8e/b3/8b16a007184714f71157b1a71bbe632c5d66dd43bc8152b3c799b13881e1/zipp-3.11.0.tar.gz" - ] - } - }, - "rules_python_publish_deps_311_urllib3_sdist_076907bf": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_linux_aarch64", - "cp311_linux_arm", - "cp311_linux_ppc", - "cp311_linux_s390x", - "cp311_linux_x86_64" - ], - "filename": "urllib3-1.26.14.tar.gz", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "urllib3==1.26.14", - "sha256": "076907bf8fd355cde77728471316625a4d2f7e713c125f51953bb5b3eecf4f72", - "urls": [ - "https://files.pythonhosted.org/packages/c5/52/fe421fb7364aa738b3506a2d99e4f3a56e079c0a798e9f4fa5e14c60922f/urllib3-1.26.14.tar.gz" - ] - } - }, - "rules_python_publish_deps_311_cffi_cp311_cp311_manylinux_2_17_ppc64le_91fc98ad": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_linux_aarch64", - "cp311_linux_arm", - "cp311_linux_ppc", - "cp311_linux_s390x", - "cp311_linux_x86_64" - ], - "filename": "cffi-1.15.1-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "cffi==1.15.1", - "sha256": "91fc98adde3d7881af9b59ed0294046f3806221863722ba7d8d120c575314325", - "urls": [ - "https://files.pythonhosted.org/packages/5d/4e/4e0bb5579b01fdbfd4388bd1eb9394a989e1336203a4b7f700d887b233c1/cffi-1.15.1-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl" - ] - } - }, - "rules_python_publish_deps_311_requests_py3_none_any_64299f49": { + "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_macosx_10_9_x86_64_c57516e5": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -2140,17 +1100,17 @@ "cp311_osx_x86_64", "cp311_windows_x86_64" ], - "filename": "requests-2.28.2-py3-none-any.whl", + "filename": "charset_normalizer-3.4.0-cp311-cp311-macosx_10_9_x86_64.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "requests==2.28.2", - "sha256": "64299f4909223da747622c030b781c0d7811e359c37124b4bd368fb8c6518baa", + "requirement": "charset-normalizer==3.4.0", + "sha256": "c57516e58fd17d03ebe67e181a4e4e2ccab1168f8c2976c6a334d4f819fe5944", "urls": [ - "https://files.pythonhosted.org/packages/d2/f4/274d1dbe96b41cf4e0efb70cbced278ffd61b5c7bb70338b62af94ccb25b/requests-2.28.2-py3-none-any.whl" + "https://files.pythonhosted.org/packages/77/d5/8c982d58144de49f59571f940e329ad6e8615e1e82ef84584c5eeb5e1d72/charset_normalizer-3.4.0-cp311-cp311-macosx_10_9_x86_64.whl" ] } }, - "rules_python_publish_deps_311_certifi_sdist_35824b4c": { + "rules_python_publish_deps_311_cffi_sdist_1c39c601": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -2162,17 +1122,21 @@ "cp311_linux_s390x", "cp311_linux_x86_64" ], - "filename": "certifi-2022.12.7.tar.gz", + "extra_pip_args": [ + "--index-url", + "https://pypi.org/simple" + ], + "filename": "cffi-1.17.1.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "certifi==2022.12.7", - "sha256": "35824b4c3a97115964b408844d64aa14db1cc518f6562e8d7261699d1350a9e3", + "requirement": "cffi==1.17.1", + "sha256": "1c39c6016c32bc48dd54561950ebd6836e1670f2ae46128f67cf49e789c52824", "urls": [ - "https://files.pythonhosted.org/packages/37/f7/2b1b0ec44fdc30a3d31dfebe52226be9ddc40cd6c0f34ffc8923ba423b69/certifi-2022.12.7.tar.gz" + "https://files.pythonhosted.org/packages/fc/97/c783634659c2920c3fc70419e3af40972dbaf758daa229a7d6ea6135c90d/cffi-1.17.1.tar.gz" ] } }, - "rules_python_publish_deps_311_readme_renderer_py3_none_any_f67a16ca": { + "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_macosx_11_0_arm64_6dba5d19": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -2187,79 +1151,17 @@ "cp311_osx_x86_64", "cp311_windows_x86_64" ], - "filename": "readme_renderer-37.3-py3-none-any.whl", + "filename": "charset_normalizer-3.4.0-cp311-cp311-macosx_11_0_arm64.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "readme-renderer==37.3", - "sha256": "f67a16caedfa71eef48a31b39708637a6f4664c4394801a7b0d6432d13907343", + "requirement": "charset-normalizer==3.4.0", + "sha256": "6dba5d19c4dfab08e58d5b36304b3f92f3bd5d42c1a3fa37b5ba5cdf6dfcbcee", "urls": [ - "https://files.pythonhosted.org/packages/97/52/fd8a77d6f0a9ddeb26ed8fb334e01ac546106bf0c5b8e40dc826c5bd160f/readme_renderer-37.3-py3-none-any.whl" + "https://files.pythonhosted.org/packages/bf/19/411a64f01ee971bed3231111b69eb56f9331a769072de479eae7de52296d/charset_normalizer-3.4.0-cp311-cp311-macosx_11_0_arm64.whl" ] } }, - "rules_python_publish_deps_311_cffi_sdist_d400bfb9": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_linux_aarch64", - "cp311_linux_arm", - "cp311_linux_ppc", - "cp311_linux_s390x", - "cp311_linux_x86_64" - ], - "filename": "cffi-1.15.1.tar.gz", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "cffi==1.15.1", - "sha256": "d400bfb9a37b1351253cb402671cea7e89bdecc294e8016a707f6d1d8ac934f9", - "urls": [ - "https://files.pythonhosted.org/packages/2b/a8/050ab4f0c3d4c1b8aaa805f70e26e84d0e27004907c5b8ecc1d31815f92a/cffi-1.15.1.tar.gz" - ] - } - }, - "rules_python_publish_deps_311_idna_py3_none_any_82fee1fc": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_osx_aarch64", - "cp311_osx_x86_64", - "cp311_windows_x86_64" - ], - "filename": "idna-3.7-py3-none-any.whl", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "idna==3.7", - "sha256": "82fee1fc78add43492d3a1898bfa6d8a904cc97d8427f683ed8e798d07761aa0", - "urls": [ - "https://files.pythonhosted.org/packages/e5/3e/741d8c82801c347547f8a2a06aa57dbb1992be9e948df2ea0eda2c8b79e8/idna-3.7-py3-none-any.whl" - ] - } - }, - "rules_python_publish_deps_311_certifi_py3_none_any_c198e21b": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_osx_aarch64", - "cp311_osx_x86_64", - "cp311_windows_x86_64" - ], - "filename": "certifi-2024.7.4-py3-none-any.whl", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "certifi==2024.7.4", - "sha256": "c198e21b1289c2ab85ee4e67bb4b4ef3ead0892059901a8d5b622f24a1101e90", - "urls": [ - "https://files.pythonhosted.org/packages/1c/d5/c84e1a17bf61d4df64ca866a1c9a913874b4e9bdc131ec689a0ad013fb36/certifi-2024.7.4-py3-none-any.whl" - ] - } - }, - "rules_python_publish_deps_311_requests_toolbelt_py2_none_any_18565aa5": { + "rules_python_publish_deps_311_urllib3_py3_none_any_ca899ca0": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -2274,81 +1176,17 @@ "cp311_osx_x86_64", "cp311_windows_x86_64" ], - "filename": "requests_toolbelt-0.10.1-py2.py3-none-any.whl", + "filename": "urllib3-2.2.3-py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "requests-toolbelt==0.10.1", - "sha256": "18565aa58116d9951ac39baa288d3adb5b3ff975c4f25eee78555d89e8f247f7", + "requirement": "urllib3==2.2.3", + "sha256": "ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac", "urls": [ - "https://files.pythonhosted.org/packages/05/d3/bf87a36bff1cb88fd30a509fd366c70ec30676517ee791b2f77e0e29817a/requests_toolbelt-0.10.1-py2.py3-none-any.whl" + "https://files.pythonhosted.org/packages/ce/d9/5f4c13cecde62396b0d3fe530a50ccea91e7dfc1ccf0e09c228841bb5ba8/urllib3-2.2.3-py3-none-any.whl" ] } }, - "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_macosx_10_9_universal2_802fe99c": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_osx_aarch64", - "cp311_osx_x86_64", - "cp311_windows_x86_64" - ], - "filename": "charset_normalizer-3.3.2-cp311-cp311-macosx_10_9_universal2.whl", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "charset-normalizer==3.3.2", - "sha256": "802fe99cca7457642125a8a88a084cef28ff0cf9407060f7b93dca5aa25480db", - "urls": [ - "https://files.pythonhosted.org/packages/68/77/02839016f6fbbf808e8b38601df6e0e66c17bbab76dff4613f7511413597/charset_normalizer-3.3.2-cp311-cp311-macosx_10_9_universal2.whl" - ] - } - }, - "rules_python_publish_deps_311_cffi_cp311_cp311_manylinux_2_17_x86_64_94411f22": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_linux_aarch64", - "cp311_linux_arm", - "cp311_linux_ppc", - "cp311_linux_s390x", - "cp311_linux_x86_64" - ], - "filename": "cffi-1.15.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "cffi==1.15.1", - "sha256": "94411f22c3985acaec6f83c6df553f2dbe17b698cc7f8ae751ff2237d96b9e3c", - "urls": [ - "https://files.pythonhosted.org/packages/37/5a/c37631a86be838bdd84cc0259130942bf7e6e32f70f4cab95f479847fb91/cffi-1.15.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl" - ] - } - }, - "rules_python_publish_deps_311_cryptography_cp39_abi3_musllinux_1_1_x86_64_6d0fbe73": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_linux_aarch64", - "cp311_linux_arm", - "cp311_linux_ppc", - "cp311_linux_s390x", - "cp311_linux_x86_64" - ], - "filename": "cryptography-42.0.4-cp39-abi3-musllinux_1_1_x86_64.whl", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "cryptography==42.0.4", - "sha256": "6d0fbe73728c44ca3a241eff9aefe6496ab2656d6e7a4ea2459865f2e8613257", - "urls": [ - "https://files.pythonhosted.org/packages/41/5d/33f17e40dbb7441ad51e8a6920e726f68443cdbfb388cb8eff53e4b6ffd4/cryptography-42.0.4-cp39-abi3-musllinux_1_1_x86_64.whl" - ] - } - }, - "rules_python_publish_deps_311_pygments_py3_none_any_fa7bd7bd": { + "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_manylinux_2_17_x86_64_3710a975": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -2363,17 +1201,17 @@ "cp311_osx_x86_64", "cp311_windows_x86_64" ], - "filename": "Pygments-2.14.0-py3-none-any.whl", + "filename": "charset_normalizer-3.4.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "pygments==2.14.0", - "sha256": "fa7bd7bd2771287c0de303af8bfdfc731f51bd2c6a47ab69d117138893b82717", + "requirement": "charset-normalizer==3.4.0", + "sha256": "3710a9751938947e6327ea9f3ea6332a09bf0ba0c09cae9cb1f250bd1f1549bc", "urls": [ - "https://files.pythonhosted.org/packages/0b/42/d9d95cc461f098f204cd20c85642ae40fbff81f74c300341b8d0e0df14e0/Pygments-2.14.0-py3-none-any.whl" + "https://files.pythonhosted.org/packages/eb/5b/6f10bad0f6461fa272bfbbdf5d0023b5fb9bc6217c92bf068fa5a99820f5/charset_normalizer-3.4.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl" ] } }, - "rules_python_publish_deps_311_cryptography_cp39_abi3_musllinux_1_1_aarch64_3c6048f2": { + "rules_python_publish_deps_311_cryptography_cp39_abi3_manylinux_2_17_x86_64_0f996e72": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -2385,17 +1223,17 @@ "cp311_linux_s390x", "cp311_linux_x86_64" ], - "filename": "cryptography-42.0.4-cp39-abi3-musllinux_1_1_aarch64.whl", + "filename": "cryptography-43.0.3-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "cryptography==42.0.4", - "sha256": "3c6048f217533d89f2f8f4f0fe3044bf0b2090453b7b73d0b77db47b80af8dff", + "requirement": "cryptography==43.0.3", + "sha256": "0f996e7268af62598f2fc1204afa98a3b5712313a55c4c9d434aef49cadc91d4", "urls": [ - "https://files.pythonhosted.org/packages/ea/a1/04733ecbe1e77a228c738f4ab321ca050e45284997f3e3a1539461cd4bca/cryptography-42.0.4-cp39-abi3-musllinux_1_1_aarch64.whl" + "https://files.pythonhosted.org/packages/2a/2c/488776a3dc843f95f86d2f957ca0fc3407d0242b50bede7fad1e339be03f/cryptography-43.0.3-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl" ] } }, - "rules_python_publish_deps_311_bleach_py3_none_any_33c16e33": { + "rules_python_publish_deps_311_urllib3_sdist_e7d814a8": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -2410,17 +1248,21 @@ "cp311_osx_x86_64", "cp311_windows_x86_64" ], - "filename": "bleach-6.0.0-py3-none-any.whl", + "extra_pip_args": [ + "--index-url", + "https://pypi.org/simple" + ], + "filename": "urllib3-2.2.3.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "bleach==6.0.0", - "sha256": "33c16e3353dbd13028ab4799a0f89a83f113405c766e9c122df8a06f5b85b3f4", + "requirement": "urllib3==2.2.3", + "sha256": "e7d814a81dad81e6caf2ec9fdedb284ecc9c73076b62654547cc64ccdcae26e9", "urls": [ - "https://files.pythonhosted.org/packages/ac/e2/dfcab68c9b2e7800c8f06b85c76e5f978d05b195a958daa9b1dda54a1db6/bleach-6.0.0-py3-none-any.whl" + "https://files.pythonhosted.org/packages/ed/63/22ba4ebfe7430b76388e7cd448d5478814d3032121827c12a2cc287e2260/urllib3-2.2.3.tar.gz" ] } }, - "rules_python_publish_deps_311_cryptography_cp39_abi3_manylinux_2_17_aarch64_a1327f28": { + "rules_python_publish_deps_311_cryptography_cp39_abi3_musllinux_1_2_aarch64_e1be4655": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -2432,17 +1274,17 @@ "cp311_linux_s390x", "cp311_linux_x86_64" ], - "filename": "cryptography-42.0.4-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", + "filename": "cryptography-43.0.3-cp39-abi3-musllinux_1_2_aarch64.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "cryptography==42.0.4", - "sha256": "a1327f280c824ff7885bdeef8578f74690e9079267c1c8bd7dc5cc5aa065ae52", + "requirement": "cryptography==43.0.3", + "sha256": "e1be4655c7ef6e1bbe6b5d0403526601323420bcf414598955968c9ef3eb7d16", "urls": [ - "https://files.pythonhosted.org/packages/44/61/644e21048102cd72a13325fd6443db741746fbf0157e7c5d5c7628afc336/cryptography-42.0.4-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl" + "https://files.pythonhosted.org/packages/21/ce/b9c9ff56c7164d8e2edfb6c9305045fbc0df4508ccfdb13ee66eb8c95b0e/cryptography-43.0.3-cp39-abi3-musllinux_1_2_aarch64.whl" ] } }, - "rules_python_publish_deps_311_keyring_py3_none_any_771ed2a9": { + "rules_python_publish_deps_311_nh3_cp37_abi3_manylinux_2_17_armv7l_0411beb0": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -2457,17 +1299,17 @@ "cp311_osx_x86_64", "cp311_windows_x86_64" ], - "filename": "keyring-23.13.1-py3-none-any.whl", + "filename": "nh3-0.2.18-cp37-abi3-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "keyring==23.13.1", - "sha256": "771ed2a91909389ed6148631de678f82ddc73737d85a927f382a8a1b157898cd", + "requirement": "nh3==0.2.18", + "sha256": "0411beb0589eacb6734f28d5497ca2ed379eafab8ad8c84b31bb5c34072b7164", "urls": [ - "https://files.pythonhosted.org/packages/62/db/0e9a09b2b95986dcd73ac78be6ed2bd73ebe8bac65cba7add5b83eb9d899/keyring-23.13.1-py3-none-any.whl" + "https://files.pythonhosted.org/packages/05/2b/85977d9e11713b5747595ee61f381bc820749daf83f07b90b6c9964cf932/nh3-0.2.18-cp37-abi3-manylinux_2_17_armv7l.manylinux2014_armv7l.whl" ] } }, - "rules_python_publish_deps_311_jaraco_classes_sdist_89559fa5": { + "rules_python_publish_deps_311_charset_normalizer_sdist_223217c3": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -2482,17 +1324,21 @@ "cp311_osx_x86_64", "cp311_windows_x86_64" ], - "filename": "jaraco.classes-3.2.3.tar.gz", + "extra_pip_args": [ + "--index-url", + "https://pypi.org/simple" + ], + "filename": "charset_normalizer-3.4.0.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "jaraco-classes==3.2.3", - "sha256": "89559fa5c1d3c34eff6f631ad80bb21f378dbcbb35dd161fd2c6b93f5be2f98a", + "requirement": "charset-normalizer==3.4.0", + "sha256": "223217c3d4f82c3ac5e29032b3f1c2eb0fb591b72161f86d93f5719079dae93e", "urls": [ - "https://files.pythonhosted.org/packages/bf/02/a956c9bfd2dfe60b30c065ed8e28df7fcf72b292b861dca97e951c145ef6/jaraco.classes-3.2.3.tar.gz" + "https://files.pythonhosted.org/packages/f2/4f/e1808dc01273379acc506d18f1504eb2d299bd4131743b9fc54d7be4df1e/charset_normalizer-3.4.0.tar.gz" ] } }, - "rules_python_publish_deps_311_rich_py3_none_any_7c963f0d": { + "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_musllinux_1_2_aarch64_47334db7": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -2507,17 +1353,17 @@ "cp311_osx_x86_64", "cp311_windows_x86_64" ], - "filename": "rich-13.2.0-py3-none-any.whl", + "filename": "charset_normalizer-3.4.0-cp311-cp311-musllinux_1_2_aarch64.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "rich==13.2.0", - "sha256": "7c963f0d03819221e9ac561e1bc866e3f95a02248c1234daa48954e6d381c003", + "requirement": "charset-normalizer==3.4.0", + "sha256": "47334db71978b23ebcf3c0f9f5ee98b8d65992b65c9c4f2d34c2eaf5bcaf0594", "urls": [ - "https://files.pythonhosted.org/packages/0e/cf/a6369a2aee266c2d7604230f083d4bd14b8f69bc69eb25b3da63b9f2f853/rich-13.2.0-py3-none-any.whl" + "https://files.pythonhosted.org/packages/d7/a1/493919799446464ed0299c8eef3c3fad0daf1c3cd48bff9263c731b0d9e2/charset_normalizer-3.4.0-cp311-cp311-musllinux_1_2_aarch64.whl" ] } }, - "rules_python_publish_deps_311_cryptography_cp39_abi3_manylinux_2_17_x86_64_6ffb03d4": { + "rules_python_publish_deps_311_cffi_cp311_cp311_manylinux_2_17_ppc64le_46bf4316": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -2529,17 +1375,42 @@ "cp311_linux_s390x", "cp311_linux_x86_64" ], - "filename": "cryptography-42.0.4-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", + "filename": "cffi-1.17.1-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "cryptography==42.0.4", - "sha256": "6ffb03d419edcab93b4b19c22ee80c007fb2d708429cecebf1dd3258956a563a", + "requirement": "cffi==1.17.1", + "sha256": "46bf43160c1a35f7ec506d254e5c890f3c03648a4dbac12d624e4490a7046cd1", "urls": [ - "https://files.pythonhosted.org/packages/32/c2/4ff3cf950504aa6ccd3db3712f515151536eea0cf6125442015b0532a46d/cryptography-42.0.4-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl" + "https://files.pythonhosted.org/packages/1c/a0/a4fa9f4f781bda074c3ddd57a572b060fa0df7655d2a4247bbe277200146/cffi-1.17.1-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl" ] } }, - "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_manylinux_2_17_s390x_8c7fe7af": { + "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_manylinux_2_17_aarch64_bf4475b8": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "filename": "charset_normalizer-3.4.0-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "charset-normalizer==3.4.0", + "sha256": "bf4475b82be41b07cc5e5ff94810e6a01f276e37c2d55571e3fe175e467a1a1c", + "urls": [ + "https://files.pythonhosted.org/packages/4c/92/97509850f0d00e9f14a46bc751daabd0ad7765cff29cdfb66c68b6dad57f/charset_normalizer-3.4.0-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl" + ] + } + }, + "rules_python_publish_deps_311_cryptography_sdist_315b9001": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -2551,13 +1422,42 @@ "cp311_linux_s390x", "cp311_linux_x86_64" ], - "filename": "charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", + "extra_pip_args": [ + "--index-url", + "https://pypi.org/simple" + ], + "filename": "cryptography-43.0.3.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "charset-normalizer==3.0.1", - "sha256": "8c7fe7afa480e3e82eed58e0ca89f751cd14d767638e2550c77a92a9e749c317", + "requirement": "cryptography==43.0.3", + "sha256": "315b9001266a492a6ff443b61238f956b214dbec9910a081ba5b6646a055a805", "urls": [ - "https://files.pythonhosted.org/packages/df/c5/dd3a17a615775d0ffc3e12b0e47833d8b7e0a4871431dad87a3f92382a19/charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl" + "https://files.pythonhosted.org/packages/0d/05/07b55d1fa21ac18c3a8c79f764e2514e6f6a9698f1be44994f5adf0d29db/cryptography-43.0.3.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_nh3_cp37_abi3_manylinux_2_17_ppc64_5f36b271": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "filename": "nh3-0.2.18-cp37-abi3-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "nh3==0.2.18", + "sha256": "5f36b271dae35c465ef5e9090e1fdaba4a60a56f0bb0ba03e0932a66f28b9189", + "urls": [ + "https://files.pythonhosted.org/packages/72/f2/5c894d5265ab80a97c68ca36f25c8f6f0308abac649aaf152b74e7e854a8/nh3-0.2.18-cp37-abi3-manylinux_2_17_ppc64.manylinux2014_ppc64.whl" ] } }, @@ -2573,6 +1473,10 @@ "cp311_linux_s390x", "cp311_linux_x86_64" ], + "extra_pip_args": [ + "--index-url", + "https://pypi.org/simple" + ], "filename": "SecretStorage-3.3.3.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", @@ -2583,51 +1487,7 @@ ] } }, - "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_musllinux_1_1_ppc64le_5995f016": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_linux_aarch64", - "cp311_linux_arm", - "cp311_linux_ppc", - "cp311_linux_s390x", - "cp311_linux_x86_64" - ], - "filename": "charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_ppc64le.whl", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "charset-normalizer==3.0.1", - "sha256": "5995f0164fa7df59db4746112fec3f49c461dd6b31b841873443bdb077c13cfc", - "urls": [ - "https://files.pythonhosted.org/packages/86/eb/31c9025b4ed7eddd930c5f2ac269efb953de33140608c7539675d74a2081/charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_ppc64le.whl" - ] - } - }, - "rules_python_publish_deps_311_cryptography_cp39_abi3_musllinux_1_2_aarch64_887623fe": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_linux_aarch64", - "cp311_linux_arm", - "cp311_linux_ppc", - "cp311_linux_s390x", - "cp311_linux_x86_64" - ], - "filename": "cryptography-42.0.4-cp39-abi3-musllinux_1_2_aarch64.whl", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "cryptography==42.0.4", - "sha256": "887623fe0d70f48ab3f5e4dbf234986b1329a64c066d719432d0698522749929", - "urls": [ - "https://files.pythonhosted.org/packages/da/56/1b2c8aa8e62bfb568022b68d77ebd2bd9afddea37898350fbfe008dcefa7/cryptography-42.0.4-cp39-abi3-musllinux_1_2_aarch64.whl" - ] - } - }, - "rules_python_publish_deps_311_more_itertools_sdist_5a6257e4": { + "rules_python_publish_deps_311_jaraco_functools_sdist_70f7e0e2": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -2642,17 +1502,65 @@ "cp311_osx_x86_64", "cp311_windows_x86_64" ], - "filename": "more-itertools-9.0.0.tar.gz", + "extra_pip_args": [ + "--index-url", + "https://pypi.org/simple" + ], + "filename": "jaraco_functools-4.1.0.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "more-itertools==9.0.0", - "sha256": "5a6257e40878ef0520b1803990e3e22303a41b5714006c32a3fd8304b26ea1ab", + "requirement": "jaraco-functools==4.1.0", + "sha256": "70f7e0e2ae076498e212562325e805204fc092d7b4c17e0e86c959e249701a9d", "urls": [ - "https://files.pythonhosted.org/packages/13/b3/397aa9668da8b1f0c307bc474608653d46122ae0563d1d32f60e24fa0cbd/more-itertools-9.0.0.tar.gz" + "https://files.pythonhosted.org/packages/ab/23/9894b3df5d0a6eb44611c36aec777823fc2e07740dabbd0b810e19594013/jaraco_functools-4.1.0.tar.gz" ] } }, - "rules_python_publish_deps_311_importlib_metadata_py3_none_any_7efb448e": { + "rules_python_publish_deps_311_pycparser_py3_none_any_c3702b6d": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" + ], + "filename": "pycparser-2.22-py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "pycparser==2.22", + "sha256": "c3702b6d3dd8c7abc1afa565d7e63d53a1d0bd86cdc24edd75470f4de499cfcc", + "urls": [ + "https://files.pythonhosted.org/packages/13/a3/a812df4e2dd5696d1f351d58b8fe16a405b234ad2886a0dab9183fb78109/pycparser-2.22-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_cffi_cp311_cp311_musllinux_1_1_aarch64_a9b15d49": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" + ], + "filename": "cffi-1.17.1-cp311-cp311-musllinux_1_1_aarch64.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "cffi==1.17.1", + "sha256": "a9b15d491f3ad5d692e11f6b71f7857e7835eb677955c00cc0aefcd0669adaf6", + "urls": [ + "https://files.pythonhosted.org/packages/1a/52/d9a0e523a572fbccf2955f5abe883cfa8bcc570d7faeee06336fbd50c9fc/cffi-1.17.1-cp311-cp311-musllinux_1_1_aarch64.whl" + ] + } + }, + "rules_python_publish_deps_311_idna_sdist_12f65c9b": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -2667,17 +1575,21 @@ "cp311_osx_x86_64", "cp311_windows_x86_64" ], - "filename": "importlib_metadata-6.0.0-py3-none-any.whl", + "extra_pip_args": [ + "--index-url", + "https://pypi.org/simple" + ], + "filename": "idna-3.10.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "importlib-metadata==6.0.0", - "sha256": "7efb448ec9a5e313a57655d35aa54cd3e01b7e1fbcf72dce1bf06119420f5bad", + "requirement": "idna==3.10", + "sha256": "12f65c9b470abda6dc35cf8e63cc574b1c52b11df2c86030af0ac09b01b13ea9", "urls": [ - "https://files.pythonhosted.org/packages/26/a7/9da7d5b23fc98ab3d424ac2c65613d63c1f401efb84ad50f2fa27b2caab4/importlib_metadata-6.0.0-py3-none-any.whl" + "https://files.pythonhosted.org/packages/f1/70/7703c29685631f5a7590aa73f1f1d3fa9a380e654b86af429e0934a32f7d/idna-3.10.tar.gz" ] } }, - "rules_python_publish_deps_311_importlib_metadata_sdist_e354bede": { + "rules_python_publish_deps_311_nh3_cp37_abi3_manylinux_2_17_s390x_19aaba96": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -2692,17 +1604,39 @@ "cp311_osx_x86_64", "cp311_windows_x86_64" ], - "filename": "importlib_metadata-6.0.0.tar.gz", + "filename": "nh3-0.2.18-cp37-abi3-manylinux_2_17_s390x.manylinux2014_s390x.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "importlib-metadata==6.0.0", - "sha256": "e354bedeb60efa6affdcc8ae121b73544a7aa74156d047311948f6d711cd378d", + "requirement": "nh3==0.2.18", + "sha256": "19aaba96e0f795bd0a6c56291495ff59364f4300d4a39b29a0abc9cb3774a84b", "urls": [ - "https://files.pythonhosted.org/packages/90/07/6397ad02d31bddf1841c9ad3ec30a693a3ff208e09c2ef45c9a8a5f85156/importlib_metadata-6.0.0.tar.gz" + "https://files.pythonhosted.org/packages/c2/a8/3bb02d0c60a03ad3a112b76c46971e9480efa98a8946677b5a59f60130ca/nh3-0.2.18-cp37-abi3-manylinux_2_17_s390x.manylinux2014_s390x.whl" ] } }, - "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_musllinux_1_1_x86_64_761e8904": { + "rules_python_publish_deps_311_pywin32_ctypes_sdist_d162dc04": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_windows_x86_64" + ], + "extra_pip_args": [ + "--index-url", + "https://pypi.org/simple" + ], + "filename": "pywin32-ctypes-0.2.3.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "pywin32-ctypes==0.2.3", + "sha256": "d162dc04946d704503b2edc4d55f3dba5c1d539ead017afa00142c38b9885755", + "urls": [ + "https://files.pythonhosted.org/packages/85/9f/01a1a99704853cb63f253eea009390c88e7131c67e66a0a02099a8c917cb/pywin32-ctypes-0.2.3.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_readme_renderer_py3_none_any_2fbca89b": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -2712,19 +1646,22 @@ "cp311_linux_arm", "cp311_linux_ppc", "cp311_linux_s390x", - "cp311_linux_x86_64" + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], - "filename": "charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_x86_64.whl", + "filename": "readme_renderer-44.0-py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "charset-normalizer==3.0.1", - "sha256": "761e8904c07ad053d285670f36dd94e1b6ab7f16ce62b9805c475b7aa1cffde6", + "requirement": "readme-renderer==44.0", + "sha256": "2fbca89b81a08526aadf1357a8c2ae889ec05fb03f5da67f9769c9a592166151", "urls": [ - "https://files.pythonhosted.org/packages/82/49/ab81421d5aa25bc8535896a017c93204cb4051f2a4e72b1ad8f3b594e072/charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_x86_64.whl" + "https://files.pythonhosted.org/packages/e1/67/921ec3024056483db83953ae8e48079ad62b92db7880013ca77632921dd0/readme_renderer-44.0-py3-none-any.whl" ] } }, - "rules_python_publish_deps_311_certifi_py3_none_any_4ad3232f": { + "rules_python_publish_deps_311_pygments_sdist_786ff802": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -2734,15 +1671,126 @@ "cp311_linux_arm", "cp311_linux_ppc", "cp311_linux_s390x", - "cp311_linux_x86_64" + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], - "filename": "certifi-2022.12.7-py3-none-any.whl", + "extra_pip_args": [ + "--index-url", + "https://pypi.org/simple" + ], + "filename": "pygments-2.18.0.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "certifi==2022.12.7", - "sha256": "4ad3232f5e926d6718ec31cfc1fcadfde020920e278684144551c91769c7bc18", + "requirement": "pygments==2.18.0", + "sha256": "786ff802f32e91311bff3889f6e9a86e81505fe99f2735bb6d60ae0c5004f199", "urls": [ - "https://files.pythonhosted.org/packages/71/4c/3db2b8021bd6f2f0ceb0e088d6b2d49147671f25832fb17970e9b583d742/certifi-2022.12.7-py3-none-any.whl" + "https://files.pythonhosted.org/packages/8e/62/8336eff65bcbc8e4cb5d05b55faf041285951b6e80f33e2bff2024788f31/pygments-2.18.0.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_musllinux_1_2_ppc64le_f1a2f519": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "filename": "charset_normalizer-3.4.0-cp311-cp311-musllinux_1_2_ppc64le.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "charset-normalizer==3.4.0", + "sha256": "f1a2f519ae173b5b6a2c9d5fa3116ce16e48b3462c8b96dfdded11055e3d6365", + "urls": [ + "https://files.pythonhosted.org/packages/75/d2/0ab54463d3410709c09266dfb416d032a08f97fd7d60e94b8c6ef54ae14b/charset_normalizer-3.4.0-cp311-cp311-musllinux_1_2_ppc64le.whl" + ] + } + }, + "rules_python_publish_deps_311_nh3_cp37_abi3_macosx_10_12_x86_64_14c5a72e": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "filename": "nh3-0.2.18-cp37-abi3-macosx_10_12_x86_64.macosx_11_0_arm64.macosx_10_12_universal2.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "nh3==0.2.18", + "sha256": "14c5a72e9fe82aea5fe3072116ad4661af5cf8e8ff8fc5ad3450f123e4925e86", + "urls": [ + "https://files.pythonhosted.org/packages/b3/89/1daff5d9ba5a95a157c092c7c5f39b8dd2b1ddb4559966f808d31cfb67e0/nh3-0.2.18-cp37-abi3-macosx_10_12_x86_64.macosx_11_0_arm64.macosx_10_12_universal2.whl" + ] + } + }, + "rules_python_publish_deps_311_zipp_py3_none_any_a817ac80": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "filename": "zipp-3.20.2-py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "zipp==3.20.2", + "sha256": "a817ac80d6cf4b23bf7f2828b7cabf326f15a001bea8b1f9b49631780ba28350", + "urls": [ + "https://files.pythonhosted.org/packages/62/8b/5ba542fa83c90e09eac972fc9baca7a88e7e7ca4b221a89251954019308b/zipp-3.20.2-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_backports_tarfile_sdist_d75e02c2": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "extra_pip_args": [ + "--index-url", + "https://pypi.org/simple" + ], + "filename": "backports_tarfile-1.2.0.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "backports-tarfile==1.2.0", + "sha256": "d75e02c268746e1b8144c278978b6e98e85de6ad16f8e4b0844a154557eca991", + "urls": [ + "https://files.pythonhosted.org/packages/86/72/cd9b395f25e290e633655a100af28cb253e4393396264a98bd5f5951d50f/backports_tarfile-1.2.0.tar.gz" ] } }, @@ -2790,115 +1838,7 @@ ] } }, - "rules_python_publish_deps_311_idna_py3_none_any_90b77e79": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_linux_aarch64", - "cp311_linux_arm", - "cp311_linux_ppc", - "cp311_linux_s390x", - "cp311_linux_x86_64" - ], - "filename": "idna-3.4-py3-none-any.whl", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "idna==3.4", - "sha256": "90b77e79eaa3eba6de819a0c442c0b4ceefc341a7a2ab77d7562bf49f425c5c2", - "urls": [ - "https://files.pythonhosted.org/packages/fc/34/3030de6f1370931b9dbb4dad48f6ab1015ab1d32447850b9fc94e60097be/idna-3.4-py3-none-any.whl" - ] - } - }, - "rules_python_publish_deps_311_cryptography_cp39_abi3_manylinux_2_28_x86_64_44a64043": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_linux_aarch64", - "cp311_linux_arm", - "cp311_linux_ppc", - "cp311_linux_s390x", - "cp311_linux_x86_64" - ], - "filename": "cryptography-42.0.4-cp39-abi3-manylinux_2_28_x86_64.whl", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "cryptography==42.0.4", - "sha256": "44a64043f743485925d3bcac548d05df0f9bb445c5fcca6681889c7c3ab12764", - "urls": [ - "https://files.pythonhosted.org/packages/7e/45/81f378eb85aab14b229c1032ba3694eff85a3d75b35092c3e71abd2d34f6/cryptography-42.0.4-cp39-abi3-manylinux_2_28_x86_64.whl" - ] - } - }, - "rules_python_publish_deps_311_urllib3_py2_none_any_75edcdc2": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_linux_aarch64", - "cp311_linux_arm", - "cp311_linux_ppc", - "cp311_linux_s390x", - "cp311_linux_x86_64" - ], - "filename": "urllib3-1.26.14-py2.py3-none-any.whl", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "urllib3==1.26.14", - "sha256": "75edcdc2f7d85b137124a6c3c9fc3933cdeaa12ecb9a6a959f22797a0feca7e1", - "urls": [ - "https://files.pythonhosted.org/packages/fe/ca/466766e20b767ddb9b951202542310cba37ea5f2d792dae7589f1741af58/urllib3-1.26.14-py2.py3-none-any.whl" - ] - } - }, - "rules_python_publish_deps_311_urllib3_sdist_3e3d753a": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_osx_aarch64", - "cp311_osx_x86_64", - "cp311_windows_x86_64" - ], - "filename": "urllib3-1.26.19.tar.gz", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "urllib3==1.26.19", - "sha256": "3e3d753a8618b86d7de333b4223005f68720bcd6a7d2bcb9fbd2229ec7c1e429", - "urls": [ - "https://files.pythonhosted.org/packages/c8/93/65e479b023bbc46dab3e092bda6b0005424ea3217d711964ccdede3f9b1b/urllib3-1.26.19.tar.gz" - ] - } - }, - "rules_python_publish_deps_311_charset_normalizer_py3_none_any_7e189e2e": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_linux_aarch64", - "cp311_linux_arm", - "cp311_linux_ppc", - "cp311_linux_s390x", - "cp311_linux_x86_64" - ], - "filename": "charset_normalizer-3.0.1-py3-none-any.whl", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "charset-normalizer==3.0.1", - "sha256": "7e189e2e1d3ed2f4aebabd2d5b0f931e883676e51c7624826e0a4e5fe8a0bf24", - "urls": [ - "https://files.pythonhosted.org/packages/68/2b/02e9d6a98ddb73fa238d559a9edcc30b247b8dc4ee848b6184c936e99dc0/charset_normalizer-3.0.1-py3-none-any.whl" - ] - } - }, - "rules_python_publish_deps_311_twine_sdist_9e102ef5": { + "rules_python_publish_deps_311_jaraco_classes_sdist_47a024b5": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -2913,35 +1853,21 @@ "cp311_osx_x86_64", "cp311_windows_x86_64" ], - "filename": "twine-4.0.2.tar.gz", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "twine==4.0.2", - "sha256": "9e102ef5fdd5a20661eb88fad46338806c3bd32cf1db729603fe3697b1bc83c8", - "urls": [ - "https://files.pythonhosted.org/packages/b7/1a/a7884359429d801cd63c2c5512ad0a337a509994b0e42d9696d4778d71f6/twine-4.0.2.tar.gz" - ] - } - }, - "rules_python_publish_deps_311_pywin32_ctypes_py2_none_any_9dc2d991": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_windows_x86_64" + "extra_pip_args": [ + "--index-url", + "https://pypi.org/simple" ], - "filename": "pywin32_ctypes-0.2.0-py2.py3-none-any.whl", + "filename": "jaraco.classes-3.4.0.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "pywin32-ctypes==0.2.0", - "sha256": "9dc2d991b3479cc2df15930958b674a48a227d5361d413827a4cfd0b5876fc98", + "requirement": "jaraco-classes==3.4.0", + "sha256": "47a024b51d0239c0dd8c8540c6c7f484be3b8fcf0b2d85c13825780d3b3f3acd", "urls": [ - "https://files.pythonhosted.org/packages/9e/4b/3ab2720f1fa4b4bc924ef1932b842edf10007e4547ea8157b0b9fc78599a/pywin32_ctypes-0.2.0-py2.py3-none-any.whl" + "https://files.pythonhosted.org/packages/06/c0/ed4a27bc5571b99e3cff68f8a9fa5b56ff7df1c2251cc715a652ddd26402/jaraco.classes-3.4.0.tar.gz" ] } }, - "rules_python_publish_deps_311_pkginfo_py3_none_any_4b7a555a": { + "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_win_amd64_cee4373f": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -2956,17 +1882,17 @@ "cp311_osx_x86_64", "cp311_windows_x86_64" ], - "filename": "pkginfo-1.9.6-py3-none-any.whl", + "filename": "charset_normalizer-3.4.0-cp311-cp311-win_amd64.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "pkginfo==1.9.6", - "sha256": "4b7a555a6d5a22169fcc9cf7bfd78d296b0361adad412a346c1226849af5e546", + "requirement": "charset-normalizer==3.4.0", + "sha256": "cee4373f4d3ad28f1ab6290684d8e2ebdb9e7a1b74fdc39e4c211995f77bec27", "urls": [ - "https://files.pythonhosted.org/packages/b3/f2/6e95c86a23a30fa205ea6303a524b20cbae27fbee69216377e3d95266406/pkginfo-1.9.6-py3-none-any.whl" + "https://files.pythonhosted.org/packages/0b/6e/b13bd47fa9023b3699e94abf565b5a2f0b0be6e9ddac9812182596ee62e4/charset_normalizer-3.4.0-cp311-cp311-win_amd64.whl" ] } }, - "rules_python_publish_deps_311_cffi_cp311_cp311_musllinux_1_1_x86_64_cc4d65ae": { + "rules_python_publish_deps_311_cryptography_cp39_abi3_musllinux_1_2_x86_64_df6b6c6d": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -2978,17 +1904,17 @@ "cp311_linux_s390x", "cp311_linux_x86_64" ], - "filename": "cffi-1.15.1-cp311-cp311-musllinux_1_1_x86_64.whl", + "filename": "cryptography-43.0.3-cp39-abi3-musllinux_1_2_x86_64.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "cffi==1.15.1", - "sha256": "cc4d65aeeaa04136a12677d3dd0b1c0c94dc43abac5860ab33cceb42b801c1e8", + "requirement": "cryptography==43.0.3", + "sha256": "df6b6c6d742395dd77a23ea3728ab62f98379eff8fb61be2744d4679ab678f73", "urls": [ - "https://files.pythonhosted.org/packages/d3/56/3e94aa719ae96eeda8b68b3ec6e347e0a23168c6841dc276ccdcdadc9f32/cffi-1.15.1-cp311-cp311-musllinux_1_1_x86_64.whl" + "https://files.pythonhosted.org/packages/2a/33/b3682992ab2e9476b9c81fff22f02c8b0a1e6e1d49ee1750a67d85fd7ed2/cryptography-43.0.3-cp39-abi3-musllinux_1_2_x86_64.whl" ] } }, - "rules_python_publish_deps_311_cryptography_sdist_831a4b37": { + "rules_python_publish_deps_311_nh3_cp37_abi3_macosx_10_12_x86_64_7b7c2a3c": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -2998,55 +1924,338 @@ "cp311_linux_arm", "cp311_linux_ppc", "cp311_linux_s390x", - "cp311_linux_x86_64" + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" ], - "filename": "cryptography-42.0.4.tar.gz", + "filename": "nh3-0.2.18-cp37-abi3-macosx_10_12_x86_64.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "cryptography==42.0.4", - "sha256": "831a4b37accef30cccd34fcb916a5d7b5be3cbbe27268a02832c3e450aea39cb", + "requirement": "nh3==0.2.18", + "sha256": "7b7c2a3c9eb1a827d42539aa64091640bd275b81e097cd1d8d82ef91ffa2e811", "urls": [ - "https://files.pythonhosted.org/packages/81/d8/214d25515bf6034dce99aba22eeb47443b14c82160114e3d3f33067c6d3b/cryptography-42.0.4.tar.gz" + "https://files.pythonhosted.org/packages/2c/b6/42fc3c69cabf86b6b81e4c051a9b6e249c5ba9f8155590222c2622961f58/nh3-0.2.18-cp37-abi3-macosx_10_12_x86_64.whl" ] } }, - "rules_python_publish_deps_311_charset_normalizer_sdist_f30c3cb3": { + "rules_python_publish_deps_311_requests_toolbelt_sdist_7681a0a3": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", "cp311_osx_aarch64", "cp311_osx_x86_64", "cp311_windows_x86_64" ], - "filename": "charset-normalizer-3.3.2.tar.gz", + "extra_pip_args": [ + "--index-url", + "https://pypi.org/simple" + ], + "filename": "requests-toolbelt-1.0.0.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "charset-normalizer==3.3.2", - "sha256": "f30c3cb33b24454a82faecaf01b19c18562b1e89558fb6c56de4d9118a032fd5", + "requirement": "requests-toolbelt==1.0.0", + "sha256": "7681a0a3d047012b5bdc0ee37d7f8f07ebe76ab08caeccfc3921ce23c88d5bc6", "urls": [ - "https://files.pythonhosted.org/packages/63/09/c1bc53dab74b1816a00d8d030de5bf98f724c52c1635e07681d312f20be8/charset-normalizer-3.3.2.tar.gz" + "https://files.pythonhosted.org/packages/f3/61/d7545dafb7ac2230c70d38d31cbfe4cc64f7144dc41f6e4e4b78ecd9f5bb/requests-toolbelt-1.0.0.tar.gz" ] } }, - "rules_python_publish_deps_311_zipp_sdist_bf1dcf64": { + "rules_python_publish_deps_311_rich_py3_none_any_9836f509": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", "cp311_osx_aarch64", "cp311_osx_x86_64", "cp311_windows_x86_64" ], - "filename": "zipp-3.19.2.tar.gz", + "filename": "rich-13.9.3-py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "zipp==3.19.2", - "sha256": "bf1dcf6450f873a13e952a29504887c89e6de7506209e5b1bcc3460135d4de19", + "requirement": "rich==13.9.3", + "sha256": "9836f5096eb2172c9e77df411c1b009bace4193d6a481d534fea75ebba758283", "urls": [ - "https://files.pythonhosted.org/packages/d3/20/b48f58857d98dcb78f9e30ed2cfe533025e2e9827bbd36ea0a64cc00cbc1/zipp-3.19.2.tar.gz" + "https://files.pythonhosted.org/packages/9a/e2/10e9819cf4a20bd8ea2f5dabafc2e6bf4a78d6a0965daeb60a4b34d1c11f/rich-13.9.3-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_importlib_metadata_py3_none_any_45e54197": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "filename": "importlib_metadata-8.5.0-py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "importlib-metadata==8.5.0", + "sha256": "45e54197d28b7a7f1559e60b95e7c567032b602131fbd588f1497f47880aa68b", + "urls": [ + "https://files.pythonhosted.org/packages/a0/d9/a1e041c5e7caa9a05c925f4bdbdfb7f006d1f74996af53467bc394c97be7/importlib_metadata-8.5.0-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_twine_py3_none_any_215dbe7b": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "filename": "twine-5.1.1-py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "twine==5.1.1", + "sha256": "215dbe7b4b94c2c50a7315c0275d2258399280fbb7d04182c7e55e24b5f93997", + "urls": [ + "https://files.pythonhosted.org/packages/5d/ec/00f9d5fd040ae29867355e559a94e9a8429225a0284a3f5f091a3878bfc0/twine-5.1.1-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_docutils_sdist_3a6b1873": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "extra_pip_args": [ + "--index-url", + "https://pypi.org/simple" + ], + "filename": "docutils-0.21.2.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "docutils==0.21.2", + "sha256": "3a6b18732edf182daa3cd12775bbb338cf5691468f91eeeb109deff6ebfa986f", + "urls": [ + "https://files.pythonhosted.org/packages/ae/ed/aefcc8cd0ba62a0560c3c18c33925362d46c6075480bfa4df87b28e169a9/docutils-0.21.2.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_keyring_sdist_b07ebc55": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "extra_pip_args": [ + "--index-url", + "https://pypi.org/simple" + ], + "filename": "keyring-25.4.1.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "keyring==25.4.1", + "sha256": "b07ebc55f3e8ed86ac81dd31ef14e81ace9dd9c3d4b5d77a6e9a2016d0d71a1b", + "urls": [ + "https://files.pythonhosted.org/packages/a5/1c/2bdbcfd5d59dc6274ffb175bc29aa07ecbfab196830e0cfbde7bd861a2ea/keyring-25.4.1.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_markdown_it_py_py3_none_any_35521684": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "filename": "markdown_it_py-3.0.0-py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "markdown-it-py==3.0.0", + "sha256": "355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1", + "urls": [ + "https://files.pythonhosted.org/packages/42/d7/1ec15b46af6af88f19b8e5ffea08fa375d433c998b8a7639e76935c14f1f/markdown_it_py-3.0.0-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_certifi_py3_none_any_922820b5": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "filename": "certifi-2024.8.30-py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "certifi==2024.8.30", + "sha256": "922820b53db7a7257ffbda3f597266d435245903d80737e34f8a45ff3e3230d8", + "urls": [ + "https://files.pythonhosted.org/packages/12/90/3c9ff0512038035f59d279fddeb79f5f1eccd8859f06d6163c58798b9487/certifi-2024.8.30-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_more_itertools_sdist_5482bfef": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "extra_pip_args": [ + "--index-url", + "https://pypi.org/simple" + ], + "filename": "more-itertools-10.5.0.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "more-itertools==10.5.0", + "sha256": "5482bfef7849c25dc3c6dd53a6173ae4795da2a41a80faea6700d9f5846c5da6", + "urls": [ + "https://files.pythonhosted.org/packages/51/78/65922308c4248e0eb08ebcbe67c95d48615cc6f27854b6f2e57143e9178f/more-itertools-10.5.0.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_nh3_cp37_abi3_win_amd64_8ce0f819": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "filename": "nh3-0.2.18-cp37-abi3-win_amd64.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "nh3==0.2.18", + "sha256": "8ce0f819d2f1933953fca255db2471ad58184a60508f03e6285e5114b6254844", + "urls": [ + "https://files.pythonhosted.org/packages/26/8d/53c5b19c4999bdc6ba95f246f4ef35ca83d7d7423e5e38be43ad66544e5d/nh3-0.2.18-cp37-abi3-win_amd64.whl" + ] + } + }, + "rules_python_publish_deps_311_certifi_sdist_bec941d2": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "extra_pip_args": [ + "--index-url", + "https://pypi.org/simple" + ], + "filename": "certifi-2024.8.30.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "certifi==2024.8.30", + "sha256": "bec941d2aa8195e248a60b31ff9f0558284cf01a52591ceda73ea9afffd69fd9", + "urls": [ + "https://files.pythonhosted.org/packages/b0/ee/9b19140fe824b367c04c5e1b369942dd754c4c5462d5674002f75c4dedc1/certifi-2024.8.30.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_charset_normalizer_py3_none_any_fe9f97fe": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "filename": "charset_normalizer-3.4.0-py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "charset-normalizer==3.4.0", + "sha256": "fe9f97feb71aa9896b81973a7bbada8c49501dc73e58a10fcef6663af95e5079", + "urls": [ + "https://files.pythonhosted.org/packages/bf/9b/08c0432272d77b04803958a4598a51e2a4b51c06640af8b8f0f908c18bf2/charset_normalizer-3.4.0-py3-none-any.whl" ] } }, @@ -3075,29 +2284,7 @@ ] } }, - "rules_python_publish_deps_311_cryptography_cp39_abi3_musllinux_1_2_x86_64_ce8613be": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_linux_aarch64", - "cp311_linux_arm", - "cp311_linux_ppc", - "cp311_linux_s390x", - "cp311_linux_x86_64" - ], - "filename": "cryptography-42.0.4-cp39-abi3-musllinux_1_2_x86_64.whl", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "cryptography==42.0.4", - "sha256": "ce8613beaffc7c14f091497346ef117c1798c202b01153a8cc7b8e2ebaaf41c0", - "urls": [ - "https://files.pythonhosted.org/packages/a2/8e/dac70232d4231c53448e29aa4b768cf82d891fcfd6e0caa7ace242da8c9b/cryptography-42.0.4-cp39-abi3-musllinux_1_2_x86_64.whl" - ] - } - }, - "rules_python_publish_deps_311_more_itertools_py3_none_any_250e83d7": { + "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_musllinux_1_2_x86_64_bcb4f8ea": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -3112,13 +2299,35 @@ "cp311_osx_x86_64", "cp311_windows_x86_64" ], - "filename": "more_itertools-9.0.0-py3-none-any.whl", + "filename": "charset_normalizer-3.4.0-cp311-cp311-musllinux_1_2_x86_64.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "more-itertools==9.0.0", - "sha256": "250e83d7e81d0c87ca6bd942e6aeab8cc9daa6096d12c5308f3f92fa5e5c1f41", + "requirement": "charset-normalizer==3.4.0", + "sha256": "bcb4f8ea87d03bc51ad04add8ceaf9b0f085ac045ab4d74e73bbc2dc033f0236", "urls": [ - "https://files.pythonhosted.org/packages/5d/87/1ec3fcc09d2c04b977eabf8a1083222f82eaa2f46d5a4f85f403bf8e7b30/more_itertools-9.0.0-py3-none-any.whl" + "https://files.pythonhosted.org/packages/ee/44/4f62042ca8cdc0cabf87c0fc00ae27cd8b53ab68be3605ba6d071f742ad3/charset_normalizer-3.4.0-cp311-cp311-musllinux_1_2_x86_64.whl" + ] + } + }, + "rules_python_publish_deps_311_cffi_cp311_cp311_manylinux_2_17_s390x_a24ed04c": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" + ], + "filename": "cffi-1.17.1-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "cffi==1.17.1", + "sha256": "a24ed04c8ffd54b0729c07cee15a81d964e6fee0e3d4d342a27b020d22959dc6", + "urls": [ + "https://files.pythonhosted.org/packages/62/12/ce8710b5b8affbcdd5c6e367217c242524ad17a02fe5beec3ee339f69f85/cffi-1.17.1-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl" ] } }, @@ -3137,6 +2346,10 @@ "cp311_osx_x86_64", "cp311_windows_x86_64" ], + "extra_pip_args": [ + "--index-url", + "https://pypi.org/simple" + ], "filename": "mdurl-0.1.2.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", @@ -3147,7 +2360,7 @@ ] } }, - "rules_python_publish_deps_311_keyring_sdist_ba2e15a9": { + "rules_python_publish_deps_311_keyring_py3_none_any_5426f817": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -3162,13 +2375,38 @@ "cp311_osx_x86_64", "cp311_windows_x86_64" ], - "filename": "keyring-23.13.1.tar.gz", + "filename": "keyring-25.4.1-py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "keyring==23.13.1", - "sha256": "ba2e15a9b35e21908d0aaf4e0a47acc52d6ae33444df0da2b49d41a46ef6d678", + "requirement": "keyring==25.4.1", + "sha256": "5426f817cf7f6f007ba5ec722b1bcad95a75b27d780343772ad76b17cb47b0bf", "urls": [ - "https://files.pythonhosted.org/packages/55/fe/282f4c205add8e8bb3a1635cbbac59d6def2e0891b145aa553a0e40dd2d0/keyring-23.13.1.tar.gz" + "https://files.pythonhosted.org/packages/83/25/e6d59e5f0a0508d0dca8bb98c7f7fd3772fc943ac3f53d5ab18a218d32c0/keyring-25.4.1-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_nh3_cp37_abi3_manylinux_2_17_aarch64_42c64511": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "filename": "nh3-0.2.18-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "nh3==0.2.18", + "sha256": "42c64511469005058cd17cc1537578eac40ae9f7200bedcfd1fc1a05f4f8c200", + "urls": [ + "https://files.pythonhosted.org/packages/45/b9/833f385403abaf0023c6547389ec7a7acf141ddd9d1f21573723a6eab39a/nh3-0.2.18-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl" ] } }, @@ -3187,6 +2425,10 @@ "cp311_osx_x86_64", "cp311_windows_x86_64" ], + "extra_pip_args": [ + "--index-url", + "https://pypi.org/simple" + ], "filename": "rfc3986-2.0.0.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", @@ -3197,27 +2439,7 @@ ] } }, - "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_macosx_11_0_arm64_549a3a73": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_osx_aarch64", - "cp311_osx_x86_64", - "cp311_windows_x86_64" - ], - "filename": "charset_normalizer-3.3.2-cp311-cp311-macosx_11_0_arm64.whl", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "charset-normalizer==3.3.2", - "sha256": "549a3a73da901d5bc3ce8d24e0600d1fa85524c10287f6004fbab87672bf3e1e", - "urls": [ - "https://files.pythonhosted.org/packages/dd/51/68b61b90b24ca35495956b718f35a9756ef7d3dd4b3c1508056fa98d1a1b/charset_normalizer-3.3.2-cp311-cp311-macosx_11_0_arm64.whl" - ] - } - }, - "rules_python_publish_deps_311_six_py2_none_any_8abb2f1d": { + "rules_python_publish_deps_311_twine_sdist_9aa08251": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -3232,37 +2454,262 @@ "cp311_osx_x86_64", "cp311_windows_x86_64" ], - "filename": "six-1.16.0-py2.py3-none-any.whl", + "extra_pip_args": [ + "--index-url", + "https://pypi.org/simple" + ], + "filename": "twine-5.1.1.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "six==1.16.0", - "sha256": "8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254", + "requirement": "twine==5.1.1", + "sha256": "9aa0825139c02b3434d913545c7b847a21c835e11597f5255842d457da2322db", "urls": [ - "https://files.pythonhosted.org/packages/d9/5a/e7c31adbe875f2abbb91bd84cf2dc52d792b5a01506781dbcf25c91daf11/six-1.16.0-py2.py3-none-any.whl" + "https://files.pythonhosted.org/packages/77/68/bd982e5e949ef8334e6f7dcf76ae40922a8750aa2e347291ae1477a4782b/twine-5.1.1.tar.gz" ] } }, - "rules_python_publish_deps_311_charset_normalizer_py3_none_any_3e4d1f65": { + "rules_python_publish_deps_311_pkginfo_sdist_5df73835": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", "cp311_osx_aarch64", "cp311_osx_x86_64", "cp311_windows_x86_64" ], - "filename": "charset_normalizer-3.3.2-py3-none-any.whl", + "extra_pip_args": [ + "--index-url", + "https://pypi.org/simple" + ], + "filename": "pkginfo-1.10.0.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "charset-normalizer==3.3.2", - "sha256": "3e4d1f6587322d2788836a99c69062fbb091331ec940e02d12d179c1d53e25fc", + "requirement": "pkginfo==1.10.0", + "sha256": "5df73835398d10db79f8eecd5cd86b1f6d29317589ea70796994d49399af6297", "urls": [ - "https://files.pythonhosted.org/packages/28/76/e6222113b83e3622caa4bb41032d0b1bf785250607392e1b778aca0b8a7d/charset_normalizer-3.3.2-py3-none-any.whl" + "https://files.pythonhosted.org/packages/2f/72/347ec5be4adc85c182ed2823d8d1c7b51e13b9a6b0c1aae59582eca652df/pkginfo-1.10.0.tar.gz" ] } }, - "rules_python_publish_deps_311_cryptography_cp39_abi3_manylinux_2_28_aarch64_1df6fcbf": { + "rules_python_publish_deps_311_backports_tarfile_py3_none_any_77e284d7": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "filename": "backports.tarfile-1.2.0-py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "backports-tarfile==1.2.0", + "sha256": "77e284d754527b01fb1e6fa8a1afe577858ebe4e9dad8919e34c862cb399bc34", + "urls": [ + "https://files.pythonhosted.org/packages/b9/fa/123043af240e49752f1c4bd24da5053b6bd00cad78c2be53c0d1e8b975bc/backports.tarfile-1.2.0-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_markdown_it_py_sdist_e3f60a94": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "extra_pip_args": [ + "--index-url", + "https://pypi.org/simple" + ], + "filename": "markdown-it-py-3.0.0.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "markdown-it-py==3.0.0", + "sha256": "e3f60a94fa066dc52ec76661e37c851cb232d92f9886b15cb560aaada2df8feb", + "urls": [ + "https://files.pythonhosted.org/packages/38/71/3b932df36c1a044d397a1f92d1cf91ee0a503d91e470cbd670aa66b07ed0/markdown-it-py-3.0.0.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_manylinux_2_17_ppc64le_ce031db0": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "filename": "charset_normalizer-3.4.0-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "charset-normalizer==3.4.0", + "sha256": "ce031db0408e487fd2775d745ce30a7cd2923667cf3b69d48d219f1d8f5ddeb6", + "urls": [ + "https://files.pythonhosted.org/packages/e2/29/d227805bff72ed6d6cb1ce08eec707f7cfbd9868044893617eb331f16295/charset_normalizer-3.4.0-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl" + ] + } + }, + "rules_python_publish_deps_311_nh3_cp37_abi3_musllinux_1_2_aarch64_f0eca9ca": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "filename": "nh3-0.2.18-cp37-abi3-musllinux_1_2_aarch64.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "nh3==0.2.18", + "sha256": "f0eca9ca8628dbb4e916ae2491d72957fdd35f7a5d326b7032a345f111ac07fe", + "urls": [ + "https://files.pythonhosted.org/packages/a3/da/0c4e282bc3cff4a0adf37005fa1fb42257673fbc1bbf7d1ff639ec3d255a/nh3-0.2.18-cp37-abi3-musllinux_1_2_aarch64.whl" + ] + } + }, + "rules_python_publish_deps_311_pkginfo_py3_none_any_889a6da2": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "filename": "pkginfo-1.10.0-py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "pkginfo==1.10.0", + "sha256": "889a6da2ed7ffc58ab5b900d888ddce90bce912f2d2de1dc1c26f4cb9fe65097", + "urls": [ + "https://files.pythonhosted.org/packages/56/09/054aea9b7534a15ad38a363a2bd974c20646ab1582a387a95b8df1bfea1c/pkginfo-1.10.0-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_idna_py3_none_any_946d195a": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "filename": "idna-3.10-py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "idna==3.10", + "sha256": "946d195a0d259cbba61165e88e65941f16e9b36ea6ddb97f00452bae8b1287d3", + "urls": [ + "https://files.pythonhosted.org/packages/76/c6/c88e154df9c4e1a2a66ccf0005a88dfb2650c1dffb6f5ce603dfbd452ce3/idna-3.10-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_nh3_sdist_94a16692": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "extra_pip_args": [ + "--index-url", + "https://pypi.org/simple" + ], + "filename": "nh3-0.2.18.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "nh3==0.2.18", + "sha256": "94a166927e53972a9698af9542ace4e38b9de50c34352b962f4d9a7d4c927af4", + "urls": [ + "https://files.pythonhosted.org/packages/62/73/10df50b42ddb547a907deeb2f3c9823022580a7a47281e8eae8e003a9639/nh3-0.2.18.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_requests_sdist_55365417": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "extra_pip_args": [ + "--index-url", + "https://pypi.org/simple" + ], + "filename": "requests-2.32.3.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "requests==2.32.3", + "sha256": "55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760", + "urls": [ + "https://files.pythonhosted.org/packages/63/70/2bf7780ad2d390a8d301ad0b550f1581eadbd9a20f896afe06353c2a2913/requests-2.32.3.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_cryptography_cp39_abi3_manylinux_2_17_aarch64_846da004": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -3274,17 +2721,17 @@ "cp311_linux_s390x", "cp311_linux_x86_64" ], - "filename": "cryptography-42.0.4-cp39-abi3-manylinux_2_28_aarch64.whl", + "filename": "cryptography-43.0.3-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "cryptography==42.0.4", - "sha256": "1df6fcbf60560d2113b5ed90f072dc0b108d64750d4cbd46a21ec882c7aefce9", + "requirement": "cryptography==43.0.3", + "sha256": "846da004a5804145a5f441b8530b4bf35afbf7da70f82409f151695b127213d5", "urls": [ - "https://files.pythonhosted.org/packages/4c/e1/18056b2c0e4ba031ea6b9d660bc2bdf491f7ef64ab7ef1a803a03a8b8d26/cryptography-42.0.4-cp39-abi3-manylinux_2_28_aarch64.whl" + "https://files.pythonhosted.org/packages/2f/78/55356eb9075d0be6e81b59f45c7b48df87f76a20e73893872170471f3ee8/cryptography-43.0.3-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl" ] } }, - "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_manylinux_2_17_aarch64_14e76c0f": { + "rules_python_publish_deps_311_pycparser_sdist_491c8be9": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -3296,17 +2743,21 @@ "cp311_linux_s390x", "cp311_linux_x86_64" ], - "filename": "charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", + "extra_pip_args": [ + "--index-url", + "https://pypi.org/simple" + ], + "filename": "pycparser-2.22.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "charset-normalizer==3.0.1", - "sha256": "14e76c0f23218b8f46c4d87018ca2e441535aed3632ca134b10239dfb6dadd6b", + "requirement": "pycparser==2.22", + "sha256": "491c8be9c040f5390f5bf44a5b07752bd07f56edf992381b05c701439eec10f6", "urls": [ - "https://files.pythonhosted.org/packages/c0/4d/6b82099e3f25a9ed87431e2f51156c14f3a9ce8fad73880a3856cd95f1d5/charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl" + "https://files.pythonhosted.org/packages/1d/b2/31537cf4b1ca988837256c910a668b553fceb8f069bedc4b1c826024b52c/pycparser-2.22.tar.gz" ] } }, - "rules_python_publish_deps_311_readme_renderer_sdist_cd653186": { + "rules_python_publish_deps_311_nh3_cp37_abi3_manylinux_2_17_x86_64_de3ceed6": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -3321,17 +2772,17 @@ "cp311_osx_x86_64", "cp311_windows_x86_64" ], - "filename": "readme_renderer-37.3.tar.gz", + "filename": "nh3-0.2.18-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "readme-renderer==37.3", - "sha256": "cd653186dfc73055656f090f227f5cb22a046d7f71a841dfa305f55c9a513273", + "requirement": "nh3==0.2.18", + "sha256": "de3ceed6e661954871d6cd78b410213bdcb136f79aafe22aa7182e028b8c7307", "urls": [ - "https://files.pythonhosted.org/packages/81/c3/d20152fcd1986117b898f66928938f329d0c91ddc47f081c58e64e0f51dc/readme_renderer-37.3.tar.gz" + "https://files.pythonhosted.org/packages/1b/63/6ab90d0e5225ab9780f6c9fb52254fa36b52bb7c188df9201d05b647e5e1/nh3-0.2.18-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl" ] } }, - "rules_python_publish_deps_311_markdown_it_py_py3_none_any_93de681e": { + "rules_python_publish_deps_311_pygments_py3_none_any_b8e6aca0": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -3346,17 +2797,17 @@ "cp311_osx_x86_64", "cp311_windows_x86_64" ], - "filename": "markdown_it_py-2.1.0-py3-none-any.whl", + "filename": "pygments-2.18.0-py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "markdown-it-py==2.1.0", - "sha256": "93de681e5c021a432c63147656fe21790bc01231e0cd2da73626f1aa3ac0fe27", + "requirement": "pygments==2.18.0", + "sha256": "b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a", "urls": [ - "https://files.pythonhosted.org/packages/f9/3f/ecd1b708973b9a3e4574b43cffc1ce8eb98696da34f1a1c44a68c3c0d737/markdown_it_py-2.1.0-py3-none-any.whl" + "https://files.pythonhosted.org/packages/f7/3f/01c8b82017c199075f8f788d0d906b9ffbbc5a47dc9918a945e13d5a2bda/pygments-2.18.0-py3-none-any.whl" ] } }, - "rules_python_publish_deps_311_six_sdist_1e61c374": { + "rules_python_publish_deps_311_importlib_metadata_sdist_71522656": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -3371,37 +2822,21 @@ "cp311_osx_x86_64", "cp311_windows_x86_64" ], - "filename": "six-1.16.0.tar.gz", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "six==1.16.0", - "sha256": "1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926", - "urls": [ - "https://files.pythonhosted.org/packages/71/39/171f1c67cd00715f190ba0b100d606d440a28c93c7714febeca8b79af85e/six-1.16.0.tar.gz" - ] - } - }, - "rules_python_publish_deps_311_certifi_sdist_5a1e7645": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_osx_aarch64", - "cp311_osx_x86_64", - "cp311_windows_x86_64" + "extra_pip_args": [ + "--index-url", + "https://pypi.org/simple" ], - "filename": "certifi-2024.7.4.tar.gz", + "filename": "importlib_metadata-8.5.0.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "certifi==2024.7.4", - "sha256": "5a1e7645bc0ec61a09e26c36f6106dd4cf40c6db3a1fb6352b0244e7fb057c7b", + "requirement": "importlib-metadata==8.5.0", + "sha256": "71522656f0abace1d072b9e5481a48f07c138e00f079c38c8f883823f9c26bd7", "urls": [ - "https://files.pythonhosted.org/packages/c2/02/a95f2b11e207f68bc64d7aae9666fed2e2b3f307748d5123dffb72a1bbea/certifi-2024.7.4.tar.gz" + "https://files.pythonhosted.org/packages/cd/12/33e59336dca5be0c398a7482335911a33aa0e20776128f038019f1a95f1b/importlib_metadata-8.5.0.tar.gz" ] } }, - "rules_python_publish_deps_311_twine_py3_none_any_929bc3c2": { + "rules_python_publish_deps_311_nh3_cp37_abi3_musllinux_1_2_armv7l_3a157ab1": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -3416,17 +2851,17 @@ "cp311_osx_x86_64", "cp311_windows_x86_64" ], - "filename": "twine-4.0.2-py3-none-any.whl", + "filename": "nh3-0.2.18-cp37-abi3-musllinux_1_2_armv7l.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "twine==4.0.2", - "sha256": "929bc3c280033347a00f847236564d1c52a3e61b1ac2516c97c48f3ceab756d8", + "requirement": "nh3==0.2.18", + "sha256": "3a157ab149e591bb638a55c8c6bcb8cdb559c8b12c13a8affaba6cedfe51713a", "urls": [ - "https://files.pythonhosted.org/packages/3a/38/a3f27a9e8ce45523d7d1e28c09e9085b61a98dab15d35ec086f36a44b37c/twine-4.0.2-py3-none-any.whl" + "https://files.pythonhosted.org/packages/de/81/c291231463d21da5f8bba82c8167a6d6893cc5419b0639801ee5d3aeb8a9/nh3-0.2.18-cp37-abi3-musllinux_1_2_armv7l.whl" ] } }, - "rules_python_publish_deps_311_webencodings_sdist_b36a1c24": { + "rules_python_publish_deps_311_jaraco_context_py3_none_any_f797fc48": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -3441,17 +2876,146 @@ "cp311_osx_x86_64", "cp311_windows_x86_64" ], - "filename": "webencodings-0.5.1.tar.gz", + "filename": "jaraco.context-6.0.1-py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "webencodings==0.5.1", - "sha256": "b36a1c245f2d304965eb4e0a82848379241dc04b865afcc4aab16748587e1923", + "requirement": "jaraco-context==6.0.1", + "sha256": "f797fc481b490edb305122c9181830a3a5b76d84ef6d1aef2fb9b47ab956f9e4", "urls": [ - "https://files.pythonhosted.org/packages/0b/02/ae6ceac1baeda530866a85075641cec12989bd8d31af6d5ab4a3e8c92f47/webencodings-0.5.1.tar.gz" + "https://files.pythonhosted.org/packages/ff/db/0c52c4cf5e4bd9f5d7135ec7669a3a767af21b3a308e1ed3674881e52b62/jaraco.context-6.0.1-py3-none-any.whl" ] } }, - "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_musllinux_1_1_s390x_4a8fcf28": { + "rules_python_publish_deps_311_more_itertools_py3_none_any_037b0d32": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "filename": "more_itertools-10.5.0-py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "more-itertools==10.5.0", + "sha256": "037b0d3203ce90cca8ab1defbbdac29d5f993fc20131f3664dc8d6acfa872aef", + "urls": [ + "https://files.pythonhosted.org/packages/48/7e/3a64597054a70f7c86eb0a7d4fc315b8c1ab932f64883a297bdffeb5f967/more_itertools-10.5.0-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_musllinux_1_2_s390x_63bc5c4a": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "filename": "charset_normalizer-3.4.0-cp311-cp311-musllinux_1_2_s390x.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "charset-normalizer==3.4.0", + "sha256": "63bc5c4ae26e4bc6be6469943b8253c0fd4e4186c43ad46e713ea61a0ba49129", + "urls": [ + "https://files.pythonhosted.org/packages/8d/c9/27e41d481557be53d51e60750b85aa40eaf52b841946b3cdeff363105737/charset_normalizer-3.4.0-cp311-cp311-musllinux_1_2_s390x.whl" + ] + } + }, + "rules_python_publish_deps_311_nh3_cp37_abi3_manylinux_2_17_ppc64le_34c03fa7": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "filename": "nh3-0.2.18-cp37-abi3-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "nh3==0.2.18", + "sha256": "34c03fa78e328c691f982b7c03d4423bdfd7da69cd707fe572f544cf74ac23ad", + "urls": [ + "https://files.pythonhosted.org/packages/ab/a7/375afcc710dbe2d64cfbd69e31f82f3e423d43737258af01f6a56d844085/nh3-0.2.18-cp37-abi3-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl" + ] + } + }, + "rules_python_publish_deps_311_rich_sdist_bc1e01b8": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "extra_pip_args": [ + "--index-url", + "https://pypi.org/simple" + ], + "filename": "rich-13.9.3.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "rich==13.9.3", + "sha256": "bc1e01b899537598cf02579d2b9f4a415104d3fc439313a7a2c165d76557a08e", + "urls": [ + "https://files.pythonhosted.org/packages/d9/e9/cf9ef5245d835065e6673781dbd4b8911d352fb770d56cf0879cf11b7ee1/rich-13.9.3.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_requests_toolbelt_py2_none_any_cccfdd66": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "filename": "requests_toolbelt-1.0.0-py2.py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "requests-toolbelt==1.0.0", + "sha256": "cccfdd665f0a24fcf4726e690f65639d272bb0637b9b92dfd91a5568ccf6bd06", + "urls": [ + "https://files.pythonhosted.org/packages/3f/51/d4db610ef29373b879047326cbf6fa98b6c1969d6f6dc423279de2b1be2c/requests_toolbelt-1.0.0-py2.py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_cffi_cp311_cp311_manylinux_2_17_x86_64_610faea7": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -3463,62 +3027,17 @@ "cp311_linux_s390x", "cp311_linux_x86_64" ], - "filename": "charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_s390x.whl", + "filename": "cffi-1.17.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "charset-normalizer==3.0.1", - "sha256": "4a8fcf28c05c1f6d7e177a9a46a1c52798bfe2ad80681d275b10dcf317deaf0b", + "requirement": "cffi==1.17.1", + "sha256": "610faea79c43e44c71e1ec53a554553fa22321b65fae24889706c0a84d4ad86d", "urls": [ - "https://files.pythonhosted.org/packages/80/54/183163f9910936e57a60ee618f4f5cc91c2f8333ee2d4ebc6c50f6c8684d/charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_s390x.whl" + "https://files.pythonhosted.org/packages/ff/6b/d45873c5e0242196f042d555526f92aa9e0c32355a1be1ff8c27f077fd37/cffi-1.17.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl" ] } }, - "rules_python_publish_deps_311_markdown_it_py_sdist_cf7e59fe": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_linux_aarch64", - "cp311_linux_arm", - "cp311_linux_ppc", - "cp311_linux_s390x", - "cp311_linux_x86_64", - "cp311_osx_aarch64", - "cp311_osx_x86_64", - "cp311_windows_x86_64" - ], - "filename": "markdown-it-py-2.1.0.tar.gz", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "markdown-it-py==2.1.0", - "sha256": "cf7e59fed14b5ae17c0006eff14a2d9a00ed5f3a846148153899a0224e2c07da", - "urls": [ - "https://files.pythonhosted.org/packages/33/e9/ac8a93e9eda3891ecdfecf5e01c060bbd2c44d4e3e77efc83b9c7ce9db32/markdown-it-py-2.1.0.tar.gz" - ] - } - }, - "rules_python_publish_deps_311_urllib3_py2_none_any_37a03444": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_osx_aarch64", - "cp311_osx_x86_64", - "cp311_windows_x86_64" - ], - "filename": "urllib3-1.26.19-py2.py3-none-any.whl", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "urllib3==1.26.19", - "sha256": "37a0344459b199fce0e80b0d3569837ec6b6937435c5244e7fd73fa6006830f3", - "urls": [ - "https://files.pythonhosted.org/packages/ae/6a/99eaaeae8becaa17a29aeb334a18e5d582d873b6f084c11f02581b8d7f7f/urllib3-1.26.19-py2.py3-none-any.whl" - ] - } - }, - "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_manylinux_2_17_x86_64_79909e27": { + "rules_python_publish_deps_311_cffi_cp311_cp311_musllinux_1_1_x86_64_fc48c783": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -3530,17 +3049,17 @@ "cp311_linux_s390x", "cp311_linux_x86_64" ], - "filename": "charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", + "filename": "cffi-1.17.1-cp311-cp311-musllinux_1_1_x86_64.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "charset-normalizer==3.0.1", - "sha256": "79909e27e8e4fcc9db4addea88aa63f6423ebb171db091fb4373e3312cb6d603", + "requirement": "cffi==1.17.1", + "sha256": "fc48c783f9c87e60831201f2cce7f3b2e4846bf4d8728eabe54d60700b318a0b", "urls": [ - "https://files.pythonhosted.org/packages/d9/7a/60d45c9453212b30eebbf8b5cddbdef330eebddfcf335bce7920c43fb72e/charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl" + "https://files.pythonhosted.org/packages/f8/4a/34599cac7dfcd888ff54e801afe06a19c17787dfd94495ab0c8d35fe99fb/cffi-1.17.1-cp311-cp311-musllinux_1_1_x86_64.whl" ] } }, - "rules_python_publish_deps_311_idna_sdist_814f528e": { + "rules_python_publish_deps_311_cryptography_cp39_abi3_manylinux_2_28_aarch64_f7b178f1": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -3552,17 +3071,17 @@ "cp311_linux_s390x", "cp311_linux_x86_64" ], - "filename": "idna-3.4.tar.gz", + "filename": "cryptography-43.0.3-cp39-abi3-manylinux_2_28_aarch64.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "idna==3.4", - "sha256": "814f528e8dead7d329833b91c5faa87d60bf71824cd12a7530b5526063d02cb4", + "requirement": "cryptography==43.0.3", + "sha256": "f7b178f11ed3664fd0e995a47ed2b5ff0a12d893e41dd0494f406d1cf555cab7", "urls": [ - "https://files.pythonhosted.org/packages/8b/e1/43beb3d38dba6cb420cefa297822eac205a277ab43e5ba5d5c46faf96438/idna-3.4.tar.gz" + "https://files.pythonhosted.org/packages/7c/04/2345ca92f7a22f601a9c62961741ef7dd0127c39f7310dffa0041c80f16f/cryptography-43.0.3-cp39-abi3-manylinux_2_28_aarch64.whl" ] } }, - "rules_python_publish_deps_311_jaraco_classes_py3_none_any_2353de32": { + "rules_python_publish_deps_311_docutils_py3_none_any_dafca5b9": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -3577,39 +3096,35 @@ "cp311_osx_x86_64", "cp311_windows_x86_64" ], - "filename": "jaraco.classes-3.2.3-py3-none-any.whl", + "filename": "docutils-0.21.2-py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "jaraco-classes==3.2.3", - "sha256": "2353de3288bc6b82120752201c6b1c1a14b058267fa424ed5ce5984e3b922158", + "requirement": "docutils==0.21.2", + "sha256": "dafca5b9e384f0e419294eb4d2ff9fa826435bf15f15b7bd45723e8ad76811b2", "urls": [ - "https://files.pythonhosted.org/packages/60/28/220d3ae0829171c11e50dded4355d17824d60895285631d7eb9dee0ab5e5/jaraco.classes-3.2.3-py3-none-any.whl" + "https://files.pythonhosted.org/packages/8f/d7/9322c609343d929e75e7e5e6255e614fcc67572cfd083959cdef3b7aad79/docutils-0.21.2-py3-none-any.whl" ] } }, - "rules_python_publish_deps_311_pycparser_py2_none_any_8ee45429": { + "rules_python_publish_deps_311_pywin32_ctypes_py3_none_any_8a151337": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { "dep_template": "@rules_python_publish_deps//{name}:{target}", "experimental_target_platforms": [ - "cp311_linux_aarch64", - "cp311_linux_arm", - "cp311_linux_ppc", - "cp311_linux_s390x", - "cp311_linux_x86_64" + "cp311_windows_x86_64" ], - "filename": "pycparser-2.21-py2.py3-none-any.whl", + "filename": "pywin32_ctypes-0.2.3-py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "pycparser==2.21", - "sha256": "8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9", + "requirement": "pywin32-ctypes==0.2.3", + "sha256": "8a1513379d709975552d202d942d9837758905c8d01eb82b8bcc30918929e7b8", "urls": [ - "https://files.pythonhosted.org/packages/62/d5/5f610ebe421e85889f2e55e33b7f9a6795bd982198517d912eb1c76e1a53/pycparser-2.21-py2.py3-none-any.whl" + "https://files.pythonhosted.org/packages/de/3d/8161f7711c017e01ac9f008dfddd9410dff3674334c233bde66e7ba65bbf/pywin32_ctypes-0.2.3-py3-none-any.whl" ] } }, - "rules_python_publish_deps_311_rich_sdist_f1a00cdd": { + "rules_python_publish_deps_311_nh3_cp37_abi3_musllinux_1_2_x86_64_36c95d4b": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -3624,193 +3139,13 @@ "cp311_osx_x86_64", "cp311_windows_x86_64" ], - "filename": "rich-13.2.0.tar.gz", + "filename": "nh3-0.2.18-cp37-abi3-musllinux_1_2_x86_64.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "rich==13.2.0", - "sha256": "f1a00cdd3eebf999a15d85ec498bfe0b1a77efe9b34f645768a54132ef444ac5", + "requirement": "nh3==0.2.18", + "sha256": "36c95d4b70530b320b365659bb5034341316e6a9b30f0b25fa9c9eff4c27a204", "urls": [ - "https://files.pythonhosted.org/packages/9e/5e/c3dc3ea32e2c14bfe46e48de954dd175bff76bcc549dd300acb9689521ae/rich-13.2.0.tar.gz" - ] - } - }, - "rules_python_publish_deps_311_pywin32_ctypes_sdist_24ffc3b3": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_windows_x86_64" - ], - "filename": "pywin32-ctypes-0.2.0.tar.gz", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "pywin32-ctypes==0.2.0", - "sha256": "24ffc3b341d457d48e8922352130cf2644024a4ff09762a2261fd34c36ee5942", - "urls": [ - "https://files.pythonhosted.org/packages/7a/7d/0dbc4c99379452a819b0fb075a0ffbb98611df6b6d59f54db67367af5bc0/pywin32-ctypes-0.2.0.tar.gz" - ] - } - }, - "rules_python_publish_deps_311_pkginfo_sdist_8fd5896e": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_linux_aarch64", - "cp311_linux_arm", - "cp311_linux_ppc", - "cp311_linux_s390x", - "cp311_linux_x86_64", - "cp311_osx_aarch64", - "cp311_osx_x86_64", - "cp311_windows_x86_64" - ], - "filename": "pkginfo-1.9.6.tar.gz", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "pkginfo==1.9.6", - "sha256": "8fd5896e8718a4372f0ea9cc9d96f6417c9b986e23a4d116dda26b62cc29d046", - "urls": [ - "https://files.pythonhosted.org/packages/b4/1c/89b38e431c20d6b2389ed8b3926c2ab72f58944733ba029354c6d9f69129/pkginfo-1.9.6.tar.gz" - ] - } - }, - "rules_python_publish_deps_311_pygments_sdist_b3ed06a9": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_linux_aarch64", - "cp311_linux_arm", - "cp311_linux_ppc", - "cp311_linux_s390x", - "cp311_linux_x86_64", - "cp311_osx_aarch64", - "cp311_osx_x86_64", - "cp311_windows_x86_64" - ], - "filename": "Pygments-2.14.0.tar.gz", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "pygments==2.14.0", - "sha256": "b3ed06a9e8ac9a9aae5a6f5dbe78a8a58655d17b43b93c078f094ddc476ae297", - "urls": [ - "https://files.pythonhosted.org/packages/da/6a/c427c06913204e24de28de5300d3f0e809933f376e0b7df95194b2bb3f71/Pygments-2.14.0.tar.gz" - ] - } - }, - "rules_python_publish_deps_311_zipp_py3_none_any_83a28fcb": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_linux_aarch64", - "cp311_linux_arm", - "cp311_linux_ppc", - "cp311_linux_s390x", - "cp311_linux_x86_64" - ], - "filename": "zipp-3.11.0-py3-none-any.whl", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "zipp==3.11.0", - "sha256": "83a28fcb75844b5c0cdaf5aa4003c2d728c77e05f5aeabe8e95e56727005fbaa", - "urls": [ - "https://files.pythonhosted.org/packages/d8/20/256eb3f3f437c575fb1a2efdce5e801a5ce3162ea8117da96c43e6ee97d8/zipp-3.11.0-py3-none-any.whl" - ] - } - }, - "rules_python_publish_deps_311_docutils_py3_none_any_5e1de4d8": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_linux_aarch64", - "cp311_linux_arm", - "cp311_linux_ppc", - "cp311_linux_s390x", - "cp311_linux_x86_64", - "cp311_osx_aarch64", - "cp311_osx_x86_64", - "cp311_windows_x86_64" - ], - "filename": "docutils-0.19-py3-none-any.whl", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "docutils==0.19", - "sha256": "5e1de4d849fee02c63b040a4a3fd567f4ab104defd8a5511fbbc24a8a017efbc", - "urls": [ - "https://files.pythonhosted.org/packages/93/69/e391bd51bc08ed9141ecd899a0ddb61ab6465309f1eb470905c0c8868081/docutils-0.19-py3-none-any.whl" - ] - } - }, - "rules_python_publish_deps_311_docutils_sdist_33995a67": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_linux_aarch64", - "cp311_linux_arm", - "cp311_linux_ppc", - "cp311_linux_s390x", - "cp311_linux_x86_64", - "cp311_osx_aarch64", - "cp311_osx_x86_64", - "cp311_windows_x86_64" - ], - "filename": "docutils-0.19.tar.gz", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "docutils==0.19", - "sha256": "33995a6753c30b7f577febfc2c50411fec6aac7f7ffeb7c4cfe5991072dcf9e6", - "urls": [ - "https://files.pythonhosted.org/packages/6b/5c/330ea8d383eb2ce973df34d1239b3b21e91cd8c865d21ff82902d952f91f/docutils-0.19.tar.gz" - ] - } - }, - "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_win_amd64_66394663": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_osx_aarch64", - "cp311_osx_x86_64", - "cp311_windows_x86_64" - ], - "filename": "charset_normalizer-3.3.2-cp311-cp311-win_amd64.whl", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "charset-normalizer==3.3.2", - "sha256": "663946639d296df6a2bb2aa51b60a2454ca1cb29835324c640dafb5ff2131a77", - "urls": [ - "https://files.pythonhosted.org/packages/57/ec/80c8d48ac8b1741d5b963797b7c0c869335619e13d4744ca2f67fc11c6fc/charset_normalizer-3.3.2-cp311-cp311-win_amd64.whl" - ] - } - }, - "rules_python_publish_deps_311_idna_sdist_028ff3aa": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_osx_aarch64", - "cp311_osx_x86_64", - "cp311_windows_x86_64" - ], - "filename": "idna-3.7.tar.gz", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "idna==3.7", - "sha256": "028ff3aadf0609c1fd278d8ea3089299412a7a8b9bd005dd08b9f8285bcb5cfc", - "urls": [ - "https://files.pythonhosted.org/packages/21/ed/f86a79a07470cb07819390452f178b3bef1d375f2ec021ecfc709fc7cf07/idna-3.7.tar.gz" + "https://files.pythonhosted.org/packages/eb/61/73a007c74c37895fdf66e0edcd881f5eaa17a348ff02f4bb4bc906d61085/nh3-0.2.18-cp37-abi3-musllinux_1_2_x86_64.whl" ] } }, @@ -3826,6 +3161,10 @@ "cp311_linux_s390x", "cp311_linux_x86_64" ], + "extra_pip_args": [ + "--index-url", + "https://pypi.org/simple" + ], "filename": "jeepney-0.8.0.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", @@ -3836,52 +3175,7 @@ ] } }, - "rules_python_publish_deps_311_zipp_py3_none_any_f091755f": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_osx_aarch64", - "cp311_osx_x86_64", - "cp311_windows_x86_64" - ], - "filename": "zipp-3.19.2-py3-none-any.whl", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "zipp==3.19.2", - "sha256": "f091755f667055f2d02b32c53771a7a6c8b47e1fdbc4b72a8b9072b3eef8015c", - "urls": [ - "https://files.pythonhosted.org/packages/20/38/f5c473fe9b90c8debdd29ea68d5add0289f1936d6f923b6b9cc0b931194c/zipp-3.19.2-py3-none-any.whl" - ] - } - }, - "rules_python_publish_deps_311_requests_toolbelt_sdist_62e09f7f": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_linux_aarch64", - "cp311_linux_arm", - "cp311_linux_ppc", - "cp311_linux_s390x", - "cp311_linux_x86_64", - "cp311_osx_aarch64", - "cp311_osx_x86_64", - "cp311_windows_x86_64" - ], - "filename": "requests-toolbelt-0.10.1.tar.gz", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "requests-toolbelt==0.10.1", - "sha256": "62e09f7ff5ccbda92772a29f394a49c3ad6cb181d568b1337626b2abb628a63d", - "urls": [ - "https://files.pythonhosted.org/packages/0c/4c/07f01c6ac44f7784fa399137fbc8d0cdc1b5d35304e8c0f278ad82105b58/requests-toolbelt-0.10.1.tar.gz" - ] - } - }, - "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_manylinux_2_17_ppc64le_0c0a5902": { + "rules_python_publish_deps_311_cryptography_cp39_abi3_manylinux_2_28_x86_64_c2e6fc39": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -3893,13 +3187,13 @@ "cp311_linux_s390x", "cp311_linux_x86_64" ], - "filename": "charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", + "filename": "cryptography-43.0.3-cp39-abi3-manylinux_2_28_x86_64.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "charset-normalizer==3.0.1", - "sha256": "0c0a590235ccd933d9892c627dec5bc7511ce6ad6c1011fdf5b11363022746c1", + "requirement": "cryptography==43.0.3", + "sha256": "c2e6fc39c4ab499049df3bdf567f768a723a5e8464816e8f009f121a5a9f4405", "urls": [ - "https://files.pythonhosted.org/packages/12/e5/aa09a1c39c3e444dd223d63e2c816c18ed78d035cff954143b2a539bdc9e/charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl" + "https://files.pythonhosted.org/packages/ac/25/e715fa0bc24ac2114ed69da33adf451a38abb6f3f24ec207908112e9ba53/cryptography-43.0.3-cp39-abi3-manylinux_2_28_x86_64.whl" ] } }, @@ -3928,7 +3222,7 @@ ] } }, - "rules_python_publish_deps_311_requests_sdist_98b1b278": { + "rules_python_publish_deps_311_zipp_sdist_bc9eb26f": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -3943,13 +3237,17 @@ "cp311_osx_x86_64", "cp311_windows_x86_64" ], - "filename": "requests-2.28.2.tar.gz", + "extra_pip_args": [ + "--index-url", + "https://pypi.org/simple" + ], + "filename": "zipp-3.20.2.tar.gz", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "requests==2.28.2", - "sha256": "98b1b2782e3c6c4904938b84c0eb932721069dfdb9134313beff7c83c2df24bf", + "requirement": "zipp==3.20.2", + "sha256": "bc9eb26f4506fda01b81bcde0ca78103b6e62f991b381fec825435c836edbc29", "urls": [ - "https://files.pythonhosted.org/packages/9d/ee/391076f5937f0a8cdf5e53b701ffc91753e87b07d66bae4a09aa671897bf/requests-2.28.2.tar.gz" + "https://files.pythonhosted.org/packages/54/bf/5c0000c44ebc80123ecbdddba1f5dcd94a5ada602a9c225d84b5aaa55e86/zipp-3.20.2.tar.gz" ] } }, @@ -3958,50 +3256,54 @@ "ruleClassName": "hub_repository", "attributes": { "repo_name": "rules_python_publish_deps", + "extra_hub_aliases": {}, "whl_map": { - "six": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"six-1.16.0-py2.py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_six_py2_none_any_8abb2f1d\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"six-1.16.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_six_sdist_1e61c374\",\"target_platforms\":null,\"version\":\"3.11\"}]", - "cffi": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"cffi-1.15.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl\",\"repo\":\"rules_python_publish_deps_311_cffi_cp311_cp311_manylinux_2_17_aarch64_3548db28\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"cffi-1.15.1-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl\",\"repo\":\"rules_python_publish_deps_311_cffi_cp311_cp311_manylinux_2_17_ppc64le_91fc98ad\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"cffi-1.15.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_cffi_cp311_cp311_manylinux_2_17_x86_64_94411f22\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"cffi-1.15.1-cp311-cp311-musllinux_1_1_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_cffi_cp311_cp311_musllinux_1_1_x86_64_cc4d65ae\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"cffi-1.15.1.tar.gz\",\"repo\":\"rules_python_publish_deps_311_cffi_sdist_d400bfb9\",\"target_platforms\":null,\"version\":\"3.11\"}]", - "idna": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"idna-3.4-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_idna_py3_none_any_90b77e79\",\"target_platforms\":[\"cp311_linux_aarch64\",\"cp311_linux_arm\",\"cp311_linux_ppc\",\"cp311_linux_s390x\",\"cp311_linux_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"idna-3.4.tar.gz\",\"repo\":\"rules_python_publish_deps_311_idna_sdist_814f528e\",\"target_platforms\":[\"cp311_linux_aarch64\",\"cp311_linux_arm\",\"cp311_linux_ppc\",\"cp311_linux_s390x\",\"cp311_linux_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"idna-3.7-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_idna_py3_none_any_82fee1fc\",\"target_platforms\":[\"cp311_osx_aarch64\",\"cp311_osx_x86_64\",\"cp311_windows_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"idna-3.7.tar.gz\",\"repo\":\"rules_python_publish_deps_311_idna_sdist_028ff3aa\",\"target_platforms\":[\"cp311_osx_aarch64\",\"cp311_osx_x86_64\",\"cp311_windows_x86_64\"],\"version\":\"3.11\"}]", - "rich": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"rich-13.2.0-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_rich_py3_none_any_7c963f0d\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"rich-13.2.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_rich_sdist_f1a00cdd\",\"target_platforms\":null,\"version\":\"3.11\"}]", - "zipp": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"zipp-3.11.0-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_zipp_py3_none_any_83a28fcb\",\"target_platforms\":[\"cp311_linux_aarch64\",\"cp311_linux_arm\",\"cp311_linux_ppc\",\"cp311_linux_s390x\",\"cp311_linux_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"zipp-3.11.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_zipp_sdist_a7a22e05\",\"target_platforms\":[\"cp311_linux_aarch64\",\"cp311_linux_arm\",\"cp311_linux_ppc\",\"cp311_linux_s390x\",\"cp311_linux_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"zipp-3.19.2-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_zipp_py3_none_any_f091755f\",\"target_platforms\":[\"cp311_osx_aarch64\",\"cp311_osx_x86_64\",\"cp311_windows_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"zipp-3.19.2.tar.gz\",\"repo\":\"rules_python_publish_deps_311_zipp_sdist_bf1dcf64\",\"target_platforms\":[\"cp311_osx_aarch64\",\"cp311_osx_x86_64\",\"cp311_windows_x86_64\"],\"version\":\"3.11\"}]", - "mdurl": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"mdurl-0.1.2-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_mdurl_py3_none_any_84008a41\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"mdurl-0.1.2.tar.gz\",\"repo\":\"rules_python_publish_deps_311_mdurl_sdist_bb413d29\",\"target_platforms\":null,\"version\":\"3.11\"}]", - "twine": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"twine-4.0.2-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_twine_py3_none_any_929bc3c2\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"twine-4.0.2.tar.gz\",\"repo\":\"rules_python_publish_deps_311_twine_sdist_9e102ef5\",\"target_platforms\":null,\"version\":\"3.11\"}]", - "bleach": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"bleach-6.0.0-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_bleach_py3_none_any_33c16e33\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"bleach-6.0.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_bleach_sdist_1a1a85c1\",\"target_platforms\":null,\"version\":\"3.11\"}]", - "certifi": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"certifi-2022.12.7-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_certifi_py3_none_any_4ad3232f\",\"target_platforms\":[\"cp311_linux_aarch64\",\"cp311_linux_arm\",\"cp311_linux_ppc\",\"cp311_linux_s390x\",\"cp311_linux_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"certifi-2022.12.7.tar.gz\",\"repo\":\"rules_python_publish_deps_311_certifi_sdist_35824b4c\",\"target_platforms\":[\"cp311_linux_aarch64\",\"cp311_linux_arm\",\"cp311_linux_ppc\",\"cp311_linux_s390x\",\"cp311_linux_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"certifi-2024.7.4-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_certifi_py3_none_any_c198e21b\",\"target_platforms\":[\"cp311_osx_aarch64\",\"cp311_osx_x86_64\",\"cp311_windows_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"certifi-2024.7.4.tar.gz\",\"repo\":\"rules_python_publish_deps_311_certifi_sdist_5a1e7645\",\"target_platforms\":[\"cp311_osx_aarch64\",\"cp311_osx_x86_64\",\"cp311_windows_x86_64\"],\"version\":\"3.11\"}]", - "jeepney": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"jeepney-0.8.0-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_jeepney_py3_none_any_c0a454ad\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"jeepney-0.8.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_jeepney_sdist_5efe48d2\",\"target_platforms\":null,\"version\":\"3.11\"}]", - "keyring": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"keyring-23.13.1-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_keyring_py3_none_any_771ed2a9\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"keyring-23.13.1.tar.gz\",\"repo\":\"rules_python_publish_deps_311_keyring_sdist_ba2e15a9\",\"target_platforms\":null,\"version\":\"3.11\"}]", - "pkginfo": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"pkginfo-1.9.6-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_pkginfo_py3_none_any_4b7a555a\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"pkginfo-1.9.6.tar.gz\",\"repo\":\"rules_python_publish_deps_311_pkginfo_sdist_8fd5896e\",\"target_platforms\":null,\"version\":\"3.11\"}]", - "rfc3986": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"rfc3986-2.0.0-py2.py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_rfc3986_py2_none_any_50b1502b\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"rfc3986-2.0.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_rfc3986_sdist_97aacf9d\",\"target_platforms\":null,\"version\":\"3.11\"}]", - "urllib3": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"urllib3-1.26.14-py2.py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_urllib3_py2_none_any_75edcdc2\",\"target_platforms\":[\"cp311_linux_aarch64\",\"cp311_linux_arm\",\"cp311_linux_ppc\",\"cp311_linux_s390x\",\"cp311_linux_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"urllib3-1.26.14.tar.gz\",\"repo\":\"rules_python_publish_deps_311_urllib3_sdist_076907bf\",\"target_platforms\":[\"cp311_linux_aarch64\",\"cp311_linux_arm\",\"cp311_linux_ppc\",\"cp311_linux_s390x\",\"cp311_linux_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"urllib3-1.26.19-py2.py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_urllib3_py2_none_any_37a03444\",\"target_platforms\":[\"cp311_osx_aarch64\",\"cp311_osx_x86_64\",\"cp311_windows_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"urllib3-1.26.19.tar.gz\",\"repo\":\"rules_python_publish_deps_311_urllib3_sdist_3e3d753a\",\"target_platforms\":[\"cp311_osx_aarch64\",\"cp311_osx_x86_64\",\"cp311_windows_x86_64\"],\"version\":\"3.11\"}]", - "docutils": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"docutils-0.19-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_docutils_py3_none_any_5e1de4d8\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"docutils-0.19.tar.gz\",\"repo\":\"rules_python_publish_deps_311_docutils_sdist_33995a67\",\"target_platforms\":null,\"version\":\"3.11\"}]", - "pygments": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"Pygments-2.14.0-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_pygments_py3_none_any_fa7bd7bd\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"Pygments-2.14.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_pygments_sdist_b3ed06a9\",\"target_platforms\":null,\"version\":\"3.11\"}]", - "requests": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"requests-2.28.2-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_requests_py3_none_any_64299f49\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"requests-2.28.2.tar.gz\",\"repo\":\"rules_python_publish_deps_311_requests_sdist_98b1b278\",\"target_platforms\":null,\"version\":\"3.11\"}]", - "pycparser": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"pycparser-2.21-py2.py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_pycparser_py2_none_any_8ee45429\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"pycparser-2.21.tar.gz\",\"repo\":\"rules_python_publish_deps_311_pycparser_sdist_e644fdec\",\"target_platforms\":null,\"version\":\"3.11\"}]", - "cryptography": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"cryptography-42.0.4-cp39-abi3-musllinux_1_2_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_cryptography_cp39_abi3_musllinux_1_2_x86_64_ce8613be\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"cryptography-42.0.4-cp39-abi3-manylinux_2_28_aarch64.whl\",\"repo\":\"rules_python_publish_deps_311_cryptography_cp39_abi3_manylinux_2_28_aarch64_1df6fcbf\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"cryptography-42.0.4-cp39-abi3-musllinux_1_1_aarch64.whl\",\"repo\":\"rules_python_publish_deps_311_cryptography_cp39_abi3_musllinux_1_1_aarch64_3c6048f2\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"cryptography-42.0.4-cp39-abi3-manylinux_2_28_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_cryptography_cp39_abi3_manylinux_2_28_x86_64_44a64043\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"cryptography-42.0.4-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_cryptography_cp39_abi3_manylinux_2_17_x86_64_6ffb03d4\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"cryptography-42.0.4-cp39-abi3-musllinux_1_2_aarch64.whl\",\"repo\":\"rules_python_publish_deps_311_cryptography_cp39_abi3_musllinux_1_2_aarch64_887623fe\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"cryptography-42.0.4-cp39-abi3-musllinux_1_1_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_cryptography_cp39_abi3_musllinux_1_1_x86_64_6d0fbe73\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"cryptography-42.0.4-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl\",\"repo\":\"rules_python_publish_deps_311_cryptography_cp39_abi3_manylinux_2_17_aarch64_a1327f28\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"cryptography-42.0.4.tar.gz\",\"repo\":\"rules_python_publish_deps_311_cryptography_sdist_831a4b37\",\"target_platforms\":null,\"version\":\"3.11\"}]", - "webencodings": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"webencodings-0.5.1-py2.py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_webencodings_py2_none_any_a0af1213\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"webencodings-0.5.1.tar.gz\",\"repo\":\"rules_python_publish_deps_311_webencodings_sdist_b36a1c24\",\"target_platforms\":null,\"version\":\"3.11\"}]", - "secretstorage": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"SecretStorage-3.3.3-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_secretstorage_py3_none_any_f356e662\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"SecretStorage-3.3.3.tar.gz\",\"repo\":\"rules_python_publish_deps_311_secretstorage_sdist_2403533e\",\"target_platforms\":null,\"version\":\"3.11\"}]", - "jaraco_classes": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"jaraco.classes-3.2.3-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_jaraco_classes_py3_none_any_2353de32\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"jaraco.classes-3.2.3.tar.gz\",\"repo\":\"rules_python_publish_deps_311_jaraco_classes_sdist_89559fa5\",\"target_platforms\":null,\"version\":\"3.11\"}]", - "markdown_it_py": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"markdown_it_py-2.1.0-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_markdown_it_py_py3_none_any_93de681e\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"markdown-it-py-2.1.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_markdown_it_py_sdist_cf7e59fe\",\"target_platforms\":null,\"version\":\"3.11\"}]", - "more_itertools": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"more_itertools-9.0.0-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_more_itertools_py3_none_any_250e83d7\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"more-itertools-9.0.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_more_itertools_sdist_5a6257e4\",\"target_platforms\":null,\"version\":\"3.11\"}]", - "readme_renderer": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"readme_renderer-37.3-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_readme_renderer_py3_none_any_f67a16ca\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"readme_renderer-37.3.tar.gz\",\"repo\":\"rules_python_publish_deps_311_readme_renderer_sdist_cd653186\",\"target_platforms\":null,\"version\":\"3.11\"}]", - "requests_toolbelt": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"requests_toolbelt-0.10.1-py2.py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_requests_toolbelt_py2_none_any_18565aa5\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"requests-toolbelt-0.10.1.tar.gz\",\"repo\":\"rules_python_publish_deps_311_requests_toolbelt_sdist_62e09f7f\",\"target_platforms\":null,\"version\":\"3.11\"}]", - "charset_normalizer": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_manylinux_2_17_ppc64le_0c0a5902\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_manylinux_2_17_aarch64_14e76c0f\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_s390x.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_musllinux_1_1_s390x_4a8fcf28\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_ppc64le.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_musllinux_1_1_ppc64le_5995f016\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_aarch64.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_musllinux_1_1_aarch64_72966d1b\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_musllinux_1_1_x86_64_761e8904\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_manylinux_2_17_x86_64_79909e27\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_py3_none_any_7e189e2e\",\"target_platforms\":[\"cp311_linux_aarch64\",\"cp311_linux_arm\",\"cp311_linux_ppc\",\"cp311_linux_s390x\",\"cp311_linux_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.0.1-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_manylinux_2_17_s390x_8c7fe7af\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset-normalizer-3.0.1.tar.gz\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_sdist_ebea339a\",\"target_platforms\":[\"cp311_linux_aarch64\",\"cp311_linux_arm\",\"cp311_linux_ppc\",\"cp311_linux_s390x\",\"cp311_linux_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.3.2-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_py3_none_any_3e4d1f65\",\"target_platforms\":[\"cp311_osx_aarch64\",\"cp311_osx_x86_64\",\"cp311_windows_x86_64\"],\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.3.2-cp311-cp311-macosx_11_0_arm64.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_macosx_11_0_arm64_549a3a73\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.3.2-cp311-cp311-macosx_10_9_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_macosx_10_9_x86_64_573f6eac\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.3.2-cp311-cp311-win_amd64.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_win_amd64_66394663\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset_normalizer-3.3.2-cp311-cp311-macosx_10_9_universal2.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_macosx_10_9_universal2_802fe99c\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"charset-normalizer-3.3.2.tar.gz\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_sdist_f30c3cb3\",\"target_platforms\":[\"cp311_osx_aarch64\",\"cp311_osx_x86_64\",\"cp311_windows_x86_64\"],\"version\":\"3.11\"}]", - "importlib_metadata": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"importlib_metadata-6.0.0-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_importlib_metadata_py3_none_any_7efb448e\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"importlib_metadata-6.0.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_importlib_metadata_sdist_e354bede\",\"target_platforms\":null,\"version\":\"3.11\"}]", - "pywin32_ctypes": "[{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"pywin32_ctypes-0.2.0-py2.py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_pywin32_ctypes_py2_none_any_9dc2d991\",\"target_platforms\":null,\"version\":\"3.11\"},{\"config_setting\":\"//_config:is_python_3.11\",\"filename\":\"pywin32-ctypes-0.2.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_pywin32_ctypes_sdist_24ffc3b3\",\"target_platforms\":null,\"version\":\"3.11\"}]" + "backports_tarfile": "[{\"filename\":\"backports.tarfile-1.2.0-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_backports_tarfile_py3_none_any_77e284d7\",\"version\":\"3.11\"},{\"filename\":\"backports_tarfile-1.2.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_backports_tarfile_sdist_d75e02c2\",\"version\":\"3.11\"}]", + "certifi": "[{\"filename\":\"certifi-2024.8.30-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_certifi_py3_none_any_922820b5\",\"version\":\"3.11\"},{\"filename\":\"certifi-2024.8.30.tar.gz\",\"repo\":\"rules_python_publish_deps_311_certifi_sdist_bec941d2\",\"version\":\"3.11\"}]", + "cffi": "[{\"filename\":\"cffi-1.17.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl\",\"repo\":\"rules_python_publish_deps_311_cffi_cp311_cp311_manylinux_2_17_aarch64_a1ed2dd2\",\"version\":\"3.11\"},{\"filename\":\"cffi-1.17.1-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl\",\"repo\":\"rules_python_publish_deps_311_cffi_cp311_cp311_manylinux_2_17_ppc64le_46bf4316\",\"version\":\"3.11\"},{\"filename\":\"cffi-1.17.1-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl\",\"repo\":\"rules_python_publish_deps_311_cffi_cp311_cp311_manylinux_2_17_s390x_a24ed04c\",\"version\":\"3.11\"},{\"filename\":\"cffi-1.17.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_cffi_cp311_cp311_manylinux_2_17_x86_64_610faea7\",\"version\":\"3.11\"},{\"filename\":\"cffi-1.17.1-cp311-cp311-musllinux_1_1_aarch64.whl\",\"repo\":\"rules_python_publish_deps_311_cffi_cp311_cp311_musllinux_1_1_aarch64_a9b15d49\",\"version\":\"3.11\"},{\"filename\":\"cffi-1.17.1-cp311-cp311-musllinux_1_1_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_cffi_cp311_cp311_musllinux_1_1_x86_64_fc48c783\",\"version\":\"3.11\"},{\"filename\":\"cffi-1.17.1.tar.gz\",\"repo\":\"rules_python_publish_deps_311_cffi_sdist_1c39c601\",\"version\":\"3.11\"}]", + "charset_normalizer": "[{\"filename\":\"charset_normalizer-3.4.0-cp311-cp311-macosx_10_9_universal2.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_macosx_10_9_universal2_0d99dd8f\",\"version\":\"3.11\"},{\"filename\":\"charset_normalizer-3.4.0-cp311-cp311-macosx_10_9_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_macosx_10_9_x86_64_c57516e5\",\"version\":\"3.11\"},{\"filename\":\"charset_normalizer-3.4.0-cp311-cp311-macosx_11_0_arm64.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_macosx_11_0_arm64_6dba5d19\",\"version\":\"3.11\"},{\"filename\":\"charset_normalizer-3.4.0-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_manylinux_2_17_aarch64_bf4475b8\",\"version\":\"3.11\"},{\"filename\":\"charset_normalizer-3.4.0-cp311-cp311-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_manylinux_2_17_ppc64le_ce031db0\",\"version\":\"3.11\"},{\"filename\":\"charset_normalizer-3.4.0-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_manylinux_2_17_s390x_8ff4e7cd\",\"version\":\"3.11\"},{\"filename\":\"charset_normalizer-3.4.0-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_manylinux_2_17_x86_64_3710a975\",\"version\":\"3.11\"},{\"filename\":\"charset_normalizer-3.4.0-cp311-cp311-musllinux_1_2_aarch64.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_musllinux_1_2_aarch64_47334db7\",\"version\":\"3.11\"},{\"filename\":\"charset_normalizer-3.4.0-cp311-cp311-musllinux_1_2_ppc64le.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_musllinux_1_2_ppc64le_f1a2f519\",\"version\":\"3.11\"},{\"filename\":\"charset_normalizer-3.4.0-cp311-cp311-musllinux_1_2_s390x.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_musllinux_1_2_s390x_63bc5c4a\",\"version\":\"3.11\"},{\"filename\":\"charset_normalizer-3.4.0-cp311-cp311-musllinux_1_2_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_musllinux_1_2_x86_64_bcb4f8ea\",\"version\":\"3.11\"},{\"filename\":\"charset_normalizer-3.4.0-cp311-cp311-win_amd64.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_cp311_cp311_win_amd64_cee4373f\",\"version\":\"3.11\"},{\"filename\":\"charset_normalizer-3.4.0-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_py3_none_any_fe9f97fe\",\"version\":\"3.11\"},{\"filename\":\"charset_normalizer-3.4.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_charset_normalizer_sdist_223217c3\",\"version\":\"3.11\"}]", + "cryptography": "[{\"filename\":\"cryptography-43.0.3-cp39-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl\",\"repo\":\"rules_python_publish_deps_311_cryptography_cp39_abi3_manylinux_2_17_aarch64_846da004\",\"version\":\"3.11\"},{\"filename\":\"cryptography-43.0.3-cp39-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_cryptography_cp39_abi3_manylinux_2_17_x86_64_0f996e72\",\"version\":\"3.11\"},{\"filename\":\"cryptography-43.0.3-cp39-abi3-manylinux_2_28_aarch64.whl\",\"repo\":\"rules_python_publish_deps_311_cryptography_cp39_abi3_manylinux_2_28_aarch64_f7b178f1\",\"version\":\"3.11\"},{\"filename\":\"cryptography-43.0.3-cp39-abi3-manylinux_2_28_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_cryptography_cp39_abi3_manylinux_2_28_x86_64_c2e6fc39\",\"version\":\"3.11\"},{\"filename\":\"cryptography-43.0.3-cp39-abi3-musllinux_1_2_aarch64.whl\",\"repo\":\"rules_python_publish_deps_311_cryptography_cp39_abi3_musllinux_1_2_aarch64_e1be4655\",\"version\":\"3.11\"},{\"filename\":\"cryptography-43.0.3-cp39-abi3-musllinux_1_2_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_cryptography_cp39_abi3_musllinux_1_2_x86_64_df6b6c6d\",\"version\":\"3.11\"},{\"filename\":\"cryptography-43.0.3.tar.gz\",\"repo\":\"rules_python_publish_deps_311_cryptography_sdist_315b9001\",\"version\":\"3.11\"}]", + "docutils": "[{\"filename\":\"docutils-0.21.2-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_docutils_py3_none_any_dafca5b9\",\"version\":\"3.11\"},{\"filename\":\"docutils-0.21.2.tar.gz\",\"repo\":\"rules_python_publish_deps_311_docutils_sdist_3a6b1873\",\"version\":\"3.11\"}]", + "idna": "[{\"filename\":\"idna-3.10-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_idna_py3_none_any_946d195a\",\"version\":\"3.11\"},{\"filename\":\"idna-3.10.tar.gz\",\"repo\":\"rules_python_publish_deps_311_idna_sdist_12f65c9b\",\"version\":\"3.11\"}]", + "importlib_metadata": "[{\"filename\":\"importlib_metadata-8.5.0-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_importlib_metadata_py3_none_any_45e54197\",\"version\":\"3.11\"},{\"filename\":\"importlib_metadata-8.5.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_importlib_metadata_sdist_71522656\",\"version\":\"3.11\"}]", + "jaraco_classes": "[{\"filename\":\"jaraco.classes-3.4.0-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_jaraco_classes_py3_none_any_f662826b\",\"version\":\"3.11\"},{\"filename\":\"jaraco.classes-3.4.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_jaraco_classes_sdist_47a024b5\",\"version\":\"3.11\"}]", + "jaraco_context": "[{\"filename\":\"jaraco.context-6.0.1-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_jaraco_context_py3_none_any_f797fc48\",\"version\":\"3.11\"},{\"filename\":\"jaraco_context-6.0.1.tar.gz\",\"repo\":\"rules_python_publish_deps_311_jaraco_context_sdist_9bae4ea5\",\"version\":\"3.11\"}]", + "jaraco_functools": "[{\"filename\":\"jaraco.functools-4.1.0-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_jaraco_functools_py3_none_any_ad159f13\",\"version\":\"3.11\"},{\"filename\":\"jaraco_functools-4.1.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_jaraco_functools_sdist_70f7e0e2\",\"version\":\"3.11\"}]", + "jeepney": "[{\"filename\":\"jeepney-0.8.0-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_jeepney_py3_none_any_c0a454ad\",\"version\":\"3.11\"},{\"filename\":\"jeepney-0.8.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_jeepney_sdist_5efe48d2\",\"version\":\"3.11\"}]", + "keyring": "[{\"filename\":\"keyring-25.4.1-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_keyring_py3_none_any_5426f817\",\"version\":\"3.11\"},{\"filename\":\"keyring-25.4.1.tar.gz\",\"repo\":\"rules_python_publish_deps_311_keyring_sdist_b07ebc55\",\"version\":\"3.11\"}]", + "markdown_it_py": "[{\"filename\":\"markdown-it-py-3.0.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_markdown_it_py_sdist_e3f60a94\",\"version\":\"3.11\"},{\"filename\":\"markdown_it_py-3.0.0-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_markdown_it_py_py3_none_any_35521684\",\"version\":\"3.11\"}]", + "mdurl": "[{\"filename\":\"mdurl-0.1.2-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_mdurl_py3_none_any_84008a41\",\"version\":\"3.11\"},{\"filename\":\"mdurl-0.1.2.tar.gz\",\"repo\":\"rules_python_publish_deps_311_mdurl_sdist_bb413d29\",\"version\":\"3.11\"}]", + "more_itertools": "[{\"filename\":\"more-itertools-10.5.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_more_itertools_sdist_5482bfef\",\"version\":\"3.11\"},{\"filename\":\"more_itertools-10.5.0-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_more_itertools_py3_none_any_037b0d32\",\"version\":\"3.11\"}]", + "nh3": "[{\"filename\":\"nh3-0.2.18-cp37-abi3-macosx_10_12_x86_64.macosx_11_0_arm64.macosx_10_12_universal2.whl\",\"repo\":\"rules_python_publish_deps_311_nh3_cp37_abi3_macosx_10_12_x86_64_14c5a72e\",\"version\":\"3.11\"},{\"filename\":\"nh3-0.2.18-cp37-abi3-macosx_10_12_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_nh3_cp37_abi3_macosx_10_12_x86_64_7b7c2a3c\",\"version\":\"3.11\"},{\"filename\":\"nh3-0.2.18-cp37-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl\",\"repo\":\"rules_python_publish_deps_311_nh3_cp37_abi3_manylinux_2_17_aarch64_42c64511\",\"version\":\"3.11\"},{\"filename\":\"nh3-0.2.18-cp37-abi3-manylinux_2_17_armv7l.manylinux2014_armv7l.whl\",\"repo\":\"rules_python_publish_deps_311_nh3_cp37_abi3_manylinux_2_17_armv7l_0411beb0\",\"version\":\"3.11\"},{\"filename\":\"nh3-0.2.18-cp37-abi3-manylinux_2_17_ppc64.manylinux2014_ppc64.whl\",\"repo\":\"rules_python_publish_deps_311_nh3_cp37_abi3_manylinux_2_17_ppc64_5f36b271\",\"version\":\"3.11\"},{\"filename\":\"nh3-0.2.18-cp37-abi3-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl\",\"repo\":\"rules_python_publish_deps_311_nh3_cp37_abi3_manylinux_2_17_ppc64le_34c03fa7\",\"version\":\"3.11\"},{\"filename\":\"nh3-0.2.18-cp37-abi3-manylinux_2_17_s390x.manylinux2014_s390x.whl\",\"repo\":\"rules_python_publish_deps_311_nh3_cp37_abi3_manylinux_2_17_s390x_19aaba96\",\"version\":\"3.11\"},{\"filename\":\"nh3-0.2.18-cp37-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_nh3_cp37_abi3_manylinux_2_17_x86_64_de3ceed6\",\"version\":\"3.11\"},{\"filename\":\"nh3-0.2.18-cp37-abi3-musllinux_1_2_aarch64.whl\",\"repo\":\"rules_python_publish_deps_311_nh3_cp37_abi3_musllinux_1_2_aarch64_f0eca9ca\",\"version\":\"3.11\"},{\"filename\":\"nh3-0.2.18-cp37-abi3-musllinux_1_2_armv7l.whl\",\"repo\":\"rules_python_publish_deps_311_nh3_cp37_abi3_musllinux_1_2_armv7l_3a157ab1\",\"version\":\"3.11\"},{\"filename\":\"nh3-0.2.18-cp37-abi3-musllinux_1_2_x86_64.whl\",\"repo\":\"rules_python_publish_deps_311_nh3_cp37_abi3_musllinux_1_2_x86_64_36c95d4b\",\"version\":\"3.11\"},{\"filename\":\"nh3-0.2.18-cp37-abi3-win_amd64.whl\",\"repo\":\"rules_python_publish_deps_311_nh3_cp37_abi3_win_amd64_8ce0f819\",\"version\":\"3.11\"},{\"filename\":\"nh3-0.2.18.tar.gz\",\"repo\":\"rules_python_publish_deps_311_nh3_sdist_94a16692\",\"version\":\"3.11\"}]", + "pkginfo": "[{\"filename\":\"pkginfo-1.10.0-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_pkginfo_py3_none_any_889a6da2\",\"version\":\"3.11\"},{\"filename\":\"pkginfo-1.10.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_pkginfo_sdist_5df73835\",\"version\":\"3.11\"}]", + "pycparser": "[{\"filename\":\"pycparser-2.22-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_pycparser_py3_none_any_c3702b6d\",\"version\":\"3.11\"},{\"filename\":\"pycparser-2.22.tar.gz\",\"repo\":\"rules_python_publish_deps_311_pycparser_sdist_491c8be9\",\"version\":\"3.11\"}]", + "pygments": "[{\"filename\":\"pygments-2.18.0-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_pygments_py3_none_any_b8e6aca0\",\"version\":\"3.11\"},{\"filename\":\"pygments-2.18.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_pygments_sdist_786ff802\",\"version\":\"3.11\"}]", + "pywin32_ctypes": "[{\"filename\":\"pywin32-ctypes-0.2.3.tar.gz\",\"repo\":\"rules_python_publish_deps_311_pywin32_ctypes_sdist_d162dc04\",\"version\":\"3.11\"},{\"filename\":\"pywin32_ctypes-0.2.3-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_pywin32_ctypes_py3_none_any_8a151337\",\"version\":\"3.11\"}]", + "readme_renderer": "[{\"filename\":\"readme_renderer-44.0-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_readme_renderer_py3_none_any_2fbca89b\",\"version\":\"3.11\"},{\"filename\":\"readme_renderer-44.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_readme_renderer_sdist_8712034e\",\"version\":\"3.11\"}]", + "requests": "[{\"filename\":\"requests-2.32.3-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_requests_py3_none_any_70761cfe\",\"version\":\"3.11\"},{\"filename\":\"requests-2.32.3.tar.gz\",\"repo\":\"rules_python_publish_deps_311_requests_sdist_55365417\",\"version\":\"3.11\"}]", + "requests_toolbelt": "[{\"filename\":\"requests-toolbelt-1.0.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_requests_toolbelt_sdist_7681a0a3\",\"version\":\"3.11\"},{\"filename\":\"requests_toolbelt-1.0.0-py2.py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_requests_toolbelt_py2_none_any_cccfdd66\",\"version\":\"3.11\"}]", + "rfc3986": "[{\"filename\":\"rfc3986-2.0.0-py2.py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_rfc3986_py2_none_any_50b1502b\",\"version\":\"3.11\"},{\"filename\":\"rfc3986-2.0.0.tar.gz\",\"repo\":\"rules_python_publish_deps_311_rfc3986_sdist_97aacf9d\",\"version\":\"3.11\"}]", + "rich": "[{\"filename\":\"rich-13.9.3-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_rich_py3_none_any_9836f509\",\"version\":\"3.11\"},{\"filename\":\"rich-13.9.3.tar.gz\",\"repo\":\"rules_python_publish_deps_311_rich_sdist_bc1e01b8\",\"version\":\"3.11\"}]", + "secretstorage": "[{\"filename\":\"SecretStorage-3.3.3-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_secretstorage_py3_none_any_f356e662\",\"version\":\"3.11\"},{\"filename\":\"SecretStorage-3.3.3.tar.gz\",\"repo\":\"rules_python_publish_deps_311_secretstorage_sdist_2403533e\",\"version\":\"3.11\"}]", + "twine": "[{\"filename\":\"twine-5.1.1-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_twine_py3_none_any_215dbe7b\",\"version\":\"3.11\"},{\"filename\":\"twine-5.1.1.tar.gz\",\"repo\":\"rules_python_publish_deps_311_twine_sdist_9aa08251\",\"version\":\"3.11\"}]", + "urllib3": "[{\"filename\":\"urllib3-2.2.3-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_urllib3_py3_none_any_ca899ca0\",\"version\":\"3.11\"},{\"filename\":\"urllib3-2.2.3.tar.gz\",\"repo\":\"rules_python_publish_deps_311_urllib3_sdist_e7d814a8\",\"version\":\"3.11\"}]", + "zipp": "[{\"filename\":\"zipp-3.20.2-py3-none-any.whl\",\"repo\":\"rules_python_publish_deps_311_zipp_py3_none_any_a817ac80\",\"version\":\"3.11\"},{\"filename\":\"zipp-3.20.2.tar.gz\",\"repo\":\"rules_python_publish_deps_311_zipp_sdist_bc9eb26f\",\"version\":\"3.11\"}]" }, - "default_version": "3.11", "packages": [ - "bleach", + "backports_tarfile", "certifi", "charset_normalizer", "docutils", "idna", "importlib_metadata", "jaraco_classes", + "jaraco_context", + "jaraco_functools", "keyring", "markdown_it_py", "mdurl", "more_itertools", + "nh3", "pkginfo", "pygments", "readme_renderer", @@ -4009,16 +3311,14 @@ "requests_toolbelt", "rfc3986", "rich", - "six", "twine", "urllib3", - "webencodings", "zipp" ], "groups": {} } }, - "rules_python_publish_deps_311_webencodings_py2_none_any_a0af1213": { + "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_macosx_10_9_universal2_0d99dd8f": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -4033,103 +3333,17 @@ "cp311_osx_x86_64", "cp311_windows_x86_64" ], - "filename": "webencodings-0.5.1-py2.py3-none-any.whl", + "filename": "charset_normalizer-3.4.0-cp311-cp311-macosx_10_9_universal2.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "webencodings==0.5.1", - "sha256": "a0af1213f3c2226497a97e2b3aa01a7e4bee4f403f95be16fc9acd2947514a78", + "requirement": "charset-normalizer==3.4.0", + "sha256": "0d99dd8ff461990f12d6e42c7347fd9ab2532fb70e9621ba520f9e8637161d7c", "urls": [ - "https://files.pythonhosted.org/packages/f4/24/2a3e3df732393fed8b3ebf2ec078f05546de641fe1b667ee316ec1dcf3b7/webencodings-0.5.1-py2.py3-none-any.whl" + "https://files.pythonhosted.org/packages/9c/61/73589dcc7a719582bf56aae309b6103d2762b526bffe189d635a7fcfd998/charset_normalizer-3.4.0-cp311-cp311-macosx_10_9_universal2.whl" ] } }, - "rules_python_publish_deps_311_charset_normalizer_sdist_ebea339a": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_linux_aarch64", - "cp311_linux_arm", - "cp311_linux_ppc", - "cp311_linux_s390x", - "cp311_linux_x86_64" - ], - "filename": "charset-normalizer-3.0.1.tar.gz", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "charset-normalizer==3.0.1", - "sha256": "ebea339af930f8ca5d7a699b921106c6e29c617fe9606fa7baa043c1cdae326f", - "urls": [ - "https://files.pythonhosted.org/packages/96/d7/1675d9089a1f4677df5eb29c3f8b064aa1e70c1251a0a8a127803158942d/charset-normalizer-3.0.1.tar.gz" - ] - } - }, - "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_musllinux_1_1_aarch64_72966d1b": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_linux_aarch64", - "cp311_linux_arm", - "cp311_linux_ppc", - "cp311_linux_s390x", - "cp311_linux_x86_64" - ], - "filename": "charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_aarch64.whl", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "charset-normalizer==3.0.1", - "sha256": "72966d1b297c741541ca8cf1223ff262a6febe52481af742036a0b296e35fa5a", - "urls": [ - "https://files.pythonhosted.org/packages/01/ff/9ee4a44e8c32fe96dfc12daa42f29294608a55eadc88f327939327fb20fb/charset_normalizer-3.0.1-cp311-cp311-musllinux_1_1_aarch64.whl" - ] - } - }, - "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_macosx_10_9_x86_64_573f6eac": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_osx_aarch64", - "cp311_osx_x86_64", - "cp311_windows_x86_64" - ], - "filename": "charset_normalizer-3.3.2-cp311-cp311-macosx_10_9_x86_64.whl", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "charset-normalizer==3.3.2", - "sha256": "573f6eac48f4769d667c4442081b1794f52919e7edada77495aaed9236d13a96", - "urls": [ - "https://files.pythonhosted.org/packages/3e/33/21a875a61057165e92227466e54ee076b73af1e21fe1b31f1e292251aa1e/charset_normalizer-3.3.2-cp311-cp311-macosx_10_9_x86_64.whl" - ] - } - }, - "rules_python_publish_deps_311_pycparser_sdist_e644fdec": { - "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", - "ruleClassName": "whl_library", - "attributes": { - "dep_template": "@rules_python_publish_deps//{name}:{target}", - "experimental_target_platforms": [ - "cp311_linux_aarch64", - "cp311_linux_arm", - "cp311_linux_ppc", - "cp311_linux_s390x", - "cp311_linux_x86_64" - ], - "filename": "pycparser-2.21.tar.gz", - "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", - "repo": "rules_python_publish_deps_311", - "requirement": "pycparser==2.21", - "sha256": "e644fdec12f7872f86c58ff790da456218b10f863970249516d60a5eaca77206", - "urls": [ - "https://files.pythonhosted.org/packages/5e/0b/95d387f5f4433cb0f53ff7ad859bd2c6051051cebbb564f139a999ab46de/pycparser-2.21.tar.gz" - ] - } - }, - "rules_python_publish_deps_311_bleach_sdist_1a1a85c1": { + "rules_python_publish_deps_311_jaraco_classes_py3_none_any_f662826b": { "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", "ruleClassName": "whl_library", "attributes": { @@ -4144,13 +3358,168 @@ "cp311_osx_x86_64", "cp311_windows_x86_64" ], - "filename": "bleach-6.0.0.tar.gz", + "filename": "jaraco.classes-3.4.0-py3-none-any.whl", "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", "repo": "rules_python_publish_deps_311", - "requirement": "bleach==6.0.0", - "sha256": "1a1a85c1595e07d8db14c5f09f09e6433502c51c595970edc090551f0db99414", + "requirement": "jaraco-classes==3.4.0", + "sha256": "f662826b6bed8cace05e7ff873ce0f9283b5c924470fe664fff1c2f00f581790", "urls": [ - "https://files.pythonhosted.org/packages/7e/e6/d5f220ca638f6a25557a611860482cb6e54b2d97f0332966b1b005742e1f/bleach-6.0.0.tar.gz" + "https://files.pythonhosted.org/packages/7f/66/b15ce62552d84bbfcec9a4873ab79d993a1dd4edb922cbfccae192bd5b5f/jaraco.classes-3.4.0-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_jaraco_context_sdist_9bae4ea5": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "extra_pip_args": [ + "--index-url", + "https://pypi.org/simple" + ], + "filename": "jaraco_context-6.0.1.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "jaraco-context==6.0.1", + "sha256": "9bae4ea555cf0b14938dc0aee7c9f32ed303aa20a3b73e7dc80111628792d1b3", + "urls": [ + "https://files.pythonhosted.org/packages/df/ad/f3777b81bf0b6e7bc7514a1656d3e637b2e8e15fab2ce3235730b3e7a4e6/jaraco_context-6.0.1.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_requests_py3_none_any_70761cfe": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "filename": "requests-2.32.3-py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "requests==2.32.3", + "sha256": "70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6", + "urls": [ + "https://files.pythonhosted.org/packages/f9/9b/335f9764261e915ed497fcdeb11df5dfd6f7bf257d4a6a2a686d80da4d54/requests-2.32.3-py3-none-any.whl" + ] + } + }, + "rules_python_publish_deps_311_readme_renderer_sdist_8712034e": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "extra_pip_args": [ + "--index-url", + "https://pypi.org/simple" + ], + "filename": "readme_renderer-44.0.tar.gz", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "readme-renderer==44.0", + "sha256": "8712034eabbfa6805cacf1402b4eeb2a73028f72d1166d6f5cb7f9c047c5d1e1", + "urls": [ + "https://files.pythonhosted.org/packages/5a/a9/104ec9234c8448c4379768221ea6df01260cd6c2ce13182d4eac531c8342/readme_renderer-44.0.tar.gz" + ] + } + }, + "rules_python_publish_deps_311_cffi_cp311_cp311_manylinux_2_17_aarch64_a1ed2dd2": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64" + ], + "filename": "cffi-1.17.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "cffi==1.17.1", + "sha256": "a1ed2dd2972641495a3ec98445e09766f077aee98a1c896dcb4ad0d303628e41", + "urls": [ + "https://files.pythonhosted.org/packages/2e/ea/70ce63780f096e16ce8588efe039d3c4f91deb1dc01e9c73a287939c79a6/cffi-1.17.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl" + ] + } + }, + "rules_python_publish_deps_311_charset_normalizer_cp311_cp311_manylinux_2_17_s390x_8ff4e7cd": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "filename": "charset_normalizer-3.4.0-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "charset-normalizer==3.4.0", + "sha256": "8ff4e7cdfdb1ab5698e675ca622e72d58a6fa2a8aa58195de0c0061288e6e3ea", + "urls": [ + "https://files.pythonhosted.org/packages/13/bc/87c2c9f2c144bedfa62f894c3007cd4530ba4b5351acb10dc786428a50f0/charset_normalizer-3.4.0-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl" + ] + } + }, + "rules_python_publish_deps_311_jaraco_functools_py3_none_any_ad159f13": { + "bzlFile": "@@rules_python~//python/private/pypi:whl_library.bzl", + "ruleClassName": "whl_library", + "attributes": { + "dep_template": "@rules_python_publish_deps//{name}:{target}", + "experimental_target_platforms": [ + "cp311_linux_aarch64", + "cp311_linux_arm", + "cp311_linux_ppc", + "cp311_linux_s390x", + "cp311_linux_x86_64", + "cp311_osx_aarch64", + "cp311_osx_x86_64", + "cp311_windows_x86_64" + ], + "filename": "jaraco.functools-4.1.0-py3-none-any.whl", + "python_interpreter_target": "@@rules_python~~python~python_3_11_host//:python", + "repo": "rules_python_publish_deps_311", + "requirement": "jaraco-functools==4.1.0", + "sha256": "ad159f13428bc4acbf5541ad6dec511f91573b90fba04df61dafa2a1231cf649", + "urls": [ + "https://files.pythonhosted.org/packages/9f/4f/24b319316142c44283d7540e76c7b5a6dbd5db623abd86bb7b3491c21018/jaraco.functools-4.1.0-py3-none-any.whl" ] } } @@ -4261,10 +3630,30 @@ "pythons_hub", "rules_python~~python~pythons_hub" ], + [ + "rules_python~~python~pythons_hub", + "python_3_10_host", + "rules_python~~python~python_3_10_host" + ], [ "rules_python~~python~pythons_hub", "python_3_11_host", "rules_python~~python~python_3_11_host" + ], + [ + "rules_python~~python~pythons_hub", + "python_3_12_host", + "rules_python~~python~python_3_12_host" + ], + [ + "rules_python~~python~pythons_hub", + "python_3_8_host", + "rules_python~~python~python_3_8_host" + ], + [ + "rules_python~~python~pythons_hub", + "python_3_9_host", + "rules_python~~python~python_3_9_host" ] ] } diff --git a/bootstrapper/initproto/init.pb.go b/bootstrapper/initproto/init.pb.go index b745471ce..324d2d2e2 100644 --- a/bootstrapper/initproto/init.pb.go +++ b/bootstrapper/initproto/init.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.35.1 -// protoc v5.27.0 +// protoc v5.29.0--rc2 // source: bootstrapper/initproto/init.proto package initproto diff --git a/debugd/service/debugd.pb.go b/debugd/service/debugd.pb.go index 13bf3606b..742b39998 100644 --- a/debugd/service/debugd.pb.go +++ b/debugd/service/debugd.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.35.1 -// protoc v5.27.0 +// protoc v5.29.0--rc2 // source: debugd/service/debugd.proto package service diff --git a/disk-mapper/recoverproto/recover.pb.go b/disk-mapper/recoverproto/recover.pb.go index f4ed7c5c7..0a071e68b 100644 --- a/disk-mapper/recoverproto/recover.pb.go +++ b/disk-mapper/recoverproto/recover.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.35.1 -// protoc v5.27.0 +// protoc v5.29.0--rc2 // source: disk-mapper/recoverproto/recover.proto package recoverproto diff --git a/internal/versions/components/components.pb.go b/internal/versions/components/components.pb.go index c6ac56fe4..92b834075 100644 --- a/internal/versions/components/components.pb.go +++ b/internal/versions/components/components.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.35.1 -// protoc v5.27.0 +// protoc v5.29.0--rc2 // source: internal/versions/components/components.proto package components diff --git a/joinservice/joinproto/join.pb.go b/joinservice/joinproto/join.pb.go index bd657f503..c83a02e1a 100644 --- a/joinservice/joinproto/join.pb.go +++ b/joinservice/joinproto/join.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.35.1 -// protoc v5.27.0 +// protoc v5.29.0--rc2 // source: joinservice/joinproto/join.proto package joinproto diff --git a/keyservice/keyserviceproto/keyservice.pb.go b/keyservice/keyserviceproto/keyservice.pb.go index fad9fe4bf..11e1bf4d8 100644 --- a/keyservice/keyserviceproto/keyservice.pb.go +++ b/keyservice/keyserviceproto/keyservice.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.35.1 -// protoc v5.27.0 +// protoc v5.29.0--rc2 // source: keyservice/keyserviceproto/keyservice.proto package keyserviceproto diff --git a/upgrade-agent/upgradeproto/upgrade.pb.go b/upgrade-agent/upgradeproto/upgrade.pb.go index c9647353a..3ad16c64d 100644 --- a/upgrade-agent/upgradeproto/upgrade.pb.go +++ b/upgrade-agent/upgradeproto/upgrade.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.35.1 -// protoc v5.27.0 +// protoc v5.29.0--rc2 // source: upgrade-agent/upgradeproto/upgrade.proto package upgradeproto diff --git a/verify/verifyproto/verify.pb.go b/verify/verifyproto/verify.pb.go index 297421ce3..9a68d32c0 100644 --- a/verify/verifyproto/verify.pb.go +++ b/verify/verifyproto/verify.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.35.1 -// protoc v5.27.0 +// protoc v5.29.0--rc2 // source: verify/verifyproto/verify.proto package verifyproto

        g{W^ePqs^f(GpZy_X2R15ts9*+e`x^rjJHW(EI7LfkBp}%;$Xz6~a zLQPwc&>IM`Fv1ijOm{u|A-(#a4dXkf5Vv6S0||Z+7)h^uVE5C0R-3#dwVXLw$y|4m zvLY*Ziqcp9_SSS<3g4Tybps5olHE!}c3iF=FAr3FzSeJOK;9nWTHzW;0StXs?XOcE z%CdgiDi95_2y%VY9q9#ghY+-}Jb>G6QZ<7GtTicwd2b;Y^S~&z-|H95<&bi!b^c<7 zv&Io{)7uI3(ikEw&Wx6(&(d^=uw;?CkK@Csa+8Y_oh zP0Lx~w{lfV*1A|?to#i#f7(B~>|qzbi$zJSNw5$5L!#a6ZYkdA%*9VXtIx0>!^;n5 z?v@L`6jRw(?B^3VOg<6HFamd^ZB)&5?bf0+JG+@ZJJ;GNDP$3Wb;@=jT^kLUQK(gI zPn-_tDoNhv%;Jn3iTmFRwY$Q)a{rF~-}D~E!Z+Yyg9NDyx!*!*6%$O7q|DI&Rt5m| z$RmI&7k<1q#r!`0k%Lkt?;c9d~8X z3QA)i&V4hp*6{6#0G!$u)ySDmKW&jN#dQ6E1?NCOb1!lXZz2irraK3iZ6f>?tA5(# z|2zyo=Wu>=@FPYnn!rt9M3z)wCa#aw3kzVb1!g|r)Im~a_E&oRKh6E@!J?&mE3~Ye zw%`c!D6|Hy)ab}5exk3}oJPWMECbZUnRSvLKdb)Fp0Nr0Bf>k4giu&CWEJDP^;Qwh zKMVvqvtR4gKO-{FtSH$20@nt^y1C?*65_`WsTBLHa>=9(4mA za22k4A-qEAcBNTi7f@vz01)e3pd#k}O+&wajlLb#eKy_V{&!YE?{mlIn*jnCc>EL` zOd~oYoc(<&?b%;OyL(^S#;nzBuOaIx_437g`(UY;p3(68bkvS8_o=z|41 z4gwzlst6zk1pvQ@q(?2~e;gJ=XY%b6o1*QL+;#?us;ITN7BNw`ukqd*b^Y48AkVrE z@-`6$C*O+BFI|RZJDGR(@9=uK@5wRgB@f+84Y^RJV$3g|1=ZGfXjZC}iJA};m~WM= zb{}!7z3g}BqaC|f=eCXzag|na(w};}z~3YoAkfX?46i zwlHPOED8{~1V9Z&w3x(EyP>~n=PzD|cRL*492`Xtc9cM%5J0j(T?=RlCoYVL@fdat zfBK6y{`wV4`QuoM-i|#BAfrx#GYzOf-z0)%K_H-@E36VO(c)X1D>f1FGxqUTm8YJ8;k>eAO$k4_O=eDs5IY_kOS7fW+&X2grgP(pqMuzg?$+K0R1}X9ugMXSWq3L4M_e5b)FjWO*fj)U1 zE|I>QcQ!EM-pL}ZV!0-9)c%jn^M!X>o(gK=Bm2qfw_Mu1i9)B zDH9O9oo6aHoH~4(M=u^gVQAy{*?_kmgJ&0{Tzuc!Wo457(BPlGa9MgJz-{S46EAgj z|5y;}%O0pU-#N{)Qy)%Axq&wUN|XC4_fH8+xtbUE>ig_jAOrKw7-s{6t@>pc4NTet zEI@UQ&Wuhw0YyQg3sHjv#_VS)vp68=fzQE5=fag38g3d#Q(LIcFBaT1Kof~x_&Waw zDsv?4oYoJ5pwHH^XvB7q{Ubhx9hdkq@=!=WTwH$mgP*s){2DQ$yz?iMdaWF2(a~i+ zkHxyaAm;_qvIykCU(x$xas%x(t|qX-J?AtGjGlqnr$XpYBuyz_STG# zHVlu$=Si|9rSUyd$NJba59s4F-c;Acl*RT9U8s9e*T`>`5eX!EEh;#yBGJml~xwYVuM@9oYxIbG6C zf@Itr;4%>D0?-2a@Cx#@x5j?8?_4$OM@zU?);qI;()3xqij&RSA-bYU01(*Gbxdf!}P&sU7g zT?6>w?iIpUyCwW$NbO}6Q@RKAWft06>_;{()h8!-^$(B5m|u{_D8A^O4r++}*!gT* z7S1KK470Ot)JebDx<5a4JfeO&Gkb^~PKbB@M71K$=P8vmPnOAG>AD_?_b}G^@j@&_+CK{5 z2%HDu^L^YT6tobyi-iP$=Nd*VOq{tRU^GDZu@;c3F)ZoHj#m1^!#{sPJ(o3~Xm3sb zW7UXrben`*01lo6U@0ROuubmDm?y|wcpZkm($WY9z5HWy!;bb&71KI=w~Kz2yPPk- zZ7LA6hh|ym$~KX{A_2_J{7fCesnM+|s+WtZYy!SD z^^+Ua`Kr!Am*p|k(4;$9m|f z)S9XZI~;;9zr46q$xRW*Ld+}wl!QmAKt0uy*z*l;0b@9vhYit%I?rR&0+YFa+4$eS zpbyO_iXIk$04PVb-8v59Ulx2Av<0x#@XQFrFt5LD>X!xBq#;grO=~i5fJJVz5CG3D zW!s46@7f7}HDg{|{?$O__H6cv`lgSpyRmSkq888{BC-buipZYhe?;`lPXFY^B7XIc zTGk<=^w205M}WNgkwzZrzoW4UP7uJ7H7o$F#e&W%x5x!BG*Y4mlpG$=l+6Zq|D=Qe z@R4Z!0q;AJ-NtaAA!-Y>{`*Q00q@v=?;AS}4NWfb^Zz@U`$R^ZlRM@K(E(5ZY7IBs z1PK!rbUa#$WKN*tXuO$U+D7Ug)IY*3@*21;6@G;7Keayb3P!>RiXi({{yQ3s3)Tl|z`Z|q z^l?D*gIg;9J6)dghtGC%(gC=cqt zmj`MKmnYy^GJ?>6djl;I7}<)2VLJ)1&~>-$Us>S1dF(@TL+=DPKOZD4(d(ML^}|Ny zVndS=et!JFavyZ%-MIi&KwT6l+lDt|kthQu*kBy6Byp6&afkdT@B2>`7b&-hU-hHb zScniJ4<(4~LU0E<;s;p>vIM&BqFC-jaol_RZ@IN$70#2J1lGe3k2fG8yKTOWgZuW* z#AJ%VzZ(b!8Hn?|=RjnRLh=N4U-xN)>w7rd$%TEow14A2rg7dL5nYAfS%rdYghmYa z0bLy2w+YhH#C3^Q6z>0v2>w_$qHB5&&Ld(Ta~UH^Sb9d~t98I50EkZ2zWi4PGUhCR zQ7tDS{txU?gIkGCzbv=7KEDAKFz(}q5yQWiMtS*|^9rD*S_l}uNsK^v5lpFYYR(%u z90tUa5&7kG^H?(K6f_51awM{;Wc&fktE733Fu3~H_%N)+Sw`=8lOgi{k8Fb9RD&0{ zMDSN6*R<9=8zMhmc>m8ETLgJP?<0cQ>ybS;Tf{<^^(@#H6y^`CmZ2VpXKP=)8ksqe zfO)1Uo4rghMDUFg!cKc`-1xjT9` z+CR(6?Vp$`y}T-e*&w=oa{m4AlYnYZm*-d8nm_3AXr9$90WcB&P4jz)r=w|?%cr&< zI|-Pq9#_@PxUZm-S8(Wav+WeX9Kb&YoZ81Tnm7%@Yvwz~Da=sTuza|;^nFc>pW$HP z{8P39u1v@d0$^x)p7+A#PN|Kf6A5`G;DU!gOI4bVXNuhf05VAY#Rz&GW)D5Debml~ zn&upw#LJ}Tb!f7G`<23}+82T~`n}5jUC(o2xrNbOS%bj>9%T7F09mU20Js^|00bj= zGVQC4p`$7AS7dH=PVntZ*kq7U0#C6wa_A-JXMT1(qu|mvo9`i8c^+vJ7`hyfz1m_p zoaN|Zp^B;4abvJlS4HQZm{@UH_h{1ziOdgmNmLS2l8dXX+3$6IPoJJE#)-%zeWtiL zy=B=M8r3FWKh4s(SKbUM1-3Y4e@uKc2pG0k_ect8M@KKO&UiIA`;xY-?1StOQsP_Z z1f)%=b5H~cg@Tq(R7!_yp(b548IZCsjnGC4LN%}A8Wkk(>{GBfs-N~i!qT$fLw8cF zZ)fa;T|@LC-{c&XPQ~C&Ct=X4T0Um&j8Q>64udyj%~E9cnf?{00bt56YqQx*TniZ9 z#=VQA8CUd}Kb1IQ&T&RHqqU12lan9baJtXgM!B`Lc@7+DmvzoXdQg#`N%oPR(ml(b zk4Zhm|1lbBt|bS~vT|l0Bnr=@5j_n2F6(jS#I~NNlFe;fM#d~0V+2C8r7dFJ-;6lF z?QL1! zI%QzT<-6~PvaQog@yj{h^-tM5x2Nlw#G2eW-YI=l7vuP-fv0I2qX3J;82KK=>%4gf zjj#)itoqaA48$%FRayh#8VjcZc*_KedFqSW)_#sN`wxi~jo#>Q8NKL|vwdHJ*rVmC zcbiWQmT;QajD?!6Ny~$612)@^SxjM5_Pwa*c?=F0`HQpt<=ZtX?KNdpYg@d>XXMBA zwOzuHl1`L_CR1H=e{(y9c#qK1!rl>?*?lSv%NJ$5DV}{<-Sz%szf;y(q@>{(#k#Cy zT0h}Qm|T|4aj z2~MGEUpC%*TYHHBHZ}@RGMAWT2I~sovvXS?)j85|snyXUsun}Dm>pX`bf?<#eVBG~ z7Iz-Fwza$$)&*#Hipil!IdKcme(P&>t&`)f?IHRGOB>ofDk$eeYq<5T16%gf%qtA= zN805_=myHrUZScTQuzL%q0@Lz63%_B%0xO~$>=!;fwHn01C0X>TAymnZ6&hP9L%M{ zAPJOfr}Xv%i;3mqGIiZk(*@Ji_D!iYabB#h)l0bo`4Ic+j>V)?0e z0K^URr#DBe4V)=!54~q;Wkj_cGq5fAaBXGp@KM@rDzPD~zJbUyyRD_AYg+~t={ksX zIaM+BypAu+Z%1%NC;p1p;Lw-=p13{h-i}pCy_cXk5?bO$^s?vZrBS2Hw^n@^l}N*% z=r66YvkqY*4i?0lHoMFc4R%-zj=JF)rnN_FrYtNHf{+UA+ShOqlu0FpP%#A(XCLnX>e77>wcv-eda`RmyK$-u7PDv?mXu{ zN;&h;<7~PaBPsaL^blB>1#S`Aw)7k0-dHto>}npyZN7G>;L zEf{HQhnd5<#ZHvTEQP_1lhr2II>owaCWh;K#}DX~2Yx|{^JZ&A)$kAGS>^1&l)P+y zZ{W4z(Cj+rFGcT`g*vLHq|=Zsrw65+`7p}mVGH3GfcwV>;QsO5B!GlAV9&m5-+1=4 z^V7NJG;fBb6ij!9h&*Op_vn?Ov9OMl9eCx>u6U35Iq+suAqqAMxHw}s`ctC!Gd-{u@_o;6i|k5FoDTs zFy0X$4S%Lm_5)HykV9WTB6pS<^StO?*HB#MfdJI4t_eO`hIx~FXY#Pj9SPM)Sd7;l zqpVtPeHNhJ!DJ09iJtj~8%@3fULdFqr25ezZ!2wTdRKC*Lw2@fO0c3VMWlO0j)v#v z&}@E&3F3P@NBfSg+a^r}YDoxrzHEuhq_&CIXnr`>nzMk+|lbZL^#jB*O z5-Ed%o423lNcSbmJ)kW+o$NFsljBSy>Tc>83-yqQmDnGZHJKShLP|mndtwkc)+9so z<-CS_SUs3H&#(O8V~H=aHq}|oE)FfSyg)$8vg_ZGi=Yhd;^}Gj@thpIY@6BWekATq z@~E?3gH|TwYdS6P{j{V4y)awL^7MpDGxzj~Qg>Sf9G?v>+eF--5c95e@{;^Md2$!E z5pg>xwQ}pj&dXH*ocPWgB&*w?at1^)u=^E6GGQeY^sC~xpS6(y`vGlns~Y}d3fIM| zgrdjB6vJ6z%YvSYJ3T#8Fbt`9$*-Me+%pOf$-`@jZflwh=U#Ij64N33E2e`filHs^ z7oc_2R3UpH?fpPv(EHl^Rx?w@=0oC&+IJK`oF~ysCJ)Iue(`it&V_Q$u~UgopRnBI!jo`8fFf@gp=3gN0#+R3lD3U^!l zXUv+PmcpG+a9=V^%hW<%k>+^?q=kv=6QyA%e)~EorH6Qkci(v>5L*vpeuoA1G+H(z;G2(yYd-xUk2J8dRAj}-rsh}%~vf*Yf*A_L*N9|q&r zKo&+4BL{?{RN*(?ze@tf`zm+BBfHYEaI-CdhZ7(T65L%;OIIvmb;5s2gB!YO_{$I! zAPd+!l{3C6FNqNaMgAYyVaW2`3$Trh1EI0Ns}TUTnh6^EiGOV)2d(wEzZ#*CCxEIo zNRK@B!LxtRvzqDBR8RHUZ~1+RM4nCGc;HSr0mTECv_;^_0r-zobSh_lwR9xuv>y?> zV1du?6PXt~oE^YaJ_*^J4>!fbqajGRE)4g^B6A|2(`NSKu8D2AzfA@0^|0%S+~!*- zIKM(n9sbiA@N{i6+{1x3x(|0H5zsCtYl8*%{#$-IApAmbah_c~NN%wYeE)?HDEN^R zT!!yRzde#g>vokRg8ybCj3l-}xIhlgkgi&cuL;t^1>Uueg3!7A?zLf+pqo#4*LAuR z0qR&377Y*JLL$%(g<#rCqywVke?$bP(Xhzza=;4aiJ%Z~2*th)3vE%s?@jH<$=@9Z z45L1b9S&Kp{9Wwy<9D?{U9t^@MFH09r2l}3IzohN_czr7o@@xWSiLn_0Sc@&0{e=mh{1SHZ^MJBhV{^+cVTT%-=$0oR9-T@Kt!wlI1_20`o~ z!6>V-5XzdwSV#hBbv1Vg>=S~;(1S1sGdIV+8cdvi@Qkr8uxmWkqD8%|rVVKaFszI$ zi5<#l!HGO$NUr$uruN)ull~LJ{JUb8i!S8V+_rmtr^W{E)1Pr4bap!L5~}~irWB_M zOy__lTW3qCY3Ja{shR2ZND;O{%!?W)k3+sQc~2&1RyC`XnHvsII9nv^4LEFE)RmC# z&YX5PqTy*) zEQCt}8rjd*L?x|4P zZB{X7d@$p}XoNXrX(DyNmgZ20<0Z0~)5k`1(-I8CZ997>EXzKO7(5tUSf<-z;9@P2 zqp-30<1;%QBd6J;nX~e|^tumQ#|(Cu5;cMTn4BWHcvNmjdjAk5@T4Oy6Bl1k!{49D zL&~vZ?rBFT`HfpjU{uoi>8Hh2qH&UP_yWnjl$|;%mI@uAD8;F5p zEfO|z1`#<5U1P3$ueDE(K6o!*?IW){ka(e@p+^v7I!f$%&{9q$Tc21yeoup(P>59I zOnEbHPcbXld~Ca0IW1e9jCXXA>rIt(aS20SgZOECr!(3*y=4h_Kb*_(or#dCTAcnT z`n#c?q?8kSc{~L`;qz1>u zr;QckGn)*^2{|Im)y&8ETlasM*c&aKzBgacnY>&&=d+h(>8r-zP%~H>IwB6Sogc#J zUI_X3+&p2hmJY#>?&$XHd*-Pw{JM6;k;@o{gl~JcQSDq_gc_dftN&s=9ioX6x4qtC zYeX?};BZmJziD_zw^KHW_K*WfbzgdMKF9ptOvaiG+jeqfm3?Y+`aF%19eg`6?v&+X zaH8yXGkpz8aU~s{QB`M_SCqMNUOSNRtiHPuH9(npM|CD4LqaEaw?_6ok@&E@b9Y(X zsWE4NGUfvE0-Ums_ha^Luy%H?yksjFhnHu{0c`hL%sprFQw-0yi)X>#)#;f+jvU_Ns;VKPoHtD`cd@}AdOP$Q(5awNb zK3HSt;qnL8(EY+eR6d-Co~P-=L!Rgsi~F4ux6S$H*%H6U{D1Epx7fi&THfkv&u=o>tsQf5BHOX?3Mt zy7|Ez;H2hYn1Z+YR9eI|36`C_xQc%nQ$|DT+mYU^>8;M@Fe6V<>|jA^nF^d4$#MB_Q@6m8sZ zn*O%d;VxO@?dpTKQ-+d0Pj_sk&CcvQ5#9ZOZbUl`#)l`IW-lt_7)WiWtUAhE=Xcyk zzP-0L40a4IQF7(rMQX~fQa|r|(r-X4Xm)HJOe7$0*fA0*uSZWPaJ`M|G^`)1%OdMf z36x&;-}&^d(bSP0GAA&5Ltwfr*(P1XrGYM^?V&lgG22fxs`{rE7guo!TvF8hf9$d2n2U++}%l#5F{bN9fAf;f;$8a63Cn;_vYT` zo%dVoojcFWnpxj8e@-{G%d2+nefFsXG9|fHi?2H9GkW`m9JXU$Vkb15-aUGn)mx_dFlqM18Bkky_mO?cTY+&1 zKNh(w|D&y9dGkzT>}c9w?!Bw;#qtk-(CrtYTrcy6(-!HaD=e{;FJEEM$Os>&n&nrT=BU=*}F4fwF{C{H46f!v2x( zjatgy_X`+l42_yEJ2lSV3F5yu@;o(sIkB=&9^0{gq|!I*ZCkS-V0Mammf4B29Vk{EDSh8# zyggpNhC@%Raz#;+@$wcEr^gsk)$p>3*V7~w)R)DQ9;gIQ+P=N{? zq7quS&QCZ5W1r%osa~*F%BS`3Uy?VImdt(sxc>m$0yuG%G*MK9h`u*4}ocH0#v%{64qwTFfRO7>UNqi$`rYliaCeTOQ z+<7o~0viJdS7^TP(k>+Q-dJhIxgo|ayC>X3Dim?9HZ~qsJp))=A0V zviHRdxeIRKbU2(e;qE>77Ia%$Q1RK(+(DYBJ6T(Eh`ZX5&K)4yliUupps> z5rI8rosZBd30r!k;zHnXL&zRj4mz@>G5tddz%W=mDgjd&i~uZM{c8Sq*R_@$@Wi{W zwX;SPTIR5T{Kp?yN;C~FxLat#Ap`>5S3xGguK1sIC?Lw^eOh3Bp%PlZ{*Q_LHp^eK zfbO23PFDbK1A}loAyoI(1A*G^-$N#p3J6?D1lW_{41Q6Y@^4{eFag5==1&Tgg#gAc z?VNK9g!`wTdq9c7+a8dAXBk|ee*!Wc&=-p0_^(Wv){ldW0jTVcu=$6C(DWoeYMwqs z`7I6vsPw>XKtBF8Z=*`X1;QxI-ld~|NCXaK44lV;dD@?TMmLr~Q?-NyB--DO7LoAp zlLknxK-2&a|0pD&RDPFg`?cb^^E4VsB)~9P53C3OsW7mNmbV20Qox_mfVl4wa07=* zzy3=fWI$zVkM>%CEdEbFCGIzfKoaQxBRKEK0Co6VfXrPb@vFl#Ocuw7Y0UqW3XlhC z1M*Algt1{B4Lq74L?cNBg|(RZmqyaTu-FN%UzhyHbnd5(o#MYkmj1gquyeA3zq?1v z0$J$aN9T_Kg(RRzKp#-}f15n891Uc(0bCRW;6ORhoaomy0OSE!-)oGGwqLm|xZ&SmA6V52JjP~qpV(?}xZ-y^&8x4i!ue*+R*$;k~IkaV!&)*=xQ0E$2}z5xggRgxqs z6M`(Pr5MhuCcn~-x#RqQthjqhn^$ON5+4EcPy@$W0>QwZGXf>h{+%BiSoZ<18%IU> z^?Gffez<$BHXJemA*VVv4lW)(mEEOqS7Xdty2w$I}F>yoe3aVDd|&}PIw>wn|r zsC|}DspCdQL#EBY=d#vuqopBpWAt&B(0}3byrp4&W9)I3Sgqs#vddijA$Q)zxPVM9*u2&o2Jm1=ED2ndJe8to z&|{Yq8Uo**pR^hrq6;&X^7btQ5lxJ4qnkcy-7k?LMRN_w;g+r z0ovEpYeDD`kQ;Y;Lnt{Jij?}tM8tUc(RgcfxV`H;6umCn3>AaMbwfS5lm)ii#e8=8 zT%zY$_Lg~ z_N<1FnXRW(;4493OW7YdtF=nhF^r@NM7w)RYFuT{P<9At292?w#Fu3ElMTa9v9hX? ztdh)(x$mwu=tIzFH*|JJiiBSk-$#Zh(-B|GH0k%wkIXO>=y1Gpf|16#QX8&qJ7{mm zMhTOjHRkE%smTpf8K%b^@j@GU2X4W}Vv5)0ppmV!jbat{HRt_3Oy#*UI(4WKobQiV zqv(?H>eti^EZeVTiV+l9S=kNN3%a%kkhm-Yee@D&^c#8zx483-CxbonZ-N1<9X`t1 z7L`fTu6032`an_5Jc|VH!BFv0nE&Jj-QEKTQApeAc+VH6H&QA0H|=(o)!{}&elY&Y zugb0R0RAjfhA2y1HR!|Kr|D3mD!8xCq=yP&>^I<6^n4^GOie$k7c zcyjEIL`8-kn1=RMDO4TnqmC?R<-NDNZ&k=mrNF+xC`1`hs0^I&+f1JewMX+lu_Cjy zr&&Mp5_;gxv(6r|T9^}nuF%TU(DJbqM^MmcDtAmJJbiw)jwdqmY??Uy@Z|oOLP}@v{G>bbhw?b|H_-+JfHJ}QeoykPiYQDcI!_%Hl6;7jfc;cxn=;dt~x}@1S+58}C*J#g28k ze)l#rj;It*<9kj_wR#h52iVBGU*>fZ-D`T!=1O_lMIuVCU_3p4b~|P~g+&@`WwB5g zj75J3ZxZWkt}am_^z_R`|1Y9C_NOfcyq68+Dl{}^7KTEA8jqizCt0VK30a0QCHU2f zAEvS+uC;tUJ!(^i;8Lks!eHhojgxD6l2~iRCegVNf+toFPJ5+AQZ?~Z6Q9H`&`ss` z!=$QTXK|wI)Xd&bB@a`cT|HRykg3q2_E?Ox)U~Tqn$v}8$@UXn)jr)2BgE|!2HKI= z$4nQ^RXG$cwYgN_zZbrMCca?7C@${;8gPFno9>0Ee_K9xa#dtI!u(p%0DqbVKh%x8 zpi(m|XRF=8DjISFYJ|+evt>5TQ(M0_?XOsQnyOQovP;IoLtZbU6Z-sp`8ng{oa+?H zMU@x>r2Cx_Woc`5@-!I_WAzflWnpCsLY_lS=;T(AuqyjXOgn^SHyRC_XL4hC(`4eBR@q9^)tRy8=8pizj!Mf6bi79Q0XvVLJvn{H!bG~i z$QY_zJmUO=!|nN|Dr;7caocQAgXzJPh8X%!xE$?QxtJ~TRZpx|nW4PCq`_sZdQtha zY9@8-U1y4A`$FYrE!%IlAClG~)>mK2@HIXbuHvh&%rr-As?jwF3=Fbcnoe@S48=g2 z?<-5htHCi?a<<{y;YnmC=0AAw6V6Di7CTh=4c7cNQz;+&vbYc62M1nN0VUlRKj9wE zy|of}R(IC+t<~R@E%RlW`)0KvpJ889HUIqQefy2DfYBEGC0_~)@8RbbIFXXd7H8+q zl$AOX_9N0aV=C_zwx$Ky>U1Z3YSJ8LNb)ExCj{9tjHUxQCp+E{5}hRX;(L($V*Pp zel*+;(i+Xt5yS&RC^oG&!^&hE=>4>Xn>%hIAfPq2%~iW>;Iy z&p)ZZmf@{RT}E-T&D|E~E&cWT$kQi z-6LQM&42t(II^skE$;MMm3(^biuH7M!H~lPe5u+cYf7THt|?xnQ?)U zT15rFQ#5+7bx2085_cSaDs9No)bKL`$#vYAMHgO?^8r3PfS{^L{s4oU3Z0TmkhG!Z zK0?UgMZ($R2L_%TDLD6o?aRMMKSti(mx#ivD_mYZA0LPagqN@RQm8i)cbGB{B$CvY zpKxUD1A26=k4raNwOrfxlDoNe#Qk}8L_pT>#3l6hy>S%xE5&Xpb-CGY;4(3DRo zVuTyY-%TGY05^|ih>#yOXTs>IU3KwxPbYM`~-xFc%W zOxht=<5&9$ufcG6nM9Iz3ZeJCSOrJif$+pa?=0)QKQ^{j1M`?Yg2W1M*|%0F^~cu1 zk2+AAbelaHrfgHnSGx=sCXA$J2RAfB9be<1@m|{!RK92&ZRdLJqsPIdttdl=@kHYz zt9L)7UdA}; z3pLoUW(lQC)QHHQwTKC@Px%Z2X)bRF*p=A(v`lN{bZk#D>#w1|U%L5};4Rci7=3zv zqn6ub-6SP6_DcMi+R+p)1UCDsczbnRcDJUG^w?H5{iL*p1mOIT2v%9F3l=-s-jzKV#Un~tC*7#!x*t~X+2C~l& zG20E^pK#&TKYH`No#mxZ-cmH2kOp+kJhxQ4@Escl-YJV^a2YEBWv;_k*`LdD)jZ#F zf1bB-BQbInkahYKPGI}?$>fhOWtZ>OPX6!zeZ}hybxiH>BAOD8$E6scj!V(S9nJxW zl2D4?TwVRBMM_AHoHe@&ptM^R5S2oc+QZ7rv4**~I>G5J_Z7L*gT;hv!`HmxdK;SX0tJM6cP1~W)K{PQf)U*3! zIL$A3E6ufeBszRYEbJM%al(xl^l=5Ac$61e%xZQ&$*EHFqD@cN8S}X6s&$gWF4JpI zFhWMX!BxNXJC|8p;i*k^j=91lMicPkBn3J+hKCEu2U)Lm7Q()9EUn5Zwd>a59`IYM zwQO7JeXA!=1svl?`j@lq_gq@?KjGrF%bvS6Mj|~D6%mU9d2kQE}-*)^$e3#!_w5N*}>O$MXIGJ+@+74UN#0Xb`VeOorw=)!|lD zX(qeYP`3GAsMdim@J8QH^e{hWNPV(Qcf)6JNz!j<#<0Gm;ju8>qeRGUuE2n-vFQ>$ zgivH%Sb2;QG4M2I*X+=ovpv^NzM9O+w_80az3dnobve zj)KyK3&8)M_J>zMM?6?V(eDHP|4uZ^yAoXGen3{@!-6HH0$5U-5~pZzCk^kKakf;y z@EsX;pu{q0iIrL26@Y=-+<`8_K(qb)o; zEeKE4msl?%3(oh3GhUZug?@}8j9^gybVCRdbOtv@9=J?Mll=_f!bSNJlVEaJxixYL zBN}aNv0_<~js=y@8dM8Gwre7KU8DC9Wi_=Wk=eT{l<*iwhJkJETPZwp0asxDiW+7C zlmeQ~6vv;)oExhX@j@?2Lm3ATOOYc*p6o4c92+2&AhIBXp6c-0XHT^@iqN41N3afe z-wE8=1IBmXivT3=g814oM#-CvLWGXqb`d>K+&%bmud0Ec3lohf&OON5V{cSt)9Siz z%eV!p+r(9{y}7}Wi+{4e|5V>r1x+_CB#zCLZl7Q6*#SL_8ZPFuX>P^AQC@R4c-HIU z@6Owcer*QQYwo#o-ebjvy`=~1goSPESfNebWO%u8dMIw?#Eor)E6E~-sm}W>cUx67IQLB1z(PQkW*#f|RL~_$yMRrKX0=dg%<-*dI*MN02RBWV z>BvQEzE-$k!hQJyZ9EsfGhGg}N{*d)3wkZ6<8)tyQYg$lM0%baUhZb(MWaRT)&7PCJF#CS_?U zd);&VSZi>6-Ebx}0~zu?VwLaNn&3-<1NE(UB&KI5#1*ir34iLc-Yeh~*xYMc_ul6r*Q-^ED&((^qU5E0@& zmR7ry@;zFGQk^f?7UUR|s^FP|wp)}afo`?RX}UC_z?qsYU3GLvU|o&+F0c^nH9^Tp$#_36G(Vh z30N$C5HlxzsM1{9Rlg?F_&~RC5!FG1zBh3{JzTnUWEbTqtaDdunVaeDgd>YECT}h*nC`0^yIIUyVW00!Q|2rS*{; zE2AY@Sr+7I2or^*en*kMw8m!-Jg$qq>m$!~J8nD3L?@K};){*?=qWDh*|=K$cYZuZ z@D@}5c8HRn=!sTY@kvzTX`|!Ox~$C327OR9C!8|Z*$QKV^{!8kOP+7MY_trgKk54T z)RAU!m*Oyi8VS2&g2yGDYQZ$IZcr}=E#6*1PqJELmO>kl$>|Z^ zJZ@>w-q1?!9(tIMJ!*Q%R>W+cjYnSLJnzaqpMdhvQrIx?rvP*AkYIrjyuW+i=Kf^3fr@ zc#*IBrHhqgWXc66Yg(awY{{O{7iYxG@KYQNW2}nt%?5+CLBeMdD8pO_*K2lW|(oxpXV&hw7C^nmY+38gFz;S@#c$nYv z5;t;5_YuFLeh22IGtbN|H8LA|WL=e%`e*qXu=37McOrKe+E}wvs5M|Gk@I%G!pIB) zF8;o!@vFviRg)&+p4;P5bo}5~Jl~CdkaA?k=}m1JSjM&QsYZPThk}#2;C9gMri{tq z>&dP0mE7Vii9o9y1Y z=NVf}Hgh~YQT_2=HL}#M!N(+fcBle_;L!jBT5nrzy(}b>&N?oLD##B;dX@v6ll9%+ z5wbX&+yYO;{#hO&UvT7Qgdnn&psuN<##gauXJB!oD+}M{ZLEXKE>A$b-p#bvIzMBX zi8aY@8;`4#75K&>S@s6LdGE?6vyS^hnt=NX9v>a^QNN!qU#B1y^@JwzN{muyUA3^v z4PID}i_XHs<^d{p(nqED{emPFH5shY$0Mk>a_SJjZD;W4FQ7&mYqAbBzT^rw?V*D} z1XDYwqcGyW8a1)FT@ks?ou2SnSbqy)wqBm|iIop21Z(3*-RqL8CTaN8*;6S9wXpgC z$K=bGS=tW57vvfWb3FT&C{GR!g7}&ePWwN6OocS+B8-o+sk+Q;a33PjXw1K^b^?N0CA0gVT1_RZ+12uzTRf1uy@PlFf6Erz}3IKJ7fvUnl2ZkL0P$3v7BUgpXly{WAy{64f z=OBY%R>;h0Ar)M45M4(q`g})7vcfDFE#KGq^hIES`~=Fml>J)2jV46wM93pc_Iu#F zVj^1T#i%j7)g+W^nSi-qQ)kd_xg>f1+iyt2Wa_owm1J-8XdF-Q81&@E=iLNUQ2smBp%pnvX}b z!5eb@-gx;fyj#(_D5xG@R2`SrI*#!rGhzilvw`iNVeioL1lh$$P{z8aIu=GgCKZPLbj`TQE=;J z_Os7yt+I6^1Sa6_=yK^(*-EAXQN3pSk6NhcPgTq76Lpe4?j{aDp)fTNOdZRsp?RNJ zRbs$~%n$MKP6cf8RoJYXr6bmLPJq;Rbg&gSGeULdc&r~qqLDH7ked~1>lovmlq%Rg zL|cx`)oVDqiDc0~M(lvw&HHeJU&BmtYspqax>zpBiB6bp=4&9RHkm;)&z&TNH0y`9 zIv&EJ=SYv+Vr`->{h*vCTc<+3oozIUMHAzv5+V!bq(>M>RRktq!L4}moZmo4PZ4_O zpDPq!&oNefAO6wE#o2LGQY}5_H4#17Dks{9k(tXvZV`kY*M#8UUF=MErXQNVKm?Ef z!QxwWc5lgMf?nH`B+Ze+WS^%Vb#0g54dAfui?FUk3FK7WBxnzQ!Y#Eya|$)~qHGWG zRu*VTM^dtI8yf ze@U6(Tt!mv0fo_oNVL!6YP1k7Ev`3>SFMx>d5fo*3R%4CWf`4G!rNqY?MkzA(pEaH z;s!Q3N(8)viGt@BQYq$Zm5uw&1D?64KjD=4qu#rdP$)Es8kAiN3n5$=%Fus_&op`C zH_G{8g}?F?EKUGK&)eg77D7D6isoI!sdXjC1G*XgA)*>Iq?VZPF?xKRC#wwP#3wRC zbwr{q>Dl0(AgPEtEhN0-Km4js);l%N&(kO5rfoL+Q5jnyc%G4X^S(vcevWoTt7D-- zAEwccr9jS)qX$|QtR3U{_}}EKH85ZMBSf6l*tisB?7eIjDL2q#^r6#2#lZYJ^yU;x z`(QyyFKW-2Pp9ArUwK&)IgzW8os+CHX z-5ZPAr@v=)+$Fw7$C4BVwaAB7eEJ|Q&ZWBYIMfPA6(VW$U@boI2j+3vx@fm@iifP< zwr#_eM1>8OC;Ak=E75(}938~qDqOl0tPMzXc}Zc8vTGcJWAb^@H!}PED{D`DYT89A zc?Hqf#7eRF=HhOXod>U@wQ7Y-ZUwH%b+DG8y?9vCyQOnPnc36yv}g3e$%S>~^b=F> z*SF{-675P!HM*ViL^V8;m{C>KmvVMhBocLWBMB&F=N0T}5uE zx)3kLWDXDXvFa?WMSDzK%3);-meix}UK!!-QO0Ezw9-c3#qMAA%yM;H-y5`Ce}6R) zksdgHzxuXQj+!Sc~W>>)nyXQ>c1cA{i1dr)C?2J*Ys`KSI6+d?? zFRfs9c&@o+P$h#t0B=S&NG3Pj`54Mv#_rXlMS_j;CE8QKnh|S}0A-mVxIoU1wLTU{ z$277q3^=L1yt9kekPTzsg-|<^tbW=UOjBsa+|N+ZI$shy{J`~-0+GTxE*azF?IB!o z(1g2utv*?Z4CE5nMh|x#&1Zf$&`P`T9ptL|(7HRgKI_%(5}_{%J-)ksik-KiY)t0< zM_O&Jii-ndf=cEgA?-m$K^<~OvGN4Wk6)oOBtPLCuU7Sjct1crkm3SXHCNgt_2d~1 z&_iUwP1J@%D&txBTcunA6iVb122Cm;ML(kj*-VRyNk-2+!f#KGIX$BZ#URjU z;N-?u=j&&AHs8fRylKDZ{POu{s~hkBcd66Kp0;;x^;OUr6HkMd#(NdnYdwLJ#IpuG zFsM%LeVFlm`E*M`5&Tw@fsNOX-u0^3Ff z^E?JuXPM(v<0?GNHZ@Xp-k&T3u3dxO<2YSs40g`PiO|V;xfPgRb?L-03mIdp9NY5H z4b7>dFJ(N3CASNfH?%?3L<1nB;_a>SL}!{*f@J|BalrQOa}xD;T|PNGNZ0qpv8$c6l41&*4+wjQORu| zE!NY<7!*dV#lVvo8>!Bx2b3WK(@PJvCHcGCRdk8=?39xRb~^Hff_c3d1? z!DaxR&H~)Ypxrfz0=N07V1f!hP@N+md;k7NQ1)<rCY{o_(hPsqNN>MkZ(l$d6EOyU{{{A*3?7(QhOxkNo-8(U;@NAMowY7} z`-U9?u=Fos)e|MG(6Zd%lL)W&>n;0s7N0(KOHp@1n%6ZW{&!HdJJ28hRnQ9He3ldr z92{^o3k?GS9uD>geC`ft;o!dLz{V$_=8{p@&`LzYqvGV2l#;e^DOmnS!}G|TR@0TY zZk#UR=NvJVt(q?=$(CW45O9P5OI_rpnJ2H&OFd zKGEka4mBJ9m7gQ;pc(I=bMBCM!jSxfpO5d5^xq+&fg$;Ehvb;i4&bCerx0L}#xv^f zXBMC6|I2<3f7^43*C+-Pq~MV2x$HjHoe0l>j#MHtcQR3&5Ur_x{0MbM3LF$2!Mc2iU0)xu)onF{ve|1WXW};> z&M*W#duOT!;UJ6oD1MN*Oz6-inw!XzVpQx6&a53{ELL9E-KM~?scIP5CKA$Vl@Bqf z+&lIKkLo!83GDtCu<^eUSOSMn8PzOIp=GdULX>7i&vv=n$_qnli8dYgJzC;#qFppa zv!NW--Byh!Knd*~A;}Et3yA2n*I+jAk*#<^{u3_bZzwdlVmhG*#4%~)UfZ@fh&8GY z>50S5H8An)u+{BDoFlC_P|AML{FY7v92(ef6#w9w|?v#eTQPuDb+?+c2G(9#=Gp{7@hgKc3NO-^b0liiR3UR+4-sw8x z)q494Iv7eaO74Sk8Y2QCbPT=yagr3m`gYel7u3yLgoSIS_#W|>a%2GWeSj89sTPp1 z^M0Bb<-x&uDVsOrS1(kT5So%}iCdQt2Az%EPru}N*OTDdsWw%FHHf$32y!sxb3++n z6hg7LprORcUZb{7r4di=eiY}I_u`i-sR3(z)y!OZ=rZUh*+0a=E6*?WfJF=|;^+^Q z2ZF7r+2HOhYsE(=yWX36Oi_L>A`n|*^&@!D7laTf7k;4q(lMq(o5cOd>r(uXmrTZt zXK0Wz4w{F_5iVH@4$@(Y&#P_dK_pFNs|IU0BQYVY)z`!^n^cQ+XieKp@`@0@4SOCU zP&(1WUhiPe*w-!zHq?q%&k<=hncpaU3+FS*dm#&A_UP|;Q%<6cAEc|^thR$6O3T(y z96f#PApnvQ%-D`p)wYb{|LC4^;@Ba0z&T9jWK0L_RK?^k^7K>Pe)+1&?pEaykK(Q~ zcY&|A#Hq-QP_L`*w1XrkIiWa69!lGr&@>hEc7ZcalqAThDkPZ;%ruBGqW7r%KMoZs zE}~M!ISnV2A4f{2vXX}ip{ICA&uI!db~YbAvO#S+$`yeP2LZ#4(>dN;;74ayF41<9 zPkTN`#QUz6EczjPh6%SG9+J{Wo%HsFBO8%nnCoH)$qO0p>6i{2LP-b@K14{Wr78{a z{3p=;>@Gm=e4z08_VH#qUS&AK2^9X4G?kQ8Gv#)!1fWyF6^ zG?S4pGU=5aHwI3o6jkyB(nf*kk13-6XuPsfyfCRZ;xUq=&)pvE-~NmKZzea5woYD| zJ^2Rul|6(i_kN%;9^?ssk;C z#eR~!e)&!;MMI_`R;@2pFjA^e}dnkOkOI;LPq&w1^Y=<(x6}D zp<&Ps$tfI0Qb6Tue~;a?{P|}fLH^pt3QLA1W`5%{gqN+akl(Yn)h523lc|5$`zJr zaKnR?-=>QjB&XJ8^;`ZwQ!}94KT|UhSU?{C?F5W}DC=)|oa8THq`!cr?vnm5%>U!S zWOp;f9cH<^8R8e_2G|Vo3$r6^hQPkV{J#Ns98H6&Ox;t761GJhcogMKbv z<~PYP0BMd|L09QVK_2DfeZv)KY6>m9_+W)0A`lboKR+_jiWD7<2h~fm2S8VE)6a-7 z8umX<@ZZe=JUVj)xjF*)wbet}S|RVG)t#dohiF3JjV&j0rF+Tzr@J%fLBpNfAX{+_ zA6XT}2pJYPU-|@khK9m~M$l^wQ}w3QkR+&q>;p8{3F9viln7fx9>ZwtC@1HV;{3Ai zhvvP{mzBxvowNHvU9UzPV(pv1{{YUDf4RY^UtPMNE!-7zI{0XTUDTbb4D;2lgiEj! z+hhi!;0yC!Q*qAHZd8V%^q~AN5KZ2&1+B`$m;%nx8r}iHklu1!ni(Rr6Z_)g6;w#| zhJrTPHnUtJ)Kmjcvk*H}uo86;2kj(zTvc*G$zv<{ZF1zN~)p)aJCAqW<_08ZAFE zXQF2W7GmyglJ$(($?w;&y$)DzaN^k5c%gZZoaEL>2TTH!pwh(^Nu3PY*G7RuzR^HT>&jBM6H#}=F&vVu_2;Pr_1q^~k zE)%v<=J#b&7d=Lw%-YS{cbYxivcUi7TI#gcOA+C!$en93g}ajVB1gD8cO~{Sn|wqU zVmI$@?f$z9%^ zxpFbjvx1za`Zw>2kSE+pp8jgWuvqvuj5bGcMnO(C0+Ajov3vtv77r^ko;o#Av@FU9?+W6^0G^;fxfOnqVXPe0qLLbJN`h?Tyse?GykLx>c364d zBXfHuJzU!u-qj~O-NNo9R-EOYMv%;GpmBuWLqk=J#>Ca1aHqKQQPylV+S&=L=#9ZS z?s;2uAAfKgmdFn2OEpen@+)TFT4B_@S-uFZv}6s!&IotkG2Yywrd0CCaxX0Kt(O-9 zc#EK?#^D)@J|~*s47OJfnV;qwC0)tibjzXlRHn{@;AVQ!1X0h~YtJl`U^{>qiF#jB ztz_AcayhHrA__*|W?#GukxG19#Acq-bVAfR`iqbkj1U%wZn!-0j#feO@9Zz57&Bbx z@g6s6E=O*A%l`LN@NtwsP2Eo2KZUau?T1vD_SF_0|Gc3TwJ_=L`Gi+wkA|98mxgN5 z^4u(3rla{*G=$h3d%G|ei`Eua`33WtWYW(PKJ4TD@>K{V7Dde1w|&5=7C*W8D37wN zxkFq+%{9pHdG0F0#f?}m>e1D+7`)Zf@Ba_%e?lQ>ifRtQ>a2Wmz-iJYygNG#UBU{C zJF}&o=*+F1-lc2~V4X9t4YRkL8BpCM-zC?W_jgqX%sWT|_)K!u?t+W^_O2{}6%W=w zragVc{)Sc_R$cr;8xNZaexarO3#~Yiv;RQr_ZQkrU~2gT?a5zgVe5ro-2SgdJCdlD zfG<+EL{#);3KWi)B4z^8Y^6gZSUrfIKHR~dAD>{ONhQ~njUGST!F)Jz5Dcn6vj836 z5BIn(JbiW*%DLiJR#n2RC;LMBt^c_1yBp~&Lt*e(|DSRRCDCdOOO;c6x~~qkfVdG3 zl5b=CVkq>+SWhk3t7Z>iNKq4iiowCLV3$d#X_@2nedxG8P-GCSdGrzofjjJqzF!mf zts>PP*5gP06Yi9nG<@XUq%Zbe=uze9(x@E^MiY_qr(*1SO;nno+rtS{xHz%iKp{-C zCWN+-lZ;$2Gisc@_uC-piYm5X>Ijc|;P?(RVcJa0J8-JXy0TQ$#GHm2>!6<;O+oX^ z3L)VF?v;8v)0YlJRr4rf$FGsU-{L=#_ZYK70Ei&+fV#Wplvgvy+fECMfCf!BPAk zM=8D*NjLnxPLF0VoUn*PC;;f!LxGR5YZLr>)GxF?^fW>Q!8-Ppm372b2p)cX zj2<%$f8@9$*(eKh5KWG}o%v~dMnAZ&mm$%by#S?;FjF3SV1?@D-sds;C>&(nM%sh7 ziZ@omP*f;YIsnz6Dj^-UK(&izqM;e^V&b2$+;Qw65lqDXgxk{6^4rVVAGULKvcw6^ zO0fkzk_9Ix*wG_WjmHELDF_C+G9)8uk@t-WpqC{%sM*q&&TJ0{?updk@2-`S$j!Bl zHO;kF(vjJ-;SZqq4tg!~FI(i%Exmxy;}mzffnH;$;l3|^v*e>F{4W@kO|Hf$?FgtrT{lo4b}>V z)w%(x;h0Ayi029RYqEq?&?H$)kA*xvf!|hLAK2bzV%-3BLGnm~H5i#zH5qf4%aft5 z6~r+lt`04PnH-d2D4DDYQ7S|!{mF@uia3zc!RREYaunR4WmayGY=24ZHcl=LYKX>Z zjH%rWCWcrT5nAIat6#*Fa-nX!FAi@mOPD)i^^AojhLAWd&bo+k*kDqBts?4HRc`X+ zgw8Zb4DW#yBMH)|$7-`p@|7|hzH5TiXvRTLX>{M1G($AK8`q=}^cmXTgVL0bGqfhW zG?AW5PB!zAvMAg5Yv^U57tlTdzQ08J;NS2Q&KcbE8evHQ0pAn{QX^POt{8->AQZPw zz(KsCO_^f!A|TQr;C+5*!Bo;@Os%~Ce9MOTL_h}x+Ca4Q%nqp+wXh7ix_XCK;+QJhWG?jH>OB$^PL`D}Mu2iauLd zO#%DUR8Z{5F=Co5f*yWF6fkY?1A^JZHa*e4d9@2vhH6=wgwoHNI-b~N-XVo1cx&_} zjUh=rL*f>#cp`^3Ix(q2tD|8hKM=tB?WAzH1HM=N4YX~ z2{HAO#apr3{)9`T)!+plqiFX<+3?&Zp-`3nm;xQ7a>1aGjF8Lf1+s>l=xq|aFWhZ1 zONNm9h$ru+S8nLl0tDNs-ma7yG_XnVBla|UiVe+itGbjE3bN%^knTF77h1<`QZ0-O zH!x!4j#|rNV46}B*TV6Hr_oS0-?%6lCUh?!%S`-pvU2;n$S~tkkE$r7F{XKts+2J5 zsz&V_gRhAAE!N^fuFj7N+>@klJYU7Z+m+3LdS`Ursr!4etDze%6 zafxcK>qkzRE$1jX;qn)PB|A9STR!AQ1KGjY`(3orcBL#~SPWFd1*8#4P7}HA15eQt zE!9&nZ5VD&hF?azq&x-7ZeTl+OON1}A~TAb5X6w-TZ_?Ls)K}XrxT(>wRx;6-4~@a zlt0m?K?a3ewg|@E;@YA?gO3w&2E$Fr^GhuDsY4%V1gE^l4v*B91`*Q~yPG`qSmbk` z(A?yPoSSHB)+Qn*;>N{OhfpQRCAEQSgKRg};%>Eni&1;9SHsCAm&89nNsn@7H*LjPTQ1oy zCmeHn=l~xv#6b3p+-aS3_m_9m3W#xg;pzS@?kFPtIHk|1Bqk*7``C}4a6^&Twr)Dt z^tWMIhY$M*Rf?y~75N_0ZYC8$CaC5Ix&dd7*r#T?nE>8xx*IeS=|v@L;gAx%-r9HpIPLIt^)*@PY$N6;`mV2ei=+oFSrUfH4pio*s8$$n z`AjrXCFiCDlM%)VX2S=dw;kD=LMK~>SsEZASyn?DrSD$Ra{030q`e+De!)z3w)V7} zr${;cDGEV^stifal8LUR0aY+jMI#nKXG>8LtEyIOJJ@yP8pG9T))pBnS?czKNKDkj z_Gpme4KBL0ZyC1-Y*zF3Ov2l(mGZxsK$EXs4JqnpVpZ3d)|HQ2CP|gT!Rb!hBN=ti z`%AhFiZG|!M5N+bH@#z$Vd_lt(ydqeVd_qFeYgoK#kGpqALF5isS-09!G?LDumu?~ z7;(ycRiqaEZP`lF3{5Yf{~Y?KxIBdhsKci!jhJj51X;&?8>X~_C0Z8ezN3DW^9jjR>j?4~ z$C4A6vy)l|Xy5-)+VY0u&y6Od#EW0vkG1Q$7=2Z~F+}Ain*L!?A zqs;%W(9S+h{PMe;{w+%Kg#7d0<@BFXn5zbPc=cyFog{MhXO;fjeUE(=4yXUD(*J8{ zp9uiP|1Y%X&cFudFSL70K=J!~78h8QOoG%C- zyGE33HQ)-RR_HF=If=Zg;Z)3n+H#hnY;Mk4eb&KlMog34d?1||2_EJjit|vw&-JfF zgA~Xm?>Ke=9bRR_Fw)BmI|t|jAY)?#VlYhuDiKP}(CXusQSX0zvo3~|vMNW52Fc&h z)3hK^vlM;NlrZj3KcES*<_`X*<*#xkBQCr0ytqWorT#cAbw!7hHZM1MsF=fQ7gL6O zl0;RSR5F~SW+m^Gi1tHu=}Na_n9ELas6Q?8MF>J*3K0pe_iJ>V`_=;Z(hRcBl$T_^ zW~X@Qwot(iYMz8>jt%j`g~z~#QLv`DwM!?qf(m|UQyL!F03N6}_p>`@bO(m(H;Z#& zIUCS_b{A{bV4)O>l6_&W`8n#!O(-3(z)%kjUsX-2N6+py=HpnCGcEQv@nKJ8X^c>F zl^2_GpP&=!7A)LDmDU)ivQwRd^mN%F6yY)h+*}l)0=SJV z4dpUjmDJh_yb~lU_-?xM#wr9Tk~{XkD^u2+%vc+@)dzW?vR(pm zC;?%F85g@pz?N%b=t~!6_i~|Zs)#0Ctx-(sq(fwS_*|QQ*E)w!&937LL*ic-^9#2V zycaY#pOojZ)~bz>s4}G&K8kV`osCYA!`HGzkh6#kfi8YW>VNq(&+**NA_W|px5ZtF zSz^|%hoTV0Ls+=E{B^rDt2u&ukXW`K%_Ev>6^gq}p5KDlDjb0$ z3a(@#0lM$7`2g_z^^U@<_v<}O$xyPgSw@#m#;l#@b@mR373w~4b1rbuExmJ6N-o!z zkc5M3#2lsYlIm>H$3~v(e#TlRA(`Wn4np`cw0kl_lVNUEM47&ew$DwShCV@=#yiUY zo$Mt~PIvH*eAL<}8`SA3EB)({E0(RQWM&a=)WZE1ltc0XmW1p6aK|NgYLw;_@Y}MK zg)tevK4Hinn$WPQheG0zwYCnY`?f*Ed0leJ!pL7f>w;(5T&#(Zq^hc!MUPM#sp7`& z%sbq&rCB&At9R6`iQo=hqu{7?QOr-_P*0u|9+4K}&B#*^6ILFdLMaofm7^rS!9~!* z?*PjVx7JWdJtc69=FkWO3n+xp!?!69cXkqL=VkxW+ ze|k~6Jha0_f?Yl^Q5^`Y`~#H-3_IOcu{?&^v~e8}@%Ndvf`kU2C2~C|12ZPb2s;;1 zs2jK&-LQh)*+fNw|XF1M1?$zU*1XdtDQ+ zF5UKWga^C|dlu`Q6kJzRgzFlmfn&gpoWZXec`|%c{1YySoBT5~WKgQPO#ce~#UOq( z>AjlSyb?O>iG6a1JAt3=k^omJh0_y=2|QG)YNx9)Cg zu)Ggs(oy4FZ>SVRanKsu^B!Yt118W!kliiAx-ZIV4MU1Q#-Y!RbJP2BORIR$8CFY& zV}ClMf-OlMn|w5-*b2mOTZ@Wq{Ekkvp3<9SZd>ngf@mQbF|zop{`sln*o1@cw*7QAlnjtF3xlis-8kE zHN9kit)M%1!_D8hrG=9B&2uk8#kT{pDw;AL30;I^|B?I1{AP1E$Fm#*QcGSZz9^D$d0N^u+Lx`$(+Q+?u;eat)*L2s`o z+euhDnj~EWwT^g^eK8E08K2-RKaa+-M4HC}VS*HT=ORi-v-`#%p+e<&3fU}#szyR6 zY>i_H@(gzFS${c{J4XG=ZD}Y|(^ZIWWs0+SfQrC$<$-8#sBMs|x3{D?mK3z;>s93?kCr|o7sL+hwGtWBBto|(LP$$? zbg=)#F=nXYlz((^q=Hakdfkyl16$Ij)&K{{V@=Sdm3{zFDbBeJ<5ng00>f+I|XiX(P#@#~8=A9pCx8<5k_Am;{**9~5_D9Ze8ssSp>j61yss z9&r8E<1(s8=aDYe_KH}i4k#7q7r9Y$#}5WQRJ1_;G(kqxUarqDe*upERUsU`>K)WT z3D8=Xe%YqG8^}Hkibj_VJ#M<;Iad$+U`OK3%H|xN4)1Iu&g>ywkdM0T?dThC{3BNi|%$C zU!^u_IXvnO+$qaFT$--y?Uuxd6J6Kxa>`Hm$GiO#Q2oOKQl@`(1FwGps$T>8vtKyv z7brRUh0}fwuc*pE;j~|)RmV@9_K)&yp8XfHJEQ!CI219c=zux#w{?9 zcR2ijT)!To-D4|-{y#qrJ0K^iH`ea4l0yHlJAFdY{9pd@Rz9TFd#-9=J~d0x{4YOt zY4!Y3caml)O1zbKyUO2)%~F(J7M*=GFwfqLoe9+QcdO(Bp8vkZi29{~x);9NRe?Jb z2ttvTpzf-nXkn-)|6ja48mN0FSlK!VgiaZHf0Yp-H-gyDaqk@X2PHJv%UREydB;jz z(d8FcLni0XZfKzsLGQ{w?~{9em6205Zpv@iy_6itxk=QS`ky{z{P#nH!C~qmp*lS& zC~j1@56VZ@*mhGbXN-FEe_gYtbKUv#< z14K=zNx~FFh{LR(QH7Pjz%0^x5akwZ5SYW2ur01TYMGe zI8RmQiqT`K5)joJGUv|etjgdNP+E;XhniFOOR8mOJbUsTOQwnpv z937&dLZqfJ+>qrKY&;P5=I+8Q5&kLpeFf5{3Kpg*PNV9-oTQ$ls_`nsG?JL6TGYVk zC(|D=cKW2kSfW|=aH`1fW+}uV2!o;&j@zQ-u(t{3_+C2V(?SP>UnHmKAyMVn$XM=| z)yukhHbmQxiz670A7#@lq|0UZ>ZJ;7FIsZ?We*~}zb=f9yIogXC(iuJ3ujiaK1 z%Dt%gn^D1_3x0A`!>P9+i{7D3TmxkgZuNHi=(E{mMIP4X1vRFsG$#!27@eg6bTx;4 za-nNAD`AX2g^DuJwm_%czv7j(_2oRc_5_Y%(mNkOw+uV3P5j!)D3Jnf;sB zvp;&v5yXW~@AJcxJv`z0t>189Qy;61C;uYVf#!LgoHqaGFL46zC%e2&MWFIE_Ki-+ z36u(EB>zAw;r;N|AR^)Br=cvs_c2ZIR1mOjb^%I_Xl00}YI>Hxsn(VNQyHFTWLadMIeTasZW28h&=_`WQkjk`rz{I9YT_wQs3L1oxx=2N43P#$6V ztxYM$R*e?QBn^OZHjYV}clj;$Z(0gE&xR8^Mmo6TvPQpU92}h5H|qWYHf-2LFdgBW zg=>-{i3~=crj|NKwIzJ0b2WXXRSdXIfRE7hFv+A^4MD&x?+WOvQT@w>vAEl~A-`cy zQ8ftFs;!X;KUEU+u7Z~Ka!~gFrXxN|-ay?jKwo2Wb)PWTk@eGqu=iTK+=KVx=Va;b z-5K1cC%E%s!#gqZ#as7R@A}?aimzC&ed2%U+VIz3ln=y=zxm=}(o_dXWBm66{|9O5 zjsb}z7ymiVmG6?2yc+1iNKEl8X+p$}HN9+EIJzfUEU{12lu1lBPkPTZR0JUUm{AlL zHk(N8v*)j>7}SuMudkd?p`D_R*Bn6zEM^Q~IOPb$SUjOjq17`JO|7V){be^m1=aeg zPCxLs3)>o=R79>4*8ZR(L$|PFn?vQzcX)gFoVw)RW=fO@HP-P-+ByyAoVSNtR1388 zxkPGv#K`nS(S^UOOl$P|h($b5?X%mQK+~SX&>O+9CwxB1!)mrbI(MZ`XXw}Jihh7m zo!&tj82Vtqs$AXiv^@5NhJ~?_Ws`|ggSATR?LkCl<-!)OiK%)G1WS02PF{RrPK740 z&7g$gxQqkA%9v)b64VftVjPgXNM=%rinA5%&DW3AGdaf7u+wP-TkR}a)<{-{3Q@wm zg)5Ix$(DxST=`;_G||&kmJ0wfWrx9$B_a>2yulc(P3#Mt^{0pR+1j}ZaQIlpfIryx z8g)j7pj9GL8!)M6_3fJ!?R9DQCVV`9So;-WO&(2}1uq`35s?)dsSn>kiOHoQ8O4+o z(*j`)m2Al9)#HJ5VbUt9iIMw;rWA{STTuS(CG6%kq(Vwse?~VdUs~8EN+m1jsl|>? zPCsiXK3|_)=NT%anA#7t*~!V%6N=lTB$m%@-*1D^1%99rUf`%Zag4X-az^g0eld@Y zyvz&36Mg_*Qbb3IWLq@jDq0}Rc(j(0RN2Ho|85aY#dUJr_Z!s(1@hEoLzcQ){ zE+uxhklCrwDL_h0grU{cX$R-!*=_baDMu_~tXqYS(2=NmBP^)XJzxY5CW=b0TcIBrlFALZp`x&8-h1PPXMji)sBFpdWRfeu+GE_#?TtPa%!>uT+?7#j2}exmB)>HfeCO^n%NF1Zk zLk)z1WyR`er6dlCfcu)TlOfo+a^CD94FvR{dX&uk4)6_zLaw7ItopSg$VPh2U>3ep z&7Bi3qLXb`WH{E-3%f2g2XX40a`?4DN6$)U98%K?)gDI2UDjk0(fvTH&!>9#B*Omt`~NNtfTiD%e~YY8 z=UZ>l3upoUZ6x#Oe~zpuFg7?jf6n^Lc>e!64*dSV|J{)tCC|_MsN?JZ{mFP%G^p*dP>HH%2V9& z9e>#Ni(R8^P|Ev{E7j1QZNui)Y)#21%`$>w%C<;z_l=qXqampE@tZ7Erj)iD)i?TU zM;Rf<@owMeL7ue_IllX-DII0TwVPcbPNvHb zG`%kd-=610^C&B~X=#+^Jtr}*a7XzL_w`PgLCMxT)m>0prm->QXj6$r9mQauhS>ZJ zZ=_(TyM0vH?tWHH^um}Pys+73bZ75yVe3f9u871ZHC+I6Q-bx`I|6#{xM^=#F+fiJ zhTY#H-%E@bGVq;7`8$m~4?FB;It770BWf&Xf>0!Ut7|jU%(g7HCrL`l%cN&e7BFt8=(p^hg3}N2f12udl-YQI1|_J*516D~XBwiUv?s53^`>C|>;N{ft}1 z*)zd3ouz#D{^n4V6T(zRPrBCUp+F`{7cLIeB3(3PNE*T`VVA0mL8*)=os!uVrB3~V1(uoHcnv4#6Bs&V~lQy32 z=`mFCw`5H;Js5cTxwM&1vNc4C9fCd`w!s#vEp%n(2+)t#m?$FI=!J@??bh*Ajxf=kbolmKD|NQ_cFE-vxcvZ+4V zl=V+a`aA`19EH{PR2DDdUu4N4x#b6zAmz0Rl|8d?f5n>oJr?mQCy~bq$M3v(%lI{- z9a+hP{Bx6Ru`Qc6_`|8m99~+Kac9e8beGK-?bXo_$vlGAq~7$!*Q8QEGaWzGCI2g`&S9DF`s!1O|re;AMrhop;O)lh7MJmKV13UJ&l$ve|7nS$MkKDrT^WN z)PoQj{Ya2}uSbESaIUI5ennpe!9!0rNoyUUPh{Lyk%){Kp*zjs z79E!~-*?$i>DINY*GANZPuv8EBTQ!*PED%8-NWt>tvvpx4ZrgJfws)jWwtGdMH&#J zx4$GcX<1^Gic`{DTpj1{{QTbb(&y%s!ACJoR?7Z_@168|4fnt?fLmTe1V=u6*z$c`k;pwV0Q0jsS+w$U<(o#F zA}cN~sQ2AzJy(g1d20FAMP0v8e)_;BZ}gZ=@7tQh^hg=){43DSwJWPiXfv#(0_E`V zxNHQ*9AlX2KOl)3QDAA^7IUF+%#vrzS3xZ-1>?d|iF4ZZ0$z{il_lQvYHqDQgTP7~ z>&xn~ZjIfGMhcchH)K78lM3QIrI79A30V@um; z2x5AzS)GLMy+c2<&xce!9LiaW4s-@NRZsjWp@{ltx1%`$&y(G=+e)$%(f~|His6Xv zYsS0xggsgMShwXW*B?eH?P*dIyj=eaBb*$x$y!F1#DwP&P1TC46fUK}mg4$tm0dG& z=qluWDbhjDz=lI<0hI<0)g*z@t`uW7SS7Y?Q91lx)ibv{pCqs9u9T@(6p#yx@<=P; zlK#!7v;YB%Wt6)}N>g%T1G|1&zdkn4cF9#TH%1C(?XSPNut{2N2(4k6d#Yj!voLB# zeTn2YR@P6NUm@@ zjh1fL2J_Bg=zH3|+dGe*TZXDsZ!%5oyuJaWCI!0(X@a}HQE{u3iqCQL${_XMCFYJ^ zZQ#1`vHt8%82f3Q8lN#X1;Zk~U*s7`9C2+2DA>OPxtI_k44%!A()kVJwyw=tk(mtA z0*!|VeMrF#0dAttBfQD%SV1vh2YVtHQeq&eYX0$AtJ?w38-#Z{_S~>#vGCgEFoTyf zW)Z(Nt;GxtYD-AD;9c2Avu3KtAXSUe?A zaJD?VPc9{w^cnbsB5ev58pHP9=`~SyAC{Yy=ZwjlX&$Lei~Oy}(HgCnliSZcuwq(h zF;BRfvd*I8TCS_IOU}eDoGClLKLu$7RBbYOEJ<+=$_p(>w?~#X%;A*K@J1VQL~{js zsGV3}n}O6Fg{v4t`vcBdDW*5FGy&FJ4V$xj+`L@Q?_du}#w-h}B*GNsy&59(HCb(` zIuj& zUa3y$$f*rVa2w<$Su;NHXCX_4f``vysMHIaYAh0fR5CndTg#a*sW_?_uG5OyW+FKH z0q2#@na31|{}|L;A9l8DqC(GW*tYo8+EfO`$fl*kPfxJidC43%RZB=zhZH-U@H!)x z*i9sdj?@D(Tsv>qG^ggYHk*x`zOA?_EDhnfI}%C^kI8#1n`;?4eB;d6xzXg%P`|IP ztsOX*e1hMS#!T{ghmp(4XPK2+yOA!Jt+FP(y-lEczgyKm^oy42LCZ`Fl6pfo*W5xTts%#|s?u zghqSTqJjK=3kooJIj;4+eE`MhA85V5z6jcTlRzHJ8pyopD8h7!k;x*60!WQX!^6`n zFXHylnnI3$ES>UmMv}Uw=)|!e*EaiWo}GAoyu)C@yQq*w5}s+gtnIfIymc}ov*R)Nv6p3!($y@9P@wYIPm~PMj_K;`5n{g!4V@(q=Doa-R0XNw=yHJq8YAp zn*Qz~?{rFVBu+7@XDU@IRH8)>@ivXd;Y(`t1CrS4urj{dOjs=Tu2V(hK(k`lvM@x& ztZM@fB9++i5nFmoMMbMR5~?i0HD}K915FSkOA(7j6igxUd&oG|;YWroc#A}qlhTQT zjgBZ3G_^GneS1j!bJUnZlWUWbFgQeM2GQcr1AgWgKzU{FGL|g{)CgC8k0!Am{2GH>_Fi>Q z%;MD7vDfeZx(9tn4YCdHZ)UH@!q&tcaPvz6ebd{vT29nF;;hqdqXTB@3&YG+R9FV1 z@&1XI1O1}wbm}~qkmvAAz4p8!_p0x3wY0P1npqE1cNfkXd%Y;(DZaDK_3z)V3MrWC zJT+YD0TR4ahJv0Sk(dXu7e{3G0WOu(4~mIall-}kHz;Ngi5>Zr)v1aaZVUL1k5BN& z#IjkFovKkV1>`ouw*O?0``nhwBPN{CyHDi@+GKl$Qb>)w$7KoLxGE&995r{=YMRC} zF$9<8{ar`?kNbxmB4%4$3A#FP#U4rr^keUbbzklG~38MMF8lPxn=@|KH-f` zG;MQKsx1jxZ46{@9Vs8}j(Qy-p;ghGwRL$2rb|%vJoo}*!6mukKIy2lASjl0!J)Nx zbdw6$Mx0ybjp~R}uw3v{)i^`{S`27N6Hpa?qM|{t^Zf$zG22M}&xzY6YVSdHC~pel zbjR_Rz0jp|PgL8nk4hv`pW1DgtEW+X-W&3hIA3JREU4mN!P?&!W98%R2`&G8JB`XR zMXJ!?-yO`qg-y2JLJM|hI49#lfT7* z^AG@bs5D%pQ~LPz9UW#e$7)+bCWK=bcj)HRv`joGu?-WK%H9cKs9Kw3qq>0&faGyz zSAzW>EQrR*4au3Xg@&NvWF9s)Vv z?&zV~<`gH@@Bl|qK&gwXKOhesj$j!KUxg&q=~wvx9Y_#1B12@7e+;S$FuB-RKLiA zfgfm8f&YtxvfN?%JV<>zC+Ojih8HrlA#xn`I}8+p)1W^qSj8lSOF+49z+;c+zTMPuFb-E=2G z>pAJ1uZ=qN)lJJ4U0^+54$vRy+dI-H?Vil{uLbsJ)~fgW#=>UV_SG7|mYcw&seTK_ z&%^{&FmZwdLc9q3|FZU$zJs|H8?dXW{P*^#WD=UI6jEp=M z+e@c!7ZMtTMkq&xJ$K%z5H?P0Y>zZt73M75ZA`q1yx?~dp>^71dmIMUjJ&{wowlbn z$y^9V%vjye%{lf2UnRSK@VXhybys)4pE4$6oA-VhV#2Cx;O7hs=OQ%0Z=u%G-CQU% ze&Y-;6a{fUvJLO@W&mVXa@L>^z>JZP;3YPslH=~qhO7QYY6)u_o?km0!C+&iY9d2y zm7GZTWffKTYF7#|jh_?RpDn!8Ge{uIql{8eu>Tnc!8g?I!KL;NgCA(us03I0tIr4* zSEM)?Mr}qNpEP+QPssp$>4)A!_e+)%ykQ{H&M7Dgwdq zZfjD>5X~nxr3(PQiBWhKBhcJJ8O;vy zoIW9hWU}nxZE${fJ<}2_7TzFwQ}&P2`6-?<*FUSUh#5GFNlBjkq#TDdfH*U5Y-xm2 zoqx0maw7j+zG5*Mm2k<*Hlw_kF2^aMVY4W`Hi(=a#~m?Z8a42&;&)g~*CQ9iEzFV* zqb{O`m{grSOjy>+2oF0q(aJWK~@!^NLb*}7F{tLWo3Yqh40 ziplWtOWRNmKTYO_H7X20epX~vRB@mAN@07~>?a(dOBWDiViU144L#tM9B;#=EO-dq z0`AmyfyLL2I7_xU!?19(P=g`=lA|L_m<``k1jiQ*uKhs4b-cKQ;tsMOXsUj^2iPS{ zH6kftl$lgKNi^XXq|N;rUeTT5J~73>KK4~^NLSFN`B6@r_7=3ktUvde(d4uj__8fy z*Pf>Uh1ms^r~4O3hz0HVRm}xAB~K`UZKyeaDpN&eg*Z$;?J?{%eySbABPA9Wy)D@w z3$f7?U=JyPhD5TQDlQ+Fa+M9AtMW{qmFKkNA zqKrIwA4QEAieOi;G^_Kp(d?%G!x-Dj=j%2=0@n@b@A2v7?c`>*Zq4beNO7@u%f|%p zqi%;qo>wMoaKhym>6qJxDsMu%%chEU&@5)Qawq7lUJ-Ljf-@Y`7PxpyYfPU|S8bt& z`M9p_Gpxz8_Y{xn1JS7n&b|kyM50x6=;)ZJ|ixNg0G5DS)23zf4LgES_3pwuE{#V0d~p{zb;3sBhgn zEfQKpeypTy0Bh=7|NVYx3^^23KdO-Td(km|GWpGNGeKh#aaV$wZcLTMdI6P7_PM~r zq(nRBWPyWz4;7h=1hscfM8lL{q5nowjUq|?Nz#BKF+`DQ{3J0(k#M27u>RyyeT5>) zN0BuBBnd>3Orl62KS^X!B=-MJ^1sx}7)o`SDAlD1{WD1>N_9dg)v^6l-M=HTLups* zr*{9JBzXm>JG!W6%2C{qD2hF-&9U?Q9(MjA5<)Wa4>SKyB5+0tDS{F*3nk>Z_k9na zS0OlC&noHeOp=Pxx${;rD-=&|`icvRbM5X>y#aQqB3fEKyJ~t}=h~xS41_GD~Tmy5RiH{VMZo>_-Pe(1!)FdxYy%IT^qfu!ZN= zPx(-6JHURHw1oORhDl}8CMGedCA}t(Dg=kNObj+HzaCeYtU#=GJ9rT^ zoAE@88$;!?ONWcntA5vVtSPZ0<``k+$6$n)&j+_S z+k($4XaD?QK$(_XZEPFg3a;`9;k~#oub9b+V%^R^on^cic3pWI`{gR~Pfhpm|3J(4 zs1WEP^4Yp(OQFU%oC>_^%KtaPNeI4QxDgppe#CkmGOAz1yBfb#bo*iE0_TrugjoGR zlXDJmV-ApdK7Oq9Mdgr$=IG&;gD9@S!!WrQY;ziyX^#x4q@L0@1>~HeR;)Q$cX)3c762krr7O1 z-ul)efuSb9)$JpxZsB3-5?Y^9**ghFUhRke*IMt1!@^4J=-vO(vZS_qDG*}v`oT`C zNu;_AXJ2Cux$CE7_#fsPikNf6;)|xud{h0mmIL8bj+Ays2jY213J#>=(9*;#H}Fnb zXh&(LjJDPh+Pql8k9aRc(BbjNELX0)4B;#2S`R%e8`CJ9$FV*9z(3Hm9x3u5(7Xc2 z{{vl#%o{PLBQ`6pN4Sk-`K5Au!FTGuy}Qx*B=Q4|vR4sn+~<*vnDxPQmf@_&gQ%2e zm|8wk2{N`Sy7krz<`>_q8G@(^q+nn=2Pjx2PIbNN%Sx z58||W2af>=7bAwx%a3dET!dz@JG9GhlC|e6?FomDbw>bS2=AW)wOjH+dT%~FF951b zIM|qw4a&cN#t$FGsXqnnn~-U|4;#c!e~x8pyPLLT;?5HjQa}*e5yr}De+)X5P(rQZ zB377K*tVAk$0U;tUfnS}o@&2j&F$ABC0v5nq}mCnN7oQh087ePI5JRvKUlSi~#1Q8SGS04D0(G>k(~J$@>_YJ;^=HlG!-y6Iya%{7+ul+GVJ_1DiS0 zi3L|mS#w&{pTVj9B&u_6<6dW2e^U*H4`SX5-A4p}cTtA$R9)Er$vS3s?}gcJ1ZneZv`(8vaqO2HCZB*+h%)Gbw+-E; zqKhf-`1ou8*^(Xph#3~-X!A$e%e(O6-CMQQ!5EjVKkn-!bAVJf>wDl72u_uqZ# z>GC_&TQ;od7jlyp(iaX)mUa=Swd?%L)#!(Tok5J0WA@au+53NM`AVMEN3^CU_2K9p zgYW)UJl%%#0biwdjY6E=&uHsy7Qwb9U1R!^*UU{*lst&i6dfR@#q|Kj7bUB@E4eRm zcmV`0=UCrZ2T&nn>=i_pYboobRu7n3`#H(cbD)(tjHa&T+M}SUn&L z`GLmNopbbRkHlzmLPpjNcO|%p#!4k#o1HjV)ZqFJe>6*08%vCH_QcRZOKGBZ_0&U+OpObmnDizqy7QfijcgLO#a>F$czOYch9lXXZaByAh@a$IA6GF1<$d( zd1VzCE%&C@t7t=IYTG-_-@_!nYvC^oT$^@}Sz`!(C51a8`C%o1_gMVI{GFL>p9F??hJO!@ zc`He&rViek8kM^YkNxj^RMQ_)pcdn|jO7;jZi!^=Y12LFi0lcAJdD(+q2OpSDi@&C zla1kf?2iPbGv66M?b6kc(v#pS!RI&5w(5w`HW1H>>K`5zZQc6>QN~{i46nKLXas2p!P4k z=XDd$$dhtFm=_fU4&C2eCnrRNSkgWQy0Y*%*I-{ajMN7=TU;}i;UU9`3yM`yI(-oE z9~c||#_RtKv;TqDw+FY`HRlJXVkuju_dYxkcqt!TKR3w#Xb4hBwoI2B z0iDDstj znVjOA>&K}xrLc5Fo~u==`(sDLn|!VXvQn;x+2%FxC{uG3^^Yn5jj3@^U5_l= z@ig*kD%s`hz3k!%HXCsr;GLN}B>L0SqY}jX73vpnO-RW@eL+C^NF>`lz;eNB19Kr4 zXNqzG5>aYe!_!z_XraWZtJP?i%tL;6pkDfY8Lf$_%iT(oaWq0UYQHvPra~kK>C7Z$ zh2MAkm17z|PT6ukt*+(Qid+fRtg=ma)EU*83gZ518P#gyhtqKCYvN!_;xhohdbL5b zL%$*C&wI^m`(I7hX}ovBv+Ts-uktv-1-%w=kwyo6D&HRR=*@aN$+-L2ic{asTDcPM zw*0_LXQbAejYB%yyxi4nI4wKlS=4me-PCQW3*6);e63deVdsJy^(wHn^F+ge_iECUhO3B*0v`)m5?Q^nS-kBO}{;%!?~JF&z~<#vJE z1rUva`kZZ8$?&8mutE&hS79cjdw+SevqC~(BJ9HlY99nu?y>jMQAxH23C&uWFMA?JgFhE^46*FI^aGE?yxeyude%itt* zP>R+#i!FCM*`*4G_cA}f)55cZMNYI%CzLejTXDqZefQAQ%qxivFoaiM&C4}e-C+zX-#dB$qB zvFk0bwXALPU9GCq7L9e!qaIh-nqKsYmSr31 zXzEzbl4_BhWA~HCK!f_`QFPyEir{8{MoLp$Vg9(YU0#6OM|l$*g{Mjtx;+`n$$Q3Z zg)J5-m4Qz?WZ$M8X!o^64d9Z^sKI;Y1-kmRX6Ca6hYPVsp1jO?2MykRC@9wa&gagc z5wNlktJg&uIjX_)1I-r|Kj2C81FfpCqgpXAB~e3Q?%7v|sw$FinwUeQBV(*t=)&_9 zIeFjG^LjxWSlSb14>#(vRRaUGKVcXahnhP#Qo5+LH{BSm&^M1w@M!cLOjJ0fX;g2J z8&n!*aacE$Q1uHq)Q%Uqoeg5%AROFGEUd?7BnhTJykg-O&Z@j6^X9l8oDR>Q`AB*1 zt1_Y@hbDSZlF-owP=k3(_bt;yMNd%Q<1iiKm#k2ky+)#wt+S{=?ge{g$kP2ZaVt*b z+B$!PK`xv}YqW7a8)~wkp`WYqTITk%ogsv>l^O_VYbl7kyO09yA3#Xw7#Bxe&6cw9 zKXMBrd3!lAF4^bEv&X&wyti_*?<>9iF_g574)LX2`x% zvdOxIoWXH7F70)Jkd<&@Sv|QI&X2sFj!74ox1HNH4S@z`YSD(VJY^oY1}$%JK2l7# zsVimQfgF`96M7LV$Y1oSJo{>oYXxXaaoI%-Q}Cn|d|q08u<=XFI+;PtqckB+q0eCCwB&im%7@d#?OV=EAAL;G3k z%eSiyypFKS>oh!b#!Tq5mI~DBLjUEuCV{2h75-cv{;MUsD0gN3}>HI0tHto`; zT~H}PwHHrj=q;LSvj(YqJT>^nKh45ho8SwbL1BuXYNDn2HtO-L0gBCo6gT;S-u?5L zPj=Cn=7#z*{4B0*h80nhSRT3e=bkpdCib&Sf!7X|(%lM1AGT!nOgyV|B()l_Q z>MBvOKTRyTw-ZoD9D^x0@|aaLwaGL&TUr-{Y%`FIwPXuY^-O8-L61k1+nPiec_?dg z@`|fSv;^7vS7EawzWvBPC#x2z`BQ+O6?0Ef#C(2InyW2-O-S--ydFd4o{?JErzbMJ z*G-N65v!U$usvtfxZpk3QB?hHLHb8F!b!JHcdP4sHm6HKPu3QK-W8x?kqYRaol@TR zV?-T5dvvFj_s&0Jzn%9t`)+R=jo+De$cUV4qx^w})J*d+!W?OePJM?17;Bq>n16Q0 znGpVB`Gza@0crrb32NYx3x)Vql+qqVm;{O%I^G!GwX-IUQ|SE$0T2k>&w1Zi`NJ znNlX&2sW|)I{K~WdcqYr#CL6@OOgpmtd)`tIu6Mo=KcWufmU#1jea|=u372UaL4hh z>4tIF@tlDi<4Z*8_Fr)$xbmG~0q^z{%=^LuO;KuI2wCD96NaE99=7GMjc<_FJ{3Kl zZ;$kOttcHIl=fBRJ_ShPCt-dIKUluWxUO8nUnktCW<9I4ZEdW0eVZi3d?gjS?2mj^ z1I-vHESbJi)!C<%HJfrQv#sWE#9-;RFWswnjCEC4r4X*1AKczwvK-=`(k}DqlIA!f z_`Nb*ec~ajh7UQ*VoMSKMoRD4!3JN~dVtwl!EN*4&rL9>t&0XhW5EyQ4F09YbK&Vu zw%irjT<(LPbI<#Yv>xI{B35nqTcB*Zv1;xtbM*b6cGFmN#Zq))#rq1da$z;8((${p z{GHGHg+l)NspEr6cg2GmOq7nZ0zO@A8dC^Y#Ksn7I%W|Z<1Wy*e0-y`SKcG{Hvb2j zjg@-aR^Ib_YeMnw8ncaCR^84sQhJOTBgbG~5<=q55RFIU^bOGzccd|If$t999rvAU zZz4ZJ-w2L+DAGicfk=EVGuLu(UsCz?i+?icA6aUQm}b6bRZZSoY7{Cv{)9cQ^it-w zy@{P&N=({AgEfou4S(cAhx+y0Cly7`HlO2Y#TasIjtERF6odFDFR>bu13xR&q@Ux#gz;dpkFzlyCCdQ~QW}FN}SZr{xGmeJ+a>wBe>M zxWO5#b$;7_&tIzAa^&nvSs{Z>>_TyYhA$ek)n>M34#jSA<|KWKM%9~1{3e6q8o1bM zzi7JA4|-g`p}h&U$W3ul#I*bnTdwQHqrD19IZ5#Q8=AlV;{iAO?Mh#*{q0J3Gy3gH z7pwZ?N}v6QEB)|~E8XW*-ZU2L(FlUFv6oEH>sZN+bx~)#B4LYf)@VWs-VL@8KLXu= z12#G|&%vkvefj?&ors+ra-ATR)8AKEm&Gygw1gLIf^>xcUJo(rob3A8SR6Z4GK51#7aDR(ncP=66BvupRbKds@Ue?acuYx!aGg`S zrZYYl(}=4~OPZ-^<){+dn_4N-POxKK)0^|ZM5$d|s|FrbeDNMB|3XWqv;A=Vk1WD{ zT|!|OO+xqHf^VN3C#rg6YV*^f-YD@wi*?{a6oWs1nl>}ph42|m2EW= zUnI^R$~#%qRqiFY()hl)(1Zxfv3U_SRSFk8c_N-uMCFY%R_rYo8DT6tHbi6_Ugrx- zURBTAv^%(9_2Abp=2}>9(plYWgz$vIwuqo+2+7*GDJQFNMp;q4j?iG=x(j*YgNj94 zW|jv-w!jaJBMhZxsZv_aXh$zik)SllioC=(>A0@acywqg|58+I&mW0<{{xQQD-Nu4->*XTo;H>CxuV_1s_~TsONHW1L&$d0V3wMTMTXgpUom0A4)2Tkh=7qBCg=~eW3tOZT*o$C2UE1l z@!58zOLIL>(gIy@Hj4(sgb#rYaZ5F7UwzT%Ovf><1@2c1+8m9Yub%O{eIdL3+;cJ* zTn{R-CQ}({h@2ux9_ckpBhP9LnGR1?SV#rU@R*d(jRd-fQ3u&pWDA3yNVxWErr}4j zrFR>TYOZa=_u#7>mBSKy%viv50WP(A+9s!WT1?hgPb(uTDO10MiFa5Vf*nft6o(0T zO5Gkg;uI-(DHx0#aCGWB*oJbiBRBXM!dX>{_&b*Z7h0gYH54~iW$vS3L!P^}!XzwM z-UcRj(cSp_W`v>~ZK37fHzyG>%ETNzALg?9`&^`3saY?0@GQUA%dICNwjY7vi^DeoYo(OB2A!|&5`&x=TVAc3 zDyO=oIS49Fa0T^+tD6ZM;>NGpk?^_|wQo#e)-RhZ>X12)l4qFUo~GeesCVkxhch|$ zmyAjzxK1Hl#jxCG-P4MS@g#Q}S3c!ZC?<-?B74)e6dk%g_gJ+Nt|^l0YE)^4S+ODa zh}WYUL#oEuF@bO9Cxokjk{*6>;$`*8bROCLnr?Nw%RPsfgl3u%k8wIRO>Y1 zM^??K+YZS1`1=h;c{ognNC?@Dx-|JlSEx@bl0g0kdv6&O*S3X=;_fu=?(PJ4r-4R; zdlMWI2=3CjySqzp3+^O%a0n1AxCh&}_c{BVs#mYxty}l~cy+7Z_|dCsbg$WC&9&xS zbByuLZx~aewG1*+4LXW0*v`s&RhdSCPDiiGVptl2i}88i@Ej~?KJ{C#88v(_hJQS` z5{z6k+PdN&UP~-2%>YT0U|za94jrevwXTCd>_TbhGZ9x0@;)llR!Z6yh(K@HnqeIq z!Hoz1Ka1z-nQx^ox;8_(E-q9^Xh*E9dQO$4{sIgjWI|LdTeF;Co0@wr|DiG0d`-tIdN>Iho( zO^_;i(|`q^20261E7S9v>Nwh{Eo?tfcK!lKQQ>H~{lPl(cFiW)FQ0cRW%3gCCA}5| zNF_bh|4ZlowE0&?u6_%qN+C!g%$6KRHqtlq=z=u2Gt5Y<>g3J~9nif)~Q89}e zZ+Q9RI^Li_1xmnndPA8311Xc1RoW;?iKRZ`L>sxOyoIw$_Y?3d1bhn$WQ`bCG03qQ z`#OcT?bF@g%e@0`${mmk^=|nKCi~an5<#Z_Si&whU{6Iw!+%)py3R;l1yYH?Our=1 z(LbzK$3h7!pji#?E#0H_7mPqpeiG_?2XvVRH06$m2o4bq)3t^C%1-ztawE^EqKV9r z&|!UV19G`@f{w;D6A{Fh9Proyq?QW&+JRwP;G2+y0zA0Ht%he=-7Uy9V> zJtwtAwCx8t3}wl+>RxrRuZ(a9-^9NI+~jnjyN-@!q&Ay>gWW_4*~pfkDFXQPeG8e{ zeB7Dc^ilomP9jMpSRjvvk0Srd)YP=MYkg02X4TLFm3`(YNk|RApOs6deVhb&p`?&z1b$9LI80} zqD-pCIcS4+lG4dxHcj6ZKGCeB&DtjU3CG^Vs9ryt$c8v8;_(dMOeq{&V^_m3GUD$m zonm~E$2LN?P-o#7sW6RVt|`V#4U_k#~T826Bg^S30iQ5|JLEvp-@ zv<*^_9b#z8zro`E<;V`42N1XH#Z0y;{4uTEV*3H0jdZUTlrt_tv$PP*(Q`vrRndmb zD1&r(>v#V1I@xS_vUo@uD?^sI(5Z)nk==)MW>HVmpI+OOASLqB_N}3n)k35&H6Tg1M8rO~+qbva=*eLy$|L z0oNQU0-$=+(bty3DZDf6%f!^D;vPQt!V400r5D9xrRFIcyJ9#~KxJhqLMbSBPM;8W zmMdntW2>X-5K?i5KbPSqU&FWztW zZTQLCcHwyQlw^==y2#RiurC^4S6L^Cc-$B_ld{a}6*4D@}sCqx8 z?^YK3-6p2AsLQ6J{046q=LWK9k+yqm8MF_LzTHybu6)5nVyptKzFQjU+2tUQ4mw$g z`)C{2g2{%ec3O+d-h*^MB~VQN}- zSnJ|gD-KC~UpI`H&cV@K0 z%XN3>gp1H3psXamC-uqVi9&oRkFs(G}#% z!_&gXvRQF1r2@iuIviZu#?$I7N+5Q*+I1FAh8XGL*nVh96Hi)Gljh$w;|Qv%DfTV% z@9VSCWF`Ta&v9>B1OLqIy1He@`6$$HwQN(&<7ZN zjZ7357J%k=_xXCA;=XvYX|I5ZeUU%9rt?+&JUf}&?1BZL_f8hWj}ro9G2-OB*b2Ye z_0s3|m}ljIjZI~Yy{#3-vQ{c_LVkx4o_PY00;$;ddE~B`kbfLSU*7zeJv(&jL6SY?W0l3}=+Vm5xk}~BvNNs45=-$_h@CB3!b&ed zNSR;hi3|lD%i9KCyccLlG?Kb*7=NR6&t#+F3*K0!bt(vbxqF!i zil0{3+@WIb^Ty^?oP!l*%<fHSGZ$saTQNo_47>MGU6m;r@QJ4p)Zr{`gZ>#?7; z5XInnNa1twWVlY2k7Y65LTcfag2B1!$q43pUgBl(3m|tre8k4=cxcg0H{d`dUpsi2 zlm-lB0V-F%i#un!k+EaMR~R`fJv`n(CE203Cg)KeH!nTdFg|T|SnVCgMlL7#Q)Hpi zIOS)_+dq((oc9Y4PS=0-w717x!&^lgEmgi>LFDJ_FDoVpzcc7cClE`gfZw{>3oey8 z;YVv*Z0G1NJlY>Mp&9=I=XU#gkz9pud2180R|(;ElnOd#yT#i#KHG>AWZp;lqc%?Z z3E168Bkc;|L0k}ji&N~FD5&juR*jy%d$Z)^x#v@+yDCrmngyo23^8Y!oNl<Mcp^4@0Bs9X!}lltlV z(HkoV3rF!$l2LEagcO(FxYo1~oK8BNqBoINig0YGTmGO{A>*2MjX*qG--_QJ6sg88W%-;OQd*hnKpA@42!GZ@jMJC~<7>V>{$_IFnu~fFnoOQcXRrm68VzfwqMwxy=K_Gl zBmcVPhkko?du3261PjmXZy2`2*-mB4vJj*~I(BS75SD(-%9Gj|QMQ;N^{C<3`@fuQtFAx&7m4l-RL{@~#4pMHl~_rTEXekpnGunFTv7rux43?g z1O0hM9!CF2$%E~0FX#UrpdbE@dHX{V)&hUKfd6#;zRy2)UyF174Igj)^oR0aPpHw~ zF5qt{e7x@O;Q1XC=e_)Q@cjRvh6c8}@}oKt#@ru9j)8F}!52n3VK%J?F*y<)=K+s> zRZwTd)cIi#We@ANszV-U)fHSv8|w2FaKD@@5y!Kko+l90LK;uG#5PB^pZdI81=NS_ z(|w}zS(WgBm8H3mY%_h?mvQ07nNChuF08(gI6^!aQoWL?bG`njli+oIN;p!FC|b$4 znKZmxQna=}WWSCel|M>atJN_KKke;#mGNfwoS$B>=7h17*QlLrI4MtkXe&3*X(s@J z!tJ5|UlHN5K(3`!S8G(*%3K(ha0UJxV*+KpVuqs~iZjgA0Ah~KP<-D;j0OZ1x##J= zRkp6iG!!RAWwL-L-4;GpZpGNbDFL|SuSO+yoW!~1N~p0ZzNfPM&;>j6WMVbfaAHKH z1u+_7F^$TPay0&`qZ9u5&&}R~o14m%FC)!|SMi8KBMRLj#2=G5M-cqdJMHO}=5fD- zYkJu|sEc(%uI+@7n@E@f%G_o~*?TVj6*pit(6yZRLuY5chtFY8xH_zywG|%$F%ffd zGXr?le>e0Eqe}W+k<2b_wU*X#SS^{9HzV=K?)fIu%TX@BFYdVI=uj?*X+Eq)(aA|d zzNjlIO%gIi^nV`EON2*}4tA|^ch|E|MyY@^M}+cD>U%PVC8{fm4xf@!o-lih>{G~U z&TW%PlBJKa$f0_;l)iOYN*>mQQjEgqJY78=cZ?6+1#<){j52}ffK|ebRTiofKCfdK z4ekv5Jps1}8@!We8ZUYlLjw1QbqMUEJp@DC`=+Z=4pVGwn;@NLdRj;GMyuiCDtL0og8HC=NLiArj+6nCA>5Wf1$L3bqY zbre=lK5yEH8ixm4%&?BtNrPC2qGD=^YIbN6(rCT8&QqfEC`G7I`?mk*>T>j4m z1U-yV&%~y?x|NA5n`+=@+tG1NW+_$HeR_WFCKpN&7Nc5Mzf*b~DgotZ?P(6Hj4fEA zVR%UWt-^1hx8JEEWt6k6BYwpswlk_$Cm1Y(tF^_*aH@|R`>f(ytcq*2zO6Iz{d^-6 ztPuV|Mlm~t$2%wxcTcVcGkYadsX_5=wh|8i@PYs-#k$KS$kwGA&}#;l@Ww zOedz9HNhd4mfaZy0rt(G@SG__!bj)1pwGL{i!NG`wpjAQN@p8%v8h7>J%(Sfl!YD2 zT@-)q{QCD~xwT1(wC7y4B&f}vZHKEsf+`^y<}cnP$iw+~Hp+m;R$WIx@h%$a#C7UU zCLdmuQuFQ*C#`gel>mvS)P+K+=t1uGx?Yw&$!ypiB{Lv{rduL8Ah8VlGCl2d9UUxG zulsBrfREW6v)HQR+Pw8x$dGjS7Av^sP7Om%K^NJF8cs8eSfmfA1QBbcr-MUk%TUXA z8OuOqc`h3AQ6p>!9Gcdn-jYAc3Bp{X(Q@?(;GPNAk#eFhaQIR3IBitR;HNpslAXJK z7FVi7c5QxOg32<{l#9c6qLM!w+Z3TmByF*Y%*>itMtKQOS2muY5iE41&vI}m1j&$S zI94ccj8f|^zwUXR&h>u#k_?yB=OsF=ACY1ua88l9qe(hZDqy#87-^>a6Sa@sktcK#UwKf(`VpzWWxwMCH?fLFhqM7~eNYNa-8K(D8 z5i44DEw#|@M9Kp)M|wkXc3w1IX?UBb4b4d-4Ak*NmH+hHw&m&l8G+Vd;6zt4XqIDH zb|Q2~mZ}Ejp@lSstd8bZJLv_u*_woLYle?5QcKs>dusIZM*o6g{#irtuIA%X zm|(Cj^Fc@!Sbmz`+d&u7uQsKjqCdFDi1#-Nv-+|$J9Le}E1?);BRe@GZA_+_tsL2w z1*4gFRX_`Rt_=#I)GW;p>q)}-C5H)qTKoi##w`zrauO#Z27uB9fI(>6V1m%tiIYhh z64d55dZZo9DeOm=)500f()CNlvMBj@{@0aMB7$|8J~QBF_Uq_E$Fl@{32A|ZcP5zJ zhVclqjJ`J8@HoQg3J1TF$KJU0J+ivR7>FfKcgq5^F`n;t(@|KF7zl!r^!ns2^3U?2 z-N`hnlAq@*!7(n#`mEaf>eHpCGgi){&C>((jgqIm(FX!N-n-Y?7-l6IPx?=3#yM!B zs+O$NH5?SoQe=hpuag|x#ftCfeoD#kp9flP%&`A3kw%RVDUQJXJd$*=Q9U8FX@cwNR(xqCXI2rB zW){1uvFm69rmCgSiN=k`Xrs6~-9|~{Aka%sGfoRrWhrBAsgAHGK1e*{eXnjA@)JY2 zkIh-fU0(9U=@LpV9>?h9Q{-s6xx?dMWKjfhP*_P8tg5a@<4_Uw`T(BMK3wk5sG)4`Yf`l!j!C zj=*+cfBqyI|1dUVQ0I_0rfBg+(Z%$JodJp$58J@Y4PlQ$d3TpDz$c}xUYh&56V64i z1w$|UMPtqA{j@j`mzN^hb=&4vn{{fYOA@YzkdT$O+O0U#BVMrB{16fCPXq@ojNKRY<7FM|}trd7RIGqEXK17>v-0m$#-?XJn>YRKby zZ+gub^iIzIG;pk46V%nz|Ia|XBs9KDqQpK1XsGqJmc2FYyfuNY6tRFF1Im*^9OZG- zv5 zUQ047WCNkZvay4i&R{5xsq#qaVMzT8y={ug%T!P$)2#bb3DQn3c}v%vtME@p<3!1l z4!qoQJgASHqIn=$id#-FTZybDwqP%#9d5XdzW2ge8yLP6Go+|T=01}HMk|l!e@ZR?{m+&Nf zL*cPsTWSkpw28&;;(;mt)5xsD8^*FnU<<9<3mDEit~CYQn77lF1S*f<0GI)^KLC^p zgDrpSug-Oy^pNUAwr!IMFLZRS0+wtaNJyUKaO6>@Ef=8lVJ&UNnMH#-px3JyXATWE z6=)4BG9CC0AupiYRm*MwT{DpUYT0Dp`sMv9?QX^aS`rlbHv=<pmX; z`#ff`glsW*t3@bk!fu90*k22pX!6$usL1$jUU=8KDV*&#xx)7_Lw8vUzb9oesNCin z6>rTzu8{MxvXiH#feY<<7{_%_rR#bweySF#g71lWO^NA17i4P_aT$CXEcaz11NWHZ z0KS{NOQkI-=SsDPl7ZlkuiRTQui*th$_tUWP()*Py2Kc51h`EF5G~{N&Fp4Ba5emA zg#RDo^m%=Uk_T|(!2Zo1fC7sE4+{ei3kxL=z=eU91k=K?fbs+s4O})+b4$&cyZ*ca zCKmQL{zD4@D@g;5LKP)y1@YLkjvA1IV}P=`eIHg{^qU?Vq_0dvcYBdXe6S(6R0Ky7 zY_op)g^vx&SEebuy-XuMnvmN9f@2A`c|ZNq#|HH))9&3~uMwXM$lW%@F4e){!~ z4JKEn&%3=3Bfb}qhi!t3KDKQ?{l3Qr|NjlO{)kTlpXMPrv%HLHEkEX15or z=7QXs5ghfg&H3pUKQ_o;na1q)68){dHzPRhV_WspZ+>jBxiX#F?adhR{lBWsuS^Ga zdqYQjks=Pl&(yhc6+Txe8wPm2?W0> z*_OrhYrPu`u1s5Zdq0f${D9mw5d1b}Tkg@X^KLNum-_dJ?+?gB1HpwU+g6W$uXlsb zmFeAX@Bg!!2y)LwaB9l7(xczx-C%iTI ze~aT|4QW?IU~{jjlx4ia2uHe;tvlGDb$jKlD#_in!et}YXYN|Zy+~F|em0@zb6U>O zYs6FuYu=h=Vs@vM;%GF$apdN0r1Ve$_Uk=7D_^<%6Y~osh7vSFr#D(y2^XD&I{S=J zn~BIgO!ecmFvw2!ReTbfYmOL!5R+wU@4j!&dFwBtN0cSy3xyQS5yOraxlDTpnhI8+ z&&UJBQfXOuD_GiRkMyq8w$I7R21ELR5>2Y?Mm4(4b#iIjY45xr2*iVF!=(d0xtAf2 zf~b>Ho;F)|zMag{kH@1)g^s`4(T7c!$H^Jb7171WnA;tBU+pw+Ygm-=*qhJKi$z=% zKBFVlqioLLc6^MH9qf=?j#xsiTuQVjntm;_q3g;p{`{y#y}VkKteUFf)U#W2*eXnd zsNnqJ4mK^Mya&@%Q>w6rg~#q`uDz{7ANB)NeI)v=QJkj~$#8QJxBllR4BFU9;O5j; ztJRdk&bC6A+ij(lLxC_}o}K5)_Ic{f`RBJ5r_(CEITQZ+X^=1*#wTXs;3CV| zUp_&{Hob3imKCs@sSu4bRl}E-H8d_FX6ZQ1-wIpn=6ej{AG`9$^Xy4N+d+T+OMzs%h02JWEIlQmkIjv#hak>Q%+1_6&IaSna#FA zjvgG^H|<$;+&jO2nR1GniKjcET{KH$7$)ktH6kLWrkyl7WzelARh7k1#Ep9|!E{&R z;&dOzgRi2Rr(9$)7=^C4mq(lSu9A%E1Jt@t_uH=8N)G;=Dq9d*1pn{RuVAPNbFR-* z|Nhd`SmOGzU^%b1eUk{gr;q8b!abWROIXjwVLZ&DP_6?khq+vp@q zvtGN}DYN{Hdv7eUh9(b1D!(63WPi}|zz7R8zONxdaPTF*9M(>$4fA)Vvaphy-sL86 z4!L|^R?I|fANq|ukrc>WQ)O+EclJ2&{AAEyE-JZvVvSna|a*TWryA~9doCd~T zu1ui9DgSARvi9?~DCDC-oi91{>ueK7(A)6YXk>`>R@w~VQF<30ue;9-B1vEw@+`Y}5CA_k?l^5?wr^+G?2u{#{ zE1KWUC0=}hCq*Z!`RrabXgK^$we4G04dxRjCaGe6cRg@T+Lxxf{7+j!e6CZd?%e~sy8tLa?pDdr-X48)Xbkl2UwgDmrnUk@L`Wl$i3PG^w zi2tBL+&}n;b5KTbHC}Hf!5gcL-z}%N6F9=SUv2F*xdD;dI zDjbYZ5P1;a5uevRdPKA1BWBFeCtF!h7NW!Svyl~?0vS@AJ}Co=R*IRPN+DIWgJBDQ z!3gPiu{-LQE*Zuo;bb0PE?#e>^^3<&l5yMF1zoG7{{i*3sMf62pJe@#Mv0`EWVUXw zkcz|wp8S#}q)Rbx5Nz7_#z0v?D7A`21*d*U7R`(QYD3T$^-Jj<34fU-IXTH~nAKqV z=ct!4^_;n~FQVS39s*c6VK^xC->RtGhO3M7x}?yn3X4;w>?sMGRuD_9IG#a(L_u9m zQM;H7FPM5N^h)+G7_kn0U(>kVMnjr@$KiUpNig>DUofEJYD$&4%M;hE70PZt*yzt$ zSq;k7DF|QBNlct|lPhIm@)PH{(%7kbuy2de7j4)KhtI3Cnaezz6N-u~Q?3>R}++RMJ1w1YOL zMR8v;`iGQblV69e`J<$@e*Jv+Uoa(j&G6|WT7&Ho=X{cgk#{Prg-FR2xL*Fgk=c$7 z#G8Eh#OAk91AF^YyOjHz9z`L<4(M@Hxnr+vt-6~!PDL9)CT^c_1`gf&Q0gldpH6B~ z8L{+=&urtv>t8~OoCQ6#F&g`xw4WnFOH}*S{K^1rxaO_6_KaygM*#TK_ zhYJCSd!H9RYKJJ0l@f*JF_&6|At0;hH0n!MTKv)(PfJZEt$8<^7&g$G#pleukj0z5 z0cRyku_V#bg=pu+7PSbXVfhiT!loAK}byK%*2|}fI5G?YF{nR z9b1$F30IfvNiHT&i^Iut2a%TdlVy9zlH0^hwF|767nNCQ_xb4ku%q#);~&K#BQQqu zu(cdz<^c2;+(l>W8N)IR(FQ%IBns1MV(!jC*xuD}r_*+skpNd#MDFlr-lhKvs49(} z_@E70U83>8APhJflKrHqT3#O?FJUE?gTFOc1kn@X(B>QD^6Ua*4|B^^cOZJvqGt|G z)=7K9r=~K_%bn{cuylZ@<#68}v0}84Hd{8fB&3yUX(@}5rP!i!gZIBkttk;s)XuXs zTdT>q&LK2n#f19lULlxBux7%p65o744J-dBz*@KyY|Ec6MA{9aCTRY|WBXXwm<>Z< z^Z=Fv@+lbL)xxEO?9z;X``)XOMkhx5pjsZ%r`;Ns^t1#4~>1`|b5;_`G7=FvP0L$GBiY z=d`t?-q1mpJ0sy?*ay?!B(}#Y=-S47<=TOXX6TvZP77Y8p8uxE%}6{|$1RM^=8__` z;0cUML&+Ig;o<+--R_3zom*|D&snH~9zwjSFxb!x(_5P{>R_KEfhglXG#M>11IJ+k zH;}E<8R4$QUN&AH1JJOfEE+9Gyc|c^ahZ~)95ev@2svc0WTr#_rn~UqT~*CX-rvLA zG^mzXrQ1dM-W45~{=lfaeT@!7rb8y&m z{sswu$VSX^`X!J+$vcK7MEkJ~gp6kpvNj+0$vl?g958;=ktHmDsCJ^Dt%9XPUZs+( z798s)K$X!FfoeJgi24g=0flB%)J}lK5p@^&W7a^ePCH3pHz};tj^VeT#ZW>GHR?#> zYn!s2goh-Y}&!z_J9_SsJ#xX$9O?P~*0DN;g0yZ=&e8lx1+Qx|km4%X|2R zFhe3RLNjK~(VGU}J`AtY;l`LS+pNZ$JZ+&xH8~uDR9or{K1=9=dOGo^)t*uYk%)iW z`Cjii@_Ew;9G=ZyF`>_(>=AU&8K@9`f{wduf$qpMbX69YB-84SVc1+oYfQ%%aJoDH zvQMsW-yDk{GHgcm7C*TAZ<+cu4Wol&T)-BvSk~=39*D+kJ(0qwmi51VXoa>i2Qc1d z30QpJW{vy=$Nt{7ZFB1g6r7T}Q!rGDnR^H*JIj7LxY7A@YmzO)G}>PU67duw`x>Q2 zGf`4`Uc(=z86N#|&*3^}8(0|Mu!js{)Kn@}J3^pSk}83*QjkxA~ zdI6ucgo?qJ&U$O3BhP}-iPljiKU`Pc(!<0Pm&=N#G|PW?Re0LKvkU;;mnJFTkQ2UC ztrGh!C%#E4aER!Ru!OAjsAXo(kMl4GC*$Vrmc$Gh>$3BOOVtv)@)_6AbW`V)wz4vJ zleq~4NPqG@19u|9?6#HCwbe55E>6cvJ2SzR3Vza}pl_AgVc^a+MvL0|jM~eg z)Mk#?($lC?iUrS4=}F6m#V;JJhQbr=GFkY6d$L7C-m_;|@KF8tt~7X9EZxDKq=LN? zmUa0g1^>FDRgGRrwQ~VZ)*5Cw?JMhy5u+(5=-OzK?t?OeSHr05O8!rwvzL1e#-hNn zyNs8G>kr}-c@WM$!UzK)eAQLdUtJ}$mb_~N{5pWiKlNBv`poY!j>V6|@jcM-UdC9J z7@@T~q)PkqP6S;cS|KJ}+Ofo{0a&jeZeigEGF0qm`;oMuR921;YxA7n@TFLL3|!|k zU+ehXiBK)$zO+xoJ~>G%kM8CYu}gq)x>k;ug1pL6opI6g*3hkcWp?2+RAAV3zedIx z!!$PGhxXau5ctA0jxHYa{=}FT(brAtt}vBN)s-snpPm)Cyto(F*AFSxMzSD&4c9D6ovFbT^Cx<@RNmx5WZ zHm~%CT{8J+7adT%ppoq0{#Zt@a*RkguSnvFcauQrD!7BbLxs{({G&%^(RNfKWClun zOix<;`4@YucoS!S7cCmb^>HDd3h$rewxrY3SXMT-+4QuI)6NH@fU=n67aQXIOq)~5 z?^0Wvg1p3?>Azl-&vZNlVv?K#ze}BmAz0eyOb#Wv4$(+PVXbVU+j1D9ppGngef=J^ zW9~1=YYZ|N?|z$AkI|Km?d4Ek$XoUV+fRyA4<|sK zCE6jn(ixv0Cyks=l^BH%0o)`~OSP&gK6edER!Q?#S2KxT#Z9JCEjHv!mWo9$^hmJ- zkoiehdp`mRg@@U)%L5jmy4rT6#-nyFo z1;diC%NI5%QFku@t6_%lh7^df93(OLO$Y6%eP_?`#(oJ#B@rMNA4s!Pb<4~km2Cf zqKtp#g&+`-m+%qo*nNnk7|7`;GK)m$;U+(5AY~UN$3UCr4B5C{&E@4kp7NKTl(Dr@ z3;Ypc6hCOh@F$X`5dDXgb0FN=`)=8jplotUA6|H=MhQ%-D-YJwjiWb2sJW{#q||8E z#JY9S9FE;W#CbcEVbd_LI%E0)NAx^b(%19oD2^bj9`l+6VHv1OHZ|2)UH1 zcF`GtCz#*R0?V6KcWviZ9Smi)GgFAVu7%dyg@=zc@K=u^afrUp_EkcRw>3tKv7j+G z<>Z>xS;%l5%TtM2#{Ny}g1^#le`7GiQql#d*=vs()QCD!EC^!5eWDjGGgvelXIQrn z$jR(=ANSZX6R%X&na_yLzcW!TdRgm%qkTz4lXJ699>tI5hP9Lo@~2Ie0@bN zP_#^?;~0mk5ZkaOI?L0k_HJQc_fl>tkl20Yp`T*E+-0a04NiTbF*SP9MLhE#qb0;N z1K1>!apr82NaBPDqCCpnGCXUJMl}X>YQIzpIzKPVMW*g&^SkqR3ih|kw2O~%?O1&B zt`5<|o1SD!U8>l)Aur%O;WmzV;cfpwo|jdmeBDVAAv}8t+3dUiq*o>`c1$F^Mkbg23Lk2)(y_vfG97;1S_^O@_5S3e z|8F{qpbOyrgcmTUryNfk`S7MhV&{5IvzK8P9Oi2{zJBW{z=8;XX{W zrr0uPM3c1d;*=sDW6g!kr-)~AMsPoTv^M`f%)e3*`zUc!;C_1?S2?J&sFT%do9kCM z!ngb7VDn?4c~Y}LAYh_Y=epKM zD*Q6$p_cl_OdxJ3_)iI5j5Xn@cnfaXC?uco=>ii1ZXOc8Qy6Jlc zg5;Scjyha`DBGKtxw2wdAr2xBf9Ll&$oHCp&xUti_SZTBj0c`GfG{`2?-Hrhw1m@0 zHGp`Wy1}AVK7Q_!e1#=3yMc$?=Zs3rWg|i0gpg4dC$c32hjLU^*a%J-dQLzp-%U`- z_G)G5qs_Re?Jp(gLjO(7+b`hv#U_>RY>pQzzr^Vtag2Q)AO3;?|6pD!W$}w+nG!aS zWDV&!5nFyo2jkEhoqsiF?8`>(J(_cbN)N4h*VV8UcXd}Ng*Sevp<)2tHK45gU6Nk` zpW0Z%*9~t+Cq>8n>V-oC_P(qnA``jLaiiaY-@(*jLs(dNUg1T*O2eAotsJN{#bQShB}iKAB$Oa?_#ea%CWGn^U!)!A&3 z@~;&AJK0MxiyTU+L$_ z@)0_8573;C&FNPCWj@-&r*i=ogHO_PH!x4RoYaP6 zi}kwzF~6iZGfJw;8O-dU_duf)a}ZylVc|n-nO5jmUoA(sl@x9MM56;wh{Oq-qgr{a z`d~ozY;rewn4{Bzu&4mda%~Hz~0s~8-;qvws>Rjp#av8>R^$<CWNn3)<`=bz z$pNSZKdKIdyB*gy_4@tRIa>0brZO9wq&i zR)2Q-cH4H{WiOUa>djd^m(quIr1320KJ?Y8_u8ma*O4N^sO)Q3yxMl(b4T_0NxU3e zcN{ho!{PWcsff|S;ilNxJ+H34kq*76QmT4=oBsSmrTIwup}q@eS@?JT#Oz8;?dX|j zgO!^`i1cU$%+b;scd|IterLJfx!>C|FhH=U}$7}wVirQ5fqO3fz1 zr^eF0uMD*L&8bB+b2X_B`@r=*oBD=JvF7xMpX0_CngrUsD>!I7?8S?(-{c=%=BTqg zg22_WVsP(JAy%}34gKy!7B*iUGck|HnDRJghd39ERT2EO!l(l8_z`dj;cX6G9s!m( zDDW4ftb;nA2m(h|ChTyMYPH(cJS#1{kj7!UQ0o@5Ve^e!%~I>7~kyJDvF)7E*<%#?_-A&cTm_e3~9A^0YEG20sXRAJcjJ3-b{$N(VpM z(}@gJdqaXFuELD*f>^xD;W2qW!D@HwOSbD@l83Jtx>S<%);dy*7B|ZBYWOO|aqSNe z#8MmIo7>^4BG^Wb5Qo9RyrC9&G&Ro2V*w*57o8c6mW8OP!Ip=?bJ>{Rzy=ecl0PFI zU|^)Iff!Q*026#~rdFHM9R4AAD*MUg_lyPv(<_~)#r4W}*}ySUw0(L2aV32jHJ9Rt5<42fbTh|=GWS62E4 zhGizSD`>K3Q}6F9VtXylz?#dMYaw~ia0&2?mgdNv_^ z$1-X^8X3#*GQx9%Qm*FRizRi$b*|+V!731lfI#+@pg#o)fyvKI^J-xoI|fP_6|}V% z{xSV%y$LG?BB$7nMn?8G${xhy4=;}sS@d@z9>PLK>-LX0KFB2WG1m%4f_=<`ILRgye>l~plX@Sgh}Q}>*pN>GXo_J}I<=E99)z`H5B*K4bXzfC z6A%f>MU5@LU;|!qPrB&Ltrm8p**H|#tuHW))HC0%cKa>Nht-p6bTFJ zYU?In7^~9=JtPqap;iDt(tVnDUJbTZG^>0!Bx{Q^C?8s%?7z-q_+|5DF3Q%~mTzN+u9Xnyg`iMLLZ#&M^9dM2GKn+vCV zBqCfEWdYT&<=o@#v2TZE?f|OOFXmZ`ctRg>eWi9xuG(H=?QLUd^<4>z{(@1_BR&>d zQBvSrcTl>~+zO^O{f_DlICOJo)+aA>s^3@fHh5VuAGty^v{~7iOseOR)~tH)m8`Zc zL;BtJD{@C@oTmF#d(afV&|jF5iqE4;6#;ql(k~G4y8%O!W^%2Uf6ecluGhyVlCavW z1-vhln$|?V!1)&Hk11PCRY$F|5z{U|*2?2|1Eqhd&S8|@vM9})Gk9ZPq#2tJuGhJi z?oMqQpPv7i__9{fG9Mk{{4-;x-x>hT2$0tCbGs)fj6XUA%zBEuaWNt{5d;?EAq>ZU z`8Zg<%qr6tj*&&q^-xEUQ&J~_O?$gc7E35=L}cBUT~zMNTL!A_>ed`}tYdxu@|OB8 zg+IizMzyPo!aj`n0~Yd@Pem2JpFcgkVZY5|#el*d6>zw)lTzp5#jWJsT7rxM4*#Bf z1&N)W$74aY4SWr0r|@8y@w?;_M!V%(B*p1xiWvjKS=@X)RR%aKXz87oZ<63$1*Yc} z9pyk zXC}xw?YCY=yK(J9m=f_cbmabc=u5f%4v&zC`(DJKa1!^|rr|Q(E|*!)N}5$5 z_BQK?K}n8OfOUYRL3)pOTD7I{`w>ee_?%Zs$^NT7>fxI7aeY5J_s>H1^_Il}MT8t_ z6l$a$C#ZOZL+qI8Wy)L+v!Pnn{)6*8_LP`<2 z*o$0Q#4KHwe6)^h41Np_$mt!7T_kV{X~kG92QeASdN0NA)2cIB^O55P z88gvO+|t$clZdV@W?EEk5pWbQW35V`X6n(Uez``xH3F&GSt#kvL!NrVhfAx5zdDF2fm?``s*#?MF({<<9UM2cG;6AJ8O}ZKlyo2?mBkY8QaR`Y>%J zeSmd$gbufUDe+Ld9M-R`=KPrDW^dS_rjD$^XE+_QBl;K2rsCN&`Vwp5l_7lT2B>fw zBoMQcc%VR@4|0@8yG6wU<^P~B8-j1;PDK*QTo73n^qG;ks&|CQC3gdnNP=`+D?@}) zOq)~y)2$<1YmwB3Lms!Pi5!niO-76!<&lg@OLg%_)^5e|_Lp#Q$%k=&!Ps!wAIi;} z2z2mO=Gl0nU=J{txwkvF#Lg9`MoW@)ISiR6AVto?y`Pl%-IWW=N3(#&h#16B#hxH4 zy-Mx+yn+#zjoG532B0ZxTH>UrMn)KXP95i+aiudqL0RB@&8@n?iOILqJyr$aPwYlK z!stS*4&RUykQ%{aMkDe`pHm?sLLppt3WoB9J)o-_3b0N3nc7Fm&jd^7s~rz?TO~}# zlaLS#9Kk*9uQx)qT6p9Wi-HJE?{lzw8Ex!lV{ojBtZKyC#&YZ2O@_Xza7&}&i^mwm zsqh5_pk)=ciV+bGEKhrB<&MA&Yl+5>#e`&V4SXU=lIpA;#c~8$b`d6Bp*6Q5IDLEp z4mtED9`suAcPXsRU16!|4wxLNr)k5L{SW58Jdmoj`~R4yC}ScK$IJ~Gij0{KnTJF& z&kmBILgq2TF^42`=IN*uAu^OQ562iPGNsHzzh@ua_r3SNdB5*<|M@w)(>l*y&u6b^ zJ?mNPnfBfZ<1e^OJvqGRuh3kr?Puar_0!DbIu|=`V1GRncDG+zeyHkf<~KCH`1@lx zrb314ohR@fw2m`}OTX;u3ecvB2nw~ivmsS7x-!p`U2f0f!nP#CN983%UK?I8{-sJ% zkSp#~p>2bmHtxgYL~S-5#Y|^4Eq9UwFTC{z1<$T^8W1_;u6(nF8A?bj7tAZ@dbL^hD-8M3Opj#YikQ=#WTxND@U3c?)F4g(hf4Z=G;Zs z#f{zPJ8L|Ve^lM*bJDfGr@5rWqB6OjQoA22+}-j{Pa8(OE)PG=;HWypo%W*oTu?49 zir(=(mpr`432{1sC&B85tqvgq{^fF_o1D0o0RLSI&N1^71`Pc)WU6dB7Ww){)I)M4 zDJM_l+9^h;&EK;U#Qh%kp2vah)~RZ>RF%3pbnki`LowlOeui*B+2@i}T<(W$FQZ>b z#jLp&kE7!BIPIxisI(QA6SN+PEdGGGgMV%c$AvC0sSmrRSzglhFeQ3f!pf2R?1l3L zO2UD@iouL{=`yN=u`Zu9^`1yNVVoij(S(7Kfo--noI|~V@<^ND^G8l30tU8E>L0mw ze$JbAk*NRJTh>uC!Cp2N6+7Rt8+?{3EQEaT``Gfi;};fcZZMFsh>0*iOYU_S|D22y zG8etuCoXg%y_o!z-S&F3ZiIYLTgmC;%t_j@XETWvYrZOal!R1%OyT?R{bN53x71?D zmb}?(|Ft@|-?TQEF8zS55o`^*9-H#p$cn2h%1S;#hc}rUeQAER;oCZLh{eXQp+Tih)f9m(D@ZL#Dev?&q@Q|eaZv&D~+&c2R<^izfqm79h zaV>eJib}Joqbv{QPn;ZQSH zT%SEhA(VCgx%8-alKI2dksWWE51A;uCMVMCmz^#ylSAUi=i8Jw#@l$=E^n3Qn;*H! zRd-o#uTm>%d&!q#fmi#jXVeQqr>wE+yEo@)`>M`tsNUUFV4SS{HhNQBhhJh|p5qmj zj!=J%6gP<^d0(v+@j~Ub$sWq^@_Dz|kf|TAb^p9iQ&XQlz5ay#dmW1X16z2HfW5xB zFgzFxcB~B^hs1#G`CyZC{n|Lj4i1q&V8vA!6atPy*3Y0Zju_;N1@sUH<_B!s9y+;= za76upr6SQ7-&Hh98}J!{S0##Kkg0ZenIVP>46??ljRS)QS)kAOZVkE{!3mKaNc12I z!IJ8`4YGS+kQgL-s0LWoz6_hU;PqJKAFxeiHi`-X7lSeZR;OV&*!=YawukOA29SbvbqYT1f5s|NYg-O2w8Lix-te?j{E`J-528f8UkL=G0b1The2jnp%Cm) zo*g856y3&=@$(wi!zcuL0SNE|wlKbpT&P0%Vv&cDZEzGqbbJMatU#j2)-aB#5O6g( zyPJ(h_`XGBko8*_J8rxD z(Cp6PF|k(NKa2$Rt~>-8vB}yv5}kc`Kxu5fSYjMwtw%wV1IAmsjePMRW%-}g8Vj@r zY|{e+$4LA%Z>(Ou><*6^4c@m3HD3gL5Na}|+s^1=qyJf=|J02yXzmqAw6bU?P~exn z(OvY|@ZsUufHOhXB2mbSpLPwEci{!_ZHF!~^C}t`3~2Gy0CE6$2Mm(`AJj20MBqEn z7&xOPfBotYnByMC8TsFZ!~5xmepv=Ztm|nL9U=hEZvV432BO4&YWiO(G1nMve~Go9 zD1=c18bpW=@nR7%3+Vr@J{B1?#`VA8VdE2uyaHhY#RFet4fRL1~t4vcTuuK;BB!8Z_Ut{emhJUqG;^kl)*32*{?7zDPdh z0~~J-V1L60saVw!vST<<-|#r{1<;-}Xd%-FNO%F#g9X$}>pwsvC?iV{G!W?VwE@tX z&PD+=P%#IU<^w=cWrFZ34#LC0jV!4UAY`n7j*KrdI}QTe+dKeKg9_jnEC9sn1Bw7o z1hxXA5C~^A=rIfe@(4d*&TR((0!x6SUV|F3y>t*DXdOdvj5BZo=>Bd5GX#e@un&k^ zfq*AUAkpmyT@YN3zk&pg@!do&)PsNl!GV783P}IuAv24Bmt&Cr5x+c(O^k!05KtP% z!5Nv2(tz+15AFgg6Cv2|VUPzF7l;Ac2eM`tjWKetgM)qy)Z6<0Yw4itixu#BjI z4vuXfU@Uu}1^(ZFtQdGIaQ49Hok5g@Dr6hbt_NhKB4I(1z)&Rk$4FSHe$7KC3$+ja zT+H4u0tgD>iB9j!{?~6D{1_O13^9I;EDWU#`!$|23c)eHKjH*t2jM~ERY zBrrc2I1B~{GX5G+0i_1qJ#ZS}8xA`A!1aS4Pk#l6fCtFp!$?>Ha9CnwV8@hy&4V(9 z8c1Rf@G`qUEqWK7>iSCo5iGc}EHN;641$G<1dcig5gUI&y#mNKEaWEWj{UkgzrM_0 zB~5`sCa`IY?+5Il4zllq;>cg~{zA_Pc$+9@ufq;_>Md>1_#l6yc7O_hnf*T!Ij~+I zNCgm~AiM`Uz(7I&Tj_qqb{2B_K!f$m@mK*t*_{rL1|&%ZfXFJ0?=Cc#1AUOW|44%< zb;#|58rfx+hTx2l=wFmKMj0Qayl=@YF(fc(P@{|=0L(}k_SaH-?2pyQHxOqaJjlX- z1t<$g$-@0Wi$lOrFwm6YFj;(H=Aga&1uzc1iylVS@1YPtfxBRW3S67yKM+Y^Aae{3 zO8^4@7%>b6ph;j zLVv#G-x3jWQov&YiKHR3ZiB}lXbumjfkZ=IKN~w^2&@`Hx-@-wJYRkgKOj664KUI1 z3YrS_{9DEQGc)i5z+V->QB-SyoCbap^AEgBA_nsK-JpnZz@VX6&N15d=L>QJl^%3F z`ioi;AuH}iu*0j-spbGwt$q=F|KT`&5E7I=BJ>ANpni}BUekp_kRX8ot_V04_zC{| z10KVHl0kT*e`W@8_XlhiWJfq4vD0*M&YOS00^Z~If`)SK<2s|k{2S)!PnpO5#Eih2 zupJzQGBU#YcaHJBoj-BN{DgCMe972)Mz7|K?p&d$)4R7n;a>fTSru~ca|n148jO!q zfHx5ZGegsVViEm`=NLg#qOgiA@{ue$t>!}Uy9)lytOIlfItB1-bpL)A2uz`ZqW}Ad z`zZ#-%^O70pc1=RKVU;5obJI*KLP*ZA@^+XMt|w~LFRPe zF)H*Yywm%QqAC%C#70K&Gx4v}&v?M~|NYMn{vTC_LXg*Qp%AC}!H^iVmjE>=FdsZ5 z`IC(QR{Xyal|cwbA-MU`cTJ!~U<1Wfe>Teh6XK5y;6{yEILZ*%<~VdU40s>uUu^P^ z-2W#ny^Day1C`c)1r8t7*cu>zRf_);2+I%)qAzGJ7=`*a00P17JFr6{MpuEQ9AG2P zdjNfZ6%4{X8(tp-YNF08b6+4QdP1F>3WtG_G|#JRTTugZ9t`@PLDW;8Hy>mWPM4M5zK-4g3LE zU%@Gn~`U@!-U3bjad+u`Bb zfWwEPCN%g!)IcMJR4{vdXgm(Y@4EYrqJ}&^G+B;ZIXs|{vMRF51R4#dVIv5bE64aA zx-x+6X&XU-69Sxud_FW;j`;^3@6x~2hoA+O0(4me`X$+im(Y|SJ$wfAno$Y`V5SJH zWCPc7=<0yS0oM+#oA06QAm5G#)8)=f+=s`D_?Pw~z|aE&bO$PU=geL+W#3|Jr++m9y?S>Mb@mNwGR)tuRhS@Rf7{PfZ7G~qsWTG*Dh!scOmhz zV-f7qV5|V#AO;x^@ces!w;B2){{c@`^m_p)a(>ob%u7p%Z9ilHy!$E$Fj#nt#%yC8 z0TQXU>hwMgv9jb}@iZ*MPheq`wNWNm0>L6DI}foLA+g$<wE>v{|5VKl}Hj?%CM zT`nxl85H8!PrT9ntk{9#eqYTCbcy#9omWh;{21_jB%nOyY!pg#7`ctC0XpP{qlo8Y zQ?el#jnx955G)?cSROPW!_udpVu={_=>RosilbL-X%IM-2t|#(ZZ&pzEIQR1gWO#} z1LJ$3I~~w~g=2(w{*+TZg^x=JLJ>&m*r0BMP*#wvqT~<}OW_l!5Aj3c7W8`K5G3#@ zG{ysi1lA4a=jYm4#4WIlZEW32L4Xk@=O~2#86uP?Y?e+YLcpA;RlW+W9`8|7Mh}A& z_ACf)7Oo9Cy+|H0&b4tK%o#0YPFEtTEjSk&K^l@YsyV5=ktWqr&XaWC_df*f@z4L z=Zld$4H3!~LI_w0AP{iPOV7-&00Jlv>h@*_p;V2KsYrA&SOwleDGO7E!=FKnY_V+| z`?`9dY1&2rWsT#`f68_e!c#hHBOuoev2m`oE`0<9=)YE7h+_H>Jx;rBH)$yLUfP>@L1&$yrL$fPnj5ni5KZ2oxjzv<#L|#?KD71u6UU zk??Lg1bY=4vxL;g4*zX6?TH2Swv4j#I zN+TPjL_@lxL20WZed?hgjzKc|w!u;IDX;f4AkH7##AZOi6AFJ4$tk}(3ziS!KiOJC zK`!iiRyP9dGr}MjfsY5)LWhBRl7~FNY%}ojr{O4!FK8Eqpicn$X@|rDLNM>bBM{th zH1G!42#$^d)L~@#v+J zUSQ5%4dAV{9UgC%6(xt@FWmz!3fOTaka6K3_4=w3QAVIf*DydXG{zhhd>dJDc=Hni z9v)=`q(V2p04`n>i+A|SMZ_Xb!xIOfideva{yd~S%+s|d7f!+)Lj`#Yj?C?nXb_dBDYav@g=8n5eN%Zfq> z0S^xu2-rjjdIY|Z)qtx0I}-gx)7dC2;2;*21L}?=O@6>e4v#1gM-4+Q78~mp|FD)(knUU376hgbEPXf64kkCSu!%qbQII>>Py0#yeG=<^y_Pn>JePa7iQr22UU*iS;n5v8(!)(7x-?4MP0#PWkFcc91d zJp?b-?_&|CdcoE*ZG;h)0iJ|lv)|96!RU%5V$MvXDB#dpHHt6`rTxTvM~a{nRS1y0 z9&`|tp=h^I2njgLmyJ@^MIlZ?90=A51bjbF3?b$Llmbs$-;3MBBATV1tqa4l!NCL_ zL>Os6)dC?BLe2|-LZ8VQIEoVF;KTB=SS6ymu}JBO7xr_<9zp$vb(=AwL%;8=kjZn|AQni-F*Qo)C+=lzkV?K9YYO%f6HWWzWa37rBcbiF!5- zoh1QstyBRj5yA`sUv2PMP&I2^kdWUKI}q^u8gNv8HpF~d;5&&v7L(De>D&qyD)1;& zd*Cpu%W}F75wV|0KdwUHdDxl(i1<;UDFRR|8O4A>p=+z$_u+Oa^F8 zX;|hS63%XJC|5w;G)e>_PzWxy{b7o7{5kNPchIK+3rJI2zVmI^PU3zIO$Q)=LG71) z*a%*QQtk(!dn*t#JL;lT3}8mU_dF&Rumno&nu-uJZ?NKp^nGX4jJfLJ1f; zKxzX?z@i|?y*mi@X_T@Kpwgf`2+nehr7J|hT||GblPCRv%^cmgO$Dm}Ja33knevlH zITawJF=jx6D}Zudr~>-i(}Ul&A69AcAZY9vF^IL1@c2 zV+r~4ai;`uDt5naR=`dVU*L$K&n!R6WD_unt9lx z(3o8~8X^4_c-fM}+X^S-@EsYU5Wn*RW%2{220ACMhsV1BDiNbNvhVL-!T2b_J3Daj ziHUHa_jN#jI55i70)n!~SY))!t~V^ZfH!xPcYQUT)Wp881H9Hl`q*IVfR#JrfR%^- z7jjQ4XQPnSUT34%c236CnDm4o=h2)YjC0PpcV-rMsfS>Rv$ zs9DK;@fVk|XZPCYBzWKt74-?t3tL?zHB_LNjh%aX zPQS-N+zNGCyGSd3Mew)7JtmYDLd|bNs-N^VUE3@&`gjgBs!@|BIXA9s`?1T5?`nD*2jY zyYfeji4+TY@amorMZ%gko;fiNXze-npJbdIzUGX$-1l0BKZv#Yqy@L3*}4m3Z(&fe z8Bwvu2fHC-#nmUi!8Owq0&a6l=4;P_9f;{=U)#LN6ccHE6H!E1Mv!o>yop;rd#O`b zH~nplV$a5$$G}F%&0b=OHx+Cj-+35*o-;a5ogR6P0w+N9ez1IVV7a8yC;EcRnvGrY zo%YpHiRhhO7SbOu!rV!y5$#cooGy9CwLs9#^H{}bIa%f;o+TxZN`goPgT5YTVg(Or z<*q&uHjla%h-kNjyw`ZPR2o{ics-TNig}?>OnWT#|j{y(lnm8 zDp0Vx7j+E3nufKB_U>f^0|aiH5IN;LcYHa0Oa$ zg|P|fR7K6v6^}{D-NmCT_+rIPW%Vt_Pu$zJ2^ilnw#;je6VH`?ome>YbwERq5pP>%|(KTd&*2Xd-`8PCNA(L+UtGd$ztj0rJjBo~_RagjA8n_;4K4$Rcqv#&1qfZv2Xy4E_ z9g$+A2Tky6Ao^K!5SqN{gGgXiE!iaU_urt24uWPpemb#8$tr8DL({D2kRqMUGcWuw;HlTCSasr9Sa`HTjj!QWsK9`fc* z5&DMIyTH9c@lNo7s}3Tu zP7n2D>#2K7qCGZ4DL;Q-ZPfbGH#>KQmk4u*>aK2S3Lw36?$}=~Kg$<)p~1~y2Hmxi!Vvgu#lgvu4F(r zH%_6#0DZXYx25{HL7n zxDadi>Yg-J)ttD%Q=RJ)!>l_om65t|qDz*?^xO3-2~^P(XS-{iADMm_WgrtO(IR6U zw9~nt{J}z9;C=)R-HU5GQ>rZ^OG|D%?~BRw(}bdn`a+LHucr~7U`S3JSvmJgQ?$cg zhw!G7{-fe=VT$c}6bnA4*_x^XH?EH4R9CVL<>lTPUy}v>#67!wUdB_mZYSRIg+DCf zJO63HCSzy9DLwrMEX^`F(s)|p?GIQh#W$vw%^?3DFkz`Zb(q&L&%mIeImNYfZxvCqG^;*wJSFAO0AbrgaKw9-+6d4SM;$ zBb*)ZAe>o7H4GXnS$Ur+b4nd(#QY&KXSuFnXq?QEG0%9Anaq(Xc-Vw&o+*8KY;wSZ zsOd|no%fk1&X|zN<+{lMC&o~0iqsQ8HExIOKJk`%;!HNs^d)5S3B)&gNrWk3IU;ia zN}LPT>IGeyMxKz}-X^Uf6XM5A9?LJhMe?1D6~Dgl7JTR~Fl<6<%hOi-nv===J8bpR1`hp4U)&4+(ydv1YAnNrfkuR^ICrIW2I=ero?&y}uAe#o z4qm;qv79Y+B+r@Y?{{`B0v|alQWTN~ZZesa8mPfsdZj7HGm1pM5RJW-Tb58tYTSv;wnN`(%cjKw_?msg?=Fk0=5j-g*J@lyT-Dh~D3=_xl+e_c= zIhq!eM4yUrUh{b+J+vlqZRG^_qe)y-?y;gH<=3+egjVyfr$lwL2GGk5#A-EGgVUzVvlh!#ErFx zmR|q3!xL;ObiHMu+mmRHe2=*xaO)M0o-v*5Da+>2=Zi;suaaJ1&d+ldB~>ZpZ!DQQ zY9I*g}#)g0OV zJD-(y;Njg_+bNymW_;(3N2@tOYcBkfp8=C@jYpz!#R&H(YS`)HP=^|+%EjAsryTi> zoq`@#v|ov`dws`+mshAEu!E!q~JaXZncJ(%?| za%rCSRO8OK!Wl-N&bw%LlEtz0Rr-lwc}KZzmqLnL+ukp&sOUmHREi!*PnUGRyS2L4 zRG{^K@bP%kHvV8<#`f{#%CjMvBzK8xJ z?yZW_?J~VlGq79tiQ&bj$_+0QBX=$_(FYk7VHPS|M)|b1vd4qD7nH*)>NsweTI~88 z#E1Foh3JPqKYP5USDmwFljNn>mMw!q5u4ZX{!m^Y=}{O@JAIQ|9+DojW0LW^A14_0XRP&T}A6C{MVd))28s@#I*rZvNenCCvHOSF~OPrwlnXdCSXJsSyUo&D7CM*RkT5S@a-W9=|+$CheoBV63Wv(vTHc~zH`OZ^ zs}WE6=HH#4pMq)|VfJw@bYiBHFOGE0oUwUDv@7j$pR%<_MdaKY120rRQT<3x%sJaB z*PU_Q?bj_41|<|WN5M#?eUDj-MZphY0k||S$*QkqDb{r zP8XlmxkuKSy&l|y8 z@!Ns9DV@|oGaCw|s+YJ?OOv$MLZ97S?JO^rbEmSLG`3Z?7?iBWJZ39 ziRpH5>by^jzOJ3h0NbK~op#ZkR{o!)F9k&X&bK0nez@A4thL@kr#tqle>~<#dwE$)6R{?_+RM zP6nKD6^w(CGT<|kT?^i1sj8Zu`n)qsDSyuP@zA;ac%-n@cA}qH<;SVn(BjRzmOkQK zH;6Tjm(ms1mO{j*XR-(?&b~s{afTTQ7`f?K%`@{A>y^FNlY7>rEmlV&oAR))LJG51 z^4{^zPG+Xv%1kEP<;lnVMna|m*(FDx^gcEGF6!;X6#T@g)$^&%1&y2WT=&UTMT-I# zUV@2;X2M(&+wu>FUZ^}XdADQicQ1!-ml2;Dd5~d?qO|u^=_X9 z;?;?$3!ZPh570{NyGx@ZMr6`^R>4e&?zZwM^Vgy(K5lB$;pSIvNz86>Fa~suem#?CAad^f_^&(}v#@66CD% zUVK_Dx5;}xv&zepO;~eE9Xu~xQ1F8FwTIKkXdhLBn8D2(>@@$8>{1kl_!rlw6A$jF zs+lpPK5BK1J?@lF%IXyi2)p_Q*3p;ixuR5RIcCMqDO~xyD}94TDXyC>w0bM~<+e{_ zu~yTPwf^Inm$%8w^SG8rgsbC7*XQ*aGS(2Ux`}3e52x^8quKS7MoOYXcGMLH z^6j&D7MlzOZyS5w6noE78{ksAx!^X{VN4Ka_a(3GJQCrVPt6{gq_xTVzWYY&l!o%X zQv-7rcnj;K)k;TSWHE-CIWd!}GF=i)YN7&W?~&Bl-2$daLmN@ALAzgmRsQ0yNgL&$ zcZgsFokBUdJM+MA>S$KLXug!~ zCr9^&PV2&%kmpffZf*nvD)_>^_6=9SO#$-KRRC55TSYCNYvb4A`<#qy%kO*(E`Qoh z^q1;kd>3t;z(8x2`+jQF+(lBFEfx%1ttypL7X>vhc-&@Z>kVFLjyUPuxmKPNv&_3H=*QrQoN;zpim!>uBa>22%N|#8_ju#Pq-15rn46>S zB!5A!_MO^rK0CcdhtQoz-H#lvDAd=-KjOarZa_csu{?i4tu#L>Nbj|B7?D{cab~8b zcn4wR8yxMe$`>{U-R1iFwS=<>SI_&W5=+z1w}+^+D-CTX4nF5GbaDN*mT<>+(7fD~ zui(Y?74COjy>1u2d@iwQ`>O)uu;)(sXQsQVYXby8S4aYyM}d!mpQ##+LIwT@*Do?SI$%KKAG!^ zghZM4kNWE%bonTG6pq+X;WWHgdHY*$UE}9Rbyerfwlt$*1=*S-b&1~t7Gbw5$zg*> zPQ_1)YEe67>Dsb|Ic=$YllF7;0BE@mFd%}cOl#{fO4>abO@Inm{;(2c0V z-XAbZ6@9Tp$t@*viv$6W<46(i%zNz$*}N4S1oVkoxJ5R~{`uS%K@9@Qd=u>wQ%SUE zSafFk2*sj}PP6+l`d$!pO>Pn+nhgbTcIG)`ioE`j)7>Sd1jpIM5_2n7EDZ5 zdKtGF&%Ky%{f^V#iu$ceZg~V*j^dB+(>M0k^plud-Llb83#DOuRK?3*XduG-a3zGJ z2~l~DjK-EAf|XGdmRUxt9{)Npu6_6d!^~qx{;CzJ@hCj)s`8IMQ=jtdG#~HYaN*!| zAaB8$Ho1I?Gj^1NJVZ-o#37%L-jILw3+%U!Gt%q19rwCN%{+SBF@`rPWy`OGiaenv zjZ@IK7jEj_3LCrJKd5_>y3P{!rNv1*Lzkl^Iw8%HzU&q^CB@q}nztp(!)!9YGH5Qn z4LL6t7x365--52#-LB*;8L@DaB7f*ff%j8KgbfDuYH`PvPc&V9S6N3D*!0}fRykiV zrNQiF>wDV8)HtvyM7TE*6Y2Gdu*@iP;4UQ{``QK{#S2#4iK3EW#;3>h9*bEKhfqWm zQ$DS`Y@jc|C8#JWrp~B!p?nQo8&y*^soL zHI)6{Yxb(=uduFC$JiRu+R*CNxx1797AwGQ-H0qfQQaq3Y&6s#%+hZ(eZQ%%w`>+d z&G#^KZLuPug@IC)KX-4I=;T+@?XWMfwJ;a}I}% zBH6i$ds}5K<=e@xm}x2>z#Ci0`8g;q3^i}PvA9)KaelLI=(BP>@uGGAR#R+0IYW~^ zyRIoWSG)=vm#m(KGT2-vp-Mcyrgv7X38CfpsGR%LToS(SmOy!nHZ0ydIem*kp4;KLCxtH~0Xc5Y%kH75<&v0udYCrs?`Sy9{0rMR-txpA-Ws|W{kvbuM|H{vr~D+ zz)oWL*^{-qot@F}{R~~P6<)*Obr1+dFeSz6)|blku0B}E2-0ZeoTOe3U-hT>78(7d z`f)AYb*IIdRi22Ev)}s)c__)uowtUlnrFDxa4l-7l0TEu)U^;7Jk(`qq5~o9qUm_l zy8>%%Pw+zEI_BcT1x^dBZY6ll#Fl9~tuEUZC{SnZ z#QR-H*C;o`PN-4=PSJ2mKCWwW!f?`$Ot4ItFTW)hBn>0vd#mZ zKZknBHfG`Vb+#f)JF;x}q*oCIQR&8Ow(&hxjttHb^URy`8|@5sS7ZjYCmQ?xvbe`# znuGJ6d8Kb&<_+^CdVxI#W^pwqA{Lu3ju#h;i?e3yo#YSp!)0z77_=UCO(bznW@JVwb#ep(XFfo(#Fg#r6y}ApVk!_%_;~ zA}F;V4!xd#Gs!*Qx6yMrH?zckIO+Pt@VdV}Q%m(@hcSW)!%&~c4%a9P91Qb(@;%2S zN9^yTtMlzgKkaZ{2Qc|J>0T7tGrSI9Nn^hnnP=PXallurM`Wn&|M1o35t(Frz*mjA z&}dkP2OIxj}bmoL%9#XuvYf>Wb0jR{`|>{#`d2egJLcks}k)ndEJQvXWi`-Jg;gYE#xpvR{u$UAdf zK1DegAxnJ!ZiF9AR_`>YvmV!dz)HzKlJT2tK#an77~cq;d}{{&ko>%5J5wy@2EVbG z$yeh6>%{t(iOpiotF~0i_X*8N-X^yvBQ%?(+Fi_B{mWlil2}SU!MO;yd5!z4OFd>C zc1Y|_5wu0*}0QWiX=5Oa>hTtQH6au5s#(*_Yu&;=Mm-HYvqqxgOO z`B{Pl0%?w{sdJXMS)I!+Y;TP}86w&jNo~HCN`9<0;!Yea#+RTlcVOqT`v@ovRrdw1 zi`0XGCyD3N)QebBVcHS2u{2*rVan1$)oz8L&@V>!+4%DXDo}))FYgU41syjfHOPz% zqf8Ygh}mQ4>#@)TS~b$kDP3mIzG;*%&|!JW2sihW0~Fh})SfA!)Xq_EgY-FBDB@RxLq zdZg`Nh;!9RWA=o$pXo{z8YBs>y_^@^T@v zKDur(bqRlprIyBqa8E z$V9OPiFdGVoT<(IvPX6qlDiNtCO{!kshPtgyV>!y>G+rs2Ed!aj}E(GjJKQ zvzn%_0tDI$dX03+ZUtS+A2VyK^bH0giy$4I^-A0aJQQ7s0Jxz%o{;q_dbu*UapS(0 zU>$v`*oJQ{s292#Rg({d`WHn*$OZYr=#zV5FK}bL zHg7}iPGViOh7)5V_OLF1pBebQH5?4XrXnl*k|{dE3KCMKU#ThEX;m97`t({~MY zEfwarfFc?eW7G9T)GofP6?TU*9wlBBDZW^vWTI48lHg3!Z~Nu*dS7?JV^5~n{+|0R z4b|kTnv0*YCvr+07#6S~x+3aRPnLgMy9XpOK1Y{XV9&IRJ>gva*5V}=rsvjU&r`Jd z*z4zby{Z-$-;!K)8+EwDc!{jyn0!X)G7nv_TN__iK-Sej8C7aPg2oJpP)s${x`Fh?S=~jEC{^P;0Aiz(SY2d4`c~4n6*v1yP9V+^ zelMC^{)Xq3yP}5z*GzYlrLB+t|4aBQ;H9M#3m$8HU8$68{qQO9@@(_7jkVE)i?d($ zB**AJ3*ITenCj*Aw)@>w!C5Eg^Ws;I=U>Te*z%2DbIS*+o)8AlRAyN2xJou&^D^#C z_Q?1&PRcHawL(|oxg=@ltR3gd+-<{t5vR2W^;59Nh?5z7+b4w|T&JO!$Dy(yB|*!y zS$LzC&dY=gWybUoDz`Nxq(1BujpMk%FP8Hg-+h0n+DfkVS?WX~bgs_L2qF(cw=@CV zoVd5k9kqL6Lp^~vJ#R%Z`LrezPgQL?it zoQcoc77UnO0WqxDSbvM<7-`KYUk9R)V=yC<#3l> z%B@f5%wtkl(`vIi))gjS_Hd&rZdC;7k_sh_r7c9Tq-QgbBI#yMcVr(`BcU^g-=LPP zEx(ChwfO}kdABm7H6l-_q}!coCK~D0Bty-G9N;{&iF+X^>TLO|cHA6NnL?dZHMAK8yT9d- zkp2|zn@7qBw8?t5NOWUMa8l5hqc4@MSm41_0aGdW^>xXqU9+nA9%^gL(RJQsG)PVX z1MdsRxl9KnYrBjUu_TF%)KNJC01nbHR4`mIvQAIG6a$4HN;dT($&>GJaw<-nE~ zTDO^Bum}qfr^-CKd}S@!1)g1e@dOv=^#p+~^O!1OZKk7VTU!6*wCML>FhO z4Dq9}jK^?MTdISbGEJ55ofLfPy7(RpIT+_>Up|+3zR)$WW8te|I_zfmWhb^iuZ&N; z>O1!AlSS$2&tLY=A`#!GhmO1!`r5Fqu|oWsb@k=8EO|9&Ppr+xxQ*J+8hV;ly76uD z&C|1+Reo*BUG?Kt1KVf`$H)#4~a5?o>;fBME0jH~nai z!omGJH1hw$pK{sxJULQ*mC#i0=K5)$bWw?D{I5_*S#t}$Uf^(wU~E6oIOxuU;gByB z(e9-JmfL{kyW8*&SY$60mAbl%A3GR-%!2~Sz0^}AQ}jI`K4xW0Pl-^xg`$o)*frzu zyl)op4s~Zfb}(FbdH`Zvx^%NW6U4AB?hG;XV;Mk*0}P%JSZBs$HN_g1Rm?EAddvX| zXY(L3ixhj+W5bjBX%HmWprATG3wqqf;JuOH(v`U_ptCKqpbkaS^m8`;o}Hi#w_V(ZZ7yeyy3lr^ppnJp^Ngy3pa*MH_KFdL$5yx~P{MyN&HQ3O_b zByi1jn$-UW$a4Xa#i?sRvD$wA_CrUmSWwP;uZ7oN7+Pz(KIzifQ>j?yCpYdjReWOE z&Gh*3r$i%@oO#1vJk{s<%xj89(Q+(S1s+I=4ldCM$N zUlhHW=n0w^W!KLkX4jsL_SBNm7k?2$#)O@)H%?VwX(!JJt8%{Z!Ns%>bZbnqisgg! zqcO`7UKg$Njt|eTe+nu)Lo|1_2p#8#M$JhRES9y{c^tu=^6qKlQ#B1+5j`h$T|B8H zpo0H26}T(V-&e~tjVZpIk3Hxnv(AjuE>lj8R^ZYd9ZCaf?`0}VLuuzm?gjGuX(kSp z;}57_K4&g)tr%9v9ahcXIsUA%t*J#e6l40d>(;`NBeT_{_z!10KgplwYwUPnNqI`~ zHBl$0_U3id#p-+8I$6bXg*u+kzn9I8mpvt+FLUi#RG#GyK9(J7gci?X;&X9Zn=uiO zwF>4FmT{zkU)5fJXRZ6Fw$z&Y+RpaHZp%+N;>5T}L7Lij(&T5Y>!vr^mZ;2yspE+6 zx3X`fh;B?ANoA#c*m2H2euB}zej(jMSf<_0QIp|Fr9XZr&c}G+vW5Z7gRkmx*=4yr zJ+bPZ@{ydJFUkhhMK~i)WgCgOG6y{mrpsNp{>7rJ)=$sgY5hSWlhK;$k--~jrJKXx z)rD&3>O7wPl=NDgGDqW=Ekc6Vo!3Qfr3p#(kQ-b8d#WV;R(!PjQnxefDe6}Cv$+a+C8GyzVOf&Uyr_JdL!QWnc-^Umj{~b zuUoY2a5IFy703(RfTi7^NDS}$%|Ph6-2zNLc~Qf%h(_%yF7*Zf^Y9d>9)T48CY~dG zu}KoVY4c%xPdFG=d8s^#sS-|Hj4HpRRU7ws=k_hkS=@jL^+Y-qF2nn|J2^eX`kFVN z`{7=>+R#e6!rDzBrSMuV%C9Jl)$uG-aL_Ch-#6}=3M0m5yf@t6Y>dNNES`9yZV#}X z_-$%gZMI5%m(uBKhO~e@Tmpae(+O;f6iNBQ$~W|4INd6)u>%N*EF=2~3;kF)oV zYU4qx3gP?$bAVmbR zog4VQ=e+0samO9s#~5K}?6ucgbG7-*`K-BD6q$@4=yW0r?P?3MEb0#UJ`1NsoP;m7 zOYp2_JQ2&Vtcu#zxs>`NaMhFZtTtI8a5<}6Fqdva`lKh}7t>30bFTx_ry1WSSfS^; zQDG8i>gzB2pStS-rhNMLOD^vrL>UAGnWp_EnRVPDthX_e3IXCWw>&=a{X$6^ouKr( zPXk7ed8691-Lii4wb*O6 ziVxm?)Wum@UwIRxA3&Bmm;bffhbvtnjRsk&nKSL{E_6Re#f|I}kKwJH@hr0u&NK=7 zMYefSnc};VyYOa2Qu{uqNJuG3MeeyAjA%MIXnp5HThzy8k?hw2XM+YSXRq#AwQ^~B zEAun9Y}0nm+udF#8GgRl7n^tB{gtH6oKBa|eszlzfdfn*@TjEBO=T zdfE(0p$21CUJD6#4qkN!N!Kn`H~h>w4REcaZf&ifPdv*)W8h3LpUvNLh=?n~JW1WY zm+D!q;U)|gq`woAO{j7WN1?IrRHF;?7ql%kHH9?8#REeyAXvEReE znX+qH!~O+8He>uHFX;^nuZ&@XD>5hz@!A- z*rGuJ(!GkE%}^zM)98m#A9(OVTy-6u3_kR-ReRTYOMzaULI2vl1U|eh6mArts+N&X zBs+4gypa`7%gfACWFB%7jp(;+mTJg+QPG}Jq(WyR2fST${~IKwJF#^0%sy8@?so~Z z+*?uh#?WyR90)WZ%#lEuq>{N_^6lm}x7N|bMOLpz&v_XQLwa~s(L~$Y;V6QUR0bG0 zio%`of=Rjy!T*-r&CbuTVWJY(LYBc%HRATvxk-QeoKL^7in#u|$p@mo$k%gn2gWb; zZH|3qb@wb5s~@mv**-e_r9aS4%S5JyQH0Pc4h$rpxGHv5}O${;-v!z_aJRH|k-A-vSU` zO9ovcm4S7 z$tc4|2QM$Lme0_vta*y|Pcb99%ns+J;7%-6W`Ac7SCf0$SL^Qr3xJ2(96pJdqD0sW z@wG(vG65H#7#*(+yU6iDiB8{pa?|+d${ydzU;i4WuFF@Ce^ty>6rkfZsgYhp`e^Z4 z<~Du%h}?60@2Gby9Sd{klL~ON+bi-gxlaR;J#Bj1MIB!vyHKG@COP|o4c9X(tJ`Yn zk8eF17~{iOA!2(+WGH!avWr8^_wANUNFIN~diYp~_}y5a9&u)>vg?1|0u%^+yuf3^ zYPBX@xu{q3!p-G}K(9SI9M&zg?Lfx=fhIF!SyD#v+?lwL?j#PH`f1HL8e!(K?{QZa zy`C-=powxP`A{9wgaxTRmK5u0zvz!hP;GW_+J7ia(URNL)Z}0kSy70M@MKU;Os6iI z_h!(DOs7tn?}ep#X-aO6^w3)%>f@7IvMNw*5sZ!Ed;7?$4iXWxb*yJ%$Z>eLl&k>X zc+79MU}32dvJO7gO!}m69Umpe5956K+IcL!xU_tX1V(};#*U1mdgDRLSnr9sPQ9Ww z21X`I{xt*iy)=PC)qDx055+kvlqi#Ce^HboBN(?K|GS6INxb~;{)^@b`aizpk7#A6 zxJkR~I-0apyJ7Hd-00hbPcLZV;Q2%8O^3l!Ed|u*)uGm1K(TmF^$>p_ z7*l7cuLY4(lE|a?OEfLE(;gLwr)Kk!j5mVxCx4vC25YT z<)7M$-9{K&a@hm71p-j#zMr`30+*^o^zZ0$e)+8S z{Y0P))7a+fpI)+}Q*i_|BN&s@kf3>&l&(}&%h@*FODYs&ze-4{BRpa5VHq2JNrOgQ zW#U{FesnF?f88e8*m5wdE49yPMqcRE{?zY?S&Kx(qe=amyj4W9@UZbjpf zu%i{>iaQed)aUNG>qMwymT={eqSQA3Dy8G*X|^93kv>3bMpNmlx=l9I>tPeF@UGw7 zgTNf}zk}vrZ6{Qrwwf1C0d|zUqimvC8DA%nBKFZJE0#iY2Y zX+FOuV*%b$Y+W2?&l@+GJnF9^Aq4Nwl|_qnSMGb#eWEatCw-0D2Y=~Vw)F10PX7FN zw2afYVp3|*S9ysRRm{GT$p}2*eYHKc zX4e0SgFHoJ-p^R&I71Y3+a_4#vn!IeVtreQINzX`9~^nZF6WT5AtBv*>eZq?5~Z%g zKsIbVw|hcqhw%2Zn-oh`9Hrm&wpFUF%rMde-IUxe;;5X1*Y@C|i(c!Ckc7fjEavR{ z#vB}WBPLv&=?w=61CZxj0Ov=SjLHxQyqt?S%1 z9+rgtI>H`W7lA;up;sE=y8GPoX)4z_Z}9ww!iTAVlIFWJ{n+6=qmWisjJ;&7Y#4%z zyH#FPy$F3F-z)HrP4&5V$~up&1?}Pstgj`hjBt6u`+21B)^Ks0qE>I}O2s$Q;jfOe z*)rpM!AFSruP8l!lH6`RR`-UST#!;y9Ik-u9%u^vlilvFx|9AqLREOmmv$}L&Zv>P zaQDFRj+(^%?&z~fq!_w!JzNYWW9NKKg`VmKYi2ecU1#{}=GhfjD<>RE_odmI^Io{C zL=O|Qi8R3vR!B0CZH$PApM>$mJmTM`V@SIu04u<^pq}`&6C)9Hj?&>>Un;$fy7jaK zs!{f)(scU9Ft5*41GU_a(5F;TrMU1O4rilL7LSId+Sl$g&K0t{3}8)4GevDmgN@$r&W39wj(+#K1P~S75BU z8QQfB3c+Y@hc3@Qh_mcref`?+Zbt#@JDF#1`JCyi40a#5iZF38u6VXeeaICMFf-B3 zs5)JE;p5lWvSYIxT&w3op@nW(lmTjL3i3;=wI6NUV5cBeTVE9DfVsT z#SvQ^LUMFR(TH+xd3Q?m^c}COdtf4{H-zdv-AT(rfw-{gUQ5zjY9Igg7fPwZi;YPe z{LSx(9M}VxRGYIw&L;8l3ROMomTRF!Ydp6dg}uKtMdB(G$M;1=q$%F%wiCj*@?9I0 zUjFqDKOmw{=Wum07f-)AZ~T2-h}@aNNtHenp>KK=*RaSZP{)x^0b^_iIprgZ#mbu5 zVk+whTgZW`HfQ>CbgZ({Xb+z)}S)Va@^=o9_Xn^}dLt_)#ykb)g@DEOe$Q z3PT0oIE~I~lH@ID+RW`=NV%g=!>f~(u1=&BMTegde=j}XHc>hR-d2v6nTCC=-z@Y_ z;OF+f#(TpJd1B*O|J*5>$0X0p&R%+miGESx*2-=00@*!1{?|L%VE9?Oebc(@X{Bvc z{JC9EAdeCJBXy22#n5$loTLCV^Q(?1gS3Id99QBAV{m8dMSQ-xI}w7pme?!8F_UW` zF#1^wO!9ZPgk3L!jaTBf9mYn(jrWGCwp%4YrB{ABDK;UHFavz)_?`T*W8{N|LaFPe z2aX>(M{=vsb@aJOm7Nrb1i0;u6}`aI_;=br12T9j<`_LkMq3*~gNwcW7gnZ*^xZW1 zzq(T9T3ZHE;c~C%+{BD2e(g438oU$PB>0K1RAXhJk3~)QB zmEWYTKr;5rA0UPsuJCIRHQz&_@ zo0qk;fqF6E=(`57^vI&+lQEQeQJ#U?wb$L}jL=Y|_UgqTZZp* z(c3vgo6BWdykZ^NV+_)L1?18X8Z&mAfqKL#DNlk58b7x&L@gN1ci7CgDiYq$lA~=- zyJynbeDjD7$vs-__{vLDd_4l5$TZ}I%V&y1m#))IDZ_0?%MXK?Zl~(MOKFk{9`nHC z>N(YJXVRYtkIjKo>)0oCWx*6|E-@A9BGlY&l|+o%VLnY^H|BaZOraDnjfsa(7HRjtw< zRLBo3;nb%^QGtNGV)yuNdODwN(X?2Bw<&P1u+AAsccm6S%!P;AJiaHu zB~UXlS2{~))EFivm4Vrm-*ylk+LL63>9==M@(cLpjSSIIMjlCoT5c0#;2gwk6BdzF z&Z~`S+-Ww=iB*C++8@#JA0rp5C>Z&Dxx8yex8$wXtlXB|Dfg}4Tv*+?;gD{SUWRJ$ zSu#SXJd-i@f|P+RpfCEM0Z&0)aa~cPe=e5d;J7V=aw2{d`}4AH9-Tn8g6m;Zn@Y{E zm>Wc*CwPK>-2f?;GP8y(tuPKp3a6)KPf}t?AULcCGYABdLX(<30csoXNP@KUC|MnMJTx}Ei9dPf15ByEm zK>m}@x9=Plz*|!6Py8X(x#1Q2i&F;Rc2KeCNC`T$#q##ZbsF9CJ4cN>D$2eGyC)fj zHgab3`IQAkxm({F)6Zc2pZkufhS8ezFjH=6mL_?^>lWN>`$pF9!+>mA1T&JYs#?|Z zr2$K=yuo*FD6?o7tWXD0y+E`WIuKKLH>4%Vq+fkIjm7AjcArEO#GT512HX1FrN-xe z9{!kr6yvt3-6gM(dc$jr-WIG@A$`n%&xe@muFn}4@lpHOI^=Gr>0T4nt4cDN-fouH z{6>oZMyznK-cVir=SjueeLZ&NJ`l_GPFK6TRM%DSV2-cS zJ`ir8{z`VE0<;R z_%d>ihHzL62uuw6&uKA0TEOLDF@`iS`^&gFB?CL}rkC^CpLZND>MbQM;Z@L6cgeO0CSx@0Yg-|G^MK#9}xIPW-@nXPk7SEjxBF~Oma8YTNxJ>}k{`O#> zzIxJ=kbtTwq(OX6!PQtixavE=(rIdXtlw{x|yBZa90^kMqMgy~0nmQJYcsvM%5BUkmo^p|W1HTFO@ zA>D*=yqqQybzM{UE=SLY8EGsQ~iWky5*wQHDXt`&6Qr54Y}9rruas(AOsdtw zyWDax2!@mUGa*~()R|u*2hD2e9^NG(Rr$C^O5?TqaS!pCF8Y+uU6S_~8^8p2C^Ko=jX${Q^Ld!PUAsjamIYLbhZyMfAFX z^nr(s0;)!VQby%?OmI@(#Sx*A;vZpMyZn`r66aK24Ll8tfoKpqO#?<)0+-V|ET)3a z*-cP#`9Zvm-I%z^P|*H5$P8N8K-}*!E3I94(nsW- zJ{VQOo<+Qod#2RR)ON_p)AwH^G^NP)%7(h~r0h(=MHPJpF{nCHyEouDGu8#BQ#-OW z@mp$c{|tyeQVsQhN~s6(lNz&D)6bYQM5{exU+qngrKg0s z*bWi}$r44pzwBa~CnaalQKpJ$AoiQO%63bX&NDt$GsB2p&R(}JuNFDzS`tnLJy&(N z85pzbSkEEWJZsK2z>3(m*|xMBbE~);yKmC$%)7N6P1QNV|G2c3Fh6mkmkR7X#m+z7 zrF;Hj1K-@r*YriDEnR6{c-kqHHY4RYNA^NNQBpzr+ zWZ77mIX$LN?y;0=>iSGs5vXIsHeGhg#si`5|3hAir5~ona)eu$g%axVR#A-p5c=CN zFQO@B>!|_op^cp-zNC~=ht}_zL}R8T)r_+j1DV0iseV89bBy+)`6I0WmG);!E?xru zc^%Vz0&xJpjm+N`Kj~En2tiQ5SH1K_ga8r6r7u6+;)wg98dSB*Su3_Wu=7#qMQe(Q zf*|rRkDDeSI134RXJ%<1S`%F8J|*zFHGl1{r&QG3{tYOT?3u18bse5un|x$<=du8jUhH{~x+%g`(qgnVTc|I;#p8X;)4 zNx8$~Bs3ElCsHv!sWt)F8c=4(DJK3l@fI4dk5mWv)Dcz?VQ!ZNez?U_o4fSp{0p5=kEsvT>_pz`Z+NC7xjmh`w9gA!TD2~U!OlQO32;r`s1+m zm?2%x~IldS8h z{AHbbfJ?D1XD9>-zag+8*+;w*mzOL06m|-HXi*7Gjl9YaW(0jPd~hbEhl^>o#=Tj8 zKL!M0LGq8N|68zYstKBu!=BQ1WIvmPsn~M_=7b)GArlxbK93&Q{`x)+1!Oid${?*s zj`}Ce${0zVa-WIR8SGy}W3FTXpIli8e;AN75nfZ_r(sJ8?;|P@oXUEBcHU1!Ts_V| zG}!aP!*BN1ZDQW(#8axvkO3Ys64d{tb$}-z0qfiyb#g4i0WErcG|Hz=Q72J$mwdh>uaTMc1e3=VJW!F*>;7F6oBH&C{QVR@s!V{ zmGe(?&MLeJMi4=Rh!P!O7A|ck2f|>HT`Y`z0dlyW+$?rExzo=Q^dtn?waWA|R)F>&W^xBM)6vK5s9db46aBjj!c+ zmlQwR3&raF!ZflYr#qE4&3(QOTS-!v2ANluc>A`bD*urR+z;q(I3v8_9IBn01DdI^ z6UG5Dc);QJC3g_Wa8WNh8YnGRi*VXSctxV^i+z)ylL#r5^r!slCCz`{l)=c9?U-;p z_!NJX{LsBJr&sbtzrOk(*WTo{w;OH?^B4F|2z=k`RA>!+9z}+*@VWRNMX)VN{uzPy zL_e+EYlkpg>32Sa)lwx11g3yL$B$z3XonSpEqGVhVHs^dI}*l;sd z5gKK@+9h44zZGhJGFu`VlBz~KqXbc4Q2<(L!-a&TztS|O-0YE2f~_{gW)v(7>E!m< z%#(?>12{gY6^sI(*(!IF&k*gW3tE|lBvdhV8fxYg_iFY$wW5q@7BkVGH58wZ zx~l7(S|%we8tpF_i8C?92-SGD43!3ryNpd#}soC`P~|u;RmO zQ_Gs)L`4U%8Kk#k(jOgw*Tz>Je6vi|quhPzoy{5Y8c-FW>GoeJ4Fa!!n>o2ns0trKtBtGt#BH(f#1v}boe zKRB>%E+(R!0Di1Pe&?Y>)W*Mo7kFV%193!IJ*6%X!#dDITJcV;k4B*oW-2!;Zf7_d z617yQva0lo(XgnOW4VcMHt+A(pJ&(J^GC2`ZYE-M^Y}H?jRCBg7wZK~1l@LJnBP(a z?)Kt=smk~Jp6Er)@17M|=Nrn(ddzz5IaH&n?9^M+Nc!MI=??t-f{zebRZ$X>c%Pga zNIwxR4&2<$W|+-U(m_am_aNd^-;U5R|ml4%J?ko#1ywLfqgyYgj`N!Klz{n6_ z?;pq^C1mqZBvO5EW0$epB%8SK_gd0My}Wg|?nVzaXwdVQOZae3mI7iA(h z23S^2oaI}O*~rc>in%KlurBp@G`#)@TFvgFb)diS2q~1(cG0~?av*Y!ZGxIe-(3^p| zo0EoN!kMne9j7UDtz|;#-Db9Uow^IvcB(m;hRi!<{9;S3zc#(HR2GvF6xmYZ ze*SbuP+ATUrb!lM1b38RhGqX`|HG3!$kUmtlfaQ;nh8>>Jt_mx>ZIMb%z*m^-b>YV z$?CENK%W7GltU}hcDsDl$}b8KqT&qRRVPNw(zTgXCcOSTl8l-Q#65R~nMyOn#CX)s z8d@I2fuhV>1M((Kh}j=pAP z08gC{Gtpd{8%S>xNiBJ@R1cv$umM=3($y7 z00kSAjXOgCu0piSG1mr{|3_+dw-K)rl_);ci%M`W0Q~eo_pu8tAVGady7Y=&cAIF4 zn{{*2&X@)Fea87H`7!Jm;p1(3cx`?H4&&Ohxid5!07j+{g|_(kJJ}^DCjgD^FJq1+ z-6%LIxSGl+XNzl^x-}&8n&j0 z%2zt0+F}4IT{m&R=Ju!JHP3`zO9iq%h1Ryw%%!>}gTcCG31>=_n-t6C`;5U9GtlG{ zSp`ICocwksF z=<^SKy(rc`wsDg{mjZxfsclo-zLP;Zv6*hU++eT3XCzdQc`wibl#Sr zqU;OvtJI&@ZSJf6+9O$o`a;bV()NIUoPt(He06ze8I53rSg0wVYzN@F1{C45KJ1P_ zEtOZ8k7i^P6nY?u#?oRCb{R1=veqWWc#={CQzY=gFD7qkhn^QtJ@b5|zPf1xZkx5- zG*}!;n@Ht*gI1B%q*e|X04GKtvBq;Gc+(*mYE5{_5KLl_LRKP1ABB`s&{le>la_y| zsF)btFc99N9CDjfihl8y?Q9FBe^mTt@lF_I~2d}Uhx^d%fhh~hR zs;Fp4j=7{pjL`s%B`XLaQ2D3EagvTQ<`cK+_kzN>w~v&TOELCfZB_v*o?XdmF51;` z53%2BWbFFUH+KT~XK>wjlskAI{_fgf0b=PB2)MzcXp`R55m_~^48`_>pkZ12@^g4v zve$N2ubo6+Fo5?mCjK;$$!7_}$y6*GIhJWT)!1t+wRR&!4I26U_`D?FSE*7W1$0sz zB3ZG)(MEAiU}ZS=)K-~O1(&v7+ucU)DxTw^LIq%*qMn}x04t}9P6(jC57a(I|fb>IXMxH3=A(A?HJW3tn3oP z(^5*O!&~5s)zW&lhfSzNF-iP8llCWQc|5wtC`#PG5d`;(&hCn~L>QEWmhm=`C0GMiTNLM#m%bslFwzhvu|@m{|3LY1`$U}-j1yJL3VzdBKv}5?sc)QNiO{q%cs*8iH!`@YZP1Gx zoLyn39EH)?D1E(&B75m_2U+lM=pqb?-u(03)}wu;o_AAtx*4o4_b$J}p?2*UO}~@579H%m_O!PU&=1_mxytIRY5*`rhdLhKvXn7%L`Ko!`F|Vgd`(X1pUEkAaT{EYe@q-L^ z36-JnR#^eytd^+<;N~WRy!klhOI?Xx1oqSt5P;LRU-ZkZ*_ol0HtH|56wXb}WA-Z7 z%roVPQ+=)EZxkMD%9|l4k}f3}>--BC&~|Uc%d}f6ZI*C?C2NlmO8g6ENP5?a3@po$ z=Rg&xV8`rcG)ZZdrD0$)EE#(W6}~XYdb+Wz-baON1m>#>nJ%cVoxaAA@1day-HqFs z3Z%GJF$l(KMoNWBHKQ`t6skTOZ@4-%-ZJ)bGNi{s0y-sJS?;E$-(`b5D+~~vv6Bi!Ic;Z@KDKmzaZ|8CKVm^s$GWie~y(I7*aXE7zM3GQ@ zcI8bqE2G&k%5$=TjEOqpd7yG%qgsT$a$9un7Ffa;IQnPSinGT@!tIdkE#e4+>nB9y zWIknxUPOqX;sR@QXJlF2LW`>0N}8J$!a1>*ToOO0DQ@hDV16K)VM;FsixN`-^-K7b ztB=&c08HFEP@bu32D2Zp>)861wbYlTYcyvdPb3MyOePE3;M7V^5f^k2mqt|?Tk+OE zV)qKqi5N1X|4Sn@4@~P5?Q=k6Fq0~%Fs9MnahHH`v*Ak+@CfmujF+(xZmzAVc5c6C z&Px_4_we-c2g>R18gWb-J~`?1@eG^f(NhBmx+F?P?)Vr{fOGI@Nf0jtpY~f)B6U(W z_T5l;0oQ*3K)`t}c~H}MXyd~!@=^UDMx$qId25`Yr(x1-MuMbhu-_EKK|O!Rq#bI zx6MKGAC9*P!bPx#xm7_)gYMGV-^9rhu3HTRDOl&MRjxqBvYQs{mD0N7)IGMEsQA)o z70bW(h(Yk_|NmdjYB&Gh#JF9F*h-x3O9KFa99TUvhx_%{g%<~>kl zA-K6P0u>m$lqE`Va^DlSb$J2&2ih!`^q>#ejeG3s<;hhe@Umt5d`Nw09_T$0bBMP0RQ^Qz+? zUZWPm3c!3M^pBrc`a_WK?zU5Ne;5C8SF>h8`2BqGok;Ic>}xN!c_qg7K)>TJ7zw53 zuAn4I8u59JSn(uzbi-dx{j8XB=a;v_6x>gWRjDIZ3LT*IA09$Dk|uw<@2YNW`SABp z$7Xgj;AB~=f6Pz4j$&|pu@Z~>nHwryG2_Mb`OEv~J+Bm%Y@{hYOQ0(quY+%(JFlT78KWT5dD5)W%#zL_f&t|Rc&jTN`&}WD+?>tUj=1$Y;0-~5& zY#ztdBa0zaKNp~(!wG43bIw)kVdHnDGO#)+h7!{$ch8z^h4a4WO17%d6q{lLGNmL5 zhlbnFNZTVZfCcJb)9V!fwUoG0n;jNCyTs)Wd)Gv;XN6zss%DDrq>H9G%8n-XFu!E^ zeG3dpk6JclZ=K^S9`oDNoR5TGP!_#^^3E$bC|6j;P<4W@vZGUKig;H>#f`;!zpGSp zVOQytX6}v~d9c6~K&y_}6-_w4pLZ#@ZYS)yp_9JaZ_^SR(n40~y(IiclV+Y1rsE@~ zrC&j<#M4Ta2n*$(9fTM17@~(UFHZo5-!}N;@#v9qY9dH-qH{k?aIrz576rlRI-T=8 z@%h=k^y5fZRWhpY&DzI(DBA{P5M!YT1j$FdcYXiqt=PNU$s9CrPO-J9Y-V*#{&M1f`oPb}Pas1EN%km#WXRRAKHJ><=4$IW9cx?p>mE&? zlgfP9b@qOaow;14q37c)h5rK3X=qU{ zrxi6)a+JEl;mju5_Nh;_yCsd$b-3R*q~z0#odNmr2r=(#=3Oz{vn>x2dHf6;NoXZC zQagT#`_QG4sRno%K9IzOD~;mpF)u=^A9HA)ym;_*p(81SHaAv3sP7TbN1zszpnj`f zaNnjz>9#Z~5;Zr;NDrUT*rrp(?N1IF#p;EUkD3dMHU3~F5qOVskITUv>Xda|F`#jjSu zH-&ZpW25;Fhq&s|%FKzTZU*QcJZA(dNaUiC71ivC-s620+16H*iJj4l18H|O$6TJ~Kv%7EUtVS{bU84^Myq0DNBpE98Sj z6|3tzKV7MlkA%GwvJ}4(cH|qPbHk_yRW!fGH!$P!P7y}F2^zjP*|iL_*l&bv>P`_( zJ^+1Ji?x4dU10xHSN$^pq9x|u64<3)i(WP-dRSdW$*IFY$4za>HKvOnu!?eNT8;BB zK>}Gc5!a7swFhFehr_{BGo-&O|4|BMTHZa!2wFv#nfbN-{ z;ItA|Eq|?~tRdC7L~)7^<2!{Uf5lgfU)Y-`?+s5+diXskOVRrM2-mr;f#zU&X*BOA& zieLH^#Tqn~9N~O=$1@|@A zXJkoqHi>9qddRuS15mHaj)eT8WHw1j`ef#i_I6@qm`&Q&tPY)n8lJ_J9saswe*xkj z=4VOHlK3BLf950oG=9WZ{+@Y^MXtM`qp|=?`+fU5FipN>adF~&H88BCql$M{Vdnr$ z&gZ;KzH6L7M?^tHmQK#iT((jBLw1J9Aj4T!gt!exSMN((H|Y3POskIeb<)HZT23bB z(nh&*I$0RTao3NRvT%u%qv}H%q_mBn0oa0txkA>?KeCX3JF=OT<=X~DBY)lEMYhZY zz@CmiSwao6-Y}0QV25!k(MhfxZF;_}X=Q}V)l)jHhF-kS5^2)Xxf!_7YQJa zQ1v@PvOQOgzuu4#vw;_JyTwba%9402NIY}QggGwM#^WQkAS6nu9Q~zR5qpEq8|49{ z{K-FvRnl9_tgx;vR*T7Rceoh8N>L=>T01Lrw&9;2s?7=Zt{u!q*yb6_8_-#J{cWCZ z;joFYw@IpEb#hi#d0h21HTBLUBg!JKnVhCZFx5U+RnlwX8G}y&wwGh0&b#Yi;{LVu z?}JMB^g-srl5$b}K5=5*O5go$>wnyFUVa)^=Mvo^Rw;G_{A+r;C=u9VRciYKd936% z5P=8vOkwkHnDJi7vrGy9mHQ-7LH;}7qpKM>8uub5`jj!xUTo zrl!88>)Oe@uo4kBWganlQ9}tFiMgdkxRoLzil`a)`;Aqnxg2d0kIi#`G5K*?9Whd# zdm+hMzq@o>fkwBnKI)a@sC&Zb3A_ZIPF1JbUh!F}Cet77Ctv0&t7P@NnIobr>Y_=q zTqi@Sl=Di+>!}rx)7kg^RVq1m%nDfd=g#bNF1JiBqv#0s-}FxMZYGO16US*p^-3Kp zX95FAkDty);)$foIP@n24FtdEZE`&ador_oE3vQ9^t9U1TrXs!AV3Q@o)*z=m z5s4BcKV>Z*9x&TcLC@TOkVuvWvz1SO=(P|)jLN33kNy}oAaMVZ}M$RA-uepM}mqfWnfCN|Psq`Hbr3DutdY_a2=7xd(2=f%~5G_t;8(t7-9>GH)Zma1o55pt!mCN^Tw^=+EC4OGCf)n+7Z~!qCDh2L@O1l= zN-X7`sGYfHNm~)s79Guqg8_A@6D&iu?DH!lUdlW`Jg<|R1m3Bfd-b|x!3!-M&4O=9 z2`}ICH{=y$5S?#FbxoXyjipQcz}n2w8g@qz{q}R~*gWWd`8!f#x+hBKgoAN1P8)w6 zS#4Ywm9HrBaI)mfPCGp&#ZGY4xvD6~Y@M5gPgC77DWbdvle)CG?5K z=T0Vtup&dvuQA8&L=WU2nvq5Ff2`*$;Di@=HUu+F5Aj#>q;gAe(JPCKxIYBw;B5>k}#> z4~vC6Wxho7#OS%U-~YL8M`^!+i2vgef<9n>@#*_RcWRm_owSmlUP@(@;|JL5nPHu8 z2Ry0=pH#}aD$zB}^0zj=@@rLBFFdJudStZmr!qucPMM-Mwe-tldB#mL?ECbR*RRV9 z5`PGR-IDt^zIK{TFJn#u=~G8nsnmA#NAx01_YK>qY$zN(tY1ssaIRJ^3zQKDS8BdW zS_?_rT>h{l?mJPgdB&uv&Wmv4#WFawHv=Kq})@=$@Z|S23K8 z@3{BLXcN~+u)38ee%$z9ZrOWRNBT6}7RO&PT~^~=9+gI>Hmu_s)OJ&;33ixuHaa8A zDWRT_7)V((91iHF0pd7FmE8{g{2$fuGva`$DZZQ6&K`~lp%@;o|MlBN zSFU^evrD14f>b9QmtH1TJP*3wSMkhovV7ytUU&~tBa`&q>aD6%Fo1?cU7?`r_=9FG z*}nip=-qCMO(U|nB?@gHUJ9_!|l~hyA6# z|4UDqri``%1W$29tDJC4$}*Y5zSs7ak`>Uq@Mt1@+w@W?(F)Pm>&Ty(*_maXRvmpG zqSw0qm;r>|&vNPz%O*=DRBO6>+b8keBiD64@}S(e8kR8UR@bNtQTDVQKq9|ktlqV^ zntOQ>z=usaJQ9=DYK{hOTf^#+Ezb^=W$LgLPa^)apH7pa%)-)32x@8FETk>v6ls|- zUR4tl9=Sey^SmU1_5&VM>1i~qT@u;I2;Xfxv>Nf!U4DPdlGRa(hGb?z9qn{J-?kIz zS@LMHyp5h|_=Z*Gyy*`BBtlxlGQ-_x^soDFo1Ci(%@a}0++5f4^NVsFbJDHVA2i=Z z;nM2Wg=>3nIR4Bsg{a?q{e)X**q2350rSi@8pZDM{^ZQ8tt6`O*36F|$U9Zck6pC_ zwwi*sKUB)O^^Sie7@v8=b)9LHoj;F^Cg3yT9XecWQ$z1Mnr@pU@;A*t@6irtF7|zH zNx0YEuKmIq;c&-2y*Cc$)H`GS35Ay^j7UAe`SifmP!tD+49KULI;(WheOj?hkz9fC zb*@szy`|YB9;}?G1kZ<7J+^mPU9_L98V8d)a zM0o#)*`ZSEJLr%X3GkISdapwB{rW{E%b$B{TeGZ`(xzSWGjY) z^hp$->fP+|E_c3Ln4!($0WnUE^RnXD`aewhoOQQMta}#P5SsD1gz@V&4`g(9Ger1fsAYvIY62Ip`fk2r&V#6D%el(xtVd%e&o| z`&7kkZwR@R>*AVc2m#D-{8#%_gk6-W^Z%!f^A2jNYqxlSfP@}E=@@$GEmY~f zN-vfOQbHA^BOos!kt$7kZ=p%=NHZv6Xab=luVO(E1QZcbir)#|`_0^$JIP;}+0QO> zW@n$Z*ZReQEZ_#9^QPGQxIL2N?{7&wW5)oX0TNjLXH1%2k$`ZPB>?*CmDM1IVS%my z>Fm6~{i;1uXQT%p6_EChP2Z5Z17t;Rv@+jiuPe_;Qvd<|0tGaP-$}wA>40Yl$a|-a z+oZA5orf}xZ!DafNY5J|b~l{c9?8!wF@`Jpw}Cu{WQREo=Qio{nxwhR$N#tH z8uqSDe3qW-TOVF81M$EU;Y2A+l__?&jN;Ax+7E-R+fD#vn$lT~NVuBG+rWD;-yL+y z>FT?CmUTq+MyX?Peo$LG^*BoAqLzYJ0_wB$3rV`r)+4<^!7?gu;zF%+1Xdy}3G^_N zS;78kNzp9lLy4~EM>V%b^wVM@rz_f*uU8uKBBFg#@4fZrk)Fd0T6Fr``ilg~zXBzm zcrpH~*To(kGkb-vuEM^$tp%CnsiqrV9QzLzAX{=$jen$88Qya2OKEIi`(GE}oa>GG}Ix6kQckI6?DNgz{K zS%=#?TP%e7zl(j5da&-amrX+Cixs3ioR;P_S4dIx(?BIL{r)7wDMdpSI>JJ= zkmyg>BY59%$#j(S zTs)f1K4Lb@Dm!G|QVQi+X#G||1h47N9UQGa!l*09n>gneA|ANR{s$Cc$+knz_Cf+X zrGIL<9@QXCe?)O{WFsF_Hu)ph=)I^ncA80D|6n9iPL+~bjb)zJjF`hF&jTXh%x_dM zb44GuB!jo2g-lrme~9j~CL}e~H-q<~9R?-XLT+^%&iNU8l5sQ6qw_s06QnSd`UK)MF7wv!Z0 zAjqS3!~qhz8Cx@kEb!aiz)t05MAno}MFkvwaM0!uSqQC}kQei}yATS^7It2$K)bW| zM;lu;sQ4&JZvM!oPH{FE`<)06=`FiOY>v%;n|oQ*i$^Gg!-}IUp3yX|{ze6;d>%7X z_ueQ=a>1c&?v>xTD4#C%t1tdvMWtJ|0DfSc0gP_Od24bKCw*TUv#+p<&B7E zMBLCVZPHL=uhm#4+_$pOj)y<&1$Qq5G>Y}f@CJMdOqCnqlJ>Il68`jw_uIraGRMIz zxb!LS(kt&8?+|In1sxu|FZ9D? z7>#gYIarJMUxsd(&Ky_p&u1Q$Ntxr5eDPzaH*1w3%i8>^iOILsfXy-HZ+?uM4OB$q z@s*ED=@7bsRlfe{twy{ZL&w2!OLb^yZiKvo>r+qOEC_v7dXL|Hc;eb`gI(r3`sqYe zH=R~Z*cYPyEZv}qNBt5!m#)_^V9wlNT~`ZIA!nDRRcM@p7;FiP8GA2lDF6WJ`3>Fx z-YCLgfFTxUNi}5CIZHbSA`@EjB{+_ujD_!kHZmT~t7n8JGgHR!NDVbYBdMsfl8pl{ z-5!HqD)8iEN$16OjWhN^_d`<`m zb&g8K*qC+Re6aLdbl1`^&yiw{#lEJVX&1kxlYlca6&MXRv&vr$ZGVX_9zacgz2Y=V zC`%#4eJ&G1l2v>Y#F@DRHJV!Qai4%abuL+(N0vu8o^gaS|I zG~6H1jx>~}bE@)A!s&8ux*EN#@A>}_SRnO0Mflb6Jrr$B0lFjx9#p2{=Q0Nso90f5 zTfG9jdtztQiVU`oxUxC{jr43;q|VwW)-nhDj9h3OBj`!Rp0BAqB?(JSXPlRY>58*> zVI<WFR1;pUNlSZ57y#SDiEe-Vx$ z!169_mzf-JQu8;r!`iA=<+iM$jQVAKN6n`MBrY-jBPy!8S>Pac#wQ#rDD zty(LuSXfzE&&1PcE?4L45IrMDlNqjQyXA_lkc(xk6BsTWNN@QXEmMykzX+DsA zLNo4oD6LE+=T=A4XlB3&b3-pbT215k&ot|)V9PeaZT#Ag@ws|8 z6Ip2fJZ2IwSAfS$9z0wbH;IS~0Ud@LqYh|`Jt$yfvyD3U^5UrYpFNU&Jmv$JeFp6t zo*6^8-@N>QV~-+3V{t?%9_CCsrx<_$^AC_;#8_eAOcFZbKdb!JuZ7I)*xy!tw>nYo zjIeaJQX_CLpe^bnp zaF9|T_yrr~o?aU2*Js^K2zLQkl%>{W6n77HqLS{@Msr08;@>cOrD;w#>ENEhO`1s- z7vp#0`EL$fRs9-!h|Ke9&So=N+1Fi_d8{3$bT(~*6WDhW?xQ~I3pq2*NfbRCLNPj= zMMqOo?Y=D_Pc=0IF)foZv*&YU*s@ykFn_YX(|%2D=q^PWnN8{ZdV@91^I()ewSK3{ z8!>f4NKH_NJW8En&0__|lmIJrASUcb7EH40|Et@msIeaY<$j`l0JUx#$JM5OLC3F-bEZ1@RnG1O{P6`<1}4pV*?g82z_gW7y3pYA}d zw$!7+WoCtK;(Hpaa+NwK51P_P%b6AeA!#G5IAdqyk|=V$lrE{0p^Y^IP?u5Rwx!Hf zY$LyF>mQJ}<;g?HkEEo}@8V1Z_+~IPAHqGcICB$f2Baj~i^$sJYzi;0i%B?juG=lY zOl%Ma+(&Kd#y3%XbT`_k{3(}&Bg}Fu7t&IV$V_sUhE_LZOCz{@RUUWFS4d7i=2u{5 zS$P>5G)YcVR(OD6jn<<9xluhZ=rEc@AF!y`y5WRm^_B~F(r*8+K0oA|U~usY8MTmE z=1eK;JM9Wx>`;sZ4E%3>EjkRNhEgdAH7%+5eRpdhKf^0|cy`+HfgvnMK`2AA@djqb z=*x(O!O1m>3!q8+A>&a&LB+k4WMp<^Gh1TM?bZ~9{;wXRUkeA8)IM(%u+Jl!+)^~?3t_9ZW~3!5Zay;D#PPFs^sQnqW<)qDa@E(X+tL z_t%X9#EWlF%h2%gc-8Beng1L-Z0v0l`F;IS$8kH8#L*{PKfzX-vu$(4f<@z|?_D@j z!1X)(;Y7T1&u`*(0H>OC`2KadxNj{_<~lDCkmQAHp?p;uD)7n@j>wsNY6}Vv@<#|| z{3uuN(H!T{D!p&i#fX1nN7|OwMm?EwXEdV=U2ld9^jl;3g~}^AAtIsP$fV{yM%DvQ znx80|f|g_%JAuu_(w5^a!HbpyJ@4tVlvD+K@I=hCvRQpZ<3GKw1W$<|ABsL3!_YFG z?@=8MN!Ne!d%Z`73!AfUvula)pFK84Q`nI#fkC3_h57lS8gn^yYn2&oJ|4v4_9|n0 z^jb6Z65^lyhS#5MqZ4rW5znGtIz^&vFD}_Jar2lpNe?^WQ$Md)qTRo6fJAlBP&&pM z-Kq{=SH-hjUaM@LrBf9ThikVX%HW9+oErmip*YdokK#BTbpqMaDa{%;v=nI(p7DzF zO2uT|4pp#rzBhE=Dnt~o;7)4i#^;SHqZ*L6&#aRL{SpyOZ>w$1(R9XC#>K(+O@J?V z(pZ+_qXrrK@W2pZ_+_I~n#f805W{t+VLKw)pLRd5>zr%=yfF^}(Rc7#c9W0XAJF;} zbNLzim)6A)r9drbpsC*e5@pdVvWNkjr=|T;=2&kx z`IsPE`iMbQ6ZU~>JuwLb6n9SYmsLyOk; zHC_!Ko{|;OFZ5!_c<~ZSTY-z9*iNOJm2uosJ&XLbo{gedIJL_*2F6*xhF%p-8demtAOwE|Gc71xeBs6Up~$L7B=2 zSfT8;nmlTLS+rMJU2uH*ZsBSA>Eiz7-ZR~wPK4-9GaEO~`@jo?j{8Z8zpk(AT1GNI zA>459yBU=k<*|k6kEkjI^7rovyNg}OO+W!XlB20Z^Q~mUznEko4xo7b53s%^oT#t1 zhL_8fK}H*l-iyclWt5u+49DPNxmesH&)kkqmVb-R>$1-gUwfK*8<{=bk$C(a&uKwt z>&qri+f+F7{>j7n$01HJ>a&jbQ~p8x*8Wl)`rV?GNsi0ROfiF4nDm78KhNO zZ@=Gz^A2g1=eTe7H`{iUcT=7|owGYj{TA_*Ebyt%5abmVhl`@=sTX~nOYRM+x9_x_ ztQD39YkyA*Mh_X*+2|KLRb3wj_V}<)^%d5uc!IjYR#13zlMbqAyqmW8LUpxJ90{I5 zx~T)80o>?h6EPnD&Qe6>#nxz9ymXyI4-lc6*d@FigYU6 zS^5KVNqBulvr|K~D`kgqz&~9}WDu~Q>XEe+Y`c@I8OJD6n2Ix$MUgu(SznM9^|5VH zr!lxP2{$lG|HXP(;!}9?Q31Wvhx% z&zQ!#Bh%yQyJy$p!!%>@L9;y(q79Syh)`%ww%RYG9jxhA#iRW1I`nGXxFL0_xILi$Tcn`7iPGU zRJ1JtXmX^07m(BzNLOySU;PqW zmWaf%;I@aWP^1e0?1YbykA4d`(U-j`f=IxYJ~cG(0hWa{i&U*+YffNRgg2|@+(8X> qBs#%=i^M`-xM0!&K#as!2CWja6=2PFv^)V?2b)K_NYdh;<^KSC#66S% literal 0 HcmV?d00001 diff --git a/docs/versioned_docs/version-2.19/_media/example-online-boutique.jpg b/docs/versioned_docs/version-2.19/_media/example-online-boutique.jpg new file mode 100644 index 0000000000000000000000000000000000000000..026f0d86593411ba20b8c39e15f6158ef6ce381e GIT binary patch literal 263458 zcmc$`2|Sct`v81q#xMpM4B28vWJwDV3XKtsEn{CR*$N?~&^Cl3dnh|)U$aD|MI~!d z_9V#?QHtzYzB4V)^SsaV{h#;${@>^KeMh(Z+-JGZxz4p;*R8dlwE=+B*3{Aj2m}I9 z;15`PCn%@k5IcxuDu580K>@0#E8Z)F)=YS zW3a4vHdYoERz6NHcKil@VWAEDf`SCmt>Od`>5YPd5(<*i+hyeBOqKPeQF0fk00Fu>7gVLxEtKywmh)EK!84l{{(;AQ=zGcX&;rH{A` zUw#qYVe1*djOAI+%f~OaNnAowN=|;Kf}+wc^}QOJ`zTu4M#d(lX66=_cJ>aAM~*r< zd!6t;dCJGv??PZu@Wo3Zp)prto*bP~`iObs4#O|pww^DsJfd>%#HQ$=eTVFS z2Ux)W39{b+`yH-cz=}dZ}HaB*9DwN<;3tx03o5bJTZM-2_Fi;c6z_YOQL-#vds8lQrh zo+F$0_i3Gy&uZKEUbDKYZa;ffhy6L*n_C`;ICX3Dn!gpfro7UU7sfjjZ5F&oMoX>! z+m;WlYIeusGZL-h5*@#_)@<-RzN0VgtH1fp1#xoli`UX+aSgqeRPCV1CaU5mq4ga@ z;^Lyy)rZubwY62Jwq^{u?$PUb8u-OJf%lUcwOYq^V^xW@Hv2N-KI4gs`<~rq6~TkA zqT>zXSfus{-7(xZ(P3Mj^QAcM#HvGQNBi^p_Fp%=z|{~K4wD248+NBzc2rhG^uDqE zcBU+DY|`#cD(y@9iJ_c{=Nri8BfbV4Xg=jltS*FLHVZn$F z#E!DM>QwTLj=>wDgOW+dJWCZ@utQ;}zSEH{7ezFBKd@}Op}KE6lbZW9UXeS(Q{8X& z(?0<&S#v zWra%g$!Wxs53K8As|er@VIs_;GK#QSE;&6G`l4M^*L5UqKi`gddablYU-`<6;5w=P znbqml6No1Z(&wM5KAi0=$f&>NyCuAHfl^7-Ns+AZy*M9Dt zZAM_pg|O9R;f5u%`3^ zcf3|wGTi4;w2SBL{y|Q`Iv$HxI@{|=^L!gTy1PnO8_&0dtKNMWmzv_Q$&}?Acx53# z2`P{?t>bDac1ET}ak>7zlv2s9f)kpFOH&G*!0DQh%;(Q~4xFd;Q1xQ>EXK`+Vr~3P z4oLRui8Q{syjzXW(Jn^Ips~PvxJkL}=%@YTgEoE!kPZXG`C(cbN#ZgRRm5j>A9}c8?3yNCfi)R&`j@>g{H4-biDk5om zSo+9G5>wc>bJ=;tA%iAcHEuRnD>d&uUY{p8mFBK?Fj#MsONyg6PbkN?w8g}Gf(NJ1 zpI=7#^B)Pla1polU5gj{L8YbT8)?oZ9`8Qm-ryW7SUs(XLww?SipptT2QMe;wp$b# zPu>u&Ud5zh+4qUhM>&B+Pwk>NO->n4J=REJpPq!Nn zySgzm^;V9huRGD0UzaqRIA!Nl%y`)UKsP4`2IaJx=_`Llcdfl=O;^RMdV+YCs&MsMFdd%Ra?%vF{2v9h*dov@-|W-1x=XjV|L!{|W< zXP;u~!tQ-6xzi}LpqsE%CG#*&!A_~(+yuNR`uXWOdA$QmdvvKsDI8F;b=@Jnl;TeGOkdAx27+|%#8_HGRX39G$otjX%# zo#>pr^{f+%nN04-Ey7#&-M!)sbf((|gyPnXo1EbX@u9oEPG|u0TWjFJf=O?d(`xmX zf{JU8^ZRrkRTArVCEha5UIW%0;KlU$R?X!PkA_#jo%0ryt(QAI7O}mP?gFOW~8TnR6Q7mdx3Ujkvc?<@6>*u`NE$>7{rd+*U@BI4hw)xjzOE!Pm zcIjA=Dskb-{=3zoM3oOds7lm!M^?m#)a27K5$!RNl}|YpJ#QqUU=gK>nNSp}~itiMcuY2aXSvJXf1D+U3%pHiJ#|`?lj*zj7sGFO>)-j z*1+36DO=}PrrX2o`)y|W7&sXo{qIOPBzts-5x}3mpTw<&F+~oPzuG3 zo40W3`;NquLci{O;X4jmc_;n+%)E1*x|ZU?x~@t-;4^b!9V|U@2<>Dk7;JU)O_s86 z%uXxe_AeQT3#T$B%=))SOpdF0bx`4w-hiGjhG|voYwB4t zrvz$P^HlUJD3&>OgtSyEO5~meD8y^-Z!(YCgLOAZo=r!rfv$A6HNbH2ZI4g0o~!&^ ztLOwrLxWT;D*8jjdF;|4;%nHFS+g*Ut43?>0WouAX*p%z%XNFK%{n=R`y;b}&YqhpI(FFGXyX&tFM#UMTKG zaQ?2!B*ucHhpz?;W?slwu$8j*es2}78g_5yn_Kv7@gcpgty_xgt`tn2V4BQX<*Q%l z);sE1GMm4Dp!2evfd*3XJkuIzc<^xcWx?s|UF;Xu0G%YpJFAH`PrdEV_lu7|J9-|g z8ff3nVte~7&+@)@W$`?*pw3$z<#M)%-uQ=SMk$FGYk1lXg%=2&uwYub$G*DhPI#o% z7OlkTnT5_9AD>mO*X|E(dizcfii#=^&#*2b-g_xb`&etwDIS{8O!tczr}~tzRWFnd zTJ$_Z2cB$`c^v0|nf=>X^pbIW|Bi*Qu#%Oyv&U1za|9Iz^CfOZx`*E!tSC=b$bIgs z5WMUeQVGZiNN3%SGRFz^{9#@IVpT7Tx)eUuOu_(Y9DZ8MZ9-$?&J>(LHRE z6Lk4A#2mL{`DC#-uWH*1bC#59i=Yy&rg?OXI{UsdL)`wSV(hnYsJoj_2l+#PzeAmNw+v zH4cB8Cw5gjsg637efn!Xw^&7)o?DC#bI>*W8-md!p*;hwf&3-G$~rCu`gyPKKB+!o zu($rWl&0+2FXyqd3$_koNf&yIXQ(K9y)m<{Jl;&B@W2(R&L_GzW&G83>R$MH=a=>! z8rd69I`ei1(*~svt!@&ClZ`8N%XwJ(@BHTlEng;YU)r}xziHiZS&t>#>~z+IEy|;s zr_VmSC}DB#!>mx;4R`h{LhSv@iSeO8;(90;Jj1^uJ!j>Fb8i%P`!MChpob2 zd1SYpqe)*4C!ox6ODG|FG$nxUyRs;lzJGZysu#5F0Cqlr&Y>((OdreKaNhO4$lqVX_VV= zzD087a_+Do`-~at>r*dLm(wZ79;n0vF5UKzuGhy556K={xyIg>`!LK~NsNYo%o5!qDK5w=;?N}%ciS9bc;)7uJh<%F3br4NsmC&;0o$i-a_{j5rF`!SpC zb^Q-l+?xttY5=@}2H=jr>pET6yi%}98_iZOrZ21@Ub11~{Vj=fjH_)7i+6-Y;t{^) zn~#(`It)l?ya5UKMnm)kKEjC0&FHotl3Dl?@3Qm5o??&4s)uCN&uie&@;9%f4l0Ak zMonJ1py}GMIiWZ)JQbnw<6;sR$Ud~N&qRND*7W+NAIbWjCZf!@u1i>rp54jlewDIt5()GvOe|2 zE|Do-p0m4r#hRbLs9L#LEZN#yWVN~^JfwYB^ZtwGBa!p3mp7+#?kQ5Ftlrwo>vDZO zeE$8#FDIc^jXSaV;o#k{a}1p+`wZgoKGIS8xw4LmUNxGNWD~=St?eWa){PX0zHBN{X=^|w##&vc!POl*x{vh>!Fi+&`~yg5*VPx>?!8SL(C zU3JT5Pguo?jV{du6>NR?*GI*tYtM7feBy8Bne%GQrLe~_+_v`HVH3kt#n3i-Y0={K zq4D@cdm-OLe(h)?Aa?&@4KJSrMtp6qa7otjYH1N)ARU1zM$c(d7lN(gCS zx*n-TXHpdBl z+$gKPveSFiTJ|L5i{8K8=DuWh_0Y2WmtoG>s))IFYW3Hma5-Netw_1<8C(Mw-7m5E z+>}}6d!&0#JhF?Xve|bo!#e)aQ?HY%GA~Pd#2(ym-JJGL%OrBl#jR~*tFTORq@|6u zEw`2m+Du`cJ{HX9Ij#X?XCMitb}V5J$*(+=8abmsw8H*4MtXf&qgXTRB?7fI>_~DH z)8Oe)_uvO2M^(ksKF*ctu+=e&+}6un!H9Cz7Xj~cUQ5^*@gqzp6>}q`D1Q7lIvRLG zRLB?i<;xS$4(6}yzq!0&4T$`(tLuuB-M`hYSVRaf7|bZG0S@j&(OcfE5iGk>)i!KD zzpH@fvNF$09jC2hwFj-twV9&ENJG2>Q;&wd!i=lz-;9Ud`1V+4;r#5x!STudI(gYj z*^`=~vMp!v>$GZCHb2YxY!X{76r_JL)~>Iq^#0KsCuw@p9LYMagq4-jnKf|q)aQD# zCfedM)%5_=ob}~7#|dAW+MHV7w^XKwB6EloQg9Y6l52Rj+?e{IJ2(&uw)9Z4l(II5N zeeArWc$IGHz;P9{$CnTDJO`y7q)wXpX7#RGruF3>i^*kI*(d(Mk9F|w8=_6ssZg6C zLyrVYTbAaC@qK9D0aiO@nx4H+HWyF%;gh$YNQQ*K{R@67l-YxBN!~UkeNswYs%)hT zMAoHBr6z1k$sxa~={=9Vd#gfN&PeI~9s8HI-7BZwnK`HYaQ!e+sX0ehG7ih%jHBEz+?k%Q&n0}Y(qw(!FtK@Kt)*7i z38#-HFIkf)N5UxS!K|`50g6R_n86CdVt2i&aQBQ4F{GVxbTn2<+$poq-JQQ4?{dpT6CiUOkx2rMhjsUspD&O% zuEcldJ?u;@G!uzx6-?5vco;nS&7{i0O-R%Gq?q=e(haI zo&36BmhKbzxZ8};N!pw{HvZ`A(pl~cISc9r7B{J-avQ^2Lp(8N%^AP6B255n6LXu?ruIy_I;* znjpzVcQ+F}nKGgx`0hU#TLUhjJ1y8W=v#_U!oiatx21R$ovAFG>-F6uH#8D+c(s1s zY^6A-Qqj5cgbUA29kD9&cVUx}&5PO!^RW@?_Nji;XPpP+-W_04ig;pM6ki&GyNNr< zes#+W`^ej?Ltw7X!+dp{LZzQQ^5}4NxSQSdXt?I==t9kqAp5m*>Uk3*p-R_}W@-5J z9gYiD6ACollz!#IoLAkq$rD{<#3Luy)?@Q0)b@ER^CSo-VrS zN}p5DuvyL3XZ6oIGBoylZQ;6omRWISv;O`srb&mlr|Qk`h+K4%X&v5$?Y?lRJmsZ{ zJtJkgqiI(EklV6pm~6cVgV(+$N=C;wjzmr!d$vkriPB;`P{|X~jB%(L5WHeGS2DkE zL>ne?Z1V@P5`_~7Z2KpNUyIznrYYL9Z#Ttg4U{7&>rU5OdLG)By_jTSx+EN1eE!m@ z;tUMsaRlJjlTTvF*vy;IwO%l`Pi^DIi1aT$<1#I52g>gTtRm#3P72zT4JpwB#2`E~ z$7-`&u=+e{sK4;zp~=Xml>GxcHTnYA-Lg_tl$Wpl;EK}OD0O{EED3mpUFk6)7QWh{ zeeVj#lhp0^jzD|qTr4elFv;KKnD>Ov7%J0{aZ$@KC1EbYPx$MY)21nO?DmQv=30kK z12(jE>={a*KaI;Gj@_~d($3a5qV~Lbbl$CsXT0C)2>PniK$MSiM4U4XD{-BsxCfJb zREMsh@+T&^SC(Eq3!vCt_R1U6Qa%?@wTy-u>+$(+v*OfS&(cRNJ@)rrMjIFfI=GB^ zbamkhqpd4!T1r2fZH!|W_WzK&V}|?OU8&8O`glo^k*!WUTYRtv2hiMmui@Jdu;CFS zC+CiTu>91=%xj*R^!#-M#@+dI1arffFL#lK!~Uxq-M%H66nx@rw+%{z@y?Q$8qT)d zXQ~C)9==4n&91>#s?UE z;hpO+iYiJfQ%kc&SPA6)s@@Gddm}r9J*NMZ?q4T&v2&NnsmXJ0IW5 z4iif~edkZXY_F6Whc=Y9c9p#RZpPA0S^6cs_6n>GB5!J`s~@5o>T7E0YQUTz%;%*a zvvc)g*bacJ+X+v@ePjYmPZ5~j!?fOdzz!q;<6%3m<7!l@?yn@-U+;5W-&2U7eGC0v zf9?O<7B+haFFTlABfwE4yW^fGVBH4Rcb+v+4PhwWj#5Z0wV;Ra#7hu&`c zqyCXzKk~hfgjIm|G&WR+u;F2yaO4kl+dtIpj(WPnF>-K>sJ*Kjd_U6sN8O%YKSQs( z9`lBK`(EftLRJSi6C-#Rg_j`M2eg15paKH01>V3390Mo77I=4qEndJ7_LKjI`TXDK zQ{gOIILisx!5MpjJ8%Vuzt0DB9KbQK{C>7xjyq((Hz8Qb0HFKV*1n1Xz;p$Gm8i9~ zZy9TAE7xH@w-10Cx8LWxrvsok3)`c9Zxc-efISd^%G%%CY_9@PbrAsGSH}-~9{#=# z3jRhq!W{E-4ghQx0C2qk0BiN*++ZKQAKd5$z!;vD?sEVV5&_tB1ist)e}J2wsQ&HT z{&vjI^ZTAdMj?^(f3PsXe`pLn8;iy=F)?CTv8=2tSQZwxb(}c1bsXzhSa3Wz4lX=5 zH#aN$dR`tpFDITG|2>C{f^!(q%xE+-o{fbK{~wpN$1sPCHf4H@LcsLtuN?9QIuFsa z$n>N5QGUy{!c?pPJ-3X6dCT7m0*OX3Ffy(E%xB_II7rJ+CRFi$RWbcbRag3HzmNUL zYm55-KP|+Tdf;4DPy4a26VrlcA2fIOO|($|Yv_&&YLR|_Nq^FpUk`r<^F->~q_H<| zWnSI=ma+zf-7k-f%}$=xzcI0L@#w^4&97-OP7(u%%Oc{vGkKDIMUcXR3ME_1C@2;t_ zBiBBsEW8!IecyA@`LcDFE89msb`0?U?74Y>7Je&WpFxCnT{9(#K%W=S#F|F0Z z_O4EdcA5mcn3~R8e7VtiFMhuBUg``0LrS|2>X&~>JjH&v^DNWZi$~XSC0V@RExf*> z`9j}`x4O@x7HCTnixNv<(Rv;guDEgh#>>{{MiX4a8(-^XbVn9Osw*$U-Rnk@l$V8Q zzKdf_q}_`zFn);cN8PR8+y1bj|5X)H%D4bdT*x-NMFPHBKAr1`xpDwFpBdh zB!|)f9WF$dzM#sBDZAeNbgcZDraT1iu7RCBK9euI-h5exb!zwN!(8=q4^=;(-DdFq zv@qYNyXP~AjM)$K;jh{(?ZTH0x*Hzb# zy=m8d*LBzUxmEXiCGS?f(fh(%wdLYVKcR=sI}Zx<%J12S8bpoV7``!v$`_LLQ+gz9 zA{24XIn6wUbxOT`-MzE+etZxzp>yp2ECzjNeP4d|s0KoQ-YBk(0g|s<1m|rK{?KxP zj0wO%WE{Je@{6Top9Uao!jdaT9!Hu^TfH@%J`EMB@7vQ2pUU5TTygDIpIkg|)%oo$ z-|I6Io$?PxTX(PO-14qUY0ev?EqoM`I(z&C%GqNd!>K17`Vsnt`-45+*G$xBq=ues zf5EQ8lp*A2@An((m>9iiVBKAxJ2M7f z?|i%nO(X#RBxq6l-;E?~W6wE0xVX#e*>3(*g72+Id79hgS8LLbkNR(znG`>uWLGS( zqafwlyH*`VuPeJ2OLsN4q>QyIT{-D(7q=VHwx9Y*oYhMl>p7~kv));8C}ekO8(U*f z3+2~7{(CA)%?%j|36;n%=GD&Z^QHH@jb?usn?Mi6avsLMbk0?GVrn*LJbf}L^T{T3LlkE zZe!R2H~^Zk^-fdMe+73#r>etJYmm_8;rY~%5rtSh4H<=uLhz)60APs60R#nl9?;h1 zg*||ZL8u`}1kioZlKNk*D!hd*I5ehDx9*)j-E53RMx_Icg)w9dBr*n60JtzSAQ=L{ zAc=)85DiaDM_KqP=o})E8o30zd5fT6 z$ux{1GAdKPJ1+LWT9T=muD4&_%l`WEOe$pI%%5+A0OQgj$Ox<&b}zsO5hNJU0G=<9 zzxofYmq&4U3HoU04|+= zr~rpU(lAs5B$X4-5M;O)WTF9<6a<3Mc?dOJ-!@5!|LSzvYP z0ci%8DM?2vm4%a5n~u}S2*XMu@d)E6{AIF6K8YF2-!@$axAU<&Pa(D+ zVpW0xaNA-_A$oC;WYK7U2@+tS5hMr_=v*uYOQ`@za$do<&Hn_rb{+H8LIwBGq7n?2 zID7yyY752?qLz}043Gf0kAB7TwjJ{j$IK8u9$FBQ1lb1{efyx{KftlHKcCrmu@OF^ z5CGHw3ClvwB4PoWsKc4gpujop`Iq5;p8mJb-w*jOBW4as-kWh3zefWU6H!Y*;mN~L z5hO_f_?sJtNPijrpEP`z4}Y29w+*6s8y(HGbYO^UpaBGlvyeA7Q+{N4>Fb>Fz$Zh;X9Xh4=2y&X?-gC4G&e*K{6*4VU)o9op*JlP6KV{`Z5w*cd3QLU~O)Ahy2?w-AP;Pu37q2h_l zs&-jDUrV%dhjv>Fl@Fil*PE!=E7+}5-ZPuhaw?;D!fO9j*Y^3P__rB#Cl^lMyLQs` zh*xU&+}*nFtTEM7uEVNN)Sk@y)%=D*!eufBn;ry!VV#_82nhhqvVVq$R9qU|mv3~9 z9dGix8rSc!;laIPIySna-mY&vd+tKH^S66xW@*(&=d9gbE#dpK?TELG z#R@rY-pdN7iaxAbof_@GY*acrIO?~daO&P?^;<17yH#~2W>kxY=kKwfFL-)#L2gHV zsY~@4*f*T|Q0;?|i%0wXhIM~LCIa9XB#%OwDQQc+nQI6Tb|$_`5LSA5sj8}44;C7} z$pOSIx$p(BVExfCx;HYXiQcO!ubRJ`USYy|k?8k-SAGZ(rE_U^FVFP9b$VXkJ+ym<2E$MU+x zBL!_oJrCa<9G(^4T>a{+2c&UFJ5j6nR4(vbPvGZb` zc(3N2kecLox&Q7|;Q7&wlJxK6KKZ4>xJUO09jd93wo{2Oew+TwP!hGok#P7RbUHxN z%sFYL5-d>CYX2C<=s(3V&&%|<{>{FYoMeHa7}a>ytuiXtmI$bKMw97h5>G3Ab!tt? zoGl;OQJo_Fjdvt6QV)eH7IqQlPxD5-=jw=PJ9FlgU1pk<5UWqZ_`dFoPnkS+NzRr2 zX6yg9pTAVT+mN*H&G(<^y=^&|bhrC=Cj|u!uCFhZQ@z_s; z#!~ft;pIcONwElL8i|~MK~Q2Ph$Y*^e#$(4rrINYHp1968(|q?y9@7kylla|R2cwt zIsvM}s+|f)9*e(mJhET)_-=##Rx763i`_@+a^8rkTB+D9&Me*hND}mbyKUGNJ(v?G zY@PD#Pn-CEdHfsID14Du? zK4t1+ve+d#^KO92MkRTH@(uS!c#E)gnnKF*+|MQcUv~Vf>Bl+God01p;DcnKt%kf7 ziv$Qjz(JE6NMcDODwTx5T9PV2CYG6m4k58Q{U(!Yrciw}Wr=yCk~HNcySFU^M^iCg zqov@?+*u4zR-P+2uK9wxAyj;tpd2=3SCx`HJ9O;KfEznycl4`PF6EjTRDYG)yO?umsq?UjBEG!|*}GXk7|hD#43pcw!lAxI1o5@>WD z%%sxIyuy2_a{uO~f8YJnJ6eX`(Y@4ZXud$W2!IwOiohZ;hEX)A3ZZQa!-ND9)sjRP zL0KUr7oEoM>frBR{WraTJYL9X@Nn_8K)4bCdPr&%5*Geopnd|uBc2K7~0=L^6xtT1yV8|I=OH`0*QPr7TS#fW5h*(Fe9U~ zWYF|=B_JEA#gU`%omXT35&xb}!O*`a(;!Mg6rF?#P|DCP)*uED1n@wefY62>wNXO761nGc^HN?Y{mplqx(9S=E z7EmZ%n0AGW&@TdG9tqwU8v4Ue69UFHpo+Z* zqYRLqE{RIw02zscl7UFEC)1!CY>osHXc%XS!eiNDsm=5?J zgc5*3C;=FRLL$)&(SV3RuwE5yDuWgl37ChN5GeT+%b*|@hY(j?U0b?}qQYc6Kw19g z#4{)cwM&w;EAS!O>Bi}JLy2@e0A#^cF)HclJ3 zq^jmp6N9NT1IRcWz&3;hCh*VonlGB8L~i8Ldw#K$zn_#uRO3so zalW%9oATfxwYcK|kc$vIDyfZ4kjkfKLV*If2^cb!GgFB4(#0~P`8MdH(oI|(=t>GrN~9*Bkd(;-Lxv1!1dqd3lQ_do+X)0n$hhoO> z%a0?aXP}`t(56E37o-yuN+Atc`@GGG`{q(Mu5qJDy0RB}t4Lx}gT95*f%S5(1-U9oO;qB(>yWU*U3#WWRR$B z)8Bb0+$c%)Yf*z385ewH2R!WBcU`e~-0OY%?^-Lo4mZ5Yx3{O75J1@@1OmfsD8nd! zFMRmt{(p)L82`RZ4`eapXn`U(I4o!5MTYF57=`gfe4r#0Yf+NMWRXIXMoE|5k~zpW zA}fukK|sWj6Mqjpy{dbuVQ5JXi3yQ(D-3jy3 z@V$Z1%E%@_{XnFUgSZJSA{{{-vUxEbmG;hE93f69&H$Qa08xkJ()`Q9Vr)B*_?kn5 zg{Q_c&QMaioHEtCJ3{G{l_IO>z@$o7m8J&T5bsY3R0t*kL|tp^n;00vDNJKGzTU&dV5y_35P@$5MKr9m(LcvFqq6~SW zL<_jJbPKaJ?>j;Ipkk=x`1Ek^Uj_xrNx+0h%z%=$1-mz!Vf)VMQAdwBgRQR=cign7 zwls{*1OhPh&9p(9hGvj!y)s>2+fDt(B6#0b0vT9V$QQ@O^258i_!}Xa_Lya_eWg* z`l8C{b!Y^lI5})h>I_&7b&6s;)Iu;A62vXC2iQ4k6GSy&M6WK7(8V)qMirAmvGbKt|C#Y_KSiRj<#j=EnwpIx1(rn|afF8Hgd2GNN>y!R@kZ z0XQ5D9|&bN1NKq{E|Wn!9TQ+68;@<0-I5qQSdq>`-YbbkU_nvsz2sluY;?XJAn2Ot zIsLRS!vSF*L=Dl-3?zn>UM+gnQ#g{pQH$k_l8Y^Xu$FJoUty>w>#PCYpw z)tiOazU%bW_iJ9Pv(?N6;q;SO#WO9u{gv)3Yna-9@}G!-FPBa8q2Gn|_79+74t;HuBeeF!ki^cdL@g zPp~hr!Ejn3IB|oKTqUY4UMAy;DlP)~_T(b9dr*C`#om5OAckc6IQlG?hd(#*FXDxN zmw)d=&kge3Pss-LC~Dgd$yQ<84YghQ2-XO=4C^|1C*459S1~Uxa9^wRTz=Tq`p{+3 zw=iepQy;N@x4ZpU8x^|j5mI~eI5R?6)&7E1h)_CGF=TXLJnt)JzODCbZOOP=Jf0Rz z$V3~kaM%D*79)OKE}9@+Ml01*->qPhO#x)+iLy|;f3t_#GF|Z&rs|v<#CE5cH?&wv z1O-d-7|ZN0^L_blasQ*_zT|9$w=(yy%Sbz0MaP)*XG7$cU*$#OUhevohI{o?w_H#D zscZqS<<1W=S5ODEw4D-Z7w_i0(7iJu--NOE+)h_>1<_>tiZUxF!$%%rQ@-N*@v~k} z1m}DDxs>I0FCQ%J9U7TV2#5+6&9x;<>r&iqoczIJnbl8UD%H)X{O4j@r!I zHMsVJLapJ&Drj%9_VSHN9*jHfZ4UGCnQposQ!F7ezG+}dTP5aBegm#y*am*pI%Fmi zTj~tu7e&i)D_22dho5qi?x?^vuC3M!-_|u>xK>VWzy-?Ws&nFMgU8;~{Mg=41^6RI z=!;>N=4Q1M5G_5m6K4wt@@=Kt@D_)$Xgh2Mfj~eL5EQ9*5)Br)_AUa6FZWtTL66&( z%35&1SNZ6V7Ye95ZBZ8urJ3#9Ke2_9c{wE1*3Ml^nZM5}{?v?2wUB3jM}9 zvqJ=#97Y#R&co)nbp4G)Vl$=7*CRTI2bS(E&hdF1n`+*6xc9`jL!0=6H5kO~aB(5f zm^tA#@MCj7jTwCyGub14565X?D5lO^`>g9Gn=A^4C4<{>vINeWQdtXoDGUaHP;zai zC5E!4T&~fZ?UPfcC&*}Rjc(ltnWePoRcMU#^Qb*xPfMC8iTT==h zk2Gh-lDR1a25b;u6ydhp_3YUjzOFgWoJ)l zWHCZFG}IdI$Q3b{>o(yCCtpiQO*v$poS}yG#C_*p-B5dKY(tiWA;Zn!o~ekEJ$i$~ z!#nEVRG)P_B$;Q7gX%N{W9v5bSGK)4JYUMf%wem}#iuzcp_WaCAGq+sECYf{6^llL zKrA^1jmzWa$q>q_fEqbTMS;M0ivZt|`;)4UtwN>A9TI4{ zktGyMze8^;!UR)cd}v#byC=$K~*A&DRQtgYnxL zJ)EPD>oyp@Z6Et~YA~8LeEB;%+eKotw2edp@(@~VJ6yMgc>6BpFo|z}Fm!X=^VLwS zy_z|cPBMS7>gX~UM#wLbZ7;JPtF0GE)q5H(BSX9dO>vH65;P4QLpqXUFN3HdMylu% zj?$^py=y1L{olG(PjH zycGzn+@ik2^tqkst&JO%P_93AGG>2lEDQd8SIUp4ML<3$BNlGZsMGjZg~`vjUi!6iO8NfDguMmAV>pRfT(3m zpmwDOH)m6{T3+n4=L#+`NKBd^i%tATnE6x&XF1G4r*_eYzy?&|Wwsu)};WuJJhh(>T@cs;Yzz z2FZue9kB7ZtP4%sJku;R$h3?KW)$a+I4Ius@r&oQ^6k?XT}qlqWF;6yt&O0^_~HkI z{~~1XM@w;9*oV3BdCDJSsHw$eA`Y`=1!@@6Xfz2L%@!MT8ObGyk;IqfAw>(Mo?AYb z5C3#`uNnnGq5M(mXq~J;1BT#Dj0v@`-Y+VOebnl6cw6_SkH0P>)<`723P; zG7Jca(?W0L;@W@vnC#TLl0EB#tuJm88tNSwDNDdZb-8IyA^it%KjkTurDNxG{KAgf zN^RO4=FHba^hW>|26CZTtSFj@CEW~sYQk9vWW;ncwaGymoH2%$tRFkdsc)q!+ME03Ah@fwWjVWB z@YWUGY&oj7d0UZ5O^7yzRZn~Nj%sODRG~jJD(aUva)A(=-hfAjLT@(2|IyIZi{87} zNlyxk zP2+tcKw|2@Y;2sabx1o{ z@Zp;zB(=%@WK66QrUAMl)9Dy>(t?iiF5Twil&-4%lsi#vL*OU zDZbNV2X#&(LO3mCZs$LD<{*ZI0E7(zgC>}hF;RGb2VA^1ik}dx08k7J{FqiSh9!K6|(4Feoc)FkLRbh)3XpL#9@JeEOB# zOke5h-r&yOiGgW??W}4EpS5OEs+Tf}A^Z2itegMSt)whT7(R>Trlbc!JfL*neQAE` zcOd-Y`c2l!=i2)x=2)km;o=_96~*`RBcOC~xatAC%C2kM)|JNdS>zcq?zANXQv@US|4_SGuxY?6VXVDWgJnQKKxq2j3`7Vk+m6usZ9HRhK3jJ`Y&yN|bV<*h?G3RC zFB?cdR{mGaU@malc@(;sHi>YS>XHc9s{)cZ9%NL2XgVT1#vkS;p)-umM6eLm4dn|P z`d=6D?_@@HN^94_Pey-zfVMOErG|tg6#yDE#(6TSlALWA3iYBmAJoZ#Wl^H)k}S)}WNNPtE|ixH#(sALWeS$Vy^eM!wH$3$6-Z*C{*{VomMj`76e zGrmVG0D{6vOAiDz!9oB~S{^X)PgXt9Dx5Y|9b>v_Q%16#IW8Z5!OI$^XY@gFzA)*g zc5QG*!ywG2ux6M_8Rj?h(5~Y_CJ5vX3A431cC)#~Z~1;z>64zXH1)VYYb5vwR_m|y z*VbjoXgN4o#_Q_F$dn_IIEhVS1ga>;mWN<~g}MhuC78LnHOexHJelT>i3Pcd^+dOj z0HSe|7^}@6gc?_@ruZ8lT=l|oY zUv>EB0_5q_9d-sXfn~R(o3eL0h}xNF5*Ve(wRKih4H;wUI0TOVF(rWMG%Ja$vTOpn zjypQvc~iziD@zJUFAXyMJ?H>-vQ$Y(Flz%eG79Fbu>b}FJ!K#Yko-DedpOrSmq?8R zo^_65xi*fFdyRuYFrj94v1mXaWPAg0z>= zV8-$eRu*>3>$dw;UvamIjzie-{~?LPD9(F3ATVDW3y?t}6l1t~Kw^6YtucTI$-YUe zT_jH}hR(*_?%OQ(h%q6XO&!?VJ0tP!dd_oJkzK5_x>}B#A3nW9A78(o50AixOeh%bGaMMlON)IT5? zIm@}qQI{hsL+gQvt(|Wb0uRn|x*}=atieV#U72aJOy*8tCtBbOST56T7@&f}>(X-1 zpQ4~dpex$bRub|KyO9~20@;`8j~3`oJF-YxOErUNfQRKGL(LOHFz8f4A7UVAn2IT;NR2YnD~Kl0Bne84>JO<(P$o^# z0})`MDuvR6uz0mf>DQ&q8Cf}4r)ssPgmx+ouo>8~3J6=6HUKr}RYK>Fk-WUp0LBN7 zEk)4fHDKAN1>S(3ryfM8sO`aU=kgv1WJ6(k`2kpE3Q+k3hA*#wq<@(S>988YYGWR{ zG!x;3C`cB`UdL5PN@QgskY(ePWNkzNrh(uz9CbaVCSr|HRk>+Z8CR!tJ5%CDR!ySc za_z4t|CgVCP6>u{5HmAPjX}BBjP3gD%(O|b$fnTg*Q68KL(rvzLDD#=1i(_Mk;0`^ zs1+=yrK1SQ%5|bBG%AgLt&ME8H81q>fE8$V{P1AJzr^f@($i51RsZwLwr;mU90p_lBt!Z1&9(K zmYSAEst5mX64#ygi2zz+YsqeI#w|cZGC+4r%}58^f?c|i6=;4rg+kQenZY&Q9HtyR z*wbN;>Ug8($DQD|bV3pVJB=1RIE^L?pA#1axZ1GTA@)p-Tg_-nK-0Uc*uj)I^bcqP znyL50!Msgi-gq7F@ry^7pW>en5esAcAaU=L$rP}-%8qp}Rm1NBXlT$l1uC;W4B=)| z&pRH^YG`tPXI@?X$?3FH9dM+oN+I};k%~e_MxF2y*W7)BVVNhfTRxCk*Q~G>JNfr7 zDYraEN4lDQC_}@h)@oKcS8H~>Xb8vdwr-WizBLv!&@tntttR9~v4{$@vT1Klgi~Y9 zXk3Kdns@GOwatE(VBC^GOe`<(hn-RLb=;;0WcdM(C>tCA@FBuQG#x$MdU9@VmB;42 z@op^fnyjPQb}jfx`wbik{=;XDxda>duU%kGROhd00-dc2$MV!XWfsTm|E?honO&9@ z=I(Ld+p$hp`NH`dcSO)W{K1_c1%CsFpW4HchA`efkTk(ye+exeoiw0&;cMQq zH|dIZ*dcQa59xw@sxeMnvMjw+A4*hziZS$n+PF>VJiU9>{HTwYW8er$nJ z*}9ay9t}QhbwQH3+`nZ&Pf(caIGGx!?*mCn&Jfx0QCOj@bWK+E)T$%Oz9EC?KA_QW zoUXN4;eNlUFJ(zM>ht#m^Zr5pjR5hAjWIH0oYwJVPwwM0$v>&~@j;gR(oM%Zi$|>D z4{LT(zx*@zHYd%D2SRq2MOv(*Sy=O#7`R>R=1S0?MS$yHwa&W~!OzGjGNsK;&EoXR z@)QWUg_rap)Vgel?uCLw2^Tl3FpB%>Yznx(-Wex8}|Rw z4N!02$z58`u_^N^E~1W@5`DULEjw?}jrR8geq8-Adzw7(qs^KhBBO9c=s`(h3_>y; z;-fCa{n*k?p=UA12iIJnrx*+RQ^}R{upI0e&Dt`L;hTcC3Z021X8N+Vd@6}0GU{d8 z*l2v--G%VFESKxEc430^{8fwf6sN96?ceHW;R$PFn`36Vwq+fI+_9#q>ZE^wZ2{kd zezVx7igIP8I2Zve-4BkzUuWIX0>EHUqLqcdnS1NIx00(frd{ZlHl zsC8KY#P6-qsPKRbpUN$*G+Q+E8NQ}jI_qLhe%f#zab!k?QQ5Q0E;$<vP z8$Qj6w!tGT+u+w#_0S}FISr|>sq54f;jbOAm4=r9wdXRH7xm)O7b3M`&Vp+=)$C{X zG*gz@@c6H;&vIp!6}Agiw}Q(!!!&hF)P4??|3KM4x%KC=B(|9BmUibQ6bv15uCa$g zMdSutpeMMWzZSE-G;D|i=IM@bnu+CVPRju|NMa;0VK8@Q62#HfHZy}s&%)vv8Y)*C zHoK`^ofWCA60Zuk0k3Vj&CrRvMUH@1FSm)j0ZepMV05%I@wrOrEw<|a6$i8XS9?F| z{W?uUHe6lwj3rCxhzdKzvXl4F8!_PqgC6Bdukf$}QB#+^JJJ%2CW%ztq*P@m_2dYq zr29v&qt3P3f+sAKsq}3U-BhHvOQl!!NO`e`*S{!=h#OgY-4#FYb~AESRThXHaI`X1 z2KNtZ8vO5ZUFJw^8OAsg8PYxj#?>Su>7!^HKSXS&xuks#^P&`}qcU1Y>K)d!a&$nR zTh?W{F7!9X>P$HE8>xnwN5s>CSrPAVDl8l+knO!D63T-HC)(HpT= zfZujUZ0>&bPaD+{(do3C>72BSvS5Dxx6<>U^pXEi=1Tn<38-HISU`48$^iHdI8C;h z2;0RHxhqb|&CS64a_PFaypfK`QDn0*Z=$WFCdc&{4XvcAikRw~1Z+&2jM0&qOh)!q z{mS-1gUmL$y|6Tz822!Ved`b6RP*z>u!lm-Ew**tU9ywF6!{Ah@*imVC%1mj@mqH_ zeQI^UHJWHdWMRxiT-bpR$Ln8h*mS8jzA|d>$Q!d9G4dWtkxMhedR~gHBtvwkkx6gl zmAQH&ZxyaG`4oZC?xbv~eqv&+%XD*_<=y00mApIikaxm9Ej6QYm34MAl@*;$d%KgW zzx`YO35EZm%+<^S82g2D36wLa7E0>3oQpW09lks}5C*{f=?x^bQwGIQLrT zNGG%!&@$@H)@o{dY`kg4`h{`(57hjVTR(SQ`7Avr^(;MvBbwMQU=;-jH*Q0E^+=%e z`ujEBE_4L9pOvAClg*=tkk^K@)efXWR_`}0HzBD)jd)_ts@R@0w(_xE?u$BubGigM z#?Ix0k5MU*+}+RJY~XM>RZaKX4xx{{(GI+7J_45ON1ie!ptMzLBm0z3L1rPK6| zrT>K1|FO)^N&po&iD&6fB~s~6jEsz0jfF0gdwM_MUGID4NPQ-@r*o(xgF6#y7-G}-wk@*#@YKz|&T)R`yNZL{8yM?3W$zlqy7PO2CfcpkvITeyWl2f%p6m5^UjBDnJ$g55NTPT;G*|fZqam?=GIxh`#5f975W%n zVKZOOZKYUj&_0*tSzwoHQdv7LFEV@S9)EkLg$Ux_2lTwqk`LYc{bjv7>;NT6JWSD<@Vt(*BPm{gaF<$$8>y-q}QV-YG#ujfy6b8vm@cNhyn(Nucm? zcBadxN<-P*q>mlKhWy2L28jh`jx|}EnN^){s~+ooG1f$fHVEA$!qAVbvZ<@A$&zQ{ z<>Mb2v7Blam{c)!IMQUC+Ynp#6kg0uHk#(ES*rz(HDjx=mHb8AojXm}6`o209ylQE zqy#`utdJ>WKZw^5!J*#xPx2Z1gTO@Lb#NFerC zpSzlQcz~IQW9Yz?j!;WUngB)_l}_;{w&(+;!NSbQ7O8V3tZZ0Ne%Z4uSazwdqmp^U ztinbov68uHKlW%pcEnCc8R*OMg&~ip`2+^Dhdk_fb=HK~250H0hK8VxNe0!432Z7c zF)>MXzeE@`A{n;WN{oV}AiyC86-6aMsXF?Og^VC0qUP@+zd zMwz^Ju12PEVxmfvl_uk0(J#6uYpFuyo`)(*t5=m^OQM5h3!W!RF=5Gg{2&}N>m`U4 zuo@EsUVcRE36kt+H}%qlE=72-Faq^WK|uk4BzPWF5Gjd;Ek%$bB;5Avxj*G%zzhX| zBQ_|eb2$kjBj`{fQm_ewLZl0d=o?Yd^|0upD%7JTEwIvpNI=9S3YgkT7Me_D8tWDo zRu<}6@|!=OhRGZzNvc8em>mc3=#WG&q)*`FhiKH&>$BpGlWJX>q1dt1l?rgM2ugwz zF;G}RbQtE?3M-}nod{i(Le}a_kDF*obx;XADsd1_B94amDp|FZMgVr&)Q5F<%V z=*Kn-Rxd&i0db{B&nb|A*rg20s(&Ye>^36>6lI1H#1wm?); z)(SlWNg%Om;Gk%L3sJgX0@j0$MgxuDkW#=D`v!1+q6GzM5maE|dHHwHBh?3oTR2h4`Xkjf=&-J9k+N3N7A4ZMKgB^oNkB(uD#B)0l10Y=X)9?DGJ7Nq z_D3okO#F?^#iM#E9UL6VRn*_mf~ECTfx>Qm+2jctV!YIKOcYVe!^G3!ys=9?*585EJ0~k#foPYgC<9a-dQ+X&f9J3_9rqkTgh1 zx;QZT`|1~h_zREF0rnm=n^SImWpMeNh__T$jyO*3gB;=s#t4+P}pCF5(h=l zf{h$C$qba}<><*W2}7gJJa8x3OC{Npo*Dm*%!D=!4iHA$s?$AgVpR`bWJEDiBlky4 z?Rx*^W@d;pIGyh58;&2)5#N5+*}ajJwlBN~@K_+BM_|5OvQI0e$ExFR!5C>OTkdW3Up#!=(^9Fg2s3nKAd0fu1VE~Dc zm}r~HR0M?Qko;{6z_p`FCLk_KRL~-3Qg5nAW7-zi|5`h{`N1ezBO0by(e=zL&Uo=z za`t$1_tBwWn^RbS?HD;QWG2(Ft}7}?M!TroLLYER;v~KaAW7M$N((@#>~ccw09Hm# zLb4QtO-fw@HI%l1G@%fv9c_gjwEJh}ev8QAfXj})+HWZ-zCWp=v# zB2dI>eJp}KCITlK12E^|EdA}P3mAhX*$8k-DhvoiBjt)mI={Z)b~*9@TnM!6i`h3e z)-Cs_{m%nUxD?Jz4j#2`#0YtBNP^JRw4@Vs=)guQ9BQg0ld61bMz&bP&3t?+d!u~3 zY|2^$T6BrMK;JZXfdj5psTi#2v^Y{q8d1O!gC!|rGz&EIWx84bfoK4L>L~A{f)?~O z*-L0+i~>Z4%pl!*0DgShY(2hnMx)$wysX<(ds|=m9TQ+@4zpmhO$o)oROc-*x0!{1 z?mlL*-8%c$Jnkf1yYeh-(eBd&?Y`s|jwhw4{P5ij}HTW$kJ?Pk$$&Od*vZ|P(3i_-@tyPQf{dUJDA zn=BuGA{$B>JMQ2udD_;MhX)v9hSLd zJ9yLvShu2-N@!`(X$4}vuj>CdR?jH_!0M5J*}1{&=Bc<4ibO12*S71^oyG?=GY;p0 z+%Vle_ja{e-H3VHfX4XRMGG`uf`X!^67`3q6>Lfl@uCz8;&nTnV>-7GhF zvLSxDEHp>FYvV(_y_R!`MQ*F^uHq-uQI>;>rG~*Dt;XYVvl2Uo14LGK@bBX`0pnTR zl^~26yTpdlP_$RGJl8;&DBQr+nvZI|d!#$Xj$*T;qjn%WYF0o~rF_bQ`JH>e(Jh{1nB5qwQ-a{Ww-FP=G)TPw{lmASt^A)Rp3a5_%;|zeVN|Tfe zi6m1GsU+(M7d61gTPWk&>K6`(?nh@o8JczadXRbgr6*USs^z_f2I?C*E_E(N^Rz^} zpu5fwBoL z&vU%(_@mo`1X6PEQ^2k2@$NkjA+gchKI?rPQ40zchGvhO3JRXH67IlDHpx-@U=*h%ne2OIv;3H(n9;V|>?w+WUeg_qKeF>E4 zdK++aqes_s_vG_lYjK0yN4HjYF>&6W*N-GQEl?B;47l_Zm>%B`F2C_e77o{7>h!io zh^iv>mTZK412$*F)8BS}U5dA>oR+we`$^nwqZ!87G%SUw6B<%Vr&595c{s#+#YqBa zWsFB2=a)yyjjtf-SO9`1#U}e}xpi~Jp{qR~tl!T_!a6mBv7rE}$R8SZrMK(hZW|Ec{EZsI3 z&DWpW7nI0*fyd&uR@rXeqikyKAJK0#LKhnDF zenVZ0g=9O#|3J0#e8;SQJE#3ZFx>B*@6y+Jo*O*P(_YkRFQ^*F5H3}zisaf@O=z^1 z(up38e~)Yc+_`Ba-i4ok<Lom#ND-758okmf4yP)A!EztIljUk)i7FNxv7mqFhgb zr0w)xj=SYD1mj#Lry!YbwskdYgnmOyqv?Q$wSzzqZg6DO7W2}P{~_W_?#ipVwMA!Z z-VA0vllt&`naFsyFn{Q+0Z)pzN-`=hiK*t>s$9eEA2>de6w=Pj?73Vs?X^iOSg~&r zf4CpEnwHa@waZZkez^pzK6G_EAHNHywp;+O?xZwtQUvzeJ>i8@i5Z6|5*76tK!u!)*lkXskuvG6(_o^?H zlw+vRXdlX89rHnJz7XtlWN@LI_HYz0pDVY_Zs#mLk@0z=J1X22Pe0fKEd6M|O)+$lxN1E-At!!4UGda8?G#o?M~X|$i21saH_*>z57_oS&iJ@x zDCZi-GX~mB>`0ro5ovLJy2)7CksiER+WorPo3M$Joo|5;ly_bH(uHW=19M=SG7*}> zVtt0|;pg4%TB}aX1yzh~Lib4bC>&W%FkNC|CVXZc$uVdDDHO?IG{vRq7X<7B=c>4_ zCaUBreKArgCPdYMf&GN!;u`tc;ST@agj)uz=AGv(p z&+U9vTZ4Gq-YouqX#_DK=p2$TgQ>}mm8TUUp>7~ zE91@@XAin^`5OD4kwiY`Wzv{eN70#9V44*Xk-Q=%jJE&fv5JWJv&w}7e@$$#v523J z-u}KQNwXl7@bfip388F!H>wU5Cpxmlv9)Cvq{X`jKq-JF{U|qIC^x3`LrxC`j z*)qLrNNsZbVgfoEobvKJ46j(fLauoW<-9u zne_(|Oo%#)c;9=}oR1%X!1d{~v)VK|f=RxOrPxm9!QDOFq5M4RQ{%(~OFN?+K@OC3 z$k%4uFS7`?3Ee7MO_y66&l%8dIR-WbLNp(Mg9=1s2`2f|9jqTd5Uz{!XpRxQM&JUY zbp@9CO~XD|yRiHdj7A0o;+NtWJQiLzazEP*4(K>ha}cp!g?_ggP%4K5O)D z8ZIiw;ZaU2?H7hDw+v-6>mMb%JL0)7TP)4kWU5rVQ6^lm_NScm0MJAN>lGp35=aP+ zOv-YJ!7%N)t=YELa=~qw{LFG@&(Rf@y6=8L3fHY%+>z(yAIGa_Y~Jd2@?d+4ICZBg zfAe|8(a3HXFXbrt<@hew!M#U~ zXP=gv?ds;3QezP+zDk08)YS4HoXnLY`?L)GP6F#2W&-@EOmILs|YBUBte+W zuhfBnE2&Rk(U63B-FAOwyBgQ;8|;|wnzhv~bS|(vGC14@ z?zkfUr$Xp*-wBvs2C710)Eg4x6cnJewRz+xs@%uiGyxO#U%u5Iu-p)PH+!5-?I`}0 zF(l@JV117LS!DnqS4{4HR64~vKIVHj>qVZ_#HB!~xp^Us^X1tsKCa;thr92FzvPbf zb-#6^v7XwWbL!~)3Ue!85faS}g_aUW84^n=p`?O~W-9-d-Dzn-3kZK$@qC7HsSlD7 z+0YYBS!#u3YilMu-w`s|e8pqh$GtVXv8(@H)sH_m&#lrG@s1Z(e~5gA@FV3`^wM!? z^2(ciG^_d^m{*HX$!2nFvgA`A&lh?3Y8EYScuPD;$KUCL&u#4AqR|=MaKw`VoUK5_ zDRi-T`=Cqty(ozbB{IZ*^3|R7mq=dMR(o9wmvYo3V>Tghw-9t>q28jo6TDovJ1fNY zqIOf0kAZzz9{8;v>6fL#>2eB?9U>&uQ%c0vgWe%|`Ke3d{)5hUP%8iSRe0CN>Yg8$ z4zgz=C&yJ;gATv>(H&j?2L+9t?~f6ioaH6A6_h(~rd~(YMfLBocC0UET9O=IX?wfx zlb(Olb8p)FJ4oX=FaIvS@qy3{hJ|gf+TQX9`QhZGOe7@s#04!lZ6x5KTB?$QE2^YH zD9@qiPBJZB12Zn;qaDn;G-qK(P4?9Wh>m7c_@)Vr2F@vB?{<<`FJuSD#T(5Mbn$7& zH@S=8QALcwz|jfD(@870vg4;kynC$LXhA4|zaA5Wj7%r7&}!NLHm9%B`52GEvRzkT zy!GO(RzQs}lv+!!BL^r{aiHKDB_}{v155!}q>1cg6fSF@H~Qft^JA9YeRcOA39mPH z3qX>LKiQN`n2cMCxU4j-D0T{Y3^E_HWo9OJ{DK+%68sQD^xh~g(TBtQ!+G|r9Xyo55z3hlO$Im1Kjd!xAY+^Ow+)YTtw@sBD*{@ zNjU|%YU6QBuI)Rafe+RttLd&L(|O{NovNDb1qDGtDPS;|r1#~eY{djJNU8~A&U^#z z;ln*6SCd{QdX`?(xVodGCTH$?{Y4VHn3~=}>|uACAM;;h(rth%v4x}RzivV=Cs)AD z2V%;kkfvw}As|axgrqA@JDe`7&3sWUzh>u>C*EdPIe+S#O9Mj_hAK&-5viOHkAv&A z;tNY>*0sx4^jg8vk&Dv> zwIjS?#xpkkz9}@JQQkSFgs;%Dp)_G8{nx~btAJ8Uqxp8v43@TFLhXMnRJiJ&o*g|c zeDrRw*kEMq3Kt=ZOpJY`LHw9$*~l+$$|W;yIC(5|ZSR6#um*nQ71^9y|j zCS%o*szhaV>B2IXx9i)xTU$j7nQJj&|vXy#-v~2y(Ztgwu2VT*d@e*yi=mu5pY{nqOM6h|KZHTjX_ZPCEBzPcdbgMH;`6`o z2<`mkHsQqE_hfF{O=2b8V_`>-9AYn7%%+ZGDUGllDU|{=u0Qu#WC>)jq?0ZKe|C1^rXUn;kOJUCUGi9G`mVv4{l;;O@%AGC9b~!dgLt9(DpRrog&iw3G7^{7 zmF$w4!BHSagRsmJ_Zs6HRHqrsdQa zTG+||l2!lqi~MpsdHEG*inJ`aQf~lEH`8f6)?B^h+Trr}qbC?K?gkHcTCf%H%T@95 zUem)NgHf7bFqiu6cJ)=xAI&__fL^Rt>CrsS=e62HPR}iWvd}B3QHiMZ4Xn3(`9FPCgF}YXPSrDM~8oKx!H-fKgJqYG6!8x=mv>*rOdc zyPLurh#g(3&U|hfCpc{9tB5C=4o5@#hxx?B$l{zGk+B=u@fo!X$2EQ=uweT~%PrGK#$&AuN~}go!y~q3+LjH~R!jhh@uztjl`QvmJse4WckC3* z)>fNj)x(pFA3YS`_z^i?H~0Ry&zQ3+GEB2(bK8F@ppC6t3=h^gKa!K{wBu!P1RTJ9 zjVlfq-Iz*GuWJBtR74lcrp_M;j*2f*4#FnLtl#Y-k6^yG(>F1&q|qqIGBPsWtT$Zg zO@P=$xGK1KM76oMaoaPURTwDU?Sv8;H%WfV;06XC9yW?j}jbR<4%oG=IoI zI$){yPsHc*=DGVm@0CjVVs|SbondVE2>`Ab9x&O`zOH&m&5nTg}sFqdJp* zqkX-|9Z%J;uIAlNaW|@(5~D`ebT(xjL(+lE;FQ1mBFn8X6Q(zNj*W0E9qgzNWz+7v zlXbqrJHjK4@3^aMGzM}FSyYg)u8pwIyP1&r$qW&y>_vf5jRB=bS`mNO5#V&V0u)7! zJN!G24w@Ug$m=w2u_tn;Ij#p=qZ@I%Qw2ca9c;i0m02K21VH9tG7rcBQKllJ)=V8n zQ*)iyHdZ$lp6LrE4(7zVVh_%oEM>J+SO5nMjCx=3?dRU;5;F_DWSJyolllm8?myZ- z?M%z}7`BG4ZoFCDTsk^DH4f`aJaFgl_?%8`?%{^amLNOTo{7Si#D$pqKTFy9bYk!O zmkohJfr zs?o+)Vt?HP0s>v~2K^ukCD#3J`Mqq9^R|qlHADW=m*i!6nwD0zSxq0x1h}Wrziij5-;%_E_6eSrim}2vsu(be*+?3rmJJ^WoS+sac(SES?YdzLQlzuXq|I8BvV9Y==O>|4?p7HuNC+vV zk@j)Om#KG*QfH+n*tUkBt9|t?dBJZf5hu|`nX6aElBkdL^jqpFbR#G_F}}N4wk2`R zcxmfmzZudAkM|jU1^4VUo^+_4*j#(9EQ?dfCdpf+ZpXtA`?K$(jffh@RSv+LOr%wC zaaRo)98#uKN0OGsxDqCY-R+Ndx--tk)VR$NiyY1K@cEuv2xCc!0xCf`-;eRB0UX5u zXvG~JAg^5W9>d4TE(C8a=yqGi{nZi$3{4dEpfJW7Tom~GOPw$~o8+aNCAb-lh=>r4 zeV8p%2`~ytVmUJWlv;iUW4W5n+MW?KgeWMwpbEBcymjvyZF|%*a^&nFx?Bs@a}sIy zGnv&cUECgNT(vk~8FN3&^s>@6*9IjmT^*F z#@@lMAZ6b(<+e=|>uHbL*8H9mzl*QjXW7pZcRz`Fj_ddCdz>b*rxLSiq!lV@WWfg! zl2?qH6h9~*pZVM&==y<6aJ{w%3U%FPCRfVT5mA%yKM?;U(%uC%GWwL;I@Xu6zT<4m zgwDiplOW_8IL;sl5Uq=X5=zX?4CH62Iw~b16m?Mn>WQ<{4t*P&yR6e#f8m{0o-(NCT6R2|`54jux@w zDJq!!#>xJjir^B}MV;E+2W@~}g3IJx^D89wYTIp334Ehay#fna!N%k1+-odT!Yi}n zq+v_v<80H#+vGlj!05F<_t3B|FYeM{stGB^P zO?zM-?4Hax-g%7$5JN(Xj$JZ@E)=3C7iSGPSmOl)p6M0n>e2jpU?NC@~60O8wAJT&K4HdL}&9R2bu)a{kx2dHU20@6jWn zEngis?sv*>o?irv`5V^3u2~-J_<4>OLXB+MquGdPEww^<|KJi>*yDV$5;)j?sSk~s z2u;fKI#lzb=`PKKv=!(MleaW7)b0-2m#JCd3DSbJjbcuR;ioIP=uh@<xC|ZZ}|BB8%xK|o?LNV$le3x zR@cKXZ*!DNpDF{YSHxxxvKiKLDjjrNjTOffLba)N)c z{_gg!pqMI8$p;C{lA&!ETL6{uo^X`;_E6VWLSBnR{ z&pR=xy2#TovuyQy+K)TT#*wh`jc_aDPdS<0s&*c@(M%}j(qxN7goJdl<}zNf8%#h* zTJ|6y^c)e!LV50ns6d`(*b@zy-LNC>u(`BWq(%W9O5{@@)WMMXiX;%1Ai7A4iw!5p z0E7i_2Z;HLf+d}kqJBlfADsvAvr17YVisUx)TeT~AtZJDS3LI6oQP<4AU@OwG3Y6} z91p2o6U$XIHb6s|6rd%h5OS&+_Dj*zTuxgVwUQWcEC&Ky0pVnU-a)Vo1yq7R(jVX#ABpue zebi(^wmZ<;9nrtOgYLim!flsdIS5`nbaV6(?g%`%pFL;yardJlI*2qC3L81Kuijd6 z642q&NMmIseu^(~*S0OG`9rtC5i;o(aUIz?=Z6l<4-`G+T{d2n$u9Y~SQfTU1Jb&3 z_df}*cPQgvwc;2Q6#U*kf|!&-N+GDUAqm96ARv4}7^XmEBm*H?#w=6pyGyAFgZ(8D zA;HVHf-URk4=DP0Dm8PO)rVy1*ctVd`a^(KTGn;0dSS?TFW$Y(nMK2cPG9h|GB`V;Y9|DB4 zcp57$&&()7?$vZz22(jogCOJ%KVGd5MxJuqBTW__gD_dZb-N)o1_%O*O_r(4_RQ$= zVUH;dNE9%D3tAu!uLf-;dUTc3TF_+^>llCIZmYN5vGXZ)SeI_klw}Au6B@;l>_^UgnYB+$W5c9OoZ6+JAdtG!5u#6X z%XcqhsY2oPJBdk0VQTKPbmWfOUDa`xTXf^omt%kR`K*ImAEsbMg%?NE-Ktpt3CtDREL4Zs({TWC z&SdE_J7ae(emtdrkwP0dg$qTJ78us3XcSGh+?&7l@xOv713?^sKn_myNd&3j2C~Ke zlM53EWRDO-{%xV5=?MfNySg~}NjSQ_cmwa6inLEkQf|5HJ@j_>%QMP_qDfY6`nSYD zNY_fPKK+v?ze<#Ek;JNbNB%6F<4st|a&9^rRdN8bE zi2i5gW93JNMI?1zmCEOVYco=&53x+Rq1Q?FV5YP5HKbygM0^C)4@!|yK4c;u|J zi?NN2DR>wNq%+g~yV-t`^xu76b-ic678dA!iHhu4(e#GpVaC^`UTlBED|g?w10yz? zc8~+`Ghe@NX`RO(^+LptdhLh(wEQeOg5|iSEm`ReHP|G%K&<4lie?4=$3}Sh%F1wP z3Vg)>ta$E3(C{xcJb%iuz+T`W_?caaeLy>N;{CO;?Iu%@egX#TZ#>n1NBG~Rf68M1 z060iI?IVT)H)BNCT^c9;W0P$1q4|z4qT)suF(0SL@vS>1miGkGlVd5Y!*mlj?xw|^ zb8%`AYd156MuUJr>(AM+G&ERMbYTx}HE+3fjC2Z?J58S~e%o7}>f<_N!92(h&pEK` zikmcU-gv!aE7vc}^^86^Yv&iZ5HqvLF$hHMzCH@5x_&3jm+!LC0&&#{kdnd-xxeoN z5!;1{a(RKs8(35yKy%p$Q>RybIhj??_eK9G^mBVm18k4)D*Lcv$EL;*ci)ofK$<+6 zIHvj*2;s&P7x8cuTM4Am?RvXp-!jSR-F{xpJTYE&*ga)HN<#mpManeM6@wL1i}o_4 z9%FjJZNb^D+}Yyg556}ZbU;nSy5V?$StfJeT`X)?KOYh(C#?0w3j4C3)lp9^UzNCgM_Ik!nMdgN^v&3*dvl;GQcDzj z*P6n0;F`ABs~P-}U*a=>FwDn4@qo;!m3boSax#ZSF;&I}!I|jH(@Ihwa{=c!fY4~oJ^D6=_w}q-x{(#I z@}-$>zeu6(C8~0}@`cl^u}57~^YegW$DFBXB*H@TH=uC`rYxa#KDAf&{)5#uMpw+2 zi&PKykP$S`eOZ6=g9hY@HX5%d`fwi8FsfXZm_;sAoFBU7j-{2siq|FLUWB=tov8Ra3eiuK zm;>-oP~ml3sMb?fy%sDi`m_Y}IKf`)wvaXCr+0kYLOJ4H^Fktru06f!5)HF%T{O|0 z+#|juDhn-iVP3L>j#?RyHjFxFRAp$sVjEEtwo>i+)vDc{j!Py<*vGh9R-rc zmSDFWY%L3e_Y71NsQdOFDDQSsR3{gLM%<$&HWEt#c>fT zaWCDj8HuuOhxPAUOG(WA{k1D)h}d@!5U%f9^2!>0qFD^N%Qwd-{KtX$_eI{*ln?pQ z#CvTSbMGIghiC4c^r|n|ecp#X+E#J0jAEZwWF=&~o}$D>m{6UF10fvN9t6(4(2&Dq zUJi6w-8ibdU-J0uuhObH$8+Hh?s3hO#jS>elP*7wG(kGfr;n9z9B=*KANwfIe_H%& zm;IaQf4lmDABg+5e%A9HG;~0Ku4P)|WH`Gkej)RrO(L&6>dS43y}zCW%zqqD+T5}4 z%DtD`M)9IVl_IfO=MIm2?&p8HtJ^qz!Tii;&~gAU@vUC~h`i@Bt`cK)3$LZ4P?)mY-&mPI#Vsh(d5BR^8li5k@r*s>DJxdSbWCHlf7ksF-gs7sv>Zbu z%}#Q7>fR@@TTdR%ol;Y$=`AwR&(TRqwf`N8NA&#od^cQQKY)b9C{oKKW_Dq?B@4tKeY4dX7d!}I3s7A4#`?KPrW=o5zN*i)WI7|?55 zNCz{eYDuCdm0(L}l*G*P74CTU5Gihn7zv+!Ms#ny2ei^AZaouw7ZRTEWQ?>m!w87J zJ`T`2`jS__k9d%;_LoO-I-hWIH`UG8REPaED}NH{?ly3ve4K_)m~VNUNwi}HKgw_Q z&r`%uZsd%8v5%vgk_b7Pj1bYRyDby+=l3tKuS9{~bBTk1Bf|kE*%}>)Z(Y45^2;Nc z@l(;9{yuzeW0i97{MIq0grmfMDn|8n_JxE{J#}s1*oPs)2}=UjRILQo3Ms-$tf+Cy zzK_S}xAQ(__r73Z38P&4+<_0%Oa~gWY*xQ;92T2t^tiu}y#$yDpBG$F;tY$(OK>iS zh<41YX7<;RQK9D{&c~kb25yy|o)!SKqvPzcvN6zkv)NxCETLbhA z#}Z@VE(<$e0eN_>>d-kh94t+JA0Ns8gOdN|#?|OLNM7+eVCo@=rtJz8|C&GgCGcK+ zb(mhM7H5OLj-<4*ZR&LpCq(aM ztA+-nEsylfp08l>o1-P76c z%3fi*Gyph<#*Y)y|H%5^z5M@w=>IW4|9{r~e}Hx0`$3ndDq^CbqG4j7p<$o^2@ncV z(SQiwHwmv15fjkT-2qF|^YRI*laM+y2uR&xG7o6 z1q|`iZPhi$bT@sgNo1f*n5T1+@~zt9dlEx0G~0DhE`uZ%q1Jlh5`0cXu#MneF-tIq z%4!9+@L&BYWSum~+Xyxec#q27<$IaRz5kX! zRXF}8WMfAE9uWdUdLsCtw}RB)EL0zoXt4)*?(98^YO#0`qOQ3nE*GD!Z?U8v9kcYL z_G9QZlC?*M|``+kgDsVt%Dm>YvfLhcHf#GkWjO z_blPf@@z+}1(jsxmw4QPf&3kD&iD1p;`$e};g2kF>-Y0mp3MIBjH&q>B-EeeqCDz5 z$PYoqTHjq*ys905_nfB}b>g907cohgId92H6HnkK`N0B2?83tOk^RQT6pWrR&Fn@s z%v5Q|^!+27D5tJF?>>JAy>xrAD)k){da!*lQ3Mu=V?(@XW9fU%t9W>Ca->9mwS!CB z3n$8L?jSq(oYZb(_GRoeoYxh%LL*sF$f0{bj1em;m#zQEM7piKIVRuBxocOAF<>wC zJ81Hd!?()FWV~wC8Y6IPZG5F$^n%s$iTk10UoWB!Ty0rvzSI$Z)ZNeH_;%3ut{I)D z7qiF8<2&eLHTyg0anD7D^$VMrgT2JufaatpUgS4Uas4hZF-|keE}HSagW|tl6Z?z! z_Ge?b7;Mrk-h!9I^vpZaOE5S>&v+CP(Ke4)(wzi-$M{;e->zet!j+>vQP+#LJl8nz;jUh(@m+!G3^Dnj^}lU`m&vk{Z1cNPQS#wp!mkMD@6Vwai#iT zJ^gmUL-UM1!TYyQ@d;QDbJ(L^bGEX8H{bWlM6eisUQ={sfc zQ9^LH;K3yX_uv}bofmg^_uvrR-Q9yb1b26L65K6FZo^vNK6{UI&$vI%-#ePoUCb`) zS+i74nix!F@^8D)vdmWzV*XeknbLLI(oJ{O>&V+oh@fYmn-uN%r^8b+1-K@2Kp=W=Bmo8tg zLaL7A9-p1RVDH8O>4bj4vSS|!bhhbpK@3UArFY;ONFTBrOqUDA1z8ukD#AnwbbPgwHT9>22$U?zT9Tl zfafaK&|tQe*2fZI}^qcpmh#1OvMEAYh&vM67JK$plBr zYs$J%bZ#T?%`}++53gxizNc;rNHWdyQJ5X5oLd0|6C@NpAFT`^*r^v7G5so+MzzV?$1!szf<*MA4!=F#;)o|eP2 zGL66&E7w1mzUVt+;LY^;f1kLkNsysq(+1TC$#<+?PeCa-kaWo157=vqC(d5A?{QOP*$TQQ>&$XEaSvHCgX^dN|j<* zRRQ&r2|HX%5`!~OslB{Q1@(M$@4CCurn#@9N5vUY>SZ)IO=e@zVlC4*%+?OutmRRfJ9 z2_U7vwkVJYpY~s5pk;veR^*?2|3BgXmLCvZNUGMPf5D;+4*!B-=<_{5c^6%X{4W9_ zK&ZM9AqH}oyybW$0673c(9E#Op$~@sKUuzh?K}{=bA4XtbBS7i|8HV#2S{uJl>eD{ z%>z)rz1{ksng6}@Pd#s?{wHNScjHEx1uGE^-IY4_#1y#+Hk48;Pp6V0&1CQ}x+sUe<)iY7}E-j5X zL8u|hMad|qrYBbAgnM6pu}^78JO=gmchu~`WGrbOsB0Y5IQHXef=bQ0!JsFhe6n#%<*xY82U(5E2AW~3Gmj18&zg?92P}!7bGeQ~>RR#ynr%{joQL4k zA`yt;jw)X}KnM&hPuf79CU<*HTH@^{`@93w>2->wpfUdaJnbD#W#z^YpTGq8wuy3J z*oE?TtZ0c_y2fJ>pojMcTB?!(U7cAoG+ZJ}kwpR-p)!DC4^zN9H_c_ZsJd&1H()_r zM$$&jDyNwtoPtsBTxNARs+WvTV84G|n(kH#m-0&wa(GE$??<^r?2O#Pz@oQ&2gXNWSjq;ra8Q2x@CHse$#y>@~6YOk-37R%B8c%ViM zzRir?uge2O@!Fg=-CTOCD*1Vk%Fh_{x@MErULUB5*;|`u0vxYjD?L%|9^`6$ek3bh z>DeYZb}9;z7+dc{MR;X$L|4#X29CFHnB^&L54)Vd#8i;!wTjt@A#n!Dr3aN*kdkAW zuUpmP|MUFo3ZbyvK_%2yz1-if6PIj)kbItlc{=(&#fnDHp-paUiM}*qIU#Bp&MCwh z2`Ez?(R2tBHr}}gZ!Z7I9QzBF*TdI#LtKI=X1jAH-%CK$toh7`WX;3^vdx@sFDDJL z*OP1wX#H#%2mYgPbH|nJsgMAtrxoA%u7UD7YN>Cf&}e*X&i&|uj)L0QBF4~pX)F=e z4>YA?^dR}A!qPP9>1+BgsQoy3TKX?;CgQezHx_3k%pB|}$2R+4w~VfL=`dw`=Jr$G zyU|ASJo|@ixZm34{n~0=QinYDbgno^TK!rh3sq>J8RgTHa^E04E~^-KK0WSK0g3+b zA?gp0J^UZ5bscq+g_6zL4oP&nFLqAg7S0TvH`VrKFoSW46R}Y`ZXqv-StZ9Ce^`_z z3^9Fv-wXo4i%L!J6@LT19s7U(hwmm9%|-!5Un-Ztv{-h7gT9 zD^2w5nbVm1nv^aENhX`J?h^4N<_LJdWa+meR1p?g2W8uRPHB}g@pqP>;?}5B;v_(o zW0Mye&6VU(=KIZle|L*S>UFf#AC(ofVPqFHB(r?}lG5U7XviXE=;T_6KThGyw{ow3 z=NdmDkDJ&n@*#Ha0xEKf?S4*0j=F5IH1G-QKaar8^f=KNOz6I6g||2XlPT%OXM(dX z)5d7J($my=I|1#zek%MItokus_Hmf^!OzeiZ-$iWqeC4>3rp{{5b!R9h>UQxjn9Y{S+H+DAaP9XAa>fZR7bi8}hgE2dMz@jV zHQu!};j4s{d?|vz9K^WL)mZ@XybAcK9pBlftP4@h>iP;bXcYZ)Xj(m{1=QNY%9tJ+ zGe^gVb>8wY!k^5@%QJe5ebp9ZV`bHg^GsyYNl`w!+iMCtI(j(e)aGT}u?;!l4cj8( z20b=4O+^uO%ZRP>r4!!be}&Jlzt$sXY(YB6r429PicUlm2_XNAKTS@`8iJi?&vm_JmOT zC9bE`@3D2chsjtCx_&be^xS(qDooU8;tW}QIyHP^ejc))=8%TWq07Asurq4OL|Q)U zZ!!XpSsyJ6X0WH!+Cm)0`r3`8u@sCHMUtX{vALiz)7S2=*VRmRq63Y;znjjdzu$;c z_}nhW#Ebc}(ea+kqQgI6a+6b7oH+J;zm+(K&_9DaCf@cCO86-KV;%X_d0_GxF{~Nk z!!h4qFrtasmrp%^!7dS=Ww*osL+IuE=YJs}!@~bthW}my!)yOl=l{!%IFOh_G{1GLJrJ7{_?+uXwEr;UwM(T?)k|xKDitUp* zpaFzgfWQh6{zu<9-cgf#c)qd#Sc=zu?ZFcZyx$Sh#}~wc=YQ%-$?CK@bhB`b#<)zl zhk4mRxdS0W`3uyUvPA%w>`7CWlbJ@DTOc{J#(cw58ZSnP&&~${Xke$4Zxf1VhpbmO zxDSZWvQ!Iy!5|4&wh2}Q>a6fY{AEeC$2?e%7aHZOl8Ty44n2f;U@g{t{A5RVIrqEI znu!}iT@X+UyQtabis@;(iZ%8VX5-YxsmancF!#_rJx-ow$?triUu&F_N} zlR0%`aWDMTe#HYT+N?DL#{=vU7@opn?pUHIQrTNM59;zLI0pirX^9%0yQj$6goZ?J!^C4(Nk!#Xzl12c^TkedQ^8(k(Upjmr&@zlDANh z%yFy5-sPxC)g`0Og;>NL0;Pr4wdeDVXZzhQJ5Do>rSZoIo)W8=$KuyckU!i43sB7Q zX^pY@!kmtfT%a1PW2v`0C3Cb9^ZWYa0EGQ{{BlE9|qp zUuRXjXY^WRJZxIk+-sJDHt8mLuG#IQJ~km95J@|-ORwh0OP__LS@Y;>3MoPVN)dlu zUZCwN_B;k9fuh3lmE=rERa%F4x{~N$u;#yDrs)nMr_nCd9K%%2YHhe+zbU@ideQ}0jGuoV5L?tu@6xaCrVMAypjX*qW@S9c4S zZs@v=94Y7N-wp%GZzn}duo?|kwt3yX<~wGec^ z#(JvCS@7M{_kJ+YvUfhV!mE~G1NCa=e%Jq23J{9FU@dW~&uR@TnV0`?DW`XVBZZ30 z^oy3>pxfu!wi2X*e2p>Xh|mZZ1e|UAAMIR253NTJ+$DAz$zur;76i^7GeNvNj-_G5 z$o0jfx8cBy9jEU)+DDDjF?={H8pF&H&ncR5DcH@T9VOgp!Jxuh(83Q?qED9R?}VTj(Ws$ro~dp0xsIqa2_YqOm3EvqgY zJvMnOBoYdz*->K)%{~b|IaD)+hV-xF4P9sHY=z(*n7P3#|I32o}+Z%5T0f{rv!v|*K0@nejVLoB=hONaj6dHBe)e_ z)xob`2{ymW8{7zy-0pdDMOF3PFqB@$Ix7Sjwns1_`6}CXuEU!%oJh)b42gD6pZ*RA z4Zo0Squ<`dB{ifW4>bEd>U9C=&0}FDF2r@w*6NaKs-a0C7j$DzJWd!h5*_2YE{t_$ z+Hb7Xp%?f~V3|RkZ2eN9^{&C-m{y;=xNJ!MS%rYrwqz1lCA;mGr-O9A=#mQZw|Cd8 z@L%%Ptlnbz$QRF=vtl-r!TEO#o!|tlniO(J$6$vnL<)UL@V6y5XT`lO0w$gIL2`4W zeqzV+)JpT-?+OGm-+bcF%!|gX%dAiauB_P1kQa#D3J5nuSt!Qt*gaJo;oZry zveG)LlEz4gV`p-JZ`t&2YpIhHpwB0!l*hCWb`rZCdw7bD$?iCvW_P#yzYg)PI=}V! z2mCtzpgg+1kbIApQ^KN@_{W@A@ z)Z;(H0d!6iuZbkjkaG{u8)MPd1kf-s2k7i>ohi6x1Y zFLHy#gOSWZPOJB6?Z&giDU70UO6f3mC#XA#yV(Xe{Y%MiJG7$dKg`3bs-^c7pg>*( z7SXg9>8X!Wy(v^YsSzT1+7lO6$;z|2Ba96#4%kE6s#KwD9J+%Siwp z;eE-8*9A!5EArd(OSUigHJ=X0+kk5dYJEiy)}XAFuQDpsQBi0B$pMknB7Z_bL`nShm@>6#*EC=&x&U%tf#>;?z9l zDdEX}L02vLeJJ^u?5+#@t~zN#9#Zhwabu;yM4V(m))@RR*V4nWA)@H;rXf~Nwk zRAgATexoTi$c3D#<7416#a}w8bcwUYATl4^T_zTq48p8T-OVxd1VmWRdBiDTd?NZy zntZcDkFsT2P|bDF1n#3`CN9oX4w`H)v98tWk^UKHL%sRfLwYJz(5YWb*YLuo8aq!E zW0Xy(o9PMPK$01@Y|fvD@@E}D10==#d=^Q2mdtdjo~e#J%kDLeoE9i1Xitrj6NC6B z4xugRtqq7Bf}IRitB5iB!8XhdZc1uAyp{_ND$Q+v7qwn7g%kFlI9U5@&(pp4U`_wrpB$LMs*ViB1nus*4O=H=50lxF|O3brv9)Oht-( z&R&X%5|lr5KLq*B)b7FYU>LK`RP%OxYXeWp4GHNo_xdiMEDuf}jBj8-n-pxv$L{4r zU!U{=Z7BKF5#D4^$)UiiqgilKkK%~g4SI9iG23Z(`L-)y_t zI(d1DKBeRl+xb|K9}cV`Iar7(3oaseK48?{oMLy_WJu-B&TL|cWcD8F)~%eUx|oV! z=n=vK2szd6ujeVhk?k;pOBJ{U!0&^L%Pg{tq~_<**8l<6896EHvUWh*s!Y{Pk&NDR z3ahVDU1aCUq5!Nv&-^>&^VA5>?qe}}p_?n5w=e*;KsHP0jotBLOwWBUpYCC?tCpvb zbvqSoxG>rj3K=+YQD#xR%x09FusdN0^K3|z7R+FWm8Wv?4Xsr0UoedZ zf8uR4ZUIxFpIx4mq5X%}*?AUU|LxMT#Y$#xv8XcZFNJC?!nD3=R%!MsvrnXw8 zMLHldpt}vtd3=WBjkU?(w+RX*SgFnYXhrgZ5B`D~4-`4Q${uAiBPYBAsJg=beMz{8 zyiqIUVVUtUXrUErWm{XqhfXU1bz9=!QSSbSmqKCMY;g1u?Fcutp3uM!>uxwsjGy@X z8JF(@#lftchgdncn0elL@+Glu{=q}@@VptbfL40S+rE(Y@g706v7j&HpXM%e#q%mYlx$zhHk#=_ANMxG+R*ER)nf`+ap#W<7J0Vd@}{d=sN_u1^8Wyln3-cAG@eSy@KVu}zr3L}k8}OW(s&@;vpi z8*&Y?cHB@>L{rHJr%&H9cNL~OtwP-(A7YQiWOLg+3jw!6 z-kQFv4pcR$>ewBOzVXX&2=XH9VL@RT=1EYKp!6>onKy*)6S913y#((xHhv!4A|KKb zFFKcxY1ZCA z1NOwD>H0^hM*u3Pg8ogbp%Sek)0@17VO5R+m|H)h&jK>(9k#&y8^}`{#y2f>L z2j;8kq!lo2GbKQ*5Nu*s^Ih01xI9akIjG^?3gYw*Kphv$54|ufdftkBs;fBW9OC$~ z{~w1Rz8`)-q@XA4Q8eIuIP4X6Akt`zuCsbRh8vJy zezABSIcHa^y`9llS`-`mWH(Tvb84q?^1157_iHor`B3zxJ`4IKr$q7R3g5HDjDxMd z@PaJV6P>F3t@he^*S}yW$K+1JAe6dv<%Fh_furlS6wwuK)<^1#`=oTQ8cNX+S);iM zJRD1`1WMA1?IEvT5)nv|& z*kilS9jjuD2d;YV>@w2SSXHE){VD(tty|07Z2U6!x!eef13Sq$mn0)?|Iz(-XU?FFO4igc)o!4$0`6p2*0nSMq*VfjC0wwCf5X6EuDtO4s&10Q?Hz$K@+#KysW+6`3(k~#d7 z0Z!YlzVdt@amRI)9q@AGo2&tU-ged;PcTCTHnLMGvKtoh5B)+1AbBo_soyO{SwbCD z(?`Nwe1IR3meJ5lRQ~DT%`>3Yt#i_*@u(4UwGa>Y!}Gm0jb=+} zC@s-2T!AZo+JMnqZMGplfGiG=`fFvdtdu(vRzHJC93ttM^XE~FWf;FFUY#*#C3 zV?+60u*NTC6iSx*wANTiMM2a;DTK%!``fBZ>MqafBoOIDM>KgW-B?*mt{S)QyG1D5 z%;Gd2+2osyVT?&Z(VPVW&aygu5TpC6-DX(QxW1io!*-x|_OGyC&X| z@u&y4qX!!18aG6K5K2t;;u$&YrJ94%WTX7i|1N64$IQwHY+#oM4G)EM#UPe-VDeHyOt!%~5}obr$7-SaPgCp|%tU;un`_(B{3VtCra*c^U(O1~6)E>{ zZ%8ee$VZ)%blw7gry%8RjOz)H*3XOc=SLQ#iam8Dp-xB; zP@lI}c9fHH(%DkEVJ^}_aoPwXQm%9ds-y70vqPSeD@MaKG;lLN1d>sU^F{Wy7HshD zD}o(W3HYDPnxnBE&zi&ZZxt^zH<1?<&uGy8T<6k1w}7p6WbR2BAw1|-C*Nth)*I|o zXO-w*AuO9G;&5N?KK&@CwcCf(VX;;E7)sp6`J!eKj2VV--X~CruaeE~uaF%RGR^iO zbee|8Prie2D?=k!7A{fX^rIFFR@h?QrvtSJl9Jw{CVszn_eow^C8vAB#ukJJ`#hui zT=MEqVHE}YrKKbaz^2d0wpRDm7vHFtJm{Gpj|h*fFc;ce#jEV*mh;l_I6c#R6jmYUvAWTyeZto(KP-xR{)vG?HMcwd3iTQMs)FFU-^## zq*DUado7|KPx>IB(@I3Fe$#c>1Eo8uctZTM#;nH|NSpzX%iWediHbE?8H!}oAvfZz z7i?`&&vJhJO(iH;AM}2AP^fV7c`JOnSShU9Mj_(&lOpY-JX(K)6KM55H1i?H5liYx zm++4g8k#>aLvTZ#g7j@O6?!}wN`vATww#I{J8>(K?F1R2zhn`0--p?5n)lE&LI>?8 zLM^}-R!E&!$HHz!n1OHAbD+7pNJOiBB!7=?({pqI~94CQyf>|k(VFR0ifRAyBZAt)F=XdGcOI8h z{*)2w>6Buss@C$lk=!RNopjZ)wExtOQr8mJmiqzi@CuvFf%Y_4Uf6{1oAnDH+9~Du zQ0}!0&4NVcE-$W@B-7T3va7KQj-17|;g{b@y&kGP59H<9#=8mq{T0SAZEOvm!dn(( zB%ATo5Uz4tXay)S(SqNLn3fxQQl6RKr;C^H>tN`iID9XG+s^;?3;h@atJfkh@K=%~ z+=$iu$EMVK#bH(B_U;RqfXBjhF5`0>*cMy%p4NmoO{N+-lR!Yk`@zNWISR#Okq^+& z1E#aRr;3TnW%38lhm9aM>k8dGvnEl+3YryQu=K%4dfHys?)t3qnZk8#b~k?IV69M5 zcNOAb!#R}dW0f(ct5afPG3iPTiDzj+ie=l-w1QA1u|UE}nkz4sJ`RfVM5{+a^d#e+-;I$Vm0`K}M@C=}$5~ezsVm z`U_TP>l|lbmZ{3B7p^npY|UqpINhn(!@lN$PE{^vvify!YdAE8CVLmhSX`0QA1Z!# zR2I-|wrzc$;zf`0}B33{o&k3W~as4~D45Ohj^k2iQSUekA{zjtbczOOQn%yoetgn^=%fmp{L7k z2}6*U3|u)oBCAwv3X=q;xUGE}9v;Lnf;}EfNzmXNe%-+|91{i-6F4baR3Su{#mEI) z9WA7=1%4<%9Uj$q?W7x(vE6x4tp>*S69*LR9 zfLDSefmoX$&xfNmz)KRPHfZO&h^97}XTNWSTfD9Q3&tAiTr|qGDy`ZR?oo$7x$`I3 zilpD(+CUXSc3Y8nWQB`F$v9q%#vWDy7S3^udo8$aS{kPq&6m{9lL}Tls8PxC>&+D&w1eM=)6f}`PD=5F-p)xH zmj{jIq(0Z?bPyubBChc<9|py;Cve^36~d)ea%Jz)%wqTp3LGU<<{Z6U@omI9yd4EbyKHa2FG0cKP-5#7 zT7_UEjw>XVUzDx9IV^-8Azv{mGhUPsV`bsCG@NYC(-1jX%(lOWu*1!#%Lckg@n+)U zAB$Okz8lgf2g^1IfIUgJylzSNwn~l-Vy;NoKor;xcVd@NJ+Sd%ix20QlZQ;?7rE!<|v zo70FFHs@KXhvf@XIy7d*O%>T{6%>psY!x~CmUMo_p4lq$rNX3be9yFiZ8os3LAm{7 zJ{sV3(jqs#?xXj%!q+`j2{_Fb%Ade8%aN|abi0@u zOOP_=oGknV;?eLt*`tFIJ6HBrTPMjo~eKH+?*p0>JqXN`rcqN_1z*7^gP-go9Hc!k$=kL69bZI84Ch`7X0`5+?<59oKJ0 zh-o>Gho~yC^w(do#RAceZUOScxx)oBa9GG~30mZT`$N{o-4?MYgxM(lx&Mmzd*Qyc zw?~8!8Dt9dhmwx`8dZz}#30sTC?8xs5 z{U^z~gSKA8x)SsCw7)a(hnT}WvGO3?kTOATEgfoS53-2p7fKil*VR8$urgPUB&qz0 zG6RP|)9by%`IFU$9YU`|PdUgZX)T?*S0S5HAf47lYbh}ycduG@Y6FVrhK>w?LH!Nm z4vy=01Eo8P&EiiA1&Tu5D$LV@{>I}-P_U>QCB(!`z!h$hJ!`R;cRcHpg)(JcuCGIj zY=2`_r!rU(lM{1~C;$!t;~pDVWWlF+pN9rZcW{@^Q#?psX#|8nKN$$}1tjk8mUCia zXym#k&jz(;zW<3rI%&=$S?he-hpiA|v1wAwCv*W_tXg~yxyfz{Khq;fkRyWdV41H)_)%G zj6$SdtOZMv9`6#sp=uyC+kV5FjTma};y$+Q;xxCp=M&}$;8BpGzf#R z9wzd~vY|$*9SqV^!CKf+)e?Ozv8b20AVi9Y!9fKV&%Z_Ww-O+#7ti{hLBe!lIg2(O z&H=FsH!%GtA)wcB1gcmtPo6)VLtOm$f(&sN_%JxzVV<3E#-GefyfDRkKVM6{SRs2s zN0PPdfbH;PX6D3pZMrQKF(Q6nY}pGLygh6Ny}sY%sGM_q`q>>n3LwiB^3rS{zt35x zKnzZfOK7O_DS+zeoC9Y~ISv_QPgyxO70}{-9ePAbA2N>9a`YR`n#0cF#6%3_aAcp$ z?Xww;(iUEdGIucz2^S4^btKM=6OZBVOlFc}7UVSVbedAuG4Y|_$D1?3fkGyF(chVp zp*H8DR{loxk*3-sOSJwH%^!j$fI@PLB0BaYA9Ux4i^wH~?Jj_#nF~!0NBv%KMH_p~ z*L!deUy3zGJ&K_>Y373Cw+@WTHVG)C`4IocRK^-k-P+2iRe{NNaC)Qg28A5g-x#w1 z6*USnVjZHEfK-vOm=%RR=%T2%DuA#T!vo%333TWUtFjxB<~K56uOtErBvl|Q4(>J< z!Kj5r!ub@Nff#?en11GO^&6Hb8kQ&)meh0^fb#hAcJ^W0_z3*4?`psp4(!7{22~AE zijowV#XHip6qKMQ8%sK1+jZ-u4soqY1`;E;50R@8L;s0od6s{FqXP*-kGI4o77r{RP8sb!rjW~zm+EZh+?g4BjthwaCZo7BuhrVu+t#%PO&hX(c z6rwb*C?dcu`PS~$zm4D3)_;XJY6FP;6<+_v>p5r#aPph}7xmwpqYemfhm?a9R;b(S z2Jzc2JAefEuf*0{eBkwT(Po1;z<{2~t5+P0c!__7zw;)uZ@CexTpD{k z$DlGwjo=B3`ib_WRADjfKx}sV1`=6O>D8o=iFpptjbhq_&H|(M4`hya(y=@0*$>mH zaMiYcR=3Ct3ORq41++0I78Lla#QbW&XYQbbkAhI0N?xjqr5olb)PU$+!`&mEKh-zQ?HquDlf|@wtouZ~HRroBH$}w@b z{cMwS+BoaqVfTUFD_5(*(sEbuES2$_RBb9=K7d{z+CB4lz}K0d;CVMtc;32_}f@qmyeO*!>R>?KKo_$^r-l080aY+tL`g&MaE& z9wG|!XRdadniRF!%`)+L>>cb9ZjLMr*?CNyOFeo@HW#n6N3X~6QR)mH0-%Qfh(V+t z3VXOkF<`(7UEDGK67>t?-b0LEy;bxruNF~SB8fkSPuwGPZ0Ez&?hqQD?1Y*Cwh<$G zlGzbGmVr?8zZF@W{3rEaq_;$SOGJD+?!XuxC{v8F{*|&$8+k8g*FOJ%f>zUl6N+EqRZii&4A~i&X$40)+nlyA)gO z|I-=}4*a+IRd$ruc;Ud0c1JvsOi2LDQMR(URISo4o!rc_EA1?w;tCES!2ABggWP3u zf~=v69Txyp@^=2G+T&S^UszQ;xUUecRRcF5%o}GoDyaVl!|z#wF3>|eJMGhVnCRtE zQ*P0ai{shXNThu6D$sNf5S&C5*=n*O{wL(N&}fJ9Dm7g{?EAZZSX}{L*XVQoso)s1 zOA2Z2E>7wMzaiUw3`9OLc=1?M@Al$n4T2zXoKLOrGfRNt25NeZ+%;LhaknZ_yZy$q zGr$Je)Ej+fD)B~1-u>ExV9=wt!Cqd>Qx4CD6776RQ+3;M-pYrSKxDM2ZX4( z=%p|fwoC)$1({nPH4AnW-II9&4}QHe`R6>M?kYZDQoR0+;{TL<3yZVjK2W{E6(T#v zfFXP2kld?h+(~nM@-u1;d!Jg7L$&Jah!!e;idiG*pfO#WL>u2Q&#YUN9#WmuSf^G$ zBW}bsLFnKpYYv10On#lw&9w#fmNk$TKC(FV7s+bY-^L1pSfR|F*s^0`qWxeE?DFq; zTDMh7X%xJd{zM3R>#)lgvm$oMKyrT|!jHBW82%`B_>LF$T-MJOJv$v@bNw}l{I8VA zy}^OTXDybRe6bg5b$B{~9&cmH1pX|;bFQ<>He!DFaB8AceGHs zsbe9AlRV`yCIs$Wx-v^|KURhFk*nx0AvfWBwnE~`zc}g zEf`odwc-Kxmpis|F|;D{Dpqkg&1UGF%ikYO8_X8Q0jc91|Mff=ibF%(vs%Fpl|ri% zuzXfysdcD9-O+&17Tyes1o@QguIU%wpvsp!FtkGO5Hba@-Yi8D*){J8; zme$;8CU#F94M7vsfH7pmSY=C*fVD;!UZJe??;?wknuYJRp0p^t_(++1hVKV;2w^XnMtY)?qvp3kUt^`+knzYudH|+ zLdr@v6XKodCAkk9e4blYjk~{9a5G|o7Vk*W%jBle! z`X4>}O1|7$j6=9TR6Kf$F7Z}GjHr}4UH9s#OI4O~l|+xg%x?L#4u7^|CUJL4LQngYLsk$+`DWmIbh1n7#-r_K+C-zfjX@|J^8sW9220c{Bkkx1m zflAAx2(U5DyFDu=9bPY{Jgk%-`vkA-j1%~Yifo4=)!jU2mhJI334ao86S<9TGaW&x zJSBg801?}KP9i%5QJvixror)v>dlyFw&?fz$vQOc1I6G`$vQ57AIe1C0o43f%(aD& zuJ%g0c}VFPb~AyDTSG*a{)Tv9OZa(sN&@tp-&ADtNe-@|F3n&N_wDgu$Jbb@)3{0Z zxdJr(Xuc&mL2ObAerRG7fQ6wC1F&`@)j!M|XzRnnaM&g|a8ccRRC~{=9>gIj6%?Fk zyznv=IOz1%Wu<^+!|Ii9YV_v#JjzL&R$U~ZjKWB}qaA|p{TY&SR91>M5Qf-!n7`+H zFw=w*s*PiLJnwc%IGLn2S2+=wzP3i|GQZ1Q;8u+Ox~}H1>-*<{&$IJ(;Uoxo=b1pz z=7@j_g(vNGiL>9=AjZK|mkfQ|aDca=xplKR}7A9~=L+%u(6MynGp2JI1r6UPoANtnS zJ0VB}M+#2Tk2wBO*|GD}GXnyEUN%DvKz!XRe%&7qh|C}^mb8NjstdqR>~U6+iv1;P zt7q<}B2|O3NCNx1cmj3@Jb9CHU1Hk@Gl*XzOv`pk9%*Iq4@LN%y_&Rl!xNZ4%1xK< zOLOB@B$ZQNAoba`EUf_C-+uf2a|h{hdHS4ok(JV19)sQQNz5tNMZT$-UHX?$zwIUX zc!eb=dNvwr>>B+u%mk5B_S8dZ?xeV-Vm^xXQ&vf~C5Yoh6;^+C7-F(mx~;H=&Js)W zD(?nRN?rRx!pCX58pI!~x2fM()!s166U`~~g&G}H>bT0A_Zpu~(YjEsQE+ydF8s~t z5Mo2EbHv%^`TZ?m5Nhk8GvqBDCHY__TXs0)`#|suq(GOtSToe zMs~K~5ef}6=m~K|9w#0heL{sPt2RRI>X)kw#{7sx!zbGpn967@{h+iuTN-FJ{G8qL zybEZ_Joz?j;DfHX9s22e}c;CX&fUDz#g>ISyi6aJud{zLwXF6a;vGUeI4Q zT&4DuFN0*3Cdpsm6e<&pr$P%P>H0kdE04p0M2!1oeX<==YNs-JX2|Iu)oa||-wyCr zlLwvABYxOP-H%op_F~YX81!Xb_54>e;sCi`9Ewl*=dGj3BZ8!Ds{X0c=P3Oa9JGqZM$^U4YA09=>O49}|B))1lH4FoS1)xOw^>10W4h!M8bbN{0G>A^b+f4(WFz>CLezXl3$+d?WmsKM0t_B4ccl48L z*3~WQGn+Cc(rS<{bbi*b!y9x69Oef6z9BneR>aEZu~qXg3lA9SenPImu12@P*ENoe zK3PaxY|9>rDcgin6%h3j>kUuJ9YT;|Sng6&;xv^?U?X|0$hUT9-1zZu){<1@UanlU zYO2`id1>Y8wrLlrw)f`vW9V2rAd!>&851JHP_rh>$=ly7n9c{`EiFYS8^B9Zvap0_ z1TzAH?sV)=HZ)z)W7*AA3d9w8JO@yhgH95}^Vmu=Xj!ZcFs5vg3gHwav#6jv#2G3< zHcI02@%OZPl^t3VeP$@4?Rg`J{wCse~RwK@)4KH5MN7nd7NVr&EL8>seTLtztDm?}u znHLwEkmsnDgWr2obbFH}7A(=>F((h5511o=943?JQMDjgXE!{&wZv)ZBbVoj+#j-K zxzv`mKO&Bh8Vl@wD%55TVAVv+=n#=i63rD3MW;70XksE_r>%<2@PZPc;*9eSA&Pom zrRLc||BA>rSz|e*tKPRlWlHqszLrYC%R3;-&7ln~J6K^ymVSZCV-T$;t5nw%5?pbr z%((tU)Khsca*wuXMsaae>IwZ941}WXH^14(%VG~FTu7~Mw_r(N#Yr~OA3;L@qyw-R z3EbB($}Lg(_pmmogUGra;rDqlC@wb9CK| zWsC6FeFYJkF0*99l^9 zAy^G*)I+`5W5p7QGytbmkSXp^ z!bXZqjWOJi3lK$P7Jdf($s1&voUZtJ!*JCqkmsRlMm8)EX*?ZuQTbVV#tQ!mmi~h$ zsTO#`7H`*3Vx24q|>(hox70O08N%q>O z&MD?-`JspCP+9ZqV5RH+Ro6t^$yF+N!D!RPfU7l7vw@I0fQFlp@KXZ9hvET*PFaBE z4f}a{<%RMCA6gr{Y$*8_;t#LmBqZa_40C0cQ3E#N%aiv09WAD74;oHoHa!9d9A0$_ zp{7%m-9FLqRh9mX113<&xO{4}sp}~{#lvz-^6Z5NJ?Nq{YQi@}^6-cULpww+qylrJ zf1w8OaZAupaT>FnyY8|mq94nf#ySrxIagH->k3lS9)j|Jn9Z_pj{W%ywvJW@%j_nv z!JdSZAr2uXvW9%%&yzD3i&ik$>Wlz0TV1r;OvH??Xq3w@A+iA#E9q8^{6d+Q%>)%~ z2E{*U2NPNgdWhDrY+hUqnnd3&t_YIPdE?;gi)62kyvzge(v4?_RJ;Re$9ho2d-);5 z$6yL%PG-yg$Un2kE_Ymz3xcTv?DcgiuBmwI#*%O%n-6ft&Qug=y5Xn+P>&U_GhK}% zhrV}NW_})xKS0=2^k}^;JHoYZ45F0kOM`WBPLbS|SIXDbPcdrNLXkUI@+*lwgH9hG zJ(6dut1iV=&$btZ65j>kg)dl*Xe>J6&sVE|{8%1v;znGHP_`XZp|EAz3A{~m$7D!C z&7^HVwuf0@J0)Qy?rv0{$0OA=6^D&ux?WWJVN(aYCR&Aj^n<%pJot3)`fn^)ZGPt!Dh>MSer!7BYyox@C(7- zCb>zhoyPM~#pkKUrT?O=9jRqe1!C1R(U~$Iw469cHJj-<_q-?E{w;^r@JYd?wG%1 zlU$fFyA(07obB0bsscx3|AKK|>^aCq2~!K1xtGHA`d!=t$US4Pg$-fjf-&WhtWJ5uO(g9X|`Z`oqde*e1^pMm&RMjjDv1CCwn!(hchhSyqmuC2@0^&U&hC;)W zR+;P#)nn6zE_2hcB8k2>1``omC9|gzQ{0ltU0t4LGu&q!}@nNnm}K9qUwYE$h*xb~&2t zQ_*(=>%D4MY~^RSu^M?NUJf*&j_o35nCLqlDQ{BVgrPk@Fa;KKebpOO)~o7sY(2bS zRhnP;R`ggHr_3pw1sX(56d0|Jnq7J+w&vgOI;l!$f~pK{ zUhQXP+Ok1wSWM3t&vxBVc}NJK;buwqNPr8BrIm0&`3_nKb5ux$2ojp+7SggHeIcgY zEwW;05-_ng!Hkd*pb~9w=u<0Hj!hlc@mtar8-L!QsU`CaC$9%C;NFXlb$zx(}# z8(K3mO__#}kQE&o5ndyp;gOW(U9Vnp1_L4m>|{)CFVy2jiErid;0NN?y)GnW#)d;c|HQIxQ;~v ztupj*I(WQI+MF*sq*^?lZ*Apmwuq98Y2IwD40Dl6x1b{*J}tSp zVa76%;;ulAbtz+{y!Um7HhYRvi^Ma9&Lc|a8jt<`V zXRm&&FmgVpby~@lt=}b~Q&HekSZEtfU5Td|>vhwcvGlS-qy@rMfR>_;i)uv0bbNp< z+A4N=SQ2n9$#Kgs5pWd}!%CKQVRO(Fah)pqC2(7Oz4>C**69@d4(kusZ)j@jJ&4E2 zQ7iJ5Nx5rjhYywl7T||b*wd9{AZYr~urzU(SlSH*xonY3PAi&!))@H{R*W*rvJ9*& z02~Q5QXVS}xy*`D0te+rSvFm5N}t-^P-P}MV7?^U1Oakmm@GCvIwS6zIq8mmT>Ll6 zz<5X^5P+R}xtpsxKVwwD-AEuC2omwp7NaeTNv!xOq{-BE@GGS?L7mrv2ZSLGTx1xh{JSsA3ukWgHpL=~<%EXPt ze^IE`jJxZ~6E3wt8Q0F>HT6G*KR>n=id8I?n$rd>?d7gz|7W~R^;E@n`()Gmh+|jn z0JmkH1)0I3P1A7nQ#Abq0o2#bz2Rn%m7HRh%4FMCPt%g*0h99k9B|H!y4o?;C*>D~ z4Y6rs@H|VjbfV~zpdO`s+G>8{#nHEFtk0K~7*iYy`}w6NTmVAw!}#epdme;{f$=BL zi0gRzp(g~@o^-lbOsLMqA=?zE zc)BG(=koprn7?Lgd30pb^jI)}aX}Ho+M{3FZy>;!e%igqn@N#G;Y=5%U-pRGPCE0) zup?fzEKJM%J+BIds!J=4dps5&h141yXPDI7nBv$W7Avb+=h)cug$L4K4{Cm2dg&q} zQn)OOi-FF|#Ec6{iapBmiyu}MO1q=p5g2T^%<#PEO+XV6%j*5W^t0xkxvREUw<_XS zjFR*#aC({M60pAm3&Rve4EsKZCzSu)p`ow$xm$};8^^}x_=nW^Z*e)#&q(#o>YbQo z)rMNr{7GVcp-3&Gr@lX9$dIG>=&K$D>a2s;7Q>!N3*C|+@24cgQ(nA?n=j<7`wiRY zL}u1(F(aw8%9J00whSd5T_Y+;n<^`HBH-MmMfsp@xO_*vn>@44(3k)eYW$-*&jMR; z5CR^KAWbZhrDG)zu)h%xjYP(sH2AS@B+yNO`e5uMIahDZpHgi7g!I%5EYuDgT?FFo za}z*U*Q7f@vrbM)e~7YEyyg#>xJ=lw>Yn1Tx!tlof1+P~Am%mb!+A}P0^f9pV)Cm>@&yE@Vs4ciy z7(R{JX=bR86xVen+fQ4!x!C}2FtG7dwA__MO;|7m51#a9Y@>K1^l+Y6=%Yqn%c{T( zTOoc&8-;Hw>nQ65I%iZGrqW-y9mO&mGuZ^15812=Zv%%$y(gPo`XRN6hGda#bZN9O zNu0m`@To5n6RYK|$hk02wRrN7t6Hs~GOK-Pkl?-XNpbZS8DO{a#ivQ04MjNHOlxY4 zjuF^&;`Jnp82yrs8tpK~_{pAo?s9CUJv{0eAT;&;g%fbR1SZk!`x_06Tzce$ZejmR zb?URC4fvGaVJqWydZH{kE~-g`R>qnPRZfWg=5v!Rx6tTr$FS7>EG&5~w{53sr~M#4 zVs7%5n8VoX`k2lp<_O~OENQh!2Ca@iI4{k#D@CCZw=)Pqh!?=UTpQ)qr>~6`eBC~(hc#_St1!ax$ZBA*9}$6MuLv~4 zTA&e<`~u=IRbj)>c)O=V~H`w3^y3b@yDJT|OrPWt`pPOU}t^xlv0W0(*d&u%p z=f?d)X2fqNzamTnTN`)>S<|hliRkp~bxn?TSS&AxubExEMEGO<$Qp;QIx+?H9)0*T zk>#96WR`c0s4!(Kq;X^vS))0efdN@yB=%5sP%ts}QUQzARvGXyfIGW@%$ z-}cq3VqD)!gAevQfq4PXIyZ`qCw_W52kY`>sW_hrkc}E>mik8}49cVS7{SID5B_a5 zxM)$-D7Z8ngDftV*Mnh$_t_UNn|&9d&zc$A0{0krJrBc7JH?gxdG(L9tHLhzeYi4W z2DFXLf8m(oWfq3k^SfRQqe0=TQpUv!MfauIgcY!xtXAX-f>#e%FH_%l{gG{DP9Sa8f|6&{J^Jq=DTy-(jtG$f=z zU+%f3OcMA_HN=>ucZRzbbIR}EF{3z9j7NHJ#jfq%W|lWSf1iq%qvpjOHAcPM7m2kp z+2XE;J!c`RZ5lwQf}ViRnD#r7vBZUxcW#5gkvl7<_bb!RwCUmx>beF+yBp04Pqd2@ zrId9&Pv@<%?X)P9`#6q3PE6|6E6Qa5`SF|O$tbQ|K2O7|=j02GvKFR{hFtgA<)E{e zQrZt(0>#j4DilCcfv!DWDK?tDtOIt1V9K(rrNUrh<#8K@l2T(lhaxl**I8**R)!pR z^`8W*vKH8}6!?OS&PvOvZSkwS|NimO_Euv$uIfd#&dTqm zY}U)8-h+Pv`|HK=NU|xG8uZr2bk@W>urh`cS521&`thoD#aZTx==MxlA*#Z~YjS}b zi|)|U7BwSl(Mmrv%?iJCpkCy5Z&&+yDUpsTZsgpLCD<56-}Bn{)go*UA(kCwy~UkI z-A@X8@TL`HoPEfpB-NJlS+i-s3}cAS-|l?RDR5+TI8lpIkF1i`U!EALv|14hT8wNB zp((An;$OLD98h3j-%bjwxPSJvbe2+;b2w{oF=+7y+XsVI!*Yt{+mGo)Y)iH4nat%% zd;&-S%AdC@`YEN$k7(0U0mv_3Wa7tvBtIwo%zBkl`SOZxD$#s7T0$T`IIH7~jh=to z)ZXB$3^eG}pgPm?=RB~@jbU;`NTC?1X0%IUM&P>}YU77-U=q6e?f$-%j>2yN@;k9) zLfgG(L)r2|B$N3q?0TJo9}%t8NB=1Ax?EGRe8-dCo_%cvbVz=fxt)$2&N}#^WY$jf z=k09qiIj%jW0EeW9=13dQ9f4nQzd%cTuPGdrjr&^kx@Br*1nJQpGde2#oTeS^hZvsu2jp%Tuk0@^!k z_n@Qq&S@<%IzRsS#cg-4>YA-F{qp8En_^LHY4Mro-nx^tPS?vHr~XIpEK6>ly_<3wT^LrSkpM5HgowO#OSALb)}5(uW2Gaid6meW~yh|FUcn$qTg} z8!cChRl73_mD-2Cq+ZmBmc=6$G>OemXYZD>D1mLGY*28Rz-BnQ1Ui(e+k^rJwnPRC zHf)w=f8n^YcYt3=_Ku#j%2f5ntiixwaZV3n)O7_rNH0$oJE(~8p3~P3TSv$xZ3AMc z?USUr#q!MKolWv|#G?3ML1g2G@ZEKTTugyjm``pIa0ZK=xEHanQ_8B2iJpaarP{FZ z&5IzD;OFT8nC>l_iqY=psqr=IawW-TMuX_ZHK$ji?SY+W6$6fY-)xpI0>$3P>KQeJ zxX*g`@OxZZfAe2=`iz#c{AQ$gNG$uA+>~G7mm;h57PQQ1!COZDl&}RCT;+spVL7eO z+HY;G42%dLUzeNlnSs2CIjnwMr_UeMjGENFXvxc1i>{s9&d9MJct)UXYiJ|zlkZP( zk^JQ&UXc#?d#3P_{QBjTK91{gD+%wl-@Cd=_s8^@6m~}siS}2Dz^>b_b~y)E3(g)g zd{~xVt}e!df8h=(+SE;SG#HwxX|NB9UG@K6>cv#wrtN1A`qr;*iGq?zB52%B+w7JP z0Ch30TR-GGMPOT{CeQt`g_rOi3X~D<4^ZcyIVTT=;$1ls zV4;|}4o3tUM}lHN2v#VW9C&#QgV@A`Oco}R=viXHshFsvXA9Qvym6SyK1j$)1TV@K zYO4kOh5MuNjD^6YCq|6(>bfzVXR<+}K|L~E#<{(h9XmiJu2>Hfasv*|oGPS`rb!Q> z&x+!t3~_19ZS)!bvdvo$DTQcnHku0iKBOP!DA~*Uy__d8s|U75(7boUr7;;w@Wmra zzMo?MvD#Z^qE`h@yq$-rdfbX^H^hI19ka@DSzYqV78s0-)VYs-QlHMqo6SQQ@RDo5So!N+^yR~E~3C% z`kFj2Jh!BITrtGPU>jvN!iB_Ml|}XAXV0ovjk;Z?GO@rRUV4_Mb4F) zrSAQXDyR2Zs{u)o2scJtv1zE+L&TMio6n^KZ`18g%YRBmmHdhm>yW5!{n#QBsH1PV zVx(t0X+`>0Lp=x~oda^Ag~{?EHsR}NlONlMz)Jj_aYxIKSqe@>meel=CAeO_fA=wT zy#D9g19ID+(E6f%Yhhx76Az}`UDeO^EI;~){mA65Nr-iYvV{ck8<`DEwm}R_r}|zj z)(gv52U_2fm2d`=G*(tdb&)UELD@Ywidj@Q3ye%o`O#J*PT z8qz7NyG2&aile0 zriv=txy0#}T5q$wzx#T?+v9MPouzZQ(sbu(XxaUpxX^u}qNi-TsGsW5{b({t*mN~F z^cqndlW*i32pRb(?)ltbI0q1aeKaUyFd^i5Q`ANR`Skj`do@>%HV+)8;3+odAVE(r z$P7x1E{R*ygi^ zlF*df(YysPOB9y~e$M9Nfy!Oo)tQWf12H06eL;}v7Cw}1dyjr(Fg{X$aOBXuqSW?b z6Gcz^EJgBQwqX1CJv~SO_^@^Ov(FTkNdF59xoc;WW%!q z!_OcwUs+skzUiH~dV#4ZJJkFmvg6TFuXnPb?RJ@L?apSU*=3koo1p_*zR-tVj4;?J($VaTLEsb(E@191dD`D?+O6pMCO6$zbdluW3sR?rYNghv0m9PKfn zU$V$O`BwqM&98rb*aQy55XS=!z(7DjK}SRaju%A)PVs<;LqNnsLdK`#3B~1>(Q@x2 zAflz0k~S~hA_QCV@>zH=Xg8noLl~`6pAN-9gol@epVf2OnNAk4{c3#u8+NNto{9li zpr|a-6(%XGYy#+%rIXXrC0wf8P+*HWdEy+q;o4TW=Yh384zopZD3acbLlqy6&$RXp z-ad?|ZukJf(Urrp`LmTE?20A%a*2bul12LT^Ssx@~6A#E?CVe44#)!sF4HRY{8;W%X;Hi>f-yR{Z9Lrit_*-H5Yt z4=gKs-flJFF7G0xD;_w^Pq_H66Qc%jzm?1TfY<^CYdMH#N|aY>gZcJ1{q`_w$}XJu z3SI;~8>hU$TR zaI{Yw+U%g%8@;0Y#~~)rp#S9NyE=>_dZ1LDzW5-~N{O0^&Wo?P=qDixvw_i&5x;{J z9mf`AnjSYX$2!6DUkxtA6bz)_35Lf3;dvDRdo_~xzkOS-{kq6c!wFdT{wySNF(mq9 z|AFMd=9W+K*2!u2^y$^LiQRS3{qxp)@kf%EkJNwRF#o?#S~FiiAuf|PNCS92%p1g7_-joah#Kyk!F!l&^sCXu2$|@ zb#U&qu0rUaXRX4l3AiM)GhWFX|{Zrf=Ps8B`BYX0N6Oh-kLPIw?Q-NI;2Kb z9S2n%{~n=Id)>s6>Jz&w$s`zxoiKnStR0L7$2^sF4mto{c2 z@gevxT)@ZG`j8+d`1-QGy^UCfVrnmiNfE4_uNaLFe^ei?K$0gyce=?Z&-SF8SepXv zEWy>o%obqFjue;FuNeP}!;c0;wB^2rYP1sW20{!vWh3M*T4eS2=g`clnnc zx=6rQy+mAB>oxrzdB7K%FI9du6Aah0df_fZ+L8gAo3=1{BltG#jk@aSH>Z6!mujX6 zpZ$S8QYHEensZmFqTfxy&xe_Kl$_5zuB>2M*%R^oY~{W8^`AhT40{`|(dQk-yj+sg za6)BJ#_}^*lXwPpc%fz*#v)dMF2sq%yKcSm5xZPXJNOLPSb~1F{9cN$?$dWK0;M}f z#)L{r5v1FG{33bxZr5r;2vxv4BhVa(6iu1QBAHsUX5{Gjdb<-MvNo_BLyw)dC#(EG z0!&#Vq|01oVQzTO!BE^S*^}fdKGcS5RXTMdb!}!i`9cc(;Gi z`bwF&&nRpvln4|fX*eESuSa@)BEG!zl21LjB<8LrWyk+35m4tt5Laj7?~Miz^tbJ$ zGe2Xpj$u$99O_ZWqA0&bwk+7#fYrL7aDvU%8As7WM!N@P;9^ubgeBWA3q2hfB;-Dv z_L}vuq>!|$zHqL-I%!vJQMLRC=Yx3Jb#fDSI^W@C>^;GB9>%HHb z@L$wos$%l!jq+gJs%z?{n&H`$nwBPzQ}u-DzCZqVuF2w;STh>dv-sl%T?<@5gQYGRAxTGU8IT^>kAz#K~aH`WKJyUvB*;*r3o%-UcEE zL%qzB>VbWL@HJ#B%4K7-|0uUmR#l}X_5udrH&?x|Hp2ckAcK)!Tt@@D z<7!6(vOT-BA;t{wg{aa&T~jUtxY|^8nV6VtP@rsd1A#Dh!a<2_9mmtMa(x*qDk{rV z3}JsmFfk3Ngw*b-t$nB|H-DkorwW5ADwaNfz!3%w zN??B5q^8^-uLa=q9Rzk2e#W7Ik@+-D`)FG3p7M@wR$N*ApQ7M7@ekG2HN7;YX75kG z!ldg>LB@rq@_eGsJv?Ndj8f;?~$uwmZ8fw9f<$7aqo#^4hA~I*EgNx0o_oa&JHr#_ALxUGqT{nmTy5Ccgb(%)x ztRQXRfP~xe@IvC>>ByXz;Zwi~-7Q=JH)3+hba1u3;svc zgL4soXz7DoC8YW7eMNpJoly+K_#GO>ti$8!%PUI=N%i!V5Om1U@9G$TvnSWfJ;BUZ zj<12fy@RWCyx2Y7b?q4D{#&*Ufu&P;9hcms@%L8-|ECtp?>kWiov31A$@uZg$s;e! zg-6~^o(R0b9p~wpz_syd4DHQ!{X-j-xfK1Y_XhMXY`#A;Jmvo+O~4kW z^!3L~9EeTh?85G4ApM+mGH@Usc*7y48tKf_{iAOv|E!%39^VYf-jP}csy$0F7XdNB z2G!g1ufLvb=P51%3DW$$jx23)fa1siFNmydrM54!nYre9zIB|t20mE+t_i)WV=5FX zgpF|V{BY7Lu2-{_Q7!d?bmI?9{cK62FCoqIE3h8J)x6CovcPf9D-qF16QM50UW#*a zE?;IXn)~^N3Er+%nCk}=x|`N(s5jnrLhe_(?gPtzIyfH1SR9b%*oR-9aWo+9mzJ>R zOb33S>Sj<@P!^xMq2~Oa{ya_`&{&rqA6p#^A$l421~b82u(o4{#9XgpE-&(}jAE{N zonJ_Km5p<^e3E~HzJTCVbHuy3w~-U|rSM+S57Dxq4*<=J-m!8TAkD866qHePC>rfhp3rYE;&B7e`aQQ%fI==oNxtWQ5)d!tIhDR&t1gbTVMYh3z%#A$AGK zd2f{!6qR95;@q`&DC@o69Ynk+vrF1_;N(M}#caOV0MvrG3t4RFi^;KCL;8##8s9OZ z_L?El*9-7VxJfag@@U5|$1j%9idQ)p+5=m3Bbg&C`5B15D&>CfR$(}9GIZ5K? zI=)H_8;qNypGhom>a2NIwMR#enj^~ktv5kgKi zFRm5m1YlB@VQa{im=+(Dq9`X*;Kw~84`=vl?)7L{QQ0%iWObMpS_D&glF-}Q=HY38 z=rq=c59a8)x%PBagu|E*^;X$NBXJq_z9m<|Ec^Z{vo2K&219+PELfvYoYGGm{i`9B zN1mrI`Z%p(G|W2uaiobAv==F_t7sSbYn#hI!AyT!Co2 zfwAw-4hMKWBW&m8=D5f)JY#^J2A`53E7*L7YgU&l4-1S<+Qo>w>6GdkWI_7ztqjTE z4aP~GKHicJX+YJZ(HDDqdVKVr+4vFWo*pX4f^=GjbW8zLY75{s0F)idO-^dnNjbKk zM+=JH1v$2aY9tx6nwseMLNF1mEfbo=B1qWa$D27Xqv(WCS=WjVta0ycUo7-RWk?=d4KM+g$7}V(V9T$F z3e%A(quM~fG!ej_L%&w1=x5s!7k%>W?ku#{ye}xm*t#)dbY$P}y5$qo1<)516b~2z z?Kik%yF^f3gBOi9F1SyuI=66B=2b$vMp!`sV;Rnqv-mIFiT~LxFgyr^o+W|MGa@_^ zDl#e}A`&7T5PJqf&v?LL%=mP;JW{e+p?$R6(&p|2MD$=QAo$Gd!EbTOklH*eAfwI5 zr}GqiMtBN7hq&Hc{Q3E~@q6!J^5Oljx%W=0?R0j2aSuXQ3R7E9T%*Rtx;ww=Y9Eb+ zpF4D+6tb^K_Cs2TqY51n`=P2RR{9M>mnX#iN5WJx#y;1#Z17Ty18ou zN+CC6M6lh*&R4g7oVav)gA&Y*j(_3uE*o$DoBzsqtS(*rfdhFM5bvs(w#1i>*jXYj zzws68tlhDv~8|^2o~*F za$k(}B{YW1aKR=|KM?-fZU%e(<=iNG@iUBejW7~vnz{kd7xiqu{}3!5@X_zpZQ$?M z$1vhQJQ4p6zM8m0Q}PX1^0h;nhJiCVE{|Z%&Yht6{os%6>t>Ln8`JIEVz==t zlKH#W`tLqeubuY}{gK$rJm!L4-Z%a~lGy#>e+_1u{~^p6 z*3Dn?Z$N(3>wR2=T&7YjbS&M9y#B%>pitdWwOTAO31h?j-Piej^Ot)Ep3NH>^+(9t z#)UHJgTkeHExJvs@T z-xyrgPaEmdEb&>l{V@C?vvT>+&0DVBxOk4{*JCPAuG!mGMCuvlcP~^SUstUNCXkj; z6V!R}=*m=V6m;+hSaT*CmtIzhm*~&pw1i27T-KY-K^{?UVaK=@IsjeiCh!3RxBUp2@Yc3sQVdA%%Hwv{*WjZ3I;_URE|UtPTABy@QF zi(PzDz5&?ipSK~4!8~3)XJ4m5rZW2v&DtYT*eK_9198D`{meC$L@pOaR(+GAn2Oay zvJ@E7lcpV=FZZG#4^w(UMe#-gzdbvaL*yhOwmcYEG zApe7J=G#iu{)JmZTXNj4!_sCNZ=Ma}l(8()`#bjUw~+ftzYt}0qmU}-J&|XKT1fG& zUUw!Jrv9EoaRl@FrPeaN?v^dol6sWPV$$GaRrNj2zwveiSZUG8JG=GhEftMU&NV)O zY5!XTX(J%y{H->29_qBLgy?$KU$|WM&)+(~1hv}$t9-b4kyFp#R#`S%_?CmlTm(@i zvX9*^b&q@+c@A0mnC!|}wO#1GJ)vqQ``~D65mfu}FWgMXl*5v`KAMjg&95sxQOP~~ zIEV;Wx3zh_7!gK8qneIeQoKn=W&*JHm0|G_hnxSIW0z!=sF_(Q~NJi&0n6i zx+OVYqF#g?zFj{|&^xEFfl4y{gRs6`pKI-s)AXaa*<0$N#IsDx$GqZG(I;&KInuK= z+`AL1q6l6)wHRDD5jD|_Dx|!ry$W`-bke=9C9<}DnKP1%|U{^o@y74_-VwY2zM4){Ohhxp4_D+4-#3zj(T9& z@7!-RCUM&N@)2~=@)u4r)9&qObslhBB6-+vADKBC0oN8x8x9ExjKY=`OX~3kG4P|4 zCh_~(zPGL@A;rhg=C)PR4Ow|Z_4)zz+c-j(PN(GN>zv*r2VudaR|^!_Wh?q?YXYw_ z8!8w5+CMURLxM$xpW)?oE<4_tExi2bdDT#Z#hg4e`O;bUi0Chzt`jg@$DxFiuuus= z^T^NbRUnvwfMd(*5!Qn| zxcChXlQnXOFXB1XlTxnJuQR@5XsUa=B)77rVIJvkxZ4t*rE-82)*&yLHaBiOoh+7Oe zSd`obs~sfpYs(K8X4V2OUkABGV+SD)J6yzL!1J~_Nq;&$fZ4&~c1KxB#;(%UxxK7R z`0hE7T^?!_3_;N^(b*`I_cg1U&o~DQHSlPeEf=-;2DpH_3ir;>AT2Uys|aF>IFwr? zB-R9)Ei`xv3+Lz^TioCB!HxKH{ZE$FX(?+2L$Gu(ZmcWfdqO?i1Tr{J<8jnI9#(b! zvuO)NCj{`eyq>qz%oaNy`J9(dl9GE6?4$L~`ZHF2TfwTa(cR>{VmK(}%(p8T%LEUO zzpGu^jinSziE<~RMzY8%qd=%){>hc!PQA|h#XFH;hd@o#5UTp4so$xo#4a3W{KYmJ zpAWKvm&J2edtOYn{Zxp0kAdRP3G;2bBy1(c;oRMD_#yddRl1z4l*afl{rvN^4ELz8 z$D@Tw*O^VHz)*|t(+S`(;1sqCf6ZYZ8`R*(fWT z`YT$yH!xr1h4l@w&M9~#CPR)28}h7XGFtEak<^wthMv+v!tYp=gyMq*;TsGh2GE-`4ddS|^3{9lK)|w40X-hD{={X)j zgLn>DC$zBTal>nGcO*JxH1m*8-QIO2#I@_At?_6{qA-1bYn2PQDauw%J9z;9 z6Q>fgRGHGotXp1kv{|>zf^?wgfR62kc|X8}g6T3!Y8~kBi`_zks#lpI$6XiS_{w~h z|6u%wiyASWDPp4$!;WsCgB-y@XJMd66j9GI2NSWXG4TuNQGdT4LK6p_)T}rZD84=e z8D2_@kYTSE2E64b;9F*>1tyvSLVptnCc>vCqBr%(7C>njpY)J{51a(eOi+A zZ<3|W8?I6%6BHB+168|HV^y>2>hhpi{ml_i8KHe71s03V-p~U8f0#l+Mq~_!isslW z6^!uT20E+;dMbv^k%?9Y#~;wy|6>(oC)TQRj$nvoNr z0l++`CJuOW4D!lSE6i0cdp#g;LcP55VIM3na-;<&rk){_O3}~i=qKPczFo-*U>FkK zhh4|@{nir2CuWMNzvz#Qw9smbgqH$1qmn5;tODQ*z)ciWFK@|?r*@qH9O<&L*Zw5M zRG%E!pIsTqj5=h3d;_$DMzu<6*wNMh!l@}k{z+m1Qk=BHBp>uQP$#R6GWm!6O2r{U++v8b!w?sGa?hii7Gj_tT07A{OWd2Q#08%yhIj`B z8F$reg*W-!I>C4|Bf2%H(fj;j5hj97@IzF4fP2#YYZhnu@Blni`0r1r9tx3(ma;s1 z4KObCq8;Lv$|T~JJ0r1(&c(y@a}X%VKP;t!4MUH%nf_0#l|kGfK>B(cD|Rx2ET&jX zgRqpAS#mm=L^3u^T-X~x9CV-;`!F_a3bpwh@m5+I#HE*sD?9;j*MxOAyI%<-llfpX z8{|L$cH5oET`H3_;RkNf3`ULUkHjEk)hdDpt+U zxTuO?_zqQSVpE6~P&AN18{ny`t8ym!x2a7;#bGE~d!3dWU^}e|SQ=y;omWRD=KkUS zL8#$+Ow%Y!h5ES~fYJEYIoX$`wlSNXm8(YZOT1)v?QO<5(FQ0K$JG%bnO3AaT+7*y zMaaP-^_M6BYtzOL1gUolI7*8_H*^? zn$&Z39h1mUrMUS6AX2Ku3Z$wQ(H0B2pF!$qIg^Ouf8nC$ee4r+E^Snb7C)fE6!Wr5 zo2V>^TqC7+)l8ppLCU|%Rz~!tUNcUn)OW|X6FQ@M!8VnS++n3U`?68G551pe(UU&u zHLtL=n4tNFk=YhP`Sf24u<+I&XjGl^8i2x)>WL(ru;t`+ilRoq zciQV%@b@8>>y3c4?ct3`3~YT9-BJT06xt;wBt>ogOy46kj`}uq=mOu zOox{MqT!gDI$*q_;q2$V@eO=Pg~R>k=JE}ge3o_BE@Z2@KbZw)R|P4gHB8a>pyB*8 z(cZp7j=B;UX;4Zvy(kM0G}^oxYD&3k9=sAixY0wx?=V0xwV4Pii)1N9o`6{N&a5vh z(9-EQmvsRxE_*gh5?B}kE@?+rq|~9Jt3RB|V*3^09Z>a|c#d>Sl>i%L*|m`_Q9|Sy z`cpf4#!VzQohO1&K_GbN1UW43(@+d$p#&f(vfkb2+$k;S@Rxq!7ZtvkqTR9+|?>l z{5sj(CT|{B{YYkD1s>lpg*R`$RmaFgQUc4g01daP=jq$V>*$FFlIFoqxEeBC!;z{kc95dt zgdrCesq?ED?#(1PJZ5Cm{XKvxO?^SZsG7St{k;cLW#mbJpQ z@aiJ)Sh)jSVXFG;DrJGz81xpQia?8?HR-etVzEE`TEN8>QdtR6U+B|tn2f~WSF|K# z1-uwBZ$&f=JL#3=RG2$ixTU+9N0tFe0elM!ZW}S;)lDLsvHcmQ<`U*AkX^W3qwSMl zXU-09Kn&MZ0}}LV*(o_38O;V<4vq7=(%RBV2-&U(X%2xL4tj%Lg(I3yO>esZyN0wV zi#>W=>iLcAXCYYHmBUpNcyY*BO-Wc40jeK`fe2?60`#{uQa`kqD?_XmW&@7L+ujQ_ zIN}y)sbl1*9hWD4K=bK^b4(B|p#Mm2KLaGC*nOtdoxqqU+6-IKM107Bs7 z9%OJPF9b$=m7=aQ$Dd5AF^{)gJw^fxsUE*Ch2AdkY$v_R$?fM<&nnCDQUpM&gh&)T z74#m`!!N{KUcy`}+ewL1l2sdqk)tb6k_XXc0Q^yy#{rtz^CZgv&k*Qx8q?OvTC7s# z1M@0$>7yFeVf}!@1zC6CdyNLU_gRR)cjNbP6tKkiz0n+SPfuFkM_ zQWi7TCs{RjCs`Zl?VLa(sk8uht>WC1&)})s@RgjNTofB4WfB{2tqAUN8>5$ZAa5RW z?i-acq;!S&t%wg(}5u3|We@K2;#YN~~*LL-pEaP&;8@ z8tSiqJjiz-XjFABDBeR@ptKC3qYWdBpPw#8Cm)-j|7?pJlCv5{Nz^j6Dn(op=Gf|= zAs6WKgD@fR>G}3%OKyz3xwXmhZ zb^M8KNS~ky*FJjNj{Y;etjrnx(1MgB#mc28k<+VIZR?Uj57nlWm|6A|COpDc*GaDG zgh|C(0w~J(%_O0gI$$|M2aeRwG|+cx0jfO}4}_Ni7=iFI&?WZ8H4fepL=jN5N2<;=JW#E_5()J8X zEp0~OGq-g2@-AetPa2Zqv+tQKIFsZaHRDry;(e)wGkQp~XCR1((V1oAJA!Cc6T;9ayB6KL1WU zvBeA2T|o1~*cMhhDZO7u_zh}02{W(MWCyRe%w?f+mKm1m*NT>ZRJrrRCB2?Gl;S*~k!S8n=tR}!wZf8BfkdZn!H-Si`(NX0jJcvZDdn@WZi+hJI2R$l^p63L;Ndpx;zo>Og2W=%Kx zrH`Po^FBQZAOAO(ioK-?ft-%%zF%IZIIn@d2ycbHP-YoDADiaqd~RqC)>-8LFVwwd zRGZ(|HV9Op6nCdM!HT;(!QG)qQi8i%akm6_2` zS1$23F-~7FOP4abV(i+N1ncHn@7RcnfhB(YIJ`d%+N8|qV%e3S#WP@0(rEgaBe!ay zY!rf%tP3zeCY{Jkp~_AZR1w_*u^uW4B+sCwj9)!bX55Elv!eeB zKo$?Q_$AwuAu7eqi#jjz{wi$D#F%aNi;b>+lJM@w{bbJZMc{A%fT%?yPfp}pkO0aF z3=Y>L7@uSS3Y6r#dv#cSnxj0=xNslwE9J50hcOW2@n+cM5PmwN-?LjcdM~1$qx4uP zB<-`*=L5uq7rj8@U8rRQX&kk(oPVEjS;TnN=ox?^asm)ZRMV^UR3Y?PrgpHjJGFhZ ziO#Qbx*P`HH{K>37(7^Q#tj6zi6l%d!jHi7b;4ijS{S>B>xQFpu8kj2=nr$V5kNjg zGeEX4ezax*747L1*7FRWhzJm=_Njd!lK>f@vtdt%Se4j4cBe<+i8S8oK^mo+FE%+D|2ynpFd_WvFvuC{WA6sQrRPJ zs>HFI`JjX(lv=OOUHP|Bz}Gj~57G}H9`12BjHL(?^`{gW92UPvUBA z^qBj?%(OtF?v`9hBQ>9OY?Ywn_QapLk2_$Oi*Ps67IF@%)ANK3ozutl!Px^7exCEx z8QL?^pW9^t*autG5}X4L7Pg}4<`wt`_X^0_E4z5wJ>>=9u&1)6c&u zx!>RA59xr^#U#RH(^ud@Y20DU!@3Uole&c$jikORxj$+k2MD~`fby&dvK}(p_s46G zTq)hvPju~R;>*8wIX81A)K$w!LCxlTdXe1|pmu4m*-8RxJ|OC*?f;l3Zv6$1+=+@C zehK{S=z3r45*P)Y^kSjZv8olq*$BEi=eikn+9?&s3_!qc_v!8ZD!iR*=lWS4L`t6c z+m3oz)}P|R;tB5;clt`sBO|xdO7tuTBa$DIxEVp2Va<7gknhINGTakQlqW$-rLNs7MgxujOz`4nB|R||>_<9s zkh197uj_(pqAT&r!2OOx=?%6uMRYo7Ep3e7q2WY===R_Y9VV^ymVP9l{;41sHpvaA zKyvoH4ze+K5_r?$rQ<~4PiQ0Fmi75gYOtP*cKa1pW%la!7rT>$$Mio)I8izt!GRz zdnvqKrdhy1j}F6>@t_7PeA0wUOgym^v-lh#sMkHo`dELNrIz|unVxBCQ+tinQdghR zR#UNTiulQe?}jgsS9W><(cjDvVECxu#uiY2F>KKzlyR%d1gu!GUb$`^5?_@!fHCyh{ZAn@8Lxoi5R2Qf5h|772&6RjNx)<4TzJ4?tsSv0_Q#jI9)`_}g&>kKvj8 zwg#{GTgMkM2oNC62|;k?W26TQA6iS(QgguD!UH?7wYU7knS~LQ`gbD&(%mJoMLCF& z>(cHd{|UX7=@a&F?r36-)$Ql?pc8{9Zn~|*HSEjuc3Ahs;WigEaAI>Cm+t6^&(WV2 zu~8SII|XDmkdfk$zp5=D-oIEECoDbab%21oT^0I+^!trIbpfI;PrrlVsYd*KVWNU| z6`XR+)-lQ}Mpd3ZIv1_lDO(~QQ>dRK0tsrNTSp)@-Y_8YmeQ^VvRRJi%*&H)YrE|o z84h(}nG9NJh7C+4{Ht|3)*kfX^!qPA(^#ha}{#rc+n^WbWY9p`X?VuC!I z=Z}^gdIuIvfd?XV{vug#_4l#f_QUa8$mC<@PtR~~to;^9c^;>CD!CD0>;1IKr?Wld zq{b6Ycf|nZ53=upGY3`vV&DI-Ib-arRnR0U&7`=`&^KHk z%eS)nF4TVMGLvX6xG4oOPfC1RK>$a#jjS>B#AMv^{hUVR$c>?2BX`yIMi%QItsN!) z$^hI;x3kDw<@GUhu-j$EXb;%wGAjAUA0)C?aoixpdkA;gZ#BEy$ZvR7#|!7tK~?IV z%~{YfR%Ml{0FDM`KL->FfBHzH+Eh%cTV)|j zJx68cH<}J<-XmGWmkE}-qX7QQ2_XMv(ZY4bY=8?7AAe@WX((^9b!*S5hy4tebzCef zmjoBL7CSgbV*}GxX@wd!!^5+a$N~oNJuTRzocxuipR|Tv5v@`$#JCrsoK%qtddP7x z(aq z=igc1EmE67fb11Xm{NT3LlYI1!s6U4FYo29W0dD`y9^mjeGA37ngfBy85;3qx5>2B zW{JBS*`?)$+ZlWbz0K`tAyg2fi3{vY1(A)@8m1x_E9YDSigXT~gK&w|>MSvk2lH-X zSnrzr$tEQa<#3g~$~H*mG`g<7>U$BBD57ZvDO!ja#HhE6)}Ry1E54kbWUB>grQ$_5 z&3fH3tn)xl9X&Y_&l3O3GLkXxu4ppsK_@^H%Bb(gqr#!K2%iUtcd)wAThBY?`Z{0( zB(B!@qi>MsNa+AoJ0%C56^L2`82%Y~ob`;~+#F^L?D0zhJTDmQ|HN-}5?hLsg@;1P zz68D~RWnGT8qTy#IN6&S3Rc{S0K2ar@UDK=LYi7lLy`rc`fjt@9P}l-7C=_1pOh2z zFl|44e11}40vJ7QaS6-+f;SPCC#Cu{VF|sVOe4ytuS3`@e+>ek>b&N(fg^Z*!H(ER z?y$W%wX_eIG+9Rk6?OcFXRm}xv$TUzHGaCAYAU9Velv9D&N3EO;uD`6P`js|?1h!< zGVUPi*Nw@3I>btlETxodWxZh5y-|yDG}wYBeA3J{dL5%qDEhsJS3V5mjTk5M*RcH8 z%_b!$GzY{54}*BaT0W(ZsRgWS?yr&^9qnCA{rZ+^Mp4&|RjWfGU5^-$xjjpi<=C?RO7MdAeDE zdp9mCtacJ}jb`-DzT`2smOm|xT*me}`dl2embosBr^S5*0?Rjza^@r`qvX%^Suk=L zn6hx4Q;jq@^b^gMWAWF66gA3e zd0a`sU?T$;Lzh?HbQuV*MB7P4L_)M=qDS2%&-gEe4?-ADLwn^r*z|1%npuTa-I zu%~zr$o}E`q=;RV*`rXm7ySS5(5wBu!(2a{?vwcSkAxo&)3YLT7ZQpW>RrG8fBcns z*KeAy`&sqs=*{0r?)4D#d6XAVE&WZ^gPRD4AjmXm^{t8HGYC~V`BMO#Qoe{yd_}&v z;4&(IdT~J{H?RBanhl!Mxa&5t3ZGfV`PmH9i`c#h!{+yb1zE?zQ*I(Ut2J59!1p3q zMeKT$76%SSljWry4~GA`bN%Q@?<7ySb2T$>Gtb)s#vRY067e0~Y8Hz0F|3xgqOE2! zdrnycNV8y#5@D=zsymZu?wYEyVADyXyXHaK%w2zWZeMDrI=$SLllz;DrXQU(Oz1Vw zWvCK+T<5gT*~K+fXB0Ax&73#RL#kW5^(A;&jC6fU$-gcT8^uZuh1;P=!nvVQ{rhbY zn?M(i;DV3oy-l0~{o>_*6B=fgOO_(){OEcqshBU>cvo}uQ$A?Fc&#KI0njK6hK0b% zgUKw%Yii(Daxrp96$?b2xT`)Nk9E*>$OI^hn8cgSo)(>EP7q{eb5Rm)aU9aO-TkCeKl$Z_NHahjK5paWwtmHFlm{y zYf84Z{cVw`u=(2KyPjcJXh|O)%p%#>h8w{*x}vky}8h%fWh{yGzwMWl8>G z*(Tb3;RV-&+@5hj->0Kqxq>DJakcymy;*02BdM!I+srBJ2k*M&hlP-vV5OepddvX$(v>j~byj8^E)l0KF<()iBlA9n%mQ zC~isuJr?sm09*CeeSk_|Srr^jGkjXeNNN@gpOvETgUK=_d09Xf(w``+*Gp=(a+@mP zEo+cW4GLT2IDasry?Zn0ZrHtwxg7g$WfP>rsLzh1rJ6U2GOBdf&myQ3kSl&oDsVda zgxe1`$WIHnxLosL(XZN<^y&No5Z8!1_p1l1@$pJj8wD|k#7lm_9ILl9lWWSoI z9+z%Aj@xJFuS(1Kd!ulcpG-f(Yp`FnBh2*QrmsD~RfZMoGLz)2QsrScnx}@z+j@D+ zOt=)sp0Hxok5s^zp6@&6hk07zVS9XWKcNg3!zjk^rdvr z4(6!lFS#ZVJv`49yX85oVV0~=YtyJgS9Ufl7;Ii#og9}y@-mj{WaObC3oYJH)8 zYrF9@$34-rSk1Ia1S$g^5LT2)w*pc6rbNTmeSM1@XM>;ST_pIpBn#BJ&TtWt3PgL^ z1}q;!gPzfp4k?K-Kf965bY5`KtvnU*0}!wfuAjQAer)}N)UO;|wa})wGaH7XQ!GXF zQX9&0C395Q&4MX4x2mZOR2N!TSed){m$OUR&cgdlDHatl8g4sX+I@>I9Wv`)GVjPP z2l*PaiwTfVmA(+6+r>Xwr_Vwz8488%^>^jm+g${gFtanEK(E?EI;%9W#b^$%ZC%RV zqAON&ZaLUEG=~GMwU}eCZO}x5ipLrM3jPGe!z@b$tNh>_1bo;NSt~J=+w!zKKf&Ky zg4b;XtkS`dba21k$6|DMbl2yrd2ndI2_j$kA~UTf?CUiwF>0oKH+ods}6LY zIITZ-#J~awONDnFhmcD)!6{KNYE?MK$Dp8BcDs~M&GH`WgB_^>)NTQ%FY#_!@D{rJ zYZ^S`ao-BBx>=9ISrt+$|LwMpiD=&9cc$=*JSIbXCZ1>uS5{*C9f2=d^*+2PF*4$s zq@O8`6xB793qDN2ft-Y~tT?a;5Rj{ipk><|m=g{^rpjxKp#^GiHv_&9G#izj_glkZ ztCSinRV5$Xy(SVb>YkQ2$qb1z@Lb`h3GfwAunl0Jb(2s?Dd{4GocHH2=)K>twr-VU znLz|&CLd()MOoRtvuaZp>TSqJErJNUCz77DNnf!*I*R0J-T^J{V`)m)CJwUK;a1(& zK>a%f@e4A+0Mce&YbkQT;;|TG^{QkD=2hB&o8F&d`*8ml6SoolAyD^XZ-A4gYHTwr? zmlV##92~R{{?vpMUEQRGgXu@gIHR9q8M2KZXcrVFTdb&v#g06pTchBzXs4shz)tU{ z-px?5hGd|2dk38LqV}Bjf}NM^3xuCW-=TPgBman(H3`^Vzyub2nG}-qLF@?>KyzAs z>>vyWXVr!9=AY>8ta>01FS1pz^hRZ;s1FtD%K1aRAL+USnmRiy0bFZ-5YCHy3+V)_50ALgiWQg82I&N^hj^S9BL+d!` zfU?3>l`()qea$NcM(=};uFF#QvT4%w4 zR>SDW0WSvn#e6B~zf_9bBo|%%bg!REE+U?VshNtC$CYN@L8&w}3Stm%%Bxw2Ek*Fe zNSsAW`}48O{EFkcX?h|Y++0oER<}*O&;NtOWG8UYdMnFwfbF^W-Jox)JLVa(5}#5R zN^%sUWUbH$Sv0fXBlHIj~Ci z6EYYTn3F5;(N3sg{BD)$&AvLbm23G+qI^QuG^@)lbV!9iNdGYoTopv;@I)vcQJY4; z=3g$npw}Uf3ahCmH**QkA&NJZ$16R+8GpjZs*FLceGTP_k9oJMtD77064F7888K7X zvMw!oRQWtAPc7%1eiPoB7&09X@CSv@bG?h}_3tmr0UID(?7TStiiXS?i_R=y5X( zA!NkAvD^)j@xiwQJH`M6;lj^_$E6$DDNbYz$;5OcL1idm(2*dIvnta!BJ7-N--L~I zEj)a%C%y5`DoeZW3*FrKrd06Ginw}Ytv4G5Ze;~T)b_cTH~sfE&P$X(KK7I5A=HLU z47>w^W15)*LGq^2)m)}ARCNHf>r#yKeR-Ma;A_Pcl=&zp<2HNL@(6dJx7553bmlhG zG;>I@9UpoAI7d1^(NOyMv0hP6ZPbl)Bu(DsM%Puoz~bm`DbK9|lBHb5tss^|cerg!pM==TN$ij*;+| z@WdQP>psJ~sMMr14}7ea0~cHSdB$U{dWSx>&pv9U9p$L{qj&#!SbH&Q^@^53H|f^k zGcN>G**tE1ZQ!gqbKvasfy3V~7U-?)@}0-0nsej<;&^Hw-`!w5*vfz4M58N_JgvAP zS9na)3up?7mVYQ}yWsd)<>DZmv};GCllo4UaCEAj8M*}!>g6}18SS1vtx_eb2HQhk zc3D+5sp*^!H(EM1@OY|1Y@5zZ^M4mF-}NSEPZ+^pa5baJ^UDbkgd<8Z2>^m5+U>$t zA4i||EoX)KqmgT=V^Ig`^6(L82 zTwS!8HK93zZ67phiUgo3F>1|(&(6a-VF!MU`Rh&0(58NkurN672Rh`dK!lfa_eMMh zj8Oh5&%TxZzdua1A{pk2`@ek=l_2}yI7@H_czOH3b2~0Crhoi;EX_}`(^06X{-*Bc z<8!THi&pwkgrf)lj0&nVA`lh%LMqODhu~}ru`6~|>c4+USsD!eaJVIK0`$zdoxk5X zr>+O<9C%I^TM(iMG}@4PJ#6~Zw-gjq^^ti$KijHK#I1r(-irm%qcSw^NcAoS2U_f> z3h#`vd_Y5IkZaHm!WMQ$Ye>B5i{`4JK=Hh7Hp%;kph67(KtXh86h`tv_&&O?g3EV= zFs+Kr^LEj@|MVl+4%6)o_IsqMDfstyi$?uv*{Mf#OJ%clQs{b`#w1 zjUKrqg(W`b<*T*crNNlJYlQX~MIJ?sRzUJ5(h&u?TyRxVJB=xrW5TeS!hAo+(W)Z0 zV17lhj^cTV8r*U`V6#}>00Yb?aLGr#hDa$2;*Kr+hZ;=DrKU}p6${@DoN9TdtZyis z9_il(kf!SC*(tv@@j=?cMw#Yq`;}3OGZm|=jYw!1N6R)a2foT&>^q(iZcX9`V zO(p;@XXQg1sAN=|cJ#brYRN`K>1oq+6JodU$No!uENPu0yyTMJ(L0j&=B6tf&#Z|} zgzlE!y6juEgDnbl3oZAtGPLxr8sZWXziZz0y1>JW4YnhZyh*JJ#uEqMnc~^b%JRthOSyqCqnq8Rz})I%hz5xG?8RR*BG zkR+Cb!XZi2M(C$PHG_!XF zH&MP61*}MXa(eoP#r<&yE4eQL>5_Xu{#_s)N^@xKw{*fyel{w?zZs9P=D@Lhf9?2b z#U2u;Nz|2I%r4}uSV#0@;iB>MlJEMp7(|O9_b-WOlL(-4?=)PL_749$w(<$!+j_A3 zMwfZc8)envdT@D@^FW;Fs(FuIBiKT3L`jv<&dCf z-1XX@E5I*f3l+)J+16oxRVkc!(GP)Kkz>WjoHE!=Ixx%y)J5mh+i)fb)$rl^?-1>O zjLqt$L2bfz(K6C?OPKZF)3b{Q?_jmD`p7#ml@VhP^9nr{678GI9Nk3*BmRhMOcR5r zm~?h|0ADFO#g`BwO!r|?yatoXksi(lPkepH9qm`PfmQ=FyvrKoe z4%&Nz@uFFJxI6PNjF*4%el~iUpzx{iA{Q z-$B{C?#IDh1>HNCn#`NHA|Au4U|_k=2nV45*!fwo=(D;un}`%WUz)@8VHdggO9tJM zZhbKgMY&c|!Rf~@ks-B=gzB@1WEl`1GxfOt`?|C!pp*7j8n zeR4w0=E2g2Hy86Q}0QpQs?{j^D&7cS*+6yGx02?bj@7kAj1(9 zwgMa`OGy6g26aPASC|$&4d+QgPJjQ5zrI`CX6A){&5#+q^2&?SGoAa3IhI+qzvz>%e&rqhzEG4eI5M(!U{LLpMTuTQv5;0VYZV}R zQ3QF;0$R{Fj(97uWtqweX^%6ZNk7x1(6tXv@pI{=A_-x|;@uHw-#GilK%K)liA=(X z41ZHWl8d8LbJ{QP*~lNiC~2Uo9Z0@CU6z!mjxhQVqe*fm=m!Sq+sbS{nLSYrT&ZTxDfJ3wLJRS_y}lKQ@!XtG zPEhW=B-8Og^K^W7vFMBR<++vOh#Y6kY<)bPulp>YqY20Q3dQ$HB<)H*+n6t=l)5p) z#CBYhWQA<(rVI5R{`4af_JYp_N_`_%@ntGgKYR+o(^@|4=86>P+;!%SF~FRY{O}q3 z-|9tC5EYcu#%59&qZW#8Yk9N+0_Rga=?x^lT0UaQ$(dniW3MaI39|LJ_R;=5*xvMg zwT2Q$1^`KiK$MLtkDIeEBDq7mfGZZLed;#s2|HQrlUew4y$MJ+Qz|NgWT1Lo=3c`p z*Rw4CN#{e+ORi9Jd$+z>I(1Ro(zb(x7;{twUiYJzc}E+@m+>E&otB7k(N~NM95xIK12~_L0iwOPqGWS(plvG*Q-<8-$b&nFIG1 zB@p6PlQcC8pB2028frWi#RuLU2N(V=4MCu&&?Wt6F(o;(NcU>#FiXv0?Y)n8qZ48) z-fpa#8EBz7YO3k`y(aS0?@bw#;>)=ww$Zu2*( zNQ)c-yX15>3nXTAuM6T0`tIsaVJ@wLD~tN{Kk8VvZI8@ht!{!YxV zaO?oA?d+OyO~U69RyNl4K)Z0>{zTixH2`G&gM=_xGDar3OfXF4+~r2lkWRnFP^L>U zo*WTpv_-8=0*3{Mc%uqLFY!?&*9bx{;+zg*KOQ79seTV!UZ{OBXpZ$s`3n*y=id>@ zONUF%kS-1xNSv)t3C!j?Q`rBo-A0%NpZ=PlDOecIVG)|TCAJQ~>1NlBF=~fZK{}le z3wE)cmT(tYV;_F-fnRax=zLy+q@aD)dG5W~Fz*K0E>%?jH@$N8Y6Tqq4YCix!j{(w zZQWN^m8>o+?TxagmAA8WSwg#6LemY{KMjTn&LfGv6cFow6rG3#8WpSfDfGiadyf6Q zx6%^w@U(m_p-G{J(88Ccn;OhM2T4FiTKz{{%wYeWvz%j0vGyl|q z>|^Nfvs%91f}0WXt%deV&N&y{VtZ<9%4ZuWti^c%cWvZ2`vv0c3Lx5?VrP6f zpR`X3>RO2+@b&DR4?of*js5lNT-Ce6Buqe^Y6Dpn(zuROe$Hy> z0SLF+!k;I2mt>V15IR2 z)3_MDkM?+k*iA1+?%nlKY?Iuw4NhoOI(i7@cN5jkDGyD(OlIw z4lcQtbYpS7=W@-v;a`ZdR`f$_QNDOH{P!<~vrROmXU|);O{p}AW`+Ch28nQ%924LW zFbu?AZERB8n+UzxF2%2D#xjT7KwQZXlFM6G1uq{1+bh~n#XF3%V#0)T(ld*Zy) zOSfTU;fhVH+I*Qlw8RJ~ISOO`Zu~+cd2$U4=_({VJ_5<7YX^DYwe*X$PzZ?@$`?n$ zcxR%}nO=mq;QQBGpr>M>;N#oCYVs!}c(BUWYt#F+K-SV*fM|D4j;!VE=0thb4|tCO zA?NLbWAa9IZM3QO^PR<>pTx`pit61>OBo3d%33LqSH^(E389s2q5?UqvILyO;O5FL z_D0WS#MnLKO;FnZV+-wQ4(z{l`q~B8&e&`(xBZ}8tjddzgluL5e-#gjiR#DtB$8iZ zR!$AG?ZhRX&vm(z?`wNYEC(s2(uZB>I|{zA-`aoG?QK zb!{rscl<9adc&OeH@{~AN7^0=PL{|jP>TRIzQyR9aqnt$LrqwV1l!~QgbglnZ7~r6F0?As(UkEk=-1Ct&r(4p*WFzsBxbYBTlwz- z{LZ|+_p($cXydtjUis2#?9Q#gMkPlVTIVKewp*3!C1fw|ja_U@Z%49cRL8l+%aHE` z#MeW@G{rTxzixJe^`;Co>J7So*ob@>jwgI3Jq$S0{g1H0#!H}5{5F9w@rRa&p_Sj3 z45|$mNVMvW6h8LFhVwhx#%mTaTYl?cjpvhF8e)q|JFK`t+)}g&Zdru6;3O4W*f8l} zw}jGmgYd-6{(53pv{G-r8`3}huw8#<&Wpa$fc&esG^573|0BfTg3O9+7*|#FyAkfo zlTY;xw`-Id&M_MXO^^l#e(klLRgxNBKBr~j;a(s7zUZ^WRv?=A`?COAoU-9;ORz*@MXExSm{bP5~}1boM4zHUdM3Kh_Tt%Bv|` zhhF@QjrSl~K{a_N{7$x4)H2C}DZ9Bu`@`XP%9>{|)qfb9p+tL-PtcV#a&I=X#YEEp zS;wIEqh;;h5e&Jc#qzt%wEGLa>vrX0Y0j&VFUs;om~T;M>kkaBV* z?bDlp9gZ>VL@7>*)(L&nu%YWlrWq9{CNQ2)zls+|NqB&j`!6|+(~nf?`_$iGD%^oN z^3r~?yyz+z^Pk5je}rpZ8~(OJ$c0bQiZN89OlEFBV)xhGrrn2DxIz!nN8FOq%rP`#-^%}nw4T@n$lrU>xgHE zOUv{mmmYU$WTrfG>%5i!{U;ZluI=S=)#mEN91GSu3?cf#*$Wx=iUCzgJuEFh zwoWKRS`n$G)=8wOvUPPKcXb&Z-*;_vwL7N#54XxU-OabL;$MyOlU0*=w9audaz2-B zV`*b@es&hh*Hs-oy!*17un$=;BFZwzG%d&rTnI9Wg5AUXTG47)OBv0nU%6Jss#dta zrF>>DAbQx(Rz3@ZzXk;8w4Fu3)45Mqlg&=QSEdH$nQ431EXnJQHqK#9OpH!wt&Oqp z4yb3JMXW$w9Hvye(z4krW0t%+OVJr~jG zxiMSQxIslFEvo7GzuiaPO>m#9j!|!^V0e<;iX2cMtdDKliGRz3nank;u(yXa!$akS z8;d%^#p(g6t~%p)A>SO1yofdGj+1j?x{>BC>Ny|0OM-NNN@m}3rRuMID|~$#6Yet~9UWE@I3t6y=y*xEjeEwqb~1L+ zp1MwG)VTJ870hWgj!m;<#F+R(ulz9bkbBWcHZI9f84tyReWONW9$^4KHbsZM2>$UQ zQ~3krphUTcwz*+`Y|dfN5{7GVnjd;+Is_t!RdSbzzFRFaQ8zg4%@Q>3&GpY`4M_6K zj?_+(_Tw|2uaHlZha&BphY?+6lK;XumIAg{kt#EM;%Ay;?B3c$7XU10q+n}Sys%blXf1BjWa$3NfEF{b+ zSw*SHKagD`QA0?^gIwB?+=nek3Z`hrHNWKHB+L4T&K8dj++lB;S$MZ;QfYB z%ULDY{akrQb8jtB6MGq?WM!C#hbLitFWLhZk-@KAIXHjZjivWlJF%F{ui?CMRwpAh zSF(Xhu1Yu|d2A}8A*V;K5CJfBGpq*N<$)UUyuMDL9wjxCd0Cdc!hZG?^GV}6qZvxl zAc_b^-iVh2#_)F;{iz)U2)b}gMgJfzMyYAuilpPOu(KJZ;VZcb@}vE(KGvhORq0wF zbgr}`b+rk zNmR~gB5u)6%F&tpKocihXH{PeAeRK)3aPlwvhmm_=G82j6$Pe=Rser8Bo#Q}l3JPi zOSV=gGfiiA`=g1feM;8%Pdc1T>Q+E@rKX}tH=zAd`ENRwv9<>&o@$#>y3d4t)>B?v z)+nhbqFAVCymagUX|pT?!EA#~C3%XlF}J$f&!8A5&kUH%ibMmqTN(E@h2HR(dD#N? z{wt*j5H%2e)uigSO0p5pNsW+wSJT0uTyJ;us&xgmz3pjA2UfEc3G~mR>X4>>8a$yP zoD!^379+bWX0K@xA%q8)@Bs~#1pMf>y%6};xu3@*_7R=~7gW5`_;RqtbTo=XQFv8^ zU&E#|j;5krpC_)31#1t1K(qeH$naDjc$<}xd+sWvL_RWww2`RZC4GRg`<7+ud&@dH zs~E2EX+Mydm%^L=j^8nS?`Q;{rKn+7*~>RIUf_q!758+JqpJ-#WsY%CgjQN}Emy{G zyFB~oY~P28?Tu3jSgz8C=?@as^0=Xc`O~@OfX5a7Z)_cFw)PN1FYfPDO263=3Hw^C z6BwgT_lJ8#_TFy$St$RPl16ooF}^2TVLY37=#IxbCUrHDz+;th5x zf?!)==xCI=%#ok_1)b0Ec-N;1;g&vi)XehnpBmuC|W35 z97r~M=li@oN{8AOj;jK(O%?^xt3Izh;4y&LgfE|sA|Cj%wL;c6x1=Dohn zMF*{;rEbn#qixGo4Zh809VC*0acye6U0Jb$u&_4DiAj8@oxfk&xTR28(A=okvX}k& za)VO`g-R?#SetFhA%UDHe%r3vYtsf*`Dex!nwG6zNXW$QF1C8 zi!eQWSEu^OSKh13nzG5dAjK{w&k$zh%b2;Kh}0UP3ukZo74I^Yiq6jpWO6{xy{H<= zCqA%0S;cUzU#Y3vJyt$Uka4jja+`9ENc%4)<(1zq5d_*hkz{Kwmse)GNSK@n?*^V= zo*8oTv`e}zJBk#~Vg2|(c?!RqB0&H;xA-4t^f2+w7+h#=W;CMmKb%p8Qm>SKseO;H z*d8Wwz$P`V%$~%>g0s3VwB(M$fm5a6@9i>9FfpL$14k@|P@+Fb;G%BdisNdAQe$OR zdQE1@0xE7}J3{I36rtk!lB|h(V?77_AobB`L8;JH)ExUoL@T?_Oh3F%66Zb|S%Xg22ZY}ervx&& z=9(e6>)dwC^Lj;A-lZA$Eq{;%i{~zI%USZi?bIyTS9<|a=Y{6f{hhKQiPdgb2^XTX z;x#WcdvXJe@t!-y4P={?>3HS#h*|eeBKqSzmaCm`U_M2;wRaG;ImOK>&fHqGP0-5# ze1nUkI=+`2(^X&MPw>&npL;cpG>A+h1b)JgjGs~GnS4WMjn5u1#sh7`#IG^h=2V&K zi3zp5E&lOCu80{M0&uEz`g%`85Xld_brM9*kuTO#pIhRPWx~s6F?nJYShT*rR{4w^ zh#7@Iq8`Eq*t$wI^4R=A8ci>28gWhXG4l&na7%)SyN<@t)z2I>6GF5>5?3?tjVv~iMue>isZyK z1dZX!1}9%TuJ;R!y;`;Em{u;%7NqNu?iz%W&pt$Eww=3jR81M+t~dAwAgVpzvL%H0 z?(SwgP1sA-YWU6YCLHnK-?UlzE3JA95Y!y&6gkDVX^v6^>>EIuQUMB*(E^|b_nFa3 zhoOVh(z#x5D{FyN7V8T|b|C^c++c2D3W?q}0M^=hkeMJ+)o!}|mHtPR*8 zouS8s)>iY&HEW;Dp#7Vsz4`UNhKWwvN|Tq|og7VOnZ~LrIBd_%V|f=y+fxO1=bN)Y zgm3%`CMP?ytbM0>=^8*xdxnNZU`Ehsi|;!eTMYhz_N9ZIPu#QLTDHmQ>e(cign-dL zE!VbmSv=PX%S!xONR==TWK2Xcwg|MbG|JT_7END0n)*FG_eo5;4|^vs(qyO^!|ic& zlCi5A*m!q;lR%3`i`!?3fPCsbkU4}^xhklE+~FttXu4p^DdSwsw=kga`jmR6Id1!6 zqi2isLFooYL!6EUi?3dwo}q!tCk~mwHsF_n5@sFdcNQ&qQzG0Kc&1^-E~Ys2<8F97 z*1BwJeA!wpQkgkkyc;&Wsg#m3kj(Vl(QnQ(Sd;Y@sAa?W2!EJ1$2NO)RmC7J-DBT> za1mKsF`^=}Dk>fP{)KQ=TioPltf1t)R<@F=}G?dPE!iix&`9#dcbwzEs zxX1pkTru`4ZscObJ=@36gsWRqMBSm5If7F2Kq`JOtnUvJ+t4g4l?w`s5roRENThi7 z><5%`iJ9If9&ts0A2aRaeM>v#d9#E2&@8jK3!}vL>3#7N)pVuEka#2I$kd?HH zwNxC3=dIhh$^-+seNR&uKeViB<5d}f$sMF&&BjMl%>D|{hA9;Xd>%XtC7p&z_L5`qHZzs6(}O%$ z4=0+p@%tT!HaFSLyv-e48eubsmr6gx$-OU3%R*Z)vKmb0gR_gl;DAny;=FoRj?_b~ zIVDN+RH-&(CvtI|toTD%0_W*ze{i zia@CTP#Y)3Z_&|5IM0uevBOKpLv6l=2h9cLai8mZ8)xv?rb~&V;1~FbX$r#=jyOWD z?PgQ5&l5vQ^+3%MEMsfF4sY}o$nttjgkh6BqUKW43|ahX+k&q-`zd$1o10k6NygrS zq)BCW6;BP*1q+b7Ro!LlN2eGaZ8i6L@~u~uWv~Q<;4?|CIjiUmR_F%KvxUvLu8BX3 z7~v!tcFZa&{91EtMQu{RF8lK&xB+|A`JlHr+U zxtGxnzc2o@M9dlFtw31VJm1?Y!m?SSOF75N^hM$1nUL`DAEXJz_$y<>#oe&s@6l4t zTwSN`)LBWihuSBxX>_<0HY1*uMw(4S*Q(emaw6>co4EeF&mQ~8kM4pt6P~25rMNbA zeqaEbnNtBxCC1J%8g^lY_3~fXN}P*RRG!A&1VmpL^Sf2xUflT2*Y*(w;#n^)kDX_@(UwXDO#8O#M|ahW(YD)#u{ zy8c?*JqrfFt6CL|eMHXqRJca@t~A#L#$A1F7+qboWoEszib_C@JFZI5&Xr8C5t%e+ zA=i9obc9bzD{tziT{m4b&&qG#l&#yO7F+lu)#yzNYn?wGEr@7;iGMJ*<*P-#u2!f& zDzB>I=a$FEy#Y|kI6T}$ts@>c8U8-yWSV2J$3?Z0g~!KC37-^mP!}8Qmf3u)qxg9* zT4hlo-CIRPoOH5Kr|*qy=j7O{mDf7i_O!F7b~rbxw>-3|YHCcp&8_TN%1VN%WU@^~ zZaE=2j8=T>8o z{~(E~SKLr~(WwjNWAkPkrXD?)ZcvkUSPA9&7We8S2AqqOg71QX*i4tX5?&uvmi zGl{eXQc}M8+FGz3tiAE3%OeRi(@`4>pM?};D^H%Nh|yizO1@=QE#pFVw%6S1!}F01Dsto&q8JKZ{j({3_ov?WgoV|dqUb7A40qPYnkS$$J#MB#$v zUx&)fSv9-cGKecYa3Tg26>G*`_2Ut+24K)uw2_fny=p^i7o_B@YVGYW2TZ;mu*TEk ztj3Z5Ke&49s3!YAZk$d*VuMLZ!{~02?vBx&qerKL^a$xj$nzBdb9$9OLW+qnKHD5sP0F3a?k5*;yx34pWuZx zyj`zUreR9`4h$gmS<2a20~8kR>|_$6Al@i+I6qu%4wz36&DZN0EJ;26HeA=BBEFcq zJkqY9tS*6>EU;0?rGX(MuwOsT+x@8}Ba06WKVP}6<#>z5)_0Z~1dY>$o8=XFOD&Yt z8YPW^g1?{v)170V)C10u7w-0aJV0qTldoRPAf3r%dq<& z(|(F7%)q6%_EmOV8X!1jm!h!Rl}Sn&Y^q(?cbO#hiIpT+LHQ6q#=jdo2TbAi5$Fy6 zS!&^*fHpj3otvE#8QOx>+$t;IDv{vjDM0(JekeSvpZVWXcP?KWh%87-B!zjlVh$Im|dS`lsQmV@% z2IPjZp;?Z!qIabjO*!%ma@6vH-T&tRjB&$*uxsMlMf>>NrtH7ML`NN)=;Okaa>SLY zQ1tvfP}koQu=`reJ2U@gw~pB%U$9S{73A&o>)69!78nDkSyE!ez&$)2_8F%c)WM-y zY)-)U2o~q2Oy&;H5K%bR3sk66{A_CFebi2>m#NHbyiXc-4cf0??>x?Qq*gG}M%YT@>yfr7_GepesY~%s0oJ-LOhxM?2@W zK-iDBT(gu&RyR&-De+9NcE%Vm2+GmU;7UpQNJg#O-BpAi|mocAd| zMxeWOA9E?aD67RhUu~4h+(9bwpnIYhW7i>^&F%T9RV%>REI<3@M@RW{Fiz8E51HSo z8chb6NKaWr!LRU?K$o_F0^D+}Ome$G&;T35RAWb+l{jdeqG-M@&_GR%YxlzW4$O|? zxwHcmCVt3^)1>I}>(DTobzk@ttnLouKCb2Orr>Yz?oY%00or2_U6Nm`1qcjS@>8OS zM-`ff??A-ua-wSi_CFmEQUSv?$k;tV4+%5wF6DtA2xsd>?HCGQ<%4nM({Nii9E}yo zy{J?T=Fr#}R+G$?o;${6^nb7TxjVaBatzhyIm)gr`Nw;UwJ`DlGv0xMt zfW?Cb5@UyV6XWletU|_zcMO^0 z<;Dh4pF|UtFmxI;=)tY1_tbPHMiKZ&)T`q(!!;2<9Z2&;NAgC3IL)-ZW4JXk7%Qqk z-Axkm|3+t*OCzogr%}*&1|3n`*-^g)F%I8S1`Q;0{!s_-DzXw9WrVB@Hyz`f0aKsO z*@+W?l(og=sM#OTtq1G@%_h5!0W}of;XR^H^8$Ah945O5=FNB|WA-Q!rvf{NVO;`+ zmocmc?I-|1L@;XHl5>;4g0Euf4VC-(7%6#N!f#uLSq#YOkboEPFgcXbAqKMx0en&P zh>pZgvrS)VZtrWN6Iah68g5!9kvjm2)s}J(hQQ@!2_;C<_y-(Gnl&~o882q> zeoK`UY}KaKGtLmq&f+!IE6-HR?2>|1RXPWE8u3IC3DkpRV&giUsASG9jiE6Thcd2+ zOK`HmgY6%S0^C(`d`sdI8_hk?VG>X6j64D6$AoTbn8hkz@=e@LRqTHl91*SS!fhDy zS{*l}0Qs9t{TX?k2YFw;brFjZq*N|p&<+dNeF`hP{*kSW&lkTDyv-SFa4M#R|CTlDvCsLE7i2`)<+?=EakHA{1_43AW z+`C1*NVXQG&=bRUsJ}2y!~tIkWSufX!{P`Lyan|bvC1{>MAOskm0NE&*ai$f{P0Pd z;>Jly%gL}TgX>YG7{eQmuHG>SPX>5BEGTD?z`q*V`Z)YMVRj%#KlrU5%NTuAc6TO` z<0t^@n;yZx(2I|&LSMUzavPP?tU&@N zacav>1-+W74s!Zw-+o`l+44d_mPWt`?pdw=DyDt}Of_-iG9j+7<`p6y9UVR~b#AUuN%v zM_<6o1hBa94xrQsegJvERheX2r}FNdsCHiW)wF%w-Dw3uWv1!)3Kcv;UqgAKa}19F zy96m5|wbNM*HKpfepz zP3V5EM!nTSLMWJQW!hydaQJ}??_Ih2fa1HjvRL_UAZ#iV7Tx8q9*d~vLzE- zs2#qvK(iO7Yh-m6r6}i<915m0ud*~rqUO5W3uDaic`YTf0UYC#7^lH2I3b7E;9ZL$ zalHF3+c8sSjQka{-yP3+&z$YRl9lxBxIA_rfmecvq1S5gn!p%yz2g`_2X3_a*mBDw zNT1*sc_bXL@=CW&8A^?`f4_m()=h{e5=rju{!~dA?y*0&zr_q{l-TT>G=kvzq%hxg z&fJW_&!QvT8^LdmBRy;RZpZ0D%MQL7@EegZ+EG_4FS{ih>$plF!64-1njt`h#Rx_^ z3mh@FFNSH^x<(-=7{#Psq_{jI?I#A!0&unKCKXCOKdl9bZr1WcRb7+BI3;&K`U8>_ z0qaWU@rkoUrS&%G+G7&R4z$}}Yp920_W>~Nigfi%~eWl9X-cw8BDbc*{+>LPSLJJn`8C$OYPTI5g z;-g516nS7WcO!|Ll!a=@Ur1MQxX zy~-i`vxQVw5OREpfpm!4;XLI!?nBq4D$RT3VH1A|Dm>g?%9vUz>nH50S_I|BXFW+Y z)DmB`JQ3}zfv&uhQQfWJ@>@y{q3ef&u{26g<$RtFyH1sl>YrcWhr+IvkQN4_-*iW&F`^UoUislb=x z_%et2a7K*P%l?J>YpTaoZ~o)*p+Wx_C9kE&qF)_eJ^7bE0hy7F*Hd8|gA8s>ZW3uxr(kJMj}ljE^ z+wiF3*Y1td=|vHc5ZG|lCk7!I!@BgbY~I7%Mg65r^{d7hPeuVX)M{-FSR$CUuec!cN%M9q;rEX^ zr(r;oZd^!&4}U+cb@N0#95UZb>~Cp#X?Q>Ue*cx5`dpYHK#fagHiEJZsW1~#NAez~ zzuu%ho;3BOC1}cOwp+$j0(;l+FX6dgMavAyxlY*l%?m?hSew&iQe8sDZXij1jH1Hf zNyDdn=|8j`Ky4L3v_Fv@?f~nx-L8zvmwS0>+w_47aI=bq#LDPc#py-u(U&m*O^m_C za4AxU44MFkq^0P5CEb|a9U5d%PS|((tIG&aQK5f1DcCQ9Z{%%IdZOxwMlm!ssUS%o z;wy4ImPNdad|y?jrHKw#I(`=!&x${zP`VwSX0qEo@6!g~?-oaVbnWd=pRQ6sj zuQ(RGdeONVS+Iw3tv`9H%@Y3e8SEDKb!x#xA&}hyxvBUdV^Ymg+T#LqCYG&aqO$< z#X}JhMbrR}38-?Z8|__+k#l@@&25G$YiP2)1O2olc|VhdLpZoaR;c(pS~$~*{8)~><@U2z&U(YW&2O+ z8_>TKIGui+!3N08t1tQP@}!J5fX)~`ti*FiF@-`9=v52UBw{Kix(VwVbqFdnlhHwK zuZ7~KVHXPAh7KB^fdV}2r~*rg;st{DmF$#LSR9~5&o66~Z1dOyj#2RHQx2GTbdd0kaGnzx4x%8R`RBltGZ)LSh|Dw-2W_1XH_0#fY$9O^WYa~6fr7?@h6R$Dq=U7@ zDGXkzbl$c8y6PjO)wWM4n0j4EdtUPOt74RH&5T7a=TaM5b#>}R=J%2;T8Sk5vZSmG zT)h=Y*2ap{of7U;r=_=UfA%TdjMgD_M&>Na-q)Zz>wrb#TOVQo>AI@3gTH6wK3m(Q z4K+`<(l4j2p-(=oy-^ICena-(AT;z5+X1(}$}GeB8Zbp& zYlR?ixnF2WirWHJ_9&fRIOhrZ8TsdAf26Hu>lQIu%K>xUM6p-gyD!X=@=|wv_Nxao zXp|0!_{>F`h!BoU#yvvSBkVu>x9vvNdpn~IQ!J6h=Pw(p@4mnML6mxj_CWQm{+jdr z2Rj8ObmKJ-GE3uYz?PcygnvD8LyeKlOj+vwZDDj^gUQBFOsv82-LL~zs6+VNKqy7d zib0k?gy>`=hf~+YRRVkHkfN6NJbby+flw^A@M0yVnwF4}0WNQ7HRho9Flxbj1Q6it zRk>G1NX!%+fImN7apuh&Q_xldpD%mdg9R0J*^6dj)CE@OaC3=WfyAJU;P!4s!x=czA0JRhbK&l z2~pvMFk`21^{xZ8sPZMp+eyehG7B5N(BbH}ElhDsyus+*t*;cQ(jLKJH0xa=po$`D z4HlS!>HG*RO7o4c{2asgdIhyMS6JwCatQx|TI&k=qCO^y^ba%sB*h}6T(MI?y;1Vk zNPp_*T_w1e;|?s`6^T0Aj z;m2rwLGM2pnV%$gc+i}t&Xg(>8H`Q#Yb_ZuMQhicN?G5}-GFuniylYA$?Z$@WTF+v zGK1DQ&-JG*9AX|IH=wX5I%sI&Us#+VdG%C406u*pT4z!oJcfxWT=SAXDSK z)U`x|PMoV-vJAx~-{D2bLiBSKTq#C%S6f}cy+!mSvSOu1>Nd)Jiz>+#o8AXYj&%nJ zY!OYs52+Pjct9ikhiK~=0r!E1-LxX^dKK5=8?GuwN~2--$z?uC0QBNH};#G~`!cb9sCM&?1GGrJ-JWY#vmfNJ$II<|`M zaxxCdoFNKn6})xuobos;NcXYwHC&?IodWFx^+9@{irU*`tcW<`35JNxRGj5JbsO|AgaZ{DXROVIYGqp&HqBXT47Of}o zFd3s8g+8CYw50+GX8?r;S?0^IVjXT&B-)(dYX#_m1Y#XqOU4B;-!pOW_* z*4`3yn{qzfn6|{=a2O~{qt%Oq<1#VX@+Ps#05h)nvS(?vwTac*Kdd?kTF5svCJAa+ zb)JdNb}(%5R&Zu$#HvY&k8F@0u^TQ2PF0GJGc?#g(V)@ubTzo)B*gkK_@>{LU<#}* zW0Ym}veF+IXedVEvG7d7W(rpgZ?KZu(w4LF!>q;ct3D44>z@nXZ7cl^3pCpNhdf)f zZw&_C9V>8p#ixaf{DPfrfByGaOd^i4jyMp9e7uM^hk()hcxVs!0IISz&9m9@_(?hD zNx&+NN_sb96Kx^gDNJE(!Tj@)A!dH7leG~p>wI9P4u3?cU;&g1{C6=ubUhz$77W6$ zP-Z~0A|}?Ta^38HkWA3)vAekLPctzPF+pE##%=&Fa7@xujof&;O6`d=PN!a5xIL7M zOGWbya1RNte=rY7Xv19fAJIXDl#)sTU1UQ zR#V8DR;u}XrtBAzq;plR|17HMZNwNTH)ME6#60?=ZvEpkNA?k~2Hvhzuc=DIl~i_s z@H^%Wigw(>!P$P0N`TpTp4yknkBopja6S7+ZPqQ7xhSJkcCuVv);lK65nHlC#@J1g z<)2?)@h+>dF@7x@j>>fzmId%QSHrDrBA9DN_Ykz>;lQDP!LH^wA=|(9qR!e=h>ekgLP-NRUz2rEuBMaDNNaSW2&+tPfz{#w8 zbGPX@GAF%%t~_zum^(8Y`U&v8A>FQ|%F6iEyv;AK`b#Sp?U62IC(aqKQ!%ms^n3fh zLv~uJsbQkz+d_@#St8H03URCN?Fu>NPJ}>q;V3qeu6{L%bUgiVLD&MNPSDT~%m`4ybuljwjg(^aWg284atz;? zvQr$v2!y`p z#o;BY#&{zr+D$g!VUio*W`#*YLJyMD%+%_h_MHpr@NO6-e}XFF1|1LV}l8m|Rd+lPpr{eLV@yt!ZgyKff zD8Vc)%2aRlHB6EUHWmyCT&e33&nh5D=-NqZ@&uBNRQ1iFb9oKve5A=d>0ivX)(yl- zHhj_w7jM?lku)=(!U1+`7?9oyaCxNo)VOGbRqrnTG!XXvDl%VkkBE1R?=4P3!TFHy;BKj6zVD~%(}E?dVZI@ z7A`*~rKM+(xDd-igd$0M;U^+Ucrc6*UnsAo}?9uNsNek7H26BkV~^kEz$n1ix`U7&N2^{2ivG4ya$VI_b* zZzD;1E1CB35fMz7U+r)zXrk5)uNgC6oXrNdc#|V&ESla(t2IJWb6VqG4y`P3JB;=g z%vUfh*7=56rz2?lNg!*}gRFr8z}@rsdXC%L6&DvOx+fK(uWaty4fZz$lw49S0rm_b zb5-MX)W5;;za_hnK(b^C0C`B+&YF$*XBkdzt%F!2*ie zf%4Jt4~(OVM$qT7XAjC>=rYsQ=%5Xp8zw7RFs;bI7%a)Je<)H_(-{^XxY5mW&HTBV zEc~W&i4*-!%Nw5Q0oU6iY`nhoU{Poul>?06p&~^F2P=V!uV1ZH(0FGf7NBtnuz-di z%0CD+J<){&gqCJR0`i~8YjkDNGG6^hKe^KaLLMF=AA4+*U z(u06)%2lL8C0+quD5BkvQXQ7QN@Ui9 zwYv&fdo@lL(Orjso#x?c)V$MXs6Njr#_f|DTQ;Py*sFxS&EwMK0M=2qU~7wEygEal zkSA#znvW*Ur-=)=#56SEAfP~mR$0^wq-TzcXwC2GsAHYP}5Ith4xSwkLEbLq*n`#Plh zS|uA@q3v6hI!kz6$-PwklOTDbQdS!AlGI=Wh4&x3d!k4Xb7hn2=(O2|;32sq`y?fd zM#|RD&o$XyJ5}Ek@ zV?r&RtJ!h&6L>D=8601@Za#s85!_)?K5WTWVJj$|urfjRnvKP0xRR$3<+ZrI z?+__N!;W82O(VIR=aF(v(U1#jsw8gHVp)G_TCHGx19@p`?6{ci4*1Oyn$2ST^5!Wh zud?=>+~;=en@K@iGS{94L8Ed@M1hk{g7pk~duwThr`%5vnrK(%H$U__N7<;#J%`-gZ=ZnH9#yq1E>7-Y;g4q0#++PDNL z5Y!P%mbr}(F3IZHi$Xvvi07+4Y2;$yXh9WI>zI|q*`V^+!h@4%lETlZ4Il!|z1O!8 zQK(;!HoqA*!j+q)t`aMDOX8%T?zx2uYBKRA)w_~U3m&BeMwAyJ!{7R2D(uyEkyHT{ zvMSdK^va4DFs=>n$1cBtwpft>EVP*)V@rc)-WTtVqs21mjmnTl1O9Be)$<@#TGy8! zwY8`!_4{Rlv=1@Xb*9yR2v*RK_gB5kK+hR>*E?)F|_C z>~b!C9)0=d9Qzol=Y^P0h)=5uhWu zg1cW?!mlsT1!XqR8GMJX3}0%OJ|1F9Fr`^OZMMf9RnJQ^8c6WOqm3dj+SJE>aqaLx7g3EkNTV$$>yO5zm6r`@pCeF|fQF<<7`_hZ)XFwJ@Y>p<{hr&)ksL~Yt{hdZlsknKhSg`k-T+PY!Jcx z?L3K4thiF8BE^~bokkBy&@nMsH352VP&S{(zuwU59Xi&)8SU0gj9E`qZlY8SZLOdHyHKnGZ0bbXj<+o`CI#C!HR*9wZ?OGywJBM6 z2p5Rkk=Z-~QaHp9)mbJ|CsH3wc~a+C;CA^uGS>xjHJAE{xHq_PJ@na;ghY{fpxY-2TbRK=JgjBTG^>j ztFGTxh6Xr1EJ8FQZVPZ;`;a}Iv~Q#xp`q+}w5Y>jm2eI{tyDP8Lpz+ti(>`RhTG@m z2C3^Dti8hAXUXJ6Onob@Z~=G%H@VCGev;o?QK`_RgD`Y{CidP8Q(LnbwZP&5%4aYy zMXI=#GJhNFW#dRes4@8Hhy2#zY(<@XYz*t+*_aXF^fGkMJig5{<${3DoHm&~FBr%$ zsd`j$8i~>I^AB%hL>QBwFuqj5*Tg@!=Do8xg%kg4IRSgK2E3alU;X!yGJ<*llYWvW zXzTlV=18CMf0x9_;z^`?m(FsHTMG_2pXHAunlhO-J6CUv*`Y@v?fchxt}_||6wS;q zn&xuR2=r5d#fE&4F_t^0O46zJUVMk`=)A1)CcvadRaH`e3f){tRJrqsxr*lnF?m5A zuGZO%Er35_{}K(H1_>c zUBjHLFr+I%g(eqkT7jZ?uy2+&Z$@Y!== z&3`I06#Zn2t?XG(bb3lJ=0331Wh&+LwHE9>zf8=3`6bkQE?C$FmM~8xM2A3&?PU7& zYi5ZuMio}oAsva>TY{0-lOLUFBp&t}`NZWi711?PP-wHXw`dEkWmBoW7FLa{nf_>U zbfjD8Hwmv;df&K@qM_3+orq^^EfrYHBN(`OJuR79SFRlLuK)R$6qh4QZjkYSUIh`& z>q4wL4fisleqQFDTjigE`rTZOoYK2qYDe%oRZ#7=I-5lFj#lRlxB4jZ{X#FDN@irtloOeS3!t^q z!j_FwtMvozI4#57lx)T-@1YE=(D^unZbU@9tgyilEUKD2~t zk-GwV@#;P6*8L*smj=`ae6}DDnoV1#Vby7JSDTi*D&-&NuaA`lX6bI1K<12)J23qx z6D6X}0kfmX;40<1dH;0aEwvybT@AkwcmmqN)~JCu>x~X;fA9LrMINyJTSc0|2zTJz zi(2{XK!3hT^nIQt58|WxZD#$=HQ;Ll=FVszWi=4VqyG;v+(GtkYWs-Ob-`IFB@6Lept z%#BX+R>{x3fdTJU9FV~QrvmvQwOzdNQcQd;O&tqS^fihNOK-JY4(2P{WLS@5TE!H- zLd+i-v-g#*tIxX=*ko~cGRj4UVC>gP39bM~iZ*qXSQ!Los;g)91Ib@2dE=`mYfF|# z$eUL3jYNQeq+zivG)oV%5u(wr2*;57^sxPmz%+*sHLFTb@qQKr3m9FGK+g`Bh#qC~ zjmKO!vIfZM6XoVez3dHgF8xgC*@m~O3nZNFif2S`@v*pO7RG35sU03lyDghdb+|o5 zI+4}h{)<|1FXk2aUyPTu(mycT_l{G3`dPI~M)37%ISV--qA-9$H} zv-Ytwy7;a=#hMlI%=QC~T7uzo=~MJm53AoQ*K+L3c5Z@3hh{H~OokV|1uNe8eWuRf zt~S)7)hWfE#@4bCi2k&3wT?~--@uh8ob{y^-Rys`bG*)&Q-7M}o$)E}ejF{;k2H#% z=AV3-^s9;2RzPh~g*=`aJ3}WY_`Z)}Imf8Z6_ybxU+L*LJlbBsRLeD3(qLa0BKA4$ zuLT5=9e6R!$?;xOL(vus4;a%YykT=RsEm(euKcv<$b;91aWIU#sP&N<&B-{uVALxuAr@Yxy%{(WtNAi`^vgBiTjMGD>q zNLIibf@~VhM1dNQg1Sqz(R!BivU&j8>yDmof6(j;%7t1drHIe-+pJ>3_8vQ~SATT? zi2F9?qi!|ZI>pYAMVR|`1M|o#fJMh!e>acNP?^?W;r)+v;pCO#=`oqA<1RdI)}z<(!bkONtkWhhH2I{9@iSxJ7*(Uu~eX( zy;%=<&cDu^6v0kQD$;;QJY_s#!>@r3P$|LBj9Vjpc3*!|fW+dKDwI@VuYpM!IsJyP zca4#$uH6(t-ccX$Q!eO2WU_ZVEM<>_Z{CJ;q|Zs-N!`U4X8jGcnASA{NVdH32P7w= zk&X^eR$@&iSP23KauFv2&~lLaUss9Sii;u#RAxBGgM z;-PzZCZaIR_Dr42K!m`+gVyrWsI^}}vWxMm-8i*TpO54>a)jvlqQDzvdAbMQ^?|~_ zh9==p*40jSviX@6TS3$^03@ZCv)u?9a4*0-8TekFQFE_Hn?G7L&Yb+wDom*!WvbhOZchZKDeC89P<(kefV9lYcoSK#k)a zz*!whN0E`8!L_lojm85TGR{zCoE{aK^oYHYLAVxa`8HhG55wDv-iM%$pLKythiHY+ z?x(P1onqm0zQw+3nV8_Zf4dJ8L@=ldP{GdLq2DyiZ3|MurXSX^dRynpE_7n^TEijU^e{eT1xO$rJpFlz%p z?mq%4o_)bKi6uF-_L=zpvCeYGZq~0e5wiUH3akwzkE_n6DPlto)^2HFXGqcRYq5w{ zNeB``C;Pbfmp1;U{?)&Gfgrm&U!ODn_j5S5gNFk?UMB5-IY6U%M*TX*%iyn*!Uo5D zJXcvhw6^?vh*Z8}TFKBuRy|((4$+&cH^M1E_Bgmk->AyB!!0`J>4PAEIP?QPtHEMP z46Ct*ehC(K%U7{qs<>@+a^Jq67(L86U0li6aFi$-8ho4<*se8J;6A%zQF~#B0GzZe z!|d2x3a$5`d3n%S36Bzqrb5+1{~DD@YxUSJ7J>X2CWx_|@?%{nKjY0JJ3^MXha&>D ztFzks_|t~ODs_hp z`%{mdiWl~j{9=lJQovG})l{>ZOpLEq)pwWYgo)23KaT}rXQI?{)rV($&&l(%-g=Jf z5HMC0XRq`0WEFPsiDBAw%DvG4rX>>2N;6t<^SSaN4@KqHk)_=5BU&fe%U)SsD6T_I zJ3UCmIXA1Y{f46Qu_+*Cfamn7lPND=8Hf3KMWye{ryhV9|2)_V^~gmj1W-aSfFR~` zV!w#iJ~b*m!%B;<+|Zoj`__P0a{cwyKN#+R9KFJ6&_*kEI#O*NtI8T#t~kyE(D&|E z*@jCRat0b!PzUm0z4+|3NQ(Pap2*Vvs_DeUbg9S@;wg#tR|VY0m-$^LiW!G(Rs}rF}8iH(9wD11@pv~|H!$xM6Q)xyVSM^P@jd4 zQCt1lTiXm?z1QJfZm{)_ge6?1vd3Cy?<(_+Sve&RzwgBf(5M)At@OOeW)1yNA#npQ zS5r67o+8n$4I#`9>;RO=8GN$SX7iCT~2%xGD|W z;@F?QQJ{?wTkBlaTXF#z>^r9mP$qy<6AV$Lr8$}KMOPd=eRS7(ZK2(|KU9P>-QZu3 z+59YhNPkn5r_>X=2#Xx;*YngVd}Tz$eMSpkdHlPPJ$ zm3-#SV`KlVZr<*H)PUktn@{tk&Yf;-NKx(^ZA+UspJsX|OT5>2ZVTt?+`ETX^E zd(6*k-*g*L?73^ER2y@tR|^UXap-~ULaL~m43*vbDMdLCLt-IGr6A7(6naeKYLAkv z24+2*b4)6rhZRLQX-KfzqE7)@W-9;N7c`UyACoWp>pLVIBL$sC_eRZw>!QH2b!tO= zMJmhHy>yQVo|Qxf>rV*1{ab&P_2KCGll94b8!)3*T=A5^$J|O5m%24dVXcqv(df#n zYkDU!o$o)b2t(ccnv&|XdW37^V!ol)u*?lvr<~;YEGJoqTjLQzMZKAi)j#x3`)kS; zvT zk{lWAv>i10UQ@B~7tJ}V1?U!XpXN<-rSdmfv=7x}YgsSY^puxuc8O5a(fYXZ#NhQN z)lJLyxg#xEU!$v{%z%$}tV?16Va*3y_!N^jx=&t_wQxHw00jTRs74p2TrIy&j{ao= zW{zNYH6?Imo;qp7qWN8(1!Q55=LK^D`HJ0m<$ChQWjSXit zAcQmx7PRWBq~hv)1*;jVKNw8Fw2m_LAVqTQ|6n-2bjXBOnzedm>(e@b9f4N7g1^g5 zu5Vv}Chl>?KWe^oEqLg&f#XzstN(N!lO&gDW@KKQfLGzx59B!-N-oPHm(yp?$~x~C z$`q~+AhLUJ;VqRxl0>b*QMF15uT7hy@8d;ucPx^vK?yvuCJl-(4$Pd0?!HZV|AX<) z`aF5lw9q2KBS@ww#{B)~FSkk~YIo12`I_KuKkOkT|{#EwfFQr zNy1`bNi~^-Ee#+#W_7yNXT=WXj3h6s`C+B^qn|-SJNfTpz@l7$+Kjkj} zV7R@W6iP;N7epXY4$%1PLjwgD7j}AM;<8dkH?pF3##P5ECpz_x53R0{bbb+K;`>~1 z8-#V1uPk;7Z-t9NyKtvNnk2WVb%P#;sqBIfqBy{Fwsv;n`b5fQ1Sm*9BhP4YsE(Lm z`{A;h1GLCpe-qd*Kwv*YUKH(MVbKRG|O z;NSV5hwZI(pi2}#iE6POcgyU$Buy+0zd%0lrbpK6^7=MTIjSRFu#@3A$^2~lPbA|_ z1bbmWD4jTU@_whYZCE*hMV@ZbLb8`A=D5=ey#jJZB9h~p^%BQhqC@g?4>V)nF?zc` zGfLELdFor*uKxC-rEa?Y^VDy*$W8rpw4W1UmsZ@B%&f3<7Ws09`&XzjM>t+9LYCsC zxjni*B(`B&os%57mC0cC$2mh@T~;%gWI;R&_W?Fn%@go@t`Q+0|FF=E|9W*&5;mJ!0F$&rByKs8| zCwF}xm?)}$Ev0>ykXDcKRENQt$dm1WU&@5QZyN%OW(Tobj zq0lQN*@`0*!BD{zVswOXw94kTR@gU#vXyddhrbZ@`H8FU zj1IWR3ul`sLFD^?8=82wdA6?~o38bpqp^0K&A<|U(q*WD-Te_?N5_wbn>;6Bop^+T z3d~jysL-K^K3ACRsO+C<0u>G+8ItwvPbXG1%#K>1W)_qlXtfCKLt^+xCjZ51W^ zuPT@Qk;K(dTed4Vsn->Re(xuk%`%=5Yr9UkqCqFe?r9V znKuhv>PA;f1N!2u3TCdx)-(_0yRF2YrnIH+X|- zyj)K6GHD(ev5=wIsmhQ zxq3xk7Ki0j3pJ8v-p+5J?ch4q!@{yOmjHlrQh4sg#-^2Xfdg$fH@h8nPBqHOgxSwz zp8Hg!+Sl8C`y>K-lkL+guK`H9Lz z^CqdJooN#*qMX90S|;uw_^Jv!o3l&R>SPOFH;unDwuV=?GBZNxr9HoRx^4O0^ond-S%z z-$+bE&ppoBH*3$#guTX&v|fnD!Wb3EGU|6Tty7bz;*!ZTU+!>3a@_}e#w4q?r%h~t zss+5i(chFu&K@qxQ+zBIIl4u;BF(PVo|%{4LZ4?5f~-;16XeejDxcCtK#44b zdEeU^gJKC@IBmh5aFHHlMJ1bh4y;XI?(=;H{a5}r^+dipfr>$9W!VyNvKFqhr3H z)|@#uBOadK5=zAYy#b=>PVIjRbNY=~Vnm>(k`*=FJliF=O=+fGe%dKT4VRM@7IetF=Cq z-@*V8PXAl}yMmK(#(^`PS_?-QdxFe?#Q3n**+yFZnVr|%fn@*t3t46_1G~%hUy2g5 z(81jFY01+2HMKVroJAJiOg1zmwdVC~P*HUt9w;+s%Q2r?v6Yg6I0?iguqdy!=WDj( z=4FSBS@xa)&N*!N`1-XJr*K_0dhVyKx(dd0e@qOhw9YP>2NnI!qzQT1LA#ss z3LWGG6UP(hP7oR@vwW>V@368NLD~Jann1^iSAX0SVu9?5^jPeL6B#K^mIXJJ^BvYC z4P`K(6wCGv>b~Qx`GUQErn^WCJVPfVwAV=(odN@_8}yd%i4s(hqcO~(RJDgJq@NC) z#$FUO(I6`H>4Q@)ts892Sc&7v?=-Q#=odWSXvN@=K^(|=5~Du(dH=^jA(h_wN4II5 z&ynb-^M3GypvPoiltQ7c$tTdQ#Kq@P$$*LxK{SCM&U za~n>b$E(TQQu!T*NKnrR?(=jR6J;kbu$C{vD!;{2rm$`l<91x%8Y#1Fmej zro?y)NC{^;1HBdeHfQoECOLV!`%KQ&JEm2CPlE*!aQX2wUCRij1E4noE3hS&h9k3qJo-3LB)7OwaO28}YS^FC3Yu8;s1axieH5Cp6E#F3F_g8^*osKA*mshp#8@h%NGeKt^$9*cl~?yPy|?}yc~QJy@kpa|+viJ1 z68)`;a_6uI<3z%|be`TMt+dRzTuG!V%MF*h1scZLhCaPvLU`vmQSm>_MGV`DWX|Hk zOu3&_7O(Typf4ku=<*9P$zf9ndRWF+NLOxE=|}6v&+});mVd`x-PpZT9(-P;^Tz*Y z<%NH}fF2qEgTPQ26bu1@00;m8APk_SkEXc#<0F{)mBc$;tK{d@=`}iyk=OL^Er8^A z1MOA%2Q2&p&Yrpi4vQ1&J`qR2%ceWDB4SitZ@cu=b^c0!eZmkv2J-8izqZTCt?>W; z;aDdd`J*&cXQeY~!3bR3-_@>%Yq?T>T~NLu*46&}vH&AmQRA!0)hW+SjMKVDo9Vk9 zUnkTU1yy^6DB^O#!q+eE>su&4XGHEFz?@d%O5yhB9dTg-=bJuYalRTaEdTdVo7PtK zT&jF0&h@b!Vs4|KgTX*V*lOVU_P!$;uyN)CW z1~HFYx*z($P9d*jewf&ip1gmrfjYj3W)!yn&gAI$MQD&p4f3^=q0`A6w00_ftY=g| z3FfHbpcv?SCH-<k|z#Ln}ey;pp^gn=` zrp()+1_)nJeO=&tN80G=+>I5b$;+NQaVSZ{@@ax|UM;!+5&hi@MF6({a0 zE#37!Y5&JoC`Bz;V?WT+Kcu8cwiuB&fR{%O6%uP6#p;wg^kjj};eM?}*%GXEJt4ky z-~PNS<>QA?kSdap#gh~hPWvHuwxsO>vQ#`?Y3{>Tnn!paO|^5 zi0~#$t147$Vnq?(lB&f1FnFi7{{g;vx#CCU`q82Fz&a7sAflS?wOw97K6HFT$=}02 zFQjR;tMi)?-T%SQ%VhKYLnzVU=tkq%CR6G5o_)wp>80D}Kfc-0_t=x?JQch7@$`ki zxYVhziiqmu#PCkjh$$P2rSihwmyNjR{!+tMVg^zkvaou#)hW4ak9xC>3`M${UlM61 zN8%WOtbBAeU3TA3*`|CtN=0|&*gSYl!o@NiEw*-U z=o%NOjv0Rj7J2M8&EDnbD+e0>_WN>d@%3T1*B63LYE1qEvY%8?JjLD=M~If*s}3?S zc#*+g+<6q>0Cpq?`3oCZ+*{UhJpLOD9t@5>W{OY#eK`MGZoI$)X!3GSTOp6n&TiOjuQlK=CZk`8r+;}Ng7t&5QW<)DPT z$KmR?lqio4?R1=kd~)Hi37##&6JQKl`8CeXy(X4s_R;eTl!V^^Th-ACUWxDlTq5 z?7O23E&>f|IGb+I=b%h>zB_I{?2fT$ybZ~XODRhHG+FNWVl|-tEWWgLZMlOFJG-SN z+WOLR)*iV?JHDZKvwHDp^pHi5{M7qT6PLbs2QtLPWQv^8%itTSN$`cxk5A{+Ph8X~ zqO4q`-r%0s`eHhk)txlu&b2xuD!d7{l985PO~Mrqt(Tx<^8|9qm1pD+2!Mj7X}=W@ z7E5x}IwvT=9FU9yc%`T>)TL9Xrn6t-L`nW+_f8cL| z5r7ck{7Ny2+`ji246m1=)KC#RK&lP!{Km^lYY%C|_ktW5NKr>SD6S}uVmo1xMQTUH zfCQ`cCXDId1C<2*uYBLcF2`gp0mf1Z{d|1S_UFQ1<7Q+m#?!s6{XJW{`MkjLfoFAO zkMDNbkrAKHBLMdU!x>quq$*SuBg zXpnYS1Ani#ra##SzZ%i2VKjx5Jnx%!YQd%M{5*86rN~*gAB+i#M6}?(={Z*=ad7R} zo)0DR4dx7dG9*u2^HqcLPc)XLU4L+G>sa40eHcjM*@GW!*!`F`xyr`t(l()h z3e~Ez5DyCrSx#)*l@u4d!UI$-XA9)UZs|gP*j|j&xU67T1K1{pohSYQw_f2gMX(|0 zate^rTU56$cNs~ZwR*LaMlJ68K_Q0_p`wf1q2))vr6nI)JY`toHl)`Q`Qpw&T7<0K zwaMIrD+U=I*{Wz;3e+8a(w1h7Lzae##aAkexoI-Vh)*Dq-Cu02kZhArYt^?Ij;@dE zEQ4&}n(T7u^<6R0j#*~C@llFiYY&Gu38CAdus@oW?1>?j%89%5N@o4-#MRwZTSOQQ zXN3xVN;qe0wLM@4)JENR(dXilq;DlrJVC;U-PW#V&dY4W>vp*&pxM1!7^qL~Fskdu z?3SR&@Z1637C=GCvV{aq$bT+SAFIs$sTGXdhi{*bxP8Suahfh#WG4EHiBfTeMz&wk z7dd6WaP!GCopy`+o-@`gwwjEc$7;wrZ?V(HE9TR1jEZF!-{ukSE)z|4Y zF3O)xsy_3(|4%3Ne4|W$RVaUuOWi#a{)yu~lk2_wes8Z}15VleH}Jm}fZuS(ME$>p zqv{i{`EBy{exdxX6K}5^3_JDT*#AGCG6S)%?y>r8`>QetReiP+LNG~iCQMSS@0=E6 zhUjCt@NVbu3B+d+T*hDLnXYqM$u!P}gi7wmKNrSM(OSiQFVFIWP5h$1`~!51f7xTZ zNeU25`m|qO@Zqm<1(LBoMTTeEQd>yf!q z=45oC{Dd?LS-$+!B=AV>d*>_fH}Wp-KIheaB^0D?d*A6h`gmZeSn&<)CHshqpIS7+bs=n`-jiNUoO{#l*tF7pofAbvK<1 zx`;g*^P?R~9CXF}vG8M@9`n81^Pay)u3&eS>4hwXbM(#Y-RBRC;{@ipFVemLer|W6 z=4jW0Zly7M3y^Z@`GZg5unC807PF5FkAo*3MJ5Tbz&G9*Vv4|`YM zqT`>ea+;v{Bo}Ve^NfpH1Z~kT^T^uW>v~lcUNyh>2yC1qK1}I_82eY_)MZ-;0tzP- zSWj-Gf2_hfE~-5c{M5iMOorJe*|)Vgg= zUiAmDTDk#w&NW}9LdsE;z*WYH;#Tryig}O91nra^P)NR&3`#cPswhj8Xk$G{hsXsz znx7{9I}(P;*62vw4jSIf2UPme{aH&x2=5>|i2#Ic+h8lfZFsO0<2YC3Tt9a+gyqE9gQGuq4Ia+^%(+}U?FHU#! zZCm$Q1IqkO3KcK4Z2r0J;LCS>Z_576Zczq%giFcYC&4JmmI2uU4wgv_%yd7}DoxaQdIUF7d37uz(N zSFayF%^V87=2ym2R%j)jb9<)$Bk50> zW}Ve8*B7yZNhfJvyRVJveZENb;%k6k1o2U1L?kWuCE*du#-q6gFl)J$Ww-poX=y7Z z6#A02`>uxPw?pNOoZjx!G?=1$#y63hXCdUbf~NtwO54`~aGsYNAouoAf6!i>(9IbE ze+;XjuJa|zqK78K*^&R4KEU1qw(ZI^|4z}GtYjq~zlcQYApmp%qmB5xCTkL0^#fy3 zvnnb*AV-E0rar|gb(g#u%j^%y6e(6fp+!P@^Cbr&((ISA{YFJ zDJc88DW%1t>Twx`ujcQLIb}`U({deFv{EMLLCE7xYDvvUVD83yI55~H^arblR9(n3 z>E4Yr6O0ef1MV>Ig&-es9XA+xp3nr#Q;T7z8ue3k#6pu;_XOTlP|BVfevShy7#f~# zY0o}<3z1SfV0_bm=#|3hopO$b6unTJ8Aa8dSdNj)S)Yo9J9L9wz5venQ9Dc}wJjR@Uk+qx} zow~~{Ie%ZI)6y#lw^rS@iyf`=fN%zMl=RFlgEh1;?XW7c=!SN#x9X_`ee{6xGMwDsKaJum zghys9ul!|h%Fu6qKMv1EN>^*j(@oL2AxH0!43OY4afN{v3C)J*iVBU#gN^OqRD-kb zERkc0rZB)WOQZxi?U9fqZtF8u{rU&v>bnuP!eSg~sd@!$bp1@Yk}<98l(k>lGqxY1^yE-@ z+`i=d;ncRN57>LAOM#BmxCW?PLwk^AKNfi9`f=Q>vGN7v4H!K%bCaAJQZJhazElYW z?~?FN{3$dM86x-&a=6sny}(J3@?mVEyxO5!|GMoaI*J;=&n>FJNOGQ2Ud-3VwwUkY zz=muemFIvCUI!vYk3plktCvrR?CaVbg%!W8q5O=?%4GaR3EdHP*5syAEDkqOop@?D zJLw5oB!&6uV4L0Sw#W*#X5VmZo_|_PxRbJ^8Wn$exR10o0h&{VmI_{2Ul^9Pc#jV$F{npK#|FHq8_&WsHIC+oPCv72-n?CgUeKOEH+q^Ht|*&uXMM*p_3#Z&80J6(NS7;pg%Es-FV?_p&MQ|1SU2iWCHE zpLZkUYKE?AOrm~wRe1h4ob$g|%=^Et_~pN<7U>`V`y;<86%POPqCIPn-eg;@27f^P z>8gk|{02V{aLEnh1CzqNBJ@=4KfQmFe*bSt1wUEAt|$~1P{e8i zit%6L+bX?VzCb_~!&ZkCVJq%xDWP{*#DV9p7GgFa`RY3 z_=G3=_4$y~eJGxPUK>^sI`NOmPJ))&Hpi>;MwFnO_Zu~`Fh5!_>a)`C)x4==n1$sX7Uo!JW8*VbjrOzN(>yez1f_Z@>1;8|(&Zx`ii zO-M^GV!Qukubl_bSCCN>34xbS z5NtwpqPLPF|MY(p^x7Ru3{lR6v8D}P*B(wjP%k=ld_{e%-bQvaL#nmizUtG0ziw>5 z8NF7gw`$t+Nb1ZEd?Y~widKrh`L&2x?z;J--b?=VXoo1g4W5egAJhRn0Or!G_TobZGRQZ93ih<#>T z-r(-}4%AzfiIWgw%=k}lb*7lgA-L1}tCo_Apj<>Icgi%;{LPDFM|tu4lBnPeu`(I)t$GcX2lTJ^%n#76)XNF6yU!`?%VONt z%t5)wi?<_L8oh>PS?m+GpNF$PKCZ+HHdN9`lUiA835s3PIl5?T=FELPgaWjW&(rcV zd9iFcI0R+`L*190@i~C7cr}x-!|MKPC){da1NC>GF{^lcV%F-daCIgsY_tkKn&EKa z#=Ml+;>l?JS1;EdiyHN@`i{wJf`;yU3_TEW0|D3c9GuJR@4t-UHQ_?)TE@SWac+h3 zIkiG+-V8O(#_D#Ll}o_OV!a7v(Pp2dvC@?QavFX^QY;nLx0-mg^}w|#mjAb zbn|V2^xACH>ru{D+=Ail9^N8N|F@-S<@`Ab=aC#&tKK6dNh$nQXn<)T<+Q^v)Eb?v zw)c)I#k#41;e%ws*OtAC=w;@nmDA;FOmte>v4FYS%pc^ItH~$@+lIUTyW=iBIqDA4 zqY)`f`F(3UfhDgnq-3?G2;TOdzOHhS-TQic6yPXd4TJ*l3KY9PFHoIMtKyC7?&Z^? zB_u204vEm@%IDk!r|ou=(bM{#CZeU`e@^gW>k~~YKb@24jnF)D4`1os!oY}w;0FlG zku(q=%{0$?BMax2ng@Fp;$EuW`&WE0%J^>5&_qV(y%bmfgt|4Ih+nf~>z+(LNq{NJfB5aczQOvd7_E}RB6O0)EV0fbCyx;1L+AD}vlkmS;dUaUOcYGNDLda(oO zm9t%aBJ~^vvQKBf_}Q8MeGM0=M>Aso7B+lMhm&Txs|`L8yujnC&GMANulR|0m9LVW zq;OPQ0AtOJKdJ0FF_f&@#}8Viq}_o`=79%{T6k?OXI=~D$hc?4IE@$wN?PR-a7dGY zOZkfa8!|oMDI90e8v~30u#!rhMhw?B_2#b}k-g^pIfntbw5l$5kJX$i^vNG89~Dj) zojZX#(j5>a@L-=+7~`{G34^DvPmA3T^>CEKD)40p(nr)A)HS$O>6V>)2(Pd&)D62>{u@2Nx*E56uo3-!{_tq z>b8swF6R555+P7M0M=wi#P0b9mE%*kZshP#1T3{&)u!4+82&WhDCRSET|2 zY$lXq3dJoBOr^dsg1U7MUKLyEJM#qjvk3DIIb>wH-mB5@31jjJmpaQ_q6N1lmAM8V z_4)lh32r+NUvof9tX=I2ZUNPxqTWJC?owOrYm0Fw?PW5chzJZ^F5=ke{Sc)#D~j)} zs08~jcou;V+{v5XRcwEE#UGehV&788faj^eEg{{pBJg%a#ZPgm<3u>kP439B)NIm| zJ`p`eRZ%JJG+eSMd)1q?B~G6%Qiiay;Cm4t|0HTW<@%%h@0N1N9TZ>x32V3Ps&FBx zG;>i&xdbIn^e*$v^1SQ&JbvJe=cEEq?RQJndpWB1?u2E~zp4YA+58dKmWHRnH2;fmal;v@_P-^2qhxanMji^S%-Lu zy%**#gOR99b1>H#FX|hgIVyz_;%Cy-E!0Sz?yr7>6x28rmb5SECPI^_4QnYoR{69B zEnRO4_Z_pc9rH5!f|NY^a#(6E`V;7L_?TT&jhw=T%Gna49G+g+!l>&Z8u@8?cN5cm z@}}=(byY!v`1Y*C)mV28lKO6baKb6A;deF7A~hj}DTu~b?`k_6-YF{j z_E=sa=Ve|NM3 zih@RWE1!FY&@o+mt~pW%v=t!OZjDDj{vN1!Zq|F(=ciM9I@8&(NySHI8X@pVDXIoj zW^bn{HE+;_El5;jm+On5~asddZE zmts=2iv$DTOp=xmtG9GxyBZ2#-PW31gsp5^s9Qr^T$ zpimM%7TPuUTfvMsECS+Iv61XO0nY=-?3#U;YNhKrV@X(L9xXC>F_yN^Skz5Xd4*cyTn$N1yk!fiyA0BhZ&~*re&-OagnnQ%;So`>wQ!~S(EB1q9ju;+{=cb|Zju9|8 z1{5qv$<1E$S>OgX`5!?DE*@+L@b1R4w$L)4)-#l9pJ4Eiz?sM@@sw`&Lg_q~200*4 zlOVDxCa8I1*#Y)?&!=1S*6v=(NVoZgA1sFUH<`X`U4tL48?c7l4o-$Uo%p!RmeFH> z7@2(H)(%feNM)&|uua@6vwQC`uXb(VUKkDOEzmlO6ceH8g5p~lZ1ymp`)%1lvH7ls zNr3uJDRV@^zw+eX)-SrhGOa<3fu14_(ad#o1)Pou9FCCi(IrJFJlas?RQ7Th!((Ns z4L>_Rrhosfj)hvXXujFuy`s!&X#umlfl$lB0ZoyR3BP6i)7NB0`g zvH%)WyLq9(T7{M@BelC8>M%|`dRyD3{+c|pa>rJPNq%KnkOzu5(l%@(f#yGrLH^T_ z>GexH2ge|pb~5^D01l8RK^qk)x>?}U^=mc=VlH;EZ$bh z=o?_?X0N8?W|2do+Q76_xn4Y92*vdFFhX{R;o~T%JCIofgq62Q^aV#a%&q*9ExDft zCJO^>0!hP+3zfnMf`FOT$3kVc2GA(KR#h46iZn_c6`L@c&(;l^N%@FoVk}mZDZ`7? z2HtU(-+QL0MIN^BOkxK7SVn@#yVo;>>POr90Rex9OUG*o4oXDnr6lmpx^bB_Y^&EN zR?^Ya_fy18?>o1!ggk=IO!P9u1tnWlgIzC6wl9K)tQihq=|ic@MXG~VC7lN`-Rl;j zsM*t$-*61dMjA%L?85v(kN+C2;YJ^|?2_M*&FYO9kTd3y5)=y-l6p{}61=^@#uo*R z^qqrTUQ!xkK(LpN;v4z+nlMueip0R7lo9LWF!_M^=YcA47S?iEhyd7%-3%{Dh!-dNjn;Ni)9~r&Uyek%lb* zt7g>egkXL<>RJs%B?76*kPQTyD)9v#Dup81W>HD1Nbx2<Hm5w?(iT^;N|yook)SpBsjK#SQ*Rb}-m? zIF^wFAU3ipqxQj^Q9q##X0`8sXZ6BKt8|`!h2-3BF0V2L4wmwmHCLV4*7&^J9M)7L zWhv4s5Dv|{Z5xrKtnfd)RI3SYJAhR#KapCLh(Q)|)GpwK)i5O5s&MBOnf z%@YM|w2N9TV7IU2C=sRxkxm5;>xvV!X3%TVQh$_lsF(YlIOjzYwOK=T1lnw@j3ZEF zuIya_?7FK;s>NSy6s!$}yjZmmDpN-eoQ{;w*z1+VHwzWqf+Eoh#bV#>qdTqY zF(J_$=7AsZQXM}%bdhds5mYjw5bu5*fEbpEfF%#MmDa^Oh(pZPuPJ*yum@cOnZ0v7 zBvkl<6w@Uv9SBO%4w(=GVLiV8N!Ly*ZOf>n21PQnWe)7^SnJE^uzj`!R=|`WsQkoX zgZj71)mbtlP0D~8{j2Lp<>_wbGx55M9Xz+t#HhVBT=QE;r^>o?t2kQT6b0zYcM2St#YDQP>bt;2R*!50>M)aU0;IX z*@uo!h+9cZScAvXJQ2=scBaL`Pif{d6nQ*EH^2Y`ssP*C>6F6} zXi{Da1L8jaAumfv;n~z31gPAv@{@i71l6h_icl0tfz}${gb$uOhz@|Bs-6GdTs}li zL%RF6QPNfod4D^7;6mmI=4iX#7^%aQssC9H`n#I7NR?v4u;6x4M$Z2V4^<+X7)ij@ zcF9~mVr^TfOapX+Eb$e3$?A!P9qc^c-;)Kp??{E}>D6<|5=u@4FmmKhp}-c?s-HC) zO$PvhdxjR*JhXSNfg<6J4q#dghLdb08BrqLF!gy9=SIQ5*+8SARUtHeRlc1oU^h+6 zJB+iYJ}HYFbF(TB+||+9>Ug~N8u>?|#v)prlHT(~A+=!BC)Qj+b;h3w|MW`*pWygmXuSB)^3mV%O^ z)ilP;75)M5)+`f2UBxmP+7en5Qd_fQZQXQ*M^o4tJb9@O%t;P)7`%jXSL&d`0b77` zZF!Oka(nX3(Mr?Ic!~?>RqZn)GwW?H=P5;~d8^_v$aVxgb+daOb<`^Yzty{qvRr>Bis82^`cp9OlTX$8w?S)QysEn9_ zDX-oDIL$D--&Wu&Za3eGLu;(Aw-lr8orLEYmjRd0f_sF`_A^IHtlh6-oQkqC;+>Hg9=Wc{OIl`)G-7832?5HO7FU3@9+>Rnq#e&DXMVb<>2abz}Q!{-kLhNVBa zg3@iMLwZaZ=c?*5Ix#Zt+E69o9P#%l`Cy0fK@7@*6Qc7$I>cnJL9JXLk_-l5y63AP zd4mh$Mma?bg*epX-Um$mnO$!?l6k~XgK2R&U2{dDE}nlcPlnlr&%WuaLKBrO7Cw0R zlNWcDV9X<~%K7NG+X+~?=H%Bd%SCj1PDczZqfqn!9+8vms+mWP{g&JL(X~uHV;J$#jU`bS{pG zdGQ~MX^F|vLohb85)LqDquUy*tTBhNs6e760}XBU0N9ezGV6t=*_azkt`8mX-vgRC z83c^n&Sn}JEW#XpZUqP>HL7U6MYmtG?WpwB6qj&fIyl&fIeZyM)fO0!Dsuq)&jR;O zPDpU{1?!DeMrBKyAit}FtcOOa!9@8eex|rx%jg{*+NIgoAW|e(ZyhzJsr`Is`W}ZR zhr+YwQA)+t{>^+)^mbnnOYCBqR^ykyH#8v37U~fQlSkZFVrP>4TXa0)cK~VYJNKAS zF9w#TFC~XUm-1up#MKD)q|~Zy$zFQI-)j#x-uuG%F<6x3kFr%B-DlxACES?clI0{W z<7INHLrn;vS5xH@enPO43BI5FM8&rjS{z30pnINJ_yQv&0|M_H4%Ig%UHqA)frHUEeGjARueKxcPuqN%SMC*x3PP}Q)@HLW zUM2t7c(0PnTANvo7|@ZU&p3-cZb0gYj&AC5`E(jFOrz^}AL9IVz2>mx1fx9r5~EmooE2fQTI^}a}ku&3UKG~0?-o38cBW`95F#*qql zzdCoBN(jgCHSN4ho%)^VKfp@lx_(9`U9gN(s{-6QbZnlDzu;r!V0p*&_b*BFA#P0N zpAsp%D{1-*h>qdIE@21aGGav6x|ErL_`BwE2J5UJ))RQJF}m$pI3&4C@%mcCfIuo1 zTikvGXI3%totc^vAt%r~sVxeRoafsBb6-UKwnJ{ob(qZvB#^-2hDJSK=eB0i`XXAM z<6@f0-P>me0%9(Ce`pIi$fVa+_T9jV`@pesgJTm<-yLpr-MaWO*XgyT*34E$h`=7( znv0a!B&A;+bm9jXN%-1YthvAd$=NtJYi5?O7ABbRi92UEMTCTk+*(Lpg(KZQ9}*_n zgUWxdlW`*0<83ZmAG7~IkJsO` zcSosDUr9MF-5#`dB_+JHQ})h?MPL?U`r|;&g2>%SQ&>j}#Z5 z{S5wd_d-XQNDzz+IsGh3CW%Kvk$lZg?pN($^Z#}3M8phjMs9y_PY9K4a2xnIM*q9> zas38K4%IN@&n=0S(;t~`2qQVil6dBN$=%1g`2OF4OkNA!7D*HiNWk;NT1emx--UNO zp7WN{Nj=QIG-skuENM$FmW02U9=jjX-Q-IC9t&VlI9*Hadzn8DL9TZ8X1DXE?*wd(v&cD6G@1G?~&Y%@1SFFGEU(1*7EL4sY!4oQs9!@rP4#fK)qKFeJ#p;=-M6uU=Fl# zK_^mFpGGA1FuQmL-*4nY-bRuAh6@u0Oyi{oV|Tc$shWy6y7n?i{(e2)X_YzP%N6;e z={4oEnhLKASh3O`r{FP>iY0xGbv@Q!6VnnH;=kXbr!23KE$zWCJ4(AIDvp5kSTUyy zj-gG9-wCI`coxURbKcK46*0Q=)J>x`oS%_A_a$X!Y^FwYXtgMRXXyqtccPBYBuvm^ z-#qvZaI?jLpX76BCG8R#=?!jz2vD4;o^1)v{1A}zM^PkXPXEyx!?L%2g4WE9*gMO3 zTi!KmjXq$opG?rHfDYOMb#^&6zV)iA$k*eSS^IXYB?QEr4>`D~yeGKD;bba{y5;re zG5JLK9d1!I(tohE(N>rio>}N}t)Tp_8z_Txy;^Ocn^Qlpr!Cm z`jOs0mw&&2LXk%(L9A98(lzB~n72q^I#Kd*KgxF=1tKMY)c z`s9d1#l(qLE!Hii_YuB@x`0Sw+{@6w2E2Km(DJuk z4X%Ury>Nq|bzhMCvp8^*LeD`OQ(lVc$$=_o^YG!F;j zQZJLKBse_2v)9|*Q4%~XTOhS8wwuT>5u|+y(a;lYAcW-f#_%NspwDZ=@Fn)CuQ#|( zT{<aNJ8#ptWr-^9VbeX$A;&y9h`mUflu%UK;-1ZeYNIf+buHr^<6lA0MQ zg~9vIQU!(PbtE`Y5pP4u5Cztm!V*puBez6x3^eQ;2hrKSZA$NWzjp(#3jpq^wXp5gd6NeqIef@E;_A_{le6l|iA4Pm}Tj_Es_x5R* z8>&rJ6R=;5={eJzhWC!N-TE5r7=w$cG_82rBie9Kq-GH>4N{F#_cS=OKLt%n+tVLw z=jv8ll|;*G-XjuA7IN2?$6wnvQmSSiA!)Xcq-3d4+9uEs;E)3F-@8BXf776hkiGH; zPmQK&UJMDuilY%$sLJ=a3bSd9E8APg)tYm;=y1YiW!NdLr%kI=96lWS;O7*`t;v)D zx4Pq=`B*J5{6;Mr;nGy^UYG*4Rcm!nEqLls>Sl|3=34myRMLR-W+nZ8N?*R<8*;~W z9Fg+(F6wqg37DXtM0RK5z{r=yx zo$g(hsK&k=pW>}(Juh}%jEQ26B*o^6FkH`KhVx55thV|fz>2j?Nq@7a^M&I3S8=^+ zgxI0KdWz^sw?^|yo}e819WQa`ODu* z3fD`_DL)T?JA?x@So!*Jz;Ax+W2$=v%C>kP2tl;$EE?tg1CGx1$qRfz$LWOl^-@7$ zlJik?%y(e)e#KYAe504@c9pk$SEbA?>$xXoP^p(H`9>WohtN5%Hwr(BBKDv(uqa{* zQYnqP^bLNhnBd<6mC|r*(`2|w+MnHSB46}m{E_KZ9m3%ix*_kubnT^ptr|!r>&XwX z42TMktiLmL{;`vkum8Gpd;zJt*x+L_y41Fs(QAx$k=bGFVRz)C0m$P*wrf|j3qe==l*0ZP;}6O7o~q5*3)`cBD7;Y3WpMVL=cRg6sLr6-U&I@;Ladb zaF&HoA;uB}Cw^a?Mr7Y;JW~^!K|*wm=>v^nOV7{!7Wh$c_~L}B=K({=du3&f3k*0y zx(0prbf~*ZV=|J=free3kTkhx=)NDFrYa!=`cYx^HP1Nk)1T6xEp1%Cw=JxM#`3q# zvFr~2BXxe`_U{Yg$+m`f{sF}I_N4;$4*Pw&hJA%954~jdYC$aV9P6@Ab!LB{qX!`9 z<=;QL(GNJszS@YKeK2d#`?;eVizqB?e10l$cV%7TjQ*nDh?#HN&N1ut8{dQ;tzu2J z2TW?gOg7q0#WrUe;ueuQtSx(auoN^@=)E=M5NBduw5V;Sjp(4LK%e^=%n{r*{E^X{y z%tfKZhO=cX#ho4#|30V&rbW%H6vwt+|ZqT$Qjto8qcrt^SG>VMq-WeSK2ii#VY zxN(oH0QU@MYG$}cX=+;9WT`mQQgc)Z4}%0h?84Clx=P@t1pdt2x(7uMU@P?aPo?LB7`dhO7qP3YOHhz+g1A&)oVob9{9 z^hA8!^z*Hwnm;*Tuh@QL2fYbnHvJm$V;{g|I$4avF$w|){^scyXvN}hJ)54tqt2(u z*kycU;a*qX%W=9tdH1l7G?fr3hR_XHRF(ZvV<=%WPbiVr!}A^nx58jl!Zkf`^n4Lf zL2*wQlQ0Qt zbr^|^$a#Xg=<0J^&@^yc+}9292M3OwwYZddq`9T)@XtW2^V{n#2QSe$v8(`uP4GrF zD@NB>=iAbD%Ut$}gMTnZ90Wg#^g9m{C`(z}bb-Vk-;dKPVzvx@J8b{R=9uLb$c9|X z1={C49;(=JQ+Z6OE??!c-73Roc6xF@)U5Glpvu@SZ=!&IqXFf9FBIWyc%aj)a?ic; z9C%2_oSC8Gec`)y*?ZPO<~QBWGrl%6nq)~C;yZ_|cSD%{IQ2c!#9@Fn{fwxxSkupE za;y7hSd>23`eUPD#Lt}*o7mloUcCloG}TRti&)1ojja#@vF#p;W^otuT0cQ`g%IXP z$aZsNTJBg2(0goks|9fNGiO;&`yahMQiAySlN^)}XJaJiC7!Zlt(=Gq(p>#07J3j)ngom^ zaJhDeE@L2Y%&SwWJ+^FHe? zftz@On00|XrH!n~i~-3tEw|+&$onLU*j)jCqTC|WO0^5x)gH`#wLuNn{fV&!tqv7g zsg3_E#V3j8&0I&EI+_`Y6|;68h5TT@QXxrK4frJra@OTJUmp$Nq_Jz=ZCid>&Y-$&Dp{Qt&RP2Fh7}Ph5>6QyB+&I)01hV^EORGg+ z`+|`Lq8t9XqcBX?xAzKsP2R<~)*E9*yLuMW7}8Da^_P?vbnBLA{Nc9;Csjm{zbLJu zd?$aH>R1?7eRuai;RN_mdwL21XjAlUkM&R-i9c~?F+?g3@CjV4>6m_>NGFy)I4c$< zJKRulZRg|xk~PL>+Zv|GY8_05W>wxD2c(xg@p5{L>(o)4RjnJc4RH$ z;%J2UWA?6cv=iOb3=|L5Na>vW3z7j)hluF;@6(EHRWLh z9sd>pO{0_l0bOoi6d!(E9I6z0{hG6DfDqT~n^v2uMWEWp(&wu?*bLVGT~8&v>6hQn zAPiQH|2dT;3x&`pukmgZYxmE|`Qfi6bVLubn|`AkrskN0?;Knt|8IH)z3l2oV~^Yu zcT*Pmx$4pmvGL%^Uki0QW|u#;Qc7y}@9SbUmftxl1R4d3_lEZ3rV_COMd4#V&lQCw zK>i+LxdW2ioLFgvzc@{Z++9{lvAt&1_Y$Z}nbLZ?k@91q>AfTNyK)>DP|{Bg5g$?_ z3IT1zpvrNb1uu(3p!iICysT&)&`KaA&STN)%5qRz|LXwRJxkarP=^jG-z`BIH4WYVYQWqt z^SuYreD&$bisF3G*oWmFiXs+ml@RutRx<69uilD%tggKW4^@wc~= z9T)fZCh1K%OSG)t2Zd&a5^$kzvA^pNSUEi(SJ9t2Pv}m|_W@ziU1~Ii45tZkzsY|C zH(4#1395B{F{cT0w_n&qI;7HwXP7HEjxMj^^e3}kfxg7IT#Hz+tXu?% z>b-)|1^J=5;fKzLvyrKn)cv7qo5YQNIXFJ~q!wc9h7FaO{cB5+XDfFzF51io)|+1P zN11tX)|5GZw0{Qa|FL5qR9cQkhFG02#>!T)6OZsfirv43)CY%-^>#r_U&m4t{r~j^ zXTR&I>3+WZRYS~vuRWB4{{Xv=!h(d)2nO)@dWj_qfPX7(0COWxl^kb0|B^x3qu4##rtYJ+=kq9$J6=>3~IOzeE`87>Ys-P|%zvsiPcKyA})aI)@ z+o6$DiYI>$lMv?MJ$-<5#ikv`?1Pu{~xf=atP5 zE2{!=vNzu=+8sDme7$*VL($z`@os29b+FBHAL^XxlG zIs|{}rtWABg)i&E45kOxzOpMJH7d2^wMeMTB%)@!I%EZHlMF7;L#=M_jkdl zSFFh4;KCBF^cPvDW@&o6b9T0v za0_@&%8{o?F11tih9?z->U{I!Z<&g*g4p}Zp{)bQK*`SlOI?@~tuq`K%~B%SYsv*& z(UA3#e-x1nahwgMXIg|jaKYKsm^^AGf;zpq66AWm(q(h|YX4weIsl3Z9Et0sdT+wkERfO$n}zUgaH!Fqek4}9rz&V(0*j0Sa^C}COY^4R>)wZ zS~p~)9S$9Uiq^2dTpQ;=2FP>DOa*SwEeM4v&Ggf^R?oeF*$;|NV+#_`f(zmwTBpTs zHWP#q^%7CV1#cMNNeLZOe(w7;jw4y5iFpVtde0=W8jTT$){YI@lB515I2<8h$JR~z#Drri;X$l!;zs->v=`LX6 z!AnbF8i$LZ?{WI1+3D7^VTeRG%G9Njly-E93OKvSyPG{TF;-igtd@qMS|_K|uq1L{ z)c-uC=X6A}AVfciSFhNQLibs#8*xA^w==Kubp^Fq0*YpIcfA7z5>^l{7Ize=jc#f8 zZYmOph0S<7JDPsU8flyfmT-4jE`dN!wz4C7z@mY*s1rVzZXE4_0C)4U)43}1s7$2o zaOoHx4ocFE)Ez8$`(nX;RsA))KFyRVVK^SI8UuAM4djAqZ=8*_Kq1Js!?f@9niMc+ z3K%zPP>{ELJf#o}JZ|7CX-^ce6v1f5PeSG1cm-v+B`%Cg+EW_-n0+4fLap4}#@N;x z{M0_1Pgp$gg_-L(Gmi)LzwRR?VG#HIcAfYS&{dW6&{md&_JtRlO&3y;1Hkj^Oe)4Q zbCMbVW?rMHIo(3vr?`OWnYj`Hltn;9jKl#+Ik*E}{-57vaG13WI;otoz@B%)ToNz0 zhgLNH-I>6`s*rMpegC~`K!7z*T8Sp=ty?dk<;eLIlMqN z*^uj&>l;rse+F*pCgvI+FgW-$U9P8=8QXRRuj_h5g4)6Ylo~slwWFn%U$Iy;8`IPM zSIfPE+n8fi#w3o2m^X68UCr~xMa7|c$RQr$OGKmXA&mhK`y%LfGUi3E{u7LOW&Q$8 z+#6(HqpY9C%}jdiJ!caja7`^?z35`HDzS}(WzeCLSQl<)g}=7`+gPqycU)Z2!Wu~D zPzS+fmKU~d>Z}uC+K<@#KhK05>D|udrZAECvxXRShRcQuN6yR`=u(aDyEQy7fjjFS z1k*LyC;_h@cPN$+4=9iO5>4ROl^Rf&`K{ryZof-x)?5!F(3}q?+kAxMldtN-dF5-a z8jcRNoWK`M?q*hV4S0uVo$o#k3q}9}ktm%8(=9H0Wd05TMck~P_y?``Hm-)Xjz)Ua z0E7e27{rnh1I{^(7Alp@=(>lnfe$`@3)jo)2=d=_>v5m#w%KJ()<1Jz>)Ws z#4Bok7|9!P=sy1j9N&@aKYv{gEF>zAex#y3q9mTEHv@Zo%?cmm%YbLD+zH+nyhEa& z^6cUS!q(*202~u*!3LDl)YA2WJ>!5;SE`yxX4I{c8~cH&sFM!ZjKm8L>J`J~5YKQB z^FSyRr0{OkT35N0NZE7AoR`HNh^qv}JN4-;qx59=mJbqA>H)&*BxTiSC6+glZpYPY zp$KVdiJf1%y&YLO2%2sAzR&1(dxLg7KIwh0LCeO(nOT!qnfQ9=BzwvNmTDS=FZHsZ z0*-TN0BS3juM!1~2VlF;_iG?>yJIlc;?DLYW+wGGpEB+uLx;INDp7(E{P3uJNhg?l zVKRzKLe!6#`@>cs;hEqTbqiQtT3MEQ&zqbaf{p>PgdPyDXA{jgpuh(tY87iR45vZb z{w0FGMuXdMX|=GHU7J>`0a=rZJ?QE;hTy4O4{Q4hLp(bEFXhZxOTiAJi-RU50OtyV zGn;Ap?vpJ~=36^)k&%TdSE6W;lD=kw$+!%JQ5%N@Cd0W3-c=EVds#rg2vb>mnNzkhpWIT8VO2qgVns>UVbO)KHB&eTSAvS zS(eagnOHBs8PS`=3z-9+#g-1{D$at*ppooz**}xJtNzcLJQ^~HD>rb=5dAQKc6V)@^AD9n!)Ai(p{iCI|tlEfS&PB(oZ0+aotQ2XIAwy$mwBv zU?pg%6k1nmLxYh*GXx*S&o&2o-uG@}j<%;pYIBZwTLC0P;q-ByxV6U7-l4`ivhycD zYCTH3RZ;iFuR?Kp(UcDl(*-~0qscpzbm7agKr?kkrc|Qw1b?`R^=KesCoQhQwHvb||iN;1#dL88e0@FwQ zpLO>_MtB~GeLuVl=Phz(hS!QrFuuaAN7r^VE^OW*i)$gN4aNhl`2YFzg(5S3?xM(M zs=U$;A5|4&&A(ajPLj0n9I*8%sC&0=Ci@opjq%9%VheKpbyJA*Q`b|g21@(SeLJVh zo3Fm>6Obx&krsPuZF>LPl=s}J2*A&)?mJ~0*EX;aSVYUe2^62dqb0iZR_`PuEjhjP zxwG40KSPhy!|}p|%k?62|9gQ$;Ga`xe>Nlk@zwi<3&Mx2c`Zh(wcw73eE6VG*osD} z=jA+Png}CKLzqH_iI8E90EWD2HIF{~ZTX4l1tNf3t`Ur#i-ab(>wth>XuSGj=g4E@ zfs^;nug;{%UJoQ)_jY`51QXW$x%m;wQTWcWg@o(-OX|pTgbV+tj_DKO14J(O++jyK zeb@sJO_5@z1+M8*tO0f591hA3tkEC;A2?ygNcMlYgsn+m>aDMKnWG@yY_09djb6W0 zv4@|OICg{E?3o55|CXbp;VrWP+rjidI%@L@Z;zVGj)Or1UARC&?bkx_&2y%;5DY~| z&e}`TP6}pc+4VnF&qVTbu9^d|QA1qV?#-JA$w*diCzwFBO02Ru>&rj5St94Y2t0tw zCA9`ZkG4~+$VLE4&kFMCnESnAsUDw}8Oh=x0o9=Tl2@IYI`Zl6kW&#^4~;4B-*<@w zPm*?$JLFmOn|IW3y-5c0^U%6;XuuAc8OD)zC}fMy>B0g-P5S#plt+uI2J(cww;flN3>##K5jCEk{Ak6PnvXhI7%ML4niI)1n@LCo@e*#5dBS2-7~_y_ymWT7jp zvk&99)xOskxsS-|P#*sO{^{htPe)b7nv#>}MXJ_|W9WWidb`kTk5g!PoTgT)q=%+H zGDMmd-P}E2%f|9Jpv=Xs1Y~9$%>A5}zhGF|eZnsQgINdM&GS-oGMcn}5yqTBg$jO7Nf4VmR?$l<)tiSC=MO$y zWILR8?p-;m3MU*jvi8y#$0~l;FboY;#{9MW4>0N+NJ{F*(dUye`6LjeGNhz`sfG2m zH8wP4q96;eupf@Xh%8Ux*8Ta8IPhnbPh^RfzWFJc-KeKagu(p`?v*F>x8^Pb4^p1g z>pLkf>caNKN8i(iEf@j4LPOS8nfkGd19tlX3oV+!o*$coqz@=JU^wo>a!mRQ+A6L2 zqP1)**wMXeMiIUx_g;K>f3Us7y-6RQ@q9pF;HP`M&M@OYAOWWQ?wC21H&XmTc6)=J zAMBOvEgzk=Bi(wvz<+>3P~Q(#aFRJ3AwEW+vN0HNE7A1T#b#+w#+K`uT+mGB$1w(j(8pu|1-6|%~y=ZU1Gd}#9`Fm4WRp4yWQUf3ixObT#12@ z1IjziJsBqo;oHHKNk&$t1zdA*aMvD2Su`e9kFL8Gd1ydf?X81j#N@;b!*}MO@5TH`DCKS#kR%4L8tx<%ww(CHM2od%m0Inph?AiVk1S$5tj-UD|q8^+Rbx zvG>-YFf|eIV*Y4kUv!0*cL!u;yWMc)<_Y?Gkh`hnU%ty;hddqYc$`&*aJ^YF7kj$< zM!)s$HBYg?kkjwb_P8R)k#p8$D26J~utq0u+?&5FTJJagfe-Jk#eGuicy0#q3|(89 zQbSQnQtJC4|GcT2;FBAex2@`Swbfx1=9!eyWHbcyAPk5U$Tr|KLKa*n<6M2wKB6pD zK9LGt;@Seds1?#?;Va^q0RW_m_6bGS-pJ1V8G8&4fEbfU!;R+=e1aLuG}XK+JKay* zA&R6F>?WIUSwGe+f+pq}!hTbCAX~Y;1 z$AC^-s-f+mkLm!j=?JNfXFA3qk8K8uZ}u8CnClz<2Mo$Ot#r!&8?^vANc>W~nBi7S zB+L}arhp6X@9eGRAARSXJGLY`uUF7mu@Kv_SP5l7LI2)1_g4 za*-pL_hva}mKDas@;kau*Wd{C+8}A|XIPh%<%8)aXgPJ6bdOn0ti6{AngZb_%V4H) z;uqNdfy6UEq}%=YnSpOzJi@8=Q6X}d_Nbu;bO90dUT-)zL-SC#>}Nf_A_hekh-+mh=Y>Lzv+1zjVvd-bpu?srX9MveFyb zWy%_wdv9#O`IHwSY9Hmz&d6zv{@5Z>^g@^}t(jpe(N~pAy$)tMPQU%c0GO+^5AQ@< z8Q%9)>T=&{692+X{zBC3P(>{8$}D~ z_<5oHVmfS!)y;J9x>mTN)i?2PV4xP12 ze)cRykNyRd90M$lfPT7!Wtuu0N+-b%!5>c_ffFa7ewwdHvWOY{r#{(czA)^W6EAXS zcVw|N_3WUycQqcCI=nh)GqESo&NWv38RqF}hrwPrG7BV7$KW6jdJieHio^SiH?(Xd zj@KL>hE7WC$?7))kuWbJZ`4O?{pDX0tUZywaNUC{($Humo#!gPgj?^G;jviQTv zFWG*@{2et8=%v#MgJ zq}*&O_evXE?`s!>yp@-Bf!0+b%X|zr@!n-Nu|e)pj_j4}FRQryvPXnwTTMjkMVfTO zxix9tE@qRc+b^HbsSz&aZe1HaZtp$T^nSnOGh1&}xO7a&Q*dL$E16g*_6jWiKn;Ze zqu+Q`{v>YpVYJi89${;3Utvth-}jQ+t0FbCTL;?4L;>CN%p~jo0P|yuPTJNH6^qjk zbuxzi%g#7IuljD~&@^Rc&cgvi;Om7z*T7(P zoX6u-la5;Jy|^2a5Kg)%Q6XJ4tCA5>lGH;Z0^vS~0~Bv&P0H7A>w5yuajK-5gKdOa z9X7%zPG1vH%Y!1R3GLjt=H7SUG2gp6)X4G)g)V{T-(DzMy^JT-EabwEB~38JE!BIPJBD_zy@dI+!c{$!Pamc-UUy^SvI!^q^gBPbVIM zi5N0#Y~xMyx7Y zM^)!1r#MGAACWC%vuJx&$85swDI#QU_h^!3oX!e5uxDLN#z5i~M?ZZ>Zg#|uud?x$ ztRRmv1hWrt)CTRMvO2E91W=8xZ)~`p37E7Ywh>ukQa}#*Qt+ne{1^f6h6LdPRl>Bv zVMeOEvu@3R%P($~l5<$IPBu{zMw&Mu3F@tW#ZGw>Aw>c4x;8dmdDHker^VpvM#>u^ z5@SC3A>uS3xcMt<=_r2nK*?E37simM7(IbriOlD|x4f!N@mhQ^a(yLL78ny(>JN2_ zqlah|eXF3-gHm}z->%1Tsq=g{*MPrs%B8*(D%{Y*evd}TXfOm&j4E1y^DIijO|MGE z4rq_(!8zYM5EP!u;P-!gf@I0czkAcXCU`F9#5}my5@z(S?#~>;T4AmF(IVNp!LNgNf@ihkIm{EVE)Vt{rmQ1+*-AFs4AP8FH=JwtA4)lj8P=9?1?=|w1$GU zCt}J|R@95o11HGy{NfkVr@Lf6i+%s2WvQ*`U{|8XmVq8Kb4l7mQnoG=;W_3-osIgp z4`3O`;>P#;X2aZz^1Po5IW7MI4WbmoBFWaA9rGqbwupGU$G_Opt1fA6J~y-FdiBEl zT0JvQT-v(2W+UygM{(a*y2|{M;wd}9gK+OFsp=hyd!qrBHZi*aO6is1*l%mNA{Nm< z^sfA%ltDo2UmskMWu2F z$M;yvVG;8AB^6p+Vy|3@@iQqgznPbkeE~PB9~4>T9sa}(SFGhBf={22jV^|~Y?hFY zHc2W6#7OZBo6OqaazK3k51qkEnlZphdz-)d{Air#DaJp2uF(h-b22!1aX1-10t23X=oG;o%-jM8*z@EQv z-^$6}30{^hktR@jr8OxmaWzqovK<^|AE2|OPMnqO56w~&UsYZPo#m%FMb!e`E*^=pJtG#Qfb>G)-A=Oowju0q(fuX}6l{806v)>4959bPnI_Kx z!?{?P9C-iMxX+a+gSnF$N&!ir%b)xcC9dy8zax0$dXEo77p^xJ4u9# zbBrg@ffk%z*wAM{On*Up(FwoUMVsFgO#_%oGE8>j+fIh}o+r1~CaIckH&+{86w)OH z#p?R*-0e9%WFS&DjPnw0ZqI--iy2cr zUo+E>-+bK!qzy_OiQ(SuVQ@B`Tj0uG+N$EeaDiU50BX(gjeHF0s`ha>@;1Bg2izuh z>~_~&!s&-qHOz%{G=C0j5)(kYTjZCIsuWR+c9+4!hZUGHjsR0gYsPoUe;cDXA3!~P zhY7pylRm|k)+_tgP?3w^;XX{?B>&ZNmrAV#Iy{kY;v#YvLTnbVnEs)sr}pnEGShL< zx<#SJ$zHgnwpF$7ShWF9U1GCSR}zYVwd}%Ns8!OweY0?b2~99H)eMlScx+b5Yh?Rg zB>6Jjuv$@b1c(CE{#MWoz>NI6D4XL3do+OF?#T(nkehRtP?S_Cr>grSl6)XSczl4n z7Gx_u`F%S-FO+(i<1ThR6AW^q@4*K5gI67Mg5 zC!wCX$h*E5JTb`?E7^H3HURwe-PX~1`#y+6T^KkK^l$#!p0Xz$;7Xx0&eYV*iX(@2 zu_jAfZy3mFXI#i;3DePLjPJa;4+Tya1<^rqzehYOf{dmzX2|6O&d2Afu0V#{9u?DU zUzQ*YnoT$RfHhHb?}Ey`=g^T9dSZ~k17ZEDT=!8x4u-OkuC(4UPKTN;0pEjy6TaEkqI zeHfFk8zj8%h)y?%eJA4KOeYxF`&Tu-2dp|Q$7`V^GY0RCPiZS+7BX<2MwJ)>E4H=` zICBc+HC`!EGx8u!*3P_L(h%`RTWW1m5URGY2^8dKDxLG`v)EvmFTDT<2cGSA)s)!hFYCkb@)kf^ z+TQ4}^af=Sy@$*ub&B8gY?ov;J)kCqhWmMY2weST?p5>sb7*|ZpF7JYFgL}2FDeLh zN}Mac)x-yViDfV}p5LE*;2!Y7mZp~ws`X?VG5<|kHD-Vf374)@-|@ECQMJJ*_V>R3sF z!sEfL9y(JVHQw#ac=?DIJ0Uz*s#EaFQK z8LWu-H1dm0IpP6}8iAGci-C|(z2&d}R=B|R&z)pyrCZP3>y9fb{oYW_$-or@v~`c9 zCf{Rr0)V$3c$~Rk`Yr1;iblR0*JdTAf$AQ6b*7OY|M4ydcJ`cXn}Sn>jwZF=f7+yK z?44KrK)fFFX(jaDC*PU^yV*D+YqTcl{q2rnN#@K1)?M+|`nw%am=L|Rgl=o~)RO?+ z4$;PVF=I)e&5!aIlp)Hk_}>?Yr1m~Gv7o;d9%7 zvbTIffPM!7+45Y&bcxb~85y1|Q~r`wIk6^xm>|T$W#=2x#767*hMfWO+<3P#*?-4I z$nPbX73iDfCc-tmmvZ+}#%=g`Jt&s&$^iyefq zVV{5c3Z{q^hDeaY%=OY9Ns<7-m(5@ISFZWhPFv_=NyI77AEP1MSP4td-{QaccXn#i z_9F3@JC%gi)STk@XSw%7_zHV(g$1(glA+1*&y~wrCV-T49e8JTxkaAM=trH#Q$98mX{uQ>^!lHYh+?}8W zEa(V#n`S-c_mu&_?i)de3(3Z#9m*@dyJ|P>1E#lob_w$T10s!7mXbfi=&96CM7_iz z@Zir0zOB+I-Uog@=g}gej4i$k`$LSG;y6uAeX_FQv?xe4lpqMzw+h9iwoPnUiy<*u zDt(}drLf$lDhNi$?t2+0@EH0QsTPv>pj7e;k8{IS?0a?kG8;DE+bpA_KCFHKYJz^3 z{hK?vEn>X`b&wl*KFinVa^SL2aon>*y~;ZJDt;IQ;ZOG?h2D8BL=3xT+Y>b>40@3` zq>HnX+@S-66Ojzh=9RqgXP=X1VJ_Fc%y}EE+m9f($-g(DDyw5EJbmdCMbLdD+BY%} zS<;aDSKSZKzZK!zfeoyDe$MA4L3+B`)5VLyF%Hm;C275oD7iPPeI;lrjGQ358@1&q zN^?UfqR*CWSDX;*`a2GIxs6>6{J@O#5ckxKZj4u3W@I(wp}CiTHp?>8EbMA%Ppilo zGB`whjK!|>rd+51-G9OXxvcllW!AYsG5hkZr3lk+hZX-g z3Hoo+rwVOBrlh^KPpbn3eE-{(k3efeB*)`&m6;30)Lpzdswj6cSN+;5Y&06__U`ZO z){QR7V9C`Uv%tF$MoPYoy_rl&ZAl_X^6vU~CKck+x)GWc60HjPws;+zHw?BNLEH}` zQCRQrNoFEAmy`$gihToAcWTVH#^iFJkv*4E@0#@I!67h4tFq|Ukrh8PgVZD7gy~FQ1AE7$DRj)7Es_&Btx=|@yPt7BNb_&82CH+774% zyPC@Y%b%Hgz=V?(7|yt}ka2UTdZN7~5gTk(?@guUO$%J8C{X8Jm7o1AsNj9g?-bc55S^1r*>Q0x?mfK%toQ=W)o*zikyAX0k0Udm^S()TNsN&Qp{5q%VJ^AWxx+8Yo+2 z%~r#LNKiK1Q!;;^ z>rvLp{Y;9eW1+Rb6qB4%{%D5P8T<&*OF)#4Tlid`8Byx3l&AZiL11vbju!R>BR+%u z4@zN9+f2ERvfQ3$o*5)e-6m$1F{+Rtnr3$$f(GnTf;wR z;b7|>=L@PlTYPoF&x?jG{5x;XbVIQpg`ucaJpYWs2O`v$WHT)V8Lea6vQoDjI+Eyq z3LG#c>edAC;`h`ZAP8>nnXmE;nt%3;q5~mz?7leg_9G-oFX|X|>54gvafAko^bCzQ zqwJ&X6ym`RDg`qIrl;Yn88rh1S4NhnCOSSLvvd=SQAI>wP+(kMcJEPlZhuZhwbp3!VZywLSi*t*jl9wPZaCy zNe3Gb|K!6<40X}blhY+1Wn=)(57|{WdzNr|_)&4T&*URHB~gRH$+4qhX{W(^!@P!3w$X(avJ z$Axk1SvJ%U2Y`%~>thY9V&KVec2lsY3T-rDxOJ7M*{~XN9N|j{Dno|Ndfcia1UTNa zfDzhRRwLO{2bGmm=$~&_6V&Zvd>@3Ay}9gFDO+Qr)T}t3$Ce{(sF6O zu3+k?RTc&f{WgD_-ySj@AAFZW-!Jzh>+II)^a#D(XAK{+Fe5BcYEMypy9>YG%NwuD zmX~L5CG>@L*nvFGt)F|<3e$JGT~reO5MFdbUR4T$)=s}>FBD}i&`cmCqG+`)`x70! zOTQ$ws+@W2EWUA&#w^)U9OM`!FRES{j`KYF$%OY=)nd}&x+RTnGoc)AIvRtT6Bj zRCjyRy{TAh3(#9JM@Tq1c_G&Dbeesgq}%z{Fp?HfiD#1J9t(-|vim1Z)ZnM`Oz-cp zSVv!P(o4b07Is+BM=IvFj6M*C8(v`5?lK~R``SY967IV!xtbO_bc@ zQ})!g@(w7V=XC#VY~mB&fcaFU643Fq`k)x4gYfc6EL5Kd@w#H|G{Kd1f!lD<&?((4 zW}a#oQ(^R(^i6VjZ|l^s%+c8zSxSfLG3T>NMH6q&0O?N6%WYnfqwQp_uE7%nU1>vX ziJ$ZxDeUS6Ghx61*>}ntn?tM@s-K@yj$$7o@6Rt}$w;+{`UFoJu?e53v;i_d&|9zV zEmp5uq^^y`bUCkF*dV`2gkt-cf#+q!ce{87IeW(v`-Nc}!qEq@ff|q^=bA0*CA%L? zSXY2H{q^%B9nvK$f2H=mHM(_@Jo9;fi6*Eun)ulCL18ms`R4k|?_4OwjZKyl{?*jJ zIe}L+*se11YQ*m`a3CGGjuq6dO3~s-RgJL>|0f(>ENZ8R+MoiFwPhNg?F%N7M7{!Tobf@~<;HI#viVB(0+ZAelDvTrBmb7N7k>3q$CD!qt&B)46i7_z^p|yONip$_>Ghya zSlE~Z6d$Lj4$bd)-iMiJfG%pptb>?EAbACohx#Y)#bv((KB(*8fxYzY0h2(>0#brU zenwl|#4@pW9S=0T(Y z+4L-F$Y%J~{n$qAFq5usDmSAj9&NWWEDiBS%2L0BaY&&a5Aa(>@^vWN`HA)}W4k|q ze@_!ZO%<8`(&GY*hWJhCM#ZwQ)ZikwBX-Y>9>?XbqQvR!(!mTB!iVQ=e+xHq2PhQj zq9kdAH_aqOVd2eA=o>^%j7mW|n?SeNRXUi8Ne$_Jx$bB(f(Q_MkA4eBS z&pRkT2Ok2I$l@wvM41vQS#XyvdSje?(@V*U@|_sT-Hq4ubWH)Xp~Ml1#i! z#3m;uwQqS%vD}f*$&?yEPfa6s{sy6n*9A5WQ-ggg087f=^gUxClj~cqZ@3K+z9e;> zS7&Zo8a}IYAS)Zx_d_%)R~46LEt=2TtJiEEu2OJN=sbIMn}gu`9r0~Z;IfW# z!;+Qc>}Mp(n^0$_x6ki;B?sJAnw(t-W*S1*o2PN=;$K;=F8>yO<(ztn&D~j71?eFv zuRI=%n?tE!#ES?AS#JOq7~z*UVYhAm1olCaWf`T~rEK{xA!62v->5w5o|3S1do#}v zi4iNI2u-wQl#fUDg^|lWnpaQq$ZJ_(_;&y zG23Gtz`7}eES|p*$nP!{Wpy$icX6hSi-jYV(gzzv40q3WNNEmTR~Uzzir9aB+4NjzmdSynOaB+q_)cTD$I=Mkz1hRkpajV>W*erzuSRPmcVOo!Id$6%r1-SaabLi^m z+FQvr3?)eiGO!_{-kDr~{bIG@>(^_Xtx)-ebT)Gw44D48Xtzs-bHVRPmy!Z4w;yw5 z99BJt8yYQel`{qjtvRL`Q9$_W&WwjUU#KzJ2&C(@4FW1+z={N;^Y5l#-hAixkCRfk zM|(8?hPhfgHUe^v=>UWynIG;fyoCSE`H^*9sXc+81gD|HBH%Oi=5eM>$@6attv9ssl%;WiDK6!dXRv=wQu#kX%IfK62tyR7R?(_0 zwQBEB1Kc!Odgj(yp{$>6hOH`NMu$CzPMr7s!OC^xvfNrGtT22{3BJWiTMAh`|?02zqbE-##qLZ zF=VS48e3TlDY7p!7$lV?J4H-Xl58`UL@HwlQCYH8DqBO8t+@fkTH#$o*-{wEqFEd`=k1WIMT~^Sg+*MaXzNjq!B#ivGdu@PQvBTFJ$Awj=ULf zKaQ3-Lmq@9zhnw0+#^2)zFJg9hy!5~gK8KET!c`> zi@nN&DDv2_*V*_WUU?{0vdFG~PhLu5uwtW3>isCa^58o$$2nriXoxH1G;g0~_!D@T zjUtaB=c$nFe$Ul0WG|Z)I&U-{NMY{?i*f0G`o3Sa8)Y%PgMi@`k-ji2tR{`IblsB( z?@agIb9R7_Vra5G>Fxt=dewD>?P3jkRE7q2^GzJqZFWGpNx{jA703q<4yV9nM5ClP z61o$3vW4;@B*H`0t~Pw&8_?r8v+@vMv#CsQlZV}l7&E0JF4gAdK=Tz@jcoxvcH^It z;s=6tTus_tFTLj|sAE}`?gOtz#a(()lU1~W2ULuuW9Yl?!!P6$(DCbGvCie0oF4_P z^tPYfH@vR+`oOsX8$qs$$+FvNI_m-yAMOdf$ni$%lTRK7tr8d=1DAYC`VyKBc3Jf` zs^&;C0&82$MAhIj6R85*X!+Hpp|pgOtbP@K)Es#cO4Jd#wj=f~JV=6vBJ_Ck0daD> zOQLY;B$sS%uERE-coSSgswR7naXP2V^>Ab=H+&8x4C9}fwNi0)QXiN0^Nm4PrMg0qf>%B$Ept)<)S9eu2=GYG+?s0$LzL}=ViwNUMihliC< z!Zx>wE7%@A$1$|Y#+@*LM5!AEt&A$sl=Un8qeOMt49w=M4X?6aa z0~QKA=VT7r!4zS}4dVrF2V;x|&KZ6xVQ`NtH`aBG{-2*+V6g5 z7nxEevzCPJ4W`8-e!O zG`D()=UNBr6eQ@&3wZPiyxIL31^sX0X{TD(!RL4(z%3gTpX;#k>;nbnDoNJmEo~)a$Fs(r=VaE;Sp;Urr8) z!#>)RCYhZakci=LhSm{uA-E+ z_JFs_;l`^Qxhfx!(-(R=z3iOv6mNl`w{yI) zHQ=G~__|=>)jGE%2kvH`N2OzOj&C-UEfyx<_SqQ1p%aA@*m30J@qJurRlA|QZ)>b{ zYOPnRSYZ-o;=_8lR|g5Jn2Stu>j(Fy@a!BocE0b*cL|dr4teB35&g+aDoTN}7LMOn zkHJznV($inE!kIxNgo(xLXK9HV4uoJ^>}rj?J3oYKoR3>wz;(#3eZ6i< zFKQpmVRe36zT$ZEB1kA{_I*8>Gp%qxX#Mxdu|{cQj)^g)$rNMX)yMkxI*59 zzQ9|um8-Xk>=kg}&2_qz>r~8BUCO^AK7WOr z-pQja=<;z%Dv@Vn!Q8hp_cxAfjKq%N$`zcPaCP8t8i`d}X1*wcD}yvQw@VArz;O&SqKj#+{|sAN>| z#>=_-j8aFty*|YJesoPU_b9aOSg^9GhOr3jY5AcOkM+!y_-*9*&40X1{DG(SL%BXb z#Utojg2QLeiSFZQZP6=;;FxS7*DNsO(>RIg1;ymIrFJzHC?llAPQsAi@rq7$i=CL^ zz(FKBLM^^t&wtIOh@*5(CU%7~Q{{Pv_@6e-+Z)IuhjIRHpZMpQPu-zHOJ0h0m)wd4_uB2ImmIjhyOhL?9k%Z9Wl6mE3cyw=(Cs zba~Za{J2%6kou9>8wOc2O!eTq-P*0D@WMo5RbEP;itlcx9d{$wpFMf(8AZ6=kk{g< zy_ZjNAXnnV5n%(A@fR^0hdh-D2)6RXd5?YY_{#McQ3VfBt=&hDy)cwTc7Dl}^{~v^ zxFJKdf2U2HaZ}sryF#0lj8QVD-v`O)UsFANdkns&g!}k{g~GXYy>5p@s`A$I%I-?m zlx}trdLSk6@RPWQSi)gP-MjGKRNhSFKA3pVb~XMl`bMwy8DLSXf()146c4E?j9Vx! zX0S8$gsi%d*UV!*H!gQ^iB+fg{gnG6P%Bpirfi=)FIjddiT`fCwp~2mU1*SeGGljq z?N#~rZ}gAfo|@lwS2L?PW?M!27RCj*UvsY3=}w% zYV@#tb^Z#zD?;`+v!8AmM&*g96fHDyA)YpEtDdc>s94qX*3A8RYSjFFHATfT~Ca1F1($Qs}*X#Ba!pU^WsXm^Tn638se)`6OqN~&TxK5 zqf;T(E?P%#1Q~RWLUpk@xrv-Q=b}%XGW0$T9x5Q~$0dMwy`Mx^m^Y(*(K*K-_K7&ajFw}Kt)SUNMuF)x_WEnH3a%XtLn z`)(l|saIFO_iOE7eKR?RzUTQIZ|+n4SW%YTy~Eu5tdT@%3f)bxv>N{I<6#|9wV3hO zst8#juY$qd3S#7wGSt=AYT;bk`jz+edHa(mjYT`c8|Cy){ zrnGN5b}_!-l;P#ftoD`GP0-WY!zV(z^-f;guUy9MbU|EhU_4A`s_8+~Z6OiIGIIs; zz2@D!9vP{argM0RBln)WQIQC}c2dY!AHoc)QBWW64c6X%QZtyIavb7()WZF>WS54g zK-(To)`kb<6Jdj$;-VivhCAjS1)^p`76^zVH!zQz_wYMxQ zbTv<5(ruoqj$OUkGawIPnpsF_yjej0ny)na6jp=lR`J!RFkxJ3+1o8Hso5*6 zsPC`lc0d}amDoF3r)AobVKNCA#KES%oyTrKoVurtUY)JG*23Gf?TF<>Wxe7?Wb&s+ zPSBB)h;0yrDG#(5H-6(EyTdBYXjP(-5xm#j#`DDIAl%?l$6EVCQCIx7TFbz&ymBV= zux}|x_XvH zc)ZdQyuo`B@_Tx}&okQ3bo7qPZdmf$NQCJ{uouM``0hzObyN1ug->n;uVxjH{Jw=J&GLrO@I8+*#SX?%g5Q?vOKI!IxYi~4UA?wv z=dtv8XuFwlPZ>1!)Hri6wkGF3Rj2i|51!lE7&4LG>!jkEnL9-8Unr^Lmc z?7jiNUT6PQO9*a6wUC=f`&{uZ3MY3c)&xCsSg~ivD_h4p&N43NO&Oo7R$gMHNjRAu zZW$SQoa~crY?xNEkz>%#;;B%WOGjOT%kTGj5x;4+eqNqMag+LX+oJR~@9ZofruPL|^E2`66JpDeL`c2iN)fn8ddwIVwa zHI@aO-%ngCR_38PLWhg-t;7?RJNFs!?Iv&_~!%#UJ+L1{>mFUyqW7w(e9a8fS3 z*SIS4E#s`fyww%q>zvsqZ{B_MtZ5rg+?2zptfIy#TlxNL;tESxao*{RPBVY` zJ5+volc_T#)LI>~woIhjZ2OwK!X;g<64x~a?QKfJBGz1b<9EAFIhrEEFDvlO*MFgL z0O!RS>n*SK3KyjE387rLVvTe5`y;&}MXUL#R$(d;Hb+e-Srq9w6W9&ueBm3I`(VXx zxS?xtXhQq8VeV}~_w6_^t)$e`=+^g_pWBY?UxYqnr!;c+gq!x7ZJXr=K7=!~sDNY7uI~ zQt|&=NAB$Z7BY}I4Qwh*#moCD{V@-te;`nhKd(ve063>h;h$RPH*hL=aq^O_ZRe?Y z&Ivl$xE%1~!J_aOG9H0~VadPPFVX$mGY;{0@-0GCyqpge-))4Yz%XFBEByZ!_wN~F zV%g~i6L>7eNk$llg+o|0g#D5DQ?tL%_}~1BOQ*6m$9(ybi_AVNu<+P~t8$km5U~(~ z42~s0!~X{1U$K*?;xMtm0zYWbKhEsxPEj*W-i)E(AaMMh@%~dz_IPY8y9WL^c-Uul zb+-XSD=Y8?q9P$Q4g&{7$e%<@r2pBO_ct=ik9xCI-~IVKe1PC^2$Tf|#e+qIru-Y} zf20uX?*wAkce!AJzx(O`3je>Y?|+Q^U&Q#;nDFfC{{I^NAAs!Y{=bH=uploJkLQu6 z9}e)P_334_5ouO(i_oL%(;b?Xwu?|s6Z9v4h=ra<3TdATCys8aalJ}=6*NUBf_=os zYCycT0c?{)TZCADf)7Et4gUJ|c;8n7)l^~$>*%{|;?_n6kp=Ksbka1F*!D-ZOPeOp zYKYnl|7-PQ#ko;h-Gq{C&}*_kB)|r!K&tp72GnSxc0Z9uAEotJ1@_~MbBOXe0oPd! z60i&idV(jvX@7=qOP`|SwJ#jSx)6NmF4{DFF~drZMPI0iAhGCCQ}6z)W-$w?#A3RC zG1Xt59&otFDkOt2xd<^Arand0&{g_p{tVq9gc_uoW1HTMFU}=Yce|FQ`ELTf&~?@; zm0nx*sPy<30xuuiZ^l`@=Rt`ghELZHcs=M|*N?HR*?G*@b^p5kN1;0u#|oA7IxR8MUQr z@ZYz#Td)1K=}wy82sJ$+f5ZmdB^IK(-4~&UwtcgiYYK#K=(E}26{uG4atN9eBdX4p zf5yOI5xS5NyKD8;w#=%pHzET*GeAeaDb1x2bTIX=RbUB}q$7uc>tP21Q9!i}E&KRIBjNDLZa0Jjue0MFD2 z`yV)`21<<#tvUj&J3yfx059Eq0VihE^a3fj?FK8r{%_>^XG#CN6ouhz#zGZwG6#>H zW{cjy1U?XxG{uOTV(z8k3+euqe}s=^%{c{4EfiAmB{giH2Nd-p1dPN0wT#uc2!V#{ zTJvWdaxc(}=vKhpA!-BB$5@QfDF%_oSODlhyp-rndiBVEr~iMHp2q5sOY<+RB>MC+ z7NIHT=oFn@1f#%W#2RMQ>si%j{}Ik|RrqIhqwz)c1i9D#S~W|xcLrE$5o%-xO*4X6 z3}7ziR6Q`^A26|f655Tg?zi1K#RyvB(a4NyV2(C`f?gm_k2HS!!#l|Ao(zBGY&-~X zvl{|~ZJUK@=GZio?Ja(9WDZxl{gDEA1I=#ywQfAy7)vfXgYBV@HPYEB3yq)NU6}3u z6AR%LhU(jBnMZ4A%u_&tC>CRZ{a+)K*Z?XkXwaFnmA~+LU}=V2{Y0QqM*ojQ2)Jo@ zEV!h5XtMP*)P~7r(1{scKGZ&?<#JnudaP)3O4HNyF&1#n8-R7_3xpr0ifW_>PK_!2 zfCAYmZ-@il+MW2y?J8WU{_O19d<1PQx=&?8o7@ll;3;$EbcmDMX2fMiT*lAsCsa42 zVy8hJZD0g7;2s|+bng1c`!G7tc$&{7*w^cT9;6>`dGw#|0(j1WbQ!0-aADI8e6#DPlk zm+u)GZJ6uq1e@V@bGJ1rQgA-0vF>A2pfT6Dm*gyqLhTOZu)|SN7;a)Y-Z~vbO72(M z%2NqEIOj%z3@ZSS_UDN3KJz8xMPN-Ig0>8AJ5rc4qQ-iGI`AC(G(OMpB^3riM<0!W zme#<(EXqlhD8w|I&q@l#y9s5Vq8UPdb|Y6wT5!q(KEDsMxATamwftknq>eR^Qk z%f$EHKdeK=&lY7w7_jC~kb~|`oy<)z0sEj(xL%+^-2uHG9sGN}EQUim#)z{p3lHZZ z*5hPBB7*sKuAERw$4vXdbL2qnK~#3Z5WkEjv++0M)O1|f7Xz*vNus3xF?UWDK} znLO=H?~ukH_ZZ`1G!179$PQuU67k3aL1y zN_(Pg3`vMbnf~T7@T(CdWSkwt(Mv8pCUu^p!Z% zv;fum4T+84CJz*#7%(6EOFVrkP|dm9nFz`Q#?@EhfaipnS0|NbTPZEq3Rcc+(7cX* zP$SzQp!)$`QPtQ{6GSxqJLtb7pU*BV0(2WNw3>gJtY2Lq?YWHJUjF-bIFE-{^rvjRx1-Y-3>}Tr&EP zpTAqPw%wEyJ}665Dt;|VE>C1ALx^YVvDSiCfNzf=XI&ix7oM`b zgt}#X+YwUDj4H4N+d~1y2aWbLHr56q@HkS9#ctW)uIaF>>n&T(d$?SVKng4lE`b1v zK~W5?!3)jKW~VjO`;b^F!Cxd6chC`dyqF$kYBylTKA2Hc{S#ceqmA?hV343`KC01> z*JIryk8PtG8Bx=YOX$?_A%XK8t*Vfw5o|YJ1|;TGGqkFBn@c@JViNjgKoh%O-RYC? zA=wxQWe3W)FQXfbO}%_u5k~@&jIq$-967C5kySEOF4zu(;hl)h8ar z3*{3(pI=w3c?iSHnU|xqWF0K%nqQ9Hty*XV-UEY(Qy9}(J339@hmSX>(LsTLqFKgY z-MhF;*vB0`dy1f^^i7_@+`vnp|ZA2nf zF-LDKt9jjzbAP*Lt8PtQ6qSqw@Va}2JgvfvFi2UB6e_zk>yX$czRvZA5Uj9E8FUyw zGDa^#2YH%~Pq90Oy9&PWEdPC3vc)~7gJ3`C9~?!C_e8d(X@`oR)j zK6AbdP2~prCHe78n1a@vJe}?R97uRA8Oj`isj=`2H>lZvs}hE@FY>+yE90vobmf~ z((SnzUx^66yB|E%{oP$Ar-fn!XP-P<)py}l7)G>juC?umZptn4zG ztICB-N#X7rvoPBf`C~xM*Pat`?hx^Nmxnwe5eUjrE~8IT7H`exv4=v;bnyo%>|-Go zGQe$@*3=NJ?`FTt?R@Z^OmkENw+%?F4)zkyxrNle9%H z8}C!?f*ogzj>RPUU`#wDWwCQjRL1Z!dhYy$=W+T1?L`VCw!oU(cnsa)$=KVszmJx` zhiXMkS|XF<if_TDw)b+zftpn;!ityAiXGXsmE(mUQDHDnhS8Cznsd$Z`$qmJkm%x?~Lbb73peVKz zX=e>(l4AM%Pe!N!f*heR=N|g*@DlvE`0?(^VFI8Q@LMAOj^y|Wx5uA zbSjp@FM{^4m-hp*DHKiLn|e5Z(Gbg(80&<@QsG3+4s040)#X#9n zNzL2=W^(PE#>8ka(0k8!VN>)W`i<8!%VgUjN-_rBg@jBYvhqnZ9-HZY`GOrxR!N2; zfRT!ij5cC>AYs;P~38^EMAjy^?0*pZVfoMaMs z1-Ps{sqDM&kBqt1P=xea!u@z6d4mo@cYy`&AB)f|%29o{UBmRZfWk}5gm5PxAxJyc z6FRGs!R||N)`c5|&@cqfPVA(j9RN$imGSu|Jn<`VA)Xid)!lz9rDBiA%)BR>t9f&R z&L22|EW=a}yeuq+J35URa&{S>vPu~xr%uM9w}aasTR6Ew*a3?3qfL*38kI%Zvf?V8 zOiur09o#UHmrQ@Hye0hEWd>@)>Y2R-l^FxoU2%gPRbosy|gR?+zFP19h8knZg6%tB4ys z6sKfmB3|)UrSt2|N6ylI#&;+%hyo!1!q4m&I1B*>gg?Ksq5h%SFALeyk((H=`Rk)L z-{g>8I9kNJrK(m|dFp;2G|SzGy%6$y_J6wmU2-=5KOM}~ri+j_bhGQy6B0vz-x=rd zcmoTc6T9S&=EpGOU;T9I|0d@@WBqfA!33PXb4p9=shaZC>+jCNWRdH|m^BcbCe^;H zrR!4n5-bjj!XbW_jEscff8`hp0@Hs@0XMNR7@cL4=L((GUyF|~mDYJV)Mn)Ns*le- z`&K}|*Op~^4BQa<9h`#1kd1y96+}uh@~`t12vT;*&2^M)vX67GyuTW2sh0^b3P4-_&|gPA~jdd4IRm-(K5x8)k@o zSo?M0<4u0SSJn66LY-cp=RdC0Q!YNnoFV<|%KmTlnlqaF$cV3gmDh~_%26Vn|J%TpJquxBS|66_k z(?o^u)}75?A0L(XmVfCjzWGbhK9dVz_K?fd@?`krp^4pd|0&Sl+i0Fn+Po=F{sb6l z7w3WvMQ2Xz%Ir$s;fGmKy765{!%FbduRk$P?knfdQ*ZIY)e^|;)3W9 zL(%T%jZsaP{s=s6hGbncsC|f-RQtek)$FHCD2*G$S!Cnm11GAq7ltJM2%Q>Tsj`>i+;ZA|<6-uCvp-;9%Xpm8A3y6HpwC@-Fl=a_<<^BY z`s?!F7WIp-TRrwQ{*S=%Oru;zfKS1Rq%#d~6{dNPZwjf}t2$jfDCQO?7IdNf&%g~n z?O}T4bMl|ulVQ9gDe{6rbi`&ZVpdPNq9-G|ITZaTX2C0r67LVSUh-FFe7d>!>h4;; zPhZmetuDoGzI6j`c9q)l6Fe?NwM~WQf-Rt{lx|}uBA!xl``%SI6M4zVAJ#L{wuG=T zkZ7A6we4rFg{w8^S&pIa5KU9m$>{H=>^7tEB|*a<-?kaF`DDEQNtSdf5qS0VsG0@s zUG$IoB7l`U3*?k(*34)1R$1CX=V#Ubl0J z^DFJXH+@V{kH%F}`;O9Yd7wH;V5D;NT^K ziWx4PR2Sdsv-rX#@H7@GU4elub%kp*4cffVEH&&l+*}Y!A88;EU1?T_mSs3gB*d=H zIXX2mny78d4sxn+wX2Y=&UIkxaeA_n0Nn7_EhDJIhiXX3!1<;xfm2Cu`t%r=LNiFy zP|R%mYCMJtDQT3^LClOEnJL(}uq*_{SF|_5t&)Sjen8C9k6iQk< zSOE_oq~y)JWwFN5LEt z=rz$xLYUI}tgGl_&b6hUUF$m5fx2*g%b^_Q5m*t%TC|nF5DZlz7yfcXsKC$|%+W|J zi>~mI-`iC#X@8q^Jf)!7>@uiS+zvXagTnwA24w6i93s zKdDG|dnFZ$#2O2LGUP0zbCOpXq6`b^DjD06OLoDs2wbZ?GVTx~`5dTpA8MjcLGwQ8 zF^_afm~Ie_@zZZdOYHmFwsY$FBS!)0?axNQEKb^}$F^^1QLptpD1Hiv%WH18COctV zl`x%w@>WXA;JF~|nWa)qSDLk1PirHl^BLxG$lOUTIExbZY-?a_1X8jO`DSAG<{GXq z&jv?&Uc{ckQmr!|71jGmUa?5Fz>cuz84%rO@hxZ+S0GY_9OGN~BNsMpsM762pqpRh5vF{{vJ@RY4BjCwHF@=v-urVAz|78zkbhpR5m!xk z*avr_Js6U}{i*${6A!Zr3`J3a)l2ZyXuAX-Ok5yovSnbeA|=N4EZn2s;utBVtyW!u zp;^6*o{W2P&^z$k@Wk3{qu0DNLC8Pq0s;cQJM!+c3Rx0pOp>PR;s{zUh~y&?Cjx)X zNwrh)1$h6&$kk)L1=NnH>y~^N1aq_b@q$1+bDn-~Nr+UBEum?rThWSkr5=n55LA(8 zvc~g}ShOJ)t|D^XpB*uPWpRme4jx#8K|`WInI9P!dZ5bf9<)xACqX!`9A(~`nQ}^` z#mBOiG!Q}0wpi9s8J5*2{VGf(tg{KnHwY3}6<2X=NZA7+;2y&6Ab4V^p$SJC2-aXX zJjL)Rwl9MlbQq$V{S)lhw&nXCpsUbeSf3U_+td4>+VO0Xt|x9-A|vFPcfB7RI&_?L zsqR!P97KLLbw#dFiRDAY;^c5LKu$i5R+&3IANEXsTSbxSSq4{l>xX!O++ev*viRkM zx(dxm>tG8f?*b zK(tEan($Rd5U&`?!TC&mwgm3oyz?!grtfsp5}7QSXP3OVOfFYswBEr$sH z1=d;l(3-cZcjK|b4z_TIc;ijjjWB8I_QIvYO8fdQxvWsam~bLs4}J8E8!WvCV_~M@ zWZ{cenqrh4Tb2PlajyU61LxDbDTH(r7)WIK1vN?f$)GuD+kIovcr3N&7)+qUJB9x1@BlIYR6#-WdVa{ zv1)4?^>{rUaEdUaPpUf_`Zf?kmSmuKz!lG)j^CXpYBEfa+yaV{q+T6TA!zT3Fjg*L z&(v`Btg}MM+hSxg#(C(W_DhoE=Q#XMBN6JpZMU`u(nj7rqu1lWWNE4uEY4U5R$fi@t?nR-Q1Kkvy)rvocQXWY zjG^HVt>Ll8lseF%bSITqcIVz>EgFwgbzj(g4vSY>2G4E!01qUe3@D7}qvUj78RCVHQc#QJbDE zlL;A+tr$I$S~-rM!0~PSS-=PxT{6^u5P9z=U@5l!oM(l6GjQw`13z+- zD0(YG`kF7sC#Ul%Q|bH9_xN1p5dGjY>ky^Jcz0nL{WM14j76Wml-}yt5#Z%KrQ(G( zWufz^ylni2X2U#yPL;%y(~KS#X7DLj;{VaLzjx$$9J3`)oHO}_pJu;tdNdEmu#%Nd zdvfZj9L=g2!aZ;ra6L0uOX*)wpNno3E&ISO~yvr{!fEp9{t&mEmZ061)X>m0;{5-tW135?2 zfuEDE6W?N(k^LdhXuH43Bl`9l{I8XoI3Zd!f)3VKfl19i_L65yfx<4X*^|`g#~@4P zYJkq&U)rUZ$EUmjPo!EY{m_{0tlc=pktu41>mXKh`4?sZN2xs|YX>9w@!r(wk)n}h zvcy15T67M3lDCrir41x1QCczF?h`nX_#A(BhnV`pVwFF6n@>iYTt>&w*iYKH@V>o# zTkHlZ{1Pr4ugvnui-idYtF305fEUCvw9hYtQ}~irNJkLCB>n=+C6bLUClUki@~-SD z+|XhMS}K-mp~#0VZ&RssQYaKg@cKbXLe%Q2buad>BC$ZLS*AqF(SV2PB3B7~fu%%KKVmOc>HeR9{t`%GuudnXy$r5Ole4be%|mO$ zs>ApjPF9MBDT#CIgIT{NbR6QhsP9r{4Ek5m{h&dEehd#Hg_z&fWhu($2tMB8Gg(2P zp`g`hxx82;rQEmelgzhsA?hzK}ay>gMLrUt=(z_ zrpoJ00{jDWT#O(oYbX|p>Oj%n$pqD0oQ~a5h3vd4NJce+9lZ4y<}b zuvhW^mYy~Zoe+y`ozl=HpxXoxA3Z7JhO*7bydZ=RDVn+PbFDrZLO?j^A80rrD|mYE zANcI$!aN8xSar>Ib$%YCr=Q_25~j1Oa62Ue%D<4g^l?xuKb+@fRjto{L0j2G`-OaU6;J3G9B4UPmz$$rE~EdodVoY=m%lLnt$2S+H{hRHAzo$umRQ)q zxw1$A!AGoY!XRjamJMQ08>fGC~8GIl=Cbgp3qig)lS2Cp>JloF$19S%9 zx&Ch~Sxn{x$+tu5$qO`#F@Qfr-jrMTZ05!^ z`Jjn)x*MKMG~Sr|a`|#G=eUcTdoDfYw#a(}uQ$;o>D@AyX0JassIcDMF%x+F4dcv$ zLAzeg#O>TO;JsciN;ck`j$q|J6t>+Q)OVCLoqFAAPvagrwKLHd9o%tAx%E@6#ji)B zN3MTPI9C>RL3-rD=;u8_AIBGF7H$yb9D4=D`o`uaJf3Xo3v&kxNt*RGSIwscy^))l zJNXnnnfS(El5~x$s$w=N33nMh&b4cDi=J}Hms_NgiA2IzlEvI2w8{G3SS0CF$_9bp->3mdfO8d;pRjny^CK_HdxFrRi)QvaVe*bKLVeP%?pttv> zqVKz2Kt5nKHjW@Z+$>y#G9P@KLT9<}&M!l+IXtI;ou&~EpdCt!>F4`g>Yqo|{t-`|Nnr~H0t8O_jp ztafL5vXkx4{?nge&672p4Hvy*{F4^&B7WO>tD8pW-r{vh;=_X&OP>Mf$QlQ|2^RP6?`q3 z_VUC|e4Ppy2E!cli^mLu-pYCB5*<39zwli%t+ILVXA>|D=HEErY9CpgG6>c^DO|c< z-eT~@`O28Zg3QRgGT7m{SwkRt&@GB?d3`EAKUB71R;S^~P?Gkbu!zBDt&_fnL4E7= zwN4J4tr8(hqCQVrjaXX{51ASn)&Iu`ss)miy%P z_6RWfq~V?UX?V`dkhSXDl=w~s@s5SN0$dDfgOS-%Vo*DNULTQMrm_g#dMmr0SkZPr za;18E`R$6CyDG%a1kB~D4%<;}?H|e(z-db28ad08b zYOF&t4Ig1mYHV}zW;O1e(b0c6pZ3+gZ6;+XZR-+&8X^FzA6{7mX zVtw-!dbSIi=4oLMrewM&vMRxJLFdr(x_O^@i;26DY73f&?&dOB8<&J~%%AIcg*?wZ zJpYCj`}O#T#uw)h7u?n_kml}cOA)lDg;yEqML#*o6ujsk*21Eb@@gC#H!TcAIPV-@ zpz_{yWUcl)41(Xcf*a+n6&^5VE^Li=yeGBl5Q{0G#w__Nyn3_PJHzJ*>uxc{&1sT= zumA~my?N`OUv`M~^}&<0bE02PpU~90p{5rd7Vsq)v0#v`IUKzRy_#5rq?<}!Q1^aE zqj7H-$~PaqS%hroyu)q#<{2M`zYi@!n^2^g9PVDJ*%u6P3F4}eBz?(yE9lbtBVMYxj4?rSKo$ree5i-o==uN-L`@FwOM5V zzW`V^x^qsxl@cBzh55)_uOQWJI=B$|U)tf{x6U`}@iIKdQM^dTwZYYXi5h}VAA+-O zEpvhn7_`TPehblg!Q_1LsOBP)QBp}tLCBYb3EkJ%P0lOanBt2pJQtXIXecP|^`qcK z;oDROkL@_vg<;F~Kn3R`0XJOs+`B^G5>y+B#F?sYNetK2I6x*f--y4$DU&iV4(?-*6QPcs75 zcJUSd)zy{8LzIDOf*Zw4H05T;K!Ie~*8NrZ?zpbB9k~|BqAwTD1%$q$oUa=dJ=^sv z(_CeLm30mGlX{pn19K6J7rTWuCOP zxy?7i%T;7}ZQ6zL-4nJ(t_7+ofzS50;_@}aHE%}0tv~+U6`>lgtnuxp-_$`pS;1Q8 z4KT->itCWNJMS8pAZYrJk`KO^Tfd8btt;e`RZ*W)NO*}LOSaoTbmBmtifwY`$9pB` z_3z9ocGiAzyq~YQ>8N69fK6XGO67WG_A42lV4Iv5%)|Yv=`xx*l&O1Z!!HkC9KBX; z+!2J^O`teyh-728ZXW%TUT2_*ZKX3!wPH${E+6uaf4FjR^ts<@?P}NRx~*4vBCc(0 zP9S+?M<@h*d44*%_tQJqyOL<30Y04k(CHVJMsuYqs);ZVdvQ|;xxs5;$CRY1F&7n_73;k-UU33xhmO2=ubW0ixt@dD*l-u>`G*wsrdSlp zCp{Fb%yCPs>)P~LUvBev3reSdk>bs+Imfl9g!`FwZnq*zeCo{_kYUO@uHMf**fLso zJEhNGGkNbChtke2$Bei(ZKDw$tui6ax-coT&sw^c+t2U0($+N3VTtU#;F#3;^=U)A z@S)GWwbCKSUtH_*=c4WQt9-(bdw;VV$e@}g=H+HuBF`l=VtMG9qvH8pg|F`(x}s#m zclCaw?2&7<7M^fd@v|#AbOyEsZ<4X$)(#K85G%Iti^4%*AJt>tJB$kSclK}i?Ci6T z&#a-Q$PP`ReV53#^@?^l) zB+m0n7B>#hn&0d8lDc9`V{A?CyPp`5ap^&f=N9FPi<5cIw=-*_PIURv8rnh=b3VMd z_ibUt79~_RLFvdfYM*A=TSx1Oe z?H0yAYsmN6+f-prF>z6d7IwMv@y;n}Gye0jAN4Co#moYzu~XrXuu4`><3DfSd^n2l zX;g=cUE9q!>ojD{r$4|f`ntd8BVSx~_o_F$7W!&u(mVO-wF-W7tT&r1P3fPL&n(g=h~Dq$4IehuZw^hy-(D@|9c6Y|Iv_5< zl#px_zR6i_>kZYa9T!JxRXi^1HIKdqk6?a(_VI>S*Cb=ts(dTnjw$x~u$r8{Mky~TXBZQf5(=8~(OZ$CLGRT}lZr-Qaz|K1S?ZwFh> zxU5NW7ipW6Bl?%?&2EgGlG!3m9L;!lbW*2RZI%4&>0U95{)%7^txuEUu0x|@u7|}U z+8!8>JUCc$&82JWp6Mdh@1rkNoVywZ=R`F2F%=0f!zHB&p;vZ2yO2;@FB1~?>F8(C zGE;@C#(kPm_}jNtQ)oFEDFGwbK4y0HejN83M_xFbqxywEu=H4m+(juZ*BzD9o4RF2 z!k^YXz8`pgRps~RAqyHGJHob>Npn5%ustx5E3`X z|A30`7T(L*jY_fEtncN{F*Ty5eGHi!w_<0k#W4QjEat7$UHubt?t(jRuRSHRwXN_+ z78#yaQ&Y2w>V)fSzY6vzh)UO9+1PqzrGRzXORt1^jeM+*%DS^F9M8{gP0&tW_u+fg z%E^!G4jzqvyRvY`;_f!9W?SxNY5$Ix2Z|{~|B_YEK7GZ4*ZywrBGcuS-=qy%^TAOk zQyCP6OME7HnQdPkH-Qo)PreOkzyNFjuP5|5E)_L>zNg4e2~TZ=?K6cIti z_l7Xc2CUk&WhTYCKZL*9NpV)yb{mfI4;hx56~1_gvs)Zuffn!%1c781{CQC0i+X(8oEFz0YZm> zG${d8kluT53IvoQAVFG?BE72nWWVQk&Uemted|h|zb2XX%*>j5-D@pRzOtf1`EyZ& zARwa=)zWy<12**#XjE|!8)thWPp@nC6!$ila2rdrGZk;OL1oGnu&BSUk{K(2y?vWa z14w9$J{mt2^Q$1X1ggXa%}&h)v3>=+CwF8cLMUERBKg@s_I6nj36MC^|2`yoNn`PRB68hi3tKt;Hd#@RLm^a#Z`O&akrkk~@Mh`o(T6lO2l(QX=ZVrg{N-GU7adiKVFy=R+zgF?~ z=|?dl6u(%fSu9>y|E1{3NVKtiDMY6-@+nD-eO8m)nWaJ8u_SFXs|gRgD&1PXW|827 znqcQIu|U3$kjI+oXmR+3Bd1fLdi%>}^p^H%|Ct z9PEJwRgVy+I662^8uNqavkKtYPA_ch@`N?k>sG61aiy&AiWWZnps<-vZj|NO4MA%e zQS91P{2Xc^RbFsUx0jz!$YpYh(Yn?kr7>W5+WBGH+6ShZ36ap=PT*Jys(b;>)@^TH zbYI|{lb|p1!WVt71^zbfo=R+B2isJ0km(d&vk2w-r1@NGA+>-(D7cP+?~yuPz9uFZ z@F@}jU0YFCETrpGrK(B20G)C40uJ?tiA+@7pnF=Gw4YglnX<nIQmWc`c=}vO>CUOba$=HKD3U1Bj12W z3qot}E4=wQGQ8PW_7}ZYIXAll^Jl{rbC%qz<2jiL!EGlhJ45{PjR=g*drJ*#UX9HoXUL+k9v2mKP>6U7j8Vh+P zar5|l&$-qmU3W;jz8?Uy*70CUIcRVle82Sw>TfbF*(gNWRmrXo_ zm_r9WoI(f00#RD0BGt+_JL%HE^K>h85UO6y?rBazk$eOCwCJ?0bk#T_Dgbnw&QW(Q zW;lkchc)gt*S-MCo{UdLfJp|fP>qi+Ss>trw1&=>6#r?uz%UfB-~T4H?6tDnw*vd% z>}GD3`eJ%MUQWretqLK8+V!F9qY3W6=wOCieCHxFbdd?nYwpAK!BG{=+I#|nuQghx zxf2VCmO280bj8yQ7J-tSB@vxEkGs$Livrk}!_~>v@@3QKxP7p#hKCGWCiU?AXrq7y z3w!+qYb=5IT0yqlZO=;V%P-!Ld*BX^QD)}I%J?Va^zu!epsjWx;m8Oj_V8jwbK#mE zO&~(=kx64g8!Lw~-P zeVTV2_`ITGEmA;QdZhpr1x(C_d6YaXcHXc{QK6JC@3@JyPGt*I5nt?hc(4UB^M!Gf zk6$n4s}1w*w3=+cikglnD!w+Gg4EHjU>!wzis~1o6Xx}7Yxj7PG@zFf^W!s;tZBbW zMfGgzoc>$6lzk8v8HF5Aj@SY7I_7$bVlbqiG3f`*3KZ1cYXEx1^#_^Um zZ0Lcia96oJs!zaEhyC)`D5Vl7Ucxqme)I?WYZKHhrXe=3pR7U-vMbU2QOVqF<(>%rn-sk{#YH*qs3=nfeVApKBc!KykuHuI;K-K z)87Wv_BWl;@2ERl^p+4aPStemnBLRsc7->s=^gS}@kEZ$x{ZQ^wAih6lb$q!h|ERG zFjs{yk zYvUGe$lKjMw?xvh^i{*LuYR$2eRVgA9wRKOmWA&hDLqyIzwK^y<-HE?K5ciU;`^I+ z-zHG4&SKa!C%h_MuJHu#ix1b)(L>3}CO9Tf@b^vS3j|>1l8=uF>?K8#cQebPe|G7j zY~E+K-S3}U5YdtNF{pf!*{{N0$byN4=J}|EZRneN#6fHN; zB$M7IaS<)d^Ek`K$J%b_Ko_1ypzv!~5tf42AJ!yYBdfvQX!K}Ss0?_{2qk;^Dh^i| zYZlqA&ZyseO>^pNpP;9ZDLZpt&fPgSaMQhjMspO7^2FC{S}B3XZgaL4(h^FQU77AH zm%Z%;<|5xL=o)stEFs$opV0hba_}qmDU#sPnp_h4EM!vLi5lWr1%3SNU$U|`N_;6Y z#xJaX$%5S19nO!xZ+d-^{+c6;o1!F$RWo9nDhH4b=X3nR58M|-1kv-BFHMJEVU?ic zRFxT^FYBjvJ5_(!uGGl*D>V}3`$KA%e0>Z&h_(A1yjrRGX&2D%yMbjElXDgb^*2=S z$z)h_zqYE|8u$q8jtMW}XYPq(|M|7Xywg`6B3HtC|B1e=exWJJkLwuZk(^-k@Twho zDsz*b*QG5^i{+hl7UgC5J*fNiDmT|xgt@_2XIMb6EG0KxS)}u;p$Y#UkU93q|6zW= zsg2M!IZ3zd8d6Vq?Je7aR+=Itk;$xBC^<-qa7`#hz4~U>^BWmyoWCE*ER`S zCy~}|5&={A8q1CySm6pQqoS0(GTxw4s8g#}L((}p@;F)RKjsP10wcP1R2j&@xmkWP zY;RTf=kx%($>c^=D!TfN_M81*L&L{}ALBm~0~7R;ZVGU9w?yhCT)95Y>*GvxU)AI> z2E1-W^jA3ZP`|1vI#n8vTlE}FE8`e?upB@=BFX@vU*}+kxw@ta-x#kl;NI=bpaW=` zKKuKrv$CZ@ki>%UHI&hINd0QjvA(SJ)(zose8R`%^Wh&hh{7#eqoSW_ZqjRK_t4B` zobL@Ri&ixrs{iNYSudcAzcMAL-V!3JJ(cgjs=wR0O%=5xY<5N;nZOcE7X&;c9{P|#Q_32%I8J~YIofFRi+Laevw;)ci;fY z-SwMa7ZG$0nPVcunMXe$TR1>En-X&z*10azSB`FN4b5CTDkj(~rqcp(`AX4Jd2dAA zhp+1KKl>}>_7q0>M|uU_^PJtC%yHd@eF?sR>FaliA){6$Jt;4+_F-dPDrCvS zF$n{PW13L~?LE{H;dDBJl`Tl{Ypmx@o!I@cO9nSE`9G>1UtUVMU<93QHHT*-WW`#z zBK@01hNkplb@R2yE0Z%E1D@WC7_OfPmtiTE-q#O=-jf0B4Y0?&;9{C! zT$0YyVh0^GtA-7vzB7XUO+yMi4wd{#!c}&t5BWpCW>e!7k><-IZ6a6|KH;Z&BY`{& zJ;{IHtXr>f`_NQ~Di!vDVHaMlN?pdcW|r&*c33OczK%4=&g_v-khw)Q*+4o4EDo{S zsmP@qL)OrWf%J<7)#pmEX$7ih$_W;0Iwb2jh&~~3S)Z=tdJolb&Uatw4@{V7)kr_v zTQ7!fU$Y6Zs;a{UrK(p9sItUZp}QfP3j}NCjHLUW_QTQ!9!11e96t~BPu{pYtmKb^ zDXpIu#bKVH!X~SJ#cwn5IFn1@)lZ|R)~vVbrq^OIV#Jyzs=XxSad${jzk+t*@bg#o zjBs9W&PA5pbmVTz%y(Bm3H#bzjeH+g9;n&mMJOddSy!U=a?HTq|! z&Xqt>5Ssem7aGMv0G{|#&6o~f_M%mvwi%xsN+DV8cR zca&Ekh}|>IYnqPGPN$z*A@ z(~0j=Dp9>QEMpG$Y#puHPrl%3XUPAp?7fDTQuio6MOp=nr1m6I*VnQ__l;V25yLeN zMTTzh!eIRUcE&hLhITt@u6h5CX`+X`Y-sA4$>k%cYjRP4^hphg#by8{&~&z60PcAw&;@7s`J*~ zpYT&8ni613Ek;8j36{qyWk_E%*MtE6^-Ca5{gw_*#bE1KqcPkkZZ^;E69k`ji-5>i z?zB?%Llv*wW4udD_iIQ}YRO}f3^0_yq481Bk|R;1j@Dbxc45d+5h{b@-wC-Lb!;n- zVEPPyz`8gBIKSI~d&^)hiKw0%BpnLg_uniWJU1c7GMMDQS|?I{1ZKw!|2}aqZ+r51 zlY~P*o(Dn8_$`wTK2~e121WmG!Yx<2`3=Xp~%_&CzG@9-OPl zM6|{rc~%OJ)r_!>pTBSI?Q)e4*K+tBr(~wVsT+%R5z-zUnYMZ7tUDa9$W5d5TH4HU zY~T24R&e$PyHiRc;F*f3|0Z(&f#76oJ##)4N{MmVX4Y{zM4D%|L0spR9LJu@>UZ2d z&PGd>B)`4TB|0in2hr&lRxh6Cv87E$)NNLks?s(m)AF7*%pdBBbnH%H9Su50ggbZ* z(c`VP({Y<8W6k3oM3&nPGEf=B~{V)#U-|%nJ)+fXaRFFk%pD5evH?5&~#un zG}9TjoQkr{3at+B>K5BLeOn!ovrWDn;tKs;_vP|4)MMXS=goOYRE0I7V(TJissk^~ zzAPp9bnq+MNef!U@bKN!VQA9hDVx=E#i=v87i?j9Qu)7CMEd=<@6`t}GxNiJow|JN zyJ+s*SYhfoM?N%mW9MGgI&&0OUGWtXzbz^xq+K#|{N%Zjj>RHjrd44wP$`hvX|F7d zDbQSiPg(-|=xGeMymsYe8+)5tDyseXd(P(?PT6wqN`> zTV>(P3XoY|A5PX-hpYx!T?WiACWc2#Mc=cftUEKVkqIuTxOr@&=LMj8_~{TyCD*0t z!@{2IOl(goLZs*^o05!;Y~;dy`Yn{CS?Ux^vwg_K-#)1&_tdu~`ewEiI-a@ZB5(mP z2buJ8AEkPZkykoHgPR>8P%4ZbpIDq=%2O*!D$gOS;;Bo9=?J>3wBz{S{G(KcB65c8 zQ3+Q#!}OflscOwd?3x5?@0y*1@5la)dJC}~vB`hgLCUW?dQaI)&X5(fH35NDJD!MeM&0(W*G^DOc zLP`&+U6+QJu$MP0O*l8H_OR0!+=Kp95fd00+!E=@SPSiY2q#w&5VAq6+3L)&g(oXy z^O7>v&<%_1nz4DxzT-1*JDrD6kztVZ#dbYy%uW^0G6;S6;YTEo+-t+JEpx#Z#|(B6 z8B|kvDNTe(O!Lstvmk$Mo?cm5NXZ4K_#xzJRyVfXu$HN`GgD&@Q>}ML4qMns_2z(u zsmkEYJq@%YQOr8mliQ2befw}|iURf0MqrtFnOY)aXzu!fwKktUNC$U*k34e*W=r5d z_T57`N7q!`J*BkyMInbhA4|d0hD@heuc9g%)~ldOQT@4I=B(x*YU=m=!SvA(t(d`u zh7c)+3>^^r=kc4(NR7b~AMk1mM%V!}Jkoh1kG@;|^C&YB$!i!Q!SDk^VZGN-TPMWO zDOwLQdnJls%3aBn5-8E_2zTTWDd?&xyUCa{_R zsA}yPE+M5#MOf1@0y=ly5FArMb#;|iF3&3Ap74$T-H95|eqIHqRj(qh zzq%bJeQd|8Z$qx)D%&7jA;=b?ycgO$kS7^u)+dT%ZFmB@VAF0+m-6Szf)@^@`@h0! zT9!VT&Q}dxJmwO2Y8faH%;$2m>NU>lI3^qt^_2`SLvi(~xf_qeVB2qhOL%r}eOwVd z3!5Eo^(7{*&1&$UBB&`-qbj(yc#T{4?ej7TkwCdHEarR{^84 zpyA`)_;j`s_j(i8agF@;v8yyvO0FSKuW9( zjJxGNLAw~{v~sz6#&eRLsQTDit>#zNF#wlxYop-#?|ptH*B3k8ks%ANe=#x#u!;IKjfG7E zY`XHk>hCIq1vUSEZPVyT)R_PcItQ zA}sQEFP5EuH5gxX(rC+ztxL(Qf5xxr7Pl;w6!hbMFDxdU+%`LE+FdErEH_cO+W+UT z+`zHleSZ=up_<%@lzuA+JouyJy%;3;bI;bI>v`Dh{)6Hx+vcvYwazQ{KQ}I({i-tf z<9*3xA`>P_umH~mxfb>&F*Ir1!FwMz54$Fv#(7CyKX0*hT?n83p}M1L zT9_t2dx3<{b%o#$CpP~1>&;j?|GC1S{dn&8`)OTY)z$-TR!xqVdG&c-D3`6Ph5aPW z0S`d#2MTu2s?WAUaDUhi)dDhVzex?P;!@`sVm%Gz4q9DKO09Rd2pzVZzb+->l?ONX zQteV+eG7y7No6ie{c$lBS`Bmk1-<=E;Ea+z;Ge%jN9yvH$xg2X@u6BMZ{q&xe3hE)qXJSvf7kFUETyYlX#H8qqr*V~zpcZ9Jw7ix zuV*VD#F5|?-AhD$Q@N4kSyYl_ zQ@V{!XtS_TigDl6*tyZ>r%}%8R;zX}?swXg)6IQpaTC{;jW2s~mm>nNy*jG;*RloE zcA5V;{R~_QeRY26J-qrdbo%^x=&-*3=GUru!7x5ukuJNEIA=FWo}dFpK-- z4u!V|$L|Y#P+b~%!j%Un(}l9Cs;wuJ=a)wlNma_{mjPoZvqQ6x)_=E1gMcs!>Sf1E z+2k%|!O(v#p8WqKKUZjBz?A<=I)c|;R!a*e4Zt`$f@!s2vBUo(BWeeKY;G)mh$7zd zJ+YRs{@59mjeR~IA#(l$=7u5qRL}cYg3LB~3zdkXMQ2w2n?7{-A#xK79G!*fkGY0g zD;;i<%HP0q|5)tcy`!koAgNGN<2!aKQ?U&LH{HU5$-zbWw^UblTom3rv$ zOYfx5ADX^2N31z0(U&G_$c$`K>a7Hf-w$?kr%TxX&6^LH7lj5giDa4UgglNG#((Xc zL8P^BvVCZ{P@*r7gVJiU;)guqDJZ#=dT8!iZEKxO$h{<)2dcQSU0%{1gZg{I&a z?faflp9B0*G2^|GOV3nbQZU`InM+J@ihEe$ z^C9-ENNwIXmE!Onh{%<8)p+Ipeg+5ChjZDW{r)lUZ*uGYX>+8GG-WCj+l`d(EAB^8 z;~ChPS;ypb(yzpj7U84kotq1mlUJRDsRKRO>7!!NK$d;eG#n$@!lrn&-tkl4a>N$N zl8Ya2f$&qJ`sXjm>n+u!XrbPzR{C6sW@8EX6oA!EKW7&>4B8g5P20PFoWnXK2xw!A z!4|eRN+D-&WGr+(aLq@J+9vdW+=eTG2fmeAlcns)Jz3z`oxl+ z`$yQDx?aWJ)!LRUf~cvKq3O?z!WZ6&vm^~=dQe5)WbB#3B?oHnT-RymMAF@p&iRyl zHx;(%D@X>+EV)mHy*V1ATc{n6c%si5t1NW&WXPQc!5`@d>L^~UN?KY{G6>)-;}l{u zdr7}I)SxvorXUKG`%(C8JZAaq`b#>NHOPaP*^O@#spRreXJDRm)q#Vr`*!FHksJd% zadCR%Yqz(h_+MT5e_*s3U2{t#c0yQ@(<7v^`)p4pbl<&6$+__~-il;t78&H){#PFP zL*&o-6$wR1(70B;tbnoQ*Q}O*2Ng{auHld9)=PB_ip>-Fs1v8ki%KyIISvL5Dy?B` zX(eoQf_x=ZNBx0@BaRI29y*CoFR`~BeS+P2lkw?L``gIjtBqCd#d`e)j8HyQx>XWj zjy8wy@ZPDS9w_3dp+q+Rz4Eh^y!@n261SWF(~V=%u*NXOx78(dTytr1NSi@FWKifE zQ#w!@RkGw7UmU{J;nM6an)0Q@hkts2$up~gY=Zic(eGf+TOq3!aZm}>FS+@Q z0}mSJz?5;6UU9zU8Et_*zlCGtW-!;oM!&w>o95A^O^Soky$BYG3SRflH@?@LXM{=* zS%9m5K`MNEx>RSn|0uZ;STnh{YW33+B-I$u5j8#d7C#&OqDmhSRXuxyNd{WOVxq`l zpm*SPE2amuNe8MAmY7e9T$L*G7mq4D{pgm;cHvI04mMLs8$s^e&41dcs4Ycb zG4sCY`L{e=Only@vDGf;ZS<3f=4iGF$(`Nr2& zf3I=&AvnHM5-*AdPP9LZ6F@{< zCMdKx?5tHxBcO5a&=0>4Pa86h9DK2({G2FjrybKxO@Oi21Tr-{m)BYNw8$^hhqh6u zdS0uml9!M^lz{^)52XTyuf4h7T_O}bOu6rU>WAUVa&73+oxnqOzV6CtlNbYopTyM! zlb_gpt+vks$ovnC;zoLFm(OK)QRa z^_wMw;EpFA4~lBjn2Z&zj!PS27AsVgp+S9f-ZaZpjzZ;!^#Rz51X>Km3r>zKFDB`8{APepaXM?~&Cn zvFfhWp3MYLMzo~Z=+sqo5RQjRVpik#$=yP~39a~BC>6x_`yj??jGnG?w7E|L4>u^S9nARS3Mhf zEEPa=X>k3t{B+h#NY5Xvzj}u$lc)oTz$7p|s-o}LeGEzLpjWy*6x zYa`R_BTd|-j>;ge(*4j-7$4we_Zt-8<1D-58ecYHv=vrtZ6i)E!~NVAlJOQQ_en(m z!OG^4SHr>kgwdPLoSzYm5Cz`n-)QAo0sZRRA@tarh{V`K0f9C)Z1KzS;1kxEOZVRX z?0xH>#K2je;tt_)R=?bI+ z^G-U1u3no)i1W!=%gi+tBc$4BhG z8Vz2tXFy%OV0g#kl7LY@c|Cb>w%aoH`x=|UCt%tsv~48Ha3|M z7aQT_PxSDi)Dt_0Gg3kl;g)VGApLC%W1J46ZDyIr-!JFG@mw^bZ86ocm!mnke?Qvb zqkdWL9t>2otiXsjnOJPwfNh1aeQTHWwi=iX(j#ixBFsCpMf7{p<`Rq@q|m=3-HAN7 zsC2XArZ26t<0X*S%E?v?nmS%*8ZBgz88)l6b!6Izz5cY8hJIqO)ZzviX{tVAJ*da6Sy+UIrrH#Q0I`U-ML?>jf>-J;@WNHYwO zWzb30kz*35s0`AZIznBIA`~fX0?7YOC-Bj~ye+C9)thdTZgyq)|6>^tqyi(YxLhMO z9C*rN3Rw(_kVJdUp4!Xp&yOCdn{vTGq8h(*f7o!u9KX+Ml>gihb#24pYO#g&Cklnf z#rzb5J`e~3Pz?J90V3HNd-$m^{RhYdi5fmvG)5?kqMK4m@Nv1g#NI7`e-q^0olSbv zkyUryB%}cS3rz4GkWer=s4ga8E`6sg6Z1p zHdH-8J4uc~{BsL^s>n6=kLMGZnox@)$9{Z|$%?(+=$KZ(0A!tuXZ@3?g)Y7Gxw2sc zsN>0TQ+f5`NCx*R5n%H8P-KYY)k_)52vh~nO)e-Y?%(nA>3Jb8F~NaeBtV!wp3v%> z%$#3Z=+iUkIUU94TR8x9Trl8!*?NfDbV9!)Kfe-4;O;{h9}vjMM5H6<>-^?s3Z-QIHaBUs`z0p!s%<%BKRpwF8XLhomGzNU*)66r*(^ zZcU4#$BDro3BTln*27GG10m*LFE|G~fvUhzV6b-mMZ9l+zB!H`W5T7MDSJ4y0zcs? z2`+w?+BBXu3R2YWi{FqMQ#}Z-O?7Vne!|PEcd_Dv?9Sxu{Uq;r4Bkm<-trLO<#IgN zRMh^PF*hlPtyvplzoJGe2rt6~)1IfCPNZK9{^SomKxLE8jZqz0`1zf?8vBpQa|$Ar zIXN3pq1eGC)%z1kgh!*}nk7+L)kC;&ZN6(S7y}B8Q=|oZ6?ESE>bS2kEO=Sa&WFYy zBhElO7j(4WKQL9-VeBGC(N)0Y`1vQb(U?H_{W@OgA>hz>IIcxLN;j2LnI7j!pP;Im zDa}0D-#a;C%pk0HFA73sHar+V{97OSGR>hv3+~X5MnM2X9+mT_;Yl`ESf?T)B zM*G5O(65_wkQ_AZ^B}qU{PM|1ONfB#E$I%d8CDS%gam1g`LyjTT!2pPv<1LW!(l^! zWw3k5o$9FSZE;|yk-bIiB5Z7OfPyZJ8y-WSrEoJ{=gr15rkumP!`tNr%qdPEIk5(^ z2EYDYDn|9p4q~Ntl;crSRaRa?jUb8HcUgV2)W?Fe895v{!&Fg6iW|umZ)$vzp^KGv z22qxtkUW@VB@$l;830L6P8<8|Nz&`}t!_Po$eQohvxagfefCMt8xuSf9E^o0LaCC3 zm0*iHqy=TRM?z-yn<8ifx7VP3k7iC;-5O_%a*h4LaaHD}?N3_s;8-UP9cHv^`XRQ% zLD_-Jf!F~&A4)i%NTrxi^ZXR(^?J%DZsR@cgg;*l@4X5XG$Vyyw2{E zAnCswhV|{neCXg1G0E5v zUd6ANE#p)#o9Ox}*RuOc#ODYvWyx`bEe6HP!RD*ik1!L=H4PLec#L#j`P*h#>Qf3KNk>)xYgOxiE z=UD`%7tilB!$6FDKsq`!__}#I1}sWz4A&5tt=}t`orVmsTIdwT4v*d?(iLq~^kwi{12DoPY_)v+JMy-SxqK5@9_t$> zMmf7vC3%&7B-m{8#V%2!e^kC5U?;$ugNaq{yq{JW$W2}@X=}4BIo2jFt}-Mq@TMs2 zRLvjqDjl*OWqDaqvsgH>BCHPWkiP8|FklWDa~J>kbOiCd@ZYA6it7EMy>boioFbcd zG9H9%Esu~|S!0F}&g%YuWVKWYdl`e=#~0j`emUbQy)!TbSh?hh&W*?Knsg`{J|Yll zVT?-92R*B7@bxoVKN!(4&g2|4Hn#eHT+~m0x>-|fI%plu0|LA^ge1y!fWCQ%bBSuT zE^>eG?8V=EU2x}}X|XdthKMkKF~BR=)0Cm0@hR#MWwL&F)oPMsvQ?JKjfbzCcwv;M za!>I56G|ODKFP-@b0GjSrC$w(88yNGr+JP5X$hkB@bDO?`mZ{HaH`$-5mL1I2+Ww= ze+mg8H>S4#En`-pTm6h*H@-8f=O|7>)$XzCc$(o*PEvyEgZTJFe_LFZoyy2c<=7cU zS$YMDldI+8tAMZMXFin~ke4$RcU zugI$S4i(V>OFX<3XOl2L-x2kn`W_qn(uGtc@?~}(;R_GmKeL7oB6c<(vWWxB`91RvsCNJ9-W&OC-KmJjVFnNMOtzbwHTzbN>A!@0u^EIi$tb&M^R;nqN*LBZ47IhY2vIa3L>rp% z`_YFQHlrC+Por9!*P!+_t~T03F0EsJ4)*me4uw0c!+HamCU~NcJ@(}-nl0L~&AI?e z!){uO+4x%m&iCxur!{u$d~{cxH^o7Z$W))x&|;eHDEL2r0a}0Krn$%gz37&T=3+ps z3a0Dt`bL3HiI)ms2f4K4vAc%?JYt-Os7u-qg&~)QgW-#wvJnWXU5a`ol%uX@rZ0cT zhdE9H>Lo`rd4SrY61>IADJ7NPBSX4il#qw;-3^WOhov_Qncxk@#+TaSQwwOHj|mT_ ztwZ7a!z)ELNBZ%_5#*3h{I43I4`K@U<>hwwWrDx)3Uc2$y9p;xErIBinI7lR1&NIE zISlKs<&HL>rp73NgW!`{+1|nRg_VgFeo|~K9-cjNrTzC`-f)rcLoO0}P1n37G+^AA zQ;~~pF?nk?0&4OcH#|J{n(`|5JXr8t^Eidsn)kjG?MsSCa6k9ah>frR%)`aj)U%4{f}Z~(RU4*Dw@0_o+XY*z=CO+S?HJ&iS71^6Dbw) zEW*3?ZG&vJLomEltN0YWw=ag3i|G#|PuS17{es_DJRtr>fl~)j z8#@)fqgJjWP2ehFLbJK{jP0+b`4onCVl9wfRuHe@={72*mE1v#7K17n`|uBoxt)3! zB;K3Bj7+XYp*OgpCCt-6y@=20lo6_&s# zE7z#t6w%-JC{1V|n(PuS?4W$9%fjs46F8yxA@XwpGoFP&?geD2gIS}&_6KwAD*H{$ z-oArgr%1SPisXSTnnDN{r=V4Pr6}Q;!r1xfA3Cwe=H{0Cv12#oUQQL%$Pp;Gioh3< zRJfVWJ7wwT0_GlE{%EFq4rq)rT^fP12SpKFn?Iil$p-N~lBi0Mo!L$Wu}@|KJx4Zt ztqTQI>b%>RdJds4I--71PCAz6qD=-1_bNRb+A8+C;ia{7G;*>Y@qob8^g%Jxtf_D( zp6WGkNF3C@!|)izV=9ka(2V}*_AD=@R%xnU(CDTh{GE5rhr5jqFz^lPUJj_9^zpE} z7tuZa4Ud6-xH8YJTgJKaa)wMyv7*`vYrX6l;=tY;q?icKZ}bmt_dZijPGa%0r|U~$ zvz)9MSuJlB_le$)nNP*7ac-66>Grt5_e9B#rcCfDMk~-uvQP2j_?q6k%{-Wi=Fh|) z*Si^;k+@88K>rbAa>h~yBhevNl`IK%iRvM9GUYL*?? zm%;cHB2%SZECE+D0SCs#*!#j5Jt!2Div!Kc{ihPwbdqTsN$f;ebG=>m;=|TX{Tt#62Vuh5~FLr5O}UQ zs!6rBws?mz{VG<0^t!47TeKNP13uCwdF93@R7w@1&bOw%OL7r+23qLvbw<@Pt!e;9 z`S2q8FkYW2dsmIIPs%!tD|Pl~teRM29OCKvoRt*^2b4&<;M$*sY{^aX zIXwdETr?Lxu?I2DjpShaLeH2Xw;4<&(>Y`LDM^1gytPQkSs{rQDHNkZQt4L*w*k$T z7d?I@p6U22z#O7k5k7$A%OQ=we$Qq;^WbA%br)n`?^68Z*&Yqw{d4k1gu9E&5>E?6P0^zh+kD2% z%KEgf=f+~={$qP4wtLO!rBw%y2zkXmjLiaQ_>z0yBQ8;^G<{|GGjm&A_@05VKVP$; z<0)jg8vI%4jN6uH?QQ|$V4*Q{=W9FPYO1Pw*Qjt>Jn#KbJ|hcSL5(-F-Ixe^Mntiy zVzQtWCDP^CX3-_RRLVg#ls*9*53q91T@jBpP`&@hzu~1h-lrTDH>6Lhussk-j;54r zbt4bNL}e+XwJU<|qTjscUcAftFy@1;e*LH)qr00Px=MJ&W!t-x6zeTEW|tV;oEuUwK3%h*CEy zO>ffEoU+&X2h2>=_@3{+9RVCsZUKU^M)7;}4tst@jD`{skqBNC8e@nBHfdD0b4}v$ zl?*Lr4h?pWLX`uj?FmK&x3NRiopU2SL+R$e{Q1SZhCbNR@4y;?=sk9fpc(zUaUZIx zM;ByYD0u5AT_UR=8;u*&JR(Tc4cFWl@~B6lIW;)J_od*wGg!I|`Vb~sf~Xm3$>lrz zNj2ufQ&#Y^m$izd)~Ck=n*I&W{*$7R;XcEyO-{+v0v<yD79DChOZ2Z9YCD z6Vo8YU$EvY*Fs0sae=cU8hP(jGAqdM+IbB+EP9rDqN3&E3~L(;k2%86h2SW7z@O@0mvIrc84m+`5jmr5Le31Vt48|OUANYtv%7<%Q7 z(ghbqC?kYCE1WlLPWuNw-i;pYFB9as1VTiH_)Y0G<%2VQ!D6D!5yM3hp}3V*_~bdO z>wV)yq6eSOV2!x}m{xco5c}tD`WZq>=YkGYexlN*QDKndA+#*~H@%6xIovjhD&*Fk zRFQ$GF6TxFua5zowUZ_m=_qkyF>r&&zD84w`)JYvw=YODYMN`KyHXs&&5b=r8hT;2 z`d-!dB6>wdaXpW3QD;mCzxc!qEen4i`7H@^t|Lk6nCny*+Ygi%(0h(oZ`1ht{C1N| z6ZLR|1O(Fu9;*pt`@wqJ=jp`6$a^C-O^jv!l8dJU^QL}|54>&ep_j|J8j+0oIGL@Z zY;90q-Ex12)8Kny5QisVfpjRDJ)C&oJMoKC3J^&5(!=Yt!rEU0KAutdeY~RY)2BUN zKkMC??uuTK%FUi?MvKu?Wo?PP{-isCYlEaEKIX}RoGf@`q_doCuc@z$gC1w!L-YeS zQDq@%M!NC%)y4*Tja^or(w`ntLof$LqAX&)?TZavV$hSt-N}3)&A~{GLq~rE7tD~@ zsZI<)_I(+C=bJ3V}_un+;daE*FYW}LH*@a+(TmYz^vyX4XBKw@ z50W>XdR&6jA;SAL!U0dujlJR|Lgm@~RnGZGK|b#znat4i_QwTxdL7(pBZWPtyO;LR zT$uX4+$Hf~^Wa-SRLAGL5YeDPb1Pf{Kgj_i#i)^HpCk;_D7#6UZtSzpAKn%_efv;4 zy;W2{Q_>ncu3gAtxi8=trvR4xp=_zFHKklbpKw9$e9&t4f08HPW)cz~@fBs@9 zty!f-7x7X}1~qzwY6H71ZbE-NRJe!5V-!jO^DHGwU|G{hXZ6_jxZy{J3}2-9AE9rw zJ-raR@a|(%VH=t%4OnbJqpg93{K#1UQ<%2or+r)aWCn9265Y!F=`tsM5zeEa+Kc1n z(JU{n?oZ>uHGlC8{}7{`%l78{(()5xb9i(o2=Vk+;!?EXjG(`HENy^pT?F35X@LD$ zw-6a@{ZaVlT+>x1j=T6NE414_=~}m2A<4o{(Q=trFWY3LrI0ZP_1TeKR$D?xC+;Z^ zTN=g8doLly0T0(0Vqe4v<;BNI2rGd@u(&{l@TUh?oHwnLI2Azh)MPz-?`VV@1!(l< z=XAK>?CWFnx|gk9165h+w*75CKCBacEb(E95u@;vzPRSlFZ!?_B}smTP=tz^t^8f+ zAK$X6KSKfgntc(QDM=jos8mh`$M(4SU8o3!<^3&Q)&80;xV^`IYmOkQoR3!EnO`L^ z3xNlL-MQ>3&3k!KNp~wcV``F`H%QND=_FjpYh_Qa@-Z-?v!uk;TpCyz= zC$2kR$_sgMNls7W7l+>GvNMJlpI1+@03$lq%*OILYnGP{rC^-$Q|z_L4TR} zbcBZ|-NUcZx;s*=C1a)rCd(9?V;i$FcNw^Da#P=6=!8OwFU^co?Q=eI zFef=Cf1;0snStvZ3Ov0vhNwS5L~<0IzZu4jnvh+U;fYam$j5A?oCw)d(1LxFd?su@ z-MHvahMademwoL2#ok*5w9!T3qQM=4yB7;?MT&cY7I%l@Qi2qBOVA1-p-^0c6p9rs z8a!wzZ7D@U3DQDKaqY=}?m74IKAng2aG&;MCX>BqXU*PAzV)paEwcd@miG^+`Xmm6 zp3q9G((5axIJbTjgam{L5R2y&o}s3-7uyViwUewRb$L$6egr;0Dqp~;sukg?DJh&s zL_{R~2UiB-0r2thamy%;y%4iU*&o8_sgddJE#!^Pe<$(}V}hOEUVLoLnSaW~ulMJk{*@ zqa~h0f@K;nymc8;Z@3UTO(48$-YETaLw_}poM7|EWdDxr|G=db>lpu=d2vV-#%AiK zz#9ioHF{OhRiba=Ikdg_>QT+#*D77`9VL>V2C-sVmBu0_P{Q?+-vPWaXU~mZKgxT| zYC-Cjl-6u4d#FTn=SZ2z)SzLg{kntbta8s8cJ-SkIa5uyasR62EP#dI|8sPeW~2I$ZZK~_puCswzyZg$d@=co_p~G02_TQzXC-`K@I>b$o?G{;>G_or zHjNZLAJ@*Gy6Spw!@3*i_ripIkBJ`y6|E5A75P(G)+^GzW^*6NH*{BY>ulFT^l1^B z+H%n9a3FO=6giIBiUh@8iJGtHi-b;-CKV8uk*|0P*JUV-CumAhkhK3`tUd?y0DHa` zOQV_3p8HumpbC~6^pUUOpoFi;-#4}sw5}cycC9Et5Zj6#sQ2A1F#lF<)s|q*-B`c` zoI1HE%keBsZg_5Zxc4NpuiVoyqO7rTBV_&*t(64o;;DL9{P^2fyZ2+h`2q7~)DXF$ z@>Za&z>DY1!pJ6zy(H5b#NrldTp8~s^L1+er09e`y%qz9N$fN9!SPoZCZc+_Od%_pQwlP4Fit5`X504&im%`W$CdC zHen{A@W0Ql(Q@OzI}A^Goy~}y??ujdSL1r~sqc_9n-T6AdB3#z*j3=$<3y@X=^s3f zVNQ*Oi<3(UU1wacKF09 zkz%bJni)!&P6aTcQ$sNeS^9Il@yLTI-Vuq;jb zJyCXxxZj<8`PMJYcXH(9DSVn~)_Rbjz3}Ws!)uJ?C)=m`doOINMeB9B`=0%98tgtW zd)cM4DfK4zCa=&80a#%<<9=C^@JCA^V zL|ZXeevMbTfeU5Sg+cjxqj8Ufr@p}O$y0W$=Ks`7-s?coxYIf-1w5w){T+)E%RE7H z4O0+N%e#DpwouxwppcD_IiezOi!=LKo#@6uxD5HNH$oDAa!1w^Eja330 z^dt+MuqIfbQ-e%^dnen+M+`UR&Ne3#W0`q0{AZ5>u3vCRPHiU2UW;Z7hfDqx$o6r* zPN1nPV64-KU_5>q9=dOLQVF%v2;uhn-d}4L+-^egu%+WF@gLxezvth^j!@m(y8eYA zPU`i3Fs@e5Z%lCz!rI8$+4L-;eQoiPy+RAuTr;%$gk;>viAmXQV0*Y7Pt&Mr!k)rl zUNkw!tz(U+`(v9oUxA=(^us3_=JvDgf{>0YE`ebU&+mH+Li?&mkKJljSl~Hhv-jdZ-0D0c{aafY>O)jP0G$z9wqo5eMM}bALWf(X8!cLcsQS5_g+0*%=L% z{v|(A8ZOOukDC#^nb1A*!xhtR1at8$wW$4wKhgc+=`>fWPur^7`kL_t>%&HF5i3>M zUDJ|xLRWy2oeOOTNm$iKFhIyP7J;LIB*_H#xcPQuei7yGk-zxg;@0%O>ruWc zmVdbsGdBfXD)IdyDIP&1@mZG7fXhZ!lFTwvWB&k0A1Un4T&1m;^S$$EnxW07X#oOE z$N=6NhF^SN{R)%Tm&`Loeg8C>Dm=99`j|Kx1;_hbe7{r!Jt}_E%sZMW?Sj`bt~)Y4 z6vUILqtB@*o0sGsS`w%Mmqih(lmxzQJD=o^(%OnpzkQDyuO5yt$9A000X?-i@^t`{u4sL@Gz02q%NY)6?f_&K_`&7W4e%>Rs`w_ud`q z+C;`>VBq&_)0H1@BccVQM`fo_t#%H~v?P?vbP`V->TTc5U8S0Dmlxjxl_&kGF<9cl z)wyfl;;i|1eG4Ry>}TXV;EIr-TV!B}b?*ndBsLa`Zs8v5D?V!0#(Rzvot7>3`c@pw zGDNd?5KgIDH@Ym#Rl$no-M~`;7xE)In-}bXb|nVNi4XW_>K*jNd>jbs?4C0xC71DJ ztBcglv*^yG4fiIy0_q1LjUUBK-CD5tO9&k^RxJUjYR3KfGkUU@Y% zv0uo|L5WRD1 zfJDwlebA{{=J?L>EME-Mai;S9qu57aG{6{XFntSiA`3FwTeRVbP zGQs9APR)II>oTd{aQT1YlHi9w`TqcTt-O~Q>j5Gb9J4<$AFI{fNfssSJau@?p&2zw z^_*#I_#z8ea9Z>u=GpCYsywI->50(!i{~a47DGoWG>}tzmtV!S`t>d=;PKSbFFG!p zGJns~aM@KuWDOfv+{S&Jk`Rrz`sZ~0bZ4YJ@sqdSivoAgzf*;?#Y1mX>qR#iamrKA z-2}sZZ;Y0a2{-*qO5nE}KGTFDdIlKHqVX?MUy+QvsIY{G!eP*aD&RGj1?r+i2z8_; z1U*tQfns7!=rNI{^#A|K|4S!?vq$SqoGz-cET6KeMv$6s$5g-pOm+aVAU_sGk;S4& zOo{UMEs%hH#wBg!o27<6LoTvi9_6B+bj2v^7LjO(s*Z@@Lx?8_Ps9m{SB*Y>23Q5C zcGQTmAS5(a%w2?&V;QB5E3iakLZBq`K1)2hFR2=n!c;&KsP_1Z$FltAl^7nnw?krN z`4YDtoj`YMcM$JVMH^e44u|?83}jhnUTye)P2+OGq+^Fx*-j1aw&`Nr6B&yy#0Ht` zFM_3*6hhk6{x-SctF?VnJOuCTs{IMt3|CuhHZR$hLX&S{SrYy*|E6Cti$ep`t**|M zrW%gK>{FaZTN&i*tU_9kz`_sS)EAof4Xrl$CD@3vT+E`m%Zz>rnGkVy8oQ6?FKC@luN0mq%cBp zDD%R-A!Egwg^I5JSXAZ{)|vt@yi@k zDszRJflJ+vn%OVgPHbBn6V+1WNuW$jn+-HwCJ=kkT<*#sZQP9!r25bf6~x{GlL`PC-XuXdycr^QhFxxqj+{H)6! zFA2zW$fYT1WhKctr6#3hknlZb=_N&&ixm13)*+l)aEKCqg7wW*8DU;BoSopwGJZMw zxt+#0e3j@jv$Xa{yvt23%e#GsASqO{uNe$6>{yQxpLGuvfjTcj<5>@+FiO}m8<`4k zbkCAacWbp}IM&G;q%znr%eONQ?&`ogMCTf~I}IYIVR4oLe2skTvJ{Zh)xco%nyoLQ zR2I_4a%k4|WnV&S+%zDE)NpRW(&)oGT;lRAzXQf@O_1ZpXo*c5MeFsk_Zp>Q{6_bE zS8{R};vc|k{RRnVS)H2~J63dE{kconsIQ}2mSjdR)BebMM*&!D#3xl1YlteVb5xgo zdcbV{YSAVqj%w%u47tx>#KN$56_89uC%_7MkWz}_i5^#5ye!J=VOf0^E)%Ug%U4@9 z^C|%MvNb+7z&OiNwziNV{ddJ4fhou$D1(&HW!<$aZY%%K^jyQ#<*&j|Ttsg2UG>Pr4Q~{UbpCK?_mg#cQhAQo zr7KyFYv#&Evo-8{UqkwA=8?QUsNO^|;}MsI+JAtC<;v{uaX`?U?^G3rO#U8Ea;h(zS4AugKgLA1X+^848>8^*KzizzKQ5yj<3GIk#@& zIcq9BG44R@-ofUq2@T8FD4M_V-jq=aRteWZAzOPI8P83mv&=t-uHNV=-A-P+OGC>t z7LPj1gMKO(L5aJHputv4SZ5(w^eW|%q)cTUJh)O8bMI~^12-<2v@(0H%(_z=TA|6O zrZP=`EA2u$DO+s%Lx0PdC)&_#+K4oVEf8^J!__~Xo z$k|n)@cq5-3Tgfu`~f4eJQMPo?;M^1j?z<`!-CkIM4pV9idV4)|FXP~bxoA2;Pq~v zC+7w}uqab1_~2PUdg^_^oUyXL*s8Jb!%Muv1X*PpEO}0QnmjA&=tFE3$s=RnWXM3= z7`mCuKWY$$_ueO>M{D3C1ZL@f%KzdYVBu{AIL;8IJ>Xlkq`>J;Wh_(epvcI=Z8)UF z^KA4y9gSs$>W4B*$GjN>Im&|k3+gE3c+tBoufV+j}a#r)sM~!Xtclk3V z#M2RJpVgk%RZM0Di)e^dlmMJL7+=B6OC1VA1Id_f^UNLx`YLNmm-aT$G)prv<=cc*ov`=C)v1L-9FM^q^;u**dEf zhTbuyPcMb;)6~BBLaIWL2A?{z-|!7kWckzrA;)~tkTSJrCq{sW8?$h1fKf|_P; zl8kz0eI}@sO`8#0MmZWp+mbjM{C|L7J_!AQP?cM{7#w0QRn}(JD9AJ1LZL1)7a}cU z1s>^QHa*ETNc#nQ14iL^5s})3;Wsm_jrjsHh+1~F5! zi0F+l1Ks`lOOZA%nnZ6_kU~FQC?x61MeB~VqHiU;LRK_F*j&5>_-ujs$pvoBWwcB? z)MRQ|&dnbegi%zbfUdbD;&++cwA=U0_OyS!I8@Al#gJXulUkElYVY>%?CB9~IK>TI z&(Om|?U!(cXvQdm2uwv4L_dHjdR)2Omq5OVJjf3NeW}X3Ey$BxQ=U~+L$?i`U-j0m zJ7#X`M!m{w_JzT>dkzBP%LJB$ZKUcK56-bqNVF)VQpWGT)(ZyXYx)s&o8~!J^^qo4 zSiF9WV~l8izcLbGEk~lim^jR7N%`%WX5cPowFmh%qwya?Vqgm=|5e?#!Y{QylH{|} z{{W|q2KZyIamip@z_r(Z0K%V4FQ@k3j%u@xxkmSLyI*C*@__x`^ZsZN3tkN0>1?%Fgw&J`dbs)FYS%GI%_Ho7!U>#iLhD z*ZK!rNZn^Tojq&OXdg^!NM3sqx-2BbksJRJjNE!pJ96mPXzn=6GC=N2L)nnl+?&0|yz@Qxfb3lSkJB8fbrAyp^%-c__6s9Jz%5=xZ9ijNAqHP2A4$ z)sGsvY>#)$MfV#Ce)WIqXHuQU*%N+xX_QKA8_JC2@$@^3CYB{9$jk14mkgzLRF&9mSb{JaG)(Vm!jGpYsYLmu1j zeL}MqBos-C*WpAjt54YJz$?kddri#!56~oIkz4YM5vPov#t8~N17&@++9*#Bd15JU zOtA(QziVz0a>=B5p?K@wT%q(@m+T=7=3QFZZM-vHTJ~w`7{6?czLmX1E$OyDZs zsZrmle(~S@ZCSh^(|@PWaQ~h{lQOK|`~$|xfJ;}MmfH4@vr)xsL^ z5AdVa5g=9pw5qP&^NjQ_`#|(0XlB!e^s(Oqf>Pi8?XV{fd_Zxz&L8~cVP6t9D*plY z9^|!VC$VU}o7}E;rXuV}%mTN6x;D%je4;rCH>z}wmo9nkwzx{vgvVaPa?dIp#U7=_ zk+#U=ztzI;8c9WZOm^^7j;Q}_9N9-VBR0yMK6e*(afh{+r0CYQZ^{C2?n>of7 z`h0kvln2^!?(Rd1H`w!-R{gF64;Pj}g#o1|w?7OICoex!5!u(qDtX!$G$%B!`SV>F z`MD(fg&B0a}mK6K;MKfnmuMHZ`^UOwiI3o>P#lrB9> zsZ6qp{8erwkK1B4mBTJfjE_+0^-z{{(;}*5JxV@txxe|k*Ie<=qaS3M1l1ApWX#Y+YWR3?{-Jt zGShNB4I@*}@T!A%NMGiYxJ$be%5XnpN7nIX>X{IHSQ)4I35 zAl1P|=V5b-t`0*Rn?kC(4gB9Th~1a^4?# zt~HV`Bdc`rT5Q5!e`8l&c)@q-8R&1Xe&LSnnst*zdv=P-?7J9)If~$QNSIW?+83j% z12PkYJjwpZZi!oJFGhYzfn*)GOWaj<-XUfjjn84S%MEJ|U$^|qf5$gHF8em}9eN3H zWbI|X8n6`T?>eKi-sixCBl7`u%@mB|>dx+zcTX7F@@8P< z%4GjR!d~{Lli)xizOWa~H&#(%J9HzRh8oMke+T*RH;YIV(M)r)^VCE4J6m z*A3d_Q$d`0c~djc$lO|Nr<~+&DAbtR$WJK#j?9#vD-iDS5KXkXz&#amn4X@6vr{#l+n}e(JKS2C zVuVt7Pg(fRcir`ka)_T>lX`2_IfPgyxDJ%-3wwD2>QWq>6zc|;{A$1IE&H_B+J<1_ zHRwg@=wr*L!wi8|q-NE}9lp*%-u@Vx@5f2@3{LIfDv4z(`!{8SiHV{TlAUWRzcxmP z;B1NQNP9kg8CSDZMy;2giuBoofggHmBU6SbMLh=@s(<+UU`BqExZ`slM z#c0l%aqYApTJ~-roP*pipwUanj9~Hfb4hd$Jou?};A$_1d8ucu;=*&8KR@`GvZ|S` zXieaAu=~FFkn@X%e5osi3B$SI&+`f-E=Dk=Vl66mI7#Re3K4KM$5Lp)Gwsj_GulG7%$JN!wXilE1*A1 z^+>acO(#eJySbL#S2PRen!sT`7^kjm^Ta|Fm-k;$BdD#_vp(;iVRA&*(Fpg`gv;x3 zkly$0YA3HqdU01~NB`ZhcZGi1q?!C(nG+MA0U4XkL@bF1D$CBTNoV+&Cj+{RIeg5g z!*Uio8NJj2ZerEJpbtqWwoeI{Bz6V95N+tbSG3}GCGto4OM^)X$^)Ife1)il|DL~& zt>DYt!UP1f+^CZBF5#8_Dop`rt4QI0wfyqQusa1WMSE+p7j82XM?0J+1n2YbIGa5P z9LPLg=e>BNuZKj^P`%c|Kcmrb1uUG*bu~=dPNODNz9CZZU~IQkpPXXiWG;>y-W9Bw z9#?&yMo{lZV94s4CpNjd!2LX?8&8mw0042rKfo?~j##|}*SpxM%zpp_IERMIL#r+< zq8;n*)8+N$b_XLt`k?ss0h(Ldq~b`T1|%*~!?M}C`mqZOS-_b{<_!oBdU9(X{bk3k z&~C(lZmm>Za6;z^>(hBKnOzCQ79P+Yf&R@PfZ5D{tLL?~w6n;Cr0ef3mW8P8{O5qv znJaJ~cXk~KU}{qpn65{pH$mW7PNJwhOHF?OI;c0-Z@thn$e9llh5B5zt{{)Khna$o z*t83mnyOoW<&>0p*MaxYK~B2mfm6A>qmK6JUQr(MqD8Oww~yr98nUbk4^QER`i15{ zrJOfbWmAHE4Uy6K)N-V(AMU6vyVl>S=dtjhP5;eUirkG1n?J zJXgY(kX6%WRv3kN9vZHebHhhd`N*UD?)Un)*BeLf;ds$3chI3=c~c=uB*af{D^!wO z!%ReC^QGxlVPf6e(Z)CqMre#udL;?tlC$x-Sox@|l<#YOvvJ^I+0c|xF8jXn>!bTx zSBSc{kNX}#F&KkVO6;gS$ypdqyNBCOH4y~`j`7#nBr7Fl-(o8ZD{Umd!f!pqV=axC z+Q{Dyw;9)zdGA&A1V1W%;TL-Ht~ie3AD|^%0t?j%WnaRw3Ji5yNkBbMnbxsjMp;JJ zAISEubt(C!#bZj#)@?kC<-4q|maV&w=G1Pa{JxV(^CZUmw}n-wa;X{@d-B-57t2rCc; zJCG-!dKc+X@J!3ubv!sZWVZZ272+QNCbRU#2=f#nUl-Nj^?ml#RL?1#0?gzO+?Hpu zr_b0mXx(15)o0C^@0%HghjuT0ceIrrml~qPVh4Uqa+I%rtYJm|NO3eOsn6Z1>YEdZ zC@kPXb|nR2W*QKWt~9ljL`y3vKMeV!2B+B8(ef)y8Q8{TX)HjzS<-r%QSF*$#ONIkdac&5%KUn+C zhc1RGkTFn%D7|UMz47b&IG+QkMt5u`$l3i_A($K^3jPPEo56|^dw0D0Zi;S@;{a{i zDfwQvgXY`mF}|mT?LFy7l(VGUt5YtBLKw-U*uIM$+-y~y9r*yM)T9PBg!)}9~B38Sx zU7h>)9Xqn@kQu3r)|HO>=1F?aWmBPYi8{Zf=%HPC1|5#i177oVV1=N6czyca`m3#9 z#u)koS)NN%-70psQbeZ&M?!w2`;yS-shiO4i{9m^-&8+JJd}G?N^2H;sPv#vWa*p8 z+qtlse*hmuy5~PYxA73@T**?F{76w=?TGHG)Tdm8ga57J5pe=oHlbbf8+&U}Va>PX zf+OHDpo`C?FbiDRl~E;aSCo~9ey^AkcuO21cSw#U_V|GSJq`Y(A-PXDZsC_LjT(}V zGqU8EZnkr^!PuSyBGDpPd3nY*h+=-OtX#_CoyjM6wx2$wM=q$lQcUtcKm;bi=E&sm zPULod6bJ6BJxO4=o5Q3e=wo(f|O4n~J)X(Fp6TV-- z5^ON`ZwG^1o*t8Uoz;t*v;+*?mZI)DZcGkv&kegV+52A&>usfamFqvi;hoTVGlu4_ z@$RT}S@voy!F2AB^>#~zJ3S$CNc}tRK9-FC9{ztlwde&DNBMeDx{5nRaq-5end~aJ zJNAgpLyxAt_X>Q1JOzm|1B1*kR+_mTrYI9>(_@JpIz;`cM2!yjPvUNbh0ITM$f5Ww zgb__~ELW0O=~Iw@D$zP>B=g;fwfdxBuP(-Wd>P-7{st|u4*l8PM#z2!XJK-bS3>Bk zj5v*PPS0Ikk=mUoK@qRyyOU{cas}1Sx33}qR1Fg1s?F~9reSh8zk5R$ldOGOscc%J zbF~7dy4i}7N6QA`UD#gdYjeURU4YpOcWc4Z`0m51%nWhL!nKOmmTJdZJ;kJg8ai)bhT$r z36O%^epRzJ1twz8@RKt*u^Z!uY59|7^(b4ID8`bxQAg0@JWKLRHk~_(PD)5F>8oJ0 zN8v5^s~h_QkR#2v%cP=Ez_#!~68<^m$ZwGSG1Y(%%bG|1YiSw&hKxKYdeLUFI(po6 z-Auxw+wNFZ&7F3qYYJ+at@>)#`z+?Jyspk9QhJWke^@0{T5^&|0sk&bWwanTa{^;O z+T^wHFbEHLdZP8gl}2rzT7XKU+Z>wg(x@p0;WXYBO?Vi1TOB*6b23~@|5fai`i1vJ7 zIhKGX{{iZV+{@KOX9RjnYrd_=Ngn*XjtNhW$}Sx2!QN3J-41SH*zCAs<`k9R8+XSdbb1L^S5~Q2|rhmm(D8c zjXMIU20I}{($yV-zB&tNs|i$?rO-91Wx6YlfGXdbP;{*@98*>pS%zc^a>0-82n~~$ zqe0ZUW!~KfbnmBNOe}R@q9QW^m+h^rJb2oQ1hlS9lb%Oe`(+(kX+&d@fHSyzI^h?X zUH(Ih7Wyt+tP*;bGL~FgoSZ zZ_g6a>()sM?Kql(SYl0VwSkjRTU9SdZGNw6Z`3@7%heEeSDCIrQbEL4+NZWy+vwq= z(`|FDwbLU6rtQted>JZjlyqhbM1h&FI>|@jOk4ie?KhgWi-i%yk?! zg3%PvT3_8#o-_XVgFC0=v~8xC`F2KQXYk|6sMWq8r%T8s+$3Z;Fr3;9%>14TeJhW4 ziEluGSH^QN719cI8rI_1rD+v3(jJ;FN4xlB07z`ZNcUs8#xO zg?|8dMk+rV)LF`5Joh4XmxNMCb$pJ-hgp}3pmL}w$Wle?c3Y!%e8IHoSlZdsyP@c@ zfCq3@1_lOM)-TmP&#$v!GNV;n$JvWS9NXV^HNpubc)WLYqo4=U!%RNR$FkJc0H54H zR2vvlF{+$S(N70tENa_Zljp-(awC|m~w_j`Ab|sFYXHr z>N&k&ehuS(GK7Sq!DtB!a^vAb%mai5tkA>JIP?>VNE#H1l&3oxJOXWKBY@BI8aal# z+$}BHD!uA+d=fNL19fTm&30nUVmu3N#8}?f#SVkYhfCxx4l zQ^g|t{;oDVn!CKDrs39>)u}@_VGLm>VuGyC?i&OcmYgyqdN#ao^J2ug6Tcb|jI`pf zEMLhpoY73X_`&2)1m4wPbn?*Z%R4s|x;@zii&F!bpx!HX)o8;aS;~4_t`?(oHyWrj zjurkD^|oVU_Jz>`7!-!vghfYh$-rO7rTmx4{VEHQ`8ubiUw>a^Myk`UhG)0Fo~9`@ z8^hrzZ3;cu_+xeF!0C+N@axOAkkwe(m$vY=t)Il{h=!~zX>kl#qNpI1t1Z-`4C}_! zcCu=g(Hf2T(w+5P=VRBa2VGnc1|47!iHNWO4ZHSdC%*J5lI`=Jp8GPU2-xi_4hz1JM$cq|(-s=h%h@o$aowH?t$ zIN&*rft=3!Mo#W9)q0mt?=BNE6>c;zKn|JO@2a%zi&i>k8ML0PI$*Yh9NR@hWQ%=p zAJ|GP$M@MH_fLAdM2|&cS*RUk9RknRzttlZy=KL|O(Qke+M&V2Oj5@RH{-UM*BbAY zRr*QiNdlDr{8E~^5Y%wxDP2=c*9me@T55P`D~*pYZ^n2aZ6QsGiB-`iT-9^?$<78v zT$|X!fx+V>W)x9xrew|dfC(lpOIArzvRz3E5u~Ft^ky-bXlaJ;dRWgsnKj2z;%qF~ z3Qr|95G&@8N%spOv*Nxk?Z+1`QsDLn{-mk42D2a%H~JeIvD)>{ORVpf<6Km|-TW$( zy*o(l?>v7<&I-SzQFl@Ivvw(M1}lEf*lXLcNgz(`D{dtM;8^b48?UF{Th>#1^Htlh zBzq0fWsQ?7xO@mV3lILmA@j5W4} z?;D<#6yK45+5ZyS6Z(Xo6GZZ|n?t;H`IT6v*jsxk$mdL^Kh{eOHYYT;{hl<8qM7;2 zeuT};^lCVTOBvSGpQ>jq(Lzi5vMz_8C=2vPr*A4J2GxR=*XBOGisSS0;}}GN8E2Lr zMm1#lFQIG;KGPfPB3rTBW^~!j*Qw?|aoa!QP>FBb{FtMtVDVa~4CDIBQCmeL>KyT) ztKCnrSlj#vk{ML4321-JE0&*o#0(632Oe*C@cd188@Js65k*x3$3upn95X%kY>*pe zCeMl~ApMPea^>t{|Jo2*7+KmUoX`8>O1)$AR_Ht?&W{yQcMi*tsyanv{tgh4Cx;=n z*dPP6p7q5_R@pPXwd4nmja(j~Xwd?z@JnL}QZ1b)ZAkBEl6*qFy%R zEr|VEY8N%HmBu~E3x)BZ9RUL5x@2g0zU+58R)6M{}qQ^X)0tNJ3Np)hl+lAG#%- zj*hBr6F}jAtK@_I@uzYQa=Q0}x&o3f^y~4}Aq6en7WRR}boxeUC=^N8o7;TE(V6}L zMz5+jCukZr8E?vo{lvH0W<&z&nHy2ClQ(tXjupunGUcEvODB=wbf2F>A|ha?COoV&m_ zjyZ{rSvs@m9KJ&4XsFwp_Qohi^W3x3dGYVP$gZ|-ZFtCjQ1yrEYqV~ogH#*7H?km( zRh~f$g|!0u0oyfJ5(HrB*dfCRlGu@3<_-q3j!rc~)tCC* zB&1wP>_E+{y{!3c=&3Y|slz9*`_lv;OPIfqJ))`$FYEjGnVBg~i@oEQa{YO7d1D9# zm7%9&oTn2;?PW`=eQ%*=41xy5;-?1Q*sUE&)fn=l;i2+S0Kd#;`|$PRGvXz`{*HRz z;-nRw4ccI==Y#fbZo<%Qt*NCH>Y!Wa@c>;Hl< zBr{)1M(3}-V@mw?(T030TrO<6D1>wBP_QG^2P1@26~<~@Mnokl^L`{xV(txk7;xOV zM?n7j^By3x)HPA=s}7lU$POkkBSzYS?{%r}eJokVcHmC4R2LwLZ2{GEBbMmLc;l(# zn)?z5TGdljDr5m{)=4<0Nzffx@U1WrF8+frBYT?l3}xX4*G1%fRy(+5gx&PkffPPtE>;R3laaS7^r zYR6z03E0f+=Yh%;Dn#e|&=MzrGy5UFvjKjx3b09pij)l17pOWK_NR!N?xp#~`l&i9 zM__GRa0K@T8nF;eN?gL>Qa*=H1D%V|Zs-}!_yx(_&D6Q4W1V?7OgXo-%I`kAkcic~ znWz(yqI0wS99P>tI*?U}a|p5V{fjhcnIpXNmmweXNrKckJtUjB!@NOSMQX^s&+v;4 zMke-xX3VRiUfh-b5$Tt6#3&4#0hz`P^GM}ay zs4>?@64mpsc`>X+OFj`|;5l%`fKR6fH%Mg&wW464S$)hx3}o&`Spv^bJgn<6=MXMy z3$!FFh@wm4YgDbX7hVO+M<(E{fjV7M1=$NKF>^C(%dmlqq( z4_9^9{Iu+9=eK0Q07NOf%dq0UKnwbt73i2Y-pz+edzi|QzhewWEB=DRM3O9)|0~yb z{h=h=oDG86ynC|y%xMs*^cs+5#An%G+#BlZ$M}SAr*MQr@?CZ4**xeJ&K#jau`$)$ z@AogoSb07Y8e!@CSs~{}G(%wX@mw#7R^UazNl8nkdY{@tv+C4<6jt`3wlk1OKat`< zPL(PUW!FZ#d%cGk?$@_F_Xxv)60I2iG%g{*hYT)g0`K zJr>VFfKzKIf}%Fhz;->frZQkWIR7628JPD<(wl6RuKJnPR{7LZRt7rlSkTAQ?+4Su zX+h+x1V83o6qDMZU)~IIHNGoUFg=3om)DJXK=v!lQ79kJ_6A!C1u#c1)YzEx+UUJp zaZ&Q^RVsdh-L0k&*bKsQ%&41Nolj+K>06hpHe(gxcmhFPmiXM^}?^9jza?tU55_2 z)k`j4KjLDqXDQ_IS@0UCAg-^7XK5`&(?vlNx%AHS;h>;^P-^;s@p!=(y>snq=l4GZ zffa>J!?bA{Lz*gSdc?T|?N`GuGhWWOI`X{iitH?mCaLDC$PY9sYI`z7vf|ih)YEm# z9e`Ve4{;?>(mi!hWV0ScIfiuRfzRax{$A|r$+@|;ehqiru))I95vVqO=}_@+h5iiBeOa;|%V?^MJ^s2 z2#5fGo5u$(`$=DVy{O7^L<1w*K`$0ON09=-$G7i8x~>qmJUK zXkSo-l~>{)59)Lo1yJfSN&RtDtPUDqrlB*;?o~RA=0rDRH?VT)JPS@Da`a5=V^O#D zaDxr;7B=h4)sQ+7%@Bd1`wx*5ff(PaddJEU(d0eqHbARW!R_~6FY;=VaOP|lQFg!1 z0P_rM@nZ-myIv^5L^7^%ID(X`*>VpX z0%K;m5N&U|maf3bLc7?hE{bfsNQm$VY4*d;;Kn-2q}R?qKKLu~bFoC8&IDoxq=X6_ zt3n=zp}sB;_frf6lhK`R(tfXt2ATT%M_7FD(BFd}n@u#iB`HjbF`k#8Fx!1&`{184 zhZWa)ja!hd0iPC(xNNeMzQW@OuG-U>yEm58Y{i0*jqiqKH=}ihsHH#@*o=`b*_1pv zNBg(r%m+Op<7xCXWUQ=Gs`)0fG909e$o&3TH445E?^zQOQ{)Z(Qy{MESTE|9p>zUW zta&q1!2){~lM5y^8>i`;PS9sXyT}KZF_+4uD+n)fO_&8<>GchcLn`gWdtp@e)1}I= z_?916Bx0o4?Ij#1!|z?J?eJz(g_r2=oe56OR4mGCT)nPT^xVQKz)2cR2G~b}HjUr+ z$m$Qy|H=g{jTFA7U~A>gVS6 zmF7mVE11OF*^CXwG;exDSY_Sb^qb)`rz2;auK`Ps;fTtgpg(aoTU4K1B|_KA zMxF@hCYiiy+N!`V3cf`(X7|AU>MZ+foK6xxg%o5MVt?(7ZOG`0z7N`8c}p^lwA_`J zd)w&%YW(ZiFC1jPbTJ;zlEcO7*V+MR-ea&zA_8K+)yt1vrvCJ?mG&s_IK~6mIYB9R z=q5JCVzsQp>7{O5<}TEm_L-ii_;`0k8=Acx!q9D4JxB_i5hO8V(t3q(8rO6W2b>lI z3Eyf|V_s`P%nk8tdbnO+c1SInK9F&AnWWPs{=n4SXKw1$5c|{C#+^f+Dua67ure9- z=T-a&vawhtB9!~k-0Eh8DM)#Q1Adl=ik;GbXk(9x`Y>+A&dl=Pnil%RxXErc6#1&( zbJZ5B2=C28=4>oknvm9e13ilL`9hSF*E9DWBbX{se^GRMXOMnZ28nMZRc8YB#@K4I zCm&zY%`XJoyw0{~Z}xdg9!g8(xMu$CNNHMb%+>4srvj6KC+W1YHS?MP(BSXO8PVlv z#qWhm0@(_rn2qV&jg69cxbc|iuC&+JTS>{qgot(?x(<2*wTTtwJ6Fjk77kC%_-5|h zKSSWgY-g!#r^k}g>HmYJ_l{@#d;kA!HEZvhwF$BJR*I^o2Tck{}Bw>c;dXKUw_Tiq&7GdS|f-dPUGCkt8v)H<3*kZzEP=Z0*-5 zXJt>2DPY`}u3F%y3t-gi$(?Y;d*}%rb7YzYOc3O@C4y%+jX2nk4wfD=L?$YfS58|i zrt40PRO&|Sw13O&lR89Uw7b(vUkzkA{V0p2VSIet%chaTo$9rn0iSm0W9s&;?aX1D z)R{{8k&u|o$I}72YaX<^8$LqJh-J>_F$o($0UC;m!IBsyWEgwLe1BY^hUxP0i;7HV zbM~8r41)ACxPIO`I;N`I@Z)(y3o3t#AlDyqIDn;Lb| zFGR#{KA{7iC4+^st#ds_1y&Px92R#3{-TrIND5N=aZ}@j*J}}ki*qKDD32c)Ft~v+ zmK;pR932Vu`#$;pMg<>fS3)SrcqYgZgvIGT(n@n4Ll=~1giShc8@y1r1UwX*(dVx@ z;A%VK+(EG~29k#?fyad`l3oQs*#nr}$>~0$B25Pl7s4sKgI*M?;y4yZ)}sI(c_S{> z0h(J*+ItzKjv4{4wgF`;Yr{sl>X%}ZWV=a~se@&cF)xSu>8M)>;#5C3>2${%_4RC9 z3Z5OT)vhfjeSl3a4BvOdBUnuZ{LV1z-@f!*bOr^qP?Pzq`)V6sZp%#aUrKy{*!O_g zkUAT)%~OL(MeHtQGmZYyIsP?9rg?ANdG(h1(9)(yn+@&6ye@IFc|U!t>CZg;Lqq3e zOMZg_MVc2<(S9NWnu@?xa6$TV?td7RTs!-KC~99!59w&&XWGg4f%3q21KfO`_+Qj8 z+c_jK>h+TXN*U%H+*jo)hKwH3VaW}QEoH{w``IC#o)Eaq_>U4JEwc0@^nn#0Bd%1LV{gZhE~{wGfuJXM_tAxQoZ%!VeRa8JIW>dcW#c%v&n$%98f% z%a66k34ibHmt5Q+G zgRV$6T_~CR_A24d7Fj&*En|Av&DOa1Id&Q7&{A= z3gqZA_`Ph7+Il0x4S;C>@;~eRlU28|JYR6D_d)Uj+oFp4og@1Pny5tLl zcZmEZO@y9@g#$dyiya@(C-^;}G-I1;p7CL5jgK!P@djuUsi?}Ato8Kqe&<(k9yx<7 zuBLxv*YJ6BaFQ2Zw1$2h4RtTxuoG~;gsU1xJGkI`rj zDgMudv6df|`yvS4ZM3d=Eqx;tTp(<{e90sZyB|da>5t6Yt}b0u4TyB-Be@kE)=J4u zuSE8tCFL-_%$ba`&gysC(~c(!KcJ94Ri@Do$S*^NAnj#uZch)^02Et_CDf@MshTs) zG`6DT^&iH7Qmx$@%7f~W5n&0jva(DRQ~-URJjMCppJFuVp4YC$E-We1?=Y&&gY$KI zd(>;*&O{U@f8m~lButs6|J3D8XrSNam9M^SmXEApy`=th$87t*Sg-UD-~SSgE#y?s zlMwulw*fH)Q+6!Cn&iOXf9WpV#3fs4eLJdt72|R`4Y+@v%PR$mXo_%+sF!$yB#&p| zb*KXN{T6eBgh9Y>(i#FGk)jd85*_%+pvi%c#O^DYzYc$%4m4VmQFKixmtK9P0W)Xt zgW5&zx{~l8JA4cd@2hhHaHD`ufZ-?^+uckDy5?|mhSYxC)M|BR*H4|A3W*_EjltP8 zdxIlwQK!^SnJ}?kd`+lgl4D8VAo;ZOCM|Q+@zdx=Bc&s)NP(xWp>f!vnP8#bFRU4? z)wiQlY@CGV9^NMknz>&AF|eRijK_b;sFrx9MuqYWNvgP?i^yZCmcKW-pEAdMCBw>n zc7}5>;By>+~I9`P*b$#{p!G9+&-k^G9N7dW>VI*Y24TTwJa3NbcIVO6W z%yfhLE!RGM*;Rs1Zbvkmy0<}#tINwvC3ut$>;O~*kj0p{7i(}sD9%=Tt>-u|c|^&1 zGen-oFVRWEo@k>`XKWPxlidQnPY0_>l4&ScC(b;{!{G5&wtNYGPrhcu*VDruHy_WU z4Kl*LOq=XLcoIP&EbF#`db8pnA&*Lkh>NyqbCKInfMgeRw4p?-GDO~EeJ4LDb{ayb z2e~QWTnih2(UJl0tTWiD+AfFv&G_HmdnB9Z7fus|(`DVh zQS^Up6@3-9vrDt76X#5WG4{(^q-q8Vk^C^+&n@e9*pSG#;vyfL+TU4R1qsNh_8tlp z#Wg3U>i?{oAkDoGXMHFcnOCs&ojB!xR}!Ch)>4^RM^W_BBBmUJ=Z|_C3+HcAmUNCG z>r~$e2JX7@YK_0xL!?g#OxnZufHSKGTTG#}xVp+02!?9qtSXGg*R_X)vhi=xD|gT* zgEwaI7D~QIQlf@M^wp|_AeeBlYL%IP&YE&m<@Z<7MUO@6;S@=p-u-)n#pWN9_Ju(A zV@~;@NWq+#xG7LiczQ)tEzKIG#kxEvahItf?m8uB;ZG~cymzmN4y|RDkA-5CT5Jw} zNcKd($6U^x{qjXk^nMasfIkPnt{&S;DSb4@PQUi*egb@}Zx>bj)f8Wm=*=jm^=v0w z=q3M_S>+!K&Yj@@F#LWf+tGNE#_oGEJa>rK6$o#hwJFE(sk+dL?(|s(mKcwNmdKD3M8jb_{jv9iIi>MxD|lb;5-g z*;k>PeIa=Q7?wdhM}(-oRj^b+IJ@HkT3Ge%2>NR@WB(szgB0v4u#xl0Xl4!#W;qAzP z$*bap6YMV8>tZ*9gY;Uzp?QZv1s@W=-cH`#sGr={L$@L?vU;a)lP_E*1z%yVg4_ME zl77P;mx!MIy8ZaW{6cO7qwj6k)7%2&jIU{2pl~cOTA#nb6U9pacfew@|Jz^A*KJit zjWT74SASp=d9xWE{JUI%juxmnUN#QCG2;!g`?SSd&uZ{ZFOUauwW&`+R*cTj#O&AP zTq4#hT=dzlm9;U*OZ^|rf{IvWJzGSxP7Z8m$k7HdP{GR#JpW@S6reiP$!#Yea=^nl zm!h7t5iF;yN3g82kU;D5p|v~QPOpsz_hPlMZ}N4=W|O7XiJ1r_3G%F;%Iy!sF9+dh z>Zm@t0Jp!VHfm1B82;N!<5r6-zf97y@g^I!4C6cYOkf?+?w_8g4#H9~{j@yh2auCQ z0?UlwY7edx1ptFyCfIiSLA7s&nWf*D5N>@9Ik{vm1eI8dJ0?%N|AsBA*ZX+>!sqeE z;%mZJxw39Fg`=wszguX;;PDT`(Oz^I3{E@0`*+;uqZ52L@C3SN40%Q@j2EcW9|Q9p zU@Hp)S<#zjl{&M3i~l6-1?xWj9wlA%F6d3zmNSiV#R#!J%qhdDw#VeRf( zwE^|Zy+eF(P?-HSZKcx@zJv6-E-FoLhMnC7-6i-Wr_J}K`UwUIe9|pTxFN|?dZl0t z^yYLC?$<0i=NIM^Zg#goS(s85ZAHvp--*3Z1arB@LlYN`w-Dl8EUP(5wy(hD$X*0} zFu3uC<}2{as#81Ep+U@lSc0+Z*so=~9qNd5p}00^4f2ciW%!d-jb5Qa_fylQS-i2= z5&7;yzfbOTW)2be8UkY+xzdmqlL#y699gv`u;%Tp!(CMAS^#y|{WhmLze&J~p#&DJ zPQO;-qG8EnFTPL|8)*yOTS{_pAf4O7|4wQ=w3j}$blz}*Qfp=Zd2CFdz@)sA)dJI{ zU?JGfzx_;h_^Hx(sMhE2U!IZpGGijG_&15?kzwwwSHBvf*3vs&l=O~|lm_EPXKHDN4VOMhFb#tm)K=4eGRC=9Amw~r zR(tD5(LKXHW$iL{MA>1cBh8;e!jPZF%;uV7S?oGwlktCNdje^4LS)hik|{W$F@_+{ z`&trjB7(L267W+h!92JIX?v!>7BlbI`exZ@F=3}C)ZyH?paBBe7Q ztkfO!oec1wEA^5}0e|t3OiJH@TCIKUxlJK%>^TEC)h3}(R7mbgya0^)+U>sYPP~ND!J>U;YdiyziM7TR8wOyzt%3zNtade5}lcCQZ zUWn5%a2~D-RxIy4RIFVI*bXACaPS#nBJV14yfc%z;tej0$?8pcK|`7hmRK469W99S ztw7u7SDvYVM|YutlNEVRHXD6eVZb8l8T|5~F0tcL2yUE2~S;tZFs>%c=MKL;$bPL{q96sMtY?KL<=?nuM}{#yLTBH7a~oRXFW zx99owp<57+5eJnEC+7~$ZWMbRhOhi_QHT1-0yzDkW2ME1Scl$*#w}zfKPRV;YBShh zZ(+#ns}UBq`Fq6;vC9h`v+{@l~rV- zFSJ@IHC{d?CSIX|u-q7ps+=YK#mE4B@>;=6%&zWj4h3I}}H600s+@aCNqd zQKj!L;;L!8V;llQ@dVEEHa}Lo12UIr>Rpd-fEDrU z8tmI_NFsjBUF82IFa7jJZXk&jLt}R3dP7~rOxYus^DMTSkq9!*jXDP1JIEO7 zN76`6#}5AJBoTDIm8gP3R_-&9-R`74Mn*|ZO(pMNP!rK1xseIqRndprc&b(Zt3qLc z^RWOXsqAoP?S2%=oqElYjah4$`VQ>msqm=+LheX0R|e5{aFfgtDH9vDRsT8qN+ta2kQ{$|Cl%*_<}v3>#kESmbnWVTWsRM+!*`Wo~Ad@ zv9;^qTBDmO*2GDM9E%RQoQ_N_a%^FZ>CEHPv%6Hx^b@I)z@k+ddv%)F--h@n!JN>mfB{s^|9`!e#VG@fM2pBFk0zt92d zD|1B@pFchCv%fl$P1p&=x(<2U^@`<0PPdxEKohOyQcBW}F>ltqXe_Urn}n^-a^(8Jm*OjM<9@4*A2Oqom9-Y zuyceIT?1h-0f0&<_M4^{_-D}q~eomczU#O+L{_B4I$V|1^ilzk{=evac93r`LE-lS=vb3j8t zw0KzvE;5+LXvdIX9Xfv03%k=`TIQR`PeNMc$|K8AHs-$eYwLSjDPSh(hqSe~%Ex5a ziScTxo@HNr>&AW~+@dRyfOfz!CPq?-Y%;zm3!zot3zdp^pEjyCQTh z=giGuGfc@DP$pY9wyp7;y!o^C1-YSq?B_gdZ3ShznD$!$uG`u3PJx&KcBisM%U?g` zW3Y8gFoFqeGZ1w!tY(ZlidemoVx1n5Ei=+qN>r#ODAaCrAc z6Uf)|ex2ov@G|!&vB8<-pCR=jj0&vD)>Cjdxem=A_O7twbp_bR6(PCb%Qdlt7?nz2 zYWsO>WZCq)RDO@?5l%7uhY>(^n_%OeIpK7cX73A}B{y2e z)i0riNMH9Nc-`wcoa=*J?{*jMtRPtR$;SP89teP$v!0W8za-xst0&`$Jkic1He04N z`9;r2#EFKNMIFZQ`G@d#S{NqL62f!l$~CJPoY+bw6paxxjdgCjJc29zbXK0-ekJ;D zS`~O&f9_x1h$A!D0$ckXs$9Nr4z?0jY9#hRgteM=BmTqi6yw1SeM8Yd`wLlio3Zu3 zEO?N?g~}Y&!dCA2A>Ki(v)JTqN^ZO1k99&@VWSqCEyp>V=5rwcn`xk8aA!uI-&lo$ zp7{yM#+S)u0eK4LBIyPr%5tm15_i44u zIRM(2TnR`?i7ASR|Fi_Oy*j%(t+Z4~9m>mkm5;D3-6!ue+l*$c5_WEItPTQ?Nqrtw zM)s^Z^$!3SRPWdlp>sY54&r{({m>LYYCuV=Fxw-dZsJZR_tIEmt|#~R1mf9N{+lXr zZLGnmk!P4ZMeSQ8MXL@e9;foe_8ECgPriIs^043|<2k_Fozis9gwtKL`tiBYoZDkp zft?HD2h@j7lSRSdWzc7(ZMF|NK=RB4*K8`CUilL1MLWAU6!00Qa#3A{=s4maF&ple zgrEhTw{S)Xct@l(J%B0T|FqorYXfh|rO*}_&OuYEi_cL&F_Vwrg?cA5_Ixz9+nsaPfJ;fTSzM8pOqFwkBt2`tp%vPO4NVvO5m5XevELL2*|v3Xsg~ z6DoNxtxgby(fUeuU09j%!*?F=g!5YV{Um}hR|uPk_{i$4nAvKN>juV%FS9pRX`BBG{{X~jHWJy|c|-g+DIx{nbHf?X@vtDDNg z3^3TKqm9E_-<`USEiL-ee<+i5{HO-;_4tlrg*oQ^<(zD=?|Mn5dN(b!fLsqwfv}ts zc}pU9jX#V|z?E-Olp|Vc;f&U6?hXSuvTbZ1%Ex^Tqs2xI_%mxlP(V z>%XjNXP}BS2J-CMsS)-wDB2+8dn+s1G4_Ayq7qMQPlZ%hO%_el;&K zTABhzKJ?$Fe}Bf-$6p9S5eiy$5E@<9&Sa6&nbE|Ro{4RD$9=^YjG8nyx%TsL^IEkx z>wWLCO`pX>xaA?(3XlxsAFk0e6PXGj=^ov-SmRrC!QE2q2T_2RwFaf#LXk~9eS?*g z)6@t1sY!eUS2*psV{d=`O|LF@|GGK6_}ue0CmSZ8wR>eNn~I^XEX8!%1f4NMHhiWk zJsfba+Jm9I8QHCBN@#peJC!;~OUu%>_wWBiFCYSF zA&wg*LdTig0@~_E?9SW$HwU(x8uq3}Ab==8Hh~sZuJc?3{z&o&0I`^Rl9Bs`4OMQh zO-)CnqLV9VqCK6J_F%teO!9aDCtxecN6|9ld#-Rmn_C8YNqK)agcw> zZXYNYPG74)zL-wD0+r$rW8PG>RYOkHXn|VOtMyMq2@Ny zrGJTlI7+0CO)_F`@c0Ybor}cCtbGiYD_o71*cv_J09UPXWIy>923|WqE16r(33fkQ z6DPv?$-w9Sb9`)0f&=%6DQ%tByziWsCr)y*QzrD!P|1SF_p+mwd!(?E6vGsQXc<|J zDTk@IZrEt+n`Jz#PmEPk_hf9%>w~@?e`nSy9#Xt&=GHMRed1#%sEp0s3PGaB`b~`= z2*qlWkJGV5cF3|7?c4^^`5aVTzve$*(Oc()Wh4RvsMT*XVxKlPpMJnxyQCf~cF`T{ zH$aOGVar%`KfLFKWRbG59(b2s2A{2FV?Uoh1I?bm_5}O1TSSZkI2w*G1;3&Jzf zXW&R$QaBhYJS{i%rkS#c%f^s;9OpHf-jSBVQ#wTAg~FiBgV{sVOV&hB_!ZSx{X4G^19bzhJO6GoB>YaOEJpN5 zb59H*yDo1Fe=yxo^l6Q!Aj^9{muuZ&$UBn^E|FLTJ=-=v23Rd#(^89@3cZ8_!^=Bi zO?@bt)TiUdKjAxAs47}1Xe7DWgn%G;Pq_9sY-_Pzz5%;ne1*C48BWc+(^avLGa#F4 zzq($A^;;wf6|1u5BvwmNAwn37lvO0)t8xKQg6Y*C0 zCjD&b619x>X#E#!C5zxgN^&QTg07-)bFlbmOmzE7N@FLuq9z5)$(--kCC)S4;9WPg zRbuIk1jcav5RY6zUt+{;E)Uj$D`>o5VhK23!tyE=~0+5^W4Fv_$&X`bY;r`b_&&h^Kdt&|P`kYND&OU2J zIP9ZhFGO(+ngWB)OhI@VxeId5BveZ8c}Aw$v76x{me?MX;PrrBepTbNdL z|5u?e@M4ksZ5#d-zvFo;2kWpmrg`QK9N02Q-nl?0PbljLQPw~x`QI*Qyi4-elhTi+ zCgB#^W&e_qI?dJH&{|xDjGYI(zE>g*Qc2>@8E3d(@Qi*s7P=e##1foURrmQD)d-vV z71HKY04U+>!4#e)aTB)LBf&9@_y|?2{?FKfT`z;(nnrRu+z)Hx1w%@wA#1G-=U9WE6iwS6H8$t98~>zS>= zFjVeorc~b>cjw2iJN>Eq@wi$NOk4|b)4{VoC+gvqU9k#7F728tdZpi69-TA=JHajY z>80i>o#Q9KEBmBMfD1mQtAL#Cz%2d5#n++qC*YoFKhWLmvtgt!r@$2BJzOQpOu!{8o&P)l7Sx*;C>sI+hiS7E&x?XNx{hRXKg1GSQBh;X1@Hkl zMgV1 zQwZaPfpg!8cyDqf%64}0ig=tMA&94N=2@d({N=L)AD~9D8JGb4SA*moG6N+&51g4D zpN(l~KE~P#@_ed-9P-`0Z3EagKNk*LTidr`U6r)enwEE=-_Tpz$or;)p@&_rZ&{20 ztYr?VBjpZrY|vUJiW7GLpY^G2q{zR&kcKM7Hn=*nHvl;|dPM9f5f!b(pg8Cjg8aq; zzPwuW?}EjUd@@)9^m8_BC%xY;+M{C_in`!!4ZH41SUKAIQpW$4;o!&os50FqhON}a z+ys*wxlZ@USV$a{Z}8iYsd2%1m|BV2US@@GK&LojS0?6@`e13x&xqS7tFkPbF2}6i znH7Eb3m$&Z$3|OCe(Hu4k-m+M#ecE+xUYyphBgPxl?Qk!GL`u2LetqOZF0V8&5+!k zva?zcXG;l5j<=bSP_+}12Yn_9&f{^40}TrN8}NokVZx|*Czn9MkXRgSw|9DiUiVGb z#=_22v_ko0hyt)}9cb%oc#d33|40#|vqn@Sv&{IZ&N!+7=E zgy{h&Chhj!r8*dFV z>384>;joAHM43G+7Vb;jy-=qwt`UFw9ETVtGgu6kw^CkYp7SqKra+P&v^)G5=|hU=FCMv*sHr~k?k0r9rXeaZ zi|9DO4vZ!)0U2=NKp~0KtzQ8Qqz#egjj2c*)&Qtj)~S$dC$c-HJO^Sm*%tuFi-Zmz zbcVn+4eq=D+yY2$-A4{G8K2`EW7>8jBA3e624HhJI$zN z#y9E+>T%a2ZIDQ)`Rv%GXE?`o)NpHQmhjDmo>(-idDMrS<8|_Jw2%Aji~?PDirtI% zgHpg(6)!b6{Yg4EYYqY8j=Gxd{I$~~;aZ)_yau(+--77%T2uriHqttO4Jzr8b$2q7 zH1@JCTDq*%c`Y*hu2UxyqvBO(?i|P47c}T3&LsbpFw;>5Ij64kzGayKGV;Mm2=)7x zKVNARih5QSUI&gCy?dqZ@a#@h z@hRJU5Z;!dRyhH~syU}a)_0!dv0!jz?DK4nw1t1yi zl5TVDj@&O1W+Cb33nPox4%V^%a{D`Bf@Ab_RFX6kxpHrp8G@0%w<#4mH*fQlgs5}r z@Xka#Dz@xci73#>CO_tfr_TjnjcTLV#c8{?_sfiT#{@ORaYtf-j(Cr()%n?zq;%DS zdP=K)o2ojkq49G+e(4<3QhOdT`7v4{=9iK}zFoOXgMJ9M5FrB$DokfzAEZ@&?9xlY zrifvP_01iBY2NlQEHL5P4yC1buyWM@p1adR{9K240yfljDHt{pWlDC<4?UADUc7h& zaGhP>Sv#&cjXa-?e1UMcM#GYQ6`cF-Vn1)wukACq5Z53APrBc!_r1_P1{w{f+A6AZ zZoAD7i0m!8OU(B^?)}Sltvh2@9I=xd%YLt+(9DXEWa20!Q;jb68d0*V51Z5^RhIXD z2z^EWXY-|3N@WCHz9`QxE_c75@}aTnRej@F89kwWR)(Y!N^(EEsGldi(9R90kZnUtx`g+@l5XL)2!66zrY2>_4J{mAgIhI7&OCHtF>)L#b9b*BK-v& z`rG&d5R#mN6c1LM`$||X%vwPI z>Zj1NxilB}5ou)(KShx`C5WQBY`$T&%2xQZLL+9`+!E=-P#}iZa$hJ!zDalDm{TL% zK)jp&3W{TyLJlQ9$C+ns{8Kac_@hO?cK-Xkh~+%fNfg)K+=y8Sgz;6=xu7C&95FSC z*N$hMl>?t_OmZFwf$01H4S|FiSvJ0QMDcfrtl1R1_P~xLUGxFR^-6dE8SWY>(N^#^ zZTZY~amM^#R&uXo>i47X%P>`uh>sERusD%PAB5FZW&o~R_7(Yy@SP9*WVJ%X0xw40 zBQ7qs4bI4~a}SV#aI{L-VXyD4kvH81qAIxHPIzPPDOqmXub?2V+Ez!4a|~KWFl-$H z;d^Pcw9fN!PZZgHrB-o{V()VpD!|n?Lg%DHiUwR2QiSIv5wdg))w(`+5fCjQ`H-Z) zg@1L!KB(fh`h}_D%8hCyICY7&&ofN@5F%T9(Ebgr&Sn7pOBGXhxBmEfjHco@^zWTj zdpMI+&ekV<$nAk%+dV?ktl<2G25$Cm9_@HjC--YwBWn9HGpl+*^9q{wVGv$$MNOUe z@?|;{F9nva{4L@Mz@uzMh_gG;U6qkNOVy^WTm0_QdiX1ie+!`N>O4*Pj~$<}ed(gr z_H+r@qXNWfLUoU}bLCf8-%(t5RC3d@;-3l-AX1_!mvnpY!reZOz>3YJ=>nUWaKH;uzTB#>~!eosKEcLXcsW165B~{N;StVY11GVHt~M{MPENaDTwFkF?r{!WQf+`e1YaBYqaJ zoO8vxbG-iCwLk{Y9{RyjiraUV5z50|ag7GXb04;EhEg&@zWk6v2nQnkz@X%L__ST= z8W6ve@)Z~EkbHRzjVPjb(V1hdmp;Pb*Ntp?xzM&Ca^8)7J&1+qLWvAxkY#s(8_~d_ z&5sWhT{BeCS?+U>k7u8LP7h>miTYVu|IlxbpaszABMHH>R8BgtDx-{97ON#i6I-zE*z6#jUf7^ z45?PGF5G~(mPzCEGdq~>{*6#)Ll3%;9#%e;IOdDg{reXCI?aWn$`WOb0jN)g6H({m ztrCxaZ}lSqwWKWAMd)7#|0p8OTjygjuFc2SA&J ztRw-p$R6~T+xjJiVLRfiJau}nebxUG4;BJiLiApzWS~g-^V-b1&d4zX5h5d1`kjT^ zJZomJ>qiH!eGBdc&Vny9&7b0j@+H!V7SY=#5~+W79yBK(MofC?7#E2)SEGT!n``y zHGxhlS&_w{la@s#Ht?7PxJc));MB6*2y~H6fgOkkFm5|AZ42)lL~vRW#vbT!lO;w( z3jL_&&H^;%wFuLDXH_`($xMAvsyX$iKkKfAhd_M8oZXEtrT#)--P@Lo-N>^=tDlgr z$0~ypu1*ql|ME#&ASP))Iw7{VdBehYn;JA<8(Nf6IdBCIplIO8;)bORVQHmSwaxM* z!Qyn(?qoPzGgs%FedUT*8!uZrQ?lKfWSssLhVR7sMy~mz?X!OLLQ+AOfU`wXzU_`} z((s+!?Ugsee$+^7(>`so<0MBWEn|iwu5h~9snK>=H`09J2zUB>ZG9wJ@J#Hr3aZ4B zFHU|lu=T*0hz`l-*5hFOaUr}ihi?)@;HzEc0?Q=Q@}q|sVhR3(1ZNb(*BU9)bfl_H zaTG6z3|}AQ-pvR!DL`K51(0lmV2kpOEteFl-nh#K{ZAjy5FS(v?ouWH;%V6YALCp> z!Ah0oe-H~TBjhE)P&{{#!bKg*nBtghLDvAa7tWN1?vT6|b9liyc5_X?BR{hpxvq$& zbOk?gDXuAkSuR=7y@c>c%BSWBb=!4CaO3|ysQbSMZ|}#?70>?P3uqz*>i>O@`_b{X z_&Q@d^5_3P+dXkVmfuGIhavr-t_Xc%wd!y4{tGj5{b)24& z3wbh}yeJBeTzf0IEU>@(_URj=t7%>z14*gR5T%bh zw<&&i+~!q!Y8iKzlRTR@6iK01L&Dsq5rP+Hl?`fiTeTnTya+s?B5A{ z;xG-`bx9)Qzs^T)08^}jv(bJP#It#sAJmcPZfru6d_By!6SNktjTBo>Z+2*>PJYhmU3vg3aYE$iP&0&iR2AwN3X zhZI~MiuXbSxJqh3ag8Epl6g5J*s}2gsyuMyAURGp^D|{10$h%2|0DVY6jVFSBG;ku zZ{$V8oUkMx63N$&!$etxA~!Psj^t8K@oeI7L6|ZG&@ND?&U>zJ^SdB_x_9SF+^g@7 z5K-o2N~NHl6{?v&A`@AJ+h#KIB8q|T{>~Vyyt)z5atN(!itTc5&Wcm3?oTiQp?8D9 zTMzHYav~n@vg*MvZHKuIg_+WGINI!zz81WgJ2L0|r&fNb|an45k z^2Iq#_ib`6#Jp~(&_R4bm)dBc4*MOj`NK7*kf(viI_>+>7Qd7nr<&wbBhD71H~1?r z$(AYiVjV)+ZbpQ?=AOUTCL3o7d3#1Z5)Ld}c2vss7aCP7@JpY8M#;J$;|(waDR0t* zhn})<^>zpb-UWY0a1XuKF?7vn!xUl>iJ`7~Z8S*yjh|wyaDK2wgc;NwAV}gsAALrB zer2FQl<=1P7uuQxy#w#DZ&ymFlR7~1Opi_-iOsvt4pvFDgdMs*R_Sb}mpaC9U3S4- z3exYAeEEYg>%>NZHr}Qb4R)u`7xl5`tfn+JP@Dk+C6*$RNnsA#ZhB13^d=iER`LTx z+ANOfwqWhhPk(dmF+!I9+MIu8i>ay!IN>3FK3da!A-KwXOdI?rR-cZ9=or~Xoao$u zBk5CR0A&#EVO2)9G0-K?8eQ1&z38xNnoF^V2jbU<#V_0q&c9(YM4jth(DIK4yh2kq zw``WRQ?Q!(C&@@gf@hG{I%cMO2(Ie)FDjZFu-dLcKT+aHBPgP5+vXp#Zhn!iCZ`MV z(aHxg?pGA{#4_ixFN(vguhV2{cMJI0>(_)+J++qv>J9TO&qUSF zOnUz8`z|2qSyr%r&+G`3VG3yYB_@Tijcx<#qQm<$zl{noMx1Eh7%BZT-Ii_Jz79iM zO1Ugnzta!&Xa%=$tptA+_2{gxY2WjvttR<>I42LX|!;p-s*U(L` zpw1leI*7whrN!ghJRiNnbAh1wTc?MIjukrIVrp@yH>0B_ z@bXH$Om+tiJ38cD9bR}m<55i+#5TbNf6ft%Gy804y7Oyze$NK~nDWj$tKYMTx!`s7 zgrq8CAe5Z}Q>Cnol#yA`Bj;y2eI9|j^yjkq$phc_NO3kZ*=5jI2BwYKv5lUu(XLIL zTJ%^H4=UJQG(?#8Dwrp-6B~SLyoWs5D`qk|-vYfjd80P(j7CzEo%C8UTK%XizpT2x zr|zgB;!Cnw$tJhxSV`gcFwLyq641sQ<%!||p7HNn-Tp}zUzmzn^^H-bzQVFSpi<0SMJ8#`1flF0XLI3T4lu{dx$V!9GfHC{pY;i^(jw~-Ru zI)EUik96vR0IEQ`abXtsz||~#;_lzX!^koH2sV|&!cbQvpptL~+4z8=ucrcV7c zV3JvnI57>qwmLgliZGcV%VM?+dp^OqCXAEu%`0X5`h96|f~LSnb}U$KH8DneGHtL6pzuyW6iY7(7_o+u3reQh+DzI0NMDSXG{jXHN5 ztAp3It!?xA`&+E&YxBQ#yc3!||NC669Sck#EZW8QqwFyKRW>3ueY#|KxTwt(e!V z(^D%*DdLh5Gg=F%XV9DD4{ttN^P~i4$1wa(5j5-gaVCgyE)Y! zagX+Ip7FW`6NW!Z)&>;K|6)ywRBRLYINRGMDe3iyY+b`sYKZK2w-ZJF+EY^^^hs0$ zb1P!k6%w7)bt`6Z;g7VLv3D|&n!kSPzrtjF`JS!Ti(>cyt7wz~_JJu%Suk(0qi%6J zs=n;#2ZB)xP>%buxYD5X6|C2l?&_zyuANlnOpR7{<#Rh$DxcL0%y$_tGr23w^cKg; zM$NwmC2@X>Dk*th4uM>iC>znf7r^KHRe^@&vu+ng>FiixwCgu%QcD8@h-~+FO63sDQb`q_ z4wHV8AUO%wK$1F`B{S%j!3>Yi>$z6FnZX}HgCQ5~ithH0B0QWWQI%e(uOkj)z`Kq( zIuWu^;fU~w7in<(VM!#%W|Nz~hV~-(^EVN5hX=|!vX>;NKx35#cl$QjYQ@4%hZN_!tMZdaHI%rs)CR%OB#H8~jh5QVB+W{cIjB+3mBV zlhnLzy4w9R$(z=Jo6fzG>@>g6M^p*Mf&J zTVr4e&OPEG#Zrkf7uMu+F@3EBN;|s4?uF)Jk3NLPIhgJ?-gsCP72_89l0it|g7AY)D1y1oc^_Dt$+Xy9h z50a8HChk4C<)H&j+!lAgJr9%Dvh{2-_e^=&14QlJWaN`yuU1ML!XBqIz49Z<%b@U6 zS5GP%-)0tP3OAMaD_+_(|2wg26lwQ%K znBV5xo%Ac%eN_29L&qLJb~@}LoY(eg>^AIgnFQorzo5doctRBX36ewy-3TE&0c>Fn%wR&&<66zaz(Yi%*m0b2PmOi}n)})m0 zAC&3NEaHcGfnz=|-ZetaDiHi0(55lg!=I_7&&Yb(PJ-*gbU%tJFU@gr`k^1k`9ZA# zBxgM`y0P^L(t%zq+d=*1I5X+XvpRdv!|VwTQiNhKuF!i->pq`F3__chBS2$2MXO^1 z7>IW4z#Dlf)0LCgR+6I@_=3`{3W_i?8}|c2urps&p&M9J<~cUKo3Uto=BOtYb{LXJ z&D0wDINN;iN>!G&CG-z}H)+D9L2NCd+D-(XMsT7o{#)|np{A;JO5Sv1kKKFiHHQBW z)Icl0t8>=KUzE~*Y7wVFbI`XO5BOSg3RG%#x~ssE_l;{B2ERs53M(VN3Sy#ZrVp^F zhnox|9-u4%MB^3XCT01C?3e~L%MAq|!Eq7G4_xsmRSqQ#?cOR*J0 zHX!yd%x-h;&poP5G2C~&t0{^KQmNsV?pqsk}_3T}lr!jn-%6ejol*q}giOrfmr8^&52+{TE_;Oe7C8 z209=RCJ`)1+3AFAE@RsrR9%jZksvOM&D_C|dQ8=A`Hf2;d|mxwp#YgAKoUu7B7iX zdQNK7;zYjj^@jkGQdox{y-F32bo8RIlI$wM_#m2)4tK$YH>d3gKuyS4J<)_ouobUB zMxxbuZdH*_R9hx6BKlfO%FwVq1i(R zkVh5LgX$D9x4Pu`kznA8h;+5eFU&JEdnJP1L@*w3%PCju5)BTf04ubpfFhNCC4?>Q z1m5|Z=3r`08mVpiK}AZ5)Xxc1LxLg% zipxOY%fwLM!zqMud%G{37p2gmNwT%Fv=3+; zv_MS9>>P-jCdm(_CL}O5V(F`wNO3{!P z0HU}p#0gGsHmv|Ea00P=NUmxIDYGyUFd1tD2#AThhv$;PQx#SkQFPVQPD=(3DwRMB zSx}&ZMM{G-ZzNSXGz!ox3i({U008$u+JpciBau1(0Q1!`EMheM6cZ_odAo|3%G=!H z1x3WQ!G2?lfGdNFgpDjp{z%L)r?fV&{_g@ZNeXvW8%$x`K_^;AdX;CZT|pq zGLG)o`7tv=z(MI-`ITkcXvgd-I;_%9v*iaRMsNnwqvfv?&;`ibE%^KbZ@ctwM~~(N__{ zbzH||x$Kh3;;wfE5LW~SIA`AwUNiWANlsV@qhyBYEabQ{bYa7kb5}XO2uzJ7G!v5@ zC=#*}9H1;Bry`+zUCTG*hr46HbE8O+N|6GgfQbbL*4$IqUqtZ6k3&ljN)uXWphcIIT|s9eywD{V4F$AX zgmM6EA-EVXcoo*b4Hm2dp&M-yPGefjWhw}=mgG>I3#GTr0Fa(KOCZq{EZ*QqUc=3S zCSzrVN^{kNw1ZhvmR&L?*8x9N&2L0c*EIXFDEy%p{N5Md;!f3q`j?hiz&Nxu z4NgcS>Xj7Gi_wFq;TV1=;6@jRu0?R`z}T^6U~ls_#drA@Cd6UHKJplc1S83%0~4?V z;6C!RDhv_g{{U(n1C>GSPs{*m1Rp>L+Ff)nt=3s~Yeb{0f;~9iA@It7GIxpOco|PY zypqPia~fG;#nd8nn===VHA(xiq}j>hl1W*cWt@Uy*3{$h%LrA$b~Y=5hXLP5C~2Wa z%GKz0%AruHX|y0d#27i|W1eEvqOF@1b%<>utp*@7a_xt@55M?-NmV96$(T%(!kIS} z_@oB`wG07Js4b{~=wM)Dx`xJq%&Gz@bzqV4Us|SWa289tY60e1Y$e6Pb0eE5pmBy7 zKg?MMgoMQZ0DsPqJ9I8cSOfl3chph?Fwnwg20Rf(g0vV+yG{}ut$Bc@n0W(X{{Z1w zdBK=fv?j1tHiU$9g}`Bun+J5z?W8||tIC(}5hQCzIat7C%LSq&#C6L6AdzcI*g2 zr!y;F`@9mCLY7cJP*o^d*jO3_CLqij@L-6fVQ*(l>F5KCX!HL7=bM=$0;EbHti^X* zmbg4e!|Bu+<~zakMs{;xwKv7oRTU#G_Rx3M6=4cqYtcZc_MDWe{#N&JCkKgVmGeyiiuhA;!WF~(~m+B z7du%C^UO(Jf)=^(-hA;Ap`y?n;;zkJEb|r^IhmcS@m~E#8!8;(of^rUd&JaJH#i?S zy?Vs=R-nL@O7z1R?eGf2n1aWvoF>Jl8c`kWG+OCd=1uIPMc{=zleMnW))c zAg+G#YZltnbVjjGPTYo--5@%VEvao~Ye;VQ#34 zn{{td&=Ii#^ZUl&)T`)F);GB2ObLD6@!}X$wu9J9GJennB9K~Ys@HeS0L>bDbxVM7 zqM&@$LPf?ztIlB|A2EBcL`qP65K5Q5xPv+6RdIk{c835PV757kMvb>{p+p|oe$d-3 z%ug(REce*uhDc&P%LWQqn*Dzd>3D*^#fmPbQ8=&v05`aa<%WXX(1E~z`G9DgT>5|p zuA0rC{^M-a!VHjEzi8?XAf{~+8Dj=Yj^&S-GMdQ&*!Y&rU8o;?ppvn`R33&P218Mh zE#jl@P&V}&K?Ix1JQYv8T&_r$uNy+kM=H|#T*~kxS$V6*ygnr! z<%u@CHZ^bi94peY4b>M$MzuG6F4N@Xb<0N(TdQ%GvoQf00>nu}MdthC4 zwM)Cjb=4jrxIKt%wGTX0u*Cqp!AbJE5F)G_H|ZV-77JF2 z_Z(Cxq7H>>jb@bjlmnU|VYFDDVN4v(14HP+v36a-h*f!(nzG8XzU2VBoaV_$;smbX zUp93(xz?@zAO2D=>6w0J6E|ClsFty|VpC8=&Y-PKu5kpQr@`3cg((A?d5-$e!bAC- zk)n^d{7v^9^>t8BlEsznE%}HB>@I`4<~*?>2;N)IR(nKrDG<`Qsg2p5vk8M70I&iD z=bCQ(M!*mhqn(=X7TWO<1yN)i;BdyX%&lQ0X2Or(glcF_-Spy9#z4Vm5;}Flin+0(uTIQ^mCFlP=P%8 z!c%W>hwGk9eS z*x{wqX15Z_(h#KrE}gg3)xNf-O0;doULI}$6=@A9$q;j8z3Kv41_w|!xZElMG76KC%ha8(vru6k9;r*4aTVKiuKS%x|BlZ%x;6jolO7&%K{j^isu9f zOb>!|$FZ1=0J#F`D`%XKXx)C%mb<@G<9yB3h(Sei{I@SfuXY*%%by5}+z9sqSZch* zK_Vkj&OpD2f&pAC#8pVN%#!BGNjh}zQGib(Ek9Uzu}j_L_(fV%tM=&l`BqS`Lsa~G~Nfj zp3=#N*wLT>((Jp{!WbF@#c_p>71y*?C0%$5f!`U6b)KhXnejmC<2wEpc)u* z>k{y+128*7kwq1l;5bUq%ailP*O^1ahaMOP8It+TaV%+~z}I_^d5dl~7Z<$suPT~q zzO9=f##uMCLtTa8xC+>IU+#WI~s#a?29!KpHot3@=Jn>oElim$8ZCiBN>G1I_%c^{?9{r`Yq8EW;>j8te zdxlml7ZesyZJde(8Hm-};hrzVpz{g`41*^1tjzJ4Gz?d#l+-LCbWu+(^8jmF!4)pX z^~QBIN@EPkuEuiWQ)r@rbBDL=;wc6iCROk44Ac`1couA~Ukpi#;0cXiO7XY?XcFEz zKXeN{Y`J-MxZ(j?intb)$TPAn6fzqX#;%sr4vfsmk%9dn;e4kaKGUTcY zRV&SG4Aq!EYu2CQ0X9I(*n>b#l=D>l%bG5tzn{D~jsX7vlrCV|t9;*>X~P+E=q76= zzMVre8J;gRY@Ge2=rKhsZ&c&=f-`-@6x|=w3AVPD$7jdZ5Qv1Q7kTF-r^zt~LW_m? z2YzKu&9la^m#7{fL=gpRr|gOiIu70_Tot{;5CO*l+vCi*=nPE;f3BDt2ssn}nCe#| zw^m)}$$34YLFv82d{pfyD@Dj=_0AHLW|Uc@9z

      g{W^ePqs^f(GpZy_X2R15ts9*+e`x^rjJHW(EI7LfkBp}%;$Xz6~a zLQPwc&>IM`Fv1ijOm{u|A-(#a4dXkf5Vv6S0||Z+7)h^uVE5C0R-3#dwVXLw$y|4m zvLY*Ziqcp9_SSS<3g4Tybps5olHE!}c3iF=FAr3FzSeJOK;9nWTHzW;0StXs?XOcE z%CdgiDi95_2y%VY9q9#ghY+-}Jb>G6QZ<7GtTicwd2b;Y^S~&z-|H95<&bi!b^c<7 zv&Io{)7uI3(ikEw&Wx6(&(d^=uw;?CkK@Csa+8Y_oh zP0Lx~w{lfV*1A|?to#i#f7(B~>|qzbi$zJSNw5$5L!#a6ZYkdA%*9VXtIx0>!^;n5 z?v@L`6jRw(?B^3VOg<6HFamd^ZB)&5?bf0+JG+@ZJJ;GNDP$3Wb;@=jT^kLUQK(gI zPn-_tDoNhv%;Jn3iTmFRwY$Q)a{rF~-}D~E!Z+Yyg9NDyx!*!*6%$O7q|DI&Rt5m| z$RmI&7k<1q#r!`0k%Lkt?;c9d~8X z3QA)i&V4hp*6{6#0G!$u)ySDmKW&jN#dQ6E1?NCOb1!lXZz2irraK3iZ6f>?tA5(# z|2zyo=Wu>=@FPYnn!rt9M3z)wCa#aw3kzVb1!g|r)Im~a_E&oRKh6E@!J?&mE3~Ye zw%`c!D6|Hy)ab}5exk3}oJPWMECbZUnRSvLKdb)Fp0Nr0Bf>k4giu&CWEJDP^;Qwh zKMVvqvtR4gKO-{FtSH$20@nt^y1C?*65_`WsTBLHa>=9(4mA za22k4A-qEAcBNTi7f@vz01)e3pd#k}O+&wajlLb#eKy_V{&!YE?{mlIn*jnCc>EL` zOd~oYoc(<&?b%;OyL(^S#;nzBuOaIx_437g`(UY;p3(68bkvS8_o=z|41 z4gwzlst6zk1pvQ@q(?2~e;gJ=XY%b6o1*QL+;#?us;ITN7BNw`ukqd*b^Y48AkVrE z@-`6$C*O+BFI|RZJDGR(@9=uK@5wRgB@f+84Y^RJV$3g|1=ZGfXjZC}iJA};m~WM= zb{}!7z3g}BqaC|f=eCXzag|na(w};}z~3YoAkfX?46i zwlHPOED8{~1V9Z&w3x(EyP>~n=PzD|cRL*492`Xtc9cM%5J0j(T?=RlCoYVL@fdat zfBK6y{`wV4`QuoM-i|#BAfrx#GYzOf-z0)%K_H-@E36VO(c)X1D>f1FGxqUTm8YJ8;k>eAO$k4_O=eDs5IY_kOS7fW+&X2grgP(pqMuzg?$+K0R1}X9ugMXSWq3L4M_e5b)FjWO*fj)U1 zE|I>QcQ!EM-pL}ZV!0-9)c%jn^M!X>o(gK=Bm2qfw_Mu1i9)B zDH9O9oo6aHoH~4(M=u^gVQAy{*?_kmgJ&0{Tzuc!Wo457(BPlGa9MgJz-{S46EAgj z|5y;}%O0pU-#N{)Qy)%Axq&wUN|XC4_fH8+xtbUE>ig_jAOrKw7-s{6t@>pc4NTet zEI@UQ&Wuhw0YyQg3sHjv#_VS)vp68=fzQE5=fag38g3d#Q(LIcFBaT1Kof~x_&Waw zDsv?4oYoJ5pwHH^XvB7q{Ubhx9hdkq@=!=WTwH$mgP*s){2DQ$yz?iMdaWF2(a~i+ zkHxyaAm;_qvIykCU(x$xas%x(t|qX-J?AtGjGlqnr$XpYBuyz_STG# zHVlu$=Si|9rSUyd$NJba59s4F-c;Acl*RT9U8s9e*T`>`5eX!EEh;#yBGJml~xwYVuM@9oYxIbG6C zf@Itr;4%>D0?-2a@Cx#@x5j?8?_4$OM@zU?);qI;()3xqij&RSA-bYU01(*Gbxdf!}P&sU7g zT?6>w?iIpUyCwW$NbO}6Q@RKAWft06>_;{()h8!-^$(B5m|u{_D8A^O4r++}*!gT* z7S1KK470Ot)JebDx<5a4JfeO&Gkb^~PKbB@M71K$=P8vmPnOAG>AD_?_b}G^@j@&_+CK{5 z2%HDu^L^YT6tobyi-iP$=Nd*VOq{tRU^GDZu@;c3F)ZoHj#m1^!#{sPJ(o3~Xm3sb zW7UXrben`*01lo6U@0ROuubmDm?y|wcpZkm($WY9z5HWy!;bb&71KI=w~Kz2yPPk- zZ7LA6hh|ym$~KX{A_2_J{7fCesnM+|s+WtZYy!SD z^^+Ua`Kr!Am*p|k(4;$9m|f z)S9XZI~;;9zr46q$xRW*Ld+}wl!QmAKt0uy*z*l;0b@9vhYit%I?rR&0+YFa+4$eS zpbyO_iXIk$04PVb-8v59Ulx2Av<0x#@XQFrFt5LD>X!xBq#;grO=~i5fJJVz5CG3D zW!s46@7f7}HDg{|{?$O__H6cv`lgSpyRmSkq888{BC-buipZYhe?;`lPXFY^B7XIc zTGk<=^w205M}WNgkwzZrzoW4UP7uJ7H7o$F#e&W%x5x!BG*Y4mlpG$=l+6Zq|D=Qe z@R4Z!0q;AJ-NtaAA!-Y>{`*Q00q@v=?;AS}4NWfb^Zz@U`$R^ZlRM@K(E(5ZY7IBs z1PK!rbUa#$WKN*tXuO$U+D7Ug)IY*3@*21;6@G;7Keayb3P!>RiXi({{yQ3s3)Tl|z`Z|q z^l?D*gIg;9J6)dghtGC%(gC=cqt zmj`MKmnYy^GJ?>6djl;I7}<)2VLJ)1&~>-$Us>S1dF(@TL+=DPKOZD4(d(ML^}|Ny zVndS=et!JFavyZ%-MIi&KwT6l+lDt|kthQu*kBy6Byp6&afkdT@B2>`7b&-hU-hHb zScniJ4<(4~LU0E<;s;p>vIM&BqFC-jaol_RZ@IN$70#2J1lGe3k2fG8yKTOWgZuW* z#AJ%VzZ(b!8Hn?|=RjnRLh=N4U-xN)>w7rd$%TEow14A2rg7dL5nYAfS%rdYghmYa z0bLy2w+YhH#C3^Q6z>0v2>w_$qHB5&&Ld(Ta~UH^Sb9d~t98I50EkZ2zWi4PGUhCR zQ7tDS{txU?gIkGCzbv=7KEDAKFz(}q5yQWiMtS*|^9rD*S_l}uNsK^v5lpFYYR(%u z90tUa5&7kG^H?(K6f_51awM{;Wc&fktE733Fu3~H_%N)+Sw`=8lOgi{k8Fb9RD&0{ zMDSN6*R<9=8zMhmc>m8ETLgJP?<0cQ>ybS;Tf{<^^(@#H6y^`CmZ2VpXKP=)8ksqe zfO)1Uo4rghMDUFg!cKc`-1xjT9` z+CR(6?Vp$`y}T-e*&w=oa{m4AlYnYZm*-d8nm_3AXr9$90WcB&P4jz)r=w|?%cr&< zI|-Pq9#_@PxUZm-S8(Wav+WeX9Kb&YoZ81Tnm7%@Yvwz~Da=sTuza|;^nFc>pW$HP z{8P39u1v@d0$^x)p7+A#PN|Kf6A5`G;DU!gOI4bVXNuhf05VAY#Rz&GW)D5Debml~ zn&upw#LJ}Tb!f7G`<23}+82T~`n}5jUC(o2xrNbOS%bj>9%T7F09mU20Js^|00bj= zGVQC4p`$7AS7dH=PVntZ*kq7U0#C6wa_A-JXMT1(qu|mvo9`i8c^+vJ7`hyfz1m_p zoaN|Zp^B;4abvJlS4HQZm{@UH_h{1ziOdgmNmLS2l8dXX+3$6IPoJJE#)-%zeWtiL zy=B=M8r3FWKh4s(SKbUM1-3Y4e@uKc2pG0k_ect8M@KKO&UiIA`;xY-?1StOQsP_Z z1f)%=b5H~cg@Tq(R7!_yp(b548IZCsjnGC4LN%}A8Wkk(>{GBfs-N~i!qT$fLw8cF zZ)fa;T|@LC-{c&XPQ~C&Ct=X4T0Um&j8Q>64udyj%~E9cnf?{00bt56YqQx*TniZ9 z#=VQA8CUd}Kb1IQ&T&RHqqU12lan9baJtXgM!B`Lc@7+DmvzoXdQg#`N%oPR(ml(b zk4Zhm|1lbBt|bS~vT|l0Bnr=@5j_n2F6(jS#I~NNlFe;fM#d~0V+2C8r7dFJ-;6lF z?QL1! zI%QzT<-6~PvaQog@yj{h^-tM5x2Nlw#G2eW-YI=l7vuP-fv0I2qX3J;82KK=>%4gf zjj#)itoqaA48$%FRayh#8VjcZc*_KedFqSW)_#sN`wxi~jo#>Q8NKL|vwdHJ*rVmC zcbiWQmT;QajD?!6Ny~$612)@^SxjM5_Pwa*c?=F0`HQpt<=ZtX?KNdpYg@d>XXMBA zwOzuHl1`L_CR1H=e{(y9c#qK1!rl>?*?lSv%NJ$5DV}{<-Sz%szf;y(q@>{(#k#Cy zT0h}Qm|T|4aj z2~MGEUpC%*TYHHBHZ}@RGMAWT2I~sovvXS?)j85|snyXUsun}Dm>pX`bf?<#eVBG~ z7Iz-Fwza$$)&*#Hipil!IdKcme(P&>t&`)f?IHRGOB>ofDk$eeYq<5T16%gf%qtA= zN805_=myHrUZScTQuzL%q0@Lz63%_B%0xO~$>=!;fwHn01C0X>TAymnZ6&hP9L%M{ zAPJOfr}Xv%i;3mqGIiZk(*@Ji_D!iYabB#h)l0bo`4Ic+j>V)?0e z0K^URr#DBe4V)=!54~q;Wkj_cGq5fAaBXGp@KM@rDzPD~zJbUyyRD_AYg+~t={ksX zIaM+BypAu+Z%1%NC;p1p;Lw-=p13{h-i}pCy_cXk5?bO$^s?vZrBS2Hw^n@^l}N*% z=r66YvkqY*4i?0lHoMFc4R%-zj=JF)rnN_FrYtNHf{+UA+ShOqlu0FpP%#A(XCLnX>e77>wcv-eda`RmyK$-u7PDv?mXu{ zN;&h;<7~PaBPsaL^blB>1#S`Aw)7k0-dHto>}npyZN7G>;L zEf{HQhnd5<#ZHvTEQP_1lhr2II>owaCWh;K#}DX~2Yx|{^JZ&A)$kAGS>^1&l)P+y zZ{W4z(Cj+rFGcT`g*vLHq|=Zsrw65+`7p}mVGH3GfcwV>;QsO5B!GlAV9&m5-+1=4 z^V7NJG;fBb6ij!9h&*Op_vn?Ov9OMl9eCx>u6U35Iq+suAqqAMxHw}s`ctC!Gd-{u@_o;6i|k5FoDTs zFy0X$4S%Lm_5)HykV9WTB6pS<^StO?*HB#MfdJI4t_eO`hIx~FXY#Pj9SPM)Sd7;l zqpVtPeHNhJ!DJ09iJtj~8%@3fULdFqr25ezZ!2wTdRKC*Lw2@fO0c3VMWlO0j)v#v z&}@E&3F3P@NBfSg+a^r}YDoxrzHEuhq_&CIXnr`>nzMk+|lbZL^#jB*O z5-Ed%o423lNcSbmJ)kW+o$NFsljBSy>Tc>83-yqQmDnGZHJKShLP|mndtwkc)+9so z<-CS_SUs3H&#(O8V~H=aHq}|oE)FfSyg)$8vg_ZGi=Yhd;^}Gj@thpIY@6BWekATq z@~E?3gH|TwYdS6P{j{V4y)awL^7MpDGxzj~Qg>Sf9G?v>+eF--5c95e@{;^Md2$!E z5pg>xwQ}pj&dXH*ocPWgB&*w?at1^)u=^E6GGQeY^sC~xpS6(y`vGlns~Y}d3fIM| zgrdjB6vJ6z%YvSYJ3T#8Fbt`9$*-Me+%pOf$-`@jZflwh=U#Ij64N33E2e`filHs^ z7oc_2R3UpH?fpPv(EHl^Rx?w@=0oC&+IJK`oF~ysCJ)Iue(`it&V_Q$u~UgopRnBI!jo`8fFf@gp=3gN0#+R3lD3U^!l zXUv+PmcpG+a9=V^%hW<%k>+^?q=kv=6QyA%e)~EorH6Qkci(v>5L*vpeuoA1G+H(z;G2(yYd-xUk2J8dRAj}-rsh}%~vf*Yf*A_L*N9|q&r zKo&+4BL{?{RN*(?ze@tf`zm+BBfHYEaI-CdhZ7(T65L%;OIIvmb;5s2gB!YO_{$I! zAPd+!l{3C6FNqNaMgAYyVaW2`3$Trh1EI0Ns}TUTnh6^EiGOV)2d(wEzZ#*CCxEIo zNRK@B!LxtRvzqDBR8RHUZ~1+RM4nCGc;HSr0mTECv_;^_0r-zobSh_lwR9xuv>y?> zV1du?6PXt~oE^YaJ_*^J4>!fbqajGRE)4g^B6A|2(`NSKu8D2AzfA@0^|0%S+~!*- zIKM(n9sbiA@N{i6+{1x3x(|0H5zsCtYl8*%{#$-IApAmbah_c~NN%wYeE)?HDEN^R zT!!yRzde#g>vokRg8ybCj3l-}xIhlgkgi&cuL;t^1>Uueg3!7A?zLf+pqo#4*LAuR z0qR&377Y*JLL$%(g<#rCqywVke?$bP(Xhzza=;4aiJ%Z~2*th)3vE%s?@jH<$=@9Z z45L1b9S&Kp{9Wwy<9D?{U9t^@MFH09r2l}3IzohN_czr7o@@xWSiLn_0Sc@&0{e=mh{1SHZ^MJBhV{^+cVTT%-=$0oR9-T@Kt!wlI1_20`o~ z!6>V-5XzdwSV#hBbv1Vg>=S~;(1S1sGdIV+8cdvi@Qkr8uxmWkqD8%|rVVKaFszI$ zi5<#l!HGO$NUr$uruN)ull~LJ{JUb8i!S8V+_rmtr^W{E)1Pr4bap!L5~}~irWB_M zOy__lTW3qCY3Ja{shR2ZND;O{%!?W)k3+sQc~2&1RyC`XnHvsII9nv^4LEFE)RmC# z&YX5PqTy*) zEQCt}8rjd*L?x|4P zZB{X7d@$p}XoNXrX(DyNmgZ20<0Z0~)5k`1(-I8CZ997>EXzKO7(5tUSf<-z;9@P2 zqp-30<1;%QBd6J;nX~e|^tumQ#|(Cu5;cMTn4BWHcvNmjdjAk5@T4Oy6Bl1k!{49D zL&~vZ?rBFT`HfpjU{uoi>8Hh2qH&UP_yWnjl$|;%mI@uAD8;F5p zEfO|z1`#<5U1P3$ueDE(K6o!*?IW){ka(e@p+^v7I!f$%&{9q$Tc21yeoup(P>59I zOnEbHPcbXld~Ca0IW1e9jCXXA>rIt(aS20SgZOECr!(3*y=4h_Kb*_(or#dCTAcnT z`n#c?q?8kSc{~L`;qz1>u zr;QckGn)*^2{|Im)y&8ETlasM*c&aKzBgacnY>&&=d+h(>8r-zP%~H>IwB6Sogc#J zUI_X3+&p2hmJY#>?&$XHd*-Pw{JM6;k;@o{gl~JcQSDq_gc_dftN&s=9ioX6x4qtC zYeX?};BZmJziD_zw^KHW_K*WfbzgdMKF9ptOvaiG+jeqfm3?Y+`aF%19eg`6?v&+X zaH8yXGkpz8aU~s{QB`M_SCqMNUOSNRtiHPuH9(npM|CD4LqaEaw?_6ok@&E@b9Y(X zsWE4NGUfvE0-Ums_ha^Luy%H?yksjFhnHu{0c`hL%sprFQw-0yi)X>#)#;f+jvU_Ns;VKPoHtD`cd@}AdOP$Q(5awNb zK3HSt;qnL8(EY+eR6d-Co~P-=L!Rgsi~F4ux6S$H*%H6U{D1Epx7fi&THfkv&u=o>tsQf5BHOX?3Mt zy7|Ez;H2hYn1Z+YR9eI|36`C_xQc%nQ$|DT+mYU^>8;M@Fe6V<>|jA^nF^d4$#MB_Q@6m8sZ zn*O%d;VxO@?dpTKQ-+d0Pj_sk&CcvQ5#9ZOZbUl`#)l`IW-lt_7)WiWtUAhE=Xcyk zzP-0L40a4IQF7(rMQX~fQa|r|(r-X4Xm)HJOe7$0*fA0*uSZWPaJ`M|G^`)1%OdMf z36x&;-}&^d(bSP0GAA&5Ltwfr*(P1XrGYM^?V&lgG22fxs`{rE7guo!TvF8hf9$d2n2U++}%l#5F{bN9fAf;f;$8a63Cn;_vYT` zo%dVoojcFWnpxj8e@-{G%d2+nefFsXG9|fHi?2H9GkW`m9JXU$Vkb15-aUGn)mx_dFlqM18Bkky_mO?cTY+&1 zKNh(w|D&y9dGkzT>}c9w?!Bw;#qtk-(CrtYTrcy6(-!HaD=e{;FJEEM$Os>&n&nrT=BU=*}F4fwF{C{H46f!v2x( zjatgy_X`+l42_yEJ2lSV3F5yu@;o(sIkB=&9^0{gq|!I*ZCkS-V0Mammf4B29Vk{EDSh8# zyggpNhC@%Raz#;+@$wcEr^gsk)$p>3*V7~w)R)DQ9;gIQ+P=N{? zq7quS&QCZ5W1r%osa~*F%BS`3Uy?VImdt(sxc>m$0yuG%G*MK9h`u*4}ocH0#v%{64qwTFfRO7>UNqi$`rYliaCeTOQ z+<7o~0viJdS7^TP(k>+Q-dJhIxgo|ayC>X3Dim?9HZ~qsJp))=A0V zviHRdxeIRKbU2(e;qE>77Ia%$Q1RK(+(DYBJ6T(Eh`ZX5&K)4yliUupps> z5rI8rosZBd30r!k;zHnXL&zRj4mz@>G5tddz%W=mDgjd&i~uZM{c8Sq*R_@$@Wi{W zwX;SPTIR5T{Kp?yN;C~FxLat#Ap`>5S3xGguK1sIC?Lw^eOh3Bp%PlZ{*Q_LHp^eK zfbO23PFDbK1A}loAyoI(1A*G^-$N#p3J6?D1lW_{41Q6Y@^4{eFag5==1&Tgg#gAc z?VNK9g!`wTdq9c7+a8dAXBk|ee*!Wc&=-p0_^(Wv){ldW0jTVcu=$6C(DWoeYMwqs z`7I6vsPw>XKtBF8Z=*`X1;QxI-ld~|NCXaK44lV;dD@?TMmLr~Q?-NyB--DO7LoAp zlLknxK-2&a|0pD&RDPFg`?cb^^E4VsB)~9P53C3OsW7mNmbV20Qox_mfVl4wa07=* zzy3=fWI$zVkM>%CEdEbFCGIzfKoaQxBRKEK0Co6VfXrPb@vFl#Ocuw7Y0UqW3XlhC z1M*Algt1{B4Lq74L?cNBg|(RZmqyaTu-FN%UzhyHbnd5(o#MYkmj1gquyeA3zq?1v z0$J$aN9T_Kg(RRzKp#-}f15n891Uc(0bCRW;6ORhoaomy0OSE!-)oGGwqLm|xZ&SmA6V52JjP~qpV(?}xZ-y^&8x4i!ue*+R*$;k~IkaV!&)*=xQ0E$2}z5xggRgxqs z6M`(Pr5MhuCcn~-x#RqQthjqhn^$ON5+4EcPy@$W0>QwZGXf>h{+%BiSoZ<18%IU> z^?Gffez<$BHXJemA*VVv4lW)(mEEOqS7Xdty2w$I}F>yoe3aVDd|&}PIw>wn|r zsC|}DspCdQL#EBY=d#vuqopBpWAt&B(0}3byrp4&W9)I3Sgqs#vddijA$Q)zxPVM9*u2&o2Jm1=ED2ndJe8to z&|{Yq8Uo**pR^hrq6;&X^7btQ5lxJ4qnkcy-7k?LMRN_w;g+r z0ovEpYeDD`kQ;Y;Lnt{Jij?}tM8tUc(RgcfxV`H;6umCn3>AaMbwfS5lm)ii#e8=8 zT%zY$_Lg~ z_N<1FnXRW(;4493OW7YdtF=nhF^r@NM7w)RYFuT{P<9At292?w#Fu3ElMTa9v9hX? ztdh)(x$mwu=tIzFH*|JJiiBSk-$#Zh(-B|GH0k%wkIXO>=y1Gpf|16#QX8&qJ7{mm zMhTOjHRkE%smTpf8K%b^@j@GU2X4W}Vv5)0ppmV!jbat{HRt_3Oy#*UI(4WKobQiV zqv(?H>eti^EZeVTiV+l9S=kNN3%a%kkhm-Yee@D&^c#8zx483-CxbonZ-N1<9X`t1 z7L`fTu6032`an_5Jc|VH!BFv0nE&Jj-QEKTQApeAc+VH6H&QA0H|=(o)!{}&elY&Y zugb0R0RAjfhA2y1HR!|Kr|D3mD!8xCq=yP&>^I<6^n4^GOie$k7c zcyjEIL`8-kn1=RMDO4TnqmC?R<-NDNZ&k=mrNF+xC`1`hs0^I&+f1JewMX+lu_Cjy zr&&Mp5_;gxv(6r|T9^}nuF%TU(DJbqM^MmcDtAmJJbiw)jwdqmY??Uy@Z|oOLP}@v{G>bbhw?b|H_-+JfHJ}QeoykPiYQDcI!_%Hl6;7jfc;cxn=;dt~x}@1S+58}C*J#g28k ze)l#rj;It*<9kj_wR#h52iVBGU*>fZ-D`T!=1O_lMIuVCU_3p4b~|P~g+&@`WwB5g zj75J3ZxZWkt}am_^z_R`|1Y9C_NOfcyq68+Dl{}^7KTEA8jqizCt0VK30a0QCHU2f zAEvS+uC;tUJ!(^i;8Lks!eHhojgxD6l2~iRCegVNf+toFPJ5+AQZ?~Z6Q9H`&`ss` z!=$QTXK|wI)Xd&bB@a`cT|HRykg3q2_E?Ox)U~Tqn$v}8$@UXn)jr)2BgE|!2HKI= z$4nQ^RXG$cwYgN_zZbrMCca?7C@${;8gPFno9>0Ee_K9xa#dtI!u(p%0DqbVKh%x8 zpi(m|XRF=8DjISFYJ|+evt>5TQ(M0_?XOsQnyOQovP;IoLtZbU6Z-sp`8ng{oa+?H zMU@x>r2Cx_Woc`5@-!I_WAzflWnpCsLY_lS=;T(AuqyjXOgn^SHyRC_XL4hC(`4eBR@q9^)tRy8=8pizj!Mf6bi79Q0XvVLJvn{H!bG~i z$QY_zJmUO=!|nN|Dr;7caocQAgXzJPh8X%!xE$?QxtJ~TRZpx|nW4PCq`_sZdQtha zY9@8-U1y4A`$FYrE!%IlAClG~)>mK2@HIXbuHvh&%rr-As?jwF3=Fbcnoe@S48=g2 z?<-5htHCi?a<<{y;YnmC=0AAw6V6Di7CTh=4c7cNQz;+&vbYc62M1nN0VUlRKj9wE zy|of}R(IC+t<~R@E%RlW`)0KvpJ889HUIqQefy2DfYBEGC0_~)@8RbbIFXXd7H8+q zl$AOX_9N0aV=C_zwx$Ky>U1Z3YSJ8LNb)ExCj{9tjHUxQCp+E{5}hRX;(L($V*Pp zel*+;(i+Xt5yS&RC^oG&!^&hE=>4>Xn>%hIAfPq2%~iW>;Iy z&p)ZZmf@{RT}E-T&D|E~E&cWT$kQi z-6LQM&42t(II^skE$;MMm3(^biuH7M!H~lPe5u+cYf7THt|?xnQ?)U zT15rFQ#5+7bx2085_cSaDs9No)bKL`$#vYAMHgO?^8r3PfS{^L{s4oU3Z0TmkhG!Z zK0?UgMZ($R2L_%TDLD6o?aRMMKSti(mx#ivD_mYZA0LPagqN@RQm8i)cbGB{B$CvY zpKxUD1A26=k4raNwOrfxlDoNe#Qk}8L_pT>#3l6hy>S%xE5&Xpb-CGY;4(3DRo zVuTyY-%TGY05^|ih>#yOXTs>IU3KwxPbYM`~-xFc%W zOxht=<5&9$ufcG6nM9Iz3ZeJCSOrJif$+pa?=0)QKQ^{j1M`?Yg2W1M*|%0F^~cu1 zk2+AAbelaHrfgHnSGx=sCXA$J2RAfB9be<1@m|{!RK92&ZRdLJqsPIdttdl=@kHYz zt9L)7UdA}; z3pLoUW(lQC)QHHQwTKC@Px%Z2X)bRF*p=A(v`lN{bZk#D>#w1|U%L5};4Rci7=3zv zqn6ub-6SP6_DcMi+R+p)1UCDsczbnRcDJUG^w?H5{iL*p1mOIT2v%9F3l=-s-jzKV#Un~tC*7#!x*t~X+2C~l& zG20E^pK#&TKYH`No#mxZ-cmH2kOp+kJhxQ4@Escl-YJV^a2YEBWv;_k*`LdD)jZ#F zf1bB-BQbInkahYKPGI}?$>fhOWtZ>OPX6!zeZ}hybxiH>BAOD8$E6scj!V(S9nJxW zl2D4?TwVRBMM_AHoHe@&ptM^R5S2oc+QZ7rv4**~I>G5J_Z7L*gT;hv!`HmxdK;SX0tJM6cP1~W)K{PQf)U*3! zIL$A3E6ufeBszRYEbJM%al(xl^l=5Ac$61e%xZQ&$*EHFqD@cN8S}X6s&$gWF4JpI zFhWMX!BxNXJC|8p;i*k^j=91lMicPkBn3J+hKCEu2U)Lm7Q()9EUn5Zwd>a59`IYM zwQO7JeXA!=1svl?`j@lq_gq@?KjGrF%bvS6Mj|~D6%mU9d2kQE}-*)^$e3#!_w5N*}>O$MXIGJ+@+74UN#0Xb`VeOorw=)!|lD zX(qeYP`3GAsMdim@J8QH^e{hWNPV(Qcf)6JNz!j<#<0Gm;ju8>qeRGUuE2n-vFQ>$ zgivH%Sb2;QG4M2I*X+=ovpv^NzM9O+w_80az3dnobve zj)KyK3&8)M_J>zMM?6?V(eDHP|4uZ^yAoXGen3{@!-6HH0$5U-5~pZzCk^kKakf;y z@EsX;pu{q0iIrL26@Y=-+<`8_K(qb)o; zEeKE4msl?%3(oh3GhUZug?@}8j9^gybVCRdbOtv@9=J?Mll=_f!bSNJlVEaJxixYL zBN}aNv0_<~js=y@8dM8Gwre7KU8DC9Wi_=Wk=eT{l<*iwhJkJETPZwp0asxDiW+7C zlmeQ~6vv;)oExhX@j@?2Lm3ATOOYc*p6o4c92+2&AhIBXp6c-0XHT^@iqN41N3afe z-wE8=1IBmXivT3=g814oM#-CvLWGXqb`d>K+&%bmud0Ec3lohf&OON5V{cSt)9Siz z%eV!p+r(9{y}7}Wi+{4e|5V>r1x+_CB#zCLZl7Q6*#SL_8ZPFuX>P^AQC@R4c-HIU z@6Owcer*QQYwo#o-ebjvy`=~1goSPESfNebWO%u8dMIw?#Eor)E6E~-sm}W>cUx67IQLB1z(PQkW*#f|RL~_$yMRrKX0=dg%<-*dI*MN02RBWV z>BvQEzE-$k!hQJyZ9EsfGhGg}N{*d)3wkZ6<8)tyQYg$lM0%baUhZb(MWaRT)&7PCJF#CS_?U zd);&VSZi>6-Ebx}0~zu?VwLaNn&3-<1NE(UB&KI5#1*ir34iLc-Yeh~*xYMc_ul6r*Q-^ED&((^qU5E0@& zmR7ry@;zFGQk^f?7UUR|s^FP|wp)}afo`?RX}UC_z?qsYU3GLvU|o&+F0c^nH9^Tp$#_36G(Vh z30N$C5HlxzsM1{9Rlg?F_&~RC5!FG1zBh3{JzTnUWEbTqtaDdunVaeDgd>YECT}h*nC`0^yIIUyVW00!Q|2rS*{; zE2AY@Sr+7I2or^*en*kMw8m!-Jg$qq>m$!~J8nD3L?@K};){*?=qWDh*|=K$cYZuZ z@D@}5c8HRn=!sTY@kvzTX`|!Ox~$C327OR9C!8|Z*$QKV^{!8kOP+7MY_trgKk54T z)RAU!m*Oyi8VS2&g2yGDYQZ$IZcr}=E#6*1PqJELmO>kl$>|Z^ zJZ@>w-q1?!9(tIMJ!*Q%R>W+cjYnSLJnzaqpMdhvQrIx?rvP*AkYIrjyuW+i=Kf^3fr@ zc#*IBrHhqgWXc66Yg(awY{{O{7iYxG@KYQNW2}nt%?5+CLBeMdD8pO_*K2lW|(oxpXV&hw7C^nmY+38gFz;S@#c$nYv z5;t;5_YuFLeh22IGtbN|H8LA|WL=e%`e*qXu=37McOrKe+E}wvs5M|Gk@I%G!pIB) zF8;o!@vFviRg)&+p4;P5bo}5~Jl~CdkaA?k=}m1JSjM&QsYZPThk}#2;C9gMri{tq z>&dP0mE7Vii9o9y1Y z=NVf}Hgh~YQT_2=HL}#M!N(+fcBle_;L!jBT5nrzy(}b>&N?oLD##B;dX@v6ll9%+ z5wbX&+yYO;{#hO&UvT7Qgdnn&psuN<##gauXJB!oD+}M{ZLEXKE>A$b-p#bvIzMBX zi8aY@8;`4#75K&>S@s6LdGE?6vyS^hnt=NX9v>a^QNN!qU#B1y^@JwzN{muyUA3^v z4PID}i_XHs<^d{p(nqED{emPFH5shY$0Mk>a_SJjZD;W4FQ7&mYqAbBzT^rw?V*D} z1XDYwqcGyW8a1)FT@ks?ou2SnSbqy)wqBm|iIop21Z(3*-RqL8CTaN8*;6S9wXpgC z$K=bGS=tW57vvfWb3FT&C{GR!g7}&ePWwN6OocS+B8-o+sk+Q;a33PjXw1K^b^?N0CA0gVT1_RZ+12uzTRf1uy@PlFf6Erz}3IKJ7fvUnl2ZkL0P$3v7BUgpXly{WAy{64f z=OBY%R>;h0Ar)M45M4(q`g})7vcfDFE#KGq^hIES`~=Fml>J)2jV46wM93pc_Iu#F zVj^1T#i%j7)g+W^nSi-qQ)kd_xg>f1+iyt2Wa_owm1J-8XdF-Q81&@E=iLNUQ2smBp%pnvX}b z!5eb@-gx;fyj#(_D5xG@R2`SrI*#!rGhzilvw`iNVeioL1lh$$P{z8aIu=GgCKZPLbj`TQE=;J z_Os7yt+I6^1Sa6_=yK^(*-EAXQN3pSk6NhcPgTq76Lpe4?j{aDp)fTNOdZRsp?RNJ zRbs$~%n$MKP6cf8RoJYXr6bmLPJq;Rbg&gSGeULdc&r~qqLDH7ked~1>lovmlq%Rg zL|cx`)oVDqiDc0~M(lvw&HHeJU&BmtYspqax>zpBiB6bp=4&9RHkm;)&z&TNH0y`9 zIv&EJ=SYv+Vr`->{h*vCTc<+3oozIUMHAzv5+V!bq(>M>RRktq!L4}moZmo4PZ4_O zpDPq!&oNefAO6wE#o2LGQY}5_H4#17Dks{9k(tXvZV`kY*M#8UUF=MErXQNVKm?Ef z!QxwWc5lgMf?nH`B+Ze+WS^%Vb#0g54dAfui?FUk3FK7WBxnzQ!Y#Eya|$)~qHGWG zRu*VTM^dtI8yf ze@U6(Tt!mv0fo_oNVL!6YP1k7Ev`3>SFMx>d5fo*3R%4CWf`4G!rNqY?MkzA(pEaH z;s!Q3N(8)viGt@BQYq$Zm5uw&1D?64KjD=4qu#rdP$)Es8kAiN3n5$=%Fus_&op`C zH_G{8g}?F?EKUGK&)eg77D7D6isoI!sdXjC1G*XgA)*>Iq?VZPF?xKRC#wwP#3wRC zbwr{q>Dl0(AgPEtEhN0-Km4js);l%N&(kO5rfoL+Q5jnyc%G4X^S(vcevWoTt7D-- zAEwccr9jS)qX$|QtR3U{_}}EKH85ZMBSf6l*tisB?7eIjDL2q#^r6#2#lZYJ^yU;x z`(QyyFKW-2Pp9ArUwK&)IgzW8os+CHX z-5ZPAr@v=)+$Fw7$C4BVwaAB7eEJ|Q&ZWBYIMfPA6(VW$U@boI2j+3vx@fm@iifP< zwr#_eM1>8OC;Ak=E75(}938~qDqOl0tPMzXc}Zc8vTGcJWAb^@H!}PED{D`DYT89A zc?Hqf#7eRF=HhOXod>U@wQ7Y-ZUwH%b+DG8y?9vCyQOnPnc36yv}g3e$%S>~^b=F> z*SF{-675P!HM*ViL^V8;m{C>KmvVMhBocLWBMB&F=N0T}5uE zx)3kLWDXDXvFa?WMSDzK%3);-meix}UK!!-QO0Ezw9-c3#qMAA%yM;H-y5`Ce}6R) zksdgHzxuXQj+!Sc~W>>)nyXQ>c1cA{i1dr)C?2J*Ys`KSI6+d?? zFRfs9c&@o+P$h#t0B=S&NG3Pj`54Mv#_rXlMS_j;CE8QKnh|S}0A-mVxIoU1wLTU{ z$277q3^=L1yt9kekPTzsg-|<^tbW=UOjBsa+|N+ZI$shy{J`~-0+GTxE*azF?IB!o z(1g2utv*?Z4CE5nMh|x#&1Zf$&`P`T9ptL|(7HRgKI_%(5}_{%J-)ksik-KiY)t0< zM_O&Jii-ndf=cEgA?-m$K^<~OvGN4Wk6)oOBtPLCuU7Sjct1crkm3SXHCNgt_2d~1 z&_iUwP1J@%D&txBTcunA6iVb122Cm;ML(kj*-VRyNk-2+!f#KGIX$BZ#URjU z;N-?u=j&&AHs8fRylKDZ{POu{s~hkBcd66Kp0;;x^;OUr6HkMd#(NdnYdwLJ#IpuG zFsM%LeVFlm`E*M`5&Tw@fsNOX-u0^3Ff z^E?JuXPM(v<0?GNHZ@Xp-k&T3u3dxO<2YSs40g`PiO|V;xfPgRb?L-03mIdp9NY5H z4b7>dFJ(N3CASNfH?%?3L<1nB;_a>SL}!{*f@J|BalrQOa}xD;T|PNGNZ0qpv8$c6l41&*4+wjQORu| zE!NY<7!*dV#lVvo8>!Bx2b3WK(@PJvCHcGCRdk8=?39xRb~^Hff_c3d1? z!DaxR&H~)Ypxrfz0=N07V1f!hP@N+md;k7NQ1)<rCY{o_(hPsqNN>MkZ(l$d6EOyU{{{A*3?7(QhOxkNo-8(U;@NAMowY7} z`-U9?u=Fos)e|MG(6Zd%lL)W&>n;0s7N0(KOHp@1n%6ZW{&!HdJJ28hRnQ9He3ldr z92{^o3k?GS9uD>geC`ft;o!dLz{V$_=8{p@&`LzYqvGV2l#;e^DOmnS!}G|TR@0TY zZk#UR=NvJVt(q?=$(CW45O9P5OI_rpnJ2H&OFd zKGEka4mBJ9m7gQ;pc(I=bMBCM!jSxfpO5d5^xq+&fg$;Ehvb;i4&bCerx0L}#xv^f zXBMC6|I2<3f7^43*C+-Pq~MV2x$HjHoe0l>j#MHtcQR3&5Ur_x{0MbM3LF$2!Mc2iU0)xu)onF{ve|1WXW};> z&M*W#duOT!;UJ6oD1MN*Oz6-inw!XzVpQx6&a53{ELL9E-KM~?scIP5CKA$Vl@Bqf z+&lIKkLo!83GDtCu<^eUSOSMn8PzOIp=GdULX>7i&vv=n$_qnli8dYgJzC;#qFppa zv!NW--Byh!Knd*~A;}Et3yA2n*I+jAk*#<^{u3_bZzwdlVmhG*#4%~)UfZ@fh&8GY z>50S5H8An)u+{BDoFlC_P|AML{FY7v92(ef6#w9w|?v#eTQPuDb+?+c2G(9#=Gp{7@hgKc3NO-^b0liiR3UR+4-sw8x z)q494Iv7eaO74Sk8Y2QCbPT=yagr3m`gYel7u3yLgoSIS_#W|>a%2GWeSj89sTPp1 z^M0Bb<-x&uDVsOrS1(kT5So%}iCdQt2Az%EPru}N*OTDdsWw%FHHf$32y!sxb3++n z6hg7LprORcUZb{7r4di=eiY}I_u`i-sR3(z)y!OZ=rZUh*+0a=E6*?WfJF=|;^+^Q z2ZF7r+2HOhYsE(=yWX36Oi_L>A`n|*^&@!D7laTf7k;4q(lMq(o5cOd>r(uXmrTZt zXK0Wz4w{F_5iVH@4$@(Y&#P_dK_pFNs|IU0BQYVY)z`!^n^cQ+XieKp@`@0@4SOCU zP&(1WUhiPe*w-!zHq?q%&k<=hncpaU3+FS*dm#&A_UP|;Q%<6cAEc|^thR$6O3T(y z96f#PApnvQ%-D`p)wYb{|LC4^;@Ba0z&T9jWK0L_RK?^k^7K>Pe)+1&?pEaykK(Q~ zcY&|A#Hq-QP_L`*w1XrkIiWa69!lGr&@>hEc7ZcalqAThDkPZ;%ruBGqW7r%KMoZs zE}~M!ISnV2A4f{2vXX}ip{ICA&uI!db~YbAvO#S+$`yeP2LZ#4(>dN;;74ayF41<9 zPkTN`#QUz6EczjPh6%SG9+J{Wo%HsFBO8%nnCoH)$qO0p>6i{2LP-b@K14{Wr78{a z{3p=;>@Gm=e4z08_VH#qUS&AK2^9X4G?kQ8Gv#)!1fWyF6^ zG?S4pGU=5aHwI3o6jkyB(nf*kk13-6XuPsfyfCRZ;xUq=&)pvE-~NmKZzea5woYD| zJ^2Rul|6(i_kN%;9^?ssk;C z#eR~!e)&!;MMI_`R;@2pFjA^e}dnkOkOI;LPq&w1^Y=<(x6}D zp<&Ps$tfI0Qb6Tue~;a?{P|}fLH^pt3QLA1W`5%{gqN+akl(Yn)h523lc|5$`zJr zaKnR?-=>QjB&XJ8^;`ZwQ!}94KT|UhSU?{C?F5W}DC=)|oa8THq`!cr?vnm5%>U!S zWOp;f9cH<^8R8e_2G|Vo3$r6^hQPkV{J#Ns98H6&Ox;t761GJhcogMKbv z<~PYP0BMd|L09QVK_2DfeZv)KY6>m9_+W)0A`lboKR+_jiWD7<2h~fm2S8VE)6a-7 z8umX<@ZZe=JUVj)xjF*)wbet}S|RVG)t#dohiF3JjV&j0rF+Tzr@J%fLBpNfAX{+_ zA6XT}2pJYPU-|@khK9m~M$l^wQ}w3QkR+&q>;p8{3F9viln7fx9>ZwtC@1HV;{3Ai zhvvP{mzBxvowNHvU9UzPV(pv1{{YUDf4RY^UtPMNE!-7zI{0XTUDTbb4D;2lgiEj! z+hhi!;0yC!Q*qAHZd8V%^q~AN5KZ2&1+B`$m;%nx8r}iHklu1!ni(Rr6Z_)g6;w#| zhJrTPHnUtJ)Kmjcvk*H}uo86;2kj(zTvc*G$zv<{ZF1zN~)p)aJCAqW<_08ZAFE zXQF2W7GmyglJ$(($?w;&y$)DzaN^k5c%gZZoaEL>2TTH!pwh(^Nu3PY*G7RuzR^HT>&jBM6H#}=F&vVu_2;Pr_1q^~k zE)%v<=J#b&7d=Lw%-YS{cbYxivcUi7TI#gcOA+C!$en93g}ajVB1gD8cO~{Sn|wqU zVmI$@?f$z9%^ zxpFbjvx1za`Zw>2kSE+pp8jgWuvqvuj5bGcMnO(C0+Ajov3vtv77r^ko;o#Av@FU9?+W6^0G^;fxfOnqVXPe0qLLbJN`h?Tyse?GykLx>c364d zBXfHuJzU!u-qj~O-NNo9R-EOYMv%;GpmBuWLqk=J#>Ca1aHqKQQPylV+S&=L=#9ZS z?s;2uAAfKgmdFn2OEpen@+)TFT4B_@S-uFZv}6s!&IotkG2Yywrd0CCaxX0Kt(O-9 zc#EK?#^D)@J|~*s47OJfnV;qwC0)tibjzXlRHn{@;AVQ!1X0h~YtJl`U^{>qiF#jB ztz_AcayhHrA__*|W?#GukxG19#Acq-bVAfR`iqbkj1U%wZn!-0j#feO@9Zz57&Bbx z@g6s6E=O*A%l`LN@NtwsP2Eo2KZUau?T1vD_SF_0|Gc3TwJ_=L`Gi+wkA|98mxgN5 z^4u(3rla{*G=$h3d%G|ei`Eua`33WtWYW(PKJ4TD@>K{V7Dde1w|&5=7C*W8D37wN zxkFq+%{9pHdG0F0#f?}m>e1D+7`)Zf@Ba_%e?lQ>ifRtQ>a2Wmz-iJYygNG#UBU{C zJF}&o=*+F1-lc2~V4X9t4YRkL8BpCM-zC?W_jgqX%sWT|_)K!u?t+W^_O2{}6%W=w zragVc{)Sc_R$cr;8xNZaexarO3#~Yiv;RQr_ZQkrU~2gT?a5zgVe5ro-2SgdJCdlD zfG<+EL{#);3KWi)B4z^8Y^6gZSUrfIKHR~dAD>{ONhQ~njUGST!F)Jz5Dcn6vj836 z5BIn(JbiW*%DLiJR#n2RC;LMBt^c_1yBp~&Lt*e(|DSRRCDCdOOO;c6x~~qkfVdG3 zl5b=CVkq>+SWhk3t7Z>iNKq4iiowCLV3$d#X_@2nedxG8P-GCSdGrzofjjJqzF!mf zts>PP*5gP06Yi9nG<@XUq%Zbe=uze9(x@E^MiY_qr(*1SO;nno+rtS{xHz%iKp{-C zCWN+-lZ;$2Gisc@_uC-piYm5X>Ijc|;P?(RVcJa0J8-JXy0TQ$#GHm2>!6<;O+oX^ z3L)VF?v;8v)0YlJRr4rf$FGsU-{L=#_ZYK70Ei&+fV#Wplvgvy+fECMfCf!BPAk zM=8D*NjLnxPLF0VoUn*PC;;f!LxGR5YZLr>)GxF?^fW>Q!8-Ppm372b2p)cX zj2<%$f8@9$*(eKh5KWG}o%v~dMnAZ&mm$%by#S?;FjF3SV1?@D-sds;C>&(nM%sh7 ziZ@omP*f;YIsnz6Dj^-UK(&izqM;e^V&b2$+;Qw65lqDXgxk{6^4rVVAGULKvcw6^ zO0fkzk_9Ix*wG_WjmHELDF_C+G9)8uk@t-WpqC{%sM*q&&TJ0{?updk@2-`S$j!Bl zHO;kF(vjJ-;SZqq4tg!~FI(i%Exmxy;}mzffnH;$;l3|^v*e>F{4W@kO|Hf$?FgtrT{lo4b}>V z)w%(x;h0Ayi029RYqEq?&?H$)kA*xvf!|hLAK2bzV%-3BLGnm~H5i#zH5qf4%aft5 z6~r+lt`04PnH-d2D4DDYQ7S|!{mF@uia3zc!RREYaunR4WmayGY=24ZHcl=LYKX>Z zjH%rWCWcrT5nAIat6#*Fa-nX!FAi@mOPD)i^^AojhLAWd&bo+k*kDqBts?4HRc`X+ zgw8Zb4DW#yBMH)|$7-`p@|7|hzH5TiXvRTLX>{M1G($AK8`q=}^cmXTgVL0bGqfhW zG?AW5PB!zAvMAg5Yv^U57tlTdzQ08J;NS2Q&KcbE8evHQ0pAn{QX^POt{8->AQZPw zz(KsCO_^f!A|TQr;C+5*!Bo;@Os%~Ce9MOTL_h}x+Ca4Q%nqp+wXh7ix_XCK;+QJhWG?jH>OB$^PL`D}Mu2iauLd zO#%DUR8Z{5F=Co5f*yWF6fkY?1A^JZHa*e4d9@2vhH6=wgwoHNI-b~N-XVo1cx&_} zjUh=rL*f>#cp`^3Ix(q2tD|8hKM=tB?WAzH1HM=N4YX~ z2{HAO#apr3{)9`T)!+plqiFX<+3?&Zp-`3nm;xQ7a>1aGjF8Lf1+s>l=xq|aFWhZ1 zONNm9h$ru+S8nLl0tDNs-ma7yG_XnVBla|UiVe+itGbjE3bN%^knTF77h1<`QZ0-O zH!x!4j#|rNV46}B*TV6Hr_oS0-?%6lCUh?!%S`-pvU2;n$S~tkkE$r7F{XKts+2J5 zsz&V_gRhAAE!N^fuFj7N+>@klJYU7Z+m+3LdS`Ursr!4etDze%6 zafxcK>qkzRE$1jX;qn)PB|A9STR!AQ1KGjY`(3orcBL#~SPWFd1*8#4P7}HA15eQt zE!9&nZ5VD&hF?azq&x-7ZeTl+OON1}A~TAb5X6w-TZ_?Ls)K}XrxT(>wRx;6-4~@a zlt0m?K?a3ewg|@E;@YA?gO3w&2E$Fr^GhuDsY4%V1gE^l4v*B91`*Q~yPG`qSmbk` z(A?yPoSSHB)+Qn*;>N{OhfpQRCAEQSgKRg};%>Eni&1;9SHsCAm&89nNsn@7H*LjPTQ1oy zCmeHn=l~xv#6b3p+-aS3_m_9m3W#xg;pzS@?kFPtIHk|1Bqk*7``C}4a6^&Twr)Dt z^tWMIhY$M*Rf?y~75N_0ZYC8$CaC5Ix&dd7*r#T?nE>8xx*IeS=|v@L;gAx%-r9HpIPLIt^)*@PY$N6;`mV2ei=+oFSrUfH4pio*s8$$n z`AjrXCFiCDlM%)VX2S=dw;kD=LMK~>SsEZASyn?DrSD$Ra{030q`e+De!)z3w)V7} zr${;cDGEV^stifal8LUR0aY+jMI#nKXG>8LtEyIOJJ@yP8pG9T))pBnS?czKNKDkj z_Gpme4KBL0ZyC1-Y*zF3Ov2l(mGZxsK$EXs4JqnpVpZ3d)|HQ2CP|gT!Rb!hBN=ti z`%AhFiZG|!M5N+bH@#z$Vd_lt(ydqeVd_qFeYgoK#kGpqALF5isS-09!G?LDumu?~ z7;(ycRiqaEZP`lF3{5Yf{~Y?KxIBdhsKci!jhJj51X;&?8>X~_C0Z8ezN3DW^9jjR>j?4~ z$C4A6vy)l|Xy5-)+VY0u&y6Od#EW0vkG1Q$7=2Z~F+}Ain*L!?A zqs;%W(9S+h{PMe;{w+%Kg#7d0<@BFXn5zbPc=cyFog{MhXO;fjeUE(=4yXUD(*J8{ zp9uiP|1Y%X&cFudFSL70K=J!~78h8QOoG%C- zyGE33HQ)-RR_HF=If=Zg;Z)3n+H#hnY;Mk4eb&KlMog34d?1||2_EJjit|vw&-JfF zgA~Xm?>Ke=9bRR_Fw)BmI|t|jAY)?#VlYhuDiKP}(CXusQSX0zvo3~|vMNW52Fc&h z)3hK^vlM;NlrZj3KcES*<_`X*<*#xkBQCr0ytqWorT#cAbw!7hHZM1MsF=fQ7gL6O zl0;RSR5F~SW+m^Gi1tHu=}Na_n9ELas6Q?8MF>J*3K0pe_iJ>V`_=;Z(hRcBl$T_^ zW~X@Qwot(iYMz8>jt%j`g~z~#QLv`DwM!?qf(m|UQyL!F03N6}_p>`@bO(m(H;Z#& zIUCS_b{A{bV4)O>l6_&W`8n#!O(-3(z)%kjUsX-2N6+py=HpnCGcEQv@nKJ8X^c>F zl^2_GpP&=!7A)LDmDU)ivQwRd^mN%F6yY)h+*}l)0=SJV z4dpUjmDJh_yb~lU_-?xM#wr9Tk~{XkD^u2+%vc+@)dzW?vR(pm zC;?%F85g@pz?N%b=t~!6_i~|Zs)#0Ctx-(sq(fwS_*|QQ*E)w!&937LL*ic-^9#2V zycaY#pOojZ)~bz>s4}G&K8kV`osCYA!`HGzkh6#kfi8YW>VNq(&+**NA_W|px5ZtF zSz^|%hoTV0Ls+=E{B^rDt2u&ukXW`K%_Ev>6^gq}p5KDlDjb0$ z3a(@#0lM$7`2g_z^^U@<_v<}O$xyPgSw@#m#;l#@b@mR373w~4b1rbuExmJ6N-o!z zkc5M3#2lsYlIm>H$3~v(e#TlRA(`Wn4np`cw0kl_lVNUEM47&ew$DwShCV@=#yiUY zo$Mt~PIvH*eAL<}8`SA3EB)({E0(RQWM&a=)WZE1ltc0XmW1p6aK|NgYLw;_@Y}MK zg)tevK4Hinn$WPQheG0zwYCnY`?f*Ed0leJ!pL7f>w;(5T&#(Zq^hc!MUPM#sp7`& z%sbq&rCB&At9R6`iQo=hqu{7?QOr-_P*0u|9+4K}&B#*^6ILFdLMaofm7^rS!9~!* z?*PjVx7JWdJtc69=FkWO3n+xp!?!69cXkqL=VkxW+ ze|k~6Jha0_f?Yl^Q5^`Y`~#H-3_IOcu{?&^v~e8}@%Ndvf`kU2C2~C|12ZPb2s;;1 zs2jK&-LQh)*+fNw|XF1M1?$zU*1XdtDQ+ zF5UKWga^C|dlu`Q6kJzRgzFlmfn&gpoWZXec`|%c{1YySoBT5~WKgQPO#ce~#UOq( z>AjlSyb?O>iG6a1JAt3=k^omJh0_y=2|QG)YNx9)Cg zu)Ggs(oy4FZ>SVRanKsu^B!Yt118W!kliiAx-ZIV4MU1Q#-Y!RbJP2BORIR$8CFY& zV}ClMf-OlMn|w5-*b2mOTZ@Wq{Ekkvp3<9SZd>ngf@mQbF|zop{`sln*o1@cw*7QAlnjtF3xlis-8kE zHN9kit)M%1!_D8hrG=9B&2uk8#kT{pDw;AL30;I^|B?I1{AP1E$Fm#*QcGSZz9^D$d0N^u+Lx`$(+Q+?u;eat)*L2s`o z+euhDnj~EWwT^g^eK8E08K2-RKaa+-M4HC}VS*HT=ORi-v-`#%p+e<&3fU}#szyR6 zY>i_H@(gzFS${c{J4XG=ZD}Y|(^ZIWWs0+SfQrC$<$-8#sBMs|x3{D?mK3z;>s93?kCr|o7sL+hwGtWBBto|(LP$$? zbg=)#F=nXYlz((^q=Hakdfkyl16$Ij)&K{{V@=Sdm3{zFDbBeJ<5ng00>f+I|XiX(P#@#~8=A9pCx8<5k_Am;{**9~5_D9Ze8ssSp>j61yss z9&r8E<1(s8=aDYe_KH}i4k#7q7r9Y$#}5WQRJ1_;G(kqxUarqDe*upERUsU`>K)WT z3D8=Xe%YqG8^}Hkibj_VJ#M<;Iad$+U`OK3%H|xN4)1Iu&g>ywkdM0T?dThC{3BNi|%$C zU!^u_IXvnO+$qaFT$--y?Uuxd6J6Kxa>`Hm$GiO#Q2oOKQl@`(1FwGps$T>8vtKyv z7brRUh0}fwuc*pE;j~|)RmV@9_K)&yp8XfHJEQ!CI219c=zux#w{?9 zcR2ijT)!To-D4|-{y#qrJ0K^iH`ea4l0yHlJAFdY{9pd@Rz9TFd#-9=J~d0x{4YOt zY4!Y3caml)O1zbKyUO2)%~F(J7M*=GFwfqLoe9+QcdO(Bp8vkZi29{~x);9NRe?Jb z2ttvTpzf-nXkn-)|6ja48mN0FSlK!VgiaZHf0Yp-H-gyDaqk@X2PHJv%UREydB;jz z(d8FcLni0XZfKzsLGQ{w?~{9em6205Zpv@iy_6itxk=QS`ky{z{P#nH!C~qmp*lS& zC~j1@56VZ@*mhGbXN-FEe_gYtbKUv#< z14K=zNx~FFh{LR(QH7Pjz%0^x5akwZ5SYW2ur01TYMGe zI8RmQiqT`K5)joJGUv|etjgdNP+E;XhniFOOR8mOJbUsTOQwnpv z937&dLZqfJ+>qrKY&;P5=I+8Q5&kLpeFf5{3Kpg*PNV9-oTQ$ls_`nsG?JL6TGYVk zC(|D=cKW2kSfW|=aH`1fW+}uV2!o;&j@zQ-u(t{3_+C2V(?SP>UnHmKAyMVn$XM=| z)yukhHbmQxiz670A7#@lq|0UZ>ZJ;7FIsZ?We*~}zb=f9yIogXC(iuJ3ujiaK1 z%Dt%gn^D1_3x0A`!>P9+i{7D3TmxkgZuNHi=(E{mMIP4X1vRFsG$#!27@eg6bTx;4 za-nNAD`AX2g^DuJwm_%czv7j(_2oRc_5_Y%(mNkOw+uV3P5j!)D3Jnf;sB zvp;&v5yXW~@AJcxJv`z0t>189Qy;61C;uYVf#!LgoHqaGFL46zC%e2&MWFIE_Ki-+ z36u(EB>zAw;r;N|AR^)Br=cvs_c2ZIR1mOjb^%I_Xl00}YI>Hxsn(VNQyHFTWLadMIeTasZW28h&=_`WQkjk`rz{I9YT_wQs3L1oxx=2N43P#$6V ztxYM$R*e?QBn^OZHjYV}clj;$Z(0gE&xR8^Mmo6TvPQpU92}h5H|qWYHf-2LFdgBW zg=>-{i3~=crj|NKwIzJ0b2WXXRSdXIfRE7hFv+A^4MD&x?+WOvQT@w>vAEl~A-`cy zQ8ftFs;!X;KUEU+u7Z~Ka!~gFrXxN|-ay?jKwo2Wb)PWTk@eGqu=iTK+=KVx=Va;b z-5K1cC%E%s!#gqZ#as7R@A}?aimzC&ed2%U+VIz3ln=y=zxm=}(o_dXWBm66{|9O5 zjsb}z7ymiVmG6?2yc+1iNKEl8X+p$}HN9+EIJzfUEU{12lu1lBPkPTZR0JUUm{AlL zHk(N8v*)j>7}SuMudkd?p`D_R*Bn6zEM^Q~IOPb$SUjOjq17`JO|7V){be^m1=aeg zPCxLs3)>o=R79>4*8ZR(L$|PFn?vQzcX)gFoVw)RW=fO@HP-P-+ByyAoVSNtR1388 zxkPGv#K`nS(S^UOOl$P|h($b5?X%mQK+~SX&>O+9CwxB1!)mrbI(MZ`XXw}Jihh7m zo!&tj82Vtqs$AXiv^@5NhJ~?_Ws`|ggSATR?LkCl<-!)OiK%)G1WS02PF{RrPK740 z&7g$gxQqkA%9v)b64VftVjPgXNM=%rinA5%&DW3AGdaf7u+wP-TkR}a)<{-{3Q@wm zg)5Ix$(DxST=`;_G||&kmJ0wfWrx9$B_a>2yulc(P3#Mt^{0pR+1j}ZaQIlpfIryx z8g)j7pj9GL8!)M6_3fJ!?R9DQCVV`9So;-WO&(2}1uq`35s?)dsSn>kiOHoQ8O4+o z(*j`)m2Al9)#HJ5VbUt9iIMw;rWA{STTuS(CG6%kq(Vwse?~VdUs~8EN+m1jsl|>? zPCsiXK3|_)=NT%anA#7t*~!V%6N=lTB$m%@-*1D^1%99rUf`%Zag4X-az^g0eld@Y zyvz&36Mg_*Qbb3IWLq@jDq0}Rc(j(0RN2Ho|85aY#dUJr_Z!s(1@hEoLzcQ){ zE+uxhklCrwDL_h0grU{cX$R-!*=_baDMu_~tXqYS(2=NmBP^)XJzxY5CW=b0TcIBrlFALZp`x&8-h1PPXMji)sBFpdWRfeu+GE_#?TtPa%!>uT+?7#j2}exmB)>HfeCO^n%NF1Zk zLk)z1WyR`er6dlCfcu)TlOfo+a^CD94FvR{dX&uk4)6_zLaw7ItopSg$VPh2U>3ep z&7Bi3qLXb`WH{E-3%f2g2XX40a`?4DN6$)U98%K?)gDI2UDjk0(fvTH&!>9#B*Omt`~NNtfTiD%e~YY8 z=UZ>l3upoUZ6x#Oe~zpuFg7?jf6n^Lc>e!64*dSV|J{)tCC|_MsN?JZ{mFP%G^p*dP>HH%2V9& z9e>#Ni(R8^P|Ev{E7j1QZNui)Y)#21%`$>w%C<;z_l=qXqampE@tZ7Erj)iD)i?TU zM;Rf<@owMeL7ue_IllX-DII0TwVPcbPNvHb zG`%kd-=610^C&B~X=#+^Jtr}*a7XzL_w`PgLCMxT)m>0prm->QXj6$r9mQauhS>ZJ zZ=_(TyM0vH?tWHH^um}Pys+73bZ75yVe3f9u871ZHC+I6Q-bx`I|6#{xM^=#F+fiJ zhTY#H-%E@bGVq;7`8$m~4?FB;It770BWf&Xf>0!Ut7|jU%(g7HCrL`l%cN&e7BFt8=(p^hg3}N2f12udl-YQI1|_J*516D~XBwiUv?s53^`>C|>;N{ft}1 z*)zd3ouz#D{^n4V6T(zRPrBCUp+F`{7cLIeB3(3PNE*T`VVA0mL8*)=os!uVrB3~V1(uoHcnv4#6Bs&V~lQy32 z=`mFCw`5H;Js5cTxwM&1vNc4C9fCd`w!s#vEp%n(2+)t#m?$FI=!J@??bh*Ajxf=kbolmKD|NQ_cFE-vxcvZ+4V zl=V+a`aA`19EH{PR2DDdUu4N4x#b6zAmz0Rl|8d?f5n>oJr?mQCy~bq$M3v(%lI{- z9a+hP{Bx6Ru`Qc6_`|8m99~+Kac9e8beGK-?bXo_$vlGAq~7$!*Q8QEGaWzGCI2g`&S9DF`s!1O|re;AMrhop;O)lh7MJmKV13UJ&l$ve|7nS$MkKDrT^WN z)PoQj{Ya2}uSbESaIUI5ennpe!9!0rNoyUUPh{Lyk%){Kp*zjs z79E!~-*?$i>DINY*GANZPuv8EBTQ!*PED%8-NWt>tvvpx4ZrgJfws)jWwtGdMH&#J zx4$GcX<1^Gic`{DTpj1{{QTbb(&y%s!ACJoR?7Z_@168|4fnt?fLmTe1V=u6*z$c`k;pwV0Q0jsS+w$U<(o#F zA}cN~sQ2AzJy(g1d20FAMP0v8e)_;BZ}gZ=@7tQh^hg=){43DSwJWPiXfv#(0_E`V zxNHQ*9AlX2KOl)3QDAA^7IUF+%#vrzS3xZ-1>?d|iF4ZZ0$z{il_lQvYHqDQgTP7~ z>&xn~ZjIfGMhcchH)K78lM3QIrI79A30V@um; z2x5AzS)GLMy+c2<&xce!9LiaW4s-@NRZsjWp@{ltx1%`$&y(G=+e)$%(f~|His6Xv zYsS0xggsgMShwXW*B?eH?P*dIyj=eaBb*$x$y!F1#DwP&P1TC46fUK}mg4$tm0dG& z=qluWDbhjDz=lI<0hI<0)g*z@t`uW7SS7Y?Q91lx)ibv{pCqs9u9T@(6p#yx@<=P; zlK#!7v;YB%Wt6)}N>g%T1G|1&zdkn4cF9#TH%1C(?XSPNut{2N2(4k6d#Yj!voLB# zeTn2YR@P6NUm@@ zjh1fL2J_Bg=zH3|+dGe*TZXDsZ!%5oyuJaWCI!0(X@a}HQE{u3iqCQL${_XMCFYJ^ zZQ#1`vHt8%82f3Q8lN#X1;Zk~U*s7`9C2+2DA>OPxtI_k44%!A()kVJwyw=tk(mtA z0*!|VeMrF#0dAttBfQD%SV1vh2YVtHQeq&eYX0$AtJ?w38-#Z{_S~>#vGCgEFoTyf zW)Z(Nt;GxtYD-AD;9c2Avu3KtAXSUe?A zaJD?VPc9{w^cnbsB5ev58pHP9=`~SyAC{Yy=ZwjlX&$Lei~Oy}(HgCnliSZcuwq(h zF;BRfvd*I8TCS_IOU}eDoGClLKLu$7RBbYOEJ<+=$_p(>w?~#X%;A*K@J1VQL~{js zsGV3}n}O6Fg{v4t`vcBdDW*5FGy&FJ4V$xj+`L@Q?_du}#w-h}B*GNsy&59(HCb(` zIuj& zUa3y$$f*rVa2w<$Su;NHXCX_4f``vysMHIaYAh0fR5CndTg#a*sW_?_uG5OyW+FKH z0q2#@na31|{}|L;A9l8DqC(GW*tYo8+EfO`$fl*kPfxJidC43%RZB=zhZH-U@H!)x z*i9sdj?@D(Tsv>qG^ggYHk*x`zOA?_EDhnfI}%C^kI8#1n`;?4eB;d6xzXg%P`|IP ztsOX*e1hMS#!T{ghmp(4XPK2+yOA!Jt+FP(y-lEczgyKm^oy42LCZ`Fl6pfo*W5xTts%#|s?u zghqSTqJjK=3kooJIj;4+eE`MhA85V5z6jcTlRzHJ8pyopD8h7!k;x*60!WQX!^6`n zFXHylnnI3$ES>UmMv}Uw=)|!e*EaiWo}GAoyu)C@yQq*w5}s+gtnIfIymc}ov*R)Nv6p3!($y@9P@wYIPm~PMj_K;`5n{g!4V@(q=Doa-R0XNw=yHJq8YAp zn*Qz~?{rFVBu+7@XDU@IRH8)>@ivXd;Y(`t1CrS4urj{dOjs=Tu2V(hK(k`lvM@x& ztZM@fB9++i5nFmoMMbMR5~?i0HD}K915FSkOA(7j6igxUd&oG|;YWroc#A}qlhTQT zjgBZ3G_^GneS1j!bJUnZlWUWbFgQeM2GQcr1AgWgKzU{FGL|g{)CgC8k0!Am{2GH>_Fi>Q z%;MD7vDfeZx(9tn4YCdHZ)UH@!q&tcaPvz6ebd{vT29nF;;hqdqXTB@3&YG+R9FV1 z@&1XI1O1}wbm}~qkmvAAz4p8!_p0x3wY0P1npqE1cNfkXd%Y;(DZaDK_3z)V3MrWC zJT+YD0TR4ahJv0Sk(dXu7e{3G0WOu(4~mIall-}kHz;Ngi5>Zr)v1aaZVUL1k5BN& z#IjkFovKkV1>`ouw*O?0``nhwBPN{CyHDi@+GKl$Qb>)w$7KoLxGE&995r{=YMRC} zF$9<8{ar`?kNbxmB4%4$3A#FP#U4rr^keUbbzklG~38MMF8lPxn=@|KH-f` zG;MQKsx1jxZ46{@9Vs8}j(Qy-p;ghGwRL$2rb|%vJoo}*!6mukKIy2lASjl0!J)Nx zbdw6$Mx0ybjp~R}uw3v{)i^`{S`27N6Hpa?qM|{t^Zf$zG22M}&xzY6YVSdHC~pel zbjR_Rz0jp|PgL8nk4hv`pW1DgtEW+X-W&3hIA3JREU4mN!P?&!W98%R2`&G8JB`XR zMXJ!?-yO`qg-y2JLJM|hI49#lfT7* z^AG@bs5D%pQ~LPz9UW#e$7)+bCWK=bcj)HRv`joGu?-WK%H9cKs9Kw3qq>0&faGyz zSAzW>EQrR*4au3Xg@&NvWF9s)Vv z?&zV~<`gH@@Bl|qK&gwXKOhesj$j!KUxg&q=~wvx9Y_#1B12@7e+;S$FuB-RKLiA zfgfm8f&YtxvfN?%JV<>zC+Ojih8HrlA#xn`I}8+p)1W^qSj8lSOF+49z+;c+zTMPuFb-E=2G z>pAJ1uZ=qN)lJJ4U0^+54$vRy+dI-H?Vil{uLbsJ)~fgW#=>UV_SG7|mYcw&seTK_ z&%^{&FmZwdLc9q3|FZU$zJs|H8?dXW{P*^#WD=UI6jEp=M z+e@c!7ZMtTMkq&xJ$K%z5H?P0Y>zZt73M75ZA`q1yx?~dp>^71dmIMUjJ&{wowlbn z$y^9V%vjye%{lf2UnRSK@VXhybys)4pE4$6oA-VhV#2Cx;O7hs=OQ%0Z=u%G-CQU% ze&Y-;6a{fUvJLO@W&mVXa@L>^z>JZP;3YPslH=~qhO7QYY6)u_o?km0!C+&iY9d2y zm7GZTWffKTYF7#|jh_?RpDn!8Ge{uIql{8eu>Tnc!8g?I!KL;NgCA(us03I0tIr4* zSEM)?Mr}qNpEP+QPssp$>4)A!_e+)%ykQ{H&M7Dgwdq zZfjD>5X~nxr3(PQiBWhKBhcJJ8O;vy zoIW9hWU}nxZE${fJ<}2_7TzFwQ}&P2`6-?<*FUSUh#5GFNlBjkq#TDdfH*U5Y-xm2 zoqx0maw7j+zG5*Mm2k<*Hlw_kF2^aMVY4W`Hi(=a#~m?Z8a42&;&)g~*CQ9iEzFV* zqb{O`m{grSOjy>+2oF0q(aJWK~@!^NLb*}7F{tLWo3Yqh40 ziplWtOWRNmKTYO_H7X20epX~vRB@mAN@07~>?a(dOBWDiViU144L#tM9B;#=EO-dq z0`AmyfyLL2I7_xU!?19(P=g`=lA|L_m<``k1jiQ*uKhs4b-cKQ;tsMOXsUj^2iPS{ zH6kftl$lgKNi^XXq|N;rUeTT5J~73>KK4~^NLSFN`B6@r_7=3ktUvde(d4uj__8fy z*Pf>Uh1ms^r~4O3hz0HVRm}xAB~K`UZKyeaDpN&eg*Z$;?J?{%eySbABPA9Wy)D@w z3$f7?U=JyPhD5TQDlQ+Fa+M9AtMW{qmFKkNA zqKrIwA4QEAieOi;G^_Kp(d?%G!x-Dj=j%2=0@n@b@A2v7?c`>*Zq4beNO7@u%f|%p zqi%;qo>wMoaKhym>6qJxDsMu%%chEU&@5)Qawq7lUJ-Ljf-@Y`7PxpyYfPU|S8bt& z`M9p_Gpxz8_Y{xn1JS7n&b|kyM50x6=;)ZJ|ixNg0G5DS)23zf4LgES_3pwuE{#V0d~p{zb;3sBhgn zEfQKpeypTy0Bh=7|NVYx3^^23KdO-Td(km|GWpGNGeKh#aaV$wZcLTMdI6P7_PM~r zq(nRBWPyWz4;7h=1hscfM8lL{q5nowjUq|?Nz#BKF+`DQ{3J0(k#M27u>RyyeT5>) zN0BuBBnd>3Orl62KS^X!B=-MJ^1sx}7)o`SDAlD1{WD1>N_9dg)v^6l-M=HTLups* zr*{9JBzXm>JG!W6%2C{qD2hF-&9U?Q9(MjA5<)Wa4>SKyB5+0tDS{F*3nk>Z_k9na zS0OlC&noHeOp=Pxx${;rD-=&|`icvRbM5X>y#aQqB3fEKyJ~t}=h~xS41_GD~Tmy5RiH{VMZo>_-Pe(1!)FdxYy%IT^qfu!ZN= zPx(-6JHURHw1oORhDl}8CMGedCA}t(Dg=kNObj+HzaCeYtU#=GJ9rT^ zoAE@88$;!?ONWcntA5vVtSPZ0<``k+$6$n)&j+_S z+k($4XaD?QK$(_XZEPFg3a;`9;k~#oub9b+V%^R^on^cic3pWI`{gR~Pfhpm|3J(4 zs1WEP^4Yp(OQFU%oC>_^%KtaPNeI4QxDgppe#CkmGOAz1yBfb#bo*iE0_TrugjoGR zlXDJmV-ApdK7Oq9Mdgr$=IG&;gD9@S!!WrQY;ziyX^#x4q@L0@1>~HeR;)Q$cX)3c762krr7O1 z-ul)efuSb9)$JpxZsB3-5?Y^9**ghFUhRke*IMt1!@^4J=-vO(vZS_qDG*}v`oT`C zNu;_AXJ2Cux$CE7_#fsPikNf6;)|xud{h0mmIL8bj+Ays2jY213J#>=(9*;#H}Fnb zXh&(LjJDPh+Pql8k9aRc(BbjNELX0)4B;#2S`R%e8`CJ9$FV*9z(3Hm9x3u5(7Xc2 z{{vl#%o{PLBQ`6pN4Sk-`K5Au!FTGuy}Qx*B=Q4|vR4sn+~<*vnDxPQmf@_&gQ%2e zm|8wk2{N`Sy7krz<`>_q8G@(^q+nn=2Pjx2PIbNN%Sx z58||W2af>=7bAwx%a3dET!dz@JG9GhlC|e6?FomDbw>bS2=AW)wOjH+dT%~FF951b zIM|qw4a&cN#t$FGsXqnnn~-U|4;#c!e~x8pyPLLT;?5HjQa}*e5yr}De+)X5P(rQZ zB377K*tVAk$0U;tUfnS}o@&2j&F$ABC0v5nq}mCnN7oQh087ePI5JRvKUlSi~#1Q8SGS04D0(G>k(~J$@>_YJ;^=HlG!-y6Iya%{7+ul+GVJ_1DiS0 zi3L|mS#w&{pTVj9B&u_6<6dW2e^U*H4`SX5-A4p}cTtA$R9)Er$vS3s?}gcJ1ZneZv`(8vaqO2HCZB*+h%)Gbw+-E; zqKhf-`1ou8*^(Xph#3~-X!A$e%e(O6-CMQQ!5EjVKkn-!bAVJf>wDl72u_uqZ# z>GC_&TQ;od7jlyp(iaX)mUa=Swd?%L)#!(Tok5J0WA@au+53NM`AVMEN3^CU_2K9p zgYW)UJl%%#0biwdjY6E=&uHsy7Qwb9U1R!^*UU{*lst&i6dfR@#q|Kj7bUB@E4eRm zcmV`0=UCrZ2T&nn>=i_pYboobRu7n3`#H(cbD)(tjHa&T+M}SUn&L z`GLmNopbbRkHlzmLPpjNcO|%p#!4k#o1HjV)ZqFJe>6*08%vCH_QcRZOKGBZ_0&U+OpObmnDizqy7QfijcgLO#a>F$czOYch9lXXZaByAh@a$IA6GF1<$d( zd1VzCE%&C@t7t=IYTG-_-@_!nYvC^oT$^@}Sz`!(C51a8`C%o1_gMVI{GFL>p9F??hJO!@ zc`He&rViek8kM^YkNxj^RMQ_)pcdn|jO7;jZi!^=Y12LFi0lcAJdD(+q2OpSDi@&C zla1kf?2iPbGv66M?b6kc(v#pS!RI&5w(5w`HW1H>>K`5zZQc6>QN~{i46nKLXas2p!P4k z=XDd$$dhtFm=_fU4&C2eCnrRNSkgWQy0Y*%*I-{ajMN7=TU;}i;UU9`3yM`yI(-oE z9~c||#_RtKv;TqDw+FY`HRlJXVkuju_dYxkcqt!TKR3w#Xb4hBwoI2B z0iDDstj znVjOA>&K}xrLc5Fo~u==`(sDLn|!VXvQn;x+2%FxC{uG3^^Yn5jj3@^U5_l= z@ig*kD%s`hz3k!%HXCsr;GLN}B>L0SqY}jX73vpnO-RW@eL+C^NF>`lz;eNB19Kr4 zXNqzG5>aYe!_!z_XraWZtJP?i%tL;6pkDfY8Lf$_%iT(oaWq0UYQHvPra~kK>C7Z$ zh2MAkm17z|PT6ukt*+(Qid+fRtg=ma)EU*83gZ518P#gyhtqKCYvN!_;xhohdbL5b zL%$*C&wI^m`(I7hX}ovBv+Ts-uktv-1-%w=kwyo6D&HRR=*@aN$+-L2ic{asTDcPM zw*0_LXQbAejYB%yyxi4nI4wKlS=4me-PCQW3*6);e63deVdsJy^(wHn^F+ge_iECUhO3B*0v`)m5?Q^nS-kBO}{;%!?~JF&z~<#vJE z1rUva`kZZ8$?&8mutE&hS79cjdw+SevqC~(BJ9HlY99nu?y>jMQAxH23C&uWFMA?JgFhE^46*FI^aGE?yxeyude%itt* zP>R+#i!FCM*`*4G_cA}f)55cZMNYI%CzLejTXDqZefQAQ%qxivFoaiM&C4}e-C+zX-#dB$qB zvFk0bwXALPU9GCq7L9e!qaIh-nqKsYmSr31 zXzEzbl4_BhWA~HCK!f_`QFPyEir{8{MoLp$Vg9(YU0#6OM|l$*g{Mjtx;+`n$$Q3Z zg)J5-m4Qz?WZ$M8X!o^64d9Z^sKI;Y1-kmRX6Ca6hYPVsp1jO?2MykRC@9wa&gagc z5wNlktJg&uIjX_)1I-r|Kj2C81FfpCqgpXAB~e3Q?%7v|sw$FinwUeQBV(*t=)&_9 zIeFjG^LjxWSlSb14>#(vRRaUGKVcXahnhP#Qo5+LH{BSm&^M1w@M!cLOjJ0fX;g2J z8&n!*aacE$Q1uHq)Q%Uqoeg5%AROFGEUd?7BnhTJykg-O&Z@j6^X9l8oDR>Q`AB*1 zt1_Y@hbDSZlF-owP=k3(_bt;yMNd%Q<1iiKm#k2ky+)#wt+S{=?ge{g$kP2ZaVt*b z+B$!PK`xv}YqW7a8)~wkp`WYqTITk%ogsv>l^O_VYbl7kyO09yA3#Xw7#Bxe&6cw9 zKXMBrd3!lAF4^bEv&X&wyti_*?<>9iF_g574)LX2`x% zvdOxIoWXH7F70)Jkd<&@Sv|QI&X2sFj!74ox1HNH4S@z`YSD(VJY^oY1}$%JK2l7# zsVimQfgF`96M7LV$Y1oSJo{>oYXxXaaoI%-Q}Cn|d|q08u<=XFI+;PtqckB+q0eCCwB&im%7@d#?OV=EAAL;G3k z%eSiyypFKS>oh!b#!Tq5mI~DBLjUEuCV{2h75-cv{;MUsD0gN3}>HI0tHto`; zT~H}PwHHrj=q;LSvj(YqJT>^nKh45ho8SwbL1BuXYNDn2HtO-L0gBCo6gT;S-u?5L zPj=Cn=7#z*{4B0*h80nhSRT3e=bkpdCib&Sf!7X|(%lM1AGT!nOgyV|B()l_Q z>MBvOKTRyTw-ZoD9D^x0@|aaLwaGL&TUr-{Y%`FIwPXuY^-O8-L61k1+nPiec_?dg z@`|fSv;^7vS7EawzWvBPC#x2z`BQ+O6?0Ef#C(2InyW2-O-S--ydFd4o{?JErzbMJ z*G-N65v!U$usvtfxZpk3QB?hHLHb8F!b!JHcdP4sHm6HKPu3QK-W8x?kqYRaol@TR zV?-T5dvvFj_s&0Jzn%9t`)+R=jo+De$cUV4qx^w})J*d+!W?OePJM?17;Bq>n16Q0 znGpVB`Gza@0crrb32NYx3x)Vql+qqVm;{O%I^G!GwX-IUQ|SE$0T2k>&w1Zi`NJ znNlX&2sW|)I{K~WdcqYr#CL6@OOgpmtd)`tIu6Mo=KcWufmU#1jea|=u372UaL4hh z>4tIF@tlDi<4Z*8_Fr)$xbmG~0q^z{%=^LuO;KuI2wCD96NaE99=7GMjc<_FJ{3Kl zZ;$kOttcHIl=fBRJ_ShPCt-dIKUluWxUO8nUnktCW<9I4ZEdW0eVZi3d?gjS?2mj^ z1I-vHESbJi)!C<%HJfrQv#sWE#9-;RFWswnjCEC4r4X*1AKczwvK-=`(k}DqlIA!f z_`Nb*ec~ajh7UQ*VoMSKMoRD4!3JN~dVtwl!EN*4&rL9>t&0XhW5EyQ4F09YbK&Vu zw%irjT<(LPbI<#Yv>xI{B35nqTcB*Zv1;xtbM*b6cGFmN#Zq))#rq1da$z;8((${p z{GHGHg+l)NspEr6cg2GmOq7nZ0zO@A8dC^Y#Ksn7I%W|Z<1Wy*e0-y`SKcG{Hvb2j zjg@-aR^Ib_YeMnw8ncaCR^84sQhJOTBgbG~5<=q55RFIU^bOGzccd|If$t999rvAU zZz4ZJ-w2L+DAGicfk=EVGuLu(UsCz?i+?icA6aUQm}b6bRZZSoY7{Cv{)9cQ^it-w zy@{P&N=({AgEfou4S(cAhx+y0Cly7`HlO2Y#TasIjtERF6odFDFR>bu13xR&q@Ux#gz;dpkFzlyCCdQ~QW}FN}SZr{xGmeJ+a>wBe>M zxWO5#b$;7_&tIzAa^&nvSs{Z>>_TyYhA$ek)n>M34#jSA<|KWKM%9~1{3e6q8o1bM zzi7JA4|-g`p}h&U$W3ul#I*bnTdwQHqrD19IZ5#Q8=AlV;{iAO?Mh#*{q0J3Gy3gH z7pwZ?N}v6QEB)|~E8XW*-ZU2L(FlUFv6oEH>sZN+bx~)#B4LYf)@VWs-VL@8KLXu= z12#G|&%vkvefj?&ors+ra-ATR)8AKEm&Gygw1gLIf^>xcUJo(rob3A8SR6Z4GK51#7aDR(ncP=66BvupRbKds@Ue?acuYx!aGg`S zrZYYl(}=4~OPZ-^<){+dn_4N-POxKK)0^|ZM5$d|s|FrbeDNMB|3XWqv;A=Vk1WD{ zT|!|OO+xqHf^VN3C#rg6YV*^f-YD@wi*?{a6oWs1nl>}ph42|m2EW= zUnI^R$~#%qRqiFY()hl)(1Zxfv3U_SRSFk8c_N-uMCFY%R_rYo8DT6tHbi6_Ugrx- zURBTAv^%(9_2Abp=2}>9(plYWgz$vIwuqo+2+7*GDJQFNMp;q4j?iG=x(j*YgNj94 zW|jv-w!jaJBMhZxsZv_aXh$zik)SllioC=(>A0@acywqg|58+I&mW0<{{xQQD-Nu4->*XTo;H>CxuV_1s_~TsONHW1L&$d0V3wMTMTXgpUom0A4)2Tkh=7qBCg=~eW3tOZT*o$C2UE1l z@!58zOLIL>(gIy@Hj4(sgb#rYaZ5F7UwzT%Ovf><1@2c1+8m9Yub%O{eIdL3+;cJ* zTn{R-CQ}({h@2ux9_ckpBhP9LnGR1?SV#rU@R*d(jRd-fQ3u&pWDA3yNVxWErr}4j zrFR>TYOZa=_u#7>mBSKy%viv50WP(A+9s!WT1?hgPb(uTDO10MiFa5Vf*nft6o(0T zO5Gkg;uI-(DHx0#aCGWB*oJbiBRBXM!dX>{_&b*Z7h0gYH54~iW$vS3L!P^}!XzwM z-UcRj(cSp_W`v>~ZK37fHzyG>%ETNzALg?9`&^`3saY?0@GQUA%dICNwjY7vi^DeoYo(OB2A!|&5`&x=TVAc3 zDyO=oIS49Fa0T^+tD6ZM;>NGpk?^_|wQo#e)-RhZ>X12)l4qFUo~GeesCVkxhch|$ zmyAjzxK1Hl#jxCG-P4MS@g#Q}S3c!ZC?<-?B74)e6dk%g_gJ+Nt|^l0YE)^4S+ODa zh}WYUL#oEuF@bO9Cxokjk{*6>;$`*8bROCLnr?Nw%RPsfgl3u%k8wIRO>Y1 zM^??K+YZS1`1=h;c{ognNC?@Dx-|JlSEx@bl0g0kdv6&O*S3X=;_fu=?(PJ4r-4R; zdlMWI2=3CjySqzp3+^O%a0n1AxCh&}_c{BVs#mYxty}l~cy+7Z_|dCsbg$WC&9&xS zbByuLZx~aewG1*+4LXW0*v`s&RhdSCPDiiGVptl2i}88i@Ej~?KJ{C#88v(_hJQS` z5{z6k+PdN&UP~-2%>YT0U|za94jrevwXTCd>_TbhGZ9x0@;)llR!Z6yh(K@HnqeIq z!Hoz1Ka1z-nQx^ox;8_(E-q9^Xh*E9dQO$4{sIgjWI|LdTeF;Co0@wr|DiG0d`-tIdN>Iho( zO^_;i(|`q^20261E7S9v>Nwh{Eo?tfcK!lKQQ>H~{lPl(cFiW)FQ0cRW%3gCCA}5| zNF_bh|4ZlowE0&?u6_%qN+C!g%$6KRHqtlq=z=u2Gt5Y<>g3J~9nif)~Q89}e zZ+Q9RI^Li_1xmnndPA8311Xc1RoW;?iKRZ`L>sxOyoIw$_Y?3d1bhn$WQ`bCG03qQ z`#OcT?bF@g%e@0`${mmk^=|nKCi~an5<#Z_Si&whU{6Iw!+%)py3R;l1yYH?Our=1 z(LbzK$3h7!pji#?E#0H_7mPqpeiG_?2XvVRH06$m2o4bq)3t^C%1-ztawE^EqKV9r z&|!UV19G`@f{w;D6A{Fh9Proyq?QW&+JRwP;G2+y0zA0Ht%he=-7Uy9V> zJtwtAwCx8t3}wl+>RxrRuZ(a9-^9NI+~jnjyN-@!q&Ay>gWW_4*~pfkDFXQPeG8e{ zeB7Dc^ilomP9jMpSRjvvk0Srd)YP=MYkg02X4TLFm3`(YNk|RApOs6deVhb&p`?&z1b$9LI80} zqD-pCIcS4+lG4dxHcj6ZKGCeB&DtjU3CG^Vs9ryt$c8v8;_(dMOeq{&V^_m3GUD$m zonm~E$2LN?P-o#7sW6RVt|`V#4U_k#~T826Bg^S30iQ5|JLEvp-@ zv<*^_9b#z8zro`E<;V`42N1XH#Z0y;{4uTEV*3H0jdZUTlrt_tv$PP*(Q`vrRndmb zD1&r(>v#V1I@xS_vUo@uD?^sI(5Z)nk==)MW>HVmpI+OOASLqB_N}3n)k35&H6Tg1M8rO~+qbva=*eLy$|L z0oNQU0-$=+(bty3DZDf6%f!^D;vPQt!V400r5D9xrRFIcyJ9#~KxJhqLMbSBPM;8W zmMdntW2>X-5K?i5KbPSqU&FWztW zZTQLCcHwyQlw^==y2#RiurC^4S6L^Cc-$B_ld{a}6*4D@}sCqx8 z?^YK3-6p2AsLQ6J{046q=LWK9k+yqm8MF_LzTHybu6)5nVyptKzFQjU+2tUQ4mw$g z`)C{2g2{%ec3O+d-h*^MB~VQN}- zSnJ|gD-KC~UpI`H&cV@K0 z%XN3>gp1H3psXamC-uqVi9&oRkFs(G}#% z!_&gXvRQF1r2@iuIviZu#?$I7N+5Q*+I1FAh8XGL*nVh96Hi)Gljh$w;|Qv%DfTV% z@9VSCWF`Ta&v9>B1OLqIy1He@`6$$HwQN(&<7ZN zjZ7357J%k=_xXCA;=XvYX|I5ZeUU%9rt?+&JUf}&?1BZL_f8hWj}ro9G2-OB*b2Ye z_0s3|m}ljIjZI~Yy{#3-vQ{c_LVkx4o_PY00;$;ddE~B`kbfLSU*7zeJv(&jL6SY?W0l3}=+Vm5xk}~BvNNs45=-$_h@CB3!b&ed zNSR;hi3|lD%i9KCyccLlG?Kb*7=NR6&t#+F3*K0!bt(vbxqF!i zil0{3+@WIb^Ty^?oP!l*%<fHSGZ$saTQNo_47>MGU6m;r@QJ4p)Zr{`gZ>#?7; z5XInnNa1twWVlY2k7Y65LTcfag2B1!$q43pUgBl(3m|tre8k4=cxcg0H{d`dUpsi2 zlm-lB0V-F%i#un!k+EaMR~R`fJv`n(CE203Cg)KeH!nTdFg|T|SnVCgMlL7#Q)Hpi zIOS)_+dq((oc9Y4PS=0-w717x!&^lgEmgi>LFDJ_FDoVpzcc7cClE`gfZw{>3oey8 z;YVv*Z0G1NJlY>Mp&9=I=XU#gkz9pud2180R|(;ElnOd#yT#i#KHG>AWZp;lqc%?Z z3E168Bkc;|L0k}ji&N~FD5&juR*jy%d$Z)^x#v@+yDCrmngyo23^8Y!oNl<Mcp^4@0Bs9X!}lltlV z(HkoV3rF!$l2LEagcO(FxYo1~oK8BNqBoINig0YGTmGO{A>*2MjX*qG--_QJ6sg88W%-;OQd*hnKpA@42!GZ@jMJC~<7>V>{$_IFnu~fFnoOQcXRrm68VzfwqMwxy=K_Gl zBmcVPhkko?du3261PjmXZy2`2*-mB4vJj*~I(BS75SD(-%9Gj|QMQ;N^{C<3`@fuQtFAx&7m4l-RL{@~#4pMHl~_rTEXekpnGunFTv7rux43?g z1O0hM9!CF2$%E~0FX#UrpdbE@dHX{V)&hUKfd6#;zRy2)UyF174Igj)^oR0aPpHw~ zF5qt{e7x@O;Q1XC=e_)Q@cjRvh6c8}@}oKt#@ru9j)8F}!52n3VK%J?F*y<)=K+s> zRZwTd)cIi#We@ANszV-U)fHSv8|w2FaKD@@5y!Kko+l90LK;uG#5PB^pZdI81=NS_ z(|w}zS(WgBm8H3mY%_h?mvQ07nNChuF08(gI6^!aQoWL?bG`njli+oIN;p!FC|b$4 znKZmxQna=}WWSCel|M>atJN_KKke;#mGNfwoS$B>=7h17*QlLrI4MtkXe&3*X(s@J z!tJ5|UlHN5K(3`!S8G(*%3K(ha0UJxV*+KpVuqs~iZjgA0Ah~KP<-D;j0OZ1x##J= zRkp6iG!!RAWwL-L-4;GpZpGNbDFL|SuSO+yoW!~1N~p0ZzNfPM&;>j6WMVbfaAHKH z1u+_7F^$TPay0&`qZ9u5&&}R~o14m%FC)!|SMi8KBMRLj#2=G5M-cqdJMHO}=5fD- zYkJu|sEc(%uI+@7n@E@f%G_o~*?TVj6*pit(6yZRLuY5chtFY8xH_zywG|%$F%ffd zGXr?le>e0Eqe}W+k<2b_wU*X#SS^{9HzV=K?)fIu%TX@BFYdVI=uj?*X+Eq)(aA|d zzNjlIO%gIi^nV`EON2*}4tA|^ch|E|MyY@^M}+cD>U%PVC8{fm4xf@!o-lih>{G~U z&TW%PlBJKa$f0_;l)iOYN*>mQQjEgqJY78=cZ?6+1#<){j52}ffK|ebRTiofKCfdK z4ekv5Jps1}8@!We8ZUYlLjw1QbqMUEJp@DC`=+Z=4pVGwn;@NLdRj;GMyuiCDtL0og8HC=NLiArj+6nCA>5Wf1$L3bqY zbre=lK5yEH8ixm4%&?BtNrPC2qGD=^YIbN6(rCT8&QqfEC`G7I`?mk*>T>j4m z1U-yV&%~y?x|NA5n`+=@+tG1NW+_$HeR_WFCKpN&7Nc5Mzf*b~DgotZ?P(6Hj4fEA zVR%UWt-^1hx8JEEWt6k6BYwpswlk_$Cm1Y(tF^_*aH@|R`>f(ytcq*2zO6Iz{d^-6 ztPuV|Mlm~t$2%wxcTcVcGkYadsX_5=wh|8i@PYs-#k$KS$kwGA&}#;l@Ww zOedz9HNhd4mfaZy0rt(G@SG__!bj)1pwGL{i!NG`wpjAQN@p8%v8h7>J%(Sfl!YD2 zT@-)q{QCD~xwT1(wC7y4B&f}vZHKEsf+`^y<}cnP$iw+~Hp+m;R$WIx@h%$a#C7UU zCLdmuQuFQ*C#`gel>mvS)P+K+=t1uGx?Yw&$!ypiB{Lv{rduL8Ah8VlGCl2d9UUxG zulsBrfREW6v)HQR+Pw8x$dGjS7Av^sP7Om%K^NJF8cs8eSfmfA1QBbcr-MUk%TUXA z8OuOqc`h3AQ6p>!9Gcdn-jYAc3Bp{X(Q@?(;GPNAk#eFhaQIR3IBitR;HNpslAXJK z7FVi7c5QxOg32<{l#9c6qLM!w+Z3TmByF*Y%*>itMtKQOS2muY5iE41&vI}m1j&$S zI94ccj8f|^zwUXR&h>u#k_?yB=OsF=ACY1ua88l9qe(hZDqy#87-^>a6Sa@sktcK#UwKf(`VpzWWxwMCH?fLFhqM7~eNYNa-8K(D8 z5i44DEw#|@M9Kp)M|wkXc3w1IX?UBb4b4d-4Ak*NmH+hHw&m&l8G+Vd;6zt4XqIDH zb|Q2~mZ}Ejp@lSstd8bZJLv_u*_woLYle?5QcKs>dusIZM*o6g{#irtuIA%X zm|(Cj^Fc@!Sbmz`+d&u7uQsKjqCdFDi1#-Nv-+|$J9Le}E1?);BRe@GZA_+_tsL2w z1*4gFRX_`Rt_=#I)GW;p>q)}-C5H)qTKoi##w`zrauO#Z27uB9fI(>6V1m%tiIYhh z64d55dZZo9DeOm=)500f()CNlvMBj@{@0aMB7$|8J~QBF_Uq_E$Fl@{32A|ZcP5zJ zhVclqjJ`J8@HoQg3J1TF$KJU0J+ivR7>FfKcgq5^F`n;t(@|KF7zl!r^!ns2^3U?2 z-N`hnlAq@*!7(n#`mEaf>eHpCGgi){&C>((jgqIm(FX!N-n-Y?7-l6IPx?=3#yM!B zs+O$NH5?SoQe=hpuag|x#ftCfeoD#kp9flP%&`A3kw%RVDUQJXJd$*=Q9U8FX@cwNR(xqCXI2rB zW){1uvFm69rmCgSiN=k`Xrs6~-9|~{Aka%sGfoRrWhrBAsgAHGK1e*{eXnjA@)JY2 zkIh-fU0(9U=@LpV9>?h9Q{-s6xx?dMWKjfhP*_P8tg5a@<4_Uw`T(BMK3wk5sG)4`Yf`l!j!C zj=*+cfBqyI|1dUVQ0I_0rfBg+(Z%$JodJp$58J@Y4PlQ$d3TpDz$c}xUYh&56V64i z1w$|UMPtqA{j@j`mzN^hb=&4vn{{fYOA@YzkdT$O+O0U#BVMrB{16fCPXq@ojNKRY<7FM|}trd7RIGqEXK17>v-0m$#-?XJn>YRKby zZ+gub^iIzIG;pk46V%nz|Ia|XBs9KDqQpK1XsGqJmc2FYyfuNY6tRFF1Im*^9OZG- zv5 zUQ047WCNkZvay4i&R{5xsq#qaVMzT8y={ug%T!P$)2#bb3DQn3c}v%vtME@p<3!1l z4!qoQJgASHqIn=$id#-FTZybDwqP%#9d5XdzW2ge8yLP6Go+|T=01}HMk|l!e@ZR?{m+&Nf zL*cPsTWSkpw28&;;(;mt)5xsD8^*FnU<<9<3mDEit~CYQn77lF1S*f<0GI)^KLC^p zgDrpSug-Oy^pNUAwr!IMFLZRS0+wtaNJyUKaO6>@Ef=8lVJ&UNnMH#-px3JyXATWE z6=)4BG9CC0AupiYRm*MwT{DpUYT0Dp`sMv9?QX^aS`rlbHv=<pmX; z`#ff`glsW*t3@bk!fu90*k22pX!6$usL1$jUU=8KDV*&#xx)7_Lw8vUzb9oesNCin z6>rTzu8{MxvXiH#feY<<7{_%_rR#bweySF#g71lWO^NA17i4P_aT$CXEcaz11NWHZ z0KS{NOQkI-=SsDPl7ZlkuiRTQui*th$_tUWP()*Py2Kc51h`EF5G~{N&Fp4Ba5emA zg#RDo^m%=Uk_T|(!2Zo1fC7sE4+{ei3kxL=z=eU91k=K?fbs+s4O})+b4$&cyZ*ca zCKmQL{zD4@D@g;5LKP)y1@YLkjvA1IV}P=`eIHg{^qU?Vq_0dvcYBdXe6S(6R0Ky7 zY_op)g^vx&SEebuy-XuMnvmN9f@2A`c|ZNq#|HH))9&3~uMwXM$lW%@F4e){!~ z4JKEn&%3=3Bfb}qhi!t3KDKQ?{l3Qr|NjlO{)kTlpXMPrv%HLHEkEX15or z=7QXs5ghfg&H3pUKQ_o;na1q)68){dHzPRhV_WspZ+>jBxiX#F?adhR{lBWsuS^Ga zdqYQjks=Pl&(yhc6+Txe8wPm2?W0> z*_OrhYrPu`u1s5Zdq0f${D9mw5d1b}Tkg@X^KLNum-_dJ?+?gB1HpwU+g6W$uXlsb zmFeAX@Bg!!2y)LwaB9l7(xczx-C%iTI ze~aT|4QW?IU~{jjlx4ia2uHe;tvlGDb$jKlD#_in!et}YXYN|Zy+~F|em0@zb6U>O zYs6FuYu=h=Vs@vM;%GF$apdN0r1Ve$_Uk=7D_^<%6Y~osh7vSFr#D(y2^XD&I{S=J zn~BIgO!ecmFvw2!ReTbfYmOL!5R+wU@4j!&dFwBtN0cSy3xyQS5yOraxlDTpnhI8+ z&&UJBQfXOuD_GiRkMyq8w$I7R21ELR5>2Y?Mm4(4b#iIjY45xr2*iVF!=(d0xtAf2 zf~b>Ho;F)|zMag{kH@1)g^s`4(T7c!$H^Jb7171WnA;tBU+pw+Ygm-=*qhJKi$z=% zKBFVlqioLLc6^MH9qf=?j#xsiTuQVjntm;_q3g;p{`{y#y}VkKteUFf)U#W2*eXnd zsNnqJ4mK^Mya&@%Q>w6rg~#q`uDz{7ANB)NeI)v=QJkj~$#8QJxBllR4BFU9;O5j; ztJRdk&bC6A+ij(lLxC_}o}K5)_Ic{f`RBJ5r_(CEITQZ+X^=1*#wTXs;3CV| zUp_&{Hob3imKCs@sSu4bRl}E-H8d_FX6ZQ1-wIpn=6ej{AG`9$^Xy4N+d+T+OMzs%h02JWEIlQmkIjv#hak>Q%+1_6&IaSna#FA zjvgG^H|<$;+&jO2nR1GniKjcET{KH$7$)ktH6kLWrkyl7WzelARh7k1#Ep9|!E{&R z;&dOzgRi2Rr(9$)7=^C4mq(lSu9A%E1Jt@t_uH=8N)G;=Dq9d*1pn{RuVAPNbFR-* z|Nhd`SmOGzU^%b1eUk{gr;q8b!abWROIXjwVLZ&DP_6?khq+vp@q zvtGN}DYN{Hdv7eUh9(b1D!(63WPi}|zz7R8zONxdaPTF*9M(>$4fA)Vvaphy-sL86 z4!L|^R?I|fANq|ukrc>WQ)O+EclJ2&{AAEyE-JZvVvSna|a*TWryA~9doCd~T zu1ui9DgSARvi9?~DCDC-oi91{>ueK7(A)6YXk>`>R@w~VQF<30ue;9-B1vEw@+`Y}5CA_k?l^5?wr^+G?2u{#{ zE1KWUC0=}hCq*Z!`RrabXgK^$we4G04dxRjCaGe6cRg@T+Lxxf{7+j!e6CZd?%e~sy8tLa?pDdr-X48)Xbkl2UwgDmrnUk@L`Wl$i3PG^w zi2tBL+&}n;b5KTbHC}Hf!5gcL-z}%N6F9=SUv2F*xdD;dI zDjbYZ5P1;a5uevRdPKA1BWBFeCtF!h7NW!Svyl~?0vS@AJ}Co=R*IRPN+DIWgJBDQ z!3gPiu{-LQE*Zuo;bb0PE?#e>^^3<&l5yMF1zoG7{{i*3sMf62pJe@#Mv0`EWVUXw zkcz|wp8S#}q)Rbx5Nz7_#z0v?D7A`21*d*U7R`(QYD3T$^-Jj<34fU-IXTH~nAKqV z=ct!4^_;n~FQVS39s*c6VK^xC->RtGhO3M7x}?yn3X4;w>?sMGRuD_9IG#a(L_u9m zQM;H7FPM5N^h)+G7_kn0U(>kVMnjr@$KiUpNig>DUofEJYD$&4%M;hE70PZt*yzt$ zSq;k7DF|QBNlct|lPhIm@)PH{(%7kbuy2de7j4)KhtI3Cnaezz6N-u~Q?3>R}++RMJ1w1YOL zMR8v;`iGQblV69e`J<$@e*Jv+Uoa(j&G6|WT7&Ho=X{cgk#{Prg-FR2xL*Fgk=c$7 z#G8Eh#OAk91AF^YyOjHz9z`L<4(M@Hxnr+vt-6~!PDL9)CT^c_1`gf&Q0gldpH6B~ z8L{+=&urtv>t8~OoCQ6#F&g`xw4WnFOH}*S{K^1rxaO_6_KaygM*#TK_ zhYJCSd!H9RYKJJ0l@f*JF_&6|At0;hH0n!MTKv)(PfJZEt$8<^7&g$G#pleukj0z5 z0cRyku_V#bg=pu+7PSbXVfhiT!loAK}byK%*2|}fI5G?YF{nR z9b1$F30IfvNiHT&i^Iut2a%TdlVy9zlH0^hwF|767nNCQ_xb4ku%q#);~&K#BQQqu zu(cdz<^c2;+(l>W8N)IR(FQ%IBns1MV(!jC*xuD}r_*+skpNd#MDFlr-lhKvs49(} z_@E70U83>8APhJflKrHqT3#O?FJUE?gTFOc1kn@X(B>QD^6Ua*4|B^^cOZJvqGt|G z)=7K9r=~K_%bn{cuylZ@<#68}v0}84Hd{8fB&3yUX(@}5rP!i!gZIBkttk;s)XuXs zTdT>q&LK2n#f19lULlxBux7%p65o744J-dBz*@KyY|Ec6MA{9aCTRY|WBXXwm<>Z< z^Z=Fv@+lbL)xxEO?9z;X``)XOMkhx5pjsZ%r`;Ns^t1#4~>1`|b5;_`G7=FvP0L$GBiY z=d`t?-q1mpJ0sy?*ay?!B(}#Y=-S47<=TOXX6TvZP77Y8p8uxE%}6{|$1RM^=8__` z;0cUML&+Ig;o<+--R_3zom*|D&snH~9zwjSFxb!x(_5P{>R_KEfhglXG#M>11IJ+k zH;}E<8R4$QUN&AH1JJOfEE+9Gyc|c^ahZ~)95ev@2svc0WTr#_rn~UqT~*CX-rvLA zG^mzXrQ1dM-W45~{=lfaeT@!7rb8y&m z{sswu$VSX^`X!J+$vcK7MEkJ~gp6kpvNj+0$vl?g958;=ktHmDsCJ^Dt%9XPUZs+( z798s)K$X!FfoeJgi24g=0flB%)J}lK5p@^&W7a^ePCH3pHz};tj^VeT#ZW>GHR?#> zYn!s2goh-Y}&!z_J9_SsJ#xX$9O?P~*0DN;g0yZ=&e8lx1+Qx|km4%X|2R zFhe3RLNjK~(VGU}J`AtY;l`LS+pNZ$JZ+&xH8~uDR9or{K1=9=dOGo^)t*uYk%)iW z`Cjii@_Ew;9G=ZyF`>_(>=AU&8K@9`f{wduf$qpMbX69YB-84SVc1+oYfQ%%aJoDH zvQMsW-yDk{GHgcm7C*TAZ<+cu4Wol&T)-BvSk~=39*D+kJ(0qwmi51VXoa>i2Qc1d z30QpJW{vy=$Nt{7ZFB1g6r7T}Q!rGDnR^H*JIj7LxY7A@YmzO)G}>PU67duw`x>Q2 zGf`4`Uc(=z86N#|&*3^}8(0|Mu!js{)Kn@}J3^pSk}83*QjkxA~ zdI6ucgo?qJ&U$O3BhP}-iPljiKU`Pc(!<0Pm&=N#G|PW?Re0LKvkU;;mnJFTkQ2UC ztrGh!C%#E4aER!Ru!OAjsAXo(kMl4GC*$Vrmc$Gh>$3BOOVtv)@)_6AbW`V)wz4vJ zleq~4NPqG@19u|9?6#HCwbe55E>6cvJ2SzR3Vza}pl_AgVc^a+MvL0|jM~eg z)Mk#?($lC?iUrS4=}F6m#V;JJhQbr=GFkY6d$L7C-m_;|@KF8tt~7X9EZxDKq=LN? zmUa0g1^>FDRgGRrwQ~VZ)*5Cw?JMhy5u+(5=-OzK?t?OeSHr05O8!rwvzL1e#-hNn zyNs8G>kr}-c@WM$!UzK)eAQLdUtJ}$mb_~N{5pWiKlNBv`poY!j>V6|@jcM-UdC9J z7@@T~q)PkqP6S;cS|KJ}+Ofo{0a&jeZeigEGF0qm`;oMuR921;YxA7n@TFLL3|!|k zU+ehXiBK)$zO+xoJ~>G%kM8CYu}gq)x>k;ug1pL6opI6g*3hkcWp?2+RAAV3zedIx z!!$PGhxXau5ctA0jxHYa{=}FT(brAtt}vBN)s-snpPm)Cyto(F*AFSxMzSD&4c9D6ovFbT^Cx<@RNmx5WZ zHm~%CT{8J+7adT%ppoq0{#Zt@a*RkguSnvFcauQrD!7BbLxs{({G&%^(RNfKWClun zOix<;`4@YucoS!S7cCmb^>HDd3h$rewxrY3SXMT-+4QuI)6NH@fU=n67aQXIOq)~5 z?^0Wvg1p3?>Azl-&vZNlVv?K#ze}BmAz0eyOb#Wv4$(+PVXbVU+j1D9ppGngef=J^ zW9~1=YYZ|N?|z$AkI|Km?d4Ek$XoUV+fRyA4<|sK zCE6jn(ixv0Cyks=l^BH%0o)`~OSP&gK6edER!Q?#S2KxT#Z9JCEjHv!mWo9$^hmJ- zkoiehdp`mRg@@U)%L5jmy4rT6#-nyFo z1;diC%NI5%QFku@t6_%lh7^df93(OLO$Y6%eP_?`#(oJ#B@rMNA4s!Pb<4~km2Cf zqKtp#g&+`-m+%qo*nNnk7|7`;GK)m$;U+(5AY~UN$3UCr4B5C{&E@4kp7NKTl(Dr@ z3;Ypc6hCOh@F$X`5dDXgb0FN=`)=8jplotUA6|H=MhQ%-D-YJwjiWb2sJW{#q||8E z#JY9S9FE;W#CbcEVbd_LI%E0)NAx^b(%19oD2^bj9`l+6VHv1OHZ|2)UH1 zcF`GtCz#*R0?V6KcWviZ9Smi)GgFAVu7%dyg@=zc@K=u^afrUp_EkcRw>3tKv7j+G z<>Z>xS;%l5%TtM2#{Ny}g1^#le`7GiQql#d*=vs()QCD!EC^!5eWDjGGgvelXIQrn z$jR(=ANSZX6R%X&na_yLzcW!TdRgm%qkTz4lXJ699>tI5hP9Lo@~2Ie0@bN zP_#^?;~0mk5ZkaOI?L0k_HJQc_fl>tkl20Yp`T*E+-0a04NiTbF*SP9MLhE#qb0;N z1K1>!apr82NaBPDqCCpnGCXUJMl}X>YQIzpIzKPVMW*g&^SkqR3ih|kw2O~%?O1&B zt`5<|o1SD!U8>l)Aur%O;WmzV;cfpwo|jdmeBDVAAv}8t+3dUiq*o>`c1$F^Mkbg23Lk2)(y_vfG97;1S_^O@_5S3e z|8F{qpbOyrgcmTUryNfk`S7MhV&{5IvzK8P9Oi2{zJBW{z=8;XX{W zrr0uPM3c1d;*=sDW6g!kr-)~AMsPoTv^M`f%)e3*`zUc!;C_1?S2?J&sFT%do9kCM z!ngb7VDn?4c~Y}LAYh_Y=epKM zD*Q6$p_cl_OdxJ3_)iI5j5Xn@cnfaXC?uco=>ii1ZXOc8Qy6Jlc zg5;Scjyha`DBGKtxw2wdAr2xBf9Ll&$oHCp&xUti_SZTBj0c`GfG{`2?-Hrhw1m@0 zHGp`Wy1}AVK7Q_!e1#=3yMc$?=Zs3rWg|i0gpg4dC$c32hjLU^*a%J-dQLzp-%U`- z_G)G5qs_Re?Jp(gLjO(7+b`hv#U_>RY>pQzzr^Vtag2Q)AO3;?|6pD!W$}w+nG!aS zWDV&!5nFyo2jkEhoqsiF?8`>(J(_cbN)N4h*VV8UcXd}Ng*Sevp<)2tHK45gU6Nk` zpW0Z%*9~t+Cq>8n>V-oC_P(qnA``jLaiiaY-@(*jLs(dNUg1T*O2eAotsJN{#bQShB}iKAB$Oa?_#ea%CWGn^U!)!A&3 z@~;&AJK0MxiyTU+L$_ z@)0_8573;C&FNPCWj@-&r*i=ogHO_PH!x4RoYaP6 zi}kwzF~6iZGfJw;8O-dU_duf)a}ZylVc|n-nO5jmUoA(sl@x9MM56;wh{Oq-qgr{a z`d~ozY;rewn4{Bzu&4mda%~Hz~0s~8-;qvws>Rjp#av8>R^$<CWNn3)<`=bz z$pNSZKdKIdyB*gy_4@tRIa>0brZO9wq&i zR)2Q-cH4H{WiOUa>djd^m(quIr1320KJ?Y8_u8ma*O4N^sO)Q3yxMl(b4T_0NxU3e zcN{ho!{PWcsff|S;ilNxJ+H34kq*76QmT4=oBsSmrTIwup}q@eS@?JT#Oz8;?dX|j zgO!^`i1cU$%+b;scd|IterLJfx!>C|FhH=U}$7}wVirQ5fqO3fz1 zr^eF0uMD*L&8bB+b2X_B`@r=*oBD=JvF7xMpX0_CngrUsD>!I7?8S?(-{c=%=BTqg zg22_WVsP(JAy%}34gKy!7B*iUGck|HnDRJghd39ERT2EO!l(l8_z`dj;cX6G9s!m( zDDW4ftb;nA2m(h|ChTyMYPH(cJS#1{kj7!UQ0o@5Ve^e!%~I>7~kyJDvF)7E*<%#?_-A&cTm_e3~9A^0YEG20sXRAJcjJ3-b{$N(VpM z(}@gJdqaXFuELD*f>^xD;W2qW!D@HwOSbD@l83Jtx>S<%);dy*7B|ZBYWOO|aqSNe z#8MmIo7>^4BG^Wb5Qo9RyrC9&G&Ro2V*w*57o8c6mW8OP!Ip=?bJ>{Rzy=ecl0PFI zU|^)Iff!Q*026#~rdFHM9R4AAD*MUg_lyPv(<_~)#r4W}*}ySUw0(L2aV32jHJ9Rt5<42fbTh|=GWS62E4 zhGizSD`>K3Q}6F9VtXylz?#dMYaw~ia0&2?mgdNv_^ z$1-X^8X3#*GQx9%Qm*FRizRi$b*|+V!731lfI#+@pg#o)fyvKI^J-xoI|fP_6|}V% z{xSV%y$LG?BB$7nMn?8G${xhy4=;}sS@d@z9>PLK>-LX0KFB2WG1m%4f_=<`ILRgye>l~plX@Sgh}Q}>*pN>GXo_J}I<=E99)z`H5B*K4bXzfC z6A%f>MU5@LU;|!qPrB&Ltrm8p**H|#tuHW))HC0%cKa>Nht-p6bTFJ zYU?In7^~9=JtPqap;iDt(tVnDUJbTZG^>0!Bx{Q^C?8s%?7z-q_+|5DF3Q%~mTzN+u9Xnyg`iMLLZ#&M^9dM2GKn+vCV zBqCfEWdYT&<=o@#v2TZE?f|OOFXmZ`ctRg>eWi9xuG(H=?QLUd^<4>z{(@1_BR&>d zQBvSrcTl>~+zO^O{f_DlICOJo)+aA>s^3@fHh5VuAGty^v{~7iOseOR)~tH)m8`Zc zL;BtJD{@C@oTmF#d(afV&|jF5iqE4;6#;ql(k~G4y8%O!W^%2Uf6ecluGhyVlCavW z1-vhln$|?V!1)&Hk11PCRY$F|5z{U|*2?2|1Eqhd&S8|@vM9})Gk9ZPq#2tJuGhJi z?oMqQpPv7i__9{fG9Mk{{4-;x-x>hT2$0tCbGs)fj6XUA%zBEuaWNt{5d;?EAq>ZU z`8Zg<%qr6tj*&&q^-xEUQ&J~_O?$gc7E35=L}cBUT~zMNTL!A_>ed`}tYdxu@|OB8 zg+IizMzyPo!aj`n0~Yd@Pem2JpFcgkVZY5|#el*d6>zw)lTzp5#jWJsT7rxM4*#Bf z1&N)W$74aY4SWr0r|@8y@w?;_M!V%(B*p1xiWvjKS=@X)RR%aKXz87oZ<63$1*Yc} z9pyk zXC}xw?YCY=yK(J9m=f_cbmabc=u5f%4v&zC`(DJKa1!^|rr|Q(E|*!)N}5$5 z_BQK?K}n8OfOUYRL3)pOTD7I{`w>ee_?%Zs$^NT7>fxI7aeY5J_s>H1^_Il}MT8t_ z6l$a$C#ZOZL+qI8Wy)L+v!Pnn{)6*8_LP`<2 z*o$0Q#4KHwe6)^h41Np_$mt!7T_kV{X~kG92QeASdN0NA)2cIB^O55P z88gvO+|t$clZdV@W?EEk5pWbQW35V`X6n(Uez``xH3F&GSt#kvL!NrVhfAx5zdDF2fm?``s*#?MF({<<9UM2cG;6AJ8O}ZKlyo2?mBkY8QaR`Y>%J zeSmd$gbufUDe+Ld9M-R`=KPrDW^dS_rjD$^XE+_QBl;K2rsCN&`Vwp5l_7lT2B>fw zBoMQcc%VR@4|0@8yG6wU<^P~B8-j1;PDK*QTo73n^qG;ks&|CQC3gdnNP=`+D?@}) zOq)~y)2$<1YmwB3Lms!Pi5!niO-76!<&lg@OLg%_)^5e|_Lp#Q$%k=&!Ps!wAIi;} z2z2mO=Gl0nU=J{txwkvF#Lg9`MoW@)ISiR6AVto?y`Pl%-IWW=N3(#&h#16B#hxH4 zy-Mx+yn+#zjoG532B0ZxTH>UrMn)KXP95i+aiudqL0RB@&8@n?iOILqJyr$aPwYlK z!stS*4&RUykQ%{aMkDe`pHm?sLLppt3WoB9J)o-_3b0N3nc7Fm&jd^7s~rz?TO~}# zlaLS#9Kk*9uQx)qT6p9Wi-HJE?{lzw8Ex!lV{ojBtZKyC#&YZ2O@_Xza7&}&i^mwm zsqh5_pk)=ciV+bGEKhrB<&MA&Yl+5>#e`&V4SXU=lIpA;#c~8$b`d6Bp*6Q5IDLEp z4mtED9`suAcPXsRU16!|4wxLNr)k5L{SW58Jdmoj`~R4yC}ScK$IJ~Gij0{KnTJF& z&kmBILgq2TF^42`=IN*uAu^OQ562iPGNsHzzh@ua_r3SNdB5*<|M@w)(>l*y&u6b^ zJ?mNPnfBfZ<1e^OJvqGRuh3kr?Puar_0!DbIu|=`V1GRncDG+zeyHkf<~KCH`1@lx zrb314ohR@fw2m`}OTX;u3ecvB2nw~ivmsS7x-!p`U2f0f!nP#CN983%UK?I8{-sJ% zkSp#~p>2bmHtxgYL~S-5#Y|^4Eq9UwFTC{z1<$T^8W1_;u6(nF8A?bj7tAZ@dbL^hD-8M3Opj#YikQ=#WTxND@U3c?)F4g(hf4Z=G;Zs z#f{zPJ8L|Ve^lM*bJDfGr@5rWqB6OjQoA22+}-j{Pa8(OE)PG=;HWypo%W*oTu?49 zir(=(mpr`432{1sC&B85tqvgq{^fF_o1D0o0RLSI&N1^71`Pc)WU6dB7Ww){)I)M4 zDJM_l+9^h;&EK;U#Qh%kp2vah)~RZ>RF%3pbnki`LowlOeui*B+2@i}T<(W$FQZ>b z#jLp&kE7!BIPIxisI(QA6SN+PEdGGGgMV%c$AvC0sSmrRSzglhFeQ3f!pf2R?1l3L zO2UD@iouL{=`yN=u`Zu9^`1yNVVoij(S(7Kfo--noI|~V@<^ND^G8l30tU8E>L0mw ze$JbAk*NRJTh>uC!Cp2N6+7Rt8+?{3EQEaT``Gfi;};fcZZMFsh>0*iOYU_S|D22y zG8etuCoXg%y_o!z-S&F3ZiIYLTgmC;%t_j@XETWvYrZOal!R1%OyT?R{bN53x71?D zmb}?(|Ft@|-?TQEF8zS55o`^*9-H#p$cn2h%1S;#hc}rUeQAER;oCZLh{eXQp+Tih)f9m(D@ZL#Dev?&q@Q|eaZv&D~+&c2R<^izfqm79h zaV>eJib}Joqbv{QPn;ZQSH zT%SEhA(VCgx%8-alKI2dksWWE51A;uCMVMCmz^#ylSAUi=i8Jw#@l$=E^n3Qn;*H! zRd-o#uTm>%d&!q#fmi#jXVeQqr>wE+yEo@)`>M`tsNUUFV4SS{HhNQBhhJh|p5qmj zj!=J%6gP<^d0(v+@j~Ub$sWq^@_Dz|kf|TAb^p9iQ&XQlz5ay#dmW1X16z2HfW5xB zFgzFxcB~B^hs1#G`CyZC{n|Lj4i1q&V8vA!6atPy*3Y0Zju_;N1@sUH<_B!s9y+;= za76upr6SQ7-&Hh98}J!{S0##Kkg0ZenIVP>46??ljRS)QS)kAOZVkE{!3mKaNc12I z!IJ8`4YGS+kQgL-s0LWoz6_hU;PqJKAFxeiHi`-X7lSeZR;OV&*!=YawukOA29SbvbqYT1f5s|NYg-O2w8Lix-te?j{E`J-528f8UkL=G0b1The2jnp%Cm) zo*g856y3&=@$(wi!zcuL0SNE|wlKbpT&P0%Vv&cDZEzGqbbJMatU#j2)-aB#5O6g( zyPJ(h_`XGBko8*_J8rxD z(Cp6PF|k(NKa2$Rt~>-8vB}yv5}kc`Kxu5fSYjMwtw%wV1IAmsjePMRW%-}g8Vj@r zY|{e+$4LA%Z>(Ou><*6^4c@m3HD3gL5Na}|+s^1=qyJf=|J02yXzmqAw6bU?P~exn z(OvY|@ZsUufHOhXB2mbSpLPwEci{!_ZHF!~^C}t`3~2Gy0CE6$2Mm(`AJj20MBqEn z7&xOPfBotYnByMC8TsFZ!~5xmepv=Ztm|nL9U=hEZvV432BO4&YWiO(G1nMve~Go9 zD1=c18bpW=@nR7%3+Vr@J{B1?#`VA8VdE2uyaHhY#RFet4fRL1~t4vcTuuK;BB!8Z_Ut{emhJUqG;^kl)*32*{?7zDPdh z0~~J-V1L60saVw!vST<<-|#r{1<;-}Xd%-FNO%F#g9X$}>pwsvC?iV{G!W?VwE@tX z&PD+=P%#IU<^w=cWrFZ34#LC0jV!4UAY`n7j*KrdI}QTe+dKeKg9_jnEC9sn1Bw7o z1hxXA5C~^A=rIfe@(4d*&TR((0!x6SUV|F3y>t*DXdOdvj5BZo=>Bd5GX#e@un&k^ zfq*AUAkpmyT@YN3zk&pg@!do&)PsNl!GV783P}IuAv24Bmt&Cr5x+c(O^k!05KtP% z!5Nv2(tz+15AFgg6Cv2|VUPzF7l;Ac2eM`tjWKetgM)qy)Z6<0Yw4itixu#BjI z4vuXfU@Uu}1^(ZFtQdGIaQ49Hok5g@Dr6hbt_NhKB4I(1z)&Rk$4FSHe$7KC3$+ja zT+H4u0tgD>iB9j!{?~6D{1_O13^9I;EDWU#`!$|23c)eHKjH*t2jM~ERY zBrrc2I1B~{GX5G+0i_1qJ#ZS}8xA`A!1aS4Pk#l6fCtFp!$?>Ha9CnwV8@hy&4V(9 z8c1Rf@G`qUEqWK7>iSCo5iGc}EHN;641$G<1dcig5gUI&y#mNKEaWEWj{UkgzrM_0 zB~5`sCa`IY?+5Il4zllq;>cg~{zA_Pc$+9@ufq;_>Md>1_#l6yc7O_hnf*T!Ij~+I zNCgm~AiM`Uz(7I&Tj_qqb{2B_K!f$m@mK*t*_{rL1|&%ZfXFJ0?=Cc#1AUOW|44%< zb;#|58rfx+hTx2l=wFmKMj0Qayl=@YF(fc(P@{|=0L(}k_SaH-?2pyQHxOqaJjlX- z1t<$g$-@0Wi$lOrFwm6YFj;(H=Aga&1uzc1iylVS@1YPtfxBRW3S67yKM+Y^Aae{3 zO8^4@7%>b6ph;j zLVv#G-x3jWQov&YiKHR3ZiB}lXbumjfkZ=IKN~w^2&@`Hx-@-wJYRkgKOj664KUI1 z3YrS_{9DEQGc)i5z+V->QB-SyoCbap^AEgBA_nsK-JpnZz@VX6&N15d=L>QJl^%3F z`ioi;AuH}iu*0j-spbGwt$q=F|KT`&5E7I=BJ>ANpni}BUekp_kRX8ot_V04_zC{| z10KVHl0kT*e`W@8_XlhiWJfq4vD0*M&YOS00^Z~If`)SK<2s|k{2S)!PnpO5#Eih2 zupJzQGBU#YcaHJBoj-BN{DgCMe972)Mz7|K?p&d$)4R7n;a>fTSru~ca|n148jO!q zfHx5ZGegsVViEm`=NLg#qOgiA@{ue$t>!}Uy9)lytOIlfItB1-bpL)A2uz`ZqW}Ad z`zZ#-%^O70pc1=RKVU;5obJI*KLP*ZA@^+XMt|w~LFRPe zF)H*Yywm%QqAC%C#70K&Gx4v}&v?M~|NYMn{vTC_LXg*Qp%AC}!H^iVmjE>=FdsZ5 z`IC(QR{Xyal|cwbA-MU`cTJ!~U<1Wfe>Teh6XK5y;6{yEILZ*%<~VdU40s>uUu^P^ z-2W#ny^Day1C`c)1r8t7*cu>zRf_);2+I%)qAzGJ7=`*a00P17JFr6{MpuEQ9AG2P zdjNfZ6%4{X8(tp-YNF08b6+4QdP1F>3WtG_G|#JRTTugZ9t`@PLDW;8Hy>mWPM4M5zK-4g3LE zU%@Gn~`U@!-U3bjad+u`Bb zfWwEPCN%g!)IcMJR4{vdXgm(Y@4EYrqJ}&^G+B;ZIXs|{vMRF51R4#dVIv5bE64aA zx-x+6X&XU-69Sxud_FW;j`;^3@6x~2hoA+O0(4me`X$+im(Y|SJ$wfAno$Y`V5SJH zWCPc7=<0yS0oM+#oA06QAm5G#)8)=f+=s`D_?Pw~z|aE&bO$PU=geL+W#3|Jr++m9y?S>Mb@mNwGR)tuRhS@Rf7{PfZ7G~qsWTG*Dh!scOmhz zV-f7qV5|V#AO;x^@ces!w;B2){{c@`^m_p)a(>ob%u7p%Z9ilHy!$E$Fj#nt#%yC8 z0TQXU>hwMgv9jb}@iZ*MPheq`wNWNm0>L6DI}foLA+g$<wE>v{|5VKl}Hj?%CM zT`nxl85H8!PrT9ntk{9#eqYTCbcy#9omWh;{21_jB%nOyY!pg#7`ctC0XpP{qlo8Y zQ?el#jnx955G)?cSROPW!_udpVu={_=>RosilbL-X%IM-2t|#(ZZ&pzEIQR1gWO#} z1LJ$3I~~w~g=2(w{*+TZg^x=JLJ>&m*r0BMP*#wvqT~<}OW_l!5Aj3c7W8`K5G3#@ zG{ysi1lA4a=jYm4#4WIlZEW32L4Xk@=O~2#86uP?Y?e+YLcpA;RlW+W9`8|7Mh}A& z_ACf)7Oo9Cy+|H0&b4tK%o#0YPFEtTEjSk&K^l@YsyV5=ktWqr&XaWC_df*f@z4L z=Zld$4H3!~LI_w0AP{iPOV7-&00Jlv>h@*_p;V2KsYrA&SOwleDGO7E!=FKnY_V+| z`?`9dY1&2rWsT#`f68_e!c#hHBOuoev2m`oE`0<9=)YE7h+_H>Jx;rBH)$yLUfP>@L1&$yrL$fPnj5ni5KZ2oxjzv<#L|#?KD71u6UU zk??Lg1bY=4vxL;g4*zX6?TH2Swv4j#I zN+TPjL_@lxL20WZed?hgjzKc|w!u;IDX;f4AkH7##AZOi6AFJ4$tk}(3ziS!KiOJC zK`!iiRyP9dGr}MjfsY5)LWhBRl7~FNY%}ojr{O4!FK8Eqpicn$X@|rDLNM>bBM{th zH1G!42#$^d)L~@#v+J zUSQ5%4dAV{9UgC%6(xt@FWmz!3fOTaka6K3_4=w3QAVIf*DydXG{zhhd>dJDc=Hni z9v)=`q(V2p04`n>i+A|SMZ_Xb!xIOfideva{yd~S%+s|d7f!+)Lj`#Yj?C?nXb_dBDYav@g=8n5eN%Zfq> z0S^xu2-rjjdIY|Z)qtx0I}-gx)7dC2;2;*21L}?=O@6>e4v#1gM-4+Q78~mp|FD)(knUU376hgbEPXf64kkCSu!%qbQII>>Py0#yeG=<^y_Pn>JePa7iQr22UU*iS;n5v8(!)(7x-?4MP0#PWkFcc91d zJp?b-?_&|CdcoE*ZG;h)0iJ|lv)|96!RU%5V$MvXDB#dpHHt6`rTxTvM~a{nRS1y0 z9&`|tp=h^I2njgLmyJ@^MIlZ?90=A51bjbF3?b$Llmbs$-;3MBBATV1tqa4l!NCL_ zL>Os6)dC?BLe2|-LZ8VQIEoVF;KTB=SS6ymu}JBO7xr_<9zp$vb(=AwL%;8=kjZn|AQni-F*Qo)C+=lzkV?K9YYO%f6HWWzWa37rBcbiF!5- zoh1QstyBRj5yA`sUv2PMP&I2^kdWUKI}q^u8gNv8HpF~d;5&&v7L(De>D&qyD)1;& zd*Cpu%W}F75wV|0KdwUHdDxl(i1<;UDFRR|8O4A>p=+z$_u+Oa^F8 zX;|hS63%XJC|5w;G)e>_PzWxy{b7o7{5kNPchIK+3rJI2zVmI^PU3zIO$Q)=LG71) z*a%*QQtk(!dn*t#JL;lT3}8mU_dF&Rumno&nu-uJZ?NKp^nGX4jJfLJ1f; zKxzX?z@i|?y*mi@X_T@Kpwgf`2+nehr7J|hT||GblPCRv%^cmgO$Dm}Ja33knevlH zITawJF=jx6D}Zudr~>-i(}Ul&A69AcAZY9vF^IL1@c2 zV+r~4ai;`uDt5naR=`dVU*L$K&n!R6WD_unt9lx z(3o8~8X^4_c-fM}+X^S-@EsYU5Wn*RW%2{220ACMhsV1BDiNbNvhVL-!T2b_J3Daj ziHUHa_jN#jI55i70)n!~SY))!t~V^ZfH!xPcYQUT)Wp881H9Hl`q*IVfR#JrfR%^- z7jjQ4XQPnSUT34%c236CnDm4o=h2)YjC0PpcV-rMsfS>Rv$ zs9DK;@fVk|XZPCYBzWKt74-?t3tL?zHB_LNjh%aX zPQS-N+zNGCyGSd3Mew)7JtmYDLd|bNs-N^VUE3@&`gjgBs!@|BIXA9s`?1T5?`nD*2jY zyYfeji4+TY@amorMZ%gko;fiNXze-npJbdIzUGX$-1l0BKZv#Yqy@L3*}4m3Z(&fe z8Bwvu2fHC-#nmUi!8Owq0&a6l=4;P_9f;{=U)#LN6ccHE6H!E1Mv!o>yop;rd#O`b zH~nplV$a5$$G}F%&0b=OHx+Cj-+35*o-;a5ogR6P0w+N9ez1IVV7a8yC;EcRnvGrY zo%YpHiRhhO7SbOu!rV!y5$#cooGy9CwLs9#^H{}bIa%f;o+TxZN`goPgT5YTVg(Or z<*q&uHjla%h-kNjyw`ZPR2o{ics-TNig}?>OnWT#|j{y(lnm8 zDp0Vx7j+E3nufKB_U>f^0|aiH5IN;LcYHa0Oa$ zg|P|fR7K6v6^}{D-NmCT_+rIPW%Vt_Pu$zJ2^ilnw#;je6VH`?ome>YbwERq5pP>%|(KTd&*2Xd-`8PCNA(L+UtGd$ztj0rJjBo~_RagjA8n_;4K4$Rcqv#&1qfZv2Xy4E_ z9g$+A2Tky6Ao^K!5SqN{gGgXiE!iaU_urt24uWPpemb#8$tr8DL({D2kRqMUGcWuw;HlTCSasr9Sa`HTjj!QWsK9`fc* z5&DMIyTH9c@lNo7s}3Tu zP7n2D>#2K7qCGZ4DL;Q-ZPfbGH#>KQmk4u*>aK2S3Lw36?$}=~Kg$<)p~1~y2Hmxi!Vvgu#lgvu4F(r zH%_6#0DZXYx25{HL7n zxDadi>Yg-J)ttD%Q=RJ)!>l_om65t|qDz*?^xO3-2~^P(XS-{iADMm_WgrtO(IR6U zw9~nt{J}z9;C=)R-HU5GQ>rZ^OG|D%?~BRw(}bdn`a+LHucr~7U`S3JSvmJgQ?$cg zhw!G7{-fe=VT$c}6bnA4*_x^XH?EH4R9CVL<>lTPUy}v>#67!wUdB_mZYSRIg+DCf zJO63HCSzy9DLwrMEX^`F(s)|p?GIQh#W$vw%^?3DFkz`Zb(q&L&%mIeImNYfZxvCqG^;*wJSFAO0AbrgaKw9-+6d4SM;$ zBb*)ZAe>o7H4GXnS$Ur+b4nd(#QY&KXSuFnXq?QEG0%9Anaq(Xc-Vw&o+*8KY;wSZ zsOd|no%fk1&X|zN<+{lMC&o~0iqsQ8HExIOKJk`%;!HNs^d)5S3B)&gNrWk3IU;ia zN}LPT>IGeyMxKz}-X^Uf6XM5A9?LJhMe?1D6~Dgl7JTR~Fl<6<%hOi-nv===J8bpR1`hp4U)&4+(ydv1YAnNrfkuR^ICrIW2I=ero?&y}uAe#o z4qm;qv79Y+B+r@Y?{{`B0v|alQWTN~ZZesa8mPfsdZj7HGm1pM5RJW-Tb58tYTSv;wnN`(%cjKw_?msg?=Fk0=5j-g*J@lyT-Dh~D3=_xl+e_c= zIhq!eM4yUrUh{b+J+vlqZRG^_qe)y-?y;gH<=3+egjVyfr$lwL2GGk5#A-EGgVUzVvlh!#ErFx zmR|q3!xL;ObiHMu+mmRHe2=*xaO)M0o-v*5Da+>2=Zi;suaaJ1&d+ldB~>ZpZ!DQQ zY9I*g}#)g0OV zJD-(y;Njg_+bNymW_;(3N2@tOYcBkfp8=C@jYpz!#R&H(YS`)HP=^|+%EjAsryTi> zoq`@#v|ov`dws`+mshAEu!E!q~JaXZncJ(%?| za%rCSRO8OK!Wl-N&bw%LlEtz0Rr-lwc}KZzmqLnL+ukp&sOUmHREi!*PnUGRyS2L4 zRG{^K@bP%kHvV8<#`f{#%CjMvBzK8xJ z?yZW_?J~VlGq79tiQ&bj$_+0QBX=$_(FYk7VHPS|M)|b1vd4qD7nH*)>NsweTI~88 z#E1Foh3JPqKYP5USDmwFljNn>mMw!q5u4ZX{!m^Y=}{O@JAIQ|9+DojW0LW^A14_0XRP&T}A6C{MVd))28s@#I*rZvNenCCvHOSF~OPrwlnXdCSXJsSyUo&D7CM*RkT5S@a-W9=|+$CheoBV63Wv(vTHc~zH`OZ^ zs}WE6=HH#4pMq)|VfJw@bYiBHFOGE0oUwUDv@7j$pR%<_MdaKY120rRQT<3x%sJaB z*PU_Q?bj_41|<|WN5M#?eUDj-MZphY0k||S$*QkqDb{r zP8XlmxkuKSy&l|y8 z@!Ns9DV@|oGaCw|s+YJ?OOv$MLZ97S?JO^rbEmSLG`3Z?7?iBWJZ39 ziRpH5>by^jzOJ3h0NbK~op#ZkR{o!)F9k&X&bK0nez@A4thL@kr#tqle>~<#dwE$)6R{?_+RM zP6nKD6^w(CGT<|kT?^i1sj8Zu`n)qsDSyuP@zA;ac%-n@cA}qH<;SVn(BjRzmOkQK zH;6Tjm(ms1mO{j*XR-(?&b~s{afTTQ7`f?K%`@{A>y^FNlY7>rEmlV&oAR))LJG51 z^4{^zPG+Xv%1kEP<;lnVMna|m*(FDx^gcEGF6!;X6#T@g)$^&%1&y2WT=&UTMT-I# zUV@2;X2M(&+wu>FUZ^}XdADQicQ1!-ml2;Dd5~d?qO|u^=_X9 z;?;?$3!ZPh570{NyGx@ZMr6`^R>4e&?zZwM^Vgy(K5lB$;pSIvNz86>Fa~suem#?CAad^f_^&(}v#@66CD% zUVK_Dx5;}xv&zepO;~eE9Xu~xQ1F8FwTIKkXdhLBn8D2(>@@$8>{1kl_!rlw6A$jF zs+lpPK5BK1J?@lF%IXyi2)p_Q*3p;ixuR5RIcCMqDO~xyD}94TDXyC>w0bM~<+e{_ zu~yTPwf^Inm$%8w^SG8rgsbC7*XQ*aGS(2Ux`}3e52x^8quKS7MoOYXcGMLH z^6j&D7MlzOZyS5w6noE78{ksAx!^X{VN4Ka_a(3GJQCrVPt6{gq_xTVzWYY&l!o%X zQv-7rcnj;K)k;TSWHE-CIWd!}GF=i)YN7&W?~&Bl-2$daLmN@ALAzgmRsQ0yNgL&$ zcZgsFokBUdJM+MA>S$KLXug!~ zCr9^&PV2&%kmpffZf*nvD)_>^_6=9SO#$-KRRC55TSYCNYvb4A`<#qy%kO*(E`Qoh z^q1;kd>3t;z(8x2`+jQF+(lBFEfx%1ttypL7X>vhc-&@Z>kVFLjyUPuxmKPNv&_3H=*QrQoN;zpim!>uBa>22%N|#8_ju#Pq-15rn46>S zB!5A!_MO^rK0CcdhtQoz-H#lvDAd=-KjOarZa_csu{?i4tu#L>Nbj|B7?D{cab~8b zcn4wR8yxMe$`>{U-R1iFwS=<>SI_&W5=+z1w}+^+D-CTX4nF5GbaDN*mT<>+(7fD~ zui(Y?74COjy>1u2d@iwQ`>O)uu;)(sXQsQVYXby8S4aYyM}d!mpQ##+LIwT@*Do?SI$%KKAG!^ zghZM4kNWE%bonTG6pq+X;WWHgdHY*$UE}9Rbyerfwlt$*1=*S-b&1~t7Gbw5$zg*> zPQ_1)YEe67>Dsb|Ic=$YllF7;0BE@mFd%}cOl#{fO4>abO@Inm{;(2c0V z-XAbZ6@9Tp$t@*viv$6W<46(i%zNz$*}N4S1oVkoxJ5R~{`uS%K@9@Qd=u>wQ%SUE zSafFk2*sj}PP6+l`d$!pO>Pn+nhgbTcIG)`ioE`j)7>Sd1jpIM5_2n7EDZ5 zdKtGF&%Ky%{f^V#iu$ceZg~V*j^dB+(>M0k^plud-Llb83#DOuRK?3*XduG-a3zGJ z2~l~DjK-EAf|XGdmRUxt9{)Npu6_6d!^~qx{;CzJ@hCj)s`8IMQ=jtdG#~HYaN*!| zAaB8$Ho1I?Gj^1NJVZ-o#37%L-jILw3+%U!Gt%q19rwCN%{+SBF@`rPWy`OGiaenv zjZ@IK7jEj_3LCrJKd5_>y3P{!rNv1*Lzkl^Iw8%HzU&q^CB@q}nztp(!)!9YGH5Qn z4LL6t7x365--52#-LB*;8L@DaB7f*ff%j8KgbfDuYH`PvPc&V9S6N3D*!0}fRykiV zrNQiF>wDV8)HtvyM7TE*6Y2Gdu*@iP;4UQ{``QK{#S2#4iK3EW#;3>h9*bEKhfqWm zQ$DS`Y@jc|C8#JWrp~B!p?nQo8&y*^soL zHI)6{Yxb(=uduFC$JiRu+R*CNxx1797AwGQ-H0qfQQaq3Y&6s#%+hZ(eZQ%%w`>+d z&G#^KZLuPug@IC)KX-4I=;T+@?XWMfwJ;a}I}% zBH6i$ds}5K<=e@xm}x2>z#Ci0`8g;q3^i}PvA9)KaelLI=(BP>@uGGAR#R+0IYW~^ zyRIoWSG)=vm#m(KGT2-vp-Mcyrgv7X38CfpsGR%LToS(SmOy!nHZ0ydIem*kp4;KLCxtH~0Xc5Y%kH75<&v0udYCrs?`Sy9{0rMR-txpA-Ws|W{kvbuM|H{vr~D+ zz)oWL*^{-qot@F}{R~~P6<)*Obr1+dFeSz6)|blku0B}E2-0ZeoTOe3U-hT>78(7d z`f)AYb*IIdRi22Ev)}s)c__)uowtUlnrFDxa4l-7l0TEu)U^;7Jk(`qq5~o9qUm_l zy8>%%Pw+zEI_BcT1x^dBZY6ll#Fl9~tuEUZC{SnZ z#QR-H*C;o`PN-4=PSJ2mKCWwW!f?`$Ot4ItFTW)hBn>0vd#mZ zKZknBHfG`Vb+#f)JF;x}q*oCIQR&8Ow(&hxjttHb^URy`8|@5sS7ZjYCmQ?xvbe`# znuGJ6d8Kb&<_+^CdVxI#W^pwqA{Lu3ju#h;i?e3yo#YSp!)0z77_=UCO(bznW@JVwb#ep(XFfo(#Fg#r6y}ApVk!_%_;~ zA}F;V4!xd#Gs!*Qx6yMrH?zckIO+Pt@VdV}Q%m(@hcSW)!%&~c4%a9P91Qb(@;%2S zN9^yTtMlzgKkaZ{2Qc|J>0T7tGrSI9Nn^hnnP=PXallurM`Wn&|M1o35t(Frz*mjA z&}dkP2OIxj}bmoL%9#XuvYf>Wb0jR{`|>{#`d2egJLcks}k)ndEJQvXWi`-Jg;gYE#xpvR{u$UAdf zK1DegAxnJ!ZiF9AR_`>YvmV!dz)HzKlJT2tK#an77~cq;d}{{&ko>%5J5wy@2EVbG z$yeh6>%{t(iOpiotF~0i_X*8N-X^yvBQ%?(+Fi_B{mWlil2}SU!MO;yd5!z4OFd>C zc1Y|_5wu0*}0QWiX=5Oa>hTtQH6au5s#(*_Yu&;=Mm-HYvqqxgOO z`B{Pl0%?w{sdJXMS)I!+Y;TP}86w&jNo~HCN`9<0;!Yea#+RTlcVOqT`v@ovRrdw1 zi`0XGCyD3N)QebBVcHS2u{2*rVan1$)oz8L&@V>!+4%DXDo}))FYgU41syjfHOPz% zqf8Ygh}mQ4>#@)TS~b$kDP3mIzG;*%&|!JW2sihW0~Fh})SfA!)Xq_EgY-FBDB@RxLq zdZg`Nh;!9RWA=o$pXo{z8YBs>y_^@^T@v zKDur(bqRlprIyBqa8E z$V9OPiFdGVoT<(IvPX6qlDiNtCO{!kshPtgyV>!y>G+rs2Ed!aj}E(GjJKQ zvzn%_0tDI$dX03+ZUtS+A2VyK^bH0giy$4I^-A0aJQQ7s0Jxz%o{;q_dbu*UapS(0 zU>$v`*oJQ{s292#Rg({d`WHn*$OZYr=#zV5FK}bL zHg7}iPGViOh7)5V_OLF1pBebQH5?4XrXnl*k|{dE3KCMKU#ThEX;m97`t({~MY zEfwarfFc?eW7G9T)GofP6?TU*9wlBBDZW^vWTI48lHg3!Z~Nu*dS7?JV^5~n{+|0R z4b|kTnv0*YCvr+07#6S~x+3aRPnLgMy9XpOK1Y{XV9&IRJ>gva*5V}=rsvjU&r`Jd z*z4zby{Z-$-;!K)8+EwDc!{jyn0!X)G7nv_TN__iK-Sej8C7aPg2oJpP)s${x`Fh?S=~jEC{^P;0Aiz(SY2d4`c~4n6*v1yP9V+^ zelMC^{)Xq3yP}5z*GzYlrLB+t|4aBQ;H9M#3m$8HU8$68{qQO9@@(_7jkVE)i?d($ zB**AJ3*ITenCj*Aw)@>w!C5Eg^Ws;I=U>Te*z%2DbIS*+o)8AlRAyN2xJou&^D^#C z_Q?1&PRcHawL(|oxg=@ltR3gd+-<{t5vR2W^;59Nh?5z7+b4w|T&JO!$Dy(yB|*!y zS$LzC&dY=gWybUoDz`Nxq(1BujpMk%FP8Hg-+h0n+DfkVS?WX~bgs_L2qF(cw=@CV zoVd5k9kqL6Lp^~vJ#R%Z`LrezPgQL?it zoQcoc77UnO0WqxDSbvM<7-`KYUk9R)V=yC<#3l> z%B@f5%wtkl(`vIi))gjS_Hd&rZdC;7k_sh_r7c9Tq-QgbBI#yMcVr(`BcU^g-=LPP zEx(ChwfO}kdABm7H6l-_q}!coCK~D0Bty-G9N;{&iF+X^>TLO|cHA6NnL?dZHMAK8yT9d- zkp2|zn@7qBw8?t5NOWUMa8l5hqc4@MSm41_0aGdW^>xXqU9+nA9%^gL(RJQsG)PVX z1MdsRxl9KnYrBjUu_TF%)KNJC01nbHR4`mIvQAIG6a$4HN;dT($&>GJaw<-nE~ zTDO^Bum}qfr^-CKd}S@!1)g1e@dOv=^#p+~^O!1OZKk7VTU!6*wCML>FhO z4Dq9}jK^?MTdISbGEJ55ofLfPy7(RpIT+_>Up|+3zR)$WW8te|I_zfmWhb^iuZ&N; z>O1!AlSS$2&tLY=A`#!GhmO1!`r5Fqu|oWsb@k=8EO|9&Ppr+xxQ*J+8hV;ly76uD z&C|1+Reo*BUG?Kt1KVf`$H)#4~a5?o>;fBME0jH~nai z!omGJH1hw$pK{sxJULQ*mC#i0=K5)$bWw?D{I5_*S#t}$Uf^(wU~E6oIOxuU;gByB z(e9-JmfL{kyW8*&SY$60mAbl%A3GR-%!2~Sz0^}AQ}jI`K4xW0Pl-^xg`$o)*frzu zyl)op4s~Zfb}(FbdH`Zvx^%NW6U4AB?hG;XV;Mk*0}P%JSZBs$HN_g1Rm?EAddvX| zXY(L3ixhj+W5bjBX%HmWprATG3wqqf;JuOH(v`U_ptCKqpbkaS^m8`;o}Hi#w_V(ZZ7yeyy3lr^ppnJp^Ngy3pa*MH_KFdL$5yx~P{MyN&HQ3O_b zByi1jn$-UW$a4Xa#i?sRvD$wA_CrUmSWwP;uZ7oN7+Pz(KIzifQ>j?yCpYdjReWOE z&Gh*3r$i%@oO#1vJk{s<%xj89(Q+(S1s+I=4ldCM$N zUlhHW=n0w^W!KLkX4jsL_SBNm7k?2$#)O@)H%?VwX(!JJt8%{Z!Ns%>bZbnqisgg! zqcO`7UKg$Njt|eTe+nu)Lo|1_2p#8#M$JhRES9y{c^tu=^6qKlQ#B1+5j`h$T|B8H zpo0H26}T(V-&e~tjVZpIk3Hxnv(AjuE>lj8R^ZYd9ZCaf?`0}VLuuzm?gjGuX(kSp z;}57_K4&g)tr%9v9ahcXIsUA%t*J#e6l40d>(;`NBeT_{_z!10KgplwYwUPnNqI`~ zHBl$0_U3id#p-+8I$6bXg*u+kzn9I8mpvt+FLUi#RG#GyK9(J7gci?X;&X9Zn=uiO zwF>4FmT{zkU)5fJXRZ6Fw$z&Y+RpaHZp%+N;>5T}L7Lij(&T5Y>!vr^mZ;2yspE+6 zx3X`fh;B?ANoA#c*m2H2euB}zej(jMSf<_0QIp|Fr9XZr&c}G+vW5Z7gRkmx*=4yr zJ+bPZ@{ydJFUkhhMK~i)WgCgOG6y{mrpsNp{>7rJ)=$sgY5hSWlhK;$k--~jrJKXx z)rD&3>O7wPl=NDgGDqW=Ekc6Vo!3Qfr3p#(kQ-b8d#WV;R(!PjQnxefDe6}Cv$+a+C8GyzVOf&Uyr_JdL!QWnc-^Umj{~b zuUoY2a5IFy703(RfTi7^NDS}$%|Ph6-2zNLc~Qf%h(_%yF7*Zf^Y9d>9)T48CY~dG zu}KoVY4c%xPdFG=d8s^#sS-|Hj4HpRRU7ws=k_hkS=@jL^+Y-qF2nn|J2^eX`kFVN z`{7=>+R#e6!rDzBrSMuV%C9Jl)$uG-aL_Ch-#6}=3M0m5yf@t6Y>dNNES`9yZV#}X z_-$%gZMI5%m(uBKhO~e@Tmpae(+O;f6iNBQ$~W|4INd6)u>%N*EF=2~3;kF)oV zYU4qx3gP?$bAVmbR zog4VQ=e+0samO9s#~5K}?6ucgbG7-*`K-BD6q$@4=yW0r?P?3MEb0#UJ`1NsoP;m7 zOYp2_JQ2&Vtcu#zxs>`NaMhFZtTtI8a5<}6Fqdva`lKh}7t>30bFTx_ry1WSSfS^; zQDG8i>gzB2pStS-rhNMLOD^vrL>UAGnWp_EnRVPDthX_e3IXCWw>&=a{X$6^ouKr( zPXk7ed8691-Lii4wb*O6 ziVxm?)Wum@UwIRxA3&Bmm;bffhbvtnjRsk&nKSL{E_6Re#f|I}kKwJH@hr0u&NK=7 zMYefSnc};VyYOa2Qu{uqNJuG3MeeyAjA%MIXnp5HThzy8k?hw2XM+YSXRq#AwQ^~B zEAun9Y}0nm+udF#8GgRl7n^tB{gtH6oKBa|eszlzfdfn*@TjEBO=T zdfE(0p$21CUJD6#4qkN!N!Kn`H~h>w4REcaZf&ifPdv*)W8h3LpUvNLh=?n~JW1WY zm+D!q;U)|gq`woAO{j7WN1?IrRHF;?7ql%kHH9?8#REeyAXvEReE znX+qH!~O+8He>uHFX;^nuZ&@XD>5hz@!A- z*rGuJ(!GkE%}^zM)98m#A9(OVTy-6u3_kR-ReRTYOMzaULI2vl1U|eh6mArts+N&X zBs+4gypa`7%gfACWFB%7jp(;+mTJg+QPG}Jq(WyR2fST${~IKwJF#^0%sy8@?so~Z z+*?uh#?WyR90)WZ%#lEuq>{N_^6lm}x7N|bMOLpz&v_XQLwa~s(L~$Y;V6QUR0bG0 zio%`of=Rjy!T*-r&CbuTVWJY(LYBc%HRATvxk-QeoKL^7in#u|$p@mo$k%gn2gWb; zZH|3qb@wb5s~@mv**-e_r9aS4%S5JyQH0Pc4h$rpxGHv5}O${;-v!z_aJRH|k-A-vSU` zO9ovcm4S7 z$tc4|2QM$Lme0_vta*y|Pcb99%ns+J;7%-6W`Ac7SCf0$SL^Qr3xJ2(96pJdqD0sW z@wG(vG65H#7#*(+yU6iDiB8{pa?|+d${ydzU;i4WuFF@Ce^ty>6rkfZsgYhp`e^Z4 z<~Du%h}?60@2Gby9Sd{klL~ON+bi-gxlaR;J#Bj1MIB!vyHKG@COP|o4c9X(tJ`Yn zk8eF17~{iOA!2(+WGH!avWr8^_wANUNFIN~diYp~_}y5a9&u)>vg?1|0u%^+yuf3^ zYPBX@xu{q3!p-G}K(9SI9M&zg?Lfx=fhIF!SyD#v+?lwL?j#PH`f1HL8e!(K?{QZa zy`C-=powxP`A{9wgaxTRmK5u0zvz!hP;GW_+J7ia(URNL)Z}0kSy70M@MKU;Os6iI z_h!(DOs7tn?}ep#X-aO6^w3)%>f@7IvMNw*5sZ!Ed;7?$4iXWxb*yJ%$Z>eLl&k>X zc+79MU}32dvJO7gO!}m69Umpe5956K+IcL!xU_tX1V(};#*U1mdgDRLSnr9sPQ9Ww z21X`I{xt*iy)=PC)qDx055+kvlqi#Ce^HboBN(?K|GS6INxb~;{)^@b`aizpk7#A6 zxJkR~I-0apyJ7Hd-00hbPcLZV;Q2%8O^3l!Ed|u*)uGm1K(TmF^$>p_ z7*l7cuLY4(lE|a?OEfLE(;gLwr)Kk!j5mVxCx4vC25YT z<)7M$-9{K&a@hm71p-j#zMr`30+*^o^zZ0$e)+8S z{Y0P))7a+fpI)+}Q*i_|BN&s@kf3>&l&(}&%h@*FODYs&ze-4{BRpa5VHq2JNrOgQ zW#U{FesnF?f88e8*m5wdE49yPMqcRE{?zY?S&Kx(qe=amyj4W9@UZbjpf zu%i{>iaQed)aUNG>qMwymT={eqSQA3Dy8G*X|^93kv>3bMpNmlx=l9I>tPeF@UGw7 zgTNf}zk}vrZ6{Qrwwf1C0d|zUqimvC8DA%nBKFZJE0#iY2Y zX+FOuV*%b$Y+W2?&l@+GJnF9^Aq4Nwl|_qnSMGb#eWEatCw-0D2Y=~Vw)F10PX7FN zw2afYVp3|*S9ysRRm{GT$p}2*eYHKc zX4e0SgFHoJ-p^R&I71Y3+a_4#vn!IeVtreQINzX`9~^nZF6WT5AtBv*>eZq?5~Z%g zKsIbVw|hcqhw%2Zn-oh`9Hrm&wpFUF%rMde-IUxe;;5X1*Y@C|i(c!Ckc7fjEavR{ z#vB}WBPLv&=?w=61CZxj0Ov=SjLHxQyqt?S%1 z9+rgtI>H`W7lA;up;sE=y8GPoX)4z_Z}9ww!iTAVlIFWJ{n+6=qmWisjJ;&7Y#4%z zyH#FPy$F3F-z)HrP4&5V$~up&1?}Pstgj`hjBt6u`+21B)^Ks0qE>I}O2s$Q;jfOe z*)rpM!AFSruP8l!lH6`RR`-UST#!;y9Ik-u9%u^vlilvFx|9AqLREOmmv$}L&Zv>P zaQDFRj+(^%?&z~fq!_w!JzNYWW9NKKg`VmKYi2ecU1#{}=GhfjD<>RE_odmI^Io{C zL=O|Qi8R3vR!B0CZH$PApM>$mJmTM`V@SIu04u<^pq}`&6C)9Hj?&>>Un;$fy7jaK zs!{f)(scU9Ft5*41GU_a(5F;TrMU1O4rilL7LSId+Sl$g&K0t{3}8)4GevDmgN@$r&W39wj(+#K1P~S75BU z8QQfB3c+Y@hc3@Qh_mcref`?+Zbt#@JDF#1`JCyi40a#5iZF38u6VXeeaICMFf-B3 zs5)JE;p5lWvSYIxT&w3op@nW(lmTjL3i3;=wI6NUV5cBeTVE9DfVsT z#SvQ^LUMFR(TH+xd3Q?m^c}COdtf4{H-zdv-AT(rfw-{gUQ5zjY9Igg7fPwZi;YPe z{LSx(9M}VxRGYIw&L;8l3ROMomTRF!Ydp6dg}uKtMdB(G$M;1=q$%F%wiCj*@?9I0 zUjFqDKOmw{=Wum07f-)AZ~T2-h}@aNNtHenp>KK=*RaSZP{)x^0b^_iIprgZ#mbu5 zVk+whTgZW`HfQ>CbgZ({Xb+z)}S)Va@^=o9_Xn^}dLt_)#ykb)g@DEOe$Q z3PT0oIE~I~lH@ID+RW`=NV%g=!>f~(u1=&BMTegde=j}XHc>hR-d2v6nTCC=-z@Y_ z;OF+f#(TpJd1B*O|J*5>$0X0p&R%+miGESx*2-=00@*!1{?|L%VE9?Oebc(@X{Bvc z{JC9EAdeCJBXy22#n5$loTLCV^Q(?1gS3Id99QBAV{m8dMSQ-xI}w7pme?!8F_UW` zF#1^wO!9ZPgk3L!jaTBf9mYn(jrWGCwp%4YrB{ABDK;UHFavz)_?`T*W8{N|LaFPe z2aX>(M{=vsb@aJOm7Nrb1i0;u6}`aI_;=br12T9j<`_LkMq3*~gNwcW7gnZ*^xZW1 zzq(T9T3ZHE;c~C%+{BD2e(g438oU$PB>0K1RAXhJk3~)QB zmEWYTKr;5rA0UPsuJCIRHQz&_@ zo0qk;fqF6E=(`57^vI&+lQEQeQJ#U?wb$L}jL=Y|_UgqTZZp* z(c3vgo6BWdykZ^NV+_)L1?18X8Z&mAfqKL#DNlk58b7x&L@gN1ci7CgDiYq$lA~=- zyJynbeDjD7$vs-__{vLDd_4l5$TZ}I%V&y1m#))IDZ_0?%MXK?Zl~(MOKFk{9`nHC z>N(YJXVRYtkIjKo>)0oCWx*6|E-@A9BGlY&l|+o%VLnY^H|BaZOraDnjfsa(7HRjtw< zRLBo3;nb%^QGtNGV)yuNdODwN(X?2Bw<&P1u+AAsccm6S%!P;AJiaHu zB~UXlS2{~))EFivm4Vrm-*ylk+LL63>9==M@(cLpjSSIIMjlCoT5c0#;2gwk6BdzF z&Z~`S+-Ww=iB*C++8@#JA0rp5C>Z&Dxx8yex8$wXtlXB|Dfg}4Tv*+?;gD{SUWRJ$ zSu#SXJd-i@f|P+RpfCEM0Z&0)aa~cPe=e5d;J7V=aw2{d`}4AH9-Tn8g6m;Zn@Y{E zm>Wc*CwPK>-2f?;GP8y(tuPKp3a6)KPf}t?AULcCGYABdLX(<30csoXNP@KUC|MnMJTx}Ei9dPf15ByEm zK>m}@x9=Plz*|!6Py8X(x#1Q2i&F;Rc2KeCNC`T$#q##ZbsF9CJ4cN>D$2eGyC)fj zHgab3`IQAkxm({F)6Zc2pZkufhS8ezFjH=6mL_?^>lWN>`$pF9!+>mA1T&JYs#?|Z zr2$K=yuo*FD6?o7tWXD0y+E`WIuKKLH>4%Vq+fkIjm7AjcArEO#GT512HX1FrN-xe z9{!kr6yvt3-6gM(dc$jr-WIG@A$`n%&xe@muFn}4@lpHOI^=Gr>0T4nt4cDN-fouH z{6>oZMyznK-cVir=SjueeLZ&NJ`l_GPFK6TRM%DSV2-cS zJ`ir8{z`VE0<;R z_%d>ihHzL62uuw6&uKA0TEOLDF@`iS`^&gFB?CL}rkC^CpLZND>MbQM;Z@L6cgeO0CSx@0Yg-|G^MK#9}xIPW-@nXPk7SEjxBF~Oma8YTNxJ>}k{`O#> zzIxJ=kbtTwq(OX6!PQtixavE=(rIdXtlw{x|yBZa90^kMqMgy~0nmQJYcsvM%5BUkmo^p|W1HTFO@ zA>D*=yqqQybzM{UE=SLY8EGsQ~iWky5*wQHDXt`&6Qr54Y}9rruas(AOsdtw zyWDax2!@mUGa*~()R|u*2hD2e9^NG(Rr$C^O5?TqaS!pCF8Y+uU6S_~8^8p2C^Ko=jX${Q^Ld!PUAsjamIYLbhZyMfAFX z^nr(s0;)!VQby%?OmI@(#Sx*A;vZpMyZn`r66aK24Ll8tfoKpqO#?<)0+-V|ET)3a z*-cP#`9Zvm-I%z^P|*H5$P8N8K-}*!E3I94(nsW- zJ{VQOo<+Qod#2RR)ON_p)AwH^G^NP)%7(h~r0h(=MHPJpF{nCHyEouDGu8#BQ#-OW z@mp$c{|tyeQVsQhN~s6(lNz&D)6bYQM5{exU+qngrKg0s z*bWi}$r44pzwBa~CnaalQKpJ$AoiQO%63bX&NDt$GsB2p&R(}JuNFDzS`tnLJy&(N z85pzbSkEEWJZsK2z>3(m*|xMBbE~);yKmC$%)7N6P1QNV|G2c3Fh6mkmkR7X#m+z7 zrF;Hj1K-@r*YriDEnR6{c-kqHHY4RYNA^NNQBpzr+ zWZ77mIX$LN?y;0=>iSGs5vXIsHeGhg#si`5|3hAir5~ona)eu$g%axVR#A-p5c=CN zFQO@B>!|_op^cp-zNC~=ht}_zL}R8T)r_+j1DV0iseV89bBy+)`6I0WmG);!E?xru zc^%Vz0&xJpjm+N`Kj~En2tiQ5SH1K_ga8r6r7u6+;)wg98dSB*Su3_Wu=7#qMQe(Q zf*|rRkDDeSI134RXJ%<1S`%F8J|*zFHGl1{r&QG3{tYOT?3u18bse5un|x$<=du8jUhH{~x+%g`(qgnVTc|I;#p8X;)4 zNx8$~Bs3ElCsHv!sWt)F8c=4(DJK3l@fI4dk5mWv)Dcz?VQ!ZNez?U_o4fSp{0p5=kEsvT>_pz`Z+NC7xjmh`w9gA!TD2~U!OlQO32;r`s1+m zm?2%x~IldS8h z{AHbbfJ?D1XD9>-zag+8*+;w*mzOL06m|-HXi*7Gjl9YaW(0jPd~hbEhl^>o#=Tj8 zKL!M0LGq8N|68zYstKBu!=BQ1WIvmPsn~M_=7b)GArlxbK93&Q{`x)+1!Oid${?*s zj`}Ce${0zVa-WIR8SGy}W3FTXpIli8e;AN75nfZ_r(sJ8?;|P@oXUEBcHU1!Ts_V| zG}!aP!*BN1ZDQW(#8axvkO3Ys64d{tb$}-z0qfiyb#g4i0WErcG|Hz=Q72J$mwdh>uaTMc1e3=VJW!F*>;7F6oBH&C{QVR@s!V{ zmGe(?&MLeJMi4=Rh!P!O7A|ck2f|>HT`Y`z0dlyW+$?rExzo=Q^dtn?waWA|R)F>&W^xBM)6vK5s9db46aBjj!c+ zmlQwR3&raF!ZflYr#qE4&3(QOTS-!v2ANluc>A`bD*urR+z;q(I3v8_9IBn01DdI^ z6UG5Dc);QJC3g_Wa8WNh8YnGRi*VXSctxV^i+z)ylL#r5^r!slCCz`{l)=c9?U-;p z_!NJX{LsBJr&sbtzrOk(*WTo{w;OH?^B4F|2z=k`RA>!+9z}+*@VWRNMX)VN{uzPy zL_e+EYlkpg>32Sa)lwx11g3yL$B$z3XonSpEqGVhVHs^dI}*l;sd z5gKK@+9h44zZGhJGFu`VlBz~KqXbc4Q2<(L!-a&TztS|O-0YE2f~_{gW)v(7>E!m< z%#(?>12{gY6^sI(*(!IF&k*gW3tE|lBvdhV8fxYg_iFY$wW5q@7BkVGH58wZ zx~l7(S|%we8tpF_i8C?92-SGD43!3ryNpd#}soC`P~|u;RmO zQ_Gs)L`4U%8Kk#k(jOgw*Tz>Je6vi|quhPzoy{5Y8c-FW>GoeJ4Fa!!n>o2ns0trKtBtGt#BH(f#1v}boe zKRB>%E+(R!0Di1Pe&?Y>)W*Mo7kFV%193!IJ*6%X!#dDITJcV;k4B*oW-2!;Zf7_d z617yQva0lo(XgnOW4VcMHt+A(pJ&(J^GC2`ZYE-M^Y}H?jRCBg7wZK~1l@LJnBP(a z?)Kt=smk~Jp6Er)@17M|=Nrn(ddzz5IaH&n?9^M+Nc!MI=??t-f{zebRZ$X>c%Pga zNIwxR4&2<$W|+-U(m_am_aNd^-;U5R|ml4%J?ko#1ywLfqgyYgj`N!Klz{n6_ z?;pq^C1mqZBvO5EW0$epB%8SK_gd0My}Wg|?nVzaXwdVQOZae3mI7iA(h z23S^2oaI}O*~rc>in%KlurBp@G`#)@TFvgFb)diS2q~1(cG0~?av*Y!ZGxIe-(3^p| zo0EoN!kMne9j7UDtz|;#-Db9Uow^IvcB(m;hRi!<{9;S3zc#(HR2GvF6xmYZ ze*SbuP+ATUrb!lM1b38RhGqX`|HG3!$kUmtlfaQ;nh8>>Jt_mx>ZIMb%z*m^-b>YV z$?CENK%W7GltU}hcDsDl$}b8KqT&qRRVPNw(zTgXCcOSTl8l-Q#65R~nMyOn#CX)s z8d@I2fuhV>1M((Kh}j=pAP z08gC{Gtpd{8%S>xNiBJ@R1cv$umM=3($y7 z00kSAjXOgCu0piSG1mr{|3_+dw-K)rl_);ci%M`W0Q~eo_pu8tAVGady7Y=&cAIF4 zn{{*2&X@)Fea87H`7!Jm;p1(3cx`?H4&&Ohxid5!07j+{g|_(kJJ}^DCjgD^FJq1+ z-6%LIxSGl+XNzl^x-}&8n&j0 z%2zt0+F}4IT{m&R=Ju!JHP3`zO9iq%h1Ryw%%!>}gTcCG31>=_n-t6C`;5U9GtlG{ zSp`ICocwksF z=<^SKy(rc`wsDg{mjZxfsclo-zLP;Zv6*hU++eT3XCzdQc`wibl#Sr zqU;OvtJI&@ZSJf6+9O$o`a;bV()NIUoPt(He06ze8I53rSg0wVYzN@F1{C45KJ1P_ zEtOZ8k7i^P6nY?u#?oRCb{R1=veqWWc#={CQzY=gFD7qkhn^QtJ@b5|zPf1xZkx5- zG*}!;n@Ht*gI1B%q*e|X04GKtvBq;Gc+(*mYE5{_5KLl_LRKP1ABB`s&{le>la_y| zsF)btFc99N9CDjfihl8y?Q9FBe^mTt@lF_I~2d}Uhx^d%fhh~hR zs;Fp4j=7{pjL`s%B`XLaQ2D3EagvTQ<`cK+_kzN>w~v&TOELCfZB_v*o?XdmF51;` z53%2BWbFFUH+KT~XK>wjlskAI{_fgf0b=PB2)MzcXp`R55m_~^48`_>pkZ12@^g4v zve$N2ubo6+Fo5?mCjK;$$!7_}$y6*GIhJWT)!1t+wRR&!4I26U_`D?FSE*7W1$0sz zB3ZG)(MEAiU}ZS=)K-~O1(&v7+ucU)DxTw^LIq%*qMn}x04t}9P6(jC57a(I|fb>IXMxH3=A(A?HJW3tn3oP z(^5*O!&~5s)zW&lhfSzNF-iP8llCWQc|5wtC`#PG5d`;(&hCn~L>QEWmhm=`C0GMiTNLM#m%bslFwzhvu|@m{|3LY1`$U}-j1yJL3VzdBKv}5?sc)QNiO{q%cs*8iH!`@YZP1Gx zoLyn39EH)?D1E(&B75m_2U+lM=pqb?-u(03)}wu;o_AAtx*4o4_b$J}p?2*UO}~@579H%m_O!PU&=1_mxytIRY5*`rhdLhKvXn7%L`Ko!`F|Vgd`(X1pUEkAaT{EYe@q-L^ z36-JnR#^eytd^+<;N~WRy!klhOI?Xx1oqSt5P;LRU-ZkZ*_ol0HtH|56wXb}WA-Z7 z%roVPQ+=)EZxkMD%9|l4k}f3}>--BC&~|Uc%d}f6ZI*C?C2NlmO8g6ENP5?a3@po$ z=Rg&xV8`rcG)ZZdrD0$)EE#(W6}~XYdb+Wz-baON1m>#>nJ%cVoxaAA@1day-HqFs z3Z%GJF$l(KMoNWBHKQ`t6skTOZ@4-%-ZJ)bGNi{s0y-sJS?;E$-(`b5D+~~vv6Bi!Ic;Z@KDKmzaZ|8CKVm^s$GWie~y(I7*aXE7zM3GQ@ zcI8bqE2G&k%5$=TjEOqpd7yG%qgsT$a$9un7Ffa;IQnPSinGT@!tIdkE#e4+>nB9y zWIknxUPOqX;sR@QXJlF2LW`>0N}8J$!a1>*ToOO0DQ@hDV16K)VM;FsixN`-^-K7b ztB=&c08HFEP@bu32D2Zp>)861wbYlTYcyvdPb3MyOePE3;M7V^5f^k2mqt|?Tk+OE zV)qKqi5N1X|4Sn@4@~P5?Q=k6Fq0~%Fs9MnahHH`v*Ak+@CfmujF+(xZmzAVc5c6C z&Px_4_we-c2g>R18gWb-J~`?1@eG^f(NhBmx+F?P?)Vr{fOGI@Nf0jtpY~f)B6U(W z_T5l;0oQ*3K)`t}c~H}MXyd~!@=^UDMx$qId25`Yr(x1-MuMbhu-_EKK|O!Rq#bI zx6MKGAC9*P!bPx#xm7_)gYMGV-^9rhu3HTRDOl&MRjxqBvYQs{mD0N7)IGMEsQA)o z70bW(h(Yk_|NmdjYB&Gh#JF9F*h-x3O9KFa99TUvhx_%{g%<~>kl zA-K6P0u>m$lqE`Va^DlSb$J2&2ih!`^q>#ejeG3s<;hhe@Umt5d`Nw09_T$0bBMP0RQ^Qz+? zUZWPm3c!3M^pBrc`a_WK?zU5Ne;5C8SF>h8`2BqGok;Ic>}xN!c_qg7K)>TJ7zw53 zuAn4I8u59JSn(uzbi-dx{j8XB=a;v_6x>gWRjDIZ3LT*IA09$Dk|uw<@2YNW`SABp z$7Xgj;AB~=f6Pz4j$&|pu@Z~>nHwryG2_Mb`OEv~J+Bm%Y@{hYOQ0(quY+%(JFlT78KWT5dD5)W%#zL_f&t|Rc&jTN`&}WD+?>tUj=1$Y;0-~5& zY#ztdBa0zaKNp~(!wG43bIw)kVdHnDGO#)+h7!{$ch8z^h4a4WO17%d6q{lLGNmL5 zhlbnFNZTVZfCcJb)9V!fwUoG0n;jNCyTs)Wd)Gv;XN6zss%DDrq>H9G%8n-XFu!E^ zeG3dpk6JclZ=K^S9`oDNoR5TGP!_#^^3E$bC|6j;P<4W@vZGUKig;H>#f`;!zpGSp zVOQytX6}v~d9c6~K&y_}6-_w4pLZ#@ZYS)yp_9JaZ_^SR(n40~y(IiclV+Y1rsE@~ zrC&j<#M4Ta2n*$(9fTM17@~(UFHZo5-!}N;@#v9qY9dH-qH{k?aIrz576rlRI-T=8 z@%h=k^y5fZRWhpY&DzI(DBA{P5M!YT1j$FdcYXiqt=PNU$s9CrPO-J9Y-V*#{&M1f`oPb}Pas1EN%km#WXRRAKHJ><=4$IW9cx?p>mE&? zlgfP9b@qOaow;14q37c)h5rK3X=qU{ zrxi6)a+JEl;mju5_Nh;_yCsd$b-3R*q~z0#odNmr2r=(#=3Oz{vn>x2dHf6;NoXZC zQagT#`_QG4sRno%K9IzOD~;mpF)u=^A9HA)ym;_*p(81SHaAv3sP7TbN1zszpnj`f zaNnjz>9#Z~5;Zr;NDrUT*rrp(?N1IF#p;EUkD3dMHU3~F5qOVskITUv>Xda|F`#jjSu zH-&ZpW25;Fhq&s|%FKzTZU*QcJZA(dNaUiC71ivC-s620+16H*iJj4l18H|O$6TJ~Kv%7EUtVS{bU84^Myq0DNBpE98Sj z6|3tzKV7MlkA%GwvJ}4(cH|qPbHk_yRW!fGH!$P!P7y}F2^zjP*|iL_*l&bv>P`_( zJ^+1Ji?x4dU10xHSN$^pq9x|u64<3)i(WP-dRSdW$*IFY$4za>HKvOnu!?eNT8;BB zK>}Gc5!a7swFhFehr_{BGo-&O|4|BMTHZa!2wFv#nfbN-{ z;ItA|Eq|?~tRdC7L~)7^<2!{Uf5lgfU)Y-`?+s5+diXskOVRrM2-mr;f#zU&X*BOA& zieLH^#Tqn~9N~O=$1@|@A zXJkoqHi>9qddRuS15mHaj)eT8WHw1j`ef#i_I6@qm`&Q&tPY)n8lJ_J9saswe*xkj z=4VOHlK3BLf950oG=9WZ{+@Y^MXtM`qp|=?`+fU5FipN>adF~&H88BCql$M{Vdnr$ z&gZ;KzH6L7M?^tHmQK#iT((jBLw1J9Aj4T!gt!exSMN((H|Y3POskIeb<)HZT23bB z(nh&*I$0RTao3NRvT%u%qv}H%q_mBn0oa0txkA>?KeCX3JF=OT<=X~DBY)lEMYhZY zz@CmiSwao6-Y}0QV25!k(MhfxZF;_}X=Q}V)l)jHhF-kS5^2)Xxf!_7YQJa zQ1v@PvOQOgzuu4#vw;_JyTwba%9402NIY}QggGwM#^WQkAS6nu9Q~zR5qpEq8|49{ z{K-FvRnl9_tgx;vR*T7Rceoh8N>L=>T01Lrw&9;2s?7=Zt{u!q*yb6_8_-#J{cWCZ z;joFYw@IpEb#hi#d0h21HTBLUBg!JKnVhCZFx5U+RnlwX8G}y&wwGh0&b#Yi;{LVu z?}JMB^g-srl5$b}K5=5*O5go$>wnyFUVa)^=Mvo^Rw;G_{A+r;C=u9VRciYKd936% z5P=8vOkwkHnDJi7vrGy9mHQ-7LH;}7qpKM>8uub5`jj!xUTo zrl!88>)Oe@uo4kBWganlQ9}tFiMgdkxRoLzil`a)`;Aqnxg2d0kIi#`G5K*?9Whd# zdm+hMzq@o>fkwBnKI)a@sC&Zb3A_ZIPF1JbUh!F}Cet77Ctv0&t7P@NnIobr>Y_=q zTqi@Sl=Di+>!}rx)7kg^RVq1m%nDfd=g#bNF1JiBqv#0s-}FxMZYGO16US*p^-3Kp zX95FAkDty);)$foIP@n24FtdEZE`&ador_oE3vQ9^t9U1TrXs!AV3Q@o)*z=m z5s4BcKV>Z*9x&TcLC@TOkVuvWvz1SO=(P|)jLN33kNy}oAaMVZ}M$RA-uepM}mqfWnfCN|Psq`Hbr3DutdY_a2=7xd(2=f%~5G_t;8(t7-9>GH)Zma1o55pt!mCN^Tw^=+EC4OGCf)n+7Z~!qCDh2L@O1l= zN-X7`sGYfHNm~)s79Guqg8_A@6D&iu?DH!lUdlW`Jg<|R1m3Bfd-b|x!3!-M&4O=9 z2`}ICH{=y$5S?#FbxoXyjipQcz}n2w8g@qz{q}R~*gWWd`8!f#x+hBKgoAN1P8)w6 zS#4Ywm9HrBaI)mfPCGp&#ZGY4xvD6~Y@M5gPgC77DWbdvle)CG?5K z=T0Vtup&dvuQA8&L=WU2nvq5Ff2`*$;Di@=HUu+F5Aj#>q;gAe(JPCKxIYBw;B5>k}#> z4~vC6Wxho7#OS%U-~YL8M`^!+i2vgef<9n>@#*_RcWRm_owSmlUP@(@;|JL5nPHu8 z2Ry0=pH#}aD$zB}^0zj=@@rLBFFdJudStZmr!qucPMM-Mwe-tldB#mL?ECbR*RRV9 z5`PGR-IDt^zIK{TFJn#u=~G8nsnmA#NAx01_YK>qY$zN(tY1ssaIRJ^3zQKDS8BdW zS_?_rT>h{l?mJPgdB&uv&Wmv4#WFawHv=Kq})@=$@Z|S23K8 z@3{BLXcN~+u)38ee%$z9ZrOWRNBT6}7RO&PT~^~=9+gI>Hmu_s)OJ&;33ixuHaa8A zDWRT_7)V((91iHF0pd7FmE8{g{2$fuGva`$DZZQ6&K`~lp%@;o|MlBN zSFU^evrD14f>b9QmtH1TJP*3wSMkhovV7ytUU&~tBa`&q>aD6%Fo1?cU7?`r_=9FG z*}nip=-qCMO(U|nB?@gHUJ9_!|l~hyA6# z|4UDqri``%1W$29tDJC4$}*Y5zSs7ak`>Uq@Mt1@+w@W?(F)Pm>&Ty(*_maXRvmpG zqSw0qm;r>|&vNPz%O*=DRBO6>+b8keBiD64@}S(e8kR8UR@bNtQTDVQKq9|ktlqV^ zntOQ>z=usaJQ9=DYK{hOTf^#+Ezb^=W$LgLPa^)apH7pa%)-)32x@8FETk>v6ls|- zUR4tl9=Sey^SmU1_5&VM>1i~qT@u;I2;Xfxv>Nf!U4DPdlGRa(hGb?z9qn{J-?kIz zS@LMHyp5h|_=Z*Gyy*`BBtlxlGQ-_x^soDFo1Ci(%@a}0++5f4^NVsFbJDHVA2i=Z z;nM2Wg=>3nIR4Bsg{a?q{e)X**q2350rSi@8pZDM{^ZQ8tt6`O*36F|$U9Zck6pC_ zwwi*sKUB)O^^Sie7@v8=b)9LHoj;F^Cg3yT9XecWQ$z1Mnr@pU@;A*t@6irtF7|zH zNx0YEuKmIq;c&-2y*Cc$)H`GS35Ay^j7UAe`SifmP!tD+49KULI;(WheOj?hkz9fC zb*@szy`|YB9;}?G1kZ<7J+^mPU9_L98V8d)a zM0o#)*`ZSEJLr%X3GkISdapwB{rW{E%b$B{TeGZ`(xzSWGjY) z^hp$->fP+|E_c3Ln4!($0WnUE^RnXD`aewhoOQQMta}#P5SsD1gz@V&4`g(9Ger1fsAYvIY62Ip`fk2r&V#6D%el(xtVd%e&o| z`&7kkZwR@R>*AVc2m#D-{8#%_gk6-W^Z%!f^A2jNYqxlSfP@}E=@@$GEmY~f zN-vfOQbHA^BOos!kt$7kZ=p%=NHZv6Xab=luVO(E1QZcbir)#|`_0^$JIP;}+0QO> zW@n$Z*ZReQEZ_#9^QPGQxIL2N?{7&wW5)oX0TNjLXH1%2k$`ZPB>?*CmDM1IVS%my z>Fm6~{i;1uXQT%p6_EChP2Z5Z17t;Rv@+jiuPe_;Qvd<|0tGaP-$}wA>40Yl$a|-a z+oZA5orf}xZ!DafNY5J|b~l{c9?8!wF@`Jpw}Cu{WQREo=Qio{nxwhR$N#tH z8uqSDe3qW-TOVF81M$EU;Y2A+l__?&jN;Ax+7E-R+fD#vn$lT~NVuBG+rWD;-yL+y z>FT?CmUTq+MyX?Peo$LG^*BoAqLzYJ0_wB$3rV`r)+4<^!7?gu;zF%+1Xdy}3G^_N zS;78kNzp9lLy4~EM>V%b^wVM@rz_f*uU8uKBBFg#@4fZrk)Fd0T6Fr``ilg~zXBzm zcrpH~*To(kGkb-vuEM^$tp%CnsiqrV9QzLzAX{=$jen$88Qya2OKEIi`(GE}oa>GG}Ix6kQckI6?DNgz{K zS%=#?TP%e7zl(j5da&-amrX+Cixs3ioR;P_S4dIx(?BIL{r)7wDMdpSI>JJ= zkmyg>BY59%$#j(S zTs)f1K4Lb@Dm!G|QVQi+X#G||1h47N9UQGa!l*09n>gneA|ANR{s$Cc$+knz_Cf+X zrGIL<9@QXCe?)O{WFsF_Hu)ph=)I^ncA80D|6n9iPL+~bjb)zJjF`hF&jTXh%x_dM zb44GuB!jo2g-lrme~9j~CL}e~H-q<~9R?-XLT+^%&iNU8l5sQ6qw_s06QnSd`UK)MF7wv!Z0 zAjqS3!~qhz8Cx@kEb!aiz)t05MAno}MFkvwaM0!uSqQC}kQei}yATS^7It2$K)bW| zM;lu;sQ4&JZvM!oPH{FE`<)06=`FiOY>v%;n|oQ*i$^Gg!-}IUp3yX|{ze6;d>%7X z_ueQ=a>1c&?v>xTD4#C%t1tdvMWtJ|0DfSc0gP_Od24bKCw*TUv#+p<&B7E zMBLCVZPHL=uhm#4+_$pOj)y<&1$Qq5G>Y}f@CJMdOqCnqlJ>Il68`jw_uIraGRMIz zxb!LS(kt&8?+|In1sxu|FZ9D? z7>#gYIarJMUxsd(&Ky_p&u1Q$Ntxr5eDPzaH*1w3%i8>^iOILsfXy-HZ+?uM4OB$q z@s*ED=@7bsRlfe{twy{ZL&w2!OLb^yZiKvo>r+qOEC_v7dXL|Hc;eb`gI(r3`sqYe zH=R~Z*cYPyEZv}qNBt5!m#)_^V9wlNT~`ZIA!nDRRcM@p7;FiP8GA2lDF6WJ`3>Fx z-YCLgfFTxUNi}5CIZHbSA`@EjB{+_ujD_!kHZmT~t7n8JGgHR!NDVbYBdMsfl8pl{ z-5!HqD)8iEN$16OjWhN^_d`<`m zb&g8K*qC+Re6aLdbl1`^&yiw{#lEJVX&1kxlYlca6&MXRv&vr$ZGVX_9zacgz2Y=V zC`%#4eJ&G1l2v>Y#F@DRHJV!Qai4%abuL+(N0vu8o^gaS|I zG~6H1jx>~}bE@)A!s&8ux*EN#@A>}_SRnO0Mflb6Jrr$B0lFjx9#p2{=Q0Nso90f5 zTfG9jdtztQiVU`oxUxC{jr43;q|VwW)-nhDj9h3OBj`!Rp0BAqB?(JSXPlRY>58*> zVI<WFR1;pUNlSZ57y#SDiEe-Vx$ z!169_mzf-JQu8;r!`iA=<+iM$jQVAKN6n`MBrY-jBPy!8S>Pac#wQ#rDD zty(LuSXfzE&&1PcE?4L45IrMDlNqjQyXA_lkc(xk6BsTWNN@QXEmMykzX+DsA zLNo4oD6LE+=T=A4XlB3&b3-pbT215k&ot|)V9PeaZT#Ag@ws|8 z6Ip2fJZ2IwSAfS$9z0wbH;IS~0Ud@LqYh|`Jt$yfvyD3U^5UrYpFNU&Jmv$JeFp6t zo*6^8-@N>QV~-+3V{t?%9_CCsrx<_$^AC_;#8_eAOcFZbKdb!JuZ7I)*xy!tw>nYo zjIeaJQX_CLpe^bnp zaF9|T_yrr~o?aU2*Js^K2zLQkl%>{W6n77HqLS{@Msr08;@>cOrD;w#>ENEhO`1s- z7vp#0`EL$fRs9-!h|Ke9&So=N+1Fi_d8{3$bT(~*6WDhW?xQ~I3pq2*NfbRCLNPj= zMMqOo?Y=D_Pc=0IF)foZv*&YU*s@ykFn_YX(|%2D=q^PWnN8{ZdV@91^I()ewSK3{ z8!>f4NKH_NJW8En&0__|lmIJrASUcb7EH40|Et@msIeaY<$j`l0JUx#$JM5OLC3F-bEZ1@RnG1O{P6`<1}4pV*?g82z_gW7y3pYA}d zw$!7+WoCtK;(Hpaa+NwK51P_P%b6AeA!#G5IAdqyk|=V$lrE{0p^Y^IP?u5Rwx!Hf zY$LyF>mQJ}<;g?HkEEo}@8V1Z_+~IPAHqGcICB$f2Baj~i^$sJYzi;0i%B?juG=lY zOl%Ma+(&Kd#y3%XbT`_k{3(}&Bg}Fu7t&IV$V_sUhE_LZOCz{@RUUWFS4d7i=2u{5 zS$P>5G)YcVR(OD6jn<<9xluhZ=rEc@AF!y`y5WRm^_B~F(r*8+K0oA|U~usY8MTmE z=1eK;JM9Wx>`;sZ4E%3>EjkRNhEgdAH7%+5eRpdhKf^0|cy`+HfgvnMK`2AA@djqb z=*x(O!O1m>3!q8+A>&a&LB+k4WMp<^Gh1TM?bZ~9{;wXRUkeA8)IM(%u+Jl!+)^~?3t_9ZW~3!5Zay;D#PPFs^sQnqW<)qDa@E(X+tL z_t%X9#EWlF%h2%gc-8Beng1L-Z0v0l`F;IS$8kH8#L*{PKfzX-vu$(4f<@z|?_D@j z!1X)(;Y7T1&u`*(0H>OC`2KadxNj{_<~lDCkmQAHp?p;uD)7n@j>wsNY6}Vv@<#|| z{3uuN(H!T{D!p&i#fX1nN7|OwMm?EwXEdV=U2ld9^jl;3g~}^AAtIsP$fV{yM%DvQ znx80|f|g_%JAuu_(w5^a!HbpyJ@4tVlvD+K@I=hCvRQpZ<3GKw1W$<|ABsL3!_YFG z?@=8MN!Ne!d%Z`73!AfUvula)pFK84Q`nI#fkC3_h57lS8gn^yYn2&oJ|4v4_9|n0 z^jb6Z65^lyhS#5MqZ4rW5znGtIz^&vFD}_Jar2lpNe?^WQ$Md)qTRo6fJAlBP&&pM z-Kq{=SH-hjUaM@LrBf9ThikVX%HW9+oErmip*YdokK#BTbpqMaDa{%;v=nI(p7DzF zO2uT|4pp#rzBhE=Dnt~o;7)4i#^;SHqZ*L6&#aRL{SpyOZ>w$1(R9XC#>K(+O@J?V z(pZ+_qXrrK@W2pZ_+_I~n#f805W{t+VLKw)pLRd5>zr%=yfF^}(Rc7#c9W0XAJF;} zbNLzim)6A)r9drbpsC*e5@pdVvWNkjr=|T;=2&kx z`IsPE`iMbQ6ZU~>JuwLb6n9SYmsLyOk; zHC_!Ko{|;OFZ5!_c<~ZSTY-z9*iNOJm2uosJ&XLbo{gedIJL_*2F6*xhF%p-8demtAOwE|Gc71xeBs6Up~$L7B=2 zSfT8;nmlTLS+rMJU2uH*ZsBSA>Eiz7-ZR~wPK4-9GaEO~`@jo?j{8Z8zpk(AT1GNI zA>459yBU=k<*|k6kEkjI^7rovyNg}OO+W!XlB20Z^Q~mUznEko4xo7b53s%^oT#t1 zhL_8fK}H*l-iyclWt5u+49DPNxmesH&)kkqmVb-R>$1-gUwfK*8<{=bk$C(a&uKwt z>&qri+f+F7{>j7n$01HJ>a&jbQ~p8x*8Wl)`rV?GNsi0ROfiF4nDm78KhNO zZ@=Gz^A2g1=eTe7H`{iUcT=7|owGYj{TA_*Ebyt%5abmVhl`@=sTX~nOYRM+x9_x_ ztQD39YkyA*Mh_X*+2|KLRb3wj_V}<)^%d5uc!IjYR#13zlMbqAyqmW8LUpxJ90{I5 zx~T)80o>?h6EPnD&Qe6>#nxz9ymXyI4-lc6*d@FigYU6 zS^5KVNqBulvr|K~D`kgqz&~9}WDu~Q>XEe+Y`c@I8OJD6n2Ix$MUgu(SznM9^|5VH zr!lxP2{$lG|HXP(;!}9?Q31Wvhx% z&zQ!#Bh%yQyJy$p!!%>@L9;y(q79Syh)`%ww%RYG9jxhA#iRW1I`nGXxFL0_xILi$Tcn`7iPGU zRJ1JtXmX^07m(BzNLOySU;PqW zmWaf%;I@aWP^1e0?1YbykA4d`(U-j`f=IxYJ~cG(0hWa{i&U*+YffNRgg2|@+(8X> qBs#%=i^M`-xM0!&K#as!2CWja6=2PFv^)V?2b)K_NYdh;<^KSC#66S% literal 0 HcmV?d00001 diff --git a/docs/versioned_docs/version-2.18/_media/example-online-boutique.jpg b/docs/versioned_docs/version-2.18/_media/example-online-boutique.jpg new file mode 100644 index 0000000000000000000000000000000000000000..026f0d86593411ba20b8c39e15f6158ef6ce381e GIT binary patch literal 263458 zcmc$`2|Sct`v81q#xMpM4B28vWJwDV3XKtsEn{CR*$N?~&^Cl3dnh|)U$aD|MI~!d z_9V#?QHtzYzB4V)^SsaV{h#;${@>^KeMh(Z+-JGZxz4p;*R8dlwE=+B*3{Aj2m}I9 z;15`PCn%@k5IcxuDu580K>@0#E8Z)F)=YS zW3a4vHdYoERz6NHcKil@VWAEDf`SCmt>Od`>5YPd5(<*i+hyeBOqKPeQF0fk00Fu>7gVLxEtKywmh)EK!84l{{(;AQ=zGcX&;rH{A` zUw#qYVe1*djOAI+%f~OaNnAowN=|;Kf}+wc^}QOJ`zTu4M#d(lX66=_cJ>aAM~*r< zd!6t;dCJGv??PZu@Wo3Zp)prto*bP~`iObs4#O|pww^DsJfd>%#HQ$=eTVFS z2Ux)W39{b+`yH-cz=}dZ}HaB*9DwN<;3tx03o5bJTZM-2_Fi;c6z_YOQL-#vds8lQrh zo+F$0_i3Gy&uZKEUbDKYZa;ffhy6L*n_C`;ICX3Dn!gpfro7UU7sfjjZ5F&oMoX>! z+m;WlYIeusGZL-h5*@#_)@<-RzN0VgtH1fp1#xoli`UX+aSgqeRPCV1CaU5mq4ga@ z;^Lyy)rZubwY62Jwq^{u?$PUb8u-OJf%lUcwOYq^V^xW@Hv2N-KI4gs`<~rq6~TkA zqT>zXSfus{-7(xZ(P3Mj^QAcM#HvGQNBi^p_Fp%=z|{~K4wD248+NBzc2rhG^uDqE zcBU+DY|`#cD(y@9iJ_c{=Nri8BfbV4Xg=jltS*FLHVZn$F z#E!DM>QwTLj=>wDgOW+dJWCZ@utQ;}zSEH{7ezFBKd@}Op}KE6lbZW9UXeS(Q{8X& z(?0<&S#v zWra%g$!Wxs53K8As|er@VIs_;GK#QSE;&6G`l4M^*L5UqKi`gddablYU-`<6;5w=P znbqml6No1Z(&wM5KAi0=$f&>NyCuAHfl^7-Ns+AZy*M9Dt zZAM_pg|O9R;f5u%`3^ zcf3|wGTi4;w2SBL{y|Q`Iv$HxI@{|=^L!gTy1PnO8_&0dtKNMWmzv_Q$&}?Acx53# z2`P{?t>bDac1ET}ak>7zlv2s9f)kpFOH&G*!0DQh%;(Q~4xFd;Q1xQ>EXK`+Vr~3P z4oLRui8Q{syjzXW(Jn^Ips~PvxJkL}=%@YTgEoE!kPZXG`C(cbN#ZgRRm5j>A9}c8?3yNCfi)R&`j@>g{H4-biDk5om zSo+9G5>wc>bJ=;tA%iAcHEuRnD>d&uUY{p8mFBK?Fj#MsONyg6PbkN?w8g}Gf(NJ1 zpI=7#^B)Pla1polU5gj{L8YbT8)?oZ9`8Qm-ryW7SUs(XLww?SipptT2QMe;wp$b# zPu>u&Ud5zh+4qUhM>&B+Pwk>NO->n4J=REJpPq!Nn zySgzm^;V9huRGD0UzaqRIA!Nl%y`)UKsP4`2IaJx=_`Llcdfl=O;^RMdV+YCs&MsMFdd%Ra?%vF{2v9h*dov@-|W-1x=XjV|L!{|W< zXP;u~!tQ-6xzi}LpqsE%CG#*&!A_~(+yuNR`uXWOdA$QmdvvKsDI8F;b=@Jnl;TeGOkdAx27+|%#8_HGRX39G$otjX%# zo#>pr^{f+%nN04-Ey7#&-M!)sbf((|gyPnXo1EbX@u9oEPG|u0TWjFJf=O?d(`xmX zf{JU8^ZRrkRTArVCEha5UIW%0;KlU$R?X!PkA_#jo%0ryt(QAI7O}mP?gFOW~8TnR6Q7mdx3Ujkvc?<@6>*u`NE$>7{rd+*U@BI4hw)xjzOE!Pm zcIjA=Dskb-{=3zoM3oOds7lm!M^?m#)a27K5$!RNl}|YpJ#QqUU=gK>nNSp}~itiMcuY2aXSvJXf1D+U3%pHiJ#|`?lj*zj7sGFO>)-j z*1+36DO=}PrrX2o`)y|W7&sXo{qIOPBzts-5x}3mpTw<&F+~oPzuG3 zo40W3`;NquLci{O;X4jmc_;n+%)E1*x|ZU?x~@t-;4^b!9V|U@2<>Dk7;JU)O_s86 z%uXxe_AeQT3#T$B%=))SOpdF0bx`4w-hiGjhG|voYwB4t zrvz$P^HlUJD3&>OgtSyEO5~meD8y^-Z!(YCgLOAZo=r!rfv$A6HNbH2ZI4g0o~!&^ ztLOwrLxWT;D*8jjdF;|4;%nHFS+g*Ut43?>0WouAX*p%z%XNFK%{n=R`y;b}&YqhpI(FFGXyX&tFM#UMTKG zaQ?2!B*ucHhpz?;W?slwu$8j*es2}78g_5yn_Kv7@gcpgty_xgt`tn2V4BQX<*Q%l z);sE1GMm4Dp!2evfd*3XJkuIzc<^xcWx?s|UF;Xu0G%YpJFAH`PrdEV_lu7|J9-|g z8ff3nVte~7&+@)@W$`?*pw3$z<#M)%-uQ=SMk$FGYk1lXg%=2&uwYub$G*DhPI#o% z7OlkTnT5_9AD>mO*X|E(dizcfii#=^&#*2b-g_xb`&etwDIS{8O!tczr}~tzRWFnd zTJ$_Z2cB$`c^v0|nf=>X^pbIW|Bi*Qu#%Oyv&U1za|9Iz^CfOZx`*E!tSC=b$bIgs z5WMUeQVGZiNN3%SGRFz^{9#@IVpT7Tx)eUuOu_(Y9DZ8MZ9-$?&J>(LHRE z6Lk4A#2mL{`DC#-uWH*1bC#59i=Yy&rg?OXI{UsdL)`wSV(hnYsJoj_2l+#PzeAmNw+v zH4cB8Cw5gjsg637efn!Xw^&7)o?DC#bI>*W8-md!p*;hwf&3-G$~rCu`gyPKKB+!o zu($rWl&0+2FXyqd3$_koNf&yIXQ(K9y)m<{Jl;&B@W2(R&L_GzW&G83>R$MH=a=>! z8rd69I`ei1(*~svt!@&ClZ`8N%XwJ(@BHTlEng;YU)r}xziHiZS&t>#>~z+IEy|;s zr_VmSC}DB#!>mx;4R`h{LhSv@iSeO8;(90;Jj1^uJ!j>Fb8i%P`!MChpob2 zd1SYpqe)*4C!ox6ODG|FG$nxUyRs;lzJGZysu#5F0Cqlr&Y>((OdreKaNhO4$lqVX_VV= zzD087a_+Do`-~at>r*dLm(wZ79;n0vF5UKzuGhy556K={xyIg>`!LK~NsNYo%o5!qDK5w=;?N}%ciS9bc;)7uJh<%F3br4NsmC&;0o$i-a_{j5rF`!SpC zb^Q-l+?xttY5=@}2H=jr>pET6yi%}98_iZOrZ21@Ub11~{Vj=fjH_)7i+6-Y;t{^) zn~#(`It)l?ya5UKMnm)kKEjC0&FHotl3Dl?@3Qm5o??&4s)uCN&uie&@;9%f4l0Ak zMonJ1py}GMIiWZ)JQbnw<6;sR$Ud~N&qRND*7W+NAIbWjCZf!@u1i>rp54jlewDIt5()GvOe|2 zE|Do-p0m4r#hRbLs9L#LEZN#yWVN~^JfwYB^ZtwGBa!p3mp7+#?kQ5Ftlrwo>vDZO zeE$8#FDIc^jXSaV;o#k{a}1p+`wZgoKGIS8xw4LmUNxGNWD~=St?eWa){PX0zHBN{X=^|w##&vc!POl*x{vh>!Fi+&`~yg5*VPx>?!8SL(C zU3JT5Pguo?jV{du6>NR?*GI*tYtM7feBy8Bne%GQrLe~_+_v`HVH3kt#n3i-Y0={K zq4D@cdm-OLe(h)?Aa?&@4KJSrMtp6qa7otjYH1N)ARU1zM$c(d7lN(gCS zx*n-TXHpdBl z+$gKPveSFiTJ|L5i{8K8=DuWh_0Y2WmtoG>s))IFYW3Hma5-Netw_1<8C(Mw-7m5E z+>}}6d!&0#JhF?Xve|bo!#e)aQ?HY%GA~Pd#2(ym-JJGL%OrBl#jR~*tFTORq@|6u zEw`2m+Du`cJ{HX9Ij#X?XCMitb}V5J$*(+=8abmsw8H*4MtXf&qgXTRB?7fI>_~DH z)8Oe)_uvO2M^(ksKF*ctu+=e&+}6un!H9Cz7Xj~cUQ5^*@gqzp6>}q`D1Q7lIvRLG zRLB?i<;xS$4(6}yzq!0&4T$`(tLuuB-M`hYSVRaf7|bZG0S@j&(OcfE5iGk>)i!KD zzpH@fvNF$09jC2hwFj-twV9&ENJG2>Q;&wd!i=lz-;9Ud`1V+4;r#5x!STudI(gYj z*^`=~vMp!v>$GZCHb2YxY!X{76r_JL)~>Iq^#0KsCuw@p9LYMagq4-jnKf|q)aQD# zCfedM)%5_=ob}~7#|dAW+MHV7w^XKwB6EloQg9Y6l52Rj+?e{IJ2(&uw)9Z4l(II5N zeeArWc$IGHz;P9{$CnTDJO`y7q)wXpX7#RGruF3>i^*kI*(d(Mk9F|w8=_6ssZg6C zLyrVYTbAaC@qK9D0aiO@nx4H+HWyF%;gh$YNQQ*K{R@67l-YxBN!~UkeNswYs%)hT zMAoHBr6z1k$sxa~={=9Vd#gfN&PeI~9s8HI-7BZwnK`HYaQ!e+sX0ehG7ih%jHBEz+?k%Q&n0}Y(qw(!FtK@Kt)*7i z38#-HFIkf)N5UxS!K|`50g6R_n86CdVt2i&aQBQ4F{GVxbTn2<+$poq-JQQ4?{dpT6CiUOkx2rMhjsUspD&O% zuEcldJ?u;@G!uzx6-?5vco;nS&7{i0O-R%Gq?q=e(haI zo&36BmhKbzxZ8};N!pw{HvZ`A(pl~cISc9r7B{J-avQ^2Lp(8N%^AP6B255n6LXu?ruIy_I;* znjpzVcQ+F}nKGgx`0hU#TLUhjJ1y8W=v#_U!oiatx21R$ovAFG>-F6uH#8D+c(s1s zY^6A-Qqj5cgbUA29kD9&cVUx}&5PO!^RW@?_Nji;XPpP+-W_04ig;pM6ki&GyNNr< zes#+W`^ej?Ltw7X!+dp{LZzQQ^5}4NxSQSdXt?I==t9kqAp5m*>Uk3*p-R_}W@-5J z9gYiD6ACollz!#IoLAkq$rD{<#3Luy)?@Q0)b@ER^CSo-VrS zN}p5DuvyL3XZ6oIGBoylZQ;6omRWISv;O`srb&mlr|Qk`h+K4%X&v5$?Y?lRJmsZ{ zJtJkgqiI(EklV6pm~6cVgV(+$N=C;wjzmr!d$vkriPB;`P{|X~jB%(L5WHeGS2DkE zL>ne?Z1V@P5`_~7Z2KpNUyIznrYYL9Z#Ttg4U{7&>rU5OdLG)By_jTSx+EN1eE!m@ z;tUMsaRlJjlTTvF*vy;IwO%l`Pi^DIi1aT$<1#I52g>gTtRm#3P72zT4JpwB#2`E~ z$7-`&u=+e{sK4;zp~=Xml>GxcHTnYA-Lg_tl$Wpl;EK}OD0O{EED3mpUFk6)7QWh{ zeeVj#lhp0^jzD|qTr4elFv;KKnD>Ov7%J0{aZ$@KC1EbYPx$MY)21nO?DmQv=30kK z12(jE>={a*KaI;Gj@_~d($3a5qV~Lbbl$CsXT0C)2>PniK$MSiM4U4XD{-BsxCfJb zREMsh@+T&^SC(Eq3!vCt_R1U6Qa%?@wTy-u>+$(+v*OfS&(cRNJ@)rrMjIFfI=GB^ zbamkhqpd4!T1r2fZH!|W_WzK&V}|?OU8&8O`glo^k*!WUTYRtv2hiMmui@Jdu;CFS zC+CiTu>91=%xj*R^!#-M#@+dI1arffFL#lK!~Uxq-M%H66nx@rw+%{z@y?Q$8qT)d zXQ~C)9==4n&91>#s?UE z;hpO+iYiJfQ%kc&SPA6)s@@Gddm}r9J*NMZ?q4T&v2&NnsmXJ0IW5 z4iif~edkZXY_F6Whc=Y9c9p#RZpPA0S^6cs_6n>GB5!J`s~@5o>T7E0YQUTz%;%*a zvvc)g*bacJ+X+v@ePjYmPZ5~j!?fOdzz!q;<6%3m<7!l@?yn@-U+;5W-&2U7eGC0v zf9?O<7B+haFFTlABfwE4yW^fGVBH4Rcb+v+4PhwWj#5Z0wV;Ra#7hu&`c zqyCXzKk~hfgjIm|G&WR+u;F2yaO4kl+dtIpj(WPnF>-K>sJ*Kjd_U6sN8O%YKSQs( z9`lBK`(EftLRJSi6C-#Rg_j`M2eg15paKH01>V3390Mo77I=4qEndJ7_LKjI`TXDK zQ{gOIILisx!5MpjJ8%Vuzt0DB9KbQK{C>7xjyq((Hz8Qb0HFKV*1n1Xz;p$Gm8i9~ zZy9TAE7xH@w-10Cx8LWxrvsok3)`c9Zxc-efISd^%G%%CY_9@PbrAsGSH}-~9{#=# z3jRhq!W{E-4ghQx0C2qk0BiN*++ZKQAKd5$z!;vD?sEVV5&_tB1ist)e}J2wsQ&HT z{&vjI^ZTAdMj?^(f3PsXe`pLn8;iy=F)?CTv8=2tSQZwxb(}c1bsXzhSa3Wz4lX=5 zH#aN$dR`tpFDITG|2>C{f^!(q%xE+-o{fbK{~wpN$1sPCHf4H@LcsLtuN?9QIuFsa z$n>N5QGUy{!c?pPJ-3X6dCT7m0*OX3Ffy(E%xB_II7rJ+CRFi$RWbcbRag3HzmNUL zYm55-KP|+Tdf;4DPy4a26VrlcA2fIOO|($|Yv_&&YLR|_Nq^FpUk`r<^F->~q_H<| zWnSI=ma+zf-7k-f%}$=xzcI0L@#w^4&97-OP7(u%%Oc{vGkKDIMUcXR3ME_1C@2;t_ zBiBBsEW8!IecyA@`LcDFE89msb`0?U?74Y>7Je&WpFxCnT{9(#K%W=S#F|F0Z z_O4EdcA5mcn3~R8e7VtiFMhuBUg``0LrS|2>X&~>JjH&v^DNWZi$~XSC0V@RExf*> z`9j}`x4O@x7HCTnixNv<(Rv;guDEgh#>>{{MiX4a8(-^XbVn9Osw*$U-Rnk@l$V8Q zzKdf_q}_`zFn);cN8PR8+y1bj|5X)H%D4bdT*x-NMFPHBKAr1`xpDwFpBdh zB!|)f9WF$dzM#sBDZAeNbgcZDraT1iu7RCBK9euI-h5exb!zwN!(8=q4^=;(-DdFq zv@qYNyXP~AjM)$K;jh{(?ZTH0x*Hzb# zy=m8d*LBzUxmEXiCGS?f(fh(%wdLYVKcR=sI}Zx<%J12S8bpoV7``!v$`_LLQ+gz9 zA{24XIn6wUbxOT`-MzE+etZxzp>yp2ECzjNeP4d|s0KoQ-YBk(0g|s<1m|rK{?KxP zj0wO%WE{Je@{6Top9Uao!jdaT9!Hu^TfH@%J`EMB@7vQ2pUU5TTygDIpIkg|)%oo$ z-|I6Io$?PxTX(PO-14qUY0ev?EqoM`I(z&C%GqNd!>K17`Vsnt`-45+*G$xBq=ues zf5EQ8lp*A2@An((m>9iiVBKAxJ2M7f z?|i%nO(X#RBxq6l-;E?~W6wE0xVX#e*>3(*g72+Id79hgS8LLbkNR(znG`>uWLGS( zqafwlyH*`VuPeJ2OLsN4q>QyIT{-D(7q=VHwx9Y*oYhMl>p7~kv));8C}ekO8(U*f z3+2~7{(CA)%?%j|36;n%=GD&Z^QHH@jb?usn?Mi6avsLMbk0?GVrn*LJbf}L^T{T3LlkE zZe!R2H~^Zk^-fdMe+73#r>etJYmm_8;rY~%5rtSh4H<=uLhz)60APs60R#nl9?;h1 zg*||ZL8u`}1kioZlKNk*D!hd*I5ehDx9*)j-E53RMx_Icg)w9dBr*n60JtzSAQ=L{ zAc=)85DiaDM_KqP=o})E8o30zd5fT6 z$ux{1GAdKPJ1+LWT9T=muD4&_%l`WEOe$pI%%5+A0OQgj$Ox<&b}zsO5hNJU0G=<9 zzxofYmq&4U3HoU04|+= zr~rpU(lAs5B$X4-5M;O)WTF9<6a<3Mc?dOJ-!@5!|LSzvYP z0ci%8DM?2vm4%a5n~u}S2*XMu@d)E6{AIF6K8YF2-!@$axAU<&Pa(D+ zVpW0xaNA-_A$oC;WYK7U2@+tS5hMr_=v*uYOQ`@za$do<&Hn_rb{+H8LIwBGq7n?2 zID7yyY752?qLz}043Gf0kAB7TwjJ{j$IK8u9$FBQ1lb1{efyx{KftlHKcCrmu@OF^ z5CGHw3ClvwB4PoWsKc4gpujop`Iq5;p8mJb-w*jOBW4as-kWh3zefWU6H!Y*;mN~L z5hO_f_?sJtNPijrpEP`z4}Y29w+*6s8y(HGbYO^UpaBGlvyeA7Q+{N4>Fb>Fz$Zh;X9Xh4=2y&X?-gC4G&e*K{6*4VU)o9op*JlP6KV{`Z5w*cd3QLU~O)Ahy2?w-AP;Pu37q2h_l zs&-jDUrV%dhjv>Fl@Fil*PE!=E7+}5-ZPuhaw?;D!fO9j*Y^3P__rB#Cl^lMyLQs` zh*xU&+}*nFtTEM7uEVNN)Sk@y)%=D*!eufBn;ry!VV#_82nhhqvVVq$R9qU|mv3~9 z9dGix8rSc!;laIPIySna-mY&vd+tKH^S66xW@*(&=d9gbE#dpK?TELG z#R@rY-pdN7iaxAbof_@GY*acrIO?~daO&P?^;<17yH#~2W>kxY=kKwfFL-)#L2gHV zsY~@4*f*T|Q0;?|i%0wXhIM~LCIa9XB#%OwDQQc+nQI6Tb|$_`5LSA5sj8}44;C7} z$pOSIx$p(BVExfCx;HYXiQcO!ubRJ`USYy|k?8k-SAGZ(rE_U^FVFP9b$VXkJ+ym<2E$MU+x zBL!_oJrCa<9G(^4T>a{+2c&UFJ5j6nR4(vbPvGZb` zc(3N2kecLox&Q7|;Q7&wlJxK6KKZ4>xJUO09jd93wo{2Oew+TwP!hGok#P7RbUHxN z%sFYL5-d>CYX2C<=s(3V&&%|<{>{FYoMeHa7}a>ytuiXtmI$bKMw97h5>G3Ab!tt? zoGl;OQJo_Fjdvt6QV)eH7IqQlPxD5-=jw=PJ9FlgU1pk<5UWqZ_`dFoPnkS+NzRr2 zX6yg9pTAVT+mN*H&G(<^y=^&|bhrC=Cj|u!uCFhZQ@z_s; z#!~ft;pIcONwElL8i|~MK~Q2Ph$Y*^e#$(4rrINYHp1968(|q?y9@7kylla|R2cwt zIsvM}s+|f)9*e(mJhET)_-=##Rx763i`_@+a^8rkTB+D9&Me*hND}mbyKUGNJ(v?G zY@PD#Pn-CEdHfsID14Du? zK4t1+ve+d#^KO92MkRTH@(uS!c#E)gnnKF*+|MQcUv~Vf>Bl+God01p;DcnKt%kf7 ziv$Qjz(JE6NMcDODwTx5T9PV2CYG6m4k58Q{U(!Yrciw}Wr=yCk~HNcySFU^M^iCg zqov@?+*u4zR-P+2uK9wxAyj;tpd2=3SCx`HJ9O;KfEznycl4`PF6EjTRDYG)yO?umsq?UjBEG!|*}GXk7|hD#43pcw!lAxI1o5@>WD z%%sxIyuy2_a{uO~f8YJnJ6eX`(Y@4ZXud$W2!IwOiohZ;hEX)A3ZZQa!-ND9)sjRP zL0KUr7oEoM>frBR{WraTJYL9X@Nn_8K)4bCdPr&%5*Geopnd|uBc2K7~0=L^6xtT1yV8|I=OH`0*QPr7TS#fW5h*(Fe9U~ zWYF|=B_JEA#gU`%omXT35&xb}!O*`a(;!Mg6rF?#P|DCP)*uED1n@wefY62>wNXO761nGc^HN?Y{mplqx(9S=E z7EmZ%n0AGW&@TdG9tqwU8v4Ue69UFHpo+Z* zqYRLqE{RIw02zscl7UFEC)1!CY>osHXc%XS!eiNDsm=5?J zgc5*3C;=FRLL$)&(SV3RuwE5yDuWgl37ChN5GeT+%b*|@hY(j?U0b?}qQYc6Kw19g z#4{)cwM&w;EAS!O>Bi}JLy2@e0A#^cF)HclJ3 zq^jmp6N9NT1IRcWz&3;hCh*VonlGB8L~i8Ldw#K$zn_#uRO3so zalW%9oATfxwYcK|kc$vIDyfZ4kjkfKLV*If2^cb!GgFB4(#0~P`8MdH(oI|(=t>GrN~9*Bkd(;-Lxv1!1dqd3lQ_do+X)0n$hhoO> z%a0?aXP}`t(56E37o-yuN+Atc`@GGG`{q(Mu5qJDy0RB}t4Lx}gT95*f%S5(1-U9oO;qB(>yWU*U3#WWRR$B z)8Bb0+$c%)Yf*z385ewH2R!WBcU`e~-0OY%?^-Lo4mZ5Yx3{O75J1@@1OmfsD8nd! zFMRmt{(p)L82`RZ4`eapXn`U(I4o!5MTYF57=`gfe4r#0Yf+NMWRXIXMoE|5k~zpW zA}fukK|sWj6Mqjpy{dbuVQ5JXi3yQ(D-3jy3 z@V$Z1%E%@_{XnFUgSZJSA{{{-vUxEbmG;hE93f69&H$Qa08xkJ()`Q9Vr)B*_?kn5 zg{Q_c&QMaioHEtCJ3{G{l_IO>z@$o7m8J&T5bsY3R0t*kL|tp^n;00vDNJKGzTU&dV5y_35P@$5MKr9m(LcvFqq6~SW zL<_jJbPKaJ?>j;Ipkk=x`1Ek^Uj_xrNx+0h%z%=$1-mz!Vf)VMQAdwBgRQR=cign7 zwls{*1OhPh&9p(9hGvj!y)s>2+fDt(B6#0b0vT9V$QQ@O^258i_!}Xa_Lya_eWg* z`l8C{b!Y^lI5})h>I_&7b&6s;)Iu;A62vXC2iQ4k6GSy&M6WK7(8V)qMirAmvGbKt|C#Y_KSiRj<#j=EnwpIx1(rn|afF8Hgd2GNN>y!R@kZ z0XQ5D9|&bN1NKq{E|Wn!9TQ+68;@<0-I5qQSdq>`-YbbkU_nvsz2sluY;?XJAn2Ot zIsLRS!vSF*L=Dl-3?zn>UM+gnQ#g{pQH$k_l8Y^Xu$FJoUty>w>#PCYpw z)tiOazU%bW_iJ9Pv(?N6;q;SO#WO9u{gv)3Yna-9@}G!-FPBa8q2Gn|_79+74t;HuBeeF!ki^cdL@g zPp~hr!Ejn3IB|oKTqUY4UMAy;DlP)~_T(b9dr*C`#om5OAckc6IQlG?hd(#*FXDxN zmw)d=&kge3Pss-LC~Dgd$yQ<84YghQ2-XO=4C^|1C*459S1~Uxa9^wRTz=Tq`p{+3 zw=iepQy;N@x4ZpU8x^|j5mI~eI5R?6)&7E1h)_CGF=TXLJnt)JzODCbZOOP=Jf0Rz z$V3~kaM%D*79)OKE}9@+Ml01*->qPhO#x)+iLy|;f3t_#GF|Z&rs|v<#CE5cH?&wv z1O-d-7|ZN0^L_blasQ*_zT|9$w=(yy%Sbz0MaP)*XG7$cU*$#OUhevohI{o?w_H#D zscZqS<<1W=S5ODEw4D-Z7w_i0(7iJu--NOE+)h_>1<_>tiZUxF!$%%rQ@-N*@v~k} z1m}DDxs>I0FCQ%J9U7TV2#5+6&9x;<>r&iqoczIJnbl8UD%H)X{O4j@r!I zHMsVJLapJ&Drj%9_VSHN9*jHfZ4UGCnQposQ!F7ezG+}dTP5aBegm#y*am*pI%Fmi zTj~tu7e&i)D_22dho5qi?x?^vuC3M!-_|u>xK>VWzy-?Ws&nFMgU8;~{Mg=41^6RI z=!;>N=4Q1M5G_5m6K4wt@@=Kt@D_)$Xgh2Mfj~eL5EQ9*5)Br)_AUa6FZWtTL66&( z%35&1SNZ6V7Ye95ZBZ8urJ3#9Ke2_9c{wE1*3Ml^nZM5}{?v?2wUB3jM}9 zvqJ=#97Y#R&co)nbp4G)Vl$=7*CRTI2bS(E&hdF1n`+*6xc9`jL!0=6H5kO~aB(5f zm^tA#@MCj7jTwCyGub14565X?D5lO^`>g9Gn=A^4C4<{>vINeWQdtXoDGUaHP;zai zC5E!4T&~fZ?UPfcC&*}Rjc(ltnWePoRcMU#^Qb*xPfMC8iTT==h zk2Gh-lDR1a25b;u6ydhp_3YUjzOFgWoJ)l zWHCZFG}IdI$Q3b{>o(yCCtpiQO*v$poS}yG#C_*p-B5dKY(tiWA;Zn!o~ekEJ$i$~ z!#nEVRG)P_B$;Q7gX%N{W9v5bSGK)4JYUMf%wem}#iuzcp_WaCAGq+sECYf{6^llL zKrA^1jmzWa$q>q_fEqbTMS;M0ivZt|`;)4UtwN>A9TI4{ zktGyMze8^;!UR)cd}v#byC=$K~*A&DRQtgYnxL zJ)EPD>oyp@Z6Et~YA~8LeEB;%+eKotw2edp@(@~VJ6yMgc>6BpFo|z}Fm!X=^VLwS zy_z|cPBMS7>gX~UM#wLbZ7;JPtF0GE)q5H(BSX9dO>vH65;P4QLpqXUFN3HdMylu% zj?$^py=y1L{olG(PjH zycGzn+@ik2^tqkst&JO%P_93AGG>2lEDQd8SIUp4ML<3$BNlGZsMGjZg~`vjUi!6iO8NfDguMmAV>pRfT(3m zpmwDOH)m6{T3+n4=L#+`NKBd^i%tATnE6x&XF1G4r*_eYzy?&|Wwsu)};WuJJhh(>T@cs;Yzz z2FZue9kB7ZtP4%sJku;R$h3?KW)$a+I4Ius@r&oQ^6k?XT}qlqWF;6yt&O0^_~HkI z{~~1XM@w;9*oV3BdCDJSsHw$eA`Y`=1!@@6Xfz2L%@!MT8ObGyk;IqfAw>(Mo?AYb z5C3#`uNnnGq5M(mXq~J;1BT#Dj0v@`-Y+VOebnl6cw6_SkH0P>)<`723P; zG7Jca(?W0L;@W@vnC#TLl0EB#tuJm88tNSwDNDdZb-8IyA^it%KjkTurDNxG{KAgf zN^RO4=FHba^hW>|26CZTtSFj@CEW~sYQk9vWW;ncwaGymoH2%$tRFkdsc)q!+ME03Ah@fwWjVWB z@YWUGY&oj7d0UZ5O^7yzRZn~Nj%sODRG~jJD(aUva)A(=-hfAjLT@(2|IyIZi{87} zNlyxk zP2+tcKw|2@Y;2sabx1o{ z@Zp;zB(=%@WK66QrUAMl)9Dy>(t?iiF5Twil&-4%lsi#vL*OU zDZbNV2X#&(LO3mCZs$LD<{*ZI0E7(zgC>}hF;RGb2VA^1ik}dx08k7J{FqiSh9!K6|(4Feoc)FkLRbh)3XpL#9@JeEOB# zOke5h-r&yOiGgW??W}4EpS5OEs+Tf}A^Z2itegMSt)whT7(R>Trlbc!JfL*neQAE` zcOd-Y`c2l!=i2)x=2)km;o=_96~*`RBcOC~xatAC%C2kM)|JNdS>zcq?zANXQv@US|4_SGuxY?6VXVDWgJnQKKxq2j3`7Vk+m6usZ9HRhK3jJ`Y&yN|bV<*h?G3RC zFB?cdR{mGaU@malc@(;sHi>YS>XHc9s{)cZ9%NL2XgVT1#vkS;p)-umM6eLm4dn|P z`d=6D?_@@HN^94_Pey-zfVMOErG|tg6#yDE#(6TSlALWA3iYBmAJoZ#Wl^H)k}S)}WNNPtE|ixH#(sALWeS$Vy^eM!wH$3$6-Z*C{*{VomMj`76e zGrmVG0D{6vOAiDz!9oB~S{^X)PgXt9Dx5Y|9b>v_Q%16#IW8Z5!OI$^XY@gFzA)*g zc5QG*!ywG2ux6M_8Rj?h(5~Y_CJ5vX3A431cC)#~Z~1;z>64zXH1)VYYb5vwR_m|y z*VbjoXgN4o#_Q_F$dn_IIEhVS1ga>;mWN<~g}MhuC78LnHOexHJelT>i3Pcd^+dOj z0HSe|7^}@6gc?_@ruZ8lT=l|oY zUv>EB0_5q_9d-sXfn~R(o3eL0h}xNF5*Ve(wRKih4H;wUI0TOVF(rWMG%Ja$vTOpn zjypQvc~iziD@zJUFAXyMJ?H>-vQ$Y(Flz%eG79Fbu>b}FJ!K#Yko-DedpOrSmq?8R zo^_65xi*fFdyRuYFrj94v1mXaWPAg0z>= zV8-$eRu*>3>$dw;UvamIjzie-{~?LPD9(F3ATVDW3y?t}6l1t~Kw^6YtucTI$-YUe zT_jH}hR(*_?%OQ(h%q6XO&!?VJ0tP!dd_oJkzK5_x>}B#A3nW9A78(o50AixOeh%bGaMMlON)IT5? zIm@}qQI{hsL+gQvt(|Wb0uRn|x*}=atieV#U72aJOy*8tCtBbOST56T7@&f}>(X-1 zpQ4~dpex$bRub|KyO9~20@;`8j~3`oJF-YxOErUNfQRKGL(LOHFz8f4A7UVAn2IT;NR2YnD~Kl0Bne84>JO<(P$o^# z0})`MDuvR6uz0mf>DQ&q8Cf}4r)ssPgmx+ouo>8~3J6=6HUKr}RYK>Fk-WUp0LBN7 zEk)4fHDKAN1>S(3ryfM8sO`aU=kgv1WJ6(k`2kpE3Q+k3hA*#wq<@(S>988YYGWR{ zG!x;3C`cB`UdL5PN@QgskY(ePWNkzNrh(uz9CbaVCSr|HRk>+Z8CR!tJ5%CDR!ySc za_z4t|CgVCP6>u{5HmAPjX}BBjP3gD%(O|b$fnTg*Q68KL(rvzLDD#=1i(_Mk;0`^ zs1+=yrK1SQ%5|bBG%AgLt&ME8H81q>fE8$V{P1AJzr^f@($i51RsZwLwr;mU90p_lBt!Z1&9(K zmYSAEst5mX64#ygi2zz+YsqeI#w|cZGC+4r%}58^f?c|i6=;4rg+kQenZY&Q9HtyR z*wbN;>Ug8($DQD|bV3pVJB=1RIE^L?pA#1axZ1GTA@)p-Tg_-nK-0Uc*uj)I^bcqP znyL50!Msgi-gq7F@ry^7pW>en5esAcAaU=L$rP}-%8qp}Rm1NBXlT$l1uC;W4B=)| z&pRH^YG`tPXI@?X$?3FH9dM+oN+I};k%~e_MxF2y*W7)BVVNhfTRxCk*Q~G>JNfr7 zDYraEN4lDQC_}@h)@oKcS8H~>Xb8vdwr-WizBLv!&@tntttR9~v4{$@vT1Klgi~Y9 zXk3Kdns@GOwatE(VBC^GOe`<(hn-RLb=;;0WcdM(C>tCA@FBuQG#x$MdU9@VmB;42 z@op^fnyjPQb}jfx`wbik{=;XDxda>duU%kGROhd00-dc2$MV!XWfsTm|E?honO&9@ z=I(Ld+p$hp`NH`dcSO)W{K1_c1%CsFpW4HchA`efkTk(ye+exeoiw0&;cMQq zH|dIZ*dcQa59xw@sxeMnvMjw+A4*hziZS$n+PF>VJiU9>{HTwYW8er$nJ z*}9ay9t}QhbwQH3+`nZ&Pf(caIGGx!?*mCn&Jfx0QCOj@bWK+E)T$%Oz9EC?KA_QW zoUXN4;eNlUFJ(zM>ht#m^Zr5pjR5hAjWIH0oYwJVPwwM0$v>&~@j;gR(oM%Zi$|>D z4{LT(zx*@zHYd%D2SRq2MOv(*Sy=O#7`R>R=1S0?MS$yHwa&W~!OzGjGNsK;&EoXR z@)QWUg_rap)Vgel?uCLw2^Tl3FpB%>Yznx(-Wex8}|Rw z4N!02$z58`u_^N^E~1W@5`DULEjw?}jrR8geq8-Adzw7(qs^KhBBO9c=s`(h3_>y; z;-fCa{n*k?p=UA12iIJnrx*+RQ^}R{upI0e&Dt`L;hTcC3Z021X8N+Vd@6}0GU{d8 z*l2v--G%VFESKxEc430^{8fwf6sN96?ceHW;R$PFn`36Vwq+fI+_9#q>ZE^wZ2{kd zezVx7igIP8I2Zve-4BkzUuWIX0>EHUqLqcdnS1NIx00(frd{ZlHl zsC8KY#P6-qsPKRbpUN$*G+Q+E8NQ}jI_qLhe%f#zab!k?QQ5Q0E;$<vP z8$Qj6w!tGT+u+w#_0S}FISr|>sq54f;jbOAm4=r9wdXRH7xm)O7b3M`&Vp+=)$C{X zG*gz@@c6H;&vIp!6}Agiw}Q(!!!&hF)P4??|3KM4x%KC=B(|9BmUibQ6bv15uCa$g zMdSutpeMMWzZSE-G;D|i=IM@bnu+CVPRju|NMa;0VK8@Q62#HfHZy}s&%)vv8Y)*C zHoK`^ofWCA60Zuk0k3Vj&CrRvMUH@1FSm)j0ZepMV05%I@wrOrEw<|a6$i8XS9?F| z{W?uUHe6lwj3rCxhzdKzvXl4F8!_PqgC6Bdukf$}QB#+^JJJ%2CW%ztq*P@m_2dYq zr29v&qt3P3f+sAKsq}3U-BhHvOQl!!NO`e`*S{!=h#OgY-4#FYb~AESRThXHaI`X1 z2KNtZ8vO5ZUFJw^8OAsg8PYxj#?>Su>7!^HKSXS&xuks#^P&`}qcU1Y>K)d!a&$nR zTh?W{F7!9X>P$HE8>xnwN5s>CSrPAVDl8l+knO!D63T-HC)(HpT= zfZujUZ0>&bPaD+{(do3C>72BSvS5Dxx6<>U^pXEi=1Tn<38-HISU`48$^iHdI8C;h z2;0RHxhqb|&CS64a_PFaypfK`QDn0*Z=$WFCdc&{4XvcAikRw~1Z+&2jM0&qOh)!q z{mS-1gUmL$y|6Tz822!Ved`b6RP*z>u!lm-Ew**tU9ywF6!{Ah@*imVC%1mj@mqH_ zeQI^UHJWHdWMRxiT-bpR$Ln8h*mS8jzA|d>$Q!d9G4dWtkxMhedR~gHBtvwkkx6gl zmAQH&ZxyaG`4oZC?xbv~eqv&+%XD*_<=y00mApIikaxm9Ej6QYm34MAl@*;$d%KgW zzx`YO35EZm%+<^S82g2D36wLa7E0>3oQpW09lks}5C*{f=?x^bQwGIQLrT zNGG%!&@$@H)@o{dY`kg4`h{`(57hjVTR(SQ`7Avr^(;MvBbwMQU=;-jH*Q0E^+=%e z`ujEBE_4L9pOvAClg*=tkk^K@)efXWR_`}0HzBD)jd)_ts@R@0w(_xE?u$BubGigM z#?Ix0k5MU*+}+RJY~XM>RZaKX4xx{{(GI+7J_45ON1ie!ptMzLBm0z3L1rPK6| zrT>K1|FO)^N&po&iD&6fB~s~6jEsz0jfF0gdwM_MUGID4NPQ-@r*o(xgF6#y7-G}-wk@*#@YKz|&T)R`yNZL{8yM?3W$zlqy7PO2CfcpkvITeyWl2f%p6m5^UjBDnJ$g55NTPT;G*|fZqam?=GIxh`#5f975W%n zVKZOOZKYUj&_0*tSzwoHQdv7LFEV@S9)EkLg$Ux_2lTwqk`LYc{bjv7>;NT6JWSD<@Vt(*BPm{gaF<$$8>y-q}QV-YG#ujfy6b8vm@cNhyn(Nucm? zcBadxN<-P*q>mlKhWy2L28jh`jx|}EnN^){s~+ooG1f$fHVEA$!qAVbvZ<@A$&zQ{ z<>Mb2v7Blam{c)!IMQUC+Ynp#6kg0uHk#(ES*rz(HDjx=mHb8AojXm}6`o209ylQE zqy#`utdJ>WKZw^5!J*#xPx2Z1gTO@Lb#NFerC zpSzlQcz~IQW9Yz?j!;WUngB)_l}_;{w&(+;!NSbQ7O8V3tZZ0Ne%Z4uSazwdqmp^U ztinbov68uHKlW%pcEnCc8R*OMg&~ip`2+^Dhdk_fb=HK~250H0hK8VxNe0!432Z7c zF)>MXzeE@`A{n;WN{oV}AiyC86-6aMsXF?Og^VC0qUP@+zd zMwz^Ju12PEVxmfvl_uk0(J#6uYpFuyo`)(*t5=m^OQM5h3!W!RF=5Gg{2&}N>m`U4 zuo@EsUVcRE36kt+H}%qlE=72-Faq^WK|uk4BzPWF5Gjd;Ek%$bB;5Avxj*G%zzhX| zBQ_|eb2$kjBj`{fQm_ewLZl0d=o?Yd^|0upD%7JTEwIvpNI=9S3YgkT7Me_D8tWDo zRu<}6@|!=OhRGZzNvc8em>mc3=#WG&q)*`FhiKH&>$BpGlWJX>q1dt1l?rgM2ugwz zF;G}RbQtE?3M-}nod{i(Le}a_kDF*obx;XADsd1_B94amDp|FZMgVr&)Q5F<%V z=*Kn-Rxd&i0db{B&nb|A*rg20s(&Ye>^36>6lI1H#1wm?); z)(SlWNg%Om;Gk%L3sJgX0@j0$MgxuDkW#=D`v!1+q6GzM5maE|dHHwHBh?3oTR2h4`Xkjf=&-J9k+N3N7A4ZMKgB^oNkB(uD#B)0l10Y=X)9?DGJ7Nq z_D3okO#F?^#iM#E9UL6VRn*_mf~ECTfx>Qm+2jctV!YIKOcYVe!^G3!ys=9?*585EJ0~k#foPYgC<9a-dQ+X&f9J3_9rqkTgh1 zx;QZT`|1~h_zREF0rnm=n^SImWpMeNh__T$jyO*3gB;=s#t4+P}pCF5(h=l zf{h$C$qba}<><*W2}7gJJa8x3OC{Npo*Dm*%!D=!4iHA$s?$AgVpR`bWJEDiBlky4 z?Rx*^W@d;pIGyh58;&2)5#N5+*}ajJwlBN~@K_+BM_|5OvQI0e$ExFR!5C>OTkdW3Up#!=(^9Fg2s3nKAd0fu1VE~Dc zm}r~HR0M?Qko;{6z_p`FCLk_KRL~-3Qg5nAW7-zi|5`h{`N1ezBO0by(e=zL&Uo=z za`t$1_tBwWn^RbS?HD;QWG2(Ft}7}?M!TroLLYER;v~KaAW7M$N((@#>~ccw09Hm# zLb4QtO-fw@HI%l1G@%fv9c_gjwEJh}ev8QAfXj})+HWZ-zCWp=v# zB2dI>eJp}KCITlK12E^|EdA}P3mAhX*$8k-DhvoiBjt)mI={Z)b~*9@TnM!6i`h3e z)-Cs_{m%nUxD?Jz4j#2`#0YtBNP^JRw4@Vs=)guQ9BQg0ld61bMz&bP&3t?+d!u~3 zY|2^$T6BrMK;JZXfdj5psTi#2v^Y{q8d1O!gC!|rGz&EIWx84bfoK4L>L~A{f)?~O z*-L0+i~>Z4%pl!*0DgShY(2hnMx)$wysX<(ds|=m9TQ+@4zpmhO$o)oROc-*x0!{1 z?mlL*-8%c$Jnkf1yYeh-(eBd&?Y`s|jwhw4{P5ij}HTW$kJ?Pk$$&Od*vZ|P(3i_-@tyPQf{dUJDA zn=BuGA{$B>JMQ2udD_;MhX)v9hSLd zJ9yLvShu2-N@!`(X$4}vuj>CdR?jH_!0M5J*}1{&=Bc<4ibO12*S71^oyG?=GY;p0 z+%Vle_ja{e-H3VHfX4XRMGG`uf`X!^67`3q6>Lfl@uCz8;&nTnV>-7GhF zvLSxDEHp>FYvV(_y_R!`MQ*F^uHq-uQI>;>rG~*Dt;XYVvl2Uo14LGK@bBX`0pnTR zl^~26yTpdlP_$RGJl8;&DBQr+nvZI|d!#$Xj$*T;qjn%WYF0o~rF_bQ`JH>e(Jh{1nB5qwQ-a{Ww-FP=G)TPw{lmASt^A)Rp3a5_%;|zeVN|Tfe zi6m1GsU+(M7d61gTPWk&>K6`(?nh@o8JczadXRbgr6*USs^z_f2I?C*E_E(N^Rz^} zpu5fwBoL z&vU%(_@mo`1X6PEQ^2k2@$NkjA+gchKI?rPQ40zchGvhO3JRXH67IlDHpx-@U=*h%ne2OIv;3H(n9;V|>?w+WUeg_qKeF>E4 zdK++aqes_s_vG_lYjK0yN4HjYF>&6W*N-GQEl?B;47l_Zm>%B`F2C_e77o{7>h!io zh^iv>mTZK412$*F)8BS}U5dA>oR+we`$^nwqZ!87G%SUw6B<%Vr&595c{s#+#YqBa zWsFB2=a)yyjjtf-SO9`1#U}e}xpi~Jp{qR~tl!T_!a6mBv7rE}$R8SZrMK(hZW|Ec{EZsI3 z&DWpW7nI0*fyd&uR@rXeqikyKAJK0#LKhnDF zenVZ0g=9O#|3J0#e8;SQJE#3ZFx>B*@6y+Jo*O*P(_YkRFQ^*F5H3}zisaf@O=z^1 z(up38e~)Yc+_`Ba-i4ok<Lom#ND-758okmf4yP)A!EztIljUk)i7FNxv7mqFhgb zr0w)xj=SYD1mj#Lry!YbwskdYgnmOyqv?Q$wSzzqZg6DO7W2}P{~_W_?#ipVwMA!Z z-VA0vllt&`naFsyFn{Q+0Z)pzN-`=hiK*t>s$9eEA2>de6w=Pj?73Vs?X^iOSg~&r zf4CpEnwHa@waZZkez^pzK6G_EAHNHywp;+O?xZwtQUvzeJ>i8@i5Z6|5*76tK!u!)*lkXskuvG6(_o^?H zlw+vRXdlX89rHnJz7XtlWN@LI_HYz0pDVY_Zs#mLk@0z=J1X22Pe0fKEd6M|O)+$lxN1E-At!!4UGda8?G#o?M~X|$i21saH_*>z57_oS&iJ@x zDCZi-GX~mB>`0ro5ovLJy2)7CksiER+WorPo3M$Joo|5;ly_bH(uHW=19M=SG7*}> zVtt0|;pg4%TB}aX1yzh~Lib4bC>&W%FkNC|CVXZc$uVdDDHO?IG{vRq7X<7B=c>4_ zCaUBreKArgCPdYMf&GN!;u`tc;ST@agj)uz=AGv(p z&+U9vTZ4Gq-YouqX#_DK=p2$TgQ>}mm8TUUp>7~ zE91@@XAin^`5OD4kwiY`Wzv{eN70#9V44*Xk-Q=%jJE&fv5JWJv&w}7e@$$#v523J z-u}KQNwXl7@bfip388F!H>wU5Cpxmlv9)Cvq{X`jKq-JF{U|qIC^x3`LrxC`j z*)qLrNNsZbVgfoEobvKJ46j(fLauoW<-9u zne_(|Oo%#)c;9=}oR1%X!1d{~v)VK|f=RxOrPxm9!QDOFq5M4RQ{%(~OFN?+K@OC3 z$k%4uFS7`?3Ee7MO_y66&l%8dIR-WbLNp(Mg9=1s2`2f|9jqTd5Uz{!XpRxQM&JUY zbp@9CO~XD|yRiHdj7A0o;+NtWJQiLzazEP*4(K>ha}cp!g?_ggP%4K5O)D z8ZIiw;ZaU2?H7hDw+v-6>mMb%JL0)7TP)4kWU5rVQ6^lm_NScm0MJAN>lGp35=aP+ zOv-YJ!7%N)t=YELa=~qw{LFG@&(Rf@y6=8L3fHY%+>z(yAIGa_Y~Jd2@?d+4ICZBg zfAe|8(a3HXFXbrt<@hew!M#U~ zXP=gv?ds;3QezP+zDk08)YS4HoXnLY`?L)GP6F#2W&-@EOmILs|YBUBte+W zuhfBnE2&Rk(U63B-FAOwyBgQ;8|;|wnzhv~bS|(vGC14@ z?zkfUr$Xp*-wBvs2C710)Eg4x6cnJewRz+xs@%uiGyxO#U%u5Iu-p)PH+!5-?I`}0 zF(l@JV117LS!DnqS4{4HR64~vKIVHj>qVZ_#HB!~xp^Us^X1tsKCa;thr92FzvPbf zb-#6^v7XwWbL!~)3Ue!85faS}g_aUW84^n=p`?O~W-9-d-Dzn-3kZK$@qC7HsSlD7 z+0YYBS!#u3YilMu-w`s|e8pqh$GtVXv8(@H)sH_m&#lrG@s1Z(e~5gA@FV3`^wM!? z^2(ciG^_d^m{*HX$!2nFvgA`A&lh?3Y8EYScuPD;$KUCL&u#4AqR|=MaKw`VoUK5_ zDRi-T`=Cqty(ozbB{IZ*^3|R7mq=dMR(o9wmvYo3V>Tghw-9t>q28jo6TDovJ1fNY zqIOf0kAZzz9{8;v>6fL#>2eB?9U>&uQ%c0vgWe%|`Ke3d{)5hUP%8iSRe0CN>Yg8$ z4zgz=C&yJ;gATv>(H&j?2L+9t?~f6ioaH6A6_h(~rd~(YMfLBocC0UET9O=IX?wfx zlb(Olb8p)FJ4oX=FaIvS@qy3{hJ|gf+TQX9`QhZGOe7@s#04!lZ6x5KTB?$QE2^YH zD9@qiPBJZB12Zn;qaDn;G-qK(P4?9Wh>m7c_@)Vr2F@vB?{<<`FJuSD#T(5Mbn$7& zH@S=8QALcwz|jfD(@870vg4;kynC$LXhA4|zaA5Wj7%r7&}!NLHm9%B`52GEvRzkT zy!GO(RzQs}lv+!!BL^r{aiHKDB_}{v155!}q>1cg6fSF@H~Qft^JA9YeRcOA39mPH z3qX>LKiQN`n2cMCxU4j-D0T{Y3^E_HWo9OJ{DK+%68sQD^xh~g(TBtQ!+G|r9Xyo55z3hlO$Im1Kjd!xAY+^Ow+)YTtw@sBD*{@ zNjU|%YU6QBuI)Rafe+RttLd&L(|O{NovNDb1qDGtDPS;|r1#~eY{djJNU8~A&U^#z z;ln*6SCd{QdX`?(xVodGCTH$?{Y4VHn3~=}>|uACAM;;h(rth%v4x}RzivV=Cs)AD z2V%;kkfvw}As|axgrqA@JDe`7&3sWUzh>u>C*EdPIe+S#O9Mj_hAK&-5viOHkAv&A z;tNY>*0sx4^jg8vk&Dv> zwIjS?#xpkkz9}@JQQkSFgs;%Dp)_G8{nx~btAJ8Uqxp8v43@TFLhXMnRJiJ&o*g|c zeDrRw*kEMq3Kt=ZOpJY`LHw9$*~l+$$|W;yIC(5|ZSR6#um*nQ71^9y|j zCS%o*szhaV>B2IXx9i)xTU$j7nQJj&|vXy#-v~2y(Ztgwu2VT*d@e*yi=mu5pY{nqOM6h|KZHTjX_ZPCEBzPcdbgMH;`6`o z2<`mkHsQqE_hfF{O=2b8V_`>-9AYn7%%+ZGDUGllDU|{=u0Qu#WC>)jq?0ZKe|C1^rXUn;kOJUCUGi9G`mVv4{l;;O@%AGC9b~!dgLt9(DpRrog&iw3G7^{7 zmF$w4!BHSagRsmJ_Zs6HRHqrsdQa zTG+||l2!lqi~MpsdHEG*inJ`aQf~lEH`8f6)?B^h+Trr}qbC?K?gkHcTCf%H%T@95 zUem)NgHf7bFqiu6cJ)=xAI&__fL^Rt>CrsS=e62HPR}iWvd}B3QHiMZ4Xn3(`9FPCgF}YXPSrDM~8oKx!H-fKgJqYG6!8x=mv>*rOdc zyPLurh#g(3&U|hfCpc{9tB5C=4o5@#hxx?B$l{zGk+B=u@fo!X$2EQ=uweT~%PrGK#$&AuN~}go!y~q3+LjH~R!jhh@uztjl`QvmJse4WckC3* z)>fNj)x(pFA3YS`_z^i?H~0Ry&zQ3+GEB2(bK8F@ppC6t3=h^gKa!K{wBu!P1RTJ9 zjVlfq-Iz*GuWJBtR74lcrp_M;j*2f*4#FnLtl#Y-k6^yG(>F1&q|qqIGBPsWtT$Zg zO@P=$xGK1KM76oMaoaPURTwDU?Sv8;H%WfV;06XC9yW?j}jbR<4%oG=IoI zI$){yPsHc*=DGVm@0CjVVs|SbondVE2>`Ab9x&O`zOH&m&5nTg}sFqdJp* zqkX-|9Z%J;uIAlNaW|@(5~D`ebT(xjL(+lE;FQ1mBFn8X6Q(zNj*W0E9qgzNWz+7v zlXbqrJHjK4@3^aMGzM}FSyYg)u8pwIyP1&r$qW&y>_vf5jRB=bS`mNO5#V&V0u)7! zJN!G24w@Ug$m=w2u_tn;Ij#p=qZ@I%Qw2ca9c;i0m02K21VH9tG7rcBQKllJ)=V8n zQ*)iyHdZ$lp6LrE4(7zVVh_%oEM>J+SO5nMjCx=3?dRU;5;F_DWSJyolllm8?myZ- z?M%z}7`BG4ZoFCDTsk^DH4f`aJaFgl_?%8`?%{^amLNOTo{7Si#D$pqKTFy9bYk!O zmkohJfr zs?o+)Vt?HP0s>v~2K^ukCD#3J`Mqq9^R|qlHADW=m*i!6nwD0zSxq0x1h}Wrziij5-;%_E_6eSrim}2vsu(be*+?3rmJJ^WoS+sac(SES?YdzLQlzuXq|I8BvV9Y==O>|4?p7HuNC+vV zk@j)Om#KG*QfH+n*tUkBt9|t?dBJZf5hu|`nX6aElBkdL^jqpFbR#G_F}}N4wk2`R zcxmfmzZudAkM|jU1^4VUo^+_4*j#(9EQ?dfCdpf+ZpXtA`?K$(jffh@RSv+LOr%wC zaaRo)98#uKN0OGsxDqCY-R+Ndx--tk)VR$NiyY1K@cEuv2xCc!0xCf`-;eRB0UX5u zXvG~JAg^5W9>d4TE(C8a=yqGi{nZi$3{4dEpfJW7Tom~GOPw$~o8+aNCAb-lh=>r4 zeV8p%2`~ytVmUJWlv;iUW4W5n+MW?KgeWMwpbEBcymjvyZF|%*a^&nFx?Bs@a}sIy zGnv&cUECgNT(vk~8FN3&^s>@6*9IjmT^*F z#@@lMAZ6b(<+e=|>uHbL*8H9mzl*QjXW7pZcRz`Fj_ddCdz>b*rxLSiq!lV@WWfg! zl2?qH6h9~*pZVM&==y<6aJ{w%3U%FPCRfVT5mA%yKM?;U(%uC%GWwL;I@Xu6zT<4m zgwDiplOW_8IL;sl5Uq=X5=zX?4CH62Iw~b16m?Mn>WQ<{4t*P&yR6e#f8m{0o-(NCT6R2|`54jux@w zDJq!!#>xJjir^B}MV;E+2W@~}g3IJx^D89wYTIp334Ehay#fna!N%k1+-odT!Yi}n zq+v_v<80H#+vGlj!05F<_t3B|FYeM{stGB^P zO?zM-?4Hax-g%7$5JN(Xj$JZ@E)=3C7iSGPSmOl)p6M0n>e2jpU?NC@~60O8wAJT&K4HdL}&9R2bu)a{kx2dHU20@6jWn zEngis?sv*>o?irv`5V^3u2~-J_<4>OLXB+MquGdPEww^<|KJi>*yDV$5;)j?sSk~s z2u;fKI#lzb=`PKKv=!(MleaW7)b0-2m#JCd3DSbJjbcuR;ioIP=uh@<xC|ZZ}|BB8%xK|o?LNV$le3x zR@cKXZ*!DNpDF{YSHxxxvKiKLDjjrNjTOffLba)N)c z{_gg!pqMI8$p;C{lA&!ETL6{uo^X`;_E6VWLSBnR{ z&pR=xy2#TovuyQy+K)TT#*wh`jc_aDPdS<0s&*c@(M%}j(qxN7goJdl<}zNf8%#h* zTJ|6y^c)e!LV50ns6d`(*b@zy-LNC>u(`BWq(%W9O5{@@)WMMXiX;%1Ai7A4iw!5p z0E7i_2Z;HLf+d}kqJBlfADsvAvr17YVisUx)TeT~AtZJDS3LI6oQP<4AU@OwG3Y6} z91p2o6U$XIHb6s|6rd%h5OS&+_Dj*zTuxgVwUQWcEC&Ky0pVnU-a)Vo1yq7R(jVX#ABpue zebi(^wmZ<;9nrtOgYLim!flsdIS5`nbaV6(?g%`%pFL;yardJlI*2qC3L81Kuijd6 z642q&NMmIseu^(~*S0OG`9rtC5i;o(aUIz?=Z6l<4-`G+T{d2n$u9Y~SQfTU1Jb&3 z_df}*cPQgvwc;2Q6#U*kf|!&-N+GDUAqm96ARv4}7^XmEBm*H?#w=6pyGyAFgZ(8D zA;HVHf-URk4=DP0Dm8PO)rVy1*ctVd`a^(KTGn;0dSS?TFW$Y(nMK2cPG9h|GB`V;Y9|DB4 zcp57$&&()7?$vZz22(jogCOJ%KVGd5MxJuqBTW__gD_dZb-N)o1_%O*O_r(4_RQ$= zVUH;dNE9%D3tAu!uLf-;dUTc3TF_+^>llCIZmYN5vGXZ)SeI_klw}Au6B@;l>_^UgnYB+$W5c9OoZ6+JAdtG!5u#6X z%XcqhsY2oPJBdk0VQTKPbmWfOUDa`xTXf^omt%kR`K*ImAEsbMg%?NE-Ktpt3CtDREL4Zs({TWC z&SdE_J7ae(emtdrkwP0dg$qTJ78us3XcSGh+?&7l@xOv713?^sKn_myNd&3j2C~Ke zlM53EWRDO-{%xV5=?MfNySg~}NjSQ_cmwa6inLEkQf|5HJ@j_>%QMP_qDfY6`nSYD zNY_fPKK+v?ze<#Ek;JNbNB%6F<4st|a&9^rRdN8bE zi2i5gW93JNMI?1zmCEOVYco=&53x+Rq1Q?FV5YP5HKbygM0^C)4@!|yK4c;u|J zi?NN2DR>wNq%+g~yV-t`^xu76b-ic678dA!iHhu4(e#GpVaC^`UTlBED|g?w10yz? zc8~+`Ghe@NX`RO(^+LptdhLh(wEQeOg5|iSEm`ReHP|G%K&<4lie?4=$3}Sh%F1wP z3Vg)>ta$E3(C{xcJb%iuz+T`W_?caaeLy>N;{CO;?Iu%@egX#TZ#>n1NBG~Rf68M1 z060iI?IVT)H)BNCT^c9;W0P$1q4|z4qT)suF(0SL@vS>1miGkGlVd5Y!*mlj?xw|^ zb8%`AYd156MuUJr>(AM+G&ERMbYTx}HE+3fjC2Z?J58S~e%o7}>f<_N!92(h&pEK` zikmcU-gv!aE7vc}^^86^Yv&iZ5HqvLF$hHMzCH@5x_&3jm+!LC0&&#{kdnd-xxeoN z5!;1{a(RKs8(35yKy%p$Q>RybIhj??_eK9G^mBVm18k4)D*Lcv$EL;*ci)ofK$<+6 zIHvj*2;s&P7x8cuTM4Am?RvXp-!jSR-F{xpJTYE&*ga)HN<#mpManeM6@wL1i}o_4 z9%FjJZNb^D+}Yyg556}ZbU;nSy5V?$StfJeT`X)?KOYh(C#?0w3j4C3)lp9^UzNCgM_Ik!nMdgN^v&3*dvl;GQcDzj z*P6n0;F`ABs~P-}U*a=>FwDn4@qo;!m3boSax#ZSF;&I}!I|jH(@Ihwa{=c!fY4~oJ^D6=_w}q-x{(#I z@}-$>zeu6(C8~0}@`cl^u}57~^YegW$DFBXB*H@TH=uC`rYxa#KDAf&{)5#uMpw+2 zi&PKykP$S`eOZ6=g9hY@HX5%d`fwi8FsfXZm_;sAoFBU7j-{2siq|FLUWB=tov8Ra3eiuK zm;>-oP~ml3sMb?fy%sDi`m_Y}IKf`)wvaXCr+0kYLOJ4H^Fktru06f!5)HF%T{O|0 z+#|juDhn-iVP3L>j#?RyHjFxFRAp$sVjEEtwo>i+)vDc{j!Py<*vGh9R-rc zmSDFWY%L3e_Y71NsQdOFDDQSsR3{gLM%<$&HWEt#c>fT zaWCDj8HuuOhxPAUOG(WA{k1D)h}d@!5U%f9^2!>0qFD^N%Qwd-{KtX$_eI{*ln?pQ z#CvTSbMGIghiC4c^r|n|ecp#X+E#J0jAEZwWF=&~o}$D>m{6UF10fvN9t6(4(2&Dq zUJi6w-8ibdU-J0uuhObH$8+Hh?s3hO#jS>elP*7wG(kGfr;n9z9B=*KANwfIe_H%& zm;IaQf4lmDABg+5e%A9HG;~0Ku4P)|WH`Gkej)RrO(L&6>dS43y}zCW%zqqD+T5}4 z%DtD`M)9IVl_IfO=MIm2?&p8HtJ^qz!Tii;&~gAU@vUC~h`i@Bt`cK)3$LZ4P?)mY-&mPI#Vsh(d5BR^8li5k@r*s>DJxdSbWCHlf7ksF-gs7sv>Zbu z%}#Q7>fR@@TTdR%ol;Y$=`AwR&(TRqwf`N8NA&#od^cQQKY)b9C{oKKW_Dq?B@4tKeY4dX7d!}I3s7A4#`?KPrW=o5zN*i)WI7|?55 zNCz{eYDuCdm0(L}l*G*P74CTU5Gihn7zv+!Ms#ny2ei^AZaouw7ZRTEWQ?>m!w87J zJ`T`2`jS__k9d%;_LoO-I-hWIH`UG8REPaED}NH{?ly3ve4K_)m~VNUNwi}HKgw_Q z&r`%uZsd%8v5%vgk_b7Pj1bYRyDby+=l3tKuS9{~bBTk1Bf|kE*%}>)Z(Y45^2;Nc z@l(;9{yuzeW0i97{MIq0grmfMDn|8n_JxE{J#}s1*oPs)2}=UjRILQo3Ms-$tf+Cy zzK_S}xAQ(__r73Z38P&4+<_0%Oa~gWY*xQ;92T2t^tiu}y#$yDpBG$F;tY$(OK>iS zh<41YX7<;RQK9D{&c~kb25yy|o)!SKqvPzcvN6zkv)NxCETLbhA z#}Z@VE(<$e0eN_>>d-kh94t+JA0Ns8gOdN|#?|OLNM7+eVCo@=rtJz8|C&GgCGcK+ zb(mhM7H5OLj-<4*ZR&LpCq(aM ztA+-nEsylfp08l>o1-P76c z%3fi*Gyph<#*Y)y|H%5^z5M@w=>IW4|9{r~e}Hx0`$3ndDq^CbqG4j7p<$o^2@ncV z(SQiwHwmv15fjkT-2qF|^YRI*laM+y2uR&xG7o6 z1q|`iZPhi$bT@sgNo1f*n5T1+@~zt9dlEx0G~0DhE`uZ%q1Jlh5`0cXu#MneF-tIq z%4!9+@L&BYWSum~+Xyxec#q27<$IaRz5kX! zRXF}8WMfAE9uWdUdLsCtw}RB)EL0zoXt4)*?(98^YO#0`qOQ3nE*GD!Z?U8v9kcYL z_G9QZlC?*M|``+kgDsVt%Dm>YvfLhcHf#GkWjO z_blPf@@z+}1(jsxmw4QPf&3kD&iD1p;`$e};g2kF>-Y0mp3MIBjH&q>B-EeeqCDz5 z$PYoqTHjq*ys905_nfB}b>g907cohgId92H6HnkK`N0B2?83tOk^RQT6pWrR&Fn@s z%v5Q|^!+27D5tJF?>>JAy>xrAD)k){da!*lQ3Mu=V?(@XW9fU%t9W>Ca->9mwS!CB z3n$8L?jSq(oYZb(_GRoeoYxh%LL*sF$f0{bj1em;m#zQEM7piKIVRuBxocOAF<>wC zJ81Hd!?()FWV~wC8Y6IPZG5F$^n%s$iTk10UoWB!Ty0rvzSI$Z)ZNeH_;%3ut{I)D z7qiF8<2&eLHTyg0anD7D^$VMrgT2JufaatpUgS4Uas4hZF-|keE}HSagW|tl6Z?z! z_Ge?b7;Mrk-h!9I^vpZaOE5S>&v+CP(Ke4)(wzi-$M{;e->zet!j+>vQP+#LJl8nz;jUh(@m+!G3^Dnj^}lU`m&vk{Z1cNPQS#wp!mkMD@6Vwai#iT zJ^gmUL-UM1!TYyQ@d;QDbJ(L^bGEX8H{bWlM6eisUQ={sfc zQ9^LH;K3yX_uv}bofmg^_uvrR-Q9yb1b26L65K6FZo^vNK6{UI&$vI%-#ePoUCb`) zS+i74nix!F@^8D)vdmWzV*XeknbLLI(oJ{O>&V+oh@fYmn-uN%r^8b+1-K@2Kp=W=Bmo8tg zLaL7A9-p1RVDH8O>4bj4vSS|!bhhbpK@3UArFY;ONFTBrOqUDA1z8ukD#AnwbbPgwHT9>22$U?zT9Tl zfafaK&|tQe*2fZI}^qcpmh#1OvMEAYh&vM67JK$plBr zYs$J%bZ#T?%`}++53gxizNc;rNHWdyQJ5X5oLd0|6C@NpAFT`^*r^v7G5so+MzzV?$1!szf<*MA4!=F#;)o|eP2 zGL66&E7w1mzUVt+;LY^;f1kLkNsysq(+1TC$#<+?PeCa-kaWo157=vqC(d5A?{QOP*$TQQ>&$XEaSvHCgX^dN|j<* zRRQ&r2|HX%5`!~OslB{Q1@(M$@4CCurn#@9N5vUY>SZ)IO=e@zVlC4*%+?OutmRRfJ9 z2_U7vwkVJYpY~s5pk;veR^*?2|3BgXmLCvZNUGMPf5D;+4*!B-=<_{5c^6%X{4W9_ zK&ZM9AqH}oyybW$0673c(9E#Op$~@sKUuzh?K}{=bA4XtbBS7i|8HV#2S{uJl>eD{ z%>z)rz1{ksng6}@Pd#s?{wHNScjHEx1uGE^-IY4_#1y#+Hk48;Pp6V0&1CQ}x+sUe<)iY7}E-j5X zL8u|hMad|qrYBbAgnM6pu}^78JO=gmchu~`WGrbOsB0Y5IQHXef=bQ0!JsFhe6n#%<*xY82U(5E2AW~3Gmj18&zg?92P}!7bGeQ~>RR#ynr%{joQL4k zA`yt;jw)X}KnM&hPuf79CU<*HTH@^{`@93w>2->wpfUdaJnbD#W#z^YpTGq8wuy3J z*oE?TtZ0c_y2fJ>pojMcTB?!(U7cAoG+ZJ}kwpR-p)!DC4^zN9H_c_ZsJd&1H()_r zM$$&jDyNwtoPtsBTxNARs+WvTV84G|n(kH#m-0&wa(GE$??<^r?2O#Pz@oQ&2gXNWSjq;ra8Q2x@CHse$#y>@~6YOk-37R%B8c%ViM zzRir?uge2O@!Fg=-CTOCD*1Vk%Fh_{x@MErULUB5*;|`u0vxYjD?L%|9^`6$ek3bh z>DeYZb}9;z7+dc{MR;X$L|4#X29CFHnB^&L54)Vd#8i;!wTjt@A#n!Dr3aN*kdkAW zuUpmP|MUFo3ZbyvK_%2yz1-if6PIj)kbItlc{=(&#fnDHp-paUiM}*qIU#Bp&MCwh z2`Ez?(R2tBHr}}gZ!Z7I9QzBF*TdI#LtKI=X1jAH-%CK$toh7`WX;3^vdx@sFDDJL z*OP1wX#H#%2mYgPbH|nJsgMAtrxoA%u7UD7YN>Cf&}e*X&i&|uj)L0QBF4~pX)F=e z4>YA?^dR}A!qPP9>1+BgsQoy3TKX?;CgQezHx_3k%pB|}$2R+4w~VfL=`dw`=Jr$G zyU|ASJo|@ixZm34{n~0=QinYDbgno^TK!rh3sq>J8RgTHa^E04E~^-KK0WSK0g3+b zA?gp0J^UZ5bscq+g_6zL4oP&nFLqAg7S0TvH`VrKFoSW46R}Y`ZXqv-StZ9Ce^`_z z3^9Fv-wXo4i%L!J6@LT19s7U(hwmm9%|-!5Un-Ztv{-h7gT9 zD^2w5nbVm1nv^aENhX`J?h^4N<_LJdWa+meR1p?g2W8uRPHB}g@pqP>;?}5B;v_(o zW0Mye&6VU(=KIZle|L*S>UFf#AC(ofVPqFHB(r?}lG5U7XviXE=;T_6KThGyw{ow3 z=NdmDkDJ&n@*#Ha0xEKf?S4*0j=F5IH1G-QKaar8^f=KNOz6I6g||2XlPT%OXM(dX z)5d7J($my=I|1#zek%MItokus_Hmf^!OzeiZ-$iWqeC4>3rp{{5b!R9h>UQxjn9Y{S+H+DAaP9XAa>fZR7bi8}hgE2dMz@jV zHQu!};j4s{d?|vz9K^WL)mZ@XybAcK9pBlftP4@h>iP;bXcYZ)Xj(m{1=QNY%9tJ+ zGe^gVb>8wY!k^5@%QJe5ebp9ZV`bHg^GsyYNl`w!+iMCtI(j(e)aGT}u?;!l4cj8( z20b=4O+^uO%ZRP>r4!!be}&Jlzt$sXY(YB6r429PicUlm2_XNAKTS@`8iJi?&vm_JmOT zC9bE`@3D2chsjtCx_&be^xS(qDooU8;tW}QIyHP^ejc))=8%TWq07Asurq4OL|Q)U zZ!!XpSsyJ6X0WH!+Cm)0`r3`8u@sCHMUtX{vALiz)7S2=*VRmRq63Y;znjjdzu$;c z_}nhW#Ebc}(ea+kqQgI6a+6b7oH+J;zm+(K&_9DaCf@cCO86-KV;%X_d0_GxF{~Nk z!!h4qFrtasmrp%^!7dS=Ww*osL+IuE=YJs}!@~bthW}my!)yOl=l{!%IFOh_G{1GLJrJ7{_?+uXwEr;UwM(T?)k|xKDitUp* zpaFzgfWQh6{zu<9-cgf#c)qd#Sc=zu?ZFcZyx$Sh#}~wc=YQ%-$?CK@bhB`b#<)zl zhk4mRxdS0W`3uyUvPA%w>`7CWlbJ@DTOc{J#(cw58ZSnP&&~${Xke$4Zxf1VhpbmO zxDSZWvQ!Iy!5|4&wh2}Q>a6fY{AEeC$2?e%7aHZOl8Ty44n2f;U@g{t{A5RVIrqEI znu!}iT@X+UyQtabis@;(iZ%8VX5-YxsmancF!#_rJx-ow$?triUu&F_N} zlR0%`aWDMTe#HYT+N?DL#{=vU7@opn?pUHIQrTNM59;zLI0pirX^9%0yQj$6goZ?J!^C4(Nk!#Xzl12c^TkedQ^8(k(Upjmr&@zlDANh z%yFy5-sPxC)g`0Og;>NL0;Pr4wdeDVXZzhQJ5Do>rSZoIo)W8=$KuyckU!i43sB7Q zX^pY@!kmtfT%a1PW2v`0C3Cb9^ZWYa0EGQ{{BlE9|qp zUuRXjXY^WRJZxIk+-sJDHt8mLuG#IQJ~km95J@|-ORwh0OP__LS@Y;>3MoPVN)dlu zUZCwN_B;k9fuh3lmE=rERa%F4x{~N$u;#yDrs)nMr_nCd9K%%2YHhe+zbU@ideQ}0jGuoV5L?tu@6xaCrVMAypjX*qW@S9c4S zZs@v=94Y7N-wp%GZzn}duo?|kwt3yX<~wGec^ z#(JvCS@7M{_kJ+YvUfhV!mE~G1NCa=e%Jq23J{9FU@dW~&uR@TnV0`?DW`XVBZZ30 z^oy3>pxfu!wi2X*e2p>Xh|mZZ1e|UAAMIR253NTJ+$DAz$zur;76i^7GeNvNj-_G5 z$o0jfx8cBy9jEU)+DDDjF?={H8pF&H&ncR5DcH@T9VOgp!Jxuh(83Q?qED9R?}VTj(Ws$ro~dp0xsIqa2_YqOm3EvqgY zJvMnOBoYdz*->K)%{~b|IaD)+hV-xF4P9sHY=z(*n7P3#|I32o}+Z%5T0f{rv!v|*K0@nejVLoB=hONaj6dHBe)e_ z)xob`2{ymW8{7zy-0pdDMOF3PFqB@$Ix7Sjwns1_`6}CXuEU!%oJh)b42gD6pZ*RA z4Zo0Squ<`dB{ifW4>bEd>U9C=&0}FDF2r@w*6NaKs-a0C7j$DzJWd!h5*_2YE{t_$ z+Hb7Xp%?f~V3|RkZ2eN9^{&C-m{y;=xNJ!MS%rYrwqz1lCA;mGr-O9A=#mQZw|Cd8 z@L%%Ptlnbz$QRF=vtl-r!TEO#o!|tlniO(J$6$vnL<)UL@V6y5XT`lO0w$gIL2`4W zeqzV+)JpT-?+OGm-+bcF%!|gX%dAiauB_P1kQa#D3J5nuSt!Qt*gaJo;oZry zveG)LlEz4gV`p-JZ`t&2YpIhHpwB0!l*hCWb`rZCdw7bD$?iCvW_P#yzYg)PI=}V! z2mCtzpgg+1kbIApQ^KN@_{W@A@ z)Z;(H0d!6iuZbkjkaG{u8)MPd1kf-s2k7i>ohi6x1Y zFLHy#gOSWZPOJB6?Z&giDU70UO6f3mC#XA#yV(Xe{Y%MiJG7$dKg`3bs-^c7pg>*( z7SXg9>8X!Wy(v^YsSzT1+7lO6$;z|2Ba96#4%kE6s#KwD9J+%Siwp z;eE-8*9A!5EArd(OSUigHJ=X0+kk5dYJEiy)}XAFuQDpsQBi0B$pMknB7Z_bL`nShm@>6#*EC=&x&U%tf#>;?z9l zDdEX}L02vLeJJ^u?5+#@t~zN#9#Zhwabu;yM4V(m))@RR*V4nWA)@H;rXf~Nwk zRAgATexoTi$c3D#<7416#a}w8bcwUYATl4^T_zTq48p8T-OVxd1VmWRdBiDTd?NZy zntZcDkFsT2P|bDF1n#3`CN9oX4w`H)v98tWk^UKHL%sRfLwYJz(5YWb*YLuo8aq!E zW0Xy(o9PMPK$01@Y|fvD@@E}D10==#d=^Q2mdtdjo~e#J%kDLeoE9i1Xitrj6NC6B z4xugRtqq7Bf}IRitB5iB!8XhdZc1uAyp{_ND$Q+v7qwn7g%kFlI9U5@&(pp4U`_wrpB$LMs*ViB1nus*4O=H=50lxF|O3brv9)Oht-( z&R&X%5|lr5KLq*B)b7FYU>LK`RP%OxYXeWp4GHNo_xdiMEDuf}jBj8-n-pxv$L{4r zU!U{=Z7BKF5#D4^$)UiiqgilKkK%~g4SI9iG23Z(`L-)y_t zI(d1DKBeRl+xb|K9}cV`Iar7(3oaseK48?{oMLy_WJu-B&TL|cWcD8F)~%eUx|oV! z=n=vK2szd6ujeVhk?k;pOBJ{U!0&^L%Pg{tq~_<**8l<6896EHvUWh*s!Y{Pk&NDR z3ahVDU1aCUq5!Nv&-^>&^VA5>?qe}}p_?n5w=e*;KsHP0jotBLOwWBUpYCC?tCpvb zbvqSoxG>rj3K=+YQD#xR%x09FusdN0^K3|z7R+FWm8Wv?4Xsr0UoedZ zf8uR4ZUIxFpIx4mq5X%}*?AUU|LxMT#Y$#xv8XcZFNJC?!nD3=R%!MsvrnXw8 zMLHldpt}vtd3=WBjkU?(w+RX*SgFnYXhrgZ5B`D~4-`4Q${uAiBPYBAsJg=beMz{8 zyiqIUVVUtUXrUErWm{XqhfXU1bz9=!QSSbSmqKCMY;g1u?Fcutp3uM!>uxwsjGy@X z8JF(@#lftchgdncn0elL@+Glu{=q}@@VptbfL40S+rE(Y@g706v7j&HpXM%e#q%mYlx$zhHk#=_ANMxG+R*ER)nf`+ap#W<7J0Vd@}{d=sN_u1^8Wyln3-cAG@eSy@KVu}zr3L}k8}OW(s&@;vpi z8*&Y?cHB@>L{rHJr%&H9cNL~OtwP-(A7YQiWOLg+3jw!6 z-kQFv4pcR$>ewBOzVXX&2=XH9VL@RT=1EYKp!6>onKy*)6S913y#((xHhv!4A|KKb zFFKcxY1ZCA z1NOwD>H0^hM*u3Pg8ogbp%Sek)0@17VO5R+m|H)h&jK>(9k#&y8^}`{#y2f>L z2j;8kq!lo2GbKQ*5Nu*s^Ih01xI9akIjG^?3gYw*Kphv$54|ufdftkBs;fBW9OC$~ z{~w1Rz8`)-q@XA4Q8eIuIP4X6Akt`zuCsbRh8vJy zezABSIcHa^y`9llS`-`mWH(Tvb84q?^1157_iHor`B3zxJ`4IKr$q7R3g5HDjDxMd z@PaJV6P>F3t@he^*S}yW$K+1JAe6dv<%Fh_furlS6wwuK)<^1#`=oTQ8cNX+S);iM zJRD1`1WMA1?IEvT5)nv|& z*kilS9jjuD2d;YV>@w2SSXHE){VD(tty|07Z2U6!x!eef13Sq$mn0)?|Iz(-XU?FFO4igc)o!4$0`6p2*0nSMq*VfjC0wwCf5X6EuDtO4s&10Q?Hz$K@+#KysW+6`3(k~#d7 z0Z!YlzVdt@amRI)9q@AGo2&tU-ged;PcTCTHnLMGvKtoh5B)+1AbBo_soyO{SwbCD z(?`Nwe1IR3meJ5lRQ~DT%`>3Yt#i_*@u(4UwGa>Y!}Gm0jb=+} zC@s-2T!AZo+JMnqZMGplfGiG=`fFvdtdu(vRzHJC93ttM^XE~FWf;FFUY#*#C3 zV?+60u*NTC6iSx*wANTiMM2a;DTK%!``fBZ>MqafBoOIDM>KgW-B?*mt{S)QyG1D5 z%;Gd2+2osyVT?&Z(VPVW&aygu5TpC6-DX(QxW1io!*-x|_OGyC&X| z@u&y4qX!!18aG6K5K2t;;u$&YrJ94%WTX7i|1N64$IQwHY+#oM4G)EM#UPe-VDeHyOt!%~5}obr$7-SaPgCp|%tU;un`_(B{3VtCra*c^U(O1~6)E>{ zZ%8ee$VZ)%blw7gry%8RjOz)H*3XOc=SLQ#iam8Dp-xB; zP@lI}c9fHH(%DkEVJ^}_aoPwXQm%9ds-y70vqPSeD@MaKG;lLN1d>sU^F{Wy7HshD zD}o(W3HYDPnxnBE&zi&ZZxt^zH<1?<&uGy8T<6k1w}7p6WbR2BAw1|-C*Nth)*I|o zXO-w*AuO9G;&5N?KK&@CwcCf(VX;;E7)sp6`J!eKj2VV--X~CruaeE~uaF%RGR^iO zbee|8Prie2D?=k!7A{fX^rIFFR@h?QrvtSJl9Jw{CVszn_eow^C8vAB#ukJJ`#hui zT=MEqVHE}YrKKbaz^2d0wpRDm7vHFtJm{Gpj|h*fFc;ce#jEV*mh;l_I6c#R6jmYUvAWTyeZto(KP-xR{)vG?HMcwd3iTQMs)FFU-^## zq*DUado7|KPx>IB(@I3Fe$#c>1Eo8uctZTM#;nH|NSpzX%iWediHbE?8H!}oAvfZz z7i?`&&vJhJO(iH;AM}2AP^fV7c`JOnSShU9Mj_(&lOpY-JX(K)6KM55H1i?H5liYx zm++4g8k#>aLvTZ#g7j@O6?!}wN`vATww#I{J8>(K?F1R2zhn`0--p?5n)lE&LI>?8 zLM^}-R!E&!$HHz!n1OHAbD+7pNJOiBB!7=?({pqI~94CQyf>|k(VFR0ifRAyBZAt)F=XdGcOI8h z{*)2w>6Buss@C$lk=!RNopjZ)wExtOQr8mJmiqzi@CuvFf%Y_4Uf6{1oAnDH+9~Du zQ0}!0&4NVcE-$W@B-7T3va7KQj-17|;g{b@y&kGP59H<9#=8mq{T0SAZEOvm!dn(( zB%ATo5Uz4tXay)S(SqNLn3fxQQl6RKr;C^H>tN`iID9XG+s^;?3;h@atJfkh@K=%~ z+=$iu$EMVK#bH(B_U;RqfXBjhF5`0>*cMy%p4NmoO{N+-lR!Yk`@zNWISR#Okq^+& z1E#aRr;3TnW%38lhm9aM>k8dGvnEl+3YryQu=K%4dfHys?)t3qnZk8#b~k?IV69M5 zcNOAb!#R}dW0f(ct5afPG3iPTiDzj+ie=l-w1QA1u|UE}nkz4sJ`RfVM5{+a^d#e+-;I$Vm0`K}M@C=}$5~ezsVm z`U_TP>l|lbmZ{3B7p^npY|UqpINhn(!@lN$PE{^vvify!YdAE8CVLmhSX`0QA1Z!# zR2I-|wrzc$;zf`0}B33{o&k3W~as4~D45Ohj^k2iQSUekA{zjtbczOOQn%yoetgn^=%fmp{L7k z2}6*U3|u)oBCAwv3X=q;xUGE}9v;Lnf;}EfNzmXNe%-+|91{i-6F4baR3Su{#mEI) z9WA7=1%4<%9Uj$q?W7x(vE6x4tp>*S69*LR9 zfLDSefmoX$&xfNmz)KRPHfZO&h^97}XTNWSTfD9Q3&tAiTr|qGDy`ZR?oo$7x$`I3 zilpD(+CUXSc3Y8nWQB`F$v9q%#vWDy7S3^udo8$aS{kPq&6m{9lL}Tls8PxC>&+D&w1eM=)6f}`PD=5F-p)xH zmj{jIq(0Z?bPyubBChc<9|py;Cve^36~d)ea%Jz)%wqTp3LGU<<{Z6U@omI9yd4EbyKHa2FG0cKP-5#7 zT7_UEjw>XVUzDx9IV^-8Azv{mGhUPsV`bsCG@NYC(-1jX%(lOWu*1!#%Lckg@n+)U zAB$Okz8lgf2g^1IfIUgJylzSNwn~l-Vy;NoKor;xcVd@NJ+Sd%ix20QlZQ;?7rE!<|v zo70FFHs@KXhvf@XIy7d*O%>T{6%>psY!x~CmUMo_p4lq$rNX3be9yFiZ8os3LAm{7 zJ{sV3(jqs#?xXj%!q+`j2{_Fb%Ade8%aN|abi0@u zOOP_=oGknV;?eLt*`tFIJ6HBrTPMjo~eKH+?*p0>JqXN`rcqN_1z*7^gP-go9Hc!k$=kL69bZI84Ch`7X0`5+?<59oKJ0 zh-o>Gho~yC^w(do#RAceZUOScxx)oBa9GG~30mZT`$N{o-4?MYgxM(lx&Mmzd*Qyc zw?~8!8Dt9dhmwx`8dZz}#30sTC?8xs5 z{U^z~gSKA8x)SsCw7)a(hnT}WvGO3?kTOATEgfoS53-2p7fKil*VR8$urgPUB&qz0 zG6RP|)9by%`IFU$9YU`|PdUgZX)T?*S0S5HAf47lYbh}ycduG@Y6FVrhK>w?LH!Nm z4vy=01Eo8P&EiiA1&Tu5D$LV@{>I}-P_U>QCB(!`z!h$hJ!`R;cRcHpg)(JcuCGIj zY=2`_r!rU(lM{1~C;$!t;~pDVWWlF+pN9rZcW{@^Q#?psX#|8nKN$$}1tjk8mUCia zXym#k&jz(;zW<3rI%&=$S?he-hpiA|v1wAwCv*W_tXg~yxyfz{Khq;fkRyWdV41H)_)%G zj6$SdtOZMv9`6#sp=uyC+kV5FjTma};y$+Q;xxCp=M&}$;8BpGzf#R z9wzd~vY|$*9SqV^!CKf+)e?Ozv8b20AVi9Y!9fKV&%Z_Ww-O+#7ti{hLBe!lIg2(O z&H=FsH!%GtA)wcB1gcmtPo6)VLtOm$f(&sN_%JxzVV<3E#-GefyfDRkKVM6{SRs2s zN0PPdfbH;PX6D3pZMrQKF(Q6nY}pGLygh6Ny}sY%sGM_q`q>>n3LwiB^3rS{zt35x zKnzZfOK7O_DS+zeoC9Y~ISv_QPgyxO70}{-9ePAbA2N>9a`YR`n#0cF#6%3_aAcp$ z?Xww;(iUEdGIucz2^S4^btKM=6OZBVOlFc}7UVSVbedAuG4Y|_$D1?3fkGyF(chVp zp*H8DR{loxk*3-sOSJwH%^!j$fI@PLB0BaYA9Ux4i^wH~?Jj_#nF~!0NBv%KMH_p~ z*L!deUy3zGJ&K_>Y373Cw+@WTHVG)C`4IocRK^-k-P+2iRe{NNaC)Qg28A5g-x#w1 z6*USnVjZHEfK-vOm=%RR=%T2%DuA#T!vo%333TWUtFjxB<~K56uOtErBvl|Q4(>J< z!Kj5r!ub@Nff#?en11GO^&6Hb8kQ&)meh0^fb#hAcJ^W0_z3*4?`psp4(!7{22~AE zijowV#XHip6qKMQ8%sK1+jZ-u4soqY1`;E;50R@8L;s0od6s{FqXP*-kGI4o77r{RP8sb!rjW~zm+EZh+?g4BjthwaCZo7BuhrVu+t#%PO&hX(c z6rwb*C?dcu`PS~$zm4D3)_;XJY6FP;6<+_v>p5r#aPph}7xmwpqYemfhm?a9R;b(S z2Jzc2JAefEuf*0{eBkwT(Po1;z<{2~t5+P0c!__7zw;)uZ@CexTpD{k z$DlGwjo=B3`ib_WRADjfKx}sV1`=6O>D8o=iFpptjbhq_&H|(M4`hya(y=@0*$>mH zaMiYcR=3Ct3ORq41++0I78Lla#QbW&XYQbbkAhI0N?xjqr5olb)PU$+!`&mEKh-zQ?HquDlf|@wtouZ~HRroBH$}w@b z{cMwS+BoaqVfTUFD_5(*(sEbuES2$_RBb9=K7d{z+CB4lz}K0d;CVMtc;32_}f@qmyeO*!>R>?KKo_$^r-l080aY+tL`g&MaE& z9wG|!XRdadniRF!%`)+L>>cb9ZjLMr*?CNyOFeo@HW#n6N3X~6QR)mH0-%Qfh(V+t z3VXOkF<`(7UEDGK67>t?-b0LEy;bxruNF~SB8fkSPuwGPZ0Ez&?hqQD?1Y*Cwh<$G zlGzbGmVr?8zZF@W{3rEaq_;$SOGJD+?!XuxC{v8F{*|&$8+k8g*FOJ%f>zUl6N+EqRZii&4A~i&X$40)+nlyA)gO z|I-=}4*a+IRd$ruc;Ud0c1JvsOi2LDQMR(URISo4o!rc_EA1?w;tCES!2ABggWP3u zf~=v69Txyp@^=2G+T&S^UszQ;xUUecRRcF5%o}GoDyaVl!|z#wF3>|eJMGhVnCRtE zQ*P0ai{shXNThu6D$sNf5S&C5*=n*O{wL(N&}fJ9Dm7g{?EAZZSX}{L*XVQoso)s1 zOA2Z2E>7wMzaiUw3`9OLc=1?M@Al$n4T2zXoKLOrGfRNt25NeZ+%;LhaknZ_yZy$q zGr$Je)Ej+fD)B~1-u>ExV9=wt!Cqd>Qx4CD6776RQ+3;M-pYrSKxDM2ZX4( z=%p|fwoC)$1({nPH4AnW-II9&4}QHe`R6>M?kYZDQoR0+;{TL<3yZVjK2W{E6(T#v zfFXP2kld?h+(~nM@-u1;d!Jg7L$&Jah!!e;idiG*pfO#WL>u2Q&#YUN9#WmuSf^G$ zBW}bsLFnKpYYv10On#lw&9w#fmNk$TKC(FV7s+bY-^L1pSfR|F*s^0`qWxeE?DFq; zTDMh7X%xJd{zM3R>#)lgvm$oMKyrT|!jHBW82%`B_>LF$T-MJOJv$v@bNw}l{I8VA zy}^OTXDybRe6bg5b$B{~9&cmH1pX|;bFQ<>He!DFaB8AceGHs zsbe9AlRV`yCIs$Wx-v^|KURhFk*nx0AvfWBwnE~`zc}g zEf`odwc-Kxmpis|F|;D{Dpqkg&1UGF%ikYO8_X8Q0jc91|Mff=ibF%(vs%Fpl|ri% zuzXfysdcD9-O+&17Tyes1o@QguIU%wpvsp!FtkGO5Hba@-Yi8D*){J8; zme$;8CU#F94M7vsfH7pmSY=C*fVD;!UZJe??;?wknuYJRp0p^t_(++1hVKV;2w^XnMtY)?qvp3kUt^`+knzYudH|+ zLdr@v6XKodCAkk9e4blYjk~{9a5G|o7Vk*W%jBle! z`X4>}O1|7$j6=9TR6Kf$F7Z}GjHr}4UH9s#OI4O~l|+xg%x?L#4u7^|CUJL4LQngYLsk$+`DWmIbh1n7#-r_K+C-zfjX@|J^8sW9220c{Bkkx1m zflAAx2(U5DyFDu=9bPY{Jgk%-`vkA-j1%~Yifo4=)!jU2mhJI334ao86S<9TGaW&x zJSBg801?}KP9i%5QJvixror)v>dlyFw&?fz$vQOc1I6G`$vQ57AIe1C0o43f%(aD& zuJ%g0c}VFPb~AyDTSG*a{)Tv9OZa(sN&@tp-&ADtNe-@|F3n&N_wDgu$Jbb@)3{0Z zxdJr(Xuc&mL2ObAerRG7fQ6wC1F&`@)j!M|XzRnnaM&g|a8ccRRC~{=9>gIj6%?Fk zyznv=IOz1%Wu<^+!|Ii9YV_v#JjzL&R$U~ZjKWB}qaA|p{TY&SR91>M5Qf-!n7`+H zFw=w*s*PiLJnwc%IGLn2S2+=wzP3i|GQZ1Q;8u+Ox~}H1>-*<{&$IJ(;Uoxo=b1pz z=7@j_g(vNGiL>9=AjZK|mkfQ|aDca=xplKR}7A9~=L+%u(6MynGp2JI1r6UPoANtnS zJ0VB}M+#2Tk2wBO*|GD}GXnyEUN%DvKz!XRe%&7qh|C}^mb8NjstdqR>~U6+iv1;P zt7q<}B2|O3NCNx1cmj3@Jb9CHU1Hk@Gl*XzOv`pk9%*Iq4@LN%y_&Rl!xNZ4%1xK< zOLOB@B$ZQNAoba`EUf_C-+uf2a|h{hdHS4ok(JV19)sQQNz5tNMZT$-UHX?$zwIUX zc!eb=dNvwr>>B+u%mk5B_S8dZ?xeV-Vm^xXQ&vf~C5Yoh6;^+C7-F(mx~;H=&Js)W zD(?nRN?rRx!pCX58pI!~x2fM()!s166U`~~g&G}H>bT0A_Zpu~(YjEsQE+ydF8s~t z5Mo2EbHv%^`TZ?m5Nhk8GvqBDCHY__TXs0)`#|suq(GOtSToe zMs~K~5ef}6=m~K|9w#0heL{sPt2RRI>X)kw#{7sx!zbGpn967@{h+iuTN-FJ{G8qL zybEZ_Joz?j;DfHX9s22e}c;CX&fUDz#g>ISyi6aJud{zLwXF6a;vGUeI4Q zT&4DuFN0*3Cdpsm6e<&pr$P%P>H0kdE04p0M2!1oeX<==YNs-JX2|Iu)oa||-wyCr zlLwvABYxOP-H%op_F~YX81!Xb_54>e;sCi`9Ewl*=dGj3BZ8!Ds{X0c=P3Oa9JGqZM$^U4YA09=>O49}|B))1lH4FoS1)xOw^>10W4h!M8bbN{0G>A^b+f4(WFz>CLezXl3$+d?WmsKM0t_B4ccl48L z*3~WQGn+Cc(rS<{bbi*b!y9x69Oef6z9BneR>aEZu~qXg3lA9SenPImu12@P*ENoe zK3PaxY|9>rDcgin6%h3j>kUuJ9YT;|Sng6&;xv^?U?X|0$hUT9-1zZu){<1@UanlU zYO2`id1>Y8wrLlrw)f`vW9V2rAd!>&851JHP_rh>$=ly7n9c{`EiFYS8^B9Zvap0_ z1TzAH?sV)=HZ)z)W7*AA3d9w8JO@yhgH95}^Vmu=Xj!ZcFs5vg3gHwav#6jv#2G3< zHcI02@%OZPl^t3VeP$@4?Rg`J{wCse~RwK@)4KH5MN7nd7NVr&EL8>seTLtztDm?}u znHLwEkmsnDgWr2obbFH}7A(=>F((h5511o=943?JQMDjgXE!{&wZv)ZBbVoj+#j-K zxzv`mKO&Bh8Vl@wD%55TVAVv+=n#=i63rD3MW;70XksE_r>%<2@PZPc;*9eSA&Pom zrRLc||BA>rSz|e*tKPRlWlHqszLrYC%R3;-&7ln~J6K^ymVSZCV-T$;t5nw%5?pbr z%((tU)Khsca*wuXMsaae>IwZ941}WXH^14(%VG~FTu7~Mw_r(N#Yr~OA3;L@qyw-R z3EbB($}Lg(_pmmogUGra;rDqlC@wb9CK| zWsC6FeFYJkF0*99l^9 zAy^G*)I+`5W5p7QGytbmkSXp^ z!bXZqjWOJi3lK$P7Jdf($s1&voUZtJ!*JCqkmsRlMm8)EX*?ZuQTbVV#tQ!mmi~h$ zsTO#`7H`*3Vx24q|>(hox70O08N%q>O z&MD?-`JspCP+9ZqV5RH+Ro6t^$yF+N!D!RPfU7l7vw@I0fQFlp@KXZ9hvET*PFaBE z4f}a{<%RMCA6gr{Y$*8_;t#LmBqZa_40C0cQ3E#N%aiv09WAD74;oHoHa!9d9A0$_ zp{7%m-9FLqRh9mX113<&xO{4}sp}~{#lvz-^6Z5NJ?Nq{YQi@}^6-cULpww+qylrJ zf1w8OaZAupaT>FnyY8|mq94nf#ySrxIagH->k3lS9)j|Jn9Z_pj{W%ywvJW@%j_nv z!JdSZAr2uXvW9%%&yzD3i&ik$>Wlz0TV1r;OvH??Xq3w@A+iA#E9q8^{6d+Q%>)%~ z2E{*U2NPNgdWhDrY+hUqnnd3&t_YIPdE?;gi)62kyvzge(v4?_RJ;Re$9ho2d-);5 z$6yL%PG-yg$Un2kE_Ymz3xcTv?DcgiuBmwI#*%O%n-6ft&Qug=y5Xn+P>&U_GhK}% zhrV}NW_})xKS0=2^k}^;JHoYZ45F0kOM`WBPLbS|SIXDbPcdrNLXkUI@+*lwgH9hG zJ(6dut1iV=&$btZ65j>kg)dl*Xe>J6&sVE|{8%1v;znGHP_`XZp|EAz3A{~m$7D!C z&7^HVwuf0@J0)Qy?rv0{$0OA=6^D&ux?WWJVN(aYCR&Aj^n<%pJot3)`fn^)ZGPt!Dh>MSer!7BYyox@C(7- zCb>zhoyPM~#pkKUrT?O=9jRqe1!C1R(U~$Iw469cHJj-<_q-?E{w;^r@JYd?wG%1 zlU$fFyA(07obB0bsscx3|AKK|>^aCq2~!K1xtGHA`d!=t$US4Pg$-fjf-&WhtWJ5uO(g9X|`Z`oqde*e1^pMm&RMjjDv1CCwn!(hchhSyqmuC2@0^&U&hC;)W zR+;P#)nn6zE_2hcB8k2>1``omC9|gzQ{0ltU0t4LGu&q!}@nNnm}K9qUwYE$h*xb~&2t zQ_*(=>%D4MY~^RSu^M?NUJf*&j_o35nCLqlDQ{BVgrPk@Fa;KKebpOO)~o7sY(2bS zRhnP;R`ggHr_3pw1sX(56d0|Jnq7J+w&vgOI;l!$f~pK{ zUhQXP+Ok1wSWM3t&vxBVc}NJK;buwqNPr8BrIm0&`3_nKb5ux$2ojp+7SggHeIcgY zEwW;05-_ng!Hkd*pb~9w=u<0Hj!hlc@mtar8-L!QsU`CaC$9%C;NFXlb$zx(}# z8(K3mO__#}kQE&o5ndyp;gOW(U9Vnp1_L4m>|{)CFVy2jiErid;0NN?y)GnW#)d;c|HQIxQ;~v ztupj*I(WQI+MF*sq*^?lZ*Apmwuq98Y2IwD40Dl6x1b{*J}tSp zVa76%;;ulAbtz+{y!Um7HhYRvi^Ma9&Lc|a8jt<`V zXRm&&FmgVpby~@lt=}b~Q&HekSZEtfU5Td|>vhwcvGlS-qy@rMfR>_;i)uv0bbNp< z+A4N=SQ2n9$#Kgs5pWd}!%CKQVRO(Fah)pqC2(7Oz4>C**69@d4(kusZ)j@jJ&4E2 zQ7iJ5Nx5rjhYywl7T||b*wd9{AZYr~urzU(SlSH*xonY3PAi&!))@H{R*W*rvJ9*& z02~Q5QXVS}xy*`D0te+rSvFm5N}t-^P-P}MV7?^U1Oakmm@GCvIwS6zIq8mmT>Ll6 zz<5X^5P+R}xtpsxKVwwD-AEuC2omwp7NaeTNv!xOq{-BE@GGS?L7mrv2ZSLGTx1xh{JSsA3ukWgHpL=~<%EXPt ze^IE`jJxZ~6E3wt8Q0F>HT6G*KR>n=id8I?n$rd>?d7gz|7W~R^;E@n`()Gmh+|jn z0JmkH1)0I3P1A7nQ#Abq0o2#bz2Rn%m7HRh%4FMCPt%g*0h99k9B|H!y4o?;C*>D~ z4Y6rs@H|VjbfV~zpdO`s+G>8{#nHEFtk0K~7*iYy`}w6NTmVAw!}#epdme;{f$=BL zi0gRzp(g~@o^-lbOsLMqA=?zE zc)BG(=koprn7?Lgd30pb^jI)}aX}Ho+M{3FZy>;!e%igqn@N#G;Y=5%U-pRGPCE0) zup?fzEKJM%J+BIds!J=4dps5&h141yXPDI7nBv$W7Avb+=h)cug$L4K4{Cm2dg&q} zQn)OOi-FF|#Ec6{iapBmiyu}MO1q=p5g2T^%<#PEO+XV6%j*5W^t0xkxvREUw<_XS zjFR*#aC({M60pAm3&Rve4EsKZCzSu)p`ow$xm$};8^^}x_=nW^Z*e)#&q(#o>YbQo z)rMNr{7GVcp-3&Gr@lX9$dIG>=&K$D>a2s;7Q>!N3*C|+@24cgQ(nA?n=j<7`wiRY zL}u1(F(aw8%9J00whSd5T_Y+;n<^`HBH-MmMfsp@xO_*vn>@44(3k)eYW$-*&jMR; z5CR^KAWbZhrDG)zu)h%xjYP(sH2AS@B+yNO`e5uMIahDZpHgi7g!I%5EYuDgT?FFo za}z*U*Q7f@vrbM)e~7YEyyg#>xJ=lw>Yn1Tx!tlof1+P~Am%mb!+A}P0^f9pV)Cm>@&yE@Vs4ciy z7(R{JX=bR86xVen+fQ4!x!C}2FtG7dwA__MO;|7m51#a9Y@>K1^l+Y6=%Yqn%c{T( zTOoc&8-;Hw>nQ65I%iZGrqW-y9mO&mGuZ^15812=Zv%%$y(gPo`XRN6hGda#bZN9O zNu0m`@To5n6RYK|$hk02wRrN7t6Hs~GOK-Pkl?-XNpbZS8DO{a#ivQ04MjNHOlxY4 zjuF^&;`Jnp82yrs8tpK~_{pAo?s9CUJv{0eAT;&;g%fbR1SZk!`x_06Tzce$ZejmR zb?URC4fvGaVJqWydZH{kE~-g`R>qnPRZfWg=5v!Rx6tTr$FS7>EG&5~w{53sr~M#4 zVs7%5n8VoX`k2lp<_O~OENQh!2Ca@iI4{k#D@CCZw=)Pqh!?=UTpQ)qr>~6`eBC~(hc#_St1!ax$ZBA*9}$6MuLv~4 zTA&e<`~u=IRbj)>c)O=V~H`w3^y3b@yDJT|OrPWt`pPOU}t^xlv0W0(*d&u%p z=f?d)X2fqNzamTnTN`)>S<|hliRkp~bxn?TSS&AxubExEMEGO<$Qp;QIx+?H9)0*T zk>#96WR`c0s4!(Kq;X^vS))0efdN@yB=%5sP%ts}QUQzARvGXyfIGW@%$ z-}cq3VqD)!gAevQfq4PXIyZ`qCw_W52kY`>sW_hrkc}E>mik8}49cVS7{SID5B_a5 zxM)$-D7Z8ngDftV*Mnh$_t_UNn|&9d&zc$A0{0krJrBc7JH?gxdG(L9tHLhzeYi4W z2DFXLf8m(oWfq3k^SfRQqe0=TQpUv!MfauIgcY!xtXAX-f>#e%FH_%l{gG{DP9Sa8f|6&{J^Jq=DTy-(jtG$f=z zU+%f3OcMA_HN=>ucZRzbbIR}EF{3z9j7NHJ#jfq%W|lWSf1iq%qvpjOHAcPM7m2kp z+2XE;J!c`RZ5lwQf}ViRnD#r7vBZUxcW#5gkvl7<_bb!RwCUmx>beF+yBp04Pqd2@ zrId9&Pv@<%?X)P9`#6q3PE6|6E6Qa5`SF|O$tbQ|K2O7|=j02GvKFR{hFtgA<)E{e zQrZt(0>#j4DilCcfv!DWDK?tDtOIt1V9K(rrNUrh<#8K@l2T(lhaxl**I8**R)!pR z^`8W*vKH8}6!?OS&PvOvZSkwS|NimO_Euv$uIfd#&dTqm zY}U)8-h+Pv`|HK=NU|xG8uZr2bk@W>urh`cS521&`thoD#aZTx==MxlA*#Z~YjS}b zi|)|U7BwSl(Mmrv%?iJCpkCy5Z&&+yDUpsTZsgpLCD<56-}Bn{)go*UA(kCwy~UkI z-A@X8@TL`HoPEfpB-NJlS+i-s3}cAS-|l?RDR5+TI8lpIkF1i`U!EALv|14hT8wNB zp((An;$OLD98h3j-%bjwxPSJvbe2+;b2w{oF=+7y+XsVI!*Yt{+mGo)Y)iH4nat%% zd;&-S%AdC@`YEN$k7(0U0mv_3Wa7tvBtIwo%zBkl`SOZxD$#s7T0$T`IIH7~jh=to z)ZXB$3^eG}pgPm?=RB~@jbU;`NTC?1X0%IUM&P>}YU77-U=q6e?f$-%j>2yN@;k9) zLfgG(L)r2|B$N3q?0TJo9}%t8NB=1Ax?EGRe8-dCo_%cvbVz=fxt)$2&N}#^WY$jf z=k09qiIj%jW0EeW9=13dQ9f4nQzd%cTuPGdrjr&^kx@Br*1nJQpGde2#oTeS^hZvsu2jp%Tuk0@^!k z_n@Qq&S@<%IzRsS#cg-4>YA-F{qp8En_^LHY4Mro-nx^tPS?vHr~XIpEK6>ly_<3wT^LrSkpM5HgowO#OSALb)}5(uW2Gaid6meW~yh|FUcn$qTg} z8!cChRl73_mD-2Cq+ZmBmc=6$G>OemXYZD>D1mLGY*28Rz-BnQ1Ui(e+k^rJwnPRC zHf)w=f8n^YcYt3=_Ku#j%2f5ntiixwaZV3n)O7_rNH0$oJE(~8p3~P3TSv$xZ3AMc z?USUr#q!MKolWv|#G?3ML1g2G@ZEKTTugyjm``pIa0ZK=xEHanQ_8B2iJpaarP{FZ z&5IzD;OFT8nC>l_iqY=psqr=IawW-TMuX_ZHK$ji?SY+W6$6fY-)xpI0>$3P>KQeJ zxX*g`@OxZZfAe2=`iz#c{AQ$gNG$uA+>~G7mm;h57PQQ1!COZDl&}RCT;+spVL7eO z+HY;G42%dLUzeNlnSs2CIjnwMr_UeMjGENFXvxc1i>{s9&d9MJct)UXYiJ|zlkZP( zk^JQ&UXc#?d#3P_{QBjTK91{gD+%wl-@Cd=_s8^@6m~}siS}2Dz^>b_b~y)E3(g)g zd{~xVt}e!df8h=(+SE;SG#HwxX|NB9UG@K6>cv#wrtN1A`qr;*iGq?zB52%B+w7JP z0Ch30TR-GGMPOT{CeQt`g_rOi3X~D<4^ZcyIVTT=;$1ls zV4;|}4o3tUM}lHN2v#VW9C&#QgV@A`Oco}R=viXHshFsvXA9Qvym6SyK1j$)1TV@K zYO4kOh5MuNjD^6YCq|6(>bfzVXR<+}K|L~E#<{(h9XmiJu2>Hfasv*|oGPS`rb!Q> z&x+!t3~_19ZS)!bvdvo$DTQcnHku0iKBOP!DA~*Uy__d8s|U75(7boUr7;;w@Wmra zzMo?MvD#Z^qE`h@yq$-rdfbX^H^hI19ka@DSzYqV78s0-)VYs-QlHMqo6SQQ@RDo5So!N+^yR~E~3C% z`kFj2Jh!BITrtGPU>jvN!iB_Ml|}XAXV0ovjk;Z?GO@rRUV4_Mb4F) zrSAQXDyR2Zs{u)o2scJtv1zE+L&TMio6n^KZ`18g%YRBmmHdhm>yW5!{n#QBsH1PV zVx(t0X+`>0Lp=x~oda^Ag~{?EHsR}NlONlMz)Jj_aYxIKSqe@>meel=CAeO_fA=wT zy#D9g19ID+(E6f%Yhhx76Az}`UDeO^EI;~){mA65Nr-iYvV{ck8<`DEwm}R_r}|zj z)(gv52U_2fm2d`=G*(tdb&)UELD@Ywidj@Q3ye%o`O#J*PT z8qz7NyG2&aile0 zriv=txy0#}T5q$wzx#T?+v9MPouzZQ(sbu(XxaUpxX^u}qNi-TsGsW5{b({t*mN~F z^cqndlW*i32pRb(?)ltbI0q1aeKaUyFd^i5Q`ANR`Skj`do@>%HV+)8;3+odAVE(r z$P7x1E{R*ygi^ zlF*df(YysPOB9y~e$M9Nfy!Oo)tQWf12H06eL;}v7Cw}1dyjr(Fg{X$aOBXuqSW?b z6Gcz^EJgBQwqX1CJv~SO_^@^Ov(FTkNdF59xoc;WW%!q z!_OcwUs+skzUiH~dV#4ZJJkFmvg6TFuXnPb?RJ@L?apSU*=3koo1p_*zR-tVj4;?J($VaTLEsb(E@191dD`D?+O6pMCO6$zbdluW3sR?rYNghv0m9PKfn zU$V$O`BwqM&98rb*aQy55XS=!z(7DjK}SRaju%A)PVs<;LqNnsLdK`#3B~1>(Q@x2 zAflz0k~S~hA_QCV@>zH=Xg8noLl~`6pAN-9gol@epVf2OnNAk4{c3#u8+NNto{9li zpr|a-6(%XGYy#+%rIXXrC0wf8P+*HWdEy+q;o4TW=Yh384zopZD3acbLlqy6&$RXp z-ad?|ZukJf(Urrp`LmTE?20A%a*2bul12LT^Ssx@~6A#E?CVe44#)!sF4HRY{8;W%X;Hi>f-yR{Z9Lrit_*-H5Yt z4=gKs-flJFF7G0xD;_w^Pq_H66Qc%jzm?1TfY<^CYdMH#N|aY>gZcJ1{q`_w$}XJu z3SI;~8>hU$TR zaI{Yw+U%g%8@;0Y#~~)rp#S9NyE=>_dZ1LDzW5-~N{O0^&Wo?P=qDixvw_i&5x;{J z9mf`AnjSYX$2!6DUkxtA6bz)_35Lf3;dvDRdo_~xzkOS-{kq6c!wFdT{wySNF(mq9 z|AFMd=9W+K*2!u2^y$^LiQRS3{qxp)@kf%EkJNwRF#o?#S~FiiAuf|PNCS92%p1g7_-joah#Kyk!F!l&^sCXu2$|@ zb#U&qu0rUaXRX4l3AiM)GhWFX|{Zrf=Ps8B`BYX0N6Oh-kLPIw?Q-NI;2Kb z9S2n%{~n=Id)>s6>Jz&w$s`zxoiKnStR0L7$2^sF4mto{c2 z@gevxT)@ZG`j8+d`1-QGy^UCfVrnmiNfE4_uNaLFe^ei?K$0gyce=?Z&-SF8SepXv zEWy>o%obqFjue;FuNeP}!;c0;wB^2rYP1sW20{!vWh3M*T4eS2=g`clnnc zx=6rQy+mAB>oxrzdB7K%FI9du6Aah0df_fZ+L8gAo3=1{BltG#jk@aSH>Z6!mujX6 zpZ$S8QYHEensZmFqTfxy&xe_Kl$_5zuB>2M*%R^oY~{W8^`AhT40{`|(dQk-yj+sg za6)BJ#_}^*lXwPpc%fz*#v)dMF2sq%yKcSm5xZPXJNOLPSb~1F{9cN$?$dWK0;M}f z#)L{r5v1FG{33bxZr5r;2vxv4BhVa(6iu1QBAHsUX5{Gjdb<-MvNo_BLyw)dC#(EG z0!&#Vq|01oVQzTO!BE^S*^}fdKGcS5RXTMdb!}!i`9cc(;Gi z`bwF&&nRpvln4|fX*eESuSa@)BEG!zl21LjB<8LrWyk+35m4tt5Laj7?~Miz^tbJ$ zGe2Xpj$u$99O_ZWqA0&bwk+7#fYrL7aDvU%8As7WM!N@P;9^ubgeBWA3q2hfB;-Dv z_L}vuq>!|$zHqL-I%!vJQMLRC=Yx3Jb#fDSI^W@C>^;GB9>%HHb z@L$wos$%l!jq+gJs%z?{n&H`$nwBPzQ}u-DzCZqVuF2w;STh>dv-sl%T?<@5gQYGRAxTGU8IT^>kAz#K~aH`WKJyUvB*;*r3o%-UcEE zL%qzB>VbWL@HJ#B%4K7-|0uUmR#l}X_5udrH&?x|Hp2ckAcK)!Tt@@D z<7!6(vOT-BA;t{wg{aa&T~jUtxY|^8nV6VtP@rsd1A#Dh!a<2_9mmtMa(x*qDk{rV z3}JsmFfk3Ngw*b-t$nB|H-DkorwW5ADwaNfz!3%w zN??B5q^8^-uLa=q9Rzk2e#W7Ik@+-D`)FG3p7M@wR$N*ApQ7M7@ekG2HN7;YX75kG z!ldg>LB@rq@_eGsJv?Ndj8f;?~$uwmZ8fw9f<$7aqo#^4hA~I*EgNx0o_oa&JHr#_ALxUGqT{nmTy5Ccgb(%)x ztRQXRfP~xe@IvC>>ByXz;Zwi~-7Q=JH)3+hba1u3;svc zgL4soXz7DoC8YW7eMNpJoly+K_#GO>ti$8!%PUI=N%i!V5Om1U@9G$TvnSWfJ;BUZ zj<12fy@RWCyx2Y7b?q4D{#&*Ufu&P;9hcms@%L8-|ECtp?>kWiov31A$@uZg$s;e! zg-6~^o(R0b9p~wpz_syd4DHQ!{X-j-xfK1Y_XhMXY`#A;Jmvo+O~4kW z^!3L~9EeTh?85G4ApM+mGH@Usc*7y48tKf_{iAOv|E!%39^VYf-jP}csy$0F7XdNB z2G!g1ufLvb=P51%3DW$$jx23)fa1siFNmydrM54!nYre9zIB|t20mE+t_i)WV=5FX zgpF|V{BY7Lu2-{_Q7!d?bmI?9{cK62FCoqIE3h8J)x6CovcPf9D-qF16QM50UW#*a zE?;IXn)~^N3Er+%nCk}=x|`N(s5jnrLhe_(?gPtzIyfH1SR9b%*oR-9aWo+9mzJ>R zOb33S>Sj<@P!^xMq2~Oa{ya_`&{&rqA6p#^A$l421~b82u(o4{#9XgpE-&(}jAE{N zonJ_Km5p<^e3E~HzJTCVbHuy3w~-U|rSM+S57Dxq4*<=J-m!8TAkD866qHePC>rfhp3rYE;&B7e`aQQ%fI==oNxtWQ5)d!tIhDR&t1gbTVMYh3z%#A$AGK zd2f{!6qR95;@q`&DC@o69Ynk+vrF1_;N(M}#caOV0MvrG3t4RFi^;KCL;8##8s9OZ z_L?El*9-7VxJfag@@U5|$1j%9idQ)p+5=m3Bbg&C`5B15D&>CfR$(}9GIZ5K? zI=)H_8;qNypGhom>a2NIwMR#enj^~ktv5kgKi zFRm5m1YlB@VQa{im=+(Dq9`X*;Kw~84`=vl?)7L{QQ0%iWObMpS_D&glF-}Q=HY38 z=rq=c59a8)x%PBagu|E*^;X$NBXJq_z9m<|Ec^Z{vo2K&219+PELfvYoYGGm{i`9B zN1mrI`Z%p(G|W2uaiobAv==F_t7sSbYn#hI!AyT!Co2 zfwAw-4hMKWBW&m8=D5f)JY#^J2A`53E7*L7YgU&l4-1S<+Qo>w>6GdkWI_7ztqjTE z4aP~GKHicJX+YJZ(HDDqdVKVr+4vFWo*pX4f^=GjbW8zLY75{s0F)idO-^dnNjbKk zM+=JH1v$2aY9tx6nwseMLNF1mEfbo=B1qWa$D27Xqv(WCS=WjVta0ycUo7-RWk?=d4KM+g$7}V(V9T$F z3e%A(quM~fG!ej_L%&w1=x5s!7k%>W?ku#{ye}xm*t#)dbY$P}y5$qo1<)516b~2z z?Kik%yF^f3gBOi9F1SyuI=66B=2b$vMp!`sV;Rnqv-mIFiT~LxFgyr^o+W|MGa@_^ zDl#e}A`&7T5PJqf&v?LL%=mP;JW{e+p?$R6(&p|2MD$=QAo$Gd!EbTOklH*eAfwI5 zr}GqiMtBN7hq&Hc{Q3E~@q6!J^5Oljx%W=0?R0j2aSuXQ3R7E9T%*Rtx;ww=Y9Eb+ zpF4D+6tb^K_Cs2TqY51n`=P2RR{9M>mnX#iN5WJx#y;1#Z17Ty18ou zN+CC6M6lh*&R4g7oVav)gA&Y*j(_3uE*o$DoBzsqtS(*rfdhFM5bvs(w#1i>*jXYj zzws68tlhDv~8|^2o~*F za$k(}B{YW1aKR=|KM?-fZU%e(<=iNG@iUBejW7~vnz{kd7xiqu{}3!5@X_zpZQ$?M z$1vhQJQ4p6zM8m0Q}PX1^0h;nhJiCVE{|Z%&Yht6{os%6>t>Ln8`JIEVz==t zlKH#W`tLqeubuY}{gK$rJm!L4-Z%a~lGy#>e+_1u{~^p6 z*3Dn?Z$N(3>wR2=T&7YjbS&M9y#B%>pitdWwOTAO31h?j-Piej^Ot)Ep3NH>^+(9t z#)UHJgTkeHExJvs@T z-xyrgPaEmdEb&>l{V@C?vvT>+&0DVBxOk4{*JCPAuG!mGMCuvlcP~^SUstUNCXkj; z6V!R}=*m=V6m;+hSaT*CmtIzhm*~&pw1i27T-KY-K^{?UVaK=@IsjeiCh!3RxBUp2@Yc3sQVdA%%Hwv{*WjZ3I;_URE|UtPTABy@QF zi(PzDz5&?ipSK~4!8~3)XJ4m5rZW2v&DtYT*eK_9198D`{meC$L@pOaR(+GAn2Oay zvJ@E7lcpV=FZZG#4^w(UMe#-gzdbvaL*yhOwmcYEG zApe7J=G#iu{)JmZTXNj4!_sCNZ=Ma}l(8()`#bjUw~+ftzYt}0qmU}-J&|XKT1fG& zUUw!Jrv9EoaRl@FrPeaN?v^dol6sWPV$$GaRrNj2zwveiSZUG8JG=GhEftMU&NV)O zY5!XTX(J%y{H->29_qBLgy?$KU$|WM&)+(~1hv}$t9-b4kyFp#R#`S%_?CmlTm(@i zvX9*^b&q@+c@A0mnC!|}wO#1GJ)vqQ``~D65mfu}FWgMXl*5v`KAMjg&95sxQOP~~ zIEV;Wx3zh_7!gK8qneIeQoKn=W&*JHm0|G_hnxSIW0z!=sF_(Q~NJi&0n6i zx+OVYqF#g?zFj{|&^xEFfl4y{gRs6`pKI-s)AXaa*<0$N#IsDx$GqZG(I;&KInuK= z+`AL1q6l6)wHRDD5jD|_Dx|!ry$W`-bke=9C9<}DnKP1%|U{^o@y74_-VwY2zM4){Ohhxp4_D+4-#3zj(T9& z@7!-RCUM&N@)2~=@)u4r)9&qObslhBB6-+vADKBC0oN8x8x9ExjKY=`OX~3kG4P|4 zCh_~(zPGL@A;rhg=C)PR4Ow|Z_4)zz+c-j(PN(GN>zv*r2VudaR|^!_Wh?q?YXYw_ z8!8w5+CMURLxM$xpW)?oE<4_tExi2bdDT#Z#hg4e`O;bUi0Chzt`jg@$DxFiuuus= z^T^NbRUnvwfMd(*5!Qn| zxcChXlQnXOFXB1XlTxnJuQR@5XsUa=B)77rVIJvkxZ4t*rE-82)*&yLHaBiOoh+7Oe zSd`obs~sfpYs(K8X4V2OUkABGV+SD)J6yzL!1J~_Nq;&$fZ4&~c1KxB#;(%UxxK7R z`0hE7T^?!_3_;N^(b*`I_cg1U&o~DQHSlPeEf=-;2DpH_3ir;>AT2Uys|aF>IFwr? zB-R9)Ei`xv3+Lz^TioCB!HxKH{ZE$FX(?+2L$Gu(ZmcWfdqO?i1Tr{J<8jnI9#(b! zvuO)NCj{`eyq>qz%oaNy`J9(dl9GE6?4$L~`ZHF2TfwTa(cR>{VmK(}%(p8T%LEUO zzpGu^jinSziE<~RMzY8%qd=%){>hc!PQA|h#XFH;hd@o#5UTp4so$xo#4a3W{KYmJ zpAWKvm&J2edtOYn{Zxp0kAdRP3G;2bBy1(c;oRMD_#yddRl1z4l*afl{rvN^4ELz8 z$D@Tw*O^VHz)*|t(+S`(;1sqCf6ZYZ8`R*(fWT z`YT$yH!xr1h4l@w&M9~#CPR)28}h7XGFtEak<^wthMv+v!tYp=gyMq*;TsGh2GE-`4ddS|^3{9lK)|w40X-hD{={X)j zgLn>DC$zBTal>nGcO*JxH1m*8-QIO2#I@_At?_6{qA-1bYn2PQDauw%J9z;9 z6Q>fgRGHGotXp1kv{|>zf^?wgfR62kc|X8}g6T3!Y8~kBi`_zks#lpI$6XiS_{w~h z|6u%wiyASWDPp4$!;WsCgB-y@XJMd66j9GI2NSWXG4TuNQGdT4LK6p_)T}rZD84=e z8D2_@kYTSE2E64b;9F*>1tyvSLVptnCc>vCqBr%(7C>njpY)J{51a(eOi+A zZ<3|W8?I6%6BHB+168|HV^y>2>hhpi{ml_i8KHe71s03V-p~U8f0#l+Mq~_!isslW z6^!uT20E+;dMbv^k%?9Y#~;wy|6>(oC)TQRj$nvoNr z0l++`CJuOW4D!lSE6i0cdp#g;LcP55VIM3na-;<&rk){_O3}~i=qKPczFo-*U>FkK zhh4|@{nir2CuWMNzvz#Qw9smbgqH$1qmn5;tODQ*z)ciWFK@|?r*@qH9O<&L*Zw5M zRG%E!pIsTqj5=h3d;_$DMzu<6*wNMh!l@}k{z+m1Qk=BHBp>uQP$#R6GWm!6O2r{U++v8b!w?sGa?hii7Gj_tT07A{OWd2Q#08%yhIj`B z8F$reg*W-!I>C4|Bf2%H(fj;j5hj97@IzF4fP2#YYZhnu@Blni`0r1r9tx3(ma;s1 z4KObCq8;Lv$|T~JJ0r1(&c(y@a}X%VKP;t!4MUH%nf_0#l|kGfK>B(cD|Rx2ET&jX zgRqpAS#mm=L^3u^T-X~x9CV-;`!F_a3bpwh@m5+I#HE*sD?9;j*MxOAyI%<-llfpX z8{|L$cH5oET`H3_;RkNf3`ULUkHjEk)hdDpt+U zxTuO?_zqQSVpE6~P&AN18{ny`t8ym!x2a7;#bGE~d!3dWU^}e|SQ=y;omWRD=KkUS zL8#$+Ow%Y!h5ES~fYJEYIoX$`wlSNXm8(YZOT1)v?QO<5(FQ0K$JG%bnO3AaT+7*y zMaaP-^_M6BYtzOL1gUolI7*8_H*^? zn$&Z39h1mUrMUS6AX2Ku3Z$wQ(H0B2pF!$qIg^Ouf8nC$ee4r+E^Snb7C)fE6!Wr5 zo2V>^TqC7+)l8ppLCU|%Rz~!tUNcUn)OW|X6FQ@M!8VnS++n3U`?68G551pe(UU&u zHLtL=n4tNFk=YhP`Sf24u<+I&XjGl^8i2x)>WL(ru;t`+ilRoq zciQV%@b@8>>y3c4?ct3`3~YT9-BJT06xt;wBt>ogOy46kj`}uq=mOu zOox{MqT!gDI$*q_;q2$V@eO=Pg~R>k=JE}ge3o_BE@Z2@KbZw)R|P4gHB8a>pyB*8 z(cZp7j=B;UX;4Zvy(kM0G}^oxYD&3k9=sAixY0wx?=V0xwV4Pii)1N9o`6{N&a5vh z(9-EQmvsRxE_*gh5?B}kE@?+rq|~9Jt3RB|V*3^09Z>a|c#d>Sl>i%L*|m`_Q9|Sy z`cpf4#!VzQohO1&K_GbN1UW43(@+d$p#&f(vfkb2+$k;S@Rxq!7ZtvkqTR9+|?>l z{5sj(CT|{B{YYkD1s>lpg*R`$RmaFgQUc4g01daP=jq$V>*$FFlIFoqxEeBC!;z{kc95dt zgdrCesq?ED?#(1PJZ5Cm{XKvxO?^SZsG7St{k;cLW#mbJpQ z@aiJ)Sh)jSVXFG;DrJGz81xpQia?8?HR-etVzEE`TEN8>QdtR6U+B|tn2f~WSF|K# z1-uwBZ$&f=JL#3=RG2$ixTU+9N0tFe0elM!ZW}S;)lDLsvHcmQ<`U*AkX^W3qwSMl zXU-09Kn&MZ0}}LV*(o_38O;V<4vq7=(%RBV2-&U(X%2xL4tj%Lg(I3yO>esZyN0wV zi#>W=>iLcAXCYYHmBUpNcyY*BO-Wc40jeK`fe2?60`#{uQa`kqD?_XmW&@7L+ujQ_ zIN}y)sbl1*9hWD4K=bK^b4(B|p#Mm2KLaGC*nOtdoxqqU+6-IKM107Bs7 z9%OJPF9b$=m7=aQ$Dd5AF^{)gJw^fxsUE*Ch2AdkY$v_R$?fM<&nnCDQUpM&gh&)T z74#m`!!N{KUcy`}+ewL1l2sdqk)tb6k_XXc0Q^yy#{rtz^CZgv&k*Qx8q?OvTC7s# z1M@0$>7yFeVf}!@1zC6CdyNLU_gRR)cjNbP6tKkiz0n+SPfuFkM_ zQWi7TCs{RjCs`Zl?VLa(sk8uht>WC1&)})s@RgjNTofB4WfB{2tqAUN8>5$ZAa5RW z?i-acq;!S&t%wg(}5u3|We@K2;#YN~~*LL-pEaP&;8@ z8tSiqJjiz-XjFABDBeR@ptKC3qYWdBpPw#8Cm)-j|7?pJlCv5{Nz^j6Dn(op=Gf|= zAs6WKgD@fR>G}3%OKyz3xwXmhZ zb^M8KNS~ky*FJjNj{Y;etjrnx(1MgB#mc28k<+VIZR?Uj57nlWm|6A|COpDc*GaDG zgh|C(0w~J(%_O0gI$$|M2aeRwG|+cx0jfO}4}_Ni7=iFI&?WZ8H4fepL=jN5N2<;=JW#E_5()J8X zEp0~OGq-g2@-AetPa2Zqv+tQKIFsZaHRDry;(e)wGkQp~XCR1((V1oAJA!Cc6T;9ayB6KL1WU zvBeA2T|o1~*cMhhDZO7u_zh}02{W(MWCyRe%w?f+mKm1m*NT>ZRJrrRCB2?Gl;S*~k!S8n=tR}!wZf8BfkdZn!H-Si`(NX0jJcvZDdn@WZi+hJI2R$l^p63L;Ndpx;zo>Og2W=%Kx zrH`Po^FBQZAOAO(ioK-?ft-%%zF%IZIIn@d2ycbHP-YoDADiaqd~RqC)>-8LFVwwd zRGZ(|HV9Op6nCdM!HT;(!QG)qQi8i%akm6_2` zS1$23F-~7FOP4abV(i+N1ncHn@7RcnfhB(YIJ`d%+N8|qV%e3S#WP@0(rEgaBe!ay zY!rf%tP3zeCY{Jkp~_AZR1w_*u^uW4B+sCwj9)!bX55Elv!eeB zKo$?Q_$AwuAu7eqi#jjz{wi$D#F%aNi;b>+lJM@w{bbJZMc{A%fT%?yPfp}pkO0aF z3=Y>L7@uSS3Y6r#dv#cSnxj0=xNslwE9J50hcOW2@n+cM5PmwN-?LjcdM~1$qx4uP zB<-`*=L5uq7rj8@U8rRQX&kk(oPVEjS;TnN=ox?^asm)ZRMV^UR3Y?PrgpHjJGFhZ ziO#Qbx*P`HH{K>37(7^Q#tj6zi6l%d!jHi7b;4ijS{S>B>xQFpu8kj2=nr$V5kNjg zGeEX4ezax*747L1*7FRWhzJm=_Njd!lK>f@vtdt%Se4j4cBe<+i8S8oK^mo+FE%+D|2ynpFd_WvFvuC{WA6sQrRPJ zs>HFI`JjX(lv=OOUHP|Bz}Gj~57G}H9`12BjHL(?^`{gW92UPvUBA z^qBj?%(OtF?v`9hBQ>9OY?Ywn_QapLk2_$Oi*Ps67IF@%)ANK3ozutl!Px^7exCEx z8QL?^pW9^t*autG5}X4L7Pg}4<`wt`_X^0_E4z5wJ>>=9u&1)6c&u zx!>RA59xr^#U#RH(^ud@Y20DU!@3Uole&c$jikORxj$+k2MD~`fby&dvK}(p_s46G zTq)hvPju~R;>*8wIX81A)K$w!LCxlTdXe1|pmu4m*-8RxJ|OC*?f;l3Zv6$1+=+@C zehK{S=z3r45*P)Y^kSjZv8olq*$BEi=eikn+9?&s3_!qc_v!8ZD!iR*=lWS4L`t6c z+m3oz)}P|R;tB5;clt`sBO|xdO7tuTBa$DIxEVp2Va<7gknhINGTakQlqW$-rLNs7MgxujOz`4nB|R||>_<9s zkh197uj_(pqAT&r!2OOx=?%6uMRYo7Ep3e7q2WY===R_Y9VV^ymVP9l{;41sHpvaA zKyvoH4ze+K5_r?$rQ<~4PiQ0Fmi75gYOtP*cKa1pW%la!7rT>$$Mio)I8izt!GRz zdnvqKrdhy1j}F6>@t_7PeA0wUOgym^v-lh#sMkHo`dELNrIz|unVxBCQ+tinQdghR zR#UNTiulQe?}jgsS9W><(cjDvVECxu#uiY2F>KKzlyR%d1gu!GUb$`^5?_@!fHCyh{ZAn@8Lxoi5R2Qf5h|772&6RjNx)<4TzJ4?tsSv0_Q#jI9)`_}g&>kKvj8 zwg#{GTgMkM2oNC62|;k?W26TQA6iS(QgguD!UH?7wYU7knS~LQ`gbD&(%mJoMLCF& z>(cHd{|UX7=@a&F?r36-)$Ql?pc8{9Zn~|*HSEjuc3Ahs;WigEaAI>Cm+t6^&(WV2 zu~8SII|XDmkdfk$zp5=D-oIEECoDbab%21oT^0I+^!trIbpfI;PrrlVsYd*KVWNU| z6`XR+)-lQ}Mpd3ZIv1_lDO(~QQ>dRK0tsrNTSp)@-Y_8YmeQ^VvRRJi%*&H)YrE|o z84h(}nG9NJh7C+4{Ht|3)*kfX^!qPA(^#ha}{#rc+n^WbWY9p`X?VuC!I z=Z}^gdIuIvfd?XV{vug#_4l#f_QUa8$mC<@PtR~~to;^9c^;>CD!CD0>;1IKr?Wld zq{b6Ycf|nZ53=upGY3`vV&DI-Ib-arRnR0U&7`=`&^KHk z%eS)nF4TVMGLvX6xG4oOPfC1RK>$a#jjS>B#AMv^{hUVR$c>?2BX`yIMi%QItsN!) z$^hI;x3kDw<@GUhu-j$EXb;%wGAjAUA0)C?aoixpdkA;gZ#BEy$ZvR7#|!7tK~?IV z%~{YfR%Ml{0FDM`KL->FfBHzH+Eh%cTV)|j zJx68cH<}J<-XmGWmkE}-qX7QQ2_XMv(ZY4bY=8?7AAe@WX((^9b!*S5hy4tebzCef zmjoBL7CSgbV*}GxX@wd!!^5+a$N~oNJuTRzocxuipR|Tv5v@`$#JCrsoK%qtddP7x z(aq z=igc1EmE67fb11Xm{NT3LlYI1!s6U4FYo29W0dD`y9^mjeGA37ngfBy85;3qx5>2B zW{JBS*`?)$+ZlWbz0K`tAyg2fi3{vY1(A)@8m1x_E9YDSigXT~gK&w|>MSvk2lH-X zSnrzr$tEQa<#3g~$~H*mG`g<7>U$BBD57ZvDO!ja#HhE6)}Ry1E54kbWUB>grQ$_5 z&3fH3tn)xl9X&Y_&l3O3GLkXxu4ppsK_@^H%Bb(gqr#!K2%iUtcd)wAThBY?`Z{0( zB(B!@qi>MsNa+AoJ0%C56^L2`82%Y~ob`;~+#F^L?D0zhJTDmQ|HN-}5?hLsg@;1P zz68D~RWnGT8qTy#IN6&S3Rc{S0K2ar@UDK=LYi7lLy`rc`fjt@9P}l-7C=_1pOh2z zFl|44e11}40vJ7QaS6-+f;SPCC#Cu{VF|sVOe4ytuS3`@e+>ek>b&N(fg^Z*!H(ER z?y$W%wX_eIG+9Rk6?OcFXRm}xv$TUzHGaCAYAU9Velv9D&N3EO;uD`6P`js|?1h!< zGVUPi*Nw@3I>btlETxodWxZh5y-|yDG}wYBeA3J{dL5%qDEhsJS3V5mjTk5M*RcH8 z%_b!$GzY{54}*BaT0W(ZsRgWS?yr&^9qnCA{rZ+^Mp4&|RjWfGU5^-$xjjpi<=C?RO7MdAeDE zdp9mCtacJ}jb`-DzT`2smOm|xT*me}`dl2embosBr^S5*0?Rjza^@r`qvX%^Suk=L zn6hx4Q;jq@^b^gMWAWF66gA3e zd0a`sU?T$;Lzh?HbQuV*MB7P4L_)M=qDS2%&-gEe4?-ADLwn^r*z|1%npuTa-I zu%~zr$o}E`q=;RV*`rXm7ySS5(5wBu!(2a{?vwcSkAxo&)3YLT7ZQpW>RrG8fBcns z*KeAy`&sqs=*{0r?)4D#d6XAVE&WZ^gPRD4AjmXm^{t8HGYC~V`BMO#Qoe{yd_}&v z;4&(IdT~J{H?RBanhl!Mxa&5t3ZGfV`PmH9i`c#h!{+yb1zE?zQ*I(Ut2J59!1p3q zMeKT$76%SSljWry4~GA`bN%Q@?<7ySb2T$>Gtb)s#vRY067e0~Y8Hz0F|3xgqOE2! zdrnycNV8y#5@D=zsymZu?wYEyVADyXyXHaK%w2zWZeMDrI=$SLllz;DrXQU(Oz1Vw zWvCK+T<5gT*~K+fXB0Ax&73#RL#kW5^(A;&jC6fU$-gcT8^uZuh1;P=!nvVQ{rhbY zn?M(i;DV3oy-l0~{o>_*6B=fgOO_(){OEcqshBU>cvo}uQ$A?Fc&#KI0njK6hK0b% zgUKw%Yii(Daxrp96$?b2xT`)Nk9E*>$OI^hn8cgSo)(>EP7q{eb5Rm)aU9aO-TkCeKl$Z_NHahjK5paWwtmHFlm{y zYf84Z{cVw`u=(2KyPjcJXh|O)%p%#>h8w{*x}vky}8h%fWh{yGzwMWl8>G z*(Tb3;RV-&+@5hj->0Kqxq>DJakcymy;*02BdM!I+srBJ2k*M&hlP-vV5OepddvX$(v>j~byj8^E)l0KF<()iBlA9n%mQ zC~isuJr?sm09*CeeSk_|Srr^jGkjXeNNN@gpOvETgUK=_d09Xf(w``+*Gp=(a+@mP zEo+cW4GLT2IDasry?Zn0ZrHtwxg7g$WfP>rsLzh1rJ6U2GOBdf&myQ3kSl&oDsVda zgxe1`$WIHnxLosL(XZN<^y&No5Z8!1_p1l1@$pJj8wD|k#7lm_9ILl9lWWSoI z9+z%Aj@xJFuS(1Kd!ulcpG-f(Yp`FnBh2*QrmsD~RfZMoGLz)2QsrScnx}@z+j@D+ zOt=)sp0Hxok5s^zp6@&6hk07zVS9XWKcNg3!zjk^rdvr z4(6!lFS#ZVJv`49yX85oVV0~=YtyJgS9Ufl7;Ii#og9}y@-mj{WaObC3oYJH)8 zYrF9@$34-rSk1Ia1S$g^5LT2)w*pc6rbNTmeSM1@XM>;ST_pIpBn#BJ&TtWt3PgL^ z1}q;!gPzfp4k?K-Kf965bY5`KtvnU*0}!wfuAjQAer)}N)UO;|wa})wGaH7XQ!GXF zQX9&0C395Q&4MX4x2mZOR2N!TSed){m$OUR&cgdlDHatl8g4sX+I@>I9Wv`)GVjPP z2l*PaiwTfVmA(+6+r>Xwr_Vwz8488%^>^jm+g${gFtanEK(E?EI;%9W#b^$%ZC%RV zqAON&ZaLUEG=~GMwU}eCZO}x5ipLrM3jPGe!z@b$tNh>_1bo;NSt~J=+w!zKKf&Ky zg4b;XtkS`dba21k$6|DMbl2yrd2ndI2_j$kA~UTf?CUiwF>0oKH+ods}6LY zIITZ-#J~awONDnFhmcD)!6{KNYE?MK$Dp8BcDs~M&GH`WgB_^>)NTQ%FY#_!@D{rJ zYZ^S`ao-BBx>=9ISrt+$|LwMpiD=&9cc$=*JSIbXCZ1>uS5{*C9f2=d^*+2PF*4$s zq@O8`6xB793qDN2ft-Y~tT?a;5Rj{ipk><|m=g{^rpjxKp#^GiHv_&9G#izj_glkZ ztCSinRV5$Xy(SVb>YkQ2$qb1z@Lb`h3GfwAunl0Jb(2s?Dd{4GocHH2=)K>twr-VU znLz|&CLd()MOoRtvuaZp>TSqJErJNUCz77DNnf!*I*R0J-T^J{V`)m)CJwUK;a1(& zK>a%f@e4A+0Mce&YbkQT;;|TG^{QkD=2hB&o8F&d`*8ml6SoolAyD^XZ-A4gYHTwr? zmlV##92~R{{?vpMUEQRGgXu@gIHR9q8M2KZXcrVFTdb&v#g06pTchBzXs4shz)tU{ z-px?5hGd|2dk38LqV}Bjf}NM^3xuCW-=TPgBman(H3`^Vzyub2nG}-qLF@?>KyzAs z>>vyWXVr!9=AY>8ta>01FS1pz^hRZ;s1FtD%K1aRAL+USnmRiy0bFZ-5YCHy3+V)_50ALgiWQg82I&N^hj^S9BL+d!` zfU?3>l`()qea$NcM(=};uFF#QvT4%w4 zR>SDW0WSvn#e6B~zf_9bBo|%%bg!REE+U?VshNtC$CYN@L8&w}3Stm%%Bxw2Ek*Fe zNSsAW`}48O{EFkcX?h|Y++0oER<}*O&;NtOWG8UYdMnFwfbF^W-Jox)JLVa(5}#5R zN^%sUWUbH$Sv0fXBlHIj~Ci z6EYYTn3F5;(N3sg{BD)$&AvLbm23G+qI^QuG^@)lbV!9iNdGYoTopv;@I)vcQJY4; z=3g$npw}Uf3ahCmH**QkA&NJZ$16R+8GpjZs*FLceGTP_k9oJMtD77064F7888K7X zvMw!oRQWtAPc7%1eiPoB7&09X@CSv@bG?h}_3tmr0UID(?7TStiiXS?i_R=y5X( zA!NkAvD^)j@xiwQJH`M6;lj^_$E6$DDNbYz$;5OcL1idm(2*dIvnta!BJ7-N--L~I zEj)a%C%y5`DoeZW3*FrKrd06Ginw}Ytv4G5Ze;~T)b_cTH~sfE&P$X(KK7I5A=HLU z47>w^W15)*LGq^2)m)}ARCNHf>r#yKeR-Ma;A_Pcl=&zp<2HNL@(6dJx7553bmlhG zG;>I@9UpoAI7d1^(NOyMv0hP6ZPbl)Bu(DsM%Puoz~bm`DbK9|lBHb5tss^|cerg!pM==TN$ij*;+| z@WdQP>psJ~sMMr14}7ea0~cHSdB$U{dWSx>&pv9U9p$L{qj&#!SbH&Q^@^53H|f^k zGcN>G**tE1ZQ!gqbKvasfy3V~7U-?)@}0-0nsej<;&^Hw-`!w5*vfz4M58N_JgvAP zS9na)3up?7mVYQ}yWsd)<>DZmv};GCllo4UaCEAj8M*}!>g6}18SS1vtx_eb2HQhk zc3D+5sp*^!H(EM1@OY|1Y@5zZ^M4mF-}NSEPZ+^pa5baJ^UDbkgd<8Z2>^m5+U>$t zA4i||EoX)KqmgT=V^Ig`^6(L82 zTwS!8HK93zZ67phiUgo3F>1|(&(6a-VF!MU`Rh&0(58NkurN672Rh`dK!lfa_eMMh zj8Oh5&%TxZzdua1A{pk2`@ek=l_2}yI7@H_czOH3b2~0Crhoi;EX_}`(^06X{-*Bc z<8!THi&pwkgrf)lj0&nVA`lh%LMqODhu~}ru`6~|>c4+USsD!eaJVIK0`$zdoxk5X zr>+O<9C%I^TM(iMG}@4PJ#6~Zw-gjq^^ti$KijHK#I1r(-irm%qcSw^NcAoS2U_f> z3h#`vd_Y5IkZaHm!WMQ$Ye>B5i{`4JK=Hh7Hp%;kph67(KtXh86h`tv_&&O?g3EV= zFs+Kr^LEj@|MVl+4%6)o_IsqMDfstyi$?uv*{Mf#OJ%clQs{b`#w1 zjUKrqg(W`b<*T*crNNlJYlQX~MIJ?sRzUJ5(h&u?TyRxVJB=xrW5TeS!hAo+(W)Z0 zV17lhj^cTV8r*U`V6#}>00Yb?aLGr#hDa$2;*Kr+hZ;=DrKU}p6${@DoN9TdtZyis z9_il(kf!SC*(tv@@j=?cMw#Yq`;}3OGZm|=jYw!1N6R)a2foT&>^q(iZcX9`V zO(p;@XXQg1sAN=|cJ#brYRN`K>1oq+6JodU$No!uENPu0yyTMJ(L0j&=B6tf&#Z|} zgzlE!y6juEgDnbl3oZAtGPLxr8sZWXziZz0y1>JW4YnhZyh*JJ#uEqMnc~^b%JRthOSyqCqnq8Rz})I%hz5xG?8RR*BG zkR+Cb!XZi2M(C$PHG_!XF zH&MP61*}MXa(eoP#r<&yE4eQL>5_Xu{#_s)N^@xKw{*fyel{w?zZs9P=D@Lhf9?2b z#U2u;Nz|2I%r4}uSV#0@;iB>MlJEMp7(|O9_b-WOlL(-4?=)PL_749$w(<$!+j_A3 zMwfZc8)envdT@D@^FW;Fs(FuIBiKT3L`jv<&dCf z-1XX@E5I*f3l+)J+16oxRVkc!(GP)Kkz>WjoHE!=Ixx%y)J5mh+i)fb)$rl^?-1>O zjLqt$L2bfz(K6C?OPKZF)3b{Q?_jmD`p7#ml@VhP^9nr{678GI9Nk3*BmRhMOcR5r zm~?h|0ADFO#g`BwO!r|?yatoXksi(lPkepH9qm`PfmQ=FyvrKoe z4%&Nz@uFFJxI6PNjF*4%el~iUpzx{iA{Q z-$B{C?#IDh1>HNCn#`NHA|Au4U|_k=2nV45*!fwo=(D;un}`%WUz)@8VHdggO9tJM zZhbKgMY&c|!Rf~@ks-B=gzB@1WEl`1GxfOt`?|C!pp*7j8n zeR4w0=E2g2Hy86Q}0QpQs?{j^D&7cS*+6yGx02?bj@7kAj1(9 zwgMa`OGy6g26aPASC|$&4d+QgPJjQ5zrI`CX6A){&5#+q^2&?SGoAa3IhI+qzvz>%e&rqhzEG4eI5M(!U{LLpMTuTQv5;0VYZV}R zQ3QF;0$R{Fj(97uWtqweX^%6ZNk7x1(6tXv@pI{=A_-x|;@uHw-#GilK%K)liA=(X z41ZHWl8d8LbJ{QP*~lNiC~2Uo9Z0@CU6z!mjxhQVqe*fm=m!Sq+sbS{nLSYrT&ZTxDfJ3wLJRS_y}lKQ@!XtG zPEhW=B-8Og^K^W7vFMBR<++vOh#Y6kY<)bPulp>YqY20Q3dQ$HB<)H*+n6t=l)5p) z#CBYhWQA<(rVI5R{`4af_JYp_N_`_%@ntGgKYR+o(^@|4=86>P+;!%SF~FRY{O}q3 z-|9tC5EYcu#%59&qZW#8Yk9N+0_Rga=?x^lT0UaQ$(dniW3MaI39|LJ_R;=5*xvMg zwT2Q$1^`KiK$MLtkDIeEBDq7mfGZZLed;#s2|HQrlUew4y$MJ+Qz|NgWT1Lo=3c`p z*Rw4CN#{e+ORi9Jd$+z>I(1Ro(zb(x7;{twUiYJzc}E+@m+>E&otB7k(N~NM95xIK12~_L0iwOPqGWS(plvG*Q-<8-$b&nFIG1 zB@p6PlQcC8pB2028frWi#RuLU2N(V=4MCu&&?Wt6F(o;(NcU>#FiXv0?Y)n8qZ48) z-fpa#8EBz7YO3k`y(aS0?@bw#;>)=ww$Zu2*( zNQ)c-yX15>3nXTAuM6T0`tIsaVJ@wLD~tN{Kk8VvZI8@ht!{!YxV zaO?oA?d+OyO~U69RyNl4K)Z0>{zTixH2`G&gM=_xGDar3OfXF4+~r2lkWRnFP^L>U zo*WTpv_-8=0*3{Mc%uqLFY!?&*9bx{;+zg*KOQ79seTV!UZ{OBXpZ$s`3n*y=id>@ zONUF%kS-1xNSv)t3C!j?Q`rBo-A0%NpZ=PlDOecIVG)|TCAJQ~>1NlBF=~fZK{}le z3wE)cmT(tYV;_F-fnRax=zLy+q@aD)dG5W~Fz*K0E>%?jH@$N8Y6Tqq4YCix!j{(w zZQWN^m8>o+?TxagmAA8WSwg#6LemY{KMjTn&LfGv6cFow6rG3#8WpSfDfGiadyf6Q zx6%^w@U(m_p-G{J(88Ccn;OhM2T4FiTKz{{%wYeWvz%j0vGyl|q z>|^Nfvs%91f}0WXt%deV&N&y{VtZ<9%4ZuWti^c%cWvZ2`vv0c3Lx5?VrP6f zpR`X3>RO2+@b&DR4?of*js5lNT-Ce6Buqe^Y6Dpn(zuROe$Hy> z0SLF+!k;I2mt>V15IR2 z)3_MDkM?+k*iA1+?%nlKY?Iuw4NhoOI(i7@cN5jkDGyD(OlIw z4lcQtbYpS7=W@-v;a`ZdR`f$_QNDOH{P!<~vrROmXU|);O{p}AW`+Ch28nQ%924LW zFbu?AZERB8n+UzxF2%2D#xjT7KwQZXlFM6G1uq{1+bh~n#XF3%V#0)T(ld*Zy) zOSfTU;fhVH+I*Qlw8RJ~ISOO`Zu~+cd2$U4=_({VJ_5<7YX^DYwe*X$PzZ?@$`?n$ zcxR%}nO=mq;QQBGpr>M>;N#oCYVs!}c(BUWYt#F+K-SV*fM|D4j;!VE=0thb4|tCO zA?NLbWAa9IZM3QO^PR<>pTx`pit61>OBo3d%33LqSH^(E389s2q5?UqvILyO;O5FL z_D0WS#MnLKO;FnZV+-wQ4(z{l`q~B8&e&`(xBZ}8tjddzgluL5e-#gjiR#DtB$8iZ zR!$AG?ZhRX&vm(z?`wNYEC(s2(uZB>I|{zA-`aoG?QK zb!{rscl<9adc&OeH@{~AN7^0=PL{|jP>TRIzQyR9aqnt$LrqwV1l!~QgbglnZ7~r6F0?As(UkEk=-1Ct&r(4p*WFzsBxbYBTlwz- z{LZ|+_p($cXydtjUis2#?9Q#gMkPlVTIVKewp*3!C1fw|ja_U@Z%49cRL8l+%aHE` z#MeW@G{rTxzixJe^`;Co>J7So*ob@>jwgI3Jq$S0{g1H0#!H}5{5F9w@rRa&p_Sj3 z45|$mNVMvW6h8LFhVwhx#%mTaTYl?cjpvhF8e)q|JFK`t+)}g&Zdru6;3O4W*f8l} zw}jGmgYd-6{(53pv{G-r8`3}huw8#<&Wpa$fc&esG^573|0BfTg3O9+7*|#FyAkfo zlTY;xw`-Id&M_MXO^^l#e(klLRgxNBKBr~j;a(s7zUZ^WRv?=A`?COAoU-9;ORz*@MXExSm{bP5~}1boM4zHUdM3Kh_Tt%Bv|` zhhF@QjrSl~K{a_N{7$x4)H2C}DZ9Bu`@`XP%9>{|)qfb9p+tL-PtcV#a&I=X#YEEp zS;wIEqh;;h5e&Jc#qzt%wEGLa>vrX0Y0j&VFUs;om~T;M>kkaBV* z?bDlp9gZ>VL@7>*)(L&nu%YWlrWq9{CNQ2)zls+|NqB&j`!6|+(~nf?`_$iGD%^oN z^3r~?yyz+z^Pk5je}rpZ8~(OJ$c0bQiZN89OlEFBV)xhGrrn2DxIz!nN8FOq%rP`#-^%}nw4T@n$lrU>xgHE zOUv{mmmYU$WTrfG>%5i!{U;ZluI=S=)#mEN91GSu3?cf#*$Wx=iUCzgJuEFh zwoWKRS`n$G)=8wOvUPPKcXb&Z-*;_vwL7N#54XxU-OabL;$MyOlU0*=w9audaz2-B zV`*b@es&hh*Hs-oy!*17un$=;BFZwzG%d&rTnI9Wg5AUXTG47)OBv0nU%6Jss#dta zrF>>DAbQx(Rz3@ZzXk;8w4Fu3)45Mqlg&=QSEdH$nQ431EXnJQHqK#9OpH!wt&Oqp z4yb3JMXW$w9Hvye(z4krW0t%+OVJr~jG zxiMSQxIslFEvo7GzuiaPO>m#9j!|!^V0e<;iX2cMtdDKliGRz3nank;u(yXa!$akS z8;d%^#p(g6t~%p)A>SO1yofdGj+1j?x{>BC>Ny|0OM-NNN@m}3rRuMID|~$#6Yet~9UWE@I3t6y=y*xEjeEwqb~1L+ zp1MwG)VTJ870hWgj!m;<#F+R(ulz9bkbBWcHZI9f84tyReWONW9$^4KHbsZM2>$UQ zQ~3krphUTcwz*+`Y|dfN5{7GVnjd;+Is_t!RdSbzzFRFaQ8zg4%@Q>3&GpY`4M_6K zj?_+(_Tw|2uaHlZha&BphY?+6lK;XumIAg{kt#EM;%Ay;?B3c$7XU10q+n}Sys%blXf1BjWa$3NfEF{b+ zSw*SHKagD`QA0?^gIwB?+=nek3Z`hrHNWKHB+L4T&K8dj++lB;S$MZ;QfYB z%ULDY{akrQb8jtB6MGq?WM!C#hbLitFWLhZk-@KAIXHjZjivWlJF%F{ui?CMRwpAh zSF(Xhu1Yu|d2A}8A*V;K5CJfBGpq*N<$)UUyuMDL9wjxCd0Cdc!hZG?^GV}6qZvxl zAc_b^-iVh2#_)F;{iz)U2)b}gMgJfzMyYAuilpPOu(KJZ;VZcb@}vE(KGvhORq0wF zbgr}`b+rk zNmR~gB5u)6%F&tpKocihXH{PeAeRK)3aPlwvhmm_=G82j6$Pe=Rser8Bo#Q}l3JPi zOSV=gGfiiA`=g1feM;8%Pdc1T>Q+E@rKX}tH=zAd`ENRwv9<>&o@$#>y3d4t)>B?v z)+nhbqFAVCymagUX|pT?!EA#~C3%XlF}J$f&!8A5&kUH%ibMmqTN(E@h2HR(dD#N? z{wt*j5H%2e)uigSO0p5pNsW+wSJT0uTyJ;us&xgmz3pjA2UfEc3G~mR>X4>>8a$yP zoD!^379+bWX0K@xA%q8)@Bs~#1pMf>y%6};xu3@*_7R=~7gW5`_;RqtbTo=XQFv8^ zU&E#|j;5krpC_)31#1t1K(qeH$naDjc$<}xd+sWvL_RWww2`RZC4GRg`<7+ud&@dH zs~E2EX+Mydm%^L=j^8nS?`Q;{rKn+7*~>RIUf_q!758+JqpJ-#WsY%CgjQN}Emy{G zyFB~oY~P28?Tu3jSgz8C=?@as^0=Xc`O~@OfX5a7Z)_cFw)PN1FYfPDO263=3Hw^C z6BwgT_lJ8#_TFy$St$RPl16ooF}^2TVLY37=#IxbCUrHDz+;th5x zf?!)==xCI=%#ok_1)b0Ec-N;1;g&vi)XehnpBmuC|W35 z97r~M=li@oN{8AOj;jK(O%?^xt3Izh;4y&LgfE|sA|Cj%wL;c6x1=Dohn zMF*{;rEbn#qixGo4Zh809VC*0acye6U0Jb$u&_4DiAj8@oxfk&xTR28(A=okvX}k& za)VO`g-R?#SetFhA%UDHe%r3vYtsf*`Dex!nwG6zNXW$QF1C8 zi!eQWSEu^OSKh13nzG5dAjK{w&k$zh%b2;Kh}0UP3ukZo74I^Yiq6jpWO6{xy{H<= zCqA%0S;cUzU#Y3vJyt$Uka4jja+`9ENc%4)<(1zq5d_*hkz{Kwmse)GNSK@n?*^V= zo*8oTv`e}zJBk#~Vg2|(c?!RqB0&H;xA-4t^f2+w7+h#=W;CMmKb%p8Qm>SKseO;H z*d8Wwz$P`V%$~%>g0s3VwB(M$fm5a6@9i>9FfpL$14k@|P@+Fb;G%BdisNdAQe$OR zdQE1@0xE7}J3{I36rtk!lB|h(V?77_AobB`L8;JH)ExUoL@T?_Oh3F%66Zb|S%Xg22ZY}ervx&& z=9(e6>)dwC^Lj;A-lZA$Eq{;%i{~zI%USZi?bIyTS9<|a=Y{6f{hhKQiPdgb2^XTX z;x#WcdvXJe@t!-y4P={?>3HS#h*|eeBKqSzmaCm`U_M2;wRaG;ImOK>&fHqGP0-5# ze1nUkI=+`2(^X&MPw>&npL;cpG>A+h1b)JgjGs~GnS4WMjn5u1#sh7`#IG^h=2V&K zi3zp5E&lOCu80{M0&uEz`g%`85Xld_brM9*kuTO#pIhRPWx~s6F?nJYShT*rR{4w^ zh#7@Iq8`Eq*t$wI^4R=A8ci>28gWhXG4l&na7%)SyN<@t)z2I>6GF5>5?3?tjVv~iMue>isZyK z1dZX!1}9%TuJ;R!y;`;Em{u;%7NqNu?iz%W&pt$Eww=3jR81M+t~dAwAgVpzvL%H0 z?(SwgP1sA-YWU6YCLHnK-?UlzE3JA95Y!y&6gkDVX^v6^>>EIuQUMB*(E^|b_nFa3 zhoOVh(z#x5D{FyN7V8T|b|C^c++c2D3W?q}0M^=hkeMJ+)o!}|mHtPR*8 zouS8s)>iY&HEW;Dp#7Vsz4`UNhKWwvN|Tq|og7VOnZ~LrIBd_%V|f=y+fxO1=bN)Y zgm3%`CMP?ytbM0>=^8*xdxnNZU`Ehsi|;!eTMYhz_N9ZIPu#QLTDHmQ>e(cign-dL zE!VbmSv=PX%S!xONR==TWK2Xcwg|MbG|JT_7END0n)*FG_eo5;4|^vs(qyO^!|ic& zlCi5A*m!q;lR%3`i`!?3fPCsbkU4}^xhklE+~FttXu4p^DdSwsw=kga`jmR6Id1!6 zqi2isLFooYL!6EUi?3dwo}q!tCk~mwHsF_n5@sFdcNQ&qQzG0Kc&1^-E~Ys2<8F97 z*1BwJeA!wpQkgkkyc;&Wsg#m3kj(Vl(QnQ(Sd;Y@sAa?W2!EJ1$2NO)RmC7J-DBT> za1mKsF`^=}Dk>fP{)KQ=TioPltf1t)R<@F=}G?dPE!iix&`9#dcbwzEs zxX1pkTru`4ZscObJ=@36gsWRqMBSm5If7F2Kq`JOtnUvJ+t4g4l?w`s5roRENThi7 z><5%`iJ9If9&ts0A2aRaeM>v#d9#E2&@8jK3!}vL>3#7N)pVuEka#2I$kd?HH zwNxC3=dIhh$^-+seNR&uKeViB<5d}f$sMF&&BjMl%>D|{hA9;Xd>%XtC7p&z_L5`qHZzs6(}O%$ z4=0+p@%tT!HaFSLyv-e48eubsmr6gx$-OU3%R*Z)vKmb0gR_gl;DAny;=FoRj?_b~ zIVDN+RH-&(CvtI|toTD%0_W*ze{i zia@CTP#Y)3Z_&|5IM0uevBOKpLv6l=2h9cLai8mZ8)xv?rb~&V;1~FbX$r#=jyOWD z?PgQ5&l5vQ^+3%MEMsfF4sY}o$nttjgkh6BqUKW43|ahX+k&q-`zd$1o10k6NygrS zq)BCW6;BP*1q+b7Ro!LlN2eGaZ8i6L@~u~uWv~Q<;4?|CIjiUmR_F%KvxUvLu8BX3 z7~v!tcFZa&{91EtMQu{RF8lK&xB+|A`JlHr+U zxtGxnzc2o@M9dlFtw31VJm1?Y!m?SSOF75N^hM$1nUL`DAEXJz_$y<>#oe&s@6l4t zTwSN`)LBWihuSBxX>_<0HY1*uMw(4S*Q(emaw6>co4EeF&mQ~8kM4pt6P~25rMNbA zeqaEbnNtBxCC1J%8g^lY_3~fXN}P*RRG!A&1VmpL^Sf2xUflT2*Y*(w;#n^)kDX_@(UwXDO#8O#M|ahW(YD)#u{ zy8c?*JqrfFt6CL|eMHXqRJca@t~A#L#$A1F7+qboWoEszib_C@JFZI5&Xr8C5t%e+ zA=i9obc9bzD{tziT{m4b&&qG#l&#yO7F+lu)#yzNYn?wGEr@7;iGMJ*<*P-#u2!f& zDzB>I=a$FEy#Y|kI6T}$ts@>c8U8-yWSV2J$3?Z0g~!KC37-^mP!}8Qmf3u)qxg9* zT4hlo-CIRPoOH5Kr|*qy=j7O{mDf7i_O!F7b~rbxw>-3|YHCcp&8_TN%1VN%WU@^~ zZaE=2j8=T>8o z{~(E~SKLr~(WwjNWAkPkrXD?)ZcvkUSPA9&7We8S2AqqOg71QX*i4tX5?&uvmi zGl{eXQc}M8+FGz3tiAE3%OeRi(@`4>pM?};D^H%Nh|yizO1@=QE#pFVw%6S1!}F01Dsto&q8JKZ{j({3_ov?WgoV|dqUb7A40qPYnkS$$J#MB#$v zUx&)fSv9-cGKecYa3Tg26>G*`_2Ut+24K)uw2_fny=p^i7o_B@YVGYW2TZ;mu*TEk ztj3Z5Ke&49s3!YAZk$d*VuMLZ!{~02?vBx&qerKL^a$xj$nzBdb9$9OLW+qnKHD5sP0F3a?k5*;yx34pWuZx zyj`zUreR9`4h$gmS<2a20~8kR>|_$6Al@i+I6qu%4wz36&DZN0EJ;26HeA=BBEFcq zJkqY9tS*6>EU;0?rGX(MuwOsT+x@8}Ba06WKVP}6<#>z5)_0Z~1dY>$o8=XFOD&Yt z8YPW^g1?{v)170V)C10u7w-0aJV0qTldoRPAf3r%dq<& z(|(F7%)q6%_EmOV8X!1jm!h!Rl}Sn&Y^q(?cbO#hiIpT+LHQ6q#=jdo2TbAi5$Fy6 zS!&^*fHpj3otvE#8QOx>+$t;IDv{vjDM0(JekeSvpZVWXcP?KWh%87-B!zjlVh$Im|dS`lsQmV@% z2IPjZp;?Z!qIabjO*!%ma@6vH-T&tRjB&$*uxsMlMf>>NrtH7ML`NN)=;Okaa>SLY zQ1tvfP}koQu=`reJ2U@gw~pB%U$9S{73A&o>)69!78nDkSyE!ez&$)2_8F%c)WM-y zY)-)U2o~q2Oy&;H5K%bR3sk66{A_CFebi2>m#NHbyiXc-4cf0??>x?Qq*gG}M%YT@>yfr7_GepesY~%s0oJ-LOhxM?2@W zK-iDBT(gu&RyR&-De+9NcE%Vm2+GmU;7UpQNJg#O-BpAi|mocAd| zMxeWOA9E?aD67RhUu~4h+(9bwpnIYhW7i>^&F%T9RV%>REI<3@M@RW{Fiz8E51HSo z8chb6NKaWr!LRU?K$o_F0^D+}Ome$G&;T35RAWb+l{jdeqG-M@&_GR%YxlzW4$O|? zxwHcmCVt3^)1>I}>(DTobzk@ttnLouKCb2Orr>Yz?oY%00or2_U6Nm`1qcjS@>8OS zM-`ff??A-ua-wSi_CFmEQUSv?$k;tV4+%5wF6DtA2xsd>?HCGQ<%4nM({Nii9E}yo zy{J?T=Fr#}R+G$?o;${6^nb7TxjVaBatzhyIm)gr`Nw;UwJ`DlGv0xMt zfW?Cb5@UyV6XWletU|_zcMO^0 z<;Dh4pF|UtFmxI;=)tY1_tbPHMiKZ&)T`q(!!;2<9Z2&;NAgC3IL)-ZW4JXk7%Qqk z-Axkm|3+t*OCzogr%}*&1|3n`*-^g)F%I8S1`Q;0{!s_-DzXw9WrVB@Hyz`f0aKsO z*@+W?l(og=sM#OTtq1G@%_h5!0W}of;XR^H^8$Ah945O5=FNB|WA-Q!rvf{NVO;`+ zmocmc?I-|1L@;XHl5>;4g0Euf4VC-(7%6#N!f#uLSq#YOkboEPFgcXbAqKMx0en&P zh>pZgvrS)VZtrWN6Iah68g5!9kvjm2)s}J(hQQ@!2_;C<_y-(Gnl&~o882q> zeoK`UY}KaKGtLmq&f+!IE6-HR?2>|1RXPWE8u3IC3DkpRV&giUsASG9jiE6Thcd2+ zOK`HmgY6%S0^C(`d`sdI8_hk?VG>X6j64D6$AoTbn8hkz@=e@LRqTHl91*SS!fhDy zS{*l}0Qs9t{TX?k2YFw;brFjZq*N|p&<+dNeF`hP{*kSW&lkTDyv-SFa4M#R|CTlDvCsLE7i2`)<+?=EakHA{1_43AW z+`C1*NVXQG&=bRUsJ}2y!~tIkWSufX!{P`Lyan|bvC1{>MAOskm0NE&*ai$f{P0Pd z;>Jly%gL}TgX>YG7{eQmuHG>SPX>5BEGTD?z`q*V`Z)YMVRj%#KlrU5%NTuAc6TO` z<0t^@n;yZx(2I|&LSMUzavPP?tU&@N zacav>1-+W74s!Zw-+o`l+44d_mPWt`?pdw=DyDt}Of_-iG9j+7<`p6y9UVR~b#AUuN%v zM_<6o1hBa94xrQsegJvERheX2r}FNdsCHiW)wF%w-Dw3uWv1!)3Kcv;UqgAKa}19F zy96m5|wbNM*HKpfepz zP3V5EM!nTSLMWJQW!hydaQJ}??_Ih2fa1HjvRL_UAZ#iV7Tx8q9*d~vLzE- zs2#qvK(iO7Yh-m6r6}i<915m0ud*~rqUO5W3uDaic`YTf0UYC#7^lH2I3b7E;9ZL$ zalHF3+c8sSjQka{-yP3+&z$YRl9lxBxIA_rfmecvq1S5gn!p%yz2g`_2X3_a*mBDw zNT1*sc_bXL@=CW&8A^?`f4_m()=h{e5=rju{!~dA?y*0&zr_q{l-TT>G=kvzq%hxg z&fJW_&!QvT8^LdmBRy;RZpZ0D%MQL7@EegZ+EG_4FS{ih>$plF!64-1njt`h#Rx_^ z3mh@FFNSH^x<(-=7{#Psq_{jI?I#A!0&unKCKXCOKdl9bZr1WcRb7+BI3;&K`U8>_ z0qaWU@rkoUrS&%G+G7&R4z$}}Yp920_W>~Nigfi%~eWl9X-cw8BDbc*{+>LPSLJJn`8C$OYPTI5g z;-g516nS7WcO!|Ll!a=@Ur1MQxX zy~-i`vxQVw5OREpfpm!4;XLI!?nBq4D$RT3VH1A|Dm>g?%9vUz>nH50S_I|BXFW+Y z)DmB`JQ3}zfv&uhQQfWJ@>@y{q3ef&u{26g<$RtFyH1sl>YrcWhr+IvkQN4_-*iW&F`^UoUislb=x z_%et2a7K*P%l?J>YpTaoZ~o)*p+Wx_C9kE&qF)_eJ^7bE0hy7F*Hd8|gA8s>ZW3uxr(kJMj}ljE^ z+wiF3*Y1td=|vHc5ZG|lCk7!I!@BgbY~I7%Mg65r^{d7hPeuVX)M{-FSR$CUuec!cN%M9q;rEX^ zr(r;oZd^!&4}U+cb@N0#95UZb>~Cp#X?Q>Ue*cx5`dpYHK#fagHiEJZsW1~#NAez~ zzuu%ho;3BOC1}cOwp+$j0(;l+FX6dgMavAyxlY*l%?m?hSew&iQe8sDZXij1jH1Hf zNyDdn=|8j`Ky4L3v_Fv@?f~nx-L8zvmwS0>+w_47aI=bq#LDPc#py-u(U&m*O^m_C za4AxU44MFkq^0P5CEb|a9U5d%PS|((tIG&aQK5f1DcCQ9Z{%%IdZOxwMlm!ssUS%o z;wy4ImPNdad|y?jrHKw#I(`=!&x${zP`VwSX0qEo@6!g~?-oaVbnWd=pRQ6sj zuQ(RGdeONVS+Iw3tv`9H%@Y3e8SEDKb!x#xA&}hyxvBUdV^Ymg+T#LqCYG&aqO$< z#X}JhMbrR}38-?Z8|__+k#l@@&25G$YiP2)1O2olc|VhdLpZoaR;c(pS~$~*{8)~><@U2z&U(YW&2O+ z8_>TKIGui+!3N08t1tQP@}!J5fX)~`ti*FiF@-`9=v52UBw{Kix(VwVbqFdnlhHwK zuZ7~KVHXPAh7KB^fdV}2r~*rg;st{DmF$#LSR9~5&o66~Z1dOyj#2RHQx2GTbdd0kaGnzx4x%8R`RBltGZ)LSh|Dw-2W_1XH_0#fY$9O^WYa~6fr7?@h6R$Dq=U7@ zDGXkzbl$c8y6PjO)wWM4n0j4EdtUPOt74RH&5T7a=TaM5b#>}R=J%2;T8Sk5vZSmG zT)h=Y*2ap{of7U;r=_=UfA%TdjMgD_M&>Na-q)Zz>wrb#TOVQo>AI@3gTH6wK3m(Q z4K+`<(l4j2p-(=oy-^ICena-(AT;z5+X1(}$}GeB8Zbp& zYlR?ixnF2WirWHJ_9&fRIOhrZ8TsdAf26Hu>lQIu%K>xUM6p-gyD!X=@=|wv_Nxao zXp|0!_{>F`h!BoU#yvvSBkVu>x9vvNdpn~IQ!J6h=Pw(p@4mnML6mxj_CWQm{+jdr z2Rj8ObmKJ-GE3uYz?PcygnvD8LyeKlOj+vwZDDj^gUQBFOsv82-LL~zs6+VNKqy7d zib0k?gy>`=hf~+YRRVkHkfN6NJbby+flw^A@M0yVnwF4}0WNQ7HRho9Flxbj1Q6it zRk>G1NX!%+fImN7apuh&Q_xldpD%mdg9R0J*^6dj)CE@OaC3=WfyAJU;P!4s!x=czA0JRhbK&l z2~pvMFk`21^{xZ8sPZMp+eyehG7B5N(BbH}ElhDsyus+*t*;cQ(jLKJH0xa=po$`D z4HlS!>HG*RO7o4c{2asgdIhyMS6JwCatQx|TI&k=qCO^y^ba%sB*h}6T(MI?y;1Vk zNPp_*T_w1e;|?s`6^T0Aj z;m2rwLGM2pnV%$gc+i}t&Xg(>8H`Q#Yb_ZuMQhicN?G5}-GFuniylYA$?Z$@WTF+v zGK1DQ&-JG*9AX|IH=wX5I%sI&Us#+VdG%C406u*pT4z!oJcfxWT=SAXDSK z)U`x|PMoV-vJAx~-{D2bLiBSKTq#C%S6f}cy+!mSvSOu1>Nd)Jiz>+#o8AXYj&%nJ zY!OYs52+Pjct9ikhiK~=0r!E1-LxX^dKK5=8?GuwN~2--$z?uC0QBNH};#G~`!cb9sCM&?1GGrJ-JWY#vmfNJ$II<|`M zaxxCdoFNKn6})xuobos;NcXYwHC&?IodWFx^+9@{irU*`tcW<`35JNxRGj5JbsO|AgaZ{DXROVIYGqp&HqBXT47Of}o zFd3s8g+8CYw50+GX8?r;S?0^IVjXT&B-)(dYX#_m1Y#XqOU4B;-!pOW_* z*4`3yn{qzfn6|{=a2O~{qt%Oq<1#VX@+Ps#05h)nvS(?vwTac*Kdd?kTF5svCJAa+ zb)JdNb}(%5R&Zu$#HvY&k8F@0u^TQ2PF0GJGc?#g(V)@ubTzo)B*gkK_@>{LU<#}* zW0Ym}veF+IXedVEvG7d7W(rpgZ?KZu(w4LF!>q;ct3D44>z@nXZ7cl^3pCpNhdf)f zZw&_C9V>8p#ixaf{DPfrfByGaOd^i4jyMp9e7uM^hk()hcxVs!0IISz&9m9@_(?hD zNx&+NN_sb96Kx^gDNJE(!Tj@)A!dH7leG~p>wI9P4u3?cU;&g1{C6=ubUhz$77W6$ zP-Z~0A|}?Ta^38HkWA3)vAekLPctzPF+pE##%=&Fa7@xujof&;O6`d=PN!a5xIL7M zOGWbya1RNte=rY7Xv19fAJIXDl#)sTU1UQ zR#V8DR;u}XrtBAzq;plR|17HMZNwNTH)ME6#60?=ZvEpkNA?k~2Hvhzuc=DIl~i_s z@H^%Wigw(>!P$P0N`TpTp4yknkBopja6S7+ZPqQ7xhSJkcCuVv);lK65nHlC#@J1g z<)2?)@h+>dF@7x@j>>fzmId%QSHrDrBA9DN_Ykz>;lQDP!LH^wA=|(9qR!e=h>ekgLP-NRUz2rEuBMaDNNaSW2&+tPfz{#w8 zbGPX@GAF%%t~_zum^(8Y`U&v8A>FQ|%F6iEyv;AK`b#Sp?U62IC(aqKQ!%ms^n3fh zLv~uJsbQkz+d_@#St8H03URCN?Fu>NPJ}>q;V3qeu6{L%bUgiVLD&MNPSDT~%m`4ybuljwjg(^aWg284atz;? zvQr$v2!y`p z#o;BY#&{zr+D$g!VUio*W`#*YLJyMD%+%_h_MHpr@NO6-e}XFF1|1LV}l8m|Rd+lPpr{eLV@yt!ZgyKff zD8Vc)%2aRlHB6EUHWmyCT&e33&nh5D=-NqZ@&uBNRQ1iFb9oKve5A=d>0ivX)(yl- zHhj_w7jM?lku)=(!U1+`7?9oyaCxNo)VOGbRqrnTG!XXvDl%VkkBE1R?=4P3!TFHy;BKj6zVD~%(}E?dVZI@ z7A`*~rKM+(xDd-igd$0M;U^+Ucrc6*UnsAo}?9uNsNek7H26BkV~^kEz$n1ix`U7&N2^{2ivG4ya$VI_b* zZzD;1E1CB35fMz7U+r)zXrk5)uNgC6oXrNdc#|V&ESla(t2IJWb6VqG4y`P3JB;=g z%vUfh*7=56rz2?lNg!*}gRFr8z}@rsdXC%L6&DvOx+fK(uWaty4fZz$lw49S0rm_b zb5-MX)W5;;za_hnK(b^C0C`B+&YF$*XBkdzt%F!2*ie zf%4Jt4~(OVM$qT7XAjC>=rYsQ=%5Xp8zw7RFs;bI7%a)Je<)H_(-{^XxY5mW&HTBV zEc~W&i4*-!%Nw5Q0oU6iY`nhoU{Poul>?06p&~^F2P=V!uV1ZH(0FGf7NBtnuz-di z%0CD+J<){&gqCJR0`i~8YjkDNGG6^hKe^KaLLMF=AA4+*U z(u06)%2lL8C0+quD5BkvQXQ7QN@Ui9 zwYv&fdo@lL(Orjso#x?c)V$MXs6Njr#_f|DTQ;Py*sFxS&EwMK0M=2qU~7wEygEal zkSA#znvW*Ur-=)=#56SEAfP~mR$0^wq-TzcXwC2GsAHYP}5Ith4xSwkLEbLq*n`#Plh zS|uA@q3v6hI!kz6$-PwklOTDbQdS!AlGI=Wh4&x3d!k4Xb7hn2=(O2|;32sq`y?fd zM#|RD&o$XyJ5}Ek@ zV?r&RtJ!h&6L>D=8601@Za#s85!_)?K5WTWVJj$|urfjRnvKP0xRR$3<+ZrI z?+__N!;W82O(VIR=aF(v(U1#jsw8gHVp)G_TCHGx19@p`?6{ci4*1Oyn$2ST^5!Wh zud?=>+~;=en@K@iGS{94L8Ed@M1hk{g7pk~duwThr`%5vnrK(%H$U__N7<;#J%`-gZ=ZnH9#yq1E>7-Y;g4q0#++PDNL z5Y!P%mbr}(F3IZHi$Xvvi07+4Y2;$yXh9WI>zI|q*`V^+!h@4%lETlZ4Il!|z1O!8 zQK(;!HoqA*!j+q)t`aMDOX8%T?zx2uYBKRA)w_~U3m&BeMwAyJ!{7R2D(uyEkyHT{ zvMSdK^va4DFs=>n$1cBtwpft>EVP*)V@rc)-WTtVqs21mjmnTl1O9Be)$<@#TGy8! zwY8`!_4{Rlv=1@Xb*9yR2v*RK_gB5kK+hR>*E?)F|_C z>~b!C9)0=d9Qzol=Y^P0h)=5uhWu zg1cW?!mlsT1!XqR8GMJX3}0%OJ|1F9Fr`^OZMMf9RnJQ^8c6WOqm3dj+SJE>aqaLx7g3EkNTV$$>yO5zm6r`@pCeF|fQF<<7`_hZ)XFwJ@Y>p<{hr&)ksL~Yt{hdZlsknKhSg`k-T+PY!Jcx z?L3K4thiF8BE^~bokkBy&@nMsH352VP&S{(zuwU59Xi&)8SU0gj9E`qZlY8SZLOdHyHKnGZ0bbXj<+o`CI#C!HR*9wZ?OGywJBM6 z2p5Rkk=Z-~QaHp9)mbJ|CsH3wc~a+C;CA^uGS>xjHJAE{xHq_PJ@na;ghY{fpxY-2TbRK=JgjBTG^>j ztFGTxh6Xr1EJ8FQZVPZ;`;a}Iv~Q#xp`q+}w5Y>jm2eI{tyDP8Lpz+ti(>`RhTG@m z2C3^Dti8hAXUXJ6Onob@Z~=G%H@VCGev;o?QK`_RgD`Y{CidP8Q(LnbwZP&5%4aYy zMXI=#GJhNFW#dRes4@8Hhy2#zY(<@XYz*t+*_aXF^fGkMJig5{<${3DoHm&~FBr%$ zsd`j$8i~>I^AB%hL>QBwFuqj5*Tg@!=Do8xg%kg4IRSgK2E3alU;X!yGJ<*llYWvW zXzTlV=18CMf0x9_;z^`?m(FsHTMG_2pXHAunlhO-J6CUv*`Y@v?fchxt}_||6wS;q zn&xuR2=r5d#fE&4F_t^0O46zJUVMk`=)A1)CcvadRaH`e3f){tRJrqsxr*lnF?m5A zuGZO%Er35_{}K(H1_>c zUBjHLFr+I%g(eqkT7jZ?uy2+&Z$@Y!== z&3`I06#Zn2t?XG(bb3lJ=0331Wh&+LwHE9>zf8=3`6bkQE?C$FmM~8xM2A3&?PU7& zYi5ZuMio}oAsva>TY{0-lOLUFBp&t}`NZWi711?PP-wHXw`dEkWmBoW7FLa{nf_>U zbfjD8Hwmv;df&K@qM_3+orq^^EfrYHBN(`OJuR79SFRlLuK)R$6qh4QZjkYSUIh`& z>q4wL4fisleqQFDTjigE`rTZOoYK2qYDe%oRZ#7=I-5lFj#lRlxB4jZ{X#FDN@irtloOeS3!t^q z!j_FwtMvozI4#57lx)T-@1YE=(D^unZbU@9tgyilEUKD2~t zk-GwV@#;P6*8L*smj=`ae6}DDnoV1#Vby7JSDTi*D&-&NuaA`lX6bI1K<12)J23qx z6D6X}0kfmX;40<1dH;0aEwvybT@AkwcmmqN)~JCu>x~X;fA9LrMINyJTSc0|2zTJz zi(2{XK!3hT^nIQt58|WxZD#$=HQ;Ll=FVszWi=4VqyG;v+(GtkYWs-Ob-`IFB@6Lept z%#BX+R>{x3fdTJU9FV~QrvmvQwOzdNQcQd;O&tqS^fihNOK-JY4(2P{WLS@5TE!H- zLd+i-v-g#*tIxX=*ko~cGRj4UVC>gP39bM~iZ*qXSQ!Los;g)91Ib@2dE=`mYfF|# z$eUL3jYNQeq+zivG)oV%5u(wr2*;57^sxPmz%+*sHLFTb@qQKr3m9FGK+g`Bh#qC~ zjmKO!vIfZM6XoVez3dHgF8xgC*@m~O3nZNFif2S`@v*pO7RG35sU03lyDghdb+|o5 zI+4}h{)<|1FXk2aUyPTu(mycT_l{G3`dPI~M)37%ISV--qA-9$H} zv-Ytwy7;a=#hMlI%=QC~T7uzo=~MJm53AoQ*K+L3c5Z@3hh{H~OokV|1uNe8eWuRf zt~S)7)hWfE#@4bCi2k&3wT?~--@uh8ob{y^-Rys`bG*)&Q-7M}o$)E}ejF{;k2H#% z=AV3-^s9;2RzPh~g*=`aJ3}WY_`Z)}Imf8Z6_ybxU+L*LJlbBsRLeD3(qLa0BKA4$ zuLT5=9e6R!$?;xOL(vus4;a%YykT=RsEm(euKcv<$b;91aWIU#sP&N<&B-{uVALxuAr@Yxy%{(WtNAi`^vgBiTjMGD>q zNLIibf@~VhM1dNQg1Sqz(R!BivU&j8>yDmof6(j;%7t1drHIe-+pJ>3_8vQ~SATT? zi2F9?qi!|ZI>pYAMVR|`1M|o#fJMh!e>acNP?^?W;r)+v;pCO#=`oqA<1RdI)}z<(!bkONtkWhhH2I{9@iSxJ7*(Uu~eX( zy;%=<&cDu^6v0kQD$;;QJY_s#!>@r3P$|LBj9Vjpc3*!|fW+dKDwI@VuYpM!IsJyP zca4#$uH6(t-ccX$Q!eO2WU_ZVEM<>_Z{CJ;q|Zs-N!`U4X8jGcnASA{NVdH32P7w= zk&X^eR$@&iSP23KauFv2&~lLaUss9Sii;u#RAxBGgM z;-PzZCZaIR_Dr42K!m`+gVyrWsI^}}vWxMm-8i*TpO54>a)jvlqQDzvdAbMQ^?|~_ zh9==p*40jSviX@6TS3$^03@ZCv)u?9a4*0-8TekFQFE_Hn?G7L&Yb+wDom*!WvbhOZchZKDeC89P<(kefV9lYcoSK#k)a zz*!whN0E`8!L_lojm85TGR{zCoE{aK^oYHYLAVxa`8HhG55wDv-iM%$pLKythiHY+ z?x(P1onqm0zQw+3nV8_Zf4dJ8L@=ldP{GdLq2DyiZ3|MurXSX^dRynpE_7n^TEijU^e{eT1xO$rJpFlz%p z?mq%4o_)bKi6uF-_L=zpvCeYGZq~0e5wiUH3akwzkE_n6DPlto)^2HFXGqcRYq5w{ zNeB``C;Pbfmp1;U{?)&Gfgrm&U!ODn_j5S5gNFk?UMB5-IY6U%M*TX*%iyn*!Uo5D zJXcvhw6^?vh*Z8}TFKBuRy|((4$+&cH^M1E_Bgmk->AyB!!0`J>4PAEIP?QPtHEMP z46Ct*ehC(K%U7{qs<>@+a^Jq67(L86U0li6aFi$-8ho4<*se8J;6A%zQF~#B0GzZe z!|d2x3a$5`d3n%S36Bzqrb5+1{~DD@YxUSJ7J>X2CWx_|@?%{nKjY0JJ3^MXha&>D ztFzks_|t~ODs_hp z`%{mdiWl~j{9=lJQovG})l{>ZOpLEq)pwWYgo)23KaT}rXQI?{)rV($&&l(%-g=Jf z5HMC0XRq`0WEFPsiDBAw%DvG4rX>>2N;6t<^SSaN4@KqHk)_=5BU&fe%U)SsD6T_I zJ3UCmIXA1Y{f46Qu_+*Cfamn7lPND=8Hf3KMWye{ryhV9|2)_V^~gmj1W-aSfFR~` zV!w#iJ~b*m!%B;<+|Zoj`__P0a{cwyKN#+R9KFJ6&_*kEI#O*NtI8T#t~kyE(D&|E z*@jCRat0b!PzUm0z4+|3NQ(Pap2*Vvs_DeUbg9S@;wg#tR|VY0m-$^LiW!G(Rs}rF}8iH(9wD11@pv~|H!$xM6Q)xyVSM^P@jd4 zQCt1lTiXm?z1QJfZm{)_ge6?1vd3Cy?<(_+Sve&RzwgBf(5M)At@OOeW)1yNA#npQ zS5r67o+8n$4I#`9>;RO=8GN$SX7iCT~2%xGD|W z;@F?QQJ{?wTkBlaTXF#z>^r9mP$qy<6AV$Lr8$}KMOPd=eRS7(ZK2(|KU9P>-QZu3 z+59YhNPkn5r_>X=2#Xx;*YngVd}Tz$eMSpkdHlPPJ$ zm3-#SV`KlVZr<*H)PUktn@{tk&Yf;-NKx(^ZA+UspJsX|OT5>2ZVTt?+`ETX^E zd(6*k-*g*L?73^ER2y@tR|^UXap-~ULaL~m43*vbDMdLCLt-IGr6A7(6naeKYLAkv z24+2*b4)6rhZRLQX-KfzqE7)@W-9;N7c`UyACoWp>pLVIBL$sC_eRZw>!QH2b!tO= zMJmhHy>yQVo|Qxf>rV*1{ab&P_2KCGll94b8!)3*T=A5^$J|O5m%24dVXcqv(df#n zYkDU!o$o)b2t(ccnv&|XdW37^V!ol)u*?lvr<~;YEGJoqTjLQzMZKAi)j#x3`)kS; zvT zk{lWAv>i10UQ@B~7tJ}V1?U!XpXN<-rSdmfv=7x}YgsSY^puxuc8O5a(fYXZ#NhQN z)lJLyxg#xEU!$v{%z%$}tV?16Va*3y_!N^jx=&t_wQxHw00jTRs74p2TrIy&j{ao= zW{zNYH6?Imo;qp7qWN8(1!Q55=LK^D`HJ0m<$ChQWjSXit zAcQmx7PRWBq~hv)1*;jVKNw8Fw2m_LAVqTQ|6n-2bjXBOnzedm>(e@b9f4N7g1^g5 zu5Vv}Chl>?KWe^oEqLg&f#XzstN(N!lO&gDW@KKQfLGzx59B!-N-oPHm(yp?$~x~C z$`q~+AhLUJ;VqRxl0>b*QMF15uT7hy@8d;ucPx^vK?yvuCJl-(4$Pd0?!HZV|AX<) z`aF5lw9q2KBS@ww#{B)~FSkk~YIo12`I_KuKkOkT|{#EwfFQr zNy1`bNi~^-Ee#+#W_7yNXT=WXj3h6s`C+B^qn|-SJNfTpz@l7$+Kjkj} zV7R@W6iP;N7epXY4$%1PLjwgD7j}AM;<8dkH?pF3##P5ECpz_x53R0{bbb+K;`>~1 z8-#V1uPk;7Z-t9NyKtvNnk2WVb%P#;sqBIfqBy{Fwsv;n`b5fQ1Sm*9BhP4YsE(Lm z`{A;h1GLCpe-qd*Kwv*YUKH(MVbKRG|O z;NSV5hwZI(pi2}#iE6POcgyU$Buy+0zd%0lrbpK6^7=MTIjSRFu#@3A$^2~lPbA|_ z1bbmWD4jTU@_whYZCE*hMV@ZbLb8`A=D5=ey#jJZB9h~p^%BQhqC@g?4>V)nF?zc` zGfLELdFor*uKxC-rEa?Y^VDy*$W8rpw4W1UmsZ@B%&f3<7Ws09`&XzjM>t+9LYCsC zxjni*B(`B&os%57mC0cC$2mh@T~;%gWI;R&_W?Fn%@go@t`Q+0|FF=E|9W*&5;mJ!0F$&rByKs8| zCwF}xm?)}$Ev0>ykXDcKRENQt$dm1WU&@5QZyN%OW(Tobj zq0lQN*@`0*!BD{zVswOXw94kTR@gU#vXyddhrbZ@`H8FU zj1IWR3ul`sLFD^?8=82wdA6?~o38bpqp^0K&A<|U(q*WD-Te_?N5_wbn>;6Bop^+T z3d~jysL-K^K3ACRsO+C<0u>G+8ItwvPbXG1%#K>1W)_qlXtfCKLt^+xCjZ51W^ zuPT@Qk;K(dTed4Vsn->Re(xuk%`%=5Yr9UkqCqFe?r9V znKuhv>PA;f1N!2u3TCdx)-(_0yRF2YrnIH+X|- zyj)K6GHD(ev5=wIsmhQ zxq3xk7Ki0j3pJ8v-p+5J?ch4q!@{yOmjHlrQh4sg#-^2Xfdg$fH@h8nPBqHOgxSwz zp8Hg!+Sl8C`y>K-lkL+guK`H9Lz z^CqdJooN#*qMX90S|;uw_^Jv!o3l&R>SPOFH;unDwuV=?GBZNxr9HoRx^4O0^ond-S%z z-$+bE&ppoBH*3$#guTX&v|fnD!Wb3EGU|6Tty7bz;*!ZTU+!>3a@_}e#w4q?r%h~t zss+5i(chFu&K@qxQ+zBIIl4u;BF(PVo|%{4LZ4?5f~-;16XeejDxcCtK#44b zdEeU^gJKC@IBmh5aFHHlMJ1bh4y;XI?(=;H{a5}r^+dipfr>$9W!VyNvKFqhr3H z)|@#uBOadK5=zAYy#b=>PVIjRbNY=~Vnm>(k`*=FJliF=O=+fGe%dKT4VRM@7IetF=Cq z-@*V8PXAl}yMmK(#(^`PS_?-QdxFe?#Q3n**+yFZnVr|%fn@*t3t46_1G~%hUy2g5 z(81jFY01+2HMKVroJAJiOg1zmwdVC~P*HUt9w;+s%Q2r?v6Yg6I0?iguqdy!=WDj( z=4FSBS@xa)&N*!N`1-XJr*K_0dhVyKx(dd0e@qOhw9YP>2NnI!qzQT1LA#ss z3LWGG6UP(hP7oR@vwW>V@368NLD~Jann1^iSAX0SVu9?5^jPeL6B#K^mIXJJ^BvYC z4P`K(6wCGv>b~Qx`GUQErn^WCJVPfVwAV=(odN@_8}yd%i4s(hqcO~(RJDgJq@NC) z#$FUO(I6`H>4Q@)ts892Sc&7v?=-Q#=odWSXvN@=K^(|=5~Du(dH=^jA(h_wN4II5 z&ynb-^M3GypvPoiltQ7c$tTdQ#Kq@P$$*LxK{SCM&U za~n>b$E(TQQu!T*NKnrR?(=jR6J;kbu$C{vD!;{2rm$`l<91x%8Y#1Fmej zro?y)NC{^;1HBdeHfQoECOLV!`%KQ&JEm2CPlE*!aQX2wUCRij1E4noE3hS&h9k3qJo-3LB)7OwaO28}YS^FC3Yu8;s1axieH5Cp6E#F3F_g8^*osKA*mshp#8@h%NGeKt^$9*cl~?yPy|?}yc~QJy@kpa|+viJ1 z68)`;a_6uI<3z%|be`TMt+dRzTuG!V%MF*h1scZLhCaPvLU`vmQSm>_MGV`DWX|Hk zOu3&_7O(Typf4ku=<*9P$zf9ndRWF+NLOxE=|}6v&+});mVd`x-PpZT9(-P;^Tz*Y z<%NH}fF2qEgTPQ26bu1@00;m8APk_SkEXc#<0F{)mBc$;tK{d@=`}iyk=OL^Er8^A z1MOA%2Q2&p&Yrpi4vQ1&J`qR2%ceWDB4SitZ@cu=b^c0!eZmkv2J-8izqZTCt?>W; z;aDdd`J*&cXQeY~!3bR3-_@>%Yq?T>T~NLu*46&}vH&AmQRA!0)hW+SjMKVDo9Vk9 zUnkTU1yy^6DB^O#!q+eE>su&4XGHEFz?@d%O5yhB9dTg-=bJuYalRTaEdTdVo7PtK zT&jF0&h@b!Vs4|KgTX*V*lOVU_P!$;uyN)CW z1~HFYx*z($P9d*jewf&ip1gmrfjYj3W)!yn&gAI$MQD&p4f3^=q0`A6w00_ftY=g| z3FfHbpcv?SCH-<k|z#Ln}ey;pp^gn=` zrp()+1_)nJeO=&tN80G=+>I5b$;+NQaVSZ{@@ax|UM;!+5&hi@MF6({a0 zE#37!Y5&JoC`Bz;V?WT+Kcu8cwiuB&fR{%O6%uP6#p;wg^kjj};eM?}*%GXEJt4ky z-~PNS<>QA?kSdap#gh~hPWvHuwxsO>vQ#`?Y3{>Tnn!paO|^5 zi0~#$t147$Vnq?(lB&f1FnFi7{{g;vx#CCU`q82Fz&a7sAflS?wOw97K6HFT$=}02 zFQjR;tMi)?-T%SQ%VhKYLnzVU=tkq%CR6G5o_)wp>80D}Kfc-0_t=x?JQch7@$`ki zxYVhziiqmu#PCkjh$$P2rSihwmyNjR{!+tMVg^zkvaou#)hW4ak9xC>3`M${UlM61 zN8%WOtbBAeU3TA3*`|CtN=0|&*gSYl!o@NiEw*-U z=o%NOjv0Rj7J2M8&EDnbD+e0>_WN>d@%3T1*B63LYE1qEvY%8?JjLD=M~If*s}3?S zc#*+g+<6q>0Cpq?`3oCZ+*{UhJpLOD9t@5>W{OY#eK`MGZoI$)X!3GSTOp6n&TiOjuQlK=CZk`8r+;}Ng7t&5QW<)DPT z$KmR?lqio4?R1=kd~)Hi37##&6JQKl`8CeXy(X4s_R;eTl!V^^Th-ACUWxDlTq5 z?7O23E&>f|IGb+I=b%h>zB_I{?2fT$ybZ~XODRhHG+FNWVl|-tEWWgLZMlOFJG-SN z+WOLR)*iV?JHDZKvwHDp^pHi5{M7qT6PLbs2QtLPWQv^8%itTSN$`cxk5A{+Ph8X~ zqO4q`-r%0s`eHhk)txlu&b2xuD!d7{l985PO~Mrqt(Tx<^8|9qm1pD+2!Mj7X}=W@ z7E5x}IwvT=9FU9yc%`T>)TL9Xrn6t-L`nW+_f8cL| z5r7ck{7Ny2+`ji246m1=)KC#RK&lP!{Km^lYY%C|_ktW5NKr>SD6S}uVmo1xMQTUH zfCQ`cCXDId1C<2*uYBLcF2`gp0mf1Z{d|1S_UFQ1<7Q+m#?!s6{XJW{`MkjLfoFAO zkMDNbkrAKHBLMdU!x>quq$*SuBg zXpnYS1Ani#ra##SzZ%i2VKjx5Jnx%!YQd%M{5*86rN~*gAB+i#M6}?(={Z*=ad7R} zo)0DR4dx7dG9*u2^HqcLPc)XLU4L+G>sa40eHcjM*@GW!*!`F`xyr`t(l()h z3e~Ez5DyCrSx#)*l@u4d!UI$-XA9)UZs|gP*j|j&xU67T1K1{pohSYQw_f2gMX(|0 zate^rTU56$cNs~ZwR*LaMlJ68K_Q0_p`wf1q2))vr6nI)JY`toHl)`Q`Qpw&T7<0K zwaMIrD+U=I*{Wz;3e+8a(w1h7Lzae##aAkexoI-Vh)*Dq-Cu02kZhArYt^?Ij;@dE zEQ4&}n(T7u^<6R0j#*~C@llFiYY&Gu38CAdus@oW?1>?j%89%5N@o4-#MRwZTSOQQ zXN3xVN;qe0wLM@4)JENR(dXilq;DlrJVC;U-PW#V&dY4W>vp*&pxM1!7^qL~Fskdu z?3SR&@Z1637C=GCvV{aq$bT+SAFIs$sTGXdhi{*bxP8Suahfh#WG4EHiBfTeMz&wk z7dd6WaP!GCopy`+o-@`gwwjEc$7;wrZ?V(HE9TR1jEZF!-{ukSE)z|4Y zF3O)xsy_3(|4%3Ne4|W$RVaUuOWi#a{)yu~lk2_wes8Z}15VleH}Jm}fZuS(ME$>p zqv{i{`EBy{exdxX6K}5^3_JDT*#AGCG6S)%?y>r8`>QetReiP+LNG~iCQMSS@0=E6 zhUjCt@NVbu3B+d+T*hDLnXYqM$u!P}gi7wmKNrSM(OSiQFVFIWP5h$1`~!51f7xTZ zNeU25`m|qO@Zqm<1(LBoMTTeEQd>yf!q z=45oC{Dd?LS-$+!B=AV>d*>_fH}Wp-KIheaB^0D?d*A6h`gmZeSn&<)CHshqpIS7+bs=n`-jiNUoO{#l*tF7pofAbvK<1 zx`;g*^P?R~9CXF}vG8M@9`n81^Pay)u3&eS>4hwXbM(#Y-RBRC;{@ipFVemLer|W6 z=4jW0Zly7M3y^Z@`GZg5unC807PF5FkAo*3MJ5Tbz&G9*Vv4|`YM zqT`>ea+;v{Bo}Ve^NfpH1Z~kT^T^uW>v~lcUNyh>2yC1qK1}I_82eY_)MZ-;0tzP- zSWj-Gf2_hfE~-5c{M5iMOorJe*|)Vgg= zUiAmDTDk#w&NW}9LdsE;z*WYH;#Tryig}O91nra^P)NR&3`#cPswhj8Xk$G{hsXsz znx7{9I}(P;*62vw4jSIf2UPme{aH&x2=5>|i2#Ic+h8lfZFsO0<2YC3Tt9a+gyqE9gQGuq4Ia+^%(+}U?FHU#! zZCm$Q1IqkO3KcK4Z2r0J;LCS>Z_576Zczq%giFcYC&4JmmI2uU4wgv_%yd7}DoxaQdIUF7d37uz(N zSFayF%^V87=2ym2R%j)jb9<)$Bk50> zW}Ve8*B7yZNhfJvyRVJveZENb;%k6k1o2U1L?kWuCE*du#-q6gFl)J$Ww-poX=y7Z z6#A02`>uxPw?pNOoZjx!G?=1$#y63hXCdUbf~NtwO54`~aGsYNAouoAf6!i>(9IbE ze+;XjuJa|zqK78K*^&R4KEU1qw(ZI^|4z}GtYjq~zlcQYApmp%qmB5xCTkL0^#fy3 zvnnb*AV-E0rar|gb(g#u%j^%y6e(6fp+!P@^Cbr&((ISA{YFJ zDJc88DW%1t>Twx`ujcQLIb}`U({deFv{EMLLCE7xYDvvUVD83yI55~H^arblR9(n3 z>E4Yr6O0ef1MV>Ig&-es9XA+xp3nr#Q;T7z8ue3k#6pu;_XOTlP|BVfevShy7#f~# zY0o}<3z1SfV0_bm=#|3hopO$b6unTJ8Aa8dSdNj)S)Yo9J9L9wz5venQ9Dc}wJjR@Uk+qx} zow~~{Ie%ZI)6y#lw^rS@iyf`=fN%zMl=RFlgEh1;?XW7c=!SN#x9X_`ee{6xGMwDsKaJum zghys9ul!|h%Fu6qKMv1EN>^*j(@oL2AxH0!43OY4afN{v3C)J*iVBU#gN^OqRD-kb zERkc0rZB)WOQZxi?U9fqZtF8u{rU&v>bnuP!eSg~sd@!$bp1@Yk}<98l(k>lGqxY1^yE-@ z+`i=d;ncRN57>LAOM#BmxCW?PLwk^AKNfi9`f=Q>vGN7v4H!K%bCaAJQZJhazElYW z?~?FN{3$dM86x-&a=6sny}(J3@?mVEyxO5!|GMoaI*J;=&n>FJNOGQ2Ud-3VwwUkY zz=muemFIvCUI!vYk3plktCvrR?CaVbg%!W8q5O=?%4GaR3EdHP*5syAEDkqOop@?D zJLw5oB!&6uV4L0Sw#W*#X5VmZo_|_PxRbJ^8Wn$exR10o0h&{VmI_{2Ul^9Pc#jV$F{npK#|FHq8_&WsHIC+oPCv72-n?CgUeKOEH+q^Ht|*&uXMM*p_3#Z&80J6(NS7;pg%Es-FV?_p&MQ|1SU2iWCHE zpLZkUYKE?AOrm~wRe1h4ob$g|%=^Et_~pN<7U>`V`y;<86%POPqCIPn-eg;@27f^P z>8gk|{02V{aLEnh1CzqNBJ@=4KfQmFe*bSt1wUEAt|$~1P{e8i zit%6L+bX?VzCb_~!&ZkCVJq%xDWP{*#DV9p7GgFa`RY3 z_=G3=_4$y~eJGxPUK>^sI`NOmPJ))&Hpi>;MwFnO_Zu~`Fh5!_>a)`C)x4==n1$sX7Uo!JW8*VbjrOzN(>yez1f_Z@>1;8|(&Zx`ii zO-M^GV!Qukubl_bSCCN>34xbS z5NtwpqPLPF|MY(p^x7Ru3{lR6v8D}P*B(wjP%k=ld_{e%-bQvaL#nmizUtG0ziw>5 z8NF7gw`$t+Nb1ZEd?Y~widKrh`L&2x?z;J--b?=VXoo1g4W5egAJhRn0Or!G_TobZGRQZ93ih<#>T z-r(-}4%AzfiIWgw%=k}lb*7lgA-L1}tCo_Apj<>Icgi%;{LPDFM|tu4lBnPeu`(I)t$GcX2lTJ^%n#76)XNF6yU!`?%VONt z%t5)wi?<_L8oh>PS?m+GpNF$PKCZ+HHdN9`lUiA835s3PIl5?T=FELPgaWjW&(rcV zd9iFcI0R+`L*190@i~C7cr}x-!|MKPC){da1NC>GF{^lcV%F-daCIgsY_tkKn&EKa z#=Ml+;>l?JS1;EdiyHN@`i{wJf`;yU3_TEW0|D3c9GuJR@4t-UHQ_?)TE@SWac+h3 zIkiG+-V8O(#_D#Ll}o_OV!a7v(Pp2dvC@?QavFX^QY;nLx0-mg^}w|#mjAb zbn|V2^xACH>ru{D+=Ail9^N8N|F@-S<@`Ab=aC#&tKK6dNh$nQXn<)T<+Q^v)Eb?v zw)c)I#k#41;e%ws*OtAC=w;@nmDA;FOmte>v4FYS%pc^ItH~$@+lIUTyW=iBIqDA4 zqY)`f`F(3UfhDgnq-3?G2;TOdzOHhS-TQic6yPXd4TJ*l3KY9PFHoIMtKyC7?&Z^? zB_u204vEm@%IDk!r|ou=(bM{#CZeU`e@^gW>k~~YKb@24jnF)D4`1os!oY}w;0FlG zku(q=%{0$?BMax2ng@Fp;$EuW`&WE0%J^>5&_qV(y%bmfgt|4Ih+nf~>z+(LNq{NJfB5aczQOvd7_E}RB6O0)EV0fbCyx;1L+AD}vlkmS;dUaUOcYGNDLda(oO zm9t%aBJ~^vvQKBf_}Q8MeGM0=M>Aso7B+lMhm&Txs|`L8yujnC&GMANulR|0m9LVW zq;OPQ0AtOJKdJ0FF_f&@#}8Viq}_o`=79%{T6k?OXI=~D$hc?4IE@$wN?PR-a7dGY zOZkfa8!|oMDI90e8v~30u#!rhMhw?B_2#b}k-g^pIfntbw5l$5kJX$i^vNG89~Dj) zojZX#(j5>a@L-=+7~`{G34^DvPmA3T^>CEKD)40p(nr)A)HS$O>6V>)2(Pd&)D62>{u@2Nx*E56uo3-!{_tq z>b8swF6R555+P7M0M=wi#P0b9mE%*kZshP#1T3{&)u!4+82&WhDCRSET|2 zY$lXq3dJoBOr^dsg1U7MUKLyEJM#qjvk3DIIb>wH-mB5@31jjJmpaQ_q6N1lmAM8V z_4)lh32r+NUvof9tX=I2ZUNPxqTWJC?owOrYm0Fw?PW5chzJZ^F5=ke{Sc)#D~j)} zs08~jcou;V+{v5XRcwEE#UGehV&788faj^eEg{{pBJg%a#ZPgm<3u>kP439B)NIm| zJ`p`eRZ%JJG+eSMd)1q?B~G6%Qiiay;Cm4t|0HTW<@%%h@0N1N9TZ>x32V3Ps&FBx zG;>i&xdbIn^e*$v^1SQ&JbvJe=cEEq?RQJndpWB1?u2E~zp4YA+58dKmWHRnH2;fmal;v@_P-^2qhxanMji^S%-Lu zy%**#gOR99b1>H#FX|hgIVyz_;%Cy-E!0Sz?yr7>6x28rmb5SECPI^_4QnYoR{69B zEnRO4_Z_pc9rH5!f|NY^a#(6E`V;7L_?TT&jhw=T%Gna49G+g+!l>&Z8u@8?cN5cm z@}}=(byY!v`1Y*C)mV28lKO6baKb6A;deF7A~hj}DTu~b?`k_6-YF{j z_E=sa=Ve|NM3 zih@RWE1!FY&@o+mt~pW%v=t!OZjDDj{vN1!Zq|F(=ciM9I@8&(NySHI8X@pVDXIoj zW^bn{HE+;_El5;jm+On5~asddZE zmts=2iv$DTOp=xmtG9GxyBZ2#-PW31gsp5^s9Qr^T$ zpimM%7TPuUTfvMsECS+Iv61XO0nY=-?3#U;YNhKrV@X(L9xXC>F_yN^Skz5Xd4*cyTn$N1yk!fiyA0BhZ&~*re&-OagnnQ%;So`>wQ!~S(EB1q9ju;+{=cb|Zju9|8 z1{5qv$<1E$S>OgX`5!?DE*@+L@b1R4w$L)4)-#l9pJ4Eiz?sM@@sw`&Lg_q~200*4 zlOVDxCa8I1*#Y)?&!=1S*6v=(NVoZgA1sFUH<`X`U4tL48?c7l4o-$Uo%p!RmeFH> z7@2(H)(%feNM)&|uua@6vwQC`uXb(VUKkDOEzmlO6ceH8g5p~lZ1ymp`)%1lvH7ls zNr3uJDRV@^zw+eX)-SrhGOa<3fu14_(ad#o1)Pou9FCCi(IrJFJlas?RQ7Th!((Ns z4L>_Rrhosfj)hvXXujFuy`s!&X#umlfl$lB0ZoyR3BP6i)7NB0`g zvH%)WyLq9(T7{M@BelC8>M%|`dRyD3{+c|pa>rJPNq%KnkOzu5(l%@(f#yGrLH^T_ z>GexH2ge|pb~5^D01l8RK^qk)x>?}U^=mc=VlH;EZ$bh z=o?_?X0N8?W|2do+Q76_xn4Y92*vdFFhX{R;o~T%JCIofgq62Q^aV#a%&q*9ExDft zCJO^>0!hP+3zfnMf`FOT$3kVc2GA(KR#h46iZn_c6`L@c&(;l^N%@FoVk}mZDZ`7? z2HtU(-+QL0MIN^BOkxK7SVn@#yVo;>>POr90Rex9OUG*o4oXDnr6lmpx^bB_Y^&EN zR?^Ya_fy18?>o1!ggk=IO!P9u1tnWlgIzC6wl9K)tQihq=|ic@MXG~VC7lN`-Rl;j zsM*t$-*61dMjA%L?85v(kN+C2;YJ^|?2_M*&FYO9kTd3y5)=y-l6p{}61=^@#uo*R z^qqrTUQ!xkK(LpN;v4z+nlMueip0R7lo9LWF!_M^=YcA47S?iEhyd7%-3%{Dh!-dNjn;Ni)9~r&Uyek%lb* zt7g>egkXL<>RJs%B?76*kPQTyD)9v#Dup81W>HD1Nbx2<Hm5w?(iT^;N|yook)SpBsjK#SQ*Rb}-m? zIF^wFAU3ipqxQj^Q9q##X0`8sXZ6BKt8|`!h2-3BF0V2L4wmwmHCLV4*7&^J9M)7L zWhv4s5Dv|{Z5xrKtnfd)RI3SYJAhR#KapCLh(Q)|)GpwK)i5O5s&MBOnf z%@YM|w2N9TV7IU2C=sRxkxm5;>xvV!X3%TVQh$_lsF(YlIOjzYwOK=T1lnw@j3ZEF zuIya_?7FK;s>NSy6s!$}yjZmmDpN-eoQ{;w*z1+VHwzWqf+Eoh#bV#>qdTqY zF(J_$=7AsZQXM}%bdhds5mYjw5bu5*fEbpEfF%#MmDa^Oh(pZPuPJ*yum@cOnZ0v7 zBvkl<6w@Uv9SBO%4w(=GVLiV8N!Ly*ZOf>n21PQnWe)7^SnJE^uzj`!R=|`WsQkoX zgZj71)mbtlP0D~8{j2Lp<>_wbGx55M9Xz+t#HhVBT=QE;r^>o?t2kQT6b0zYcM2St#YDQP>bt;2R*!50>M)aU0;IX z*@uo!h+9cZScAvXJQ2=scBaL`Pif{d6nQ*EH^2Y`ssP*C>6F6} zXi{Da1L8jaAumfv;n~z31gPAv@{@i71l6h_icl0tfz}${gb$uOhz@|Bs-6GdTs}li zL%RF6QPNfod4D^7;6mmI=4iX#7^%aQssC9H`n#I7NR?v4u;6x4M$Z2V4^<+X7)ij@ zcF9~mVr^TfOapX+Eb$e3$?A!P9qc^c-;)Kp??{E}>D6<|5=u@4FmmKhp}-c?s-HC) zO$PvhdxjR*JhXSNfg<6J4q#dghLdb08BrqLF!gy9=SIQ5*+8SARUtHeRlc1oU^h+6 zJB+iYJ}HYFbF(TB+||+9>Ug~N8u>?|#v)prlHT(~A+=!BC)Qj+b;h3w|MW`*pWygmXuSB)^3mV%O^ z)ilP;75)M5)+`f2UBxmP+7en5Qd_fQZQXQ*M^o4tJb9@O%t;P)7`%jXSL&d`0b77` zZF!Oka(nX3(Mr?Ic!~?>RqZn)GwW?H=P5;~d8^_v$aVxgb+daOb<`^Yzty{qvRr>Bis82^`cp9OlTX$8w?S)QysEn9_ zDX-oDIL$D--&Wu&Za3eGLu;(Aw-lr8orLEYmjRd0f_sF`_A^IHtlh6-oQkqC;+>Hg9=Wc{OIl`)G-7832?5HO7FU3@9+>Rnq#e&DXMVb<>2abz}Q!{-kLhNVBa zg3@iMLwZaZ=c?*5Ix#Zt+E69o9P#%l`Cy0fK@7@*6Qc7$I>cnJL9JXLk_-l5y63AP zd4mh$Mma?bg*epX-Um$mnO$!?l6k~XgK2R&U2{dDE}nlcPlnlr&%WuaLKBrO7Cw0R zlNWcDV9X<~%K7NG+X+~?=H%Bd%SCj1PDczZqfqn!9+8vms+mWP{g&JL(X~uHV;J$#jU`bS{pG zdGQ~MX^F|vLohb85)LqDquUy*tTBhNs6e760}XBU0N9ezGV6t=*_azkt`8mX-vgRC z83c^n&Sn}JEW#XpZUqP>HL7U6MYmtG?WpwB6qj&fIyl&fIeZyM)fO0!Dsuq)&jR;O zPDpU{1?!DeMrBKyAit}FtcOOa!9@8eex|rx%jg{*+NIgoAW|e(ZyhzJsr`Is`W}ZR zhr+YwQA)+t{>^+)^mbnnOYCBqR^ykyH#8v37U~fQlSkZFVrP>4TXa0)cK~VYJNKAS zF9w#TFC~XUm-1up#MKD)q|~Zy$zFQI-)j#x-uuG%F<6x3kFr%B-DlxACES?clI0{W z<7INHLrn;vS5xH@enPO43BI5FM8&rjS{z30pnINJ_yQv&0|M_H4%Ig%UHqA)frHUEeGjARueKxcPuqN%SMC*x3PP}Q)@HLW zUM2t7c(0PnTANvo7|@ZU&p3-cZb0gYj&AC5`E(jFOrz^}AL9IVz2>mx1fx9r5~EmooE2fQTI^}a}ku&3UKG~0?-o38cBW`95F#*qql zzdCoBN(jgCHSN4ho%)^VKfp@lx_(9`U9gN(s{-6QbZnlDzu;r!V0p*&_b*BFA#P0N zpAsp%D{1-*h>qdIE@21aGGav6x|ErL_`BwE2J5UJ))RQJF}m$pI3&4C@%mcCfIuo1 zTikvGXI3%totc^vAt%r~sVxeRoafsBb6-UKwnJ{ob(qZvB#^-2hDJSK=eB0i`XXAM z<6@f0-P>me0%9(Ce`pIi$fVa+_T9jV`@pesgJTm<-yLpr-MaWO*XgyT*34E$h`=7( znv0a!B&A;+bm9jXN%-1YthvAd$=NtJYi5?O7ABbRi92UEMTCTk+*(Lpg(KZQ9}*_n zgUWxdlW`*0<83ZmAG7~IkJsO` zcSosDUr9MF-5#`dB_+JHQ})h?MPL?U`r|;&g2>%SQ&>j}#Z5 z{S5wd_d-XQNDzz+IsGh3CW%Kvk$lZg?pN($^Z#}3M8phjMs9y_PY9K4a2xnIM*q9> zas38K4%IN@&n=0S(;t~`2qQVil6dBN$=%1g`2OF4OkNA!7D*HiNWk;NT1emx--UNO zp7WN{Nj=QIG-skuENM$FmW02U9=jjX-Q-IC9t&VlI9*Hadzn8DL9TZ8X1DXE?*wd(v&cD6G@1G?~&Y%@1SFFGEU(1*7EL4sY!4oQs9!@rP4#fK)qKFeJ#p;=-M6uU=Fl# zK_^mFpGGA1FuQmL-*4nY-bRuAh6@u0Oyi{oV|Tc$shWy6y7n?i{(e2)X_YzP%N6;e z={4oEnhLKASh3O`r{FP>iY0xGbv@Q!6VnnH;=kXbr!23KE$zWCJ4(AIDvp5kSTUyy zj-gG9-wCI`coxURbKcK46*0Q=)J>x`oS%_A_a$X!Y^FwYXtgMRXXyqtccPBYBuvm^ z-#qvZaI?jLpX76BCG8R#=?!jz2vD4;o^1)v{1A}zM^PkXPXEyx!?L%2g4WE9*gMO3 zTi!KmjXq$opG?rHfDYOMb#^&6zV)iA$k*eSS^IXYB?QEr4>`D~yeGKD;bba{y5;re zG5JLK9d1!I(tohE(N>rio>}N}t)Tp_8z_Txy;^Ocn^Qlpr!Cm z`jOs0mw&&2LXk%(L9A98(lzB~n72q^I#Kd*KgxF=1tKMY)c z`s9d1#l(qLE!Hii_YuB@x`0Sw+{@6w2E2Km(DJuk z4X%Ury>Nq|bzhMCvp8^*LeD`OQ(lVc$$=_o^YG!F;j zQZJLKBse_2v)9|*Q4%~XTOhS8wwuT>5u|+y(a;lYAcW-f#_%NspwDZ=@Fn)CuQ#|( zT{<aNJ8#ptWr-^9VbeX$A;&y9h`mUflu%UK;-1ZeYNIf+buHr^<6lA0MQ zg~9vIQU!(PbtE`Y5pP4u5Cztm!V*puBez6x3^eQ;2hrKSZA$NWzjp(#3jpq^wXp5gd6NeqIef@E;_A_{le6l|iA4Pm}Tj_Es_x5R* z8>&rJ6R=;5={eJzhWC!N-TE5r7=w$cG_82rBie9Kq-GH>4N{F#_cS=OKLt%n+tVLw z=jv8ll|;*G-XjuA7IN2?$6wnvQmSSiA!)Xcq-3d4+9uEs;E)3F-@8BXf776hkiGH; zPmQK&UJMDuilY%$sLJ=a3bSd9E8APg)tYm;=y1YiW!NdLr%kI=96lWS;O7*`t;v)D zx4Pq=`B*J5{6;Mr;nGy^UYG*4Rcm!nEqLls>Sl|3=34myRMLR-W+nZ8N?*R<8*;~W z9Fg+(F6wqg37DXtM0RK5z{r=yx zo$g(hsK&k=pW>}(Juh}%jEQ26B*o^6FkH`KhVx55thV|fz>2j?Nq@7a^M&I3S8=^+ zgxI0KdWz^sw?^|yo}e819WQa`ODu* z3fD`_DL)T?JA?x@So!*Jz;Ax+W2$=v%C>kP2tl;$EE?tg1CGx1$qRfz$LWOl^-@7$ zlJik?%y(e)e#KYAe504@c9pk$SEbA?>$xXoP^p(H`9>WohtN5%Hwr(BBKDv(uqa{* zQYnqP^bLNhnBd<6mC|r*(`2|w+MnHSB46}m{E_KZ9m3%ix*_kubnT^ptr|!r>&XwX z42TMktiLmL{;`vkum8Gpd;zJt*x+L_y41Fs(QAx$k=bGFVRz)C0m$P*wrf|j3qe==l*0ZP;}6O7o~q5*3)`cBD7;Y3WpMVL=cRg6sLr6-U&I@;Ladb zaF&HoA;uB}Cw^a?Mr7Y;JW~^!K|*wm=>v^nOV7{!7Wh$c_~L}B=K({=du3&f3k*0y zx(0prbf~*ZV=|J=free3kTkhx=)NDFrYa!=`cYx^HP1Nk)1T6xEp1%Cw=JxM#`3q# zvFr~2BXxe`_U{Yg$+m`f{sF}I_N4;$4*Pw&hJA%954~jdYC$aV9P6@Ab!LB{qX!`9 z<=;QL(GNJszS@YKeK2d#`?;eVizqB?e10l$cV%7TjQ*nDh?#HN&N1ut8{dQ;tzu2J z2TW?gOg7q0#WrUe;ueuQtSx(auoN^@=)E=M5NBduw5V;Sjp(4LK%e^=%n{r*{E^X{y z%tfKZhO=cX#ho4#|30V&rbW%H6vwt+|ZqT$Qjto8qcrt^SG>VMq-WeSK2ii#VY zxN(oH0QU@MYG$}cX=+;9WT`mQQgc)Z4}%0h?84Clx=P@t1pdt2x(7uMU@P?aPo?LB7`dhO7qP3YOHhz+g1A&)oVob9{9 z^hA8!^z*Hwnm;*Tuh@QL2fYbnHvJm$V;{g|I$4avF$w|){^scyXvN}hJ)54tqt2(u z*kycU;a*qX%W=9tdH1l7G?fr3hR_XHRF(ZvV<=%WPbiVr!}A^nx58jl!Zkf`^n4Lf zL2*wQlQ0Qt zbr^|^$a#Xg=<0J^&@^yc+}9292M3OwwYZddq`9T)@XtW2^V{n#2QSe$v8(`uP4GrF zD@NB>=iAbD%Ut$}gMTnZ90Wg#^g9m{C`(z}bb-Vk-;dKPVzvx@J8b{R=9uLb$c9|X z1={C49;(=JQ+Z6OE??!c-73Roc6xF@)U5Glpvu@SZ=!&IqXFf9FBIWyc%aj)a?ic; z9C%2_oSC8Gec`)y*?ZPO<~QBWGrl%6nq)~C;yZ_|cSD%{IQ2c!#9@Fn{fwxxSkupE za;y7hSd>23`eUPD#Lt}*o7mloUcCloG}TRti&)1ojja#@vF#p;W^otuT0cQ`g%IXP z$aZsNTJBg2(0goks|9fNGiO;&`yahMQiAySlN^)}XJaJiC7!Zlt(=Gq(p>#07J3j)ngom^ zaJhDeE@L2Y%&SwWJ+^FHe? zftz@On00|XrH!n~i~-3tEw|+&$onLU*j)jCqTC|WO0^5x)gH`#wLuNn{fV&!tqv7g zsg3_E#V3j8&0I&EI+_`Y6|;68h5TT@QXxrK4frJra@OTJUmp$Nq_Jz=ZCid>&Y-$&Dp{Qt&RP2Fh7}Ph5>6QyB+&I)01hV^EORGg+ z`+|`Lq8t9XqcBX?xAzKsP2R<~)*E9*yLuMW7}8Da^_P?vbnBLA{Nc9;Csjm{zbLJu zd?$aH>R1?7eRuai;RN_mdwL21XjAlUkM&R-i9c~?F+?g3@CjV4>6m_>NGFy)I4c$< zJKRulZRg|xk~PL>+Zv|GY8_05W>wxD2c(xg@p5{L>(o)4RjnJc4RH$ z;%J2UWA?6cv=iOb3=|L5Na>vW3z7j)hluF;@6(EHRWLh z9sd>pO{0_l0bOoi6d!(E9I6z0{hG6DfDqT~n^v2uMWEWp(&wu?*bLVGT~8&v>6hQn zAPiQH|2dT;3x&`pukmgZYxmE|`Qfi6bVLubn|`AkrskN0?;Knt|8IH)z3l2oV~^Yu zcT*Pmx$4pmvGL%^Uki0QW|u#;Qc7y}@9SbUmftxl1R4d3_lEZ3rV_COMd4#V&lQCw zK>i+LxdW2ioLFgvzc@{Z++9{lvAt&1_Y$Z}nbLZ?k@91q>AfTNyK)>DP|{Bg5g$?_ z3IT1zpvrNb1uu(3p!iICysT&)&`KaA&STN)%5qRz|LXwRJxkarP=^jG-z`BIH4WYVYQWqt z^SuYreD&$bisF3G*oWmFiXs+ml@RutRx<69uilD%tggKW4^@wc~= z9T)fZCh1K%OSG)t2Zd&a5^$kzvA^pNSUEi(SJ9t2Pv}m|_W@ziU1~Ii45tZkzsY|C zH(4#1395B{F{cT0w_n&qI;7HwXP7HEjxMj^^e3}kfxg7IT#Hz+tXu?% z>b-)|1^J=5;fKzLvyrKn)cv7qo5YQNIXFJ~q!wc9h7FaO{cB5+XDfFzF51io)|+1P zN11tX)|5GZw0{Qa|FL5qR9cQkhFG02#>!T)6OZsfirv43)CY%-^>#r_U&m4t{r~j^ zXTR&I>3+WZRYS~vuRWB4{{Xv=!h(d)2nO)@dWj_qfPX7(0COWxl^kb0|B^x3qu4##rtYJ+=kq9$J6=>3~IOzeE`87>Ys-P|%zvsiPcKyA})aI)@ z+o6$DiYI>$lMv?MJ$-<5#ikv`?1Pu{~xf=atP5 zE2{!=vNzu=+8sDme7$*VL($z`@os29b+FBHAL^XxlG zIs|{}rtWABg)i&E45kOxzOpMJH7d2^wMeMTB%)@!I%EZHlMF7;L#=M_jkdl zSFFh4;KCBF^cPvDW@&o6b9T0v za0_@&%8{o?F11tih9?z->U{I!Z<&g*g4p}Zp{)bQK*`SlOI?@~tuq`K%~B%SYsv*& z(UA3#e-x1nahwgMXIg|jaKYKsm^^AGf;zpq66AWm(q(h|YX4weIsl3Z9Et0sdT+wkERfO$n}zUgaH!Fqek4}9rz&V(0*j0Sa^C}COY^4R>)wZ zS~p~)9S$9Uiq^2dTpQ;=2FP>DOa*SwEeM4v&Ggf^R?oeF*$;|NV+#_`f(zmwTBpTs zHWP#q^%7CV1#cMNNeLZOe(w7;jw4y5iFpVtde0=W8jTT$){YI@lB515I2<8h$JR~z#Drri;X$l!;zs->v=`LX6 z!AnbF8i$LZ?{WI1+3D7^VTeRG%G9Njly-E93OKvSyPG{TF;-igtd@qMS|_K|uq1L{ z)c-uC=X6A}AVfciSFhNQLibs#8*xA^w==Kubp^Fq0*YpIcfA7z5>^l{7Ize=jc#f8 zZYmOph0S<7JDPsU8flyfmT-4jE`dN!wz4C7z@mY*s1rVzZXE4_0C)4U)43}1s7$2o zaOoHx4ocFE)Ez8$`(nX;RsA))KFyRVVK^SI8UuAM4djAqZ=8*_Kq1Js!?f@9niMc+ z3K%zPP>{ELJf#o}JZ|7CX-^ce6v1f5PeSG1cm-v+B`%Cg+EW_-n0+4fLap4}#@N;x z{M0_1Pgp$gg_-L(Gmi)LzwRR?VG#HIcAfYS&{dW6&{md&_JtRlO&3y;1Hkj^Oe)4Q zbCMbVW?rMHIo(3vr?`OWnYj`Hltn;9jKl#+Ik*E}{-57vaG13WI;otoz@B%)ToNz0 zhgLNH-I>6`s*rMpegC~`K!7z*T8Sp=ty?dk<;eLIlMqN z*^uj&>l;rse+F*pCgvI+FgW-$U9P8=8QXRRuj_h5g4)6Ylo~slwWFn%U$Iy;8`IPM zSIfPE+n8fi#w3o2m^X68UCr~xMa7|c$RQr$OGKmXA&mhK`y%LfGUi3E{u7LOW&Q$8 z+#6(HqpY9C%}jdiJ!caja7`^?z35`HDzS}(WzeCLSQl<)g}=7`+gPqycU)Z2!Wu~D zPzS+fmKU~d>Z}uC+K<@#KhK05>D|udrZAECvxXRShRcQuN6yR`=u(aDyEQy7fjjFS z1k*LyC;_h@cPN$+4=9iO5>4ROl^Rf&`K{ryZof-x)?5!F(3}q?+kAxMldtN-dF5-a z8jcRNoWK`M?q*hV4S0uVo$o#k3q}9}ktm%8(=9H0Wd05TMck~P_y?``Hm-)Xjz)Ua z0E7e27{rnh1I{^(7Alp@=(>lnfe$`@3)jo)2=d=_>v5m#w%KJ()<1Jz>)Ws z#4Bok7|9!P=sy1j9N&@aKYv{gEF>zAex#y3q9mTEHv@Zo%?cmm%YbLD+zH+nyhEa& z^6cUS!q(*202~u*!3LDl)YA2WJ>!5;SE`yxX4I{c8~cH&sFM!ZjKm8L>J`J~5YKQB z^FSyRr0{OkT35N0NZE7AoR`HNh^qv}JN4-;qx59=mJbqA>H)&*BxTiSC6+glZpYPY zp$KVdiJf1%y&YLO2%2sAzR&1(dxLg7KIwh0LCeO(nOT!qnfQ9=BzwvNmTDS=FZHsZ z0*-TN0BS3juM!1~2VlF;_iG?>yJIlc;?DLYW+wGGpEB+uLx;INDp7(E{P3uJNhg?l zVKRzKLe!6#`@>cs;hEqTbqiQtT3MEQ&zqbaf{p>PgdPyDXA{jgpuh(tY87iR45vZb z{w0FGMuXdMX|=GHU7J>`0a=rZJ?QE;hTy4O4{Q4hLp(bEFXhZxOTiAJi-RU50OtyV zGn;Ap?vpJ~=36^)k&%TdSE6W;lD=kw$+!%JQ5%N@Cd0W3-c=EVds#rg2vb>mnNzkhpWIT8VO2qgVns>UVbO)KHB&eTSAvS zS(eagnOHBs8PS`=3z-9+#g-1{D$at*ppooz**}xJtNzcLJQ^~HD>rb=5dAQKc6V)@^AD9n!)Ai(p{iCI|tlEfS&PB(oZ0+aotQ2XIAwy$mwBv zU?pg%6k1nmLxYh*GXx*S&o&2o-uG@}j<%;pYIBZwTLC0P;q-ByxV6U7-l4`ivhycD zYCTH3RZ;iFuR?Kp(UcDl(*-~0qscpzbm7agKr?kkrc|Qw1b?`R^=KesCoQhQwHvb||iN;1#dL88e0@FwQ zpLO>_MtB~GeLuVl=Phz(hS!QrFuuaAN7r^VE^OW*i)$gN4aNhl`2YFzg(5S3?xM(M zs=U$;A5|4&&A(ajPLj0n9I*8%sC&0=Ci@opjq%9%VheKpbyJA*Q`b|g21@(SeLJVh zo3Fm>6Obx&krsPuZF>LPl=s}J2*A&)?mJ~0*EX;aSVYUe2^62dqb0iZR_`PuEjhjP zxwG40KSPhy!|}p|%k?62|9gQ$;Ga`xe>Nlk@zwi<3&Mx2c`Zh(wcw73eE6VG*osD} z=jA+Png}CKLzqH_iI8E90EWD2HIF{~ZTX4l1tNf3t`Ur#i-ab(>wth>XuSGj=g4E@ zfs^;nug;{%UJoQ)_jY`51QXW$x%m;wQTWcWg@o(-OX|pTgbV+tj_DKO14J(O++jyK zeb@sJO_5@z1+M8*tO0f591hA3tkEC;A2?ygNcMlYgsn+m>aDMKnWG@yY_09djb6W0 zv4@|OICg{E?3o55|CXbp;VrWP+rjidI%@L@Z;zVGj)Or1UARC&?bkx_&2y%;5DY~| z&e}`TP6}pc+4VnF&qVTbu9^d|QA1qV?#-JA$w*diCzwFBO02Ru>&rj5St94Y2t0tw zCA9`ZkG4~+$VLE4&kFMCnESnAsUDw}8Oh=x0o9=Tl2@IYI`Zl6kW&#^4~;4B-*<@w zPm*?$JLFmOn|IW3y-5c0^U%6;XuuAc8OD)zC}fMy>B0g-P5S#plt+uI2J(cww;flN3>##K5jCEk{Ak6PnvXhI7%ML4niI)1n@LCo@e*#5dBS2-7~_y_ymWT7jp zvk&99)xOskxsS-|P#*sO{^{htPe)b7nv#>}MXJ_|W9WWidb`kTk5g!PoTgT)q=%+H zGDMmd-P}E2%f|9Jpv=Xs1Y~9$%>A5}zhGF|eZnsQgINdM&GS-oGMcn}5yqTBg$jO7Nf4VmR?$l<)tiSC=MO$y zWILR8?p-;m3MU*jvi8y#$0~l;FboY;#{9MW4>0N+NJ{F*(dUye`6LjeGNhz`sfG2m zH8wP4q96;eupf@Xh%8Ux*8Ta8IPhnbPh^RfzWFJc-KeKagu(p`?v*F>x8^Pb4^p1g z>pLkf>caNKN8i(iEf@j4LPOS8nfkGd19tlX3oV+!o*$coqz@=JU^wo>a!mRQ+A6L2 zqP1)**wMXeMiIUx_g;K>f3Us7y-6RQ@q9pF;HP`M&M@OYAOWWQ?wC21H&XmTc6)=J zAMBOvEgzk=Bi(wvz<+>3P~Q(#aFRJ3AwEW+vN0HNE7A1T#b#+w#+K`uT+mGB$1w(j(8pu|1-6|%~y=ZU1Gd}#9`Fm4WRp4yWQUf3ixObT#12@ z1IjziJsBqo;oHHKNk&$t1zdA*aMvD2Su`e9kFL8Gd1ydf?X81j#N@;b!*}MO@5TH`DCKS#kR%4L8tx<%ww(CHM2od%m0Inph?AiVk1S$5tj-UD|q8^+Rbx zvG>-YFf|eIV*Y4kUv!0*cL!u;yWMc)<_Y?Gkh`hnU%ty;hddqYc$`&*aJ^YF7kj$< zM!)s$HBYg?kkjwb_P8R)k#p8$D26J~utq0u+?&5FTJJagfe-Jk#eGuicy0#q3|(89 zQbSQnQtJC4|GcT2;FBAex2@`Swbfx1=9!eyWHbcyAPk5U$Tr|KLKa*n<6M2wKB6pD zK9LGt;@Seds1?#?;Va^q0RW_m_6bGS-pJ1V8G8&4fEbfU!;R+=e1aLuG}XK+JKay* zA&R6F>?WIUSwGe+f+pq}!hTbCAX~Y;1 z$AC^-s-f+mkLm!j=?JNfXFA3qk8K8uZ}u8CnClz<2Mo$Ot#r!&8?^vANc>W~nBi7S zB+L}arhp6X@9eGRAARSXJGLY`uUF7mu@Kv_SP5l7LI2)1_g4 za*-pL_hva}mKDas@;kau*Wd{C+8}A|XIPh%<%8)aXgPJ6bdOn0ti6{AngZb_%V4H) z;uqNdfy6UEq}%=YnSpOzJi@8=Q6X}d_Nbu;bO90dUT-)zL-SC#>}Nf_A_hekh-+mh=Y>Lzv+1zjVvd-bpu?srX9MveFyb zWy%_wdv9#O`IHwSY9Hmz&d6zv{@5Z>^g@^}t(jpe(N~pAy$)tMPQU%c0GO+^5AQ@< z8Q%9)>T=&{692+X{zBC3P(>{8$}D~ z_<5oHVmfS!)y;J9x>mTN)i?2PV4xP12 ze)cRykNyRd90M$lfPT7!Wtuu0N+-b%!5>c_ffFa7ewwdHvWOY{r#{(czA)^W6EAXS zcVw|N_3WUycQqcCI=nh)GqESo&NWv38RqF}hrwPrG7BV7$KW6jdJieHio^SiH?(Xd zj@KL>hE7WC$?7))kuWbJZ`4O?{pDX0tUZywaNUC{($Humo#!gPgj?^G;jviQTv zFWG*@{2et8=%v#MgJ zq}*&O_evXE?`s!>yp@-Bf!0+b%X|zr@!n-Nu|e)pj_j4}FRQryvPXnwTTMjkMVfTO zxix9tE@qRc+b^HbsSz&aZe1HaZtp$T^nSnOGh1&}xO7a&Q*dL$E16g*_6jWiKn;Ze zqu+Q`{v>YpVYJi89${;3Utvth-}jQ+t0FbCTL;?4L;>CN%p~jo0P|yuPTJNH6^qjk zbuxzi%g#7IuljD~&@^Rc&cgvi;Om7z*T7(P zoX6u-la5;Jy|^2a5Kg)%Q6XJ4tCA5>lGH;Z0^vS~0~Bv&P0H7A>w5yuajK-5gKdOa z9X7%zPG1vH%Y!1R3GLjt=H7SUG2gp6)X4G)g)V{T-(DzMy^JT-EabwEB~38JE!BIPJBD_zy@dI+!c{$!Pamc-UUy^SvI!^q^gBPbVIM zi5N0#Y~xMyx7Y zM^)!1r#MGAACWC%vuJx&$85swDI#QU_h^!3oX!e5uxDLN#z5i~M?ZZ>Zg#|uud?x$ ztRRmv1hWrt)CTRMvO2E91W=8xZ)~`p37E7Ywh>ukQa}#*Qt+ne{1^f6h6LdPRl>Bv zVMeOEvu@3R%P($~l5<$IPBu{zMw&Mu3F@tW#ZGw>Aw>c4x;8dmdDHker^VpvM#>u^ z5@SC3A>uS3xcMt<=_r2nK*?E37simM7(IbriOlD|x4f!N@mhQ^a(yLL78ny(>JN2_ zqlah|eXF3-gHm}z->%1Tsq=g{*MPrs%B8*(D%{Y*evd}TXfOm&j4E1y^DIijO|MGE z4rq_(!8zYM5EP!u;P-!gf@I0czkAcXCU`F9#5}my5@z(S?#~>;T4AmF(IVNp!LNgNf@ihkIm{EVE)Vt{rmQ1+*-AFs4AP8FH=JwtA4)lj8P=9?1?=|w1$GU zCt}J|R@95o11HGy{NfkVr@Lf6i+%s2WvQ*`U{|8XmVq8Kb4l7mQnoG=;W_3-osIgp z4`3O`;>P#;X2aZz^1Po5IW7MI4WbmoBFWaA9rGqbwupGU$G_Opt1fA6J~y-FdiBEl zT0JvQT-v(2W+UygM{(a*y2|{M;wd}9gK+OFsp=hyd!qrBHZi*aO6is1*l%mNA{Nm< z^sfA%ltDo2UmskMWu2F z$M;yvVG;8AB^6p+Vy|3@@iQqgznPbkeE~PB9~4>T9sa}(SFGhBf={22jV^|~Y?hFY zHc2W6#7OZBo6OqaazK3k51qkEnlZphdz-)d{Air#DaJp2uF(h-b22!1aX1-10t23X=oG;o%-jM8*z@EQv z-^$6}30{^hktR@jr8OxmaWzqovK<^|AE2|OPMnqO56w~&UsYZPo#m%FMb!e`E*^=pJtG#Qfb>G)-A=Oowju0q(fuX}6l{806v)>4959bPnI_Kx z!?{?P9C-iMxX+a+gSnF$N&!ir%b)xcC9dy8zax0$dXEo77p^xJ4u9# zbBrg@ffk%z*wAM{On*Up(FwoUMVsFgO#_%oGE8>j+fIh}o+r1~CaIckH&+{86w)OH z#p?R*-0e9%WFS&DjPnw0ZqI--iy2cr zUo+E>-+bK!qzy_OiQ(SuVQ@B`Tj0uG+N$EeaDiU50BX(gjeHF0s`ha>@;1Bg2izuh z>~_~&!s&-qHOz%{G=C0j5)(kYTjZCIsuWR+c9+4!hZUGHjsR0gYsPoUe;cDXA3!~P zhY7pylRm|k)+_tgP?3w^;XX{?B>&ZNmrAV#Iy{kY;v#YvLTnbVnEs)sr}pnEGShL< zx<#SJ$zHgnwpF$7ShWF9U1GCSR}zYVwd}%Ns8!OweY0?b2~99H)eMlScx+b5Yh?Rg zB>6Jjuv$@b1c(CE{#MWoz>NI6D4XL3do+OF?#T(nkehRtP?S_Cr>grSl6)XSczl4n z7Gx_u`F%S-FO+(i<1ThR6AW^q@4*K5gI67Mg5 zC!wCX$h*E5JTb`?E7^H3HURwe-PX~1`#y+6T^KkK^l$#!p0Xz$;7Xx0&eYV*iX(@2 zu_jAfZy3mFXI#i;3DePLjPJa;4+Tya1<^rqzehYOf{dmzX2|6O&d2Afu0V#{9u?DU zUzQ*YnoT$RfHhHb?}Ey`=g^T9dSZ~k17ZEDT=!8x4u-OkuC(4UPKTN;0pEjy6TaEkqI zeHfFk8zj8%h)y?%eJA4KOeYxF`&Tu-2dp|Q$7`V^GY0RCPiZS+7BX<2MwJ)>E4H=` zICBc+HC`!EGx8u!*3P_L(h%`RTWW1m5URGY2^8dKDxLG`v)EvmFTDT<2cGSA)s)!hFYCkb@)kf^ z+TQ4}^af=Sy@$*ub&B8gY?ov;J)kCqhWmMY2weST?p5>sb7*|ZpF7JYFgL}2FDeLh zN}Mac)x-yViDfV}p5LE*;2!Y7mZp~ws`X?VG5<|kHD-Vf374)@-|@ECQMJJ*_V>R3sF z!sEfL9y(JVHQw#ac=?DIJ0Uz*s#EaFQK z8LWu-H1dm0IpP6}8iAGci-C|(z2&d}R=B|R&z)pyrCZP3>y9fb{oYW_$-or@v~`c9 zCf{Rr0)V$3c$~Rk`Yr1;iblR0*JdTAf$AQ6b*7OY|M4ydcJ`cXn}Sn>jwZF=f7+yK z?44KrK)fFFX(jaDC*PU^yV*D+YqTcl{q2rnN#@K1)?M+|`nw%am=L|Rgl=o~)RO?+ z4$;PVF=I)e&5!aIlp)Hk_}>?Yr1m~Gv7o;d9%7 zvbTIffPM!7+45Y&bcxb~85y1|Q~r`wIk6^xm>|T$W#=2x#767*hMfWO+<3P#*?-4I z$nPbX73iDfCc-tmmvZ+}#%=g`Jt&s&$^iyefq zVV{5c3Z{q^hDeaY%=OY9Ns<7-m(5@ISFZWhPFv_=NyI77AEP1MSP4td-{QaccXn#i z_9F3@JC%gi)STk@XSw%7_zHV(g$1(glA+1*&y~wrCV-T49e8JTxkaAM=trH#Q$98mX{uQ>^!lHYh+?}8W zEa(V#n`S-c_mu&_?i)de3(3Z#9m*@dyJ|P>1E#lob_w$T10s!7mXbfi=&96CM7_iz z@Zir0zOB+I-Uog@=g}gej4i$k`$LSG;y6uAeX_FQv?xe4lpqMzw+h9iwoPnUiy<*u zDt(}drLf$lDhNi$?t2+0@EH0QsTPv>pj7e;k8{IS?0a?kG8;DE+bpA_KCFHKYJz^3 z{hK?vEn>X`b&wl*KFinVa^SL2aon>*y~;ZJDt;IQ;ZOG?h2D8BL=3xT+Y>b>40@3` zq>HnX+@S-66Ojzh=9RqgXP=X1VJ_Fc%y}EE+m9f($-g(DDyw5EJbmdCMbLdD+BY%} zS<;aDSKSZKzZK!zfeoyDe$MA4L3+B`)5VLyF%Hm;C275oD7iPPeI;lrjGQ358@1&q zN^?UfqR*CWSDX;*`a2GIxs6>6{J@O#5ckxKZj4u3W@I(wp}CiTHp?>8EbMA%Ppilo zGB`whjK!|>rd+51-G9OXxvcllW!AYsG5hkZr3lk+hZX-g z3Hoo+rwVOBrlh^KPpbn3eE-{(k3efeB*)`&m6;30)Lpzdswj6cSN+;5Y&06__U`ZO z){QR7V9C`Uv%tF$MoPYoy_rl&ZAl_X^6vU~CKck+x)GWc60HjPws;+zHw?BNLEH}` zQCRQrNoFEAmy`$gihToAcWTVH#^iFJkv*4E@0#@I!67h4tFq|Ukrh8PgVZD7gy~FQ1AE7$DRj)7Es_&Btx=|@yPt7BNb_&82CH+774% zyPC@Y%b%Hgz=V?(7|yt}ka2UTdZN7~5gTk(?@guUO$%J8C{X8Jm7o1AsNj9g?-bc55S^1r*>Q0x?mfK%toQ=W)o*zikyAX0k0Udm^S()TNsN&Qp{5q%VJ^AWxx+8Yo+2 z%~r#LNKiK1Q!;;^ z>rvLp{Y;9eW1+Rb6qB4%{%D5P8T<&*OF)#4Tlid`8Byx3l&AZiL11vbju!R>BR+%u z4@zN9+f2ERvfQ3$o*5)e-6m$1F{+Rtnr3$$f(GnTf;wR z;b7|>=L@PlTYPoF&x?jG{5x;XbVIQpg`ucaJpYWs2O`v$WHT)V8Lea6vQoDjI+Eyq z3LG#c>edAC;`h`ZAP8>nnXmE;nt%3;q5~mz?7leg_9G-oFX|X|>54gvafAko^bCzQ zqwJ&X6ym`RDg`qIrl;Yn88rh1S4NhnCOSSLvvd=SQAI>wP+(kMcJEPlZhuZhwbp3!VZywLSi*t*jl9wPZaCy zNe3Gb|K!6<40X}blhY+1Wn=)(57|{WdzNr|_)&4T&*URHB~gRH$+4qhX{W(^!@P!3w$X(avJ z$Axk1SvJ%U2Y`%~>thY9V&KVec2lsY3T-rDxOJ7M*{~XN9N|j{Dno|Ndfcia1UTNa zfDzhRRwLO{2bGmm=$~&_6V&Zvd>@3Ay}9gFDO+Qr)T}t3$Ce{(sF6O zu3+k?RTc&f{WgD_-ySj@AAFZW-!Jzh>+II)^a#D(XAK{+Fe5BcYEMypy9>YG%NwuD zmX~L5CG>@L*nvFGt)F|<3e$JGT~reO5MFdbUR4T$)=s}>FBD}i&`cmCqG+`)`x70! zOTQ$ws+@W2EWUA&#w^)U9OM`!FRES{j`KYF$%OY=)nd}&x+RTnGoc)AIvRtT6Bj zRCjyRy{TAh3(#9JM@Tq1c_G&Dbeesgq}%z{Fp?HfiD#1J9t(-|vim1Z)ZnM`Oz-cp zSVv!P(o4b07Is+BM=IvFj6M*C8(v`5?lK~R``SY967IV!xtbO_bc@ zQ})!g@(w7V=XC#VY~mB&fcaFU643Fq`k)x4gYfc6EL5Kd@w#H|G{Kd1f!lD<&?((4 zW}a#oQ(^R(^i6VjZ|l^s%+c8zSxSfLG3T>NMH6q&0O?N6%WYnfqwQp_uE7%nU1>vX ziJ$ZxDeUS6Ghx61*>}ntn?tM@s-K@yj$$7o@6Rt}$w;+{`UFoJu?e53v;i_d&|9zV zEmp5uq^^y`bUCkF*dV`2gkt-cf#+q!ce{87IeW(v`-Nc}!qEq@ff|q^=bA0*CA%L? zSXY2H{q^%B9nvK$f2H=mHM(_@Jo9;fi6*Eun)ulCL18ms`R4k|?_4OwjZKyl{?*jJ zIe}L+*se11YQ*m`a3CGGjuq6dO3~s-RgJL>|0f(>ENZ8R+MoiFwPhNg?F%N7M7{!Tobf@~<;HI#viVB(0+ZAelDvTrBmb7N7k>3q$CD!qt&B)46i7_z^p|yONip$_>Ghya zSlE~Z6d$Lj4$bd)-iMiJfG%pptb>?EAbACohx#Y)#bv((KB(*8fxYzY0h2(>0#brU zenwl|#4@pW9S=0T(Y z+4L-F$Y%J~{n$qAFq5usDmSAj9&NWWEDiBS%2L0BaY&&a5Aa(>@^vWN`HA)}W4k|q ze@_!ZO%<8`(&GY*hWJhCM#ZwQ)ZikwBX-Y>9>?XbqQvR!(!mTB!iVQ=e+xHq2PhQj zq9kdAH_aqOVd2eA=o>^%j7mW|n?SeNRXUi8Ne$_Jx$bB(f(Q_MkA4eBS z&pRkT2Ok2I$l@wvM41vQS#XyvdSje?(@V*U@|_sT-Hq4ubWH)Xp~Ml1#i! z#3m;uwQqS%vD}f*$&?yEPfa6s{sy6n*9A5WQ-ggg087f=^gUxClj~cqZ@3K+z9e;> zS7&Zo8a}IYAS)Zx_d_%)R~46LEt=2TtJiEEu2OJN=sbIMn}gu`9r0~Z;IfW# z!;+Qc>}Mp(n^0$_x6ki;B?sJAnw(t-W*S1*o2PN=;$K;=F8>yO<(ztn&D~j71?eFv zuRI=%n?tE!#ES?AS#JOq7~z*UVYhAm1olCaWf`T~rEK{xA!62v->5w5o|3S1do#}v zi4iNI2u-wQl#fUDg^|lWnpaQq$ZJ_(_;&y zG23Gtz`7}eES|p*$nP!{Wpy$icX6hSi-jYV(gzzv40q3WNNEmTR~Uzzir9aB+4NjzmdSynOaB+q_)cTD$I=Mkz1hRkpajV>W*erzuSRPmcVOo!Id$6%r1-SaabLi^m z+FQvr3?)eiGO!_{-kDr~{bIG@>(^_Xtx)-ebT)Gw44D48Xtzs-bHVRPmy!Z4w;yw5 z99BJt8yYQel`{qjtvRL`Q9$_W&WwjUU#KzJ2&C(@4FW1+z={N;^Y5l#-hAixkCRfk zM|(8?hPhfgHUe^v=>UWynIG;fyoCSE`H^*9sXc+81gD|HBH%Oi=5eM>$@6attv9ssl%;WiDK6!dXRv=wQu#kX%IfK62tyR7R?(_0 zwQBEB1Kc!Odgj(yp{$>6hOH`NMu$CzPMr7s!OC^xvfNrGtT22{3BJWiTMAh`|?02zqbE-##qLZ zF=VS48e3TlDY7p!7$lV?J4H-Xl58`UL@HwlQCYH8DqBO8t+@fkTH#$o*-{wEqFEd`=k1WIMT~^Sg+*MaXzNjq!B#ivGdu@PQvBTFJ$Awj=ULf zKaQ3-Lmq@9zhnw0+#^2)zFJg9hy!5~gK8KET!c`> zi@nN&DDv2_*V*_WUU?{0vdFG~PhLu5uwtW3>isCa^58o$$2nriXoxH1G;g0~_!D@T zjUtaB=c$nFe$Ul0WG|Z)I&U-{NMY{?i*f0G`o3Sa8)Y%PgMi@`k-ji2tR{`IblsB( z?@agIb9R7_Vra5G>Fxt=dewD>?P3jkRE7q2^GzJqZFWGpNx{jA703q<4yV9nM5ClP z61o$3vW4;@B*H`0t~Pw&8_?r8v+@vMv#CsQlZV}l7&E0JF4gAdK=Tz@jcoxvcH^It z;s=6tTus_tFTLj|sAE}`?gOtz#a(()lU1~W2ULuuW9Yl?!!P6$(DCbGvCie0oF4_P z^tPYfH@vR+`oOsX8$qs$$+FvNI_m-yAMOdf$ni$%lTRK7tr8d=1DAYC`VyKBc3Jf` zs^&;C0&82$MAhIj6R85*X!+Hpp|pgOtbP@K)Es#cO4Jd#wj=f~JV=6vBJ_Ck0daD> zOQLY;B$sS%uERE-coSSgswR7naXP2V^>Ab=H+&8x4C9}fwNi0)QXiN0^Nm4PrMg0qf>%B$Ept)<)S9eu2=GYG+?s0$LzL}=ViwNUMihliC< z!Zx>wE7%@A$1$|Y#+@*LM5!AEt&A$sl=Un8qeOMt49w=M4X?6aa z0~QKA=VT7r!4zS}4dVrF2V;x|&KZ6xVQ`NtH`aBG{-2*+V6g5 z7nxEevzCPJ4W`8-e!O zG`D()=UNBr6eQ@&3wZPiyxIL31^sX0X{TD(!RL4(z%3gTpX;#k>;nbnDoNJmEo~)a$Fs(r=VaE;Sp;Urr8) z!#>)RCYhZakci=LhSm{uA-E+ z_JFs_;l`^Qxhfx!(-(R=z3iOv6mNl`w{yI) zHQ=G~__|=>)jGE%2kvH`N2OzOj&C-UEfyx<_SqQ1p%aA@*m30J@qJurRlA|QZ)>b{ zYOPnRSYZ-o;=_8lR|g5Jn2Stu>j(Fy@a!BocE0b*cL|dr4teB35&g+aDoTN}7LMOn zkHJznV($inE!kIxNgo(xLXK9HV4uoJ^>}rj?J3oYKoR3>wz;(#3eZ6i< zFKQpmVRe36zT$ZEB1kA{_I*8>Gp%qxX#Mxdu|{cQj)^g)$rNMX)yMkxI*59 zzQ9|um8-Xk>=kg}&2_qz>r~8BUCO^AK7WOr z-pQja=<;z%Dv@Vn!Q8hp_cxAfjKq%N$`zcPaCP8t8i`d}X1*wcD}yvQw@VArz;O&SqKj#+{|sAN>| z#>=_-j8aFty*|YJesoPU_b9aOSg^9GhOr3jY5AcOkM+!y_-*9*&40X1{DG(SL%BXb z#Utojg2QLeiSFZQZP6=;;FxS7*DNsO(>RIg1;ymIrFJzHC?llAPQsAi@rq7$i=CL^ zz(FKBLM^^t&wtIOh@*5(CU%7~Q{{Pv_@6e-+Z)IuhjIRHpZMpQPu-zHOJ0h0m)wd4_uB2ImmIjhyOhL?9k%Z9Wl6mE3cyw=(Cs zba~Za{J2%6kou9>8wOc2O!eTq-P*0D@WMo5RbEP;itlcx9d{$wpFMf(8AZ6=kk{g< zy_ZjNAXnnV5n%(A@fR^0hdh-D2)6RXd5?YY_{#McQ3VfBt=&hDy)cwTc7Dl}^{~v^ zxFJKdf2U2HaZ}sryF#0lj8QVD-v`O)UsFANdkns&g!}k{g~GXYy>5p@s`A$I%I-?m zlx}trdLSk6@RPWQSi)gP-MjGKRNhSFKA3pVb~XMl`bMwy8DLSXf()146c4E?j9Vx! zX0S8$gsi%d*UV!*H!gQ^iB+fg{gnG6P%Bpirfi=)FIjddiT`fCwp~2mU1*SeGGljq z?N#~rZ}gAfo|@lwS2L?PW?M!27RCj*UvsY3=}w% zYV@#tb^Z#zD?;`+v!8AmM&*g96fHDyA)YpEtDdc>s94qX*3A8RYSjFFHATfT~Ca1F1($Qs}*X#Ba!pU^WsXm^Tn638se)`6OqN~&TxK5 zqf;T(E?P%#1Q~RWLUpk@xrv-Q=b}%XGW0$T9x5Q~$0dMwy`Mx^m^Y(*(K*K-_K7&ajFw}Kt)SUNMuF)x_WEnH3a%XtLn z`)(l|saIFO_iOE7eKR?RzUTQIZ|+n4SW%YTy~Eu5tdT@%3f)bxv>N{I<6#|9wV3hO zst8#juY$qd3S#7wGSt=AYT;bk`jz+edHa(mjYT`c8|Cy){ zrnGN5b}_!-l;P#ftoD`GP0-WY!zV(z^-f;guUy9MbU|EhU_4A`s_8+~Z6OiIGIIs; zz2@D!9vP{argM0RBln)WQIQC}c2dY!AHoc)QBWW64c6X%QZtyIavb7()WZF>WS54g zK-(To)`kb<6Jdj$;-VivhCAjS1)^p`76^zVH!zQz_wYMxQ zbTv<5(ruoqj$OUkGawIPnpsF_yjej0ny)na6jp=lR`J!RFkxJ3+1o8Hso5*6 zsPC`lc0d}amDoF3r)AobVKNCA#KES%oyTrKoVurtUY)JG*23Gf?TF<>Wxe7?Wb&s+ zPSBB)h;0yrDG#(5H-6(EyTdBYXjP(-5xm#j#`DDIAl%?l$6EVCQCIx7TFbz&ymBV= zux}|x_XvH zc)ZdQyuo`B@_Tx}&okQ3bo7qPZdmf$NQCJ{uouM``0hzObyN1ug->n;uVxjH{Jw=J&GLrO@I8+*#SX?%g5Q?vOKI!IxYi~4UA?wv z=dtv8XuFwlPZ>1!)Hri6wkGF3Rj2i|51!lE7&4LG>!jkEnL9-8Unr^Lmc z?7jiNUT6PQO9*a6wUC=f`&{uZ3MY3c)&xCsSg~ivD_h4p&N43NO&Oo7R$gMHNjRAu zZW$SQoa~crY?xNEkz>%#;;B%WOGjOT%kTGj5x;4+eqNqMag+LX+oJR~@9ZofruPL|^E2`66JpDeL`c2iN)fn8ddwIVwa zHI@aO-%ngCR_38PLWhg-t;7?RJNFs!?Iv&_~!%#UJ+L1{>mFUyqW7w(e9a8fS3 z*SIS4E#s`fyww%q>zvsqZ{B_MtZ5rg+?2zptfIy#TlxNL;tESxao*{RPBVY` zJ5+volc_T#)LI>~woIhjZ2OwK!X;g<64x~a?QKfJBGz1b<9EAFIhrEEFDvlO*MFgL z0O!RS>n*SK3KyjE387rLVvTe5`y;&}MXUL#R$(d;Hb+e-Srq9w6W9&ueBm3I`(VXx zxS?xtXhQq8VeV}~_w6_^t)$e`=+^g_pWBY?UxYqnr!;c+gq!x7ZJXr=K7=!~sDNY7uI~ zQt|&=NAB$Z7BY}I4Qwh*#moCD{V@-te;`nhKd(ve063>h;h$RPH*hL=aq^O_ZRe?Y z&Ivl$xE%1~!J_aOG9H0~VadPPFVX$mGY;{0@-0GCyqpge-))4Yz%XFBEByZ!_wN~F zV%g~i6L>7eNk$llg+o|0g#D5DQ?tL%_}~1BOQ*6m$9(ybi_AVNu<+P~t8$km5U~(~ z42~s0!~X{1U$K*?;xMtm0zYWbKhEsxPEj*W-i)E(AaMMh@%~dz_IPY8y9WL^c-Uul zb+-XSD=Y8?q9P$Q4g&{7$e%<@r2pBO_ct=ik9xCI-~IVKe1PC^2$Tf|#e+qIru-Y} zf20uX?*wAkce!AJzx(O`3je>Y?|+Q^U&Q#;nDFfC{{I^NAAs!Y{=bH=uploJkLQu6 z9}e)P_334_5ouO(i_oL%(;b?Xwu?|s6Z9v4h=ra<3TdATCys8aalJ}=6*NUBf_=os zYCycT0c?{)TZCADf)7Et4gUJ|c;8n7)l^~$>*%{|;?_n6kp=Ksbka1F*!D-ZOPeOp zYKYnl|7-PQ#ko;h-Gq{C&}*_kB)|r!K&tp72GnSxc0Z9uAEotJ1@_~MbBOXe0oPd! z60i&idV(jvX@7=qOP`|SwJ#jSx)6NmF4{DFF~drZMPI0iAhGCCQ}6z)W-$w?#A3RC zG1Xt59&otFDkOt2xd<^Arand0&{g_p{tVq9gc_uoW1HTMFU}=Yce|FQ`ELTf&~?@; zm0nx*sPy<30xuuiZ^l`@=Rt`ghELZHcs=M|*N?HR*?G*@b^p5kN1;0u#|oA7IxR8MUQr z@ZYz#Td)1K=}wy82sJ$+f5ZmdB^IK(-4~&UwtcgiYYK#K=(E}26{uG4atN9eBdX4p zf5yOI5xS5NyKD8;w#=%pHzET*GeAeaDb1x2bTIX=RbUB}q$7uc>tP21Q9!i}E&KRIBjNDLZa0Jjue0MFD2 z`yV)`21<<#tvUj&J3yfx059Eq0VihE^a3fj?FK8r{%_>^XG#CN6ouhz#zGZwG6#>H zW{cjy1U?XxG{uOTV(z8k3+euqe}s=^%{c{4EfiAmB{giH2Nd-p1dPN0wT#uc2!V#{ zTJvWdaxc(}=vKhpA!-BB$5@QfDF%_oSODlhyp-rndiBVEr~iMHp2q5sOY<+RB>MC+ z7NIHT=oFn@1f#%W#2RMQ>si%j{}Ik|RrqIhqwz)c1i9D#S~W|xcLrE$5o%-xO*4X6 z3}7ziR6Q`^A26|f655Tg?zi1K#RyvB(a4NyV2(C`f?gm_k2HS!!#l|Ao(zBGY&-~X zvl{|~ZJUK@=GZio?Ja(9WDZxl{gDEA1I=#ywQfAy7)vfXgYBV@HPYEB3yq)NU6}3u z6AR%LhU(jBnMZ4A%u_&tC>CRZ{a+)K*Z?XkXwaFnmA~+LU}=V2{Y0QqM*ojQ2)Jo@ zEV!h5XtMP*)P~7r(1{scKGZ&?<#JnudaP)3O4HNyF&1#n8-R7_3xpr0ifW_>PK_!2 zfCAYmZ-@il+MW2y?J8WU{_O19d<1PQx=&?8o7@ll;3;$EbcmDMX2fMiT*lAsCsa42 zVy8hJZD0g7;2s|+bng1c`!G7tc$&{7*w^cT9;6>`dGw#|0(j1WbQ!0-aADI8e6#DPlk zm+u)GZJ6uq1e@V@bGJ1rQgA-0vF>A2pfT6Dm*gyqLhTOZu)|SN7;a)Y-Z~vbO72(M z%2NqEIOj%z3@ZSS_UDN3KJz8xMPN-Ig0>8AJ5rc4qQ-iGI`AC(G(OMpB^3riM<0!W zme#<(EXqlhD8w|I&q@l#y9s5Vq8UPdb|Y6wT5!q(KEDsMxATamwftknq>eR^Qk z%f$EHKdeK=&lY7w7_jC~kb~|`oy<)z0sEj(xL%+^-2uHG9sGN}EQUim#)z{p3lHZZ z*5hPBB7*sKuAERw$4vXdbL2qnK~#3Z5WkEjv++0M)O1|f7Xz*vNus3xF?UWDK} znLO=H?~ukH_ZZ`1G!179$PQuU67k3aL1y zN_(Pg3`vMbnf~T7@T(CdWSkwt(Mv8pCUu^p!Z% zv;fum4T+84CJz*#7%(6EOFVrkP|dm9nFz`Q#?@EhfaipnS0|NbTPZEq3Rcc+(7cX* zP$SzQp!)$`QPtQ{6GSxqJLtb7pU*BV0(2WNw3>gJtY2Lq?YWHJUjF-bIFE-{^rvjRx1-Y-3>}Tr&EP zpTAqPw%wEyJ}665Dt;|VE>C1ALx^YVvDSiCfNzf=XI&ix7oM`b zgt}#X+YwUDj4H4N+d~1y2aWbLHr56q@HkS9#ctW)uIaF>>n&T(d$?SVKng4lE`b1v zK~W5?!3)jKW~VjO`;b^F!Cxd6chC`dyqF$kYBylTKA2Hc{S#ceqmA?hV343`KC01> z*JIryk8PtG8Bx=YOX$?_A%XK8t*Vfw5o|YJ1|;TGGqkFBn@c@JViNjgKoh%O-RYC? zA=wxQWe3W)FQXfbO}%_u5k~@&jIq$-967C5kySEOF4zu(;hl)h8ar z3*{3(pI=w3c?iSHnU|xqWF0K%nqQ9Hty*XV-UEY(Qy9}(J339@hmSX>(LsTLqFKgY z-MhF;*vB0`dy1f^^i7_@+`vnp|ZA2nf zF-LDKt9jjzbAP*Lt8PtQ6qSqw@Va}2JgvfvFi2UB6e_zk>yX$czRvZA5Uj9E8FUyw zGDa^#2YH%~Pq90Oy9&PWEdPC3vc)~7gJ3`C9~?!C_e8d(X@`oR)j zK6AbdP2~prCHe78n1a@vJe}?R97uRA8Oj`isj=`2H>lZvs}hE@FY>+yE90vobmf~ z((SnzUx^66yB|E%{oP$Ar-fn!XP-P<)py}l7)G>juC?umZptn4zG ztICB-N#X7rvoPBf`C~xM*Pat`?hx^Nmxnwe5eUjrE~8IT7H`exv4=v;bnyo%>|-Go zGQe$@*3=NJ?`FTt?R@Z^OmkENw+%?F4)zkyxrNle9%H z8}C!?f*ogzj>RPUU`#wDWwCQjRL1Z!dhYy$=W+T1?L`VCw!oU(cnsa)$=KVszmJx` zhiXMkS|XF<if_TDw)b+zftpn;!ityAiXGXsmE(mUQDHDnhS8Cznsd$Z`$qmJkm%x?~Lbb73peVKz zX=e>(l4AM%Pe!N!f*heR=N|g*@DlvE`0?(^VFI8Q@LMAOj^y|Wx5uA zbSjp@FM{^4m-hp*DHKiLn|e5Z(Gbg(80&<@QsG3+4s040)#X#9n zNzL2=W^(PE#>8ka(0k8!VN>)W`i<8!%VgUjN-_rBg@jBYvhqnZ9-HZY`GOrxR!N2; zfRT!ij5cC>AYs;P~38^EMAjy^?0*pZVfoMaMs z1-Ps{sqDM&kBqt1P=xea!u@z6d4mo@cYy`&AB)f|%29o{UBmRZfWk}5gm5PxAxJyc z6FRGs!R||N)`c5|&@cqfPVA(j9RN$imGSu|Jn<`VA)Xid)!lz9rDBiA%)BR>t9f&R z&L22|EW=a}yeuq+J35URa&{S>vPu~xr%uM9w}aasTR6Ew*a3?3qfL*38kI%Zvf?V8 zOiur09o#UHmrQ@Hye0hEWd>@)>Y2R-l^FxoU2%gPRbosy|gR?+zFP19h8knZg6%tB4ys z6sKfmB3|)UrSt2|N6ylI#&;+%hyo!1!q4m&I1B*>gg?Ksq5h%SFALeyk((H=`Rk)L z-{g>8I9kNJrK(m|dFp;2G|SzGy%6$y_J6wmU2-=5KOM}~ri+j_bhGQy6B0vz-x=rd zcmoTc6T9S&=EpGOU;T9I|0d@@WBqfA!33PXb4p9=shaZC>+jCNWRdH|m^BcbCe^;H zrR!4n5-bjj!XbW_jEscff8`hp0@Hs@0XMNR7@cL4=L((GUyF|~mDYJV)Mn)Ns*le- z`&K}|*Op~^4BQa<9h`#1kd1y96+}uh@~`t12vT;*&2^M)vX67GyuTW2sh0^b3P4-_&|gPA~jdd4IRm-(K5x8)k@o zSo?M0<4u0SSJn66LY-cp=RdC0Q!YNnoFV<|%KmTlnlqaF$cV3gmDh~_%26Vn|J%TpJquxBS|66_k z(?o^u)}75?A0L(XmVfCjzWGbhK9dVz_K?fd@?`krp^4pd|0&Sl+i0Fn+Po=F{sb6l z7w3WvMQ2Xz%Ir$s;fGmKy765{!%FbduRk$P?knfdQ*ZIY)e^|;)3W9 zL(%T%jZsaP{s=s6hGbncsC|f-RQtek)$FHCD2*G$S!Cnm11GAq7ltJM2%Q>Tsj`>i+;ZA|<6-uCvp-;9%Xpm8A3y6HpwC@-Fl=a_<<^BY z`s?!F7WIp-TRrwQ{*S=%Oru;zfKS1Rq%#d~6{dNPZwjf}t2$jfDCQO?7IdNf&%g~n z?O}T4bMl|ulVQ9gDe{6rbi`&ZVpdPNq9-G|ITZaTX2C0r67LVSUh-FFe7d>!>h4;; zPhZmetuDoGzI6j`c9q)l6Fe?NwM~WQf-Rt{lx|}uBA!xl``%SI6M4zVAJ#L{wuG=T zkZ7A6we4rFg{w8^S&pIa5KU9m$>{H=>^7tEB|*a<-?kaF`DDEQNtSdf5qS0VsG0@s zUG$IoB7l`U3*?k(*34)1R$1CX=V#Ubl0J z^DFJXH+@V{kH%F}`;O9Yd7wH;V5D;NT^K ziWx4PR2Sdsv-rX#@H7@GU4elub%kp*4cffVEH&&l+*}Y!A88;EU1?T_mSs3gB*d=H zIXX2mny78d4sxn+wX2Y=&UIkxaeA_n0Nn7_EhDJIhiXX3!1<;xfm2Cu`t%r=LNiFy zP|R%mYCMJtDQT3^LClOEnJL(}uq*_{SF|_5t&)Sjen8C9k6iQk< zSOE_oq~y)JWwFN5LEt z=rz$xLYUI}tgGl_&b6hUUF$m5fx2*g%b^_Q5m*t%TC|nF5DZlz7yfcXsKC$|%+W|J zi>~mI-`iC#X@8q^Jf)!7>@uiS+zvXagTnwA24w6i93s zKdDG|dnFZ$#2O2LGUP0zbCOpXq6`b^DjD06OLoDs2wbZ?GVTx~`5dTpA8MjcLGwQ8 zF^_afm~Ie_@zZZdOYHmFwsY$FBS!)0?axNQEKb^}$F^^1QLptpD1Hiv%WH18COctV zl`x%w@>WXA;JF~|nWa)qSDLk1PirHl^BLxG$lOUTIExbZY-?a_1X8jO`DSAG<{GXq z&jv?&Uc{ckQmr!|71jGmUa?5Fz>cuz84%rO@hxZ+S0GY_9OGN~BNsMpsM762pqpRh5vF{{vJ@RY4BjCwHF@=v-urVAz|78zkbhpR5m!xk z*avr_Js6U}{i*${6A!Zr3`J3a)l2ZyXuAX-Ok5yovSnbeA|=N4EZn2s;utBVtyW!u zp;^6*o{W2P&^z$k@Wk3{qu0DNLC8Pq0s;cQJM!+c3Rx0pOp>PR;s{zUh~y&?Cjx)X zNwrh)1$h6&$kk)L1=NnH>y~^N1aq_b@q$1+bDn-~Nr+UBEum?rThWSkr5=n55LA(8 zvc~g}ShOJ)t|D^XpB*uPWpRme4jx#8K|`WInI9P!dZ5bf9<)xACqX!`9A(~`nQ}^` z#mBOiG!Q}0wpi9s8J5*2{VGf(tg{KnHwY3}6<2X=NZA7+;2y&6Ab4V^p$SJC2-aXX zJjL)Rwl9MlbQq$V{S)lhw&nXCpsUbeSf3U_+td4>+VO0Xt|x9-A|vFPcfB7RI&_?L zsqR!P97KLLbw#dFiRDAY;^c5LKu$i5R+&3IANEXsTSbxSSq4{l>xX!O++ev*viRkM zx(dxm>tG8f?*b zK(tEan($Rd5U&`?!TC&mwgm3oyz?!grtfsp5}7QSXP3OVOfFYswBEr$sH z1=d;l(3-cZcjK|b4z_TIc;ijjjWB8I_QIvYO8fdQxvWsam~bLs4}J8E8!WvCV_~M@ zWZ{cenqrh4Tb2PlajyU61LxDbDTH(r7)WIK1vN?f$)GuD+kIovcr3N&7)+qUJB9x1@BlIYR6#-WdVa{ zv1)4?^>{rUaEdUaPpUf_`Zf?kmSmuKz!lG)j^CXpYBEfa+yaV{q+T6TA!zT3Fjg*L z&(v`Btg}MM+hSxg#(C(W_DhoE=Q#XMBN6JpZMU`u(nj7rqu1lWWNE4uEY4U5R$fi@t?nR-Q1Kkvy)rvocQXWY zjG^HVt>Ll8lseF%bSITqcIVz>EgFwgbzj(g4vSY>2G4E!01qUe3@D7}qvUj78RCVHQc#QJbDE zlL;A+tr$I$S~-rM!0~PSS-=PxT{6^u5P9z=U@5l!oM(l6GjQw`13z+- zD0(YG`kF7sC#Ul%Q|bH9_xN1p5dGjY>ky^Jcz0nL{WM14j76Wml-}yt5#Z%KrQ(G( zWufz^ylni2X2U#yPL;%y(~KS#X7DLj;{VaLzjx$$9J3`)oHO}_pJu;tdNdEmu#%Nd zdvfZj9L=g2!aZ;ra6L0uOX*)wpNno3E&ISO~yvr{!fEp9{t&mEmZ061)X>m0;{5-tW135?2 zfuEDE6W?N(k^LdhXuH43Bl`9l{I8XoI3Zd!f)3VKfl19i_L65yfx<4X*^|`g#~@4P zYJkq&U)rUZ$EUmjPo!EY{m_{0tlc=pktu41>mXKh`4?sZN2xs|YX>9w@!r(wk)n}h zvcy15T67M3lDCrir41x1QCczF?h`nX_#A(BhnV`pVwFF6n@>iYTt>&w*iYKH@V>o# zTkHlZ{1Pr4ugvnui-idYtF305fEUCvw9hYtQ}~irNJkLCB>n=+C6bLUClUki@~-SD z+|XhMS}K-mp~#0VZ&RssQYaKg@cKbXLe%Q2buad>BC$ZLS*AqF(SV2PB3B7~fu%%KKVmOc>HeR9{t`%GuudnXy$r5Ole4be%|mO$ zs>ApjPF9MBDT#CIgIT{NbR6QhsP9r{4Ek5m{h&dEehd#Hg_z&fWhu($2tMB8Gg(2P zp`g`hxx82;rQEmelgzhsA?hzK}ay>gMLrUt=(z_ zrpoJ00{jDWT#O(oYbX|p>Oj%n$pqD0oQ~a5h3vd4NJce+9lZ4y<}b zuvhW^mYy~Zoe+y`ozl=HpxXoxA3Z7JhO*7bydZ=RDVn+PbFDrZLO?j^A80rrD|mYE zANcI$!aN8xSar>Ib$%YCr=Q_25~j1Oa62Ue%D<4g^l?xuKb+@fRjto{L0j2G`-OaU6;J3G9B4UPmz$$rE~EdodVoY=m%lLnt$2S+H{hRHAzo$umRQ)q zxw1$A!AGoY!XRjamJMQ08>fGC~8GIl=Cbgp3qig)lS2Cp>JloF$19S%9 zx&Ch~Sxn{x$+tu5$qO`#F@Qfr-jrMTZ05!^ z`Jjn)x*MKMG~Sr|a`|#G=eUcTdoDfYw#a(}uQ$;o>D@AyX0JassIcDMF%x+F4dcv$ zLAzeg#O>TO;JsciN;ck`j$q|J6t>+Q)OVCLoqFAAPvagrwKLHd9o%tAx%E@6#ji)B zN3MTPI9C>RL3-rD=;u8_AIBGF7H$yb9D4=D`o`uaJf3Xo3v&kxNt*RGSIwscy^))l zJNXnnnfS(El5~x$s$w=N33nMh&b4cDi=J}Hms_NgiA2IzlEvI2w8{G3SS0CF$_9bp->3mdfO8d;pRjny^CK_HdxFrRi)QvaVe*bKLVeP%?pttv> zqVKz2Kt5nKHjW@Z+$>y#G9P@KLT9<}&M!l+IXtI;ou&~EpdCt!>F4`g>Yqo|{t-`|Nnr~H0t8O_jp ztafL5vXkx4{?nge&672p4Hvy*{F4^&B7WO>tD8pW-r{vh;=_X&OP>Mf$QlQ|2^RP6?`q3 z_VUC|e4Ppy2E!cli^mLu-pYCB5*<39zwli%t+ILVXA>|D=HEErY9CpgG6>c^DO|c< z-eT~@`O28Zg3QRgGT7m{SwkRt&@GB?d3`EAKUB71R;S^~P?Gkbu!zBDt&_fnL4E7= zwN4J4tr8(hqCQVrjaXX{51ASn)&Iu`ss)miy%P z_6RWfq~V?UX?V`dkhSXDl=w~s@s5SN0$dDfgOS-%Vo*DNULTQMrm_g#dMmr0SkZPr za;18E`R$6CyDG%a1kB~D4%<;}?H|e(z-db28ad08b zYOF&t4Ig1mYHV}zW;O1e(b0c6pZ3+gZ6;+XZR-+&8X^FzA6{7mX zVtw-!dbSIi=4oLMrewM&vMRxJLFdr(x_O^@i;26DY73f&?&dOB8<&J~%%AIcg*?wZ zJpYCj`}O#T#uw)h7u?n_kml}cOA)lDg;yEqML#*o6ujsk*21Eb@@gC#H!TcAIPV-@ zpz_{yWUcl)41(Xcf*a+n6&^5VE^Li=yeGBl5Q{0G#w__Nyn3_PJHzJ*>uxc{&1sT= zumA~my?N`OUv`M~^}&<0bE02PpU~90p{5rd7Vsq)v0#v`IUKzRy_#5rq?<}!Q1^aE zqj7H-$~PaqS%hroyu)q#<{2M`zYi@!n^2^g9PVDJ*%u6P3F4}eBz?(yE9lbtBVMYxj4?rSKo$ree5i-o==uN-L`@FwOM5V zzW`V^x^qsxl@cBzh55)_uOQWJI=B$|U)tf{x6U`}@iIKdQM^dTwZYYXi5h}VAA+-O zEpvhn7_`TPehblg!Q_1LsOBP)QBp}tLCBYb3EkJ%P0lOanBt2pJQtXIXecP|^`qcK z;oDROkL@_vg<;F~Kn3R`0XJOs+`B^G5>y+B#F?sYNetK2I6x*f--y4$DU&iV4(?-*6QPcs75 zcJUSd)zy{8LzIDOf*Zw4H05T;K!Ie~*8NrZ?zpbB9k~|BqAwTD1%$q$oUa=dJ=^sv z(_CeLm30mGlX{pn19K6J7rTWuCOP zxy?7i%T;7}ZQ6zL-4nJ(t_7+ofzS50;_@}aHE%}0tv~+U6`>lgtnuxp-_$`pS;1Q8 z4KT->itCWNJMS8pAZYrJk`KO^Tfd8btt;e`RZ*W)NO*}LOSaoTbmBmtifwY`$9pB` z_3z9ocGiAzyq~YQ>8N69fK6XGO67WG_A42lV4Iv5%)|Yv=`xx*l&O1Z!!HkC9KBX; z+!2J^O`teyh-728ZXW%TUT2_*ZKX3!wPH${E+6uaf4FjR^ts<@?P}NRx~*4vBCc(0 zP9S+?M<@h*d44*%_tQJqyOL<30Y04k(CHVJMsuYqs);ZVdvQ|;xxs5;$CRY1F&7n_73;k-UU33xhmO2=ubW0ixt@dD*l-u>`G*wsrdSlp zCp{Fb%yCPs>)P~LUvBev3reSdk>bs+Imfl9g!`FwZnq*zeCo{_kYUO@uHMf**fLso zJEhNGGkNbChtke2$Bei(ZKDw$tui6ax-coT&sw^c+t2U0($+N3VTtU#;F#3;^=U)A z@S)GWwbCKSUtH_*=c4WQt9-(bdw;VV$e@}g=H+HuBF`l=VtMG9qvH8pg|F`(x}s#m zclCaw?2&7<7M^fd@v|#AbOyEsZ<4X$)(#K85G%Iti^4%*AJt>tJB$kSclK}i?Ci6T z&#a-Q$PP`ReV53#^@?^l) zB+m0n7B>#hn&0d8lDc9`V{A?CyPp`5ap^&f=N9FPi<5cIw=-*_PIURv8rnh=b3VMd z_ibUt79~_RLFvdfYM*A=TSx1Oe z?H0yAYsmN6+f-prF>z6d7IwMv@y;n}Gye0jAN4Co#moYzu~XrXuu4`><3DfSd^n2l zX;g=cUE9q!>ojD{r$4|f`ntd8BVSx~_o_F$7W!&u(mVO-wF-W7tT&r1P3fPL&n(g=h~Dq$4IehuZw^hy-(D@|9c6Y|Iv_5< zl#px_zR6i_>kZYa9T!JxRXi^1HIKdqk6?a(_VI>S*Cb=ts(dTnjw$x~u$r8{Mky~TXBZQf5(=8~(OZ$CLGRT}lZr-Qaz|K1S?ZwFh> zxU5NW7ipW6Bl?%?&2EgGlG!3m9L;!lbW*2RZI%4&>0U95{)%7^txuEUu0x|@u7|}U z+8!8>JUCc$&82JWp6Mdh@1rkNoVywZ=R`F2F%=0f!zHB&p;vZ2yO2;@FB1~?>F8(C zGE;@C#(kPm_}jNtQ)oFEDFGwbK4y0HejN83M_xFbqxywEu=H4m+(juZ*BzD9o4RF2 z!k^YXz8`pgRps~RAqyHGJHob>Npn5%ustx5E3`X z|A30`7T(L*jY_fEtncN{F*Ty5eGHi!w_<0k#W4QjEat7$UHubt?t(jRuRSHRwXN_+ z78#yaQ&Y2w>V)fSzY6vzh)UO9+1PqzrGRzXORt1^jeM+*%DS^F9M8{gP0&tW_u+fg z%E^!G4jzqvyRvY`;_f!9W?SxNY5$Ix2Z|{~|B_YEK7GZ4*ZywrBGcuS-=qy%^TAOk zQyCP6OME7HnQdPkH-Qo)PreOkzyNFjuP5|5E)_L>zNg4e2~TZ=?K6cIti z_l7Xc2CUk&WhTYCKZL*9NpV)yb{mfI4;hx56~1_gvs)Zuffn!%1c781{CQC0i+X(8oEFz0YZm> zG${d8kluT53IvoQAVFG?BE72nWWVQk&Uemted|h|zb2XX%*>j5-D@pRzOtf1`EyZ& zARwa=)zWy<12**#XjE|!8)thWPp@nC6!$ila2rdrGZk;OL1oGnu&BSUk{K(2y?vWa z14w9$J{mt2^Q$1X1ggXa%}&h)v3>=+CwF8cLMUERBKg@s_I6nj36MC^|2`yoNn`PRB68hi3tKt;Hd#@RLm^a#Z`O&akrkk~@Mh`o(T6lO2l(QX=ZVrg{N-GU7adiKVFy=R+zgF?~ z=|?dl6u(%fSu9>y|E1{3NVKtiDMY6-@+nD-eO8m)nWaJ8u_SFXs|gRgD&1PXW|827 znqcQIu|U3$kjI+oXmR+3Bd1fLdi%>}^p^H%|Ct z9PEJwRgVy+I662^8uNqavkKtYPA_ch@`N?k>sG61aiy&AiWWZnps<-vZj|NO4MA%e zQS91P{2Xc^RbFsUx0jz!$YpYh(Yn?kr7>W5+WBGH+6ShZ36ap=PT*Jys(b;>)@^TH zbYI|{lb|p1!WVt71^zbfo=R+B2isJ0km(d&vk2w-r1@NGA+>-(D7cP+?~yuPz9uFZ z@F@}jU0YFCETrpGrK(B20G)C40uJ?tiA+@7pnF=Gw4YglnX<nIQmWc`c=}vO>CUOba$=HKD3U1Bj12W z3qot}E4=wQGQ8PW_7}ZYIXAll^Jl{rbC%qz<2jiL!EGlhJ45{PjR=g*drJ*#UX9HoXUL+k9v2mKP>6U7j8Vh+P zar5|l&$-qmU3W;jz8?Uy*70CUIcRVle82Sw>TfbF*(gNWRmrXo_ zm_r9WoI(f00#RD0BGt+_JL%HE^K>h85UO6y?rBazk$eOCwCJ?0bk#T_Dgbnw&QW(Q zW;lkchc)gt*S-MCo{UdLfJp|fP>qi+Ss>trw1&=>6#r?uz%UfB-~T4H?6tDnw*vd% z>}GD3`eJ%MUQWretqLK8+V!F9qY3W6=wOCieCHxFbdd?nYwpAK!BG{=+I#|nuQghx zxf2VCmO280bj8yQ7J-tSB@vxEkGs$Livrk}!_~>v@@3QKxP7p#hKCGWCiU?AXrq7y z3w!+qYb=5IT0yqlZO=;V%P-!Ld*BX^QD)}I%J?Va^zu!epsjWx;m8Oj_V8jwbK#mE zO&~(=kx64g8!Lw~-P zeVTV2_`ITGEmA;QdZhpr1x(C_d6YaXcHXc{QK6JC@3@JyPGt*I5nt?hc(4UB^M!Gf zk6$n4s}1w*w3=+cikglnD!w+Gg4EHjU>!wzis~1o6Xx}7Yxj7PG@zFf^W!s;tZBbW zMfGgzoc>$6lzk8v8HF5Aj@SY7I_7$bVlbqiG3f`*3KZ1cYXEx1^#_^Um zZ0Lcia96oJs!zaEhyC)`D5Vl7Ucxqme)I?WYZKHhrXe=3pR7U-vMbU2QOVqF<(>%rn-sk{#YH*qs3=nfeVApKBc!KykuHuI;K-K z)87Wv_BWl;@2ERl^p+4aPStemnBLRsc7->s=^gS}@kEZ$x{ZQ^wAih6lb$q!h|ERG zFjs{yk zYvUGe$lKjMw?xvh^i{*LuYR$2eRVgA9wRKOmWA&hDLqyIzwK^y<-HE?K5ciU;`^I+ z-zHG4&SKa!C%h_MuJHu#ix1b)(L>3}CO9Tf@b^vS3j|>1l8=uF>?K8#cQebPe|G7j zY~E+K-S3}U5YdtNF{pf!*{{N0$byN4=J}|EZRneN#6fHN; zB$M7IaS<)d^Ek`K$J%b_Ko_1ypzv!~5tf42AJ!yYBdfvQX!K}Ss0?_{2qk;^Dh^i| zYZlqA&ZyseO>^pNpP;9ZDLZpt&fPgSaMQhjMspO7^2FC{S}B3XZgaL4(h^FQU77AH zm%Z%;<|5xL=o)stEFs$opV0hba_}qmDU#sPnp_h4EM!vLi5lWr1%3SNU$U|`N_;6Y z#xJaX$%5S19nO!xZ+d-^{+c6;o1!F$RWo9nDhH4b=X3nR58M|-1kv-BFHMJEVU?ic zRFxT^FYBjvJ5_(!uGGl*D>V}3`$KA%e0>Z&h_(A1yjrRGX&2D%yMbjElXDgb^*2=S z$z)h_zqYE|8u$q8jtMW}XYPq(|M|7Xywg`6B3HtC|B1e=exWJJkLwuZk(^-k@Twho zDsz*b*QG5^i{+hl7UgC5J*fNiDmT|xgt@_2XIMb6EG0KxS)}u;p$Y#UkU93q|6zW= zsg2M!IZ3zd8d6Vq?Je7aR+=Itk;$xBC^<-qa7`#hz4~U>^BWmyoWCE*ER`S zCy~}|5&={A8q1CySm6pQqoS0(GTxw4s8g#}L((}p@;F)RKjsP10wcP1R2j&@xmkWP zY;RTf=kx%($>c^=D!TfN_M81*L&L{}ALBm~0~7R;ZVGU9w?yhCT)95Y>*GvxU)AI> z2E1-W^jA3ZP`|1vI#n8vTlE}FE8`e?upB@=BFX@vU*}+kxw@ta-x#kl;NI=bpaW=` zKKuKrv$CZ@ki>%UHI&hINd0QjvA(SJ)(zose8R`%^Wh&hh{7#eqoSW_ZqjRK_t4B` zobL@Ri&ixrs{iNYSudcAzcMAL-V!3JJ(cgjs=wR0O%=5xY<5N;nZOcE7X&;c9{P|#Q_32%I8J~YIofFRi+Laevw;)ci;fY z-SwMa7ZG$0nPVcunMXe$TR1>En-X&z*10azSB`FN4b5CTDkj(~rqcp(`AX4Jd2dAA zhp+1KKl>}>_7q0>M|uU_^PJtC%yHd@eF?sR>FaliA){6$Jt;4+_F-dPDrCvS zF$n{PW13L~?LE{H;dDBJl`Tl{Ypmx@o!I@cO9nSE`9G>1UtUVMU<93QHHT*-WW`#z zBK@01hNkplb@R2yE0Z%E1D@WC7_OfPmtiTE-q#O=-jf0B4Y0?&;9{C! zT$0YyVh0^GtA-7vzB7XUO+yMi4wd{#!c}&t5BWpCW>e!7k><-IZ6a6|KH;Z&BY`{& zJ;{IHtXr>f`_NQ~Di!vDVHaMlN?pdcW|r&*c33OczK%4=&g_v-khw)Q*+4o4EDo{S zsmP@qL)OrWf%J<7)#pmEX$7ih$_W;0Iwb2jh&~~3S)Z=tdJolb&Uatw4@{V7)kr_v zTQ7!fU$Y6Zs;a{UrK(p9sItUZp}QfP3j}NCjHLUW_QTQ!9!11e96t~BPu{pYtmKb^ zDXpIu#bKVH!X~SJ#cwn5IFn1@)lZ|R)~vVbrq^OIV#Jyzs=XxSad${jzk+t*@bg#o zjBs9W&PA5pbmVTz%y(Bm3H#bzjeH+g9;n&mMJOddSy!U=a?HTq|! z&Xqt>5Ssem7aGMv0G{|#&6o~f_M%mvwi%xsN+DV8cR zca&Ekh}|>IYnqPGPN$z*A@ z(~0j=Dp9>QEMpG$Y#puHPrl%3XUPAp?7fDTQuio6MOp=nr1m6I*VnQ__l;V25yLeN zMTTzh!eIRUcE&hLhITt@u6h5CX`+X`Y-sA4$>k%cYjRP4^hphg#by8{&~&z60PcAw&;@7s`J*~ zpYT&8ni613Ek;8j36{qyWk_E%*MtE6^-Ca5{gw_*#bE1KqcPkkZZ^;E69k`ji-5>i z?zB?%Llv*wW4udD_iIQ}YRO}f3^0_yq481Bk|R;1j@Dbxc45d+5h{b@-wC-Lb!;n- zVEPPyz`8gBIKSI~d&^)hiKw0%BpnLg_uniWJU1c7GMMDQS|?I{1ZKw!|2}aqZ+r51 zlY~P*o(Dn8_$`wTK2~e121WmG!Yx<2`3=Xp~%_&CzG@9-OPl zM6|{rc~%OJ)r_!>pTBSI?Q)e4*K+tBr(~wVsT+%R5z-zUnYMZ7tUDa9$W5d5TH4HU zY~T24R&e$PyHiRc;F*f3|0Z(&f#76oJ##)4N{MmVX4Y{zM4D%|L0spR9LJu@>UZ2d z&PGd>B)`4TB|0in2hr&lRxh6Cv87E$)NNLks?s(m)AF7*%pdBBbnH%H9Su50ggbZ* z(c`VP({Y<8W6k3oM3&nPGEf=B~{V)#U-|%nJ)+fXaRFFk%pD5evH?5&~#un zG}9TjoQkr{3at+B>K5BLeOn!ovrWDn;tKs;_vP|4)MMXS=goOYRE0I7V(TJissk^~ zzAPp9bnq+MNef!U@bKN!VQA9hDVx=E#i=v87i?j9Qu)7CMEd=<@6`t}GxNiJow|JN zyJ+s*SYhfoM?N%mW9MGgI&&0OUGWtXzbz^xq+K#|{N%Zjj>RHjrd44wP$`hvX|F7d zDbQSiPg(-|=xGeMymsYe8+)5tDyseXd(P(?PT6wqN`> zTV>(P3XoY|A5PX-hpYx!T?WiACWc2#Mc=cftUEKVkqIuTxOr@&=LMj8_~{TyCD*0t z!@{2IOl(goLZs*^o05!;Y~;dy`Yn{CS?Ux^vwg_K-#)1&_tdu~`ewEiI-a@ZB5(mP z2buJ8AEkPZkykoHgPR>8P%4ZbpIDq=%2O*!D$gOS;;Bo9=?J>3wBz{S{G(KcB65c8 zQ3+Q#!}OflscOwd?3x5?@0y*1@5la)dJC}~vB`hgLCUW?dQaI)&X5(fH35NDJD!MeM&0(W*G^DOc zLP`&+U6+QJu$MP0O*l8H_OR0!+=Kp95fd00+!E=@SPSiY2q#w&5VAq6+3L)&g(oXy z^O7>v&<%_1nz4DxzT-1*JDrD6kztVZ#dbYy%uW^0G6;S6;YTEo+-t+JEpx#Z#|(B6 z8B|kvDNTe(O!Lstvmk$Mo?cm5NXZ4K_#xzJRyVfXu$HN`GgD&@Q>}ML4qMns_2z(u zsmkEYJq@%YQOr8mliQ2befw}|iURf0MqrtFnOY)aXzu!fwKktUNC$U*k34e*W=r5d z_T57`N7q!`J*BkyMInbhA4|d0hD@heuc9g%)~ldOQT@4I=B(x*YU=m=!SvA(t(d`u zh7c)+3>^^r=kc4(NR7b~AMk1mM%V!}Jkoh1kG@;|^C&YB$!i!Q!SDk^VZGN-TPMWO zDOwLQdnJls%3aBn5-8E_2zTTWDd?&xyUCa{_R zsA}yPE+M5#MOf1@0y=ly5FArMb#;|iF3&3Ap74$T-H95|eqIHqRj(qh zzq%bJeQd|8Z$qx)D%&7jA;=b?ycgO$kS7^u)+dT%ZFmB@VAF0+m-6Szf)@^@`@h0! zT9!VT&Q}dxJmwO2Y8faH%;$2m>NU>lI3^qt^_2`SLvi(~xf_qeVB2qhOL%r}eOwVd z3!5Eo^(7{*&1&$UBB&`-qbj(yc#T{4?ej7TkwCdHEarR{^84 zpyA`)_;j`s_j(i8agF@;v8yyvO0FSKuW9( zjJxGNLAw~{v~sz6#&eRLsQTDit>#zNF#wlxYop-#?|ptH*B3k8ks%ANe=#x#u!;IKjfG7E zY`XHk>hCIq1vUSEZPVyT)R_PcItQ zA}sQEFP5EuH5gxX(rC+ztxL(Qf5xxr7Pl;w6!hbMFDxdU+%`LE+FdErEH_cO+W+UT z+`zHleSZ=up_<%@lzuA+JouyJy%;3;bI;bI>v`Dh{)6Hx+vcvYwazQ{KQ}I({i-tf z<9*3xA`>P_umH~mxfb>&F*Ir1!FwMz54$Fv#(7CyKX0*hT?n83p}M1L zT9_t2dx3<{b%o#$CpP~1>&;j?|GC1S{dn&8`)OTY)z$-TR!xqVdG&c-D3`6Ph5aPW z0S`d#2MTu2s?WAUaDUhi)dDhVzex?P;!@`sVm%Gz4q9DKO09Rd2pzVZzb+->l?ONX zQteV+eG7y7No6ie{c$lBS`Bmk1-<=E;Ea+z;Ge%jN9yvH$xg2X@u6BMZ{q&xe3hE)qXJSvf7kFUETyYlX#H8qqr*V~zpcZ9Jw7ix zuV*VD#F5|?-AhD$Q@N4kSyYl_ zQ@V{!XtS_TigDl6*tyZ>r%}%8R;zX}?swXg)6IQpaTC{;jW2s~mm>nNy*jG;*RloE zcA5V;{R~_QeRY26J-qrdbo%^x=&-*3=GUru!7x5ukuJNEIA=FWo}dFpK-- z4u!V|$L|Y#P+b~%!j%Un(}l9Cs;wuJ=a)wlNma_{mjPoZvqQ6x)_=E1gMcs!>Sf1E z+2k%|!O(v#p8WqKKUZjBz?A<=I)c|;R!a*e4Zt`$f@!s2vBUo(BWeeKY;G)mh$7zd zJ+YRs{@59mjeR~IA#(l$=7u5qRL}cYg3LB~3zdkXMQ2w2n?7{-A#xK79G!*fkGY0g zD;;i<%HP0q|5)tcy`!koAgNGN<2!aKQ?U&LH{HU5$-zbWw^UblTom3rv$ zOYfx5ADX^2N31z0(U&G_$c$`K>a7Hf-w$?kr%TxX&6^LH7lj5giDa4UgglNG#((Xc zL8P^BvVCZ{P@*r7gVJiU;)guqDJZ#=dT8!iZEKxO$h{<)2dcQSU0%{1gZg{I&a z?faflp9B0*G2^|GOV3nbQZU`InM+J@ihEe$ z^C9-ENNwIXmE!Onh{%<8)p+Ipeg+5ChjZDW{r)lUZ*uGYX>+8GG-WCj+l`d(EAB^8 z;~ChPS;ypb(yzpj7U84kotq1mlUJRDsRKRO>7!!NK$d;eG#n$@!lrn&-tkl4a>N$N zl8Ya2f$&qJ`sXjm>n+u!XrbPzR{C6sW@8EX6oA!EKW7&>4B8g5P20PFoWnXK2xw!A z!4|eRN+D-&WGr+(aLq@J+9vdW+=eTG2fmeAlcns)Jz3z`oxl+ z`$yQDx?aWJ)!LRUf~cvKq3O?z!WZ6&vm^~=dQe5)WbB#3B?oHnT-RymMAF@p&iRyl zHx;(%D@X>+EV)mHy*V1ATc{n6c%si5t1NW&WXPQc!5`@d>L^~UN?KY{G6>)-;}l{u zdr7}I)SxvorXUKG`%(C8JZAaq`b#>NHOPaP*^O@#spRreXJDRm)q#Vr`*!FHksJd% zadCR%Yqz(h_+MT5e_*s3U2{t#c0yQ@(<7v^`)p4pbl<&6$+__~-il;t78&H){#PFP zL*&o-6$wR1(70B;tbnoQ*Q}O*2Ng{auHld9)=PB_ip>-Fs1v8ki%KyIISvL5Dy?B` zX(eoQf_x=ZNBx0@BaRI29y*CoFR`~BeS+P2lkw?L``gIjtBqCd#d`e)j8HyQx>XWj zjy8wy@ZPDS9w_3dp+q+Rz4Eh^y!@n261SWF(~V=%u*NXOx78(dTytr1NSi@FWKifE zQ#w!@RkGw7UmU{J;nM6an)0Q@hkts2$up~gY=Zic(eGf+TOq3!aZm}>FS+@Q z0}mSJz?5;6UU9zU8Et_*zlCGtW-!;oM!&w>o95A^O^Soky$BYG3SRflH@?@LXM{=* zS%9m5K`MNEx>RSn|0uZ;STnh{YW33+B-I$u5j8#d7C#&OqDmhSRXuxyNd{WOVxq`l zpm*SPE2amuNe8MAmY7e9T$L*G7mq4D{pgm;cHvI04mMLs8$s^e&41dcs4Ycb zG4sCY`L{e=Only@vDGf;ZS<3f=4iGF$(`Nr2& zf3I=&AvnHM5-*AdPP9LZ6F@{< zCMdKx?5tHxBcO5a&=0>4Pa86h9DK2({G2FjrybKxO@Oi21Tr-{m)BYNw8$^hhqh6u zdS0uml9!M^lz{^)52XTyuf4h7T_O}bOu6rU>WAUVa&73+oxnqOzV6CtlNbYopTyM! zlb_gpt+vks$ovnC;zoLFm(OK)QRa z^_wMw;EpFA4~lBjn2Z&zj!PS27AsVgp+S9f-ZaZpjzZ;!^#Rz51X>Km3r>zKFDB`8{APepaXM?~&Cn zvFfhWp3MYLMzo~Z=+sqo5RQjRVpik#$=yP~39a~BC>6x_`yj??jGnG?w7E|L4>u^S9nARS3Mhf zEEPa=X>k3t{B+h#NY5Xvzj}u$lc)oTz$7p|s-o}LeGEzLpjWy*6x zYa`R_BTd|-j>;ge(*4j-7$4we_Zt-8<1D-58ecYHv=vrtZ6i)E!~NVAlJOQQ_en(m z!OG^4SHr>kgwdPLoSzYm5Cz`n-)QAo0sZRRA@tarh{V`K0f9C)Z1KzS;1kxEOZVRX z?0xH>#K2je;tt_)R=?bI+ z^G-U1u3no)i1W!=%gi+tBc$4BhG z8Vz2tXFy%OV0g#kl7LY@c|Cb>w%aoH`x=|UCt%tsv~48Ha3|M z7aQT_PxSDi)Dt_0Gg3kl;g)VGApLC%W1J46ZDyIr-!JFG@mw^bZ86ocm!mnke?Qvb zqkdWL9t>2otiXsjnOJPwfNh1aeQTHWwi=iX(j#ixBFsCpMf7{p<`Rq@q|m=3-HAN7 zsC2XArZ26t<0X*S%E?v?nmS%*8ZBgz88)l6b!6Izz5cY8hJIqO)ZzviX{tVAJ*da6Sy+UIrrH#Q0I`U-ML?>jf>-J;@WNHYwO zWzb30kz*35s0`AZIznBIA`~fX0?7YOC-Bj~ye+C9)thdTZgyq)|6>^tqyi(YxLhMO z9C*rN3Rw(_kVJdUp4!Xp&yOCdn{vTGq8h(*f7o!u9KX+Ml>gihb#24pYO#g&Cklnf z#rzb5J`e~3Pz?J90V3HNd-$m^{RhYdi5fmvG)5?kqMK4m@Nv1g#NI7`e-q^0olSbv zkyUryB%}cS3rz4GkWer=s4ga8E`6sg6Z1p zHdH-8J4uc~{BsL^s>n6=kLMGZnox@)$9{Z|$%?(+=$KZ(0A!tuXZ@3?g)Y7Gxw2sc zsN>0TQ+f5`NCx*R5n%H8P-KYY)k_)52vh~nO)e-Y?%(nA>3Jb8F~NaeBtV!wp3v%> z%$#3Z=+iUkIUU94TR8x9Trl8!*?NfDbV9!)Kfe-4;O;{h9}vjMM5H6<>-^?s3Z-QIHaBUs`z0p!s%<%BKRpwF8XLhomGzNU*)66r*(^ zZcU4#$BDro3BTln*27GG10m*LFE|G~fvUhzV6b-mMZ9l+zB!H`W5T7MDSJ4y0zcs? z2`+w?+BBXu3R2YWi{FqMQ#}Z-O?7Vne!|PEcd_Dv?9Sxu{Uq;r4Bkm<-trLO<#IgN zRMh^PF*hlPtyvplzoJGe2rt6~)1IfCPNZK9{^SomKxLE8jZqz0`1zf?8vBpQa|$Ar zIXN3pq1eGC)%z1kgh!*}nk7+L)kC;&ZN6(S7y}B8Q=|oZ6?ESE>bS2kEO=Sa&WFYy zBhElO7j(4WKQL9-VeBGC(N)0Y`1vQb(U?H_{W@OgA>hz>IIcxLN;j2LnI7j!pP;Im zDa}0D-#a;C%pk0HFA73sHar+V{97OSGR>hv3+~X5MnM2X9+mT_;Yl`ESf?T)B zM*G5O(65_wkQ_AZ^B}qU{PM|1ONfB#E$I%d8CDS%gam1g`LyjTT!2pPv<1LW!(l^! zWw3k5o$9FSZE;|yk-bIiB5Z7OfPyZJ8y-WSrEoJ{=gr15rkumP!`tNr%qdPEIk5(^ z2EYDYDn|9p4q~Ntl;crSRaRa?jUb8HcUgV2)W?Fe895v{!&Fg6iW|umZ)$vzp^KGv z22qxtkUW@VB@$l;830L6P8<8|Nz&`}t!_Po$eQohvxagfefCMt8xuSf9E^o0LaCC3 zm0*iHqy=TRM?z-yn<8ifx7VP3k7iC;-5O_%a*h4LaaHD}?N3_s;8-UP9cHv^`XRQ% zLD_-Jf!F~&A4)i%NTrxi^ZXR(^?J%DZsR@cgg;*l@4X5XG$Vyyw2{E zAnCswhV|{neCXg1G0E5v zUd6ANE#p)#o9Ox}*RuOc#ODYvWyx`bEe6HP!RD*ik1!L=H4PLec#L#j`P*h#>Qf3KNk>)xYgOxiE z=UD`%7tilB!$6FDKsq`!__}#I1}sWz4A&5tt=}t`orVmsTIdwT4v*d?(iLq~^kwi{12DoPY_)v+JMy-SxqK5@9_t$> zMmf7vC3%&7B-m{8#V%2!e^kC5U?;$ugNaq{yq{JW$W2}@X=}4BIo2jFt}-Mq@TMs2 zRLvjqDjl*OWqDaqvsgH>BCHPWkiP8|FklWDa~J>kbOiCd@ZYA6it7EMy>boioFbcd zG9H9%Esu~|S!0F}&g%YuWVKWYdl`e=#~0j`emUbQy)!TbSh?hh&W*?Knsg`{J|Yll zVT?-92R*B7@bxoVKN!(4&g2|4Hn#eHT+~m0x>-|fI%plu0|LA^ge1y!fWCQ%bBSuT zE^>eG?8V=EU2x}}X|XdthKMkKF~BR=)0Cm0@hR#MWwL&F)oPMsvQ?JKjfbzCcwv;M za!>I56G|ODKFP-@b0GjSrC$w(88yNGr+JP5X$hkB@bDO?`mZ{HaH`$-5mL1I2+Ww= ze+mg8H>S4#En`-pTm6h*H@-8f=O|7>)$XzCc$(o*PEvyEgZTJFe_LFZoyy2c<=7cU zS$YMDldI+8tAMZMXFin~ke4$RcU zugI$S4i(V>OFX<3XOl2L-x2kn`W_qn(uGtc@?~}(;R_GmKeL7oB6c<(vWWxB`91RvsCNJ9-W&OC-KmJjVFnNMOtzbwHTzbN>A!@0u^EIi$tb&M^R;nqN*LBZ47IhY2vIa3L>rp% z`_YFQHlrC+Por9!*P!+_t~T03F0EsJ4)*me4uw0c!+HamCU~NcJ@(}-nl0L~&AI?e z!){uO+4x%m&iCxur!{u$d~{cxH^o7Z$W))x&|;eHDEL2r0a}0Krn$%gz37&T=3+ps z3a0Dt`bL3HiI)ms2f4K4vAc%?JYt-Os7u-qg&~)QgW-#wvJnWXU5a`ol%uX@rZ0cT zhdE9H>Lo`rd4SrY61>IADJ7NPBSX4il#qw;-3^WOhov_Qncxk@#+TaSQwwOHj|mT_ ztwZ7a!z)ELNBZ%_5#*3h{I43I4`K@U<>hwwWrDx)3Uc2$y9p;xErIBinI7lR1&NIE zISlKs<&HL>rp73NgW!`{+1|nRg_VgFeo|~K9-cjNrTzC`-f)rcLoO0}P1n37G+^AA zQ;~~pF?nk?0&4OcH#|J{n(`|5JXr8t^Eidsn)kjG?MsSCa6k9ah>frR%)`aj)U%4{f}Z~(RU4*Dw@0_o+XY*z=CO+S?HJ&iS71^6Dbw) zEW*3?ZG&vJLomEltN0YWw=ag3i|G#|PuS17{es_DJRtr>fl~)j z8#@)fqgJjWP2ehFLbJK{jP0+b`4onCVl9wfRuHe@={72*mE1v#7K17n`|uBoxt)3! zB;K3Bj7+XYp*OgpCCt-6y@=20lo6_&s# zE7z#t6w%-JC{1V|n(PuS?4W$9%fjs46F8yxA@XwpGoFP&?geD2gIS}&_6KwAD*H{$ z-oArgr%1SPisXSTnnDN{r=V4Pr6}Q;!r1xfA3Cwe=H{0Cv12#oUQQL%$Pp;Gioh3< zRJfVWJ7wwT0_GlE{%EFq4rq)rT^fP12SpKFn?Iil$p-N~lBi0Mo!L$Wu}@|KJx4Zt ztqTQI>b%>RdJds4I--71PCAz6qD=-1_bNRb+A8+C;ia{7G;*>Y@qob8^g%Jxtf_D( zp6WGkNF3C@!|)izV=9ka(2V}*_AD=@R%xnU(CDTh{GE5rhr5jqFz^lPUJj_9^zpE} z7tuZa4Ud6-xH8YJTgJKaa)wMyv7*`vYrX6l;=tY;q?icKZ}bmt_dZijPGa%0r|U~$ zvz)9MSuJlB_le$)nNP*7ac-66>Grt5_e9B#rcCfDMk~-uvQP2j_?q6k%{-Wi=Fh|) z*Si^;k+@88K>rbAa>h~yBhevNl`IK%iRvM9GUYL*?? zm%;cHB2%SZECE+D0SCs#*!#j5Jt!2Div!Kc{ihPwbdqTsN$f;ebG=>m;=|TX{Tt#62Vuh5~FLr5O}UQ zs!6rBws?mz{VG<0^t!47TeKNP13uCwdF93@R7w@1&bOw%OL7r+23qLvbw<@Pt!e;9 z`S2q8FkYW2dsmIIPs%!tD|Pl~teRM29OCKvoRt*^2b4&<;M$*sY{^aX zIXwdETr?Lxu?I2DjpShaLeH2Xw;4<&(>Y`LDM^1gytPQkSs{rQDHNkZQt4L*w*k$T z7d?I@p6U22z#O7k5k7$A%OQ=we$Qq;^WbA%br)n`?^68Z*&Yqw{d4k1gu9E&5>E?6P0^zh+kD2% z%KEgf=f+~={$qP4wtLO!rBw%y2zkXmjLiaQ_>z0yBQ8;^G<{|GGjm&A_@05VKVP$; z<0)jg8vI%4jN6uH?QQ|$V4*Q{=W9FPYO1Pw*Qjt>Jn#KbJ|hcSL5(-F-Ixe^Mntiy zVzQtWCDP^CX3-_RRLVg#ls*9*53q91T@jBpP`&@hzu~1h-lrTDH>6Lhussk-j;54r zbt4bNL}e+XwJU<|qTjscUcAftFy@1;e*LH)qr00Px=MJ&W!t-x6zeTEW|tV;oEuUwK3%h*CEy zO>ffEoU+&X2h2>=_@3{+9RVCsZUKU^M)7;}4tst@jD`{skqBNC8e@nBHfdD0b4}v$ zl?*Lr4h?pWLX`uj?FmK&x3NRiopU2SL+R$e{Q1SZhCbNR@4y;?=sk9fpc(zUaUZIx zM;ByYD0u5AT_UR=8;u*&JR(Tc4cFWl@~B6lIW;)J_od*wGg!I|`Vb~sf~Xm3$>lrz zNj2ufQ&#Y^m$izd)~Ck=n*I&W{*$7R;XcEyO-{+v0v<yD79DChOZ2Z9YCD z6Vo8YU$EvY*Fs0sae=cU8hP(jGAqdM+IbB+EP9rDqN3&E3~L(;k2%86h2SW7z@O@0mvIrc84m+`5jmr5Le31Vt48|OUANYtv%7<%Q7 z(ghbqC?kYCE1WlLPWuNw-i;pYFB9as1VTiH_)Y0G<%2VQ!D6D!5yM3hp}3V*_~bdO z>wV)yq6eSOV2!x}m{xco5c}tD`WZq>=YkGYexlN*QDKndA+#*~H@%6xIovjhD&*Fk zRFQ$GF6TxFua5zowUZ_m=_qkyF>r&&zD84w`)JYvw=YODYMN`KyHXs&&5b=r8hT;2 z`d-!dB6>wdaXpW3QD;mCzxc!qEen4i`7H@^t|Lk6nCny*+Ygi%(0h(oZ`1ht{C1N| z6ZLR|1O(Fu9;*pt`@wqJ=jp`6$a^C-O^jv!l8dJU^QL}|54>&ep_j|J8j+0oIGL@Z zY;90q-Ex12)8Kny5QisVfpjRDJ)C&oJMoKC3J^&5(!=Yt!rEU0KAutdeY~RY)2BUN zKkMC??uuTK%FUi?MvKu?Wo?PP{-isCYlEaEKIX}RoGf@`q_doCuc@z$gC1w!L-YeS zQDq@%M!NC%)y4*Tja^or(w`ntLof$LqAX&)?TZavV$hSt-N}3)&A~{GLq~rE7tD~@ zsZI<)_I(+C=bJ3V}_un+;daE*FYW}LH*@a+(TmYz^vyX4XBKw@ z50W>XdR&6jA;SAL!U0dujlJR|Lgm@~RnGZGK|b#znat4i_QwTxdL7(pBZWPtyO;LR zT$uX4+$Hf~^Wa-SRLAGL5YeDPb1Pf{Kgj_i#i)^HpCk;_D7#6UZtSzpAKn%_efv;4 zy;W2{Q_>ncu3gAtxi8=trvR4xp=_zFHKklbpKw9$e9&t4f08HPW)cz~@fBs@9 zty!f-7x7X}1~qzwY6H71ZbE-NRJe!5V-!jO^DHGwU|G{hXZ6_jxZy{J3}2-9AE9rw zJ-raR@a|(%VH=t%4OnbJqpg93{K#1UQ<%2or+r)aWCn9265Y!F=`tsM5zeEa+Kc1n z(JU{n?oZ>uHGlC8{}7{`%l78{(()5xb9i(o2=Vk+;!?EXjG(`HENy^pT?F35X@LD$ zw-6a@{ZaVlT+>x1j=T6NE414_=~}m2A<4o{(Q=trFWY3LrI0ZP_1TeKR$D?xC+;Z^ zTN=g8doLly0T0(0Vqe4v<;BNI2rGd@u(&{l@TUh?oHwnLI2Azh)MPz-?`VV@1!(l< z=XAK>?CWFnx|gk9165h+w*75CKCBacEb(E95u@;vzPRSlFZ!?_B}smTP=tz^t^8f+ zAK$X6KSKfgntc(QDM=jos8mh`$M(4SU8o3!<^3&Q)&80;xV^`IYmOkQoR3!EnO`L^ z3xNlL-MQ>3&3k!KNp~wcV``F`H%QND=_FjpYh_Qa@-Z-?v!uk;TpCyz= zC$2kR$_sgMNls7W7l+>GvNMJlpI1+@03$lq%*OILYnGP{rC^-$Q|z_L4TR} zbcBZ|-NUcZx;s*=C1a)rCd(9?V;i$FcNw^Da#P=6=!8OwFU^co?Q=eI zFef=Cf1;0snStvZ3Ov0vhNwS5L~<0IzZu4jnvh+U;fYam$j5A?oCw)d(1LxFd?su@ z-MHvahMademwoL2#ok*5w9!T3qQM=4yB7;?MT&cY7I%l@Qi2qBOVA1-p-^0c6p9rs z8a!wzZ7D@U3DQDKaqY=}?m74IKAng2aG&;MCX>BqXU*PAzV)paEwcd@miG^+`Xmm6 zp3q9G((5axIJbTjgam{L5R2y&o}s3-7uyViwUewRb$L$6egr;0Dqp~;sukg?DJh&s zL_{R~2UiB-0r2thamy%;y%4iU*&o8_sgddJE#!^Pe<$(}V}hOEUVLoLnSaW~ulMJk{*@ zqa~h0f@K;nymc8;Z@3UTO(48$-YETaLw_}poM7|EWdDxr|G=db>lpu=d2vV-#%AiK zz#9ioHF{OhRiba=Ikdg_>QT+#*D77`9VL>V2C-sVmBu0_P{Q?+-vPWaXU~mZKgxT| zYC-Cjl-6u4d#FTn=SZ2z)SzLg{kntbta8s8cJ-SkIa5uyasR62EP#dI|8sPeW~2I$ZZK~_puCswzyZg$d@=co_p~G02_TQzXC-`K@I>b$o?G{;>G_or zHjNZLAJ@*Gy6Spw!@3*i_ripIkBJ`y6|E5A75P(G)+^GzW^*6NH*{BY>ulFT^l1^B z+H%n9a3FO=6giIBiUh@8iJGtHi-b;-CKV8uk*|0P*JUV-CumAhkhK3`tUd?y0DHa` zOQV_3p8HumpbC~6^pUUOpoFi;-#4}sw5}cycC9Et5Zj6#sQ2A1F#lF<)s|q*-B`c` zoI1HE%keBsZg_5Zxc4NpuiVoyqO7rTBV_&*t(64o;;DL9{P^2fyZ2+h`2q7~)DXF$ z@>Za&z>DY1!pJ6zy(H5b#NrldTp8~s^L1+er09e`y%qz9N$fN9!SPoZCZc+_Od%_pQwlP4Fit5`X504&im%`W$CdC zHen{A@W0Ql(Q@OzI}A^Goy~}y??ujdSL1r~sqc_9n-T6AdB3#z*j3=$<3y@X=^s3f zVNQ*Oi<3(UU1wacKF09 zkz%bJni)!&P6aTcQ$sNeS^9Il@yLTI-Vuq;jb zJyCXxxZj<8`PMJYcXH(9DSVn~)_Rbjz3}Ws!)uJ?C)=m`doOINMeB9B`=0%98tgtW zd)cM4DfK4zCa=&80a#%<<9=C^@JCA^V zL|ZXeevMbTfeU5Sg+cjxqj8Ufr@p}O$y0W$=Ks`7-s?coxYIf-1w5w){T+)E%RE7H z4O0+N%e#DpwouxwppcD_IiezOi!=LKo#@6uxD5HNH$oDAa!1w^Eja330 z^dt+MuqIfbQ-e%^dnen+M+`UR&Ne3#W0`q0{AZ5>u3vCRPHiU2UW;Z7hfDqx$o6r* zPN1nPV64-KU_5>q9=dOLQVF%v2;uhn-d}4L+-^egu%+WF@gLxezvth^j!@m(y8eYA zPU`i3Fs@e5Z%lCz!rI8$+4L-;eQoiPy+RAuTr;%$gk;>viAmXQV0*Y7Pt&Mr!k)rl zUNkw!tz(U+`(v9oUxA=(^us3_=JvDgf{>0YE`ebU&+mH+Li?&mkKJljSl~Hhv-jdZ-0D0c{aafY>O)jP0G$z9wqo5eMM}bALWf(X8!cLcsQS5_g+0*%=L% z{v|(A8ZOOukDC#^nb1A*!xhtR1at8$wW$4wKhgc+=`>fWPur^7`kL_t>%&HF5i3>M zUDJ|xLRWy2oeOOTNm$iKFhIyP7J;LIB*_H#xcPQuei7yGk-zxg;@0%O>ruWc zmVdbsGdBfXD)IdyDIP&1@mZG7fXhZ!lFTwvWB&k0A1Un4T&1m;^S$$EnxW07X#oOE z$N=6NhF^SN{R)%Tm&`Loeg8C>Dm=99`j|Kx1;_hbe7{r!Jt}_E%sZMW?Sj`bt~)Y4 z6vUILqtB@*o0sGsS`w%Mmqih(lmxzQJD=o^(%OnpzkQDyuO5yt$9A000X?-i@^t`{u4sL@Gz02q%NY)6?f_&K_`&7W4e%>Rs`w_ud`q z+C;`>VBq&_)0H1@BccVQM`fo_t#%H~v?P?vbP`V->TTc5U8S0Dmlxjxl_&kGF<9cl z)wyfl;;i|1eG4Ry>}TXV;EIr-TV!B}b?*ndBsLa`Zs8v5D?V!0#(Rzvot7>3`c@pw zGDNd?5KgIDH@Ym#Rl$no-M~`;7xE)In-}bXb|nVNi4XW_>K*jNd>jbs?4C0xC71DJ ztBcglv*^yG4fiIy0_q1LjUUBK-CD5tO9&k^RxJUjYR3KfGkUU@Y% zv0uo|L5WRD1 zfJDwlebA{{=J?L>EME-Mai;S9qu57aG{6{XFntSiA`3FwTeRVbP zGQs9APR)II>oTd{aQT1YlHi9w`TqcTt-O~Q>j5Gb9J4<$AFI{fNfssSJau@?p&2zw z^_*#I_#z8ea9Z>u=GpCYsywI->50(!i{~a47DGoWG>}tzmtV!S`t>d=;PKSbFFG!p zGJns~aM@KuWDOfv+{S&Jk`Rrz`sZ~0bZ4YJ@sqdSivoAgzf*;?#Y1mX>qR#iamrKA z-2}sZZ;Y0a2{-*qO5nE}KGTFDdIlKHqVX?MUy+QvsIY{G!eP*aD&RGj1?r+i2z8_; z1U*tQfns7!=rNI{^#A|K|4S!?vq$SqoGz-cET6KeMv$6s$5g-pOm+aVAU_sGk;S4& zOo{UMEs%hH#wBg!o27<6LoTvi9_6B+bj2v^7LjO(s*Z@@Lx?8_Ps9m{SB*Y>23Q5C zcGQTmAS5(a%w2?&V;QB5E3iakLZBq`K1)2hFR2=n!c;&KsP_1Z$FltAl^7nnw?krN z`4YDtoj`YMcM$JVMH^e44u|?83}jhnUTye)P2+OGq+^Fx*-j1aw&`Nr6B&yy#0Ht` zFM_3*6hhk6{x-SctF?VnJOuCTs{IMt3|CuhHZR$hLX&S{SrYy*|E6Cti$ep`t**|M zrW%gK>{FaZTN&i*tU_9kz`_sS)EAof4Xrl$CD@3vT+E`m%Zz>rnGkVy8oQ6?FKC@luN0mq%cBp zDD%R-A!Egwg^I5JSXAZ{)|vt@yi@k zDszRJflJ+vn%OVgPHbBn6V+1WNuW$jn+-HwCJ=kkT<*#sZQP9!r25bf6~x{GlL`PC-XuXdycr^QhFxxqj+{H)6! zFA2zW$fYT1WhKctr6#3hknlZb=_N&&ixm13)*+l)aEKCqg7wW*8DU;BoSopwGJZMw zxt+#0e3j@jv$Xa{yvt23%e#GsASqO{uNe$6>{yQxpLGuvfjTcj<5>@+FiO}m8<`4k zbkCAacWbp}IM&G;q%znr%eONQ?&`ogMCTf~I}IYIVR4oLe2skTvJ{Zh)xco%nyoLQ zR2I_4a%k4|WnV&S+%zDE)NpRW(&)oGT;lRAzXQf@O_1ZpXo*c5MeFsk_Zp>Q{6_bE zS8{R};vc|k{RRnVS)H2~J63dE{kconsIQ}2mSjdR)BebMM*&!D#3xl1YlteVb5xgo zdcbV{YSAVqj%w%u47tx>#KN$56_89uC%_7MkWz}_i5^#5ye!J=VOf0^E)%Ug%U4@9 z^C|%MvNb+7z&OiNwziNV{ddJ4fhou$D1(&HW!<$aZY%%K^jyQ#<*&j|Ttsg2UG>Pr4Q~{UbpCK?_mg#cQhAQo zr7KyFYv#&Evo-8{UqkwA=8?QUsNO^|;}MsI+JAtC<;v{uaX`?U?^G3rO#U8Ea;h(zS4AugKgLA1X+^848>8^*KzizzKQ5yj<3GIk#@& zIcq9BG44R@-ofUq2@T8FD4M_V-jq=aRteWZAzOPI8P83mv&=t-uHNV=-A-P+OGC>t z7LPj1gMKO(L5aJHputv4SZ5(w^eW|%q)cTUJh)O8bMI~^12-<2v@(0H%(_z=TA|6O zrZP=`EA2u$DO+s%Lx0PdC)&_#+K4oVEf8^J!__~Xo z$k|n)@cq5-3Tgfu`~f4eJQMPo?;M^1j?z<`!-CkIM4pV9idV4)|FXP~bxoA2;Pq~v zC+7w}uqab1_~2PUdg^_^oUyXL*s8Jb!%Muv1X*PpEO}0QnmjA&=tFE3$s=RnWXM3= z7`mCuKWY$$_ueO>M{D3C1ZL@f%KzdYVBu{AIL;8IJ>Xlkq`>J;Wh_(epvcI=Z8)UF z^KA4y9gSs$>W4B*$GjN>Im&|k3+gE3c+tBoufV+j}a#r)sM~!Xtclk3V z#M2RJpVgk%RZM0Di)e^dlmMJL7+=B6OC1VA1Id_f^UNLx`YLNmm-aT$G)prv<=cc*ov`=C)v1L-9FM^q^;u**dEf zhTbuyPcMb;)6~BBLaIWL2A?{z-|!7kWckzrA;)~tkTSJrCq{sW8?$h1fKf|_P; zl8kz0eI}@sO`8#0MmZWp+mbjM{C|L7J_!AQP?cM{7#w0QRn}(JD9AJ1LZL1)7a}cU z1s>^QHa*ETNc#nQ14iL^5s})3;Wsm_jrjsHh+1~F5! zi0F+l1Ks`lOOZA%nnZ6_kU~FQC?x61MeB~VqHiU;LRK_F*j&5>_-ujs$pvoBWwcB? z)MRQ|&dnbegi%zbfUdbD;&++cwA=U0_OyS!I8@Al#gJXulUkElYVY>%?CB9~IK>TI z&(Om|?U!(cXvQdm2uwv4L_dHjdR)2Omq5OVJjf3NeW}X3Ey$BxQ=U~+L$?i`U-j0m zJ7#X`M!m{w_JzT>dkzBP%LJB$ZKUcK56-bqNVF)VQpWGT)(ZyXYx)s&o8~!J^^qo4 zSiF9WV~l8izcLbGEk~lim^jR7N%`%WX5cPowFmh%qwya?Vqgm=|5e?#!Y{QylH{|} z{{W|q2KZyIamip@z_r(Z0K%V4FQ@k3j%u@xxkmSLyI*C*@__x`^ZsZN3tkN0>1?%Fgw&J`dbs)FYS%GI%_Ho7!U>#iLhD z*ZK!rNZn^Tojq&OXdg^!NM3sqx-2BbksJRJjNE!pJ96mPXzn=6GC=N2L)nnl+?&0|yz@Qxfb3lSkJB8fbrAyp^%-c__6s9Jz%5=xZ9ijNAqHP2A4$ z)sGsvY>#)$MfV#Ce)WIqXHuQU*%N+xX_QKA8_JC2@$@^3CYB{9$jk14mkgzLRF&9mSb{JaG)(Vm!jGpYsYLmu1j zeL}MqBos-C*WpAjt54YJz$?kddri#!56~oIkz4YM5vPov#t8~N17&@++9*#Bd15JU zOtA(QziVz0a>=B5p?K@wT%q(@m+T=7=3QFZZM-vHTJ~w`7{6?czLmX1E$OyDZs zsZrmle(~S@ZCSh^(|@PWaQ~h{lQOK|`~$|xfJ;}MmfH4@vr)xsL^ z5AdVa5g=9pw5qP&^NjQ_`#|(0XlB!e^s(Oqf>Pi8?XV{fd_Zxz&L8~cVP6t9D*plY z9^|!VC$VU}o7}E;rXuV}%mTN6x;D%je4;rCH>z}wmo9nkwzx{vgvVaPa?dIp#U7=_ zk+#U=ztzI;8c9WZOm^^7j;Q}_9N9-VBR0yMK6e*(afh{+r0CYQZ^{C2?n>of7 z`h0kvln2^!?(Rd1H`w!-R{gF64;Pj}g#o1|w?7OICoex!5!u(qDtX!$G$%B!`SV>F z`MD(fg&B0a}mK6K;MKfnmuMHZ`^UOwiI3o>P#lrB9> zsZ6qp{8erwkK1B4mBTJfjE_+0^-z{{(;}*5JxV@txxe|k*Ie<=qaS3M1l1ApWX#Y+YWR3?{-Jt zGShNB4I@*}@T!A%NMGiYxJ$be%5XnpN7nIX>X{IHSQ)4I35 zAl1P|=V5b-t`0*Rn?kC(4gB9Th~1a^4?# zt~HV`Bdc`rT5Q5!e`8l&c)@q-8R&1Xe&LSnnst*zdv=P-?7J9)If~$QNSIW?+83j% z12PkYJjwpZZi!oJFGhYzfn*)GOWaj<-XUfjjn84S%MEJ|U$^|qf5$gHF8em}9eN3H zWbI|X8n6`T?>eKi-sixCBl7`u%@mB|>dx+zcTX7F@@8P< z%4GjR!d~{Lli)xizOWa~H&#(%J9HzRh8oMke+T*RH;YIV(M)r)^VCE4J6m z*A3d_Q$d`0c~djc$lO|Nr<~+&DAbtR$WJK#j?9#vD-iDS5KXkXz&#amn4X@6vr{#l+n}e(JKS2C zVuVt7Pg(fRcir`ka)_T>lX`2_IfPgyxDJ%-3wwD2>QWq>6zc|;{A$1IE&H_B+J<1_ zHRwg@=wr*L!wi8|q-NE}9lp*%-u@Vx@5f2@3{LIfDv4z(`!{8SiHV{TlAUWRzcxmP z;B1NQNP9kg8CSDZMy;2giuBoofggHmBU6SbMLh=@s(<+UU`BqExZ`slM z#c0l%aqYApTJ~-roP*pipwUanj9~Hfb4hd$Jou?};A$_1d8ucu;=*&8KR@`GvZ|S` zXieaAu=~FFkn@X%e5osi3B$SI&+`f-E=Dk=Vl66mI7#Re3K4KM$5Lp)Gwsj_GulG7%$JN!wXilE1*A1 z^+>acO(#eJySbL#S2PRen!sT`7^kjm^Ta|Fm-k;$BdD#_vp(;iVRA&*(Fpg`gv;x3 zkly$0YA3HqdU01~NB`ZhcZGi1q?!C(nG+MA0U4XkL@bF1D$CBTNoV+&Cj+{RIeg5g z!*Uio8NJj2ZerEJpbtqWwoeI{Bz6V95N+tbSG3}GCGto4OM^)X$^)Ife1)il|DL~& zt>DYt!UP1f+^CZBF5#8_Dop`rt4QI0wfyqQusa1WMSE+p7j82XM?0J+1n2YbIGa5P z9LPLg=e>BNuZKj^P`%c|Kcmrb1uUG*bu~=dPNODNz9CZZU~IQkpPXXiWG;>y-W9Bw z9#?&yMo{lZV94s4CpNjd!2LX?8&8mw0042rKfo?~j##|}*SpxM%zpp_IERMIL#r+< zq8;n*)8+N$b_XLt`k?ss0h(Ldq~b`T1|%*~!?M}C`mqZOS-_b{<_!oBdU9(X{bk3k z&~C(lZmm>Za6;z^>(hBKnOzCQ79P+Yf&R@PfZ5D{tLL?~w6n;Cr0ef3mW8P8{O5qv znJaJ~cXk~KU}{qpn65{pH$mW7PNJwhOHF?OI;c0-Z@thn$e9llh5B5zt{{)Khna$o z*t83mnyOoW<&>0p*MaxYK~B2mfm6A>qmK6JUQr(MqD8Oww~yr98nUbk4^QER`i15{ zrJOfbWmAHE4Uy6K)N-V(AMU6vyVl>S=dtjhP5;eUirkG1n?J zJXgY(kX6%WRv3kN9vZHebHhhd`N*UD?)Un)*BeLf;ds$3chI3=c~c=uB*af{D^!wO z!%ReC^QGxlVPf6e(Z)CqMre#udL;?tlC$x-Sox@|l<#YOvvJ^I+0c|xF8jXn>!bTx zSBSc{kNX}#F&KkVO6;gS$ypdqyNBCOH4y~`j`7#nBr7Fl-(o8ZD{Umd!f!pqV=axC z+Q{Dyw;9)zdGA&A1V1W%;TL-Ht~ie3AD|^%0t?j%WnaRw3Ji5yNkBbMnbxsjMp;JJ zAISEubt(C!#bZj#)@?kC<-4q|maV&w=G1Pa{JxV(^CZUmw}n-wa;X{@d-B-57t2rCc; zJCG-!dKc+X@J!3ubv!sZWVZZ272+QNCbRU#2=f#nUl-Nj^?ml#RL?1#0?gzO+?Hpu zr_b0mXx(15)o0C^@0%HghjuT0ceIrrml~qPVh4Uqa+I%rtYJm|NO3eOsn6Z1>YEdZ zC@kPXb|nR2W*QKWt~9ljL`y3vKMeV!2B+B8(ef)y8Q8{TX)HjzS<-r%QSF*$#ONIkdac&5%KUn+C zhc1RGkTFn%D7|UMz47b&IG+QkMt5u`$l3i_A($K^3jPPEo56|^dw0D0Zi;S@;{a{i zDfwQvgXY`mF}|mT?LFy7l(VGUt5YtBLKw-U*uIM$+-y~y9r*yM)T9PBg!)}9~B38Sx zU7h>)9Xqn@kQu3r)|HO>=1F?aWmBPYi8{Zf=%HPC1|5#i177oVV1=N6czyca`m3#9 z#u)koS)NN%-70psQbeZ&M?!w2`;yS-shiO4i{9m^-&8+JJd}G?N^2H;sPv#vWa*p8 z+qtlse*hmuy5~PYxA73@T**?F{76w=?TGHG)Tdm8ga57J5pe=oHlbbf8+&U}Va>PX zf+OHDpo`C?FbiDRl~E;aSCo~9ey^AkcuO21cSw#U_V|GSJq`Y(A-PXDZsC_LjT(}V zGqU8EZnkr^!PuSyBGDpPd3nY*h+=-OtX#_CoyjM6wx2$wM=q$lQcUtcKm;bi=E&sm zPULod6bJ6BJxO4=o5Q3e=wo(f|O4n~J)X(Fp6TV-- z5^ON`ZwG^1o*t8Uoz;t*v;+*?mZI)DZcGkv&kegV+52A&>usfamFqvi;hoTVGlu4_ z@$RT}S@voy!F2AB^>#~zJ3S$CNc}tRK9-FC9{ztlwde&DNBMeDx{5nRaq-5end~aJ zJNAgpLyxAt_X>Q1JOzm|1B1*kR+_mTrYI9>(_@JpIz;`cM2!yjPvUNbh0ITM$f5Ww zgb__~ELW0O=~Iw@D$zP>B=g;fwfdxBuP(-Wd>P-7{st|u4*l8PM#z2!XJK-bS3>Bk zj5v*PPS0Ikk=mUoK@qRyyOU{cas}1Sx33}qR1Fg1s?F~9reSh8zk5R$ldOGOscc%J zbF~7dy4i}7N6QA`UD#gdYjeURU4YpOcWc4Z`0m51%nWhL!nKOmmTJdZJ;kJg8ai)bhT$r z36O%^epRzJ1twz8@RKt*u^Z!uY59|7^(b4ID8`bxQAg0@JWKLRHk~_(PD)5F>8oJ0 zN8v5^s~h_QkR#2v%cP=Ez_#!~68<^m$ZwGSG1Y(%%bG|1YiSw&hKxKYdeLUFI(po6 z-Auxw+wNFZ&7F3qYYJ+at@>)#`z+?Jyspk9QhJWke^@0{T5^&|0sk&bWwanTa{^;O z+T^wHFbEHLdZP8gl}2rzT7XKU+Z>wg(x@p0;WXYBO?Vi1TOB*6b23~@|5fai`i1vJ7 zIhKGX{{iZV+{@KOX9RjnYrd_=Ngn*XjtNhW$}Sx2!QN3J-41SH*zCAs<`k9R8+XSdbb1L^S5~Q2|rhmm(D8c zjXMIU20I}{($yV-zB&tNs|i$?rO-91Wx6YlfGXdbP;{*@98*>pS%zc^a>0-82n~~$ zqe0ZUW!~KfbnmBNOe}R@q9QW^m+h^rJb2oQ1hlS9lb%Oe`(+(kX+&d@fHSyzI^h?X zUH(Ih7Wyt+tP*;bGL~FgoSZ zZ_g6a>()sM?Kql(SYl0VwSkjRTU9SdZGNw6Z`3@7%heEeSDCIrQbEL4+NZWy+vwq= z(`|FDwbLU6rtQted>JZjlyqhbM1h&FI>|@jOk4ie?KhgWi-i%yk?! zg3%PvT3_8#o-_XVgFC0=v~8xC`F2KQXYk|6sMWq8r%T8s+$3Z;Fr3;9%>14TeJhW4 ziEluGSH^QN719cI8rI_1rD+v3(jJ;FN4xlB07z`ZNcUs8#xO zg?|8dMk+rV)LF`5Joh4XmxNMCb$pJ-hgp}3pmL}w$Wle?c3Y!%e8IHoSlZdsyP@c@ zfCq3@1_lOM)-TmP&#$v!GNV;n$JvWS9NXV^HNpubc)WLYqo4=U!%RNR$FkJc0H54H zR2vvlF{+$S(N70tENa_Zljp-(awC|m~w_j`Ab|sFYXHr z>N&k&ehuS(GK7Sq!DtB!a^vAb%mai5tkA>JIP?>VNE#H1l&3oxJOXWKBY@BI8aal# z+$}BHD!uA+d=fNL19fTm&30nUVmu3N#8}?f#SVkYhfCxx4l zQ^g|t{;oDVn!CKDrs39>)u}@_VGLm>VuGyC?i&OcmYgyqdN#ao^J2ug6Tcb|jI`pf zEMLhpoY73X_`&2)1m4wPbn?*Z%R4s|x;@zii&F!bpx!HX)o8;aS;~4_t`?(oHyWrj zjurkD^|oVU_Jz>`7!-!vghfYh$-rO7rTmx4{VEHQ`8ubiUw>a^Myk`UhG)0Fo~9`@ z8^hrzZ3;cu_+xeF!0C+N@axOAkkwe(m$vY=t)Il{h=!~zX>kl#qNpI1t1Z-`4C}_! zcCu=g(Hf2T(w+5P=VRBa2VGnc1|47!iHNWO4ZHSdC%*J5lI`=Jp8GPU2-xi_4hz1JM$cq|(-s=h%h@o$aowH?t$ zIN&*rft=3!Mo#W9)q0mt?=BNE6>c;zKn|JO@2a%zi&i>k8ML0PI$*Yh9NR@hWQ%=p zAJ|GP$M@MH_fLAdM2|&cS*RUk9RknRzttlZy=KL|O(Qke+M&V2Oj5@RH{-UM*BbAY zRr*QiNdlDr{8E~^5Y%wxDP2=c*9me@T55P`D~*pYZ^n2aZ6QsGiB-`iT-9^?$<78v zT$|X!fx+V>W)x9xrew|dfC(lpOIArzvRz3E5u~Ft^ky-bXlaJ;dRWgsnKj2z;%qF~ z3Qr|95G&@8N%spOv*Nxk?Z+1`QsDLn{-mk42D2a%H~JeIvD)>{ORVpf<6Km|-TW$( zy*o(l?>v7<&I-SzQFl@Ivvw(M1}lEf*lXLcNgz(`D{dtM;8^b48?UF{Th>#1^Htlh zBzq0fWsQ?7xO@mV3lILmA@j5W4} z?;D<#6yK45+5ZyS6Z(Xo6GZZ|n?t;H`IT6v*jsxk$mdL^Kh{eOHYYT;{hl<8qM7;2 zeuT};^lCVTOBvSGpQ>jq(Lzi5vMz_8C=2vPr*A4J2GxR=*XBOGisSS0;}}GN8E2Lr zMm1#lFQIG;KGPfPB3rTBW^~!j*Qw?|aoa!QP>FBb{FtMtVDVa~4CDIBQCmeL>KyT) ztKCnrSlj#vk{ML4321-JE0&*o#0(632Oe*C@cd188@Js65k*x3$3upn95X%kY>*pe zCeMl~ApMPea^>t{|Jo2*7+KmUoX`8>O1)$AR_Ht?&W{yQcMi*tsyanv{tgh4Cx;=n z*dPP6p7q5_R@pPXwd4nmja(j~Xwd?z@JnL}QZ1b)ZAkBEl6*qFy%R zEr|VEY8N%HmBu~E3x)BZ9RUL5x@2g0zU+58R)6M{}qQ^X)0tNJ3Np)hl+lAG#%- zj*hBr6F}jAtK@_I@uzYQa=Q0}x&o3f^y~4}Aq6en7WRR}boxeUC=^N8o7;TE(V6}L zMz5+jCukZr8E?vo{lvH0W<&z&nHy2ClQ(tXjupunGUcEvODB=wbf2F>A|ha?COoV&m_ zjyZ{rSvs@m9KJ&4XsFwp_Qohi^W3x3dGYVP$gZ|-ZFtCjQ1yrEYqV~ogH#*7H?km( zRh~f$g|!0u0oyfJ5(HrB*dfCRlGu@3<_-q3j!rc~)tCC* zB&1wP>_E+{y{!3c=&3Y|slz9*`_lv;OPIfqJ))`$FYEjGnVBg~i@oEQa{YO7d1D9# zm7%9&oTn2;?PW`=eQ%*=41xy5;-?1Q*sUE&)fn=l;i2+S0Kd#;`|$PRGvXz`{*HRz z;-nRw4ccI==Y#fbZo<%Qt*NCH>Y!Wa@c>;Hl< zBr{)1M(3}-V@mw?(T030TrO<6D1>wBP_QG^2P1@26~<~@Mnokl^L`{xV(txk7;xOV zM?n7j^By3x)HPA=s}7lU$POkkBSzYS?{%r}eJokVcHmC4R2LwLZ2{GEBbMmLc;l(# zn)?z5TGdljDr5m{)=4<0Nzffx@U1WrF8+frBYT?l3}xX4*G1%fRy(+5gx&PkffPPtE>;R3laaS7^r zYR6z03E0f+=Yh%;Dn#e|&=MzrGy5UFvjKjx3b09pij)l17pOWK_NR!N?xp#~`l&i9 zM__GRa0K@T8nF;eN?gL>Qa*=H1D%V|Zs-}!_yx(_&D6Q4W1V?7OgXo-%I`kAkcic~ znWz(yqI0wS99P>tI*?U}a|p5V{fjhcnIpXNmmweXNrKckJtUjB!@NOSMQX^s&+v;4 zMke-xX3VRiUfh-b5$Tt6#3&4#0hz`P^GM}ay zs4>?@64mpsc`>X+OFj`|;5l%`fKR6fH%Mg&wW464S$)hx3}o&`Spv^bJgn<6=MXMy z3$!FFh@wm4YgDbX7hVO+M<(E{fjV7M1=$NKF>^C(%dmlqq( z4_9^9{Iu+9=eK0Q07NOf%dq0UKnwbt73i2Y-pz+edzi|QzhewWEB=DRM3O9)|0~yb z{h=h=oDG86ynC|y%xMs*^cs+5#An%G+#BlZ$M}SAr*MQr@?CZ4**xeJ&K#jau`$)$ z@AogoSb07Y8e!@CSs~{}G(%wX@mw#7R^UazNl8nkdY{@tv+C4<6jt`3wlk1OKat`< zPL(PUW!FZ#d%cGk?$@_F_Xxv)60I2iG%g{*hYT)g0`K zJr>VFfKzKIf}%Fhz;->frZQkWIR7628JPD<(wl6RuKJnPR{7LZRt7rlSkTAQ?+4Su zX+h+x1V83o6qDMZU)~IIHNGoUFg=3om)DJXK=v!lQ79kJ_6A!C1u#c1)YzEx+UUJp zaZ&Q^RVsdh-L0k&*bKsQ%&41Nolj+K>06hpHe(gxcmhFPmiXM^}?^9jza?tU55_2 z)k`j4KjLDqXDQ_IS@0UCAg-^7XK5`&(?vlNx%AHS;h>;^P-^;s@p!=(y>snq=l4GZ zffa>J!?bA{Lz*gSdc?T|?N`GuGhWWOI`X{iitH?mCaLDC$PY9sYI`z7vf|ih)YEm# z9e`Ve4{;?>(mi!hWV0ScIfiuRfzRax{$A|r$+@|;ehqiru))I95vVqO=}_@+h5iiBeOa;|%V?^MJ^s2 z2#5fGo5u$(`$=DVy{O7^L<1w*K`$0ON09=-$G7i8x~>qmJUK zXkSo-l~>{)59)Lo1yJfSN&RtDtPUDqrlB*;?o~RA=0rDRH?VT)JPS@Da`a5=V^O#D zaDxr;7B=h4)sQ+7%@Bd1`wx*5ff(PaddJEU(d0eqHbARW!R_~6FY;=VaOP|lQFg!1 z0P_rM@nZ-myIv^5L^7^%ID(X`*>VpX z0%K;m5N&U|maf3bLc7?hE{bfsNQm$VY4*d;;Kn-2q}R?qKKLu~bFoC8&IDoxq=X6_ zt3n=zp}sB;_frf6lhK`R(tfXt2ATT%M_7FD(BFd}n@u#iB`HjbF`k#8Fx!1&`{184 zhZWa)ja!hd0iPC(xNNeMzQW@OuG-U>yEm58Y{i0*jqiqKH=}ihsHH#@*o=`b*_1pv zNBg(r%m+Op<7xCXWUQ=Gs`)0fG909e$o&3TH445E?^zQOQ{)Z(Qy{MESTE|9p>zUW zta&q1!2){~lM5y^8>i`;PS9sXyT}KZF_+4uD+n)fO_&8<>GchcLn`gWdtp@e)1}I= z_?916Bx0o4?Ij#1!|z?J?eJz(g_r2=oe56OR4mGCT)nPT^xVQKz)2cR2G~b}HjUr+ z$m$Qy|H=g{jTFA7U~A>gVS6 zmF7mVE11OF*^CXwG;exDSY_Sb^qb)`rz2;auK`Ps;fTtgpg(aoTU4K1B|_KA zMxF@hCYiiy+N!`V3cf`(X7|AU>MZ+foK6xxg%o5MVt?(7ZOG`0z7N`8c}p^lwA_`J zd)w&%YW(ZiFC1jPbTJ;zlEcO7*V+MR-ea&zA_8K+)yt1vrvCJ?mG&s_IK~6mIYB9R z=q5JCVzsQp>7{O5<}TEm_L-ii_;`0k8=Acx!q9D4JxB_i5hO8V(t3q(8rO6W2b>lI z3Eyf|V_s`P%nk8tdbnO+c1SInK9F&AnWWPs{=n4SXKw1$5c|{C#+^f+Dua67ure9- z=T-a&vawhtB9!~k-0Eh8DM)#Q1Adl=ik;GbXk(9x`Y>+A&dl=Pnil%RxXErc6#1&( zbJZ5B2=C28=4>oknvm9e13ilL`9hSF*E9DWBbX{se^GRMXOMnZ28nMZRc8YB#@K4I zCm&zY%`XJoyw0{~Z}xdg9!g8(xMu$CNNHMb%+>4srvj6KC+W1YHS?MP(BSXO8PVlv z#qWhm0@(_rn2qV&jg69cxbc|iuC&+JTS>{qgot(?x(<2*wTTtwJ6Fjk77kC%_-5|h zKSSWgY-g!#r^k}g>HmYJ_l{@#d;kA!HEZvhwF$BJR*I^o2Tck{}Bw>c;dXKUw_Tiq&7GdS|f-dPUGCkt8v)H<3*kZzEP=Z0*-5 zXJt>2DPY`}u3F%y3t-gi$(?Y;d*}%rb7YzYOc3O@C4y%+jX2nk4wfD=L?$YfS58|i zrt40PRO&|Sw13O&lR89Uw7b(vUkzkA{V0p2VSIet%chaTo$9rn0iSm0W9s&;?aX1D z)R{{8k&u|o$I}72YaX<^8$LqJh-J>_F$o($0UC;m!IBsyWEgwLe1BY^hUxP0i;7HV zbM~8r41)ACxPIO`I;N`I@Z)(y3o3t#AlDyqIDn;Lb| zFGR#{KA{7iC4+^st#ds_1y&Px92R#3{-TrIND5N=aZ}@j*J}}ki*qKDD32c)Ft~v+ zmK;pR932Vu`#$;pMg<>fS3)SrcqYgZgvIGT(n@n4Ll=~1giShc8@y1r1UwX*(dVx@ z;A%VK+(EG~29k#?fyad`l3oQs*#nr}$>~0$B25Pl7s4sKgI*M?;y4yZ)}sI(c_S{> z0h(J*+ItzKjv4{4wgF`;Yr{sl>X%}ZWV=a~se@&cF)xSu>8M)>;#5C3>2${%_4RC9 z3Z5OT)vhfjeSl3a4BvOdBUnuZ{LV1z-@f!*bOr^qP?Pzq`)V6sZp%#aUrKy{*!O_g zkUAT)%~OL(MeHtQGmZYyIsP?9rg?ANdG(h1(9)(yn+@&6ye@IFc|U!t>CZg;Lqq3e zOMZg_MVc2<(S9NWnu@?xa6$TV?td7RTs!-KC~99!59w&&XWGg4f%3q21KfO`_+Qj8 z+c_jK>h+TXN*U%H+*jo)hKwH3VaW}QEoH{w``IC#o)Eaq_>U4JEwc0@^nn#0Bd%1LV{gZhE~{wGfuJXM_tAxQoZ%!VeRa8JIW>dcW#c%v&n$%98f% z%a66k34ibHmt5Q+G zgRV$6T_~CR_A24d7Fj&*En|Av&DOa1Id&Q7&{A= z3gqZA_`Ph7+Il0x4S;C>@;~eRlU28|JYR6D_d)Uj+oFp4og@1Pny5tLl zcZmEZO@y9@g#$dyiya@(C-^;}G-I1;p7CL5jgK!P@djuUsi?}Ato8Kqe&<(k9yx<7 zuBLxv*YJ6BaFQ2Zw1$2h4RtTxuoG~;gsU1xJGkI`rj zDgMudv6df|`yvS4ZM3d=Eqx;tTp(<{e90sZyB|da>5t6Yt}b0u4TyB-Be@kE)=J4u zuSE8tCFL-_%$ba`&gysC(~c(!KcJ94Ri@Do$S*^NAnj#uZch)^02Et_CDf@MshTs) zG`6DT^&iH7Qmx$@%7f~W5n&0jva(DRQ~-URJjMCppJFuVp4YC$E-We1?=Y&&gY$KI zd(>;*&O{U@f8m~lButs6|J3D8XrSNam9M^SmXEApy`=th$87t*Sg-UD-~SSgE#y?s zlMwulw*fH)Q+6!Cn&iOXf9WpV#3fs4eLJdt72|R`4Y+@v%PR$mXo_%+sF!$yB#&p| zb*KXN{T6eBgh9Y>(i#FGk)jd85*_%+pvi%c#O^DYzYc$%4m4VmQFKixmtK9P0W)Xt zgW5&zx{~l8JA4cd@2hhHaHD`ufZ-?^+uckDy5?|mhSYxC)M|BR*H4|A3W*_EjltP8 zdxIlwQK!^SnJ}?kd`+lgl4D8VAo;ZOCM|Q+@zdx=Bc&s)NP(xWp>f!vnP8#bFRU4? z)wiQlY@CGV9^NMknz>&AF|eRijK_b;sFrx9MuqYWNvgP?i^yZCmcKW-pEAdMCBw>n zc7}5>;By>+~I9`P*b$#{p!G9+&-k^G9N7dW>VI*Y24TTwJa3NbcIVO6W z%yfhLE!RGM*;Rs1Zbvkmy0<}#tINwvC3ut$>;O~*kj0p{7i(}sD9%=Tt>-u|c|^&1 zGen-oFVRWEo@k>`XKWPxlidQnPY0_>l4&ScC(b;{!{G5&wtNYGPrhcu*VDruHy_WU z4Kl*LOq=XLcoIP&EbF#`db8pnA&*Lkh>NyqbCKInfMgeRw4p?-GDO~EeJ4LDb{ayb z2e~QWTnih2(UJl0tTWiD+AfFv&G_HmdnB9Z7fus|(`DVh zQS^Up6@3-9vrDt76X#5WG4{(^q-q8Vk^C^+&n@e9*pSG#;vyfL+TU4R1qsNh_8tlp z#Wg3U>i?{oAkDoGXMHFcnOCs&ojB!xR}!Ch)>4^RM^W_BBBmUJ=Z|_C3+HcAmUNCG z>r~$e2JX7@YK_0xL!?g#OxnZufHSKGTTG#}xVp+02!?9qtSXGg*R_X)vhi=xD|gT* zgEwaI7D~QIQlf@M^wp|_AeeBlYL%IP&YE&m<@Z<7MUO@6;S@=p-u-)n#pWN9_Ju(A zV@~;@NWq+#xG7LiczQ)tEzKIG#kxEvahItf?m8uB;ZG~cymzmN4y|RDkA-5CT5Jw} zNcKd($6U^x{qjXk^nMasfIkPnt{&S;DSb4@PQUi*egb@}Zx>bj)f8Wm=*=jm^=v0w z=q3M_S>+!K&Yj@@F#LWf+tGNE#_oGEJa>rK6$o#hwJFE(sk+dL?(|s(mKcwNmdKD3M8jb_{jv9iIi>MxD|lb;5-g z*;k>PeIa=Q7?wdhM}(-oRj^b+IJ@HkT3Ge%2>NR@WB(szgB0v4u#xl0Xl4!#W;qAzP z$*bap6YMV8>tZ*9gY;Uzp?QZv1s@W=-cH`#sGr={L$@L?vU;a)lP_E*1z%yVg4_ME zl77P;mx!MIy8ZaW{6cO7qwj6k)7%2&jIU{2pl~cOTA#nb6U9pacfew@|Jz^A*KJit zjWT74SASp=d9xWE{JUI%juxmnUN#QCG2;!g`?SSd&uZ{ZFOUauwW&`+R*cTj#O&AP zTq4#hT=dzlm9;U*OZ^|rf{IvWJzGSxP7Z8m$k7HdP{GR#JpW@S6reiP$!#Yea=^nl zm!h7t5iF;yN3g82kU;D5p|v~QPOpsz_hPlMZ}N4=W|O7XiJ1r_3G%F;%Iy!sF9+dh z>Zm@t0Jp!VHfm1B82;N!<5r6-zf97y@g^I!4C6cYOkf?+?w_8g4#H9~{j@yh2auCQ z0?UlwY7edx1ptFyCfIiSLA7s&nWf*D5N>@9Ik{vm1eI8dJ0?%N|AsBA*ZX+>!sqeE z;%mZJxw39Fg`=wszguX;;PDT`(Oz^I3{E@0`*+;uqZ52L@C3SN40%Q@j2EcW9|Q9p zU@Hp)S<#zjl{&M3i~l6-1?xWj9wlA%F6d3zmNSiV#R#!J%qhdDw#VeRf( zwE^|Zy+eF(P?-HSZKcx@zJv6-E-FoLhMnC7-6i-Wr_J}K`UwUIe9|pTxFN|?dZl0t z^yYLC?$<0i=NIM^Zg#goS(s85ZAHvp--*3Z1arB@LlYN`w-Dl8EUP(5wy(hD$X*0} zFu3uC<}2{as#81Ep+U@lSc0+Z*so=~9qNd5p}00^4f2ciW%!d-jb5Qa_fylQS-i2= z5&7;yzfbOTW)2be8UkY+xzdmqlL#y699gv`u;%Tp!(CMAS^#y|{WhmLze&J~p#&DJ zPQO;-qG8EnFTPL|8)*yOTS{_pAf4O7|4wQ=w3j}$blz}*Qfp=Zd2CFdz@)sA)dJI{ zU?JGfzx_;h_^Hx(sMhE2U!IZpGGijG_&15?kzwwwSHBvf*3vs&l=O~|lm_EPXKHDN4VOMhFb#tm)K=4eGRC=9Amw~r zR(tD5(LKXHW$iL{MA>1cBh8;e!jPZF%;uV7S?oGwlktCNdje^4LS)hik|{W$F@_+{ z`&trjB7(L267W+h!92JIX?v!>7BlbI`exZ@F=3}C)ZyH?paBBe7Q ztkfO!oec1wEA^5}0e|t3OiJH@TCIKUxlJK%>^TEC)h3}(R7mbgya0^)+U>sYPP~ND!J>U;YdiyziM7TR8wOyzt%3zNtade5}lcCQZ zUWn5%a2~D-RxIy4RIFVI*bXACaPS#nBJV14yfc%z;tej0$?8pcK|`7hmRK469W99S ztw7u7SDvYVM|YutlNEVRHXD6eVZb8l8T|5~F0tcL2yUE2~S;tZFs>%c=MKL;$bPL{q96sMtY?KL<=?nuM}{#yLTBH7a~oRXFW zx99owp<57+5eJnEC+7~$ZWMbRhOhi_QHT1-0yzDkW2ME1Scl$*#w}zfKPRV;YBShh zZ(+#ns}UBq`Fq6;vC9h`v+{@l~rV- zFSJ@IHC{d?CSIX|u-q7ps+=YK#mE4B@>;=6%&zWj4h3I}}H600s+@aCNqd zQKj!L;;L!8V;llQ@dVEEHa}Lo12UIr>Rpd-fEDrU z8tmI_NFsjBUF82IFa7jJZXk&jLt}R3dP7~rOxYus^DMTSkq9!*jXDP1JIEO7 zN76`6#}5AJBoTDIm8gP3R_-&9-R`74Mn*|ZO(pMNP!rK1xseIqRndprc&b(Zt3qLc z^RWOXsqAoP?S2%=oqElYjah4$`VQ>msqm=+LheX0R|e5{aFfgtDH9vDRsT8qN+ta2kQ{$|Cl%*_<}v3>#kESmbnWVTWsRM+!*`Wo~Ad@ zv9;^qTBDmO*2GDM9E%RQoQ_N_a%^FZ>CEHPv%6Hx^b@I)z@k+ddv%)F--h@n!JN>mfB{s^|9`!e#VG@fM2pBFk0zt92d zD|1B@pFchCv%fl$P1p&=x(<2U^@`<0PPdxEKohOyQcBW}F>ltqXe_Urn}n^-a^(8Jm*OjM<9@4*A2Oqom9-Y zuyceIT?1h-0f0&<_M4^{_-D}q~eomczU#O+L{_B4I$V|1^ilzk{=evac93r`LE-lS=vb3j8t zw0KzvE;5+LXvdIX9Xfv03%k=`TIQR`PeNMc$|K8AHs-$eYwLSjDPSh(hqSe~%Ex5a ziScTxo@HNr>&AW~+@dRyfOfz!CPq?-Y%;zm3!zot3zdp^pEjyCQTh z=giGuGfc@DP$pY9wyp7;y!o^C1-YSq?B_gdZ3ShznD$!$uG`u3PJx&KcBisM%U?g` zW3Y8gFoFqeGZ1w!tY(ZlidemoVx1n5Ei=+qN>r#ODAaCrAc z6Uf)|ex2ov@G|!&vB8<-pCR=jj0&vD)>Cjdxem=A_O7twbp_bR6(PCb%Qdlt7?nz2 zYWsO>WZCq)RDO@?5l%7uhY>(^n_%OeIpK7cX73A}B{y2e z)i0riNMH9Nc-`wcoa=*J?{*jMtRPtR$;SP89teP$v!0W8za-xst0&`$Jkic1He04N z`9;r2#EFKNMIFZQ`G@d#S{NqL62f!l$~CJPoY+bw6paxxjdgCjJc29zbXK0-ekJ;D zS`~O&f9_x1h$A!D0$ckXs$9Nr4z?0jY9#hRgteM=BmTqi6yw1SeM8Yd`wLlio3Zu3 zEO?N?g~}Y&!dCA2A>Ki(v)JTqN^ZO1k99&@VWSqCEyp>V=5rwcn`xk8aA!uI-&lo$ zp7{yM#+S)u0eK4LBIyPr%5tm15_i44u zIRM(2TnR`?i7ASR|Fi_Oy*j%(t+Z4~9m>mkm5;D3-6!ue+l*$c5_WEItPTQ?Nqrtw zM)s^Z^$!3SRPWdlp>sY54&r{({m>LYYCuV=Fxw-dZsJZR_tIEmt|#~R1mf9N{+lXr zZLGnmk!P4ZMeSQ8MXL@e9;foe_8ECgPriIs^043|<2k_Fozis9gwtKL`tiBYoZDkp zft?HD2h@j7lSRSdWzc7(ZMF|NK=RB4*K8`CUilL1MLWAU6!00Qa#3A{=s4maF&ple zgrEhTw{S)Xct@l(J%B0T|FqorYXfh|rO*}_&OuYEi_cL&F_Vwrg?cA5_Ixz9+nsaPfJ;fTSzM8pOqFwkBt2`tp%vPO4NVvO5m5XevELL2*|v3Xsg~ z6DoNxtxgby(fUeuU09j%!*?F=g!5YV{Um}hR|uPk_{i$4nAvKN>juV%FS9pRX`BBG{{X~jHWJy|c|-g+DIx{nbHf?X@vtDDNg z3^3TKqm9E_-<`USEiL-ee<+i5{HO-;_4tlrg*oQ^<(zD=?|Mn5dN(b!fLsqwfv}ts zc}pU9jX#V|z?E-Olp|Vc;f&U6?hXSuvTbZ1%Ex^Tqs2xI_%mxlP(V z>%XjNXP}BS2J-CMsS)-wDB2+8dn+s1G4_Ayq7qMQPlZ%hO%_el;&K zTABhzKJ?$Fe}Bf-$6p9S5eiy$5E@<9&Sa6&nbE|Ro{4RD$9=^YjG8nyx%TsL^IEkx z>wWLCO`pX>xaA?(3XlxsAFk0e6PXGj=^ov-SmRrC!QE2q2T_2RwFaf#LXk~9eS?*g z)6@t1sY!eUS2*psV{d=`O|LF@|GGK6_}ue0CmSZ8wR>eNn~I^XEX8!%1f4NMHhiWk zJsfba+Jm9I8QHCBN@#peJC!;~OUu%>_wWBiFCYSF zA&wg*LdTig0@~_E?9SW$HwU(x8uq3}Ab==8Hh~sZuJc?3{z&o&0I`^Rl9Bs`4OMQh zO-)CnqLV9VqCK6J_F%teO!9aDCtxecN6|9ld#-Rmn_C8YNqK)agcw> zZXYNYPG74)zL-wD0+r$rW8PG>RYOkHXn|VOtMyMq2@Ny zrGJTlI7+0CO)_F`@c0Ybor}cCtbGiYD_o71*cv_J09UPXWIy>923|WqE16r(33fkQ z6DPv?$-w9Sb9`)0f&=%6DQ%tByziWsCr)y*QzrD!P|1SF_p+mwd!(?E6vGsQXc<|J zDTk@IZrEt+n`Jz#PmEPk_hf9%>w~@?e`nSy9#Xt&=GHMRed1#%sEp0s3PGaB`b~`= z2*qlWkJGV5cF3|7?c4^^`5aVTzve$*(Oc()Wh4RvsMT*XVxKlPpMJnxyQCf~cF`T{ zH$aOGVar%`KfLFKWRbG59(b2s2A{2FV?Uoh1I?bm_5}O1TSSZkI2w*G1;3&Jzf zXW&R$QaBhYJS{i%rkS#c%f^s;9OpHf-jSBVQ#wTAg~FiBgV{sVOV&hB_!ZSx{X4G^19bzhJO6GoB>YaOEJpN5 zb59H*yDo1Fe=yxo^l6Q!Aj^9{muuZ&$UBn^E|FLTJ=-=v23Rd#(^89@3cZ8_!^=Bi zO?@bt)TiUdKjAxAs47}1Xe7DWgn%G;Pq_9sY-_Pzz5%;ne1*C48BWc+(^avLGa#F4 zzq($A^;;wf6|1u5BvwmNAwn37lvO0)t8xKQg6Y*C0 zCjD&b619x>X#E#!C5zxgN^&QTg07-)bFlbmOmzE7N@FLuq9z5)$(--kCC)S4;9WPg zRbuIk1jcav5RY6zUt+{;E)Uj$D`>o5VhK23!tyE=~0+5^W4Fv_$&X`bY;r`b_&&h^Kdt&|P`kYND&OU2J zIP9ZhFGO(+ngWB)OhI@VxeId5BveZ8c}Aw$v76x{me?MX;PrrBepTbNdL z|5u?e@M4ksZ5#d-zvFo;2kWpmrg`QK9N02Q-nl?0PbljLQPw~x`QI*Qyi4-elhTi+ zCgB#^W&e_qI?dJH&{|xDjGYI(zE>g*Qc2>@8E3d(@Qi*s7P=e##1foURrmQD)d-vV z71HKY04U+>!4#e)aTB)LBf&9@_y|?2{?FKfT`z;(nnrRu+z)Hx1w%@wA#1G-=U9WE6iwS6H8$t98~>zS>= zFjVeorc~b>cjw2iJN>Eq@wi$NOk4|b)4{VoC+gvqU9k#7F728tdZpi69-TA=JHajY z>80i>o#Q9KEBmBMfD1mQtAL#Cz%2d5#n++qC*YoFKhWLmvtgt!r@$2BJzOQpOu!{8o&P)l7Sx*;C>sI+hiS7E&x?XNx{hRXKg1GSQBh;X1@Hkl zMgV1 zQwZaPfpg!8cyDqf%64}0ig=tMA&94N=2@d({N=L)AD~9D8JGb4SA*moG6N+&51g4D zpN(l~KE~P#@_ed-9P-`0Z3EagKNk*LTidr`U6r)enwEE=-_Tpz$or;)p@&_rZ&{20 ztYr?VBjpZrY|vUJiW7GLpY^G2q{zR&kcKM7Hn=*nHvl;|dPM9f5f!b(pg8Cjg8aq; zzPwuW?}EjUd@@)9^m8_BC%xY;+M{C_in`!!4ZH41SUKAIQpW$4;o!&os50FqhON}a z+ys*wxlZ@USV$a{Z}8iYsd2%1m|BV2US@@GK&LojS0?6@`e13x&xqS7tFkPbF2}6i znH7Eb3m$&Z$3|OCe(Hu4k-m+M#ecE+xUYyphBgPxl?Qk!GL`u2LetqOZF0V8&5+!k zva?zcXG;l5j<=bSP_+}12Yn_9&f{^40}TrN8}NokVZx|*Czn9MkXRgSw|9DiUiVGb z#=_22v_ko0hyt)}9cb%oc#d33|40#|vqn@Sv&{IZ&N!+7=E zgy{h&Chhj!r8*dFV z>384>;joAHM43G+7Vb;jy-=qwt`UFw9ETVtGgu6kw^CkYp7SqKra+P&v^)G5=|hU=FCMv*sHr~k?k0r9rXeaZ zi|9DO4vZ!)0U2=NKp~0KtzQ8Qqz#egjj2c*)&Qtj)~S$dC$c-HJO^Sm*%tuFi-Zmz zbcVn+4eq=D+yY2$-A4{G8K2`EW7>8jBA3e624HhJI$zN z#y9E+>T%a2ZIDQ)`Rv%GXE?`o)NpHQmhjDmo>(-idDMrS<8|_Jw2%Aji~?PDirtI% zgHpg(6)!b6{Yg4EYYqY8j=Gxd{I$~~;aZ)_yau(+--77%T2uriHqttO4Jzr8b$2q7 zH1@JCTDq*%c`Y*hu2UxyqvBO(?i|P47c}T3&LsbpFw;>5Ij64kzGayKGV;Mm2=)7x zKVNARih5QSUI&gCy?dqZ@a#@h z@hRJU5Z;!dRyhH~syU}a)_0!dv0!jz?DK4nw1t1yi zl5TVDj@&O1W+Cb33nPox4%V^%a{D`Bf@Ab_RFX6kxpHrp8G@0%w<#4mH*fQlgs5}r z@Xka#Dz@xci73#>CO_tfr_TjnjcTLV#c8{?_sfiT#{@ORaYtf-j(Cr()%n?zq;%DS zdP=K)o2ojkq49G+e(4<3QhOdT`7v4{=9iK}zFoOXgMJ9M5FrB$DokfzAEZ@&?9xlY zrifvP_01iBY2NlQEHL5P4yC1buyWM@p1adR{9K240yfljDHt{pWlDC<4?UADUc7h& zaGhP>Sv#&cjXa-?e1UMcM#GYQ6`cF-Vn1)wukACq5Z53APrBc!_r1_P1{w{f+A6AZ zZoAD7i0m!8OU(B^?)}Sltvh2@9I=xd%YLt+(9DXEWa20!Q;jb68d0*V51Z5^RhIXD z2z^EWXY-|3N@WCHz9`QxE_c75@}aTnRej@F89kwWR)(Y!N^(EEsGldi(9R90kZnUtx`g+@l5XL)2!66zrY2>_4J{mAgIhI7&OCHtF>)L#b9b*BK-v& z`rG&d5R#mN6c1LM`$||X%vwPI z>Zj1NxilB}5ou)(KShx`C5WQBY`$T&%2xQZLL+9`+!E=-P#}iZa$hJ!zDalDm{TL% zK)jp&3W{TyLJlQ9$C+ns{8Kac_@hO?cK-Xkh~+%fNfg)K+=y8Sgz;6=xu7C&95FSC z*N$hMl>?t_OmZFwf$01H4S|FiSvJ0QMDcfrtl1R1_P~xLUGxFR^-6dE8SWY>(N^#^ zZTZY~amM^#R&uXo>i47X%P>`uh>sERusD%PAB5FZW&o~R_7(Yy@SP9*WVJ%X0xw40 zBQ7qs4bI4~a}SV#aI{L-VXyD4kvH81qAIxHPIzPPDOqmXub?2V+Ez!4a|~KWFl-$H z;d^Pcw9fN!PZZgHrB-o{V()VpD!|n?Lg%DHiUwR2QiSIv5wdg))w(`+5fCjQ`H-Z) zg@1L!KB(fh`h}_D%8hCyICY7&&ofN@5F%T9(Ebgr&Sn7pOBGXhxBmEfjHco@^zWTj zdpMI+&ekV<$nAk%+dV?ktl<2G25$Cm9_@HjC--YwBWn9HGpl+*^9q{wVGv$$MNOUe z@?|;{F9nva{4L@Mz@uzMh_gG;U6qkNOVy^WTm0_QdiX1ie+!`N>O4*Pj~$<}ed(gr z_H+r@qXNWfLUoU}bLCf8-%(t5RC3d@;-3l-AX1_!mvnpY!reZOz>3YJ=>nUWaKH;uzTB#>~!eosKEcLXcsW165B~{N;StVY11GVHt~M{MPENaDTwFkF?r{!WQf+`e1YaBYqaJ zoO8vxbG-iCwLk{Y9{RyjiraUV5z50|ag7GXb04;EhEg&@zWk6v2nQnkz@X%L__ST= z8W6ve@)Z~EkbHRzjVPjb(V1hdmp;Pb*Ntp?xzM&Ca^8)7J&1+qLWvAxkY#s(8_~d_ z&5sWhT{BeCS?+U>k7u8LP7h>miTYVu|IlxbpaszABMHH>R8BgtDx-{97ON#i6I-zE*z6#jUf7^ z45?PGF5G~(mPzCEGdq~>{*6#)Ll3%;9#%e;IOdDg{reXCI?aWn$`WOb0jN)g6H({m ztrCxaZ}lSqwWKWAMd)7#|0p8OTjygjuFc2SA&J ztRw-p$R6~T+xjJiVLRfiJau}nebxUG4;BJiLiApzWS~g-^V-b1&d4zX5h5d1`kjT^ zJZomJ>qiH!eGBdc&Vny9&7b0j@+H!V7SY=#5~+W79yBK(MofC?7#E2)SEGT!n``y zHGxhlS&_w{la@s#Ht?7PxJc));MB6*2y~H6fgOkkFm5|AZ42)lL~vRW#vbT!lO;w( z3jL_&&H^;%wFuLDXH_`($xMAvsyX$iKkKfAhd_M8oZXEtrT#)--P@Lo-N>^=tDlgr z$0~ypu1*ql|ME#&ASP))Iw7{VdBehYn;JA<8(Nf6IdBCIplIO8;)bORVQHmSwaxM* z!Qyn(?qoPzGgs%FedUT*8!uZrQ?lKfWSssLhVR7sMy~mz?X!OLLQ+AOfU`wXzU_`} z((s+!?Ugsee$+^7(>`so<0MBWEn|iwu5h~9snK>=H`09J2zUB>ZG9wJ@J#Hr3aZ4B zFHU|lu=T*0hz`l-*5hFOaUr}ihi?)@;HzEc0?Q=Q@}q|sVhR3(1ZNb(*BU9)bfl_H zaTG6z3|}AQ-pvR!DL`K51(0lmV2kpOEteFl-nh#K{ZAjy5FS(v?ouWH;%V6YALCp> z!Ah0oe-H~TBjhE)P&{{#!bKg*nBtghLDvAa7tWN1?vT6|b9liyc5_X?BR{hpxvq$& zbOk?gDXuAkSuR=7y@c>c%BSWBb=!4CaO3|ysQbSMZ|}#?70>?P3uqz*>i>O@`_b{X z_&Q@d^5_3P+dXkVmfuGIhavr-t_Xc%wd!y4{tGj5{b)24& z3wbh}yeJBeTzf0IEU>@(_URj=t7%>z14*gR5T%bh zw<&&i+~!q!Y8iKzlRTR@6iK01L&Dsq5rP+Hl?`fiTeTnTya+s?B5A{ z;xG-`bx9)Qzs^T)08^}jv(bJP#It#sAJmcPZfru6d_By!6SNktjTBo>Z+2*>PJYhmU3vg3aYE$iP&0&iR2AwN3X zhZI~MiuXbSxJqh3ag8Epl6g5J*s}2gsyuMyAURGp^D|{10$h%2|0DVY6jVFSBG;ku zZ{$V8oUkMx63N$&!$etxA~!Psj^t8K@oeI7L6|ZG&@ND?&U>zJ^SdB_x_9SF+^g@7 z5K-o2N~NHl6{?v&A`@AJ+h#KIB8q|T{>~Vyyt)z5atN(!itTc5&Wcm3?oTiQp?8D9 zTMzHYav~n@vg*MvZHKuIg_+WGINI!zz81WgJ2L0|r&fNb|an45k z^2Iq#_ib`6#Jp~(&_R4bm)dBc4*MOj`NK7*kf(viI_>+>7Qd7nr<&wbBhD71H~1?r z$(AYiVjV)+ZbpQ?=AOUTCL3o7d3#1Z5)Ld}c2vss7aCP7@JpY8M#;J$;|(waDR0t* zhn})<^>zpb-UWY0a1XuKF?7vn!xUl>iJ`7~Z8S*yjh|wyaDK2wgc;NwAV}gsAALrB zer2FQl<=1P7uuQxy#w#DZ&ymFlR7~1Opi_-iOsvt4pvFDgdMs*R_Sb}mpaC9U3S4- z3exYAeEEYg>%>NZHr}Qb4R)u`7xl5`tfn+JP@Dk+C6*$RNnsA#ZhB13^d=iER`LTx z+ANOfwqWhhPk(dmF+!I9+MIu8i>ay!IN>3FK3da!A-KwXOdI?rR-cZ9=or~Xoao$u zBk5CR0A&#EVO2)9G0-K?8eQ1&z38xNnoF^V2jbU<#V_0q&c9(YM4jth(DIK4yh2kq zw``WRQ?Q!(C&@@gf@hG{I%cMO2(Ie)FDjZFu-dLcKT+aHBPgP5+vXp#Zhn!iCZ`MV z(aHxg?pGA{#4_ixFN(vguhV2{cMJI0>(_)+J++qv>J9TO&qUSF zOnUz8`z|2qSyr%r&+G`3VG3yYB_@Tijcx<#qQm<$zl{noMx1Eh7%BZT-Ii_Jz79iM zO1Ugnzta!&Xa%=$tptA+_2{gxY2WjvttR<>I42LX|!;p-s*U(L` zpw1leI*7whrN!ghJRiNnbAh1wTc?MIjukrIVrp@yH>0B_ z@bXH$Om+tiJ38cD9bR}m<55i+#5TbNf6ft%Gy804y7Oyze$NK~nDWj$tKYMTx!`s7 zgrq8CAe5Z}Q>Cnol#yA`Bj;y2eI9|j^yjkq$phc_NO3kZ*=5jI2BwYKv5lUu(XLIL zTJ%^H4=UJQG(?#8Dwrp-6B~SLyoWs5D`qk|-vYfjd80P(j7CzEo%C8UTK%XizpT2x zr|zgB;!Cnw$tJhxSV`gcFwLyq641sQ<%!||p7HNn-Tp}zUzmzn^^H-bzQVFSpi<0SMJ8#`1flF0XLI3T4lu{dx$V!9GfHC{pY;i^(jw~-Ru zI)EUik96vR0IEQ`abXtsz||~#;_lzX!^koH2sV|&!cbQvpptL~+4z8=ucrcV7c zV3JvnI57>qwmLgliZGcV%VM?+dp^OqCXAEu%`0X5`h96|f~LSnb}U$KH8DneGHtL6pzuyW6iY7(7_o+u3reQh+DzI0NMDSXG{jXHN5 ztAp3It!?xA`&+E&YxBQ#yc3!||NC669Sck#EZW8QqwFyKRW>3ueY#|KxTwt(e!V z(^D%*DdLh5Gg=F%XV9DD4{ttN^P~i4$1wa(5j5-gaVCgyE)Y! zagX+Ip7FW`6NW!Z)&>;K|6)ywRBRLYINRGMDe3iyY+b`sYKZK2w-ZJF+EY^^^hs0$ zb1P!k6%w7)bt`6Z;g7VLv3D|&n!kSPzrtjF`JS!Ti(>cyt7wz~_JJu%Suk(0qi%6J zs=n;#2ZB)xP>%buxYD5X6|C2l?&_zyuANlnOpR7{<#Rh$DxcL0%y$_tGr23w^cKg; zM$NwmC2@X>Dk*th4uM>iC>znf7r^KHRe^@&vu+ng>FiixwCgu%QcD8@h-~+FO63sDQb`q_ z4wHV8AUO%wK$1F`B{S%j!3>Yi>$z6FnZX}HgCQ5~ithH0B0QWWQI%e(uOkj)z`Kq( zIuWu^;fU~w7in<(VM!#%W|Nz~hV~-(^EVN5hX=|!vX>;NKx35#cl$QjYQ@4%hZN_!tMZdaHI%rs)CR%OB#H8~jh5QVB+W{cIjB+3mBV zlhnLzy4w9R$(z=Jo6fzG>@>g6M^p*Mf&J zTVr4e&OPEG#Zrkf7uMu+F@3EBN;|s4?uF)Jk3NLPIhgJ?-gsCP72_89l0it|g7AY)D1y1oc^_Dt$+Xy9h z50a8HChk4C<)H&j+!lAgJr9%Dvh{2-_e^=&14QlJWaN`yuU1ML!XBqIz49Z<%b@U6 zS5GP%-)0tP3OAMaD_+_(|2wg26lwQ%K znBV5xo%Ac%eN_29L&qLJb~@}LoY(eg>^AIgnFQorzo5doctRBX36ewy-3TE&0c>Fn%wR&&<66zaz(Yi%*m0b2PmOi}n)})m0 zAC&3NEaHcGfnz=|-ZetaDiHi0(55lg!=I_7&&Yb(PJ-*gbU%tJFU@gr`k^1k`9ZA# zBxgM`y0P^L(t%zq+d=*1I5X+XvpRdv!|VwTQiNhKuF!i->pq`F3__chBS2$2MXO^1 z7>IW4z#Dlf)0LCgR+6I@_=3`{3W_i?8}|c2urps&p&M9J<~cUKo3Uto=BOtYb{LXJ z&D0wDINN;iN>!G&CG-z}H)+D9L2NCd+D-(XMsT7o{#)|np{A;JO5Sv1kKKFiHHQBW z)Icl0t8>=KUzE~*Y7wVFbI`XO5BOSg3RG%#x~ssE_l;{B2ERs53M(VN3Sy#ZrVp^F zhnox|9-u4%MB^3XCT01C?3e~L%MAq|!Eq7G4_xsmRSqQ#?cOR*J0 zHX!yd%x-h;&poP5G2C~&t0{^KQmNsV?pqsk}_3T}lr!jn-%6ejol*q}giOrfmr8^&52+{TE_;Oe7C8 z209=RCJ`)1+3AFAE@RsrR9%jZksvOM&D_C|dQ8=A`Hf2;d|mxwp#YgAKoUu7B7iX zdQNK7;zYjj^@jkGQdox{y-F32bo8RIlI$wM_#m2)4tK$YH>d3gKuyS4J<)_ouobUB zMxxbuZdH*_R9hx6BKlfO%FwVq1i(R zkVh5LgX$D9x4Pu`kznA8h;+5eFU&JEdnJP1L@*w3%PCju5)BTf04ubpfFhNCC4?>Q z1m5|Z=3r`08mVpiK}AZ5)Xxc1LxLg% zipxOY%fwLM!zqMud%G{37p2gmNwT%Fv=3+; zv_MS9>>P-jCdm(_CL}O5V(F`wNO3{!P z0HU}p#0gGsHmv|Ea00P=NUmxIDYGyUFd1tD2#AThhv$;PQx#SkQFPVQPD=(3DwRMB zSx}&ZMM{G-ZzNSXGz!ox3i({U008$u+JpciBau1(0Q1!`EMheM6cZ_odAo|3%G=!H z1x3WQ!G2?lfGdNFgpDjp{z%L)r?fV&{_g@ZNeXvW8%$x`K_^;AdX;CZT|pq zGLG)o`7tv=z(MI-`ITkcXvgd-I;_%9v*iaRMsNnwqvfv?&;`ibE%^KbZ@ctwM~~(N__{ zbzH||x$Kh3;;wfE5LW~SIA`AwUNiWANlsV@qhyBYEabQ{bYa7kb5}XO2uzJ7G!v5@ zC=#*}9H1;Bry`+zUCTG*hr46HbE8O+N|6GgfQbbL*4$IqUqtZ6k3&ljN)uXWphcIIT|s9eywD{V4F$AX zgmM6EA-EVXcoo*b4Hm2dp&M-yPGefjWhw}=mgG>I3#GTr0Fa(KOCZq{EZ*QqUc=3S zCSzrVN^{kNw1ZhvmR&L?*8x9N&2L0c*EIXFDEy%p{N5Md;!f3q`j?hiz&Nxu z4NgcS>Xj7Gi_wFq;TV1=;6@jRu0?R`z}T^6U~ls_#drA@Cd6UHKJplc1S83%0~4?V z;6C!RDhv_g{{U(n1C>GSPs{*m1Rp>L+Ff)nt=3s~Yeb{0f;~9iA@It7GIxpOco|PY zypqPia~fG;#nd8nn===VHA(xiq}j>hl1W*cWt@Uy*3{$h%LrA$b~Y=5hXLP5C~2Wa z%GKz0%AruHX|y0d#27i|W1eEvqOF@1b%<>utp*@7a_xt@55M?-NmV96$(T%(!kIS} z_@oB`wG07Js4b{~=wM)Dx`xJq%&Gz@bzqV4Us|SWa289tY60e1Y$e6Pb0eE5pmBy7 zKg?MMgoMQZ0DsPqJ9I8cSOfl3chph?Fwnwg20Rf(g0vV+yG{}ut$Bc@n0W(X{{Z1w zdBK=fv?j1tHiU$9g}`Bun+J5z?W8||tIC(}5hQCzIat7C%LSq&#C6L6AdzcI*g2 zr!y;F`@9mCLY7cJP*o^d*jO3_CLqij@L-6fVQ*(l>F5KCX!HL7=bM=$0;EbHti^X* zmbg4e!|Bu+<~zakMs{;xwKv7oRTU#G_Rx3M6=4cqYtcZc_MDWe{#N&JCkKgVmGeyiiuhA;!WF~(~m+B z7du%C^UO(Jf)=^(-hA;Ap`y?n;;zkJEb|r^IhmcS@m~E#8!8;(of^rUd&JaJH#i?S zy?Vs=R-nL@O7z1R?eGf2n1aWvoF>Jl8c`kWG+OCd=1uIPMc{=zleMnW))c zAg+G#YZltnbVjjGPTYo--5@%VEvao~Ye;VQ#34 zn{{td&=Ii#^ZUl&)T`)F);GB2ObLD6@!}X$wu9J9GJennB9K~Ys@HeS0L>bDbxVM7 zqM&@$LPf?ztIlB|A2EBcL`qP65K5Q5xPv+6RdIk{c835PV757kMvb>{p+p|oe$d-3 z%ug(REce*uhDc&P%LWQqn*Dzd>3D*^#fmPbQ8=&v05`aa<%WXX(1E~z`G9DgT>5|p zuA0rC{^M-a!VHjEzi8?XAf{~+8Dj=Yj^&S-GMdQ&*!Y&rU8o;?ppvn`R33&P218Mh zE#jl@P&V}&K?Ix1JQYv8T&_r$uNy+kM=H|#T*~kxS$V6*ygnr! z<%u@CHZ^bi94peY4b>M$MzuG6F4N@Xb<0N(TdQ%GvoQf00>nu}MdthC4 zwM)Cjb=4jrxIKt%wGTX0u*Cqp!AbJE5F)G_H|ZV-77JF2 z_Z(Cxq7H>>jb@bjlmnU|VYFDDVN4v(14HP+v36a-h*f!(nzG8XzU2VBoaV_$;smbX zUp93(xz?@zAO2D=>6w0J6E|ClsFty|VpC8=&Y-PKu5kpQr@`3cg((A?d5-$e!bAC- zk)n^d{7v^9^>t8BlEsznE%}HB>@I`4<~*?>2;N)IR(nKrDG<`Qsg2p5vk8M70I&iD z=bCQ(M!*mhqn(=X7TWO<1yN)i;BdyX%&lQ0X2Or(glcF_-Spy9#z4Vm5;}Flin+0(uTIQ^mCFlP=P%8 z!c%W>hwGk9eS z*x{wqX15Z_(h#KrE}gg3)xNf-O0;doULI}$6=@A9$q;j8z3Kv41_w|!xZElMG76KC%ha8(vru6k9;r*4aTVKiuKS%x|BlZ%x;6jolO7&%K{j^isu9f zOb>!|$FZ1=0J#F`D`%XKXx)C%mb<@G<9yB3h(Sei{I@SfuXY*%%by5}+z9sqSZch* zK_Vkj&OpD2f&pAC#8pVN%#!BGNjh}zQGib(Ek9Uzu}j_L_(fV%tM=&l`BqS`Lsa~G~Nfj zp3=#N*wLT>((Jp{!WbF@#c_p>71y*?C0%$5f!`U6b)KhXnejmC<2wEpc)u* z>k{y+128*7kwq1l;5bUq%ailP*O^1ahaMOP8It+TaV%+~z}I_^d5dl~7Z<$suPT~q zzO9=f##uMCLtTa8xC+>IU+#WI~s#a?29!KpHot3@=Jn>oElim$8ZCiBN>G1I_%c^{?9{r`Yq8EW;>j8te zdxlml7ZesyZJde(8Hm-};hrzVpz{g`41*^1tjzJ4Gz?d#l+-LCbWu+(^8jmF!4)pX z^~QBIN@EPkuEuiWQ)r@rbBDL=;wc6iCROk44Ac`1couA~Ukpi#;0cXiO7XY?XcFEz zKXeN{Y`J-MxZ(j?intb)$TPAn6fzqX#;%sr4vfsmk%9dn;e4kaKGUTcY zRV&SG4Aq!EYu2CQ0X9I(*n>b#l=D>l%bG5tzn{D~jsX7vlrCV|t9;*>X~P+E=q76= zzMVre8J;gRY@Ge2=rKhsZ&c&=f-`-@6x|=w3AVPD$7jdZ5Qv1Q7kTF-r^zt~LW_m? z2YzKu&9la^m#7{fL=gpRr|gOiIu70_Tot{;5CO*l+vCi*=nPE;f3BDt2ssn}nCe#| zw^m)}$$34YLFv82d{pfyD@Dj=_0AHLW|Uc@9z

    g{W^ePqs^f(GpZy_X2R15ts9*+e`x^rjJHW(EI7LfkBp}%;$Xz6~a zLQPwc&>IM`Fv1ijOm{u|A-(#a4dXkf5Vv6S0||Z+7)h^uVE5C0R-3#dwVXLw$y|4m zvLY*Ziqcp9_SSS<3g4Tybps5olHE!}c3iF=FAr3FzSeJOK;9nWTHzW;0StXs?XOcE z%CdgiDi95_2y%VY9q9#ghY+-}Jb>G6QZ<7GtTicwd2b;Y^S~&z-|H95<&bi!b^c<7 zv&Io{)7uI3(ikEw&Wx6(&(d^=uw;?CkK@Csa+8Y_oh zP0Lx~w{lfV*1A|?to#i#f7(B~>|qzbi$zJSNw5$5L!#a6ZYkdA%*9VXtIx0>!^;n5 z?v@L`6jRw(?B^3VOg<6HFamd^ZB)&5?bf0+JG+@ZJJ;GNDP$3Wb;@=jT^kLUQK(gI zPn-_tDoNhv%;Jn3iTmFRwY$Q)a{rF~-}D~E!Z+Yyg9NDyx!*!*6%$O7q|DI&Rt5m| z$RmI&7k<1q#r!`0k%Lkt?;c9d~8X z3QA)i&V4hp*6{6#0G!$u)ySDmKW&jN#dQ6E1?NCOb1!lXZz2irraK3iZ6f>?tA5(# z|2zyo=Wu>=@FPYnn!rt9M3z)wCa#aw3kzVb1!g|r)Im~a_E&oRKh6E@!J?&mE3~Ye zw%`c!D6|Hy)ab}5exk3}oJPWMECbZUnRSvLKdb)Fp0Nr0Bf>k4giu&CWEJDP^;Qwh zKMVvqvtR4gKO-{FtSH$20@nt^y1C?*65_`WsTBLHa>=9(4mA za22k4A-qEAcBNTi7f@vz01)e3pd#k}O+&wajlLb#eKy_V{&!YE?{mlIn*jnCc>EL` zOd~oYoc(<&?b%;OyL(^S#;nzBuOaIx_437g`(UY;p3(68bkvS8_o=z|41 z4gwzlst6zk1pvQ@q(?2~e;gJ=XY%b6o1*QL+;#?us;ITN7BNw`ukqd*b^Y48AkVrE z@-`6$C*O+BFI|RZJDGR(@9=uK@5wRgB@f+84Y^RJV$3g|1=ZGfXjZC}iJA};m~WM= zb{}!7z3g}BqaC|f=eCXzag|na(w};}z~3YoAkfX?46i zwlHPOED8{~1V9Z&w3x(EyP>~n=PzD|cRL*492`Xtc9cM%5J0j(T?=RlCoYVL@fdat zfBK6y{`wV4`QuoM-i|#BAfrx#GYzOf-z0)%K_H-@E36VO(c)X1D>f1FGxqUTm8YJ8;k>eAO$k4_O=eDs5IY_kOS7fW+&X2grgP(pqMuzg?$+K0R1}X9ugMXSWq3L4M_e5b)FjWO*fj)U1 zE|I>QcQ!EM-pL}ZV!0-9)c%jn^M!X>o(gK=Bm2qfw_Mu1i9)B zDH9O9oo6aHoH~4(M=u^gVQAy{*?_kmgJ&0{Tzuc!Wo457(BPlGa9MgJz-{S46EAgj z|5y;}%O0pU-#N{)Qy)%Axq&wUN|XC4_fH8+xtbUE>ig_jAOrKw7-s{6t@>pc4NTet zEI@UQ&Wuhw0YyQg3sHjv#_VS)vp68=fzQE5=fag38g3d#Q(LIcFBaT1Kof~x_&Waw zDsv?4oYoJ5pwHH^XvB7q{Ubhx9hdkq@=!=WTwH$mgP*s){2DQ$yz?iMdaWF2(a~i+ zkHxyaAm;_qvIykCU(x$xas%x(t|qX-J?AtGjGlqnr$XpYBuyz_STG# zHVlu$=Si|9rSUyd$NJba59s4F-c;Acl*RT9U8s9e*T`>`5eX!EEh;#yBGJml~xwYVuM@9oYxIbG6C zf@Itr;4%>D0?-2a@Cx#@x5j?8?_4$OM@zU?);qI;()3xqij&RSA-bYU01(*Gbxdf!}P&sU7g zT?6>w?iIpUyCwW$NbO}6Q@RKAWft06>_;{()h8!-^$(B5m|u{_D8A^O4r++}*!gT* z7S1KK470Ot)JebDx<5a4JfeO&Gkb^~PKbB@M71K$=P8vmPnOAG>AD_?_b}G^@j@&_+CK{5 z2%HDu^L^YT6tobyi-iP$=Nd*VOq{tRU^GDZu@;c3F)ZoHj#m1^!#{sPJ(o3~Xm3sb zW7UXrben`*01lo6U@0ROuubmDm?y|wcpZkm($WY9z5HWy!;bb&71KI=w~Kz2yPPk- zZ7LA6hh|ym$~KX{A_2_J{7fCesnM+|s+WtZYy!SD z^^+Ua`Kr!Am*p|k(4;$9m|f z)S9XZI~;;9zr46q$xRW*Ld+}wl!QmAKt0uy*z*l;0b@9vhYit%I?rR&0+YFa+4$eS zpbyO_iXIk$04PVb-8v59Ulx2Av<0x#@XQFrFt5LD>X!xBq#;grO=~i5fJJVz5CG3D zW!s46@7f7}HDg{|{?$O__H6cv`lgSpyRmSkq888{BC-buipZYhe?;`lPXFY^B7XIc zTGk<=^w205M}WNgkwzZrzoW4UP7uJ7H7o$F#e&W%x5x!BG*Y4mlpG$=l+6Zq|D=Qe z@R4Z!0q;AJ-NtaAA!-Y>{`*Q00q@v=?;AS}4NWfb^Zz@U`$R^ZlRM@K(E(5ZY7IBs z1PK!rbUa#$WKN*tXuO$U+D7Ug)IY*3@*21;6@G;7Keayb3P!>RiXi({{yQ3s3)Tl|z`Z|q z^l?D*gIg;9J6)dghtGC%(gC=cqt zmj`MKmnYy^GJ?>6djl;I7}<)2VLJ)1&~>-$Us>S1dF(@TL+=DPKOZD4(d(ML^}|Ny zVndS=et!JFavyZ%-MIi&KwT6l+lDt|kthQu*kBy6Byp6&afkdT@B2>`7b&-hU-hHb zScniJ4<(4~LU0E<;s;p>vIM&BqFC-jaol_RZ@IN$70#2J1lGe3k2fG8yKTOWgZuW* z#AJ%VzZ(b!8Hn?|=RjnRLh=N4U-xN)>w7rd$%TEow14A2rg7dL5nYAfS%rdYghmYa z0bLy2w+YhH#C3^Q6z>0v2>w_$qHB5&&Ld(Ta~UH^Sb9d~t98I50EkZ2zWi4PGUhCR zQ7tDS{txU?gIkGCzbv=7KEDAKFz(}q5yQWiMtS*|^9rD*S_l}uNsK^v5lpFYYR(%u z90tUa5&7kG^H?(K6f_51awM{;Wc&fktE733Fu3~H_%N)+Sw`=8lOgi{k8Fb9RD&0{ zMDSN6*R<9=8zMhmc>m8ETLgJP?<0cQ>ybS;Tf{<^^(@#H6y^`CmZ2VpXKP=)8ksqe zfO)1Uo4rghMDUFg!cKc`-1xjT9` z+CR(6?Vp$`y}T-e*&w=oa{m4AlYnYZm*-d8nm_3AXr9$90WcB&P4jz)r=w|?%cr&< zI|-Pq9#_@PxUZm-S8(Wav+WeX9Kb&YoZ81Tnm7%@Yvwz~Da=sTuza|;^nFc>pW$HP z{8P39u1v@d0$^x)p7+A#PN|Kf6A5`G;DU!gOI4bVXNuhf05VAY#Rz&GW)D5Debml~ zn&upw#LJ}Tb!f7G`<23}+82T~`n}5jUC(o2xrNbOS%bj>9%T7F09mU20Js^|00bj= zGVQC4p`$7AS7dH=PVntZ*kq7U0#C6wa_A-JXMT1(qu|mvo9`i8c^+vJ7`hyfz1m_p zoaN|Zp^B;4abvJlS4HQZm{@UH_h{1ziOdgmNmLS2l8dXX+3$6IPoJJE#)-%zeWtiL zy=B=M8r3FWKh4s(SKbUM1-3Y4e@uKc2pG0k_ect8M@KKO&UiIA`;xY-?1StOQsP_Z z1f)%=b5H~cg@Tq(R7!_yp(b548IZCsjnGC4LN%}A8Wkk(>{GBfs-N~i!qT$fLw8cF zZ)fa;T|@LC-{c&XPQ~C&Ct=X4T0Um&j8Q>64udyj%~E9cnf?{00bt56YqQx*TniZ9 z#=VQA8CUd}Kb1IQ&T&RHqqU12lan9baJtXgM!B`Lc@7+DmvzoXdQg#`N%oPR(ml(b zk4Zhm|1lbBt|bS~vT|l0Bnr=@5j_n2F6(jS#I~NNlFe;fM#d~0V+2C8r7dFJ-;6lF z?QL1! zI%QzT<-6~PvaQog@yj{h^-tM5x2Nlw#G2eW-YI=l7vuP-fv0I2qX3J;82KK=>%4gf zjj#)itoqaA48$%FRayh#8VjcZc*_KedFqSW)_#sN`wxi~jo#>Q8NKL|vwdHJ*rVmC zcbiWQmT;QajD?!6Ny~$612)@^SxjM5_Pwa*c?=F0`HQpt<=ZtX?KNdpYg@d>XXMBA zwOzuHl1`L_CR1H=e{(y9c#qK1!rl>?*?lSv%NJ$5DV}{<-Sz%szf;y(q@>{(#k#Cy zT0h}Qm|T|4aj z2~MGEUpC%*TYHHBHZ}@RGMAWT2I~sovvXS?)j85|snyXUsun}Dm>pX`bf?<#eVBG~ z7Iz-Fwza$$)&*#Hipil!IdKcme(P&>t&`)f?IHRGOB>ofDk$eeYq<5T16%gf%qtA= zN805_=myHrUZScTQuzL%q0@Lz63%_B%0xO~$>=!;fwHn01C0X>TAymnZ6&hP9L%M{ zAPJOfr}Xv%i;3mqGIiZk(*@Ji_D!iYabB#h)l0bo`4Ic+j>V)?0e z0K^URr#DBe4V)=!54~q;Wkj_cGq5fAaBXGp@KM@rDzPD~zJbUyyRD_AYg+~t={ksX zIaM+BypAu+Z%1%NC;p1p;Lw-=p13{h-i}pCy_cXk5?bO$^s?vZrBS2Hw^n@^l}N*% z=r66YvkqY*4i?0lHoMFc4R%-zj=JF)rnN_FrYtNHf{+UA+ShOqlu0FpP%#A(XCLnX>e77>wcv-eda`RmyK$-u7PDv?mXu{ zN;&h;<7~PaBPsaL^blB>1#S`Aw)7k0-dHto>}npyZN7G>;L zEf{HQhnd5<#ZHvTEQP_1lhr2II>owaCWh;K#}DX~2Yx|{^JZ&A)$kAGS>^1&l)P+y zZ{W4z(Cj+rFGcT`g*vLHq|=Zsrw65+`7p}mVGH3GfcwV>;QsO5B!GlAV9&m5-+1=4 z^V7NJG;fBb6ij!9h&*Op_vn?Ov9OMl9eCx>u6U35Iq+suAqqAMxHw}s`ctC!Gd-{u@_o;6i|k5FoDTs zFy0X$4S%Lm_5)HykV9WTB6pS<^StO?*HB#MfdJI4t_eO`hIx~FXY#Pj9SPM)Sd7;l zqpVtPeHNhJ!DJ09iJtj~8%@3fULdFqr25ezZ!2wTdRKC*Lw2@fO0c3VMWlO0j)v#v z&}@E&3F3P@NBfSg+a^r}YDoxrzHEuhq_&CIXnr`>nzMk+|lbZL^#jB*O z5-Ed%o423lNcSbmJ)kW+o$NFsljBSy>Tc>83-yqQmDnGZHJKShLP|mndtwkc)+9so z<-CS_SUs3H&#(O8V~H=aHq}|oE)FfSyg)$8vg_ZGi=Yhd;^}Gj@thpIY@6BWekATq z@~E?3gH|TwYdS6P{j{V4y)awL^7MpDGxzj~Qg>Sf9G?v>+eF--5c95e@{;^Md2$!E z5pg>xwQ}pj&dXH*ocPWgB&*w?at1^)u=^E6GGQeY^sC~xpS6(y`vGlns~Y}d3fIM| zgrdjB6vJ6z%YvSYJ3T#8Fbt`9$*-Me+%pOf$-`@jZflwh=U#Ij64N33E2e`filHs^ z7oc_2R3UpH?fpPv(EHl^Rx?w@=0oC&+IJK`oF~ysCJ)Iue(`it&V_Q$u~UgopRnBI!jo`8fFf@gp=3gN0#+R3lD3U^!l zXUv+PmcpG+a9=V^%hW<%k>+^?q=kv=6QyA%e)~EorH6Qkci(v>5L*vpeuoA1G+H(z;G2(yYd-xUk2J8dRAj}-rsh}%~vf*Yf*A_L*N9|q&r zKo&+4BL{?{RN*(?ze@tf`zm+BBfHYEaI-CdhZ7(T65L%;OIIvmb;5s2gB!YO_{$I! zAPd+!l{3C6FNqNaMgAYyVaW2`3$Trh1EI0Ns}TUTnh6^EiGOV)2d(wEzZ#*CCxEIo zNRK@B!LxtRvzqDBR8RHUZ~1+RM4nCGc;HSr0mTECv_;^_0r-zobSh_lwR9xuv>y?> zV1du?6PXt~oE^YaJ_*^J4>!fbqajGRE)4g^B6A|2(`NSKu8D2AzfA@0^|0%S+~!*- zIKM(n9sbiA@N{i6+{1x3x(|0H5zsCtYl8*%{#$-IApAmbah_c~NN%wYeE)?HDEN^R zT!!yRzde#g>vokRg8ybCj3l-}xIhlgkgi&cuL;t^1>Uueg3!7A?zLf+pqo#4*LAuR z0qR&377Y*JLL$%(g<#rCqywVke?$bP(Xhzza=;4aiJ%Z~2*th)3vE%s?@jH<$=@9Z z45L1b9S&Kp{9Wwy<9D?{U9t^@MFH09r2l}3IzohN_czr7o@@xWSiLn_0Sc@&0{e=mh{1SHZ^MJBhV{^+cVTT%-=$0oR9-T@Kt!wlI1_20`o~ z!6>V-5XzdwSV#hBbv1Vg>=S~;(1S1sGdIV+8cdvi@Qkr8uxmWkqD8%|rVVKaFszI$ zi5<#l!HGO$NUr$uruN)ull~LJ{JUb8i!S8V+_rmtr^W{E)1Pr4bap!L5~}~irWB_M zOy__lTW3qCY3Ja{shR2ZND;O{%!?W)k3+sQc~2&1RyC`XnHvsII9nv^4LEFE)RmC# z&YX5PqTy*) zEQCt}8rjd*L?x|4P zZB{X7d@$p}XoNXrX(DyNmgZ20<0Z0~)5k`1(-I8CZ997>EXzKO7(5tUSf<-z;9@P2 zqp-30<1;%QBd6J;nX~e|^tumQ#|(Cu5;cMTn4BWHcvNmjdjAk5@T4Oy6Bl1k!{49D zL&~vZ?rBFT`HfpjU{uoi>8Hh2qH&UP_yWnjl$|;%mI@uAD8;F5p zEfO|z1`#<5U1P3$ueDE(K6o!*?IW){ka(e@p+^v7I!f$%&{9q$Tc21yeoup(P>59I zOnEbHPcbXld~Ca0IW1e9jCXXA>rIt(aS20SgZOECr!(3*y=4h_Kb*_(or#dCTAcnT z`n#c?q?8kSc{~L`;qz1>u zr;QckGn)*^2{|Im)y&8ETlasM*c&aKzBgacnY>&&=d+h(>8r-zP%~H>IwB6Sogc#J zUI_X3+&p2hmJY#>?&$XHd*-Pw{JM6;k;@o{gl~JcQSDq_gc_dftN&s=9ioX6x4qtC zYeX?};BZmJziD_zw^KHW_K*WfbzgdMKF9ptOvaiG+jeqfm3?Y+`aF%19eg`6?v&+X zaH8yXGkpz8aU~s{QB`M_SCqMNUOSNRtiHPuH9(npM|CD4LqaEaw?_6ok@&E@b9Y(X zsWE4NGUfvE0-Ums_ha^Luy%H?yksjFhnHu{0c`hL%sprFQw-0yi)X>#)#;f+jvU_Ns;VKPoHtD`cd@}AdOP$Q(5awNb zK3HSt;qnL8(EY+eR6d-Co~P-=L!Rgsi~F4ux6S$H*%H6U{D1Epx7fi&THfkv&u=o>tsQf5BHOX?3Mt zy7|Ez;H2hYn1Z+YR9eI|36`C_xQc%nQ$|DT+mYU^>8;M@Fe6V<>|jA^nF^d4$#MB_Q@6m8sZ zn*O%d;VxO@?dpTKQ-+d0Pj_sk&CcvQ5#9ZOZbUl`#)l`IW-lt_7)WiWtUAhE=Xcyk zzP-0L40a4IQF7(rMQX~fQa|r|(r-X4Xm)HJOe7$0*fA0*uSZWPaJ`M|G^`)1%OdMf z36x&;-}&^d(bSP0GAA&5Ltwfr*(P1XrGYM^?V&lgG22fxs`{rE7guo!TvF8hf9$d2n2U++}%l#5F{bN9fAf;f;$8a63Cn;_vYT` zo%dVoojcFWnpxj8e@-{G%d2+nefFsXG9|fHi?2H9GkW`m9JXU$Vkb15-aUGn)mx_dFlqM18Bkky_mO?cTY+&1 zKNh(w|D&y9dGkzT>}c9w?!Bw;#qtk-(CrtYTrcy6(-!HaD=e{;FJEEM$Os>&n&nrT=BU=*}F4fwF{C{H46f!v2x( zjatgy_X`+l42_yEJ2lSV3F5yu@;o(sIkB=&9^0{gq|!I*ZCkS-V0Mammf4B29Vk{EDSh8# zyggpNhC@%Raz#;+@$wcEr^gsk)$p>3*V7~w)R)DQ9;gIQ+P=N{? zq7quS&QCZ5W1r%osa~*F%BS`3Uy?VImdt(sxc>m$0yuG%G*MK9h`u*4}ocH0#v%{64qwTFfRO7>UNqi$`rYliaCeTOQ z+<7o~0viJdS7^TP(k>+Q-dJhIxgo|ayC>X3Dim?9HZ~qsJp))=A0V zviHRdxeIRKbU2(e;qE>77Ia%$Q1RK(+(DYBJ6T(Eh`ZX5&K)4yliUupps> z5rI8rosZBd30r!k;zHnXL&zRj4mz@>G5tddz%W=mDgjd&i~uZM{c8Sq*R_@$@Wi{W zwX;SPTIR5T{Kp?yN;C~FxLat#Ap`>5S3xGguK1sIC?Lw^eOh3Bp%PlZ{*Q_LHp^eK zfbO23PFDbK1A}loAyoI(1A*G^-$N#p3J6?D1lW_{41Q6Y@^4{eFag5==1&Tgg#gAc z?VNK9g!`wTdq9c7+a8dAXBk|ee*!Wc&=-p0_^(Wv){ldW0jTVcu=$6C(DWoeYMwqs z`7I6vsPw>XKtBF8Z=*`X1;QxI-ld~|NCXaK44lV;dD@?TMmLr~Q?-NyB--DO7LoAp zlLknxK-2&a|0pD&RDPFg`?cb^^E4VsB)~9P53C3OsW7mNmbV20Qox_mfVl4wa07=* zzy3=fWI$zVkM>%CEdEbFCGIzfKoaQxBRKEK0Co6VfXrPb@vFl#Ocuw7Y0UqW3XlhC z1M*Algt1{B4Lq74L?cNBg|(RZmqyaTu-FN%UzhyHbnd5(o#MYkmj1gquyeA3zq?1v z0$J$aN9T_Kg(RRzKp#-}f15n891Uc(0bCRW;6ORhoaomy0OSE!-)oGGwqLm|xZ&SmA6V52JjP~qpV(?}xZ-y^&8x4i!ue*+R*$;k~IkaV!&)*=xQ0E$2}z5xggRgxqs z6M`(Pr5MhuCcn~-x#RqQthjqhn^$ON5+4EcPy@$W0>QwZGXf>h{+%BiSoZ<18%IU> z^?Gffez<$BHXJemA*VVv4lW)(mEEOqS7Xdty2w$I}F>yoe3aVDd|&}PIw>wn|r zsC|}DspCdQL#EBY=d#vuqopBpWAt&B(0}3byrp4&W9)I3Sgqs#vddijA$Q)zxPVM9*u2&o2Jm1=ED2ndJe8to z&|{Yq8Uo**pR^hrq6;&X^7btQ5lxJ4qnkcy-7k?LMRN_w;g+r z0ovEpYeDD`kQ;Y;Lnt{Jij?}tM8tUc(RgcfxV`H;6umCn3>AaMbwfS5lm)ii#e8=8 zT%zY$_Lg~ z_N<1FnXRW(;4493OW7YdtF=nhF^r@NM7w)RYFuT{P<9At292?w#Fu3ElMTa9v9hX? ztdh)(x$mwu=tIzFH*|JJiiBSk-$#Zh(-B|GH0k%wkIXO>=y1Gpf|16#QX8&qJ7{mm zMhTOjHRkE%smTpf8K%b^@j@GU2X4W}Vv5)0ppmV!jbat{HRt_3Oy#*UI(4WKobQiV zqv(?H>eti^EZeVTiV+l9S=kNN3%a%kkhm-Yee@D&^c#8zx483-CxbonZ-N1<9X`t1 z7L`fTu6032`an_5Jc|VH!BFv0nE&Jj-QEKTQApeAc+VH6H&QA0H|=(o)!{}&elY&Y zugb0R0RAjfhA2y1HR!|Kr|D3mD!8xCq=yP&>^I<6^n4^GOie$k7c zcyjEIL`8-kn1=RMDO4TnqmC?R<-NDNZ&k=mrNF+xC`1`hs0^I&+f1JewMX+lu_Cjy zr&&Mp5_;gxv(6r|T9^}nuF%TU(DJbqM^MmcDtAmJJbiw)jwdqmY??Uy@Z|oOLP}@v{G>bbhw?b|H_-+JfHJ}QeoykPiYQDcI!_%Hl6;7jfc;cxn=;dt~x}@1S+58}C*J#g28k ze)l#rj;It*<9kj_wR#h52iVBGU*>fZ-D`T!=1O_lMIuVCU_3p4b~|P~g+&@`WwB5g zj75J3ZxZWkt}am_^z_R`|1Y9C_NOfcyq68+Dl{}^7KTEA8jqizCt0VK30a0QCHU2f zAEvS+uC;tUJ!(^i;8Lks!eHhojgxD6l2~iRCegVNf+toFPJ5+AQZ?~Z6Q9H`&`ss` z!=$QTXK|wI)Xd&bB@a`cT|HRykg3q2_E?Ox)U~Tqn$v}8$@UXn)jr)2BgE|!2HKI= z$4nQ^RXG$cwYgN_zZbrMCca?7C@${;8gPFno9>0Ee_K9xa#dtI!u(p%0DqbVKh%x8 zpi(m|XRF=8DjISFYJ|+evt>5TQ(M0_?XOsQnyOQovP;IoLtZbU6Z-sp`8ng{oa+?H zMU@x>r2Cx_Woc`5@-!I_WAzflWnpCsLY_lS=;T(AuqyjXOgn^SHyRC_XL4hC(`4eBR@q9^)tRy8=8pizj!Mf6bi79Q0XvVLJvn{H!bG~i z$QY_zJmUO=!|nN|Dr;7caocQAgXzJPh8X%!xE$?QxtJ~TRZpx|nW4PCq`_sZdQtha zY9@8-U1y4A`$FYrE!%IlAClG~)>mK2@HIXbuHvh&%rr-As?jwF3=Fbcnoe@S48=g2 z?<-5htHCi?a<<{y;YnmC=0AAw6V6Di7CTh=4c7cNQz;+&vbYc62M1nN0VUlRKj9wE zy|of}R(IC+t<~R@E%RlW`)0KvpJ889HUIqQefy2DfYBEGC0_~)@8RbbIFXXd7H8+q zl$AOX_9N0aV=C_zwx$Ky>U1Z3YSJ8LNb)ExCj{9tjHUxQCp+E{5}hRX;(L($V*Pp zel*+;(i+Xt5yS&RC^oG&!^&hE=>4>Xn>%hIAfPq2%~iW>;Iy z&p)ZZmf@{RT}E-T&D|E~E&cWT$kQi z-6LQM&42t(II^skE$;MMm3(^biuH7M!H~lPe5u+cYf7THt|?xnQ?)U zT15rFQ#5+7bx2085_cSaDs9No)bKL`$#vYAMHgO?^8r3PfS{^L{s4oU3Z0TmkhG!Z zK0?UgMZ($R2L_%TDLD6o?aRMMKSti(mx#ivD_mYZA0LPagqN@RQm8i)cbGB{B$CvY zpKxUD1A26=k4raNwOrfxlDoNe#Qk}8L_pT>#3l6hy>S%xE5&Xpb-CGY;4(3DRo zVuTyY-%TGY05^|ih>#yOXTs>IU3KwxPbYM`~-xFc%W zOxht=<5&9$ufcG6nM9Iz3ZeJCSOrJif$+pa?=0)QKQ^{j1M`?Yg2W1M*|%0F^~cu1 zk2+AAbelaHrfgHnSGx=sCXA$J2RAfB9be<1@m|{!RK92&ZRdLJqsPIdttdl=@kHYz zt9L)7UdA}; z3pLoUW(lQC)QHHQwTKC@Px%Z2X)bRF*p=A(v`lN{bZk#D>#w1|U%L5};4Rci7=3zv zqn6ub-6SP6_DcMi+R+p)1UCDsczbnRcDJUG^w?H5{iL*p1mOIT2v%9F3l=-s-jzKV#Un~tC*7#!x*t~X+2C~l& zG20E^pK#&TKYH`No#mxZ-cmH2kOp+kJhxQ4@Escl-YJV^a2YEBWv;_k*`LdD)jZ#F zf1bB-BQbInkahYKPGI}?$>fhOWtZ>OPX6!zeZ}hybxiH>BAOD8$E6scj!V(S9nJxW zl2D4?TwVRBMM_AHoHe@&ptM^R5S2oc+QZ7rv4**~I>G5J_Z7L*gT;hv!`HmxdK;SX0tJM6cP1~W)K{PQf)U*3! zIL$A3E6ufeBszRYEbJM%al(xl^l=5Ac$61e%xZQ&$*EHFqD@cN8S}X6s&$gWF4JpI zFhWMX!BxNXJC|8p;i*k^j=91lMicPkBn3J+hKCEu2U)Lm7Q()9EUn5Zwd>a59`IYM zwQO7JeXA!=1svl?`j@lq_gq@?KjGrF%bvS6Mj|~D6%mU9d2kQE}-*)^$e3#!_w5N*}>O$MXIGJ+@+74UN#0Xb`VeOorw=)!|lD zX(qeYP`3GAsMdim@J8QH^e{hWNPV(Qcf)6JNz!j<#<0Gm;ju8>qeRGUuE2n-vFQ>$ zgivH%Sb2;QG4M2I*X+=ovpv^NzM9O+w_80az3dnobve zj)KyK3&8)M_J>zMM?6?V(eDHP|4uZ^yAoXGen3{@!-6HH0$5U-5~pZzCk^kKakf;y z@EsX;pu{q0iIrL26@Y=-+<`8_K(qb)o; zEeKE4msl?%3(oh3GhUZug?@}8j9^gybVCRdbOtv@9=J?Mll=_f!bSNJlVEaJxixYL zBN}aNv0_<~js=y@8dM8Gwre7KU8DC9Wi_=Wk=eT{l<*iwhJkJETPZwp0asxDiW+7C zlmeQ~6vv;)oExhX@j@?2Lm3ATOOYc*p6o4c92+2&AhIBXp6c-0XHT^@iqN41N3afe z-wE8=1IBmXivT3=g814oM#-CvLWGXqb`d>K+&%bmud0Ec3lohf&OON5V{cSt)9Siz z%eV!p+r(9{y}7}Wi+{4e|5V>r1x+_CB#zCLZl7Q6*#SL_8ZPFuX>P^AQC@R4c-HIU z@6Owcer*QQYwo#o-ebjvy`=~1goSPESfNebWO%u8dMIw?#Eor)E6E~-sm}W>cUx67IQLB1z(PQkW*#f|RL~_$yMRrKX0=dg%<-*dI*MN02RBWV z>BvQEzE-$k!hQJyZ9EsfGhGg}N{*d)3wkZ6<8)tyQYg$lM0%baUhZb(MWaRT)&7PCJF#CS_?U zd);&VSZi>6-Ebx}0~zu?VwLaNn&3-<1NE(UB&KI5#1*ir34iLc-Yeh~*xYMc_ul6r*Q-^ED&((^qU5E0@& zmR7ry@;zFGQk^f?7UUR|s^FP|wp)}afo`?RX}UC_z?qsYU3GLvU|o&+F0c^nH9^Tp$#_36G(Vh z30N$C5HlxzsM1{9Rlg?F_&~RC5!FG1zBh3{JzTnUWEbTqtaDdunVaeDgd>YECT}h*nC`0^yIIUyVW00!Q|2rS*{; zE2AY@Sr+7I2or^*en*kMw8m!-Jg$qq>m$!~J8nD3L?@K};){*?=qWDh*|=K$cYZuZ z@D@}5c8HRn=!sTY@kvzTX`|!Ox~$C327OR9C!8|Z*$QKV^{!8kOP+7MY_trgKk54T z)RAU!m*Oyi8VS2&g2yGDYQZ$IZcr}=E#6*1PqJELmO>kl$>|Z^ zJZ@>w-q1?!9(tIMJ!*Q%R>W+cjYnSLJnzaqpMdhvQrIx?rvP*AkYIrjyuW+i=Kf^3fr@ zc#*IBrHhqgWXc66Yg(awY{{O{7iYxG@KYQNW2}nt%?5+CLBeMdD8pO_*K2lW|(oxpXV&hw7C^nmY+38gFz;S@#c$nYv z5;t;5_YuFLeh22IGtbN|H8LA|WL=e%`e*qXu=37McOrKe+E}wvs5M|Gk@I%G!pIB) zF8;o!@vFviRg)&+p4;P5bo}5~Jl~CdkaA?k=}m1JSjM&QsYZPThk}#2;C9gMri{tq z>&dP0mE7Vii9o9y1Y z=NVf}Hgh~YQT_2=HL}#M!N(+fcBle_;L!jBT5nrzy(}b>&N?oLD##B;dX@v6ll9%+ z5wbX&+yYO;{#hO&UvT7Qgdnn&psuN<##gauXJB!oD+}M{ZLEXKE>A$b-p#bvIzMBX zi8aY@8;`4#75K&>S@s6LdGE?6vyS^hnt=NX9v>a^QNN!qU#B1y^@JwzN{muyUA3^v z4PID}i_XHs<^d{p(nqED{emPFH5shY$0Mk>a_SJjZD;W4FQ7&mYqAbBzT^rw?V*D} z1XDYwqcGyW8a1)FT@ks?ou2SnSbqy)wqBm|iIop21Z(3*-RqL8CTaN8*;6S9wXpgC z$K=bGS=tW57vvfWb3FT&C{GR!g7}&ePWwN6OocS+B8-o+sk+Q;a33PjXw1K^b^?N0CA0gVT1_RZ+12uzTRf1uy@PlFf6Erz}3IKJ7fvUnl2ZkL0P$3v7BUgpXly{WAy{64f z=OBY%R>;h0Ar)M45M4(q`g})7vcfDFE#KGq^hIES`~=Fml>J)2jV46wM93pc_Iu#F zVj^1T#i%j7)g+W^nSi-qQ)kd_xg>f1+iyt2Wa_owm1J-8XdF-Q81&@E=iLNUQ2smBp%pnvX}b z!5eb@-gx;fyj#(_D5xG@R2`SrI*#!rGhzilvw`iNVeioL1lh$$P{z8aIu=GgCKZPLbj`TQE=;J z_Os7yt+I6^1Sa6_=yK^(*-EAXQN3pSk6NhcPgTq76Lpe4?j{aDp)fTNOdZRsp?RNJ zRbs$~%n$MKP6cf8RoJYXr6bmLPJq;Rbg&gSGeULdc&r~qqLDH7ked~1>lovmlq%Rg zL|cx`)oVDqiDc0~M(lvw&HHeJU&BmtYspqax>zpBiB6bp=4&9RHkm;)&z&TNH0y`9 zIv&EJ=SYv+Vr`->{h*vCTc<+3oozIUMHAzv5+V!bq(>M>RRktq!L4}moZmo4PZ4_O zpDPq!&oNefAO6wE#o2LGQY}5_H4#17Dks{9k(tXvZV`kY*M#8UUF=MErXQNVKm?Ef z!QxwWc5lgMf?nH`B+Ze+WS^%Vb#0g54dAfui?FUk3FK7WBxnzQ!Y#Eya|$)~qHGWG zRu*VTM^dtI8yf ze@U6(Tt!mv0fo_oNVL!6YP1k7Ev`3>SFMx>d5fo*3R%4CWf`4G!rNqY?MkzA(pEaH z;s!Q3N(8)viGt@BQYq$Zm5uw&1D?64KjD=4qu#rdP$)Es8kAiN3n5$=%Fus_&op`C zH_G{8g}?F?EKUGK&)eg77D7D6isoI!sdXjC1G*XgA)*>Iq?VZPF?xKRC#wwP#3wRC zbwr{q>Dl0(AgPEtEhN0-Km4js);l%N&(kO5rfoL+Q5jnyc%G4X^S(vcevWoTt7D-- zAEwccr9jS)qX$|QtR3U{_}}EKH85ZMBSf6l*tisB?7eIjDL2q#^r6#2#lZYJ^yU;x z`(QyyFKW-2Pp9ArUwK&)IgzW8os+CHX z-5ZPAr@v=)+$Fw7$C4BVwaAB7eEJ|Q&ZWBYIMfPA6(VW$U@boI2j+3vx@fm@iifP< zwr#_eM1>8OC;Ak=E75(}938~qDqOl0tPMzXc}Zc8vTGcJWAb^@H!}PED{D`DYT89A zc?Hqf#7eRF=HhOXod>U@wQ7Y-ZUwH%b+DG8y?9vCyQOnPnc36yv}g3e$%S>~^b=F> z*SF{-675P!HM*ViL^V8;m{C>KmvVMhBocLWBMB&F=N0T}5uE zx)3kLWDXDXvFa?WMSDzK%3);-meix}UK!!-QO0Ezw9-c3#qMAA%yM;H-y5`Ce}6R) zksdgHzxuXQj+!Sc~W>>)nyXQ>c1cA{i1dr)C?2J*Ys`KSI6+d?? zFRfs9c&@o+P$h#t0B=S&NG3Pj`54Mv#_rXlMS_j;CE8QKnh|S}0A-mVxIoU1wLTU{ z$277q3^=L1yt9kekPTzsg-|<^tbW=UOjBsa+|N+ZI$shy{J`~-0+GTxE*azF?IB!o z(1g2utv*?Z4CE5nMh|x#&1Zf$&`P`T9ptL|(7HRgKI_%(5}_{%J-)ksik-KiY)t0< zM_O&Jii-ndf=cEgA?-m$K^<~OvGN4Wk6)oOBtPLCuU7Sjct1crkm3SXHCNgt_2d~1 z&_iUwP1J@%D&txBTcunA6iVb122Cm;ML(kj*-VRyNk-2+!f#KGIX$BZ#URjU z;N-?u=j&&AHs8fRylKDZ{POu{s~hkBcd66Kp0;;x^;OUr6HkMd#(NdnYdwLJ#IpuG zFsM%LeVFlm`E*M`5&Tw@fsNOX-u0^3Ff z^E?JuXPM(v<0?GNHZ@Xp-k&T3u3dxO<2YSs40g`PiO|V;xfPgRb?L-03mIdp9NY5H z4b7>dFJ(N3CASNfH?%?3L<1nB;_a>SL}!{*f@J|BalrQOa}xD;T|PNGNZ0qpv8$c6l41&*4+wjQORu| zE!NY<7!*dV#lVvo8>!Bx2b3WK(@PJvCHcGCRdk8=?39xRb~^Hff_c3d1? z!DaxR&H~)Ypxrfz0=N07V1f!hP@N+md;k7NQ1)<rCY{o_(hPsqNN>MkZ(l$d6EOyU{{{A*3?7(QhOxkNo-8(U;@NAMowY7} z`-U9?u=Fos)e|MG(6Zd%lL)W&>n;0s7N0(KOHp@1n%6ZW{&!HdJJ28hRnQ9He3ldr z92{^o3k?GS9uD>geC`ft;o!dLz{V$_=8{p@&`LzYqvGV2l#;e^DOmnS!}G|TR@0TY zZk#UR=NvJVt(q?=$(CW45O9P5OI_rpnJ2H&OFd zKGEka4mBJ9m7gQ;pc(I=bMBCM!jSxfpO5d5^xq+&fg$;Ehvb;i4&bCerx0L}#xv^f zXBMC6|I2<3f7^43*C+-Pq~MV2x$HjHoe0l>j#MHtcQR3&5Ur_x{0MbM3LF$2!Mc2iU0)xu)onF{ve|1WXW};> z&M*W#duOT!;UJ6oD1MN*Oz6-inw!XzVpQx6&a53{ELL9E-KM~?scIP5CKA$Vl@Bqf z+&lIKkLo!83GDtCu<^eUSOSMn8PzOIp=GdULX>7i&vv=n$_qnli8dYgJzC;#qFppa zv!NW--Byh!Knd*~A;}Et3yA2n*I+jAk*#<^{u3_bZzwdlVmhG*#4%~)UfZ@fh&8GY z>50S5H8An)u+{BDoFlC_P|AML{FY7v92(ef6#w9w|?v#eTQPuDb+?+c2G(9#=Gp{7@hgKc3NO-^b0liiR3UR+4-sw8x z)q494Iv7eaO74Sk8Y2QCbPT=yagr3m`gYel7u3yLgoSIS_#W|>a%2GWeSj89sTPp1 z^M0Bb<-x&uDVsOrS1(kT5So%}iCdQt2Az%EPru}N*OTDdsWw%FHHf$32y!sxb3++n z6hg7LprORcUZb{7r4di=eiY}I_u`i-sR3(z)y!OZ=rZUh*+0a=E6*?WfJF=|;^+^Q z2ZF7r+2HOhYsE(=yWX36Oi_L>A`n|*^&@!D7laTf7k;4q(lMq(o5cOd>r(uXmrTZt zXK0Wz4w{F_5iVH@4$@(Y&#P_dK_pFNs|IU0BQYVY)z`!^n^cQ+XieKp@`@0@4SOCU zP&(1WUhiPe*w-!zHq?q%&k<=hncpaU3+FS*dm#&A_UP|;Q%<6cAEc|^thR$6O3T(y z96f#PApnvQ%-D`p)wYb{|LC4^;@Ba0z&T9jWK0L_RK?^k^7K>Pe)+1&?pEaykK(Q~ zcY&|A#Hq-QP_L`*w1XrkIiWa69!lGr&@>hEc7ZcalqAThDkPZ;%ruBGqW7r%KMoZs zE}~M!ISnV2A4f{2vXX}ip{ICA&uI!db~YbAvO#S+$`yeP2LZ#4(>dN;;74ayF41<9 zPkTN`#QUz6EczjPh6%SG9+J{Wo%HsFBO8%nnCoH)$qO0p>6i{2LP-b@K14{Wr78{a z{3p=;>@Gm=e4z08_VH#qUS&AK2^9X4G?kQ8Gv#)!1fWyF6^ zG?S4pGU=5aHwI3o6jkyB(nf*kk13-6XuPsfyfCRZ;xUq=&)pvE-~NmKZzea5woYD| zJ^2Rul|6(i_kN%;9^?ssk;C z#eR~!e)&!;MMI_`R;@2pFjA^e}dnkOkOI;LPq&w1^Y=<(x6}D zp<&Ps$tfI0Qb6Tue~;a?{P|}fLH^pt3QLA1W`5%{gqN+akl(Yn)h523lc|5$`zJr zaKnR?-=>QjB&XJ8^;`ZwQ!}94KT|UhSU?{C?F5W}DC=)|oa8THq`!cr?vnm5%>U!S zWOp;f9cH<^8R8e_2G|Vo3$r6^hQPkV{J#Ns98H6&Ox;t761GJhcogMKbv z<~PYP0BMd|L09QVK_2DfeZv)KY6>m9_+W)0A`lboKR+_jiWD7<2h~fm2S8VE)6a-7 z8umX<@ZZe=JUVj)xjF*)wbet}S|RVG)t#dohiF3JjV&j0rF+Tzr@J%fLBpNfAX{+_ zA6XT}2pJYPU-|@khK9m~M$l^wQ}w3QkR+&q>;p8{3F9viln7fx9>ZwtC@1HV;{3Ai zhvvP{mzBxvowNHvU9UzPV(pv1{{YUDf4RY^UtPMNE!-7zI{0XTUDTbb4D;2lgiEj! z+hhi!;0yC!Q*qAHZd8V%^q~AN5KZ2&1+B`$m;%nx8r}iHklu1!ni(Rr6Z_)g6;w#| zhJrTPHnUtJ)Kmjcvk*H}uo86;2kj(zTvc*G$zv<{ZF1zN~)p)aJCAqW<_08ZAFE zXQF2W7GmyglJ$(($?w;&y$)DzaN^k5c%gZZoaEL>2TTH!pwh(^Nu3PY*G7RuzR^HT>&jBM6H#}=F&vVu_2;Pr_1q^~k zE)%v<=J#b&7d=Lw%-YS{cbYxivcUi7TI#gcOA+C!$en93g}ajVB1gD8cO~{Sn|wqU zVmI$@?f$z9%^ zxpFbjvx1za`Zw>2kSE+pp8jgWuvqvuj5bGcMnO(C0+Ajov3vtv77r^ko;o#Av@FU9?+W6^0G^;fxfOnqVXPe0qLLbJN`h?Tyse?GykLx>c364d zBXfHuJzU!u-qj~O-NNo9R-EOYMv%;GpmBuWLqk=J#>Ca1aHqKQQPylV+S&=L=#9ZS z?s;2uAAfKgmdFn2OEpen@+)TFT4B_@S-uFZv}6s!&IotkG2Yywrd0CCaxX0Kt(O-9 zc#EK?#^D)@J|~*s47OJfnV;qwC0)tibjzXlRHn{@;AVQ!1X0h~YtJl`U^{>qiF#jB ztz_AcayhHrA__*|W?#GukxG19#Acq-bVAfR`iqbkj1U%wZn!-0j#feO@9Zz57&Bbx z@g6s6E=O*A%l`LN@NtwsP2Eo2KZUau?T1vD_SF_0|Gc3TwJ_=L`Gi+wkA|98mxgN5 z^4u(3rla{*G=$h3d%G|ei`Eua`33WtWYW(PKJ4TD@>K{V7Dde1w|&5=7C*W8D37wN zxkFq+%{9pHdG0F0#f?}m>e1D+7`)Zf@Ba_%e?lQ>ifRtQ>a2Wmz-iJYygNG#UBU{C zJF}&o=*+F1-lc2~V4X9t4YRkL8BpCM-zC?W_jgqX%sWT|_)K!u?t+W^_O2{}6%W=w zragVc{)Sc_R$cr;8xNZaexarO3#~Yiv;RQr_ZQkrU~2gT?a5zgVe5ro-2SgdJCdlD zfG<+EL{#);3KWi)B4z^8Y^6gZSUrfIKHR~dAD>{ONhQ~njUGST!F)Jz5Dcn6vj836 z5BIn(JbiW*%DLiJR#n2RC;LMBt^c_1yBp~&Lt*e(|DSRRCDCdOOO;c6x~~qkfVdG3 zl5b=CVkq>+SWhk3t7Z>iNKq4iiowCLV3$d#X_@2nedxG8P-GCSdGrzofjjJqzF!mf zts>PP*5gP06Yi9nG<@XUq%Zbe=uze9(x@E^MiY_qr(*1SO;nno+rtS{xHz%iKp{-C zCWN+-lZ;$2Gisc@_uC-piYm5X>Ijc|;P?(RVcJa0J8-JXy0TQ$#GHm2>!6<;O+oX^ z3L)VF?v;8v)0YlJRr4rf$FGsU-{L=#_ZYK70Ei&+fV#Wplvgvy+fECMfCf!BPAk zM=8D*NjLnxPLF0VoUn*PC;;f!LxGR5YZLr>)GxF?^fW>Q!8-Ppm372b2p)cX zj2<%$f8@9$*(eKh5KWG}o%v~dMnAZ&mm$%by#S?;FjF3SV1?@D-sds;C>&(nM%sh7 ziZ@omP*f;YIsnz6Dj^-UK(&izqM;e^V&b2$+;Qw65lqDXgxk{6^4rVVAGULKvcw6^ zO0fkzk_9Ix*wG_WjmHELDF_C+G9)8uk@t-WpqC{%sM*q&&TJ0{?updk@2-`S$j!Bl zHO;kF(vjJ-;SZqq4tg!~FI(i%Exmxy;}mzffnH;$;l3|^v*e>F{4W@kO|Hf$?FgtrT{lo4b}>V z)w%(x;h0Ayi029RYqEq?&?H$)kA*xvf!|hLAK2bzV%-3BLGnm~H5i#zH5qf4%aft5 z6~r+lt`04PnH-d2D4DDYQ7S|!{mF@uia3zc!RREYaunR4WmayGY=24ZHcl=LYKX>Z zjH%rWCWcrT5nAIat6#*Fa-nX!FAi@mOPD)i^^AojhLAWd&bo+k*kDqBts?4HRc`X+ zgw8Zb4DW#yBMH)|$7-`p@|7|hzH5TiXvRTLX>{M1G($AK8`q=}^cmXTgVL0bGqfhW zG?AW5PB!zAvMAg5Yv^U57tlTdzQ08J;NS2Q&KcbE8evHQ0pAn{QX^POt{8->AQZPw zz(KsCO_^f!A|TQr;C+5*!Bo;@Os%~Ce9MOTL_h}x+Ca4Q%nqp+wXh7ix_XCK;+QJhWG?jH>OB$^PL`D}Mu2iauLd zO#%DUR8Z{5F=Co5f*yWF6fkY?1A^JZHa*e4d9@2vhH6=wgwoHNI-b~N-XVo1cx&_} zjUh=rL*f>#cp`^3Ix(q2tD|8hKM=tB?WAzH1HM=N4YX~ z2{HAO#apr3{)9`T)!+plqiFX<+3?&Zp-`3nm;xQ7a>1aGjF8Lf1+s>l=xq|aFWhZ1 zONNm9h$ru+S8nLl0tDNs-ma7yG_XnVBla|UiVe+itGbjE3bN%^knTF77h1<`QZ0-O zH!x!4j#|rNV46}B*TV6Hr_oS0-?%6lCUh?!%S`-pvU2;n$S~tkkE$r7F{XKts+2J5 zsz&V_gRhAAE!N^fuFj7N+>@klJYU7Z+m+3LdS`Ursr!4etDze%6 zafxcK>qkzRE$1jX;qn)PB|A9STR!AQ1KGjY`(3orcBL#~SPWFd1*8#4P7}HA15eQt zE!9&nZ5VD&hF?azq&x-7ZeTl+OON1}A~TAb5X6w-TZ_?Ls)K}XrxT(>wRx;6-4~@a zlt0m?K?a3ewg|@E;@YA?gO3w&2E$Fr^GhuDsY4%V1gE^l4v*B91`*Q~yPG`qSmbk` z(A?yPoSSHB)+Qn*;>N{OhfpQRCAEQSgKRg};%>Eni&1;9SHsCAm&89nNsn@7H*LjPTQ1oy zCmeHn=l~xv#6b3p+-aS3_m_9m3W#xg;pzS@?kFPtIHk|1Bqk*7``C}4a6^&Twr)Dt z^tWMIhY$M*Rf?y~75N_0ZYC8$CaC5Ix&dd7*r#T?nE>8xx*IeS=|v@L;gAx%-r9HpIPLIt^)*@PY$N6;`mV2ei=+oFSrUfH4pio*s8$$n z`AjrXCFiCDlM%)VX2S=dw;kD=LMK~>SsEZASyn?DrSD$Ra{030q`e+De!)z3w)V7} zr${;cDGEV^stifal8LUR0aY+jMI#nKXG>8LtEyIOJJ@yP8pG9T))pBnS?czKNKDkj z_Gpme4KBL0ZyC1-Y*zF3Ov2l(mGZxsK$EXs4JqnpVpZ3d)|HQ2CP|gT!Rb!hBN=ti z`%AhFiZG|!M5N+bH@#z$Vd_lt(ydqeVd_qFeYgoK#kGpqALF5isS-09!G?LDumu?~ z7;(ycRiqaEZP`lF3{5Yf{~Y?KxIBdhsKci!jhJj51X;&?8>X~_C0Z8ezN3DW^9jjR>j?4~ z$C4A6vy)l|Xy5-)+VY0u&y6Od#EW0vkG1Q$7=2Z~F+}Ain*L!?A zqs;%W(9S+h{PMe;{w+%Kg#7d0<@BFXn5zbPc=cyFog{MhXO;fjeUE(=4yXUD(*J8{ zp9uiP|1Y%X&cFudFSL70K=J!~78h8QOoG%C- zyGE33HQ)-RR_HF=If=Zg;Z)3n+H#hnY;Mk4eb&KlMog34d?1||2_EJjit|vw&-JfF zgA~Xm?>Ke=9bRR_Fw)BmI|t|jAY)?#VlYhuDiKP}(CXusQSX0zvo3~|vMNW52Fc&h z)3hK^vlM;NlrZj3KcES*<_`X*<*#xkBQCr0ytqWorT#cAbw!7hHZM1MsF=fQ7gL6O zl0;RSR5F~SW+m^Gi1tHu=}Na_n9ELas6Q?8MF>J*3K0pe_iJ>V`_=;Z(hRcBl$T_^ zW~X@Qwot(iYMz8>jt%j`g~z~#QLv`DwM!?qf(m|UQyL!F03N6}_p>`@bO(m(H;Z#& zIUCS_b{A{bV4)O>l6_&W`8n#!O(-3(z)%kjUsX-2N6+py=HpnCGcEQv@nKJ8X^c>F zl^2_GpP&=!7A)LDmDU)ivQwRd^mN%F6yY)h+*}l)0=SJV z4dpUjmDJh_yb~lU_-?xM#wr9Tk~{XkD^u2+%vc+@)dzW?vR(pm zC;?%F85g@pz?N%b=t~!6_i~|Zs)#0Ctx-(sq(fwS_*|QQ*E)w!&937LL*ic-^9#2V zycaY#pOojZ)~bz>s4}G&K8kV`osCYA!`HGzkh6#kfi8YW>VNq(&+**NA_W|px5ZtF zSz^|%hoTV0Ls+=E{B^rDt2u&ukXW`K%_Ev>6^gq}p5KDlDjb0$ z3a(@#0lM$7`2g_z^^U@<_v<}O$xyPgSw@#m#;l#@b@mR373w~4b1rbuExmJ6N-o!z zkc5M3#2lsYlIm>H$3~v(e#TlRA(`Wn4np`cw0kl_lVNUEM47&ew$DwShCV@=#yiUY zo$Mt~PIvH*eAL<}8`SA3EB)({E0(RQWM&a=)WZE1ltc0XmW1p6aK|NgYLw;_@Y}MK zg)tevK4Hinn$WPQheG0zwYCnY`?f*Ed0leJ!pL7f>w;(5T&#(Zq^hc!MUPM#sp7`& z%sbq&rCB&At9R6`iQo=hqu{7?QOr-_P*0u|9+4K}&B#*^6ILFdLMaofm7^rS!9~!* z?*PjVx7JWdJtc69=FkWO3n+xp!?!69cXkqL=VkxW+ ze|k~6Jha0_f?Yl^Q5^`Y`~#H-3_IOcu{?&^v~e8}@%Ndvf`kU2C2~C|12ZPb2s;;1 zs2jK&-LQh)*+fNw|XF1M1?$zU*1XdtDQ+ zF5UKWga^C|dlu`Q6kJzRgzFlmfn&gpoWZXec`|%c{1YySoBT5~WKgQPO#ce~#UOq( z>AjlSyb?O>iG6a1JAt3=k^omJh0_y=2|QG)YNx9)Cg zu)Ggs(oy4FZ>SVRanKsu^B!Yt118W!kliiAx-ZIV4MU1Q#-Y!RbJP2BORIR$8CFY& zV}ClMf-OlMn|w5-*b2mOTZ@Wq{Ekkvp3<9SZd>ngf@mQbF|zop{`sln*o1@cw*7QAlnjtF3xlis-8kE zHN9kit)M%1!_D8hrG=9B&2uk8#kT{pDw;AL30;I^|B?I1{AP1E$Fm#*QcGSZz9^D$d0N^u+Lx`$(+Q+?u;eat)*L2s`o z+euhDnj~EWwT^g^eK8E08K2-RKaa+-M4HC}VS*HT=ORi-v-`#%p+e<&3fU}#szyR6 zY>i_H@(gzFS${c{J4XG=ZD}Y|(^ZIWWs0+SfQrC$<$-8#sBMs|x3{D?mK3z;>s93?kCr|o7sL+hwGtWBBto|(LP$$? zbg=)#F=nXYlz((^q=Hakdfkyl16$Ij)&K{{V@=Sdm3{zFDbBeJ<5ng00>f+I|XiX(P#@#~8=A9pCx8<5k_Am;{**9~5_D9Ze8ssSp>j61yss z9&r8E<1(s8=aDYe_KH}i4k#7q7r9Y$#}5WQRJ1_;G(kqxUarqDe*upERUsU`>K)WT z3D8=Xe%YqG8^}Hkibj_VJ#M<;Iad$+U`OK3%H|xN4)1Iu&g>ywkdM0T?dThC{3BNi|%$C zU!^u_IXvnO+$qaFT$--y?Uuxd6J6Kxa>`Hm$GiO#Q2oOKQl@`(1FwGps$T>8vtKyv z7brRUh0}fwuc*pE;j~|)RmV@9_K)&yp8XfHJEQ!CI219c=zux#w{?9 zcR2ijT)!To-D4|-{y#qrJ0K^iH`ea4l0yHlJAFdY{9pd@Rz9TFd#-9=J~d0x{4YOt zY4!Y3caml)O1zbKyUO2)%~F(J7M*=GFwfqLoe9+QcdO(Bp8vkZi29{~x);9NRe?Jb z2ttvTpzf-nXkn-)|6ja48mN0FSlK!VgiaZHf0Yp-H-gyDaqk@X2PHJv%UREydB;jz z(d8FcLni0XZfKzsLGQ{w?~{9em6205Zpv@iy_6itxk=QS`ky{z{P#nH!C~qmp*lS& zC~j1@56VZ@*mhGbXN-FEe_gYtbKUv#< z14K=zNx~FFh{LR(QH7Pjz%0^x5akwZ5SYW2ur01TYMGe zI8RmQiqT`K5)joJGUv|etjgdNP+E;XhniFOOR8mOJbUsTOQwnpv z937&dLZqfJ+>qrKY&;P5=I+8Q5&kLpeFf5{3Kpg*PNV9-oTQ$ls_`nsG?JL6TGYVk zC(|D=cKW2kSfW|=aH`1fW+}uV2!o;&j@zQ-u(t{3_+C2V(?SP>UnHmKAyMVn$XM=| z)yukhHbmQxiz670A7#@lq|0UZ>ZJ;7FIsZ?We*~}zb=f9yIogXC(iuJ3ujiaK1 z%Dt%gn^D1_3x0A`!>P9+i{7D3TmxkgZuNHi=(E{mMIP4X1vRFsG$#!27@eg6bTx;4 za-nNAD`AX2g^DuJwm_%czv7j(_2oRc_5_Y%(mNkOw+uV3P5j!)D3Jnf;sB zvp;&v5yXW~@AJcxJv`z0t>189Qy;61C;uYVf#!LgoHqaGFL46zC%e2&MWFIE_Ki-+ z36u(EB>zAw;r;N|AR^)Br=cvs_c2ZIR1mOjb^%I_Xl00}YI>Hxsn(VNQyHFTWLadMIeTasZW28h&=_`WQkjk`rz{I9YT_wQs3L1oxx=2N43P#$6V ztxYM$R*e?QBn^OZHjYV}clj;$Z(0gE&xR8^Mmo6TvPQpU92}h5H|qWYHf-2LFdgBW zg=>-{i3~=crj|NKwIzJ0b2WXXRSdXIfRE7hFv+A^4MD&x?+WOvQT@w>vAEl~A-`cy zQ8ftFs;!X;KUEU+u7Z~Ka!~gFrXxN|-ay?jKwo2Wb)PWTk@eGqu=iTK+=KVx=Va;b z-5K1cC%E%s!#gqZ#as7R@A}?aimzC&ed2%U+VIz3ln=y=zxm=}(o_dXWBm66{|9O5 zjsb}z7ymiVmG6?2yc+1iNKEl8X+p$}HN9+EIJzfUEU{12lu1lBPkPTZR0JUUm{AlL zHk(N8v*)j>7}SuMudkd?p`D_R*Bn6zEM^Q~IOPb$SUjOjq17`JO|7V){be^m1=aeg zPCxLs3)>o=R79>4*8ZR(L$|PFn?vQzcX)gFoVw)RW=fO@HP-P-+ByyAoVSNtR1388 zxkPGv#K`nS(S^UOOl$P|h($b5?X%mQK+~SX&>O+9CwxB1!)mrbI(MZ`XXw}Jihh7m zo!&tj82Vtqs$AXiv^@5NhJ~?_Ws`|ggSATR?LkCl<-!)OiK%)G1WS02PF{RrPK740 z&7g$gxQqkA%9v)b64VftVjPgXNM=%rinA5%&DW3AGdaf7u+wP-TkR}a)<{-{3Q@wm zg)5Ix$(DxST=`;_G||&kmJ0wfWrx9$B_a>2yulc(P3#Mt^{0pR+1j}ZaQIlpfIryx z8g)j7pj9GL8!)M6_3fJ!?R9DQCVV`9So;-WO&(2}1uq`35s?)dsSn>kiOHoQ8O4+o z(*j`)m2Al9)#HJ5VbUt9iIMw;rWA{STTuS(CG6%kq(Vwse?~VdUs~8EN+m1jsl|>? zPCsiXK3|_)=NT%anA#7t*~!V%6N=lTB$m%@-*1D^1%99rUf`%Zag4X-az^g0eld@Y zyvz&36Mg_*Qbb3IWLq@jDq0}Rc(j(0RN2Ho|85aY#dUJr_Z!s(1@hEoLzcQ){ zE+uxhklCrwDL_h0grU{cX$R-!*=_baDMu_~tXqYS(2=NmBP^)XJzxY5CW=b0TcIBrlFALZp`x&8-h1PPXMji)sBFpdWRfeu+GE_#?TtPa%!>uT+?7#j2}exmB)>HfeCO^n%NF1Zk zLk)z1WyR`er6dlCfcu)TlOfo+a^CD94FvR{dX&uk4)6_zLaw7ItopSg$VPh2U>3ep z&7Bi3qLXb`WH{E-3%f2g2XX40a`?4DN6$)U98%K?)gDI2UDjk0(fvTH&!>9#B*Omt`~NNtfTiD%e~YY8 z=UZ>l3upoUZ6x#Oe~zpuFg7?jf6n^Lc>e!64*dSV|J{)tCC|_MsN?JZ{mFP%G^p*dP>HH%2V9& z9e>#Ni(R8^P|Ev{E7j1QZNui)Y)#21%`$>w%C<;z_l=qXqampE@tZ7Erj)iD)i?TU zM;Rf<@owMeL7ue_IllX-DII0TwVPcbPNvHb zG`%kd-=610^C&B~X=#+^Jtr}*a7XzL_w`PgLCMxT)m>0prm->QXj6$r9mQauhS>ZJ zZ=_(TyM0vH?tWHH^um}Pys+73bZ75yVe3f9u871ZHC+I6Q-bx`I|6#{xM^=#F+fiJ zhTY#H-%E@bGVq;7`8$m~4?FB;It770BWf&Xf>0!Ut7|jU%(g7HCrL`l%cN&e7BFt8=(p^hg3}N2f12udl-YQI1|_J*516D~XBwiUv?s53^`>C|>;N{ft}1 z*)zd3ouz#D{^n4V6T(zRPrBCUp+F`{7cLIeB3(3PNE*T`VVA0mL8*)=os!uVrB3~V1(uoHcnv4#6Bs&V~lQy32 z=`mFCw`5H;Js5cTxwM&1vNc4C9fCd`w!s#vEp%n(2+)t#m?$FI=!J@??bh*Ajxf=kbolmKD|NQ_cFE-vxcvZ+4V zl=V+a`aA`19EH{PR2DDdUu4N4x#b6zAmz0Rl|8d?f5n>oJr?mQCy~bq$M3v(%lI{- z9a+hP{Bx6Ru`Qc6_`|8m99~+Kac9e8beGK-?bXo_$vlGAq~7$!*Q8QEGaWzGCI2g`&S9DF`s!1O|re;AMrhop;O)lh7MJmKV13UJ&l$ve|7nS$MkKDrT^WN z)PoQj{Ya2}uSbESaIUI5ennpe!9!0rNoyUUPh{Lyk%){Kp*zjs z79E!~-*?$i>DINY*GANZPuv8EBTQ!*PED%8-NWt>tvvpx4ZrgJfws)jWwtGdMH&#J zx4$GcX<1^Gic`{DTpj1{{QTbb(&y%s!ACJoR?7Z_@168|4fnt?fLmTe1V=u6*z$c`k;pwV0Q0jsS+w$U<(o#F zA}cN~sQ2AzJy(g1d20FAMP0v8e)_;BZ}gZ=@7tQh^hg=){43DSwJWPiXfv#(0_E`V zxNHQ*9AlX2KOl)3QDAA^7IUF+%#vrzS3xZ-1>?d|iF4ZZ0$z{il_lQvYHqDQgTP7~ z>&xn~ZjIfGMhcchH)K78lM3QIrI79A30V@um; z2x5AzS)GLMy+c2<&xce!9LiaW4s-@NRZsjWp@{ltx1%`$&y(G=+e)$%(f~|His6Xv zYsS0xggsgMShwXW*B?eH?P*dIyj=eaBb*$x$y!F1#DwP&P1TC46fUK}mg4$tm0dG& z=qluWDbhjDz=lI<0hI<0)g*z@t`uW7SS7Y?Q91lx)ibv{pCqs9u9T@(6p#yx@<=P; zlK#!7v;YB%Wt6)}N>g%T1G|1&zdkn4cF9#TH%1C(?XSPNut{2N2(4k6d#Yj!voLB# zeTn2YR@P6NUm@@ zjh1fL2J_Bg=zH3|+dGe*TZXDsZ!%5oyuJaWCI!0(X@a}HQE{u3iqCQL${_XMCFYJ^ zZQ#1`vHt8%82f3Q8lN#X1;Zk~U*s7`9C2+2DA>OPxtI_k44%!A()kVJwyw=tk(mtA z0*!|VeMrF#0dAttBfQD%SV1vh2YVtHQeq&eYX0$AtJ?w38-#Z{_S~>#vGCgEFoTyf zW)Z(Nt;GxtYD-AD;9c2Avu3KtAXSUe?A zaJD?VPc9{w^cnbsB5ev58pHP9=`~SyAC{Yy=ZwjlX&$Lei~Oy}(HgCnliSZcuwq(h zF;BRfvd*I8TCS_IOU}eDoGClLKLu$7RBbYOEJ<+=$_p(>w?~#X%;A*K@J1VQL~{js zsGV3}n}O6Fg{v4t`vcBdDW*5FGy&FJ4V$xj+`L@Q?_du}#w-h}B*GNsy&59(HCb(` zIuj& zUa3y$$f*rVa2w<$Su;NHXCX_4f``vysMHIaYAh0fR5CndTg#a*sW_?_uG5OyW+FKH z0q2#@na31|{}|L;A9l8DqC(GW*tYo8+EfO`$fl*kPfxJidC43%RZB=zhZH-U@H!)x z*i9sdj?@D(Tsv>qG^ggYHk*x`zOA?_EDhnfI}%C^kI8#1n`;?4eB;d6xzXg%P`|IP ztsOX*e1hMS#!T{ghmp(4XPK2+yOA!Jt+FP(y-lEczgyKm^oy42LCZ`Fl6pfo*W5xTts%#|s?u zghqSTqJjK=3kooJIj;4+eE`MhA85V5z6jcTlRzHJ8pyopD8h7!k;x*60!WQX!^6`n zFXHylnnI3$ES>UmMv}Uw=)|!e*EaiWo}GAoyu)C@yQq*w5}s+gtnIfIymc}ov*R)Nv6p3!($y@9P@wYIPm~PMj_K;`5n{g!4V@(q=Doa-R0XNw=yHJq8YAp zn*Qz~?{rFVBu+7@XDU@IRH8)>@ivXd;Y(`t1CrS4urj{dOjs=Tu2V(hK(k`lvM@x& ztZM@fB9++i5nFmoMMbMR5~?i0HD}K915FSkOA(7j6igxUd&oG|;YWroc#A}qlhTQT zjgBZ3G_^GneS1j!bJUnZlWUWbFgQeM2GQcr1AgWgKzU{FGL|g{)CgC8k0!Am{2GH>_Fi>Q z%;MD7vDfeZx(9tn4YCdHZ)UH@!q&tcaPvz6ebd{vT29nF;;hqdqXTB@3&YG+R9FV1 z@&1XI1O1}wbm}~qkmvAAz4p8!_p0x3wY0P1npqE1cNfkXd%Y;(DZaDK_3z)V3MrWC zJT+YD0TR4ahJv0Sk(dXu7e{3G0WOu(4~mIall-}kHz;Ngi5>Zr)v1aaZVUL1k5BN& z#IjkFovKkV1>`ouw*O?0``nhwBPN{CyHDi@+GKl$Qb>)w$7KoLxGE&995r{=YMRC} zF$9<8{ar`?kNbxmB4%4$3A#FP#U4rr^keUbbzklG~38MMF8lPxn=@|KH-f` zG;MQKsx1jxZ46{@9Vs8}j(Qy-p;ghGwRL$2rb|%vJoo}*!6mukKIy2lASjl0!J)Nx zbdw6$Mx0ybjp~R}uw3v{)i^`{S`27N6Hpa?qM|{t^Zf$zG22M}&xzY6YVSdHC~pel zbjR_Rz0jp|PgL8nk4hv`pW1DgtEW+X-W&3hIA3JREU4mN!P?&!W98%R2`&G8JB`XR zMXJ!?-yO`qg-y2JLJM|hI49#lfT7* z^AG@bs5D%pQ~LPz9UW#e$7)+bCWK=bcj)HRv`joGu?-WK%H9cKs9Kw3qq>0&faGyz zSAzW>EQrR*4au3Xg@&NvWF9s)Vv z?&zV~<`gH@@Bl|qK&gwXKOhesj$j!KUxg&q=~wvx9Y_#1B12@7e+;S$FuB-RKLiA zfgfm8f&YtxvfN?%JV<>zC+Ojih8HrlA#xn`I}8+p)1W^qSj8lSOF+49z+;c+zTMPuFb-E=2G z>pAJ1uZ=qN)lJJ4U0^+54$vRy+dI-H?Vil{uLbsJ)~fgW#=>UV_SG7|mYcw&seTK_ z&%^{&FmZwdLc9q3|FZU$zJs|H8?dXW{P*^#WD=UI6jEp=M z+e@c!7ZMtTMkq&xJ$K%z5H?P0Y>zZt73M75ZA`q1yx?~dp>^71dmIMUjJ&{wowlbn z$y^9V%vjye%{lf2UnRSK@VXhybys)4pE4$6oA-VhV#2Cx;O7hs=OQ%0Z=u%G-CQU% ze&Y-;6a{fUvJLO@W&mVXa@L>^z>JZP;3YPslH=~qhO7QYY6)u_o?km0!C+&iY9d2y zm7GZTWffKTYF7#|jh_?RpDn!8Ge{uIql{8eu>Tnc!8g?I!KL;NgCA(us03I0tIr4* zSEM)?Mr}qNpEP+QPssp$>4)A!_e+)%ykQ{H&M7Dgwdq zZfjD>5X~nxr3(PQiBWhKBhcJJ8O;vy zoIW9hWU}nxZE${fJ<}2_7TzFwQ}&P2`6-?<*FUSUh#5GFNlBjkq#TDdfH*U5Y-xm2 zoqx0maw7j+zG5*Mm2k<*Hlw_kF2^aMVY4W`Hi(=a#~m?Z8a42&;&)g~*CQ9iEzFV* zqb{O`m{grSOjy>+2oF0q(aJWK~@!^NLb*}7F{tLWo3Yqh40 ziplWtOWRNmKTYO_H7X20epX~vRB@mAN@07~>?a(dOBWDiViU144L#tM9B;#=EO-dq z0`AmyfyLL2I7_xU!?19(P=g`=lA|L_m<``k1jiQ*uKhs4b-cKQ;tsMOXsUj^2iPS{ zH6kftl$lgKNi^XXq|N;rUeTT5J~73>KK4~^NLSFN`B6@r_7=3ktUvde(d4uj__8fy z*Pf>Uh1ms^r~4O3hz0HVRm}xAB~K`UZKyeaDpN&eg*Z$;?J?{%eySbABPA9Wy)D@w z3$f7?U=JyPhD5TQDlQ+Fa+M9AtMW{qmFKkNA zqKrIwA4QEAieOi;G^_Kp(d?%G!x-Dj=j%2=0@n@b@A2v7?c`>*Zq4beNO7@u%f|%p zqi%;qo>wMoaKhym>6qJxDsMu%%chEU&@5)Qawq7lUJ-Ljf-@Y`7PxpyYfPU|S8bt& z`M9p_Gpxz8_Y{xn1JS7n&b|kyM50x6=;)ZJ|ixNg0G5DS)23zf4LgES_3pwuE{#V0d~p{zb;3sBhgn zEfQKpeypTy0Bh=7|NVYx3^^23KdO-Td(km|GWpGNGeKh#aaV$wZcLTMdI6P7_PM~r zq(nRBWPyWz4;7h=1hscfM8lL{q5nowjUq|?Nz#BKF+`DQ{3J0(k#M27u>RyyeT5>) zN0BuBBnd>3Orl62KS^X!B=-MJ^1sx}7)o`SDAlD1{WD1>N_9dg)v^6l-M=HTLups* zr*{9JBzXm>JG!W6%2C{qD2hF-&9U?Q9(MjA5<)Wa4>SKyB5+0tDS{F*3nk>Z_k9na zS0OlC&noHeOp=Pxx${;rD-=&|`icvRbM5X>y#aQqB3fEKyJ~t}=h~xS41_GD~Tmy5RiH{VMZo>_-Pe(1!)FdxYy%IT^qfu!ZN= zPx(-6JHURHw1oORhDl}8CMGedCA}t(Dg=kNObj+HzaCeYtU#=GJ9rT^ zoAE@88$;!?ONWcntA5vVtSPZ0<``k+$6$n)&j+_S z+k($4XaD?QK$(_XZEPFg3a;`9;k~#oub9b+V%^R^on^cic3pWI`{gR~Pfhpm|3J(4 zs1WEP^4Yp(OQFU%oC>_^%KtaPNeI4QxDgppe#CkmGOAz1yBfb#bo*iE0_TrugjoGR zlXDJmV-ApdK7Oq9Mdgr$=IG&;gD9@S!!WrQY;ziyX^#x4q@L0@1>~HeR;)Q$cX)3c762krr7O1 z-ul)efuSb9)$JpxZsB3-5?Y^9**ghFUhRke*IMt1!@^4J=-vO(vZS_qDG*}v`oT`C zNu;_AXJ2Cux$CE7_#fsPikNf6;)|xud{h0mmIL8bj+Ays2jY213J#>=(9*;#H}Fnb zXh&(LjJDPh+Pql8k9aRc(BbjNELX0)4B;#2S`R%e8`CJ9$FV*9z(3Hm9x3u5(7Xc2 z{{vl#%o{PLBQ`6pN4Sk-`K5Au!FTGuy}Qx*B=Q4|vR4sn+~<*vnDxPQmf@_&gQ%2e zm|8wk2{N`Sy7krz<`>_q8G@(^q+nn=2Pjx2PIbNN%Sx z58||W2af>=7bAwx%a3dET!dz@JG9GhlC|e6?FomDbw>bS2=AW)wOjH+dT%~FF951b zIM|qw4a&cN#t$FGsXqnnn~-U|4;#c!e~x8pyPLLT;?5HjQa}*e5yr}De+)X5P(rQZ zB377K*tVAk$0U;tUfnS}o@&2j&F$ABC0v5nq}mCnN7oQh087ePI5JRvKUlSi~#1Q8SGS04D0(G>k(~J$@>_YJ;^=HlG!-y6Iya%{7+ul+GVJ_1DiS0 zi3L|mS#w&{pTVj9B&u_6<6dW2e^U*H4`SX5-A4p}cTtA$R9)Er$vS3s?}gcJ1ZneZv`(8vaqO2HCZB*+h%)Gbw+-E; zqKhf-`1ou8*^(Xph#3~-X!A$e%e(O6-CMQQ!5EjVKkn-!bAVJf>wDl72u_uqZ# z>GC_&TQ;od7jlyp(iaX)mUa=Swd?%L)#!(Tok5J0WA@au+53NM`AVMEN3^CU_2K9p zgYW)UJl%%#0biwdjY6E=&uHsy7Qwb9U1R!^*UU{*lst&i6dfR@#q|Kj7bUB@E4eRm zcmV`0=UCrZ2T&nn>=i_pYboobRu7n3`#H(cbD)(tjHa&T+M}SUn&L z`GLmNopbbRkHlzmLPpjNcO|%p#!4k#o1HjV)ZqFJe>6*08%vCH_QcRZOKGBZ_0&U+OpObmnDizqy7QfijcgLO#a>F$czOYch9lXXZaByAh@a$IA6GF1<$d( zd1VzCE%&C@t7t=IYTG-_-@_!nYvC^oT$^@}Sz`!(C51a8`C%o1_gMVI{GFL>p9F??hJO!@ zc`He&rViek8kM^YkNxj^RMQ_)pcdn|jO7;jZi!^=Y12LFi0lcAJdD(+q2OpSDi@&C zla1kf?2iPbGv66M?b6kc(v#pS!RI&5w(5w`HW1H>>K`5zZQc6>QN~{i46nKLXas2p!P4k z=XDd$$dhtFm=_fU4&C2eCnrRNSkgWQy0Y*%*I-{ajMN7=TU;}i;UU9`3yM`yI(-oE z9~c||#_RtKv;TqDw+FY`HRlJXVkuju_dYxkcqt!TKR3w#Xb4hBwoI2B z0iDDstj znVjOA>&K}xrLc5Fo~u==`(sDLn|!VXvQn;x+2%FxC{uG3^^Yn5jj3@^U5_l= z@ig*kD%s`hz3k!%HXCsr;GLN}B>L0SqY}jX73vpnO-RW@eL+C^NF>`lz;eNB19Kr4 zXNqzG5>aYe!_!z_XraWZtJP?i%tL;6pkDfY8Lf$_%iT(oaWq0UYQHvPra~kK>C7Z$ zh2MAkm17z|PT6ukt*+(Qid+fRtg=ma)EU*83gZ518P#gyhtqKCYvN!_;xhohdbL5b zL%$*C&wI^m`(I7hX}ovBv+Ts-uktv-1-%w=kwyo6D&HRR=*@aN$+-L2ic{asTDcPM zw*0_LXQbAejYB%yyxi4nI4wKlS=4me-PCQW3*6);e63deVdsJy^(wHn^F+ge_iECUhO3B*0v`)m5?Q^nS-kBO}{;%!?~JF&z~<#vJE z1rUva`kZZ8$?&8mutE&hS79cjdw+SevqC~(BJ9HlY99nu?y>jMQAxH23C&uWFMA?JgFhE^46*FI^aGE?yxeyude%itt* zP>R+#i!FCM*`*4G_cA}f)55cZMNYI%CzLejTXDqZefQAQ%qxivFoaiM&C4}e-C+zX-#dB$qB zvFk0bwXALPU9GCq7L9e!qaIh-nqKsYmSr31 zXzEzbl4_BhWA~HCK!f_`QFPyEir{8{MoLp$Vg9(YU0#6OM|l$*g{Mjtx;+`n$$Q3Z zg)J5-m4Qz?WZ$M8X!o^64d9Z^sKI;Y1-kmRX6Ca6hYPVsp1jO?2MykRC@9wa&gagc z5wNlktJg&uIjX_)1I-r|Kj2C81FfpCqgpXAB~e3Q?%7v|sw$FinwUeQBV(*t=)&_9 zIeFjG^LjxWSlSb14>#(vRRaUGKVcXahnhP#Qo5+LH{BSm&^M1w@M!cLOjJ0fX;g2J z8&n!*aacE$Q1uHq)Q%Uqoeg5%AROFGEUd?7BnhTJykg-O&Z@j6^X9l8oDR>Q`AB*1 zt1_Y@hbDSZlF-owP=k3(_bt;yMNd%Q<1iiKm#k2ky+)#wt+S{=?ge{g$kP2ZaVt*b z+B$!PK`xv}YqW7a8)~wkp`WYqTITk%ogsv>l^O_VYbl7kyO09yA3#Xw7#Bxe&6cw9 zKXMBrd3!lAF4^bEv&X&wyti_*?<>9iF_g574)LX2`x% zvdOxIoWXH7F70)Jkd<&@Sv|QI&X2sFj!74ox1HNH4S@z`YSD(VJY^oY1}$%JK2l7# zsVimQfgF`96M7LV$Y1oSJo{>oYXxXaaoI%-Q}Cn|d|q08u<=XFI+;PtqckB+q0eCCwB&im%7@d#?OV=EAAL;G3k z%eSiyypFKS>oh!b#!Tq5mI~DBLjUEuCV{2h75-cv{;MUsD0gN3}>HI0tHto`; zT~H}PwHHrj=q;LSvj(YqJT>^nKh45ho8SwbL1BuXYNDn2HtO-L0gBCo6gT;S-u?5L zPj=Cn=7#z*{4B0*h80nhSRT3e=bkpdCib&Sf!7X|(%lM1AGT!nOgyV|B()l_Q z>MBvOKTRyTw-ZoD9D^x0@|aaLwaGL&TUr-{Y%`FIwPXuY^-O8-L61k1+nPiec_?dg z@`|fSv;^7vS7EawzWvBPC#x2z`BQ+O6?0Ef#C(2InyW2-O-S--ydFd4o{?JErzbMJ z*G-N65v!U$usvtfxZpk3QB?hHLHb8F!b!JHcdP4sHm6HKPu3QK-W8x?kqYRaol@TR zV?-T5dvvFj_s&0Jzn%9t`)+R=jo+De$cUV4qx^w})J*d+!W?OePJM?17;Bq>n16Q0 znGpVB`Gza@0crrb32NYx3x)Vql+qqVm;{O%I^G!GwX-IUQ|SE$0T2k>&w1Zi`NJ znNlX&2sW|)I{K~WdcqYr#CL6@OOgpmtd)`tIu6Mo=KcWufmU#1jea|=u372UaL4hh z>4tIF@tlDi<4Z*8_Fr)$xbmG~0q^z{%=^LuO;KuI2wCD96NaE99=7GMjc<_FJ{3Kl zZ;$kOttcHIl=fBRJ_ShPCt-dIKUluWxUO8nUnktCW<9I4ZEdW0eVZi3d?gjS?2mj^ z1I-vHESbJi)!C<%HJfrQv#sWE#9-;RFWswnjCEC4r4X*1AKczwvK-=`(k}DqlIA!f z_`Nb*ec~ajh7UQ*VoMSKMoRD4!3JN~dVtwl!EN*4&rL9>t&0XhW5EyQ4F09YbK&Vu zw%irjT<(LPbI<#Yv>xI{B35nqTcB*Zv1;xtbM*b6cGFmN#Zq))#rq1da$z;8((${p z{GHGHg+l)NspEr6cg2GmOq7nZ0zO@A8dC^Y#Ksn7I%W|Z<1Wy*e0-y`SKcG{Hvb2j zjg@-aR^Ib_YeMnw8ncaCR^84sQhJOTBgbG~5<=q55RFIU^bOGzccd|If$t999rvAU zZz4ZJ-w2L+DAGicfk=EVGuLu(UsCz?i+?icA6aUQm}b6bRZZSoY7{Cv{)9cQ^it-w zy@{P&N=({AgEfou4S(cAhx+y0Cly7`HlO2Y#TasIjtERF6odFDFR>bu13xR&q@Ux#gz;dpkFzlyCCdQ~QW}FN}SZr{xGmeJ+a>wBe>M zxWO5#b$;7_&tIzAa^&nvSs{Z>>_TyYhA$ek)n>M34#jSA<|KWKM%9~1{3e6q8o1bM zzi7JA4|-g`p}h&U$W3ul#I*bnTdwQHqrD19IZ5#Q8=AlV;{iAO?Mh#*{q0J3Gy3gH z7pwZ?N}v6QEB)|~E8XW*-ZU2L(FlUFv6oEH>sZN+bx~)#B4LYf)@VWs-VL@8KLXu= z12#G|&%vkvefj?&ors+ra-ATR)8AKEm&Gygw1gLIf^>xcUJo(rob3A8SR6Z4GK51#7aDR(ncP=66BvupRbKds@Ue?acuYx!aGg`S zrZYYl(}=4~OPZ-^<){+dn_4N-POxKK)0^|ZM5$d|s|FrbeDNMB|3XWqv;A=Vk1WD{ zT|!|OO+xqHf^VN3C#rg6YV*^f-YD@wi*?{a6oWs1nl>}ph42|m2EW= zUnI^R$~#%qRqiFY()hl)(1Zxfv3U_SRSFk8c_N-uMCFY%R_rYo8DT6tHbi6_Ugrx- zURBTAv^%(9_2Abp=2}>9(plYWgz$vIwuqo+2+7*GDJQFNMp;q4j?iG=x(j*YgNj94 zW|jv-w!jaJBMhZxsZv_aXh$zik)SllioC=(>A0@acywqg|58+I&mW0<{{xQQD-Nu4->*XTo;H>CxuV_1s_~TsONHW1L&$d0V3wMTMTXgpUom0A4)2Tkh=7qBCg=~eW3tOZT*o$C2UE1l z@!58zOLIL>(gIy@Hj4(sgb#rYaZ5F7UwzT%Ovf><1@2c1+8m9Yub%O{eIdL3+;cJ* zTn{R-CQ}({h@2ux9_ckpBhP9LnGR1?SV#rU@R*d(jRd-fQ3u&pWDA3yNVxWErr}4j zrFR>TYOZa=_u#7>mBSKy%viv50WP(A+9s!WT1?hgPb(uTDO10MiFa5Vf*nft6o(0T zO5Gkg;uI-(DHx0#aCGWB*oJbiBRBXM!dX>{_&b*Z7h0gYH54~iW$vS3L!P^}!XzwM z-UcRj(cSp_W`v>~ZK37fHzyG>%ETNzALg?9`&^`3saY?0@GQUA%dICNwjY7vi^DeoYo(OB2A!|&5`&x=TVAc3 zDyO=oIS49Fa0T^+tD6ZM;>NGpk?^_|wQo#e)-RhZ>X12)l4qFUo~GeesCVkxhch|$ zmyAjzxK1Hl#jxCG-P4MS@g#Q}S3c!ZC?<-?B74)e6dk%g_gJ+Nt|^l0YE)^4S+ODa zh}WYUL#oEuF@bO9Cxokjk{*6>;$`*8bROCLnr?Nw%RPsfgl3u%k8wIRO>Y1 zM^??K+YZS1`1=h;c{ognNC?@Dx-|JlSEx@bl0g0kdv6&O*S3X=;_fu=?(PJ4r-4R; zdlMWI2=3CjySqzp3+^O%a0n1AxCh&}_c{BVs#mYxty}l~cy+7Z_|dCsbg$WC&9&xS zbByuLZx~aewG1*+4LXW0*v`s&RhdSCPDiiGVptl2i}88i@Ej~?KJ{C#88v(_hJQS` z5{z6k+PdN&UP~-2%>YT0U|za94jrevwXTCd>_TbhGZ9x0@;)llR!Z6yh(K@HnqeIq z!Hoz1Ka1z-nQx^ox;8_(E-q9^Xh*E9dQO$4{sIgjWI|LdTeF;Co0@wr|DiG0d`-tIdN>Iho( zO^_;i(|`q^20261E7S9v>Nwh{Eo?tfcK!lKQQ>H~{lPl(cFiW)FQ0cRW%3gCCA}5| zNF_bh|4ZlowE0&?u6_%qN+C!g%$6KRHqtlq=z=u2Gt5Y<>g3J~9nif)~Q89}e zZ+Q9RI^Li_1xmnndPA8311Xc1RoW;?iKRZ`L>sxOyoIw$_Y?3d1bhn$WQ`bCG03qQ z`#OcT?bF@g%e@0`${mmk^=|nKCi~an5<#Z_Si&whU{6Iw!+%)py3R;l1yYH?Our=1 z(LbzK$3h7!pji#?E#0H_7mPqpeiG_?2XvVRH06$m2o4bq)3t^C%1-ztawE^EqKV9r z&|!UV19G`@f{w;D6A{Fh9Proyq?QW&+JRwP;G2+y0zA0Ht%he=-7Uy9V> zJtwtAwCx8t3}wl+>RxrRuZ(a9-^9NI+~jnjyN-@!q&Ay>gWW_4*~pfkDFXQPeG8e{ zeB7Dc^ilomP9jMpSRjvvk0Srd)YP=MYkg02X4TLFm3`(YNk|RApOs6deVhb&p`?&z1b$9LI80} zqD-pCIcS4+lG4dxHcj6ZKGCeB&DtjU3CG^Vs9ryt$c8v8;_(dMOeq{&V^_m3GUD$m zonm~E$2LN?P-o#7sW6RVt|`V#4U_k#~T826Bg^S30iQ5|JLEvp-@ zv<*^_9b#z8zro`E<;V`42N1XH#Z0y;{4uTEV*3H0jdZUTlrt_tv$PP*(Q`vrRndmb zD1&r(>v#V1I@xS_vUo@uD?^sI(5Z)nk==)MW>HVmpI+OOASLqB_N}3n)k35&H6Tg1M8rO~+qbva=*eLy$|L z0oNQU0-$=+(bty3DZDf6%f!^D;vPQt!V400r5D9xrRFIcyJ9#~KxJhqLMbSBPM;8W zmMdntW2>X-5K?i5KbPSqU&FWztW zZTQLCcHwyQlw^==y2#RiurC^4S6L^Cc-$B_ld{a}6*4D@}sCqx8 z?^YK3-6p2AsLQ6J{046q=LWK9k+yqm8MF_LzTHybu6)5nVyptKzFQjU+2tUQ4mw$g z`)C{2g2{%ec3O+d-h*^MB~VQN}- zSnJ|gD-KC~UpI`H&cV@K0 z%XN3>gp1H3psXamC-uqVi9&oRkFs(G}#% z!_&gXvRQF1r2@iuIviZu#?$I7N+5Q*+I1FAh8XGL*nVh96Hi)Gljh$w;|Qv%DfTV% z@9VSCWF`Ta&v9>B1OLqIy1He@`6$$HwQN(&<7ZN zjZ7357J%k=_xXCA;=XvYX|I5ZeUU%9rt?+&JUf}&?1BZL_f8hWj}ro9G2-OB*b2Ye z_0s3|m}ljIjZI~Yy{#3-vQ{c_LVkx4o_PY00;$;ddE~B`kbfLSU*7zeJv(&jL6SY?W0l3}=+Vm5xk}~BvNNs45=-$_h@CB3!b&ed zNSR;hi3|lD%i9KCyccLlG?Kb*7=NR6&t#+F3*K0!bt(vbxqF!i zil0{3+@WIb^Ty^?oP!l*%<fHSGZ$saTQNo_47>MGU6m;r@QJ4p)Zr{`gZ>#?7; z5XInnNa1twWVlY2k7Y65LTcfag2B1!$q43pUgBl(3m|tre8k4=cxcg0H{d`dUpsi2 zlm-lB0V-F%i#un!k+EaMR~R`fJv`n(CE203Cg)KeH!nTdFg|T|SnVCgMlL7#Q)Hpi zIOS)_+dq((oc9Y4PS=0-w717x!&^lgEmgi>LFDJ_FDoVpzcc7cClE`gfZw{>3oey8 z;YVv*Z0G1NJlY>Mp&9=I=XU#gkz9pud2180R|(;ElnOd#yT#i#KHG>AWZp;lqc%?Z z3E168Bkc;|L0k}ji&N~FD5&juR*jy%d$Z)^x#v@+yDCrmngyo23^8Y!oNl<Mcp^4@0Bs9X!}lltlV z(HkoV3rF!$l2LEagcO(FxYo1~oK8BNqBoINig0YGTmGO{A>*2MjX*qG--_QJ6sg88W%-;OQd*hnKpA@42!GZ@jMJC~<7>V>{$_IFnu~fFnoOQcXRrm68VzfwqMwxy=K_Gl zBmcVPhkko?du3261PjmXZy2`2*-mB4vJj*~I(BS75SD(-%9Gj|QMQ;N^{C<3`@fuQtFAx&7m4l-RL{@~#4pMHl~_rTEXekpnGunFTv7rux43?g z1O0hM9!CF2$%E~0FX#UrpdbE@dHX{V)&hUKfd6#;zRy2)UyF174Igj)^oR0aPpHw~ zF5qt{e7x@O;Q1XC=e_)Q@cjRvh6c8}@}oKt#@ru9j)8F}!52n3VK%J?F*y<)=K+s> zRZwTd)cIi#We@ANszV-U)fHSv8|w2FaKD@@5y!Kko+l90LK;uG#5PB^pZdI81=NS_ z(|w}zS(WgBm8H3mY%_h?mvQ07nNChuF08(gI6^!aQoWL?bG`njli+oIN;p!FC|b$4 znKZmxQna=}WWSCel|M>atJN_KKke;#mGNfwoS$B>=7h17*QlLrI4MtkXe&3*X(s@J z!tJ5|UlHN5K(3`!S8G(*%3K(ha0UJxV*+KpVuqs~iZjgA0Ah~KP<-D;j0OZ1x##J= zRkp6iG!!RAWwL-L-4;GpZpGNbDFL|SuSO+yoW!~1N~p0ZzNfPM&;>j6WMVbfaAHKH z1u+_7F^$TPay0&`qZ9u5&&}R~o14m%FC)!|SMi8KBMRLj#2=G5M-cqdJMHO}=5fD- zYkJu|sEc(%uI+@7n@E@f%G_o~*?TVj6*pit(6yZRLuY5chtFY8xH_zywG|%$F%ffd zGXr?le>e0Eqe}W+k<2b_wU*X#SS^{9HzV=K?)fIu%TX@BFYdVI=uj?*X+Eq)(aA|d zzNjlIO%gIi^nV`EON2*}4tA|^ch|E|MyY@^M}+cD>U%PVC8{fm4xf@!o-lih>{G~U z&TW%PlBJKa$f0_;l)iOYN*>mQQjEgqJY78=cZ?6+1#<){j52}ffK|ebRTiofKCfdK z4ekv5Jps1}8@!We8ZUYlLjw1QbqMUEJp@DC`=+Z=4pVGwn;@NLdRj;GMyuiCDtL0og8HC=NLiArj+6nCA>5Wf1$L3bqY zbre=lK5yEH8ixm4%&?BtNrPC2qGD=^YIbN6(rCT8&QqfEC`G7I`?mk*>T>j4m z1U-yV&%~y?x|NA5n`+=@+tG1NW+_$HeR_WFCKpN&7Nc5Mzf*b~DgotZ?P(6Hj4fEA zVR%UWt-^1hx8JEEWt6k6BYwpswlk_$Cm1Y(tF^_*aH@|R`>f(ytcq*2zO6Iz{d^-6 ztPuV|Mlm~t$2%wxcTcVcGkYadsX_5=wh|8i@PYs-#k$KS$kwGA&}#;l@Ww zOedz9HNhd4mfaZy0rt(G@SG__!bj)1pwGL{i!NG`wpjAQN@p8%v8h7>J%(Sfl!YD2 zT@-)q{QCD~xwT1(wC7y4B&f}vZHKEsf+`^y<}cnP$iw+~Hp+m;R$WIx@h%$a#C7UU zCLdmuQuFQ*C#`gel>mvS)P+K+=t1uGx?Yw&$!ypiB{Lv{rduL8Ah8VlGCl2d9UUxG zulsBrfREW6v)HQR+Pw8x$dGjS7Av^sP7Om%K^NJF8cs8eSfmfA1QBbcr-MUk%TUXA z8OuOqc`h3AQ6p>!9Gcdn-jYAc3Bp{X(Q@?(;GPNAk#eFhaQIR3IBitR;HNpslAXJK z7FVi7c5QxOg32<{l#9c6qLM!w+Z3TmByF*Y%*>itMtKQOS2muY5iE41&vI}m1j&$S zI94ccj8f|^zwUXR&h>u#k_?yB=OsF=ACY1ua88l9qe(hZDqy#87-^>a6Sa@sktcK#UwKf(`VpzWWxwMCH?fLFhqM7~eNYNa-8K(D8 z5i44DEw#|@M9Kp)M|wkXc3w1IX?UBb4b4d-4Ak*NmH+hHw&m&l8G+Vd;6zt4XqIDH zb|Q2~mZ}Ejp@lSstd8bZJLv_u*_woLYle?5QcKs>dusIZM*o6g{#irtuIA%X zm|(Cj^Fc@!Sbmz`+d&u7uQsKjqCdFDi1#-Nv-+|$J9Le}E1?);BRe@GZA_+_tsL2w z1*4gFRX_`Rt_=#I)GW;p>q)}-C5H)qTKoi##w`zrauO#Z27uB9fI(>6V1m%tiIYhh z64d55dZZo9DeOm=)500f()CNlvMBj@{@0aMB7$|8J~QBF_Uq_E$Fl@{32A|ZcP5zJ zhVclqjJ`J8@HoQg3J1TF$KJU0J+ivR7>FfKcgq5^F`n;t(@|KF7zl!r^!ns2^3U?2 z-N`hnlAq@*!7(n#`mEaf>eHpCGgi){&C>((jgqIm(FX!N-n-Y?7-l6IPx?=3#yM!B zs+O$NH5?SoQe=hpuag|x#ftCfeoD#kp9flP%&`A3kw%RVDUQJXJd$*=Q9U8FX@cwNR(xqCXI2rB zW){1uvFm69rmCgSiN=k`Xrs6~-9|~{Aka%sGfoRrWhrBAsgAHGK1e*{eXnjA@)JY2 zkIh-fU0(9U=@LpV9>?h9Q{-s6xx?dMWKjfhP*_P8tg5a@<4_Uw`T(BMK3wk5sG)4`Yf`l!j!C zj=*+cfBqyI|1dUVQ0I_0rfBg+(Z%$JodJp$58J@Y4PlQ$d3TpDz$c}xUYh&56V64i z1w$|UMPtqA{j@j`mzN^hb=&4vn{{fYOA@YzkdT$O+O0U#BVMrB{16fCPXq@ojNKRY<7FM|}trd7RIGqEXK17>v-0m$#-?XJn>YRKby zZ+gub^iIzIG;pk46V%nz|Ia|XBs9KDqQpK1XsGqJmc2FYyfuNY6tRFF1Im*^9OZG- zv5 zUQ047WCNkZvay4i&R{5xsq#qaVMzT8y={ug%T!P$)2#bb3DQn3c}v%vtME@p<3!1l z4!qoQJgASHqIn=$id#-FTZybDwqP%#9d5XdzW2ge8yLP6Go+|T=01}HMk|l!e@ZR?{m+&Nf zL*cPsTWSkpw28&;;(;mt)5xsD8^*FnU<<9<3mDEit~CYQn77lF1S*f<0GI)^KLC^p zgDrpSug-Oy^pNUAwr!IMFLZRS0+wtaNJyUKaO6>@Ef=8lVJ&UNnMH#-px3JyXATWE z6=)4BG9CC0AupiYRm*MwT{DpUYT0Dp`sMv9?QX^aS`rlbHv=<pmX; z`#ff`glsW*t3@bk!fu90*k22pX!6$usL1$jUU=8KDV*&#xx)7_Lw8vUzb9oesNCin z6>rTzu8{MxvXiH#feY<<7{_%_rR#bweySF#g71lWO^NA17i4P_aT$CXEcaz11NWHZ z0KS{NOQkI-=SsDPl7ZlkuiRTQui*th$_tUWP()*Py2Kc51h`EF5G~{N&Fp4Ba5emA zg#RDo^m%=Uk_T|(!2Zo1fC7sE4+{ei3kxL=z=eU91k=K?fbs+s4O})+b4$&cyZ*ca zCKmQL{zD4@D@g;5LKP)y1@YLkjvA1IV}P=`eIHg{^qU?Vq_0dvcYBdXe6S(6R0Ky7 zY_op)g^vx&SEebuy-XuMnvmN9f@2A`c|ZNq#|HH))9&3~uMwXM$lW%@F4e){!~ z4JKEn&%3=3Bfb}qhi!t3KDKQ?{l3Qr|NjlO{)kTlpXMPrv%HLHEkEX15or z=7QXs5ghfg&H3pUKQ_o;na1q)68){dHzPRhV_WspZ+>jBxiX#F?adhR{lBWsuS^Ga zdqYQjks=Pl&(yhc6+Txe8wPm2?W0> z*_OrhYrPu`u1s5Zdq0f${D9mw5d1b}Tkg@X^KLNum-_dJ?+?gB1HpwU+g6W$uXlsb zmFeAX@Bg!!2y)LwaB9l7(xczx-C%iTI ze~aT|4QW?IU~{jjlx4ia2uHe;tvlGDb$jKlD#_in!et}YXYN|Zy+~F|em0@zb6U>O zYs6FuYu=h=Vs@vM;%GF$apdN0r1Ve$_Uk=7D_^<%6Y~osh7vSFr#D(y2^XD&I{S=J zn~BIgO!ecmFvw2!ReTbfYmOL!5R+wU@4j!&dFwBtN0cSy3xyQS5yOraxlDTpnhI8+ z&&UJBQfXOuD_GiRkMyq8w$I7R21ELR5>2Y?Mm4(4b#iIjY45xr2*iVF!=(d0xtAf2 zf~b>Ho;F)|zMag{kH@1)g^s`4(T7c!$H^Jb7171WnA;tBU+pw+Ygm-=*qhJKi$z=% zKBFVlqioLLc6^MH9qf=?j#xsiTuQVjntm;_q3g;p{`{y#y}VkKteUFf)U#W2*eXnd zsNnqJ4mK^Mya&@%Q>w6rg~#q`uDz{7ANB)NeI)v=QJkj~$#8QJxBllR4BFU9;O5j; ztJRdk&bC6A+ij(lLxC_}o}K5)_Ic{f`RBJ5r_(CEITQZ+X^=1*#wTXs;3CV| zUp_&{Hob3imKCs@sSu4bRl}E-H8d_FX6ZQ1-wIpn=6ej{AG`9$^Xy4N+d+T+OMzs%h02JWEIlQmkIjv#hak>Q%+1_6&IaSna#FA zjvgG^H|<$;+&jO2nR1GniKjcET{KH$7$)ktH6kLWrkyl7WzelARh7k1#Ep9|!E{&R z;&dOzgRi2Rr(9$)7=^C4mq(lSu9A%E1Jt@t_uH=8N)G;=Dq9d*1pn{RuVAPNbFR-* z|Nhd`SmOGzU^%b1eUk{gr;q8b!abWROIXjwVLZ&DP_6?khq+vp@q zvtGN}DYN{Hdv7eUh9(b1D!(63WPi}|zz7R8zONxdaPTF*9M(>$4fA)Vvaphy-sL86 z4!L|^R?I|fANq|ukrc>WQ)O+EclJ2&{AAEyE-JZvVvSna|a*TWryA~9doCd~T zu1ui9DgSARvi9?~DCDC-oi91{>ueK7(A)6YXk>`>R@w~VQF<30ue;9-B1vEw@+`Y}5CA_k?l^5?wr^+G?2u{#{ zE1KWUC0=}hCq*Z!`RrabXgK^$we4G04dxRjCaGe6cRg@T+Lxxf{7+j!e6CZd?%e~sy8tLa?pDdr-X48)Xbkl2UwgDmrnUk@L`Wl$i3PG^w zi2tBL+&}n;b5KTbHC}Hf!5gcL-z}%N6F9=SUv2F*xdD;dI zDjbYZ5P1;a5uevRdPKA1BWBFeCtF!h7NW!Svyl~?0vS@AJ}Co=R*IRPN+DIWgJBDQ z!3gPiu{-LQE*Zuo;bb0PE?#e>^^3<&l5yMF1zoG7{{i*3sMf62pJe@#Mv0`EWVUXw zkcz|wp8S#}q)Rbx5Nz7_#z0v?D7A`21*d*U7R`(QYD3T$^-Jj<34fU-IXTH~nAKqV z=ct!4^_;n~FQVS39s*c6VK^xC->RtGhO3M7x}?yn3X4;w>?sMGRuD_9IG#a(L_u9m zQM;H7FPM5N^h)+G7_kn0U(>kVMnjr@$KiUpNig>DUofEJYD$&4%M;hE70PZt*yzt$ zSq;k7DF|QBNlct|lPhIm@)PH{(%7kbuy2de7j4)KhtI3Cnaezz6N-u~Q?3>R}++RMJ1w1YOL zMR8v;`iGQblV69e`J<$@e*Jv+Uoa(j&G6|WT7&Ho=X{cgk#{Prg-FR2xL*Fgk=c$7 z#G8Eh#OAk91AF^YyOjHz9z`L<4(M@Hxnr+vt-6~!PDL9)CT^c_1`gf&Q0gldpH6B~ z8L{+=&urtv>t8~OoCQ6#F&g`xw4WnFOH}*S{K^1rxaO_6_KaygM*#TK_ zhYJCSd!H9RYKJJ0l@f*JF_&6|At0;hH0n!MTKv)(PfJZEt$8<^7&g$G#pleukj0z5 z0cRyku_V#bg=pu+7PSbXVfhiT!loAK}byK%*2|}fI5G?YF{nR z9b1$F30IfvNiHT&i^Iut2a%TdlVy9zlH0^hwF|767nNCQ_xb4ku%q#);~&K#BQQqu zu(cdz<^c2;+(l>W8N)IR(FQ%IBns1MV(!jC*xuD}r_*+skpNd#MDFlr-lhKvs49(} z_@E70U83>8APhJflKrHqT3#O?FJUE?gTFOc1kn@X(B>QD^6Ua*4|B^^cOZJvqGt|G z)=7K9r=~K_%bn{cuylZ@<#68}v0}84Hd{8fB&3yUX(@}5rP!i!gZIBkttk;s)XuXs zTdT>q&LK2n#f19lULlxBux7%p65o744J-dBz*@KyY|Ec6MA{9aCTRY|WBXXwm<>Z< z^Z=Fv@+lbL)xxEO?9z;X``)XOMkhx5pjsZ%r`;Ns^t1#4~>1`|b5;_`G7=FvP0L$GBiY z=d`t?-q1mpJ0sy?*ay?!B(}#Y=-S47<=TOXX6TvZP77Y8p8uxE%}6{|$1RM^=8__` z;0cUML&+Ig;o<+--R_3zom*|D&snH~9zwjSFxb!x(_5P{>R_KEfhglXG#M>11IJ+k zH;}E<8R4$QUN&AH1JJOfEE+9Gyc|c^ahZ~)95ev@2svc0WTr#_rn~UqT~*CX-rvLA zG^mzXrQ1dM-W45~{=lfaeT@!7rb8y&m z{sswu$VSX^`X!J+$vcK7MEkJ~gp6kpvNj+0$vl?g958;=ktHmDsCJ^Dt%9XPUZs+( z798s)K$X!FfoeJgi24g=0flB%)J}lK5p@^&W7a^ePCH3pHz};tj^VeT#ZW>GHR?#> zYn!s2goh-Y}&!z_J9_SsJ#xX$9O?P~*0DN;g0yZ=&e8lx1+Qx|km4%X|2R zFhe3RLNjK~(VGU}J`AtY;l`LS+pNZ$JZ+&xH8~uDR9or{K1=9=dOGo^)t*uYk%)iW z`Cjii@_Ew;9G=ZyF`>_(>=AU&8K@9`f{wduf$qpMbX69YB-84SVc1+oYfQ%%aJoDH zvQMsW-yDk{GHgcm7C*TAZ<+cu4Wol&T)-BvSk~=39*D+kJ(0qwmi51VXoa>i2Qc1d z30QpJW{vy=$Nt{7ZFB1g6r7T}Q!rGDnR^H*JIj7LxY7A@YmzO)G}>PU67duw`x>Q2 zGf`4`Uc(=z86N#|&*3^}8(0|Mu!js{)Kn@}J3^pSk}83*QjkxA~ zdI6ucgo?qJ&U$O3BhP}-iPljiKU`Pc(!<0Pm&=N#G|PW?Re0LKvkU;;mnJFTkQ2UC ztrGh!C%#E4aER!Ru!OAjsAXo(kMl4GC*$Vrmc$Gh>$3BOOVtv)@)_6AbW`V)wz4vJ zleq~4NPqG@19u|9?6#HCwbe55E>6cvJ2SzR3Vza}pl_AgVc^a+MvL0|jM~eg z)Mk#?($lC?iUrS4=}F6m#V;JJhQbr=GFkY6d$L7C-m_;|@KF8tt~7X9EZxDKq=LN? zmUa0g1^>FDRgGRrwQ~VZ)*5Cw?JMhy5u+(5=-OzK?t?OeSHr05O8!rwvzL1e#-hNn zyNs8G>kr}-c@WM$!UzK)eAQLdUtJ}$mb_~N{5pWiKlNBv`poY!j>V6|@jcM-UdC9J z7@@T~q)PkqP6S;cS|KJ}+Ofo{0a&jeZeigEGF0qm`;oMuR921;YxA7n@TFLL3|!|k zU+ehXiBK)$zO+xoJ~>G%kM8CYu}gq)x>k;ug1pL6opI6g*3hkcWp?2+RAAV3zedIx z!!$PGhxXau5ctA0jxHYa{=}FT(brAtt}vBN)s-snpPm)Cyto(F*AFSxMzSD&4c9D6ovFbT^Cx<@RNmx5WZ zHm~%CT{8J+7adT%ppoq0{#Zt@a*RkguSnvFcauQrD!7BbLxs{({G&%^(RNfKWClun zOix<;`4@YucoS!S7cCmb^>HDd3h$rewxrY3SXMT-+4QuI)6NH@fU=n67aQXIOq)~5 z?^0Wvg1p3?>Azl-&vZNlVv?K#ze}BmAz0eyOb#Wv4$(+PVXbVU+j1D9ppGngef=J^ zW9~1=YYZ|N?|z$AkI|Km?d4Ek$XoUV+fRyA4<|sK zCE6jn(ixv0Cyks=l^BH%0o)`~OSP&gK6edER!Q?#S2KxT#Z9JCEjHv!mWo9$^hmJ- zkoiehdp`mRg@@U)%L5jmy4rT6#-nyFo z1;diC%NI5%QFku@t6_%lh7^df93(OLO$Y6%eP_?`#(oJ#B@rMNA4s!Pb<4~km2Cf zqKtp#g&+`-m+%qo*nNnk7|7`;GK)m$;U+(5AY~UN$3UCr4B5C{&E@4kp7NKTl(Dr@ z3;Ypc6hCOh@F$X`5dDXgb0FN=`)=8jplotUA6|H=MhQ%-D-YJwjiWb2sJW{#q||8E z#JY9S9FE;W#CbcEVbd_LI%E0)NAx^b(%19oD2^bj9`l+6VHv1OHZ|2)UH1 zcF`GtCz#*R0?V6KcWviZ9Smi)GgFAVu7%dyg@=zc@K=u^afrUp_EkcRw>3tKv7j+G z<>Z>xS;%l5%TtM2#{Ny}g1^#le`7GiQql#d*=vs()QCD!EC^!5eWDjGGgvelXIQrn z$jR(=ANSZX6R%X&na_yLzcW!TdRgm%qkTz4lXJ699>tI5hP9Lo@~2Ie0@bN zP_#^?;~0mk5ZkaOI?L0k_HJQc_fl>tkl20Yp`T*E+-0a04NiTbF*SP9MLhE#qb0;N z1K1>!apr82NaBPDqCCpnGCXUJMl}X>YQIzpIzKPVMW*g&^SkqR3ih|kw2O~%?O1&B zt`5<|o1SD!U8>l)Aur%O;WmzV;cfpwo|jdmeBDVAAv}8t+3dUiq*o>`c1$F^Mkbg23Lk2)(y_vfG97;1S_^O@_5S3e z|8F{qpbOyrgcmTUryNfk`S7MhV&{5IvzK8P9Oi2{zJBW{z=8;XX{W zrr0uPM3c1d;*=sDW6g!kr-)~AMsPoTv^M`f%)e3*`zUc!;C_1?S2?J&sFT%do9kCM z!ngb7VDn?4c~Y}LAYh_Y=epKM zD*Q6$p_cl_OdxJ3_)iI5j5Xn@cnfaXC?uco=>ii1ZXOc8Qy6Jlc zg5;Scjyha`DBGKtxw2wdAr2xBf9Ll&$oHCp&xUti_SZTBj0c`GfG{`2?-Hrhw1m@0 zHGp`Wy1}AVK7Q_!e1#=3yMc$?=Zs3rWg|i0gpg4dC$c32hjLU^*a%J-dQLzp-%U`- z_G)G5qs_Re?Jp(gLjO(7+b`hv#U_>RY>pQzzr^Vtag2Q)AO3;?|6pD!W$}w+nG!aS zWDV&!5nFyo2jkEhoqsiF?8`>(J(_cbN)N4h*VV8UcXd}Ng*Sevp<)2tHK45gU6Nk` zpW0Z%*9~t+Cq>8n>V-oC_P(qnA``jLaiiaY-@(*jLs(dNUg1T*O2eAotsJN{#bQShB}iKAB$Oa?_#ea%CWGn^U!)!A&3 z@~;&AJK0MxiyTU+L$_ z@)0_8573;C&FNPCWj@-&r*i=ogHO_PH!x4RoYaP6 zi}kwzF~6iZGfJw;8O-dU_duf)a}ZylVc|n-nO5jmUoA(sl@x9MM56;wh{Oq-qgr{a z`d~ozY;rewn4{Bzu&4mda%~Hz~0s~8-;qvws>Rjp#av8>R^$<CWNn3)<`=bz z$pNSZKdKIdyB*gy_4@tRIa>0brZO9wq&i zR)2Q-cH4H{WiOUa>djd^m(quIr1320KJ?Y8_u8ma*O4N^sO)Q3yxMl(b4T_0NxU3e zcN{ho!{PWcsff|S;ilNxJ+H34kq*76QmT4=oBsSmrTIwup}q@eS@?JT#Oz8;?dX|j zgO!^`i1cU$%+b;scd|IterLJfx!>C|FhH=U}$7}wVirQ5fqO3fz1 zr^eF0uMD*L&8bB+b2X_B`@r=*oBD=JvF7xMpX0_CngrUsD>!I7?8S?(-{c=%=BTqg zg22_WVsP(JAy%}34gKy!7B*iUGck|HnDRJghd39ERT2EO!l(l8_z`dj;cX6G9s!m( zDDW4ftb;nA2m(h|ChTyMYPH(cJS#1{kj7!UQ0o@5Ve^e!%~I>7~kyJDvF)7E*<%#?_-A&cTm_e3~9A^0YEG20sXRAJcjJ3-b{$N(VpM z(}@gJdqaXFuELD*f>^xD;W2qW!D@HwOSbD@l83Jtx>S<%);dy*7B|ZBYWOO|aqSNe z#8MmIo7>^4BG^Wb5Qo9RyrC9&G&Ro2V*w*57o8c6mW8OP!Ip=?bJ>{Rzy=ecl0PFI zU|^)Iff!Q*026#~rdFHM9R4AAD*MUg_lyPv(<_~)#r4W}*}ySUw0(L2aV32jHJ9Rt5<42fbTh|=GWS62E4 zhGizSD`>K3Q}6F9VtXylz?#dMYaw~ia0&2?mgdNv_^ z$1-X^8X3#*GQx9%Qm*FRizRi$b*|+V!731lfI#+@pg#o)fyvKI^J-xoI|fP_6|}V% z{xSV%y$LG?BB$7nMn?8G${xhy4=;}sS@d@z9>PLK>-LX0KFB2WG1m%4f_=<`ILRgye>l~plX@Sgh}Q}>*pN>GXo_J}I<=E99)z`H5B*K4bXzfC z6A%f>MU5@LU;|!qPrB&Ltrm8p**H|#tuHW))HC0%cKa>Nht-p6bTFJ zYU?In7^~9=JtPqap;iDt(tVnDUJbTZG^>0!Bx{Q^C?8s%?7z-q_+|5DF3Q%~mTzN+u9Xnyg`iMLLZ#&M^9dM2GKn+vCV zBqCfEWdYT&<=o@#v2TZE?f|OOFXmZ`ctRg>eWi9xuG(H=?QLUd^<4>z{(@1_BR&>d zQBvSrcTl>~+zO^O{f_DlICOJo)+aA>s^3@fHh5VuAGty^v{~7iOseOR)~tH)m8`Zc zL;BtJD{@C@oTmF#d(afV&|jF5iqE4;6#;ql(k~G4y8%O!W^%2Uf6ecluGhyVlCavW z1-vhln$|?V!1)&Hk11PCRY$F|5z{U|*2?2|1Eqhd&S8|@vM9})Gk9ZPq#2tJuGhJi z?oMqQpPv7i__9{fG9Mk{{4-;x-x>hT2$0tCbGs)fj6XUA%zBEuaWNt{5d;?EAq>ZU z`8Zg<%qr6tj*&&q^-xEUQ&J~_O?$gc7E35=L}cBUT~zMNTL!A_>ed`}tYdxu@|OB8 zg+IizMzyPo!aj`n0~Yd@Pem2JpFcgkVZY5|#el*d6>zw)lTzp5#jWJsT7rxM4*#Bf z1&N)W$74aY4SWr0r|@8y@w?;_M!V%(B*p1xiWvjKS=@X)RR%aKXz87oZ<63$1*Yc} z9pyk zXC}xw?YCY=yK(J9m=f_cbmabc=u5f%4v&zC`(DJKa1!^|rr|Q(E|*!)N}5$5 z_BQK?K}n8OfOUYRL3)pOTD7I{`w>ee_?%Zs$^NT7>fxI7aeY5J_s>H1^_Il}MT8t_ z6l$a$C#ZOZL+qI8Wy)L+v!Pnn{)6*8_LP`<2 z*o$0Q#4KHwe6)^h41Np_$mt!7T_kV{X~kG92QeASdN0NA)2cIB^O55P z88gvO+|t$clZdV@W?EEk5pWbQW35V`X6n(Uez``xH3F&GSt#kvL!NrVhfAx5zdDF2fm?``s*#?MF({<<9UM2cG;6AJ8O}ZKlyo2?mBkY8QaR`Y>%J zeSmd$gbufUDe+Ld9M-R`=KPrDW^dS_rjD$^XE+_QBl;K2rsCN&`Vwp5l_7lT2B>fw zBoMQcc%VR@4|0@8yG6wU<^P~B8-j1;PDK*QTo73n^qG;ks&|CQC3gdnNP=`+D?@}) zOq)~y)2$<1YmwB3Lms!Pi5!niO-76!<&lg@OLg%_)^5e|_Lp#Q$%k=&!Ps!wAIi;} z2z2mO=Gl0nU=J{txwkvF#Lg9`MoW@)ISiR6AVto?y`Pl%-IWW=N3(#&h#16B#hxH4 zy-Mx+yn+#zjoG532B0ZxTH>UrMn)KXP95i+aiudqL0RB@&8@n?iOILqJyr$aPwYlK z!stS*4&RUykQ%{aMkDe`pHm?sLLppt3WoB9J)o-_3b0N3nc7Fm&jd^7s~rz?TO~}# zlaLS#9Kk*9uQx)qT6p9Wi-HJE?{lzw8Ex!lV{ojBtZKyC#&YZ2O@_Xza7&}&i^mwm zsqh5_pk)=ciV+bGEKhrB<&MA&Yl+5>#e`&V4SXU=lIpA;#c~8$b`d6Bp*6Q5IDLEp z4mtED9`suAcPXsRU16!|4wxLNr)k5L{SW58Jdmoj`~R4yC}ScK$IJ~Gij0{KnTJF& z&kmBILgq2TF^42`=IN*uAu^OQ562iPGNsHzzh@ua_r3SNdB5*<|M@w)(>l*y&u6b^ zJ?mNPnfBfZ<1e^OJvqGRuh3kr?Puar_0!DbIu|=`V1GRncDG+zeyHkf<~KCH`1@lx zrb314ohR@fw2m`}OTX;u3ecvB2nw~ivmsS7x-!p`U2f0f!nP#CN983%UK?I8{-sJ% zkSp#~p>2bmHtxgYL~S-5#Y|^4Eq9UwFTC{z1<$T^8W1_;u6(nF8A?bj7tAZ@dbL^hD-8M3Opj#YikQ=#WTxND@U3c?)F4g(hf4Z=G;Zs z#f{zPJ8L|Ve^lM*bJDfGr@5rWqB6OjQoA22+}-j{Pa8(OE)PG=;HWypo%W*oTu?49 zir(=(mpr`432{1sC&B85tqvgq{^fF_o1D0o0RLSI&N1^71`Pc)WU6dB7Ww){)I)M4 zDJM_l+9^h;&EK;U#Qh%kp2vah)~RZ>RF%3pbnki`LowlOeui*B+2@i}T<(W$FQZ>b z#jLp&kE7!BIPIxisI(QA6SN+PEdGGGgMV%c$AvC0sSmrRSzglhFeQ3f!pf2R?1l3L zO2UD@iouL{=`yN=u`Zu9^`1yNVVoij(S(7Kfo--noI|~V@<^ND^G8l30tU8E>L0mw ze$JbAk*NRJTh>uC!Cp2N6+7Rt8+?{3EQEaT``Gfi;};fcZZMFsh>0*iOYU_S|D22y zG8etuCoXg%y_o!z-S&F3ZiIYLTgmC;%t_j@XETWvYrZOal!R1%OyT?R{bN53x71?D zmb}?(|Ft@|-?TQEF8zS55o`^*9-H#p$cn2h%1S;#hc}rUeQAER;oCZLh{eXQp+Tih)f9m(D@ZL#Dev?&q@Q|eaZv&D~+&c2R<^izfqm79h zaV>eJib}Joqbv{QPn;ZQSH zT%SEhA(VCgx%8-alKI2dksWWE51A;uCMVMCmz^#ylSAUi=i8Jw#@l$=E^n3Qn;*H! zRd-o#uTm>%d&!q#fmi#jXVeQqr>wE+yEo@)`>M`tsNUUFV4SS{HhNQBhhJh|p5qmj zj!=J%6gP<^d0(v+@j~Ub$sWq^@_Dz|kf|TAb^p9iQ&XQlz5ay#dmW1X16z2HfW5xB zFgzFxcB~B^hs1#G`CyZC{n|Lj4i1q&V8vA!6atPy*3Y0Zju_;N1@sUH<_B!s9y+;= za76upr6SQ7-&Hh98}J!{S0##Kkg0ZenIVP>46??ljRS)QS)kAOZVkE{!3mKaNc12I z!IJ8`4YGS+kQgL-s0LWoz6_hU;PqJKAFxeiHi`-X7lSeZR;OV&*!=YawukOA29SbvbqYT1f5s|NYg-O2w8Lix-te?j{E`J-528f8UkL=G0b1The2jnp%Cm) zo*g856y3&=@$(wi!zcuL0SNE|wlKbpT&P0%Vv&cDZEzGqbbJMatU#j2)-aB#5O6g( zyPJ(h_`XGBko8*_J8rxD z(Cp6PF|k(NKa2$Rt~>-8vB}yv5}kc`Kxu5fSYjMwtw%wV1IAmsjePMRW%-}g8Vj@r zY|{e+$4LA%Z>(Ou><*6^4c@m3HD3gL5Na}|+s^1=qyJf=|J02yXzmqAw6bU?P~exn z(OvY|@ZsUufHOhXB2mbSpLPwEci{!_ZHF!~^C}t`3~2Gy0CE6$2Mm(`AJj20MBqEn z7&xOPfBotYnByMC8TsFZ!~5xmepv=Ztm|nL9U=hEZvV432BO4&YWiO(G1nMve~Go9 zD1=c18bpW=@nR7%3+Vr@J{B1?#`VA8VdE2uyaHhY#RFet4fRL1~t4vcTuuK;BB!8Z_Ut{emhJUqG;^kl)*32*{?7zDPdh z0~~J-V1L60saVw!vST<<-|#r{1<;-}Xd%-FNO%F#g9X$}>pwsvC?iV{G!W?VwE@tX z&PD+=P%#IU<^w=cWrFZ34#LC0jV!4UAY`n7j*KrdI}QTe+dKeKg9_jnEC9sn1Bw7o z1hxXA5C~^A=rIfe@(4d*&TR((0!x6SUV|F3y>t*DXdOdvj5BZo=>Bd5GX#e@un&k^ zfq*AUAkpmyT@YN3zk&pg@!do&)PsNl!GV783P}IuAv24Bmt&Cr5x+c(O^k!05KtP% z!5Nv2(tz+15AFgg6Cv2|VUPzF7l;Ac2eM`tjWKetgM)qy)Z6<0Yw4itixu#BjI z4vuXfU@Uu}1^(ZFtQdGIaQ49Hok5g@Dr6hbt_NhKB4I(1z)&Rk$4FSHe$7KC3$+ja zT+H4u0tgD>iB9j!{?~6D{1_O13^9I;EDWU#`!$|23c)eHKjH*t2jM~ERY zBrrc2I1B~{GX5G+0i_1qJ#ZS}8xA`A!1aS4Pk#l6fCtFp!$?>Ha9CnwV8@hy&4V(9 z8c1Rf@G`qUEqWK7>iSCo5iGc}EHN;641$G<1dcig5gUI&y#mNKEaWEWj{UkgzrM_0 zB~5`sCa`IY?+5Il4zllq;>cg~{zA_Pc$+9@ufq;_>Md>1_#l6yc7O_hnf*T!Ij~+I zNCgm~AiM`Uz(7I&Tj_qqb{2B_K!f$m@mK*t*_{rL1|&%ZfXFJ0?=Cc#1AUOW|44%< zb;#|58rfx+hTx2l=wFmKMj0Qayl=@YF(fc(P@{|=0L(}k_SaH-?2pyQHxOqaJjlX- z1t<$g$-@0Wi$lOrFwm6YFj;(H=Aga&1uzc1iylVS@1YPtfxBRW3S67yKM+Y^Aae{3 zO8^4@7%>b6ph;j zLVv#G-x3jWQov&YiKHR3ZiB}lXbumjfkZ=IKN~w^2&@`Hx-@-wJYRkgKOj664KUI1 z3YrS_{9DEQGc)i5z+V->QB-SyoCbap^AEgBA_nsK-JpnZz@VX6&N15d=L>QJl^%3F z`ioi;AuH}iu*0j-spbGwt$q=F|KT`&5E7I=BJ>ANpni}BUekp_kRX8ot_V04_zC{| z10KVHl0kT*e`W@8_XlhiWJfq4vD0*M&YOS00^Z~If`)SK<2s|k{2S)!PnpO5#Eih2 zupJzQGBU#YcaHJBoj-BN{DgCMe972)Mz7|K?p&d$)4R7n;a>fTSru~ca|n148jO!q zfHx5ZGegsVViEm`=NLg#qOgiA@{ue$t>!}Uy9)lytOIlfItB1-bpL)A2uz`ZqW}Ad z`zZ#-%^O70pc1=RKVU;5obJI*KLP*ZA@^+XMt|w~LFRPe zF)H*Yywm%QqAC%C#70K&Gx4v}&v?M~|NYMn{vTC_LXg*Qp%AC}!H^iVmjE>=FdsZ5 z`IC(QR{Xyal|cwbA-MU`cTJ!~U<1Wfe>Teh6XK5y;6{yEILZ*%<~VdU40s>uUu^P^ z-2W#ny^Day1C`c)1r8t7*cu>zRf_);2+I%)qAzGJ7=`*a00P17JFr6{MpuEQ9AG2P zdjNfZ6%4{X8(tp-YNF08b6+4QdP1F>3WtG_G|#JRTTugZ9t`@PLDW;8Hy>mWPM4M5zK-4g3LE zU%@Gn~`U@!-U3bjad+u`Bb zfWwEPCN%g!)IcMJR4{vdXgm(Y@4EYrqJ}&^G+B;ZIXs|{vMRF51R4#dVIv5bE64aA zx-x+6X&XU-69Sxud_FW;j`;^3@6x~2hoA+O0(4me`X$+im(Y|SJ$wfAno$Y`V5SJH zWCPc7=<0yS0oM+#oA06QAm5G#)8)=f+=s`D_?Pw~z|aE&bO$PU=geL+W#3|Jr++m9y?S>Mb@mNwGR)tuRhS@Rf7{PfZ7G~qsWTG*Dh!scOmhz zV-f7qV5|V#AO;x^@ces!w;B2){{c@`^m_p)a(>ob%u7p%Z9ilHy!$E$Fj#nt#%yC8 z0TQXU>hwMgv9jb}@iZ*MPheq`wNWNm0>L6DI}foLA+g$<wE>v{|5VKl}Hj?%CM zT`nxl85H8!PrT9ntk{9#eqYTCbcy#9omWh;{21_jB%nOyY!pg#7`ctC0XpP{qlo8Y zQ?el#jnx955G)?cSROPW!_udpVu={_=>RosilbL-X%IM-2t|#(ZZ&pzEIQR1gWO#} z1LJ$3I~~w~g=2(w{*+TZg^x=JLJ>&m*r0BMP*#wvqT~<}OW_l!5Aj3c7W8`K5G3#@ zG{ysi1lA4a=jYm4#4WIlZEW32L4Xk@=O~2#86uP?Y?e+YLcpA;RlW+W9`8|7Mh}A& z_ACf)7Oo9Cy+|H0&b4tK%o#0YPFEtTEjSk&K^l@YsyV5=ktWqr&XaWC_df*f@z4L z=Zld$4H3!~LI_w0AP{iPOV7-&00Jlv>h@*_p;V2KsYrA&SOwleDGO7E!=FKnY_V+| z`?`9dY1&2rWsT#`f68_e!c#hHBOuoev2m`oE`0<9=)YE7h+_H>Jx;rBH)$yLUfP>@L1&$yrL$fPnj5ni5KZ2oxjzv<#L|#?KD71u6UU zk??Lg1bY=4vxL;g4*zX6?TH2Swv4j#I zN+TPjL_@lxL20WZed?hgjzKc|w!u;IDX;f4AkH7##AZOi6AFJ4$tk}(3ziS!KiOJC zK`!iiRyP9dGr}MjfsY5)LWhBRl7~FNY%}ojr{O4!FK8Eqpicn$X@|rDLNM>bBM{th zH1G!42#$^d)L~@#v+J zUSQ5%4dAV{9UgC%6(xt@FWmz!3fOTaka6K3_4=w3QAVIf*DydXG{zhhd>dJDc=Hni z9v)=`q(V2p04`n>i+A|SMZ_Xb!xIOfideva{yd~S%+s|d7f!+)Lj`#Yj?C?nXb_dBDYav@g=8n5eN%Zfq> z0S^xu2-rjjdIY|Z)qtx0I}-gx)7dC2;2;*21L}?=O@6>e4v#1gM-4+Q78~mp|FD)(knUU376hgbEPXf64kkCSu!%qbQII>>Py0#yeG=<^y_Pn>JePa7iQr22UU*iS;n5v8(!)(7x-?4MP0#PWkFcc91d zJp?b-?_&|CdcoE*ZG;h)0iJ|lv)|96!RU%5V$MvXDB#dpHHt6`rTxTvM~a{nRS1y0 z9&`|tp=h^I2njgLmyJ@^MIlZ?90=A51bjbF3?b$Llmbs$-;3MBBATV1tqa4l!NCL_ zL>Os6)dC?BLe2|-LZ8VQIEoVF;KTB=SS6ymu}JBO7xr_<9zp$vb(=AwL%;8=kjZn|AQni-F*Qo)C+=lzkV?K9YYO%f6HWWzWa37rBcbiF!5- zoh1QstyBRj5yA`sUv2PMP&I2^kdWUKI}q^u8gNv8HpF~d;5&&v7L(De>D&qyD)1;& zd*Cpu%W}F75wV|0KdwUHdDxl(i1<;UDFRR|8O4A>p=+z$_u+Oa^F8 zX;|hS63%XJC|5w;G)e>_PzWxy{b7o7{5kNPchIK+3rJI2zVmI^PU3zIO$Q)=LG71) z*a%*QQtk(!dn*t#JL;lT3}8mU_dF&Rumno&nu-uJZ?NKp^nGX4jJfLJ1f; zKxzX?z@i|?y*mi@X_T@Kpwgf`2+nehr7J|hT||GblPCRv%^cmgO$Dm}Ja33knevlH zITawJF=jx6D}Zudr~>-i(}Ul&A69AcAZY9vF^IL1@c2 zV+r~4ai;`uDt5naR=`dVU*L$K&n!R6WD_unt9lx z(3o8~8X^4_c-fM}+X^S-@EsYU5Wn*RW%2{220ACMhsV1BDiNbNvhVL-!T2b_J3Daj ziHUHa_jN#jI55i70)n!~SY))!t~V^ZfH!xPcYQUT)Wp881H9Hl`q*IVfR#JrfR%^- z7jjQ4XQPnSUT34%c236CnDm4o=h2)YjC0PpcV-rMsfS>Rv$ zs9DK;@fVk|XZPCYBzWKt74-?t3tL?zHB_LNjh%aX zPQS-N+zNGCyGSd3Mew)7JtmYDLd|bNs-N^VUE3@&`gjgBs!@|BIXA9s`?1T5?`nD*2jY zyYfeji4+TY@amorMZ%gko;fiNXze-npJbdIzUGX$-1l0BKZv#Yqy@L3*}4m3Z(&fe z8Bwvu2fHC-#nmUi!8Owq0&a6l=4;P_9f;{=U)#LN6ccHE6H!E1Mv!o>yop;rd#O`b zH~nplV$a5$$G}F%&0b=OHx+Cj-+35*o-;a5ogR6P0w+N9ez1IVV7a8yC;EcRnvGrY zo%YpHiRhhO7SbOu!rV!y5$#cooGy9CwLs9#^H{}bIa%f;o+TxZN`goPgT5YTVg(Or z<*q&uHjla%h-kNjyw`ZPR2o{ics-TNig}?>OnWT#|j{y(lnm8 zDp0Vx7j+E3nufKB_U>f^0|aiH5IN;LcYHa0Oa$ zg|P|fR7K6v6^}{D-NmCT_+rIPW%Vt_Pu$zJ2^ilnw#;je6VH`?ome>YbwERq5pP>%|(KTd&*2Xd-`8PCNA(L+UtGd$ztj0rJjBo~_RagjA8n_;4K4$Rcqv#&1qfZv2Xy4E_ z9g$+A2Tky6Ao^K!5SqN{gGgXiE!iaU_urt24uWPpemb#8$tr8DL({D2kRqMUGcWuw;HlTCSasr9Sa`HTjj!QWsK9`fc* z5&DMIyTH9c@lNo7s}3Tu zP7n2D>#2K7qCGZ4DL;Q-ZPfbGH#>KQmk4u*>aK2S3Lw36?$}=~Kg$<)p~1~y2Hmxi!Vvgu#lgvu4F(r zH%_6#0DZXYx25{HL7n zxDadi>Yg-J)ttD%Q=RJ)!>l_om65t|qDz*?^xO3-2~^P(XS-{iADMm_WgrtO(IR6U zw9~nt{J}z9;C=)R-HU5GQ>rZ^OG|D%?~BRw(}bdn`a+LHucr~7U`S3JSvmJgQ?$cg zhw!G7{-fe=VT$c}6bnA4*_x^XH?EH4R9CVL<>lTPUy}v>#67!wUdB_mZYSRIg+DCf zJO63HCSzy9DLwrMEX^`F(s)|p?GIQh#W$vw%^?3DFkz`Zb(q&L&%mIeImNYfZxvCqG^;*wJSFAO0AbrgaKw9-+6d4SM;$ zBb*)ZAe>o7H4GXnS$Ur+b4nd(#QY&KXSuFnXq?QEG0%9Anaq(Xc-Vw&o+*8KY;wSZ zsOd|no%fk1&X|zN<+{lMC&o~0iqsQ8HExIOKJk`%;!HNs^d)5S3B)&gNrWk3IU;ia zN}LPT>IGeyMxKz}-X^Uf6XM5A9?LJhMe?1D6~Dgl7JTR~Fl<6<%hOi-nv===J8bpR1`hp4U)&4+(ydv1YAnNrfkuR^ICrIW2I=ero?&y}uAe#o z4qm;qv79Y+B+r@Y?{{`B0v|alQWTN~ZZesa8mPfsdZj7HGm1pM5RJW-Tb58tYTSv;wnN`(%cjKw_?msg?=Fk0=5j-g*J@lyT-Dh~D3=_xl+e_c= zIhq!eM4yUrUh{b+J+vlqZRG^_qe)y-?y;gH<=3+egjVyfr$lwL2GGk5#A-EGgVUzVvlh!#ErFx zmR|q3!xL;ObiHMu+mmRHe2=*xaO)M0o-v*5Da+>2=Zi;suaaJ1&d+ldB~>ZpZ!DQQ zY9I*g}#)g0OV zJD-(y;Njg_+bNymW_;(3N2@tOYcBkfp8=C@jYpz!#R&H(YS`)HP=^|+%EjAsryTi> zoq`@#v|ov`dws`+mshAEu!E!q~JaXZncJ(%?| za%rCSRO8OK!Wl-N&bw%LlEtz0Rr-lwc}KZzmqLnL+ukp&sOUmHREi!*PnUGRyS2L4 zRG{^K@bP%kHvV8<#`f{#%CjMvBzK8xJ z?yZW_?J~VlGq79tiQ&bj$_+0QBX=$_(FYk7VHPS|M)|b1vd4qD7nH*)>NsweTI~88 z#E1Foh3JPqKYP5USDmwFljNn>mMw!q5u4ZX{!m^Y=}{O@JAIQ|9+DojW0LW^A14_0XRP&T}A6C{MVd))28s@#I*rZvNenCCvHOSF~OPrwlnXdCSXJsSyUo&D7CM*RkT5S@a-W9=|+$CheoBV63Wv(vTHc~zH`OZ^ zs}WE6=HH#4pMq)|VfJw@bYiBHFOGE0oUwUDv@7j$pR%<_MdaKY120rRQT<3x%sJaB z*PU_Q?bj_41|<|WN5M#?eUDj-MZphY0k||S$*QkqDb{r zP8XlmxkuKSy&l|y8 z@!Ns9DV@|oGaCw|s+YJ?OOv$MLZ97S?JO^rbEmSLG`3Z?7?iBWJZ39 ziRpH5>by^jzOJ3h0NbK~op#ZkR{o!)F9k&X&bK0nez@A4thL@kr#tqle>~<#dwE$)6R{?_+RM zP6nKD6^w(CGT<|kT?^i1sj8Zu`n)qsDSyuP@zA;ac%-n@cA}qH<;SVn(BjRzmOkQK zH;6Tjm(ms1mO{j*XR-(?&b~s{afTTQ7`f?K%`@{A>y^FNlY7>rEmlV&oAR))LJG51 z^4{^zPG+Xv%1kEP<;lnVMna|m*(FDx^gcEGF6!;X6#T@g)$^&%1&y2WT=&UTMT-I# zUV@2;X2M(&+wu>FUZ^}XdADQicQ1!-ml2;Dd5~d?qO|u^=_X9 z;?;?$3!ZPh570{NyGx@ZMr6`^R>4e&?zZwM^Vgy(K5lB$;pSIvNz86>Fa~suem#?CAad^f_^&(}v#@66CD% zUVK_Dx5;}xv&zepO;~eE9Xu~xQ1F8FwTIKkXdhLBn8D2(>@@$8>{1kl_!rlw6A$jF zs+lpPK5BK1J?@lF%IXyi2)p_Q*3p;ixuR5RIcCMqDO~xyD}94TDXyC>w0bM~<+e{_ zu~yTPwf^Inm$%8w^SG8rgsbC7*XQ*aGS(2Ux`}3e52x^8quKS7MoOYXcGMLH z^6j&D7MlzOZyS5w6noE78{ksAx!^X{VN4Ka_a(3GJQCrVPt6{gq_xTVzWYY&l!o%X zQv-7rcnj;K)k;TSWHE-CIWd!}GF=i)YN7&W?~&Bl-2$daLmN@ALAzgmRsQ0yNgL&$ zcZgsFokBUdJM+MA>S$KLXug!~ zCr9^&PV2&%kmpffZf*nvD)_>^_6=9SO#$-KRRC55TSYCNYvb4A`<#qy%kO*(E`Qoh z^q1;kd>3t;z(8x2`+jQF+(lBFEfx%1ttypL7X>vhc-&@Z>kVFLjyUPuxmKPNv&_3H=*QrQoN;zpim!>uBa>22%N|#8_ju#Pq-15rn46>S zB!5A!_MO^rK0CcdhtQoz-H#lvDAd=-KjOarZa_csu{?i4tu#L>Nbj|B7?D{cab~8b zcn4wR8yxMe$`>{U-R1iFwS=<>SI_&W5=+z1w}+^+D-CTX4nF5GbaDN*mT<>+(7fD~ zui(Y?74COjy>1u2d@iwQ`>O)uu;)(sXQsQVYXby8S4aYyM}d!mpQ##+LIwT@*Do?SI$%KKAG!^ zghZM4kNWE%bonTG6pq+X;WWHgdHY*$UE}9Rbyerfwlt$*1=*S-b&1~t7Gbw5$zg*> zPQ_1)YEe67>Dsb|Ic=$YllF7;0BE@mFd%}cOl#{fO4>abO@Inm{;(2c0V z-XAbZ6@9Tp$t@*viv$6W<46(i%zNz$*}N4S1oVkoxJ5R~{`uS%K@9@Qd=u>wQ%SUE zSafFk2*sj}PP6+l`d$!pO>Pn+nhgbTcIG)`ioE`j)7>Sd1jpIM5_2n7EDZ5 zdKtGF&%Ky%{f^V#iu$ceZg~V*j^dB+(>M0k^plud-Llb83#DOuRK?3*XduG-a3zGJ z2~l~DjK-EAf|XGdmRUxt9{)Npu6_6d!^~qx{;CzJ@hCj)s`8IMQ=jtdG#~HYaN*!| zAaB8$Ho1I?Gj^1NJVZ-o#37%L-jILw3+%U!Gt%q19rwCN%{+SBF@`rPWy`OGiaenv zjZ@IK7jEj_3LCrJKd5_>y3P{!rNv1*Lzkl^Iw8%HzU&q^CB@q}nztp(!)!9YGH5Qn z4LL6t7x365--52#-LB*;8L@DaB7f*ff%j8KgbfDuYH`PvPc&V9S6N3D*!0}fRykiV zrNQiF>wDV8)HtvyM7TE*6Y2Gdu*@iP;4UQ{``QK{#S2#4iK3EW#;3>h9*bEKhfqWm zQ$DS`Y@jc|C8#JWrp~B!p?nQo8&y*^soL zHI)6{Yxb(=uduFC$JiRu+R*CNxx1797AwGQ-H0qfQQaq3Y&6s#%+hZ(eZQ%%w`>+d z&G#^KZLuPug@IC)KX-4I=;T+@?XWMfwJ;a}I}% zBH6i$ds}5K<=e@xm}x2>z#Ci0`8g;q3^i}PvA9)KaelLI=(BP>@uGGAR#R+0IYW~^ zyRIoWSG)=vm#m(KGT2-vp-Mcyrgv7X38CfpsGR%LToS(SmOy!nHZ0ydIem*kp4;KLCxtH~0Xc5Y%kH75<&v0udYCrs?`Sy9{0rMR-txpA-Ws|W{kvbuM|H{vr~D+ zz)oWL*^{-qot@F}{R~~P6<)*Obr1+dFeSz6)|blku0B}E2-0ZeoTOe3U-hT>78(7d z`f)AYb*IIdRi22Ev)}s)c__)uowtUlnrFDxa4l-7l0TEu)U^;7Jk(`qq5~o9qUm_l zy8>%%Pw+zEI_BcT1x^dBZY6ll#Fl9~tuEUZC{SnZ z#QR-H*C;o`PN-4=PSJ2mKCWwW!f?`$Ot4ItFTW)hBn>0vd#mZ zKZknBHfG`Vb+#f)JF;x}q*oCIQR&8Ow(&hxjttHb^URy`8|@5sS7ZjYCmQ?xvbe`# znuGJ6d8Kb&<_+^CdVxI#W^pwqA{Lu3ju#h;i?e3yo#YSp!)0z77_=UCO(bznW@JVwb#ep(XFfo(#Fg#r6y}ApVk!_%_;~ zA}F;V4!xd#Gs!*Qx6yMrH?zckIO+Pt@VdV}Q%m(@hcSW)!%&~c4%a9P91Qb(@;%2S zN9^yTtMlzgKkaZ{2Qc|J>0T7tGrSI9Nn^hnnP=PXallurM`Wn&|M1o35t(Frz*mjA z&}dkP2OIxj}bmoL%9#XuvYf>Wb0jR{`|>{#`d2egJLcks}k)ndEJQvXWi`-Jg;gYE#xpvR{u$UAdf zK1DegAxnJ!ZiF9AR_`>YvmV!dz)HzKlJT2tK#an77~cq;d}{{&ko>%5J5wy@2EVbG z$yeh6>%{t(iOpiotF~0i_X*8N-X^yvBQ%?(+Fi_B{mWlil2}SU!MO;yd5!z4OFd>C zc1Y|_5wu0*}0QWiX=5Oa>hTtQH6au5s#(*_Yu&;=Mm-HYvqqxgOO z`B{Pl0%?w{sdJXMS)I!+Y;TP}86w&jNo~HCN`9<0;!Yea#+RTlcVOqT`v@ovRrdw1 zi`0XGCyD3N)QebBVcHS2u{2*rVan1$)oz8L&@V>!+4%DXDo}))FYgU41syjfHOPz% zqf8Ygh}mQ4>#@)TS~b$kDP3mIzG;*%&|!JW2sihW0~Fh})SfA!)Xq_EgY-FBDB@RxLq zdZg`Nh;!9RWA=o$pXo{z8YBs>y_^@^T@v zKDur(bqRlprIyBqa8E z$V9OPiFdGVoT<(IvPX6qlDiNtCO{!kshPtgyV>!y>G+rs2Ed!aj}E(GjJKQ zvzn%_0tDI$dX03+ZUtS+A2VyK^bH0giy$4I^-A0aJQQ7s0Jxz%o{;q_dbu*UapS(0 zU>$v`*oJQ{s292#Rg({d`WHn*$OZYr=#zV5FK}bL zHg7}iPGViOh7)5V_OLF1pBebQH5?4XrXnl*k|{dE3KCMKU#ThEX;m97`t({~MY zEfwarfFc?eW7G9T)GofP6?TU*9wlBBDZW^vWTI48lHg3!Z~Nu*dS7?JV^5~n{+|0R z4b|kTnv0*YCvr+07#6S~x+3aRPnLgMy9XpOK1Y{XV9&IRJ>gva*5V}=rsvjU&r`Jd z*z4zby{Z-$-;!K)8+EwDc!{jyn0!X)G7nv_TN__iK-Sej8C7aPg2oJpP)s${x`Fh?S=~jEC{^P;0Aiz(SY2d4`c~4n6*v1yP9V+^ zelMC^{)Xq3yP}5z*GzYlrLB+t|4aBQ;H9M#3m$8HU8$68{qQO9@@(_7jkVE)i?d($ zB**AJ3*ITenCj*Aw)@>w!C5Eg^Ws;I=U>Te*z%2DbIS*+o)8AlRAyN2xJou&^D^#C z_Q?1&PRcHawL(|oxg=@ltR3gd+-<{t5vR2W^;59Nh?5z7+b4w|T&JO!$Dy(yB|*!y zS$LzC&dY=gWybUoDz`Nxq(1BujpMk%FP8Hg-+h0n+DfkVS?WX~bgs_L2qF(cw=@CV zoVd5k9kqL6Lp^~vJ#R%Z`LrezPgQL?it zoQcoc77UnO0WqxDSbvM<7-`KYUk9R)V=yC<#3l> z%B@f5%wtkl(`vIi))gjS_Hd&rZdC;7k_sh_r7c9Tq-QgbBI#yMcVr(`BcU^g-=LPP zEx(ChwfO}kdABm7H6l-_q}!coCK~D0Bty-G9N;{&iF+X^>TLO|cHA6NnL?dZHMAK8yT9d- zkp2|zn@7qBw8?t5NOWUMa8l5hqc4@MSm41_0aGdW^>xXqU9+nA9%^gL(RJQsG)PVX z1MdsRxl9KnYrBjUu_TF%)KNJC01nbHR4`mIvQAIG6a$4HN;dT($&>GJaw<-nE~ zTDO^Bum}qfr^-CKd}S@!1)g1e@dOv=^#p+~^O!1OZKk7VTU!6*wCML>FhO z4Dq9}jK^?MTdISbGEJ55ofLfPy7(RpIT+_>Up|+3zR)$WW8te|I_zfmWhb^iuZ&N; z>O1!AlSS$2&tLY=A`#!GhmO1!`r5Fqu|oWsb@k=8EO|9&Ppr+xxQ*J+8hV;ly76uD z&C|1+Reo*BUG?Kt1KVf`$H)#4~a5?o>;fBME0jH~nai z!omGJH1hw$pK{sxJULQ*mC#i0=K5)$bWw?D{I5_*S#t}$Uf^(wU~E6oIOxuU;gByB z(e9-JmfL{kyW8*&SY$60mAbl%A3GR-%!2~Sz0^}AQ}jI`K4xW0Pl-^xg`$o)*frzu zyl)op4s~Zfb}(FbdH`Zvx^%NW6U4AB?hG;XV;Mk*0}P%JSZBs$HN_g1Rm?EAddvX| zXY(L3ixhj+W5bjBX%HmWprATG3wqqf;JuOH(v`U_ptCKqpbkaS^m8`;o}Hi#w_V(ZZ7yeyy3lr^ppnJp^Ngy3pa*MH_KFdL$5yx~P{MyN&HQ3O_b zByi1jn$-UW$a4Xa#i?sRvD$wA_CrUmSWwP;uZ7oN7+Pz(KIzifQ>j?yCpYdjReWOE z&Gh*3r$i%@oO#1vJk{s<%xj89(Q+(S1s+I=4ldCM$N zUlhHW=n0w^W!KLkX4jsL_SBNm7k?2$#)O@)H%?VwX(!JJt8%{Z!Ns%>bZbnqisgg! zqcO`7UKg$Njt|eTe+nu)Lo|1_2p#8#M$JhRES9y{c^tu=^6qKlQ#B1+5j`h$T|B8H zpo0H26}T(V-&e~tjVZpIk3Hxnv(AjuE>lj8R^ZYd9ZCaf?`0}VLuuzm?gjGuX(kSp z;}57_K4&g)tr%9v9ahcXIsUA%t*J#e6l40d>(;`NBeT_{_z!10KgplwYwUPnNqI`~ zHBl$0_U3id#p-+8I$6bXg*u+kzn9I8mpvt+FLUi#RG#GyK9(J7gci?X;&X9Zn=uiO zwF>4FmT{zkU)5fJXRZ6Fw$z&Y+RpaHZp%+N;>5T}L7Lij(&T5Y>!vr^mZ;2yspE+6 zx3X`fh;B?ANoA#c*m2H2euB}zej(jMSf<_0QIp|Fr9XZr&c}G+vW5Z7gRkmx*=4yr zJ+bPZ@{ydJFUkhhMK~i)WgCgOG6y{mrpsNp{>7rJ)=$sgY5hSWlhK;$k--~jrJKXx z)rD&3>O7wPl=NDgGDqW=Ekc6Vo!3Qfr3p#(kQ-b8d#WV;R(!PjQnxefDe6}Cv$+a+C8GyzVOf&Uyr_JdL!QWnc-^Umj{~b zuUoY2a5IFy703(RfTi7^NDS}$%|Ph6-2zNLc~Qf%h(_%yF7*Zf^Y9d>9)T48CY~dG zu}KoVY4c%xPdFG=d8s^#sS-|Hj4HpRRU7ws=k_hkS=@jL^+Y-qF2nn|J2^eX`kFVN z`{7=>+R#e6!rDzBrSMuV%C9Jl)$uG-aL_Ch-#6}=3M0m5yf@t6Y>dNNES`9yZV#}X z_-$%gZMI5%m(uBKhO~e@Tmpae(+O;f6iNBQ$~W|4INd6)u>%N*EF=2~3;kF)oV zYU4qx3gP?$bAVmbR zog4VQ=e+0samO9s#~5K}?6ucgbG7-*`K-BD6q$@4=yW0r?P?3MEb0#UJ`1NsoP;m7 zOYp2_JQ2&Vtcu#zxs>`NaMhFZtTtI8a5<}6Fqdva`lKh}7t>30bFTx_ry1WSSfS^; zQDG8i>gzB2pStS-rhNMLOD^vrL>UAGnWp_EnRVPDthX_e3IXCWw>&=a{X$6^ouKr( zPXk7ed8691-Lii4wb*O6 ziVxm?)Wum@UwIRxA3&Bmm;bffhbvtnjRsk&nKSL{E_6Re#f|I}kKwJH@hr0u&NK=7 zMYefSnc};VyYOa2Qu{uqNJuG3MeeyAjA%MIXnp5HThzy8k?hw2XM+YSXRq#AwQ^~B zEAun9Y}0nm+udF#8GgRl7n^tB{gtH6oKBa|eszlzfdfn*@TjEBO=T zdfE(0p$21CUJD6#4qkN!N!Kn`H~h>w4REcaZf&ifPdv*)W8h3LpUvNLh=?n~JW1WY zm+D!q;U)|gq`woAO{j7WN1?IrRHF;?7ql%kHH9?8#REeyAXvEReE znX+qH!~O+8He>uHFX;^nuZ&@XD>5hz@!A- z*rGuJ(!GkE%}^zM)98m#A9(OVTy-6u3_kR-ReRTYOMzaULI2vl1U|eh6mArts+N&X zBs+4gypa`7%gfACWFB%7jp(;+mTJg+QPG}Jq(WyR2fST${~IKwJF#^0%sy8@?so~Z z+*?uh#?WyR90)WZ%#lEuq>{N_^6lm}x7N|bMOLpz&v_XQLwa~s(L~$Y;V6QUR0bG0 zio%`of=Rjy!T*-r&CbuTVWJY(LYBc%HRATvxk-QeoKL^7in#u|$p@mo$k%gn2gWb; zZH|3qb@wb5s~@mv**-e_r9aS4%S5JyQH0Pc4h$rpxGHv5}O${;-v!z_aJRH|k-A-vSU` zO9ovcm4S7 z$tc4|2QM$Lme0_vta*y|Pcb99%ns+J;7%-6W`Ac7SCf0$SL^Qr3xJ2(96pJdqD0sW z@wG(vG65H#7#*(+yU6iDiB8{pa?|+d${ydzU;i4WuFF@Ce^ty>6rkfZsgYhp`e^Z4 z<~Du%h}?60@2Gby9Sd{klL~ON+bi-gxlaR;J#Bj1MIB!vyHKG@COP|o4c9X(tJ`Yn zk8eF17~{iOA!2(+WGH!avWr8^_wANUNFIN~diYp~_}y5a9&u)>vg?1|0u%^+yuf3^ zYPBX@xu{q3!p-G}K(9SI9M&zg?Lfx=fhIF!SyD#v+?lwL?j#PH`f1HL8e!(K?{QZa zy`C-=powxP`A{9wgaxTRmK5u0zvz!hP;GW_+J7ia(URNL)Z}0kSy70M@MKU;Os6iI z_h!(DOs7tn?}ep#X-aO6^w3)%>f@7IvMNw*5sZ!Ed;7?$4iXWxb*yJ%$Z>eLl&k>X zc+79MU}32dvJO7gO!}m69Umpe5956K+IcL!xU_tX1V(};#*U1mdgDRLSnr9sPQ9Ww z21X`I{xt*iy)=PC)qDx055+kvlqi#Ce^HboBN(?K|GS6INxb~;{)^@b`aizpk7#A6 zxJkR~I-0apyJ7Hd-00hbPcLZV;Q2%8O^3l!Ed|u*)uGm1K(TmF^$>p_ z7*l7cuLY4(lE|a?OEfLE(;gLwr)Kk!j5mVxCx4vC25YT z<)7M$-9{K&a@hm71p-j#zMr`30+*^o^zZ0$e)+8S z{Y0P))7a+fpI)+}Q*i_|BN&s@kf3>&l&(}&%h@*FODYs&ze-4{BRpa5VHq2JNrOgQ zW#U{FesnF?f88e8*m5wdE49yPMqcRE{?zY?S&Kx(qe=amyj4W9@UZbjpf zu%i{>iaQed)aUNG>qMwymT={eqSQA3Dy8G*X|^93kv>3bMpNmlx=l9I>tPeF@UGw7 zgTNf}zk}vrZ6{Qrwwf1C0d|zUqimvC8DA%nBKFZJE0#iY2Y zX+FOuV*%b$Y+W2?&l@+GJnF9^Aq4Nwl|_qnSMGb#eWEatCw-0D2Y=~Vw)F10PX7FN zw2afYVp3|*S9ysRRm{GT$p}2*eYHKc zX4e0SgFHoJ-p^R&I71Y3+a_4#vn!IeVtreQINzX`9~^nZF6WT5AtBv*>eZq?5~Z%g zKsIbVw|hcqhw%2Zn-oh`9Hrm&wpFUF%rMde-IUxe;;5X1*Y@C|i(c!Ckc7fjEavR{ z#vB}WBPLv&=?w=61CZxj0Ov=SjLHxQyqt?S%1 z9+rgtI>H`W7lA;up;sE=y8GPoX)4z_Z}9ww!iTAVlIFWJ{n+6=qmWisjJ;&7Y#4%z zyH#FPy$F3F-z)HrP4&5V$~up&1?}Pstgj`hjBt6u`+21B)^Ks0qE>I}O2s$Q;jfOe z*)rpM!AFSruP8l!lH6`RR`-UST#!;y9Ik-u9%u^vlilvFx|9AqLREOmmv$}L&Zv>P zaQDFRj+(^%?&z~fq!_w!JzNYWW9NKKg`VmKYi2ecU1#{}=GhfjD<>RE_odmI^Io{C zL=O|Qi8R3vR!B0CZH$PApM>$mJmTM`V@SIu04u<^pq}`&6C)9Hj?&>>Un;$fy7jaK zs!{f)(scU9Ft5*41GU_a(5F;TrMU1O4rilL7LSId+Sl$g&K0t{3}8)4GevDmgN@$r&W39wj(+#K1P~S75BU z8QQfB3c+Y@hc3@Qh_mcref`?+Zbt#@JDF#1`JCyi40a#5iZF38u6VXeeaICMFf-B3 zs5)JE;p5lWvSYIxT&w3op@nW(lmTjL3i3;=wI6NUV5cBeTVE9DfVsT z#SvQ^LUMFR(TH+xd3Q?m^c}COdtf4{H-zdv-AT(rfw-{gUQ5zjY9Igg7fPwZi;YPe z{LSx(9M}VxRGYIw&L;8l3ROMomTRF!Ydp6dg}uKtMdB(G$M;1=q$%F%wiCj*@?9I0 zUjFqDKOmw{=Wum07f-)AZ~T2-h}@aNNtHenp>KK=*RaSZP{)x^0b^_iIprgZ#mbu5 zVk+whTgZW`HfQ>CbgZ({Xb+z)}S)Va@^=o9_Xn^}dLt_)#ykb)g@DEOe$Q z3PT0oIE~I~lH@ID+RW`=NV%g=!>f~(u1=&BMTegde=j}XHc>hR-d2v6nTCC=-z@Y_ z;OF+f#(TpJd1B*O|J*5>$0X0p&R%+miGESx*2-=00@*!1{?|L%VE9?Oebc(@X{Bvc z{JC9EAdeCJBXy22#n5$loTLCV^Q(?1gS3Id99QBAV{m8dMSQ-xI}w7pme?!8F_UW` zF#1^wO!9ZPgk3L!jaTBf9mYn(jrWGCwp%4YrB{ABDK;UHFavz)_?`T*W8{N|LaFPe z2aX>(M{=vsb@aJOm7Nrb1i0;u6}`aI_;=br12T9j<`_LkMq3*~gNwcW7gnZ*^xZW1 zzq(T9T3ZHE;c~C%+{BD2e(g438oU$PB>0K1RAXhJk3~)QB zmEWYTKr;5rA0UPsuJCIRHQz&_@ zo0qk;fqF6E=(`57^vI&+lQEQeQJ#U?wb$L}jL=Y|_UgqTZZp* z(c3vgo6BWdykZ^NV+_)L1?18X8Z&mAfqKL#DNlk58b7x&L@gN1ci7CgDiYq$lA~=- zyJynbeDjD7$vs-__{vLDd_4l5$TZ}I%V&y1m#))IDZ_0?%MXK?Zl~(MOKFk{9`nHC z>N(YJXVRYtkIjKo>)0oCWx*6|E-@A9BGlY&l|+o%VLnY^H|BaZOraDnjfsa(7HRjtw< zRLBo3;nb%^QGtNGV)yuNdODwN(X?2Bw<&P1u+AAsccm6S%!P;AJiaHu zB~UXlS2{~))EFivm4Vrm-*ylk+LL63>9==M@(cLpjSSIIMjlCoT5c0#;2gwk6BdzF z&Z~`S+-Ww=iB*C++8@#JA0rp5C>Z&Dxx8yex8$wXtlXB|Dfg}4Tv*+?;gD{SUWRJ$ zSu#SXJd-i@f|P+RpfCEM0Z&0)aa~cPe=e5d;J7V=aw2{d`}4AH9-Tn8g6m;Zn@Y{E zm>Wc*CwPK>-2f?;GP8y(tuPKp3a6)KPf}t?AULcCGYABdLX(<30csoXNP@KUC|MnMJTx}Ei9dPf15ByEm zK>m}@x9=Plz*|!6Py8X(x#1Q2i&F;Rc2KeCNC`T$#q##ZbsF9CJ4cN>D$2eGyC)fj zHgab3`IQAkxm({F)6Zc2pZkufhS8ezFjH=6mL_?^>lWN>`$pF9!+>mA1T&JYs#?|Z zr2$K=yuo*FD6?o7tWXD0y+E`WIuKKLH>4%Vq+fkIjm7AjcArEO#GT512HX1FrN-xe z9{!kr6yvt3-6gM(dc$jr-WIG@A$`n%&xe@muFn}4@lpHOI^=Gr>0T4nt4cDN-fouH z{6>oZMyznK-cVir=SjueeLZ&NJ`l_GPFK6TRM%DSV2-cS zJ`ir8{z`VE0<;R z_%d>ihHzL62uuw6&uKA0TEOLDF@`iS`^&gFB?CL}rkC^CpLZND>MbQM;Z@L6cgeO0CSx@0Yg-|G^MK#9}xIPW-@nXPk7SEjxBF~Oma8YTNxJ>}k{`O#> zzIxJ=kbtTwq(OX6!PQtixavE=(rIdXtlw{x|yBZa90^kMqMgy~0nmQJYcsvM%5BUkmo^p|W1HTFO@ zA>D*=yqqQybzM{UE=SLY8EGsQ~iWky5*wQHDXt`&6Qr54Y}9rruas(AOsdtw zyWDax2!@mUGa*~()R|u*2hD2e9^NG(Rr$C^O5?TqaS!pCF8Y+uU6S_~8^8p2C^Ko=jX${Q^Ld!PUAsjamIYLbhZyMfAFX z^nr(s0;)!VQby%?OmI@(#Sx*A;vZpMyZn`r66aK24Ll8tfoKpqO#?<)0+-V|ET)3a z*-cP#`9Zvm-I%z^P|*H5$P8N8K-}*!E3I94(nsW- zJ{VQOo<+Qod#2RR)ON_p)AwH^G^NP)%7(h~r0h(=MHPJpF{nCHyEouDGu8#BQ#-OW z@mp$c{|tyeQVsQhN~s6(lNz&D)6bYQM5{exU+qngrKg0s z*bWi}$r44pzwBa~CnaalQKpJ$AoiQO%63bX&NDt$GsB2p&R(}JuNFDzS`tnLJy&(N z85pzbSkEEWJZsK2z>3(m*|xMBbE~);yKmC$%)7N6P1QNV|G2c3Fh6mkmkR7X#m+z7 zrF;Hj1K-@r*YriDEnR6{c-kqHHY4RYNA^NNQBpzr+ zWZ77mIX$LN?y;0=>iSGs5vXIsHeGhg#si`5|3hAir5~ona)eu$g%axVR#A-p5c=CN zFQO@B>!|_op^cp-zNC~=ht}_zL}R8T)r_+j1DV0iseV89bBy+)`6I0WmG);!E?xru zc^%Vz0&xJpjm+N`Kj~En2tiQ5SH1K_ga8r6r7u6+;)wg98dSB*Su3_Wu=7#qMQe(Q zf*|rRkDDeSI134RXJ%<1S`%F8J|*zFHGl1{r&QG3{tYOT?3u18bse5un|x$<=du8jUhH{~x+%g`(qgnVTc|I;#p8X;)4 zNx8$~Bs3ElCsHv!sWt)F8c=4(DJK3l@fI4dk5mWv)Dcz?VQ!ZNez?U_o4fSp{0p5=kEsvT>_pz`Z+NC7xjmh`w9gA!TD2~U!OlQO32;r`s1+m zm?2%x~IldS8h z{AHbbfJ?D1XD9>-zag+8*+;w*mzOL06m|-HXi*7Gjl9YaW(0jPd~hbEhl^>o#=Tj8 zKL!M0LGq8N|68zYstKBu!=BQ1WIvmPsn~M_=7b)GArlxbK93&Q{`x)+1!Oid${?*s zj`}Ce${0zVa-WIR8SGy}W3FTXpIli8e;AN75nfZ_r(sJ8?;|P@oXUEBcHU1!Ts_V| zG}!aP!*BN1ZDQW(#8axvkO3Ys64d{tb$}-z0qfiyb#g4i0WErcG|Hz=Q72J$mwdh>uaTMc1e3=VJW!F*>;7F6oBH&C{QVR@s!V{ zmGe(?&MLeJMi4=Rh!P!O7A|ck2f|>HT`Y`z0dlyW+$?rExzo=Q^dtn?waWA|R)F>&W^xBM)6vK5s9db46aBjj!c+ zmlQwR3&raF!ZflYr#qE4&3(QOTS-!v2ANluc>A`bD*urR+z;q(I3v8_9IBn01DdI^ z6UG5Dc);QJC3g_Wa8WNh8YnGRi*VXSctxV^i+z)ylL#r5^r!slCCz`{l)=c9?U-;p z_!NJX{LsBJr&sbtzrOk(*WTo{w;OH?^B4F|2z=k`RA>!+9z}+*@VWRNMX)VN{uzPy zL_e+EYlkpg>32Sa)lwx11g3yL$B$z3XonSpEqGVhVHs^dI}*l;sd z5gKK@+9h44zZGhJGFu`VlBz~KqXbc4Q2<(L!-a&TztS|O-0YE2f~_{gW)v(7>E!m< z%#(?>12{gY6^sI(*(!IF&k*gW3tE|lBvdhV8fxYg_iFY$wW5q@7BkVGH58wZ zx~l7(S|%we8tpF_i8C?92-SGD43!3ryNpd#}soC`P~|u;RmO zQ_Gs)L`4U%8Kk#k(jOgw*Tz>Je6vi|quhPzoy{5Y8c-FW>GoeJ4Fa!!n>o2ns0trKtBtGt#BH(f#1v}boe zKRB>%E+(R!0Di1Pe&?Y>)W*Mo7kFV%193!IJ*6%X!#dDITJcV;k4B*oW-2!;Zf7_d z617yQva0lo(XgnOW4VcMHt+A(pJ&(J^GC2`ZYE-M^Y}H?jRCBg7wZK~1l@LJnBP(a z?)Kt=smk~Jp6Er)@17M|=Nrn(ddzz5IaH&n?9^M+Nc!MI=??t-f{zebRZ$X>c%Pga zNIwxR4&2<$W|+-U(m_am_aNd^-;U5R|ml4%J?ko#1ywLfqgyYgj`N!Klz{n6_ z?;pq^C1mqZBvO5EW0$epB%8SK_gd0My}Wg|?nVzaXwdVQOZae3mI7iA(h z23S^2oaI}O*~rc>in%KlurBp@G`#)@TFvgFb)diS2q~1(cG0~?av*Y!ZGxIe-(3^p| zo0EoN!kMne9j7UDtz|;#-Db9Uow^IvcB(m;hRi!<{9;S3zc#(HR2GvF6xmYZ ze*SbuP+ATUrb!lM1b38RhGqX`|HG3!$kUmtlfaQ;nh8>>Jt_mx>ZIMb%z*m^-b>YV z$?CENK%W7GltU}hcDsDl$}b8KqT&qRRVPNw(zTgXCcOSTl8l-Q#65R~nMyOn#CX)s z8d@I2fuhV>1M((Kh}j=pAP z08gC{Gtpd{8%S>xNiBJ@R1cv$umM=3($y7 z00kSAjXOgCu0piSG1mr{|3_+dw-K)rl_);ci%M`W0Q~eo_pu8tAVGady7Y=&cAIF4 zn{{*2&X@)Fea87H`7!Jm;p1(3cx`?H4&&Ohxid5!07j+{g|_(kJJ}^DCjgD^FJq1+ z-6%LIxSGl+XNzl^x-}&8n&j0 z%2zt0+F}4IT{m&R=Ju!JHP3`zO9iq%h1Ryw%%!>}gTcCG31>=_n-t6C`;5U9GtlG{ zSp`ICocwksF z=<^SKy(rc`wsDg{mjZxfsclo-zLP;Zv6*hU++eT3XCzdQc`wibl#Sr zqU;OvtJI&@ZSJf6+9O$o`a;bV()NIUoPt(He06ze8I53rSg0wVYzN@F1{C45KJ1P_ zEtOZ8k7i^P6nY?u#?oRCb{R1=veqWWc#={CQzY=gFD7qkhn^QtJ@b5|zPf1xZkx5- zG*}!;n@Ht*gI1B%q*e|X04GKtvBq;Gc+(*mYE5{_5KLl_LRKP1ABB`s&{le>la_y| zsF)btFc99N9CDjfihl8y?Q9FBe^mTt@lF_I~2d}Uhx^d%fhh~hR zs;Fp4j=7{pjL`s%B`XLaQ2D3EagvTQ<`cK+_kzN>w~v&TOELCfZB_v*o?XdmF51;` z53%2BWbFFUH+KT~XK>wjlskAI{_fgf0b=PB2)MzcXp`R55m_~^48`_>pkZ12@^g4v zve$N2ubo6+Fo5?mCjK;$$!7_}$y6*GIhJWT)!1t+wRR&!4I26U_`D?FSE*7W1$0sz zB3ZG)(MEAiU}ZS=)K-~O1(&v7+ucU)DxTw^LIq%*qMn}x04t}9P6(jC57a(I|fb>IXMxH3=A(A?HJW3tn3oP z(^5*O!&~5s)zW&lhfSzNF-iP8llCWQc|5wtC`#PG5d`;(&hCn~L>QEWmhm=`C0GMiTNLM#m%bslFwzhvu|@m{|3LY1`$U}-j1yJL3VzdBKv}5?sc)QNiO{q%cs*8iH!`@YZP1Gx zoLyn39EH)?D1E(&B75m_2U+lM=pqb?-u(03)}wu;o_AAtx*4o4_b$J}p?2*UO}~@579H%m_O!PU&=1_mxytIRY5*`rhdLhKvXn7%L`Ko!`F|Vgd`(X1pUEkAaT{EYe@q-L^ z36-JnR#^eytd^+<;N~WRy!klhOI?Xx1oqSt5P;LRU-ZkZ*_ol0HtH|56wXb}WA-Z7 z%roVPQ+=)EZxkMD%9|l4k}f3}>--BC&~|Uc%d}f6ZI*C?C2NlmO8g6ENP5?a3@po$ z=Rg&xV8`rcG)ZZdrD0$)EE#(W6}~XYdb+Wz-baON1m>#>nJ%cVoxaAA@1day-HqFs z3Z%GJF$l(KMoNWBHKQ`t6skTOZ@4-%-ZJ)bGNi{s0y-sJS?;E$-(`b5D+~~vv6Bi!Ic;Z@KDKmzaZ|8CKVm^s$GWie~y(I7*aXE7zM3GQ@ zcI8bqE2G&k%5$=TjEOqpd7yG%qgsT$a$9un7Ffa;IQnPSinGT@!tIdkE#e4+>nB9y zWIknxUPOqX;sR@QXJlF2LW`>0N}8J$!a1>*ToOO0DQ@hDV16K)VM;FsixN`-^-K7b ztB=&c08HFEP@bu32D2Zp>)861wbYlTYcyvdPb3MyOePE3;M7V^5f^k2mqt|?Tk+OE zV)qKqi5N1X|4Sn@4@~P5?Q=k6Fq0~%Fs9MnahHH`v*Ak+@CfmujF+(xZmzAVc5c6C z&Px_4_we-c2g>R18gWb-J~`?1@eG^f(NhBmx+F?P?)Vr{fOGI@Nf0jtpY~f)B6U(W z_T5l;0oQ*3K)`t}c~H}MXyd~!@=^UDMx$qId25`Yr(x1-MuMbhu-_EKK|O!Rq#bI zx6MKGAC9*P!bPx#xm7_)gYMGV-^9rhu3HTRDOl&MRjxqBvYQs{mD0N7)IGMEsQA)o z70bW(h(Yk_|NmdjYB&Gh#JF9F*h-x3O9KFa99TUvhx_%{g%<~>kl zA-K6P0u>m$lqE`Va^DlSb$J2&2ih!`^q>#ejeG3s<;hhe@Umt5d`Nw09_T$0bBMP0RQ^Qz+? zUZWPm3c!3M^pBrc`a_WK?zU5Ne;5C8SF>h8`2BqGok;Ic>}xN!c_qg7K)>TJ7zw53 zuAn4I8u59JSn(uzbi-dx{j8XB=a;v_6x>gWRjDIZ3LT*IA09$Dk|uw<@2YNW`SABp z$7Xgj;AB~=f6Pz4j$&|pu@Z~>nHwryG2_Mb`OEv~J+Bm%Y@{hYOQ0(quY+%(JFlT78KWT5dD5)W%#zL_f&t|Rc&jTN`&}WD+?>tUj=1$Y;0-~5& zY#ztdBa0zaKNp~(!wG43bIw)kVdHnDGO#)+h7!{$ch8z^h4a4WO17%d6q{lLGNmL5 zhlbnFNZTVZfCcJb)9V!fwUoG0n;jNCyTs)Wd)Gv;XN6zss%DDrq>H9G%8n-XFu!E^ zeG3dpk6JclZ=K^S9`oDNoR5TGP!_#^^3E$bC|6j;P<4W@vZGUKig;H>#f`;!zpGSp zVOQytX6}v~d9c6~K&y_}6-_w4pLZ#@ZYS)yp_9JaZ_^SR(n40~y(IiclV+Y1rsE@~ zrC&j<#M4Ta2n*$(9fTM17@~(UFHZo5-!}N;@#v9qY9dH-qH{k?aIrz576rlRI-T=8 z@%h=k^y5fZRWhpY&DzI(DBA{P5M!YT1j$FdcYXiqt=PNU$s9CrPO-J9Y-V*#{&M1f`oPb}Pas1EN%km#WXRRAKHJ><=4$IW9cx?p>mE&? zlgfP9b@qOaow;14q37c)h5rK3X=qU{ zrxi6)a+JEl;mju5_Nh;_yCsd$b-3R*q~z0#odNmr2r=(#=3Oz{vn>x2dHf6;NoXZC zQagT#`_QG4sRno%K9IzOD~;mpF)u=^A9HA)ym;_*p(81SHaAv3sP7TbN1zszpnj`f zaNnjz>9#Z~5;Zr;NDrUT*rrp(?N1IF#p;EUkD3dMHU3~F5qOVskITUv>Xda|F`#jjSu zH-&ZpW25;Fhq&s|%FKzTZU*QcJZA(dNaUiC71ivC-s620+16H*iJj4l18H|O$6TJ~Kv%7EUtVS{bU84^Myq0DNBpE98Sj z6|3tzKV7MlkA%GwvJ}4(cH|qPbHk_yRW!fGH!$P!P7y}F2^zjP*|iL_*l&bv>P`_( zJ^+1Ji?x4dU10xHSN$^pq9x|u64<3)i(WP-dRSdW$*IFY$4za>HKvOnu!?eNT8;BB zK>}Gc5!a7swFhFehr_{BGo-&O|4|BMTHZa!2wFv#nfbN-{ z;ItA|Eq|?~tRdC7L~)7^<2!{Uf5lgfU)Y-`?+s5+diXskOVRrM2-mr;f#zU&X*BOA& zieLH^#Tqn~9N~O=$1@|@A zXJkoqHi>9qddRuS15mHaj)eT8WHw1j`ef#i_I6@qm`&Q&tPY)n8lJ_J9saswe*xkj z=4VOHlK3BLf950oG=9WZ{+@Y^MXtM`qp|=?`+fU5FipN>adF~&H88BCql$M{Vdnr$ z&gZ;KzH6L7M?^tHmQK#iT((jBLw1J9Aj4T!gt!exSMN((H|Y3POskIeb<)HZT23bB z(nh&*I$0RTao3NRvT%u%qv}H%q_mBn0oa0txkA>?KeCX3JF=OT<=X~DBY)lEMYhZY zz@CmiSwao6-Y}0QV25!k(MhfxZF;_}X=Q}V)l)jHhF-kS5^2)Xxf!_7YQJa zQ1v@PvOQOgzuu4#vw;_JyTwba%9402NIY}QggGwM#^WQkAS6nu9Q~zR5qpEq8|49{ z{K-FvRnl9_tgx;vR*T7Rceoh8N>L=>T01Lrw&9;2s?7=Zt{u!q*yb6_8_-#J{cWCZ z;joFYw@IpEb#hi#d0h21HTBLUBg!JKnVhCZFx5U+RnlwX8G}y&wwGh0&b#Yi;{LVu z?}JMB^g-srl5$b}K5=5*O5go$>wnyFUVa)^=Mvo^Rw;G_{A+r;C=u9VRciYKd936% z5P=8vOkwkHnDJi7vrGy9mHQ-7LH;}7qpKM>8uub5`jj!xUTo zrl!88>)Oe@uo4kBWganlQ9}tFiMgdkxRoLzil`a)`;Aqnxg2d0kIi#`G5K*?9Whd# zdm+hMzq@o>fkwBnKI)a@sC&Zb3A_ZIPF1JbUh!F}Cet77Ctv0&t7P@NnIobr>Y_=q zTqi@Sl=Di+>!}rx)7kg^RVq1m%nDfd=g#bNF1JiBqv#0s-}FxMZYGO16US*p^-3Kp zX95FAkDty);)$foIP@n24FtdEZE`&ador_oE3vQ9^t9U1TrXs!AV3Q@o)*z=m z5s4BcKV>Z*9x&TcLC@TOkVuvWvz1SO=(P|)jLN33kNy}oAaMVZ}M$RA-uepM}mqfWnfCN|Psq`Hbr3DutdY_a2=7xd(2=f%~5G_t;8(t7-9>GH)Zma1o55pt!mCN^Tw^=+EC4OGCf)n+7Z~!qCDh2L@O1l= zN-X7`sGYfHNm~)s79Guqg8_A@6D&iu?DH!lUdlW`Jg<|R1m3Bfd-b|x!3!-M&4O=9 z2`}ICH{=y$5S?#FbxoXyjipQcz}n2w8g@qz{q}R~*gWWd`8!f#x+hBKgoAN1P8)w6 zS#4Ywm9HrBaI)mfPCGp&#ZGY4xvD6~Y@M5gPgC77DWbdvle)CG?5K z=T0Vtup&dvuQA8&L=WU2nvq5Ff2`*$;Di@=HUu+F5Aj#>q;gAe(JPCKxIYBw;B5>k}#> z4~vC6Wxho7#OS%U-~YL8M`^!+i2vgef<9n>@#*_RcWRm_owSmlUP@(@;|JL5nPHu8 z2Ry0=pH#}aD$zB}^0zj=@@rLBFFdJudStZmr!qucPMM-Mwe-tldB#mL?ECbR*RRV9 z5`PGR-IDt^zIK{TFJn#u=~G8nsnmA#NAx01_YK>qY$zN(tY1ssaIRJ^3zQKDS8BdW zS_?_rT>h{l?mJPgdB&uv&Wmv4#WFawHv=Kq})@=$@Z|S23K8 z@3{BLXcN~+u)38ee%$z9ZrOWRNBT6}7RO&PT~^~=9+gI>Hmu_s)OJ&;33ixuHaa8A zDWRT_7)V((91iHF0pd7FmE8{g{2$fuGva`$DZZQ6&K`~lp%@;o|MlBN zSFU^evrD14f>b9QmtH1TJP*3wSMkhovV7ytUU&~tBa`&q>aD6%Fo1?cU7?`r_=9FG z*}nip=-qCMO(U|nB?@gHUJ9_!|l~hyA6# z|4UDqri``%1W$29tDJC4$}*Y5zSs7ak`>Uq@Mt1@+w@W?(F)Pm>&Ty(*_maXRvmpG zqSw0qm;r>|&vNPz%O*=DRBO6>+b8keBiD64@}S(e8kR8UR@bNtQTDVQKq9|ktlqV^ zntOQ>z=usaJQ9=DYK{hOTf^#+Ezb^=W$LgLPa^)apH7pa%)-)32x@8FETk>v6ls|- zUR4tl9=Sey^SmU1_5&VM>1i~qT@u;I2;Xfxv>Nf!U4DPdlGRa(hGb?z9qn{J-?kIz zS@LMHyp5h|_=Z*Gyy*`BBtlxlGQ-_x^soDFo1Ci(%@a}0++5f4^NVsFbJDHVA2i=Z z;nM2Wg=>3nIR4Bsg{a?q{e)X**q2350rSi@8pZDM{^ZQ8tt6`O*36F|$U9Zck6pC_ zwwi*sKUB)O^^Sie7@v8=b)9LHoj;F^Cg3yT9XecWQ$z1Mnr@pU@;A*t@6irtF7|zH zNx0YEuKmIq;c&-2y*Cc$)H`GS35Ay^j7UAe`SifmP!tD+49KULI;(WheOj?hkz9fC zb*@szy`|YB9;}?G1kZ<7J+^mPU9_L98V8d)a zM0o#)*`ZSEJLr%X3GkISdapwB{rW{E%b$B{TeGZ`(xzSWGjY) z^hp$->fP+|E_c3Ln4!($0WnUE^RnXD`aewhoOQQMta}#P5SsD1gz@V&4`g(9Ger1fsAYvIY62Ip`fk2r&V#6D%el(xtVd%e&o| z`&7kkZwR@R>*AVc2m#D-{8#%_gk6-W^Z%!f^A2jNYqxlSfP@}E=@@$GEmY~f zN-vfOQbHA^BOos!kt$7kZ=p%=NHZv6Xab=luVO(E1QZcbir)#|`_0^$JIP;}+0QO> zW@n$Z*ZReQEZ_#9^QPGQxIL2N?{7&wW5)oX0TNjLXH1%2k$`ZPB>?*CmDM1IVS%my z>Fm6~{i;1uXQT%p6_EChP2Z5Z17t;Rv@+jiuPe_;Qvd<|0tGaP-$}wA>40Yl$a|-a z+oZA5orf}xZ!DafNY5J|b~l{c9?8!wF@`Jpw}Cu{WQREo=Qio{nxwhR$N#tH z8uqSDe3qW-TOVF81M$EU;Y2A+l__?&jN;Ax+7E-R+fD#vn$lT~NVuBG+rWD;-yL+y z>FT?CmUTq+MyX?Peo$LG^*BoAqLzYJ0_wB$3rV`r)+4<^!7?gu;zF%+1Xdy}3G^_N zS;78kNzp9lLy4~EM>V%b^wVM@rz_f*uU8uKBBFg#@4fZrk)Fd0T6Fr``ilg~zXBzm zcrpH~*To(kGkb-vuEM^$tp%CnsiqrV9QzLzAX{=$jen$88Qya2OKEIi`(GE}oa>GG}Ix6kQckI6?DNgz{K zS%=#?TP%e7zl(j5da&-amrX+Cixs3ioR;P_S4dIx(?BIL{r)7wDMdpSI>JJ= zkmyg>BY59%$#j(S zTs)f1K4Lb@Dm!G|QVQi+X#G||1h47N9UQGa!l*09n>gneA|ANR{s$Cc$+knz_Cf+X zrGIL<9@QXCe?)O{WFsF_Hu)ph=)I^ncA80D|6n9iPL+~bjb)zJjF`hF&jTXh%x_dM zb44GuB!jo2g-lrme~9j~CL}e~H-q<~9R?-XLT+^%&iNU8l5sQ6qw_s06QnSd`UK)MF7wv!Z0 zAjqS3!~qhz8Cx@kEb!aiz)t05MAno}MFkvwaM0!uSqQC}kQei}yATS^7It2$K)bW| zM;lu;sQ4&JZvM!oPH{FE`<)06=`FiOY>v%;n|oQ*i$^Gg!-}IUp3yX|{ze6;d>%7X z_ueQ=a>1c&?v>xTD4#C%t1tdvMWtJ|0DfSc0gP_Od24bKCw*TUv#+p<&B7E zMBLCVZPHL=uhm#4+_$pOj)y<&1$Qq5G>Y}f@CJMdOqCnqlJ>Il68`jw_uIraGRMIz zxb!LS(kt&8?+|In1sxu|FZ9D? z7>#gYIarJMUxsd(&Ky_p&u1Q$Ntxr5eDPzaH*1w3%i8>^iOILsfXy-HZ+?uM4OB$q z@s*ED=@7bsRlfe{twy{ZL&w2!OLb^yZiKvo>r+qOEC_v7dXL|Hc;eb`gI(r3`sqYe zH=R~Z*cYPyEZv}qNBt5!m#)_^V9wlNT~`ZIA!nDRRcM@p7;FiP8GA2lDF6WJ`3>Fx z-YCLgfFTxUNi}5CIZHbSA`@EjB{+_ujD_!kHZmT~t7n8JGgHR!NDVbYBdMsfl8pl{ z-5!HqD)8iEN$16OjWhN^_d`<`m zb&g8K*qC+Re6aLdbl1`^&yiw{#lEJVX&1kxlYlca6&MXRv&vr$ZGVX_9zacgz2Y=V zC`%#4eJ&G1l2v>Y#F@DRHJV!Qai4%abuL+(N0vu8o^gaS|I zG~6H1jx>~}bE@)A!s&8ux*EN#@A>}_SRnO0Mflb6Jrr$B0lFjx9#p2{=Q0Nso90f5 zTfG9jdtztQiVU`oxUxC{jr43;q|VwW)-nhDj9h3OBj`!Rp0BAqB?(JSXPlRY>58*> zVI<WFR1;pUNlSZ57y#SDiEe-Vx$ z!169_mzf-JQu8;r!`iA=<+iM$jQVAKN6n`MBrY-jBPy!8S>Pac#wQ#rDD zty(LuSXfzE&&1PcE?4L45IrMDlNqjQyXA_lkc(xk6BsTWNN@QXEmMykzX+DsA zLNo4oD6LE+=T=A4XlB3&b3-pbT215k&ot|)V9PeaZT#Ag@ws|8 z6Ip2fJZ2IwSAfS$9z0wbH;IS~0Ud@LqYh|`Jt$yfvyD3U^5UrYpFNU&Jmv$JeFp6t zo*6^8-@N>QV~-+3V{t?%9_CCsrx<_$^AC_;#8_eAOcFZbKdb!JuZ7I)*xy!tw>nYo zjIeaJQX_CLpe^bnp zaF9|T_yrr~o?aU2*Js^K2zLQkl%>{W6n77HqLS{@Msr08;@>cOrD;w#>ENEhO`1s- z7vp#0`EL$fRs9-!h|Ke9&So=N+1Fi_d8{3$bT(~*6WDhW?xQ~I3pq2*NfbRCLNPj= zMMqOo?Y=D_Pc=0IF)foZv*&YU*s@ykFn_YX(|%2D=q^PWnN8{ZdV@91^I()ewSK3{ z8!>f4NKH_NJW8En&0__|lmIJrASUcb7EH40|Et@msIeaY<$j`l0JUx#$JM5OLC3F-bEZ1@RnG1O{P6`<1}4pV*?g82z_gW7y3pYA}d zw$!7+WoCtK;(Hpaa+NwK51P_P%b6AeA!#G5IAdqyk|=V$lrE{0p^Y^IP?u5Rwx!Hf zY$LyF>mQJ}<;g?HkEEo}@8V1Z_+~IPAHqGcICB$f2Baj~i^$sJYzi;0i%B?juG=lY zOl%Ma+(&Kd#y3%XbT`_k{3(}&Bg}Fu7t&IV$V_sUhE_LZOCz{@RUUWFS4d7i=2u{5 zS$P>5G)YcVR(OD6jn<<9xluhZ=rEc@AF!y`y5WRm^_B~F(r*8+K0oA|U~usY8MTmE z=1eK;JM9Wx>`;sZ4E%3>EjkRNhEgdAH7%+5eRpdhKf^0|cy`+HfgvnMK`2AA@djqb z=*x(O!O1m>3!q8+A>&a&LB+k4WMp<^Gh1TM?bZ~9{;wXRUkeA8)IM(%u+Jl!+)^~?3t_9ZW~3!5Zay;D#PPFs^sQnqW<)qDa@E(X+tL z_t%X9#EWlF%h2%gc-8Beng1L-Z0v0l`F;IS$8kH8#L*{PKfzX-vu$(4f<@z|?_D@j z!1X)(;Y7T1&u`*(0H>OC`2KadxNj{_<~lDCkmQAHp?p;uD)7n@j>wsNY6}Vv@<#|| z{3uuN(H!T{D!p&i#fX1nN7|OwMm?EwXEdV=U2ld9^jl;3g~}^AAtIsP$fV{yM%DvQ znx80|f|g_%JAuu_(w5^a!HbpyJ@4tVlvD+K@I=hCvRQpZ<3GKw1W$<|ABsL3!_YFG z?@=8MN!Ne!d%Z`73!AfUvula)pFK84Q`nI#fkC3_h57lS8gn^yYn2&oJ|4v4_9|n0 z^jb6Z65^lyhS#5MqZ4rW5znGtIz^&vFD}_Jar2lpNe?^WQ$Md)qTRo6fJAlBP&&pM z-Kq{=SH-hjUaM@LrBf9ThikVX%HW9+oErmip*YdokK#BTbpqMaDa{%;v=nI(p7DzF zO2uT|4pp#rzBhE=Dnt~o;7)4i#^;SHqZ*L6&#aRL{SpyOZ>w$1(R9XC#>K(+O@J?V z(pZ+_qXrrK@W2pZ_+_I~n#f805W{t+VLKw)pLRd5>zr%=yfF^}(Rc7#c9W0XAJF;} zbNLzim)6A)r9drbpsC*e5@pdVvWNkjr=|T;=2&kx z`IsPE`iMbQ6ZU~>JuwLb6n9SYmsLyOk; zHC_!Ko{|;OFZ5!_c<~ZSTY-z9*iNOJm2uosJ&XLbo{gedIJL_*2F6*xhF%p-8demtAOwE|Gc71xeBs6Up~$L7B=2 zSfT8;nmlTLS+rMJU2uH*ZsBSA>Eiz7-ZR~wPK4-9GaEO~`@jo?j{8Z8zpk(AT1GNI zA>459yBU=k<*|k6kEkjI^7rovyNg}OO+W!XlB20Z^Q~mUznEko4xo7b53s%^oT#t1 zhL_8fK}H*l-iyclWt5u+49DPNxmesH&)kkqmVb-R>$1-gUwfK*8<{=bk$C(a&uKwt z>&qri+f+F7{>j7n$01HJ>a&jbQ~p8x*8Wl)`rV?GNsi0ROfiF4nDm78KhNO zZ@=Gz^A2g1=eTe7H`{iUcT=7|owGYj{TA_*Ebyt%5abmVhl`@=sTX~nOYRM+x9_x_ ztQD39YkyA*Mh_X*+2|KLRb3wj_V}<)^%d5uc!IjYR#13zlMbqAyqmW8LUpxJ90{I5 zx~T)80o>?h6EPnD&Qe6>#nxz9ymXyI4-lc6*d@FigYU6 zS^5KVNqBulvr|K~D`kgqz&~9}WDu~Q>XEe+Y`c@I8OJD6n2Ix$MUgu(SznM9^|5VH zr!lxP2{$lG|HXP(;!}9?Q31Wvhx% z&zQ!#Bh%yQyJy$p!!%>@L9;y(q79Syh)`%ww%RYG9jxhA#iRW1I`nGXxFL0_xILi$Tcn`7iPGU zRJ1JtXmX^07m(BzNLOySU;PqW zmWaf%;I@aWP^1e0?1YbykA4d`(U-j`f=IxYJ~cG(0hWa{i&U*+YffNRgg2|@+(8X> qBs#%=i^M`-xM0!&K#as!2CWja6=2PFv^)V?2b)K_NYdh;<^KSC#66S% literal 0 HcmV?d00001 diff --git a/docs/versioned_docs/version-2.17/_media/example-online-boutique.jpg b/docs/versioned_docs/version-2.17/_media/example-online-boutique.jpg new file mode 100644 index 0000000000000000000000000000000000000000..026f0d86593411ba20b8c39e15f6158ef6ce381e GIT binary patch literal 263458 zcmc$`2|Sct`v81q#xMpM4B28vWJwDV3XKtsEn{CR*$N?~&^Cl3dnh|)U$aD|MI~!d z_9V#?QHtzYzB4V)^SsaV{h#;${@>^KeMh(Z+-JGZxz4p;*R8dlwE=+B*3{Aj2m}I9 z;15`PCn%@k5IcxuDu580K>@0#E8Z)F)=YS zW3a4vHdYoERz6NHcKil@VWAEDf`SCmt>Od`>5YPd5(<*i+hyeBOqKPeQF0fk00Fu>7gVLxEtKywmh)EK!84l{{(;AQ=zGcX&;rH{A` zUw#qYVe1*djOAI+%f~OaNnAowN=|;Kf}+wc^}QOJ`zTu4M#d(lX66=_cJ>aAM~*r< zd!6t;dCJGv??PZu@Wo3Zp)prto*bP~`iObs4#O|pww^DsJfd>%#HQ$=eTVFS z2Ux)W39{b+`yH-cz=}dZ}HaB*9DwN<;3tx03o5bJTZM-2_Fi;c6z_YOQL-#vds8lQrh zo+F$0_i3Gy&uZKEUbDKYZa;ffhy6L*n_C`;ICX3Dn!gpfro7UU7sfjjZ5F&oMoX>! z+m;WlYIeusGZL-h5*@#_)@<-RzN0VgtH1fp1#xoli`UX+aSgqeRPCV1CaU5mq4ga@ z;^Lyy)rZubwY62Jwq^{u?$PUb8u-OJf%lUcwOYq^V^xW@Hv2N-KI4gs`<~rq6~TkA zqT>zXSfus{-7(xZ(P3Mj^QAcM#HvGQNBi^p_Fp%=z|{~K4wD248+NBzc2rhG^uDqE zcBU+DY|`#cD(y@9iJ_c{=Nri8BfbV4Xg=jltS*FLHVZn$F z#E!DM>QwTLj=>wDgOW+dJWCZ@utQ;}zSEH{7ezFBKd@}Op}KE6lbZW9UXeS(Q{8X& z(?0<&S#v zWra%g$!Wxs53K8As|er@VIs_;GK#QSE;&6G`l4M^*L5UqKi`gddablYU-`<6;5w=P znbqml6No1Z(&wM5KAi0=$f&>NyCuAHfl^7-Ns+AZy*M9Dt zZAM_pg|O9R;f5u%`3^ zcf3|wGTi4;w2SBL{y|Q`Iv$HxI@{|=^L!gTy1PnO8_&0dtKNMWmzv_Q$&}?Acx53# z2`P{?t>bDac1ET}ak>7zlv2s9f)kpFOH&G*!0DQh%;(Q~4xFd;Q1xQ>EXK`+Vr~3P z4oLRui8Q{syjzXW(Jn^Ips~PvxJkL}=%@YTgEoE!kPZXG`C(cbN#ZgRRm5j>A9}c8?3yNCfi)R&`j@>g{H4-biDk5om zSo+9G5>wc>bJ=;tA%iAcHEuRnD>d&uUY{p8mFBK?Fj#MsONyg6PbkN?w8g}Gf(NJ1 zpI=7#^B)Pla1polU5gj{L8YbT8)?oZ9`8Qm-ryW7SUs(XLww?SipptT2QMe;wp$b# zPu>u&Ud5zh+4qUhM>&B+Pwk>NO->n4J=REJpPq!Nn zySgzm^;V9huRGD0UzaqRIA!Nl%y`)UKsP4`2IaJx=_`Llcdfl=O;^RMdV+YCs&MsMFdd%Ra?%vF{2v9h*dov@-|W-1x=XjV|L!{|W< zXP;u~!tQ-6xzi}LpqsE%CG#*&!A_~(+yuNR`uXWOdA$QmdvvKsDI8F;b=@Jnl;TeGOkdAx27+|%#8_HGRX39G$otjX%# zo#>pr^{f+%nN04-Ey7#&-M!)sbf((|gyPnXo1EbX@u9oEPG|u0TWjFJf=O?d(`xmX zf{JU8^ZRrkRTArVCEha5UIW%0;KlU$R?X!PkA_#jo%0ryt(QAI7O}mP?gFOW~8TnR6Q7mdx3Ujkvc?<@6>*u`NE$>7{rd+*U@BI4hw)xjzOE!Pm zcIjA=Dskb-{=3zoM3oOds7lm!M^?m#)a27K5$!RNl}|YpJ#QqUU=gK>nNSp}~itiMcuY2aXSvJXf1D+U3%pHiJ#|`?lj*zj7sGFO>)-j z*1+36DO=}PrrX2o`)y|W7&sXo{qIOPBzts-5x}3mpTw<&F+~oPzuG3 zo40W3`;NquLci{O;X4jmc_;n+%)E1*x|ZU?x~@t-;4^b!9V|U@2<>Dk7;JU)O_s86 z%uXxe_AeQT3#T$B%=))SOpdF0bx`4w-hiGjhG|voYwB4t zrvz$P^HlUJD3&>OgtSyEO5~meD8y^-Z!(YCgLOAZo=r!rfv$A6HNbH2ZI4g0o~!&^ ztLOwrLxWT;D*8jjdF;|4;%nHFS+g*Ut43?>0WouAX*p%z%XNFK%{n=R`y;b}&YqhpI(FFGXyX&tFM#UMTKG zaQ?2!B*ucHhpz?;W?slwu$8j*es2}78g_5yn_Kv7@gcpgty_xgt`tn2V4BQX<*Q%l z);sE1GMm4Dp!2evfd*3XJkuIzc<^xcWx?s|UF;Xu0G%YpJFAH`PrdEV_lu7|J9-|g z8ff3nVte~7&+@)@W$`?*pw3$z<#M)%-uQ=SMk$FGYk1lXg%=2&uwYub$G*DhPI#o% z7OlkTnT5_9AD>mO*X|E(dizcfii#=^&#*2b-g_xb`&etwDIS{8O!tczr}~tzRWFnd zTJ$_Z2cB$`c^v0|nf=>X^pbIW|Bi*Qu#%Oyv&U1za|9Iz^CfOZx`*E!tSC=b$bIgs z5WMUeQVGZiNN3%SGRFz^{9#@IVpT7Tx)eUuOu_(Y9DZ8MZ9-$?&J>(LHRE z6Lk4A#2mL{`DC#-uWH*1bC#59i=Yy&rg?OXI{UsdL)`wSV(hnYsJoj_2l+#PzeAmNw+v zH4cB8Cw5gjsg637efn!Xw^&7)o?DC#bI>*W8-md!p*;hwf&3-G$~rCu`gyPKKB+!o zu($rWl&0+2FXyqd3$_koNf&yIXQ(K9y)m<{Jl;&B@W2(R&L_GzW&G83>R$MH=a=>! z8rd69I`ei1(*~svt!@&ClZ`8N%XwJ(@BHTlEng;YU)r}xziHiZS&t>#>~z+IEy|;s zr_VmSC}DB#!>mx;4R`h{LhSv@iSeO8;(90;Jj1^uJ!j>Fb8i%P`!MChpob2 zd1SYpqe)*4C!ox6ODG|FG$nxUyRs;lzJGZysu#5F0Cqlr&Y>((OdreKaNhO4$lqVX_VV= zzD087a_+Do`-~at>r*dLm(wZ79;n0vF5UKzuGhy556K={xyIg>`!LK~NsNYo%o5!qDK5w=;?N}%ciS9bc;)7uJh<%F3br4NsmC&;0o$i-a_{j5rF`!SpC zb^Q-l+?xttY5=@}2H=jr>pET6yi%}98_iZOrZ21@Ub11~{Vj=fjH_)7i+6-Y;t{^) zn~#(`It)l?ya5UKMnm)kKEjC0&FHotl3Dl?@3Qm5o??&4s)uCN&uie&@;9%f4l0Ak zMonJ1py}GMIiWZ)JQbnw<6;sR$Ud~N&qRND*7W+NAIbWjCZf!@u1i>rp54jlewDIt5()GvOe|2 zE|Do-p0m4r#hRbLs9L#LEZN#yWVN~^JfwYB^ZtwGBa!p3mp7+#?kQ5Ftlrwo>vDZO zeE$8#FDIc^jXSaV;o#k{a}1p+`wZgoKGIS8xw4LmUNxGNWD~=St?eWa){PX0zHBN{X=^|w##&vc!POl*x{vh>!Fi+&`~yg5*VPx>?!8SL(C zU3JT5Pguo?jV{du6>NR?*GI*tYtM7feBy8Bne%GQrLe~_+_v`HVH3kt#n3i-Y0={K zq4D@cdm-OLe(h)?Aa?&@4KJSrMtp6qa7otjYH1N)ARU1zM$c(d7lN(gCS zx*n-TXHpdBl z+$gKPveSFiTJ|L5i{8K8=DuWh_0Y2WmtoG>s))IFYW3Hma5-Netw_1<8C(Mw-7m5E z+>}}6d!&0#JhF?Xve|bo!#e)aQ?HY%GA~Pd#2(ym-JJGL%OrBl#jR~*tFTORq@|6u zEw`2m+Du`cJ{HX9Ij#X?XCMitb}V5J$*(+=8abmsw8H*4MtXf&qgXTRB?7fI>_~DH z)8Oe)_uvO2M^(ksKF*ctu+=e&+}6un!H9Cz7Xj~cUQ5^*@gqzp6>}q`D1Q7lIvRLG zRLB?i<;xS$4(6}yzq!0&4T$`(tLuuB-M`hYSVRaf7|bZG0S@j&(OcfE5iGk>)i!KD zzpH@fvNF$09jC2hwFj-twV9&ENJG2>Q;&wd!i=lz-;9Ud`1V+4;r#5x!STudI(gYj z*^`=~vMp!v>$GZCHb2YxY!X{76r_JL)~>Iq^#0KsCuw@p9LYMagq4-jnKf|q)aQD# zCfedM)%5_=ob}~7#|dAW+MHV7w^XKwB6EloQg9Y6l52Rj+?e{IJ2(&uw)9Z4l(II5N zeeArWc$IGHz;P9{$CnTDJO`y7q)wXpX7#RGruF3>i^*kI*(d(Mk9F|w8=_6ssZg6C zLyrVYTbAaC@qK9D0aiO@nx4H+HWyF%;gh$YNQQ*K{R@67l-YxBN!~UkeNswYs%)hT zMAoHBr6z1k$sxa~={=9Vd#gfN&PeI~9s8HI-7BZwnK`HYaQ!e+sX0ehG7ih%jHBEz+?k%Q&n0}Y(qw(!FtK@Kt)*7i z38#-HFIkf)N5UxS!K|`50g6R_n86CdVt2i&aQBQ4F{GVxbTn2<+$poq-JQQ4?{dpT6CiUOkx2rMhjsUspD&O% zuEcldJ?u;@G!uzx6-?5vco;nS&7{i0O-R%Gq?q=e(haI zo&36BmhKbzxZ8};N!pw{HvZ`A(pl~cISc9r7B{J-avQ^2Lp(8N%^AP6B255n6LXu?ruIy_I;* znjpzVcQ+F}nKGgx`0hU#TLUhjJ1y8W=v#_U!oiatx21R$ovAFG>-F6uH#8D+c(s1s zY^6A-Qqj5cgbUA29kD9&cVUx}&5PO!^RW@?_Nji;XPpP+-W_04ig;pM6ki&GyNNr< zes#+W`^ej?Ltw7X!+dp{LZzQQ^5}4NxSQSdXt?I==t9kqAp5m*>Uk3*p-R_}W@-5J z9gYiD6ACollz!#IoLAkq$rD{<#3Luy)?@Q0)b@ER^CSo-VrS zN}p5DuvyL3XZ6oIGBoylZQ;6omRWISv;O`srb&mlr|Qk`h+K4%X&v5$?Y?lRJmsZ{ zJtJkgqiI(EklV6pm~6cVgV(+$N=C;wjzmr!d$vkriPB;`P{|X~jB%(L5WHeGS2DkE zL>ne?Z1V@P5`_~7Z2KpNUyIznrYYL9Z#Ttg4U{7&>rU5OdLG)By_jTSx+EN1eE!m@ z;tUMsaRlJjlTTvF*vy;IwO%l`Pi^DIi1aT$<1#I52g>gTtRm#3P72zT4JpwB#2`E~ z$7-`&u=+e{sK4;zp~=Xml>GxcHTnYA-Lg_tl$Wpl;EK}OD0O{EED3mpUFk6)7QWh{ zeeVj#lhp0^jzD|qTr4elFv;KKnD>Ov7%J0{aZ$@KC1EbYPx$MY)21nO?DmQv=30kK z12(jE>={a*KaI;Gj@_~d($3a5qV~Lbbl$CsXT0C)2>PniK$MSiM4U4XD{-BsxCfJb zREMsh@+T&^SC(Eq3!vCt_R1U6Qa%?@wTy-u>+$(+v*OfS&(cRNJ@)rrMjIFfI=GB^ zbamkhqpd4!T1r2fZH!|W_WzK&V}|?OU8&8O`glo^k*!WUTYRtv2hiMmui@Jdu;CFS zC+CiTu>91=%xj*R^!#-M#@+dI1arffFL#lK!~Uxq-M%H66nx@rw+%{z@y?Q$8qT)d zXQ~C)9==4n&91>#s?UE z;hpO+iYiJfQ%kc&SPA6)s@@Gddm}r9J*NMZ?q4T&v2&NnsmXJ0IW5 z4iif~edkZXY_F6Whc=Y9c9p#RZpPA0S^6cs_6n>GB5!J`s~@5o>T7E0YQUTz%;%*a zvvc)g*bacJ+X+v@ePjYmPZ5~j!?fOdzz!q;<6%3m<7!l@?yn@-U+;5W-&2U7eGC0v zf9?O<7B+haFFTlABfwE4yW^fGVBH4Rcb+v+4PhwWj#5Z0wV;Ra#7hu&`c zqyCXzKk~hfgjIm|G&WR+u;F2yaO4kl+dtIpj(WPnF>-K>sJ*Kjd_U6sN8O%YKSQs( z9`lBK`(EftLRJSi6C-#Rg_j`M2eg15paKH01>V3390Mo77I=4qEndJ7_LKjI`TXDK zQ{gOIILisx!5MpjJ8%Vuzt0DB9KbQK{C>7xjyq((Hz8Qb0HFKV*1n1Xz;p$Gm8i9~ zZy9TAE7xH@w-10Cx8LWxrvsok3)`c9Zxc-efISd^%G%%CY_9@PbrAsGSH}-~9{#=# z3jRhq!W{E-4ghQx0C2qk0BiN*++ZKQAKd5$z!;vD?sEVV5&_tB1ist)e}J2wsQ&HT z{&vjI^ZTAdMj?^(f3PsXe`pLn8;iy=F)?CTv8=2tSQZwxb(}c1bsXzhSa3Wz4lX=5 zH#aN$dR`tpFDITG|2>C{f^!(q%xE+-o{fbK{~wpN$1sPCHf4H@LcsLtuN?9QIuFsa z$n>N5QGUy{!c?pPJ-3X6dCT7m0*OX3Ffy(E%xB_II7rJ+CRFi$RWbcbRag3HzmNUL zYm55-KP|+Tdf;4DPy4a26VrlcA2fIOO|($|Yv_&&YLR|_Nq^FpUk`r<^F->~q_H<| zWnSI=ma+zf-7k-f%}$=xzcI0L@#w^4&97-OP7(u%%Oc{vGkKDIMUcXR3ME_1C@2;t_ zBiBBsEW8!IecyA@`LcDFE89msb`0?U?74Y>7Je&WpFxCnT{9(#K%W=S#F|F0Z z_O4EdcA5mcn3~R8e7VtiFMhuBUg``0LrS|2>X&~>JjH&v^DNWZi$~XSC0V@RExf*> z`9j}`x4O@x7HCTnixNv<(Rv;guDEgh#>>{{MiX4a8(-^XbVn9Osw*$U-Rnk@l$V8Q zzKdf_q}_`zFn);cN8PR8+y1bj|5X)H%D4bdT*x-NMFPHBKAr1`xpDwFpBdh zB!|)f9WF$dzM#sBDZAeNbgcZDraT1iu7RCBK9euI-h5exb!zwN!(8=q4^=;(-DdFq zv@qYNyXP~AjM)$K;jh{(?ZTH0x*Hzb# zy=m8d*LBzUxmEXiCGS?f(fh(%wdLYVKcR=sI}Zx<%J12S8bpoV7``!v$`_LLQ+gz9 zA{24XIn6wUbxOT`-MzE+etZxzp>yp2ECzjNeP4d|s0KoQ-YBk(0g|s<1m|rK{?KxP zj0wO%WE{Je@{6Top9Uao!jdaT9!Hu^TfH@%J`EMB@7vQ2pUU5TTygDIpIkg|)%oo$ z-|I6Io$?PxTX(PO-14qUY0ev?EqoM`I(z&C%GqNd!>K17`Vsnt`-45+*G$xBq=ues zf5EQ8lp*A2@An((m>9iiVBKAxJ2M7f z?|i%nO(X#RBxq6l-;E?~W6wE0xVX#e*>3(*g72+Id79hgS8LLbkNR(znG`>uWLGS( zqafwlyH*`VuPeJ2OLsN4q>QyIT{-D(7q=VHwx9Y*oYhMl>p7~kv));8C}ekO8(U*f z3+2~7{(CA)%?%j|36;n%=GD&Z^QHH@jb?usn?Mi6avsLMbk0?GVrn*LJbf}L^T{T3LlkE zZe!R2H~^Zk^-fdMe+73#r>etJYmm_8;rY~%5rtSh4H<=uLhz)60APs60R#nl9?;h1 zg*||ZL8u`}1kioZlKNk*D!hd*I5ehDx9*)j-E53RMx_Icg)w9dBr*n60JtzSAQ=L{ zAc=)85DiaDM_KqP=o})E8o30zd5fT6 z$ux{1GAdKPJ1+LWT9T=muD4&_%l`WEOe$pI%%5+A0OQgj$Ox<&b}zsO5hNJU0G=<9 zzxofYmq&4U3HoU04|+= zr~rpU(lAs5B$X4-5M;O)WTF9<6a<3Mc?dOJ-!@5!|LSzvYP z0ci%8DM?2vm4%a5n~u}S2*XMu@d)E6{AIF6K8YF2-!@$axAU<&Pa(D+ zVpW0xaNA-_A$oC;WYK7U2@+tS5hMr_=v*uYOQ`@za$do<&Hn_rb{+H8LIwBGq7n?2 zID7yyY752?qLz}043Gf0kAB7TwjJ{j$IK8u9$FBQ1lb1{efyx{KftlHKcCrmu@OF^ z5CGHw3ClvwB4PoWsKc4gpujop`Iq5;p8mJb-w*jOBW4as-kWh3zefWU6H!Y*;mN~L z5hO_f_?sJtNPijrpEP`z4}Y29w+*6s8y(HGbYO^UpaBGlvyeA7Q+{N4>Fb>Fz$Zh;X9Xh4=2y&X?-gC4G&e*K{6*4VU)o9op*JlP6KV{`Z5w*cd3QLU~O)Ahy2?w-AP;Pu37q2h_l zs&-jDUrV%dhjv>Fl@Fil*PE!=E7+}5-ZPuhaw?;D!fO9j*Y^3P__rB#Cl^lMyLQs` zh*xU&+}*nFtTEM7uEVNN)Sk@y)%=D*!eufBn;ry!VV#_82nhhqvVVq$R9qU|mv3~9 z9dGix8rSc!;laIPIySna-mY&vd+tKH^S66xW@*(&=d9gbE#dpK?TELG z#R@rY-pdN7iaxAbof_@GY*acrIO?~daO&P?^;<17yH#~2W>kxY=kKwfFL-)#L2gHV zsY~@4*f*T|Q0;?|i%0wXhIM~LCIa9XB#%OwDQQc+nQI6Tb|$_`5LSA5sj8}44;C7} z$pOSIx$p(BVExfCx;HYXiQcO!ubRJ`USYy|k?8k-SAGZ(rE_U^FVFP9b$VXkJ+ym<2E$MU+x zBL!_oJrCa<9G(^4T>a{+2c&UFJ5j6nR4(vbPvGZb` zc(3N2kecLox&Q7|;Q7&wlJxK6KKZ4>xJUO09jd93wo{2Oew+TwP!hGok#P7RbUHxN z%sFYL5-d>CYX2C<=s(3V&&%|<{>{FYoMeHa7}a>ytuiXtmI$bKMw97h5>G3Ab!tt? zoGl;OQJo_Fjdvt6QV)eH7IqQlPxD5-=jw=PJ9FlgU1pk<5UWqZ_`dFoPnkS+NzRr2 zX6yg9pTAVT+mN*H&G(<^y=^&|bhrC=Cj|u!uCFhZQ@z_s; z#!~ft;pIcONwElL8i|~MK~Q2Ph$Y*^e#$(4rrINYHp1968(|q?y9@7kylla|R2cwt zIsvM}s+|f)9*e(mJhET)_-=##Rx763i`_@+a^8rkTB+D9&Me*hND}mbyKUGNJ(v?G zY@PD#Pn-CEdHfsID14Du? zK4t1+ve+d#^KO92MkRTH@(uS!c#E)gnnKF*+|MQcUv~Vf>Bl+God01p;DcnKt%kf7 ziv$Qjz(JE6NMcDODwTx5T9PV2CYG6m4k58Q{U(!Yrciw}Wr=yCk~HNcySFU^M^iCg zqov@?+*u4zR-P+2uK9wxAyj;tpd2=3SCx`HJ9O;KfEznycl4`PF6EjTRDYG)yO?umsq?UjBEG!|*}GXk7|hD#43pcw!lAxI1o5@>WD z%%sxIyuy2_a{uO~f8YJnJ6eX`(Y@4ZXud$W2!IwOiohZ;hEX)A3ZZQa!-ND9)sjRP zL0KUr7oEoM>frBR{WraTJYL9X@Nn_8K)4bCdPr&%5*Geopnd|uBc2K7~0=L^6xtT1yV8|I=OH`0*QPr7TS#fW5h*(Fe9U~ zWYF|=B_JEA#gU`%omXT35&xb}!O*`a(;!Mg6rF?#P|DCP)*uED1n@wefY62>wNXO761nGc^HN?Y{mplqx(9S=E z7EmZ%n0AGW&@TdG9tqwU8v4Ue69UFHpo+Z* zqYRLqE{RIw02zscl7UFEC)1!CY>osHXc%XS!eiNDsm=5?J zgc5*3C;=FRLL$)&(SV3RuwE5yDuWgl37ChN5GeT+%b*|@hY(j?U0b?}qQYc6Kw19g z#4{)cwM&w;EAS!O>Bi}JLy2@e0A#^cF)HclJ3 zq^jmp6N9NT1IRcWz&3;hCh*VonlGB8L~i8Ldw#K$zn_#uRO3so zalW%9oATfxwYcK|kc$vIDyfZ4kjkfKLV*If2^cb!GgFB4(#0~P`8MdH(oI|(=t>GrN~9*Bkd(;-Lxv1!1dqd3lQ_do+X)0n$hhoO> z%a0?aXP}`t(56E37o-yuN+Atc`@GGG`{q(Mu5qJDy0RB}t4Lx}gT95*f%S5(1-U9oO;qB(>yWU*U3#WWRR$B z)8Bb0+$c%)Yf*z385ewH2R!WBcU`e~-0OY%?^-Lo4mZ5Yx3{O75J1@@1OmfsD8nd! zFMRmt{(p)L82`RZ4`eapXn`U(I4o!5MTYF57=`gfe4r#0Yf+NMWRXIXMoE|5k~zpW zA}fukK|sWj6Mqjpy{dbuVQ5JXi3yQ(D-3jy3 z@V$Z1%E%@_{XnFUgSZJSA{{{-vUxEbmG;hE93f69&H$Qa08xkJ()`Q9Vr)B*_?kn5 zg{Q_c&QMaioHEtCJ3{G{l_IO>z@$o7m8J&T5bsY3R0t*kL|tp^n;00vDNJKGzTU&dV5y_35P@$5MKr9m(LcvFqq6~SW zL<_jJbPKaJ?>j;Ipkk=x`1Ek^Uj_xrNx+0h%z%=$1-mz!Vf)VMQAdwBgRQR=cign7 zwls{*1OhPh&9p(9hGvj!y)s>2+fDt(B6#0b0vT9V$QQ@O^258i_!}Xa_Lya_eWg* z`l8C{b!Y^lI5})h>I_&7b&6s;)Iu;A62vXC2iQ4k6GSy&M6WK7(8V)qMirAmvGbKt|C#Y_KSiRj<#j=EnwpIx1(rn|afF8Hgd2GNN>y!R@kZ z0XQ5D9|&bN1NKq{E|Wn!9TQ+68;@<0-I5qQSdq>`-YbbkU_nvsz2sluY;?XJAn2Ot zIsLRS!vSF*L=Dl-3?zn>UM+gnQ#g{pQH$k_l8Y^Xu$FJoUty>w>#PCYpw z)tiOazU%bW_iJ9Pv(?N6;q;SO#WO9u{gv)3Yna-9@}G!-FPBa8q2Gn|_79+74t;HuBeeF!ki^cdL@g zPp~hr!Ejn3IB|oKTqUY4UMAy;DlP)~_T(b9dr*C`#om5OAckc6IQlG?hd(#*FXDxN zmw)d=&kge3Pss-LC~Dgd$yQ<84YghQ2-XO=4C^|1C*459S1~Uxa9^wRTz=Tq`p{+3 zw=iepQy;N@x4ZpU8x^|j5mI~eI5R?6)&7E1h)_CGF=TXLJnt)JzODCbZOOP=Jf0Rz z$V3~kaM%D*79)OKE}9@+Ml01*->qPhO#x)+iLy|;f3t_#GF|Z&rs|v<#CE5cH?&wv z1O-d-7|ZN0^L_blasQ*_zT|9$w=(yy%Sbz0MaP)*XG7$cU*$#OUhevohI{o?w_H#D zscZqS<<1W=S5ODEw4D-Z7w_i0(7iJu--NOE+)h_>1<_>tiZUxF!$%%rQ@-N*@v~k} z1m}DDxs>I0FCQ%J9U7TV2#5+6&9x;<>r&iqoczIJnbl8UD%H)X{O4j@r!I zHMsVJLapJ&Drj%9_VSHN9*jHfZ4UGCnQposQ!F7ezG+}dTP5aBegm#y*am*pI%Fmi zTj~tu7e&i)D_22dho5qi?x?^vuC3M!-_|u>xK>VWzy-?Ws&nFMgU8;~{Mg=41^6RI z=!;>N=4Q1M5G_5m6K4wt@@=Kt@D_)$Xgh2Mfj~eL5EQ9*5)Br)_AUa6FZWtTL66&( z%35&1SNZ6V7Ye95ZBZ8urJ3#9Ke2_9c{wE1*3Ml^nZM5}{?v?2wUB3jM}9 zvqJ=#97Y#R&co)nbp4G)Vl$=7*CRTI2bS(E&hdF1n`+*6xc9`jL!0=6H5kO~aB(5f zm^tA#@MCj7jTwCyGub14565X?D5lO^`>g9Gn=A^4C4<{>vINeWQdtXoDGUaHP;zai zC5E!4T&~fZ?UPfcC&*}Rjc(ltnWePoRcMU#^Qb*xPfMC8iTT==h zk2Gh-lDR1a25b;u6ydhp_3YUjzOFgWoJ)l zWHCZFG}IdI$Q3b{>o(yCCtpiQO*v$poS}yG#C_*p-B5dKY(tiWA;Zn!o~ekEJ$i$~ z!#nEVRG)P_B$;Q7gX%N{W9v5bSGK)4JYUMf%wem}#iuzcp_WaCAGq+sECYf{6^llL zKrA^1jmzWa$q>q_fEqbTMS;M0ivZt|`;)4UtwN>A9TI4{ zktGyMze8^;!UR)cd}v#byC=$K~*A&DRQtgYnxL zJ)EPD>oyp@Z6Et~YA~8LeEB;%+eKotw2edp@(@~VJ6yMgc>6BpFo|z}Fm!X=^VLwS zy_z|cPBMS7>gX~UM#wLbZ7;JPtF0GE)q5H(BSX9dO>vH65;P4QLpqXUFN3HdMylu% zj?$^py=y1L{olG(PjH zycGzn+@ik2^tqkst&JO%P_93AGG>2lEDQd8SIUp4ML<3$BNlGZsMGjZg~`vjUi!6iO8NfDguMmAV>pRfT(3m zpmwDOH)m6{T3+n4=L#+`NKBd^i%tATnE6x&XF1G4r*_eYzy?&|Wwsu)};WuJJhh(>T@cs;Yzz z2FZue9kB7ZtP4%sJku;R$h3?KW)$a+I4Ius@r&oQ^6k?XT}qlqWF;6yt&O0^_~HkI z{~~1XM@w;9*oV3BdCDJSsHw$eA`Y`=1!@@6Xfz2L%@!MT8ObGyk;IqfAw>(Mo?AYb z5C3#`uNnnGq5M(mXq~J;1BT#Dj0v@`-Y+VOebnl6cw6_SkH0P>)<`723P; zG7Jca(?W0L;@W@vnC#TLl0EB#tuJm88tNSwDNDdZb-8IyA^it%KjkTurDNxG{KAgf zN^RO4=FHba^hW>|26CZTtSFj@CEW~sYQk9vWW;ncwaGymoH2%$tRFkdsc)q!+ME03Ah@fwWjVWB z@YWUGY&oj7d0UZ5O^7yzRZn~Nj%sODRG~jJD(aUva)A(=-hfAjLT@(2|IyIZi{87} zNlyxk zP2+tcKw|2@Y;2sabx1o{ z@Zp;zB(=%@WK66QrUAMl)9Dy>(t?iiF5Twil&-4%lsi#vL*OU zDZbNV2X#&(LO3mCZs$LD<{*ZI0E7(zgC>}hF;RGb2VA^1ik}dx08k7J{FqiSh9!K6|(4Feoc)FkLRbh)3XpL#9@JeEOB# zOke5h-r&yOiGgW??W}4EpS5OEs+Tf}A^Z2itegMSt)whT7(R>Trlbc!JfL*neQAE` zcOd-Y`c2l!=i2)x=2)km;o=_96~*`RBcOC~xatAC%C2kM)|JNdS>zcq?zANXQv@US|4_SGuxY?6VXVDWgJnQKKxq2j3`7Vk+m6usZ9HRhK3jJ`Y&yN|bV<*h?G3RC zFB?cdR{mGaU@malc@(;sHi>YS>XHc9s{)cZ9%NL2XgVT1#vkS;p)-umM6eLm4dn|P z`d=6D?_@@HN^94_Pey-zfVMOErG|tg6#yDE#(6TSlALWA3iYBmAJoZ#Wl^H)k}S)}WNNPtE|ixH#(sALWeS$Vy^eM!wH$3$6-Z*C{*{VomMj`76e zGrmVG0D{6vOAiDz!9oB~S{^X)PgXt9Dx5Y|9b>v_Q%16#IW8Z5!OI$^XY@gFzA)*g zc5QG*!ywG2ux6M_8Rj?h(5~Y_CJ5vX3A431cC)#~Z~1;z>64zXH1)VYYb5vwR_m|y z*VbjoXgN4o#_Q_F$dn_IIEhVS1ga>;mWN<~g}MhuC78LnHOexHJelT>i3Pcd^+dOj z0HSe|7^}@6gc?_@ruZ8lT=l|oY zUv>EB0_5q_9d-sXfn~R(o3eL0h}xNF5*Ve(wRKih4H;wUI0TOVF(rWMG%Ja$vTOpn zjypQvc~iziD@zJUFAXyMJ?H>-vQ$Y(Flz%eG79Fbu>b}FJ!K#Yko-DedpOrSmq?8R zo^_65xi*fFdyRuYFrj94v1mXaWPAg0z>= zV8-$eRu*>3>$dw;UvamIjzie-{~?LPD9(F3ATVDW3y?t}6l1t~Kw^6YtucTI$-YUe zT_jH}hR(*_?%OQ(h%q6XO&!?VJ0tP!dd_oJkzK5_x>}B#A3nW9A78(o50AixOeh%bGaMMlON)IT5? zIm@}qQI{hsL+gQvt(|Wb0uRn|x*}=atieV#U72aJOy*8tCtBbOST56T7@&f}>(X-1 zpQ4~dpex$bRub|KyO9~20@;`8j~3`oJF-YxOErUNfQRKGL(LOHFz8f4A7UVAn2IT;NR2YnD~Kl0Bne84>JO<(P$o^# z0})`MDuvR6uz0mf>DQ&q8Cf}4r)ssPgmx+ouo>8~3J6=6HUKr}RYK>Fk-WUp0LBN7 zEk)4fHDKAN1>S(3ryfM8sO`aU=kgv1WJ6(k`2kpE3Q+k3hA*#wq<@(S>988YYGWR{ zG!x;3C`cB`UdL5PN@QgskY(ePWNkzNrh(uz9CbaVCSr|HRk>+Z8CR!tJ5%CDR!ySc za_z4t|CgVCP6>u{5HmAPjX}BBjP3gD%(O|b$fnTg*Q68KL(rvzLDD#=1i(_Mk;0`^ zs1+=yrK1SQ%5|bBG%AgLt&ME8H81q>fE8$V{P1AJzr^f@($i51RsZwLwr;mU90p_lBt!Z1&9(K zmYSAEst5mX64#ygi2zz+YsqeI#w|cZGC+4r%}58^f?c|i6=;4rg+kQenZY&Q9HtyR z*wbN;>Ug8($DQD|bV3pVJB=1RIE^L?pA#1axZ1GTA@)p-Tg_-nK-0Uc*uj)I^bcqP znyL50!Msgi-gq7F@ry^7pW>en5esAcAaU=L$rP}-%8qp}Rm1NBXlT$l1uC;W4B=)| z&pRH^YG`tPXI@?X$?3FH9dM+oN+I};k%~e_MxF2y*W7)BVVNhfTRxCk*Q~G>JNfr7 zDYraEN4lDQC_}@h)@oKcS8H~>Xb8vdwr-WizBLv!&@tntttR9~v4{$@vT1Klgi~Y9 zXk3Kdns@GOwatE(VBC^GOe`<(hn-RLb=;;0WcdM(C>tCA@FBuQG#x$MdU9@VmB;42 z@op^fnyjPQb}jfx`wbik{=;XDxda>duU%kGROhd00-dc2$MV!XWfsTm|E?honO&9@ z=I(Ld+p$hp`NH`dcSO)W{K1_c1%CsFpW4HchA`efkTk(ye+exeoiw0&;cMQq zH|dIZ*dcQa59xw@sxeMnvMjw+A4*hziZS$n+PF>VJiU9>{HTwYW8er$nJ z*}9ay9t}QhbwQH3+`nZ&Pf(caIGGx!?*mCn&Jfx0QCOj@bWK+E)T$%Oz9EC?KA_QW zoUXN4;eNlUFJ(zM>ht#m^Zr5pjR5hAjWIH0oYwJVPwwM0$v>&~@j;gR(oM%Zi$|>D z4{LT(zx*@zHYd%D2SRq2MOv(*Sy=O#7`R>R=1S0?MS$yHwa&W~!OzGjGNsK;&EoXR z@)QWUg_rap)Vgel?uCLw2^Tl3FpB%>Yznx(-Wex8}|Rw z4N!02$z58`u_^N^E~1W@5`DULEjw?}jrR8geq8-Adzw7(qs^KhBBO9c=s`(h3_>y; z;-fCa{n*k?p=UA12iIJnrx*+RQ^}R{upI0e&Dt`L;hTcC3Z021X8N+Vd@6}0GU{d8 z*l2v--G%VFESKxEc430^{8fwf6sN96?ceHW;R$PFn`36Vwq+fI+_9#q>ZE^wZ2{kd zezVx7igIP8I2Zve-4BkzUuWIX0>EHUqLqcdnS1NIx00(frd{ZlHl zsC8KY#P6-qsPKRbpUN$*G+Q+E8NQ}jI_qLhe%f#zab!k?QQ5Q0E;$<vP z8$Qj6w!tGT+u+w#_0S}FISr|>sq54f;jbOAm4=r9wdXRH7xm)O7b3M`&Vp+=)$C{X zG*gz@@c6H;&vIp!6}Agiw}Q(!!!&hF)P4??|3KM4x%KC=B(|9BmUibQ6bv15uCa$g zMdSutpeMMWzZSE-G;D|i=IM@bnu+CVPRju|NMa;0VK8@Q62#HfHZy}s&%)vv8Y)*C zHoK`^ofWCA60Zuk0k3Vj&CrRvMUH@1FSm)j0ZepMV05%I@wrOrEw<|a6$i8XS9?F| z{W?uUHe6lwj3rCxhzdKzvXl4F8!_PqgC6Bdukf$}QB#+^JJJ%2CW%ztq*P@m_2dYq zr29v&qt3P3f+sAKsq}3U-BhHvOQl!!NO`e`*S{!=h#OgY-4#FYb~AESRThXHaI`X1 z2KNtZ8vO5ZUFJw^8OAsg8PYxj#?>Su>7!^HKSXS&xuks#^P&`}qcU1Y>K)d!a&$nR zTh?W{F7!9X>P$HE8>xnwN5s>CSrPAVDl8l+knO!D63T-HC)(HpT= zfZujUZ0>&bPaD+{(do3C>72BSvS5Dxx6<>U^pXEi=1Tn<38-HISU`48$^iHdI8C;h z2;0RHxhqb|&CS64a_PFaypfK`QDn0*Z=$WFCdc&{4XvcAikRw~1Z+&2jM0&qOh)!q z{mS-1gUmL$y|6Tz822!Ved`b6RP*z>u!lm-Ew**tU9ywF6!{Ah@*imVC%1mj@mqH_ zeQI^UHJWHdWMRxiT-bpR$Ln8h*mS8jzA|d>$Q!d9G4dWtkxMhedR~gHBtvwkkx6gl zmAQH&ZxyaG`4oZC?xbv~eqv&+%XD*_<=y00mApIikaxm9Ej6QYm34MAl@*;$d%KgW zzx`YO35EZm%+<^S82g2D36wLa7E0>3oQpW09lks}5C*{f=?x^bQwGIQLrT zNGG%!&@$@H)@o{dY`kg4`h{`(57hjVTR(SQ`7Avr^(;MvBbwMQU=;-jH*Q0E^+=%e z`ujEBE_4L9pOvAClg*=tkk^K@)efXWR_`}0HzBD)jd)_ts@R@0w(_xE?u$BubGigM z#?Ix0k5MU*+}+RJY~XM>RZaKX4xx{{(GI+7J_45ON1ie!ptMzLBm0z3L1rPK6| zrT>K1|FO)^N&po&iD&6fB~s~6jEsz0jfF0gdwM_MUGID4NPQ-@r*o(xgF6#y7-G}-wk@*#@YKz|&T)R`yNZL{8yM?3W$zlqy7PO2CfcpkvITeyWl2f%p6m5^UjBDnJ$g55NTPT;G*|fZqam?=GIxh`#5f975W%n zVKZOOZKYUj&_0*tSzwoHQdv7LFEV@S9)EkLg$Ux_2lTwqk`LYc{bjv7>;NT6JWSD<@Vt(*BPm{gaF<$$8>y-q}QV-YG#ujfy6b8vm@cNhyn(Nucm? zcBadxN<-P*q>mlKhWy2L28jh`jx|}EnN^){s~+ooG1f$fHVEA$!qAVbvZ<@A$&zQ{ z<>Mb2v7Blam{c)!IMQUC+Ynp#6kg0uHk#(ES*rz(HDjx=mHb8AojXm}6`o209ylQE zqy#`utdJ>WKZw^5!J*#xPx2Z1gTO@Lb#NFerC zpSzlQcz~IQW9Yz?j!;WUngB)_l}_;{w&(+;!NSbQ7O8V3tZZ0Ne%Z4uSazwdqmp^U ztinbov68uHKlW%pcEnCc8R*OMg&~ip`2+^Dhdk_fb=HK~250H0hK8VxNe0!432Z7c zF)>MXzeE@`A{n;WN{oV}AiyC86-6aMsXF?Og^VC0qUP@+zd zMwz^Ju12PEVxmfvl_uk0(J#6uYpFuyo`)(*t5=m^OQM5h3!W!RF=5Gg{2&}N>m`U4 zuo@EsUVcRE36kt+H}%qlE=72-Faq^WK|uk4BzPWF5Gjd;Ek%$bB;5Avxj*G%zzhX| zBQ_|eb2$kjBj`{fQm_ewLZl0d=o?Yd^|0upD%7JTEwIvpNI=9S3YgkT7Me_D8tWDo zRu<}6@|!=OhRGZzNvc8em>mc3=#WG&q)*`FhiKH&>$BpGlWJX>q1dt1l?rgM2ugwz zF;G}RbQtE?3M-}nod{i(Le}a_kDF*obx;XADsd1_B94amDp|FZMgVr&)Q5F<%V z=*Kn-Rxd&i0db{B&nb|A*rg20s(&Ye>^36>6lI1H#1wm?); z)(SlWNg%Om;Gk%L3sJgX0@j0$MgxuDkW#=D`v!1+q6GzM5maE|dHHwHBh?3oTR2h4`Xkjf=&-J9k+N3N7A4ZMKgB^oNkB(uD#B)0l10Y=X)9?DGJ7Nq z_D3okO#F?^#iM#E9UL6VRn*_mf~ECTfx>Qm+2jctV!YIKOcYVe!^G3!ys=9?*585EJ0~k#foPYgC<9a-dQ+X&f9J3_9rqkTgh1 zx;QZT`|1~h_zREF0rnm=n^SImWpMeNh__T$jyO*3gB;=s#t4+P}pCF5(h=l zf{h$C$qba}<><*W2}7gJJa8x3OC{Npo*Dm*%!D=!4iHA$s?$AgVpR`bWJEDiBlky4 z?Rx*^W@d;pIGyh58;&2)5#N5+*}ajJwlBN~@K_+BM_|5OvQI0e$ExFR!5C>OTkdW3Up#!=(^9Fg2s3nKAd0fu1VE~Dc zm}r~HR0M?Qko;{6z_p`FCLk_KRL~-3Qg5nAW7-zi|5`h{`N1ezBO0by(e=zL&Uo=z za`t$1_tBwWn^RbS?HD;QWG2(Ft}7}?M!TroLLYER;v~KaAW7M$N((@#>~ccw09Hm# zLb4QtO-fw@HI%l1G@%fv9c_gjwEJh}ev8QAfXj})+HWZ-zCWp=v# zB2dI>eJp}KCITlK12E^|EdA}P3mAhX*$8k-DhvoiBjt)mI={Z)b~*9@TnM!6i`h3e z)-Cs_{m%nUxD?Jz4j#2`#0YtBNP^JRw4@Vs=)guQ9BQg0ld61bMz&bP&3t?+d!u~3 zY|2^$T6BrMK;JZXfdj5psTi#2v^Y{q8d1O!gC!|rGz&EIWx84bfoK4L>L~A{f)?~O z*-L0+i~>Z4%pl!*0DgShY(2hnMx)$wysX<(ds|=m9TQ+@4zpmhO$o)oROc-*x0!{1 z?mlL*-8%c$Jnkf1yYeh-(eBd&?Y`s|jwhw4{P5ij}HTW$kJ?Pk$$&Od*vZ|P(3i_-@tyPQf{dUJDA zn=BuGA{$B>JMQ2udD_;MhX)v9hSLd zJ9yLvShu2-N@!`(X$4}vuj>CdR?jH_!0M5J*}1{&=Bc<4ibO12*S71^oyG?=GY;p0 z+%Vle_ja{e-H3VHfX4XRMGG`uf`X!^67`3q6>Lfl@uCz8;&nTnV>-7GhF zvLSxDEHp>FYvV(_y_R!`MQ*F^uHq-uQI>;>rG~*Dt;XYVvl2Uo14LGK@bBX`0pnTR zl^~26yTpdlP_$RGJl8;&DBQr+nvZI|d!#$Xj$*T;qjn%WYF0o~rF_bQ`JH>e(Jh{1nB5qwQ-a{Ww-FP=G)TPw{lmASt^A)Rp3a5_%;|zeVN|Tfe zi6m1GsU+(M7d61gTPWk&>K6`(?nh@o8JczadXRbgr6*USs^z_f2I?C*E_E(N^Rz^} zpu5fwBoL z&vU%(_@mo`1X6PEQ^2k2@$NkjA+gchKI?rPQ40zchGvhO3JRXH67IlDHpx-@U=*h%ne2OIv;3H(n9;V|>?w+WUeg_qKeF>E4 zdK++aqes_s_vG_lYjK0yN4HjYF>&6W*N-GQEl?B;47l_Zm>%B`F2C_e77o{7>h!io zh^iv>mTZK412$*F)8BS}U5dA>oR+we`$^nwqZ!87G%SUw6B<%Vr&595c{s#+#YqBa zWsFB2=a)yyjjtf-SO9`1#U}e}xpi~Jp{qR~tl!T_!a6mBv7rE}$R8SZrMK(hZW|Ec{EZsI3 z&DWpW7nI0*fyd&uR@rXeqikyKAJK0#LKhnDF zenVZ0g=9O#|3J0#e8;SQJE#3ZFx>B*@6y+Jo*O*P(_YkRFQ^*F5H3}zisaf@O=z^1 z(up38e~)Yc+_`Ba-i4ok<Lom#ND-758okmf4yP)A!EztIljUk)i7FNxv7mqFhgb zr0w)xj=SYD1mj#Lry!YbwskdYgnmOyqv?Q$wSzzqZg6DO7W2}P{~_W_?#ipVwMA!Z z-VA0vllt&`naFsyFn{Q+0Z)pzN-`=hiK*t>s$9eEA2>de6w=Pj?73Vs?X^iOSg~&r zf4CpEnwHa@waZZkez^pzK6G_EAHNHywp;+O?xZwtQUvzeJ>i8@i5Z6|5*76tK!u!)*lkXskuvG6(_o^?H zlw+vRXdlX89rHnJz7XtlWN@LI_HYz0pDVY_Zs#mLk@0z=J1X22Pe0fKEd6M|O)+$lxN1E-At!!4UGda8?G#o?M~X|$i21saH_*>z57_oS&iJ@x zDCZi-GX~mB>`0ro5ovLJy2)7CksiER+WorPo3M$Joo|5;ly_bH(uHW=19M=SG7*}> zVtt0|;pg4%TB}aX1yzh~Lib4bC>&W%FkNC|CVXZc$uVdDDHO?IG{vRq7X<7B=c>4_ zCaUBreKArgCPdYMf&GN!;u`tc;ST@agj)uz=AGv(p z&+U9vTZ4Gq-YouqX#_DK=p2$TgQ>}mm8TUUp>7~ zE91@@XAin^`5OD4kwiY`Wzv{eN70#9V44*Xk-Q=%jJE&fv5JWJv&w}7e@$$#v523J z-u}KQNwXl7@bfip388F!H>wU5Cpxmlv9)Cvq{X`jKq-JF{U|qIC^x3`LrxC`j z*)qLrNNsZbVgfoEobvKJ46j(fLauoW<-9u zne_(|Oo%#)c;9=}oR1%X!1d{~v)VK|f=RxOrPxm9!QDOFq5M4RQ{%(~OFN?+K@OC3 z$k%4uFS7`?3Ee7MO_y66&l%8dIR-WbLNp(Mg9=1s2`2f|9jqTd5Uz{!XpRxQM&JUY zbp@9CO~XD|yRiHdj7A0o;+NtWJQiLzazEP*4(K>ha}cp!g?_ggP%4K5O)D z8ZIiw;ZaU2?H7hDw+v-6>mMb%JL0)7TP)4kWU5rVQ6^lm_NScm0MJAN>lGp35=aP+ zOv-YJ!7%N)t=YELa=~qw{LFG@&(Rf@y6=8L3fHY%+>z(yAIGa_Y~Jd2@?d+4ICZBg zfAe|8(a3HXFXbrt<@hew!M#U~ zXP=gv?ds;3QezP+zDk08)YS4HoXnLY`?L)GP6F#2W&-@EOmILs|YBUBte+W zuhfBnE2&Rk(U63B-FAOwyBgQ;8|;|wnzhv~bS|(vGC14@ z?zkfUr$Xp*-wBvs2C710)Eg4x6cnJewRz+xs@%uiGyxO#U%u5Iu-p)PH+!5-?I`}0 zF(l@JV117LS!DnqS4{4HR64~vKIVHj>qVZ_#HB!~xp^Us^X1tsKCa;thr92FzvPbf zb-#6^v7XwWbL!~)3Ue!85faS}g_aUW84^n=p`?O~W-9-d-Dzn-3kZK$@qC7HsSlD7 z+0YYBS!#u3YilMu-w`s|e8pqh$GtVXv8(@H)sH_m&#lrG@s1Z(e~5gA@FV3`^wM!? z^2(ciG^_d^m{*HX$!2nFvgA`A&lh?3Y8EYScuPD;$KUCL&u#4AqR|=MaKw`VoUK5_ zDRi-T`=Cqty(ozbB{IZ*^3|R7mq=dMR(o9wmvYo3V>Tghw-9t>q28jo6TDovJ1fNY zqIOf0kAZzz9{8;v>6fL#>2eB?9U>&uQ%c0vgWe%|`Ke3d{)5hUP%8iSRe0CN>Yg8$ z4zgz=C&yJ;gATv>(H&j?2L+9t?~f6ioaH6A6_h(~rd~(YMfLBocC0UET9O=IX?wfx zlb(Olb8p)FJ4oX=FaIvS@qy3{hJ|gf+TQX9`QhZGOe7@s#04!lZ6x5KTB?$QE2^YH zD9@qiPBJZB12Zn;qaDn;G-qK(P4?9Wh>m7c_@)Vr2F@vB?{<<`FJuSD#T(5Mbn$7& zH@S=8QALcwz|jfD(@870vg4;kynC$LXhA4|zaA5Wj7%r7&}!NLHm9%B`52GEvRzkT zy!GO(RzQs}lv+!!BL^r{aiHKDB_}{v155!}q>1cg6fSF@H~Qft^JA9YeRcOA39mPH z3qX>LKiQN`n2cMCxU4j-D0T{Y3^E_HWo9OJ{DK+%68sQD^xh~g(TBtQ!+G|r9Xyo55z3hlO$Im1Kjd!xAY+^Ow+)YTtw@sBD*{@ zNjU|%YU6QBuI)Rafe+RttLd&L(|O{NovNDb1qDGtDPS;|r1#~eY{djJNU8~A&U^#z z;ln*6SCd{QdX`?(xVodGCTH$?{Y4VHn3~=}>|uACAM;;h(rth%v4x}RzivV=Cs)AD z2V%;kkfvw}As|axgrqA@JDe`7&3sWUzh>u>C*EdPIe+S#O9Mj_hAK&-5viOHkAv&A z;tNY>*0sx4^jg8vk&Dv> zwIjS?#xpkkz9}@JQQkSFgs;%Dp)_G8{nx~btAJ8Uqxp8v43@TFLhXMnRJiJ&o*g|c zeDrRw*kEMq3Kt=ZOpJY`LHw9$*~l+$$|W;yIC(5|ZSR6#um*nQ71^9y|j zCS%o*szhaV>B2IXx9i)xTU$j7nQJj&|vXy#-v~2y(Ztgwu2VT*d@e*yi=mu5pY{nqOM6h|KZHTjX_ZPCEBzPcdbgMH;`6`o z2<`mkHsQqE_hfF{O=2b8V_`>-9AYn7%%+ZGDUGllDU|{=u0Qu#WC>)jq?0ZKe|C1^rXUn;kOJUCUGi9G`mVv4{l;;O@%AGC9b~!dgLt9(DpRrog&iw3G7^{7 zmF$w4!BHSagRsmJ_Zs6HRHqrsdQa zTG+||l2!lqi~MpsdHEG*inJ`aQf~lEH`8f6)?B^h+Trr}qbC?K?gkHcTCf%H%T@95 zUem)NgHf7bFqiu6cJ)=xAI&__fL^Rt>CrsS=e62HPR}iWvd}B3QHiMZ4Xn3(`9FPCgF}YXPSrDM~8oKx!H-fKgJqYG6!8x=mv>*rOdc zyPLurh#g(3&U|hfCpc{9tB5C=4o5@#hxx?B$l{zGk+B=u@fo!X$2EQ=uweT~%PrGK#$&AuN~}go!y~q3+LjH~R!jhh@uztjl`QvmJse4WckC3* z)>fNj)x(pFA3YS`_z^i?H~0Ry&zQ3+GEB2(bK8F@ppC6t3=h^gKa!K{wBu!P1RTJ9 zjVlfq-Iz*GuWJBtR74lcrp_M;j*2f*4#FnLtl#Y-k6^yG(>F1&q|qqIGBPsWtT$Zg zO@P=$xGK1KM76oMaoaPURTwDU?Sv8;H%WfV;06XC9yW?j}jbR<4%oG=IoI zI$){yPsHc*=DGVm@0CjVVs|SbondVE2>`Ab9x&O`zOH&m&5nTg}sFqdJp* zqkX-|9Z%J;uIAlNaW|@(5~D`ebT(xjL(+lE;FQ1mBFn8X6Q(zNj*W0E9qgzNWz+7v zlXbqrJHjK4@3^aMGzM}FSyYg)u8pwIyP1&r$qW&y>_vf5jRB=bS`mNO5#V&V0u)7! zJN!G24w@Ug$m=w2u_tn;Ij#p=qZ@I%Qw2ca9c;i0m02K21VH9tG7rcBQKllJ)=V8n zQ*)iyHdZ$lp6LrE4(7zVVh_%oEM>J+SO5nMjCx=3?dRU;5;F_DWSJyolllm8?myZ- z?M%z}7`BG4ZoFCDTsk^DH4f`aJaFgl_?%8`?%{^amLNOTo{7Si#D$pqKTFy9bYk!O zmkohJfr zs?o+)Vt?HP0s>v~2K^ukCD#3J`Mqq9^R|qlHADW=m*i!6nwD0zSxq0x1h}Wrziij5-;%_E_6eSrim}2vsu(be*+?3rmJJ^WoS+sac(SES?YdzLQlzuXq|I8BvV9Y==O>|4?p7HuNC+vV zk@j)Om#KG*QfH+n*tUkBt9|t?dBJZf5hu|`nX6aElBkdL^jqpFbR#G_F}}N4wk2`R zcxmfmzZudAkM|jU1^4VUo^+_4*j#(9EQ?dfCdpf+ZpXtA`?K$(jffh@RSv+LOr%wC zaaRo)98#uKN0OGsxDqCY-R+Ndx--tk)VR$NiyY1K@cEuv2xCc!0xCf`-;eRB0UX5u zXvG~JAg^5W9>d4TE(C8a=yqGi{nZi$3{4dEpfJW7Tom~GOPw$~o8+aNCAb-lh=>r4 zeV8p%2`~ytVmUJWlv;iUW4W5n+MW?KgeWMwpbEBcymjvyZF|%*a^&nFx?Bs@a}sIy zGnv&cUECgNT(vk~8FN3&^s>@6*9IjmT^*F z#@@lMAZ6b(<+e=|>uHbL*8H9mzl*QjXW7pZcRz`Fj_ddCdz>b*rxLSiq!lV@WWfg! zl2?qH6h9~*pZVM&==y<6aJ{w%3U%FPCRfVT5mA%yKM?;U(%uC%GWwL;I@Xu6zT<4m zgwDiplOW_8IL;sl5Uq=X5=zX?4CH62Iw~b16m?Mn>WQ<{4t*P&yR6e#f8m{0o-(NCT6R2|`54jux@w zDJq!!#>xJjir^B}MV;E+2W@~}g3IJx^D89wYTIp334Ehay#fna!N%k1+-odT!Yi}n zq+v_v<80H#+vGlj!05F<_t3B|FYeM{stGB^P zO?zM-?4Hax-g%7$5JN(Xj$JZ@E)=3C7iSGPSmOl)p6M0n>e2jpU?NC@~60O8wAJT&K4HdL}&9R2bu)a{kx2dHU20@6jWn zEngis?sv*>o?irv`5V^3u2~-J_<4>OLXB+MquGdPEww^<|KJi>*yDV$5;)j?sSk~s z2u;fKI#lzb=`PKKv=!(MleaW7)b0-2m#JCd3DSbJjbcuR;ioIP=uh@<xC|ZZ}|BB8%xK|o?LNV$le3x zR@cKXZ*!DNpDF{YSHxxxvKiKLDjjrNjTOffLba)N)c z{_gg!pqMI8$p;C{lA&!ETL6{uo^X`;_E6VWLSBnR{ z&pR=xy2#TovuyQy+K)TT#*wh`jc_aDPdS<0s&*c@(M%}j(qxN7goJdl<}zNf8%#h* zTJ|6y^c)e!LV50ns6d`(*b@zy-LNC>u(`BWq(%W9O5{@@)WMMXiX;%1Ai7A4iw!5p z0E7i_2Z;HLf+d}kqJBlfADsvAvr17YVisUx)TeT~AtZJDS3LI6oQP<4AU@OwG3Y6} z91p2o6U$XIHb6s|6rd%h5OS&+_Dj*zTuxgVwUQWcEC&Ky0pVnU-a)Vo1yq7R(jVX#ABpue zebi(^wmZ<;9nrtOgYLim!flsdIS5`nbaV6(?g%`%pFL;yardJlI*2qC3L81Kuijd6 z642q&NMmIseu^(~*S0OG`9rtC5i;o(aUIz?=Z6l<4-`G+T{d2n$u9Y~SQfTU1Jb&3 z_df}*cPQgvwc;2Q6#U*kf|!&-N+GDUAqm96ARv4}7^XmEBm*H?#w=6pyGyAFgZ(8D zA;HVHf-URk4=DP0Dm8PO)rVy1*ctVd`a^(KTGn;0dSS?TFW$Y(nMK2cPG9h|GB`V;Y9|DB4 zcp57$&&()7?$vZz22(jogCOJ%KVGd5MxJuqBTW__gD_dZb-N)o1_%O*O_r(4_RQ$= zVUH;dNE9%D3tAu!uLf-;dUTc3TF_+^>llCIZmYN5vGXZ)SeI_klw}Au6B@;l>_^UgnYB+$W5c9OoZ6+JAdtG!5u#6X z%XcqhsY2oPJBdk0VQTKPbmWfOUDa`xTXf^omt%kR`K*ImAEsbMg%?NE-Ktpt3CtDREL4Zs({TWC z&SdE_J7ae(emtdrkwP0dg$qTJ78us3XcSGh+?&7l@xOv713?^sKn_myNd&3j2C~Ke zlM53EWRDO-{%xV5=?MfNySg~}NjSQ_cmwa6inLEkQf|5HJ@j_>%QMP_qDfY6`nSYD zNY_fPKK+v?ze<#Ek;JNbNB%6F<4st|a&9^rRdN8bE zi2i5gW93JNMI?1zmCEOVYco=&53x+Rq1Q?FV5YP5HKbygM0^C)4@!|yK4c;u|J zi?NN2DR>wNq%+g~yV-t`^xu76b-ic678dA!iHhu4(e#GpVaC^`UTlBED|g?w10yz? zc8~+`Ghe@NX`RO(^+LptdhLh(wEQeOg5|iSEm`ReHP|G%K&<4lie?4=$3}Sh%F1wP z3Vg)>ta$E3(C{xcJb%iuz+T`W_?caaeLy>N;{CO;?Iu%@egX#TZ#>n1NBG~Rf68M1 z060iI?IVT)H)BNCT^c9;W0P$1q4|z4qT)suF(0SL@vS>1miGkGlVd5Y!*mlj?xw|^ zb8%`AYd156MuUJr>(AM+G&ERMbYTx}HE+3fjC2Z?J58S~e%o7}>f<_N!92(h&pEK` zikmcU-gv!aE7vc}^^86^Yv&iZ5HqvLF$hHMzCH@5x_&3jm+!LC0&&#{kdnd-xxeoN z5!;1{a(RKs8(35yKy%p$Q>RybIhj??_eK9G^mBVm18k4)D*Lcv$EL;*ci)ofK$<+6 zIHvj*2;s&P7x8cuTM4Am?RvXp-!jSR-F{xpJTYE&*ga)HN<#mpManeM6@wL1i}o_4 z9%FjJZNb^D+}Yyg556}ZbU;nSy5V?$StfJeT`X)?KOYh(C#?0w3j4C3)lp9^UzNCgM_Ik!nMdgN^v&3*dvl;GQcDzj z*P6n0;F`ABs~P-}U*a=>FwDn4@qo;!m3boSax#ZSF;&I}!I|jH(@Ihwa{=c!fY4~oJ^D6=_w}q-x{(#I z@}-$>zeu6(C8~0}@`cl^u}57~^YegW$DFBXB*H@TH=uC`rYxa#KDAf&{)5#uMpw+2 zi&PKykP$S`eOZ6=g9hY@HX5%d`fwi8FsfXZm_;sAoFBU7j-{2siq|FLUWB=tov8Ra3eiuK zm;>-oP~ml3sMb?fy%sDi`m_Y}IKf`)wvaXCr+0kYLOJ4H^Fktru06f!5)HF%T{O|0 z+#|juDhn-iVP3L>j#?RyHjFxFRAp$sVjEEtwo>i+)vDc{j!Py<*vGh9R-rc zmSDFWY%L3e_Y71NsQdOFDDQSsR3{gLM%<$&HWEt#c>fT zaWCDj8HuuOhxPAUOG(WA{k1D)h}d@!5U%f9^2!>0qFD^N%Qwd-{KtX$_eI{*ln?pQ z#CvTSbMGIghiC4c^r|n|ecp#X+E#J0jAEZwWF=&~o}$D>m{6UF10fvN9t6(4(2&Dq zUJi6w-8ibdU-J0uuhObH$8+Hh?s3hO#jS>elP*7wG(kGfr;n9z9B=*KANwfIe_H%& zm;IaQf4lmDABg+5e%A9HG;~0Ku4P)|WH`Gkej)RrO(L&6>dS43y}zCW%zqqD+T5}4 z%DtD`M)9IVl_IfO=MIm2?&p8HtJ^qz!Tii;&~gAU@vUC~h`i@Bt`cK)3$LZ4P?)mY-&mPI#Vsh(d5BR^8li5k@r*s>DJxdSbWCHlf7ksF-gs7sv>Zbu z%}#Q7>fR@@TTdR%ol;Y$=`AwR&(TRqwf`N8NA&#od^cQQKY)b9C{oKKW_Dq?B@4tKeY4dX7d!}I3s7A4#`?KPrW=o5zN*i)WI7|?55 zNCz{eYDuCdm0(L}l*G*P74CTU5Gihn7zv+!Ms#ny2ei^AZaouw7ZRTEWQ?>m!w87J zJ`T`2`jS__k9d%;_LoO-I-hWIH`UG8REPaED}NH{?ly3ve4K_)m~VNUNwi}HKgw_Q z&r`%uZsd%8v5%vgk_b7Pj1bYRyDby+=l3tKuS9{~bBTk1Bf|kE*%}>)Z(Y45^2;Nc z@l(;9{yuzeW0i97{MIq0grmfMDn|8n_JxE{J#}s1*oPs)2}=UjRILQo3Ms-$tf+Cy zzK_S}xAQ(__r73Z38P&4+<_0%Oa~gWY*xQ;92T2t^tiu}y#$yDpBG$F;tY$(OK>iS zh<41YX7<;RQK9D{&c~kb25yy|o)!SKqvPzcvN6zkv)NxCETLbhA z#}Z@VE(<$e0eN_>>d-kh94t+JA0Ns8gOdN|#?|OLNM7+eVCo@=rtJz8|C&GgCGcK+ zb(mhM7H5OLj-<4*ZR&LpCq(aM ztA+-nEsylfp08l>o1-P76c z%3fi*Gyph<#*Y)y|H%5^z5M@w=>IW4|9{r~e}Hx0`$3ndDq^CbqG4j7p<$o^2@ncV z(SQiwHwmv15fjkT-2qF|^YRI*laM+y2uR&xG7o6 z1q|`iZPhi$bT@sgNo1f*n5T1+@~zt9dlEx0G~0DhE`uZ%q1Jlh5`0cXu#MneF-tIq z%4!9+@L&BYWSum~+Xyxec#q27<$IaRz5kX! zRXF}8WMfAE9uWdUdLsCtw}RB)EL0zoXt4)*?(98^YO#0`qOQ3nE*GD!Z?U8v9kcYL z_G9QZlC?*M|``+kgDsVt%Dm>YvfLhcHf#GkWjO z_blPf@@z+}1(jsxmw4QPf&3kD&iD1p;`$e};g2kF>-Y0mp3MIBjH&q>B-EeeqCDz5 z$PYoqTHjq*ys905_nfB}b>g907cohgId92H6HnkK`N0B2?83tOk^RQT6pWrR&Fn@s z%v5Q|^!+27D5tJF?>>JAy>xrAD)k){da!*lQ3Mu=V?(@XW9fU%t9W>Ca->9mwS!CB z3n$8L?jSq(oYZb(_GRoeoYxh%LL*sF$f0{bj1em;m#zQEM7piKIVRuBxocOAF<>wC zJ81Hd!?()FWV~wC8Y6IPZG5F$^n%s$iTk10UoWB!Ty0rvzSI$Z)ZNeH_;%3ut{I)D z7qiF8<2&eLHTyg0anD7D^$VMrgT2JufaatpUgS4Uas4hZF-|keE}HSagW|tl6Z?z! z_Ge?b7;Mrk-h!9I^vpZaOE5S>&v+CP(Ke4)(wzi-$M{;e->zet!j+>vQP+#LJl8nz;jUh(@m+!G3^Dnj^}lU`m&vk{Z1cNPQS#wp!mkMD@6Vwai#iT zJ^gmUL-UM1!TYyQ@d;QDbJ(L^bGEX8H{bWlM6eisUQ={sfc zQ9^LH;K3yX_uv}bofmg^_uvrR-Q9yb1b26L65K6FZo^vNK6{UI&$vI%-#ePoUCb`) zS+i74nix!F@^8D)vdmWzV*XeknbLLI(oJ{O>&V+oh@fYmn-uN%r^8b+1-K@2Kp=W=Bmo8tg zLaL7A9-p1RVDH8O>4bj4vSS|!bhhbpK@3UArFY;ONFTBrOqUDA1z8ukD#AnwbbPgwHT9>22$U?zT9Tl zfafaK&|tQe*2fZI}^qcpmh#1OvMEAYh&vM67JK$plBr zYs$J%bZ#T?%`}++53gxizNc;rNHWdyQJ5X5oLd0|6C@NpAFT`^*r^v7G5so+MzzV?$1!szf<*MA4!=F#;)o|eP2 zGL66&E7w1mzUVt+;LY^;f1kLkNsysq(+1TC$#<+?PeCa-kaWo157=vqC(d5A?{QOP*$TQQ>&$XEaSvHCgX^dN|j<* zRRQ&r2|HX%5`!~OslB{Q1@(M$@4CCurn#@9N5vUY>SZ)IO=e@zVlC4*%+?OutmRRfJ9 z2_U7vwkVJYpY~s5pk;veR^*?2|3BgXmLCvZNUGMPf5D;+4*!B-=<_{5c^6%X{4W9_ zK&ZM9AqH}oyybW$0673c(9E#Op$~@sKUuzh?K}{=bA4XtbBS7i|8HV#2S{uJl>eD{ z%>z)rz1{ksng6}@Pd#s?{wHNScjHEx1uGE^-IY4_#1y#+Hk48;Pp6V0&1CQ}x+sUe<)iY7}E-j5X zL8u|hMad|qrYBbAgnM6pu}^78JO=gmchu~`WGrbOsB0Y5IQHXef=bQ0!JsFhe6n#%<*xY82U(5E2AW~3Gmj18&zg?92P}!7bGeQ~>RR#ynr%{joQL4k zA`yt;jw)X}KnM&hPuf79CU<*HTH@^{`@93w>2->wpfUdaJnbD#W#z^YpTGq8wuy3J z*oE?TtZ0c_y2fJ>pojMcTB?!(U7cAoG+ZJ}kwpR-p)!DC4^zN9H_c_ZsJd&1H()_r zM$$&jDyNwtoPtsBTxNARs+WvTV84G|n(kH#m-0&wa(GE$??<^r?2O#Pz@oQ&2gXNWSjq;ra8Q2x@CHse$#y>@~6YOk-37R%B8c%ViM zzRir?uge2O@!Fg=-CTOCD*1Vk%Fh_{x@MErULUB5*;|`u0vxYjD?L%|9^`6$ek3bh z>DeYZb}9;z7+dc{MR;X$L|4#X29CFHnB^&L54)Vd#8i;!wTjt@A#n!Dr3aN*kdkAW zuUpmP|MUFo3ZbyvK_%2yz1-if6PIj)kbItlc{=(&#fnDHp-paUiM}*qIU#Bp&MCwh z2`Ez?(R2tBHr}}gZ!Z7I9QzBF*TdI#LtKI=X1jAH-%CK$toh7`WX;3^vdx@sFDDJL z*OP1wX#H#%2mYgPbH|nJsgMAtrxoA%u7UD7YN>Cf&}e*X&i&|uj)L0QBF4~pX)F=e z4>YA?^dR}A!qPP9>1+BgsQoy3TKX?;CgQezHx_3k%pB|}$2R+4w~VfL=`dw`=Jr$G zyU|ASJo|@ixZm34{n~0=QinYDbgno^TK!rh3sq>J8RgTHa^E04E~^-KK0WSK0g3+b zA?gp0J^UZ5bscq+g_6zL4oP&nFLqAg7S0TvH`VrKFoSW46R}Y`ZXqv-StZ9Ce^`_z z3^9Fv-wXo4i%L!J6@LT19s7U(hwmm9%|-!5Un-Ztv{-h7gT9 zD^2w5nbVm1nv^aENhX`J?h^4N<_LJdWa+meR1p?g2W8uRPHB}g@pqP>;?}5B;v_(o zW0Mye&6VU(=KIZle|L*S>UFf#AC(ofVPqFHB(r?}lG5U7XviXE=;T_6KThGyw{ow3 z=NdmDkDJ&n@*#Ha0xEKf?S4*0j=F5IH1G-QKaar8^f=KNOz6I6g||2XlPT%OXM(dX z)5d7J($my=I|1#zek%MItokus_Hmf^!OzeiZ-$iWqeC4>3rp{{5b!R9h>UQxjn9Y{S+H+DAaP9XAa>fZR7bi8}hgE2dMz@jV zHQu!};j4s{d?|vz9K^WL)mZ@XybAcK9pBlftP4@h>iP;bXcYZ)Xj(m{1=QNY%9tJ+ zGe^gVb>8wY!k^5@%QJe5ebp9ZV`bHg^GsyYNl`w!+iMCtI(j(e)aGT}u?;!l4cj8( z20b=4O+^uO%ZRP>r4!!be}&Jlzt$sXY(YB6r429PicUlm2_XNAKTS@`8iJi?&vm_JmOT zC9bE`@3D2chsjtCx_&be^xS(qDooU8;tW}QIyHP^ejc))=8%TWq07Asurq4OL|Q)U zZ!!XpSsyJ6X0WH!+Cm)0`r3`8u@sCHMUtX{vALiz)7S2=*VRmRq63Y;znjjdzu$;c z_}nhW#Ebc}(ea+kqQgI6a+6b7oH+J;zm+(K&_9DaCf@cCO86-KV;%X_d0_GxF{~Nk z!!h4qFrtasmrp%^!7dS=Ww*osL+IuE=YJs}!@~bthW}my!)yOl=l{!%IFOh_G{1GLJrJ7{_?+uXwEr;UwM(T?)k|xKDitUp* zpaFzgfWQh6{zu<9-cgf#c)qd#Sc=zu?ZFcZyx$Sh#}~wc=YQ%-$?CK@bhB`b#<)zl zhk4mRxdS0W`3uyUvPA%w>`7CWlbJ@DTOc{J#(cw58ZSnP&&~${Xke$4Zxf1VhpbmO zxDSZWvQ!Iy!5|4&wh2}Q>a6fY{AEeC$2?e%7aHZOl8Ty44n2f;U@g{t{A5RVIrqEI znu!}iT@X+UyQtabis@;(iZ%8VX5-YxsmancF!#_rJx-ow$?triUu&F_N} zlR0%`aWDMTe#HYT+N?DL#{=vU7@opn?pUHIQrTNM59;zLI0pirX^9%0yQj$6goZ?J!^C4(Nk!#Xzl12c^TkedQ^8(k(Upjmr&@zlDANh z%yFy5-sPxC)g`0Og;>NL0;Pr4wdeDVXZzhQJ5Do>rSZoIo)W8=$KuyckU!i43sB7Q zX^pY@!kmtfT%a1PW2v`0C3Cb9^ZWYa0EGQ{{BlE9|qp zUuRXjXY^WRJZxIk+-sJDHt8mLuG#IQJ~km95J@|-ORwh0OP__LS@Y;>3MoPVN)dlu zUZCwN_B;k9fuh3lmE=rERa%F4x{~N$u;#yDrs)nMr_nCd9K%%2YHhe+zbU@ideQ}0jGuoV5L?tu@6xaCrVMAypjX*qW@S9c4S zZs@v=94Y7N-wp%GZzn}duo?|kwt3yX<~wGec^ z#(JvCS@7M{_kJ+YvUfhV!mE~G1NCa=e%Jq23J{9FU@dW~&uR@TnV0`?DW`XVBZZ30 z^oy3>pxfu!wi2X*e2p>Xh|mZZ1e|UAAMIR253NTJ+$DAz$zur;76i^7GeNvNj-_G5 z$o0jfx8cBy9jEU)+DDDjF?={H8pF&H&ncR5DcH@T9VOgp!Jxuh(83Q?qED9R?}VTj(Ws$ro~dp0xsIqa2_YqOm3EvqgY zJvMnOBoYdz*->K)%{~b|IaD)+hV-xF4P9sHY=z(*n7P3#|I32o}+Z%5T0f{rv!v|*K0@nejVLoB=hONaj6dHBe)e_ z)xob`2{ymW8{7zy-0pdDMOF3PFqB@$Ix7Sjwns1_`6}CXuEU!%oJh)b42gD6pZ*RA z4Zo0Squ<`dB{ifW4>bEd>U9C=&0}FDF2r@w*6NaKs-a0C7j$DzJWd!h5*_2YE{t_$ z+Hb7Xp%?f~V3|RkZ2eN9^{&C-m{y;=xNJ!MS%rYrwqz1lCA;mGr-O9A=#mQZw|Cd8 z@L%%Ptlnbz$QRF=vtl-r!TEO#o!|tlniO(J$6$vnL<)UL@V6y5XT`lO0w$gIL2`4W zeqzV+)JpT-?+OGm-+bcF%!|gX%dAiauB_P1kQa#D3J5nuSt!Qt*gaJo;oZry zveG)LlEz4gV`p-JZ`t&2YpIhHpwB0!l*hCWb`rZCdw7bD$?iCvW_P#yzYg)PI=}V! z2mCtzpgg+1kbIApQ^KN@_{W@A@ z)Z;(H0d!6iuZbkjkaG{u8)MPd1kf-s2k7i>ohi6x1Y zFLHy#gOSWZPOJB6?Z&giDU70UO6f3mC#XA#yV(Xe{Y%MiJG7$dKg`3bs-^c7pg>*( z7SXg9>8X!Wy(v^YsSzT1+7lO6$;z|2Ba96#4%kE6s#KwD9J+%Siwp z;eE-8*9A!5EArd(OSUigHJ=X0+kk5dYJEiy)}XAFuQDpsQBi0B$pMknB7Z_bL`nShm@>6#*EC=&x&U%tf#>;?z9l zDdEX}L02vLeJJ^u?5+#@t~zN#9#Zhwabu;yM4V(m))@RR*V4nWA)@H;rXf~Nwk zRAgATexoTi$c3D#<7416#a}w8bcwUYATl4^T_zTq48p8T-OVxd1VmWRdBiDTd?NZy zntZcDkFsT2P|bDF1n#3`CN9oX4w`H)v98tWk^UKHL%sRfLwYJz(5YWb*YLuo8aq!E zW0Xy(o9PMPK$01@Y|fvD@@E}D10==#d=^Q2mdtdjo~e#J%kDLeoE9i1Xitrj6NC6B z4xugRtqq7Bf}IRitB5iB!8XhdZc1uAyp{_ND$Q+v7qwn7g%kFlI9U5@&(pp4U`_wrpB$LMs*ViB1nus*4O=H=50lxF|O3brv9)Oht-( z&R&X%5|lr5KLq*B)b7FYU>LK`RP%OxYXeWp4GHNo_xdiMEDuf}jBj8-n-pxv$L{4r zU!U{=Z7BKF5#D4^$)UiiqgilKkK%~g4SI9iG23Z(`L-)y_t zI(d1DKBeRl+xb|K9}cV`Iar7(3oaseK48?{oMLy_WJu-B&TL|cWcD8F)~%eUx|oV! z=n=vK2szd6ujeVhk?k;pOBJ{U!0&^L%Pg{tq~_<**8l<6896EHvUWh*s!Y{Pk&NDR z3ahVDU1aCUq5!Nv&-^>&^VA5>?qe}}p_?n5w=e*;KsHP0jotBLOwWBUpYCC?tCpvb zbvqSoxG>rj3K=+YQD#xR%x09FusdN0^K3|z7R+FWm8Wv?4Xsr0UoedZ zf8uR4ZUIxFpIx4mq5X%}*?AUU|LxMT#Y$#xv8XcZFNJC?!nD3=R%!MsvrnXw8 zMLHldpt}vtd3=WBjkU?(w+RX*SgFnYXhrgZ5B`D~4-`4Q${uAiBPYBAsJg=beMz{8 zyiqIUVVUtUXrUErWm{XqhfXU1bz9=!QSSbSmqKCMY;g1u?Fcutp3uM!>uxwsjGy@X z8JF(@#lftchgdncn0elL@+Glu{=q}@@VptbfL40S+rE(Y@g706v7j&HpXM%e#q%mYlx$zhHk#=_ANMxG+R*ER)nf`+ap#W<7J0Vd@}{d=sN_u1^8Wyln3-cAG@eSy@KVu}zr3L}k8}OW(s&@;vpi z8*&Y?cHB@>L{rHJr%&H9cNL~OtwP-(A7YQiWOLg+3jw!6 z-kQFv4pcR$>ewBOzVXX&2=XH9VL@RT=1EYKp!6>onKy*)6S913y#((xHhv!4A|KKb zFFKcxY1ZCA z1NOwD>H0^hM*u3Pg8ogbp%Sek)0@17VO5R+m|H)h&jK>(9k#&y8^}`{#y2f>L z2j;8kq!lo2GbKQ*5Nu*s^Ih01xI9akIjG^?3gYw*Kphv$54|ufdftkBs;fBW9OC$~ z{~w1Rz8`)-q@XA4Q8eIuIP4X6Akt`zuCsbRh8vJy zezABSIcHa^y`9llS`-`mWH(Tvb84q?^1157_iHor`B3zxJ`4IKr$q7R3g5HDjDxMd z@PaJV6P>F3t@he^*S}yW$K+1JAe6dv<%Fh_furlS6wwuK)<^1#`=oTQ8cNX+S);iM zJRD1`1WMA1?IEvT5)nv|& z*kilS9jjuD2d;YV>@w2SSXHE){VD(tty|07Z2U6!x!eef13Sq$mn0)?|Iz(-XU?FFO4igc)o!4$0`6p2*0nSMq*VfjC0wwCf5X6EuDtO4s&10Q?Hz$K@+#KysW+6`3(k~#d7 z0Z!YlzVdt@amRI)9q@AGo2&tU-ged;PcTCTHnLMGvKtoh5B)+1AbBo_soyO{SwbCD z(?`Nwe1IR3meJ5lRQ~DT%`>3Yt#i_*@u(4UwGa>Y!}Gm0jb=+} zC@s-2T!AZo+JMnqZMGplfGiG=`fFvdtdu(vRzHJC93ttM^XE~FWf;FFUY#*#C3 zV?+60u*NTC6iSx*wANTiMM2a;DTK%!``fBZ>MqafBoOIDM>KgW-B?*mt{S)QyG1D5 z%;Gd2+2osyVT?&Z(VPVW&aygu5TpC6-DX(QxW1io!*-x|_OGyC&X| z@u&y4qX!!18aG6K5K2t;;u$&YrJ94%WTX7i|1N64$IQwHY+#oM4G)EM#UPe-VDeHyOt!%~5}obr$7-SaPgCp|%tU;un`_(B{3VtCra*c^U(O1~6)E>{ zZ%8ee$VZ)%blw7gry%8RjOz)H*3XOc=SLQ#iam8Dp-xB; zP@lI}c9fHH(%DkEVJ^}_aoPwXQm%9ds-y70vqPSeD@MaKG;lLN1d>sU^F{Wy7HshD zD}o(W3HYDPnxnBE&zi&ZZxt^zH<1?<&uGy8T<6k1w}7p6WbR2BAw1|-C*Nth)*I|o zXO-w*AuO9G;&5N?KK&@CwcCf(VX;;E7)sp6`J!eKj2VV--X~CruaeE~uaF%RGR^iO zbee|8Prie2D?=k!7A{fX^rIFFR@h?QrvtSJl9Jw{CVszn_eow^C8vAB#ukJJ`#hui zT=MEqVHE}YrKKbaz^2d0wpRDm7vHFtJm{Gpj|h*fFc;ce#jEV*mh;l_I6c#R6jmYUvAWTyeZto(KP-xR{)vG?HMcwd3iTQMs)FFU-^## zq*DUado7|KPx>IB(@I3Fe$#c>1Eo8uctZTM#;nH|NSpzX%iWediHbE?8H!}oAvfZz z7i?`&&vJhJO(iH;AM}2AP^fV7c`JOnSShU9Mj_(&lOpY-JX(K)6KM55H1i?H5liYx zm++4g8k#>aLvTZ#g7j@O6?!}wN`vATww#I{J8>(K?F1R2zhn`0--p?5n)lE&LI>?8 zLM^}-R!E&!$HHz!n1OHAbD+7pNJOiBB!7=?({pqI~94CQyf>|k(VFR0ifRAyBZAt)F=XdGcOI8h z{*)2w>6Buss@C$lk=!RNopjZ)wExtOQr8mJmiqzi@CuvFf%Y_4Uf6{1oAnDH+9~Du zQ0}!0&4NVcE-$W@B-7T3va7KQj-17|;g{b@y&kGP59H<9#=8mq{T0SAZEOvm!dn(( zB%ATo5Uz4tXay)S(SqNLn3fxQQl6RKr;C^H>tN`iID9XG+s^;?3;h@atJfkh@K=%~ z+=$iu$EMVK#bH(B_U;RqfXBjhF5`0>*cMy%p4NmoO{N+-lR!Yk`@zNWISR#Okq^+& z1E#aRr;3TnW%38lhm9aM>k8dGvnEl+3YryQu=K%4dfHys?)t3qnZk8#b~k?IV69M5 zcNOAb!#R}dW0f(ct5afPG3iPTiDzj+ie=l-w1QA1u|UE}nkz4sJ`RfVM5{+a^d#e+-;I$Vm0`K}M@C=}$5~ezsVm z`U_TP>l|lbmZ{3B7p^npY|UqpINhn(!@lN$PE{^vvify!YdAE8CVLmhSX`0QA1Z!# zR2I-|wrzc$;zf`0}B33{o&k3W~as4~D45Ohj^k2iQSUekA{zjtbczOOQn%yoetgn^=%fmp{L7k z2}6*U3|u)oBCAwv3X=q;xUGE}9v;Lnf;}EfNzmXNe%-+|91{i-6F4baR3Su{#mEI) z9WA7=1%4<%9Uj$q?W7x(vE6x4tp>*S69*LR9 zfLDSefmoX$&xfNmz)KRPHfZO&h^97}XTNWSTfD9Q3&tAiTr|qGDy`ZR?oo$7x$`I3 zilpD(+CUXSc3Y8nWQB`F$v9q%#vWDy7S3^udo8$aS{kPq&6m{9lL}Tls8PxC>&+D&w1eM=)6f}`PD=5F-p)xH zmj{jIq(0Z?bPyubBChc<9|py;Cve^36~d)ea%Jz)%wqTp3LGU<<{Z6U@omI9yd4EbyKHa2FG0cKP-5#7 zT7_UEjw>XVUzDx9IV^-8Azv{mGhUPsV`bsCG@NYC(-1jX%(lOWu*1!#%Lckg@n+)U zAB$Okz8lgf2g^1IfIUgJylzSNwn~l-Vy;NoKor;xcVd@NJ+Sd%ix20QlZQ;?7rE!<|v zo70FFHs@KXhvf@XIy7d*O%>T{6%>psY!x~CmUMo_p4lq$rNX3be9yFiZ8os3LAm{7 zJ{sV3(jqs#?xXj%!q+`j2{_Fb%Ade8%aN|abi0@u zOOP_=oGknV;?eLt*`tFIJ6HBrTPMjo~eKH+?*p0>JqXN`rcqN_1z*7^gP-go9Hc!k$=kL69bZI84Ch`7X0`5+?<59oKJ0 zh-o>Gho~yC^w(do#RAceZUOScxx)oBa9GG~30mZT`$N{o-4?MYgxM(lx&Mmzd*Qyc zw?~8!8Dt9dhmwx`8dZz}#30sTC?8xs5 z{U^z~gSKA8x)SsCw7)a(hnT}WvGO3?kTOATEgfoS53-2p7fKil*VR8$urgPUB&qz0 zG6RP|)9by%`IFU$9YU`|PdUgZX)T?*S0S5HAf47lYbh}ycduG@Y6FVrhK>w?LH!Nm z4vy=01Eo8P&EiiA1&Tu5D$LV@{>I}-P_U>QCB(!`z!h$hJ!`R;cRcHpg)(JcuCGIj zY=2`_r!rU(lM{1~C;$!t;~pDVWWlF+pN9rZcW{@^Q#?psX#|8nKN$$}1tjk8mUCia zXym#k&jz(;zW<3rI%&=$S?he-hpiA|v1wAwCv*W_tXg~yxyfz{Khq;fkRyWdV41H)_)%G zj6$SdtOZMv9`6#sp=uyC+kV5FjTma};y$+Q;xxCp=M&}$;8BpGzf#R z9wzd~vY|$*9SqV^!CKf+)e?Ozv8b20AVi9Y!9fKV&%Z_Ww-O+#7ti{hLBe!lIg2(O z&H=FsH!%GtA)wcB1gcmtPo6)VLtOm$f(&sN_%JxzVV<3E#-GefyfDRkKVM6{SRs2s zN0PPdfbH;PX6D3pZMrQKF(Q6nY}pGLygh6Ny}sY%sGM_q`q>>n3LwiB^3rS{zt35x zKnzZfOK7O_DS+zeoC9Y~ISv_QPgyxO70}{-9ePAbA2N>9a`YR`n#0cF#6%3_aAcp$ z?Xww;(iUEdGIucz2^S4^btKM=6OZBVOlFc}7UVSVbedAuG4Y|_$D1?3fkGyF(chVp zp*H8DR{loxk*3-sOSJwH%^!j$fI@PLB0BaYA9Ux4i^wH~?Jj_#nF~!0NBv%KMH_p~ z*L!deUy3zGJ&K_>Y373Cw+@WTHVG)C`4IocRK^-k-P+2iRe{NNaC)Qg28A5g-x#w1 z6*USnVjZHEfK-vOm=%RR=%T2%DuA#T!vo%333TWUtFjxB<~K56uOtErBvl|Q4(>J< z!Kj5r!ub@Nff#?en11GO^&6Hb8kQ&)meh0^fb#hAcJ^W0_z3*4?`psp4(!7{22~AE zijowV#XHip6qKMQ8%sK1+jZ-u4soqY1`;E;50R@8L;s0od6s{FqXP*-kGI4o77r{RP8sb!rjW~zm+EZh+?g4BjthwaCZo7BuhrVu+t#%PO&hX(c z6rwb*C?dcu`PS~$zm4D3)_;XJY6FP;6<+_v>p5r#aPph}7xmwpqYemfhm?a9R;b(S z2Jzc2JAefEuf*0{eBkwT(Po1;z<{2~t5+P0c!__7zw;)uZ@CexTpD{k z$DlGwjo=B3`ib_WRADjfKx}sV1`=6O>D8o=iFpptjbhq_&H|(M4`hya(y=@0*$>mH zaMiYcR=3Ct3ORq41++0I78Lla#QbW&XYQbbkAhI0N?xjqr5olb)PU$+!`&mEKh-zQ?HquDlf|@wtouZ~HRroBH$}w@b z{cMwS+BoaqVfTUFD_5(*(sEbuES2$_RBb9=K7d{z+CB4lz}K0d;CVMtc;32_}f@qmyeO*!>R>?KKo_$^r-l080aY+tL`g&MaE& z9wG|!XRdadniRF!%`)+L>>cb9ZjLMr*?CNyOFeo@HW#n6N3X~6QR)mH0-%Qfh(V+t z3VXOkF<`(7UEDGK67>t?-b0LEy;bxruNF~SB8fkSPuwGPZ0Ez&?hqQD?1Y*Cwh<$G zlGzbGmVr?8zZF@W{3rEaq_;$SOGJD+?!XuxC{v8F{*|&$8+k8g*FOJ%f>zUl6N+EqRZii&4A~i&X$40)+nlyA)gO z|I-=}4*a+IRd$ruc;Ud0c1JvsOi2LDQMR(URISo4o!rc_EA1?w;tCES!2ABggWP3u zf~=v69Txyp@^=2G+T&S^UszQ;xUUecRRcF5%o}GoDyaVl!|z#wF3>|eJMGhVnCRtE zQ*P0ai{shXNThu6D$sNf5S&C5*=n*O{wL(N&}fJ9Dm7g{?EAZZSX}{L*XVQoso)s1 zOA2Z2E>7wMzaiUw3`9OLc=1?M@Al$n4T2zXoKLOrGfRNt25NeZ+%;LhaknZ_yZy$q zGr$Je)Ej+fD)B~1-u>ExV9=wt!Cqd>Qx4CD6776RQ+3;M-pYrSKxDM2ZX4( z=%p|fwoC)$1({nPH4AnW-II9&4}QHe`R6>M?kYZDQoR0+;{TL<3yZVjK2W{E6(T#v zfFXP2kld?h+(~nM@-u1;d!Jg7L$&Jah!!e;idiG*pfO#WL>u2Q&#YUN9#WmuSf^G$ zBW}bsLFnKpYYv10On#lw&9w#fmNk$TKC(FV7s+bY-^L1pSfR|F*s^0`qWxeE?DFq; zTDMh7X%xJd{zM3R>#)lgvm$oMKyrT|!jHBW82%`B_>LF$T-MJOJv$v@bNw}l{I8VA zy}^OTXDybRe6bg5b$B{~9&cmH1pX|;bFQ<>He!DFaB8AceGHs zsbe9AlRV`yCIs$Wx-v^|KURhFk*nx0AvfWBwnE~`zc}g zEf`odwc-Kxmpis|F|;D{Dpqkg&1UGF%ikYO8_X8Q0jc91|Mff=ibF%(vs%Fpl|ri% zuzXfysdcD9-O+&17Tyes1o@QguIU%wpvsp!FtkGO5Hba@-Yi8D*){J8; zme$;8CU#F94M7vsfH7pmSY=C*fVD;!UZJe??;?wknuYJRp0p^t_(++1hVKV;2w^XnMtY)?qvp3kUt^`+knzYudH|+ zLdr@v6XKodCAkk9e4blYjk~{9a5G|o7Vk*W%jBle! z`X4>}O1|7$j6=9TR6Kf$F7Z}GjHr}4UH9s#OI4O~l|+xg%x?L#4u7^|CUJL4LQngYLsk$+`DWmIbh1n7#-r_K+C-zfjX@|J^8sW9220c{Bkkx1m zflAAx2(U5DyFDu=9bPY{Jgk%-`vkA-j1%~Yifo4=)!jU2mhJI334ao86S<9TGaW&x zJSBg801?}KP9i%5QJvixror)v>dlyFw&?fz$vQOc1I6G`$vQ57AIe1C0o43f%(aD& zuJ%g0c}VFPb~AyDTSG*a{)Tv9OZa(sN&@tp-&ADtNe-@|F3n&N_wDgu$Jbb@)3{0Z zxdJr(Xuc&mL2ObAerRG7fQ6wC1F&`@)j!M|XzRnnaM&g|a8ccRRC~{=9>gIj6%?Fk zyznv=IOz1%Wu<^+!|Ii9YV_v#JjzL&R$U~ZjKWB}qaA|p{TY&SR91>M5Qf-!n7`+H zFw=w*s*PiLJnwc%IGLn2S2+=wzP3i|GQZ1Q;8u+Ox~}H1>-*<{&$IJ(;Uoxo=b1pz z=7@j_g(vNGiL>9=AjZK|mkfQ|aDca=xplKR}7A9~=L+%u(6MynGp2JI1r6UPoANtnS zJ0VB}M+#2Tk2wBO*|GD}GXnyEUN%DvKz!XRe%&7qh|C}^mb8NjstdqR>~U6+iv1;P zt7q<}B2|O3NCNx1cmj3@Jb9CHU1Hk@Gl*XzOv`pk9%*Iq4@LN%y_&Rl!xNZ4%1xK< zOLOB@B$ZQNAoba`EUf_C-+uf2a|h{hdHS4ok(JV19)sQQNz5tNMZT$-UHX?$zwIUX zc!eb=dNvwr>>B+u%mk5B_S8dZ?xeV-Vm^xXQ&vf~C5Yoh6;^+C7-F(mx~;H=&Js)W zD(?nRN?rRx!pCX58pI!~x2fM()!s166U`~~g&G}H>bT0A_Zpu~(YjEsQE+ydF8s~t z5Mo2EbHv%^`TZ?m5Nhk8GvqBDCHY__TXs0)`#|suq(GOtSToe zMs~K~5ef}6=m~K|9w#0heL{sPt2RRI>X)kw#{7sx!zbGpn967@{h+iuTN-FJ{G8qL zybEZ_Joz?j;DfHX9s22e}c;CX&fUDz#g>ISyi6aJud{zLwXF6a;vGUeI4Q zT&4DuFN0*3Cdpsm6e<&pr$P%P>H0kdE04p0M2!1oeX<==YNs-JX2|Iu)oa||-wyCr zlLwvABYxOP-H%op_F~YX81!Xb_54>e;sCi`9Ewl*=dGj3BZ8!Ds{X0c=P3Oa9JGqZM$^U4YA09=>O49}|B))1lH4FoS1)xOw^>10W4h!M8bbN{0G>A^b+f4(WFz>CLezXl3$+d?WmsKM0t_B4ccl48L z*3~WQGn+Cc(rS<{bbi*b!y9x69Oef6z9BneR>aEZu~qXg3lA9SenPImu12@P*ENoe zK3PaxY|9>rDcgin6%h3j>kUuJ9YT;|Sng6&;xv^?U?X|0$hUT9-1zZu){<1@UanlU zYO2`id1>Y8wrLlrw)f`vW9V2rAd!>&851JHP_rh>$=ly7n9c{`EiFYS8^B9Zvap0_ z1TzAH?sV)=HZ)z)W7*AA3d9w8JO@yhgH95}^Vmu=Xj!ZcFs5vg3gHwav#6jv#2G3< zHcI02@%OZPl^t3VeP$@4?Rg`J{wCse~RwK@)4KH5MN7nd7NVr&EL8>seTLtztDm?}u znHLwEkmsnDgWr2obbFH}7A(=>F((h5511o=943?JQMDjgXE!{&wZv)ZBbVoj+#j-K zxzv`mKO&Bh8Vl@wD%55TVAVv+=n#=i63rD3MW;70XksE_r>%<2@PZPc;*9eSA&Pom zrRLc||BA>rSz|e*tKPRlWlHqszLrYC%R3;-&7ln~J6K^ymVSZCV-T$;t5nw%5?pbr z%((tU)Khsca*wuXMsaae>IwZ941}WXH^14(%VG~FTu7~Mw_r(N#Yr~OA3;L@qyw-R z3EbB($}Lg(_pmmogUGra;rDqlC@wb9CK| zWsC6FeFYJkF0*99l^9 zAy^G*)I+`5W5p7QGytbmkSXp^ z!bXZqjWOJi3lK$P7Jdf($s1&voUZtJ!*JCqkmsRlMm8)EX*?ZuQTbVV#tQ!mmi~h$ zsTO#`7H`*3Vx24q|>(hox70O08N%q>O z&MD?-`JspCP+9ZqV5RH+Ro6t^$yF+N!D!RPfU7l7vw@I0fQFlp@KXZ9hvET*PFaBE z4f}a{<%RMCA6gr{Y$*8_;t#LmBqZa_40C0cQ3E#N%aiv09WAD74;oHoHa!9d9A0$_ zp{7%m-9FLqRh9mX113<&xO{4}sp}~{#lvz-^6Z5NJ?Nq{YQi@}^6-cULpww+qylrJ zf1w8OaZAupaT>FnyY8|mq94nf#ySrxIagH->k3lS9)j|Jn9Z_pj{W%ywvJW@%j_nv z!JdSZAr2uXvW9%%&yzD3i&ik$>Wlz0TV1r;OvH??Xq3w@A+iA#E9q8^{6d+Q%>)%~ z2E{*U2NPNgdWhDrY+hUqnnd3&t_YIPdE?;gi)62kyvzge(v4?_RJ;Re$9ho2d-);5 z$6yL%PG-yg$Un2kE_Ymz3xcTv?DcgiuBmwI#*%O%n-6ft&Qug=y5Xn+P>&U_GhK}% zhrV}NW_})xKS0=2^k}^;JHoYZ45F0kOM`WBPLbS|SIXDbPcdrNLXkUI@+*lwgH9hG zJ(6dut1iV=&$btZ65j>kg)dl*Xe>J6&sVE|{8%1v;znGHP_`XZp|EAz3A{~m$7D!C z&7^HVwuf0@J0)Qy?rv0{$0OA=6^D&ux?WWJVN(aYCR&Aj^n<%pJot3)`fn^)ZGPt!Dh>MSer!7BYyox@C(7- zCb>zhoyPM~#pkKUrT?O=9jRqe1!C1R(U~$Iw469cHJj-<_q-?E{w;^r@JYd?wG%1 zlU$fFyA(07obB0bsscx3|AKK|>^aCq2~!K1xtGHA`d!=t$US4Pg$-fjf-&WhtWJ5uO(g9X|`Z`oqde*e1^pMm&RMjjDv1CCwn!(hchhSyqmuC2@0^&U&hC;)W zR+;P#)nn6zE_2hcB8k2>1``omC9|gzQ{0ltU0t4LGu&q!}@nNnm}K9qUwYE$h*xb~&2t zQ_*(=>%D4MY~^RSu^M?NUJf*&j_o35nCLqlDQ{BVgrPk@Fa;KKebpOO)~o7sY(2bS zRhnP;R`ggHr_3pw1sX(56d0|Jnq7J+w&vgOI;l!$f~pK{ zUhQXP+Ok1wSWM3t&vxBVc}NJK;buwqNPr8BrIm0&`3_nKb5ux$2ojp+7SggHeIcgY zEwW;05-_ng!Hkd*pb~9w=u<0Hj!hlc@mtar8-L!QsU`CaC$9%C;NFXlb$zx(}# z8(K3mO__#}kQE&o5ndyp;gOW(U9Vnp1_L4m>|{)CFVy2jiErid;0NN?y)GnW#)d;c|HQIxQ;~v ztupj*I(WQI+MF*sq*^?lZ*Apmwuq98Y2IwD40Dl6x1b{*J}tSp zVa76%;;ulAbtz+{y!Um7HhYRvi^Ma9&Lc|a8jt<`V zXRm&&FmgVpby~@lt=}b~Q&HekSZEtfU5Td|>vhwcvGlS-qy@rMfR>_;i)uv0bbNp< z+A4N=SQ2n9$#Kgs5pWd}!%CKQVRO(Fah)pqC2(7Oz4>C**69@d4(kusZ)j@jJ&4E2 zQ7iJ5Nx5rjhYywl7T||b*wd9{AZYr~urzU(SlSH*xonY3PAi&!))@H{R*W*rvJ9*& z02~Q5QXVS}xy*`D0te+rSvFm5N}t-^P-P}MV7?^U1Oakmm@GCvIwS6zIq8mmT>Ll6 zz<5X^5P+R}xtpsxKVwwD-AEuC2omwp7NaeTNv!xOq{-BE@GGS?L7mrv2ZSLGTx1xh{JSsA3ukWgHpL=~<%EXPt ze^IE`jJxZ~6E3wt8Q0F>HT6G*KR>n=id8I?n$rd>?d7gz|7W~R^;E@n`()Gmh+|jn z0JmkH1)0I3P1A7nQ#Abq0o2#bz2Rn%m7HRh%4FMCPt%g*0h99k9B|H!y4o?;C*>D~ z4Y6rs@H|VjbfV~zpdO`s+G>8{#nHEFtk0K~7*iYy`}w6NTmVAw!}#epdme;{f$=BL zi0gRzp(g~@o^-lbOsLMqA=?zE zc)BG(=koprn7?Lgd30pb^jI)}aX}Ho+M{3FZy>;!e%igqn@N#G;Y=5%U-pRGPCE0) zup?fzEKJM%J+BIds!J=4dps5&h141yXPDI7nBv$W7Avb+=h)cug$L4K4{Cm2dg&q} zQn)OOi-FF|#Ec6{iapBmiyu}MO1q=p5g2T^%<#PEO+XV6%j*5W^t0xkxvREUw<_XS zjFR*#aC({M60pAm3&Rve4EsKZCzSu)p`ow$xm$};8^^}x_=nW^Z*e)#&q(#o>YbQo z)rMNr{7GVcp-3&Gr@lX9$dIG>=&K$D>a2s;7Q>!N3*C|+@24cgQ(nA?n=j<7`wiRY zL}u1(F(aw8%9J00whSd5T_Y+;n<^`HBH-MmMfsp@xO_*vn>@44(3k)eYW$-*&jMR; z5CR^KAWbZhrDG)zu)h%xjYP(sH2AS@B+yNO`e5uMIahDZpHgi7g!I%5EYuDgT?FFo za}z*U*Q7f@vrbM)e~7YEyyg#>xJ=lw>Yn1Tx!tlof1+P~Am%mb!+A}P0^f9pV)Cm>@&yE@Vs4ciy z7(R{JX=bR86xVen+fQ4!x!C}2FtG7dwA__MO;|7m51#a9Y@>K1^l+Y6=%Yqn%c{T( zTOoc&8-;Hw>nQ65I%iZGrqW-y9mO&mGuZ^15812=Zv%%$y(gPo`XRN6hGda#bZN9O zNu0m`@To5n6RYK|$hk02wRrN7t6Hs~GOK-Pkl?-XNpbZS8DO{a#ivQ04MjNHOlxY4 zjuF^&;`Jnp82yrs8tpK~_{pAo?s9CUJv{0eAT;&;g%fbR1SZk!`x_06Tzce$ZejmR zb?URC4fvGaVJqWydZH{kE~-g`R>qnPRZfWg=5v!Rx6tTr$FS7>EG&5~w{53sr~M#4 zVs7%5n8VoX`k2lp<_O~OENQh!2Ca@iI4{k#D@CCZw=)Pqh!?=UTpQ)qr>~6`eBC~(hc#_St1!ax$ZBA*9}$6MuLv~4 zTA&e<`~u=IRbj)>c)O=V~H`w3^y3b@yDJT|OrPWt`pPOU}t^xlv0W0(*d&u%p z=f?d)X2fqNzamTnTN`)>S<|hliRkp~bxn?TSS&AxubExEMEGO<$Qp;QIx+?H9)0*T zk>#96WR`c0s4!(Kq;X^vS))0efdN@yB=%5sP%ts}QUQzARvGXyfIGW@%$ z-}cq3VqD)!gAevQfq4PXIyZ`qCw_W52kY`>sW_hrkc}E>mik8}49cVS7{SID5B_a5 zxM)$-D7Z8ngDftV*Mnh$_t_UNn|&9d&zc$A0{0krJrBc7JH?gxdG(L9tHLhzeYi4W z2DFXLf8m(oWfq3k^SfRQqe0=TQpUv!MfauIgcY!xtXAX-f>#e%FH_%l{gG{DP9Sa8f|6&{J^Jq=DTy-(jtG$f=z zU+%f3OcMA_HN=>ucZRzbbIR}EF{3z9j7NHJ#jfq%W|lWSf1iq%qvpjOHAcPM7m2kp z+2XE;J!c`RZ5lwQf}ViRnD#r7vBZUxcW#5gkvl7<_bb!RwCUmx>beF+yBp04Pqd2@ zrId9&Pv@<%?X)P9`#6q3PE6|6E6Qa5`SF|O$tbQ|K2O7|=j02GvKFR{hFtgA<)E{e zQrZt(0>#j4DilCcfv!DWDK?tDtOIt1V9K(rrNUrh<#8K@l2T(lhaxl**I8**R)!pR z^`8W*vKH8}6!?OS&PvOvZSkwS|NimO_Euv$uIfd#&dTqm zY}U)8-h+Pv`|HK=NU|xG8uZr2bk@W>urh`cS521&`thoD#aZTx==MxlA*#Z~YjS}b zi|)|U7BwSl(Mmrv%?iJCpkCy5Z&&+yDUpsTZsgpLCD<56-}Bn{)go*UA(kCwy~UkI z-A@X8@TL`HoPEfpB-NJlS+i-s3}cAS-|l?RDR5+TI8lpIkF1i`U!EALv|14hT8wNB zp((An;$OLD98h3j-%bjwxPSJvbe2+;b2w{oF=+7y+XsVI!*Yt{+mGo)Y)iH4nat%% zd;&-S%AdC@`YEN$k7(0U0mv_3Wa7tvBtIwo%zBkl`SOZxD$#s7T0$T`IIH7~jh=to z)ZXB$3^eG}pgPm?=RB~@jbU;`NTC?1X0%IUM&P>}YU77-U=q6e?f$-%j>2yN@;k9) zLfgG(L)r2|B$N3q?0TJo9}%t8NB=1Ax?EGRe8-dCo_%cvbVz=fxt)$2&N}#^WY$jf z=k09qiIj%jW0EeW9=13dQ9f4nQzd%cTuPGdrjr&^kx@Br*1nJQpGde2#oTeS^hZvsu2jp%Tuk0@^!k z_n@Qq&S@<%IzRsS#cg-4>YA-F{qp8En_^LHY4Mro-nx^tPS?vHr~XIpEK6>ly_<3wT^LrSkpM5HgowO#OSALb)}5(uW2Gaid6meW~yh|FUcn$qTg} z8!cChRl73_mD-2Cq+ZmBmc=6$G>OemXYZD>D1mLGY*28Rz-BnQ1Ui(e+k^rJwnPRC zHf)w=f8n^YcYt3=_Ku#j%2f5ntiixwaZV3n)O7_rNH0$oJE(~8p3~P3TSv$xZ3AMc z?USUr#q!MKolWv|#G?3ML1g2G@ZEKTTugyjm``pIa0ZK=xEHanQ_8B2iJpaarP{FZ z&5IzD;OFT8nC>l_iqY=psqr=IawW-TMuX_ZHK$ji?SY+W6$6fY-)xpI0>$3P>KQeJ zxX*g`@OxZZfAe2=`iz#c{AQ$gNG$uA+>~G7mm;h57PQQ1!COZDl&}RCT;+spVL7eO z+HY;G42%dLUzeNlnSs2CIjnwMr_UeMjGENFXvxc1i>{s9&d9MJct)UXYiJ|zlkZP( zk^JQ&UXc#?d#3P_{QBjTK91{gD+%wl-@Cd=_s8^@6m~}siS}2Dz^>b_b~y)E3(g)g zd{~xVt}e!df8h=(+SE;SG#HwxX|NB9UG@K6>cv#wrtN1A`qr;*iGq?zB52%B+w7JP z0Ch30TR-GGMPOT{CeQt`g_rOi3X~D<4^ZcyIVTT=;$1ls zV4;|}4o3tUM}lHN2v#VW9C&#QgV@A`Oco}R=viXHshFsvXA9Qvym6SyK1j$)1TV@K zYO4kOh5MuNjD^6YCq|6(>bfzVXR<+}K|L~E#<{(h9XmiJu2>Hfasv*|oGPS`rb!Q> z&x+!t3~_19ZS)!bvdvo$DTQcnHku0iKBOP!DA~*Uy__d8s|U75(7boUr7;;w@Wmra zzMo?MvD#Z^qE`h@yq$-rdfbX^H^hI19ka@DSzYqV78s0-)VYs-QlHMqo6SQQ@RDo5So!N+^yR~E~3C% z`kFj2Jh!BITrtGPU>jvN!iB_Ml|}XAXV0ovjk;Z?GO@rRUV4_Mb4F) zrSAQXDyR2Zs{u)o2scJtv1zE+L&TMio6n^KZ`18g%YRBmmHdhm>yW5!{n#QBsH1PV zVx(t0X+`>0Lp=x~oda^Ag~{?EHsR}NlONlMz)Jj_aYxIKSqe@>meel=CAeO_fA=wT zy#D9g19ID+(E6f%Yhhx76Az}`UDeO^EI;~){mA65Nr-iYvV{ck8<`DEwm}R_r}|zj z)(gv52U_2fm2d`=G*(tdb&)UELD@Ywidj@Q3ye%o`O#J*PT z8qz7NyG2&aile0 zriv=txy0#}T5q$wzx#T?+v9MPouzZQ(sbu(XxaUpxX^u}qNi-TsGsW5{b({t*mN~F z^cqndlW*i32pRb(?)ltbI0q1aeKaUyFd^i5Q`ANR`Skj`do@>%HV+)8;3+odAVE(r z$P7x1E{R*ygi^ zlF*df(YysPOB9y~e$M9Nfy!Oo)tQWf12H06eL;}v7Cw}1dyjr(Fg{X$aOBXuqSW?b z6Gcz^EJgBQwqX1CJv~SO_^@^Ov(FTkNdF59xoc;WW%!q z!_OcwUs+skzUiH~dV#4ZJJkFmvg6TFuXnPb?RJ@L?apSU*=3koo1p_*zR-tVj4;?J($VaTLEsb(E@191dD`D?+O6pMCO6$zbdluW3sR?rYNghv0m9PKfn zU$V$O`BwqM&98rb*aQy55XS=!z(7DjK}SRaju%A)PVs<;LqNnsLdK`#3B~1>(Q@x2 zAflz0k~S~hA_QCV@>zH=Xg8noLl~`6pAN-9gol@epVf2OnNAk4{c3#u8+NNto{9li zpr|a-6(%XGYy#+%rIXXrC0wf8P+*HWdEy+q;o4TW=Yh384zopZD3acbLlqy6&$RXp z-ad?|ZukJf(Urrp`LmTE?20A%a*2bul12LT^Ssx@~6A#E?CVe44#)!sF4HRY{8;W%X;Hi>f-yR{Z9Lrit_*-H5Yt z4=gKs-flJFF7G0xD;_w^Pq_H66Qc%jzm?1TfY<^CYdMH#N|aY>gZcJ1{q`_w$}XJu z3SI;~8>hU$TR zaI{Yw+U%g%8@;0Y#~~)rp#S9NyE=>_dZ1LDzW5-~N{O0^&Wo?P=qDixvw_i&5x;{J z9mf`AnjSYX$2!6DUkxtA6bz)_35Lf3;dvDRdo_~xzkOS-{kq6c!wFdT{wySNF(mq9 z|AFMd=9W+K*2!u2^y$^LiQRS3{qxp)@kf%EkJNwRF#o?#S~FiiAuf|PNCS92%p1g7_-joah#Kyk!F!l&^sCXu2$|@ zb#U&qu0rUaXRX4l3AiM)GhWFX|{Zrf=Ps8B`BYX0N6Oh-kLPIw?Q-NI;2Kb z9S2n%{~n=Id)>s6>Jz&w$s`zxoiKnStR0L7$2^sF4mto{c2 z@gevxT)@ZG`j8+d`1-QGy^UCfVrnmiNfE4_uNaLFe^ei?K$0gyce=?Z&-SF8SepXv zEWy>o%obqFjue;FuNeP}!;c0;wB^2rYP1sW20{!vWh3M*T4eS2=g`clnnc zx=6rQy+mAB>oxrzdB7K%FI9du6Aah0df_fZ+L8gAo3=1{BltG#jk@aSH>Z6!mujX6 zpZ$S8QYHEensZmFqTfxy&xe_Kl$_5zuB>2M*%R^oY~{W8^`AhT40{`|(dQk-yj+sg za6)BJ#_}^*lXwPpc%fz*#v)dMF2sq%yKcSm5xZPXJNOLPSb~1F{9cN$?$dWK0;M}f z#)L{r5v1FG{33bxZr5r;2vxv4BhVa(6iu1QBAHsUX5{Gjdb<-MvNo_BLyw)dC#(EG z0!&#Vq|01oVQzTO!BE^S*^}fdKGcS5RXTMdb!}!i`9cc(;Gi z`bwF&&nRpvln4|fX*eESuSa@)BEG!zl21LjB<8LrWyk+35m4tt5Laj7?~Miz^tbJ$ zGe2Xpj$u$99O_ZWqA0&bwk+7#fYrL7aDvU%8As7WM!N@P;9^ubgeBWA3q2hfB;-Dv z_L}vuq>!|$zHqL-I%!vJQMLRC=Yx3Jb#fDSI^W@C>^;GB9>%HHb z@L$wos$%l!jq+gJs%z?{n&H`$nwBPzQ}u-DzCZqVuF2w;STh>dv-sl%T?<@5gQYGRAxTGU8IT^>kAz#K~aH`WKJyUvB*;*r3o%-UcEE zL%qzB>VbWL@HJ#B%4K7-|0uUmR#l}X_5udrH&?x|Hp2ckAcK)!Tt@@D z<7!6(vOT-BA;t{wg{aa&T~jUtxY|^8nV6VtP@rsd1A#Dh!a<2_9mmtMa(x*qDk{rV z3}JsmFfk3Ngw*b-t$nB|H-DkorwW5ADwaNfz!3%w zN??B5q^8^-uLa=q9Rzk2e#W7Ik@+-D`)FG3p7M@wR$N*ApQ7M7@ekG2HN7;YX75kG z!ldg>LB@rq@_eGsJv?Ndj8f;?~$uwmZ8fw9f<$7aqo#^4hA~I*EgNx0o_oa&JHr#_ALxUGqT{nmTy5Ccgb(%)x ztRQXRfP~xe@IvC>>ByXz;Zwi~-7Q=JH)3+hba1u3;svc zgL4soXz7DoC8YW7eMNpJoly+K_#GO>ti$8!%PUI=N%i!V5Om1U@9G$TvnSWfJ;BUZ zj<12fy@RWCyx2Y7b?q4D{#&*Ufu&P;9hcms@%L8-|ECtp?>kWiov31A$@uZg$s;e! zg-6~^o(R0b9p~wpz_syd4DHQ!{X-j-xfK1Y_XhMXY`#A;Jmvo+O~4kW z^!3L~9EeTh?85G4ApM+mGH@Usc*7y48tKf_{iAOv|E!%39^VYf-jP}csy$0F7XdNB z2G!g1ufLvb=P51%3DW$$jx23)fa1siFNmydrM54!nYre9zIB|t20mE+t_i)WV=5FX zgpF|V{BY7Lu2-{_Q7!d?bmI?9{cK62FCoqIE3h8J)x6CovcPf9D-qF16QM50UW#*a zE?;IXn)~^N3Er+%nCk}=x|`N(s5jnrLhe_(?gPtzIyfH1SR9b%*oR-9aWo+9mzJ>R zOb33S>Sj<@P!^xMq2~Oa{ya_`&{&rqA6p#^A$l421~b82u(o4{#9XgpE-&(}jAE{N zonJ_Km5p<^e3E~HzJTCVbHuy3w~-U|rSM+S57Dxq4*<=J-m!8TAkD866qHePC>rfhp3rYE;&B7e`aQQ%fI==oNxtWQ5)d!tIhDR&t1gbTVMYh3z%#A$AGK zd2f{!6qR95;@q`&DC@o69Ynk+vrF1_;N(M}#caOV0MvrG3t4RFi^;KCL;8##8s9OZ z_L?El*9-7VxJfag@@U5|$1j%9idQ)p+5=m3Bbg&C`5B15D&>CfR$(}9GIZ5K? zI=)H_8;qNypGhom>a2NIwMR#enj^~ktv5kgKi zFRm5m1YlB@VQa{im=+(Dq9`X*;Kw~84`=vl?)7L{QQ0%iWObMpS_D&glF-}Q=HY38 z=rq=c59a8)x%PBagu|E*^;X$NBXJq_z9m<|Ec^Z{vo2K&219+PELfvYoYGGm{i`9B zN1mrI`Z%p(G|W2uaiobAv==F_t7sSbYn#hI!AyT!Co2 zfwAw-4hMKWBW&m8=D5f)JY#^J2A`53E7*L7YgU&l4-1S<+Qo>w>6GdkWI_7ztqjTE z4aP~GKHicJX+YJZ(HDDqdVKVr+4vFWo*pX4f^=GjbW8zLY75{s0F)idO-^dnNjbKk zM+=JH1v$2aY9tx6nwseMLNF1mEfbo=B1qWa$D27Xqv(WCS=WjVta0ycUo7-RWk?=d4KM+g$7}V(V9T$F z3e%A(quM~fG!ej_L%&w1=x5s!7k%>W?ku#{ye}xm*t#)dbY$P}y5$qo1<)516b~2z z?Kik%yF^f3gBOi9F1SyuI=66B=2b$vMp!`sV;Rnqv-mIFiT~LxFgyr^o+W|MGa@_^ zDl#e}A`&7T5PJqf&v?LL%=mP;JW{e+p?$R6(&p|2MD$=QAo$Gd!EbTOklH*eAfwI5 zr}GqiMtBN7hq&Hc{Q3E~@q6!J^5Oljx%W=0?R0j2aSuXQ3R7E9T%*Rtx;ww=Y9Eb+ zpF4D+6tb^K_Cs2TqY51n`=P2RR{9M>mnX#iN5WJx#y;1#Z17Ty18ou zN+CC6M6lh*&R4g7oVav)gA&Y*j(_3uE*o$DoBzsqtS(*rfdhFM5bvs(w#1i>*jXYj zzws68tlhDv~8|^2o~*F za$k(}B{YW1aKR=|KM?-fZU%e(<=iNG@iUBejW7~vnz{kd7xiqu{}3!5@X_zpZQ$?M z$1vhQJQ4p6zM8m0Q}PX1^0h;nhJiCVE{|Z%&Yht6{os%6>t>Ln8`JIEVz==t zlKH#W`tLqeubuY}{gK$rJm!L4-Z%a~lGy#>e+_1u{~^p6 z*3Dn?Z$N(3>wR2=T&7YjbS&M9y#B%>pitdWwOTAO31h?j-Piej^Ot)Ep3NH>^+(9t z#)UHJgTkeHExJvs@T z-xyrgPaEmdEb&>l{V@C?vvT>+&0DVBxOk4{*JCPAuG!mGMCuvlcP~^SUstUNCXkj; z6V!R}=*m=V6m;+hSaT*CmtIzhm*~&pw1i27T-KY-K^{?UVaK=@IsjeiCh!3RxBUp2@Yc3sQVdA%%Hwv{*WjZ3I;_URE|UtPTABy@QF zi(PzDz5&?ipSK~4!8~3)XJ4m5rZW2v&DtYT*eK_9198D`{meC$L@pOaR(+GAn2Oay zvJ@E7lcpV=FZZG#4^w(UMe#-gzdbvaL*yhOwmcYEG zApe7J=G#iu{)JmZTXNj4!_sCNZ=Ma}l(8()`#bjUw~+ftzYt}0qmU}-J&|XKT1fG& zUUw!Jrv9EoaRl@FrPeaN?v^dol6sWPV$$GaRrNj2zwveiSZUG8JG=GhEftMU&NV)O zY5!XTX(J%y{H->29_qBLgy?$KU$|WM&)+(~1hv}$t9-b4kyFp#R#`S%_?CmlTm(@i zvX9*^b&q@+c@A0mnC!|}wO#1GJ)vqQ``~D65mfu}FWgMXl*5v`KAMjg&95sxQOP~~ zIEV;Wx3zh_7!gK8qneIeQoKn=W&*JHm0|G_hnxSIW0z!=sF_(Q~NJi&0n6i zx+OVYqF#g?zFj{|&^xEFfl4y{gRs6`pKI-s)AXaa*<0$N#IsDx$GqZG(I;&KInuK= z+`AL1q6l6)wHRDD5jD|_Dx|!ry$W`-bke=9C9<}DnKP1%|U{^o@y74_-VwY2zM4){Ohhxp4_D+4-#3zj(T9& z@7!-RCUM&N@)2~=@)u4r)9&qObslhBB6-+vADKBC0oN8x8x9ExjKY=`OX~3kG4P|4 zCh_~(zPGL@A;rhg=C)PR4Ow|Z_4)zz+c-j(PN(GN>zv*r2VudaR|^!_Wh?q?YXYw_ z8!8w5+CMURLxM$xpW)?oE<4_tExi2bdDT#Z#hg4e`O;bUi0Chzt`jg@$DxFiuuus= z^T^NbRUnvwfMd(*5!Qn| zxcChXlQnXOFXB1XlTxnJuQR@5XsUa=B)77rVIJvkxZ4t*rE-82)*&yLHaBiOoh+7Oe zSd`obs~sfpYs(K8X4V2OUkABGV+SD)J6yzL!1J~_Nq;&$fZ4&~c1KxB#;(%UxxK7R z`0hE7T^?!_3_;N^(b*`I_cg1U&o~DQHSlPeEf=-;2DpH_3ir;>AT2Uys|aF>IFwr? zB-R9)Ei`xv3+Lz^TioCB!HxKH{ZE$FX(?+2L$Gu(ZmcWfdqO?i1Tr{J<8jnI9#(b! zvuO)NCj{`eyq>qz%oaNy`J9(dl9GE6?4$L~`ZHF2TfwTa(cR>{VmK(}%(p8T%LEUO zzpGu^jinSziE<~RMzY8%qd=%){>hc!PQA|h#XFH;hd@o#5UTp4so$xo#4a3W{KYmJ zpAWKvm&J2edtOYn{Zxp0kAdRP3G;2bBy1(c;oRMD_#yddRl1z4l*afl{rvN^4ELz8 z$D@Tw*O^VHz)*|t(+S`(;1sqCf6ZYZ8`R*(fWT z`YT$yH!xr1h4l@w&M9~#CPR)28}h7XGFtEak<^wthMv+v!tYp=gyMq*;TsGh2GE-`4ddS|^3{9lK)|w40X-hD{={X)j zgLn>DC$zBTal>nGcO*JxH1m*8-QIO2#I@_At?_6{qA-1bYn2PQDauw%J9z;9 z6Q>fgRGHGotXp1kv{|>zf^?wgfR62kc|X8}g6T3!Y8~kBi`_zks#lpI$6XiS_{w~h z|6u%wiyASWDPp4$!;WsCgB-y@XJMd66j9GI2NSWXG4TuNQGdT4LK6p_)T}rZD84=e z8D2_@kYTSE2E64b;9F*>1tyvSLVptnCc>vCqBr%(7C>njpY)J{51a(eOi+A zZ<3|W8?I6%6BHB+168|HV^y>2>hhpi{ml_i8KHe71s03V-p~U8f0#l+Mq~_!isslW z6^!uT20E+;dMbv^k%?9Y#~;wy|6>(oC)TQRj$nvoNr z0l++`CJuOW4D!lSE6i0cdp#g;LcP55VIM3na-;<&rk){_O3}~i=qKPczFo-*U>FkK zhh4|@{nir2CuWMNzvz#Qw9smbgqH$1qmn5;tODQ*z)ciWFK@|?r*@qH9O<&L*Zw5M zRG%E!pIsTqj5=h3d;_$DMzu<6*wNMh!l@}k{z+m1Qk=BHBp>uQP$#R6GWm!6O2r{U++v8b!w?sGa?hii7Gj_tT07A{OWd2Q#08%yhIj`B z8F$reg*W-!I>C4|Bf2%H(fj;j5hj97@IzF4fP2#YYZhnu@Blni`0r1r9tx3(ma;s1 z4KObCq8;Lv$|T~JJ0r1(&c(y@a}X%VKP;t!4MUH%nf_0#l|kGfK>B(cD|Rx2ET&jX zgRqpAS#mm=L^3u^T-X~x9CV-;`!F_a3bpwh@m5+I#HE*sD?9;j*MxOAyI%<-llfpX z8{|L$cH5oET`H3_;RkNf3`ULUkHjEk)hdDpt+U zxTuO?_zqQSVpE6~P&AN18{ny`t8ym!x2a7;#bGE~d!3dWU^}e|SQ=y;omWRD=KkUS zL8#$+Ow%Y!h5ES~fYJEYIoX$`wlSNXm8(YZOT1)v?QO<5(FQ0K$JG%bnO3AaT+7*y zMaaP-^_M6BYtzOL1gUolI7*8_H*^? zn$&Z39h1mUrMUS6AX2Ku3Z$wQ(H0B2pF!$qIg^Ouf8nC$ee4r+E^Snb7C)fE6!Wr5 zo2V>^TqC7+)l8ppLCU|%Rz~!tUNcUn)OW|X6FQ@M!8VnS++n3U`?68G551pe(UU&u zHLtL=n4tNFk=YhP`Sf24u<+I&XjGl^8i2x)>WL(ru;t`+ilRoq zciQV%@b@8>>y3c4?ct3`3~YT9-BJT06xt;wBt>ogOy46kj`}uq=mOu zOox{MqT!gDI$*q_;q2$V@eO=Pg~R>k=JE}ge3o_BE@Z2@KbZw)R|P4gHB8a>pyB*8 z(cZp7j=B;UX;4Zvy(kM0G}^oxYD&3k9=sAixY0wx?=V0xwV4Pii)1N9o`6{N&a5vh z(9-EQmvsRxE_*gh5?B}kE@?+rq|~9Jt3RB|V*3^09Z>a|c#d>Sl>i%L*|m`_Q9|Sy z`cpf4#!VzQohO1&K_GbN1UW43(@+d$p#&f(vfkb2+$k;S@Rxq!7ZtvkqTR9+|?>l z{5sj(CT|{B{YYkD1s>lpg*R`$RmaFgQUc4g01daP=jq$V>*$FFlIFoqxEeBC!;z{kc95dt zgdrCesq?ED?#(1PJZ5Cm{XKvxO?^SZsG7St{k;cLW#mbJpQ z@aiJ)Sh)jSVXFG;DrJGz81xpQia?8?HR-etVzEE`TEN8>QdtR6U+B|tn2f~WSF|K# z1-uwBZ$&f=JL#3=RG2$ixTU+9N0tFe0elM!ZW}S;)lDLsvHcmQ<`U*AkX^W3qwSMl zXU-09Kn&MZ0}}LV*(o_38O;V<4vq7=(%RBV2-&U(X%2xL4tj%Lg(I3yO>esZyN0wV zi#>W=>iLcAXCYYHmBUpNcyY*BO-Wc40jeK`fe2?60`#{uQa`kqD?_XmW&@7L+ujQ_ zIN}y)sbl1*9hWD4K=bK^b4(B|p#Mm2KLaGC*nOtdoxqqU+6-IKM107Bs7 z9%OJPF9b$=m7=aQ$Dd5AF^{)gJw^fxsUE*Ch2AdkY$v_R$?fM<&nnCDQUpM&gh&)T z74#m`!!N{KUcy`}+ewL1l2sdqk)tb6k_XXc0Q^yy#{rtz^CZgv&k*Qx8q?OvTC7s# z1M@0$>7yFeVf}!@1zC6CdyNLU_gRR)cjNbP6tKkiz0n+SPfuFkM_ zQWi7TCs{RjCs`Zl?VLa(sk8uht>WC1&)})s@RgjNTofB4WfB{2tqAUN8>5$ZAa5RW z?i-acq;!S&t%wg(}5u3|We@K2;#YN~~*LL-pEaP&;8@ z8tSiqJjiz-XjFABDBeR@ptKC3qYWdBpPw#8Cm)-j|7?pJlCv5{Nz^j6Dn(op=Gf|= zAs6WKgD@fR>G}3%OKyz3xwXmhZ zb^M8KNS~ky*FJjNj{Y;etjrnx(1MgB#mc28k<+VIZR?Uj57nlWm|6A|COpDc*GaDG zgh|C(0w~J(%_O0gI$$|M2aeRwG|+cx0jfO}4}_Ni7=iFI&?WZ8H4fepL=jN5N2<;=JW#E_5()J8X zEp0~OGq-g2@-AetPa2Zqv+tQKIFsZaHRDry;(e)wGkQp~XCR1((V1oAJA!Cc6T;9ayB6KL1WU zvBeA2T|o1~*cMhhDZO7u_zh}02{W(MWCyRe%w?f+mKm1m*NT>ZRJrrRCB2?Gl;S*~k!S8n=tR}!wZf8BfkdZn!H-Si`(NX0jJcvZDdn@WZi+hJI2R$l^p63L;Ndpx;zo>Og2W=%Kx zrH`Po^FBQZAOAO(ioK-?ft-%%zF%IZIIn@d2ycbHP-YoDADiaqd~RqC)>-8LFVwwd zRGZ(|HV9Op6nCdM!HT;(!QG)qQi8i%akm6_2` zS1$23F-~7FOP4abV(i+N1ncHn@7RcnfhB(YIJ`d%+N8|qV%e3S#WP@0(rEgaBe!ay zY!rf%tP3zeCY{Jkp~_AZR1w_*u^uW4B+sCwj9)!bX55Elv!eeB zKo$?Q_$AwuAu7eqi#jjz{wi$D#F%aNi;b>+lJM@w{bbJZMc{A%fT%?yPfp}pkO0aF z3=Y>L7@uSS3Y6r#dv#cSnxj0=xNslwE9J50hcOW2@n+cM5PmwN-?LjcdM~1$qx4uP zB<-`*=L5uq7rj8@U8rRQX&kk(oPVEjS;TnN=ox?^asm)ZRMV^UR3Y?PrgpHjJGFhZ ziO#Qbx*P`HH{K>37(7^Q#tj6zi6l%d!jHi7b;4ijS{S>B>xQFpu8kj2=nr$V5kNjg zGeEX4ezax*747L1*7FRWhzJm=_Njd!lK>f@vtdt%Se4j4cBe<+i8S8oK^mo+FE%+D|2ynpFd_WvFvuC{WA6sQrRPJ zs>HFI`JjX(lv=OOUHP|Bz}Gj~57G}H9`12BjHL(?^`{gW92UPvUBA z^qBj?%(OtF?v`9hBQ>9OY?Ywn_QapLk2_$Oi*Ps67IF@%)ANK3ozutl!Px^7exCEx z8QL?^pW9^t*autG5}X4L7Pg}4<`wt`_X^0_E4z5wJ>>=9u&1)6c&u zx!>RA59xr^#U#RH(^ud@Y20DU!@3Uole&c$jikORxj$+k2MD~`fby&dvK}(p_s46G zTq)hvPju~R;>*8wIX81A)K$w!LCxlTdXe1|pmu4m*-8RxJ|OC*?f;l3Zv6$1+=+@C zehK{S=z3r45*P)Y^kSjZv8olq*$BEi=eikn+9?&s3_!qc_v!8ZD!iR*=lWS4L`t6c z+m3oz)}P|R;tB5;clt`sBO|xdO7tuTBa$DIxEVp2Va<7gknhINGTakQlqW$-rLNs7MgxujOz`4nB|R||>_<9s zkh197uj_(pqAT&r!2OOx=?%6uMRYo7Ep3e7q2WY===R_Y9VV^ymVP9l{;41sHpvaA zKyvoH4ze+K5_r?$rQ<~4PiQ0Fmi75gYOtP*cKa1pW%la!7rT>$$Mio)I8izt!GRz zdnvqKrdhy1j}F6>@t_7PeA0wUOgym^v-lh#sMkHo`dELNrIz|unVxBCQ+tinQdghR zR#UNTiulQe?}jgsS9W><(cjDvVECxu#uiY2F>KKzlyR%d1gu!GUb$`^5?_@!fHCyh{ZAn@8Lxoi5R2Qf5h|772&6RjNx)<4TzJ4?tsSv0_Q#jI9)`_}g&>kKvj8 zwg#{GTgMkM2oNC62|;k?W26TQA6iS(QgguD!UH?7wYU7knS~LQ`gbD&(%mJoMLCF& z>(cHd{|UX7=@a&F?r36-)$Ql?pc8{9Zn~|*HSEjuc3Ahs;WigEaAI>Cm+t6^&(WV2 zu~8SII|XDmkdfk$zp5=D-oIEECoDbab%21oT^0I+^!trIbpfI;PrrlVsYd*KVWNU| z6`XR+)-lQ}Mpd3ZIv1_lDO(~QQ>dRK0tsrNTSp)@-Y_8YmeQ^VvRRJi%*&H)YrE|o z84h(}nG9NJh7C+4{Ht|3)*kfX^!qPA(^#ha}{#rc+n^WbWY9p`X?VuC!I z=Z}^gdIuIvfd?XV{vug#_4l#f_QUa8$mC<@PtR~~to;^9c^;>CD!CD0>;1IKr?Wld zq{b6Ycf|nZ53=upGY3`vV&DI-Ib-arRnR0U&7`=`&^KHk z%eS)nF4TVMGLvX6xG4oOPfC1RK>$a#jjS>B#AMv^{hUVR$c>?2BX`yIMi%QItsN!) z$^hI;x3kDw<@GUhu-j$EXb;%wGAjAUA0)C?aoixpdkA;gZ#BEy$ZvR7#|!7tK~?IV z%~{YfR%Ml{0FDM`KL->FfBHzH+Eh%cTV)|j zJx68cH<}J<-XmGWmkE}-qX7QQ2_XMv(ZY4bY=8?7AAe@WX((^9b!*S5hy4tebzCef zmjoBL7CSgbV*}GxX@wd!!^5+a$N~oNJuTRzocxuipR|Tv5v@`$#JCrsoK%qtddP7x z(aq z=igc1EmE67fb11Xm{NT3LlYI1!s6U4FYo29W0dD`y9^mjeGA37ngfBy85;3qx5>2B zW{JBS*`?)$+ZlWbz0K`tAyg2fi3{vY1(A)@8m1x_E9YDSigXT~gK&w|>MSvk2lH-X zSnrzr$tEQa<#3g~$~H*mG`g<7>U$BBD57ZvDO!ja#HhE6)}Ry1E54kbWUB>grQ$_5 z&3fH3tn)xl9X&Y_&l3O3GLkXxu4ppsK_@^H%Bb(gqr#!K2%iUtcd)wAThBY?`Z{0( zB(B!@qi>MsNa+AoJ0%C56^L2`82%Y~ob`;~+#F^L?D0zhJTDmQ|HN-}5?hLsg@;1P zz68D~RWnGT8qTy#IN6&S3Rc{S0K2ar@UDK=LYi7lLy`rc`fjt@9P}l-7C=_1pOh2z zFl|44e11}40vJ7QaS6-+f;SPCC#Cu{VF|sVOe4ytuS3`@e+>ek>b&N(fg^Z*!H(ER z?y$W%wX_eIG+9Rk6?OcFXRm}xv$TUzHGaCAYAU9Velv9D&N3EO;uD`6P`js|?1h!< zGVUPi*Nw@3I>btlETxodWxZh5y-|yDG}wYBeA3J{dL5%qDEhsJS3V5mjTk5M*RcH8 z%_b!$GzY{54}*BaT0W(ZsRgWS?yr&^9qnCA{rZ+^Mp4&|RjWfGU5^-$xjjpi<=C?RO7MdAeDE zdp9mCtacJ}jb`-DzT`2smOm|xT*me}`dl2embosBr^S5*0?Rjza^@r`qvX%^Suk=L zn6hx4Q;jq@^b^gMWAWF66gA3e zd0a`sU?T$;Lzh?HbQuV*MB7P4L_)M=qDS2%&-gEe4?-ADLwn^r*z|1%npuTa-I zu%~zr$o}E`q=;RV*`rXm7ySS5(5wBu!(2a{?vwcSkAxo&)3YLT7ZQpW>RrG8fBcns z*KeAy`&sqs=*{0r?)4D#d6XAVE&WZ^gPRD4AjmXm^{t8HGYC~V`BMO#Qoe{yd_}&v z;4&(IdT~J{H?RBanhl!Mxa&5t3ZGfV`PmH9i`c#h!{+yb1zE?zQ*I(Ut2J59!1p3q zMeKT$76%SSljWry4~GA`bN%Q@?<7ySb2T$>Gtb)s#vRY067e0~Y8Hz0F|3xgqOE2! zdrnycNV8y#5@D=zsymZu?wYEyVADyXyXHaK%w2zWZeMDrI=$SLllz;DrXQU(Oz1Vw zWvCK+T<5gT*~K+fXB0Ax&73#RL#kW5^(A;&jC6fU$-gcT8^uZuh1;P=!nvVQ{rhbY zn?M(i;DV3oy-l0~{o>_*6B=fgOO_(){OEcqshBU>cvo}uQ$A?Fc&#KI0njK6hK0b% zgUKw%Yii(Daxrp96$?b2xT`)Nk9E*>$OI^hn8cgSo)(>EP7q{eb5Rm)aU9aO-TkCeKl$Z_NHahjK5paWwtmHFlm{y zYf84Z{cVw`u=(2KyPjcJXh|O)%p%#>h8w{*x}vky}8h%fWh{yGzwMWl8>G z*(Tb3;RV-&+@5hj->0Kqxq>DJakcymy;*02BdM!I+srBJ2k*M&hlP-vV5OepddvX$(v>j~byj8^E)l0KF<()iBlA9n%mQ zC~isuJr?sm09*CeeSk_|Srr^jGkjXeNNN@gpOvETgUK=_d09Xf(w``+*Gp=(a+@mP zEo+cW4GLT2IDasry?Zn0ZrHtwxg7g$WfP>rsLzh1rJ6U2GOBdf&myQ3kSl&oDsVda zgxe1`$WIHnxLosL(XZN<^y&No5Z8!1_p1l1@$pJj8wD|k#7lm_9ILl9lWWSoI z9+z%Aj@xJFuS(1Kd!ulcpG-f(Yp`FnBh2*QrmsD~RfZMoGLz)2QsrScnx}@z+j@D+ zOt=)sp0Hxok5s^zp6@&6hk07zVS9XWKcNg3!zjk^rdvr z4(6!lFS#ZVJv`49yX85oVV0~=YtyJgS9Ufl7;Ii#og9}y@-mj{WaObC3oYJH)8 zYrF9@$34-rSk1Ia1S$g^5LT2)w*pc6rbNTmeSM1@XM>;ST_pIpBn#BJ&TtWt3PgL^ z1}q;!gPzfp4k?K-Kf965bY5`KtvnU*0}!wfuAjQAer)}N)UO;|wa})wGaH7XQ!GXF zQX9&0C395Q&4MX4x2mZOR2N!TSed){m$OUR&cgdlDHatl8g4sX+I@>I9Wv`)GVjPP z2l*PaiwTfVmA(+6+r>Xwr_Vwz8488%^>^jm+g${gFtanEK(E?EI;%9W#b^$%ZC%RV zqAON&ZaLUEG=~GMwU}eCZO}x5ipLrM3jPGe!z@b$tNh>_1bo;NSt~J=+w!zKKf&Ky zg4b;XtkS`dba21k$6|DMbl2yrd2ndI2_j$kA~UTf?CUiwF>0oKH+ods}6LY zIITZ-#J~awONDnFhmcD)!6{KNYE?MK$Dp8BcDs~M&GH`WgB_^>)NTQ%FY#_!@D{rJ zYZ^S`ao-BBx>=9ISrt+$|LwMpiD=&9cc$=*JSIbXCZ1>uS5{*C9f2=d^*+2PF*4$s zq@O8`6xB793qDN2ft-Y~tT?a;5Rj{ipk><|m=g{^rpjxKp#^GiHv_&9G#izj_glkZ ztCSinRV5$Xy(SVb>YkQ2$qb1z@Lb`h3GfwAunl0Jb(2s?Dd{4GocHH2=)K>twr-VU znLz|&CLd()MOoRtvuaZp>TSqJErJNUCz77DNnf!*I*R0J-T^J{V`)m)CJwUK;a1(& zK>a%f@e4A+0Mce&YbkQT;;|TG^{QkD=2hB&o8F&d`*8ml6SoolAyD^XZ-A4gYHTwr? zmlV##92~R{{?vpMUEQRGgXu@gIHR9q8M2KZXcrVFTdb&v#g06pTchBzXs4shz)tU{ z-px?5hGd|2dk38LqV}Bjf}NM^3xuCW-=TPgBman(H3`^Vzyub2nG}-qLF@?>KyzAs z>>vyWXVr!9=AY>8ta>01FS1pz^hRZ;s1FtD%K1aRAL+USnmRiy0bFZ-5YCHy3+V)_50ALgiWQg82I&N^hj^S9BL+d!` zfU?3>l`()qea$NcM(=};uFF#QvT4%w4 zR>SDW0WSvn#e6B~zf_9bBo|%%bg!REE+U?VshNtC$CYN@L8&w}3Stm%%Bxw2Ek*Fe zNSsAW`}48O{EFkcX?h|Y++0oER<}*O&;NtOWG8UYdMnFwfbF^W-Jox)JLVa(5}#5R zN^%sUWUbH$Sv0fXBlHIj~Ci z6EYYTn3F5;(N3sg{BD)$&AvLbm23G+qI^QuG^@)lbV!9iNdGYoTopv;@I)vcQJY4; z=3g$npw}Uf3ahCmH**QkA&NJZ$16R+8GpjZs*FLceGTP_k9oJMtD77064F7888K7X zvMw!oRQWtAPc7%1eiPoB7&09X@CSv@bG?h}_3tmr0UID(?7TStiiXS?i_R=y5X( zA!NkAvD^)j@xiwQJH`M6;lj^_$E6$DDNbYz$;5OcL1idm(2*dIvnta!BJ7-N--L~I zEj)a%C%y5`DoeZW3*FrKrd06Ginw}Ytv4G5Ze;~T)b_cTH~sfE&P$X(KK7I5A=HLU z47>w^W15)*LGq^2)m)}ARCNHf>r#yKeR-Ma;A_Pcl=&zp<2HNL@(6dJx7553bmlhG zG;>I@9UpoAI7d1^(NOyMv0hP6ZPbl)Bu(DsM%Puoz~bm`DbK9|lBHb5tss^|cerg!pM==TN$ij*;+| z@WdQP>psJ~sMMr14}7ea0~cHSdB$U{dWSx>&pv9U9p$L{qj&#!SbH&Q^@^53H|f^k zGcN>G**tE1ZQ!gqbKvasfy3V~7U-?)@}0-0nsej<;&^Hw-`!w5*vfz4M58N_JgvAP zS9na)3up?7mVYQ}yWsd)<>DZmv};GCllo4UaCEAj8M*}!>g6}18SS1vtx_eb2HQhk zc3D+5sp*^!H(EM1@OY|1Y@5zZ^M4mF-}NSEPZ+^pa5baJ^UDbkgd<8Z2>^m5+U>$t zA4i||EoX)KqmgT=V^Ig`^6(L82 zTwS!8HK93zZ67phiUgo3F>1|(&(6a-VF!MU`Rh&0(58NkurN672Rh`dK!lfa_eMMh zj8Oh5&%TxZzdua1A{pk2`@ek=l_2}yI7@H_czOH3b2~0Crhoi;EX_}`(^06X{-*Bc z<8!THi&pwkgrf)lj0&nVA`lh%LMqODhu~}ru`6~|>c4+USsD!eaJVIK0`$zdoxk5X zr>+O<9C%I^TM(iMG}@4PJ#6~Zw-gjq^^ti$KijHK#I1r(-irm%qcSw^NcAoS2U_f> z3h#`vd_Y5IkZaHm!WMQ$Ye>B5i{`4JK=Hh7Hp%;kph67(KtXh86h`tv_&&O?g3EV= zFs+Kr^LEj@|MVl+4%6)o_IsqMDfstyi$?uv*{Mf#OJ%clQs{b`#w1 zjUKrqg(W`b<*T*crNNlJYlQX~MIJ?sRzUJ5(h&u?TyRxVJB=xrW5TeS!hAo+(W)Z0 zV17lhj^cTV8r*U`V6#}>00Yb?aLGr#hDa$2;*Kr+hZ;=DrKU}p6${@DoN9TdtZyis z9_il(kf!SC*(tv@@j=?cMw#Yq`;}3OGZm|=jYw!1N6R)a2foT&>^q(iZcX9`V zO(p;@XXQg1sAN=|cJ#brYRN`K>1oq+6JodU$No!uENPu0yyTMJ(L0j&=B6tf&#Z|} zgzlE!y6juEgDnbl3oZAtGPLxr8sZWXziZz0y1>JW4YnhZyh*JJ#uEqMnc~^b%JRthOSyqCqnq8Rz})I%hz5xG?8RR*BG zkR+Cb!XZi2M(C$PHG_!XF zH&MP61*}MXa(eoP#r<&yE4eQL>5_Xu{#_s)N^@xKw{*fyel{w?zZs9P=D@Lhf9?2b z#U2u;Nz|2I%r4}uSV#0@;iB>MlJEMp7(|O9_b-WOlL(-4?=)PL_749$w(<$!+j_A3 zMwfZc8)envdT@D@^FW;Fs(FuIBiKT3L`jv<&dCf z-1XX@E5I*f3l+)J+16oxRVkc!(GP)Kkz>WjoHE!=Ixx%y)J5mh+i)fb)$rl^?-1>O zjLqt$L2bfz(K6C?OPKZF)3b{Q?_jmD`p7#ml@VhP^9nr{678GI9Nk3*BmRhMOcR5r zm~?h|0ADFO#g`BwO!r|?yatoXksi(lPkepH9qm`PfmQ=FyvrKoe z4%&Nz@uFFJxI6PNjF*4%el~iUpzx{iA{Q z-$B{C?#IDh1>HNCn#`NHA|Au4U|_k=2nV45*!fwo=(D;un}`%WUz)@8VHdggO9tJM zZhbKgMY&c|!Rf~@ks-B=gzB@1WEl`1GxfOt`?|C!pp*7j8n zeR4w0=E2g2Hy86Q}0QpQs?{j^D&7cS*+6yGx02?bj@7kAj1(9 zwgMa`OGy6g26aPASC|$&4d+QgPJjQ5zrI`CX6A){&5#+q^2&?SGoAa3IhI+qzvz>%e&rqhzEG4eI5M(!U{LLpMTuTQv5;0VYZV}R zQ3QF;0$R{Fj(97uWtqweX^%6ZNk7x1(6tXv@pI{=A_-x|;@uHw-#GilK%K)liA=(X z41ZHWl8d8LbJ{QP*~lNiC~2Uo9Z0@CU6z!mjxhQVqe*fm=m!Sq+sbS{nLSYrT&ZTxDfJ3wLJRS_y}lKQ@!XtG zPEhW=B-8Og^K^W7vFMBR<++vOh#Y6kY<)bPulp>YqY20Q3dQ$HB<)H*+n6t=l)5p) z#CBYhWQA<(rVI5R{`4af_JYp_N_`_%@ntGgKYR+o(^@|4=86>P+;!%SF~FRY{O}q3 z-|9tC5EYcu#%59&qZW#8Yk9N+0_Rga=?x^lT0UaQ$(dniW3MaI39|LJ_R;=5*xvMg zwT2Q$1^`KiK$MLtkDIeEBDq7mfGZZLed;#s2|HQrlUew4y$MJ+Qz|NgWT1Lo=3c`p z*Rw4CN#{e+ORi9Jd$+z>I(1Ro(zb(x7;{twUiYJzc}E+@m+>E&otB7k(N~NM95xIK12~_L0iwOPqGWS(plvG*Q-<8-$b&nFIG1 zB@p6PlQcC8pB2028frWi#RuLU2N(V=4MCu&&?Wt6F(o;(NcU>#FiXv0?Y)n8qZ48) z-fpa#8EBz7YO3k`y(aS0?@bw#;>)=ww$Zu2*( zNQ)c-yX15>3nXTAuM6T0`tIsaVJ@wLD~tN{Kk8VvZI8@ht!{!YxV zaO?oA?d+OyO~U69RyNl4K)Z0>{zTixH2`G&gM=_xGDar3OfXF4+~r2lkWRnFP^L>U zo*WTpv_-8=0*3{Mc%uqLFY!?&*9bx{;+zg*KOQ79seTV!UZ{OBXpZ$s`3n*y=id>@ zONUF%kS-1xNSv)t3C!j?Q`rBo-A0%NpZ=PlDOecIVG)|TCAJQ~>1NlBF=~fZK{}le z3wE)cmT(tYV;_F-fnRax=zLy+q@aD)dG5W~Fz*K0E>%?jH@$N8Y6Tqq4YCix!j{(w zZQWN^m8>o+?TxagmAA8WSwg#6LemY{KMjTn&LfGv6cFow6rG3#8WpSfDfGiadyf6Q zx6%^w@U(m_p-G{J(88Ccn;OhM2T4FiTKz{{%wYeWvz%j0vGyl|q z>|^Nfvs%91f}0WXt%deV&N&y{VtZ<9%4ZuWti^c%cWvZ2`vv0c3Lx5?VrP6f zpR`X3>RO2+@b&DR4?of*js5lNT-Ce6Buqe^Y6Dpn(zuROe$Hy> z0SLF+!k;I2mt>V15IR2 z)3_MDkM?+k*iA1+?%nlKY?Iuw4NhoOI(i7@cN5jkDGyD(OlIw z4lcQtbYpS7=W@-v;a`ZdR`f$_QNDOH{P!<~vrROmXU|);O{p}AW`+Ch28nQ%924LW zFbu?AZERB8n+UzxF2%2D#xjT7KwQZXlFM6G1uq{1+bh~n#XF3%V#0)T(ld*Zy) zOSfTU;fhVH+I*Qlw8RJ~ISOO`Zu~+cd2$U4=_({VJ_5<7YX^DYwe*X$PzZ?@$`?n$ zcxR%}nO=mq;QQBGpr>M>;N#oCYVs!}c(BUWYt#F+K-SV*fM|D4j;!VE=0thb4|tCO zA?NLbWAa9IZM3QO^PR<>pTx`pit61>OBo3d%33LqSH^(E389s2q5?UqvILyO;O5FL z_D0WS#MnLKO;FnZV+-wQ4(z{l`q~B8&e&`(xBZ}8tjddzgluL5e-#gjiR#DtB$8iZ zR!$AG?ZhRX&vm(z?`wNYEC(s2(uZB>I|{zA-`aoG?QK zb!{rscl<9adc&OeH@{~AN7^0=PL{|jP>TRIzQyR9aqnt$LrqwV1l!~QgbglnZ7~r6F0?As(UkEk=-1Ct&r(4p*WFzsBxbYBTlwz- z{LZ|+_p($cXydtjUis2#?9Q#gMkPlVTIVKewp*3!C1fw|ja_U@Z%49cRL8l+%aHE` z#MeW@G{rTxzixJe^`;Co>J7So*ob@>jwgI3Jq$S0{g1H0#!H}5{5F9w@rRa&p_Sj3 z45|$mNVMvW6h8LFhVwhx#%mTaTYl?cjpvhF8e)q|JFK`t+)}g&Zdru6;3O4W*f8l} zw}jGmgYd-6{(53pv{G-r8`3}huw8#<&Wpa$fc&esG^573|0BfTg3O9+7*|#FyAkfo zlTY;xw`-Id&M_MXO^^l#e(klLRgxNBKBr~j;a(s7zUZ^WRv?=A`?COAoU-9;ORz*@MXExSm{bP5~}1boM4zHUdM3Kh_Tt%Bv|` zhhF@QjrSl~K{a_N{7$x4)H2C}DZ9Bu`@`XP%9>{|)qfb9p+tL-PtcV#a&I=X#YEEp zS;wIEqh;;h5e&Jc#qzt%wEGLa>vrX0Y0j&VFUs;om~T;M>kkaBV* z?bDlp9gZ>VL@7>*)(L&nu%YWlrWq9{CNQ2)zls+|NqB&j`!6|+(~nf?`_$iGD%^oN z^3r~?yyz+z^Pk5je}rpZ8~(OJ$c0bQiZN89OlEFBV)xhGrrn2DxIz!nN8FOq%rP`#-^%}nw4T@n$lrU>xgHE zOUv{mmmYU$WTrfG>%5i!{U;ZluI=S=)#mEN91GSu3?cf#*$Wx=iUCzgJuEFh zwoWKRS`n$G)=8wOvUPPKcXb&Z-*;_vwL7N#54XxU-OabL;$MyOlU0*=w9audaz2-B zV`*b@es&hh*Hs-oy!*17un$=;BFZwzG%d&rTnI9Wg5AUXTG47)OBv0nU%6Jss#dta zrF>>DAbQx(Rz3@ZzXk;8w4Fu3)45Mqlg&=QSEdH$nQ431EXnJQHqK#9OpH!wt&Oqp z4yb3JMXW$w9Hvye(z4krW0t%+OVJr~jG zxiMSQxIslFEvo7GzuiaPO>m#9j!|!^V0e<;iX2cMtdDKliGRz3nank;u(yXa!$akS z8;d%^#p(g6t~%p)A>SO1yofdGj+1j?x{>BC>Ny|0OM-NNN@m}3rRuMID|~$#6Yet~9UWE@I3t6y=y*xEjeEwqb~1L+ zp1MwG)VTJ870hWgj!m;<#F+R(ulz9bkbBWcHZI9f84tyReWONW9$^4KHbsZM2>$UQ zQ~3krphUTcwz*+`Y|dfN5{7GVnjd;+Is_t!RdSbzzFRFaQ8zg4%@Q>3&GpY`4M_6K zj?_+(_Tw|2uaHlZha&BphY?+6lK;XumIAg{kt#EM;%Ay;?B3c$7XU10q+n}Sys%blXf1BjWa$3NfEF{b+ zSw*SHKagD`QA0?^gIwB?+=nek3Z`hrHNWKHB+L4T&K8dj++lB;S$MZ;QfYB z%ULDY{akrQb8jtB6MGq?WM!C#hbLitFWLhZk-@KAIXHjZjivWlJF%F{ui?CMRwpAh zSF(Xhu1Yu|d2A}8A*V;K5CJfBGpq*N<$)UUyuMDL9wjxCd0Cdc!hZG?^GV}6qZvxl zAc_b^-iVh2#_)F;{iz)U2)b}gMgJfzMyYAuilpPOu(KJZ;VZcb@}vE(KGvhORq0wF zbgr}`b+rk zNmR~gB5u)6%F&tpKocihXH{PeAeRK)3aPlwvhmm_=G82j6$Pe=Rser8Bo#Q}l3JPi zOSV=gGfiiA`=g1feM;8%Pdc1T>Q+E@rKX}tH=zAd`ENRwv9<>&o@$#>y3d4t)>B?v z)+nhbqFAVCymagUX|pT?!EA#~C3%XlF}J$f&!8A5&kUH%ibMmqTN(E@h2HR(dD#N? z{wt*j5H%2e)uigSO0p5pNsW+wSJT0uTyJ;us&xgmz3pjA2UfEc3G~mR>X4>>8a$yP zoD!^379+bWX0K@xA%q8)@Bs~#1pMf>y%6};xu3@*_7R=~7gW5`_;RqtbTo=XQFv8^ zU&E#|j;5krpC_)31#1t1K(qeH$naDjc$<}xd+sWvL_RWww2`RZC4GRg`<7+ud&@dH zs~E2EX+Mydm%^L=j^8nS?`Q;{rKn+7*~>RIUf_q!758+JqpJ-#WsY%CgjQN}Emy{G zyFB~oY~P28?Tu3jSgz8C=?@as^0=Xc`O~@OfX5a7Z)_cFw)PN1FYfPDO263=3Hw^C z6BwgT_lJ8#_TFy$St$RPl16ooF}^2TVLY37=#IxbCUrHDz+;th5x zf?!)==xCI=%#ok_1)b0Ec-N;1;g&vi)XehnpBmuC|W35 z97r~M=li@oN{8AOj;jK(O%?^xt3Izh;4y&LgfE|sA|Cj%wL;c6x1=Dohn zMF*{;rEbn#qixGo4Zh809VC*0acye6U0Jb$u&_4DiAj8@oxfk&xTR28(A=okvX}k& za)VO`g-R?#SetFhA%UDHe%r3vYtsf*`Dex!nwG6zNXW$QF1C8 zi!eQWSEu^OSKh13nzG5dAjK{w&k$zh%b2;Kh}0UP3ukZo74I^Yiq6jpWO6{xy{H<= zCqA%0S;cUzU#Y3vJyt$Uka4jja+`9ENc%4)<(1zq5d_*hkz{Kwmse)GNSK@n?*^V= zo*8oTv`e}zJBk#~Vg2|(c?!RqB0&H;xA-4t^f2+w7+h#=W;CMmKb%p8Qm>SKseO;H z*d8Wwz$P`V%$~%>g0s3VwB(M$fm5a6@9i>9FfpL$14k@|P@+Fb;G%BdisNdAQe$OR zdQE1@0xE7}J3{I36rtk!lB|h(V?77_AobB`L8;JH)ExUoL@T?_Oh3F%66Zb|S%Xg22ZY}ervx&& z=9(e6>)dwC^Lj;A-lZA$Eq{;%i{~zI%USZi?bIyTS9<|a=Y{6f{hhKQiPdgb2^XTX z;x#WcdvXJe@t!-y4P={?>3HS#h*|eeBKqSzmaCm`U_M2;wRaG;ImOK>&fHqGP0-5# ze1nUkI=+`2(^X&MPw>&npL;cpG>A+h1b)JgjGs~GnS4WMjn5u1#sh7`#IG^h=2V&K zi3zp5E&lOCu80{M0&uEz`g%`85Xld_brM9*kuTO#pIhRPWx~s6F?nJYShT*rR{4w^ zh#7@Iq8`Eq*t$wI^4R=A8ci>28gWhXG4l&na7%)SyN<@t)z2I>6GF5>5?3?tjVv~iMue>isZyK z1dZX!1}9%TuJ;R!y;`;Em{u;%7NqNu?iz%W&pt$Eww=3jR81M+t~dAwAgVpzvL%H0 z?(SwgP1sA-YWU6YCLHnK-?UlzE3JA95Y!y&6gkDVX^v6^>>EIuQUMB*(E^|b_nFa3 zhoOVh(z#x5D{FyN7V8T|b|C^c++c2D3W?q}0M^=hkeMJ+)o!}|mHtPR*8 zouS8s)>iY&HEW;Dp#7Vsz4`UNhKWwvN|Tq|og7VOnZ~LrIBd_%V|f=y+fxO1=bN)Y zgm3%`CMP?ytbM0>=^8*xdxnNZU`Ehsi|;!eTMYhz_N9ZIPu#QLTDHmQ>e(cign-dL zE!VbmSv=PX%S!xONR==TWK2Xcwg|MbG|JT_7END0n)*FG_eo5;4|^vs(qyO^!|ic& zlCi5A*m!q;lR%3`i`!?3fPCsbkU4}^xhklE+~FttXu4p^DdSwsw=kga`jmR6Id1!6 zqi2isLFooYL!6EUi?3dwo}q!tCk~mwHsF_n5@sFdcNQ&qQzG0Kc&1^-E~Ys2<8F97 z*1BwJeA!wpQkgkkyc;&Wsg#m3kj(Vl(QnQ(Sd;Y@sAa?W2!EJ1$2NO)RmC7J-DBT> za1mKsF`^=}Dk>fP{)KQ=TioPltf1t)R<@F=}G?dPE!iix&`9#dcbwzEs zxX1pkTru`4ZscObJ=@36gsWRqMBSm5If7F2Kq`JOtnUvJ+t4g4l?w`s5roRENThi7 z><5%`iJ9If9&ts0A2aRaeM>v#d9#E2&@8jK3!}vL>3#7N)pVuEka#2I$kd?HH zwNxC3=dIhh$^-+seNR&uKeViB<5d}f$sMF&&BjMl%>D|{hA9;Xd>%XtC7p&z_L5`qHZzs6(}O%$ z4=0+p@%tT!HaFSLyv-e48eubsmr6gx$-OU3%R*Z)vKmb0gR_gl;DAny;=FoRj?_b~ zIVDN+RH-&(CvtI|toTD%0_W*ze{i zia@CTP#Y)3Z_&|5IM0uevBOKpLv6l=2h9cLai8mZ8)xv?rb~&V;1~FbX$r#=jyOWD z?PgQ5&l5vQ^+3%MEMsfF4sY}o$nttjgkh6BqUKW43|ahX+k&q-`zd$1o10k6NygrS zq)BCW6;BP*1q+b7Ro!LlN2eGaZ8i6L@~u~uWv~Q<;4?|CIjiUmR_F%KvxUvLu8BX3 z7~v!tcFZa&{91EtMQu{RF8lK&xB+|A`JlHr+U zxtGxnzc2o@M9dlFtw31VJm1?Y!m?SSOF75N^hM$1nUL`DAEXJz_$y<>#oe&s@6l4t zTwSN`)LBWihuSBxX>_<0HY1*uMw(4S*Q(emaw6>co4EeF&mQ~8kM4pt6P~25rMNbA zeqaEbnNtBxCC1J%8g^lY_3~fXN}P*RRG!A&1VmpL^Sf2xUflT2*Y*(w;#n^)kDX_@(UwXDO#8O#M|ahW(YD)#u{ zy8c?*JqrfFt6CL|eMHXqRJca@t~A#L#$A1F7+qboWoEszib_C@JFZI5&Xr8C5t%e+ zA=i9obc9bzD{tziT{m4b&&qG#l&#yO7F+lu)#yzNYn?wGEr@7;iGMJ*<*P-#u2!f& zDzB>I=a$FEy#Y|kI6T}$ts@>c8U8-yWSV2J$3?Z0g~!KC37-^mP!}8Qmf3u)qxg9* zT4hlo-CIRPoOH5Kr|*qy=j7O{mDf7i_O!F7b~rbxw>-3|YHCcp&8_TN%1VN%WU@^~ zZaE=2j8=T>8o z{~(E~SKLr~(WwjNWAkPkrXD?)ZcvkUSPA9&7We8S2AqqOg71QX*i4tX5?&uvmi zGl{eXQc}M8+FGz3tiAE3%OeRi(@`4>pM?};D^H%Nh|yizO1@=QE#pFVw%6S1!}F01Dsto&q8JKZ{j({3_ov?WgoV|dqUb7A40qPYnkS$$J#MB#$v zUx&)fSv9-cGKecYa3Tg26>G*`_2Ut+24K)uw2_fny=p^i7o_B@YVGYW2TZ;mu*TEk ztj3Z5Ke&49s3!YAZk$d*VuMLZ!{~02?vBx&qerKL^a$xj$nzBdb9$9OLW+qnKHD5sP0F3a?k5*;yx34pWuZx zyj`zUreR9`4h$gmS<2a20~8kR>|_$6Al@i+I6qu%4wz36&DZN0EJ;26HeA=BBEFcq zJkqY9tS*6>EU;0?rGX(MuwOsT+x@8}Ba06WKVP}6<#>z5)_0Z~1dY>$o8=XFOD&Yt z8YPW^g1?{v)170V)C10u7w-0aJV0qTldoRPAf3r%dq<& z(|(F7%)q6%_EmOV8X!1jm!h!Rl}Sn&Y^q(?cbO#hiIpT+LHQ6q#=jdo2TbAi5$Fy6 zS!&^*fHpj3otvE#8QOx>+$t;IDv{vjDM0(JekeSvpZVWXcP?KWh%87-B!zjlVh$Im|dS`lsQmV@% z2IPjZp;?Z!qIabjO*!%ma@6vH-T&tRjB&$*uxsMlMf>>NrtH7ML`NN)=;Okaa>SLY zQ1tvfP}koQu=`reJ2U@gw~pB%U$9S{73A&o>)69!78nDkSyE!ez&$)2_8F%c)WM-y zY)-)U2o~q2Oy&;H5K%bR3sk66{A_CFebi2>m#NHbyiXc-4cf0??>x?Qq*gG}M%YT@>yfr7_GepesY~%s0oJ-LOhxM?2@W zK-iDBT(gu&RyR&-De+9NcE%Vm2+GmU;7UpQNJg#O-BpAi|mocAd| zMxeWOA9E?aD67RhUu~4h+(9bwpnIYhW7i>^&F%T9RV%>REI<3@M@RW{Fiz8E51HSo z8chb6NKaWr!LRU?K$o_F0^D+}Ome$G&;T35RAWb+l{jdeqG-M@&_GR%YxlzW4$O|? zxwHcmCVt3^)1>I}>(DTobzk@ttnLouKCb2Orr>Yz?oY%00or2_U6Nm`1qcjS@>8OS zM-`ff??A-ua-wSi_CFmEQUSv?$k;tV4+%5wF6DtA2xsd>?HCGQ<%4nM({Nii9E}yo zy{J?T=Fr#}R+G$?o;${6^nb7TxjVaBatzhyIm)gr`Nw;UwJ`DlGv0xMt zfW?Cb5@UyV6XWletU|_zcMO^0 z<;Dh4pF|UtFmxI;=)tY1_tbPHMiKZ&)T`q(!!;2<9Z2&;NAgC3IL)-ZW4JXk7%Qqk z-Axkm|3+t*OCzogr%}*&1|3n`*-^g)F%I8S1`Q;0{!s_-DzXw9WrVB@Hyz`f0aKsO z*@+W?l(og=sM#OTtq1G@%_h5!0W}of;XR^H^8$Ah945O5=FNB|WA-Q!rvf{NVO;`+ zmocmc?I-|1L@;XHl5>;4g0Euf4VC-(7%6#N!f#uLSq#YOkboEPFgcXbAqKMx0en&P zh>pZgvrS)VZtrWN6Iah68g5!9kvjm2)s}J(hQQ@!2_;C<_y-(Gnl&~o882q> zeoK`UY}KaKGtLmq&f+!IE6-HR?2>|1RXPWE8u3IC3DkpRV&giUsASG9jiE6Thcd2+ zOK`HmgY6%S0^C(`d`sdI8_hk?VG>X6j64D6$AoTbn8hkz@=e@LRqTHl91*SS!fhDy zS{*l}0Qs9t{TX?k2YFw;brFjZq*N|p&<+dNeF`hP{*kSW&lkTDyv-SFa4M#R|CTlDvCsLE7i2`)<+?=EakHA{1_43AW z+`C1*NVXQG&=bRUsJ}2y!~tIkWSufX!{P`Lyan|bvC1{>MAOskm0NE&*ai$f{P0Pd z;>Jly%gL}TgX>YG7{eQmuHG>SPX>5BEGTD?z`q*V`Z)YMVRj%#KlrU5%NTuAc6TO` z<0t^@n;yZx(2I|&LSMUzavPP?tU&@N zacav>1-+W74s!Zw-+o`l+44d_mPWt`?pdw=DyDt}Of_-iG9j+7<`p6y9UVR~b#AUuN%v zM_<6o1hBa94xrQsegJvERheX2r}FNdsCHiW)wF%w-Dw3uWv1!)3Kcv;UqgAKa}19F zy96m5|wbNM*HKpfepz zP3V5EM!nTSLMWJQW!hydaQJ}??_Ih2fa1HjvRL_UAZ#iV7Tx8q9*d~vLzE- zs2#qvK(iO7Yh-m6r6}i<915m0ud*~rqUO5W3uDaic`YTf0UYC#7^lH2I3b7E;9ZL$ zalHF3+c8sSjQka{-yP3+&z$YRl9lxBxIA_rfmecvq1S5gn!p%yz2g`_2X3_a*mBDw zNT1*sc_bXL@=CW&8A^?`f4_m()=h{e5=rju{!~dA?y*0&zr_q{l-TT>G=kvzq%hxg z&fJW_&!QvT8^LdmBRy;RZpZ0D%MQL7@EegZ+EG_4FS{ih>$plF!64-1njt`h#Rx_^ z3mh@FFNSH^x<(-=7{#Psq_{jI?I#A!0&unKCKXCOKdl9bZr1WcRb7+BI3;&K`U8>_ z0qaWU@rkoUrS&%G+G7&R4z$}}Yp920_W>~Nigfi%~eWl9X-cw8BDbc*{+>LPSLJJn`8C$OYPTI5g z;-g516nS7WcO!|Ll!a=@Ur1MQxX zy~-i`vxQVw5OREpfpm!4;XLI!?nBq4D$RT3VH1A|Dm>g?%9vUz>nH50S_I|BXFW+Y z)DmB`JQ3}zfv&uhQQfWJ@>@y{q3ef&u{26g<$RtFyH1sl>YrcWhr+IvkQN4_-*iW&F`^UoUislb=x z_%et2a7K*P%l?J>YpTaoZ~o)*p+Wx_C9kE&qF)_eJ^7bE0hy7F*Hd8|gA8s>ZW3uxr(kJMj}ljE^ z+wiF3*Y1td=|vHc5ZG|lCk7!I!@BgbY~I7%Mg65r^{d7hPeuVX)M{-FSR$CUuec!cN%M9q;rEX^ zr(r;oZd^!&4}U+cb@N0#95UZb>~Cp#X?Q>Ue*cx5`dpYHK#fagHiEJZsW1~#NAez~ zzuu%ho;3BOC1}cOwp+$j0(;l+FX6dgMavAyxlY*l%?m?hSew&iQe8sDZXij1jH1Hf zNyDdn=|8j`Ky4L3v_Fv@?f~nx-L8zvmwS0>+w_47aI=bq#LDPc#py-u(U&m*O^m_C za4AxU44MFkq^0P5CEb|a9U5d%PS|((tIG&aQK5f1DcCQ9Z{%%IdZOxwMlm!ssUS%o z;wy4ImPNdad|y?jrHKw#I(`=!&x${zP`VwSX0qEo@6!g~?-oaVbnWd=pRQ6sj zuQ(RGdeONVS+Iw3tv`9H%@Y3e8SEDKb!x#xA&}hyxvBUdV^Ymg+T#LqCYG&aqO$< z#X}JhMbrR}38-?Z8|__+k#l@@&25G$YiP2)1O2olc|VhdLpZoaR;c(pS~$~*{8)~><@U2z&U(YW&2O+ z8_>TKIGui+!3N08t1tQP@}!J5fX)~`ti*FiF@-`9=v52UBw{Kix(VwVbqFdnlhHwK zuZ7~KVHXPAh7KB^fdV}2r~*rg;st{DmF$#LSR9~5&o66~Z1dOyj#2RHQx2GTbdd0kaGnzx4x%8R`RBltGZ)LSh|Dw-2W_1XH_0#fY$9O^WYa~6fr7?@h6R$Dq=U7@ zDGXkzbl$c8y6PjO)wWM4n0j4EdtUPOt74RH&5T7a=TaM5b#>}R=J%2;T8Sk5vZSmG zT)h=Y*2ap{of7U;r=_=UfA%TdjMgD_M&>Na-q)Zz>wrb#TOVQo>AI@3gTH6wK3m(Q z4K+`<(l4j2p-(=oy-^ICena-(AT;z5+X1(}$}GeB8Zbp& zYlR?ixnF2WirWHJ_9&fRIOhrZ8TsdAf26Hu>lQIu%K>xUM6p-gyD!X=@=|wv_Nxao zXp|0!_{>F`h!BoU#yvvSBkVu>x9vvNdpn~IQ!J6h=Pw(p@4mnML6mxj_CWQm{+jdr z2Rj8ObmKJ-GE3uYz?PcygnvD8LyeKlOj+vwZDDj^gUQBFOsv82-LL~zs6+VNKqy7d zib0k?gy>`=hf~+YRRVkHkfN6NJbby+flw^A@M0yVnwF4}0WNQ7HRho9Flxbj1Q6it zRk>G1NX!%+fImN7apuh&Q_xldpD%mdg9R0J*^6dj)CE@OaC3=WfyAJU;P!4s!x=czA0JRhbK&l z2~pvMFk`21^{xZ8sPZMp+eyehG7B5N(BbH}ElhDsyus+*t*;cQ(jLKJH0xa=po$`D z4HlS!>HG*RO7o4c{2asgdIhyMS6JwCatQx|TI&k=qCO^y^ba%sB*h}6T(MI?y;1Vk zNPp_*T_w1e;|?s`6^T0Aj z;m2rwLGM2pnV%$gc+i}t&Xg(>8H`Q#Yb_ZuMQhicN?G5}-GFuniylYA$?Z$@WTF+v zGK1DQ&-JG*9AX|IH=wX5I%sI&Us#+VdG%C406u*pT4z!oJcfxWT=SAXDSK z)U`x|PMoV-vJAx~-{D2bLiBSKTq#C%S6f}cy+!mSvSOu1>Nd)Jiz>+#o8AXYj&%nJ zY!OYs52+Pjct9ikhiK~=0r!E1-LxX^dKK5=8?GuwN~2--$z?uC0QBNH};#G~`!cb9sCM&?1GGrJ-JWY#vmfNJ$II<|`M zaxxCdoFNKn6})xuobos;NcXYwHC&?IodWFx^+9@{irU*`tcW<`35JNxRGj5JbsO|AgaZ{DXROVIYGqp&HqBXT47Of}o zFd3s8g+8CYw50+GX8?r;S?0^IVjXT&B-)(dYX#_m1Y#XqOU4B;-!pOW_* z*4`3yn{qzfn6|{=a2O~{qt%Oq<1#VX@+Ps#05h)nvS(?vwTac*Kdd?kTF5svCJAa+ zb)JdNb}(%5R&Zu$#HvY&k8F@0u^TQ2PF0GJGc?#g(V)@ubTzo)B*gkK_@>{LU<#}* zW0Ym}veF+IXedVEvG7d7W(rpgZ?KZu(w4LF!>q;ct3D44>z@nXZ7cl^3pCpNhdf)f zZw&_C9V>8p#ixaf{DPfrfByGaOd^i4jyMp9e7uM^hk()hcxVs!0IISz&9m9@_(?hD zNx&+NN_sb96Kx^gDNJE(!Tj@)A!dH7leG~p>wI9P4u3?cU;&g1{C6=ubUhz$77W6$ zP-Z~0A|}?Ta^38HkWA3)vAekLPctzPF+pE##%=&Fa7@xujof&;O6`d=PN!a5xIL7M zOGWbya1RNte=rY7Xv19fAJIXDl#)sTU1UQ zR#V8DR;u}XrtBAzq;plR|17HMZNwNTH)ME6#60?=ZvEpkNA?k~2Hvhzuc=DIl~i_s z@H^%Wigw(>!P$P0N`TpTp4yknkBopja6S7+ZPqQ7xhSJkcCuVv);lK65nHlC#@J1g z<)2?)@h+>dF@7x@j>>fzmId%QSHrDrBA9DN_Ykz>;lQDP!LH^wA=|(9qR!e=h>ekgLP-NRUz2rEuBMaDNNaSW2&+tPfz{#w8 zbGPX@GAF%%t~_zum^(8Y`U&v8A>FQ|%F6iEyv;AK`b#Sp?U62IC(aqKQ!%ms^n3fh zLv~uJsbQkz+d_@#St8H03URCN?Fu>NPJ}>q;V3qeu6{L%bUgiVLD&MNPSDT~%m`4ybuljwjg(^aWg284atz;? zvQr$v2!y`p z#o;BY#&{zr+D$g!VUio*W`#*YLJyMD%+%_h_MHpr@NO6-e}XFF1|1LV}l8m|Rd+lPpr{eLV@yt!ZgyKff zD8Vc)%2aRlHB6EUHWmyCT&e33&nh5D=-NqZ@&uBNRQ1iFb9oKve5A=d>0ivX)(yl- zHhj_w7jM?lku)=(!U1+`7?9oyaCxNo)VOGbRqrnTG!XXvDl%VkkBE1R?=4P3!TFHy;BKj6zVD~%(}E?dVZI@ z7A`*~rKM+(xDd-igd$0M;U^+Ucrc6*UnsAo}?9uNsNek7H26BkV~^kEz$n1ix`U7&N2^{2ivG4ya$VI_b* zZzD;1E1CB35fMz7U+r)zXrk5)uNgC6oXrNdc#|V&ESla(t2IJWb6VqG4y`P3JB;=g z%vUfh*7=56rz2?lNg!*}gRFr8z}@rsdXC%L6&DvOx+fK(uWaty4fZz$lw49S0rm_b zb5-MX)W5;;za_hnK(b^C0C`B+&YF$*XBkdzt%F!2*ie zf%4Jt4~(OVM$qT7XAjC>=rYsQ=%5Xp8zw7RFs;bI7%a)Je<)H_(-{^XxY5mW&HTBV zEc~W&i4*-!%Nw5Q0oU6iY`nhoU{Poul>?06p&~^F2P=V!uV1ZH(0FGf7NBtnuz-di z%0CD+J<){&gqCJR0`i~8YjkDNGG6^hKe^KaLLMF=AA4+*U z(u06)%2lL8C0+quD5BkvQXQ7QN@Ui9 zwYv&fdo@lL(Orjso#x?c)V$MXs6Njr#_f|DTQ;Py*sFxS&EwMK0M=2qU~7wEygEal zkSA#znvW*Ur-=)=#56SEAfP~mR$0^wq-TzcXwC2GsAHYP}5Ith4xSwkLEbLq*n`#Plh zS|uA@q3v6hI!kz6$-PwklOTDbQdS!AlGI=Wh4&x3d!k4Xb7hn2=(O2|;32sq`y?fd zM#|RD&o$XyJ5}Ek@ zV?r&RtJ!h&6L>D=8601@Za#s85!_)?K5WTWVJj$|urfjRnvKP0xRR$3<+ZrI z?+__N!;W82O(VIR=aF(v(U1#jsw8gHVp)G_TCHGx19@p`?6{ci4*1Oyn$2ST^5!Wh zud?=>+~;=en@K@iGS{94L8Ed@M1hk{g7pk~duwThr`%5vnrK(%H$U__N7<;#J%`-gZ=ZnH9#yq1E>7-Y;g4q0#++PDNL z5Y!P%mbr}(F3IZHi$Xvvi07+4Y2;$yXh9WI>zI|q*`V^+!h@4%lETlZ4Il!|z1O!8 zQK(;!HoqA*!j+q)t`aMDOX8%T?zx2uYBKRA)w_~U3m&BeMwAyJ!{7R2D(uyEkyHT{ zvMSdK^va4DFs=>n$1cBtwpft>EVP*)V@rc)-WTtVqs21mjmnTl1O9Be)$<@#TGy8! zwY8`!_4{Rlv=1@Xb*9yR2v*RK_gB5kK+hR>*E?)F|_C z>~b!C9)0=d9Qzol=Y^P0h)=5uhWu zg1cW?!mlsT1!XqR8GMJX3}0%OJ|1F9Fr`^OZMMf9RnJQ^8c6WOqm3dj+SJE>aqaLx7g3EkNTV$$>yO5zm6r`@pCeF|fQF<<7`_hZ)XFwJ@Y>p<{hr&)ksL~Yt{hdZlsknKhSg`k-T+PY!Jcx z?L3K4thiF8BE^~bokkBy&@nMsH352VP&S{(zuwU59Xi&)8SU0gj9E`qZlY8SZLOdHyHKnGZ0bbXj<+o`CI#C!HR*9wZ?OGywJBM6 z2p5Rkk=Z-~QaHp9)mbJ|CsH3wc~a+C;CA^uGS>xjHJAE{xHq_PJ@na;ghY{fpxY-2TbRK=JgjBTG^>j ztFGTxh6Xr1EJ8FQZVPZ;`;a}Iv~Q#xp`q+}w5Y>jm2eI{tyDP8Lpz+ti(>`RhTG@m z2C3^Dti8hAXUXJ6Onob@Z~=G%H@VCGev;o?QK`_RgD`Y{CidP8Q(LnbwZP&5%4aYy zMXI=#GJhNFW#dRes4@8Hhy2#zY(<@XYz*t+*_aXF^fGkMJig5{<${3DoHm&~FBr%$ zsd`j$8i~>I^AB%hL>QBwFuqj5*Tg@!=Do8xg%kg4IRSgK2E3alU;X!yGJ<*llYWvW zXzTlV=18CMf0x9_;z^`?m(FsHTMG_2pXHAunlhO-J6CUv*`Y@v?fchxt}_||6wS;q zn&xuR2=r5d#fE&4F_t^0O46zJUVMk`=)A1)CcvadRaH`e3f){tRJrqsxr*lnF?m5A zuGZO%Er35_{}K(H1_>c zUBjHLFr+I%g(eqkT7jZ?uy2+&Z$@Y!== z&3`I06#Zn2t?XG(bb3lJ=0331Wh&+LwHE9>zf8=3`6bkQE?C$FmM~8xM2A3&?PU7& zYi5ZuMio}oAsva>TY{0-lOLUFBp&t}`NZWi711?PP-wHXw`dEkWmBoW7FLa{nf_>U zbfjD8Hwmv;df&K@qM_3+orq^^EfrYHBN(`OJuR79SFRlLuK)R$6qh4QZjkYSUIh`& z>q4wL4fisleqQFDTjigE`rTZOoYK2qYDe%oRZ#7=I-5lFj#lRlxB4jZ{X#FDN@irtloOeS3!t^q z!j_FwtMvozI4#57lx)T-@1YE=(D^unZbU@9tgyilEUKD2~t zk-GwV@#;P6*8L*smj=`ae6}DDnoV1#Vby7JSDTi*D&-&NuaA`lX6bI1K<12)J23qx z6D6X}0kfmX;40<1dH;0aEwvybT@AkwcmmqN)~JCu>x~X;fA9LrMINyJTSc0|2zTJz zi(2{XK!3hT^nIQt58|WxZD#$=HQ;Ll=FVszWi=4VqyG;v+(GtkYWs-Ob-`IFB@6Lept z%#BX+R>{x3fdTJU9FV~QrvmvQwOzdNQcQd;O&tqS^fihNOK-JY4(2P{WLS@5TE!H- zLd+i-v-g#*tIxX=*ko~cGRj4UVC>gP39bM~iZ*qXSQ!Los;g)91Ib@2dE=`mYfF|# z$eUL3jYNQeq+zivG)oV%5u(wr2*;57^sxPmz%+*sHLFTb@qQKr3m9FGK+g`Bh#qC~ zjmKO!vIfZM6XoVez3dHgF8xgC*@m~O3nZNFif2S`@v*pO7RG35sU03lyDghdb+|o5 zI+4}h{)<|1FXk2aUyPTu(mycT_l{G3`dPI~M)37%ISV--qA-9$H} zv-Ytwy7;a=#hMlI%=QC~T7uzo=~MJm53AoQ*K+L3c5Z@3hh{H~OokV|1uNe8eWuRf zt~S)7)hWfE#@4bCi2k&3wT?~--@uh8ob{y^-Rys`bG*)&Q-7M}o$)E}ejF{;k2H#% z=AV3-^s9;2RzPh~g*=`aJ3}WY_`Z)}Imf8Z6_ybxU+L*LJlbBsRLeD3(qLa0BKA4$ zuLT5=9e6R!$?;xOL(vus4;a%YykT=RsEm(euKcv<$b;91aWIU#sP&N<&B-{uVALxuAr@Yxy%{(WtNAi`^vgBiTjMGD>q zNLIibf@~VhM1dNQg1Sqz(R!BivU&j8>yDmof6(j;%7t1drHIe-+pJ>3_8vQ~SATT? zi2F9?qi!|ZI>pYAMVR|`1M|o#fJMh!e>acNP?^?W;r)+v;pCO#=`oqA<1RdI)}z<(!bkONtkWhhH2I{9@iSxJ7*(Uu~eX( zy;%=<&cDu^6v0kQD$;;QJY_s#!>@r3P$|LBj9Vjpc3*!|fW+dKDwI@VuYpM!IsJyP zca4#$uH6(t-ccX$Q!eO2WU_ZVEM<>_Z{CJ;q|Zs-N!`U4X8jGcnASA{NVdH32P7w= zk&X^eR$@&iSP23KauFv2&~lLaUss9Sii;u#RAxBGgM z;-PzZCZaIR_Dr42K!m`+gVyrWsI^}}vWxMm-8i*TpO54>a)jvlqQDzvdAbMQ^?|~_ zh9==p*40jSviX@6TS3$^03@ZCv)u?9a4*0-8TekFQFE_Hn?G7L&Yb+wDom*!WvbhOZchZKDeC89P<(kefV9lYcoSK#k)a zz*!whN0E`8!L_lojm85TGR{zCoE{aK^oYHYLAVxa`8HhG55wDv-iM%$pLKythiHY+ z?x(P1onqm0zQw+3nV8_Zf4dJ8L@=ldP{GdLq2DyiZ3|MurXSX^dRynpE_7n^TEijU^e{eT1xO$rJpFlz%p z?mq%4o_)bKi6uF-_L=zpvCeYGZq~0e5wiUH3akwzkE_n6DPlto)^2HFXGqcRYq5w{ zNeB``C;Pbfmp1;U{?)&Gfgrm&U!ODn_j5S5gNFk?UMB5-IY6U%M*TX*%iyn*!Uo5D zJXcvhw6^?vh*Z8}TFKBuRy|((4$+&cH^M1E_Bgmk->AyB!!0`J>4PAEIP?QPtHEMP z46Ct*ehC(K%U7{qs<>@+a^Jq67(L86U0li6aFi$-8ho4<*se8J;6A%zQF~#B0GzZe z!|d2x3a$5`d3n%S36Bzqrb5+1{~DD@YxUSJ7J>X2CWx_|@?%{nKjY0JJ3^MXha&>D ztFzks_|t~ODs_hp z`%{mdiWl~j{9=lJQovG})l{>ZOpLEq)pwWYgo)23KaT}rXQI?{)rV($&&l(%-g=Jf z5HMC0XRq`0WEFPsiDBAw%DvG4rX>>2N;6t<^SSaN4@KqHk)_=5BU&fe%U)SsD6T_I zJ3UCmIXA1Y{f46Qu_+*Cfamn7lPND=8Hf3KMWye{ryhV9|2)_V^~gmj1W-aSfFR~` zV!w#iJ~b*m!%B;<+|Zoj`__P0a{cwyKN#+R9KFJ6&_*kEI#O*NtI8T#t~kyE(D&|E z*@jCRat0b!PzUm0z4+|3NQ(Pap2*Vvs_DeUbg9S@;wg#tR|VY0m-$^LiW!G(Rs}rF}8iH(9wD11@pv~|H!$xM6Q)xyVSM^P@jd4 zQCt1lTiXm?z1QJfZm{)_ge6?1vd3Cy?<(_+Sve&RzwgBf(5M)At@OOeW)1yNA#npQ zS5r67o+8n$4I#`9>;RO=8GN$SX7iCT~2%xGD|W z;@F?QQJ{?wTkBlaTXF#z>^r9mP$qy<6AV$Lr8$}KMOPd=eRS7(ZK2(|KU9P>-QZu3 z+59YhNPkn5r_>X=2#Xx;*YngVd}Tz$eMSpkdHlPPJ$ zm3-#SV`KlVZr<*H)PUktn@{tk&Yf;-NKx(^ZA+UspJsX|OT5>2ZVTt?+`ETX^E zd(6*k-*g*L?73^ER2y@tR|^UXap-~ULaL~m43*vbDMdLCLt-IGr6A7(6naeKYLAkv z24+2*b4)6rhZRLQX-KfzqE7)@W-9;N7c`UyACoWp>pLVIBL$sC_eRZw>!QH2b!tO= zMJmhHy>yQVo|Qxf>rV*1{ab&P_2KCGll94b8!)3*T=A5^$J|O5m%24dVXcqv(df#n zYkDU!o$o)b2t(ccnv&|XdW37^V!ol)u*?lvr<~;YEGJoqTjLQzMZKAi)j#x3`)kS; zvT zk{lWAv>i10UQ@B~7tJ}V1?U!XpXN<-rSdmfv=7x}YgsSY^puxuc8O5a(fYXZ#NhQN z)lJLyxg#xEU!$v{%z%$}tV?16Va*3y_!N^jx=&t_wQxHw00jTRs74p2TrIy&j{ao= zW{zNYH6?Imo;qp7qWN8(1!Q55=LK^D`HJ0m<$ChQWjSXit zAcQmx7PRWBq~hv)1*;jVKNw8Fw2m_LAVqTQ|6n-2bjXBOnzedm>(e@b9f4N7g1^g5 zu5Vv}Chl>?KWe^oEqLg&f#XzstN(N!lO&gDW@KKQfLGzx59B!-N-oPHm(yp?$~x~C z$`q~+AhLUJ;VqRxl0>b*QMF15uT7hy@8d;ucPx^vK?yvuCJl-(4$Pd0?!HZV|AX<) z`aF5lw9q2KBS@ww#{B)~FSkk~YIo12`I_KuKkOkT|{#EwfFQr zNy1`bNi~^-Ee#+#W_7yNXT=WXj3h6s`C+B^qn|-SJNfTpz@l7$+Kjkj} zV7R@W6iP;N7epXY4$%1PLjwgD7j}AM;<8dkH?pF3##P5ECpz_x53R0{bbb+K;`>~1 z8-#V1uPk;7Z-t9NyKtvNnk2WVb%P#;sqBIfqBy{Fwsv;n`b5fQ1Sm*9BhP4YsE(Lm z`{A;h1GLCpe-qd*Kwv*YUKH(MVbKRG|O z;NSV5hwZI(pi2}#iE6POcgyU$Buy+0zd%0lrbpK6^7=MTIjSRFu#@3A$^2~lPbA|_ z1bbmWD4jTU@_whYZCE*hMV@ZbLb8`A=D5=ey#jJZB9h~p^%BQhqC@g?4>V)nF?zc` zGfLELdFor*uKxC-rEa?Y^VDy*$W8rpw4W1UmsZ@B%&f3<7Ws09`&XzjM>t+9LYCsC zxjni*B(`B&os%57mC0cC$2mh@T~;%gWI;R&_W?Fn%@go@t`Q+0|FF=E|9W*&5;mJ!0F$&rByKs8| zCwF}xm?)}$Ev0>ykXDcKRENQt$dm1WU&@5QZyN%OW(Tobj zq0lQN*@`0*!BD{zVswOXw94kTR@gU#vXyddhrbZ@`H8FU zj1IWR3ul`sLFD^?8=82wdA6?~o38bpqp^0K&A<|U(q*WD-Te_?N5_wbn>;6Bop^+T z3d~jysL-K^K3ACRsO+C<0u>G+8ItwvPbXG1%#K>1W)_qlXtfCKLt^+xCjZ51W^ zuPT@Qk;K(dTed4Vsn->Re(xuk%`%=5Yr9UkqCqFe?r9V znKuhv>PA;f1N!2u3TCdx)-(_0yRF2YrnIH+X|- zyj)K6GHD(ev5=wIsmhQ zxq3xk7Ki0j3pJ8v-p+5J?ch4q!@{yOmjHlrQh4sg#-^2Xfdg$fH@h8nPBqHOgxSwz zp8Hg!+Sl8C`y>K-lkL+guK`H9Lz z^CqdJooN#*qMX90S|;uw_^Jv!o3l&R>SPOFH;unDwuV=?GBZNxr9HoRx^4O0^ond-S%z z-$+bE&ppoBH*3$#guTX&v|fnD!Wb3EGU|6Tty7bz;*!ZTU+!>3a@_}e#w4q?r%h~t zss+5i(chFu&K@qxQ+zBIIl4u;BF(PVo|%{4LZ4?5f~-;16XeejDxcCtK#44b zdEeU^gJKC@IBmh5aFHHlMJ1bh4y;XI?(=;H{a5}r^+dipfr>$9W!VyNvKFqhr3H z)|@#uBOadK5=zAYy#b=>PVIjRbNY=~Vnm>(k`*=FJliF=O=+fGe%dKT4VRM@7IetF=Cq z-@*V8PXAl}yMmK(#(^`PS_?-QdxFe?#Q3n**+yFZnVr|%fn@*t3t46_1G~%hUy2g5 z(81jFY01+2HMKVroJAJiOg1zmwdVC~P*HUt9w;+s%Q2r?v6Yg6I0?iguqdy!=WDj( z=4FSBS@xa)&N*!N`1-XJr*K_0dhVyKx(dd0e@qOhw9YP>2NnI!qzQT1LA#ss z3LWGG6UP(hP7oR@vwW>V@368NLD~Jann1^iSAX0SVu9?5^jPeL6B#K^mIXJJ^BvYC z4P`K(6wCGv>b~Qx`GUQErn^WCJVPfVwAV=(odN@_8}yd%i4s(hqcO~(RJDgJq@NC) z#$FUO(I6`H>4Q@)ts892Sc&7v?=-Q#=odWSXvN@=K^(|=5~Du(dH=^jA(h_wN4II5 z&ynb-^M3GypvPoiltQ7c$tTdQ#Kq@P$$*LxK{SCM&U za~n>b$E(TQQu!T*NKnrR?(=jR6J;kbu$C{vD!;{2rm$`l<91x%8Y#1Fmej zro?y)NC{^;1HBdeHfQoECOLV!`%KQ&JEm2CPlE*!aQX2wUCRij1E4noE3hS&h9k3qJo-3LB)7OwaO28}YS^FC3Yu8;s1axieH5Cp6E#F3F_g8^*osKA*mshp#8@h%NGeKt^$9*cl~?yPy|?}yc~QJy@kpa|+viJ1 z68)`;a_6uI<3z%|be`TMt+dRzTuG!V%MF*h1scZLhCaPvLU`vmQSm>_MGV`DWX|Hk zOu3&_7O(Typf4ku=<*9P$zf9ndRWF+NLOxE=|}6v&+});mVd`x-PpZT9(-P;^Tz*Y z<%NH}fF2qEgTPQ26bu1@00;m8APk_SkEXc#<0F{)mBc$;tK{d@=`}iyk=OL^Er8^A z1MOA%2Q2&p&Yrpi4vQ1&J`qR2%ceWDB4SitZ@cu=b^c0!eZmkv2J-8izqZTCt?>W; z;aDdd`J*&cXQeY~!3bR3-_@>%Yq?T>T~NLu*46&}vH&AmQRA!0)hW+SjMKVDo9Vk9 zUnkTU1yy^6DB^O#!q+eE>su&4XGHEFz?@d%O5yhB9dTg-=bJuYalRTaEdTdVo7PtK zT&jF0&h@b!Vs4|KgTX*V*lOVU_P!$;uyN)CW z1~HFYx*z($P9d*jewf&ip1gmrfjYj3W)!yn&gAI$MQD&p4f3^=q0`A6w00_ftY=g| z3FfHbpcv?SCH-<k|z#Ln}ey;pp^gn=` zrp()+1_)nJeO=&tN80G=+>I5b$;+NQaVSZ{@@ax|UM;!+5&hi@MF6({a0 zE#37!Y5&JoC`Bz;V?WT+Kcu8cwiuB&fR{%O6%uP6#p;wg^kjj};eM?}*%GXEJt4ky z-~PNS<>QA?kSdap#gh~hPWvHuwxsO>vQ#`?Y3{>Tnn!paO|^5 zi0~#$t147$Vnq?(lB&f1FnFi7{{g;vx#CCU`q82Fz&a7sAflS?wOw97K6HFT$=}02 zFQjR;tMi)?-T%SQ%VhKYLnzVU=tkq%CR6G5o_)wp>80D}Kfc-0_t=x?JQch7@$`ki zxYVhziiqmu#PCkjh$$P2rSihwmyNjR{!+tMVg^zkvaou#)hW4ak9xC>3`M${UlM61 zN8%WOtbBAeU3TA3*`|CtN=0|&*gSYl!o@NiEw*-U z=o%NOjv0Rj7J2M8&EDnbD+e0>_WN>d@%3T1*B63LYE1qEvY%8?JjLD=M~If*s}3?S zc#*+g+<6q>0Cpq?`3oCZ+*{UhJpLOD9t@5>W{OY#eK`MGZoI$)X!3GSTOp6n&TiOjuQlK=CZk`8r+;}Ng7t&5QW<)DPT z$KmR?lqio4?R1=kd~)Hi37##&6JQKl`8CeXy(X4s_R;eTl!V^^Th-ACUWxDlTq5 z?7O23E&>f|IGb+I=b%h>zB_I{?2fT$ybZ~XODRhHG+FNWVl|-tEWWgLZMlOFJG-SN z+WOLR)*iV?JHDZKvwHDp^pHi5{M7qT6PLbs2QtLPWQv^8%itTSN$`cxk5A{+Ph8X~ zqO4q`-r%0s`eHhk)txlu&b2xuD!d7{l985PO~Mrqt(Tx<^8|9qm1pD+2!Mj7X}=W@ z7E5x}IwvT=9FU9yc%`T>)TL9Xrn6t-L`nW+_f8cL| z5r7ck{7Ny2+`ji246m1=)KC#RK&lP!{Km^lYY%C|_ktW5NKr>SD6S}uVmo1xMQTUH zfCQ`cCXDId1C<2*uYBLcF2`gp0mf1Z{d|1S_UFQ1<7Q+m#?!s6{XJW{`MkjLfoFAO zkMDNbkrAKHBLMdU!x>quq$*SuBg zXpnYS1Ani#ra##SzZ%i2VKjx5Jnx%!YQd%M{5*86rN~*gAB+i#M6}?(={Z*=ad7R} zo)0DR4dx7dG9*u2^HqcLPc)XLU4L+G>sa40eHcjM*@GW!*!`F`xyr`t(l()h z3e~Ez5DyCrSx#)*l@u4d!UI$-XA9)UZs|gP*j|j&xU67T1K1{pohSYQw_f2gMX(|0 zate^rTU56$cNs~ZwR*LaMlJ68K_Q0_p`wf1q2))vr6nI)JY`toHl)`Q`Qpw&T7<0K zwaMIrD+U=I*{Wz;3e+8a(w1h7Lzae##aAkexoI-Vh)*Dq-Cu02kZhArYt^?Ij;@dE zEQ4&}n(T7u^<6R0j#*~C@llFiYY&Gu38CAdus@oW?1>?j%89%5N@o4-#MRwZTSOQQ zXN3xVN;qe0wLM@4)JENR(dXilq;DlrJVC;U-PW#V&dY4W>vp*&pxM1!7^qL~Fskdu z?3SR&@Z1637C=GCvV{aq$bT+SAFIs$sTGXdhi{*bxP8Suahfh#WG4EHiBfTeMz&wk z7dd6WaP!GCopy`+o-@`gwwjEc$7;wrZ?V(HE9TR1jEZF!-{ukSE)z|4Y zF3O)xsy_3(|4%3Ne4|W$RVaUuOWi#a{)yu~lk2_wes8Z}15VleH}Jm}fZuS(ME$>p zqv{i{`EBy{exdxX6K}5^3_JDT*#AGCG6S)%?y>r8`>QetReiP+LNG~iCQMSS@0=E6 zhUjCt@NVbu3B+d+T*hDLnXYqM$u!P}gi7wmKNrSM(OSiQFVFIWP5h$1`~!51f7xTZ zNeU25`m|qO@Zqm<1(LBoMTTeEQd>yf!q z=45oC{Dd?LS-$+!B=AV>d*>_fH}Wp-KIheaB^0D?d*A6h`gmZeSn&<)CHshqpIS7+bs=n`-jiNUoO{#l*tF7pofAbvK<1 zx`;g*^P?R~9CXF}vG8M@9`n81^Pay)u3&eS>4hwXbM(#Y-RBRC;{@ipFVemLer|W6 z=4jW0Zly7M3y^Z@`GZg5unC807PF5FkAo*3MJ5Tbz&G9*Vv4|`YM zqT`>ea+;v{Bo}Ve^NfpH1Z~kT^T^uW>v~lcUNyh>2yC1qK1}I_82eY_)MZ-;0tzP- zSWj-Gf2_hfE~-5c{M5iMOorJe*|)Vgg= zUiAmDTDk#w&NW}9LdsE;z*WYH;#Tryig}O91nra^P)NR&3`#cPswhj8Xk$G{hsXsz znx7{9I}(P;*62vw4jSIf2UPme{aH&x2=5>|i2#Ic+h8lfZFsO0<2YC3Tt9a+gyqE9gQGuq4Ia+^%(+}U?FHU#! zZCm$Q1IqkO3KcK4Z2r0J;LCS>Z_576Zczq%giFcYC&4JmmI2uU4wgv_%yd7}DoxaQdIUF7d37uz(N zSFayF%^V87=2ym2R%j)jb9<)$Bk50> zW}Ve8*B7yZNhfJvyRVJveZENb;%k6k1o2U1L?kWuCE*du#-q6gFl)J$Ww-poX=y7Z z6#A02`>uxPw?pNOoZjx!G?=1$#y63hXCdUbf~NtwO54`~aGsYNAouoAf6!i>(9IbE ze+;XjuJa|zqK78K*^&R4KEU1qw(ZI^|4z}GtYjq~zlcQYApmp%qmB5xCTkL0^#fy3 zvnnb*AV-E0rar|gb(g#u%j^%y6e(6fp+!P@^Cbr&((ISA{YFJ zDJc88DW%1t>Twx`ujcQLIb}`U({deFv{EMLLCE7xYDvvUVD83yI55~H^arblR9(n3 z>E4Yr6O0ef1MV>Ig&-es9XA+xp3nr#Q;T7z8ue3k#6pu;_XOTlP|BVfevShy7#f~# zY0o}<3z1SfV0_bm=#|3hopO$b6unTJ8Aa8dSdNj)S)Yo9J9L9wz5venQ9Dc}wJjR@Uk+qx} zow~~{Ie%ZI)6y#lw^rS@iyf`=fN%zMl=RFlgEh1;?XW7c=!SN#x9X_`ee{6xGMwDsKaJum zghys9ul!|h%Fu6qKMv1EN>^*j(@oL2AxH0!43OY4afN{v3C)J*iVBU#gN^OqRD-kb zERkc0rZB)WOQZxi?U9fqZtF8u{rU&v>bnuP!eSg~sd@!$bp1@Yk}<98l(k>lGqxY1^yE-@ z+`i=d;ncRN57>LAOM#BmxCW?PLwk^AKNfi9`f=Q>vGN7v4H!K%bCaAJQZJhazElYW z?~?FN{3$dM86x-&a=6sny}(J3@?mVEyxO5!|GMoaI*J;=&n>FJNOGQ2Ud-3VwwUkY zz=muemFIvCUI!vYk3plktCvrR?CaVbg%!W8q5O=?%4GaR3EdHP*5syAEDkqOop@?D zJLw5oB!&6uV4L0Sw#W*#X5VmZo_|_PxRbJ^8Wn$exR10o0h&{VmI_{2Ul^9Pc#jV$F{npK#|FHq8_&WsHIC+oPCv72-n?CgUeKOEH+q^Ht|*&uXMM*p_3#Z&80J6(NS7;pg%Es-FV?_p&MQ|1SU2iWCHE zpLZkUYKE?AOrm~wRe1h4ob$g|%=^Et_~pN<7U>`V`y;<86%POPqCIPn-eg;@27f^P z>8gk|{02V{aLEnh1CzqNBJ@=4KfQmFe*bSt1wUEAt|$~1P{e8i zit%6L+bX?VzCb_~!&ZkCVJq%xDWP{*#DV9p7GgFa`RY3 z_=G3=_4$y~eJGxPUK>^sI`NOmPJ))&Hpi>;MwFnO_Zu~`Fh5!_>a)`C)x4==n1$sX7Uo!JW8*VbjrOzN(>yez1f_Z@>1;8|(&Zx`ii zO-M^GV!Qukubl_bSCCN>34xbS z5NtwpqPLPF|MY(p^x7Ru3{lR6v8D}P*B(wjP%k=ld_{e%-bQvaL#nmizUtG0ziw>5 z8NF7gw`$t+Nb1ZEd?Y~widKrh`L&2x?z;J--b?=VXoo1g4W5egAJhRn0Or!G_TobZGRQZ93ih<#>T z-r(-}4%AzfiIWgw%=k}lb*7lgA-L1}tCo_Apj<>Icgi%;{LPDFM|tu4lBnPeu`(I)t$GcX2lTJ^%n#76)XNF6yU!`?%VONt z%t5)wi?<_L8oh>PS?m+GpNF$PKCZ+HHdN9`lUiA835s3PIl5?T=FELPgaWjW&(rcV zd9iFcI0R+`L*190@i~C7cr}x-!|MKPC){da1NC>GF{^lcV%F-daCIgsY_tkKn&EKa z#=Ml+;>l?JS1;EdiyHN@`i{wJf`;yU3_TEW0|D3c9GuJR@4t-UHQ_?)TE@SWac+h3 zIkiG+-V8O(#_D#Ll}o_OV!a7v(Pp2dvC@?QavFX^QY;nLx0-mg^}w|#mjAb zbn|V2^xACH>ru{D+=Ail9^N8N|F@-S<@`Ab=aC#&tKK6dNh$nQXn<)T<+Q^v)Eb?v zw)c)I#k#41;e%ws*OtAC=w;@nmDA;FOmte>v4FYS%pc^ItH~$@+lIUTyW=iBIqDA4 zqY)`f`F(3UfhDgnq-3?G2;TOdzOHhS-TQic6yPXd4TJ*l3KY9PFHoIMtKyC7?&Z^? zB_u204vEm@%IDk!r|ou=(bM{#CZeU`e@^gW>k~~YKb@24jnF)D4`1os!oY}w;0FlG zku(q=%{0$?BMax2ng@Fp;$EuW`&WE0%J^>5&_qV(y%bmfgt|4Ih+nf~>z+(LNq{NJfB5aczQOvd7_E}RB6O0)EV0fbCyx;1L+AD}vlkmS;dUaUOcYGNDLda(oO zm9t%aBJ~^vvQKBf_}Q8MeGM0=M>Aso7B+lMhm&Txs|`L8yujnC&GMANulR|0m9LVW zq;OPQ0AtOJKdJ0FF_f&@#}8Viq}_o`=79%{T6k?OXI=~D$hc?4IE@$wN?PR-a7dGY zOZkfa8!|oMDI90e8v~30u#!rhMhw?B_2#b}k-g^pIfntbw5l$5kJX$i^vNG89~Dj) zojZX#(j5>a@L-=+7~`{G34^DvPmA3T^>CEKD)40p(nr)A)HS$O>6V>)2(Pd&)D62>{u@2Nx*E56uo3-!{_tq z>b8swF6R555+P7M0M=wi#P0b9mE%*kZshP#1T3{&)u!4+82&WhDCRSET|2 zY$lXq3dJoBOr^dsg1U7MUKLyEJM#qjvk3DIIb>wH-mB5@31jjJmpaQ_q6N1lmAM8V z_4)lh32r+NUvof9tX=I2ZUNPxqTWJC?owOrYm0Fw?PW5chzJZ^F5=ke{Sc)#D~j)} zs08~jcou;V+{v5XRcwEE#UGehV&788faj^eEg{{pBJg%a#ZPgm<3u>kP439B)NIm| zJ`p`eRZ%JJG+eSMd)1q?B~G6%Qiiay;Cm4t|0HTW<@%%h@0N1N9TZ>x32V3Ps&FBx zG;>i&xdbIn^e*$v^1SQ&JbvJe=cEEq?RQJndpWB1?u2E~zp4YA+58dKmWHRnH2;fmal;v@_P-^2qhxanMji^S%-Lu zy%**#gOR99b1>H#FX|hgIVyz_;%Cy-E!0Sz?yr7>6x28rmb5SECPI^_4QnYoR{69B zEnRO4_Z_pc9rH5!f|NY^a#(6E`V;7L_?TT&jhw=T%Gna49G+g+!l>&Z8u@8?cN5cm z@}}=(byY!v`1Y*C)mV28lKO6baKb6A;deF7A~hj}DTu~b?`k_6-YF{j z_E=sa=Ve|NM3 zih@RWE1!FY&@o+mt~pW%v=t!OZjDDj{vN1!Zq|F(=ciM9I@8&(NySHI8X@pVDXIoj zW^bn{HE+;_El5;jm+On5~asddZE zmts=2iv$DTOp=xmtG9GxyBZ2#-PW31gsp5^s9Qr^T$ zpimM%7TPuUTfvMsECS+Iv61XO0nY=-?3#U;YNhKrV@X(L9xXC>F_yN^Skz5Xd4*cyTn$N1yk!fiyA0BhZ&~*re&-OagnnQ%;So`>wQ!~S(EB1q9ju;+{=cb|Zju9|8 z1{5qv$<1E$S>OgX`5!?DE*@+L@b1R4w$L)4)-#l9pJ4Eiz?sM@@sw`&Lg_q~200*4 zlOVDxCa8I1*#Y)?&!=1S*6v=(NVoZgA1sFUH<`X`U4tL48?c7l4o-$Uo%p!RmeFH> z7@2(H)(%feNM)&|uua@6vwQC`uXb(VUKkDOEzmlO6ceH8g5p~lZ1ymp`)%1lvH7ls zNr3uJDRV@^zw+eX)-SrhGOa<3fu14_(ad#o1)Pou9FCCi(IrJFJlas?RQ7Th!((Ns z4L>_Rrhosfj)hvXXujFuy`s!&X#umlfl$lB0ZoyR3BP6i)7NB0`g zvH%)WyLq9(T7{M@BelC8>M%|`dRyD3{+c|pa>rJPNq%KnkOzu5(l%@(f#yGrLH^T_ z>GexH2ge|pb~5^D01l8RK^qk)x>?}U^=mc=VlH;EZ$bh z=o?_?X0N8?W|2do+Q76_xn4Y92*vdFFhX{R;o~T%JCIofgq62Q^aV#a%&q*9ExDft zCJO^>0!hP+3zfnMf`FOT$3kVc2GA(KR#h46iZn_c6`L@c&(;l^N%@FoVk}mZDZ`7? z2HtU(-+QL0MIN^BOkxK7SVn@#yVo;>>POr90Rex9OUG*o4oXDnr6lmpx^bB_Y^&EN zR?^Ya_fy18?>o1!ggk=IO!P9u1tnWlgIzC6wl9K)tQihq=|ic@MXG~VC7lN`-Rl;j zsM*t$-*61dMjA%L?85v(kN+C2;YJ^|?2_M*&FYO9kTd3y5)=y-l6p{}61=^@#uo*R z^qqrTUQ!xkK(LpN;v4z+nlMueip0R7lo9LWF!_M^=YcA47S?iEhyd7%-3%{Dh!-dNjn;Ni)9~r&Uyek%lb* zt7g>egkXL<>RJs%B?76*kPQTyD)9v#Dup81W>HD1Nbx2<Hm5w?(iT^;N|yook)SpBsjK#SQ*Rb}-m? zIF^wFAU3ipqxQj^Q9q##X0`8sXZ6BKt8|`!h2-3BF0V2L4wmwmHCLV4*7&^J9M)7L zWhv4s5Dv|{Z5xrKtnfd)RI3SYJAhR#KapCLh(Q)|)GpwK)i5O5s&MBOnf z%@YM|w2N9TV7IU2C=sRxkxm5;>xvV!X3%TVQh$_lsF(YlIOjzYwOK=T1lnw@j3ZEF zuIya_?7FK;s>NSy6s!$}yjZmmDpN-eoQ{;w*z1+VHwzWqf+Eoh#bV#>qdTqY zF(J_$=7AsZQXM}%bdhds5mYjw5bu5*fEbpEfF%#MmDa^Oh(pZPuPJ*yum@cOnZ0v7 zBvkl<6w@Uv9SBO%4w(=GVLiV8N!Ly*ZOf>n21PQnWe)7^SnJE^uzj`!R=|`WsQkoX zgZj71)mbtlP0D~8{j2Lp<>_wbGx55M9Xz+t#HhVBT=QE;r^>o?t2kQT6b0zYcM2St#YDQP>bt;2R*!50>M)aU0;IX z*@uo!h+9cZScAvXJQ2=scBaL`Pif{d6nQ*EH^2Y`ssP*C>6F6} zXi{Da1L8jaAumfv;n~z31gPAv@{@i71l6h_icl0tfz}${gb$uOhz@|Bs-6GdTs}li zL%RF6QPNfod4D^7;6mmI=4iX#7^%aQssC9H`n#I7NR?v4u;6x4M$Z2V4^<+X7)ij@ zcF9~mVr^TfOapX+Eb$e3$?A!P9qc^c-;)Kp??{E}>D6<|5=u@4FmmKhp}-c?s-HC) zO$PvhdxjR*JhXSNfg<6J4q#dghLdb08BrqLF!gy9=SIQ5*+8SARUtHeRlc1oU^h+6 zJB+iYJ}HYFbF(TB+||+9>Ug~N8u>?|#v)prlHT(~A+=!BC)Qj+b;h3w|MW`*pWygmXuSB)^3mV%O^ z)ilP;75)M5)+`f2UBxmP+7en5Qd_fQZQXQ*M^o4tJb9@O%t;P)7`%jXSL&d`0b77` zZF!Oka(nX3(Mr?Ic!~?>RqZn)GwW?H=P5;~d8^_v$aVxgb+daOb<`^Yzty{qvRr>Bis82^`cp9OlTX$8w?S)QysEn9_ zDX-oDIL$D--&Wu&Za3eGLu;(Aw-lr8orLEYmjRd0f_sF`_A^IHtlh6-oQkqC;+>Hg9=Wc{OIl`)G-7832?5HO7FU3@9+>Rnq#e&DXMVb<>2abz}Q!{-kLhNVBa zg3@iMLwZaZ=c?*5Ix#Zt+E69o9P#%l`Cy0fK@7@*6Qc7$I>cnJL9JXLk_-l5y63AP zd4mh$Mma?bg*epX-Um$mnO$!?l6k~XgK2R&U2{dDE}nlcPlnlr&%WuaLKBrO7Cw0R zlNWcDV9X<~%K7NG+X+~?=H%Bd%SCj1PDczZqfqn!9+8vms+mWP{g&JL(X~uHV;J$#jU`bS{pG zdGQ~MX^F|vLohb85)LqDquUy*tTBhNs6e760}XBU0N9ezGV6t=*_azkt`8mX-vgRC z83c^n&Sn}JEW#XpZUqP>HL7U6MYmtG?WpwB6qj&fIyl&fIeZyM)fO0!Dsuq)&jR;O zPDpU{1?!DeMrBKyAit}FtcOOa!9@8eex|rx%jg{*+NIgoAW|e(ZyhzJsr`Is`W}ZR zhr+YwQA)+t{>^+)^mbnnOYCBqR^ykyH#8v37U~fQlSkZFVrP>4TXa0)cK~VYJNKAS zF9w#TFC~XUm-1up#MKD)q|~Zy$zFQI-)j#x-uuG%F<6x3kFr%B-DlxACES?clI0{W z<7INHLrn;vS5xH@enPO43BI5FM8&rjS{z30pnINJ_yQv&0|M_H4%Ig%UHqA)frHUEeGjARueKxcPuqN%SMC*x3PP}Q)@HLW zUM2t7c(0PnTANvo7|@ZU&p3-cZb0gYj&AC5`E(jFOrz^}AL9IVz2>mx1fx9r5~EmooE2fQTI^}a}ku&3UKG~0?-o38cBW`95F#*qql zzdCoBN(jgCHSN4ho%)^VKfp@lx_(9`U9gN(s{-6QbZnlDzu;r!V0p*&_b*BFA#P0N zpAsp%D{1-*h>qdIE@21aGGav6x|ErL_`BwE2J5UJ))RQJF}m$pI3&4C@%mcCfIuo1 zTikvGXI3%totc^vAt%r~sVxeRoafsBb6-UKwnJ{ob(qZvB#^-2hDJSK=eB0i`XXAM z<6@f0-P>me0%9(Ce`pIi$fVa+_T9jV`@pesgJTm<-yLpr-MaWO*XgyT*34E$h`=7( znv0a!B&A;+bm9jXN%-1YthvAd$=NtJYi5?O7ABbRi92UEMTCTk+*(Lpg(KZQ9}*_n zgUWxdlW`*0<83ZmAG7~IkJsO` zcSosDUr9MF-5#`dB_+JHQ})h?MPL?U`r|;&g2>%SQ&>j}#Z5 z{S5wd_d-XQNDzz+IsGh3CW%Kvk$lZg?pN($^Z#}3M8phjMs9y_PY9K4a2xnIM*q9> zas38K4%IN@&n=0S(;t~`2qQVil6dBN$=%1g`2OF4OkNA!7D*HiNWk;NT1emx--UNO zp7WN{Nj=QIG-skuENM$FmW02U9=jjX-Q-IC9t&VlI9*Hadzn8DL9TZ8X1DXE?*wd(v&cD6G@1G?~&Y%@1SFFGEU(1*7EL4sY!4oQs9!@rP4#fK)qKFeJ#p;=-M6uU=Fl# zK_^mFpGGA1FuQmL-*4nY-bRuAh6@u0Oyi{oV|Tc$shWy6y7n?i{(e2)X_YzP%N6;e z={4oEnhLKASh3O`r{FP>iY0xGbv@Q!6VnnH;=kXbr!23KE$zWCJ4(AIDvp5kSTUyy zj-gG9-wCI`coxURbKcK46*0Q=)J>x`oS%_A_a$X!Y^FwYXtgMRXXyqtccPBYBuvm^ z-#qvZaI?jLpX76BCG8R#=?!jz2vD4;o^1)v{1A}zM^PkXPXEyx!?L%2g4WE9*gMO3 zTi!KmjXq$opG?rHfDYOMb#^&6zV)iA$k*eSS^IXYB?QEr4>`D~yeGKD;bba{y5;re zG5JLK9d1!I(tohE(N>rio>}N}t)Tp_8z_Txy;^Ocn^Qlpr!Cm z`jOs0mw&&2LXk%(L9A98(lzB~n72q^I#Kd*KgxF=1tKMY)c z`s9d1#l(qLE!Hii_YuB@x`0Sw+{@6w2E2Km(DJuk z4X%Ury>Nq|bzhMCvp8^*LeD`OQ(lVc$$=_o^YG!F;j zQZJLKBse_2v)9|*Q4%~XTOhS8wwuT>5u|+y(a;lYAcW-f#_%NspwDZ=@Fn)CuQ#|( zT{<aNJ8#ptWr-^9VbeX$A;&y9h`mUflu%UK;-1ZeYNIf+buHr^<6lA0MQ zg~9vIQU!(PbtE`Y5pP4u5Cztm!V*puBez6x3^eQ;2hrKSZA$NWzjp(#3jpq^wXp5gd6NeqIef@E;_A_{le6l|iA4Pm}Tj_Es_x5R* z8>&rJ6R=;5={eJzhWC!N-TE5r7=w$cG_82rBie9Kq-GH>4N{F#_cS=OKLt%n+tVLw z=jv8ll|;*G-XjuA7IN2?$6wnvQmSSiA!)Xcq-3d4+9uEs;E)3F-@8BXf776hkiGH; zPmQK&UJMDuilY%$sLJ=a3bSd9E8APg)tYm;=y1YiW!NdLr%kI=96lWS;O7*`t;v)D zx4Pq=`B*J5{6;Mr;nGy^UYG*4Rcm!nEqLls>Sl|3=34myRMLR-W+nZ8N?*R<8*;~W z9Fg+(F6wqg37DXtM0RK5z{r=yx zo$g(hsK&k=pW>}(Juh}%jEQ26B*o^6FkH`KhVx55thV|fz>2j?Nq@7a^M&I3S8=^+ zgxI0KdWz^sw?^|yo}e819WQa`ODu* z3fD`_DL)T?JA?x@So!*Jz;Ax+W2$=v%C>kP2tl;$EE?tg1CGx1$qRfz$LWOl^-@7$ zlJik?%y(e)e#KYAe504@c9pk$SEbA?>$xXoP^p(H`9>WohtN5%Hwr(BBKDv(uqa{* zQYnqP^bLNhnBd<6mC|r*(`2|w+MnHSB46}m{E_KZ9m3%ix*_kubnT^ptr|!r>&XwX z42TMktiLmL{;`vkum8Gpd;zJt*x+L_y41Fs(QAx$k=bGFVRz)C0m$P*wrf|j3qe==l*0ZP;}6O7o~q5*3)`cBD7;Y3WpMVL=cRg6sLr6-U&I@;Ladb zaF&HoA;uB}Cw^a?Mr7Y;JW~^!K|*wm=>v^nOV7{!7Wh$c_~L}B=K({=du3&f3k*0y zx(0prbf~*ZV=|J=free3kTkhx=)NDFrYa!=`cYx^HP1Nk)1T6xEp1%Cw=JxM#`3q# zvFr~2BXxe`_U{Yg$+m`f{sF}I_N4;$4*Pw&hJA%954~jdYC$aV9P6@Ab!LB{qX!`9 z<=;QL(GNJszS@YKeK2d#`?;eVizqB?e10l$cV%7TjQ*nDh?#HN&N1ut8{dQ;tzu2J z2TW?gOg7q0#WrUe;ueuQtSx(auoN^@=)E=M5NBduw5V;Sjp(4LK%e^=%n{r*{E^X{y z%tfKZhO=cX#ho4#|30V&rbW%H6vwt+|ZqT$Qjto8qcrt^SG>VMq-WeSK2ii#VY zxN(oH0QU@MYG$}cX=+;9WT`mQQgc)Z4}%0h?84Clx=P@t1pdt2x(7uMU@P?aPo?LB7`dhO7qP3YOHhz+g1A&)oVob9{9 z^hA8!^z*Hwnm;*Tuh@QL2fYbnHvJm$V;{g|I$4avF$w|){^scyXvN}hJ)54tqt2(u z*kycU;a*qX%W=9tdH1l7G?fr3hR_XHRF(ZvV<=%WPbiVr!}A^nx58jl!Zkf`^n4Lf zL2*wQlQ0Qt zbr^|^$a#Xg=<0J^&@^yc+}9292M3OwwYZddq`9T)@XtW2^V{n#2QSe$v8(`uP4GrF zD@NB>=iAbD%Ut$}gMTnZ90Wg#^g9m{C`(z}bb-Vk-;dKPVzvx@J8b{R=9uLb$c9|X z1={C49;(=JQ+Z6OE??!c-73Roc6xF@)U5Glpvu@SZ=!&IqXFf9FBIWyc%aj)a?ic; z9C%2_oSC8Gec`)y*?ZPO<~QBWGrl%6nq)~C;yZ_|cSD%{IQ2c!#9@Fn{fwxxSkupE za;y7hSd>23`eUPD#Lt}*o7mloUcCloG}TRti&)1ojja#@vF#p;W^otuT0cQ`g%IXP z$aZsNTJBg2(0goks|9fNGiO;&`yahMQiAySlN^)}XJaJiC7!Zlt(=Gq(p>#07J3j)ngom^ zaJhDeE@L2Y%&SwWJ+^FHe? zftz@On00|XrH!n~i~-3tEw|+&$onLU*j)jCqTC|WO0^5x)gH`#wLuNn{fV&!tqv7g zsg3_E#V3j8&0I&EI+_`Y6|;68h5TT@QXxrK4frJra@OTJUmp$Nq_Jz=ZCid>&Y-$&Dp{Qt&RP2Fh7}Ph5>6QyB+&I)01hV^EORGg+ z`+|`Lq8t9XqcBX?xAzKsP2R<~)*E9*yLuMW7}8Da^_P?vbnBLA{Nc9;Csjm{zbLJu zd?$aH>R1?7eRuai;RN_mdwL21XjAlUkM&R-i9c~?F+?g3@CjV4>6m_>NGFy)I4c$< zJKRulZRg|xk~PL>+Zv|GY8_05W>wxD2c(xg@p5{L>(o)4RjnJc4RH$ z;%J2UWA?6cv=iOb3=|L5Na>vW3z7j)hluF;@6(EHRWLh z9sd>pO{0_l0bOoi6d!(E9I6z0{hG6DfDqT~n^v2uMWEWp(&wu?*bLVGT~8&v>6hQn zAPiQH|2dT;3x&`pukmgZYxmE|`Qfi6bVLubn|`AkrskN0?;Knt|8IH)z3l2oV~^Yu zcT*Pmx$4pmvGL%^Uki0QW|u#;Qc7y}@9SbUmftxl1R4d3_lEZ3rV_COMd4#V&lQCw zK>i+LxdW2ioLFgvzc@{Z++9{lvAt&1_Y$Z}nbLZ?k@91q>AfTNyK)>DP|{Bg5g$?_ z3IT1zpvrNb1uu(3p!iICysT&)&`KaA&STN)%5qRz|LXwRJxkarP=^jG-z`BIH4WYVYQWqt z^SuYreD&$bisF3G*oWmFiXs+ml@RutRx<69uilD%tggKW4^@wc~= z9T)fZCh1K%OSG)t2Zd&a5^$kzvA^pNSUEi(SJ9t2Pv}m|_W@ziU1~Ii45tZkzsY|C zH(4#1395B{F{cT0w_n&qI;7HwXP7HEjxMj^^e3}kfxg7IT#Hz+tXu?% z>b-)|1^J=5;fKzLvyrKn)cv7qo5YQNIXFJ~q!wc9h7FaO{cB5+XDfFzF51io)|+1P zN11tX)|5GZw0{Qa|FL5qR9cQkhFG02#>!T)6OZsfirv43)CY%-^>#r_U&m4t{r~j^ zXTR&I>3+WZRYS~vuRWB4{{Xv=!h(d)2nO)@dWj_qfPX7(0COWxl^kb0|B^x3qu4##rtYJ+=kq9$J6=>3~IOzeE`87>Ys-P|%zvsiPcKyA})aI)@ z+o6$DiYI>$lMv?MJ$-<5#ikv`?1Pu{~xf=atP5 zE2{!=vNzu=+8sDme7$*VL($z`@os29b+FBHAL^XxlG zIs|{}rtWABg)i&E45kOxzOpMJH7d2^wMeMTB%)@!I%EZHlMF7;L#=M_jkdl zSFFh4;KCBF^cPvDW@&o6b9T0v za0_@&%8{o?F11tih9?z->U{I!Z<&g*g4p}Zp{)bQK*`SlOI?@~tuq`K%~B%SYsv*& z(UA3#e-x1nahwgMXIg|jaKYKsm^^AGf;zpq66AWm(q(h|YX4weIsl3Z9Et0sdT+wkERfO$n}zUgaH!Fqek4}9rz&V(0*j0Sa^C}COY^4R>)wZ zS~p~)9S$9Uiq^2dTpQ;=2FP>DOa*SwEeM4v&Ggf^R?oeF*$;|NV+#_`f(zmwTBpTs zHWP#q^%7CV1#cMNNeLZOe(w7;jw4y5iFpVtde0=W8jTT$){YI@lB515I2<8h$JR~z#Drri;X$l!;zs->v=`LX6 z!AnbF8i$LZ?{WI1+3D7^VTeRG%G9Njly-E93OKvSyPG{TF;-igtd@qMS|_K|uq1L{ z)c-uC=X6A}AVfciSFhNQLibs#8*xA^w==Kubp^Fq0*YpIcfA7z5>^l{7Ize=jc#f8 zZYmOph0S<7JDPsU8flyfmT-4jE`dN!wz4C7z@mY*s1rVzZXE4_0C)4U)43}1s7$2o zaOoHx4ocFE)Ez8$`(nX;RsA))KFyRVVK^SI8UuAM4djAqZ=8*_Kq1Js!?f@9niMc+ z3K%zPP>{ELJf#o}JZ|7CX-^ce6v1f5PeSG1cm-v+B`%Cg+EW_-n0+4fLap4}#@N;x z{M0_1Pgp$gg_-L(Gmi)LzwRR?VG#HIcAfYS&{dW6&{md&_JtRlO&3y;1Hkj^Oe)4Q zbCMbVW?rMHIo(3vr?`OWnYj`Hltn;9jKl#+Ik*E}{-57vaG13WI;otoz@B%)ToNz0 zhgLNH-I>6`s*rMpegC~`K!7z*T8Sp=ty?dk<;eLIlMqN z*^uj&>l;rse+F*pCgvI+FgW-$U9P8=8QXRRuj_h5g4)6Ylo~slwWFn%U$Iy;8`IPM zSIfPE+n8fi#w3o2m^X68UCr~xMa7|c$RQr$OGKmXA&mhK`y%LfGUi3E{u7LOW&Q$8 z+#6(HqpY9C%}jdiJ!caja7`^?z35`HDzS}(WzeCLSQl<)g}=7`+gPqycU)Z2!Wu~D zPzS+fmKU~d>Z}uC+K<@#KhK05>D|udrZAECvxXRShRcQuN6yR`=u(aDyEQy7fjjFS z1k*LyC;_h@cPN$+4=9iO5>4ROl^Rf&`K{ryZof-x)?5!F(3}q?+kAxMldtN-dF5-a z8jcRNoWK`M?q*hV4S0uVo$o#k3q}9}ktm%8(=9H0Wd05TMck~P_y?``Hm-)Xjz)Ua z0E7e27{rnh1I{^(7Alp@=(>lnfe$`@3)jo)2=d=_>v5m#w%KJ()<1Jz>)Ws z#4Bok7|9!P=sy1j9N&@aKYv{gEF>zAex#y3q9mTEHv@Zo%?cmm%YbLD+zH+nyhEa& z^6cUS!q(*202~u*!3LDl)YA2WJ>!5;SE`yxX4I{c8~cH&sFM!ZjKm8L>J`J~5YKQB z^FSyRr0{OkT35N0NZE7AoR`HNh^qv}JN4-;qx59=mJbqA>H)&*BxTiSC6+glZpYPY zp$KVdiJf1%y&YLO2%2sAzR&1(dxLg7KIwh0LCeO(nOT!qnfQ9=BzwvNmTDS=FZHsZ z0*-TN0BS3juM!1~2VlF;_iG?>yJIlc;?DLYW+wGGpEB+uLx;INDp7(E{P3uJNhg?l zVKRzKLe!6#`@>cs;hEqTbqiQtT3MEQ&zqbaf{p>PgdPyDXA{jgpuh(tY87iR45vZb z{w0FGMuXdMX|=GHU7J>`0a=rZJ?QE;hTy4O4{Q4hLp(bEFXhZxOTiAJi-RU50OtyV zGn;Ap?vpJ~=36^)k&%TdSE6W;lD=kw$+!%JQ5%N@Cd0W3-c=EVds#rg2vb>mnNzkhpWIT8VO2qgVns>UVbO)KHB&eTSAvS zS(eagnOHBs8PS`=3z-9+#g-1{D$at*ppooz**}xJtNzcLJQ^~HD>rb=5dAQKc6V)@^AD9n!)Ai(p{iCI|tlEfS&PB(oZ0+aotQ2XIAwy$mwBv zU?pg%6k1nmLxYh*GXx*S&o&2o-uG@}j<%;pYIBZwTLC0P;q-ByxV6U7-l4`ivhycD zYCTH3RZ;iFuR?Kp(UcDl(*-~0qscpzbm7agKr?kkrc|Qw1b?`R^=KesCoQhQwHvb||iN;1#dL88e0@FwQ zpLO>_MtB~GeLuVl=Phz(hS!QrFuuaAN7r^VE^OW*i)$gN4aNhl`2YFzg(5S3?xM(M zs=U$;A5|4&&A(ajPLj0n9I*8%sC&0=Ci@opjq%9%VheKpbyJA*Q`b|g21@(SeLJVh zo3Fm>6Obx&krsPuZF>LPl=s}J2*A&)?mJ~0*EX;aSVYUe2^62dqb0iZR_`PuEjhjP zxwG40KSPhy!|}p|%k?62|9gQ$;Ga`xe>Nlk@zwi<3&Mx2c`Zh(wcw73eE6VG*osD} z=jA+Png}CKLzqH_iI8E90EWD2HIF{~ZTX4l1tNf3t`Ur#i-ab(>wth>XuSGj=g4E@ zfs^;nug;{%UJoQ)_jY`51QXW$x%m;wQTWcWg@o(-OX|pTgbV+tj_DKO14J(O++jyK zeb@sJO_5@z1+M8*tO0f591hA3tkEC;A2?ygNcMlYgsn+m>aDMKnWG@yY_09djb6W0 zv4@|OICg{E?3o55|CXbp;VrWP+rjidI%@L@Z;zVGj)Or1UARC&?bkx_&2y%;5DY~| z&e}`TP6}pc+4VnF&qVTbu9^d|QA1qV?#-JA$w*diCzwFBO02Ru>&rj5St94Y2t0tw zCA9`ZkG4~+$VLE4&kFMCnESnAsUDw}8Oh=x0o9=Tl2@IYI`Zl6kW&#^4~;4B-*<@w zPm*?$JLFmOn|IW3y-5c0^U%6;XuuAc8OD)zC}fMy>B0g-P5S#plt+uI2J(cww;flN3>##K5jCEk{Ak6PnvXhI7%ML4niI)1n@LCo@e*#5dBS2-7~_y_ymWT7jp zvk&99)xOskxsS-|P#*sO{^{htPe)b7nv#>}MXJ_|W9WWidb`kTk5g!PoTgT)q=%+H zGDMmd-P}E2%f|9Jpv=Xs1Y~9$%>A5}zhGF|eZnsQgINdM&GS-oGMcn}5yqTBg$jO7Nf4VmR?$l<)tiSC=MO$y zWILR8?p-;m3MU*jvi8y#$0~l;FboY;#{9MW4>0N+NJ{F*(dUye`6LjeGNhz`sfG2m zH8wP4q96;eupf@Xh%8Ux*8Ta8IPhnbPh^RfzWFJc-KeKagu(p`?v*F>x8^Pb4^p1g z>pLkf>caNKN8i(iEf@j4LPOS8nfkGd19tlX3oV+!o*$coqz@=JU^wo>a!mRQ+A6L2 zqP1)**wMXeMiIUx_g;K>f3Us7y-6RQ@q9pF;HP`M&M@OYAOWWQ?wC21H&XmTc6)=J zAMBOvEgzk=Bi(wvz<+>3P~Q(#aFRJ3AwEW+vN0HNE7A1T#b#+w#+K`uT+mGB$1w(j(8pu|1-6|%~y=ZU1Gd}#9`Fm4WRp4yWQUf3ixObT#12@ z1IjziJsBqo;oHHKNk&$t1zdA*aMvD2Su`e9kFL8Gd1ydf?X81j#N@;b!*}MO@5TH`DCKS#kR%4L8tx<%ww(CHM2od%m0Inph?AiVk1S$5tj-UD|q8^+Rbx zvG>-YFf|eIV*Y4kUv!0*cL!u;yWMc)<_Y?Gkh`hnU%ty;hddqYc$`&*aJ^YF7kj$< zM!)s$HBYg?kkjwb_P8R)k#p8$D26J~utq0u+?&5FTJJagfe-Jk#eGuicy0#q3|(89 zQbSQnQtJC4|GcT2;FBAex2@`Swbfx1=9!eyWHbcyAPk5U$Tr|KLKa*n<6M2wKB6pD zK9LGt;@Seds1?#?;Va^q0RW_m_6bGS-pJ1V8G8&4fEbfU!;R+=e1aLuG}XK+JKay* zA&R6F>?WIUSwGe+f+pq}!hTbCAX~Y;1 z$AC^-s-f+mkLm!j=?JNfXFA3qk8K8uZ}u8CnClz<2Mo$Ot#r!&8?^vANc>W~nBi7S zB+L}arhp6X@9eGRAARSXJGLY`uUF7mu@Kv_SP5l7LI2)1_g4 za*-pL_hva}mKDas@;kau*Wd{C+8}A|XIPh%<%8)aXgPJ6bdOn0ti6{AngZb_%V4H) z;uqNdfy6UEq}%=YnSpOzJi@8=Q6X}d_Nbu;bO90dUT-)zL-SC#>}Nf_A_hekh-+mh=Y>Lzv+1zjVvd-bpu?srX9MveFyb zWy%_wdv9#O`IHwSY9Hmz&d6zv{@5Z>^g@^}t(jpe(N~pAy$)tMPQU%c0GO+^5AQ@< z8Q%9)>T=&{692+X{zBC3P(>{8$}D~ z_<5oHVmfS!)y;J9x>mTN)i?2PV4xP12 ze)cRykNyRd90M$lfPT7!Wtuu0N+-b%!5>c_ffFa7ewwdHvWOY{r#{(czA)^W6EAXS zcVw|N_3WUycQqcCI=nh)GqESo&NWv38RqF}hrwPrG7BV7$KW6jdJieHio^SiH?(Xd zj@KL>hE7WC$?7))kuWbJZ`4O?{pDX0tUZywaNUC{($Humo#!gPgj?^G;jviQTv zFWG*@{2et8=%v#MgJ zq}*&O_evXE?`s!>yp@-Bf!0+b%X|zr@!n-Nu|e)pj_j4}FRQryvPXnwTTMjkMVfTO zxix9tE@qRc+b^HbsSz&aZe1HaZtp$T^nSnOGh1&}xO7a&Q*dL$E16g*_6jWiKn;Ze zqu+Q`{v>YpVYJi89${;3Utvth-}jQ+t0FbCTL;?4L;>CN%p~jo0P|yuPTJNH6^qjk zbuxzi%g#7IuljD~&@^Rc&cgvi;Om7z*T7(P zoX6u-la5;Jy|^2a5Kg)%Q6XJ4tCA5>lGH;Z0^vS~0~Bv&P0H7A>w5yuajK-5gKdOa z9X7%zPG1vH%Y!1R3GLjt=H7SUG2gp6)X4G)g)V{T-(DzMy^JT-EabwEB~38JE!BIPJBD_zy@dI+!c{$!Pamc-UUy^SvI!^q^gBPbVIM zi5N0#Y~xMyx7Y zM^)!1r#MGAACWC%vuJx&$85swDI#QU_h^!3oX!e5uxDLN#z5i~M?ZZ>Zg#|uud?x$ ztRRmv1hWrt)CTRMvO2E91W=8xZ)~`p37E7Ywh>ukQa}#*Qt+ne{1^f6h6LdPRl>Bv zVMeOEvu@3R%P($~l5<$IPBu{zMw&Mu3F@tW#ZGw>Aw>c4x;8dmdDHker^VpvM#>u^ z5@SC3A>uS3xcMt<=_r2nK*?E37simM7(IbriOlD|x4f!N@mhQ^a(yLL78ny(>JN2_ zqlah|eXF3-gHm}z->%1Tsq=g{*MPrs%B8*(D%{Y*evd}TXfOm&j4E1y^DIijO|MGE z4rq_(!8zYM5EP!u;P-!gf@I0czkAcXCU`F9#5}my5@z(S?#~>;T4AmF(IVNp!LNgNf@ihkIm{EVE)Vt{rmQ1+*-AFs4AP8FH=JwtA4)lj8P=9?1?=|w1$GU zCt}J|R@95o11HGy{NfkVr@Lf6i+%s2WvQ*`U{|8XmVq8Kb4l7mQnoG=;W_3-osIgp z4`3O`;>P#;X2aZz^1Po5IW7MI4WbmoBFWaA9rGqbwupGU$G_Opt1fA6J~y-FdiBEl zT0JvQT-v(2W+UygM{(a*y2|{M;wd}9gK+OFsp=hyd!qrBHZi*aO6is1*l%mNA{Nm< z^sfA%ltDo2UmskMWu2F z$M;yvVG;8AB^6p+Vy|3@@iQqgznPbkeE~PB9~4>T9sa}(SFGhBf={22jV^|~Y?hFY zHc2W6#7OZBo6OqaazK3k51qkEnlZphdz-)d{Air#DaJp2uF(h-b22!1aX1-10t23X=oG;o%-jM8*z@EQv z-^$6}30{^hktR@jr8OxmaWzqovK<^|AE2|OPMnqO56w~&UsYZPo#m%FMb!e`E*^=pJtG#Qfb>G)-A=Oowju0q(fuX}6l{806v)>4959bPnI_Kx z!?{?P9C-iMxX+a+gSnF$N&!ir%b)xcC9dy8zax0$dXEo77p^xJ4u9# zbBrg@ffk%z*wAM{On*Up(FwoUMVsFgO#_%oGE8>j+fIh}o+r1~CaIckH&+{86w)OH z#p?R*-0e9%WFS&DjPnw0ZqI--iy2cr zUo+E>-+bK!qzy_OiQ(SuVQ@B`Tj0uG+N$EeaDiU50BX(gjeHF0s`ha>@;1Bg2izuh z>~_~&!s&-qHOz%{G=C0j5)(kYTjZCIsuWR+c9+4!hZUGHjsR0gYsPoUe;cDXA3!~P zhY7pylRm|k)+_tgP?3w^;XX{?B>&ZNmrAV#Iy{kY;v#YvLTnbVnEs)sr}pnEGShL< zx<#SJ$zHgnwpF$7ShWF9U1GCSR}zYVwd}%Ns8!OweY0?b2~99H)eMlScx+b5Yh?Rg zB>6Jjuv$@b1c(CE{#MWoz>NI6D4XL3do+OF?#T(nkehRtP?S_Cr>grSl6)XSczl4n z7Gx_u`F%S-FO+(i<1ThR6AW^q@4*K5gI67Mg5 zC!wCX$h*E5JTb`?E7^H3HURwe-PX~1`#y+6T^KkK^l$#!p0Xz$;7Xx0&eYV*iX(@2 zu_jAfZy3mFXI#i;3DePLjPJa;4+Tya1<^rqzehYOf{dmzX2|6O&d2Afu0V#{9u?DU zUzQ*YnoT$RfHhHb?}Ey`=g^T9dSZ~k17ZEDT=!8x4u-OkuC(4UPKTN;0pEjy6TaEkqI zeHfFk8zj8%h)y?%eJA4KOeYxF`&Tu-2dp|Q$7`V^GY0RCPiZS+7BX<2MwJ)>E4H=` zICBc+HC`!EGx8u!*3P_L(h%`RTWW1m5URGY2^8dKDxLG`v)EvmFTDT<2cGSA)s)!hFYCkb@)kf^ z+TQ4}^af=Sy@$*ub&B8gY?ov;J)kCqhWmMY2weST?p5>sb7*|ZpF7JYFgL}2FDeLh zN}Mac)x-yViDfV}p5LE*;2!Y7mZp~ws`X?VG5<|kHD-Vf374)@-|@ECQMJJ*_V>R3sF z!sEfL9y(JVHQw#ac=?DIJ0Uz*s#EaFQK z8LWu-H1dm0IpP6}8iAGci-C|(z2&d}R=B|R&z)pyrCZP3>y9fb{oYW_$-or@v~`c9 zCf{Rr0)V$3c$~Rk`Yr1;iblR0*JdTAf$AQ6b*7OY|M4ydcJ`cXn}Sn>jwZF=f7+yK z?44KrK)fFFX(jaDC*PU^yV*D+YqTcl{q2rnN#@K1)?M+|`nw%am=L|Rgl=o~)RO?+ z4$;PVF=I)e&5!aIlp)Hk_}>?Yr1m~Gv7o;d9%7 zvbTIffPM!7+45Y&bcxb~85y1|Q~r`wIk6^xm>|T$W#=2x#767*hMfWO+<3P#*?-4I z$nPbX73iDfCc-tmmvZ+}#%=g`Jt&s&$^iyefq zVV{5c3Z{q^hDeaY%=OY9Ns<7-m(5@ISFZWhPFv_=NyI77AEP1MSP4td-{QaccXn#i z_9F3@JC%gi)STk@XSw%7_zHV(g$1(glA+1*&y~wrCV-T49e8JTxkaAM=trH#Q$98mX{uQ>^!lHYh+?}8W zEa(V#n`S-c_mu&_?i)de3(3Z#9m*@dyJ|P>1E#lob_w$T10s!7mXbfi=&96CM7_iz z@Zir0zOB+I-Uog@=g}gej4i$k`$LSG;y6uAeX_FQv?xe4lpqMzw+h9iwoPnUiy<*u zDt(}drLf$lDhNi$?t2+0@EH0QsTPv>pj7e;k8{IS?0a?kG8;DE+bpA_KCFHKYJz^3 z{hK?vEn>X`b&wl*KFinVa^SL2aon>*y~;ZJDt;IQ;ZOG?h2D8BL=3xT+Y>b>40@3` zq>HnX+@S-66Ojzh=9RqgXP=X1VJ_Fc%y}EE+m9f($-g(DDyw5EJbmdCMbLdD+BY%} zS<;aDSKSZKzZK!zfeoyDe$MA4L3+B`)5VLyF%Hm;C275oD7iPPeI;lrjGQ358@1&q zN^?UfqR*CWSDX;*`a2GIxs6>6{J@O#5ckxKZj4u3W@I(wp}CiTHp?>8EbMA%Ppilo zGB`whjK!|>rd+51-G9OXxvcllW!AYsG5hkZr3lk+hZX-g z3Hoo+rwVOBrlh^KPpbn3eE-{(k3efeB*)`&m6;30)Lpzdswj6cSN+;5Y&06__U`ZO z){QR7V9C`Uv%tF$MoPYoy_rl&ZAl_X^6vU~CKck+x)GWc60HjPws;+zHw?BNLEH}` zQCRQrNoFEAmy`$gihToAcWTVH#^iFJkv*4E@0#@I!67h4tFq|Ukrh8PgVZD7gy~FQ1AE7$DRj)7Es_&Btx=|@yPt7BNb_&82CH+774% zyPC@Y%b%Hgz=V?(7|yt}ka2UTdZN7~5gTk(?@guUO$%J8C{X8Jm7o1AsNj9g?-bc55S^1r*>Q0x?mfK%toQ=W)o*zikyAX0k0Udm^S()TNsN&Qp{5q%VJ^AWxx+8Yo+2 z%~r#LNKiK1Q!;;^ z>rvLp{Y;9eW1+Rb6qB4%{%D5P8T<&*OF)#4Tlid`8Byx3l&AZiL11vbju!R>BR+%u z4@zN9+f2ERvfQ3$o*5)e-6m$1F{+Rtnr3$$f(GnTf;wR z;b7|>=L@PlTYPoF&x?jG{5x;XbVIQpg`ucaJpYWs2O`v$WHT)V8Lea6vQoDjI+Eyq z3LG#c>edAC;`h`ZAP8>nnXmE;nt%3;q5~mz?7leg_9G-oFX|X|>54gvafAko^bCzQ zqwJ&X6ym`RDg`qIrl;Yn88rh1S4NhnCOSSLvvd=SQAI>wP+(kMcJEPlZhuZhwbp3!VZywLSi*t*jl9wPZaCy zNe3Gb|K!6<40X}blhY+1Wn=)(57|{WdzNr|_)&4T&*URHB~gRH$+4qhX{W(^!@P!3w$X(avJ z$Axk1SvJ%U2Y`%~>thY9V&KVec2lsY3T-rDxOJ7M*{~XN9N|j{Dno|Ndfcia1UTNa zfDzhRRwLO{2bGmm=$~&_6V&Zvd>@3Ay}9gFDO+Qr)T}t3$Ce{(sF6O zu3+k?RTc&f{WgD_-ySj@AAFZW-!Jzh>+II)^a#D(XAK{+Fe5BcYEMypy9>YG%NwuD zmX~L5CG>@L*nvFGt)F|<3e$JGT~reO5MFdbUR4T$)=s}>FBD}i&`cmCqG+`)`x70! zOTQ$ws+@W2EWUA&#w^)U9OM`!FRES{j`KYF$%OY=)nd}&x+RTnGoc)AIvRtT6Bj zRCjyRy{TAh3(#9JM@Tq1c_G&Dbeesgq}%z{Fp?HfiD#1J9t(-|vim1Z)ZnM`Oz-cp zSVv!P(o4b07Is+BM=IvFj6M*C8(v`5?lK~R``SY967IV!xtbO_bc@ zQ})!g@(w7V=XC#VY~mB&fcaFU643Fq`k)x4gYfc6EL5Kd@w#H|G{Kd1f!lD<&?((4 zW}a#oQ(^R(^i6VjZ|l^s%+c8zSxSfLG3T>NMH6q&0O?N6%WYnfqwQp_uE7%nU1>vX ziJ$ZxDeUS6Ghx61*>}ntn?tM@s-K@yj$$7o@6Rt}$w;+{`UFoJu?e53v;i_d&|9zV zEmp5uq^^y`bUCkF*dV`2gkt-cf#+q!ce{87IeW(v`-Nc}!qEq@ff|q^=bA0*CA%L? zSXY2H{q^%B9nvK$f2H=mHM(_@Jo9;fi6*Eun)ulCL18ms`R4k|?_4OwjZKyl{?*jJ zIe}L+*se11YQ*m`a3CGGjuq6dO3~s-RgJL>|0f(>ENZ8R+MoiFwPhNg?F%N7M7{!Tobf@~<;HI#viVB(0+ZAelDvTrBmb7N7k>3q$CD!qt&B)46i7_z^p|yONip$_>Ghya zSlE~Z6d$Lj4$bd)-iMiJfG%pptb>?EAbACohx#Y)#bv((KB(*8fxYzY0h2(>0#brU zenwl|#4@pW9S=0T(Y z+4L-F$Y%J~{n$qAFq5usDmSAj9&NWWEDiBS%2L0BaY&&a5Aa(>@^vWN`HA)}W4k|q ze@_!ZO%<8`(&GY*hWJhCM#ZwQ)ZikwBX-Y>9>?XbqQvR!(!mTB!iVQ=e+xHq2PhQj zq9kdAH_aqOVd2eA=o>^%j7mW|n?SeNRXUi8Ne$_Jx$bB(f(Q_MkA4eBS z&pRkT2Ok2I$l@wvM41vQS#XyvdSje?(@V*U@|_sT-Hq4ubWH)Xp~Ml1#i! z#3m;uwQqS%vD}f*$&?yEPfa6s{sy6n*9A5WQ-ggg087f=^gUxClj~cqZ@3K+z9e;> zS7&Zo8a}IYAS)Zx_d_%)R~46LEt=2TtJiEEu2OJN=sbIMn}gu`9r0~Z;IfW# z!;+Qc>}Mp(n^0$_x6ki;B?sJAnw(t-W*S1*o2PN=;$K;=F8>yO<(ztn&D~j71?eFv zuRI=%n?tE!#ES?AS#JOq7~z*UVYhAm1olCaWf`T~rEK{xA!62v->5w5o|3S1do#}v zi4iNI2u-wQl#fUDg^|lWnpaQq$ZJ_(_;&y zG23Gtz`7}eES|p*$nP!{Wpy$icX6hSi-jYV(gzzv40q3WNNEmTR~Uzzir9aB+4NjzmdSynOaB+q_)cTD$I=Mkz1hRkpajV>W*erzuSRPmcVOo!Id$6%r1-SaabLi^m z+FQvr3?)eiGO!_{-kDr~{bIG@>(^_Xtx)-ebT)Gw44D48Xtzs-bHVRPmy!Z4w;yw5 z99BJt8yYQel`{qjtvRL`Q9$_W&WwjUU#KzJ2&C(@4FW1+z={N;^Y5l#-hAixkCRfk zM|(8?hPhfgHUe^v=>UWynIG;fyoCSE`H^*9sXc+81gD|HBH%Oi=5eM>$@6attv9ssl%;WiDK6!dXRv=wQu#kX%IfK62tyR7R?(_0 zwQBEB1Kc!Odgj(yp{$>6hOH`NMu$CzPMr7s!OC^xvfNrGtT22{3BJWiTMAh`|?02zqbE-##qLZ zF=VS48e3TlDY7p!7$lV?J4H-Xl58`UL@HwlQCYH8DqBO8t+@fkTH#$o*-{wEqFEd`=k1WIMT~^Sg+*MaXzNjq!B#ivGdu@PQvBTFJ$Awj=ULf zKaQ3-Lmq@9zhnw0+#^2)zFJg9hy!5~gK8KET!c`> zi@nN&DDv2_*V*_WUU?{0vdFG~PhLu5uwtW3>isCa^58o$$2nriXoxH1G;g0~_!D@T zjUtaB=c$nFe$Ul0WG|Z)I&U-{NMY{?i*f0G`o3Sa8)Y%PgMi@`k-ji2tR{`IblsB( z?@agIb9R7_Vra5G>Fxt=dewD>?P3jkRE7q2^GzJqZFWGpNx{jA703q<4yV9nM5ClP z61o$3vW4;@B*H`0t~Pw&8_?r8v+@vMv#CsQlZV}l7&E0JF4gAdK=Tz@jcoxvcH^It z;s=6tTus_tFTLj|sAE}`?gOtz#a(()lU1~W2ULuuW9Yl?!!P6$(DCbGvCie0oF4_P z^tPYfH@vR+`oOsX8$qs$$+FvNI_m-yAMOdf$ni$%lTRK7tr8d=1DAYC`VyKBc3Jf` zs^&;C0&82$MAhIj6R85*X!+Hpp|pgOtbP@K)Es#cO4Jd#wj=f~JV=6vBJ_Ck0daD> zOQLY;B$sS%uERE-coSSgswR7naXP2V^>Ab=H+&8x4C9}fwNi0)QXiN0^Nm4PrMg0qf>%B$Ept)<)S9eu2=GYG+?s0$LzL}=ViwNUMihliC< z!Zx>wE7%@A$1$|Y#+@*LM5!AEt&A$sl=Un8qeOMt49w=M4X?6aa z0~QKA=VT7r!4zS}4dVrF2V;x|&KZ6xVQ`NtH`aBG{-2*+V6g5 z7nxEevzCPJ4W`8-e!O zG`D()=UNBr6eQ@&3wZPiyxIL31^sX0X{TD(!RL4(z%3gTpX;#k>;nbnDoNJmEo~)a$Fs(r=VaE;Sp;Urr8) z!#>)RCYhZakci=LhSm{uA-E+ z_JFs_;l`^Qxhfx!(-(R=z3iOv6mNl`w{yI) zHQ=G~__|=>)jGE%2kvH`N2OzOj&C-UEfyx<_SqQ1p%aA@*m30J@qJurRlA|QZ)>b{ zYOPnRSYZ-o;=_8lR|g5Jn2Stu>j(Fy@a!BocE0b*cL|dr4teB35&g+aDoTN}7LMOn zkHJznV($inE!kIxNgo(xLXK9HV4uoJ^>}rj?J3oYKoR3>wz;(#3eZ6i< zFKQpmVRe36zT$ZEB1kA{_I*8>Gp%qxX#Mxdu|{cQj)^g)$rNMX)yMkxI*59 zzQ9|um8-Xk>=kg}&2_qz>r~8BUCO^AK7WOr z-pQja=<;z%Dv@Vn!Q8hp_cxAfjKq%N$`zcPaCP8t8i`d}X1*wcD}yvQw@VArz;O&SqKj#+{|sAN>| z#>=_-j8aFty*|YJesoPU_b9aOSg^9GhOr3jY5AcOkM+!y_-*9*&40X1{DG(SL%BXb z#Utojg2QLeiSFZQZP6=;;FxS7*DNsO(>RIg1;ymIrFJzHC?llAPQsAi@rq7$i=CL^ zz(FKBLM^^t&wtIOh@*5(CU%7~Q{{Pv_@6e-+Z)IuhjIRHpZMpQPu-zHOJ0h0m)wd4_uB2ImmIjhyOhL?9k%Z9Wl6mE3cyw=(Cs zba~Za{J2%6kou9>8wOc2O!eTq-P*0D@WMo5RbEP;itlcx9d{$wpFMf(8AZ6=kk{g< zy_ZjNAXnnV5n%(A@fR^0hdh-D2)6RXd5?YY_{#McQ3VfBt=&hDy)cwTc7Dl}^{~v^ zxFJKdf2U2HaZ}sryF#0lj8QVD-v`O)UsFANdkns&g!}k{g~GXYy>5p@s`A$I%I-?m zlx}trdLSk6@RPWQSi)gP-MjGKRNhSFKA3pVb~XMl`bMwy8DLSXf()146c4E?j9Vx! zX0S8$gsi%d*UV!*H!gQ^iB+fg{gnG6P%Bpirfi=)FIjddiT`fCwp~2mU1*SeGGljq z?N#~rZ}gAfo|@lwS2L?PW?M!27RCj*UvsY3=}w% zYV@#tb^Z#zD?;`+v!8AmM&*g96fHDyA)YpEtDdc>s94qX*3A8RYSjFFHATfT~Ca1F1($Qs}*X#Ba!pU^WsXm^Tn638se)`6OqN~&TxK5 zqf;T(E?P%#1Q~RWLUpk@xrv-Q=b}%XGW0$T9x5Q~$0dMwy`Mx^m^Y(*(K*K-_K7&ajFw}Kt)SUNMuF)x_WEnH3a%XtLn z`)(l|saIFO_iOE7eKR?RzUTQIZ|+n4SW%YTy~Eu5tdT@%3f)bxv>N{I<6#|9wV3hO zst8#juY$qd3S#7wGSt=AYT;bk`jz+edHa(mjYT`c8|Cy){ zrnGN5b}_!-l;P#ftoD`GP0-WY!zV(z^-f;guUy9MbU|EhU_4A`s_8+~Z6OiIGIIs; zz2@D!9vP{argM0RBln)WQIQC}c2dY!AHoc)QBWW64c6X%QZtyIavb7()WZF>WS54g zK-(To)`kb<6Jdj$;-VivhCAjS1)^p`76^zVH!zQz_wYMxQ zbTv<5(ruoqj$OUkGawIPnpsF_yjej0ny)na6jp=lR`J!RFkxJ3+1o8Hso5*6 zsPC`lc0d}amDoF3r)AobVKNCA#KES%oyTrKoVurtUY)JG*23Gf?TF<>Wxe7?Wb&s+ zPSBB)h;0yrDG#(5H-6(EyTdBYXjP(-5xm#j#`DDIAl%?l$6EVCQCIx7TFbz&ymBV= zux}|x_XvH zc)ZdQyuo`B@_Tx}&okQ3bo7qPZdmf$NQCJ{uouM``0hzObyN1ug->n;uVxjH{Jw=J&GLrO@I8+*#SX?%g5Q?vOKI!IxYi~4UA?wv z=dtv8XuFwlPZ>1!)Hri6wkGF3Rj2i|51!lE7&4LG>!jkEnL9-8Unr^Lmc z?7jiNUT6PQO9*a6wUC=f`&{uZ3MY3c)&xCsSg~ivD_h4p&N43NO&Oo7R$gMHNjRAu zZW$SQoa~crY?xNEkz>%#;;B%WOGjOT%kTGj5x;4+eqNqMag+LX+oJR~@9ZofruPL|^E2`66JpDeL`c2iN)fn8ddwIVwa zHI@aO-%ngCR_38PLWhg-t;7?RJNFs!?Iv&_~!%#UJ+L1{>mFUyqW7w(e9a8fS3 z*SIS4E#s`fyww%q>zvsqZ{B_MtZ5rg+?2zptfIy#TlxNL;tESxao*{RPBVY` zJ5+volc_T#)LI>~woIhjZ2OwK!X;g<64x~a?QKfJBGz1b<9EAFIhrEEFDvlO*MFgL z0O!RS>n*SK3KyjE387rLVvTe5`y;&}MXUL#R$(d;Hb+e-Srq9w6W9&ueBm3I`(VXx zxS?xtXhQq8VeV}~_w6_^t)$e`=+^g_pWBY?UxYqnr!;c+gq!x7ZJXr=K7=!~sDNY7uI~ zQt|&=NAB$Z7BY}I4Qwh*#moCD{V@-te;`nhKd(ve063>h;h$RPH*hL=aq^O_ZRe?Y z&Ivl$xE%1~!J_aOG9H0~VadPPFVX$mGY;{0@-0GCyqpge-))4Yz%XFBEByZ!_wN~F zV%g~i6L>7eNk$llg+o|0g#D5DQ?tL%_}~1BOQ*6m$9(ybi_AVNu<+P~t8$km5U~(~ z42~s0!~X{1U$K*?;xMtm0zYWbKhEsxPEj*W-i)E(AaMMh@%~dz_IPY8y9WL^c-Uul zb+-XSD=Y8?q9P$Q4g&{7$e%<@r2pBO_ct=ik9xCI-~IVKe1PC^2$Tf|#e+qIru-Y} zf20uX?*wAkce!AJzx(O`3je>Y?|+Q^U&Q#;nDFfC{{I^NAAs!Y{=bH=uploJkLQu6 z9}e)P_334_5ouO(i_oL%(;b?Xwu?|s6Z9v4h=ra<3TdATCys8aalJ}=6*NUBf_=os zYCycT0c?{)TZCADf)7Et4gUJ|c;8n7)l^~$>*%{|;?_n6kp=Ksbka1F*!D-ZOPeOp zYKYnl|7-PQ#ko;h-Gq{C&}*_kB)|r!K&tp72GnSxc0Z9uAEotJ1@_~MbBOXe0oPd! z60i&idV(jvX@7=qOP`|SwJ#jSx)6NmF4{DFF~drZMPI0iAhGCCQ}6z)W-$w?#A3RC zG1Xt59&otFDkOt2xd<^Arand0&{g_p{tVq9gc_uoW1HTMFU}=Yce|FQ`ELTf&~?@; zm0nx*sPy<30xuuiZ^l`@=Rt`ghELZHcs=M|*N?HR*?G*@b^p5kN1;0u#|oA7IxR8MUQr z@ZYz#Td)1K=}wy82sJ$+f5ZmdB^IK(-4~&UwtcgiYYK#K=(E}26{uG4atN9eBdX4p zf5yOI5xS5NyKD8;w#=%pHzET*GeAeaDb1x2bTIX=RbUB}q$7uc>tP21Q9!i}E&KRIBjNDLZa0Jjue0MFD2 z`yV)`21<<#tvUj&J3yfx059Eq0VihE^a3fj?FK8r{%_>^XG#CN6ouhz#zGZwG6#>H zW{cjy1U?XxG{uOTV(z8k3+euqe}s=^%{c{4EfiAmB{giH2Nd-p1dPN0wT#uc2!V#{ zTJvWdaxc(}=vKhpA!-BB$5@QfDF%_oSODlhyp-rndiBVEr~iMHp2q5sOY<+RB>MC+ z7NIHT=oFn@1f#%W#2RMQ>si%j{}Ik|RrqIhqwz)c1i9D#S~W|xcLrE$5o%-xO*4X6 z3}7ziR6Q`^A26|f655Tg?zi1K#RyvB(a4NyV2(C`f?gm_k2HS!!#l|Ao(zBGY&-~X zvl{|~ZJUK@=GZio?Ja(9WDZxl{gDEA1I=#ywQfAy7)vfXgYBV@HPYEB3yq)NU6}3u z6AR%LhU(jBnMZ4A%u_&tC>CRZ{a+)K*Z?XkXwaFnmA~+LU}=V2{Y0QqM*ojQ2)Jo@ zEV!h5XtMP*)P~7r(1{scKGZ&?<#JnudaP)3O4HNyF&1#n8-R7_3xpr0ifW_>PK_!2 zfCAYmZ-@il+MW2y?J8WU{_O19d<1PQx=&?8o7@ll;3;$EbcmDMX2fMiT*lAsCsa42 zVy8hJZD0g7;2s|+bng1c`!G7tc$&{7*w^cT9;6>`dGw#|0(j1WbQ!0-aADI8e6#DPlk zm+u)GZJ6uq1e@V@bGJ1rQgA-0vF>A2pfT6Dm*gyqLhTOZu)|SN7;a)Y-Z~vbO72(M z%2NqEIOj%z3@ZSS_UDN3KJz8xMPN-Ig0>8AJ5rc4qQ-iGI`AC(G(OMpB^3riM<0!W zme#<(EXqlhD8w|I&q@l#y9s5Vq8UPdb|Y6wT5!q(KEDsMxATamwftknq>eR^Qk z%f$EHKdeK=&lY7w7_jC~kb~|`oy<)z0sEj(xL%+^-2uHG9sGN}EQUim#)z{p3lHZZ z*5hPBB7*sKuAERw$4vXdbL2qnK~#3Z5WkEjv++0M)O1|f7Xz*vNus3xF?UWDK} znLO=H?~ukH_ZZ`1G!179$PQuU67k3aL1y zN_(Pg3`vMbnf~T7@T(CdWSkwt(Mv8pCUu^p!Z% zv;fum4T+84CJz*#7%(6EOFVrkP|dm9nFz`Q#?@EhfaipnS0|NbTPZEq3Rcc+(7cX* zP$SzQp!)$`QPtQ{6GSxqJLtb7pU*BV0(2WNw3>gJtY2Lq?YWHJUjF-bIFE-{^rvjRx1-Y-3>}Tr&EP zpTAqPw%wEyJ}665Dt;|VE>C1ALx^YVvDSiCfNzf=XI&ix7oM`b zgt}#X+YwUDj4H4N+d~1y2aWbLHr56q@HkS9#ctW)uIaF>>n&T(d$?SVKng4lE`b1v zK~W5?!3)jKW~VjO`;b^F!Cxd6chC`dyqF$kYBylTKA2Hc{S#ceqmA?hV343`KC01> z*JIryk8PtG8Bx=YOX$?_A%XK8t*Vfw5o|YJ1|;TGGqkFBn@c@JViNjgKoh%O-RYC? zA=wxQWe3W)FQXfbO}%_u5k~@&jIq$-967C5kySEOF4zu(;hl)h8ar z3*{3(pI=w3c?iSHnU|xqWF0K%nqQ9Hty*XV-UEY(Qy9}(J339@hmSX>(LsTLqFKgY z-MhF;*vB0`dy1f^^i7_@+`vnp|ZA2nf zF-LDKt9jjzbAP*Lt8PtQ6qSqw@Va}2JgvfvFi2UB6e_zk>yX$czRvZA5Uj9E8FUyw zGDa^#2YH%~Pq90Oy9&PWEdPC3vc)~7gJ3`C9~?!C_e8d(X@`oR)j zK6AbdP2~prCHe78n1a@vJe}?R97uRA8Oj`isj=`2H>lZvs}hE@FY>+yE90vobmf~ z((SnzUx^66yB|E%{oP$Ar-fn!XP-P<)py}l7)G>juC?umZptn4zG ztICB-N#X7rvoPBf`C~xM*Pat`?hx^Nmxnwe5eUjrE~8IT7H`exv4=v;bnyo%>|-Go zGQe$@*3=NJ?`FTt?R@Z^OmkENw+%?F4)zkyxrNle9%H z8}C!?f*ogzj>RPUU`#wDWwCQjRL1Z!dhYy$=W+T1?L`VCw!oU(cnsa)$=KVszmJx` zhiXMkS|XF<if_TDw)b+zftpn;!ityAiXGXsmE(mUQDHDnhS8Cznsd$Z`$qmJkm%x?~Lbb73peVKz zX=e>(l4AM%Pe!N!f*heR=N|g*@DlvE`0?(^VFI8Q@LMAOj^y|Wx5uA zbSjp@FM{^4m-hp*DHKiLn|e5Z(Gbg(80&<@QsG3+4s040)#X#9n zNzL2=W^(PE#>8ka(0k8!VN>)W`i<8!%VgUjN-_rBg@jBYvhqnZ9-HZY`GOrxR!N2; zfRT!ij5cC>AYs;P~38^EMAjy^?0*pZVfoMaMs z1-Ps{sqDM&kBqt1P=xea!u@z6d4mo@cYy`&AB)f|%29o{UBmRZfWk}5gm5PxAxJyc z6FRGs!R||N)`c5|&@cqfPVA(j9RN$imGSu|Jn<`VA)Xid)!lz9rDBiA%)BR>t9f&R z&L22|EW=a}yeuq+J35URa&{S>vPu~xr%uM9w}aasTR6Ew*a3?3qfL*38kI%Zvf?V8 zOiur09o#UHmrQ@Hye0hEWd>@)>Y2R-l^FxoU2%gPRbosy|gR?+zFP19h8knZg6%tB4ys z6sKfmB3|)UrSt2|N6ylI#&;+%hyo!1!q4m&I1B*>gg?Ksq5h%SFALeyk((H=`Rk)L z-{g>8I9kNJrK(m|dFp;2G|SzGy%6$y_J6wmU2-=5KOM}~ri+j_bhGQy6B0vz-x=rd zcmoTc6T9S&=EpGOU;T9I|0d@@WBqfA!33PXb4p9=shaZC>+jCNWRdH|m^BcbCe^;H zrR!4n5-bjj!XbW_jEscff8`hp0@Hs@0XMNR7@cL4=L((GUyF|~mDYJV)Mn)Ns*le- z`&K}|*Op~^4BQa<9h`#1kd1y96+}uh@~`t12vT;*&2^M)vX67GyuTW2sh0^b3P4-_&|gPA~jdd4IRm-(K5x8)k@o zSo?M0<4u0SSJn66LY-cp=RdC0Q!YNnoFV<|%KmTlnlqaF$cV3gmDh~_%26Vn|J%TpJquxBS|66_k z(?o^u)}75?A0L(XmVfCjzWGbhK9dVz_K?fd@?`krp^4pd|0&Sl+i0Fn+Po=F{sb6l z7w3WvMQ2Xz%Ir$s;fGmKy765{!%FbduRk$P?knfdQ*ZIY)e^|;)3W9 zL(%T%jZsaP{s=s6hGbncsC|f-RQtek)$FHCD2*G$S!Cnm11GAq7ltJM2%Q>Tsj`>i+;ZA|<6-uCvp-;9%Xpm8A3y6HpwC@-Fl=a_<<^BY z`s?!F7WIp-TRrwQ{*S=%Oru;zfKS1Rq%#d~6{dNPZwjf}t2$jfDCQO?7IdNf&%g~n z?O}T4bMl|ulVQ9gDe{6rbi`&ZVpdPNq9-G|ITZaTX2C0r67LVSUh-FFe7d>!>h4;; zPhZmetuDoGzI6j`c9q)l6Fe?NwM~WQf-Rt{lx|}uBA!xl``%SI6M4zVAJ#L{wuG=T zkZ7A6we4rFg{w8^S&pIa5KU9m$>{H=>^7tEB|*a<-?kaF`DDEQNtSdf5qS0VsG0@s zUG$IoB7l`U3*?k(*34)1R$1CX=V#Ubl0J z^DFJXH+@V{kH%F}`;O9Yd7wH;V5D;NT^K ziWx4PR2Sdsv-rX#@H7@GU4elub%kp*4cffVEH&&l+*}Y!A88;EU1?T_mSs3gB*d=H zIXX2mny78d4sxn+wX2Y=&UIkxaeA_n0Nn7_EhDJIhiXX3!1<;xfm2Cu`t%r=LNiFy zP|R%mYCMJtDQT3^LClOEnJL(}uq*_{SF|_5t&)Sjen8C9k6iQk< zSOE_oq~y)JWwFN5LEt z=rz$xLYUI}tgGl_&b6hUUF$m5fx2*g%b^_Q5m*t%TC|nF5DZlz7yfcXsKC$|%+W|J zi>~mI-`iC#X@8q^Jf)!7>@uiS+zvXagTnwA24w6i93s zKdDG|dnFZ$#2O2LGUP0zbCOpXq6`b^DjD06OLoDs2wbZ?GVTx~`5dTpA8MjcLGwQ8 zF^_afm~Ie_@zZZdOYHmFwsY$FBS!)0?axNQEKb^}$F^^1QLptpD1Hiv%WH18COctV zl`x%w@>WXA;JF~|nWa)qSDLk1PirHl^BLxG$lOUTIExbZY-?a_1X8jO`DSAG<{GXq z&jv?&Uc{ckQmr!|71jGmUa?5Fz>cuz84%rO@hxZ+S0GY_9OGN~BNsMpsM762pqpRh5vF{{vJ@RY4BjCwHF@=v-urVAz|78zkbhpR5m!xk z*avr_Js6U}{i*${6A!Zr3`J3a)l2ZyXuAX-Ok5yovSnbeA|=N4EZn2s;utBVtyW!u zp;^6*o{W2P&^z$k@Wk3{qu0DNLC8Pq0s;cQJM!+c3Rx0pOp>PR;s{zUh~y&?Cjx)X zNwrh)1$h6&$kk)L1=NnH>y~^N1aq_b@q$1+bDn-~Nr+UBEum?rThWSkr5=n55LA(8 zvc~g}ShOJ)t|D^XpB*uPWpRme4jx#8K|`WInI9P!dZ5bf9<)xACqX!`9A(~`nQ}^` z#mBOiG!Q}0wpi9s8J5*2{VGf(tg{KnHwY3}6<2X=NZA7+;2y&6Ab4V^p$SJC2-aXX zJjL)Rwl9MlbQq$V{S)lhw&nXCpsUbeSf3U_+td4>+VO0Xt|x9-A|vFPcfB7RI&_?L zsqR!P97KLLbw#dFiRDAY;^c5LKu$i5R+&3IANEXsTSbxSSq4{l>xX!O++ev*viRkM zx(dxm>tG8f?*b zK(tEan($Rd5U&`?!TC&mwgm3oyz?!grtfsp5}7QSXP3OVOfFYswBEr$sH z1=d;l(3-cZcjK|b4z_TIc;ijjjWB8I_QIvYO8fdQxvWsam~bLs4}J8E8!WvCV_~M@ zWZ{cenqrh4Tb2PlajyU61LxDbDTH(r7)WIK1vN?f$)GuD+kIovcr3N&7)+qUJB9x1@BlIYR6#-WdVa{ zv1)4?^>{rUaEdUaPpUf_`Zf?kmSmuKz!lG)j^CXpYBEfa+yaV{q+T6TA!zT3Fjg*L z&(v`Btg}MM+hSxg#(C(W_DhoE=Q#XMBN6JpZMU`u(nj7rqu1lWWNE4uEY4U5R$fi@t?nR-Q1Kkvy)rvocQXWY zjG^HVt>Ll8lseF%bSITqcIVz>EgFwgbzj(g4vSY>2G4E!01qUe3@D7}qvUj78RCVHQc#QJbDE zlL;A+tr$I$S~-rM!0~PSS-=PxT{6^u5P9z=U@5l!oM(l6GjQw`13z+- zD0(YG`kF7sC#Ul%Q|bH9_xN1p5dGjY>ky^Jcz0nL{WM14j76Wml-}yt5#Z%KrQ(G( zWufz^ylni2X2U#yPL;%y(~KS#X7DLj;{VaLzjx$$9J3`)oHO}_pJu;tdNdEmu#%Nd zdvfZj9L=g2!aZ;ra6L0uOX*)wpNno3E&ISO~yvr{!fEp9{t&mEmZ061)X>m0;{5-tW135?2 zfuEDE6W?N(k^LdhXuH43Bl`9l{I8XoI3Zd!f)3VKfl19i_L65yfx<4X*^|`g#~@4P zYJkq&U)rUZ$EUmjPo!EY{m_{0tlc=pktu41>mXKh`4?sZN2xs|YX>9w@!r(wk)n}h zvcy15T67M3lDCrir41x1QCczF?h`nX_#A(BhnV`pVwFF6n@>iYTt>&w*iYKH@V>o# zTkHlZ{1Pr4ugvnui-idYtF305fEUCvw9hYtQ}~irNJkLCB>n=+C6bLUClUki@~-SD z+|XhMS}K-mp~#0VZ&RssQYaKg@cKbXLe%Q2buad>BC$ZLS*AqF(SV2PB3B7~fu%%KKVmOc>HeR9{t`%GuudnXy$r5Ole4be%|mO$ zs>ApjPF9MBDT#CIgIT{NbR6QhsP9r{4Ek5m{h&dEehd#Hg_z&fWhu($2tMB8Gg(2P zp`g`hxx82;rQEmelgzhsA?hzK}ay>gMLrUt=(z_ zrpoJ00{jDWT#O(oYbX|p>Oj%n$pqD0oQ~a5h3vd4NJce+9lZ4y<}b zuvhW^mYy~Zoe+y`ozl=HpxXoxA3Z7JhO*7bydZ=RDVn+PbFDrZLO?j^A80rrD|mYE zANcI$!aN8xSar>Ib$%YCr=Q_25~j1Oa62Ue%D<4g^l?xuKb+@fRjto{L0j2G`-OaU6;J3G9B4UPmz$$rE~EdodVoY=m%lLnt$2S+H{hRHAzo$umRQ)q zxw1$A!AGoY!XRjamJMQ08>fGC~8GIl=Cbgp3qig)lS2Cp>JloF$19S%9 zx&Ch~Sxn{x$+tu5$qO`#F@Qfr-jrMTZ05!^ z`Jjn)x*MKMG~Sr|a`|#G=eUcTdoDfYw#a(}uQ$;o>D@AyX0JassIcDMF%x+F4dcv$ zLAzeg#O>TO;JsciN;ck`j$q|J6t>+Q)OVCLoqFAAPvagrwKLHd9o%tAx%E@6#ji)B zN3MTPI9C>RL3-rD=;u8_AIBGF7H$yb9D4=D`o`uaJf3Xo3v&kxNt*RGSIwscy^))l zJNXnnnfS(El5~x$s$w=N33nMh&b4cDi=J}Hms_NgiA2IzlEvI2w8{G3SS0CF$_9bp->3mdfO8d;pRjny^CK_HdxFrRi)QvaVe*bKLVeP%?pttv> zqVKz2Kt5nKHjW@Z+$>y#G9P@KLT9<}&M!l+IXtI;ou&~EpdCt!>F4`g>Yqo|{t-`|Nnr~H0t8O_jp ztafL5vXkx4{?nge&672p4Hvy*{F4^&B7WO>tD8pW-r{vh;=_X&OP>Mf$QlQ|2^RP6?`q3 z_VUC|e4Ppy2E!cli^mLu-pYCB5*<39zwli%t+ILVXA>|D=HEErY9CpgG6>c^DO|c< z-eT~@`O28Zg3QRgGT7m{SwkRt&@GB?d3`EAKUB71R;S^~P?Gkbu!zBDt&_fnL4E7= zwN4J4tr8(hqCQVrjaXX{51ASn)&Iu`ss)miy%P z_6RWfq~V?UX?V`dkhSXDl=w~s@s5SN0$dDfgOS-%Vo*DNULTQMrm_g#dMmr0SkZPr za;18E`R$6CyDG%a1kB~D4%<;}?H|e(z-db28ad08b zYOF&t4Ig1mYHV}zW;O1e(b0c6pZ3+gZ6;+XZR-+&8X^FzA6{7mX zVtw-!dbSIi=4oLMrewM&vMRxJLFdr(x_O^@i;26DY73f&?&dOB8<&J~%%AIcg*?wZ zJpYCj`}O#T#uw)h7u?n_kml}cOA)lDg;yEqML#*o6ujsk*21Eb@@gC#H!TcAIPV-@ zpz_{yWUcl)41(Xcf*a+n6&^5VE^Li=yeGBl5Q{0G#w__Nyn3_PJHzJ*>uxc{&1sT= zumA~my?N`OUv`M~^}&<0bE02PpU~90p{5rd7Vsq)v0#v`IUKzRy_#5rq?<}!Q1^aE zqj7H-$~PaqS%hroyu)q#<{2M`zYi@!n^2^g9PVDJ*%u6P3F4}eBz?(yE9lbtBVMYxj4?rSKo$ree5i-o==uN-L`@FwOM5V zzW`V^x^qsxl@cBzh55)_uOQWJI=B$|U)tf{x6U`}@iIKdQM^dTwZYYXi5h}VAA+-O zEpvhn7_`TPehblg!Q_1LsOBP)QBp}tLCBYb3EkJ%P0lOanBt2pJQtXIXecP|^`qcK z;oDROkL@_vg<;F~Kn3R`0XJOs+`B^G5>y+B#F?sYNetK2I6x*f--y4$DU&iV4(?-*6QPcs75 zcJUSd)zy{8LzIDOf*Zw4H05T;K!Ie~*8NrZ?zpbB9k~|BqAwTD1%$q$oUa=dJ=^sv z(_CeLm30mGlX{pn19K6J7rTWuCOP zxy?7i%T;7}ZQ6zL-4nJ(t_7+ofzS50;_@}aHE%}0tv~+U6`>lgtnuxp-_$`pS;1Q8 z4KT->itCWNJMS8pAZYrJk`KO^Tfd8btt;e`RZ*W)NO*}LOSaoTbmBmtifwY`$9pB` z_3z9ocGiAzyq~YQ>8N69fK6XGO67WG_A42lV4Iv5%)|Yv=`xx*l&O1Z!!HkC9KBX; z+!2J^O`teyh-728ZXW%TUT2_*ZKX3!wPH${E+6uaf4FjR^ts<@?P}NRx~*4vBCc(0 zP9S+?M<@h*d44*%_tQJqyOL<30Y04k(CHVJMsuYqs);ZVdvQ|;xxs5;$CRY1F&7n_73;k-UU33xhmO2=ubW0ixt@dD*l-u>`G*wsrdSlp zCp{Fb%yCPs>)P~LUvBev3reSdk>bs+Imfl9g!`FwZnq*zeCo{_kYUO@uHMf**fLso zJEhNGGkNbChtke2$Bei(ZKDw$tui6ax-coT&sw^c+t2U0($+N3VTtU#;F#3;^=U)A z@S)GWwbCKSUtH_*=c4WQt9-(bdw;VV$e@}g=H+HuBF`l=VtMG9qvH8pg|F`(x}s#m zclCaw?2&7<7M^fd@v|#AbOyEsZ<4X$)(#K85G%Iti^4%*AJt>tJB$kSclK}i?Ci6T z&#a-Q$PP`ReV53#^@?^l) zB+m0n7B>#hn&0d8lDc9`V{A?CyPp`5ap^&f=N9FPi<5cIw=-*_PIURv8rnh=b3VMd z_ibUt79~_RLFvdfYM*A=TSx1Oe z?H0yAYsmN6+f-prF>z6d7IwMv@y;n}Gye0jAN4Co#moYzu~XrXuu4`><3DfSd^n2l zX;g=cUE9q!>ojD{r$4|f`ntd8BVSx~_o_F$7W!&u(mVO-wF-W7tT&r1P3fPL&n(g=h~Dq$4IehuZw^hy-(D@|9c6Y|Iv_5< zl#px_zR6i_>kZYa9T!JxRXi^1HIKdqk6?a(_VI>S*Cb=ts(dTnjw$x~u$r8{Mky~TXBZQf5(=8~(OZ$CLGRT}lZr-Qaz|K1S?ZwFh> zxU5NW7ipW6Bl?%?&2EgGlG!3m9L;!lbW*2RZI%4&>0U95{)%7^txuEUu0x|@u7|}U z+8!8>JUCc$&82JWp6Mdh@1rkNoVywZ=R`F2F%=0f!zHB&p;vZ2yO2;@FB1~?>F8(C zGE;@C#(kPm_}jNtQ)oFEDFGwbK4y0HejN83M_xFbqxywEu=H4m+(juZ*BzD9o4RF2 z!k^YXz8`pgRps~RAqyHGJHob>Npn5%ustx5E3`X z|A30`7T(L*jY_fEtncN{F*Ty5eGHi!w_<0k#W4QjEat7$UHubt?t(jRuRSHRwXN_+ z78#yaQ&Y2w>V)fSzY6vzh)UO9+1PqzrGRzXORt1^jeM+*%DS^F9M8{gP0&tW_u+fg z%E^!G4jzqvyRvY`;_f!9W?SxNY5$Ix2Z|{~|B_YEK7GZ4*ZywrBGcuS-=qy%^TAOk zQyCP6OME7HnQdPkH-Qo)PreOkzyNFjuP5|5E)_L>zNg4e2~TZ=?K6cIti z_l7Xc2CUk&WhTYCKZL*9NpV)yb{mfI4;hx56~1_gvs)Zuffn!%1c781{CQC0i+X(8oEFz0YZm> zG${d8kluT53IvoQAVFG?BE72nWWVQk&Uemted|h|zb2XX%*>j5-D@pRzOtf1`EyZ& zARwa=)zWy<12**#XjE|!8)thWPp@nC6!$ila2rdrGZk;OL1oGnu&BSUk{K(2y?vWa z14w9$J{mt2^Q$1X1ggXa%}&h)v3>=+CwF8cLMUERBKg@s_I6nj36MC^|2`yoNn`PRB68hi3tKt;Hd#@RLm^a#Z`O&akrkk~@Mh`o(T6lO2l(QX=ZVrg{N-GU7adiKVFy=R+zgF?~ z=|?dl6u(%fSu9>y|E1{3NVKtiDMY6-@+nD-eO8m)nWaJ8u_SFXs|gRgD&1PXW|827 znqcQIu|U3$kjI+oXmR+3Bd1fLdi%>}^p^H%|Ct z9PEJwRgVy+I662^8uNqavkKtYPA_ch@`N?k>sG61aiy&AiWWZnps<-vZj|NO4MA%e zQS91P{2Xc^RbFsUx0jz!$YpYh(Yn?kr7>W5+WBGH+6ShZ36ap=PT*Jys(b;>)@^TH zbYI|{lb|p1!WVt71^zbfo=R+B2isJ0km(d&vk2w-r1@NGA+>-(D7cP+?~yuPz9uFZ z@F@}jU0YFCETrpGrK(B20G)C40uJ?tiA+@7pnF=Gw4YglnX<nIQmWc`c=}vO>CUOba$=HKD3U1Bj12W z3qot}E4=wQGQ8PW_7}ZYIXAll^Jl{rbC%qz<2jiL!EGlhJ45{PjR=g*drJ*#UX9HoXUL+k9v2mKP>6U7j8Vh+P zar5|l&$-qmU3W;jz8?Uy*70CUIcRVle82Sw>TfbF*(gNWRmrXo_ zm_r9WoI(f00#RD0BGt+_JL%HE^K>h85UO6y?rBazk$eOCwCJ?0bk#T_Dgbnw&QW(Q zW;lkchc)gt*S-MCo{UdLfJp|fP>qi+Ss>trw1&=>6#r?uz%UfB-~T4H?6tDnw*vd% z>}GD3`eJ%MUQWretqLK8+V!F9qY3W6=wOCieCHxFbdd?nYwpAK!BG{=+I#|nuQghx zxf2VCmO280bj8yQ7J-tSB@vxEkGs$Livrk}!_~>v@@3QKxP7p#hKCGWCiU?AXrq7y z3w!+qYb=5IT0yqlZO=;V%P-!Ld*BX^QD)}I%J?Va^zu!epsjWx;m8Oj_V8jwbK#mE zO&~(=kx64g8!Lw~-P zeVTV2_`ITGEmA;QdZhpr1x(C_d6YaXcHXc{QK6JC@3@JyPGt*I5nt?hc(4UB^M!Gf zk6$n4s}1w*w3=+cikglnD!w+Gg4EHjU>!wzis~1o6Xx}7Yxj7PG@zFf^W!s;tZBbW zMfGgzoc>$6lzk8v8HF5Aj@SY7I_7$bVlbqiG3f`*3KZ1cYXEx1^#_^Um zZ0Lcia96oJs!zaEhyC)`D5Vl7Ucxqme)I?WYZKHhrXe=3pR7U-vMbU2QOVqF<(>%rn-sk{#YH*qs3=nfeVApKBc!KykuHuI;K-K z)87Wv_BWl;@2ERl^p+4aPStemnBLRsc7->s=^gS}@kEZ$x{ZQ^wAih6lb$q!h|ERG zFjs{yk zYvUGe$lKjMw?xvh^i{*LuYR$2eRVgA9wRKOmWA&hDLqyIzwK^y<-HE?K5ciU;`^I+ z-zHG4&SKa!C%h_MuJHu#ix1b)(L>3}CO9Tf@b^vS3j|>1l8=uF>?K8#cQebPe|G7j zY~E+K-S3}U5YdtNF{pf!*{{N0$byN4=J}|EZRneN#6fHN; zB$M7IaS<)d^Ek`K$J%b_Ko_1ypzv!~5tf42AJ!yYBdfvQX!K}Ss0?_{2qk;^Dh^i| zYZlqA&ZyseO>^pNpP;9ZDLZpt&fPgSaMQhjMspO7^2FC{S}B3XZgaL4(h^FQU77AH zm%Z%;<|5xL=o)stEFs$opV0hba_}qmDU#sPnp_h4EM!vLi5lWr1%3SNU$U|`N_;6Y z#xJaX$%5S19nO!xZ+d-^{+c6;o1!F$RWo9nDhH4b=X3nR58M|-1kv-BFHMJEVU?ic zRFxT^FYBjvJ5_(!uGGl*D>V}3`$KA%e0>Z&h_(A1yjrRGX&2D%yMbjElXDgb^*2=S z$z)h_zqYE|8u$q8jtMW}XYPq(|M|7Xywg`6B3HtC|B1e=exWJJkLwuZk(^-k@Twho zDsz*b*QG5^i{+hl7UgC5J*fNiDmT|xgt@_2XIMb6EG0KxS)}u;p$Y#UkU93q|6zW= zsg2M!IZ3zd8d6Vq?Je7aR+=Itk;$xBC^<-qa7`#hz4~U>^BWmyoWCE*ER`S zCy~}|5&={A8q1CySm6pQqoS0(GTxw4s8g#}L((}p@;F)RKjsP10wcP1R2j&@xmkWP zY;RTf=kx%($>c^=D!TfN_M81*L&L{}ALBm~0~7R;ZVGU9w?yhCT)95Y>*GvxU)AI> z2E1-W^jA3ZP`|1vI#n8vTlE}FE8`e?upB@=BFX@vU*}+kxw@ta-x#kl;NI=bpaW=` zKKuKrv$CZ@ki>%UHI&hINd0QjvA(SJ)(zose8R`%^Wh&hh{7#eqoSW_ZqjRK_t4B` zobL@Ri&ixrs{iNYSudcAzcMAL-V!3JJ(cgjs=wR0O%=5xY<5N;nZOcE7X&;c9{P|#Q_32%I8J~YIofFRi+Laevw;)ci;fY z-SwMa7ZG$0nPVcunMXe$TR1>En-X&z*10azSB`FN4b5CTDkj(~rqcp(`AX4Jd2dAA zhp+1KKl>}>_7q0>M|uU_^PJtC%yHd@eF?sR>FaliA){6$Jt;4+_F-dPDrCvS zF$n{PW13L~?LE{H;dDBJl`Tl{Ypmx@o!I@cO9nSE`9G>1UtUVMU<93QHHT*-WW`#z zBK@01hNkplb@R2yE0Z%E1D@WC7_OfPmtiTE-q#O=-jf0B4Y0?&;9{C! zT$0YyVh0^GtA-7vzB7XUO+yMi4wd{#!c}&t5BWpCW>e!7k><-IZ6a6|KH;Z&BY`{& zJ;{IHtXr>f`_NQ~Di!vDVHaMlN?pdcW|r&*c33OczK%4=&g_v-khw)Q*+4o4EDo{S zsmP@qL)OrWf%J<7)#pmEX$7ih$_W;0Iwb2jh&~~3S)Z=tdJolb&Uatw4@{V7)kr_v zTQ7!fU$Y6Zs;a{UrK(p9sItUZp}QfP3j}NCjHLUW_QTQ!9!11e96t~BPu{pYtmKb^ zDXpIu#bKVH!X~SJ#cwn5IFn1@)lZ|R)~vVbrq^OIV#Jyzs=XxSad${jzk+t*@bg#o zjBs9W&PA5pbmVTz%y(Bm3H#bzjeH+g9;n&mMJOddSy!U=a?HTq|! z&Xqt>5Ssem7aGMv0G{|#&6o~f_M%mvwi%xsN+DV8cR zca&Ekh}|>IYnqPGPN$z*A@ z(~0j=Dp9>QEMpG$Y#puHPrl%3XUPAp?7fDTQuio6MOp=nr1m6I*VnQ__l;V25yLeN zMTTzh!eIRUcE&hLhITt@u6h5CX`+X`Y-sA4$>k%cYjRP4^hphg#by8{&~&z60PcAw&;@7s`J*~ zpYT&8ni613Ek;8j36{qyWk_E%*MtE6^-Ca5{gw_*#bE1KqcPkkZZ^;E69k`ji-5>i z?zB?%Llv*wW4udD_iIQ}YRO}f3^0_yq481Bk|R;1j@Dbxc45d+5h{b@-wC-Lb!;n- zVEPPyz`8gBIKSI~d&^)hiKw0%BpnLg_uniWJU1c7GMMDQS|?I{1ZKw!|2}aqZ+r51 zlY~P*o(Dn8_$`wTK2~e121WmG!Yx<2`3=Xp~%_&CzG@9-OPl zM6|{rc~%OJ)r_!>pTBSI?Q)e4*K+tBr(~wVsT+%R5z-zUnYMZ7tUDa9$W5d5TH4HU zY~T24R&e$PyHiRc;F*f3|0Z(&f#76oJ##)4N{MmVX4Y{zM4D%|L0spR9LJu@>UZ2d z&PGd>B)`4TB|0in2hr&lRxh6Cv87E$)NNLks?s(m)AF7*%pdBBbnH%H9Su50ggbZ* z(c`VP({Y<8W6k3oM3&nPGEf=B~{V)#U-|%nJ)+fXaRFFk%pD5evH?5&~#un zG}9TjoQkr{3at+B>K5BLeOn!ovrWDn;tKs;_vP|4)MMXS=goOYRE0I7V(TJissk^~ zzAPp9bnq+MNef!U@bKN!VQA9hDVx=E#i=v87i?j9Qu)7CMEd=<@6`t}GxNiJow|JN zyJ+s*SYhfoM?N%mW9MGgI&&0OUGWtXzbz^xq+K#|{N%Zjj>RHjrd44wP$`hvX|F7d zDbQSiPg(-|=xGeMymsYe8+)5tDyseXd(P(?PT6wqN`> zTV>(P3XoY|A5PX-hpYx!T?WiACWc2#Mc=cftUEKVkqIuTxOr@&=LMj8_~{TyCD*0t z!@{2IOl(goLZs*^o05!;Y~;dy`Yn{CS?Ux^vwg_K-#)1&_tdu~`ewEiI-a@ZB5(mP z2buJ8AEkPZkykoHgPR>8P%4ZbpIDq=%2O*!D$gOS;;Bo9=?J>3wBz{S{G(KcB65c8 zQ3+Q#!}OflscOwd?3x5?@0y*1@5la)dJC}~vB`hgLCUW?dQaI)&X5(fH35NDJD!MeM&0(W*G^DOc zLP`&+U6+QJu$MP0O*l8H_OR0!+=Kp95fd00+!E=@SPSiY2q#w&5VAq6+3L)&g(oXy z^O7>v&<%_1nz4DxzT-1*JDrD6kztVZ#dbYy%uW^0G6;S6;YTEo+-t+JEpx#Z#|(B6 z8B|kvDNTe(O!Lstvmk$Mo?cm5NXZ4K_#xzJRyVfXu$HN`GgD&@Q>}ML4qMns_2z(u zsmkEYJq@%YQOr8mliQ2befw}|iURf0MqrtFnOY)aXzu!fwKktUNC$U*k34e*W=r5d z_T57`N7q!`J*BkyMInbhA4|d0hD@heuc9g%)~ldOQT@4I=B(x*YU=m=!SvA(t(d`u zh7c)+3>^^r=kc4(NR7b~AMk1mM%V!}Jkoh1kG@;|^C&YB$!i!Q!SDk^VZGN-TPMWO zDOwLQdnJls%3aBn5-8E_2zTTWDd?&xyUCa{_R zsA}yPE+M5#MOf1@0y=ly5FArMb#;|iF3&3Ap74$T-H95|eqIHqRj(qh zzq%bJeQd|8Z$qx)D%&7jA;=b?ycgO$kS7^u)+dT%ZFmB@VAF0+m-6Szf)@^@`@h0! zT9!VT&Q}dxJmwO2Y8faH%;$2m>NU>lI3^qt^_2`SLvi(~xf_qeVB2qhOL%r}eOwVd z3!5Eo^(7{*&1&$UBB&`-qbj(yc#T{4?ej7TkwCdHEarR{^84 zpyA`)_;j`s_j(i8agF@;v8yyvO0FSKuW9( zjJxGNLAw~{v~sz6#&eRLsQTDit>#zNF#wlxYop-#?|ptH*B3k8ks%ANe=#x#u!;IKjfG7E zY`XHk>hCIq1vUSEZPVyT)R_PcItQ zA}sQEFP5EuH5gxX(rC+ztxL(Qf5xxr7Pl;w6!hbMFDxdU+%`LE+FdErEH_cO+W+UT z+`zHleSZ=up_<%@lzuA+JouyJy%;3;bI;bI>v`Dh{)6Hx+vcvYwazQ{KQ}I({i-tf z<9*3xA`>P_umH~mxfb>&F*Ir1!FwMz54$Fv#(7CyKX0*hT?n83p}M1L zT9_t2dx3<{b%o#$CpP~1>&;j?|GC1S{dn&8`)OTY)z$-TR!xqVdG&c-D3`6Ph5aPW z0S`d#2MTu2s?WAUaDUhi)dDhVzex?P;!@`sVm%Gz4q9DKO09Rd2pzVZzb+->l?ONX zQteV+eG7y7No6ie{c$lBS`Bmk1-<=E;Ea+z;Ge%jN9yvH$xg2X@u6BMZ{q&xe3hE)qXJSvf7kFUETyYlX#H8qqr*V~zpcZ9Jw7ix zuV*VD#F5|?-AhD$Q@N4kSyYl_ zQ@V{!XtS_TigDl6*tyZ>r%}%8R;zX}?swXg)6IQpaTC{;jW2s~mm>nNy*jG;*RloE zcA5V;{R~_QeRY26J-qrdbo%^x=&-*3=GUru!7x5ukuJNEIA=FWo}dFpK-- z4u!V|$L|Y#P+b~%!j%Un(}l9Cs;wuJ=a)wlNma_{mjPoZvqQ6x)_=E1gMcs!>Sf1E z+2k%|!O(v#p8WqKKUZjBz?A<=I)c|;R!a*e4Zt`$f@!s2vBUo(BWeeKY;G)mh$7zd zJ+YRs{@59mjeR~IA#(l$=7u5qRL}cYg3LB~3zdkXMQ2w2n?7{-A#xK79G!*fkGY0g zD;;i<%HP0q|5)tcy`!koAgNGN<2!aKQ?U&LH{HU5$-zbWw^UblTom3rv$ zOYfx5ADX^2N31z0(U&G_$c$`K>a7Hf-w$?kr%TxX&6^LH7lj5giDa4UgglNG#((Xc zL8P^BvVCZ{P@*r7gVJiU;)guqDJZ#=dT8!iZEKxO$h{<)2dcQSU0%{1gZg{I&a z?faflp9B0*G2^|GOV3nbQZU`InM+J@ihEe$ z^C9-ENNwIXmE!Onh{%<8)p+Ipeg+5ChjZDW{r)lUZ*uGYX>+8GG-WCj+l`d(EAB^8 z;~ChPS;ypb(yzpj7U84kotq1mlUJRDsRKRO>7!!NK$d;eG#n$@!lrn&-tkl4a>N$N zl8Ya2f$&qJ`sXjm>n+u!XrbPzR{C6sW@8EX6oA!EKW7&>4B8g5P20PFoWnXK2xw!A z!4|eRN+D-&WGr+(aLq@J+9vdW+=eTG2fmeAlcns)Jz3z`oxl+ z`$yQDx?aWJ)!LRUf~cvKq3O?z!WZ6&vm^~=dQe5)WbB#3B?oHnT-RymMAF@p&iRyl zHx;(%D@X>+EV)mHy*V1ATc{n6c%si5t1NW&WXPQc!5`@d>L^~UN?KY{G6>)-;}l{u zdr7}I)SxvorXUKG`%(C8JZAaq`b#>NHOPaP*^O@#spRreXJDRm)q#Vr`*!FHksJd% zadCR%Yqz(h_+MT5e_*s3U2{t#c0yQ@(<7v^`)p4pbl<&6$+__~-il;t78&H){#PFP zL*&o-6$wR1(70B;tbnoQ*Q}O*2Ng{auHld9)=PB_ip>-Fs1v8ki%KyIISvL5Dy?B` zX(eoQf_x=ZNBx0@BaRI29y*CoFR`~BeS+P2lkw?L``gIjtBqCd#d`e)j8HyQx>XWj zjy8wy@ZPDS9w_3dp+q+Rz4Eh^y!@n261SWF(~V=%u*NXOx78(dTytr1NSi@FWKifE zQ#w!@RkGw7UmU{J;nM6an)0Q@hkts2$up~gY=Zic(eGf+TOq3!aZm}>FS+@Q z0}mSJz?5;6UU9zU8Et_*zlCGtW-!;oM!&w>o95A^O^Soky$BYG3SRflH@?@LXM{=* zS%9m5K`MNEx>RSn|0uZ;STnh{YW33+B-I$u5j8#d7C#&OqDmhSRXuxyNd{WOVxq`l zpm*SPE2amuNe8MAmY7e9T$L*G7mq4D{pgm;cHvI04mMLs8$s^e&41dcs4Ycb zG4sCY`L{e=Only@vDGf;ZS<3f=4iGF$(`Nr2& zf3I=&AvnHM5-*AdPP9LZ6F@{< zCMdKx?5tHxBcO5a&=0>4Pa86h9DK2({G2FjrybKxO@Oi21Tr-{m)BYNw8$^hhqh6u zdS0uml9!M^lz{^)52XTyuf4h7T_O}bOu6rU>WAUVa&73+oxnqOzV6CtlNbYopTyM! zlb_gpt+vks$ovnC;zoLFm(OK)QRa z^_wMw;EpFA4~lBjn2Z&zj!PS27AsVgp+S9f-ZaZpjzZ;!^#Rz51X>Km3r>zKFDB`8{APepaXM?~&Cn zvFfhWp3MYLMzo~Z=+sqo5RQjRVpik#$=yP~39a~BC>6x_`yj??jGnG?w7E|L4>u^S9nARS3Mhf zEEPa=X>k3t{B+h#NY5Xvzj}u$lc)oTz$7p|s-o}LeGEzLpjWy*6x zYa`R_BTd|-j>;ge(*4j-7$4we_Zt-8<1D-58ecYHv=vrtZ6i)E!~NVAlJOQQ_en(m z!OG^4SHr>kgwdPLoSzYm5Cz`n-)QAo0sZRRA@tarh{V`K0f9C)Z1KzS;1kxEOZVRX z?0xH>#K2je;tt_)R=?bI+ z^G-U1u3no)i1W!=%gi+tBc$4BhG z8Vz2tXFy%OV0g#kl7LY@c|Cb>w%aoH`x=|UCt%tsv~48Ha3|M z7aQT_PxSDi)Dt_0Gg3kl;g)VGApLC%W1J46ZDyIr-!JFG@mw^bZ86ocm!mnke?Qvb zqkdWL9t>2otiXsjnOJPwfNh1aeQTHWwi=iX(j#ixBFsCpMf7{p<`Rq@q|m=3-HAN7 zsC2XArZ26t<0X*S%E?v?nmS%*8ZBgz88)l6b!6Izz5cY8hJIqO)ZzviX{tVAJ*da6Sy+UIrrH#Q0I`U-ML?>jf>-J;@WNHYwO zWzb30kz*35s0`AZIznBIA`~fX0?7YOC-Bj~ye+C9)thdTZgyq)|6>^tqyi(YxLhMO z9C*rN3Rw(_kVJdUp4!Xp&yOCdn{vTGq8h(*f7o!u9KX+Ml>gihb#24pYO#g&Cklnf z#rzb5J`e~3Pz?J90V3HNd-$m^{RhYdi5fmvG)5?kqMK4m@Nv1g#NI7`e-q^0olSbv zkyUryB%}cS3rz4GkWer=s4ga8E`6sg6Z1p zHdH-8J4uc~{BsL^s>n6=kLMGZnox@)$9{Z|$%?(+=$KZ(0A!tuXZ@3?g)Y7Gxw2sc zsN>0TQ+f5`NCx*R5n%H8P-KYY)k_)52vh~nO)e-Y?%(nA>3Jb8F~NaeBtV!wp3v%> z%$#3Z=+iUkIUU94TR8x9Trl8!*?NfDbV9!)Kfe-4;O;{h9}vjMM5H6<>-^?s3Z-QIHaBUs`z0p!s%<%BKRpwF8XLhomGzNU*)66r*(^ zZcU4#$BDro3BTln*27GG10m*LFE|G~fvUhzV6b-mMZ9l+zB!H`W5T7MDSJ4y0zcs? z2`+w?+BBXu3R2YWi{FqMQ#}Z-O?7Vne!|PEcd_Dv?9Sxu{Uq;r4Bkm<-trLO<#IgN zRMh^PF*hlPtyvplzoJGe2rt6~)1IfCPNZK9{^SomKxLE8jZqz0`1zf?8vBpQa|$Ar zIXN3pq1eGC)%z1kgh!*}nk7+L)kC;&ZN6(S7y}B8Q=|oZ6?ESE>bS2kEO=Sa&WFYy zBhElO7j(4WKQL9-VeBGC(N)0Y`1vQb(U?H_{W@OgA>hz>IIcxLN;j2LnI7j!pP;Im zDa}0D-#a;C%pk0HFA73sHar+V{97OSGR>hv3+~X5MnM2X9+mT_;Yl`ESf?T)B zM*G5O(65_wkQ_AZ^B}qU{PM|1ONfB#E$I%d8CDS%gam1g`LyjTT!2pPv<1LW!(l^! zWw3k5o$9FSZE;|yk-bIiB5Z7OfPyZJ8y-WSrEoJ{=gr15rkumP!`tNr%qdPEIk5(^ z2EYDYDn|9p4q~Ntl;crSRaRa?jUb8HcUgV2)W?Fe895v{!&Fg6iW|umZ)$vzp^KGv z22qxtkUW@VB@$l;830L6P8<8|Nz&`}t!_Po$eQohvxagfefCMt8xuSf9E^o0LaCC3 zm0*iHqy=TRM?z-yn<8ifx7VP3k7iC;-5O_%a*h4LaaHD}?N3_s;8-UP9cHv^`XRQ% zLD_-Jf!F~&A4)i%NTrxi^ZXR(^?J%DZsR@cgg;*l@4X5XG$Vyyw2{E zAnCswhV|{neCXg1G0E5v zUd6ANE#p)#o9Ox}*RuOc#ODYvWyx`bEe6HP!RD*ik1!L=H4PLec#L#j`P*h#>Qf3KNk>)xYgOxiE z=UD`%7tilB!$6FDKsq`!__}#I1}sWz4A&5tt=}t`orVmsTIdwT4v*d?(iLq~^kwi{12DoPY_)v+JMy-SxqK5@9_t$> zMmf7vC3%&7B-m{8#V%2!e^kC5U?;$ugNaq{yq{JW$W2}@X=}4BIo2jFt}-Mq@TMs2 zRLvjqDjl*OWqDaqvsgH>BCHPWkiP8|FklWDa~J>kbOiCd@ZYA6it7EMy>boioFbcd zG9H9%Esu~|S!0F}&g%YuWVKWYdl`e=#~0j`emUbQy)!TbSh?hh&W*?Knsg`{J|Yll zVT?-92R*B7@bxoVKN!(4&g2|4Hn#eHT+~m0x>-|fI%plu0|LA^ge1y!fWCQ%bBSuT zE^>eG?8V=EU2x}}X|XdthKMkKF~BR=)0Cm0@hR#MWwL&F)oPMsvQ?JKjfbzCcwv;M za!>I56G|ODKFP-@b0GjSrC$w(88yNGr+JP5X$hkB@bDO?`mZ{HaH`$-5mL1I2+Ww= ze+mg8H>S4#En`-pTm6h*H@-8f=O|7>)$XzCc$(o*PEvyEgZTJFe_LFZoyy2c<=7cU zS$YMDldI+8tAMZMXFin~ke4$RcU zugI$S4i(V>OFX<3XOl2L-x2kn`W_qn(uGtc@?~}(;R_GmKeL7oB6c<(vWWxB`91RvsCNJ9-W&OC-KmJjVFnNMOtzbwHTzbN>A!@0u^EIi$tb&M^R;nqN*LBZ47IhY2vIa3L>rp% z`_YFQHlrC+Por9!*P!+_t~T03F0EsJ4)*me4uw0c!+HamCU~NcJ@(}-nl0L~&AI?e z!){uO+4x%m&iCxur!{u$d~{cxH^o7Z$W))x&|;eHDEL2r0a}0Krn$%gz37&T=3+ps z3a0Dt`bL3HiI)ms2f4K4vAc%?JYt-Os7u-qg&~)QgW-#wvJnWXU5a`ol%uX@rZ0cT zhdE9H>Lo`rd4SrY61>IADJ7NPBSX4il#qw;-3^WOhov_Qncxk@#+TaSQwwOHj|mT_ ztwZ7a!z)ELNBZ%_5#*3h{I43I4`K@U<>hwwWrDx)3Uc2$y9p;xErIBinI7lR1&NIE zISlKs<&HL>rp73NgW!`{+1|nRg_VgFeo|~K9-cjNrTzC`-f)rcLoO0}P1n37G+^AA zQ;~~pF?nk?0&4OcH#|J{n(`|5JXr8t^Eidsn)kjG?MsSCa6k9ah>frR%)`aj)U%4{f}Z~(RU4*Dw@0_o+XY*z=CO+S?HJ&iS71^6Dbw) zEW*3?ZG&vJLomEltN0YWw=ag3i|G#|PuS17{es_DJRtr>fl~)j z8#@)fqgJjWP2ehFLbJK{jP0+b`4onCVl9wfRuHe@={72*mE1v#7K17n`|uBoxt)3! zB;K3Bj7+XYp*OgpCCt-6y@=20lo6_&s# zE7z#t6w%-JC{1V|n(PuS?4W$9%fjs46F8yxA@XwpGoFP&?geD2gIS}&_6KwAD*H{$ z-oArgr%1SPisXSTnnDN{r=V4Pr6}Q;!r1xfA3Cwe=H{0Cv12#oUQQL%$Pp;Gioh3< zRJfVWJ7wwT0_GlE{%EFq4rq)rT^fP12SpKFn?Iil$p-N~lBi0Mo!L$Wu}@|KJx4Zt ztqTQI>b%>RdJds4I--71PCAz6qD=-1_bNRb+A8+C;ia{7G;*>Y@qob8^g%Jxtf_D( zp6WGkNF3C@!|)izV=9ka(2V}*_AD=@R%xnU(CDTh{GE5rhr5jqFz^lPUJj_9^zpE} z7tuZa4Ud6-xH8YJTgJKaa)wMyv7*`vYrX6l;=tY;q?icKZ}bmt_dZijPGa%0r|U~$ zvz)9MSuJlB_le$)nNP*7ac-66>Grt5_e9B#rcCfDMk~-uvQP2j_?q6k%{-Wi=Fh|) z*Si^;k+@88K>rbAa>h~yBhevNl`IK%iRvM9GUYL*?? zm%;cHB2%SZECE+D0SCs#*!#j5Jt!2Div!Kc{ihPwbdqTsN$f;ebG=>m;=|TX{Tt#62Vuh5~FLr5O}UQ zs!6rBws?mz{VG<0^t!47TeKNP13uCwdF93@R7w@1&bOw%OL7r+23qLvbw<@Pt!e;9 z`S2q8FkYW2dsmIIPs%!tD|Pl~teRM29OCKvoRt*^2b4&<;M$*sY{^aX zIXwdETr?Lxu?I2DjpShaLeH2Xw;4<&(>Y`LDM^1gytPQkSs{rQDHNkZQt4L*w*k$T z7d?I@p6U22z#O7k5k7$A%OQ=we$Qq;^WbA%br)n`?^68Z*&Yqw{d4k1gu9E&5>E?6P0^zh+kD2% z%KEgf=f+~={$qP4wtLO!rBw%y2zkXmjLiaQ_>z0yBQ8;^G<{|GGjm&A_@05VKVP$; z<0)jg8vI%4jN6uH?QQ|$V4*Q{=W9FPYO1Pw*Qjt>Jn#KbJ|hcSL5(-F-Ixe^Mntiy zVzQtWCDP^CX3-_RRLVg#ls*9*53q91T@jBpP`&@hzu~1h-lrTDH>6Lhussk-j;54r zbt4bNL}e+XwJU<|qTjscUcAftFy@1;e*LH)qr00Px=MJ&W!t-x6zeTEW|tV;oEuUwK3%h*CEy zO>ffEoU+&X2h2>=_@3{+9RVCsZUKU^M)7;}4tst@jD`{skqBNC8e@nBHfdD0b4}v$ zl?*Lr4h?pWLX`uj?FmK&x3NRiopU2SL+R$e{Q1SZhCbNR@4y;?=sk9fpc(zUaUZIx zM;ByYD0u5AT_UR=8;u*&JR(Tc4cFWl@~B6lIW;)J_od*wGg!I|`Vb~sf~Xm3$>lrz zNj2ufQ&#Y^m$izd)~Ck=n*I&W{*$7R;XcEyO-{+v0v<yD79DChOZ2Z9YCD z6Vo8YU$EvY*Fs0sae=cU8hP(jGAqdM+IbB+EP9rDqN3&E3~L(;k2%86h2SW7z@O@0mvIrc84m+`5jmr5Le31Vt48|OUANYtv%7<%Q7 z(ghbqC?kYCE1WlLPWuNw-i;pYFB9as1VTiH_)Y0G<%2VQ!D6D!5yM3hp}3V*_~bdO z>wV)yq6eSOV2!x}m{xco5c}tD`WZq>=YkGYexlN*QDKndA+#*~H@%6xIovjhD&*Fk zRFQ$GF6TxFua5zowUZ_m=_qkyF>r&&zD84w`)JYvw=YODYMN`KyHXs&&5b=r8hT;2 z`d-!dB6>wdaXpW3QD;mCzxc!qEen4i`7H@^t|Lk6nCny*+Ygi%(0h(oZ`1ht{C1N| z6ZLR|1O(Fu9;*pt`@wqJ=jp`6$a^C-O^jv!l8dJU^QL}|54>&ep_j|J8j+0oIGL@Z zY;90q-Ex12)8Kny5QisVfpjRDJ)C&oJMoKC3J^&5(!=Yt!rEU0KAutdeY~RY)2BUN zKkMC??uuTK%FUi?MvKu?Wo?PP{-isCYlEaEKIX}RoGf@`q_doCuc@z$gC1w!L-YeS zQDq@%M!NC%)y4*Tja^or(w`ntLof$LqAX&)?TZavV$hSt-N}3)&A~{GLq~rE7tD~@ zsZI<)_I(+C=bJ3V}_un+;daE*FYW}LH*@a+(TmYz^vyX4XBKw@ z50W>XdR&6jA;SAL!U0dujlJR|Lgm@~RnGZGK|b#znat4i_QwTxdL7(pBZWPtyO;LR zT$uX4+$Hf~^Wa-SRLAGL5YeDPb1Pf{Kgj_i#i)^HpCk;_D7#6UZtSzpAKn%_efv;4 zy;W2{Q_>ncu3gAtxi8=trvR4xp=_zFHKklbpKw9$e9&t4f08HPW)cz~@fBs@9 zty!f-7x7X}1~qzwY6H71ZbE-NRJe!5V-!jO^DHGwU|G{hXZ6_jxZy{J3}2-9AE9rw zJ-raR@a|(%VH=t%4OnbJqpg93{K#1UQ<%2or+r)aWCn9265Y!F=`tsM5zeEa+Kc1n z(JU{n?oZ>uHGlC8{}7{`%l78{(()5xb9i(o2=Vk+;!?EXjG(`HENy^pT?F35X@LD$ zw-6a@{ZaVlT+>x1j=T6NE414_=~}m2A<4o{(Q=trFWY3LrI0ZP_1TeKR$D?xC+;Z^ zTN=g8doLly0T0(0Vqe4v<;BNI2rGd@u(&{l@TUh?oHwnLI2Azh)MPz-?`VV@1!(l< z=XAK>?CWFnx|gk9165h+w*75CKCBacEb(E95u@;vzPRSlFZ!?_B}smTP=tz^t^8f+ zAK$X6KSKfgntc(QDM=jos8mh`$M(4SU8o3!<^3&Q)&80;xV^`IYmOkQoR3!EnO`L^ z3xNlL-MQ>3&3k!KNp~wcV``F`H%QND=_FjpYh_Qa@-Z-?v!uk;TpCyz= zC$2kR$_sgMNls7W7l+>GvNMJlpI1+@03$lq%*OILYnGP{rC^-$Q|z_L4TR} zbcBZ|-NUcZx;s*=C1a)rCd(9?V;i$FcNw^Da#P=6=!8OwFU^co?Q=eI zFef=Cf1;0snStvZ3Ov0vhNwS5L~<0IzZu4jnvh+U;fYam$j5A?oCw)d(1LxFd?su@ z-MHvahMademwoL2#ok*5w9!T3qQM=4yB7;?MT&cY7I%l@Qi2qBOVA1-p-^0c6p9rs z8a!wzZ7D@U3DQDKaqY=}?m74IKAng2aG&;MCX>BqXU*PAzV)paEwcd@miG^+`Xmm6 zp3q9G((5axIJbTjgam{L5R2y&o}s3-7uyViwUewRb$L$6egr;0Dqp~;sukg?DJh&s zL_{R~2UiB-0r2thamy%;y%4iU*&o8_sgddJE#!^Pe<$(}V}hOEUVLoLnSaW~ulMJk{*@ zqa~h0f@K;nymc8;Z@3UTO(48$-YETaLw_}poM7|EWdDxr|G=db>lpu=d2vV-#%AiK zz#9ioHF{OhRiba=Ikdg_>QT+#*D77`9VL>V2C-sVmBu0_P{Q?+-vPWaXU~mZKgxT| zYC-Cjl-6u4d#FTn=SZ2z)SzLg{kntbta8s8cJ-SkIa5uyasR62EP#dI|8sPeW~2I$ZZK~_puCswzyZg$d@=co_p~G02_TQzXC-`K@I>b$o?G{;>G_or zHjNZLAJ@*Gy6Spw!@3*i_ripIkBJ`y6|E5A75P(G)+^GzW^*6NH*{BY>ulFT^l1^B z+H%n9a3FO=6giIBiUh@8iJGtHi-b;-CKV8uk*|0P*JUV-CumAhkhK3`tUd?y0DHa` zOQV_3p8HumpbC~6^pUUOpoFi;-#4}sw5}cycC9Et5Zj6#sQ2A1F#lF<)s|q*-B`c` zoI1HE%keBsZg_5Zxc4NpuiVoyqO7rTBV_&*t(64o;;DL9{P^2fyZ2+h`2q7~)DXF$ z@>Za&z>DY1!pJ6zy(H5b#NrldTp8~s^L1+er09e`y%qz9N$fN9!SPoZCZc+_Od%_pQwlP4Fit5`X504&im%`W$CdC zHen{A@W0Ql(Q@OzI}A^Goy~}y??ujdSL1r~sqc_9n-T6AdB3#z*j3=$<3y@X=^s3f zVNQ*Oi<3(UU1wacKF09 zkz%bJni)!&P6aTcQ$sNeS^9Il@yLTI-Vuq;jb zJyCXxxZj<8`PMJYcXH(9DSVn~)_Rbjz3}Ws!)uJ?C)=m`doOINMeB9B`=0%98tgtW zd)cM4DfK4zCa=&80a#%<<9=C^@JCA^V zL|ZXeevMbTfeU5Sg+cjxqj8Ufr@p}O$y0W$=Ks`7-s?coxYIf-1w5w){T+)E%RE7H z4O0+N%e#DpwouxwppcD_IiezOi!=LKo#@6uxD5HNH$oDAa!1w^Eja330 z^dt+MuqIfbQ-e%^dnen+M+`UR&Ne3#W0`q0{AZ5>u3vCRPHiU2UW;Z7hfDqx$o6r* zPN1nPV64-KU_5>q9=dOLQVF%v2;uhn-d}4L+-^egu%+WF@gLxezvth^j!@m(y8eYA zPU`i3Fs@e5Z%lCz!rI8$+4L-;eQoiPy+RAuTr;%$gk;>viAmXQV0*Y7Pt&Mr!k)rl zUNkw!tz(U+`(v9oUxA=(^us3_=JvDgf{>0YE`ebU&+mH+Li?&mkKJljSl~Hhv-jdZ-0D0c{aafY>O)jP0G$z9wqo5eMM}bALWf(X8!cLcsQS5_g+0*%=L% z{v|(A8ZOOukDC#^nb1A*!xhtR1at8$wW$4wKhgc+=`>fWPur^7`kL_t>%&HF5i3>M zUDJ|xLRWy2oeOOTNm$iKFhIyP7J;LIB*_H#xcPQuei7yGk-zxg;@0%O>ruWc zmVdbsGdBfXD)IdyDIP&1@mZG7fXhZ!lFTwvWB&k0A1Un4T&1m;^S$$EnxW07X#oOE z$N=6NhF^SN{R)%Tm&`Loeg8C>Dm=99`j|Kx1;_hbe7{r!Jt}_E%sZMW?Sj`bt~)Y4 z6vUILqtB@*o0sGsS`w%Mmqih(lmxzQJD=o^(%OnpzkQDyuO5yt$9A000X?-i@^t`{u4sL@Gz02q%NY)6?f_&K_`&7W4e%>Rs`w_ud`q z+C;`>VBq&_)0H1@BccVQM`fo_t#%H~v?P?vbP`V->TTc5U8S0Dmlxjxl_&kGF<9cl z)wyfl;;i|1eG4Ry>}TXV;EIr-TV!B}b?*ndBsLa`Zs8v5D?V!0#(Rzvot7>3`c@pw zGDNd?5KgIDH@Ym#Rl$no-M~`;7xE)In-}bXb|nVNi4XW_>K*jNd>jbs?4C0xC71DJ ztBcglv*^yG4fiIy0_q1LjUUBK-CD5tO9&k^RxJUjYR3KfGkUU@Y% zv0uo|L5WRD1 zfJDwlebA{{=J?L>EME-Mai;S9qu57aG{6{XFntSiA`3FwTeRVbP zGQs9APR)II>oTd{aQT1YlHi9w`TqcTt-O~Q>j5Gb9J4<$AFI{fNfssSJau@?p&2zw z^_*#I_#z8ea9Z>u=GpCYsywI->50(!i{~a47DGoWG>}tzmtV!S`t>d=;PKSbFFG!p zGJns~aM@KuWDOfv+{S&Jk`Rrz`sZ~0bZ4YJ@sqdSivoAgzf*;?#Y1mX>qR#iamrKA z-2}sZZ;Y0a2{-*qO5nE}KGTFDdIlKHqVX?MUy+QvsIY{G!eP*aD&RGj1?r+i2z8_; z1U*tQfns7!=rNI{^#A|K|4S!?vq$SqoGz-cET6KeMv$6s$5g-pOm+aVAU_sGk;S4& zOo{UMEs%hH#wBg!o27<6LoTvi9_6B+bj2v^7LjO(s*Z@@Lx?8_Ps9m{SB*Y>23Q5C zcGQTmAS5(a%w2?&V;QB5E3iakLZBq`K1)2hFR2=n!c;&KsP_1Z$FltAl^7nnw?krN z`4YDtoj`YMcM$JVMH^e44u|?83}jhnUTye)P2+OGq+^Fx*-j1aw&`Nr6B&yy#0Ht` zFM_3*6hhk6{x-SctF?VnJOuCTs{IMt3|CuhHZR$hLX&S{SrYy*|E6Cti$ep`t**|M zrW%gK>{FaZTN&i*tU_9kz`_sS)EAof4Xrl$CD@3vT+E`m%Zz>rnGkVy8oQ6?FKC@luN0mq%cBp zDD%R-A!Egwg^I5JSXAZ{)|vt@yi@k zDszRJflJ+vn%OVgPHbBn6V+1WNuW$jn+-HwCJ=kkT<*#sZQP9!r25bf6~x{GlL`PC-XuXdycr^QhFxxqj+{H)6! zFA2zW$fYT1WhKctr6#3hknlZb=_N&&ixm13)*+l)aEKCqg7wW*8DU;BoSopwGJZMw zxt+#0e3j@jv$Xa{yvt23%e#GsASqO{uNe$6>{yQxpLGuvfjTcj<5>@+FiO}m8<`4k zbkCAacWbp}IM&G;q%znr%eONQ?&`ogMCTf~I}IYIVR4oLe2skTvJ{Zh)xco%nyoLQ zR2I_4a%k4|WnV&S+%zDE)NpRW(&)oGT;lRAzXQf@O_1ZpXo*c5MeFsk_Zp>Q{6_bE zS8{R};vc|k{RRnVS)H2~J63dE{kconsIQ}2mSjdR)BebMM*&!D#3xl1YlteVb5xgo zdcbV{YSAVqj%w%u47tx>#KN$56_89uC%_7MkWz}_i5^#5ye!J=VOf0^E)%Ug%U4@9 z^C|%MvNb+7z&OiNwziNV{ddJ4fhou$D1(&HW!<$aZY%%K^jyQ#<*&j|Ttsg2UG>Pr4Q~{UbpCK?_mg#cQhAQo zr7KyFYv#&Evo-8{UqkwA=8?QUsNO^|;}MsI+JAtC<;v{uaX`?U?^G3rO#U8Ea;h(zS4AugKgLA1X+^848>8^*KzizzKQ5yj<3GIk#@& zIcq9BG44R@-ofUq2@T8FD4M_V-jq=aRteWZAzOPI8P83mv&=t-uHNV=-A-P+OGC>t z7LPj1gMKO(L5aJHputv4SZ5(w^eW|%q)cTUJh)O8bMI~^12-<2v@(0H%(_z=TA|6O zrZP=`EA2u$DO+s%Lx0PdC)&_#+K4oVEf8^J!__~Xo z$k|n)@cq5-3Tgfu`~f4eJQMPo?;M^1j?z<`!-CkIM4pV9idV4)|FXP~bxoA2;Pq~v zC+7w}uqab1_~2PUdg^_^oUyXL*s8Jb!%Muv1X*PpEO}0QnmjA&=tFE3$s=RnWXM3= z7`mCuKWY$$_ueO>M{D3C1ZL@f%KzdYVBu{AIL;8IJ>Xlkq`>J;Wh_(epvcI=Z8)UF z^KA4y9gSs$>W4B*$GjN>Im&|k3+gE3c+tBoufV+j}a#r)sM~!Xtclk3V z#M2RJpVgk%RZM0Di)e^dlmMJL7+=B6OC1VA1Id_f^UNLx`YLNmm-aT$G)prv<=cc*ov`=C)v1L-9FM^q^;u**dEf zhTbuyPcMb;)6~BBLaIWL2A?{z-|!7kWckzrA;)~tkTSJrCq{sW8?$h1fKf|_P; zl8kz0eI}@sO`8#0MmZWp+mbjM{C|L7J_!AQP?cM{7#w0QRn}(JD9AJ1LZL1)7a}cU z1s>^QHa*ETNc#nQ14iL^5s})3;Wsm_jrjsHh+1~F5! zi0F+l1Ks`lOOZA%nnZ6_kU~FQC?x61MeB~VqHiU;LRK_F*j&5>_-ujs$pvoBWwcB? z)MRQ|&dnbegi%zbfUdbD;&++cwA=U0_OyS!I8@Al#gJXulUkElYVY>%?CB9~IK>TI z&(Om|?U!(cXvQdm2uwv4L_dHjdR)2Omq5OVJjf3NeW}X3Ey$BxQ=U~+L$?i`U-j0m zJ7#X`M!m{w_JzT>dkzBP%LJB$ZKUcK56-bqNVF)VQpWGT)(ZyXYx)s&o8~!J^^qo4 zSiF9WV~l8izcLbGEk~lim^jR7N%`%WX5cPowFmh%qwya?Vqgm=|5e?#!Y{QylH{|} z{{W|q2KZyIamip@z_r(Z0K%V4FQ@k3j%u@xxkmSLyI*C*@__x`^ZsZN3tkN0>1?%Fgw&J`dbs)FYS%GI%_Ho7!U>#iLhD z*ZK!rNZn^Tojq&OXdg^!NM3sqx-2BbksJRJjNE!pJ96mPXzn=6GC=N2L)nnl+?&0|yz@Qxfb3lSkJB8fbrAyp^%-c__6s9Jz%5=xZ9ijNAqHP2A4$ z)sGsvY>#)$MfV#Ce)WIqXHuQU*%N+xX_QKA8_JC2@$@^3CYB{9$jk14mkgzLRF&9mSb{JaG)(Vm!jGpYsYLmu1j zeL}MqBos-C*WpAjt54YJz$?kddri#!56~oIkz4YM5vPov#t8~N17&@++9*#Bd15JU zOtA(QziVz0a>=B5p?K@wT%q(@m+T=7=3QFZZM-vHTJ~w`7{6?czLmX1E$OyDZs zsZrmle(~S@ZCSh^(|@PWaQ~h{lQOK|`~$|xfJ;}MmfH4@vr)xsL^ z5AdVa5g=9pw5qP&^NjQ_`#|(0XlB!e^s(Oqf>Pi8?XV{fd_Zxz&L8~cVP6t9D*plY z9^|!VC$VU}o7}E;rXuV}%mTN6x;D%je4;rCH>z}wmo9nkwzx{vgvVaPa?dIp#U7=_ zk+#U=ztzI;8c9WZOm^^7j;Q}_9N9-VBR0yMK6e*(afh{+r0CYQZ^{C2?n>of7 z`h0kvln2^!?(Rd1H`w!-R{gF64;Pj}g#o1|w?7OICoex!5!u(qDtX!$G$%B!`SV>F z`MD(fg&B0a}mK6K;MKfnmuMHZ`^UOwiI3o>P#lrB9> zsZ6qp{8erwkK1B4mBTJfjE_+0^-z{{(;}*5JxV@txxe|k*Ie<=qaS3M1l1ApWX#Y+YWR3?{-Jt zGShNB4I@*}@T!A%NMGiYxJ$be%5XnpN7nIX>X{IHSQ)4I35 zAl1P|=V5b-t`0*Rn?kC(4gB9Th~1a^4?# zt~HV`Bdc`rT5Q5!e`8l&c)@q-8R&1Xe&LSnnst*zdv=P-?7J9)If~$QNSIW?+83j% z12PkYJjwpZZi!oJFGhYzfn*)GOWaj<-XUfjjn84S%MEJ|U$^|qf5$gHF8em}9eN3H zWbI|X8n6`T?>eKi-sixCBl7`u%@mB|>dx+zcTX7F@@8P< z%4GjR!d~{Lli)xizOWa~H&#(%J9HzRh8oMke+T*RH;YIV(M)r)^VCE4J6m z*A3d_Q$d`0c~djc$lO|Nr<~+&DAbtR$WJK#j?9#vD-iDS5KXkXz&#amn4X@6vr{#l+n}e(JKS2C zVuVt7Pg(fRcir`ka)_T>lX`2_IfPgyxDJ%-3wwD2>QWq>6zc|;{A$1IE&H_B+J<1_ zHRwg@=wr*L!wi8|q-NE}9lp*%-u@Vx@5f2@3{LIfDv4z(`!{8SiHV{TlAUWRzcxmP z;B1NQNP9kg8CSDZMy;2giuBoofggHmBU6SbMLh=@s(<+UU`BqExZ`slM z#c0l%aqYApTJ~-roP*pipwUanj9~Hfb4hd$Jou?};A$_1d8ucu;=*&8KR@`GvZ|S` zXieaAu=~FFkn@X%e5osi3B$SI&+`f-E=Dk=Vl66mI7#Re3K4KM$5Lp)Gwsj_GulG7%$JN!wXilE1*A1 z^+>acO(#eJySbL#S2PRen!sT`7^kjm^Ta|Fm-k;$BdD#_vp(;iVRA&*(Fpg`gv;x3 zkly$0YA3HqdU01~NB`ZhcZGi1q?!C(nG+MA0U4XkL@bF1D$CBTNoV+&Cj+{RIeg5g z!*Uio8NJj2ZerEJpbtqWwoeI{Bz6V95N+tbSG3}GCGto4OM^)X$^)Ife1)il|DL~& zt>DYt!UP1f+^CZBF5#8_Dop`rt4QI0wfyqQusa1WMSE+p7j82XM?0J+1n2YbIGa5P z9LPLg=e>BNuZKj^P`%c|Kcmrb1uUG*bu~=dPNODNz9CZZU~IQkpPXXiWG;>y-W9Bw z9#?&yMo{lZV94s4CpNjd!2LX?8&8mw0042rKfo?~j##|}*SpxM%zpp_IERMIL#r+< zq8;n*)8+N$b_XLt`k?ss0h(Ldq~b`T1|%*~!?M}C`mqZOS-_b{<_!oBdU9(X{bk3k z&~C(lZmm>Za6;z^>(hBKnOzCQ79P+Yf&R@PfZ5D{tLL?~w6n;Cr0ef3mW8P8{O5qv znJaJ~cXk~KU}{qpn65{pH$mW7PNJwhOHF?OI;c0-Z@thn$e9llh5B5zt{{)Khna$o z*t83mnyOoW<&>0p*MaxYK~B2mfm6A>qmK6JUQr(MqD8Oww~yr98nUbk4^QER`i15{ zrJOfbWmAHE4Uy6K)N-V(AMU6vyVl>S=dtjhP5;eUirkG1n?J zJXgY(kX6%WRv3kN9vZHebHhhd`N*UD?)Un)*BeLf;ds$3chI3=c~c=uB*af{D^!wO z!%ReC^QGxlVPf6e(Z)CqMre#udL;?tlC$x-Sox@|l<#YOvvJ^I+0c|xF8jXn>!bTx zSBSc{kNX}#F&KkVO6;gS$ypdqyNBCOH4y~`j`7#nBr7Fl-(o8ZD{Umd!f!pqV=axC z+Q{Dyw;9)zdGA&A1V1W%;TL-Ht~ie3AD|^%0t?j%WnaRw3Ji5yNkBbMnbxsjMp;JJ zAISEubt(C!#bZj#)@?kC<-4q|maV&w=G1Pa{JxV(^CZUmw}n-wa;X{@d-B-57t2rCc; zJCG-!dKc+X@J!3ubv!sZWVZZ272+QNCbRU#2=f#nUl-Nj^?ml#RL?1#0?gzO+?Hpu zr_b0mXx(15)o0C^@0%HghjuT0ceIrrml~qPVh4Uqa+I%rtYJm|NO3eOsn6Z1>YEdZ zC@kPXb|nR2W*QKWt~9ljL`y3vKMeV!2B+B8(ef)y8Q8{TX)HjzS<-r%QSF*$#ONIkdac&5%KUn+C zhc1RGkTFn%D7|UMz47b&IG+QkMt5u`$l3i_A($K^3jPPEo56|^dw0D0Zi;S@;{a{i zDfwQvgXY`mF}|mT?LFy7l(VGUt5YtBLKw-U*uIM$+-y~y9r*yM)T9PBg!)}9~B38Sx zU7h>)9Xqn@kQu3r)|HO>=1F?aWmBPYi8{Zf=%HPC1|5#i177oVV1=N6czyca`m3#9 z#u)koS)NN%-70psQbeZ&M?!w2`;yS-shiO4i{9m^-&8+JJd}G?N^2H;sPv#vWa*p8 z+qtlse*hmuy5~PYxA73@T**?F{76w=?TGHG)Tdm8ga57J5pe=oHlbbf8+&U}Va>PX zf+OHDpo`C?FbiDRl~E;aSCo~9ey^AkcuO21cSw#U_V|GSJq`Y(A-PXDZsC_LjT(}V zGqU8EZnkr^!PuSyBGDpPd3nY*h+=-OtX#_CoyjM6wx2$wM=q$lQcUtcKm;bi=E&sm zPULod6bJ6BJxO4=o5Q3e=wo(f|O4n~J)X(Fp6TV-- z5^ON`ZwG^1o*t8Uoz;t*v;+*?mZI)DZcGkv&kegV+52A&>usfamFqvi;hoTVGlu4_ z@$RT}S@voy!F2AB^>#~zJ3S$CNc}tRK9-FC9{ztlwde&DNBMeDx{5nRaq-5end~aJ zJNAgpLyxAt_X>Q1JOzm|1B1*kR+_mTrYI9>(_@JpIz;`cM2!yjPvUNbh0ITM$f5Ww zgb__~ELW0O=~Iw@D$zP>B=g;fwfdxBuP(-Wd>P-7{st|u4*l8PM#z2!XJK-bS3>Bk zj5v*PPS0Ikk=mUoK@qRyyOU{cas}1Sx33}qR1Fg1s?F~9reSh8zk5R$ldOGOscc%J zbF~7dy4i}7N6QA`UD#gdYjeURU4YpOcWc4Z`0m51%nWhL!nKOmmTJdZJ;kJg8ai)bhT$r z36O%^epRzJ1twz8@RKt*u^Z!uY59|7^(b4ID8`bxQAg0@JWKLRHk~_(PD)5F>8oJ0 zN8v5^s~h_QkR#2v%cP=Ez_#!~68<^m$ZwGSG1Y(%%bG|1YiSw&hKxKYdeLUFI(po6 z-Auxw+wNFZ&7F3qYYJ+at@>)#`z+?Jyspk9QhJWke^@0{T5^&|0sk&bWwanTa{^;O z+T^wHFbEHLdZP8gl}2rzT7XKU+Z>wg(x@p0;WXYBO?Vi1TOB*6b23~@|5fai`i1vJ7 zIhKGX{{iZV+{@KOX9RjnYrd_=Ngn*XjtNhW$}Sx2!QN3J-41SH*zCAs<`k9R8+XSdbb1L^S5~Q2|rhmm(D8c zjXMIU20I}{($yV-zB&tNs|i$?rO-91Wx6YlfGXdbP;{*@98*>pS%zc^a>0-82n~~$ zqe0ZUW!~KfbnmBNOe}R@q9QW^m+h^rJb2oQ1hlS9lb%Oe`(+(kX+&d@fHSyzI^h?X zUH(Ih7Wyt+tP*;bGL~FgoSZ zZ_g6a>()sM?Kql(SYl0VwSkjRTU9SdZGNw6Z`3@7%heEeSDCIrQbEL4+NZWy+vwq= z(`|FDwbLU6rtQted>JZjlyqhbM1h&FI>|@jOk4ie?KhgWi-i%yk?! zg3%PvT3_8#o-_XVgFC0=v~8xC`F2KQXYk|6sMWq8r%T8s+$3Z;Fr3;9%>14TeJhW4 ziEluGSH^QN719cI8rI_1rD+v3(jJ;FN4xlB07z`ZNcUs8#xO zg?|8dMk+rV)LF`5Joh4XmxNMCb$pJ-hgp}3pmL}w$Wle?c3Y!%e8IHoSlZdsyP@c@ zfCq3@1_lOM)-TmP&#$v!GNV;n$JvWS9NXV^HNpubc)WLYqo4=U!%RNR$FkJc0H54H zR2vvlF{+$S(N70tENa_Zljp-(awC|m~w_j`Ab|sFYXHr z>N&k&ehuS(GK7Sq!DtB!a^vAb%mai5tkA>JIP?>VNE#H1l&3oxJOXWKBY@BI8aal# z+$}BHD!uA+d=fNL19fTm&30nUVmu3N#8}?f#SVkYhfCxx4l zQ^g|t{;oDVn!CKDrs39>)u}@_VGLm>VuGyC?i&OcmYgyqdN#ao^J2ug6Tcb|jI`pf zEMLhpoY73X_`&2)1m4wPbn?*Z%R4s|x;@zii&F!bpx!HX)o8;aS;~4_t`?(oHyWrj zjurkD^|oVU_Jz>`7!-!vghfYh$-rO7rTmx4{VEHQ`8ubiUw>a^Myk`UhG)0Fo~9`@ z8^hrzZ3;cu_+xeF!0C+N@axOAkkwe(m$vY=t)Il{h=!~zX>kl#qNpI1t1Z-`4C}_! zcCu=g(Hf2T(w+5P=VRBa2VGnc1|47!iHNWO4ZHSdC%*J5lI`=Jp8GPU2-xi_4hz1JM$cq|(-s=h%h@o$aowH?t$ zIN&*rft=3!Mo#W9)q0mt?=BNE6>c;zKn|JO@2a%zi&i>k8ML0PI$*Yh9NR@hWQ%=p zAJ|GP$M@MH_fLAdM2|&cS*RUk9RknRzttlZy=KL|O(Qke+M&V2Oj5@RH{-UM*BbAY zRr*QiNdlDr{8E~^5Y%wxDP2=c*9me@T55P`D~*pYZ^n2aZ6QsGiB-`iT-9^?$<78v zT$|X!fx+V>W)x9xrew|dfC(lpOIArzvRz3E5u~Ft^ky-bXlaJ;dRWgsnKj2z;%qF~ z3Qr|95G&@8N%spOv*Nxk?Z+1`QsDLn{-mk42D2a%H~JeIvD)>{ORVpf<6Km|-TW$( zy*o(l?>v7<&I-SzQFl@Ivvw(M1}lEf*lXLcNgz(`D{dtM;8^b48?UF{Th>#1^Htlh zBzq0fWsQ?7xO@mV3lILmA@j5W4} z?;D<#6yK45+5ZyS6Z(Xo6GZZ|n?t;H`IT6v*jsxk$mdL^Kh{eOHYYT;{hl<8qM7;2 zeuT};^lCVTOBvSGpQ>jq(Lzi5vMz_8C=2vPr*A4J2GxR=*XBOGisSS0;}}GN8E2Lr zMm1#lFQIG;KGPfPB3rTBW^~!j*Qw?|aoa!QP>FBb{FtMtVDVa~4CDIBQCmeL>KyT) ztKCnrSlj#vk{ML4321-JE0&*o#0(632Oe*C@cd188@Js65k*x3$3upn95X%kY>*pe zCeMl~ApMPea^>t{|Jo2*7+KmUoX`8>O1)$AR_Ht?&W{yQcMi*tsyanv{tgh4Cx;=n z*dPP6p7q5_R@pPXwd4nmja(j~Xwd?z@JnL}QZ1b)ZAkBEl6*qFy%R zEr|VEY8N%HmBu~E3x)BZ9RUL5x@2g0zU+58R)6M{}qQ^X)0tNJ3Np)hl+lAG#%- zj*hBr6F}jAtK@_I@uzYQa=Q0}x&o3f^y~4}Aq6en7WRR}boxeUC=^N8o7;TE(V6}L zMz5+jCukZr8E?vo{lvH0W<&z&nHy2ClQ(tXjupunGUcEvODB=wbf2F>A|ha?COoV&m_ zjyZ{rSvs@m9KJ&4XsFwp_Qohi^W3x3dGYVP$gZ|-ZFtCjQ1yrEYqV~ogH#*7H?km( zRh~f$g|!0u0oyfJ5(HrB*dfCRlGu@3<_-q3j!rc~)tCC* zB&1wP>_E+{y{!3c=&3Y|slz9*`_lv;OPIfqJ))`$FYEjGnVBg~i@oEQa{YO7d1D9# zm7%9&oTn2;?PW`=eQ%*=41xy5;-?1Q*sUE&)fn=l;i2+S0Kd#;`|$PRGvXz`{*HRz z;-nRw4ccI==Y#fbZo<%Qt*NCH>Y!Wa@c>;Hl< zBr{)1M(3}-V@mw?(T030TrO<6D1>wBP_QG^2P1@26~<~@Mnokl^L`{xV(txk7;xOV zM?n7j^By3x)HPA=s}7lU$POkkBSzYS?{%r}eJokVcHmC4R2LwLZ2{GEBbMmLc;l(# zn)?z5TGdljDr5m{)=4<0Nzffx@U1WrF8+frBYT?l3}xX4*G1%fRy(+5gx&PkffPPtE>;R3laaS7^r zYR6z03E0f+=Yh%;Dn#e|&=MzrGy5UFvjKjx3b09pij)l17pOWK_NR!N?xp#~`l&i9 zM__GRa0K@T8nF;eN?gL>Qa*=H1D%V|Zs-}!_yx(_&D6Q4W1V?7OgXo-%I`kAkcic~ znWz(yqI0wS99P>tI*?U}a|p5V{fjhcnIpXNmmweXNrKckJtUjB!@NOSMQX^s&+v;4 zMke-xX3VRiUfh-b5$Tt6#3&4#0hz`P^GM}ay zs4>?@64mpsc`>X+OFj`|;5l%`fKR6fH%Mg&wW464S$)hx3}o&`Spv^bJgn<6=MXMy z3$!FFh@wm4YgDbX7hVO+M<(E{fjV7M1=$NKF>^C(%dmlqq( z4_9^9{Iu+9=eK0Q07NOf%dq0UKnwbt73i2Y-pz+edzi|QzhewWEB=DRM3O9)|0~yb z{h=h=oDG86ynC|y%xMs*^cs+5#An%G+#BlZ$M}SAr*MQr@?CZ4**xeJ&K#jau`$)$ z@AogoSb07Y8e!@CSs~{}G(%wX@mw#7R^UazNl8nkdY{@tv+C4<6jt`3wlk1OKat`< zPL(PUW!FZ#d%cGk?$@_F_Xxv)60I2iG%g{*hYT)g0`K zJr>VFfKzKIf}%Fhz;->frZQkWIR7628JPD<(wl6RuKJnPR{7LZRt7rlSkTAQ?+4Su zX+h+x1V83o6qDMZU)~IIHNGoUFg=3om)DJXK=v!lQ79kJ_6A!C1u#c1)YzEx+UUJp zaZ&Q^RVsdh-L0k&*bKsQ%&41Nolj+K>06hpHe(gxcmhFPmiXM^}?^9jza?tU55_2 z)k`j4KjLDqXDQ_IS@0UCAg-^7XK5`&(?vlNx%AHS;h>;^P-^;s@p!=(y>snq=l4GZ zffa>J!?bA{Lz*gSdc?T|?N`GuGhWWOI`X{iitH?mCaLDC$PY9sYI`z7vf|ih)YEm# z9e`Ve4{;?>(mi!hWV0ScIfiuRfzRax{$A|r$+@|;ehqiru))I95vVqO=}_@+h5iiBeOa;|%V?^MJ^s2 z2#5fGo5u$(`$=DVy{O7^L<1w*K`$0ON09=-$G7i8x~>qmJUK zXkSo-l~>{)59)Lo1yJfSN&RtDtPUDqrlB*;?o~RA=0rDRH?VT)JPS@Da`a5=V^O#D zaDxr;7B=h4)sQ+7%@Bd1`wx*5ff(PaddJEU(d0eqHbARW!R_~6FY;=VaOP|lQFg!1 z0P_rM@nZ-myIv^5L^7^%ID(X`*>VpX z0%K;m5N&U|maf3bLc7?hE{bfsNQm$VY4*d;;Kn-2q}R?qKKLu~bFoC8&IDoxq=X6_ zt3n=zp}sB;_frf6lhK`R(tfXt2ATT%M_7FD(BFd}n@u#iB`HjbF`k#8Fx!1&`{184 zhZWa)ja!hd0iPC(xNNeMzQW@OuG-U>yEm58Y{i0*jqiqKH=}ihsHH#@*o=`b*_1pv zNBg(r%m+Op<7xCXWUQ=Gs`)0fG909e$o&3TH445E?^zQOQ{)Z(Qy{MESTE|9p>zUW zta&q1!2){~lM5y^8>i`;PS9sXyT}KZF_+4uD+n)fO_&8<>GchcLn`gWdtp@e)1}I= z_?916Bx0o4?Ij#1!|z?J?eJz(g_r2=oe56OR4mGCT)nPT^xVQKz)2cR2G~b}HjUr+ z$m$Qy|H=g{jTFA7U~A>gVS6 zmF7mVE11OF*^CXwG;exDSY_Sb^qb)`rz2;auK`Ps;fTtgpg(aoTU4K1B|_KA zMxF@hCYiiy+N!`V3cf`(X7|AU>MZ+foK6xxg%o5MVt?(7ZOG`0z7N`8c}p^lwA_`J zd)w&%YW(ZiFC1jPbTJ;zlEcO7*V+MR-ea&zA_8K+)yt1vrvCJ?mG&s_IK~6mIYB9R z=q5JCVzsQp>7{O5<}TEm_L-ii_;`0k8=Acx!q9D4JxB_i5hO8V(t3q(8rO6W2b>lI z3Eyf|V_s`P%nk8tdbnO+c1SInK9F&AnWWPs{=n4SXKw1$5c|{C#+^f+Dua67ure9- z=T-a&vawhtB9!~k-0Eh8DM)#Q1Adl=ik;GbXk(9x`Y>+A&dl=Pnil%RxXErc6#1&( zbJZ5B2=C28=4>oknvm9e13ilL`9hSF*E9DWBbX{se^GRMXOMnZ28nMZRc8YB#@K4I zCm&zY%`XJoyw0{~Z}xdg9!g8(xMu$CNNHMb%+>4srvj6KC+W1YHS?MP(BSXO8PVlv z#qWhm0@(_rn2qV&jg69cxbc|iuC&+JTS>{qgot(?x(<2*wTTtwJ6Fjk77kC%_-5|h zKSSWgY-g!#r^k}g>HmYJ_l{@#d;kA!HEZvhwF$BJR*I^o2Tck{}Bw>c;dXKUw_Tiq&7GdS|f-dPUGCkt8v)H<3*kZzEP=Z0*-5 zXJt>2DPY`}u3F%y3t-gi$(?Y;d*}%rb7YzYOc3O@C4y%+jX2nk4wfD=L?$YfS58|i zrt40PRO&|Sw13O&lR89Uw7b(vUkzkA{V0p2VSIet%chaTo$9rn0iSm0W9s&;?aX1D z)R{{8k&u|o$I}72YaX<^8$LqJh-J>_F$o($0UC;m!IBsyWEgwLe1BY^hUxP0i;7HV zbM~8r41)ACxPIO`I;N`I@Z)(y3o3t#AlDyqIDn;Lb| zFGR#{KA{7iC4+^st#ds_1y&Px92R#3{-TrIND5N=aZ}@j*J}}ki*qKDD32c)Ft~v+ zmK;pR932Vu`#$;pMg<>fS3)SrcqYgZgvIGT(n@n4Ll=~1giShc8@y1r1UwX*(dVx@ z;A%VK+(EG~29k#?fyad`l3oQs*#nr}$>~0$B25Pl7s4sKgI*M?;y4yZ)}sI(c_S{> z0h(J*+ItzKjv4{4wgF`;Yr{sl>X%}ZWV=a~se@&cF)xSu>8M)>;#5C3>2${%_4RC9 z3Z5OT)vhfjeSl3a4BvOdBUnuZ{LV1z-@f!*bOr^qP?Pzq`)V6sZp%#aUrKy{*!O_g zkUAT)%~OL(MeHtQGmZYyIsP?9rg?ANdG(h1(9)(yn+@&6ye@IFc|U!t>CZg;Lqq3e zOMZg_MVc2<(S9NWnu@?xa6$TV?td7RTs!-KC~99!59w&&XWGg4f%3q21KfO`_+Qj8 z+c_jK>h+TXN*U%H+*jo)hKwH3VaW}QEoH{w``IC#o)Eaq_>U4JEwc0@^nn#0Bd%1LV{gZhE~{wGfuJXM_tAxQoZ%!VeRa8JIW>dcW#c%v&n$%98f% z%a66k34ibHmt5Q+G zgRV$6T_~CR_A24d7Fj&*En|Av&DOa1Id&Q7&{A= z3gqZA_`Ph7+Il0x4S;C>@;~eRlU28|JYR6D_d)Uj+oFp4og@1Pny5tLl zcZmEZO@y9@g#$dyiya@(C-^;}G-I1;p7CL5jgK!P@djuUsi?}Ato8Kqe&<(k9yx<7 zuBLxv*YJ6BaFQ2Zw1$2h4RtTxuoG~;gsU1xJGkI`rj zDgMudv6df|`yvS4ZM3d=Eqx;tTp(<{e90sZyB|da>5t6Yt}b0u4TyB-Be@kE)=J4u zuSE8tCFL-_%$ba`&gysC(~c(!KcJ94Ri@Do$S*^NAnj#uZch)^02Et_CDf@MshTs) zG`6DT^&iH7Qmx$@%7f~W5n&0jva(DRQ~-URJjMCppJFuVp4YC$E-We1?=Y&&gY$KI zd(>;*&O{U@f8m~lButs6|J3D8XrSNam9M^SmXEApy`=th$87t*Sg-UD-~SSgE#y?s zlMwulw*fH)Q+6!Cn&iOXf9WpV#3fs4eLJdt72|R`4Y+@v%PR$mXo_%+sF!$yB#&p| zb*KXN{T6eBgh9Y>(i#FGk)jd85*_%+pvi%c#O^DYzYc$%4m4VmQFKixmtK9P0W)Xt zgW5&zx{~l8JA4cd@2hhHaHD`ufZ-?^+uckDy5?|mhSYxC)M|BR*H4|A3W*_EjltP8 zdxIlwQK!^SnJ}?kd`+lgl4D8VAo;ZOCM|Q+@zdx=Bc&s)NP(xWp>f!vnP8#bFRU4? z)wiQlY@CGV9^NMknz>&AF|eRijK_b;sFrx9MuqYWNvgP?i^yZCmcKW-pEAdMCBw>n zc7}5>;By>+~I9`P*b$#{p!G9+&-k^G9N7dW>VI*Y24TTwJa3NbcIVO6W z%yfhLE!RGM*;Rs1Zbvkmy0<}#tINwvC3ut$>;O~*kj0p{7i(}sD9%=Tt>-u|c|^&1 zGen-oFVRWEo@k>`XKWPxlidQnPY0_>l4&ScC(b;{!{G5&wtNYGPrhcu*VDruHy_WU z4Kl*LOq=XLcoIP&EbF#`db8pnA&*Lkh>NyqbCKInfMgeRw4p?-GDO~EeJ4LDb{ayb z2e~QWTnih2(UJl0tTWiD+AfFv&G_HmdnB9Z7fus|(`DVh zQS^Up6@3-9vrDt76X#5WG4{(^q-q8Vk^C^+&n@e9*pSG#;vyfL+TU4R1qsNh_8tlp z#Wg3U>i?{oAkDoGXMHFcnOCs&ojB!xR}!Ch)>4^RM^W_BBBmUJ=Z|_C3+HcAmUNCG z>r~$e2JX7@YK_0xL!?g#OxnZufHSKGTTG#}xVp+02!?9qtSXGg*R_X)vhi=xD|gT* zgEwaI7D~QIQlf@M^wp|_AeeBlYL%IP&YE&m<@Z<7MUO@6;S@=p-u-)n#pWN9_Ju(A zV@~;@NWq+#xG7LiczQ)tEzKIG#kxEvahItf?m8uB;ZG~cymzmN4y|RDkA-5CT5Jw} zNcKd($6U^x{qjXk^nMasfIkPnt{&S;DSb4@PQUi*egb@}Zx>bj)f8Wm=*=jm^=v0w z=q3M_S>+!K&Yj@@F#LWf+tGNE#_oGEJa>rK6$o#hwJFE(sk+dL?(|s(mKcwNmdKD3M8jb_{jv9iIi>MxD|lb;5-g z*;k>PeIa=Q7?wdhM}(-oRj^b+IJ@HkT3Ge%2>NR@WB(szgB0v4u#xl0Xl4!#W;qAzP z$*bap6YMV8>tZ*9gY;Uzp?QZv1s@W=-cH`#sGr={L$@L?vU;a)lP_E*1z%yVg4_ME zl77P;mx!MIy8ZaW{6cO7qwj6k)7%2&jIU{2pl~cOTA#nb6U9pacfew@|Jz^A*KJit zjWT74SASp=d9xWE{JUI%juxmnUN#QCG2;!g`?SSd&uZ{ZFOUauwW&`+R*cTj#O&AP zTq4#hT=dzlm9;U*OZ^|rf{IvWJzGSxP7Z8m$k7HdP{GR#JpW@S6reiP$!#Yea=^nl zm!h7t5iF;yN3g82kU;D5p|v~QPOpsz_hPlMZ}N4=W|O7XiJ1r_3G%F;%Iy!sF9+dh z>Zm@t0Jp!VHfm1B82;N!<5r6-zf97y@g^I!4C6cYOkf?+?w_8g4#H9~{j@yh2auCQ z0?UlwY7edx1ptFyCfIiSLA7s&nWf*D5N>@9Ik{vm1eI8dJ0?%N|AsBA*ZX+>!sqeE z;%mZJxw39Fg`=wszguX;;PDT`(Oz^I3{E@0`*+;uqZ52L@C3SN40%Q@j2EcW9|Q9p zU@Hp)S<#zjl{&M3i~l6-1?xWj9wlA%F6d3zmNSiV#R#!J%qhdDw#VeRf( zwE^|Zy+eF(P?-HSZKcx@zJv6-E-FoLhMnC7-6i-Wr_J}K`UwUIe9|pTxFN|?dZl0t z^yYLC?$<0i=NIM^Zg#goS(s85ZAHvp--*3Z1arB@LlYN`w-Dl8EUP(5wy(hD$X*0} zFu3uC<}2{as#81Ep+U@lSc0+Z*so=~9qNd5p}00^4f2ciW%!d-jb5Qa_fylQS-i2= z5&7;yzfbOTW)2be8UkY+xzdmqlL#y699gv`u;%Tp!(CMAS^#y|{WhmLze&J~p#&DJ zPQO;-qG8EnFTPL|8)*yOTS{_pAf4O7|4wQ=w3j}$blz}*Qfp=Zd2CFdz@)sA)dJI{ zU?JGfzx_;h_^Hx(sMhE2U!IZpGGijG_&15?kzwwwSHBvf*3vs&l=O~|lm_EPXKHDN4VOMhFb#tm)K=4eGRC=9Amw~r zR(tD5(LKXHW$iL{MA>1cBh8;e!jPZF%;uV7S?oGwlktCNdje^4LS)hik|{W$F@_+{ z`&trjB7(L267W+h!92JIX?v!>7BlbI`exZ@F=3}C)ZyH?paBBe7Q ztkfO!oec1wEA^5}0e|t3OiJH@TCIKUxlJK%>^TEC)h3}(R7mbgya0^)+U>sYPP~ND!J>U;YdiyziM7TR8wOyzt%3zNtade5}lcCQZ zUWn5%a2~D-RxIy4RIFVI*bXACaPS#nBJV14yfc%z;tej0$?8pcK|`7hmRK469W99S ztw7u7SDvYVM|YutlNEVRHXD6eVZb8l8T|5~F0tcL2yUE2~S;tZFs>%c=MKL;$bPL{q96sMtY?KL<=?nuM}{#yLTBH7a~oRXFW zx99owp<57+5eJnEC+7~$ZWMbRhOhi_QHT1-0yzDkW2ME1Scl$*#w}zfKPRV;YBShh zZ(+#ns}UBq`Fq6;vC9h`v+{@l~rV- zFSJ@IHC{d?CSIX|u-q7ps+=YK#mE4B@>;=6%&zWj4h3I}}H600s+@aCNqd zQKj!L;;L!8V;llQ@dVEEHa}Lo12UIr>Rpd-fEDrU z8tmI_NFsjBUF82IFa7jJZXk&jLt}R3dP7~rOxYus^DMTSkq9!*jXDP1JIEO7 zN76`6#}5AJBoTDIm8gP3R_-&9-R`74Mn*|ZO(pMNP!rK1xseIqRndprc&b(Zt3qLc z^RWOXsqAoP?S2%=oqElYjah4$`VQ>msqm=+LheX0R|e5{aFfgtDH9vDRsT8qN+ta2kQ{$|Cl%*_<}v3>#kESmbnWVTWsRM+!*`Wo~Ad@ zv9;^qTBDmO*2GDM9E%RQoQ_N_a%^FZ>CEHPv%6Hx^b@I)z@k+ddv%)F--h@n!JN>mfB{s^|9`!e#VG@fM2pBFk0zt92d zD|1B@pFchCv%fl$P1p&=x(<2U^@`<0PPdxEKohOyQcBW}F>ltqXe_Urn}n^-a^(8Jm*OjM<9@4*A2Oqom9-Y zuyceIT?1h-0f0&<_M4^{_-D}q~eomczU#O+L{_B4I$V|1^ilzk{=evac93r`LE-lS=vb3j8t zw0KzvE;5+LXvdIX9Xfv03%k=`TIQR`PeNMc$|K8AHs-$eYwLSjDPSh(hqSe~%Ex5a ziScTxo@HNr>&AW~+@dRyfOfz!CPq?-Y%;zm3!zot3zdp^pEjyCQTh z=giGuGfc@DP$pY9wyp7;y!o^C1-YSq?B_gdZ3ShznD$!$uG`u3PJx&KcBisM%U?g` zW3Y8gFoFqeGZ1w!tY(ZlidemoVx1n5Ei=+qN>r#ODAaCrAc z6Uf)|ex2ov@G|!&vB8<-pCR=jj0&vD)>Cjdxem=A_O7twbp_bR6(PCb%Qdlt7?nz2 zYWsO>WZCq)RDO@?5l%7uhY>(^n_%OeIpK7cX73A}B{y2e z)i0riNMH9Nc-`wcoa=*J?{*jMtRPtR$;SP89teP$v!0W8za-xst0&`$Jkic1He04N z`9;r2#EFKNMIFZQ`G@d#S{NqL62f!l$~CJPoY+bw6paxxjdgCjJc29zbXK0-ekJ;D zS`~O&f9_x1h$A!D0$ckXs$9Nr4z?0jY9#hRgteM=BmTqi6yw1SeM8Yd`wLlio3Zu3 zEO?N?g~}Y&!dCA2A>Ki(v)JTqN^ZO1k99&@VWSqCEyp>V=5rwcn`xk8aA!uI-&lo$ zp7{yM#+S)u0eK4LBIyPr%5tm15_i44u zIRM(2TnR`?i7ASR|Fi_Oy*j%(t+Z4~9m>mkm5;D3-6!ue+l*$c5_WEItPTQ?Nqrtw zM)s^Z^$!3SRPWdlp>sY54&r{({m>LYYCuV=Fxw-dZsJZR_tIEmt|#~R1mf9N{+lXr zZLGnmk!P4ZMeSQ8MXL@e9;foe_8ECgPriIs^043|<2k_Fozis9gwtKL`tiBYoZDkp zft?HD2h@j7lSRSdWzc7(ZMF|NK=RB4*K8`CUilL1MLWAU6!00Qa#3A{=s4maF&ple zgrEhTw{S)Xct@l(J%B0T|FqorYXfh|rO*}_&OuYEi_cL&F_Vwrg?cA5_Ixz9+nsaPfJ;fTSzM8pOqFwkBt2`tp%vPO4NVvO5m5XevELL2*|v3Xsg~ z6DoNxtxgby(fUeuU09j%!*?F=g!5YV{Um}hR|uPk_{i$4nAvKN>juV%FS9pRX`BBG{{X~jHWJy|c|-g+DIx{nbHf?X@vtDDNg z3^3TKqm9E_-<`USEiL-ee<+i5{HO-;_4tlrg*oQ^<(zD=?|Mn5dN(b!fLsqwfv}ts zc}pU9jX#V|z?E-Olp|Vc;f&U6?hXSuvTbZ1%Ex^Tqs2xI_%mxlP(V z>%XjNXP}BS2J-CMsS)-wDB2+8dn+s1G4_Ayq7qMQPlZ%hO%_el;&K zTABhzKJ?$Fe}Bf-$6p9S5eiy$5E@<9&Sa6&nbE|Ro{4RD$9=^YjG8nyx%TsL^IEkx z>wWLCO`pX>xaA?(3XlxsAFk0e6PXGj=^ov-SmRrC!QE2q2T_2RwFaf#LXk~9eS?*g z)6@t1sY!eUS2*psV{d=`O|LF@|GGK6_}ue0CmSZ8wR>eNn~I^XEX8!%1f4NMHhiWk zJsfba+Jm9I8QHCBN@#peJC!;~OUu%>_wWBiFCYSF zA&wg*LdTig0@~_E?9SW$HwU(x8uq3}Ab==8Hh~sZuJc?3{z&o&0I`^Rl9Bs`4OMQh zO-)CnqLV9VqCK6J_F%teO!9aDCtxecN6|9ld#-Rmn_C8YNqK)agcw> zZXYNYPG74)zL-wD0+r$rW8PG>RYOkHXn|VOtMyMq2@Ny zrGJTlI7+0CO)_F`@c0Ybor}cCtbGiYD_o71*cv_J09UPXWIy>923|WqE16r(33fkQ z6DPv?$-w9Sb9`)0f&=%6DQ%tByziWsCr)y*QzrD!P|1SF_p+mwd!(?E6vGsQXc<|J zDTk@IZrEt+n`Jz#PmEPk_hf9%>w~@?e`nSy9#Xt&=GHMRed1#%sEp0s3PGaB`b~`= z2*qlWkJGV5cF3|7?c4^^`5aVTzve$*(Oc()Wh4RvsMT*XVxKlPpMJnxyQCf~cF`T{ zH$aOGVar%`KfLFKWRbG59(b2s2A{2FV?Uoh1I?bm_5}O1TSSZkI2w*G1;3&Jzf zXW&R$QaBhYJS{i%rkS#c%f^s;9OpHf-jSBVQ#wTAg~FiBgV{sVOV&hB_!ZSx{X4G^19bzhJO6GoB>YaOEJpN5 zb59H*yDo1Fe=yxo^l6Q!Aj^9{muuZ&$UBn^E|FLTJ=-=v23Rd#(^89@3cZ8_!^=Bi zO?@bt)TiUdKjAxAs47}1Xe7DWgn%G;Pq_9sY-_Pzz5%;ne1*C48BWc+(^avLGa#F4 zzq($A^;;wf6|1u5BvwmNAwn37lvO0)t8xKQg6Y*C0 zCjD&b619x>X#E#!C5zxgN^&QTg07-)bFlbmOmzE7N@FLuq9z5)$(--kCC)S4;9WPg zRbuIk1jcav5RY6zUt+{;E)Uj$D`>o5VhK23!tyE=~0+5^W4Fv_$&X`bY;r`b_&&h^Kdt&|P`kYND&OU2J zIP9ZhFGO(+ngWB)OhI@VxeId5BveZ8c}Aw$v76x{me?MX;PrrBepTbNdL z|5u?e@M4ksZ5#d-zvFo;2kWpmrg`QK9N02Q-nl?0PbljLQPw~x`QI*Qyi4-elhTi+ zCgB#^W&e_qI?dJH&{|xDjGYI(zE>g*Qc2>@8E3d(@Qi*s7P=e##1foURrmQD)d-vV z71HKY04U+>!4#e)aTB)LBf&9@_y|?2{?FKfT`z;(nnrRu+z)Hx1w%@wA#1G-=U9WE6iwS6H8$t98~>zS>= zFjVeorc~b>cjw2iJN>Eq@wi$NOk4|b)4{VoC+gvqU9k#7F728tdZpi69-TA=JHajY z>80i>o#Q9KEBmBMfD1mQtAL#Cz%2d5#n++qC*YoFKhWLmvtgt!r@$2BJzOQpOu!{8o&P)l7Sx*;C>sI+hiS7E&x?XNx{hRXKg1GSQBh;X1@Hkl zMgV1 zQwZaPfpg!8cyDqf%64}0ig=tMA&94N=2@d({N=L)AD~9D8JGb4SA*moG6N+&51g4D zpN(l~KE~P#@_ed-9P-`0Z3EagKNk*LTidr`U6r)enwEE=-_Tpz$or;)p@&_rZ&{20 ztYr?VBjpZrY|vUJiW7GLpY^G2q{zR&kcKM7Hn=*nHvl;|dPM9f5f!b(pg8Cjg8aq; zzPwuW?}EjUd@@)9^m8_BC%xY;+M{C_in`!!4ZH41SUKAIQpW$4;o!&os50FqhON}a z+ys*wxlZ@USV$a{Z}8iYsd2%1m|BV2US@@GK&LojS0?6@`e13x&xqS7tFkPbF2}6i znH7Eb3m$&Z$3|OCe(Hu4k-m+M#ecE+xUYyphBgPxl?Qk!GL`u2LetqOZF0V8&5+!k zva?zcXG;l5j<=bSP_+}12Yn_9&f{^40}TrN8}NokVZx|*Czn9MkXRgSw|9DiUiVGb z#=_22v_ko0hyt)}9cb%oc#d33|40#|vqn@Sv&{IZ&N!+7=E zgy{h&Chhj!r8*dFV z>384>;joAHM43G+7Vb;jy-=qwt`UFw9ETVtGgu6kw^CkYp7SqKra+P&v^)G5=|hU=FCMv*sHr~k?k0r9rXeaZ zi|9DO4vZ!)0U2=NKp~0KtzQ8Qqz#egjj2c*)&Qtj)~S$dC$c-HJO^Sm*%tuFi-Zmz zbcVn+4eq=D+yY2$-A4{G8K2`EW7>8jBA3e624HhJI$zN z#y9E+>T%a2ZIDQ)`Rv%GXE?`o)NpHQmhjDmo>(-idDMrS<8|_Jw2%Aji~?PDirtI% zgHpg(6)!b6{Yg4EYYqY8j=Gxd{I$~~;aZ)_yau(+--77%T2uriHqttO4Jzr8b$2q7 zH1@JCTDq*%c`Y*hu2UxyqvBO(?i|P47c}T3&LsbpFw;>5Ij64kzGayKGV;Mm2=)7x zKVNARih5QSUI&gCy?dqZ@a#@h z@hRJU5Z;!dRyhH~syU}a)_0!dv0!jz?DK4nw1t1yi zl5TVDj@&O1W+Cb33nPox4%V^%a{D`Bf@Ab_RFX6kxpHrp8G@0%w<#4mH*fQlgs5}r z@Xka#Dz@xci73#>CO_tfr_TjnjcTLV#c8{?_sfiT#{@ORaYtf-j(Cr()%n?zq;%DS zdP=K)o2ojkq49G+e(4<3QhOdT`7v4{=9iK}zFoOXgMJ9M5FrB$DokfzAEZ@&?9xlY zrifvP_01iBY2NlQEHL5P4yC1buyWM@p1adR{9K240yfljDHt{pWlDC<4?UADUc7h& zaGhP>Sv#&cjXa-?e1UMcM#GYQ6`cF-Vn1)wukACq5Z53APrBc!_r1_P1{w{f+A6AZ zZoAD7i0m!8OU(B^?)}Sltvh2@9I=xd%YLt+(9DXEWa20!Q;jb68d0*V51Z5^RhIXD z2z^EWXY-|3N@WCHz9`QxE_c75@}aTnRej@F89kwWR)(Y!N^(EEsGldi(9R90kZnUtx`g+@l5XL)2!66zrY2>_4J{mAgIhI7&OCHtF>)L#b9b*BK-v& z`rG&d5R#mN6c1LM`$||X%vwPI z>Zj1NxilB}5ou)(KShx`C5WQBY`$T&%2xQZLL+9`+!E=-P#}iZa$hJ!zDalDm{TL% zK)jp&3W{TyLJlQ9$C+ns{8Kac_@hO?cK-Xkh~+%fNfg)K+=y8Sgz;6=xu7C&95FSC z*N$hMl>?t_OmZFwf$01H4S|FiSvJ0QMDcfrtl1R1_P~xLUGxFR^-6dE8SWY>(N^#^ zZTZY~amM^#R&uXo>i47X%P>`uh>sERusD%PAB5FZW&o~R_7(Yy@SP9*WVJ%X0xw40 zBQ7qs4bI4~a}SV#aI{L-VXyD4kvH81qAIxHPIzPPDOqmXub?2V+Ez!4a|~KWFl-$H z;d^Pcw9fN!PZZgHrB-o{V()VpD!|n?Lg%DHiUwR2QiSIv5wdg))w(`+5fCjQ`H-Z) zg@1L!KB(fh`h}_D%8hCyICY7&&ofN@5F%T9(Ebgr&Sn7pOBGXhxBmEfjHco@^zWTj zdpMI+&ekV<$nAk%+dV?ktl<2G25$Cm9_@HjC--YwBWn9HGpl+*^9q{wVGv$$MNOUe z@?|;{F9nva{4L@Mz@uzMh_gG;U6qkNOVy^WTm0_QdiX1ie+!`N>O4*Pj~$<}ed(gr z_H+r@qXNWfLUoU}bLCf8-%(t5RC3d@;-3l-AX1_!mvnpY!reZOz>3YJ=>nUWaKH;uzTB#>~!eosKEcLXcsW165B~{N;StVY11GVHt~M{MPENaDTwFkF?r{!WQf+`e1YaBYqaJ zoO8vxbG-iCwLk{Y9{RyjiraUV5z50|ag7GXb04;EhEg&@zWk6v2nQnkz@X%L__ST= z8W6ve@)Z~EkbHRzjVPjb(V1hdmp;Pb*Ntp?xzM&Ca^8)7J&1+qLWvAxkY#s(8_~d_ z&5sWhT{BeCS?+U>k7u8LP7h>miTYVu|IlxbpaszABMHH>R8BgtDx-{97ON#i6I-zE*z6#jUf7^ z45?PGF5G~(mPzCEGdq~>{*6#)Ll3%;9#%e;IOdDg{reXCI?aWn$`WOb0jN)g6H({m ztrCxaZ}lSqwWKWAMd)7#|0p8OTjygjuFc2SA&J ztRw-p$R6~T+xjJiVLRfiJau}nebxUG4;BJiLiApzWS~g-^V-b1&d4zX5h5d1`kjT^ zJZomJ>qiH!eGBdc&Vny9&7b0j@+H!V7SY=#5~+W79yBK(MofC?7#E2)SEGT!n``y zHGxhlS&_w{la@s#Ht?7PxJc));MB6*2y~H6fgOkkFm5|AZ42)lL~vRW#vbT!lO;w( z3jL_&&H^;%wFuLDXH_`($xMAvsyX$iKkKfAhd_M8oZXEtrT#)--P@Lo-N>^=tDlgr z$0~ypu1*ql|ME#&ASP))Iw7{VdBehYn;JA<8(Nf6IdBCIplIO8;)bORVQHmSwaxM* z!Qyn(?qoPzGgs%FedUT*8!uZrQ?lKfWSssLhVR7sMy~mz?X!OLLQ+AOfU`wXzU_`} z((s+!?Ugsee$+^7(>`so<0MBWEn|iwu5h~9snK>=H`09J2zUB>ZG9wJ@J#Hr3aZ4B zFHU|lu=T*0hz`l-*5hFOaUr}ihi?)@;HzEc0?Q=Q@}q|sVhR3(1ZNb(*BU9)bfl_H zaTG6z3|}AQ-pvR!DL`K51(0lmV2kpOEteFl-nh#K{ZAjy5FS(v?ouWH;%V6YALCp> z!Ah0oe-H~TBjhE)P&{{#!bKg*nBtghLDvAa7tWN1?vT6|b9liyc5_X?BR{hpxvq$& zbOk?gDXuAkSuR=7y@c>c%BSWBb=!4CaO3|ysQbSMZ|}#?70>?P3uqz*>i>O@`_b{X z_&Q@d^5_3P+dXkVmfuGIhavr-t_Xc%wd!y4{tGj5{b)24& z3wbh}yeJBeTzf0IEU>@(_URj=t7%>z14*gR5T%bh zw<&&i+~!q!Y8iKzlRTR@6iK01L&Dsq5rP+Hl?`fiTeTnTya+s?B5A{ z;xG-`bx9)Qzs^T)08^}jv(bJP#It#sAJmcPZfru6d_By!6SNktjTBo>Z+2*>PJYhmU3vg3aYE$iP&0&iR2AwN3X zhZI~MiuXbSxJqh3ag8Epl6g5J*s}2gsyuMyAURGp^D|{10$h%2|0DVY6jVFSBG;ku zZ{$V8oUkMx63N$&!$etxA~!Psj^t8K@oeI7L6|ZG&@ND?&U>zJ^SdB_x_9SF+^g@7 z5K-o2N~NHl6{?v&A`@AJ+h#KIB8q|T{>~Vyyt)z5atN(!itTc5&Wcm3?oTiQp?8D9 zTMzHYav~n@vg*MvZHKuIg_+WGINI!zz81WgJ2L0|r&fNb|an45k z^2Iq#_ib`6#Jp~(&_R4bm)dBc4*MOj`NK7*kf(viI_>+>7Qd7nr<&wbBhD71H~1?r z$(AYiVjV)+ZbpQ?=AOUTCL3o7d3#1Z5)Ld}c2vss7aCP7@JpY8M#;J$;|(waDR0t* zhn})<^>zpb-UWY0a1XuKF?7vn!xUl>iJ`7~Z8S*yjh|wyaDK2wgc;NwAV}gsAALrB zer2FQl<=1P7uuQxy#w#DZ&ymFlR7~1Opi_-iOsvt4pvFDgdMs*R_Sb}mpaC9U3S4- z3exYAeEEYg>%>NZHr}Qb4R)u`7xl5`tfn+JP@Dk+C6*$RNnsA#ZhB13^d=iER`LTx z+ANOfwqWhhPk(dmF+!I9+MIu8i>ay!IN>3FK3da!A-KwXOdI?rR-cZ9=or~Xoao$u zBk5CR0A&#EVO2)9G0-K?8eQ1&z38xNnoF^V2jbU<#V_0q&c9(YM4jth(DIK4yh2kq zw``WRQ?Q!(C&@@gf@hG{I%cMO2(Ie)FDjZFu-dLcKT+aHBPgP5+vXp#Zhn!iCZ`MV z(aHxg?pGA{#4_ixFN(vguhV2{cMJI0>(_)+J++qv>J9TO&qUSF zOnUz8`z|2qSyr%r&+G`3VG3yYB_@Tijcx<#qQm<$zl{noMx1Eh7%BZT-Ii_Jz79iM zO1Ugnzta!&Xa%=$tptA+_2{gxY2WjvttR<>I42LX|!;p-s*U(L` zpw1leI*7whrN!ghJRiNnbAh1wTc?MIjukrIVrp@yH>0B_ z@bXH$Om+tiJ38cD9bR}m<55i+#5TbNf6ft%Gy804y7Oyze$NK~nDWj$tKYMTx!`s7 zgrq8CAe5Z}Q>Cnol#yA`Bj;y2eI9|j^yjkq$phc_NO3kZ*=5jI2BwYKv5lUu(XLIL zTJ%^H4=UJQG(?#8Dwrp-6B~SLyoWs5D`qk|-vYfjd80P(j7CzEo%C8UTK%XizpT2x zr|zgB;!Cnw$tJhxSV`gcFwLyq641sQ<%!||p7HNn-Tp}zUzmzn^^H-bzQVFSpi<0SMJ8#`1flF0XLI3T4lu{dx$V!9GfHC{pY;i^(jw~-Ru zI)EUik96vR0IEQ`abXtsz||~#;_lzX!^koH2sV|&!cbQvpptL~+4z8=ucrcV7c zV3JvnI57>qwmLgliZGcV%VM?+dp^OqCXAEu%`0X5`h96|f~LSnb}U$KH8DneGHtL6pzuyW6iY7(7_o+u3reQh+DzI0NMDSXG{jXHN5 ztAp3It!?xA`&+E&YxBQ#yc3!||NC669Sck#EZW8QqwFyKRW>3ueY#|KxTwt(e!V z(^D%*DdLh5Gg=F%XV9DD4{ttN^P~i4$1wa(5j5-gaVCgyE)Y! zagX+Ip7FW`6NW!Z)&>;K|6)ywRBRLYINRGMDe3iyY+b`sYKZK2w-ZJF+EY^^^hs0$ zb1P!k6%w7)bt`6Z;g7VLv3D|&n!kSPzrtjF`JS!Ti(>cyt7wz~_JJu%Suk(0qi%6J zs=n;#2ZB)xP>%buxYD5X6|C2l?&_zyuANlnOpR7{<#Rh$DxcL0%y$_tGr23w^cKg; zM$NwmC2@X>Dk*th4uM>iC>znf7r^KHRe^@&vu+ng>FiixwCgu%QcD8@h-~+FO63sDQb`q_ z4wHV8AUO%wK$1F`B{S%j!3>Yi>$z6FnZX}HgCQ5~ithH0B0QWWQI%e(uOkj)z`Kq( zIuWu^;fU~w7in<(VM!#%W|Nz~hV~-(^EVN5hX=|!vX>;NKx35#cl$QjYQ@4%hZN_!tMZdaHI%rs)CR%OB#H8~jh5QVB+W{cIjB+3mBV zlhnLzy4w9R$(z=Jo6fzG>@>g6M^p*Mf&J zTVr4e&OPEG#Zrkf7uMu+F@3EBN;|s4?uF)Jk3NLPIhgJ?-gsCP72_89l0it|g7AY)D1y1oc^_Dt$+Xy9h z50a8HChk4C<)H&j+!lAgJr9%Dvh{2-_e^=&14QlJWaN`yuU1ML!XBqIz49Z<%b@U6 zS5GP%-)0tP3OAMaD_+_(|2wg26lwQ%K znBV5xo%Ac%eN_29L&qLJb~@}LoY(eg>^AIgnFQorzo5doctRBX36ewy-3TE&0c>Fn%wR&&<66zaz(Yi%*m0b2PmOi}n)})m0 zAC&3NEaHcGfnz=|-ZetaDiHi0(55lg!=I_7&&Yb(PJ-*gbU%tJFU@gr`k^1k`9ZA# zBxgM`y0P^L(t%zq+d=*1I5X+XvpRdv!|VwTQiNhKuF!i->pq`F3__chBS2$2MXO^1 z7>IW4z#Dlf)0LCgR+6I@_=3`{3W_i?8}|c2urps&p&M9J<~cUKo3Uto=BOtYb{LXJ z&D0wDINN;iN>!G&CG-z}H)+D9L2NCd+D-(XMsT7o{#)|np{A;JO5Sv1kKKFiHHQBW z)Icl0t8>=KUzE~*Y7wVFbI`XO5BOSg3RG%#x~ssE_l;{B2ERs53M(VN3Sy#ZrVp^F zhnox|9-u4%MB^3XCT01C?3e~L%MAq|!Eq7G4_xsmRSqQ#?cOR*J0 zHX!yd%x-h;&poP5G2C~&t0{^KQmNsV?pqsk}_3T}lr!jn-%6ejol*q}giOrfmr8^&52+{TE_;Oe7C8 z209=RCJ`)1+3AFAE@RsrR9%jZksvOM&D_C|dQ8=A`Hf2;d|mxwp#YgAKoUu7B7iX zdQNK7;zYjj^@jkGQdox{y-F32bo8RIlI$wM_#m2)4tK$YH>d3gKuyS4J<)_ouobUB zMxxbuZdH*_R9hx6BKlfO%FwVq1i(R zkVh5LgX$D9x4Pu`kznA8h;+5eFU&JEdnJP1L@*w3%PCju5)BTf04ubpfFhNCC4?>Q z1m5|Z=3r`08mVpiK}AZ5)Xxc1LxLg% zipxOY%fwLM!zqMud%G{37p2gmNwT%Fv=3+; zv_MS9>>P-jCdm(_CL}O5V(F`wNO3{!P z0HU}p#0gGsHmv|Ea00P=NUmxIDYGyUFd1tD2#AThhv$;PQx#SkQFPVQPD=(3DwRMB zSx}&ZMM{G-ZzNSXGz!ox3i({U008$u+JpciBau1(0Q1!`EMheM6cZ_odAo|3%G=!H z1x3WQ!G2?lfGdNFgpDjp{z%L)r?fV&{_g@ZNeXvW8%$x`K_^;AdX;CZT|pq zGLG)o`7tv=z(MI-`ITkcXvgd-I;_%9v*iaRMsNnwqvfv?&;`ibE%^KbZ@ctwM~~(N__{ zbzH||x$Kh3;;wfE5LW~SIA`AwUNiWANlsV@qhyBYEabQ{bYa7kb5}XO2uzJ7G!v5@ zC=#*}9H1;Bry`+zUCTG*hr46HbE8O+N|6GgfQbbL*4$IqUqtZ6k3&ljN)uXWphcIIT|s9eywD{V4F$AX zgmM6EA-EVXcoo*b4Hm2dp&M-yPGefjWhw}=mgG>I3#GTr0Fa(KOCZq{EZ*QqUc=3S zCSzrVN^{kNw1ZhvmR&L?*8x9N&2L0c*EIXFDEy%p{N5Md;!f3q`j?hiz&Nxu z4NgcS>Xj7Gi_wFq;TV1=;6@jRu0?R`z}T^6U~ls_#drA@Cd6UHKJplc1S83%0~4?V z;6C!RDhv_g{{U(n1C>GSPs{*m1Rp>L+Ff)nt=3s~Yeb{0f;~9iA@It7GIxpOco|PY zypqPia~fG;#nd8nn===VHA(xiq}j>hl1W*cWt@Uy*3{$h%LrA$b~Y=5hXLP5C~2Wa z%GKz0%AruHX|y0d#27i|W1eEvqOF@1b%<>utp*@7a_xt@55M?-NmV96$(T%(!kIS} z_@oB`wG07Js4b{~=wM)Dx`xJq%&Gz@bzqV4Us|SWa289tY60e1Y$e6Pb0eE5pmBy7 zKg?MMgoMQZ0DsPqJ9I8cSOfl3chph?Fwnwg20Rf(g0vV+yG{}ut$Bc@n0W(X{{Z1w zdBK=fv?j1tHiU$9g}`Bun+J5z?W8||tIC(}5hQCzIat7C%LSq&#C6L6AdzcI*g2 zr!y;F`@9mCLY7cJP*o^d*jO3_CLqij@L-6fVQ*(l>F5KCX!HL7=bM=$0;EbHti^X* zmbg4e!|Bu+<~zakMs{;xwKv7oRTU#G_Rx3M6=4cqYtcZc_MDWe{#N&JCkKgVmGeyiiuhA;!WF~(~m+B z7du%C^UO(Jf)=^(-hA;Ap`y?n;;zkJEb|r^IhmcS@m~E#8!8;(of^rUd&JaJH#i?S zy?Vs=R-nL@O7z1R?eGf2n1aWvoF>Jl8c`kWG+OCd=1uIPMc{=zleMnW))c zAg+G#YZltnbVjjGPTYo--5@%VEvao~Ye;VQ#34 zn{{td&=Ii#^ZUl&)T`)F);GB2ObLD6@!}X$wu9J9GJennB9K~Ys@HeS0L>bDbxVM7 zqM&@$LPf?ztIlB|A2EBcL`qP65K5Q5xPv+6RdIk{c835PV757kMvb>{p+p|oe$d-3 z%ug(REce*uhDc&P%LWQqn*Dzd>3D*^#fmPbQ8=&v05`aa<%WXX(1E~z`G9DgT>5|p zuA0rC{^M-a!VHjEzi8?XAf{~+8Dj=Yj^&S-GMdQ&*!Y&rU8o;?ppvn`R33&P218Mh zE#jl@P&V}&K?Ix1JQYv8T&_r$uNy+kM=H|#T*~kxS$V6*ygnr! z<%u@CHZ^bi94peY4b>M$MzuG6F4N@Xb<0N(TdQ%GvoQf00>nu}MdthC4 zwM)Cjb=4jrxIKt%wGTX0u*Cqp!AbJE5F)G_H|ZV-77JF2 z_Z(Cxq7H>>jb@bjlmnU|VYFDDVN4v(14HP+v36a-h*f!(nzG8XzU2VBoaV_$;smbX zUp93(xz?@zAO2D=>6w0J6E|ClsFty|VpC8=&Y-PKu5kpQr@`3cg((A?d5-$e!bAC- zk)n^d{7v^9^>t8BlEsznE%}HB>@I`4<~*?>2;N)IR(nKrDG<`Qsg2p5vk8M70I&iD z=bCQ(M!*mhqn(=X7TWO<1yN)i;BdyX%&lQ0X2Or(glcF_-Spy9#z4Vm5;}Flin+0(uTIQ^mCFlP=P%8 z!c%W>hwGk9eS z*x{wqX15Z_(h#KrE}gg3)xNf-O0;doULI}$6=@A9$q;j8z3Kv41_w|!xZElMG76KC%ha8(vru6k9;r*4aTVKiuKS%x|BlZ%x;6jolO7&%K{j^isu9f zOb>!|$FZ1=0J#F`D`%XKXx)C%mb<@G<9yB3h(Sei{I@SfuXY*%%by5}+z9sqSZch* zK_Vkj&OpD2f&pAC#8pVN%#!BGNjh}zQGib(Ek9Uzu}j_L_(fV%tM=&l`BqS`Lsa~G~Nfj zp3=#N*wLT>((Jp{!WbF@#c_p>71y*?C0%$5f!`U6b)KhXnejmC<2wEpc)u* z>k{y+128*7kwq1l;5bUq%ailP*O^1ahaMOP8It+TaV%+~z}I_^d5dl~7Z<$suPT~q zzO9=f##uMCLtTa8xC+>IU+#WI~s#a?29!KpHot3@=Jn>oElim$8ZCiBN>G1I_%c^{?9{r`Yq8EW;>j8te zdxlml7ZesyZJde(8Hm-};hrzVpz{g`41*^1tjzJ4Gz?d#l+-LCbWu+(^8jmF!4)pX z^~QBIN@EPkuEuiWQ)r@rbBDL=;wc6iCROk44Ac`1couA~Ukpi#;0cXiO7XY?XcFEz zKXeN{Y`J-MxZ(j?intb)$TPAn6fzqX#;%sr4vfsmk%9dn;e4kaKGUTcY zRV&SG4Aq!EYu2CQ0X9I(*n>b#l=D>l%bG5tzn{D~jsX7vlrCV|t9;*>X~P+E=q76= zzMVre8J;gRY@Ge2=rKhsZ&c&=f-`-@6x|=w3AVPD$7jdZ5Qv1Q7kTF-r^zt~LW_m? z2YzKu&9la^m#7{fL=gpRr|gOiIu70_Tot{;5CO*l+vCi*=nPE;f3BDt2ssn}nCe#| zw^m)}$$34YLFv82d{pfyD@Dj=_0AHLW|Uc@9z